diff --git a/.codespellexcludelines b/.codespellexcludelines
new file mode 100644
index 000000000..f55aca32c
--- /dev/null
+++ b/.codespellexcludelines
@@ -0,0 +1,18 @@
+###############################################################################
+# In this file, you should add the line of the file that needs to be ignored.
+# The line should be exactly as it appears in the file.
+###############################################################################
+        0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
+        0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
+        0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
+rsource "Kconfig.tls-generic"
+        /* Loop over authenticated associated data AD1..ADn */
+  /* no easy answer [c'est la vie].  Just division */
+    const uint8_t* hashIn, int hashSz)
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
+\pagenumbering{alph}
+    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
+/* functions added to support above needed, removed TOOM and KARATSUBA */
diff --git a/.cyignore b/.cyignore
new file mode 100644
index 000000000..4fd959868
--- /dev/null
+++ b/.cyignore
@@ -0,0 +1,40 @@
+# wolfSSL folders
+$(SEARCH_wolfssl)/IDE
+$(SEARCH_wolfssl)/examples
+$(SEARCH_wolfssl)/linuxkm
+$(SEARCH_wolfssl)/mcapi
+$(SEARCH_wolfssl)/mplabx
+$(SEARCH_wolfssl)/mqx
+$(SEARCH_wolfssl)/tirtos
+$(SEARCH_wolfssl)/tests
+$(SEARCH_wolfssl)/testsuite
+$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
+$(SEARCH_wolfssl)/zephyr
+
+# wolfSSL files
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
+
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
index e4199b970..51384aad5 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -6,8 +6,10 @@ body:
   - type: markdown
     attributes:
       value: >
-        Thanks for reporting an bug. If you would prefer a private method,
-        please email support@wolfssl.com
+        Thanks for reporting a bug. If you would prefer a private method,
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: contact
     attributes:
diff --git a/.github/ISSUE_TEMPLATE/other.yaml b/.github/ISSUE_TEMPLATE/other.yaml
index 33d2d29e7..a10a56bd9 100644
--- a/.github/ISSUE_TEMPLATE/other.yaml
+++ b/.github/ISSUE_TEMPLATE/other.yaml
@@ -6,7 +6,9 @@ body:
     attributes:
       value: >
         Thanks for reporting an issue. If you would prefer a private method,
-        please email support@wolfssl.com
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: version
     attributes:
diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml
index 84eb4c588..07a2b5088 100644
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -1,7 +1,16 @@
 name: Async Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   make_check:
@@ -14,11 +23,12 @@ jobs:
           '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
         ]
     name: make check
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         name: Checkout wolfSSL
 
       - name: Test wolfSSL async
@@ -27,7 +37,7 @@ jobs:
           ./configure ${{ matrix.config }}
           make check
 
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f test-suite.log ] ; then
diff --git a/.github/workflows/bind.yml b/.github/workflows/bind.yml
new file mode 100644
index 000000000..493db2b47
--- /dev/null
+++ b/.github/workflows/bind.yml
@@ -0,0 +1,93 @@
+name: bind9 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-bind
+          path: build-dir.tgz
+          retention-days: 5
+
+  bind_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 9.18.0, 9.18.28 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-bind
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout bind9
+        uses: actions/checkout@v4
+        with:
+          repository: isc-projects/bind9
+          path: bind
+          ref: v${{ matrix.ref }}
+
+      - name: Build and test bind9
+        working-directory: bind
+        run: |
+          export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
+          patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-wolfssl
+          sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
+          make -j V=1
+          make -j V=1 check
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
new file mode 100644
index 000000000..155373d68
--- /dev/null
+++ b/.github/workflows/cmake.yml
@@ -0,0 +1,108 @@
+name: WolfSSL CMake Build Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+# pull wolfSSL
+    - uses: actions/checkout@master
+
+# install cmake
+    - name: Install cmake
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y cmake
+
+# pull wolfssl
+    - name: Checkout wolfssl
+      uses: actions/checkout@master
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+# build wolfssl
+    - name: Build wolfssl
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
+            -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
+            -DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
+            -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
+            -DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
+            -DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
+            -DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
+            -DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
+            -DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
+            -DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
+            -DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
+            -DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
+            -DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
+            -DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
+            -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
+            -DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
+            -DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
+            -DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
+            -DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
+            -DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
+            -DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
+            -DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
+            -DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
+            -DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
+            -DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
+            -DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
+            -DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
+            -DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
+            -DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
+            -DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
+            -DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
+            -DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
+            -DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
+            -DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
+            -DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
+            -DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
+            -DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
+            -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
+            -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
+            -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
+            -DWOLFSSL_X963KDF:BOOL=yes \
+            -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
+            ..
+        cmake --build .
+        ctest -j $(nproc)
+        cmake --install .
+
+        # clean up
+        cd ..
+        rm -rf build
+
+        # Kyber Cmake broken
+        # -DWOLFSSL_KYBER:BOOL=yes
+
+# build "lean-tls" wolfssl
+    - name: Build wolfssl with lean-tls
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_LEAN_TLS:BOOL=yes \
+            ..
+        cmake --build .
+        cmake --install .
+
+        # clean up
+        cd ..
+        rm -rf build
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
new file mode 100644
index 000000000..a0b605ae3
--- /dev/null
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,30 @@
+name: Codespell test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  codespell:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: codespell-project/actions-codespell@v2.1
+      with:
+        check_filenames: true
+        check_hidden: true
+          # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
+        ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
+          # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
+        exclude_file: '.codespellexcludelines'
+          # To skip files entirely from being processed, add it to the following list:
+        skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'
diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml
new file mode 100644
index 000000000..9a70e080b
--- /dev/null
+++ b/.github/workflows/coverity-scan-fixes.yml
@@ -0,0 +1,53 @@
+name: Coverity Scan master branch
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1-5'
+    - cron: '0 0 * * 0'
+    - cron: '0 12 * * 0'
+
+jobs:
+  coverity:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: master
+
+    - name: Configure wolfSSL with enable-all M-F
+      if: github.event.schedule == '0 0 * * 1-5'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all
+
+    - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
+      if: github.event.schedule == '0 0 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all --enable-smallstack
+
+    - name: Configure wolfSSL with bigendian Sun at 12:00
+      if: github.event.schedule == '0 12 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
+
+    - name: Check secrets
+      env:
+        token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
+      run: |
+        token_len=${#token_var}
+        echo "$token_len"
+        email_len=${#email_var}
+        echo "$email_len"
+
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        build_language: 'cxx'
+        project: "wolfSSL/wolfssl"
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        command: "make"
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index fe6350e77..19d3dcd49 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -1,12 +1,22 @@
 name: curl Test
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -17,16 +27,20 @@ jobs:
           configure: --enable-curl
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-curl
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   test_curl:
     name: ${{ matrix.curl_ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 15
     needs: build_wolfssl
@@ -38,14 +52,15 @@ jobs:
     - name: Install test dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install nghttp2
-        sudo pip install impacket
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
 
     - name: Download lib
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: wolf-install-curl
-        path: build-dir
+
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
 
     - name: Build curl
       uses: wolfSSL/actions-build-autotools-project@v1
@@ -58,4 +73,4 @@ jobs:
 
     - name: Test curl
       working-directory: curl
-      run: make -j test-ci
+      run: make -j $(nproc) test-ci
diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml
new file mode 100644
index 000000000..910c87122
--- /dev/null
+++ b/.github/workflows/cyrus-sasl.yml
@@ -0,0 +1,105 @@
+name: cyrus-sasl Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sasl
+          path: build-dir.tgz
+          retention-days: 5
+
+  sasl_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.1.28 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
+            libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sasl
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout sasl
+        uses: actions/checkout@v4
+        with:
+          repository: cyrusimap/cyrus-sasl
+          ref: cyrus-sasl-${{ matrix.ref }}
+          path: sasl
+
+      - name: Build cyrus-sasl
+        working-directory: sasl
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared
+          # Need to run 'make' twice with '--disable-shared' for some reason
+          make -j || make -j
+
+      - name: Run testsuite
+        working-directory: sasl
+        run: |
+          make -j -C utils testsuite saslpasswd2
+          # Retry up to five times
+          for i in {1..5}; do
+             TEST_RES=0
+             $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
+             if [ "$TEST_RES" -eq "0" ]; then
+                break
+             fi
+          done
diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml
new file mode 100644
index 000000000..0a92dac0c
--- /dev/null
+++ b/.github/workflows/disabled/haproxy.yml
@@ -0,0 +1,60 @@
+name: HaProxy Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  haproxy_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of refs to test
+        ref: [ master ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-quic --enable-haproxy
+          install: true
+
+      - name: Checkout VTest
+        uses: actions/checkout@v4
+        with:
+          repository: vtest/VTest
+          path: VTest
+
+      - name: Build VTest
+        working-directory: VTest
+        # Special flags due to: https://github.com/vtest/VTest/issues/12
+        run: make FLAGS='-O2 -s -Wall'
+
+      - name: Checkout HaProxy
+        uses: actions/checkout@v4
+        with:
+          repository: haproxy/haproxy
+          path: haproxy
+          ref: ${{ matrix.ref }}
+
+      - name: Build HaProxy
+        working-directory: haproxy
+        run: >-
+          make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
+          USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
+          SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+
+      - name: Test HaProxy
+        working-directory: haproxy
+        run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest
diff --git a/.github/workflows/hitch.yml b/.github/workflows/disabled/hitch.yml
similarity index 79%
rename from .github/workflows/hitch.yml
rename to .github/workflows/disabled/hitch.yml
index a7f745dbf..5f0b58986 100644
--- a/.github/workflows/hitch.yml
+++ b/.github/workflows/disabled/hitch.yml
@@ -1,11 +1,21 @@
 name: hitch Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -18,12 +28,15 @@ jobs:
           configure: --enable-hitch
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-hitch
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   hitch_check:
     strategy:
@@ -35,19 +48,22 @@ jobs:
             ignore-tests: >-
               test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-hitch
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -59,7 +75,7 @@ jobs:
             sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
 
       - name: Checkout hitch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: varnish/hitch
           ref: 1.7.3
@@ -91,4 +107,4 @@ jobs:
         working-directory: ./hitch
         run: |
           export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
-          make check
\ No newline at end of file
+          make check
diff --git a/.github/workflows/hostap.yml b/.github/workflows/disabled/hostap.yml
similarity index 91%
rename from .github/workflows/hostap.yml
rename to .github/workflows/disabled/hostap.yml
index 84ea1009e..46c413195 100644
--- a/.github/workflows/hostap.yml
+++ b/.github/workflows/disabled/hostap.yml
@@ -1,7 +1,16 @@
 name: hostap and wpa-supplicant Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
@@ -13,6 +22,7 @@ jobs:
           - build_id: hostap-build2
             wolf_extra_config: --enable-brainpool --enable-wpas-dpp
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-20.04
     # This should be a safe limit for the tests to run.
@@ -40,11 +50,11 @@ jobs:
           install: true
 
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.build_id }}
           path: build-dir
-          retention-days: 1
+          retention-days: 5
 
   # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
   hostap_test:
@@ -62,7 +72,7 @@ jobs:
         config: [
           {
             hostap_ref: hostap_2_10,
-            hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
             remove_teap: true,
             # TLS 1.3 does not work for this version
             build_id: hostap-build1,
@@ -70,7 +80,7 @@ jobs:
           # Test the dpp patch
           {
             hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
-            hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
+            hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
             osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
             build_id: hostap-build2
           },
@@ -90,6 +100,7 @@ jobs:
               build_id: hostap-build2
             }
     name: hwsim test
+    if: github.repository_owner == 'wolfssl'
     # For openssl 1.1
     runs-on: ubuntu-20.04
     # This should be a safe limit for the tests to run.
@@ -113,7 +124,7 @@ jobs:
           echo Our job run ID is $SHA_SUM
 
       - name: Checkout wolfSSL
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: wolfssl
 
@@ -140,7 +151,7 @@ jobs:
           echo "hostap_debug_flags=-d" >> $GITHUB_ENV
 
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: ${{ matrix.config.build_id }}
           path: build-dir
@@ -170,9 +181,9 @@ jobs:
           sudo rmmod mac80211_hwsim
 
       - name: Checkout hostap
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
-          repository: julek-wolfssl/hostap-mirror 
+          repository: julek-wolfssl/hostap-mirror
           path: hostap
           ref: ${{ matrix.config.hostap_ref }}
           # necessary for cherry pick step
@@ -185,7 +196,7 @@ jobs:
 
       - if: ${{ matrix.config.osp_ref }}
         name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -201,7 +212,7 @@ jobs:
           done
 
       - if: ${{ matrix.hostapd }}
-        name: Setup hostapd config file 
+        name: Setup hostapd config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
              hostap/hostapd/.config
@@ -211,7 +222,7 @@ jobs:
           EOF
 
       - if: ${{ matrix.wpa_supplicant }}
-        name: Setup wpa_supplicant config file 
+        name: Setup wpa_supplicant config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
              hostap/wpa_supplicant/.config
@@ -275,7 +286,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && steps.testing.outcome == 'failure' }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: hostap-logs-${{ env.our_job_run_id }}
           path: hostap/tests/hwsim/logs.zip
diff --git a/.github/workflows/disabled/msys2.yml b/.github/workflows/disabled/msys2.yml
new file mode 100644
index 000000000..0641a3104
--- /dev/null
+++ b/.github/workflows/disabled/msys2.yml
@@ -0,0 +1,41 @@
+name: MSYS2 Build Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  msys2:
+    runs-on: windows-latest
+    defaults:
+      run:
+        shell: msys2 {0}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - { sys: ucrt64,  compiler: mingw-w64-ucrt-x86_64-gcc }
+          - { sys: mingw64, compiler: mingw-w64-x86_64-gcc }
+          - { sys: msys, compiler: gcc }
+    steps:
+      - uses: actions/checkout@v3
+      - uses: msys2/setup-msys2@v2
+        with:
+          msystem: ${{ matrix.sys }}
+          update: true
+          install: git ${{matrix.compiler}} autotools base-devel autoconf netcat
+      - name: configure wolfSSL
+        run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
+      - name: build wolfSSL
+        run: make check
+      - name: Display log
+        if: always()
+        run: cat test-suite.log
diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml
index 9b9b9be20..dda8e9c34 100644
--- a/.github/workflows/docker-Espressif.yml
+++ b/.github/workflows/docker-Espressif.yml
@@ -1,34 +1,46 @@
 name: Espressif examples tests
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   espressif_latest:
     name: latest Docker container
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 12
     container:
       image: espressif/idf:latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
-        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v4_4:
     name: v4.4 Docker container
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     container:
       image: espressif/idf:release-v4.4
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
-        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v5_0:
     name: v5.0 Docker container
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     container:
       image: espressif/idf:release-v5.0
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
-        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml
index aa8278950..05890ffae 100644
--- a/.github/workflows/docker-OpenWrt.yml
+++ b/.github/workflows/docker-OpenWrt.yml
@@ -2,13 +2,23 @@
 # there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
 name: OpenWrt test
 
+# START OF COMMON SECTION
 on:
-    workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
     build_library:
         name: Compile libwolfssl.so
-        runs-on: ubuntu-latest
+        if: github.repository_owner == 'wolfssl'
+        runs-on: ubuntu-22.04
         # This should be a safe limit for the tests to run.
         timeout-minutes: 4
         container:
@@ -16,34 +26,41 @@ jobs:
         steps:
             - name: Install required tools
               run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Compile libwolfssl.so
               run: ./autogen.sh && ./configure --enable-all && make
+              # 2024-08-05 - Something broke in the actions. They are no longer following links.
+            - name: tar libwolfssl.so
+              working-directory: src/.libs
+              run: tar -zcf libwolfssl.tgz libwolfssl.so*
             - name: Upload libwolfssl.so
-              uses: actions/upload-artifact@v3
+              uses: actions/upload-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
-                path: src/.libs/libwolfssl.so
-                retention-days: 1
+                path: src/.libs/libwolfssl.tgz
+                retention-days: 5
     compile_container:
         name: Compile container
-        runs-on: ubuntu-latest
+        if: github.repository_owner == 'wolfssl'
+        runs-on: ubuntu-22.04
         # This should be a safe limit for the tests to run.
         timeout-minutes: 2
         needs: build_library
         strategy:
             fail-fast: false
             matrix:
-                release: [ "22.03-SNAPSHOT", "21.02-SNAPSHOT" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
+                release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
         steps:
-            - uses: actions/checkout@v3
-            - uses: docker/setup-buildx-action@v2
-            - uses: actions/download-artifact@v3
+            - uses: actions/checkout@v4
+            - uses: docker/setup-buildx-action@v3
+            - uses: actions/download-artifact@v4
               with:
                 name: openwrt-libwolfssl.so
-                path: Docker/OpenWrt/.
+                path: .
+            - name: untar libwolfssl.so
+              run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
             - name: Build but dont push
-              uses: docker/build-push-action@v3
+              uses: docker/build-push-action@v5
               with:
                   context: Docker/OpenWrt
                   platforms: linux/amd64
diff --git a/.github/workflows/gencertbuf.yml b/.github/workflows/gencertbuf.yml
new file mode 100644
index 000000000..97cd1a531
--- /dev/null
+++ b/.github/workflows/gencertbuf.yml
@@ -0,0 +1,41 @@
+name: Test gencertbuf script
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  gencertbuf:
+    name: gencertbuf
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test generate wolfssl/certs_test.h
+        run: ./gencertbuf.pl
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
new file mode 100644
index 000000000..2804756eb
--- /dev/null
+++ b/.github/workflows/grpc.yml
@@ -0,0 +1,108 @@
+name: grpc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir.tgz
+          retention-days: 5
+
+  grpc_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ref: v1.60.0
+            tests: >-
+              bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
+              crl_ssl_transport_security_test server_ssl_test
+              ssl_transport_security_test ssl_transport_security_utils_test
+              test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
+              h2_ssl_cert_test h2_ssl_session_reuse_test
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Confirm IPv4 and IPv6 support
+        run: |
+          ip addr list lo | grep 'inet '
+          ip addr list lo | grep 'inet6 '
+
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-grpc
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout grpc
+        uses: actions/checkout@v4
+        with:
+          repository: grpc/grpc
+          path: grpc
+          ref: ${{ matrix.ref }}
+
+      - name: Build grpc
+        working-directory: ./grpc
+        run: |
+          patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
+          git submodule update --init
+          mkdir cmake/build
+          cd cmake/build
+          cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+            -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
+          make -j $(nproc) ${{ matrix.tests }}
+
+      - name: Run grpc tests
+        working-directory: ./grpc
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ./tools/run_tests/start_port_server.py
+          for t in ${{ matrix.tests }} ; do
+            ./cmake/build/$t
+          done
diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml
index 54a52b8cf..fa1ac5bef 100644
--- a/.github/workflows/haproxy.yml
+++ b/.github/workflows/haproxy.yml
@@ -1,51 +1,91 @@
-name: HaProxy Tests
+name: haproxy Test
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
-  haproxy_check:
-    strategy:
-      fail-fast: false
-      matrix:
-        # List of refs to test
-        ref: [ master ]
-    name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
     steps:
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           path: wolfssl
-          configure: --enable-quic --enable-haproxy
+          configure: --enable-haproxy
           install: true
 
-      - name: Checkout VTest
-        uses: actions/checkout@v3
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
         with:
-          repository: vtest/VTest
-          path: VTest
+          name: wolf-install-haproxy
+          path: build-dir.tgz
+          retention-days: 5
 
-      - name: Build VTest
-        working-directory: VTest
-        # Special flags due to: https://github.com/vtest/VTest/issues/12
-        run: make FLAGS='-O2 -s -Wall'
+  test_haproxy:
+    name: ${{ matrix.haproxy_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 15
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        haproxy_ref: [ 'v3.1.0' ]
+    steps:
+    - name: Install test dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install libpcre2-dev
 
-      - name: Checkout HaProxy
-        uses: actions/checkout@v3
-        with:
-          repository: haproxy/haproxy
-          path: haproxy
-          ref: ${{ matrix.ref }}
+    - name: Download lib
+      uses: actions/download-artifact@v4
+      with:
+        name: wolf-install-haproxy
 
-      - name: Build HaProxy
-        working-directory: haproxy
-        run: >-
-          make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
-          USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
-          SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
 
-      - name: Test HaProxy
-        working-directory: haproxy
-        run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest
- 
+    # check cache for haproxy if not there then download it
+    - name: Check haproxy cache
+      uses: actions/cache@v4
+      id: cache-haproxy
+      with:
+        path: build-dir/haproxy-${{matrix.haproxy_ref}}
+        key: haproxy-${{matrix.haproxy_ref}}
+
+    - name: Download haproxy if needed
+      if: steps.cache-haproxy.outputs.cache-hit != 'true'
+      uses: actions/checkout@v3
+      with:
+        repository: haproxy/haproxy
+        ref: ${{matrix.haproxy_ref}}
+        path: build-dir/haproxy-${{matrix.haproxy_ref}}
+
+    - name: Build haproxy
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
+
+    - name: Build haproxy vtest
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: ./scripts/build-vtest.sh
+
+    - name: Test haproxy
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*
diff --git a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config
new file mode 100644
index 000000000..b76663c8b
--- /dev/null
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config
@@ -0,0 +1,122 @@
+#CC=ccache gcc
+
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_RSN_PREAUTH=y
+
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+
+CONFIG_EAP=y
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_UNAUTH_TLS=y
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+CONFIG_EAP_EKE=y
+CONFIG_PKCS12=y
+CONFIG_RADIUS_SERVER=y
+CONFIG_IPV6=y
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_FULL_DYNAMIC_VLAN=y
+CONFIG_VLAN_NETLINK=y
+CONFIG_LIBNL32=y
+CONFIG_LIBNL3_ROUTE=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_P2P_MANAGER=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_WPA_CLI_EDIT=y
+CONFIG_ACS=y
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_WNM=y
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+CONFIG_SQLITE=y
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CFLAGS += -DCONFIG_RADIUS_TEST
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_h += -fsanitize=undefined
+#LIBS_n += -fsanitize=undefined
+#LIBS_c += -fsanitize=undefined
+CONFIG_MBO=y
+
+CONFIG_TAXONOMY=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
+CONFIG_AIRTIME_POLICY=y
+CONFIG_IEEE80211BE=y
diff --git a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests
new file mode 100644
index 000000000..5ebaee3ba
--- /dev/null
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests
@@ -0,0 +1,1677 @@
+ap_cipher_bip
+ap_cipher_bip_cmac_256
+ap_cipher_bip_cmac_256_req
+ap_cipher_bip_gmac_128
+ap_cipher_bip_gmac_128_req
+ap_cipher_bip_gmac_256
+ap_cipher_bip_gmac_256_req
+ap_cipher_bip_req
+ap_cipher_bip_req_mismatch
+ap_cipher_gcmp
+ap_cipher_gcmp_256_group_ccmp
+ap_cipher_gcmp_256_group_ccmp_256
+ap_cipher_gcmp_256_group_gcmp_256
+ap_cipher_gcmp_ccmp
+ap_cipher_mixed_wpa_wpa2
+ap_cipher_replay_protection_ap_ccmp
+ap_cipher_replay_protection_ap_gcmp
+ap_cipher_replay_protection_ap_tkip
+ap_cipher_replay_protection_sta_bigtk
+ap_cipher_replay_protection_sta_ccmp
+ap_cipher_replay_protection_sta_gtk_ccmp
+ap_cipher_replay_protection_sta_gtk_gcmp
+ap_cipher_replay_protection_sta_gtk_tkip
+ap_cipher_replay_protection_sta_tkip
+ap_cipher_tkip
+ap_cipher_tkip_countermeasures_ap
+ap_cipher_tkip_countermeasures_ap_mixed_mode
+ap_cipher_tkip_countermeasures_sta
+ap_cipher_wpa_sae
+ap_ft_eap
+ap_ft_eap_ap_config_change
+ap_ft_eap_cui
+ap_ft_eap_dis
+ap_ft_eap_dynamic_rxkhs
+ap_ft_eap_over_ds
+ap_ft_eap_ptk_rekey_ap
+ap_ft_eap_sha384
+ap_ft_eap_sha384_over_ds
+ap_ft_eap_sha384_reassoc
+ap_ft_eap_vlan_multi
+ap_ft_extra_ie
+ap_ft_gcmp_256
+ap_ft_gtk_rekey
+ap_ft_internal_rrb_check
+ap_ft_invalid_resp
+ap_ft_local_key_gen
+ap_ft_many
+ap_ft_many_vlan
+ap_ft_mismatching_r0kh_id_pull
+ap_ft_mismatching_r0kh_id_pull_eap
+ap_ft_mismatching_rrb_key_pull
+ap_ft_mismatching_rrb_key_pull_eap
+ap_ft_mismatching_rrb_key_push
+ap_ft_mismatching_rrb_r0kh_pull_eap
+ap_ft_mismatching_rrb_r0kh_push_eap
+ap_ft_mixed
+ap_ft_no_full_ap_client_state
+ap_ft_ocv
+ap_ft_ocv_change
+ap_ft_old_key
+ap_ft_oom
+ap_ft_oom2
+ap_ft_oom3
+ap_ft_oom4
+ap_ft_over_ds
+ap_ft_over_ds_disabled
+ap_ft_over_ds_many
+ap_ft_over_ds_ocv
+ap_ft_over_ds_proto
+ap_ft_over_ds_proto_ap
+ap_ft_over_ds_pull_old_key
+ap_ft_over_ds_separate_hostapd
+ap_ft_over_ds_unexpected
+ap_ft_over_ds_unknown_target
+ap_ft_pmf
+ap_ft_pmf_bip_cmac_128
+ap_ft_pmf_bip_cmac_128_over_ds
+ap_ft_pmf_bip_cmac_256
+ap_ft_pmf_bip_cmac_256_over_ds
+ap_ft_pmf_bip_gmac_128_over_ds
+ap_ft_pmf_bip_gmac_256
+ap_ft_pmf_bip_gmac_256_over_ds
+ap_ft_pmf_bip_over_ds
+ap_ft_pmf_required
+ap_ft_pmf_required_mismatch
+ap_ft_pmf_required_mismatch_over_ds
+ap_ft_pmf_required_over_ds
+ap_ft_pmksa_caching
+ap_ft_pmksa_caching_sha384
+ap_ft_psk_file
+ap_ft_ptk_rekey2
+ap_ft_ptk_rekey_ap
+ap_ft_ptk_rekey_ap2
+ap_ft_r0_key_expiration
+ap_ft_reassoc_local_fail
+ap_ft_reassoc_proto
+ap_ft_sae
+ap_ft_sae_ext_key_19
+ap_ft_sae_ext_key_19_over_ds
+ap_ft_sae_ext_key_20_over_ds
+ap_ft_sae_ext_key_21
+ap_ft_sae_ext_key_21_over_ds
+ap_ft_sae_h2e
+ap_ft_sae_h2e_and_loop
+ap_ft_sae_h2e_rsne_mismatch
+ap_ft_sae_h2e_rsne_mismatch_pmkr1name
+ap_ft_sae_h2e_rsne_override
+ap_ft_sae_h2e_rsnxe_mismatch
+ap_ft_sae_over_ds
+ap_ft_sae_over_ds_ptk_rekey1
+ap_ft_sae_pmksa_caching
+ap_ft_sae_pmksa_caching_h2e_prepend_pmkid
+ap_ft_sae_pmksa_caching_pwe
+ap_ft_sae_ptk_rekey_ap_ext_key_id
+ap_ft_sae_rsnxe_used_mismatch
+ap_ft_sae_rsnxe_used_mismatch2
+ap_ft_sae_skip_prune_assoc
+ap_ft_sae_transition
+ap_missing_psk
+ap_mixed_security
+ap_no_auth_ack
+ap_no_probe_resp
+ap_roam_wpa2_psk_pmf_mismatch
+ap_roam_wpa2_psk_race
+ap_sae_tdls
+ap_vlan_file_open2
+ap_vlan_file_parsing
+ap_vlan_iface_cleanup_multibss_per_sta_vif
+ap_vlan_open
+ap_vlan_sae
+ap_vlan_tagged
+ap_vlan_tagged_wpa2_radius_id_change
+ap_vlan_wpa2_psk_radius_required
+ap_vlan_wpa2_radius
+ap_vlan_wpa2_radius_id_change
+ap_vlan_wpa2_radius_mixed
+ap_vlan_wpa2_radius_required
+ap_wpa2_delayed_group_m1_retransmission
+ap_wpa2_disable_eapol_retry
+ap_wpa2_disable_eapol_retry_group
+ap_wpa2_eap_aka_config
+ap_wpa2_eap_aka_ext
+ap_wpa2_eap_aka_ext_auth_fail
+ap_wpa2_eap_aka_id_0
+ap_wpa2_eap_aka_id_1
+ap_wpa2_eap_aka_id_2
+ap_wpa2_eap_aka_id_3
+ap_wpa2_eap_aka_id_4
+ap_wpa2_eap_aka_id_5
+ap_wpa2_eap_aka_id_6
+ap_wpa2_eap_aka_id_7
+ap_wpa2_eap_aka_imsi_identity
+ap_wpa2_eap_aka_imsi_identity_fallback
+ap_wpa2_eap_aka_imsi_privacy_attr
+ap_wpa2_eap_aka_imsi_privacy_key
+ap_wpa2_eap_aka_imsi_privacy_key_expired
+ap_wpa2_eap_aka_prime
+ap_wpa2_eap_aka_prime_ext
+ap_wpa2_eap_aka_prime_ext_auth_fail
+ap_wpa2_eap_aka_prime_imsi_identity
+ap_wpa2_eap_aka_prime_imsi_privacy_key
+ap_wpa2_eap_aka_prime_sql
+ap_wpa2_eap_aka_sql
+ap_wpa2_eap_aka_sql_fallback_to_pseudonym
+ap_wpa2_eap_aka_sql_fallback_to_pseudonym_id
+ap_wpa2_eap_assoc_rsn
+ap_wpa2_eap_eke
+ap_wpa2_eap_eke_serverid_nai
+ap_wpa2_eap_eke_server_oom
+ap_wpa2_eap_expanded_nak
+ap_wpa2_eap_fast_binary_pac
+ap_wpa2_eap_fast_binary_pac_errors
+ap_wpa2_eap_fast_cipher_suites
+ap_wpa2_eap_fast_eap_aka
+ap_wpa2_eap_fast_eap_sim
+ap_wpa2_eap_fast_gtc_auth_prov
+ap_wpa2_eap_fast_missing_pac_config
+ap_wpa2_eap_fast_mschapv2_unauth_prov
+ap_wpa2_eap_fast_pac_file
+ap_wpa2_eap_fast_pac_lifetime
+ap_wpa2_eap_fast_pac_refresh
+ap_wpa2_eap_fast_pac_truncate
+ap_wpa2_eap_fast_prf_oom
+ap_wpa2_eap_fast_prov
+ap_wpa2_eap_fast_text_pac_errors
+ap_wpa2_eap_gpsk
+ap_wpa2_eap_gpsk_ptk_rekey_ap
+ap_wpa2_eap_ikev2
+ap_wpa2_eap_ikev2_as_frag
+ap_wpa2_eap_ikev2_oom
+ap_wpa2_eap_non_ascii_identity
+ap_wpa2_eap_non_ascii_identity2
+ap_wpa2_eapol_retry_limit
+ap_wpa2_eap_pax
+ap_wpa2_eap_peap_eap_mschapv2_incorrect_password
+ap_wpa2_eap_psk
+ap_wpa2_eap_psk_mac_addr_change
+ap_wpa2_eap_psk_oom
+ap_wpa2_eap_pwd
+ap_wpa2_eap_pwd_as_frag
+ap_wpa2_eap_pwd_disabled_group
+ap_wpa2_eap_pwd_groups
+ap_wpa2_eap_pwd_invalid_group
+ap_wpa2_eap_pwd_nthash
+ap_wpa2_eap_pwd_salt_sha1
+ap_wpa2_eap_pwd_salt_sha256
+ap_wpa2_eap_pwd_salt_sha512
+ap_wpa2_eap_reauth
+ap_wpa2_eap_reauth_ptk_rekey_blocked_ap
+ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
+ap_wpa2_eap_request_identity_message
+ap_wpa2_eap_sake
+ap_wpa2_eap_sake_no_control_port
+ap_wpa2_eap_sha384_psk
+ap_wpa2_eap_sim
+ap_wpa2_eap_sim_aka_result_ind
+ap_wpa2_eap_sim_change_bssid
+ap_wpa2_eap_sim_config
+ap_wpa2_eap_sim_db
+ap_wpa2_eap_sim_db_sqlite
+ap_wpa2_eap_sim_ext
+ap_wpa2_eap_sim_ext_anonymous
+ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
+ap_wpa2_eap_sim_ext_auth_fail
+ap_wpa2_eap_sim_ext_replace_sim
+ap_wpa2_eap_sim_ext_replace_sim2
+ap_wpa2_eap_sim_ext_replace_sim3
+ap_wpa2_eap_sim_id_0
+ap_wpa2_eap_sim_id_1
+ap_wpa2_eap_sim_id_2
+ap_wpa2_eap_sim_id_3
+ap_wpa2_eap_sim_id_4
+ap_wpa2_eap_sim_id_5
+ap_wpa2_eap_sim_id_6
+ap_wpa2_eap_sim_id_7
+ap_wpa2_eap_sim_imsi_identity
+ap_wpa2_eap_sim_imsi_privacy_attr
+ap_wpa2_eap_sim_imsi_privacy_key
+ap_wpa2_eap_sim_no_change_set
+ap_wpa2_eap_sim_oom
+ap_wpa2_eap_sim_sql
+ap_wpa2_eap_sim_sql_fallback_to_pseudonym
+ap_wpa2_eap_sim_zero_db_timeout
+ap_wpa2_eap_tls_13_ec
+ap_wpa2_eap_tls_13_missing_prot_success
+ap_wpa2_eap_tls_blob_missing
+ap_wpa2_eap_tls_check_cert_subject_neg
+ap_wpa2_eap_tls_diff_ca_trust2
+ap_wpa2_eap_tls_domain_mismatch_cn
+ap_wpa2_eap_tls_domain_suffix_mismatch_cn
+ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp
+ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1
+ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1
+ap_wpa2_eap_tls_neg_incorrect_trust_root
+ap_wpa2_eap_tls_ocsp_multi
+ap_wpa2_eap_tls_ocsp_multi_revoked
+ap_wpa2_eap_tls_oom
+ap_wpa2_eap_tls_versions
+ap_wpa2_eap_tls_versions_server
+ap_wpa2_eap_too_many_roundtrips_server
+ap_wpa2_eap_too_many_roundtrips_server2
+ap_wpa2_eap_ttls_chap_incorrect_password
+ap_wpa2_eap_ttls_dh_params_invalid
+ap_wpa2_eap_ttls_dh_params_not_found
+ap_wpa2_eap_ttls_eap_gtc_incorrect_password
+ap_wpa2_eap_ttls_eap_gtc_no_password
+ap_wpa2_eap_ttls_eap_md5_incorrect_password
+ap_wpa2_eap_ttls_eap_md5_no_password
+ap_wpa2_eap_ttls_eap_mschapv2_no_password
+ap_wpa2_eap_ttls_expired_cert
+ap_wpa2_eap_ttls_ignore_expired_cert
+ap_wpa2_eap_ttls_invalid_phase2
+ap_wpa2_eap_ttls_long_duration
+ap_wpa2_eap_ttls_mschap_incorrect_password
+ap_wpa2_eap_ttls_mschapv2_incorrect_password
+ap_wpa2_eap_ttls_ocsp_revoked
+ap_wpa2_eap_ttls_ocsp_unknown
+ap_wpa2_eap_ttls_pap_check_cert_subject_neg
+ap_wpa2_eap_ttls_pap_incorrect_password
+ap_wpa2_eap_ttls_server_cert_eku_client
+ap_wpa2_eap_ttls_server_cert_hash
+ap_wpa2_eap_ttls_server_cert_hash_invalid
+ap_wpa2_eap_vendor_test
+ap_wpa2_eap_vendor_test_oom
+ap_wpa2_eap_wildcard_ssid
+ap_wpa2_ext_add_to_bridge
+ap_wpa2_gmk_rekey
+ap_wpa2_gtk_initial_rsc_ccmp_256
+ap_wpa2_gtk_initial_rsc_tkip
+ap_wpa2_gtk_rekey
+ap_wpa2_gtk_rekey_fail_1_sta
+ap_wpa2_gtk_rekey_failure
+ap_wpa2_gtk_rekey_request
+ap_wpa2_igtk_initial_rsc_aes_128_cmac
+ap_wpa2_igtk_initial_rsc_bip_cmac_256
+ap_wpa2_igtk_initial_rsc_bip_gmac_128
+ap_wpa2_igtk_initial_rsc_bip_gmac_256
+ap_wpa2_plaintext_group_m1
+ap_wpa2_plaintext_group_m1_pmf
+ap_wpa2_plaintext_m1_m3
+ap_wpa2_plaintext_m1_m3_pmf
+ap_wpa2_plaintext_m3
+ap_wpa2_psk
+ap_wpa2_psk_4addr
+ap_wpa2_psk_ap_control_port
+ap_wpa2_psk_assoc_rsn
+ap_wpa2_psk_assoc_rsn_pmkid
+ap_wpa2_psk_disable_enable
+ap_wpa2_psk_drop_first_msg_4
+ap_wpa2_psk_ext
+ap_wpa2_psk_ext_delayed_ptk_rekey
+ap_wpa2_psk_ext_eapol
+ap_wpa2_psk_ext_eapol_key_info
+ap_wpa2_psk_ext_eapol_retry1
+ap_wpa2_psk_ext_eapol_retry1b
+ap_wpa2_psk_ext_eapol_retry1c
+ap_wpa2_psk_ext_eapol_retry1d
+ap_wpa2_psk_ext_eapol_type_diff
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
+ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
+ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
+ap_wpa2_psk_ext_retry_msg_3
+ap_wpa2_psk_ext_retry_msg_3b
+ap_wpa2_psk_ext_retry_msg_3c
+ap_wpa2_psk_ext_retry_msg_3d
+ap_wpa2_psk_ext_retry_msg_3e
+ap_wpa2_psk_file
+ap_wpa2_psk_file_errors
+ap_wpa2_psk_file_keyid
+ap_wpa2_psk_ft_workaround
+ap_wpa2_psk_incorrect_passphrase
+ap_wpa2_psk_local_error
+ap_wpa2_psk_mem
+ap_wpa2_psk_mic_0
+ap_wpa2_psk_no_random
+ap_wpa2_psk_rsne_mismatch_ap
+ap_wpa2_psk_rsne_mismatch_ap2
+ap_wpa2_psk_rsne_mismatch_ap3
+ap_wpa2_psk_rsnxe_mismatch_ap
+ap_wpa2_psk_supp_proto
+ap_wpa2_psk_supp_proto_anonce_change
+ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3
+ap_wpa2_psk_supp_proto_gtk_not_encrypted
+ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround
+ap_wpa2_psk_supp_proto_ie_mismatch
+ap_wpa2_psk_supp_proto_msg_1_invalid_kde
+ap_wpa2_psk_supp_proto_no_gtk
+ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
+ap_wpa2_psk_supp_proto_no_ie
+ap_wpa2_psk_supp_proto_ok
+ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
+ap_wpa2_psk_supp_proto_too_long_gtk_kde
+ap_wpa2_psk_supp_proto_unexpected_group_msg
+ap_wpa2_psk_supp_proto_wrong_group_key_len
+ap_wpa2_psk_supp_proto_wrong_pairwise_key_len
+ap_wpa2_psk_unexpected
+ap_wpa2_psk_wep
+ap_wpa2_psk_wildcard_ssid
+ap_wpa2_ptk_rekey
+ap_wpa2_ptk_rekey_anonce
+ap_wpa2_ptk_rekey_ap
+ap_wpa2_ptk_rekey_blocked_ap
+ap_wpa2_ptk_rekey_blocked_sta
+ap_wpa2_sha256_ptk_rekey
+ap_wpa2_sha256_ptk_rekey_ap
+ap_wpa2_strict_rekey
+ap_wpa2_tdls
+ap_wpa2_tdls_bssid_mismatch
+ap_wpa2_tdls_concurrent_init
+ap_wpa2_tdls_concurrent_init2
+ap_wpa2_tdls_decline_resp
+ap_wpa2_tdls_diff_rsnie
+ap_wpa2_tdls_double_tpk_m2
+ap_wpa2_tdls_long_frame
+ap_wpa2_tdls_long_lifetime
+ap_wpa2_tdls_reneg
+ap_wpa2_tdls_responder_teardown
+ap_wpa2_tdls_wrong_lifetime_resp
+ap_wpa2_tdls_wrong_tpk_m2_mic
+ap_wpa2_tdls_wrong_tpk_m3_mic
+ap_wpa2_test_command_failures
+ap_wpa3_eap_transition_disable
+ap_wpa_gtk_rekey
+ap_wpa_ie_parsing
+ap_wpa_mixed_tdls
+ap_wpa_psk_ext_eapol
+ap_wpa_psk_rsn_pairwise
+ap_wpa_ptk_rekey
+ap_wpa_ptk_rekey_ap
+ap_wpa_tdls
+ap_wps_adv_oom
+ap_wps_and_bss_limit
+ap_wps_and_non_wps
+ap_wps_and_sae
+ap_wps_ap_pin_failure
+ap_wps_appl_ext
+ap_wps_ap_scan_2
+ap_wps_assoc_req_ie_oom
+ap_wps_assoc_resp_ie_oom
+ap_wps_authenticator_mismatch_m2
+ap_wps_authenticator_mismatch_m3
+ap_wps_authenticator_mismatch_m4
+ap_wps_authenticator_mismatch_m5
+ap_wps_authenticator_mismatch_m6
+ap_wps_authenticator_mismatch_m7
+ap_wps_authenticator_mismatch_m8
+ap_wps_authenticator_missing_m2
+ap_wps_check_pin
+ap_wps_conf_and_sae
+ap_wps_conf_and_sae_h2e
+ap_wps_config_methods
+ap_wps_config_without_wps
+ap_wps_conf_pin
+ap_wps_conf_pin_2sta
+ap_wps_conf_pin_ccmp_256
+ap_wps_conf_pin_gcmp_128
+ap_wps_conf_pin_gcmp_256
+ap_wps_conf_pin_mixed_mode
+ap_wps_conf_pin_timeout
+ap_wps_conf_pin_v1
+ap_wps_conf_stub_cred
+ap_wps_disabled
+ap_wps_disable_enable
+ap_wps_eapol_workaround
+ap_wps_eap_wsc
+ap_wps_eap_wsc_errors
+ap_wps_e_hash_no_random_sta
+ap_wps_encr_no_random_ap
+ap_wps_encr_oom_ap
+ap_wps_er_add_enrollee_uuid
+ap_wps_er_cache_ap_settings
+ap_wps_er_cache_ap_settings_oom
+ap_wps_er_cache_ap_settings_oom2
+ap_wps_er_config_ap
+ap_wps_er_enrollee_to_conf_ap
+ap_wps_er_enrollee_to_conf_ap2
+ap_wps_er_http_client
+ap_wps_er_http_client_timeout
+ap_wps_er_http_proto
+ap_wps_er_http_proto_control_url_dns
+ap_wps_er_http_proto_event_sub_url_dns
+ap_wps_er_http_proto_invalid_sid_no_uuid
+ap_wps_er_http_proto_invalid_sid_uuid
+ap_wps_er_http_proto_no_control_url
+ap_wps_er_http_proto_no_event_sub_url
+ap_wps_er_http_proto_no_sid
+ap_wps_er_http_proto_subscribe_failing
+ap_wps_er_http_proto_subscribe_invalid_response
+ap_wps_er_http_proto_subscribe_oom
+ap_wps_er_http_proto_upnp_info_invalid_udn_uuid
+ap_wps_er_http_proto_upnp_info_no_device
+ap_wps_er_http_proto_upnp_info_no_device_type
+ap_wps_er_init_fail
+ap_wps_er_init_oom
+ap_wps_er_learn_oom
+ap_wps_er_link_update
+ap_wps_er_multi_add_enrollee
+ap_wps_er_oom
+ap_wps_er_pbc_overlap
+ap_wps_er_set_sel_reg_oom
+ap_wps_er_ssdp_proto
+ap_wps_er_subscribe_oom
+ap_wps_er_unsubscribe_errors
+ap_wps_er_url_parse
+ap_wps_er_v10_add_enrollee_pin
+ap_wps_frag_ack_oom
+ap_wps_fragmentation
+ap_wps_from_event
+ap_wps_ie_fragmentation
+ap_wps_ie_invalid
+ap_wps_ignore_broadcast_ssid
+ap_wps_incorrect_pin
+ap_wps_init
+ap_wps_init_2ap_pbc
+ap_wps_init_2ap_pin
+ap_wps_init_oom
+ap_wps_init_through_wps_config
+ap_wps_init_through_wps_config_2
+ap_wps_invalid_assoc_req_elem
+ap_wps_invalid_wps_config_passphrase
+ap_wps_m1_no_random
+ap_wps_m1_oom
+ap_wps_m2_dev_passwd_id_change_pbc_to_pin
+ap_wps_m2_dev_passwd_id_change_pin_to_pbc
+ap_wps_m2_dev_passwd_id_p2p
+ap_wps_m2_invalid
+ap_wps_m2_missing_dev_passwd_id
+ap_wps_m2_missing_enrollee_nonce
+ap_wps_m2_missing_msg_type
+ap_wps_m2_missing_registrar_nonce
+ap_wps_m2_missing_uuid_r
+ap_wps_m2_msg_type_m4
+ap_wps_m2_msg_type_m6
+ap_wps_m2_msg_type_m8
+ap_wps_m2_unknown_msg_type
+ap_wps_m2_unknown_opcode
+ap_wps_m2_unknown_opcode2
+ap_wps_m2_unknown_opcode3
+ap_wps_m3_oom
+ap_wps_m4_msg_type_m2
+ap_wps_m4_msg_type_m2d
+ap_wps_m5_no_random
+ap_wps_m5_oom
+ap_wps_m7_no_random
+ap_wps_m7_oom
+ap_wps_mixed_cred
+ap_wps_new_version_ap
+ap_wps_new_version_sta
+ap_wps_passive_scan
+ap_wps_pbc_2ap
+ap_wps_pbc_in_m1
+ap_wps_pbc_mac_addr_change
+ap_wps_pbc_overlap_2ap
+ap_wps_pbc_overlap_2ap_specific_bssid
+ap_wps_pbc_overlap_2sta
+ap_wps_pbc_pin_mismatch
+ap_wps_pbc_session_workaround
+ap_wps_per_station_psk
+ap_wps_per_station_psk_failure
+ap_wps_per_station_psk_preset
+ap_wps_pin_get_failure
+ap_wps_pin_request_file
+ap_wps_pin_start_failure
+ap_wps_pk_oom
+ap_wps_pk_oom_ap
+ap_wps_priority
+ap_wps_probe_req_ie_oom
+ap_wps_random_ap_pin
+ap_wps_random_psk_fail
+ap_wps_random_uuid
+ap_wps_reg_config
+ap_wps_reg_config_and_sae
+ap_wps_reg_config_ext_processing
+ap_wps_reg_config_tkip
+ap_wps_reg_connect
+ap_wps_reg_connect_mixed_mode
+ap_wps_reg_connect_zero_len_ap_pin
+ap_wps_registrar_init_errors
+ap_wps_reg_override_ap_settings
+ap_wps_rf_bands
+ap_wps_scan_prio_order
+ap_wps_set_selected_registrar_proto
+ap_wps_setup_locked
+ap_wps_setup_locked_2
+ap_wps_ssdp_burst
+ap_wps_ssdp_invalid_msearch
+ap_wps_ssdp_msearch
+ap_wps_tkip
+ap_wps_twice
+ap_wps_upnp
+ap_wps_upnp_http_proto
+ap_wps_upnp_http_proto_chunked
+ap_wps_upnp_subscribe
+ap_wps_upnp_subscribe_events
+ap_wps_upnp_web_oom
+ap_wps_wep
+ap_wps_wep_config
+ap_wps_wep_enroll
+ap_wps_while_connected
+ap_wps_while_connected_no_autoconnect
+ap_wps_wpa_cli_action
+ap_wps_wsc_done_oom
+cert_check_basic
+cert_check_dnsname
+cert_check_dnsname_alt
+cert_check_dnsname_cn
+cert_check_dnsname_wildcard
+cert_check_v3
+dpp_akm_sha256
+dpp_akm_sha384
+dpp_akm_sha512
+dpp_and_sae_akm
+dpp_ap_config
+dpp_ap_config_bp256_bp256
+dpp_ap_config_bp256_p256
+dpp_ap_config_bp384_bp384
+dpp_ap_config_bp512_bp512
+dpp_ap_config_bp512_p521
+dpp_ap_config_p256_bp256
+dpp_ap_config_p256_p256
+dpp_ap_config_p256_p384
+dpp_ap_config_p256_p521
+dpp_ap_config_p384_p256
+dpp_ap_config_p384_p384
+dpp_ap_config_p384_p521
+dpp_ap_config_p521_bp512
+dpp_ap_config_p521_p256
+dpp_ap_config_p521_p384
+dpp_ap_config_p521_p521
+dpp_ap_config_reconfig_configurator
+dpp_ap_config_sae
+dpp_auth_req_retries
+dpp_auth_req_retries_multi_chan
+dpp_auth_req_stop_after_ack
+dpp_auth_resp_aes_siv_issue
+dpp_auth_resp_retries
+dpp_auth_resp_status_failure
+dpp_auto_connect_2_connect_cmd
+dpp_auto_connect_legacy
+dpp_auto_connect_legacy_pmf_required
+dpp_auto_connect_legacy_psk_sae_1
+dpp_auto_connect_legacy_psk_sae_2
+dpp_auto_connect_legacy_psk_sae_3
+dpp_auto_connect_legacy_sae_1
+dpp_auto_connect_legacy_sae_2
+dpp_auto_connect_legacy_ssid_charset
+dpp_bootstrap_gen_failures
+dpp_bootstrap_key_autogen_issues
+dpp_chirp_ap
+dpp_chirp_ap_as_configurator
+dpp_chirp_ap_errors
+dpp_chirp_configurator
+dpp_chirp_configurator_inits
+dpp_conf_file_update
+dpp_config_connector_error_empty_groups
+dpp_config_connector_error_expired_1
+dpp_config_connector_error_expired_2
+dpp_config_connector_error_expired_3
+dpp_config_connector_error_expired_4
+dpp_config_connector_error_expired_5
+dpp_config_connector_error_expired_6
+dpp_config_connector_error_ext_sign
+dpp_config_connector_error_invalid_timestamp
+dpp_config_connector_error_invalid_timestamp_date
+dpp_config_connector_error_invalid_time_zone
+dpp_config_connector_error_invalid_time_zone_2
+dpp_config_connector_error_missing_group_id
+dpp_config_connector_error_missing_net_access_key
+dpp_config_connector_error_missing_net_role
+dpp_config_connector_error_net_access_key_mismatch
+dpp_config_connector_error_no_groups
+dpp_config_connector_error_too_short_timestamp
+dpp_config_dpp_gen_3rd_party
+dpp_config_dpp_gen_expired_key
+dpp_config_dpp_gen_expiry
+dpp_config_dpp_gen_prime256v1
+dpp_config_dpp_gen_prime256v1_prime256v1
+dpp_config_dpp_gen_prime256v1_secp384r1
+dpp_config_dpp_gen_prime256v1_secp384r1_secp384r1
+dpp_config_dpp_gen_prime256v1_secp521r1
+dpp_config_dpp_gen_secp384r1
+dpp_config_dpp_gen_secp384r1_prime256v1
+dpp_config_dpp_gen_secp384r1_secp384r1
+dpp_config_dpp_gen_secp384r1_secp521r1
+dpp_config_dpp_gen_secp521r1
+dpp_config_dpp_gen_secp521r1_prime256v1
+dpp_config_dpp_gen_secp521r1_secp384r1
+dpp_config_dpp_gen_secp521r1_secp521r1
+dpp_config_dpp_override_prime256v1
+dpp_config_dpp_override_secp384r1
+dpp_config_dpp_override_secp521r1
+dpp_config_error_legacy_invalid_psk
+dpp_config_error_legacy_no_pass
+dpp_config_error_legacy_no_pass_for_sae
+dpp_config_error_legacy_psk_with_sae
+dpp_config_error_legacy_too_long_pass
+dpp_config_error_legacy_too_short_pass
+dpp_config_error_legacy_too_short_psk
+dpp_config_fragmentation
+dpp_config_jwk_error_invalid_x
+dpp_config_jwk_error_invalid_xy
+dpp_config_jwk_error_invalid_y
+dpp_config_jwk_error_no_crv
+dpp_config_jwk_error_no_kid
+dpp_config_jwk_error_no_kty
+dpp_config_jwk_error_no_x
+dpp_config_jwk_error_no_y
+dpp_config_jwk_error_unexpected_kty
+dpp_config_jwk_error_unsupported_crv
+dpp_config_jws_error_prot_hdr_no_alg
+dpp_config_jws_error_prot_hdr_no_kid
+dpp_config_jws_error_prot_hdr_not_an_object
+dpp_config_jws_error_prot_hdr_no_typ
+dpp_config_jws_error_prot_hdr_unexpected_alg
+dpp_config_jws_error_prot_hdr_unexpected_kid
+dpp_config_jws_error_prot_hdr_unsupported_typ
+dpp_config_legacy
+dpp_config_legacy_gen
+dpp_config_legacy_gen_psk
+dpp_config_legacy_gen_sta_ap_conf
+dpp_config_legacy_gen_two_conf
+dpp_config_legacy_gen_two_conf_psk
+dpp_config_legacy_psk_hex
+dpp_config_no_cred
+dpp_config_no_cred_akm
+dpp_config_no_csign
+dpp_config_no_discovery
+dpp_config_no_discovery_ssid
+dpp_config_no_signed_connector
+dpp_config_no_wi_fi_tech
+dpp_config_override_objects
+dpp_config_root_not_an_object
+dpp_config_save
+dpp_config_save2
+dpp_config_save3
+dpp_config_signed_connector_error_invalid_signature_der
+dpp_config_signed_connector_error_no_dot_1
+dpp_config_signed_connector_error_no_dot_2
+dpp_config_signed_connector_error_unexpected_signature_len
+dpp_config_too_long_discovery_ssid
+dpp_config_unexpected_signed_connector_char
+dpp_config_unsupported_cred_akm
+dpp_config_unsupported_wi_fi_tech
+dpp_configurator_enroll_conf
+dpp_configurator_enrollee
+dpp_configurator_enrollee_brainpoolP256r1
+dpp_configurator_enrollee_brainpoolP384r1
+dpp_configurator_enrollee_brainpoolP512r1
+dpp_configurator_enrollee_prime256v1
+dpp_configurator_enrollee_secp384r1
+dpp_configurator_enrollee_secp521r1
+dpp_configurator_id_unknown
+dpp_conn_status_assoc_reject
+dpp_conn_status_connector_mismatch
+dpp_conn_status_no_ap
+dpp_conn_status_success
+dpp_conn_status_wrong_passphrase
+dpp_controller_init_through_relay
+dpp_controller_init_through_relay_add
+dpp_controller_init_through_relay_dynamic
+dpp_controller_relay
+dpp_controller_relay_chirp
+dpp_controller_relay_chirp_duplicate
+dpp_controller_relay_discover
+dpp_controller_relay_pkex
+dpp_controller_rx_errors
+dpp_controller_rx_failure
+dpp_discard_public_action
+dpp_duplicated_auth_conf
+dpp_duplicated_auth_resp
+dpp_enrollee_ap_reject_config
+dpp_enrollee_reject_config
+dpp_enterprise
+dpp_enterprise_reject
+dpp_enterprise_tcp
+dpp_enterprise_tcp2
+dpp_gas
+dpp_gas_comeback_after_failure
+dpp_gas_timeout
+dpp_gas_timeout_handling
+dpp_hostapd_auth_conf_timeout
+dpp_hostapd_auth_resp_retries
+dpp_hostapd_configurator
+dpp_hostapd_configurator_enrollee_v1
+dpp_hostapd_configurator_fragmentation
+dpp_hostapd_configurator_override_objects
+dpp_hostapd_configurator_responder
+dpp_hostapd_enrollee_fragmentation
+dpp_hostapd_enrollee_gas_errors
+dpp_hostapd_enrollee_gas_proto
+dpp_hostapd_enrollee_gas_timeout
+dpp_hostapd_enrollee_gas_timeout_comeback
+dpp_hostapd_enrollee_gas_tx_status_errors
+dpp_intro_mismatch
+dpp_invalid_configurator_key
+dpp_invalid_legacy_params
+dpp_invalid_legacy_params2
+dpp_keygen_configurator_error
+dpp_nfc_negotiated_handover_diff_curve
+dpp_nfc_negotiated_handover_hostapd_req
+dpp_nfc_negotiated_handover_hostapd_sel
+dpp_own_config
+dpp_own_config_ap
+dpp_own_config_ap_group_id
+dpp_own_config_ap_reconf
+dpp_own_config_curve_mismatch
+dpp_own_config_group_id
+dpp_own_config_sign_fail
+dpp_peer_intro_failures
+dpp_peer_intro_local_failures
+dpp_pfs_ap_0
+dpp_pfs_ap_0_sta_ver1
+dpp_pfs_ap_2
+dpp_pfs_connect_cmd_ap_2
+dpp_pfs_connect_cmd_ap_2_sae
+dpp_pkex
+dpp_pkex_after_retry
+dpp_pkex_alloc_fail
+dpp_pkex_bp256
+dpp_pkex_bp384
+dpp_pkex_bp512
+dpp_pkex_code_mismatch
+dpp_pkex_code_mismatch_limit
+dpp_pkex_commit_reveal_req_processing_failure
+dpp_pkex_config
+dpp_pkex_config2
+dpp_pkex_curve_mismatch
+dpp_pkex_curve_mismatch_failure
+dpp_pkex_curve_mismatch_failure2
+dpp_pkex_exchange_resp_processing_failure
+dpp_pkex_hostapd_errors
+dpp_pkex_identifier_mismatch
+dpp_pkex_identifier_mismatch2
+dpp_pkex_identifier_mismatch3
+dpp_pkex_nak_curve_change
+dpp_pkex_nak_curve_change2
+dpp_pkex_no_identifier
+dpp_pkex_no_responder
+dpp_pkex_p256
+dpp_pkex_p384
+dpp_pkex_p521
+dpp_pkex_test_fail
+dpp_pkex_test_vector
+dpp_pkex_v2
+dpp_pkex_v2_hostapd_initiator
+dpp_pkex_v2_hostapd_responder
+dpp_proto_after_wrapped_data_auth_conf
+dpp_proto_after_wrapped_data_auth_req
+dpp_proto_after_wrapped_data_auth_resp
+dpp_proto_after_wrapped_data_conf_req
+dpp_proto_after_wrapped_data_conf_resp
+dpp_proto_after_wrapped_data_pkex_cr_req
+dpp_proto_after_wrapped_data_pkex_cr_resp
+dpp_proto_auth_conf_i_auth_mismatch
+dpp_proto_auth_conf_invalid_i_bootstrap_key
+dpp_proto_auth_conf_invalid_r_bootstrap_key
+dpp_proto_auth_conf_invalid_status
+dpp_proto_auth_conf_no_i_auth
+dpp_proto_auth_conf_no_i_bootstrap_key
+dpp_proto_auth_conf_no_r_bootstrap_key
+dpp_proto_auth_conf_no_status
+dpp_proto_auth_conf_no_wrapped_data
+dpp_proto_auth_conf_replaced_by_resp
+dpp_proto_auth_req_invalid_i_bootstrap_key
+dpp_proto_auth_req_invalid_i_nonce
+dpp_proto_auth_req_invalid_i_proto_key
+dpp_proto_auth_req_invalid_r_bootstrap_key
+dpp_proto_auth_req_no_i_bootstrap_key
+dpp_proto_auth_req_no_i_capab
+dpp_proto_auth_req_no_i_nonce
+dpp_proto_auth_req_no_i_proto_key
+dpp_proto_auth_req_no_r_bootstrap_key
+dpp_proto_auth_req_no_wrapped_data
+dpp_proto_auth_resp_incompatible_r_capab
+dpp_proto_auth_resp_i_nonce_mismatch
+dpp_proto_auth_resp_invalid_i_bootstrap_key
+dpp_proto_auth_resp_invalid_r_bootstrap_key
+dpp_proto_auth_resp_invalid_r_proto_key
+dpp_proto_auth_resp_invalid_status
+dpp_proto_auth_resp_no_i_bootstrap_key
+dpp_proto_auth_resp_no_i_nonce
+dpp_proto_auth_resp_no_r_auth
+dpp_proto_auth_resp_no_r_bootstrap_key
+dpp_proto_auth_resp_no_r_capab
+dpp_proto_auth_resp_no_r_nonce
+dpp_proto_auth_resp_no_r_proto_key
+dpp_proto_auth_resp_no_status
+dpp_proto_auth_resp_no_wrapped_data
+dpp_proto_auth_resp_r_auth_mismatch
+dpp_proto_auth_resp_r_auth_mismatch_failure
+dpp_proto_auth_resp_r_auth_mismatch_failure2
+dpp_proto_auth_resp_status_invalid_i_bootstrap_key
+dpp_proto_auth_resp_status_invalid_r_bootstrap_key
+dpp_proto_auth_resp_status_no_i_bootstrap_key
+dpp_proto_auth_resp_status_no_i_nonce
+dpp_proto_auth_resp_status_no_r_bootstrap_key
+dpp_proto_auth_resp_status_no_status
+dpp_proto_conf_req_invalid_config_attr_obj
+dpp_proto_conf_req_invalid_e_nonce
+dpp_proto_conf_req_no_config_attr_obj
+dpp_proto_conf_req_no_e_nonce
+dpp_proto_conf_req_no_wrapped_data
+dpp_proto_conf_resp_e_nonce_mismatch
+dpp_proto_conf_resp_invalid_status
+dpp_proto_conf_resp_no_config_obj
+dpp_proto_conf_resp_no_e_nonce
+dpp_proto_conf_resp_no_status
+dpp_proto_conf_resp_no_wrapped_data
+dpp_proto_network_introduction
+dpp_proto_pkex_cr_req_i_auth_tag_mismatch
+dpp_proto_pkex_cr_req_invalid_bootstrap_key
+dpp_proto_pkex_cr_req_no_bootstrap_key
+dpp_proto_pkex_cr_req_no_i_auth_tag
+dpp_proto_pkex_cr_req_no_wrapped_data
+dpp_proto_pkex_cr_resp_invalid_bootstrap_key
+dpp_proto_pkex_cr_resp_no_bootstrap_key
+dpp_proto_pkex_cr_resp_no_r_auth_tag
+dpp_proto_pkex_cr_resp_no_wrapped_data
+dpp_proto_pkex_cr_resp_r_auth_tag_mismatch
+dpp_proto_pkex_exchange_req_invalid_encrypted_key
+dpp_proto_pkex_exchange_req_no_encrypted_key
+dpp_proto_pkex_exchange_req_no_finite_cyclic_group
+dpp_proto_pkex_exchange_resp_invalid_encrypted_key
+dpp_proto_pkex_exchange_resp_invalid_status
+dpp_proto_pkex_exchange_resp_no_encrypted_key
+dpp_proto_pkex_exchange_resp_no_status
+dpp_proto_stop_at_auth_conf
+dpp_proto_stop_at_auth_conf_tx
+dpp_proto_stop_at_auth_conf_tx2
+dpp_proto_stop_at_auth_req
+dpp_proto_stop_at_auth_resp
+dpp_proto_stop_at_conf_req
+dpp_proto_stop_at_pkex_cr_req
+dpp_proto_stop_at_pkex_cr_resp
+dpp_proto_stop_at_pkex_exchange_resp
+dpp_proto_zero_i_capab
+dpp_proto_zero_r_capab
+dpp_qr_code_auth_broadcast
+dpp_qr_code_auth_enrollee_init_netrole
+dpp_qr_code_auth_hostapd_mutual2
+dpp_qr_code_auth_incompatible_roles
+dpp_qr_code_auth_incompatible_roles2
+dpp_qr_code_auth_incompatible_roles_failure
+dpp_qr_code_auth_incompatible_roles_failure2
+dpp_qr_code_auth_incompatible_roles_failure3
+dpp_qr_code_auth_initiator_either_1
+dpp_qr_code_auth_initiator_either_2
+dpp_qr_code_auth_initiator_either_3
+dpp_qr_code_auth_initiator_enrollee
+dpp_qr_code_auth_mutual
+dpp_qr_code_auth_mutual2
+dpp_qr_code_auth_mutual_bp_256
+dpp_qr_code_auth_mutual_bp_384
+dpp_qr_code_auth_mutual_bp_512
+dpp_qr_code_auth_mutual_curve_mismatch
+dpp_qr_code_auth_mutual_not_used
+dpp_qr_code_auth_mutual_p_256
+dpp_qr_code_auth_mutual_p_384
+dpp_qr_code_auth_mutual_p_521
+dpp_qr_code_auth_neg_chan
+dpp_qr_code_auth_rand_mac_addr
+dpp_qr_code_auth_responder_configurator
+dpp_qr_code_auth_responder_configurator_group_id
+dpp_qr_code_auth_unicast
+dpp_qr_code_auth_unicast_ap_enrollee
+dpp_qr_code_chan_list_no_match
+dpp_qr_code_chan_list_no_peer_unicast
+dpp_qr_code_chan_list_unicast
+dpp_qr_code_chan_list_unicast2
+dpp_qr_code_config_event_initiator_both
+dpp_qr_code_config_event_initiator_failure
+dpp_qr_code_config_event_initiator_no_response
+dpp_qr_code_config_event_initiator_slow
+dpp_qr_code_curve_brainpoolP256r1
+dpp_qr_code_curve_brainpoolP384r1
+dpp_qr_code_curve_brainpoolP512r1
+dpp_qr_code_curve_prime256v1
+dpp_qr_code_curves
+dpp_qr_code_curves_brainpool
+dpp_qr_code_curve_secp384r1
+dpp_qr_code_curve_secp521r1
+dpp_qr_code_curve_select
+dpp_qr_code_hostapd_ignore_mismatch
+dpp_qr_code_hostapd_init
+dpp_qr_code_hostapd_init_offchannel
+dpp_qr_code_hostapd_init_offchannel_configurator
+dpp_qr_code_hostapd_init_offchannel_neg_freq
+dpp_qr_code_keygen_fail
+dpp_qr_code_listen_continue
+dpp_qr_code_no_chan_list_broadcast
+dpp_qr_code_no_chan_list_unicast
+dpp_qr_code_parsing
+dpp_qr_code_parsing_fail
+dpp_qr_code_set_key
+dpp_qr_code_unsupported_curve
+dpp_reconfig_connector
+dpp_reconfig_connector_different_groups
+dpp_reconfig_hostapd_configurator
+dpp_relay_incomplete_connections
+dpp_tcp
+dpp_tcp_conf_init
+dpp_tcp_conf_init_hostapd_enrollee
+dpp_tcp_controller_management_hostapd
+dpp_tcp_controller_management_hostapd2
+dpp_tcp_controller_start_failure
+dpp_tcp_init_failure
+dpp_tcp_mutual
+dpp_tcp_mutual_hostapd_conf
+dpp_tcp_pkex
+dpp_tcp_pkex_auto_connect_2
+dpp_tcp_pkex_auto_connect_2_status
+dpp_tcp_pkex_auto_connect_2_status_fail
+dpp_tcp_pkex_while_associated
+dpp_tcp_pkex_while_associated_conn_status
+dpp_tcp_port
+dpp_tcp_qr_code_config_event_initiator
+dpp_test_vector_p_256
+dpp_test_vector_p_256_b
+dpp_test_vector_p_521
+dpp_truncated_attr
+dpp_two_initiators
+dpp_uri_host
+dpp_uri_supported_curves
+dpp_uri_version
+dpp_with_p2p_device
+eap_canned_failure_before_method
+eap_canned_success_after_identity
+eap_canned_success_before_method
+eap_fast_proto
+eap_fast_proto_phase2
+eap_fast_tlv_nak_oom
+eap_gpsk_errors
+eap_mschapv2_errors
+eap_nak_expanded
+eap_nak_oom
+eap_proto
+eap_proto_aka
+eap_proto_aka_errors
+eap_proto_aka_prime
+eap_proto_aka_prime_errors
+eap_proto_eke
+eap_proto_eke_errors
+eap_proto_erp
+eap_proto_expanded
+eap_proto_fast_errors
+eap_proto_gpsk
+eap_proto_gpsk_errors_server
+eap_proto_gpsk_server
+eap_proto_ikev2
+eap_proto_ikev2_errors
+eap_proto_ikev2_errors_server
+eap_proto_ikev2_server
+eap_proto_leap
+eap_proto_leap_errors
+eap_proto_md5
+eap_proto_md5_errors
+eap_proto_md5_errors_server
+eap_proto_md5_server
+eap_proto_mschapv2
+eap_proto_mschapv2_errors
+eap_proto_notification_errors
+eap_proto_otp
+eap_proto_otp_errors
+eap_proto_pax
+eap_proto_pax_errors
+eap_proto_pax_errors_server
+eap_proto_pax_server
+eap_proto_psk
+eap_proto_psk_errors
+eap_proto_psk_errors_server
+eap_proto_psk_server
+eap_proto_pwd
+eap_proto_pwd_errors
+eap_proto_pwd_errors_server
+eap_proto_pwd_invalid_element
+eap_proto_pwd_invalid_element_peer
+eap_proto_pwd_invalid_scalar
+eap_proto_pwd_invalid_scalar_peer
+eap_proto_pwd_reflection_attack
+eap_proto_pwd_server
+eap_proto_pwd_unexpected_fragment
+eap_proto_sake
+eap_proto_sake_errors
+eap_proto_sake_errors2
+eap_proto_sake_errors_server
+eap_proto_sake_server
+eap_proto_sim
+eap_proto_sim_errors
+eap_proto_tls
+eap_proto_tnc
+eap_proto_wsc
+eap_teap_basic_password_auth_failure
+eap_teap_basic_password_auth_id2
+eap_teap_basic_password_auth_no_password
+eap_teap_basic_password_auth_user_and_machine_fail_machine
+eap_teap_basic_password_auth_user_and_machine_fail_user
+eap_teap_basic_password_auth_user_and_machine_no_machine
+eap_teap_eap_eke_unauth_server_prov
+eap_teap_eap_mschapv2_id2
+eap_teap_eap_mschapv2_pac_no_ca_cert
+eap_teap_eap_mschapv2_user_and_machine_fail_machine
+eap_teap_eap_mschapv2_user_and_machine_fail_user
+eap_teap_eap_mschapv2_user_and_machine_no_machine
+eap_teap_tls_cs_sha1
+eap_teap_tls_cs_sha256
+eap_teap_tls_cs_sha384
+eap_tls_sha384
+eap_tls_sha512
+ext_password_file_psk
+ext_password_interworking
+ext_password_psk
+ext_password_psk_not_found
+ext_password_sae
+ext_radio_work
+ext_radio_work_disconnect_connect
+fils_sk_pfs_25
+gas_anqp_address3_ap_non_compliant
+gas_anqp_capab_list
+gas_anqp_extra_elements
+gas_anqp_get
+gas_anqp_get_no_scan
+gas_anqp_get_oom
+gas_anqp_hs20_proto
+gas_anqp_icon_binary_proto
+gas_anqp_oom_hapd
+gas_anqp_oom_wpas
+gas_anqp_overrides
+gas_anqp_venue_url
+gas_anqp_venue_url2
+gas_anqp_venue_url_pmf
+gas_comeback_delay
+gas_comeback_delay_long
+gas_comeback_delay_long2
+gas_comeback_resp_additional_delay
+gas_concurrent_scan
+gas_delete_at_deinit
+gas_failures
+gas_failure_status_code
+gas_fragment
+gas_fragment_mcc
+gas_fragment_with_comeback_delay
+gas_fragment_with_comeback_delay_mcc
+gas_generic
+gas_invalid_response_type
+gas_malformed
+gas_malformed_comeback_resp
+gas_max_pending
+gas_missing_payload
+gas_no_dialog_token_match
+gas_no_pending
+gas_query_deinit
+gas_rand_ta
+gas_request_oom
+gas_server_oom
+hostapd_oom_open
+hostapd_oom_wpa2_eap_radius
+hostapd_oom_wpa2_psk
+ieee8021x_auth_awhile
+ieee8021x_eapol_key
+ieee8021x_eapol_start
+ieee8021x_force_unauth
+ieee8021x_held
+ieee8021x_open
+ieee8021x_open_leap
+ieee8021x_proto
+ieee8021x_reauth
+ieee8021x_set_conf
+ieee8021x_wep104
+ieee8021x_wep_index_workaround
+macsec_gcm_aes_256
+macsec_hostapd_eap
+macsec_hostapd_eap_psk
+macsec_hostapd_psk
+macsec_psk
+macsec_psk_256
+macsec_psk_br2
+macsec_psk_br2_same_prio
+macsec_psk_br3
+macsec_psk_br3_same_prio
+macsec_psk_cak_mismatch
+macsec_psk_ckn_mismatch
+macsec_psk_different_ports
+macsec_psk_fail_cp
+macsec_psk_fail_cp2
+macsec_psk_integ_only
+macsec_psk_mka_life_time
+macsec_psk_ns
+macsec_psk_port
+macsec_psk_shorter_ckn
+macsec_psk_shorter_ckn2
+module_hostapd
+module_wpa_supplicant
+monitor_iface_wpa2_psk
+multi_ap_backhaul_shared_bss
+multi_ap_disabled_on_ap
+multi_ap_fronthaul_on_ap
+multi_ap_wps_fail_non_multi_ap
+multi_ap_wps_shared_psk
+multi_ap_wps_split_psk
+nfc_p2p_both_go
+nfc_p2p_go_neg_reverse
+nfc_p2p_static_handover_invalid
+nfc_p2p_tag_enable_disable
+nfc_wps_handover_errors
+nfc_wps_handover_failure
+nfc_wps_handover_pk_hash_mismatch_ap
+nfc_wps_handover_pk_hash_mismatch_sta
+openssl_ecdh_curves
+owe_assoc_reject
+owe_double_assoc
+owe_group_negotiation
+owe_group_negotiation_connect_cmd
+owe_invalid_assoc_resp
+owe_local_errors
+owe_only_sta
+owe_only_sta_tm_ap
+owe_ptk_hash
+owe_ptk_workaround_ap
+owe_sa_query
+owe_transition_mode_disable
+owe_transition_mode_ifname
+owe_transition_mode_ifname_acs
+owe_transition_mode_ifname_acs2
+owe_transition_mode_multi_assoc
+owe_transition_mode_open_multiple_scans
+owe_transition_mode_rsne_mismatch
+owe_unsupported_group
+owe_unsupported_group_connect_cmd
+pasn_ap_mic_error
+pasn_ccmp
+pasn_ccmp_256
+pasn_channel_mismatch
+pasn_comeback
+pasn_comeback_after_0
+pasn_comeback_after_0_sae
+pasn_comeback_multi
+pasn_fils_sha256
+pasn_fils_sha384
+pasn_ft_psk
+pasn_gcmp
+pasn_gcmp_256
+pasn_group_mismatch
+pasn_kdk_derivation
+pasn_noauth_0
+pasn_owe_kdk_secure_ltf
+pasn_owe_tm_kdk_secure_ltf
+pasn_sae
+pasn_sae_driver
+pasn_sae_kdk
+pasn_sae_kdk_ft
+pasn_sae_kdk_secure_ltf
+pasn_sae_while_connected_diff_channel
+pasn_sae_while_connected_same_channel
+pasn_sta_mic_error
+pasn_while_connected_diff_channel
+pasn_while_connected_same_ap
+pasn_while_connected_same_channel
+radius_acct
+radius_acct_failure
+radius_acct_failure_oom
+radius_acct_failure_oom_rsn
+radius_acct_failure_sta_data
+radius_acct_ft_psk
+radius_acct_ieee8021x
+radius_acct_interim
+radius_acct_interim_unreachable
+radius_acct_interim_unreachable2
+radius_acct_ipaddr
+radius_acct_non_ascii_ssid
+radius_acct_pmksa_caching
+radius_acct_psk
+radius_acct_psk_sha256
+radius_acct_unreachable
+radius_acct_unreachable2
+radius_acct_unreachable3
+radius_acct_unreachable4
+radius_auth_force_client_addr
+radius_auth_force_client_dev
+radius_auth_force_invalid_client_addr
+radius_auth_unreachable
+radius_auth_unreachable2
+radius_auth_unreachable3
+radius_das_coa
+radius_das_disconnect
+radius_das_disconnect_time_window
+radius_ipv6
+radius_macacl
+radius_macacl_acct
+radius_macacl_oom
+radius_macacl_unreachable
+radius_protocol
+radius_psk
+radius_psk_default
+radius_psk_during_4way_hs
+radius_psk_hex_psk
+radius_psk_invalid
+radius_psk_invalid2
+radius_psk_oom
+radius_psk_reject
+radius_psk_reject_during_4way_hs
+radius_psk_unknown_code
+radius_req_attr
+radius_sae_password
+radius_server_failures
+radius_tls_freeradius
+sae
+sae_akms
+sae_and_psk
+sae_and_psk2
+sae_and_psk_multiple_passwords
+sae_and_psk_transition_disable
+sae_auth_restart
+sae_bignum_failure
+sae_bignum_failure_unsafe_group
+sae_commit_invalid_element_ap
+sae_commit_invalid_element_sta
+sae_commit_invalid_scalar_element_ap
+sae_commit_invalid_scalar_element_sta
+sae_commit_override
+sae_commit_override2
+sae_confirm_immediate
+sae_confirm_immediate2
+sae_connect_cmd
+sae_ext_key_19
+sae_ext_key_19_gcmp256
+sae_ext_key_20
+sae_ext_key_20_gcmp256
+sae_ext_key_21
+sae_ext_key_21_gcmp256
+sae_ext_key_21_gcmp256_gcmp256
+sae_ext_key_h2e_rejected_group
+sae_ext_key_h2e_rejected_group2
+sae_forced_anti_clogging
+sae_forced_anti_clogging_h2e
+sae_forced_anti_clogging_h2e_loop
+sae_forced_anti_clogging_pw_id
+sae_group_nego
+sae_group_nego_no_match
+sae_groups
+sae_h2e_password_id
+sae_h2e_rejected_groups
+sae_h2e_rejected_groups_unexpected
+sae_h2e_rsnxe_mismatch
+sae_h2e_rsnxe_mismatch_ap
+sae_h2e_rsnxe_mismatch_ap2
+sae_h2e_rsnxe_mismatch_ap3
+sae_h2e_rsnxe_mismatch_assoc
+sae_h2e_rsnxe_mismatch_retries
+sae_invalid_anti_clogging_token_req
+sae_key_lifetime_in_memory
+sae_mfp
+sae_missing_password
+sae_mixed
+sae_mixed_check_mfp
+sae_mixed_mfp
+sae_no_ffc_by_default
+sae_no_random
+sae_ocv_pmk
+sae_ocv_pmk_failure
+sae_okc
+sae_okc_pmk_lifetime
+sae_okc_sta_only
+sae_oom_wpas
+sae_password
+sae_password_ecc
+sae_password_ffc
+sae_password_file
+sae_password_id
+sae_password_id_ecc
+sae_password_id_ffc
+sae_password_id_only
+sae_password_id_pwe_check_ap
+sae_password_id_pwe_check_sta
+sae_password_id_pwe_looping
+sae_password_long
+sae_password_short
+sae_pk
+sae_pk_and_psk
+sae_pk_and_psk_invalid_password
+sae_pk_confirm_immediate
+sae_pk_group_19_sae_group_20
+sae_pk_group_20
+sae_pk_group_20_sae_group_19
+sae_pk_group_20_sae_group_21
+sae_pk_group_21
+sae_pk_group_negotiation
+sae_pk_invalid_fingerprint
+sae_pk_invalid_pw
+sae_pk_invalid_signature
+sae_pk_missing_ie
+sae_pk_mixed
+sae_pk_mixed_immediate_confirm
+sae_pk_modes
+sae_pk_not_on_ap
+sae_pk_only
+sae_pk_password_without_pk
+sae_pk_sec_3
+sae_pk_sec_5
+sae_pk_transition_disable
+sae_pk_unexpected_status
+sae_pmf_roam
+sae_pmk_lifetime
+sae_pmksa_caching
+sae_pmksa_caching_disabled
+sae_pmksa_caching_pmkid
+sae_pref_ap_wrong_password
+sae_pref_ap_wrong_password2
+sae_proto_commit_delayed
+sae_proto_commit_replay
+sae_proto_confirm_replay
+sae_proto_ecc
+sae_proto_ffc
+sae_proto_hostapd
+sae_proto_hostapd_ecc
+sae_proto_hostapd_ffc
+sae_proto_hostapd_status_126
+sae_proto_hostapd_status_127
+sae_pwe_failure
+sae_pwe_group_1
+sae_pwe_group_14
+sae_pwe_group_15
+sae_pwe_group_16
+sae_pwe_group_19
+sae_pwe_group_2
+sae_pwe_group_20
+sae_pwe_group_21
+sae_pwe_group_22
+sae_pwe_group_23
+sae_pwe_group_24
+sae_pwe_group_25
+sae_pwe_group_28
+sae_pwe_group_29
+sae_pwe_group_30
+sae_pwe_group_5
+sae_pwe_h2e_only_ap
+sae_pwe_h2e_only_ap_sta_forcing_loop
+sae_pwe_in_psk_ap
+sae_pwe_loop_only_ap
+sae_reauth
+sae_reflection_attack_ecc
+sae_reflection_attack_ecc_internal
+sae_reflection_attack_ffc
+sae_reflection_attack_ffc_internal
+sae_reject
+sae_rsne_mismatch
+sae_sync
+sae_wpa3_roam
+sigma_dut_ap_beacon_prot
+sigma_dut_ap_cipher_ccmp_128
+sigma_dut_ap_cipher_ccmp_256
+sigma_dut_ap_cipher_ccmp_gcmp_1
+sigma_dut_ap_cipher_ccmp_gcmp_2
+sigma_dut_ap_cipher_gcmp_128
+sigma_dut_ap_cipher_gcmp_256
+sigma_dut_ap_cipher_gcmp_256_group_ccmp
+sigma_dut_ap_dpp_init_mud_url
+sigma_dut_ap_dpp_offchannel
+sigma_dut_ap_dpp_pkex_responder
+sigma_dut_ap_dpp_pkex_responder_tcp
+sigma_dut_ap_dpp_pkex_v1_responder
+sigma_dut_ap_dpp_qr
+sigma_dut_ap_dpp_qr_dpp_sae
+sigma_dut_ap_dpp_qr_dpp_sae2
+sigma_dut_ap_dpp_qr_enrollee_chirp
+sigma_dut_ap_dpp_qr_legacy
+sigma_dut_ap_dpp_qr_legacy_psk
+sigma_dut_ap_dpp_qr_mud_url
+sigma_dut_ap_dpp_qr_sae
+sigma_dut_ap_dpp_relay
+sigma_dut_ap_dpp_self_config
+sigma_dut_ap_dpp_self_config_connector_privacy
+sigma_dut_ap_dpp_tcp_enrollee_init
+sigma_dut_ap_eap
+sigma_dut_ap_eap_sha256
+sigma_dut_ap_ent_ft_eap
+sigma_dut_ap_ft_eap
+sigma_dut_ap_ft_over_ds_psk
+sigma_dut_ap_ft_psk
+sigma_dut_ap_ft_rsnxe_used_mismatch
+sigma_dut_ap_gtk_rekey
+sigma_dut_ap_hs20
+sigma_dut_ap_ht40minus
+sigma_dut_ap_ht40plus
+sigma_dut_ap_ocv
+sigma_dut_ap_override_rsne
+sigma_dut_ap_owe
+sigma_dut_ap_owe_ecgroupid
+sigma_dut_ap_owe_ptk_workaround
+sigma_dut_ap_owe_transition_mode
+sigma_dut_ap_owe_transition_mode_2
+sigma_dut_ap_psk
+sigma_dut_ap_psk_deauth
+sigma_dut_ap_pskhex
+sigma_dut_ap_psk_sae
+sigma_dut_ap_psk_sae_ft
+sigma_dut_ap_psk_sha256
+sigma_dut_ap_sae
+sigma_dut_ap_sae_confirm_immediate
+sigma_dut_ap_sae_group
+sigma_dut_ap_sae_h2e
+sigma_dut_ap_sae_h2e_anti_clogging
+sigma_dut_ap_sae_h2e_group_rejection
+sigma_dut_ap_sae_h2e_only
+sigma_dut_ap_sae_h2e_rsnxe_mismatch
+sigma_dut_ap_sae_loop_only
+sigma_dut_ap_sae_password
+sigma_dut_ap_sae_pk
+sigma_dut_ap_sae_pk_misbehavior
+sigma_dut_ap_sae_pk_mixed
+sigma_dut_ap_sae_pw_id
+sigma_dut_ap_sae_pw_id_ft
+sigma_dut_ap_sae_pw_id_pwe_loop
+sigma_dut_ap_suite_b
+sigma_dut_ap_transition_disable
+sigma_dut_ap_transition_disable_change
+sigma_dut_ap_vht40
+sigma_dut_ap_vht80
+sigma_dut_basic
+sigma_dut_beacon_prot
+sigma_dut_dpp_curves_list
+sigma_dut_dpp_enrollee_does_not_support_nak_curve
+sigma_dut_dpp_enrollee_does_not_support_signing_curve
+sigma_dut_dpp_incompatible_roles_init
+sigma_dut_dpp_incompatible_roles_resp
+sigma_dut_dpp_nfc_handover_requestor_enrollee
+sigma_dut_dpp_nfc_handover_selector_enrollee
+sigma_dut_dpp_nfc_static_read_enrollee
+sigma_dut_dpp_nfc_static_write_enrollee
+sigma_dut_dpp_pb_ap
+sigma_dut_dpp_pb_ap2
+sigma_dut_dpp_pb_ap_misbehavior
+sigma_dut_dpp_pb_configurator
+sigma_dut_dpp_pb_configurator_session_overlap
+sigma_dut_dpp_pb_sta
+sigma_dut_dpp_pb_sta_first
+sigma_dut_dpp_pb_sta_misbehavior
+sigma_dut_dpp_pb_sta_session_overlap
+sigma_dut_dpp_pkex_init_configurator
+sigma_dut_dpp_pkex_init_configurator_tcp
+sigma_dut_dpp_pkex_init_configurator_tcp_and_wifi
+sigma_dut_dpp_pkex_init_configurator_tcp_through_relay
+sigma_dut_dpp_pkex_responder_proto
+sigma_dut_dpp_pkex_v1_only
+sigma_dut_dpp_pkexv2_init_fallback_to_v1
+sigma_dut_dpp_proto_initiator
+sigma_dut_dpp_proto_initiator_pkex
+sigma_dut_dpp_proto_peer_disc_req
+sigma_dut_dpp_proto_peer_disc_req2
+sigma_dut_dpp_proto_peer_disc_req3
+sigma_dut_dpp_proto_responder
+sigma_dut_dpp_proto_responder_pkex
+sigma_dut_dpp_proto_stop_at_initiator
+sigma_dut_dpp_proto_stop_at_initiator_enrollee
+sigma_dut_dpp_proto_stop_at_responder
+sigma_dut_dpp_qr_configurator_chirp
+sigma_dut_dpp_qr_enrollee_chirp
+sigma_dut_dpp_qr_enrollee_chirp_3rd_party_info
+sigma_dut_dpp_qr_init_configurator_1
+sigma_dut_dpp_qr_init_configurator_2
+sigma_dut_dpp_qr_init_configurator_3
+sigma_dut_dpp_qr_init_configurator_3rd_party
+sigma_dut_dpp_qr_init_configurator_3rd_party_psk
+sigma_dut_dpp_qr_init_configurator_4
+sigma_dut_dpp_qr_init_configurator_5
+sigma_dut_dpp_qr_init_configurator_6
+sigma_dut_dpp_qr_init_configurator_7
+sigma_dut_dpp_qr_init_configurator_both
+sigma_dut_dpp_qr_init_configurator_mud_url
+sigma_dut_dpp_qr_init_configurator_mud_url_nak_change
+sigma_dut_dpp_qr_init_configurator_nak_from_uri
+sigma_dut_dpp_qr_init_configurator_neg_freq
+sigma_dut_dpp_qr_init_configurator_sign_curve_from_uri
+sigma_dut_dpp_qr_init_enrollee
+sigma_dut_dpp_qr_init_enrollee_configurator
+sigma_dut_dpp_qr_init_enrollee_psk
+sigma_dut_dpp_qr_init_enrollee_sae
+sigma_dut_dpp_qr_mutual_init_enrollee
+sigma_dut_dpp_qr_mutual_init_enrollee_check
+sigma_dut_dpp_qr_mutual_init_enrollee_mud_url
+sigma_dut_dpp_qr_mutual_init_enrollee_pending
+sigma_dut_dpp_qr_mutual_resp_configurator
+sigma_dut_dpp_qr_mutual_resp_enrollee
+sigma_dut_dpp_qr_mutual_resp_enrollee_connector_privacy
+sigma_dut_dpp_qr_mutual_resp_enrollee_pending
+sigma_dut_dpp_qr_resp_1
+sigma_dut_dpp_qr_resp_10
+sigma_dut_dpp_qr_resp_11
+sigma_dut_dpp_qr_resp_2
+sigma_dut_dpp_qr_resp_3
+sigma_dut_dpp_qr_resp_4
+sigma_dut_dpp_qr_resp_5
+sigma_dut_dpp_qr_resp_6
+sigma_dut_dpp_qr_resp_7
+sigma_dut_dpp_qr_resp_8
+sigma_dut_dpp_qr_resp_9
+sigma_dut_dpp_qr_resp_chan_list
+sigma_dut_dpp_qr_resp_configurator
+sigma_dut_dpp_qr_resp_curve_change
+sigma_dut_dpp_qr_resp_status_query
+sigma_dut_dpp_reconfig_configurator
+sigma_dut_dpp_reconfig_enrollee
+sigma_dut_dpp_reconfig_enrollee_sae
+sigma_dut_dpp_reconfig_invalid_proto_ver
+sigma_dut_dpp_reconfig_no_proto_ver
+sigma_dut_dpp_self_config
+sigma_dut_dpp_tcp_configurator_init_from_uri
+sigma_dut_dpp_tcp_configurator_init_mutual
+sigma_dut_dpp_tcp_configurator_init_mutual_unsupported_curve
+sigma_dut_dpp_tcp_conf_resp
+sigma_dut_dpp_tcp_enrollee_init
+sigma_dut_dpp_tcp_enrollee_init_mutual
+sigma_dut_dpp_tcp_enrollee_resp
+sigma_dut_eap_aka
+sigma_dut_eap_ttls
+sigma_dut_eap_ttls_uosc
+sigma_dut_eap_ttls_uosc_ca_mistrust
+sigma_dut_eap_ttls_uosc_initial_tod_strict
+sigma_dut_eap_ttls_uosc_initial_tod_tofu
+sigma_dut_eap_ttls_uosc_tod
+sigma_dut_eap_ttls_uosc_tod_tofu
+sigma_dut_ft_rsnxe_used_mismatch
+sigma_dut_gtk_rekey
+sigma_dut_ocv
+sigma_dut_open
+sigma_dut_owe
+sigma_dut_owe_ptk_workaround
+sigma_dut_preconfigured_profile
+sigma_dut_psk_pmf
+sigma_dut_psk_pmf_bip_cmac_128
+sigma_dut_psk_pmf_bip_cmac_256
+sigma_dut_psk_pmf_bip_gmac_128
+sigma_dut_psk_pmf_bip_gmac_256
+sigma_dut_psk_pmf_bip_gmac_256_mismatch
+sigma_dut_sae
+sigma_dut_sae_groups
+sigma_dut_sae_h2e
+sigma_dut_sae_h2e_ap_h2e
+sigma_dut_sae_h2e_ap_loop
+sigma_dut_sae_h2e_enabled_group_rejected
+sigma_dut_sae_h2e_loop_forcing
+sigma_dut_sae_h2e_rsnxe_mismatch
+sigma_dut_sae_password
+sigma_dut_sae_pk
+sigma_dut_sae_pmkid_include
+sigma_dut_sae_pw_id
+sigma_dut_sae_pw_id_ft
+sigma_dut_sae_pw_id_ft_over_ds
+sigma_dut_sae_pw_id_pwe_loop
+sigma_dut_sta_override_rsne
+sigma_dut_sta_scan_bss
+sigma_dut_sta_scan_short_ssid
+sigma_dut_sta_scan_ssid_bssid
+sigma_dut_sta_scan_wait_completion
+sigma_dut_suite_b
+sigma_dut_venue_url
+sigma_dut_wpa3_inject_frame
+sigma_dut_wps_pbc
+suite_b
+suite_b_192
+suite_b_192_mic_failure
+suite_b_192_okc
+suite_b_192_pmkid_failure
+suite_b_192_pmksa_caching_roam
+suite_b_192_radius
+suite_b_192_rsa
+suite_b_192_rsa_dhe
+suite_b_192_rsa_dhe_radius_rsa2048_client
+suite_b_192_rsa_ecdhe
+suite_b_192_rsa_ecdhe_radius_rsa2048_client
+suite_b_192_rsa_insufficient_dh
+suite_b_192_rsa_insufficient_key
+suite_b_192_rsa_no_cs_match
+suite_b_192_rsa_radius
+suite_b_192_rsa_tls_13
+suite_b_mic_failure
+suite_b_pmkid_failure
+suite_b_radius
+wep_shared_key_auth_not_allowed
+wext_wep_open_auth
+wext_wep_shared_key_auth
+wext_wpa2_psk
+wext_wpa_psk
+wpa2_psk_key_lifetime_in_memory
+wpas_add_set_remove_support
+wpas_ap_acs
+wpas_ap_and_assoc_req_p2p_ie
+wpas_ap_default_frequency
+wpas_ap_disable
+wpas_ap_failures
+wpas_ap_global_sta
+wpas_ap_invalid_frequency
+wpas_ap_lifetime_in_memory
+wpas_ap_lifetime_in_memory2
+wpas_ap_no_ht
+wpas_ap_no_ssid
+wpas_ap_params
+wpas_ap_sae
+wpas_ap_sae_and_psk_transition_disable
+wpas_ap_sae_password
+wpas_ap_sae_pmf1
+wpas_ap_sae_pmf2
+wpas_ap_sae_pwe_1
+wpas_ap_scan
+wpas_ap_vendor_elems
+wpas_ap_wps_disabled
+wpas_ap_wps_frag
+wpas_ap_wps_pbc_overlap
+wpas_mesh_secure
+wpas_mesh_secure_dropped_frame
+wpas_mesh_secure_no_auto
+wpas_mesh_secure_sae_group_mismatch
+wpas_mesh_secure_sae_group_negotiation
+wpas_mesh_secure_sae_missing_password
+wpas_mesh_secure_sae_password
diff --git a/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config
new file mode 100644
index 000000000..104807315
--- /dev/null
+++ b/.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config
@@ -0,0 +1,164 @@
+#CC=ccache gcc
+
+#CONFIG_TLS=openssl
+CONFIG_TLS=wolfssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+CONFIG_IEEE8021X_EAPOL=y
+
+CONFIG_ERP=y
+CONFIG_EAP_MD5=y
+CONFIG_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_VENDOR_TEST=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_TNC=y
+CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
+LIBS += -rdynamic
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TEAP=y
+CONFIG_EAP_IKEV2=y
+
+ifeq ($(CONFIG_TLS), openssl)
+CONFIG_EAP_PWD=y
+endif
+ifeq ($(CONFIG_TLS), wolfssl)
+CONFIG_EAP_PWD=y
+endif
+
+CONFIG_USIM_SIMULATOR=y
+CONFIG_SIM_SIMULATOR=y
+
+#CONFIG_PCSC=y
+CONFIG_IPV6=y
+CONFIG_DRIVER_NONE=y
+CONFIG_PKCS12=y
+CONFIG_CTRL_IFACE=unix
+
+CONFIG_WPA_CLI_EDIT=y
+
+CONFIG_OCSP=y
+
+#CONFIG_ELOOP_POLL=y
+
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AX=y
+
+CONFIG_OCV=y
+
+CONFIG_DEBUG_FILE=y
+
+CONFIG_WPS=y
+#CONFIG_WPS_STRICT=y
+CONFIG_WPS_UPNP=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_ER=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+
+CONFIG_DRIVER_WEXT=y
+
+CONFIG_DRIVER_NL80211=y
+CFLAGS += -I/usr/include/libnl3
+CONFIG_LIBNL32=y
+
+CONFIG_IBSS_RSN=y
+
+CONFIG_AP=y
+CONFIG_MESH=y
+CONFIG_P2P=y
+CONFIG_WIFI_DISPLAY=y
+
+CONFIG_ACS=y
+
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_BGSCAN_LEARN=y
+
+CONFIG_WPA_TRACE=y
+CONFIG_WPA_TRACE_BFD=y
+
+CONFIG_TDLS=y
+CONFIG_TDLS_TESTING=y
+CONFIG_NO_RANDOM_POOL=y
+
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+
+CONFIG_HT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
+CONFIG_HE_OVERRIDES=y
+
+CONFIG_DEBUG_LINUX_TRACING=y
+
+CONFIG_INTERWORKING=y
+CONFIG_HS20=y
+
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+
+CONFIG_EXT_PASSWORD_TEST=y
+CONFIG_EXT_PASSWORD_FILE=y
+
+CONFIG_EAP_UNAUTH_TLS=y
+
+CONFIG_SAE=y
+CONFIG_SAE_PK=y
+CFLAGS += -DALL_DH_GROUPS
+
+CONFIG_WNM=y
+
+CONFIG_FST=y
+CONFIG_FST_TEST=y
+
+CONFIG_TESTING_OPTIONS=y
+CONFIG_MODULE_TESTS=y
+
+CONFIG_SUITEB=y
+CONFIG_SUITEB192=y
+
+# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
+# This can be used as a more efficient memory error detector than valgrind
+# (though, with still some CPU and memory cost, so VM cases will need more
+# memory allocated for the guest).
+#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
+#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
+#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
+
+# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
+# following lines.
+#CFLAGS += -Wno-format-nonliteral
+#CFLAGS += -fsanitize=undefined
+##CFLAGS += -fno-sanitize-recover
+#LIBS += -fsanitize=undefined
+##LIBS += -fno-sanitize-recover
+#LIBS_c += -fsanitize=undefined
+#LIBS_p += -fsanitize=undefined
+CONFIG_MBO=y
+CONFIG_FILS=y
+CONFIG_FILS_SK_PFS=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_OWE=y
+CONFIG_DPP=y
+CONFIG_DPP2=y
+CONFIG_WEP=y
+CONFIG_PASN=y
diff --git a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
index 87fc3320f..ff9961881 100644
--- a/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
+++ b/.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests
@@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
 ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
 ap_wpa2_psk_supp_proto_too_long_gtk_kde
 ap_wpa2_psk_supp_proto_gtk_not_encrypted
-ap_wpa2_psk_supp_proto_no_igtk
-ap_wpa2_psk_supp_proto_igtk_ok
-ap_wpa2_psk_supp_proto_igtk_keyid_swap
-ap_wpa2_psk_supp_proto_igtk_keyid_too_large
-ap_wpa2_psk_supp_proto_igtk_keyid_unexpected
 ap_wpa2_psk_wep
-ap_wpa2_psk_ifdown
 ap_wpa2_psk_drop_first_msg_4
 ap_wpa2_psk_disable_enable
 ap_wpa2_psk_incorrect_passphrase
@@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry
 ap_wpa2_disable_eapol_retry_group
 ap_wpa2_psk_mic_0
 ap_wpa2_psk_local_error
-ap_wpa2_psk_inject_assoc
-ap_wpa2_psk_no_control_port
 ap_wpa2_psk_ap_control_port
-ap_wpa2_psk_ap_control_port_disabled
 ap_wpa2_psk_rsne_mismatch_ap
 ap_wpa2_psk_rsne_mismatch_ap2
 ap_wpa2_psk_rsne_mismatch_ap3
@@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql
 ap_wpa2_eap_aka_config
 ap_wpa2_eap_aka_ext
 ap_wpa2_eap_aka_ext_auth_fail
-ap_wpa2_eap_aka_prime
 ap_wpa2_eap_aka_prime_imsi_identity
 ap_wpa2_eap_aka_prime_imsi_privacy_key
-ap_wpa2_eap_aka_prime_sql
 ap_wpa2_eap_aka_prime_ext_auth_fail
 ap_wpa2_eap_aka_prime_ext
 ap_wpa2_eap_ttls_pap
@@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id
 ap_wpa2_eap_tls_tod
 ap_wpa2_eap_tls_tod_tofu
 ap_wpa2_eap_sake_no_control_port
-ap_wpa2_tdls
-ap_wpa2_tdls_concurrent_init
-ap_wpa2_tdls_concurrent_init2
-ap_wpa2_tdls_decline_resp
-ap_wpa2_tdls_long_lifetime
-ap_wpa2_tdls_long_frame
-ap_wpa2_tdls_reneg
-ap_wpa2_tdls_wrong_lifetime_resp
-ap_wpa2_tdls_diff_rsnie
-ap_wpa2_tdls_wrong_tpk_m2_mic
-ap_wpa2_tdls_wrong_tpk_m3_mic
-ap_wpa2_tdls_double_tpk_m2
-ap_wpa2_tdls_responder_teardown
 dpp_network_intro_version
 dpp_network_intro_version_change
 dpp_network_intro_version_missing_req
@@ -459,12 +435,9 @@ dpp_qr_code_curves
 dpp_qr_code_curves_brainpool
 dpp_qr_code_unsupported_curve
 dpp_qr_code_keygen_fail
-dpp_qr_code_curve_select
 dpp_qr_code_auth_broadcast
-dpp_configurator_enrollee
 dpp_configurator_enrollee_prime256v1
 dpp_configurator_enrollee_secp384r1
-dpp_configurator_enrollee_secp521r1
 dpp_configurator_enrollee_brainpoolP256r1
 dpp_configurator_enrollee_brainpoolP384r1
 dpp_configurator_enrollee_brainpoolP512r1
@@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1
 dpp_qr_code_curve_brainpoolP512r1
 dpp_qr_code_set_key
 dpp_qr_code_auth_mutual
-dpp_qr_code_auth_mutual2
 dpp_qr_code_auth_mutual_p_256
 dpp_qr_code_auth_mutual_p_384
 dpp_qr_code_auth_mutual_p_521
@@ -514,13 +486,11 @@ dpp_config_no_signed_connector
 dpp_config_unexpected_signed_connector_char
 dpp_config_root_not_an_object
 dpp_config_no_wi_fi_tech
-dpp_config_unsupported_wi_fi_tech
 dpp_config_no_discovery
 dpp_config_no_discovery_ssid
 dpp_config_too_long_discovery_ssid
 dpp_config_no_cred
 dpp_config_no_cred_akm
-dpp_config_unsupported_cred_akm
 dpp_config_error_legacy_no_pass
 dpp_config_error_legacy_too_long_pass
 dpp_config_error_legacy_psk_with_sae
@@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign
 dpp_config_connector_error_too_short_timestamp
 dpp_config_connector_error_invalid_timestamp
 dpp_config_connector_error_invalid_timestamp_date
-dpp_config_connector_error_invalid_time_zone
-dpp_config_connector_error_invalid_time_zone_2
 dpp_config_connector_error_expired_1
 dpp_config_connector_error_expired_2
 dpp_config_connector_error_expired_3
 dpp_config_connector_error_expired_4
-dpp_config_connector_error_expired_5
 dpp_config_connector_error_expired_6
 dpp_config_connector_error_no_groups
 dpp_config_connector_error_empty_groups
@@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256
 dpp_ap_config_bp256_p256
 dpp_ap_config_p521_bp512
 dpp_ap_config_reconfig_configurator
-dpp_auto_connect_1
-dpp_auto_connect_2
-dpp_auto_connect_2_connect_cmd
-dpp_auto_connect_2_sta_ver1
-dpp_auto_connect_2_ap_ver1
-dpp_auto_connect_2_ver1
-dpp_auto_connect_2_conf_ver1
 dpp_auto_connect_legacy
 dpp_auto_connect_legacy_ssid_charset
 dpp_auto_connect_legacy_sae_1
@@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1
 dpp_auto_connect_legacy_psk_sae_2
 dpp_auto_connect_legacy_psk_sae_3
 dpp_auto_connect_legacy_pmf_required
-dpp_qr_code_auth_responder_configurator
-dpp_qr_code_auth_responder_configurator_group_id
-dpp_qr_code_auth_enrollee_init_netrole
-dpp_qr_code_hostapd_init
-dpp_qr_code_hostapd_init_offchannel
-dpp_qr_code_hostapd_init_offchannel_neg_freq
-dpp_qr_code_hostapd_ignore_mismatch
 dpp_test_vector_p_256
 dpp_test_vector_p_256_b
 dpp_test_vector_p_521
@@ -603,7 +556,6 @@ dpp_pkex_no_identifier
 dpp_pkex_identifier_mismatch
 dpp_pkex_identifier_mismatch2
 dpp_pkex_identifier_mismatch3
-dpp_pkex_5ghz
 dpp_pkex_test_vector
 dpp_pkex_code_mismatch
 dpp_pkex_code_mismatch_limit
@@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors
 dpp_pkex_nak_curve_change
 dpp_pkex_nak_curve_change2
 dpp_hostapd_configurator
-dpp_hostapd_configurator_enrollee_v1
 dpp_hostapd_configurator_responder
 dpp_hostapd_configurator_fragmentation
 dpp_hostapd_enrollee_fragmentation
@@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req
 dpp_proto_stop_at_pkex_cr_resp
 dpp_proto_network_introduction
 dpp_hostapd_auth_conf_timeout
-dpp_hostapd_auth_resp_retries
 dpp_tcp
 dpp_tcp_port
 dpp_tcp_mutual
@@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure
 dpp_qr_code_config_event_initiator_no_response
 dpp_qr_code_config_event_initiator_both
 dpp_tcp_qr_code_config_event_initiator
-dpp_qr_code_config_event_responder
 dpp_discard_public_action
 
diff --git a/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch b/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch
new file mode 100644
index 000000000..80ae312f0
--- /dev/null
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/extra.patch
@@ -0,0 +1,47 @@
+From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
+From: Juliusz Sosinowicz <juliusz@wolfssl.com>
+Date: Fri, 19 Apr 2024 16:41:38 +0200
+Subject: [PATCH] Fixes for running tests under UML
+
+- Apply commit ID fix from more recent commit
+- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
+---
+ src/crypto/crypto_wolfssl.c | 2 +-
+ tests/hwsim/run-all.sh      | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 00ecf61352..a57fa50697 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
+ 	int ret = -1;
+ 	WC_RNG rng;
+ 	DhKey *dh = NULL;
+-	word32 priv_sz, pub_sz;
++	word32 priv_sz = prime_len, pub_sz = prime_len;
+ 
+ 	if (TEST_FAIL())
+ 		return -1;
+diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
+index ee48cd0581..75c3a58b52 100755
+--- a/tests/hwsim/run-all.sh
++++ b/tests/hwsim/run-all.sh
+@@ -15,7 +15,13 @@ export LOGDIR
+ if [ -z "$DBFILE" ]; then
+     DB=""
+ else
+-    DB="-S $DBFILE --commit $(git rev-parse HEAD)"
++    DB="-S $DBFILE"
++    if [ -z "$COMMITID" ]; then
++	COMMITID="$(git rev-parse HEAD)"
++    fi
++    if [ -n "$COMMITID" ]; then
++	DB="$DB --commit $COMMITID"
++    fi
+     if [ -n "$BUILD" ]; then
+ 	DB="$DB -b $BUILD"
+     fi
+-- 
+2.34.1
+
diff --git a/.github/workflows/hostap-files/configs/hostap_2_10/tests b/.github/workflows/hostap-files/configs/hostap_2_10/tests
index 732a05441..5679cbda9 100644
--- a/.github/workflows/hostap-files/configs/hostap_2_10/tests
+++ b/.github/workflows/hostap-files/configs/hostap_2_10/tests
@@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group
 ap_wpa2_psk_mic_0
 ap_wpa2_psk_local_error
 ap_wpa2_psk_inject_assoc
-ap_wpa2_psk_no_control_port
 ap_wpa2_psk_ap_control_port
 ap_wpa2_psk_ap_control_port_disabled
 ap_wpa2_psk_rsne_mismatch_ap
@@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change
 ap_wpa2_eap_server_get_id
 ap_wpa2_radius_server_get_id
 ap_wpa2_eap_sake_no_control_port
-ap_wpa2_tdls
-ap_wpa2_tdls_concurrent_init
-ap_wpa2_tdls_concurrent_init2
-ap_wpa2_tdls_decline_resp
-ap_wpa2_tdls_long_lifetime
-ap_wpa2_tdls_long_frame
-ap_wpa2_tdls_reneg
-ap_wpa2_tdls_wrong_lifetime_resp
-ap_wpa2_tdls_diff_rsnie
-ap_wpa2_tdls_wrong_tpk_m2_mic
-ap_wpa2_tdls_wrong_tpk_m3_mic
-ap_wpa2_tdls_double_tpk_m2
-ap_wpa2_tdls_responder_teardown
diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml
new file mode 100644
index 000000000..859910c6a
--- /dev/null
+++ b/.github/workflows/hostap-vm.yml
@@ -0,0 +1,344 @@
+name: hostap and wpa-supplicant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  LINUX_REF: v6.12
+
+jobs:
+  build_wolfssl:
+    strategy:
+      matrix:
+        include:
+          - build_id: hostap-vm-build1
+            wolf_extra_config: --disable-tls13
+          - build_id: hostap-vm-build2
+            wolf_extra_config: >-
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192
+              --enable-tlsv10 --enable-oldtls
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - if: ${{ runner.debug }}
+        name: Enable wolfSSL debug logging
+        run: |
+          echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
+            ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.build_id }}
+          path: build-dir.tgz
+          retention-days: 5
+
+  checkout_hostap:
+    name: Checkout hostap repo
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have hostap in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: hostap
+          key: hostap-repo
+          lookup-only: true
+
+      - name: Checkout hostap
+        run: git clone git://w1.fi/hostap.git hostap
+
+  build_uml_linux:
+    name: Build UML (UserMode Linux)
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: checkout_hostap
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: hostap-linux-${{ env.LINUX_REF }}
+          lookup-only: true
+
+      - name: Checking if we have hostap in cache
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/cache/restore@v4
+        with:
+          path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
+
+      - name: Checkout linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: torvalds/linux
+          path: linux
+          ref: ${{ env.LINUX_REF }}
+
+      - name: Compile linux
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
+          cd linux
+          yes "" | ARCH=um make -j $(nproc)
+
+  hostap_test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # should hostapd be compiled with wolfssl
+        hostapd: [true, false]
+        # should wpa_supplicant be compiled with wolfssl
+        wpa_supplicant: [true, false]
+        # Fix the versions of hostap and osp to not break testing when a new
+        # patch is added in to osp. Tests are read from the corresponding
+        # configs/hostap_ref/tests file.
+        config: [
+          {
+            hostap_ref: hostap_2_10,
+            remove_teap: true,
+            # TLS 1.3 does not work for this version
+            build_id: hostap-vm-build1,
+          },
+          # Test the dpp patch
+          {
+            hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+            osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+            build_id: hostap-vm-build2
+          },
+          {
+            hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
+            osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
+            build_id: hostap-vm-build2
+          },
+        ]
+        exclude:
+          # don't test openssl on both sides
+          - hostapd: false
+            wpa_supplicant: false
+          # no hostapd support for dpp yet
+          - hostapd: true
+            config: {
+              hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
+              osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
+              build_id: hostap-vm-build2
+            }
+    name: hwsim test
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 45
+    needs: [build_wolfssl, build_uml_linux, checkout_hostap]
+    steps:
+      - name: Checking if we have kernel in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: linux/linux
+          key: hostap-linux-${{ env.LINUX_REF }}
+          fail-on-cache-miss: true
+
+      - name: show file structure
+        run: tree
+
+        # No way to view the full strategy in the browser (really weird)
+      - name: Print strategy
+        run: |
+          cat <<EOF
+          ${{ toJSON(matrix) }}
+          EOF
+
+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.config.build_id }}
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
+            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
+
+      - name: Checking if we have hostap in cache
+        uses: actions/cache/restore@v4
+        with:
+          path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
+
+      - name: Checkout correct ref
+        working-directory: hostap
+        run: git checkout ${{ matrix.config.hostap_ref }}
+
+      - name: Update certs
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: ./update.sh
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          ref: ${{ matrix.config.osp_ref }}
+
+      - if: ${{ matrix.config.osp_ref }}
+        name: Apply patch files
+        working-directory: hostap
+        run: |
+          for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
+          do
+            patch -p1 < $f
+          done
+
+      - name: Apply extra patches
+        working-directory: hostap
+        run: |
+          FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
+          if [ -f "$FILE" ]; then
+            patch -p1 < $FILE
+          fi
+
+      - if: ${{ matrix.hostapd }}
+        name: Setup hostapd config file
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
+             hostap/hostapd/.config
+          cat <<EOF >> hostap/hostapd/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Setup wpa_supplicant config file
+        run: |
+          cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
+             hostap/wpa_supplicant/.config
+          cat <<EOF >> hostap/wpa_supplicant/.config
+            CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+            LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
+          EOF
+
+      - name: Build hostap and wpa_supplicant
+        working-directory: hostap/tests/hwsim/
+        run: ./build.sh
+
+      - if: ${{ matrix.hostapd }}
+        name: Confirm hostapd linking with wolfSSL
+        run: ldd hostap/hostapd/hostapd | grep wolfssl
+
+      - if: ${{ matrix.wpa_supplicant }}
+        name: Confirm wpa_supplicant linking with wolfSSL
+        run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
+
+      - if: ${{ matrix.config.remove_teap }}
+        name: Remove EAP-TEAP from test configuration
+        working-directory: hostap/tests/hwsim/auth_serv
+        run: |
+          sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
+          sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
+          sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
+          sed -e 's/TEAP,//' -i eap_user.conf
+
+      - if: ${{ runner.debug }}
+        name: Enable hostap debug logging
+        run: |
+          echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
+
+      - name: Run tests
+        id: testing
+        working-directory: hostap/tests/hwsim/
+        run: |
+          cat <<EOF >> vm/vm-config
+            KERNELDIR=$GITHUB_WORKSPACE/linux
+            KVMARGS="-cpu host"
+          EOF
+          # Run tests in increments of 200 to not stall out the parallel-vm script
+          while mapfile -t -n 200 ary && ((${#ary[@]})); do
+            TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
+            HWSIM_RES=0 # Not set when command succeeds
+            ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS  || HWSIM_RES=$?
+            if [ "$HWSIM_RES" -ne "0" ]; then
+              # Let's re-run the failing tests. We gather the failed tests from the log file.
+              FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
+              printf 'failed tests: %s\n' "$FAILED_TESTS"
+              ./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
+            fi
+            rm -r /tmp/hwsim-test-logs
+          done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
+
+      # The logs are quite big. It hasn't been useful so far so let's not waste
+      # precious gh space.
+      #- name: zip logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  working-directory: hostap/tests/hwsim/
+      #  run: |
+      #    rm /tmp/hwsim-test-logs/latest
+      #    zip -9 -r logs.zip /tmp/hwsim-test-logs
+      #
+      #- name: Upload failure logs
+      #  if: ${{ failure() && steps.testing.outcome == 'failure' }}
+      #  uses: actions/upload-artifact@v4
+      #  with:
+      #    name: hostap-logs-${{ env.our_job_run_id }}
+      #    path: hostap/tests/hwsim/logs.zip
+      #    retention-days: 5
diff --git a/.github/workflows/intelasm-c-fallback.yml b/.github/workflows/intelasm-c-fallback.yml
new file mode 100644
index 000000000..33fb20d4e
--- /dev/null
+++ b/.github/workflows/intelasm-c-fallback.yml
@@ -0,0 +1,52 @@
+name: Dynamic C Fallback Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+        run: |
+          ./autogen.sh
+          randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
+          randseed="${randseed#"${randseed%%[![:space:]]*}"}"
+          echo "fuzzing seed=${randseed}"
+          ./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml
new file mode 100644
index 000000000..c23b407c5
--- /dev/null
+++ b/.github/workflows/ipmitool.yml
@@ -0,0 +1,85 @@
+name: ipmitool Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    if: github.repository_owner == 'wolfssl'
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-ipmitool
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_ipmitool:
+    strategy:
+      fail-fast: false
+      matrix:
+        git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
+    name: ${{ matrix.git_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-ipmitool
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build ipmitool
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: ipmitool/ipmitool
+          ref: ${{ matrix.git_ref }}
+          path: ipmitool
+          patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          # No checks included and not running since it depends on hardware
+          check: false
+
+      - name: Confirm built with wolfSSL
+        working-directory: ipmitool
+        run: |
+          ldd src/ipmitool | grep wolfssl
+          ldd src/ipmievd | grep wolfssl
diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml
new file mode 100644
index 000000000..3dd89ad6a
--- /dev/null
+++ b/.github/workflows/jwt-cpp.yml
@@ -0,0 +1,96 @@
+name: jwt-cpp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-jwt-cpp
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_pam-ipmi:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        config:
+          - ref: 0.7.0
+            runner: ubuntu-22.04
+          - ref: 0.6.0
+            runner: ubuntu-22.04
+    name: ${{ matrix.config.ref }}
+    runs-on: ${{ matrix.config.runner }}
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install libgtest-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-jwt-cpp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout jwt-cpp
+        uses: actions/checkout@v4
+        with:
+          repository: Thalhammer/jwt-cpp
+          path: jwt-cpp
+          ref: v${{ matrix.config.ref }}
+
+      - name: Build pam-ipmi
+        working-directory: jwt-cpp
+        run: |
+          patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
+            cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
+          make -j -C build
+          ldd ./build/tests/jwt-cpp-test | grep wolfssl
+
+      - name: Run jwt-cpp tests
+        working-directory: jwt-cpp
+        run: ./build/tests/jwt-cpp-test
diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml
index f03237c85..37c64e299 100644
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -1,29 +1,46 @@
 name: Kerberos 5 Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 5
     steps:
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           path: wolfssl
-          configure: --enable-krb CFLAGS='-fsanitize=address'
+          configure: --enable-krb CC='gcc -fsanitize=address'
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-krb5
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   krb5_check:
     strategy:
@@ -32,25 +49,28 @@ jobs:
         # List of releases to test
         ref: [ 1.21.1 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 8
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-krb5
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
 
       - name: Checkout krb5
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: krb5/krb5
           ref: krb5-${{ matrix.ref }}-final
@@ -61,6 +81,10 @@ jobs:
         run: |
           patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build krb5
         working-directory: ./krb5/src
         run: |
@@ -68,7 +92,7 @@ jobs:
           # Using rpath because LD_LIBRARY_PATH is overwritten during testing
           export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl  -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
           export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
-          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
+          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
             CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
           CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
 
diff --git a/.github/workflows/libspdm.yml b/.github/workflows/libspdm.yml
new file mode 100644
index 000000000..49cbf8c52
--- /dev/null
+++ b/.github/workflows/libspdm.yml
@@ -0,0 +1,91 @@
+name: libspdm Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libspdm
+          path: build-dir.tgz
+          retention-days: 5
+
+  libspdm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 3.3.0 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libspdm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout libspdm
+        uses: actions/checkout@v4
+        with:
+          repository: DMTF/libspdm
+          path: libspdm
+          ref: ${{ matrix.ref }}
+
+      - name: Build and test libspdm
+        working-directory: libspdm
+        run: |
+          patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
+          git submodule update --init --recursive
+          # Silence cmake version warnings
+          find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
+          mkdir build
+          cd build
+          cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
+            -DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
+            -DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
+          make -j
+          cd ../unit_test/sample_key
+          ../../build/bin/test_crypt
+          ../../build/bin/test_spdm_secured_message
+          ../../build/bin/test_spdm_crypt
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
new file mode 100644
index 000000000..e956c7a6f
--- /dev/null
+++ b/.github/workflows/libssh2.yml
@@ -0,0 +1,77 @@
+name: libssh2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          check: false # config is already tested in many other PRB's
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libssh2
+          path: build-dir.tgz
+          retention-days: 5
+
+  libssh2_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.11.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 8
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libssh2
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Build and test libssh2
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: libssh2/libssh2
+          ref: libssh2-${{ matrix.ref }}
+          path: libssh2
+          configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
+          check: true
+
+      - name: Confirm libssh2 built with wolfSSL
+        run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: tail -n +1 libssh2/tests/*.log
diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml
new file mode 100644
index 000000000..230dc2573
--- /dev/null
+++ b/.github/workflows/libvncserver.yml
@@ -0,0 +1,86 @@
+name: libvncserver Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libvncserver
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_libvncserver:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 0.9.13, 0.9.14 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libvncserver
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout libvncserver
+        uses: actions/checkout@v4
+        with:
+          repository: LibVNC/libvncserver
+          path: libvncserver
+          ref: LibVNCServer-${{ matrix.ref }}
+
+      - name: Build libvncserver
+        working-directory: libvncserver
+        run: |
+          patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
+            cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
+          make -j -C build VERBOSE=1
+          ldd build/libvncclient.so | grep wolfssl
+          ldd build/libvncserver.so | grep wolfssl
+
+      - name: Run libvncserver tests
+        working-directory: libvncserver
+        run: make -C build test
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
deleted file mode 100644
index b1e63a32e..000000000
--- a/.github/workflows/main.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: CI
-concurrency:
-  group: ${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  push:
-    branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
-
-jobs:
-    espressif:
-        uses: ./.github/workflows/docker-Espressif.yml
-    multi-compiler:
-        uses: ./.github/workflows/multi-compiler.yml
-    multi-arch:
-        uses: ./.github/workflows/multi-arch.yml
-    openwrt:
-        uses: ./.github/workflows/docker-OpenWrt.yml
-    os-check:
-        uses: ./.github/workflows/os-check.yml
-    async:
-        uses: ./.github/workflows/async.yml
-    stunnel:
-        uses: ./.github/workflows/stunnel.yml
-    openvpn:
-        uses: ./.github/workflows/openvpn.yml
-    hostap:
-        uses: ./.github/workflows/hostap.yml
-    nginx:
-        uses: ./.github/workflows/nginx.yml
-    zephyr:
-        uses: ./.github/workflows/zephyr.yml
-    hitch:
-        uses: ./.github/workflows/hitch.yml
-    curl:
-        uses: ./.github/workflows/curl.yml
-    krb5:
-        uses: ./.github/workflows/krb5.yml
-    packaging:
-        uses: ./.github/workflows/packaging.yml
-    memcached:
-        uses: ./.github/workflows/memcached.yml
-# TODO: Currently this test fails. Enable it once it becomes passing.        
-#    haproxy:
-#        uses: ./.github/workflows/haproxy.yml
diff --git a/.github/workflows/mbedtls.sh b/.github/workflows/mbedtls.sh
new file mode 100644
index 000000000..d199fd2e3
--- /dev/null
+++ b/.github/workflows/mbedtls.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+# Basic TLS test
+./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2
+env -C wolfssl ./examples/client/client -p 4433 -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+
+# Basic DTLS test
+./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+env -C wolfssl ./examples/client/client -p 4433 -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1
+kill $SERVER_PID
+sleep 0.1
+
+# DTLS 1.2 CID test
+./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323  # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
+env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
diff --git a/.github/workflows/mbedtls.yml b/.github/workflows/mbedtls.yml
new file mode 100644
index 000000000..f9830fcf6
--- /dev/null
+++ b/.github/workflows/mbedtls.yml
@@ -0,0 +1,86 @@
+name: mbedtls interop Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  MBED_REF: v3.6.2
+
+jobs:
+  build_mbedtls:
+    name: Build mbedtls
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have mbed in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: mbedtls
+          key: mbedtls-${{ env.MBED_REF }}
+          lookup-only: true
+
+      - name: Checkout mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: Mbed-TLS/mbedtls
+          ref: ${{ env.MBED_REF }}
+          path: mbedtls
+
+      - name: Compile mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: mbedtls
+        run: |
+          git submodule update --init
+          mkdir build
+          cd build
+          cmake ..
+          make -j
+          # convert key to pem format
+          openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
+          openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
+
+  mbedtls_test:
+    name: Test interop with mbedtls
+    runs-on: ubuntu-latest
+    needs: build_mbedtls
+    timeout-minutes: 10
+    if: github.repository_owner == 'wolfssl'
+    steps:
+      - name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
+        run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
+
+      - name: Checking if we have mbed in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: mbedtls
+          key: mbedtls-${{ env.MBED_REF }}
+          fail-on-cache-miss: true
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-dtls --enable-dtlscid
+          install: false
+          check: false
+
+      - name: Test interop
+        run: bash wolfssl/.github/workflows/mbedtls.sh
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: cat /tmp/server.log
diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml
index 9a4c81317..bdd0c0593 100644
--- a/.github/workflows/memcached.yml
+++ b/.github/workflows/memcached.yml
@@ -1,13 +1,23 @@
 name: memcached Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     steps:
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -19,12 +29,15 @@ jobs:
       - name: Bundle Docker entry point
         run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-memcached
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   memcached_check:
     strategy:
@@ -34,17 +47,20 @@ jobs:
         include:
           - ref: 1.6.22
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-memcached
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
@@ -56,7 +72,7 @@ jobs:
             sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
 
       - name: Checkout memcached
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: memcached/memcached
           ref: 1.6.22
diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml
new file mode 100644
index 000000000..97afaf282
--- /dev/null
+++ b/.github/workflows/mosquitto.yml
@@ -0,0 +1,105 @@
+name: mosquitto Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+          path: build-dir.tgz
+          retention-days: 5
+
+  mosquitto_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 2.0.18 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
+
+      - name: Checkout mosquitto
+        uses: actions/checkout@v4
+        with:
+          repository: eclipse/mosquitto
+          ref: v${{ matrix.ref }}
+          path: mosquitto
+
+      - name: Update certs
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/test/ssl
+            ./gen.sh
+            cat all-ca.crt >> server.crt
+
+      - name: Configure and build mosquitto
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/
+            patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
+
+      - name: Run mosquitto tests
+        working-directory: ./mosquitto
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi
diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml
index e5b9859ad..729048a6c 100644
--- a/.github/workflows/multi-arch.yml
+++ b/.github/workflows/multi-arch.yml
@@ -1,7 +1,16 @@
 name: Multiple architectures
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   my_matrix:
@@ -27,7 +36,8 @@ jobs:
             CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
             ARCH: armel
             EXTRA_OPTS: --enable-sp-asm
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     steps:
@@ -35,14 +45,14 @@ jobs:
         run: |
           sudo apt update
           sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Build
         env:
             CC: ${{ matrix.CC }}
             CFLAGS: ${{ matrix.CFLAGS }}
             QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
         run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f config.log ] ; then
diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml
index 48512df29..9f946796b 100644
--- a/.github/workflows/multi-compiler.yml
+++ b/.github/workflows/multi-compiler.yml
@@ -1,7 +1,16 @@
 name: Multiple compilers and versions
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   my_matrix:
@@ -12,16 +21,16 @@ jobs:
         include:
           - CC: gcc-9
             CXX: g++-9
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
           - CC: gcc-10
             CXX: g++-10
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
           - CC: gcc-11
             CXX: g++-11
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
           - CC: gcc-12
             CXX: g++-12
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
           - CC: clang-10
             CXX: clang++-10
             OS: ubuntu-20.04
@@ -33,15 +42,18 @@ jobs:
             OS: ubuntu-20.04
           - CC: clang-13
             CXX: clang++-13
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
           - CC: clang-14
             CXX: clang++-14
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.OS }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
-      - uses: actions/checkout@v3
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
+      - uses: actions/checkout@v4
       - name: Build
         env:
             CC: ${{ matrix.CC }}
diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml
new file mode 100644
index 000000000..7ce030b80
--- /dev/null
+++ b/.github/workflows/net-snmp.yml
@@ -0,0 +1,84 @@
+name: net-snmp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-net-snmp
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-net-snmp
+          path: build-dir.tgz
+          retention-days: 5
+
+  net-snmp_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 5.9.3
+            test_opts: -e 'agentxperl'
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-net-snmp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build net-snmp
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: net-snmp/net-snmp
+          ref: v${{ matrix.ref }}
+          path: net-snmp
+          patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch
+          configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          check: false
+
+      - name: Run net-snmp tests
+        working-directory: net-snmp
+        run: |
+          autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
+          make -j test TESTOPTS="${{ matrix.test_opts }}"
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 05f2ed7c4..868a02aba 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -1,13 +1,23 @@
 name: nginx Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -24,12 +34,15 @@ jobs:
           configure: --enable-nginx ${{ env.wolf_debug_flags }}
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-nginx
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   nginx_check:
     strategy:
@@ -84,7 +97,7 @@ jobs:
               stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
               stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
               upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
-              uwsgi_ssl.t uwsgi_ssl_verify.t 
+              uwsgi_ssl.t uwsgi_ssl_verify.t
             # Following tests do not pass with sanitizer on (with OpenSSL too)
             sanitize-not-ok: >-
               grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
@@ -93,29 +106,32 @@ jobs:
               stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
               stream_proxy_ssl_verify.t
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-nginx
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Install dependencies
         run: |
           sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
 
       - name: Checkout wolfssl-nginx
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/wolfssl-nginx
           path: wolfssl-nginx
 
       - name: Checkout nginx
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: nginx/nginx
           path: nginx
@@ -131,7 +147,7 @@ jobs:
         run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
 
       - name: Checkout nginx-tests
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: nginx/nginx-tests
           path: nginx-tests
@@ -174,6 +190,10 @@ jobs:
         run: |
           echo "nginx_c_flags=-O0" >> $GITHUB_ENV
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - name: Build nginx with sanitizer
         working-directory: nginx
         run: |
@@ -203,4 +223,4 @@ jobs:
           LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
             TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
             prove ${{ matrix.sanitize-ok }}
- 
\ No newline at end of file
+
diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml
new file mode 100644
index 000000000..25c9c8288
--- /dev/null
+++ b/.github/workflows/no-malloc.yml
@@ -0,0 +1,44 @@
+name: No Malloc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
diff --git a/.github/workflows/nss.sh b/.github/workflows/nss.sh
new file mode 100644
index 000000000..8a78e0fd5
--- /dev/null
+++ b/.github/workflows/nss.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+# Setup nss cert db
+mkdir nssdb
+./dist/Debug/bin/certutil -d nssdb -N --empty-password
+./dist/Debug/bin/certutil -d nssdb  -A -a -i  wolfssl/certs/test/server-localhost.pem \
+    -t TCP -n 'wolf localhost'
+
+# App data for nss
+echo Hello from nss > /tmp/in
+
+# TLS 1.3 test
+env -C wolfssl ./examples/server/server -v 4 -p 4433 \
+    -c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
+sleep 0.1
+./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
+sleep 0.1
+
+# DTLS 1.3 test
+env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
+    -c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
+sleep 0.1
+./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
+sleep 0.1
diff --git a/.github/workflows/nss.yml b/.github/workflows/nss.yml
new file mode 100644
index 000000000..e7d911bd1
--- /dev/null
+++ b/.github/workflows/nss.yml
@@ -0,0 +1,89 @@
+name: nss interop Tests
+
+### TODO uncomment stuff
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  NSS_REF: NSS_3_107_RTM
+
+jobs:
+  build_nss:
+    name: Build nss
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    steps:
+      - name: Checking if we have nss in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: dist
+          key: nss-${{ env.NSS_REF }}
+          lookup-only: true
+
+      - name: Install dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y gyp ninja-build
+
+      - name: Checkout nss
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: nss-dev/nss
+          ref: ${{ env.NSS_REF }}
+          path: nss
+
+      - name: Compile nss
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          hg clone https://hg.mozilla.org/projects/nspr
+          cd nss
+          ./build.sh
+
+  nss_test:
+    name: Test interop with nss
+    runs-on: ubuntu-22.04
+    needs: build_nss
+    timeout-minutes: 10
+    if: github.repository_owner == 'wolfssl'
+    steps:
+      - name: Checking if we have nss in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: dist
+          key: nss-${{ env.NSS_REF }}
+          fail-on-cache-miss: true
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-dtls --enable-dtls13
+          install: false
+          check: false
+
+      - name: Test interop
+        run: bash wolfssl/.github/workflows/nss.sh
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: |
+          cat /tmp/server.log
diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml
new file mode 100644
index 000000000..2acd82b22
--- /dev/null
+++ b/.github/workflows/ntp.yml
@@ -0,0 +1,93 @@
+name: ntp Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-ntp
+          path: build-dir.tgz
+          retention-days: 5
+
+  ntp_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 4.2.8p15, 4.2.8p17 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-ntp
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      # Avoid DoS'ing ntp site so cache the tar.gz
+      - name: Check if we have ntp
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: ntp-${{ matrix.ref }}.tar.gz
+          key: ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Download ntp
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Extract ntp
+        run: |
+          tar -xf ntp-${{ matrix.ref }}.tar.gz
+
+      - name: Build and test ntp
+        working-directory: ntp-${{ matrix.ref }}
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
+          ./bootstrap
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          make -j
+          make -j check
diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml
new file mode 100644
index 000000000..b7c8f8ef5
--- /dev/null
+++ b/.github/workflows/ocsp.yml
@@ -0,0 +1,38 @@
+name: OCSP Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  ocsp_stapling:
+    name: ocsp stapling
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Build wolfSSL
+        run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
+
+      - name: Start OCSP responder 1
+        run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
+
+      - name: Start OCSP responder 2
+        run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
+
+      - name: Start TLS server
+        run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
+
+      - name: Test Look Up
+        run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o
diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml
new file mode 100644
index 000000000..b77dd3ea9
--- /dev/null
+++ b/.github/workflows/openldap.yml
@@ -0,0 +1,91 @@
+name: openldap Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openldap
+          path: build-dir.tgz
+          retention-days: 5
+
+  openldap_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # List of releases to test
+          - osp_ref: 2.5.13
+            git_ref: OPENLDAP_REL_ENG_2_5_13
+          - osp_ref: 2.6.7
+            git_ref: OPENLDAP_REL_ENG_2_6_7
+    name: ${{ matrix.osp_ref }}
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openldap
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout openldap
+        uses: actions/checkout@v4
+        with:
+          repository: openldap/openldap
+          path: openldap
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build and test OpenLDAP
+        working-directory: openldap
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
+          rm aclocal.m4
+          autoreconf -ivf
+          ./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
+            CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
+              -I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
+              -L$GITHUB_WORKSPACE/build-dir/lib"
+          make -j depend
+          make -j
+          make -j check
diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml
new file mode 100644
index 000000000..83b122773
--- /dev/null
+++ b/.github/workflows/openssh.yml
@@ -0,0 +1,84 @@
+name: openssh Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: >-
+            --enable-openssh --enable-dsa --with-max-rsa-bits=8192
+            --enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openssh
+          path: build-dir.tgz
+          retention-days: 5
+
+  openssh_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - git_ref: 'V_9_6_P1'
+            osp_ver: '9.6'
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openssh
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test openssh
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: openssh/openssh-portable
+          ref: ${{ matrix.git_ref }}
+          path: openssh
+          patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
+          configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
+          check: false
+
+      # make tests take >20 minutes. Consider limiting?
+      - name: Run tests
+        working-directory: ./openssh
+        run: |
+          # Run all the tests except (t-exec) as it takes too long
+          make file-tests interop-tests extra-tests unit
diff --git a/.github/workflows/opensslcoexist.yml b/.github/workflows/opensslcoexist.yml
new file mode 100644
index 000000000..1b59bec85
--- /dev/null
+++ b/.github/workflows/opensslcoexist.yml
@@ -0,0 +1,50 @@
+name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
+        run: |
+          ./autogen.sh || $(exit 2)
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in config.log scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml
index 10f206ff6..974630145 100644
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -1,13 +1,23 @@
 name: OpenVPN Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -18,30 +28,36 @@ jobs:
           configure: --enable-openvpn
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-openvpn
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   openvpn_check:
     strategy:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ master, release/2.6, v2.6.0 ]
+        ref: [ release/2.6, master ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
-    timeout-minutes: 6
+    timeout-minutes: 10
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-openvpn
-          path: build-dir
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
 
       - name: Install dependencies
         run: |
@@ -50,10 +66,14 @@ jobs:
                      linux-libc-dev man2html libcmocka-dev python3-docutils \
                      libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
 
+      - name: workaround high-entropy ASLR
+        # not needed after either an update to llvm or runner is done
+        run: sudo sysctl vm.mmap_rnd_bits=28
+
       - if: ${{ matrix.ref != 'master' }}
         name: Build and test openvpn with fsanitize
         run: |
-          echo 'extra_c_flags=CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
+          echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
 
       - name: Build and test openvpn
         uses: wolfSSL/actions-build-autotools-project@v1
diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index 08134c4a2..190a26b62 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -1,14 +1,23 @@
 name: Ubuntu-Macos-Windows Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   make_check:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
         config: [
           # Add new configs here
           '',
@@ -16,16 +25,26 @@ jobs:
           '--enable-all --enable-asn=original',
           '--enable-harden-tls',
           '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
-             --enable-opensslextra --enable-sessioncerts 
-             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
+             --enable-opensslextra --enable-sessioncerts
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
              -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
           '--enable-all --enable-secure-renegotiation',
           '--enable-all --enable-haproxy --enable-quic',
-          '--enable-dtls --enable-dtls13 --enable-earlydata 
-             --enable-session-ticket --enable-psk 
+          '--enable-dtls --enable-dtls13 --enable-earlydata
+             --enable-session-ticket --enable-psk
              CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+          '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
+             --enable-dtls-frag-ch',
+          '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
+          '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
+           --enable-dtls-mtu',
+          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+            --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
+          '--enable-ascon --enable-experimental',
+          '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
         ]
     name: make check
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -40,12 +59,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
         user-settings: [
           # Add new user_settings.h here
           'examples/configs/user_settings_all.h',
         ]
     name: make user_setting.h
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -61,14 +81,18 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
         user-settings: [
           # Add new user_settings.h here
+          'examples/configs/user_settings_eccnonblock.h',
           'examples/configs/user_settings_min_ecc.h',
           'examples/configs/user_settings_wolfboot_keytools.h',
           'examples/configs/user_settings_wolftpm.h',
+          'examples/configs/user_settings_wolfssh.h',
+          'examples/configs/user_settings_tls12.h',
         ]
     name: make user_setting.h (testwolfcrypt only)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -88,13 +112,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
     name: make user_setting.h (with sed)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - if: ${{ matrix.os == 'macos-latest' }}
       run: brew install automake libtool
     - run: ./autogen.sh
@@ -108,7 +133,12 @@ jobs:
 
   windows_build:
     name: Windows Build Test
+    if: github.repository_owner == 'wolfssl'
     runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [ x64, Win32, ARM64 ]
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     env:
@@ -119,12 +149,11 @@ jobs:
       # You can convert this to a build matrix if you need coverage of multiple configuration types.
       # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
       BUILD_CONFIGURATION: Release
-      BUILD_PLATFORM: x64
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Add MSBuild to PATH
-      uses: microsoft/setup-msbuild@v1
+      uses: microsoft/setup-msbuild@v2
 
     - name: Restore NuGet packages
       working-directory: ${{env.GITHUB_WORKSPACE}}
@@ -134,8 +163,9 @@ jobs:
       working-directory: ${{env.GITHUB_WORKSPACE}}
       # Add additional options to the MSBuild command line here (like platform or verbosity level).
       # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
-      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
 
-    - name: Run Test
+    - if: ${{ matrix.arch != 'ARM64' }}
+      name: Run Test
       working-directory: ${{env.GITHUB_WORKSPACE}}
-      run: Release/x64/testsuite.exe
+      run: Release/${{matrix.arch}}/testsuite.exe
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index 42e213593..e498e33af 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -1,17 +1,27 @@
 name: Packaging Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Package wolfSSL
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     steps:
       - name: Checkout wolfSSL
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Configure wolfSSL
         run: |
@@ -28,8 +38,9 @@ jobs:
       - name: Build wolfSSL .deb
         run: make deb-docker
 
-      - name: Build wolfSSL .rpm
-        run: make rpm-docker
+# disabled 20240919 -- broken target.
+#      - name: Build wolfSSL .rpm
+#        run: make rpm-docker
 
       - name: Confirm packages built
         run: |
@@ -38,8 +49,9 @@ jobs:
             echo Did not find exactly two deb packages!!!
             exit 1
           fi
-          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
-          if [ "$RPM_COUNT" != "4" ]; then
-            echo Did not find exactly four rpm packages!!!
-            exit 1
-          fi
+# disabled 20240919 -- broken target.
+#          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
+#          if [ "$RPM_COUNT" != "4" ]; then
+#            echo Did not find exactly four rpm packages!!!
+#            exit 1
+#          fi
diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml
new file mode 100644
index 000000000..22da7d6b6
--- /dev/null
+++ b/.github/workflows/pam-ipmi.yml
@@ -0,0 +1,92 @@
+name: pam-ipmi Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          # Don't run tests as this config is tested in many other places
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-pam-ipmi
+          path: build-dir.tgz
+          retention-days: 5
+
+  build_pam-ipmi:
+    strategy:
+      fail-fast: false
+      matrix:
+        git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
+    name: ${{ matrix.git_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install libpam-dev ninja-build meson
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-pam-ipmi
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout pam-ipmi
+        uses: actions/checkout@v4
+        with:
+          repository: openbmc/pam-ipmi
+          path: pam-ipmi
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build pam-ipmi
+        working-directory: pam-ipmi
+        run: |
+          patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch
+          PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build
+          ninja -C build
+
+      - name: Confirm built with wolfSSL
+        working-directory: pam-ipmi
+        run: |
+          ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl
diff --git a/.github/workflows/pq-all.yml b/.github/workflows/pq-all.yml
new file mode 100644
index 000000000..efdc64cf0
--- /dev/null
+++ b/.github/workflows/pq-all.yml
@@ -0,0 +1,49 @@
+name: Quantum Resistant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml
new file mode 100644
index 000000000..44d3a20e2
--- /dev/null
+++ b/.github/workflows/rng-tools.yml
@@ -0,0 +1,116 @@
+name: rng-tools Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-rng-tools
+          path: build-dir.tgz
+          retention-days: 5
+
+  rng-tools_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 6.16 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-rng-tools
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout jitterentropy-library
+        uses: actions/checkout@v4
+        with:
+          repository: smuellerDD/jitterentropy-library
+          path: jitterentropy-library
+          ref: v3.5.0
+
+      - name: Build jitterentropy-library
+        working-directory: jitterentropy-library
+        run: make -j
+
+      - name: Build rng-tools
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: nhorman/rng-tools
+          ref: v${{ matrix.ref }}
+          path: rng-tools
+          patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
+          configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          check: false
+
+      - name: Testing rng-tools
+        id: testing
+        working-directory: rng-tools
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+               break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi
+
+      - name: Print logs
+        if: ${{ failure() && steps.testing.outcome == 'failure' }}
+        working-directory: rng-tools/tests
+        run: cat test-suite.log
diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml
new file mode 100644
index 000000000..91417e7a7
--- /dev/null
+++ b/.github/workflows/socat.yml
@@ -0,0 +1,81 @@
+name: socat Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-socat
+          path: build-dir.tgz
+          retention-days: 5
+
+
+  socat_check:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    needs: build_wolfssl
+    steps:
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-socat
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Download socat
+        run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build socat
+        working-directory: ./socat-1.8.0.0
+        run: |
+          patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
+          autoreconf -vfi
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
+          make
+
+      - name: Run socat tests
+        working-directory: ./socat-1.8.0.0
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          export SHELL=/bin/bash
+          SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530
diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml
new file mode 100644
index 000000000..bb3824d17
--- /dev/null
+++ b/.github/workflows/softhsm.yml
@@ -0,0 +1,94 @@
+name: SoftHSMv2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-softhsm
+          path: build-dir.tgz
+          retention-days: 5
+
+  softhsm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.6.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcppunit-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-softhsm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout SoftHSMv2
+        uses: actions/checkout@v4
+        with:
+          repository: opendnssec/SoftHSMv2
+          path: softhsm
+          ref: ${{ matrix.ref }}
+
+      # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
+      - name: Build softhsm
+        working-directory: softhsm
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
+          autoreconf -if
+          ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          make -j
+
+      - name: Test softhsm
+        working-directory: softhsm
+        run: make -j check
diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml
new file mode 100644
index 000000000..4ef3a7968
--- /dev/null
+++ b/.github/workflows/sssd.yml
@@ -0,0 +1,99 @@
+name: sssd Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    if: github.repository_owner == 'wolfssl'
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sssd
+          path: build-dir.tgz
+          retention-days: 5
+
+  sssd_check:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.9.1 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-22.04
+    container:
+      image: quay.io/sssd/ci-client-devel:ubuntu-latest
+      env:
+        LD_LIBRARY_PATH: /usr/local/lib
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
+
+      - name: Setup env
+        run: |
+          ln -s samba-4.0/ldb.h /usr/include/ldb.h
+          ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
+          ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
+          ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
+          ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sssd
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test sssd
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: SSSD/sssd
+          ref: ${{ matrix.ref }}
+          path: sssd
+          patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
+          configure: >-
+            --without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
+            --without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          check: true
+
diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml
index ac25126d5..701a4e51b 100644
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -1,13 +1,23 @@
 name: stunnel Tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -18,12 +28,15 @@ jobs:
           configure: --enable-stunnel
           install: true
 
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
       - name: Upload built lib
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: wolf-install-stunnel
-          path: build-dir
-          retention-days: 1
+          path: build-dir.tgz
+          retention-days: 5
 
   stunnel_check:
     strategy:
@@ -32,19 +45,22 @@ jobs:
         # List of releases to test
         ref: [ 5.67 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     needs: build_wolfssl
     steps:
       - name: Download lib
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: wolf-install-stunnel
-          path: build-dir
-    
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
       - name: Checkout OSP
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: wolfssl/osp
           path: osp
diff --git a/.github/workflows/watcomc.yml b/.github/workflows/watcomc.yml
new file mode 100644
index 000000000..ea1af5704
--- /dev/null
+++ b/.github/workflows/watcomc.yml
@@ -0,0 +1,84 @@
+name: Build Watcom C
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  wolfssl_watcomc_windows:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        common:
+          - cmake:    '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
+        platform:
+          - title:   'Windows OW 2.0'
+            system:   'Windows'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'win32ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'Linux OW 2.0'
+            system:   'Linux'
+            image:    'ubuntu-latest'
+            owimage:  '2.0'
+            id:       'linuxow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'OS/2 OW 2.0'
+            system:   'OS2'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'os2ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
+        thread:
+          - id:       'multi'
+            cmake:    ''
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
+          - id:       'single'
+            cmake:    '-DWOLFSSL_SINGLE_THREADED=yes'
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
+        library:
+          - id:       'dll'
+            cmake:    ''
+            owcmake:  'DLL'
+          - id:       'static'
+            cmake:    '-DBUILD_SHARED_LIBS=no'
+            owcmake:  ''
+        exclude:
+          - { platform: { system: 'Linux' }, library: { id: 'dll' } }
+    runs-on: ${{ matrix.platform.image }}
+    name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
+    steps:
+      - name: Setup Open Watcom ${{ matrix.platform.owimage }}
+        uses: open-watcom/setup-watcom@v0
+        with:
+          version: ${{ matrix.platform.owimage }}
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Build wolfSSL
+        working-directory: wolfssl
+        shell: bash
+        run: |
+          cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
+          cmake --build build
+
+      - name: Upload build errors
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
+          path: |
+            build/**
diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml
new file mode 100644
index 000000000..12b294b6b
--- /dev/null
+++ b/.github/workflows/win-csharp-test.yml
@@ -0,0 +1,58 @@
+name: Windows CSharp Build Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    if: github.repository_owner == 'wolfssl'
+    runs-on: windows-latest
+
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Debug
+      BUILD_PLATFORM: x64
+
+    steps:
+        - name: Pull wolfssl
+          uses: actions/checkout@master
+          with:
+            repository: wolfssl/wolfssl
+            path: wolfssl
+
+        - name: Create FIPS stub files (autogen)
+          working-directory: wolfssl
+          run: |
+            echo $null >> wolfcrypt\src\fips.c
+            echo $null >> wolfcrypt\src\fips_test.c
+            echo $null >> wolfcrypt\src\wolfcrypt_first.c
+            echo $null >> wolfcrypt\src\wolfcrypt_last.c
+
+        - name: Add MSBuild to PATH
+          uses: microsoft/setup-msbuild@v1
+
+        - name: Build
+          working-directory: ${{env.GITHUB_WORKSPACE}}
+          # Add additional options to the MSBuild command line here (like platform or verbosity level).
+          # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+          run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+        - name: Run wolfCrypt test
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfCrypt-test.exe
+
+        - name: Run wolfSSL client/server example
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe
diff --git a/.github/workflows/wolfCrypt-Wconversion.yml b/.github/workflows/wolfCrypt-Wconversion.yml
new file mode 100644
index 000000000..77eac8531
--- /dev/null
+++ b/.github/workflows/wolfCrypt-Wconversion.yml
@@ -0,0 +1,41 @@
+name: wolfCrypt conversion warnings
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_library:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
+        ]
+    name: build library
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Build wolfCrypt with extra type conversion warnings
+        run: |
+          ./autogen.sh || $(exit 2)
+          echo "running ./configure ${{ matrix.config }}"
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
index decdba256..3bd2978a5 100644
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@@ -1,7 +1,16 @@
 name: Zephyr tests
 
+# START OF COMMON SECTION
 on:
-  workflow_call:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
 
 jobs:
   run_test:
@@ -14,9 +23,12 @@ jobs:
             zephyr-sdk: 0.16.1
           - zephyr-ref: v3.5.0
             zephyr-sdk: 0.16.3
-    runs-on: ubuntu-latest
+          - zephyr-ref: v2.7.4
+            zephyr-sdk: 0.16.3
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
-    timeout-minutes: 15
+    timeout-minutes: 25
     steps:
       - name: Install dependencies
         run: |
@@ -34,7 +46,7 @@ jobs:
             libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
             libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
             net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
-            python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
+            python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
             texinfo unzip wget ovmf xz-utils
 
       - name: Install west
@@ -64,30 +76,43 @@ jobs:
 
       - name: Install zephyr SDK
         run: |
-          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
-          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
           cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
-          ./setup.sh -h -c
+          ./setup.sh -h -c -t x86_64-zephyr-elf
+
+      - name: Fix options for 2.7.4
+        if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
+        working-directory: zephyr/modules/crypto/wolfssl
+        run: |
+          sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
 
       - name: Run wolfssl test
         id: wolfssl-test
         working-directory: zephyr
         run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
           rm -rf zephyr/twister-out
 
       - name: Run wolfssl TLS sock test
+        # Results in a page fault that I can't trace
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
         id: wolfssl-tls-sock
         working-directory: zephyr
         run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
+          rm -rf zephyr/twister-out
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
           rm -rf zephyr/twister-out
 
       - name: Run wolfssl TLS thread test
+        if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
         id: wolfssl-tls-thread
         working-directory: zephyr
         run: |
-          ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
+          ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
           rm -rf zephyr/twister-out
 
       - name: Zip failure logs
@@ -97,7 +122,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: zephyr-client-test-logs
           path: logs.zip
diff --git a/.gitignore b/.gitignore
index 5adfbf310..90c76affa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ ctaocrypt/src/src/
 *.cache
 .dirstamp
 *.user
+!*-VS2022.vcxproj.user
 configure
 config.*
 !cmake/config.in
@@ -82,16 +83,19 @@ snifftest
 output
 mcapi/test
 testsuite/testsuite
-tests/unit
 testsuite/testsuite.test
+testsuite/*.der
+testsuite/*.pem
+testsuite/*.raw
+testsuite/*.obj
+testsuite/*.pdb
+testsuite/*.idb
+tests/unit
 tests/unit.test
 tests/bio_write_test.txt
 tests/test-log-dump-to-file.txt
 tests/cert_cache.tmp
 test-write-dhparams.pem
-testsuite/*.der
-testsuite/*.pem
-testsuite/*.raw
 cert.der
 cert.pem
 certecc.der
@@ -242,6 +246,7 @@ linuxkm/libwolfssl.mod.c
 linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size
+*.nds
 
 # autotools generated
 scripts/unit.test
@@ -286,23 +291,6 @@ mqx/wolfcrypt_benchmark/.settings
 mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
 mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
 
-# User Crypto example build
-wolfcrypt/user-crypto/aclocal.m4
-wolfcrypt/user-crypto/config.guess
-wolfcrypt/user-crypto/autom4te.cache
-wolfcrypt/user-crypto/config.log
-wolfcrypt/user-crypto/config.status
-wolfcrypt/user-crypto/config.sub
-wolfcrypt/user-crypto/depcomp
-wolfcrypt/user-crypto/install-sh
-wolfcrypt/user-crypto/libtool
-wolfcrypt/user-crypto/ltmain.sh
-wolfcrypt/user-crypto/m4
-wolfcrypt/user-crypto/missing
-wolfcrypt/user-crypto/Makefile.in
-wolfcrypt/user-crypto/lib/libusercrypto.*
-*.hzs
-
 # wolfSSL CSharp wrapper
 wrapper/CSharp/x64/
 
@@ -339,6 +327,10 @@ wolfcrypt/src/port/intel/qat_test
 # Arduino Generated Files
 /IDE/ARDUINO/wolfSSL
 scripts/memtest.txt
+/IDE/ARDUINO/Arduino_README_prepend.md.tmp
+/IDE/ARDUINO/library.properties.tmp
+/IDE/ARDUINO/library.properties.tmp.backup
+/IDE/ARDUINO/PREPENDED_README.md
 
 # Doxygen generated files
 doc/doxygen_warnings
@@ -415,7 +407,7 @@ XXX-fips-test
 # Generated user_settings_asm.h.
 user_settings_asm.h
 
-# VisualGD
+# VisualGDB
 **/.visualgdb
 
 # Espressif sdk config default should be saved in sdkconfig.defaults
@@ -423,6 +415,25 @@ user_settings_asm.h
 /IDE/Espressif/**/sdkconfig
 /IDE/Espressif/**/sdkconfig.old
 
+# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
+/IDE/Espressif/**/sdkconfig.debug
+/IDE/Espressif/**/sdkconfig.release
+/IDE/Espressif/**/sdkconfig-debug
+/IDE/Espressif/**/sdkconfig-release
+
+# Always include Espressif makefiles (typically only used for ESP8266)
+!/IDE/Espressif/**/Makefile
+!/IDE/Espressif/**/component.mk
+
+# Ignore all the example logs
+/IDE/Espressif/ESP-IDF/examples/**/logs/*
+
+# MPLAB
+/IDE/MPLABX16/wolfssl.X/dist/default/
+/IDE/MPLABX16/wolfssl.X/.generated_files
+/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
+/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
+
 # auto-created CMake backups
 **/CMakeLists.txt.old
 
@@ -437,3 +448,21 @@ MagicCrypto
 debian/changelog
 debian/control
 *.deb
+
+# Ada/Alire files
+wrapper/Ada/alire/
+wrapper/Ada/config/
+wrapper/Ada/lib/
+wrapper/Ada/obj/
+
+# PlatformIO
+/**/.pio
+/**/.vscode/.browse.c_cpp.db*
+/**/.vscode/c_cpp_properties.json
+/**/.vscode/launch.json
+/**/.vscode/ipch
+/**/sdkconfig.esp32dev
+
+# Autogenerated debug trace headers
+wolfssl/debug-trace-error-codes.h
+wolfssl/debug-untrace-error-codes.h
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
new file mode 100644
index 000000000..22657701e
--- /dev/null
+++ b/.wolfssl_known_macro_extras
@@ -0,0 +1,990 @@
+AES_GCM_GMULT_NCT
+AFX_RESOURCE_DLL
+AFX_TARG_ENU
+ALLOW_BINARY_MISMATCH_INTROSPECTION
+ALLOW_V1_EXTENSIONS
+ANDROID
+APP_ESP_HTTP_CLIENT
+APP_ESP_HTTP_CLIENT_EXAMPLE
+APSTUDIO_INVOKED
+ARCH_sim
+ARDUINO
+ARDUINO_ARCH_RP2040
+ARDUINO_SAMD_NANO_33_IOT
+ARDUINO_SAM_DUE
+ASN_DUMP_OID
+ASN_TEMPLATE_SKIP_ISCA_CHECK
+ATCAPRINTF
+ATCA_ENABLE_DEPRECATED
+AVR
+BASE64_NO_TABLE
+BLAKE2B_SELFTEST
+BLAKE2S_SELFTEST
+BLOCKING
+BSP_DEFAULT_IO_CHANNEL_DEFINED
+BSP_LED_0
+BSP_LED_1
+BSP_SDCARD_ESDHC_CHANNEL
+BSP_SDCARD_SDHC_CHANNEL
+BSP_SDCARD_SPI_CHANNEL
+CAAM_OUT_INVALIDATE
+CERT_REL_PREFIX
+CIOCASYMFEAT
+CIOCGSESSINFO
+CMSIS_OS2_H_
+COMPONENT_WOLFSSL
+CONFIG_ARCH_CHIP_STM32F746ZG
+CONFIG_ARCH_CHIP_STM32H743ZI
+CONFIG_ARCH_CHIP_STM32L552ZE
+CONFIG_ARCH_POSIX
+CONFIG_ARM
+CONFIG_ARM64
+CONFIG_BOARD_NATIVE_POSIX
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT
+CONFIG_COMPILER_OPTIMIZATION_NONE
+CONFIG_COMPILER_OPTIMIZATION_PERF
+CONFIG_COMPILER_OPTIMIZATION_SIZE
+CONFIG_CRYPTO_FIPS
+CONFIG_CRYPTO_MANAGER
+CONFIG_CSPRNG_ENABLED
+CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP8266_XTAL_FREQ_26
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80
+CONFIG_ESP_ENABLE_WOLFSSH
+CONFIG_ESP_MAIN_TASK_STACK_SIZE
+CONFIG_ESP_TLS_USING_WOLFSSL
+CONFIG_ESP_WIFI_PASSWORD
+CONFIG_ESP_WIFI_SSID
+CONFIG_ESP_WOLFSSL_ENABLE_KYBER
+CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
+CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
+CONFIG_ESP_WOLFSSL_NO_HW_AES
+CONFIG_ESP_WOLFSSL_NO_HW_HASH
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+CONFIG_FREERTOS_HZ
+CONFIG_FREERTOS_UNICORE
+CONFIG_IDF_TARGET
+CONFIG_IDF_TARGET_ARCH_RISCV
+CONFIG_IDF_TARGET_ARCH_XTENSA
+CONFIG_IDF_TARGET_ESP32
+CONFIG_IDF_TARGET_ESP32C2
+CONFIG_IDF_TARGET_ESP32C3
+CONFIG_IDF_TARGET_ESP32C6
+CONFIG_IDF_TARGET_ESP32H2
+CONFIG_IDF_TARGET_ESP32S2
+CONFIG_IDF_TARGET_ESP32S3
+CONFIG_IDF_TARGET_ESP8266
+CONFIG_IDF_TARGET_ESP8684
+CONFIG_MAIN_TASK_STACK_SIZE
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+CONFIG_MBEDTLS_PSA_CRYPTO_C
+CONFIG_MIPS
+CONFIG_MODULE_SIG
+CONFIG_NET_SOCKETS_SOCKOPT_TLS
+CONFIG_NEWLIB_LIBC
+CONFIG_NEWLIB_NANO_FORMAT
+CONFIG_PICOLIBC
+CONFIG_POSIX_API
+CONFIG_POSIX_THREADS
+CONFIG_PREEMPT_COUNT
+CONFIG_PTHREAD_IPC
+CONFIG_SMP
+CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
+CONFIG_TIMER_TASK_STACK_DEPTH
+CONFIG_TIMER_TASK_STACK_SIZE
+CONFIG_TLS_STACK_WOLFSSL
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME
+CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
+CONFIG_WOLFCRYPT_ARMASM
+CONFIG_WOLFCRYPT_FIPS
+CONFIG_WOLFCRYPT_INTELASM
+CONFIG_WOLFSSL
+CONFIG_WOLFSSL_ALLOW_TLS13
+CONFIG_WOLFSSL_ALPN
+CONFIG_WOLFSSL_ALT_CERT_CHAINS
+CONFIG_WOLFSSL_APPLE_HOMEKIT
+CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+CONFIG_WOLFSSL_DTLS
+CONFIG_WOLFSSL_ENABLE_KYBER
+CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_NONE
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+CONFIG_WOLFSSL_HKDF
+CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
+CONFIG_WOLFSSL_NO_ASN_STRICT
+CONFIG_WOLFSSL_PSK
+CONFIG_WOLFSSL_RSA_PSS
+CONFIG_WOLFSSL_TARGET_HOST
+CONFIG_WOLFSSL_TARGET_PORT
+CONFIG_WOLFSSL_TLS13_ENABLED
+CONFIG_WOLFSSL_TLS_VERSION_1_2
+CONFIG_WOLFSSL_TLS_VERSION_1_3
+CONFIG_WOLFTPM
+CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+CONFIG_X86
+CONV_WITH_DIV
+CPA_CY_API_VERSION_NUM_MAJOR
+CPU_MIMXRT1176DVMAA_cm7
+CPU_MK82FN256VLL15
+CRLDP_VALIDATE_DATA
+CRL_REPORT_LOAD_ERRORS
+CRL_STATIC_REVOKED_LIST
+CRYPTOCELL_KEY_SIZE
+CRYP_HEADERWIDTHUNIT_BYTE
+CRYP_KEYIVCONFIG_ONCE
+CRYP_KEYSIZE_192B
+CSM_UNSUPPORTED_ALGS
+CTYPE_USER
+CURVED448_SMALL
+CY_USING_HAL
+DCP_USE_DCACHE
+DILITHIUM_MUL_11_SLOW
+DILITHIUM_MUL_44_SLOW
+DILITHIUM_MUL_QINV_SLOW
+DILITHIUM_MUL_Q_SLOW
+DILITHIUM_MUL_SLOW
+DILITHIUM_USE_HINT_CT
+DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
+ECCSI_ORDER_MORE_BITS_THAN_PRIME
+ECC_DUMP_OID
+ECDHE_SIZE
+ENABLE_SECURE_SOCKETS_LOGS
+ESP32
+ESP8266
+ESP_ENABLE_WOLFSSH
+ESP_IDF_VERSION_MAJOR
+ESP_IDF_VERSION_MINOR
+ESP_PLATFORM
+ESP_TASK_MAIN_STACK
+EV_TRIGGER
+FP_ECC_CONTROL
+FREERTOS_TCP_WINSIM
+FREESCALE
+FREESCALE_RNGB
+FREESCALE_USE_MMCAU_CLASSIC
+FSL_FEATURE_HAS_L1CACHE
+FSL_FEATURE_LTC_HAS_DES
+FSL_FEATURE_LTC_HAS_GCM
+FSL_FEATURE_LTC_HAS_PKHA
+FSL_FEATURE_LTC_HAS_SHA
+FSL_FEATURE_SOC_LTC_COUNT
+FSL_FEATURE_SOC_MMCAU_COUNT
+FSL_FEATURE_SOC_RNG_COUNT
+FSL_FEATURE_SOC_TRNG_COUNT
+FUSION_RTOS
+GENERATE_MACHINE_PARSEABLE_REPORT
+GE_P3_TOBYTES_IMPL
+GOAHEAD_WS
+HAL_RTC_MODULE_ENABLED
+HARDWARE_CACHE_COHERENCY
+HASH_AlgoMode_HASH
+HASH_BYTE_SWAP
+HASH_CR_LKEY
+HASH_DIGEST
+HASH_DataType_8b
+HASH_IMR_DCIE
+HASH_IMR_DINIE
+HAVE_AESGCM_DECRYPT
+HAVE_BYTEREVERSE64
+HAVE_CERTIFICATE_STATUS_V2
+HAVE_COLDFIRE_SEC
+HAVE_CRL_UPDATE_CB
+HAVE_CSHARP
+HAVE_CURL
+HAVE_CURVE22519
+HAVE_DANE
+HAVE_ECC239
+HAVE_ECC320
+HAVE_ECC512
+HAVE_ECC_CDH_CAST
+HAVE_ECC_SM2
+HAVE_ESP_CLK
+HAVE_FACON
+HAVE_FIPS_VERSION_PORT
+HAVE_FUZZER
+HAVE_INTEL_MULX
+HAVE_INTEL_QAT_SYNC
+HAVE_INTEL_SPEEDUP
+HAVE_MDK_RTX
+HAVE_NETX_BSD
+HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
+HAVE_POCO_LIB
+HAVE_RTP_SYS
+HAVE_SECURE_GETENV
+HAVE_STACK_SIZE_VERBOSE_LOG
+HAVE_THREADX
+HAVE_TM_TYPE
+HAVE_VALIDATE_DATE
+HAVE_VA_COPY
+HAVE_X448
+HONOR_MATH_USED_LENGTH
+HSM_KEY_TYPE_HMAC_224
+HSM_KEY_TYPE_HMAC_256
+HSM_KEY_TYPE_HMAC_384
+HSM_KEY_TYPE_HMAC_512
+HSM_OP_KEY_GENERATION_FLAGS_CREATE
+HSM_OP_KEY_GENERATION_FLAGS_UPDATE
+HSM_SVC_KEY_STORE_FLAGS_UPDATE
+IDIRECT_DEV_RANDOM
+IDIRECT_DEV_TIME
+ID_TRNG
+IGNORE_KEY_EXTENSIONS
+IGNORE_NETSCAPE_CERT_TYPE
+INCLUDE_uxTaskGetStackHighWaterMark
+INTEGRITY
+INTIMEVER
+IOTSAFE_NO_GETDATA
+IOTSAFE_SIG_8BIT_LENGTH
+KCAPI_USE_XMALLOC
+KYBER_NONDETERMINISTIC
+K_SERIES
+LIBWOLFSSL_VERSION_GIT_BRANCH
+LIBWOLFSSL_VERSION_GIT_HASH
+LIBWOLFSSL_VERSION_GIT_HASH_DATE
+LIBWOLFSSL_VERSION_GIT_ORIGIN
+LIBWOLFSSL_VERSION_GIT_SHORT_HASH
+LIBWOLFSSL_VERSION_GIT_TAG
+LINUXKM_FPU_STATES_FOLLOW_THREADS
+LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+LINUX_CYCLE_COUNT
+LINUX_RUSAGE_UTIME
+LP64
+MAX3266X_AESGCM
+MAX3266X_RSA
+MAXQ10XX_PRODUCTION_KEY
+MAXQ_EXPORT_TLS_KEYS
+MAXQ_SHA1
+MAXSEG_64K
+MAX_WOLFSSL_FILE_SIZE
+MDK_CONF_BARE_METAL
+MDK_CONF_FS
+MDK_CONF_RTX_TCP_FS
+MDK_CONF_TCP_FS
+MDK_WOLFLIB
+MICRIUM_MALLOC
+MICROCHIP_MPLAB_HARMONY
+MICROCHIP_MPLAB_HARMONY_3
+MICRO_SESSION_CACHEx
+MODULE_SOCK_TCP
+MP_31BIT
+MP_8BIT
+MQX_USE_IO_OLD
+MULTI_VALUE_STATISTICS
+MUTEX_DURING_INIT
+NEED_THREADX_TYPES
+NETX_DUO
+NET_SECURE_MODULE_EN
+NOTE_TRIGGER
+NO_AES_DECRYPT
+NO_ARDUINO_DEFAULT
+NO_ASM
+NO_ASN_OLD_TYPE_NAMES
+NO_CAMELLIA_CBC
+NO_CERT
+NO_CIPHER_SUITE_ALIASES
+NO_CLIENT_CACHE
+NO_CLOCK_SPEEDUP
+NO_CURVE25519_KEY_EXPORT
+NO_CURVE25519_KEY_IMPORT
+NO_CURVE25519_SHARED_SECRET
+NO_CURVE448_KEY_EXPORT
+NO_CURVE448_KEY_IMPORT
+NO_CURVE448_SHARED_SECRET
+NO_DEV_URANDOM
+NO_ECC384
+NO_ECC521
+NO_ECC_CACHE_CURVE
+NO_ECC_CHECK_KEY
+NO_ECC_KEY_IMPORT
+NO_ECC_MAKE_PUB
+NO_ED25519_CLIENT_AUTH
+NO_ED25519_KEY_EXPORT
+NO_ED25519_KEY_IMPORT
+NO_ED25519_MAKE_KEY
+NO_ED25519_SIGN
+NO_ED25519_VERIFY
+NO_ED448_CLIENT_AUTH
+NO_ED448_KEY_EXPORT
+NO_ED448_KEY_IMPORT
+NO_ED448_SIGN
+NO_ED448_VERIFY
+NO_ESP_MP_MUL_EVEN_ALT_CALC
+NO_FORCE_SCR_SAME_SUITE
+NO_GCM_ENCRYPT_EXTRA
+NO_GETENV
+NO_HANDSHAKE_DONE_CB
+NO_IMX6_CAAM_AES
+NO_IMX6_CAAM_HASH
+NO_OLD_NAMES
+NO_OLD_POLY1305
+NO_OLD_TIMEVAL_NAME
+NO_PBKDF1
+NO_PIC32MZ_CRYPT
+NO_PIC32MZ_HASH
+NO_PIC32MZ_RNG
+NO_PKCS11_AES
+NO_PKCS11_AESCBC
+NO_PKCS11_AESGCM
+NO_PKCS11_ECC
+NO_PKCS11_ECDH
+NO_PKCS11_EC_KEYGEN
+NO_PKCS11_HMAC
+NO_PKCS11_RNG
+NO_PKCS11_RSA
+NO_PKCS11_RSA_PKCS
+NO_PKCS7
+NO_PKCS7_COMPRESSED_DATA
+NO_PKCS7_ENCRYPTED_DATA
+NO_PKCS7_STREAM
+NO_POLY1305_ASM
+NO_PUBLIC_CCM_SET_NONCE
+NO_PUBLIC_GCM_SET_IV
+NO_RESUME_SUITE_CHECK
+NO_RNG
+NO_RNG_MUTEX
+NO_SESSION_CACHE_ROW_LOCK
+NO_SKID
+NO_SKIP_PREVIEW
+NO_STDIO_FGETS_REMAP
+NO_TKERNEL_MEM_POOL
+NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
+NO_VERIFY_OID
+NO_WC_SSIZE_TYPE
+NO_WOLFSSL_ALLOC_ALIGN
+NO_WOLFSSL_AUTOSAR_CRYIF
+NO_WOLFSSL_AUTOSAR_CRYPTO
+NO_WOLFSSL_AUTOSAR_CSM
+NO_WOLFSSL_BASE64_DECODE
+NO_WOLFSSL_BN_CTX
+NO_WOLFSSL_MSG_EX
+NO_WOLFSSL_RENESAS_FSPSM_AES
+NO_WOLFSSL_RENESAS_FSPSM_HASH
+NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES
+NO_WOLFSSL_SHA256
+NO_WOLFSSL_SHA256_INTERLEAVE
+NO_WOLFSSL_SHA512_INTERLEAVE
+NO_WOLFSSL_SKIP_TRAILING_PAD
+NO_WOLFSSL_SMALL_STACK_STATIC
+NO_WOLFSSL_XILINX_TAG_MALLOC
+NRF52
+NRF52_SERIES
+NRF_ERROR_MODULE_ALREADY_INITIALIZED
+OLD_HELLO_ALLOWED
+OPENSSL_EXTRA_BSD
+OPENSSL_EXTRA_NO_ASN1
+OPENSSL_EXTRA_NO_BN
+OPENSSL_NO_PK
+OS_WINDOWS
+OTHERBOARD
+OTHER_BOARD
+PEER_INFO
+PKA_ECC_SCALAR_MUL_IN_B_COEFF
+PLATFORMIO
+PLUTON_CRYPTO_ECC
+PRINT_SESSION_STATS
+PTHREAD_STACK_MIN
+QAT_ENABLE_HASH
+QAT_ENABLE_RNG
+QAT_USE_POLLING_CHECK
+RC_NO_RNG
+REDIRECTION_IN3_KEYELMID
+REDIRECTION_IN3_KEYID
+REDIRECTION_OUT1_KEYELMID
+REDIRECTION_OUT1_KEYID
+REDIRECTION_OUT2_KEYELMID
+REDIRECTION_OUT2_KEYID
+RENESAS_T4_USE
+RTC_ALARMSUBSECONDMASK_ALL
+RTE_CMSIS_RTOS_RTX
+RTOS_MODULE_NET_AVAIL
+RTPLATFORM
+SA_INTERRUPT
+SCEKEY_INSTALLED
+SHA256_MANY_REGISTERS
+SHA3_BY_SPEC
+SHOW_CERTS
+SHOW_GEN
+SHOW_SIZES
+SHOW_SSID_AND_PASSWORD
+SIM_SCGC3_RNGA_MASK
+SIM_SCGC5_PORTC_MASK
+SIM_SCGC5_PORTD_MASK
+SIM_SCGC5_PORTE_MASK
+SIM_SCGC6_RNGA_MASK
+SL_SE_KEY_TYPE_ECC_P384
+SL_SE_KEY_TYPE_ECC_P521
+SL_SE_KEY_TYPE_ECC_X25519
+SL_SE_KEY_TYPE_ECC_X448
+SL_SE_PRF_HMAC_SHA1
+SOFTDEVICE_PRESENT
+SO_NOSIGPIPE
+SO_REUSEPORT
+SP_INT_NO_ASM
+SP_MATH_NEED_ADD_OFF
+SP_USE_DIVTI3
+SQRTMOD_USE_MOD_EXP
+SSL_SNIFFER_EXPORTS
+SSN_BUILDING_LIBYASSL
+STATIC_CHUNKS_ONLY
+STM32F107xC
+STM32F207xx
+STM32F217xx
+STM32F401xE
+STM32F407xx
+STM32F437xx
+STM32F756xx
+STM32F777xx
+STM32G071xx
+STM32G491xx
+STM32H563xx
+STM32H723xx
+STM32H725xx
+STM32H743xx
+STM32H753xx
+STM32H7S3xx
+STM32L475xx
+STM32L4A6xx
+STM32L552xx
+STM32L562xx
+STM32MP135Fxx
+STM32U575xx
+STM32U585xx
+STM32U5A9xx
+STM32WB55xx
+STM32WL55xx
+STM32_AESGCM_PARTIAL
+STM32_HW_CLOCK_AUTO
+STM32_NUTTX_RNG
+TASK_EXTRA_STACK_SIZE
+TCP_NODELAY
+TFM_ALREADY_SET
+TFM_SMALL_MONT_SET
+THREADED_SNIFFTEST
+TIME_T_NOT_LONG
+TI_DUMMY_BUILD
+TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+UNICODE
+USER_CA_CB
+USER_CUSTOM_SNIFFX
+USER_MATH_LIB
+USE_ALT_MPRIME
+USE_ANY_ADDR
+USE_CERT_BUFFERS_25519
+USE_CERT_BUFFERS_3072
+USE_ECDSA_KEYSZ_HASH_ALGO
+USE_FULL_ASSERT
+USE_HAL_DRIVER
+USE_NXP_LTC
+USE_NXP_MMCAU
+USE_QAE_THREAD_LS
+USE_SECRET_CALLBACK
+USE_STSAFE_RNG_SEED
+USE_STSAFE_VERBOSE
+USE_TLSV13
+USE_WOLF_STRNSTR
+USS_API
+WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
+WC_AES_BS_WORD_SIZE
+WC_AES_GCM_DEC_AUTH_EARLY
+WC_ASN_HASH_SHA256
+WC_ASYNC_ENABLE_3DES
+WC_ASYNC_ENABLE_AES
+WC_ASYNC_ENABLE_ARC4
+WC_ASYNC_ENABLE_DH
+WC_ASYNC_ENABLE_ECC
+WC_ASYNC_ENABLE_ECC_KEYGEN
+WC_ASYNC_ENABLE_HMAC
+WC_ASYNC_ENABLE_MD5
+WC_ASYNC_ENABLE_RSA
+WC_ASYNC_ENABLE_RSA_KEYGEN
+WC_ASYNC_ENABLE_SHA
+WC_ASYNC_ENABLE_SHA224
+WC_ASYNC_ENABLE_SHA256
+WC_ASYNC_ENABLE_SHA3
+WC_ASYNC_ENABLE_SHA384
+WC_ASYNC_ENABLE_SHA512
+WC_ASYNC_NO_CRYPT
+WC_ASYNC_NO_HASH
+WC_DILITHIUM_CACHE_PRIV_VECTORS
+WC_DILITHIUM_CACHE_PUB_VECTORS
+WC_DILITHIUM_FIXED_ARRAY
+WC_DISABLE_RADIX_ZERO_PAD
+WC_ECC_NONBLOCK_ONLY
+WC_KDF_NIST_SP_800_56C
+WC_LMS_FULL_HASH
+WC_NO_RNG_SIMPLE
+WC_NO_STATIC_ASSERT
+WC_PKCS11_FIND_WITH_ID_ONLY
+WC_PROTECT_ENCRYPTED_MEM
+WC_RNG_BLOCKING
+WC_RSA_DIRECT
+WC_RSA_NONBLOCK
+WC_RSA_NONBLOCK_TIME
+WC_RSA_NO_FERMAT_CHECK
+WC_SHA384
+WC_SHA384_DIGEST_SIZE
+WC_SHA512
+WC_SSIZE_TYPE
+WC_STRICT_SIG
+WC_XMSS_FULL_HASH
+WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
+WOLFSENTRY_H
+WOLFSENTRY_NO_JSON
+WOLFSSL_32BIT_MILLI_TIME
+WOLFSSL_AARCH64_PRIVILEGE_MODE
+WOLFSSL_AESNI_BY4
+WOLFSSL_AESNI_BY6
+WOLFSSL_AFTER_DATE_CLOCK_SKEW
+WOLFSSL_ALGO_HW_MUTEX
+WOLFSSL_ALLOW_CRIT_AIA
+WOLFSSL_ALLOW_CRIT_AKID
+WOLFSSL_ALLOW_CRIT_SKID
+WOLFSSL_ALLOW_ENCODING_CA_FALSE
+WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+WOLFSSL_ALLOW_NO_CN_IN_SAN
+WOLFSSL_ALLOW_NO_SUITES
+WOLFSSL_ALLOW_SERVER_SC_EXT
+WOLFSSL_ALLOW_TLS_SHA1
+WOLFSSL_ALTERNATIVE_DOWNGRADE
+WOLFSSL_ALT_NAMES_NO_REV
+WOLFSSL_ARM_ARCH_NEON_64BIT
+WOLFSSL_ASCON_UNROLL
+WOLFSSL_ASNC_CRYPT
+WOLFSSL_ASN_EXTRA
+WOLFSSL_ASN_INT_LEAD_0_ANY
+WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
+WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
+WOLFSSL_ATECC508
+WOLFSSL_ATECC508A_NOIDLE
+WOLFSSL_ATECC508A_NOSOFTECC
+WOLFSSL_ATECC508A_TLS
+WOLFSSL_ATECC_ECDH_IOENC
+WOLFSSL_ATECC_NO_ECDH_ENC
+WOLFSSL_ATECC_RNG
+WOLFSSL_ATECC_TFLXTLS
+WOLFSSL_ATECC_TNGTLS
+WOLFSSL_ATMEL
+WOLFSSL_ATMEL_TIME
+WOLFSSL_BEFORE_DATE_CLOCK_SKEW
+WOLFSSL_BIGINT_TYPES
+WOLFSSL_BIO_NO_FLOW_STATS
+WOLFSSL_BLAKE2B_INIT_EACH_FIELD
+WOLFSSL_BLAKE2S_INIT_EACH_FIELD
+WOLFSSL_BLIND_PRIVATE_KEY
+WOLFSSL_BYTESWAP32_ASM
+WOLFSSL_CAAM_BLACK_KEY_AESCCM
+WOLFSSL_CAAM_BLACK_KEY_SM
+WOLFSSL_CAAM_NO_BLACK_KEY
+WOLFSSL_CALLBACKS
+WOLFSSL_CHECK_DESKEY
+WOLFSSL_CHECK_MEM_ZERO
+WOLFSSL_CHIBIOS
+WOLFSSL_CLANG_TIDY
+WOLFSSL_COMMERCIAL_LICENSE
+WOLFSSL_CONTIKI
+WOLFSSL_CRL_ALLOW_MISSING_CDP
+WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_CUSTOM_CONFIG
+WOLFSSL_DILITHIUM_ASSIGN_KEY
+WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
+WOLFSSL_DILITHIUM_NO_ASN1
+WOLFSSL_DILITHIUM_NO_CHECK_KEY
+WOLFSSL_DILITHIUM_NO_LARGE_CODE
+WOLFSSL_DILITHIUM_NO_MAKE
+WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+WOLFSSL_DILITHIUM_SIGN_CHECK_W0
+WOLFSSL_DILITHIUM_SIGN_CHECK_Y
+WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
+WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
+WOLFSSL_DTLS_DISALLOW_FUTURE
+WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
+WOLFSSL_DUMP_MEMIO_STREAM
+WOLFSSL_DUP_CERTPOL
+WOLFSSL_ECC_BLIND_K
+WOLFSSL_ECC_GEN_REJECT_SAMPLING
+WOLFSSL_ECC_NO_SMALL_STACK
+WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
+WOLFSSL_ECDHX_SHARED_NOT_ZERO
+WOLFSSL_ECDSA_MATCH_HASH
+WOLFSSL_ECDSA_SET_K_ONE_LOOP
+WOLFSSL_EC_POINT_CMP_JACOBIAN
+WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+WOLFSSL_EMNET
+WOLFSSL_ESPWROOM32
+WOLFSSL_EVP_PRINT
+WOLFSSL_EXPORT_INT
+WOLFSSL_EXPORT_SPC_SZ
+WOLFSSL_EXTRA
+WOLFSSL_FORCE_OCSP_NONCE_CHECK
+WOLFSSL_FRDM_K64
+WOLFSSL_FRDM_K64_JENKINS
+WOLFSSL_FUNC_TIME
+WOLFSSL_FUNC_TIME_LOG
+WOLFSSL_GEN_CERT
+WOLFSSL_GETRANDOM
+WOLFSSL_GNRC
+WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
+WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
+WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
+WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
+WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
+WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
+WOLFSSL_I2D_ECDSA_SIG_ALLOC
+WOLFSSL_IAR_ARM_TIME
+WOLFSSL_IGNORE_BAD_CERT_PATH
+WOLFSSL_IMX6
+WOLFSSL_IMX6_CAAM
+WOLFSSL_IMX6_CAAM_BLOB
+WOLFSSL_IMX6_CAAM_RNG
+WOLFSSL_IMXRT_DCP
+WOLFSSL_ISOTP
+WOLFSSL_KEIL
+WOLFSSL_KEIL_NET
+WOLFSSL_KYBER_INVNTT_UNROLL
+WOLFSSL_KYBER_NO_LARGE_CODE
+WOLFSSL_KYBER_NO_MALLOC
+WOLFSSL_KYBER_NTT_UNROLL
+WOLFSSL_LIB
+WOLFSSL_LMS_CACHE_BITS
+WOLFSSL_LMS_FULL_HASH
+WOLFSSL_LMS_LARGE_CACHES
+WOLFSSL_LMS_MAX_HEIGHT
+WOLFSSL_LMS_MAX_LEVELS
+WOLFSSL_LMS_NO_SIG_CACHE
+WOLFSSL_LMS_ROOT_LEVELS
+WOLFSSL_LPC43xx
+WOLFSSL_MAKE_SYSTEM_NAME_LINUX
+WOLFSSL_MAKE_SYSTEM_NAME_WSL
+WOLFSSL_MDK5
+WOLFSSL_MEM_FAIL_COUNT
+WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+WOLFSSL_MONT_RED_CT
+WOLFSSL_MP_COND_COPY
+WOLFSSL_MP_INVMOD_CONSTANT_TIME
+WOLFSSL_MULTICIRCULATE_ALTNAMELIST
+WOLFSSL_NONBLOCK_OCSP
+WOLFSSL_NOSHA3_384
+WOLFSSL_NOT_WINDOWS_API
+WOLFSSL_NO_BIO_ADDR_IN
+WOLFSSL_NO_CLIENT
+WOLFSSL_NO_CLIENT_CERT_ERROR
+WOLFSSL_NO_COPY_CERT
+WOLFSSL_NO_COPY_KEY
+WOLFSSL_NO_CRL_DATE_CHECK
+WOLFSSL_NO_CRL_NEXT_DATE
+WOLFSSL_NO_DECODE_EXTRA
+WOLFSSL_NO_DER_TO_PEM
+WOLFSSL_NO_DH186
+WOLFSSL_NO_DTLS_SIZE_CHECK
+WOLFSSL_NO_ETM_ALERT
+WOLFSSL_NO_FENCE
+WOLFSSL_NO_FSEEK
+WOLFSSL_NO_INIT_CTX_KEY
+WOLFSSL_NO_ISSUERHASH_TDPEER
+WOLFSSL_NO_KCAPI_AES_CBC
+WOLFSSL_NO_KCAPI_HMAC_SHA1
+WOLFSSL_NO_KCAPI_HMAC_SHA224
+WOLFSSL_NO_KCAPI_HMAC_SHA256
+WOLFSSL_NO_KCAPI_HMAC_SHA384
+WOLFSSL_NO_KCAPI_HMAC_SHA512
+WOLFSSL_NO_KCAPI_SHA224
+WOLFSSL_NO_OCSP_DATE_CHECK
+WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
+WOLFSSL_NO_OCSP_OPTIONAL_CERTS
+WOLFSSL_NO_PUBLIC_FFDHE
+WOLFSSL_NO_RSA_KEY_CHECK
+WOLFSSL_NO_SERVER_GROUPS_EXT
+WOLFSSL_NO_SESSION_STATS
+WOLFSSL_NO_SIGALG
+WOLFSSL_NO_SOCKADDR_UN
+WOLFSSL_NO_SPHINCS
+WOLFSSL_NO_STRICT_CIPHER_SUITE
+WOLFSSL_NO_TICKET_EXPIRE
+WOLFSSL_NO_TRUSTED_CERTS_VERIFY
+WOLFSSL_NO_XOR_OPS
+WOLFSSL_NRF51_AES
+WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
+WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+WOLFSSL_OLD_SET_CURVES_LIST
+WOLFSSL_OLD_TIMINGPADVERIFY
+WOLFSSL_OLD_UNSUPPORTED_EXTENSION
+WOLFSSL_OPTIONS_IGNORE_SYS
+WOLFSSL_PASSTHRU_ERR
+WOLFSSL_PB
+WOLFSSL_PEER_ADDRESS_CHANGES
+WOLFSSL_PKCS11_RW_TOKENS
+WOLFSSL_PRCONNECT_PRO
+WOLFSSL_PREFIX
+WOLFSSL_PSA_NO_AES
+WOLFSSL_PSA_NO_HASH
+WOLFSSL_PSA_NO_PKCB
+WOLFSSL_PSA_NO_PKCBS
+WOLFSSL_PSA_NO_RNG
+WOLFSSL_PSK_IDENTITY_ALERT
+WOLFSSL_PSK_ID_PROTECTION
+WOLFSSL_PSK_MULTI_ID_PER_CS
+WOLFSSL_PSK_TLS13_CB
+WOLFSSL_PSOC6_CRYPTO
+WOLFSSL_PYTHON
+WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY
+WOLFSSL_RENESAS_RA6M3
+WOLFSSL_RENESAS_RA6M3G
+WOLFSSL_RENESAS_RSIP
+WOLFSSL_RENESAS_RZN2L
+WOLFSSL_RENESAS_TLS
+WOLFSSL_RENESAS_TSIP_IAREWRX
+WOLFSSL_RSA_CHECK_D_ON_DECRYPT
+WOLFSSL_RSA_DECRYPT_TO_0_LEN
+WOLFSSL_RW_THREADED
+WOLFSSL_SAKKE_SMALL
+WOLFSSL_SAKKE_SMALL_MODEXP
+WOLFSSL_SE050_AUTO_ERASE
+WOLFSSL_SE050_CRYPT
+WOLFSSL_SE050_HASH
+WOLFSSL_SE050_INIT
+WOLFSSL_SE050_NO_RSA
+WOLFSSL_SE050_NO_TRNG
+WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
+WOLFSSL_SETTINGS_FILE
+WOLFSSL_SH224
+WOLFSSL_SHA256_ALT_CH_MAJ
+WOLFSSL_SHUTDOWNONCE
+WOLFSSL_SILABS_TRNG
+WOLFSSL_SM4_EBC
+WOLFSSL_SNIFFER_NO_RECOVERY
+WOLFSSL_SP_ARM32_UDIV
+WOLFSSL_SP_DH
+WOLFSSL_SP_FAST_NCT_EXPTMOD
+WOLFSSL_SP_INT_SQR_VOLATILE
+WOLFSSL_STACK_CHECK
+WOLFSSL_STM32F427_RNG
+WOLFSSL_STM32_RNG_NOLIB
+WOLFSSL_STRONGEST_HASH_SIG
+WOLFSSL_STSAFE_TAKES_SLOT
+WOLFSSL_TELIT_M2MB
+WOLFSSL_THREADED_CRYPT
+WOLFSSL_TICKET_DECRYPT_NO_CREATE
+WOLFSSL_TICKET_ENC_AES128_GCM
+WOLFSSL_TICKET_ENC_AES256_CBC
+WOLFSSL_TICKET_ENC_AES256_GCM
+WOLFSSL_TICKET_ENC_CBC_HMAC
+WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
+WOLFSSL_TICKET_ENC_HMAC_SHA384
+WOLFSSL_TICKET_ENC_HMAC_SHA512
+WOLFSSL_TI_CURRTIME
+WOLFSSL_TLS13_DRAFT
+WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
+WOLFSSL_TLS13_SHA512
+WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
+WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
+WOLFSSL_TRACK_MEMORY_FULL
+WOLFSSL_TRAP_MALLOC_SZ
+WOLFSSL_UNALIGNED_64BIT_ACCESS
+WOLFSSL_USER_FILESYSTEM
+WOLFSSL_USER_LOG
+WOLFSSL_USER_MUTEX
+WOLFSSL_USER_THREADING
+WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
+WOLFSSL_USE_FLASHMEM
+WOLFSSL_USE_OPTIONS_H
+WOLFSSL_USE_POPEN_HOST
+WOLFSSL_VALIDATE_DH_KEYGEN
+WOLFSSL_WC_XMSS_NO_SHA256
+WOLFSSL_WC_XMSS_NO_SHAKE256
+WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
+WOLFSSL_X509_STORE_CERTS
+WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK
+WOLFSSL_XFREE_NO_NULLNESS_CHECK
+WOLFSSL_XILINX_CRYPTO_OLD
+WOLFSSL_XILINX_PATCH
+WOLFSSL_XIL_MSG_NO_SLEEP
+WOLFSSL_XMSS_LARGE_SECRET_KEY
+WOLFSSL_ZEPHYR
+WOLF_ALLOW_BUILTIN
+WOLF_CRYPTO_CB_CMD
+WOLF_CRYPTO_CB_FIND
+WOLF_CRYPTO_CB_ONLY_ECC
+WOLF_CRYPTO_CB_ONLY_RSA
+WOLF_CRYPTO_DEV
+WOLF_NO_TRAILING_ENUM_COMMAS
+XGETPASSWD
+XMSS_CALL_PRF_KEYGEN
+XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
+XSECURE_CACHE_DISABLE
+_ABI64
+_ABIO64
+_ARCH_PPC64
+_COMPILER_VERSION
+_INTPTR_T_DECLARED
+_LP64
+_MSC_VER
+_MSVC_LANG
+_M_ARM64
+_M_X64
+_NETOS
+_POSIX_C_SOURCE
+_SDCC_VERSION_PATCHLEVEL
+_SH3
+_SILICON_LABS_SECURITY_FEATURE
+_SOCKLEN_T
+_SYS_DEVCON_LOCAL_H
+_TIME_HELPER_H
+_UINTPTR_T_DECLARED
+_WIN32
+_WIN32_WCE
+_WIN64
+_XOPEN_SOURCE_EXTENDED
+__32MZ2048ECH144__
+__32MZ2048ECM144__
+__32MZ2048EFM144__
+__ANDROID__
+__APPLE__
+__ARCH_STRCASECMP_NO_REDIRECT
+__ARCH_STRCMP_NO_REDIRECT
+__ARCH_STRNCASECMP_NO_REDIRECT
+__ARCH_STRNCAT_NO_REDIRECT
+__ARCH_STRNCMP_NO_REDIRECT
+__ARCH_STRNCPY_NO_REDIRECT
+__ARCH_STRSTR_NO_REDIRECT
+__ARM_ARCH_7M__
+__ARM_FEATURE_CRYPTO
+__ASSEMBLER__
+__ATOMIC_RELAXED
+__AVR__
+__BCPLUSPLUS__
+__BIG_ENDIAN__
+__BORLANDC__
+__CCRX__
+__COMPILER_VER__
+__CYGWIN__
+__DATE__
+__DCACHE_PRESENT
+__DCC__
+__DECC_VER
+__ELF__
+__EMSCRIPTEN__
+__FPU_PRESENT
+__FreeBSD__
+__GLIBC__
+__GNUC_MINOR__
+__GNUC__
+__HP_cc
+__IAR_SYSTEMS_ICC__
+__ICCARM__
+__ILP32__
+__INCLUDE_NUTTX_CONFIG_H
+__INTEGRITY
+__INTEL_COMPILER
+__KEIL__
+__KEY_DATA_H__
+__LINUX__
+__LP64
+__LP64__
+__MACH__
+__MICROBLAZE__
+__MINGW32__
+__MINGW64_VERSION_MAJOR
+__MINGW64__
+__MWERKS__
+__NT__
+__OS2__
+__OpenBSD__
+__PIE__
+__POWERPC__
+__PPC__
+__PPU
+__QNXNTO__
+__QNX__
+__ROPI__
+__SAM3A4C__
+__SAM3A8C__
+__SAM3A8H__
+__SAM3X4C__
+__SAM3X4E__
+__SAM3X8C__
+__SAM3X8E__
+__SANITIZE_ADDRESS__
+__SDCC_VERSION_MAJOR
+__SDCC_VERSION_MINOR
+__SDCC_VERSION_PATCH
+__SIZEOF_INT128__
+__SIZEOF_LONG_LONG__
+__STDC_VERSION__
+__STDC__
+__STM32__
+__STRICT_ANSI__
+__SUNPRO_C
+__SUNPRO_CC
+__SVR4
+__TI_COMPILER_VERSION__
+__TURBOC__
+__UNIX__
+__USE_GNU
+__USE_MISC
+__USE_XOPEN2K
+__WATCOMC__
+__WATCOM_INT64__
+__XC32
+__XTENSA__
+__aarch64__
+__alpha__
+__arch64__
+__arm__
+__clang__
+__clang_major__
+__cplusplus
+__ghc__
+__ghs__
+__hpux__
+__i386
+__i386__
+__ia64__
+__linux__
+__llvm__
+__mips
+__mips64
+__must_check
+__ppc64__
+__ppc__
+__riscv
+__riscv_xlen
+__s390x__
+__sparc
+__sparc64__
+__sun
+__svr4__
+__thumb__
+__ti__
+__x86_64__
+byte
+configTICK_RATE_HZ
+fallthrough
+noinline
+ssize_t
+sun
+versal
+wc_Tls13_HKDF_Expand_Label
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 337b0d61b..eca4a0219 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,6 @@
-# CMakeList.txt
+# CMakeLists.txt
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL. (formerly known as CyaSSL)
 #
@@ -21,6 +21,12 @@
 
 cmake_minimum_required(VERSION 3.16)
 
+if(${CMAKE_VERSION} VERSION_LESS "3.22")
+    message(STATUS "This project recommends using CMake version 3.22 or higher. You are using ${CMAKE_VERSION}.")
+else()
+    cmake_policy(SET CMP0128 NEW)
+endif()
+
 if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
     message(FATAL_ERROR "In-source builds are not allowed.\
      Run cmake from a separate directory from where CMakeLists.txt lives.\
@@ -28,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.6.6 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -42,16 +48,19 @@ else()
 endif()
 
 # shared library versioning
-# increment if interfaces have been added, removed or changed
-set(LIBTOOL_CURRENT 42)
-# increment if source code has changed  set to zero if current is incremented
-set(LIBTOOL_REVISION 0)
-# increment if interfaces have been added set to zero if interfaces have been
-# removed or changed
-set(LIBTOOL_AGE 0)
+# increment if interfaces have been removed or changed
+set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
 
-math(EXPR LIBTOOL_SO_VERSION "${LIBTOOL_CURRENT} - ${LIBTOOL_AGE}")
-set(LIBTOOL_FULL_VERSION ${LIBTOOL_SO_VERSION}.${LIBTOOL_AGE}.${LIBTOOL_REVISION})
+# increment if interfaces have been added
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
+set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
+
+# increment if source code has changed
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
+# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
+set(WOLFSSL_LIBRARY_VERSION_THIRD 0)
+
+set(LIBTOOL_FULL_VERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}.${WOLFSSL_LIBRARY_VERSION_SECOND}.${WOLFSSL_LIBRARY_VERSION_THIRD})
 
 set(WOLFSSL_DEFINITIONS)
 set(WOLFSSL_LINK_LIBS)
@@ -122,6 +131,7 @@ check_type_size("__uint128_t" __UINT128_T)
 check_type_size("long long" SIZEOF_LONG_LONG)
 check_type_size("long" SIZEOF_LONG)
 check_type_size("time_t" SIZEOF_TIME_T)
+check_type_size("uintptr_t" HAVE_UINTPTR_T)
 
 # By default, HAVE___UINT128_T gets defined as TRUE,
 # but we want it as 1.
@@ -130,16 +140,27 @@ if(HAVE___UINT128_T)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE___UINT128_T")
 endif()
 
-include(TestBigEndian)
-
-test_big_endian(WORDS_BIGENDIAN)
+if(CMAKE_VERSION VERSION_LESS "3.20")
+    # TestBigEndian was deprecated in 3.20
+    include(TestBigEndian)
+    test_big_endian(IS_BIG_ENDIAN)
+    set(CMAKE_C_BYTE_ORDER "LITTLE_ENDIAN")
+    if(IS_BIG_ENDIAN)
+        set(CMAKE_C_BYTE_ORDER "BIG_ENDIAN")
+    endif()
+endif()
 
 # Thread local storage
 include(CheckCSourceCompiles)
 
-set(TLS_KEYWORDS "__thread" "__declspec(thread)")
-foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
-    set(TLS_CODE "#include <stdlib.h>
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
+    endif()
+else()
+    set(TLS_KEYWORDS "__thread" "__declspec(thread)")
+    foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
+        set(TLS_CODE "#include <stdlib.h>
                   static void foo(void) {
                      static ${TLS_KEYWORD} int bar\;
                      exit(1)\;
@@ -148,21 +169,22 @@ foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
                   int main() {
                     return 0\;
                   }"
-    )
-    check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
+        )
+        check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
 
-    if(THREAD_LS_ON)
-        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
-        break()
-    else()
-        # THREAD_LS_ON is cached after each call to
-        # check_c_source_compiles, and the function
-        # won't run subsequent times if the variable
-        # is in the cache. To make it run again, we
-        # need to remove the variable from the cache.
-        unset(THREAD_LS_ON CACHE)
-    endif()
-endforeach()
+        if(THREAD_LS_ON)
+            list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
+            break()
+        else()
+            # THREAD_LS_ON is cached after each call to
+            # check_c_source_compiles, and the function
+            # won't run subsequent times if the variable
+            # is in the cache. To make it run again, we
+            # need to remove the variable from the cache.
+            unset(THREAD_LS_ON CACHE)
+        endif()
+    endforeach()
+endif()
 
 # TODO: AX_PTHREAD does a lot. Need to implement the
 #       rest of its logic.
@@ -182,13 +204,20 @@ find_package(Threads)
 # Example for map file and custom linker script
 #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
 
+message(STATUS "C Compiler ID: ${CMAKE_C_COMPILER_ID}")
+
 if(DEFINED WARNING_C_FLAGS)
-set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+endif()
+
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wx -wcd=202")
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DNO_WRITEV")
 elseif(WIN32)
-# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
-set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
+    # Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
+    set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
 else()
-set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
 endif()
 
 ####################################################
@@ -215,6 +244,8 @@ if(WOLFSSL_REPRODUCIBLE_BUILD)
     set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -D <TARGET>")
 endif()
 
+add_option("WOLFSSL_INSTALL" "Create install target for WolfSSL project" "yes" "yes;no")
+
 # Support for forcing 32-bit mode
 # TODO: detect platform from other options
 add_option("WOLFSSL_32BIT"
@@ -263,10 +294,10 @@ if(NOT WOLFSSL_SINGLE_THREADED)
     if(CMAKE_USE_PTHREADS_INIT)
         list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
         set(HAVE_PTHREAD 1)
-        list(APPEND WOLFSSL_DEFINITIONS
-            "-DHAVE_PTHREAD"
-            "-D_POSIX_THREADS")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PTHREAD")
     endif()
+else()
+    list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
 endif()
 
 # DTLS-SRTP
@@ -400,16 +431,17 @@ if(WOLFSSL_CURL)
     set(WOLFSSL_MD4 "yes")
     set(WOLFSSL_DES3 "yes")
     set(WOLFSSL_ALPN "yes")
+    set(WOLFSSL_WOLFSSH "yes")
     set(WOLFSSL_OPENSSLEXTRA "yes")
     set(WOLFSSL_CRL "yes")
     set(WOLFSSL_OCSP "yes")
     set(WOLFSSL_OCSPSTAPLING "yes")
     set(WOLFSSL_OCSPSTAPLING_V2 "yes")
+    # Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2)
     set(WOLFSSL_SNI "yes")
     set(WOLFSSL_ALT_CERT_CHAINS "yes")
     set(WOLFSSL_IP_ALT_NAME "yes")
     set(WOLFSSL_SESSION_TICKET "yes")
-    set(WOLFSSL_WOLFSSH "yes")
     list(APPEND WOLFSSL_DEFINITIONS
         "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
 endif()
@@ -420,7 +452,7 @@ add_option(WOLFSSL_ALPN
     "no" "yes;no")
 
 if(WOLFSSL_ALPN)
-        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS")
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS")
 endif()
 
 # altcertchains
@@ -519,6 +551,15 @@ if (WOLFSSL_OPENSSLALL)
       "-DWOLFSSL_ERROR_CODE_OPENSSL" "-DWOLFSSL_CERT_NAME_ALL")
 endif()
 
+add_option(WOLFSSL_NO_STUB
+    "Removes OpenSSL compatibility stub functions (default: disabled)"
+    "no" "yes;no")
+
+if (WOLFSSL_NO_STUB)
+    list(APPEND WOLFSSL_DEFINITIONS
+      "-DNO_WOLFSSL_STUB")
+endif()
+
 # TODO: - IPv6 test apps
 
 set(WOLFSSL_SLOW_MATH "yes")
@@ -528,19 +569,102 @@ add_option(WOLFSSL_OQS
     "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
     "no" "yes;no")
 
-if (WOLFSSL_OQS)
-    find_package(OQS)
+# Kyber
+add_option(WOLFSSL_KYBER
+    "Enable the wolfSSL PQ Kyber library (default: disabled)"
+    "no" "yes;no")
 
-    if (OQS_FOUND)
-        list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
-        list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
-        set(HAVE_LIBOQS 1)
-        list(APPEND WOLFSSL_DEFINITIONS
-          "-DHAVE_TLS_EXTENSIONS"
-          "-DHAVE_LIBOQS")
+# Experimental features
+add_option(WOLFSSL_EXPERIMENTAL
+    "Enable experimental features (default: disabled)"
+    "no" "yes;no")
+
+message(STATUS "Looking for WOLFSSL_EXPERIMENTAL")
+if (WOLFSSL_EXPERIMENTAL)
+    message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found")
+
+    # We've enabled the experimental environment, but let's
+    # check if any experimental features are also enabled:
+    set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
+
+    set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
+
+    # Checking for experimental feature: OQS
+    message(STATUS "Looking for WOLFSSL_OQS")
+    if (WOLFSSL_OQS)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
+        message(STATUS "Looking for WOLFSSL_OQS - found")
+
+        message(STATUS "Checking OQS")
+        find_package(OQS)
+        if (OQS_FOUND)
+            message(STATUS "Checking OQS - found")
+            list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
+            list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
+
+            set_wolfssl_definitions("HAVE_LIBOQS"          RESUlT)
+            set_wolfssl_definitions("HAVE_TLS_EXTENSIONS"  RESUlT)
+            set_wolfssl_definitions("OPENSSL_EXTRA"        RESUlT)
+
+        else()
+            message(STATUS "Checking OQS - not found")
+            message(STATUS "WARNING: WOLFSSL_OQS enabled but not found: OQS_LIBRARY=${OQS_LIBRARY}, OQS_INCLUDE_DIR=${OQS_INCLUDE_DIR} ")
+        endif()
+    else()
+        message(STATUS "Looking for WOLFSSL_OQS - not found")
+    endif()
+
+    # Checking for experimental feature: Kyber
+    message(STATUS "Looking for WOLFSSL_KYBER")
+    if (WOLFSSL_KYBER)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
+
+        message(STATUS "Automatically set related requirements for Kyber:")
+        set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
+        set_wolfssl_definitions("WOLFSSL_WC_KYBER"   RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHA3"       RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESUlT)
+        message(STATUS "Looking for WOLFSSL_KYBER - found")
+    else()
+        message(STATUS "Looking for WOLFSSL_KYBER - not found")
+    endif()
+
+    # Other experimental feature detection can be added here...
+
+    # Were any experimental features found? Display a message.
+    if(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE)
+        message(STATUS "WOLFSSL_EXPERIMENTAL enabled, experimental features enabled.")
+    else()
+        message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.")
+    endif()
+
+    # Sanity checks
+    if(WOLFSSL_OQS AND WOLFSSL_KYBER)
+        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
+    endif()
+
+else()
+    # Experimental mode not enabled, but were any experimental features enabled? Error out if so:
+    message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
+    if (WOLFSSL_OQS)
+        message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
+    endif()
+    if(WOLFSSL_KYBER)
+        message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
     endif()
 endif()
 
+# LMS
+add_option(WOLFSSL_LMS
+    "Enable the wolfSSL LMS implementation (default: disabled)"
+    "no" "yes;no")
+
+# XMSS
+add_option(WOLFSSL_XMSS
+    "Enable the wolfSSL XMSS implementation (default: disabled)"
+    "no" "yes;no")
+
 # TODO: - Lean PSK
 #       - Lean TLS
 #       - Low resource
@@ -554,6 +678,7 @@ endif()
 #       - Atomic user record layer
 #       - Public key callbacks
 #       - Microchip/Atmel CryptoAuthLib
+#       - dual-certs
 
 # AES-CBC
 add_option("WOLFSSL_AESCBC"
@@ -574,7 +699,7 @@ if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
     override_cache(WOLFSSL_AESGCM "no")
 endif()
 
-if(WOLFSSL_AESGCM AND NOT WORDS_BIGENDIAN)
+if(WOLFSSL_AESGCM AND CMAKE_C_BYTE_ORDER STREQUAL "LITTLE_ENDIAN")
     override_cache(WOLFSSL_AESGCM "4bit")
 endif()
 
@@ -841,13 +966,29 @@ if(WOLFSSL_ECC)
     endif()
 endif()
 
-# TODO: - ECC custom curves
-#       - Compressed key
+# TODO: - Compressed key
 #       - FP ECC, fixed point cache ECC
 #       - ECC encrypt
 #       - PSK
 #       - Single PSK identity
 
+# ECC custom curves
+add_option("WOLFSSL_ECCCUSTCURVES"
+    "Enable ECC Custom Curves (default: disabled)"
+    "no" "yes;no;all")
+
+if(WOLFSSL_ECCCUSTCURVES)
+    if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
+    endif()
+
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
+endif()
+
 # CURVE25519
 set(WOLFSSL_CURVE25519_SMALL "no")
 add_option("WOLFSSL_CURVE25519"
@@ -1008,8 +1149,7 @@ if(NOT WOLFSSL_MEMORY)
 else()
     # turn off memory cb if leanpsk or leantls on
     if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
-        # but don't turn on NO_WOLFSSL_MEMORY because using own
-        override_cache(WOLFSSL_MEMORY "no")
+        list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
     endif()
 endif()
 
@@ -1205,6 +1345,14 @@ if(WOLFSSL_OPENSSH OR
     override_cache(WOLFSSL_DES3 "yes")
 endif()
 
+# DES3 TLS Suites
+set(WOLFSSL_DES3_TLS_SUITES_STRING "Enable DES3 TLS cipher suites (default: disabled)")
+add_option("WOLFSSL_DES3_TLS_SUITES" ${WOLFSSL_DES3_TLS_SUITES_STRING} "no" "yes;no")
+
+if(NOT WOLFSSL_DES3_TLS_SUITES)
+    list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3_TLS_SUITES")
+endif()
+
 # ARC4
 set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
 add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
@@ -1432,6 +1580,15 @@ add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} ${SNI_DEFAULT} "yes;no")
 set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)")
 add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no")
 
+add_option(WOLFSSL_EX_DATA
+    "Enable app data (default: disabled)"
+    "no" "yes;no")
+
+if (WOLFSSL_EX_DATA)
+    list(APPEND WOLFSSL_DEFINITIONS
+      "-DHAVE_EX_DATA")
+endif()
+
 # Supported elliptic curves extensions
 add_option("WOLFSSL_SUPPORTED_CURVES"
     "Enable Supported Elliptic Curves (default: enabled)"
@@ -1662,17 +1819,14 @@ if(WOLFSSL_FAST_MATH)
         list(APPEND WOLFSSL_DEFINITIONS "-DUSE_FAST_MATH")
         set(WOLFSSL_SLOWMATH "no")
     endif()
-
-    if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
-        # Have settings.h set FP_MAX_BITS higher if user didn't set directly
-        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
-    endif()
 endif()
 
 # TODO: - Fast huge math
 
 # Set processor-specific build macros
 if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
+    set(WOLFSSL_X86_64_BUILD ON)
+    add_option("WOLFSSL_X86_64_BUILD_ASM" "Build ASM files" "yes" "yes;no")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
 elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "aarch64|arm64")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AARCH64_BUILD")
@@ -1753,13 +1907,19 @@ else()
     list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_ASYNC_THREADING")
 endif()
 
-# TODO: - cryptodev
-#       - Session export
+# TODO: - Session export
 
 add_option("WOLFSSL_CRYPTOCB"
     "Enable crypto callbacks (default: disabled)"
     "no" "yes;no")
 
+add_option("WOLFSSL_CRYPTOCB_NO_SW_TEST"
+    "Disable crypto callback SW testing (default: disabled)"
+    "no" "yes;no")
+
+add_option("WOLFSSL_PKCALLBACKS"
+    "Enable public key callbacks (default: disabled)"
+    "no" "yes;no")
 
 add_option("WOLFSSL_OLD_NAMES"
     "Keep backwards compat with old names (default: enabled)"
@@ -1960,6 +2120,15 @@ if(WOLFSSL_CRYPTOCB)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
 endif()
 
+if(WOLFSSL_CRYPTOCB_NO_SW_TEST)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWC_TEST_NO_CRYPTOCB_SW_TEST")
+endif()
+
+# Public Key Callbacks
+if(WOLFSSL_PKCALLBACKS)
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
+endif()
+
 if(WOLFSSL_OCSPSTAPLING)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CERTIFICATE_STATUS_REQUEST" "-DHAVE_TLS_EXTENSIONS")
     override_cache(WOLFSSL_OCSP "yes")
@@ -2075,7 +2244,7 @@ endif()
 # Suppress some warnings about separate compilation, inlining
 add_definitions("-DWOLFSSL_IGNORE_FILE_WARN")
 # Generate user options header
-message("Generating user options header...")
+message(STATUS "Generating user options header...")
 if (${CMAKE_DISABLE_SOURCE_CHANGES})
     set(WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT "${CMAKE_DISABLE_SOURCE_CHANGES}")
 else()
@@ -2091,34 +2260,46 @@ else()
 endif()
 set(OPTION_FILE "${WOLFSSL_OUTPUT_BASE}/wolfssl/options.h")
 
+# sccache
+add_option("ENABLE_SCCACHE"
+        "Enable sccache (default: disabled)"
+        "no" "yes;no")
+
+if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
+    find_program(SCCACHE sccache REQUIRED)
+    if(SCCACHE)
+        message(STATUS "Enable sccache")
+
+        if(CMAKE_C_COMPILER_LAUNCHER)
+            set(CMAKE_C_COMPILER_LAUNCHER "${CMAKE_C_COMPILER_LAUNCHER}" "${SCCACHE}")
+        else()
+            set(CMAKE_C_COMPILER_LAUNCHER "${SCCACHE}")
+        endif()
+        if(CMAKE_CXX_COMPILER_LAUNCHER)
+            set(CMAKE_CXX_COMPILER_LAUNCHER "${CMAKE_CXX_COMPILER_LAUNCHER}" "${SCCACHE}")
+        else()
+            set(CMAKE_CXX_COMPILER_LAUNCHER "${SCCACHE}")
+        endif()
+
+        if (MSVC)
+            if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+                string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}")
+                string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
+            elseif(CMAKE_BUILD_TYPE STREQUAL "Release")
+                string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")
+                string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
+            elseif(CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
+                string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
+                string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
+            endif()
+        endif()
+        set(WOLFSSL_SCCACHE_ALREADY_SET_FLAG ON)
+    endif()
+endif()
+
+
 file(REMOVE ${OPTION_FILE})
 
-file(APPEND ${OPTION_FILE} "/* wolfssl options.h\n")
-file(APPEND ${OPTION_FILE} " * generated from configure options\n")
-file(APPEND ${OPTION_FILE} " *\n")
-file(APPEND ${OPTION_FILE} " * Copyright (C) 2006-2023 wolfSSL Inc.\n")
-file(APPEND ${OPTION_FILE} " *\n")
-file(APPEND ${OPTION_FILE} " * This file is part of wolfSSL. (formerly known as CyaSSL)\n")
-file(APPEND ${OPTION_FILE} " *\n")
-file(APPEND ${OPTION_FILE} " */\n\n")
-file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_H\n")
-file(APPEND ${OPTION_FILE} "#define WOLFSSL_OPTIONS_H\n\n\n")
-file(APPEND ${OPTION_FILE} "#ifdef __cplusplus\n")
-file(APPEND ${OPTION_FILE} "extern \"C\" {\n")
-file(APPEND ${OPTION_FILE} "#endif\n\n")
-
-add_to_options_file("${WOLFSSL_DEFINITIONS}" "${OPTION_FILE}")
-# CMAKE_C_FLAGS is just a string of space-separated flags to pass to the C
-# compiler. We need to replace those spaces with semicolons in order to treat it
-# as a CMake list.
-string(REPLACE " " ";" CMAKE_C_FLAGS_LIST "${CMAKE_C_FLAGS}")
-add_to_options_file("${CMAKE_C_FLAGS_LIST}" "${OPTION_FILE}")
-
-file(APPEND ${OPTION_FILE} "\n#ifdef __cplusplus\n")
-file(APPEND ${OPTION_FILE} "}\n")
-file(APPEND ${OPTION_FILE} "#endif\n\n\n")
-file(APPEND ${OPTION_FILE} "#endif /* WOLFSSL_OPTIONS_H */\n\n")
-
 ####################################################
 # Library Target
 ####################################################
@@ -2196,9 +2377,23 @@ if(WOLFSSL_ARIA)
     message(STATUS "ARIA Check: WOLFSSL_LINK_LIBS    = ${WOLFSSL_LINK_LIBS}")
 endif()
 
+foreach(DEF IN LISTS WOLFSSL_DEFINITIONS)
+    string(REGEX MATCH "^(-D)?([^=]+)(=(.*))?$" DEF_MATCH ${DEF})
+    if (NOT "${CMAKE_MATCH_4}" STREQUAL "")
+        set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})
+        # message("set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})")
+    else()
+        set(${CMAKE_MATCH_2} 1)
+        # message("set(${CMAKE_MATCH_2} 1)")
+    endif()
+endforeach()
+
+# If new build options are added please update the cmake/options.h.in
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/options.h.in ${OPTION_FILE})
+
 set_target_properties(wolfssl
     PROPERTIES
-        SOVERSION ${LIBTOOL_SO_VERSION}
+        SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}
         VERSION ${LIBTOOL_FULL_VERSION}
 )
 
@@ -2232,17 +2427,24 @@ target_include_directories(wolfssl
 
 target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
 
-if(WIN32)
-    # For Windows link ws2_32
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+        target_link_libraries(wolfssl PUBLIC ws2_32 crypt32)
+    endif()
+elseif (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "^MSYS" OR ${CMAKE_SYSTEM_NAME} MATCHES "^MINGW")
+    # For Windows link required libraries
+    message("Building on Windows/MSYS/MINGW")
     target_link_libraries(wolfssl PUBLIC
-        $<$<PLATFORM_ID:Windows>:ws2_32 crypt32>)
+        ws2_32 crypt32 advapi32)
 elseif(APPLE)
+    message("Building on Apple")
     if(WOLFSSL_SYS_CA_CERTS)
         target_link_libraries(wolfssl PUBLIC
             ${CORE_FOUNDATION_FRAMEWORK}
             ${SECURITY_FRAMEWORK})
     endif()
 else()
+    message("Building on Linux (or other)")
     if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
         # DH requires math (m) library
         target_link_libraries(wolfssl
@@ -2294,12 +2496,14 @@ if(WOLFSSL_EXAMPLES)
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
 
-    if(NOT WIN32)
+    if(NOT WIN32 AND NOT WOLFSSL_SINGLE_THREADED)
         # Build TLS benchmark example
         add_executable(tls_bench
             ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
         target_link_libraries(tls_bench wolfssl)
-        target_link_libraries(tls_bench Threads::Threads)
+        if(CMAKE_USE_PTHREADS_INIT)
+            target_link_libraries(tls_bench Threads::Threads)
+        endif()
         set_property(TARGET tls_bench
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/benchmark)
@@ -2308,19 +2512,49 @@ if(WOLFSSL_EXAMPLES)
     # Build unit tests
     add_executable(unit_test
         tests/api.c
+        tests/api/test_md5.c
+        tests/api/test_sha.c
+        tests/api/test_sha256.c
+        tests/api/test_sha512.c
+        tests/api/test_sha3.c
+        tests/api/test_blake2.c
+        tests/api/test_sm3.c
+        tests/api/test_ripemd.c
+        tests/api/test_hash.c
+        tests/api/test_hmac.c
+        tests/api/test_cmac.c
+        tests/api/test_des3.c
+        tests/api/test_chacha.c
+        tests/api/test_poly1305.c
+        tests/api/test_chacha20_poly1305.c
+        tests/api/test_camellia.c
+        tests/api/test_arc4.c
+        tests/api/test_rc2.c
+        tests/api/test_aes.c
+        tests/api/test_ascon.c
+        tests/api/test_sm4.c
+        tests/api/test_wc_encrypt.c
+        tests/api/test_mlkem.c
+        tests/api/test_dtls.c
+        tests/api/test_ocsp.c
+        tests/api/test_evp.c
         tests/hash.c
         tests/srp.c
         tests/suites.c
         tests/w64wrapper.c
         tests/unit.c
         tests/quic.c
+        tests/utils.c
+        testsuite/utils.c
         examples/server/server.c
         examples/client/client.c)
     target_include_directories(unit_test PRIVATE
         ${CMAKE_CURRENT_BINARY_DIR})
     target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
     target_link_libraries(unit_test wolfssl)
-    target_link_libraries(unit_test Threads::Threads)
+    if(CMAKE_USE_PTHREADS_INIT)
+        target_link_libraries(unit_test Threads::Threads)
+    endif()
     set_property(TARGET unit_test
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/tests/)
@@ -2516,82 +2750,99 @@ list(JOIN HEADER_EXCLUDE "|" EXCLUDED_HEADERS_REGEX)
 string(PREPEND EXCLUDED_HEADERS_REGEX "(")
 string(APPEND  EXCLUDED_HEADERS_REGEX ")")
 
-set(INSTALLED_EXAMPLES
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
+if(WOLFSSL_INSTALL)
 
-# Install the library
-install(TARGETS wolfssl
-        EXPORT wolfssl-targets
-        LIBRARY DESTINATION lib
-        ARCHIVE DESTINATION lib
-        RUNTIME DESTINATION bin
-        )
-# Install the headers
-install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
-        FILES_MATCHING PATTERN "*.h"
-        REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
-install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
-        FILES_MATCHING PATTERN "*.h"
-        REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
+    set(INSTALLED_EXAMPLES
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
 
-# Install the examples
-install(FILES ${INSTALLED_EXAMPLES}
-        DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
-# Install README.txt and taoCert.txt
-install(FILES
-        ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
-        ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
-        DESTINATION ${CMAKE_INSTALL_DOCDIR})
-# Install the export set
-install(EXPORT wolfssl-targets
-        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
-        FILE wolfssl-targets.cmake
-        NAMESPACE wolfssl::)
 
-# TODO: Distro build + rules for what to include in the distro.
-#       See various include.am files.
+    # Install the library
+    install(TARGETS wolfssl
+            EXPORT wolfssl-targets
+            LIBRARY DESTINATION lib
+            ARCHIVE DESTINATION lib
+            RUNTIME DESTINATION bin
+            )
+    # Install the headers
+    install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
+            DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
+            FILES_MATCHING PATTERN "*.h"
+            REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
+    install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
+            DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
+            FILES_MATCHING PATTERN "*.h"
+            REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
 
-set(prefix ${CMAKE_INSTALL_PREFIX})
-set(exec_prefix "\${prefix}")
-set(libdir "\${exec_prefix}/lib")
-set(includedir "\${prefix}/include")
-set(VERSION ${PROJECT_VERSION})
+    # Install the examples
+    install(FILES ${INSTALLED_EXAMPLES}
+            DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
+    # Install README.txt and taoCert.txt
+    install(FILES
+            ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
+            ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
+            DESTINATION ${CMAKE_INSTALL_DOCDIR})
+    # Install the export set
+    install(EXPORT wolfssl-targets
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
+            FILE wolfssl-targets.cmake
+            NAMESPACE wolfssl::)
 
-configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
-  DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+    # TODO: Distro build + rules for what to include in the distro.
+    #       See various include.am files.
 
-include(CMakePackageConfigHelpers)
-configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
-  "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
-  INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
-  NO_SET_AND_CHECK_MACRO
-  NO_CHECK_REQUIRED_COMPONENTS_MACRO
-)
+    set(prefix ${CMAKE_INSTALL_PREFIX})
+    set(exec_prefix "\${prefix}")
+    set(libdir "\${exec_prefix}/lib")
+    set(includedir "\${prefix}/include")
+    set(VERSION ${PROJECT_VERSION})
 
-export(EXPORT wolfssl-targets
-  FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
-  NAMESPACE wolfssl::
-)
+    if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    else()
+        # Setting libm in Libs.private of wolfssl.pc.
+        # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
+        get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
+        list(FIND _wolfssl_dep_libs m _dep_libm)
+        if ("${_dep_libm}" GREATER -1)
+            set(LIBM -lm)
+        else()
+            set(LIBM)
+        endif()
+    endif()
 
-write_basic_package_version_file(
-  "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
-  VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
-  COMPATIBILITY AnyNewerVersion
-)
+    configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
+    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
 
-install(FILES
-  ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
-  ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
-  DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
-)
+    include(CMakePackageConfigHelpers)
+    configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
+    "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
+    INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
+    NO_SET_AND_CHECK_MACRO
+    NO_CHECK_REQUIRED_COMPONENTS_MACRO
+    )
+
+    export(EXPORT wolfssl-targets
+    FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
+    NAMESPACE wolfssl::
+    )
+
+    write_basic_package_version_file(
+    "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
+    VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
+    COMPATIBILITY AnyNewerVersion
+    )
+
+    install(FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
+    ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
+    )
+endif()
diff --git a/ChangeLog.md b/ChangeLog.md
index 586adaa45..0b32346c6 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,524 @@
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
+
+Release 5.7.6 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
+## Vulnerabilities
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
+
+
+## New Feature Additions
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
+
+
+## Enhancements and Optimizations
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
+
+
+## Fixes
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
+
+
+# wolfSSL Release 5.7.4 (Oct 24, 2024)
+
+Release 5.7.4 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
+## Vulnerabilities
+* [Low] When the OpenSSL compatibility layer is enabled, certificate
+ verification behaved differently in wolfSSL than OpenSSL, in the
+ X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
+ Previously, in cases where an application explicitly loaded an intermediate
+ certificate, wolfSSL was verifying only up to that intermediate certificate,
+ rather than verifying up to the root CA. This only affects use cases where the
+ API is called directly, and does not affect TLS connections. Users that call
+ the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
+ applications are recommended to update the version of wolfSSL used or to have
+ additional sanity checks on certificates loaded into the X509_STORE when
+ verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
+
+
+## PQC TLS Experimental Build Fix
+* When using TLS with post quantum algorithms enabled, the connection uses a
+ smaller EC curve than agreed on. Users building with --enable-experimental and
+ enabling PQC cipher suites with TLS connections are recommended to update the
+ version of wolfSSL used. Thanks to Daniel Correa for the report.
+ (https://github.com/wolfSSL/wolfssl/pull/8084)
+
+
+## New Feature Additions
+* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
+ Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
+* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
+* Add support for (DevkitPro)libnds (PR 7990)
+* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
+* Add port for init sssd (PR 7781)
+* Add port for eXosip2 (PR 7648)
+* Add support for STM32G4 (PR 7997)
+* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
+ Support (PR 7777)
+* Add support for building wolfSSL to be used in libspdm (PR 7869)
+* Add port for use with Nucleus Plus 2.3 (PR 7732)
+* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
+ --enable-acert (PR 7926)
+* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
+ (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
+ (PR 7750)
+* Added “new� and “delete� style functions for heap/pool allocation and freeing
+ of low level crypto structures (PR 3166 and 8089)
+
+
+## Enhancements and Optimizations
+* Increase default max alt. names from 128 to 1024 (PR 7762)
+* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
+* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
+* Add option to disable cryptocb test software test using
+ --disable-cryptocb-sw-test (PR 7862)
+* Add a call to certificate verify callback before checking certificate dates
+ (PR 7895)
+* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
+ support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
+ Hashing (PR 3166)
+* Expand MMCAU support for use with DES ECB (PR 7960)
+* Update AES SIV to handle multiple associated data inputs (PR 7911)
+* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
+* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
+* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
+* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
+ (PR 7731)
+* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
+* Renesas RX TSIP ECDSA support (PR 7685)
+* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
+* Server-side checks OCSP even if it uses v2 multi (PR 7828)
+* Add handling of absent hash params in PKCS7 bundle parsing and creation
+ (PR 7845)
+* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
+ environments that do not have a word64 type (PR 7759)
+* Update to the maxq10xx support (PR 7824)
+* Add support for parsing over optional PKCS8 attributes (PR 7944)
+* Add support for either side method with DTLS 1.3 (PR 8012)
+* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
+* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
+* Add left-most wildcard matching support to X509_check_host() (PR 7966)
+* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
+* Building wolfSSL as a library with Ada and corrections to Alire manifest
+ (PR 7303,7940)
+* Renesas RX72N support updated (PR 7849)
+* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
+ (PR 8005)
+* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
+ SSL object (PR 7867)
+* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
+ Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
+* Memory usage improvements in wc_PRF, sha256 (for small code when many
+ registers are available) and sp_int objects (PR 7901)
+* Change in the configure script to work around ">>" with no command. In older
+ /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
+* Don't attempt to include system headers when not required (PR 7813)
+* Certificates: DER encoding of ECC signature algorithm parameter is now
+ allowed to be NULL with a define (PR 7903)
+* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
+* Update rx64n support on gr-rose (PR 7889)
+* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
+* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
+* Add a new crypto callback for RSA with padding (PR 7907)
+* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
+ (PR 7924)
+* Modernized memory fence support for C11 and clang (PR 7938)
+* Add a CRL error override callback (PR 7986)
+* Extend the X509 unknown extension callback for use with a user context
+ (PR 7730)
+* Additional debug error tracing added with TLS (PR 7917)
+* Added runtime support for library call stack traces with
+ –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
+* Expanded C89 conformance (PR 8077)
+* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
+* Added support for cross-compilation of Linux kernel module (PR 7746)
+* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
+* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
+ serial number of 0 (PR 7893)
+* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
+
+### Espressif / Arduino Updates
+* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
+* Update Espressif sha, util, mem, time helpers (PR 7955)
+* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
+* Improve benchmark for Espressif devices (PR 8037)
+* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
+* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
+ (PR 7936)
+* Update wolfssl Release for Arduino (PR 7775)
+
+### Post Quantum Crypto Updates
+* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
+* Dilithium: add option to use precalc with small sign (PR 7744)
+* Allow Kyber to be built with FIPS (PR 7788)
+* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
+* Dilithium, Kyber: Update to final specification (PR 7877)
+* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
+
+### ARM Assembly Optimizations
+* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
+* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
+* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
+* Adding ARM ASM build option to STM32CubePack (PR 7747)
+* Add ARM64 to Visual Studio Project (PR 8010)
+* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
+* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+
+
+## Fixes
+* ECC key load: fixes for certificates with parameters that are not default for
+ size (PR 7751)
+* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
+* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
+ (PR 7812)
+* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
+* Fix for detecting older versions of Mac OS when trying to link with
+ libdispatch (PR 7932)
+* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
+ packets combined into a single transmission. (PR 7840)
+* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
+ (PR 7779)
+* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
+* Fix for staticmemory and singlethreaded build (PR 7737)
+* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
+* Fix to support PKCS11 without RSA key generation (PR 7738)
+* Fix not calling the signing callback when using PK callbacks + TLS 1.3
+ (PR 7761)
+* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
+* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
+* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
+* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
+ (PR 7742)
+* Use max key length for PSK encrypt buffer size (PR 7707)
+* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
+* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
+* Fix CMake build error for curl builds (PR 8021)
+* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
+* SSL loading of keys/certs: testing and fixes (PR 7789)
+* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
+* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
+* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
+* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
+* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
+ (PR 8099)
+
+
+# wolfSSL Release 5.7.2 (July 08, 2024)
+
+Release 5.7.2 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+## Vulnerabilities
+* [Medium] CVE-2024-1544
+Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
+Fixed https://github.com/wolfSSL/wolfssl/pull/7020
+
+
+* [Medium] CVE-2024-5288
+A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
+Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
+
+
+* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
+Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
+
+* [Low] CVE-2024-5991
+In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
+Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
+
+* [Medium] CVE-2024-5814
+A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
+Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
+
+* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
+Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
+
+* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
+Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
+
+
+## New Feature Additions
+* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
+* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
+* Added CUDA support for AES encryption (PR 7436)
+* Added support for gRPC (PR 7445)
+* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
+* Added crypto callback for SHA-3 (PR 7670)
+* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
+* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
+* C# wrapper SNI support added (PR 7610)
+* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
+* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
+* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
+* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
+
+
+## Enhancements and Optimizations
+* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
+* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
+* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
+* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
+* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
+* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
+* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no� boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
+* Improvements for Renesas RZ support (PR 7474)
+* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
+* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
+* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
+* Changed subject name comparison to match different upper and lower cases (PR 7420)
+* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
+* Update to static memory build for more generic memory pools used (PR 7418)
+* Improved performance of Kyber C implementation (PR 7654)
+* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
+* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
+* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
+* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
+* Cortex-M inline assembly labels with unique number appended (PR 7649)
+* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
+* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
+* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
+* Added stubs required for latest nginx (1.25.5) (PR 7449)
+* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
+* Added PQ files for Windows (PR 7419)
+* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
+* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
+* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
+* Added additional minimum TLS extension size sanity checks (PR 7602)
+* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
+* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
+* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
+* XCODE support for v5.2.3 of the FIPS module (PR 7140)
+* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
+
+## Fixes
+* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
+* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
+* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
+* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
+* Fixed OCSP response message build for DTLS (PR 7671)
+* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
+* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
+* Added sanity check on record header with QUIC use (PR 7638)
+* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
+* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
+* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
+* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
+* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
+* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
+* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
+
+
+# wolfSSL Release 5.7.0 (Mar 20, 2024)
+
+Release 5.7.0 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition.  This option should only be used in backward compatibility scenarios, as it is inherently insecure.
+
+NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
+
+
+## Vulnerabilities
+* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
+
+
+* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
+
+
+* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
+Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
+
+
+## New Feature Additions
+
+* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
+
+### POST QUANTUM SUPPORT ADDITIONS
+* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
+* Experimental framework for using wolfSSL’s LMS implementation (PR 7283)
+* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318)
+* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112)
+* CryptoCb support for PQC algorithms (PR 7110)
+
+### OTHER FEATURE ADDITIONS
+* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems.  In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
+* CryptoCb hook to one-shot CMAC functions (PR 7059)
+* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184)
+* IoT-Safe SHA-384 and SHA-512 support (PR 7176)
+* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272)
+* Microchip PIC24 support and example project (PR 7151)
+* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296)
+* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
+* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236)
+
+
+## Enhancements and Optimizations
+
+* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
+* Support for RSA-PSS signatures with CRL use (PR 7119)
+* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
+* Support for crypto cb only build with ECC and NXP CAAM (PR 7269)
+* Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
+* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096)
+* Enhancements to reproducible build (PR 7267)
+* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
+* XC32 compiler version 4.x compatibility (PR 7128)
+* Porting for build on PlayStation 3 and 4 (PR 7072)
+* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
+* Allow crypto callbacks with SHA-1 HW (PR 7087)
+* Update OpenSSH port to version 9.6p1(PR 7203)
+* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221)
+* Expand heap hint support for static memory build with more x509 functions (PR 7136)
+* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182)
+* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194)
+* Implement wc_rng_new_ex for use with devID’s with crypto callback (PR 7271)
+* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102)
+* Send alert on bad PSK binder error (PR 7235)
+* Enhancements to CMake build files for use with cross compiling (PR 7188)
+
+
+## Fixes
+
+* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051)
+* Fix for Aria sign use (PR 7082)
+* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085)
+* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018)
+* Fixes for STM32 PKA use with ECC (PR 7098)
+* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070)
+* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101)
+* Siphash x64 asm fix for use with older compilers (PR 7299)
+* Fix for SGX build with SP (PR 7308)
+* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190)
+* Fix for wrap around behavior with BIO pairs (PR 7169)
+* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255)
+* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150)
+* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214)
+* Fix for write_dup use with chacha-poly cipher suites (PR 7206)
+* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141)
+* Fix for AES ECB build with Thumb and alignment (PR 7094)
+* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237)
+
 # wolfSSL Release 5.6.6 (Dec 19, 2023)
 
 Release 5.6.6 has been developed according to wolfSSL's development and QA
@@ -18,7 +539,7 @@ fixed this omission in several PRs for this release.
 
 * [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
 
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`� configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
+* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`� configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
 
 * [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
 
@@ -672,9 +1193,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ## Enhancements
 * DTLSv1.3: Do HRR Cookie exchange by default
-* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API 
-* Update ide win10 build files to add missing sp source files 
-* Improve Workbench docs 
+* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
+* Update ide win10 build files to add missing sp source files
+* Improve Workbench docs
 * Improve EVP support for CHACHA20_POLY1305
 * Improve `wc_SetCustomExtension` documentation
 * RSA-PSS with OCSP and add simple OCSP response DER verify test case
@@ -682,23 +1203,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 * Don't over-allocate memory for DTLS fragments
 * Add WOLFSSL_ATECC_TFLXTLS for Atmel port
 * SHA-3 performance improvements with x86_64 assembly
-* Add code to fallback to S/W if TSIP cannot handle 
+* Add code to fallback to S/W if TSIP cannot handle
 * Improves entropy with VxWorks
 * Make time in milliseconds 64-bits for longer session ticket lives
 * Support for setting cipher list with bytes
 * wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
 * Add to RSAES-OAEP key parsing for pkcs7
 * Add missing DN nid to work with PrintName()
-* SP int: default to 16 bit word size when NO_64BIT defined 
+* SP int: default to 16 bit word size when NO_64BIT defined
 * Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
 * Detect when certificate's RSA public key size is too big and fail on loading of certificate
 
 ## Fixes
 * Fix for async with OCSP non-blocking in `ProcessPeerCerts`
 * Fixes for building with 32-bit and socket size sign/unsigned mismatch
-* Fix Windows CMakeList compiler options 
-* TLS 1.3 Middle-Box compat: fix missing brace 
-* Configuration consistency fixes for RSA keys and way to force disable of private keys 
+* Fix Windows CMakeList compiler options
+* TLS 1.3 Middle-Box compat: fix missing brace
+* Configuration consistency fixes for RSA keys and way to force disable of private keys
 * Fix for Aarch64 Mac M1 SP use
 * Fix build errors and warnings for MSVC with DTLS 1.3
 * Fix HMAC compat layer function for SHA-1
@@ -706,9 +1227,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 * Check return from call to wc_Time
 * SP math: fix build configuration with opensslall
 * Fix for async session tickets
-* SP int mp_init_size fixes when SP_WORD_SIZE == 8 
+* SP int mp_init_size fixes when SP_WORD_SIZE == 8
 * Ed. function to make public key now checks for if the private key flag is set
-* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash 
+* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
 * Fix for building with PSK only
 * Set correct types in wolfSSL_sk_*_new functions
 * Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
@@ -822,7 +1343,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb
 * Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
 ### SP Math Fixes
 * Fixes for constant time with div function
-* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile 
+* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
 * Fix for div_word when not using div function
 * Fixes for user settings with SP ASM and ED/Curve25519 small
 * Additional Wycheproof tests ran and fixes
@@ -1002,7 +1523,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 ### Math Library Fixes
 * Sanity check with SP math that ECC points ordinates are not greater than modulus length
 * Additional sanity checks that _sp_add_d does not error due to overflow
-* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests 
+* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
 * TFM fp_div_2_ct rework to avoid potential overflow
 
 ### Misc.
@@ -1243,7 +1764,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
 ###### PORT Fixes
 * Building with Android wpa_supplicant and KeyStore
 * Setting initial value of CA certificate with TSIP enabled
-* Cryptocell ECC build fix and fix with RSA disabled 
+* Cryptocell ECC build fix and fix with RSA disabled
 * IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
 
 ###### Math Library Fixes
@@ -1382,7 +1903,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
     - SSL_SESSION_has_ticket()
     - SSL_SESSION_get_ticket_lifetime_hint()
     - DIST_POINT_new
-    - DIST_POINT_free 
+    - DIST_POINT_free
     - DIST_POINTS_free
     - CRL_DIST_POINTS_free
     - sk_DIST_POINT_push
@@ -1545,7 +2066,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ### Vulnerabilities
 * [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
-* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. 
+* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
 
 ### New Feature Additions
 ###### New Product
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index 388169e6d..d2c01b05d 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -3,11 +3,14 @@ FROM $DOCKER_BASE_IMAGE
 
 USER root
 
-ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
-ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump"
-ARG DEPS_TOOLS="ccache"
+ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
+ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                     && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
@@ -37,10 +40,12 @@ RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-s
 
 # Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
 RUN mkdir /var/empty
-RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
+RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
 
 # Install udp/tcp-proxy
 RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
+# Install libbacktrace
+RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
 
 # Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
 RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
diff --git a/Docker/Dockerfile.cross-compiler b/Docker/Dockerfile.cross-compiler
index a89a9d5b5..f7635b3e4 100644
--- a/Docker/Dockerfile.cross-compiler
+++ b/Docker/Dockerfile.cross-compiler
@@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE
 
 USER root
 
-ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu"
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
 RUN DEBIAN_FRONTEND=noninteractive apt update \
                     && apt install -y ${DEPS_TESTING} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
diff --git a/Docker/buildAndPush.sh b/Docker/buildAndPush.sh
index d66e2c848..444edaca0 100755
--- a/Docker/buildAndPush.sh
+++ b/Docker/buildAndPush.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Assume we're in wolfssl/Docker
 WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
@@ -18,18 +18,37 @@ docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${W
     docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
 
 if [ $? -eq 0 ]; then
-    echo "Pushing containers to DockerHub"
-    docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
-        docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+    echo "Push containers to DockerHub [y/N]? "
+    read val
+    if [ "$val" = "y" ]; then
+        docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
+            docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+        if [ $? -ne 0 ]; then
+            echo "Warning: push failed. Continuing"
+            ((NUM_FAILURES++))
+        fi
+    fi
 else
     echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
     ((NUM_FAILURES++))
 fi
 
 echo "Building wolfssl/wolfCLU:${CUR_DATE}"
-docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
-docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest      --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
-if [ $? -ne 0 ]; then
+DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
+docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
+    docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
+if [ $? -eq 0 ]; then
+    echo "Push containers to DockerHub [y/N]? "
+    read val
+    if [ "$val" = "y" ]; then
+        docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
+            docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
+        if [ $? -ne 0 ]; then
+            echo "Warning: push failed. Continuing"
+            ((NUM_FAILURES++))
+        fi
+    fi
+else
     echo "Warning: Build wolfssl/wolfclu failed. Continuing"
     ((NUM_FAILURES++))
 fi
diff --git a/Docker/run.sh b/Docker/run.sh
index 3820425bb..880e1e44f 100755
--- a/Docker/run.sh
+++ b/Docker/run.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 echo "Running with \"${*}\"..."
 
diff --git a/Docker/wolfCLU/Dockerfile b/Docker/wolfCLU/Dockerfile
index 4c07e853b..1e9099df4 100644
--- a/Docker/wolfCLU/Dockerfile
+++ b/Docker/wolfCLU/Dockerfile
@@ -1,9 +1,9 @@
 ARG DOCKER_BASE_IMAGE=ubuntu
-FROM ubuntu as BUILDER
+FROM ubuntu AS builder
 
-ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat iputils-ping bubblewrap"
+ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
-                    && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
+                    && apt install -y ${DEPS_WOLFSSL} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
 
 ARG NUM_CPU=16
@@ -18,8 +18,8 @@ RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/
 
 FROM ${DOCKER_BASE_IMAGE}
 USER root
-COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/
-COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/
+COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
+COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
 RUN ldconfig
 ENTRYPOINT ["/usr/local/bin/wolfssl"]
 LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl
diff --git a/Docker/wolfCLU/README.md b/Docker/wolfCLU/README.md
index 1fc7bc6de..2c271d556 100644
--- a/Docker/wolfCLU/README.md
+++ b/Docker/wolfCLU/README.md
@@ -1,6 +1,6 @@
 This is a small container that has wolfCLU installed for quick access. To build your own run the following:
 ```
-docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu . 
+docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
 ```
 
 To run the container, you can use:
diff --git a/Docker/yocto/Dockerfile b/Docker/yocto/Dockerfile
new file mode 100644
index 000000000..87f786716
--- /dev/null
+++ b/Docker/yocto/Dockerfile
@@ -0,0 +1,29 @@
+FROM ubuntu
+
+# Set timezone to UTC
+RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
+RUN locale-gen en_US.UTF-8
+
+# Add in non-root user
+ENV UID_OF_DOCKERUSER 1000
+RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
+RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
+
+USER dockerUser
+
+RUN cd /opt && git clone git://git.yoctoproject.org/poky
+WORKDIR /opt/poky
+
+ARG YOCTO_VERSION=kirkstone
+RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
+
+# This arg is to be able to force a rebuild starting from this line
+ARG DUMMY=date
+RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
+    /bin/bash -c "source oe-init-build-env" && \
+    echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
+    sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
+
+RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"
diff --git a/Docker/yocto/buildAndPush.sh b/Docker/yocto/buildAndPush.sh
new file mode 100755
index 000000000..87558eb76
--- /dev/null
+++ b/Docker/yocto/buildAndPush.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# Assume we're in wolfssl/Docker/yocto
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+for ver in kirkstone langdale scarthgap; do
+    echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+    docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
+        docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
+    if [ $? -eq 0 ]; then
+        echo "Pushing containers to DockerHub"
+        docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
+    else
+        echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
+        ((NUM_FAILURES++))
+    fi
+done
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."
diff --git a/IDE/ARDUINO/Arduino_README_prepend.md b/IDE/ARDUINO/Arduino_README_prepend.md
new file mode 100644
index 000000000..34ab46359
--- /dev/null
+++ b/IDE/ARDUINO/Arduino_README_prepend.md
@@ -0,0 +1,49 @@
+# Arduino wolfSSL Library
+
+This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
+
+The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
+
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
+
+Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
+
+## wolfSSL Configuration
+
+As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
+## wolfSSL Examples
+
+Additional wolfSSL examples can be found at:
+
+- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
+
+- https://github.com/wolfSSL/wolfssl/tree/master/examples
+
+- https://github.com/wolfSSL/wolfssl-examples/
+
+## Arduino Releases
+
+This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
+
+See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
+
+The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+
+The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md
index 4c4e10da4..9a8934e44 100644
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@@ -1,30 +1,109 @@
-### wolfSSL with Arduino
+# wolfSSL with Arduino
 
-##### Reformatting wolfSSL as a compatible Arduino Library
-This is a shell script that will re-organize the wolfSSL library to be 
-compatible with Arduino projects that use Arduino IDE 1.5.0 or newer. 
-The Arduino IDE requires a library's source files to be in the library's root 
-directory with a header file in the name of the library. This script moves all 
-src/ files to the `IDE/ARDUINO/wolfSSL/src` directory and creates a stub header
-file called `wolfssl.h` inside that directory.
+See the [example sketches](./sketches/README.md):
 
-Step 1: To configure wolfSSL with Arduino, enter the following from within the
-wolfssl/IDE/ARDUINO directory:
+- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
+- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
 
-        `./wolfssl-arduino.sh`
+When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
 
-Step 2: Copy the directory wolfSSL that was just created to:
-`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
+## Getting Started
 
-Step 3: Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
+See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
+## Boards
+
+Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
+and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
+
+STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
+
+```
+https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
+```
+
+## Using wolfSSL from the Arduino IDE
+
+The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
+
+This option will allow wolfSSL to be installed directly using the native Arduino tools.
+
+## Manually Reformatting wolfSSL as a Compatible Arduino Library
+
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
+compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
+for projects that use Arduino IDE 1.5.0 or newer.
+
+The Arduino IDE requires a library's source files to be in the library's root directory with a
+header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
+directory and creates a stub header file called `wolfssl.h` inside that directory.
+
+### Step 1:
+
+To configure wolfSSL with Arduino, enter ONE of the following 4 commands
+from within the `wolfssl/IDE/ARDUINO` directory:
+
+1. `./wolfssl-arduino.sh`
+    - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
+    - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
+
+2. `./wolfssl-arduino.sh INSTALL` (The most common option)
+    - Creates an Arduino Library in the local `wolfSSL` directory
+    - Moves that directory to the Arduino library directory:
+        - `$HOME/Arduino/libraries` for most bash environments
+        - `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+    - The wolfSSL library is now available from the Arduino IDE.
+
+3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/repository`
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+
+4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
+    - Creates an Arduino Library in `wolfSSL` directory
+    - Copies that directory contents to the specified `/path/to/any/other/directory`
+
+### Step 2:
+
+Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
 If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
-Add any other custom settings, for a good start see the examples in wolfssl root
-"/examples/configs/user_settings_*.h"
+Add any other custom settings. For a good start see the examples in wolfssl root
+"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"
 
-Step 4: If you experience any issues with custom user_settings.h see the wolfssl
+### Step 3:
+
+If you experience any issues with custom `user_settings.h` see the wolfssl
 porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
 
-Step 5: If you still have any issues contact support@wolfssl.com for more help.
+If you have any issues contact support@wolfssl.com for help.
+
+# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
+
+1. In the Arduino IDE:
+
+The wolfSSL library should automatically be detected when found in the `libraries`
+directory.
+
+  - In `Sketch -> Include Library` choose wolfSSL for new sketches.
+
 
 ##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
 
@@ -33,6 +112,90 @@ Step 5: If you still have any issues contact support@wolfssl.com for more help.
         `IDE/ARDUNIO/wolfSSL` folder.
     - In `Sketch -> Include Library` choose wolfSSL.
 
-2. Open an example Arduino sketch for wolfSSL:
-	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
-	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
+##### wolfSSL Examples
+
+Open an example Arduino sketch for wolfSSL:
+
+  - wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
+
+  - wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
+
+#### Script Examples
+
+Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
+
+Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
+
+```bash
+# Change to the wolfSSL Arduino IDE directory
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+
+# remove current Arduino wolfSSL library
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
+
+# Install wolfSSL as an Arduino library
+./wolfssl-arduino.sh INSTALL
+```
+
+Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
+```
+
+Publish wolfSSL from WSL to default Windows local library.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
+rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
+rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
+./wolfssl-arduino.sh INSTALL
+```
+
+Test the TLS server by running a local command-line client.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./examples/client/client -h 192.168.1.43 -p 11111 -v 3
+```
+
+Build wolfSSL to include wolfSSH support to an alternate development directory.
+
+```bash
+cd /mnt/c/workspace/wolfssl-$USER
+./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
+make
+make install
+
+```
+
+Build wolfSSH with wolfSSL not installed to default directory.
+
+```bash
+cd /mnt/c/workspace/wolfssh-$USER
+./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
+make
+./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
+```
+
+Test the current wolfSSL.
+
+```bash
+cd /mnt/c/workspace/wolfssl-arduino
+git status
+./autogen.sh
+./configure --enable-all
+make clean
+make && make test
+```
+
+Build and run `testwolfcrypt`.
+
+```bash
+./autogen.sh
+./configure --enable-all
+make clean && make && ./wolfcrypt/test/testwolfcrypt
+```
diff --git a/IDE/ARDUINO/include.am b/IDE/ARDUINO/include.am
index 19189e82b..52491a8b1 100644
--- a/IDE/ARDUINO/include.am
+++ b/IDE/ARDUINO/include.am
@@ -3,6 +3,15 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST+= IDE/ARDUINO/README.md
+EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
+EXTRA_DIST+= IDE/ARDUINO/keywords.txt
+EXTRA_DIST+= IDE/ARDUINO/library.properties.template
+EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
diff --git a/IDE/ARDUINO/keywords.txt b/IDE/ARDUINO/keywords.txt
new file mode 100644
index 000000000..27d5dc3d6
--- /dev/null
+++ b/IDE/ARDUINO/keywords.txt
@@ -0,0 +1,21 @@
+# Syntax Coloring Map For wolfSSL
+# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
+#
+# Be sure to use tabs, not spaces. This might help:
+#  tr ' ' '\t' < keywords1.txt > keywords.txt
+
+#=============================================
+#	Datatypes	(KEYWORD1)
+#=============================================
+
+
+#=============================================
+#	Methods	and	Functions	(KEYWORD2)
+#=============================================
+wolfSSL_SetIORecv	KEYWORD1
+
+#=============================================
+#	Instances	(KEYWORD2)
+#=============================================
+ctx	KEYWORD2
+
diff --git a/IDE/ARDUINO/library.properties.template b/IDE/ARDUINO/library.properties.template
new file mode 100644
index 000000000..9b18e8c20
--- /dev/null
+++ b/IDE/ARDUINO/library.properties.template
@@ -0,0 +1,9 @@
+name=wolfssl
+version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
+author=wolfSSL Inc.
+maintainer=wolfSSL inc <support@wolfssl.com>
+sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
+paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
+category=Communication
+url=https://www.wolfssl.com/
+architectures=*
diff --git a/IDE/ARDUINO/sketches/README.md b/IDE/ARDUINO/sketches/README.md
new file mode 100644
index 000000000..cc54fdd02
--- /dev/null
+++ b/IDE/ARDUINO/sketches/README.md
@@ -0,0 +1,34 @@
+# wolfSSL Arduino Examples
+
+There are currently two example Arduino sketches:
+
+* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
+* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
+
+Examples have been most recently confirmed operational on the
+[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Using wolfSSL
+
+The typical include will look something like this:
+
+```
+#include <Arduino.h>
+
+ /* wolfSSL user_settings.h must be included from settings.h
+  * Make all configurations changes in user_settings.h
+  * Do not edit wolfSSL `settings.h` or `configh.h` files.
+  * Do not explicitly include user_settings.h in any source code.
+  * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+  * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+  * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+  * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+  */
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+```
+
+For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)
diff --git a/IDE/ARDUINO/sketches/wolfssl_client/README.md b/IDE/ARDUINO/sketches/wolfssl_client/README.md
new file mode 100644
index 000000000..caf83c58e
--- /dev/null
+++ b/IDE/ARDUINO/sketches/wolfssl_client/README.md
@@ -0,0 +1,22 @@
+# Arduino Basic TLS Listening Client
+
+Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
+cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
index 61362ae98..d6ef702e4 100644
--- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,157 +20,884 @@
  */
 
 /*
- This was original tested with Intel Galileo acting as the Client, with a 
-laptop acting as a server using the server example provided in examples/server.
-Legacy Ardunio v1.86 was used to compile and program the Galileo 
+Tested with:
+
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
+
+2) Espressif ESP32 WiFi
+
+3) Arduino Due, Nano33 IoT, Nano RP-2040
 */
 
-#define USE_CERT_BUFFERS_2048
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 0
+
+/* Edit this with your other TLS host server address to connect to: */
+#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+#define WOLFSSL_CLIENT_EXAMPLE
+/* #define WOLFSSL_SERVER_EXAMPLE */
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
+#endif
+
+#define BROADCAST_ADDRESS "255.255.255.255"
+
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif
+
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+ */
 #include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
 #include <wolfssl/ssl.h>
-#include <Ethernet.h>
 #include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif
 
-const char host[] = "192.168.1.148"; /* server to connect to */
-const int port = 11111; /* port on server to connect to */
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
-int reconnect = 10;
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
 
-EthernetClient client;
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
 
-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
 
-void setup() {
-    WOLFSSL_METHOD* method;
-    /* Initialize Return Code */
-    int rc;
-    Serial.begin(9600);
-    /* Delay need to ensure connection to server */
-    delay(4000);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
 
-    method = wolfTLSv1_2_client_method();
-    if (method == NULL) {
-        Serial.println("unable to get method");
-    return;
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
+
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
+
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
+
+#endif
+
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif
+
+static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
+static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
+
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
+
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
+
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
+
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
+
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
+
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
     }
-    ctx = wolfSSL_CTX_new(method);
-    if (ctx == NULL) {
-        Serial.println("unable to get ctx");
-    return;
-    }
-    /* initialize wolfSSL using callback functions */
-    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
-    rc = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,\
-                                        sizeof_ca_cert_der_2048,\
-                                        WOLFSSL_FILETYPE_ASN1);
-    Serial.print("\n\n Return code of load_verify is:");
-    Serial.println(rc);
-    Serial.println("");
-    rc = wolfSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048,\
-                                            sizeof_client_cert_der_2048,\
-                                            WOLFSSL_FILETYPE_ASN1);
-    Serial.print("\n\n Return code of use_certificate_buffer is:");
-    Serial.println(rc);
-    Serial.println("");
-    rc = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,\
-                                            sizeof_client_key_der_2048,\
-                                            WOLFSSL_FILETYPE_ASN1);
-    Serial.print("\n\n Return code of use_PrivateKey_buffer is:");
-    Serial.println(rc);
-    Serial.println("");
-    wolfSSL_SetIOSend(ctx, EthernetSend);
-    wolfSSL_SetIORecv(ctx, EthernetReceive);
-    return;
+    return 0;
 }
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
+
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
+
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
+}
+
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
     int sent = 0;
-    sent = client.write((byte*)msg, sz);
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
     return sent;
 }
 
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
     int ret = 0;
+    (void)ssl;
+    (void)ctx;
+
     while (client.available() > 0 && ret < sz) {
         reply[ret++] = client.read();
     }
     return ret;
 }
 
-void loop() {
-    int err            = 0;
-    int input          = 0;
-    int total_input    = 0;
-    char msg[32]       = "hello wolfssl!";
-    int msgSz          = (int)strlen(msg);
-    char errBuf[80];
-    char reply[80];
-    const char* cipherName;
-    if (reconnect) {
-        reconnect--;
-        if (client.connect(host, port)) {
-            Serial.print("Connected to ");
-            Serial.println(host);
-            ssl = wolfSSL_new(ctx);
-            if (ssl == NULL) {
-                Serial.println("Unable to allocate SSL object");
-                return;
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
+
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
             }
-            err = wolfSSL_connect(ssl);
-            if (err != WOLFSSL_SUCCESS) {
-                err = wolfSSL_get_error(ssl, 0);
-                wolfSSL_ERR_error_string(err, errBuf);
-                Serial.print("TLS Connect Error: ");
-                Serial.println(errBuf);
-            }
-            Serial.print("SSL version is ");
-            Serial.println(wolfSSL_get_version(ssl));
-            cipherName = wolfSSL_get_cipher(ssl);
-            Serial.print("SSL cipher suite is ");
-            Serial.println(cipherName);
-            if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
-                Serial.print("Server response: ");
-                /* wait for data */
-                while (!client.available()) {}
-                /* read data */
-                while (wolfSSL_pending(ssl)) {
-                    input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-                    total_input += input;
-                    if (input < 0) {
-                        err = wolfSSL_get_error(ssl, 0);
-                        wolfSSL_ERR_error_string(err, errBuf);
-                        Serial.print("TLS Read Error: ");
-                        Serial.println(errBuf);
-                        break;
-                    } 
-                    else if (input > 0) {
-                        reply[input] = '\0';
-                        Serial.print(reply);
-                    }
-                    else {
-                        Serial.println();
-                    }
-                } 
-            }
-            else {
-                err = wolfSSL_get_error(ssl, 0);
-                wolfSSL_ERR_error_string(err, errBuf);
-                Serial.print("TLS Write Error: ");
-                Serial.println(errBuf);
-            }
-            wolfSSL_shutdown(ssl);
-            wolfSSL_free(ssl);
-            client.stop();
-            Serial.println("Connection complete.");
-            reconnect = 0;
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Client IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    Serial.print(F("   Configured Server Host to connect to: "));
+    Serial.println(host);
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_client_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl client method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_CLIENT_CERT,
+                                             CTX_CLIENT_CERT_SIZE,
+                                             CTX_CLIENT_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private client key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_CLIENT_KEY,
+                                            CTX_CLIENT_KEY_SIZE,
+                                            CTX_CLIENT_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         CTX_CA_CERT,
+                                         CTX_CA_CERT_SIZE,
+                                         CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println(F("Success: load_verify CTX_CA_CERT"));
+    }
+    else {
+        Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Client Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+    Serial.println(F("Completed Arduino setup!"));
+    /* See companion wolfssl_server.ino code; server begins listening here
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
+     * Any other server will work. See also:
+     * https://github.com/wolfSSL/wolfssl/tree/master/examples/client
+     */
+    /* See companion wolfssl_server.ino code */
+    return;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();
+
+    return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
+
+    if (ssl == NULL) {
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
         }
         else {
-            Serial.println("Trying to reconnect...");
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
+    }
+
+    return err;
+}
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char reply[80];
+    char msg[32]       = "hello wolfssl!";
+    const char* cipherName;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int total_input    = 0;
+    int msgSz          = 0;
+    int input          = 0;
+    int ret            = 0;
+    int err            = 0;
+    msgSz = (int)strlen(msg);
+    Serial.println(F(""));
+    Serial.println(F("Starting Arduino loop() ..."));
+
+    if (reconnect) {
+        reconnect--;
+        /* WiFi client returns true if connection succeeds, false if not.  */
+        /* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
+        Serial.print(F("Connecting to "));
+        Serial.print(host);
+        Serial.print(F(":"));
+        Serial.println(port);
+        /* can also use: IPAddress server(192,168,1,37); */
+        Serial.println(F("Here we go..."));
+        ret = client.connect(host, port);
+        Serial.println(F("Ok, checking..."));
+        if (ret > 0) {
+            Serial.println(F("Connected!"));
+
+            /* initialize wolfSSL */
+            ret = wolfSSL_Init();
+            error_check(ret, false, F("calling wolfSSL_Init") );
+
+            /* create secure connection object. see setup for ctx certs. */
+            Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
+            ssl = wolfSSL_new(ctx);
+            error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
+
+            Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
+            do {
+                err = 0; /* reset error */
+                Serial.println(F("wolfSSL_connect ..."));
+                ret = wolfSSL_connect(ssl);
+                Serial.print("wolfSSL_connect return result =");
+                Serial.println(ret);
+                if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
+                    Serial.println(F("Failed connection, checking error."));
+                    err = error_check_ssl(ssl, ret, true,
+                                    F("Create WOLFSSL object from ctx"));
+                    Serial.print("err =");
+                    Serial.println(err);
+                }
+                else {
+                   Serial.print(PROGRESS_DOT);
+                }
+            } while (err == WC_PENDING_E);
+
+            Serial.println();
+            Serial.println(F("Connected!"));
+            Serial.print(F("SSL version is "));
+            Serial.println(wolfSSL_get_version(ssl));
+
+            cipherName = wolfSSL_get_cipher(ssl);
+            Serial.print(F("SSL cipher suite is "));
+            Serial.println(cipherName);
+
+            /* see test.h
+             * TODO: test.h needs a little bit of Arduino work for these:
+            showPeerEx(ssl, lng_index);
+            showPeerPEM(ssl);
+            */
+
+            Serial.print(F("Sending secure message to server: "));
+            Serial.println(msg);
+            ret = wolfSSL_write(ssl, msg, msgSz);
+            if (ret == msgSz) {
+                Serial.print(F("Waiting for Server response..."));
+
+                while (!client.available()) {
+                    /* wait for data */
+                    delay(1); /* 1 ms delay */
+                }
+
+                Serial.print(F("Reading response.."));
+                /* read data */
+                do {
+                    ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+                    if (ret < 0) {
+                        error_check_ssl(ssl, ret, false,
+                                        F("during TLS Read"));
+                    }
+                    else {
+                        Serial.print(PROGRESS_DOT);
+                    }
+                } while (err == WC_PENDING_E);
+                Serial.println();
+
+                Serial.println();
+                Serial.println(reply); /* typically: I hear you fa shizzle! */
+                Serial.println();
+
+            } /* wolfSSL_write message size matched */
+            else {
+                error_check_ssl(ssl, ret, false,
+                    F("during TLS Write"));
+            }  /* any wolfSSL_write message size mismatch is an error */
+
+            Serial.print(F("Shutting down.."));
+            do {
+                delay(1);
+                Serial.print(PROGRESS_DOT);
+                retry_shutdown--;
+                ret = wolfSSL_shutdown(ssl);
+            } while (   (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
+                     && (retry_shutdown > 0)
+                    ); /* There may be pending data, so wait until done. */
+            Serial.println();
+
+            if (retry_shutdown <= 0) {
+                /* if wolfSSL_free is called before properly shutting down the
+                 * ssl object, undesired results may occur. */
+                Serial.println(F("Warning! Shutdown did not properly complete."));
+            }
+
+            wolfSSL_free(ssl);
+            client.stop();
+            Serial.println(F("Connection complete."));
+            if (REPEAT_CONNECTION) {
+                reconnect = RECONNECT_ATTEMPTS;
+            }
+            else {
+                reconnect = 0;
+            }
+        } /* client.connect(host, port) */
+        else {
+            Serial.println(F("Problem sending message. Trying to reconnect..."));
         }
     }
     delay(1000);
-}
+    if ((reconnect > 0) && (REPEAT_CONNECTION)) {
+        Serial.println(F("Arduino loop repeating..."));
+        Serial.println();
+    }
+    else {
+        printf("wow");
+        Serial.println(F("Done!"));
+        while(1) {
+            /* wait forever */
+        }
+    }
+
+#if defined(MEMORY_STRESS_TEST)
+    if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
+        /* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
+        mem_ctr++;
+        Serial.print(F("Memory stress increment: "));
+        Serial.print(mem_ctr);
+        Serial.print(F(". Allocating addition memory (bytes): "));
+        Serial.println(MEMORY_STRESS_BLOCK_SIZE);
+        memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
+        show_memory();
+    }
+#endif
+} /* Arduino loop repeats */
diff --git a/IDE/ARDUINO/sketches/wolfssl_server/README.md b/IDE/ARDUINO/sketches/wolfssl_server/README.md
new file mode 100644
index 000000000..a7073573b
--- /dev/null
+++ b/IDE/ARDUINO/sketches/wolfssl_server/README.md
@@ -0,0 +1,134 @@
+# Arduino Basic TLS Server
+
+Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
+
+Other IDE products are also supported, such as:
+
+- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
+- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
+- [VisualMicro](https://www.visualmicro.com/)
+
+For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
+Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Connect with an Arduino Sketch
+
+See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
+
+## Connect with Linux Client
+
+See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
+and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
+
+Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
+connect with the `client` executable:
+
+```
+./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+```
+
+## wolfSSL Error -308 wolfSSL_connect error state on socket
+
+When using a wired Ethernet connection, and this error is encountered, simply
+press the reset button or power cycle the Arduino before making a connection.
+
+Here's one possible script to test the server from a command-line client:
+
+```bash
+#!/usr/bin/env bash
+echo "client log " > client_log.txt
+counter=1
+THIS_ERR=0
+while [ $THIS_ERR -eq 0 ]; do
+    ./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
+
+    THIS_ERR=$?
+    if [ $? -ne 0 ]; then
+        echo "Failed!"
+        exit 1
+    fi
+    echo "Iteration $counter"
+    echo "Iteration $counter" >> client_log.txt
+    ((counter++))
+done
+```
+
+Output expected from the `client` command:
+
+```
+$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
+Alternate cert chain used
+ issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ altname = example.com
+ altname = 127.0.0.1
+ serial number:01
+SSL version is TLSv1.2
+SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
+SSL curve name is SECP256R1
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
+MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
+BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
+M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
+DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
+hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
+vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
+i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
+JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
+W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
+DMa5hrjJBMNRN9JP
+-----END CERTIFICATE-----
+Session timeout set to 500 seconds
+Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
+    Session-ID-ctx:
+    Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
+    TLS session ticket: NONE
+    Start Time: 1705533296
+    Timeout   : 500 (sec)
+    Extended master secret: no
+I hear you fa shizzle!
+```
+
+### Troubleshooting
+
+When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
+
+```text
+c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
+collect2.exe: error: ld returned 1 exit status
+
+exit status 1
+
+Compilation error: exit status 1
+```
+
+Try cleaning the Arduino cache directories. For Windows, that's typically in:
+
+```text
+C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
+```
+
+Remove all other boards from other serial ports, leaving one the one being programmed.
diff --git a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
index f331e7810..e87a50f2b 100644
--- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
@@ -1,6 +1,6 @@
 /* wolfssl_server.ino
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,161 +19,829 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/*
+Tested with:
 
-#include <wolfssl.h>
-#include <wolfssl/ssl.h>
-#include <Ethernet.h>
+1) Intel Galileo acting as the Client, with a laptop acting as a server using
+   the server example provided in examples/server.
+   Legacy Arduino v1.86 was used to compile and program the Galileo
 
-#define USE_CERT_BUFFERS_256
-#include <wolfssl/certs_test.h>
+2) Espressif ESP32 WiFi
 
-#ifdef NO_WOLFSSL_SERVER
-  #error Please undefine NO_WOLFSSL_SERVER for this example
+3) Arduino Due, Nano33 IoT, Nano RP-2040
+*/
+
+/*
+ * Note to code editors: the Arduino client and server examples are edited in
+ * parallel for side-by-side comparison between examples.
+ */
+
+/* If you have a private include, define it here, otherwise edit WiFi params */
+#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
+
+/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
+#define REPEAT_CONNECTION 1
+
+/* Edit this with your other TLS host server address to connect to: */
+/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
+
+/* wolfssl TLS examples communicate on port 11111 */
+#define WOLFSSL_PORT 11111
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* We'll wait up to 2000 milliseconds to properly shut down connection */
+#define SHUTDOWN_DELAY_MS 2000
+
+/* Number of times to retry connection.  */
+#define RECONNECT_ATTEMPTS 20
+
+/* Optional stress test. Define to consume memory until exhausted: */
+/* #define MEMORY_STRESS_TEST */
+
+/* Choose client or server example, not both. */
+/* #define WOLFSSL_CLIENT_EXAMPLE */
+#define WOLFSSL_SERVER_EXAMPLE
+
+#if defined(MY_PRIVATE_CONFIG)
+    /* the /workspace directory may contain a private config
+     * excluded from GitHub with items such as WiFi passwords */
+    #include MY_PRIVATE_CONFIG
+    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
+    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
+#else
+    /* when using WiFi capable boards: */
+    static const char* ssid PROGMEM  = "your_SSID";
+    static const char* password PROGMEM = "your_PASSWORD";
 #endif
 
-const int port = 11111; /* port to listen on */
+#define BROADCAST_ADDRESS "255.255.255.255"
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
+ * If it is installed, uncomment define USE_NTP_LIB here: */
+/* #define USE_NTP_LIB */
+#ifdef USE_NTP_LIB
+    #include <NTPClient.h>
+#endif
 
-EthernetServer server(port);
-EthernetClient client;
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+ */
+#include <wolfssl.h>
+/* Important: make sure settings.h appears before any other wolfSSL headers */
+#include <wolfssl/wolfcrypt/settings.h>
+/* Reminder: settings.h includes user_settings.h
+ * For ALL project wolfSSL settings, see:
+ * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
+#include <wolfssl/ssl.h>
+#include <wolfssl/certs_test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
-WOLFSSL_CTX* ctx = NULL;
-WOLFSSL* ssl = NULL;
+/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
+#if defined(DEBUG_WOLFSSL)
+    #define PROGRESS_DOT F("")
+#else
+    #define PROGRESS_DOT F(".")
+#endif
 
-void setup() {
-  int err;
-  WOLFSSL_METHOD* method;
+/* Convert a macro to a string */
+#define xstr(x) str(x)
+#define str(x) #x
 
-  Serial.begin(9600);
+/* optional board-specific networking includes */
+#if defined(ESP32)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    /* Ensure the F() flash macro is defined */
+    #ifndef F
+        #define F
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ESP8266)
+    #define USING_WIFI
+    #include <ESP8266WiFi.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAM_DUE)
+    #include <SPI.h>
+    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
+    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
+    #include <Ethernet.h>
+    EthernetClient client;
+    EthernetClient server(WOLFSSL_PORT);
+#elif defined(ARDUINO_SAMD_NANO_33_IOT)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(ARDUINO_ARCH_RP2040)
+    #define USING_WIFI
+    #include <SPI.h>
+    #include <WiFiNINA.h>
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#elif defined(USING_WIFI)
+    #define USING_WIFI
+    #include <WiFi.h>
+    #include <WiFiUdp.h>
+    #ifdef USE_NTP_LIB
+        WiFiUDP ntpUDP;
+    #endif
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+/* TODO
+#elif defined(OTHER_BOARD)
+*/
+#else
+    #define USING_WIFI
+    WiFiClient client;
+    WiFiServer server(WOLFSSL_PORT);
+#endif
 
-  method = wolfTLSv1_2_server_method();
-  if (method == NULL) {
-    Serial.println("unable to get method");
-    return;
-  }
-  ctx = wolfSSL_CTX_new(method);
-  if (ctx == NULL) {
-    Serial.println("unable to get ctx");
-    return;
-  }
+/* Only for syntax highlighters to show interesting options enabled: */
+#if defined(HAVE_SNI)                           \
+   || defined(HAVE_MAX_FRAGMENT)                  \
+   || defined(HAVE_TRUSTED_CA)                    \
+   || defined(HAVE_TRUNCATED_HMAC)                \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
+   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
+   || defined(HAVE_SUPPORTED_CURVES)              \
+   || defined(HAVE_ALPN)                          \
+   || defined(HAVE_SESSION_TICKET)                \
+   || defined(HAVE_SECURE_RENEGOTIATION)          \
+   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
+#endif
 
-  /* initialize wolfSSL using callback functions */
-  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-  wolfSSL_SetIOSend(ctx, EthernetSend);
-  wolfSSL_SetIORecv(ctx, EthernetReceive);
 
-  /* setup the private key and certificate */
-  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
-    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting key");
-    return;
-  }
-  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
-    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
-  if (err != WOLFSSL_SUCCESS) {
-    Serial.println("error setting certificate");
-    return;
-  }
+/* we expect our IP address from DHCP */
 
-  /* Start the server */
-  server.begin();
-  
-  return;
+static WOLFSSL_CTX* ctx = NULL;
+static WOLFSSL* ssl = NULL;
+static char* wc_error_message = (char*)malloc(80 + 1);
+static char errBuf[80];
+
+#if defined(MEMORY_STRESS_TEST)
+    #define MEMORY_STRESS_ITERATIONS 100
+    #define MEMORY_STRESS_BLOCK_SIZE 1024
+    #define MEMORY_STRESS_INITIAL (4*1024)
+    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
+    static int mem_ctr        = 0;
+#endif
+
+static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+static int reconnect = RECONNECT_ATTEMPTS;
+static int lng_index PROGMEM = 0; /* 0 = English */
+
+#if defined(__arm__)
+    #include <malloc.h>
+    extern char _end;
+    extern "C" char *sbrk(int i);
+    static char *ramstart=(char *)0x20070000;
+    static char *ramend=(char *)0x20088000;
+#endif
+
+/*****************************************************************************/
+/* fail_wait - in case of unrecoverable error                                */
+/*****************************************************************************/
+int fail_wait(void) {
+    show_memory();
+
+    Serial.println(F("Failed. Halt."));
+    while (1) {
+        delay(1000);
+    }
+    return 0;
 }
 
-int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
-  int sent = 0;
+/*****************************************************************************/
+/* show_memory() to optionally view during debugging.                         */
+/*****************************************************************************/
+int show_memory(void)
+{
+#if defined(__arm__)
+    struct mallinfo mi = mallinfo();
 
-  sent = client.write((byte*)msg, sz);
+    char *heapend=sbrk(0);
+    register char * stack_ptr asm("sp");
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+        Serial.print("    arena=");
+        Serial.println(mi.arena);
+        Serial.print("  ordblks=");
+        Serial.println(mi.ordblks);
+        Serial.print(" uordblks=");
+        Serial.println(mi.uordblks);
+        Serial.print(" fordblks=");
+        Serial.println(mi.fordblks);
+        Serial.print(" keepcost=");
+        Serial.println(mi.keepcost);
+    #endif
 
-  return sent;
+    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
+        Serial.print("Estimated free memory: ");
+        Serial.print(stack_ptr - heapend + mi.fordblks);
+        Serial.println(F(" bytes"));
+    #endif
+
+    #if (0)
+        /* Experimental: not supported on all devices: */
+        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
+        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
+        Serial.print("Heap End %lx\n", (unsigned long)heapend);
+        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
+        Serial.print("RAM End %lx\n", (unsigned long)ramend);
+
+        Serial.print("Heap RAM Used: ",mi.uordblks);
+        Serial.print("Program RAM Used ",&_end - ramstart);
+        Serial.print("Stack RAM Used ",ramend - stack_ptr);
+
+        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
+    #endif
+#else
+    Serial.println(F("show_memory() not implemented for this platform"));
+#endif
+    return 0;
 }
 
+/*****************************************************************************/
+/* EthernetSend() to send a message string.                                  */
+/*****************************************************************************/
+int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
+    int sent = 0;
+    (void)ssl;
+    (void)ctx;
+
+    sent = client.write((byte*)message, sz);
+    return sent;
+}
+
+/*****************************************************************************/
+/* EthernetReceive() to receive a reply string.                              */
+/*****************************************************************************/
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-  int ret = 0;
+    int ret = 0;
+    (void)ssl;
+    (void)ctx;
 
-  while (client.available() > 0 && ret < sz) {
-    reply[ret++] = client.read();
-  }
-
-  return ret;
+    while (client.available() > 0 && ret < sz) {
+        reply[ret++] = client.read();
+    }
+    return ret;
 }
 
-void loop() {
-  int err = 0;
-  int input = 0;
-  char errBuf[80];
-  char reply[80];
-  int replySz = 0;
-  const char* cipherName;
+/*****************************************************************************/
+/* Arduino setup_hardware()                                                  */
+/*****************************************************************************/
+int setup_hardware(void) {
+    int ret = 0;
 
-  /* Listen for incoming client requests. */
-  client = server.available();
-  if (!client) {
+#if defined(ARDUINO_SAMD_NANO_33_IOT)
+    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
+#elif defined(ARDUINO_ARCH_RP2040)
+    Serial.println(F("Detected known tested and working Arduino RP-2040"));
+#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
+    /* need to manually turn on random number generator on Arduino Due, etc. */
+    pmc_enable_periph_clk(ID_TRNG);
+    trng_enable(TRNG);
+    Serial.println(F("Enabled ARM TRNG"));
+#endif
+
+    show_memory();
+    randomSeed(analogRead(0));
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_datetime()                                                  */
+/*   The device needs to have a valid date within the valid range of certs.  */
+/*****************************************************************************/
+int setup_datetime(void) {
+    int ret = 0;
+    int ntp_tries = 20;
+
+    /* we need a date in the range of cert expiration */
+#ifdef USE_NTP_LIB
+    #if defined(ESP32)
+        NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+        timeClient.begin();
+        timeClient.update();
+        delay(1000);
+        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
+            timeClient.forceUpdate();
+            Serial.println(F("Waiting for NTP update"));
+            delay(2000);
+            ntp_tries--;
+        }
+        if (ntp_tries <= 0) {
+            Serial.println(F("Warning: gave up waiting on NTP"));
+        }
+        Serial.println(timeClient.getFormattedTime());
+        Serial.println(timeClient.getEpochTime());
+    #endif
+#endif
+
+#if defined(ESP32)
+    /* see esp32-hal-time.c */
+    ntp_tries = 5;
+    /* Replace "pool.ntp.org" with your preferred NTP server */
+    configTime(0, 0, "pool.ntp.org");
+
+    /* Wait for time to be set */
+    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
+        Serial.println(F("Waiting for time to be set..."));
+        delay(2000);
+        ntp_tries--;
+    }
+#endif
+
+    return ret;
+} /* setup_datetime */
+
+/*****************************************************************************/
+/* Arduino setup_network()                                                   */
+/*****************************************************************************/
+int setup_network(void) {
+    int ret = 0;
+
+#if defined(USING_WIFI)
+    int status = WL_IDLE_STATUS;
+
+    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
+    #if defined(ESP8266) || defined(ESP32)
+        WiFi.mode(WIFI_STA);
+    #else
+        String fv;
+        if (WiFi.status() == WL_NO_MODULE) {
+            Serial.println("Communication with WiFi module failed!");
+            /* don't continue if no network */
+            while (true) ;
+        }
+
+        fv = WiFi.firmwareVersion();
+        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
+            Serial.println("Please upgrade the firmware");
+        }
+    #endif
+
+    Serial.print(F("Connecting to WiFi "));
+    Serial.print(ssid);
+    status = WiFi.begin(ssid, password);
+    while (status != WL_CONNECTED) {
+        delay(1000);
+        Serial.print(F("."));
+        Serial.print(status);
+        status = WiFi.status();
+    }
+
+    Serial.println(F(" Connected!"));
+#else
+    /* Newer Ethernet shields have a
+     * MAC address printed on a sticker on the shield */
+    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
+    IPAddress ip(192, 168, 1, 42);
+    IPAddress myDns(192, 168, 1, 1);
+    Ethernet.init(10); /* Most Arduino shields */
+    /* Ethernet.init(5);   * MKR ETH Shield */
+    /* Ethernet.init(0);   * Teensy 2.0 */
+    /* Ethernet.init(20);  * Teensy++ 2.0 */
+    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
+    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
+    Serial.println(F("Initialize Ethernet with DHCP:"));
+    if (Ethernet.begin(mac) == 0) {
+        Serial.println(F("Failed to configure Ethernet using DHCP"));
+        /* Check for Ethernet hardware present */
+        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
+            Serial.println(F("Ethernet shield was not found."));
+            while (true) {
+                delay(1); /* do nothing */
+            }
+        }
+        if (Ethernet.linkStatus() == LinkOFF) {
+            Serial.println(F("Ethernet cable is not connected."));
+        }
+        /* try to configure using IP address instead of DHCP : */
+        Ethernet.begin(mac, ip, myDns);
+    }
+    else {
+        Serial.print(F("  DHCP assigned IP "));
+        Serial.println(Ethernet.localIP());
+    }
+    /* We'll assume the Ethernet connection is ready to go. */
+#endif
+
+    Serial.println(F("********************************************************"));
+    Serial.print(F("      wolfSSL Example Server IP = "));
+#if defined(USING_WIFI)
+    Serial.println(WiFi.localIP());
+#else
+    Serial.println(Ethernet.localIP());
+#endif
+    /* In server mode, there's no host definition. */
+    /* See companion example: wolfssl_client.ino */
+    Serial.println(F("********************************************************"));
+    Serial.println(F("Setup network complete."));
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_wolfssl()                                                   */
+/*****************************************************************************/
+int setup_wolfssl(void) {
+    int ret = 0;
+    WOLFSSL_METHOD* method;
+
+    /* Show a revision of wolfssl user_settings.h file in use when available: */
+#if defined(WOLFSSL_USER_SETTINGS_ID)
+    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
+    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
+#else
+    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
+#endif
+
+#if defined(NO_WOLFSSL_SERVER)
+    Serial.println(F("wolfSSL server code disabled to save space."));
+#endif
+#if defined(NO_WOLFSSL_CLIENT)
+    Serial.println(F("wolfSSL client code disabled to save space."));
+#endif
+
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+    Serial.println(F("wolfSSL Debugging is On!"));
+#else
+    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
+#endif
+
+    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
+#if defined(NO_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
+#elif defined(MICRO_SESSION_CACHEx)
+    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
+#elif defined(SMALL_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
+#elif defined(MEDIUM_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
+#elif defined(BIG_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#elif defined(HUGE_SESSION_CACHE)
+    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
+#else
+    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
+    /* See wolfssl/src/ssl.c for amount of memory used.
+     * It is best on embedded devices to choose a TLS session cache size. */
+#endif
+
+    ret = wolfSSL_Init();
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.println("Successfully called wolfSSL_Init");
+    }
+    else {
+        Serial.println("ERROR: wolfSSL_Init failed");
+    }
+
+    /* See companion server example with wolfSSLv23_server_method here.
+     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
+     * method = wolfTLSv1_2_client_method();   only TLS 1.2
+     * method = wolfTLSv1_3_client_method();   only TLS 1.3
+     *
+     * see Arduino\libraries\wolfssl\src\user_settings.h */
+
+    Serial.println("Here we go!");
+
+    method = wolfSSLv23_server_method();
+    if (method == NULL) {
+        Serial.println(F("unable to get wolfssl server method"));
+        fail_wait();
+    }
+    ctx = wolfSSL_CTX_new(method);
+    if (ctx == NULL) {
+        Serial.println(F("unable to get ctx"));
+        fail_wait();
+    }
+
+    return ret;
+}
+
+/*****************************************************************************/
+/* Arduino setup_certificates()                                              */
+/*****************************************************************************/
+int setup_certificates(void) {
+    int ret = 0;
+
+    Serial.println(F("Initializing certificates..."));
+    show_memory();
+
+    /* Use built-in validation, No verification callback function: */
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+    /* Certificate */
+    Serial.println("Initializing certificates...");
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             CTX_SERVER_CERT,
+                                             CTX_SERVER_CERT_SIZE,
+                                             CTX_CA_CERT_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use certificate: ");
+        Serial.println(xstr(CTX_SERVER_CERT));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    /* Setup private server key */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            CTX_SERVER_KEY,
+                                            CTX_SERVER_KEY_SIZE,
+                                            CTX_SERVER_KEY_TYPE);
+    if (ret == WOLFSSL_SUCCESS) {
+        Serial.print("Success: use private key buffer: ");
+        Serial.println(xstr(CTX_SERVER_KEY));
+    }
+    else {
+        Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
+        wc_ErrorString(ret, wc_error_message);
+        Serial.println(wc_error_message);
+        fail_wait();
+    }
+
+    return ret;
+} /* Arduino setup */
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino setup()                                                           */
+/*****************************************************************************/
+/*****************************************************************************/
+void setup(void) {
+    int i = 0;
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial && (i < 10)) {
+        /* wait for serial port to connect. Needed for native USB port only */
+        delay(1000);
+        i++;
+    }
+
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL TLS Server Example Startup."));
+
+    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
+#if defined(DEBUG_WOLFSSL)
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* Optionally pre-allocate a large block of memory for testing */
+#if defined(MEMORY_STRESS_TEST)
+    Serial.println(F("WARNING: Memory Stress Test Active!"));
+    Serial.print(F("Allocating extra memory: "));
+    Serial.print(MEMORY_STRESS_INITIAL);
+    Serial.println(F(" bytes..."));
+    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
+    show_memory();
+#endif
+
+    setup_hardware();
+
+    setup_network();
+
+    setup_datetime();
+
+    setup_wolfssl();
+
+    setup_certificates();
+
+    /* Initialize wolfSSL using callback functions. */
+    wolfSSL_SetIOSend(ctx, EthernetSend);
+    wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+#if defined THIS_USER_SETTINGS_VERSION
+    Serial.print(F("This user_settings.h version:"))
+    Serial.println(THIS_USER_SETTINGS_VERSION)
+#endif
+
+    /* Start the server
+     * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
+     */
+
+    Serial.println(F("Completed Arduino setup()"));
+
+    server.begin();
+    Serial.println("Begin Server... (waiting for remote client to connect)");
+
+    /* See companion wolfssl_client.ino code */
     return;
-  }
+} /* Arduino setup */
 
-  if (client.connected()) {
+/*****************************************************************************/
+/* wolfSSL error_check()                                                     */
+/*****************************************************************************/
+int error_check(int this_ret, bool halt_on_error,
+                      const __FlashStringHelper* message) {
+    int ret = 0;
+    if (this_ret == WOLFSSL_SUCCESS) {
+        Serial.print(F("Success: "));
+        Serial.println(message);
+    }
+    else {
+        Serial.print(F("ERROR: return = "));
+        Serial.print(this_ret);
+        Serial.print(F(": "));
+        Serial.println(message);
+        Serial.println(wc_GetErrorString(this_ret));
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    show_memory();
 
-    Serial.println("Client connected");
+    return ret;
+} /* error_check */
+
+/*****************************************************************************/
+/* wolfSSL error_check_ssl                                                   */
+/*   Parameters:                                                             */
+/*     ssl           is the current WOLFSSL object pointer                   */
+/*     halt_on_error set to true to suspend operations for critical error    */
+/*     message       is expected to be a memory-efficient F("") macro string */
+/*****************************************************************************/
+int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
+                           const __FlashStringHelper* message) {
+    int err = 0;
 
-    ssl = wolfSSL_new(ctx);
     if (ssl == NULL) {
-      Serial.println("Unable to allocate SSL object");
-      return;
+        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
+#ifndef DEBUG_WOLFSSL
+        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
+#else
+        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
+#endif
+        Serial.print(F("ERROR: "));
+        Serial.println(message);
+        show_memory();
+        if (halt_on_error) {
+            fail_wait();
+        }
+    }
+    else {
+        err = wolfSSL_get_error(ssl, this_ret);
+        if (err == WOLFSSL_SUCCESS) {
+            Serial.print(F("Success m: "));
+            Serial.println(message);
+        }
+        else {
+            if (err < 0) {
+                wolfSSL_ERR_error_string(err, errBuf);
+                Serial.print(F("WOLFSSL Error: "));
+                Serial.print(err);
+                Serial.print(F("; "));
+                Serial.println(errBuf);
+            }
+            else {
+                Serial.println(F("Success: ssl object."));
+            }
+        }
     }
 
-    err = wolfSSL_accept(ssl);
-    if (err != WOLFSSL_SUCCESS) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Accept Error: ");
-      Serial.println(errBuf);
-    }
-
-    Serial.print("SSL version is ");
-    Serial.println(wolfSSL_get_version(ssl));
-    
-    cipherName = wolfSSL_get_cipher(ssl);
-    Serial.print("SSL cipher suite is ");
-    Serial.println(cipherName);
-
-    Serial.print("Server Read: ");
-    /* wait for data */
-    while (!client.available()) {}
-    /* read data */
-    while (wolfSSL_pending(ssl)) {
-      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-      if (input < 0) {
-        err = wolfSSL_get_error(ssl, 0);
-        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("TLS Read Error: ");
-        Serial.println(errBuf);
-        break;
-      } else if (input > 0) {
-        replySz = input;
-        reply[input] = '\0';
-        Serial.print(reply);
-      } else {
-        Serial.println();
-      }
-    }
-
-    /* echo data */
-    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
-      err = wolfSSL_get_error(ssl, 0);
-      wolfSSL_ERR_error_string(err, errBuf);
-      Serial.print("TLS Write Error: ");
-      Serial.println(errBuf);
-    }
-    
-    wolfSSL_shutdown(ssl);
-    wolfSSL_free(ssl);
-  }
-
-  client.stop();
-  Serial.println("Connection complete");
+    return err;
 }
+
+/*****************************************************************************/
+/*****************************************************************************/
+/* Arduino loop()                                                            */
+/*****************************************************************************/
+/*****************************************************************************/
+void loop() {
+    char errBuf[80]    = "(no error";
+    char reply[80]     = "(no reply)";
+    const char msg[]   = "I hear you fa shizzle!";
+    const char* cipherName;
+    int input          = 0;
+    int replySz        = 0;
+    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
+    int ret            = 0;
+    IPAddress broadcast_address(255, 255, 255, 255);
+
+    /* Listen for incoming client requests. */
+    client = server.available();
+    if (client)  {
+       Serial.println("Have Client");
+       while (!client.connected()) {
+           /* wait for the client to actually connect */
+           delay(10);
+       }
+        Serial.print("Client connected from remote IP: ");
+        Serial.println(client.remoteIP());
+
+        ssl = wolfSSL_new(ctx);
+        if (ssl == NULL) {
+            Serial.println("Unable to allocate SSL object");
+            fail_wait();
+        }
+
+        ret = wolfSSL_accept(ssl);
+        if (ret != WOLFSSL_SUCCESS) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Accept Error: ");
+            Serial.println(errBuf);
+        }
+
+        cipherName = wolfSSL_get_cipher(ssl);
+        Serial.print("SSL cipher suite is ");
+        Serial.println(cipherName);
+
+        Serial.print("Server Read: ");
+        while (!client.available()) {
+            /* wait for data */
+        }
+
+        /* read data */
+        while (wolfSSL_pending(ssl)) {
+            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+            if (input < 0) {
+                ret = wolfSSL_get_error(ssl, 0);
+                wolfSSL_ERR_error_string(ret, errBuf);
+                Serial.print("TLS Read Error: ");
+                Serial.println(errBuf);
+                break;
+            }
+            else if (input > 0) {
+                replySz = input;
+                reply[input] = '\0';
+                Serial.print(reply);
+            }
+            else {
+                Serial.println("<end of reply, input == 0>");
+            }
+        }
+
+        /* Write our message into reply buffer to send */
+        memset(reply, 0, sizeof(reply));
+        memcpy(reply, msg, sizeof(msg));
+        replySz = strnlen(reply, sizeof(reply));
+
+        Serial.println("Sending reply...");
+        if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+            ret = wolfSSL_get_error(ssl, 0);
+            wolfSSL_ERR_error_string(ret, errBuf);
+            Serial.print("TLS Write Error: ");
+            Serial.println(errBuf);
+        }
+        else {
+            Serial.println("Reply sent!");
+        }
+
+        Serial.println("Shutdown!");
+        do {
+            delay(1);
+            retry_shutdown--;
+            ret = wolfSSL_shutdown(ssl);
+        } while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
+
+        if (retry_shutdown <= 0) {
+            /* if wolfSSL_free is called before properly shutting down the
+             * ssl object, undesired results may occur. */
+            Serial.println("Warning! Shutdown did not properly complete.");
+        }
+
+        wolfSSL_free(ssl);
+        Serial.println("Connection complete.");
+        if (REPEAT_CONNECTION) {
+            Serial.println();
+            Serial.println("Waiting for next connection.");
+        }
+        else {
+            client.stop();
+            Serial.println("Done!");
+            while (1) {
+                /* wait forever if not repeating */
+                delay(100);
+            }
+        }
+    }
+    else {
+        /* Serial.println("Client not connected. Trying again..."); */
+    }
+
+    delay(100);
+} /* Arduino loop repeats */
diff --git a/IDE/ARDUINO/sketches/wolfssl_version/README.md b/IDE/ARDUINO/sketches/wolfssl_version/README.md
new file mode 100644
index 000000000..3abfe8299
--- /dev/null
+++ b/IDE/ARDUINO/sketches/wolfssl_version/README.md
@@ -0,0 +1,3 @@
+# Arduino Basic Hello World
+
+This example simply compiles in wolfSSL and shows the current version number.
diff --git a/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino b/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
new file mode 100644
index 000000000..a2f13fecc
--- /dev/null
+++ b/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
@@ -0,0 +1,55 @@
+/* wolfssl_server.ino
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <Arduino.h>
+
+ /* wolfSSL user_settings.h must be included from settings.h
+  * Make all configurations changes in user_settings.h
+  * Do not edit wolfSSL `settings.h` or `config.h` files.
+  * Do not explicitly include user_settings.h in any source code.
+  * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+  * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+  * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+  * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+  */
+#include <wolfssl.h>
+#include <wolfssl/version.h>
+
+/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
+#define SERIAL_BAUD 115200
+
+/* Arduino setup */
+void setup() {
+    Serial.begin(SERIAL_BAUD);
+    while (!Serial) {
+        /* wait for serial port to connect. Needed for native USB port only */
+    }
+    Serial.println(F(""));
+    Serial.println(F(""));
+    Serial.println(F("wolfSSL setup complete!"));
+}
+
+/* Arduino main application loop. */
+void loop() {
+    Serial.print("wolfSSL Version: ");
+    Serial.println(LIBWOLFSSL_VERSION_STRING);
+    delay(60000);
+}
diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh
index 107f99b1c..63dcf4cc1 100755
--- a/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/IDE/ARDUINO/wolfssl-arduino.sh
@@ -2,19 +2,134 @@
 
 # this script will reformat the wolfSSL source code to be compatible with
 # an Arduino project
-# run as bash ./wolfssl-arduino.sh
+# run as bash ./wolfssl-arduino.sh [INSTALL] [path]
+#
+# ./wolfssl-arduino.sh
+# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
+# If successfully built, and the INSTALL option is used, tis directory
+# is then moved to the target.
+#
+# ./wolfssl-arduino.sh INSTALL
+# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
+#
+# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
+# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
+#
+# To ensure a pristine build, the directory must not exist.
+#
+# Reminder there's typically no $USER for GitHub actions, but:
+# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+#
+# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
+# The Arduino library name is "wolfssl" (all lower case)
+# The Arduino library directory name is "wolfssl" (all lower case)
+# The Arduino library include file is "wolfssl.h" (all lower case)
+# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
+# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
+ROOT_DIR="/wolfssl"
+
+# The Arduino Version will initially have a suffix appended during fine tuning stage.
+WOLFSSL_VERSION_ARUINO_SUFFIX=""
+
+# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
+# Do not set to empty string, as copy will fail with this: CP_CMD=""
+# CP_CMD="cp -v "
+CP_CMD="cp "
+
+# Specify the executable shell checker you want to use:
+MY_SHELLCHECK="shellcheck"
+
+# There are special circumstances to publish to GitHub repository.
+# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
+#
+# Unlike a local Arduino library that requires a clean directory,
+# we'll allow extra files, overwrites, etc.
+#
+# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
+THIS_INSTALL_IS_GITHUB="false"
+
+# Check if the executable is available in the PATH
+if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
+    # Run your command here
+    shellcheck "$0" || exit 1
+else
+    echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
+fi
+
+if ! [ "$CP_CMD" = "cp " ]; then
+    if [ "$CP_CMD" = "cp -v" ]; then
+        echo "Copy verbose mode"
+    else
+        echo "ERROR: Copy mode not supported: $CP_CMD"
+        exit 1
+    fi
+fi
+
+if [ "$ROOT_DIR" = "" ]; then
+    echo "ERROR: ROOT_DIR cannot be blank"
+    exit 1
+fi
+
+# Check environment
+if [ -n "$WSL_DISTRO_NAME" ]; then
+    # we found a non-blank WSL environment distro name
+    current_path="$(pwd)"
+    pattern="/mnt/?"
+    if echo "$current_path" | grep -Eq "^$pattern"; then
+        # if we are in WSL and shared Windows file system, 'ln' does not work.
+        ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+    else
+        ARDUINO_ROOT="$HOME/Arduino/libraries"
+    fi
+fi
+echo "The Arduino library root is: $ARDUINO_ROOT"
+
+if [ $# -gt 0 ]; then
+    THIS_OPERATION="$1"
+    if [ "$THIS_OPERATION" = "INSTALL" ]; then
+        THIS_INSTALL_DIR=$2
+
+        if [ "$THIS_INSTALL_DIR" = "/" ]; then
+            echo "ERROR: THIS_INSTALL_DIR cannot be /"
+            exit 1
+        fi
+
+        echo "Install is active."
+
+        if [ "$THIS_INSTALL_DIR" = "" ]; then
+            if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
+                echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
+                echo "A new directory needs to be created to ensure there are no stray files"
+                echo "Please delete or move the directory and try again."
+                exit 1
+            fi
+        else
+            echo "Installing to $THIS_INSTALL_DIR"
+            if [ -d "$THIS_INSTALL_DIR/.git" ];then
+                echo "Target is a GitHub root repository."
+                THIS_INSTALL_IS_GITHUB="true"
+            else
+                echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
+            fi
+        fi
+    else
+        echo "Error: not a valid operation: $THIS_OPERATION"
+        exit 1
+    fi
+fi
+
 
-ROOT_DIR="/wolfSSL"
 ROOT_SRC_DIR="${ROOT_DIR}/src"
+EXAMPLES_DIR="${ROOT_DIR}/examples"
 WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
 WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
 WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
 WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
 WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
 OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
-WOLFSSL_VERSION="5.6.4"
 
-# TOP indicates the file directory comes from the top level of the wolfssl repo
+
+# TOP indicates the file directory for top level of the wolfssl repository.
 TOP_DIR="../.."
 WOLFSSL_SRC_TOP="${TOP_DIR}/src"
 WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
@@ -24,122 +139,205 @@ WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
 OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
 
 
-# TODO: Parse version number
 WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
+if [ "$WOLFSSL_VERSION" = "" ]; then
+    echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
+    exit 1
+else
+    echo "Found wolfSSL version $WOLFSSL_VERSION"
+    echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
+fi
+echo ""
 
+THIS_DIR=${PWD##*/}
 
-DIR=${PWD##*/}
-
-if [ "$DIR" = "ARDUINO" ]; then
-	if [ ! -d ".${ROOT_DIR}" ]; then
-	    mkdir .${ROOT_DIR}
+if [ "$THIS_DIR" = "ARDUINO" ]; then
+    # mkdir ./wolfssl
+    if [ -d ".${ROOT_DIR}" ]; then
+        echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
+        exit 1
+    else
+        echo "Step 01: mkdir .${ROOT_DIR}"
+        mkdir ."${ROOT_DIR}"
     fi
+
+    # mkdir ./wolfssl/src
     if [ ! -d ".${ROOT_SRC_DIR}" ]; then
-	    mkdir .${ROOT_SRC_DIR}
+        echo "Step 02: mkdir .${ROOT_SRC_DIR}"
+        mkdir ."${ROOT_SRC_DIR}"
     fi
 
+    # mkdir ./wolfssl/src/wolfssl
     if [ ! -d ".${WOLFSSL_HEADERS}" ]; then
-	    mkdir .${WOLFSSL_HEADERS}
+        echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
+        mkdir ."${WOLFSSL_HEADERS}"
     fi
 
-    cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS}
+    #  cp ../../wolfssl/*.h  ./wolfssl/src/wolfssl
+    echo "Step 04: cp    ${WOLFSSL_HEADERS_TOP}/*.h              .${WOLFSSL_HEADERS}"
+    $CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}"
     if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
-        mkdir .${WOLFCRYPT_HEADERS}
+        #  mkdir ./wolfssl/src/wolfssl/wolfcrypt
+        echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}"
+        mkdir ."${WOLFCRYPT_HEADERS}/port"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
+        mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
     fi
-    cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS}
+
+    # cp  ../../wolfssl/wolfcrypt/*.h  ./wolfssl/src/wolfssl/wolfcrypt
+    echo "Step 06: cp    ${WOLFCRYPT_HEADERS_TOP}/*.h    .${WOLFCRYPT_HEADERS}"
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h                ."${WOLFCRYPT_HEADERS}"                 || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h     ."${WOLFCRYPT_HEADERS}/port/atmel"      || exit 1
+    $CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif"  || exit 1
 
     # Add in source files to wolfcrypt/src
     if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
-        mkdir .${WOLFCRYPT_ROOT}
+        # mkdir ./wolfssl/src/wolfcrypt
+        echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
+        mkdir ."${WOLFCRYPT_ROOT}"
     fi
+
+    # mkdir ./wolfssl/src/wolfcrypt/src
     if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
-        mkdir .${WOLFCRYPT_SRC}
+        echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"
+        mkdir ."${WOLFCRYPT_SRC}"/port
+        mkdir ."${WOLFCRYPT_SRC}"/port/atmel
+        mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
     fi
-    cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC}
-    
+
+    # cp  ../../wolfcrypt/src/*.c  ./wolfssl/src/wolfcrypt/src
+    echo "Step 09: cp    ${WOLFCRYPT_SRC_TOP}/*.c        .${WOLFCRYPT_SRC}"
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c                  ."${WOLFCRYPT_SRC}"                || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c       ."${WOLFCRYPT_SRC}"/port/atmel     || exit 1
+    $CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c   ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
+
     # Add in source files to top level src folders
     if [ ! -d ".${WOLFSSL_SRC}" ]; then
-        mkdir .${WOLFSSL_SRC}
+        # mkdir ./wolfssl/src/src
+        echo "Step 10: mkdir .${WOLFSSL_SRC}"
+        mkdir ."${WOLFSSL_SRC}"
     fi
-    cp ${WOLFSSL_SRC_TOP}/*.c .${WOLFSSL_SRC}
+    $CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}"                                        || exit 1
     # put bio and evp as includes
-    cp .${WOLFSSL_SRC}/bio.c .${WOLFSSL_HEADERS}
-    cp .${WOLFCRYPT_SRC}/evp.c .${WOLFSSL_HEADERS}
+    $CP_CMD ."${WOLFSSL_SRC}"/bio.c   ."${WOLFSSL_HEADERS}"                                   || exit 1
+    $CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}"                                   || exit 1
 
     # make a copy of evp.c and bio.c for ssl.c to include inline
-    cp .${WOLFSSL_HEADERS}/evp.c .${WOLFCRYPT_SRC}/evp.c
-    cp .${WOLFSSL_HEADERS}/bio.c .${WOLFCRYPT_SRC}/bio.c
-    
+    $CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c                             || exit 1
+    $CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c                             || exit 1
+
     # copy openssl compatibility headers to their appropriate location
     if [ ! -d ".${OPENSSL_DIR}" ]; then
-        mkdir .${OPENSSL_DIR}
+        mkdir ."${OPENSSL_DIR}"
     fi
-    cp ${OPENSSL_DIR_TOP}/* .${OPENSSL_DIR}
+    $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}"                                          || exit 1
 
+    # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
+    $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
 
-    cat > .${ROOT_SRC_DIR}/wolfssl.h <<EOF
-/* Generated wolfSSL header file for Arduino */
-#include <user_settings.h>
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/ssl.h>
-EOF
+    echo "Copy examples...."
+    # Copy examples
+    mkdir -p ".${ROOT_SRC_DIR}"/examples
 
+    echo "Copy wolfssl_client example...."
+    mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
+    $CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_client/README.md          ".${EXAMPLES_DIR}"/wolfssl_client/README.md          || exit 1
 
-# Creates user_settings file if one does not exist
-    if [ ! -f ".${ROOT_SRC_DIR}/user_settings.h" ]; then
-    	cat > .${ROOT_SRC_DIR}/user_settings.h <<EOF
-/* Generated wolfSSL user_settings.h file for Arduino */
-#ifndef ARDUINO_USER_SETTINGS_H
-#define ARDUINO_USER_SETTINGS_H
-
-/* Platform */
-#define WOLFSSL_ARDUINO
-
-/* Math library (remove this to use normal math)*/
-#define USE_FAST_MATH
-#define TFM_NO_ASM
-#define NO_ASN_TIME
-
-/* When using Intel Galileo Uncomment the line below */
-/* #define INTEL_GALILEO */
-
-/* RNG DEFAULT !!FOR TESTING ONLY!! */
-/* comment out the error below to get started w/ bad entropy source
- * This will need fixed before distribution but is OK to test with */
-#error "needs solved, see: https://www.wolfssl.com/docs/porting-guide/"
-#define WOLFSSL_GENSEED_FORTEST
-
-#endif /* ARDUINO_USER_SETTINGS_H */
-EOF
-    fi
-
-    cp .${WOLFCRYPT_HEADERS}/settings.h .${WOLFCRYPT_HEADERS}/settings.h.bak
-    cat > .${WOLFCRYPT_HEADERS}/settings.h <<EOF
-/*wolfSSL Generated ARDUINO settings */
-#ifndef WOLFSSL_USER_SETTINGS
-    #define WOLFSSL_USER_SETTINGS
-#endif /* WOLFSSL_USER_SETTINGS */ 
-/*wolfSSL Generated ARDUINO settings: END */	
-
-EOF
-    cat .${WOLFCRYPT_HEADERS}/settings.h.bak >> .${WOLFCRYPT_HEADERS}/settings.h
-
-    #Creating library.properties file based off of: 
-    #https://arduino.github.io/arduino-cli/0.35/library-specification/#libraryproperties-file-format
-
-    cat > .${ROOT_DIR}/library.properties <<EOF
-name=wolfSSL
-version=${WOLFSSL_VERSION}
-author=wolfSSL inc
-maintainer=wolfSSL inc <support@wolfssl.com>
-sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
-paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
-category=Communication
-url=https://www.wolfssl.com/
-architectures=*
-
-EOF
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_server
+    $CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_server/README.md          ".${EXAMPLES_DIR}"/wolfssl_server/README.md          || exit 1
 
+    echo "Copy wolfssl_server example...."
+    mkdir -p .${EXAMPLES_DIR}/wolfssl_version
+    $CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
+    $CP_CMD ./sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
 else
     echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
+    exit 1
 fi
+
+# At this point, the library is complete, but we need some additional files.
+#
+# optional diagnostics:
+# echo ".${ROOT_DIR}"
+# echo "${TOP_DIR}"
+# echo "cp ${TOP_DIR}/README.md     .${ROOT_DIR}/"
+
+# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
+# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
+# file as PREPENDED_README.md, then copy that to the publish directory
+# as an Arduino-specific README.md file.
+VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
+ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+PREPEND_FILE="Arduino_README_prepend.md"
+PROPERTIES_FILE_TEMPLATE="library.properties.template"
+sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
+cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
+
+# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
+# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
+sed            s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/                              "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
+sed -i.backup  s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
+
+# cat library.properties.tmp
+# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+
+echo "Step 11: Final root file copy"
+$CP_CMD  PREPENDED_README.md          ."${ROOT_DIR}"/README.md           || exit 1
+$CP_CMD  library.properties.tmp       ."${ROOT_DIR}"/library.properties  || exit 1
+$CP_CMD  "${TOP_DIR}"/"LICENSING"     ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"README"        ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"COPYING"       ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/"ChangeLog.md"  ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/                    || exit 1
+$CP_CMD  "${TOP_DIR}"/".gitignore"    ."${ROOT_DIR}"/                    || exit 1
+
+$CP_CMD  "keywords.txt"               ."${ROOT_DIR}"/                    || exit 1
+
+
+echo "Step 12: Workspace to publish:"
+echo ""
+head -n 3  PREPENDED_README.md
+echo ""
+ls ./wolfssl -al
+echo ""
+
+# Optionally install to a separate directory.
+# Note we should have exited above if a problem was encountered,
+# as we'll never want to install a bad library.
+if [ "$THIS_OPERATION" = "INSTALL" ]; then
+    echo "Config:"
+    echo "cp ../../examples/configs/user_settings_arduino.h  ".${ROOT_SRC_DIR}"/user_settings.h"
+    # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
+    grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
+
+    # Show the user_settings.h revision string:
+    grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
+    echo ""
+
+    if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
+        echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
+        cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+        echo "Removing workspace library directory: .$ROOT_DIR"
+        rm -rf ".$ROOT_DIR"
+    else
+
+        echo "Installing to local directory:"
+        if [ "$THIS_INSTALL_DIR" = "" ]; then
+            echo "mv .$ROOT_DIR $ARDUINO_ROOT"
+            mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
+
+            echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
+        else
+            echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
+            mkdir -p "$THIS_INSTALL_DIR" || exit 1
+            cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+        fi
+    fi
+fi
+
+echo "Done!"
diff --git a/IDE/ARDUINO/wolfssl.h b/IDE/ARDUINO/wolfssl.h
new file mode 100644
index 000000000..303b73224
--- /dev/null
+++ b/IDE/ARDUINO/wolfssl.h
@@ -0,0 +1,47 @@
+/* wolfssl.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #define WOLFSSL_USER_SETTINGS
+#endif
+
+#include <Arduino.h>
+
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must be listed before any other wolfSSL include.
+ */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+int wolfSSL_Arduino_Serial_Print(const char *const s)
+{
+    /* See wolfssl/wolfcrypt/logging.c */
+    Serial.println(F(s));
+    return 0;
+};
diff --git a/IDE/AURIX/Cpu0_Main.c b/IDE/AURIX/Cpu0_Main.c
index 536ddbb10..9af27eccd 100644
--- a/IDE/AURIX/Cpu0_Main.c
+++ b/IDE/AURIX/Cpu0_Main.c
@@ -1,6 +1,6 @@
 /* Cpu0_Main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
     if (ch == (int)'\n') {
         int chcr = (int)'\r';
         count = 1;
-        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);    
+        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
     }
     count = 1;
     IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);
diff --git a/IDE/AURIX/README.md b/IDE/AURIX/README.md
index 11f884db3..fdcb171d5 100644
--- a/IDE/AURIX/README.md
+++ b/IDE/AURIX/README.md
@@ -9,7 +9,7 @@ Tested Platform:
 
 ## Running wolfCrypt on TriCore
 
-1) Add the wolfSSL source and headers to `Libraries/wolfssl`. 
+1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
   - Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
   - See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
 2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.
diff --git a/IDE/AURIX/user_settings.h b/IDE/AURIX/user_settings.h
index 4b41446b9..1b484e751 100644
--- a/IDE/AURIX/user_settings.h
+++ b/IDE/AURIX/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/AURIX/wolf_main.c b/IDE/AURIX/wolf_main.c
index 9f9003898..994ff5cca 100644
--- a/IDE/AURIX/wolf_main.c
+++ b/IDE/AURIX/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/CRYPTOCELL/main.c b/IDE/CRYPTOCELL/main.c
index 7938d0dfa..b4115b07e 100644
--- a/IDE/CRYPTOCELL/main.c
+++ b/IDE/CRYPTOCELL/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,8 +18,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
-
+
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfcrypt/test/test.h>
 #include <wolfcrypt/benchmark/benchmark.h>
@@ -63,4 +63,3 @@ int main(void)
 
     return 0;
 }
-
diff --git a/IDE/CRYPTOCELL/user_settings.h b/IDE/CRYPTOCELL/user_settings.h
index dc9822f5c..e48dc1977 100644
--- a/IDE/CRYPTOCELL/user_settings.h
+++ b/IDE/CRYPTOCELL/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -401,6 +401,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/ECLIPSE/DEOS/deos_malloc.c b/IDE/ECLIPSE/DEOS/deos_malloc.c
index b944e3bf0..925e1d8d0 100644
--- a/IDE/ECLIPSE/DEOS/deos_malloc.c
+++ b/IDE/ECLIPSE/DEOS/deos_malloc.c
@@ -1,6 +1,6 @@
 /* deos_malloc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/deos_wolfssl/.project b/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
index 181e57ed6..3e7019fb7 100644
--- a/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
+++ b/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
@@ -240,9 +240,9 @@
 			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_operations.c</locationURI>
 		</link>
 		<link>
-			<name>wolfcrypt/src/fe_x25519_128.i</name>
+			<name>wolfcrypt/src/fe_x25519_128.h</name>
 			<type>1</type>
-			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.i</locationURI>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.h</locationURI>
 		</link>
 		<link>
 			<name>wolfcrypt/src/fp_mont_small.i</name>
diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.c b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
index 41149aa44..d433307e3 100644
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.c
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
@@ -1,6 +1,6 @@
 /* tls_wolfssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.h b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
index 02a0e5316..f135d9cb1 100644
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.h
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
@@ -1,6 +1,6 @@
 /* tls_wolfssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/user_settings.h b/IDE/ECLIPSE/DEOS/user_settings.h
index ca68a2a90..0cfd0681b 100644
--- a/IDE/ECLIPSE/DEOS/user_settings.h
+++ b/IDE/ECLIPSE/DEOS/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/README.md b/IDE/ECLIPSE/MICRIUM/README.md
index bd0c8bc9f..517dfdc4f 100644
--- a/IDE/ECLIPSE/MICRIUM/README.md
+++ b/IDE/ECLIPSE/MICRIUM/README.md
@@ -40,7 +40,7 @@ The folder hierarchy is the same as the wolfSSL folders with an exception of the
 
 4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL.
 
-5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
+5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm, aes_xts_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
 
 6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
 Here's an example of the paths that must be added.
diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
index 43d2e9be8..43bfa1b50 100644
--- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
+++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
index f86cc98d5..1c4ed730b 100644
--- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
+++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
index 225aaa2ee..41118df66 100644
--- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
+++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
index 715e17b07..fb7a8c005 100644
--- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
+++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/user_settings.h b/IDE/ECLIPSE/MICRIUM/user_settings.h
index b6b93fce8..2765c5d78 100644
--- a/IDE/ECLIPSE/MICRIUM/user_settings.h
+++ b/IDE/ECLIPSE/MICRIUM/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
index 99a9212e4..ec5d3ae1b 100644
--- a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
+++ b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/RTTHREAD/user_settings.h b/IDE/ECLIPSE/RTTHREAD/user_settings.h
index 28157c202..0c21310f7 100644
--- a/IDE/ECLIPSE/RTTHREAD/user_settings.h
+++ b/IDE/ECLIPSE/RTTHREAD/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
index 84d7f460a..00bc99972 100644
--- a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
+++ b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/SIFIVE/README.md b/IDE/ECLIPSE/SIFIVE/README.md
index 030e14049..206793e9c 100644
--- a/IDE/ECLIPSE/SIFIVE/README.md
+++ b/IDE/ECLIPSE/SIFIVE/README.md
@@ -1 +1 @@
-This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
\ No newline at end of file
+This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md
index 65eef865e..01a860fd9 100644
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -1,11 +1,12 @@
 # ESP-IDF Port
 
-These Espressif examples have been created and tested with the latest stable release branch of 
-[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html).
-The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended.
-Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
+These Espressif examples have been created and tested with the latest stable release branch of
+ESP-IDF v5.2, v5.3 and the master branch
 
-See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
+Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
+
+See the latest Espressif Migration Guides.
 
 ## Examples
 
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
 ### File: `sdkconfig.h`
 
 The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
-file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
+file at [build](Espressif api-guides/build-system.html)
 time, should be included before any other files.
 
 ### File: `user_settings.h`
@@ -44,6 +45,28 @@ default configuration items in the wolfssl `settings.h`. With the latest version
 wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized
 in your project `user_settings.h` as desired.
 
+The `user_settings.h` include file should not be explicitly included in an project source files. Be
+sure to include `settings.h` (which pulls in `user_settings.h`) before any other wolfSSL include files.
+
+A new project should also include a compiler option suc as `CFLAGS +=-DWOLFSSL_USER_SETTINGS"` to ensure
+the `user_settings.h` is included properly. See the [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/main/main.c).
+
+```
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
 See the respective project directory:
 
   `[project-dir]/components/wolfssl/user_settings.h`
@@ -79,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
 
 ## Requirements
 
- 1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
+ 1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
 
 ## wolfSSL as an Espressif component
 
@@ -91,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
 
 ## Espressif Managed Components
 
-Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
+Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
 
 ```
 idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -116,15 +139,23 @@ See the specific examples for additional details.
 
 ## Setup for Linux (wolfSSL local copy)
 
-This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
- 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
+ 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
  3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
 
+
+```
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+. $WRK_IDF_PATH/export.sh
+
+./setup.sh
+```
+
 ## Setup for Windows
 
-This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
+This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
  1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
  2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
@@ -147,7 +178,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
 ## Configuration
 
- 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. 
+ 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
 
 ## Configuration (Legacy IDF install)
 
@@ -161,13 +192,13 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
  For question please email [support@wolfssl.com]
 
- Note: This is tested with :  
+ Note: This is tested with :
    - OS: Ubuntu 20.04.3 LTS
    - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
    - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
    - WSL 1 Ubuntu 22.04.3 LTS
-   - ESP-IDF: ESP-IDF v5.1
-   - SoC Module : all those supported in ESP-IDF v5.1
+   - ESP-IDF: ESP-IDF v5.2
+   - SoC Module : all those supported in ESP-IDF v5.2
 
 ## JTAG Debugging Notes
 
@@ -204,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020
 reset_config srst_push_pull trst_push_pull
 
 ```
+
+## Windows long paths
+
+Check "Long Paths Enabled" in Windows registry.
+
+Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
+
+The operation requires Administrator privileges. Command:
+
+```powershell
+powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}"
+```
diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md
index af440a8b5..438723c6b 100644
--- a/IDE/Espressif/ESP-IDF/README_32se.md
+++ b/IDE/Espressif/ESP-IDF/README_32se.md
@@ -10,7 +10,7 @@ Including the following examples:
  The `user_settings.h` file enables some of the hardened settings.
 
 ## Requirements
-1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
+1. ESP-IDF development framework: https://github.com/espressif/esp-idf
 
 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib
 
diff --git a/IDE/Espressif/ESP-IDF/compileAllExamples.sh b/IDE/Espressif/ESP-IDF/compileAllExamples.sh
index 536dc295c..95a85d906 100755
--- a/IDE/Espressif/ESP-IDF/compileAllExamples.sh
+++ b/IDE/Espressif/ESP-IDF/compileAllExamples.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # testing script: compileAllExamples
 #
diff --git a/IDE/Espressif/ESP-IDF/dummy_config_h b/IDE/Espressif/ESP-IDF/dummy_config_h
index 9d13eb284..11b204c67 100644
--- a/IDE/Espressif/ESP-IDF/dummy_config_h
+++ b/IDE/Espressif/ESP-IDF/dummy_config_h
@@ -1,6 +1,6 @@
 /* config.h - dummy
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/dummy_test_paths.h b/IDE/Espressif/ESP-IDF/dummy_test_paths.h
index adac40c1a..517826434 100644
--- a/IDE/Espressif/ESP-IDF/dummy_test_paths.h
+++ b/IDE/Espressif/ESP-IDF/dummy_test_paths.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md
index e0414d2fe..a25289432 100644
--- a/IDE/Espressif/ESP-IDF/examples/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/README.md
@@ -10,9 +10,9 @@ These are the core examples for wolfSSL:
 
 - [Test](./wolfssl_test/README.md)
 
-- [TLS Client](./wolfssl_client/README.md)
+- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
 
-- [TLS Server](./wolfssl_server/README.md)
+- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
 
 ## Other Espressif wolfSSL Examples
 
@@ -44,7 +44,7 @@ TLS1.3 Linux Client to Linux Server: `TLS_AES_128_GCM_SHA256` (default)
 ./examples/client/client -v 4 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
 ```
 
-TLS1.2 Linux Server 
+TLS1.2 Linux Server
 ```
 ./examples/server/server -v 3 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
 ```
@@ -71,14 +71,14 @@ There's an additional example that uses wolfSSL installed as a component to the
 
 ## Installing wolfSSL for Espressif projects
 
-[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) 
-have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require 
+[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
 wolfSSL to be installed.
 
-If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) 
+If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
 and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
 
-The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
+The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 also installs source code locally, instead of pointing to a source repository.
 
 ## VisualGDB
@@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've
 
 - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf).
-
-
-
+See also the `ESP-FAQ Handbook`.
diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
index 649a73663..ad97cb5a9 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
@@ -1,10 +1,20 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,34 +32,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -64,10 +103,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
+endif()
+
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
+
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
+
+if(0)
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_template)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/Makefile b/IDE/Espressif/ESP-IDF/examples/template/Makefile
new file mode 100644
index 000000000..e2b2e18e1
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/Makefile
@@ -0,0 +1,14 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+CFLAGS += -DWOLFSSL_USER_SETTINGS
+
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
+
+PROJECT_NAME := wolfssl_template
+
+include $(IDF_PATH)/make/project.mk
diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md
index 274e22dea..9e82e7280 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/template/README.md
@@ -7,11 +7,11 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ### Prerequisites
 
-It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed.
+It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed.
 
 ### Files Included
 
-- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) . 
+- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
 
 - See [components/wolfssl/include](./components/wolfssl/include/user_settings.h) directory to edit the wolfSSL `user_settings.h`.
 
@@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-
 
 - The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed.
 
-- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1.
+- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices.
 
 - Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory:
 
@@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
 
 ## Getting Started:
 
-Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html).
+Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html).
 
 Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory.
 
 ```
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
 
 echo "Run export.sh from ${WRK_IDF_PATH}"
 . ${WRK_IDF_PATH}/export.sh
@@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
 ```
 
-Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html).
+Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html).
 
 ## Other Examples:
 
diff --git a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
index 21772b2f9..92eec93a6 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
@@ -18,7 +18,7 @@
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
         <GDB>12.1</GDB>
         <Revision>1</Revision>
       </Version>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
         <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         <COMPort>COM37</COMPort>
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
index e82e19b60..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@@ -1,36 +1,166 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -45,6 +175,30 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
 
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -63,7 +217,8 @@ message(STATUS "THIS_USER = ${THIS_USER}")
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -71,25 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -107,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -136,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -147,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -166,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -230,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -284,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -340,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -353,17 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -372,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -382,9 +722,14 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -395,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -416,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -439,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -484,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -492,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
new file mode 100644
index 000000000..290563e69
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
@@ -0,0 +1,306 @@
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
+
+##
+## wolfSSL
+##
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
index 819ce60b7..7349338aa 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,13 +18,61 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +84,283 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
 
-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,17 +374,45 @@
 /* #define NO_OLD_TLS */
 
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -79,35 +420,81 @@
 
 #define HAVE_AESGCM
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
 
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
 
-/* Reminder: ED25519 requires SHA512 */
-#define HAVE_ED25519
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
 
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
@@ -127,27 +514,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -158,23 +529,36 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -182,18 +566,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -205,7 +603,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 
-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -213,10 +611,66 @@
 --enable-asn-template
 */
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
 
-#if defined(CONFIG_IDF_TARGET_ESP32)
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -234,6 +688,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -246,6 +701,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -259,6 +715,7 @@
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -284,6 +741,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -301,6 +759,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -317,6 +776,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -325,42 +785,116 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
 
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -383,8 +917,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -393,12 +927,81 @@
 #define ATCA_WOLFSSL
 */
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
@@ -414,15 +1017,82 @@
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
 #endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
index a038d035b..6a3deddc4 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
@@ -1,35 +1,43 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # wolfssl template
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 set (git_cmd "git")
 
@@ -43,10 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
 ## register_component()
 idf_component_register(SRCS main.c
                        INCLUDE_DIRS "."
-                                    "./include")
+                            "./include"
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -76,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -100,3 +129,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
new file mode 100644
index 000000000..ed9960248
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
@@ -0,0 +1,123 @@
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_APPLE_HOMEKIT
+        bool "Apple HomeKit for the ESP32"
+        help
+            See AchimPieters/esp32-homekit-demo on GitHub.
+
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
+
+config WOLFSSL_TARGET_PORT
+    int "Target port"
+    default 11111
+    help
+        host port for the example to connect
+
+endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/component.mk b/IDE/Espressif/ESP-IDF/examples/template/main/component.mk
new file mode 100644
index 000000000..08f8fbe9b
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/component.mk
@@ -0,0 +1,23 @@
+#
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
index 94c3b5eba..04a7e7f26 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
@@ -1,6 +1,6 @@
 /* template main.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
index 5e41a28fd..35826643d 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,8 +22,23 @@
 /* Espressif */
 #include <esp_log.h>
 
-/* wolfSSL  */
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
 
 /* project */
 #include "main.h"
@@ -32,18 +47,37 @@ static const char* const TAG = "My Project";
 
 void app_main(void)
 {
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    int ret = 0;
+#endif
+
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+
     ESP_LOGI(TAG, "Hello wolfSSL!");
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
-    esp_ShowExtendedSystemInfo();
+    ret = esp_ShowExtendedSystemInfo();
 #endif
 
 #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
-    esp_hw_show_metrics();
+    ret += esp_hw_show_metrics();
 #endif
 
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
     ESP_LOGI(TAG, "\n\nDone!"
                   "If running from idf.py monitor, press twice: Ctrl+]\n\n"
                   "WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */
             );
+#endif
 }
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
index 88f1e113e..2a93afe05 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
@@ -1,25 +1,155 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
 CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
-# Legacy stack size for older ESP-IDF versions
+# Legacy stack size name for older ESP-IDF versions
 CONFIG_MAIN_TASK_STACK_SIZE=10500
 
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
+
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
index b49373e69..17437542e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
@@ -1,10 +1,19 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -19,15 +28,121 @@ cmake_minimum_required(VERSION 3.16)
 #   Linux:  ~/workspace
 # Windows:  C:\workspace
 #
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
-# Optionally specify a location for wolfSSL component source code
-# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" )
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
+    message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
+endif()
+
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
+
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
+
+if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
+endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
-set(COMPONENTS
-  main
-  wolfssl
-) # set components
-
 project(wolfssl_benchmark)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
index dbbe9edb4..5bdaf7fa9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
@@ -3,9 +3,12 @@
 # project subdirectory.
 #
 
-PROJECT_NAME := wolfssl_benchmark
-
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 
-include $(IDF_PATH)/make/project.mk
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
 
+PROJECT_NAME := wolfssl_benchmark
+
+include $(IDF_PATH)/make/project.mk
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
index 7decc9aa4..e760db5f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
@@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Espressif ESP Component Registry
 
-See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl)
+See the wolfSSL namespace and additional details:
 
+https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
 
 ## Windows COM Port
 
@@ -19,6 +20,13 @@ other local port to `COM20` as needed:
 change port com20=com23
 ```
 
+## Bulk Testing
+
+If you have a test jig with multiple ESP32 devices and you'd like to run this wolfcrypt benchmark on all of them, check out
+the `testAll.sh` and `testMonitor.sh` scripts in the [../wolfssl_test](../wolfssl_test/README.md) directory. Copy those
+bash script files to this project. See the `esp32[NN]_PORT` and `esp32[NN]_PUTTY` settings in `testMonitor.sh` that will
+be machine-specific.
+
 ## VisualGDB
 
 Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
@@ -31,9 +39,7 @@ using the VisualGDB extension.
 
 The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
 
-
--------- |------------- |------------- |
-ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.1 |
+ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.2 |
 -------- |------------- |------------- |
 ESP32    |      x       |              |
 ESP32-S2 |              |              |
@@ -55,11 +61,12 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    BENCH_ARG : argument that you want to use. Default is "-lng 0"  
-    The list of argument can be find in help.
+    BENCH_ARG : argument that you want to use. Default is "-lng 0"
+    The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md)
+    Features to be benchmarked are enabled in the `user_settings.h`.
 
 When you want to run the benchmark program
 
@@ -82,14 +89,34 @@ git fetch
 git pull
 git submodule update --init --recursive
 
-cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# pick your workspace location
+# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
 
-# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
+# The ESP8266 uses a completely different toolchain:
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
 
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+# Pick ESP-IDF toolchain install directory
 WRK_IDF_PATH=~/esp/esp-idf
 
+# ESP-IDF v4.x uses toolchain v8.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+
+# ESP-IDF v5.0 with toolchain v12.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
+
+# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1
+
+# The most recent version:
+# ESP-IDF v5.2 uses toolchain v13.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+
+
 . $WRK_IDF_PATH/export.sh
 
 # Set target SoC
@@ -103,9 +130,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
index 276a342de..b5e6eb652 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
@@ -18,9 +18,9 @@
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
-        <GCC>11.2.0</GCC>
-        <GDB>9.2.90</GDB>
-        <Revision>2</Revision>
+        <GCC>13.2.0</GCC>
+        <GDB>12.1</GDB>
+        <Revision>1</Revision>
       </Version>
     </ToolchainID>
     <RelativeSourceDirectory>..</RelativeSourceDirectory>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
         <IDFCheckout>
-          <Version>release/v5.0</Version>
-          <Subdirectory>esp-idf/v5.0</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         <COMPort>COM20</COMPort>
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
index e82e19b60..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@@ -1,36 +1,166 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -45,6 +175,30 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
 
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -63,7 +217,8 @@ message(STATUS "THIS_USER = ${THIS_USER}")
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -71,25 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -107,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -136,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -147,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -166,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -230,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -284,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -340,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -353,17 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -372,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -382,9 +722,14 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -395,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -416,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -439,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -484,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -492,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
index 5234a007e..a7b5f3706 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
@@ -1,40 +1,306 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
+
+##
+## wolfSSL
+##
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (needed for this benchmark example)
+##
+COMPONENT_OBJS               += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+COMPONENT_SRCDIRS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS    += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
index cc9bae6bc..7349338aa 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,13 +18,61 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +84,283 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
 
-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,17 +374,45 @@
 /* #define NO_OLD_TLS */
 
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -79,40 +420,87 @@
 
 #define HAVE_AESGCM
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
 
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
 
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-#define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
 
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 
@@ -126,27 +514,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -157,8 +529,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -167,7 +542,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -176,6 +551,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -183,18 +566,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -206,7 +603,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 
-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -214,10 +611,66 @@
 --enable-asn-template
 */
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
 
-#if defined(CONFIG_IDF_TARGET_ESP32)
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -235,6 +688,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -247,6 +701,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -260,6 +715,7 @@
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -285,6 +741,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -302,6 +759,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -318,6 +776,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -326,11 +785,19 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -342,31 +809,84 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
 
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -396,8 +916,9 @@
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -406,12 +927,81 @@
 #define ATCA_WOLFSSL
 */
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
@@ -427,19 +1017,77 @@
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
 
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
 /* See settings.h for some of the possible hardening options:
  *
  *  #define NO_ESPIDF_DEFAULT
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
index e37c4d5f6..5166065a3 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
@@ -1,11 +1,44 @@
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.2
 #
 # wolfssl benchmark test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS "main.c")
-set(COMPONENT_ADD_INCLUDEDIRS ".")
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
 
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
 set (git_cmd "git")
 
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -18,9 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
+## register_component()
 idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." 
-                       "./include")
+                       INCLUDE_DIRS "."
+                            "./include"
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -50,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -74,3 +129,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
index 8fd12d389..264c80883 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
@@ -22,7 +22,7 @@ config BENCH_ARGV
         -lng <num>  Display benchmark result by specified language.
                     0: English, 1: Japanese
         <num>       Size of block in bytes
-        
+
         e.g -lng 1
         e.g sha
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
index 0adf45649..08f8fbe9b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
@@ -3,6 +3,21 @@
 #
 # This Makefile can be left empty. By default, it will take the sources in the
 # src/ directory, compile them and link them into lib(subdirectory_name).a
-# in the build directory. This behaviour is entirely configurable,
+# in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
index 219eb15dd..a7828c33e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
@@ -1,6 +1,6 @@
-/* benchmark main.h
+/* wolfssl_benchmark main.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef _MAIN_
-#define _MAIN_
+#ifndef _MAIN_H_
+#define _MAIN_H_
 
 void app_main(void);
 
-/* see wolfssl/wolfcrypt/benchmark/benchmark.h */
-extern void wolf_benchmark_task();
-
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
index 855105e7d..9af128c07 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
@@ -1,6 +1,6 @@
 /* benchmark main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,25 +20,51 @@
  */
 
 /* ESP-IDF */
-#include <esp_log.h>
 #include "sdkconfig.h"
+#include <esp_log.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h"
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* The wolfSSL user_settings.h file is automatically included by the settings.h
+ * file and should never be explicitly included in any other source files.
+ * The settings.h should also be listed above wolfssl library include files. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/benchmark/benchmark.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfcrypt/benchmark/benchmark.h>
+/* Hardware; include after other libraries,
+ * particularly after freeRTOS from settings.h */
+#include <driver/uart.h>
 
 /* set to 0 for one benchmark,
-** set to 1 for continous benchmark loop */
-#define BENCHMARK_LOOP 1
+** set to 1 for continuous benchmark loop */
+#define BENCHMARK_LOOP 0
+
+#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
+
+#ifdef CONFIG_ESP8266_XTAL_FREQ_26
+    /* 26MHz crystal: 74880 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 74880
+#else
+    /* 40MHz crystal: 115200 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 115200
+#endif
 
 /* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
 #ifdef CONFIG_BENCH_ARGV
@@ -129,15 +155,17 @@ void my_atmel_free(int slotId)
 /* the following are needed by benchmark.c with args */
 #ifdef WOLFSSL_BENCH_ARGV
 char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS];
+#define ARG_BUFF_SIZE 16
 
 int construct_argv()
 {
+    #define ARG_BUFF_SIZE 16
     int cnt = 0;
     int i = 0;
     int len = 0;
     char *_argv; /* buffer for copying the string    */
     char *ch; /* char pointer to trace the string */
-    char buff[16] = { 0 }; /* buffer for a argument copy       */
+    char buff[ARG_BUFF_SIZE] = { 0 }; /* buffer for a argument copy       */
 
     ESP_LOGI(TAG, "construct_argv arg:%s\n", CONFIG_BENCH_ARGV);
     len = strlen(CONFIG_BENCH_ARGV);
@@ -170,7 +198,7 @@ int construct_argv()
         memset(buff, 0, sizeof(buff));
         /* copy each args into buffer */
         i = 0;
-        while ((*ch != ' ') && (*ch != '\0') && (i < 16)) {
+        while ((*ch != ' ') && (*ch != '\0') && (i <= ARG_BUFF_SIZE)) {
             buff[i] = *ch;
             ++i;
             ++ch;
@@ -192,18 +220,45 @@ int construct_argv()
 /* entry point */
 void app_main(void)
 {
+    uart_config_t uart_config = {
+        .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
+        .data_bits = UART_DATA_8_BITS,
+        .parity    = UART_PARITY_DISABLE,
+        .stop_bits = UART_STOP_BITS_1,
+    };
     int stack_start = 0;
-    ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example ------------");
+    word32 loops = 0;
+    esp_err_t ret = 0;
+
+    stack_start = esp_sdk_stack_pointer();
+
+    /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
+     *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
+
+    /* Some targets may need to have UART speed set, such as ESP8266 */
+    ESP_LOGI(TAG, "UART init");
+    uart_param_config(UART_NUM_0, &uart_config);
+    uart_driver_install(UART_NUM_0,
+                        THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
+
+    ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
 
-#ifdef HAVE_VERSION_EXTENDED_INFO
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
+    esp_DisableWatchdog();
+#endif
+
+#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
     esp_ShowExtendedSystemInfo();
 #endif
 
+    /* all platforms: stack high water mark check */
     ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV);
 
 /* when using atecc608a on esp32-wroom-32se */
@@ -224,7 +279,7 @@ void app_main(void)
     ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task")
 #else
 
-    /* although wolfCrypt_Init() may be explicitly called above,
+    /* Although wolfCrypt_Init() may be explicitly called above,
     ** note it is still always called in wolf_benchmark_task.
     */
     stack_start = uxTaskGetStackHighWaterMark(NULL);
@@ -232,33 +287,64 @@ void app_main(void)
     do {
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 
-        wolf_benchmark_task();
+#ifdef WOLFSSL_BENCH_ARGV
+        ret = benchmark_test(__argv);
+#else
+        ret = benchmark_test(NULL);
+#endif
         ESP_LOGI(TAG, "Stack used: %d\n",
                       stack_start - uxTaskGetStackHighWaterMark(NULL));
 
-        #ifdef WOLFSSL_HW_METRICS_DISABLED/* Remove _DISABLED upon #6990 Merge */
-            esp_hw_show_metrics();
-        #endif
-    } while (BENCHMARK_LOOP);
-    /* Reminder: wolfCrypt_Cleanup should always be called at completion,
+        esp_hw_show_metrics();
+
+        loops++; /* count of the number of tests run before fail. */
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "loops = %d", loops);
+
+    } while (BENCHMARK_LOOP && (ret == 0));
+
+    /* Reminder: wolfCrypt_Cleanup() should always be called at completion,
     ** and is called in wolf_benchmark_task().  */
 
+#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1)
+    /* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */
+    ESP_LOGI(TAG, "Benchmark loops completed: %d", loops);
+#endif
+
 #if defined(SINGLE_THREADED)
     /* need stack monitor for single thread */
 #else
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 #endif
 
+#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+
+    ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                    - (uxTaskGetStackHighWaterMark(NULL)));
+#endif
+
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+#else
     ESP_LOGI(TAG, "\n\nDone!\n\n"
                   "If running from idf.py monitor, press twice: Ctrl+]");
-
-    /* after the test, we'll just wait */
-    while (1) {
-        /* do something other than nothing to help next program/debug session*/
-#ifndef SINGLE_THREADED
-        vTaskDelay(1000);
 #endif
-    }
 
+    /* After completion, we'll just wait */
+    while (1) {
+#if defined(SINGLE_THREADED)
+        while (1);
+#else
+        vTaskDelay(60000);
+#endif
+    } /* done while */
 #endif /* NO_CRYPT_BENCHMARK */
-} /* main */
+}
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
index a9c373bec..0b2fcd1a9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
@@ -1,31 +1,31 @@
-# to view: idf.py partition-table
-#
-# ESP-IDF Partition Table
-# Name, Type,  SubType, Offset,  Size, Flags
-nvs,     data, nvs,     0x9000,  24K,
-phy_init,data, phy,     0xf000,  4K,
-factory, app,  factory, 0x10000, 1500K,
-
-
-# For other settings, see:
-# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
-#
-# Here is the summary printed for the "Single factory app, no OTA" configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x6000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000, 1M,
-#
-#
-# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x4000,
-# otadata,  data, ota,     0xd000,  0x2000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000,  1M,
-# ota_0,    app,  ota_0,   0x110000, 1M,
-# ota_1,    app,  ota_1,   0x210000, 1M,
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
index 8e3c969d9..7fac4476f 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
@@ -1,34 +1,157 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
 CONFIG_BENCH_ARGV="-lng 0"
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=28672
 
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
 #
 # Watchdog Timers
 #
-# We don't want to have the watchdog timeout during tests
+# We don't want to have the watchdog timeout during tests & benchmarks
 #
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
index 14d08bf9f..868b15d85 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
@@ -1,10 +1,20 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,45 +32,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
 
 if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
 else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
 endif()
 
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -75,22 +103,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
 endif()
 
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+if(0)
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_client)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
index f3854ff18..430abea3e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
@@ -1,12 +1,139 @@
+# ESP8266 Project Makefile for wolfssl_client
 #
-# This is a project Makefile. It is assumed the directory this Makefile resides in is a
-# project subdirectory.
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+#
+# This is a project Makefile.
+# It is assumed the directory this Makefile resides in is a
+# project subdirectory containing an entire project.
+#
+# Optional private config headers. Define environment variables
+# to include various default header files that are typically
+# not in a git path, and thus excluded from being checked in.
+#
+#     Environment Variable Name      |     Header file name included
+# ---------------------------------- | ---------------------------------------
+#    MY_PRIVATE_CONFIG                  (files detected / selected in header)
+#    USE_MY_PRIVATE_WSL_CONFIG          /mnt/c/workspace/my_private_config.h
+#    USE_MY_PRIVATE_MAC_CONFIG          ~/Documents/my_private_config.h
+#    USE_MY_PRIVATE_LINUX_CONFIG        ~/workspace/my_private_config.h
+#    USE_MY_PRIVATE_WINDOWS_CONFIG      /workspace/my_private_config.h
+#
+#
 PROJECT_NAME := wolfssl_client
 
+# Optionally include component source when print path (needs work to then properly build)
+#
+# include components/wolfssl/component.mk
+
+MY_PRIVATE_CONFIG ?= n
+USE_MY_PRIVATE_WSL_CONFIG ?= n
+USE_MY_PRIVATE_MAC_CONFIG ?= n
+USE_MY_PRIVATE_LINUX_CONFIG ?= n
+USE_MY_PRIVATE_WINDOWS_CONFIG ?= n
+
+# Calling shell causes unintuitive error in Windows:
+#     OS := $(shell uname -s)
+#
+# But OS, or MY_PRIVATE_CONFIG should already be defined:
+$(info *************  wolfssl_client *************)
+
+ifeq ($(MY_PRIVATE_CONFIG),y)
+	CFLAGS += -DMY_PRIVATE_CONFIG
+	$(info Enabled MY_PRIVATE_CONFIG")
+endif
+
+# Check for Windows environment variable: USE_MY_PRIVATE_WINDOWS_CONFIG
+ifeq ($(USE_MY_PRIVATE_WINDOWS_CONFIG),y)
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := /workspace/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
+		$(info Using private config file for: Windows)
+	endif
+endif
+
+# Check for WSL environment variable: USE_MY_PRIVATE_WSL_CONFIG
+ifeq ($(USE_MY_PRIVATE_WSL_CONFIG),y)
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
+		$(info Using private config file for: WSL)
+	endif
+endif
+
+# Check for Linux environment variable: USE_MY_PRIVATE_LINUX_CONFIG
+ifeq ($(USE_MY_PRIVATE_LINUX_CONFIG),y)
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := ~/workspace/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
+		$(info Using private config file for: Linux)
+	endif
+endif
+
+# Check for Mac environment variable: USE_MY_PRIVATE_MAC_CONFIG
+ifeq ($(USE_MY_PRIVATE_MAC_CONFIG),y)
+	# This hard coded MY_CONFIG_FILE value must match that in the header file.
+	MY_CONFIG_FILE := ~/Documents/my_private_config.h
+	ifeq ($(wildcard $(MY_CONFIG_FILE)),)
+		$(info File does not exist: $(MY_CONFIG_FILE))
+	else
+		CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
+		$(info Using private config file for: Mac)
+	endif
+endif
+
+ifneq ($(OS),MY_PRIVATE_CONFIG)
+	CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
+else
+	ifeq ($(OS),Linux)
+		CFLAGS += -DOS_LINUX
+	endif
+	ifeq ($(OS),Windows_NT)
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
+	endif
+	ifeq ($(OS),Darwin)
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
+	endif
+	ifneq (,$(findstring MINGW,$(OS)))
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
+	endif
+	ifneq (,$(findstring CYGWIN,$(OS)))
+		CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
+	endif
+endif
+
+# It is essential that the build process sees the WOLFSSL_USER_SETTINGS
 CFLAGS += -DWOLFSSL_USER_SETTINGS
-# if there isn't the directory, please disable the line below.
+
+# if directory not available, please disable the line below.
 EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
 
+# The Standard Espressif IDF include:
 include $(IDF_PATH)/make/project.mk
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
index 21855add8..ff275c711 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -8,47 +8,220 @@ When using the CLI, see the [example parameters](/IDE/Espressif/ESP-IDF/examples
 For general information on [wolfSSL examples for Espressif](../README.md), see the
 [README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
 
-## VisualGDB
+## Quick Start
+
+Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266.
+
+Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266)
+and set the various parameters for the target device, along with local WiFi settings:
+
+* Target Host: `CONFIG_WOLFSSL_TARGET_HOST` (The IP address of a listening server)
+* Target Port: `CONFIG_WOLFSSL_TARGET_PORT` (Typically `11111`)
+* Example WiFi SSID: `CONFIG_EXAMPLE_WIFI_SSID` (The WiFi that you want to connect to)
+* Example WiFi Password: `CONFIG_EXAMPLE_WIFI_PASSWORD` (The WiFi password)
+
+The latest examples use makefiles that do not require local file copy installation of wolfSSL.
+
+Build and flash the software to see the example in action.
+
+##  Quick Start with VisualGDB
+
+There are optional [VisualGDB](https://visualgdb.com/tutorials/esp8266/) project files in the
+[VisualGDB](./VisualGDB) project subdirectory, and an ESP8266 project file in the project directory,
+called `wolfssl_client_ESP8266.vgdbproj`.
 
 Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
-No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
+No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM19`.
 
-## ESP-IDF Commandline
+## Troubleshooting
+
+Weird results, odd messages, unexpected compiler errors? Manually delete the build directory and
+any locally generated files (`sdkconfig`, `sdkconfig-debug`, etc.) and start over.
+
+The `build` directory is typically located in the root of the project directory:  `[project]/build`.
+
+
+Difficulty flashing:
+
+* Ensure the target device has a robust, stable, clean power supply.
+* Check that quality USB cables are being used.
+* Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable.
+* Review board specifications: some require manual boot mode via on-board buttons.
+* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`.
+
+## ESP-IDF Commandline v5.x
 
 
 1. `idf.py menuconfig` to config the project
 
-      1-1. Example Configuration ->  
+      1-1. Example Configuration ->
 
           Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
 
      1-2. Example Connection Configuration ->
-     
-          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")  
+
+          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
           WIFI Password: WIFI password, and default is "mypassword"
-    
-    
-    Note: the example program uses 11111 port. If you want to use different port  
+
+
+    Note: the example program uses 11111 port. If you want to use different port
         , you need to modify DEFAULT_PORT definition in the code.
 
 When you want to test the wolfSSL client
 
-1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context  
-2. You can use <wolfssl>/examples/server/server program for test.  
+1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
+2. You can use <wolfssl>/examples/server/server program for test.
 
          e.g. Launch ./examples/server/server -v 4 -b -i -d
 
+
+## VisualGDB for ESP8266
+
+Reminder that we build with `make` and not `cmake` in VisualGDB.
+
+Build files will be created in `[project directory]\build`
+
+See notes below if building a project in a directory other than the examples.
+
+Problems?
+
+- Try deleting any existing `sdkconfig` file and/or `./build` directory to start fresh.
+- Be sure the RTOS SDK is installed and properly configured.
+
+## ESP-IDF `make` Commandline (version 3.5 or earlier for the ESP8266)
+
+In-place example build:
+
+```bash
+export IDF_PATH=~/esp/ESP8266_RTOS_SDK
+export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
+cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+make clean
+make
+```
+
+When building a in a *different directory*, for example assuming the `wolfssl_client` in the wolfssl examples
+directory is copied to the `C:\test\demo` directory in Windows. (aka ` /mnt/c/test/demo` in WSL),
+with a clone of wolfSSL `master` branch in `C:\workspace\wolfssl-master`:
+
+```bash
+cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+```
+
+Modify the project `./components/wolfssl/component.mk` file. Adjust `WOLFSSL_ROOT` setting, in this case to a value of:
+
+`WOLFSSL_ROOT := ../../../../workspace/wolfssl-master`
+
+Ensure the path is *relative* to the project `component.mk` file location and *not* absolute.
+
+Note the location of the component makefile in this case is `c:\test\demo\components\wolfssl\component.mk`.
+Thus we need to navigate up 4 parents to the root of `C:\` to find `/mnt/c` in WSL.
+
+Proceed to run `make` from the project directory as usual:
+
+```bash
+# setup environment as needed
+export IDF_PATH=~/esp/ESP8266_RTOS_SDK
+export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
+
+# copy and navigate to project directory
+mkdir -p /mnt/c/test/demo
+cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+cd /mnt/c/test/demo
+
+# Clean
+rm -rf ./build
+rm sdkconfig
+make clean
+
+# Edit ./components/wolfssl/component.mk and set WOLFSSL_ROOT value
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# build the example project
+make
+```
+
+When using `make` there should be details in the build log to indicate
+the assigned path, and the equivalent, fully-qualified path of `WOLFSSL_ROOT`.
+
+```
+*************  wolfssl_client *************
+***********  wolfssl component ************
+WOLFSSL_ROOT defined: ../../../../workspace/wolfssl-master
+WOLFSSL_ROOT actual:  /mnt/c/workspace/wolfssl-master
+********** end wolfssl component **********
+```
+
+
+## ESP-IDF CMake Commandline (version 3.5 or earlier for the ESP8266)
+
+Build files will be created in `[project directory]\build\debug`
+
+```
+# Set your path to RTOS SDK, shown here for default from WSL with VisualGDB
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+#  or
+WRK_IDF_PATH=~/esp/ESP8266_RTOS_SDK
+
+# Setup the environment
+. $WRK_IDF_PATH/export.sh
+
+# install as needed / prompted
+/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh
+
+# Fetch wolfssl from GitHub if needed:
+cd /workspace
+git clone https://github.com/wolfSSL/wolfssl.git
+
+# change directory to wolfssl client example.
+cd wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+
+# or for example, WSL with C:\workspace as home for git clones:
+# cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_client
+
+# adjust settings as desired
+idf.py menuconfig
+
+
+idf.py build flash -p /dev/ttyS70 -b 115200
+idf.py monitor -p /dev/ttyS70 -b 74880
+```
+
 ## SM Ciphers
 
-#### Working Linux Client to ESP32 Server
+(TODO coming soon)
+See https://github.com/wolfSSL/wolfsm
+
+#### Working Linux Client to ESP32 Server Example:
+
+```
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3
+```
+
+```text
+-c <file>   Certificate file,           default ./certs/client-cert.pem
+-k <file>   Key file,                   default ./certs/client-key.pem
+-A <file>   Certificate Authority file, default ./certs/ca-cert.pem
+```
+
+Example client, with default certs explicitly given:
+
+```bash
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3 -c ./certs/client-cert.pem -k      ./certs/client-key.pem -A     ./certs/ca-cert.pem
+```
+
+Example client, with RSA 1024 certs explicitly given:
+
+```
+./examples/client/client -h 192.168.1.37 -p 11111 -v 3 -c ./certs/1024/client-cert.pem -k ./certs/1024/client-key.pem -A ./certs/1024/ca-cert.pem
+```
 
 Command:
 
 ```
 cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
-
 ```
 
 ```
@@ -74,5 +247,33 @@ I hear you fa shizzle!
 ./examples/server/server                   -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3     -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem     -A ./certs/sm2/client-sm2.pem -V
 ```
 
-See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
 
+#### Linux Client using Kyber to ESP32 Server
+
+```
+# Ensure build with Kyber enabled:
+# ./configure --enable-kyber=all --enable-experimental && make
+
+./examples/client/client  -h 192.168.1.38 -v 4 -l  TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
+```
+
+#### ESP32 Client to WSL Linux Server
+
+In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
+
+```bash
+netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
+```
+
+After the server exits, remove the port proxy forward:
+
+```bash
+netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
+```
+
+For additional information, see [Accessing network applications with WSL](https://learn.microsoft.com/en-us/windows/wsl/networking).
+
+
+## Additional Information
+
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
index 01dd6baf8..87e1f0365 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
@@ -49,7 +49,7 @@ make clean && make
 ### Others...
 
 ```
-# Success: Linux Client to ESP32 Server TLS1.2 
+# Success: Linux Client to ESP32 Server TLS1.2
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
 
 |  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
 | -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
-| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |
 | client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
 | emdedded:
 | server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
 I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
 I (636) spi_flash: detected chip: generic
 I (639) spi_flash: flash io: dio
-W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
 size in the binary image header.
 I (657) cpu_start: Starting scheduler on PRO CPU.
 I (0) cpu_start: Starting scheduler on APP CPU.
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
 I (755) wifi:wifi firmware version: 0d470ef
 I (755) wifi:wifi certification version: v7.0
 I (755) wifi:config NVS flash: enabled
-I (755) wifi:config nano formating: disabled
+I (755) wifi:config nano formatting: disabled
 I (755) wifi:Init data frame dynamic rx buffer num: 32
 I (765) wifi:Init management frame dynamic rx buffer num: 32
 I (765) wifi:Init management short buffer num: 32
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
 I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
 I (14725) wolfssl: Point Formats extension to write
 W (14735) wolfio: ssl->wflags = 0
-I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
-I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
-I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
-I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
-I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
-I (14765) wolfio: 06 00 0b 00 02 01 00 
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
+I (14765) wolfio: 06 00 0b 00 02 01 00
 W (14775) wolfio: sz          = 87
 I (14775) wolfssl: Shrinking output buffer
 I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
 I (14795) wolfssl: growing output buffer
 I (14805) internal.c: GrowOutputBuffer ok
 W (14815) wolfio: ssl->wflags = 0
-I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
-I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
-I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
-I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
-I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
-I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
-I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
-I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
-I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
-I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
-I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
-I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
-I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
-I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
-I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
-I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
-I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
-I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
-I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
-I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
-I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
-I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
-I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
-I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
-I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
-I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
-I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
-I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
-I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
-I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
-I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
-I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
-I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
-I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
-I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
-I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
-I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
-I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
-I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
-I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
-I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
-I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
-I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
-I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
-I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
-I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
-I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
 W (15135) wolfio: sz          = 747
 I (15135) wolfssl: Shrinking output buffer
 I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
 I (15925) wolfssl: growing output buffer
 I (15925) internal.c: GrowOutputBuffer ok
 W (15925) wolfio: ssl->wflags = 0
-I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
-I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
-I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
-I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
-I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
-I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
-I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
-I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
-I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
-I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
 W (15995) wolfio: sz          = 154
 I (16005) wolfssl: Shrinking output buffer
 I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
 I (16035) wolfssl: growing output buffer
 I (16035) internal.c: GrowOutputBuffer ok
 W (16045) wolfio: ssl->wflags = 0
-I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16045) wolfio: sz          = 9
 I (16055) wolfssl: Embed Send error
 I (16055) wolfssl:      Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
 I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
 E (16145) tls_server: ERROR: failed to read
 I (16145) wolfssl: Client sends:
-I (16145) wolfssl: 
+I (16145) wolfssl:
 I (16155) wolfssl: wolfSSL Entering wolfSSL_write
 I (16155) wolfssl: handshake not complete, trying to finish
 I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
 I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
 I (16175) wolfssl: wolfSSL Entering ReinitSSL
 W (16185) wolfio: ssl->wflags = 0
-I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16185) wolfio: sz          = 9
 I (16195) wolfssl: Embed Send error
 I (16195) wolfssl:      General error
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
index c46b3864f..17f246f68 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
@@ -18,6 +18,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "include", "include", "{5326
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A51226B3-88A7-4463-B443-0E321C4A3D53}"
 	ProjectSection(SolutionItems) = preProject
+		..\..\..\..\..\..\wolfssl\wolfcrypt\error-crypt.h = ..\..\..\..\..\..\wolfssl\wolfcrypt\error-crypt.h
+		..\..\..\..\..\..\wolfssl\error-ssl.h = ..\..\..\..\..\..\wolfssl\error-ssl.h
+		..\main\Kconfig.projbuild = ..\main\Kconfig.projbuild
+		..\build\VisualGDB\Debug\esp-idf\esp_system\ld\memory.ld = ..\build\VisualGDB\Debug\esp-idf\esp_system\ld\memory.ld
 		..\..\..\..\..\..\..\my_private_config.h = ..\..\..\..\..\..\..\my_private_config.h
 		..\partitions_singleapp_large.csv = ..\partitions_singleapp_large.csv
 		..\README.md = ..\README.md
@@ -25,6 +29,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		..\build\VisualGDB\Debug\config\sdkconfig.cmake = ..\build\VisualGDB\Debug\config\sdkconfig.cmake
 		..\sdkconfig.defaults = ..\sdkconfig.defaults
 		..\build\VisualGDB\Debug\config\sdkconfig.h = ..\build\VisualGDB\Debug\config\sdkconfig.h
+		..\build\VisualGDB\Debug\esp-idf\esp_system\ld\sections.ld = ..\build\VisualGDB\Debug\esp-idf\esp_system\ld\sections.ld
 	EndProjectSection
 EndProject
 Global
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
index 0fb07f698..412ec006e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
@@ -18,7 +18,7 @@
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
         <GDB>12.1</GDB>
         <Revision>1</Revision>
       </Version>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
         <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         <COMPort>COM19</COMPort>
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
index e82e19b60..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@@ -1,36 +1,166 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -45,6 +175,30 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
 
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -63,7 +217,8 @@ message(STATUS "THIS_USER = ${THIS_USER}")
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -71,25 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -107,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -136,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -147,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -166,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -230,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -284,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -340,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -353,17 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -372,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -382,9 +722,14 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -395,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -416,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -439,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -484,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -492,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
index 5234a007e..290563e69 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
@@ -1,40 +1,306 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
+
+##
+## wolfSSL
+##
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
index de5e247ce..7349338aa 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,13 +18,61 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +84,283 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
 
-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,17 +374,45 @@
 /* #define NO_OLD_TLS */
 
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -79,39 +420,87 @@
 
 #define HAVE_AESGCM
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
 
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
 
-#define HAVE_ED25519 /* ED25519 requires SHA512 */
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
- #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
 
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 
@@ -125,27 +514,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -156,23 +529,36 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -180,18 +566,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -203,7 +603,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 
-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -211,10 +611,66 @@
 --enable-asn-template
 */
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
 
-#if defined(CONFIG_IDF_TARGET_ESP32)
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -232,6 +688,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -244,6 +701,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -257,6 +715,7 @@
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -282,6 +741,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -299,6 +759,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -315,6 +776,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -323,43 +785,116 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
 
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -382,8 +917,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -392,12 +927,81 @@
 #define ATCA_WOLFSSL
 */
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
@@ -413,15 +1017,82 @@
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
 #endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
index 621eb8702..80a89c25a 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
@@ -1,35 +1,43 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # wolfssl client test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 set (git_cmd "git")
 
@@ -43,14 +51,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
 ## register_component()
 idf_component_register(SRCS main.c
                             wifi_connect.c
                             time_helper.c
                             client-tls.c
                        INCLUDE_DIRS "."
-                                    "./include")
-#
+                            "./include"
+                       PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                                     "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     nvs_flash
+                                     protocol_examples_common)
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -80,15 +100,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -104,3 +133,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
index 83dcd6439..ed9960248 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
@@ -1,4 +1,112 @@
-menu "Example Configuration"
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_APPLE_HOMEKIT
+        bool "Apple HomeKit for the ESP32"
+        help
+            See AchimPieters/esp32-homekit-demo on GitHub.
+
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
 
 config WOLFSSL_TARGET_HOST
     string "Target host"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
index 9d5d26dbe..ea6972d7b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,15 +28,26 @@
     #include <freertos/event_groups.h>
 #endif
 
+/* Espressif */
+#include <esp_log.h>
+
 /* socket includes */
 #include <lwip/netdb.h>
 #include <lwip/sockets.h>
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
+/* This project not yet using the library */
+#undef USE_WOLFSSL_ESP_SDK_WIFI
 #include <wolfssl/ssl.h>
 
+#if defined(WOLFSSL_WC_KYBER)
+    #include <wolfssl/wolfcrypt/kyber.h>
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+    #include <wolfssl/certs_test.h>
+#endif
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
@@ -50,30 +61,6 @@
     #define DEFAULT_MAX_DHKEY_BITS 2048
 #endif
 
-#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
-    #include <wolfssl/certs_test_sm.h>
-    #define CTX_CA_CERT          root_sm2
-    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
-    #define CTX_CLIENT_CERT      client_sm2
-    #define CTX_CLIENT_CERT_SIZE sizeof_client_sm2
-    #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_PEM
-    #define CTX_CLIENT_KEY       client_sm2_priv
-    #define CTX_CLIENT_KEY_SIZE  sizeof_client_sm2_priv
-    #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_PEM
-#else
-    #include <wolfssl/certs_test.h>
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_CLIENT_CERT      client_cert_der_2048
-    #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
-    #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_CLIENT_KEY       client_key_der_2048
-    #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
-    #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
 /* Project */
 #include "wifi_connect.h"
 #include "time_helper.h"
@@ -87,7 +74,7 @@
  *  -h 192.168.1.128 -v 4 -l TLS13-SM4-CCM-SM3        -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
  *
  **/
-static const char* const TAG = "tls_client";
+#define TAG "client-tls"
 
 #if defined(DEBUG_WOLFSSL)
 int stack_start = -1;
@@ -203,19 +190,23 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     struct hostent *hp;
     struct ip4_addr *ip4_addr;
     int ret_i; /* interim return values */
+    int err; /* interim return values */
     int sockfd;
     int doPeerCheck;
     int sendGet;
+#ifdef DEBUG_WOLFSSL
+    int this_heap = 0;
+#endif
 #ifndef NO_DH
     int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
 #endif
-    size_t len;
 
     /* declare wolfSSL objects */
     WOLFSSL_CTX* ctx;
     WOLFSSL*     ssl;
 
-    wolfSSL_Debugging_ON();
+    size_t len;
+
     WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
 
     doPeerCheck = 1;
@@ -249,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     /* Create and initialize WOLFSSL_CTX */
     ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */
     /*   options:   */
-    /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());      only TLS 1.2 */
-    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());      only TLS 1.3 */
+    /* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method());      only TLS 1.2 */
+    /* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method());      only TLS 1.3 */
     /* wolfSSL_CTX_NoTicketTLSv12(); */
     /* wolfSSL_NoTicketTLSv12();     */
     if (ctx == NULL) {
@@ -264,29 +255,29 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
  *
  * reference code for SM Ciphers:
  *
-        #if defined(HAVE_AESGCM) && !defined(NO_DH)
-            #ifdef WOLFSSL_TLS13
-                defaultCipherList = "TLS13-AES128-GCM-SHA256"
-                #ifndef WOLFSSL_NO_TLS12
-                                    ":DHE-PSK-AES128-GCM-SHA256"
-                #endif
-                ;
-            #else
-                defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
+    #if defined(HAVE_AESGCM) && !defined(NO_DH)
+        #ifdef WOLFSSL_TLS13
+            defaultCipherList = "TLS13-AES128-GCM-SHA256"
+            #ifndef WOLFSSL_NO_TLS12
+                                ":DHE-PSK-AES128-GCM-SHA256"
             #endif
-        #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
-                defaultCipherList = "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256"
-                #ifndef WOLFSSL_NO_TLS12
-                                    ":PSK-AES128-GCM-SHA256"
-                #endif
-                ;
-        #elif defined(HAVE_NULL_CIPHER)
-                defaultCipherList = "PSK-NULL-SHA256";
-        #elif !defined(NO_AES_CBC)
-                defaultCipherList = "PSK-AES128-CBC-SHA256";
+            ;
         #else
-                defaultCipherList = "PSK-AES128-GCM-SHA256";
+            defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
         #endif
+    #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13)
+            defaultCipherList = "TLS13-AES128-GCM-SHA256:PSK-AES128-GCM-SHA256"
+            #ifndef WOLFSSL_NO_TLS12
+                                ":PSK-AES128-GCM-SHA256"
+            #endif
+            ;
+    #elif defined(HAVE_NULL_CIPHER)
+            defaultCipherList = "PSK-NULL-SHA256";
+    #elif !defined(NO_AES_CBC)
+            defaultCipherList = "PSK-AES128-CBC-SHA256";
+    #else
+            defaultCipherList = "PSK-AES128-GCM-SHA256";
+    #endif
 */
 
     ret = wolfSSL_CTX_set_cipher_list(ctx, WOLFSSL_ESP32_CIPHER_SUITE);
@@ -294,56 +285,61 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         ESP_LOGI(TAG, "Set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE);
     }
     else {
-        ESP_LOGE(TAG, "ERROR: failed to set cipher list: %s\n", WOLFSSL_ESP32_CIPHER_SUITE);
+        ESP_LOGE(TAG, "ERROR: failed to set cipher list: %s\n",
+                       WOLFSSL_ESP32_CIPHER_SUITE);
     }
 #endif
 
 #ifdef DEBUG_WOLFSSL
     ShowCiphers(NULL);
-    ESP_LOGI(TAG,
-             "Stack used: %d\n",
-             CONFIG_ESP_MAIN_TASK_STACK_SIZE
-             - uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack used: %d\n",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - uxTaskGetStackHighWaterMark(NULL));
 #endif
 
 /* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
 #ifndef NO_DH
-    ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
-     if (ret != SSL_SUCCESS) {
+    ret_i = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+     if (ret_i != WOLFSSL_SUCCESS) {
         ESP_LOGE(TAG, "Error setting minimum DH key size");
     }
 #endif
 
     /* no peer check */
     if (doPeerCheck == 0) {
-        ESP_LOGW(TAG, "doPeerCheck == 0");
+        ESP_LOGW(TAG, "doPeerCheck == 0; WOLFSSL_VERIFY_NONE");
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
     }
     else {
-        ESP_LOGW(TAG, "doPeerCheck != 0");
+        ESP_LOGI(TAG, "doPeerCheck != 0");
         WOLFSSL_MSG("Loading... our cert");
         /* load our certificate */
         ret_i = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
                                          CTX_CLIENT_CERT,
                                          CTX_CLIENT_CERT_SIZE,
                                          CTX_CLIENT_CERT_TYPE);
-        if (ret_i != SSL_SUCCESS) {
-            ESP_LOGE(TAG, "ERROR: failed to load chain %d, please check the file.\n", ret_i);
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "ERROR: failed to load our cert chain %d, "
+                          "please check the file.", ret_i);
         }
 
-    /* Load client certificates into WOLFSSL_CTX */
-    WOLFSSL_MSG("Loading...cert");
-    ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
+        /* Load client certificates into WOLFSSL_CTX */
+        WOLFSSL_MSG("Loading... CA cert");
+        ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
                                          CTX_CA_CERT,
                                          CTX_CA_CERT_SIZE,
                                          CTX_CA_CERT_TYPE);
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "ERROR: failed to load CA cert %d, "
+                          "please check the file.\n", ret_i) ;
+        }
 
+        WOLFSSL_MSG("Loading... our key");
         ret_i = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
                                          CTX_CLIENT_KEY,
                                          CTX_CLIENT_KEY_SIZE,
                                          CTX_CLIENT_KEY_TYPE);
-        if(ret_i  != SSL_SUCCESS) {
-            wolfSSL_CTX_free(ctx) ; ctx = NULL ;
+        if (ret_i != WOLFSSL_SUCCESS) {
             ESP_LOGE(TAG, "ERROR: failed to load key %d, "
                           "please check the file.\n", ret_i) ;
         }
@@ -373,11 +369,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 
     /* Connect to the server */
     sprintf(buff,
-            "Connecting to server....%s(port:%d)",
+            "Connecting to server....%s (port:%d)",
             TLS_SMP_TARGET_HOST,
             TLS_SMP_DEFAULT_PORT);
-    WOLFSSL_MSG(buff);
-    printf("%s\n", buff);
+    ESP_LOGI(TAG, "%s\n", buff);
 
     if ((ret_i = connect(sockfd,
                        (struct sockaddr *)&servAddr,
@@ -385,6 +380,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i);
     }
 
+#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+        ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
+#endif
+
     WOLFSSL_MSG("Create a WOLFSSL object");
     /* Create a WOLFSSL object */
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
@@ -394,6 +393,36 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 #ifdef DEBUG_WOLFSSL
         ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
         ShowCiphers(ssl);
+        this_heap = esp_get_free_heap_size();
+        ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
+                      &this_heap, this_heap);
+#endif
+#if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_KYBER1024)
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL5");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
+    #elif defined(WOLFSSL_KYBER768)
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL3");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
+    #elif defined(WOLFSSL_KYBER512)
+        /* This will typically be a low memory situation, such as ESP8266 */
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+                                        "WOLFSSL_P256_KYBER_LEVEL1");
+        ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
+    #else
+        ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
+        ret_i = ESP_FAIL;
+    #endif
+        if (ret_i == WOLFSSL_SUCCESS) {
+            ESP_LOGI(TAG, "UseKeyShare Kyber success");
+        }
+        else {
+            ESP_LOGE(TAG, "UseKeyShare Kyber failed");
+        }
+#else
+    ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
 #endif
     }
 
@@ -418,54 +447,113 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
     #endif
 #endif
-
+#ifdef DEBUG_WOLFSSL
+        this_heap = esp_get_free_heap_size();
+        ESP_LOGI(TAG, "tls_smp_client_task heap(2) @ %p = %d",
+                      &this_heap, this_heap);
+#endif
     /* Attach wolfSSL to the socket */
-    wolfSSL_set_fd(ssl, sockfd);
+    ret_i = wolfSSL_set_fd(ssl, sockfd);
+    if (ret_i == WOLFSSL_SUCCESS) {
+        ESP_LOGI(TAG, "wolfSSL_set_fd success");
+    }
+    else {
+        ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
+    }
 
-    WOLFSSL_MSG("Connect to wolfSSL on the server side");
-    /* Connect to wolfSSL on the server side */
-    if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
+    ESP_LOGI(TAG, "Connect to wolfSSL server...");
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+    ret_i = wolfSSL_connect(ssl);
+#ifdef DEBUG_WOLFSSL
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "tls_smp_client_task heap(3) @ %p = %d",
+                    &this_heap, this_heap);
+#endif
+    if (ret_i == WOLFSSL_SUCCESS) {
 #ifdef DEBUG_WOLFSSL
         ShowCiphers(ssl);
 #endif
+        ESP_LOGI(TAG, "Connect success! Sending message...");
         /* Get a message for the server from stdin */
         WOLFSSL_MSG("Message for server: ");
         memset(buff, 0, sizeof(buff));
 
         if (sendGet) {
-            printf("SSL connect ok, sending GET...\n");
             len = XSTRLEN(sndMsg);
             strncpy(buff, sndMsg, len);
-            buff[len] = '\0';
         }
         else {
-            sprintf(buff, "message from esp32 tls client\n");
+            sprintf(buff, "Hello from Espressif wolfSSL TLS client!\n");
             len = strnlen(buff, sizeof(buff));
         }
+        buff[len] = '\0';
+        ESP_LOGI(TAG, "SSL connect ok, sending message:\n\n%s\n", buff);
+
         /* Send the message to the server */
-        if (wolfSSL_write(ssl, buff, len) != len) {
+        do {
+            err = 0; /* reset error */
+            ret_i = wolfSSL_write(ssl, buff, len);
+            if (ret_i <= 0) {
+                err = wolfSSL_get_error(ssl, 0);
+            }
+        } while (err == WOLFSSL_ERROR_WANT_WRITE ||
+                 err == WOLFSSL_ERROR_WANT_READ);
+
+        if (ret_i != len) {
             ESP_LOGE(TAG, "ERROR: failed to write\n");
         }
+        else {
+            ESP_LOGI(TAG, "Message sent! Awaiting response...");
+        }
 
         /* Read the server data into our buff array */
         memset(buff, 0, sizeof(buff));
-        if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
+
+        do {
+            err = 0; /* reset error */
+            ret_i =wolfSSL_read(ssl, buff, sizeof(buff));
+            if (ret_i <= 0) {
+                err = wolfSSL_get_error(ssl, 0);
+            }
+        } while ((err == WOLFSSL_ERROR_WANT_READ) ||
+                 (err == WOLFSSL_ERROR_WANT_WRITE) );
+
+        if (ret_i < 0) {
             ESP_LOGE(TAG, "ERROR: failed to read\n");
         }
 
-        /* Print to stdout any data the server sends */
-        printf("Server: ");
-        printf("%s\n", buff);
+        /* Show any data the server sends */
+        ESP_LOGI(TAG, "Server response: \n\n%s\n", buff);
+
+        ret_i = wolfSSL_shutdown(ssl);
+        while (ret_i == WOLFSSL_SHUTDOWN_NOT_DONE) {
+            ret_i = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+            if (ret_i == WOLFSSL_SUCCESS) {
+                ESP_LOGI(TAG, "Bidirectional shutdown complete\n");
+                break;
+            }
+            else if (ret_i != WOLFSSL_SHUTDOWN_NOT_DONE) {
+                ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
+                break;
+            }
         }
+        if (ret_i != WOLFSSL_SUCCESS) {
+            ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
+        }
+
+    } /* wolfSSL_connect(ssl) == WOLFSSL_SUCCESS) */
     else {
-        ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL\n");
+        ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
+                      "Error: %d\n", ret_i);
     }
 #ifdef DEBUG_WOLFSSL
     ShowCiphers(ssl);
 #endif
 
-    /* Cleanup and return */
-    wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
+    ESP_LOGI(TAG, "Cleanup and exit");
+    wolfSSL_free(ssl);     /* Release the wolfSSL object memory        */
     wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
     wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
     close(sockfd);         /* Close the connection to the server       */
@@ -487,16 +575,28 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #else
     xTaskHandle _handle;
 #endif
-    /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */
+    /* See Espressif api-reference/system/freertos_idf.html#functions  */
+    if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
+        /* Observed approximately 6KB limit for the RTOS task stack size.
+         * Reminder parameter is bytes, not words as with generic FreeRTOS. */
+        ESP_LOGW(TAG, "Warning: TLS_SMP_CLIENT_TASK_BYTES < 6KB");
+    }
+#ifndef WOLFSSL_SMALL_STACK
+    ESP_LOGW(TAG, "WARNING: WOLFSSL_SMALL_STACK is not defined. Consider "
+                  "defining that to reduce embedded memory usage.");
+#endif
+
+    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
+     * Espressif uses BYTES for the task stack size here. */
     ret = xTaskCreate(tls_smp_client_task,
                       TLS_SMP_CLIENT_TASK_NAME,
-                      TLS_SMP_CLIENT_TASK_WORDS,
+                      TLS_SMP_CLIENT_TASK_BYTES,
                       NULL,
                       TLS_SMP_CLIENT_TASK_PRIORITY,
                       &_handle);
 
     if (ret != pdPASS) {
-        ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME);
+        ESP_LOGI(TAG, "Create thread %s failed.", TLS_SMP_CLIENT_TASK_NAME);
     }
     return TLS_SMP_CLIENT_TASK_RET;
 }
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
index 61f8990c3..c59edbee4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
-# in the build directory. This behaviour is entirely configurable,
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
index 1188ee36e..88266142c 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
@@ -1,6 +1,6 @@
-/* server-tls.h
+/* client-tls.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,18 +18,20 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifndef _SERVER_TLS_
-#define _SERVER_TLS_
+#ifndef _CLIENT_TLS_H_
+#define _CLIENT_TLS_H_
+
+/* Local project, auto-generated configuration */
+#include "sdkconfig.h"
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
-#include "sdkconfig.h"
 
 /* See main/Kconfig.projbuild for default configuration settings */
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
     #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
 #else
-    #define TLS_SMP_TARGET_HOST         "192.168.1.38"
+    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
 #endif
 
 #ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -39,13 +41,34 @@
 #endif
 
 #define TLS_SMP_CLIENT_TASK_NAME        "tls_client_example"
-#define TLS_SMP_CLIENT_TASK_WORDS       22240
+
+/* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
+#if defined(WOLFSSL_ESP8266)
+    #if defined(WOLFSSL_HAVE_KYBER)
+        /* Minimum ESP8266 stack size = 10K with Kyber.
+         * Note there's a maximum not far away as Kyber needs heap
+         * and the total DRAM is typically only 80KB total. */
+        #define TLS_SMP_CLIENT_TASK_BYTES (11 * 1024)
+    #else
+        /* Minimum ESP8266 stack size = 6K without Kyber */
+        #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
+    #endif
+#else
+    #if defined(WOLFSSL_HAVE_KYBER)
+        /* Minimum ESP32 stack size = 12K with Kyber enabled. */
+        #define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
+    #else
+        /* Minimum ESP32 stack size = 8K without Kyber */
+        #define TLS_SMP_CLIENT_TASK_BYTES (10 * 1024)
+    #endif
+#endif
+
 #define TLS_SMP_CLIENT_TASK_PRIORITY    8
 
 #if defined(SINGLE_THREADED)
     #define WOLFSSL_ESP_TASK int
 #else
-    #include "freertos/FreeRTOS.h"
+    #include <freertos/FreeRTOS.h>
     #define WOLFSSL_ESP_TASK void
 #endif
 
@@ -64,8 +87,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args);
 
 /* init will create an RTOS task, otherwise server is simply function call. */
 #if defined(SINGLE_THREADED)
-    /* no init neded */
+    /* no init needed */
 #else
     WOLFSSL_ESP_TASK tls_smp_client_init(void* args);
 #endif
+
 #endif /* _SERVER_TLS_ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
index 94c3b5eba..d9ed211e2 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
@@ -1,6 +1,6 @@
-/* template main.h
+/* wolfssl_client main.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
index a47f94001..1560fbbbb 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
@@ -1,5 +1,6 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* time_helper.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,11 +21,11 @@
 
 /* common Espressif time_helper v5.6.3.001 */
 
-#ifndef _TIME_HELPER_H
-#define _TIME_HELPER_H
+#ifndef _TIME_HELPER_H_
+#define _TIME_HELPER_H_
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0 See Espressif api-reference/system/system_time
  */
 
 #ifdef __cplusplus
@@ -32,13 +33,13 @@ extern "C" {
 #endif
 
 /* a function to show the current data and time */
-int esp_show_current_datetime();
+int esp_show_current_datetime(void);
 
 /* worst case, if GitHub time not available, used fixed time */
 int set_fixed_default_time(void);
 
 /* set time from string (e.g. GitHub commit time) */
-int set_time_from_string(char* time_buffer);
+int set_time_from_string(const char* time_buffer);
 
 /* set time from NTP servers,
  * also initially calls set_fixed_default_time or set_time_from_string */
@@ -51,4 +52,4 @@ int set_time_wait_for_ntp(void);
 } /* extern "C" */
 #endif
 
-#endif /* #ifndef _TIME_HELPER_H */
+#endif /* #ifndef _TIME_HELPER_H_ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
index 644ce00db..3546c4696 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,6 @@
 #ifndef _WIFI_CONNECT_H_
 #define _WIFI_CONNECT_H_
 
-#include <esp_idf_version.h>
-#include <esp_log.h>
-
 /* ESP lwip */
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
@@ -48,19 +45,54 @@
  * file my_private_config.h should be excluded from git updates */
 /* #define  USE_MY_PRIVATE_CONFIG */
 
-#ifdef  USE_MY_PRIVATE_CONFIG
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
     #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
         #include "/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
         #include "/mnt/c/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
         #include "~/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
         #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
     #else
-        #warning "did not detect environment. using ~/my_private_config.h"
-        #include "~/my_private_config.h"
-	#endif
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
+    #endif
 #else
 
     /*
@@ -70,16 +102,30 @@
     ** If you'd rather not, just change the below entries to strings with
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
-    #ifdef CONFIG_ESP_WIFI_SSID
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* tyically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
-        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_SSID
+            #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        #endif
     #endif
 
-    #ifdef CONFIG_ESP_WIFI_PASSWORD
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
-        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_PASS
+            #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        #endif
     #endif
 #endif
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
index add43ada2..3c0e0c1c7 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,30 +27,45 @@
 #include <esp_event.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* this project */
 #include "client-tls.h"
 #include "time_helper.h"
 
-#ifndef CONFIG_IDF_TARGET_ESP32H2
+#ifdef CONFIG_IDF_TARGET_ESP32H2
     /* There's no WiFi on ESP32-H2.
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+#else
     #include "wifi_connect.h"
+    /*
+     * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
+     * See https://github.com/espressif/esp-modbus/issues/2
+     */
 #endif
 
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static const char* const TAG = "TLS Client";
+static const char* TAG = "main";
 
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                   && defined(WOLFSSL_ATECC508A)
@@ -115,10 +130,15 @@ void my_atmel_free(int slotId)
 #endif /* CUSTOM_SLOT_ALLOCATION                                       */
 #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
-/* for FreeRTOS */
+/* Entry for FreeRTOS */
 void app_main(void)
 {
+#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark
     int stack_start = 0;
+#endif
+#if !defined(SINGLE_THREADED)
+    int this_heap = 0;
+#endif
     esp_err_t ret = 0;
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -126,31 +146,58 @@ void app_main(void)
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
+    sdk_init_meminfo();
+#endif
 #ifdef ESP_TASK_MAIN_STACK
     ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
 #endif
 #ifdef TASK_EXTRA_STACK_SIZE
     ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+
+#ifdef SINGLE_THREADED
+    ESP_LOGI(TAG, "Single threaded");
+#else
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
-                   (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+             (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
 
-    /* Returns the high water mark of the stack associated with xTask. That is,
-     * the minimum free stack space there has been (in bytes not words, unlike
-     * vanilla FreeRTOS) since the task started. The smaller the returned
-     * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
-     */
-    stack_start = uxTaskGetStackHighWaterMark(NULL);
-    ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
-#endif
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    {
+        /* Returns the high water mark of the stack associated with xTask. That is,
+         * the minimum free stack space there has been (in bytes not words, unlike
+         * vanilla FreeRTOS) since the task started. The smaller the returned
+         * number the closer the task has come to overflowing its stack.
+         * see Espressif api-reference/system/freertos_idf
+         */
+        stack_start = uxTaskGetStackHighWaterMark(NULL);
+        #ifdef ESP_SDK_MEM_LIB_VERSION
+        {
+            sdk_var_whereis("stack_start", &stack_start);
+        }
+        #endif
+
+        ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
+    }
+    #endif /* INCLUDE_uxTaskGetStackHighWaterMark */
+#endif /* SINGLE_THREADED */
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
 #endif
-
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_OFF();
+#endif
+#ifdef CONFIG_IDF_TARGET_ESP32H2
+    ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
+    while (1) {
+        vTaskDelay(60000);
+    }
+#endif
     /* Set time for cert validation.
      * Some lwIP APIs, including SNTP functions, are not thread safe. */
     ret = set_time(); /* need to setup NTP before WiFi */
@@ -184,11 +231,23 @@ void app_main(void)
 
     /* Initialize NVS */
     ret = nvs_flash_init();
-    if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
-        ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
-        ESP_ERROR_CHECK(nvs_flash_erase());
-        ret = nvs_flash_init();
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+    {
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
     }
+    #else
+    {
+        /* Non-ESP8266 initialization is slightly different */
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
+            ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #endif /* else not CONFIG_IDF_TARGET_ESP8266 */
     ESP_ERROR_CHECK(ret);
 
     #if defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -203,8 +262,8 @@ void app_main(void)
             ESP_LOGI(TAG, "Trying WiFi again...");
             ret = wifi_init_sta();
         }
-    #endif
-#endif
+    #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */
+#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */
 
     /* Once we are connected to the network, start & wait for NTP time */
     ret = set_time_wait_for_ntp();
@@ -216,14 +275,6 @@ void app_main(void)
         esp_show_current_datetime();
     }
 
-    /* HWM is maximum amount of stack space that has been unused, in bytes
-     * not words (unlike vanilla freeRTOS). */
-    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
-                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                   - (uxTaskGetStackHighWaterMark(NULL))
-            );
-    ESP_LOGI(TAG, "Starting TLS Client task ...\n");
-
 #if defined(SINGLE_THREADED)
     /* just call the task */
     tls_smp_client_task((void*)NULL);
@@ -232,6 +283,17 @@ void app_main(void)
     /* start a thread with the task */
     args[0].loops = 10;
     args[0].port = 11111;
+
+    /* HWM is maximum amount of stack space that has been unused, in bytes
+     * not words (unlike vanilla freeRTOS). */
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - (uxTaskGetStackHighWaterMark(NULL))
+            );
+    ESP_LOGI(TAG, "Starting TLS Client task ...\n");
+    ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
+                  &this_heap, this_heap);
     tls_smp_client_init(args);
 /* optional additional client threads
     tls_smp_client_init(args);
@@ -244,24 +306,24 @@ void app_main(void)
 */
 #endif
 
+    /* Done */
+#ifdef SINGLE_THREADED
+    ESP_LOGV(TAG, "\n\nDone!\n\n");
+    while (1);
+#else
     ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
     vTaskDelete(NULL);
     /* done */
     while (1) {
         ESP_LOGV(TAG, "\n\nLoop...\n\n");
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
         ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
         ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
                                         - (uxTaskGetStackHighWaterMark(NULL) ));
-#endif
-
-#if defined(SINGLE_THREADED)
-        ESP_LOGV(TAG, "\n\nDone!\n\n");
-        while (1);
-#else
+    #endif
         vTaskDelay(60000);
-#endif
-    } /* done whle */
+    } /* done while */
+#endif /* else not SINGLE_THREADED */
 
 } /* app_main */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
index 5149d2e60..5f2ebe392 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,32 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* common Espressif time_helper v5.6.3.002 */
-#include "esp_idf_version.h"
-#include "sdkconfig.h"
+/* common Espressif time_helper */
 #include "time_helper.h"
 
+
+#include "sdkconfig.h"
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
 #include <esp_log.h>
+#include <esp_idf_version.h>
 
 #if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR >= 1)
@@ -36,25 +56,24 @@
         #include <esp_sntp.h>
     #endif
 #else
-    /* TODO Consider pre IDF v5? */
+    /* TODO Consider non ESP-IDF environments */
 #endif
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0. See: Espressif api-reference/system/system_time
  */
-const static char* TAG = "time_helper";
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
 #ifndef TIME_ZONE
-/*
- * PST represents Pacific Standard Time.
- * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
- *   that Pacific Time is UTC-8 during standard time.
- * PDT represents Pacific Daylight Time.
- * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
- *   second (2) Sunday (0) of March (3).
- * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
- */
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
+     *   that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
+     */
     #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
 #endif /* not defined: TIME_ZONE, so we are setting our own */
 
@@ -87,11 +106,13 @@ const static char* TAG = "time_helper";
 
 char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
 
+const static char* TAG = "time_helper";
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
 /* Show the current date and time */
-int esp_show_current_datetime()
+int esp_show_current_datetime(void)
 {
     time_t now;
     char strftime_buf[64];
@@ -104,7 +125,7 @@ int esp_show_current_datetime()
     localtime_r(&now, &timeinfo);
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
-    return 0;
+    return ESP_OK;
 }
 
 /* the worst-case scenario is a hard-coded date/time */
@@ -113,9 +134,9 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2023 - 1900,
-        .tm_mon  = 10,
-        .tm_mday = 02,
+        .tm_year = 2024 - 1900,
+        .tm_mon  = 3,
+        .tm_mday = 01,
         .tm_hour = 13,
         .tm_min  = 01,
         .tm_sec  = 05
@@ -130,7 +151,38 @@ int set_fixed_default_time(void)
     ESP_LOGI(TAG, "Adjusting time from fixed value");
     now = (struct timeval){ .tv_sec = interim_time };
     ret = settimeofday(&now, NULL);
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
 
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
     return ret;
 }
 
@@ -138,60 +190,67 @@ int set_fixed_default_time(void)
  *
  * returns 0 = success if able to set the time from the provided string
  * error for any other value, typically -1 */
-int set_time_from_string(char* time_buffer)
+int set_time_from_string(const char* time_buffer)
 {
     /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
     const char *format = "%3s %3s %d %d:%d:%d %d %s";
     struct tm this_timeinfo;
     struct timeval now;
     time_t interim_time;
-    char offset[6]; /* expecting trailing single quote, not used */
-    char day_str[4];
-    char month_str[4];
     int day, year, hour, minute, second;
     int quote_offset = 0;
     int ret = 0;
 
-    /* we are expecting the string to be encapsulated in single quotes */
-    if (*time_buffer == 0x27) {
-        quote_offset = 1;
-    }
-
-    ret = sscanf(time_buffer + quote_offset,
-                format,
-                day_str, month_str,
-                &day, &hour, &minute, &second, &year, &offset);
-
-    if (ret == 8) {
-        /* we found a match for all componets */
-
-        const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
-        for (int i = 0; i < 12; i++) {
-            if (strcmp(month_str, months[i]) == 0) {
-                this_timeinfo.tm_mon = i;
-                break;
-            }
+    /* perform some basic sanity checks */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
         }
 
-        this_timeinfo.tm_mday = day;
-        this_timeinfo.tm_hour = hour;
-        this_timeinfo.tm_min = minute;
-        this_timeinfo.tm_sec = second;
-        this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
 
-        interim_time = mktime(&this_timeinfo);
-        now = (struct timeval){ .tv_sec = interim_time };
-        ret = settimeofday(&now, NULL);
-        ESP_LOGI(TAG, "Time updated to %s", time_buffer);
-    }
-    else {
-        ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer);
-        ESP_LOGI(TAG, "Trying fixed date that was hard-coded.");
-        set_fixed_default_time();
-        ret = -1;
+        if (ret == 8) {
+            /* we found a match for all components */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
     }
+
     return ret;
 }
 
@@ -223,15 +282,17 @@ int set_time(void)
     esp_show_current_datetime();
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    /* initialy set a default approximate time from recent git commit */
-    ESP_LOGI(TAG, "Found git hash date, attempting to set system date.");
-    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    /* initially set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
     esp_show_current_datetime();
 
     ret = -4;
 #else
     /* otherwise set a fixed time that was hard coded */
     set_fixed_default_time();
+    esp_show_current_datetime();
     ret = -3;
 #endif
 
@@ -242,7 +303,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference/system/system_time
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
@@ -262,6 +323,7 @@ int set_time(void)
             }
             ESP_LOGI(TAG, "%s", thisServer);
             sntp_setservername(i, thisServer);
+            ret = ESP_OK;
         }
     #ifdef HAS_ESP_NETIF_SNTP
         ret = esp_netif_sntp_init(&config);
@@ -289,6 +351,9 @@ int set_time(void)
         ESP_LOGW(TAG, "No sntp time servers found.");
         ret = -1;
     }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
     return ret;
 }
 
@@ -303,6 +368,8 @@ int set_time_wait_for_ntp(void)
     ret = esp_netif_sntp_start();
 
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
     esp_show_current_datetime();
 
@@ -322,7 +389,7 @@ int set_time_wait_for_ntp(void)
 #endif
 
     if (ret == ESP_OK) {
-        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
         }
     else {
         ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
index b9f9ab738..523c7163d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,25 +18,43 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- #include "wifi_connect.h"
+#include "wifi_connect.h"
 
+/* FreeRTOS */
 #include <freertos/FreeRTOS.h>
 #include <freertos/task.h>
 #include <freertos/event_groups.h>
-#include <esp_wifi.h>
+
+/* Espressif */
 #include <esp_log.h>
+#include <esp_idf_version.h>
+#include <esp_wifi.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#if ESP_IDF_VERSION_MAJOR >= 5
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5
+    /* example path set in cmake file */
 #elif ESP_IDF_VERSION_MAJOR >= 4
     #include "protocol_examples_common.h"
 #else
@@ -44,7 +62,9 @@
     static EventGroupHandle_t wifi_event_group;
 #endif
 
-#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if ESP_IDF_VERSION_MAJOR >= 4
         /* likely using examples, see wifi_connect.h */
     #else
@@ -64,7 +84,114 @@
 /* breadcrumb prefix for logging */
 const static char *TAG = "wifi_connect";
 
-#if ESP_IDF_VERSION_MAJOR < 4
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+int wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes including WEP/WPA.
+        * However these modes are deprecated and not advisable to be used. In case your Access point
+        * doesn't support WPA2, these mode can be enabled by commenting below line */
+
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum
+     * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
 /* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
@@ -81,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference/system/freertos_idf */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -198,7 +325,7 @@ int wifi_init_sta(void)
             .ssid = EXAMPLE_ESP_WIFI_SSID,
             .password = EXAMPLE_ESP_WIFI_PASS,
             /* Authmode threshold resets to WPA2 as default if password matches
-             * WPA2 standards (pasword len => 8). If you want to connect the
+             * WPA2 standards (password len => 8). If you want to connect the
              * device to deprecated WEP/WPA networks, Please set the threshold
              * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
              * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
@@ -270,7 +397,8 @@ int wifi_init_sta(void)
 
 int wifi_show_ip(void)
 {
-    /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */
-    return 0;
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
 }
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
index f8bce25ff..d2b0b890e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
@@ -1,25 +1,155 @@
+# Set the known example app config to TLS Client (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
new file mode 100644
index 000000000..a24d9302e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
@@ -0,0 +1,7 @@
+#
+# Main XTAL Config
+#
+CONFIG_XTAL_FREQ_26=y
+# CONFIG_XTAL_FREQ_40 is not set
+CONFIG_XTAL_FREQ=26
+# end of Main XTAL Config
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
new file mode 100644
index 000000000..7074a28a9
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM80</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>
\ No newline at end of file
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
index 11a9e467a..145129c46 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
@@ -1,10 +1,20 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,45 +32,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
 
 if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
 else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
 endif()
 
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -75,22 +103,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
 endif()
 
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+if(0)
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_server)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
index 3380c0f2d..17d14e735 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
@@ -20,18 +20,18 @@ The Example contains a wolfSSL simple server.
 1. `idf.py menuconfig` to configure the project
 
     1-1. Example Connection Configuration ->
-    
-           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")  
+
+           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
            WIFI Password : WIFI password, and default is "mypassword"
 
 When you want to test the wolfSSL simple server demo
 
 1. `idf.py -p <PORT> flash` to compile the code and load the firmware
 2. `idf.py monitor` to see the context. The assigned IP address can be found in output message.
-3. Once the server connects to the wifi, it is waiting for client request.  
+3. Once the server connects to the wifi, it is waiting for client request.
     ("Waiting for a connection..." message will be displayed.)
-   
-4. You can use <wolfssl>/examples/client to test the server  
+
+4. You can use <wolfssl>/examples/client to test the server
     e.g ./example/client/client -h xx.xx.xx
 
 See the README.md file in the upper level 'examples' directory for more information about examples.
@@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat
 
 ```
 # . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
 
 # optionally erase
@@ -68,8 +68,21 @@ Linux Server
 ./examples/server/server                   -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
 ```
 
+#### ESP32 Client to WSL Linux Server
 
-Cipers to consider
+In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
+
+```bash
+netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
+```
+
+After the server exits, remove the port proxy forward:
+
+```bash
+netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
+```
+
+Ciphers to consider
 
 ```
 TLS13-AES128-GCM-SHA256:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
index 01dd6baf8..87e1f0365 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
@@ -49,7 +49,7 @@ make clean && make
 ### Others...
 
 ```
-# Success: Linux Client to ESP32 Server TLS1.2 
+# Success: Linux Client to ESP32 Server TLS1.2
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
 
 |  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
 | -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
-| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |
 | client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
 | emdedded:
 | server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
 I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
 I (636) spi_flash: detected chip: generic
 I (639) spi_flash: flash io: dio
-W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
 size in the binary image header.
 I (657) cpu_start: Starting scheduler on PRO CPU.
 I (0) cpu_start: Starting scheduler on APP CPU.
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
 I (755) wifi:wifi firmware version: 0d470ef
 I (755) wifi:wifi certification version: v7.0
 I (755) wifi:config NVS flash: enabled
-I (755) wifi:config nano formating: disabled
+I (755) wifi:config nano formatting: disabled
 I (755) wifi:Init data frame dynamic rx buffer num: 32
 I (765) wifi:Init management frame dynamic rx buffer num: 32
 I (765) wifi:Init management short buffer num: 32
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
 I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
 I (14725) wolfssl: Point Formats extension to write
 W (14735) wolfio: ssl->wflags = 0
-I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
-I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
-I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
-I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
-I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
-I (14765) wolfio: 06 00 0b 00 02 01 00 
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
+I (14765) wolfio: 06 00 0b 00 02 01 00
 W (14775) wolfio: sz          = 87
 I (14775) wolfssl: Shrinking output buffer
 I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
 I (14795) wolfssl: growing output buffer
 I (14805) internal.c: GrowOutputBuffer ok
 W (14815) wolfio: ssl->wflags = 0
-I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
-I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
-I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
-I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
-I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
-I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
-I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
-I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
-I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
-I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
-I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
-I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
-I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
-I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
-I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
-I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
-I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
-I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
-I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
-I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
-I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
-I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
-I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
-I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
-I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
-I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
-I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
-I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
-I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
-I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
-I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
-I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
-I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
-I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
-I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
-I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
-I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
-I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
-I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
-I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
-I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
-I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
-I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
-I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
-I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
-I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
-I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
 W (15135) wolfio: sz          = 747
 I (15135) wolfssl: Shrinking output buffer
 I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
 I (15925) wolfssl: growing output buffer
 I (15925) internal.c: GrowOutputBuffer ok
 W (15925) wolfio: ssl->wflags = 0
-I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
-I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
-I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
-I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
-I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
-I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
-I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
-I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
-I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
-I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
 W (15995) wolfio: sz          = 154
 I (16005) wolfssl: Shrinking output buffer
 I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
 I (16035) wolfssl: growing output buffer
 I (16035) internal.c: GrowOutputBuffer ok
 W (16045) wolfio: ssl->wflags = 0
-I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16045) wolfio: sz          = 9
 I (16055) wolfssl: Embed Send error
 I (16055) wolfssl:      Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
 I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
 E (16145) tls_server: ERROR: failed to read
 I (16145) wolfssl: Client sends:
-I (16145) wolfssl: 
+I (16145) wolfssl:
 I (16155) wolfssl: wolfSSL Entering wolfSSL_write
 I (16155) wolfssl: handshake not complete, trying to finish
 I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
 I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
 I (16175) wolfssl: wolfSSL Entering ReinitSSL
 W (16185) wolfio: ssl->wflags = 0
-I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16185) wolfio: sz          = 9
 I (16195) wolfssl: Embed Send error
 I (16195) wolfssl:      General error
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
index 2aa531393..396be8bd6 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
@@ -18,7 +18,7 @@
     <ToolchainID>
       <ID>com.visualgdb.xtensa-esp32-elf</ID>
       <Version>
-        <GCC>12.2.0</GCC>
+        <GCC>13.2.0</GCC>
         <GDB>12.1</GDB>
         <Revision>1</Revision>
       </Version>
@@ -67,8 +67,8 @@
       <EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
       <ESPIDFExtension>
         <IDFCheckout>
-          <Version>release/v5.1</Version>
-          <Subdirectory>esp-idf/v5.1</Subdirectory>
+          <Version>release/v5.2</Version>
+          <Subdirectory>esp-idf/v5.2</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
         <COMPort>COM19</COMPort>
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
index e82e19b60..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@@ -1,36 +1,166 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -45,6 +175,30 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
 
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -63,7 +217,8 @@ message(STATUS "THIS_USER = ${THIS_USER}")
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -71,25 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -107,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -136,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -147,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -166,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -230,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -284,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -340,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -353,17 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -372,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -382,9 +722,14 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -395,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -416,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -439,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -484,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -492,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
index 5234a007e..290563e69 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
@@ -1,40 +1,306 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
+
+##
+## wolfSSL
+##
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
index 8a49155d6..7349338aa 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,13 +18,61 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +84,283 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
 
-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,17 +374,45 @@
 /* #define NO_OLD_TLS */
 
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -79,39 +420,87 @@
 
 #define HAVE_AESGCM
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
 
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
 
-#define HAVE_ED25519 /* ED25519 requires SHA512 */
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
- #define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
 
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 
@@ -125,27 +514,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -156,23 +529,36 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -180,18 +566,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -203,7 +603,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 
-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -211,10 +611,66 @@
 --enable-asn-template
 */
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
 
-#if defined(CONFIG_IDF_TARGET_ESP32)
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -232,6 +688,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -244,6 +701,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -257,6 +715,7 @@
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -282,6 +741,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -299,6 +759,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -315,6 +776,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -323,11 +785,19 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -339,35 +809,92 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
 
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -390,8 +917,8 @@
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -400,12 +927,81 @@
 #define ATCA_WOLFSSL
 */
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
@@ -421,15 +1017,82 @@
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
 #endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
index 798cecceb..4f5613953 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
@@ -1,35 +1,43 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # wolfssl server test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 set (git_cmd "git")
 
@@ -43,14 +51,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
 ## register_component()
 idf_component_register(SRCS main.c
                             wifi_connect.c
                             time_helper.c
                             server-tls.c
                        INCLUDE_DIRS "."
-                                    "./include")
-#
+                            "./include"
+                       PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                                     "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     nvs_flash
+                                     protocol_examples_common)
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -80,15 +100,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -104,3 +133,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
index 64406069d..ed9960248 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
@@ -1,9 +1,123 @@
-menu "Example Configuration"
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_APPLE_HOMEKIT
+        bool "Apple HomeKit for the ESP32"
+        help
+            See AchimPieters/esp32-homekit-demo on GitHub.
+
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
 
 config WOLFSSL_TARGET_PORT
     int "Target port"
     default 11111
     help
-        Host listening port for the example to connect.
+        host port for the example to connect
 
 endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
index d31083f65..c59edbee4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
@@ -1,3 +1,8 @@
 #
-# Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
index 94c3b5eba..6a7946d50 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
@@ -1,6 +1,6 @@
-/* template main.h
+/* wolfssl_server main.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
index ea9126fe6..9e647edfb 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
@@ -1,6 +1,6 @@
 /* server-tls.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,7 +53,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args);
 
 /* init will create an RTOS task, otherwise server is simply function call. */
 #if defined(SINGLE_THREADED)
-    /* no init neded */
+    /* no init needed */
 #else
     WOLFSSL_ESP_TASK tls_smp_server_init(void* args);
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
index a47f94001..f55d07962 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
@@ -1,5 +1,6 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* time_helper.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,11 +21,11 @@
 
 /* common Espressif time_helper v5.6.3.001 */
 
-#ifndef _TIME_HELPER_H
-#define _TIME_HELPER_H
+#ifndef _TIME_HELPER_H_
+#define _TIME_HELPER_H_
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0 See: Espressif api-reference/system/system_time
  */
 
 #ifdef __cplusplus
@@ -32,13 +33,14 @@ extern "C" {
 #endif
 
 /* a function to show the current data and time */
-int esp_show_current_datetime();
+int esp_show_current_datetime(void);
 
 /* worst case, if GitHub time not available, used fixed time */
 int set_fixed_default_time(void);
 
 /* set time from string (e.g. GitHub commit time) */
-int set_time_from_string(char* time_buffer);
+/* When not using the new esp-sdk-lib.h helpers: */
+/* int set_time_from_string(char* time_buffer); */
 
 /* set time from NTP servers,
  * also initially calls set_fixed_default_time or set_time_from_string */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
index a045b23ba..0fe2183c7 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,18 +21,17 @@
 #ifndef _WIFI_CONNECT_H_
 #define _WIFI_CONNECT_H_
 
-#include <esp_idf_version.h>
-#include <esp_log.h>
-
 /* ESP lwip */
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
 #define TLS_SMP_SERVER_TASK_NAME         "tls_sever_example"
-#define TLS_SMP_SERVER_TASK_WORDS        22240
+#define TLS_SMP_SERVER_TASK_BYTES        22240
 #define TLS_SMP_SERVER_TASK_PRIORITY     8
 
+/* Optionally use ESP-IDF config settings
 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
 #define TLS_SMP_WIFI_PASS                CONFIG_WIFI_PASSWORD
+*/
 
 #define USE_WIFI_EXAMPLE
 #ifdef USE_WIFI_EXAMPLE
@@ -52,18 +51,53 @@
  * file my_private_config.h should be excluded from git updates */
 /* #define  USE_MY_PRIVATE_CONFIG */
 
-#ifdef  USE_MY_PRIVATE_CONFIG
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
     #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
         #include "/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
         #include "/mnt/c/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
         #include "~/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
         #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
     #else
-        #warning "did not detect environment. using ~/my_private_config.h"
-        #include "~/my_private_config.h"
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
     #endif
 #else
 
@@ -74,16 +108,30 @@
     ** If you'd rather not, just change the below entries to strings with
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
-    #ifdef CONFIG_ESP_WIFI_SSID
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* typically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
-        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_SSID
+            #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        #endif
     #endif
 
-    #ifdef CONFIG_ESP_WIFI_PASSWORD
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
-        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_PASS
+            #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        #endif
     #endif
 #endif
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
index 1c0d537e4..fd3af02d4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,29 +27,43 @@
 #include <esp_event.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h> /* includes wolfSSL user-settings.h */
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* this project */
 #include "server-tls.h"
 #include "time_helper.h"
 
-#ifndef CONFIG_IDF_TARGET_ESP32H2
+#ifdef CONFIG_IDF_TARGET_ESP32H2
     /* There's no WiFi on ESP32-H2.
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+#else
     #include "wifi_connect.h"
+    /*
+     * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
+     * See https://github.com/espressif/esp-modbus/issues/2
+     */
 #endif
 
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static const char* const TAG = "TLS Client";
+static const char* TAG = "main";
 
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                   && defined(WOLFSSL_ATECC508A)
@@ -114,42 +128,74 @@ void my_atmel_free(int slotId)
 #endif /* CUSTOM_SLOT_ALLOCATION                                       */
 #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
-/* for FreeRTOS */
+/* Entry for FreeRTOS */
 void app_main(void)
 {
-    int stack_start = 0;
     esp_err_t ret = 0;
+#ifndef SINGLE_THREADED
+    int this_heap = 0;
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        int stack_start = 0;
+    #endif
+#endif
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
+    sdk_init_meminfo();
+#endif
 #ifdef ESP_TASK_MAIN_STACK
     ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
 #endif
 #ifdef TASK_EXTRA_STACK_SIZE
     ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+
+#ifdef SINGLE_THREADED
+    ESP_LOGI(TAG, "Single threaded");
+#else
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
-                   (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+             (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
 
-    /* Returns the high water mark of the stack associated with xTask. That is,
-     * the minimum free stack space there has been (in bytes not words, unlike
-     * vanilla FreeRTOS) since the task started. The smaller the returned
-     * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
-     */
-    stack_start = uxTaskGetStackHighWaterMark(NULL);
-    ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
-#endif
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    {
+        /* Returns the high water mark of the stack associated with xTask. That is,
+         * the minimum free stack space there has been (in bytes not words, unlike
+         * vanilla FreeRTOS) since the task started. The smaller the returned
+         * number the closer the task has come to overflowing its stack.
+         * see Espressif api-reference/system/freertos_idf
+         */
+        stack_start = uxTaskGetStackHighWaterMark(NULL);
+        #ifdef ESP_SDK_MEM_LIB_VERSION
+        {
+            sdk_var_whereis("stack_start", &stack_start);
+        }
+        #endif
+
+        ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
+    }
+    #endif /* INCLUDE_uxTaskGetStackHighWaterMark */
+#endif /* SINGLE_THREADED */
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
 #endif
-
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_OFF();
+#endif
+#ifdef CONFIG_IDF_TARGET_ESP32H2
+    ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
+    while (1) {
+        vTaskDelay(60000);
+    }
+#endif
     /* Set time for cert validation.
      * Some lwIP APIs, including SNTP functions, are not thread safe. */
     ret = set_time(); /* need to setup NTP before WiFi */
@@ -183,11 +229,23 @@ void app_main(void)
 
     /* Initialize NVS */
     ret = nvs_flash_init();
-    if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
-        ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
-        ESP_ERROR_CHECK(nvs_flash_erase());
-        ret = nvs_flash_init();
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+    {
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
     }
+    #else
+    {
+        /* Non-ESP8266 initialization is slightly different */
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
+            ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #endif /* else not CONFIG_IDF_TARGET_ESP8266 */
     ESP_ERROR_CHECK(ret);
 
     #if defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -202,8 +260,8 @@ void app_main(void)
             ESP_LOGI(TAG, "Trying WiFi again...");
             ret = wifi_init_sta();
         }
-    #endif
-#endif
+    #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */
+#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */
 
     /* Once we are connected to the network, start & wait for NTP time */
     ret = set_time_wait_for_ntp();
@@ -215,43 +273,46 @@ void app_main(void)
         esp_show_current_datetime();
     }
 
-    /* HWM is maximum amount of stack space that has been unused, in bytes
-     * not words (unlike vanilla freeRTOS). */
-    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
-                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                   - (uxTaskGetStackHighWaterMark(NULL))
-            );
-    ESP_LOGI(TAG, "Starting TLS Server...\n");
-
 #if defined(SINGLE_THREADED)
     /* just call the task */
     tls_smp_server_task((void*)NULL);
 #else
     tls_args args[1] = {0};
     /* start a thread with the task */
+    /* HWM is maximum amount of stack space that has been unused, in bytes
+     * not words (unlike vanilla freeRTOS). */
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - (uxTaskGetStackHighWaterMark(NULL))
+            );
+    ESP_LOGI(TAG, "Starting TLS Server task...\n");
+    ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
+                  &this_heap, this_heap);
+
+
+
     tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */
 #endif
 
+    /* Done */
+#ifdef SINGLE_THREADED
+    ESP_LOGV(TAG, "\n\nDone!\n\n");
+    while (1);
+#else
+    ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
+    vTaskDelete(NULL);
     /* done */
     while (1) {
         ESP_LOGV(TAG, "\n\nLoop...\n\n");
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
         ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
         ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                     - uxTaskGetStackHighWaterMark(NULL));
-        ESP_LOGI(TAG, "Stack delta: %d\n", stack_start
-                                     - uxTaskGetStackHighWaterMark(NULL));
-#endif
-
-#if defined(SINGLE_THREADED)
-        ESP_LOGV(TAG, "\n\nDone!\n\n");
-        while (1);
-#else
+                                        - (uxTaskGetStackHighWaterMark(NULL) ));
+    #endif
         vTaskDelay(60000);
-        ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
-        vTaskDelete(NULL);
-#endif
-    } /* done whle */
+    } /* done while */
+#endif /* else not SINGLE_THREADED */
 
 } /* app_main */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
index 9df8283d2..8520249e6 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,12 +31,36 @@
 /* socket includes */
 #include <lwip/netdb.h>
 #include <lwip/sockets.h>
+#include <netinet/tcp.h> /* For TCP options */
+#include <sys/socket.h>
+
+#ifndef TCP_RTO_MIN
+    #define TCP_RTO_MIN 1500
+#endif
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include "user_settings.h"
-#include <wolfssl/ssl.h>
-
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/ssl.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+#if defined(WOLFSSL_WC_KYBER)
+    #include <wolfssl/wolfcrypt/kyber.h>
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+    #include <wolfssl/certs_test.h>
+#endif
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
@@ -50,30 +74,6 @@
     #define DEFAULT_MAX_DHKEY_BITS 2048
 #endif
 
-#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
-    #include <wolfssl/certs_test_sm.h>
-    #define CTX_CA_CERT          root_sm2
-    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
-    #define CTX_SERVER_CERT      server_sm2
-    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
-    #define CTX_SERVER_KEY       server_sm2_priv
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
-#else
-    #include <wolfssl/certs_test.h>
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
-
 /* Project */
 #include "wifi_connect.h"
 #include "time_helper.h"
@@ -112,7 +112,6 @@ int ShowCiphers(WOLFSSL* ssl)
     return ret;
 }
 
-
 /* FreeRTOS */
 /* server task */
 WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
@@ -133,7 +132,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
     int                ret;
     socklen_t          size = sizeof(clientAddr);
     size_t             len;
-
+#if 0
+    /* optionally set TCP RTO. See also below. */
+    int rto_min = 200; /* Minimum TCP RTO in milliseconds */
+#endif
     /* declare wolfSSL objects */
     WOLFSSL_CTX* ctx;
     WOLFSSL*     ssl;
@@ -157,16 +159,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         ESP_LOGE(TAG, "ERROR: failed to create the socket");
     }
 
+    /* Optionally set TCP RTO
+    setsockopt(sockfd, IPPROTO_TCP, TCP_RTO_MIN, &rto_min, sizeof(rto_min)); */
+
     /* Create and initialize WOLFSSL_CTX */
     WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
-    // ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());  /* only TLS 1.3 */
+    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); for only TLS 1.3 */
     if (ctx == NULL) {
         ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
     }
 #else
-    /* TODO remove duplicate */
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
         ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
     }
@@ -300,30 +304,51 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
     my_atmel_slotInit();
     atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
     #endif
+#endif
+#ifdef WOLFSSL_EXAMPLE_VERBOSITY
+    ESP_LOGI(TAG, "Initial stack used: %d\n",
+             TLS_SMP_SERVER_TASK_BYTES  - uxTaskGetStackHighWaterMark(NULL) );
 #endif
     ESP_LOGI(TAG, "accept clients...");
     /* Continue to accept clients until shutdown is issued */
     while (!shutdown) {
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
         WOLFSSL_MSG("Waiting for a connection...");
+#if ESP_IDF_VERSION_MAJOR >=4
+        /* TODO: IP Address is problematic in RTOS SDK 3.4 */
         wifi_show_ip();
-
+#endif
         /* Accept client socket connections */
         if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
             == -1) {
              ESP_LOGE(TAG, "ERROR: failed to accept the connection");
         }
+#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+        ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
+#endif
         /* Create a WOLFSSL object */
         if ((ssl = wolfSSL_new(ctx)) == NULL) {
             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
         }
-
+#if defined(WOLFSSL_HAVE_KYBER)
+        else {
+            /* If success creating CTX and Kyber enabled, set key share: */
+            ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
+            if (ret == SSL_SUCCESS) {
+                ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success");
+            }
+            else {
+                ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed");
+            }
+        }
+#else
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled, not using PQ.");
+#endif
         /* show what cipher connected for this WOLFSSL* object */
         ShowCiphers(ssl);
 
         /* Attach wolfSSL to the socket */
         wolfSSL_set_fd(ssl, connd);
+
         /* Establish TLS connection */
         ret = wolfSSL_accept(ssl);
         if (ret == SSL_SUCCESS) {
@@ -333,23 +358,18 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
             ESP_LOGE(TAG, "wolfSSL_accept error %d",
                            wolfSSL_get_error(ssl, ret));
         }
-        WOLFSSL_MSG("Client connected successfully");
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "Client connected successfully");
 
         /* Read the client data into our buff array */
         memset(buff, 0, sizeof(buff));
         if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
             ESP_LOGE(TAG, "ERROR: failed to read");
         }
-        /* Print to stdout any data the client sends */
-        ESP_LOGI(TAG, "Stack used: %d\n", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                          - uxTaskGetStackHighWaterMark(NULL));
-        WOLFSSL_MSG("Client sends:");
-        WOLFSSL_MSG(buff);
+
+        ESP_LOGI(TAG, "Client sends: %s", buff);
         /* Check for server shutdown command */
         if (strncmp(buff, "shutdown", 8) == 0) {
-            WOLFSSL_MSG("Shutdown command issued!");
+            ESP_LOGI(TAG, "Shutdown command issued!");
             shutdown = 1;
         }
         /* Write our reply into buff */
@@ -360,10 +380,16 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         if (wolfSSL_write(ssl, buff, len) != len) {
             ESP_LOGE(TAG, "ERROR: failed to write");
         }
+
+        ESP_LOGI(TAG, "Done! Cleanup...");
         /* Cleanup after this connection */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */
         close(connd);           /* Close the connection to the client   */
-    }
+#ifdef WOLFSSL_EXAMPLE_VERBOSITY
+        ESP_LOGI(TAG, "Stack used: %d\n",
+                TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL));
+#endif
+    } /* !shutdown */
     /* Cleanup and return */
     wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
     wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
@@ -397,12 +423,13 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
 #else
     xTaskHandle _handle;
 #endif
-    /* http://esp32.info/docs/esp_idf/html/dd/d3c/group__xTaskCreate.html */
+    /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
+     * Espressif uses BYTES for the task stack size here. */
     ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d",
-                   TLS_SMP_SERVER_TASK_WORDS);
+                   TLS_SMP_SERVER_TASK_BYTES);
     ret_i = xTaskCreate(tls_smp_server_task,
                       TLS_SMP_SERVER_TASK_NAME,
-                      TLS_SMP_SERVER_TASK_WORDS, /* not bytes! */
+                      TLS_SMP_SERVER_TASK_BYTES,
                       (void*)&thisPort,
                       TLS_SMP_SERVER_TASK_PRIORITY,
                       &_handle);
@@ -411,7 +438,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME);
     }
 
-    /* vTaskStartScheduler(); // called automatically in ESP-IDF */
+    /* vTaskStartScheduler();  called automatically in ESP-IDF */
     return TLS_SMP_CLIENT_TASK_RET;
 }
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
index 1f16e4be7..526783113 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,7 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* common Espressif time_helper v5.6.3.002 */
+/* See https://tf.nist.gov/tf-cgi/servers.cgi */
+
+/* common Espressif time_helper v5.6.6.001 */
 #include "sdkconfig.h"
 #include "time_helper.h"
 
@@ -36,25 +38,23 @@
         #include <esp_sntp.h>
     #endif
 #else
-    /* TODO Consider pre IDF v5? */
+    /* TODO Consider non ESP-IDF environments */
 #endif
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
- */
-const static char* TAG = "time_helper";
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0. See: Espressif api-reference/system/system_time */
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
 #ifndef TIME_ZONE
-/*
- * PST represents Pacific Standard Time.
- * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
- *   that Pacific Time is UTC-8 during standard time.
- * PDT represents Pacific Daylight Time.
- * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
- *   second (2) Sunday (0) of March (3).
- * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
- */
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
+     *   that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
+     */
     #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
 #endif /* not defined: TIME_ZONE, so we are setting our own */
 
@@ -87,11 +87,13 @@ const static char* TAG = "time_helper";
 
 char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
 
+const static char* TAG = "time_helper";
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
 /* Show the current date and time */
-int esp_show_current_datetime()
+int esp_show_current_datetime(void)
 {
     time_t now;
     char strftime_buf[64];
@@ -104,7 +106,7 @@ int esp_show_current_datetime()
     localtime_r(&now, &timeinfo);
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
-    return 0;
+    return ESP_OK;
 }
 
 /* the worst-case scenario is a hard-coded date/time */
@@ -113,9 +115,9 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2023 - 1900,
+        .tm_year = 2024 - 1900,
         .tm_mon  = 10,
-        .tm_mday = 02,
+        .tm_mday = 11,
         .tm_hour = 13,
         .tm_min  = 01,
         .tm_sec  = 05
@@ -130,7 +132,38 @@ int set_fixed_default_time(void)
     ESP_LOGI(TAG, "Adjusting time from fixed value");
     now = (struct timeval){ .tv_sec = interim_time };
     ret = settimeofday(&now, NULL);
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
 
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
     return ret;
 }
 
@@ -138,60 +171,67 @@ int set_fixed_default_time(void)
  *
  * returns 0 = success if able to set the time from the provided string
  * error for any other value, typically -1 */
-int set_time_from_string(char* time_buffer)
+int set_time_from_string(const char* time_buffer)
 {
     /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
     const char *format = "%3s %3s %d %d:%d:%d %d %s";
     struct tm this_timeinfo;
     struct timeval now;
     time_t interim_time;
-    char offset[6]; /* expecting trailing single quote, not used */
-    char day_str[4];
-    char month_str[4];
     int day, year, hour, minute, second;
     int quote_offset = 0;
     int ret = 0;
 
-    /* we are expecting the string to be encapsulated in single quotes */
-    if (*time_buffer == 0x27) {
-        quote_offset = 1;
-    }
-
-    ret = sscanf(time_buffer + quote_offset,
-                format,
-                day_str, month_str,
-                &day, &hour, &minute, &second, &year, &offset);
-
-    if (ret == 8) {
-        /* we found a match for all componets */
-
-        const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
-        for (int i = 0; i < 12; i++) {
-            if (strcmp(month_str, months[i]) == 0) {
-                this_timeinfo.tm_mon = i;
-                break;
-            }
+    /* perform some basic sanity checks */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
         }
 
-        this_timeinfo.tm_mday = day;
-        this_timeinfo.tm_hour = hour;
-        this_timeinfo.tm_min = minute;
-        this_timeinfo.tm_sec = second;
-        this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
 
-        interim_time = mktime(&this_timeinfo);
-        now = (struct timeval){ .tv_sec = interim_time };
-        ret = settimeofday(&now, NULL);
-        ESP_LOGI(TAG, "Time updated to %s", time_buffer);
-    }
-    else {
-        ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer);
-        ESP_LOGI(TAG, "Trying fixed date that was hard-coded.");
-        set_fixed_default_time();
-        ret = -1;
+        if (ret == 8) {
+            /* we found a match for all components */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
     }
+
     return ret;
 }
 
@@ -223,15 +263,17 @@ int set_time(void)
     esp_show_current_datetime();
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    /* initialy set a default approximate time from recent git commit */
-    ESP_LOGI(TAG, "Found git hash date, attempting to set system date.");
-    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    /* initially set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
     esp_show_current_datetime();
 
     ret = -4;
 #else
     /* otherwise set a fixed time that was hard coded */
     set_fixed_default_time();
+    esp_show_current_datetime();
     ret = -3;
 #endif
 
@@ -242,7 +284,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
@@ -262,6 +304,7 @@ int set_time(void)
             }
             ESP_LOGI(TAG, "%s", thisServer);
             sntp_setservername(i, thisServer);
+            ret = ESP_OK;
         }
     #ifdef HAS_ESP_NETIF_SNTP
         ret = esp_netif_sntp_init(&config);
@@ -289,6 +332,9 @@ int set_time(void)
         ESP_LOGW(TAG, "No sntp time servers found.");
         ret = -1;
     }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
     return ret;
 }
 
@@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void)
     ret = esp_netif_sntp_start();
 
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
     esp_show_current_datetime();
 
@@ -322,7 +370,7 @@ int set_time_wait_for_ntp(void)
 #endif
 
     if (ret == ESP_OK) {
-        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
         }
     else {
         ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
index 7401c5d7e..0b79001ac 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,24 +18,42 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- #include "wifi_connect.h"
+#include "wifi_connect.h"
 
+/* FreeRTOS */
 #include <freertos/FreeRTOS.h>
 #include <freertos/task.h>
 #include <freertos/event_groups.h>
-#include <esp_wifi.h>
+
+/* Espressif */
 #include <esp_log.h>
+#include <esp_idf_version.h>
+#include <esp_wifi.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/version.h>
+    #include <wolfssl/wolfcrypt/types.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#if ESP_IDF_VERSION_MAJOR >= 5
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5
+    /* example path set in cmake file */
 #elif ESP_IDF_VERSION_MAJOR >= 4
     #include "protocol_examples_common.h"
 #else
@@ -43,7 +61,9 @@
     static EventGroupHandle_t wifi_event_group;
 #endif
 
-#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if ESP_IDF_VERSION_MAJOR >= 4
         /* likely using examples, see wifi_connect.h */
     #else
@@ -63,7 +83,114 @@
 /* breadcrumb prefix for logging */
 const static char *TAG = "wifi_connect";
 
-#if ESP_IDF_VERSION_MAJOR < 4
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+int wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes including WEP/WPA.
+        * However these modes are deprecated and not advisable to be used. In case your Access point
+        * doesn't support WPA2, these mode can be enabled by commenting below line */
+
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum
+     * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
 /* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
@@ -80,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference/system/freertos_idf.html */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -197,7 +324,7 @@ int wifi_init_sta(void)
             .ssid = EXAMPLE_ESP_WIFI_SSID,
             .password = EXAMPLE_ESP_WIFI_PASS,
             /* Authmode threshold resets to WPA2 as default if password matches
-             * WPA2 standards (pasword len => 8). If you want to connect the
+             * WPA2 standards (password len => 8). If you want to connect the
              * device to deprecated WEP/WPA networks, Please set the threshold
              * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
              * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
@@ -269,7 +396,8 @@ int wifi_init_sta(void)
 
 int wifi_show_ip(void)
 {
-    /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */
-    return 0;
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
 }
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
index f8bce25ff..ca33fd17b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
@@ -1,25 +1,155 @@
+# Set the known example app config to TLS Server (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
new file mode 100644
index 000000000..a24d9302e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
@@ -0,0 +1,7 @@
+#
+# Main XTAL Config
+#
+CONFIG_XTAL_FREQ_26=y
+# CONFIG_XTAL_FREQ_40 is not set
+CONFIG_XTAL_FREQ=26
+# end of Main XTAL Config
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj
new file mode 100644
index 000000000..6181d50c7
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj
@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM70</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>
\ No newline at end of file
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
index 0dadfac60..05d74de93 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
@@ -1,10 +1,20 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,34 +32,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -64,16 +103,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
+endif()
+
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
+
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
+
+if(0)
+	message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+	message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
-set(COMPONENTS
-  main
-  wolfssl
-  # cryptoauthlib
-) # set components
-
 project(wolfssl_test)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
index fd971485a..0763d5ae6 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
@@ -3,9 +3,12 @@
 # project subdirectory.
 #
 
-PROJECT_NAME := wolfssl_test
-
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 
-include $(IDF_PATH)/make/project.mk
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
 
+PROJECT_NAME := wolfssl_test
+
+include $(IDF_PATH)/make/project.mk
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
index e4e79dce8..8b6735886 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
@@ -7,10 +7,10 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## ESP Registry
 
-The easiest way to get started with wolfSSL is by using the 
-[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples.
+The easiest way to get started with wolfSSL is by using the
+[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples.
 
-```
+```bash
 . ~/esp/esp-idf/export.sh
 idf.py create-project-from-example "wolfssl/wolfssl^5.6.0-stable:wolfssl_test"
 cd wolfssl_benchmark
@@ -22,13 +22,13 @@ idf.py -b 115200 flash monitor
 Open the VisualGDB Visual Studio Project file in the [VisualGDB directory](./VisualGDB/README.md) and click the "Start" button.
 No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
 
-## ESP-IDF Commandline
+## ESP-IDF Commandline (version 4.4 or greater for the ESP32)
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"  
-    The list of argument can be find in help.
+    There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+    All features enabled in the `user_settings.h` will be tested.
 
 When you want to run the test program
 
@@ -41,17 +41,18 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor
 
 Example build on WSL, assuming `git clone` from `c:\workspace`:
 
-```
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+```bash
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+# WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/master
 
 echo "Run export.sh from ${WRK_IDF_PATH}"
 . ${WRK_IDF_PATH}/export.sh
 
 # switch to test example
-cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_test
 
-# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+# Pick ESP-IDF install directory, this one for v5.2 in VisualGDB
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 
 # set target chipset
 idf.py set-target esp32s3
@@ -60,21 +61,73 @@ idf.py set-target esp32s3
 idf.py erase-flash -p /dev/ttyS24 -b 115200
 
 # start with a low upload speed, then increase as found operational
-idf.py 
+idf.py
 # build and flash, in this example to COM24
 idf.py build flash -p /dev/ttyS24 -b 115200 monitor
 ```
 
+## ESP-IDF Commandline (version 3.5 or earlier for the ESP8266)
+
+
+```bash
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+. $WRK_IDF_PATH/export.sh
+
+# install as needed / prompted
+/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh
+
+cd IDE/Espressif/ESP-IDF/examples/ESP8266
+
+# adjust settings as desired
+idf.py menuconfig
+
+idf.py build flash -p /dev/ttyS55 -b 115200
+```
+
+## Espressif ESP8266 RTOS SDK Make Commandline
+
+```bash
+# Find the ESP8266 SDK directory, shown here for WSL (Windows C:\ESP8266\esp\ESP8266_RTOS_SDK)
+cd /mnt/c/ESP8266/esp/ESP8266_RTOS_SDK
+
+# Optionally run install as needed
+./install.sh
+
+# Setup SDK
+. ./export.sh
+
+# Find example to build
+cd /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test
+
+make clean
+
+make
+
+make flash
+
+# or:
+python /mnt/c/ESP8266/esp/ESP8266_RTOS_SDK/components/esptool_py/esptool/esptool.py --chip esp8266 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size 2MB 0x0 /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/bootloader/bootloader.bin 0x10000 /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl_test.bin 0x8000 /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/partitions_singleapp.bin
+```
+
+## Putty (via WSL)
+
+Define a non-blank value for `ESPIDF_PUTTY_MONITOR` to launch `testMonitor.sh` output in putty.exe sessions from Windows.
+Assumes `PUTTY_EXE="/mnt/c/tools/putty.exe"`.
+
+```bash
+export ESPIDF_PUTTY_MONITOR=true
+```
+
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
 
-```
+```text
 ets Jun  8 2016 00:22:57
 
 rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj
index 6c3af7988..4334b8c6b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.vgdbproj
@@ -71,7 +71,7 @@
           <Subdirectory>esp-idf/v5.0</Subdirectory>
           <Type>ESPIDF</Type>
         </IDFCheckout>
-        <COMPort>COM9</COMPort>
+        <COMPort>COM19</COMPort>
         <SuppressTestPrerequisiteChecks>false</SuppressTestPrerequisiteChecks>
         <UseCCache>false</UseCCache>
         <DeviceID>ESP32</DeviceID>
@@ -93,7 +93,7 @@
   </CustomDebug>
   <DeviceTerminalSettings>
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM20</ComPortName>
+      <ComPortName>COM19</ComPortName>
       <AdvancedSettings>
         <BaudRate>115200</BaudRate>
         <DataBits>8</DataBits>
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
index e82e19b60..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@@ -1,36 +1,166 @@
 #
-#  Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -45,6 +175,30 @@ else()
 endif()
 message(STATUS "THIS_USER = ${THIS_USER}")
 
+if( "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
 
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
@@ -63,7 +217,8 @@ message(STATUS "THIS_USER = ${THIS_USER}")
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -71,25 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-        if("${FOUND_WOLFSSL}")
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+        if( FOUND_WOLFSSL )
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -107,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -136,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -147,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          esp_timer
-                                          driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -166,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -230,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -284,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -340,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -353,17 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
+        # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -372,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -382,9 +722,14 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_load.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\""   # included by ssl.c
+        "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -395,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -416,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -439,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -484,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -492,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
index 5234a007e..8865ec880 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
@@ -1,40 +1,306 @@
-#
-# Copyright (C) 2006-2023 wolfSSL Inc.
-#
-# This file is part of wolfSSL.
-#
-# wolfSSL is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# wolfSSL is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-#
-#
-# Component Makefile
-#
-
-COMPONENT_ADD_INCLUDEDIRS := . ./include
-
-COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
-# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
-
-COMPONENT_SRCDIRS := src wolfcrypt/src
-COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += wolfcrypt/benchmark
-COMPONENT_SRCDIRS += wolfcrypt/test
-
-CFLAGS +=-DWOLFSSL_USER_SETTINGS
-
-COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += src/bio.o
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
+
+##
+## wolfSSL
+##
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (needed for this test example)
+##
+COMPONENT_OBJS               += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+COMPONENT_SRCDIRS            += $(WOLFSSL_ROOT)/wolfcrypt/test
+COMPONENT_ADD_INCLUDEDIRS    += $(WOLFSSL_ROOT)/wolfcrypt/test/include
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
index d6eeebbb4..7349338aa 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,13 +18,61 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* This user_settings.h is for Espressif ESP-IDF */
-#include <sdkconfig.h>
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
-** Possible values:
+** Some possible values:
 **
 **   CONFIG_IDF_TARGET_ESP32
 **   CONFIG_IDF_TARGET_ESP32S2
@@ -36,18 +84,283 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
- * choose ONE of these Espressif chips to define:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
 
-#define WOLFSSL_ESP32
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -61,17 +374,45 @@
 /* #define NO_OLD_TLS */
 
 #define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -79,40 +420,87 @@
 
 #define HAVE_AESGCM
 
-#define WOLFSSL_RIPEMD
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
 /* when you want to use SHA224 */
 #define WOLFSSL_SHA224
 
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
 
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
 
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
 
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-#define OPENSSL_EXTRA
-/* when you want to use pkcs7 */
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
 
-#define HAVE_PKCS7
-
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* when you want to use aes counter mode */
+/* when you want to use AES counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */
 
@@ -126,27 +514,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* rsa primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
-
-#define RSA_LOW_MEM
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -157,8 +529,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -167,7 +542,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -176,6 +551,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -183,18 +566,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -206,7 +603,7 @@
 #undef  WOLFSSL_SYS_CA_CERTS
 */
 
-/*
+/* command-line options
 --enable-keygen
 --enable-certgen
 --enable-certreq
@@ -214,10 +611,66 @@
 --enable-asn-template
 */
 
-/* Default is HW enabled unless turned off.
-** Uncomment these lines to force SW instead of HW acceleration */
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
 
-#if defined(CONFIG_IDF_TARGET_ESP32)
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -235,6 +688,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -247,6 +701,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                         */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
@@ -260,6 +715,7 @@
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
     /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
      * single QFN 4x4 mm package. Out of released documentation, Technical
      * Reference Manual as well as ESP-IDF Programming Guide is applicable
@@ -285,6 +741,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -302,6 +759,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
     /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
 
     /*  #define NO_ESP32_CRYPT                 */
@@ -318,6 +776,7 @@
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
     /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -326,11 +785,19 @@
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8266)
-    /*  TODO: Revisit ESP8266 */
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -342,31 +809,84 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
 
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -396,8 +916,9 @@
 ** [Z = X * Y mod M] in esp_mp_mulmod()                         */
 /* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
 
-#define WOLFSSL_PUBLIC_MP /* used by benchmark */
-#define USE_CERT_BUFFERS_2048
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
 
 /* when turning on ECC508 / ECC608 support
 #define WOLFSSL_ESPWROOM32SE
@@ -406,12 +927,81 @@
 #define ATCA_WOLFSSL
 */
 
-/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
 #define WOLFSSL_SM2
 #define WOLFSSL_SM3
 #define WOLFSSL_SM4
 */
 
+/* Conditional macros used in wolfSSL TLS client and server examples */
 #if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
     #include <wolfssl/certs_test_sm.h>
     #define CTX_CA_CERT          root_sm2
@@ -427,19 +1017,77 @@
     #undef  WOLFSSL_BASE16
     #define WOLFSSL_BASE16
 #else
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    #define CTX_CA_CERT          ca_cert_der_2048
-    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
-    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_CERT      server_cert_der_2048
-    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
-    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
-    #define CTX_SERVER_KEY       server_key_der_2048
-    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
-    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
-#endif
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
 
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
 /* See settings.h for some of the possible hardening options:
  *
  *  #define NO_ESPIDF_DEFAULT
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
index 8787e3b88..2998d8ee5 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
@@ -1,15 +1,44 @@
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.2
 #
 # wolfssl crypt test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS "main.c")
-
-# when using time helper:
-# set(COMPONENT_SRCS "main.c" "time_helper.c")
-
-set(COMPONENT_ADD_INCLUDEDIRS ".")
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
 
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
 set (git_cmd "git")
 
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -22,9 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
+## register_component()
 idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." 
-                       "./include")
+                       INCLUDE_DIRS "."
+                            "./include"
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -54,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -78,3 +129,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
index d31083f65..08f8fbe9b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
@@ -1,3 +1,23 @@
 #
-# Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
index 94c3b5eba..7b41f28ba 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
@@ -1,6 +1,6 @@
-/* template main.h
+/* wolfssl_test main.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
index 2fd41d3f0..88480f552 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
@@ -1,6 +1,6 @@
-/* main.c
+/* test main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,22 +24,47 @@
 #include "sdkconfig.h"
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef WOLFSSL_ESPIDF
-#warning "problem with wolfSSL user settings. Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfcrypt/test/test.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+/* Hardware; include after other libraries,
+ * particularly after freeRTOS from settings.h */
+#include <driver/uart.h>
 
-/* set to 0 for one benchmark,
-** set to 1 for continuous benchmark loop */
+/* set to 0 for one test,
+** set to 1 for continuous test loop */
 #define TEST_LOOP 0
 
+#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
+
+#ifdef CONFIG_ESP8266_XTAL_FREQ_26
+    /* 26MHz crystal: 74880 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 74880
+#else
+    /* 40MHz crystal: 115200 bps */
+    #define THIS_MONITOR_UART_BAUD_DATE 115200
+#endif
+
 /*
 ** the wolfssl component can be installed in either:
 **
@@ -60,7 +85,7 @@
 */
 #undef WOLFSSL_USE_TIME_HELPER
 #if defined(WOLFSSL_USE_TIME_HELPER)
-    #include "time_helper.h" */
+    #include "time_helper.h"
 #endif
 
 /* see wolfssl/wolfcrypt/test/test.h */
@@ -132,14 +157,39 @@ void my_atmel_free(int slotId)
 /* entry point */
 void app_main(void)
 {
+    uart_config_t uart_config = {
+        .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
+        .data_bits = UART_DATA_8_BITS,
+        .parity    = UART_PARITY_DISABLE,
+        .stop_bits = UART_STOP_BITS_1,
+    };
     int stack_start = 0;
+    int loops = 0;
     esp_err_t ret = 0;
+
+    stack_start = esp_sdk_stack_pointer();
+
+    /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
+     *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
+
+    /* Some targets may need to have UART speed set, such as ESP8266 */
+    ESP_LOGI(TAG, "UART init");
+    uart_param_config(UART_NUM_0, &uart_config);
+    uart_driver_install(UART_NUM_0,
+                        THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
+
     ESP_LOGI(TAG, "------------------ wolfSSL Test Example ----------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+    ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
+
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
+    esp_DisableWatchdog();
+#endif
 
 #ifdef ESP_TASK_MAIN_STACK
      ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
@@ -147,6 +197,7 @@ void app_main(void)
 #ifdef TASK_EXTRA_STACK_SIZE
      ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
+
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
@@ -156,61 +207,19 @@ void app_main(void)
      * the minimum free stack space there has been (in bytes not words, unlike
      * vanilla FreeRTOS) since the task started. The smaller the returned
      * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+     * see Espressif esp32/api-reference/system/freertos_idf.html
      */
     stack_start = uxTaskGetStackHighWaterMark(NULL);
     ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
 #endif
 
-#ifdef HAVE_VERSION_EXTENDED_INFO
+#if defined(HAVE_VERSION_EXTENDED_INFO)
     esp_ShowExtendedSystemInfo();
 #endif
 
-    /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32)
-    ESP_LOGI(TAG, "CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
-            );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#elif defined(CONFIG_IDF_TARGET_ESP32S2)
-    ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#elif defined(CONFIG_IDF_TARGET_ESP32S3)
-    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
-                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
-             );
-    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
-#else
-    /* not available for other platformas at this time */
-#endif
-
     /* all platforms: stack high water mark check */
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 
-    /* check to see if we are using hardware encryption
-     * TODO: move this to esp_util.c  */
-#if defined(NO_ESP32_CRYPT)
-    ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
-#else
-    #if defined(CONFIG_IDF_TARGET_ESP32C2)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C2.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-C3.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32S2)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S2.");
-
-    #elif defined(CONFIG_IDF_TARGET_ESP32S3)
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled for ESP32-S3.");
-
-    #else
-        ESP_LOGI(TAG, "ESP32_CRYPT is enabled.");
-    #endif
-#endif
-
 #if defined (WOLFSSL_USE_TIME_HELPER)
     set_time();
 #endif
@@ -233,57 +242,62 @@ void app_main(void)
     ESP_LOGI(TAG, "NO_CRYPT_TEST defined, skipping wolf_test_task");
 #else
     /* Although wolfCrypt_Init() may be explicitly called above,
-    ** Note it is still always called in wolf_test_task.
+    ** note it is still always called in wolf_test_task.
     */
-    int loops = 0;
+    stack_start = uxTaskGetStackHighWaterMark(NULL);
+
     do {
-        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+
+        ret = wolf_test_task();
+        #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
             esp_hw_show_metrics();
         #endif
-        ret = wolf_test_task();
+        loops++; /* count of the number of tests run before fail. */
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
         ESP_LOGI(TAG, "loops = %d", loops);
 
-        loops++;
-    }
-    while (TEST_LOOP && (ret == 0));
+    } while (TEST_LOOP && (ret == 0));
+
+    /* Reminder: wolfCrypt_Cleanup() should always be called at completion,
+    ** and is called in wolf_test_task().  */
 
 #if defined TEST_LOOP && (TEST_LOOP == 1)
     ESP_LOGI(TAG, "Test loops completed: %d", loops);
 #endif
 
-    /* note wolfCrypt_Cleanup() should always be called when finished.
-    ** This is called at the end of wolf_test_task();
-    */
+#if defined(SINGLE_THREADED)
+    /* need stack monitor for single thread */
+#else
+    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+#endif
 
-    if (ret == 0) {
-        ESP_LOGI(TAG, "wolf_test_task complete success result code = %d", ret);
-    }
-    else {
-        ESP_LOGE(TAG, "wolf_test_task FAIL result code = %d", ret);
-        /* see wolfssl/wolfcrypt/error-crypt.h */
-    }
-
-#if defined(DEBUG_WOLFSSL) && !defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI)
+#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
     esp_hw_show_mp_metrics();
 #endif
 
-    /* after the test, we'll just wait */
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                        - (uxTaskGetStackHighWaterMark(NULL)));
+    ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                    - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 
-#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
+#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
+    if (ret == 0) {
+        ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
+    }
+    else {
+        ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
+    }
+#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
 #else
     ESP_LOGI(TAG, "\n\nDone!\n\n"
                   "If running from idf.py monitor, press twice: Ctrl+]");
 #endif
 
-    /* done */
+    /* After completion, we'll just wait */
     while (1) {
 #if defined(SINGLE_THREADED)
         while (1);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
deleted file mode 100644
index 8b7da74a0..000000000
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* time_helper.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#include <string.h>
-#include <lwip/apps/sntp.h>
-
-#include "sdkconfig.h"
-#include "esp_log.h"
-
-#include "time_helper.h"
-
-const static char* TAG = "Time Helper";
-
-#define TIME_ZONE "PST-8"
-/* NELEMS(x) number of elements
- * To determine the number of elements in the array, we can divide the total size of
- * the array by the size of the array element
- * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c
- **/
-#define NELEMS(x)  ( (int)(sizeof(x) / sizeof((x)[0])) )
-#define NTP_SERVER_LIST ( (char*[]) {                        \
-                                     "pool.ntp.org",         \
-                                     "time.nist.gov",        \
-                                     "utcnist.colorado.edu"  \
-                                     }                       \
-                        )
-/* #define NTP_SERVER_COUNT using NELEMS:
- *
- *  (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0]))
- */
-#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST)
-char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
-
-/* our NTP server list is global info */
-extern char* ntpServerList[NTP_SERVER_COUNT];
-
-
-int set_time(void)
-{
-    /* we'll also return a result code of zero */
-    int res = 0;
-    int i = 0; /* counter for time servers */
-    time_t interim_time;
-
-    /* ideally, we'd like to set time from network,
-     * but let's set a default time, just in case */
-    struct tm timeinfo = {
-        .tm_year = 2022 - 1900,
-        .tm_mon = 11,
-        .tm_mday = 15,
-        .tm_hour = 3,
-        .tm_min = 25,
-        .tm_sec = 0
-    };
-    struct timeval now;
-
-#ifndef NTP_SERVER_COUNT
-    #define NTP_SERVER_COUNT 0
-    char* ntpServerList[NTP_SERVER_COUNT];
-#endif /* not defined: NTP_SERVER_COUNT */
-
-#ifndef TIME_ZONE
-    #define TIME_ZONE "PST-8"
-#endif /* not defined: TIME_ZONE */
-
-
-    /* set interim static time */
-    interim_time = mktime(&timeinfo);
-    now = (struct timeval){ .tv_sec = interim_time };
-    settimeofday(&now, NULL);
-
-
-    /* set timezone */
-    setenv("TZ", TIME_ZONE, 1);
-    tzset();
-
-    if (NTP_SERVER_COUNT) {
-        /* next, let's setup NTP time servers
-         *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
-         */
-        sntp_setoperatingmode(SNTP_OPMODE_POLL);
-
-        ESP_LOGI(TAG, "sntp_setservername:");
-        for (i = 0; i < NTP_SERVER_COUNT; i++) {
-            const char* thisServer = ntpServerList[i];
-            if (strncmp(thisServer, "\x00", 1) == 0) {
-                /* just in case we run out of NTP servers */
-                break;
-            }
-            ESP_LOGI(TAG, "%s", thisServer);
-            sntp_setservername(i, thisServer);
-        }
-        sntp_init();
-        ESP_LOGI(TAG, "sntp_init done.");
-    }
-    else {
-        ESP_LOGI(TAG, "No sntp time servers found.");
-    }
-    return res;
-}
-
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
index 5a1a339c9..0b2fcd1a9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
@@ -1,34 +1,31 @@
-# This tag is used to include this file in the ESP Component Registry:
-# __ESP_COMPONENT_SOURCE__
-
-# to view: idf.py partition-table
-#
-# ESP-IDF Partition Table
-# Name, Type,  SubType, Offset,  Size, Flags
-nvs,     data, nvs,     0x9000,  24K,
-phy_init,data, phy,     0xf000,  4K,
-factory, app,  factory, 0x10000, 1500K,
-
-
-# For other settings, see:
-# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
-#
-# Here is the summary printed for the “Single factory app, no OTA” configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x6000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000, 1M,
-#
-#
-# Here is the summary printed for the “Factory app, two OTA definitions” configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x4000,
-# otadata,  data, ota,     0xd000,  0x2000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000,  1M,
-# ota_0,    app,  ota_0,   0x110000, 1M,
-# ota_1,    app,  ota_1,   0x210000, 1M,
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
index 17097709d..6fd9876d0 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
@@ -1,41 +1,157 @@
-# This tag is used to include this file in the ESP Component Registry:
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+CONFIG_BENCH_ARGV="-lng 0"
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55000
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55000
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=28672
 
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
 #
 # Watchdog Timers
 #
-# We don't want to have the watchdog timeout during tests
+# We don't want to have the watchdog timeout during tests & benchmarks
 #
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
 CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
 
-# minimum C3 chip revision known to work is 2.
-# rev 0 and 1 not available for testing.
-# all revisions expected to work.
-CONFIG_ESP32C3_REV_MIN_0=
-CONFIG_ESP32C3_REV_MIN_1=
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
 CONFIG_ESP32C3_REV_MIN_2=y
-CONFIG_ESP32C3_REV_MIN_3=
-
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32
new file mode 100644
index 000000000..9d61e301d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c3 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c3
new file mode 100644
index 000000000..a252c51ba
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c3
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=25500
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c6 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c6
new file mode 100644
index 000000000..a252c51ba
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c6
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=25500
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32h2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32h2
new file mode 100644
index 000000000..a252c51ba
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32h2
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=25500
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s2
new file mode 100644
index 000000000..9d61e301d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s2
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s3 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s3
new file mode 100644
index 000000000..9d61e301d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s3
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
new file mode 100644
index 000000000..0d8de0fd6
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+#
+# testAll.sh [keyword suffix]
+#
+# Build and compile the wolfssl_test for all platforms.
+#
+# Supply optional keyword suffix value for log file names.
+#
+# See testMonitor.sh for USB port settings.
+#
+# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty.
+# instead of using `idf.py monitor`
+#==============================================================================
+
+# Run shell check to ensure this a good script.
+shellcheck "$0"
+
+if [[ "$PATH" == *"rtos-sdk"* ]]; then
+    echo "Error. Detected rtos-sdk in path."
+    echo "Need to start with clean path (no prior idf.py setup) "
+    exit 1
+fi
+
+# Save the current PATH to a temporary variable
+ORIGINAL_PATH="$PATH"
+echo "ORIGINAL_PATH=$PATH"
+
+export ESPIDF_PUTTY_MONITOR="TRUE"
+
+THIS_SUFFIX="$1"
+
+
+#******************************************************************************
+# ESP8266 uses rtos-sdk/v3.4 toolchain. Test this first, as it is slowest.
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+#******************************************************************************
+
+# Clear ESP-IDF environment variables to ensure clean start for export.sh
+unset ESP_IDF_VERSION
+unset ESP_ROM_ELF_DIR
+unset IDF_DEACTIVATE_FILE_PATH
+unset IDF_PATH
+unset IDF_PYTHON_ENV_PATH
+unset IDF_TOOLS_EXPORT_CMD
+unset IDF_TOOLS_INSTALL_CMD
+unset OPENOCD_SCRIPTS
+
+echo "Run ESP8266 export.sh from ${WRK_IDF_PATH}"
+
+# shell check should not follow into the ESP-IDF export.sh
+# shellcheck disable=SC1091
+. "$WRK_IDF_PATH"/export.sh
+
+# Tensilica
+./testMonitor.sh wolfssl_test esp8266 "$THIS_SUFFIX" || exit 1 # 2715073
+
+
+#******************************************************************************
+# ESP32[-N] uses esp-idf/v5.2 toolchain
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+#******************************************************************************
+# Restore the original PATH
+export PATH="$ORIGINAL_PATH"
+
+# Clear ESP-IDF environment variables to ensure clean start
+unset ESP_IDF_VERSION
+unset ESP_ROM_ELF_DIR
+unset IDF_DEACTIVATE_FILE_PATH
+unset IDF_PATH
+unset IDF_PYTHON_ENV_PATH
+unset IDF_TOOLS_EXPORT_CMD
+unset IDF_TOOLS_INSTALL_CMD
+unset OPENOCD_SCRIPTS
+
+echo "Run ESP32 export.sh from ${WRK_IDF_PATH}"
+
+# shell check should not follow into the ESP-IDF export.sh
+# shellcheck disable=SC1091
+. "$WRK_IDF_PATH"/export.sh
+
+# Comment numeric values are recently observed runtime durations.
+# Different tests may be enabled for each device.
+# This list is not indicative of relative performance.
+
+# Limited hardware acceleration, test slowest first:
+./testMonitor.sh wolfssl_test esp32h2 "$THIS_SUFFIX" || exit 1 # 1424084 esp32h2 COM31" ok
+./testMonitor.sh wolfssl_test esp8684 "$THIS_SUFFIX" || exit 1 # 1065290 esp8684 COM49" ok
+
+# RISC-V
+./testMonitor.sh wolfssl_test esp32c2 "$THIS_SUFFIX" || exit 1 # 1133856 esp32c2 COM79" ok
+./testMonitor.sh wolfssl_test esp32c3 "$THIS_SUFFIX" || exit 1 # 344677  esp32c3 COM35"   NT
+./testMonitor.sh wolfssl_test esp32c6 "$THIS_SUFFIX" || exit 1 # 346393  esp32c6 COM36" ok
+
+# Xtensa
+./testMonitor.sh wolfssl_test esp32   "$THIS_SUFFIX" || exit 1 # 259093  esp32   COM9"    NT
+./testMonitor.sh wolfssl_test esp32s2 "$THIS_SUFFIX" || exit 1 # 305004  esp32s2 COM30"   NT
+./testMonitor.sh wolfssl_test esp32s3 "$THIS_SUFFIX" || exit 1 # 267518  esp32s3 COM24"   NT
+
+# Restore the original PATH
+export PATH="$ORIGINAL_PATH"
+
+echo "Done!"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
new file mode 100644
index 000000000..987699511
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
@@ -0,0 +1,230 @@
+#!/usr/bin/env bash
+#
+# Syntax:
+#   ./testMonitor.sh <example_name> <target> <keyword>
+#
+# Example:
+#
+#   ./testMonitor.sh wolfssl_test esp32c6 WIP
+#
+# Define ESPIDF_PUTTY_MONITOR to a non-blank value to call putty
+# instead of using `idf.py monitor`
+#========================================================================================
+
+# Run shell check to ensure this a good script.
+shellcheck "$0"
+
+PUTTY_EXE="/mnt/c/tools/putty.exe"
+
+THIS_HOME_DIR="$(pwd)"
+# export WOLFSSL_ESPIDF="/mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples"
+
+# the first parameter is expected to be a project name in the WOLFSSL_ESPIDF directory.
+if [ $# -lt 3 ]; then
+    echo "Usage: $0 <example_name> <target> <keyword>"
+    exit 1
+else
+    THIS_EXAMPLE="$1"
+#    pushd "${WOLFSSL_ESPIDF}" || exit 1
+#    pushd "./${THIS_EXAMPLE}" || exit 1
+
+    THIS_TARGET="$2"
+    THIS_KEYWORD="$3"
+fi
+
+echo "testMonitor current path:"
+pwd
+
+#ESP32c2 monitor is 78800
+# These are the WSL Serial Ports for each respective ESP32 SoC Device.
+# Unfortunately they are currently hard coded and computer-specific.
+esp32_PORT="/dev/ttyS9"
+esp32c2_PORT="/dev/ttyS79"
+esp32c3_PORT="/dev/ttyS35"
+esp32c6_PORT="/dev/ttyS36"
+esp32h2_PORT="/dev/ttyS31"
+esp32s2_PORT="/dev/ttyS30"
+esp32s3_PORT="/dev/ttyS24"
+esp8266_PORT="/dev/ttyS70"
+
+esp8684_PORT="/dev/ttyS49"
+# esp32c2_PORT="/dev/ttyS49" #8684
+
+# Load putty profiles. Note profiles names need to have been previously
+# defined and saved in putty! These are the saved sessions in putty:
+esp32_PUTTY="COM9"
+esp32c2_PUTTY="COM79 - ESP32-C2 74880"
+esp32c3_PUTTY="COM35"
+esp32c6_PUTTY="COM36"
+esp32h2_PUTTY="COM31"
+esp32s2_PUTTY="COM30"
+esp32s3_PUTTY="COM24"
+esp8684_PUTTY="COM49"
+esp8266_PUTTY="COM70 - 74880"
+
+echo "esp32_PORT:   $esp32_PORT"
+echo "esp32c2_PORT: $esp32c2_PORT"
+echo "esp32c3_PORT: $esp32c3_PORT"
+echo "esp32c6_PORT: $esp32c6_PORT"
+echo "esp32s2_PORT: $esp32s2_PORT"
+echo "esp32s3_PORT: $esp32s3_PORT"
+echo "esp32h2_PORT: $esp32h2_PORT"
+echo "esp8266_PORT: $esp8266_PORT"
+echo "esp8684_PORT: $esp8684_PORT"
+
+# given a THIS_TARGET, assign THIS_TARGET_PORT to the respective port.
+THIS_TARGET_PORT="${THIS_TARGET}_PORT"
+
+# Check that THIS_TARGET_PORT is defined.
+if [ -z "$THIS_TARGET_PORT" ]; then
+    echo "Error: No port defined for ${THIS_TARGET}"
+    exit 1
+else
+    echo "THIS_TARGET_PORT=${THIS_TARGET_PORT}"
+fi
+
+THIS_TARGET_PORT="${!THIS_TARGET_PORT}"
+echo THIS_TARGET_PORT="${THIS_TARGET_PORT}"
+
+
+# The use of putty is optional
+THIS_TARGET_PUTTY="${THIS_TARGET}_PUTTY"
+
+if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then
+    echo "Using ESP-IDF monitor"
+else
+    # Check that THIS_TARGET_PUTTY is defined.
+    echo ""
+    echo "Using saved putty profile session names:"
+    echo "esp32_PUTTY:   $esp32_PUTTY"
+    echo "esp32c2_PUTTY: $esp32c2_PUTTY"
+    echo "esp32c3_PUTTY: $esp32c3_PUTTY"
+    echo "esp32c6_PUTTY: $esp32c6_PUTTY"
+    echo "esp32s2_PUTTY: $esp32s2_PUTTY"
+    echo "esp32s3_PUTTY: $esp32s3_PUTTY"
+    echo "esp32h2_PUTTY: $esp32h2_PUTTY"
+    echo "esp8684_PUTTY: $esp8684_PUTTY"
+    echo "esp8266_PUTTY: $esp8266_PUTTY"
+    echo ""
+
+    if [ -z "$THIS_TARGET_PUTTY" ]; then
+        echo "Error: No putty profile defined for ${THIS_TARGET}"
+        exit 1
+    else
+        echo "THIS_TARGET_PUTTY=${THIS_TARGET_PUTTY}"
+    fi
+
+    THIS_TARGET_PUTTY="${!THIS_TARGET_PUTTY}"
+    echo THIS_TARGET_PUTTY="${THIS_TARGET_PUTTY}"
+fi
+
+if [[ "$THIS_TARGET" == "esp8684" ]]; then
+    echo "Treating esp8684 like an esp32c2"
+    THIS_TARGET=esp32c2
+fi
+
+
+# Assemble some log file names.
+echo ""
+BUILD_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_build_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+FLASH_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_flash_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_LOG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_output_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_CFG="${THIS_HOME_DIR}/logs/${THIS_EXAMPLE}_user_settings_IDF_v5.1_${THIS_TARGET}_${THIS_KEYWORD}.txt"
+THIS_WLOG="logs\\${THIS_TARGET}_output.log"
+# cp ./components/wolfssl/include/user_settings.h "${THIS_CFG}"
+
+echo  "BUILD_LOG = ${BUILD_LOG}"
+echo  "FLASH_LOG = ${FLASH_LOG}"
+echo  "THIS_LOG  = ${THIS_LOG}"
+echo  "THIS_CFG  = ${THIS_CFG}"
+
+
+if [[ "$THIS_TARGET" == "esp8266" ]]; then
+    # idf.py for the ESP8266  does not support --version
+    echo "ESP8266 using $IDF_PATH"
+else
+    idf.py --version                            > "${BUILD_LOG}" 2>&1
+fi
+
+echo "Full clean for $THIS_TARGET..."
+#---------------------------------------------------------------------
+idf.py fullclean                                >> "${BUILD_LOG}" 2>&1
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    echo "Error during fullclean. Deleting build directory."
+    rm -rf ./build
+fi
+
+#---------------------------------------------------------------------
+if [[ "$THIS_TARGET" == "esp8266" ]]; then
+    #always start with a fresh sdkconfig-debug (or sdkconfig-release) from defaults
+    rm -f ./sdkconfig-debug
+    rm -f ./sdkconfig-release
+
+    # idf.py for the ESP8266  does not support --set-target
+    echo "Target is $THIS_TARGET"
+
+    # Since we don't "set-target" for the ESP8266, ensure the sdkconfig is not present
+    rm -f ./sdkconfig
+else
+    # Start with fresh sdkconfig
+    rm -f ./sdkconfig
+
+    # ESP8266 debug and release files not used for non-ESP8266 targets here,delete anyhow:
+    rm -f ./sdkconfig-debug
+    rm -f ./sdkconfig-release
+
+    echo "idf.py set-target $THIS_TARGET"
+    idf.py "set-target" "$THIS_TARGET"              >> "${BUILD_LOG}" 2>&1
+    THIS_ERROR_CODE=$?
+    if [ $THIS_ERROR_CODE -ne 0 ]; then
+        echo ""
+        tail -n 5 "${BUILD_LOG}"
+        echo "Error during set-target"
+        exit 1
+    fi
+fi
+
+#---------------------------------------------------------------------
+echo ""
+echo "Build $THIS_TARGET..."
+echo "idf.py build"
+idf.py build                                    >> "${BUILD_LOG}" 2>&1
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    tail -n 5 "${BUILD_LOG}"
+    echo "Error during build for $THIS_TARGET"
+    echo ""
+    echo ""
+    exit 1
+fi
+
+#---------------------------------------------------------------------
+echo ""
+echo "Flash $THIS_TARGET..."
+echo "idf.py flash -p ${THIS_TARGET_PORT} -b 115200"
+idf.py flash -p "${THIS_TARGET_PORT}" -b 115200 2>&1 | tee -a "${FLASH_LOG}"
+THIS_ERROR_CODE=$?
+if [ $THIS_ERROR_CODE -ne 0 ]; then
+    echo ""
+    tail -n 5 "${FLASH_LOG}"
+    echo "Error during flash"
+    exit 1
+fi
+
+# popd || exit 1
+# popd || exit 1
+
+# Note both of the options spawn a separate process:
+if [ -z "$ESPIDF_PUTTY_MONITOR" ]; then
+    echo "Monitor..."
+    echo  ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}"
+
+    ./wolfssl_monitor.py --port "${THIS_TARGET_PORT}" --baudrate 115200 --logfile "${THIS_LOG}" &
+else
+    echo "Calling putty..."
+    echo "$PUTTY_EXE -load \"$THIS_TARGET_PUTTY\""
+    $PUTTY_EXE -load "$THIS_TARGET_PUTTY" -logoverwrite -sessionlog "${THIS_WLOG}" &
+fi
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.sln b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.sln
new file mode 100644
index 000000000..57fec6c39
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.sln
@@ -0,0 +1,30 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.8.34601.278
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "wolfssl_test_ESP8266", "wolfssl_test_ESP8266.vgdbproj", "{C9687472-A434-43A7-9026-7914F425B9B4}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{D4A6F5E5-807B-4D51-ACD5-8493BCF2E7F0}"
+	ProjectSection(SolutionItems) = preProject
+		components\wolfssl\include\user_settings.h = components\wolfssl\include\user_settings.h
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|VisualGDB = Debug|VisualGDB
+		Release|VisualGDB = Release|VisualGDB
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Debug|VisualGDB.ActiveCfg = Debug|VisualGDB
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Debug|VisualGDB.Build.0 = Debug|VisualGDB
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Release|VisualGDB.ActiveCfg = Release|VisualGDB
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Release|VisualGDB.Build.0 = Release|VisualGDB
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {84F29237-2909-4E98-AD33-2624E2256EF8}
+	EndGlobalSection
+EndGlobal
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
new file mode 100644
index 000000000..6181d50c7
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM70</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>
\ No newline at end of file
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
index f2efc2f3d..7d0988aaf 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
@@ -12,11 +12,11 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"  
-    The list of argument can be find in help.
+    There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+    All features enabled in the `user_settings.h` will be tested.
 
 When you want to run the test program
 
@@ -46,9 +46,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
index e19e22a53..0adf45649 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
 # in the build directory. This behaviour is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
index d31083f65..44bd2b527 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
@@ -1,3 +1,3 @@
 #
 # Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
index 5d3844206..1eb568bde 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,15 +24,26 @@
 #include "sdkconfig.h"
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#ifndef WOLFSSL_ESPIDF
-#warning "problem with wolfSSL user settings. Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    /* Unlike other examples with wolfSSL as a local component, this */
+    /* example tests wolSSL *in* the ESP-IDF. If you get an error:   */
+    /*    wolfssl/wolfcrypt/settings.h: No such file or directory    */
+    /* Then wolfSSL is missing from the ESP-IDF components           */
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfcrypt/benchmark/benchmark.h>
+    #include <wolfssl/version.h>
+    #include <wolfcrypt/test/test.h>
+#else
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile: \
+CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfcrypt/test/test.h>
-
 /*
 ** the wolfssl component can be installed in either:
 **
@@ -152,8 +163,8 @@ void app_main(void)
 
 
     /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32C3)
-    /* not available for C3 at this time */
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* TODO CPU_FREQ_MHZ not available for C2/C3 at this time */
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
     ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
                    CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
@@ -173,7 +184,7 @@ void app_main(void)
 #if defined(NO_ESP32_CRYPT)
     ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
 #else
-    #if defined(CONFIG_IDF_TARGET_ESP32C3)
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3)
         #error "ESP32_CRYPT not yet supported on ESP32-C3"
     #elif defined(CONFIG_IDF_TARGET_ESP32S2)
         #error "ESP32_CRYPT not yet supported on ESP32-S2"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
index b301e6520..7cac2f131 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
index c3cccde41..abd778c25 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -94,7 +94,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference/system/system_time
          */
         sntp_setoperatingmode(SNTP_OPMODE_POLL);
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
index 1de6f0f8b..0ca254c4a 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
@@ -1,6 +1,6 @@
 #ifndef _TIME_HELPER_H
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
index ab9cb25f4..151bc3ce9 100644
--- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
@@ -1,21 +1,21 @@
 #
-#  Copyright (C) 2006-2022 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-#  This file is part of wolfSSL.
+# This file is part of wolfSSL.
 #
-#  wolfSSL is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-#  wolfSSL is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 # cmake for wolfssl
 #
@@ -75,7 +75,10 @@ set(COMPONENT_SRCEXCLUDE
     "./src/ssl_bn.c"      # included by ssl.c
     "./src/ssl_certman.c" # included by ssl.c
     "./src/ssl_crypto.c"  # included by ssl.c
+    "./src/ssl_load.c"    # included by ssl.c
     "./src/ssl_misc.c"    # included by ssl.c
+    "./src/ssl_p7p12.c"   # included by ssl.c
+    "./src/ssl_sess.c"    # included by ssl.c
     "./src/x509.c"
     "./src/x509_str.c"
     "./wolfcrypt/src/evp.c"
diff --git a/IDE/Espressif/ESP-IDF/libs/README.md b/IDE/Espressif/ESP-IDF/libs/README.md
index 703baf1ea..d5dc4c993 100644
--- a/IDE/Espressif/ESP-IDF/libs/README.md
+++ b/IDE/Espressif/ESP-IDF/libs/README.md
@@ -4,4 +4,4 @@ Files in IDE\Espressif\ESP-IDF\libs:
 
 `component.mk` used in ESP-IDF `wolfssl` component directory
 
-`tigard.cfg` Tigard JTAG config file 
\ No newline at end of file
+`tigard.cfg` Tigard JTAG config file
diff --git a/IDE/Espressif/ESP-IDF/libs/component.mk b/IDE/Espressif/ESP-IDF/libs/component.mk
index 5234a007e..568b293b2 100644
--- a/IDE/Espressif/ESP-IDF/libs/component.mk
+++ b/IDE/Espressif/ESP-IDF/libs/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -16,6 +16,8 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#/
+#/
 #
 #
 # Component Makefile
diff --git a/IDE/Espressif/ESP-IDF/setup.sh b/IDE/Espressif/ESP-IDF/setup.sh
index 8d10a59b7..495b62921 100755
--- a/IDE/Espressif/ESP-IDF/setup.sh
+++ b/IDE/Espressif/ESP-IDF/setup.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # check if IDF_PATH is set
 if [ -z "$IDF_PATH" ]; then
@@ -159,4 +159,3 @@ if [ "${WOLFSSL_SETUP_VERBOSE}" == "true" ]; then
   echo "Copy complete!"
 fi
 
-exit 1
diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md
index e832b5c50..e499c970e 100644
--- a/IDE/Espressif/ESP-IDF/test/README.md
+++ b/IDE/Espressif/ESP-IDF/test/README.md
@@ -2,9 +2,9 @@
 
 The test contains of wolfSSL unit-test app on Unity.
 
-When you want to run the app  
-1. Go to /esp-idf/tools/unit-test-app/ folder  
-2. `idf.py menuconfig` to configure unit test app.  
-3. `idf.py -T wolfssl build` to build wolfssl unit test app.  
+When you want to run the app
+1. Go to /esp-idf/tools/unit-test-app/ folder
+2. `idf.py menuconfig` to configure unit test app.
+3. `idf.py -T wolfssl build` to build wolfssl unit test app.
 
-See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.
+See Espressif for more information about unit test app.
diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h
index 4b2923418..e48149ee5 100644
--- a/IDE/Espressif/ESP-IDF/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -331,7 +331,7 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -359,7 +359,7 @@
 
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md
index dea3b36a3..530c1012c 100644
--- a/IDE/Espressif/README.md
+++ b/IDE/Espressif/README.md
@@ -28,18 +28,16 @@ resource.
 ## Requirements
 
 The wolfSSL Espressif code requires the ESP-IDF to be installed for
-[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html)
-or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html).
+Windows or Linux / MacOS.
 
-See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/).
+See the Espressif Getting Started Guide.
 
-Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html)
-for a list of feature-rich Integrated Development Environments.
+Any editor can be used.
 The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations
 to help get started quickly.
 
-Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html)
-can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically
+Although not required, a JTAG Adapter can be helpful for development.
+When not using a built-in JTAG from Espressif, the examples typically
 use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme).
 
 ## Examples:
@@ -52,7 +50,7 @@ There are a variety of examples to help get started:
 
 The wolfSSL library can be installed as a managed component:
 
-* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl)
+* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 
 ## Notes:
 
@@ -145,7 +143,6 @@ the reset-program hardware properly, causing devices to not be programmed with t
 Connecting......................................
 
 A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode.
-For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html
 CMake Error at run_serial_tool.cmake:56 (message):
   /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python
   /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py
@@ -154,8 +151,49 @@ CMake Error at run_serial_tool.cmake:56 (message):
 
 Solution:
 
-Press and hold`EN` button, press and release `IO0` button, then release `EN` button.
+Press and hold `EN` button, press and release `IO0` button, then release `EN` button.
+
+### Unknown CMake command "esptool_py_flash_project_args".
+
+This unintuitive error was observed when including an unneeded `set(COMPONENTS` in the project-level CMakeLists.txt
+and attempting to build with an older toolchain, such as the RTOS SDK 3.4 for the ESP8266.
+
+### PermissionError: [Errno 13] Permission denied could not open port {}
+
+This error, other than the obvious permissions, also occurs when the port is in use by another application:
+
+```text
+Traceback (most recent call last):
+  File "/home/gojimmypi/.espressif/python_env/rtos3.4_py3.10_env/lib/python3.10/site-packages/serial/serialposix.py", line 322, in open
+    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
+PermissionError: [Errno 13] Permission denied: '/dev/ttyS55'
+
+During handling of the above exception, another exception occurred:
+
+Traceback (most recent call last):
+    [... snip ...]
+raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
+serial.serialutil.SerialException: [Errno 13] could not open port /dev/ttyS55: [Errno 13] Permission denied: '/dev/ttyS55'
+```
+### Panic Task watchdog got triggered.
+
+Long-running code may trip the watchdog timer.
+
+```
+Task watchdog got triggered.
+
+Guru Meditation Error: Core  0 panic'ed (unknown). Exception was unhandled.
+```
+
+The watchdog needs to be fed on a regular basis
+with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`.
+
+Try turning off the WDT in menuconfig, or for Makefiles:
+
+```
+EXTRA_CFLAGS += -DNO_WATCHDOG
+```
 
 #### Other Solutions
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
+See also Espressif `esp-faq-en-master.pdf`
diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am
index 662034155..3d356b767 100644
--- a/IDE/Espressif/include.am
+++ b/IDE/Espressif/include.am
@@ -22,42 +22,53 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h
 # Template
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
 
 # Benchmark
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln
@@ -70,17 +81,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_
 # TLS Client
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
@@ -93,8 +105,13 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md
 
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
 
@@ -102,18 +119,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include
@@ -126,35 +140,49 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
 
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
 
 #  wolfSSL Test
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
+
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.c
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB
 
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C3.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32C6.sln
@@ -170,7 +198,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg
 
-# Other test
+# Other test for wolfSSL installed in the ESP-IDF
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md
diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h
index f1f8fd6d1..9455d1833 100644
--- a/IDE/GCC-ARM/Header/user_settings.h
+++ b/IDE/GCC-ARM/Header/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -250,10 +250,10 @@ extern "C" {
 /* AES */
 #undef NO_AES
 #if 1
-	#undef  HAVE_AES_CBC
-	#define HAVE_AES_CBC
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
 
-	#undef  HAVE_AESGCM
+    #undef  HAVE_AESGCM
     #define HAVE_AESGCM
 
     /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
@@ -419,6 +419,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/GCC-ARM/README.md b/IDE/GCC-ARM/README.md
index 2aa29d969..40b2bdfd1 100644
--- a/IDE/GCC-ARM/README.md
+++ b/IDE/GCC-ARM/README.md
@@ -118,7 +118,7 @@ These settings are located in `Header/user_settings.h`.
 * `USE_SLOW_SHA`: Enables smaller/slower version of SHA.
 * `USE_SLOW_SHA256`: About 2k smaller and about 25% slower
 * `USE_SLOW_SHA512`: Over twice as small, but 50% slower
-* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with. 
+* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with.
 * `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
 * `ECC_USER_CURVES`: Allows user to define curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
 * `TFM_ARM`, `TFM_SSE2`, `TFM_AVR32`, `TFM_PPC32`, `TFM_MIPS`, `TFM_X86` or `TFM_X86_64`: These are assembly optimizations available with USE_FAST_MATH.
diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c
index 4780be1f1..16f8e524c 100644
--- a/IDE/GCC-ARM/Source/armtarget.c
+++ b/IDE/GCC-ARM/Source/armtarget.c
@@ -1,6 +1,6 @@
 /* armtarget.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/benchmark_main.c b/IDE/GCC-ARM/Source/benchmark_main.c
index e113c86ef..c89132804 100644
--- a/IDE/GCC-ARM/Source/benchmark_main.c
+++ b/IDE/GCC-ARM/Source/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,16 +39,16 @@ int main(void)
 {
     int ret;
 #ifndef NO_CRYPT_BENCHMARK
-	wolfCrypt_Init();
+    wolfCrypt_Init();
 
-	printf("\nBenchmark Test\n");
-	benchmark_test(&args);
+    printf("\nBenchmark Test\n");
+    benchmark_test(&args);
     ret = args.return_code;
-	printf("Benchmark Test: Return code %d\n", ret);
+    printf("Benchmark Test: Return code %d\n", ret);
 
-	wolfCrypt_Cleanup();
+    wolfCrypt_Cleanup();
 #else
     ret = NOT_COMPILED_IN;
 #endif
-	return ret;
+    return ret;
 }
diff --git a/IDE/GCC-ARM/Source/test_main.c b/IDE/GCC-ARM/Source/test_main.c
index bf7216b11..6b4a0e77b 100644
--- a/IDE/GCC-ARM/Source/test_main.c
+++ b/IDE/GCC-ARM/Source/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,16 +40,16 @@ int main(void)
 {
     int ret;
 #ifndef NO_CRYPT_TEST
-	wolfCrypt_Init();
+    wolfCrypt_Init();
 
-	printf("\nCrypt Test\n");
-	wolfcrypt_test(&args);
+    printf("\nCrypt Test\n");
+    wolfcrypt_test(&args);
     ret = args.return_code;
-	printf("Crypt Test: Return code %d\n", ret);
+    printf("Crypt Test: Return code %d\n", ret);
 
-	wolfCrypt_Cleanup();
+    wolfCrypt_Cleanup();
 #else
     ret = NOT_COMPILED_IN;
 #endif
-	return ret;
+    return ret;
 }
diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c
index 00afe6ef9..cfaf7d013 100644
--- a/IDE/GCC-ARM/Source/tls_client.c
+++ b/IDE/GCC-ARM/Source/tls_client.c
@@ -1,6 +1,6 @@
 /* tls_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c
index 50e93d1a1..df438c87c 100644
--- a/IDE/GCC-ARM/Source/tls_server.c
+++ b/IDE/GCC-ARM/Source/tls_server.c
@@ -1,6 +1,6 @@
 /* tls_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/wolf_main.c b/IDE/GCC-ARM/Source/wolf_main.c
index 3c705d245..ab862fca8 100644
--- a/IDE/GCC-ARM/Source/wolf_main.c
+++ b/IDE/GCC-ARM/Source/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Gaisler-BCC/README.md b/IDE/Gaisler-BCC/README.md
new file mode 100644
index 000000000..5becddce9
--- /dev/null
+++ b/IDE/Gaisler-BCC/README.md
@@ -0,0 +1,65 @@
+# Gaisler BCC
+
+This document outlines how to compile for the Gaisler LEON range of Sparc CPUs
+using the BCC2 toolkit. The steps here should also work for the original BCC.
+
+## Compiler
+
+In the examples in this document, a Linux computer is used as a cross compiler
+and the compilers have been extracted to `/opt`. You can install them elsewhere,
+but please adjust commands accordingly.
+
+### Bare-metal
+
+To compile for bare-metal, you need to download the BCC2 binaries from
+[here](https://www.gaisler.com/index.php/downloads/compilers). You can use
+either the GCC or CLang version, but do note that you will need to set the
+CFLAG `-std=c99` to compile in CLang.
+
+### Linux
+
+For Linux, you will need the "GNU toolchains for LEON and NOEL" from
+[this link](https://www.gaisler.com/index.php/downloads/linux).
+
+## Compiling
+
+### Bare metal
+
+Copy the file `examples/config/user_settings_template.h` to `user_settings.h` in
+the root of the source code. Then edit this to add the following:
+
+```c
+#define WOLFSSL_GAISLER_BCC
+#define WOLFSSL_GENSEED_FORTEST
+```
+
+The first `#define` is only required to compile the wolfCrypt benchmark.
+
+**Note:** that most Gaisler LEON processors do not have a good source of
+entropy for the RNG. It is recommended an external entropy source is used when
+developing for production.
+
+You can then compile with the following. Change `leon5` to the LEON CPU version
+used:
+
+```sh
+export CC=/opt/sparc-bcc-2.3.1-gcc/bin/sparc-gaisler-elf-gcc
+export CXX=/opt/sparc-bcc-2.3.1-gcc/bin/sparc-gaisler-elf-g++
+export CFLAGS="-mcpu=leon5"
+
+./configure --host=sparc --enable-usersettings --disable-examples --enable-static
+make
+```
+
+### Linux
+
+To compile for Linux on the LEON use the following commands:
+
+```sh
+export CC=/opt/sparc-gaisler-linux5.10/bin/sparc-gaisler-linux5.10-gcc
+export CXX=/opt/sparc-gaisler-linux5.10/bin/sparc-gaisler-linux5.10-g++
+export CFLAGS="-mcpu=leon5"
+
+./configure --host=sparc-linux
+make
+```
diff --git a/IDE/Gaisler-BCC/include.am b/IDE/Gaisler-BCC/include.am
new file mode 100644
index 000000000..3aaaa45f1
--- /dev/null
+++ b/IDE/Gaisler-BCC/include.am
@@ -0,0 +1,4 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/Gaisler-BCC/README.md
diff --git a/IDE/HEXAGON/DSP/Makefile b/IDE/HEXAGON/DSP/Makefile
index 5b73cef4d..036354feb 100644
--- a/IDE/HEXAGON/DSP/Makefile
+++ b/IDE/HEXAGON/DSP/Makefile
@@ -1,6 +1,6 @@
 # Makefile
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/HEXAGON/Makefile b/IDE/HEXAGON/Makefile
index cdf6a1c59..eb573b575 100644
--- a/IDE/HEXAGON/Makefile
+++ b/IDE/HEXAGON/Makefile
@@ -1,6 +1,6 @@
 # Makefile
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/HEXAGON/README.md b/IDE/HEXAGON/README.md
index 8ac7913db..4cf6ffe17 100644
--- a/IDE/HEXAGON/README.md
+++ b/IDE/HEXAGON/README.md
@@ -71,5 +71,5 @@ benchmarking using threads on aDSP
 20000 verifies on 4 threads took 23.261446 seconds
 
 benchmarking 1 thread on cDSP
-5000 verifies on 1 threads took 18.560995 seconds 
+5000 verifies on 1 threads took 18.560995 seconds
 
diff --git a/IDE/HEXAGON/build.sh b/IDE/HEXAGON/build.sh
index 5e09fba45..29fc8ed0a 100755
--- a/IDE/HEXAGON/build.sh
+++ b/IDE/HEXAGON/build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 if [ -z $1 ]; then
 	echo "./build <Debug | Release>"
 	exit 1
diff --git a/IDE/HEXAGON/ecc-verify-benchmark.c b/IDE/HEXAGON/ecc-verify-benchmark.c
index 24f912570..a2822ba59 100644
--- a/IDE/HEXAGON/ecc-verify-benchmark.c
+++ b/IDE/HEXAGON/ecc-verify-benchmark.c
@@ -1,6 +1,6 @@
 /* ecc-verify-benchmark.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,14 +32,14 @@
 #define MAX_TIMES 5000
 #define MAX_BLOCK_SIZE 1024
 
-#include <sys/time.h>                                                       
+#include <sys/time.h>
 
-static double get_time()                                              
-{                                                                           
-    struct timeval tv;                                                      
-    gettimeofday(&tv, 0);                                                   
-    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;                
-} 
+static double get_time()
+{
+    struct timeval tv;
+    gettimeofday(&tv, 0);
+    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
+}
 
 
 /* software version */
diff --git a/IDE/HEXAGON/ecc-verify.c b/IDE/HEXAGON/ecc-verify.c
index ccbc18d81..a626ad008 100644
--- a/IDE/HEXAGON/ecc-verify.c
+++ b/IDE/HEXAGON/ecc-verify.c
@@ -1,6 +1,6 @@
 /* ecc-verify.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/HEXAGON/user_settings.h b/IDE/HEXAGON/user_settings.h
index 1897e883c..5643e759d 100644
--- a/IDE/HEXAGON/user_settings.h
+++ b/IDE/HEXAGON/user_settings.h
@@ -13,25 +13,25 @@
 #define USE_FAST_MATH
 #define TFM_TIMING_RESISTANT
 #ifdef HAVE_ECC
-	#define ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
 #endif
 #ifndef NO_RSA
-	#define WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
 #endif
 
 #if 1
-	#define WOLFSSL_HAVE_SP_RSA
-	#define WOLFSSL_HAVE_SP_ECC
-	#define WOLFSSL_SP_MATH
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_MATH
 
-	#if 1
-		/* ARM NEON instructions */
-		#define WOLFSSL_SP_ARM64_ASM
-	#endif
-	#if 1
-		/* Use DSP */
-		#define WOLFSSL_DSP
-	#endif
+    #if 1
+        /* ARM NEON instructions */
+        #define WOLFSSL_SP_ARM64_ASM
+    #endif
+    #if 1
+        /* Use DSP */
+        #define WOLFSSL_DSP
+    #endif
 #endif
 
 #endif
diff --git a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
index f5e51cd97..c1291c870 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
@@ -1,6 +1,6 @@
 /* benchmark-main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
index 0e8d40268..89f576272 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/current_time.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
@@ -1,6 +1,6 @@
 /* current-time.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
index 43d316fb9..18aa7462f 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
+++ b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
@@ -937,7 +937,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/common/minimum-startup.c b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
index ec79e29a4..fb7805c09 100644
--- a/IDE/IAR-EWARM/Projects/common/minimum-startup.c
+++ b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
@@ -1,6 +1,6 @@
 /* minimum-startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
index e3e4d7836..685c9f6fd 100644
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -1593,7 +1593,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1879,7 +1879,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/test/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c
index d472d5d1e..880081c8e 100644
--- a/IDE/IAR-EWARM/Projects/test/test-main.c
+++ b/IDE/IAR-EWARM/Projects/test/test-main.c
@@ -1,6 +1,6 @@
 /* test-main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
index ca0a95067..e48aba5f0 100644
--- a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
@@ -937,7 +937,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/user_settings.h b/IDE/IAR-EWARM/Projects/user_settings.h
index 289a4d718..c6274a29d 100644
--- a/IDE/IAR-EWARM/Projects/user_settings.h
+++ b/IDE/IAR-EWARM/Projects/user_settings.h
@@ -1,4 +1,3 @@
-
 #define NO_MAIN_DRIVER
 #define BENCH_EMBEDDED
 #define NO_WRITEV
@@ -17,10 +16,59 @@
 
 #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
 
-#define TFM_TIMING_RESISTANT
+/* A few examples of different math options below.
+ *
+ * See examples/configs/user_settings_template.h for a more
+ * detailed template. */
+#if 1
+    /* Use only single precision (SP) math and algorithms.
+     * SP math is written to accelerate specific/common key
+     * sizes and curves. This adds code from sp_c32.c, or one of the specific
+     * assembly implementations like sp_cortexm.c. This code is faster than the
+     * multi-precision support because it's optimized for the key/curve.
+     * The SP math can be used together with any multi-precision math library
+     * if WOLFSSL_SP_MATH is removed. If only standard keys/curves are being
+     * used the multi-precision math is not required.
+     */
+    #define WOLFSSL_SP_MATH
+    /* Enable SP ECC support */
+    #define WOLFSSL_HAVE_SP_ECC
+    /* Enable SP RSA support */
+    #define WOLFSSL_HAVE_SP_RSA
+    /* Enable SP DH support */
+    #define WOLFSSL_HAVE_SP_DH
+    /* Reduce stack use specifically in SP implementation.  */
+    #define WOLFSSL_SP_SMALL_STACK
+    /* use smaller version of code */
+    #define WOLFSSL_SP_SMALL
+    /* Assembly optimized version - sp_cortexm.c */
+    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#elif 1
+    /* Use SP math for all key sizes and curves. This will use
+     * the multi-precision (MP) math implementation in sp_int.c */
+    #define WOLFSSL_SP_MATH_ALL
+    /* Disable use of dynamic stack items */
+    #define WOLFSSL_SP_NO_DYN_STACK
+    /* use smaller version of code */
+    #define WOLFSSL_SP_SMALL
+#elif 1
+    /* Fast Math (tfm.c) (stack based and timing resistant) */
+    #define USE_FAST_MATH
+    /* Enable Fast Math Timing Resistance */
+    #define TFM_TIMING_RESISTANT
+#else
+    /* Normal (integer.c) (heap based, not timing resistant) - not recommended*/
+    #define USE_INTEGER_HEAP_MATH
+#endif
+
+/* Enable ECC Timing Resistance */
 #define ECC_TIMING_RESISTANT
+/* Enables blinding mode, to prevent timing attacks */
 #define WC_RSA_BLINDING
 
+/* reduce stack use. For variables over 100 bytes allocate from heap */
+#define WOLFSSL_SMALL_STACK
+/* disable mutex locking */
 #define SINGLE_THREADED  /* or define RTOS  option */
 /* #define WOLFSSL_CMSIS_RTOS */
 #define NO_FILESYSTEM
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink
deleted file mode 100644
index 3a2fb4743..000000000
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink
+++ /dev/null
@@ -1,39 +0,0 @@
-[BREAKPOINTS]
-ForceImpTypeAny = 0
-ShowInfoWin = 1
-EnableFlashBP = 2
-BPDuringExecution = 0
-[CFI]
-CFISize = 0x00
-CFIAddr = 0x00
-[CPU]
-MonModeVTableAddr = 0xFFFFFFFF
-MonModeDebug = 0
-MaxNumAPs = 0
-LowPowerHandlingMode = 0
-OverrideMemMap = 0
-AllowSimulation = 1
-ScriptFile=""
-[FLASH]
-CacheExcludeSize = 0x00
-CacheExcludeAddr = 0x00
-MinNumBytesFlashDL = 0
-SkipProgOnCRCMatch = 1
-VerifyDownload = 1
-AllowCaching = 1
-EnableFlashDL = 2
-Override = 1
-Device="ATSAMV71Q21"
-[GENERAL]
-WorkRAMSize = 0x00
-WorkRAMAddr = 0x00
-RAMUsageLimit = 0x00
-[SWO]
-SWOLogFile=""
-[MEM]
-RdOverrideOrMask = 0x00
-RdOverrideAndMask = 0xFFFFFFFF
-RdOverrideAddr = 0xFFFFFFFF
-WrOverrideOrMask = 0x00
-WrOverrideAndMask = 0xFFFFFFFF
-WrOverrideAddr = 0xFFFFFFFF
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
index 979e36637..b927b650c 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
@@ -958,7 +958,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
@@ -1627,7 +1627,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1917,7 +1917,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt
deleted file mode 100644
index 86013a043..000000000
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt
+++ /dev/null
@@ -1,2382 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <group>
-    <name>Application</name>
-    <file>
-      <name>$PROJ_DIR$\Application\runBenchmarks.c</name>
-    </file>
-  </group>
-  <group>
-    <name>benchmark</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\benchmark\benchmark.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Device_Support</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Setup</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c</name>
-    </file>
-  </group>
-</project>
-
-
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
index 1f00a1fb3..bb7170c66 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
@@ -1624,7 +1624,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1914,7 +1914,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
deleted file mode 100644
index e0722daa4..000000000
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
+++ /dev/null
@@ -1,2400 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <group>
-    <name>wolfcrypt_sources</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\aes.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\asn.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha20_poly1305.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\coding.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\des3.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dh.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dsa.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\ecc.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hash.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\kdf.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hmac.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md4.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md5.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\memory.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\misc.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\poly1305.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\pwdbased.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\random.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\rsa.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha256.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha512.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\tfm.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_encrypt.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_port.c</name>
-    </file>
-  </group>
-</project>
-
-
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
index 36937deef..07fd6c5bc 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
@@ -26,4 +26,4 @@ int main(void) {
   OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK);
   OS_Start();                      /* Start the OS */
   return 0;
-}
\ No newline at end of file
+}
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink
deleted file mode 100644
index 3a2fb4743..000000000
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink
+++ /dev/null
@@ -1,39 +0,0 @@
-[BREAKPOINTS]
-ForceImpTypeAny = 0
-ShowInfoWin = 1
-EnableFlashBP = 2
-BPDuringExecution = 0
-[CFI]
-CFISize = 0x00
-CFIAddr = 0x00
-[CPU]
-MonModeVTableAddr = 0xFFFFFFFF
-MonModeDebug = 0
-MaxNumAPs = 0
-LowPowerHandlingMode = 0
-OverrideMemMap = 0
-AllowSimulation = 1
-ScriptFile=""
-[FLASH]
-CacheExcludeSize = 0x00
-CacheExcludeAddr = 0x00
-MinNumBytesFlashDL = 0
-SkipProgOnCRCMatch = 1
-VerifyDownload = 1
-AllowCaching = 1
-EnableFlashDL = 2
-Override = 1
-Device="ATSAMV71Q21"
-[GENERAL]
-WorkRAMSize = 0x00
-WorkRAMAddr = 0x00
-RAMUsageLimit = 0x00
-[SWO]
-SWOLogFile=""
-[MEM]
-RdOverrideOrMask = 0x00
-RdOverrideAndMask = 0xFFFFFFFF
-RdOverrideAddr = 0xFFFFFFFF
-WrOverrideOrMask = 0x00
-WrOverrideAndMask = 0xFFFFFFFF
-WrOverrideAddr = 0xFFFFFFFF
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
index 9ed45e93a..f871fcef9 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
@@ -958,7 +958,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
@@ -1627,7 +1627,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1917,7 +1917,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt
deleted file mode 100644
index 2847ab531..000000000
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt
+++ /dev/null
@@ -1,2382 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-STAT</name>
-      <archiveVersion>259</archiveVersion>
-      <data>
-        <version>259</version>
-        <cstatargs>
-          <useExtraArgs>0</useExtraArgs>
-          <extraArgs></extraArgs>
-          <analyzeTimeoutEnabled>1</analyzeTimeoutEnabled>
-          <analyzeTimeout>600</analyzeTimeout>
-          <enableParallel>0</enableParallel>
-          <parallelThreads>2</parallelThreads>
-          <enableFalsePositives>0</enableFalsePositives>
-          <messagesLimitEnabled>1</messagesLimitEnabled>
-          <messagesLimit>100</messagesLimit>
-        </cstatargs>
-        <cstat_settings>
-          <cstat_version>1.3.2</cstat_version>
-          <checks_tree>
-            <package enabled="true" name="STDCHECKS">
-              <group enabled="true" name="ARR">
-                <check enabled="true" name="ARR-inv-index-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr-pos"/>
-                <check enabled="true" name="ARR-inv-index-ptr"/>
-                <check enabled="true" name="ARR-inv-index"/>
-                <check enabled="true" name="ARR-neg-index"/>
-                <check enabled="true" name="ARR-uninit-index"/>
-              </group>
-              <group enabled="true" name="ATH">
-                <check enabled="true" name="ATH-cmp-float"/>
-                <check enabled="true" name="ATH-cmp-unsign-neg"/>
-                <check enabled="true" name="ATH-cmp-unsign-pos"/>
-                <check enabled="true" name="ATH-div-0-assign"/>
-                <check enabled="false" name="ATH-div-0-cmp-aft"/>
-                <check enabled="true" name="ATH-div-0-cmp-bef"/>
-                <check enabled="true" name="ATH-div-0-interval"/>
-                <check enabled="true" name="ATH-div-0-pos"/>
-                <check enabled="true" name="ATH-div-0-unchk-global"/>
-                <check enabled="true" name="ATH-div-0-unchk-local"/>
-                <check enabled="true" name="ATH-div-0-unchk-param"/>
-                <check enabled="true" name="ATH-div-0"/>
-                <check enabled="true" name="ATH-inc-bool"/>
-                <check enabled="true" name="ATH-malloc-overrun"/>
-                <check enabled="true" name="ATH-neg-check-nonneg"/>
-                <check enabled="true" name="ATH-neg-check-pos"/>
-                <check enabled="true" name="ATH-new-overrun"/>
-                <check enabled="false" name="ATH-overflow-cast"/>
-                <check enabled="true" name="ATH-overflow"/>
-                <check enabled="true" name="ATH-shift-bounds"/>
-                <check enabled="true" name="ATH-shift-neg"/>
-                <check enabled="true" name="ATH-sizeof-by-sizeof"/>
-              </group>
-              <group enabled="true" name="CAST">
-                <check enabled="false" name="CAST-old-style"/>
-              </group>
-              <group enabled="true" name="CATCH">
-                <check enabled="true" name="CATCH-object-slicing"/>
-                <check enabled="false" name="CATCH-xtor-bad-member"/>
-              </group>
-              <group enabled="true" name="COMMA">
-                <check enabled="false" name="COMMA-overload"/>
-              </group>
-              <group enabled="true" name="COMMENT">
-                <check enabled="true" name="COMMENT-nested"/>
-              </group>
-              <group enabled="true" name="CONST">
-                <check enabled="true" name="CONST-member-ret"/>
-              </group>
-              <group enabled="true" name="COP">
-                <check enabled="false" name="COP-alloc-ctor"/>
-                <check enabled="true" name="COP-assign-op-ret"/>
-                <check enabled="true" name="COP-assign-op-self"/>
-                <check enabled="true" name="COP-assign-op"/>
-                <check enabled="true" name="COP-copy-ctor"/>
-                <check enabled="false" name="COP-dealloc-dtor"/>
-                <check enabled="true" name="COP-dtor-throw"/>
-                <check enabled="true" name="COP-dtor"/>
-                <check enabled="true" name="COP-init-order"/>
-                <check enabled="true" name="COP-init-uninit"/>
-                <check enabled="true" name="COP-member-uninit"/>
-              </group>
-              <group enabled="true" name="CPU">
-                <check enabled="true" name="CPU-ctor-call-virt"/>
-                <check enabled="false" name="CPU-ctor-implicit"/>
-                <check enabled="true" name="CPU-delete-throw"/>
-                <check enabled="true" name="CPU-delete-void"/>
-                <check enabled="true" name="CPU-dtor-call-virt"/>
-                <check enabled="true" name="CPU-malloc-class"/>
-                <check enabled="true" name="CPU-nonvirt-dtor"/>
-                <check enabled="true" name="CPU-return-ref-to-class-data"/>
-              </group>
-              <group enabled="true" name="DECL">
-                <check enabled="false" name="DECL-implicit-int"/>
-              </group>
-              <group enabled="true" name="DEFINE">
-                <check enabled="true" name="DEFINE-hash-multiple"/>
-              </group>
-              <group enabled="true" name="ENUM">
-                <check enabled="false" name="ENUM-bounds"/>
-              </group>
-              <group enabled="true" name="EXP">
-                <check enabled="true" name="EXP-cond-assign"/>
-                <check enabled="true" name="EXP-dangling-else"/>
-                <check enabled="true" name="EXP-loop-exit"/>
-                <check enabled="false" name="EXP-main-ret-int"/>
-                <check enabled="false" name="EXP-null-stmt"/>
-                <check enabled="false" name="EXP-stray-semicolon"/>
-              </group>
-              <group enabled="true" name="EXPR">
-                <check enabled="true" name="EXPR-const-overflow"/>
-              </group>
-              <group enabled="true" name="FPT">
-                <check enabled="true" name="FPT-cmp-null"/>
-                <check enabled="false" name="FPT-literal"/>
-                <check enabled="true" name="FPT-misuse"/>
-              </group>
-              <group enabled="true" name="FUNC">
-                <check enabled="false" name="FUNC-implicit-decl"/>
-                <check enabled="false" name="FUNC-unprototyped-all"/>
-                <check enabled="true" name="FUNC-unprototyped-used"/>
-              </group>
-              <group enabled="true" name="INCLUDE">
-                <check enabled="false" name="INCLUDE-c-file"/>
-              </group>
-              <group enabled="true" name="INT">
-                <check enabled="false" name="INT-use-signed-as-unsigned-pos"/>
-                <check enabled="true" name="INT-use-signed-as-unsigned"/>
-              </group>
-              <group enabled="true" name="ITR">
-                <check enabled="true" name="ITR-end-cmp-aft"/>
-                <check enabled="true" name="ITR-end-cmp-bef"/>
-                <check enabled="true" name="ITR-invalidated"/>
-                <check enabled="false" name="ITR-mismatch-alg"/>
-                <check enabled="false" name="ITR-store"/>
-                <check enabled="true" name="ITR-uninit"/>
-              </group>
-              <group enabled="true" name="LIB">
-                <check enabled="false" name="LIB-bsearch-overrun-pos"/>
-                <check enabled="false" name="LIB-bsearch-overrun"/>
-                <check enabled="false" name="LIB-fn-unsafe"/>
-                <check enabled="false" name="LIB-fread-overrun-pos"/>
-                <check enabled="true" name="LIB-fread-overrun"/>
-                <check enabled="false" name="LIB-memchr-overrun-pos"/>
-                <check enabled="true" name="LIB-memchr-overrun"/>
-                <check enabled="false" name="LIB-memcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-memcpy-overrun"/>
-                <check enabled="false" name="LIB-memset-overrun-pos"/>
-                <check enabled="true" name="LIB-memset-overrun"/>
-                <check enabled="false" name="LIB-putenv"/>
-                <check enabled="false" name="LIB-qsort-overrun-pos"/>
-                <check enabled="false" name="LIB-qsort-overrun"/>
-                <check enabled="true" name="LIB-return-const"/>
-                <check enabled="true" name="LIB-return-error"/>
-                <check enabled="true" name="LIB-return-leak"/>
-                <check enabled="true" name="LIB-return-neg"/>
-                <check enabled="true" name="LIB-return-null"/>
-                <check enabled="false" name="LIB-sprintf-overrun"/>
-                <check enabled="false" name="LIB-std-sort-overrun-pos"/>
-                <check enabled="true" name="LIB-std-sort-overrun"/>
-                <check enabled="false" name="LIB-strcat-overrun-pos"/>
-                <check enabled="true" name="LIB-strcat-overrun"/>
-                <check enabled="false" name="LIB-strcpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strcpy-overrun"/>
-                <check enabled="false" name="LIB-strncat-overrun-pos"/>
-                <check enabled="true" name="LIB-strncat-overrun"/>
-                <check enabled="false" name="LIB-strncmp-overrun-pos"/>
-                <check enabled="true" name="LIB-strncmp-overrun"/>
-                <check enabled="false" name="LIB-strncpy-overrun-pos"/>
-                <check enabled="true" name="LIB-strncpy-overrun"/>
-              </group>
-              <group enabled="true" name="LOGIC">
-                <check enabled="false" name="LOGIC-overload"/>
-              </group>
-              <group enabled="true" name="MEM">
-                <check enabled="true" name="MEM-delete-array-op"/>
-                <check enabled="true" name="MEM-delete-op"/>
-                <check enabled="true" name="MEM-double-free-alias"/>
-                <check enabled="true" name="MEM-double-free-some"/>
-                <check enabled="true" name="MEM-double-free"/>
-                <check enabled="true" name="MEM-free-field"/>
-                <check enabled="true" name="MEM-free-fptr"/>
-                <check enabled="false" name="MEM-free-no-alloc-struct"/>
-                <check enabled="false" name="MEM-free-no-alloc"/>
-                <check enabled="true" name="MEM-free-no-use"/>
-                <check enabled="true" name="MEM-free-op"/>
-                <check enabled="true" name="MEM-free-struct-field"/>
-                <check enabled="true" name="MEM-free-variable-alias"/>
-                <check enabled="true" name="MEM-free-variable"/>
-                <check enabled="true" name="MEM-leak-alias"/>
-                <check enabled="false" name="MEM-leak"/>
-                <check enabled="false" name="MEM-malloc-arith"/>
-                <check enabled="true" name="MEM-malloc-diff-type"/>
-                <check enabled="true" name="MEM-malloc-sizeof-ptr"/>
-                <check enabled="true" name="MEM-malloc-sizeof"/>
-                <check enabled="false" name="MEM-malloc-strlen"/>
-                <check enabled="true" name="MEM-realloc-diff-type"/>
-                <check enabled="true" name="MEM-return-free"/>
-                <check enabled="true" name="MEM-return-no-assign"/>
-                <check enabled="true" name="MEM-stack-global-field"/>
-                <check enabled="true" name="MEM-stack-global"/>
-                <check enabled="true" name="MEM-stack-param-ref"/>
-                <check enabled="true" name="MEM-stack-param"/>
-                <check enabled="true" name="MEM-stack-pos"/>
-                <check enabled="true" name="MEM-stack-ref"/>
-                <check enabled="true" name="MEM-stack"/>
-                <check enabled="true" name="MEM-use-free-all"/>
-                <check enabled="true" name="MEM-use-free-some"/>
-              </group>
-              <group enabled="true" name="PTR">
-                <check enabled="true" name="PTR-arith-field"/>
-                <check enabled="true" name="PTR-arith-stack"/>
-                <check enabled="true" name="PTR-arith-var"/>
-                <check enabled="true" name="PTR-cmp-str-lit"/>
-                <check enabled="false" name="PTR-null-assign-fun-pos"/>
-                <check enabled="false" name="PTR-null-assign-pos"/>
-                <check enabled="true" name="PTR-null-assign"/>
-                <check enabled="true" name="PTR-null-cmp-aft"/>
-                <check enabled="true" name="PTR-null-cmp-bef-fun"/>
-                <check enabled="true" name="PTR-null-cmp-bef"/>
-                <check enabled="true" name="PTR-null-fun-pos"/>
-                <check enabled="false" name="PTR-null-literal-pos"/>
-                <check enabled="false" name="PTR-overload"/>
-                <check enabled="false" name="PTR-singleton-arith-pos"/>
-                <check enabled="true" name="PTR-singleton-arith"/>
-                <check enabled="true" name="PTR-unchk-param-some"/>
-                <check enabled="false" name="PTR-unchk-param"/>
-                <check enabled="false" name="PTR-uninit-pos"/>
-                <check enabled="true" name="PTR-uninit"/>
-              </group>
-              <group enabled="true" name="RED">
-                <check enabled="false" name="RED-alloc-zero-bytes"/>
-                <check enabled="false" name="RED-case-reach"/>
-                <check enabled="false" name="RED-cmp-always"/>
-                <check enabled="false" name="RED-cmp-never"/>
-                <check enabled="false" name="RED-cond-always"/>
-                <check enabled="true" name="RED-cond-const-assign"/>
-                <check enabled="false" name="RED-cond-const-expr"/>
-                <check enabled="false" name="RED-cond-const"/>
-                <check enabled="false" name="RED-cond-never"/>
-                <check enabled="true" name="RED-dead"/>
-                <check enabled="false" name="RED-expr"/>
-                <check enabled="false" name="RED-func-no-effect"/>
-                <check enabled="true" name="RED-local-hides-global"/>
-                <check enabled="false" name="RED-local-hides-local"/>
-                <check enabled="false" name="RED-local-hides-member"/>
-                <check enabled="true" name="RED-local-hides-param"/>
-                <check enabled="false" name="RED-no-effect"/>
-                <check enabled="true" name="RED-self-assign"/>
-                <check enabled="true" name="RED-unused-assign"/>
-                <check enabled="false" name="RED-unused-param"/>
-                <check enabled="false" name="RED-unused-return-val"/>
-                <check enabled="false" name="RED-unused-val"/>
-                <check enabled="true" name="RED-unused-var-all"/>
-              </group>
-              <group enabled="true" name="RESOURCE">
-                <check enabled="false" name="RESOURCE-deref-file"/>
-                <check enabled="true" name="RESOURCE-double-close"/>
-                <check enabled="true" name="RESOURCE-file-no-close-all"/>
-                <check enabled="false" name="RESOURCE-file-pos-neg"/>
-                <check enabled="true" name="RESOURCE-file-use-after-close"/>
-                <check enabled="false" name="RESOURCE-implicit-deref-file"/>
-                <check enabled="true" name="RESOURCE-write-ronly-file"/>
-              </group>
-              <group enabled="true" name="SIZEOF">
-                <check enabled="true" name="SIZEOF-side-effect"/>
-              </group>
-              <group enabled="true" name="SPC">
-                <check enabled="true" name="SPC-order"/>
-                <check enabled="false" name="SPC-uninit-arr-all"/>
-                <check enabled="true" name="SPC-uninit-struct-field-heap"/>
-                <check enabled="false" name="SPC-uninit-struct-field"/>
-                <check enabled="true" name="SPC-uninit-struct"/>
-                <check enabled="true" name="SPC-uninit-var-all"/>
-                <check enabled="true" name="SPC-uninit-var-some"/>
-                <check enabled="false" name="SPC-volatile-reads"/>
-                <check enabled="false" name="SPC-volatile-writes"/>
-              </group>
-              <group enabled="true" name="STRUCT">
-                <check enabled="false" name="STRUCT-signed-bit"/>
-              </group>
-              <group enabled="true" name="SWITCH">
-                <check enabled="true" name="SWITCH-fall-through"/>
-              </group>
-              <group enabled="true" name="THROW">
-                <check enabled="false" name="THROW-empty"/>
-                <check enabled="false" name="THROW-main"/>
-                <check enabled="true" name="THROW-null"/>
-                <check enabled="true" name="THROW-ptr"/>
-                <check enabled="true" name="THROW-static"/>
-                <check enabled="true" name="THROW-unhandled"/>
-              </group>
-              <group enabled="true" name="UNION">
-                <check enabled="true" name="UNION-overlap-assign"/>
-                <check enabled="true" name="UNION-type-punning"/>
-              </group>
-            </package>
-            <package enabled="false" name="CERT">
-              <group enabled="true" name="CERT-EXP">
-                <check enabled="true" name="CERT-EXP19-C"/>
-              </group>
-              <group enabled="true" name="CERT-FIO">
-                <check enabled="true" name="CERT-FIO37-C"/>
-                <check enabled="true" name="CERT-FIO38-C"/>
-              </group>
-              <group enabled="true" name="CERT-SIG">
-                <check enabled="true" name="CERT-SIG31-C"/>
-              </group>
-            </package>
-            <package enabled="false" name="SECURITY">
-              <group enabled="true" name="SEC-BUFFER">
-                <check enabled="true" name="SEC-BUFFER-memory-leak-alias"/>
-                <check enabled="false" name="SEC-BUFFER-memory-leak"/>
-                <check enabled="false" name="SEC-BUFFER-memset-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-memset-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-qsort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-qsort-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-sprintf-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-std-sort-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-std-sort-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strcpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strcpy-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncat-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncat-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncmp-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncmp-overrun"/>
-                <check enabled="false" name="SEC-BUFFER-strncpy-overrun-pos"/>
-                <check enabled="true" name="SEC-BUFFER-strncpy-overrun"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-alloc-size"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy-length"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-copy"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-index"/>
-                <check enabled="true" name="SEC-BUFFER-tainted-offset"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-all"/>
-                <check enabled="true" name="SEC-BUFFER-use-after-free-some"/>
-              </group>
-              <group enabled="true" name="SEC-DIV-0">
-                <check enabled="true" name="SEC-DIV-0-compare-after"/>
-                <check enabled="true" name="SEC-DIV-0-compare-before"/>
-                <check enabled="true" name="SEC-DIV-0-tainted"/>
-              </group>
-              <group enabled="true" name="SEC-FILEOP">
-                <check enabled="true" name="SEC-FILEOP-open-no-close"/>
-                <check enabled="false" name="SEC-FILEOP-path-traversal"/>
-                <check enabled="true" name="SEC-FILEOP-use-after-close"/>
-              </group>
-              <group enabled="true" name="SEC-INJECTION">
-                <check enabled="false" name="SEC-INJECTION-sql"/>
-                <check enabled="false" name="SEC-INJECTION-xpath"/>
-              </group>
-              <group enabled="true" name="SEC-LOOP">
-                <check enabled="true" name="SEC-LOOP-tainted-bound"/>
-              </group>
-              <group enabled="true" name="SEC-NULL">
-                <check enabled="false" name="SEC-NULL-assignment-fun-pos"/>
-                <check enabled="true" name="SEC-NULL-assignment"/>
-                <check enabled="true" name="SEC-NULL-cmp-aft"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef-fun"/>
-                <check enabled="true" name="SEC-NULL-cmp-bef"/>
-                <check enabled="false" name="SEC-NULL-literal-pos"/>
-              </group>
-              <group enabled="true" name="SEC-STRING">
-                <check enabled="true" name="SEC-STRING-format-string"/>
-                <check enabled="false" name="SEC-STRING-hard-coded-credentials"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2004">
-              <group enabled="true" name="MISRAC2004-1">
-                <check enabled="true" name="MISRAC2004-1.1"/>
-                <check enabled="true" name="MISRAC2004-1.2_a"/>
-                <check enabled="true" name="MISRAC2004-1.2_b"/>
-                <check enabled="true" name="MISRAC2004-1.2_c"/>
-                <check enabled="true" name="MISRAC2004-1.2_d"/>
-                <check enabled="true" name="MISRAC2004-1.2_e"/>
-                <check enabled="true" name="MISRAC2004-1.2_f"/>
-                <check enabled="true" name="MISRAC2004-1.2_g"/>
-                <check enabled="true" name="MISRAC2004-1.2_h"/>
-                <check enabled="true" name="MISRAC2004-1.2_i"/>
-                <check enabled="true" name="MISRAC2004-1.2_j"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-2">
-                <check enabled="true" name="MISRAC2004-2.1"/>
-                <check enabled="true" name="MISRAC2004-2.2"/>
-                <check enabled="true" name="MISRAC2004-2.3"/>
-                <check enabled="false" name="MISRAC2004-2.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-5">
-                <check enabled="true" name="MISRAC2004-5.2"/>
-                <check enabled="true" name="MISRAC2004-5.3"/>
-                <check enabled="true" name="MISRAC2004-5.4"/>
-                <check enabled="false" name="MISRAC2004-5.5"/>
-                <check enabled="false" name="MISRAC2004-5.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-6">
-                <check enabled="true" name="MISRAC2004-6.1"/>
-                <check enabled="false" name="MISRAC2004-6.3"/>
-                <check enabled="true" name="MISRAC2004-6.4"/>
-                <check enabled="true" name="MISRAC2004-6.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-7">
-                <check enabled="true" name="MISRAC2004-7.1"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-8">
-                <check enabled="true" name="MISRAC2004-8.1"/>
-                <check enabled="true" name="MISRAC2004-8.2"/>
-                <check enabled="true" name="MISRAC2004-8.5_a"/>
-                <check enabled="true" name="MISRAC2004-8.5_b"/>
-                <check enabled="true" name="MISRAC2004-8.12"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-9">
-                <check enabled="true" name="MISRAC2004-9.1_a"/>
-                <check enabled="true" name="MISRAC2004-9.1_b"/>
-                <check enabled="true" name="MISRAC2004-9.1_c"/>
-                <check enabled="true" name="MISRAC2004-9.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-10">
-                <check enabled="true" name="MISRAC2004-10.1_a"/>
-                <check enabled="true" name="MISRAC2004-10.1_b"/>
-                <check enabled="true" name="MISRAC2004-10.1_c"/>
-                <check enabled="true" name="MISRAC2004-10.1_d"/>
-                <check enabled="true" name="MISRAC2004-10.2_a"/>
-                <check enabled="true" name="MISRAC2004-10.2_b"/>
-                <check enabled="true" name="MISRAC2004-10.2_c"/>
-                <check enabled="true" name="MISRAC2004-10.2_d"/>
-                <check enabled="true" name="MISRAC2004-10.3"/>
-                <check enabled="true" name="MISRAC2004-10.4"/>
-                <check enabled="true" name="MISRAC2004-10.5"/>
-                <check enabled="true" name="MISRAC2004-10.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-11">
-                <check enabled="true" name="MISRAC2004-11.1"/>
-                <check enabled="false" name="MISRAC2004-11.3"/>
-                <check enabled="false" name="MISRAC2004-11.4"/>
-                <check enabled="true" name="MISRAC2004-11.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-12">
-                <check enabled="false" name="MISRAC2004-12.1"/>
-                <check enabled="true" name="MISRAC2004-12.2_a"/>
-                <check enabled="true" name="MISRAC2004-12.2_b"/>
-                <check enabled="true" name="MISRAC2004-12.2_c"/>
-                <check enabled="true" name="MISRAC2004-12.3"/>
-                <check enabled="true" name="MISRAC2004-12.4"/>
-                <check enabled="false" name="MISRAC2004-12.6_a"/>
-                <check enabled="false" name="MISRAC2004-12.6_b"/>
-                <check enabled="true" name="MISRAC2004-12.7"/>
-                <check enabled="true" name="MISRAC2004-12.8"/>
-                <check enabled="true" name="MISRAC2004-12.9"/>
-                <check enabled="true" name="MISRAC2004-12.10"/>
-                <check enabled="false" name="MISRAC2004-12.11"/>
-                <check enabled="true" name="MISRAC2004-12.12_a"/>
-                <check enabled="true" name="MISRAC2004-12.12_b"/>
-                <check enabled="false" name="MISRAC2004-12.13"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-13">
-                <check enabled="true" name="MISRAC2004-13.1"/>
-                <check enabled="false" name="MISRAC2004-13.2_a"/>
-                <check enabled="false" name="MISRAC2004-13.2_b"/>
-                <check enabled="false" name="MISRAC2004-13.2_c"/>
-                <check enabled="false" name="MISRAC2004-13.2_d"/>
-                <check enabled="false" name="MISRAC2004-13.2_e"/>
-                <check enabled="true" name="MISRAC2004-13.3"/>
-                <check enabled="true" name="MISRAC2004-13.4"/>
-                <check enabled="true" name="MISRAC2004-13.5"/>
-                <check enabled="true" name="MISRAC2004-13.6"/>
-                <check enabled="true" name="MISRAC2004-13.7_a"/>
-                <check enabled="true" name="MISRAC2004-13.7_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-14">
-                <check enabled="true" name="MISRAC2004-14.1"/>
-                <check enabled="true" name="MISRAC2004-14.2"/>
-                <check enabled="true" name="MISRAC2004-14.3"/>
-                <check enabled="true" name="MISRAC2004-14.4"/>
-                <check enabled="true" name="MISRAC2004-14.5"/>
-                <check enabled="true" name="MISRAC2004-14.6"/>
-                <check enabled="true" name="MISRAC2004-14.7"/>
-                <check enabled="true" name="MISRAC2004-14.8_a"/>
-                <check enabled="true" name="MISRAC2004-14.8_b"/>
-                <check enabled="true" name="MISRAC2004-14.8_c"/>
-                <check enabled="true" name="MISRAC2004-14.8_d"/>
-                <check enabled="true" name="MISRAC2004-14.9"/>
-                <check enabled="true" name="MISRAC2004-14.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-15">
-                <check enabled="true" name="MISRAC2004-15.0"/>
-                <check enabled="true" name="MISRAC2004-15.1"/>
-                <check enabled="true" name="MISRAC2004-15.2"/>
-                <check enabled="true" name="MISRAC2004-15.3"/>
-                <check enabled="true" name="MISRAC2004-15.4"/>
-                <check enabled="true" name="MISRAC2004-15.5"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-16">
-                <check enabled="true" name="MISRAC2004-16.1"/>
-                <check enabled="true" name="MISRAC2004-16.2_a"/>
-                <check enabled="true" name="MISRAC2004-16.2_b"/>
-                <check enabled="true" name="MISRAC2004-16.3"/>
-                <check enabled="true" name="MISRAC2004-16.5"/>
-                <check enabled="true" name="MISRAC2004-16.7"/>
-                <check enabled="true" name="MISRAC2004-16.8"/>
-                <check enabled="true" name="MISRAC2004-16.9"/>
-                <check enabled="true" name="MISRAC2004-16.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-17">
-                <check enabled="true" name="MISRAC2004-17.1_a"/>
-                <check enabled="true" name="MISRAC2004-17.1_b"/>
-                <check enabled="true" name="MISRAC2004-17.1_c"/>
-                <check enabled="true" name="MISRAC2004-17.4_a"/>
-                <check enabled="true" name="MISRAC2004-17.4_b"/>
-                <check enabled="true" name="MISRAC2004-17.5"/>
-                <check enabled="true" name="MISRAC2004-17.6_a"/>
-                <check enabled="true" name="MISRAC2004-17.6_b"/>
-                <check enabled="true" name="MISRAC2004-17.6_c"/>
-                <check enabled="true" name="MISRAC2004-17.6_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-18">
-                <check enabled="true" name="MISRAC2004-18.1"/>
-                <check enabled="true" name="MISRAC2004-18.2"/>
-                <check enabled="true" name="MISRAC2004-18.4"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-19">
-                <check enabled="false" name="MISRAC2004-19.2"/>
-                <check enabled="true" name="MISRAC2004-19.6"/>
-                <check enabled="false" name="MISRAC2004-19.7"/>
-                <check enabled="true" name="MISRAC2004-19.12"/>
-                <check enabled="false" name="MISRAC2004-19.13"/>
-                <check enabled="true" name="MISRAC2004-19.15"/>
-              </group>
-              <group enabled="true" name="MISRAC2004-20">
-                <check enabled="true" name="MISRAC2004-20.1"/>
-                <check enabled="true" name="MISRAC2004-20.4"/>
-                <check enabled="true" name="MISRAC2004-20.5"/>
-                <check enabled="true" name="MISRAC2004-20.6"/>
-                <check enabled="true" name="MISRAC2004-20.7"/>
-                <check enabled="true" name="MISRAC2004-20.8"/>
-                <check enabled="true" name="MISRAC2004-20.9"/>
-                <check enabled="true" name="MISRAC2004-20.10"/>
-                <check enabled="true" name="MISRAC2004-20.11"/>
-                <check enabled="true" name="MISRAC2004-20.12"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC2012">
-              <group enabled="true" name="MISRAC2012-Dir-4">
-                <check enabled="true" name="MISRAC2012-Dir-4.3"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.4"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.5"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.6_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.7_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.8"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.9"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.10"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_a"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_b"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_c"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_d"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_e"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_f"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_h"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.11_i"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.12"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_b"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_c"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_d"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_e"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_f"/>
-                <check enabled="true" name="MISRAC2012-Dir-4.13_g"/>
-                <check enabled="false" name="MISRAC2012-Dir-4.13_h"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-1">
-                <check enabled="true" name="MISRAC2012-Rule-1.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_g"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_h"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_i"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_j"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_k"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_m"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_n"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_o"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_p"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_q"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_r"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_s"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_t"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_u"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_v"/>
-                <check enabled="true" name="MISRAC2012-Rule-1.3_w"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-2">
-                <check enabled="true" name="MISRAC2012-Rule-2.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-2.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.5"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-2.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-3">
-                <check enabled="true" name="MISRAC2012-Rule-3.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-3.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-5">
-                <check enabled="true" name="MISRAC2012-Rule-5.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.2_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.3_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.4_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.5_c99"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-5.8"/>
-                <check enabled="false" name="MISRAC2012-Rule-5.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-6">
-                <check enabled="true" name="MISRAC2012-Rule-6.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-6.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-7">
-                <check enabled="true" name="MISRAC2012-Rule-7.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-7.4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-8">
-                <check enabled="true" name="MISRAC2012-Rule-8.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.6"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.9_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.10"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.11"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.12"/>
-                <check enabled="false" name="MISRAC2012-Rule-8.13"/>
-                <check enabled="true" name="MISRAC2012-Rule-8.14"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-9">
-                <check enabled="true" name="MISRAC2012-Rule-9.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.1_f"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-9.5_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-10">
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R4"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.1_R8"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.4_b"/>
-                <check enabled="false" name="MISRAC2012-Rule-10.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-10.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-11">
-                <check enabled="true" name="MISRAC2012-Rule-11.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-11.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-11.9"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-12">
-                <check enabled="false" name="MISRAC2012-Rule-12.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-12.2"/>
-                <check enabled="false" name="MISRAC2012-Rule-12.3"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-13">
-                <check enabled="true" name="MISRAC2012-Rule-13.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.2_c"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-13.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-13.6"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-14">
-                <check enabled="true" name="MISRAC2012-Rule-14.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.3_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-14.4_d"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-15">
-                <check enabled="false" name="MISRAC2012-Rule-15.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.3"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-15.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.6_e"/>
-                <check enabled="true" name="MISRAC2012-Rule-15.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-16">
-                <check enabled="true" name="MISRAC2012-Rule-16.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-16.7"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-17">
-                <check enabled="true" name="MISRAC2012-Rule-17.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-17.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-17.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-18">
-                <check enabled="true" name="MISRAC2012-Rule-18.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.1_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.4"/>
-                <check enabled="false" name="MISRAC2012-Rule-18.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.6_d"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-18.8"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-19">
-                <check enabled="true" name="MISRAC2012-Rule-19.1"/>
-                <check enabled="false" name="MISRAC2012-Rule-19.2"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-20">
-                <check enabled="false" name="MISRAC2012-Rule-20.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c89"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.4_c99"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-20.7"/>
-                <check enabled="false" name="MISRAC2012-Rule-20.10"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-21">
-                <check enabled="true" name="MISRAC2012-Rule-21.1"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.2"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.5"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.6"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.7"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.8"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.9"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.10"/>
-                <check enabled="true" name="MISRAC2012-Rule-21.11"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_a"/>
-                <check enabled="false" name="MISRAC2012-Rule-21.12_b"/>
-              </group>
-              <group enabled="true" name="MISRAC2012-Rule-22">
-                <check enabled="true" name="MISRAC2012-Rule-22.1_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.1_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.2_c"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.3"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.4"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_a"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.5_b"/>
-                <check enabled="true" name="MISRAC2012-Rule-22.6"/>
-              </group>
-            </package>
-            <package enabled="false" name="MISRAC++2008">
-              <group enabled="true" name="MISRAC++2008-0-1">
-                <check enabled="true" name="MISRAC++2008-0-1-1"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-2_c"/>
-                <check enabled="true" name="MISRAC++2008-0-1-3"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_a"/>
-                <check enabled="true" name="MISRAC++2008-0-1-4_b"/>
-                <check enabled="true" name="MISRAC++2008-0-1-6"/>
-                <check enabled="true" name="MISRAC++2008-0-1-7"/>
-                <check enabled="false" name="MISRAC++2008-0-1-8"/>
-                <check enabled="true" name="MISRAC++2008-0-1-9"/>
-                <check enabled="true" name="MISRAC++2008-0-1-11"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-2">
-                <check enabled="true" name="MISRAC++2008-0-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-0-3">
-                <check enabled="true" name="MISRAC++2008-0-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-7">
-                <check enabled="true" name="MISRAC++2008-2-7-1"/>
-                <check enabled="true" name="MISRAC++2008-2-7-2"/>
-                <check enabled="false" name="MISRAC++2008-2-7-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-10">
-                <check enabled="true" name="MISRAC++2008-2-10-1"/>
-                <check enabled="true" name="MISRAC++2008-2-10-2"/>
-                <check enabled="true" name="MISRAC++2008-2-10-3"/>
-                <check enabled="true" name="MISRAC++2008-2-10-4"/>
-                <check enabled="false" name="MISRAC++2008-2-10-5"/>
-                <check enabled="true" name="MISRAC++2008-2-10-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-2-13">
-                <check enabled="true" name="MISRAC++2008-2-13-2"/>
-                <check enabled="true" name="MISRAC++2008-2-13-3"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_a"/>
-                <check enabled="true" name="MISRAC++2008-2-13-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-1">
-                <check enabled="true" name="MISRAC++2008-3-1-1"/>
-                <check enabled="true" name="MISRAC++2008-3-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-3-9">
-                <check enabled="false" name="MISRAC++2008-3-9-2"/>
-                <check enabled="true" name="MISRAC++2008-3-9-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-4-5">
-                <check enabled="true" name="MISRAC++2008-4-5-1"/>
-                <check enabled="true" name="MISRAC++2008-4-5-2"/>
-                <check enabled="true" name="MISRAC++2008-4-5-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-0">
-                <check enabled="true" name="MISRAC++2008-5-0-1_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-1_c"/>
-                <check enabled="false" name="MISRAC++2008-5-0-2"/>
-                <check enabled="true" name="MISRAC++2008-5-0-3"/>
-                <check enabled="true" name="MISRAC++2008-5-0-4"/>
-                <check enabled="true" name="MISRAC++2008-5-0-5"/>
-                <check enabled="true" name="MISRAC++2008-5-0-6"/>
-                <check enabled="true" name="MISRAC++2008-5-0-7"/>
-                <check enabled="true" name="MISRAC++2008-5-0-8"/>
-                <check enabled="true" name="MISRAC++2008-5-0-9"/>
-                <check enabled="true" name="MISRAC++2008-5-0-10"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-13_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-14"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-15_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_a"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_b"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_c"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_d"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_e"/>
-                <check enabled="true" name="MISRAC++2008-5-0-16_f"/>
-                <check enabled="true" name="MISRAC++2008-5-0-19"/>
-                <check enabled="true" name="MISRAC++2008-5-0-21"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-2">
-                <check enabled="true" name="MISRAC++2008-5-2-4"/>
-                <check enabled="true" name="MISRAC++2008-5-2-5"/>
-                <check enabled="true" name="MISRAC++2008-5-2-6"/>
-                <check enabled="true" name="MISRAC++2008-5-2-7"/>
-                <check enabled="false" name="MISRAC++2008-5-2-9"/>
-                <check enabled="false" name="MISRAC++2008-5-2-10"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_a"/>
-                <check enabled="true" name="MISRAC++2008-5-2-11_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-3">
-                <check enabled="true" name="MISRAC++2008-5-3-1"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_a"/>
-                <check enabled="true" name="MISRAC++2008-5-3-2_b"/>
-                <check enabled="true" name="MISRAC++2008-5-3-3"/>
-                <check enabled="true" name="MISRAC++2008-5-3-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-8">
-                <check enabled="true" name="MISRAC++2008-5-8-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-14">
-                <check enabled="true" name="MISRAC++2008-5-14-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-18">
-                <check enabled="true" name="MISRAC++2008-5-18-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-5-19">
-                <check enabled="false" name="MISRAC++2008-5-19-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-2">
-                <check enabled="true" name="MISRAC++2008-6-2-1"/>
-                <check enabled="true" name="MISRAC++2008-6-2-2"/>
-                <check enabled="false" name="MISRAC++2008-6-2-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-3">
-                <check enabled="true" name="MISRAC++2008-6-3-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_b"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_c"/>
-                <check enabled="true" name="MISRAC++2008-6-3-1_d"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-4">
-                <check enabled="true" name="MISRAC++2008-6-4-1"/>
-                <check enabled="true" name="MISRAC++2008-6-4-2"/>
-                <check enabled="true" name="MISRAC++2008-6-4-3"/>
-                <check enabled="true" name="MISRAC++2008-6-4-4"/>
-                <check enabled="true" name="MISRAC++2008-6-4-5"/>
-                <check enabled="true" name="MISRAC++2008-6-4-6"/>
-                <check enabled="true" name="MISRAC++2008-6-4-7"/>
-                <check enabled="true" name="MISRAC++2008-6-4-8"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-5">
-                <check enabled="true" name="MISRAC++2008-6-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-6-5-2"/>
-                <check enabled="true" name="MISRAC++2008-6-5-3"/>
-                <check enabled="true" name="MISRAC++2008-6-5-4"/>
-                <check enabled="true" name="MISRAC++2008-6-5-6"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-6-6">
-                <check enabled="true" name="MISRAC++2008-6-6-1"/>
-                <check enabled="true" name="MISRAC++2008-6-6-2"/>
-                <check enabled="true" name="MISRAC++2008-6-6-4"/>
-                <check enabled="true" name="MISRAC++2008-6-6-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-1">
-                <check enabled="true" name="MISRAC++2008-7-1-1"/>
-                <check enabled="true" name="MISRAC++2008-7-1-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-2">
-                <check enabled="true" name="MISRAC++2008-7-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-4">
-                <check enabled="true" name="MISRAC++2008-7-4-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-7-5">
-                <check enabled="true" name="MISRAC++2008-7-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_a"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_b"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_c"/>
-                <check enabled="true" name="MISRAC++2008-7-5-2_d"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_a"/>
-                <check enabled="false" name="MISRAC++2008-7-5-4_b"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-0">
-                <check enabled="true" name="MISRAC++2008-8-0-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-4">
-                <check enabled="true" name="MISRAC++2008-8-4-1"/>
-                <check enabled="true" name="MISRAC++2008-8-4-3"/>
-                <check enabled="true" name="MISRAC++2008-8-4-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-8-5">
-                <check enabled="true" name="MISRAC++2008-8-5-1_a"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_b"/>
-                <check enabled="true" name="MISRAC++2008-8-5-1_c"/>
-                <check enabled="true" name="MISRAC++2008-8-5-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-3">
-                <check enabled="true" name="MISRAC++2008-9-3-1"/>
-                <check enabled="true" name="MISRAC++2008-9-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-5">
-                <check enabled="true" name="MISRAC++2008-9-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-9-6">
-                <check enabled="true" name="MISRAC++2008-9-6-2"/>
-                <check enabled="true" name="MISRAC++2008-9-6-3"/>
-                <check enabled="true" name="MISRAC++2008-9-6-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-12-1">
-                <check enabled="true" name="MISRAC++2008-12-1-1_a"/>
-                <check enabled="true" name="MISRAC++2008-12-1-1_b"/>
-                <check enabled="true" name="MISRAC++2008-12-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-0">
-                <check enabled="false" name="MISRAC++2008-15-0-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-1">
-                <check enabled="true" name="MISRAC++2008-15-1-2"/>
-                <check enabled="true" name="MISRAC++2008-15-1-3"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-3">
-                <check enabled="true" name="MISRAC++2008-15-3-1"/>
-                <check enabled="false" name="MISRAC++2008-15-3-2"/>
-                <check enabled="true" name="MISRAC++2008-15-3-3"/>
-                <check enabled="true" name="MISRAC++2008-15-3-4"/>
-                <check enabled="true" name="MISRAC++2008-15-3-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-15-5">
-                <check enabled="true" name="MISRAC++2008-15-5-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-0">
-                <check enabled="true" name="MISRAC++2008-16-0-3"/>
-                <check enabled="true" name="MISRAC++2008-16-0-4"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-2">
-                <check enabled="true" name="MISRAC++2008-16-2-2"/>
-                <check enabled="true" name="MISRAC++2008-16-2-3"/>
-                <check enabled="true" name="MISRAC++2008-16-2-4"/>
-                <check enabled="false" name="MISRAC++2008-16-2-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-16-3">
-                <check enabled="true" name="MISRAC++2008-16-3-1"/>
-                <check enabled="false" name="MISRAC++2008-16-3-2"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-17-0">
-                <check enabled="true" name="MISRAC++2008-17-0-1"/>
-                <check enabled="true" name="MISRAC++2008-17-0-3"/>
-                <check enabled="true" name="MISRAC++2008-17-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-0">
-                <check enabled="true" name="MISRAC++2008-18-0-1"/>
-                <check enabled="true" name="MISRAC++2008-18-0-2"/>
-                <check enabled="true" name="MISRAC++2008-18-0-3"/>
-                <check enabled="true" name="MISRAC++2008-18-0-4"/>
-                <check enabled="true" name="MISRAC++2008-18-0-5"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-2">
-                <check enabled="true" name="MISRAC++2008-18-2-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-4">
-                <check enabled="true" name="MISRAC++2008-18-4-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-18-7">
-                <check enabled="true" name="MISRAC++2008-18-7-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-19-3">
-                <check enabled="true" name="MISRAC++2008-19-3-1"/>
-              </group>
-              <group enabled="true" name="MISRAC++2008-27-0">
-                <check enabled="true" name="MISRAC++2008-27-0-1"/>
-              </group>
-            </package>
-          </checks_tree>
-        </cstat_settings>
-      </data>
-    </settings>
-    <settings>
-      <name>RuntimeChecking</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>GenRtcDebugHeap</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnableBoundsChecking</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrMem</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcTrackPointerBounds</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcCheckAccesses</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GenRtcGenerateEntries</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcNrTrackedPointers</name>
-          <state>1000</state>
-        </option>
-        <option>
-          <name>GenRtcIntOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIncUnsigned</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntConversion</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclExplicit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcIntShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcInclUnsignedShiftOverflow</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcUnhandledCase</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcDivByZero</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenRtcCheckPtrsNonInstrFunc</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-  </configuration>
-  <group>
-    <name>Application</name>
-    <file>
-      <name>$PROJ_DIR$\Application\runWolfcryptTests.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Device_Support</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c</name>
-    </file>
-  </group>
-  <group>
-    <name>Setup</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c</name>
-    </file>
-  </group>
-  <group>
-    <name>wolfcrypt_test</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\test\test.c</name>
-    </file>
-  </group>
-</project>
-
-
diff --git a/IDE/IAR-MSP430/main.c b/IDE/IAR-MSP430/main.c
index e89afb628..3b8e37f3e 100644
--- a/IDE/IAR-MSP430/main.c
+++ b/IDE/IAR-MSP430/main.c
@@ -1,6 +1,6 @@
 /* MSP430 example main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-MSP430/user_settings.h b/IDE/IAR-MSP430/user_settings.h
index 1e4caea9d..b4c79fcc3 100644
--- a/IDE/IAR-MSP430/user_settings.h
+++ b/IDE/IAR-MSP430/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/INTIME-RTOS/libwolfssl.c b/IDE/INTIME-RTOS/libwolfssl.c
index 94d39bb24..b92658eaf 100644
--- a/IDE/INTIME-RTOS/libwolfssl.c
+++ b/IDE/INTIME-RTOS/libwolfssl.c
@@ -4,7 +4,7 @@
 #include <rt.h>
 
 BOOLEAN __stdcall RslMain( RTHANDLE hModule,
-                        DWORD  ul_reason_for_call,  
+                        DWORD  ul_reason_for_call,
                         LPVOID lpReserved
                        )
 {
diff --git a/IDE/Infineon/README.md b/IDE/Infineon/README.md
new file mode 100644
index 000000000..f6406afb9
--- /dev/null
+++ b/IDE/Infineon/README.md
@@ -0,0 +1,33 @@
+# Infineon Modus Toolbox
+
+Steps for building wolfSSL/wolfTPM with the Infineon Modus Toolbox examples:
+
+1) Add Dependency:
+
+In "deps" folder add wolfssl.mtb containing:
+
+```
+https://github.com/wolfssl/wolfssl#v5.7.0-stable#$$ASSET_REPO$$/wolfssl/wolfssl-stable
+```
+
+For wolfTPM add wolftpm.mtb containing:
+
+```
+https://github.com/wolfssl/wolftpm#master#$$ASSET_REPO$$/wolftpm/wolftpm-stable
+```
+
+2) Add components:
+In `Makefile` under `COMPONENTS` add `WOLFSSL` and `WOLFTPM`.
+
+3) Add defines:
+
+Add `DEFINES+=WOLFSSL_USER_SETTINGS WOLFTPM_USER_SETTINGS` in Makefile.
+
+4) Build settings:
+
+Add a `user_settings.h` file for wolfSSL/wolfTPM build settings into `config` directory.
+A template is provided here in `IDE/Infineon/user_settings.h`.
+
+5) Ignores:
+
+The required library ignores are found in the `.cyignore` file in the wolfSSL and wolfTPM root.
diff --git a/IDE/Infineon/include.am b/IDE/Infineon/include.am
new file mode 100644
index 000000000..cc240b696
--- /dev/null
+++ b/IDE/Infineon/include.am
@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/Infineon/README.md \
+    IDE/Infineon/user_settings.h
diff --git a/IDE/Infineon/user_settings.h b/IDE/Infineon/user_settings.h
new file mode 100644
index 000000000..1b189bc6d
--- /dev/null
+++ b/IDE/Infineon/user_settings.h
@@ -0,0 +1,168 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example build settings for Infineon Modus Toolbox */
+/* Enables wolfSSL TLS v1.2-v1.3 and TPM support */
+/* SHA-1, SHA-2, AES CBC/GCM, ECDHE, ECDSA, RSA, HMAC, HKDF */
+
+#ifndef WOLF_USER_SETTINGS_TPM_H
+#define WOLF_USER_SETTINGS_TPM_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Platform / Porting */
+#define NO_FILESYSTEM /* File system disable */
+#define SINGLE_THREADED /* No threading */
+#define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */
+#define NO_WRITEV
+#define NO_MAIN_DRIVER
+#define WOLFSSL_IGNORE_FILE_WARN /* ignore file include warnings */
+#define WOLFSSL_SMALL_STACK /* limit stack usage */
+#define BENCH_EMBEDDED
+
+/* TLS (allow TLS v1.3 or v1.2) */
+#define WOLFSSL_TLS13
+//#define WOLFSSL_NO_TLS12
+#define NO_OLD_TLS
+#define WOLFSSL_EITHER_SIDE /* allow context to be created for either server or client */
+
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_ENCRYPT_THEN_MAC
+
+#ifdef WOLFSSL_TLS13
+    #define HAVE_HKDF
+    #define WC_RSA_PSS
+    #define WOLFSSL_PSS_LONG_SALT
+#endif
+
+/* Enable crypto callbacks - for TPM offloading */
+#define WOLF_CRYPTO_CB
+
+/* Enable SP math all (sp_int.c) with multi-precision support */
+#define WOLFSSL_SP_MATH_ALL
+
+#if 1
+    /* Single Precision math for ECC 256 and RSA 2048 */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_SMALL
+#endif
+
+#if 0
+    /* only single precision math */
+    #define WOLFSSL_SP_MATH
+#endif
+
+/* Enable hardening (timing resistance) */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+/* Enable PRNG (SHA2-256) */
+#define HAVE_HASHDRBG
+
+/* Asymmetric */
+#if 1 /* RSA - needed to encrypt salt */
+    #undef  NO_RSA
+    #ifdef USE_LOW_RESOURCE
+        #define WOLFSSL_RSA_PUBLIC_ONLY
+        #define WOLFSSL_RSA_VERIFY_INLINE
+        #define NO_CHECK_PRIVATE_KEY
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+#if 1 /* ECC - needed for encrypt ECC salt */
+    #define HAVE_ECC
+    #define ECC_USER_CURVES /* default to only SECP256R1 */
+#endif
+
+#if 0 /* DH - TPM doesn't support it */
+    #undef  NO_DH
+    #define HAVE_FFDHE_2048
+    #define HAVE_DH_DEFAULT_PARAMS
+#else
+    #define NO_DH
+#endif
+
+/* Symmetric Hash */
+#undef NO_SHA /* allow SHA-1 */
+#undef NO_SHA256 /* allow SHA2-256 */
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+
+/* Symmetric Cipher */
+#define WOLFSSL_AES_CFB
+#define HAVE_AES_DECRYPT
+
+#define HAVE_AES_KEYWRAP
+#define WOLFSSL_AES_DIRECT
+#define HAVE_AESGCM
+#define GCM_TABLE_4BIT
+
+/* Features */
+#define WOLFSSL_ASN_TEMPLATE
+
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_EXT
+
+#define HAVE_PKCS7
+#define HAVE_X963_KDF
+#define WOLFSSL_BASE64_ENCODE
+
+#if 1
+    #define HAVE_SESSION_TICKETS
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+/* Disables */
+#define NO_PKCS8
+#define NO_PKCS12
+#define NO_PWDBASED
+#define NO_DSA
+#define NO_DES3
+#define NO_RC4
+#define NO_PSK
+#define NO_MD4
+#define NO_MD5
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+/* Logging */
+#ifdef ENABLE_SECURE_SOCKETS_LOGS
+    #define DEBUG_WOLFSSL
+#else
+    #define NO_ERROR_STRINGS
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLF_USER_SETTINGS_TPM_H */
diff --git a/IDE/LINUX-SGX/sgx_t_static.mk b/IDE/LINUX-SGX/sgx_t_static.mk
index 5f26391b7..1941bae02 100644
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -88,6 +88,7 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c\
 					$(WOLFSSL_ROOT)/src/ssl.c\
 					$(WOLFSSL_ROOT)/src/tls.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
@@ -114,7 +115,7 @@ ifeq ($(HAVE_WOLFSSL_SP), 1)
 endif
 
 
-Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11
+Flags_Just_For_C := -Wno-implicit-function-declaration -std=c99
 Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Wolfssl_Include_Paths) -fno-builtin-printf -I.
 Wolfssl_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags) $(Wolfssl_C_Extra_Flags)
 
diff --git a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
index dd27de266..5ee4ce079 100644
--- a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
+++ b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
@@ -1,6 +1,6 @@
 /* lpc_18xx_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
index 8f67b1c33..64c58bf91 100644
--- a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
+++ b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
@@ -1,6 +1,6 @@
 /* lpc_18xx_startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/M68K/README.md b/IDE/M68K/README.md
index 2fe43b67a..64eaad8b5 100644
--- a/IDE/M68K/README.md
+++ b/IDE/M68K/README.md
@@ -34,7 +34,7 @@ BUILD_C
 RSA 2048 public 7.619 ops/sec
 RSA 2048 private 0.276 ops/sec
 
-###Building testwolfcryt/benchmark
+###Building testwolfcrypt/benchmark
 To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
 $(NBROOT)/lib and then cd into the respective directory. Running "make" will
 then create a .s19 application that can be ran on the board.
diff --git a/IDE/M68K/benchmark/main.cpp b/IDE/M68K/benchmark/main.cpp
index a7a76fb2d..fe374b7e1 100644
--- a/IDE/M68K/benchmark/main.cpp
+++ b/IDE/M68K/benchmark/main.cpp
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/M68K/testwolfcrypt/main.cpp b/IDE/M68K/testwolfcrypt/main.cpp
index 8b31c9e89..6e9a1b355 100644
--- a/IDE/M68K/testwolfcrypt/main.cpp
+++ b/IDE/M68K/testwolfcrypt/main.cpp
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/RT1170/user_settings.h b/IDE/MCUEXPRESSO/RT1170/user_settings.h
index f620b1cc9..f89e39866 100644
--- a/IDE/MCUEXPRESSO/RT1170/user_settings.h
+++ b/IDE/MCUEXPRESSO/RT1170/user_settings.h
@@ -53,7 +53,7 @@
 /* using the RTC */
 //#define NO_ASN_TIME
 #ifndef NO_ASN_TIME
-	#define FREESCALE_SNVS_RTC
+    #define FREESCALE_SNVS_RTC
 #endif
 
 #define NO_CRYPT_TEST
@@ -64,19 +64,19 @@
     #include <stdarg.h>
     static void myPrintf(const char* fmt, ...)
     {
-	    int ret;
-	    char line[150];
-	    va_list ap;
+        int ret;
+        char line[150];
+        va_list ap;
 
-	    va_start(ap, fmt);
-	    ret = vsnprintf(line, sizeof(line), fmt, ap);
-	    line[sizeof(line)-1] = '\0';
+        va_start(ap, fmt);
+        ret = vsnprintf(line, sizeof(line), fmt, ap);
+        line[sizeof(line)-1] = '\0';
 
-	    DbgConsole_Printf("%s", line);
+        DbgConsole_Printf("%s", line);
 
-	    /* add CR on newlines */
-	    if (ret > 0 && line[ret-1] == '\n') {
-	        DbgConsole_Printf("\r");
+        /* add CR on newlines */
+        if (ret > 0 && line[ret-1] == '\n') {
+            DbgConsole_Printf("\r");
         }
     }
     #define XPRINTF myPrintf
diff --git a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
index c41325132..81e6f89cd 100644
--- a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
+++ b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
@@ -1,6 +1,6 @@
 /* run_benchmark.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/user_settings.h b/IDE/MCUEXPRESSO/user_settings.h
index 77e137852..059b5bb0f 100644
--- a/IDE/MCUEXPRESSO/user_settings.h
+++ b/IDE/MCUEXPRESSO/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,19 +40,19 @@
     #include <stdarg.h>
     static void myPrintf(const char* fmt, ...)
     {
-	    int ret;
-	    char line[150];
-	    va_list ap;
+        int ret;
+        char line[150];
+        va_list ap;
 
-	    va_start(ap, fmt);
-	    ret = vsnprintf(line, sizeof(line), fmt, ap);
-	    line[sizeof(line)-1] = '\0';
+        va_start(ap, fmt);
+        ret = vsnprintf(line, sizeof(line), fmt, ap);
+        line[sizeof(line)-1] = '\0';
 
-	    DbgConsole_Printf("%s", line);
+        DbgConsole_Printf("%s", line);
 
-	    /* add CR on newlines */
-	    if (ret > 0 && line[ret-1] == '\n') {
-	        DbgConsole_Printf("\r");
+        /* add CR on newlines */
+        if (ret > 0 && line[ret-1] == '\n') {
+            DbgConsole_Printf("\r");
         }
     }
     #define XPRINTF myPrintf
@@ -70,9 +70,9 @@
 #define USE_FAST_MATH
 #ifdef USE_FAST_MATH
     /* big enough for even 4096 bit RSA key */
-	#define FP_MAX_BITS 8192
-	#define TFM_TIMING_RESISTANT
-	#define ECC_TIMING_RESISTANT
+    #define FP_MAX_BITS 8192
+    #define TFM_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
     #define ALT_ECC_SIZE
 #endif
 
diff --git a/IDE/MCUEXPRESSO/wolfcrypt_test.c b/IDE/MCUEXPRESSO/wolfcrypt_test.c
index 08a0d432e..8289a581a 100644
--- a/IDE/MCUEXPRESSO/wolfcrypt_test.c
+++ b/IDE/MCUEXPRESSO/wolfcrypt_test.c
@@ -1,6 +1,6 @@
 /* wolfcrypt_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
index 1e7fba4f1..89cc99b35 100644
--- a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
+++ b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
@@ -1,6 +1,6 @@
 /* time.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
index 573247983..dadffe9dc 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
@@ -2,7 +2,7 @@
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
- 
+
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -39,7 +39,7 @@ extern int  SER_PutChar   (int ch);
 /*-----------------------------------------------------------------------------
   Write character to the Serial Port
  *----------------------------------------------------------------------------*/
-int sendchar (int c) 
+int sendchar (int c)
 {
     if (c == '\n')  {
         SER_PutChar ('\r');
@@ -52,7 +52,7 @@ int sendchar (int c)
 /*-----------------------------------------------------------------------------
   Read character from the Serial Port
  *----------------------------------------------------------------------------*/
-int getkey (void) 
+int getkey (void)
 {
     int ch = SER_GetChar();
         #if defined (HAVE_KEIL_RTX)
@@ -67,7 +67,7 @@ int getkey (void)
 
 /*--------------------------- _ttywrch ---------------------------------------*/
 
-void _ttywrch (int ch) 
+void _ttywrch (int ch)
 {
 #ifdef STDIO
     sendchar (ch);
@@ -76,28 +76,28 @@ void _ttywrch (int ch)
 
 /*--------------------------- _sys_open --------------------------------------*/
 #ifndef NO_FILESYSTEM
-static int KEIL_FS_open(const char *name, int openmode) 
+static int KEIL_FS_open(const char *name, int openmode)
 {
     int i ;  int ret ;
     #define PATHSIZE 100
     char path[PATHSIZE] ; char *p ;
-    
+
     if(strlen(name) > PATHSIZE)return(-1) ;
-    
+
     for(i = 0; i<= strlen(name); i++) {
         if(name[i] == '/')path[i] = '\\' ;
         else              path[i] = name[i] ;
-    }       
+    }
     if(path[0] == '.' && path[1] == '\\') p = path + 2 ;
     else                                  p = path ;
 
     ret = __sys_open (p, openmode) ;
-    
+
     return(ret) ;
 }
 #endif
 
-FILEHANDLE _sys_open (const char *name, int openmode) 
+FILEHANDLE _sys_open (const char *name, int openmode)
 {
     /* Register standard Input Output devices. */
     if (strcmp(name, "STDIN") == 0) {
@@ -118,7 +118,7 @@ FILEHANDLE _sys_open (const char *name, int openmode)
 
 /*--------------------------- _sys_close -------------------------------------*/
 
-int _sys_close (FILEHANDLE fh) 
+int _sys_close (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (0);
@@ -132,7 +132,7 @@ int _sys_close (FILEHANDLE fh)
 
 /*--------------------------- _sys_write -------------------------------------*/
 
-int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode) 
+int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode)
 {
 #ifdef STDIO
     if (fh == STDOUT) {
@@ -155,7 +155,7 @@ int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode)
 
 /*--------------------------- _sys_read --------------------------------------*/
 
-int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode) 
+int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode)
 {
 #ifdef STDIO
     if (fh == STDIN) {
@@ -183,7 +183,7 @@ int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode)
 
 /*--------------------------- _sys_istty -------------------------------------*/
 
-int _sys_istty (FILEHANDLE fh) 
+int _sys_istty (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (1);
@@ -193,7 +193,7 @@ int _sys_istty (FILEHANDLE fh)
 
 /*--------------------------- _sys_seek --------------------------------------*/
 
-int _sys_seek (FILEHANDLE fh, long pos) 
+int _sys_seek (FILEHANDLE fh, long pos)
 {
     if (fh > 0x8000) {
         return (-1);
@@ -207,7 +207,7 @@ int _sys_seek (FILEHANDLE fh, long pos)
 
 /*--------------------------- _sys_ensure ------------------------------------*/
 
-int _sys_ensure (FILEHANDLE fh) 
+int _sys_ensure (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (-1);
@@ -221,7 +221,7 @@ int _sys_ensure (FILEHANDLE fh)
 
 /*--------------------------- _sys_flen --------------------------------------*/
 
-long _sys_flen (FILEHANDLE fh) 
+long _sys_flen (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (0);
@@ -236,21 +236,21 @@ long _sys_flen (FILEHANDLE fh)
 
 /*--------------------------- _sys_tmpnam ------------------------------------*/
 
-int _sys_tmpnam (char *name, int sig, unsigned maxlen) 
+int _sys_tmpnam (char *name, int sig, unsigned maxlen)
 {
     return (1);
 }
 
 /*--------------------------- _sys_command_string ----------------------------*/
 
-char *_sys_command_string (char *cmd, int len) 
+char *_sys_command_string (char *cmd, int len)
 {
     return (cmd);
 }
 
 /*--------------------------- _sys_exit --------------------------------------*/
 
-void _sys_exit (int return_code) 
+void _sys_exit (int return_code)
 {
 #ifdef WOLFSSL_MDK_SHELL
     return ;
@@ -258,6 +258,6 @@ void _sys_exit (int return_code)
     /* Endless loop. */
     while (1);
 #endif
-    
+
 }
 
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
index 3f2af99c9..971744933 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
@@ -1,6 +1,6 @@
 /* certs_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
index d06afdd1d..f63a58eb0 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
@@ -8,8 +8,8 @@ extern int sizeof_client_key_der_1024 ;
 extern const unsigned char client_cert_der_1024[] ;
 extern int sizeof_client_cert_der_1024 ;
 /* ./certs/1024/dh1024.der, 1024-bit */
-extern const unsigned char dh_key_der_1024[] ; 
-extern int sizeof_dh_key_der_1024 ; 
+extern const unsigned char dh_key_der_1024[] ;
+extern int sizeof_dh_key_der_1024 ;
 /* ./certs/1024/dsa1024.der, 1024-bit */
 extern const unsigned char dsa_key_der_1024[] ;
 extern int sizeof_dsa_key_der_1024 ;
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
index ca3678169..8f22bfcc1 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
@@ -1,6 +1,6 @@
 /* config-BEREFOOT.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
index 45b8c1b32..ddd367b05 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
@@ -1,6 +1,6 @@
 /* config-FS.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
index a96e5d786..1b93a77f1 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
@@ -1,6 +1,6 @@
 /* config-RTX-TCP-FS.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
index 98562cd16..690b96b41 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
@@ -1,6 +1,6 @@
 /* config.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
index de71e9941..13389ed9d 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
index 63e2cdc2f..be95989ad 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
index 024943bd3..e677b7f14 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
index bd7d51502..7e64f6201 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
@@ -1,6 +1,6 @@
 /* time-dummy.c.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
index 9b68ab815..4a585ab35 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
index 6e3464ba6..e4abe982d 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -78,7 +78,7 @@ typedef int socklen_t ;
 #define tcp_listen      wolfssl_tcp_listen
 #define tcp_select     wolfssl_tcp_select
 
-extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, 	int sz) ;
+extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, int sz) ;
 extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen);
 extern int wolfssl_recv(int sd, void *buf, size_t len, int flags);
 extern int wolfssl_send(int sd, const void *buf, size_t len, int flags);
diff --git a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
index 08dcbdf8f..6ef1fe747 100644
--- a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
+++ b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
@@ -1,6 +1,6 @@
 /* time-STM32F2xx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Conf/user_settings.h b/IDE/MDK5-ARM/Conf/user_settings.h
index c58b5fb6a..b07e02a90 100644
--- a/IDE/MDK5-ARM/Conf/user_settings.h
+++ b/IDE/MDK5-ARM/Conf/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
index e6d314a77..bf8ea3931 100644
--- a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
+++ b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
@@ -1,6 +1,6 @@
 /* wolfssl_MDK_ARM.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
index 1b055e7fa..9d49e0c1a 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/main.c b/IDE/MDK5-ARM/Projects/CryptTest/main.c
index 6425e654e..6b0628055 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/main.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/EchoClient/main.c b/IDE/MDK5-ARM/Projects/EchoClient/main.c
index 22f27cb15..43538579a 100644
--- a/IDE/MDK5-ARM/Projects/EchoClient/main.c
+++ b/IDE/MDK5-ARM/Projects/EchoClient/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/EchoServer/main.c b/IDE/MDK5-ARM/Projects/EchoServer/main.c
index 53a27bec0..1a9b36ab9 100644
--- a/IDE/MDK5-ARM/Projects/EchoServer/main.c
+++ b/IDE/MDK5-ARM/Projects/EchoServer/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/main.c b/IDE/MDK5-ARM/Projects/SimpleClient/main.c
index 046154701..524cf54f5 100644
--- a/IDE/MDK5-ARM/Projects/SimpleClient/main.c
+++ b/IDE/MDK5-ARM/Projects/SimpleClient/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/main.c b/IDE/MDK5-ARM/Projects/SimpleServer/main.c
index 973fdbbe1..25ade0c72 100644
--- a/IDE/MDK5-ARM/Projects/SimpleServer/main.c
+++ b/IDE/MDK5-ARM/Projects/SimpleServer/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
index 9eab03cc6..a9df7682c 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
index 3958f4a23..a6dbd4239 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
index 8b1de0aa5..a19d89e0a 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Src/ssl-dummy.c b/IDE/MDK5-ARM/Src/ssl-dummy.c
index 7cfd82ec6..b58c71c13 100644
--- a/IDE/MDK5-ARM/Src/ssl-dummy.c
+++ b/IDE/MDK5-ARM/Src/ssl-dummy.c
@@ -1,6 +1,6 @@
 /* ssl-dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MPLABX16/README.md b/IDE/MPLABX16/README.md
new file mode 100644
index 000000000..440263956
--- /dev/null
+++ b/IDE/MPLABX16/README.md
@@ -0,0 +1,62 @@
+# wolfSSL MPLAB X Project Files for XC16
+
+This directory contains project files for the Microchip MPLAB X IDE. These
+projects have been set up to use the Microchip PIC24 Starter Kit
+and the Microchip XC16 compiler.
+
+In order to generate the necessary auto-generated MPLAB X files, make sure
+to import the wolfssl.X project into your MPLAB X workspace before trying to
+build the wolfCrypt test. This will correctly set up the respective project's
+Makefiles.
+
+## Included Project Files
+
+### wolfSSL library (wolfssl.X)
+
+This project builds a static wolfSSL library. The settings for this project are in `user_settings.h`:
+```
+<wolfssl_root>/IDE/MPLABX16/user_settings.h
+```
+
+After this project has been built, the compiled library will be located at:
+```
+<wolfssl_root>/IDE/MPLABX16/wolfssl.X/dist/default/production/wolfssl.X.a
+```
+
+### wolfCrypt Test App (wolfcrypt_test.X)
+
+This project tests the wolfCrypt cryptography modules. It is generally a good
+idea to run this first on an embedded system after compiling wolfSSL in order
+to verify all underlying crypto is working correctly. This project depends on
+files generated by Microchip's MCC tool to view the UART output. Follow the
+steps below to generate that code.
+
+## Generating MCC UART code
+
+1. Open the MPLAB Code Configurator application.
+
+2. Set the Project path to the wolfSSL/IDE/MPLABX16 and enter your PIC device
+into the interface.
+
+3. Select MCC Classic as the content type and click `Finish`.
+
+4. Under the Device Resources section, find the UART entry and add the UART1
+peripheral.
+
+5. Note the UART settings and check the `Enable UART Interrupts` and
+`Redirect Printf to UART` boxes.
+
+6. Click the `Generate` button.
+
+
+**Note** : If using an older version of `xc16`, you may have to add the
+following to `user_settings.h`.
+```
+#define WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MAX
+```
+
+## Support
+
+Please send questions or comments to support@wolfssl.com
+
diff --git a/IDE/MPLABX16/include.am b/IDE/MPLABX16/include.am
new file mode 100644
index 000000000..d7f855b1e
--- /dev/null
+++ b/IDE/MPLABX16/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST +=                            \
+    IDE/MPLABX16/README.md       \
+    IDE/MPLABX16/main.c     \
+                IDE/MPLABX16/user_settings.h
diff --git a/IDE/MPLABX16/main.c b/IDE/MPLABX16/main.c
new file mode 100644
index 000000000..ea671f31f
--- /dev/null
+++ b/IDE/MPLABX16/main.c
@@ -0,0 +1,39 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <stdio.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
+
+#include <stdlib.h>
+
+#include "xc.h"
+#include "mcc_generated_files/mcc.h"
+
+int main(void) {
+    SYSTEM_Initialize();
+
+    wolfcrypt_test(NULL);
+
+    return 0;
+}
+
diff --git a/IDE/MPLABX16/user_settings.h b/IDE/MPLABX16/user_settings.h
new file mode 100644
index 000000000..174551e95
--- /dev/null
+++ b/IDE/MPLABX16/user_settings.h
@@ -0,0 +1,414 @@
+/* Example custom user settings for wolfSSL */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+#define WOLFSSL_SMALL_STACK
+
+#define MICROCHIP_PIC24
+
+/* Define for older versions of xc16 */
+#if 0
+    #define WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MAX
+#endif
+
+#ifdef MICROCHIP_PIC24
+    #define SIZEOF_LONG_LONG 8
+    #define SIZEOF_LONG 4
+    #define SINGLE_THREADED
+    #define WOLFSSL_USER_IO
+    #define NO_WRITEV
+    #define NO_DEV_RANDOM
+    #define NO_FILESYSTEM
+    #define BENCH_EMBEDDED
+    #define WC_16BIT_CPU
+    #define WORD64_AVAILABLE
+    #define WOLFSSL_GENSEED_FORTEST
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#if 1
+    #undef  USE_FAST_MATH
+    #define USE_FAST_MATH
+
+    #undef  FP_MAX_BITS
+    #define FP_MAX_BITS     2048
+#else
+    #define WOLFSSL_SP_MATH
+    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_MATH_ALL
+    #define SP_INT_BITS 256
+#endif
+
+
+#ifdef USE_FAST_MATH
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    //#define TFM_MIPS
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* ECC */
+#if 1
+    #undef  HAVE_ECC
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    #define ECC_USER_CURVES
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    //#define HAVE_ECC192
+    //#define HAVE_ECC224
+    //#define HAVE_ECC384
+    /* Fixed point cache (speeds repeated operations against same private key) */
+#if 1
+    #undef  FP_ECC
+    #define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+
+    #ifdef USE_FAST_MATH
+        /* use reduced size math buffers for ecc points */
+        #undef  ALT_ECC_SIZE
+        #define ALT_ECC_SIZE
+
+        /* Enable TFM optimizations for ECC */
+        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC192
+        #endif
+        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC224
+        #endif
+        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC256
+        #endif
+        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC384
+        #endif
+        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC521
+        #endif
+    #endif
+#endif
+#endif
+
+/* RSA */
+#undef NO_RSA
+#if 0
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+#define RSA_LOW_MEM
+
+    #undef WC_RSA_PSS
+    #define WC_RSA_PSS
+
+    /* timing resistance */
+    #undef  WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
+#else
+    #define NO_RSA
+#endif
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_DECRYPT
+    #define HAVE_AES_DECRYPT
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    #undef  GCM_SMALL
+    #define GCM_SMALL
+
+ /* #undef  HAVE_AESCCM
+    #define HAVE_AESCCM */
+
+ /* #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT */
+
+    #undef  NO_AES_CBC
+    #define NO_AES_CBC
+#else
+    #define NO_AES
+#endif
+
+/* DES3 */
+#undef NO_DES3
+#if 0
+    #undef  WOLFSSL_DES_ECB
+    #define WOLFSSL_DES_ECB
+#else
+    #define NO_DES3
+#endif
+
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 0
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 0
+    /* 1k smaller, but 25% slower */
+    #define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 0
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 0
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    #define USE_SLOW_SHA2
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+//#undef  USE_CERT_BUFFERS_2048
+//#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Time */
+/* ------------------------------------------------------------------------- */
+#if 0
+    /* Override Current Time */
+    /* Allows custom "custom_time()" function to be used for benchmark */
+    #define WOLFSSL_USER_CURRTIME
+    #define USER_TICKS
+    extern unsigned long custom_time(unsigned long* timer);
+    #define XTIME custom_time
+#else
+    //#warning Time/RTC disabled
+    #undef  NO_ASN_TIME
+    #define NO_ASN_TIME
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef  DEBUG_WOLFSSL
+
+#if 0
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_DEBUG_TLS
+    /* Use this to measure / print heap usage */
+        #undef  USE_WOLFSSL_MEMORY
+        #define USE_WOLFSSL_MEMORY
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+#else
+    #undef  NO_WOLFSSL_MEMORY
+    #define NO_WOLFSSL_MEMORY
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Misc */
+/* ------------------------------------------------------------------------- */
+#define WOLFSSL_ASN_TEMPLATE
+#define NO_ERROR_STRINGS
+#define NO_LARGE_HASH_TEST
+#define NO_PKCS12
+#define NO_PKCS8
+#define WOLFSSL_NO_PEM
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef  KEEP_PEER_CERT
+#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+#define HAVE_COMP_KEY
+
+#undef  WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
+#undef  HAVE_HKDF
+#define HAVE_HKDF
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#ifdef HAVE_ECC
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+#endif
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+#define NO_DEV_RANDOM
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_DH
+#define NO_DH
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  WOLFSSL_NO_TLS12
+#define WOLFSSL_NO_TLS12
+
+#undef  NO_PSK
+//#define NO_PSK
+#define WOLFSSL_STATIC_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  NO_MD5
+#define NO_MD5
+
+#undef  NO_DES3
+#define NO_DES3
+
+#undef  NO_CODING
+//#define NO_CODING
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/Makefile b/IDE/MPLABX16/wolfcrypt_test.X/Makefile
new file mode 100644
index 000000000..3b52a8ba8
--- /dev/null
+++ b/IDE/MPLABX16/wolfcrypt_test.X/Makefile
@@ -0,0 +1,113 @@
+#
+#  There exist several targets which are by default empty and which can be 
+#  used for execution of your targets. These targets are usually executed 
+#  before and after some main targets. They are: 
+#
+#     .build-pre:              called before 'build' target
+#     .build-post:             called after 'build' target
+#     .clean-pre:              called before 'clean' target
+#     .clean-post:             called after 'clean' target
+#     .clobber-pre:            called before 'clobber' target
+#     .clobber-post:           called after 'clobber' target
+#     .all-pre:                called before 'all' target
+#     .all-post:               called after 'all' target
+#     .help-pre:               called before 'help' target
+#     .help-post:              called after 'help' target
+#
+#  Targets beginning with '.' are not intended to be called on their own.
+#
+#  Main targets can be executed directly, and they are:
+#  
+#     build                    build a specific configuration
+#     clean                    remove built files from a configuration
+#     clobber                  remove all built files
+#     all                      build all configurations
+#     help                     print help message
+#  
+#  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
+#  .help-impl are implemented in nbproject/makefile-impl.mk.
+#
+#  Available make variables:
+#
+#     CND_BASEDIR                base directory for relative paths
+#     CND_DISTDIR                default top distribution directory (build artifacts)
+#     CND_BUILDDIR               default top build directory (object files, ...)
+#     CONF                       name of current configuration
+#     CND_ARTIFACT_DIR_${CONF}   directory of build artifact (current configuration)
+#     CND_ARTIFACT_NAME_${CONF}  name of build artifact (current configuration)
+#     CND_ARTIFACT_PATH_${CONF}  path to build artifact (current configuration)
+#     CND_PACKAGE_DIR_${CONF}    directory of package (current configuration)
+#     CND_PACKAGE_NAME_${CONF}   name of package (current configuration)
+#     CND_PACKAGE_PATH_${CONF}   path to package (current configuration)
+#
+# NOCDDL
+
+
+# Environment 
+MKDIR=mkdir
+CP=cp
+CCADMIN=CCadmin
+RANLIB=ranlib
+
+
+# build
+build: .build-post
+
+.build-pre:
+# Add your pre 'build' code here...
+
+.build-post: .build-impl
+# Add your post 'build' code here...
+
+
+# clean
+clean: .clean-post
+
+.clean-pre:
+# Add your pre 'clean' code here...
+# WARNING: the IDE does not call this target since it takes a long time to
+# simply run make. Instead, the IDE removes the configuration directories
+# under build and dist directly without calling make.
+# This target is left here so people can do a clean when running a clean
+# outside the IDE.
+
+.clean-post: .clean-impl
+# Add your post 'clean' code here...
+
+
+# clobber
+clobber: .clobber-post
+
+.clobber-pre:
+# Add your pre 'clobber' code here...
+
+.clobber-post: .clobber-impl
+# Add your post 'clobber' code here...
+
+
+# all
+all: .all-post
+
+.all-pre:
+# Add your pre 'all' code here...
+
+.all-post: .all-impl
+# Add your post 'all' code here...
+
+
+# help
+help: .help-post
+
+.help-pre:
+# Add your pre 'help' code here...
+
+.help-post: .help-impl
+# Add your post 'help' code here...
+
+
+
+# include project implementation makefile
+include nbproject/Makefile-impl.mk
+
+# include project make variables
+include nbproject/Makefile-variables.mk
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml
new file mode 100755
index 000000000..fe95c871f
--- /dev/null
+++ b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml
@@ -0,0 +1,285 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="65">
+  <logicalFolder name="root" displayName="root" projectFiles="true">
+    <logicalFolder name="HeaderFiles"
+                   displayName="Header Files"
+                   projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
+    </logicalFolder>
+    <logicalFolder name="LinkerScript"
+                   displayName="Linker Files"
+                   projectFiles="true">
+    </logicalFolder>
+    <logicalFolder name="SourceFiles"
+                   displayName="Source Files"
+                   projectFiles="true">
+      <logicalFolder name="f1" displayName="mcc_generated_files" projectFiles="true">
+        <itemPath>../mcc_generated_files/clock.c</itemPath>
+        <itemPath>../mcc_generated_files/interrupt_manager.c</itemPath>
+        <itemPath>../mcc_generated_files/mcc.c</itemPath>
+        <itemPath>../mcc_generated_files/pin_manager.c</itemPath>
+        <itemPath>../mcc_generated_files/system.c</itemPath>
+        <itemPath>../mcc_generated_files/traps.c</itemPath>
+        <itemPath>../mcc_generated_files/uart1.c</itemPath>
+      </logicalFolder>
+      <itemPath>../../../wolfcrypt/test/test.c</itemPath>
+      <itemPath>../main.c</itemPath>
+    </logicalFolder>
+    <logicalFolder name="ExternalFiles"
+                   displayName="Important Files"
+                   projectFiles="false">
+      <itemPath>Makefile</itemPath>
+    </logicalFolder>
+  </logicalFolder>
+  <sourceRootList>
+    <Elem>..</Elem>
+    <Elem>../../wolfcrypt/test</Elem>
+    <Elem>../../../wolfcrypt/test</Elem>
+  </sourceRootList>
+  <projectmakefile>Makefile</projectmakefile>
+  <confs>
+    <conf name="default" type="2">
+      <toolsSet>
+        <developmentServer>localhost</developmentServer>
+        <targetDevice>PIC24FJ1024GB610</targetDevice>
+        <targetHeader></targetHeader>
+        <targetPluginBoard></targetPluginBoard>
+        <platformTool>PKOBSKDEPlatformTool</platformTool>
+        <languageToolchain>XC16</languageToolchain>
+        <languageToolchainVersion>2.10</languageToolchainVersion>
+        <platform>4</platform>
+      </toolsSet>
+      <packs>
+        <pack name="PIC24F-GA-GB_DFP" vendor="Microchip" version="1.4.141"/>
+      </packs>
+      <ScriptingSettings>
+      </ScriptingSettings>
+      <compileType>
+        <linkerTool>
+          <linkerLibItems>
+            <linkerLibProjectItem>
+              <makeArtifact PL="../wolfssl.X"
+                            CT="3"
+                            CN="default"
+                            AC="true"
+                            BL="true"
+                            WD="../wolfssl.X"
+                            BC="${MAKE}  -f Makefile CONF=default"
+                            DBC="${MAKE}  -f Makefile CONF=default TYPE_IMAGE=DEBUG_RUN"
+                            CC="rm -rf &quot;build/default&quot; &quot;dist/default&quot;"
+                            OP="dist/default/production/wolfssl.X.a"
+                            DOP="dist/default/debug/wolfssl.X.a"
+                            FL="dist/default/production/wolfssl.X.a"
+                            PD="dist/default/production/wolfssl.X."
+                            DD="dist/default/debug/wolfssl.X.">
+              </makeArtifact>
+            </linkerLibProjectItem>
+          </linkerLibItems>
+        </linkerTool>
+        <archiverTool>
+        </archiverTool>
+        <loading>
+          <useAlternateLoadableFile>false</useAlternateLoadableFile>
+          <parseOnProdLoad>true</parseOnProdLoad>
+          <alternateLoadableFile></alternateLoadableFile>
+        </loading>
+        <subordinates>
+        </subordinates>
+      </compileType>
+      <makeCustomizationType>
+        <makeCustomizationPreStepEnabled>false</makeCustomizationPreStepEnabled>
+        <makeUseCleanTarget>false</makeUseCleanTarget>
+        <makeCustomizationPreStep></makeCustomizationPreStep>
+        <makeCustomizationPostStepEnabled>false</makeCustomizationPostStepEnabled>
+        <makeCustomizationPostStep></makeCustomizationPostStep>
+        <makeCustomizationPutChecksumInUserID>false</makeCustomizationPutChecksumInUserID>
+        <makeCustomizationEnableLongLines>false</makeCustomizationEnableLongLines>
+        <makeCustomizationNormalizeHexFile>false</makeCustomizationNormalizeHexFile>
+      </makeCustomizationType>
+      <C30>
+        <property key="code-model" value="large-code"/>
+        <property key="const-model" value="default"/>
+        <property key="data-model" value="default"/>
+        <property key="disable-instruction-scheduling" value="false"/>
+        <property key="enable-all-warnings" value="true"/>
+        <property key="enable-ansi-std" value="false"/>
+        <property key="enable-ansi-warnings" value="false"/>
+        <property key="enable-fatal-warnings" value="false"/>
+        <property key="enable-large-arrays" value="false"/>
+        <property key="enable-omit-frame-pointer" value="false"/>
+        <property key="enable-procedural-abstraction" value="false"/>
+        <property key="enable-short-double" value="false"/>
+        <property key="enable-symbols" value="true"/>
+        <property key="enable-unroll-loops" value="false"/>
+        <property key="expand-pragma-config" value="false"/>
+        <property key="extra-include-directories" value="../;../../.."/>
+        <property key="isolate-each-function" value="false"/>
+        <property key="keep-inline" value="false"/>
+        <property key="oXC16gcc-align-arr" value="false"/>
+        <property key="oXC16gcc-cnsts-mauxflash" value="false"/>
+        <property key="oXC16gcc-data-sects" value="false"/>
+        <property key="oXC16gcc-errata" value=""/>
+        <property key="oXC16gcc-fillupper" value=""/>
+        <property key="oXC16gcc-large-aggregate" value="false"/>
+        <property key="oXC16gcc-mauxflash" value="false"/>
+        <property key="oXC16gcc-mpa-lvl" value=""/>
+        <property key="oXC16gcc-name-text-sec" value=""/>
+        <property key="oXC16gcc-near-chars" value="false"/>
+        <property key="oXC16gcc-no-isr-warn" value="false"/>
+        <property key="oXC16gcc-sfr-warn" value="false"/>
+        <property key="oXC16gcc-smar-io-lvl" value="1"/>
+        <property key="oXC16gcc-smart-io-fmt" value=""/>
+        <property key="optimization-level" value="2"/>
+        <property key="post-instruction-scheduling" value="default"/>
+        <property key="pre-instruction-scheduling" value="default"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
+        <property key="scalar-model" value="default"/>
+        <property key="use-cci" value="false"/>
+        <property key="use-iar" value="false"/>
+      </C30>
+      <C30-AR>
+        <property key="additional-options-chop-files" value="false"/>
+      </C30-AR>
+      <C30-AS>
+        <property key="assembler-symbols" value=""/>
+        <property key="expand-macros" value="false"/>
+        <property key="extra-include-directories-for-assembler" value=""/>
+        <property key="extra-include-directories-for-preprocessor" value=""/>
+        <property key="false-conditionals" value="false"/>
+        <property key="keep-locals" value="false"/>
+        <property key="list-assembly" value="false"/>
+        <property key="list-section-info" value="false"/>
+        <property key="list-source" value="false"/>
+        <property key="list-symbols" value="false"/>
+        <property key="oXC16asm-extra-opts" value=""/>
+        <property key="oXC16asm-list-to-file" value="false"/>
+        <property key="omit-debug-dirs" value="false"/>
+        <property key="omit-forms" value="false"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="relax" value="false"/>
+        <property key="warning-level" value="emit-warnings"/>
+      </C30-AS>
+      <C30-CO>
+        <property key="coverage-enable" value=""/>
+        <property key="stack-guidance" value="false"/>
+      </C30-CO>
+      <C30-LD>
+        <property key="additional-options-use-response-files" value="false"/>
+        <property key="boot-eeprom" value="no_eeprom"/>
+        <property key="boot-flash" value="no_flash"/>
+        <property key="boot-ram" value="no_ram"/>
+        <property key="boot-write-protect" value="no_write_protect"/>
+        <property key="enable-check-sections" value="true"/>
+        <property key="enable-data-init" value="true"/>
+        <property key="enable-default-isr" value="true"/>
+        <property key="enable-handles" value="true"/>
+        <property key="enable-pack-data" value="true"/>
+        <property key="extra-lib-directories" value=""/>
+        <property key="fill-flash-options-addr" value=""/>
+        <property key="fill-flash-options-const" value=""/>
+        <property key="fill-flash-options-how" value="0"/>
+        <property key="fill-flash-options-inc-const" value="1"/>
+        <property key="fill-flash-options-increment" value=""/>
+        <property key="fill-flash-options-seq" value=""/>
+        <property key="fill-flash-options-what" value="0"/>
+        <property key="general-code-protect" value="no_code_protect"/>
+        <property key="general-write-protect" value="no_write_protect"/>
+        <property key="generate-cross-reference-file" value="false"/>
+        <property key="heap-size" value=""/>
+        <property key="input-libraries" value=""/>
+        <property key="linker-stack" value="true"/>
+        <property key="linker-symbols" value=""/>
+        <property key="map-file" value="${DISTDIR}/${PROJECTNAME}.${IMAGE_TYPE}.map"/>
+        <property key="no-ivt" value="false"/>
+        <property key="oXC16ld-extra-opts" value=""/>
+        <property key="oXC16ld-fill-upper" value="0"/>
+        <property key="oXC16ld-force-link" value="false"/>
+        <property key="oXC16ld-no-smart-io" value="false"/>
+        <property key="oXC16ld-nostdlib" value="false"/>
+        <property key="oXC16ld-stackguard" value="16"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="remove-unused-sections" value="true"/>
+        <property key="report-memory-usage" value="true"/>
+        <property key="secure-eeprom" value="no_eeprom"/>
+        <property key="secure-flash" value="no_flash"/>
+        <property key="secure-ram" value="no_ram"/>
+        <property key="secure-write-protect" value="no_write_protect"/>
+        <property key="stack-size" value="16"/>
+        <property key="symbol-stripping" value=""/>
+        <property key="trace-symbols" value=""/>
+        <property key="warn-section-align" value="false"/>
+      </C30-LD>
+      <C30Global>
+        <property key="common-include-directories" value=""/>
+        <property key="dual-boot-partition" value="0"/>
+        <property key="fast-math" value="false"/>
+        <property key="generic-16-bit" value="false"/>
+        <property key="legacy-libc" value="true"/>
+        <property key="mpreserve-all" value="false"/>
+        <property key="oXC16glb-macros" value=""/>
+        <property key="omit-pack-options" value="1"/>
+        <property key="output-file-format" value="elf"/>
+        <property key="preserve-all" value="false"/>
+        <property key="preserve-file" value=""/>
+        <property key="relaxed-math" value="false"/>
+        <property key="save-temps" value="false"/>
+      </C30Global>
+      <PKOBSKDEPlatformTool>
+        <property key="AutoSelectMemRanges" value="auto"/>
+        <property key="SecureSegment.SegmentProgramming" value="FullChipProgramming"/>
+        <property key="ToolFirmwareFilePath"
+                  value="Press to browse for a specific firmware version"/>
+        <property key="ToolFirmwareOption.UseLatestFirmware" value="true"/>
+        <property key="memories.configurationmemory" value="true"/>
+        <property key="memories.dataflash" value="true"/>
+        <property key="memories.eeprom" value="true"/>
+        <property key="memories.id" value="true"/>
+        <property key="memories.programmemory" value="true"/>
+        <property key="memories.programmemory.ranges" value="1d000000-1d07ffff"/>
+        <property key="memories.userotp" value="true"/>
+        <property key="programoptions.donoteraseauxmem" value="false"/>
+        <property key="programoptions.eraseb4program" value="true"/>
+        <property key="programoptions.preservedataflash" value="false"/>
+        <property key="programoptions.preservedataflash.ranges" value=""/>
+        <property key="programoptions.preserveeeprom" value="false"/>
+        <property key="programoptions.preserveeeprom.ranges"
+                  value="${memories.eedata.default}"/>
+        <property key="programoptions.preserveprogram.ranges" value=""/>
+        <property key="programoptions.preserveprogramrange" value="false"/>
+        <property key="programoptions.usehighvoltageonmclr" value="false"/>
+        <property key="programoptions.uselvpprogramming" value="false"/>
+      </PKOBSKDEPlatformTool>
+      <Tool>
+        <property key="AutoSelectMemRanges" value="auto"/>
+        <property key="SecureSegment.SegmentProgramming" value="FullChipProgramming"/>
+        <property key="ToolFirmwareFilePath"
+                  value="Press to browse for a specific firmware version"/>
+        <property key="ToolFirmwareOption.UseLatestFirmware" value="true"/>
+        <property key="memories.configurationmemory" value="true"/>
+        <property key="memories.dataflash" value="true"/>
+        <property key="memories.eeprom" value="true"/>
+        <property key="memories.id" value="true"/>
+        <property key="memories.programmemory" value="true"/>
+        <property key="memories.programmemory.end" value="0x1d07ffff"/>
+        <property key="memories.programmemory.ranges" value="1d000000-1d07ffff"/>
+        <property key="memories.programmemory.start" value="0x1d000000"/>
+        <property key="memories.userotp" value="true"/>
+        <property key="poweroptions.powerenable" value="false"/>
+        <property key="programoptions.donoteraseauxmem" value="false"/>
+        <property key="programoptions.eraseb4program" value="true"/>
+        <property key="programoptions.preservedataflash" value="false"/>
+        <property key="programoptions.preservedataflash.ranges" value=""/>
+        <property key="programoptions.preserveeeprom" value="false"/>
+        <property key="programoptions.preserveeeprom.ranges"
+                  value="${memories.eedata.default}"/>
+        <property key="programoptions.preserveprogram.ranges" value=""/>
+        <property key="programoptions.preserveprogramrange" value="false"/>
+        <property key="programoptions.preserveprogramrange.end" value="0x1d0001ff"/>
+        <property key="programoptions.preserveprogramrange.start" value="0x1d000000"/>
+        <property key="programoptions.usehighvoltageonmclr" value="false"/>
+        <property key="programoptions.uselvpprogramming" value="false"/>
+        <property key="voltagevalue" value="3.25"/>
+      </Tool>
+    </conf>
+  </confs>
+</configurationDescriptor>
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
new file mode 100644
index 000000000..71506b6f8
--- /dev/null
+++ b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
@@ -0,0 +1,8 @@
+j vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST +=                                                          \
+                IDE/MPLABX16/wolfcrypt_test.X/nbproject/configurations.xml \
+                IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
+
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml
new file mode 100644
index 000000000..ba95e2451
--- /dev/null
+++ b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/configurations.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="65">
+  <projectmakefile>Makefile</projectmakefile>
+  <defaultConf>0</defaultConf>
+  <confs>
+    <conf name="default" type="2">
+      <platformToolSN></platformToolSN>
+      <languageToolchainDir>/Applications/microchip/xc16/v2.10/bin</languageToolchainDir>
+      <mdbdebugger version="1">
+        <placeholder1>place holder 1</placeholder1>
+        <placeholder2>place holder 2</placeholder2>
+      </mdbdebugger>
+      <runprofile version="6">
+        <args></args>
+        <rundir></rundir>
+        <buildfirst>true</buildfirst>
+        <console-type>0</console-type>
+        <terminal-type>0</terminal-type>
+        <remove-instrumentation>0</remove-instrumentation>
+        <environment>
+        </environment>
+      </runprofile>
+    </conf>
+  </confs>
+</configurationDescriptor>
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml
new file mode 100644
index 000000000..6807a2ba1
--- /dev/null
+++ b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/private/private.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-private xmlns="http://www.netbeans.org/ns/project-private/1">
+    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/>
+    <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/2">
+        <group/>
+    </open-files>
+</project-private>
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
new file mode 100755
index 000000000..358f3c774
--- /dev/null
+++ b/IDE/MPLABX16/wolfcrypt_test.X/nbproject/project.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://www.netbeans.org/ns/project/1">
+    <type>com.microchip.mplab.nbide.embedded.makeproject</type>
+    <configuration>
+        <data xmlns="http://www.netbeans.org/ns/make-project/1">
+            <name>wolfcrypt_test</name>
+            <creation-uuid>b34c4937-7042-4352-88b1-7717bcdf8aeb</creation-uuid>
+            <make-project-type>0</make-project-type>
+            <c-extensions>c</c-extensions>
+            <cpp-extensions/>
+            <header-extensions>h</header-extensions>
+            <sourceEncoding>ISO-8859-1</sourceEncoding>
+            <asminc-extensions/>
+            <make-dep-projects>
+                <make-dep-project>../wolfssl.X</make-dep-project>
+            </make-dep-projects>
+            <sourceRootList>
+                <sourceRootElem>..</sourceRootElem>
+                <sourceRootElem>../../wolfcrypt/test</sourceRootElem>
+                <sourceRootElem>../../../wolfcrypt/test</sourceRootElem>
+            </sourceRootList>
+            <confList>
+                <confElem>
+                    <name>default</name>
+                    <type>2</type>
+                </confElem>
+            </confList>
+            <formatting>
+                <project-formatting-style>false</project-formatting-style>
+            </formatting>
+        </data>
+    </configuration>
+</project>
diff --git a/IDE/MPLABX16/wolfssl.X/Makefile b/IDE/MPLABX16/wolfssl.X/Makefile
new file mode 100644
index 000000000..3b52a8ba8
--- /dev/null
+++ b/IDE/MPLABX16/wolfssl.X/Makefile
@@ -0,0 +1,113 @@
+#
+#  There exist several targets which are by default empty and which can be 
+#  used for execution of your targets. These targets are usually executed 
+#  before and after some main targets. They are: 
+#
+#     .build-pre:              called before 'build' target
+#     .build-post:             called after 'build' target
+#     .clean-pre:              called before 'clean' target
+#     .clean-post:             called after 'clean' target
+#     .clobber-pre:            called before 'clobber' target
+#     .clobber-post:           called after 'clobber' target
+#     .all-pre:                called before 'all' target
+#     .all-post:               called after 'all' target
+#     .help-pre:               called before 'help' target
+#     .help-post:              called after 'help' target
+#
+#  Targets beginning with '.' are not intended to be called on their own.
+#
+#  Main targets can be executed directly, and they are:
+#  
+#     build                    build a specific configuration
+#     clean                    remove built files from a configuration
+#     clobber                  remove all built files
+#     all                      build all configurations
+#     help                     print help message
+#  
+#  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
+#  .help-impl are implemented in nbproject/makefile-impl.mk.
+#
+#  Available make variables:
+#
+#     CND_BASEDIR                base directory for relative paths
+#     CND_DISTDIR                default top distribution directory (build artifacts)
+#     CND_BUILDDIR               default top build directory (object files, ...)
+#     CONF                       name of current configuration
+#     CND_ARTIFACT_DIR_${CONF}   directory of build artifact (current configuration)
+#     CND_ARTIFACT_NAME_${CONF}  name of build artifact (current configuration)
+#     CND_ARTIFACT_PATH_${CONF}  path to build artifact (current configuration)
+#     CND_PACKAGE_DIR_${CONF}    directory of package (current configuration)
+#     CND_PACKAGE_NAME_${CONF}   name of package (current configuration)
+#     CND_PACKAGE_PATH_${CONF}   path to package (current configuration)
+#
+# NOCDDL
+
+
+# Environment 
+MKDIR=mkdir
+CP=cp
+CCADMIN=CCadmin
+RANLIB=ranlib
+
+
+# build
+build: .build-post
+
+.build-pre:
+# Add your pre 'build' code here...
+
+.build-post: .build-impl
+# Add your post 'build' code here...
+
+
+# clean
+clean: .clean-post
+
+.clean-pre:
+# Add your pre 'clean' code here...
+# WARNING: the IDE does not call this target since it takes a long time to
+# simply run make. Instead, the IDE removes the configuration directories
+# under build and dist directly without calling make.
+# This target is left here so people can do a clean when running a clean
+# outside the IDE.
+
+.clean-post: .clean-impl
+# Add your post 'clean' code here...
+
+
+# clobber
+clobber: .clobber-post
+
+.clobber-pre:
+# Add your pre 'clobber' code here...
+
+.clobber-post: .clobber-impl
+# Add your post 'clobber' code here...
+
+
+# all
+all: .all-post
+
+.all-pre:
+# Add your pre 'all' code here...
+
+.all-post: .all-impl
+# Add your post 'all' code here...
+
+
+# help
+help: .help-post
+
+.help-pre:
+# Add your pre 'help' code here...
+
+.help-post: .help-impl
+# Add your post 'help' code here...
+
+
+
+# include project implementation makefile
+include nbproject/Makefile-impl.mk
+
+# include project make variables
+include nbproject/Makefile-variables.mk
diff --git a/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml b/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml
new file mode 100644
index 000000000..bd423ae2c
--- /dev/null
+++ b/IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml
@@ -0,0 +1,290 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="65">
+  <logicalFolder name="root" displayName="root" projectFiles="true">
+    <logicalFolder name="HeaderFiles"
+                   displayName="Header Files"
+                   projectFiles="true">
+      <itemPath>../user_settings.h</itemPath>
+    </logicalFolder>
+    <logicalFolder name="LinkerScript"
+                   displayName="Linker Files"
+                   projectFiles="true">
+    </logicalFolder>
+    <logicalFolder name="SourceFiles"
+                   displayName="Source Files"
+                   projectFiles="true">
+      <logicalFolder name="f2" displayName="wolfcrypt" projectFiles="true">
+        <itemPath>../../../wolfcrypt/src/aes.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/arc4.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/asm.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/asn.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/blake2b.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/blake2s.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/camellia.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/chacha.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/chacha20_poly1305.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/cmac.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/coding.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/compress.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/cpuid.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/cryptocb.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/curve25519.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/curve448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/des3.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/dh.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/dilithium.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/dsa.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ecc.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ecc_fp.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/eccsi.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ed25519.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ed448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/error.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/evp.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ext_kyber.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/falcon.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/fe_448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/fe_low_mem.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/fe_operations.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ge_448.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ge_low_mem.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ge_operations.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/hash.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/hmac.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/hpke.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/integer.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/kdf.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/logging.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/md2.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/md4.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/md5.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/memory.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/misc.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/pkcs12.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/pkcs7.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/poly1305.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/pwdbased.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/random.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/rc2.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/ripemd.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/rsa.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sakke.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha256.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha3.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sha512.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/signature.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/siphash.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_arm32.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_arm64.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_armthumb.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_c32.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_c64.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sp_int.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/sphincs.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/srp.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/tfm.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wc_encrypt.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wc_pkcs11.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wc_port.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wolfevent.c</itemPath>
+        <itemPath>../../../wolfcrypt/src/wolfmath.c</itemPath>
+      </logicalFolder>
+      <logicalFolder name="f1" displayName="wolfssl" projectFiles="true">
+        <itemPath>../../../src/crl.c</itemPath>
+        <itemPath>../../../src/internal.c</itemPath>
+        <itemPath>../../../src/keys.c</itemPath>
+        <itemPath>../../../src/ssl.c</itemPath>
+        <itemPath>../../../src/tls.c</itemPath>
+        <itemPath>../../../src/tls13.c</itemPath>
+        <itemPath>../../../src/wolfio.c</itemPath>
+      </logicalFolder>
+    </logicalFolder>
+    <logicalFolder name="ExternalFiles"
+                   displayName="Important Files"
+                   projectFiles="false">
+      <itemPath>Makefile</itemPath>
+    </logicalFolder>
+  </logicalFolder>
+  <sourceRootList>
+    <Elem>..</Elem>
+    <Elem>../../src</Elem>
+    <Elem>../../wolfcrypt/src</Elem>
+    <Elem>../../wolfcrypt/test</Elem>
+    <Elem>../../../src</Elem>
+    <Elem>../../../wolfcrypt/src</Elem>
+  </sourceRootList>
+  <projectmakefile>Makefile</projectmakefile>
+  <confs>
+    <conf name="default" type="3">
+      <toolsSet>
+        <developmentServer>localhost</developmentServer>
+        <targetDevice>PIC24FJ1024GB610</targetDevice>
+        <targetHeader></targetHeader>
+        <targetPluginBoard></targetPluginBoard>
+        <platformTool>noID</platformTool>
+        <languageToolchain>XC16</languageToolchain>
+        <languageToolchainVersion>2.10</languageToolchainVersion>
+        <platform>4</platform>
+      </toolsSet>
+      <packs>
+        <pack name="PIC24F-GA-GB_DFP" vendor="Microchip" version="1.4.141"/>
+      </packs>
+      <ScriptingSettings>
+      </ScriptingSettings>
+      <compileType>
+        <linkerTool>
+          <linkerLibItems>
+          </linkerLibItems>
+        </linkerTool>
+        <archiverTool>
+        </archiverTool>
+        <loading>
+          <useAlternateLoadableFile>false</useAlternateLoadableFile>
+          <parseOnProdLoad>false</parseOnProdLoad>
+          <alternateLoadableFile></alternateLoadableFile>
+        </loading>
+        <subordinates>
+        </subordinates>
+      </compileType>
+      <makeCustomizationType>
+        <makeCustomizationPreStepEnabled>false</makeCustomizationPreStepEnabled>
+        <makeUseCleanTarget>false</makeUseCleanTarget>
+        <makeCustomizationPreStep></makeCustomizationPreStep>
+        <makeCustomizationPostStepEnabled>false</makeCustomizationPostStepEnabled>
+        <makeCustomizationPostStep></makeCustomizationPostStep>
+        <makeCustomizationPutChecksumInUserID>false</makeCustomizationPutChecksumInUserID>
+        <makeCustomizationEnableLongLines>false</makeCustomizationEnableLongLines>
+        <makeCustomizationNormalizeHexFile>false</makeCustomizationNormalizeHexFile>
+      </makeCustomizationType>
+      <C30>
+        <property key="code-model" value="large-code"/>
+        <property key="const-model" value="default"/>
+        <property key="data-model" value="default"/>
+        <property key="disable-instruction-scheduling" value="false"/>
+        <property key="enable-all-warnings" value="true"/>
+        <property key="enable-ansi-std" value="false"/>
+        <property key="enable-ansi-warnings" value="false"/>
+        <property key="enable-fatal-warnings" value="false"/>
+        <property key="enable-large-arrays" value="false"/>
+        <property key="enable-omit-frame-pointer" value="false"/>
+        <property key="enable-procedural-abstraction" value="false"/>
+        <property key="enable-short-double" value="false"/>
+        <property key="enable-symbols" value="true"/>
+        <property key="enable-unroll-loops" value="false"/>
+        <property key="expand-pragma-config" value="false"/>
+        <property key="extra-include-directories" value="../../;../"/>
+        <property key="isolate-each-function" value="false"/>
+        <property key="keep-inline" value="false"/>
+        <property key="oXC16gcc-align-arr" value="false"/>
+        <property key="oXC16gcc-cnsts-mauxflash" value="false"/>
+        <property key="oXC16gcc-data-sects" value="false"/>
+        <property key="oXC16gcc-errata" value=""/>
+        <property key="oXC16gcc-fillupper" value=""/>
+        <property key="oXC16gcc-large-aggregate" value="false"/>
+        <property key="oXC16gcc-mauxflash" value="false"/>
+        <property key="oXC16gcc-mpa-lvl" value=""/>
+        <property key="oXC16gcc-name-text-sec" value=""/>
+        <property key="oXC16gcc-near-chars" value="false"/>
+        <property key="oXC16gcc-no-isr-warn" value="false"/>
+        <property key="oXC16gcc-sfr-warn" value="false"/>
+        <property key="oXC16gcc-smar-io-lvl" value="1"/>
+        <property key="oXC16gcc-smart-io-fmt" value=""/>
+        <property key="optimization-level" value="2"/>
+        <property key="post-instruction-scheduling" value="default"/>
+        <property key="pre-instruction-scheduling" value="default"/>
+        <property key="preprocessor-macros" value="WOLFSSL_USER_SETTINGS"/>
+        <property key="scalar-model" value="default"/>
+        <property key="use-cci" value="false"/>
+        <property key="use-iar" value="false"/>
+      </C30>
+      <C30-AR>
+        <property key="additional-options-chop-files" value="false"/>
+      </C30-AR>
+      <C30-AS>
+        <property key="assembler-symbols" value=""/>
+        <property key="expand-macros" value="false"/>
+        <property key="extra-include-directories-for-assembler" value=""/>
+        <property key="extra-include-directories-for-preprocessor" value=""/>
+        <property key="false-conditionals" value="false"/>
+        <property key="keep-locals" value="false"/>
+        <property key="list-assembly" value="false"/>
+        <property key="list-section-info" value="false"/>
+        <property key="list-source" value="false"/>
+        <property key="list-symbols" value="false"/>
+        <property key="oXC16asm-extra-opts" value=""/>
+        <property key="oXC16asm-list-to-file" value="false"/>
+        <property key="omit-debug-dirs" value="false"/>
+        <property key="omit-forms" value="false"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="relax" value="false"/>
+        <property key="warning-level" value="emit-warnings"/>
+      </C30-AS>
+      <C30-CO>
+        <property key="coverage-enable" value=""/>
+        <property key="stack-guidance" value="true"/>
+      </C30-CO>
+      <C30-LD>
+        <property key="additional-options-use-response-files" value="false"/>
+        <property key="boot-eeprom" value="no_eeprom"/>
+        <property key="boot-flash" value="no_flash"/>
+        <property key="boot-ram" value="no_ram"/>
+        <property key="boot-write-protect" value="no_write_protect"/>
+        <property key="enable-check-sections" value="false"/>
+        <property key="enable-data-init" value="true"/>
+        <property key="enable-default-isr" value="true"/>
+        <property key="enable-handles" value="true"/>
+        <property key="enable-pack-data" value="true"/>
+        <property key="extra-lib-directories" value=""/>
+        <property key="fill-flash-options-addr" value=""/>
+        <property key="fill-flash-options-const" value=""/>
+        <property key="fill-flash-options-how" value="0"/>
+        <property key="fill-flash-options-inc-const" value="1"/>
+        <property key="fill-flash-options-increment" value=""/>
+        <property key="fill-flash-options-seq" value=""/>
+        <property key="fill-flash-options-what" value="0"/>
+        <property key="general-code-protect" value="no_code_protect"/>
+        <property key="general-write-protect" value="no_write_protect"/>
+        <property key="generate-cross-reference-file" value="false"/>
+        <property key="heap-size" value=""/>
+        <property key="input-libraries" value=""/>
+        <property key="linker-stack" value="true"/>
+        <property key="linker-symbols" value=""/>
+        <property key="map-file" value="${DISTDIR}/${PROJECTNAME}.${IMAGE_TYPE}.map"/>
+        <property key="no-ivt" value="false"/>
+        <property key="oXC16ld-extra-opts" value=""/>
+        <property key="oXC16ld-fill-upper" value="0"/>
+        <property key="oXC16ld-force-link" value="false"/>
+        <property key="oXC16ld-no-smart-io" value="false"/>
+        <property key="oXC16ld-nostdlib" value="false"/>
+        <property key="oXC16ld-stackguard" value="16"/>
+        <property key="preprocessor-macros" value=""/>
+        <property key="remove-unused-sections" value="false"/>
+        <property key="report-memory-usage" value="true"/>
+        <property key="secure-eeprom" value="no_eeprom"/>
+        <property key="secure-flash" value="no_flash"/>
+        <property key="secure-ram" value="no_ram"/>
+        <property key="secure-write-protect" value="no_write_protect"/>
+        <property key="stack-size" value="16"/>
+        <property key="symbol-stripping" value=""/>
+        <property key="trace-symbols" value=""/>
+        <property key="warn-section-align" value="false"/>
+      </C30-LD>
+      <C30Global>
+        <property key="common-include-directories" value="../../.."/>
+        <property key="dual-boot-partition" value="0"/>
+        <property key="fast-math" value="false"/>
+        <property key="generic-16-bit" value="false"/>
+        <property key="legacy-libc" value="true"/>
+        <property key="mpreserve-all" value="false"/>
+        <property key="oXC16glb-macros" value=""/>
+        <property key="omit-pack-options" value="1"/>
+        <property key="output-file-format" value="elf"/>
+        <property key="preserve-all" value="false"/>
+        <property key="preserve-file" value=""/>
+        <property key="relaxed-math" value="false"/>
+        <property key="save-temps" value="false"/>
+      </C30Global>
+    </conf>
+  </confs>
+</configurationDescriptor>
diff --git a/IDE/MPLABX16/wolfssl.X/nbproject/include.am b/IDE/MPLABX16/wolfssl.X/nbproject/include.am
new file mode 100644
index 000000000..5ba879e33
--- /dev/null
+++ b/IDE/MPLABX16/wolfssl.X/nbproject/include.am
@@ -0,0 +1,7 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST +=                                         \
+                IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml \
+                IDE/MPLABX16/wolfssl.X/nbproject/project.xml
diff --git a/IDE/MPLABX16/wolfssl.X/nbproject/project.xml b/IDE/MPLABX16/wolfssl.X/nbproject/project.xml
new file mode 100644
index 000000000..1fb81b58c
--- /dev/null
+++ b/IDE/MPLABX16/wolfssl.X/nbproject/project.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://www.netbeans.org/ns/project/1">
+    <type>com.microchip.mplab.nbide.embedded.makeproject</type>
+    <configuration>
+        <data xmlns="http://www.netbeans.org/ns/make-project/1">
+            <name>wolfssl</name>
+            <creation-uuid>93bbfc3a-a0fa-4d48-bbc8-6cd47a2bd05b</creation-uuid>
+            <make-project-type>0</make-project-type>
+            <c-extensions>c</c-extensions>
+            <cpp-extensions/>
+            <header-extensions>h</header-extensions>
+            <sourceEncoding>ISO-8859-1</sourceEncoding>
+            <asminc-extensions/>
+            <make-dep-projects/>
+            <sourceRootList>
+                <sourceRootElem>..</sourceRootElem>
+                <sourceRootElem>../../src</sourceRootElem>
+                <sourceRootElem>../../wolfcrypt/src</sourceRootElem>
+                <sourceRootElem>../../wolfcrypt/test</sourceRootElem>
+                <sourceRootElem>../../../src</sourceRootElem>
+                <sourceRootElem>../../../wolfcrypt/src</sourceRootElem>
+            </sourceRootList>
+            <confList>
+                <confElem>
+                    <name>default</name>
+                    <type>3</type>
+                </confElem>
+            </confList>
+            <formatting>
+                <project-formatting-style>false</project-formatting-style>
+            </formatting>
+        </data>
+    </configuration>
+</project>
diff --git a/IDE/MQX/README-jp.md b/IDE/MQX/README-jp.md
index 093e98b6b..649e7c65d 100644
--- a/IDE/MQX/README-jp.md
+++ b/IDE/MQX/README-jp.md
@@ -26,4 +26,3 @@
   CC:       コンパイラコマンド
   AR:       ARコマンド
   WOLF_ROOT: Makefile�格��置を変�る場����定義を変更������
-  
\ No newline at end of file
diff --git a/IDE/MQX/client-tls.c b/IDE/MQX/client-tls.c
index 9834251c0..5c85aeda5 100644
--- a/IDE/MQX/client-tls.c
+++ b/IDE/MQX/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MQX/include.am b/IDE/MQX/include.am
index 27687d33e..deb5ebc76 100644
--- a/IDE/MQX/include.am
+++ b/IDE/MQX/include.am
@@ -8,4 +8,4 @@ EXTRA_DIST+= IDE/MQX/README-jp.md
 EXTRA_DIST+= IDE/MQX/README.md
 EXTRA_DIST+= IDE/MQX/server-tls.c
 EXTRA_DIST+= IDE/MQX/user_config.h
-EXTRA_DIST+= IDE/MQX/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/MQX/user_settings.h
diff --git a/IDE/MQX/server-tls.c b/IDE/MQX/server-tls.c
index e7e1a4852..6a39adaa2 100644
--- a/IDE/MQX/server-tls.c
+++ b/IDE/MQX/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -193,4 +193,4 @@ int main()
     wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
     close(sockfd);          /* Close the socket listening for clients   */
     return 0;               /* Return reporting a success               */
-}
\ No newline at end of file
+}
diff --git a/IDE/MQX/user_config.h b/IDE/MQX/user_config.h
index d66e53235..81bbf4e49 100644
--- a/IDE/MQX/user_config.h
+++ b/IDE/MQX/user_config.h
@@ -1 +1 @@
-#define MQX_CPU                 PSP_CPU_MK60DN512Z
\ No newline at end of file
+#define MQX_CPU                 PSP_CPU_MK60DN512Z
diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.c b/IDE/MSVS-2019-AZSPHERE/client/client.c
index 6756c89a5..53c0789a1 100644
--- a/IDE/MSVS-2019-AZSPHERE/client/client.c
+++ b/IDE/MSVS-2019-AZSPHERE/client/client.c
@@ -1,6 +1,6 @@
-/* client.c
+/* client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.h b/IDE/MSVS-2019-AZSPHERE/client/client.h
index f10c0db94..39cc01140 100644
--- a/IDE/MSVS-2019-AZSPHERE/client/client.h
+++ b/IDE/MSVS-2019-AZSPHERE/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.c b/IDE/MSVS-2019-AZSPHERE/server/server.c
index 7c4528a06..8e4585194 100644
--- a/IDE/MSVS-2019-AZSPHERE/server/server.c
+++ b/IDE/MSVS-2019-AZSPHERE/server/server.c
@@ -1,6 +1,6 @@
-/* server.c
+/* server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.h b/IDE/MSVS-2019-AZSPHERE/server/server.h
index e4d5edfea..7d032217f 100644
--- a/IDE/MSVS-2019-AZSPHERE/server/server.h
+++ b/IDE/MSVS-2019-AZSPHERE/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/shared/util.h b/IDE/MSVS-2019-AZSPHERE/shared/util.h
index 005676f4f..25cbb83f8 100644
--- a/IDE/MSVS-2019-AZSPHERE/shared/util.h
+++ b/IDE/MSVS-2019-AZSPHERE/shared/util.h
@@ -1,6 +1,6 @@
 /* util.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,7 @@
 #include <wolfssl/ssl.h>
 #include <ifaddrs.h>
 #include <applibs/log.h>
+#include <netdb.h>
 
 #define _GNU_SOURCE /* defines NI_NUMERICHOST */
 #ifndef NI_MAXHOST
diff --git a/IDE/MSVS-2019-AZSPHERE/user_settings.h b/IDE/MSVS-2019-AZSPHERE/user_settings.h
index 3c4c03aa5..1c9ffcf4e 100644
--- a/IDE/MSVS-2019-AZSPHERE/user_settings.h
+++ b/IDE/MSVS-2019-AZSPHERE/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,9 +31,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 11111
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 11111
+    #endif
     #define CERT         ca_cert_der_2048
     #define SIZEOF_CERT  sizeof_ca_cert_der_2048
     static const char msg[] = "Are you listening wolfSSL Server?";
@@ -41,9 +41,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "www.wolfssl.com"
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 443
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 443
+    #endif
     #define CERT         wolfssl_website_root_ca
     #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
     static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
@@ -85,6 +85,7 @@
 
 /* Filesystem */
 #define NO_FILESYSTEM
+#define HAVE_NETDB_H
 
 /* Debug */
 #include <applibs/log.h>
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
index 902050c27..18c3633b0 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
@@ -41,7 +41,10 @@ list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_asn1.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_bn.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_certman.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_crypto.c )
+list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_load.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_misc.c )
+list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_p7p12.c )
+list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_sess.c )
 aux_source_directory( ${CRYPTO_SRC_DIR} CRYPTO_SOURCES )
 list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/evp.c )
 list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/misc.c )
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
index 2837ac3c2..d2240f333 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
@@ -1,6 +1,6 @@
-/* template_appliance.h
+/* template_appliance.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
index 05ed1790f..0b7391922 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
@@ -1,4 +1,5 @@
-/* Copyright (C) 2006-2022 wolfSSL Inc.
+/ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
  * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
index 051b6ac03..4254f21f1 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
@@ -1,6 +1,6 @@
-/* template_appliance.h
+/* template_appliance.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
index 2afdfcf3e..4078fb7a5 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
@@ -1,4 +1,4 @@
-#pragma once
+#pragma once
 
 /// <summary>
 /// This identifier should be defined before including any of the networking-related header files.
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
index ca8e80577..0889be1c8 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
@@ -1,6 +1,6 @@
-/* main.c
+/* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
index 566b7d8b8..55c7c40b8 100644
--- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt
+++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
@@ -1,6 +1,6 @@
 # CMakeLists.txt
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/MYSQL/CMakeLists_wolfSSL.txt b/IDE/MYSQL/CMakeLists_wolfSSL.txt
index e95c92910..3599bedb8 100644
--- a/IDE/MYSQL/CMakeLists_wolfSSL.txt
+++ b/IDE/MYSQL/CMakeLists_wolfSSL.txt
@@ -1,6 +1,6 @@
 # CMakeLists.txt
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/NDS/README.md b/IDE/NDS/README.md
new file mode 100644
index 000000000..4bacccb98
--- /dev/null
+++ b/IDE/NDS/README.md
@@ -0,0 +1,110 @@
+# wolfSSL for libnds
+
+## Requirements
+
+[Devkitpro](https://devkitpro.org/wiki/Getting_Started) with libnds, nds-tool and nds-dev.
+
+
+## Building
+
+For MelonDS
+```
+$ ./configure \
+    --host=arm-none-eabi \
+    CC=$DEVKITARM/bin/arm-none-eabi-g++ \
+    AR=$DEVKITARM/bin/arm-none-eabi-ar \
+    STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
+    RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
+    LIBS="-lfat -lnds9" \
+    LDFLAGS="-L/opt/devkitpro/libnds/lib" \
+    --prefix=$DEVKITPRO/portlibs/nds \
+    CFLAGS="-march=armv5te -mtune=arm946e-s \
+        --specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \
+        -DWOLFSSL_MELONDS \
+        -DWOLFSSL_USER_IO \
+        -I$DEVKITPRO/libnds/include" \
+    --enable-fastmath --disable-benchmark \
+    --disable-shared --disable-examples --disable-ecc
+$ make
+$ sudo make install
+```
+
+For Hardware
+```
+$ ./configure \
+    --host=arm-none-eabi \
+    CC=$DEVKITARM/bin/arm-none-eabi-g++ \
+    AR=$DEVKITARM/bin/arm-none-eabi-ar \
+    STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
+    RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
+    LIBS="-lfat -lnds9" \
+    LDFLAGS="-L/opt/devkitpro/libnds/lib" \
+    --prefix=$DEVKITPRO/portlibs/nds \
+    CFLAGS="-march=armv5te -mtune=arm946e-s \
+        --specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \
+        -DWOLFSSL_USER_IO \
+        -I$DEVKITPRO/libnds/include" \
+    --enable-fastmath --disable-benchmark \
+    --disable-shared --disable-examples --disable-ecc
+$ make
+$ sudo make install
+```
+
+## Run the Tests
+
+To run the Crypttests type the following.
+Run `$ ndstool -9 ./wolfcrypt/test/testwolfcrypt  -c ./wolfcrypt/test/testwolfcrypt.nds`
+
+copy `./certs` to `your_nds_sd_card/_nds/certs` (Follow Virtual SD card steps below for Emulator)
+
+Run the Rom (located in ./wolfcrypt/test/testwolfcrypt.nds) in an Emulator or real Hardware.
+
+If running on MelonDS it must be using the DSi mode in order to use certs from an SD card.
+
+## Making a virtual SD card (MacOS)
+
+```
+Create Virtual SD card image
+
+$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64
+
+Format image to FAT32
+
+$ hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount ~/my_sd_card.img
+$ diskutil eraseDisk FAT32 MYSDCARD MBRFormat /dev/diskX
+$ hdiutil detach /dev/diskX
+
+Mount to Create Folder Structure and Copy Certs
+
+$ mkdir -p /Volumes/MYSDCARD/_nds
+$ cp -r ~/wolfssl/certs /Volumes/MYSDCARD/_nds/
+
+Unmount
+
+hdiutil detach /dev/diskX
+```
+
+## Making a virtual SD card (Linux)
+
+```
+Create Virtual SD card image
+
+$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64
+
+Format image to FAT32
+
+$ sudo losetup -fP ~/my_sd_card.img
+$ sudo losetup -l
+$ sudo mkfs.vfat -F 32 /dev/loop0
+$ sudo losetup -d /dev/loop0
+
+Mount to Create Folder Structure and Copy Certs
+
+$ sudo mount ~/my_sd_card.img /mnt
+$ sudo mkdir -p /mnt/_nds
+$ sudo cp -r ~/wolfssl/certs /mnt/_nds/
+
+Unmount
+
+hdiutil detach /dev/diskX
+```
diff --git a/IDE/NETOS/user_settings.h b/IDE/NETOS/user_settings.h
index ceb70ec66..9b40a623f 100644
--- a/IDE/NETOS/user_settings.h
+++ b/IDE/NETOS/user_settings.h
@@ -1,23 +1,23 @@
 /* user_settings.h
 *
-* Copyright (C) 2006-2021 wolfSSL Inc.
-*
-* This file is part of wolfSSL.
-*
-* wolfSSL is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
-*
-* wolfSSL is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-*/
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
 /* Custom wolfSSL user settings for GCC ARM */
 
@@ -410,6 +410,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h> /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/NETOS/wolfssl_netos_custom.c b/IDE/NETOS/wolfssl_netos_custom.c
index 8617eee66..334bae289 100644
--- a/IDE/NETOS/wolfssl_netos_custom.c
+++ b/IDE/NETOS/wolfssl_netos_custom.c
@@ -1,6 +1,6 @@
 /* wolfssl_netos_custom.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/PlatformIO/README.md b/IDE/PlatformIO/README.md
new file mode 100644
index 000000000..7ba3d470b
--- /dev/null
+++ b/IDE/PlatformIO/README.md
@@ -0,0 +1,26 @@
+# PlatformIO
+
+Follow the [instructions](https://docs.platformio.org/en/latest/core/installation/methods/index.html) to install PlatformIO.
+
+Note there are two options for using PlatformIO:
+
+- [Core CLI](https://docs.platformio.org/en/latest/core/index.html)
+- [VSCode IDE](https://docs.platformio.org/en/latest/integration/ide/vscode.html#ide-vscode)
+
+There are two types wolfSSL libraries for PlatformIO:
+
+- Regular (release): https://registry.platformio.org/libraries/wolfssl/wolfssl
+- Arduino (release): https://registry.platformio.org/libraries/wolfssl/Arduino-wolfSSL
+
+There are staging / preview libraries for each of the two types wolfSSL libraries for PlatformIO:
+
+- Regular (staging / preview): https://registry.platformio.org/libraries/wolfssl-staging/wolfSSL
+- Arduino (staging / preview): https://registry.platformio.org/libraries/wolfssl-staging/Arduino-wolfSSL
+
+# Examples
+
+See the [examples directory](./examples/)
+
+## Publishing
+
+The wolfSSL publishing is performed from the `scripts`.
diff --git a/IDE/PlatformIO/examples/README.md b/IDE/PlatformIO/examples/README.md
new file mode 100644
index 000000000..f4ab16436
--- /dev/null
+++ b/IDE/PlatformIO/examples/README.md
@@ -0,0 +1,13 @@
+# PlatformIO
+
+Follow the [instructions](https://docs.platformio.org/en/latest/core/installation/methods/index.html) to install PlatformIO.
+
+Note there are two options:
+
+- [Core CLI](https://docs.platformio.org/en/latest/core/index.html)
+- [VSCode IDE](https://docs.platformio.org/en/latest/integration/ide/vscode.html#ide-vscode)
+
+# Examples
+
+- [wolfssl_benchmark](./wolfssl_benchmark/README.md)
+- [wolfssl_test](./wolfssl_test/README.md)
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt
new file mode 100644
index 000000000..196bba158
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.16.0)
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(ESP_IDF_Hello_World)
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/README.md b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
new file mode 100644
index 000000000..6505ecbb5
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
@@ -0,0 +1,214 @@
+# wolfSSL Benchmark Example
+
+This ESP32 example uses the [wolfSSL wolfcrypt Benchmark Application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/benchmark).
+
+Other target boards _should_ work, but have not yet been tested.
+
+For general information on [wolfSSL examples for Espressif](../README.md), see the
+[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
+
+## Example Output
+
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
+compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
+for help in optimizing for your particular application, or see the
+[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
+
+```
+ets Jun  8 2016 00:22:57
+
+rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
+configsip: 0, SPIWP:0xee
+clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
+mode:DIO, clock div:2
+load:0x3fff0030,len:7168
+load:0x40078000,len:15612
+load:0x40080400,len:4
+load:0x40080404,len:3736
+entry 0x40080624
+I (28) boot: ESP-IDF 5.2.1 2nd stage bootloader
+I (29) boot: compile time May 17 2024 19:42:46
+W (29) boot: Unicore bootloader
+I (32) boot: chip revision: v1.0
+I (36) boot.esp32: SPI Speed      : 40MHz
+I (41) boot.esp32: SPI Mode       : DIO
+I (45) boot.esp32: SPI Flash Size : 4MB
+I (50) boot: Enabling RNG early entropy source...
+I (55) boot: Partition Table:
+I (59) boot: ## Label            Usage          Type ST Offset   Length
+I (66) boot:  0 nvs              WiFi data        01 02 00009000 00006000
+I (74) boot:  1 phy_init         RF data          01 01 0000f000 00001000
+I (81) boot:  2 factory          factory app      00 00 00010000 00100000
+I (89) boot: End of partition table
+I (93) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=1900ch (102412) map
+I (138) esp_image: segment 1: paddr=00029034 vaddr=3ffb0000 size=01794h (  6036) load
+I (141) esp_image: segment 2: paddr=0002a7d0 vaddr=40080000 size=05848h ( 22600) load
+I (154) esp_image: segment 3: paddr=00030020 vaddr=400d0020 size=4bc50h (310352) map
+I (266) esp_image: segment 4: paddr=0007bc78 vaddr=40085848 size=05b64h ( 23396) load
+I (276) esp_image: segment 5: paddr=000817e4 vaddr=50000000 size=00004h (     4) load
+I (282) boot: Loaded app from partition at offset 0x10000
+I (282) boot: Disabling RNG early entropy source...
+I (297) cpu_start: Unicore app
+I (297) cpu_start: Single core mode
+I (305) cpu_start: Pro cpu start user code
+I (305) cpu_start: cpu freq: 240000000 Hz
+I (305) cpu_start: Application information:
+I (310) cpu_start: Project name:     ESP_IDF_Hello_World
+I (316) cpu_start: App version:      v5.7.0-stable-512-g15af87af8-di
+I (323) cpu_start: Compile time:     May 17 2024 19:42:07
+I (329) cpu_start: ELF file SHA256:  eebe816ce...
+I (334) cpu_start: ESP-IDF:          5.2.1
+I (339) cpu_start: Min chip rev:     v0.0
+I (344) cpu_start: Max chip rev:     v3.99
+I (349) cpu_start: Chip rev:         v1.0
+I (354) heap_init: Initializing. RAM available for dynamic allocation:
+I (361) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
+I (367) heap_init: At 3FFB2018 len 0002DFE8 (183 KiB): DRAM
+I (373) heap_init: At 3FFE0440 len 0001FBC0 (126 KiB): D/IRAM
+I (379) heap_init: At 40078000 len 00008000 (32 KiB): IRAM
+I (386) heap_init: At 4008B3AC len 00014C54 (83 KiB): IRAM
+I (392) heap_init: At 3FF80000 len 00002000 (8 KiB): RTCRAM
+I (399) spi_flash: detected chip: generic
+I (403) spi_flash: flash io: dio
+I (407) main_task: Started on CPU0
+I (410) main_task: Calling app_main()
+I (415) wolfSSL demo: Found WOLFSSL_ESPIDF!
+
+Hello World wolfSSL Version 5.7.0
+I (423) esp32_util: Extended Version and Platform Information.
+I (429) esp32_util: Chip revision: v1.0
+I (434) esp32_util: SSID and plain text WiFi password not displayed in startup logs.
+I (442) esp32_util:   Define SHOW_SSID_AND_PASSWORD to enable display.
+W (449) esp32_util: Warning: old cmake, user_settings.h location unknown.
+I (457) esp32_util: LIBWOLFSSL_VERSION_STRING = 5.7.0
+I (463) esp32_util: LIBWOLFSSL_VERSION_HEX = 5007000
+I (468) esp32_util: Stack HWM: 9204
+I (472) esp32_util:
+I (475) esp32_util: Macro Name                 Defined   Not Defined
+I (482) esp32_util: ------------------------- --------- -------------
+I (489) esp32_util: NO_ESPIDF_DEFAULT........                 X
+I (496) esp32_util: HW_MATH_ENABLED..........     X
+I (502) esp32_util: WOLFSSL_SHA224...........     X
+I (507) esp32_util: WOLFSSL_SHA384...........     X
+I (513) esp32_util: WOLFSSL_SHA512...........     X
+I (518) esp32_util: WOLFSSL_SHA3.............     X
+I (524) esp32_util: HAVE_ED25519.............     X
+I (529) esp32_util: HAVE_AES_ECB.............                 X
+I (536) esp32_util: HAVE_AES_DIRECT..........                 X
+I (543) esp32_util: USE_FAST_MATH............     X
+I (548) esp32_util: WOLFSSL_SP_MATH_ALL......                 X
+I (555) esp32_util: SP_MATH..................                 X
+I (561) esp32_util: WOLFSSL_HW_METRICS.......     X
+I (567) esp32_util: RSA_LOW_MEM..............     X
+I (572) esp32_util: SMALL_SESSION_CACHE......                 X
+I (579) esp32_util: WC_NO_HARDEN.............                 X
+I (586) esp32_util: TFM_TIMING_RESISTANT.....     X
+I (591) esp32_util: ECC_TIMING_RESISTANT.....     X
+I (597) esp32_util: WC_NO_CACHE_RESISTANT....     X
+I (602) esp32_util: WC_AES_BITSLICED.........                 X
+I (609) esp32_util: WOLFSSL_AES_NO_UNROLL....                 X
+I (615) esp32_util: TFM_TIMING_RESISTANT.....     X
+I (621) esp32_util: ECC_TIMING_RESISTANT.....     X
+I (627) esp32_util: WC_RSA_BLINDING..........     X
+I (632) esp32_util: NO_WRITEV................     X
+I (638) esp32_util: FREERTOS.................     X
+I (643) esp32_util: NO_WOLFSSL_DIR...........     X
+I (649) esp32_util: WOLFSSL_NO_CURRDIR.......     X
+I (654) esp32_util: WOLFSSL_LWIP.............     X
+I (660) esp32_util:
+I (663) esp32_util: Compiler Optimization: Default
+I (668) esp32_util:
+I (671) esp32_util: CONFIG_IDF_TARGET = esp32
+W (676) esp32_util: Watchdog active; missing WOLFSSL_ESP_NO_WATCHDOG definition.
+I (684) esp32_util: CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: 240 MHz
+I (691) esp32_util: Xthal_have_ccount: 1
+I (695) esp32_util: CONFIG_MAIN_TASK_STACK_SIZE: 10500
+I (701) esp32_util: CONFIG_ESP_MAIN_TASK_STACK_SIZE: 10500
+I (707) esp32_util: CONFIG_TIMER_TASK_STACK_SIZE: 3584
+I (713) esp32_util: CONFIG_TIMER_TASK_STACK_DEPTH: 2048
+I (719) esp32_util: Stack HWM: 3ffb4ebf
+I (724) esp32_util: ESP32_CRYPT is enabled for ESP32.
+I (729) esp32_util: SINGLE_THREADED
+I (733) esp32_util: Boot count: 1
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                       1625 KiB took 1.016 seconds, 1599.409 KiB/s Cycles per byte = 251.56
+AES-128-CBC-enc           7600 KiB took 1.003 seconds, 7577.268 KiB/s Cycles per byte =  30.93
+AES-128-CBC-dec           7350 KiB took 1.001 seconds, 7342.657 KiB/s Cycles per byte =  31.94
+AES-192-CBC-enc           7575 KiB took 1.001 seconds, 7567.433 KiB/s Cycles per byte =  30.97
+AES-192-CBC-dec           7325 KiB took 1.000 seconds, 7325.000 KiB/s Cycles per byte =  31.98
+AES-256-CBC-enc           7375 KiB took 1.000 seconds, 7375.000 KiB/s Cycles per byte =  31.77
+AES-256-CBC-dec           7325 KiB took 1.001 seconds, 7317.682 KiB/s Cycles per byte =  32.02
+AES-128-GCM-enc            350 KiB took 1.008 seconds,  347.222 KiB/s Cycles per byte = 675.33
+AES-128-GCM-dec            350 KiB took 1.009 seconds,  346.878 KiB/s Cycles per byte = 675.81
+AES-192-GCM-enc            350 KiB took 1.013 seconds,  345.508 KiB/s Cycles per byte = 678.52
+AES-192-GCM-dec            350 KiB took 1.014 seconds,  345.168 KiB/s Cycles per byte = 679.06
+AES-256-GCM-enc            350 KiB took 1.018 seconds,  343.811 KiB/s Cycles per byte = 681.98
+AES-256-GCM-dec            350 KiB took 1.020 seconds,  343.137 KiB/s Cycles per byte = 682.55
+GMAC Default               415 KiB took 1.001 seconds,  414.585 KiB/s Cycles per byte = 565.02
+AES-XTS-enc               1950 KiB took 1.000 seconds, 1950.000 KiB/s Cycles per byte = 120.17
+AES-XTS-dec               1950 KiB took 1.002 seconds, 1946.108 KiB/s Cycles per byte = 120.49
+AES-128-CFB               2425 KiB took 1.009 seconds, 2403.370 KiB/s Cycles per byte =  97.53
+AES-192-CFB               2350 KiB took 1.010 seconds, 2326.733 KiB/s Cycles per byte = 100.67
+AES-256-CFB               2250 KiB took 1.000 seconds, 2250.000 KiB/s Cycles per byte = 104.12
+AES-128-OFB               2425 KiB took 1.009 seconds, 2403.370 KiB/s Cycles per byte =  97.47
+AES-192-OFB               2350 KiB took 1.009 seconds, 2329.039 KiB/s Cycles per byte = 100.62
+AES-256-OFB               2275 KiB took 1.010 seconds, 2252.475 KiB/s Cycles per byte = 104.07
+AES-128-CTR               2450 KiB took 1.007 seconds, 2432.969 KiB/s Cycles per byte =  96.33
+AES-192-CTR               2375 KiB took 1.009 seconds, 2353.816 KiB/s Cycles per byte =  99.50
+AES-256-CTR               2275 KiB took 1.000 seconds, 2275.000 KiB/s Cycles per byte = 102.92
+AES-256-SIV-enc            900 KiB took 1.019 seconds,  883.219 KiB/s Cycles per byte = 265.22
+AES-256-SIV-dec            900 KiB took 1.019 seconds,  883.219 KiB/s Cycles per byte = 265.40
+AES-384-SIV-enc            875 KiB took 1.015 seconds,  862.069 KiB/s Cycles per byte = 271.82
+AES-384-SIV-dec            875 KiB took 1.016 seconds,  861.220 KiB/s Cycles per byte = 272.09
+AES-512-SIV-enc            850 KiB took 1.012 seconds,  839.921 KiB/s Cycles per byte = 279.14
+AES-512-SIV-dec            850 KiB took 1.014 seconds,  838.264 KiB/s Cycles per byte = 279.36
+ARC4                      4100 KiB took 1.003 seconds, 4087.737 KiB/s Cycles per byte =  57.30
+3DES                       450 KiB took 1.001 seconds,  449.550 KiB/s Cycles per byte = 521.21
+MD5                      13775 KiB took 1.000 seconds, 13775.000 KiB/s Cycles per byte =  17.01
+POLY1305                  7350 KiB took 1.000 seconds, 7350.000 KiB/s Cycles per byte =  31.89
+SHA                      16175 KiB took 1.000 seconds, 16175.000 KiB/s Cycles per byte =  14.49
+SHA-224                   1325 KiB took 1.004 seconds, 1319.721 KiB/s Cycles per byte = 177.55
+SHA-256                  15975 KiB took 1.001 seconds, 15959.041 KiB/s Cycles per byte =  14.69
+SHA-384                  17400 KiB took 1.000 seconds, 17400.000 KiB/s Cycles per byte =  13.48
+SHA-512                  17200 KiB took 1.000 seconds, 17200.000 KiB/s Cycles per byte =  13.63
+SHA-512/224               1150 KiB took 1.012 seconds, 1136.364 KiB/s Cycles per byte = 206.14
+SHA-512/256               1150 KiB took 1.010 seconds, 1138.614 KiB/s Cycles per byte = 205.91
+SHA3-224                  1125 KiB took 1.001 seconds, 1123.876 KiB/s Cycles per byte = 208.50
+SHA3-256                  1075 KiB took 1.013 seconds, 1061.204 KiB/s Cycles per byte = 220.77
+SHA3-384                   825 KiB took 1.007 seconds,  819.265 KiB/s Cycles per byte = 285.94
+SHA3-512                   575 KiB took 1.002 seconds,  573.852 KiB/s Cycles per byte = 408.48
+SHAKE128                  1300 KiB took 1.000 seconds, 1300.000 KiB/s Cycles per byte = 180.29
+SHAKE256                  1075 KiB took 1.012 seconds, 1062.253 KiB/s Cycles per byte = 220.72
+BLAKE2b                   1650 KiB took 1.007 seconds, 1638.530 KiB/s Cycles per byte = 143.04
+BLAKE2s                   3475 KiB took 1.003 seconds, 3464.606 KiB/s Cycles per byte =  67.59
+AES-128-CMAC              2350 KiB took 1.009 seconds, 2329.039 KiB/s Cycles per byte = 100.65
+AES-256-CMAC              2200 KiB took 1.006 seconds, 2186.879 KiB/s Cycles per byte = 107.22
+HMAC-MD5                 13625 KiB took 1.000 seconds, 13625.000 KiB/s Cycles per byte =  17.21
+HMAC-SHA                 15800 KiB took 1.000 seconds, 15800.000 KiB/s Cycles per byte =  14.84
+HMAC-SHA224               1325 KiB took 1.012 seconds, 1309.289 KiB/s Cycles per byte = 179.02
+HMAC-SHA256              15575 KiB took 1.000 seconds, 15575.000 KiB/s Cycles per byte =  15.05
+HMAC-SHA384              16375 KiB took 1.000 seconds, 16375.000 KiB/s Cycles per byte =  14.32
+HMAC-SHA512              15850 KiB took 1.000 seconds, 15850.000 KiB/s Cycles per byte =  14.80
+PBKDF2                       1 KiB took 1.024 seconds,    0.549 KiB/s Cycles per byte = 426593.36
+RSA     1024  key gen         1 ops took 1.142 sec, avg 1142.000 ms, 0.876 ops/sec
+RSA     2048  key gen         1 ops took 2.817 sec, avg 2817.000 ms, 0.355 ops/sec
+RSA     2048   public        14 ops took 1.115 sec, avg 79.643 ms, 12.556 ops/sec
+RSA     2048  private         6 ops took 1.272 sec, avg 212.000 ms, 4.717 ops/sec
+DH      2048  key gen         5 ops took 1.206 sec, avg 241.200 ms, 4.146 ops/sec
+DH      2048    agree        14 ops took 1.106 sec, avg 79.000 ms, 12.658 ops/sec
+ECC   [      SECP256R1]   256  key gen         4 ops took 1.525 sec, avg 381.250 ms, 2.623 ops/sec
+ECDHE [      SECP256R1]   256    agree         4 ops took 1.522 sec, avg 380.500 ms, 2.628 ops/sec
+ECDSA [      SECP256R1]   256     sign         4 ops took 1.541 sec, avg 385.250 ms, 2.596 ops/sec
+ECDSA [      SECP256R1]   256   verify         4 ops took 1.014 sec, avg 253.500 ms, 3.945 ops/sec
+CURVE  25519  key gen         3 ops took 1.186 sec, avg 395.333 ms, 2.530 ops/sec
+CURVE  25519    agree         4 ops took 1.577 sec, avg 394.250 ms, 2.536 ops/sec
+ED     25519  key gen        45 ops took 1.006 sec, avg 22.356 ms, 44.732 ops/sec
+ED     25519     sign        40 ops took 1.036 sec, avg 25.900 ms, 38.610 ops/sec
+ED     25519   verify        26 ops took 1.014 sec, avg 39.000 ms, 25.641 ops/sec
+Benchmark complete
+
+benchmark_test complete! result code: 0
+I (82083) main_task: Returned from app_main()
+```
+
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/include/README b/IDE/PlatformIO/examples/wolfssl_benchmark/include/README
new file mode 100644
index 000000000..45496b1f1
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/include/README
@@ -0,0 +1,39 @@
+
+This directory is intended for project header files.
+
+A header file is a file containing C declarations and macro definitions
+to be shared between several project source files. You request the use of a
+header file in your project source file (C, C++, etc) located in `src` folder
+by including it, with the C preprocessing directive `#include'.
+
+```src/main.c
+
+#include "header.h"
+
+int main (void)
+{
+ ...
+}
+```
+
+Including a header file produces the same results as copying the header file
+into each source file that needs it. Such copying would be time-consuming
+and error-prone. With a header file, the related declarations appear
+in only one place. If they need to be changed, they can be changed in one
+place, and programs that include the header file will automatically use the
+new version when next recompiled. The header file eliminates the labor of
+finding and changing all the copies as well as the risk that a failure to
+find one copy will result in inconsistencies within a program.
+
+In C, the usual convention is to give header files names that end with `.h'.
+It is most portable to use only letters, digits, dashes, and underscores in
+header file names, and at most one dot.
+
+Read more about using header files in official GCC documentation:
+
+* Include Syntax
+* Include Operation
+* Once-Only Headers
+* Computed Includes
+
+https://gcc.gnu.org/onlinedocs/cpp/Header-Files.html
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h b/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
similarity index 78%
rename from IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h
rename to IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
index 37b770415..46a35fd2c 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/time_helper.h
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
@@ -1,5 +1,6 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* PlatformIO wolfssl_benchmark main.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -17,16 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifndef _TIME_HELPER_H
+#ifndef _MAIN_H_
+#define _MAIN_H_
 
-#ifdef __cplusplus
-extern "C" {
 #endif
-
-int set_time(void);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* #ifndef _TIME_HELPER_H */
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/lib/README b/IDE/PlatformIO/examples/wolfssl_benchmark/lib/README
new file mode 100644
index 000000000..a10cadebe
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/lib/README
@@ -0,0 +1,46 @@
+
+This directory is intended for project specific (private) libraries.
+PlatformIO will compile them to static libraries and link into executable file.
+
+The source code of each library should be placed in an own separate directory
+("lib/your_library_name/[here are source files]").
+
+For example, see a structure of the following two libraries `Foo` and `Bar`:
+
+|--lib
+|  |
+|  |--Bar
+|  |  |--docs
+|  |  |--examples
+|  |  |--src
+|  |     |- Bar.c
+|  |     |- Bar.h
+|  |  |- library.json (optional, custom build options, etc) https://docs.platformio.org/page/librarymanager/config.html
+|  |
+|  |--Foo
+|  |  |- Foo.c
+|  |  |- Foo.h
+|  |
+|  |- README --> THIS FILE
+|
+|- platformio.ini
+|--src
+   |- main.c
+
+and a contents of `src/main.c`:
+```
+#include <Foo.h>
+#include <Bar.h>
+
+int main (void)
+{
+  ...
+}
+
+```
+
+PlatformIO Library Dependency Finder will find automatically dependent
+libraries scanning project source files.
+
+More information about PlatformIO Library Dependency Finder
+- https://docs.platformio.org/page/librarymanager/ldf.html
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini
new file mode 100644
index 000000000..a83ae3241
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini
@@ -0,0 +1,20 @@
+; PlatformIO Project Configuration File
+;
+;   Build options: build flags, source filter
+;   Upload options: custom upload port, speed and extra flags
+;   Library options: dependencies, extra library storages
+;   Advanced options: extra scripting
+;
+; Please visit documentation for the other options and examples
+; https://docs.platformio.org/page/projectconf.html
+
+[env:esp32dev]
+platform = espressif32
+board = esp32dev
+framework = espidf
+upload_port = COM19
+monitor_port = COM19
+monitor_speed = 115200
+build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32
+monitor_filters = direct
+lib_deps = wolfssl/wolfSSL@^5.7.2
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults
new file mode 100644
index 000000000..2a5ad756d
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults
@@ -0,0 +1,98 @@
+# sdkconfig.defaults for ESP8266 + ESP32
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+CONFIG_BENCH_ARGV="-lng 0"
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+
+#
+# Default main stack size. See user_settings.h
+#
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+
+# Legacy stack size for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+#
+# Compiler options
+#
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
+CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
+CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
+CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
+
+#
+# Partition Table
+#
+# CONFIG_PARTITION_TABLE_SINGLE_APP is not set
+CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y
+# CONFIG_PARTITION_TABLE_TWO_OTA is not set
+# CONFIG_PARTITION_TABLE_CUSTOM is not set
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp_large.csv"
+CONFIG_PARTITION_TABLE_OFFSET=0x8000
+CONFIG_PARTITION_TABLE_MD5=y
+# end of Partition Table
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt
new file mode 100644
index 000000000..ab3ad38f1
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt
@@ -0,0 +1,6 @@
+# This file was automatically generated for projects
+# without default 'CMakeLists.txt' file.
+
+FILE(GLOB_RECURSE app_sources ${CMAKE_SOURCE_DIR}/src/*.*)
+
+idf_component_register(SRCS ${app_sources})
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c b/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c
new file mode 100644
index 000000000..b2db89412
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c
@@ -0,0 +1,48 @@
+/* PlatformIO wolfssl_benchmark main.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include "main.h"
+
+#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_ESPIDF
+    #include <esp_log.h>
+    #include <rtc_wdt.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#endif
+
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+#define TAG "wolfSSL demo"
+
+void app_main() {
+    int ret = 0;
+#ifdef WOLFSSL_ESPIDF
+    ESP_LOGI(TAG, "Found WOLFSSL_ESPIDF!");
+#endif
+    printf("\nHello World wolfSSL Version %s\n", LIBWOLFSSL_VERSION_STRING);
+
+#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_ESPIDF)
+    esp_ShowExtendedSystemInfo();
+#endif
+    ret =  benchmark_test(NULL);
+    printf("\nbenchmark_test complete! result code: %d\n", ret);
+}
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/test/README b/IDE/PlatformIO/examples/wolfssl_benchmark/test/README
new file mode 100644
index 000000000..b0416ad8b
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/test/README
@@ -0,0 +1,11 @@
+
+This directory is intended for PlatformIO Test Runner and project tests.
+
+Unit Testing is a software testing method by which individual units of
+source code, sets of one or more MCU program modules together with associated
+control data, usage procedures, and operating procedures, are tested to
+determine whether they are fit for use. Unit testing finds problems early
+in the development cycle.
+
+More information about PlatformIO Unit Testing:
+- https://docs.platformio.org/en/latest/advanced/unit-testing/index.html
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace b/IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace
new file mode 100644
index 000000000..67488baf2
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace
@@ -0,0 +1,13 @@
+{
+	"folders": [
+		{
+			"name": "wolfssl_benchmark",
+			"path": "."
+		}
+	],
+	"settings": {
+		"files.associations": {
+			"settings.h": "c"
+		}
+	}
+}
diff --git a/IDE/PlatformIO/examples/wolfssl_platformio.code-workspace b/IDE/PlatformIO/examples/wolfssl_platformio.code-workspace
new file mode 100644
index 000000000..1c1f91598
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_platformio.code-workspace
@@ -0,0 +1,22 @@
+{
+    "folders": [
+        {
+            "name": "wolfsl_test",
+            "path": "wolfsl_test"
+        },
+        {
+            "name": "wolfsl_benchmark",
+            "path": "wolfsl_benchmark"
+        }
+    ],
+	"settings": {
+		"files.associations": {
+			"version.h": "c",
+			"types.h": "c",
+			"settings.h": "c",
+			"freertos.h": "c",
+			"esp32-crypt.h": "c",
+			"esp_log.h": "c"
+		}
+	}
+}
diff --git a/IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt
new file mode 100644
index 000000000..196bba158
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.16.0)
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(ESP_IDF_Hello_World)
diff --git a/IDE/PlatformIO/examples/wolfssl_test/README.md b/IDE/PlatformIO/examples/wolfssl_test/README.md
new file mode 100644
index 000000000..86058cd57
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/README.md
@@ -0,0 +1,241 @@
+# wolfSSL Crypt Test Example
+
+This ESP32 example uses the [wolfSSL wolfcrypt Test Application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+
+Other target boards _should_ work, but have not yet been tested.
+
+For general information on [wolfSSL examples for Espressif](../README.md), see the
+[README](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md) file.
+
+
+## Example Output
+
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
+compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
+for help in optimizing for your particular application, or see the
+[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
+
+
+```
+ets Jun  8 2016 00:22:57
+
+rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
+configsip: 0, SPIWP:0xee
+clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
+mode:DIO, clock div:2
+load:0x3fff0030,len:7168
+load:0x40078000,len:15612
+load:0x40080400,len:4
+load:0x40080404,len:3736
+entry 0x40080624
+I (28) boot: ESP-IDF 5.2.1 2nd stage bootloader
+I (29) boot: compile time May 17 2024 19:32:25
+W (29) boot: Unicore bootloader
+I (32) boot: chip revision: v1.0
+I (36) boot.esp32: SPI Speed      : 40MHz
+I (41) boot.esp32: SPI Mode       : DIO
+I (45) boot.esp32: SPI Flash Size : 4MB
+I (50) boot: Enabling RNG early entropy source...
+I (55) boot: Partition Table:
+I (59) boot: ## Label            Usage          Type ST Offset   Length
+I (66) boot:  0 nvs              WiFi data        01 02 00009000 00006000
+I (74) boot:  1 phy_init         RF data          01 01 0000f000 00001000
+I (81) boot:  2 factory          factory app      00 00 00010000 00100000
+I (89) boot: End of partition table
+I (93) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=31e24h (204324) map
+I (175) esp_image: segment 1: paddr=00041e4c vaddr=3ffb0000 size=01c54h (  7252) load
+I (178) esp_image: segment 2: paddr=00043aa8 vaddr=40080000 size=0b3c0h ( 46016) load
+I (200) esp_image: segment 3: paddr=0004ee70 vaddr=50000000 size=00004h (     4) load
+I (200) esp_image: segment 4: paddr=0004ee7c vaddr=00000000 size=0119ch (  4508)
+I (207) esp_image: segment 5: paddr=00050020 vaddr=400d0020 size=abb7ch (703356) map
+I (473) boot: Loaded app from partition at offset 0x10000
+I (474) boot: Disabling RNG early entropy source...
+I (485) cpu_start: Unicore app
+I (485) cpu_start: Single core mode
+I (493) cpu_start: Pro cpu start user code
+I (493) cpu_start: cpu freq: 240000000 Hz
+I (493) cpu_start: Application information:
+I (498) cpu_start: Project name:     ESP_IDF_Hello_World
+I (504) cpu_start: App version:      v5.7.0-stable-512-g15af87af8-di
+I (511) cpu_start: Compile time:     May 17 2024 19:31:47
+I (517) cpu_start: ELF file SHA256:  40b2541a0...
+I (523) cpu_start: ESP-IDF:          5.2.1
+I (528) cpu_start: Min chip rev:     v0.0
+I (532) cpu_start: Max chip rev:     v3.99
+I (537) cpu_start: Chip rev:         v1.0
+I (542) heap_init: Initializing. RAM available for dynamic allocation:
+I (549) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
+I (555) heap_init: At 3FFB38C0 len 0002C740 (177 KiB): DRAM
+I (561) heap_init: At 3FFE0440 len 0001FBC0 (126 KiB): D/IRAM
+I (568) heap_init: At 40078000 len 00008000 (32 KiB): IRAM
+I (574) heap_init: At 4008B3C0 len 00014C40 (83 KiB): IRAM
+I (580) heap_init: At 3FF80000 len 00002000 (8 KiB): RTCRAM
+I (588) spi_flash: detected chip: generic
+I (591) spi_flash: flash io: dio
+I (595) main_task: Started on CPU0
+I (598) main_task: Calling app_main()
+I (603) wolfSSL demo: Found WOLFSSL_ESPIDF!
+Hello World wolfSSL Version 5.7.0
+I (611) esp32_util: Extended Version and Platform Information.
+I (617) esp32_util: Chip revision: v1.0
+I (622) esp32_util: SSID and plain text WiFi password not displayed in startup logs.
+I (630) esp32_util:   Define SHOW_SSID_AND_PASSWORD to enable display.
+W (637) esp32_util: Warning: old cmake, user_settings.h location unknown.
+I (645) esp32_util: LIBWOLFSSL_VERSION_STRING = 5.7.0
+I (650) esp32_util: LIBWOLFSSL_VERSION_HEX = 5007000
+I (656) esp32_util: Stack HWM: 9212
+I (660) esp32_util:
+I (663) esp32_util: Macro Name                 Defined   Not Defined
+I (670) esp32_util: ------------------------- --------- -------------
+I (677) esp32_util: NO_ESPIDF_DEFAULT........                 X
+I (684) esp32_util: HW_MATH_ENABLED..........     X
+I (689) esp32_util: WOLFSSL_SHA224...........     X
+I (695) esp32_util: WOLFSSL_SHA384...........     X
+I (700) esp32_util: WOLFSSL_SHA512...........     X
+I (706) esp32_util: WOLFSSL_SHA3.............     X
+I (712) esp32_util: HAVE_ED25519.............     X
+I (717) esp32_util: HAVE_AES_ECB.............                 X
+I (724) esp32_util: HAVE_AES_DIRECT..........                 X
+I (730) esp32_util: USE_FAST_MATH............     X
+I (736) esp32_util: WOLFSSL_SP_MATH_ALL......                 X
+I (743) esp32_util: SP_MATH..................                 X
+I (749) esp32_util: WOLFSSL_HW_METRICS.......     X
+I (755) esp32_util: RSA_LOW_MEM..............     X
+I (760) esp32_util: SMALL_SESSION_CACHE......                 X
+I (767) esp32_util: WC_NO_HARDEN.............                 X
+I (773) esp32_util: TFM_TIMING_RESISTANT.....     X
+I (779) esp32_util: ECC_TIMING_RESISTANT.....     X
+I (785) esp32_util: WC_NO_CACHE_RESISTANT....     X
+I (790) esp32_util: WC_AES_BITSLICED.........                 X
+I (797) esp32_util: WOLFSSL_AES_NO_UNROLL....                 X
+I (803) esp32_util: TFM_TIMING_RESISTANT.....     X
+I (809) esp32_util: ECC_TIMING_RESISTANT.....     X
+I (814) esp32_util: WC_RSA_BLINDING..........     X
+I (820) esp32_util: NO_WRITEV................     X
+I (825) esp32_util: FREERTOS.................     X
+I (831) esp32_util: NO_WOLFSSL_DIR...........     X
+I (837) esp32_util: WOLFSSL_NO_CURRDIR.......     X
+I (842) esp32_util: WOLFSSL_LWIP.............     X
+I (848) esp32_util:
+I (851) esp32_util: Compiler Optimization: Default
+I (856) esp32_util:
+I (859) esp32_util: CONFIG_IDF_TARGET = esp32
+W (864) esp32_util: Watchdog active; missing WOLFSSL_ESP_NO_WATCHDOG definition.
+I (872) esp32_util: CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: 240 MHz
+I (879) esp32_util: Xthal_have_ccount: 1
+I (883) esp32_util: CONFIG_MAIN_TASK_STACK_SIZE: 10500
+I (889) esp32_util: CONFIG_ESP_MAIN_TASK_STACK_SIZE: 10500
+I (895) esp32_util: CONFIG_TIMER_TASK_STACK_SIZE: 3584
+I (901) esp32_util: CONFIG_TIMER_TASK_STACK_DEPTH: 2048
+I (907) esp32_util: Stack HWM: 8988
+I (911) esp32_util: ESP32_CRYPT is enabled for ESP32.
+I (917) esp32_util: NOT SINGLE_THREADED
+I (921) esp32_util: Boot count: 1
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.0
+------------------------------------------------------------------------------
+error    test passed!
+MEMORY   test passed!
+base64   test passed!
+base16   test passed!
+asn      test passed!
+RANDOM   test passed!
+MD5      test passed!
+MD2      test passed!
+MD4      test passed!
+SHA      test passed!
+SHA-224  test passed!
+SHA-256  test passed!
+SHA-384  test passed!
+SHA-512  test passed!
+SHA-512/224  test passed!
+SHA-512/256  test passed!
+SHA-3    test passed!
+SHAKE128 test passed!
+SHAKE256 test passed!
+Hash     test passed!
+BLAKE2b  test passed!
+BLAKE2s  test passed!
+HMAC-MD5 test passed!
+HMAC-SHA test passed!
+HMAC-SHA224 test passed!
+HMAC-SHA256 test passed!
+HMAC-SHA384 test passed!
+HMAC-SHA512 test passed!
+HMAC-SHA3   test passed!
+HMAC-KDF    test passed!
+SSH-KDF     test passed!
+PRF         test passed!
+TLSv1.2 KDF test passed!
+TLSv1.3 KDF test passed!
+X963-KDF    test passed!
+HPKE     test passed!
+GMAC     test passed!
+RC2      test passed!
+ARC4     test passed!
+POLY1305 test passed!
+DES      test passed!
+DES3     test passed!
+AES      test passed!
+AES192   test passed!
+AES256   test passed!
+AES-OFB   test passed!
+AES-GCM  test passed!
+AES-CFB  test passed!
+AES-XTS  test passed!
+AES Key Wrap test passed!
+AES-SIV  test passed!
+AES-EAX  test passed!
+RSA      test passed!
+DH       test passed!
+DSA      test passed!
+SRP      test passed!
+PWDBASED test passed!
+PKCS12   test passed!
+openSSL extra test
+OPENSSL  test passed!
+OPENSSL (EVP MD) passed!
+OPENSSL (PKEY0) passed!
+OPENSSL (PKEY1) passed!
+OPENSSL (EVP Sign/Verify) passed!
+ECC      test passed!
+ECC buffer test passed!
+CURVE25519 test passed!
+ED25519  test passed!
+CMAC     test passed!
+PKCS7encrypted  test passed!
+PKCS7signed     test passed!
+PKCS7enveloped  test passed!
+PKCS7authenveloped  test passed!
+mp       test passed!
+prime    test passed!
+logging  test passed!
+time     test passed!
+mutex    test passed!
+cert piv test passed!
+I (261247) wolfssl_esp32_mp:
+I (261248) wolfssl_esp32_mp: esp_mp_mul HW acceleration enabled.
+I (261255) wolfssl_esp32_mp: Number of calls to esp_mp_mul: 3413
+I (261262) wolfssl_esp32_mp: Success: no esp_mp_mul() errors.
+I (261268) wolfssl_esp32_mp:
+I (261272) wolfssl_esp32_mp: esp_mp_mulmod HW acceleration enabled.
+I (261279) wolfssl_esp32_mp: Number of calls to esp_mp_mulmod: 2170
+I (261286) wolfssl_esp32_mp: Number of fallback to SW mp_mulmod: 331
+I (261293) wolfssl_esp32_mp: Success: no esp_mp_mulmod errors.
+I (261299) wolfssl_esp32_mp: Success: no esp_mp_mulmod even mod.
+I (261306) wolfssl_esp32_mp: Success: no esp_mp_mulmod small x or y.
+I (261313) wolfssl_esp32_mp:
+I (261317) wolfssl_esp32_mp: Number of calls to esp_mp_exptmod: 659
+I (261324) wolfssl_esp32_mp: Number of fallback to SW mp_exptmod: 105
+I (261331) wolfssl_esp32_mp: Success: no esp_mp_exptmod errors.
+I (261337) wolfssl_esp32_mp: Max N->used: esp_mp_max_used = 64
+I (261344) wolfssl_esp32_mp: Max timeout: esp_mp_max_timeout = 1
+Test complete
+I (261352) wc_test: Exiting main with return code:  0
+
+
+wolf_test_task complete! result code: 0
+I (261361) main_task: Returned from app_main()
+```
+
+See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).
diff --git a/IDE/PlatformIO/examples/wolfssl_test/include/README b/IDE/PlatformIO/examples/wolfssl_test/include/README
new file mode 100644
index 000000000..45496b1f1
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/include/README
@@ -0,0 +1,39 @@
+
+This directory is intended for project header files.
+
+A header file is a file containing C declarations and macro definitions
+to be shared between several project source files. You request the use of a
+header file in your project source file (C, C++, etc) located in `src` folder
+by including it, with the C preprocessing directive `#include'.
+
+```src/main.c
+
+#include "header.h"
+
+int main (void)
+{
+ ...
+}
+```
+
+Including a header file produces the same results as copying the header file
+into each source file that needs it. Such copying would be time-consuming
+and error-prone. With a header file, the related declarations appear
+in only one place. If they need to be changed, they can be changed in one
+place, and programs that include the header file will automatically use the
+new version when next recompiled. The header file eliminates the labor of
+finding and changing all the copies as well as the risk that a failure to
+find one copy will result in inconsistencies within a program.
+
+In C, the usual convention is to give header files names that end with `.h'.
+It is most portable to use only letters, digits, dashes, and underscores in
+header file names, and at most one dot.
+
+Read more about using header files in official GCC documentation:
+
+* Include Syntax
+* Include Operation
+* Once-Only Headers
+* Computed Includes
+
+https://gcc.gnu.org/onlinedocs/cpp/Header-Files.html
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h b/IDE/PlatformIO/examples/wolfssl_test/include/main.h
similarity index 78%
rename from IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h
rename to IDE/PlatformIO/examples/wolfssl_test/include/main.h
index 1de6f0f8b..52135d45e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/time_helper.h
+++ b/IDE/PlatformIO/examples/wolfssl_test/include/main.h
@@ -1,6 +1,6 @@
-#ifndef _TIME_HELPER_H
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* PlatformIO wolfssl_test main.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,15 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#ifndef _MAIN_H_
+#define _MAIN_H_
 
-#ifdef __cplusplus
-extern "C" {
 #endif
-
-int set_time(void);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* #ifndef _TIME_HELPER_H */
diff --git a/IDE/PlatformIO/examples/wolfssl_test/lib/README b/IDE/PlatformIO/examples/wolfssl_test/lib/README
new file mode 100644
index 000000000..a10cadebe
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/lib/README
@@ -0,0 +1,46 @@
+
+This directory is intended for project specific (private) libraries.
+PlatformIO will compile them to static libraries and link into executable file.
+
+The source code of each library should be placed in an own separate directory
+("lib/your_library_name/[here are source files]").
+
+For example, see a structure of the following two libraries `Foo` and `Bar`:
+
+|--lib
+|  |
+|  |--Bar
+|  |  |--docs
+|  |  |--examples
+|  |  |--src
+|  |     |- Bar.c
+|  |     |- Bar.h
+|  |  |- library.json (optional, custom build options, etc) https://docs.platformio.org/page/librarymanager/config.html
+|  |
+|  |--Foo
+|  |  |- Foo.c
+|  |  |- Foo.h
+|  |
+|  |- README --> THIS FILE
+|
+|- platformio.ini
+|--src
+   |- main.c
+
+and a contents of `src/main.c`:
+```
+#include <Foo.h>
+#include <Bar.h>
+
+int main (void)
+{
+  ...
+}
+
+```
+
+PlatformIO Library Dependency Finder will find automatically dependent
+libraries scanning project source files.
+
+More information about PlatformIO Library Dependency Finder
+- https://docs.platformio.org/page/librarymanager/ldf.html
diff --git a/IDE/PlatformIO/examples/wolfssl_test/platformio.ini b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini
new file mode 100644
index 000000000..538257631
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini
@@ -0,0 +1,42 @@
+; PlatformIO Project Configuration File
+;
+;   Build options: build flags, source filter
+;   Upload options: custom upload port, speed and extra flags
+;   Library options: dependencies, extra library storages
+;   Advanced options: extra scripting
+;
+; Please visit documentation for the other options and examples
+; https://docs.platformio.org/page/projectconf.html
+
+;
+; To ensure that you are always using the newest version of a library:
+; lib_deps = wolfssl/wolfSSL@*
+;
+; If you want to stay within a certain range of versions while still
+; getting updates, you can use semantic versioning to specify an acceptable
+; range. For example, to get any version in the 5.x.x series:
+; lib_deps = wolfssl/wolfSSL@^5.0.0
+;
+; If you specifically want to ensure that you always get the latest version
+; that matches 5.7.0 or newer, you could use:
+; lib_deps = wolfssl/wolfSSL@>=5.7.0
+;
+; If you want to test drive previews, see the staging versions:
+;   https://registry.platformio.org/search?q=owner%3Awolfssl-staging
+;
+; lib_deps = wolfssl-staging/wolfSSL@^5.7.0-test.rev03
+;
+; The regular release of wolfssl (yes there's a case difference from staging')
+;
+; lib_deps = wolfssl/wolfssl@^5.7.0-rev.3c
+
+[env:esp32dev]
+platform = espressif32
+board = esp32dev
+framework = espidf
+upload_port = COM19
+monitor_port = COM19
+monitor_speed = 115200
+build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32
+monitor_filters = direct
+lib_deps = wolfssl/wolfssl@^5.7.2
diff --git a/IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults b/IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults
new file mode 100644
index 000000000..2a5ad756d
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults
@@ -0,0 +1,98 @@
+# sdkconfig.defaults for ESP8266 + ESP32
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+CONFIG_BENCH_ARGV="-lng 0"
+CONFIG_FREERTOS_HZ=1000
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+
+#
+# Default main stack size. See user_settings.h
+#
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+
+# Legacy stack size for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+#
+# Compiler options
+#
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
+CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
+CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
+CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
+CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
+CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
+
+#
+# Partition Table
+#
+# CONFIG_PARTITION_TABLE_SINGLE_APP is not set
+CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y
+# CONFIG_PARTITION_TABLE_TWO_OTA is not set
+# CONFIG_PARTITION_TABLE_CUSTOM is not set
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp_large.csv"
+CONFIG_PARTITION_TABLE_OFFSET=0x8000
+CONFIG_PARTITION_TABLE_MD5=y
+# end of Partition Table
diff --git a/IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt b/IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt
new file mode 100644
index 000000000..ab3ad38f1
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt
@@ -0,0 +1,6 @@
+# This file was automatically generated for projects
+# without default 'CMakeLists.txt' file.
+
+FILE(GLOB_RECURSE app_sources ${CMAKE_SOURCE_DIR}/src/*.*)
+
+idf_component_register(SRCS ${app_sources})
diff --git a/IDE/PlatformIO/examples/wolfssl_test/src/main.c b/IDE/PlatformIO/examples/wolfssl_test/src/main.c
new file mode 100644
index 000000000..fbe92ba99
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/src/main.c
@@ -0,0 +1,48 @@
+/* PlatformIO wolfssl_test main.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include "main.h"
+
+#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_ESPIDF
+    #include <esp_log.h>
+    #include <rtc_wdt.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#endif
+
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfcrypt/test/test.h>
+
+#define TAG "wolfSSL demo"
+
+void app_main() {
+    int ret = 0;
+#ifdef WOLFSSL_ESPIDF
+    ESP_LOGI(TAG, "Found WOLFSSL_ESPIDF!");
+#endif
+    printf("Hello World wolfSSL Version %s\n", LIBWOLFSSL_VERSION_STRING);
+
+#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_ESPIDF)
+    esp_ShowExtendedSystemInfo();
+#endif
+    ret = wolf_test_task();
+    printf("\nwolf_test_task complete! result code: %d\n", ret);
+}
diff --git a/IDE/PlatformIO/examples/wolfssl_test/test/README b/IDE/PlatformIO/examples/wolfssl_test/test/README
new file mode 100644
index 000000000..b0416ad8b
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/test/README
@@ -0,0 +1,11 @@
+
+This directory is intended for PlatformIO Test Runner and project tests.
+
+Unit Testing is a software testing method by which individual units of
+source code, sets of one or more MCU program modules together with associated
+control data, usage procedures, and operating procedures, are tested to
+determine whether they are fit for use. Unit testing finds problems early
+in the development cycle.
+
+More information about PlatformIO Unit Testing:
+- https://docs.platformio.org/en/latest/advanced/unit-testing/index.html
diff --git a/IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace b/IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace
new file mode 100644
index 000000000..85bc4e058
--- /dev/null
+++ b/IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace
@@ -0,0 +1,14 @@
+{
+	"folders": [
+		{
+			"name": "wolfssl_test",
+			"path": "."
+		}
+	],
+	"settings": {
+		"files.associations": {
+			"settings.h": "c",
+			"sdkconfig.h": "c"
+		}
+	}
+}
diff --git a/IDE/PlatformIO/include.am b/IDE/PlatformIO/include.am
new file mode 100644
index 000000000..6a92d8991
--- /dev/null
+++ b/IDE/PlatformIO/include.am
@@ -0,0 +1,41 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+#
+# NOTE: append_wolfssl_git_version.sh is not included as the
+#       distribution file set will not contain GitHub info
+#
+# see: https://github.com/wolfSSL/wolfssl/pull/5955
+#
+# Don't list any config.h files here
+
+EXTRA_DIST+= IDE/PlatformIO/README.md
+
+EXTRA_DIST+= IDE/PlatformIO/examples/README.md
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_platformio.code-workspace
+
+# wolfssl_benchmark example
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/CMakeLists.txt
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/README.md
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/sdkconfig.defaults
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/wolfssl_benchmark.code-workspace
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/include/README
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/lib/README
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/src/CMakeLists.txt
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_benchmark/test/README
+
+# wolfssl_test example
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/CMakeLists.txt
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/platformio.ini
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/README.md
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/sdkconfig.defaults
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/wolfssl_test.code-workspace
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/include/main.h
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/include/README
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/lib/README
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/src/CMakeLists.txt
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/src/main.c
+EXTRA_DIST+= IDE/PlatformIO/examples/wolfssl_test/test/README
diff --git a/IDE/QNX/README.md b/IDE/QNX/README.md
index fb79abf6b..4a283f158 100644
--- a/IDE/QNX/README.md
+++ b/IDE/QNX/README.md
@@ -17,7 +17,7 @@ source ~/qnx700/qnxsdp-env.sh
 make
 ```
 
-Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permissions. Once wolfCrypt is running on the device with root permissions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.  
+Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permissions. Once wolfCrypt is running on the device with root permissions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.
 
 ### Momentics
 To build in momentics IDE:
diff --git a/IDE/QNX/example-client/client-tls.c b/IDE/QNX/example-client/client-tls.c
index 27e56e343..a6527a8fa 100644
--- a/IDE/QNX/example-client/client-tls.c
+++ b/IDE/QNX/example-client/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c
index f72277e9d..eb7e4149e 100644
--- a/IDE/QNX/example-cmac/cmac-test.c
+++ b/IDE/QNX/example-cmac/cmac-test.c
@@ -1,6 +1,6 @@
 /* cmac-test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,13 +41,13 @@ static int createTag(const byte* key, int keySz, byte* msg, int msgSz,
         byte* msg2, int msg2Sz)
 {
     Cmac cmac;
-    byte tag[AES_BLOCK_SIZE];
+    byte tag[WC_AES_BLOCK_SIZE];
     word32 i, tagSz;
     byte out[48];
     word32 outSz;
 
     XMEMSET(tag, 0, sizeof(tag));
-    tagSz = AES_BLOCK_SIZE;
+    tagSz = WC_AES_BLOCK_SIZE;
 
     outSz = 48;
     wc_caamCoverKey((byte*)key, keySz, out, &outSz, 0);
diff --git a/IDE/QNX/example-server/server-tls.c b/IDE/QNX/example-server/server-tls.c
index 6c2a9f1f4..203a3dd5d 100644
--- a/IDE/QNX/example-server/server-tls.c
+++ b/IDE/QNX/example-server/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/README.md b/IDE/RISCV/SIFIVE-HIFIVE1/README.md
index 5e1183dea..5b3f3ed89 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/README.md
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/README.md
@@ -44,7 +44,7 @@ The `IDE/RISCV/SIFIVE-HIFIVE1/main.c` example application provides a function to
   $ export WOLFSSL_SRC_DIR=~/wolfssl
 ```
 
-5. Setup your riscv64 compiler 
+5. Setup your riscv64 compiler
 
 ```
   $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
@@ -64,7 +64,7 @@ You can build from source or create a static library.
   $ cd freedom-e-sdk
   $ make PROGRAM=wolfcrypt TARGET=sifive-hifive1-revb CONFIGURATION=debug clean software upload
 ```
-This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets. 
+This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets.
 
 Review the test results on the target console.
 
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/main.c b/IDE/RISCV/SIFIVE-HIFIVE1/main.c
index ff0488956..d9abefdc4 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/main.c
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,7 +35,7 @@
 
 #ifndef NO_CRYPT_BENCHMARK
 
-/*-specs=nano.specs doesn’t include support for floating point in printf()*/
+/*-specs=nano.specs doesn't include support for floating point in printf()*/
 asm (".global _printf_float");
 
 #ifndef RTC_FREQ
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
index e0a4a9077..9c17a34e2 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -397,6 +397,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/RISCV/SIFIVE-UNLEASHED/README.md b/IDE/RISCV/SIFIVE-UNLEASHED/README.md
index 64f88ae81..c2e1c1ba6 100644
--- a/IDE/RISCV/SIFIVE-UNLEASHED/README.md
+++ b/IDE/RISCV/SIFIVE-UNLEASHED/README.md
@@ -6,7 +6,7 @@ Instructions for cross-compiling and running wolfSSL on the HiFive Unleashed boa
 
 SiFive Freedom U540 SoC at 1.5GHz
 
-Getting started guide: 
+Getting started guide:
 https://sifive.cdn.prismic.io/sifive%2Ffa3a584a-a02f-4fda-b758-a2def05f49f9_hifive-unleashed-getting-started-guide-v1p1.pdf
 
 Make sure your ethernet is attached and power up board. You can connecct the micro-usb to get a UART console that will display the DHCP IP address. Default user is "root" and login password is "sifive".
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/README.md b/IDE/ROWLEY-CROSSWORKS-ARM/README.md
index beb941645..fc305b631 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/README.md
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/README.md
@@ -4,11 +4,11 @@ This directory contains a CrossWorks solution named wolfssl.hzp.
 
 Inside are three projects:
 
-1. libwolfssl: 
+1. libwolfssl:
 This generates a library file named "libwolfssl_ARM_Debug/libwolfssl_v7em_t_le_eabi.a"
-2. benchmark: 
+2. benchmark:
 This is a sample benchmark application. It runs the "benchmark_test" suite repeatedly until a failure occurs.
-3. test: 
+3. test:
 This is a sample test application. It runs "wolfcrypt_test" suite suite repeatedly until a failure occurs.
 
 # Prerequisites
@@ -21,7 +21,7 @@ All hardware functions are defined in `kinetis_hw.c` and are currently setup for
 
 To create support for a new ARM microcontroller the functions in `hw.h` will need to be implemented.
 
-Also you will need to configure the ARM Architecture and ARM Core Type in the "Solution Properties" -> "ARM". 
+Also you will need to configure the ARM Architecture and ARM Core Type in the "Solution Properties" -> "ARM".
 Also the "Target Processor" in each of the projects ("Project Properties" -> "Target Processor")
 
 ## Hardware Crypto Acceleration
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
index 2e1d7707b..c8ac4d21b 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
@@ -1,6 +1,6 @@
 /* arm_startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
index e95059e9e..333e73df6 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
index 562612692..27c9e0abb 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
@@ -1,6 +1,6 @@
 /* kinetis_hw.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
index bfd53ff70..e4f04784d 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
@@ -1,6 +1,6 @@
 /* retarget.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
index 1f6339d90..1a3d117e4 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/strings.h b/IDE/Renesas/cs+/Projects/common/strings.h
index 030e4ffad..7cbc78770 100644
--- a/IDE/Renesas/cs+/Projects/common/strings.h
+++ b/IDE/Renesas/cs+/Projects/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/unistd.h b/IDE/Renesas/cs+/Projects/common/unistd.h
index d288552e6..ec6e32ec9 100644
--- a/IDE/Renesas/cs+/Projects/common/unistd.h
+++ b/IDE/Renesas/cs+/Projects/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/user_settings.h b/IDE/Renesas/cs+/Projects/common/user_settings.h
index 5e0d37536..3d923a2cf 100644
--- a/IDE/Renesas/cs+/Projects/common/user_settings.h
+++ b/IDE/Renesas/cs+/Projects/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,11 +25,11 @@
 #define NO_DEV_RANDOM
 #define USE_CERT_BUFFERS_2048
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define WOLFSSL_LOG_PRINTF
 #define NO_WOLFSSL_STUB
-#define NO_DYNAMIC_ARRAY       /* for compilers not allowed dynamic size array */ 
+#define NO_DYNAMIC_ARRAY      /* for compilers not allowed dynamic size array */
 #define WOLFSSL_SMALL_STACK
 #define WOLFSSL_DH_CONST
 
diff --git a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
index 8feffe8f3..90f724e65 100644
--- a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
+++ b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,10 +51,10 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz)
             return 1;
         }
     }
-    return 0;	
+    return 0;
 }
-    
-void abort(void) 
+
+void abort(void)
 {
     while(1);
 }
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
index d03d44371..deeec5c61 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
+++ b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
@@ -1,71 +1,71 @@
-wolfSSL/AlphaProjectƒ{�[ƒhƒfƒ‚�@ƒZƒbƒgƒAƒbƒvƒKƒCƒh
+wolfSSL/AlphaProjectボードデモ　セットアップガイド
 
-‚±‚̃fƒ‚‚͈ȉº‚̊‹«‚ŃeƒXƒg‚µ‚Ä‚¢‚Ü‚·�B
+��デモ�以下�環境�テスト�����。
 
   Renesas : CS+ v6.01, v8.01
   Board   : AP-RX71M-0A
   wolfSSL : 3.15.3, 4.0.0
 
-ƒZƒbƒgƒAƒbƒvŽè�‡�F
+セットアップ手順：
 
-‚P�Dƒ\ƒtƒgƒEƒFƒA‚Ì“üŽè
-�@- APƒ{�[ƒh•t‘®‚̃\ƒtƒgƒEƒFƒAˆêŽ®‚ð“K“–‚ȃtƒHƒ‹ƒ_�[‰º‚ɉ𓀂µ‚Ü‚·�B
-�@- “¯‚¶ƒtƒHƒ‹ƒ_�[‰º‚ÉwolfsslˆêŽ®‚ð‰ð“€‚µ‚Ü‚·�B
+１．ソフトウェア�入手
+　- APボード付属�ソフトウェア一�を�当�フォルダー下�解����。
+　- ��フォルダー下�wolfssl一�を解����。
 
-‚Q�DwolfSSL‚̃ZƒbƒgƒAƒbƒv
-�@- CS+‚É‚Äwolfssl\IDE\Renesas\cs+\Project‰º‚Ìwolfssl\wolfssl_lib.mtpj‚ðŠJ‚«
-�@�@wolfSSLƒ‰ƒCƒuƒ‰ƒŠ�[‚̃rƒ‹ƒh‚ð‚µ‚Ü‚·�B
-�@- “¯‚¶ƒtƒHƒ‹ƒ_‚̉º‚Ìt4_demo.mtpj‚ðŠJ‚«�Aƒfƒ‚ƒvƒ�ƒOƒ‰ƒ€‚̃rƒ‹ƒh‚ð‚µ‚Ü‚·�B
-�@‚±‚̃vƒ�ƒOƒ‰ƒ€‚àƒ‰ƒCƒuƒ‰ƒŠ�[Œ`Ž®‚Ńrƒ‹ƒh‚³‚ê‚Ü‚·�B
+２．wolfSSL�セットアップ
+　- CS+��wolfssl¥IDE¥Renesas¥cs+¥Project下�wolfssl¥wolfssl_lib.mtpjを開�
+　　wolfSSLライブラリー�ビルドを���。
+　- ��フォルダ�下�t4_demo.mtpjを開��デモプログラム�ビルドを���。
+　��プログラムもライブラリー形��ビルド�れ��。
 
-‚R�DAlphaProject‘¤‚̃ZƒbƒgƒAƒbƒv
+３．AlphaProject��セットアップ
   
-  !!** ƒTƒ“ƒvƒ‹ƒvƒ�ƒOƒ‰ƒ€ v2.0 ‚ðŽg—p‚·‚é�ê�‡‚Í�A_ether_ => _usbfunc_ **!!
-  !!** ‚Æ’u‚«Š·‚¦‚Ä‚­‚¾‚³‚¢                                           **!!
+  !!** サンプルプログラム v2.0 を使用�る場���_ether_ => _usbfunc_ **!!
+  !!** �置��������                                           **!!
 
-�@ƒfƒ‚‚Íap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_csƒtƒHƒ‹ƒ_‰º‚Ì
-�@ap_rx71m_0a_ether_sample_cs.mtpjƒvƒ�ƒWƒFƒNƒg‚ð—˜—p‚µ‚Ü‚·�B
-�@
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs\srcƒtƒHƒ‹ƒ_‰º‚Ì
-�@AP_RX71M_0A.cƒtƒ@ƒCƒ‹‚ðŠJ‚«�A
-�@‚X‚V�s–Ú‚Ìecho_srv_init()‚̉º‚ÉwolfSSL_init()‚ð‘}“ü‚µ‚Ü‚·�B
+　デモ�ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_csフォルダ下�
+　ap_rx71m_0a_ether_sample_cs.mtpjプロジェクトを利用���。
+　
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_cs¥srcフォルダ下�
+　AP_RX71M_0A.cファイルを開��
+　９７行目�echo_srv_init()�下�wolfSSL_init()を挿入���。
 
 ===
         sci_init();
         can_init();
         echo_srv_init();
-        wolfSSL_init(); <- ‚±‚Ì�s‚ð‘}“ü
+        wolfSSL_init(); <- ��行を挿入
 ===
 
-!!** ƒTƒ“ƒvƒ‹ƒvƒ�ƒOƒ‰ƒ€ v2.0 ‚ðŽg—p‚·‚é�ê�‡‚Í�A‰º‹L                   **!!
+!!** サンプルプログラム v2.0 を使用�る場���下記                   **!!
 ===
         CanInit();
         SciInit();
         EthernetAppInit();
         UsbfInit();
-        wolfSSL_init(); <- ‚±‚Ì�s‚ð‘}“ü
+        wolfSSL_init(); <- ��行を挿入
 ===
 !!**********************************************************************!!
 
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs\src\smc_gen\r_bsp_config.h
-�@‚ðŠJ‚«�AƒXƒ^ƒbƒNƒTƒCƒY‚ƃq�[ƒvƒTƒCƒY‚ðˆÈ‰º‚̂悤‚É�ݒ肵‚Ü‚·�B
-�@
-�@120�s–Ú #pragma stacksize su=0x2000
-�@139�s–Ú #define BSP_CFG_HEAP_BYTES  (0xa000)
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_cs¥src¥smc_gen¥r_bsp_config.h
+　を開��スタックサイズ�ヒープサイズを以下�よ��設定���。
+　
+　120行目 #pragma stacksize su=0x2000
+　139行目 #define BSP_CFG_HEAP_BYTES  (0xa000)
 
-!!** ƒTƒ“ƒvƒ‹ƒvƒ�ƒOƒ‰ƒ€ v2.0 ‚ðŽg—p‚·‚é�ê�‡‚Í�A‰º‹L                   **!!
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_usbfunc_sample_cs\src\smc_gen\r_bsp_config.h
-�@‚ðŠJ‚«�AƒXƒ^ƒbƒNƒTƒCƒY‚ƃq�[ƒvƒTƒCƒY‚ðˆÈ‰º‚̂悤‚É�ݒ肵‚Ü‚·�B
-�@154�s–Ú #pragma stacksize su=0x2000
-�@175�s–Ú #define BSP_CFG_HEAP_BYTES  (0xa000)
+!!** サンプルプログラム v2.0 を使用�る場���下記                   **!!
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_usbfunc_sample_cs¥src¥smc_gen¥r_bsp_config.h
+　を開��スタックサイズ�ヒープサイズを以下�よ��設定���。
+　154行目 #pragma stacksize su=0x2000
+　175行目 #define BSP_CFG_HEAP_BYTES  (0xa000)
 !!**********************************************************************!!
 
-�@- IPƒAƒhƒŒƒX‚̃fƒtƒHƒ‹ƒg’l‚͈ȉº‚̂悤‚É‚È‚Á‚Ä‚¢‚Ü‚·�B
-�@•K—v‚ª‚ ‚ê‚Î�ASample\ap_rx71m_0a_ether_sample_cs\src\r_t4_rx\src\config_tcpudp.c
-�@“à‚Ì139�s–Ú‚©‚ç‚Ì’è‹`‚ð•Ï�X‚µ‚Ü‚·�B
-�@!!** ƒTƒ“ƒvƒ‹ƒvƒ�ƒOƒ‰ƒ€ v2.0 ‚ðŽg—p‚·‚é�ê�‡‚Í�A‰º‹L                   **!!
-  Sample\ap_rx71m_0a_usbfunc_sample_cs\src\tcp_sample\src\config_tcpudp.c
-  “à‚Ì166�s–Ú‚©‚ç‚Ì’è‹`‚ð•Ï�X‚µ‚Ü‚·�B
+　- IPアドレス�デフォルト値�以下�よ��������。
+　必���れ��Sample¥ap_rx71m_0a_ether_sample_cs¥src¥r_t4_rx¥src¥config_tcpudp.c
+　内�139行目�ら�定義を変更���。
+　!!** サンプルプログラム v2.0 を使用�る場���下記                   **!!
+  Sample¥ap_rx71m_0a_usbfunc_sample_cs¥src¥tcp_sample¥src¥config_tcpudp.c
+  内�166行目�ら�定義を変更���。
   !!**********************************************************************!!
 
 ===
@@ -75,74 +75,74 @@ wolfSSL/AlphaProject
 ===
 
 
-�@- CS+‚Åap_rx71m_0a_ether_sample_cs.mtpjƒvƒ�ƒWƒFƒNƒg‚ðŠJ‚«�AwolfSSL‚ƃfƒ‚ƒ‰ƒCƒuƒ‰ƒŠ‚ð
-�@“o˜^‚µ‚Ü‚·�BCC-RX(ƒrƒ‹ƒhƒc�[ƒ‹)->ƒŠƒ“ƒN�EƒIƒvƒVƒ‡ƒ“ƒ^ƒu->Žg—p‚·‚郉ƒCƒuƒ‰ƒŠ‚É
-�@ˆÈ‰º‚Ì“ñ‚‚̃tƒ@ƒCƒ‹‚ð“o˜^‚µ‚Ü‚·�B
-�@wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
-�@wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib
+　- CS+�ap_rx71m_0a_ether_sample_cs.mtpjプロジェクトを開��wolfSSL�デモライブラリを
+　登録���。CC-RX(ビルドツール)->リンク・オプションタブ->使用�るライブラリ�
+　以下�二��ファイルを登録���。
+　wolfssl¥IDE¥Renesas¥cs+¥Projects¥wolfssl_lib¥DefaultBuild¥wolfssl_lib.lib
+　wolfssl¥IDE¥Renesas¥cs+¥Projects¥t4_demo¥DefaultBuild¥t4_demo.lib
 
-- CC-RX(ƒrƒ‹ƒhƒc�[ƒ‹)->ƒ‰ƒCƒuƒ‰ƒŠ�[ƒWƒFƒlƒŒ�[ƒVƒ‡ƒ“ƒ^ƒu->ƒ‰ƒCƒuƒ‰ƒŠ�[�\�¬‚ð�uC99�v‚É�A
-ctype.h‚ð—LŒø‚É‚·‚é‚ð�u‚Í‚¢�v‚É�ݒ肵‚Ü‚·�B
+- CC-RX(ビルドツール)->ライブラリージェ�レーションタブ->ライブラリー構�を「C99���
+ctype.hを有効��るを「����設定���。
 
-�@- ƒvƒ�ƒWƒFƒNƒg‚̃rƒ‹ƒh�Aƒ^�[ƒQƒbƒg‚ւ̃_ƒEƒ“ƒ��[ƒh‚ð‚µ‚½‚Ì‚¿�A•\Ž¦->ƒfƒoƒbƒO�EƒRƒ“ƒ\�[ƒ‹
-�@‚©‚çƒRƒ“ƒ\�[ƒ‹‚ð•\Ž¦‚³‚¹‚Ü‚·�BŽÀ�s‚ðŠJŽn‚·‚é‚ƃRƒ“ƒ\�[ƒ‹‚Ɉȉº‚Ì•\Ž¦‚ª�o—Í‚³‚ê‚Ü‚·�B
-�@
+　- プロジェクト�ビルド�ターゲット��ダウンロードを�����表示->デ�ッグ・コンソール
+　�らコンソールを表示����。実行を開始�る�コンソール�以下�表示�出力�れ��。
+　
 ===
-�@wolfSSL Demo
+　wolfSSL Demo
 t: test, b: benchmark, s: server, or c <IP addr> <Port>: client
 $
 ===
 
-tƒRƒ}ƒ“ƒh�FŠeˆÃ�†‰»ƒAƒ‹ƒSƒŠƒYƒ€‚ÌŠÈ’P‚ȃeƒXƒg‚ðŽÀ�s‚µ‚Ü‚·�B�Š—v‚̃Aƒ‹ƒSƒŠƒYƒ€‚ª
-�@‘g‚Ý�ž‚Ü‚ê‚Ä‚¢‚é‚©Šm”F‚·‚邱‚Æ‚ª‚Å‚«‚Ü‚·�B‘g‚Ý�ž‚ÞƒAƒ‹ƒSƒŠƒYƒ€‚̓rƒ‹ƒhƒIƒvƒVƒ‡ƒ“
-�@‚Å•Ï�X‚·‚邱‚Æ‚ª‚Å‚«‚Ü‚·�B�Ú‚µ‚­‚̓†�[ƒUƒ}ƒjƒ…ƒAƒ‹‚ðŽQ�Æ‚µ‚Ä‚­‚¾‚³‚¢�B
-bƒRƒ}ƒ“ƒh�FŠeˆÃ�†ƒAƒ‹ƒSƒŠƒYƒ€‚²‚Æ‚ÌŠÈ’P‚ȃxƒ“ƒ`ƒ}�[ƒN‚ðŽÀ�s‚µ‚Ü‚·�B
-sƒRƒ}ƒ“ƒh�FŠÈ’P‚ÈTLSƒT�[ƒo‚ð‹N“®‚µ‚Ü‚·�B‹N“®‚·‚é‚ƃrƒ‹ƒhŽž‚ÌIPƒAƒhƒŒƒX�A
-�@ƒ|�[ƒg50000‚É‚ÄTLS�Ú‘±‚ð‘Ò‚¿‚Ü‚·�B
-cƒRƒ}ƒ“ƒh�FŠÈ’P‚ÈTLSƒNƒ‰ƒCƒAƒ“ƒg‚ð‹N“®‚µ‚Ü‚·�B‹N“®‚·‚é‚Æ‘æˆêƒA�[ƒMƒ…ƒ�ƒ“ƒg‚ÅŽw’肳‚ꂽ
-�@IPƒAƒhƒŒƒX�A‘æ“ñƒA�[ƒMƒ…ƒ�ƒ“ƒg‚ÅŽw’肳‚ꂽƒ|�[ƒg‚ɑ΂µ‚ÄTLS�Ú‘±‚µ‚Ü‚·�B
+tコマンド：�暗�化アルゴリズム�簡��テストを実行���。所��アルゴリズム�
+　組�込�れ��る�確��る�������。組�込むアルゴリズム�ビルドオプション
+　�変更�る�������。詳���ユーザマニュアルを�照������。
+bコマンド：�暗�アルゴリズム���簡��ベン�マークを実行���。
+sコマンド：簡��TLSサー�を起動���。起動�る�ビルド時�IPアドレス�
+　�ート50000��TLS接続を待���。
+cコマンド：簡��TLSクライアントを起動���。起動�る�第一アーギュメント�指定�れ�
+　IPアドレス�第二アーギュメント�指定�れ��ート�対��TLS接続���。
 
-‚¢‚¸‚ê‚̃Rƒ}ƒ“ƒh‚à‚P‰ñ‚Ì‚ÝŽÀ�s‚µ‚Ü‚·�BŒJ‚è•Ô‚µŽÀ�s‚µ‚½‚¢�ê�‡‚Í�AMPU‚ðƒŠƒZƒbƒg‚µ‚Ä
-�Ä‹N“®‚µ‚Ü‚·�B
+��れ�コマンドも１回��実行���。繰り返�実行���場���MPUをリセット��
+�起動���。
 
-‚S�D‘ÎŒüƒeƒXƒg
-�@ƒfƒ‚‚Ì‚“�A‚ƒƒRƒ}ƒ“ƒh‚ðŽg‚Á‚Ä�A‘¼‚Ì‹@Ší‚ÆŠÈ’P‚È‘ÎŒüƒeƒXƒg‚ð‚·‚é‚±‚Æ‚ª‚Å‚«‚Ü‚·�B
-�@Ubuntu‚È‚Ç‚ÌGCC, makeŠÂ‹«�AWindows‚ÌVisual Studio‚È‚Ç‚Å
-�@‘ÎŒüƒeƒXƒg—p‚̃T�[ƒo�AƒNƒ‰ƒCƒAƒ“ƒg‚ðƒrƒ‹ƒh‚·‚邱‚Æ‚ª‚Å‚«‚Ü‚·�B
+４．対�テスト
+　デモ�ｓ�ｃコマンドを使���他�機器�簡��対�テストを�る�������。
+　Ubuntu���GCC, make環境�Windows�Visual Studio���
+　対�テスト用�サー��クライアントをビルド�る�������。
 
-�@GCC,makeƒRƒ}ƒ“ƒhŠÂ‹«‚Å‚Í�Aƒ_ƒEƒ“ƒ��[ƒh‰ð“€‚µ‚½wolfssl‚̃fƒBƒŒƒNƒgƒŠ‰º‚ňȉº‚Ì
-�@ƒRƒ}ƒ“ƒh‚ð”­�s‚·‚é‚Æ�Aƒ‰ƒCƒuƒ‰ƒŠ�AƒeƒXƒg—p‚̃Nƒ‰ƒCƒAƒ“ƒg�AƒT�[ƒo‚ȂLjꎮ‚ªƒrƒ‹ƒh
-�@‚³‚ê‚Ü‚·�B
-�@
-�@$ ./configure
-�@$ make check
-�@
-�@‚»‚ÌŒã�AˆÈ‰º‚̂悤‚ÈŽw’è‚ŃNƒ‰ƒCƒAƒ“ƒg‚Ü‚½‚̓T�[ƒo‚ð‹N“®‚µ‚Ä�Aƒ{�[ƒh�ã‚Ì
-�@ƒfƒ‚‚Æ‘ÎŒüƒeƒXƒg‚·‚邱‚Æ‚ª‚Å‚«‚Ü‚·�B
-�@
-�@PC‘¤�F
-�@$ ./examples/server/server -b -d
-�@ƒ{�[ƒh‘¤�F
-�@�@> c <IPƒAƒhƒŒƒX> 11111
+　GCC,makeコマンド環境���ダウンロード解���wolfssl�ディレクトリ下�以下�
+　コマンドを発行�る��ライブラリ�テスト用�クライアント�サー���一��ビルド
+　�れ��。
+　
+　$ ./configure
+　$ make check
+　
+　��後�以下�よ��指定�クライアント���サー�を起動���ボード上�
+　デモ�対�テスト�る�������。
+　
+　PC�：
+　$ ./examples/server/server -b -d
+　ボード�：
+　　> c <IPアドレス> 11111
 
-�@ƒ{�[ƒh‘¤�F
-�@�@> s
-�@PC‘¤�F�@
-�@$ ./examples/client/client -h <IPƒAƒhƒŒƒX> -p 50000
-�@
-�@
-�@Windows‚ÌVisual Studio‚Å‚Í�Aƒ_ƒEƒ“ƒ��[ƒh‰ð“€‚µ‚½wolfsslƒtƒHƒ‹ƒ_‰º‚Ìwolfssl64.sln
-�@‚ðŠJ‚«�Aƒ\ƒŠƒ…�[ƒVƒ‡ƒ“‚ðƒrƒ‹ƒh‚µ‚Ü‚·�BDebugƒtƒHƒ‹ƒ_‰º‚Ƀrƒ‹ƒh‚³‚ê‚éclient.exe‚Æ
-�@server.exe‚ð—˜—p‚µ‚Ü‚·�B
-�@
-  PC‘¤�F
-�@Debug> .\server -b -d
-�@ƒ{�[ƒh‘¤�F
-�@�@> c <IPƒAƒhƒŒƒX> 11111
+　ボード�：
+　　> s
+　PC�：　
+　$ ./examples/client/client -h <IPアドレス> -p 50000
+　
+　
+　Windows�Visual Studio���ダウンロード解���wolfsslフォルダ下�wolfssl64.sln
+　を開��ソリューションをビルド���。Debugフォルダ下�ビルド�れるclient.exe�
+　server.exeを利用���。
+　
+  PC�：
+　Debug> .¥server -b -d
+　ボード�：
+　　> c <IPアドレス> 11111
 
-�@ƒ{�[ƒh‘¤�F
-�@�@> s
-�@PC‘¤�F
-�@Debug> .\client  -h <IPƒAƒhƒŒƒX> -p 50000
+　ボード�：
+　　> s
+　PC�：
+　Debug> .¥client  -h <IPアドレス> -p 50000
 
-ˆÈ�ã�A
\ No newline at end of file
+以上�
\ No newline at end of file
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
index e0d903644..ea2b7b311 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -104,12 +104,12 @@ WOLFSSL_CTX *wolfSSL_TLS_client_init()
     }
 
     #if !defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
+    if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != WOLFSSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){
+    if (wolfSSL_CTX_load_verify_buffer(ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return NULL;
     }
@@ -138,14 +138,14 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
     T_IPV4EP dst_addr;
 
     if(args->argc >= 2){
-	    if((dst_addr.ipaddr = getIPaddr(args->argv[1])) == 0){
-		printf("ERROR: IP address\n");
-	        return;
-	    }
-	    if((dst_addr.portno = getPort(args->argv[2])) == 0){
-		printf("ERROR: IP address\n");
-	        return;
-	    }
+        if((dst_addr.ipaddr = getIPaddr(args->argv[1])) == 0){
+            printf("ERROR: IP address\n");
+            return;
+        }
+        if((dst_addr.portno = getPort(args->argv[2])) == 0){
+            printf("ERROR: Port number\n");
+            return;
+        }
     }
 
     if((ercd = tcp_con_cep(cepid, &my_addr, &dst_addr, TMO_FEVR)) != E_OK) {
@@ -162,7 +162,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
     wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
     wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
 
-    if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
+    if(wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
         printf("ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
         return;
     }
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
index 3cffc7191..3c8ced1e5 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ static void timeTick(void *pdata)
 double current_time(int reset)
 {
       if(reset) tick = 0 ;
-      return ((double)tick/FREQ) ;	
+      return ((double)tick/FREQ) ;
 }
 
 #define ARG_SZ 256
@@ -50,10 +50,10 @@ static int get_arg(func_args *args)
     int i;
     char *arg = argBuff;
     args->argc = 0;
-    
+
     for(i=0; i<ARG_SZ; i++) {
         *arg = getchar();
-        
+
 	switch(*arg){
 	case '\n':
 	     *arg = '\0';
@@ -84,10 +84,10 @@ void wolfSSL_main()
 {
     int c;
     func_args args = {0};
-    
+
     printf("wolfSSL Demo\nt: test, b: benchmark, s: server, or c <IP addr> <Port>: client\n$ ");
     c = getchar();
-    
+
     switch(c) {
     case 't':
         get_arg(&args);
@@ -95,14 +95,14 @@ void wolfSSL_main()
         wolfcrypt_test(&args);
         printf("End wolfCrypt Test\n");
 	break;
-	
+
     case 'b':
         get_arg(&args);
         printf("Start wolfCrypt Benchmark\n");
         benchmark_test(NULL);
         printf("End wolfCrypt Benchmark\n");
 	break;
-	
+
     case 'c':
         if(get_arg(&args) < 0)
             break;
@@ -110,7 +110,7 @@ void wolfSSL_main()
 	wolfSSL_TLS_client(wolfSSL_cl_ctx, &args);
         printf("End TLS Client\n");
 	break;
-	
+
     case 's':
         if(get_arg(&args) < 0)
             break;
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
index a86ff18c8..d4b4d63a1 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/test/test_main.c b/IDE/Renesas/cs+/Projects/test/test_main.c
index a1e00ef0a..30dfd4723 100644
--- a/IDE/Renesas/cs+/Projects/test/test_main.c
+++ b/IDE/Renesas/cs+/Projects/test/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,7 @@ void wolfcrypt_test(func_args args);
 void main(void)
 {
     func_args args = { 1 };
-  
+
     printf("Start wolfCrypt Test\n");
     wolfcrypt_test(args);
     printf("End wolfCrypt Test\n");
diff --git a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
index 705b53fc4..1c21ae2c8 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
index ea15ee4f1..ee8b55a68 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/DK-S7G2/user_settings.h b/IDE/Renesas/e2studio/DK-S7G2/user_settings.h
index 146f7020b..82f9e5e9a 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/user_settings.h
+++ b/IDE/Renesas/e2studio/DK-S7G2/user_settings.h
@@ -74,4 +74,7 @@
 #define HAVE_ED25519
 #define WOLFSSL_SHA512
 
+/* NETX Duo BSD manual lists the socket len type as an INT */
+#undef  XSOCKLENT
+#define XSOCKLENT int
 #endif
diff --git a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
index a05621331..ae4c09ff4 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/strings.h b/IDE/Renesas/e2studio/Projects/common/strings.h
index 030e4ffad..7cbc78770 100644
--- a/IDE/Renesas/e2studio/Projects/common/strings.h
+++ b/IDE/Renesas/e2studio/Projects/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/unistd.h b/IDE/Renesas/e2studio/Projects/common/unistd.h
index d288552e6..ec6e32ec9 100644
--- a/IDE/Renesas/e2studio/Projects/common/unistd.h
+++ b/IDE/Renesas/e2studio/Projects/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/user_settings.h b/IDE/Renesas/e2studio/Projects/common/user_settings.h
index a9cc84ac7..22cf28900 100644
--- a/IDE/Renesas/e2studio/Projects/common/user_settings.h
+++ b/IDE/Renesas/e2studio/Projects/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #define USE_CERT_BUFFERS_2048
 #define WOLFSSL_USER_CURRTIME
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define NO_FILESYSTEM
 #define WOLFSSL_LOG_PRINTF
diff --git a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
index b6b21e85b..76ead18ba 100644
--- a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.c b/IDE/Renesas/e2studio/Projects/test/src/key_data.c
index 8d06ccc1d..29ae72b0d 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.h b/IDE/Renesas/e2studio/Projects/test/src/key_data.h
index 5c58e3529..b2f649ddc 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/key_data.h
+++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/test_main.c b/IDE/Renesas/e2studio/Projects/test/src/test_main.c
index 5264faef2..a8cfc949b 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
index 37bcfbb84..24a14bdc4 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -117,12 +117,12 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
     }
 
     #if !defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
+    if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != WOLFSSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
     }
@@ -157,7 +157,7 @@ void wolfSSL_TLS_client( )
         return;
     }
     if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){
-        printf("ERROR: IP address\n");
+        printf("ERROR: Port number\n");
         return;
     }
 
@@ -175,7 +175,7 @@ void wolfSSL_TLS_client( )
     wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
     wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
 
-    if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
+    if(wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
         printf("ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
         return;
     }
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
index 645401777..a0c5ece8f 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -124,7 +124,7 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
@@ -138,20 +138,20 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
             wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
 #if !defined(NO_FILESYSTEM)
-            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
                                                                 != WOLFSSL_SUCCESS)
 #else
-            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
                                                sizeof_clicert,
                                                SSL_FILETYPE_ASN1) != SSL_SUCCESS)
 #endif
                 printf("can't load ca file, Please run from wolfSSL home dir\n");
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
index 385a5d7bd..30ae8f774 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh b/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
index d221e5428..c5256060d 100755
--- a/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
+++ b/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 function usage(){
     cat << _EOT_
@@ -7,7 +7,7 @@ function usage(){
 
     Description:
      Generate 2048 bit Rsa key pair and Display modulus and public exponent
-     
+
     Options:
       -g    generate rsa key pair, default on
       -s    only show modulus and public exponent
@@ -39,7 +39,7 @@ FLAG_S="off"
 
 if [ $FLAG_G = "on" ]; then
     # generate 2048bit Rsa private key
-    openssl genrsa 2048 2> /dev/null > private-key.pem 
+    openssl genrsa 2048 2> /dev/null > private-key.pem
     # expose public key
     openssl rsa -in private-key.pem -pubout -out public-key.pem 2> /dev/null
 fi
diff --git a/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl b/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl
index ca9074b20..42e547f24 100755
--- a/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl
+++ b/IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # genhexbuf.pl
 # Copyright (C) 2020 wolfSSL Inc.
diff --git a/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh b/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh
index 3c1f30032..5dde500e8 100755
--- a/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh
+++ b/IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 SIGOPT=rsa_padding_mode:pss
 SIGOPT2=rsa_pss_saltlen:-1
diff --git a/IDE/Renesas/e2studio/RA6M3/README.md b/IDE/Renesas/e2studio/RA6M3/README.md
index a1cc8b9e6..285d89799 100644
--- a/IDE/Renesas/e2studio/RA6M3/README.md
+++ b/IDE/Renesas/e2studio/RA6M3/README.md
@@ -67,7 +67,7 @@ The following steps explain how to generate the missing files and where to place
 |Thread Symbol|wolfssl_tst_thread|
 |Thread Name|wolf_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
diff --git a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
index 0a68c6565..43bf3b91d 100644
--- a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
+++ b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
@@ -84,9 +84,9 @@ The following steps explain how to generate the missing files and where to place
   (Click the drop-down arrow to the left of the project name.)
 + Select and Copy the following folders/files inside dummy_library
 
-    `ra/`  
-    `ra_gen/`  
-    `ra_cfg/`  
+    `ra/`
+    `ra_gen/`
+    `ra_cfg/`
     `script/`
 
 + Paste the copied folders/files into wolfSSL_RA6M3G
@@ -108,7 +108,7 @@ The following steps explain how to generate the missing files and where to place
 
 + Select and Copy the following folder inside dummy_app
 
-    `src/`  
+    `src/`
     `script/`
 
 + Paste the copied folders into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`
@@ -132,17 +132,17 @@ Right-Click each Project and select Build.
 
 ### Run wolfCrypt Test and Benchmark
 
-1.) Right-Click the Project name.  
-2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
-3.) Select J-Link ARM. Click OK.  
+1.) Right-Click the Project name.
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`
+3.) Select J-Link ARM. Click OK.
 4.) Select R7Fa6M3AH. Click OK.
 
 ### Run the wolfSSL TLS Server Example.
 
-1.) Right-Click the Project name.  
-2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
-3.) Select J-Link ARM. Click OK.  
-4.) Select R7Fa6M3AH. Click OK.  
+1.) Right-Click the Project name.
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`
+3.) Select J-Link ARM. Click OK.
+4.) Select R7Fa6M3AH. Click OK.
 5.) Run the following wolfSSL example client command inside the base of the wolfssl directory.
 
 ```
diff --git a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
index d3dc23a96..93a543711 100644
--- a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
+++ b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
@@ -83,9 +83,9 @@ wolfSSL �プロジェクトファイル��wolfSSL � wolfCrypt �両方
   プロジェクト�横��る矢�マークをクリック
 + `dummy_library` �以下�フォルダー�ファイルを�択
 
-    `ra/`  
-    `ra_gen/`  
-    `ra_cfg/`  
+    `ra/`
+    `ra_gen/`
+    `ra_cfg/`
     `script/`
 
 + �択��フォルダー�ファイルを `wolfSSL_RA6M3G`プロジェクト�貼り付�
@@ -110,7 +110,7 @@ wolfSSL �プロジェクトファイル��wolfSSL � wolfCrypt �両方
 
 + `dummy_app`�以下�フォルダーをコピー
 
-    `src/`  
+    `src/`
     `script/`
 
 + �択��フォルダーを`./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`�コピー
diff --git a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
index 0a850be47..6451ed757 100644
--- a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
index d2c1c815c..0fe5a10fd 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,7 +52,6 @@ void wolfssl_thread_entry(void *pvParameters) {
 
     /* FreeRTOS+TCP Objects */
     BaseType_t fr_status;
-    socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
 
@@ -93,7 +92,7 @@ void wolfssl_thread_entry(void *pvParameters) {
                                     FREERTOS_SOCK_STREAM,
                                     FREERTOS_IPPROTO_TCP);
     configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
-    FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xSize));
+    FreeRTOS_bind(xClientSocket, &xRemoteAddress, sizeof(xRemoteAddress));
 
     /* Client Socket Connect */
     ret = FreeRTOS_connect(xClientSocket,
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
index 701e4bd4b..6552c712d 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
index c45d55041..5ec3aae1d 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
+++ b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
@@ -1,6 +1,6 @@
 /* freertos_tcp_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
index 78f7cf86a..6adee0053 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,7 +50,6 @@
 #define HAVE_CHACHA
 #define HAVE_POLY1305
 #define HAVE_ECC
-#define HAVE_RSA
 #define HAVE_SHA256
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_TLS_EXTENSIONS
diff --git a/IDE/Renesas/e2studio/RA6M3/common/util.h b/IDE/Renesas/e2studio/RA6M3/common/util.h
index 036d4627d..cc69a8dc4 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/util.h
+++ b/IDE/Renesas/e2studio/RA6M3/common/util.h
@@ -1,6 +1,6 @@
 /* util.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
index 30006f63b..0d8f60830 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -151,7 +151,7 @@ void wolfssl_thread_entry(void *pvParameters) {
 
         /* Read the client data into our buff array */
         if (ret != WOLFSSL_SUCCESS) {
-            printf("Error [%d]: wolfSSL_set_fd.\n",ret);
+            printf("Error [%d]: wolfSSL_accept.\n",ret);
             break;
         }
         memset(buff, 0, sizeof(buff));
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
index 0907433e6..2645a25ef 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
index e7e4cb6ff..860ed4e03 100644
--- a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md
index 4ce63ab33..5afae2984 100644
--- a/IDE/Renesas/e2studio/RA6M4/README.md
+++ b/IDE/Renesas/e2studio/RA6M4/README.md
@@ -4,13 +4,13 @@ wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4)
 ## Description
 
 This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.
-The example projects include a wolfSSL TLS client. 
+The example projects include a wolfSSL TLS client.
 They also include benchmark and cryptography tests for the wolfCrypt library.
 
 
 The wolfssl project contains both the wolfSSL and wolfCrypt libraries.
 It is built as a `Renesas RA C Library Project` and contains the Renesas RA
-configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode` 
+configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode`
 as hardware acceleration for cypto and TLS operation.
 
 
@@ -24,27 +24,29 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Board|EK-RA6M4|
 |Device|R7FA6M4AF3CFB|
 |Toolchain|GCC ARM Embedded|
-|FSP Version|3.5.0|
+|FSP Version|5.4.0|
 
 #### Selected software components
 
 |Components|Version|
 |:--|:--|
-|Board Support Package Common Files|v3.6.0|
-|Secure Cryptography Engine on RA6 Protected Mode|v3.6.0|
-|I/O Port|v3.6.0|
-|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.6.0|
-|RA6M4-EK Board Support Files|v3.5.0|
-|Board support package for R7FA6M4AF3CFB|v3.6.0|
-|Board support package for RA6M4|v3.6.0|
-|Board support package for RA6M4 - FSP Data|v3.6.0|
-|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.6.0|
-|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.6.0|
-|r_ether to FreeRTOS+TCP Wrapper|v3.6.0|
-|Ethernet|v3.6.0|
-|Ethernet PHY|v3.6.0|
-|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.6.0|
-|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.6.0|
+|Board Support Package Common Files|v5.4.0|
+|Secure Cryptography Engine on RA6 Protected Mode|v5.4.0|
+|I/O Port|v5.4.0|
+|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.5.4.0|
+|RA6M4-EK Board Support Files|v5.4.0|
+|Board support package for R7FA6M4AF3CFB|v5.4.0|
+|Board support package for RA6M4 - Events|v5.4.0|
+|Board support package for RA6M4|v5.4.0|
+|Board support package for RA6M4 - FSP Data|v5.4.0|
+|FreeRTOS|v10.6.1+fsp.5.4.0|
+|FreeRTOS - Memory Management - Heap 4|v10.6.1+fsp.5.4.0|
+|r_ether to FreeRTOS+TCP Wrapper|v5.4.0|
+|Ethernet|v5.4.0|
+|Ethernet PHY|v5.4.0|
+|FreeRTOS+TCP|v4.0.0+fsp.5.4.0|
+|FreeRTOS - Buffer Allocation 2|v4.0.0+fsp.5.4.0|
+|FreeRTOS Port|v5.4.0|
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -72,7 +74,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Thread Symbol|sce_tst_thread|
 |Thread Name|sce_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
@@ -85,7 +87,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |:--|:--|
 |Network Events call vApplicationIPNetworkEventHook|Disable|
 |Use DHCP|Disable|
-  
+
 + Save `dummy_library` FSP configuration
 + Copy <u>configuration.xml</u> and pincfg under `dummy_library` to `wolfSSL_RA6M4`
 + Open Smart Configurator by clicking copied configuration.xml
@@ -105,7 +107,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + Copy the following folder and file at `dummy_application` to `test_RA6M4`\
   script/\
   src/sce_tst_thread_entry.c
-  
+
 + Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c
 ```
 ...
@@ -119,7 +121,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + Download J-Link software from [Segger](https://www.segger.com/downloads/jlink)
 + Choose `J-Link Software and Documentation Pack`
 + Copy sample program files below from `Installed SEGGER` folder, `e.g C:\Program Files\SEGGER\JLink\Samples\RTT`, to /path/to/wolfssl/IDE/Reenesas/e2studio/RA6M4/test/src/SEGGER_RTT\
-  
+
     SEGGER_RTT.c\
     SEGGER_RTT.h\
     SEGGER_RTT_Conf.h\
@@ -134,7 +136,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
     you can specify "RTT control block" to 0x200232a8 by Address\
     OR\
     you can specify "RTT control block" to 0x20020000 0x10000 by Search Range
-  
+
 ## Run Client
 1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 project
 
@@ -175,7 +177,7 @@ $./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.
 
 You will see the following message on J-LinK RTT Viewer when using RSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
 [wolfSSL_TLS_client_do(00)][00]  Start to connect to the server.
@@ -204,7 +206,7 @@ You will see the following message on J-LinK RTT Viewer when using RSA sign and
 
 You will see the following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
 [wolfSSL_TLS_client_do(00)][00]  Start to connect to the server.
@@ -235,7 +237,7 @@ You will see the following message on J-LinK RTT Viewer when using ECDSA sign an
 ### Run Multi Client Session example
 1.) Enable TLS_CLIENT and TLS_MULTITHREAD_TEST definition in wolfssl_demo.h of test_RA6M4 project
 
-2.) Follow [Run Client](#run-client) instruction 
+2.) Follow [Run Client](#run-client) instruction
 
 3.) Prepare peer wolfssl server
 
@@ -258,7 +260,7 @@ $./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.
 4.) Run Multi Client Session Example
 You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
  clt_thd_taskA connecting to 11111 port
@@ -291,7 +293,7 @@ You will see similar following message on J-LinK RTT Viewer when using ECDSA sig
 
 You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
  clt_thd_taskA connecting to 11111 port
diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
index 4263164e8..3c515029e 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -115,4 +115,5 @@
 #endif
 
 #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock
-
+/* use original asn parsing */
+#define WOLFSSL_ASN_ORIGINAL
diff --git a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
index dd56fc1e7..1dff4b177 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/include.am b/IDE/Renesas/e2studio/RA6M4/include.am
index cd8adec9c..db3f280f3 100644
--- a/IDE/Renesas/e2studio/RA6M4/include.am
+++ b/IDE/Renesas/e2studio/RA6M4/include.am
@@ -16,4 +16,4 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/common/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
-EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
diff --git a/IDE/Renesas/e2studio/RA6M4/test/.cproject b/IDE/Renesas/e2studio/RA6M4/test/.cproject
index 61375953a..11ea16645 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/.cproject
+++ b/IDE/Renesas/e2studio/RA6M4/test/.cproject
@@ -94,7 +94,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/inc/api}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/inc/instances}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/rm_freertos_port}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/amazon-freertos/freertos_kernel/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/arm/CMSIS_5/CMSIS/Core/Include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra_gen}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra_cfg/fsp_cfg/bsp}&quot;"/>
@@ -103,8 +103,11 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/inc/api}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/inc/instances}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/private/inc}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1484044149" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
index 41fb29c07..792789718 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,112 +28,112 @@ const st_user_key_block_data_t g_key_block_data =
 {
     /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
     {
-        0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0, 
-        0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63, 
+        0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0,
+        0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63,
         0x19, 0x24, 0x4B, 0x2B, 0xC0, 0x8B, 0x9C, 0x6B
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85, 
+        0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85,
         0x02, 0xC5, 0xD0, 0xBA
     },
     /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */
     {
-        0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C, 
-        0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37, 
-        0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56, 
+        0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C,
+        0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37,
+        0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56,
         0xC2, 0xE7, 0x9D, 0x2C, 0x01, 0x84, 0x59, 0x8E, 0xA8, 0x9E, 0xEE, 0x3F,
         0x22, 0x83, 0x68, 0xDA, 0x9E, 0xCE, 0xEA, 0x99, 0xFD, 0xAF, 0xDF, 0x67,
-        0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD, 
-        0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A, 
+        0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD,
+        0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A,
         0x79, 0x75, 0x28, 0xAE, 0x67, 0xC9, 0x5A, 0xDE, 0x2A, 0xB4, 0x99, 0xDB,
-        0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C, 
-        0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4, 
-        0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF, 
+        0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C,
+        0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4,
+        0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF,
         0xF0, 0x70, 0x18, 0x88, 0x93, 0xB7, 0x2F, 0x74, 0xF8, 0xF3, 0x88, 0xB8,
-        0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02, 
-        0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15, 
-        0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF, 
+        0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02,
+        0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15,
+        0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF,
         0x68, 0xEA, 0xE0, 0xB8, 0x76, 0x7C, 0xBB, 0x4A, 0x51, 0xDD, 0x55, 0x14,
-        0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C, 
-        0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42, 
-        0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12, 
+        0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C,
+        0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42,
+        0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12,
         0xEF, 0xB9, 0x53, 0xFF, 0xD2, 0x95, 0x18, 0x2F, 0x0C, 0xA6, 0x72, 0x98,
-        0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05, 
-        0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3, 
-        0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34, 
+        0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05,
+        0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3,
+        0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34,
         0xBF, 0xD1, 0x63, 0x4B, 0xB5, 0xF5, 0x88, 0xBC, 0xB8, 0x69, 0xF3, 0xB5
     },
 };
 
 #ifndef USE_CERT_BUFFERS_256
-/* ca-cert.der.sign,  
- * ca-cert.der signed by RSA2048 PSS with SHA256 
+/* ca-cert.der.sign,
+ * ca-cert.der signed by RSA2048 PSS with SHA256
  * This is used for Root Certificate verify by SCE */
 const unsigned char ca_cert_der_sign[] =
 {
-        0x70, 0x4D, 0x6C, 0xCC, 0xAD, 0xD0, 0x74, 0x34, 0x10, 0xB3,
-        0x1F, 0x26, 0x49, 0x31, 0xD0, 0xD5, 0x0B, 0x4F, 0x50, 0xD4,
-        0x21, 0x7D, 0x3D, 0xE6, 0x9D, 0x5A, 0xF1, 0xE4, 0x48, 0xBD,
-        0x6D, 0xB3, 0x58, 0xB4, 0x07, 0xF1, 0x06, 0xA7, 0x3D, 0xB7,
-        0x24, 0x60, 0xBD, 0x72, 0xB2, 0x7B, 0xA8, 0x4F, 0xFC, 0x47,
-        0x64, 0xF0, 0x04, 0xBE, 0xC7, 0xAE, 0xB6, 0x6F, 0xA5, 0xD6,
-        0x65, 0xE9, 0xB5, 0x3D, 0x8A, 0xC8, 0x27, 0x9A, 0x3B, 0x4C,
-        0x98, 0xB0, 0x5F, 0x1E, 0x54, 0xA5, 0xEF, 0xBC, 0x61, 0xA7,
-        0x3F, 0xB7, 0x5D, 0x36, 0x5A, 0x27, 0x1C, 0x5A, 0xAF, 0x65,
-        0x7A, 0x89, 0x4F, 0x00, 0xB1, 0x75, 0xA7, 0xA9, 0x5C, 0xE8,
-        0xC8, 0x0E, 0x5C, 0x83, 0x12, 0x47, 0x11, 0xD1, 0xBD, 0xF4,
-        0x10, 0x7D, 0x7B, 0xD6, 0x05, 0xF7, 0xBE, 0xD2, 0x70, 0x05,
-        0x56, 0xD6, 0x84, 0x70, 0x11, 0x3D, 0x67, 0x93, 0x2E, 0xB0,
-        0x93, 0xBA, 0x34, 0xD0, 0xDE, 0xB8, 0x16, 0x7B, 0x0D, 0x67,
-        0x16, 0x92, 0x91, 0x79, 0xAC, 0x3C, 0xC9, 0x4D, 0x8A, 0xEE,
-        0x31, 0xCC, 0xFC, 0xF7, 0x78, 0xB3, 0x1B, 0x0F, 0x54, 0xCE,
-        0xF4, 0xBB, 0xE7, 0xF4, 0xAC, 0x80, 0xEF, 0xDD, 0xFF, 0x84,
-        0x7A, 0x37, 0xED, 0xC4, 0x45, 0x3D, 0x7C, 0x19, 0x81, 0x95,
-        0x2E, 0x71, 0xE7, 0x1B, 0x1C, 0x75, 0x67, 0xBC, 0x62, 0x0F,
-        0xAA, 0x90, 0x41, 0x01, 0x53, 0xD0, 0x3A, 0x6E, 0xE9, 0xC9,
-        0xAA, 0x2F, 0xD1, 0xD8, 0xB3, 0x3B, 0x80, 0xCA, 0xE5, 0xA1,
-        0x1B, 0x7F, 0xCF, 0xF5, 0xBF, 0x2C, 0x2B, 0xBE, 0x1F, 0x77,
-        0x89, 0x21, 0xD7, 0x76, 0x51, 0xA8, 0xD0, 0x31, 0xE1, 0x97,
-        0xD1, 0x63, 0x84, 0xA2, 0xAA, 0x6E, 0x9A, 0x33, 0x43, 0x65,
-        0x2A, 0x6B, 0x40, 0x03, 0x84, 0x6F, 0xC7, 0xB3, 0xE5, 0xD8,
-        0x64, 0x30, 0x12, 0x2A, 0x45, 0x1D
+		0x42, 0xDC, 0x1F, 0xF5, 0x71, 0x54, 0x13, 0xB5, 0x86, 0x30,
+		0x34, 0xF3, 0x04, 0x50, 0x69, 0x50, 0x6C, 0x94, 0x05, 0x60,
+		0xC6, 0x34, 0x12, 0xCC, 0xA1, 0x68, 0x56, 0x1F, 0x54, 0x4D,
+		0x6C, 0x3E, 0xCB, 0xFB, 0xEB, 0xEF, 0x4E, 0xCF, 0xA8, 0xB0,
+		0xA7, 0xDE, 0xAD, 0x64, 0xBA, 0xB8, 0xE5, 0x0C, 0x97, 0x31,
+		0x16, 0xEE, 0xF7, 0x73, 0xCC, 0xAF, 0x54, 0x20, 0xE1, 0xFF,
+		0xF7, 0x94, 0x6D, 0x7B, 0xC7, 0x83, 0xA3, 0xE5, 0xF6, 0x01,
+		0xA1, 0xA7, 0x90, 0xF1, 0x3D, 0xCE, 0x95, 0xD8, 0x15, 0x29,
+		0x7A, 0x6C, 0xC1, 0x43, 0xB8, 0x29, 0x30, 0xC9, 0x38, 0x36,
+		0x85, 0x03, 0x23, 0x3D, 0xAE, 0x40, 0xAA, 0x0A, 0x38, 0xF8,
+		0x06, 0xDB, 0xA5, 0x7B, 0xBF, 0x72, 0x12, 0xD7, 0xB1, 0x35,
+		0x82, 0x47, 0xA8, 0x9E, 0xCB, 0xFF, 0xD1, 0x34, 0xA2, 0x15,
+		0xBB, 0xC8, 0x35, 0xE7, 0x91, 0x58, 0x52, 0xD8, 0xA6, 0x9F,
+		0x1D, 0x68, 0xD2, 0x92, 0x0E, 0xAD, 0x42, 0xB9, 0xE5, 0x72,
+		0xE9, 0x3B, 0x24, 0xF2, 0x05, 0xEA, 0x9F, 0xAD, 0x07, 0xE0,
+		0xD8, 0x40, 0x33, 0x7D, 0x1C, 0x8C, 0x71, 0x7E, 0x37, 0x22,
+		0x1B, 0x13, 0x27, 0xE5, 0xBC, 0x6E, 0x6E, 0x6A, 0xE5, 0x66,
+		0x4C, 0xAB, 0x74, 0x74, 0x12, 0xE4, 0x12, 0x36, 0xD5, 0xB0,
+		0x56, 0x0E, 0x79, 0xFB, 0x56, 0xA0, 0x09, 0x4B, 0xBD, 0xE0,
+		0xF5, 0x75, 0x0E, 0xA1, 0xB1, 0xDC, 0xA6, 0xC5, 0x0B, 0x7E,
+		0x79, 0x83, 0xD5, 0xCE, 0x2A, 0xB3, 0x2C, 0xE8, 0x49, 0xDE,
+		0x18, 0xB2, 0x50, 0x58, 0x58, 0x2E, 0x31, 0xAD, 0xF1, 0x25,
+		0x71, 0xD2, 0x74, 0xA1, 0xC8, 0x1C, 0xF6, 0xF7, 0xE6, 0xDA,
+		0xA3, 0x9F, 0x32, 0x5A, 0xA0, 0xBC, 0x1D, 0x13, 0xAC, 0x9C,
+		0x41, 0x97, 0xDB, 0xA4, 0xF4, 0xE2, 0xE4, 0x28, 0xD3, 0x30,
+		0xC3, 0x14, 0xF2, 0xB0, 0xBF, 0x94
 };
 
 const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
 #else
-/* ca-ecc-cert.der.sign,  
- * ca-ecc-cert.der signed by RSA2048 PSS with SHA256 
+/* ca-ecc-cert.der.sign,
+ * ca-ecc-cert.der signed by RSA2048 PSS with SHA256
  * This is used for Root Certificate verify by SCE
  */
 const unsigned char ca_ecc_cert_der_sign[] =
 {
-        0xB9, 0x59, 0x94, 0xE6, 0xD1, 0x5B, 0xFD, 0x59, 0xBB, 0x4F,
-        0x14, 0x0B, 0x9E, 0x30, 0x61, 0xF9, 0xFA, 0x2C, 0xD8, 0xE2,
-        0x7F, 0xD0, 0x1F, 0x47, 0xDE, 0x14, 0x8E, 0xD1, 0x78, 0x86,
-        0xA4, 0x9B, 0xDC, 0x86, 0x64, 0x2A, 0xD9, 0xBC, 0xBE, 0x61,
-        0x60, 0xB8, 0x1C, 0x46, 0xCE, 0x66, 0x97, 0xC0, 0x32, 0x04,
-        0x38, 0x3B, 0xCB, 0xB7, 0x38, 0x89, 0x11, 0xCE, 0xBA, 0x64,
-        0xE1, 0xDD, 0x4E, 0x3C, 0x6F, 0xA0, 0x48, 0xFA, 0x9F, 0x8F,
-        0xEC, 0x6A, 0xCA, 0xAC, 0x29, 0x4B, 0xD9, 0xF7, 0xE3, 0x03,
-        0xF7, 0xBA, 0xB8, 0xCC, 0x2C, 0xD1, 0xC8, 0x84, 0xFA, 0xF6,
-        0xFA, 0xE4, 0x72, 0xAF, 0x8D, 0x07, 0xF0, 0x3D, 0xD7, 0x58,
-        0x95, 0x08, 0x6F, 0xD5, 0x77, 0x1B, 0x92, 0x81, 0x99, 0x69,
-        0x5C, 0x4D, 0x8F, 0x98, 0xC6, 0x09, 0xC1, 0xEB, 0xB5, 0x86,
-        0x87, 0x47, 0xD7, 0x68, 0x73, 0xE8, 0x1D, 0x1B, 0xFE, 0xA5,
-        0x9C, 0x7A, 0x4B, 0xAD, 0x1A, 0x54, 0x46, 0xA0, 0xC8, 0xF7,
-        0x6C, 0xDD, 0xA6, 0xEF, 0x16, 0x21, 0x18, 0xCE, 0xF8, 0xDE,
-        0x3D, 0xB4, 0x56, 0x0C, 0xBA, 0xB7, 0x95, 0xD1, 0x6D, 0x0D,
-        0x49, 0xE7, 0x78, 0x64, 0x65, 0xC7, 0x24, 0x26, 0x81, 0xCD,
-        0x56, 0xB7, 0xB2, 0x31, 0xF2, 0xD7, 0x64, 0x55, 0x89, 0xCC,
-        0xDB, 0x69, 0x56, 0xED, 0x9B, 0x07, 0x9E, 0xD4, 0x07, 0x5E,
-        0xAF, 0xF0, 0x98, 0x94, 0xD6, 0x87, 0x0C, 0x22, 0xE1, 0x3A,
-        0x88, 0xE1, 0xC4, 0xBC, 0x51, 0x4B, 0x07, 0x4D, 0x2A, 0xCE,
-        0xA8, 0xE8, 0x9F, 0xF7, 0xA2, 0x8A, 0xEA, 0x90, 0x32, 0x20,
-        0xFC, 0xB6, 0x32, 0xE6, 0x8A, 0x47, 0x2B, 0xF4, 0xB4, 0x0F,
-        0x96, 0x7A, 0xC9, 0x0B, 0xF6, 0xBF, 0x69, 0x51, 0x9B, 0x44,
-        0xC2, 0xE2, 0xD6, 0x2D, 0xB1, 0x17, 0xAC, 0x7B, 0x32, 0xF2,
-        0x0E, 0x7A, 0x28, 0x67, 0xAB, 0xA5
+		0x34, 0x5E, 0xA6, 0xED, 0xA7, 0x19, 0xC1, 0x57, 0x3F, 0x89,
+		0x71, 0xEC, 0xA0, 0x26, 0x94, 0x67, 0xFF, 0x2A, 0xE3, 0x88,
+		0xAF, 0xD5, 0xD8, 0x7A, 0x23, 0x9D, 0xD5, 0x4A, 0x11, 0x0D,
+		0x28, 0xB7, 0x00, 0xB3, 0xC9, 0xD9, 0x5C, 0xAD, 0xB0, 0x5C,
+		0xD6, 0xFF, 0xD5, 0x98, 0x9A, 0x3D, 0xFC, 0xC2, 0x1A, 0xC8,
+		0x9C, 0x17, 0x60, 0xD7, 0xA8, 0x10, 0x62, 0x56, 0x87, 0xD7,
+		0x95, 0x71, 0xE5, 0xC8, 0x65, 0xA9, 0x16, 0xC0, 0x21, 0x08,
+		0x31, 0x51, 0xED, 0x51, 0x02, 0xED, 0x1C, 0x8A, 0xEA, 0x82,
+		0x93, 0x0E, 0x9C, 0xBD, 0x25, 0x1B, 0xD7, 0x91, 0x12, 0xC1,
+		0x49, 0xC5, 0x2E, 0x1D, 0x04, 0x5D, 0x60, 0x63, 0x68, 0xF3,
+		0x5A, 0x18, 0x60, 0xF3, 0xD9, 0x88, 0x2C, 0xCC, 0x56, 0x49,
+		0xA4, 0x07, 0x9C, 0xA7, 0x50, 0x36, 0x83, 0xFB, 0x39, 0x83,
+		0x1F, 0xB9, 0x6B, 0x1F, 0x19, 0x2B, 0x4B, 0x6D, 0xEC, 0xC5,
+		0xC5, 0x08, 0x8D, 0x38, 0x80, 0xEC, 0x8D, 0xC1, 0x8B, 0x74,
+		0xC4, 0xD7, 0x60, 0xB4, 0x29, 0xA9, 0xE1, 0x2B, 0x98, 0xF6,
+		0x9C, 0xFB, 0x73, 0x40, 0x80, 0xA8, 0x5D, 0x64, 0xDA, 0x12,
+		0xE0, 0x43, 0x5B, 0xC9, 0x65, 0xB2, 0x76, 0x11, 0xB7, 0x06,
+		0x0C, 0x81, 0x62, 0x18, 0xD3, 0x34, 0x0C, 0xAC, 0xD0, 0x61,
+		0x98, 0x5A, 0x3E, 0x94, 0x6F, 0xAA, 0x51, 0xF2, 0x75, 0xF7,
+		0xBE, 0x6C, 0xA8, 0xCB, 0xDC, 0xFD, 0x3C, 0x9C, 0xF3, 0x15,
+		0xA5, 0x5B, 0x8A, 0x81, 0x11, 0x15, 0x50, 0x3D, 0x8B, 0xA9,
+		0x3E, 0xD9, 0xAA, 0x22, 0x0B, 0xB5, 0x20, 0x83, 0x7C, 0xAF,
+		0x74, 0x4C, 0x51, 0x60, 0x44, 0xC2, 0x04, 0xA0, 0xB2, 0x17,
+		0x57, 0xE0, 0xEE, 0x63, 0x13, 0xBF, 0xEA, 0x21, 0x16, 0x4D,
+		0x2D, 0xFB, 0x0D, 0x66, 0x66, 0x43, 0x1F, 0xAB, 0xFE, 0xE3,
+		0x14, 0xAD, 0xE4, 0xE2, 0xEB, 0xBF
 };
 static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
 #endif /*  USE_CERT_BUFFERS_256 */
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
index 4ff71d154..308781105 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
@@ -1,6 +1,6 @@
 /* myprintf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,6 +18,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
+#include <stdarg.h>
 #include "SEGGER_RTT.h"
 
 #define SEGGER_INDEX            (0)
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
index e6dca444c..f93285090 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,9 +100,9 @@ static int SetScetlsKey()
 
     #endif
 
-#endif    
+#endif
     return 0;
-}    
+}
 #endif
 
 typedef struct func_args {
@@ -142,8 +142,8 @@ void SCE_KeyGeneration(FSPSM_ST *g)
         if (err == FSP_SUCCESS)
             g->keyflgs_crypt.bits.aes256_installedkey_set = 1;
     }
-    
-    
+
+
 }
 
 void Clr_CallbackCtx(FSPSM_ST *g)
@@ -151,17 +151,11 @@ void Clr_CallbackCtx(FSPSM_ST *g)
     (void) g;
 
    #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
-    if (g->wrapped_key_rsapri2048 != NULL)
-        XFREE(g->wrapped_key_rsapri2048,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(g->wrapped_key_rsapri2048, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (g->wrapped_key_rsapub2048 != NULL)
-        XFREE(g->wrapped_key_rsapub2048,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(g->wrapped_key_rsapub2048, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (g->wrapped_key_rsapri1024 != NULL)
-        XFREE(g->wrapped_key_rsapri1024,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(g->wrapped_key_rsapri1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (g->wrapped_key_rsapub2048 != NULL)
         XFREE(g->wrapped_key_rsapub1024,
@@ -245,7 +239,7 @@ void sce_test(void)
     if ((ret = wolfCrypt_Init()) != 0) {
          printf("wolfCrypt_Init failed %d\n", ret);
     }
-    
+
 #if defined(HAVE_RENESAS_SYNC) && \
     defined(HAVE_AES_CBC)
 
@@ -267,14 +261,14 @@ void sce_test(void)
     printf("Start wolfCrypt Benchmark\n");
     benchmark_test(NULL);
     printf("End wolfCrypt Benchmark\n");
-    
+
     /* free */
     Clr_CallbackCtx(&guser_PKCbInfo);
 
 #elif defined(TLS_CLIENT)
     #include "hal_data.h"
     #include "r_sce.h"
-    
+
 #if defined(WOLFSSL_TLS13)
     /* TLS1.3 needs RSA_PSS enabled.
      * SCE doesn't support RSA PSS Padding
@@ -335,6 +329,7 @@ void sce_test(void)
     int j = 0;
     #endif
     int i = 0;
+    int ret = 0;
 
     printf("\n Start Client Example, ");
     printf("\n Connecting to %s\n\n", SERVER_IP);
@@ -359,20 +354,20 @@ void sce_test(void)
             info[j].log_f = my_Logging_cb;
 
             memset(info[j].name, 0, sizeof(info[j].name));
-            sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ? 
+            sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ?
                                                             "taskA" : "taskB");
 
             printf(" %s connecting to %d port\n", info[j].name, info[j].port);
 
-            xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name, 
+            xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name,
                                     THREAD_STACK_SIZE, &info[j], 2, NULL);
             if (xReturned != pdPASS) {
                  printf("Failed to create task\n");
             }
         }
-        
+
         for(j = i; j < (i+2); j++) {
-            xSemaphoreGiveFromISR(info[j].xBinarySemaphore, 
+            xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
                                                 &xHigherPriorityTaskWoken);
         }
 
@@ -404,7 +399,8 @@ void sce_test(void)
         XMEMSET(info[i].name, 0, sizeof(info[i].name));
         XSPRINTF(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
 
-        if(wolfSSL_TLS_client_do(&info[i]) == -116) {
+        ret = wolfSSL_TLS_client_do(&info[i]);
+        if(ret == -116 || ret == -128) {
             TCP_connect_retry++;
             continue;
         }
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
index 5a920a250..673b01118 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,6 +23,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <stdarg.h> /* var_arg */
 #include <sys/time.h>
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/ssl.h"
@@ -72,7 +73,7 @@ static int msg(const char* pname, int l,
 void TCPInit( )
 {
    BaseType_t fr_status;
-  
+
    /* FreeRTOS+TCP Ethernet and IP Setup */
    fr_status = FreeRTOS_IPInit(ucIPAddress,
                                ucNetMask,
@@ -114,14 +115,14 @@ void wolfSSL_TLS_client_init()
           /* set callback functions for ECC */
           wc_sce_set_callbacks(client_ctx);
     #endif
-    
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
                                             SSL_FILETYPE_ASN1) != SSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
@@ -142,16 +143,16 @@ int wolfSSL_TLS_client_do(void *pvParam)
     socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
-    
+
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
     WOLFSSL *ssl = NULL;
     const char* pcName = p->name;
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     i = p->id;
     /* Client Socket Setup */
     xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
@@ -195,11 +196,11 @@ int wolfSSL_TLS_client_do(void *pvParam)
 
        /* Set callback CTX */
         #if !defined(TLS_MULTITHREAD_TEST)
-        
+
         XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
         guser_PKCbInfo.devId = 0;
         wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
-        
+
         #else
         if (p->port - DEFAULT_PORT == 0) {
            XMEMSET(&guser_PKCbInfo_taskA, 0, sizeof(FSPSM_ST));
@@ -210,7 +211,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
            wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskB);
         }
         #endif
-        
+
      #endif
 
      /* Attach wolfSSL to the socket */
@@ -219,10 +220,10 @@ int wolfSSL_TLS_client_do(void *pvParam)
          msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
      }
 
-     msg(pcName, i, "  Cipher : %s\n", 
+     msg(pcName, i, "  Cipher : %s\n",
                                     (p->cipher == NULL) ? "NULL" : p->cipher);
      /* use specific cipher */
-     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
                                                            != WOLFSSL_SUCCESS) {
           msg(pcName, i, " client can't set cipher list 1");
           goto out;
@@ -241,7 +242,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
      wolfSSL_Debugging_OFF();
      #endif
 
-     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
                                                     != (int)strlen(sendBuff)) {
         msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         goto out;
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
index f3cef8ffc..cd8da0ba1 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_sce_unit_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -70,7 +70,7 @@ int sce_crypt_sha_multitest();
 int sce_crypt_test();
 int sce_crypt_sha256_multitest();
 void tskSha256_Test1(void *pvParam);
- 
+
 void Clr_CallbackCtx(FSPSM_ST *g);
 void SCE_KeyGeneration(FSPSM_ST *g);
 
@@ -107,11 +107,11 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     Aes  aes[1];
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
        /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -119,19 +119,19 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     };
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
 
     if (prnt) {
         printf(" sce_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, (byte*)aes_key, 
-        		AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(aes, (byte*)aes_key,
+        		WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret == 0) {
-            ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
+            ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
         }
 
         wc_AesFree(aes);
@@ -143,16 +143,16 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, (byte*)aes_key, 
-        		AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(aes, (byte*)aes_key,
+        		WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret == 0)
-            ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
+            ret = wc_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
 
         wc_AesFree(aes);
     }
     if (ret != 0)
         ret = -2;
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         ret = -3;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -161,7 +161,7 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -169,7 +169,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aes_cbc_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -189,8 +189,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
 static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
 {
     Aes enc[1];
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     Aes dec[1];
     int  ret = 0;
 
@@ -207,7 +207,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     if (prnt)
         printf(" sce_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, devId) != 0) {
         ret = -1;
         goto out;
@@ -219,20 +219,20 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
     }
 
     ret = wc_AesSetKey(enc, (byte*)aes_key,
-    		AES_BLOCK_SIZE*2, iv, AES_ENCRYPTION);
+    		WC_AES_BLOCK_SIZE*2, iv, AES_ENCRYPTION);
     if (ret != 0){
         ret = -3;
         goto out;
     }
 
     ret = wc_AesSetKey(dec, (byte*)aes_key,
-    		AES_BLOCK_SIZE*2, iv, AES_DECRYPTION);
+    		WC_AES_BLOCK_SIZE*2, iv, AES_DECRYPTION);
     if (ret != 0) {
         ret = -4;
         goto out;
     }
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 
     if (ret != 0) {
@@ -240,7 +240,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
         goto out;
     }
 
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 
     if (ret != 0){
@@ -259,7 +259,7 @@ out:
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -267,7 +267,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aes256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -289,8 +289,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     Aes enc[1];
     Aes dec[1];
     FSPSM_ST userContext;
-    
-    
+
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -340,8 +340,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int  ret;
 
@@ -350,7 +350,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     if (prnt) {
         printf(" sce_aes256_gcm_test() ");
     }
-    
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -365,8 +365,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         goto out;
     }
 
-    result = wc_AesGcmSetKey(enc, 
-        (byte*)aes256_key, AES_BLOCK_SIZE*2);
+    result = wc_AesGcmSetKey(enc,
+        (byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
     if (result != 0) {
         ret = -3;
         goto out;
@@ -374,7 +374,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                                (byte*)iv1, sizeof(iv1), 
+                                (byte*)iv1, sizeof(iv1),
                                 resultT, sizeof(resultT), a, sizeof(a));
 
     if (result != 0) {
@@ -382,8 +382,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         goto out;
     }
 
-    result = wc_AesGcmSetKey(dec, 
-            (byte*)aes256_key, AES_BLOCK_SIZE*2);
+    result = wc_AesGcmSetKey(dec,
+            (byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
     if (result != 0) {
         ret = -7;
         goto out;
@@ -407,8 +407,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
-    wc_AesGcmSetKey(enc, 
-        (byte*)aes256_key, AES_BLOCK_SIZE*2);
+    wc_AesGcmSetKey(enc,
+        (byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
                                 (byte*)iv1, sizeof(iv1),
@@ -420,7 +420,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     }
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
               a, sizeof(a));
 
     if (result != 0) {
@@ -437,11 +437,11 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -449,7 +449,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aesgcm256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -471,7 +471,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     Aes enc[1];
     Aes dec[1];
     FSPSM_ST userContext;
-    
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -527,8 +527,8 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int ret;
 
@@ -553,7 +553,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         goto out;
     }
 
-    wc_AesGcmSetKey(enc, (byte*)aes128_key, AES_BLOCK_SIZE);
+    wc_AesGcmSetKey(enc, (byte*)aes128_key, WC_AES_BLOCK_SIZE);
     if (result != 0) {
         ret = -3;
         goto out;
@@ -565,7 +565,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         ret = -4;
         goto out;
     }
-    
+
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
                       iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
@@ -583,11 +583,11 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -595,7 +595,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aesgcm128_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -622,7 +622,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 static int sce_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -633,32 +633,32 @@ static int sce_rsa_test(int prnt, int keySize)
     byte *in2 = NULL;
     byte *out= NULL;
     byte *out2 = NULL;
-    
+
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
-    
+
     if (key == NULL || in == NULL || out == NULL ||
         in2 == NULL || out2 == NULL) {
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
-    
+
     ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
 
@@ -669,7 +669,7 @@ static int sce_rsa_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
         goto out;
@@ -691,26 +691,18 @@ out:
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out2 != NULL) {
-        XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 
 static int sce_rsa_SignVerify_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -725,14 +717,14 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
 
     if (key == NULL || in == NULL || out == NULL) {
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
@@ -742,10 +734,10 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
-    
+
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
@@ -753,7 +745,7 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     gCbInfo.keyflgs_crypt.bits.message_type = 0;
     ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
@@ -778,16 +770,10 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 #endif
@@ -796,45 +782,45 @@ int sce_crypt_test()
 {
     int ret = 0;
     fsp_err_t err;
-    
+
     Clr_CallbackCtx(&gCbInfo);
     Clr_CallbackCtx(&gCbInfo_a);
-    
+
     /* sets wrapped aes key */
     gCbInfo.wrapped_key_aes128 = &g_user_aes128_key_index1;
     gCbInfo.wrapped_key_aes256 = &g_user_aes256_key_index1;
     /* Aes Key Gen */
     SCE_KeyGeneration(&gCbInfo);
-    
+
     /* Rsa Key Gen */
     err = R_SCE_RSA1024_WrappedKeyPairGenerate(&g_wrapped_pair_1024key);
     if (err == FSP_SUCCESS) {
         /* sets wrapped rsa 1024 bits key */
-        gCbInfo.wrapped_key_rsapri1024 = 
+        gCbInfo.wrapped_key_rsapri1024 =
                 &g_wrapped_pair_1024key.priv_key;
         gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
-        gCbInfo.wrapped_key_rsapub1024 = 
+        gCbInfo.wrapped_key_rsapub1024 =
                 &g_wrapped_pair_1024key.pub_key;
         gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
     }
-    
+
     err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key);
     if (err == FSP_SUCCESS) {
         /* sets wrapped rsa 1024 bits key */
-        gCbInfo.wrapped_key_rsapri2048 = 
+        gCbInfo.wrapped_key_rsapri2048 =
                 &g_wrapped_pair_2048key.priv_key;
         gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
-        
-        gCbInfo.wrapped_key_rsapub2048 = 
+
+        gCbInfo.wrapped_key_rsapub2048 =
                 &g_wrapped_pair_2048key.pub_key;
         gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
     }
-    
+
     /* Key generation for multi testing */
     gCbInfo_a.wrapped_key_aes128 = &g_user_aes128_key_index2;
     gCbInfo_a.wrapped_key_aes256 = &g_user_aes256_key_index2;
     SCE_KeyGeneration(&gCbInfo_a);
-    
+
     ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
     if ( ret > 0)
          ret = 0;
@@ -882,7 +868,7 @@ int sce_crypt_test()
     if (ret == 0) {
         ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1);
     }
-    
+
     if (ret == 0) {
         ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1);
     }
@@ -904,12 +890,12 @@ int sce_crypt_test()
         sce_crypt_Sha_AesCbcGcm_multitest();
     } else
         ret = -1;
-    
+
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
     #endif
-    
+
     return ret;
 }
 
@@ -958,7 +944,7 @@ int sce_crypt_sha256_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -968,7 +954,7 @@ int sce_crypt_sha256_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                         STACK_SIZE, NULL, 2, NULL);
@@ -990,15 +976,15 @@ int sce_crypt_sha256_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1015,7 +1001,7 @@ int sce_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1028,7 +1014,7 @@ int sce_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(sce_aes_wrapped_key_t));
@@ -1057,7 +1043,7 @@ int sce_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                                     STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...   ");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -1071,7 +1057,7 @@ int sce_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1096,7 +1082,7 @@ int sce_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1110,7 +1096,7 @@ int sce_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(sce_aes_wrapped_key_t));
@@ -1155,7 +1141,7 @@ int sce_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1179,7 +1165,7 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -1201,45 +1187,45 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
-    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", 
+    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
 
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", 
+        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2",
                                             STACK_SIZE, NULL, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, 
+    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", 
+        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1",
                                     STACK_SIZE, &info_aes128cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, 
+    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", 
+        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2",
                                     STACK_SIZE, &info_aes128gcm, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, 
+    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", 
+        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1",
                                     STACK_SIZE, &info_aes256cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, 
+    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1256,19 +1242,19 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
-    if ((xRet == pdPASS) && 
+
+    if ((xRet == pdPASS) &&
         (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) &&
         (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) {
-        
+
         ret = 0;
     }
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/README.md b/IDE/Renesas/e2studio/RA6M4/tools/README.md
new file mode 100644
index 000000000..0658c03a1
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 000000000..ad73a5edc
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../wolfssl/certs/ca-cert.der ../../../../../../../wolfssl
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../wolfssl/certs/ca-ecc-cert.der ../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verify by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
new file mode 100644
index 000000000..a6246b036
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1m5BL7AjTKZidSHuz0dvqKWrhY3/eD5swV8FBe2y6L1u2ulR
+FAmyHUmMnmy3YMIx+Zhi+Qc4Ra27t/3/ffFhTBwx2Snr5oqryxfB2rj1+Cc6kDQL
+aUIVY1z2y9s9E4NJIQAzSlzQ5e7oGiXH3cLjOTlEI8xKDGLJEhah58Lh18am4Dqp
+DilrkL+p0H+HQJPC6eJs3urEn7ueeqQaKCv1OOsrmQfeCfkjxSqbyrR/+F5VV4H6
+PjyXHCW0lbNhxSmF9wVK8+t4DRARU5ONoECY7dIkPMqFHdzGdRmOrfEsGl++wjPH
+CvvUOLJ7/Pt0h6c7yazZngt1kqKYmKWJR7+FLQIDAQABAoIBAQCdfIqJwL6cPBNR
+3eMr/1ZlsY+A3mKD6K0tdGEXEpX007RIOVXf9qMHWY5aiJRCDz5vB1mhdokAu/GD
+15u+3vpL0OVXjq+AOdakqcUpo/CbGgyr/l1nKC7XNF7aKCH6Y9Dg2OnSssqGJWn4
+UkkxeUIzM/j0pcS4xhDRJSgyNHJ0a0xjY37K5JXTVhzgAAWxAVmh0iaptNpGAsU2
++DN6yQgtsGcKmrUp5ERtuiT66X79uDJdDL5OE070LpRGz+547rXE7haSzM0Iepup
+hEENj1UB8PZ8xK9Ki/h7iWaRNllv5TV5SfryHGlUi/kPbTDWCc+CoVG8o7tQPQ12
+yxOxMaehAoGBAPbMLvr132Kt3mCQa2SbAIV+fnv9hqY+K5jiV+Vp220kmc4ji7L/
+uleiKT8jkmO93mvLau3uLelGN2udVaBbhn5llZIwhK8R/jLP0XIap9v7EKKhuRad
++UbfYWKs6zANM8hIrRkW0P6BNlSZyjL1KiIY8kdNIBn/ZpIQh8evpcFJAoGBAN5t
+HIiiSe9mY1HCbArxD9BjKebfIMDhgwb+vgWHwk6iexdE9aFRLVhriYvQA8dhOoqZ
+LFeExaIfG0XJnrcgkEyOuuGnO3M2KUv/UKM1/F+nP3g5pCD8MC0qSM4kukFEMG2u
+3oPPCUsdRUoQBjCoae89g1CQADDfTe3zMVIda4jFAoGBALSASawKv8KwX4BIoAMI
+yqzYAzI0DpLvzXsXsCl97po4trTpknbsSiFl3LztC1gfudklAaPbG4ENdeMjQ0jx
+J8CyE17EVYalpkELdaf6juJ5EYWgunosN/D514QP7ENMpJ7LaK583YYGgvIFOLlk
+Tdh6Xlh/tAbPoPkbVfNaJ+ThAoGAHIMeIkGzepXEa4mhsfFe1pavm2HE4BTIaBAl
+qa3ScaQQZVY4qnouduQqGJsMsPU8vOGPtpRVhUe5hkOnLdBlzvqI6D44t7ccqhpL
+avCTrmtRDodNC9FoF5IRDSPWIGGuV5EQAxN6HH/fDvRo5rngAoP/HkenTpyBb9w5
+2U3eKAUCgYB0M2INdmqs8DltOVLo2vJqJxKQGtbeizB1HdQjQ9NKH+cyjmnXHZ4v
+0x1AtQsyO9FNYhib52ExYgTCpLc5rX6QNHA14mrhWpLtzB2noM4fo9BdKopMrQtE
+Kt8tl+JWmKtpBnPdTMeoF+0GYd8KZCgxITcE0SccsNl6yROBquA/pQ==
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem
new file mode 100644
index 000000000..bc8372213
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m5BL7AjTKZidSHuz0dv
+qKWrhY3/eD5swV8FBe2y6L1u2ulRFAmyHUmMnmy3YMIx+Zhi+Qc4Ra27t/3/ffFh
+TBwx2Snr5oqryxfB2rj1+Cc6kDQLaUIVY1z2y9s9E4NJIQAzSlzQ5e7oGiXH3cLj
+OTlEI8xKDGLJEhah58Lh18am4DqpDilrkL+p0H+HQJPC6eJs3urEn7ueeqQaKCv1
+OOsrmQfeCfkjxSqbyrR/+F5VV4H6PjyXHCW0lbNhxSmF9wVK8+t4DRARU5ONoECY
+7dIkPMqFHdzGdRmOrfEsGl++wjPHCvvUOLJ7/Pt0h6c7yazZngt1kqKYmKWJR7+F
+LQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject b/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
index 7684a0b60..0daf30fa0 100644
--- a/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
@@ -81,10 +81,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.1008320129" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1332222526" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -111,6 +115,9 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1740279599" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -118,6 +125,7 @@
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RA6M4"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.214105753" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -361,10 +369,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.98883299" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1801561027" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -389,10 +401,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1403729518" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1088287076" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
index 967b6ec73..0ea94144c 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
@@ -6,16 +6,16 @@ wolfSSL sample application project for GR-ROSE evaluation board
 ## 1. Overview
 -----
 
-We provide a sample program for evaluating wolfSSL targeting the GR-ROSE evaluation board, which has RX65N MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program. 
+We provide a sample program for evaluating wolfSSL targeting the GR-ROSE evaluation board, which has RX65N MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program.
 
 The sample provided is a single application that can evaluate the following three functions:
 
 - CryptoTest: A program that automatically tests various cryptographic operation functions
-- Benchmark: A program that measures the execution speed of various cryptographic operations 
+- Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 <br><br>
 
-Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only. 
+Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only.
 
 The following sections will walk you through the steps leading up to running the sample application.
 <br><br>
@@ -23,16 +23,16 @@ The following sections will walk you through the steps leading up to running the
 ## 2. Target H/W, components and libraries
 -----
 
-This sample program uses the following hardware and software libraries. If a new version of the software component is available at the time of use, please update it as appropriate. 
+This sample program uses the following hardware and software libraries. If a new version of the software component is available at the time of use, please update it as appropriate.
 
 |item|name & version|
 |:--|:--|
 |Board|GR-ROSE|
 |Device|R5F565NEHxFP|
-|IDE| Renesas e2Studio Version:2022-01 |
+|IDE| Renesas e2Studio Version:2024-04 (24.4.0) |
 |Emulator| E1, E2 Emulator Lite |
-|Toolchain|CCRX v3.04.00|
-|TSIP| TSIP v1.17|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 <br>
 
 The project of this sample program has a configuration file that uses the following FIT components.
@@ -47,21 +47,20 @@ However, the FIT components themselves are not included in the distribution of t
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 <br>
 
-Note) As of April 2022, TIPS v1.15 does not seem to be able to be added as a FIT component by adding a component in the Smart Configurator Perspective. Add it manually along the method described later. 
 <br><br>
 
 ## 3. Importing sample application project into e2Studio
 ----
 
-There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below. 
+There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
 
-+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists. 
-+ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button. 
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists.
++ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button.
 
-You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer. 
+You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer.
 <br><br>
 
 ## 4. FIT module download and smart configurator file generation
@@ -69,13 +68,13 @@ You should see the **smc**, **test**, and **wolfssl** 3 projects you imported in
 
 You will need to get the required FIT modules yourself. Follow the steps below to get them.
 
-1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective. 
+1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective.
 
 2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
 
 3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
 
-4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components. 
+4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components.
 
 5. Select the Components tab on the Software Component Settings pane and select the r_t4_rx component. In the settings pane on the right, specify the IP address of this board as the value of the "# IP address for ch0, when DHCP disable." Property (e.g. 192.168.1.9).
 
@@ -117,7 +116,7 @@ Then build the test application.
 ## 7. Build and run the test application
 -----
 
-Now that the test application is ready to build. 
+Now that the test application is ready to build.
 
 1. Build the wolfssl project on the project explorer, then the test project.
 
@@ -129,14 +128,14 @@ Now that the test application is ready to build.
 
 5. Press the run button to run the test application.
 
-6. CryptoTest, Benchmark or TLS_Client After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging. 
+6. CryptoTest, Benchmark or TLS_Client After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging.
 <br><br>
 
 ## 8. Running test application as TLS_Client
 -----
 <br>
 
-### 8.1 TLS version supported by the test application 
+### 8.1 TLS version supported by the test application
 
 <br>
 You can use the TLS1.3 protocol in addition to the existing TLS1.2. The following macro is defined to {board-name-folder}/common/user_settings.h.
@@ -177,7 +176,7 @@ In the test application, the TLS version and certificate type determine the ciph
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -200,7 +199,7 @@ To operate as TLS_Client, an opposite application for TLS communication is requi
 
 Configuration options need to be changed depending on the certificate type used.
 
-#### 8.4.1 Configuration when using ECDSA certificates 
+#### 8.4.1 Configuration when using ECDSA certificates
 
 <br>
 
@@ -217,7 +216,7 @@ Note: Do not forget to specify "-DNO_RSA"
 <br>
 
 With the above build, <wolfssl-folder\>/examples/server/server
-Is generated. This executable acts as a TLS server application. If you execute it with the following options, it will be in the listening state for the connection from TLS_Client. 
+Is generated. This executable acts as a TLS server application. If you execute it with the following options, it will be in the listening state for the connection from TLS_Client.
 <br><br>
 
 ```
@@ -247,7 +246,7 @@ is generated. This executable program acts as a server application. If you execu
 <br> <br>
 
 ```
-$ examples / server / server -b -v4 -i
+$ examples / server / server -b -v 4 -i
 ```
 
 <br>
@@ -298,7 +297,7 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
   2. RSA key pair required for RootCA certificate validation
   3. The signature generated by the RootCA certificate with the private key in 2 above.
 
-will become necessary. Please refer to the manual provided by Renesas for how to generate them. 
+will become necessary. Please refer to the manual provided by Renesas for how to generate them.
 
 <br>
 
@@ -316,7 +315,7 @@ Use wolfSSL_use_certificate_buffer or wolfSSL_CTX_use_certificate_buffer to load
 
 (2)	Loading client private key/public key
 
-Type of the client certificate decides the keys to be loaded. 
+Type of the client certificate decides the keys to be loaded.
 
 a)	ECDSA certificate:<br>
 	Load private key using tsip_use_PrivateKey_buffer.
@@ -324,25 +323,25 @@ a)	ECDSA certificate:<br>
 b)	RSA certificate:<br>
 Load private key using tsip_use_PrivateKey_buffer.
 Load public key using tsip_use_PublicKey_buffer.
-Note. In case of RSA certificate, the public key will be used for internal verification of signature process.   
+Note. In case of RSA certificate, the public key will be used for internal verification of signature process.
 
 (3)	How to generate encrypted keys
 
 The keys (private and public keys) to be loaded should be encrypted-key format. Those keys could be generated with Renesas Secure Flash Programmer or SecurityKeyManagementTool.  Refer the section 7.5 and 7.6 of the application note named “RX Family TSIP Module Firmware Integration technology� how to operate above key wrapping tool.
 
 (4)	Macro to be defined
-Define “WOLF_PRIVATE_KEY_ID� in your user_settings.h. 
+Define “WOLF_PRIVATE_KEY_ID� in your user_settings.h.
 
 <br>
 
 ## 11. Limitations
 ----
 <br>
-wolfSSL, which supports TSIPv1.17, has the following functional restrictions.
+wolfSSL, which supports TSIPv1.21, has the following functional restrictions.
 <br><br>
 
 1. Handshake message packets exchanged with the server during the TLS handshake are stored in plaintext in memory. This is used to calculate the hash of handshake messages. The content will be deleted at the end of the session.
 
 1. Session resumption and early data using TSIP are not supported.
 
-The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.
\ No newline at end of file
+The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
index c3186924a..29ca1169a 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
@@ -30,10 +30,10 @@ Renesas社製MCU RX65Nを�載��評価ボードGR-ROSEをターゲット�
 |:--|:--|
 |評価ボード|GR-ROSE|
 |Device|R5F565NEHxFP|
-|IDE| Renesas e2Studio Version:2022-01 |
+|IDE| Renesas e2Studio Version:2024-04 (24.4.0) |
 |エミュレーター| E1, E2エミュレーターLite |
-|Toolchain|CCRX v3.04.00|
-|TSIP| TSIP v1.17|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 <br>
 
 本サンプルプログラム�プロジェクト��以下�FITコン�ー�ントを使用�る設定ファイル�用��れ����。
@@ -50,10 +50,7 @@ Renesas社製MCU RX65Nを�載��評価ボードGR-ROSEをターゲット�
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
-
-（注�）2022年4月�在�TIPSv1.15�FITコン�ー�ント���スマートコンフィギュレータパースペクティブ�コン�ー�ント�追加�作��追加����よ���。後��説明�る手動��追加方法を使��追加������。<br>
-
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 <br><br>
 
@@ -186,7 +183,7 @@ testアプリケーション���TLS�ージョン�証明書�タイプ
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA証明書|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA証明書|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -246,7 +243,7 @@ $ make
 <br><br>
 
 ```
-$ examples/server/server -b -v4 -i
+$ examples/server/server -b -v 4 -i
 ```
 <br>
 testアプリケーション���サー�ーアプリケーション�割り当�られ�IPアドレスを指定���。
@@ -336,7 +333,7 @@ user_settings.h�WOLF_PRIVATE_KEY_ID�定義を行������。
 
 ## 11. 制�事項
 -----
-TSIPv1.17をサ�ート��wolfSSL��以下�機能制���り��。
+TSIPv1.21をサ�ート��wolfSSL��以下�機能制���り��。
 
 1. TLS�ンドシェーク中�サー�ー�交���メッセージパケット�平文�メモリ上�蓄��れ����。�れ��ンドシェークメッセージ��ッシュ計算�使用�れ��。内容�セッション終了時�削除�れ��。
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
index 030e4ffad..7cbc78770 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
index d288552e6..ec6e32ec9 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
index fa80de840..50e032fbc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 /*-- Renesas TSIP usage and its version ---------------------------------------
  *
  *  "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
- *   for cipher operations. 
+ *   for cipher operations.
  *  TSIP definition asks to have its version number.
  *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
  *      106: TSIPv1.06
@@ -38,27 +38,29 @@
  *      113: TSIPv1.13
  *      114: TSIPv1.14
  *      115: TSIPv1.15
+ *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
  *
  * wolfSSL supports TLSv1.2 by default. In case you want your system to support
  * TLSv1.3, uncomment line below.
- * 
+ *
  *----------------------------------------------------------------------------*/
 #define WOLFSSL_TLS13
 
 
 /*-- Operating System related definitions --------------------------------------
- * 
+ *
  *  In case any real-time OS is used, define its name(e.g. FREERTOS).
  *  Otherwise, define "SINGLE_THREADED". They are exclusive each other.
- *   
+ *
  *----------------------------------------------------------------------------*/
-  #define SINGLE_THREADED 
+  #define SINGLE_THREADED
 /*#define FREERTOS*/
 
 /*-- Compiler related definitions  ---------------------------------------------
@@ -98,34 +100,34 @@
 
   /* USE_ECC_CERT
    * This macro is for selecting root CA certificate to load, it is valid only
-   * in example applications. wolfSSL does not refer this macro. 
-   * If you want to use cipher suites including ECDSA authentication in 
+   * in example applications. wolfSSL does not refer this macro.
+   * If you want to use cipher suites including ECDSA authentication in
    * the example applications with TSIP, enable this macro.
-   * In TSIP 1.13 or later version, following cipher suites are 
+   * In TSIP 1.13 or later version, following cipher suites are
    * available:
    * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
-   * 
+   *
    * Note that, this macro disables cipher suites including RSA
    * authentication such as:
    * - TLS_RSA_WITH_AES_128_CBC_SHA
-   * - TLS_RSA_WITH_AES_256_CBC_SHA 
+   * - TLS_RSA_WITH_AES_256_CBC_SHA
    * - TLS_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_RSA_WITH_AES_256_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
-   * 
+   *
    */
   #define USE_ECC_CERT
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_ecc_cert_der_256" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_ecc_cert_der_256" is used under the following macro definition
    * for ECDSA.
    */
   #define USE_CERT_BUFFERS_256
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_cert_der_2048" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_cert_der_2048" is used under the following macro definition
    * for RSA authentication.
    */
   #define USE_CERT_BUFFERS_2048
@@ -137,7 +139,7 @@
   #define SIZEOF_LONG_LONG 8
 
   /*#define WOLFSSL_STATIC_MEMORY*/
-  
+
   #if defined(WOLFSSL_STATIC_MEMORY)
     #define USE_FAST_MATH
   #else
@@ -146,24 +148,24 @@
 
 
 
- /* 
+ /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
-  *  
-  * Note. In your actual products, do not forget to comment-out 
+  *
+  * Note. In your actual products, do not forget to comment-out
   * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
-  * otherwise, certificate expiration validation will not work.  
+  * otherwise, certificate expiration validation will not work.
   */
   /*#define NO_ASN_TIME*/
-  
+
   #define NO_MAIN_DRIVER
   #define BENCH_EMBEDDED
-  #define NO_WOLFSSL_DIR 
+  #define NO_WOLFSSL_DIR
   #define WOLFSSL_NO_CURRDIR
   #define NO_FILESYSTEM
   #define WOLFSSL_LOG_PRINTF
   #define WOLFSSL_HAVE_MIN
   #define WOLFSSL_HAVE_MAX
-  
+
   #define NO_WRITEV
   #define WOLFSSL_USER_IO
 
@@ -175,7 +177,7 @@
   #define USE_WOLF_SUSECONDS_T
   #define USE_WOLF_TIMEVAL_T
 
-  
+
   #define WC_RSA_BLINDING
   #define TFM_TIMING_RESISTANT
   #define ECC_TIMING_RESISTANT
@@ -191,7 +193,7 @@
 
 /*-- Definitions for functionality negation  -----------------------------------
  *
- * 
+ *
  *----------------------------------------------------------------------------*/
 
 /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -203,7 +205,7 @@
 
 /*-- Consistency checking between definitions  ---------------------------------
  *
- *  
+ *
  *----------------------------------------------------------------------------*/
 
 /*-- TSIP TLS specific definitions --*/
@@ -229,7 +231,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -243,10 +244,20 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+        /*-------------------------------------------------------------------------
+     * TSIP generates random numbers using the CRT-DRBG described
+     * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+     * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+     * directly. Comment out the macro will generate random number by
+     * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+     *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+    #if !defined(min)
+    	#define min(data1, data2)    _builtin_min(data1, data2)
+	#endif
 #endif
 
 
@@ -260,7 +271,3 @@
 
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
-#if !defined(WOLFSSL_RENESAS_TSIP_TLS)
- #define min(x,y) ((x)<(y)?(x):(y))
-#endif
-
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
index 251d6481b..032a171cc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,18 +18,33 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2023
-#define MON  6
-
 static int tick = 0;
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
 
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am b/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
index 60df793e5..ce88e9b15 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
@@ -23,4 +23,8 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.cproject
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.project
-EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg b/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
index 393a20ac4..9193414c7 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
@@ -4,16 +4,18 @@
         <configuration active="true" id="com.renesas.smc.toolchain.rxc.configuration.release">
             <property id="com.renesas.smc.service.project.buildArtefactType" values="com.renesas.smc.service.project.buildArtefactType.exe"/>
             <toolchain id="com.renesas.smc.toolchain.rxc.toolchain.rxc">
+                <option id="com.renesas.smc.toolchain.option.language" key="com.renesas.smc.toolchain.option.language.c"/>
                 <option id="com.renesas.smc.toolchain.option.buildArtefactType" key="com.renesas.smc.toolchain.option.buildArtefactType.exe"/>
                 <option id="com.renesas.smc.toolchain.option.rtos" key="com.renesas.smc.toolchain.option.rtos.none"/>
+                <option id="com.renesas.smc.toolchain.option.dual" key="com.renesas.smc.toolchain.option.dual.false"/>
             </toolchain>
         </configuration>
         <platform id="R5F565NEHxFP"/>
-        <option id="board" value="gr-rose (v1.01)"/>
+        <option id="board" value="GR-ROSE-RX65N (V1.03)"/>
     </general>
     <tool id="Clock">
         <option enabled="true" id="vccinput" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="3.3" value="3.300"/>
+            <item enabled="true" id="textinputitem" input="3.3" value="3.3"/>
         </option>
         <option enabled="true" id="mainclockenable" selection="check">
             <item enabled="true" id="check"/>
@@ -24,10 +26,10 @@
             <item enabled="true" id="srcEOI"/>
         </option>
         <option enabled="true" id="mainfrequency" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="12" value="12.000000"/>
+            <item enabled="true" id="textinputitem" input="12" value="12"/>
         </option>
         <option enabled="false" id="mainwaittime" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="9980" value="9980.000000"/>
+            <item enabled="true" id="textinputitem" input="9980" value="9980"/>
         </option>
         <option enabled="true" id="subclockenable" selection="uncheck">
             <item enabled="true" id="check"/>
@@ -41,7 +43,7 @@
             <item enabled="true" id="lowCL"/>
         </option>
         <option enabled="false" id="subwaittime" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="2000" value="2000.000000"/>
+            <item enabled="true" id="textinputitem" input="2000" value="2000"/>
         </option>
         <option enabled="true" id="hococlockenable" selection="uncheck">
             <item enabled="true" id="check"/>
@@ -71,7 +73,7 @@
             <item enabled="true" id="textinputitem" input="" value="120"/>
         </option>
         <option enabled="true" id="pllswitcher" selection="pllmain">
-            <item enabled="true" id="pllmain" input="" value="12.0"/>
+            <item enabled="true" id="pllmain" input="" value="12"/>
             <item enabled="false" id="pllhoco" input="" value="16"/>
         </option>
         <option enabled="true" id="plldivider" selection="div1-1">
@@ -124,7 +126,7 @@
         </option>
         <option enabled="true" id="sckswitcher" selection="pll">
             <item enabled="true" id="pll" input="" value="1.2E8"/>
-            <item enabled="true" id="main" input="" value="1.2E7"/>
+            <item enabled="true" id="main" input="" value="12000000"/>
             <item enabled="false" id="sub" input="" value="32768.0"/>
             <item enabled="false" id="hoco" input="" value="16000000"/>
             <item enabled="false" id="loco" input="" value="240000"/>
@@ -257,308 +259,308 @@
             <item enabled="true" id="textoutputitem" input="" value="120"/>
         </option>
         <option enabled="true" id="cacmclk" selection="textoutputitem">
-            <item enabled="true" id="textoutputitem" input="" value="12.0"/>
+            <item enabled="true" id="textoutputitem" input="" value="12"/>
         </option>
     </tool>
     <tool id="Interrupt">
-        <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="Not Use"/>
-        <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="Used"/>
-        <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="Used"/>
-        <Item currentVect="28" id="CMT0_CMI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="29" id="CMT1_CMI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="Not Use"/>
-        <Item currentVect="35" id="USB0_D1FIFO0" priority="15" usedState="Not Use"/>
-        <Item currentVect="38" id="RSPI0_SPRI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="39" id="RSPI0_SPTI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="40" id="RSPI1_SPRI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="41" id="RSPI1_SPTI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="42" id="QSPI_SPRI" priority="15" usedState="Not Use"/>
-        <Item currentVect="43" id="QSPI_SPTI" priority="15" usedState="Not Use"/>
-        <Item currentVect="44" id="SDHI_SBFAI" priority="15" usedState="Not Use"/>
-        <Item currentVect="45" id="MMCIF_MBFAI" priority="15" usedState="Not Use"/>
-        <Item currentVect="50" id="RIIC1_RXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="51" id="RIIC1_TXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="52" id="RIIC0_RXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="53" id="RIIC0_TXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="54" id="RIIC2_RXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="55" id="RIIC2_TXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="58" id="SCI0_RXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="59" id="SCI0_TXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="60" id="SCI1_RXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="61" id="SCI1_TXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="62" id="SCI2_RXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="63" id="SCI2_TXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="64" id="ICU_IRQ0" priority="15" usedState="Not Use"/>
-        <Item currentVect="65" id="ICU_IRQ1" priority="15" usedState="Not Use"/>
-        <Item currentVect="66" id="ICU_IRQ2" priority="15" usedState="Not Use"/>
-        <Item currentVect="67" id="ICU_IRQ3" priority="15" usedState="Not Use"/>
-        <Item currentVect="68" id="ICU_IRQ4" priority="15" usedState="Not Use"/>
-        <Item currentVect="69" id="ICU_IRQ5" priority="15" usedState="Not Use"/>
-        <Item currentVect="70" id="ICU_IRQ6" priority="15" usedState="Not Use"/>
-        <Item currentVect="71" id="ICU_IRQ7" priority="15" usedState="Not Use"/>
-        <Item currentVect="72" id="ICU_IRQ8" priority="15" usedState="Not Use"/>
-        <Item currentVect="73" id="ICU_IRQ9" priority="15" usedState="Not Use"/>
-        <Item currentVect="74" id="ICU_IRQ10" priority="15" usedState="Not Use"/>
-        <Item currentVect="75" id="ICU_IRQ11" priority="15" usedState="Not Use"/>
-        <Item currentVect="76" id="ICU_IRQ12" priority="15" usedState="Not Use"/>
-        <Item currentVect="77" id="ICU_IRQ13" priority="15" usedState="Not Use"/>
-        <Item currentVect="78" id="ICU_IRQ14" priority="15" usedState="Not Use"/>
-        <Item currentVect="79" id="ICU_IRQ15" priority="15" usedState="Not Use"/>
-        <Item currentVect="80" id="SCI3_RXI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="81" id="SCI3_TXI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="82" id="SCI4_RXI4" priority="15" usedState="Not Use"/>
-        <Item currentVect="83" id="SCI4_TXI4" priority="15" usedState="Not Use"/>
-        <Item currentVect="84" id="SCI5_RXI5" priority="15" usedState="Not Use"/>
-        <Item currentVect="85" id="SCI5_TXI5" priority="15" usedState="Not Use"/>
-        <Item currentVect="86" id="SCI6_RXI6" priority="15" usedState="Not Use"/>
-        <Item currentVect="87" id="SCI6_TXI6" priority="15" usedState="Not Use"/>
-        <Item currentVect="88" id="LVD1_LVD1" priority="15" usedState="Not Use"/>
-        <Item currentVect="89" id="LVD2_LVD2" priority="15" usedState="Not Use"/>
-        <Item currentVect="90" id="USB0_USBR0" priority="15" usedState="Not Use"/>
-        <Item currentVect="92" id="RTC_ALM" priority="15" usedState="Not Use"/>
-        <Item currentVect="93" id="RTC_PRD" priority="15" usedState="Not Use"/>
-        <Item currentVect="95" id="IWDT_IWUNI" priority="15" usedState="Not Use"/>
-        <Item currentVect="96" id="WDT_WUNI" priority="15" usedState="Not Use"/>
-        <Item currentVect="97" id="PDC_PCDFI" priority="15" usedState="Not Use"/>
-        <Item currentVect="98" id="SCI7_RXI7" priority="15" usedState="Not Use"/>
-        <Item currentVect="99" id="SCI7_TXI7" priority="15" usedState="Not Use"/>
-        <Item currentVect="100" id="SCI8_RXI8" priority="15" usedState="Not Use"/>
-        <Item currentVect="101" id="SCI8_TXI8" priority="15" usedState="Not Use"/>
-        <Item currentVect="102" id="SCI9_RXI9" priority="15" usedState="Not Use"/>
-        <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="Not Use"/>
-        <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="Not Use"/>
-        <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="Not Use"/>
-        <Item currentVect="106" groupchild="&lt;br&gt;1-ERS0&lt;br&gt;2-ERS1" id="BE0" priority="15" usedState="Not Use"/>
-        <Item currentVect="107" groupchild="&lt;br&gt;1-SDIOI" id="BL2" priority="15" usedState="Not Use"/>
-        <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="110" groupchild="&lt;br&gt;1-TEI0&lt;br&gt;2-ERI0&lt;br&gt;3-TEI1&lt;br&gt;4-ERI1&lt;br&gt;5-TEI2&lt;br&gt;6-ERI2&lt;br&gt;7-TEI3&lt;br&gt;8-ERI3&lt;br&gt;9-TEI4&lt;br&gt;10-ERI4&lt;br&gt;11-TEI5&lt;br&gt;12-ERI5&lt;br&gt;13-TEI6&lt;br&gt;14-ERI6&lt;br&gt;15-TEI7&lt;br&gt;16-ERI7&lt;br&gt;17-TEI12&lt;br&gt;18-ERI12&lt;br&gt;19-SCIX0&lt;br&gt;20-SCIX1&lt;br&gt;21-SCIX2&lt;br&gt;22-SCIX3&lt;br&gt;23-QSPSSLI&lt;br&gt;24-FERRI&lt;br&gt;25-MENDI&lt;br&gt;26-OVFI&lt;br&gt;27-DOPCI&lt;br&gt;28-PCFEI&lt;br&gt;29-PCERI" id="BL0" priority="15" usedState="Not Use"/>
-        <Item currentVect="111" groupchild="&lt;br&gt;1-CDETI&lt;br&gt;2-CACI&lt;br&gt;3-SDACI&lt;br&gt;4-CDETIO&lt;br&gt;5-ERRIO&lt;br&gt;6-ACCIO&lt;br&gt;7-OEI1&lt;br&gt;8-OEI2&lt;br&gt;9-OEI3&lt;br&gt;10-OEI4&lt;br&gt;11-TEI0&lt;br&gt;12-EEI0&lt;br&gt;13-TEI2&lt;br&gt;14-EEI2&lt;br&gt;15-S12CMPAI&lt;br&gt;16-S12CMPBI&lt;br&gt;17-S12CMPAI1&lt;br&gt;18-S12CMPBI1&lt;br&gt;19-TEI8&lt;br&gt;20-ERI8&lt;br&gt;21-TEI9&lt;br&gt;22-ERI9&lt;br&gt;23-TEI1&lt;br&gt;24-EEI1" id="BL1" priority="15" usedState="Not Use"/>
-        <Item currentVect="112" groupchild="&lt;br&gt;1-TEI10&lt;br&gt;2-ERI10&lt;br&gt;3-TEI11&lt;br&gt;4-ERI11&lt;br&gt;5-SPII0&lt;br&gt;6-SPEI0&lt;br&gt;7-SPII1&lt;br&gt;8-SPEI1&lt;br&gt;9-SPII2&lt;br&gt;10-SPEI2" id="AL0" priority="15" usedState="Not Use"/>
-        <Item currentVect="113" groupchild="&lt;br&gt;1-EINT0&lt;br&gt;2-VPOS&lt;br&gt;3-GR1UF&lt;br&gt;4-GR2UF&lt;br&gt;5-DRW_IRQ" id="AL1" priority="2" usedState="Used"/>
-        <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="Not Use"/>
-        <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="Not Use"/>
-        <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="Not Use"/>
-        <Item currentVect="117" id="SCI12_TXI12" priority="15" usedState="Not Use"/>
-        <Item currentVect="120" id="DMAC_DMAC0I" priority="15" usedState="Not Use"/>
-        <Item currentVect="121" id="DMAC_DMAC1I" priority="15" usedState="Not Use"/>
-        <Item currentVect="122" id="DMAC_DMAC2I" priority="15" usedState="Not Use"/>
-        <Item currentVect="123" id="DMAC_DMAC3I" priority="15" usedState="Not Use"/>
-        <Item currentVect="124" id="DMAC_DMAC74I" priority="15" usedState="Not Use"/>
-        <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="Not Use"/>
-        <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="Not Use"/>
-        <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="Not Use"/>
-        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="Not Use"/>
-        <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="Not Use"/>
-        <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="Not Use"/>
-        <Item currentVect="133" defaultVect="133" id="TPU0_TGI0D" priority="15" usedState="Not Use"/>
-        <Item currentVect="134" defaultVect="134" id="TPU0_TCI0V" priority="15" usedState="Not Use"/>
-        <Item currentVect="135" defaultVect="135" id="TPU1_TGI1B" priority="15" usedState="Not Use"/>
-        <Item currentVect="136" defaultVect="136" id="TPU1_TCI1V" priority="15" usedState="Not Use"/>
-        <Item currentVect="137" defaultVect="137" id="TPU1_TCI1U" priority="15" usedState="Not Use"/>
-        <Item currentVect="138" defaultVect="138" id="TPU2_TGI2A" priority="15" usedState="Not Use"/>
-        <Item currentVect="139" defaultVect="139" id="TPU2_TGI2B" priority="15" usedState="Not Use"/>
-        <Item currentVect="140" defaultVect="140" id="TPU2_TCI2V" priority="15" usedState="Not Use"/>
-        <Item currentVect="141" defaultVect="141" id="TPU2_TCI2U" priority="15" usedState="Not Use"/>
-        <Item currentVect="142" defaultVect="142" id="TPU3_TGI3A" priority="15" usedState="Not Use"/>
-        <Item currentVect="143" defaultVect="143" id="TPU3_TGI3B" priority="15" usedState="Not Use"/>
-        <Item currentVect="144" defaultVect="144" id="TPU1_TGI1A" priority="15" usedState="Not Use"/>
-        <Item currentVect="145" defaultVect="145" id="TPU3_TGI3C" priority="15" usedState="Not Use"/>
-        <Item currentVect="146" defaultVect="146" id="TMR0_CMIA0" priority="15" usedState="Not Use"/>
-        <Item currentVect="147" defaultVect="147" id="TMR0_CMIB0" priority="15" usedState="Not Use"/>
-        <Item currentVect="148" defaultVect="148" id="TMR0_OVI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="149" defaultVect="149" id="TMR1_CMIA1" priority="15" usedState="Not Use"/>
-        <Item currentVect="150" defaultVect="150" id="TMR1_CMIB1" priority="15" usedState="Not Use"/>
-        <Item currentVect="151" defaultVect="151" id="TMR1_OVI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="152" defaultVect="152" id="TMR2_CMIA2" priority="15" usedState="Not Use"/>
-        <Item currentVect="153" defaultVect="153" id="TMR2_CMIB2" priority="15" usedState="Not Use"/>
-        <Item currentVect="154" defaultVect="154" id="TMR2_OVI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="155" defaultVect="155" id="TMR3_CMIA3" priority="15" usedState="Not Use"/>
-        <Item currentVect="156" defaultVect="156" id="TMR3_CMIB3" priority="15" usedState="Not Use"/>
-        <Item currentVect="157" defaultVect="157" id="TMR3_OVI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="158" defaultVect="158" id="TPU3_TGI3D" priority="15" usedState="Not Use"/>
-        <Item currentVect="159" defaultVect="159" id="TPU3_TCI3V" priority="15" usedState="Not Use"/>
-        <Item currentVect="160" defaultVect="160" id="TPU4_TGI4A" priority="15" usedState="Not Use"/>
-        <Item currentVect="161" defaultVect="161" id="TPU4_TGI4B" priority="15" usedState="Not Use"/>
-        <Item currentVect="162" defaultVect="162" id="TPU4_TCI4V" priority="15" usedState="Not Use"/>
-        <Item currentVect="163" defaultVect="163" id="TPU4_TCI4U" priority="15" usedState="Not Use"/>
-        <Item currentVect="164" defaultVect="164" id="TPU5_TGI5A" priority="15" usedState="Not Use"/>
-        <Item currentVect="165" defaultVect="165" id="TPU5_TGI5B" priority="15" usedState="Not Use"/>
-        <Item currentVect="166" defaultVect="166" id="TPU5_TCI5V" priority="15" usedState="Not Use"/>
-        <Item currentVect="167" defaultVect="167" id="TPU5_TCI5U" priority="15" usedState="Not Use"/>
-        <Item currentVect="168" defaultVect="168" id="CMTW0_IC0I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="169" defaultVect="169" id="CMTW0_IC1I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="170" defaultVect="170" id="CMTW0_OC0I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="171" defaultVect="171" id="CMTW0_OC1I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="172" defaultVect="172" id="CMTW1_IC0I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="173" defaultVect="173" id="CMTW1_IC1I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="174" defaultVect="174" id="CMTW1_OC0I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="175" defaultVect="175" id="CMTW1_OC1I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="176" defaultVect="176" id="RTC_CUP" priority="15" usedState="Not Use"/>
-        <Item currentVect="177" defaultVect="177" id="CAN0_RXF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="178" defaultVect="178" id="CAN0_TXF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="179" defaultVect="179" id="CAN0_RXM0" priority="15" usedState="Not Use"/>
-        <Item currentVect="180" defaultVect="180" id="CAN0_TXM0" priority="15" usedState="Not Use"/>
-        <Item currentVect="181" defaultVect="181" id="CAN1_RXF1" priority="15" usedState="Not Use"/>
-        <Item currentVect="182" defaultVect="182" id="CAN1_TXF1" priority="15" usedState="Not Use"/>
-        <Item currentVect="183" defaultVect="183" id="CAN1_RXM1" priority="15" usedState="Not Use"/>
-        <Item currentVect="184" defaultVect="184" id="CAN1_TXM1" priority="15" usedState="Not Use"/>
-        <Item currentVect="185" defaultVect="185" id="USB0_USBI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="186" defaultVect="186" id="S12AD_S12ADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="187" defaultVect="187" id="S12AD_S12GBADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="188" defaultVect="188" id="S12AD_S12GCADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="189" defaultVect="189" id="S12AD1_S12ADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="190" defaultVect="190" id="S12AD1_S12GBADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="191" defaultVect="191" id="S12AD1_S12GCADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="192" defaultVect="192" id="RNG_RNGEND" priority="15" usedState="Not Use"/>
-        <Item currentVect="193" defaultVect="193" id="ELC_ELSR18I" priority="15" usedState="Not Use"/>
-        <Item currentVect="194" defaultVect="194" id="ELC_ELSR19I" priority="15" usedState="Not Use"/>
-        <Item currentVect="195" defaultVect="195" id="TSIP_PROC_BUSY" priority="15" usedState="Not Use"/>
-        <Item currentVect="196" defaultVect="196" id="TSIP_ROMOK" priority="15" usedState="Not Use"/>
-        <Item currentVect="197" defaultVect="197" id="TSIP_LONG_PLG" priority="15" usedState="Not Use"/>
-        <Item currentVect="198" defaultVect="198" id="TSIP_TEST_BUSY" priority="15" usedState="Not Use"/>
-        <Item currentVect="199" defaultVect="199" id="TSIP_WRRDY0" priority="15" usedState="Not Use"/>
-        <Item currentVect="200" defaultVect="200" id="TSIP_WRRDY1" priority="15" usedState="Not Use"/>
-        <Item currentVect="201" defaultVect="201" id="TSIP_WRRDY4" priority="15" usedState="Not Use"/>
-        <Item currentVect="202" defaultVect="202" id="TSIP_RDRDY0" priority="15" usedState="Not Use"/>
-        <Item currentVect="203" defaultVect="203" id="TSIP_RDRDY1" priority="15" usedState="Not Use"/>
-        <Item currentVect="204" defaultVect="204" id="TSIP_INTEGRATE_WRRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="205" defaultVect="205" id="TSIP_INTEGRATE_RDRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="206" id="PERIB_INTB206" priority="15" usedState="Not Use"/>
-        <Item currentVect="207" id="PERIB_INTB207" priority="15" usedState="Not Use"/>
-        <Item currentVect="208" defaultVect="208" id="MTU1_TGIA1" priority="15" usedState="Not Use"/>
-        <Item currentVect="209" defaultVect="209" id="MTU0_TGIA0" priority="15" usedState="Not Use"/>
-        <Item currentVect="210" defaultVect="210" id="MTU0_TGIB0" priority="15" usedState="Not Use"/>
-        <Item currentVect="211" defaultVect="211" id="MTU0_TGIC0" priority="15" usedState="Not Use"/>
-        <Item currentVect="212" defaultVect="212" id="MTU0_TGID0" priority="15" usedState="Not Use"/>
-        <Item currentVect="213" defaultVect="213" id="MTU0_TCIV0" priority="15" usedState="Not Use"/>
-        <Item currentVect="214" defaultVect="214" id="MTU0_TGIE0" priority="15" usedState="Not Use"/>
-        <Item currentVect="215" defaultVect="215" id="MTU0_TGIF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="216" defaultVect="216" id="MTU1_TGIB1" priority="15" usedState="Not Use"/>
-        <Item currentVect="217" defaultVect="217" id="MTU1_TCIV1" priority="15" usedState="Not Use"/>
-        <Item currentVect="218" defaultVect="218" id="MTU1_TCIU1" priority="15" usedState="Not Use"/>
-        <Item currentVect="219" defaultVect="219" id="MTU2_TGIA2" priority="15" usedState="Not Use"/>
-        <Item currentVect="220" defaultVect="220" id="MTU2_TGIB2" priority="15" usedState="Not Use"/>
-        <Item currentVect="221" defaultVect="221" id="MTU2_TCIV2" priority="15" usedState="Not Use"/>
-        <Item currentVect="222" defaultVect="222" id="MTU2_TCIU2" priority="15" usedState="Not Use"/>
-        <Item currentVect="223" defaultVect="223" id="MTU3_TGIA3" priority="15" usedState="Not Use"/>
-        <Item currentVect="224" defaultVect="224" id="MTU3_TGIB3" priority="15" usedState="Not Use"/>
-        <Item currentVect="225" defaultVect="225" id="MTU3_TGIC3" priority="15" usedState="Not Use"/>
-        <Item currentVect="226" defaultVect="226" id="MTU3_TGID3" priority="15" usedState="Not Use"/>
-        <Item currentVect="227" defaultVect="227" id="MTU3_TCIV3" priority="15" usedState="Not Use"/>
-        <Item currentVect="228" defaultVect="228" id="MTU4_TGIA4" priority="15" usedState="Not Use"/>
-        <Item currentVect="229" defaultVect="229" id="MTU4_TGIB4" priority="15" usedState="Not Use"/>
-        <Item currentVect="230" defaultVect="230" id="MTU4_TGIC4" priority="15" usedState="Not Use"/>
-        <Item currentVect="231" defaultVect="231" id="MTU4_TGID4" priority="15" usedState="Not Use"/>
-        <Item currentVect="232" defaultVect="232" id="MTU4_TCIV4" priority="15" usedState="Not Use"/>
-        <Item currentVect="233" defaultVect="233" id="MTU5_TGIU5" priority="15" usedState="Not Use"/>
-        <Item currentVect="234" defaultVect="234" id="MTU5_TGIV5" priority="15" usedState="Not Use"/>
-        <Item currentVect="235" defaultVect="235" id="MTU5_TGIW5" priority="15" usedState="Not Use"/>
-        <Item currentVect="236" defaultVect="236" id="MTU6_TGIA6" priority="15" usedState="Not Use"/>
-        <Item currentVect="237" defaultVect="237" id="MTU6_TGIB6" priority="15" usedState="Not Use"/>
-        <Item currentVect="238" defaultVect="238" id="MTU6_TGIC6" priority="15" usedState="Not Use"/>
-        <Item currentVect="239" defaultVect="239" id="MTU6_TGID6" priority="15" usedState="Not Use"/>
-        <Item currentVect="240" defaultVect="240" id="MTU6_TCIV6" priority="15" usedState="Not Use"/>
-        <Item currentVect="241" defaultVect="241" id="MTU7_TGIA7" priority="15" usedState="Not Use"/>
-        <Item currentVect="242" defaultVect="242" id="MTU7_TGIB7" priority="15" usedState="Not Use"/>
-        <Item currentVect="243" defaultVect="243" id="MTU7_TGIC7" priority="15" usedState="Not Use"/>
-        <Item currentVect="244" defaultVect="244" id="MTU7_TGID7" priority="15" usedState="Not Use"/>
-        <Item currentVect="245" defaultVect="245" id="MTU7_TCIV7" priority="15" usedState="Not Use"/>
-        <Item currentVect="246" defaultVect="246" id="MTU8_TGIA8" priority="15" usedState="Not Use"/>
-        <Item currentVect="247" defaultVect="247" id="MTU8_TGIB8" priority="15" usedState="Not Use"/>
-        <Item currentVect="248" defaultVect="248" id="MTU8_TGIC8" priority="15" usedState="Not Use"/>
-        <Item currentVect="249" defaultVect="249" id="MTU8_TGID8" priority="15" usedState="Not Use"/>
-        <Item currentVect="250" defaultVect="250" id="MTU8_TCIV8" priority="15" usedState="Not Use"/>
-        <Item currentVect="251" defaultVect="251" id="AES_AESRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="252" defaultVect="252" id="AES_AESEND" priority="15" usedState="Not Use"/>
-        <Item currentVect="253" id="PERIA_INTA253" priority="15" usedState="Not Use"/>
-        <Item currentVect="254" id="PERIA_INTA254" priority="15" usedState="Not Use"/>
-        <Item currentVect="255" id="PERIA_INTA255" priority="15" usedState="Not Use"/>
+        <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="未使用"/>
+        <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="未使用"/>
+        <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="未使用"/>
+        <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="未使用"/>
+        <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="使用中"/>
+        <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="使用中"/>
+        <Item currentVect="28" id="CMT0_CMI0" priority="5" usedState="使用中"/>
+        <Item currentVect="29" id="CMT1_CMI1" priority="5" usedState="使用中"/>
+        <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="未使用"/>
+        <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="未使用"/>
+        <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="未使用"/>
+        <Item currentVect="35" id="USB0_D1FIFO0" priority="15" usedState="未使用"/>
+        <Item currentVect="38" id="RSPI0_SPRI0" priority="15" usedState="未使用"/>
+        <Item currentVect="39" id="RSPI0_SPTI0" priority="15" usedState="未使用"/>
+        <Item currentVect="40" id="RSPI1_SPRI1" priority="15" usedState="未使用"/>
+        <Item currentVect="41" id="RSPI1_SPTI1" priority="15" usedState="未使用"/>
+        <Item currentVect="42" id="QSPI_SPRI" priority="15" usedState="未使用"/>
+        <Item currentVect="43" id="QSPI_SPTI" priority="15" usedState="未使用"/>
+        <Item currentVect="44" id="SDHI_SBFAI" priority="15" usedState="未使用"/>
+        <Item currentVect="45" id="MMCIF_MBFAI" priority="15" usedState="未使用"/>
+        <Item currentVect="50" id="RIIC1_RXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="51" id="RIIC1_TXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="52" id="RIIC0_RXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="53" id="RIIC0_TXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="54" id="RIIC2_RXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="55" id="RIIC2_TXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="58" id="SCI0_RXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="59" id="SCI0_TXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="60" id="SCI1_RXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="61" id="SCI1_TXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="62" id="SCI2_RXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="63" id="SCI2_TXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="64" id="ICU_IRQ0" priority="15" usedState="未使用"/>
+        <Item currentVect="65" id="ICU_IRQ1" priority="15" usedState="未使用"/>
+        <Item currentVect="66" id="ICU_IRQ2" priority="15" usedState="未使用"/>
+        <Item currentVect="67" id="ICU_IRQ3" priority="15" usedState="未使用"/>
+        <Item currentVect="68" id="ICU_IRQ4" priority="15" usedState="未使用"/>
+        <Item currentVect="69" id="ICU_IRQ5" priority="15" usedState="未使用"/>
+        <Item currentVect="70" id="ICU_IRQ6" priority="15" usedState="未使用"/>
+        <Item currentVect="71" id="ICU_IRQ7" priority="15" usedState="未使用"/>
+        <Item currentVect="72" id="ICU_IRQ8" priority="15" usedState="未使用"/>
+        <Item currentVect="73" id="ICU_IRQ9" priority="15" usedState="未使用"/>
+        <Item currentVect="74" id="ICU_IRQ10" priority="15" usedState="未使用"/>
+        <Item currentVect="75" id="ICU_IRQ11" priority="15" usedState="未使用"/>
+        <Item currentVect="76" id="ICU_IRQ12" priority="15" usedState="未使用"/>
+        <Item currentVect="77" id="ICU_IRQ13" priority="15" usedState="未使用"/>
+        <Item currentVect="78" id="ICU_IRQ14" priority="15" usedState="未使用"/>
+        <Item currentVect="79" id="ICU_IRQ15" priority="15" usedState="未使用"/>
+        <Item currentVect="80" id="SCI3_RXI3" priority="15" usedState="未使用"/>
+        <Item currentVect="81" id="SCI3_TXI3" priority="15" usedState="未使用"/>
+        <Item currentVect="82" id="SCI4_RXI4" priority="15" usedState="未使用"/>
+        <Item currentVect="83" id="SCI4_TXI4" priority="15" usedState="未使用"/>
+        <Item currentVect="84" id="SCI5_RXI5" priority="15" usedState="未使用"/>
+        <Item currentVect="85" id="SCI5_TXI5" priority="15" usedState="未使用"/>
+        <Item currentVect="86" id="SCI6_RXI6" priority="15" usedState="未使用"/>
+        <Item currentVect="87" id="SCI6_TXI6" priority="15" usedState="未使用"/>
+        <Item currentVect="88" id="LVD1_LVD1" priority="15" usedState="未使用"/>
+        <Item currentVect="89" id="LVD2_LVD2" priority="15" usedState="未使用"/>
+        <Item currentVect="90" id="USB0_USBR0" priority="15" usedState="未使用"/>
+        <Item currentVect="92" id="RTC_ALM" priority="15" usedState="未使用"/>
+        <Item currentVect="93" id="RTC_PRD" priority="15" usedState="未使用"/>
+        <Item currentVect="95" id="IWDT_IWUNI" priority="15" usedState="未使用"/>
+        <Item currentVect="96" id="WDT_WUNI" priority="15" usedState="未使用"/>
+        <Item currentVect="97" id="PDC_PCDFI" priority="15" usedState="未使用"/>
+        <Item currentVect="98" id="SCI7_RXI7" priority="15" usedState="未使用"/>
+        <Item currentVect="99" id="SCI7_TXI7" priority="15" usedState="未使用"/>
+        <Item currentVect="100" id="SCI8_RXI8" priority="15" usedState="未使用"/>
+        <Item currentVect="101" id="SCI8_TXI8" priority="15" usedState="未使用"/>
+        <Item currentVect="102" id="SCI9_RXI9" priority="15" usedState="未使用"/>
+        <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="未使用"/>
+        <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="未使用"/>
+        <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="未使用"/>
+        <Item currentVect="106" groupchild="&lt;br&gt;0-ERS0&lt;br&gt;1-ERS1" id="BE0" priority="15" usedState="未使用"/>
+        <Item currentVect="107" groupchild="&lt;br&gt;0-SDIOI" id="BL2" priority="15" usedState="未使用"/>
+        <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="未使用"/>
+        <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="未使用"/>
+        <Item currentVect="110" groupchild="&lt;br&gt;0-TEI0&lt;br&gt;1-ERI0&lt;br&gt;2-TEI1&lt;br&gt;3-ERI1&lt;br&gt;4-TEI2&lt;br&gt;5-ERI2&lt;br&gt;6-TEI3&lt;br&gt;7-ERI3&lt;br&gt;8-TEI4&lt;br&gt;9-ERI4&lt;br&gt;10-TEI5&lt;br&gt;11-ERI5&lt;br&gt;12-TEI6&lt;br&gt;13-ERI6&lt;br&gt;14-TEI7&lt;br&gt;15-ERI7&lt;br&gt;16-TEI12&lt;br&gt;17-ERI12&lt;br&gt;18-SCIX0&lt;br&gt;19-SCIX1&lt;br&gt;20-SCIX2&lt;br&gt;21-SCIX3&lt;br&gt;24-QSPSSLI&lt;br&gt;26-FERRI&lt;br&gt;27-MENDI&lt;br&gt;28-OVFI&lt;br&gt;29-DOPCI&lt;br&gt;30-PCFEI&lt;br&gt;31-PCERI" id="BL0" priority="15" usedState="未使用"/>
+        <Item currentVect="111" groupchild="&lt;br&gt;3-CDETI&lt;br&gt;4-CACI&lt;br&gt;5-SDACI&lt;br&gt;6-CDETIO&lt;br&gt;7-ERRIO&lt;br&gt;8-ACCIO&lt;br&gt;9-OEI1&lt;br&gt;10-OEI2&lt;br&gt;11-OEI3&lt;br&gt;12-OEI4&lt;br&gt;13-TEI0&lt;br&gt;14-EEI0&lt;br&gt;15-TEI2&lt;br&gt;16-EEI2&lt;br&gt;20-S12CMPAI&lt;br&gt;21-S12CMPBI&lt;br&gt;22-S12CMPAI1&lt;br&gt;23-S12CMPBI1&lt;br&gt;24-TEI8&lt;br&gt;25-ERI8&lt;br&gt;26-TEI9&lt;br&gt;27-ERI9&lt;br&gt;28-TEI1&lt;br&gt;29-EEI1" id="BL1" priority="15" usedState="未使用"/>
+        <Item currentVect="112" groupchild="&lt;br&gt;8-TEI10&lt;br&gt;9-ERI10&lt;br&gt;12-TEI11&lt;br&gt;13-ERI11&lt;br&gt;16-SPII0&lt;br&gt;17-SPEI0&lt;br&gt;18-SPII1&lt;br&gt;19-SPEI1&lt;br&gt;20-SPII2&lt;br&gt;21-SPEI2" id="AL0" priority="15" usedState="未使用"/>
+        <Item currentVect="113" groupchild="&lt;br&gt;4-EINT0&lt;br&gt;8-VPOS&lt;br&gt;9-GR1UF&lt;br&gt;10-GR2UF&lt;br&gt;11-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
+        <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="未使用"/>
+        <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="未使用"/>
+        <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="未使用"/>
+        <Item currentVect="117" id="SCI12_TXI12" priority="15" usedState="未使用"/>
+        <Item currentVect="120" id="DMAC_DMAC0I" priority="15" usedState="未使用"/>
+        <Item currentVect="121" id="DMAC_DMAC1I" priority="15" usedState="未使用"/>
+        <Item currentVect="122" id="DMAC_DMAC2I" priority="15" usedState="未使用"/>
+        <Item currentVect="123" id="DMAC_DMAC3I" priority="15" usedState="未使用"/>
+        <Item currentVect="124" id="DMAC_DMAC74I" priority="15" usedState="未使用"/>
+        <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="未使用"/>
+        <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="未使用"/>
+        <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="未使用"/>
+        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="5" usedState="使用中"/>
+        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="5" usedState="使用中"/>
+        <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="未使用"/>
+        <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="未使用"/>
+        <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="未使用"/>
+        <Item currentVect="133" defaultVect="133" id="TPU0_TGI0D" priority="15" usedState="未使用"/>
+        <Item currentVect="134" defaultVect="134" id="TPU0_TCI0V" priority="15" usedState="未使用"/>
+        <Item currentVect="135" defaultVect="135" id="TPU1_TGI1B" priority="15" usedState="未使用"/>
+        <Item currentVect="136" defaultVect="136" id="TPU1_TCI1V" priority="15" usedState="未使用"/>
+        <Item currentVect="137" defaultVect="137" id="TPU1_TCI1U" priority="15" usedState="未使用"/>
+        <Item currentVect="138" defaultVect="138" id="TPU2_TGI2A" priority="15" usedState="未使用"/>
+        <Item currentVect="139" defaultVect="139" id="TPU2_TGI2B" priority="15" usedState="未使用"/>
+        <Item currentVect="140" defaultVect="140" id="TPU2_TCI2V" priority="15" usedState="未使用"/>
+        <Item currentVect="141" defaultVect="141" id="TPU2_TCI2U" priority="15" usedState="未使用"/>
+        <Item currentVect="142" defaultVect="142" id="TPU3_TGI3A" priority="15" usedState="未使用"/>
+        <Item currentVect="143" defaultVect="143" id="TPU3_TGI3B" priority="15" usedState="未使用"/>
+        <Item currentVect="144" defaultVect="144" id="TPU1_TGI1A" priority="15" usedState="未使用"/>
+        <Item currentVect="145" defaultVect="145" id="TPU3_TGI3C" priority="15" usedState="未使用"/>
+        <Item currentVect="146" defaultVect="146" id="TMR0_CMIA0" priority="15" usedState="未使用"/>
+        <Item currentVect="147" defaultVect="147" id="TMR0_CMIB0" priority="15" usedState="未使用"/>
+        <Item currentVect="148" defaultVect="148" id="TMR0_OVI0" priority="15" usedState="未使用"/>
+        <Item currentVect="149" defaultVect="149" id="TMR1_CMIA1" priority="15" usedState="未使用"/>
+        <Item currentVect="150" defaultVect="150" id="TMR1_CMIB1" priority="15" usedState="未使用"/>
+        <Item currentVect="151" defaultVect="151" id="TMR1_OVI1" priority="15" usedState="未使用"/>
+        <Item currentVect="152" defaultVect="152" id="TMR2_CMIA2" priority="15" usedState="未使用"/>
+        <Item currentVect="153" defaultVect="153" id="TMR2_CMIB2" priority="15" usedState="未使用"/>
+        <Item currentVect="154" defaultVect="154" id="TMR2_OVI2" priority="15" usedState="未使用"/>
+        <Item currentVect="155" defaultVect="155" id="TMR3_CMIA3" priority="15" usedState="未使用"/>
+        <Item currentVect="156" defaultVect="156" id="TMR3_CMIB3" priority="15" usedState="未使用"/>
+        <Item currentVect="157" defaultVect="157" id="TMR3_OVI3" priority="15" usedState="未使用"/>
+        <Item currentVect="158" defaultVect="158" id="TPU3_TGI3D" priority="15" usedState="未使用"/>
+        <Item currentVect="159" defaultVect="159" id="TPU3_TCI3V" priority="15" usedState="未使用"/>
+        <Item currentVect="160" defaultVect="160" id="TPU4_TGI4A" priority="15" usedState="未使用"/>
+        <Item currentVect="161" defaultVect="161" id="TPU4_TGI4B" priority="15" usedState="未使用"/>
+        <Item currentVect="162" defaultVect="162" id="TPU4_TCI4V" priority="15" usedState="未使用"/>
+        <Item currentVect="163" defaultVect="163" id="TPU4_TCI4U" priority="15" usedState="未使用"/>
+        <Item currentVect="164" defaultVect="164" id="TPU5_TGI5A" priority="15" usedState="未使用"/>
+        <Item currentVect="165" defaultVect="165" id="TPU5_TGI5B" priority="15" usedState="未使用"/>
+        <Item currentVect="166" defaultVect="166" id="TPU5_TCI5V" priority="15" usedState="未使用"/>
+        <Item currentVect="167" defaultVect="167" id="TPU5_TCI5U" priority="15" usedState="未使用"/>
+        <Item currentVect="168" defaultVect="168" id="CMTW0_IC0I0" priority="15" usedState="未使用"/>
+        <Item currentVect="169" defaultVect="169" id="CMTW0_IC1I0" priority="15" usedState="未使用"/>
+        <Item currentVect="170" defaultVect="170" id="CMTW0_OC0I0" priority="15" usedState="未使用"/>
+        <Item currentVect="171" defaultVect="171" id="CMTW0_OC1I0" priority="15" usedState="未使用"/>
+        <Item currentVect="172" defaultVect="172" id="CMTW1_IC0I1" priority="15" usedState="未使用"/>
+        <Item currentVect="173" defaultVect="173" id="CMTW1_IC1I1" priority="15" usedState="未使用"/>
+        <Item currentVect="174" defaultVect="174" id="CMTW1_OC0I1" priority="15" usedState="未使用"/>
+        <Item currentVect="175" defaultVect="175" id="CMTW1_OC1I1" priority="15" usedState="未使用"/>
+        <Item currentVect="176" defaultVect="176" id="RTC_CUP" priority="15" usedState="未使用"/>
+        <Item currentVect="177" defaultVect="177" id="CAN0_RXF0" priority="15" usedState="未使用"/>
+        <Item currentVect="178" defaultVect="178" id="CAN0_TXF0" priority="15" usedState="未使用"/>
+        <Item currentVect="179" defaultVect="179" id="CAN0_RXM0" priority="15" usedState="未使用"/>
+        <Item currentVect="180" defaultVect="180" id="CAN0_TXM0" priority="15" usedState="未使用"/>
+        <Item currentVect="181" defaultVect="181" id="CAN1_RXF1" priority="15" usedState="未使用"/>
+        <Item currentVect="182" defaultVect="182" id="CAN1_TXF1" priority="15" usedState="未使用"/>
+        <Item currentVect="183" defaultVect="183" id="CAN1_RXM1" priority="15" usedState="未使用"/>
+        <Item currentVect="184" defaultVect="184" id="CAN1_TXM1" priority="15" usedState="未使用"/>
+        <Item currentVect="185" defaultVect="185" id="USB0_USBI0" priority="15" usedState="未使用"/>
+        <Item currentVect="186" defaultVect="186" id="S12AD_S12ADI" priority="15" usedState="未使用"/>
+        <Item currentVect="187" defaultVect="187" id="S12AD_S12GBADI" priority="15" usedState="未使用"/>
+        <Item currentVect="188" defaultVect="188" id="S12AD_S12GCADI" priority="15" usedState="未使用"/>
+        <Item currentVect="189" defaultVect="189" id="S12AD1_S12ADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="190" defaultVect="190" id="S12AD1_S12GBADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="191" defaultVect="191" id="S12AD1_S12GCADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="192" defaultVect="192" id="RNG_RNGEND" priority="15" usedState="未使用"/>
+        <Item currentVect="193" defaultVect="193" id="ELC_ELSR18I" priority="15" usedState="未使用"/>
+        <Item currentVect="194" defaultVect="194" id="ELC_ELSR19I" priority="15" usedState="未使用"/>
+        <Item currentVect="195" defaultVect="195" id="TSIP_PROC_BUSY" priority="15" usedState="未使用"/>
+        <Item currentVect="196" defaultVect="196" id="TSIP_ROMOK" priority="15" usedState="未使用"/>
+        <Item currentVect="197" defaultVect="197" id="TSIP_LONG_PLG" priority="15" usedState="未使用"/>
+        <Item currentVect="198" defaultVect="198" id="TSIP_TEST_BUSY" priority="15" usedState="未使用"/>
+        <Item currentVect="199" defaultVect="199" id="TSIP_WRRDY0" priority="15" usedState="未使用"/>
+        <Item currentVect="200" defaultVect="200" id="TSIP_WRRDY1" priority="15" usedState="未使用"/>
+        <Item currentVect="201" defaultVect="201" id="TSIP_WRRDY4" priority="15" usedState="未使用"/>
+        <Item currentVect="202" defaultVect="202" id="TSIP_RDRDY0" priority="15" usedState="未使用"/>
+        <Item currentVect="203" defaultVect="203" id="TSIP_RDRDY1" priority="15" usedState="未使用"/>
+        <Item currentVect="204" defaultVect="204" id="TSIP_INTEGRATE_WRRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="205" defaultVect="205" id="TSIP_INTEGRATE_RDRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="206" id="PERIB_INTB206" priority="15" usedState="未使用"/>
+        <Item currentVect="207" id="PERIB_INTB207" priority="15" usedState="未使用"/>
+        <Item currentVect="208" defaultVect="208" id="MTU1_TGIA1" priority="15" usedState="未使用"/>
+        <Item currentVect="209" defaultVect="209" id="MTU0_TGIA0" priority="15" usedState="未使用"/>
+        <Item currentVect="210" defaultVect="210" id="MTU0_TGIB0" priority="15" usedState="未使用"/>
+        <Item currentVect="211" defaultVect="211" id="MTU0_TGIC0" priority="15" usedState="未使用"/>
+        <Item currentVect="212" defaultVect="212" id="MTU0_TGID0" priority="15" usedState="未使用"/>
+        <Item currentVect="213" defaultVect="213" id="MTU0_TCIV0" priority="15" usedState="未使用"/>
+        <Item currentVect="214" defaultVect="214" id="MTU0_TGIE0" priority="15" usedState="未使用"/>
+        <Item currentVect="215" defaultVect="215" id="MTU0_TGIF0" priority="15" usedState="未使用"/>
+        <Item currentVect="216" defaultVect="216" id="MTU1_TGIB1" priority="15" usedState="未使用"/>
+        <Item currentVect="217" defaultVect="217" id="MTU1_TCIV1" priority="15" usedState="未使用"/>
+        <Item currentVect="218" defaultVect="218" id="MTU1_TCIU1" priority="15" usedState="未使用"/>
+        <Item currentVect="219" defaultVect="219" id="MTU2_TGIA2" priority="15" usedState="未使用"/>
+        <Item currentVect="220" defaultVect="220" id="MTU2_TGIB2" priority="15" usedState="未使用"/>
+        <Item currentVect="221" defaultVect="221" id="MTU2_TCIV2" priority="15" usedState="未使用"/>
+        <Item currentVect="222" defaultVect="222" id="MTU2_TCIU2" priority="15" usedState="未使用"/>
+        <Item currentVect="223" defaultVect="223" id="MTU3_TGIA3" priority="15" usedState="未使用"/>
+        <Item currentVect="224" defaultVect="224" id="MTU3_TGIB3" priority="15" usedState="未使用"/>
+        <Item currentVect="225" defaultVect="225" id="MTU3_TGIC3" priority="15" usedState="未使用"/>
+        <Item currentVect="226" defaultVect="226" id="MTU3_TGID3" priority="15" usedState="未使用"/>
+        <Item currentVect="227" defaultVect="227" id="MTU3_TCIV3" priority="15" usedState="未使用"/>
+        <Item currentVect="228" defaultVect="228" id="MTU4_TGIA4" priority="15" usedState="未使用"/>
+        <Item currentVect="229" defaultVect="229" id="MTU4_TGIB4" priority="15" usedState="未使用"/>
+        <Item currentVect="230" defaultVect="230" id="MTU4_TGIC4" priority="15" usedState="未使用"/>
+        <Item currentVect="231" defaultVect="231" id="MTU4_TGID4" priority="15" usedState="未使用"/>
+        <Item currentVect="232" defaultVect="232" id="MTU4_TCIV4" priority="15" usedState="未使用"/>
+        <Item currentVect="233" defaultVect="233" id="MTU5_TGIU5" priority="15" usedState="未使用"/>
+        <Item currentVect="234" defaultVect="234" id="MTU5_TGIV5" priority="15" usedState="未使用"/>
+        <Item currentVect="235" defaultVect="235" id="MTU5_TGIW5" priority="15" usedState="未使用"/>
+        <Item currentVect="236" defaultVect="236" id="MTU6_TGIA6" priority="15" usedState="未使用"/>
+        <Item currentVect="237" defaultVect="237" id="MTU6_TGIB6" priority="15" usedState="未使用"/>
+        <Item currentVect="238" defaultVect="238" id="MTU6_TGIC6" priority="15" usedState="未使用"/>
+        <Item currentVect="239" defaultVect="239" id="MTU6_TGID6" priority="15" usedState="未使用"/>
+        <Item currentVect="240" defaultVect="240" id="MTU6_TCIV6" priority="15" usedState="未使用"/>
+        <Item currentVect="241" defaultVect="241" id="MTU7_TGIA7" priority="15" usedState="未使用"/>
+        <Item currentVect="242" defaultVect="242" id="MTU7_TGIB7" priority="15" usedState="未使用"/>
+        <Item currentVect="243" defaultVect="243" id="MTU7_TGIC7" priority="15" usedState="未使用"/>
+        <Item currentVect="244" defaultVect="244" id="MTU7_TGID7" priority="15" usedState="未使用"/>
+        <Item currentVect="245" defaultVect="245" id="MTU7_TCIV7" priority="15" usedState="未使用"/>
+        <Item currentVect="246" defaultVect="246" id="MTU8_TGIA8" priority="15" usedState="未使用"/>
+        <Item currentVect="247" defaultVect="247" id="MTU8_TGIB8" priority="15" usedState="未使用"/>
+        <Item currentVect="248" defaultVect="248" id="MTU8_TGIC8" priority="15" usedState="未使用"/>
+        <Item currentVect="249" defaultVect="249" id="MTU8_TGID8" priority="15" usedState="未使用"/>
+        <Item currentVect="250" defaultVect="250" id="MTU8_TCIV8" priority="15" usedState="未使用"/>
+        <Item currentVect="251" defaultVect="251" id="AES_AESRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="252" defaultVect="252" id="AES_AESEND" priority="15" usedState="未使用"/>
+        <Item currentVect="253" id="PERIA_INTA253" priority="15" usedState="未使用"/>
+        <Item currentVect="254" id="PERIA_INTA254" priority="15" usedState="未使用"/>
+        <Item currentVect="255" id="PERIA_INTA255" priority="15" usedState="未使用"/>
     </tool>
     <tool id="Pins" version="1.0.1.0">
-        <pinItem allocation="11" comments="" direction="None" id="XTAL" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="59" comments="" direction="None" id="RMII0_RXD0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="61" comments="" direction="None" id="RMII0_RXD1" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="54" comments="" direction="None" id="RMII0_TXD1" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="55" comments="" direction="None" id="RMII0_TXD0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="58" comments="" direction="None" id="REF50CK0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="66" comments="" direction="None" id="ET0_MDC" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="13" comments="" direction="None" id="EXTAL" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="65" comments="" direction="None" id="ET0_LINKSTA" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="57" comments="" direction="None" id="RMII0_RX_ER" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="56" comments="" direction="None" id="RMII0_TXD_EN" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="67" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="53" comments="" direction="None" id="RMII0_CRS_DV" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinnumItem comment="SW2 Reset Switch" id="10"/>
-        <pinnumItem comment="CN10 Serial Servo" id="16"/>
-        <pinnumItem comment="CN10 Serial Servo" id="17"/>
-        <pinnumItem comment="CN10 Serial Servo" id="18"/>
-        <pinnumItem comment="U5 WiFi Module" id="19"/>
-        <pinnumItem comment="N.C." id="4"/>
-        <pinnumItem comment="SW1 Operation Mode Switch" id="7"/>
-        <pinnumItem comment="CN4 PMOD" id="20"/>
-        <pinnumItem comment="U5 WiFi Module" id="21"/>
-        <pinnumItem comment="CN4 PMOD" id="22"/>
-        <pinnumItem comment="U5 WiFi Module" id="23"/>
-        <pinnumItem comment="U5 WiFi Module" id="24"/>
-        <pinnumItem comment="U5 WiFi Module" id="25"/>
-        <pinnumItem comment="CN7 Serial Servo" id="26"/>
-        <pinnumItem comment="CN7 Serial Servo" id="27"/>
-        <pinnumItem comment="CN7 Serial Servo" id="28"/>
-        <pinnumItem comment="U5 WiFi Module" id="29"/>
-        <pinnumItem comment="CN5 USB" id="30"/>
-        <pinnumItem comment="CN8 Serial Servo" id="32"/>
-        <pinnumItem comment="CN8 Serial Servo" id="33"/>
-        <pinnumItem comment="CN8 Serial Servo" id="34"/>
-        <pinnumItem comment="CN5 USB" id="36"/>
-        <pinnumItem comment="CN5 USB" id="37"/>
-        <pinnumItem comment="CN4 PMOD" id="42"/>
-        <pinnumItem comment="CN4 PMOD" id="44"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="45"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="46"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="47"/>
-        <pinnumItem comment="CN9 Serial Servo" id="48"/>
-        <pinnumItem comment="CN9 Serial Servo" id="49"/>
-        <pinnumItem comment="CN9 Serial Servo" id="50"/>
-        <pinnumItem comment="CN6 Ether" id="53"/>
-        <pinnumItem comment="CN6 Ether" id="54"/>
-        <pinnumItem comment="CN6 Ether" id="55"/>
-        <pinnumItem comment="CN6 Ether" id="56"/>
-        <pinnumItem comment="CN6 Ether" id="57"/>
-        <pinnumItem comment="CN6 Ether" id="58"/>
-        <pinnumItem comment="CN6 Ether" id="59"/>
-        <pinnumItem comment="CN6 Ether" id="61"/>
-        <pinnumItem comment="CN6 Ether" id="64"/>
-        <pinnumItem comment="CN6 Ether" id="65"/>
-        <pinnumItem comment="CN6 Ether" id="66"/>
-        <pinnumItem comment="CN6 Ether" id="67"/>
-        <pinnumItem comment="LED2" id="69"/>
-        <pinnumItem comment="LED1" id="70"/>
-        <pinnumItem comment="CN4 PMOD" id="71"/>
-        <pinnumItem comment="CN4 PMOD" id="72"/>
-        <pinnumItem comment="CN4 PMOD" id="73"/>
-        <pinnumItem comment="CN4 PMOD" id="74"/>
-        <pinnumItem comment="CN12C ADC" id="79"/>
-        <pinnumItem comment="CN13 DAC" id="100"/>
-        <pinnumItem comment="CN12C ADC" id="80"/>
-        <pinnumItem comment="CN12C ADC" id="81"/>
-        <pinnumItem comment="CN12C ADC" id="82"/>
-        <pinnumItem comment="CN12C ADC" id="83"/>
-        <pinnumItem comment="CN12C ADC" id="84"/>
+        <pinItem allocation="11" comments="" direction="None" id="XTAL" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="59" comments="" direction="None" id="RMII0_RXD0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="61" comments="" direction="None" id="RMII0_RXD1" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="54" comments="" direction="None" id="RMII0_TXD1" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="55" comments="" direction="None" id="RMII0_TXD0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="58" comments="" direction="None" id="REF50CK0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="66" comments="" direction="None" id="ET0_MDC" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="13" comments="" direction="None" id="EXTAL" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="65" comments="" direction="None" id="ET0_LINKSTA" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="57" comments="" direction="None" id="RMII0_RX_ER" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="56" comments="" direction="None" id="RMII0_TXD_EN" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="67" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="53" comments="" direction="None" id="RMII0_CRS_DV" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinnumItem comment="CN4 PMOD" id="44" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="45" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="46" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="47" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="48" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="49" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="50" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="53" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="54" symbolicname=""/>
+        <pinnumItem comment="SW2 Reset Switch" id="10" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="55" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="56" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="57" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="58" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="59" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="16" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="17" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="18" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="19" symbolicname=""/>
+        <pinnumItem comment="N.C." id="4" symbolicname=""/>
+        <pinnumItem comment="SW1 Operation Mode Switch" id="7" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="61" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="20" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="64" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="65" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="21" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="66" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="22" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="67" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="23" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="24" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="25" symbolicname=""/>
+        <pinnumItem comment="LED2" id="69" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="26" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="27" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="28" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="29" symbolicname=""/>
+        <pinnumItem comment="LED1" id="70" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="71" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="72" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="73" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="30" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="74" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="32" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="33" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="34" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="79" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="36" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="37" symbolicname=""/>
+        <pinnumItem comment="CN13 DAC" id="100" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="80" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="81" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="82" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="83" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="84" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="42" symbolicname=""/>
     </tool>
     <tool id="Summary" version="1.0.0.0">
         <option id="com.renesas.smc.code.path" value="src\smc_gen"/>
         <option id="com.renesas.smc.code.type" value="Normal Folder"/>
     </tool>
     <tool id="SWComponent" version="1.0.0.0">
-        <configuration id="60957c51-a5e9-46fc-b2c8-a6141e24332c" inuse="true" name="Config_TMR0">
+        <configuration apiMode="FULL_API" id="60957c51-a5e9-46fc-b2c8-a6141e24332c" inuse="true" name="Config_TMR0">
             <allocatable id="TMR0">
                 <isocket id="CountingClock" selection="Clock.tool_clock_pclkb" value="3.0E7"/>
                 <option enabled="true" id="CountMode" selection="8bitMode">
@@ -683,8 +685,8 @@
                     <item id="Level15" input="" vlaue="0"/>
                 </option>
             </allocatable>
-            <component description="This software component generates two units (unit 0, unit 1) of an on-chip 8-bit timer (TMR) module that comprise two 8-bit counter channels, totaling four channels." detailDescription="" display="8-Bit Timer" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.9.0"/>
-            <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8-Bit Timer 0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx651.tmr0" type="">
+            <component description="��ソフトウェアコン�ー�ント��8 ビットタイマ（TMR）�構�を�供���。&#10;&#10;外部イベント�カウント��能����2 本�レジスタ��コンペアマッ�信��より�カウンタ�クリア�割り込��求�任��デューティ比�パルス出力���多機能タイマ���種々�応用��能��。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
+            <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8 ビットタイマ0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx651.tmr0" type="">
                 <context>
                     <option enabled="true" id="CountMode" selection="8bitMode">
                         <item enabled="true" id="8bitMode"/>
@@ -692,10 +694,10 @@
                     </option>
                 </context>
             </allocator>
-            <source description="Code generator components provide peripheral drivers with customized generated source geared towards small code size" display="Code Generator" id="com.renesas.smc.tools.swcomponent.codegenerator.source"/>
+            <source description="コード生��対応��コン�ー�ント��設定�応��周辺ドライ��コードを���コードサイズ�出力���。" display="コード生�" id="com.renesas.smc.tools.swcomponent.codegenerator.source"/>
         </configuration>
         <configuration inuse="true" name="r_bsp">
-            <component description="Dependencies : None&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp6.21" version="6.21">
+            <component description="�存モジュール: ��&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp6.21" version="6.21">
                 <gridItem id="BSP_CFG_USER_STACK_ENABLE" selectedIndex="1"/>
                 <gridItem id="BSP_CFG_USTACK_BYTES" selectedIndex="0x2000"/>
                 <gridItem id="BSP_CFG_ISTACK_BYTES" selectedIndex="0x400"/>
@@ -746,14 +748,14 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_cmt_rx">
-            <component description="Dependency : r_bsp version(s) 6.20&#10;This module creates a timer tick using a CMT channel based on a frequency input by the user." detailDescription="CMT driver" display="r_cmt_rx" id="r_cmt_rx4.90" version="4.90">
+            <component description="�存モジュール: r_bsp �ージョン 6.20&#10;This module creates a timer tick using a CMT channel based on a frequency input by the user." detailDescription="CMT driver" display="r_cmt_rx" id="r_cmt_rx4.90" version="4.90">
                 <gridItem id="CMT_RX_CFG_IPR" selectedIndex="5"/>
             </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_ether_rx">
-            <component description="Dependency : r_bsp version(s) 5.52&#10;The Ethernet fit module provides a method to send and receive Ethernet / IEEE802.3 frame using Ethernet controller (ETHERC), Ethernet DMA controller (EDMAC)." detailDescription="Ethernet Driver." display="r_ether_rx" id="r_ether_rx1.21" version="1.21">
+            <component description="�存モジュール: r_bsp �ージョン 5.52&#10;The Ethernet fit module provides a method to send and receive Ethernet / IEEE802.3 frame using Ethernet controller (ETHERC), Ethernet DMA controller (EDMAC)." detailDescription="Ethernet Driver." display="r_ether_rx" id="r_ether_rx1.21" version="1.21">
                 <gridItem id="CLKOUT25M" selectedIndex="0"/>
                 <gridItem id="ET0_TX_CLK" selectedIndex="0"/>
                 <gridItem id="ET0_RX_CLK" selectedIndex="1"/>
@@ -863,22 +865,22 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_sys_time_rx">
-            <component description="Dependency : r_bsp version(s) 5.20&#10;Dependency : r_cmt_rx version(s) 4.00&#10;Generic system timer for RX MCUs using CMT module." detailDescription="Generic system timer for RX MCUs using CMT module." display="r_sys_time_rx" id="r_sys_time_rx1.01" version="1.01"/>
+            <component description="�存モジュール: r_bsp �ージョン 5.20&#10;�存モジュール: r_cmt_rx �ージョン 4.00&#10;Generic system timer for RX MCUs using CMT module." detailDescription="Generic system timer for RX MCUs using CMT module." display="r_sys_time_rx" id="r_sys_time_rx1.01" version="1.01"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_t4_driver_rx">
-            <component description="Dependency : r_bsp version(s) 5.61&#10;Dependency : r_ether_rx version(s) 1.21&#10;Dependency : r_sys_time_rx version(s) 1.01&#10;Dependency : r_t4_rx version(s) 2.10&#10;Convert the TCP/IP(T4) - RX Ethernet Driver Interface." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] - RX Ethernet Driver Interface" display="r_t4_driver_rx" id="r_t4_driver_rx1.09" version="1.09"/>
+            <component description="�存モジュール: r_bsp �ージョン 5.61&#10;�存モジュール: r_ether_rx �ージョン 1.21&#10;�存モジュール: r_sys_time_rx �ージョン 1.01&#10;�存モジュール: r_t4_rx �ージョン 2.10&#10;Convert the TCP/IP(T4) - RX Ethernet Driver Interface." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] - RX Ethernet Driver Interface" display="r_t4_driver_rx" id="r_t4_driver_rx1.09" version="1.09"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_t4_rx">
-            <component description="Dependency : r_t4_driver_rx version(s) 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
+            <component description="�存モジュール: r_t4_driver_rx �ージョン 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
                 <gridItem id="T4_CFG_SYSTEM_CHANNEL_NUMBER" selectedIndex="0"/>
                 <gridItem id="T4_CFG_SYSTEM_DHCP" selectedIndex="0"/>
-                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,1,33"/>
+                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,11,33"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH0" selectedIndex="255,255,255,0"/>
-                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,1,1"/>
+                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,11,1"/>
                 <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH1" selectedIndex="192,168,0,10"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH1" selectedIndex="255,255,255,0"/>
                 <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH1" selectedIndex="0,0,0,0"/>
@@ -959,7 +961,63 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_tsip_rx">
-            <component description="Dependency : r_bsp version(s) 7.00&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.15.l" version="1.15.l"/>
+            <component description="�存モジュール: r_bsp �ージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.21" version="1.21">
+                <gridItem id="TSIP_AES_128_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_TDES_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_SHA_1" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256" selectedIndex="1"/>
+                <gridItem id="TSIP_MD5" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_2048" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSA_RETRY_COUNT_FOR_RSA_KEY_GENERATION" selectedIndex="5120*2"/>
+                <gridItem id="TSIP_ECDSA_P192" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P224" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDSA_P384" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDH_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_USER_SHA_384_ENABLED" selectedIndex="0"/>
+                <gridItem id="TSIP_USER_SHA_384_FUNCTION" selectedIndex="user_sha384_function"/>
+                <gridItem id="TSIP_TLS" selectedIndex="1"/>
+                <gridItem id="TSIP_SECURE_BOOT" selectedIndex="0"/>
+                <gridItem id="TSIP_FIRMWARE_UPDATE" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING_LOCK_FUNCTION" selectedIndex="user_lock_function"/>
+                <gridItem id="TSIP_MULTI_THREADING_UNLOCK_FUNCTION" selectedIndex="user_unlock_function"/>
+            </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
index dcc59aac3..642c88be4 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -186,83 +186,95 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x9a, 0x0e, 0xbc, 0x0f, 0x7a, 0xbe, 0xb6, 0x47, 0x79, 0x71, 0xcc, 0x51,
-    0x87, 0xaa, 0x28, 0xbd, 0x9c, 0x04, 0x08, 0x0b, 0xb9, 0x78, 0x84, 0xeb,
-    0x1d, 0xf9, 0x0e, 0x38, 0x23, 0xfe, 0x8f, 0x6e, 0x75, 0x21, 0xcc, 0x39,
-    0x79, 0xf8, 0x9d, 0x80, 0x6b, 0xa9, 0x63, 0x79, 0x13, 0xd8, 0xc9, 0x5d,
-    0xd5, 0x84, 0x17, 0xdc, 0xe4, 0x56, 0xae, 0x55, 0x64, 0x69, 0x8c, 0x95,
-    0xa4, 0x03, 0xc1, 0x4a, 0xe8, 0xb6, 0xd5, 0x1b, 0xfa, 0x26, 0x3f, 0x2c,
-    0xff, 0xfc, 0xea, 0x83, 0xca, 0xf7, 0x4d, 0x9e, 0xf4, 0xbf, 0xca, 0xb6,
-    0x19, 0x46, 0x55, 0x45, 0xf4, 0x7d, 0xcd, 0x4b, 0xbc, 0x3d, 0xb7, 0xff,
-    0x57, 0xbf, 0xe8, 0x0e, 0xbc, 0x16, 0x45, 0xa1, 0xdb, 0xf0, 0xb4, 0x44,
-    0x64, 0x76, 0x0b, 0xe5, 0x86, 0x32, 0xbe, 0xd7, 0xf0, 0x26, 0x6c, 0x48,
-    0xb6, 0x7f, 0x1a, 0x2a, 0xe6, 0x1b, 0xbd, 0x5b, 0x9e, 0xca, 0xd0, 0xf4,
-    0xbb, 0xe4, 0x7f, 0x29, 0x66, 0xf6, 0x31, 0x6d, 0x70, 0x6f, 0xfd, 0x4d,
-    0x7f, 0xc8, 0x7f, 0x9a, 0x5b, 0x1e, 0x37, 0xf7, 0x0c, 0x66, 0xb2, 0x62,
-    0xd8, 0x3e, 0xca, 0x79, 0x6c, 0xec, 0x05, 0x01, 0xda, 0xd9, 0xe2, 0xc3,
-    0xd5, 0x9b, 0xf9, 0x43, 0xa6, 0x14, 0x9a, 0x1f, 0x32, 0xd3, 0x68, 0x63,
-    0x65, 0xb8, 0xb1, 0x63, 0xd5, 0xe2, 0xaa, 0x06, 0x27, 0x62, 0x4a, 0x95,
-    0x48, 0x3f, 0xee, 0xde, 0x3b, 0x89, 0xd4, 0x61, 0x74, 0x39, 0xef, 0xe6,
-    0x6e, 0x16, 0x2d, 0x8b, 0x54, 0x29, 0xe9, 0x71, 0xbc, 0xd4, 0x30, 0x42,
-    0x35, 0x1e, 0x89, 0xfb, 0xf7, 0x4a, 0x47, 0x87, 0x41, 0x66, 0x49, 0xe5,
-    0x8e, 0x16, 0x7f, 0x17, 0x07, 0xd6, 0xff, 0xe1, 0x2a, 0x4d, 0x7c, 0x70,
-    0x0d, 0x72, 0x5d, 0x3d, 0x1f, 0xd8, 0x41, 0x1a, 0x43, 0x00, 0x31, 0x81,
-    0x60, 0xa8, 0x6c, 0xef
+		0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+		0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+		0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+		0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+		0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+		0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+		0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+		0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+		0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+		0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+		0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+		0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+		0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+		0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+		0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+		0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+		0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+		0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+		0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+		0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+		0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+		0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+		0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+		0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+		0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+		0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
index 2d6bead06..10e95496f 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
index 733da6971..f9a8f8eb8 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -89,14 +89,14 @@ double current_time(int reset)
 
 int SetTsiptlsKey()
 {
-#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109)   
-    
+#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109)
+
 #if defined(TLS_CLIENT)
 
-    #if defined(USE_ECC_CERT)    
+    #if defined(USE_ECC_CERT)
     /* Root CA cert has ECC-P256 public key */
     tsip_inform_cert_sign((const byte *)ca_ecc_cert_der_sig);
-    #else    
+    #else
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte *)ca_cert_der_sig);
     #endif
@@ -120,24 +120,24 @@ int SetTsiptlsKey()
 #endif
 
 #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER < 109)
-    
+
     #if defined(TLS_CLIENT)
- 
+
         tsip_inform_cert_sign((const byte *)ca_cert_sig);
         tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
                             (byte*)&g_key_block_data.iv,
                             (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
- 
+
     #elif defined(TLS_SERVER)
- 
+
         tsip_inform_cert_sign((const byte *)client_cert_der_sign);
         tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
                             (byte*)&g_key_block_data.iv,
                             (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
- 
+
     #endif
 
-#endif    
+#endif
     return 0;
 }
 
@@ -283,7 +283,7 @@ void main(void)
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     SetTsiptlsKey();
 #endif
-    
+
     do {
         if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]);
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
index 76cfb41a5..2ceabfa68 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -114,7 +114,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -137,7 +137,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
     if ((client_ctx = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heapHint),
                                                       heapHint)) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
-        return;                                                
+        return;
     }
 
     if ((wolfSSL_CTX_load_static_memory(&client_ctx, NULL, heapBufIO,
@@ -149,7 +149,7 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
 #else
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -168,8 +168,8 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
     /*          Root CA certificate                */
     /*---------------------------------------------*/
 
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
-                                            SSL_FILETYPE_ASN1) != SSL_SUCCESS){
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
+                                            SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
     }
@@ -186,15 +186,15 @@ void wolfSSL_TLS_client_init(const char* cipherlist)
     /*---------------------------------------------*/
 
     /* use specific cipher */
-    if (cipherlist != NULL && 
+    if (cipherlist != NULL &&
         wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
         wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
         printf("client can't set cipher list");
         return;
     }
-    
+
 #if defined(WOLFSSL_TLS13)
-    if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1) 
+    if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
                                                         != WOLFSSL_SUCCESS) {
         wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
         printf("client can't set use supported curves\n");
@@ -213,11 +213,11 @@ void wolfSSL_TLS_client( )
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     static T_IPV4EP my_addr = { 0, 0 };
-    
+
     T_IPV4EP dst_addr;
 
     if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){
@@ -225,7 +225,7 @@ void wolfSSL_TLS_client( )
         goto out;
     }
     if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){
-        printf("ERROR: IP address\n");
+        printf("ERROR: Port number\n");
         goto out;
     }
 
@@ -256,22 +256,22 @@ void wolfSSL_TLS_client( )
     /*---------------------------------------------*/
 #ifdef USE_ECC_CERT
 
-    /* ECDSA client certificate */   
+    /* ECDSA client certificate */
     if (wolfSSL_use_certificate_buffer(ssl, cliecc_cert_der_256,
-            sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+            sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
         printf("ERROR wolfSSL_use_certificate_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
-        goto out;    
+        goto out;
     }
 
 #else
 
     /* RSA client certificate */
     if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048,
-        sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+        sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
         printf("ERROR wolfSSL_use_certificate_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
-        goto out;    
+        goto out;
     }
 
 #endif /* USE_ECC_CERT */
@@ -292,17 +292,17 @@ void wolfSSL_TLS_client( )
         printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
         goto out;
     }
-    
+
     #else
 
     /* DER format ECC private key */
     if (wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
-                                    WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+                                    sizeof_ecc_clikey_der_256,
+                                    WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
         printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
-        goto out; 
+        goto out;
     }
 
     #endif
@@ -334,10 +334,10 @@ void wolfSSL_TLS_client( )
     #else
 
     if (wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
-        sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+        sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
         printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
-        goto out; 
+        goto out;
     }
 
     #endif /* WOLFSSL_RENESAS_TSIP_TLS */
@@ -356,7 +356,7 @@ void wolfSSL_TLS_client( )
     /*          TLS handshake                      */
     /*---------------------------------------------*/
 
-    if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
+    if(wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
         printf("ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
         goto out;
     }
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
index 52ad49bba..9cf891d85 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -126,7 +126,7 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
@@ -140,20 +140,20 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
             wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
 #if !defined(NO_FILESYSTEM)
-            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
                                                                 != WOLFSSL_SUCCESS)
 #else
-            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
                                                sizeof_clicert,
                                                SSL_FILETYPE_ASN1) != SSL_SUCCESS)
 #endif
                 printf("can't load ca file, Please run from wolfSSL home dir\n");
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
index 5f0a537d3..d440032ef 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
new file mode 100644
index 000000000..0658c03a1
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 000000000..c5b3fa91e
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../../wolfssl/certs/ca-cert.der ../../../../../../../../wolfssl
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../../wolfssl/certs/ca-ecc-cert.der ../../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verify by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
new file mode 100644
index 000000000..1fdfcca48
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvv9Ojq+nD5Qey29QAjw30fNVQz1A9OaDMivHMsLDKrW2qlzb
+y5upich6j+bFVCV/qxeWe3Gqgz/9P5lL1gxlsfMB0Ou9ktkpr/tPTGfEg2GqnRT9
+jy6H2gayKV9TB4cGrqOdcg8JA8ioYt6tks03jMqAzqYG20N8pPOxZLl0bRX/CR9r
+zo/ngDZkyHXf35LL+XsjLmavPYrHdULxS4DYz/sHVJe5hLboOjNShpDAM5WU3flD
+xQqspaWfAiXty0RyNmHgVY3ev5xj053hOr2FzbA+vGr2krg6jTlGtt7Pq1/uLfsn
+c86E+wzHqJj/yW+ovlUGFTBhHVosQ/MB2wRxiwIDAQABAoIBAAC5xZmjLzZO8MMD
+HEG16txgWU2VGP8VNSBmrC4UMVujLxt8mNUwNTexzE1pqgxEzDRhNZAogWZYQuUP
+9wrMJ0LC0pnxm1nIe3EQul9m8YcyQsyv/LqjiZ6ZcenYU99ucucM9hct2XHrPECL
+6grpvrFJP64JUXNZ0UprJpxkW/3iGtQGBqtyWKWvIEhvU0rdZuE4JSW1bJTSyplb
+LM4947lLRJufnKNPkCKZlVrhvnd0QE9Q6nwip6+H7Tk/sMPKHZcG8HeQkloHO/ar
+0o2dPwp2vx6T7IvQ1duZyGTvWHCPW66mnrINFJcuUmVDBj0+tHYx94fjEVRUYrig
+4PTIkAkCgYEA6tok4Md+Yqogw+QOPj0tQKujQkxAhkUA8EteVmwFP6Vy6oMYLTkf
+oZuBMh0S+8ddWXJIpDnLMown7a79XwFtXc39W5nXXBhMexNf44ad8soXDOuc363E
+2TYWn/GTUqGcCc4wy99vCe3508XG02yvVSIEY3iEdT0F6iis1uV+TG0CgYEA0DI2
+fS0Xl0+ig4c/0LtiuO40CBoblKsL+fe/bTUhKOnE3z5AkHy71FT2B0JSOnO04F0Q
+cTniGks9LISYm6kQQ43jfxMQCsaUzRbS1i+z+h+TdE8324gHP/4PH1mcUvuUWZHb
+esLeTpLRlsF9Wlm5bnG4wZsHM2+HnJDj5WUOCtcCgYEA6ivXp7XjZHfksc69EPwp
+GhnKcPndQMSfOfq8twmAdkT/f6x1t+oEizymJxTsb9cLUnvsyKvD28P6sDnS9B9V
+MLqLjQGpxm+IGxRngVQiPAubzktEoZf/9uHCz3qufi8cin5pE2/XpRwABlRnezsc
+3JNNsu1hjhDpy+EA7knolEUCgYBFCaGP+Lft8PZO7zZ2HO0rrbGLTjz/G4kpJsJP
+kGKikoI6FQaL4xDV5CaBWbiysVO1YqblJPCZD4IFlSKV24YNIKvjo4qaSCdnqr3X
+UJI5yua2lt5K6dydl72kA68WxV34JanGF4BoRb9CYn8SytX2jbdaW/ITWFR70n//
+vXbemQKBgG+yXyN14DZeld3zCX/1OTi1no++XSe99tK0eeXCmMTjq5kLPJAyQfSz
+Cht82D1bkovS/LX+mZ06ySD632d46W8rgv+AMZqChhUmOG6a0QcCK1vYsgX90O5e
+da5/kHw4lwcCY7yRDq7i0dtgoBGRsLQzIVvo4VxnLNBPH2uqHvum
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
new file mode 100644
index 000000000..ab82dcda3
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv9Ojq+nD5Qey29QAjw3
+0fNVQz1A9OaDMivHMsLDKrW2qlzby5upich6j+bFVCV/qxeWe3Gqgz/9P5lL1gxl
+sfMB0Ou9ktkpr/tPTGfEg2GqnRT9jy6H2gayKV9TB4cGrqOdcg8JA8ioYt6tks03
+jMqAzqYG20N8pPOxZLl0bRX/CR9rzo/ngDZkyHXf35LL+XsjLmavPYrHdULxS4DY
+z/sHVJe5hLboOjNShpDAM5WU3flDxQqspaWfAiXty0RyNmHgVY3ev5xj053hOr2F
+zbA+vGr2krg6jTlGtt7Pq1/uLfsnc86E+wzHqJj/yW+ovlUGFTBhHVosQ/MB2wRx
+iwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md b/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
index 769610879..4574735ab 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
@@ -3,7 +3,7 @@ wolfSSL sample application project for Renesas RSK+RX65N-2MB evaluation board
 
 <br>
 
-A sample program for evaluating wolfSSL targeting the Renesas RSK+RX65N-2MB evaluation board is provided. For details on the program, refer to the following documents included in the package. 
+A sample program for evaluating wolfSSL targeting the Renesas RSK+RX65N-2MB evaluation board is provided. For details on the program, refer to the following documents included in the package.
 
 + InstructionManualForExample_RSK+RX65N-2MB_JP.pdf (Japanese)
-+ InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (English）
\ No newline at end of file
++ InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (English）
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md b/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
index 630f28c0a..9aaa188fe 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
+++ b/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
@@ -9,4 +9,4 @@ Renesas社製 RSK+RX65N-2MB 評価ボードをターゲット���wolfSSLを
 + InstructionManualForExample_RSK+RX65N-2MB_JP.pdf (日本語版)
 + InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (英語版)
 
-を�照����。
\ No newline at end of file
+を�照����。
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
index 29d0adcbd..620334fbf 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -187,84 +187,96 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, 0x8A, 0x16,
-    0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, 0x58, 0xC6, 0x5A, 0xED,
-    0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23,
-    0x15, 0x84, 0x00, 0xE1, 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53,
-    0x8A, 0x95, 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
-    0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, 0x5B, 0x3F,
-    0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, 0x1D, 0xBE, 0xEB, 0x8E,
-    0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6,
-    0x7E, 0xB6, 0xC8, 0xE1, 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46,
-    0xCC, 0xCA, 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
-    0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, 0x55, 0xB6,
-    0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, 0xD7, 0xEB, 0x1D, 0x08,
-    0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38,
-    0xAC, 0x89, 0x63, 0xD5, 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB,
-    0x9B, 0x71, 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
-    0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, 0x58, 0x3A,
-    0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, 0x2D, 0xC5, 0xCD, 0x62,
-    0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8,
-    0xC6, 0x2E, 0xDF, 0xD9, 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73,
-    0x35, 0x4F, 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
-    0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, 0x3E, 0x95,
-    0x2A, 0x10, 0x01, 0x05
+        0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+        0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+        0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+        0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+        0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+        0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+        0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+        0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+        0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+        0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+        0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+        0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+        0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+        0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+        0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+        0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+        0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+        0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+        0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+        0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+        0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+        0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+        0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+        0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+        0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+        0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
 #endif
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
index 2d6bead06..10e95496f 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
index f856d4e5e..fc8feef0e 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,7 +29,7 @@
 /*-- Renesas TSIP usage and its version ---------------------------------------
  *
  *  "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
- *   for cipher operations. 
+ *   for cipher operations.
  *  TSIP definition asks to have its version number.
  *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
  *      106: TSIPv1.06
@@ -38,25 +38,26 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
  *
  * wolfSSL supports TLSv1.2 by default. In case you want your system to support
  * TLSv1.3, uncomment line below.
- * 
+ *
  *----------------------------------------------------------------------------*/
 #define WOLFSSL_TLS13
 
 
 /*-- Operating System related definitions --------------------------------------
- * 
+ *
  *  In case any real-time OS is used, define its name(e.g. FREERTOS).
  *  Otherwise, define "SINGLE_THREADED". They are exclusive each other.
- *   
+ *
  *----------------------------------------------------------------------------*/
 
 #define FREERTOS
@@ -101,23 +102,23 @@
 
   /* USE_ECC_CERT
    * This macro is for selecting root CA certificate to load, it is valid only
-   * in example applications. wolfSSL does not refer this macro. 
-   * If you want to use cipher suites including ECDSA authentication in 
+   * in example applications. wolfSSL does not refer this macro.
+   * If you want to use cipher suites including ECDSA authentication in
    * the example applications with TSIP, enable this macro.
-   * In TSIP 1.13 or later version, following cipher suites are 
+   * In TSIP 1.13 or later version, following cipher suites are
    * available:
    * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
-   * 
+   *
    * Note that, this macro disables cipher suites including RSA
    * authentication such as:
    * - TLS_RSA_WITH_AES_128_CBC_SHA
-   * - TLS_RSA_WITH_AES_256_CBC_SHA 
+   * - TLS_RSA_WITH_AES_256_CBC_SHA
    * - TLS_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_RSA_WITH_AES_256_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
-   * 
+   *
    */
   #define USE_ECC_CERT
 
@@ -126,14 +127,14 @@
    */
   /*#define WOLFSSL_CHECK_SIG_FAULTS*/
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_ecc_cert_der_256" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_ecc_cert_der_256" is used under the following macro definition
    * for ECDSA.
    */
   #define USE_CERT_BUFFERS_256
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_cert_der_2048" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_cert_der_2048" is used under the following macro definition
    * for RSA authentication.
    */
   #define USE_CERT_BUFFERS_2048
@@ -143,27 +144,27 @@
  *
  *----------------------------------------------------------------------------*/
   #define SIZEOF_LONG_LONG 8
+  #define WOLFSSL_SMALL_STACK
 
-
- /* 
+ /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
-  *  
-  * Note. In your actual products, do not forget to comment-out 
+  *
+  * Note. In your actual products, do not forget to comment-out
   * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
-  * otherwise, certificate expiration validation will not work.  
+  * otherwise, certificate expiration validation will not work.
   */
   /*#define NO_ASN_TIME*/
-  
+
   #define NO_MAIN_DRIVER
   #define BENCH_EMBEDDED
-  #define NO_WOLFSSL_DIR 
+  #define NO_WOLFSSL_DIR
   #define WOLFSSL_NO_CURRDIR
   #define NO_FILESYSTEM
   #define WOLFSSL_LOG_PRINTF
   #define WOLFSSL_HAVE_MIN
   #define WOLFSSL_HAVE_MAX
   #define NO_WRITEV
-  
+
 
   #define WOLFSSL_USER_CURRTIME /* for benchmark */
   #define TIME_OVERRIDES
@@ -196,7 +197,7 @@
 
 /*-- Definitions for functionality negation  -----------------------------------
  *
- * 
+ *
  *----------------------------------------------------------------------------*/
 
 /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -207,7 +208,7 @@
 #endif
 /*-- Consistency checking between definitions  ---------------------------------
  *
- *  
+ *
  *----------------------------------------------------------------------------*/
 
 /*-- TSIP TLS specific definitions --*/
@@ -233,7 +234,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -247,7 +247,14 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+    /*-------------------------------------------------------------------------
+    * TSIP generates random numbers using the CRT-DRBG described
+    * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+    * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+    * directly. Comment out the macro will generate random number by
+    * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+    *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
@@ -263,3 +270,4 @@
 
 /*-- strcasecmp */
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
+
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
index 5614f3f1f..c73a50df7 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
@@ -1,6 +1,6 @@
 /* wolfssl_demo.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,6 @@
 #include "platform/iot_network.h"
 #include "platform.h"
 
-
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfssl/ssl.h"
 #include <wolfssl/wolfio.h>
@@ -59,22 +58,40 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.1.14"
+#define TLSSERVER_IP      "192.168.10.6"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
 #define FREQ 10000 /* Hz */
 
 static long         tick;
 static int          tmTick;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 /* time
  * returns seconds from EPOCH
  */
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tmTick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tmTick++;
 }
 
 /* timeTick
@@ -94,8 +111,6 @@ double current_time(int reset)
       return ((double)tick/FREQ) ;
 }
 
-
-
 /* --------------------------------------------------------*/
 /*  Benchmark_demo                                         */
 /* --------------------------------------------------------*/
@@ -145,7 +160,7 @@ static void Tls_client_init(const char* cipherlist)
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -164,7 +179,7 @@ static void Tls_client_init(const char* cipherlist)
     #endif
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -175,7 +190,7 @@ static void Tls_client_init(const char* cipherlist)
     #endif
 
     #if defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
                             SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
            printf("ERROR: can't load certificate data\n");
        return;
@@ -187,10 +202,10 @@ static void Tls_client_init(const char* cipherlist)
     }
     #endif
 
-    
+
     /* use specific cipher */
-    if (cipherlist != NULL && 
-        wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != 
+    if (cipherlist != NULL &&
+        wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) !=
                                                             WOLFSSL_SUCCESS) {
         wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
         printf("client can't set cipher list");
@@ -220,8 +235,8 @@ static void Tls_client()
     socklen_t       socksize = sizeof(struct freertos_sockaddr);
     struct freertos_sockaddr    PeerAddr;
     char    addrBuff[ADDR_SIZE] = {0};
-  
-    static const char sendBuff[]= "Hello Server\n" ;    
+
+    static const char sendBuff[]= "Hello Server\n" ;
     char    rcvBuff[BUFF_SIZE] = {0};
 
 
@@ -285,7 +300,7 @@ static void Tls_client()
         }
     }
 
-#endif /* USE_ECC_CERT */    
+#endif /* USE_ECC_CERT */
 
 
 #ifdef USE_ECC_CERT
@@ -313,14 +328,14 @@ static void Tls_client()
         }
     }
     #endif /* WOLFSSL_CHECK_SIG_FAULTS */
- 
+
     #else
 
     /* DER format ECC private key */
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, 
+        err = wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
+                                    sizeof_ecc_clikey_der_256,
                                     WOLFSSL_FILETYPE_ASN1);
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
@@ -334,7 +349,7 @@ static void Tls_client()
 #else
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-    
+
     /* Note: TSIP asks RSA client key pair for client authentication.  */
 
     /* TSIP specific RSA private key */
@@ -359,10 +374,10 @@ static void Tls_client()
 
     #else
 
-    if (ret == 0) { 
+    if (ret == 0) {
         err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-         
+
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
@@ -390,7 +405,7 @@ static void Tls_client()
     }
 
     if (ret == 0) {
-        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != 
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
                                                             strlen(sendBuff)) {
             printf("ERROR wolfSSL_write: %d\n", wolfSSL_get_error(ssl, 0));
             ret = -1;
@@ -409,7 +424,7 @@ static void Tls_client()
         }
     }
 
-    
+
     wolfSSL_shutdown(ssl);
 
     FreeRTOS_shutdown(socket, FREERTOS_SHUT_RDWR);
@@ -499,7 +514,7 @@ static void Tls_client_demo(void)
     tsip_inform_cert_sign((const byte*)ca_ecc_cert_der_sig);
 
     #else
-    
+
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte*)ca_cert_der_sig);
 
@@ -529,7 +544,7 @@ static void Tls_client_demo(void)
 #endif /* TLS_CLIENT */
 
 /* Demo entry function called by iot_demo_runner
- * To run this entry function as an aws_iot_demo, define this as 
+ * To run this entry function as an aws_iot_demo, define this as
  * DEMO_entryFUNCTION in aws_demo_config.h.
  */
 void wolfSSL_demo_task(bool         awsIotMqttMode,
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
index 6eb3b9641..7bd6a98bd 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
index 1447132e8..576fcfab3 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
@@ -3,7 +3,7 @@ wolfSSL sample application project for Renesas RX72N EnvisionKit evaluation boar
 
 <br>
 
-A sample program for evaluating wolfSSL targeting the Renesas RX72N EnvisionKit evaluation board is provided. For details on the program, refer to the following documents included in the package. 
+A sample program for evaluating wolfSSL targeting the Renesas RX72N EnvisionKit evaluation board is provided. For details on the program, refer to the following documents included in the package.
 
 + InstructionManualForExample_RX72N_EnvisonKit_JP.pdf (Japanese)
-+ InstructionManualForExample_RX72N_EnvisonKit_EN.pdf(English）
\ No newline at end of file
++ InstructionManualForExample_RX72N_EnvisonKit_EN.pdf(English）
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
index be61aec04..decfcbfed 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
@@ -3,16 +3,16 @@ wolfSSL simple application project for RX72N EnvisionKit board
 ## 1. Overview
 -----
 
-We provide a simple program for evaluating wolfSSL targeting the RX72N evaluation board, which has RX72 MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program. 
+We provide a simple program for evaluating wolfSSL targeting the RX72N evaluation board, which has RX72 MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program.
 
 The sample provided is a single application that can evaluate the following four functions:
 
 - CryptoTest: A program that automatically tests various cryptographic operation functions
-- Benchmark: A program that measures the execution speed of various cryptographic operations 
+- Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 - TlsServer: A program that performs TLS communication with the opposite TLS client application
 
-Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only. 
+Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only.
 
 The following sections will walk you through the steps leading up to running the sample application.
 ## 2. Target H/W, components and libraries
@@ -26,8 +26,8 @@ This sample program uses the following hardware and software libraries. If a new
 |Device|R5F572NNHxFB|
 |IDE| Renesas e2Studio Version:2022-07 |
 |Emulator| E2 Emulator Lite |
-|Toolchain|CCRX v3.03.00|
-|TSIP| TSIP v1.15|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 
 
 The project of this sample program has a configuration file that uses the following FIT components.
@@ -42,30 +42,30 @@ However, the FIT components themselves are not included in the distribution of t
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 ## 3. Importing sample application project into e2Studio
 ----
 
-There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below. 
+There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
 
-+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}/Simple) where this README file exists. 
-+ Three projects that can be imported are listed, but check only the three projects "test" and "wolfssl" and click the "Finish" button. 
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}/Simple) where this README file exists.
++ Three projects that can be imported are listed, but check only the three projects "test" and "wolfssl" and click the "Finish" button.
 
-You should see the **test** and **wolfssl** 2 projects you imported into the project explorer. 
+You should see the **test** and **wolfssl** 2 projects you imported into the project explorer.
 
 ## 4. FIT module download and smart configurator file generation
 ----
 
 You will need to get the required FIT modules yourself. Follow the steps below to get them.
 
-1. Open the test project in Project Explorer and double-click the **test.scfg** file to open the Smart Configurator Perspective. 
+1. Open the test project in Project Explorer and double-click the **test.scfg** file to open the Smart Configurator Perspective.
 
 2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
 
 3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
 
-4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components. 
+4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components.
 
 5. Select the Components tab on the Software Component Settings pane and select the r_t4_rx component. In the settings pane on the right, specify the IP address of this board as the value of the "# IP address for ch0, when DHCP disable." Property (e.g. 192.168.1.9).
 
@@ -80,7 +80,7 @@ The test project is a single sample application, but you can specify to perform
 - Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 - TlsServer: A program that performs TLS communication with the opposite TLS client application
-- 
+-
 Open the <board-name-folder\>/test/src/wolfssl_simple_demo.h file and enable one of the following definitions:
 
 - #define CRYPT_TEST
@@ -109,7 +109,7 @@ Now that the test application is ready to build.
 
 5. Press the run button to run the test application.
 
-6. CryptoTest, Benchmark, TLS_Client or TLS_Server After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging. 
+6. CryptoTest, Benchmark, TLS_Client or TLS_Server After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging.
 
 ## 7. Running test application as Client
 -----
@@ -176,7 +176,7 @@ Client message: Hello Server
 Note `-v 4` option in server execution command line means to use TLS 1.3. If you want to use smaller version of TLS than 1.3, `-v 4` needs to be removed from an exmeple server command options.
 
 ### 7.3 Run Client using TSIP driver
-When it enables SIMPLE_TLS_TSIP_CLIENT, we can run TLS client including TSIP driver on the baord. 
+When it enables SIMPLE_TLS_TSIP_CLIENT, we can run TLS client including TSIP driver on the baord.
 In this case, we disable `#define WOLFSSL_TLS13` and `#define USE_ECC_CERT`. As a result, TLS communication between Client and Server use TLS 1.2 and RSA certificate.
 
 The table below shows the cipher suites that TSIP supports.
@@ -185,7 +185,7 @@ The table below shows the cipher suites that TSIP supports.
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -213,7 +213,7 @@ $ ./examples/server/server -b -i
 ```
 
 
-When you run the test application, it makes a TLS connection with the server application by TLS1.2, then exchanges a simple string and displays the following on the standard output. 
+When you run the test application, it makes a TLS connection with the server application by TLS1.2, then exchanges a simple string and displays the following on the standard output.
 The cipher suites displayed depends on the combination of TLS version and certificate type.
 
 ```
@@ -285,7 +285,7 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
   2. RSA key pair required for RootCA certificate validation
   3. The signature generated by the RootCA certificate with the private key in 2 above.
 
-will become necessary. Please refer to the manual provided by Renesas for how to generate them. 
+will become necessary. Please refer to the manual provided by Renesas for how to generate them.
 
 ## 10. Limitations
 ----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
index e870bba01..6022c3a62 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
@@ -32,10 +32,10 @@ IDE���e2 studioを使用�るも���。本ドキュメント��
 |:--|:--|
 |評価ボード|RX72N EnvisionKit|
 |Device|R5F572NNHxFB|
-|IDE| Renesas e2Studio Version:2022-07 |
+|IDE| Renesas e2Studio Version:2024-01.1 (24.1.1) |
 |エミュレーター| E2エミュレーターLite |
-|Toolchain|CCRX v3.03.00|
-|TSIP| TSIP v1.15|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 
 
 本サンプルプログラム�プロジェクト��以下�FITコン�ー�ントを使用�る設定ファイル�用��れ����。
@@ -51,7 +51,7 @@ IDE���e2 studioを使用�るも���。本ドキュメント��
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 
 ## 3. サンプルプログラムプロジェクト�e2Studio��イン�ート
@@ -212,7 +212,7 @@ TSIPドライ��サ�ート�る暗�スイート�下記�一覧��
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -334,4 +334,4 @@ wolfSSL_CTX_use_certificate_buffer �る��wolfSSL_CTX_use_certificate_chain
 上記制�1 ~ 4�次版以��TSIP�よ��改善�見込�れ����。
 
 ## 11. サ�ート
-�質�・��望��info@wolfssl.jp ��日本語��知ら�����。
\ No newline at end of file
+�質�・��望��info@wolfssl.jp ��日本語��知ら�����。
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
index 2c48ed510..4f4de66d9 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,15 +21,32 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2023
-#define MON  5
-
 static int tick = 0;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
index 5f7ceb0e4..42c63d72e 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
@@ -25,7 +25,7 @@
 							<builder buildPath="${workspace_loc:/test}/HardwareDebug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.65531188" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1710373085" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="デ�ッグ情報を出力�る (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力�るデータ値�エンディアン (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力�るデータ値�エンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.385785132" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="命令セット・アーキテク�ャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
@@ -50,7 +50,6 @@
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../wolfssl_demo&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../../../&quot;"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -66,6 +65,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロ�定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@@ -109,6 +109,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
@@ -119,7 +120,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 									<listOptionValue builtIn="false" value="D_8=R_8"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="追加�るオプション（����指定オプション���追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
@@ -128,7 +129,7 @@
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="�変ベクタテーブル�アドレス未設定ベクタ番��指定�るアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="セクション�割り付�アドレスを�ェック�る (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu(アドレス範囲指定方法))" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順��リスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\src\benchmark.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\key_data.obj&quot;"/>
@@ -181,7 +182,6 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンク�るリロケータブル・ファイル�ライブラリ・ファイル�よ��イナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1723543812" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
@@ -242,7 +242,7 @@
 							<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.117543810" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1744140894" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="デ�ッグ情報を出力�る (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力�るデータ値�エンディアン (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力�るデータ値�エンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.1294844059" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="命令セット・アーキテク�ャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
@@ -263,7 +263,6 @@
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="浮動�数点演算命令を使用�る (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="インクルード・ファイルを検索�るフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -279,6 +278,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロ�定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@@ -319,6 +319,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
@@ -329,7 +330,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 									<listOptionValue builtIn="false" value="D_8=R_8"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="追加�るオプション（����指定オプション���追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
@@ -338,13 +339,12 @@
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="�変ベクタテーブル�アドレス未設定ベクタ番��指定�るアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="セクション�割り付�アドレスを�ェック�る (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu(アドレス範囲指定方法))" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(リンク順��リスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="リンク�るリロケータブル・ファイル�ライブラリ・ファイル�よ��イナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1598250045" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
index eaeb62740..12bf996f0 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
@@ -1,6 +1,6 @@
 /* simple_tcp_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -88,11 +88,11 @@ void simple_tcp_client( )
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     static T_IPV4EP my_addr = { 0, 0 };
-    
+
     T_IPV4EP dst_addr;
 
     if((dst_addr.ipaddr = getIPaddr(SIMPLE_TCPSEVER_IP)) == 0){
@@ -109,7 +109,7 @@ void simple_tcp_client( )
         goto out;
     }
 
-    if (my_IOSend((char*)sendBuff, strlen(sendBuff), (void*)&cepid) != 
+    if (my_IOSend((char*)sendBuff, strlen(sendBuff), (void*)&cepid) !=
                                                             strlen(sendBuff)) {
         printf("ERROR TCP write \n");
         goto out;
@@ -129,4 +129,4 @@ void simple_tcp_client( )
     tcp_cls_cep(cepid, TMO_FEVR);
 
     return;
-}
\ No newline at end of file
+}
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
index 0bc5caa17..aa11768ad 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
@@ -1,6 +1,6 @@
 /* simpel_tls_tsip_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,7 +31,7 @@
     #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 #endif
 
-#define SIMPLE_TLSSEVER_IP       "192.168.11.9"
+#define SIMPLE_TLSSEVER_IP       "192.168.11.5"
 #define SIMPLE_TLSSERVER_PORT    "11111"
 
 ER    t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
@@ -198,7 +198,7 @@ void wolfSSL_TLS_client( )
 {
     ID  cepid = 1;
     ER  ercd;
-    int ret;
+    int ret = 0;
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
     WOLFSSL *ssl = NULL;
 
@@ -216,7 +216,7 @@ void wolfSSL_TLS_client( )
         goto out;
     }
     if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){
-        printf("ERROR: IP address\n");
+        printf("ERROR: Port number\n");
         goto out;
     }
 
@@ -231,44 +231,95 @@ void wolfSSL_TLS_client( )
     }
 
 #ifdef SIMPLE_TLS_TSIP_CLIENT
-    tsip_set_callback_ctx(ssl, &userContext);
+    ret = tsip_set_callback_ctx(ssl, &userContext);
 #endif
 
     /* set client private key data */
-#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
-    #if defined(USE_ECC_CERT)
-        if (tsip_use_PrivateKey_buffer_TLS(ssl,
-               (const char*)g_key_block_data.encrypted_user_ecc256_private_key,
+#ifdef USE_ECC_CERT
+
+    #ifdef WOLFSSL_RENESAS_TSIP_TLS
+
+    /* TSIP specific ECC private key */
+    if (ret == 0){
+        ret = tsip_use_PrivateKey_buffer_TLS(ssl,
+                (const char*)g_key_block_data.encrypted_user_ecc256_private_key,
                 sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
-               TSIP_ECCP256) != 0) {
-            printf("ERROR: can't load client-private key\n");
-            return;
+                TSIP_ECCP256);
+        if (ret != 0) {
+            printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
         }
+    }
+    # if defined(WOLFSSL_CHECK_SIG_FAULTS)
+    if (ret == 0){
+        ret = tsip_use_PublicKey_buffer_TLS(ssl,
+                (const char*)g_key_block_data.encrypted_user_ecc256_public_key,
+                sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
+                TSIP_ECCP256);
+        if (ret != 0) {
+            printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
+        }
+    }
+    #endif /* WOLFSSL_CHECK_SIG_FAULTS */
+
     #else
-        if (tsip_use_PrivateKey_buffer_TLS(ssl,
+
+    /* DER format ECC private key */
+    if (ret == 0) {
+        ret = wolfSSL_use_PrivateKey_buffer(ssl,
+                                    ecc_clikey_der_256,
+                                    sizeof_ecc_clikey_der_256,
+                                    WOLFSSL_FILETYPE_ASN1);
+        if (ret != SSL_SUCCESS) {
+            printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
+                                                wolfSSL_get_error(ssl, 0));
+            ret = -1;
+        }
+    }
+
+    #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+#else
+
+    #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+
+    /* Note: TSIP asks RSA client key pair for client authentication.  */
+
+    /* TSIP specific RSA private key */
+    if (ret == 0) {
+        ret = tsip_use_PrivateKey_buffer_TLS(ssl,
                (const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
                sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
-               TSIP_RSA2048) != 0) {
-            printf("ERROR: can't load client-private key\n");
-            return;
+                                                        TSIP_RSA2048);
+        if (ret != 0) {
+            printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
         }
+    }
+    if (ret == 0) {
         ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
-                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),                                                            TSIP_RSA2048);
+                sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
+                                                        TSIP_RSA2048);
         if (ret != 0) {
-           printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
-           return;
+            printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
         }
-    #endif
-#else
-    if (wolfSSL_use_PrivateKey_buffer(ssl,
-                                ecc_clikey_der_256,
-                                sizeof_ecc_clikey_der_256,
-                                SSL_FILETYPE_ASN1)      != WOLFSSL_SUCCESS) {
-        printf("ERROR: can't load private-key data.\n");
-        return;
     }
-#endif /* WOLFSSL_TLS13 */
+
+    #else
+
+    if (ret == 0) {
+        err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
+                            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+
+        if (err != SSL_SUCCESS) {
+            printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
+                                                wolfSSL_get_error(ssl, 0));
+            ret = -1;
+        }
+    }
+
+    #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+#endif /* USE_ECC_CERT */
 
     /* set callback context */
     wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
index dfa485891..bc2cf6d67 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
@@ -1,6 +1,6 @@
 /* simple_tcp_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
index d5138b0ea..df55941c4 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
@@ -1,6 +1,6 @@
 /* simple_tls_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -123,18 +123,18 @@ void wolfSSL_TLS_server_init()
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
             printf("Error %d loading server-key!\n", ret);
             return;
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
index 42d62359f..3614dc0b3 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -65,6 +65,7 @@ extern "C" {
 static long tick;
 static void timeTick(void *pdata)
 {
+	(void)pdata;
     tick++;
 }
 
@@ -259,7 +260,7 @@ void main(void)
 #if defined(SIMPLE_TLS_TSIP_CLIENT)
     SetTsiptlsKey();
 #endif
-    
+
     do {
         /* simply use TCP */
         #if defined(SIMPLE_TCP_CLIENT)
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
index c62cd4a38..354fa3549 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_simple_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,9 +36,9 @@
 /* cannot enable with other definition */
 /* simplest tcp client*/
 /*#define SIMPLE_TCP_CLIENT */
-/* software TLS　client */
+/* software TLS client */
 /* #define SIMPLE_TLS_CLIENT */
-/* use TSIP　Acceleration */
+/* use TSIP Acceleration */
 /*#define SIMPLE_TLS_TSIP_CLIENT*/
 
 /* simplest tcp server */
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
index bf7fe0920..d5c797c88 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
@@ -362,14 +362,14 @@
     </tool>
     <tool id="Interrupt">
         <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="未使用"/>
-        <Item currentVect="17" groupchild="&lt;br&gt;1-DPFPUEX" id="IE0" priority="15" usedState="未使用"/>
+        <Item currentVect="17" groupchild="&lt;br&gt;0-DPFPUEX" id="IE0" priority="15" usedState="未使用"/>
         <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="未使用"/>
         <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="未使用"/>
         <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="未使用"/>
         <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="未使用"/>
         <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="未使用"/>
-        <Item currentVect="28" id="CMT0_CMI0" priority="15" usedState="未使用"/>
-        <Item currentVect="29" id="CMT1_CMI1" priority="15" usedState="未使用"/>
+        <Item currentVect="28" id="CMT0_CMI0" priority="5" usedState="使用中"/>
+        <Item currentVect="29" id="CMT1_CMI1" priority="5" usedState="使用中"/>
         <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="未使用"/>
         <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="未使用"/>
         <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="未使用"/>
@@ -437,14 +437,14 @@
         <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="未使用"/>
         <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="未使用"/>
         <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="未使用"/>
-        <Item currentVect="106" groupchild="&lt;br&gt;1-ERS0&lt;br&gt;2-ERS1&lt;br&gt;3-ERS2" id="BE0" priority="15" usedState="未使用"/>
-        <Item currentVect="107" groupchild="&lt;br&gt;1-POEGGAI&lt;br&gt;2-POEGGBI&lt;br&gt;3-POEGGCI&lt;br&gt;4-POEGGDI" id="BL2" priority="15" usedState="未使用"/>
+        <Item currentVect="106" groupchild="&lt;br&gt;0-ERS0&lt;br&gt;1-ERS1&lt;br&gt;2-ERS2" id="BE0" priority="15" usedState="未使用"/>
+        <Item currentVect="107" groupchild="&lt;br&gt;7-POEGGAI&lt;br&gt;8-POEGGBI&lt;br&gt;9-POEGGCI&lt;br&gt;10-POEGGDI" id="BL2" priority="15" usedState="未使用"/>
         <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="未使用"/>
         <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="未使用"/>
-        <Item currentVect="110" groupchild="&lt;br&gt;1-TEI0&lt;br&gt;2-ERI0&lt;br&gt;3-TEI1&lt;br&gt;4-ERI1&lt;br&gt;5-TEI2&lt;br&gt;6-ERI2&lt;br&gt;7-TEI3&lt;br&gt;8-ERI3&lt;br&gt;9-TEI4&lt;br&gt;10-ERI4&lt;br&gt;11-TEI5&lt;br&gt;12-ERI5&lt;br&gt;13-TEI6&lt;br&gt;14-ERI6&lt;br&gt;15-TEI12&lt;br&gt;16-ERI12&lt;br&gt;17-SCIX0&lt;br&gt;18-SCIX1&lt;br&gt;19-SCIX2&lt;br&gt;20-SCIX3&lt;br&gt;21-QSPSSLI&lt;br&gt;22-FERRI&lt;br&gt;23-MENDI&lt;br&gt;24-OVFI&lt;br&gt;25-DOPCI&lt;br&gt;26-PCFEI&lt;br&gt;27-PCERI" id="BL0" priority="15" usedState="未使用"/>
-        <Item currentVect="111" groupchild="&lt;br&gt;1-CDETI&lt;br&gt;2-CACI&lt;br&gt;3-SDACI&lt;br&gt;4-CDETIO&lt;br&gt;5-ERRIO&lt;br&gt;6-ACCIO&lt;br&gt;7-OEI1&lt;br&gt;8-OEI2&lt;br&gt;9-OEI3&lt;br&gt;10-OEI4&lt;br&gt;11-TEI0&lt;br&gt;12-EEI0&lt;br&gt;13-TEI2&lt;br&gt;14-EEI2&lt;br&gt;15-SSIF0&lt;br&gt;16-SSIF1&lt;br&gt;17-S12CMPAI&lt;br&gt;18-S12CMPBI&lt;br&gt;19-S12CMPAI1&lt;br&gt;20-S12CMPBI1&lt;br&gt;21-TEI1&lt;br&gt;22-EEI1" id="BL1" priority="15" usedState="未使用"/>
-        <Item currentVect="112" groupchild="&lt;br&gt;1-TEI8&lt;br&gt;2-ERI8&lt;br&gt;3-TEI9&lt;br&gt;4-ERI9&lt;br&gt;5-TEI10&lt;br&gt;6-ERI10&lt;br&gt;7-TEI11&lt;br&gt;8-ERI11&lt;br&gt;9-SPII0&lt;br&gt;10-SPEI0&lt;br&gt;11-SPII1&lt;br&gt;12-SPEI1&lt;br&gt;13-SPII2&lt;br&gt;14-SPEI2&lt;br&gt;15-TEI7&lt;br&gt;16-ERI7" id="AL0" priority="15" usedState="未使用"/>
-        <Item currentVect="113" groupchild="&lt;br&gt;1-MINT&lt;br&gt;2-PINT&lt;br&gt;3-EINT0&lt;br&gt;4-EINT1&lt;br&gt;5-VPOS&lt;br&gt;6-GR1UF&lt;br&gt;7-GR2UF&lt;br&gt;8-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
+        <Item currentVect="110" groupchild="&lt;br&gt;0-TEI0&lt;br&gt;1-ERI0&lt;br&gt;2-TEI1&lt;br&gt;3-ERI1&lt;br&gt;4-TEI2&lt;br&gt;5-ERI2&lt;br&gt;6-TEI3&lt;br&gt;7-ERI3&lt;br&gt;8-TEI4&lt;br&gt;9-ERI4&lt;br&gt;10-TEI5&lt;br&gt;11-ERI5&lt;br&gt;12-TEI6&lt;br&gt;13-ERI6&lt;br&gt;16-TEI12&lt;br&gt;17-ERI12&lt;br&gt;18-SCIX0&lt;br&gt;19-SCIX1&lt;br&gt;20-SCIX2&lt;br&gt;21-SCIX3&lt;br&gt;24-QSPSSLI&lt;br&gt;26-FERRI&lt;br&gt;27-MENDI&lt;br&gt;28-OVFI&lt;br&gt;29-DOPCI&lt;br&gt;30-PCFEI&lt;br&gt;31-PCERI" id="BL0" priority="15" usedState="未使用"/>
+        <Item currentVect="111" groupchild="&lt;br&gt;3-CDETI&lt;br&gt;4-CACI&lt;br&gt;5-SDACI&lt;br&gt;6-CDETIO&lt;br&gt;7-ERRIO&lt;br&gt;8-ACCIO&lt;br&gt;9-OEI1&lt;br&gt;10-OEI2&lt;br&gt;11-OEI3&lt;br&gt;12-OEI4&lt;br&gt;13-TEI0&lt;br&gt;14-EEI0&lt;br&gt;15-TEI2&lt;br&gt;16-EEI2&lt;br&gt;17-SSIF0&lt;br&gt;18-SSIF1&lt;br&gt;20-S12CMPAI&lt;br&gt;21-S12CMPBI&lt;br&gt;22-S12CMPAI1&lt;br&gt;23-S12CMPBI1&lt;br&gt;28-TEI1&lt;br&gt;29-EEI1" id="BL1" priority="15" usedState="未使用"/>
+        <Item currentVect="112" groupchild="&lt;br&gt;0-TEI8&lt;br&gt;1-ERI8&lt;br&gt;4-TEI9&lt;br&gt;5-ERI9&lt;br&gt;8-TEI10&lt;br&gt;9-ERI10&lt;br&gt;12-TEI11&lt;br&gt;13-ERI11&lt;br&gt;16-SPII0&lt;br&gt;17-SPEI0&lt;br&gt;18-SPII1&lt;br&gt;19-SPEI1&lt;br&gt;20-SPII2&lt;br&gt;21-SPEI2&lt;br&gt;22-TEI7&lt;br&gt;23-ERI7" id="AL0" priority="15" usedState="未使用"/>
+        <Item currentVect="113" groupchild="&lt;br&gt;0-MINT&lt;br&gt;1-PINT&lt;br&gt;4-EINT0&lt;br&gt;5-EINT1&lt;br&gt;8-VPOS&lt;br&gt;9-GR1UF&lt;br&gt;10-GR2UF&lt;br&gt;11-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
         <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="未使用"/>
         <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="未使用"/>
         <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="未使用"/>
@@ -457,8 +457,8 @@
         <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="未使用"/>
         <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="未使用"/>
         <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="未使用"/>
-        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="15" usedState="未使用"/>
-        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="15" usedState="未使用"/>
+        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="5" usedState="使用中"/>
+        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="5" usedState="使用中"/>
         <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="未使用"/>
         <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="未使用"/>
         <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="未使用"/>
@@ -608,110 +608,110 @@
         <pinItem allocation="71" comments="" direction="None" id="ET0_ERXD0" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
         <pinItem allocation="66" comments="" direction="None" id="ET0_TX_CLK" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
         <pinItem allocation="86" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
-        <pinnumItem comment="LCD-B4" id="88"/>
-        <pinnumItem comment="LCD-B5" id="89"/>
-        <pinnumItem comment="LCD-R7" id="110"/>
-        <pinnumItem comment="LCD-B6" id="90"/>
-        <pinnumItem comment="LCD-B7" id="92"/>
-        <pinnumItem comment="QSPI-SO/SIO1" id="119"/>
-        <pinnumItem comment="LCD-G2" id="94"/>
-        <pinnumItem comment="LCD-G3" id="95"/>
-        <pinnumItem comment="LCD-G4" id="96"/>
-        <pinnumItem comment="LCD-G5" id="97"/>
-        <pinnumItem comment="EMLE" id="10"/>
-        <pinnumItem comment="LCD-BACKLIGHT" id="98"/>
-        <pinnumItem comment="MIC-DATA" id="11"/>
-        <pinnumItem comment="LCD-TOUCH-RST" id="99"/>
-        <pinnumItem comment="MD/FINED" id="16"/>
-        <pinnumItem comment="RESET" id="19"/>
-        <pinnumItem comment="QSPI-SI/SIO0" id="120"/>
-        <pinnumItem comment="QSPI-SCLK" id="121"/>
-        <pinnumItem comment="QSPI-CS#" id="122"/>
-        <pinnumItem comment="D2-LRCK" id="2"/>
-        <pinnumItem comment="QSPI-HOLD#/SIO3" id="123"/>
-        <pinnumItem comment="QSPI-WP#/SIO2" id="124"/>
-        <pinnumItem comment="D2-SDIN" id="4"/>
-        <pinnumItem comment="PMOD2-RST" id="125"/>
-        <pinnumItem comment="PMOD2-IRQ" id="126"/>
-        <pinnumItem comment="D2-SCLK" id="6"/>
-        <pinnumItem comment="PMOD2-SS" id="127"/>
-        <pinnumItem comment="MIC-BCLK" id="7"/>
-        <pinnumItem comment="PMOD2-MISO" id="128"/>
-        <pinnumItem comment="AUDIO_CLK" id="8"/>
-        <pinnumItem comment="PMOD2-SCK" id="129"/>
-        <pinnumItem comment="MIC-WS" id="9"/>
-        <pinnumItem comment="XTAL" id="20"/>
-        <pinnumItem comment="EXTAL" id="22"/>
-        <pinnumItem comment="LCD-TOUCH-INT" id="25"/>
-        <pinnumItem comment="LCD-TOUCH-SCL" id="26"/>
-        <pinnumItem comment="LCD-TOUCH-SDA" id="27"/>
-        <pinnumItem comment="WiFi-RTS" id="28"/>
-        <pinnumItem comment="WiFi-TXD" id="29"/>
-        <pinnumItem comment="PMOD2-MOSI" id="131"/>
-        <pinnumItem comment="PMOD2-IO1" id="133"/>
-        <pinnumItem comment="PMOD2-IO0" id="134"/>
-        <pinnumItem comment="WiFi-EN" id="137"/>
-        <pinnumItem comment="SD-ENABLE" id="138"/>
-        <pinnumItem comment="SD-FLT" id="139"/>
-        <pinnumItem comment="WiFi-CTS" id="30"/>
-        <pinnumItem comment="WiFi-RXD" id="31"/>
-        <pinnumItem comment="SDHI-SW_B" id="32"/>
-        <pinnumItem comment="SDHI-DATA1" id="34"/>
-        <pinnumItem comment="SDHI-DATA0" id="35"/>
-        <pinnumItem comment="SDHI-CLK" id="36"/>
-        <pinnumItem comment="SDHI-CMD" id="37"/>
-        <pinnumItem comment="SDHI-CD/DATA3" id="38"/>
-        <pinnumItem comment="SDHI-DATA2" id="39"/>
-        <pinnumItem comment="LED2" id="141"/>
-        <pinnumItem comment="SW2" id="144"/>
-        <pinnumItem comment="USB0VBUSEN" id="40"/>
-        <pinnumItem comment="PMOD1-RST" id="41"/>
-        <pinnumItem comment="PMOD1-IO1" id="42"/>
-        <pinnumItem comment="USB0OVRCURA" id="43"/>
-        <pinnumItem comment="USB-TXD" id="44"/>
-        <pinnumItem comment="USB-RXD" id="45"/>
-        <pinnumItem comment="USB0DM" id="47"/>
-        <pinnumItem comment="USB0DP" id="48"/>
-        <pinnumItem comment="ET0REFCLK" id="50"/>
-        <pinnumItem comment="PMOD1-IRQ" id="51"/>
-        <pinnumItem comment="PMOD1-SS" id="52"/>
-        <pinnumItem comment="PMOD1-IO0" id="53"/>
-        <pinnumItem comment="PMOD1-MISO" id="54"/>
-        <pinnumItem comment="PMOD1-SCK" id="55"/>
-        <pinnumItem comment="PMOD1-MOSI" id="56"/>
-        <pinnumItem comment="ET0CRS" id="58"/>
-        <pinnumItem comment="ET0COL" id="60"/>
-        <pinnumItem comment="ET0ETXD3" id="61"/>
-        <pinnumItem comment="ET0ETXD2" id="62"/>
-        <pinnumItem comment="ET0ETXD1" id="63"/>
-        <pinnumItem comment="ET0ETXD0" id="64"/>
-        <pinnumItem comment="ET0TXEN" id="65"/>
-        <pinnumItem comment="ET0TXCLK" id="66"/>
-        <pinnumItem comment="ET0INTRP" id="67"/>
-        <pinnumItem comment="ET0RXER" id="68"/>
-        <pinnumItem comment="ET0RXCLK" id="69"/>
-        <pinnumItem comment="ET0RXDV" id="70"/>
-        <pinnumItem comment="ET0ERXD0" id="71"/>
-        <pinnumItem comment="ET0ERXD1" id="72"/>
-        <pinnumItem comment="ET0ERXD2" id="73"/>
-        <pinnumItem comment="ET0ERXD3" id="75"/>
-        <pinnumItem comment="ET0RST(SW1-1ch)" id="77"/>
-        <pinnumItem comment="Light-SDA" id="78"/>
-        <pinnumItem comment="Light-SCL" id="79"/>
-        <pinnumItem comment="LCD-G6" id="101"/>
-        <pinnumItem comment="LCD-G7" id="102"/>
-        <pinnumItem comment="LCD-R3" id="106"/>
-        <pinnumItem comment="LCD-CLK" id="80"/>
-        <pinnumItem comment="LCD-R4" id="107"/>
-        <pinnumItem comment="LCD-VSYNC" id="81"/>
-        <pinnumItem comment="LCD-R5" id="108"/>
-        <pinnumItem comment="LCD-DISP-EN" id="82"/>
-        <pinnumItem comment="LCD-R6" id="109"/>
-        <pinnumItem comment="LCD-HSYNC" id="83"/>
-        <pinnumItem comment="LCD-DATA-EN" id="84"/>
-        <pinnumItem comment="ET0MDC" id="85"/>
-        <pinnumItem comment="ET0MDIO" id="86"/>
-        <pinnumItem comment="LCD-B3" id="87"/>
+        <pinnumItem comment="LCD-B4" id="88" symbolicname=""/>
+        <pinnumItem comment="LCD-B5" id="89" symbolicname=""/>
+        <pinnumItem comment="LCD-R7" id="110" symbolicname=""/>
+        <pinnumItem comment="LCD-B6" id="90" symbolicname=""/>
+        <pinnumItem comment="LCD-B7" id="92" symbolicname=""/>
+        <pinnumItem comment="QSPI-SO/SIO1" id="119" symbolicname=""/>
+        <pinnumItem comment="LCD-G2" id="94" symbolicname=""/>
+        <pinnumItem comment="LCD-G3" id="95" symbolicname=""/>
+        <pinnumItem comment="LCD-G4" id="96" symbolicname=""/>
+        <pinnumItem comment="LCD-G5" id="97" symbolicname=""/>
+        <pinnumItem comment="EMLE" id="10" symbolicname=""/>
+        <pinnumItem comment="LCD-BACKLIGHT" id="98" symbolicname=""/>
+        <pinnumItem comment="MIC-DATA" id="11" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-RST" id="99" symbolicname=""/>
+        <pinnumItem comment="MD/FINED" id="16" symbolicname=""/>
+        <pinnumItem comment="RESET" id="19" symbolicname=""/>
+        <pinnumItem comment="QSPI-SI/SIO0" id="120" symbolicname=""/>
+        <pinnumItem comment="QSPI-SCLK" id="121" symbolicname=""/>
+        <pinnumItem comment="QSPI-CS#" id="122" symbolicname=""/>
+        <pinnumItem comment="D2-LRCK" id="2" symbolicname=""/>
+        <pinnumItem comment="QSPI-HOLD#/SIO3" id="123" symbolicname=""/>
+        <pinnumItem comment="QSPI-WP#/SIO2" id="124" symbolicname=""/>
+        <pinnumItem comment="D2-SDIN" id="4" symbolicname=""/>
+        <pinnumItem comment="PMOD2-RST" id="125" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IRQ" id="126" symbolicname=""/>
+        <pinnumItem comment="D2-SCLK" id="6" symbolicname=""/>
+        <pinnumItem comment="PMOD2-SS" id="127" symbolicname=""/>
+        <pinnumItem comment="MIC-BCLK" id="7" symbolicname=""/>
+        <pinnumItem comment="PMOD2-MISO" id="128" symbolicname=""/>
+        <pinnumItem comment="AUDIO_CLK" id="8" symbolicname=""/>
+        <pinnumItem comment="PMOD2-SCK" id="129" symbolicname=""/>
+        <pinnumItem comment="MIC-WS" id="9" symbolicname=""/>
+        <pinnumItem comment="XTAL" id="20" symbolicname=""/>
+        <pinnumItem comment="EXTAL" id="22" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-INT" id="25" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-SCL" id="26" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-SDA" id="27" symbolicname=""/>
+        <pinnumItem comment="WiFi-RTS" id="28" symbolicname=""/>
+        <pinnumItem comment="WiFi-TXD" id="29" symbolicname=""/>
+        <pinnumItem comment="PMOD2-MOSI" id="131" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IO1" id="133" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IO0" id="134" symbolicname=""/>
+        <pinnumItem comment="WiFi-EN" id="137" symbolicname=""/>
+        <pinnumItem comment="SD-ENABLE" id="138" symbolicname=""/>
+        <pinnumItem comment="SD-FLT" id="139" symbolicname=""/>
+        <pinnumItem comment="WiFi-CTS" id="30" symbolicname=""/>
+        <pinnumItem comment="WiFi-RXD" id="31" symbolicname=""/>
+        <pinnumItem comment="SDHI-SW_B" id="32" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA1" id="34" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA0" id="35" symbolicname=""/>
+        <pinnumItem comment="SDHI-CLK" id="36" symbolicname=""/>
+        <pinnumItem comment="SDHI-CMD" id="37" symbolicname=""/>
+        <pinnumItem comment="SDHI-CD/DATA3" id="38" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA2" id="39" symbolicname=""/>
+        <pinnumItem comment="LED2" id="141" symbolicname=""/>
+        <pinnumItem comment="SW2" id="144" symbolicname=""/>
+        <pinnumItem comment="USB0VBUSEN" id="40" symbolicname=""/>
+        <pinnumItem comment="PMOD1-RST" id="41" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IO1" id="42" symbolicname=""/>
+        <pinnumItem comment="USB0OVRCURA" id="43" symbolicname=""/>
+        <pinnumItem comment="USB-TXD" id="44" symbolicname=""/>
+        <pinnumItem comment="USB-RXD" id="45" symbolicname=""/>
+        <pinnumItem comment="USB0DM" id="47" symbolicname=""/>
+        <pinnumItem comment="USB0DP" id="48" symbolicname=""/>
+        <pinnumItem comment="ET0REFCLK" id="50" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IRQ" id="51" symbolicname=""/>
+        <pinnumItem comment="PMOD1-SS" id="52" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IO0" id="53" symbolicname=""/>
+        <pinnumItem comment="PMOD1-MISO" id="54" symbolicname=""/>
+        <pinnumItem comment="PMOD1-SCK" id="55" symbolicname=""/>
+        <pinnumItem comment="PMOD1-MOSI" id="56" symbolicname=""/>
+        <pinnumItem comment="ET0CRS" id="58" symbolicname=""/>
+        <pinnumItem comment="ET0COL" id="60" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD3" id="61" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD2" id="62" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD1" id="63" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD0" id="64" symbolicname=""/>
+        <pinnumItem comment="ET0TXEN" id="65" symbolicname=""/>
+        <pinnumItem comment="ET0TXCLK" id="66" symbolicname=""/>
+        <pinnumItem comment="ET0INTRP" id="67" symbolicname=""/>
+        <pinnumItem comment="ET0RXER" id="68" symbolicname=""/>
+        <pinnumItem comment="ET0RXCLK" id="69" symbolicname=""/>
+        <pinnumItem comment="ET0RXDV" id="70" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD0" id="71" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD1" id="72" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD2" id="73" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD3" id="75" symbolicname=""/>
+        <pinnumItem comment="ET0RST(SW1-1ch)" id="77" symbolicname=""/>
+        <pinnumItem comment="Light-SDA" id="78" symbolicname=""/>
+        <pinnumItem comment="Light-SCL" id="79" symbolicname=""/>
+        <pinnumItem comment="LCD-G6" id="101" symbolicname=""/>
+        <pinnumItem comment="LCD-G7" id="102" symbolicname=""/>
+        <pinnumItem comment="LCD-R3" id="106" symbolicname=""/>
+        <pinnumItem comment="LCD-CLK" id="80" symbolicname=""/>
+        <pinnumItem comment="LCD-R4" id="107" symbolicname=""/>
+        <pinnumItem comment="LCD-VSYNC" id="81" symbolicname=""/>
+        <pinnumItem comment="LCD-R5" id="108" symbolicname=""/>
+        <pinnumItem comment="LCD-DISP-EN" id="82" symbolicname=""/>
+        <pinnumItem comment="LCD-R6" id="109" symbolicname=""/>
+        <pinnumItem comment="LCD-HSYNC" id="83" symbolicname=""/>
+        <pinnumItem comment="LCD-DATA-EN" id="84" symbolicname=""/>
+        <pinnumItem comment="ET0MDC" id="85" symbolicname=""/>
+        <pinnumItem comment="ET0MDIO" id="86" symbolicname=""/>
+        <pinnumItem comment="LCD-B3" id="87" symbolicname=""/>
     </tool>
     <tool id="Summary" version="1.0.0.0">
         <option id="com.renesas.smc.code.path" value="src\smc_gen"/>
@@ -843,7 +843,7 @@
                     <item id="Level15" input="" vlaue="0"/>
                 </option>
             </allocatable>
-            <component description="本MCU ��8 ビット�カウンタをベース���2 �ャ�ル�8 ビットタイマ（TMR）を2 ユニット（ユニット0�ユニット1）��計4 �ャ�ル内蔵�����。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
+            <component description="��ソフトウェアコン�ー�ント��8 ビットタイマ（TMR）�構�を�供���。&#10;&#10;外部イベント�カウント��能����2 本�レジスタ��コンペアマッ�信��より�カウンタ�クリア�割り込��求�任��デューティ比�パルス出力���多機能タイマ���種々�応用��能��。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
             <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8 ビットタイマ0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx72n.tmr0" type="">
                 <context>
                     <option enabled="true" id="CountMode" selection="8bitMode">
@@ -868,9 +868,9 @@
             <component description="�存モジュール: r_t4_driver_rx �ージョン 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
                 <gridItem id="T4_CFG_SYSTEM_CHANNEL_NUMBER" selectedIndex="0"/>
                 <gridItem id="T4_CFG_SYSTEM_DHCP" selectedIndex="0"/>
-                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,10,33"/>
+                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,11,33"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH0" selectedIndex="255,255,255,0"/>
-                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,10,1"/>
+                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,11,1"/>
                 <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH1" selectedIndex="192,168,0,10"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH1" selectedIndex="255,255,255,0"/>
                 <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH1" selectedIndex="0,0,0,0"/>
@@ -1132,7 +1132,63 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_tsip_rx">
-            <component description="�存モジュール: r_bsp �ージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.18.l" version="1.18.l"/>
+            <component description="�存モジュール: r_bsp �ージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.21" version="1.21">
+                <gridItem id="TSIP_AES_128_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_TDES_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_SHA_1" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256" selectedIndex="1"/>
+                <gridItem id="TSIP_MD5" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_2048" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSA_RETRY_COUNT_FOR_RSA_KEY_GENERATION" selectedIndex="5120*2"/>
+                <gridItem id="TSIP_ECDSA_P192" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P224" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDSA_P384" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDH_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_USER_SHA_384_ENABLED" selectedIndex="0"/>
+                <gridItem id="TSIP_USER_SHA_384_FUNCTION" selectedIndex="user_sha384_function"/>
+                <gridItem id="TSIP_TLS" selectedIndex="1"/>
+                <gridItem id="TSIP_SECURE_BOOT" selectedIndex="0"/>
+                <gridItem id="TSIP_FIRMWARE_UPDATE" selectedIndex="1"/>
+                <gridItem id="TSIP_MULTI_THREADING" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING_LOCK_FUNCTION" selectedIndex="user_lock_function"/>
+                <gridItem id="TSIP_MULTI_THREADING_UNLOCK_FUNCTION" selectedIndex="user_unlock_function"/>
+            </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
index 142c267b6..03765b97e 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
@@ -14,7 +14,7 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v3.04.00"/>
+				<option id="toolchain.version" value="v3.06.00"/>
 				<option id="toolchain.enable" value="true"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am b/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
index bbcf978e2..cd39f4b25 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
@@ -16,6 +16,10 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
 
 # Simple Example Contents
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/sectioninfo.esi
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
new file mode 100644
index 000000000..58f5d6f55
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 000000000..aeb994f8a
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../certs/ca-cert.der ../../../../../../../../wolfssl/
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../certs/ca-ecc-cert.der ../../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verify by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
new file mode 100644
index 000000000..18c7bb9ac
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAlC67WM6HB9unhAcRoIXJHbLFViHzQIpIirnePFIXq5DvOcQN
+ApYQ8iO+94CvDDed05HEhML/ENbyTHjfMhKcJrstGtIPLk+QSeTNi14SGyhhSfxd
+An/NrkATygOh8Qdjacxyq5wmTwZOVlq4waGbcQOlwvTVGijGQ786IRIezj56Vhce
+TWnA3GgMUCM7zTkMKd8zmPZSX0bHxkcQqCk98wXMpVAKaScZMPvHBrxHji0zG2QH
+vDpf5yUsomSXnqD/9D2oIKy2oG0sx9JXbz9AqPqBCPszUqY07b4QdOinHu8bkDmC
+Sj0nAI8PdC010q3GAYLw6X1sxRCMldqVPRAUvQIDAQABAoIBAGYt30P6jcQOY/G3
+iiEdf7P53Pdqy7jaYfE+/46qsOW+OCemF66L2j2OBpXWZ15OT4dfQZqmd4meHlA7
+HPUDPie68/xFkvBFLuK1YkLS6DtP2d5RpbUeea7JQpwPazCv/o4qy3uoXgYp/ASx
+5CqpDG2erUPE3dl++lAm4aeCPjnKcKUgklzZDjhAqEe/32oyR/Ns0m9TkTC7t73z
+a0iE2ncJSyPAdZmF5ZmyVilBRwU5HKFvlrL1NdoMU3DbD/BpZlKdEH7LxU7Rl3ad
+m4TlVpsnnDY/GfX5ScqpMK5KnYM31Hmt8kulomotor2R7AFWkI3Q8rL6XcKJRSDl
+cDbrHuECgYEAxFhMgldDhtYQfvsxpA+NLVL8G6Nfj5+zRTtlGp3+KhXqnJed84y8
+RhyfDd7sa2WZCyZyG7omJBLSXjnjGgvmT5ibgllCT0F1c3sVeBMEI21QCxWxxmLB
+3RBN6rBqxMdNpwn4AhOi397aIr9kch8iVpXcfif77xadeWVIgyW22CkCgYEAwTRd
+hjHfFNyU2qBWFg4i9LxWVZYaLqUa23z1IqDIzdAW+kyt/06Cln2cFdoH+XFjY2Ua
+Hm74HU+4QskoE+joGBkhr24Iwh5SLyOAwxcAbG4zYjWL9rBNe+wJVwmimV/Xv7A5
+bEOWPQyfNMGVQaV4T7NtNS9i7jsrdMtHqwAWOnUCgYAPdwz/rzPoaO//sHVmgLsT
++NdWrfWW8HNEXrtF72/XjMZf8ylDx7AErbhxdT+V7fiyAiM2v+DFMp5TQaf7ozhO
+yKxnBfTNHVDM+cLlJEpNKA0H8nuALsMqUGByvdaLDU+2eniIYVeQ3pK77etRedZQ
+j5lAbpHPcS6SI0Ik4lGWkQKBgQCRTtsQNK39OLFThMd6KwOrYYLlN9FVR6PddCvB
+8X9VG65MbiNnIxsgKDSeUq8wslD3znBId1lwYibJRBU6dC8rAKvPD0jTBo71GRSc
+pc4RvwgyUueDj7GXBD06EusRw322k8l8XZC/NaD/wqCJEPRdrSrzl0ImvqW+X6z1
+NUmCiQKBgQCcz9S2cwr6aCtwtpde+zGEdECNO2Sk7ZAVqUX7uuxig/SqryPUfrmJ
+tGGxoc2AoBZ6IE6+Ocq/B8HeFYfOTos59tn/HoKQp2LqCmunhBsuHlj1PS+e2JGz
+5f4Gg5OxvuvsMA19d3/E9D85drOoR1qKGt//DtvPwfY/nyyEVD19vw==
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
new file mode 100644
index 000000000..62fd2e9f5
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC67WM6HB9unhAcRoIXJ
+HbLFViHzQIpIirnePFIXq5DvOcQNApYQ8iO+94CvDDed05HEhML/ENbyTHjfMhKc
+JrstGtIPLk+QSeTNi14SGyhhSfxdAn/NrkATygOh8Qdjacxyq5wmTwZOVlq4waGb
+cQOlwvTVGijGQ786IRIezj56VhceTWnA3GgMUCM7zTkMKd8zmPZSX0bHxkcQqCk9
+8wXMpVAKaScZMPvHBrxHji0zG2QHvDpf5yUsomSXnqD/9D2oIKy2oG0sx9JXbz9A
+qPqBCPszUqY07b4QdOinHu8bkDmCSj0nAI8PdC010q3GAYLw6X1sxRCMldqVPRAU
+vQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
index fe3aaaaf0..0566cdcd8 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
@@ -1,276 +1,284 @@
-/* key_data.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#include "key_data.h"
-
-/*-------------------------------------------------------------------------
-      RX72N supports TSIP v1.09 or later
---------------------------------------------------------------------------*/
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 109)
-
-const st_key_block_data_t g_key_block_data =
-{
-    /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
-    {
-        0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF,
-        0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3,
-        0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83
-   },
-    /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
-    {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
-        0x34, 0xB2, 0x4D, 0x92
-    },
-    /* uint8_t 
-     * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xC8, 0x12, 0x94, 0x44, 0x43, 0x35, 0x82, 0x09, 0xF2, 0x54, 0x69, 0xB6, 
-        0x9B, 0x8E, 0x6F, 0x92, 0xE3, 0x3A, 0xB2, 0x55, 0x63, 0x8D, 0xDB, 0x47,
-        0x75, 0x8D, 0x9D, 0x56, 0xD7, 0x7F, 0x42, 0x3A, 0x04, 0x4C, 0xAA, 0xF1,
-        0x94, 0x9C, 0x8C, 0x97, 0xAF, 0x5C, 0xBA, 0x0E, 0xBD, 0x8A, 0xE3, 0x67,
-        0x3E, 0xF8, 0x4C, 0x8E, 0xB7, 0x71, 0xB0, 0xCE, 0x09, 0x3C, 0xEC, 0x9C,
-        0xCC, 0x81, 0x9D, 0x37, 0x9E, 0x34, 0x39, 0x6D, 0xF0, 0x7D, 0x1A, 0x4A,
-        0xEB, 0xF5, 0x99, 0x91, 0xE1, 0xB0, 0x99, 0x72, 0xB3, 0xF3, 0x2B, 0xE1,
-        0x6F, 0x5B, 0xD4, 0xA3, 0xB9, 0x9C, 0xEB, 0x95, 0xC3, 0xB2, 0x8F, 0x5C,
-        0x58, 0xD5, 0x0A, 0xAA, 0x02, 0x01, 0xBF, 0xE1, 0xE9, 0x23, 0xFB, 0x03,
-        0xCF, 0x54, 0x6D, 0x29, 0xE7, 0x5E, 0x96, 0x51, 0x68, 0x6B, 0xDD, 0x06,
-        0x67, 0x5E, 0x84, 0x50, 0x21, 0x50, 0x78, 0x89, 0x80, 0xF8, 0x61, 0x9C,
-        0xBE, 0xDA, 0x75, 0x55, 0x1A, 0xE6, 0x3C, 0xA5, 0x1C, 0xE4, 0x5A, 0x5C,
-        0x68, 0x7C, 0x48, 0xC7, 0x6A, 0xC9, 0x80, 0x54, 0x31, 0xE7, 0x65, 0x8A,
-        0x13, 0xF3, 0x6D, 0x0F, 0xB3, 0x62, 0x8D, 0x1B, 0xEA, 0x71, 0x12, 0x86,
-        0x50, 0x98, 0xA3, 0x8E, 0x64, 0x1D, 0x3E, 0xA4, 0x5A, 0x99, 0xB3, 0xBD,
-        0x3E, 0x3D, 0xF5, 0x0F, 0x41, 0x09, 0xFB, 0x04, 0x7B, 0x8D, 0xA1, 0xCF,
-        0xBA, 0x71, 0x85, 0x86, 0x3C, 0x04, 0xDD, 0x74, 0x8D, 0xE3, 0x3C, 0x8E,
-        0x52, 0x3C, 0x05, 0x7A, 0xBE, 0xCC, 0xEA, 0x9D, 0x57, 0x2C, 0x40, 0x05,
-        0xEE, 0x49, 0x1D, 0xD2, 0xA3, 0x5A, 0xFA, 0x25, 0x1D, 0x1F, 0xDD, 0xB5,
-        0x36, 0x7D, 0x25, 0xD3, 0x34, 0x39, 0xC2, 0x59, 0x57, 0xAD, 0x3C, 0x9D,
-        0xC9, 0xBF, 0x09, 0x8D, 0xA0, 0x40, 0x5A, 0x14, 0x7B, 0xCF, 0xFE, 0x05,
-        0x3E, 0xF3, 0xD1, 0x7D, 0xBB, 0x33, 0x96, 0x40, 0x79, 0xC2, 0x7B, 0x15,
-        0x2E, 0xEE, 0xE3, 0x5B, 0x9C, 0x06, 0x72, 0x95, 0xFF, 0xCB, 0xC9, 0xE4,
-        0x96, 0x97, 0x18, 0x0D, 0xE7, 0x78, 0xCD, 0xE9, 0xA7, 0xEA, 0xE9, 0xDF
-    },
-    /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
-    {
-        0
-    },
-    /* uint8_t
-     * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
-     */
-    {
-        0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
-        0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
-        0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
-        0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
-        0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
-        0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
-        0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
-        0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
-        0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
-        0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
-        0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
-        0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
-        0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
-        0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
-        0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
-        0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
-        0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
-        0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
-        0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
-        0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
-        0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
-        0x25, 0x5B, 0x52, 0xF3, 0xBC, 0xCE, 0x10, 0x77, 0x76, 0xE4, 0x5C, 0xCF,
-        0xC3, 0xA4, 0xCC, 0x11, 0xD3, 0x1E, 0x02, 0x98, 0x33, 0xA5, 0xF7, 0xD9,
-        0x43, 0xAB, 0x45, 0x9A, 0x97, 0x0D, 0x08, 0x03, 0xBD, 0xB2, 0xAB, 0x50
-    }, 
-    /* uint8_t 
-     * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
-     */
-    {
-        0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
-        0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
-        0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
-        0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
-        0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
-        0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
-        0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
-        0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
-        0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
-        0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
-        0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
-        0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
-        0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
-        0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
-        0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
-        0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
-        0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
-        0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
-        0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
-        0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
-        0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
-        0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61,
-        0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78,
-        0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3,
-        0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52,
-        0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32,
-        0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B,
-        0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98,
-        0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B,
-        0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88,
-        0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64,
-        0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3,
-        0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48,
-        0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE,
-        0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42,
-        0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95,
-        0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75,
-        0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F,
-        0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB,
-        0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C,
-        0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5,
-        0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4,
-        0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D,
-        0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83
-    },
-    /* uint8_t
-     * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xAD, 0x59, 0x2A, 0x12, 0xAA, 0xA8, 0x34, 0x30, 0xD4, 0xC9, 0xA1, 0x5A,
-        0xD2, 0xD8, 0xF8, 0x99, 0xA0, 0x26, 0x87, 0x27, 0x90, 0x39, 0x00, 0xEA,
-        0x64, 0x8F, 0x70, 0xF8, 0x1A, 0xA7, 0x44, 0xC8, 0xE6, 0x66, 0xCB, 0xF6,
-        0x8B, 0x00, 0xC7, 0x86, 0x2B, 0x14, 0x98, 0xDB, 0x03, 0xE8, 0xD5, 0x02,
-        0xB8, 0x02, 0x6D, 0x73, 0x66, 0x19, 0x94, 0x83, 0xC4, 0xB9, 0x57, 0x3D,
-        0xFE, 0xA7, 0x19, 0xAC, 0xBC, 0xE3, 0x75, 0x40, 0xC2, 0x48, 0x5E, 0xEF,
-        0x1E, 0x9E, 0xCC, 0xE2, 0xAC, 0xE6, 0xC8, 0x08
-     },
-    /* uint8_t
-     * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4,
-        0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6,
-        0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62,
-        0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21
-    },
-
-};
-
-/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/
-#if defined(USE_ECC_CERT)
-const uint32_t              encrypted_user_key_type =
-                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256;
-#else
-const uint32_t              encrypted_user_key_type =
-                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048;
-#endif
-
-const unsigned char ca_ecc_cert_der_sig[] =
-{
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
-};
-const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
-
-/* ./ca-cert.der.sign,  */
-const unsigned char ca_cert_der_sig[] =
-{
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
-};
-const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
-/* ./client-cert.der.sign,  */
-const unsigned char client_cert_der_sign[] =
-{
-    0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79,
-    0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B,
-    0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04,
-    0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1,
-    0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95,
-    0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
-    0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90,
-    0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE,
-    0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8,
-    0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1,
-    0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA,
-    0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
-    0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26,
-    0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60,
-    0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB,
-    0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5,
-    0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71,
-    0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
-    0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02,
-    0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23,
-    0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95,
-    0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9,
-    0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F,
-    0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
-    0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48,
-    0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05
-};
-const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
-uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
-uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
-
-#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >= 109) */
+/* key_data.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include "key_data.h"
+
+/*-------------------------------------------------------------------------
+      RX72N supports TSIP v1.09 or later
+--------------------------------------------------------------------------*/
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 109)
+
+const st_key_block_data_t g_key_block_data =
+{
+    /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
+    {
+        0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF,
+        0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3,
+        0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83
+   },
+    /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
+    {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23,
+        0x45, 0x67, 0x89, 0x01
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0xCF, 0x64, 0xE8, 0xB7, 0xAB, 0x18, 0x50, 0xFD, 0xF5, 0x33, 0xA7, 0xA4,
+        0x43, 0xA0, 0x3D, 0xCE, 0xEB, 0x7F, 0xC8, 0x1E, 0x7F, 0xE9, 0x4D, 0x6B,
+        0x2E, 0xFB, 0x00, 0x14, 0x72, 0x49, 0x6F, 0xAA, 0x13, 0x58, 0xCC, 0xA2,
+        0x49, 0xC7, 0x98, 0xEB, 0xBD, 0x9F, 0x10, 0x32, 0x99, 0xBA, 0x28, 0xC5,
+        0xA3, 0x6A, 0x01, 0x9C, 0x97, 0x6D, 0x9B, 0xDF, 0xE9, 0xE0, 0x24, 0x18,
+        0xD0, 0x59, 0x3C, 0x93, 0x96, 0x7C, 0x90, 0xCF, 0xED, 0xAE, 0xE0, 0xCE,
+        0xC6, 0xBE, 0x81, 0x23, 0xE2, 0xBC, 0xE9, 0x69, 0x3B, 0x4A, 0x65, 0xA6,
+        0x84, 0x02, 0xDF, 0x54, 0x24, 0x25, 0x48, 0x76, 0xEF, 0x2C, 0xB6, 0x87,
+        0xC8, 0x09, 0x5E, 0x0D, 0xCA, 0xC5, 0x97, 0xCD, 0xA4, 0x44, 0xCA, 0xC9,
+        0xAD, 0xA0, 0x9C, 0x54, 0x05, 0x85, 0x18, 0xA7, 0xBF, 0xD8, 0x37, 0xBD,
+        0xF7, 0x73, 0x5D, 0x30, 0xFB, 0x48, 0xB1, 0xE0, 0x41, 0x92, 0x74, 0x4A,
+        0x68, 0x21, 0xEC, 0xE4, 0x2C, 0x0C, 0xBC, 0x02, 0xAD, 0xA5, 0x6F, 0xDD,
+        0xA6, 0xD6, 0x1C, 0x72, 0x85, 0xFD, 0x37, 0xB6, 0x2E, 0x0A, 0xD6, 0xBE,
+        0x7A, 0x81, 0xD3, 0x50, 0x24, 0xBE, 0x69, 0xFD, 0x6D, 0xD6, 0xAA, 0x2E,
+        0xFA, 0x00, 0x0A, 0x33, 0xEF, 0x53, 0xFC, 0xA4, 0xE7, 0xA2, 0x3E, 0xCE,
+        0x24, 0x39, 0x4D, 0xCA, 0xE7, 0xAA, 0xC5, 0x82, 0x19, 0x40, 0x60, 0x0F,
+        0xD3, 0x2C, 0x7D, 0x8E, 0x13, 0xEC, 0xCB, 0x38, 0xE1, 0xC9, 0x97, 0xF9,
+        0x24, 0x1D, 0x7C, 0x77, 0xCD, 0x73, 0xBD, 0x76, 0xC7, 0x08, 0x49, 0x24,
+        0xAE, 0x83, 0xE3, 0x99, 0x28, 0x62, 0xF9, 0x70, 0xD8, 0xB5, 0x28, 0x03,
+        0x83, 0x0A, 0xE0, 0xEB, 0x1C, 0xC9, 0xE4, 0x0E, 0x31, 0xF9, 0x5A, 0x0B,
+        0x3D, 0x06, 0x24, 0x49, 0x3B, 0xAE, 0xFE, 0x99, 0xAC, 0x59, 0x20, 0x6E,
+        0xF4, 0xE1, 0x4B, 0x3C, 0x7B, 0x86, 0xF7, 0x48, 0xAA, 0x3A, 0x79, 0x8D,
+        0x71, 0x4B, 0x7C, 0x4B, 0x5A, 0x74, 0x31, 0xB1, 0x6A, 0xA6, 0xD4, 0xC4,
+        0xE1, 0x59, 0x90, 0x62, 0x09, 0xAB, 0xA4, 0x91, 0x02, 0x0A, 0x22, 0x2B
+    },
+    /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
+    {
+        0
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
+     */
+    {
+        0x60, 0x6B, 0x2E, 0x15, 0xAB, 0xE2, 0x51, 0x4D, 0x75, 0xEA, 0xF4, 0xE8,
+        0xF5, 0x21, 0xC3, 0x31, 0xF9, 0x3C, 0x8A, 0x7D, 0x2B, 0x55, 0x7B, 0xA7,
+        0xC0, 0xC5, 0xE0, 0xBC, 0x56, 0x75, 0xEB, 0xFA, 0x43, 0x6E, 0x49, 0x4F,
+        0x29, 0xD6, 0xE8, 0xAC, 0xDA, 0x44, 0xDD, 0x82, 0x23, 0xEC, 0x3D, 0x0E,
+        0xE2, 0xA1, 0xE7, 0xF3, 0x81, 0xB3, 0x4D, 0x81, 0x9A, 0xFB, 0xCE, 0x1A,
+        0x57, 0xE7, 0x0E, 0x8B, 0xDC, 0x18, 0xD8, 0xB4, 0x97, 0xD0, 0xA9, 0x5D,
+        0x81, 0xFB, 0x13, 0x10, 0x19, 0xD1, 0x0D, 0x43, 0xE6, 0x1D, 0xFC, 0x80,
+        0x32, 0x97, 0x6A, 0xB2, 0xB2, 0x63, 0xD9, 0xC2, 0x09, 0x34, 0xF3, 0xA0,
+        0x0C, 0xCE, 0x06, 0x6C, 0xB2, 0xB9, 0x2A, 0xDF, 0xEE, 0x68, 0x8B, 0x4E,
+        0x8C, 0xBA, 0xF8, 0xA7, 0x60, 0x3C, 0xCC, 0xD4, 0x94, 0x42, 0xCC, 0x37,
+        0x4B, 0xED, 0x70, 0xB1, 0x53, 0xBD, 0xE8, 0x92, 0xB9, 0x8B, 0x07, 0x27,
+        0x42, 0xC2, 0x1B, 0xE1, 0x7D, 0x45, 0xBC, 0xB9, 0xB4, 0x3D, 0xD1, 0x62,
+        0x44, 0x76, 0x4E, 0xFA, 0xE5, 0x00, 0x4F, 0x6B, 0xE6, 0xBB, 0x32, 0xFB,
+        0xD6, 0xEC, 0x58, 0x98, 0xFB, 0x80, 0xF7, 0x0E, 0x96, 0x9B, 0xBB, 0xCF,
+        0xDE, 0x31, 0x09, 0x39, 0x1A, 0x31, 0x49, 0xB8, 0x2F, 0x99, 0xEA, 0x9A,
+        0xF2, 0x46, 0xDB, 0x09, 0x21, 0xB1, 0x41, 0x98, 0x38, 0x9A, 0xDD, 0xEE,
+        0xA3, 0xEE, 0x02, 0xBB, 0x2D, 0x79, 0x44, 0xD0, 0x81, 0x60, 0x0E, 0xD3,
+        0xFF, 0xBC, 0x98, 0x6B, 0x5A, 0x19, 0x47, 0xEB, 0x88, 0xC3, 0x25, 0x58,
+        0xD8, 0x77, 0x95, 0x40, 0x76, 0xE3, 0x56, 0xCF, 0x94, 0x2D, 0xFE, 0x43,
+        0x63, 0xD6, 0x8D, 0xA0, 0x1B, 0x43, 0x33, 0xEB, 0xBC, 0xE7, 0x92, 0x40,
+        0xA2, 0xD5, 0x98, 0x5C, 0xF8, 0x91, 0xAF, 0x0B, 0xD2, 0x8E, 0xA8, 0x58,
+        0x84, 0x7D, 0x90, 0xBD, 0x46, 0x09, 0xD1, 0x14, 0x95, 0x32, 0x8F, 0x49,
+        0xC6, 0xDE, 0xB8, 0xA5, 0xC6, 0xFA, 0xB5, 0x5F, 0xA7, 0x41, 0x29, 0x68,
+        0x87, 0xE9, 0xAF, 0xC8, 0x6F, 0xFE, 0x50, 0x84, 0x01, 0x2E, 0x02, 0x6A
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
+     */
+    {
+        0x60, 0x6B, 0x2E, 0x15, 0xAB, 0xE2, 0x51, 0x4D, 0x75, 0xEA, 0xF4, 0xE8,
+        0xF5, 0x21, 0xC3, 0x31, 0xF9, 0x3C, 0x8A, 0x7D, 0x2B, 0x55, 0x7B, 0xA7,
+        0xC0, 0xC5, 0xE0, 0xBC, 0x56, 0x75, 0xEB, 0xFA, 0x43, 0x6E, 0x49, 0x4F,
+        0x29, 0xD6, 0xE8, 0xAC, 0xDA, 0x44, 0xDD, 0x82, 0x23, 0xEC, 0x3D, 0x0E,
+        0xE2, 0xA1, 0xE7, 0xF3, 0x81, 0xB3, 0x4D, 0x81, 0x9A, 0xFB, 0xCE, 0x1A,
+        0x57, 0xE7, 0x0E, 0x8B, 0xDC, 0x18, 0xD8, 0xB4, 0x97, 0xD0, 0xA9, 0x5D,
+        0x81, 0xFB, 0x13, 0x10, 0x19, 0xD1, 0x0D, 0x43, 0xE6, 0x1D, 0xFC, 0x80,
+        0x32, 0x97, 0x6A, 0xB2, 0xB2, 0x63, 0xD9, 0xC2, 0x09, 0x34, 0xF3, 0xA0,
+        0x0C, 0xCE, 0x06, 0x6C, 0xB2, 0xB9, 0x2A, 0xDF, 0xEE, 0x68, 0x8B, 0x4E,
+        0x8C, 0xBA, 0xF8, 0xA7, 0x60, 0x3C, 0xCC, 0xD4, 0x94, 0x42, 0xCC, 0x37,
+        0x4B, 0xED, 0x70, 0xB1, 0x53, 0xBD, 0xE8, 0x92, 0xB9, 0x8B, 0x07, 0x27,
+        0x42, 0xC2, 0x1B, 0xE1, 0x7D, 0x45, 0xBC, 0xB9, 0xB4, 0x3D, 0xD1, 0x62,
+        0x44, 0x76, 0x4E, 0xFA, 0xE5, 0x00, 0x4F, 0x6B, 0xE6, 0xBB, 0x32, 0xFB,
+        0xD6, 0xEC, 0x58, 0x98, 0xFB, 0x80, 0xF7, 0x0E, 0x96, 0x9B, 0xBB, 0xCF,
+        0xDE, 0x31, 0x09, 0x39, 0x1A, 0x31, 0x49, 0xB8, 0x2F, 0x99, 0xEA, 0x9A,
+        0xF2, 0x46, 0xDB, 0x09, 0x21, 0xB1, 0x41, 0x98, 0x38, 0x9A, 0xDD, 0xEE,
+        0xA3, 0xEE, 0x02, 0xBB, 0x2D, 0x79, 0x44, 0xD0, 0x81, 0x60, 0x0E, 0xD3,
+        0xFF, 0xBC, 0x98, 0x6B, 0x5A, 0x19, 0x47, 0xEB, 0x88, 0xC3, 0x25, 0x58,
+        0xD8, 0x77, 0x95, 0x40, 0x76, 0xE3, 0x56, 0xCF, 0x94, 0x2D, 0xFE, 0x43,
+        0x63, 0xD6, 0x8D, 0xA0, 0x1B, 0x43, 0x33, 0xEB, 0xBC, 0xE7, 0x92, 0x40,
+        0xA2, 0xD5, 0x98, 0x5C, 0xF8, 0x91, 0xAF, 0x0B, 0xD2, 0x8E, 0xA8, 0x58,
+        0x84, 0x7D, 0x90, 0xBD, 0x56, 0x1F, 0x2D, 0x1B, 0x8C, 0x17, 0x9E, 0xBA,
+        0x0C, 0x61, 0xF8, 0x1B, 0xFB, 0xA4, 0x9E, 0x71, 0xA8, 0x09, 0x9E, 0xA9,
+        0x0D, 0x2B, 0x18, 0x32, 0xFE, 0x56, 0x09, 0x1B, 0xD4, 0x0D, 0xEE, 0x58,
+        0x40, 0x3B, 0x2D, 0x85, 0x52, 0xDA, 0x75, 0x2E, 0x8E, 0x52, 0xE1, 0x06,
+        0x64, 0xA3, 0x06, 0x6B, 0x3E, 0x71, 0x45, 0x94, 0xE0, 0x12, 0x6F, 0x15,
+        0x03, 0x57, 0x87, 0xBF, 0xE2, 0x05, 0xF7, 0x0D, 0xEA, 0x27, 0x9D, 0x9C,
+        0xC4, 0x55, 0x7F, 0x87, 0x85, 0x87, 0x7F, 0xA7, 0xE4, 0xB4, 0xA6, 0x6F,
+        0xB9, 0x18, 0x2E, 0x3C, 0xCF, 0x8E, 0x61, 0xD9, 0x13, 0x8C, 0xC4, 0xFF,
+        0xA5, 0x0A, 0x86, 0xB7, 0x6D, 0x03, 0xA4, 0x48, 0xF5, 0xF4, 0xF5, 0x64,
+        0xEA, 0x43, 0x54, 0xEB, 0x27, 0xEE, 0xD6, 0xD8, 0x89, 0xDB, 0x62, 0x37,
+        0x73, 0x85, 0x86, 0xCA, 0x32, 0xE4, 0xA5, 0x61, 0x65, 0xA0, 0x0F, 0x59,
+        0xA1, 0xB5, 0xB6, 0xE4, 0xA5, 0xDC, 0xFF, 0x81, 0x86, 0xB0, 0x84, 0x1A,
+        0x4C, 0x68, 0xDA, 0xEB, 0x3D, 0x64, 0x40, 0x9D, 0x6B, 0x4B, 0x2A, 0x2B,
+        0x09, 0xE5, 0xF0, 0x78, 0xC2, 0x47, 0x37, 0xCB, 0xE8, 0xD1, 0xA5, 0xD8,
+        0xAA, 0x54, 0xC4, 0x23, 0xF9, 0x21, 0xF9, 0x78, 0x22, 0xB1, 0x40, 0x96,
+        0xF9, 0xEB, 0xCB, 0x7A, 0x4B, 0xFF, 0x78, 0x8A, 0x7B, 0x8A, 0x09, 0xA9,
+        0x94, 0x30, 0x4E, 0x20, 0xD2, 0x24, 0x1D, 0xED, 0x45, 0xA2, 0xAB, 0xFC,
+        0xFD, 0x6A, 0xBE, 0xA7, 0x18, 0xD4, 0x5B, 0xE5, 0xBE, 0x83, 0x9F, 0xEC,
+        0xA3, 0xBA, 0xEA, 0x62, 0x7E, 0xA0, 0xA2, 0x7C, 0x61, 0x8D, 0xF5, 0x42,
+        0x50, 0x73, 0xE0, 0x66, 0x0B, 0x61, 0xD7, 0x86, 0x7C, 0x72, 0xF9, 0x86,
+        0x0B, 0x8C, 0xC1, 0xB4, 0x2E, 0x9D, 0x19, 0xD1, 0xA4, 0xDC, 0x47, 0x85,
+        0xB1, 0xBA, 0x16, 0x30, 0x97, 0x80, 0x98, 0x29, 0x16, 0xFA, 0xFD, 0x50,
+        0xC6, 0x7F, 0x69, 0xA0, 0x16, 0xAF, 0x0A, 0x56, 0xDB, 0x1D, 0x53, 0xC4
+    },
+    /* uint8_t
+     * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0x12, 0xF0, 0x90, 0x57, 0xDA, 0x92, 0xB4, 0x6A, 0xD9, 0xD3, 0x4D, 0x54,
+        0x4C, 0x96, 0x8E, 0xB3, 0xAA, 0x33, 0x06, 0xC3, 0x7F, 0x4B, 0x6F, 0xFD,
+        0xA9, 0x11, 0x73, 0x0F, 0x70, 0x73, 0xA0, 0xF7, 0x73, 0xE7, 0x8B, 0xDB,
+        0xD4, 0x56, 0x4D, 0x7B, 0xCB, 0x79, 0x1E, 0x9B, 0x71, 0x74, 0xDF, 0x53,
+        0x05, 0xA8, 0x54, 0xB2, 0x8B, 0x55, 0xE1, 0x7F, 0x3D, 0x4A, 0xC8, 0x84,
+        0xB4, 0xD8, 0xBB, 0x9A, 0xDE, 0x2E, 0x42, 0x48, 0x9B, 0x12, 0x0B, 0x1B,
+        0x1A, 0xDB, 0x3E, 0x0E, 0xE3, 0x07, 0xF8, 0x3B
+     },
+    /* uint8_t
+     * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0x07, 0x21, 0xB3, 0x4A, 0x2D, 0xCE, 0xBE, 0x59, 0xBC, 0x8C, 0xE1, 0x84,
+        0xF0, 0xE3, 0xEF, 0x07, 0xD8, 0xE4, 0x30, 0x31, 0xB7, 0xE2, 0xB0, 0xA6,
+        0x6E, 0x51, 0xAE, 0xFD, 0x6B, 0x43, 0xB2, 0xFE, 0x1F, 0x16, 0x99, 0x67,
+        0x7D, 0x33, 0x1F, 0xF9, 0x5B, 0x3C, 0xB1, 0xAC, 0x90, 0xE4, 0x05, 0x7F
+    },
+
+};
+
+/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/
+#if defined(USE_ECC_CERT)
+const uint32_t              encrypted_user_key_type =
+                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256;
+#else
+const uint32_t              encrypted_user_key_type =
+                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048;
+#endif
+
+const unsigned char ca_ecc_cert_der_sig[] =
+{
+    0x80, 0x1C, 0x3A, 0xC0, 0x74, 0xC8, 0xF8, 0xB7, 0x23, 0xB0,
+    0x4D, 0xEC, 0x5A, 0xA3, 0x28, 0xD9, 0x27, 0x93, 0xD2, 0xEF,
+    0x48, 0xBD, 0x29, 0x99, 0x65, 0x7F, 0xCB, 0x60, 0xD3, 0xB7,
+    0xFF, 0x4D, 0xC4, 0x2D, 0x07, 0x53, 0xD3, 0xF9, 0xB6, 0xE7,
+    0x56, 0x25, 0x5D, 0x3E, 0x9C, 0x31, 0x1D, 0x8D, 0xA3, 0x29,
+    0xA0, 0x9C, 0xFB, 0xEC, 0x91, 0xF5, 0x58, 0x14, 0x11, 0xFD,
+    0x43, 0xFB, 0xA5, 0xAC, 0x70, 0xAE, 0x68, 0x89, 0x03, 0x32,
+    0x82, 0x53, 0xB9, 0xE3, 0x40, 0xD4, 0x50, 0xC5, 0xB4, 0xB2,
+    0x1F, 0xF6, 0x24, 0x10, 0xFE, 0x76, 0xA2, 0x1C, 0xAE, 0x01,
+    0x79, 0xBF, 0xF7, 0x5A, 0x5C, 0xA9, 0x9B, 0x80, 0x02, 0x7D,
+    0x24, 0x94, 0xCE, 0xFE, 0x41, 0x85, 0x1A, 0x63, 0x50, 0xD4,
+    0xDE, 0xBD, 0xB4, 0x26, 0xA4, 0x13, 0xE3, 0x94, 0x0C, 0xBB,
+    0xBE, 0x27, 0x0F, 0xDE, 0xF2, 0x2A, 0x0D, 0xD5, 0x79, 0x4B,
+    0x7A, 0xD6, 0x3C, 0x3B, 0xED, 0x4D, 0xAB, 0xB6, 0xBD, 0x53,
+    0x57, 0x9B, 0xA1, 0x69, 0x26, 0xD3, 0xDF, 0x47, 0x64, 0x4F,
+    0xD5, 0xC9, 0x11, 0x35, 0xB6, 0x17, 0x6C, 0x48, 0x6E, 0xBE,
+    0xCB, 0x0C, 0x63, 0x8C, 0x31, 0x45, 0x8B, 0x7F, 0x93, 0x02,
+    0x7C, 0xC6, 0xD3, 0x14, 0x2F, 0x5B, 0x41, 0x72, 0x4F, 0x48,
+    0xE6, 0xCC, 0x89, 0x4E, 0x31, 0x98, 0xBA, 0xBA, 0xE0, 0xAA,
+    0x04, 0x68, 0xF2, 0x07, 0xF5, 0x0B, 0x1F, 0xC2, 0x21, 0x28,
+    0x38, 0x44, 0xAF, 0x2C, 0x7C, 0x1B, 0x69, 0x12, 0xCC, 0x3B,
+    0xF7, 0xE8, 0xC2, 0x56, 0x00, 0x10, 0x14, 0x05, 0x6F, 0x29,
+    0x80, 0x7C, 0x1E, 0xB2, 0x37, 0x2C, 0xBF, 0x09, 0x77, 0xC9,
+    0x1D, 0xB1, 0x13, 0x7A, 0xDC, 0x87, 0x7D, 0xF1, 0x2E, 0xBC,
+    0xFC, 0x2B, 0x3D, 0x4A, 0x55, 0xD5, 0x85, 0x0C, 0xF1, 0x1D,
+    0xFE, 0x80, 0x73, 0xD9, 0xB4, 0x84
+};
+const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
+
+/* ./ca-cert.der.sign,  */
+const unsigned char ca_cert_der_sig[] =
+{
+    0x77, 0x62, 0x9D, 0x3D, 0x7A, 0x60, 0xF7, 0x9C, 0x7C, 0x1C,
+    0xC8, 0x9D, 0x09, 0x2D, 0x98, 0xBE, 0x39, 0x25, 0x4E, 0x05,
+    0xED, 0xF1, 0x93, 0xB1, 0x4B, 0x1B, 0x29, 0x2D, 0x8F, 0x3A,
+    0xCA, 0x3A, 0x8F, 0x3F, 0x77, 0x61, 0xF1, 0x97, 0x05, 0x69,
+    0xDC, 0x4A, 0x92, 0x52, 0x29, 0xC8, 0x26, 0x38, 0x53, 0x7A,
+    0x41, 0x7C, 0x73, 0xCA, 0xA7, 0x6B, 0xD7, 0x19, 0xC4, 0x99,
+    0x64, 0xCD, 0x27, 0xC9, 0x85, 0x19, 0x53, 0xD2, 0x93, 0xC5,
+    0x7A, 0xE5, 0xDC, 0x88, 0xA0, 0xFB, 0xB3, 0xEB, 0x8B, 0x01,
+    0xD6, 0x80, 0x9C, 0x93, 0x9D, 0x44, 0x5A, 0x17, 0x4B, 0x87,
+    0x8B, 0xD1, 0x08, 0xBA, 0x82, 0x87, 0xA7, 0x69, 0x06, 0x70,
+    0x67, 0x68, 0xE3, 0xD1, 0x6C, 0x05, 0x85, 0x97, 0x84, 0x6B,
+    0xBF, 0xC2, 0x91, 0xBC, 0xA5, 0x32, 0x37, 0x99, 0x5C, 0xC7,
+    0xE9, 0x8C, 0x4F, 0xBD, 0xFD, 0x66, 0x98, 0x38, 0xD8, 0x31,
+    0x4E, 0x97, 0x57, 0x66, 0x0C, 0x1F, 0x43, 0x81, 0xC5, 0x0F,
+    0xA2, 0x5A, 0xF2, 0xF6, 0x68, 0x9D, 0x97, 0xA9, 0x39, 0x42,
+    0xFD, 0xCB, 0xCB, 0x29, 0x56, 0xA0, 0x49, 0x8D, 0x79, 0x40,
+    0x66, 0x60, 0xC1, 0xB1, 0x99, 0xD7, 0x32, 0x06, 0x80, 0x64,
+    0x43, 0x7F, 0x2B, 0x5A, 0xF7, 0xD9, 0x54, 0xF6, 0x3E, 0x2C,
+    0x92, 0x6F, 0xEE, 0xCA, 0x59, 0x53, 0xC1, 0xCA, 0x3C, 0xDB,
+    0xA3, 0x20, 0xF9, 0x8D, 0xEF, 0xFD, 0x8B, 0x08, 0xCE, 0x25,
+    0x58, 0x16, 0x00, 0x93, 0xB6, 0xF6, 0xF8, 0x7D, 0x1C, 0x35,
+    0xD2, 0x8E, 0xAE, 0x51, 0x1F, 0x08, 0x99, 0xBA, 0x63, 0x4B,
+    0x05, 0x93, 0x61, 0x64, 0x40, 0x85, 0x71, 0x69, 0xBB, 0xF2,
+    0xC4, 0xAE, 0x9E, 0xFB, 0x5C, 0xD1, 0x3F, 0x5F, 0x0D, 0x85,
+    0xAA, 0x73, 0x23, 0x16, 0xE7, 0x13, 0x60, 0x5D, 0xF4, 0x88,
+    0x34, 0xB1, 0xD2, 0xC9, 0x6B, 0xD4
+};
+const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
+/* ./client-cert.der.sign,  */
+const unsigned char client_cert_der_sign[] =
+{
+    0x21, 0x2A, 0x81, 0xFF, 0xC2, 0x4C, 0x98, 0xFF, 0xB8, 0x99,
+	0xFC, 0x14, 0x07, 0xBA, 0xBD, 0x7F, 0x58, 0x0F, 0x23, 0x49,
+	0x6B, 0xFA, 0x47, 0xAC, 0xF5, 0xCF, 0x7A, 0x76, 0x89, 0x07,
+	0x22, 0x2F, 0x2A, 0xC5, 0x9F, 0x6D, 0x37, 0xFC, 0x7E, 0x51,
+	0x55, 0x29, 0xDA, 0xF9, 0x7E, 0x30, 0x25, 0x3F, 0x38, 0xE3,
+	0x5B, 0xD8, 0xD1, 0xC4, 0xE1, 0x05, 0x14, 0x5D, 0x3A, 0x8C,
+	0xFC, 0x42, 0x7D, 0x38, 0x21, 0x5B, 0x0B, 0xC8, 0x6E, 0x80,
+	0x35, 0xA7, 0x0B, 0xAB, 0x9E, 0x8B, 0x7F, 0x04, 0xE5, 0x43,
+	0x2E, 0xFF, 0x11, 0x67, 0x04, 0xF4, 0x52, 0x52, 0xEF, 0x6C,
+	0xC6, 0x30, 0x63, 0xE0, 0xAE, 0xCB, 0xD0, 0xBC, 0x7F, 0xB7,
+	0x98, 0xD4, 0x08, 0x76, 0x49, 0xFF, 0x0E, 0xAF, 0x2B, 0x3B,
+	0xA0, 0xFD, 0x25, 0xD5, 0x42, 0x02, 0x0A, 0xAA, 0xC0, 0x0C,
+	0x5C, 0x62, 0x04, 0xD0, 0x4A, 0xE7, 0xEA, 0x26, 0x72, 0xE1,
+	0x35, 0x8D, 0x47, 0x5A, 0xE6, 0x9A, 0xD5, 0x5C, 0x31, 0x79,
+	0x7A, 0xEE, 0x59, 0xAD, 0x1B, 0x04, 0x2C, 0xFF, 0x74, 0x9D,
+	0xA5, 0x90, 0x21, 0xCE, 0xC2, 0x04, 0x41, 0x98, 0x14, 0x27,
+	0xF8, 0x35, 0xB9, 0xF5, 0x73, 0x1D, 0xAE, 0x2F, 0x8F, 0x44,
+	0x79, 0xCA, 0xE7, 0x38, 0xDD, 0x15, 0x11, 0xDB, 0xA5, 0x6D,
+	0xE6, 0x7F, 0x4E, 0x73, 0xE6, 0x2E, 0x98, 0xF3, 0xDD, 0x5A,
+	0x34, 0x24, 0x6B, 0xAF, 0x28, 0xDC, 0x3A, 0x10, 0x0D, 0x54,
+	0x86, 0x11, 0x52, 0x0F, 0x88, 0x65, 0x03, 0xE5, 0x1C, 0x04,
+	0x45, 0x6B, 0x25, 0x3E, 0x8D, 0x5B, 0xD7, 0x2E, 0x33, 0x06,
+	0xAA, 0x23, 0xFE, 0x1B, 0x7B, 0xE8, 0xB9, 0xA7, 0x80, 0x3F,
+	0x08, 0x89, 0x6A, 0x22, 0x3F, 0xE0, 0xB8, 0xF3, 0xA4, 0x0A,
+	0xC6, 0xA5, 0x51, 0xC4, 0x1A, 0x38, 0xE3, 0xD2, 0x8A, 0x1C,
+	0xF1, 0xAE, 0x89, 0xFB, 0xCE, 0x9E
+};
+const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
+
+uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
+
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >= 109) */
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
index 2d6bead06..2872b0886 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
@@ -1,68 +1,72 @@
-/* key_data.h
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-
-
-
-#ifndef KEY_DATA_H_
-#define KEY_DATA_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-
-#if defined(WOLFSSL_RENESAS_TSIP)
-
-#include "r_tsip_rx_if.h"
-
-typedef struct st_key_block_data
-{
-    /* encrypted provisioning key */
-    uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
-    /* iv */
-    uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
-    /* RSA2048 public key for RootCA sign verification */
-    uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-    /* update key (not used) */
-    uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
-    /* wrapped client RSA2048bit public key */
-    uint8_t encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-    /* wrapped client RSA2048bit private key */
-    uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
-    /* wrapped client ECC P256 public key */
-    uint8_t encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
-    /* wrapped client ECC P256 private key */
-    uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
-} st_key_block_data_t;
-
-
-extern const uint32_t               encrypted_user_key_type;
-extern const st_key_block_data_t    g_key_block_data;
-
-extern const unsigned char          ca_cert_der_sig[];
-extern const unsigned char          ca_ecc_cert_der_sig[];
-extern const unsigned char          client_cert_der_sign[];
-extern const int                    sizeof_ca_cert_der;
-
-
-#endif /* WOLFSSL_RENESAS_TSIP */
-#endif /* KEY_DATA_H_ */
-
+/* key_data.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+
+#ifndef KEY_DATA_H_
+#define KEY_DATA_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+
+#if defined(WOLFSSL_RENESAS_TSIP)
+
+#include "r_tsip_rx_if.h"
+
+typedef struct st_key_block_data
+{
+    /* encrypted provisioning key */
+    uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
+    /* iv */
+    uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
+    /* RSA2048 public key for RootCA sign verification */
+    uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+    /* update key (not used) */
+    uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
+    /* wrapped client RSA2048bit public key */
+    uint8_t encrypted_user_rsa2048_public_key[
+                                    R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+    /* wrapped client RSA2048bit private key */
+    uint8_t encrypted_user_rsa2048_private_key[
+                                    R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
+    /* wrapped client ECC P256 public key */
+    uint8_t encrypted_user_ecc256_public_key[
+                                    R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
+    /* wrapped client ECC P256 private key */
+    uint8_t encrypted_user_ecc256_private_key[
+                                    R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+} st_key_block_data_t;
+
+
+extern const uint32_t               encrypted_user_key_type;
+extern const st_key_block_data_t    g_key_block_data;
+
+extern const unsigned char          ca_cert_der_sig[];
+extern const unsigned char          ca_ecc_cert_der_sig[];
+extern const unsigned char          client_cert_der_sign[];
+extern const int                    sizeof_ca_cert_der;
+
+
+#endif /* WOLFSSL_RENESAS_TSIP */
+#endif /* KEY_DATA_H_ */
+
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
index 516bbfe8e..70c5fc88f 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,9 +40,10 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 #if defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_SERVER)
@@ -239,14 +240,18 @@
 #if defined(WOLFSSL_RENESAS_TSIP)
     /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
     /* Enable TSIP TLS (default)
-     *   TSIP CRYPTONLY is also enabled.
+     *   TSIP CRYPT is also enabled.
      * Disable TSIP TLS
+     *   TSIP CRYPT is also disabled
      *   TSIP CRYPTONLY is only enabled.
      */
     #define WOLFSSL_RENESAS_TSIP_TLS
 
+    /* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+    /* #define WOLFSSL_KEY_GEN                */
+    /* #define RSA_MIN_SIZE 1024              */
+
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -260,10 +265,20 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+    /*-------------------------------------------------------------------------
+     * TSIP generates random numbers using the CRT-DRBG described
+     * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+     * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+     * directly. Comment out the macro will generate random number by
+     * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+     *-----------------------------------------------------------------------*/
+    #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+    #if !defined(min)
+        #define min(data1, data2)    _builtin_min(data1, data2)
+    #endif
 #endif
 
 
@@ -277,4 +292,5 @@
 /*-- strcasecmp */
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
-#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
+/* use original ASN parsing */
+#define WOLFSSL_ASN_ORIGINAL
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
index 5d1f91367..2c97bb479 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
@@ -1,6 +1,6 @@
 /* wolfssl_demo.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,9 +23,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-
-
-
+#include <stdarg.h>
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfssl/ssl.h"
@@ -67,10 +65,10 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.11.49"
+#define TLSSERVER_IP      "192.168.11.47"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
+#define YEAR 2024
+#define MON  9
 #define FREQ 10000 /* Hz */
 #define MAX_MSGSTR  80
 
@@ -201,7 +199,7 @@ static void Tls_client_init()
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -216,7 +214,7 @@ static void Tls_client_init()
     wolfSSL_Init();
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -228,7 +226,7 @@ static void Tls_client_init()
 
     /* load root CA certificate */
     #if defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
                             SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
            printf("ERROR: can't load certificate data\n");
        return;
@@ -239,7 +237,7 @@ static void Tls_client_init()
         return NULL;
     }
     #endif
-     
+
     #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS)
 
     if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
@@ -311,7 +309,7 @@ static void Tls_client(void *pvParam)
     if (ret == 0) {
         ssl = wolfSSL_new(ctx);
         if (ssl == NULL) {
-            msg(pcName, p->id, "ERROR wolfSSL_new: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_new: %d\n",
                                         wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -345,7 +343,7 @@ static void Tls_client(void *pvParam)
     if (ret == 0) {
         /* associate socket with ssl object */
         if (wolfSSL_set_fd(ssl, (int)socket) != WOLFSSL_SUCCESS) {
-            msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -404,11 +402,11 @@ static void Tls_client(void *pvParam)
         }
     }
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
-    
+
     #else
     /* Client authentication using RSA certificate can be handled by TSIP.
      * Note that the internal verification of the signature process requires
-     * not only the client's private key but also its public key, so pass them 
+     * not only the client's private key but also its public key, so pass them
      * using tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS
      * respectively.
          */
@@ -422,7 +420,7 @@ static void Tls_client(void *pvParam)
             }
         }
         if (ret == 0) {
-            ret = tsip_use_PublicKey_buffer(ssl,
+            ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
                                                             TSIP_RSA2048);
@@ -435,9 +433,9 @@ static void Tls_client(void *pvParam)
 #else
     #if defined(USE_ECC_CERT)
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, 
+        err = wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
+                                    sizeof_ecc_clikey_der_256,
                                     WOLFSSL_FILETYPE_ASN1);
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
@@ -446,10 +444,10 @@ static void Tls_client(void *pvParam)
         }
     }
     #else
-    if (ret == 0) { 
+    if (ret == 0) {
         err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-         
+
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
@@ -464,7 +462,7 @@ static void Tls_client(void *pvParam)
 #endif
     if (ret == 0) {
         if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
-            msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -473,9 +471,9 @@ static void Tls_client(void *pvParam)
    wolfSSL_Debugging_OFF();
 #endif
     if (ret == 0) {
-        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != 
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
                                                             strlen(sendBuff)) {
-            msg(pcName, p->id, "ERROR wolfSSL_write: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_write: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -483,7 +481,7 @@ static void Tls_client(void *pvParam)
 
     if (ret == 0) {
         if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE -1)) < 0) {
-            msg(pcName, p->id, "ERROR wolfSSL_read: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_read: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -493,7 +491,7 @@ static void Tls_client(void *pvParam)
             ret = 0;
         }
     }
-    
+
 #if defined(TLS_MULTITHREAD_TEST)
 out:
 #endif
@@ -600,7 +598,7 @@ static void Tls_client_demo(void)
     tsip_inform_cert_sign((const byte*)ca_ecc_cert_der_sig);
 
     #else
-    
+
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte*)ca_cert_der_sig);
 
@@ -639,7 +637,7 @@ static void Tls_client_demo(void)
 
             printf(" %s connecting to %d port\n", info[j].name, info[j].port);
 
-            xReturned = xTaskCreate(Tls_client, info[j].name, 
+            xReturned = xTaskCreate(Tls_client, info[j].name,
                                         THREAD_STACK_SIZE, &info[j], 3, NULL);
             if (xReturned != pdPASS) {
                 printf("Failed to create task\n");
@@ -647,7 +645,7 @@ static void Tls_client_demo(void)
         }
 
         for (j = i; j < (i+2); j++) {
-            xSemaphoreGiveFromISR(info[j].xBinarySemaphore, 
+            xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
                                                     &xHigherPriorityTaskWoken);
         }
 
@@ -695,7 +693,7 @@ static void Tls_client_demo(void)
 #endif /* TLS_CLIENT */
 
 /* Demo entry function called by iot_demo_runner
- * To run this entry function as an aws_iot_demo, define this as 
+ * To run this entry function as an aws_iot_demo, define this as
  * DEMO_entryFUNCTION in aws_demo_config.h.
  */
 void wolfSSL_demo_task(bool         awsIotMqttMode,
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
index c11e59c83..cc0b9c2cd 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
index f89b48cf1..e714a39ca 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_tsip_unit_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,11 +56,11 @@
 #endif
 
 #ifndef NO_SHA
- int sha_test();
+ int sha_test(void);
 #endif
 
 #ifndef NO_SHA256
- int sha256_test();
+ int sha256_test(void);
 #endif
 
 #define SMALL_STACK_SIZE (1 * 1024)
@@ -107,22 +107,13 @@ typedef struct tagInfo
 
  void Clr_CallbackCtx(TsipUserCtx *g)
  {
+     XFREE(g->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-     if (g->rsa1024pri_keyIdx != NULL)
-         XFREE(g->rsa1024pri_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     XFREE(g->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-     if (g->rsa1024pub_keyIdx != NULL)
-         XFREE(g->rsa1024pub_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     XFREE(g->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-     if (g->rsa2048pri_keyIdx != NULL)
-         XFREE(g->rsa2048pri_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-     if (g->rsa2048pub_keyIdx != NULL)
-         XFREE(g->rsa2048pub_keyIdx,
-                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     XFREE(g->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
      XMEMSET(g, 0, sizeof(TsipUserCtx));
  }
 
@@ -135,11 +126,11 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
 
     Aes  aes[1];
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
         /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -148,22 +139,22 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     byte key[] = "0123456789abcdef   ";  /* align */
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    ForceZero(cipher, AES_BLOCK_SIZE);
-    ForceZero(plain, AES_BLOCK_SIZE);
+    ForceZero(cipher, WC_AES_BLOCK_SIZE);
+    ForceZero(plain, WC_AES_BLOCK_SIZE);
 
     if (prnt) {
         printf(" tsip_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         XMEMCPY(&aes->ctx.tsip_keyIdx, aes_key,
                         sizeof(tsip_aes_key_index_t));
 
         aes->ctx.keySize = aes->keylen;
         if (ret == 0) {
-            ret = wc_tsip_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
+            ret = wc_tsip_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
         }
 
         wc_AesFree(aes);
@@ -176,18 +167,18 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     if (ret == 0)
         ret = wc_AesInit(aes, NULL, INVALID_DEVID);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION);
         XMEMCPY(&aes->ctx.tsip_keyIdx, aes_key,
                 sizeof(tsip_aes_key_index_t));
         aes->ctx.keySize = aes->keylen;
         if (ret == 0)
-            ret = wc_tsip_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
+            ret = wc_tsip_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
 
         wc_AesFree(aes);
     }
     if (ret != 0)
         ret = -2;
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         ret = -3;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -196,7 +187,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -205,7 +196,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == false) {
         ret = tsip_aes_cbc_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -225,8 +216,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
 static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
 {
     Aes enc[1];
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     Aes dec[1];
     int  ret = 0;
 
@@ -257,7 +248,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
 
     if (prnt)
         printf(" tsip_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
         ret = -1;
         goto out;
@@ -288,7 +279,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
         dec->ctx.keySize = dec->keylen;
     }
 
-    ForceZero(cipher, AES_BLOCK_SIZE);
+    ForceZero(cipher, WC_AES_BLOCK_SIZE);
     ret = wc_tsip_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 
     if (ret != 0) {
@@ -296,7 +287,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
         goto out;
     }
 
-    ForceZero(plain, AES_BLOCK_SIZE);
+    ForceZero(plain, WC_AES_BLOCK_SIZE);
     ret = wc_tsip_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 
     if (ret != 0){
@@ -315,7 +306,7 @@ out:
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 #ifdef FREERTOS
@@ -323,7 +314,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == false) {
         ret = tsip_aes256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -345,8 +336,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     Aes enc[1];
     Aes dec[1];
     TsipUserCtx userContext;
-    
-    
+
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -404,8 +395,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int  ret;
 
@@ -416,11 +407,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     if (prnt) {
         printf(" tsip_aes256_gcm_test() ");
     }
-    
-    ForceZero(resultT, sizeof(resultT));
-    ForceZero(resultC, sizeof(resultC));
-    ForceZero(resultP, sizeof(resultP));
-    ForceZero(&userContext, sizeof(TsipUserCtx));
+
+    XMEMSET(resultT, 0, sizeof(resultT));
+    XMEMSET(resultC, 0, sizeof(resultC));
+    XMEMSET(resultP, 0, sizeof(resultP));
+    XMEMSET(&userContext, 0, sizeof(TsipUserCtx));
 
     if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
         ret = -1;
@@ -443,10 +434,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     }
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), 
-                        (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT), 
-                        a, sizeof(a), &userContext);
-
+    result = wc_tsip_AesGcmEncrypt(enc,
+        resultC, p, sizeof(p),
+        (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
+        a, sizeof(a), &userContext
+    );
     if (result != 0) {
         ret = -4;
         goto out;
@@ -460,9 +452,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
         dec->ctx.keySize = enc->keylen;
     }
 
-    result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
-                        iv1, sizeof(iv1), resultT, sizeof(resultT), 
-                        a, sizeof(a), &userContext);
+    result = wc_tsip_AesGcmDecrypt(dec,
+        resultP, resultC, sizeof(c1),
+        iv1, sizeof(iv1), resultT, sizeof(resultT),
+        a, sizeof(a), &userContext
+    );
     if (result != 0){
         ret = -8;
         goto out;
@@ -478,18 +472,21 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
 
     wc_AesGcmSetKey(enc, k1, sizeof(k1));
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
-                                resultT + 1, sizeof(resultT) - 1, 
-                                a, sizeof(a), &userContext);
+    result = wc_tsip_AesGcmEncrypt(enc,
+        resultC, p, sizeof(p), iv1, sizeof(iv1),
+        resultT + 1, sizeof(resultT) - 1,
+        a, sizeof(a), &userContext
+    );
     if (result != 0) {
         ret = -10;
         goto out;
     }
 
-    result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-                            iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
-                            a, sizeof(a), &userContext);
-
+    result = wc_tsip_AesGcmDecrypt(enc,
+        resultP, resultC, sizeof(p),
+        iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
+        a, sizeof(a), &userContext
+    );
     if (result != 0) {
         ret = -11;
         goto out;
@@ -504,11 +501,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 #ifdef FREERTOS
@@ -516,7 +513,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == false) {
         ret = tsip_aesgcm256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -532,7 +529,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 #endif /* FREERTOS */
 #endif
 
-#if defined(WOLFSSL_AES_128)
+#if defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
 
 static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
 {
@@ -577,9 +574,9 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
     };
 
-    byte resultT[16];
-    byte resultP[60 + AES_BLOCK_SIZE];
-    byte resultC[60 + AES_BLOCK_SIZE];
+    byte resultT[sizeof(t3)];
+    byte resultP[sizeof(p3) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p3) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int ret;
 
@@ -590,10 +587,10 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         printf(" tsip_aes128_gcm_test() ");
     }
 
-    ForceZero(resultT, sizeof(resultT));
-    ForceZero(resultC, sizeof(resultC));
-    ForceZero(resultP, sizeof(resultP));
-    ForceZero(&userContext, sizeof(TsipUserCtx));
+    XMEMSET(resultT, 0, sizeof(resultT));
+    XMEMSET(resultC, 0, sizeof(resultC));
+    XMEMSET(resultP, 0, sizeof(resultP));
+    XMEMSET(&userContext, 0, sizeof(TsipUserCtx));
 
     if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
         ret = -1;
@@ -616,21 +613,27 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         enc->ctx.keySize = enc->keylen;
     }
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), 
-                                        iv3, sizeof(iv3),
-                                        resultT, sizeof(t3), 
-                                        a3, sizeof(a3), &userContext);
+    result = wc_tsip_AesGcmEncrypt(enc,
+        resultC, p3, sizeof(p3),
+        iv3, sizeof(iv3),
+        resultT, sizeof(t3),
+        a3, sizeof(a3), &userContext
+    );
     if (result != 0) {
         ret = -4;
         goto out;
     }
-    result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
-                                iv3, sizeof(iv3), resultT, sizeof(resultT), 
-                                a3, sizeof(a3), &userContext);
+
+    result = wc_tsip_AesGcmDecrypt(enc,
+        resultP, resultC, sizeof(c3),
+        iv3, sizeof(iv3), resultT, sizeof(resultT),
+        a3, sizeof(a3), &userContext
+    );
     if (result != 0) {
         ret = -5;
         goto out;
     }
+
     if (XMEMCMP(p3, resultP, sizeof(p3))) {
         ret = -6;
         goto out;
@@ -641,11 +644,11 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 #ifdef FREERTOS
@@ -720,41 +723,44 @@ static void tskSha256_Test(void *pvParam)
 #define TEST_STRING_SZ   25
 #define RSA_TEST_BYTES   256 /* up to 2048-bit key */
 
-static int tsip_rsa_SignVerify_test(int prnt, int keySize)
+static int tsip_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
 
-    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *key = NULL;
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
-    const char inStr2[] = TEST_STRING2;
     const word32 inLen = (word32)TEST_STRING_SZ;
     const word32 outSz = RSA_TEST_BYTES;
-
+    word32 out_actual_len = 0;
     byte *in = NULL;
-    byte *in2 = NULL;
     byte *out= NULL;
+    byte *outplain = NULL;
+    int initRsa = 0;
+    int devId = 7890; /* fixed devid for TSIP/SCE */
 
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    outplain = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    (void) prnt;
-
-    if (key == NULL || in == NULL || out == NULL) {
+    if (key == NULL || in == NULL || out == NULL || outplain == NULL) {
         ret = -1;
         goto out;
     }
 
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(key, 0, sizeof *key);
+    XMEMSET(key, 0, sizeof(*key));
     XMEMCPY(in, inStr, inLen);
-    XMEMCPY(in2, inStr2, inLen);
+    XMEMSET(out,  0, outSz);
+    XMEMSET(outplain, 0, outSz);
 
-    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
     if (ret != 0) {
         goto out;
     }
+    initRsa = 1;
 
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
@@ -762,7 +768,91 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
-    /* make rsa key by SCE */
+    /* Generate a new RSA key to use with TSIP/SCE */
+    if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
+        goto out;
+    }
+
+    ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
+    if (ret < 0) {
+        goto out;
+    }
+
+    ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), outplain, outSz, key);
+    if (ret < 0) {
+        ret = -1;
+        goto out;
+    }
+
+    if (XMEMCMP(in, outplain, inLen) != 0) {
+        ret = -2;
+        goto out;
+    }
+
+    ret = 0;
+out:
+
+    wc_FreeRng(&rng);
+    if (key != NULL) {
+        if (initRsa)
+            wc_FreeRsaKey(key);
+        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(outplain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    (void)prnt;
+    return ret;
+}
+
+
+static int tsip_rsa_SignVerify_test(int prnt, int keySize)
+{
+    int ret = 0;
+
+    RsaKey *key = NULL;
+    WC_RNG rng;
+    const char inStr [] = TEST_STRING;
+    const char inStr2[] = TEST_STRING2;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    const word32 outSz = RSA_TEST_BYTES;
+    word32 signSz = 0;
+    byte *in = NULL;
+    byte *in2 = NULL;
+    byte *out= NULL;
+    int initRsa = 0;
+    int devId = 7890; /* fixed devid for TSIP/SCE */
+
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (key == NULL || in == NULL || out == NULL) {
+        ret = -1;
+        goto out;
+    }
+
+    XMEMSET(key, 0, sizeof(*key));
+    XMEMCPY(in, inStr, inLen);
+    XMEMCPY(in2, inStr2, inLen);
+
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
+    if (ret != 0) {
+        goto out;
+    }
+    initRsa = 1;
+
+    if ((ret = wc_InitRng(&rng)) != 0)
+        goto out;
+
+    if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
+        goto out;
+
+    /* Generate a new RSA key to use with TSIP/SCE */
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
@@ -771,48 +861,48 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret < 0) {
         goto out;
     }
+    signSz = ret;
 
     /* this should fail */
-    ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key);
+    ret = wc_RsaSSL_Verify(out, signSz, in2, inLen, key);
     if (ret != SIG_VERIFY_E) {
         ret = -1;
         goto out;
     }
     /* this should succeed */
-    ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
+    ret = wc_RsaSSL_Verify(out, signSz, in, inLen, key);
     if (ret < 0) {
         ret = -1;
         goto out;
     }
     ret = 0;
+
   out:
+
+    wc_FreeRng(&rng);
     if (key != NULL) {
-        wc_FreeRsaKey(key);
+        if (initRsa)
+            wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
+    (void)prnt;
     return ret;
 }
 #endif /* NO_RSA */
 
 
 #ifdef TSIP_MULTIUNIT_TEST
-int tsip_crypt_sha_multitest()
+int tsip_crypt_sha_multitest(void)
 {
     int ret = 0;
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA
     num++;
 #endif
@@ -825,14 +915,14 @@ int tsip_crypt_sha_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA
-    xRet = xTaskCreate(tskSha_Test, "sha_test", 
+    xRet = xTaskCreate(tskSha_Test, "sha_test",
                             SMALL_STACK_SIZE, NULL, 3, NULL);
 #endif
 #ifndef NO_SHA256
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test, "sha256_test", 
+        xRet = xTaskCreate(tskSha256_Test, "sha256_test",
                             SMALL_STACK_SIZE, NULL, 3, NULL);
 #endif
 
@@ -849,22 +939,22 @@ int tsip_crypt_sha_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha_multTst_rslt == 0 && sha256_multTst_rslt == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
 }
 
 
-int tsip_crypt_AesCbc_multitest()
+int tsip_crypt_AesCbc_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -874,7 +964,7 @@ int tsip_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -887,7 +977,7 @@ int tsip_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(tsip_aes_key_index_t));
@@ -916,7 +1006,7 @@ int tsip_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                 SMALL_STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -930,7 +1020,7 @@ int tsip_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -945,7 +1035,7 @@ int tsip_crypt_AesCbc_multitest()
 }
 
 
-int tsip_crypt_AesGcm_multitest()
+int tsip_crypt_AesGcm_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -955,7 +1045,7 @@ int tsip_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1010,7 +1100,7 @@ int tsip_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1024,7 +1114,7 @@ int tsip_crypt_AesGcm_multitest()
     return ret;
 }
 
-int tsip_crypt_Sha_AesCbcGcm_multitest()
+int tsip_crypt_Sha_AesCbcGcm_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -1032,7 +1122,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA
     num++;
 #endif
@@ -1051,7 +1141,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA
     xRet = xTaskCreate(tskSha_Test, "sha_test",
                                 SMALL_STACK_SIZE, NULL, 3, NULL);
@@ -1069,7 +1159,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
     XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(tsip_aes_key_index_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1086,9 +1176,9 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if (xRet == pdPASS && sha_multTst_rslt == 0 &&
        (Aes256_Cbc_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) {
         ret = 0;
@@ -1096,7 +1186,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1104,7 +1194,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
 #endif
 
 
-int tsip_crypt_test()
+int tsip_crypt_test(void)
 {
     int ret = 0;
     e_tsip_err_t tsip_error_code;
@@ -1147,6 +1237,7 @@ int tsip_crypt_test()
 
         }
 
+#ifdef HAVE_AESGCM
         if (ret == 0) {
 
             ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1);
@@ -1158,11 +1249,12 @@ int tsip_crypt_test()
             ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
 
         }
-   #if defined(WOLFSSL_KEY_GEN)&& \
-       defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#endif
+
+#if defined(WOLFSSL_KEY_GEN) && \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
         if (ret == 0) {
-
             Clr_CallbackCtx(&userContext);
 
             ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext);
@@ -1171,12 +1263,28 @@ int tsip_crypt_test()
                 ret = 0;
         }
 
+#if RSA_MIN_SIZE <= 1024
         if (ret == 0) {
+            userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
+            printf(" tsip_rsa_test(1024)");
+            ret = tsip_rsa_test(1, 1024);
+            RESULT_STR(ret)
+        }
+#endif
+        if (ret == 0) {
+            userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
+            printf(" tsip_rsa_test(2048)");
+            ret = tsip_rsa_test(1, 2048);
+            RESULT_STR(ret)
+        }
 
+
+#if RSA_MIN_SIZE <= 1024
+        if (ret == 0) {
             printf(" tsip_rsa_SignVerify_test(1024)");
 
             userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
-            userContext.sing_hash_type = sha256_mac;
+            userContext.sign_hash_type = sha256_mac;
             userContext.keyflgs_crypt.bits.message_type = 0;
 
             ret = tsip_rsa_SignVerify_test(1, 1024);
@@ -1184,12 +1292,13 @@ int tsip_crypt_test()
         }
 
         Clr_CallbackCtx(&userContext);
+#endif
 
         if (ret == 0) {
             printf(" tsip_rsa_SignVerify_test(2048)");
 
             userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
-            userContext.sing_hash_type = sha256_mac;
+            userContext.sign_hash_type = sha256_mac;
             userContext.keyflgs_crypt.bits.message_type = 0;
 
             ret = tsip_rsa_SignVerify_test(1, 2048);
@@ -1197,12 +1306,11 @@ int tsip_crypt_test()
         }
 
         Clr_CallbackCtx(&userContext);
-   #endif
+#endif /* WOLFSSL_KEY_GEN && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
     }
-    else
+    else {
         ret = -1;
-
-
+    }
     return ret;
 }
 
diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md
index 55df4f2c1..c53605b79 100644
--- a/IDE/Renesas/e2studio/RZN2L/README.md
+++ b/IDE/Renesas/e2studio/RZN2L/README.md
@@ -10,7 +10,7 @@ They also include benchmark and cryptography tests for the wolfCrypt library.
 The example project contains both the wolfSSL and wolfCrypt libraries.
 It is built as a `Renesas RZ/N C/C++ FSP Project` and contains the Renesas RZ
 configuration. The wolfssl project uses `Renesas Secure IP on RZ`
-as hardware acceleration for cyptography.
+as hardware acceleration for cryptography.
 
 **Limitation**
 
@@ -22,7 +22,7 @@ The example project summary is listed below and is relevant for every project.
 |Item|Name/Version|
 |:--|:--|
 |Board|RZN2L|
-|Device|R9A07G084M04GBG|
+|Device|R9A07G084M08GBG|
 |Toolchain|GCC for Renesas RZ|
 |Toolchain Version|10.3.1.20210824|
 |FSP Version|1.2.0|
@@ -34,7 +34,7 @@ The example project summary is listed below and is relevant for every project.
 |Board Support Package Common Files|v1.20||
 |I/O Port|v1.2.0||
 |Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1||
-|Board support package for R9A07G084M04GBG|v1.2.0||
+|Board support package for R9A07G084M04GBG|v1.2.0|Note1|
 |Board support package for RZN2L|v1.2.0||
 |Board support package for RZN2L - FSP Data|v1.2.0||
 |RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0||
@@ -50,6 +50,8 @@ The example project summary is listed below and is relevant for every project.
 |Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
 |RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
 
+Note1:\
+ To use RSIP driver, a device type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue.
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -75,7 +77,7 @@ The example project summary is listed below and is relevant for every project.
 |Thread Symbol|rzn2l_tst_thread|
 |Thread Name|rzn2l_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
@@ -93,16 +95,18 @@ The example project summary is listed below and is relevant for every project.
 3.) Prepare UART to logging
 
 + Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk)
-+ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`
-      + um_serial_io_uart.c
-      + um_serial_io_task_writer.c
-      + um_serial_io_cfg.h
-      + um_common_api.h
-      + um_common_cfg.h
-      + um_serial_io.c
-      + um_serial_io.h
-      + um_serial_io_api.h
-      + um_serial_io_internal.h
++ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`\
+um_serial_io_uart.c\
+um_serial_io_task_writer.c\
+um_serial_io_cfg.h\
+um_common_api.h\
+um_common_cfg.h\
+um_serial_io.c\
+um_serial_io.h\
+um_serial_io_api.h\
+um_serial_io_internal.h
+
+
 + Open um_serial_io_task_writer.c and re-name printf to uart_printf
 
 3.) Build `test_RZN2L` project
@@ -113,7 +117,7 @@ The example project summary is listed below and is relevant for every project.
 
 2). Select J-Link ARM and R9A07G084M04
 
-3). Break at Entory point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da
+3). Break at Entry point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da
 
 ## Run TLS 1.3 Client
 1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h`
@@ -472,7 +476,7 @@ Test complete
 ```
 
 **Note**
-`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above while running wolfCrypt test.
+`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above while running wolfCrypt test.
 
 ## Run Benchmark
 
@@ -532,7 +536,8 @@ Benchmark complete
  End wolfCrypt Benchmark
 ```
 **Note**
-`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sampele output above.
+`SHA1/224/256/384/512` and `Random generation` of RSIP driver are enabled at the sample output above.
+
 ## Support
 
 For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well.
diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
index 48e452249..200339e3d 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
index 9f5a8cd0a..254a6af78 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/include.am b/IDE/Renesas/e2studio/RZN2L/include.am
index af40725cb..88ccadfc7 100644
--- a/IDE/Renesas/e2studio/RZN2L/include.am
+++ b/IDE/Renesas/e2studio/RZN2L/include.am
@@ -14,4 +14,4 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
-EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
index 0e4c459ed..84c448015 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
@@ -1,6 +1,6 @@
 /* rzn2l_tst_thread_entry.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
index f2d610da1..597e4505c 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,14 +58,14 @@ void wolfSSL_TLS_client_init()
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
     }
-    
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
                                             SSL_FILETYPE_ASN1) != SSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
@@ -83,13 +83,13 @@ int wolfSSL_TLS_client_do(void *pvParam)
     socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
-    
+
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
     WOLFSSL *ssl = NULL;
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
 
     /* Client Socket Setup */
@@ -128,10 +128,10 @@ int wolfSSL_TLS_client_do(void *pvParam)
          printf(" Error [%d]: wolfSSL_set_fd.\n",ret);
      }
 
-     printf("  Cipher : %s\n", 
+     printf("  Cipher : %s\n",
                                     (p->cipher == NULL) ? "NULL" : p->cipher);
      /* use specific cipher */
-     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
                                                            != WOLFSSL_SUCCESS) {
           printf(" client can't set cipher list 1");
           goto out;
@@ -150,7 +150,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
      wolfSSL_Debugging_OFF();
      #endif
 
-     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
                                                     != (int)strlen(sendBuff)) {
         printf(" ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         goto out;
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
index b4ce624c9..8b0c620d7 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
index 4f437bc7d..43a38a307 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_sce_unit_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,7 +112,7 @@ FSPSM_ST gCbInfo_a; /* for multi testing */
     uint8_t rsa1024_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PRIVATE ];
     uint8_t rsa2048_wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PUBLIC];
     uint8_t rsa2048_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PRIVATE ];
-    
+
     FSPSM_RSA1024_WPB_KEY* g_user_rsa1024_public_key =
                     (FSPSM_RSA1024_WPB_KEY*)rsa1024_wrapped_key1;
     FSPSM_RSA1024_WPI_KEY* g_user_rsa1024_private_key =
@@ -134,12 +134,12 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     Aes  aes[1];
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     word32 keySz = (word32)(128/8);
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
        /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -147,19 +147,19 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     };
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
 
     if (prnt) {
         printf(" rsip_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, devId1);
     if (ret == 0) {
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
                                iv, AES_ENCRYPTION);
         if (ret == 0) {
-            ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
+            ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
         }
 
         wc_AesFree(aes);
@@ -174,13 +174,13 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
                                iv, AES_DECRYPTION);
         if (ret == 0)
-            ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
+            ret = wc_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
 
         wc_AesFree(aes);
     }
     if (ret != 0)
         ret = -2;
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         ret = -3;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -189,7 +189,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -197,7 +197,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aes128_cbc_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -217,8 +217,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
 static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 {
     Aes enc[1];
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     Aes dec[1];
     const word32 keySz = (word32)(256/8);
     int  ret = 0;
@@ -236,7 +236,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     if (prnt)
         printf(" rsip_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, devId1) != 0) {
         ret = -1;
         goto out;
@@ -261,7 +261,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         goto out;
     }
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 
     if (ret != 0) {
@@ -269,7 +269,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         goto out;
     }
 
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 
     if (ret != 0){
@@ -288,7 +288,7 @@ out:
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -296,7 +296,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aes256_cbc_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -368,8 +368,8 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int  ret;
 
@@ -378,7 +378,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     if (prnt) {
         printf(" rsip_aes256_gcm_test() ");
     }
-    
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -402,7 +402,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                                (byte*)iv1, sizeof(iv1), 
+                                (byte*)iv1, sizeof(iv1),
                                 resultT, sizeof(resultT),
                                  a, sizeof(a));
 
@@ -417,7 +417,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         ret = -7;
         goto out;
     }
-    
+
     result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
                 iv1, sizeof(iv1), resultT, sizeof(resultT),
                  a, sizeof(a));
@@ -447,7 +447,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     }
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
               a, sizeof(a));
 
     if (result != 0) {
@@ -464,11 +464,11 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -476,7 +476,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aesgcm256_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -554,8 +554,8 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int ret;
 
@@ -592,7 +592,7 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         ret = -4;
         goto out;
     }
-    
+
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
                       iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
@@ -610,11 +610,11 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -622,7 +622,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aesgcm128_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -649,7 +649,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 static int rsip_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -661,7 +661,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     byte *in2 = NULL;
     byte *out= NULL;
     byte *out2 = NULL;
-    
+
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -672,19 +672,19 @@ static int rsip_rsa_test(int prnt, int keySize)
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
-    
+
     ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
 
@@ -695,7 +695,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
         goto out;
@@ -718,19 +718,11 @@ out:
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out2 != NULL) {
-        XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     (void) prnt;
     return ret;
 }
@@ -738,7 +730,7 @@ out:
 static int rsip_rsa_SignVerify_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     word32 sigSz;
@@ -762,7 +754,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
@@ -772,10 +764,10 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
-    
+
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
@@ -783,7 +775,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     gCbInfo.keyflgs_crypt.bits.message_type = 0;
     ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
@@ -808,16 +800,10 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
         wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (in != NULL) {
-        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (in2 != NULL) {
-        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 #endif
@@ -869,7 +855,7 @@ int rsip_crypt_sha256_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -879,7 +865,7 @@ int rsip_crypt_sha256_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                         STACK_SIZE, NULL, 2, NULL);
@@ -901,15 +887,15 @@ int rsip_crypt_sha256_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -926,7 +912,7 @@ int rsip_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -939,7 +925,7 @@ int rsip_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(FSPSM_AES_PWKEY));
@@ -968,7 +954,7 @@ int rsip_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                                     STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...   ");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -982,7 +968,7 @@ int rsip_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1007,7 +993,7 @@ int rsip_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1021,7 +1007,7 @@ int rsip_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(FSPSM_AES_PWKEY));
@@ -1066,7 +1052,7 @@ int rsip_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1090,7 +1076,7 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -1112,45 +1098,45 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
-    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", 
+    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
 
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", 
+        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2",
                                             STACK_SIZE, NULL, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, 
+    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", 
+        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1",
                                     STACK_SIZE, &info_aes128cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, 
+    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", 
+        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2",
                                     STACK_SIZE, &info_aes128gcm, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, 
+    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", 
+        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1",
                                     STACK_SIZE, &info_aes256cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, 
+    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1167,19 +1153,19 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
-    if ((xRet == pdPASS) && 
+
+    if ((xRet == pdPASS) &&
         (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) &&
         (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) {
-        
+
         ret = 0;
     }
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1191,13 +1177,13 @@ int rsip_crypt_test()
     fsp_err_t rsip_error_code = FSP_SUCCESS;
 
     /* Generate AES sce Key */
-    
+
     if (rsip_error_code == FSP_SUCCESS) {
        #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         /* set up Crypt Call back */
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
-        
+
         /* sets wrapped aes key */
         gCbInfo.wrapped_key_aes128 = g_user_aes128_key_index1;
         gCbInfo.wrapped_key_aes256 = g_user_aes256_key_index1;
@@ -1206,14 +1192,14 @@ int rsip_crypt_test()
         gCbInfo.wrapped_key_rsapub1024 = g_user_rsa1024_public_key;
         gCbInfo.wrapped_key_rsapri2048 = g_user_rsa2048_private_key;
         gCbInfo.wrapped_key_rsapub2048 = g_user_rsa2048_public_key;
-        
+
         RSIP_KeyGeneration(&gCbInfo);
-        
+
         /* Key generation for multi testing */
         gCbInfo_a.wrapped_key_aes128 = g_user_aes128_key_index2;
         gCbInfo_a.wrapped_key_aes256 = g_user_aes256_key_index2;
         RSIP_KeyGeneration(&gCbInfo_a);
-        
+
         /* set callback ctx */
         ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
 
@@ -1290,27 +1276,27 @@ int rsip_crypt_test()
         if (ret == 0) {
             ret = rsip_aesgcm256_test(1, g_user_aes256_key_index1);
         }
-        
+
         if (ret == 0) {
             printf(" multi sha thread test\n");
             ret = rsip_crypt_sha256_multitest();
         }
-        
+
         if (ret == 0) {
             printf(" multi Aes cbc thread test\n");
             ret = rsip_crypt_AesCbc_multitest();
         }
-        
+
         if (ret == 0) {
             printf(" multi Aes Gcm thread test\n");
             ret = rsip_crypt_AesGcm_multitest();
         }
-        
+
         if (ret == 0) {
             printf("rsip_crypt_Sha_AesCbcGcm_multitest\n");
             ret = rsip_crypt_Sha_AesCbcGcm_multitest();
         }
-        
+
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
index 2b9642c0c..b22edfe11 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/STARCORE/starcore_test.c b/IDE/STARCORE/starcore_test.c
index 72c3613f1..e10c6df86 100644
--- a/IDE/STARCORE/starcore_test.c
+++ b/IDE/STARCORE/starcore_test.c
@@ -1,6 +1,6 @@
 /* starcore_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,7 +20,7 @@
  */
 
 
-#include <prototype.h> 
+#include <prototype.h>
 
 #include <wolfssl/wolfcrypt/settings.h>
 #ifndef WOLFSSL_USER_SETTINGS
@@ -135,12 +135,12 @@ int process_a_file(char* fName)
     }
     return ret;
 }
-#endif 
+#endif
 
 void check_ret(int ret)
 {
     if(ret != 0) {
-        exit(-1); 
+        exit(-1);
     }
 }
 
diff --git a/IDE/STARCORE/user_settings.h b/IDE/STARCORE/user_settings.h
index e62f12d67..29a238966 100644
--- a/IDE/STARCORE/user_settings.h
+++ b/IDE/STARCORE/user_settings.h
@@ -1,23 +1,23 @@
 /* user_settings.h
 *
-* Copyright (C) 2006-2023 wolfSSL Inc.
-*
-* This file is part of wolfSSL.
-*
-* wolfSSL is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
-*
-* wolfSSL is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
-*/
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
 /* Custom wolfSSL user settings for Vortec Scheduler,
  *                                  VxWorks 6.9 and VxWorks 7.0  */
@@ -417,6 +417,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h> /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
@@ -560,7 +561,7 @@ extern "C" {
 
 #undef NO_FILESYSTEM
 /* #define NO_FILESYSTEM */
-    
+
 #undef NO_WRITE_TEMP_FILES
 #define NO_WRITE_TEMP_FILES
 
@@ -569,7 +570,7 @@ extern "C" {
 
 #undef NO_WRITEV
 #define NO_WRITEV
-    
+
 #undef WOLFSSL_NO_SOCK
 #define WOLFSSL_NO_SOCK
 
@@ -593,10 +594,10 @@ extern "C" {
 
 #undef NO_MD4
 #define NO_MD4
-    
+
 #undef WOLFSSL_NO_SHAKE128
 #define WOLFSSL_NO_SHAKE128
-    
+
 #undef WOLFSSL_NO_SHAKE256
 #define WOLFSSL_NO_SHAKE256
 
diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md
index 7268d81f8..1e1c5bdfc 100644
--- a/IDE/STM32Cube/README.md
+++ b/IDE/STM32Cube/README.md
@@ -15,28 +15,35 @@ You need both the STM32 IDE and the STM32 initialization code generator (STM32Cu
 * STM32CubeIDE: Integrated Development Environment for STM32 [https://www.st.com/en/development-tools/stm32cubeide.html](https://www.st.com/en/development-tools/stm32cubeide.html)
 * STM32CubeMX: STM32Cube initialization code generator [https://www.st.com/en/development-tools/stm32cubemx.html](https://www.st.com/en/development-tools/stm32cubemx.html)
 
-## STM32 Cube Pack
+## STM32 Cube Pack Install
 
-### STM32 Cube Pack Installation
+The STM32 Cube packs are integrated into the STM32CubeIDE and STM32CubeMX tools. You will find packs for wolfSSL, wolfSSH, wolfTPM and wolfMQTT.
+
+If you need to manually install a Cube Pack you can do the following:
 
 1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
-2. Run the “STM32CubeMX� tool.
-3. Under “Manage software installations� pane on the right, click “INSTALL/REMOVE� button. This can be also found by clicking "Help" -> "Managed embedded software packages"
-4. From Local and choose “I-CUBE-wolfSSL.pack�.
+2. Run the "STM32CubeMX" tool.
+3. Under "Manage software installations" pane on the right, click "INSTALL/REMOVE" button. This can be also found by clicking "Help" -> "Managed embedded software packages"
+4. From Local and choose "I-CUBE-wolfSSL.pack".
 5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
 
 ### STM32 Cube Pack Usage
 
 1. Create or open a Cube Project based on your hardware. See the sections below for creating a project and finding the example projects.
-2. Under “Software Packs� choose “Select Components�.
+2. Under "Software Packs" choose "Select Components".
 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
-4. Under the “Software Packs� section click on “wolfSSL.wolfSSL� and configure the parameters.
-5. For Cortex-M recommend “Math Configuration� -> “Single Precision Cortex-M Math� for the fastest option. If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because r7 is used for debug.
+4. Under the "Software Packs" section click on "wolfSSL.wolfSSL" and configure the parameters.
+5. For Cortex-M recommend "Math Configuration" -> "Single Precision Cortex-M Math" for the fastest option.
+  - If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because `r7` is used for debug.
 6. Hit the "Generate Code" button
 7. Open the project in STM32CubeIDE
 8. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
 9. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
 
+**Notes:**
+* The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this.
+* The STM32H7S only has 64KB of onboard flash. Customers typically use an external SPI NOR flash with XIP. The `Template_XIP_Boot` project is flashed to onboard and it starts up the SPI Flash with XIP and loads the application. To use this you need to make sure the option byte `XSPI2_HSLB` is set to enable XSPIM_P2 high speed support, otherwise the MX_EXTMEM_MANAGER_Init() will timeout and fail.
+
 ### Creating your own STM32CubeMX configuration
 
 If none of the examples fit your STM32 type then you can create your own in STM32CubeMX by doing the following:
@@ -86,14 +93,16 @@ The section for "Hardware platform" may need to be adjusted depending on your pr
 * To enable STM32L4 support define `WOLFSSL_STM32L4`.
 * To enable STM32L5 support define `WOLFSSL_STM32L5`.
 * To enable STM32H7 support define `WOLFSSL_STM32H7`.
+* To enable STM32H7S support define `WOLFSSL_STM32H7S`.
 * To enable STM32WB support define `WOLFSSL_STM32WB`.
 * To enable STM32WL support define `WOLFSSL_STM32WL`.
 * To enable STM32U5 support define `WOLFSSL_STM32U5`.
 * To enable STM32H5 support define `WOLFSSL_STM32H5`.
+* To enable STM32MP13 support define `WOLFSSL_STM32MP13`.
 
 To use the STM32 Cube HAL support make sure `WOLFSSL_STM32_CUBEMX` is defined.
 
-The PKA acceleration for ECC is available on some U5, L5 and WB55 chips.
+The PKA acceleration for ECC is available on some U5, L5, WB55 and MP13 chips.
 This is enabled with `WOLFSSL_STM32_PKA`. You can see some of the benchmarks [here](STM32_Benchmarks.md).
 
 To disable hardware crypto acceleration you can define:
@@ -106,6 +115,10 @@ To enable the latest Cube HAL support please define `STM32_HAL_V2`.
 
 If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`.
 
+## Workarounds
+
+### STM32F7 AES GCM with pack v1.17.0 or older
+
 With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes. If your HAL does not support `CRYP_HEADERWIDTHUNIT_BYTE` then consider adding `STM32_AESGCM_PARTIAL` if you are getting AES GCM authentication failures. This bug existed in v1.16.0 or later.
 
 The STM32F7 v1.17.0 pack has a bug in the AES GCM code for handling of additional authentication data when not a multiple of 4 bytes. To patch see `stm32f7xx_hal_cryp.c` -> `CRYP_GCMCCM_SetHeaderPhase`:
diff --git a/IDE/STM32Cube/STM32_Benchmarks.md b/IDE/STM32Cube/STM32_Benchmarks.md
index 129cbdd47..51663bf1d 100644
--- a/IDE/STM32Cube/STM32_Benchmarks.md
+++ b/IDE/STM32Cube/STM32_Benchmarks.md
@@ -1,16 +1,16 @@
 # STM Benchmarks
 
-* [STM32H753ZI](#stm32h753zi)
-* [STM32WB55](#stm32wb55)
-* [STM32WL55](#stm32wl55)
 * [STM32F437](#stm32f437)
+* [STM32F777](#stm32f777)
+* [STM32G071RB](#stm32g071rb)
+* [STM32H563ZI](#stm32h563zi)
+* [STM32H753ZI](#stm32h753zi)
+* [STM32H7S3](#stm32h7s3)
 * [STM32L4A6Z](#stm32l4a6z)
 * [STM32L562E](#stm32l562e)
-* [STM32F777](#stm32f777)
 * [STM32U585](#stm32u585)
-* [STM32H563ZI](#stm32h563zi)
-* [STM32G071RB](#stm32g071rb)
-
+* [STM32WB55](#stm32wb55)
+* [STM32WL55](#stm32wl55)
 
 ## STM32H753ZI
 
@@ -59,6 +59,81 @@ Benchmark complete
 Benchmark Test: Return code 0
 ```
 
+### STM32H753ZI (-O2, Thumb2 ARM ASM, SP-ASM Cortex M small)
+
+Enable CPU I-Cache and D-Cache by calling:
+
+```c
+SCB_EnableICache();
+SCB_EnableDCache();
+```
+
+Build options for ARM ASM:
+
+```c
+#define WOLFSSL_ARMASM
+#define WOLFSSL_ARMASM_INLINE
+#define WOLFSSL_ARMASM_NO_HW_CRYPTO
+#define WOLFSSL_ARMASM_NO_NEON
+#define WOLFSSL_ARM_ARCH 7
+```
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.6.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          6 MiB took 1.000 seconds,    6.079 MiB/s
+AES-128-CBC-enc             17 MiB took 1.000 seconds,   17.261 MiB/s
+AES-128-CBC-dec             17 MiB took 1.000 seconds,   16.748 MiB/s
+AES-192-CBC-enc             15 MiB took 1.000 seconds,   14.575 MiB/s
+AES-192-CBC-dec             14 MiB took 1.000 seconds,   14.209 MiB/s
+AES-256-CBC-enc             13 MiB took 1.000 seconds,   12.622 MiB/s
+AES-256-CBC-dec             12 MiB took 1.000 seconds,   12.378 MiB/s
+AES-128-GCM-enc              8 MiB took 1.000 seconds,    8.374 MiB/s
+AES-128-GCM-dec              8 MiB took 1.000 seconds,    8.374 MiB/s
+AES-192-GCM-enc              8 MiB took 1.000 seconds,    7.690 MiB/s
+AES-192-GCM-dec              8 MiB took 1.000 seconds,    7.690 MiB/s
+AES-256-GCM-enc              7 MiB took 1.000 seconds,    7.129 MiB/s
+AES-256-GCM-dec              7 MiB took 1.000 seconds,    7.104 MiB/s
+AES-128-GCM-enc-no_AAD       8 MiB took 1.000 seconds,    8.472 MiB/s
+AES-128-GCM-dec-no_AAD       8 MiB took 1.000 seconds,    8.472 MiB/s
+AES-192-GCM-enc-no_AAD       8 MiB took 1.000 seconds,    7.764 MiB/s
+AES-192-GCM-dec-no_AAD       8 MiB took 1.000 seconds,    7.715 MiB/s
+AES-256-GCM-enc-no_AAD       7 MiB took 1.000 seconds,    7.153 MiB/s
+AES-256-GCM-dec-no_AAD       7 MiB took 1.000 seconds,    7.153 MiB/s
+GMAC Table 4-bit            17 MiB took 1.000 seconds,   16.617 MiB/s
+CHACHA                      29 MiB took 1.000 seconds,   28.662 MiB/s
+CHA-POLY                    19 MiB took 1.000 seconds,   18.848 MiB/s
+POLY1305                    90 MiB took 1.000 seconds,   89.771 MiB/s
+SHA-224                     18 MiB took 1.000 seconds,   18.042 MiB/s
+SHA-256                     18 MiB took 1.000 seconds,   18.042 MiB/s
+SHA-384                      8 MiB took 1.000 seconds,    7.544 MiB/s
+SHA-512                      8 MiB took 1.000 seconds,    7.568 MiB/s
+SHA-512/224                  8 MiB took 1.000 seconds,    7.544 MiB/s
+SHA-512/256                  8 MiB took 1.000 seconds,    7.520 MiB/s
+HMAC-SHA224                 18 MiB took 1.000 seconds,   17.896 MiB/s
+HMAC-SHA256                 18 MiB took 1.000 seconds,   17.896 MiB/s
+HMAC-SHA384                  7 MiB took 1.000 seconds,    7.373 MiB/s
+HMAC-SHA512                  7 MiB took 1.000 seconds,    7.397 MiB/s
+RSA     2048   public       508 ops took 1.000 sec, avg 1.969 ms, 508.000 ops/sec
+RSA     2048  private        14 ops took 1.020 sec, avg 72.857 ms, 13.725 ops/sec
+DH      2048  key gen        30 ops took 1.012 sec, avg 33.733 ms, 29.644 ops/sec
+DH      2048    agree        30 ops took 1.012 sec, avg 33.733 ms, 29.644 ops/sec
+ECC   [      SECP256R1]   256  key gen       982 ops took 1.000 sec, avg 1.018 ms, 982.000 ops/sec
+ECDHE [      SECP256R1]   256    agree       456 ops took 1.000 sec, avg 2.193 ms, 456.000 ops/sec
+ECDSA [      SECP256R1]   256     sign       520 ops took 1.000 sec, avg 1.923 ms, 520.000 ops/sec
+ECDSA [      SECP256R1]   256   verify       288 ops took 1.004 sec, avg 3.486 ms, 286.853 ops/sec
+CURVE  25519  key gen      1112 ops took 1.000 sec, avg 0.899 ms, 1112.000 ops/sec
+CURVE  25519    agree      1144 ops took 1.000 sec, avg 0.874 ms, 1144.000 ops/sec
+ED     25519  key gen      2358 ops took 1.000 sec, avg 0.424 ms, 2358.000 ops/sec
+ED     25519     sign      1716 ops took 1.000 sec, avg 0.583 ms, 1716.000 ops/sec
+ED     25519   verify       862 ops took 1.000 sec, avg 1.160 ms, 862.000 ops/sec
+Benchmark complete
+Benchmark Test: Return code 0
+```
+
+
 ### STM32H753ZI (No HW Crypto, -Os, FastMath)
 
 ```
@@ -97,6 +172,142 @@ Benchmark Test: Return code 0
 ```
 
 
+## STM32H7S3
+
+Supports RNG, PKA ECC P-256, AES-GCM/CCM/CTR/CBC and SHA-1/2 acceleration.
+
+Board: NUCLEO-H7S3L8
+CPU: Cortex-M7 at 600 MHz
+IDE: STM32CubeIDE
+RTOS: Bare-metal
+
+### STM32H7S3 (-Os, HW Crypto (AES/HASH/PKA), WOLF_CONF_MATH=3 (sp_c32.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          2 MiB took 1.004 seconds,    1.897 MiB/s
+AES-128-CBC-enc             16 MiB took 1.000 seconds,   15.747 MiB/s
+AES-128-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-192-CBC-enc             16 MiB took 1.000 seconds,   15.723 MiB/s
+AES-192-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-256-CBC-enc             16 MiB took 1.000 seconds,   15.698 MiB/s
+AES-256-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-128-GCM-enc              1 MiB took 1.012 seconds,    1.037 MiB/s
+AES-128-GCM-dec              1 MiB took 1.012 seconds,    1.037 MiB/s
+AES-192-GCM-enc              1 MiB took 1.008 seconds,    1.041 MiB/s
+AES-192-GCM-dec              1 MiB took 1.012 seconds,    1.037 MiB/s
+AES-256-GCM-enc              1 MiB took 1.016 seconds,    1.033 MiB/s
+AES-256-GCM-dec              1 MiB took 1.016 seconds,    1.033 MiB/s
+AES-128-GCM-enc-no_AAD       1 MiB took 1.004 seconds,    1.046 MiB/s
+AES-128-GCM-dec-no_AAD       1 MiB took 1.000 seconds,    1.050 MiB/s
+AES-192-GCM-enc-no_AAD       1 MiB took 1.000 seconds,    1.050 MiB/s
+AES-192-GCM-dec-no_AAD       1 MiB took 1.019 seconds,    1.054 MiB/s
+AES-256-GCM-enc-no_AAD       1 MiB took 1.004 seconds,    1.046 MiB/s
+AES-256-GCM-dec-no_AAD       1 MiB took 1.008 seconds,    1.041 MiB/s
+GMAC Table 4-bit             2 MiB took 1.000 seconds,    1.716 MiB/s
+CHACHA                      32 MiB took 1.000 seconds,   31.714 MiB/s
+CHA-POLY                    15 MiB took 1.000 seconds,   15.308 MiB/s
+POLY1305                    58 MiB took 1.000 seconds,   57.861 MiB/s
+SHA-256                     88 MiB took 1.000 seconds,   88.062 MiB/s
+HMAC-SHA256                 83 MiB took 1.000 seconds,   83.032 MiB/s
+RSA     2048   public       352 ops took 1.000 sec, avg 2.841 ms, 352.000 ops/sec
+RSA     2048  private         6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
+DH      2048  key gen        15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
+DH      2048    agree        16 ops took 1.113 sec, avg 69.563 ms, 14.376 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.008 sec, avg 16.800 ms, 59.524 ops/sec
+ECDSA [      SECP256R1]   256     sign       106 ops took 1.008 sec, avg 9.509 ms, 105.159 ops/sec
+ECDSA [      SECP256R1]   256   verify       100 ops took 1.011 sec, avg 10.110 ms, 98.912 ops/sec
+```
+
+### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=6 (sp_int.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          4 MiB took 1.000 seconds,    3.516 MiB/s
+AES-128-CBC-enc            425 KiB took 1.027 seconds,  413.827 KiB/s
+AES-128-CBC-dec            425 KiB took 1.016 seconds,  418.307 KiB/s
+AES-192-CBC-enc            350 KiB took 1.015 seconds,  344.828 KiB/s
+AES-192-CBC-dec            350 KiB took 1.020 seconds,  343.137 KiB/s
+AES-256-CBC-enc            300 KiB took 1.015 seconds,  295.567 KiB/s
+AES-256-CBC-dec            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-128-GCM-enc            375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-128-GCM-dec            375 KiB took 1.062 seconds,  353.107 KiB/s
+AES-192-GCM-enc            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc            275 KiB took 1.047 seconds,  262.655 KiB/s
+AES-256-GCM-dec            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-128-GCM-enc-no_AAD     375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-128-GCM-dec-no_AAD     375 KiB took 1.062 seconds,  353.107 KiB/s
+AES-192-GCM-enc-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-256-GCM-dec-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+GMAC Table 4-bit             8 MiB took 1.000 seconds,    8.456 MiB/s
+CHACHA                      51 MiB took 1.000 seconds,   50.879 MiB/s
+CHA-POLY                    27 MiB took 1.000 seconds,   27.100 MiB/s
+POLY1305                   165 MiB took 1.000 seconds,  164.990 MiB/s
+SHA-256                     16 MiB took 1.000 seconds,   16.382 MiB/s
+HMAC-SHA256                 16 MiB took 1.000 seconds,   16.187 MiB/s
+RSA     2048   public       358 ops took 1.004 sec, avg 2.804 ms, 356.574 ops/sec
+RSA     2048  private         6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
+DH      2048  key gen        15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
+DH      2048    agree        16 ops took 1.094 sec, avg 68.375 ms, 14.625 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.015 sec, avg 16.917 ms, 59.113 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
+ECDSA [      SECP256R1]   256     sign        48 ops took 1.008 sec, avg 21.000 ms, 47.619 ops/sec
+ECDSA [      SECP256R1]   256   verify        28 ops took 1.019 sec, avg 36.393 ms, 27.478 ops/sec
+```
+
+### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=3 (sp_c32.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          4 MiB took 1.004 seconds,    3.939 MiB/s
+AES-128-CBC-enc            425 KiB took 1.028 seconds,  413.424 KiB/s
+AES-128-CBC-dec            425 KiB took 1.019 seconds,  417.076 KiB/s
+AES-192-CBC-enc            350 KiB took 1.016 seconds,  344.488 KiB/s
+AES-192-CBC-dec            350 KiB took 1.016 seconds,  344.488 KiB/s
+AES-256-CBC-enc            300 KiB took 1.012 seconds,  296.443 KiB/s
+AES-256-CBC-dec            300 KiB took 1.012 seconds,  296.443 KiB/s
+AES-128-GCM-enc            375 KiB took 1.066 seconds,  351.782 KiB/s
+AES-128-GCM-dec            375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-192-GCM-enc            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec            300 KiB took 1.003 seconds,  299.103 KiB/s
+AES-256-GCM-enc            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-256-GCM-dec            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-128-GCM-enc-no_AAD     375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-128-GCM-dec-no_AAD     375 KiB took 1.066 seconds,  351.782 KiB/s
+AES-192-GCM-enc-no_AAD     300 KiB took 1.000 seconds,  300.000 KiB/s
+AES-192-GCM-dec-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc-no_AAD     275 KiB took 1.047 seconds,  262.655 KiB/s
+AES-256-GCM-dec-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+GMAC Table 4-bit             8 MiB took 1.000 seconds,    8.439 MiB/s
+CHACHA                      51 MiB took 1.000 seconds,   51.147 MiB/s
+CHA-POLY                    28 MiB took 1.000 seconds,   27.588 MiB/s
+POLY1305                   168 MiB took 1.000 seconds,  168.140 MiB/s
+SHA-256                     16 MiB took 1.000 seconds,   16.333 MiB/s
+HMAC-SHA256                 16 MiB took 1.000 seconds,   16.016 MiB/s
+RSA     2048   public       360 ops took 1.004 sec, avg 2.789 ms, 358.566 ops/sec
+RSA     2048  private         6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
+DH      2048  key gen        15 ops took 1.050 sec, avg 70.000 ms, 14.286 ops/sec
+DH      2048    agree        16 ops took 1.098 sec, avg 68.625 ms, 14.572 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.016 sec, avg 16.933 ms, 59.055 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
+ECDSA [      SECP256R1]   256     sign        48 ops took 1.012 sec, avg 21.083 ms, 47.431 ops/sec
+ECDSA [      SECP256R1]   256   verify        28 ops took 1.020 sec, avg 36.429 ms, 27.451 ops/sec
+```
+
+
 ## STM32WB55
 
 Supports RNG, ECC P-256, AES-CBC and SHA-256 acceleration.
diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl
index 63c4abc1a..c5215604f 100644
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -102,12 +102,18 @@ extern ${variable.value} ${variable.name};
     #undef  NO_STM32_CRYPTO
     #define STM32_HAL_V2
     #define HAL_CONSOLE_UART huart3
+#elif defined(STM32H7S3xx)
+    #define WOLFSSL_STM32H7S
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32H753xx)
     #define WOLFSSL_STM32H7
     #undef  NO_STM32_HASH
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart3
-#elif defined(STM32H723xx) || defined(STM32H725xx)
+#elif defined(STM32H723xx) || defined(STM32H725xx) || defined(STM32H743xx)
     #define WOLFSSL_STM32H7
     #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
@@ -148,11 +154,14 @@ extern ${variable.value} ${variable.name};
     #define HAL_CONSOLE_UART huart2
     #define NO_STM32_RNG
     #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */
-#elif defined(STM32U575xx) || defined(STM32U585xx)
+#elif defined(STM32G491xx)
+    #define WOLFSSL_STM32G4
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx)
     #define HAL_CONSOLE_UART huart1
     #define WOLFSSL_STM32U5
     #define STM32_HAL_V2
-    #ifdef STM32U585xx
+    #if defined(STM32U585xx) || defined(STM32U5A9xx)
         #undef  NO_STM32_HASH
         #undef  NO_STM32_CRYPTO
         #define WOLFSSL_STM32_PKA
@@ -162,14 +171,22 @@ extern ${variable.value} ${variable.name};
     #define HAL_CONSOLE_UART huart3
     #define STM32_HAL_V2
     #undef  NO_STM32_HASH
-
+#elif defined(STM32MP135Fxx)
+    #define WOLFSSL_STM32MP13
+    #define HAL_CONSOLE_UART huart4
+    #define STM32_HAL_V2
+    #undef NO_STM32_HASH
+    #undef NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define WOLFSSL_STM32_PKA_V2
 #else
     #warning Please define a hardware platform!
     /* This means there is not a pre-defined platform for your board/CPU */
     /* You need to define a CPU type, HW crypto and debug UART */
     /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
         WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
-        WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
+        WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB, WOLFSSL_STM32U5 and
+        WOLFSSL_STM32MP13 */
     #define WOLFSSL_STM32F4
 
     /* Debug UART used for printf */
@@ -195,13 +212,23 @@ extern ${variable.value} ${variable.name};
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
-#define WOLFSSL_USER_IO
-#define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
 
+/* ------------------------------------------------------------------------- */
+/* Network stack: 1=User IO (custom), 2=LWIP (posix), 3=LWIP (native) */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_IO) && WOLF_CONF_IO == 2
+    #define WOLFSSL_LWIP
+#elif defined(WOLF_CONF_IO) && WOLF_CONF_IO == 3
+    #define WOLFSSL_LWIP_NATIVE
+#else /* custom */
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_SOCK
+#endif
+
 
 /* ------------------------------------------------------------------------- */
-/* Operating System */
+/* Operating System: 1=Bare-metal/Single threaded, 2=FREERTOS */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
@@ -295,6 +322,8 @@ extern ${variable.value} ${variable.name};
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_ENCRYPT_THEN_MAC
 #define HAVE_EXTENDED_MASTER
+#define WOLFSSL_ASN_TEMPLATE
+#define HAVE_SNI
 
 #if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
     #define WOLFSSL_TLS13
@@ -303,6 +332,10 @@ extern ${variable.value} ${variable.name};
 #if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
     #define WOLFSSL_DTLS
 #endif
+#if defined(WOLF_CONF_DTLS13) && WOLF_CONF_DTLS13 == 1
+    #define WOLFSSL_DTLS13
+    #define WOLFSSL_SEND_HRR_COOKIE
+#endif
 #if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
     #define NO_PSK
 #endif
@@ -326,20 +359,24 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* TLS Session Cache */
-#if 0
+#if defined(WOLF_CONF_RESUMPTION) && WOLF_CONF_RESUMPTION == 1
     #define SMALL_SESSION_CACHE
+    #define HAVE_SESSION_TICKET
 #else
     #define NO_SESSION_CACHE
 #endif
 
-/* Post Quantum
- * Note: PQM4 is compatible with STM32. The project can be found at:
- * https://github.com/mupq/pqm4
- */
-#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
-    #define HAVE_PQM4
+/* TPM support */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_PUBLIC_MP
+    /* also AES CFB - enabled below */
 #endif
 
+/* TLS key callbacks */
+#if defined(WOLF_CONF_PK) && WOLF_CONF_PK == 1
+    #define HAVE_PK_CALLBACKS
+#endif
 
 /* ------------------------------------------------------------------------- */
 /* Crypto */
@@ -428,20 +465,31 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* AES */
-#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM >= 1
     #define HAVE_AESGCM
+    #define HAVE_AES_DECRYPT
+
     /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
     /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
-    #define GCM_SMALL
-    #define HAVE_AES_DECRYPT
+    #if WOLF_CONF_AESGCM == 2
+        #define GCM_TABLE_4BIT
+    #else
+        #define GCM_SMALL
+    #endif
 #endif
 
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
     #define HAVE_AES_CBC
     #define HAVE_AES_DECRYPT
+#else
+    #define NO_AES_CBC
 #endif
 
 /* Other possible AES modes */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#endif
+
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -509,7 +557,7 @@ extern ${variable.value} ${variable.name};
     //#define USE_SLOW_SHA512
 
     #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+    #define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #endif
 
 /* Sha2-384 */
@@ -531,6 +579,53 @@ extern ${variable.value} ${variable.name};
     #define NO_MD5
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Post-Quantum Crypto */
+/* ------------------------------------------------------------------------- */
+/* NOTE: this is after the hashing section to override the potential SHA3 undef
+ * above. */
+#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
+    #undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+
+    #undef  WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_HAVE_KYBER
+
+    #undef  WOLFSSL_WC_KYBER
+    #define WOLFSSL_WC_KYBER
+
+    #undef  WOLFSSL_NO_SHAKE128
+    #undef  WOLFSSL_SHAKE128
+    #define WOLFSSL_SHAKE128
+
+    #undef  WOLFSSL_NO_SHAKE256
+    #undef  WOLFSSL_SHAKE256
+    #define WOLFSSL_SHAKE256
+
+    #undef  WOLFSSL_SHA3
+    #define WOLFSSL_SHA3
+#endif /* WOLF_CONF_KYBER */
+
+/* ------------------------------------------------------------------------- */
+/* Crypto Acceleration */
+/* ------------------------------------------------------------------------- */
+/* This enables inline assembly speedups for SHA2, SHA3, AES,
+ * ChaCha20/Poly1305 and Ed/Curve25519. These settings work for Cortex M4/M7
+ * and the source code is located in wolfcrypt/src/port/arm/
+ */
+#if defined(WOLF_CONF_ARMASM) && WOLF_CONF_ARMASM == 1
+    #define WOLFSSL_ARMASM
+    #define WOLFSSL_ARMASM_INLINE
+    #define WOLFSSL_ARMASM_NO_HW_CRYPTO
+    #define WOLFSSL_ARMASM_NO_NEON
+    #define WOLFSSL_ARMASM_THUMB2
+    #define WOLFSSL_ARM_ARCH 7
+    /* Disable H/W offloading if accelerating S/W crypto */
+    #undef  NO_STM32_HASH
+    #define NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define NO_STM32_CRYPTO
+#endif
 
 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
@@ -610,6 +705,8 @@ extern ${variable.value} ${variable.name};
 #define NO_RC4
 #define NO_MD4
 #define NO_DES3
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
diff --git a/IDE/STM32Cube/main.c b/IDE/STM32Cube/main.c
index f056c8cd6..160ad0c22 100644
--- a/IDE/STM32Cube/main.c
+++ b/IDE/STM32Cube/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -138,11 +138,11 @@ static void SystemClock_Config(void)
     RCC_ClkInitTypeDef RCC_ClkInitStruct = {0};
     RCC_PeriphCLKInitTypeDef PeriphClkInitStruct = {0};
 
-    /** Configure the main internal regulator output voltage 
+    /** Configure the main internal regulator output voltage
     */
     __HAL_RCC_PWR_CLK_ENABLE();
     __HAL_PWR_VOLTAGESCALING_CONFIG(PWR_REGULATOR_VOLTAGE_SCALE1);
-    /** Initializes the CPU, AHB and APB buses clocks 
+    /** Initializes the CPU, AHB and APB buses clocks
     */
     RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSI|RCC_OSCILLATORTYPE_LSI;
     RCC_OscInitStruct.HSIState = RCC_HSI_ON;
@@ -157,7 +157,7 @@ static void SystemClock_Config(void)
     if (HAL_RCC_OscConfig(&RCC_OscInitStruct) != HAL_OK) {
         Error_Handler();
     }
-    /** Initializes the CPU, AHB and APB buses clocks 
+    /** Initializes the CPU, AHB and APB buses clocks
     */
     RCC_ClkInitStruct.ClockType = RCC_CLOCKTYPE_HCLK|RCC_CLOCKTYPE_SYSCLK|RCC_CLOCKTYPE_PCLK1|RCC_CLOCKTYPE_PCLK2;
     RCC_ClkInitStruct.SYSCLKSource = RCC_SYSCLKSOURCE_PLLCLK;
@@ -325,7 +325,7 @@ void Error_Handler(void)
   * @retval None
   */
 void assert_failed(uint8_t *file, uint32_t line)
-{ 
+{
     /* User can add his own implementation to report the file name and line number,
       tex: printf("Wrong parameters value: file %s on line %d\r\n", file, line) */
 }
@@ -336,7 +336,7 @@ void assert_failed(uint8_t *file, uint32_t line)
 /* Working _sbrk example for .ld based libC malloc/free */
 /* Replace this with one in Core/Src/sysmem.c */
 /* Symbols defined in the linker script */
-extern uint8_t _end; 
+extern uint8_t _end;
 extern uint8_t _estack;
 extern uint32_t _Min_Stack_Size;
 void* _sbrk(ptrdiff_t incr)
diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c
index fc813483f..ae696c4c3 100644
--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -1,6 +1,6 @@
 /* wolfssl_example.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -284,7 +284,7 @@ typedef struct {
 typedef struct {
     int ret;
 
-    osThreadId threadId;
+    osThreadId_t threadId;
 #ifdef CMSIS_OS2_H_
     osSemaphoreId_t mutex;
 #else
@@ -1700,9 +1700,7 @@ done:
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (tbuf != NULL) {
-        XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -1752,10 +1750,16 @@ static int tls13_uart_client(void)
 
     wolfSSL_SetIOReadCtx(ssl, tbuf);
 
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+    if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL_UseKeyShare Error!!");
+    }
+#else
     if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) {
         printf("wolfSSL_UseKeyShare Error!!");
     }
+#endif
 #endif
 
     do {
@@ -1795,9 +1799,7 @@ done:
         wolfSSL_CTX_free(ctx);
     }
 #ifdef WOLFSSL_SMALL_STACK
-    if (tbuf != NULL) {
-        XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tbuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
diff --git a/IDE/STM32Cube/wolfssl_example.h b/IDE/STM32Cube/wolfssl_example.h
index 5720511f3..efd1a998d 100644
--- a/IDE/STM32Cube/wolfssl_example.h
+++ b/IDE/STM32Cube/wolfssl_example.h
@@ -1,6 +1,6 @@
 /* wolfssl_example.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #endif
 
 #ifndef WOLFSSL_USER_SETTINGS
-	#include <wolfssl/options.h>
+    #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
diff --git a/IDE/SimplicityStudio/test_wolf.c b/IDE/SimplicityStudio/test_wolf.c
index e52266ac4..dfa12c0c1 100644
--- a/IDE/SimplicityStudio/test_wolf.c
+++ b/IDE/SimplicityStudio/test_wolf.c
@@ -1,6 +1,6 @@
 /* test_wolf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/SimplicityStudio/user_settings.h b/IDE/SimplicityStudio/user_settings.h
index cfe138a69..3e6fb09c8 100644
--- a/IDE/SimplicityStudio/user_settings.h
+++ b/IDE/SimplicityStudio/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -337,6 +337,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/VS-AZURE-SPHERE/client/client.c b/IDE/VS-AZURE-SPHERE/client/client.c
index 9a326e069..354d8f0ea 100644
--- a/IDE/VS-AZURE-SPHERE/client/client.c
+++ b/IDE/VS-AZURE-SPHERE/client/client.c
@@ -1,6 +1,6 @@
-/* client.c
+/* client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/client/client.h b/IDE/VS-AZURE-SPHERE/client/client.h
index f2d6fd805..1b836dceb 100644
--- a/IDE/VS-AZURE-SPHERE/client/client.h
+++ b/IDE/VS-AZURE-SPHERE/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/server/server.c b/IDE/VS-AZURE-SPHERE/server/server.c
index aad4ef723..e9c3a760c 100644
--- a/IDE/VS-AZURE-SPHERE/server/server.c
+++ b/IDE/VS-AZURE-SPHERE/server/server.c
@@ -1,6 +1,6 @@
-/* server.c
+/* server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/server/server.h b/IDE/VS-AZURE-SPHERE/server/server.h
index 497a3c41c..ac8b96e01 100644
--- a/IDE/VS-AZURE-SPHERE/server/server.h
+++ b/IDE/VS-AZURE-SPHERE/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/user_settings.h b/IDE/VS-AZURE-SPHERE/user_settings.h
index 91de4d251..a55c0b091 100644
--- a/IDE/VS-AZURE-SPHERE/user_settings.h
+++ b/IDE/VS-AZURE-SPHERE/user_settings.h
@@ -7,9 +7,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 11111
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 11111
+    #endif
     #define CERT         ca_cert_der_2048
     #define SIZEOF_CERT  sizeof_ca_cert_der_2048
     static const char msg[] = "Are you listening wolfSSL Server?";
@@ -17,9 +17,9 @@
     #ifndef SERVER_IP
         #define SERVER_IP "www.wolfssl.com"
     #endif
-	#ifndef DEFAULT_PORT
-		#define DEFAULT_PORT 443
-	#endif
+    #ifndef DEFAULT_PORT
+        #define DEFAULT_PORT 443
+    #endif
     #define CERT         wolfssl_website_root_ca
     #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
     static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
diff --git a/IDE/VisualDSP/user_settings.h b/IDE/VisualDSP/user_settings.h
index 2ce8e1eba..4730ebc94 100644
--- a/IDE/VisualDSP/user_settings.h
+++ b/IDE/VisualDSP/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -481,7 +481,7 @@ extern "C" {
 
 /* Seed Source */
 /* Size of returned HW RNG value */
-#if 0   
+#if 0
     #define CUSTOM_RAND_TYPE      unsigned int
     extern unsigned int my_rng_seed_gen(void);
     #undef  CUSTOM_RAND_GENERATE
@@ -690,7 +690,7 @@ extern "C" {
         int argc;
         char** argv;
         int return_code;
-        struct fssShellInfo* info;  
+        struct fssShellInfo* info;
     } wolfArgs;
 
     #define printf FCL_PRINTF
diff --git a/IDE/VisualDSP/wolf_tasks.c b/IDE/VisualDSP/wolf_tasks.c
index 5d38879f4..d7d39e9ca 100644
--- a/IDE/VisualDSP/wolf_tasks.c
+++ b/IDE/VisualDSP/wolf_tasks.c
@@ -1,6 +1,6 @@
 /* wolf-tasks.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/WICED-STUDIO/user_settings.h b/IDE/WICED-STUDIO/user_settings.h
index 70ce019d6..b57563b8e 100644
--- a/IDE/WICED-STUDIO/user_settings.h
+++ b/IDE/WICED-STUDIO/user_settings.h
@@ -1,4 +1,4 @@
- /* Copyright (C) 2006-2018 wolfSSL Inc.
+ / * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -411,6 +411,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/WIN-SRTP-KDF-140-3/README.txt b/IDE/WIN-SRTP-KDF-140-3/README.txt
new file mode 100644
index 000000000..4ef0a1454
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/README.txt
@@ -0,0 +1,118 @@
+# Notes on the wolfssl-fips project
+
+First, if you did not get the FIPS files with your archive, you must contact
+wolfSSL to obtain them.
+
+The IDE/WIN10/wolfssl-fips.sln solution is for the FIPS 140-3 certificate or later.
+
+# Building the wolfssl-fips project
+
+The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
+must be built as a static library, for the moment.
+
+The library project is built with Whole Program Optimization disabled. This is
+required so that necessary components of the library are not optimized away.
+There are two functions added to the library that are used as markers in
+memory for the in-core memory check of the code. WPO consolidates them into a
+single function. WPO also optimizes away the automatic FIPS entry function.
+
+Each of the source files inside the FIPS boundary defines their own code and
+constant section. The code section names start with ".fipsA$" and the constant
+section names start with ".fipsB$". Each subsection has a letter to organize
+them in a specific order. This specific ordering puts marker functions and
+constants on either end of the boundary so it can be hashed.
+
+
+# In Core Memory Test
+
+The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
+FIPS library code and constant data and compares it with a known value in
+the code.
+
+The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
+1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
+needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
+2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
+option need turned off so function pointers go to actual code, not a jump instruction.
+3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
+option to YES, which disables the support for ASLR.
+
+The "verifyCore" check value in the source fips_test.c needs to be updated when
+building the code. The POS performs this check and the default failure callback
+will print out the calculated checksum. When developing your code, copy this
+value and paste it back into your code in the verifyCore initializer then
+rebuild the code. When statically linking, you may have to recalculate your
+check value when changing your application.
+
+# Build Options
+
+The default build options should be the proper default set of options:
+
+ * HAVE_FIPS
+ * HAVE_FIPS_VERSION=5
+ * HAVE_FIPS_VERSION_MINOR=1 (Also for FIPS Ready)
+ * HAVE_THREAD_LS
+ * WOLFSSL_KEY_GEN
+ * HAVE_AESGCM
+ * HAVE_HASHDRBG
+ * WOLFSSL_SHA384
+ * WOLFSSL_SHA512
+ * NO_PSK
+ * NO_RC4
+ * NO_DSA
+ * NO_MD4
+ * WOLFSSL_SHA224
+ * WOLFSSL_SHA3
+ * WC_RSA_PSS
+ * WC_RSA_NO_PADDING
+ * HAVE_ECC
+ * ECC_SHAMIR
+ * HAVE_ECC_CDH
+ * ECC_TIMING_RESISTANT
+ * TFM_TIMING_RESISTANT
+ * WOLFSSL_AES_COUNTER
+ * WOLFSSL_AES_DIRECT
+ * HAVE_AES_ECB
+ * HAVE_AESCCM
+ * WOLFSSL_CMAC
+ * HAVE_HKDF
+ * WOLFSSL_VALIDATE_ECC_IMPORT
+ * WOLFSSL_VALIDATE_FFC_IMPORT
+ * HAVE_FFDHE_Q
+ * NO_DES
+ * NO_DES3
+ * NO_MD5
+ * NO_OLD_TLS
+ * WOLFSSL_TLS13
+ * HAVE_TLS_EXTENSIONS
+ * HAVE_SUPPORTED_CURVES
+ * GCM_TABLE_4BIT
+ * WOLFSSL_NO_SHAKE256
+ * WOLFSSL_VALIDATE_ECC_KEYGEN
+ * WOLFSSL_ECDSA_SET_K
+ * WOLFSSL_WOLFSSH
+ * WOLFSSL_PUBLIC_MP
+ * WC_RNG_SEED_CB
+ * TFM_ECC256
+ * ECC_USER_CURVES
+ * HAVE_ECC192
+ * HAVE_ECC224
+ * HAVE_ECC256
+ * HAVE_ECC384
+ * HAVE_ECC521
+ * HAVE_FFDHE_2048
+ * HAVE_FFDHE_3072
+ * HAVE_FFDHE_4096
+ * HAVE_FFDHE_6144
+ * HAVE_FFDHE_8192
+ * FP_MAX_BITS 16384
+
+The "NO" options explicitly disable algorithms that are not allowed in
+FIPS mode.
+
+Additionally one may enable:
+
+ * WOLFSSL_AESNI
+ * OPENSSL_EXTRA
+
+These settings are defined in IDE/WIN10/user_settings.h.
diff --git a/IDE/WIN-SRTP-KDF-140-3/include.am b/IDE/WIN-SRTP-KDF-140-3/include.am
new file mode 100644
index 000000000..c85379e90
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/include.am
@@ -0,0 +1,11 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/README.txt
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/test.vcxproj
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/user_settings.h
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/resource.h
+EXTRA_DIST+= IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
diff --git a/IDE/WIN-SRTP-KDF-140-3/resource.h b/IDE/WIN-SRTP-KDF-140-3/resource.h
new file mode 100644
index 000000000..691fa7654
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/resource.h
@@ -0,0 +1,14 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by wolfssl-fips.rc
+
+// Next default values for new objects
+//
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1001
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/IDE/WIN-SRTP-KDF-140-3/test.vcxproj b/IDE/WIN-SRTP-KDF-140-3/test.vcxproj
new file mode 100644
index 000000000..a41ff9ac4
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/test.vcxproj
@@ -0,0 +1,277 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>true</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>true</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>true</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>true</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\wolfcrypt\test\test.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="wolfssl-fips.vcxproj">
+      <Project>{73973223-5ee8-41ca-8e88-1d60e89a237b}</Project>
+      <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/IDE/WIN-SRTP-KDF-140-3/user_settings.h b/IDE/WIN-SRTP-KDF-140-3/user_settings.h
new file mode 100644
index 000000000..e9e6090e0
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/user_settings.h
@@ -0,0 +1,199 @@
+#ifndef _WIN_USER_SETTINGS_H_
+#define _WIN_USER_SETTINGS_H_
+
+/* For FIPS 140-2 3389 build set to "#if 1" */
+#if 0
+#undef HAVE_FIPS
+#define HAVE_FIPS
+#undef HAVE_FIPS_VERSION
+#define HAVE_FIPS_VERSION 2
+#undef HAVE_FIPS_VERSION_MINOR
+#define HAVE_FIPS_VERSION_MINOR 0
+#endif
+
+/* Set the following to 1 for WCv5.0-RC12 build. */
+#if 1
+#undef  HAVE_FIPS
+#define HAVE_FIPS
+#undef  HAVE_FIPS_VERSION
+#define HAVE_FIPS_VERSION 6
+#undef  HAVE_FIPS_VERSION_MAJOR
+#define HAVE_FIPS_VERSION_MAJOR 6
+#undef  HAVE_FIPS_VERSION_MINOR
+#define HAVE_FIPS_VERSION_MINOR 0
+#undef  HAVE_FIPS_VERSION_PATCH
+#define HAVE_FIPS_VERSION_PATCH 0
+#endif
+
+/* For FIPS Ready, uncomment the following: */
+/* #define WOLFSSL_FIPS_READY */
+#ifdef WOLFSSL_FIPS_READY
+    #undef HAVE_FIPS
+    #define HAVE_FIPS
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION 5
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 3
+#endif
+
+
+/* Verify this is Windows */
+#ifndef _WIN32
+#error This user_settings.h header is only designed for Windows
+#endif
+
+/* Configurations */
+#if defined(HAVE_FIPS)
+    /* FIPS */
+    #define OPENSSL_EXTRA
+    #define HAVE_THREAD_LS
+    #define WOLFSSL_KEY_GEN
+    #define HAVE_AESGCM
+    #define HAVE_HASHDRBG
+    #define WOLFSSL_SHA384
+    #define WOLFSSL_SHA512
+    #define NO_PSK
+    #define NO_RC4
+    #define NO_DSA
+    #define NO_MD4
+
+    #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+        #define WOLFSSL_SHA224
+        #define WOLFSSL_SHA3
+        #define WC_RSA_PSS
+        #define WC_RSA_NO_PADDING
+        #define HAVE_ECC
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+        #define HAVE_SUPPORTED_CURVES
+        #define HAVE_TLS_EXTENSIONS
+        #define ECC_SHAMIR
+        #define HAVE_ECC_CDH
+        #define ECC_TIMING_RESISTANT
+        #define TFM_TIMING_RESISTANT
+        #define WOLFSSL_AES_COUNTER
+        #define WOLFSSL_AES_DIRECT
+        #define HAVE_AES_ECB
+        #define HAVE_AESCCM
+        #define WOLFSSL_CMAC
+        #define HAVE_HKDF
+        #define WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_FFC_IMPORT
+        #define HAVE_FFDHE_Q
+    #ifdef _WIN64
+        #define WOLFSSL_AESNI
+    #endif
+    #endif /* FIPS v2 */
+    #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+        #define NO_DES
+        #define NO_DES3
+        #define NO_MD5
+        #define NO_OLD_TLS
+        #define WOLFSSL_TLS13
+        #define HAVE_TLS_EXTENSIONS
+        #define HAVE_SUPPORTED_CURVES
+        #define GCM_TABLE_4BIT
+        #define WOLFSSL_NO_SHAKE256
+        #define WOLFSSL_VALIDATE_ECC_KEYGEN
+        #define WOLFSSL_ECDSA_SET_K
+        #define WOLFSSL_WOLFSSH
+        #define WOLFSSL_PUBLIC_MP
+        #define WC_RNG_SEED_CB
+        #define TFM_ECC256
+        #define ECC_USER_CURVES
+        #define HAVE_ECC192
+        #define HAVE_ECC224
+        #define HAVE_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_3072
+        #define HAVE_FFDHE_4096
+        #define HAVE_FFDHE_6144
+        #define HAVE_FFDHE_8192
+        #define WOLFSSL_AES_OFB
+        #define FP_MAX_BITS 16384
+    #endif /* FIPS v5 */
+    #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 6)
+        #undef WOLFSSL_AESNI /* Comment out if using PAA */
+        #define HAVE_ED25519
+        #define HAVE_CURVE25519
+        #define WOLFSSL_ED25519_STREAMING_VERIFY
+        #define HAVE_ED25519_KEY_IMPORT
+        #define HAVE_ED448
+        #define HAVE_CURVE448
+        #define HAVE_ED448_KEY_IMPORT
+        #define WOLFSSL_ED448_STREAMING_VERIFY
+        #undef  WOLFSSL_NO_SHAKE256
+        #define WOLFSSL_SHAKE256
+        #define WOLFSSL_SHAKE128
+        #define WOLFSSL_AES_CFB
+        #define WOLFSSL_AES_XTS
+        #define WOLFSSL_AESXTS_STREAM
+        #define WOLFSSL_AESGCM_STREAM
+        #define HAVE_AES_KEYWRAP
+        #define WC_SRTP_KDF
+        #define HAVE_PBKDF2
+        #define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
+      AE8F969C072FB4A87B5C594F96162002F3CCEB6026BDB2553C8621AE197F7059 //woPAA
+      //E257E8C21764333E4710316D208A90D4ECA0682D6F40DC3F4A6E259D4752E306 //wPAA
+        #define WOLFSSL_NOSHA512_224
+        #define WOLFSSL_NOSHA512_256
+
+        /* uncomment for FIPS debugging */
+        /* #define DEBUG_FIPS_VERBOSE */
+
+        /* uncomment for whole library debugging */
+        /* #define DEBUG_WOLFSSL */
+    #endif /* FIPS v6 */
+#else
+    /* Enables blinding mode, to prevent timing attacks */
+    #define WC_RSA_BLINDING
+
+    #if defined(WOLFSSL_LIB)
+        /* The lib */
+        #define OPENSSL_EXTRA
+        #define WOLFSSL_RIPEMD
+        #define NO_PSK
+        #define HAVE_EXTENDED_MASTER
+        #define WOLFSSL_SNIFFER
+        #define HAVE_SECURE_RENEGOTIATION
+
+        #define HAVE_AESGCM
+        #define WOLFSSL_SHA384
+        #define WOLFSSL_SHA512
+
+        #define HAVE_SUPPORTED_CURVES
+        #define HAVE_TLS_EXTENSIONS
+
+        #define HAVE_ECC
+        #define ECC_SHAMIR
+        #define ECC_TIMING_RESISTANT
+    #else
+        /* The servers and clients */
+        #define OPENSSL_EXTRA
+        #define NO_PSK
+    #endif
+#endif /* HAVE_FIPS */
+
+/* For optesting and code review and harness/vector processing */
+#if 0
+    #undef USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_2048
+
+    #undef USE_CERT_BUFFERS_256
+    #define USE_CERT_BUFFERS_256
+
+    #define NO_MAIN_DRIVER
+    #define HAVE_FORCE_FIPS_FAILURE
+    #define OPTEST_LOGGING_ENABLED
+    #define OPTEST_INVALID_LOGGING_ENABLED
+    #define DEBUG_FIPS_VERBOSE
+    #define OPTEST_RUNNING_ORGANIC
+    #define DEBUG_WOLFSSL
+    #define OPTEST_LOG_TE_MAPPING
+    #define DEEPLY_EMBEDDED
+    #define WORKING_WITH_AEGISOLVE
+#endif /* 1 || 0 */
+
+#endif /* _WIN_USER_SETTINGS_H_ */
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
new file mode 100644
index 000000000..5af27ac69
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
@@ -0,0 +1,100 @@
+// Microsoft Visual C++ generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "winres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (United States) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE 
+BEGIN
+    "#include ""winres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 5,7,6,0
+ PRODUCTVERSION 5,7,6,0
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x7L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "wolfSSL Inc."
+            VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
+            VALUE "FileVersion", "5.7.6.0"
+            VALUE "InternalName", "wolfssl-fips"
+            VALUE "LegalCopyright", "Copyright (C) 2023"
+            VALUE "OriginalFilename", "wolfssl-fips.dll"
+            VALUE "ProductName", "wolfSSL FIPS"
+            VALUE "ProductVersion", "5.7.6.0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // English (United States) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln
new file mode 100644
index 000000000..1609e6d91
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.sln
@@ -0,0 +1,61 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.32510.428
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		DLL Debug|Win32 = DLL Debug|Win32
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Release|Win32 = DLL Release|Win32
+		DLL Release|x64 = DLL Release|x64
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = DLL Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {0CFCC869-45D3-42AD-BA73-29938093A38F}
+	EndGlobalSection
+EndGlobal
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj
new file mode 100644
index 000000000..65bb39fff
--- /dev/null
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj
@@ -0,0 +1,394 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{73973223-5EE8-41CA-8E88-1D60E89A237B}</ProjectGuid>
+    <RootNamespace>wolfssl-fips</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <BaseAddress>0x5A000000</BaseAddress>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>false</DataExecutionPrevention>
+      <FixedBaseAddress>true</FixedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <BaseAddress>0x5A000000</BaseAddress>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>false</DataExecutionPrevention>
+      <FixedBaseAddress>true</FixedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <BaseAddress>0x5A000000</BaseAddress>
+      <FixedBaseAddress>true</FixedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_first.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fips.c">
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</WholeProgramOptimization>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\fips_test.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\src\dtls13.c" />
+    <ClCompile Include="..\..\src\dtls.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_last.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+  </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <ClInclude Include="user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="wolfssl-fips.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="..\..\wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h
index 225108946..a1011abf8 100644
--- a/IDE/WIN/user_settings.h
+++ b/IDE/WIN/user_settings.h
@@ -74,6 +74,9 @@
                 #if 0
                     #define HAVE_INTEL_AVX2
                 #endif
+
+                #define USE_INTEL_CHACHA_SPEEDUP
+                #define USE_INTEL_POLY1305_SPEEDUP
             #endif
 
             /* Single Precision Support for RSA/DH 1024/2048/3072 and
diff --git a/IDE/WIN/user_settings_dtls.h b/IDE/WIN/user_settings_dtls.h
index 06880e413..ff6f3ac1e 100644
--- a/IDE/WIN/user_settings_dtls.h
+++ b/IDE/WIN/user_settings_dtls.h
@@ -8,8 +8,8 @@
 
 /* DTLS configuration including DTLS v.1.3 which requires TLS v.1.3. */
 
-/* The below DTLS configurations can be copied in to another user_settings.h 
-   file that may have other settings that need to be preserved. 
+/* The below DTLS configurations can be copied in to another user_settings.h
+   file that may have other settings that need to be preserved.
 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_DTLS
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index b91c6efef..cd003c9ce 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -298,6 +298,7 @@
     <ClCompile Include="..\..\src\crl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
diff --git a/IDE/WIN10/resource.h b/IDE/WIN10/resource.h
index e92769c50..691fa7654 100644
--- a/IDE/WIN10/resource.h
+++ b/IDE/WIN10/resource.h
@@ -3,7 +3,7 @@
 // Used by wolfssl-fips.rc
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        101
diff --git a/IDE/WIN10/user_settings.h b/IDE/WIN10/user_settings.h
index cc1c34ede..1fcb31731 100644
--- a/IDE/WIN10/user_settings.h
+++ b/IDE/WIN10/user_settings.h
@@ -119,6 +119,9 @@
         #define WOLFSSL_AES_OFB
         #define FP_MAX_BITS 16384
     #endif /* FIPS v5 */
+    #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 6)
+        #define WOLFSSL_AES_XTS
+    #endif
 #else
     /* Enables blinding mode, to prevent timing attacks */
     #define WC_RSA_BLINDING
@@ -133,6 +136,7 @@
         #define HAVE_SECURE_RENEGOTIATION
 
         #define HAVE_AESGCM
+        #define WOLFSSL_AES_XTS
         #define WOLFSSL_SHA384
         #define WOLFSSL_SHA512
 
diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc
index 4da10de83..b6df7d1f3 100644
--- a/IDE/WIN10/wolfssl-fips.rc
+++ b/IDE/WIN10/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,6,6,0
- PRODUCTVERSION 5,6,6,0
+ FILEVERSION 5,7,6,0
+ PRODUCTVERSION 5,7,6,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.6.6.0"
+            VALUE "FileVersion", "5.7.6.0"
             VALUE "InternalName", "wolfssl-fips"
-            VALUE "LegalCopyright", "Copyright (C) 2023"
+            VALUE "LegalCopyright", "Copyright (C) 2024"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.6.6.0"
+            VALUE "ProductVersion", "5.7.6.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/IDE/WIN10/wolfssl-fips.vcxproj b/IDE/WIN10/wolfssl-fips.vcxproj
index 5d0122ea5..42d574220 100644
--- a/IDE/WIN10/wolfssl-fips.vcxproj
+++ b/IDE/WIN10/wolfssl-fips.vcxproj
@@ -258,10 +258,18 @@
     <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
     <ClCompile Include="..\..\src\crl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
     <ClCompile Include="..\..\wolfcrypt\src\fips.c">
       <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</WholeProgramOptimization>
       <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</WholeProgramOptimization>
@@ -269,6 +277,9 @@
       <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</WholeProgramOptimization>
     </ClCompile>
     <ClCompile Include="..\..\wolfcrypt\src\fips_test.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
     <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
@@ -337,6 +348,20 @@
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
     </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h" />
diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h
index 2c472db89..f9a7e940b 100644
--- a/IDE/WINCE/user_settings.h
+++ b/IDE/WINCE/user_settings.h
@@ -1,21 +1,94 @@
-#ifndef _WIN_USER_SETTINGS_H_
-#define _WIN_USER_SETTINGS_H_
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
-/* For FIPS Ready, uncomment the following: */
-/* #define WOLFSSL_FIPS_READY */
-#ifdef WOLFSSL_FIPS_READY
-    #undef HAVE_FIPS_VERSION
-    #define HAVE_FIPS_VERSION 3
+
+/* Custom wolfSSL user settings for GCC ARM */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+#ifdef __cplusplus
+extern "C" {
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
 
-/* Verify this is Windows */
-#ifndef _WIN32
-#error This user_settings.h header is only designed for Windows
+/* Multi-threaded support */
+#undef  SINGLE_THREADED
+#if 0
+    #define SINGLE_THREADED
+#else
+    #define ERROR_QUEUE_PER_THREAD /* if applicable otherwise comment out */
 #endif
 
-/* Configurations */
-#define WOLFCRYPT_ONLY
+#ifdef SINGLE_THREADED
+    #undef  NO_THREAD_LS
+    #define NO_THREAD_LS
+#endif
+
+#undef  WOLFSSL_USER_IO
+//#define WOLFSSL_USER_IO
+
+#undef NO_WRITE_TEMP_FILES
+#define NO_WRITE_TEMP_FILES
+
+/* FIPS 140-3 OE specific section(s) */
+
+/* Uncomment for Android devices */
+#undef ANDROID_V454
+/* #define ANDROID_V454 */
+#ifdef ANDROID_V454
+    #if 1
+        /* To have all printouts go to the app view on the device use: */
+        extern int appendToTextView(const char* fmt, ...);
+        #undef printf
+        #define printf(format, ...) appendToTextView(format, ## __VA_ARGS__)
+    #else
+        #include <android/log.h>
+        #define WOLFLOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, "wolfCrypt_android", __VA_ARGS__)
+        #undef printf
+        #define printf WOLFLOGV
+    #endif
+#endif
+
+/* Uncomment for WINCE 6.0 devices. NOTE: _WIN32_WCE defined by system */
+#if 1
+    #define NO_WOLFSSL_DIR
+    #define WOLFSSL_NO_ATOMICS
+    #define WC_NO_ASYNC_THREADING
+    #define USE_WINDOWS_API
+    #define WOLFSSL_SMALL_STACK
+    #define MAX_SUPPORTED_THREADS 1024
+    #define MAX_SUPPORTED_PRIV_KEYS 1024
+    #define MAX_CONFIGURED_THREAD 512
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  SIZEOF_LONG_LONG
+#define SIZEOF_LONG_LONG 8
 
 #undef USE_FAST_MATH
 #if 1
@@ -24,26 +97,39 @@
     #undef  TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT
 
+    #undef TFM_NO_ASM
+    #define TFM_NO_ASM
+
     /* Optimizations */
     //#define TFM_ARM
+
+    /* Maximum math bits (Max RSA key bits * 2) */
+    #undef  FP_MAX_BITS
+    #define FP_MAX_BITS 16384
+#else
+    #define WOLFSSL_SP_MATH_ALL
+    #define WOLFSSL_SP_INT_NEGATIVE
+    /* Maximum math bits (largest supported key bits) */
+    #undef SP_INT_BITS
+    #define SP_INT_BITS 8192
 #endif
 
 /* Wolf Single Precision Math */
 #undef WOLFSSL_SP
-#if 0
-    #define WOLFSSL_SP
+#if 0 /* SP Assembly Speedups (wPAA) */
+    //#define WOLFSSL_SP
     //#define WOLFSSL_SP_SMALL      /* use smaller version of code */
-    #define WOLFSSL_HAVE_SP_RSA
-    #define WOLFSSL_HAVE_SP_DH
-    #define WOLFSSL_HAVE_SP_ECC
-    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
-
-    /* SP Assembly Speedups */
-    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
-    //#define WOLFSSL_SP_ARM32_ASM
+    //#define WOLFSSL_SP_1024
+    //#define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */
+    //#define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */
+    //#define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */
+    //#define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */
+    //#define WOLFSSL_HAVE_SP_RSA
+    //#define WOLFSSL_HAVE_SP_DH
+    //#define WOLFSSL_HAVE_SP_ECC
+    /* If no PAA, leave out */
+    //#define WOLFSSL_ARMASM
     //#define WOLFSSL_SP_ARM64_ASM
-    //#define WOLFSSL_SP_ARM_THUMB_ASM
-    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -51,288 +137,698 @@
 /* ------------------------------------------------------------------------- */
 #undef  HAVE_FIPS
 #if 1
+
+    #define WOLFCRYPT_FIPS_CORE_HASH_VALUE C82E8BD05125ED82DE72A521EEB369E026526D089ADCB6FB2B943479A9D5DB63
     #define HAVE_FIPS
 
     #undef  HAVE_FIPS_VERSION
-    #define HAVE_FIPS_VERSION 2
+    #define HAVE_FIPS_VERSION 5
 
-    #ifdef SINGLE_THREADED
-        #undef  NO_THREAD_LS
-        #define NO_THREAD_LS
-    #else
-        #ifndef USE_WINDOWS_API
-            #define USE_WINDOWS_API
-        #endif
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 2
+
+    #undef WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    #undef WC_RNG_SEED_CB
+    #define WC_RNG_SEED_CB
+
+    #if 0
+        #undef NO_ATTRIBUTE_CONSTRUCTOR
+        #define NO_ATTRIBUTE_CONSTRUCTOR
     #endif
 
-    #undef NO_ATTRIBUTE_CONSTRUCTOR
-    //#define NO_ATTRIBUTE_CONSTRUCTOR
-
 #endif
 
 
-/* FIPS */
-//#define OPENSSL_EXTRA
-//#define HAVE_THREAD_LS
-#define WOLFSSL_KEY_GEN
-#define HAVE_AESGCM
-#define HAVE_HASHDRBG
-#define WOLFSSL_SHA384
-#define WOLFSSL_SHA512
-#define NO_PSK
-#define NO_RC4
-//#define NO_DSA
-#define NO_MD4
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if 1
 
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    /* ------------------------------------------------------------------------- */
-    /* Crypto */
-    /* ------------------------------------------------------------------------- */
-    #define USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_256
-    /* RSA */
-    #undef NO_RSA
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
     #if 1
-        #ifdef USE_FAST_MATH
-            /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  WC_RSA_BLINDING
+        #define WC_RSA_BLINDING
+    #else
+        #undef  WC_NO_HARDEN
+        #define WC_NO_HARDEN
+    #endif
+
+    /* RSA PSS Support */
+    #if 1
+        #undef WC_RSA_PSS
+        #define WC_RSA_PSS
+
+        #undef WOLFSSL_PSS_LONG_SALT
+        #define WOLFSSL_PSS_LONG_SALT
+
+        #undef WOLFSSL_PSS_SALT_LEN_DISCOVER
+        #define WOLFSSL_PSS_SALT_LEN_DISCOVER
+    #endif
+
+    #if 1
+        #define WC_RSA_NO_PADDING
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    //#define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+        /* Manual Curve Selection */
+        #define HAVE_ECC192
+        #define HAVE_ECC224
+        #undef NO_ECC256
+        #define HAVE_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef HAVE_FIPS
+        #undef  HAVE_ECC_CDH
+        #define HAVE_ECC_CDH /* Enable cofactor support */
+
+        #undef NO_STRICT_ECDSA_LEN
+        #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
+
+        #undef  WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
+
+        #undef WOLFSSL_VALIDATE_ECC_KEYGEN
+        #define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */
+
+        #undef WOLFSSL_ECDSA_SET_K
+        #define WOLFSSL_ECDSA_SET_K
+
+    #endif
+
+    /* Compressed Key Support */
+    #undef  HAVE_COMP_KEY
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
             #undef  FP_MAX_BITS
-            #define FP_MAX_BITS     8192
-        #endif
-
-        /* half as much memory but twice as slow */
-        #undef  RSA_LOW_MEM
-        //#define RSA_LOW_MEM
-
-        /* Enables blinding mode, to prevent timing attacks */
-        #if 0
-            #undef  WC_RSA_BLINDING
-            #define WC_RSA_BLINDING
+            #define FP_MAX_BITS     (256 * 2)
         #else
-            #undef  WC_NO_HARDEN
-            #define WC_NO_HARDEN
+            #undef  ALT_ECC_SIZE
+            #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
+            //#undef  FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
         #endif
 
-        /* RSA PSS Support */
-        #if 1
-            #define WC_RSA_PSS
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #undef  TFM_ECC256
+            #define TFM_ECC256
         #endif
-
-        #if 1
-            #define WC_RSA_NO_PADDING
-        #endif
-    #else
-        #define NO_RSA
     #endif
-    /* ECC */
-    #undef HAVE_ECC
+#endif
+
+/* DH */
+#undef  NO_DH
+#if 1
+    /* Use table for DH instead of -lm (math) lib dependency */
     #if 1
-        #define HAVE_ECC
-
-        /* Manually define enabled curves */
-        #undef  ECC_USER_CURVES
-        //#define ECC_USER_CURVES
-
-        #ifdef ECC_USER_CURVES
-            /* Manual Curve Selection */
-            //#define HAVE_ECC192
-            //#define HAVE_ECC224
-            #undef NO_ECC256
-            //#define HAVE_ECC384
-            //#define HAVE_ECC521
-        #endif
-
-        /* Fixed point cache (speeds repeated operations against same private key) */
-        #undef  FP_ECC
-        //#define FP_ECC
-        #ifdef FP_ECC
-            /* Bits / Entries */
-            #undef  FP_ENTRIES
-            #define FP_ENTRIES  2
-            #undef  FP_LUT
-            #define FP_LUT      4
-        #endif
-
-        /* Optional ECC calculation method */
-        /* Note: doubles heap usage, but slightly faster */
-        #undef  ECC_SHAMIR
-        #define ECC_SHAMIR
-
-        /* Reduces heap usage, but slower */
-        #undef  ECC_TIMING_RESISTANT
-        #define ECC_TIMING_RESISTANT
-
-        #ifdef HAVE_FIPS
-            #undef  HAVE_ECC_CDH
-            #define HAVE_ECC_CDH /* Enable cofactor support */
-
-            #undef NO_STRICT_ECDSA_LEN
-            #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
-
-            #undef  WOLFSSL_VALIDATE_ECC_IMPORT
-            #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
-        #endif
-
-        /* Compressed Key Support */
-        #undef  HAVE_COMP_KEY
-        //#define HAVE_COMP_KEY
-
-        /* Use alternate ECC size for ECC math */
-        #ifdef USE_FAST_MATH
-            /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
-            #ifdef NO_RSA
-                /* Custom fastmath size if not using RSA */
-                #undef  FP_MAX_BITS
-                #define FP_MAX_BITS     (256 * 2)
-            #else
-                #undef  ALT_ECC_SIZE
-                #define ALT_ECC_SIZE
-                /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
-                //#undef  FP_MAX_BITS_ECC
-                //#define FP_MAX_BITS_ECC (256 * 2)
-            #endif
-
-            /* Speedups specific to curve */
-            #ifndef NO_ECC256
-                #undef  TFM_ECC256
-                #define TFM_ECC256
-            #endif
-        #endif
+        #define HAVE_DH_DEFAULT_PARAMS
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_3072
+        #define HAVE_FFDHE_4096
+        #define HAVE_FFDHE_6144
+        #define HAVE_FFDHE_8192
     #endif
 
-    /* AES */
-    #undef NO_AES
+    #ifdef HAVE_FIPS
+        #define WOLFSSL_VALIDATE_FFC_IMPORT
+        #define HAVE_FFDHE_Q
+    #endif
+#else
+    #define NO_DH
+#endif
+
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or
+     *                                  GCM_TABLE_4BIT */
+    #define GCM_TABLE_4BIT
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+
+    #undef  HAVE_AES_ECB
+    #define HAVE_AES_ECB
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+
+    #undef WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_OFB
+#else
+    #define NO_AES
+#endif
+
+
+/* DES3 */
+#undef NO_DES3
+#if 0
     #if 1
-        #undef  HAVE_AES_CBC
-        #define HAVE_AES_CBC
-
-        #undef  HAVE_AESGCM
-        #define HAVE_AESGCM
-
-        /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
-        //#define GCM_SMALL
-        //#define GCM_WORD32
-        #define GCM_TABLE
-
-        #undef  WOLFSSL_AES_DIRECT
-        #define WOLFSSL_AES_DIRECT
-
-        #undef  HAVE_AES_ECB
-        #define HAVE_AES_ECB
-
-        #undef  WOLFSSL_AES_COUNTER
-        #define WOLFSSL_AES_COUNTER
-
-        #undef  HAVE_AESCCM
-        #define HAVE_AESCCM
-
-    #else
-        #define NO_AES
+        #undef WOLFSSL_DES_ECB
+        #define WOLFSSL_DES_ECB
     #endif
+#else
+    #define NO_DES3
+#endif
 
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
 
-    /* DES3 */
-    #undef NO_DES3
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+
+    /* Optionally use small math (less flash usage, but much slower) */
     #if 1
-    #else
-        #define NO_DES3
+        #define CURVED25519_SMALL
     #endif
+#endif
 
-    /* ------------------------------------------------------------------------- */
-    /* Hashing */
-    /* ------------------------------------------------------------------------- */
-    /* Sha */
-    #undef NO_SHA
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    /* Sha224 */
     #if 1
-        /* 1k smaller, but 25% slower */
-        //#define USE_SLOW_SHA
-    #else
-        #define NO_SHA
+        #define WOLFSSL_SHA224
     #endif
+#else
+    #define NO_SHA256
+#endif
 
-    /* Sha256 */
-    #undef NO_SHA256
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    #undef  WOLFSSL_NOSHA512_224 /* Not in FIPS mode */
+    #undef  WOLFSSL_NOSHA512_256 /* Not in FIPS mode */
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
     #if 1
-        /* not unrolled - ~2k smaller and ~25% slower */
-        //#define USE_SLOW_SHA256
-
-        /* Sha224 */
-        #if 1
-            #define WOLFSSL_SHA224
-        #endif
-    #else
-        #define NO_SHA256
+        #define WOLFSSL_SHA384
     #endif
 
-    /* Sha512 */
-    #undef WOLFSSL_SHA512
-    #if 1
-        #define WOLFSSL_SHA512
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
 
-        /* Sha384 */
-        #undef  WOLFSSL_SHA384
-        #if 1
-            #define WOLFSSL_SHA384
-        #endif
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 1
+    #define WOLFSSL_SHA3
+    #define Sha3 wc_Sha3
+#endif
 
-        /* over twice as small, but 50% slower */
-        //#define USE_SLOW_SHA512
-    #endif
+/* MD5 */
+#undef  NO_MD5
+#if 0
 
-    /* Sha3 */
-    #undef WOLFSSL_SHA3
-    #if 1
-        #define WOLFSSL_SHA3
-    #endif
+#else
+    #define NO_MD5
+#endif
 
-    /* MD5 */
-    #undef  NO_MD5
+/* HKDF / PRF */
+#undef HAVE_HKDF
+#if 1
+    #define HAVE_HKDF
+    #define WOLFSSL_HAVE_PRF
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 1
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+//#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 1
+    #define DEBUG_WOLFSSL
+#else
     #if 0
-
-    #else
-        #define NO_MD5
+        #define NO_ERROR_STRINGS
     #endif
+#endif
 
-    /* HKDF */
-    #undef HAVE_HKDF
+
+/* ------------------------------------------------------------------------- */
+/* Memory */
+/* ------------------------------------------------------------------------- */
+
+/* Override Memory API's */
+#if 0
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+
+    /* prototypes for user heap override functions */
+    /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
+    #include <stddef.h>  /* for size_t */
+    extern void *myMalloc(size_t n, void* heap, int type);
+    extern void myFree(void *p, void* heap, int type);
+    extern void *myRealloc(void *p, size_t n, void* heap, int type);
+
+    #define XMALLOC(n, h, t)     myMalloc(n, h, t)
+    #define XFREE(p, h, t)       myFree(p, h, t)
+    #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
+#endif
+
+#if 0
+    /* Static memory requires fast math */
+    #define WOLFSSL_STATIC_MEMORY
+
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
     #if 1
-        #define HAVE_HKDF
+        #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
     #endif
+#endif
 
-    /* CMAC */
-    #undef WOLFSSL_CMAC
-    #if 1
-        #define WOLFSSL_CMAC
+/* Memory callbacks */
+#if 1
+    #undef  USE_WOLFSSL_MEMORY
+    #define USE_WOLFSSL_MEMORY
+
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  WOLFSSL_TRACK_MEMORY
+//        #define WOLFSSL_TRACK_MEMORY
+
+        #undef  WOLFSSL_DEBUG_MEMORY
+        //#define WOLFSSL_DEBUG_MEMORY
+
+        #undef WOLFSSL_DEBUG_MEMORY_PRINT
+        //#define WOLFSSL_DEBUG_MEMORY_PRINT
     #endif
-
-    /* DH */
-    #undef  NO_DH
-    #if 1
-        /* Use table for DH instead of -lm (math) lib dependency */
-        #if 0
-            #define WOLFSSL_DH_CONST
-            #define HAVE_FFDHE_2048
-            #define HAVE_FFDHE_4096
-            //#define HAVE_FFDHE_6144
-            //#define HAVE_FFDHE_8192
-        #endif
-
-        #ifdef HAVE_FIPS
-            #define WOLFSSL_VALIDATE_FFC_IMPORT
-            #define HAVE_FFDHE_Q
-        #endif
-    #else
-        #define NO_DH
+#else
+    #ifndef WOLFSSL_STATIC_MEMORY
+        #define NO_WOLFSSL_MEMORY
+        /* Otherwise we will use stdlib malloc, free and realloc */
     #endif
-#endif /* FIPS v2 */
+#endif
 
-//#define DEBUG_WOLFSSL
+
+/* ------------------------------------------------------------------------- */
+/* Port */
+/* ------------------------------------------------------------------------- */
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+//#define WOLFSSL_USER_CURRTIME
+//#define WOLFSSL_GMTIME
+//#define USER_TICKS
+//extern unsigned long my_time(unsigned long* timer);
+//#define XTIME my_time
+
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+
+/* Seed Source */
+ /* Seed Source */
+// extern int my_rng_generate_seed(unsigned char* output, int sz);
+// #undef  CUSTOM_RAND_GENERATE_SEED
+// #define CUSTOM_RAND_GENERATE_SEED  my_rng_generate_seed
+
+/* Choose RNG method */
+#if 1
+    /* Use built-in P-RNG (SHA256 based) with HW RNG */
+    /* P-RNG + HW RNG (P-RNG is ~8K) */
+    //#define WOLFSSL_GENSEED_FORTEST
+    #undef  HAVE_HASHDRBG
+    #define HAVE_HASHDRBG
+#else
+    #undef  WC_NO_HASHDRBG
+    #define WC_NO_HASHDRBG
+
+    /* Bypass P-RNG and use only HW RNG */
+    extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
+    #undef  CUSTOM_RAND_GENERATE_BLOCK
+    #define CUSTOM_RAND_GENERATE_BLOCK  my_rng_gen_block
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Custom Standard Lib */
+/* ------------------------------------------------------------------------- */
+/* Allows override of all standard library functions */
+#undef STRING_USER
+#if 0
+    #define STRING_USER
+
+    #include <string.h>
+
+    #undef  USE_WOLF_STRSEP
+    #define USE_WOLF_STRSEP
+    #define XSTRSEP(s1,d)     wc_strsep((s1),(d))
+
+    #undef  USE_WOLF_STRTOK
+    #define USE_WOLF_STRTOK
+    #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+
+    #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
+
+    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+    #define XMEMSET(b,c,l)    memset((b),(c),(l))
+    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+    #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+
+    #define XSTRLEN(s1)       strlen((s1))
+    #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
+    #define XSTRSTR(s1,s2)    strstr((s1),(s2))
+
+    #define XSTRNCMP(s1,s2,n)     strncmp((s1),(s2),(n))
+    #define XSTRNCAT(s1,s2,n)     strncat((s1),(s2),(n))
+    #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
+
+    #define XSNPRINTF snprintf
+#endif
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ASN_TEMPLATE
+
+#undef WOLFSSL_ASN_PRINT
+#define WOLFSSL_ASN_PRINT
+
+#undef WOLFSSL_TLS13
+#if 1
+    #define WOLFSSL_TLS13
+#endif
+
+#undef WOLFSSL_KEY_GEN
+#if 1
+    #define WOLFSSL_KEY_GEN
+#endif
+
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef WOLFSSL_NO_HASH_RAW
+#define WOLFSSL_NO_HASH_RAW
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+#undef OPENSSL_EXTRA
+//#define OPENSSL_EXTRA
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef HAVE_SESSION_TICKET
+#define HAVE_SESSION_TICKET
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ENCRYPT_THEN_MAC
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef ATOMIC_USER
+#define ATOMIC_USER
+
+#undef HAVE_SECRET_CALLBACK
+#define HAVE_SECRET_CALLBACK
+
+/* wolfEngine */
+#if 1
+    #define OPENSSL_COEXIST
+
+    /* HKDF for engine */
+    #undef HAVE_HKDF
+    #if 1
+        #define HAVE_HKDF
+        #define HAVE_X963_KDF
+    #endif
+
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef NO_OLD_RNGNAME
+    #define NO_OLD_RNGNAME
+
+    #undef NO_OLD_WC_NAMES
+    #define NO_OLD_WC_NAMES
+
+    #undef NO_OLD_SSL_NAMES
+    #define NO_OLD_SSL_NAMES
+
+    #undef NO_OLD_SHA_NAMES
+    #define NO_OLD_SHA_NAMES
+
+    #undef NO_OLD_MD5_NAME
+    #define NO_OLD_MD5_NAME
+
+    #undef NO_OLD_SHA256_NAMES
+    #define NO_OLD_SHA256_NAMES
+#endif
+
+#undef WOLFSSL_SYS_CA_CERTS
+#define WOLFSSL_SYS_CA_CERTS
+
+#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+
+#undef HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_SERVER_RENEGOTIATION_INFO
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+#undef  WOLFCRYPT_ONLY
+#define WOLFCRYPT_ONLY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+//#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+//#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
 #define NO_MAIN_DRIVER
 
-/* wolfEngine settings */
-#define WOLFSSL_PUBLIC_MP
-#define NO_WOLFSSL_DIR
+#undef  NO_DEV_RANDOM
+//#define NO_DEV_RANDOM
 
-//#define WOLFENGINE_DEBUG
-/* TODO: Add WE_HAVE_* settings here */
+#undef  NO_DSA
+#define NO_DSA
 
-#endif /* _WIN_USER_SETTINGS_H_ */
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+//#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+#undef  NO_ASN_TIME
+//#define NO_ASN_TIME
+
+#undef  NO_CERTS
+//#define NO_CERTS
+
+#undef  NO_SIG_WRAPPER
+//#define NO_SIG_WRAPPER
+
+#undef NO_DO178
+#define NO_DO178
+
+#undef WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE128
+
+#undef WOLFSSL_NO_SHAKE256
+#define WOLFSSL_NO_SHAKE256
+
+/* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */
+#if 1
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef OPTEST_LOGGING_ENABLED
+    //#define OPTEST_LOGGING_ENABLED
+
+    #undef OPTEST_INVALID_LOGGING_ENABLED
+    //#define OPTEST_INVALID_LOGGING_ENABLED
+
+    #undef NO_MAIN_OPTEST_DRIVER
+    #define NO_MAIN_OPTEST_DRIVER
+
+    #undef DEBUG_FIPS_VERBOSE
+    #define DEBUG_FIPS_VERBOSE
+
+    #undef HAVE_FORCE_FIPS_FAILURE
+    #define HAVE_FORCE_FIPS_FAILURE
+
+    #undef NO_WRITE_TEMP_FILES
+    #define NO_WRITE_TEMPT_FILES
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/IDE/WORKBENCH/README.md b/IDE/WORKBENCH/README.md
index 6020d6ac2..d551b5ed9 100644
--- a/IDE/WORKBENCH/README.md
+++ b/IDE/WORKBENCH/README.md
@@ -10,6 +10,7 @@ src and wolfcrypt directories. Uncheck the following:
     ```
     wolfcrypt/src/aes_asm.asm
     wolfcrypt/src/aes_gcm_asm.asm
+    wolfcrypt/src/aes_xts_asm.asm
     wolfcrypt/src/aes_asm.s
     examples/echoclient/
     examples/echoserver/
@@ -26,7 +27,7 @@ then "Browse" and select:
     ```
     Click "OK" then "OK" again.
 
-4. Create a new `<path_to_wolfssl>/user_settings.h` file and add your custom 
+4. Create a new `<path_to_wolfssl>/user_settings.h` file and add your custom
 settings. Below is an example but you can expand the settings. For more details,
 see https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_template.h
 
diff --git a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
index 28df853cb..7383ee435 100644
--- a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
+++ b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -407,6 +407,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
index f7c5693cc..55e3b487a 100644
--- a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
+++ b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -418,6 +418,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE-FIPSv2/user_settings.h b/IDE/XCODE-FIPSv2/user_settings.h
index 031f54b52..f71dc2fa3 100644
--- a/IDE/XCODE-FIPSv2/user_settings.h
+++ b/IDE/XCODE-FIPSv2/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -419,6 +419,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/IDE/XCODE-FIPSv5/user_settings.h b/IDE/XCODE-FIPSv5/user_settings.h
index aff1e444f..4e1e420c3 100644
--- a/IDE/XCODE-FIPSv5/user_settings.h
+++ b/IDE/XCODE-FIPSv5/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,21 +33,61 @@ extern "C" {
 #undef  WOLFSSL_GENERAL_ALIGNMENT
 #define WOLFSSL_GENERAL_ALIGNMENT   4
 
+/* Multi-threaded support */
 #undef  SINGLE_THREADED
-//#define SINGLE_THREADED
+#if 0
+    #define SINGLE_THREADED
+#else
+    #define ERROR_QUEUE_PER_THREAD /* if applicable otherwise comment out */
+#endif
 
-#undef  WOLFSSL_SMALL_STACK
-//#define WOLFSSL_SMALL_STACK
+#ifdef SINGLE_THREADED
+    #undef  NO_THREAD_LS
+    #define NO_THREAD_LS
+#endif
 
 #undef  WOLFSSL_USER_IO
 //#define WOLFSSL_USER_IO
 
-#undef IPHONE
-#define IPHONE
-
 #undef NO_WRITE_TEMP_FILES
 #define NO_WRITE_TEMP_FILES
 
+/* FIPS 140-3 OE specific section(s) */
+
+/* Uncomment for Android devices */
+#undef ANDROID_V454
+/* #define ANDROID_V454 */
+#ifdef ANDROID_V454
+    #if 1
+        /* To have all printouts go to the app view on the device use: */
+        extern int appendToTextView(const char* fmt, ...);
+        #undef printf
+        #define printf(format, ...) appendToTextView(format, ## __VA_ARGS__)
+    #else
+        #include <android/log.h>
+        #define WOLFLOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, "wolfCrypt_android", __VA_ARGS__)
+        #undef printf
+        #define printf WOLFLOGV
+    #endif
+#endif
+
+/* Uncomment for WINCE 6.0 devices. NOTE: _WIN32_WCE defined by system */
+#if 0
+    #define NO_WOLFSSL_DIR
+    #define WOLFSSL_NO_ATOMICS
+    #define WC_NO_ASYNC_THREADING
+    #define USE_WINDOWS_API
+    #define WOLFSSL_SMALL_STACK
+#endif
+
+/* Uncomment for iOS devices with PAA */
+#undef IPHONE
+/* #define IPHONE */
+
+#ifdef IPHONE
+    #define YES_WPAA
+#endif
+
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
@@ -55,31 +95,48 @@ extern "C" {
 #define SIZEOF_LONG_LONG 8
 
 #undef USE_FAST_MATH
-#if 1
+#if 0
     #define USE_FAST_MATH
 
     #undef  TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT
 
     #undef TFM_NO_ASM
-    #define TFM_NO_ASM
+    //#define TFM_NO_ASM
 
     /* Optimizations */
     //#define TFM_ARM
+
+    /* Maximum math bits (Max RSA key bits * 2) */
+    #undef  FP_MAX_BITS
+    #define FP_MAX_BITS 16384
+#else
+    #define WOLFSSL_SP_MATH_ALL
+    #define WOLFSSL_SP_INT_NEGATIVE
+    /* Maximum math bits (largest supported key bits) */
+    #undef SP_INT_BITS
+    #define SP_INT_BITS 8192
 #endif
 
 /* Wolf Single Precision Math */
 #undef WOLFSSL_SP
 #if 1 /* SP Assembly Speedups (wPAA) */
-    #define SP_INT_BITS 8192
     #define WOLFSSL_SP
-    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    //#define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_SP_1024
+    #define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */
+    #define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */
+    #define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */
     #define WOLFSSL_HAVE_SP_RSA
     #define WOLFSSL_HAVE_SP_DH
     #define WOLFSSL_HAVE_SP_ECC
-    /* Customer indicated no desire for PAA, leave out */
-    //#define WOLFSSL_ARMASM
-    //#define WOLFSSL_SP_ARM64_ASM
+    /* If no PAA, leave out */
+  #if defined(IPHONE) && defined(YES_WPAA)
+    #define WOLFSSL_SP_ASM
+    #define WOLFSSL_ARMASM
+    #define WOLFSSL_SP_ARM64
+    #define WOLFSSL_SP_ARM64_ASM
+  #endif
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -87,7 +144,8 @@ extern "C" {
 /* ------------------------------------------------------------------------- */
 #undef  HAVE_FIPS
 #if 1
-    #define WOLFCRYPT_FIPS_CORE_HASH_VALUE 7E1F475996F8BBAB1903D108A9B0AD8D679C5DF6C1598D05924BCAF42A673040
+
+    #define WOLFCRYPT_FIPS_CORE_HASH_VALUE E10668763A70618419DF0D90190AE23B47D07BBF613F4CD73A54339B0F672203
     #define HAVE_FIPS
 
     #undef  HAVE_FIPS_VERSION
@@ -99,17 +157,9 @@ extern "C" {
     #undef WOLFSSL_WOLFSSH
     #define WOLFSSL_WOLFSSH
 
-    #undef WOLFSSL_ECDSA_SET_K
-    #define WOLFSSL_ECDSA_SET_K
-
     #undef WC_RNG_SEED_CB
     #define WC_RNG_SEED_CB
 
-    #ifdef SINGLE_THREADED
-        #undef  NO_THREAD_LS
-        #define NO_THREAD_LS
-    #endif
-
     #if 0
         #undef NO_ATTRIBUTE_CONSTRUCTOR
         #define NO_ATTRIBUTE_CONSTRUCTOR
@@ -124,18 +174,13 @@ extern "C" {
 /* RSA */
 #undef NO_RSA
 #if 1
-    #ifdef USE_FAST_MATH
-        /* Maximum math bits (Max RSA key bits * 2) */
-        #undef  FP_MAX_BITS
-        #define FP_MAX_BITS     16384
-    #endif
 
     /* half as much memory but twice as slow */
     #undef  RSA_LOW_MEM
     //#define RSA_LOW_MEM
 
     /* Enables blinding mode, to prevent timing attacks */
-    #if 0
+    #if 1
         #undef  WC_RSA_BLINDING
         #define WC_RSA_BLINDING
     #else
@@ -147,6 +192,12 @@ extern "C" {
     #if 1
         #undef WC_RSA_PSS
         #define WC_RSA_PSS
+
+        #undef WOLFSSL_PSS_LONG_SALT
+        #define WOLFSSL_PSS_LONG_SALT
+
+        #undef WOLFSSL_PSS_SALT_LEN_DISCOVER
+        #define WOLFSSL_PSS_SALT_LEN_DISCOVER
     #endif
 
     #if 1
@@ -163,15 +214,16 @@ extern "C" {
 
     /* Manually define enabled curves */
     #undef  ECC_USER_CURVES
-    //#define ECC_USER_CURVES
+    #define ECC_USER_CURVES
 
     #ifdef ECC_USER_CURVES
         /* Manual Curve Selection */
-        //#define HAVE_ECC192
-        //#define HAVE_ECC224
+        #define HAVE_ECC192
+        #define HAVE_ECC224
         #undef NO_ECC256
-        //#define HAVE_ECC384
-        //#define HAVE_ECC521
+        #define HAVE_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
     #endif
 
     /* Fixed point cache (speeds repeated operations against same private key) */
@@ -205,13 +257,16 @@ extern "C" {
         #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
 
         #undef WOLFSSL_VALIDATE_ECC_KEYGEN
-        #define WOLFSSL_VALIDATE_ECC_KEYGEN
+        #define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */
+
+        #undef WOLFSSL_ECDSA_SET_K
+        #define WOLFSSL_ECDSA_SET_K
 
     #endif
 
     /* Compressed Key Support */
     #undef  HAVE_COMP_KEY
-    //#define HAVE_COMP_KEY
+    #define HAVE_COMP_KEY
 
     /* Use alternate ECC size for ECC math */
     #ifdef USE_FAST_MATH
@@ -241,6 +296,7 @@ extern "C" {
 #if 1
     /* Use table for DH instead of -lm (math) lib dependency */
     #if 1
+        #define HAVE_DH_DEFAULT_PARAMS
         #define WOLFSSL_DH_CONST
         #define HAVE_FFDHE_2048
         #define HAVE_FFDHE_3072
@@ -267,8 +323,9 @@ extern "C" {
     #undef  HAVE_AESGCM
     #define HAVE_AESGCM
 
-    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
-    #define GCM_TABLE
+    /* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or
+     *                                  GCM_TABLE_4BIT */
+    #define GCM_TABLE_4BIT
 
     #undef  WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT
@@ -282,8 +339,9 @@ extern "C" {
     #undef  HAVE_AESCCM
     #define HAVE_AESCCM
 
-    #undef HAVE_AES_KEYWRAP
-    #define HAVE_AES_KEYWRAP
+    #undef WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_OFB
+
 #else
     #define NO_AES
 #endif
@@ -374,6 +432,7 @@ extern "C" {
 #undef WOLFSSL_SHA3
 #if 1
     #define WOLFSSL_SHA3
+    #define NO_OLD_WC_NAMES
 #endif
 
 /* MD5 */
@@ -384,10 +443,11 @@ extern "C" {
     #define NO_MD5
 #endif
 
-/* HKDF */
+/* HKDF / PRF */
 #undef HAVE_HKDF
 #if 1
     #define HAVE_HKDF
+    #define WOLFSSL_HAVE_PRF
 #endif
 
 /* CMAC */
@@ -440,6 +500,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
@@ -567,8 +628,14 @@ extern "C" {
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
+#undef WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ASN_TEMPLATE
+
+#undef WOLFSSL_ASN_PRINT
+#define WOLFSSL_ASN_PRINT
+
 #undef WOLFSSL_TLS13
-#if 0
+#if 1
     #define WOLFSSL_TLS13
 #endif
 
@@ -577,35 +644,31 @@ extern "C" {
     #define WOLFSSL_KEY_GEN
 #endif
 
-#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
-    #define WOLFSSL_OLD_PRIME_CHECK
-#endif
-
 #undef  KEEP_PEER_CERT
 //#define KEEP_PEER_CERT
 
-#undef  HAVE_COMP_KEY
-//#define HAVE_COMP_KEY
-
 #undef  HAVE_TLS_EXTENSIONS
 #define HAVE_TLS_EXTENSIONS
 
+#undef HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
 #undef  HAVE_SUPPORTED_CURVES
 #define HAVE_SUPPORTED_CURVES
 
 #undef  WOLFSSL_BASE64_ENCODE
 #define WOLFSSL_BASE64_ENCODE
 
+#undef WOLFSSL_NO_HASH_RAW
+#define WOLFSSL_NO_HASH_RAW
+
 /* TLS Session Cache */
-#if 0
+#if 1
     #define SMALL_SESSION_CACHE
 #else
     #define NO_SESSION_CACHE
 #endif
 
-#undef OPENSSL_EXTRA
-#define OPENSSL_EXTRA
-
 #undef WOLFSSL_DER_LOAD
 #define WOLFSSL_DER_LOAD
 
@@ -626,6 +689,55 @@ extern "C" {
 
 #undef HAVE_SECRET_CALLBACK
 #define HAVE_SECRET_CALLBACK
+
+/* wolfEngine */
+#if 0
+    #define OPENSSL_COEXIST
+
+    /* HKDF for engine */
+    #undef HAVE_HKDF
+    #if 1
+        #define HAVE_HKDF
+        #define HAVE_X963_KDF
+    #endif
+
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef NO_OLD_RNGNAME
+    #define NO_OLD_RNGNAME
+
+    #undef NO_OLD_WC_NAMES
+    #define NO_OLD_WC_NAMES
+
+    #undef NO_OLD_SSL_NAMES
+    #define NO_OLD_SSL_NAMES
+
+    #undef NO_OLD_SHA_NAMES
+    #define NO_OLD_SHA_NAMES
+
+    #undef NO_OLD_MD5_NAME
+    #define NO_OLD_MD5_NAME
+
+    #undef NO_OLD_SHA256_NAMES
+    #define NO_OLD_SHA256_NAMES
+#endif
+
+#undef WOLFSSL_SYS_CA_CERTS
+//#define WOLFSSL_SYS_CA_CERTS
+
+#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+
+#undef HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_SERVER_RENEGOTIATION_INFO
+
+#undef WOLFSSL_PEM_TO_DER
+#define WOLFSSL_PEM_TO_DER
+
+#undef WOLFSSL_PUB_PEM_TO_DER
+#define WOLFSSL_PUB_PEM_TO_DER
+
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
 /* ------------------------------------------------------------------------- */
@@ -642,7 +754,7 @@ extern "C" {
 //#define NO_CRYPT_BENCHMARK
 
 #undef  WOLFCRYPT_ONLY
-#define WOLFCRYPT_ONLY
+//#define WOLFCRYPT_ONLY
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
@@ -692,21 +804,98 @@ extern "C" {
 #undef  NO_SIG_WRAPPER
 //#define NO_SIG_WRAPPER
 
+#undef NO_DO178
+#define NO_DO178
+
+#undef WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE128
+
+#undef WOLFSSL_NO_SHAKE256
+#define WOLFSSL_NO_SHAKE256
+
 /* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */
-#if 1
+#if 0
+    #undef NO_EARLY_BAIL
+    #define NO_EARLY_BAIL
+
     #undef WOLFSSL_PUBLIC_MP
     #define WOLFSSL_PUBLIC_MP
 
+    #undef OPTEST_LOGGING_ENABLED
+    //#define OPTEST_LOGGING_ENABLED
+
+    #undef OPTEST_INVALID_LOGGING_ENABLED
+    //#define OPTEST_INVALID_LOGGING_ENABLED
+
+    #undef NO_MAIN_OPTEST_DRIVER
+    #define NO_MAIN_OPTEST_DRIVER
+
+    #undef DEBUG_FIPS_VERBOSE
+    #define DEBUG_FIPS_VERBOSE
+
     #undef HAVE_FORCE_FIPS_FAILURE
     #define HAVE_FORCE_FIPS_FAILURE
+
+    #undef NO_WRITE_TEMP_FILES
+    #define NO_WRITE_TEMPT_FILES
 #endif
 
 #ifdef __cplusplus
 }
 #endif
 
+/* Customer Specific Section */
+/* #define CUSTOMER_1_IOS */
+#ifdef CUSTOMER_1_IOS
+
+    /* not certified, disable for full FIPS compliance, will attempt to include
+     * in UPDT submission and/or next FS submission */
+    #undef HAVE_AES_KEYWRAP
+    #define HAVE_AES_KEYWRAP
+
+    #undef HAVE_PKCS7
+    #define HAVE_PKCS7
+
+    #undef HAVE_SNI
+    #define HAVE_SNI
+
+    #undef HAVE_THREAD_LS
+    #define HAVE_THREAD_LS
+
+    /* Not certifiable but external to module boundary and out of scope */
+    #undef WOLFCRYPT_HAVE_ECCSI
+    #define WOLFCRYPT_HAVE_ECCSI
+
+    /* Not certifiable but external to module boundary and out of scope */
+    #undef WOLFCRYPT_HAVE_SAKKE
+    #define WOLFCRYPT_HAVE_SAKKE
+
+    #undef WOLFSSL_DTLS
+    #define WOLFSSL_DTLS
+
+    #undef WOLFSSL_DTLS_MTU
+    #define WOLFSSL_DTLS_MTU
+
+    /* OpenSSL Compatibility (NOTE: Incompatible with wolfEngine and
+       OPENSSL_COEXIST) */
+    #ifndef OPENSSL_COEXIST
+        #undef OPENSSL_EXTRA
+        #if 1
+            #define OPENSSL_EXTRA
+            /* Larger footprint but enable ALL compatibility not just a subset */
+            #if 1
+                #define OPENSSL_ALL
+            #endif
+        #endif
+    #endif
+#endif /* CUSTOMER_1_IOS */
+
+#define CUSTOMER_1_ANDROID
+#ifdef CUSTOMER_1_ANDROID
+/* TODO */
+
+#endif
+
+
 
 #endif /* WOLFSSL_USER_SETTINGS_H */
-
-
-
diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
index 2feebb211..596ff855f 100644
--- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
+++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
@@ -1,6 +1,6 @@
 /* AppDelegate.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
index cfb4bd57f..8e21bd689 100644
--- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
+++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
@@ -1,6 +1,6 @@
 /* AppDelegate.m
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.h b/IDE/XCODE/Benchmark/wolfBench/ViewController.h
index 2dc6e90fd..732ebe473 100644
--- a/IDE/XCODE/Benchmark/wolfBench/ViewController.h
+++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.h
@@ -1,6 +1,6 @@
 /* ViewController.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.m b/IDE/XCODE/Benchmark/wolfBench/ViewController.m
index cf4f03692..6eb44e0a8 100644
--- a/IDE/XCODE/Benchmark/wolfBench/ViewController.m
+++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.m
@@ -1,6 +1,6 @@
 /* ViewController.m
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/main.m b/IDE/XCODE/Benchmark/wolfBench/main.m
index 8966a562d..939fe5f8e 100644
--- a/IDE/XCODE/Benchmark/wolfBench/main.m
+++ b/IDE/XCODE/Benchmark/wolfBench/main.m
@@ -1,6 +1,6 @@
 /* main.m
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/README.md b/IDE/XCODE/README.md
index f76f4f7d4..2401eae31 100644
--- a/IDE/XCODE/README.md
+++ b/IDE/XCODE/README.md
@@ -8,27 +8,27 @@ This directory contains the following files:
 4. `wolfssl-FIPS.xcodeproj` -- project to build wolfSSL and wolfCrypt-FIPS if available
 5. `user_settings.h` -- custom library settings, which are shared across projects
 
-The library will output as `libwolfssl_osx.a` or 'libwolfssl_ios.a` depending on 
-the target. It will also copy the wolfSSL/wolfCrypt (and the CyaSSL/CtaoCrypt 
-compatibility) headers into an `include` directory located in 
+The library will output as `libwolfssl_osx.a` or 'libwolfssl_ios.a` depending on
+the target. It will also copy the wolfSSL/wolfCrypt (and the CyaSSL/CtaoCrypt
+compatibility) headers into an `include` directory located in
 `Build/Products/Debug` or `Build/Products/Release`.
 
-For the library and testsuite to link properly the build location needs to be 
+For the library and testsuite to link properly the build location needs to be
 configured as realitive to workspace.
 1. File -> Workspace Settings (or Xcode -> Preferences -> Locations -> Locations)
 2. Derived Data -> Advanced
 3. Custom -> Relative to Workspace
 4. Products -> Build/Products
 
-These Xcode projects define the `WOLFSSL_USER_SETTINGS` preprocessor 
-to enable the `user_settings.h` file for setting macros across 
+These Xcode projects define the `WOLFSSL_USER_SETTINGS` preprocessor
+to enable the `user_settings.h` file for setting macros across
 multiple projects.
 
 If needed the Xcode preprocessors can be modified with these steps:
 1. Click on the Project in "Project Navigator".
 2. Click on the "Build Settings" tab.
 3. Scroll down to the "Apple LLVM 6.0 - Preprocessing" section.
-4. Open the disclosure for "Preprocessor Macros" and use the "+" and 
+4. Open the disclosure for "Preprocessor Macros" and use the "+" and
 "-" buttons to modify. Remember to do this for both Debug and Release.
 
 ## wolfSSL
diff --git a/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project b/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project
index 252a8b47a..068e630bd 100644
--- a/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project
+++ b/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project
@@ -326,9 +326,9 @@
 			<locationURI>PARENT-4-PROJECT_LOC/wolfcrypt/src/fe_operations.c</locationURI>
 		</link>
 		<link>
-			<name>src/wolfcrypt/src/fe_x25519_128.i</name>
+			<name>src/wolfcrypt/src/fe_x25519_128.h</name>
 			<type>1</type>
-			<locationURI>PARENT-4-PROJECT_LOC/wolfcrypt/src/fe_x25519_128.i</locationURI>
+			<locationURI>PARENT-4-PROJECT_LOC/wolfcrypt/src/fe_x25519_128.h</locationURI>
 		</link>
 		<link>
 			<name>src/wolfcrypt/src/fp_mont_small.i</name>
diff --git a/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project b/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project
index 23ce39a74..dc79a4eca 100644
--- a/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project
+++ b/IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.project
@@ -1016,9 +1016,9 @@
 			<locationURI>PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_operations.c</locationURI>
 		</link>
 		<link>
-			<name>src/wolfcrypt/src/fe_x25519_128.i</name>
+			<name>src/wolfcrypt/src/fe_x25519_128.h</name>
 			<type>1</type>
-			<locationURI>PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.i</locationURI>
+			<locationURI>PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.h</locationURI>
 		</link>
 		<link>
 			<name>src/wolfcrypt/src/fp_mont_small.i</name>
diff --git a/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project b/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project
index 60b0945e3..d4a25e938 100644
--- a/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project
+++ b/IDE/XilinxSDK/2022_1/wolfCrypt_example/.project
@@ -1016,9 +1016,9 @@
 			<locationURI>PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_operations.c</locationURI>
 		</link>
 		<link>
-			<name>src/wolfcrypt/src/fe_x25519_128.i</name>
+			<name>src/wolfcrypt/src/fe_x25519_128.h</name>
 			<type>1</type>
-			<locationURI>PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.i</locationURI>
+			<locationURI>PARENT-3-WORKSPACE_LOC/wolfcrypt/src/fe_x25519_128.h</locationURI>
 		</link>
 		<link>
 			<name>src/wolfcrypt/src/fp_mont_small.i</name>
diff --git a/IDE/XilinxSDK/user_settings.h b/IDE/XilinxSDK/user_settings.h
index 1b0c324c4..d49d0eed8 100644
--- a/IDE/XilinxSDK/user_settings.h
+++ b/IDE/XilinxSDK/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XilinxSDK/wolfssl_example.c b/IDE/XilinxSDK/wolfssl_example.c
index d111d2580..81cf1e82c 100644
--- a/IDE/XilinxSDK/wolfssl_example.c
+++ b/IDE/XilinxSDK/wolfssl_example.c
@@ -1,6 +1,6 @@
 /* wolfssl_example.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/README.md b/IDE/apple-universal/README.md
index 7a4d38dac..a13f34924 100644
--- a/IDE/apple-universal/README.md
+++ b/IDE/apple-universal/README.md
@@ -4,7 +4,7 @@ This example shows how to build a wolfSSL static library for Apple targets on al
 The example was created using Xcode version 14.3.1.
 
 # Why?
-Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `cURL`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app.
+Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `curl`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app.
 
 However, if you do want to compile wolfSSL from source manually in your Xcode project using `user_settings.h`, see the example in [IDE/XCODE](https://github.com/wolfSSL/wolfssl/tree/master/IDE/XCODE).
 
@@ -16,7 +16,7 @@ This example consists of a build script and an Xcode example project. The build
 
 To use the build script, you can run it without arguments to build a default configuration, or you can use the `-c` option to pass in a quoted string containing any additional flags to `configure` that you need. Note that `--enable-static --disable-shared` is always passed to `configure` by default. Consider the following usage example, with descriptions in the comments:
 
-```
+```sh
 # default configuration
 ./build-wolfssl-framework.sh
 
@@ -60,7 +60,7 @@ If you are developing on a macOS machine and want to compile wolfSSL to run on m
 
 The generic `configure` invocation required to cross compile a static library for an Apple device is as follows:
 
-```
+```sh
 ./configure --disable-shared --enable-static \
             --prefix=${INSTALL_DIR} \
             --host=${HOST} \
@@ -89,4 +89,43 @@ Low-level programming in the Apple ecosystem is sparsely documented, and certain
 
 2. Cross compiling for the **iOS simulator** with a min version specifier present (`-miphoneos-version-min`) requires the `-target ${ARCH}-apple-ios-simulator` compiler flag in order to build . It is unclear why this is required, as The GNU documentation claims that the `target` option is only required if cross-compiling a compiler to run on architecture X but emit code for architecture Y (known as a canadian cross-compilation scenario). Regardless, if you do not include a `-target` option, the build will generate a large number of warnings when linking against system libraries with messages like: `ld: warning: building for iOS, but linking in .tbd file (/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator16.4.sdk/usr/lib/libnetwork.tbd) built for iOS Simulator`. It was thought that perhaps the host option should instead be `--host=${ARCH}-apple-ios-simulator` but this is not a valid option, and `configure` will fail with a different error: `checking host system type... Invalid configuration 'arm64-apple-ios-simulator': Kernel 'ios' not known to work with OS 'simulator`. If you do not specify a min iOS version, this is not required. Mysteriously, the other simulators (tvOS, watchOS) do not have this issue....
 
+## Building wolfSSL and curl
+
+Building curl with wolfSSL for Apple targets using configure/autotools can be accomplished with the following procedure:
+
+1. Build wolfSSL as described in the above steps with curl compatibility enabled, either as a framework using the helper script, or as a cross-compiled library for your desired platform
+
+```sh
+cd /path/to/wolfssl/IDE/apple-universal
+
+# build wolfSSL as a framework using the helper script
+./build-wolfssl-framework.sh -c "--enable-curl"
+
+# or build as a static library for one platform (using iOS as an example)
+ARCH=arm64
+WOLFSSL_INSTALL=/path/to/output/install/wolfssl-iphoneos-${ARCH}
+./configure --host=${ARCH}-apple-darwin \
+            --enable-curl \
+            --enable-static --disable-shared \
+            --prefix=${WOLFSSL_INSTALL} \
+            CFLAGS="-arch ${ARCH} -isysroot $(xcrun --sdk iphoneos --show-sdk-path)"
+
+make
+```
+
+2. Configure and build curl to use the wolfSSL library for your platform that was built in step 1. Note that you must use `--with-wolfssl` to point curl to the wolfSSL *library install* for your specific platform, not to the xcframework.
+
+```sh
+cd /path/to/curl
+
+# Note that it is necessary to manually link curl against the Apple CoreFoundation and Security frameworks,
+# as they are required by wolfSSL on Apple platforms. Using iOS as an example:
+./configure --host=${ARCH}-apple-darwin \
+            --with-wolfssl=${WOLFSSL_INSTALL} \
+            CFLAGS="-arch ${ARCH} -isysroot $(xcrun -sdk iphoneos --show-sdk-path)" \
+            LDFLAGS="-framework CoreFoundation -framework Security"
+
+make
+```
+
 
diff --git a/IDE/apple-universal/build-wolfssl-framework.sh b/IDE/apple-universal/build-wolfssl-framework.sh
index a3ff12a6c..7529e95f9 100755
--- a/IDE/apple-universal/build-wolfssl-framework.sh
+++ b/IDE/apple-universal/build-wolfssl-framework.sh
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # build-wolfssl-framework.sh
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
index 6e452c502..6a08cd2a4 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
@@ -1,6 +1,6 @@
 /* ContentView.swift
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
index b18d058da..72ca92d0b 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
@@ -1,6 +1,6 @@
 /* simple_client_example.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ int simple_client_example(void)
     WOLFSSL_CTX* ctx;
     WOLFSSL* ssl;
     int sockfd, ret;
-    
+
     /* Resolve the server address */
     struct addrinfo hints, *server_addr;
     memset(&hints, 0, sizeof(hints));
@@ -84,7 +84,7 @@ int simple_client_example(void)
         close(sockfd);
         return 1;
     }
-    
+
     /* Load CA certificate into WOLFSSL_CTX
      * NOTE: CERT_PATH macro is set relative to Xcode $(PROJECT_DIR) environment
      * variable in the preprocessor macros section of the project build settings
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
index ce8895821..e1181b545 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
@@ -1,6 +1,6 @@
 /* simple_client_example.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef simple_client_example_h
-#define simple_client_example_h
+#ifndef SIMPLE_CLIENT_EXAMPLE_H
+#define SIMPLE_CLIENT_EXAMPLE_H
 
 int simple_client_example(void);
 
-#endif /* simple_client_example_h */
+#endif /* SIMPLE_CLIENT_EXAMPLE_H */
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
index f232f13bd..29e97fd00 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
@@ -1,6 +1,6 @@
 /* wolfssl-multiplatform-Bridging-Header.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
index acf2a03aa..8b5ecc378 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
@@ -1,6 +1,6 @@
 /* wolfssl_multiplatformApp.swift
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
index 50655c834..ec7c43272 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
@@ -1,6 +1,6 @@
 /* wolfssl_test_driver.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,21 +42,21 @@ void wolfssl_test(void)
 {
     int ret;
     test_func_args args = {0};
-    
+
 #ifdef WC_RNG_SEED_CB
     wc_SetSeed_Cb(wc_GenerateSeed);
 #endif
-    
+
     printf("Run wolfCrypt Test:\n");
     ret = wolfcrypt_test(&args);
     printf("\nResult of wolfcrypt_test() = %d\n\n", ret);
-    
+
     printf("Run wolfCrypt Benchmark:\n");
     ret = benchmark_test(&args);
     printf("\nResult of benchmark_test() = %d\n\n", ret);
-    
+
     printf("Run simple client test:\n");
     ret = simple_client_example();
     printf("\nResult of simple_client_test() = %d\n\n", ret);
-    
+
 }
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
index a3104e64e..b697cfdb6 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
@@ -1,6 +1,6 @@
 /* wolfssl_test_driver.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef wolfssl_test_driver_h
-#define wolfssl_test_driver_h
+#ifndef WOLFSSL_TEST_DRIVER_H
+#define WOLFSSL_TEST_DRIVER_H
 
 void wolfssl_test(void);
 
-#endif /* wolfssl_test_driver_h */
+#endif /* WOLFSSL_TEST_DRIVER_H */
diff --git a/IDE/include.am b/IDE/include.am
index 4f84b43fd..fecdc1583 100644
--- a/IDE/include.am
+++ b/IDE/include.am
@@ -2,61 +2,74 @@
 # included from Top Level Makefile.am
 # All paths should be given relative to the root
 
-include IDE/XCODE/include.am
-include IDE/XCODE-FIPSv2/include.am
-include IDE/XCODE-FIPSv5/include.am
-include IDE/WIN/include.am
-include IDE/WIN10/include.am
-include IDE/WIN-SGX/include.am
-include IDE/LINUX-SGX/include.am
-include IDE/WORKBENCH/include.am
-include IDE/ROWLEY-CROSSWORKS-ARM/include.am
-include IDE/TRUESTUDIO/include.am
+include IDE/Android/include.am
+include IDE/apple-universal/include.am
 include IDE/ARDUINO/include.am
-include IDE/INTIME-RTOS/include.am
-include IDE/KDS/include.am
-include IDE/STM32Cube/include.am
-include IDE/VS-ARM/include.am
-include IDE/MSVS-2019-AZSPHERE/include.am
-include IDE/VS-AZURE-SPHERE/include.am
-include IDE/GCC-ARM/include.am
+include IDE/AURIX/include.am
+include IDE/CRYPTOCELL/include.am
 include IDE/CSBENCH/include.am
 include IDE/ECLIPSE/DEOS/include.am
 include IDE/ECLIPSE/MICRIUM/include.am
-include IDE/ECLIPSE/SIFIVE/include.am
-include IDE/MQX/include.am
 include IDE/ECLIPSE/RTTHREAD/include.am
+include IDE/ECLIPSE/SIFIVE/include.am
+include IDE/Espressif/include.am
+include IDE/GCC-ARM/include.am
+include IDE/Gaisler-BCC/include.am
+include IDE/HEXAGON/include.am
+include IDE/IAR-MSP430/include.am
+include IDE/Infineon/include.am
+include IDE/INTIME-RTOS/include.am
+include IDE/iotsafe/include.am
+include IDE/KDS/include.am
+include IDE/LINUX-SGX/include.am
+include IDE/M68K/include.am
+include IDE/MCUEXPRESSO/include.am
+include IDE/MDK5-ARM/include.am
+include IDE/MPLABX16/include.am
+include IDE/MPLABX16/wolfcrypt_test.X/nbproject/include.am
+include IDE/MPLABX16/wolfssl.X/nbproject/include.am
+include IDE/MQX/include.am
+include IDE/MSVS-2019-AZSPHERE/include.am
 include IDE/mynewt/include.am
-include IDE/Renesas/e2studio/DK-S7G2/include.am
+include IDE/NETOS/include.am
+include IDE/PlatformIO/include.am
+include IDE/QNX/include.am
 include IDE/Renesas/cs+/Projects/include.am
+include IDE/Renesas/e2studio/DK-S7G2/include.am
 include IDE/Renesas/e2studio/Projects/include.am
 include IDE/Renesas/e2studio/RA6M3/include.am
-include IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
-include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
-include IDE/Renesas/e2studio/RX65N/RSK/include.am
 include IDE/Renesas/e2studio/RA6M4/include.am
+include IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
+include IDE/Renesas/e2studio/RX65N/RSK/include.am
+include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
 include IDE/Renesas/e2studio/RZN2L/include.am
-include IDE/WICED-STUDIO/include.am
-include IDE/CRYPTOCELL/include.am
-include IDE/M68K/include.am
-include IDE/HEXAGON/include.am
 include IDE/RISCV/include.am
-include IDE/XilinxSDK/include.am
-include IDE/VisualDSP/include.am
-include IDE/QNX/include.am
-include IDE/WINCE/include.am
-include IDE/iotsafe/include.am
-include IDE/Android/include.am
-include IDE/NETOS/include.am
-include IDE/IAR-MSP430/include.am
-include IDE/zephyr/include.am
-include IDE/AURIX/include.am
-include IDE/MCUEXPRESSO/include.am
-include IDE/Espressif/include.am
-include IDE/STARCORE/include.am
-include IDE/MDK5-ARM/include.am
+include IDE/ROWLEY-CROSSWORKS-ARM/include.am
 include IDE/SimplicityStudio/include.am
-include IDE/apple-universal/include.am
+include IDE/STARCORE/include.am
+include IDE/STM32Cube/include.am
+include IDE/TRUESTUDIO/include.am
+include IDE/VisualDSP/include.am
+include IDE/VS-ARM/include.am
+include IDE/VS-AZURE-SPHERE/include.am
+include IDE/WICED-STUDIO/include.am
+include IDE/WIN-SGX/include.am
+include IDE/WIN-SRTP-KDF-140-3/include.am
+include IDE/WIN/include.am
+include IDE/WIN10/include.am
+include IDE/WINCE/include.am
+include IDE/WORKBENCH/include.am
+include IDE/XCODE-FIPSv2/include.am
+include IDE/XCODE-FIPSv5/include.am
+include IDE/XCODE/include.am
+include IDE/XilinxSDK/include.am
+include IDE/zephyr/include.am
 
-EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
+EXTRA_DIST+= IDE/Espressif
+EXTRA_DIST+= IDE/HEXIWEAR
+EXTRA_DIST+= IDE/IAR-EWARM
+EXTRA_DIST+= IDE/LPCXPRESSO
+EXTRA_DIST+= IDE/MDK-ARM
+EXTRA_DIST+= IDE/MYSQL
 EXTRA_DIST+= IDE/OPENSTM32/README.md
+EXTRA_DIST+= IDE/PlatformIO
diff --git a/IDE/iotsafe-raspberrypi/README.md b/IDE/iotsafe-raspberrypi/README.md
index 286ac5537..c70b29677 100644
--- a/IDE/iotsafe-raspberrypi/README.md
+++ b/IDE/iotsafe-raspberrypi/README.md
@@ -139,4 +139,4 @@ Run the built `./main.bin` to print the help usage.
 An example to run the demo connecting to a server:
 ```
 ./main.bin -ip <ipaddress> -h <full-hostname> -p <port> -t 25 -d /dev/ttyUSB0|/dev/tty/ACM0
-```
\ No newline at end of file
+```
diff --git a/IDE/iotsafe-raspberrypi/client-tls13.c b/IDE/iotsafe-raspberrypi/client-tls13.c
index 91383d5d0..d016439d4 100644
--- a/IDE/iotsafe-raspberrypi/client-tls13.c
+++ b/IDE/iotsafe-raspberrypi/client-tls13.c
@@ -1,6 +1,6 @@
 /* client-tls13.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe-raspberrypi/main.c b/IDE/iotsafe-raspberrypi/main.c
index f8cb3c51e..2975c0ff8 100644
--- a/IDE/iotsafe-raspberrypi/main.c
+++ b/IDE/iotsafe-raspberrypi/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/README.md b/IDE/iotsafe/README.md
index e594d03e9..3f772a818 100644
--- a/IDE/iotsafe/README.md
+++ b/IDE/iotsafe/README.md
@@ -14,14 +14,14 @@ Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If hav
 
 ### Description
 
-This example firmware will run an example TLS 1.2 server using wolfSSL, and a 
+This example firmware will run an example TLS 1.2 server using wolfSSL, and a
 TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
 [IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
 
 The client and server routines alternate their execution in a single-threaded,
 cooperative loop.
 
-Client and server communicate to each other using memory buffers to establish a 
+Client and server communicate to each other using memory buffers to establish a
 TLS session without the use of TCP/IP sockets.
 
 ### IoT-Safe interface
@@ -59,7 +59,7 @@ wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CE
 
 The applet that has been tested with this demo has the current configuration:
 
-   Key slot | Name | Description 
+   Key slot | Name | Description
    -------|--------|------------------
    0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
    0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
@@ -68,7 +68,7 @@ The applet that has been tested with this demo has the current configuration:
 
 
 The following file is used to read the client's certificate:
-   
+
   File Slot | Name | Description
   ----------|------|------------
   0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
@@ -81,7 +81,7 @@ software to upload the firmware `image.bin` to the target board.
 
 1) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
 2) Using ST-Link virtual serial port connect at 115220
-3) Hit reset button. 
+3) Hit reset button.
 4) The output should look similar to below:
 
 ```
diff --git a/IDE/iotsafe/ca-cert.c b/IDE/iotsafe/ca-cert.c
index f8d75623c..b601d00f0 100644
--- a/IDE/iotsafe/ca-cert.c
+++ b/IDE/iotsafe/ca-cert.c
@@ -1,6 +1,6 @@
 /* ca-cert.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/devices.c b/IDE/iotsafe/devices.c
index 59b739cf5..e115675c2 100644
--- a/IDE/iotsafe/devices.c
+++ b/IDE/iotsafe/devices.c
@@ -1,6 +1,6 @@
 /* devices.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,10 +62,10 @@ static void usart1_init(void)
     GPIO_MODE(GPIOB_BASE) = reg | (0x02 << (USART1_PIN_TX * 2));
 
     reg = GPIO_PUPD(GPIOG_BASE) & (0x03 << (USART1_PIN_RX * 2));
-    
+
     reg = GPIO_PUPD(GPIOB_BASE) & (0x03 << (USART1_PIN_TX * 2));
     GPIO_PUPD(GPIOB_BASE) = reg | (0x01 << (USART1_PIN_TX * 2));
-    
+
 #if RTSCTS
     reg = GPIO_MODE(GPIOG_BASE) & ~(0x03 << (USART1_PIN_RTS * 2));
     GPIO_MODE(GPIOG_BASE) = reg | (0x02 << (USART1_PIN_RTS * 2));
@@ -376,7 +376,7 @@ static void stmod_pin_init(void)
     /* RST pin */
     reg = GPIO_MODE(STMOD_MODEM_RST_PORT) & ~(0x03 << (STMOD_MODEM_RST_PIN * 2));
     GPIO_MODE(STMOD_MODEM_RST_PORT) = reg | (0x01 << (STMOD_MODEM_RST_PIN * 2));
-    
+
     /* DTR pin */
     reg = GPIO_MODE(STMOD_MODEM_DTR_PORT) & ~(0x03 << (STMOD_MODEM_DTR_PIN * 2));
     GPIO_MODE(STMOD_MODEM_DTR_PORT) = reg | (0x01 << (STMOD_MODEM_DTR_PIN * 2));
diff --git a/IDE/iotsafe/devices.h b/IDE/iotsafe/devices.h
index f19ae3b8a..c1203165b 100644
--- a/IDE/iotsafe/devices.h
+++ b/IDE/iotsafe/devices.h
@@ -1,6 +1,6 @@
 /* devices.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -95,8 +95,8 @@
 #define FLASH_ACR_LATENCY_MASK (0x03)
 
 /* RCC: Periph enable flags */
-#define USART1_APB2_CLOCK_ER_VAL 	(1 << 14)
-#define USART2_APB1_CLOCK_ER_VAL 	(1 << 17)
+#define USART1_APB2_CLOCK_ER_VAL    (1 << 14)
+#define USART2_APB1_CLOCK_ER_VAL    (1 << 17)
 #define PWR_APB1_CLOCK_ER_VAL       (1 << 28)
 #define GPIOA_AHB2_CLOCK_ER_VAL     (1 << 0)
 #define GPIOB_AHB2_CLOCK_ER_VAL     (1 << 1)
@@ -208,11 +208,11 @@
 #define SYSTICK_CALIB   (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C))
 
 
-/* STMod+ connector pinout 
+/* STMod+ connector pinout
  *
  * Connector            STM32L4
  * pins                 pins
- * 
+ *
  * 1      11            PG11    PH2
  * 2      12            PB6     PB2
  * 3      13            PG10    PA4
@@ -243,7 +243,7 @@ void stmod_modem_disable(void);
 /* inline functions for GPIO */
 static inline void gpio_set(uint32_t port, uint32_t pin)
 {
-    GPIO_BSSR(port) |= (1 << pin);   
+    GPIO_BSSR(port) |= (1 << pin);
 }
 
 static inline void gpio_clear(uint32_t port, uint32_t pin)
diff --git a/IDE/iotsafe/main.c b/IDE/iotsafe/main.c
index 90aa08da6..af8324d30 100644
--- a/IDE/iotsafe/main.c
+++ b/IDE/iotsafe/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/memory-tls.c b/IDE/iotsafe/memory-tls.c
index eff9f384d..3a802ee59 100644
--- a/IDE/iotsafe/memory-tls.c
+++ b/IDE/iotsafe/memory-tls.c
@@ -1,6 +1,6 @@
 /* memory-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -146,9 +146,12 @@ static int client_loop(void)
     #if (IOTSAFE_ID_SIZE == 1)
     byte cert_file_id, privkey_id, keypair_id, peer_pubkey_id, peer_cert_id, serv_cert_id;
     byte ca_cert_id;
-    #else
+    #elif (IOTSAFE_ID_SIZE == 2)
     word16 cert_file_id, privkey_id, keypair_id, peer_pubkey_id, peer_cert_id, serv_cert_id;
     word16 ca_cert_id;
+    #else
+    word32 cert_file_id, privkey_id, keypair_id, peer_pubkey_id, peer_cert_id, serv_cert_id;
+    word32 ca_cert_id;
     #endif
     cert_file_id = CRT_CLIENT_FILE_ID;
     privkey_id = PRIVKEY_ID;
diff --git a/IDE/iotsafe/startup.c b/IDE/iotsafe/startup.c
index a5418b1ab..9a204cefd 100644
--- a/IDE/iotsafe/startup.c
+++ b/IDE/iotsafe/startup.c
@@ -1,6 +1,6 @@
 /* startup.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -99,7 +99,7 @@ void isr_usagefault(void)
     /* Panic. */
     while(1) ;;
 }
-        
+
 
 void isr_empty(void)
 {
@@ -131,7 +131,7 @@ void (* const IV[])(void) =
 	0,                           // reserved
 	isr_empty,                   // PendSV
 	isr_systick,                 // SysTick
-    
+
     isr_empty,              // NVIC_WWDG_IRQ 0
     isr_empty,              // PVD_IRQ 1
     isr_empty,              // TAMP_STAMP_IRQ 2
diff --git a/IDE/iotsafe/target.ld b/IDE/iotsafe/target.ld
index df0f2272b..40d35dfca 100644
--- a/IDE/iotsafe/target.ld
+++ b/IDE/iotsafe/target.ld
@@ -1,6 +1,6 @@
 /* target.ld
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h
index f483b2cf2..6bf474415 100644
--- a/IDE/iotsafe/user_settings.h
+++ b/IDE/iotsafe/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,7 +34,21 @@
  *   - Default: one-byte ID sim, with hardcoded server certificate
  */
 
-#ifdef TWO_BYTES_ID_DEMO
+#if defined(FOUR_BYTES_ID_DEMO)
+    #define IOTSAFE_ID_SIZE 2
+    #define CRT_CLIENT_FILE_ID  0xABCD3430     /* pre-provisioned */
+    #define CRT_SERVER_FILE_ID  0xABCD3330
+    #define PRIVKEY_ID          0xABCD3230     /* pre-provisioned */
+    #define ECDH_KEYPAIR_ID     0xABCD3330
+    #define PEER_PUBKEY_ID      0xABCD3730
+    #define PEER_CERT_ID        0xABCD3430
+
+    /* In this version of the demo, the server certificate is
+     * stored in a buffer, while the CA is read from a file slot in IoT-SAFE
+     */
+    #define SOFT_SERVER_CERT
+
+#elif defined(TWO_BYTES_ID_DEMO)
     #define IOTSAFE_ID_SIZE 2
     #define CRT_CLIENT_FILE_ID  0x3430     /* pre-provisioned */
     #define CRT_SERVER_FILE_ID  0x3330
@@ -136,8 +150,10 @@ static inline long XTIME(long *x) { return jiffies;}
 #define WOLFSSL_AES_DIRECT
 
 /* Hashing */
-#define HAVE_SHA384
-#define HAVE_SHA512
+#define WOLFSSL_SHA384
+#define HAVE_SHA384 /* old freeRTOS settings.h requires this */
+#define WOLFSSL_SHA512
+#define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #define HAVE_HKDF
 
 /* TLS */
diff --git a/IDE/mynewt/apps.wolfcrypttest.pkg.yml b/IDE/mynewt/apps.wolfcrypttest.pkg.yml
index c072dd50a..7fd3552ac 100644
--- a/IDE/mynewt/apps.wolfcrypttest.pkg.yml
+++ b/IDE/mynewt/apps.wolfcrypttest.pkg.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/mynewt/crypto.wolfssl.pkg.yml b/IDE/mynewt/crypto.wolfssl.pkg.yml
index ebb4bfaeb..2b93cb940 100644
--- a/IDE/mynewt/crypto.wolfssl.pkg.yml
+++ b/IDE/mynewt/crypto.wolfssl.pkg.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/mynewt/setup.sh b/IDE/mynewt/setup.sh
index 7cec0a825..cb3aed091 100755
--- a/IDE/mynewt/setup.sh
+++ b/IDE/mynewt/setup.sh
@@ -1,8 +1,10 @@
-#!/bin/bash -e
+#!/usr/bin/env bash
 
-# this scrypt deploy wolfssl and wolfcrypto source code to mynewt project
+# this script deploys wolfssl and wolfcrypto source code to the mynewt project.
 # run as bash "mynewt project root directory path"
 
+set -e
+
 SCRIPTDIR=`dirname $0`
 SCRIPTDIR=`cd $SCRIPTDIR && pwd -P`
 WOLFSSL_MYNEWTDIR=${SCRIPTDIR}
@@ -34,7 +36,7 @@ newt pkg new crypto/wolfssl
 echo "create apps/wolfcrypttest pkg"
 /bin/rm -rf apps/wolfcrypttest
 newt pkg new -t app apps/wolfcrypttest
-/bin/rm -rf apps/wolfcrypttest/include 
+/bin/rm -rf apps/wolfcrypttest/include
 /bin/rm -rf apps/wolfcrypttest/src
 /bin/mkdir -p apps/wolfcrypttest/src
 
diff --git a/IDE/zephyr/include.am b/IDE/zephyr/include.am
index 54648d465..e35ff53e7 100644
--- a/IDE/zephyr/include.am
+++ b/IDE/zephyr/include.am
@@ -2,4 +2,4 @@
 # included from Top Level Makefile.am
 # All paths should be given relative to the root
 
-EXTRA_DIST+= IDE/zephyr/README.md
\ No newline at end of file
+EXTRA_DIST+= IDE/zephyr/README.md
diff --git a/INSTALL b/INSTALL
index d40343233..4176fb063 100644
--- a/INSTALL
+++ b/INSTALL
@@ -12,6 +12,11 @@
     $ make check   # (optional, but highly recommended)
     $ sudo make install
 
+    Note: Building with configure generates a wolfssl/options.h file that contains
+    all the generated build options. This file needs to be included in your application
+    before any other wolfSSL headers. Optionally your application can define
+    WOLFSSL_USE_OPTIONS_H to do this automatically.
+
 2. Building on iOS
 
     Use on the xcode project in IDE/iOS/wolfssl.xcodeproj
@@ -74,7 +79,7 @@
 13. Porting to a new platform
 
     Please see section 2.4 in the manual:
-    http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html
+    https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html#customizing-or-porting-wolfssl
 
 14. Building with CMake
     Note: Primary development uses automake (./configure). The support for CMake
@@ -91,6 +96,11 @@
     a header options.h in the wolfssl directory that contains the options used
     to configure the build.
 
+    Note: Building with configure generates a wolfssl/options.h file that contains
+    all the generated build options. This file needs to be included in your application
+    before any other wolfSSL headers. Optionally your application can define
+    WOLFSSL_USE_OPTIONS_H to do this automatically.
+
     Unix-based Platforms
     ---
     1) Navigate to the wolfssl root directory containing "CMakeLists.txt".
@@ -183,35 +193,14 @@
        Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat
     3) Follow steps in "Unix-based Platforms" above.
 
-15. Building with liboqs for TLS 1.3 [EXPERIMENTAL]
-    In order be able to use liboqs, you must have it built and installed on your
-    system. We support liboqs at a specific git commit.
-
-    NOTE: Even if you have already installed liboqs, you need to follow these
-          steps to install liboqs again as we support sphincs variants that are
-          disabled by default in OQS's fork of OpenSSL.
-
-    Here are instructions for obtaining and building liboqs:
-
-    $ mkdir ~/oqs
-    $ cd ~/oqs
-    $ git clone --single-branch https://github.com/open-quantum-safe/liboqs.git
-    $ cd liboqs/
-    $ git checkout 0.8.0
-    $ mkdir build
-    $ cd build
-    $ cmake -DOQS_USE_OPENSSL=0 ..
-    $ make all
-    $ sudo make install
-
-    And then for building wolfssl, the following is sufficient:
+15. Building Post-Quantum Support for TLS 1.3
 
     $ cd wolfssl
-    $ ./autogen.sh (Might not be necessary)
-    $ ./configure --with-liboqs
+    $ ./autogen.sh (Only necessary if downloaded from github)
+    $ ./configure --enable-kyber --enable-dilithium
     $ make all
 
-    Execute the following to see the liboqs-related options for KEM groups near
+    Execute the following to see the options for KEM groups near
     the end of the output of these commands:
 
     $ ./examples/server/server -?
@@ -219,52 +208,53 @@
 
     For a quick start, you can run the client and server like this:
 
-    $ ./examples/server/server -v 4 --pqc P521_KYBER_LEVEL5
-    $ ./examples/client/client -v 4 --pqc P521_KYBER_LEVEL5
+    $ ./examples/server/server -v 4 --pqc P521_ML_KEM_1024
+    $ ./examples/client/client -v 4 --pqc P521_ML_KEM_1024
 
     Look for the following line in the output of the server and client:
 
     ```
-    Using Post-Quantum KEM: P521_KYBER_LEVEL5
+    Using Post-Quantum KEM: P521_ML_KEM_1024
     ```
 
-    For authentication, you can generate a certificate chain using a patch on
-    top of the Open Quantum Safe project's fork of OpenSSL. We support
-    certificates and keys generated by the patched version which is maintained
-    in our OSP repo.
-
-    Instructions for obtaining and building our patched version of OQS's fork of
-    OpenSSL can be found at:
+    For authentication, you can generate a certificate chain using the Open
+    Quantum Safe project's OQS Provider with your system's OpenSSL application.
+    Instructions are maintained in our OSP repo here:
 
     https://github.com/wolfSSL/osp/tree/master/oqs/README.md
 
-    There are scripts for generating FALCON, Dilithium and SPHINCS+ certificate
-    chains which can be found in the same directory as the `README.md` file in
-    the `osp` github repo. Please find instructions on how to generate the keys
-    and certificates in the `README.md` file.
+    For your convenience, there are also pre-generated ML-DSA certificates and
+    keys.
 
-    Once the certificates and keys are generated, copy them from the
-    to the certs directory of wolfssl. Now you can run the server and client
-    like this:
+    Please find instructions on how to generate the keys and certificates
+    in the `README.md` file.
+
+    Copy the certificates and keys into the certs directory of wolfssl. Now you
+    can run the server and client like this:
 
     $ examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
-      -A certs/falcon_level5_root_cert.pem \
-      -c certs/falcon_level1_entity_cert.pem \
-      -k certs/falcon_level1_entity_key.pem \
-      --pqc P521_KYBER_LEVEL5
+      -A certs/mldsa87_root_cert.pem \
+      -c certs/mldsa44_entity_cert.pem \
+      -k certs/mldsa44_entity_key.pem \
+      --pqc P521_ML_KEM_1024
 
     $ examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
-      -A certs/falcon_level1_root_cert.pem \
-      -c certs/falcon_level5_entity_cert.pem \
-      -k certs/falcon_level5_entity_key.pem \
-      --pqc P521_KYBER_LEVEL5
+      -A certs/mldsa44_root_cert.pem \
+      -c certs/mldsa87_entity_cert.pem \
+      -k certs/mldsa87_entity_key.pem \
+      --pqc P521_ML_KEM_1024
 
     Congratulations! You have just achieved a fully quantum-safe TLS 1.3
     connection!
 
     The following NIST Competition winning algorithms are supported:
-    - CRYSTALS-KYBER (KEM)
-    - Dilithium (signature scheme)
+    - ML-KEM (CRYSTALS-KYBER) (key encapsulation mechanism)
+    - ML-DSA (CRYSTALS-Dilithium) (signature scheme)
+
+    The following NIST Competition winning algorithms were supported by our
+    liboqs integration. Support for their standardized specifications will
+    return when we write our own implementations.
+
     - FALCON (signature scheme)
     - SPHINCS+ (signature scheme)
 
@@ -277,11 +267,12 @@
 
     https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
 
-    NOTE: The quantum-safe algorithms provided by liboqs are unstandardized and
-          experimental. It is highly advised that they NOT be used in production
-          environments. All OIDs and codepoints are temporary and expected to
-          change in the future. You should have no expectation of backwards
-          compatibility.
+    NOTE: The quantum-safe algorithms that we have implemented are standardized
+          by NIST and our implementations follow these standards. At the
+          protocol layer, OIDs and codepoints have been proposed in various
+          standards organizations but are not yet ratified. OIDs and codepoints
+          are temporary and expected to change in the future. You should have no
+          expectation of backwards compatibility at the protocol layer.
 
 16. Building with vcpkg
 
diff --git a/IPP/.gitkeep b/IPP/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/Makefile.am b/Makefile.am
index 07a2496ee..d8e4b6ddf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -138,10 +138,10 @@ dist_example_DATA=
 
 ACLOCAL_AMFLAGS= -I m4
 
-EXTRA_DIST+= lib/dummy
-
+EXTRA_DIST+= .cyignore
 EXTRA_DIST+= wolfssl.vcproj
 EXTRA_DIST+= wolfssl.vcxproj
+EXTRA_DIST+= wolfssl-VS2022.vcxproj
 EXTRA_DIST+= wolfssl64.sln
 EXTRA_DIST+= valgrind-error.sh
 EXTRA_DIST+= valgrind-bash.supp
@@ -152,7 +152,6 @@ EXTRA_DIST+= README
 EXTRA_DIST+= ChangeLog.md
 EXTRA_DIST+= LICENSING
 EXTRA_DIST+= INSTALL
-EXTRA_DIST+= IPP
 EXTRA_DIST+= LPCExpresso.cproject
 EXTRA_DIST+= LPCExpresso.project
 EXTRA_DIST+= resource.h wolfssl.rc
@@ -168,7 +167,6 @@ include Docker/include.am
 
 include src/include.am
 include support/include.am
-include wolfcrypt/user-crypto/include.am
 include wolfcrypt/benchmark/include.am
 include wolfcrypt/src/include.am
 include wolfcrypt/test/include.am
@@ -210,7 +208,8 @@ if BUILD_LINUXKM
     SUBDIRS_OPT += linuxkm
     DIST_SUBDIRS_OPT += linuxkm
 
-    export KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \
+    export build_triplet host_triplet CC AS LD \
+        KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \
         EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
 	AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
         AM_CCASFLAGS CCASFLAGS \
@@ -313,3 +312,8 @@ merge-clean:
 	@find ./ | $(GREP) \.BASE | xargs rm -f
 	@find ./ | $(GREP) \~$$ | xargs rm -f
 
+%.o: %.cu
+	$(NVCC) -dc $(CUDAFLAGS) -o $@ $<
+
+.cu.lo:
+	$(LIBTOOL) --tag=CC --mode=compile $(COMPILE) --compile -o $@ $< -static
diff --git a/README b/README
index c344bf803..47579ee3d 100644
--- a/README
+++ b/README
@@ -70,93 +70,131 @@ should be used for the enum name.
 
 *** end Notes ***
 
-# wolfSSL Release 5.6.6 (Dec 19, 2023)
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
 
-Release 5.6.6 has been developed according to wolfSSL's development and QA
+Release 5.7.6 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
 
-REMINDER: When working with AES Block Cipher algorithms, wc_AesInit() should
-always be called first to initialize the `Aes` structure, before calling other
-Aes API functions. Recently we found several places in our documentation,
-comments, and codebase where this pattern was not observed. We have since
-fixed this omission in several PRs for this release.
 
 ## Vulnerabilities
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
 
-* [Medium] CVE-2023-6935: After review of the previous RSA timing fix in wolfSSL 5.6.4, additional changes were found to be required. A complete resistant change is delivered in this release. This fix is for the Marvin attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a very large number of trial connections. This issue is around RSA decryption and affects the optional static RSA cipher suites on the server side, which are considered weak, not recommended to be used and are off by default in wolfSSL (even with --enable-all). Static RSA cipher suites were also removed from the TLS 1.3 protocol and are only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It is recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. Thanks to Hubert Kario for the report. The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6955.
-
-* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional WOLFSSL_CALLBACKS has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of WOLFSSL_CALLBACKS on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
-
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “--enable-aes-bitsliced� configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
-
-* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
 
 ## New Feature Additions
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
 
-* Build option for disabling CRL date checks (WOLFSSL_NO_CRL_DATE_CHECK) (PR 6927)
-* Support for STM32WL55 and improvements to PKA ECC support (PR 6937)
-* Add option to skip cookie exchange on DTLS 1.3 session resumption (PR 6929)
-* Add implementation of SRTP KDF and SRTCP KDF (--enable-srtp-kdf) (PR 6888)
-* Add wolfSSL_EXTENDED_KEY_USAGE_free() (PR 6916)
-* Add AES bitsliced implementation that is cache attack safe (--enable-aes-bitsliced) (PR 6854)
-* Add memcached support and automated testing (PR 6430, 7022)
-* Add Hardware Encryption Acceleration for ESP32-C3, ESP32-C6, and ESP32-S2 (PR 6990)
-* Add (D)TLS 1.3 support for 0.5-RTT data (PR 7010)
 
 ## Enhancements and Optimizations
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
 
-* Better built in testing of “--sys-ca-certs� configure option (PR 6910)
-* Updated CMakeLists.txt for Espressif wolfSSL component usage (PR 6877)
-* Disable TLS 1.1 by default (unless SSL 3.0 or TLS 1.0 is enabled) (PR 6946)
-* Add “--enable-quic� to “--enable-all� configure option (PR 6957)
-* Add support to SP C implementation for RSA exponent up to 64-bits (PR 6959)
-* Add result of “HAVE___UINT128_T� to options.h for CMake builds (PR 6965)
-* Add optimized assembly for AES-GCM on ARM64 using hardware crypto instructions (PR 6967)
-* Add built-in cipher suite tests for DTLS 1.3 PQC (PR 6952)
-* Add wolfCrypt test and unit test to ctest (PR 6977)
-* Move OpenSSL compatibility crypto APIs into ssl_crypto.c file (PR 6935)
-* Validate time generated from XGMTIME() (PR 6958)
-* Allow wolfCrypt benchmark to run with microsecond accuracy (PR 6868)
-* Add GitHub Actions testing with nginx 1.24.0 (PR 6982)
-* Allow encoding of CA:FALSE BasicConstraint during cert generation (PR 6953)
-* Add CMake option to enable DTLS-SRTP (PR 6991)
-* Add CMake options for enabling QUIC and cURL (PR 7049)
-* Improve RSA blinding to make code more constant time (PR 6955)
-* Refactor AES-NI implementation macros to allow dynamic fallback to C (PR 6981)
-* Default to native Windows threading API on MinGW (PR 7015)
-* Return better error codes from OCSP response check (PR 7028)
-* Updated Espressif ESP32 TLS client and server examples (PR 6844)
-* Add/clean up support for ESP-IDF v5.1 for a variety of ESP32 chips (PR 7035, 7037)
-* Add API to choose dynamic certs based on client ciphers/sigalgs (PR 6963)
-* Improve Arduino IDE 1.5 project file to match recursive style (PR 7007)
-* Simplify and improve apple-universal build script (PR 7025)
 
 ## Fixes
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
 
-* Fix for async edge case with Intel QuickAssist/Cavium Nitrox (PR 6931)
-* Fix for building PKCS#7 with RSA disabled (PR 6902)
-* Fix for advancing output pointer in wolfSSL_i2d_X509() (PR 6891)
-* Fix for EVP_EncodeBlock() appending a newline (PR 6900)
-* Fix for wolfSSL_RSA_verify_PKCS1_PSS() with RSA_PSS_SALTLEN_AUTO (PR 6938)
-* Fixes for CODESonar reports around isalpha() and isalnum() calls (PR 6810)
-* Fix for SP ARM64 integer math to avoid compiler optimization issues (PR 6942)
-* Fix for SP Thumb2 inline assembly to add IAR build support (PR 6943, 6971)
-* Fix for SP Thumb2 to make functions not inlined (PR 6993)
-* Fix for SP Cortex-M assembly large build with IAR (PR 6954)
-* Fix for SP ARM64 assembly montgomery reduction by 4 (PR 6947)
-* Fix for SP ARM64 P-256 for not inlining functions for iOS compatibility (PR 6979)
-* Fix for WOLFSSL_CALLBACKS and potential memory error (PR 6949)
-* Fixes for wolfSSL’s Zephyr OS port (PR 6930)
-* Fix for build errors when building for NXP mmCAU (FREESCALE_MMCAU) (PR 6970)
-* Fix for TLS 1.3 SendBuffered() return code in non-blocking mode (PR 7001)
-* Fix for TLS Hmac_UpdateFinal() when padding byte is invalid (PR 6998)
-* Fix for ARMv8 AES-GCM streaming to check size of IV before storing (PR 6996)
-* Add missing calls to wc_AesInit() before wc_AesSetKey() (PR 7011)
-* Fix build errors with DTLS 1.3 enabled but TLS 1.2 disabled (PR 6976)
-* Fixes for building wolfSSL in Visual Studio (PR 7040)
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/README.md b/README.md
index 381a05fb5..ee821145d 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # wolfSSL Embedded SSL/TLS Library
 
-The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) 
+The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/)
 (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and
 targeted for embedded, RTOS, and resource-constrained environments - primarily
 because of its small size, speed, and feature set.  It is commonly used in
@@ -14,7 +14,7 @@ OpenSSL.
 
 wolfSSL is powered by the wolfCrypt cryptography library. Two versions of
 wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and
-certificate #3389). FIPS 140-3 validation is in progress. For additional
+certificate #3389). FIPS 140-3 validated (Certificate #4718). For additional
 information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/)
 or contact fips@wolfssl.com.
 
@@ -75,93 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.6.6 (Dec 19, 2023)
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
 
-Release 5.6.6 has been developed according to wolfSSL's development and QA
+Release 5.7.6 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
 
-REMINDER: When working with AES Block Cipher algorithms, `wc_AesInit()` should
-always be called first to initialize the `Aes` structure, before calling other
-Aes API functions. Recently we found several places in our documentation,
-comments, and codebase where this pattern was not observed. We have since
-fixed this omission in several PRs for this release.
 
 ## Vulnerabilities
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
 
-* [Medium] CVE-2023-6935: After review of the previous RSA timing fix in wolfSSL 5.6.4, additional changes were found to be required. A complete resistant change is delivered in this release. This fix is for the Marvin attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a very large number of trial connections. This issue is around RSA decryption and affects the optional static RSA cipher suites on the server side, which are considered weak, not recommended to be used and are off by default in wolfSSL (even with `--enable-all`). Static RSA cipher suites were also removed from the TLS 1.3 protocol and are only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It is recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. Thanks to Hubert Kario for the report. The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6955.
-
-* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
-
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`� configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
-
-* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
 
 ## New Feature Additions
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
 
-* Build option for disabling CRL date checks (`WOLFSSL_NO_CRL_DATE_CHECK`) (PR 6927)
-* Support for STM32WL55 and improvements to PKA ECC support (PR 6937)
-* Add option to skip cookie exchange on DTLS 1.3 session resumption (PR 6929)
-* Add implementation of SRTP KDF and SRTCP KDF (`--enable-srtp-kdf`) (PR 6888)
-* Add `wolfSSL_EXTENDED_KEY_USAGE_free()` (PR 6916)
-* Add AES bitsliced implementation that is cache attack safe (`--enable-aes-bitsliced`) (PR 6854)
-* Add memcached support and automated testing (PR 6430, 7022)
-* Add Hardware Encryption Acceleration for ESP32-C3, ESP32-C6, and ESP32-S2 (PR 6990)
-* Add (D)TLS 1.3 support for 0.5-RTT data (PR 7010)
 
 ## Enhancements and Optimizations
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
 
-* Better built in testing of “`--sys-ca-certs`� configure option (PR 6910)
-* Updated CMakeLists.txt for Espressif wolfSSL component usage (PR 6877)
-* Disable TLS 1.1 by default (unless SSL 3.0 or TLS 1.0 is enabled) (PR 6946)
-* Add “`--enable-quic`� to “`--enable-all`� configure option (PR 6957)
-* Add support to SP C implementation for RSA exponent up to 64-bits (PR 6959)
-* Add result of “`HAVE___UINT128_T`� to options.h for CMake builds (PR 6965)
-* Add optimized assembly for AES-GCM on ARM64 using hardware crypto instructions (PR 6967)
-* Add built-in cipher suite tests for DTLS 1.3 PQC (PR 6952)
-* Add wolfCrypt test and unit test to ctest (PR 6977)
-* Move OpenSSL compatibility crypto APIs into `ssl_crypto.c` file (PR 6935)
-* Validate time generated from XGMTIME() (PR 6958)
-* Allow wolfCrypt benchmark to run with microsecond accuracy (PR 6868)
-* Add GitHub Actions testing with nginx 1.24.0 (PR 6982)
-* Allow encoding of CA:FALSE BasicConstraint during cert generation (PR 6953)
-* Add CMake option to enable DTLS-SRTP (PR 6991)
-* Add CMake options for enabling QUIC and cURL (PR 7049)
-* Improve RSA blinding to make code more constant time (PR 6955)
-* Refactor AES-NI implementation macros to allow dynamic fallback to C (PR 6981)
-* Default to native Windows threading API on MinGW (PR 7015)
-* Return better error codes from OCSP response check (PR 7028)
-* Updated Espressif ESP32 TLS client and server examples (PR 6844)
-* Add/clean up support for ESP-IDF v5.1 for a variety of ESP32 chips (PR 7035, 7037)
-* Add API to choose dynamic certs based on client ciphers/sigalgs (PR 6963)
-* Improve Arduino IDE 1.5 project file to match recursive style (PR 7007)
-* Simplify and improve apple-universal build script (PR 7025)
 
 ## Fixes
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
 
-* Fix for async edge case with Intel QuickAssist/Cavium Nitrox (PR 6931)
-* Fix for building PKCS#7 with RSA disabled (PR 6902)
-* Fix for advancing output pointer in `wolfSSL_i2d_X509()` (PR 6891)
-* Fix for `EVP_EncodeBlock()` appending a newline (PR 6900)
-* Fix for `wolfSSL_RSA_verify_PKCS1_PSS()` with `RSA_PSS_SALTLEN_AUTO` (PR 6938)
-* Fixes for CODESonar reports around `isalpha()` and `isalnum()` calls (PR 6810)
-* Fix for SP ARM64 integer math to avoid compiler optimization issues (PR 6942)
-* Fix for SP Thumb2 inline assembly to add IAR build support (PR 6943, 6971)
-* Fix for SP Thumb2 to make functions not inlined (PR 6993)
-* Fix for SP Cortex-M assembly large build with IAR (PR 6954)
-* Fix for SP ARM64 assembly montgomery reduction by 4 (PR 6947)
-* Fix for SP ARM64 P-256 for not inlining functions for iOS compatibility (PR 6979)
-* Fix for `WOLFSSL_CALLBACKS` and potential memory error (PR 6949)
-* Fixes for wolfSSL’s Zephyr OS port (PR 6930)
-* Fix for build errors when building for NXP mmCAU (`FREESCALE_MMCAU`) (PR 6970)
-* Fix for TLS 1.3 `SendBuffered()` return code in non-blocking mode (PR 7001)
-* Fix for TLS `Hmac_UpdateFinal()` when padding byte is invalid (PR 6998)
-* Fix for ARMv8 AES-GCM streaming to check size of IV before storing (PR 6996)
-* Add missing calls to `wc_AesInit()` before `wc_AesSetKey()` (PR 7011)
-* Fix build errors with DTLS 1.3 enabled but TLS 1.2 disabled (PR 6976)
-* Fixes for building wolfSSL in Visual Studio (PR 7040)
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
@@ -190,3 +228,51 @@ More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html
 [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
 
 [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
+
+# Directory structure
+
+```
+<wolfssl_root>
+├── certs   [Certificates used in tests and examples]
+├── cmake   [Cmake build utilities]
+├── debian  [Debian packaging files]
+├── doc     [Documentation for wolfSSL (Doxygen)]
+├── Docker  [Prebuilt Docker environments]
+├── examples    [wolfSSL examples]
+│   ├── asn1    [ASN.1 printing example]
+│   ├── async   [Asynchronous Cryptography example]
+│   ├── benchmark   [TLS benchmark example]
+│   ├── client  [Client example]
+│   ├── configs [Example build configurations]
+│   ├── echoclient  [Echoclient example]
+│   ├── echoserver  [Echoserver example]
+│   ├── pem [Example for convert between PEM and DER]
+│   ├── sctp    [Servers and clients that demonstrate wolfSSL's DTLS-SCTP support]
+│   └── server  [Server example]
+├── IDE     [Contains example projects for various development environments]
+├── linuxkm [Linux Kernel Module implementation]
+├── m4      [Autotools utilities]
+├── mcapi   [wolfSSL MPLAB X Project Files]
+├── mplabx  [wolfSSL MPLAB X Project Files]
+├── mqx     [wolfSSL Freescale CodeWarrior Project Files]
+├── rpm     [RPM packaging metadata]
+├── RTOS
+│   └── nuttx   [Port of wolfSSL for NuttX]
+├── scripts [Testing scripts]
+├── src     [wolfSSL source code]
+├── sslSniffer  [wolfSSL sniffer can be used to passively sniff SSL traffic]
+├── support [Contains the pkg-config file]
+├── tests   [Unit and configuration testing]
+├── testsuite   [Test application that orchestrates tests]
+├── tirtos  [Port of wolfSSL for TI RTOS]
+├── wolfcrypt   [The wolfCrypt component]
+│   ├── benchmark   [Cryptography benchmarking application]
+│   ├── src         [wolfCrypt source code]
+│   │   └── port    [Supported hardware acceleration ports]
+│   └── test        [Cryptography testing application]
+├── wolfssl [Header files]
+│   ├── openssl [Compatibility layer headers]
+│   └── wolfcrypt   [Header files]
+├── wrapper [wolfSSL language wrappers]
+└── zephyr  [Port of wolfSSL for Zephyr RTOS]
+```
diff --git a/RTOS/nuttx/wolfssl/Make.defs b/RTOS/nuttx/wolfssl/Make.defs
index 78ff34afe..68583d48e 100644
--- a/RTOS/nuttx/wolfssl/Make.defs
+++ b/RTOS/nuttx/wolfssl/Make.defs
@@ -1,9 +1,9 @@
 ############################################################################
 # apps/crypto/wolfssl/Make.defs
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-# This file is part of wolfSSL. (formerly known as CyaSSL)
+# This file is part of wolfSSL.
 #
 # wolfSSL is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 ############################################################################
 
diff --git a/RTOS/nuttx/wolfssl/Makefile b/RTOS/nuttx/wolfssl/Makefile
index 0f2b7cfd4..4b2417103 100644
--- a/RTOS/nuttx/wolfssl/Makefile
+++ b/RTOS/nuttx/wolfssl/Makefile
@@ -1,9 +1,9 @@
 ############################################################################
 # apps/crypto/wolfssl/Makefile
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
-# This file is part of wolfSSL. (formerly known as CyaSSL)
+# This file is part of wolfSSL.
 #
 # wolfSSL is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 ############################################################################
 
diff --git a/RTOS/nuttx/wolfssl/setup-wolfssl.sh b/RTOS/nuttx/wolfssl/setup-wolfssl.sh
index 3c1df580d..9cd6ef4d4 100755
--- a/RTOS/nuttx/wolfssl/setup-wolfssl.sh
+++ b/RTOS/nuttx/wolfssl/setup-wolfssl.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 set -e # exit on any command failure
 if [ ! -d wolfssl ]; then
diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST
index 03f5cf6a8..f99b7ce1a 100644
--- a/SCRIPTS-LIST
+++ b/SCRIPTS-LIST
@@ -35,6 +35,7 @@ scripts/
  google.test   - example client test against google, part of tests
  resume.test   - example sessoin resume test, part of tests
  ocsp-stapling.test - example client test against globalsign, part of tests
+ ocsp-stapling1_tls13multi.text - example client test against example server, part of tests
  ocsp-stapling2.test - example client test against example server, part of tests
  sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests
                           in sniffer mode
diff --git a/async-check.sh b/async-check.sh
index ccfce052a..bb24bded2 100755
--- a/async-check.sh
+++ b/async-check.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script creates symbolic links to the required asynchronous
 # file for using the asynchronous simulator and make check
diff --git a/autogen.sh b/autogen.sh
index d9ae08819..854aef453 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -16,34 +16,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
     fi
 fi
 
-# Git hooks should come before autoreconf.
-if [ -d .git ]; then
-    if [ ! -d .git/hooks ]; then
-        mkdir .git/hooks || exit $?
-    fi
-
-    if [ -n "$no_links" ]; then
-        echo "Linux ln does not work on shared Windows file system in WSL."
-        if [ ! -e .git/hooks/pre-commit ]; then
-            echo "The pre-commit.sh file will not be copied to .git/hooks/pre-commit"
-            # shell scripts do not work on Windows; TODO create equivalent batch file
-            # cp ./pre-commit.sh .git/hooks/pre-commit || exit $?
-        fi
-        if [ ! -e .git/hooks/pre-push ]; then
-            echo "The pre-push.sh file will not be copied to .git/hooks/pre-commit"
-            # shell scripts do not work on Windows; TODO create equivalent batch file
-            # cp ./pre-push.sh .git/hooks/pre-push || exit $?
-        fi
-    else
-        if [ ! -e .git/hooks/pre-commit ]; then
-            ln -s ../../pre-commit.sh .git/hooks/pre-commit || exit $?
-        fi
-        if [ ! -e .git/hooks/pre-push ]; then
-            ln -s ../../pre-push.sh .git/hooks/pre-push || exit $?
-        fi
-    fi
-fi
-
 # if and as needed, create empty dummy versions of various files, mostly
 # associated with fips/self-test and asynccrypt:
 
diff --git a/certs/1024/ca-cert.der b/certs/1024/ca-cert.der
index 3324aee92..7420d827b 100644
Binary files a/certs/1024/ca-cert.der and b/certs/1024/ca-cert.der differ
diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem
index 2bc54e6f0..5797eb1ad 100644
--- a/certs/1024/ca-cert.pem
+++ b/certs/1024/ca-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5c:44:2b:bf:d3:a8:2a:d8:fd:54:c9:cd:aa:7f:f7:d4:59:07:aa:dd
+            59:52:6b:92:1a:25:8f:1b:ee:4c:51:9c:47:2f:ff:ff:9d:43:29:47
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
                     e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -29,8 +29,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
-
+                serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -38,20 +37,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         70:7d:83:94:d0:ee:e1:19:8b:17:ca:79:87:12:5b:7f:70:a3:
-         51:20:4f:21:99:71:69:21:28:55:61:70:85:54:21:a9:70:a2:
-         a9:12:db:44:11:44:e7:41:00:70:80:b5:37:0c:7e:78:8f:88:
-         64:bc:e5:c0:44:a7:a5:3d:db:62:c4:d6:cd:aa:4b:ac:fb:01:
-         46:bb:ec:cb:6f:01:67:b4:65:f3:5e:53:39:64:99:9b:68:80:
-         14:91:a4:a4:eb:04:f3:76:9a:7d:b4:38:05:9c:a5:e0:bc:7e:
-         d9:d2:d3:d4:e8:c3:9f:38:4b:6c:29:94:be:35:bd:30:1f:b5:
-         b7:3d
+    Signature Value:
+        09:c6:da:fe:2a:45:83:9e:8b:66:cf:63:1f:11:cb:d9:b4:eb:
+        b0:97:3d:33:d4:b9:27:56:46:14:3c:fe:2b:b2:36:6e:38:7f:
+        08:f5:37:3c:f2:a2:6a:8a:c7:a0:be:0f:ac:dd:f4:f0:97:b3:
+        03:a6:70:48:44:fc:ef:ef:7a:c6:1a:8d:3f:19:f6:71:92:7e:
+        3a:00:95:f2:b6:57:40:77:c2:80:4e:61:f2:71:56:22:a0:1e:
+        a9:dd:5c:54:80:ad:e4:27:f2:17:20:9b:5b:89:30:6e:6a:31:
+        2a:4e:43:52:f8:8a:51:b7:ed:3a:aa:78:41:90:95:e8:40:2e:
+        66:fc
 -----BEGIN CERTIFICATE-----
-MIIECTCCA3KgAwIBAgIUXEQrv9OoKtj9VMnNqn/31FkHqt0wDQYJKoZIhvcNAQEL
+MIIECTCCA3KgAwIBAgIUWVJrkholjxvuTFGcRy///51DKUcwDQYJKoZIhvcNAQEL
 BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
 MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCB
+Zm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCB
 mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -63,10 +63,10 @@ Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
 ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
 EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
 b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUXEQrv9OoKtj9VMnNqn/31FkHqt0w
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWVJrkholjxvuTFGcRy///51DKUcw
 DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAcH2D
-lNDu4RmLF8p5hxJbf3CjUSBPIZlxaSEoVWFwhVQhqXCiqRLbRBFE50EAcIC1Nwx+
-eI+IZLzlwESnpT3bYsTWzapLrPsBRrvsy28BZ7Rl815TOWSZm2iAFJGkpOsE83aa
-fbQ4BZyl4Lx+2dLT1OjDnzhLbCmUvjW9MB+1tz0=
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEACcba
+/ipFg56LZs9jHxHL2bTrsJc9M9S5J1ZGFDz+K7I2bjh/CPU3PPKiaorHoL4PrN30
+8JezA6ZwSET87+96xhqNPxn2cZJ+OgCV8rZXQHfCgE5h8nFWIqAeqd1cVICt5Cfy
+FyCbW4kwbmoxKk5DUviKUbftOqp4QZCV6EAuZvw=
 -----END CERTIFICATE-----
diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der
index 898d298e3..2ad3e77d9 100644
Binary files a/certs/1024/client-cert.der and b/certs/1024/client-cert.der differ
diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem
index b78c3834b..2e9d88b0f 100644
--- a/certs/1024/client-cert.pem
+++ b/certs/1024/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            59:f2:ea:44:08:b5:12:30:a0:96:93:d1:d1:7f:e1:ec:49:75:9b:a2
+            09:1d:03:41:8b:92:bd:2a:2a:1c:77:e0:13:a8:3d:f0:33:da:7f:72
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:
                     99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec:
@@ -29,8 +29,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:59:F2:EA:44:08:B5:12:30:A0:96:93:D1:D1:7F:E1:EC:49:75:9B:A2
-
+                serial:09:1D:03:41:8B:92:BD:2A:2A:1C:77:E0:13:A8:3D:F0:33:DA:7F:72
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -38,21 +37,22 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         45:63:6f:f9:ed:f4:12:3c:3c:c5:2c:51:08:94:61:7e:08:e8:
-         32:46:2b:22:02:d0:e8:2b:a4:23:15:48:47:87:5d:72:ab:38:
-         d5:34:b9:fc:f4:86:93:49:95:d8:81:32:1c:21:e3:ef:b8:40:
-         c5:87:02:e8:28:aa:54:93:2d:8a:e9:1e:dd:5d:11:f8:bf:ca:
-         4e:33:20:56:4e:6f:53:bb:79:b0:da:65:a1:4b:9f:c8:55:fa:
-         53:26:84:c6:1e:0a:5e:7a:6e:f2:2d:2a:81:a5:d0:2b:ec:d5:
-         8e:b9:f0:c7:57:d7:d6:14:1a:3b:dc:09:41:b4:9d:0d:72:20:
-         44:79
+    Signature Value:
+        9a:1c:8f:c4:bd:54:da:63:a7:f8:ba:39:b6:64:60:9d:ba:a5:
+        fc:43:f5:57:28:31:43:09:4c:03:4c:b8:c3:49:2b:4e:bf:f2:
+        9b:13:4e:37:1e:a1:57:c6:0c:7b:2c:25:19:37:9f:06:53:ef:
+        8d:d1:ba:c0:73:6e:7f:c2:0b:46:5f:9b:56:bb:59:19:5c:c9:
+        ee:ea:02:da:03:2c:fb:29:b6:07:dd:55:b7:e9:ce:60:47:e0:
+        6b:44:5a:61:74:5c:96:f6:30:d8:1b:a4:15:5e:06:c5:73:4b:
+        8a:4d:94:23:13:1b:3f:db:67:ca:a7:a6:41:c5:28:0f:fd:2e:
+        0e:f0
 -----BEGIN CERTIFICATE-----
-MIIEGDCCA4GgAwIBAgIUWfLqRAi1EjCglpPR0X/h7El1m6IwDQYJKoZIhvcNAQEL
+MIIEGDCCA4GgAwIBAgIUCR0DQYuSvSoqHHfgE6g98DPaf3IwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEwMjQxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
@@ -63,10 +63,10 @@ BgNVHQ4EFgQUgWkP+N/dzzQp1Wd1cYXHdRBpWewwgd4GA1UdIwSB1jCB04AUgWkP
 +N/dzzQp1Wd1cYXHdRBpWeyhgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEw
 MjQxGTAXBgNVBAsMEFByb2dyYW1taW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWfLqRAi1
-EjCglpPR0X/h7El1m6IwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCR0DQYuS
+vSoqHHfgE6g98DPaf3IwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
 LmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI
-hvcNAQELBQADgYEARWNv+e30Ejw8xSxRCJRhfgjoMkYrIgLQ6CukIxVIR4ddcqs4
-1TS5/PSGk0mV2IEyHCHj77hAxYcC6CiqVJMtiuke3V0R+L/KTjMgVk5vU7t5sNpl
-oUufyFX6UyaExh4KXnpu8i0qgaXQK+zVjrnwx1fX1hQaO9wJQbSdDXIgRHk=
+hvcNAQELBQADgYEAmhyPxL1U2mOn+Lo5tmRgnbql/EP1VygxQwlMA0y4w0krTr/y
+mxNONx6hV8YMeywlGTefBlPvjdG6wHNuf8ILRl+bVrtZGVzJ7uoC2gMs+ym2B91V
+t+nOYEfga0RaYXRclvYw2BukFV4GxXNLik2UIxMbP9tnyqemQcUoD/0uDvA=
 -----END CERTIFICATE-----
diff --git a/certs/1024/server-cert.der b/certs/1024/server-cert.der
index f4faeb582..2cc8316ec 100644
Binary files a/certs/1024/server-cert.der and b/certs/1024/server-cert.der differ
diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem
index 0c0fc7147..d6106acc0 100644
--- a/certs/1024/server-cert.pem
+++ b/certs/1024/server-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:aa:3e:a5:9c:d3:17:49:65:43:de:d0:f3:4b:1c:
                     db:49:0c:fc:7a:65:05:6d:de:6a:c4:e4:73:2c:8a:
@@ -28,8 +28,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
-
+                serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -37,20 +36,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         35:2e:7b:57:7b:64:70:53:e0:81:ed:f4:ac:b3:3a:3b:ba:82:
-         8d:a2:31:d9:d4:ac:d1:8a:6d:35:41:15:b3:e8:06:91:ca:2a:
-         f7:ff:28:0e:3d:cd:e7:28:f0:07:c0:78:62:9e:88:3d:dc:98:
-         f0:8c:89:a7:1c:5b:77:37:b2:55:38:b2:60:42:e8:02:81:bf:
-         7c:c3:54:86:7e:e4:2f:7d:74:74:27:f7:9a:e2:8d:a9:2f:7c:
-         82:31:41:f1:cb:48:a0:05:00:26:3d:a4:6b:27:43:4c:3f:6f:
-         2f:41:2e:ee:ba:0d:8f:39:42:0d:2d:76:00:12:4c:f9:49:2d:
-         7f:ed
+    Signature Value:
+        94:67:03:63:2a:3e:e4:56:a5:9f:84:89:68:8c:ed:ef:a4:fe:
+        1f:dc:03:04:1e:d0:87:90:14:7c:82:3f:36:a8:7c:14:64:ab:
+        88:d4:9d:81:e8:f6:a7:ec:12:51:ea:25:fd:a4:d1:9c:9b:71:
+        3d:c8:d0:b3:d2:6d:eb:56:11:66:05:4e:92:27:0a:76:8c:3a:
+        8b:bd:e2:46:f5:7b:8e:ff:03:f3:89:92:dc:9b:46:79:f4:b8:
+        95:7d:b6:29:79:f3:55:c8:70:de:f7:9f:59:e1:e2:8d:a7:73:
+        1f:97:1c:52:64:48:77:cf:6d:a0:27:ad:c0:16:56:55:46:b2:
+        bf:f1
 -----BEGIN CERTIFICATE-----
 MIID8jCCA1ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53
 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
-MzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5MjhaMIGVMQswCQYDVQQGEwJVUzEQMA4G
+NDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQswCQYDVQQGEwJVUzEQMA4G
 A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
 TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
 b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN
@@ -62,27 +62,27 @@ A1UdIwSB0TCBzoAU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD
 VQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b22CFFxEK7/TqCrY/VTJzap/99RZB6rdMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
+b22CFFlSa5IaJY8b7kxRnEcv//+dQylHMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
 E4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
-BwMCMA0GCSqGSIb3DQEBCwUAA4GBADUue1d7ZHBT4IHt9KyzOju6go2iMdnUrNGK
-bTVBFbPoBpHKKvf/KA49zeco8AfAeGKeiD3cmPCMiaccW3c3slU4smBC6AKBv3zD
-VIZ+5C99dHQn95rijakvfIIxQfHLSKAFACY9pGsnQ0w/by9BLu66DY85Qg0tdgAS
-TPlJLX/t
+BwMCMA0GCSqGSIb3DQEBCwUAA4GBAJRnA2MqPuRWpZ+EiWiM7e+k/h/cAwQe0IeQ
+FHyCPzaofBRkq4jUnYHo9qfsElHqJf2k0ZybcT3I0LPSbetWEWYFTpInCnaMOou9
+4kb1e47/A/OJktybRnn0uJV9til581XIcN73n1nh4o2ncx+XHFJkSHfPbaAnrcAW
+VlVGsr/x
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5c:44:2b:bf:d3:a8:2a:d8:fd:54:c9:cd:aa:7f:f7:d4:59:07:aa:dd
+            59:52:6b:92:1a:25:8f:1b:ee:4c:51:9c:47:2f:ff:ff:9d:43:29:47
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
                     e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -100,8 +100,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
-
+                serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -109,20 +108,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         70:7d:83:94:d0:ee:e1:19:8b:17:ca:79:87:12:5b:7f:70:a3:
-         51:20:4f:21:99:71:69:21:28:55:61:70:85:54:21:a9:70:a2:
-         a9:12:db:44:11:44:e7:41:00:70:80:b5:37:0c:7e:78:8f:88:
-         64:bc:e5:c0:44:a7:a5:3d:db:62:c4:d6:cd:aa:4b:ac:fb:01:
-         46:bb:ec:cb:6f:01:67:b4:65:f3:5e:53:39:64:99:9b:68:80:
-         14:91:a4:a4:eb:04:f3:76:9a:7d:b4:38:05:9c:a5:e0:bc:7e:
-         d9:d2:d3:d4:e8:c3:9f:38:4b:6c:29:94:be:35:bd:30:1f:b5:
-         b7:3d
+    Signature Value:
+        09:c6:da:fe:2a:45:83:9e:8b:66:cf:63:1f:11:cb:d9:b4:eb:
+        b0:97:3d:33:d4:b9:27:56:46:14:3c:fe:2b:b2:36:6e:38:7f:
+        08:f5:37:3c:f2:a2:6a:8a:c7:a0:be:0f:ac:dd:f4:f0:97:b3:
+        03:a6:70:48:44:fc:ef:ef:7a:c6:1a:8d:3f:19:f6:71:92:7e:
+        3a:00:95:f2:b6:57:40:77:c2:80:4e:61:f2:71:56:22:a0:1e:
+        a9:dd:5c:54:80:ad:e4:27:f2:17:20:9b:5b:89:30:6e:6a:31:
+        2a:4e:43:52:f8:8a:51:b7:ed:3a:aa:78:41:90:95:e8:40:2e:
+        66:fc
 -----BEGIN CERTIFICATE-----
-MIIECTCCA3KgAwIBAgIUXEQrv9OoKtj9VMnNqn/31FkHqt0wDQYJKoZIhvcNAQEL
+MIIECTCCA3KgAwIBAgIUWVJrkholjxvuTFGcRy///51DKUcwDQYJKoZIhvcNAQEL
 BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
 MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCB
+Zm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCB
 mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -134,10 +134,10 @@ Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
 ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
 EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
 b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUXEQrv9OoKtj9VMnNqn/31FkHqt0w
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWVJrkholjxvuTFGcRy///51DKUcw
 DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAcH2D
-lNDu4RmLF8p5hxJbf3CjUSBPIZlxaSEoVWFwhVQhqXCiqRLbRBFE50EAcIC1Nwx+
-eI+IZLzlwESnpT3bYsTWzapLrPsBRrvsy28BZ7Rl815TOWSZm2iAFJGkpOsE83aa
-fbQ4BZyl4Lx+2dLT1OjDnzhLbCmUvjW9MB+1tz0=
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEACcba
+/ipFg56LZs9jHxHL2bTrsJc9M9S5J1ZGFDz+K7I2bjh/CPU3PPKiaorHoL4PrN30
+8JezA6ZwSET87+96xhqNPxn2cZJ+OgCV8rZXQHfCgE5h8nFWIqAeqd1cVICt5Cfy
+FyCbW4kwbmoxKk5DUviKUbftOqp4QZCV6EAuZvw=
 -----END CERTIFICATE-----
diff --git a/certs/3072/client-cert.der b/certs/3072/client-cert.der
index 329d03cf8..bd313a43b 100644
Binary files a/certs/3072/client-cert.der and b/certs/3072/client-cert.der differ
diff --git a/certs/3072/client-cert.pem b/certs/3072/client-cert.pem
index fbd8d99df..d896c7164 100644
--- a/certs/3072/client-cert.pem
+++ b/certs/3072/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0b:5c:9f:12:25:90:aa:52:c0:df:e1:e1:1f:ed:a9:31:01:0a:09:8b
+            1e:d5:b7:66:40:3a:e9:9b:dd:58:e4:e4:9a:c0:da:1e:d7:b9:5a:1f
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:ac:39:50:68:8f:78:f8:10:9b:68:96:d3:e1:9c:
                     56:68:5a:41:62:e3:b3:41:b0:55:80:17:b0:88:16:
@@ -46,8 +46,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:3D:D1:84:C2:AF:B0:20:49:BC:74:87:41:38:AB:BA:D2:D4:0C:A3:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:0B:5C:9F:12:25:90:AA:52:C0:DF:E1:E1:1F:ED:A9:31:01:0A:09:8B
-
+                serial:1E:D5:B7:66:40:3A:E9:9B:DD:58:E4:E4:9A:C0:DA:1E:D7:B9:5A:1F
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -55,35 +54,36 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         14:27:57:47:12:a4:78:a2:c9:dc:93:f8:47:ee:f4:fd:66:80:
-         13:43:9e:de:23:8c:f7:3f:fe:46:9c:85:58:2a:6f:8d:22:92:
-         8c:d6:36:ca:90:4f:45:c3:ab:78:ca:3c:fe:d0:f5:0f:6d:00:
-         fe:3b:42:b0:86:0b:75:f2:7c:d3:c7:db:0b:70:e8:ec:b7:bf:
-         26:30:a8:19:67:bd:74:03:cf:d1:08:8e:9c:d5:1b:45:28:b2:
-         67:8e:3a:a5:27:c9:1b:6a:e9:93:ce:94:c0:00:0c:e8:f1:76:
-         02:a4:30:72:a8:fd:55:1c:d1:b8:25:f1:62:f6:ba:28:fd:30:
-         b1:11:63:f7:b3:78:54:09:04:c1:66:12:c7:01:ae:99:e3:55:
-         c4:29:bd:1b:1a:da:b9:77:fd:04:db:b1:68:56:35:65:e1:aa:
-         67:c8:ac:be:e5:f8:27:fb:b4:51:4f:38:e5:de:09:a6:81:a9:
-         ef:dc:d6:4a:96:47:b8:38:14:f8:25:5d:ac:f3:e5:3b:f2:1b:
-         70:32:3b:2d:fa:20:ca:2e:a5:ca:13:9d:84:d2:d4:35:16:58:
-         6e:52:5e:09:61:83:c2:e2:56:2c:ab:52:bf:54:dc:bd:f3:bf:
-         a7:16:6e:0e:ca:68:54:d1:5c:4d:06:7a:93:47:1c:cc:a9:66:
-         da:69:0f:f9:1f:25:64:29:40:97:50:3b:cf:0c:50:9b:4d:ff:
-         60:bc:d3:e4:a0:b7:64:c6:66:2a:f6:02:e2:3f:92:31:3b:d7:
-         ea:1a:c3:1a:0c:19:88:ab:5f:74:b7:9d:7b:8d:4d:3a:84:43:
-         f2:67:b1:be:a0:9e:fd:3d:aa:c1:38:1a:df:ac:30:fe:63:69:
-         af:d6:f2:21:63:11:63:29:ac:63:9e:9f:9f:c4:53:b3:db:78:
-         c0:2d:79:68:1f:d2:d1:36:d1:fb:e3:c0:a7:31:eb:15:63:99:
-         0b:93:9d:87:c7:fe:56:5d:fc:e7:29:2a:9e:15:be:ef:54:e7:
-         0f:6d:9b:36:b6:17
+    Signature Value:
+        5e:b0:ed:38:36:b8:f7:e4:0c:b0:c3:6a:bb:7a:b9:61:05:9d:
+        b9:82:12:2d:9c:9e:91:7b:ec:d0:9b:81:ca:51:e8:d4:55:2d:
+        1a:ff:88:5a:c3:e1:d8:82:17:c5:4a:7a:d4:17:c8:a2:1c:97:
+        61:a7:cf:de:12:f9:5a:d8:b0:63:63:84:d4:7b:b9:81:37:a0:
+        49:f3:68:30:0c:84:f8:6c:18:54:34:6f:8d:a3:22:d3:d2:3b:
+        42:bc:3b:28:0f:95:35:f4:9f:dc:18:9d:4f:c5:5f:0d:d2:bd:
+        88:b8:a7:88:82:d3:74:5b:a6:ad:b0:2b:70:33:c9:08:7e:5f:
+        9b:99:3c:61:f0:1b:3c:1c:4a:2a:05:84:f1:47:17:a2:ea:06:
+        3a:dc:f6:b3:83:30:9c:12:b1:4c:e9:be:40:86:3e:72:58:4e:
+        44:b8:99:59:c3:58:0f:d7:cf:02:60:77:ad:6f:9c:41:58:ef:
+        78:63:c0:f7:7d:a7:ed:67:c2:49:ae:06:fc:46:f7:70:53:88:
+        eb:53:2f:25:8d:7a:ac:ab:c4:b5:b0:27:90:57:d0:31:79:2f:
+        ad:da:20:c1:6a:00:cc:d9:b4:36:5a:90:99:3d:e3:e2:f4:b6:
+        e7:85:16:77:3d:69:bb:42:6c:a5:83:45:9f:53:c4:43:78:17:
+        43:bd:27:c0:6e:4b:40:0f:64:0b:ac:38:1e:09:6d:62:5a:54:
+        8a:2c:96:99:23:db:f5:4b:4a:aa:69:be:6e:8a:9a:3e:d5:e6:
+        a3:a9:a9:e9:e8:a9:28:28:3b:f9:9d:d9:5f:e3:cb:2b:2b:38:
+        ba:f1:bc:45:d8:4a:5a:b1:b3:8a:48:64:78:33:21:55:cd:04:
+        14:e7:7b:73:c2:b6:f2:de:81:01:d8:8d:c6:cf:f2:85:0f:32:
+        72:0f:6c:60:be:f5:31:75:39:4b:e3:ae:ed:0c:1e:15:83:ac:
+        f9:4c:86:cf:df:54:b0:7c:6f:f5:de:26:66:c0:ba:85:38:d0:
+        25:fe:b9:bf:12:98
 -----BEGIN CERTIFICATE-----
-MIIGHTCCBIWgAwIBAgIUC1yfEiWQqlLA3+HhH+2pMQEKCYswDQYJKoZIhvcNAQEL
+MIIGHTCCBIWgAwIBAgIUHtW3ZkA66ZvdWOTkmsDaHte5Wh8wDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTMwNzIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0zMDcyMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
@@ -100,15 +100,15 @@ qDCB3gYDVR0jBIHWMIHTgBQ90YTCr7AgSbx0h0E4q7rS1AyjqKGBpKSBoTCBnjEL
 MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
 FTATBgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3
 MjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
-QHdvbGZzc2wuY29tghQLXJ8SJZCqUsDf4eEf7akxAQoJizAMBgNVHRMEBTADAQH/
+QHdvbGZzc2wuY29tghQe1bdmQDrpm91Y5OSawNoe17laHzAMBgNVHRMEBTADAQH/
 MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAFCdXRxKkeKLJ3JP4R+70
-/WaAE0Oe3iOM9z/+RpyFWCpvjSKSjNY2ypBPRcOreMo8/tD1D20A/jtCsIYLdfJ8
-08fbC3Do7Le/JjCoGWe9dAPP0QiOnNUbRSiyZ446pSfJG2rpk86UwAAM6PF2AqQw
-cqj9VRzRuCXxYva6KP0wsRFj97N4VAkEwWYSxwGumeNVxCm9GxrauXf9BNuxaFY1
-ZeGqZ8isvuX4J/u0UU845d4JpoGp79zWSpZHuDgU+CVdrPPlO/IbcDI7Lfogyi6l
-yhOdhNLUNRZYblJeCWGDwuJWLKtSv1TcvfO/pxZuDspoVNFcTQZ6k0cczKlm2mkP
-+R8lZClAl1A7zwxQm03/YLzT5KC3ZMZmKvYC4j+SMTvX6hrDGgwZiKtfdLede41N
-OoRD8mexvqCe/T2qwTga36ww/mNpr9byIWMRYymsY56fn8RTs9t4wC15aB/S0TbR
-++PApzHrFWOZC5Odh8f+Vl385ykqnhW+71TnD22bNrYX
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAXrDtODa49+QMsMNqu3q5
+YQWduYISLZyekXvs0JuBylHo1FUtGv+IWsPh2IIXxUp61BfIohyXYafP3hL5Wtiw
+Y2OE1Hu5gTegSfNoMAyE+GwYVDRvjaMi09I7Qrw7KA+VNfSf3BidT8VfDdK9iLin
+iILTdFumrbArcDPJCH5fm5k8YfAbPBxKKgWE8UcXouoGOtz2s4MwnBKxTOm+QIY+
+clhORLiZWcNYD9fPAmB3rW+cQVjveGPA932n7WfCSa4G/Eb3cFOI61MvJY16rKvE
+tbAnkFfQMXkvrdogwWoAzNm0NlqQmT3j4vS254UWdz1pu0JspYNFn1PEQ3gXQ70n
+wG5LQA9kC6w4HgltYlpUiiyWmSPb9UtKqmm+boqaPtXmo6mp6eipKCg7+Z3ZX+PL
+Kys4uvG8RdhKWrGzikhkeDMhVc0EFOd7c8K28t6BAdiNxs/yhQ8ycg9sYL71MXU5
+S+Ou7QweFYOs+UyGz99UsHxv9d4mZsC6hTjQJf65vxKY
 -----END CERTIFICATE-----
diff --git a/certs/3072/client-key.der b/certs/3072/client-key.der
index be253d2f0..c2c766d74 100644
Binary files a/certs/3072/client-key.der and b/certs/3072/client-key.der differ
diff --git a/certs/4096/client-cert.der b/certs/4096/client-cert.der
index 5a5a7eef7..a3e795194 100644
Binary files a/certs/4096/client-cert.der and b/certs/4096/client-cert.der differ
diff --git a/certs/4096/client-cert.pem b/certs/4096/client-cert.pem
index e57398003..c2858e982 100644
--- a/certs/4096/client-cert.pem
+++ b/certs/4096/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2f:36:54:05:64:52:dd:0e:75:75:33:7c:b2:ce:9f:5c:48:9b:ab:0e
+            12:66:c3:a2:08:5c:f7:d0:6e:e9:a8:82:a2:ab:9c:0f:76:9e:96:f4
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
+                Public-Key: (4096 bit)
                 Modulus:
                     00:f5:d0:31:e4:71:59:58:b3:07:50:dd:16:79:fc:
                     c6:95:50:fc:46:0e:57:12:86:71:8d:e3:9b:4a:33:
@@ -55,8 +55,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:FA:54:89:67:E5:5F:B7:31:40:EA:FD:E7:F6:A3:C6:5A:56:16:A5:6E
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_4096/OU=Programming-4096/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:2F:36:54:05:64:52:DD:0E:75:75:33:7C:B2:CE:9F:5C:48:9B:AB:0E
-
+                serial:12:66:C3:A2:08:5C:F7:D0:6E:E9:A8:82:A2:AB:9C:0F:76:9E:96:F4
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -64,42 +63,43 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         c2:72:38:27:f0:5c:45:04:4b:09:0e:5d:98:6e:38:6a:bc:fb:
-         a8:85:4f:f2:04:38:63:4f:86:4f:3c:f5:fd:f8:cd:89:09:76:
-         72:47:97:df:f8:17:6a:81:3a:b2:b4:fc:ac:e9:fc:e2:47:9b:
-         07:6d:9c:53:ed:d8:64:bc:6c:4d:a9:bd:3e:5e:cd:61:bc:8e:
-         82:20:b2:50:bc:9e:72:e6:9f:40:ff:6c:4b:38:f8:4b:82:0f:
-         7e:49:cd:45:5c:cd:44:de:47:25:b3:57:d0:1a:0d:8d:4d:c7:
-         ea:23:fa:03:e8:86:d8:37:89:84:2e:e8:53:7a:77:be:94:ec:
-         70:e7:c4:7b:8f:6f:28:67:33:89:ec:c9:df:98:6d:4a:d9:c6:
-         7b:d3:b5:82:d0:8a:ce:8f:06:bf:a2:f7:de:4a:45:22:6f:ff:
-         41:6f:08:f5:c3:65:25:27:fb:43:3e:cc:25:0a:d3:3d:d2:34:
-         9f:89:6b:e2:97:9c:42:d9:3e:64:03:45:5f:07:95:ed:1a:70:
-         6a:be:3e:7f:7f:16:be:47:a6:6d:3b:0d:27:b3:89:b1:f1:f6:
-         ce:99:71:18:b6:c0:c5:9e:76:7a:8e:fb:4a:be:4f:cd:bc:21:
-         a9:4e:9c:fc:48:86:ff:e4:63:14:96:3a:eb:c8:48:ae:27:bd:
-         43:0c:27:85:e1:25:1a:69:48:6c:e7:11:f8:f3:68:9d:ee:15:
-         1a:be:ad:46:33:24:3d:be:b8:0e:6e:4d:ef:12:b6:ae:1b:88:
-         bd:0e:a6:ff:91:08:dc:ed:af:fa:13:2b:f2:b4:2c:ea:72:c2:
-         85:d6:ee:64:09:e1:4e:1a:5a:bd:c2:44:c2:95:82:59:0a:d8:
-         27:bc:48:4a:8a:a3:c3:77:ac:92:b6:8b:0b:13:e2:87:ec:21:
-         7e:7e:52:29:51:5c:59:e1:c8:db:05:ce:9e:f4:36:d8:63:42:
-         45:71:9a:ee:0e:24:b0:ba:a5:a5:aa:c9:ee:9e:a3:e3:e9:7f:
-         c6:64:6c:9e:65:78:88:f2:61:6f:d3:3b:9e:0d:16:fa:ad:c2:
-         58:ac:bc:14:b1:f7:6f:db:b9:7e:79:81:f1:f8:e9:41:5b:fe:
-         d9:e2:89:86:5c:01:03:5d:0c:d9:a9:d6:df:4b:26:5c:ae:e6:
-         df:b5:c9:f0:86:ca:7b:80:db:6a:86:fd:a9:00:46:32:39:5a:
-         72:c4:67:20:db:d8:7a:5d:2d:78:b9:a7:de:7f:f4:7a:5b:0f:
-         38:b0:9e:1a:ae:c5:cc:ff:61:5e:ec:f1:0d:f7:0a:22:bb:cb:
-         08:2b:91:58:77:1f:90:2b:a3:78:be:ef:4d:d8:8d:e8:f7:31:
-         f8:92:84:e5:b2:2a:e8:3a
+    Signature Value:
+        b0:00:28:7b:c8:3f:ae:93:f5:16:87:30:d6:07:2b:71:16:34:
+        1e:5c:48:0f:4a:e7:50:07:9d:f4:75:5b:90:53:72:87:2a:bb:
+        ef:04:bc:52:d2:bf:ff:27:58:2f:5c:af:be:f3:f6:00:a2:37:
+        8b:ec:2c:d7:b7:e7:bb:3b:ca:6f:9d:42:b7:00:b8:c2:a2:8e:
+        8e:e4:57:fd:83:4b:b8:47:aa:a1:28:ac:bd:c1:59:04:90:17:
+        40:40:35:04:c6:40:a9:21:d3:79:45:0e:22:c8:6f:ec:ae:58:
+        a5:c2:d8:1b:11:49:94:58:c2:11:7d:f8:0a:bb:47:fd:ac:cf:
+        f7:23:05:3f:ab:1d:0e:30:c5:98:29:13:1a:90:6f:f9:3f:f2:
+        d6:df:03:cc:f1:48:e7:71:e6:c4:ce:f3:f9:bf:07:c9:cf:dd:
+        63:0e:fe:bc:93:1c:9a:52:7d:63:f9:6d:a5:50:f3:ef:54:d7:
+        da:42:74:85:b1:b4:7c:d5:03:cc:b8:c3:ba:1f:b8:4f:5a:f9:
+        05:ba:4b:0d:57:8d:05:cf:4f:b7:c4:64:2e:2c:10:f3:fa:79:
+        0c:8c:1f:cc:84:33:88:fb:77:b5:6e:45:35:15:cc:28:80:2b:
+        2d:6b:3f:d0:a3:10:d1:53:c0:bb:70:43:79:2f:ff:3f:63:26:
+        c5:60:9b:87:e9:a2:5b:40:13:41:25:d2:9c:3e:42:79:00:e1:
+        12:0e:aa:06:e0:65:59:a1:fa:db:c4:c2:97:a8:87:35:96:1c:
+        8e:ff:eb:91:e0:8b:e3:3e:c8:b2:8c:d3:84:5e:76:80:d7:29:
+        0a:59:cc:71:d5:e5:65:3c:30:38:6e:f5:3f:7e:28:0f:3d:15:
+        10:86:30:39:56:23:13:30:b4:70:f7:7b:c3:0d:51:ad:18:b1:
+        87:b3:3f:1c:69:f5:d4:1e:72:66:5e:44:b9:53:ba:9e:f0:b8:
+        4a:b1:34:50:98:d8:f2:b9:b2:c5:ed:73:c9:ee:dd:33:8c:cf:
+        72:35:e0:3d:0f:45:2a:89:f9:a3:76:40:07:0f:f6:48:6c:f1:
+        8c:30:3a:c2:51:06:c2:51:5e:75:98:06:e0:1e:29:f7:12:9a:
+        56:a4:38:83:b1:8b:86:b6:ab:87:aa:3c:39:9d:4d:0c:e8:78:
+        9f:52:47:66:69:c8:66:0c:fe:d9:74:1d:78:0b:51:e4:d9:c8:
+        35:97:95:c7:31:97:13:49:ed:aa:9e:9c:fd:66:04:79:d2:24:
+        4d:64:8d:3f:cd:94:b0:05:0a:30:3b:1c:96:e7:79:00:03:47:
+        55:34:51:1f:46:3a:24:47:e6:dd:78:89:18:29:32:c5:ad:fb:
+        9c:f7:26:ac:56:3e:f7:73
 -----BEGIN CERTIFICATE-----
-MIIHHTCCBQWgAwIBAgIULzZUBWRS3Q51dTN8ss6fXEibqw4wDQYJKoZIhvcNAQEL
+MIIHHTCCBQWgAwIBAgIUEmbDoghc99Bu6aiCoqucD3aelvQwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzQwOTYxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTQwOTYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF80MDk2MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy00MDk2MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
@@ -118,19 +118,19 @@ AUswHQYDVR0OBBYEFPpUiWflX7cxQOr95/ajxlpWFqVuMIHeBgNVHSMEgdYwgdOA
 FPpUiWflX7cxQOr95/ajxlpWFqVuoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4G
 A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT
 TF80MDk2MRkwFwYDVQQLDBBQcm9ncmFtbWluZy00MDk2MRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFC82
-VAVkUt0OdXUzfLLOn1xIm6sOMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFBJm
+w6IIXPfQbumogqKrnA92npb0MAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
 bXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G
-CSqGSIb3DQEBCwUAA4ICAQDCcjgn8FxFBEsJDl2YbjhqvPuohU/yBDhjT4ZPPPX9
-+M2JCXZyR5ff+BdqgTqytPys6fziR5sHbZxT7dhkvGxNqb0+Xs1hvI6CILJQvJ5y
-5p9A/2xLOPhLgg9+Sc1FXM1E3kcls1fQGg2NTcfqI/oD6IbYN4mELuhTene+lOxw
-58R7j28oZzOJ7MnfmG1K2cZ707WC0IrOjwa/ovfeSkUib/9Bbwj1w2UlJ/tDPswl
-CtM90jSfiWvil5xC2T5kA0VfB5XtGnBqvj5/fxa+R6ZtOw0ns4mx8fbOmXEYtsDF
-nnZ6jvtKvk/NvCGpTpz8SIb/5GMUljrryEiuJ71DDCeF4SUaaUhs5xH482id7hUa
-vq1GMyQ9vrgObk3vErauG4i9Dqb/kQjc7a/6EyvytCzqcsKF1u5kCeFOGlq9wkTC
-lYJZCtgnvEhKiqPDd6yStosLE+KH7CF+flIpUVxZ4cjbBc6e9DbYY0JFcZruDiSw
-uqWlqsnunqPj6X/GZGyeZXiI8mFv0zueDRb6rcJYrLwUsfdv27l+eYHx+OlBW/7Z
-4omGXAEDXQzZqdbfSyZcrubftcnwhsp7gNtqhv2pAEYyOVpyxGcg29h6XS14uafe
-f/R6Ww84sJ4arsXM/2Fe7PEN9woiu8sIK5FYdx+QK6N4vu9N2I3o9zH4koTlsiro
-Og==
+CSqGSIb3DQEBCwUAA4ICAQCwACh7yD+uk/UWhzDWBytxFjQeXEgPSudQB530dVuQ
+U3KHKrvvBLxS0r//J1gvXK++8/YAojeL7CzXt+e7O8pvnUK3ALjCoo6O5Ff9g0u4
+R6qhKKy9wVkEkBdAQDUExkCpIdN5RQ4iyG/srlilwtgbEUmUWMIRffgKu0f9rM/3
+IwU/qx0OMMWYKRMakG/5P/LW3wPM8UjncebEzvP5vwfJz91jDv68kxyaUn1j+W2l
+UPPvVNfaQnSFsbR81QPMuMO6H7hPWvkFuksNV40Fz0+3xGQuLBDz+nkMjB/MhDOI
++3e1bkU1FcwogCstaz/QoxDRU8C7cEN5L/8/YybFYJuH6aJbQBNBJdKcPkJ5AOES
+DqoG4GVZofrbxMKXqIc1lhyO/+uR4IvjPsiyjNOEXnaA1ykKWcxx1eVlPDA4bvU/
+figPPRUQhjA5ViMTMLRw93vDDVGtGLGHsz8cafXUHnJmXkS5U7qe8LhKsTRQmNjy
+ubLF7XPJ7t0zjM9yNeA9D0UqifmjdkAHD/ZIbPGMMDrCUQbCUV51mAbgHin3EppW
+pDiDsYuGtquHqjw5nU0M6HifUkdmachmDP7ZdB14C1Hk2cg1l5XHMZcTSe2qnpz9
+ZgR50iRNZI0/zZSwBQowOxyW53kAA0dVNFEfRjokR+bdeIkYKTLFrfuc9yasVj73
+cw==
 -----END CERTIFICATE-----
diff --git a/certs/4096/client-key.der b/certs/4096/client-key.der
index 34a6f1b7c..70a187bee 100644
Binary files a/certs/4096/client-key.der and b/certs/4096/client-key.der differ
diff --git a/certs/acert/acert.pem b/certs/acert/acert.pem
new file mode 100644
index 000000000..4bde876d3
--- /dev/null
+++ b/certs/acert/acert.pem
@@ -0,0 +1,23 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIID4zCCAssCAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDANBgkqhkiG9w0BAQsF
+AAIBATAiGA8yMDE4MDEwMTA1MDAwMFoYDzIwMjgwMTAxMDUwMDAwWjCB7TALBgVn
+gQUCEzECMAAwHAYFZ4EFAhExEzARMAkCAQECAQMCARYEBAAAAAEwEgYFZ4EFAhkx
+CTAHBgVngQUIAjCBlQYHZ4EFBQEHAjGBiTCBhqBkMC8wDgYGZ4EFEgMBBAQAAgAB
+DBJYWVogQ29tcHV0aW5nIEluYy4MATGABkFCQzEyMzAxMA4GBmeBBRIDAQQEAAcA
+AgwNTm90IFNwZWNpZmllZAwDSEQxgAgxMjM0QUJDRIMB/6IeMBwMCHVuYW1lIC1y
+DBA2LjUuMC0xNS1nZW5lcmljMBQGBWeBBQIXMQswCQIBAQIBAQIBETCCAScwbwYD
+VR0jBGgwZoAUl46DRCrPD3GZndkBbbNDngf6ZHChOKQ2MDQxCzAJBgNVBAYTAlVT
+MRQwEgYDVQQKDAtleGFtcGxlLmNvbTEPMA0GA1UECwwGUENUZXN0ghRmuv6Ey2Ja
+dCAOFysMNOn9CiH45zBBBgNVHSAEOjA4MDYGAioDMDAwLgYIKwYBBQUHAgIwIgwg
+VENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwcQYDVR0RBGowaKRmMGQx
+EzARBgZngQUFAQQMB01vZGVsIEExHjAcBgZngQUFAQEMElhZWiBDb21wdXRpbmcg
+SW5jLjEZMBcGBmeBBQUBBQwNTm90IFNwZWNpZmllZDESMBAGBmeBBQUBBgwGQUJD
+MTIzMA0GCSqGSIb3DQEBCwUAA4IBAQB2SdELM7Dqaq2mvT+IV3pCBN7qPzRL+sO4
+MZG6jpTbbblr124KM84g936zLVZxOJeAa+Ie7r0ET7GYI+zKtpLmIZrlqhZl4YkP
+3g65JsIVc5PvOogxv67IxVigHu/NFKHIbFPz85drTatEVCfA8ac8BwJXXwuESLNr
+cH+K/vdLWDgMhsijhco82RI8x11wBvzMXLPnM5OnkiG/0zaEW7mk1gH2tBS6oCc+
+0v8y9jQ5NqyPo0mNhLJhUMonmvaGdZ3iDEFyF+iNuDc3pP5PA1YDKk/BYGXt1NUE
+89mkuGoF8bwkU9uqLKQ3jpCKx/SZZ08IK5MPQyzsnwjyhrsrP3Qm
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/acert_ietf.pem b/certs/acert/acert_ietf.pem
new file mode 100644
index 000000000..1c25c8677
--- /dev/null
+++ b/certs/acert/acert_ietf.pem
@@ -0,0 +1,15 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4
+LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj
+BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP
+gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI
+i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs
+GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn
+ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+
+mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6
+coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8
+d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A
+Bw==
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/acert_ietf_pubkey.pem b/certs/acert/acert_ietf_pubkey.pem
new file mode 100644
index 000000000..c7434f934
--- /dev/null
+++ b/certs/acert/acert_ietf_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvpigJZE2asRTFe63b3f
+xvh0swQuX+L4hW08E7mlm0NSQvBVs8yebELNnZLL738fvocvQMwAjf+8+Lyjb1fr
+FYMYvJpb6LmGA2Ysyt6Ny700dpiUValtd4mwtjSCH0/k4rCiaiCYWaN79Le9ZGwD
+pZ341kVX74JkNdaXs1EJ1tkUUoq6aIu5CWYncxjA4IufduHV1Eh/dpNq1tuLHjgY
+Y3NwYDJcotmN9mmIO+MAuZ1TzifhIy14tNGIspYpSZbn8j2RQpQOclhMVWeM5t0i
+TWgOO+jhJngptIJMXEaQQzKPiazv6pBhk8oamAZ0Nipr+DI8iDxvzHtyFDRVToOg
+1QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/acert/acert_pubkey.pem b/certs/acert/acert_pubkey.pem
new file mode 100644
index 000000000..a382a1be0
--- /dev/null
+++ b/certs/acert/acert_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjl1VnpENuEfQCVm2E4q
+h28D62c0pX5IgN5F2RoS7siU2Oc9hsSz6Hj+9o0SRhUTEAxxrML2d7TM2SVoIJ/x
+CFrchA1fIZQm7FWJa7MDFpxkRc7cNUGrZ5oyVCHtK6IbKiU4y8B/vova6+dyy6bi
+j97ea0UDL8ztKNyDUH9ZntyFrHTltA/ZlEjmxGHQJQd4RBO6RdfM70R7l+YTGa2N
+PflyiRY2SKNXXx8cVUURJvkOXVfLCuRUzG+NnSS62WRuWOOD0ZjiJCnwkTJZQNw0
+qI+hLhWN+//05JeKOw6rNVVUHR/R0GgjPL6FIQ/+yF2Z8nCd8lVIIY+hQsM/1l/h
+2QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/acert/include.am b/certs/acert/include.am
new file mode 100644
index 000000000..e93fe85d4
--- /dev/null
+++ b/certs/acert/include.am
@@ -0,0 +1,13 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+		certs/acert/acert.pem \
+		certs/acert/acert_ietf.pem \
+		certs/acert/acert_pubkey.pem \
+		certs/acert/acert_ietf_pubkey.pem \
+		certs/acert/rsa_pss/acert.pem \
+		certs/acert/rsa_pss/acert_ietf.pem \
+		certs/acert/rsa_pss/acert_pubkey.pem \
+		certs/acert/rsa_pss/acert_ietf_pubkey.pem
diff --git a/certs/acert/rsa_pss/acert.pem b/certs/acert/rsa_pss/acert.pem
new file mode 100644
index 000000000..74519df31
--- /dev/null
+++ b/certs/acert/rsa_pss/acert.pem
@@ -0,0 +1,25 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIIESzCCAv8CAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDBBBgkqhkiG9w0BAQow
+NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
+ogMCASACAQEwIhgPMjAxODAxMDEwNTAwMDBaGA8yMDI4MDEwMTA1MDAwMFowge0w
+CwYFZ4EFAhMxAjAAMBwGBWeBBQIRMRMwETAJAgEBAgEDAgEWBAQAAAABMBIGBWeB
+BQIZMQkwBwYFZ4EFCAIwgZUGB2eBBQUBBwIxgYkwgYagZDAvMA4GBmeBBRIDAQQE
+AAIAAQwSWFlaIENvbXB1dGluZyBJbmMuDAExgAZBQkMxMjMwMTAOBgZngQUSAwEE
+BAAHAAIMDU5vdCBTcGVjaWZpZWQMA0hEMYAIMTIzNEFCQ0SDAf+iHjAcDAh1bmFt
+ZSAtcgwQNi41LjAtMTUtZ2VuZXJpYzAUBgVngQUCFzELMAkCAQECAQECAREwggEn
+MG8GA1UdIwRoMGaAFJeOg0Qqzw9xmZ3ZAW2zQ54H+mRwoTikNjA0MQswCQYDVQQG
+EwJVUzEUMBIGA1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdIIUZrr+
+hMtiWnQgDhcrDDTp/Qoh+OcwQQYDVR0gBDowODA2BgIqAzAwMC4GCCsGAQUFBwIC
+MCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MHEGA1UdEQRqMGik
+ZjBkMRMwEQYGZ4EFBQEEDAdNb2RlbCBBMR4wHAYGZ4EFBQEBDBJYWVogQ29tcHV0
+aW5nIEluYy4xGTAXBgZngQUFAQUMDU5vdCBTcGVjaWZpZWQxEjAQBgZngQUFAQYM
+BkFCQzEyMzBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAH4FGu9CJJ/NraWxXoB+EuHu
+Ec95MPJDHnsDLea45z5TXkdxCd8Tb5EBuWYFCI6nkpWtkiF5UaLncQD/1ag0ECjZ
+duhmoaM01t8TERP1x2xOotpiS0nDGiAqn3twBS3NZlxgEDRMvW92tM49Vvlk7JwD
+Kxv9+qXidCXt62dcDNJoe1Uj9HXxuOO2NaO9OQHlPkY5GctKbcDBwaDUlEz40J9k
+PoXDNurLmI/nNgMDgicKdzdmhMT/BSXSt7Z228p7QcgROgJ5xTEVIMm+lGcBg1Sc
+RnWTVNjrIG+/nzYZENr+F40nrIKbkIIZTLCqwAN6fFFt/jNc44SdoJMNsKe1bTM=
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/rsa_pss/acert_ietf.pem b/certs/acert/rsa_pss/acert_ietf.pem
new file mode 100644
index 000000000..37f75625f
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_ietf.pem
@@ -0,0 +1,17 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICpTCCAVkCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASACFAO1kFkCoqq1
+QCFEuCxP2YAbX1fCMCIYDzIwMjEwNjE1MTIzNTAwWhgPMjAzMTA2MTMxMjM1MDBa
+MEEwIwYIKwYBBQUHCgQxFzAVoAmGB1Rlc3R2YWwwCAwGZ3JvdXAxMBoGA1UESDET
+MBGhD4MNYWRtaW5pc3RyYXRvcjAsMB8GA1UdIwQYMBaAFGJuyWhnbGS7U4LdLaqA
+itjKyItdMAkGA1UdOAQCBQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEF
+AKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCX18Lyj2CR
+AJL9JAwxYgWbk7fWif2mG5IiQ264Rd0W6ugqw1hYseKHnRI5LpxsRVF5kEaFs2ta
+FhwxxOtAo8YvbxMC4emuatbqwOlWQYwk9wPLbZb1nd1FItPtO98FK7/vF0263eJu
+A+UFxmDvLlao3SzP19mtCOcUjGsVxcJ2PN05wDUzITu2vGXuJAdjHcYX+s1UMLwk
+WMwHsz7EK2Al/FavI1MfZp0lVFi++CMOAdLIRbTjlACATDq6Q6kPc+bTqvMYoca2
+bGLw1jSig6T3DvGa3O/BwRMOhyqCtJNQYY7MYxcZhPR4Y0RLmyFnFiSzwypL6oMk
+QMaW0z/K5YO2
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/rsa_pss/acert_ietf_pubkey.pem b/certs/acert/rsa_pss/acert_ietf_pubkey.pem
new file mode 100644
index 000000000..f2d208d39
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_ietf_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBALg9nrRhxCl5zxFdE7Le9GXL
+9M8Rzx5xU3meu6yp9lFIc3+FxNoc5E8nk7HXUK82iuEChcSlqt0j0/y03YqM+O45
+N6A9OkEkjdyL8BaeQEgNxZY16/nvhhnH0Bzg4n7DMvy3sUPQvsAu9tpbfSd+WNDT
+vtO9Fe84HIBkYhRuaIv7ca1UYn7R2VQk1RXK0lfY4orCOrexmlfPciJaTJcR5Lyi
+pjUj7X5lruRHVibrMY+Z+8DtvPaDZ7HFiuXzpGPQ0W907Wt7zEJfmTMUyQoOMDMM
+4iSlq0ib3rdZt9y2obCggRTFAtMAFIJ29FOT9FYDagMYFSqhnrR3ohiTNzfpYNMC
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/acert/rsa_pss/acert_pubkey.pem b/certs/acert/rsa_pss/acert_pubkey.pem
new file mode 100644
index 000000000..a0f2d828a
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAL0P9mcosJbMQavKMo6FvjK/
+vC5PZAFYxsbQnDiG3kb3gCsshI8HQzHNIuw4wN3waJrqnFmsmsUqMENtsC0J2Fty
+DOI5791Ma7JUKT31RW6f5eU2Gjx1+evNWtWs2WzupsZdPS3DlgEQJsTSw3Fs1q5w
+JVLVHhtOjCwdj2QO9Xr17Nt0ZOfKoJdqth3LAVujMnOw9gbyTbCrCB+z1Mkq+dK4
+K0v6IPZqY76LVhR42y/lyG+MZ8jswg4I4qAE+iIwPi/9Tz9UdNwMfSr3gdD13pa3
+VqnGZG83prqPLEHwsSNpWGdDx7pQxgBkAPztO+7LPrMd1ck8Uugsq36pusLjdQ0C
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/ca-cert-chain.der b/certs/ca-cert-chain.der
index 199c049e4..86950eec8 100644
Binary files a/certs/ca-cert-chain.der and b/certs/ca-cert-chain.der differ
diff --git a/certs/ca-cert.der b/certs/ca-cert.der
index bdb2f8760..3c6964e2f 100644
Binary files a/certs/ca-cert.der and b/certs/ca-cert.der differ
diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem
index 33d90791f..bb4abe7bc 100644
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,27 +46,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -82,12 +82,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der
index bc9abe252..b00ba4a10 100644
Binary files a/certs/ca-ecc-cert.der and b/certs/ca-ecc-cert.der differ
diff --git a/certs/ca-ecc-cert.pem b/certs/ca-ecc-cert.pem
index d088d30ac..eab997d70 100644
--- a/certs/ca-ecc-cert.pem
+++ b/certs/ca-ecc-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0f:17:46:70:fd:c2:70:d1:f9:42:49:9c:1a:c3:5d:dd:30:c8:5f:85
+            30:b9:30:50:f8:1a:0d:ff:ad:68:d1:6d:e8:a3:6b:58:23:33:7a:84
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -24,23 +24,23 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:c8:64:7f:ee:4b:be:83:48:13:ea:92:f8:1a:
-         82:1e:85:b1:5a:a4:1c:e3:e8:ea:25:44:6f:e7:70:fd:eb:f3:
-         76:02:20:44:02:a2:ec:c5:a1:ae:e2:a4:8a:d9:13:95:2b:a6:
-         5b:09:57:86:61:42:96:97:f0:95:62:0c:03:e6:53:04:25
+    Signature Value:
+        30:45:02:21:00:88:cc:7f:00:f5:a9:4e:c0:69:6e:36:39:24:
+        8f:83:45:4d:fa:d0:39:14:b8:c8:7f:95:51:f2:c5:98:c0:b7:
+        e2:02:20:2a:93:61:b0:06:de:eb:da:fd:af:6b:39:bf:88:17:
+        f1:ba:2a:7d:59:a8:de:e7:0a:11:83:4f:92:77:8d:92:3b
 -----BEGIN CERTIFICATE-----
-MIIClTCCAjugAwIBAgIUDxdGcP3CcNH5QkmcGsNd3TDIX4UwCgYIKoZIzj0EAwIw
+MIIClTCCAjugAwIBAgIUMLkwUPgaDf+taNFt6KNrWCMzeoQwCgYIKoZIzj0EAwIw
 gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZcxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZcxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -48,6 +48,6 @@ Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
 KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
 MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
 msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDIZH/uS76DSBPqkvgagh6FsVqkHOPo6iVE
-b+dw/evzdgIgRAKi7MWhruKkitkTlSumWwlXhmFClpfwlWIMA+ZTBCU=
+AgGGMAoGCCqGSM49BAMCA0gAMEUCIQCIzH8A9alOwGluNjkkj4NFTfrQORS4yH+V
+UfLFmMC34gIgKpNhsAbe69r9r2s5v4gX8boqfVmo3ucKEYNPkneNkjs=
 -----END CERTIFICATE-----
diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der
index 6897c6835..23e1a0430 100644
Binary files a/certs/ca-ecc384-cert.der and b/certs/ca-ecc384-cert.der differ
diff --git a/certs/ca-ecc384-cert.pem b/certs/ca-ecc384-cert.pem
index a103a367f..108e08ac1 100644
--- a/certs/ca-ecc384-cert.pem
+++ b/certs/ca-ecc384-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2e:ea:f0:11:40:1e:ad:fa:a7:85:68:65:7a:25:2b:13:b7:61:d7:80
+            4e:08:67:9d:29:61:47:3e:2a:23:82:cd:cf:cb:53:2a:b8:02:22:57
         Signature Algorithm: ecdsa-with-SHA384
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -26,25 +26,25 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
             X509v3 Authority Key Identifier: 
-                keyid:AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
-
+                AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA384
-         30:65:02:31:00:bd:2e:67:71:54:be:b8:5e:29:19:d3:18:f7:
-         e1:ae:79:f0:cc:09:c3:91:c0:81:ab:d7:b7:21:f8:4f:da:bc:
-         ad:0e:fc:3d:54:32:21:3a:67:c5:26:35:e9:33:b2:58:d2:02:
-         30:64:2f:fb:10:d0:65:b5:ac:bb:b3:41:64:24:eb:0a:6b:ae:
-         a4:ed:3e:c8:62:81:45:97:92:ad:61:eb:69:54:ce:42:83:bb:
-         68:23:20:f7:b2:5a:55:0c:d4:e6:13:42:61
+    Signature Value:
+        30:65:02:30:1d:3f:92:02:b2:46:54:ee:9e:0d:90:03:73:6a:
+        ab:04:5a:41:fe:f4:1b:fd:d6:99:cc:7a:6c:fd:52:da:2e:4e:
+        78:fe:ef:79:74:12:5e:04:9d:2c:e4:e7:1a:4d:d3:1e:02:31:
+        00:b7:34:e8:4c:69:70:db:fd:1a:48:c5:dc:8e:ef:15:ca:13:
+        ee:f8:4f:27:5f:d2:3a:6a:06:7d:f3:32:a7:75:97:27:6d:60:
+        ed:a2:9f:9f:7e:66:43:f9:15:1d:65:5d:49
 -----BEGIN CERTIFICATE-----
-MIIC0jCCAligAwIBAgIULurwEUAerfqnhWhleiUrE7dh14AwCgYIKoZIzj0EAwMw
+MIIC0jCCAligAwIBAgIUTghnnSlhRz4qI4LNz8tTKrgCIlcwCgYIKoZIzj0EAwMw
 gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZcxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZcxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -53,7 +53,7 @@ fr3YWqW58I6ipdrOhztaq0QWnPWfYt32IM2cdjxAsT+XF99Z9s3ezUY1wO1eLki2
 ZpFxdLcMP7mat4O9kz9fUC1wP941JeGQO4bgo2MwYTAdBgNVHQ4EFgQUq+DDJkwY
 1HK70oSMnAoFkoASU1IwHwYDVR0jBBgwFoAUq+DDJkwY1HK70oSMnAoFkoASU1Iw
 DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAw
-ZQIxAL0uZ3FUvrheKRnTGPfhrnnwzAnDkcCBq9e3IfhP2rytDvw9VDIhOmfFJjXp
-M7JY0gIwZC/7ENBltay7s0FkJOsKa66k7T7IYoFFl5KtYetpVM5Cg7toIyD3slpV
-DNTmE0Jh
+ZQIwHT+SArJGVO6eDZADc2qrBFpB/vQb/daZzHps/VLaLk54/u95dBJeBJ0s5Oca
+TdMeAjEAtzToTGlw2/0aSMXcju8VyhPu+E8nX9I6agZ98zKndZcnbWDtop+ffmZD
++RUdZV1J
 -----END CERTIFICATE-----
diff --git a/certs/ca-key-pkcs8-attribute.der b/certs/ca-key-pkcs8-attribute.der
new file mode 100644
index 000000000..692a8cccf
Binary files /dev/null and b/certs/ca-key-pkcs8-attribute.der differ
diff --git a/certs/check_dates.sh b/certs/check_dates.sh
index 9fd2ea137..64421e76e 100755
--- a/certs/check_dates.sh
+++ b/certs/check_dates.sh
@@ -137,6 +137,22 @@ do
     check_file $file
 done
 
+# try running test suite in the future
+faketime -v > /dev/null
+RESULT=$?
+if [ "$RESULT" = "0" ]; then
+    FUTURE=$(date --date="1 years")
+    echo ""
+    echo "Trying to run tests with time set to \"$FUTURE\""
+    ./configure --enable-all -q
+    make -s
+    faketime "${FUTURE}" ./tests/unit.test
+    RESULT=$?
+    if [ "$RESULT" != "0" ]; then
+        echo "Running tests with future date failed"
+        exit 1
+    fi
+fi
 # Return result of check
 # 0 on success
 # 1 on failure
diff --git a/certs/client-absolute-urn.pem b/certs/client-absolute-urn.pem
index 6393b3552..15723cc8e 100644
--- a/certs/client-absolute-urn.pem
+++ b/certs/client-absolute-urn.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5a:3e:54:33:b4:88:fe:ad:22:40:07:62:9b:28:b1:56:7b:af:a6:eb
+            4e:4b:a3:8d:2d:2b:10:08:9c:05:89:89:3b:c1:6d:f4:fa:ab:6c:75
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = ABSOLUTE_URN, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = ABSOLUTE_URN, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,34 +38,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=ABSOLUTE_URN/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5A:3E:54:33:B4:88:FE:AD:22:40:07:62:9B:28:B1:56:7B:AF:A6:EB
-
+                serial:4E:4B:A3:8D:2D:2B:10:08:9C:05:89:89:3B:C1:6D:F4:FA:AB:6C:75
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:urn:example:test
     Signature Algorithm: sha256WithRSAEncryption
-         28:ec:66:1b:7e:f7:62:fe:44:8e:b3:65:0a:9c:10:d3:c3:72:
-         a1:97:85:1d:5a:1c:de:74:1f:28:63:18:f6:28:d0:d1:8e:55:
-         c3:98:7d:c2:21:a8:a2:6f:7e:9a:98:dd:2f:2c:ab:51:69:9b:
-         27:1f:04:9e:01:22:ce:fb:3a:a6:c6:37:27:c7:0f:11:93:f8:
-         74:9c:18:88:2a:f7:d4:50:da:fc:54:00:f8:5e:57:08:52:fb:
-         47:48:d0:a3:7d:9f:3e:87:09:b4:4f:07:c7:46:89:e3:52:a5:
-         d9:a8:e9:04:51:58:99:ef:61:9c:51:f4:98:fe:89:fa:d0:1a:
-         bd:9f:63:81:e2:9a:f3:67:17:6d:df:8c:be:34:e8:c2:96:a2:
-         fc:28:e7:5a:23:fe:c1:02:c8:af:bd:db:4a:d0:8c:28:fd:c9:
-         a3:1c:1e:ab:ca:e6:d3:90:b7:25:c5:29:04:b9:76:08:f2:f1:
-         14:e5:e7:8a:30:06:0b:bc:5d:30:4f:b0:12:3b:93:d7:99:a2:
-         de:57:0f:85:b8:c8:47:ee:dc:5b:6a:71:b7:7e:85:a1:fd:9d:
-         3a:d2:fa:2b:0f:7c:51:8c:d9:ef:9e:37:c9:3a:4a:75:85:b1:
-         16:ef:f9:cc:48:b4:15:8e:08:5f:ea:82:5b:32:07:a9:56:d4:
-         76:5e:bc:a4
+    Signature Value:
+        56:e2:74:63:d9:98:fd:a9:49:a4:60:86:60:cd:2e:37:c3:b5:
+        ad:bf:b4:5f:36:14:3d:16:00:f5:5e:cc:50:41:9d:5d:7e:e2:
+        91:3d:a0:cf:37:56:dc:e1:3c:93:fb:c8:3f:46:db:5a:b6:f0:
+        71:43:f3:9e:09:b3:6f:a6:c3:43:97:43:27:96:ec:37:4a:56:
+        dd:99:49:16:ef:1f:5d:c2:37:b0:6e:3f:f6:21:94:ca:df:eb:
+        6b:1f:e0:81:95:4d:a7:c1:07:8a:65:d6:f9:e4:d4:42:72:49:
+        46:32:c2:29:90:98:f1:90:1f:99:b9:4a:57:18:5c:99:54:ee:
+        43:a9:48:52:39:d5:54:91:40:45:2a:f2:8e:58:8e:d6:06:ba:
+        f9:04:55:f7:51:84:e4:2a:59:a9:41:ad:40:f3:32:51:21:8d:
+        8e:bd:83:0d:9e:3c:2f:b8:24:d0:dd:81:11:99:95:1c:eb:cf:
+        ee:1a:ac:85:16:ca:4b:fb:45:47:d0:01:d9:41:da:3a:58:a5:
+        df:bd:e3:aa:36:f9:60:d6:20:ac:2c:f5:cd:41:5d:f5:cd:15:
+        c4:4a:b5:90:c3:08:ac:12:38:af:7b:bb:d6:1b:b6:4b:0a:38:
+        50:af:86:9e:5f:fc:bd:cf:58:68:4b:ce:7c:30:48:ef:da:5a:
+        8f:2f:f8:4a
 -----BEGIN CERTIFICATE-----
-MIIE7jCCA9agAwIBAgIUWj5UM7SI/q0iQAdimyixVnuvpuswDQYJKoZIhvcNAQEL
+MIIE7jCCA9agAwIBAgIUTkujjS0rEAicBYmJO8Ft9PqrbHUwDQYJKoZIhvcNAQEL
 BQAwgZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDEFCU09MVVRF
 X1VSTjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFow
+bmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVow
 gZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDEFCU09MVVRFX1VS
 TjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
@@ -80,12 +80,12 @@ cCeRxybXhWXAMIHaBgNVHSMEgdIwgc+AFDPYRWbXaIcYflQNcCeRxybXhWXAoYGg
 pIGdMIGaMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxBQlNPTFVU
 RV9VUk4xGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
-aW5mb0B3b2xmc3NsLmNvbYIUWj5UM7SI/q0iQAdimyixVnuvpuswCQYDVR0TBAIw
+aW5mb0B3b2xmc3NsLmNvbYIUTkujjS0rEAicBYmJO8Ft9PqrbHUwCQYDVR0TBAIw
 ADAbBgNVHREEFDAShhB1cm46ZXhhbXBsZTp0ZXN0MA0GCSqGSIb3DQEBCwUAA4IB
-AQAo7GYbfvdi/kSOs2UKnBDTw3Khl4UdWhzedB8oYxj2KNDRjlXDmH3CIaiib36a
-mN0vLKtRaZsnHwSeASLO+zqmxjcnxw8Rk/h0nBiIKvfUUNr8VAD4XlcIUvtHSNCj
-fZ8+hwm0TwfHRonjUqXZqOkEUViZ72GcUfSY/on60Bq9n2OB4przZxdt34y+NOjC
-lqL8KOdaI/7BAsivvdtK0Iwo/cmjHB6ryubTkLclxSkEuXYI8vEU5eeKMAYLvF0w
-T7ASO5PXmaLeVw+FuMhH7txbanG3foWh/Z060vorD3xRjNnvnjfJOkp1hbEW7/nM
-SLQVjghf6oJbMgepVtR2Xryk
+AQBW4nRj2Zj9qUmkYIZgzS43w7Wtv7RfNhQ9FgD1XsxQQZ1dfuKRPaDPN1bc4TyT
++8g/RttatvBxQ/OeCbNvpsNDl0Mnluw3SlbdmUkW7x9dwjewbj/2IZTK3+trH+CB
+lU2nwQeKZdb55NRCcklGMsIpkJjxkB+ZuUpXGFyZVO5DqUhSOdVUkUBFKvKOWI7W
+Brr5BFX3UYTkKlmpQa1A8zJRIY2OvYMNnjwvuCTQ3YERmZUc68/uGqyFFspL+0VH
+0AHZQdo6WKXfveOqNvlg1iCsLPXNQV31zRXESrWQwwisEjive7vWG7ZLCjhQr4ae
+X/y9z1hoS858MEjv2lqPL/hK
 -----END CERTIFICATE-----
diff --git a/certs/client-ca.pem b/certs/client-ca.pem
index f670cb410..3f51043e5 100644
--- a/certs/client-ca.pem
+++ b/certs/client-ca.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            08:b0:54:7a:03:5a:ec:55:8a:12:e8:f9:8e:34:b6:13:d9:59:b8:e8
+            4f:0d:8c:c5:fa:ee:a2:9b:b7:35:9e:e9:4a:17:99:f0:cc:23:f2:ec
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:08:B0:54:7A:03:5A:EC:55:8A:12:E8:F9:8E:34:B6:13:D9:59:B8:E8
-
+                serial:4F:0D:8C:C5:FA:EE:A2:9B:B7:35:9E:E9:4A:17:99:F0:CC:23:F2:EC
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,28 +46,29 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         89:84:eb:6a:70:3b:2a:6e:a8:8b:f2:92:79:97:5c:bd:98:8b:
-         71:db:db:7c:df:db:a4:2c:59:d3:a6:75:41:c2:06:b6:17:1e:
-         0c:1f:7d:0b:7f:58:3e:c1:e7:0c:f0:62:92:77:ab:99:79:7b:
-         85:f4:d9:6c:d0:0e:e5:8b:13:35:65:9e:d7:9a:51:98:e4:49:
-         44:51:c8:e3:e0:9a:ff:c2:cb:3d:81:eb:ee:f4:1a:d1:96:4b:
-         e9:7d:de:5b:f2:64:40:ad:e1:d9:d6:b7:e1:eb:a9:3a:52:29:
-         89:aa:07:37:96:44:e3:23:49:f3:be:f3:0d:70:d1:a2:ce:78:
-         86:22:fc:76:00:84:1d:fa:8b:8a:d2:43:93:88:fa:ee:22:cc:
-         a6:86:f5:3f:24:f1:d4:70:05:4f:3b:18:32:50:67:c1:80:77:
-         0d:3c:78:75:35:d0:fd:60:f3:ed:a1:30:d0:62:25:99:6b:80:
-         56:17:3d:b4:af:1d:df:ab:48:21:c1:d2:0b:6b:94:a7:33:d1:
-         d0:82:b7:3b:92:eb:9d:d6:6c:32:81:5e:07:3c:46:34:32:7b:
-         ea:22:db:a6:a3:18:69:7c:ad:17:e4:c8:a9:8f:a8:ba:67:af:
-         99:39:ef:6e:0c:f8:a9:b3:bd:ab:71:94:e0:41:aa:a4:2d:72:
-         60:51:d1:5c
+    Signature Value:
+        46:ab:e4:6d:ae:49:5b:6a:0b:a9:87:e1:95:32:a6:d7:ae:de:
+        28:dc:c7:99:68:e2:5f:c9:5a:4c:64:b8:f5:28:42:5a:e8:5c:
+        59:32:fe:d0:1f:0b:55:89:db:67:e7:78:f3:70:cf:18:51:57:
+        8b:f3:2b:a4:66:0b:f6:03:6e:11:ac:83:52:16:7e:a2:7c:36:
+        77:f6:bb:13:19:40:2c:b8:8c:ca:d6:7e:79:7d:f4:14:8d:b5:
+        a4:09:f6:2d:4c:e7:f9:b8:25:41:15:78:f4:ca:80:41:ea:3a:
+        05:08:f6:b5:5b:a1:3b:5b:48:a8:4b:8c:19:8d:6c:87:31:76:
+        74:02:16:8b:dd:7f:d1:11:62:27:42:39:e0:9a:63:26:31:19:
+        ce:3d:41:d5:24:47:32:0f:76:d6:41:37:44:ad:73:f1:b8:ec:
+        2b:6e:9c:4f:84:c4:4e:d7:92:10:7e:23:32:a0:75:6a:e7:fe:
+        55:95:9f:0a:ad:df:f9:2a:a2:1a:59:d5:82:63:d6:5d:7d:79:
+        f4:a7:2d:dc:8c:04:cd:98:b0:42:0e:84:fa:86:50:10:61:ac:
+        73:cd:79:45:30:e8:42:a1:6a:f6:77:55:ec:07:db:52:29:ca:
+        7a:c8:a2:da:e9:f5:98:33:6a:e8:bc:89:ed:01:e2:fe:44:86:
+        86:80:39:ec
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIUCLBUegNa7FWKEuj5jjS2E9lZuOgwDQYJKoZIhvcNAQEL
+MIIFHTCCBAWgAwIBAgIUTw2Mxfruopu3NZ7pSheZ8Mwj8uwwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
@@ -82,26 +82,26 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCLBUegNa7FWKEuj5jjS2E9lZ
-uOgwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUTw2Mxfruopu3NZ7pSheZ8Mwj
+8uwwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
 BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-AImE62pwOypuqIvyknmXXL2Yi3Hb23zf26QsWdOmdUHCBrYXHgwffQt/WD7B5wzw
-YpJ3q5l5e4X02WzQDuWLEzVlnteaUZjkSURRyOPgmv/Cyz2B6+70GtGWS+l93lvy
-ZECt4dnWt+HrqTpSKYmqBzeWROMjSfO+8w1w0aLOeIYi/HYAhB36i4rSQ5OI+u4i
-zKaG9T8k8dRwBU87GDJQZ8GAdw08eHU10P1g8+2hMNBiJZlrgFYXPbSvHd+rSCHB
-0gtrlKcz0dCCtzuS653WbDKBXgc8RjQye+oi26ajGGl8rRfkyKmPqLpnr5k5724M
-+KmzvatxlOBBqqQtcmBR0Vw=
+AEar5G2uSVtqC6mH4ZUypteu3ijcx5lo4l/JWkxkuPUoQlroXFky/tAfC1WJ22fn
+ePNwzxhRV4vzK6RmC/YDbhGsg1IWfqJ8Nnf2uxMZQCy4jMrWfnl99BSNtaQJ9i1M
+5/m4JUEVePTKgEHqOgUI9rVboTtbSKhLjBmNbIcxdnQCFovdf9ERYidCOeCaYyYx
+Gc49QdUkRzIPdtZBN0Stc/G47CtunE+ExE7XkhB+IzKgdWrn/lWVnwqt3/kqohpZ
+1YJj1l19efSnLdyMBM2YsEIOhPqGUBBhrHPNeUUw6EKhavZ3VewH21IpynrIotrp
+9Zgzaui8ie0B4v5EhoaAOew=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            37:67:2a:05:24:b5:2b:b6:ae:40:6b:e1:75:e0:97:cc:1d:12:8b:2a
+            75:99:db:38:ed:32:b1:c2:d1:2c:5e:6f:6f:9d:47:17:58:dd:ee:26
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -120,8 +120,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
                 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:37:67:2A:05:24:B5:2B:B6:AE:40:6B:E1:75:E0:97:CC:1D:12:8B:2A
-
+                serial:75:99:DB:38:ED:32:B1:C2:D1:2C:5E:6F:6F:9D:47:17:58:DD:EE:26
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -129,16 +128,17 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:7a:6d:c5:bd:6f:9d:54:4f:c5:4c:d0:12:8c:31:
-         3b:b6:17:80:9e:c7:34:f8:c5:da:fb:61:23:35:e6:93:35:b4:
-         02:20:1b:6a:86:c4:11:be:7c:15:a7:5e:ab:85:ee:b7:8c:20:
-         dc:eb:17:a3:f2:66:63:aa:6b:67:e0:62:1f:17:3e:ac
+    Signature Value:
+        30:45:02:20:03:69:31:45:6f:01:88:6b:63:c6:1c:eb:39:e4:
+        9a:a8:e2:e0:34:ac:ac:e6:a1:d6:fe:ce:85:98:1e:b0:0d:a9:
+        02:21:00:a3:dd:84:5d:08:28:4b:8b:58:fb:0d:33:db:02:ea:
+        c8:0c:da:34:0b:4e:83:a2:10:67:99:19:1c:93:91:c8:c7
 -----BEGIN CERTIFICATE-----
-MIIDXTCCAwSgAwIBAgIUN2cqBSS1K7auQGvhdeCXzB0SiyowCgYIKoZIzj0EAwIw
+MIIDXjCCAwSgAwIBAgIUdZnbOO0yscLRLF5vb51HF1jd7iYwCgYIKoZIzj0EAwIw
 gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
 MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBjTELMAkGA1UEBhMCVVMx
+HhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBjTELMAkGA1UEBhMCVVMx
 DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
 dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
 MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
@@ -148,9 +148,9 @@ WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
 iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
 BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb22CFDdnKgUktSu2rkBr4XXgl8wdEosqMAwGA1UdEwQFMAMBAf8w
+d29sZnNzbC5jb22CFHWZ2zjtMrHC0Sxeb2+dRxdY3e4mMAwGA1UdEwQFMAMBAf8w
 HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0cAMEQCIHptxb1vnVRPxUzQEowxO7YX
-gJ7HNPjF2vthIzXmkzW0AiAbaobEEb58Fadeq4Xut4wg3OsXo/JmY6prZ+BiHxc+
-rA==
+AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0gAMEUCIANpMUVvAYhrY8Yc6znkmqji
+4DSsrOah1v7OhZgesA2pAiEAo92EXQgoS4tY+w0z2wLqyAzaNAtOg6IQZ5kZHJOR
+yMc=
 -----END CERTIFICATE-----
diff --git a/certs/client-cert-ext.der b/certs/client-cert-ext.der
index 82aac96d6..3769535b0 100644
Binary files a/certs/client-cert-ext.der and b/certs/client-cert-ext.der differ
diff --git a/certs/client-cert-ext.pem b/certs/client-cert-ext.pem
index 07ca05d00..7fdcf37da 100644
--- a/certs/client-cert-ext.pem
+++ b/certs/client-cert-ext.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            12:37:de:bf:76:06:c4:e6:74:0c:38:84:53:e2:19:d4:b9:d3:68:d3
+            21:e5:09:ec:95:19:31:a3:cb:58:ee:53:ea:d8:7c:a3:a2:7a:1f:f5
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:12:37:DE:BF:76:06:C4:E6:74:0C:38:84:53:E2:19:D4:B9:D3:68:D3
-
+                serial:21:E5:09:EC:95:19:31:A3:CB:58:EE:53:EA:D8:7C:A3:A2:7A:1F:F5
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,28 +46,29 @@ Certificate:
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         ac:be:4c:63:00:b5:d9:d5:9e:b1:83:61:a3:7a:1f:a8:b7:ad:
-         e0:0a:c8:c4:42:b2:ff:96:18:99:3d:16:b9:58:05:94:7b:1b:
-         da:66:27:e3:48:5b:e6:4d:7b:0f:51:c5:8e:e4:b5:c3:0b:48:
-         96:56:95:bb:3c:4d:91:c9:2c:51:61:24:37:d2:ef:ec:6c:97:
-         92:cc:b4:fc:4f:fc:db:f7:7d:71:a9:3c:3a:a1:fb:e1:14:1a:
-         c2:a3:51:e8:fc:c5:fb:57:44:73:97:93:bd:79:9a:10:9e:27:
-         e1:f2:cd:43:94:8f:6a:01:ce:40:51:e4:fa:06:d2:de:0a:10:
-         93:ff:0f:10:44:85:8a:00:60:2b:bf:86:40:5b:2e:28:11:e9:
-         8e:8a:ad:00:e9:0e:c6:67:ee:fc:53:8d:19:6a:33:91:0e:42:
-         16:83:5e:67:3b:24:05:85:b8:2a:bf:16:5b:d4:b0:a7:02:de:
-         29:6b:7b:fc:45:c1:1e:9f:d9:91:3c:92:9d:2e:c6:a7:a0:ea:
-         d7:b0:97:d6:58:14:03:4c:12:d5:f1:81:e3:a9:07:94:3f:53:
-         78:d1:61:e9:44:87:59:8b:b8:e7:c1:cc:3f:11:eb:00:e9:b5:
-         b7:6a:05:49:f7:5c:e0:e8:b4:6c:7c:f0:fc:67:5a:67:35:7e:
-         85:43:cb:b6
+    Signature Value:
+        9b:85:16:e2:26:24:59:e5:de:18:33:d0:49:ec:33:cc:5c:85:
+        fb:9d:a8:bc:e1:aa:9c:3a:0f:68:27:47:82:87:20:63:04:54:
+        22:a1:3c:09:fe:ad:3c:d5:1b:93:86:73:b3:6e:9a:3e:91:70:
+        a2:11:b8:49:a6:58:ec:6d:da:28:7b:6d:fe:d4:77:75:8d:82:
+        ff:f1:3a:1d:8b:e6:b6:e3:0f:89:5a:fd:fa:7d:b4:a2:af:e5:
+        a7:a0:1b:27:67:0d:36:6f:8a:ac:14:31:46:fe:71:7f:cd:ec:
+        32:03:3f:86:f0:24:35:7c:63:7b:52:b1:44:7d:65:53:9e:e5:
+        77:ad:bf:c7:dd:74:e1:0a:8e:66:06:0b:c9:d0:f4:5e:ab:34:
+        a7:15:eb:91:1f:79:aa:0a:c2:72:df:b5:d8:ed:60:e9:ef:9e:
+        d2:41:b0:7e:6e:09:ab:dc:b6:c0:c1:e5:e3:d3:a1:7f:ba:ce:
+        6f:6d:6f:bb:ba:9f:ab:68:37:53:07:e4:9c:37:54:11:0d:a1:
+        91:99:e2:11:9d:85:7c:fb:e2:4f:ce:73:21:4a:b6:55:4c:e2:
+        30:2d:34:3e:7a:60:2c:d7:a4:dc:0b:65:0f:06:2d:00:e5:d5:
+        38:99:05:ba:d1:80:42:6e:0d:6b:c9:ed:bb:fc:0e:2b:49:0e:
+        b5:a3:c5:43
 -----BEGIN CERTIFICATE-----
-MIIFCDCCA/CgAwIBAgIUEjfev3YGxOZ0DDiEU+IZ1LnTaNMwDQYJKoZIhvcNAQEL
+MIIFCDCCA/CgAwIBAgIUIeUJ7JUZMaPLWO5T6th8o6J6H/UwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
@@ -82,12 +82,12 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUEjfev3YGxOZ0DDiEU+IZ1LnT
-aNMwDAYDVR0TBAUwAwEB/zAWBgNVHREEDzANggtleGFtcGxlLmNvbTAOBgNVHQ8B
-Af8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAKy+TGMAtdnVnrGDYaN6H6i3reAK
-yMRCsv+WGJk9FrlYBZR7G9pmJ+NIW+ZNew9RxY7ktcMLSJZWlbs8TZHJLFFhJDfS
-7+xsl5LMtPxP/Nv3fXGpPDqh++EUGsKjUej8xftXRHOXk715mhCeJ+HyzUOUj2oB
-zkBR5PoG0t4KEJP/DxBEhYoAYCu/hkBbLigR6Y6KrQDpDsZn7vxTjRlqM5EOQhaD
-Xmc7JAWFuCq/FlvUsKcC3ilre/xFwR6f2ZE8kp0uxqeg6tewl9ZYFANMEtXxgeOp
-B5Q/U3jRYelEh1mLuOfBzD8R6wDptbdqBUn3XODotGx88PxnWmc1foVDy7Y=
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUIeUJ7JUZMaPLWO5T6th8o6J6
+H/UwDAYDVR0TBAUwAwEB/zAWBgNVHREEDzANggtleGFtcGxlLmNvbTAOBgNVHQ8B
+Af8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAJuFFuImJFnl3hgz0EnsM8xchfud
+qLzhqpw6D2gnR4KHIGMEVCKhPAn+rTzVG5OGc7Numj6RcKIRuEmmWOxt2ih7bf7U
+d3WNgv/xOh2L5rbjD4la/fp9tKKv5aegGydnDTZviqwUMUb+cX/N7DIDP4bwJDV8
+Y3tSsUR9ZVOe5Xetv8fddOEKjmYGC8nQ9F6rNKcV65EfeaoKwnLftdjtYOnvntJB
+sH5uCavctsDB5ePToX+6zm9tb7u6n6toN1MH5Jw3VBENoZGZ4hGdhXz74k/OcyFK
+tlVM4jAtND56YCzXpNwLZQ8GLQDl1TiZBbrRgEJuDWvJ7bv8DitJDrWjxUM=
 -----END CERTIFICATE-----
diff --git a/certs/client-cert.der b/certs/client-cert.der
index b10245930..e872b3aa9 100644
Binary files a/certs/client-cert.der and b/certs/client-cert.der differ
diff --git a/certs/client-cert.pem b/certs/client-cert.pem
index 889555315..6bf0982d5 100644
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            08:b0:54:7a:03:5a:ec:55:8a:12:e8:f9:8e:34:b6:13:d9:59:b8:e8
+            4f:0d:8c:c5:fa:ee:a2:9b:b7:35:9e:e9:4a:17:99:f0:cc:23:f2:ec
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:08:B0:54:7A:03:5A:EC:55:8A:12:E8:F9:8E:34:B6:13:D9:59:B8:E8
-
+                serial:4F:0D:8C:C5:FA:EE:A2:9B:B7:35:9E:E9:4A:17:99:F0:CC:23:F2:EC
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,28 +46,29 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         89:84:eb:6a:70:3b:2a:6e:a8:8b:f2:92:79:97:5c:bd:98:8b:
-         71:db:db:7c:df:db:a4:2c:59:d3:a6:75:41:c2:06:b6:17:1e:
-         0c:1f:7d:0b:7f:58:3e:c1:e7:0c:f0:62:92:77:ab:99:79:7b:
-         85:f4:d9:6c:d0:0e:e5:8b:13:35:65:9e:d7:9a:51:98:e4:49:
-         44:51:c8:e3:e0:9a:ff:c2:cb:3d:81:eb:ee:f4:1a:d1:96:4b:
-         e9:7d:de:5b:f2:64:40:ad:e1:d9:d6:b7:e1:eb:a9:3a:52:29:
-         89:aa:07:37:96:44:e3:23:49:f3:be:f3:0d:70:d1:a2:ce:78:
-         86:22:fc:76:00:84:1d:fa:8b:8a:d2:43:93:88:fa:ee:22:cc:
-         a6:86:f5:3f:24:f1:d4:70:05:4f:3b:18:32:50:67:c1:80:77:
-         0d:3c:78:75:35:d0:fd:60:f3:ed:a1:30:d0:62:25:99:6b:80:
-         56:17:3d:b4:af:1d:df:ab:48:21:c1:d2:0b:6b:94:a7:33:d1:
-         d0:82:b7:3b:92:eb:9d:d6:6c:32:81:5e:07:3c:46:34:32:7b:
-         ea:22:db:a6:a3:18:69:7c:ad:17:e4:c8:a9:8f:a8:ba:67:af:
-         99:39:ef:6e:0c:f8:a9:b3:bd:ab:71:94:e0:41:aa:a4:2d:72:
-         60:51:d1:5c
+    Signature Value:
+        46:ab:e4:6d:ae:49:5b:6a:0b:a9:87:e1:95:32:a6:d7:ae:de:
+        28:dc:c7:99:68:e2:5f:c9:5a:4c:64:b8:f5:28:42:5a:e8:5c:
+        59:32:fe:d0:1f:0b:55:89:db:67:e7:78:f3:70:cf:18:51:57:
+        8b:f3:2b:a4:66:0b:f6:03:6e:11:ac:83:52:16:7e:a2:7c:36:
+        77:f6:bb:13:19:40:2c:b8:8c:ca:d6:7e:79:7d:f4:14:8d:b5:
+        a4:09:f6:2d:4c:e7:f9:b8:25:41:15:78:f4:ca:80:41:ea:3a:
+        05:08:f6:b5:5b:a1:3b:5b:48:a8:4b:8c:19:8d:6c:87:31:76:
+        74:02:16:8b:dd:7f:d1:11:62:27:42:39:e0:9a:63:26:31:19:
+        ce:3d:41:d5:24:47:32:0f:76:d6:41:37:44:ad:73:f1:b8:ec:
+        2b:6e:9c:4f:84:c4:4e:d7:92:10:7e:23:32:a0:75:6a:e7:fe:
+        55:95:9f:0a:ad:df:f9:2a:a2:1a:59:d5:82:63:d6:5d:7d:79:
+        f4:a7:2d:dc:8c:04:cd:98:b0:42:0e:84:fa:86:50:10:61:ac:
+        73:cd:79:45:30:e8:42:a1:6a:f6:77:55:ec:07:db:52:29:ca:
+        7a:c8:a2:da:e9:f5:98:33:6a:e8:bc:89:ed:01:e2:fe:44:86:
+        86:80:39:ec
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIUCLBUegNa7FWKEuj5jjS2E9lZuOgwDQYJKoZIhvcNAQEL
+MIIFHTCCBAWgAwIBAgIUTw2Mxfruopu3NZ7pSheZ8Mwj8uwwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
@@ -82,13 +82,13 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCLBUegNa7FWKEuj5jjS2E9lZ
-uOgwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUTw2Mxfruopu3NZ7pSheZ8Mwj
+8uwwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
 BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-AImE62pwOypuqIvyknmXXL2Yi3Hb23zf26QsWdOmdUHCBrYXHgwffQt/WD7B5wzw
-YpJ3q5l5e4X02WzQDuWLEzVlnteaUZjkSURRyOPgmv/Cyz2B6+70GtGWS+l93lvy
-ZECt4dnWt+HrqTpSKYmqBzeWROMjSfO+8w1w0aLOeIYi/HYAhB36i4rSQ5OI+u4i
-zKaG9T8k8dRwBU87GDJQZ8GAdw08eHU10P1g8+2hMNBiJZlrgFYXPbSvHd+rSCHB
-0gtrlKcz0dCCtzuS653WbDKBXgc8RjQye+oi26ajGGl8rRfkyKmPqLpnr5k5724M
-+KmzvatxlOBBqqQtcmBR0Vw=
+AEar5G2uSVtqC6mH4ZUypteu3ijcx5lo4l/JWkxkuPUoQlroXFky/tAfC1WJ22fn
+ePNwzxhRV4vzK6RmC/YDbhGsg1IWfqJ8Nnf2uxMZQCy4jMrWfnl99BSNtaQJ9i1M
+5/m4JUEVePTKgEHqOgUI9rVboTtbSKhLjBmNbIcxdnQCFovdf9ERYidCOeCaYyYx
+Gc49QdUkRzIPdtZBN0Stc/G47CtunE+ExE7XkhB+IzKgdWrn/lWVnwqt3/kqohpZ
+1YJj1l19efSnLdyMBM2YsEIOhPqGUBBhrHPNeUUw6EKhavZ3VewH21IpynrIotrp
+9Zgzaui8ie0B4v5EhoaAOew=
 -----END CERTIFICATE-----
diff --git a/certs/client-crl-dist.der b/certs/client-crl-dist.der
index 23bd7cac2..1f90e75d2 100644
Binary files a/certs/client-crl-dist.der and b/certs/client-crl-dist.der differ
diff --git a/certs/client-crl-dist.pem b/certs/client-crl-dist.pem
index b8eba767b..720f24443 100644
--- a/certs/client-crl-dist.pem
+++ b/certs/client-crl-dist.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            4b:fb:e6:7a:af:6c:19:2e:6a:b9:4c:cc:af:a9:1e:8e:7c:de:ea:09
+            7f:64:06:76:ee:6f:ef:d3:b9:c7:d9:89:4a:04:ed:42:de:d1:58:26
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = CRL_DIST, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = CRL_DIST, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -34,32 +34,33 @@ Certificate:
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://www.wolfssl.com/crl.pem
-
+            X509v3 Subject Key Identifier: 
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
     Signature Algorithm: sha256WithRSAEncryption
-         2d:cc:22:e7:1f:88:8f:59:86:50:9d:98:17:64:1b:7f:20:5d:
-         5d:41:11:c1:b4:17:1f:93:64:b6:55:ae:a2:48:b9:60:ff:6f:
-         e4:1e:5f:70:31:50:95:b5:b0:85:9b:48:13:e7:ea:18:1a:04:
-         33:cd:bc:ae:32:83:eb:e6:78:77:73:25:a2:eb:c2:fc:6f:09:
-         0e:5e:85:9d:93:98:9d:19:b9:48:3c:8c:29:c6:83:b2:8c:3c:
-         dd:47:8b:89:f1:da:ab:0e:73:64:43:61:45:74:bf:b7:8c:72:
-         79:b5:6e:29:7b:5d:df:36:9f:92:57:eb:23:ba:96:93:ba:e6:
-         53:75:ec:77:0f:9b:7d:fa:9f:2a:37:6d:fd:ce:9e:59:31:bb:
-         19:b0:72:ce:e8:34:9e:73:ae:4a:d3:47:36:b7:1c:52:a7:4a:
-         f0:86:fe:4c:51:6e:f4:d1:51:f3:5c:6f:83:c7:d1:15:07:d8:
-         c3:47:2a:80:23:fd:65:eb:38:14:5c:32:77:ff:3c:35:02:d4:
-         95:99:31:40:43:42:5b:b1:8b:30:f2:dc:6a:fe:81:08:d1:c8:
-         8e:58:9a:e5:42:91:eb:8b:4a:ae:cd:85:c6:62:f5:05:ff:5a:
-         6c:d3:27:47:32:94:60:16:96:94:25:be:82:08:fd:0c:ae:71:
-         5c:cd:aa:18
+    Signature Value:
+        65:5f:bb:09:c9:22:21:e3:38:99:5b:c7:ad:97:a3:32:17:53:
+        fc:1c:ea:35:e1:74:95:e2:aa:2f:62:11:af:a5:a6:c9:92:ae:
+        50:25:77:6d:4d:67:16:f8:4b:0d:ca:a7:dc:c7:c5:67:2b:5d:
+        e2:f8:65:8d:e7:5b:48:40:8b:9e:d5:6e:1d:02:0e:95:19:76:
+        29:e6:28:8f:a3:7a:00:98:fb:57:d5:7f:bf:34:09:46:9b:15:
+        ae:52:30:04:bc:85:c8:4d:b3:da:79:65:d3:5e:64:fd:e0:ee:
+        8c:ad:9e:a5:b5:12:d4:00:0f:b7:e3:de:27:59:18:92:5e:7c:
+        09:45:90:50:35:4a:a4:c5:2b:be:3a:d9:2e:74:2c:2c:75:50:
+        16:34:cc:fe:c4:b4:f8:d2:ad:cc:2d:70:09:33:61:40:ef:07:
+        6f:a8:7b:d9:7a:9f:61:20:49:1b:ab:ef:32:65:32:5d:b9:77:
+        cc:39:6f:c1:13:ff:d5:a4:77:c9:c7:03:a2:12:0c:eb:7e:bd:
+        15:17:66:bc:f5:65:48:5e:6f:05:9e:a1:6a:42:05:fc:90:cb:
+        4a:71:96:ce:a8:20:27:fc:d5:ae:83:1d:0b:c1:90:a4:f9:71:
+        9c:f2:20:e4:cd:4e:62:40:74:81:a6:5c:8e:45:f3:8e:5b:64:
+        46:e3:aa:e2
 -----BEGIN CERTIFICATE-----
-MIID7zCCAtegAwIBAgIUS/vmeq9sGS5quUzMr6kejnze6gkwDQYJKoZIhvcNAQEL
+MIIEDjCCAvagAwIBAgIUf2QGdu5v79O5x9mJSgTtQt7RWCYwDQYJKoZIhvcNAQEL
 BQAwgZYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxETAPBgNVBAsMCENSTF9ESVNU
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBljEL
+d29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCBljEL
 MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
 FTATBgNVBAoMDHdvbGZTU0xfMjA0ODERMA8GA1UECwwIQ1JMX0RJU1QxGDAWBgNV
 BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
@@ -69,12 +70,12 @@ us8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN
 0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKC
 b42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZ
 DIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb
-5fuhutMCAwEAAaMzMDEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3d3dy53b2xm
-c3NsLmNvbS9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4IBAQAtzCLnH4iPWYZQnZgX
-ZBt/IF1dQRHBtBcfk2S2Va6iSLlg/2/kHl9wMVCVtbCFm0gT5+oYGgQzzbyuMoPr
-5nh3cyWi68L8bwkOXoWdk5idGblIPIwpxoOyjDzdR4uJ8dqrDnNkQ2FFdL+3jHJ5
-tW4pe13fNp+SV+sjupaTuuZTdex3D5t9+p8qN239zp5ZMbsZsHLO6DSec65K00c2
-txxSp0rwhv5MUW700VHzXG+Dx9EVB9jDRyqAI/1l6zgUXDJ3/zw1AtSVmTFAQ0Jb
-sYsw8txq/oEI0ciOWJrlQpHri0quzYXGYvUF/1ps0ydHMpRgFpaUJb6CCP0MrnFc
-zaoY
+5fuhutMCAwEAAaNSMFAwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3d3dy53b2xm
+c3NsLmNvbS9jcmwucGVtMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDAN
+BgkqhkiG9w0BAQsFAAOCAQEAZV+7CckiIeM4mVvHrZejMhdT/BzqNeF0leKqL2IR
+r6WmyZKuUCV3bU1nFvhLDcqn3MfFZytd4vhljedbSECLntVuHQIOlRl2KeYoj6N6
+AJj7V9V/vzQJRpsVrlIwBLyFyE2z2nll015k/eDujK2epbUS1AAPt+PeJ1kYkl58
+CUWQUDVKpMUrvjrZLnQsLHVQFjTM/sS0+NKtzC1wCTNhQO8Hb6h72XqfYSBJG6vv
+MmUyXbl3zDlvwRP/1aR3yccDohIM6369FRdmvPVlSF5vBZ6hakIF/JDLSnGWzqgg
+J/zVroMdC8GQpPlxnPIg5M1OYkB0gaZcjkXzjltkRuOq4g==
 -----END CERTIFICATE-----
diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der
index 11df5e2c6..cb9da779b 100644
Binary files a/certs/client-ecc-cert.der and b/certs/client-ecc-cert.der differ
diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem
index cb8352363..6663b5eac 100644
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            37:67:2a:05:24:b5:2b:b6:ae:40:6b:e1:75:e0:97:cc:1d:12:8b:2a
+            75:99:db:38:ed:32:b1:c2:d1:2c:5e:6f:6f:9d:47:17:58:dd:ee:26
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -26,8 +26,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
                 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:37:67:2A:05:24:B5:2B:B6:AE:40:6B:E1:75:E0:97:CC:1D:12:8B:2A
-
+                serial:75:99:DB:38:ED:32:B1:C2:D1:2C:5E:6F:6F:9D:47:17:58:DD:EE:26
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -35,16 +34,17 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:7a:6d:c5:bd:6f:9d:54:4f:c5:4c:d0:12:8c:31:
-         3b:b6:17:80:9e:c7:34:f8:c5:da:fb:61:23:35:e6:93:35:b4:
-         02:20:1b:6a:86:c4:11:be:7c:15:a7:5e:ab:85:ee:b7:8c:20:
-         dc:eb:17:a3:f2:66:63:aa:6b:67:e0:62:1f:17:3e:ac
+    Signature Value:
+        30:45:02:20:03:69:31:45:6f:01:88:6b:63:c6:1c:eb:39:e4:
+        9a:a8:e2:e0:34:ac:ac:e6:a1:d6:fe:ce:85:98:1e:b0:0d:a9:
+        02:21:00:a3:dd:84:5d:08:28:4b:8b:58:fb:0d:33:db:02:ea:
+        c8:0c:da:34:0b:4e:83:a2:10:67:99:19:1c:93:91:c8:c7
 -----BEGIN CERTIFICATE-----
-MIIDXTCCAwSgAwIBAgIUN2cqBSS1K7auQGvhdeCXzB0SiyowCgYIKoZIzj0EAwIw
+MIIDXjCCAwSgAwIBAgIUdZnbOO0yscLRLF5vb51HF1jd7iYwCgYIKoZIzj0EAwIw
 gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
 MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBjTELMAkGA1UEBhMCVVMx
+HhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBjTELMAkGA1UEBhMCVVMx
 DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
 dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
 MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
@@ -54,9 +54,9 @@ WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
 iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
 BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb22CFDdnKgUktSu2rkBr4XXgl8wdEosqMAwGA1UdEwQFMAMBAf8w
+d29sZnNzbC5jb22CFHWZ2zjtMrHC0Sxeb2+dRxdY3e4mMAwGA1UdEwQFMAMBAf8w
 HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0cAMEQCIHptxb1vnVRPxUzQEowxO7YX
-gJ7HNPjF2vthIzXmkzW0AiAbaobEEb58Fadeq4Xut4wg3OsXo/JmY6prZ+BiHxc+
-rA==
+AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0gAMEUCIANpMUVvAYhrY8Yc6znkmqji
+4DSsrOah1v7OhZgesA2pAiEAo92EXQgoS4tY+w0z2wLqyAzaNAtOg6IQZ5kZHJOR
+yMc=
 -----END CERTIFICATE-----
diff --git a/certs/client-ecc384-cert.der b/certs/client-ecc384-cert.der
index 9d65ac343..321765cf8 100644
Binary files a/certs/client-ecc384-cert.der and b/certs/client-ecc384-cert.der differ
diff --git a/certs/client-ecc384-cert.pem b/certs/client-ecc384-cert.pem
index cdd8e7d09..165903650 100644
--- a/certs/client-ecc384-cert.pem
+++ b/certs/client-ecc384-cert.pem
@@ -2,8 +2,8 @@
 MIIC8TCCAnagAwIBAgICEAIwCgYIKoZIzj0EAwMwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTIzMTIx
-MzIyMTkyN1oYDzIwNTMxMjA1MjIxOTI3WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTI0MTIx
+ODIxMjUyOVoYDzIwNTQxMjExMjEyNTI5WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw
 dGljMRMwEQYDVQQLDApFQ0MzODRDbGl0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
 b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wdjAQBgcqhkjOPQIB
@@ -12,7 +12,7 @@ BgUrgQQAIgNiAARmxAg9ZqehFdRTCiOzrQvOj8j0mB2m2LJuIhH6ue+ZwPopPkgA
 pWKvlYHL4yQ264WjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAw
 HQYDVR0OBBYEFB7y0Bv4/KXLP9yK9ZcqQlOwQvnUMB8GA1UdIwQYMBaAFKvgwyZM
 GNRyu9KEjJwKBZKAElNSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF
-BQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwMDaQAwZgIxANNvyNaU668jcKTlo9iz
-ZiaHuFxJmE0DGHTBYJClnOiXXWOYXzFbwurGYGTX3YzmtgIxALtl1Hctz2t+kLwY
-K+PYqHKH5fPWpnf8hMb9hdF/AeZqXSlutQpXG2Wppj6T6zSjLg==
+BQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwMDaQAwZgIxALBRR759EKgUfrAiwtYO
+UAET+NU+KgE/zTcG3jVi7BjucDG/fga41EwetUyrIkBEGwIxANTyDZDXknmolulu
+coK9Ii08nzY6xyUwmf3YVWx/5BvZmz1lQsPfUJd4fQrHa6CTLA==
 -----END CERTIFICATE-----
diff --git a/certs/client-relative-uri.pem b/certs/client-relative-uri.pem
index f1c1303cd..15df593d8 100644
--- a/certs/client-relative-uri.pem
+++ b/certs/client-relative-uri.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            28:2c:d3:e8:22:39:f9:1d:be:90:1c:5e:99:59:bb:59:d7:0e:25:de
+            1b:aa:70:3c:26:6d:64:c7:da:2b:f7:2c:90:f0:38:e7:11:7c:15:a7
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = RELATIVE_URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = RELATIVE_URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,34 +38,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=RELATIVE_URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:28:2C:D3:E8:22:39:F9:1D:BE:90:1C:5E:99:59:BB:59:D7:0E:25:DE
-
+                serial:1B:AA:70:3C:26:6D:64:C7:DA:2B:F7:2C:90:F0:38:E7:11:7C:15:A7
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:../relative/page.html
     Signature Algorithm: sha256WithRSAEncryption
-         9a:6f:69:6c:4a:a8:1a:c7:42:04:ae:d8:d3:d0:b0:ce:ae:d6:
-         68:5c:e6:91:37:39:d8:6c:64:43:11:fd:a9:ea:4a:47:e8:bc:
-         6c:dc:12:b9:70:94:12:a8:5e:21:1a:e9:a2:fa:cf:c2:19:47:
-         22:5d:6c:9e:4e:a3:6a:1d:7f:75:8f:a7:06:56:2f:c2:ac:d6:
-         2e:56:90:ef:53:01:70:5f:a2:e0:6d:28:79:ab:bb:24:40:cd:
-         62:6e:18:b5:5d:33:6a:d0:1c:84:c6:8f:82:77:1d:7b:85:c9:
-         60:db:41:b2:6e:d2:4a:3e:ed:eb:76:62:59:82:93:21:1c:b5:
-         8f:d6:9e:c2:5c:d8:a3:ca:cf:2f:16:a0:03:2d:7c:d9:3c:ec:
-         1b:55:57:da:22:49:67:c6:9d:da:9a:1a:27:d8:1f:ea:e5:74:
-         53:14:a2:9d:ba:a3:fa:0a:c9:52:fc:50:33:2a:d5:b5:25:39:
-         5a:b4:e4:8a:2e:b8:c5:5f:f7:ac:2b:b0:ec:fe:cf:a5:23:58:
-         6c:18:2c:68:2d:56:c5:16:2d:8a:0a:c1:2d:aa:cd:33:15:1c:
-         80:e3:af:91:30:f6:f4:ce:28:57:4c:32:b8:09:ac:29:b7:07:
-         47:1d:7d:bd:4a:5a:5d:97:0b:4b:c8:22:bc:f9:35:29:72:58:
-         0f:f6:34:a3
+    Signature Value:
+        03:7e:2f:52:a6:93:a3:75:d4:e3:af:a9:c4:0a:44:11:23:8c:
+        d6:3f:74:d3:f7:ab:d2:cf:b8:2c:56:38:ed:61:a5:8e:88:f1:
+        5c:fc:51:30:9a:32:4d:41:c7:09:8f:96:ae:89:76:df:f5:4f:
+        a3:a3:a9:46:a5:39:ed:79:fc:4e:ed:44:22:c2:13:b7:8c:d1:
+        63:ad:7d:c9:be:3a:38:0e:0c:5b:75:0a:b0:60:f9:f7:3c:35:
+        81:67:d6:1a:13:32:00:60:96:b9:35:b4:f6:84:01:dc:c6:46:
+        81:b1:bd:de:a9:dc:6d:ff:6b:ef:d1:77:13:f2:05:26:80:12:
+        fa:a0:82:25:4c:ae:4f:48:b1:15:46:08:79:9f:60:24:7c:40:
+        e5:65:96:f7:1e:69:90:de:1a:ad:53:7a:a6:d1:97:e5:7d:89:
+        e3:33:7c:0f:6d:37:82:04:05:5f:e2:46:e8:62:da:03:67:93:
+        28:ff:fd:80:2b:7f:42:e4:ce:7f:90:bd:c9:2e:74:4d:d8:75:
+        99:23:07:5c:15:d7:07:65:56:a3:ee:13:29:3c:a2:55:e0:9e:
+        0e:3b:b1:e3:78:c3:0f:ff:8e:bc:d9:db:87:e6:f8:ad:41:f8:
+        db:a8:4f:12:ed:ac:64:12:45:c6:95:50:ee:48:6c:28:1c:65:
+        de:18:04:69
 -----BEGIN CERTIFICATE-----
-MIIE8zCCA9ugAwIBAgIUKCzT6CI5+R2+kBxemVm7WdcOJd4wDQYJKoZIhvcNAQEL
+MIIE8zCCA9ugAwIBAgIUG6pwPCZtZMfaK/cskPA45xF8FacwDQYJKoZIhvcNAQEL
 BQAwgZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDFJFTEFUSVZF
 X1VSSTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFow
+bmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVow
 gZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDFJFTEFUSVZFX1VS
 STEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
@@ -80,12 +80,12 @@ cCeRxybXhWXAMIHaBgNVHSMEgdIwgc+AFDPYRWbXaIcYflQNcCeRxybXhWXAoYGg
 pIGdMIGaMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElW
 RV9VUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
-aW5mb0B3b2xmc3NsLmNvbYIUKCzT6CI5+R2+kBxemVm7WdcOJd4wCQYDVR0TBAIw
+aW5mb0B3b2xmc3NsLmNvbYIUG6pwPCZtZMfaK/cskPA45xF8FacwCQYDVR0TBAIw
 ADAgBgNVHREEGTAXhhUuLi9yZWxhdGl2ZS9wYWdlLmh0bWwwDQYJKoZIhvcNAQEL
-BQADggEBAJpvaWxKqBrHQgSu2NPQsM6u1mhc5pE3OdhsZEMR/anqSkfovGzcErlw
-lBKoXiEa6aL6z8IZRyJdbJ5Oo2odf3WPpwZWL8Ks1i5WkO9TAXBfouBtKHmruyRA
-zWJuGLVdM2rQHITGj4J3HXuFyWDbQbJu0ko+7et2YlmCkyEctY/WnsJc2KPKzy8W
-oAMtfNk87BtVV9oiSWfGndqaGifYH+rldFMUop26o/oKyVL8UDMq1bUlOVq05Iou
-uMVf96wrsOz+z6UjWGwYLGgtVsUWLYoKwS2qzTMVHIDjr5Ew9vTOKFdMMrgJrCm3
-B0cdfb1KWl2XC0vIIrz5NSlyWA/2NKM=
+BQADggEBAAN+L1Kmk6N11OOvqcQKRBEjjNY/dNP3q9LPuCxWOO1hpY6I8Vz8UTCa
+Mk1BxwmPlq6Jdt/1T6OjqUalOe15/E7tRCLCE7eM0WOtfcm+OjgODFt1CrBg+fc8
+NYFn1hoTMgBglrk1tPaEAdzGRoGxvd6p3G3/a+/RdxPyBSaAEvqggiVMrk9IsRVG
+CHmfYCR8QOVllvceaZDeGq1TeqbRl+V9ieMzfA9tN4IEBV/iRuhi2gNnkyj//YAr
+f0Lkzn+QvckudE3YdZkjB1wV1wdlVqPuEyk8olXgng47seN4ww//jrzZ24fm+K1B
++NuoTxLtrGQSRcaVUO5IbCgcZd4YBGk=
 -----END CERTIFICATE-----
diff --git a/certs/client-uri-cert.pem b/certs/client-uri-cert.pem
index 266eb518e..717076f3f 100644
--- a/certs/client-uri-cert.pem
+++ b/certs/client-uri-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7a:65:40:12:3e:1c:49:57:0a:f7:c6:7d:63:b7:25:6a:d7:cb:83:38
+            1e:ed:f5:29:ba:b9:06:b1:25:8b:d5:ab:05:6f:66:d8:74:09:da:43
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,34 +38,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7A:65:40:12:3E:1C:49:57:0A:F7:C6:7D:63:B7:25:6A:D7:CB:83:38
-
+                serial:1E:ED:F5:29:BA:B9:06:B1:25:8B:D5:AB:05:6F:66:D8:74:09:DA:43
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:https://www.wolfssl.com
     Signature Algorithm: sha256WithRSAEncryption
-         5d:a4:3a:35:ae:40:5b:fb:1e:7b:09:41:32:4b:0b:0e:88:6e:
-         77:04:87:6c:dd:f6:bb:48:f0:38:25:d1:62:e8:fc:b8:b9:32:
-         ad:bf:2d:66:92:8e:fb:62:2b:f2:f9:64:8f:c0:48:93:1b:d5:
-         a5:34:10:da:09:27:a3:c0:67:80:4e:b6:69:0a:56:8d:63:12:
-         90:21:8b:a1:74:a0:5e:60:a3:3e:b5:4b:bf:12:a4:9f:37:ad:
-         4e:1f:08:fa:3c:b0:ab:64:ba:78:70:da:4a:b8:5a:0b:8f:ca:
-         19:3d:7d:0e:c6:20:d7:7d:99:19:26:26:d5:fd:dd:df:30:69:
-         89:ff:4d:0c:94:6c:11:2e:ff:6d:71:42:b3:76:5a:c3:f4:a4:
-         17:83:d0:1a:85:58:12:04:9b:77:39:f3:34:0b:75:bd:1f:98:
-         96:6c:b9:6a:9f:e7:49:ed:ca:5d:09:f9:3a:62:82:57:f3:ba:
-         5d:73:b6:da:c3:bd:7c:31:9e:e4:92:41:6c:8b:64:4f:cd:bd:
-         9d:02:73:29:53:2d:e0:2b:83:36:3d:c5:a2:34:43:c0:7a:03:
-         1b:74:e3:75:02:84:ef:92:bf:e8:a5:43:53:04:0c:ea:bb:ba:
-         3a:e1:28:b6:c8:15:dd:5a:bb:ae:b0:47:81:5b:09:c2:47:5b:
-         f8:7a:87:bc
+    Signature Value:
+        4a:f0:dc:9b:15:c3:a1:a6:ea:20:5f:3e:07:c6:6b:dc:35:46:
+        96:0b:0d:92:60:84:a4:e4:1f:ca:36:54:31:62:2e:3c:b2:b0:
+        c8:99:e8:e7:13:a7:5b:bb:15:81:a9:6c:ed:67:ef:1c:9a:c9:
+        e8:92:4d:16:36:40:0e:88:88:86:17:ba:c9:27:d9:ff:fc:df:
+        80:db:8f:96:6b:ac:b2:f9:ed:51:69:5a:66:e7:2f:83:19:38:
+        b8:a4:69:12:66:b5:9e:83:55:c9:9a:cc:85:b0:21:a2:08:e4:
+        00:00:eb:c5:d1:de:a2:28:53:08:f1:7a:9e:4c:52:b8:04:26:
+        1a:92:63:40:82:92:80:8d:f2:3f:a0:6e:8f:19:2e:b9:cf:cf:
+        40:21:8e:a4:74:2c:21:97:c2:b2:5d:f7:48:ac:d7:93:c1:d5:
+        ae:29:bc:b9:0a:d3:cb:2d:f8:60:e3:ef:f0:24:fc:d1:6f:4d:
+        8f:65:64:2c:8b:ec:6e:14:d1:c5:f6:e6:d1:7b:cc:57:37:2d:
+        8c:1e:02:e9:91:ca:38:06:3c:7f:9d:ad:8e:ef:d8:91:74:5c:
+        22:9f:e0:ce:69:ee:8b:f2:e1:ac:34:59:64:c4:b2:74:1d:09:
+        71:22:e6:5f:a2:39:82:8f:d2:bc:b1:fa:28:bc:b7:02:7c:db:
+        8c:18:31:2c
 -----BEGIN CERTIFICATE-----
-MIIE2jCCA8KgAwIBAgIUemVAEj4cSVcK98Z9Y7clatfLgzgwDQYJKoZIhvcNAQEL
+MIIE2jCCA8KgAwIBAgIUHu31Kbq5BrEli9WrBW9m2HQJ2kMwDQYJKoZIhvcNAQEL
 BQAwgZExCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxDDAKBgNVBAsMA1VSSTEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
-c2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZExCzAJBgNV
+c2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZExCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYD
 VQQKDAx3b2xmU1NMXzIwNDgxDDAKBgNVBAsMA1VSSTEYMBYGA1UEAwwPd3d3Lndv
 bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -79,12 +79,12 @@ o4IBJjCCASIwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMIHRBgNVHSME
 gckwgcaAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGXpIGUMIGRMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwM
 d29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUemVAEj4cSVcK
-98Z9Y7clatfLgzgwCQYDVR0TBAIwADAiBgNVHREEGzAZhhdodHRwczovL3d3dy53
-b2xmc3NsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAXaQ6Na5AW/seewlBMksLDohu
-dwSHbN32u0jwOCXRYuj8uLkyrb8tZpKO+2Ir8vlkj8BIkxvVpTQQ2gkno8BngE62
-aQpWjWMSkCGLoXSgXmCjPrVLvxKknzetTh8I+jywq2S6eHDaSrhaC4/KGT19DsYg
-132ZGSYm1f3d3zBpif9NDJRsES7/bXFCs3Zaw/SkF4PQGoVYEgSbdznzNAt1vR+Y
-lmy5ap/nSe3KXQn5OmKCV/O6XXO22sO9fDGe5JJBbItkT829nQJzKVMt4CuDNj3F
-ojRDwHoDG3TjdQKE75K/6KVDUwQM6ru6OuEotsgV3Vq7rrBHgVsJwkdb+HqHvA==
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUHu31Kbq5BrEl
+i9WrBW9m2HQJ2kMwCQYDVR0TBAIwADAiBgNVHREEGzAZhhdodHRwczovL3d3dy53
+b2xmc3NsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEASvDcmxXDoabqIF8+B8Zr3DVG
+lgsNkmCEpOQfyjZUMWIuPLKwyJno5xOnW7sVgals7WfvHJrJ6JJNFjZADoiIhhe6
+ySfZ//zfgNuPlmussvntUWlaZucvgxk4uKRpEma1noNVyZrMhbAhogjkAADrxdHe
+oihTCPF6nkxSuAQmGpJjQIKSgI3yP6Bujxkuuc/PQCGOpHQsIZfCsl33SKzXk8HV
+rim8uQrTyy34YOPv8CT80W9Nj2VkLIvsbhTRxfbm0XvMVzctjB4C6ZHKOAY8f52t
+ju/YkXRcIp/gzmnui/LhrDRZZMSydB0JcSLmX6I5go/SvLH6KLy3AnzbjBgxLA==
 -----END CERTIFICATE-----
diff --git a/certs/crl/caEcc384Crl.pem b/certs/crl/caEcc384Crl.pem
index ab0833e06..121de3e94 100644
--- a/certs/crl/caEcc384Crl.pem
+++ b/certs/crl/caEcc384Crl.pem
@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBcjCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBcDCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1qgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
-ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2kAMGYCMQDiAhgtXMrlvYjxh1+q
-uqluR12ThFI1k8wTdFiGF0yToo3zpoxbaN5w33vBYVUZzCYCMQD76v5cIfO8RUBc
-f5tVsV7n7fGhwMPREOw0f0nmtl+qwNWSDDegMLtTdZyYF9ERdV0=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
+ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2cAMGQCMDKae7ZvYiojInLxbTzT
+4BmRACiOHKaJ2sqHOg2LGjK9wi7NWVHHj5RSTl3IhNbRGQIwMYDsSgoSxgrHosJw
+VyT9SlosPUE09Ae08eSNNJ+G1/oEjr0bMsPLWKSped6EB2T+
 -----END X509 CRL-----
diff --git a/certs/crl/caEccCrl.pem b/certs/crl/caEccCrl.pem
index 4729407bc..3e8bfa97b 100644
--- a/certs/crl/caEccCrl.pem
+++ b/certs/crl/caEccCrl.pem
@@ -2,9 +2,9 @@
 MIIBUTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1qgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
-86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0gAMEUCICFj5IcBuGatpURtIwMU
-hSKkP11GeUUb5crLMcBKI2u9AiEArWyOTYXvODOGebzJONGEy7UQ9d+HUba3ROqc
-aGu35HE=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
+86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0gAMEUCIFylKTKFoYK0b3BzLuZH
+ogE/cU49ZhXq2mFAPXs36KMtAiEAl8PNBnDpVgUCaET+OUlrVCy+7oO+uixBGspf
+aRus9TQ=
 -----END X509 CRL-----
diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem
index 00c485372..b604f75e2 100644
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@@ -2,41 +2,42 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 8
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         74:17:9b:40:81:d2:a0:f3:26:68:44:5b:f8:a2:6c:3f:7e:71:
-         75:a2:7f:c6:e6:71:cb:f9:08:57:42:cd:3e:3f:ab:cd:0c:85:
-         36:45:58:8b:59:28:81:d9:b0:6b:10:4a:d0:7d:59:ad:cf:53:
-         05:cb:13:c7:c1:ec:65:64:6b:4d:e6:87:0b:ae:06:60:ab:8a:
-         3c:ae:c1:7d:ed:8f:ee:09:02:7a:3a:f2:21:bf:89:ef:cd:14:
-         b1:03:64:2d:b2:b6:45:15:da:2d:ee:2d:c0:15:3b:a8:01:a8:
-         4f:30:61:ae:99:b9:16:07:b5:8b:71:8f:38:ac:69:82:39:90:
-         92:ff:d6:41:33:3b:92:5b:f2:dd:56:5a:8f:82:d1:1f:76:ee:
-         ca:01:a2:ac:c0:22:41:dd:6e:e1:ce:06:b0:6f:bc:e2:da:91:
-         11:c1:a0:41:16:7d:ba:7e:a1:53:13:14:4b:54:3b:b9:44:cf:
-         4f:1c:ef:ce:a8:bd:e8:ab:ba:de:97:f7:b7:7d:4f:ab:7a:e7:
-         73:65:97:a1:d9:a3:f3:92:f1:95:06:6d:52:7b:6e:fd:26:56:
-         55:83:c7:71:f7:a4:8f:9a:2c:52:04:dd:9f:85:ab:9c:88:e1:
-         30:c6:4a:88:7d:20:1b:c6:47:8b:82:cc:9d:0f:51:69:b1:90:
-         b2:8a:9c:74
+    Signature Value:
+        36:42:de:cb:20:dd:0a:c7:3b:1c:a0:b6:18:48:3a:30:25:40:
+        5c:42:50:2f:d9:0e:ed:df:66:1f:9d:da:5b:fc:04:0c:46:b5:
+        68:0b:17:df:42:32:1b:57:2d:d2:ca:07:67:54:97:28:fc:b6:
+        cd:e6:12:1b:29:0b:2c:03:eb:3f:05:d2:ce:a2:08:f8:eb:17:
+        0f:64:20:5d:2a:e8:16:5a:72:45:bb:a5:d1:f9:fb:50:c6:b7:
+        97:4a:1c:25:a1:cc:8d:4c:df:a9:1f:c0:a2:f5:86:9d:c1:04:
+        40:1a:b1:75:63:05:f1:62:63:38:d4:5c:90:ef:9a:fa:76:12:
+        b3:14:80:ea:0f:67:0b:6c:22:39:0b:55:59:cd:34:b1:b3:62:
+        c5:1b:89:a1:a3:bb:77:28:43:ca:9e:47:a2:84:0c:4f:87:f1:
+        62:57:4c:e7:89:12:6a:bd:69:d6:e3:07:12:03:13:73:70:8d:
+        3c:97:89:68:4a:95:f5:33:92:f4:de:e6:55:9f:00:22:91:70:
+        7f:f1:99:24:09:84:83:65:17:4a:a8:ef:2c:fb:4a:ca:93:df:
+        a3:23:4e:5e:d6:56:30:f7:80:98:09:c6:2f:d6:46:65:df:a2:
+        0d:bc:ed:44:9e:53:de:9d:e1:84:0e:88:0e:61:3c:a4:4d:e5:
+        7d:4f:1e:9c
 -----BEGIN X509 CRL-----
 MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaMBQwEgIBAhcNMjMxMjEzMjIxOTMzWqAO
-MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAHQXm0CB0qDzJmhEW/ii
-bD9+cXWif8bmccv5CFdCzT4/q80MhTZFWItZKIHZsGsQStB9Wa3PUwXLE8fB7GVk
-a03mhwuuBmCrijyuwX3tj+4JAno68iG/ie/NFLEDZC2ytkUV2i3uLcAVO6gBqE8w
-Ya6ZuRYHtYtxjzisaYI5kJL/1kEzO5Jb8t1WWo+C0R927soBoqzAIkHdbuHOBrBv
-vOLakRHBoEEWfbp+oVMTFEtUO7lEz08c786oveirut6X97d9T6t653Nll6HZo/OS
-8ZUGbVJ7bv0mVlWDx3H3pI+aLFIE3Z+Fq5yI4TDGSoh9IBvGR4uCzJ0PUWmxkLKK
-nHQ=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDEy
+MTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMBQwEgIBAhcNMjQxMjE4MjEyNTM0WqAO
+MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBADZC3ssg3QrHOxygthhI
+OjAlQFxCUC/ZDu3fZh+d2lv8BAxGtWgLF99CMhtXLdLKB2dUlyj8ts3mEhspCywD
+6z8F0s6iCPjrFw9kIF0q6BZackW7pdH5+1DGt5dKHCWhzI1M36kfwKL1hp3BBEAa
+sXVjBfFiYzjUXJDvmvp2ErMUgOoPZwtsIjkLVVnNNLGzYsUbiaGju3coQ8qeR6KE
+DE+H8WJXTOeJEmq9adbjBxIDE3NwjTyXiWhKlfUzkvTe5lWfACKRcH/xmSQJhINl
+F0qo7yz7SsqT36MjTl7WVjD3gJgJxi/WRmXfog287USeU96d4YQOiA5hPKRN5X1P
+Hpw=
 -----END X509 CRL-----
diff --git a/certs/crl/crl.der b/certs/crl/crl.der
index c6ec65c4b..34448882c 100644
Binary files a/certs/crl/crl.der and b/certs/crl/crl.der differ
diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index a4a09f0a3..7a320c7c8 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -2,40 +2,41 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+    Signature Value:
+        12:0f:c8:40:72:63:f9:e2:60:6d:d2:b2:90:57:a0:c2:dc:fa:
+        44:0d:ac:c2:f6:68:30:04:42:1a:8d:5a:0b:12:b6:78:1d:30:
+        81:09:db:71:26:4d:5c:7b:32:58:79:5a:fa:ec:4f:32:db:68:
+        45:5e:e9:7f:52:82:fc:4a:04:37:18:34:b3:da:f4:e3:39:93:
+        97:60:bb:ea:9a:2a:75:5c:60:57:d5:8b:da:8f:06:d2:21:cd:
+        a3:e3:dc:dc:5e:81:bd:8f:a8:da:07:1a:02:31:1b:95:5b:2e:
+        47:5d:74:01:e7:d7:fe:c4:4c:ef:28:ca:7f:9b:c5:ea:42:2f:
+        49:d7:e8:f3:44:0d:55:85:76:77:02:9f:c8:00:d5:73:5a:55:
+        71:5b:8e:d7:31:25:8d:a8:14:4f:34:90:34:e4:4f:30:8e:ae:
+        a3:98:85:df:57:e6:a0:ef:99:7b:82:31:5e:db:8c:61:1d:a7:
+        71:88:c6:06:27:71:98:00:94:81:d4:a2:97:de:5a:c6:32:e7:
+        51:2a:b6:36:4c:56:d0:fc:b8:19:fa:8b:d5:b4:e6:17:a9:a3:
+        64:2b:65:7f:3a:89:b7:f6:0b:40:5f:f8:c2:9c:77:1c:01:20:
+        6b:1c:04:a5:19:7e:7c:d4:c5:3c:9d:3e:c9:1d:39:b8:e7:5a:
+        38:47:05:67
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFDASAgECFw0yNDEyMTgyMTI1MzRaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAEg/IQHJj+eJgbdKykFegwtz6RA2swvZo
+MARCGo1aCxK2eB0wgQnbcSZNXHsyWHla+uxPMttoRV7pf1KC/EoENxg0s9r04zmT
+l2C76poqdVxgV9WL2o8G0iHNo+Pc3F6BvY+o2gcaAjEblVsuR110AefX/sRM7yjK
+f5vF6kIvSdfo80QNVYV2dwKfyADVc1pVcVuO1zEljagUTzSQNORPMI6uo5iF31fm
+oO+Ze4IxXtuMYR2ncYjGBidxmACUgdSil95axjLnUSq2NkxW0Py4GfqL1bTmF6mj
+ZCtlfzqJt/YLQF/4wpx3HAEgaxwEpRl+fNTFPJ0+yR05uOdaOEcFZw==
 -----END X509 CRL-----
diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked
index 73252614b..5650cc9c6 100644
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -2,43 +2,44 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         72:6e:a4:64:36:6b:e8:e0:c5:1d:98:ef:ab:7e:7a:14:f2:8d:
-         99:d0:57:4b:76:ac:f4:89:60:cd:89:23:9d:01:34:f3:83:e5:
-         82:21:b3:48:c4:42:25:7f:ea:9f:74:5f:e8:b8:d6:71:bb:a2:
-         39:d8:ef:46:a8:13:ba:7d:44:ab:d6:13:65:18:de:b5:03:85:
-         a7:c6:4f:0a:a0:6a:78:ba:7b:f7:ce:6e:ba:1c:ef:6f:b1:04:
-         a8:ac:c6:de:3b:76:77:3e:3d:8b:ae:8b:2b:7e:c9:4f:77:31:
-         7f:1f:f5:04:2c:e9:cf:a1:56:c2:59:e9:be:49:9f:e8:67:a3:
-         42:66:05:21:02:64:82:b2:74:a7:4b:89:89:7d:43:1a:41:fd:
-         53:8c:d6:4f:27:04:2a:48:6b:9e:62:fa:4a:42:83:22:53:3f:
-         53:07:4f:bc:cd:8d:8d:cc:15:c6:ff:3c:af:7d:db:ab:dd:fa:
-         8f:65:86:86:2a:89:5e:3f:d5:4b:39:80:78:3f:6e:38:3b:6d:
-         a5:5e:2c:9e:1d:2f:9c:62:12:b1:34:f2:95:64:37:dc:4b:20:
-         dc:27:f3:de:81:67:b2:04:b0:14:b9:47:e3:65:e3:2f:35:27:
-         c2:fc:22:db:24:bd:04:58:88:17:e3:42:3c:a5:ef:53:39:15:
-         54:52:ac:a1
+    Signature Value:
+        8b:62:fa:68:b7:84:a7:0d:ac:47:bb:92:e7:e2:9a:a5:e3:2b:
+        ba:7a:af:06:8e:b2:3d:7d:42:48:66:78:e0:e4:f3:f4:0a:b1:
+        75:50:fe:02:30:ce:60:2d:ce:7d:2b:0d:31:02:02:a1:f3:be:
+        7b:08:75:c4:bb:2d:a3:d1:23:21:22:c7:72:0e:b7:7e:17:f6:
+        21:5d:aa:fd:cf:b0:b6:56:6d:80:8d:72:a5:25:82:5a:5b:5d:
+        b5:90:06:47:1a:d7:15:9a:64:10:96:24:b0:06:40:bc:fe:26:
+        ec:05:be:99:32:2e:ba:87:b2:a8:0e:7f:5e:3e:23:14:19:c5:
+        e7:16:b7:b8:79:f0:6b:be:20:64:b9:89:4e:69:0f:51:54:5f:
+        55:82:75:cc:e1:61:00:e9:7f:19:35:16:80:d1:80:39:0c:2b:
+        59:12:c6:27:de:68:1c:40:5f:e8:7d:68:ea:9c:30:75:5b:47:
+        4e:2e:78:4a:1d:37:ec:7f:b8:34:ba:cb:57:f8:ae:5e:cc:fa:
+        ba:66:be:13:5a:08:2b:37:e6:ac:ce:bf:22:82:9c:73:11:5b:
+        84:80:07:a7:2c:43:54:bf:1c:6a:55:d1:d2:02:28:35:4f:40:
+        8e:0e:c4:8c:dd:2d:01:40:e1:f9:f1:c3:ed:f3:82:9f:4c:ed:
+        30:aa:48:10
 -----BEGIN X509 CRL-----
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEyMTMyMjE5MzNa
-Fw0yNjA5MDgyMjE5MzNaMCgwEgIBARcNMjMxMjEzMjIxOTMzWjASAgECFw0yMzEy
-MTMyMjE5MzNaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAcm6k
-ZDZr6ODFHZjvq356FPKNmdBXS3as9IlgzYkjnQE084PlgiGzSMRCJX/qn3Rf6LjW
-cbuiOdjvRqgTun1Eq9YTZRjetQOFp8ZPCqBqeLp7985uuhzvb7EEqKzG3jt2dz49
-i66LK37JT3cxfx/1BCzpz6FWwlnpvkmf6GejQmYFIQJkgrJ0p0uJiX1DGkH9U4zW
-TycEKkhrnmL6SkKDIlM/UwdPvM2NjcwVxv88r33bq936j2WGhiqJXj/VSzmAeD9u
-ODttpV4snh0vnGISsTTylWQ33Esg3Cfz3oFnsgSwFLlH42XjLzUnwvwi2yS9BFiI
-F+NCPKXvUzkVVFKsoQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDEyMTgyMTI1MzRa
+Fw0yNzA5MTQyMTI1MzRaMCgwEgIBARcNMjQxMjE4MjEyNTM0WjASAgECFw0yNDEy
+MTgyMTI1MzRaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAi2L6
+aLeEpw2sR7uS5+KapeMrunqvBo6yPX1CSGZ44OTz9AqxdVD+AjDOYC3OfSsNMQIC
+ofO+ewh1xLsto9EjISLHcg63fhf2IV2q/c+wtlZtgI1ypSWCWltdtZAGRxrXFZpk
+EJYksAZAvP4m7AW+mTIuuoeyqA5/Xj4jFBnF5xa3uHnwa74gZLmJTmkPUVRfVYJ1
+zOFhAOl/GTUWgNGAOQwrWRLGJ95oHEBf6H1o6pwwdVtHTi54Sh037H+4NLrLV/iu
+Xsz6uma+E1oIKzfmrM6/IoKccxFbhIAHpyxDVL8calXR0gIoNU9Ajg7EjN0tAUDh
++fHD7fOCn0ztMKpIEA==
 -----END X509 CRL-----
diff --git a/certs/crl/crl2.der b/certs/crl/crl2.der
index c6ec65c4b..34448882c 100644
Binary files a/certs/crl/crl2.der and b/certs/crl/crl2.der differ
diff --git a/certs/crl/crl2.pem b/certs/crl/crl2.pem
index eb71f194a..371fe8260 100644
--- a/certs/crl/crl2.pem
+++ b/certs/crl/crl2.pem
@@ -2,79 +2,81 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         48:36:98:18:42:9c:0c:81:51:19:75:4b:26:9a:e0:07:18:89:
-         a2:a1:bd:b6:4e:91:f2:44:93:1a:50:a1:8f:72:1f:c4:ae:99:
-         81:c5:00:3a:94:03:de:00:24:98:d4:2c:17:e5:ba:f2:29:3a:
-         43:c8:23:ba:73:6a:5c:99:5d:ba:80:dd:bd:4f:cd:53:a6:cf:
-         33:11:31:30:27:e2:d2:31:06:65:b8:3e:cf:fe:00:21:ff:0d:
-         18:4f:fc:fd:d5:80:75:72:7c:2e:44:c1:a1:26:a6:8a:88:c8:
-         c0:66:1a:d4:99:36:ca:8f:67:42:8f:7c:f2:1a:e7:1b:d0:90:
-         05:22:0d:29:d3:35:57:23:8c:bb:d2:53:c1:a8:00:3c:d4:b3:
-         97:23:8a:4f:1d:8b:c9:73:6a:96:40:b0:a4:b1:c7:de:06:4d:
-         a3:5d:6a:d2:f5:5c:1e:f0:21:0f:d1:fd:21:89:e2:9e:3d:c1:
-         b2:f0:0f:5e:79:1e:47:48:92:bf:eb:96:28:ad:0b:89:5e:3b:
-         ed:97:29:bb:8d:24:c2:e6:26:e5:33:ef:88:17:c1:1a:97:fa:
-         51:44:a2:cc:b2:64:e5:5c:94:54:ed:3b:7d:8f:34:4a:4b:d3:
-         ca:62:f9:20:00:86:26:ea:1b:a9:b4:df:8f:f4:4d:d8:3e:95:
-         aa:3b:43:1c
+    Signature Value:
+        12:0f:c8:40:72:63:f9:e2:60:6d:d2:b2:90:57:a0:c2:dc:fa:
+        44:0d:ac:c2:f6:68:30:04:42:1a:8d:5a:0b:12:b6:78:1d:30:
+        81:09:db:71:26:4d:5c:7b:32:58:79:5a:fa:ec:4f:32:db:68:
+        45:5e:e9:7f:52:82:fc:4a:04:37:18:34:b3:da:f4:e3:39:93:
+        97:60:bb:ea:9a:2a:75:5c:60:57:d5:8b:da:8f:06:d2:21:cd:
+        a3:e3:dc:dc:5e:81:bd:8f:a8:da:07:1a:02:31:1b:95:5b:2e:
+        47:5d:74:01:e7:d7:fe:c4:4c:ef:28:ca:7f:9b:c5:ea:42:2f:
+        49:d7:e8:f3:44:0d:55:85:76:77:02:9f:c8:00:d5:73:5a:55:
+        71:5b:8e:d7:31:25:8d:a8:14:4f:34:90:34:e4:4f:30:8e:ae:
+        a3:98:85:df:57:e6:a0:ef:99:7b:82:31:5e:db:8c:61:1d:a7:
+        71:88:c6:06:27:71:98:00:94:81:d4:a2:97:de:5a:c6:32:e7:
+        51:2a:b6:36:4c:56:d0:fc:b8:19:fa:8b:d5:b4:e6:17:a9:a3:
+        64:2b:65:7f:3a:89:b7:f6:0b:40:5f:f8:c2:9c:77:1c:01:20:
+        6b:1c:04:a5:19:7e:7c:d4:c5:3c:9d:3e:c9:1d:39:b8:e7:5a:
+        38:47:05:67
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgECFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEASDaYGEKcDIFRGXVLJprgBxiJoqG9tk6R
-8kSTGlChj3IfxK6ZgcUAOpQD3gAkmNQsF+W68ik6Q8gjunNqXJlduoDdvU/NU6bP
-MxExMCfi0jEGZbg+z/4AIf8NGE/8/dWAdXJ8LkTBoSamiojIwGYa1Jk2yo9nQo98
-8hrnG9CQBSINKdM1VyOMu9JTwagAPNSzlyOKTx2LyXNqlkCwpLHH3gZNo11q0vVc
-HvAhD9H9IYninj3BsvAPXnkeR0iSv+uWKK0LiV477Zcpu40kwuYm5TPviBfBGpf6
-UUSizLJk5VyUVO07fY80SkvTymL5IACGJuobqbTfj/RN2D6VqjtDHA==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFDASAgECFw0yNDEyMTgyMTI1MzRaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAEg/IQHJj+eJgbdKykFegwtz6RA2swvZo
+MARCGo1aCxK2eB0wgQnbcSZNXHsyWHla+uxPMttoRV7pf1KC/EoENxg0s9r04zmT
+l2C76poqdVxgV9WL2o8G0iHNo+Pc3F6BvY+o2gcaAjEblVsuR110AefX/sRM7yjK
+f5vF6kIvSdfo80QNVYV2dwKfyADVc1pVcVuO1zEljagUTzSQNORPMI6uo5iF31fm
+oO+Ze4IxXtuMYR2ncYjGBidxmACUgdSil95axjLnUSq2NkxW0Py4GfqL1bTmF6mj
+ZCtlfzqJt/YLQF/4wpx3HAEgaxwEpRl+fNTFPJ0+yR05uOdaOEcFZw==
 -----END X509 CRL-----
 Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         38:bd:b1:ed:0c:8b:5d:f2:e3:de:48:7b:03:16:a7:09:4c:98:
-         03:9d:a7:50:1d:56:57:a6:6f:e1:7d:4c:32:31:f3:55:28:4a:
-         d3:b5:55:a7:7d:f8:43:46:cf:7c:64:66:2e:0e:bc:e6:43:41:
-         c1:b8:b4:a0:db:68:92:3b:d4:a1:ef:47:44:fe:f6:e4:33:45:
-         18:62:cb:e5:04:44:44:07:83:e4:62:c4:d0:52:63:94:b0:1a:
-         43:bf:01:91:de:05:66:ae:6d:88:78:94:d9:c6:5e:a9:28:52:
-         93:2b:24:00:3f:d3:f7:6c:ca:27:b6:9b:8e:8f:61:a3:ac:3b:
-         e5:62:54:09:6f:c5:52:fb:87:9a:36:e0:51:14:5d:52:f9:42:
-         48:f1:18:20:bf:b3:98:c2:d4:a2:55:9e:7e:42:9b:01:59:fc:
-         64:3c:bb:05:46:09:ab:16:8a:f8:08:b7:f7:3d:01:8e:1b:60:
-         ba:e0:8f:e8:fe:6b:38:bc:23:af:52:31:bc:f3:a0:60:71:c4:
-         9a:29:49:46:5b:c2:f8:ff:c9:f6:8a:1a:c6:5c:9f:e5:bb:c0:
-         bf:6e:7b:26:8b:5a:6a:91:80:82:40:2e:48:96:b7:6a:8f:74:
-         75:6d:54:d7:4d:2a:81:7f:01:02:bd:6e:cf:37:50:de:bb:52:
-         b6:40:eb:ad
+    Signature Value:
+        a2:61:f8:3b:d8:53:33:4c:c2:36:fa:65:d9:70:7f:ce:b8:b2:
+        ff:ba:06:ab:f3:ce:aa:48:b9:11:20:3a:9d:48:14:4c:e6:95:
+        12:4e:c0:cf:2a:da:d1:bc:72:05:e7:32:1f:2a:f3:14:be:df:
+        59:28:b5:cd:b8:6c:81:73:46:20:a4:8b:43:d9:75:1e:e9:e7:
+        17:79:44:da:7b:b7:1a:dc:c8:c3:d8:05:5f:dc:d8:6f:f0:db:
+        c8:40:ae:50:57:54:e1:26:69:75:b3:61:0f:2c:9c:f5:7c:b4:
+        d1:df:6d:3c:eb:c4:04:96:dd:78:09:fa:41:23:dc:86:29:a3:
+        79:8a:56:bd:9b:66:34:3e:36:22:3a:9d:84:aa:0b:09:0b:36:
+        dc:a2:62:59:76:83:2e:0f:61:28:9b:f9:c5:53:74:61:3d:78:
+        b8:f8:36:de:ec:7c:f2:e1:d5:86:cb:db:bb:f2:c1:a6:83:f9:
+        c1:16:f7:8b:ad:35:47:e2:d1:ca:6d:21:8a:c6:8c:6e:10:69:
+        e6:56:22:5d:fc:82:65:8a:a3:9c:4d:d0:91:c8:2a:fa:87:60:
+        c6:e3:12:30:da:2a:77:02:4d:f1:46:02:85:e9:a2:3d:d2:8e:
+        f5:3a:6d:5c:6a:86:b5:6d:55:ac:db:fd:a1:44:82:fe:2c:64:
+        4c:ba:1b:91
 -----BEGIN X509 CRL-----
 MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMzEy
-MTMyMjE5MzNaFw0yNjA5MDgyMjE5MzNaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQsFAAOCAQEAOL2x7QyLXfLj3kh7AxanCUyYA52nUB1WV6Zv4X1MMjHzVShK
-07VVp334Q0bPfGRmLg685kNBwbi0oNtokjvUoe9HRP725DNFGGLL5QRERAeD5GLE
-0FJjlLAaQ78Bkd4FZq5tiHiU2cZeqShSkyskAD/T92zKJ7abjo9ho6w75WJUCW/F
-UvuHmjbgURRdUvlCSPEYIL+zmMLUolWefkKbAVn8ZDy7BUYJqxaK+Ai39z0Bjhtg
-uuCP6P5rOLwjr1IxvPOgYHHEmilJRlvC+P/J9ooaxlyf5bvAv257JotaapGAgkAu
-SJa3ao90dW1U100qgX8BAr1uzzdQ3rtStkDrrQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDEy
+MTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEAomH4O9hTM0zCNvpl2XB/zriy/7oGq/POqki5ESA6nUgUTOaV
+Ek7Azyra0bxyBecyHyrzFL7fWSi1zbhsgXNGIKSLQ9l1HunnF3lE2nu3GtzIw9gF
+X9zYb/DbyECuUFdU4SZpdbNhDyyc9Xy00d9tPOvEBJbdeAn6QSPchimjeYpWvZtm
+ND42IjqdhKoLCQs23KJiWXaDLg9hKJv5xVN0YT14uPg23ux88uHVhsvbu/LBpoP5
+wRb3i601R+LRym0hisaMbhBp5lYiXfyCZYqjnE3Qkcgq+odgxuMSMNoqdwJN8UYC
+hemiPdKO9TptXGqGtW1VrNv9oUSC/ixkTLobkQ==
 -----END X509 CRL-----
diff --git a/certs/crl/crl_rsapss.pem b/certs/crl/crl_rsapss.pem
new file mode 100644
index 000000000..74915c05f
--- /dev/null
+++ b/certs/crl/crl_rsapss.pem
@@ -0,0 +1,53 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                13
+Revoked Certificates:
+    Serial Number: 01
+        Revocation Date: Dec 18 21:25:34 2024 GMT
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        06:13:7c:70:5f:2b:3b:4f:8f:50:ab:05:97:6b:65:df:1d:95:
+        f3:e7:e3:1e:36:84:e7:19:ae:6d:3c:5c:10:f9:a5:c8:bd:14:
+        a6:ea:0b:0f:34:6d:69:78:c8:df:db:73:4a:c9:cf:c8:ad:f3:
+        58:8e:ac:f4:8f:46:ae:83:93:6a:6c:cd:7a:a2:40:24:51:74:
+        55:6f:23:a9:2d:75:d6:54:55:ab:dc:91:56:d5:f7:1f:33:47:
+        18:ac:cb:13:f6:15:9b:93:f0:16:10:79:9f:42:32:b9:44:93:
+        04:5a:45:18:6c:79:16:34:0d:00:dc:61:42:50:3b:ec:86:de:
+        6c:60:73:99:37:17:79:52:b4:67:72:21:3e:e7:06:1b:49:20:
+        e1:53:23:db:2b:0a:42:54:44:62:4f:87:11:2d:cf:26:3f:60:
+        0d:5f:6b:d7:89:45:60:0d:71:1a:fb:b5:13:55:53:27:90:f0:
+        b8:cc:ce:99:50:69:bd:fa:3b:1d:7f:11:be:7b:cf:4f:09:de:
+        9b:a7:f9:05:34:2e:f1:59:dc:ea:e9:6b:c4:98:d7:8f:eb:81:
+        f7:ab:73:01:6e:6f:7c:00:dc:b9:55:4b:14:c0:74:28:32:3a:
+        b3:ee:0f:d9:8d:ca:dd:3a:fb:1e:72:19:f1:7c:94:cb:ff:00:
+        49:2d:ab:d0
+-----BEGIN X509 CRL-----
+MIICizCCAT8CAQEwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMIGyMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29s
+ZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYK
+CZImiZPyLGQBAQwHd29sZlNTTBcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0
+WjAUMBICAQEXDTI0MTIxODIxMjUzNFqgDjAMMAoGA1UdFAQDAgENMEEGCSqGSIb3
+DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUD
+BAIBBQCiAwIBIAOCAQEABhN8cF8rO0+PUKsFl2tl3x2V8+fjHjaE5xmubTxcEPml
+yL0UpuoLDzRtaXjI39tzSsnPyK3zWI6s9I9GroOTamzNeqJAJFF0VW8jqS111lRV
+q9yRVtX3HzNHGKzLE/YVm5PwFhB5n0IyuUSTBFpFGGx5FjQNANxhQlA77IbebGBz
+mTcXeVK0Z3IhPucGG0kg4VMj2ysKQlREYk+HES3PJj9gDV9r14lFYA1xGvu1E1VT
+J5DwuMzOmVBpvfo7HX8RvnvPTwnem6f5BTQu8Vnc6ulrxJjXj+uB96tzAW5vfADc
+uVVLFMB0KDI6s+4P2Y3K3Tr7HnIZ8XyUy/8ASS2r0A==
+-----END X509 CRL-----
diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem
index 86fa84a0f..5be9aba83 100644
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@@ -2,25 +2,26 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 9
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:dc:a7:bf:34:1b:68:b6:54:0c:38:8d:46:41:
-         84:bf:fa:f0:96:00:89:a6:81:4a:0f:15:12:ef:15:98:f7:51:
-         95:02:20:08:57:33:0d:c1:a5:c6:83:63:49:96:8c:71:41:7b:
-         40:92:67:80:d6:23:62:2a:c2:f2:43:5a:92:9b:9b:d6:83
+    Signature Value:
+        30:46:02:21:00:83:c3:c9:fb:7c:ba:38:4a:fd:2b:60:80:d1:
+        3a:6d:5f:52:c7:b9:f4:53:a9:7c:1e:c7:5c:fe:66:39:f6:3b:
+        79:02:21:00:bf:83:70:99:74:15:ac:92:d8:39:df:3b:c8:bc:
+        2b:78:65:9d:ba:d8:2c:e4:22:17:2b:10:b8:b3:5b:d7:40:58
 -----BEGIN X509 CRL-----
-MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
+MIIBPTCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
 Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
 BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIx
-OTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
-SM49BAMCA0gAMEUCIQDcp780G2i2VAw4jUZBhL/68JYAiaaBSg8VEu8VmPdRlQIg
-CFczDcGlxoNjSZaMcUF7QJJngNYjYirC8kNakpub1oM=
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEy
+NTM0WjAUMBICAQIXDTI0MTIxODIxMjUzNFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
+SM49BAMCA0kAMEYCIQCDw8n7fLo4Sv0rYIDROm1fUse59FOpfB7HXP5mOfY7eQIh
+AL+DcJl0FayS2DnfO8i8K3hlnbrYLOQiFysQuLNb10BY
 -----END X509 CRL-----
diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem
index 8cd5091ca..b26e63281 100644
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@@ -2,25 +2,26 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:33 2023 GMT
-        Next Update: Sep  8 22:19:33 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 10
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Dec 13 22:19:33 2023 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:a9:26:ab:1a:4a:be:5c:92:da:9d:17:0a:b5:
-         f6:40:ea:84:93:ce:57:b8:af:68:75:e8:e9:de:a7:27:e7:79:
-         48:02:20:11:d4:03:97:19:2a:28:04:70:28:bb:5e:6a:b7:f6:
-         32:90:f1:92:ff:48:7c:cf:e7:94:0f:ce:63:de:f8:fc:6c
+    Signature Value:
+        30:46:02:21:00:f9:6b:fd:14:b6:22:16:76:a1:1a:b8:7f:d8:
+        2d:5c:f6:0b:b9:1e:50:3e:ab:69:94:a0:d2:cc:f3:b6:eb:50:
+        0d:02:21:00:9f:8f:c1:0d:2e:4a:49:cf:ca:9c:d9:d4:54:37:
+        c1:49:df:38:c7:26:06:a8:f5:61:cb:e3:24:dc:d9:86:36:b3
 -----BEGIN X509 CRL-----
-MIIBPzCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBQDCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4
-MjIxOTMzWjAUMBICAQIXDTIzMTIxMzIyMTkzM1qgDjAMMAoGA1UdFAQDAgEKMAoG
-CCqGSM49BAMCA0gAMEUCIQCpJqsaSr5cktqdFwq19kDqhJPOV7ivaHXo6d6nJ+d5
-SAIgEdQDlxkqKARwKLtearf2MpDxkv9IfM/nlA/OY974/Gw=
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0
+MjEyNTM0WjAUMBICAQIXDTI0MTIxODIxMjUzNFqgDjAMMAoGA1UdFAQDAgEKMAoG
+CCqGSM49BAMCA0kAMEYCIQD5a/0UtiIWdqEauH/YLVz2C7keUD6raZSg0szztutQ
+DQIhAJ+PwQ0uSknPypzZ1FQ3wUnfOMcmBqj1YcvjJNzZhjaz
 -----END X509 CRL-----
diff --git a/certs/crl/extra-crls/ca-int-cert-revoked.pem b/certs/crl/extra-crls/ca-int-cert-revoked.pem
index 16b02cd91..a160ea72e 100644
--- a/certs/crl/extra-crls/ca-int-cert-revoked.pem
+++ b/certs/crl/extra-crls/ca-int-cert-revoked.pem
@@ -2,12 +2,12 @@
 MIICBTCB7gIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFTATAgIQABcNMjMxMjEzMjIxOTMzWqAOMAwwCgYDVR0U
-BAMCAQUwDQYJKoZIhvcNAQELBQADggEBACmOUprDH201Mv2gW5wiighBTzH10Lwv
-tKJtoehgsTPgsWPk7BaDTsgzLqrk5g7Nlhe1by5UNGgRbHNBzK+TQgeOtdEE0npr
-PITh7Kmtk8rAKygYjDHPtamJLc0oJcpRkVIB7PiyKs8LUlVr+Cv3m6F5I9K5pxc8
-9FXVlrVfAuN8KDC68SPlmpCsWh8v11lXRyy7sMg/ScLvBxTYiehe54kS/IUnjx1E
-eKbgRGKf0alznvdQizMhkX4XJ1gbxdeAzbxO0vsCdgevj4uSyizYKzuMkilqzure
-KGgSLade8ZwS952XPRLHGmPEeVfaDs5qdXBC6Ov9Tg+IVfmY9FO2Tp4=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFTATAgIQABcNMjQxMjE4MjEyNTM0WqAOMAwwCgYDVR0U
+BAMCAQUwDQYJKoZIhvcNAQELBQADggEBAIhhLr6vLcfpBh7jB6SfToKS0yPJON6j
+qBBhPH6xI/bbQOMjOqMeh7olBf7NuPU3ak6FkiiYqlsSO0WMQgALVRffJHKXIpzw
+9x2wClDh/93QQoeKHoyf3BSWCU1b9wG3X3j2NzCUjGZb1n18HrZmdHuKFi5JR5b2
+ovKbJaoKrQurtlbPp98D4v36GR78RGuNOAbXPB5TQSsCRrFg6MKTkqeAwtZYaDAq
+V4jcjtpEm5HSoC2UlpNudXLi+mJ63dX2/vd3Zo12I8tVsSVYvD50suSRlVrynnkp
+NbQ1lFxbtBBjHQwJXn+hmh/RlCAjfebwH3qPKzHSftrcD1MfFXUvl7E=
 -----END X509 CRL-----
diff --git a/certs/crl/extra-crls/general-server-crl.pem b/certs/crl/extra-crls/general-server-crl.pem
index d547b88fb..d9d2ed1a7 100644
--- a/certs/crl/extra-crls/general-server-crl.pem
+++ b/certs/crl/extra-crls/general-server-crl.pem
@@ -2,12 +2,12 @@
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkzM1oX
-DTI2MDkwODIyMTkzM1owFDASAgEBFw0yMzEyMTMyMjE5MzNaoA4wDDAKBgNVHRQE
-AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAkoJhgjUEmUasZKFCVTZ0yLC+AoCpm10E
-den4O2yCm6N6NNlOuCbJr34iHSFHeS4Dal0phM6fl6wQTiC5zdVlG4Tnq+RlBVNk
-/15jGnjTH20bEc+2KS855GvTe9LhP/HgwS1usLhfR8YwVMSFL2NbFO+HEMD9ULx5
-UkGg9I9ehAcp42uR8RpWkeoLoWzbiw+YaBNZPdzYIylW4RqeLX3D+QhDGEnk3pR/
-Zvl3NcmLKMghXy9hMFEqu0A/G0lC5U2Oo+7jWcjO2Kn8QzCfbXrieIJ/0R4i2tUj
-wtmZ4mKVqaD66x/mSXYPpX52p5RTD7R3k+04w9FzLk73LuM69WQr5w==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFDASAgEBFw0yNDEyMTgyMTI1MzRaoA4wDDAKBgNVHRQE
+AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAa9iQzyqcZHY/kx9Ywnj6/vRf2i/SkV9o
+xJX+Y4Yhs0NDqJdKhr3w8wMF4j9sq79zFeeCvc8nczSwpotp7ENMDf6L45sPl9dB
+CxvT9TOlgCJxA5zNXcJ3kI2R3x2M02E02pE5TmqN/kjC9PCa0rIcGTA0Uo2M1IXB
+TLRyza9XPZDYA19flgsPHC456JVrnfCOoVR6rCJmX0SSwMyGl10Wrcl3fdy1VeLc
+ZwUNUbo22swPPP7YtvJPlZ/ue7lGBf08BD8+bDGgEo2pZFZ51VFzyuRgfZ2/tnEY
+4hNQUSLfDhjXCcwz3arRXdaaA7xnOEMaehfwd/cjkiJWvNygGr83Wg==
 -----END X509 CRL-----
diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index e509d9623..9a1c67f16 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # gencrls, crl config already done, see taoCerts.txt for setup
 check_result(){
@@ -202,4 +202,21 @@ echo "Step 26"
 openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
 openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
 
+# clear state for RSA-PSS revoke
+cp blank.index.txt demoCA/index.txt
+
+echo "Step 27 RSA-PSS revoke"
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../rsapss/server-rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
+check_result $?
+
+echo "Step 28 RSA-PSS"
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl_rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
+check_result $?
+
+# metadata
+echo "Step 29"
+openssl crl -in crl_rsapss.pem -text > tmp
+check_result $?
+mv tmp crl_rsapss.pem
+
 exit 0
diff --git a/certs/crl/include.am b/certs/crl/include.am
index 91f09bd0d..d3194933a 100644
--- a/certs/crl/include.am
+++ b/certs/crl/include.am
@@ -15,7 +15,8 @@ EXTRA_DIST += \
 		certs/crl/caEcc384Crl.pem \
 		certs/crl/wolfssl.cnf \
 		certs/crl/crl.der \
-		certs/crl/crl2.der
+		certs/crl/crl2.der \
+        certs/crl/crl_rsapss.pem
 
 EXTRA_DIST += \
 		certs/crl/crl.revoked \
diff --git a/certs/crl/server-goodaltCrl.pem b/certs/crl/server-goodaltCrl.pem
index 6305d4f34..20165e4ec 100644
--- a/certs/crl/server-goodaltCrl.pem
+++ b/certs/crl/server-goodaltCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         30:f4:19:0d:3b:23:d8:e3:b9:55:f5:aa:91:6d:20:a3:71:7d:
-         a2:c8:2e:92:18:17:fb:73:5c:52:f0:44:32:67:87:43:82:93:
-         94:53:62:c3:32:c6:6e:4a:93:a6:99:44:f7:95:b0:24:98:95:
-         8a:e9:62:6b:30:18:46:b4:00:1c:f1:75:e5:87:dc:5c:c3:b3:
-         35:2b:3a:8a:2a:a6:99:73:88:e5:07:d8:cb:ec:d9:ba:06:69:
-         1c:2f:38:37:44:e2:b4:d5:e1:f6:38:56:b3:45:ff:66:7a:da:
-         00:0c:d4:4c:d3:2f:90:e8:4a:c2:0a:1f:4a:6b:1a:87:57:a9:
-         31:f9:78:2b:1f:8c:9c:ed:ef:08:d1:15:49:8d:fa:8d:57:80:
-         36:b4:42:1f:58:62:80:9f:2f:66:cc:b3:4c:64:18:9e:8e:9d:
-         b7:cb:a3:7c:47:67:bf:ec:68:a7:10:f6:68:b0:a8:7a:d4:a5:
-         eb:77:6a:0c:de:3a:16:6b:9c:87:6c:aa:5b:e1:e2:03:d9:ac:
-         33:3a:51:56:de:b1:61:c2:01:70:2b:96:e1:b4:0f:08:a2:f4:
-         49:79:51:eb:1c:56:a9:9e:a4:f7:f9:6a:69:2a:d7:d7:77:45:
-         7a:97:12:bb:d6:6b:6e:07:aa:05:87:b5:6f:b7:b2:1f:e6:84:
-         33:87:16:14
+    Signature Value:
+        5f:bb:9e:e9:f1:4e:f7:5b:07:24:60:bd:b5:3a:7b:88:04:fa:
+        a7:6c:15:17:b8:f9:dd:12:a5:df:59:ec:0f:00:a1:a6:24:46:
+        d7:a4:c5:2d:30:71:b7:6c:7b:f2:a8:09:02:9d:f9:96:e0:49:
+        94:d0:a5:bf:b0:df:65:5f:7a:82:7a:5d:14:0b:67:c8:d3:12:
+        fb:12:48:ac:a0:4d:7a:b1:0e:07:25:e7:e4:69:75:a2:a9:d0:
+        a7:f0:09:d1:ba:a8:be:40:8a:e1:ad:1b:c6:a3:46:b3:2b:44:
+        81:d2:bd:66:b8:ba:d0:d5:6d:0e:da:ee:b3:40:d2:7d:40:59:
+        25:12:f3:e9:98:07:00:96:e6:72:97:d5:dc:a0:a4:ea:4f:36:
+        c9:07:cf:ae:08:ab:f0:90:fe:93:d4:b6:50:73:c1:a5:d5:5b:
+        04:ce:9b:11:5a:b2:1c:11:75:39:f5:97:4b:4e:dd:be:47:ae:
+        c9:c3:1e:a4:6a:1b:ca:ec:40:09:3c:3f:34:9b:e6:00:83:d6:
+        fa:84:1f:85:48:64:61:2b:4c:50:d6:be:29:67:f7:37:62:95:
+        0a:ff:ee:ab:02:1e:79:d3:1c:60:50:a9:3e:0e:da:5f:38:14:
+        b7:0b:d3:02:f8:1d:9f:ea:e9:9c:81:86:87:02:9e:6d:0d:5a:
+        85:57:ba:23
 -----BEGIN X509 CRL-----
 MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVqgDjAM
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAw9BkNOyPY47lV9aqRbSCj
-cX2iyC6SGBf7c1xS8EQyZ4dDgpOUU2LDMsZuSpOmmUT3lbAkmJWK6WJrMBhGtAAc
-8XXlh9xcw7M1KzqKKqaZc4jlB9jL7Nm6BmkcLzg3ROK01eH2OFazRf9metoADNRM
-0y+Q6ErCCh9KaxqHV6kx+XgrH4yc7e8I0RVJjfqNV4A2tEIfWGKAny9mzLNMZBie
-jp23y6N8R2e/7GinEPZosKh61KXrd2oM3joWa5yHbKpb4eID2awzOlFW3rFhwgFw
-K5bhtA8IovRJeVHrHFapnqT3+WppKtfXd0V6lxK71mtuB6oFh7Vvt7If5oQzhxYU
+Zm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVqgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBfu57p8U73WwckYL21OnuI
+BPqnbBUXuPndEqXfWewPAKGmJEbXpMUtMHG3bHvyqAkCnfmW4EmU0KW/sN9lX3qC
+el0UC2fI0xL7EkisoE16sQ4HJefkaXWiqdCn8AnRuqi+QIrhrRvGo0azK0SB0r1m
+uLrQ1W0O2u6zQNJ9QFklEvPpmAcAluZyl9XcoKTqTzbJB8+uCKvwkP6T1LZQc8Gl
+1VsEzpsRWrIcEXU59ZdLTt2+R67Jwx6kahvK7EAJPD80m+YAg9b6hB+FSGRhK0xQ
+1r4pZ/c3YpUK/+6rAh550xxgUKk+DtpfOBS3C9MC+B2f6umcgYaHAp5tDVqFV7oj
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem
index 6305d4f34..20165e4ec 100644
--- a/certs/crl/server-goodaltwildCrl.pem
+++ b/certs/crl/server-goodaltwildCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         30:f4:19:0d:3b:23:d8:e3:b9:55:f5:aa:91:6d:20:a3:71:7d:
-         a2:c8:2e:92:18:17:fb:73:5c:52:f0:44:32:67:87:43:82:93:
-         94:53:62:c3:32:c6:6e:4a:93:a6:99:44:f7:95:b0:24:98:95:
-         8a:e9:62:6b:30:18:46:b4:00:1c:f1:75:e5:87:dc:5c:c3:b3:
-         35:2b:3a:8a:2a:a6:99:73:88:e5:07:d8:cb:ec:d9:ba:06:69:
-         1c:2f:38:37:44:e2:b4:d5:e1:f6:38:56:b3:45:ff:66:7a:da:
-         00:0c:d4:4c:d3:2f:90:e8:4a:c2:0a:1f:4a:6b:1a:87:57:a9:
-         31:f9:78:2b:1f:8c:9c:ed:ef:08:d1:15:49:8d:fa:8d:57:80:
-         36:b4:42:1f:58:62:80:9f:2f:66:cc:b3:4c:64:18:9e:8e:9d:
-         b7:cb:a3:7c:47:67:bf:ec:68:a7:10:f6:68:b0:a8:7a:d4:a5:
-         eb:77:6a:0c:de:3a:16:6b:9c:87:6c:aa:5b:e1:e2:03:d9:ac:
-         33:3a:51:56:de:b1:61:c2:01:70:2b:96:e1:b4:0f:08:a2:f4:
-         49:79:51:eb:1c:56:a9:9e:a4:f7:f9:6a:69:2a:d7:d7:77:45:
-         7a:97:12:bb:d6:6b:6e:07:aa:05:87:b5:6f:b7:b2:1f:e6:84:
-         33:87:16:14
+    Signature Value:
+        5f:bb:9e:e9:f1:4e:f7:5b:07:24:60:bd:b5:3a:7b:88:04:fa:
+        a7:6c:15:17:b8:f9:dd:12:a5:df:59:ec:0f:00:a1:a6:24:46:
+        d7:a4:c5:2d:30:71:b7:6c:7b:f2:a8:09:02:9d:f9:96:e0:49:
+        94:d0:a5:bf:b0:df:65:5f:7a:82:7a:5d:14:0b:67:c8:d3:12:
+        fb:12:48:ac:a0:4d:7a:b1:0e:07:25:e7:e4:69:75:a2:a9:d0:
+        a7:f0:09:d1:ba:a8:be:40:8a:e1:ad:1b:c6:a3:46:b3:2b:44:
+        81:d2:bd:66:b8:ba:d0:d5:6d:0e:da:ee:b3:40:d2:7d:40:59:
+        25:12:f3:e9:98:07:00:96:e6:72:97:d5:dc:a0:a4:ea:4f:36:
+        c9:07:cf:ae:08:ab:f0:90:fe:93:d4:b6:50:73:c1:a5:d5:5b:
+        04:ce:9b:11:5a:b2:1c:11:75:39:f5:97:4b:4e:dd:be:47:ae:
+        c9:c3:1e:a4:6a:1b:ca:ec:40:09:3c:3f:34:9b:e6:00:83:d6:
+        fa:84:1f:85:48:64:61:2b:4c:50:d6:be:29:67:f7:37:62:95:
+        0a:ff:ee:ab:02:1e:79:d3:1c:60:50:a9:3e:0e:da:5f:38:14:
+        b7:0b:d3:02:f8:1d:9f:ea:e9:9c:81:86:87:02:9e:6d:0d:5a:
+        85:57:ba:23
 -----BEGIN X509 CRL-----
 MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVqgDjAM
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAw9BkNOyPY47lV9aqRbSCj
-cX2iyC6SGBf7c1xS8EQyZ4dDgpOUU2LDMsZuSpOmmUT3lbAkmJWK6WJrMBhGtAAc
-8XXlh9xcw7M1KzqKKqaZc4jlB9jL7Nm6BmkcLzg3ROK01eH2OFazRf9metoADNRM
-0y+Q6ErCCh9KaxqHV6kx+XgrH4yc7e8I0RVJjfqNV4A2tEIfWGKAny9mzLNMZBie
-jp23y6N8R2e/7GinEPZosKh61KXrd2oM3joWa5yHbKpb4eID2awzOlFW3rFhwgFw
-K5bhtA8IovRJeVHrHFapnqT3+WppKtfXd0V6lxK71mtuB6oFh7Vvt7If5oQzhxYU
+Zm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVqgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBfu57p8U73WwckYL21OnuI
+BPqnbBUXuPndEqXfWewPAKGmJEbXpMUtMHG3bHvyqAkCnfmW4EmU0KW/sN9lX3qC
+el0UC2fI0xL7EkisoE16sQ4HJefkaXWiqdCn8AnRuqi+QIrhrRvGo0azK0SB0r1m
+uLrQ1W0O2u6zQNJ9QFklEvPpmAcAluZyl9XcoKTqTzbJB8+uCKvwkP6T1LZQc8Gl
+1VsEzpsRWrIcEXU59ZdLTt2+R67Jwx6kahvK7EAJPD80m+YAg9b6hB+FSGRhK0xQ
+1r4pZ/c3YpUK/+6rAh550xxgUKk+DtpfOBS3C9MC+B2f6umcgYaHAp5tDVqFV7oj
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodcnCrl.pem b/certs/crl/server-goodcnCrl.pem
index 967523621..499b7595e 100644
--- a/certs/crl/server-goodcnCrl.pem
+++ b/certs/crl/server-goodcnCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         b7:22:47:45:ee:bb:63:91:42:29:23:33:af:eb:d7:46:41:be:
-         66:89:0e:62:ff:b7:c0:9a:09:46:95:98:33:36:63:ec:2a:10:
-         01:2c:a9:9d:6c:1a:45:b9:95:e8:62:3d:10:ee:65:a0:6c:8d:
-         aa:d0:41:6f:b1:d9:a9:59:dd:e9:40:c1:36:73:89:3a:59:02:
-         42:c3:77:33:59:a0:52:18:4b:0c:64:bd:f6:10:cc:50:3f:ad:
-         bb:95:02:13:73:5a:95:a0:15:08:ec:dc:0f:53:3a:29:de:1b:
-         3e:b4:4a:8c:3a:14:0d:48:f6:88:05:b7:55:ff:c0:e9:aa:e2:
-         49:26:8e:ba:b5:88:3a:c1:5a:48:68:ed:bb:b9:ae:1e:ad:18:
-         44:60:08:15:4f:ef:8e:7f:db:63:60:aa:36:9a:7b:1a:92:34:
-         43:65:b8:d2:6c:85:4d:62:75:c8:5b:45:60:c2:b2:72:c6:79:
-         9d:19:24:2e:bf:8f:75:24:7c:60:83:bf:98:e0:dc:98:b4:18:
-         ef:41:c7:10:46:89:2b:88:73:40:f4:f1:7b:17:5e:2b:fa:bd:
-         28:9e:8e:b9:9a:d5:ba:a0:29:65:b8:df:27:b0:c5:51:b6:61:
-         7b:69:0f:be:17:4b:14:48:73:60:14:ea:96:fd:9c:4c:62:bd:
-         ea:cf:b0:b1
+    Signature Value:
+        2f:28:e7:b2:46:58:01:03:b8:47:87:4d:75:63:04:40:cd:c2:
+        dd:23:17:82:81:03:88:b9:99:20:91:50:70:84:dd:38:b1:51:
+        7e:fb:67:09:d1:73:54:e2:58:2a:1b:b4:35:3b:b9:32:70:d0:
+        03:e2:ec:7c:90:d4:18:63:bf:35:c0:93:80:bf:fa:2b:57:88:
+        e1:24:c2:59:87:9b:9f:c3:04:2f:ed:53:ae:22:c7:5d:b5:41:
+        18:b9:96:37:e6:50:96:d2:c0:4c:ba:a6:ac:13:af:86:7d:58:
+        01:e0:ad:23:bb:76:bd:36:ff:d7:3f:4e:4d:0e:20:e0:97:29:
+        e7:a7:26:a1:3a:56:e8:d2:86:24:58:06:2d:0b:26:3e:f9:fc:
+        0d:fc:75:e3:1b:72:28:ff:5d:07:cd:da:4b:46:be:62:f7:6a:
+        bc:d3:4d:18:b2:53:59:04:ab:3f:de:30:63:b3:42:ae:0d:00:
+        b9:f8:f6:bc:7a:b6:fd:4f:f4:72:89:3b:84:d0:7e:12:70:7b:
+        17:26:0c:9d:ba:a5:aa:b3:0d:e0:4b:07:09:52:87:7a:28:b5:
+        77:0b:68:57:37:ab:c4:36:6b:1c:08:8d:34:9d:b6:3a:39:20:
+        be:3d:77:2a:85:2f:38:26:1a:01:60:34:9f:7e:bc:c4:7a:a6:
+        d5:13:1d:9c
 -----BEGIN X509 CRL-----
 MIIB1TCBvgIBATANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
 CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbRcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WqAOMAwwCgYDVR0U
-BAMCAQEwDQYJKoZIhvcNAQELBQADggEBALciR0Xuu2ORQikjM6/r10ZBvmaJDmL/
-t8CaCUaVmDM2Y+wqEAEsqZ1sGkW5lehiPRDuZaBsjarQQW+x2alZ3elAwTZziTpZ
-AkLDdzNZoFIYSwxkvfYQzFA/rbuVAhNzWpWgFQjs3A9TOineGz60Sow6FA1I9ogF
-t1X/wOmq4kkmjrq1iDrBWkho7bu5rh6tGERgCBVP745/22NgqjaaexqSNENluNJs
-hU1idchbRWDCsnLGeZ0ZJC6/j3UkfGCDv5jg3Ji0GO9BxxBGiSuIc0D08XsXXiv6
-vSiejrma1bqgKWW43yewxVG2YXtpD74XSxRIc2AU6pb9nExiverPsLE=
+c3NsLmNvbRcNMjQxMjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWqAOMAwwCgYDVR0U
+BAMCAQEwDQYJKoZIhvcNAQELBQADggEBAC8o57JGWAEDuEeHTXVjBEDNwt0jF4KB
+A4i5mSCRUHCE3TixUX77ZwnRc1TiWCobtDU7uTJw0APi7HyQ1BhjvzXAk4C/+itX
+iOEkwlmHm5/DBC/tU64ix121QRi5ljfmUJbSwEy6pqwTr4Z9WAHgrSO7dr02/9c/
+Tk0OIOCXKeenJqE6VujShiRYBi0LJj75/A38deMbcij/XQfN2ktGvmL3arzTTRiy
+U1kEqz/eMGOzQq4NALn49rx6tv1P9HKJO4TQfhJwexcmDJ26paqzDeBLBwlSh3oo
+tXcLaFc3q8Q2axwIjTSdtjo5IL49dyqFLzgmGgFgNJ9+vMR6ptUTHZw=
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem
index ae2fc9ea8..f5c3c50bf 100644
--- a/certs/crl/server-goodcnwildCrl.pem
+++ b/certs/crl/server-goodcnwildCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         36:0f:c7:e0:9c:1d:71:f6:09:24:51:e8:49:5e:db:38:d5:6b:
-         90:68:62:c7:5f:a0:eb:c5:c9:63:69:ca:56:30:d7:92:3d:0e:
-         38:d3:34:97:35:df:16:4f:de:2f:ba:1f:38:00:9d:99:28:ea:
-         11:bb:dd:ec:42:03:ec:03:d1:05:84:9e:35:d5:ad:d1:36:91:
-         d0:49:4d:c5:e7:50:84:77:f6:8c:c5:47:1c:f4:9c:88:87:ac:
-         af:81:70:3e:05:d1:33:5a:07:0c:ac:39:e2:ca:c7:3d:ea:80:
-         41:4e:9c:37:dd:ac:76:b3:14:58:f9:88:20:2b:b2:f4:0f:01:
-         18:73:31:88:c4:c6:66:59:d7:fc:61:44:98:c3:33:ee:74:10:
-         8f:58:78:91:06:53:a3:eb:99:2e:f8:91:e7:32:e0:17:f5:ea:
-         b6:56:27:68:a2:2b:30:05:a8:0c:02:e8:0f:84:20:37:0e:2c:
-         a5:34:af:09:85:e3:85:d9:8e:78:e4:9e:75:be:27:3b:81:72:
-         c5:87:2c:f9:1f:73:60:ce:2c:3b:d3:95:df:a8:16:6a:da:45:
-         ea:ab:5c:7a:bb:8a:7a:b3:f3:34:ec:e4:7c:62:36:4f:dd:1f:
-         89:86:05:ac:1e:42:11:b7:29:b3:97:f9:ad:cb:73:1f:02:8d:
-         4c:80:ef:f8
+    Signature Value:
+        9a:06:6f:af:9a:2b:7d:ff:7c:4f:e5:be:e5:a7:68:8b:43:d3:
+        46:c7:7c:2c:c6:38:5e:a5:81:15:57:73:26:2d:ad:63:12:8b:
+        66:54:c6:b9:18:7e:63:12:4e:9e:dc:d7:38:6b:dd:c1:b8:c2:
+        58:a4:5d:ea:72:66:da:b4:95:9e:e8:b5:02:48:c3:b0:7a:84:
+        ab:89:ff:4f:e2:6a:1d:d2:1e:7b:10:5f:30:55:a5:88:72:45:
+        e4:c7:2e:43:6f:d5:22:48:11:c1:c0:d2:a5:01:bd:d7:81:3d:
+        8f:48:d2:0d:29:88:0e:33:b5:bb:32:33:bd:c7:4b:9b:ee:5f:
+        bd:f5:e0:69:9b:f8:fb:b1:03:7d:b7:17:66:5d:b8:41:c3:96:
+        80:87:4d:d2:dc:cc:f8:9a:61:89:68:0f:e4:b0:96:c1:41:fd:
+        ed:4d:36:17:9b:58:ea:ba:32:05:29:4c:cf:f3:41:38:89:6a:
+        db:ad:73:10:d3:8e:70:d7:bc:a3:f0:f0:1d:94:86:03:2f:43:
+        00:5c:a7:69:97:a2:47:75:f6:00:32:f3:46:a0:9d:14:73:52:
+        db:aa:12:83:d1:ed:49:b6:85:36:ff:17:00:b2:0a:b1:f5:dd:
+        2d:c3:b0:ba:2d:b0:da:65:d7:b2:df:19:dd:45:fe:9c:c0:7f:
+        4b:27:9b:e1
 -----BEGIN X509 CRL-----
 MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE
 CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVqgDjAMMAoGA1Ud
-FAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQA2D8fgnB1x9gkkUehJXts41WuQaGLH
-X6DrxcljacpWMNeSPQ440zSXNd8WT94vuh84AJ2ZKOoRu93sQgPsA9EFhJ411a3R
-NpHQSU3F51CEd/aMxUcc9JyIh6yvgXA+BdEzWgcMrDniysc96oBBTpw33ax2sxRY
-+YggK7L0DwEYczGIxMZmWdf8YUSYwzPudBCPWHiRBlOj65ku+JHnMuAX9eq2Vido
-oiswBagMAugPhCA3DiylNK8JheOF2Y545J51vic7gXLFhyz5H3Ngziw705XfqBZq
-2kXqq1x6u4p6s/M07OR8YjZP3R+JhgWsHkIRtymzl/mty3MfAo1MgO/4
+ZnNzbC5jb20XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVqgDjAMMAoGA1Ud
+FAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCaBm+vmit9/3xP5b7lp2iLQ9NGx3ws
+xjhepYEVV3MmLa1jEotmVMa5GH5jEk6e3Nc4a93BuMJYpF3qcmbatJWe6LUCSMOw
+eoSrif9P4mod0h57EF8wVaWIckXkxy5Db9UiSBHBwNKlAb3XgT2PSNINKYgOM7W7
+MjO9x0ub7l+99eBpm/j7sQN9txdmXbhBw5aAh03S3Mz4mmGJaA/ksJbBQf3tTTYX
+m1jqujIFKUzP80E4iWrbrXMQ045w17yj8PAdlIYDL0MAXKdpl6JHdfYAMvNGoJ0U
+c1LbqhKD0e1JtoU2/xcAsgqx9d0tw7C6LbDaZdey3xndRf6cwH9LJ5vh
 -----END X509 CRL-----
diff --git a/certs/dh-priv-2048.der b/certs/dh-priv-2048.der
new file mode 100644
index 000000000..f74c64143
Binary files /dev/null and b/certs/dh-priv-2048.der differ
diff --git a/certs/dh-priv-2048.pem b/certs/dh-priv-2048.pem
new file mode 100644
index 000000000..3a9fef2f3
--- /dev/null
+++ b/certs/dh-priv-2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN PRIVATE KEY-----
+MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBALChCAacCBO6WQY8vDDV9QDB
+T0Sn1u9KxiUnHOjSllMKXJHdosKUhL99skSfm9LBisW+clyn55Hm1J9zB4VbZkjH
+cPq07gLJPZpK2j3BRj4ZadEXRgejTZ8rlhc5bTCNKvOU03XPoHXm8pIfGnAFqgSD
+VzD72naTOFDoJ/1j7jzlt8gJrm9QNY6EzkoA6RJ+WjHXM/whE3bMFjDbDPzFYqc1
+uO+3sKzANvbZyUZI+UCQACsbqmzjGsMLA54bwkbkSE4ic2/DX9Sa1jAHSNaMkKvU
+9vHjSNNYS6a5zSm/aB8IS2OGL1xr1rYGZfem3ABna7vDqUGD+8f6yOIefq8AP5MC
+AQIEggEEAoIBAGgTxi13nL+WV5P+7N5Pog7yPpAD+2VCLWQh7akd6hZQ2DMlHsUe
+ptoAexAcst8vQOI1/Q1CX9ItJmUmLzUFNJSeYBp9kxNmNtSmgu2JUmQDF1GBsUlK
+ERt4h2PuXGAaRH39V13QP7KfYnb+7k5vo6z90XaDubLq1OQIaTpM4TbLVZBKoCmx
+ozuZjUQdC97adAKHQKBmpyI2AbfWM+Af43vV5uyfq4k4X+Y7k5habXFPRXcNKklk
+n6OA/isuvSN6S4i2fVmAG0hguT0utQJq6oScMZmav8izdbfOdOavXILLjRf/2Qv+
++IMa9qlwxfqcj4oZahATC2Vd9242JWUdOpQ=
+-----END PRIVATE KEY-----
diff --git a/certs/dh-pub-2048.der b/certs/dh-pub-2048.der
new file mode 100644
index 000000000..017b4af57
Binary files /dev/null and b/certs/dh-pub-2048.der differ
diff --git a/certs/dh-pub-2048.pem b/certs/dh-pub-2048.pem
new file mode 100644
index 000000000..48b3e3ff5
--- /dev/null
+++ b/certs/dh-pub-2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICJTCCARcGCSqGSIb3DQEDATCCAQgCggEBALChCAacCBO6WQY8vDDV9QDBT0Sn
+1u9KxiUnHOjSllMKXJHdosKUhL99skSfm9LBisW+clyn55Hm1J9zB4VbZkjHcPq0
+7gLJPZpK2j3BRj4ZadEXRgejTZ8rlhc5bTCNKvOU03XPoHXm8pIfGnAFqgSDVzD7
+2naTOFDoJ/1j7jzlt8gJrm9QNY6EzkoA6RJ+WjHXM/whE3bMFjDbDPzFYqc1uO+3
+sKzANvbZyUZI+UCQACsbqmzjGsMLA54bwkbkSE4ic2/DX9Sa1jAHSNaMkKvU9vHj
+SNNYS6a5zSm/aB8IS2OGL1xr1rYGZfem3ABna7vDqUGD+8f6yOIefq8AP5MCAQID
+ggEGAAKCAQEAgZ77PUjCE1nV8MPEk9zpTR6k1wYrpQKy3fjMK+kbuHUEw5AaMTK9
+Gi3vpfwpg5ZaZTgTkPgakEcMwEagNDXEjzYOwxK5Ui6FVQ3VaDydVkhZppxpULu4
+H1H2WwWUFTZTZlpCmhVsDWZwzy1RoxEfBnhC78hpLYKLzyASWC1EnCC9oP/U4aI/
+D6i0bK1pXxPGFrML5jRkVpQReCkLI/aOgeTNUAcJC+USxIPSXpdPYl81zsWRgawP
+bd2saVqE9DqJVSpoRY9yh1JoFqAagANNQL1x3sohEmMZq3EBbzReyawVW6Cbe5mb
+LMtSN/UWqN/NwbYNcVj/GxFuoutVnS5jmw==
+-----END PUBLIC KEY-----
diff --git a/certs/dsa2048.pem b/certs/dsa2048.pem
new file mode 100644
index 000000000..f21cc19fc
--- /dev/null
+++ b/certs/dsa2048.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDPwIBAAKCAQEAzI7JoNWaJxzaUt/HwOYGpD6KZknQWTNRacScXmSFx/Gr1dli
+rP2h4BtX/5bvDJ/IRIfrXJHQRkIJUGojy4lvVelqEamoMqszDVG1eVG0q6IlEY3l
+JL7Y8Z1OEm+sRFSAqbSBaE5EDrg5876DCHSixnrXan0KiFeDSNzPXm/uaAz3/wME
+kKr3B5j4Z1qDI2ZHYMNDbgORrChmy/DTBcgJl7WuAV6AO51P3j6U/suCsLH8kYsd
+iu7GBh83kUjS+GxdYBODp4Gsyo3QagQK6j4iThPxDbtga828XIejZytCoZ/NOVi+
+VbGThM6yEE7kw5+yU2EBKaqWyyBgQh26dUtjwQIVAOelOdRqN16VBjkHdwrroAPr
+eIKbAoIBAQCa1ExxL+z6MrKAfmFKa18YdkPDabpBx6cdeQHsrzSHZ08pgKg7h/bo
+oejNGxyGOPbRDEYuyODJMCbVLH/BCL/MWoKO1NRJqqL65sGd8NmWsP8MWzOOBt2d
+KKnpgEE72HqUIY9W8aK0K4kcdP9+kdwfkROYr8cG0kyQor3aFrplsC1ohzxuJY2Q
+x7wNqUMDyb7PhW/bB3uM+LHCSRBpY1Y3xTDS+3Ga6IIHLj6VUPNzzzRb1asCFfLM
+11LFKNhBGVVvuF/xmbPH2bNx9C3fIlk1hts5yhtNNZAZazHjyMYJv3ztAbSy9W7a
+Y0E85jpyLWVI9gfNkoSLHacxa9bw+9n0AoIBAGZLu7fJSJUNWqYtoX/fH2dt7VJL
+FmwXxq74asRX7S+z8CpVq7rK6hfoNXzlMQ1KlfxDb5c8XGesvmd/6U6qSLOSoXZ1
+6gQ0f4czLSS2KZfjBHeTiRPbG5O4LJAaCTsm2VnzKglY3KwltKlFO6I6bGGEv2jU
+6pvFKUhgFRA1LEQdtZrurMFo6Ee3QTQ5mvilIOkkxCxYP0xBMDoUbo3qrbqbQ9OY
+L4PYFGfo+NVPrOA7v6dUFl5JZCZUpGtpfLqKg9kuZQqiJ++ZmQjXtZ+gAe9+F7+D
+ay7dwDk4I2i0dmvlyvd87sBS4t2tWTpCBkWwx8F3BbIMMkBGqtp5dwRx33oCFQCY
+7rlRNz51ExMGj5TT5ukAy2Jtmg==
+-----END DSA PRIVATE KEY-----
diff --git a/certs/ecc-privOnlyCert.pem b/certs/ecc-privOnlyCert.pem
index f18e738ce..9f023dbe2 100644
--- a/certs/ecc-privOnlyCert.pem
+++ b/certs/ecc-privOnlyCert.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIBLTCB1QIUFZUiOVDYKhAz2ksNPuWt6EFKbLMwCgYIKoZIzj0EAwIwGjELMAkG
-A1UECgwCV1IxCzAJBgNVBAMMAkRFMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIy
-MTkyOFowGjELMAkGA1UECgwCV1IxCzAJBgNVBAMMAkRFMFkwEwYHKoZIzj0CAQYI
+MIIBLzCB1QIUflZfgRCpcQQ/nbPmIrNb7M8Qq4kwCgYIKoZIzj0EAwIwGjELMAkG
+A1UECgwCV1IxCzAJBgNVBAMMAkRFMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIx
+MjUzMFowGjELMAkGA1UECgwCV1IxCzAJBgNVBAMMAkRFMFkwEwYHKoZIzj0CAQYI
 KoZIzj0DAQcDQgAEJcD9Frgr8rgKHt2szmJSfFgKYH1Xddq9EcHVKupUa3bmPTb3
-3VGXa6gm/numvZZVhVCdmn5pAdhDRYnZ/korJjAKBggqhkjOPQQDAgNHADBEAiAA
-wvW2qa2RaryuYXg0+1jbMhaBHaDK3c0f+iFkfi2GdAIgGYqXzpGf+AGtTuxKM01+
-jbJnp9B4e2sXK8Ez3tKDFKw=
+3VGXa6gm/numvZZVhVCdmn5pAdhDRYnZ/korJjAKBggqhkjOPQQDAgNJADBGAiEA
+jEY07WKQpUx/PvL0GMEwS5MG8RL5xk5zxwWuQKWPMX8CIQD1j+MOwSFAIxFBr71C
+rDRk4RCkUkPpu8HHHiBm5y7TOA==
 -----END CERTIFICATE-----
diff --git a/certs/ecc-rsa-server.p12 b/certs/ecc-rsa-server.p12
index f24ae69b5..e07641533 100644
Binary files a/certs/ecc-rsa-server.p12 and b/certs/ecc-rsa-server.p12 differ
diff --git a/certs/ecc/bp256r1-key.der b/certs/ecc/bp256r1-key.der
index 4b0dbfd8f..f1fb74bfe 100644
Binary files a/certs/ecc/bp256r1-key.der and b/certs/ecc/bp256r1-key.der differ
diff --git a/certs/ecc/bp256r1-key.pem b/certs/ecc/bp256r1-key.pem
index 6ea06573a..17a398e1d 100644
--- a/certs/ecc/bp256r1-key.pem
+++ b/certs/ecc/bp256r1-key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHgCAQEEIJRV3i5+OVZxT5077AjYis31KM4viZoaS4QSxLxZB0VUoAsGCSskAwMC
-CAEBB6FEA0IABFHw7OBcOIJ6V8HLTzKj0N2ifNki/neXBTeF+0FX3/uWFBl/eUhw
-8Hjodp814a10sYCM+upii2nHK7tpMxca80g=
+MHgCAQEEIF2qrSdYpLpQ0NkBKDgW/Q6vu2gPSy3J8TZCeFptUgSjoAsGCSskAwMC
+CAEBB6FEA0IABICLLVevnQD2z+Xd+x9aacfTHtEWIBbgU9ozcCLi7u7zidKk5ndq
+IqCy1OLVFQlf8b3NmT1R465dloWSv1scK2Y=
 -----END EC PRIVATE KEY-----
diff --git a/certs/ecc/ca-secp256k1-cert.pem b/certs/ecc/ca-secp256k1-cert.pem
new file mode 100644
index 000000000..c07a6bac5
--- /dev/null
+++ b/certs/ecc/ca-secp256k1-cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICkDCCAjagAwIBAgIUUc9RpP6v1WEOzZjEtr4Hc5eaRJYwCgYIKoZIzj0EAwIw
+gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
+ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNNDQxMjEzMjEyNTI5WjCBljELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRIwEAYDVQQLDAlTRUNQMjU2SzExGDAWBgNVBAMM
+D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTBWMBAGByqGSM49AgEGBSuBBAAKA0IABNE4XtThp8HhrRFvS+ecVo5ya/u9V+zJ
+Bw5Yc7aXl1iSjuAoyCPVsGQ0SQ7qMv+A9lpVwgu/4zyUXx1zlBsepdGjYzBhMB0G
+A1UdDgQWBBR+afvAUc8tTDDL2NlYc47LZDQJnTAfBgNVHSMEGDAWgBR+afvAUc8t
+TDDL2NlYc47LZDQJnTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAK
+BggqhkjOPQQDAgNIADBFAiEAhu1XNxXZEXl37/QF+yCSlh0b3mAJIjNLA52OjaFp
+XYACIGfazS+mdI9JMZgGhBCgyLwWJ6iSTzwMBh74sz3awCAn
+-----END CERTIFICATE-----
diff --git a/certs/ecc/ca-secp256k1-key.pem b/certs/ecc/ca-secp256k1-key.pem
new file mode 100644
index 000000000..737a9838f
--- /dev/null
+++ b/certs/ecc/ca-secp256k1-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgc4nCj5LtUEfOKSe3/NPh
+7CNEkOwsTGVKROo2KEaIjW6hRANCAATROF7U4afB4a0Rb0vnnFaOcmv7vVfsyQcO
+WHO2l5dYko7gKMgj1bBkNEkO6jL/gPZaVcILv+M8lF8dc5QbHqXR
+-----END PRIVATE KEY-----
diff --git a/certs/ecc/client-bp256r1-cert.der b/certs/ecc/client-bp256r1-cert.der
index 72b5cde70..f377e9225 100644
Binary files a/certs/ecc/client-bp256r1-cert.der and b/certs/ecc/client-bp256r1-cert.der differ
diff --git a/certs/ecc/client-bp256r1-cert.pem b/certs/ecc/client-bp256r1-cert.pem
index 3d8b72d91..b2c7f82fc 100644
--- a/certs/ecc/client-bp256r1-cert.pem
+++ b/certs/ecc/client-bp256r1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            74:41:b9:37:a8:bf:42:e7:b6:16:1c:4f:7e:8c:24:06:81:78:1a:02
+            4a:c0:0d:f1:78:b2:ad:ae:34:4d:9c:17:d2:3e:14:40:53:e1:86:3e
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:51:f0:ec:e0:5c:38:82:7a:57:c1:cb:4f:32:a3:
-                    d0:dd:a2:7c:d9:22:fe:77:97:05:37:85:fb:41:57:
-                    df:fb:96:14:19:7f:79:48:70:f0:78:e8:76:9f:35:
-                    e1:ad:74:b1:80:8c:fa:ea:62:8b:69:c7:2b:bb:69:
-                    33:17:1a:f3:48
+                    04:80:8b:2d:57:af:9d:00:f6:cf:e5:dd:fb:1f:5a:
+                    69:c7:d3:1e:d1:16:20:16:e0:53:da:33:70:22:e2:
+                    ee:ee:f3:89:d2:a4:e6:77:6a:22:a0:b2:d4:e2:d5:
+                    15:09:5f:f1:bd:cd:99:3d:51:e3:ae:5d:96:85:92:
+                    bf:5b:1c:2b:66
                 ASN1 OID: brainpoolP256r1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,33 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Client, S/MIME
             X509v3 Subject Key Identifier: 
-                77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
+                BF:13:B7:26:16:A8:18:A2:A9:CC:FC:5E:9E:9E:5B:39:CB:08:CE:68
             X509v3 Authority Key Identifier: 
-                keyid:77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
-
+                DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256BPR1-CLI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:4A:C0:0D:F1:78:B2:AD:AE:34:4D:9C:17:D2:3E:14:40:53:E1:86:3E
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, E-mail Protection
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:20:e0:c6:8e:4d:c2:50:c4:7a:a1:6c:02:63:d2:
-         cd:2b:30:23:01:1d:51:cd:4b:14:07:45:39:1f:16:1e:0a:3a:
-         02:20:6b:a8:42:ac:90:9a:d9:8d:2c:dd:1c:bd:f1:90:d8:4d:
-         7b:aa:40:f0:f3:7f:45:83:dc:b9:1c:b5:de:2e:75:a7
+    Signature Value:
+        30:45:02:20:71:25:fb:20:e7:40:f5:a4:51:ac:e6:f4:33:51:
+        02:09:36:c7:01:00:ab:fa:50:72:4b:76:9b:5a:2e:07:67:a3:
+        02:21:00:9a:a0:c7:dc:94:d0:27:4c:bf:2c:1d:4f:22:48:3d:
+        ef:00:18:a9:d7:57:11:2d:72:fd:e3:62:c0:ef:2d:a6:7b
 -----BEGIN CERTIFICATE-----
-MIICyzCCAnKgAwIBAgIUdEG5N6i/Que2FhxPfowkBoF4GgIwCgYIKoZIzj0EAwIw
+MIIDdTCCAxugAwIBAgIUSsAN8Xiyra40TZwX0j4UQFPhhj4wCgYIKoZIzj0EAwIw
 gZsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEXMBUGA1UECwwORUNDMjU2QlBSMS1D
 TEkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
-b0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0zMzEyMTAyMjE5MjhaMIGb
+b0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0zNDEyMTYyMTI1MjlaMIGb
 MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2Vh
 dHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEtQ0xJ
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEUfDs4Fw4gnpX
-wctPMqPQ3aJ82SL+d5cFN4X7QVff+5YUGX95SHDweOh2nzXhrXSxgIz66mKLaccr
-u2kzFxrzSKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
-HQ4EFgQUd7ZGlrm3DVSjA+gh9Y03aT2JrfowHwYDVR0jBBgwFoAUd7ZGlrm3DVSj
-A+gh9Y03aT2JrfowDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
-BggrBgEFBQcDBDAKBggqhkjOPQQDAgNHADBEAiAg4MaOTcJQxHqhbAJj0s0rMCMB
-HVHNSxQHRTkfFh4KOgIga6hCrJCa2Y0s3Ry98ZDYTXuqQPDzf0WD3Lkctd4udac=
+d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEgIstV6+dAPbP
+5d37H1ppx9Me0RYgFuBT2jNwIuLu7vOJ0qTmd2oioLLU4tUVCV/xvc2ZPVHjrl2W
+hZK/WxwrZqOCATgwggE0MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMB0G
+A1UdDgQWBBS/E7cmFqgYoqnM/F6enls5ywjOaDCBxQYDVR0jBIG9MIG6oYGhpIGe
+MIGbMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
+U2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEt
+Q0xJMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb22CFErADfF4sq2uNE2cF9I+FEBT4YY+MA4GA1UdDwEB/wQE
+AwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwID
+SAAwRQIgcSX7IOdA9aRRrOb0M1ECCTbHAQCr+lByS3abWi4HZ6MCIQCaoMfclNAn
+TL8sHU8iSD3vABip11cRLXL942LA7y2mew==
 -----END CERTIFICATE-----
diff --git a/certs/ecc/client-secp256k1-cert.der b/certs/ecc/client-secp256k1-cert.der
index 32329db18..f49607b8a 100644
Binary files a/certs/ecc/client-secp256k1-cert.der and b/certs/ecc/client-secp256k1-cert.der differ
diff --git a/certs/ecc/client-secp256k1-cert.pem b/certs/ecc/client-secp256k1-cert.pem
index ddab3098d..7d9ed31fb 100644
--- a/certs/ecc/client-secp256k1-cert.pem
+++ b/certs/ecc/client-secp256k1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0a:24:55:a0:81:ab:0b:92:b7:e5:59:50:3e:7f:8d:0b:d0:15:0a:75
+            32:a0:cb:5f:26:62:a9:d9:14:ec:13:0e:78:b4:a2:0b:86:14:59:ce
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:be:d0:47:66:a6:6a:6c:21:b6:72:71:ce:20:67:
-                    61:05:b3:ef:b9:07:2c:31:6a:bb:6f:53:12:50:e9:
-                    06:06:64:4b:14:bb:56:61:b3:0c:3f:72:f2:45:f7:
-                    3b:96:39:76:57:52:93:e9:12:83:f1:d8:c5:87:11:
-                    aa:5e:8e:a5:c9
+                    04:02:55:2f:25:90:9d:54:d3:6e:23:b5:95:9e:67:
+                    a3:f8:c2:46:3a:ed:67:56:6d:23:87:43:db:6f:38:
+                    e6:5b:72:07:8d:1d:f8:5b:ea:b7:47:49:a9:8e:c7:
+                    2d:23:99:9e:2e:8c:be:72:de:0b:d3:f0:b4:49:2d:
+                    94:ec:6d:c2:3f
                 ASN1 OID: secp256k1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,33 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Client, S/MIME
             X509v3 Subject Key Identifier: 
-                6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
+                96:C4:7F:31:A2:90:B8:68:F1:9C:DD:75:16:52:DB:AC:04:B6:89:85
             X509v3 Authority Key Identifier: 
-                keyid:6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
-
+                DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256K1-CLI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:32:A0:CB:5F:26:62:A9:D9:14:EC:13:0E:78:B4:A2:0B:86:14:59:CE
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, E-mail Protection
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:89:22:af:09:dd:58:96:9b:a2:e3:fa:2e:13:
-         2c:af:69:55:b3:83:f3:4b:85:14:1a:df:28:74:5f:d9:ed:b3:
-         75:02:20:18:13:45:af:82:e7:65:f8:8c:8f:b3:6d:01:25:73:
-         6c:8c:c9:ff:e9:43:b8:eb:ef:df:25:9a:62:f8:d7:ac:04
+    Signature Value:
+        30:44:02:20:6b:33:e9:a6:35:fa:9c:26:06:2a:e8:2d:35:ed:
+        72:e3:90:b5:eb:c1:9b:7f:51:bc:ad:66:4a:de:37:c2:92:0c:
+        02:20:69:9a:6a:e8:84:8f:2c:51:00:71:37:d9:a3:66:ba:11:
+        d2:aa:e7:86:82:99:f5:4b:61:c7:0c:6d:c1:a3:2d:71
 -----BEGIN CERTIFICATE-----
-MIICxDCCAmqgAwIBAgIUCiRVoIGrC5K35VlQPn+NC9AVCnUwCgYIKoZIzj0EAwIw
+MIIDajCCAxGgAwIBAgIUMqDLXyZiqdkU7BMOeLSiC4YUWc4wCgYIKoZIzj0EAwIw
 gZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEVMBMGA1UECwwMRUNDMjU2SzEtQ0xJ
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMzMxMjEwMjIxOTI4WjCBmTEL
+d29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBmTEL
 MAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0
 bGUxETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1DTEkxGDAW
 BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABL7QR2amamwhtnJxziBnYQWz
-77kHLDFqu29TElDpBgZkSxS7VmGzDD9y8kX3O5Y5dldSk+kSg/HYxYcRql6Opcmj
-gZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFG2a
-CtZMyUNrEinEsLVJin+9QkuHMB8GA1UdIwQYMBaAFG2aCtZMyUNrEinEsLVJin+9
-QkuHMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
-AwQwCgYIKoZIzj0EAwIDSAAwRQIhAIkirwndWJabouP6LhMsr2lVs4PzS4UUGt8o
-dF/Z7bN1AiAYE0Wvgudl+IyPs20BJXNsjMn/6UO46+/fJZpi+NesBA==
+c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABAJVLyWQnVTTbiO1lZ5no/jC
+RjrtZ1ZtI4dD22845ltyB40d+Fvqt0dJqY7HLSOZni6MvnLeC9PwtEktlOxtwj+j
+ggE2MIIBMjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+lsR/MaKQuGjxnN11FlLbrAS2iYUwgcMGA1UdIwSBuzCBuKGBn6SBnDCBmTELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1DTEkxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbYIUMqDLXyZiqdkU7BMOeLSiC4YUWc4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNHADBEAiBrM+mm
+NfqcJgYq6C017XLjkLXrwZt/UbytZkreN8KSDAIgaZpq6ISPLFEAcTfZo2a6EdKq
+54aCmfVLYccMbcGjLXE=
 -----END CERTIFICATE-----
diff --git a/certs/ecc/genecc.sh b/certs/ecc/genecc.sh
index f90c5cbe9..c5c231c09 100755
--- a/certs/ecc/genecc.sh
+++ b/certs/ecc/genecc.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # run from wolfssl root
 
@@ -140,6 +140,13 @@ openssl x509 -req -in ./certs/ecc/client-bp256r1-req.pem -days 3650 -extfile ./c
 openssl x509 -inform pem -in ./certs/ecc/client-bp256r1-cert.pem -outform der -out ./certs/ecc/client-bp256r1-cert.der
 rm ./certs/ecc/client-bp256r1-req.pem
 
+# Create self-signed ECC secp256k1 (Koblitz) certificate
+openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:certs/ecc/secp256k1-param.pem -keyout ./certs/ecc/ca-secp256k1-key.pem -out ./certs/ecc/ca-secp256k1-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
+# Create server ECC secp256k1 (Koblitz) certificate
+openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/secp256k1-privkey.pem -out ./certs/ecc/server2-secp256k1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1-SVR/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
+openssl x509 -req -in ./certs/ecc/server2-secp256k1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions server_cert -CAkey ./certs/ecc/ca-secp256k1-key.pem -CA ./certs/ecc/ca-secp256k1-cert.pem -text -out ./certs/ecc/server2-secp256k1-cert.pem
+openssl x509 -inform pem -in ./certs/ecc/server2-secp256k1-cert.pem -outform der -out ./certs/ecc/server2-secp256k1-cert.der
+rm ./certs/ecc/server2-secp256k1-req.pem
 
 # update bad certificate with last byte in signature changed
 cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der
diff --git a/certs/ecc/include.am b/certs/ecc/include.am
index c5a4f858a..3408449ac 100644
--- a/certs/ecc/include.am
+++ b/certs/ecc/include.am
@@ -16,6 +16,13 @@ EXTRA_DIST += \
 		 certs/ecc/server-secp256k1-cert.der \
 		 certs/ecc/server-secp256k1-cert.pem
 
+EXTRA_DIST += \
+                 certs/ecc/ca-secp256k1-cert.pem \
+                 certs/ecc/ca-secp256k1-key.pem \
+                 certs/ecc/secp256k1-param.pem \
+                 certs/ecc/secp256k1-privkey.pem \
+                 certs/ecc/server2-secp256k1-cert.pem
+
 # Brainpool Curves
 EXTRA_DIST += \
 		 certs/ecc/bp256r1-key.der \
diff --git a/certs/ecc/secp256k1-key.der b/certs/ecc/secp256k1-key.der
index 813449415..3784ababc 100644
Binary files a/certs/ecc/secp256k1-key.der and b/certs/ecc/secp256k1-key.der differ
diff --git a/certs/ecc/secp256k1-key.pem b/certs/ecc/secp256k1-key.pem
index f27a7acdb..d3140987b 100644
--- a/certs/ecc/secp256k1-key.pem
+++ b/certs/ecc/secp256k1-key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHQCAQEEIE+dRTV5HyFrkYXxlCq98Ojh6m+szQbktzQwSBUEs4s3oAcGBSuBBAAK
-oUQDQgAEvtBHZqZqbCG2cnHOIGdhBbPvuQcsMWq7b1MSUOkGBmRLFLtWYbMMP3Ly
-Rfc7ljl2V1KT6RKD8djFhxGqXo6lyQ==
+MHQCAQEEIENIEXXZ7INNmsEwYBs9wnbYqf1pM7NaX2OHwtgCxUkFoAcGBSuBBAAK
+oUQDQgAEAlUvJZCdVNNuI7WVnmej+MJGOu1nVm0jh0PbbzjmW3IHjR34W+q3R0mp
+jsctI5meLoy+ct4L0/C0SS2U7G3CPw==
 -----END EC PRIVATE KEY-----
diff --git a/certs/ecc/secp256k1-param.pem b/certs/ecc/secp256k1-param.pem
new file mode 100644
index 000000000..32d952ea9
--- /dev/null
+++ b/certs/ecc/secp256k1-param.pem
@@ -0,0 +1,3 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQACg==
+-----END EC PARAMETERS-----
diff --git a/certs/ecc/secp256k1-privkey.der b/certs/ecc/secp256k1-privkey.der
new file mode 100644
index 000000000..74e151bc5
Binary files /dev/null and b/certs/ecc/secp256k1-privkey.der differ
diff --git a/certs/ecc/secp256k1-privkey.pem b/certs/ecc/secp256k1-privkey.pem
new file mode 100644
index 000000000..c229ff83c
--- /dev/null
+++ b/certs/ecc/secp256k1-privkey.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgwdc3WnnD2eX1ti0IbCT5
+POy/xb1WDV8/7BgQd37MsWGhRANCAARvf9jvkv6kKKkzhWmk6OM3Rjmivo8mMVkg
+itdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASY
+-----END PRIVATE KEY-----
diff --git a/certs/ecc/server-bp256r1-cert.der b/certs/ecc/server-bp256r1-cert.der
index c3558a1a5..9741ce04f 100644
Binary files a/certs/ecc/server-bp256r1-cert.der and b/certs/ecc/server-bp256r1-cert.der differ
diff --git a/certs/ecc/server-bp256r1-cert.pem b/certs/ecc/server-bp256r1-cert.pem
index 0e4c211f3..7f151896c 100644
--- a/certs/ecc/server-bp256r1-cert.pem
+++ b/certs/ecc/server-bp256r1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            08:c3:a6:c3:3e:ba:4d:27:34:46:64:c6:e7:79:6c:68:25:e2:e8:d2
+            1e:f4:6e:6b:ab:9b:33:2b:43:38:96:b8:da:52:a8:be:be:01:87:d9
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:51:f0:ec:e0:5c:38:82:7a:57:c1:cb:4f:32:a3:
-                    d0:dd:a2:7c:d9:22:fe:77:97:05:37:85:fb:41:57:
-                    df:fb:96:14:19:7f:79:48:70:f0:78:e8:76:9f:35:
-                    e1:ad:74:b1:80:8c:fa:ea:62:8b:69:c7:2b:bb:69:
-                    33:17:1a:f3:48
+                    04:80:8b:2d:57:af:9d:00:f6:cf:e5:dd:fb:1f:5a:
+                    69:c7:d3:1e:d1:16:20:16:e0:53:da:33:70:22:e2:
+                    ee:ee:f3:89:d2:a4:e6:77:6a:22:a0:b2:d4:e2:d5:
+                    15:09:5f:f1:bd:cd:99:3d:51:e3:ae:5d:96:85:92:
+                    bf:5b:1c:2b:66
                 ASN1 OID: brainpoolP256r1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,39 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
             X509v3 Subject Key Identifier: 
-                77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
+                BF:13:B7:26:16:A8:18:A2:A9:CC:FC:5E:9E:9E:5B:39:CB:08:CE:68
             X509v3 Authority Key Identifier: 
-                keyid:77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256BPR1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:08:C3:A6:C3:3E:BA:4D:27:34:46:64:C6:E7:79:6C:68:25:E2:E8:D2
-
+                serial:1E:F4:6E:6B:AB:9B:33:2B:43:38:96:B8:DA:52:A8:BE:BE:01:87:D9
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:69:b5:0e:9a:17:cc:4d:5e:3b:b7:9d:ee:e8:76:
-         a6:c0:94:c1:1f:e3:34:3a:cb:6a:9b:09:b1:55:0d:db:3a:c0:
-         02:20:5b:8d:09:46:fd:7c:73:ca:c8:18:3c:ed:1a:84:9c:c9:
-         02:f4:50:3a:26:8a:eb:76:6b:82:a7:7f:95:18:ba:10
+    Signature Value:
+        30:44:02:20:50:28:2b:f6:4a:d1:8d:3c:e8:c7:78:ea:84:47:
+        b7:5a:01:2b:64:5b:3a:a1:c0:1d:58:d0:d2:5b:7d:2c:28:ad:
+        02:20:23:1a:d7:b1:8a:a8:dd:02:00:b6:ba:e6:16:2b:c8:7d:
+        bc:86:ad:30:fe:a6:cf:de:7f:90:90:75:51:25:15:42
 -----BEGIN CERTIFICATE-----
-MIIDgDCCAyegAwIBAgIUCMOmwz66TSc0RmTG53lsaCXi6NIwCgYIKoZIzj0EAwIw
+MIIDajCCAxGgAwIBAgIUHvRua6ubMytDOJa42lKovr4Bh9kwCgYIKoZIzj0EAwIw
 gZsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEXMBUGA1UECwwORUNDMjU2QlBSMS1T
 UlYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
-b0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0zMzEyMTAyMjE5MjhaMIGb
+b0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0zNDEyMTYyMTI1MjlaMIGb
 MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2Vh
 dHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEtU1JW
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEUfDs4Fw4gnpX
-wctPMqPQ3aJ82SL+d5cFN4X7QVff+5YUGX95SHDweOh2nzXhrXSxgIz66mKLaccr
-u2kzFxrzSKOCAUQwggFAMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
-A1UdDgQWBBR3tkaWubcNVKMD6CH1jTdpPYmt+jCB2wYDVR0jBIHTMIHQgBR3tkaW
-ubcNVKMD6CH1jTdpPYmt+qGBoaSBnjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
-Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
-MRcwFQYDVQQLDA5FQ0MyNTZCUFIxLVNSVjEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
-Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQIw6bDPrpNJzRG
-ZMbneWxoJeLo0jAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
-CgYIKoZIzj0EAwIDRwAwRAIgabUOmhfMTV47t53u6HamwJTBH+M0OstqmwmxVQ3b
-OsACIFuNCUb9fHPKyBg87RqEnMkC9FA6JorrdmuCp3+VGLoQ
+d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEgIstV6+dAPbP
+5d37H1ppx9Me0RYgFuBT2jNwIuLu7vOJ0qTmd2oioLLU4tUVCV/xvc2ZPVHjrl2W
+hZK/WxwrZqOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
+A1UdDgQWBBS/E7cmFqgYoqnM/F6enls5ywjOaDCBxQYDVR0jBIG9MIG6oYGhpIGe
+MIGbMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
+U2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEt
+U1JWMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb22CFB70bmurmzMrQziWuNpSqL6+AYfZMA4GA1UdDwEB/wQE
+AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiBQKCv2
+StGNPOjHeOqER7daAStkWzqhwB1Y0NJbfSworQIgIxrXsYqo3QIAtrrmFivIfbyG
+rTD+ps/ef5CQdVElFUI=
 -----END CERTIFICATE-----
diff --git a/certs/ecc/server-secp256k1-cert.der b/certs/ecc/server-secp256k1-cert.der
index ad0ab8e4a..041b7debf 100644
Binary files a/certs/ecc/server-secp256k1-cert.der and b/certs/ecc/server-secp256k1-cert.der differ
diff --git a/certs/ecc/server-secp256k1-cert.pem b/certs/ecc/server-secp256k1-cert.pem
index ad54e670b..769d4e5ff 100644
--- a/certs/ecc/server-secp256k1-cert.pem
+++ b/certs/ecc/server-secp256k1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2e:df:46:12:94:ee:71:51:00:dc:bb:41:41:80:ae:1a:f1:11:68:26
+            77:c0:65:74:8e:a6:d5:04:7c:9a:d9:85:cc:ce:58:c5:a0:2f:56:62
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:be:d0:47:66:a6:6a:6c:21:b6:72:71:ce:20:67:
-                    61:05:b3:ef:b9:07:2c:31:6a:bb:6f:53:12:50:e9:
-                    06:06:64:4b:14:bb:56:61:b3:0c:3f:72:f2:45:f7:
-                    3b:96:39:76:57:52:93:e9:12:83:f1:d8:c5:87:11:
-                    aa:5e:8e:a5:c9
+                    04:02:55:2f:25:90:9d:54:d3:6e:23:b5:95:9e:67:
+                    a3:f8:c2:46:3a:ed:67:56:6d:23:87:43:db:6f:38:
+                    e6:5b:72:07:8d:1d:f8:5b:ea:b7:47:49:a9:8e:c7:
+                    2d:23:99:9e:2e:8c:be:72:de:0b:d3:f0:b4:49:2d:
+                    94:ec:6d:c2:3f
                 ASN1 OID: secp256k1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,39 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
             X509v3 Subject Key Identifier: 
-                6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
+                96:C4:7F:31:A2:90:B8:68:F1:9C:DD:75:16:52:DB:AC:04:B6:89:85
             X509v3 Authority Key Identifier: 
-                keyid:6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256K1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:2E:DF:46:12:94:EE:71:51:00:DC:BB:41:41:80:AE:1A:F1:11:68:26
-
+                serial:77:C0:65:74:8E:A6:D5:04:7C:9A:D9:85:CC:CE:58:C5:A0:2F:56:62
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:58:e1:97:fe:81:7a:54:8d:d1:46:41:fd:1a:cf:
-         1d:c1:d8:f5:cb:00:21:df:66:21:09:eb:ce:a2:cb:db:d0:63:
-         02:20:3a:2b:e8:46:e3:1c:c3:23:e8:ee:8c:f9:22:57:30:d5:
-         8a:9b:6d:f3:a7:fb:e5:09:aa:38:ba:9a:84:e6:37:7b
+    Signature Value:
+        30:44:02:20:4d:6a:2a:ca:e3:0b:08:8b:8d:70:d9:0c:e2:83:
+        4e:7e:83:e4:07:f6:3b:68:4e:00:aa:cd:65:c2:12:09:44:af:
+        02:20:4a:03:b6:5d:6e:51:2a:42:a0:54:57:a1:07:05:db:c8:
+        2a:bf:5b:6c:7c:c6:0f:64:b2:2d:64:9d:25:3b:a3:7a
 -----BEGIN CERTIFICATE-----
-MIIDdjCCAx2gAwIBAgIULt9GEpTucVEA3LtBQYCuGvERaCYwCgYIKoZIzj0EAwIw
+MIIDYDCCAwegAwIBAgIUd8BldI6m1QR8mtmFzM5YxaAvVmIwCgYIKoZIzj0EAwIw
 gZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEVMBMGA1UECwwMRUNDMjU2SzEtU1JW
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMzMxMjEwMjIxOTI4WjCBmTEL
+d29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBmTEL
 MAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0
 bGUxETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1TUlYxGDAW
 BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABL7QR2amamwhtnJxziBnYQWz
-77kHLDFqu29TElDpBgZkSxS7VmGzDD9y8kX3O5Y5dldSk+kSg/HYxYcRql6Opcmj
-ggFCMIIBPjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQU
-bZoK1kzJQ2sSKcSwtUmKf71CS4cwgdkGA1UdIwSB0TCBzoAUbZoK1kzJQ2sSKcSw
-tUmKf71CS4ehgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5n
-dG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEVMBMGA1UE
-CwwMRUNDMjU2SzEtU1JWMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
-hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFC7fRhKU7nFRANy7QUGArhrxEWgm
-MA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQD
-AgNHADBEAiBY4Zf+gXpUjdFGQf0azx3B2PXLACHfZiEJ686iy9vQYwIgOivoRuMc
-wyPo7oz5Ilcw1YqbbfOn++UJqji6moTmN3s=
+c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABAJVLyWQnVTTbiO1lZ5no/jC
+RjrtZ1ZtI4dD22845ltyB40d+Fvqt0dJqY7HLSOZni6MvnLeC9PwtEktlOxtwj+j
+ggEsMIIBKDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQU
+lsR/MaKQuGjxnN11FlLbrAS2iYUwgcMGA1UdIwSBuzCBuKGBn6SBnDCBmTELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1TUlYxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbYIUd8BldI6m1QR8mtmFzM5YxaAvVmIwDgYDVR0PAQH/BAQDAgOoMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA0cAMEQCIE1qKsrjCwiLjXDZDOKD
+Tn6D5Af2O2hOAKrNZcISCUSvAiBKA7ZdblEqQqBUV6EHBdvIKr9bbHzGD2SyLWSd
+JTujeg==
 -----END CERTIFICATE-----
diff --git a/certs/ecc/server2-secp256k1-cert.der b/certs/ecc/server2-secp256k1-cert.der
new file mode 100644
index 000000000..75d9e77bf
Binary files /dev/null and b/certs/ecc/server2-secp256k1-cert.der differ
diff --git a/certs/ecc/server2-secp256k1-cert.pem b/certs/ecc/server2-secp256k1-cert.pem
new file mode 100644
index 000000000..6565186ea
--- /dev/null
+++ b/certs/ecc/server2-secp256k1-cert.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            53:b3:3c:3a:8b:78:70:b3:e6:c0:05:5d:7c:3e:55:48:a7:5e:4e:eb
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = SECP256K1, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = SECP256K1-SVR, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:6f:7f:d8:ef:92:fe:a4:28:a9:33:85:69:a4:e8:
+                    e3:37:46:39:a2:be:8f:26:31:59:20:8a:d7:5b:74:
+                    7a:ca:01:5e:54:4f:dc:d2:d2:a5:db:1e:8e:e6:94:
+                    f6:4e:39:e8:c4:b2:87:52:93:dc:af:ce:30:00:9c:
+                    79:d2:48:04:98
+                ASN1 OID: secp256k1
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            X509v3 Subject Key Identifier: 
+                F4:A3:FD:34:57:E6:51:1F:0A:96:2F:F0:87:A9:7C:C7:EB:6B:34:8F
+            X509v3 Authority Key Identifier: 
+                keyid:7E:69:FB:C0:51:CF:2D:4C:30:CB:D8:D9:58:73:8E:CB:64:34:09:9D
+                DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:51:CF:51:A4:FE:AF:D5:61:0E:CD:98:C4:B6:BE:07:73:97:9A:44:96
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: ecdsa-with-SHA256
+    Signature Value:
+        30:45:02:21:00:b5:91:fd:1b:d2:bf:2c:c4:5c:a7:8b:48:5b:
+        88:b3:43:ed:8a:68:48:16:03:51:a2:01:67:42:5f:ad:5b:9c:
+        cc:02:20:4f:7a:e1:38:57:5c:c1:83:19:14:57:ad:40:34:70:
+        8d:20:ac:e3:eb:f3:d7:b8:57:d1:d1:17:a0:c2:02:bf:49
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAxigAwIBAgIUU7M8Oot4cLPmwAVdfD5VSKdeTuswCgYIKoZIzj0EAwIw
+gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
+ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBmjELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRYwFAYDVQQLDA1TRUNQMjU2SzEtU1ZSMRgwFgYD
+VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb20wVjAQBgcqhkjOPQIBBgUrgQQACgNCAARvf9jvkv6kKKkzhWmk6OM3Rjmi
+vo8mMVkgitdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASYo4IB
+PzCCATswCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYEFPSj
+/TRX5lEfCpYv8IepfMfrazSPMIHWBgNVHSMEgc4wgcuAFH5p+8BRzy1MMMvY2Vhz
+jstkNAmdoYGcpIGZMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv
+bjEQMA4GA1UEBwwHU2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxEjAQBgNVBAsM
+CVNFQ1AyNTZLMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tghRRz1Gk/q/VYQ7NmMS2vgdzl5pEljAOBgNV
+HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIhALWR/RvSvyzEXKeLSFuIs0PtimhIFgNRogFnQl+tW5zMAiBPeuE4V1zBgxkU
+V61ANHCNIKzj6/PXuFfR0RegwgK/SQ==
+-----END CERTIFICATE-----
diff --git a/certs/ed25519/ca-ed25519.der b/certs/ed25519/ca-ed25519.der
index b1e98d730..00e91aae3 100644
Binary files a/certs/ed25519/ca-ed25519.der and b/certs/ed25519/ca-ed25519.der differ
diff --git a/certs/ed25519/ca-ed25519.pem b/certs/ed25519/ca-ed25519.pem
index 20221652b..db47319b1 100644
--- a/certs/ed25519/ca-ed25519.pem
+++ b/certs/ed25519/ca-ed25519.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -19,29 +19,29 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Authority Key Identifier: 
-                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
-
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED25519
-         e6:71:a0:59:63:b4:31:31:1f:75:06:ce:f1:89:f0:e7:a2:db:
-         a8:c1:e4:c8:61:38:0c:e6:e9:e7:b9:9f:ce:e2:f5:49:a3:f5:
-         04:1e:85:f7:7d:10:fb:1d:ee:b6:dc:5e:51:f1:82:33:a4:ed:
-         e0:0a:65:09:2b:0e:1e:b2:af:0b
+    Signature Value:
+        44:eb:38:c6:27:d4:70:42:3f:9b:a0:d7:90:96:d6:6e:42:38:
+        5b:38:38:9f:21:ca:b0:fa:5e:7c:17:b4:32:5c:b3:08:a2:65:
+        50:d7:65:6b:f8:a9:ef:0d:d1:54:2d:4d:b6:0f:42:9e:51:f7:
+        db:a7:bf:16:23:c4:bd:7d:c9:03
 -----BEGIN CERTIFICATE-----
 MIICZTCCAhegAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
 MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
 8ixkAQEMB3dvbGZTU0wwKjAFBgMrZXADIQBCO3r5gs/53xnd8/AyKW36/XZPaMLC
 4GxHrsJVaKwNTaNjMGEwHQYDVR0OBBYEFHTVOBleg7kD+AGKNTW7iUxJtCPpMB8G
 A1UdIwQYMBaAFPq6W3Yd8R0dTXRI2Jg7Vu+zFPPeMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAOZxoFljtDExH3UGzvGJ8Oei26jB5Mhh
-OAzm6ee5n87i9Umj9QQehfd9EPsd7rbcXlHxgjOk7eAKZQkrDh6yrws=
+DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAETrOMYn1HBCP5ug15CW1m5COFs4OJ8h
+yrD6XnwXtDJcswiiZVDXZWv4qe8N0VQtTbYPQp5R99unvxYjxL19yQM=
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/client-ed25519.der b/certs/ed25519/client-ed25519.der
index 82347a286..20536eece 100644
Binary files a/certs/ed25519/client-ed25519.der and b/certs/ed25519/client-ed25519.der differ
diff --git a/certs/ed25519/client-ed25519.pem b/certs/ed25519/client-ed25519.pem
index 9d35f82d9..4563ce735 100644
--- a/certs/ed25519/client-ed25519.pem
+++ b/certs/ed25519/client-ed25519.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            31:e6:4a:b1:6b:4e:2e:77:7b:d6:e3:94:8a:cf:02:b7:58:5a:fb:ab
+            33:8b:57:d5:8e:84:67:6a:e1:ed:f2:b9:11:16:5e:12:e5:0c:78:8a
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -22,8 +22,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed25519/OU=Client-ed25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:31:E6:4A:B1:6B:4E:2E:77:7B:D6:E3:94:8A:CF:02:B7:58:5A:FB:AB
-
+                serial:33:8B:57:D5:8E:84:67:6A:E1:ED:F2:B9:11:16:5E:12:E5:0C:78:8A
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -31,17 +30,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ED25519
-         92:ac:52:cf:34:c2:76:8a:78:f7:ef:da:3f:79:e9:66:d1:de:
-         e1:d7:56:b5:4b:cf:a7:c2:03:af:cc:23:11:4b:44:0c:33:ce:
-         45:e0:33:eb:cc:c9:f8:38:5b:19:6f:86:4d:97:30:d1:55:6e:
-         cb:5f:39:c9:a3:22:16:66:5f:07
+    Signature Value:
+        aa:c7:bd:8e:56:40:ab:7d:9c:55:f0:4d:1d:97:e9:03:62:11:
+        ca:51:ad:80:cf:1a:2c:2c:5b:2d:71:fe:db:1d:4b:cd:4b:8b:
+        2d:12:f7:01:ee:fb:7d:2e:21:fc:81:de:84:59:c8:a5:1e:92:
+        e3:21:58:d1:3e:8a:71:91:2d:0e
 -----BEGIN CERTIFICATE-----
-MIIDnzCCA1GgAwIBAgIUMeZKsWtOLnd71uOUis8Ct1ha+6swBQYDK2VwMIG4MQsw
+MIIDnzCCA1GgAwIBAgIUM4tX1Y6EZ2rh7fK5ERZeEuUMeIowBQYDK2VwMIG4MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
 MBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUx
 OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
-QHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yMzEyMTMy
-MjE5MjlaFw0yNjA5MDgyMjE5MjlaMIG4MQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
+QHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNDEyMTgy
+MTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG4MQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
 TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1
 NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
 c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZIm
@@ -51,9 +51,9 @@ EdaKMIH4BgNVHSMEgfAwge2AFP5BXj6B4i5Gsz5HiZDUwrSOEdaKoYG+pIG7MIG4
 MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
 bjEYMBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQy
 NTUxOTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTIIUMeZKsWtO
-Lnd71uOUis8Ct1ha+6swDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
+bmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTIIUM4tX1Y6E
+Z2rh7fK5ERZeEuUMeIowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
 LmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwBQYDK2Vw
-A0EAkqxSzzTCdop49+/aP3npZtHe4ddWtUvPp8IDr8wjEUtEDDPOReAz68zJ+Dhb
-GW+GTZcw0VVuy185yaMiFmZfBw==
+A0EAqse9jlZAq32cVfBNHZfpA2IRylGtgM8aLCxbLXH+2x1LzUuLLRL3Ae77fS4h
+/IHehFnIpR6S4yFY0T6KcZEtDg==
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/gen-ed25519-certs.sh b/certs/ed25519/gen-ed25519-certs.sh
index b945e49b6..1dd126212 100755
--- a/certs/ed25519/gen-ed25519-certs.sh
+++ b/certs/ed25519/gen-ed25519-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/ed25519/gen-ed25519.sh b/certs/ed25519/gen-ed25519.sh
index 6858d53b2..70f41125c 100755
--- a/certs/ed25519/gen-ed25519.sh
+++ b/certs/ed25519/gen-ed25519.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 EXAMPLE=$1
 echo "This uses ed25519 certificate generator from wolfssl-examples github"
diff --git a/certs/ed25519/root-ed25519.der b/certs/ed25519/root-ed25519.der
index d83657cb3..60ded1718 100644
Binary files a/certs/ed25519/root-ed25519.der and b/certs/ed25519/root-ed25519.der differ
diff --git a/certs/ed25519/root-ed25519.pem b/certs/ed25519/root-ed25519.pem
index f24691e37..feac37151 100644
--- a/certs/ed25519/root-ed25519.pem
+++ b/certs/ed25519/root-ed25519.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            46:46:59:7b:c4:b5:a1:60:04:ac:02:eb:e1:90:18:64:d9:1c:dc:bd
+            24:49:82:ee:d6:ad:c6:2d:77:b7:10:9e:f9:64:56:16:d3:04:0f:16
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -20,29 +20,29 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Authority Key Identifier: 
-                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
-
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED25519
-         ac:a3:8f:0c:8a:5d:96:a3:87:54:2f:0e:f3:9b:ce:e4:6e:33:
-         84:ff:e6:79:ff:9a:3d:c6:86:12:c8:47:4e:64:ba:c1:8b:55:
-         0e:cd:61:33:d3:0a:54:ce:d4:51:3e:cd:7f:6f:00:f8:5c:26:
-         6d:a8:25:dc:f7:39:73:a9:92:05
+    Signature Value:
+        99:de:96:76:e3:07:21:03:11:a3:e6:98:77:3d:cc:e6:db:a2:
+        96:67:26:f0:2b:26:eb:54:d5:11:e3:9e:a7:e6:aa:73:1e:c5:
+        58:92:72:7d:ac:1b:e0:99:2a:46:ea:a2:55:d5:4f:92:a2:32:
+        1d:fc:fc:5c:07:3c:0c:0d:79:0a
 -----BEGIN CERTIFICATE-----
-MIICYTCCAhOgAwIBAgIURkZZe8S1oWAErALr4ZAYZNkc3L0wBQYDK2VwMIGdMQsw
+MIICYTCCAhOgAwIBAgIUJEmC7tatxi13txCe+WRWFtMEDxYwBQYDK2VwMIGdMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
 MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGdMQsw
+b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGdMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
 MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbTAqMAUGAytlcAMhAOmzb3xwiqvKVCBOZHY8Gk/3+l5K//PbuWQt
 EKUMWj/ao2MwYTAdBgNVHQ4EFgQU+rpbdh3xHR1NdEjYmDtW77MU894wHwYDVR0j
 BBgwFoAU+rpbdh3xHR1NdEjYmDtW77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAYYwBQYDK2VwA0EArKOPDIpdlqOHVC8O85vO5G4zhP/mef+aPcaG
-EshHTmS6wYtVDs1hM9MKVM7UUT7Nf28A+Fwmbagl3Pc5c6mSBQ==
+HQ8BAf8EBAMCAYYwBQYDK2VwA0EAmd6WduMHIQMRo+aYdz3M5tuilmcm8Csm61TV
+EeOep+aqcx7FWJJyfawb4JkqRuqiVdVPkqIyHfz8XAc8DA15Cg==
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/server-ed25519-cert.pem b/certs/ed25519/server-ed25519-cert.pem
index d08b56a0d..336efc98c 100644
--- a/certs/ed25519/server-ed25519-cert.pem
+++ b/certs/ed25519/server-ed25519-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -19,8 +19,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
             X509v3 Authority Key Identifier: 
-                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
-
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -30,16 +29,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED25519
-         22:d7:34:ac:33:65:8b:18:a4:34:f9:3a:e6:ce:c1:77:a6:3d:
-         2a:2a:ee:22:ad:6e:fc:36:fc:98:8d:8a:fd:3f:cb:a9:74:01:
-         25:96:05:e1:39:13:8b:d9:05:6d:c9:ba:0e:5d:36:bf:39:03:
-         57:2a:55:fc:e3:53:c3:1b:e1:0b
+    Signature Value:
+        04:19:32:e4:24:e5:df:5a:a4:19:c4:31:15:81:05:4c:45:0a:
+        40:4a:5d:6a:8b:0a:77:02:fe:48:82:d2:83:8d:de:42:b8:cf:
+        02:dc:64:2c:bd:8c:9d:22:16:d8:7a:23:65:5d:b0:25:92:ac:
+        a8:6c:de:df:1d:eb:64:e4:8a:06
 -----BEGIN CERTIFICATE-----
 MIICpzCCAlmgAwIBAgIBATAFBgMrZXAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
-8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCB
+8ixkAQEMB3dvbGZTU0wwHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCB
 uDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xGDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOU2VydmVyLWVk
 MjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
@@ -47,7 +47,7 @@ aW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwKjAFBgMr
 ZXADIQAjqk1gUOAT0zrtq/apzEr+100v0lsaEAXvWkElzhtTeKOBiTCBhjAdBgNV
 HQ4EFgQUoymB55BvuWD4r8wVeq7XofS0hrowHwYDVR0jBBgwFoAUdNU4GV6DuQP4
 AYo1NbuJTEm0I+kwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBACLXNKwz
-ZYsYpDT5OubOwXemPSoq7iKtbvw2/JiNiv0/y6l0ASWWBeE5E4vZBW3Jug5dNr85
-A1cqVfzjU8Mb4Qs=
+BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBAAQZMuQk
+5d9apBnEMRWBBUxFCkBKXWqLCncC/kiC0oON3kK4zwLcZCy9jJ0iFth6I2VdsCWS
+rKhs3t8d62TkigY=
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/server-ed25519.der b/certs/ed25519/server-ed25519.der
index d4b8eca3c..6db9fa60d 100644
Binary files a/certs/ed25519/server-ed25519.der and b/certs/ed25519/server-ed25519.der differ
diff --git a/certs/ed25519/server-ed25519.pem b/certs/ed25519/server-ed25519.pem
index 9d4cfbe61..42f8aab18 100644
--- a/certs/ed25519/server-ed25519.pem
+++ b/certs/ed25519/server-ed25519.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -19,8 +19,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
             X509v3 Authority Key Identifier: 
-                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
-
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -30,16 +29,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED25519
-         22:d7:34:ac:33:65:8b:18:a4:34:f9:3a:e6:ce:c1:77:a6:3d:
-         2a:2a:ee:22:ad:6e:fc:36:fc:98:8d:8a:fd:3f:cb:a9:74:01:
-         25:96:05:e1:39:13:8b:d9:05:6d:c9:ba:0e:5d:36:bf:39:03:
-         57:2a:55:fc:e3:53:c3:1b:e1:0b
+    Signature Value:
+        04:19:32:e4:24:e5:df:5a:a4:19:c4:31:15:81:05:4c:45:0a:
+        40:4a:5d:6a:8b:0a:77:02:fe:48:82:d2:83:8d:de:42:b8:cf:
+        02:dc:64:2c:bd:8c:9d:22:16:d8:7a:23:65:5d:b0:25:92:ac:
+        a8:6c:de:df:1d:eb:64:e4:8a:06
 -----BEGIN CERTIFICATE-----
 MIICpzCCAlmgAwIBAgIBATAFBgMrZXAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
-8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCB
+8ixkAQEMB3dvbGZTU0wwHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCB
 uDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xGDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOU2VydmVyLWVk
 MjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
@@ -47,9 +47,9 @@ aW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwKjAFBgMr
 ZXADIQAjqk1gUOAT0zrtq/apzEr+100v0lsaEAXvWkElzhtTeKOBiTCBhjAdBgNV
 HQ4EFgQUoymB55BvuWD4r8wVeq7XofS0hrowHwYDVR0jBBgwFoAUdNU4GV6DuQP4
 AYo1NbuJTEm0I+kwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBACLXNKwz
-ZYsYpDT5OubOwXemPSoq7iKtbvw2/JiNiv0/y6l0ASWWBeE5E4vZBW3Jug5dNr85
-A1cqVfzjU8Mb4Qs=
+BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBAAQZMuQk
+5d9apBnEMRWBBUxFCkBKXWqLCncC/kiC0oON3kK4zwLcZCy9jJ0iFth6I2VdsCWS
+rKhs3t8d62TkigY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -58,8 +58,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -72,29 +72,29 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Authority Key Identifier: 
-                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
-
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED25519
-         e6:71:a0:59:63:b4:31:31:1f:75:06:ce:f1:89:f0:e7:a2:db:
-         a8:c1:e4:c8:61:38:0c:e6:e9:e7:b9:9f:ce:e2:f5:49:a3:f5:
-         04:1e:85:f7:7d:10:fb:1d:ee:b6:dc:5e:51:f1:82:33:a4:ed:
-         e0:0a:65:09:2b:0e:1e:b2:af:0b
+    Signature Value:
+        44:eb:38:c6:27:d4:70:42:3f:9b:a0:d7:90:96:d6:6e:42:38:
+        5b:38:38:9f:21:ca:b0:fa:5e:7c:17:b4:32:5c:b3:08:a2:65:
+        50:d7:65:6b:f8:a9:ef:0d:d1:54:2d:4d:b6:0f:42:9e:51:f7:
+        db:a7:bf:16:23:c4:bd:7d:c9:03
 -----BEGIN CERTIFICATE-----
 MIICZTCCAhegAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
 MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
 8ixkAQEMB3dvbGZTU0wwKjAFBgMrZXADIQBCO3r5gs/53xnd8/AyKW36/XZPaMLC
 4GxHrsJVaKwNTaNjMGEwHQYDVR0OBBYEFHTVOBleg7kD+AGKNTW7iUxJtCPpMB8G
 A1UdIwQYMBaAFPq6W3Yd8R0dTXRI2Jg7Vu+zFPPeMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAOZxoFljtDExH3UGzvGJ8Oei26jB5Mhh
-OAzm6ee5n87i9Umj9QQehfd9EPsd7rbcXlHxgjOk7eAKZQkrDh6yrws=
+DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAETrOMYn1HBCP5ug15CW1m5COFs4OJ8h
+yrD6XnwXtDJcswiiZVDXZWv4qe8N0VQtTbYPQp5R99unvxYjxL19yQM=
 -----END CERTIFICATE-----
diff --git a/certs/ed448/ca-ed448.der b/certs/ed448/ca-ed448.der
index 250855055..e63b35600 100644
Binary files a/certs/ed448/ca-ed448.der and b/certs/ed448/ca-ed448.der differ
diff --git a/certs/ed448/ca-ed448.pem b/certs/ed448/ca-ed448.pem
index a384c30a8..80f18d9ce 100644
--- a/certs/ed448/ca-ed448.pem
+++ b/certs/ed448/ca-ed448.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -20,34 +20,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Authority Key Identifier: 
-                keyid:DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
-
+                DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED448
-         24:d8:26:28:60:11:09:c1:a5:f9:a9:7f:a7:40:ed:a5:07:cb:
-         cb:3e:a1:6a:d3:45:6d:4c:e1:66:36:37:57:6a:34:5d:33:45:
-         b3:17:e1:18:76:57:df:fe:44:b4:ec:04:16:74:52:82:24:52:
-         1f:99:00:2d:42:a9:5c:45:1b:8d:b8:95:ce:0d:82:cb:52:8f:
-         e2:bd:20:19:6a:8a:79:29:f6:20:d3:e6:35:8c:27:1a:a4:64:
-         b7:ff:91:09:21:57:c6:11:c5:01:9a:98:54:31:37:7a:7b:ed:
-         35:a9:4d:13:19:00
+    Signature Value:
+        cd:f6:7e:99:b5:a0:0c:c3:38:25:38:54:42:51:57:19:5b:a2:
+        89:c5:f2:71:e2:3b:62:93:e9:08:54:ae:e0:89:c0:e8:d8:2f:
+        9c:dc:38:f7:80:dc:ca:f3:2f:55:63:70:7a:fe:e8:b2:90:62:
+        03:22:00:34:1a:9e:0f:f0:43:14:a2:f3:b6:98:19:0a:fd:83:
+        86:18:bb:87:2d:08:a3:93:d1:df:c8:15:7f:59:4b:8b:5e:23:
+        eb:f6:61:d4:b8:1f:91:7d:10:4b:68:02:d9:05:1d:6f:23:87:
+        d1:68:1b:71:19:00
 -----BEGIN CERTIFICATE-----
 MIICqDCCAiigAwIBAgIBATAFBgMrZXEwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX0Vk
 NDQ4MRMwEQYDVQQLDApSb290LUVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
-b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIx
-OTI5WhcNMjYwOTA4MjIxOTI5WjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEy
+NTMwWhcNMjcwOTE0MjEyNTMwWjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
 bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFjAUBgNVBAoMDXdvbGZTU0xfZWQ0NDgx
 ETAPBgNVBAsMCENBLWVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
 BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3
 b2xmU1NMMEMwBQYDK2VxAzoADuK0duXSzMJLe7ApvpL7w69ppZS6cCToo+/IY5rd
 pq9YQzgEJPAQkb6nAZFU889phUy5l4ykN6oAo2MwYTAdBgNVHQ4EFgQUOFlF6N1E
 LLV9pSXWC8w58HLAlGMwHwYDVR0jBBgwFoAU2mmYySZKdftZXlOaY0sMuIgLDx4w
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAJNgmKGAR
-CcGl+al/p0DtpQfLyz6hatNFbUzhZjY3V2o0XTNFsxfhGHZX3/5EtOwEFnRSgiRS
-H5kALUKpXEUbjbiVzg2Cy1KP4r0gGWqKeSn2INPmNYwnGqRkt/+RCSFXxhHFAZqY
-VDE3envtNalNExkA
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAzfZ+mbWg
+DMM4JThUQlFXGVuiicXyceI7YpPpCFSu4InA6NgvnNw494DcyvMvVWNwev7ospBi
+AyIANBqeD/BDFKLztpgZCv2Dhhi7hy0Io5PR38gVf1lLi14j6/Zh1LgfkX0QS2gC
+2QUdbyOH0WgbcRkA
 -----END CERTIFICATE-----
diff --git a/certs/ed448/client-ed448.der b/certs/ed448/client-ed448.der
index e220065a8..719dc6eab 100644
Binary files a/certs/ed448/client-ed448.der and b/certs/ed448/client-ed448.der differ
diff --git a/certs/ed448/client-ed448.pem b/certs/ed448/client-ed448.pem
index ec2bf3da7..38650874e 100644
--- a/certs/ed448/client-ed448.pem
+++ b/certs/ed448/client-ed448.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            1e:73:eb:26:79:34:8f:f6:ba:9b:e5:8d:b4:e1:1a:73:6b:91:a6:6b
+            73:8f:b3:50:d4:5c:05:36:fc:af:03:ad:08:30:9a:a6:be:3e:b3:02
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Client-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Client-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -23,8 +23,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:F3:C7:66:93:0D:CB:0E:1B:80:08:00:CF:E3:4E:11:4D:58:2B:4B:D4
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed448/OU=Client-ed448/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:1E:73:EB:26:79:34:8F:F6:BA:9B:E5:8D:B4:E1:1A:73:6B:91:A6:6B
-
+                serial:73:8F:B3:50:D4:5C:05:36:FC:AF:03:AD:08:30:9A:A6:BE:3E:B3:02
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -32,20 +31,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ED448
-         c8:1a:84:b3:0f:6c:53:1b:21:49:44:ce:5d:46:30:1a:9a:eb:
-         9e:cb:22:40:89:09:a8:4a:23:69:27:05:f3:cf:5d:7a:d0:9b:
-         a7:fd:b9:52:d2:4e:b1:e4:ed:8f:de:7f:75:49:07:f5:df:ec:
-         ac:34:00:d4:12:b1:b4:1e:49:1c:da:ae:34:db:4c:d6:2b:40:
-         00:2a:ed:3f:37:09:26:62:ab:32:34:f4:81:19:d4:6b:ef:07:
-         19:0c:6c:d9:e9:69:24:c7:e5:b2:73:b0:6d:14:ba:3e:8a:86:
-         5d:24:dc:80:3c:00
+    Signature Value:
+        02:3d:3e:a4:b8:6d:d3:ba:4c:d2:e4:07:44:92:c6:94:94:ea:
+        b5:d7:6a:40:e8:d5:6f:f7:67:51:e9:50:b1:66:96:36:3b:5d:
+        3a:6c:99:3c:8f:24:1c:d1:c4:e5:0a:50:98:7b:41:be:d5:8b:
+        a3:28:00:95:87:a2:a8:d8:85:50:0d:3c:5b:9c:fb:96:62:60:
+        ab:c0:a8:23:c3:5f:6b:e6:c5:27:e7:e4:ad:fa:3d:d9:ee:3a:
+        d1:f5:09:28:19:2e:85:57:b1:01:32:e3:61:3f:bc:2f:00:3a:
+        d8:bf:77:d9:03:00
 -----BEGIN CERTIFICATE-----
-MIID3jCCA16gAwIBAgIUHnPrJnk0j/a6m+WNtOEac2uRpmswBQYDK2VxMIG0MQsw
+MIID3jCCA16gAwIBAgIUc4+zUNRcBTb8rwOtCDCapr4+swIwBQYDK2VxMIG0MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9lZDQ0ODEVMBMGA1UECwwMQ2xpZW50LWVkNDQ4MRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIyMTky
-OVoXDTI2MDkwODIyMTkyOVowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
+ZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIxMjUz
+MFoXDTI3MDkxNDIxMjUzMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
 YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2VkNDQ4MRUw
 EwYDVQQLDAxDbGllbnQtZWQ0NDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
 MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEM
@@ -56,9 +56,9 @@ VzXIdrOzMI+HeOYmWifYDDieezwTL8ykKWyA74CjggFlMIIBYTAdBgNVHQ4EFgQU
 MRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2VkNDQ4MRUwEwYD
 VQQLDAxDbGllbnQtZWQ0NDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
 CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv
-bGZTU0yCFB5z6yZ5NI/2upvljbThGnNrkaZrMAwGA1UdEwQFMAMBAf8wHAYDVR0R
+bGZTU0yCFHOPs1DUXAU2/K8DrQgwmqa+PrMCMAwGA1UdEwQFMAMBAf8wHAYDVR0R
 BBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMAUGAytlcQNzAMgahLMPbFMbIUlEzl1GMBqa657LIkCJCahKI2knBfPP
-XXrQm6f9uVLSTrHk7Y/ef3VJB/Xf7Kw0ANQSsbQeSRzarjTbTNYrQAAq7T83CSZi
-qzI09IEZ1GvvBxkMbNnpaSTH5bJzsG0Uuj6Khl0k3IA8AA==
+AQUFBwMCMAUGAytlcQNzAAI9PqS4bdO6TNLkB0SSxpSU6rXXakDo1W/3Z1HpULFm
+ljY7XTpsmTyPJBzRxOUKUJh7Qb7Vi6MoAJWHoqjYhVANPFuc+5ZiYKvAqCPDX2vm
+xSfn5K36PdnuOtH1CSgZLoVXsQEy42E/vC8AOti/d9kDAA==
 -----END CERTIFICATE-----
diff --git a/certs/ed448/gen-ed448-certs.sh b/certs/ed448/gen-ed448-certs.sh
index af51bd232..0920ab7b9 100755
--- a/certs/ed448/gen-ed448-certs.sh
+++ b/certs/ed448/gen-ed448-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/ed448/root-ed448.der b/certs/ed448/root-ed448.der
index 959c9d892..311dae875 100644
Binary files a/certs/ed448/root-ed448.der and b/certs/ed448/root-ed448.der differ
diff --git a/certs/ed448/root-ed448.pem b/certs/ed448/root-ed448.pem
index 15ea82276..f491ab58b 100644
--- a/certs/ed448/root-ed448.pem
+++ b/certs/ed448/root-ed448.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            13:86:16:ce:8f:3e:19:34:76:2d:dd:88:13:01:34:86:73:7b:5a:9a
+            63:2c:f3:73:35:61:fa:12:27:9f:85:1e:85:15:27:a8:e7:3a:d4:7a
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -21,34 +21,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Authority Key Identifier: 
-                keyid:DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
-
+                DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED448
-         58:fd:39:b5:c2:38:86:da:aa:72:ec:35:44:d1:8a:b6:7c:28:
-         9f:c4:75:c9:bf:09:d8:49:c0:18:34:9d:10:c3:e9:f3:54:9b:
-         3d:8a:c7:9c:bd:a1:9d:33:88:17:f2:55:9c:bb:00:63:d8:40:
-         a2:ed:80:7d:e9:95:1d:f0:fb:9f:7c:43:ba:b1:63:4e:48:7e:
-         87:ea:82:21:bb:3f:a5:2f:6e:43:77:90:4b:e3:e4:29:a8:a1:
-         c0:c4:22:a5:6c:49:ef:c7:e9:36:1c:39:3f:71:3d:6d:51:27:
-         89:99:fa:c6:1c:00
+    Signature Value:
+        c8:58:17:45:94:49:83:23:2e:49:ab:ed:84:6c:c2:8a:6c:62:
+        84:c0:ea:ea:af:4e:ae:c4:16:48:6b:c7:34:0f:37:5a:08:5a:
+        f1:7b:91:00:0f:94:7d:32:d3:c5:32:b8:fc:c4:5f:92:e7:5a:
+        43:5c:80:b0:66:dc:b9:7e:2c:1b:de:54:34:60:9f:90:8c:80:
+        31:a5:e0:ba:6b:19:89:c2:74:c6:8c:e5:16:ec:df:93:68:a4:
+        04:a4:48:de:8d:21:52:da:fb:6a:a1:a3:8d:24:b3:a6:be:4d:
+        fc:c9:27:f1:05:00
 -----BEGIN CERTIFICATE-----
-MIICpDCCAiSgAwIBAgIUE4YWzo8+GTR2Ld2IEwE0hnN7WpowBQYDK2VxMIGZMQsw
+MIICpDCCAiSgAwIBAgIUYyzzczVh+hInn4UehRUnqOc61HowBQYDK2VxMIGZMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9FZDQ0ODETMBEGA1UECwwKUm9vdC1FZDQ0ODEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
-c2wuY29tMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgZkxCzAJBgNV
+c2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgZkxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYD
 VQQKDA13b2xmU1NMX0VkNDQ4MRMwEQYDVQQLDApSb290LUVkNDQ4MRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b20wQzAFBgMrZXEDOgALZCYoz7VGm+4/6jv1Znoy1P59+IBfWFds13nuZqI9VI+N
 CK/LuEOUUF3lU2JpyHWCpl5EyktbCwCjYzBhMB0GA1UdDgQWBBTaaZjJJkp1+1le
 U5pjSwy4iAsPHjAfBgNVHSMEGDAWgBTaaZjJJkp1+1leU5pjSwy4iAsPHjAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAFBgMrZXEDcwBY/Tm1wjiG2qpy
-7DVE0Yq2fCifxHXJvwnYScAYNJ0Qw+nzVJs9isecvaGdM4gX8lWcuwBj2ECi7YB9
-6ZUd8PuffEO6sWNOSH6H6oIhuz+lL25Dd5BL4+QpqKHAxCKlbEnvx+k2HDk/cT1t
-USeJmfrGHAA=
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAFBgMrZXEDcwDIWBdFlEmDIy5J
+q+2EbMKKbGKEwOrqr06uxBZIa8c0DzdaCFrxe5EAD5R9MtPFMrj8xF+S51pDXICw
+Zty5fiwb3lQ0YJ+QjIAxpeC6axmJwnTGjOUW7N+TaKQEpEjejSFS2vtqoaONJLOm
+vk38ySfxBQA=
 -----END CERTIFICATE-----
diff --git a/certs/ed448/server-ed448-cert.pem b/certs/ed448/server-ed448-cert.pem
index 43085091e..e3073fd85 100644
--- a/certs/ed448/server-ed448-cert.pem
+++ b/certs/ed448/server-ed448-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Server-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -20,8 +20,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 7C:AB:5C:12:A9:68:D8:18:10:28:7D:92:C5:4A:B8:4C:4C:76:0E:DB
             X509v3 Authority Key Identifier: 
-                keyid:38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
-
+                38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -31,19 +30,20 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED448
-         f9:2a:92:55:05:3d:74:24:8f:57:f4:91:e5:66:85:7c:53:11:
-         88:22:82:ea:a3:50:0f:c2:a6:8e:39:85:85:14:a3:d4:ac:4f:
-         66:fc:7e:b4:b3:f4:d7:5d:7c:9b:7f:c4:8e:3b:bc:d9:3a:cc:
-         91:91:00:5d:da:26:04:2c:ba:f9:c4:45:3a:d3:4f:80:1e:46:
-         9b:86:b8:56:ee:b2:e8:ba:26:47:28:2a:3d:cc:6a:51:33:c3:
-         8e:8b:c4:01:8c:cc:25:fd:b4:cb:c2:a3:46:ad:b7:9d:14:e6:
-         a6:02:39:07:34:00
+    Signature Value:
+        7b:57:bb:6e:a6:57:a9:d2:0a:85:f0:ae:63:17:ef:cf:e7:5a:
+        70:92:41:14:c2:b1:17:52:07:93:95:14:c8:b6:9c:80:2a:6f:
+        09:90:15:1c:3f:a9:59:50:c6:c4:e7:72:65:35:db:97:28:35:
+        94:e0:80:cf:71:c2:1e:db:c6:8c:e4:ea:b8:96:a3:e3:c8:22:
+        93:e9:66:78:bd:97:fb:8b:a3:40:41:42:46:3e:37:35:58:f0:
+        c1:52:58:4e:f6:ce:2d:4c:7e:d3:6d:1f:a7:ff:27:f2:d0:62:
+        27:eb:2d:8b:05:00
 -----BEGIN CERTIFICATE-----
 MIIC6jCCAmqgAwIBAgIBATAFBgMrZXEwgbAxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2Vk
 NDQ4MREwDwYDVQQLDAhDQS1lZDQ0ODEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
 MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQB
-AQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIG0MQsw
+AQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG0MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9lZDQ0ODEVMBMGA1UECwwMU2VydmVyLWVkNDQ4MRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -52,7 +52,7 @@ Aes32akHzQG8nXAWwiwrdVtj2+46LUSSRrR7BwNPoq6GhtyLSyx/6GsUjVjdbedv
 OgWVqO8Ao4GJMIGGMB0GA1UdDgQWBBR8q1wSqWjYGBAofZLFSrhMTHYO2zAfBgNV
 HSMEGDAWgBQ4WUXo3UQstX2lJdYLzDnwcsCUYzAMBgNVHRMBAf8EAjAAMA4GA1Ud
 DwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMC
-BkAwBQYDK2VxA3MA+SqSVQU9dCSPV/SR5WaFfFMRiCKC6qNQD8KmjjmFhRSj1KxP
-Zvx+tLP01118m3/Ejju82TrMkZEAXdomBCy6+cRFOtNPgB5Gm4a4Vu6y6LomRygq
-PcxqUTPDjovEAYzMJf20y8KjRq23nRTmpgI5BzQA
+BkAwBQYDK2VxA3MAe1e7bqZXqdIKhfCuYxfvz+dacJJBFMKxF1IHk5UUyLacgCpv
+CZAVHD+pWVDGxOdyZTXblyg1lOCAz3HCHtvGjOTquJaj48gik+lmeL2X+4ujQEFC
+Rj43NVjwwVJYTvbOLUx+020fp/8n8tBiJ+stiwUA
 -----END CERTIFICATE-----
diff --git a/certs/ed448/server-ed448.der b/certs/ed448/server-ed448.der
index c287ff397..378b24e06 100644
Binary files a/certs/ed448/server-ed448.der and b/certs/ed448/server-ed448.der differ
diff --git a/certs/ed448/server-ed448.pem b/certs/ed448/server-ed448.pem
index ed589ec4b..2f39150dc 100644
--- a/certs/ed448/server-ed448.pem
+++ b/certs/ed448/server-ed448.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Server-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -20,8 +20,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 7C:AB:5C:12:A9:68:D8:18:10:28:7D:92:C5:4A:B8:4C:4C:76:0E:DB
             X509v3 Authority Key Identifier: 
-                keyid:38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
-
+                38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -31,19 +30,20 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED448
-         f9:2a:92:55:05:3d:74:24:8f:57:f4:91:e5:66:85:7c:53:11:
-         88:22:82:ea:a3:50:0f:c2:a6:8e:39:85:85:14:a3:d4:ac:4f:
-         66:fc:7e:b4:b3:f4:d7:5d:7c:9b:7f:c4:8e:3b:bc:d9:3a:cc:
-         91:91:00:5d:da:26:04:2c:ba:f9:c4:45:3a:d3:4f:80:1e:46:
-         9b:86:b8:56:ee:b2:e8:ba:26:47:28:2a:3d:cc:6a:51:33:c3:
-         8e:8b:c4:01:8c:cc:25:fd:b4:cb:c2:a3:46:ad:b7:9d:14:e6:
-         a6:02:39:07:34:00
+    Signature Value:
+        7b:57:bb:6e:a6:57:a9:d2:0a:85:f0:ae:63:17:ef:cf:e7:5a:
+        70:92:41:14:c2:b1:17:52:07:93:95:14:c8:b6:9c:80:2a:6f:
+        09:90:15:1c:3f:a9:59:50:c6:c4:e7:72:65:35:db:97:28:35:
+        94:e0:80:cf:71:c2:1e:db:c6:8c:e4:ea:b8:96:a3:e3:c8:22:
+        93:e9:66:78:bd:97:fb:8b:a3:40:41:42:46:3e:37:35:58:f0:
+        c1:52:58:4e:f6:ce:2d:4c:7e:d3:6d:1f:a7:ff:27:f2:d0:62:
+        27:eb:2d:8b:05:00
 -----BEGIN CERTIFICATE-----
 MIIC6jCCAmqgAwIBAgIBATAFBgMrZXEwgbAxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2Vk
 NDQ4MREwDwYDVQQLDAhDQS1lZDQ0ODEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
 MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQB
-AQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIG0MQsw
+AQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG0MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9lZDQ0ODEVMBMGA1UECwwMU2VydmVyLWVkNDQ4MRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -52,9 +52,9 @@ Aes32akHzQG8nXAWwiwrdVtj2+46LUSSRrR7BwNPoq6GhtyLSyx/6GsUjVjdbedv
 OgWVqO8Ao4GJMIGGMB0GA1UdDgQWBBR8q1wSqWjYGBAofZLFSrhMTHYO2zAfBgNV
 HSMEGDAWgBQ4WUXo3UQstX2lJdYLzDnwcsCUYzAMBgNVHRMBAf8EAjAAMA4GA1Ud
 DwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMC
-BkAwBQYDK2VxA3MA+SqSVQU9dCSPV/SR5WaFfFMRiCKC6qNQD8KmjjmFhRSj1KxP
-Zvx+tLP01118m3/Ejju82TrMkZEAXdomBCy6+cRFOtNPgB5Gm4a4Vu6y6LomRygq
-PcxqUTPDjovEAYzMJf20y8KjRq23nRTmpgI5BzQA
+BkAwBQYDK2VxA3MAe1e7bqZXqdIKhfCuYxfvz+dacJJBFMKxF1IHk5UUyLacgCpv
+CZAVHD+pWVDGxOdyZTXblyg1lOCAz3HCHtvGjOTquJaj48gik+lmeL2X+4ujQEFC
+Rj43NVjwwVJYTvbOLUx+020fp/8n8tBiJ+stiwUA
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -63,8 +63,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -78,34 +78,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Authority Key Identifier: 
-                keyid:DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
-
+                DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED448
-         24:d8:26:28:60:11:09:c1:a5:f9:a9:7f:a7:40:ed:a5:07:cb:
-         cb:3e:a1:6a:d3:45:6d:4c:e1:66:36:37:57:6a:34:5d:33:45:
-         b3:17:e1:18:76:57:df:fe:44:b4:ec:04:16:74:52:82:24:52:
-         1f:99:00:2d:42:a9:5c:45:1b:8d:b8:95:ce:0d:82:cb:52:8f:
-         e2:bd:20:19:6a:8a:79:29:f6:20:d3:e6:35:8c:27:1a:a4:64:
-         b7:ff:91:09:21:57:c6:11:c5:01:9a:98:54:31:37:7a:7b:ed:
-         35:a9:4d:13:19:00
+    Signature Value:
+        cd:f6:7e:99:b5:a0:0c:c3:38:25:38:54:42:51:57:19:5b:a2:
+        89:c5:f2:71:e2:3b:62:93:e9:08:54:ae:e0:89:c0:e8:d8:2f:
+        9c:dc:38:f7:80:dc:ca:f3:2f:55:63:70:7a:fe:e8:b2:90:62:
+        03:22:00:34:1a:9e:0f:f0:43:14:a2:f3:b6:98:19:0a:fd:83:
+        86:18:bb:87:2d:08:a3:93:d1:df:c8:15:7f:59:4b:8b:5e:23:
+        eb:f6:61:d4:b8:1f:91:7d:10:4b:68:02:d9:05:1d:6f:23:87:
+        d1:68:1b:71:19:00
 -----BEGIN CERTIFICATE-----
 MIICqDCCAiigAwIBAgIBATAFBgMrZXEwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX0Vk
 NDQ4MRMwEQYDVQQLDApSb290LUVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
-b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIx
-OTI5WhcNMjYwOTA4MjIxOTI5WjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEy
+NTMwWhcNMjcwOTE0MjEyNTMwWjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
 bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFjAUBgNVBAoMDXdvbGZTU0xfZWQ0NDgx
 ETAPBgNVBAsMCENBLWVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
 BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3
 b2xmU1NMMEMwBQYDK2VxAzoADuK0duXSzMJLe7ApvpL7w69ppZS6cCToo+/IY5rd
 pq9YQzgEJPAQkb6nAZFU889phUy5l4ykN6oAo2MwYTAdBgNVHQ4EFgQUOFlF6N1E
 LLV9pSXWC8w58HLAlGMwHwYDVR0jBBgwFoAU2mmYySZKdftZXlOaY0sMuIgLDx4w
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAJNgmKGAR
-CcGl+al/p0DtpQfLyz6hatNFbUzhZjY3V2o0XTNFsxfhGHZX3/5EtOwEFnRSgiRS
-H5kALUKpXEUbjbiVzg2Cy1KP4r0gGWqKeSn2INPmNYwnGqRkt/+RCSFXxhHFAZqY
-VDE3envtNalNExkA
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAzfZ+mbWg
+DMM4JThUQlFXGVuiicXyceI7YpPpCFSu4InA6NgvnNw494DcyvMvVWNwev7ospBi
+AyIANBqeD/BDFKLztpgZCv2Dhhi7hy0Io5PR38gVf1lLi14j6/Zh1LgfkX0QS2gC
+2QUdbyOH0WgbcRkA
 -----END CERTIFICATE-----
diff --git a/certs/entity-no-ca-bool-cert.pem b/certs/entity-no-ca-bool-cert.pem
index ebd3e2ddd..9ef7a189e 100644
--- a/certs/entity-no-ca-bool-cert.pem
+++ b/certs/entity-no-ca-bool-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = NoCaBool, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:eb:52:8d:b0:d8:01:6b:f7:16:50:fe:34:a3:86:
                     1b:e8:49:50:b1:6f:6a:3f:af:de:6c:d1:af:25:9c:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:FALSE, pathlen:0
             X509v3 Key Usage: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         44:6a:a0:11:85:71:72:c5:7c:84:36:aa:31:c4:4a:c0:99:0e:
-         fd:b9:78:69:0b:8c:58:b4:4c:01:04:65:f3:dd:ea:db:a2:1f:
-         d7:9d:cd:b4:6f:18:da:79:b8:35:c4:25:5e:61:a4:02:26:29:
-         33:be:72:e5:35:8f:2b:68:0a:87:03:97:3e:9e:00:e2:37:7f:
-         7a:c9:29:d8:fc:61:6b:3f:36:47:e2:66:e0:93:77:b7:75:46:
-         bb:0c:57:5c:af:7d:62:07:d9:0c:93:b7:5f:81:a6:9e:49:7b:
-         f8:0a:82:2a:2a:80:39:d8:91:c5:01:cb:aa:f4:d7:15:64:78:
-         5c:1e:b4:57:35:6c:19:f6:36:b8:35:96:ce:c6:a7:cb:12:56:
-         c1:58:0b:10:54:b0:d7:b0:1f:48:50:b2:16:96:c8:88:32:88:
-         25:bb:40:c3:c5:df:a2:74:04:84:21:c4:fe:fe:d3:08:50:4f:
-         85:f7:b2:6e:5e:b5:3e:47:19:c9:1a:81:0a:24:33:a5:04:90:
-         3f:c1:4d:f7:94:86:8f:78:82:4c:51:4e:37:84:1f:98:f2:91:
-         07:58:c0:f9:dc:4f:b6:a8:54:a0:b9:0b:43:3b:bd:b2:3c:d6:
-         ad:52:05:6d:95:6b:c5:9c:5f:f5:87:f9:3b:e2:b8:3a:3a:3f:
-         3f:06:df:10
+    Signature Value:
+        01:c8:08:31:76:f9:69:4e:b0:7b:3a:64:50:3a:3a:37:72:0c:
+        c5:4e:f9:af:09:44:21:9c:d1:42:63:1b:43:76:ce:79:2b:40:
+        b4:70:77:36:43:50:22:7b:41:f8:b7:d7:10:84:1a:39:13:9e:
+        62:6a:23:ff:0d:c3:69:c7:53:fd:3f:95:1a:b2:14:d4:e8:92:
+        5e:74:dd:be:5c:46:c0:a4:74:89:15:01:36:89:dd:84:be:a7:
+        b3:88:b3:6c:bf:5e:36:b6:48:b6:e0:3f:8b:a0:1a:2c:51:00:
+        04:4d:80:bc:ab:3e:a4:0d:0e:38:bc:27:c7:59:d0:27:47:ab:
+        26:46:32:6e:4c:07:fd:d5:bb:8c:73:39:68:27:d0:18:c8:8d:
+        10:d1:ee:d3:ef:2a:e6:e3:8d:30:86:2f:ab:c5:bf:ee:95:c3:
+        a7:3b:69:65:5a:c1:60:e7:1a:07:28:ca:f2:c1:f3:95:7e:c1:
+        e2:e2:9b:27:54:eb:d1:43:3f:b0:b6:55:91:06:e5:cb:f8:4b:
+        78:c6:45:e9:46:56:2b:fa:47:c1:6a:c1:ab:af:2d:17:e6:3b:
+        8e:68:ed:37:86:d8:d7:cf:db:80:8b:90:f7:df:f2:a9:09:5f:
+        29:1c:f7:2c:d4:31:bd:8e:86:38:22:88:bb:64:e7:0d:59:58:
+        ac:ec:7c:78
 -----BEGIN CERTIFICATE-----
 MIIE2DCCA8CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxETAP
 BgNVBAsMCE5vQ2FCb29sMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
 hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
@@ -80,29 +80,29 @@ FgQU7/SLhs5179zh+CMeGrg7jZgJiOcwgdQGA1UdIwSBzDCByYAUJ45nEXTDJh0/
 7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
 YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UE
 CwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
-hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqobAHs9mDycFEKTNEU+rzpRDAM
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG8aOUZRmhCFjvp40reoPB2jAM
 BgNVHRMEBTADAgEAMAsGA1UdDwQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAERqoBGFcXLFfIQ2qjHESsCZDv25
-eGkLjFi0TAEEZfPd6tuiH9edzbRvGNp5uDXEJV5hpAImKTO+cuU1jytoCocDlz6e
-AOI3f3rJKdj8YWs/NkfiZuCTd7d1RrsMV1yvfWIH2QyTt1+Bpp5Je/gKgioqgDnY
-kcUBy6r01xVkeFwetFc1bBn2Nrg1ls7Gp8sSVsFYCxBUsNewH0hQshaWyIgyiCW7
-QMPF36J0BIQhxP7+0whQT4X3sm5etT5HGckagQokM6UEkD/BTfeUho94gkxRTjeE
-H5jykQdYwPncT7aoVKC5C0M7vbI81q1SBW2Va8WcX/WH+TviuDo6Pz8G3xA=
+KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAAHICDF2+WlOsHs6ZFA6OjdyDMVO
++a8JRCGc0UJjG0N2znkrQLRwdzZDUCJ7Qfi31xCEGjkTnmJqI/8Nw2nHU/0/lRqy
+FNTokl503b5cRsCkdIkVATaJ3YS+p7OIs2y/Xja2SLbgP4ugGixRAARNgLyrPqQN
+Dji8J8dZ0CdHqyZGMm5MB/3Vu4xzOWgn0BjIjRDR7tPvKubjjTCGL6vFv+6Vw6c7
+aWVawWDnGgcoyvLB85V+weLimydU69FDP7C2VZEG5cv4S3jGRelGViv6R8Fqwauv
+LRfmO45o7TeG2NfP24CLkPff8qkJXykc9yzUMb2OhjgiiLtk5w1ZWKzsfHg=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -129,8 +129,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -138,27 +137,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -173,12 +173,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/fpki-cert.der b/certs/fpki-cert.der
index 560e31c0f..825b00c37 100644
Binary files a/certs/fpki-cert.der and b/certs/fpki-cert.der differ
diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh
index dfb649110..4e5e3fcaf 100755
--- a/certs/gen_revoked.sh
+++ b/certs/gen_revoked.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
     ###########################################################
     ########## update and sign server-revoked-key.pem ################
diff --git a/certs/include.am b/certs/include.am
index 637b6b2d7..1c622e8c3 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -6,6 +6,7 @@ EXTRA_DIST += \
              certs/ca-cert-chain.der \
              certs/ca-cert.pem \
              certs/ca-key.pem \
+             certs/ca-key-pkcs8-attribute.der \
              certs/client-cert.pem \
              certs/client-keyEnc.pem \
              certs/client-key.pem \
@@ -51,6 +52,8 @@ EXTRA_DIST += \
              certs/server-revoked-key.pem \
              certs/wolfssl-website-ca.pem \
              certs/test-degenerate.p7b \
+             certs/test-stream-sign.p7b \
+             certs/test-stream-dec.p7b \
              certs/test-ber-exp02-05-2022.p7b \
              certs/test-servercert.p12 \
              certs/test-servercert-rc2.p12 \
@@ -72,7 +75,12 @@ EXTRA_DIST += \
              certs/x942dh2048.der \
              certs/x942dh2048.pem \
              certs/fpki-cert.der \
-             certs/rid-cert.der
+             certs/rid-cert.der \
+             certs/dh-priv-2048.der \
+             certs/dh-priv-2048.pem \
+             certs/dh-pub-2048.der \
+             certs/dh-pub-2048.pem \
+             certs/dsa2048.pem
 
 EXTRA_DIST += \
              certs/ca-key.der \
@@ -141,4 +149,5 @@ include certs/rsapss/include.am
 include certs/dilithium/include.am
 include certs/sphincs/include.am
 include certs/rpk/include.am
+include certs/acert/include.am
 
diff --git a/certs/intermediate/ca_false_intermediate/gentestcert.sh b/certs/intermediate/ca_false_intermediate/gentestcert.sh
new file mode 100755
index 000000000..d10f59356
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/gentestcert.sh
@@ -0,0 +1,161 @@
+#!/bin/bash
+
+# Script for generating RSA CA and server certs based on it.
+#
+SERVER_PEM='test_sign_bynoca_srv.pem'
+INTCA_PEM='test_int_not_cacert.pem'
+CA_PEM='test_ca.pem'
+
+CURRENT=$(cd $(dirname $0);pwd)
+# OpenSSL configuration files
+OPENSSL_BASE_CA_CONF='wolfssl_base.conf'
+OPENSSL_CA_CONF='wolfssl_ca.conf'
+OPENSSL_INTCA_CONF='wolfssl_int_ca.conf'
+OPENSSL_SRV_CONF='wolfssl_srv.conf'
+# SEt ver
+CA_NAME="test_ca"
+INTCA_NAME="int_ca"
+SRVCERT_NAME="server_ext"
+CRT_HOSTNAME="WOLFSSL"
+CRT_DN="${CRT_HOSTNAME%% *}"
+CRT_ALT_NAME="$(echo $CRT_HOSTNAME | sed -e "s/^/DNS:/" -e "s/ /,DNS:/g")"
+
+CA_HOME=$(cd $(dirname $0);pwd)/pki/$CA_NAME
+INT_CA_HOME="$CA_HOME/gen_int/$CRT_DN"
+SRV_CRT_HOME="$CA_HOME/gen_srv/$CRT_DN"
+
+Prepare_folder_file(){
+    mkdir -m 700 pki
+
+    # Create folders for CA
+    mkdir "$CA_HOME"/{,certs,db,gen_srv,gen_int}
+    mkdir -m 700 "$CA_HOME/private"
+    # Create folders for Intermediate CA
+    mkdir "$INT_CA_HOME"
+    mkdir "$INT_CA_HOME"/{,certs,db}
+    mkdir -m 700 "$INT_CA_HOME/private"
+    # Create folders for Server
+    mkdir "$SRV_CRT_HOME"
+    mkdir -m 700 "$SRV_CRT_HOME/private"
+
+    # Create and populate openssl CA files
+    touch "$CA_HOME"/db/index
+    openssl rand -hex 16 > "$CA_HOME"/db/serial
+
+    touch "$INT_CA_HOME"/db/index
+    openssl rand -hex 16 > "$INT_CA_HOME"/db/serial
+
+    # Copy openssl config and private key
+    cp "$OPENSSL_CA_CONF" "$CA_HOME"
+    cp ./"$CA_NAME".key ./pki/$CA_NAME/private/"$CA_NAME".key
+
+    cp "$OPENSSL_INTCA_CONF" "$INT_CA_HOME"
+    cp ./"$INTCA_NAME".key "$INT_CA_HOME"/private/"$INTCA_NAME".key
+
+    cp "$OPENSSL_SRV_CONF" "$SRV_CRT_HOME"
+    cp ./server.key "$SRV_CRT_HOME"/private/server.key
+}
+
+Generate_conf(){
+    # copy conf from base
+    cp $OPENSSL_BASE_CA_CONF $OPENSSL_CA_CONF
+    cp $OPENSSL_BASE_CA_CONF $OPENSSL_INTCA_CONF
+    # Replace contents
+    # For CA
+    sed -i "s/_CA_NAME_/$CA_NAME/" "$OPENSSL_CA_CONF"
+    sed -i "s/_CERT_NAME_/$INTCA_NAME/" "$OPENSSL_CA_CONF"
+    sed -i "s/_CA_DEPART_/Development/" "$OPENSSL_CA_CONF"
+    # For Intermediate CA
+    sed -i "s/_CA_NAME_/$INTCA_NAME/" "$OPENSSL_INTCA_CONF"
+    sed -i "s/_CERT_NAME_/$SRVCERT_NAME/" "$OPENSSL_INTCA_CONF"
+    sed -i "s/_CA_DEPART_/Product_Support/" "$OPENSSL_INTCA_CONF"
+}
+
+cleanup_files(){
+    rm -f wolfssl_ca.conf
+    rm -f wolfssl_int_ca.conf
+    rm -rf pki/
+}
+
+# clean up
+if [ "$1" = "clean" ]; then
+    echo "Cleaning temp files"
+    cleanup_files
+    exit 0
+fi
+if [ "$1" = "cleanall" ]; then
+    echo "Cleaning all files"
+    rm -f ./"$SERVER_PEM"
+    rm -f ./"$INTCA_PEM"
+    rm -f ./"$CA_PEM"
+    cleanup_files
+    exit 0
+fi
+# Generate OpenSSL Conf files
+Generate_conf
+# Prepare folders and files
+Prepare_folder_file
+##########################################
+## Create CA, Intermediate and Server Cert
+##########################################
+# Generate CA
+cd "$CA_HOME"
+
+# Generate CA private key and csr - use config file info
+openssl req -new -config "$OPENSSL_CA_CONF" \
+                            -out "$CA_NAME.csr" -key "private/$CA_NAME.key"
+
+# Self-sign CA certificate - use config file info
+# Note: Use extension from config "ca_ext" section
+openssl ca -selfsign -config "$OPENSSL_CA_CONF" \
+        -notext -in "$CA_NAME.csr" -out "$CA_NAME.crt" -extensions ca_ext -batch
+
+# Generate Intermediate CA
+# cd into Cert generation folder
+cd "$INT_CA_HOME"
+
+# Create private key and csr
+openssl req -new -config "$OPENSSL_INTCA_CONF" \
+            -out "$INTCA_NAME.csr" -key "private/$INTCA_NAME.key"
+
+cd "$CA_HOME"
+# Sign certificate with CA
+openssl ca -config "$OPENSSL_CA_CONF" -notext \
+    -in "$INT_CA_HOME/$INTCA_NAME.csr" -out "$INT_CA_HOME/$INTCA_NAME.crt" \
+    -extensions "$INTCA_NAME" -batch
+
+# cd into Cert generation folder
+cd "$SRV_CRT_HOME"
+# Create private key and csr
+openssl req -new -config "$OPENSSL_SRV_CONF" \
+                                    -out server.csr -key private/server.key
+
+# cd into intermediate CA home
+cd "$CA_HOME/gen_int/WOLFSSL/"
+
+# Sign certificate with CA
+openssl ca -config "$OPENSSL_INTCA_CONF" -notext \
+    -in "$SRV_CRT_HOME/server.csr" -out "$SRV_CRT_HOME/server.crt" \
+    -extensions server_ext -batch
+
+
+# cp generate certificates
+cd $CURRENT
+# CA
+openssl x509 -in ./pki/$CA_NAME/$CA_NAME.crt -inform PEM -noout -text > ./pki/$CA_NAME/$CA_NAME.pem
+cat ./pki/$CA_NAME/$CA_NAME.crt >> ./pki/$CA_NAME/$CA_NAME.pem
+mv ./pki/$CA_NAME/$CA_NAME.pem $CA_PEM
+
+# Intermediate CA
+openssl x509 -in $INT_CA_HOME/$INTCA_NAME.crt -inform PEM -noout -text > $INT_CA_HOME/$INTCA_NAME.pem
+cat $INT_CA_HOME/$INTCA_NAME.crt >> $INT_CA_HOME/$INTCA_NAME.pem
+mv $INT_CA_HOME/$INTCA_NAME.pem $INTCA_PEM
+# Server
+openssl x509 -in $SRV_CRT_HOME/server.crt -inform PEM -noout -text > $SRV_CRT_HOME/server.pem
+cat $SRV_CRT_HOME/server.crt >> $SRV_CRT_HOME/server.pem
+mv $SRV_CRT_HOME/server.pem $SERVER_PEM
+
+# clean up
+cleanup_files
+
+echo "Completed"
diff --git a/certs/intermediate/ca_false_intermediate/int_ca.key b/certs/intermediate/ca_false_intermediate/int_ca.key
new file mode 100644
index 000000000..558acd2ff
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/int_ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4VOnmv/SyU9w8
+kloGnogOLqerpp0HNI8/fOU3+CYr4M0mETKuBvI7PkXBV0VLNpupt5MmAgi/H1QX
+bejxNiBsQOLo278NgFYPoNm1OdazQ5PeX8+lNFJ7OEq8TBHSriwfJuJRyNaU5Mr+
+qxcTDZx4+Mvr8cZbmVoSK8s5S6DT7CJmYjSdV52aB8ZFOj3psoLnEsavPKi5Wk+O
+BRvQnWNy0yxjZ9k+Md39gZiEbezfQyy3UzHi7aUc6MrfUDOpmAwmuaE6I/caztFP
+HpgZqT7sva20RPvOKtBhuVyxd27h9dzHr+ZD7rc8FohFRg5tVtccDq41/oRvy9CN
+1uM99eyHAgMBAAECggEADBW/wq8caIHy/c2iiq3jbE/xZ4w5iKVmLDAQtHCtH/yn
+C93eHWa7Lth6/kgDH6vph2D6YWg0u+2z4lgEXlFsIsIbnk9PNqAOrwuepQZbuyOt
+Esvj8zLQ+DR37IxthrXV6Aeb7ZIQmhu960sQQjbcPATOacj6IOXsRSYLNtXB1OLu
+Xo4UbjLX3uOrAg5uMsi/Z/2s9jy3eDBf8FWmM6fBDsejRl18MzY2Y7bYS1yL3762
+4ydB4yHJEEkiFurtjgdX2pscF+ftivYrVqZDUWhM7htFLJz6bS4sRpgjfQegYs4f
+RLTuef/+ozFVhpH/HuPrV2jH67T90Z5lHgZ6Nm5qwQKBgQDybcwCKcFFWKac84ln
+JDJuqPHyyRgH09cia6C7Y/t1/caSJvJP6KR4c7TuEvIYpc6hSsO1Pd1k6ajFkDdN
+IWYfOF3R6K3vR956LPWPdxkYWdONjmwBvVaKozWmxR01RHeGXk+VxFb7PBudAvEu
+cGOzDEaTuE5RC1RxNHjZYxZ98QKBgQDCpoljVMR+/7+pwKoIEmw1FmH+DEEgL+so
+U1pBcaPU1poBRYKH+1yah7M+eFhTEzV4XbJCjMYeynSCWMSqGXrHwWq0AmA3jhSM
+OyDuwboTXVHCkqIuAs/Q/8A9dcyTejsgLuU6mLU1eXzNeWm0/0VjfvPgOziM7SHt
+14tip/P59wKBgQDTY74yXKp0h3qw/QLg9wUqzRI8O/FCUgwTrXm4LNSF7EWMB33f
+A+L2TR6FQevsZhgpOIIytcEpTz2lF73A+dCMhJ/6e0O/lBGAw1dUQ+uT+i+oDXpM
+ggbGWM5dnx965Tq75dzLoSqfY6hIXtpjPgkRhTC9ekaAELsPA0wlcmuYYQKBgDVT
+Llw6AsLQCY/Vqj8f3OkGQr44WTcaKZAYladMHJfYWsRyaHocUJg9CMvaaEgKASIC
+eS1mJ3iT+isjam03Ib3LrRG3fOh7UgHAyRrfk7xuWlG1nhyAxLH6/o1X0j2sxLni
+XwYYg7wslhYsZtsg+79wLhuF3c4twJfJ7vOOE3atAoGBAKiH+9h5SdQ2L4gjM+dl
+0dr1fTZpJta+l0FIEiOdQcbGp7ia9G9WglV5HkzyhETG+wTNNuG8GD/jTlg23AVE
+vVf2vPq7La3juAT7oOoEkm13vQ//2VUJum4g34dP4V9FpWP5FLiAAu9H8op5P9Hp
+LqbpMcrAkbexh41ZEZlmzSx5
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/server.key b/certs/intermediate/ca_false_intermediate/server.key
new file mode 100644
index 000000000..156364df1
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6IGIrgaxYzvMi
+XZ9GkLfppLP84bdp07YUh8u7MR67YPI/jGoNY1WiyANKjdajY937KO8xlXDMKJUf
+8JyJ9PZWHgCBUxt4G/mf4xBljMZANiHNV1WyFHGaVznu2pgbr4ngwyv5oZM/TWVB
+K2YdZpyVld8Z3I14RvQV62Rclxbs4uzK6+IDuEGBxfTKpOSr3u0a2qONAjmNACxd
+fu+RsdeWumXBQ//UajX6F1DNdj4dvqRp9u5Hw3pJmoBv5puD4OhYcfvNbcG0FtI3
+ZKa8sPT++/Rypjx5MnrAtTAhsTXf2UV/xPbFHJhtU9b/NsE4GLd2ExDIRWpSc2V+
+ublm1DwnAgMBAAECggEAA92CTGb//kQl9nO9SAjfWOHLvxes6Gy2Hk0HpRaLDdcg
+kMNIvIhwkdXXg6fYakI7rOiXtw7kbcj199jWV2MX7ofm+MiSDHeAQprDj2hSAale
+IFaM+ArGpS7kjBpMCF8n3NwQwLljRnBEBwtwrnGgFNcs7+uNoI7QqNffmLCmkDrJ
+BCK3kXXbjENOuzlddgxsb1mipsXot3uwDaByB8Tl2OtI7ezZvhCraeYZMyRXuq2o
+JDPk3FZ9O/mPgULZrqnlvxyJmog2ajgyED4M0mqM29L4YB3MOOz8Wgeksp20VEQJ
+lHJtpHK+zcodnT3rXGMj2A1Qu4HHoYEdKvAb8XzuUQKBgQD/nP7ZFOCJGR+q/Wu1
+CSLYwO9YM8sn7gMy3R1C1Ps7UKvjVWDv9cjsgId7XnYSQQ/52kV8HbIMqr9EOlwS
+pHkHmAbqDNhLY++hhqf9nPHo6e0AiMY4uF/JcfYb8A4PE8/x8Iv5HVjH9WYJFwcL
+UNDgm0ULrSbRR7ULtaSpZjyXfwKBgQC6aHlpNIvqa3+KmFmZFI4Xx5EB6fHBy02R
+PJKk/B2SVsW+kq0kAwsYdnS6rbkYS8ZmfyJKzvacXpDYvUfFV93s+ewoT5J2a4Ab
+WmELmWABqqCwvyT7h2oO+hqLljGNIJxygR0iu9F/fHVYp8G/oHZBeDZEJt+PNR0G
+cuG7/6zvWQKBgF/dforl1Iw2evUDFFkSMxp9yYYX7rJsBpEV8np1LEADsmORSsjU
+MmXYkndHZxrTge1f2j2BWZx8kT1CcfOf8bBSaQ1wgdJMibvXp7trGCMVUIipw0XU
+iEAh2H6D2pH3CT8gyy5Dvl9H/tub4k1xItWKBiwp5WwJ67GXj0jlCgZ7AoGARYmz
+wQtZJpnzekBbLD/+weAwuAYNqb2tsgBmtCVY4r58Bhuxez2nZfjKktk7s1SRLqs+
+n6mVVb/xSOlTXMrqfvy8nE0S1hpEL/AHQ8xzhCuixkyH/00Ew5GJVYkx8vO3aP/B
+XrOx81z6aZgrLtEtTD8L/2CBBWtK6JzymK9IVAECgYAfoFaqRVl0JJlQJttfQtc+
+cYyVzZEBzckIH3BriHuNwDpnPOq6iSx5JUp6mh03G3/3mHx4G45tD6GvsK53WIAH
+TCrHQv6vRjrA2oay/AlO2x/ElBOkdOVo8x20YGAAhIRAh65rwFrdTREnfUwChwSV
+QVeI7CdToIyIiZGhYmmO/g==
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/test_ca.key b/certs/intermediate/ca_false_intermediate/test_ca.key
new file mode 100644
index 000000000..b40399f05
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8QEMO8Y4eCzs2
+9n6qVnfSp9tVSxQQUtgkAVgmIJX+5g3MZef9vR2ZOSeXVXibOluq2SBjRlzrorJQ
+AXY8r07l1+PNFpf4UQr70yaI1xO8VAlC/zmFqmE5zI8OjqbH4Ck8r6yaM+ZPNM20
+VClvkoIAzlGnVe6vziHpNuGnDXXfMtYOFeNmeCFBe87VnOjFCZR+hHtZKmRrkUtL
+9w30UJKP9QMNcyBMTnugjcpflM82HObhuxRBkBZoAkFTksbEbNOtVgUiSq6aKt78
+6tiZolplL/5DrivplHCuNdyPE3Jhv7r8SLeh7VysXJxLxU1J2oZldzS7uq5uTPl9
+9sKCkJzhAgMBAAECggEABxk4Ph3DMWRUhwnL9HHewlGEjoaOeuAY2OC5GXT0mwBD
+SHAWS6XgMhkq4kS9j8LnVn2qADxUwCjqJuSrN/YXWEjoBOGDeQBbVOwdIZ9Ule8o
+Sz+zBFSMpoCNa2vbI6HTBEAOluD6oAV6dUCQMG4am1usTg5KOhRgiHoCj8lM5s3j
+/f0KWkJReql92o//bLDXDjeGGDtIzaWfIKpsW7gwPe6nHsR7n854sbkdRT9b6BMa
+EZPg17XD8Dg1ZkvUemShrvgPrGFPMH/JFcvpX1s4/l2kM88xQEL+s45E4IyTT2gh
+FlDFC3QXrFI7M7emid3rwXIVEkEIO4Aw4xW34OAVnQKBgQD5cJE/WojeHI3Pyo3L
+sMDaWabzWWAAsev5EpDo41BalPDpBig29qO31afkIwIgCQyLNMXn9VqxoxILOg5d
+uopBaPWHihmME5qgLp6F6nDeOYril1b1LU1/7G2Ehu9lGYLJd6hdQ6tC/iKMfrIz
+fnsHEH/FC4woWmXdFMozujyZNQKBgQDBM7jeBtdIOOZhcwc98y9mQUr+ttlUODC6
+BNI2xAcV6ZJg/y0JXby84jM0fP5MuCkGHdNvufpvT68Dn9NRhrOBz8JyhCy5m4Rz
+/dIr3JUT5Y0r4+2l5MgfZMlcYCWESNcJPwchSstzAthLhtrgP2ZFGfzzZUZGAMxR
+f6sZK7pWfQKBgQCYpp4NAm/eVeUndBNAw4PSXKlCJcENy9TYkdci3vHu7VVdlgoI
+UPoyZ8ueXxpO1prZmks/QDTnnx9MxZPDIoS3sO8JqqclxV2Mh9s1oxq9tMNdFjb+
+RmI2Vk9TmmxpF6qldtgPc3kcv4APMP4Ha3EJCrzWrtFwZJoQKUfxThkFvQKBgQCI
+Scs0XJELMpBZ2AIY0m7ybEbSDfyba5P79SCxX3E8JOuMnxWPEN/uQocqlK3zQso1
+tV6M5x3h3c0w+lLgpOwGO6AIlnLScAFsrXXQWSeUxI7kkkH3j78YXkmpb22ntpZy
+wFJwSsngFPatuLC4FiE3x9Bnhl6fTTrUlwIEnJMzJQKBgFc5ej1NXuPWDlLKjC7w
+0N4YPs5BJRuhoUxyajYC3FxiWvr5bTz7zqc5DAPcH0nGAH/UVWZzWXMUw+Je3dej
+chkmVUuKjfTZTZHOBAqJDCNRfZcfzWnzAcXkcmsAHr53UKYnH8XGuHsPVHujQVu/
+0Hx7AKuJK48fZeo8LTZufg1l
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/test_ca.pem b/certs/intermediate/ca_false_intermediate/test_ca.pem
new file mode 100644
index 000000000..c40c1467d
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_ca.pem
@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:1d:6e:96:2e:32:85:de:99:5a:63:dd:49:1c:eb:cc
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bc:40:43:0e:f1:8e:1e:0b:3b:36:f6:7e:aa:56:
+                    77:d2:a7:db:55:4b:14:10:52:d8:24:01:58:26:20:
+                    95:fe:e6:0d:cc:65:e7:fd:bd:1d:99:39:27:97:55:
+                    78:9b:3a:5b:aa:d9:20:63:46:5c:eb:a2:b2:50:01:
+                    76:3c:af:4e:e5:d7:e3:cd:16:97:f8:51:0a:fb:d3:
+                    26:88:d7:13:bc:54:09:42:ff:39:85:aa:61:39:cc:
+                    8f:0e:8e:a6:c7:e0:29:3c:af:ac:9a:33:e6:4f:34:
+                    cd:b4:54:29:6f:92:82:00:ce:51:a7:55:ee:af:ce:
+                    21:e9:36:e1:a7:0d:75:df:32:d6:0e:15:e3:66:78:
+                    21:41:7b:ce:d5:9c:e8:c5:09:94:7e:84:7b:59:2a:
+                    64:6b:91:4b:4b:f7:0d:f4:50:92:8f:f5:03:0d:73:
+                    20:4c:4e:7b:a0:8d:ca:5f:94:cf:36:1c:e6:e1:bb:
+                    14:41:90:16:68:02:41:53:92:c6:c4:6c:d3:ad:56:
+                    05:22:4a:ae:9a:2a:de:fc:ea:d8:99:a2:5a:65:2f:
+                    fe:43:ae:2b:e9:94:70:ae:35:dc:8f:13:72:61:bf:
+                    ba:fc:48:b7:a1:ed:5c:ac:5c:9c:4b:c5:4d:49:da:
+                    86:65:77:34:bb:ba:ae:6e:4c:f9:7d:f6:c2:82:90:
+                    9c:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                49:CB:00:BF:AC:AD:4B:18:2C:DB:69:21:1E:60:EF:00:4E:FC:69:52
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        24:1c:cf:b6:3e:20:6e:99:e8:36:b3:7e:2d:67:0d:cb:b5:1c:
+        69:ff:5a:bb:0b:2f:52:fd:d6:3e:73:5c:a2:47:8e:8d:1d:fc:
+        96:e7:e0:ca:e6:b6:3d:af:fa:f1:77:77:e6:2e:67:e6:44:d7:
+        84:36:ce:dc:cb:3e:3d:bf:bc:8b:48:53:30:fa:bf:43:81:5b:
+        e0:a3:a7:db:44:c2:29:cd:4c:8a:68:e8:b9:3e:5d:eb:e4:06:
+        17:6d:de:cf:76:e9:5a:6a:16:27:f8:6f:96:43:8a:4f:65:be:
+        3a:f2:7e:fd:ad:55:93:ad:ac:00:b4:b5:f3:85:b0:d7:83:6d:
+        ab:d0:8f:1a:23:36:e1:1f:c4:9d:54:e8:ee:20:cd:b9:da:56:
+        a7:92:5a:a5:bd:36:c5:a2:ea:ac:06:24:98:e5:32:0a:e0:00:
+        64:63:9c:7d:01:18:66:5a:7a:b1:d5:b4:24:9b:5e:8a:6b:a0:
+        25:eb:39:52:cd:12:61:d0:62:6c:19:e7:f5:ae:32:a3:aa:d5:
+        2f:05:fe:6f:cb:47:20:a0:32:1d:cb:88:96:59:ed:8e:69:dd:
+        cf:f0:6f:83:85:ff:0a:59:ef:80:94:16:99:a6:35:ee:a7:b8:
+        d4:e9:3c:4f:56:5b:77:0e:b5:bd:61:21:b9:93:ad:be:2c:55:
+        9b:bf:01:19
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQOx1uli4yhd6ZWmPdSRzrzDANBgkqhkiG9w0BAQsFADBj
+MQswCQYDVQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0
+dGxlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMB4XDTI0MTAxMDAzNDQyM1oXDTM0MTAwODAzNDQyM1owYzELMAkGA1UEBhMC
+VVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2VhdHRsZTEUMBIGA1UE
+CwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALxAQw7xjh4LOzb2fqpWd9Kn21VLFBBS
+2CQBWCYglf7mDcxl5/29HZk5J5dVeJs6W6rZIGNGXOuislABdjyvTuXX480Wl/hR
+CvvTJojXE7xUCUL/OYWqYTnMjw6OpsfgKTyvrJoz5k80zbRUKW+SggDOUadV7q/O
+Iek24acNdd8y1g4V42Z4IUF7ztWc6MUJlH6Ee1kqZGuRS0v3DfRQko/1Aw1zIExO
+e6CNyl+UzzYc5uG7FEGQFmgCQVOSxsRs061WBSJKrpoq3vzq2JmiWmUv/kOuK+mU
+cK413I8TcmG/uvxIt6HtXKxcnEvFTUnahmV3NLu6rm5M+X32woKQnOECAwEAAaNC
+MEAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEnL
+AL+srUsYLNtpIR5g7wBO/GlSMA0GCSqGSIb3DQEBCwUAA4IBAQAkHM+2PiBumeg2
+s34tZw3LtRxp/1q7Cy9S/dY+c1yiR46NHfyW5+DK5rY9r/rxd3fmLmfmRNeENs7c
+yz49v7yLSFMw+r9DgVvgo6fbRMIpzUyKaOi5Pl3r5AYXbd7PdulaahYn+G+WQ4pP
+Zb468n79rVWTrawAtLXzhbDXg22r0I8aIzbhH8SdVOjuIM252lanklqlvTbFouqs
+BiSY5TIK4ABkY5x9ARhmWnqx1bQkm16Ka6Al6zlSzRJh0GJsGef1rjKjqtUvBf5v
+y0cgoDIdy4iWWe2Oad3P8G+Dhf8KWe+AlBaZpjXup7jU6TxPVlt3DrW9YSG5k62+
+LFWbvwEZ
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem b/certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem
new file mode 100644
index 000000000..bcfef819e
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:1d:6e:96:2e:32:85:de:99:5a:63:dd:49:1c:eb:cd
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Product_Support, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b8:54:e9:e6:bf:f4:b2:53:dc:3c:92:5a:06:9e:
+                    88:0e:2e:a7:ab:a6:9d:07:34:8f:3f:7c:e5:37:f8:
+                    26:2b:e0:cd:26:11:32:ae:06:f2:3b:3e:45:c1:57:
+                    45:4b:36:9b:a9:b7:93:26:02:08:bf:1f:54:17:6d:
+                    e8:f1:36:20:6c:40:e2:e8:db:bf:0d:80:56:0f:a0:
+                    d9:b5:39:d6:b3:43:93:de:5f:cf:a5:34:52:7b:38:
+                    4a:bc:4c:11:d2:ae:2c:1f:26:e2:51:c8:d6:94:e4:
+                    ca:fe:ab:17:13:0d:9c:78:f8:cb:eb:f1:c6:5b:99:
+                    5a:12:2b:cb:39:4b:a0:d3:ec:22:66:62:34:9d:57:
+                    9d:9a:07:c6:45:3a:3d:e9:b2:82:e7:12:c6:af:3c:
+                    a8:b9:5a:4f:8e:05:1b:d0:9d:63:72:d3:2c:63:67:
+                    d9:3e:31:dd:fd:81:98:84:6d:ec:df:43:2c:b7:53:
+                    31:e2:ed:a5:1c:e8:ca:df:50:33:a9:98:0c:26:b9:
+                    a1:3a:23:f7:1a:ce:d1:4f:1e:98:19:a9:3e:ec:bd:
+                    ad:b4:44:fb:ce:2a:d0:61:b9:5c:b1:77:6e:e1:f5:
+                    dc:c7:af:e6:43:ee:b7:3c:16:88:45:46:0e:6d:56:
+                    d7:1c:0e:ae:35:fe:84:6f:cb:d0:8d:d6:e3:3d:f5:
+                    ec:87
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            X509v3 Subject Key Identifier: 
+                D9:9F:9A:2E:FE:80:7F:EB:6C:92:A1:91:60:9B:65:7B:36:2A:F4:35
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+            X509v3 Authority Key Identifier: 
+                49:CB:00:BF:AC:AD:4B:18:2C:DB:69:21:1E:60:EF:00:4E:FC:69:52
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        87:de:e3:93:74:f5:56:64:e7:d9:43:14:20:2e:69:8a:e7:c4:
+        aa:38:c7:61:49:f5:b6:aa:43:46:c3:a0:b7:91:9f:4d:b9:c1:
+        94:5c:89:5d:21:cb:b7:16:9b:d2:fb:d1:ea:bf:0d:9d:c5:2e:
+        f1:1d:4c:a3:14:22:1b:46:7c:f7:9f:cc:02:97:88:73:e0:12:
+        8e:14:59:ae:ac:39:59:2a:79:65:a7:65:19:8e:a8:d1:00:a3:
+        62:80:bb:4c:fc:d9:7e:46:e4:cc:fb:0b:81:91:52:8e:1d:7f:
+        fb:31:51:25:02:7d:5d:a3:c5:d9:9b:1a:94:4e:68:04:56:17:
+        04:8d:ba:ed:75:76:b2:f9:ef:d8:60:af:7a:6b:24:57:b9:02:
+        38:83:66:a5:97:dc:af:64:b7:33:3e:43:04:46:7f:79:83:7f:
+        c7:55:a5:78:1e:9d:b0:75:8c:6b:09:db:5f:0a:e7:0c:61:95:
+        70:9c:6a:6f:a7:8c:4d:bf:74:dd:ee:55:94:21:ba:63:d4:f1:
+        fb:af:fc:8f:76:8d:29:e7:0f:6e:ff:54:81:59:ac:10:0a:e5:
+        65:1c:bb:de:83:85:1c:5a:23:26:9c:e0:c9:50:8c:ac:cd:09:
+        9c:50:ed:e9:1d:c9:c3:a0:a3:da:00:b1:9b:03:b6:97:cc:eb:
+        02:a9:e2:41
+-----BEGIN CERTIFICATE-----
+MIID6DCCAtCgAwIBAgIQOx1uli4yhd6ZWmPdSRzrzTANBgkqhkiG9w0BAQsFADBj
+MQswCQYDVQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0
+dGxlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMB4XDTI0MTAxMDAzNDQyM1oXDTM0MTAwODAzNDQyM1owZzELMAkGA1UEBhMC
+VVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2VhdHRsZTEYMBYGA1UE
+CwwPUHJvZHVjdF9TdXBwb3J0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4VOnmv/SyU9w8kloGnogOLqer
+pp0HNI8/fOU3+CYr4M0mETKuBvI7PkXBV0VLNpupt5MmAgi/H1QXbejxNiBsQOLo
+278NgFYPoNm1OdazQ5PeX8+lNFJ7OEq8TBHSriwfJuJRyNaU5Mr+qxcTDZx4+Mvr
+8cZbmVoSK8s5S6DT7CJmYjSdV52aB8ZFOj3psoLnEsavPKi5Wk+OBRvQnWNy0yxj
+Z9k+Md39gZiEbezfQyy3UzHi7aUc6MrfUDOpmAwmuaE6I/caztFPHpgZqT7sva20
+RPvOKtBhuVyxd27h9dzHr+ZD7rc8FohFRg5tVtccDq41/oRvy9CN1uM99eyHAgMB
+AAGjgZMwgZAwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0O
+BBYEFNmfmi7+gH/rbJKhkWCbZXs2KvQ1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
+FjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUScsAv6ytSxgs22kh
+HmDvAE78aVIwDQYJKoZIhvcNAQELBQADggEBAIfe45N09VZk59lDFCAuaYrnxKo4
+x2FJ9baqQ0bDoLeRn025wZRciV0hy7cWm9L70eq/DZ3FLvEdTKMUIhtGfPefzAKX
+iHPgEo4UWa6sOVkqeWWnZRmOqNEAo2KAu0z82X5G5Mz7C4GRUo4df/sxUSUCfV2j
+xdmbGpROaARWFwSNuu11drL579hgr3prJFe5AjiDZqWX3K9ktzM+QwRGf3mDf8dV
+pXgenbB1jGsJ218K5wxhlXCcam+njE2/dN3uVZQhumPU8fuv/I92jSnnD27/VIFZ
+rBAK5WUcu96DhRxaIyac4MlQjKzNCZxQ7ekdycOgo9oAsZsDtpfM6wKp4kE=
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem b/certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem
new file mode 100644
index 000000000..4cf39cf70
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem
@@ -0,0 +1,90 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            df:0d:6c:4b:d6:db:eb:35:5f:41:a1:3a:7a:56:16:93
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Product_Support, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Support, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ba:20:62:2b:81:ac:58:ce:f3:22:5d:9f:46:90:
+                    b7:e9:a4:b3:fc:e1:b7:69:d3:b6:14:87:cb:bb:31:
+                    1e:bb:60:f2:3f:8c:6a:0d:63:55:a2:c8:03:4a:8d:
+                    d6:a3:63:dd:fb:28:ef:31:95:70:cc:28:95:1f:f0:
+                    9c:89:f4:f6:56:1e:00:81:53:1b:78:1b:f9:9f:e3:
+                    10:65:8c:c6:40:36:21:cd:57:55:b2:14:71:9a:57:
+                    39:ee:da:98:1b:af:89:e0:c3:2b:f9:a1:93:3f:4d:
+                    65:41:2b:66:1d:66:9c:95:95:df:19:dc:8d:78:46:
+                    f4:15:eb:64:5c:97:16:ec:e2:ec:ca:eb:e2:03:b8:
+                    41:81:c5:f4:ca:a4:e4:ab:de:ed:1a:da:a3:8d:02:
+                    39:8d:00:2c:5d:7e:ef:91:b1:d7:96:ba:65:c1:43:
+                    ff:d4:6a:35:fa:17:50:cd:76:3e:1d:be:a4:69:f6:
+                    ee:47:c3:7a:49:9a:80:6f:e6:9b:83:e0:e8:58:71:
+                    fb:cd:6d:c1:b4:16:d2:37:64:a6:bc:b0:f4:fe:fb:
+                    f4:72:a6:3c:79:32:7a:c0:b5:30:21:b1:35:df:d9:
+                    45:7f:c4:f6:c5:1c:98:6d:53:d6:ff:36:c1:38:18:
+                    b7:76:13:10:c8:45:6a:52:73:65:7e:b9:b9:66:d4:
+                    3c:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            X509v3 Subject Key Identifier: 
+                10:71:71:98:BD:C2:B2:97:DD:6F:B6:CD:28:EA:23:0E:51:AE:44:34
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+            X509v3 Subject Alternative Name: 
+                DNS:www.wolfssl.com, DNS:wolfssl.jp
+            X509v3 Authority Key Identifier: 
+                D9:9F:9A:2E:FE:80:7F:EB:6C:92:A1:91:60:9B:65:7B:36:2A:F4:35
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        54:7d:68:93:69:e0:3b:ea:3d:d8:68:ae:b1:97:97:2b:17:5d:
+        76:7c:0d:0b:70:c5:a4:ec:3c:23:55:a5:bc:d7:dd:42:57:32:
+        dd:7e:9b:c9:b0:9c:8a:30:de:b6:7c:f9:ff:93:46:29:82:cf:
+        8a:05:bb:b2:64:cf:22:db:15:bd:8e:56:14:2e:a4:5c:44:c2:
+        3c:9d:3c:a0:dd:bd:a1:40:df:c3:8d:ff:71:73:6f:88:d6:57:
+        f2:c8:6c:20:18:ad:48:b8:2f:4c:41:ba:2a:f6:36:21:97:1b:
+        ee:7c:83:a8:43:80:08:8b:ac:a8:ed:df:dd:9c:7a:64:c9:6a:
+        16:09:3b:57:1d:fc:f3:db:82:8f:c1:0e:e3:48:b7:d1:e8:19:
+        1c:90:f0:b8:e6:ad:17:c5:82:b3:d5:15:bf:a3:c0:a6:4b:a7:
+        97:98:86:93:4b:b0:1b:0e:62:61:16:d0:68:c2:e2:22:8a:f5:
+        89:c7:bd:9d:38:65:0f:df:b1:38:9a:c7:e9:df:76:f4:5a:9f:
+        f5:2b:17:aa:9b:32:37:0a:72:93:8a:db:1d:b2:81:ff:0e:12:
+        b6:0a:31:46:7e:86:5e:0b:03:0d:7f:d0:bf:60:f2:f5:93:94:
+        f2:78:4f:80:34:b9:f7:66:ee:d6:b9:80:ca:bb:52:d0:e2:2f:
+        1a:ac:99:a7
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIRAN8NbEvW2+s1X0GhOnpWFpMwDQYJKoZIhvcNAQELBQAw
+ZzELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2Vh
+dHRsZTEYMBYGA1UECwwPUHJvZHVjdF9TdXBwb3J0MRgwFgYDVQQDDA93d3cud29s
+ZnNzbC5jb20wHhcNMjQxMDEwMDM0NDIzWhcNMzQxMDA4MDM0NDIzWjBfMQswCQYD
+VQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0dGxlMRAw
+DgYDVQQLDAdTdXBwb3J0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6IGIrgaxYzvMiXZ9GkLfppLP84bdp
+07YUh8u7MR67YPI/jGoNY1WiyANKjdajY937KO8xlXDMKJUf8JyJ9PZWHgCBUxt4
+G/mf4xBljMZANiHNV1WyFHGaVznu2pgbr4ngwyv5oZM/TWVBK2YdZpyVld8Z3I14
+RvQV62Rclxbs4uzK6+IDuEGBxfTKpOSr3u0a2qONAjmNACxdfu+RsdeWumXBQ//U
+ajX6F1DNdj4dvqRp9u5Hw3pJmoBv5puD4OhYcfvNbcG0FtI3ZKa8sPT++/Rypjx5
+MnrAtTAhsTXf2UV/xPbFHJhtU9b/NsE4GLd2ExDIRWpSc2V+ublm1DwnAgMBAAGj
+gbswgbgwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYE
+FBBxcZi9wrKX3W+2zSjqIw5RrkQ0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
+BggrBgEFBQcDAgYIKwYBBQUHAwEwJgYDVR0RBB8wHYIPd3d3LndvbGZzc2wuY29t
+ggp3b2xmc3NsLmpwMB8GA1UdIwQYMBaAFNmfmi7+gH/rbJKhkWCbZXs2KvQ1MA0G
+CSqGSIb3DQEBCwUAA4IBAQBUfWiTaeA76j3YaK6xl5crF112fA0LcMWk7DwjVaW8
+191CVzLdfpvJsJyKMN62fPn/k0Ypgs+KBbuyZM8i2xW9jlYULqRcRMI8nTyg3b2h
+QN/Djf9xc2+I1lfyyGwgGK1IuC9MQboq9jYhlxvufIOoQ4AIi6yo7d/dnHpkyWoW
+CTtXHfzz24KPwQ7jSLfR6BkckPC45q0XxYKz1RW/o8CmS6eXmIaTS7AbDmJhFtBo
+wuIiivWJx72dOGUP37E4msfp33b0Wp/1KxeqmzI3CnKTitsdsoH/DhK2CjFGfoZe
+CwMNf9C/YPL1k5TyeE+ANLn3Zu7WuYDKu1LQ4i8arJmn
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/ca_false_intermediate/wolfssl_base.conf b/certs/intermediate/ca_false_intermediate/wolfssl_base.conf
new file mode 100644
index 000000000..3d5ca1d1d
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/wolfssl_base.conf
@@ -0,0 +1,72 @@
+# OpenSSL config: certificate authority (CA)
+# Default value
+[ default ]
+ca_name                 = _CA_NAME_            # CA name
+home                    = .                    # Top dir
+default_ca              = ca                   # Default CA section
+name_opt                = utf8,esc_ctrl,multiline,lname,align    # Display UTF-8 characters
+
+# Certificate request
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Encrypted CA private key
+default_md              = sha256                # Message Digest to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = no                    # Don't prompt for DN
+distinguished_name      = ca_dn                 # DN section
+req_extensions          = ca_ext                # Desired extensions
+
+# CA certificate info
+[ ca_dn ]
+countryName             = "US"                  # CA cert info
+stateOrProvinceName     = "Wahington"           # CA cert info
+organizationName        = "Seattle"             # CA cert info
+localityName            = "WOLFSSL"             # CA cert info
+organizationalUnitName  = "_CA_DEPART_"         # CA cert info
+commonName              = "www.wolfssl.com"     # Replaced during build proceduce
+
+# Extensions for signing CA certificate
+[ ca_ext ]
+keyUsage                = critical,keyCertSign,cRLSign,digitalSignature # Limit key usage
+basicConstraints        = critical,CA:true      # Dont allow intermediary CA
+subjectKeyIdentifier    = hash                  # SKI validation
+
+# CA operational settings
+[ ca ]
+default_ca              = _CA_NAME_             # Default CA section
+
+# CA Section
+[ _CA_NAME_ ]
+certificate             = $home/$ca_name.crt                # CA certificate
+private_key             = $home/private/$ca_name.key        # CA private key
+new_certs_dir           = $home/certs                       # Generated certificates
+database                = $home/db/index                    # Index file of generated crt
+serial                  = $home/db/serial                   # Serial number file
+RANDFILE                = $home/ca/private/random           # Random file
+unique_subject          = no                                # Dont require unique subject
+default_days            = 3650                              # How long to certify for
+default_md              = sha256                            # Message Digest to use
+policy                  = match_pol                         # Default naming policy
+email_in_dn             = no                                # Dont add email to cert DN
+copy_extensions         = copy                              # Copy extensions from CSR (!)
+x509_extensions         = server_ext                        # Default cert extensions
+
+# Matching policy
+# Enforce that all cert issued by the CA match criteria
+# Useful for CA used internally with limited scope
+[ match_pol ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# Extension used when signing server cert
+[ _CERT_NAME_ ]
+basicConstraints        = critical,CA:false             # Dont allow intermediary CA
+nsCertType              = server                        # Certificate type
+subjectKeyIdentifier    = hash                          # SKI validation
+keyUsage                = critical,digitalSignature,keyEncipherment    # Define key usage
+extendedKeyUsage        = clientAuth,serverAuth         # key usage continued
diff --git a/certs/intermediate/ca_false_intermediate/wolfssl_srv.conf b/certs/intermediate/ca_false_intermediate/wolfssl_srv.conf
new file mode 100644
index 000000000..3498f64d2
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/wolfssl_srv.conf
@@ -0,0 +1,26 @@
+############################################
+# OpenSSL config: generate server key/csr
+############################################
+# Certificate request
+[ req ]
+default_bits            = 2048                 		# RSA key size
+encrypt_key             = no                   		# Encrypted CA private key
+default_md              = sha256               		# Message Digest to use
+utf8                    = yes                  		# Input is UTF-8
+string_mask             = utf8only             		# Emit UTF-8 strings
+prompt                  = no                   		# Don't prompt for DN
+distinguished_name      = server_dn            		# DN section
+req_extensions          = server_ext           		# Desired extensions
+
+# Server certificate info
+[ server_dn ]
+countryName             = "US"
+stateOrProvinceName     = "Wahington"
+organizationName        = "Seattle"
+localityName            = "wolfSSL"
+organizationalUnitName  = "Support"
+commonName              = "www.wolfssl.com"
+
+# Extension - add alternative name to cert
+[ server_ext ]
+subjectAltName          = "DNS:www.wolfssl.com,DNS:wolfssl.jp"
diff --git a/certs/intermediate/include.am b/certs/intermediate/include.am
index f480880da..ad3a66b21 100644
--- a/certs/intermediate/include.am
+++ b/certs/intermediate/include.am
@@ -40,4 +40,12 @@ EXTRA_DIST += \
 	     certs/intermediate/server-int-cert.der \
 	     certs/intermediate/server-int-cert.pem \
 	     certs/intermediate/server-int-ecc-cert.der \
-	     certs/intermediate/server-int-ecc-cert.pem
+	     certs/intermediate/ca_false_intermediate/gentestcert.sh \
+         certs/intermediate/ca_false_intermediate/int_ca.key \
+	     certs/intermediate/ca_false_intermediate/server.key \
+	     certs/intermediate/ca_false_intermediate/test_ca.key \
+	     certs/intermediate/ca_false_intermediate/test_ca.pem \
+         certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem \
+         certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem \
+         certs/intermediate/ca_false_intermediate/wolfssl_base.conf \
+         certs/intermediate/ca_false_intermediate/wolfssl_srv.conf
diff --git a/certs/ocsp/include.am b/certs/ocsp/include.am
index 1b663075f..3f79753d2 100644
--- a/certs/ocsp/include.am
+++ b/certs/ocsp/include.am
@@ -36,4 +36,5 @@ EXTRA_DIST += \
         certs/ocsp/test-response.der \
         certs/ocsp/test-response-rsapss.der \
         certs/ocsp/test-response-nointern.der \
-        certs/ocsp/test-multi-response.der
+        certs/ocsp/test-multi-response.der \
+        certs/ocsp/test-leaf-response.der
diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem
index ebf186e64..911cce437 100644
--- a/certs/ocsp/intermediate1-ca-cert.pem
+++ b/certs/ocsp/intermediate1-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
                     a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         1c:06:f6:58:ee:a2:4d:11:dd:ce:51:2a:ea:3c:1e:13:62:2b:
-         e2:04:6d:ca:67:2b:14:1b:de:3e:72:7b:d2:12:29:59:e9:bd:
-         3f:37:1f:9b:9c:15:84:40:10:c2:7b:1c:1f:16:2c:4e:f5:b7:
-         bb:7e:24:79:7a:e6:6b:6e:66:cf:4f:04:e5:31:b9:63:12:80:
-         89:61:fc:ae:47:b3:bd:b0:63:d8:aa:77:ba:25:53:e5:f7:ca:
-         63:d5:7f:6e:80:ed:75:c9:47:59:df:7a:82:87:2e:b8:cf:87:
-         c4:9a:0c:2f:ee:a9:a8:5a:7e:2b:55:30:e9:8b:05:f3:ab:60:
-         7f:49:bd:16:de:73:8d:8f:72:48:35:23:a1:88:88:a8:9a:01:
-         19:6c:6e:06:cf:c3:47:d9:68:0e:42:c3:84:d9:23:71:36:73:
-         c4:9d:bc:ed:f7:9b:e3:a0:8d:89:ac:ec:e7:75:22:1f:99:74:
-         5b:4c:5b:b5:25:e1:7f:02:f3:07:ae:4f:b1:0b:21:f9:17:78:
-         1a:b4:c6:8f:03:91:fb:b2:95:ff:6d:de:37:39:4a:57:c1:8c:
-         da:91:3a:4c:cc:fa:27:9a:4f:42:cb:4c:15:c7:08:34:8f:03:
-         a8:f1:2e:df:64:c5:ec:57:e1:90:77:2f:49:90:c1:23:4d:7b:
-         9e:44:fb:08
+    Signature Value:
+        75:57:f1:0c:87:8f:a2:70:3c:ce:e4:70:0e:99:6a:da:c4:80:
+        94:2c:25:0c:de:0d:7b:f3:94:f1:e8:ad:6f:d0:de:9a:9d:f5:
+        64:31:65:3f:18:e6:c3:f5:b5:1d:a2:be:5b:97:79:41:78:15:
+        1c:b3:83:de:d0:00:ea:d2:70:43:c5:60:60:07:72:e5:76:59:
+        b8:0e:2f:47:c9:8d:a4:4c:f1:20:b0:40:3b:ed:e9:de:b2:46:
+        10:90:1b:0f:96:16:e6:97:bc:d5:9a:93:aa:3c:e3:b3:6b:5f:
+        db:2c:af:2b:da:7c:36:36:aa:86:a1:65:70:c8:f1:34:d1:1f:
+        10:96:71:e6:cf:69:5c:bf:0e:15:33:97:fe:40:42:be:30:48:
+        ad:fb:d7:0e:7b:73:dd:64:30:7e:10:81:ac:3b:0b:3c:e4:12:
+        9f:31:8b:3d:f0:9b:84:dc:5b:32:33:39:de:eb:1a:17:89:d8:
+        1b:00:33:2d:50:a4:1a:2c:11:a2:60:ac:c1:9a:0f:44:90:00:
+        cf:8d:6c:af:5b:71:23:7a:a7:4f:df:f5:3f:5c:ae:93:ca:4e:
+        ec:f0:1b:f4:fa:53:7d:d9:36:af:5e:4c:54:c7:3a:d5:e3:68:
+        ca:78:e5:1f:55:44:65:eb:00:2d:c3:c8:ba:0e:1f:47:1c:67:
+        2e:a9:c1:6e
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -84,12 +83,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBABwG9ljuok0R3c5RKuo8HhNiK+IEbcpnKxQb3j5ye9ISKVnpvT83H5ucFYRA
-EMJ7HB8WLE71t7t+JHl65mtuZs9PBOUxuWMSgIlh/K5Hs72wY9iqd7olU+X3ymPV
-f26A7XXJR1nfeoKHLrjPh8SaDC/uqahafitVMOmLBfOrYH9JvRbec42Pckg1I6GI
-iKiaARlsbgbPw0fZaA5Cw4TZI3E2c8SdvO33m+OgjYms7Od1Ih+ZdFtMW7Ul4X8C
-8weuT7ELIfkXeBq0xo8Dkfuylf9t3jc5SlfBjNqROkzM+ieaT0LLTBXHCDSPA6jx
-Lt9kxexX4ZB3L0mQwSNNe55E+wg=
+ggEBAHVX8QyHj6JwPM7kcA6ZatrEgJQsJQzeDXvzlPHorW/Q3pqd9WQxZT8Y5sP1
+tR2ivluXeUF4FRyzg97QAOrScEPFYGAHcuV2WbgOL0fJjaRM8SCwQDvt6d6yRhCQ
+Gw+WFuaXvNWak6o847NrX9ssryvafDY2qoahZXDI8TTRHxCWcebPaVy/DhUzl/5A
+Qr4wSK371w57c91kMH4Qgaw7CzzkEp8xiz3wm4TcWzIzOd7rGheJ2BsAMy1QpBos
+EaJgrMGaD0SQAM+NbK9bcSN6p0/f9T9crpPKTuzwG/T6U33ZNq9eTFTHOtXjaMp4
+5R9VRGXrAC3DyLoOH0ccZy6pwW4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -176,11 +174,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem
index bd5a6a043..1068c455f 100644
--- a/certs/ocsp/intermediate2-ca-cert.pem
+++ b/certs/ocsp/intermediate2-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4:
                     6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         3b:38:b5:57:a7:f6:d6:b1:19:55:b8:da:47:74:cf:9a:6b:6e:
-         ff:0a:5d:06:17:33:db:db:38:e5:d1:9c:dd:c7:3e:c2:2e:87:
-         20:52:48:d0:ad:0c:12:3e:f7:66:41:64:d2:ca:b3:4c:a1:0a:
-         6c:4b:4b:33:94:74:83:2e:2d:44:5a:13:ae:da:9a:18:87:64:
-         30:cf:69:70:e8:38:47:de:55:27:06:86:9b:24:d5:b0:8f:17:
-         3b:95:87:7e:4a:45:45:2e:6d:70:27:90:32:62:a8:36:3e:47:
-         47:0f:0e:1b:93:cf:3d:3e:9b:2c:9a:ff:0c:ee:a7:1b:40:c4:
-         dc:f2:66:74:eb:d9:11:9d:60:b8:24:b4:89:c1:e4:61:20:3d:
-         38:af:45:ad:e8:ee:69:c3:96:8a:a5:c1:cd:dd:14:87:97:dc:
-         f8:32:84:a8:3b:0a:eb:61:0e:7c:4c:65:69:3d:02:92:db:c4:
-         bf:21:6f:89:fe:cc:76:df:c5:84:fb:c4:ea:1a:60:da:d0:c8:
-         27:7c:65:1b:cb:23:20:5a:e2:23:90:bd:f5:5c:0a:85:51:37:
-         84:47:a7:80:f4:e0:a0:72:8d:7a:b8:71:03:44:59:c6:cf:2c:
-         ae:df:91:a9:74:72:eb:a7:31:b2:81:65:19:e6:df:c3:4b:b7:
-         fc:9c:2c:f0
+    Signature Value:
+        1f:0a:d4:04:b7:38:42:e7:fa:85:ee:3a:f7:11:98:5a:79:d2:
+        43:8b:f0:2b:d2:fc:ad:7b:33:a0:25:a5:b5:3f:29:13:94:9c:
+        da:b6:e6:41:8c:9a:92:3b:cc:44:6e:0e:8e:8b:79:09:96:ed:
+        39:57:c4:d6:b1:7f:dd:bf:f1:26:75:89:7d:28:54:c5:e8:da:
+        12:28:02:5d:be:91:98:95:bf:ca:e8:20:d6:c6:6c:b2:af:09:
+        ab:3a:c2:c2:e5:b1:cf:ab:79:54:f1:44:de:77:e4:cb:18:f5:
+        7a:d9:5f:e9:88:cd:50:54:59:01:a0:83:1c:b2:ad:92:ea:df:
+        b1:24:84:c7:b5:17:e5:c3:b4:26:5f:24:90:da:e1:d4:ac:b8:
+        c7:e0:89:1c:56:20:aa:53:2d:51:55:0a:01:e2:4c:bc:8c:74:
+        59:9d:f5:f1:74:e7:8b:d8:71:12:01:2e:6e:4a:01:d7:fb:8d:
+        a8:2e:42:63:ab:11:57:1f:4a:1e:c0:43:3b:77:32:0d:fe:1f:
+        ec:62:47:27:a7:74:84:0a:82:3c:0f:5f:83:91:e1:78:35:88:
+        9d:e1:da:b1:00:cb:77:c7:fc:f2:a1:3d:c3:7a:de:ab:81:e4:
+        1b:ee:75:c9:b9:ea:f8:c1:5f:e6:15:6a:1f:96:ba:30:05:0f:
+        43:7c:21:b6
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -84,12 +83,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBADs4tVen9taxGVW42kd0z5prbv8KXQYXM9vbOOXRnN3HPsIuhyBSSNCtDBI+
-92ZBZNLKs0yhCmxLSzOUdIMuLURaE67amhiHZDDPaXDoOEfeVScGhpsk1bCPFzuV
-h35KRUUubXAnkDJiqDY+R0cPDhuTzz0+myya/wzupxtAxNzyZnTr2RGdYLgktInB
-5GEgPTivRa3o7mnDloqlwc3dFIeX3PgyhKg7CuthDnxMZWk9ApLbxL8hb4n+zHbf
-xYT7xOoaYNrQyCd8ZRvLIyBa4iOQvfVcCoVRN4RHp4D04KByjXq4cQNEWcbPLK7f
-kal0cuunMbKBZRnm38NLt/ycLPA=
+ggEBAB8K1AS3OELn+oXuOvcRmFp50kOL8CvS/K17M6AlpbU/KROUnNq25kGMmpI7
+zERuDo6LeQmW7TlXxNaxf92/8SZ1iX0oVMXo2hIoAl2+kZiVv8roINbGbLKvCas6
+wsLlsc+reVTxRN535MsY9XrZX+mIzVBUWQGggxyyrZLq37EkhMe1F+XDtCZfJJDa
+4dSsuMfgiRxWIKpTLVFVCgHiTLyMdFmd9fF054vYcRIBLm5KAdf7jaguQmOrEVcf
+Sh7AQzt3Mg3+H+xiRyendIQKgjwPX4OR4Xg1iJ3h2rEAy3fH/PKhPcN63quB5Bvu
+dcm56vjBX+YVah+WujAFD0N8IbY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -176,11 +174,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/intermediate3-ca-cert.pem b/certs/ocsp/intermediate3-ca-cert.pem
index 932f24596..05e87b1e5 100644
--- a/certs/ocsp/intermediate3-ca-cert.pem
+++ b/certs/ocsp/intermediate3-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL REVOKED intermediate CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28:
                     fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         2f:e1:b0:99:a9:71:0e:41:f8:b1:9d:38:c8:f4:3d:7c:79:ce:
-         d2:94:01:2a:b6:71:1b:4c:64:19:27:02:71:b4:43:64:42:f9:
-         2b:71:39:6e:64:4e:e8:32:b1:1e:1b:fd:7d:22:cb:8a:9c:34:
-         ce:ef:bb:dd:f2:4f:83:58:33:34:01:cb:b4:35:e2:ba:c6:cc:
-         aa:2f:ed:2e:e9:04:ec:cd:7f:06:50:b3:4e:37:cd:fe:96:69:
-         da:a3:fe:63:78:83:c5:86:7e:03:b2:11:e5:94:f8:56:e9:d1:
-         dd:5d:b4:05:4d:26:0e:09:c2:50:32:ce:6d:da:6b:b7:ee:e1:
-         1b:a9:b0:0f:59:d6:03:16:ee:47:16:2f:1f:58:f9:f8:48:d9:
-         59:ed:61:a1:af:7e:92:38:2e:40:0c:9b:e7:21:90:3b:10:6f:
-         61:ad:e0:95:57:e2:d5:39:dc:83:54:88:99:4a:5e:21:94:ce:
-         f9:0f:5e:e9:22:10:55:bb:97:f4:51:3f:50:83:ed:63:fb:ab:
-         d2:02:b3:aa:26:f7:fc:72:1c:84:e9:a0:a3:fa:b2:22:90:c8:
-         ac:61:84:2a:bd:3f:75:1f:1b:bf:83:a8:90:ce:4c:de:ee:eb:
-         65:b4:ff:f0:7a:b2:11:7a:78:60:c4:6e:da:e3:c8:a3:57:5b:
-         8f:58:e4:49
+    Signature Value:
+        9c:99:cf:4a:64:66:4f:74:91:47:3d:58:ed:c2:3a:57:d5:70:
+        70:d7:7e:63:2c:8e:06:5e:36:4b:60:92:74:3f:ca:2c:cf:43:
+        1b:b7:64:42:89:43:30:53:b2:6a:f4:ce:d8:ec:18:2d:20:4e:
+        2d:fb:2d:22:71:61:87:3a:35:dc:77:b5:bd:1e:b3:13:ae:bd:
+        71:ef:b3:21:9d:50:5f:0d:a9:52:76:9b:ea:25:be:f2:79:08:
+        49:16:9c:68:82:30:80:2d:47:ce:49:46:cc:66:95:47:c5:28:
+        89:d7:b4:b3:37:b0:14:21:34:58:c3:7b:94:91:2c:32:80:0e:
+        7e:fa:ed:07:e0:e3:52:8b:fc:73:f8:73:df:52:34:b0:63:a7:
+        02:26:5d:e9:e6:37:43:a3:f5:c3:be:5f:c4:86:6e:00:20:51:
+        7b:b6:48:85:11:f4:b3:79:4d:b7:14:20:f4:ea:c3:06:68:45:
+        1a:4f:db:09:df:30:3e:2c:89:bf:dc:4d:81:46:1c:3d:0b:b4:
+        a0:0f:79:d6:c5:1e:a8:81:fd:ff:80:b8:4b:f6:50:06:88:e9:
+        69:96:12:df:66:b8:db:46:60:f8:b4:35:f6:eb:f6:f9:a4:19:
+        d2:d6:d7:d8:c8:5f:0b:46:66:5d:3c:d3:18:17:78:b4:80:85:
+        ca:98:bd:33
 -----BEGIN CERTIFICATE-----
 MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L
 RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -84,12 +83,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp
 bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm
 MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN
-AQELBQADggEBAC/hsJmpcQ5B+LGdOMj0PXx5ztKUASq2cRtMZBknAnG0Q2RC+Stx
-OW5kTugysR4b/X0iy4qcNM7vu93yT4NYMzQBy7Q14rrGzKov7S7pBOzNfwZQs043
-zf6Wadqj/mN4g8WGfgOyEeWU+Fbp0d1dtAVNJg4JwlAyzm3aa7fu4RupsA9Z1gMW
-7kcWLx9Y+fhI2VntYaGvfpI4LkAMm+chkDsQb2Gt4JVX4tU53INUiJlKXiGUzvkP
-XukiEFW7l/RRP1CD7WP7q9ICs6om9/xyHITpoKP6siKQyKxhhCq9P3UfG7+DqJDO
-TN7u62W0//B6shF6eGDEbtrjyKNXW49Y5Ek=
+AQELBQADggEBAJyZz0pkZk90kUc9WO3COlfVcHDXfmMsjgZeNktgknQ/yizPQxu3
+ZEKJQzBTsmr0ztjsGC0gTi37LSJxYYc6Ndx3tb0esxOuvXHvsyGdUF8NqVJ2m+ol
+vvJ5CEkWnGiCMIAtR85JRsxmlUfFKInXtLM3sBQhNFjDe5SRLDKADn767Qfg41KL
+/HP4c99SNLBjpwImXenmN0Oj9cO+X8SGbgAgUXu2SIUR9LN5TbcUIPTqwwZoRRpP
+2wnfMD4sib/cTYFGHD0LtKAPedbFHqiB/f+AuEv2UAaI6WmWEt9muNtGYPi0Nfbr
+9vmkGdLW19jIXwtGZl080xgXeLSAhcqYvTM=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -176,11 +174,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem
index 0eb95e094..5071c26ff 100644
--- a/certs/ocsp/ocsp-responder-cert.pem
+++ b/certs/ocsp/ocsp-responder-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL OCSP Responder, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1:
                     f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b:
@@ -40,31 +40,31 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Extended Key Usage: 
                 OCSP Signing
     Signature Algorithm: sha256WithRSAEncryption
-         0a:a4:ec:1a:eb:2e:bc:d0:62:b6:84:72:92:8a:1a:e4:04:31:
-         1c:68:17:ae:6c:18:44:ad:23:73:0d:63:73:9b:47:97:ae:21:
-         aa:ac:ab:f4:9e:64:78:62:bb:b5:70:29:31:eb:53:b2:f6:20:
-         35:ff:43:06:f0:3f:84:d8:aa:be:6d:a9:59:ef:f5:6b:8e:da:
-         78:77:22:70:43:c8:e5:b5:55:2f:c8:31:5e:87:d2:2d:a5:0f:
-         0a:aa:01:00:76:22:17:73:72:9a:59:fb:c8:1f:a3:b9:d6:99:
-         7f:16:90:03:ec:20:bf:f5:8a:c5:e2:a7:1c:4b:bf:c5:7c:45:
-         18:de:e3:93:a1:41:b0:33:ed:d2:6e:4f:14:58:6e:af:12:be:
-         3b:ed:6e:20:4b:6d:11:89:9d:c6:2a:ab:1e:24:3f:d2:56:98:
-         5c:8f:d1:fe:d2:92:6b:7b:ed:15:84:3a:b3:aa:5c:c6:b4:6d:
-         5d:cb:ce:81:37:e5:ef:96:25:92:ef:04:3c:38:0c:f0:6d:64:
-         ef:33:51:4f:98:6f:55:3d:0e:cc:07:ea:2c:0b:3e:09:a0:23:
-         0b:45:2c:02:a0:49:70:d8:a8:a7:36:07:68:c6:82:5e:d4:78:
-         be:cf:5b:11:79:6b:bf:e2:5d:56:79:19:a5:64:b2:e8:86:a4:
-         27:74:cf:55
+    Signature Value:
+        4d:a2:d8:55:e0:2b:f4:ad:65:e2:92:35:cb:60:a0:a2:6b:a6:
+        88:c1:86:58:57:37:bd:2e:28:6e:1c:56:2a:35:de:ff:3e:8e:
+        3d:47:21:1a:e9:d3:c6:b4:e2:cb:3e:c6:af:9b:ef:23:88:56:
+        95:73:2e:b3:ed:c5:11:4b:69:f7:13:3a:05:e1:af:ba:c9:59:
+        fd:e2:a0:81:a0:4c:0c:2c:cb:57:ad:96:3a:8c:32:a6:4a:f8:
+        72:b8:ec:b3:26:69:d6:6a:4c:4c:78:18:3c:ca:19:f1:b5:8e:
+        23:81:5b:27:90:e0:5c:2b:17:4d:78:99:6b:25:bd:2f:ae:1b:
+        aa:ce:84:b9:44:21:46:c0:34:6b:5b:b9:1b:ca:5c:60:f1:ef:
+        e6:66:bc:84:63:56:50:7d:bb:2c:2f:7b:47:b4:fd:58:77:87:
+        ee:27:20:96:72:8e:4c:7e:4f:93:eb:5f:8f:9c:1e:59:7a:96:
+        aa:53:77:22:41:d8:d3:f9:89:8f:e8:9d:65:bd:0c:71:3c:bb:
+        a3:07:bf:fb:a8:d1:18:0a:b4:c4:f7:83:b3:86:2b:f0:5b:05:
+        28:c1:01:31:73:5c:2b:bd:60:97:a3:36:82:96:d7:83:df:75:
+        ee:29:42:97:86:41:55:b9:70:87:d5:02:85:13:41:f8:25:05:
+        ab:6a:aa:57
 -----BEGIN CERTIFICATE-----
 MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag
 UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -80,12 +80,12 @@ CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0
 dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG
 A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB
-AQAKpOwa6y680GK2hHKSihrkBDEcaBeubBhErSNzDWNzm0eXriGqrKv0nmR4Yru1
-cCkx61Oy9iA1/0MG8D+E2Kq+balZ7/Vrjtp4dyJwQ8jltVUvyDFeh9ItpQ8KqgEA
-diIXc3KaWfvIH6O51pl/FpAD7CC/9YrF4qccS7/FfEUY3uOToUGwM+3Sbk8UWG6v
-Er477W4gS20RiZ3GKqseJD/SVphcj9H+0pJre+0VhDqzqlzGtG1dy86BN+XvliWS
-7wQ8OAzwbWTvM1FPmG9VPQ7MB+osCz4JoCMLRSwCoElw2KinNgdoxoJe1Hi+z1sR
-eWu/4l1WeRmlZLLohqQndM9V
+AQBNothV4Cv0rWXikjXLYKCia6aIwYZYVze9LihuHFYqNd7/Po49RyEa6dPGtOLL
+Psavm+8jiFaVcy6z7cURS2n3EzoF4a+6yVn94qCBoEwMLMtXrZY6jDKmSvhyuOyz
+JmnWakxMeBg8yhnxtY4jgVsnkOBcKxdNeJlrJb0vrhuqzoS5RCFGwDRrW7kbylxg
+8e/mZryEY1ZQfbssL3tHtP1Yd4fuJyCWco5Mfk+T61+PnB5ZepaqU3ciQdjT+YmP
+6J1lvQxxPLujB7/7qNEYCrTE94OzhivwWwUowQExc1wrvWCXozaClteD33XuKUKX
+hkFVuXCH1QKFE0H4JQWraqpX
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -94,12 +94,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -129,34 +129,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -172,11 +171,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh
index f377a1fdd..003aa1253 100755
--- a/certs/ocsp/renewcerts.sh
+++ b/certs/ocsp/renewcerts.sh
@@ -100,6 +100,16 @@ openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -cert
 kill $PID
 wait $PID
 
+# Create a response DER buffer for testing leaf certificate
+openssl ocsp -port 22221 -ndays 1000 -index \
+./index-intermediate1-ca-issued-certs.txt -rsigner ocsp-responder-cert.pem \
+-rkey ocsp-responder-key.pem -CA intermediate1-ca-cert.pem -partial_chain &
+PID=$!
+sleep 1 # Make sure server is ready
+
+openssl ocsp -issuer ./intermediate1-ca-cert.pem -cert ./server1-cert.pem -url http://localhost:22221/ -respout test-leaf-response.der -noverify
+kill $PID
+wait $PID
 
 # now start up a responder that signs using rsa-pss
 openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -rsigopt rsa_padding_mode:pss &
diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem
index 4dd84808f..060acb0c0 100644
--- a/certs/ocsp/root-ca-cert.pem
+++ b/certs/ocsp/root-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -83,11 +82,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem
index 641d41f19..dfc0c7389 100644
--- a/certs/ocsp/server1-cert.pem
+++ b/certs/ocsp/server1-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www1.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e6:96:55:75:cf:8a:97:68:8c:b6:38:f6:7a:05:
                     be:33:b6:51:47:37:8a:f7:db:91:be:92:6b:b7:00:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:01
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22221
-
     Signature Algorithm: sha256WithRSAEncryption
-         2c:4a:52:45:c2:c6:40:fe:e1:c0:38:89:63:a1:24:44:f8:8c:
-         1b:28:dc:55:69:19:b1:d0:53:46:01:36:f6:ee:b0:ac:71:3a:
-         a9:43:cb:43:99:73:f0:a7:c2:cb:73:d2:9a:02:6c:5b:12:c8:
-         ea:d7:87:18:cc:5a:a3:15:53:0f:94:b2:97:eb:78:e8:6e:8d:
-         4d:3b:d4:23:88:98:7d:35:09:74:95:a8:05:49:57:d0:2a:3c:
-         1b:96:1f:d0:5d:37:0a:a3:01:55:36:bb:17:6e:d9:9f:81:ee:
-         7d:12:bc:ff:e0:22:ca:49:1e:f5:c4:06:8c:29:28:20:3a:b0:
-         a4:6e:82:6c:74:3b:56:37:e0:bb:42:9e:65:3f:19:b8:d2:2a:
-         15:9e:92:39:8b:17:f2:ef:7f:d2:b8:79:a5:12:20:50:a2:31:
-         55:52:a4:74:91:02:bc:0e:d0:43:01:c5:7c:4d:4e:b0:00:88:
-         a4:10:c5:9c:93:38:cb:05:48:c8:87:6a:54:f6:9c:38:77:2a:
-         6f:ad:ab:b4:a2:23:bc:23:af:41:57:d3:f4:d6:27:b0:a6:f9:
-         58:9c:76:76:4d:83:d2:27:ac:0e:af:95:2d:3a:9d:6c:1c:55:
-         98:5a:a8:e0:1f:dd:13:a5:fc:72:e4:be:95:aa:57:99:3c:2e:
-         16:70:e9:d1
+    Signature Value:
+        7c:53:b6:71:1e:1a:9a:54:42:15:3a:81:06:d2:7c:bc:56:63:
+        13:0a:4d:21:3f:59:68:4c:07:17:65:a1:26:ce:10:4c:90:f5:
+        13:66:60:9b:9c:d9:85:7f:a3:da:9f:a6:d7:69:df:c7:b1:0b:
+        4d:14:93:32:7f:df:7a:e6:ab:cc:74:de:a8:6d:c5:4c:55:be:
+        a1:8a:14:48:38:e0:34:76:5c:cb:27:6b:a1:31:de:6c:bc:ac:
+        ea:73:7e:ce:ad:86:e2:54:7b:0f:87:4f:b7:24:c0:06:83:17:
+        0d:75:a7:09:5e:2f:74:c3:85:f5:2e:ec:84:21:b6:ce:93:0d:
+        bf:5c:39:24:5d:e0:63:25:04:5c:23:a7:d8:93:e8:1a:34:44:
+        fb:67:94:80:45:7c:78:31:20:d1:ed:a2:06:6b:84:1f:3a:99:
+        f2:de:14:cb:8e:cf:fd:dd:51:a3:af:17:8a:83:f3:f5:4e:ea:
+        a5:33:c8:fa:84:9a:17:7e:5d:6f:f8:90:2e:ac:88:66:b6:49:
+        44:72:85:43:ca:58:d9:94:56:85:98:56:b8:34:d4:22:5d:8e:
+        7a:35:ef:5a:96:15:29:2d:7b:f1:1f:55:98:7f:2f:d8:08:36:
+        ec:c9:a1:c6:05:3e:db:dd:e4:f8:2d:ca:92:e0:e8:a4:e4:7c:
+        39:77:72:97
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB
-AQAsSlJFwsZA/uHAOIljoSRE+IwbKNxVaRmx0FNGATb27rCscTqpQ8tDmXPwp8LL
-c9KaAmxbEsjq14cYzFqjFVMPlLKX63jobo1NO9QjiJh9NQl0lagFSVfQKjwblh/Q
-XTcKowFVNrsXbtmfge59Erz/4CLKSR71xAaMKSggOrCkboJsdDtWN+C7Qp5lPxm4
-0ioVnpI5ixfy73/SuHmlEiBQojFVUqR0kQK8DtBDAcV8TU6wAIikEMWckzjLBUjI
-h2pU9pw4dypvrau0oiO8I69BV9P01iewpvlYnHZ2TYPSJ6wOr5UtOp1sHFWYWqjg
-H90Tpfxy5L6VqleZPC4WcOnR
+AQB8U7ZxHhqaVEIVOoEG0ny8VmMTCk0hP1loTAcXZaEmzhBMkPUTZmCbnNmFf6Pa
+n6bXad/HsQtNFJMyf9965qvMdN6obcVMVb6hihRIOOA0dlzLJ2uhMd5svKzqc37O
+rYbiVHsPh0+3JMAGgxcNdacJXi90w4X1LuyEIbbOkw2/XDkkXeBjJQRcI6fYk+ga
+NET7Z5SARXx4MSDR7aIGa4QfOpny3hTLjs/93VGjrxeKg/P1TuqlM8j6hJoXfl1v
++JAurIhmtklEcoVDyljZlFaFmFa4NNQiXY56Ne9alhUpLXvxH1WYfy/YCDbsyaHG
+BT7b3eT4LcqS4Oik5Hw5d3KX
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
                     a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         1c:06:f6:58:ee:a2:4d:11:dd:ce:51:2a:ea:3c:1e:13:62:2b:
-         e2:04:6d:ca:67:2b:14:1b:de:3e:72:7b:d2:12:29:59:e9:bd:
-         3f:37:1f:9b:9c:15:84:40:10:c2:7b:1c:1f:16:2c:4e:f5:b7:
-         bb:7e:24:79:7a:e6:6b:6e:66:cf:4f:04:e5:31:b9:63:12:80:
-         89:61:fc:ae:47:b3:bd:b0:63:d8:aa:77:ba:25:53:e5:f7:ca:
-         63:d5:7f:6e:80:ed:75:c9:47:59:df:7a:82:87:2e:b8:cf:87:
-         c4:9a:0c:2f:ee:a9:a8:5a:7e:2b:55:30:e9:8b:05:f3:ab:60:
-         7f:49:bd:16:de:73:8d:8f:72:48:35:23:a1:88:88:a8:9a:01:
-         19:6c:6e:06:cf:c3:47:d9:68:0e:42:c3:84:d9:23:71:36:73:
-         c4:9d:bc:ed:f7:9b:e3:a0:8d:89:ac:ec:e7:75:22:1f:99:74:
-         5b:4c:5b:b5:25:e1:7f:02:f3:07:ae:4f:b1:0b:21:f9:17:78:
-         1a:b4:c6:8f:03:91:fb:b2:95:ff:6d:de:37:39:4a:57:c1:8c:
-         da:91:3a:4c:cc:fa:27:9a:4f:42:cb:4c:15:c7:08:34:8f:03:
-         a8:f1:2e:df:64:c5:ec:57:e1:90:77:2f:49:90:c1:23:4d:7b:
-         9e:44:fb:08
+    Signature Value:
+        75:57:f1:0c:87:8f:a2:70:3c:ce:e4:70:0e:99:6a:da:c4:80:
+        94:2c:25:0c:de:0d:7b:f3:94:f1:e8:ad:6f:d0:de:9a:9d:f5:
+        64:31:65:3f:18:e6:c3:f5:b5:1d:a2:be:5b:97:79:41:78:15:
+        1c:b3:83:de:d0:00:ea:d2:70:43:c5:60:60:07:72:e5:76:59:
+        b8:0e:2f:47:c9:8d:a4:4c:f1:20:b0:40:3b:ed:e9:de:b2:46:
+        10:90:1b:0f:96:16:e6:97:bc:d5:9a:93:aa:3c:e3:b3:6b:5f:
+        db:2c:af:2b:da:7c:36:36:aa:86:a1:65:70:c8:f1:34:d1:1f:
+        10:96:71:e6:cf:69:5c:bf:0e:15:33:97:fe:40:42:be:30:48:
+        ad:fb:d7:0e:7b:73:dd:64:30:7e:10:81:ac:3b:0b:3c:e4:12:
+        9f:31:8b:3d:f0:9b:84:dc:5b:32:33:39:de:eb:1a:17:89:d8:
+        1b:00:33:2d:50:a4:1a:2c:11:a2:60:ac:c1:9a:0f:44:90:00:
+        cf:8d:6c:af:5b:71:23:7a:a7:4f:df:f5:3f:5c:ae:93:ca:4e:
+        ec:f0:1b:f4:fa:53:7d:d9:36:af:5e:4c:54:c7:3a:d5:e3:68:
+        ca:78:e5:1f:55:44:65:eb:00:2d:c3:c8:ba:0e:1f:47:1c:67:
+        2e:a9:c1:6e
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBABwG9ljuok0R3c5RKuo8HhNiK+IEbcpnKxQb3j5ye9ISKVnpvT83H5ucFYRA
-EMJ7HB8WLE71t7t+JHl65mtuZs9PBOUxuWMSgIlh/K5Hs72wY9iqd7olU+X3ymPV
-f26A7XXJR1nfeoKHLrjPh8SaDC/uqahafitVMOmLBfOrYH9JvRbec42Pckg1I6GI
-iKiaARlsbgbPw0fZaA5Cw4TZI3E2c8SdvO33m+OgjYms7Od1Ih+ZdFtMW7Ul4X8C
-8weuT7ELIfkXeBq0xo8Dkfuylf9t3jc5SlfBjNqROkzM+ieaT0LLTBXHCDSPA6jx
-Lt9kxexX4ZB3L0mQwSNNe55E+wg=
+ggEBAHVX8QyHj6JwPM7kcA6ZatrEgJQsJQzeDXvzlPHorW/Q3pqd9WQxZT8Y5sP1
+tR2ivluXeUF4FRyzg97QAOrScEPFYGAHcuV2WbgOL0fJjaRM8SCwQDvt6d6yRhCQ
+Gw+WFuaXvNWak6o847NrX9ssryvafDY2qoahZXDI8TTRHxCWcebPaVy/DhUzl/5A
+Qr4wSK371w57c91kMH4Qgaw7CzzkEp8xiz3wm4TcWzIzOd7rGheJ2BsAMy1QpBos
+EaJgrMGaD0SQAM+NbK9bcSN6p0/f9T9crpPKTuzwG/T6U33ZNq9eTFTHOtXjaMp4
+5R9VRGXrAC3DyLoOH0ccZy6pwW4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem
index 1d2b0c91c..9d128727c 100644
--- a/certs/ocsp/server2-cert.pem
+++ b/certs/ocsp/server2-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www2.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c6:35:8a:e8:aa:bd:33:c9:5e:84:43:67:42:65:
                     2a:3c:e3:89:b4:a6:67:a1:3b:ee:6d:85:d1:d3:2b:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:01
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22221
-
     Signature Algorithm: sha256WithRSAEncryption
-         ba:b8:a9:5b:b2:3b:55:29:f6:8e:08:d9:48:7b:12:4e:45:65:
-         bb:4a:d0:23:82:c8:2b:f1:2e:fd:34:d1:e8:d0:b9:89:35:f3:
-         49:e4:67:6b:bf:72:ae:26:48:20:1e:0d:22:11:11:d1:b3:b2:
-         9f:d2:47:b5:b0:64:37:03:0b:aa:62:9b:26:b1:c5:52:72:80:
-         12:d8:67:20:3b:f4:59:72:06:99:f6:ff:92:f7:50:05:46:30:
-         11:d3:b4:e2:5b:03:cc:f8:01:d2:8e:de:2b:0a:52:6a:76:66:
-         a8:e3:80:06:a3:60:e2:c5:6b:62:4d:12:0d:9a:43:a6:c7:e5:
-         87:1d:02:65:f2:35:66:e2:07:05:66:32:df:5f:14:7f:9b:89:
-         60:61:41:8c:bb:ad:1c:9e:92:7d:19:4c:8a:3c:d9:9f:6c:d7:
-         c3:a9:13:b3:13:2c:38:e0:e6:e1:0c:4c:55:f0:25:42:73:6a:
-         c1:79:82:0a:a5:95:ef:2a:0e:29:cd:76:88:af:e4:da:e6:95:
-         22:55:dc:8f:67:3e:eb:c8:6b:4a:86:1f:2a:13:40:ee:a2:5e:
-         59:61:77:3b:c7:81:d2:6e:ed:ea:08:55:ea:c4:1f:11:d8:50:
-         c5:a1:c7:46:57:c7:02:4c:ce:3b:e5:1b:9d:cf:59:73:24:7c:
-         07:cf:8f:f6
+    Signature Value:
+        b3:dc:a7:36:44:5f:9d:37:d7:cc:86:ee:db:2d:74:4b:7a:88:
+        f7:a4:fa:7b:84:09:6f:63:3b:9f:2e:00:3a:2d:7d:1f:ef:c5:
+        91:32:48:4f:36:01:29:93:c7:b8:0b:fd:66:67:7f:c8:71:ce:
+        32:cd:87:ca:9c:0b:26:fa:b1:55:57:a5:e0:c5:16:66:66:e8:
+        a4:3d:68:fd:ed:2d:1b:d0:c3:d1:9b:b3:cf:a0:2d:7e:26:7f:
+        a7:80:ee:73:dd:83:38:3d:39:8e:c3:ad:cb:7c:71:b1:94:d5:
+        eb:cb:d0:5d:57:c3:68:49:05:88:b7:65:0c:4a:ae:a6:f4:53:
+        4e:b7:84:c1:b8:f1:6a:b5:04:81:25:56:77:85:19:9e:a0:4d:
+        f9:eb:01:71:2f:5e:8e:da:b9:ba:d2:fd:da:1b:c0:e1:29:17:
+        4f:47:dc:f9:c6:f8:a9:c6:6f:dd:bf:af:6f:4b:1d:cd:00:5a:
+        82:b2:21:36:86:eb:cb:05:63:43:2b:dc:f3:f8:f1:16:4f:e3:
+        e1:83:65:37:c2:d6:9d:00:03:34:a2:c3:2a:a3:29:5e:74:18:
+        8f:29:57:02:5d:51:8f:ea:98:95:f3:c6:9c:3c:6f:cc:98:d3:
+        8f:c6:f7:bd:48:2a:35:19:a5:f2:d1:02:30:2f:74:14:cb:21:
+        3d:40:35:df
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB
-AQC6uKlbsjtVKfaOCNlIexJORWW7StAjgsgr8S79NNHo0LmJNfNJ5Gdrv3KuJkgg
-Hg0iERHRs7Kf0ke1sGQ3AwuqYpsmscVScoAS2GcgO/RZcgaZ9v+S91AFRjAR07Ti
-WwPM+AHSjt4rClJqdmao44AGo2DixWtiTRINmkOmx+WHHQJl8jVm4gcFZjLfXxR/
-m4lgYUGMu60cnpJ9GUyKPNmfbNfDqROzEyw44ObhDExV8CVCc2rBeYIKpZXvKg4p
-zXaIr+Ta5pUiVdyPZz7ryGtKhh8qE0Duol5ZYXc7x4HSbu3qCFXqxB8R2FDFocdG
-V8cCTM475Rudz1lzJHwHz4/2
+AQCz3Kc2RF+dN9fMhu7bLXRLeoj3pPp7hAlvYzufLgA6LX0f78WRMkhPNgEpk8e4
+C/1mZ3/Icc4yzYfKnAsm+rFVV6XgxRZmZuikPWj97S0b0MPRm7PPoC1+Jn+ngO5z
+3YM4PTmOw63LfHGxlNXry9BdV8NoSQWIt2UMSq6m9FNOt4TBuPFqtQSBJVZ3hRme
+oE356wFxL16O2rm60v3aG8DhKRdPR9z5xvipxm/dv69vSx3NAFqCsiE2huvLBWND
+K9zz+PEWT+Phg2U3wtadAAM0osMqoyledBiPKVcCXVGP6piV88acPG/MmNOPxve9
+SCo1GaXy0QIwL3QUyyE9QDXf
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
                     a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         1c:06:f6:58:ee:a2:4d:11:dd:ce:51:2a:ea:3c:1e:13:62:2b:
-         e2:04:6d:ca:67:2b:14:1b:de:3e:72:7b:d2:12:29:59:e9:bd:
-         3f:37:1f:9b:9c:15:84:40:10:c2:7b:1c:1f:16:2c:4e:f5:b7:
-         bb:7e:24:79:7a:e6:6b:6e:66:cf:4f:04:e5:31:b9:63:12:80:
-         89:61:fc:ae:47:b3:bd:b0:63:d8:aa:77:ba:25:53:e5:f7:ca:
-         63:d5:7f:6e:80:ed:75:c9:47:59:df:7a:82:87:2e:b8:cf:87:
-         c4:9a:0c:2f:ee:a9:a8:5a:7e:2b:55:30:e9:8b:05:f3:ab:60:
-         7f:49:bd:16:de:73:8d:8f:72:48:35:23:a1:88:88:a8:9a:01:
-         19:6c:6e:06:cf:c3:47:d9:68:0e:42:c3:84:d9:23:71:36:73:
-         c4:9d:bc:ed:f7:9b:e3:a0:8d:89:ac:ec:e7:75:22:1f:99:74:
-         5b:4c:5b:b5:25:e1:7f:02:f3:07:ae:4f:b1:0b:21:f9:17:78:
-         1a:b4:c6:8f:03:91:fb:b2:95:ff:6d:de:37:39:4a:57:c1:8c:
-         da:91:3a:4c:cc:fa:27:9a:4f:42:cb:4c:15:c7:08:34:8f:03:
-         a8:f1:2e:df:64:c5:ec:57:e1:90:77:2f:49:90:c1:23:4d:7b:
-         9e:44:fb:08
+    Signature Value:
+        75:57:f1:0c:87:8f:a2:70:3c:ce:e4:70:0e:99:6a:da:c4:80:
+        94:2c:25:0c:de:0d:7b:f3:94:f1:e8:ad:6f:d0:de:9a:9d:f5:
+        64:31:65:3f:18:e6:c3:f5:b5:1d:a2:be:5b:97:79:41:78:15:
+        1c:b3:83:de:d0:00:ea:d2:70:43:c5:60:60:07:72:e5:76:59:
+        b8:0e:2f:47:c9:8d:a4:4c:f1:20:b0:40:3b:ed:e9:de:b2:46:
+        10:90:1b:0f:96:16:e6:97:bc:d5:9a:93:aa:3c:e3:b3:6b:5f:
+        db:2c:af:2b:da:7c:36:36:aa:86:a1:65:70:c8:f1:34:d1:1f:
+        10:96:71:e6:cf:69:5c:bf:0e:15:33:97:fe:40:42:be:30:48:
+        ad:fb:d7:0e:7b:73:dd:64:30:7e:10:81:ac:3b:0b:3c:e4:12:
+        9f:31:8b:3d:f0:9b:84:dc:5b:32:33:39:de:eb:1a:17:89:d8:
+        1b:00:33:2d:50:a4:1a:2c:11:a2:60:ac:c1:9a:0f:44:90:00:
+        cf:8d:6c:af:5b:71:23:7a:a7:4f:df:f5:3f:5c:ae:93:ca:4e:
+        ec:f0:1b:f4:fa:53:7d:d9:36:af:5e:4c:54:c7:3a:d5:e3:68:
+        ca:78:e5:1f:55:44:65:eb:00:2d:c3:c8:ba:0e:1f:47:1c:67:
+        2e:a9:c1:6e
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBABwG9ljuok0R3c5RKuo8HhNiK+IEbcpnKxQb3j5ye9ISKVnpvT83H5ucFYRA
-EMJ7HB8WLE71t7t+JHl65mtuZs9PBOUxuWMSgIlh/K5Hs72wY9iqd7olU+X3ymPV
-f26A7XXJR1nfeoKHLrjPh8SaDC/uqahafitVMOmLBfOrYH9JvRbec42Pckg1I6GI
-iKiaARlsbgbPw0fZaA5Cw4TZI3E2c8SdvO33m+OgjYms7Od1Ih+ZdFtMW7Ul4X8C
-8weuT7ELIfkXeBq0xo8Dkfuylf9t3jc5SlfBjNqROkzM+ieaT0LLTBXHCDSPA6jx
-Lt9kxexX4ZB3L0mQwSNNe55E+wg=
+ggEBAHVX8QyHj6JwPM7kcA6ZatrEgJQsJQzeDXvzlPHorW/Q3pqd9WQxZT8Y5sP1
+tR2ivluXeUF4FRyzg97QAOrScEPFYGAHcuV2WbgOL0fJjaRM8SCwQDvt6d6yRhCQ
+Gw+WFuaXvNWak6o847NrX9ssryvafDY2qoahZXDI8TTRHxCWcebPaVy/DhUzl/5A
+Qr4wSK371w57c91kMH4Qgaw7CzzkEp8xiz3wm4TcWzIzOd7rGheJ2BsAMy1QpBos
+EaJgrMGaD0SQAM+NbK9bcSN6p0/f9T9crpPKTuzwG/T6U33ZNq9eTFTHOtXjaMp4
+5R9VRGXrAC3DyLoOH0ccZy6pwW4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem
index a16ca9a28..746cef7f3 100644
--- a/certs/ocsp/server3-cert.pem
+++ b/certs/ocsp/server3-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www3.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:be:19:65:1e:17:39:d4:33:fc:97:64:69:80:51:
                     fb:6c:7c:ca:e1:ba:2a:ab:d2:dd:30:61:f3:2e:47:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:02
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22222
-
     Signature Algorithm: sha256WithRSAEncryption
-         64:30:09:ad:e2:e1:ee:8d:00:a6:54:80:95:3c:89:fe:cf:40:
-         2f:28:4a:e0:54:e5:51:79:88:90:95:27:61:9a:3f:3c:a0:b3:
-         a1:9f:01:44:ad:45:a2:cf:cc:2a:10:cc:31:28:48:f4:1a:c7:
-         01:f0:e4:3f:5d:89:39:20:b0:ad:52:0c:f9:f1:d7:82:a6:fa:
-         b2:61:53:1e:97:35:63:15:58:52:fa:1d:88:09:b2:74:6e:5b:
-         76:ab:e9:07:05:e9:97:57:df:f5:73:ec:e2:07:46:f6:5f:fe:
-         03:25:0b:0b:c0:9d:6e:7a:a6:c2:b3:18:79:2f:93:a4:8c:25:
-         71:d1:d8:fe:6d:d1:4a:af:4e:8d:a4:fc:33:f0:78:18:38:3a:
-         dd:e6:1b:7c:94:68:d3:13:9f:a3:56:2c:02:d1:5d:1a:2d:ad:
-         c6:28:4e:58:5d:5f:d6:d6:7c:2c:68:c4:74:71:ab:64:92:75:
-         a7:ba:1f:77:b1:96:fa:0c:e2:81:1f:9e:17:4e:b9:da:1a:33:
-         40:33:12:74:cb:6d:28:e3:cc:0b:c1:30:58:c5:ba:65:66:a8:
-         a1:71:82:76:e7:03:43:8f:7f:03:0f:56:bb:1c:24:93:fb:34:
-         97:1f:09:71:f9:f0:1f:46:42:fb:fe:9d:68:be:25:ea:17:a8:
-         6d:4c:a1:05
+    Signature Value:
+        29:5b:96:03:71:9f:94:13:d5:26:b1:55:5e:fd:74:fa:5f:60:
+        54:cb:75:64:0d:af:4d:44:4a:7e:69:39:48:91:f2:1b:ce:2b:
+        3b:36:8a:39:f2:c4:17:31:d6:ec:ba:99:f2:c3:c6:d5:54:33:
+        85:1c:f3:6b:a0:02:2f:05:83:f9:91:a6:fe:e0:ea:2a:cb:9f:
+        85:17:ab:cb:eb:05:81:06:cd:e6:1e:7c:64:96:1b:89:37:2c:
+        eb:a3:8b:4e:51:2b:11:2a:b2:16:ed:46:cb:ab:3c:31:46:bd:
+        76:a6:d8:bf:1e:0a:8c:55:ca:92:2c:57:4f:d6:6a:92:d2:bd:
+        a5:8e:f0:20:54:a9:87:6f:59:9a:bb:2f:46:11:26:8d:03:28:
+        b6:b7:fc:c9:12:de:1a:5e:82:3b:e4:e7:02:9d:38:e3:29:c1:
+        54:3d:f9:14:02:ac:ef:79:30:39:59:f4:e2:99:3e:2b:f3:9f:
+        ed:10:f2:23:0e:4d:9a:dd:81:5e:16:e5:9c:20:94:b2:b3:90:
+        65:44:66:a8:dd:02:4b:ad:08:a2:7d:ef:b0:bf:ed:25:be:57:
+        47:45:48:a8:9c:cf:95:50:44:19:ea:ad:9f:a0:dd:12:b0:ba:
+        a2:dc:d8:a4:6e:0f:c1:17:a9:a1:83:5c:42:bb:3c:45:41:c1:
+        81:b8:0b:d8
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB
-AQBkMAmt4uHujQCmVICVPIn+z0AvKErgVOVReYiQlSdhmj88oLOhnwFErUWiz8wq
-EMwxKEj0GscB8OQ/XYk5ILCtUgz58deCpvqyYVMelzVjFVhS+h2ICbJ0blt2q+kH
-BemXV9/1c+ziB0b2X/4DJQsLwJ1ueqbCsxh5L5OkjCVx0dj+bdFKr06NpPwz8HgY
-ODrd5ht8lGjTE5+jViwC0V0aLa3GKE5YXV/W1nwsaMR0catkknWnuh93sZb6DOKB
-H54XTrnaGjNAMxJ0y20o48wLwTBYxbplZqihcYJ25wNDj38DD1a7HCST+zSXHwlx
-+fAfRkL7/p1oviXqF6htTKEF
+AQApW5YDcZ+UE9UmsVVe/XT6X2BUy3VkDa9NREp+aTlIkfIbzis7Noo58sQXMdbs
+upnyw8bVVDOFHPNroAIvBYP5kab+4Ooqy5+FF6vL6wWBBs3mHnxklhuJNyzro4tO
+USsRKrIW7UbLqzwxRr12pti/HgqMVcqSLFdP1mqS0r2ljvAgVKmHb1mauy9GESaN
+Ayi2t/zJEt4aXoI75OcCnTjjKcFUPfkUAqzveTA5WfTimT4r85/tEPIjDk2a3YFe
+FuWcIJSys5BlRGao3QJLrQiife+wv+0lvldHRUionM+VUEQZ6q2foN0SsLqi3Nik
+bg/BF6mhg1xCuzxFQcGBuAvY
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4:
                     6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         3b:38:b5:57:a7:f6:d6:b1:19:55:b8:da:47:74:cf:9a:6b:6e:
-         ff:0a:5d:06:17:33:db:db:38:e5:d1:9c:dd:c7:3e:c2:2e:87:
-         20:52:48:d0:ad:0c:12:3e:f7:66:41:64:d2:ca:b3:4c:a1:0a:
-         6c:4b:4b:33:94:74:83:2e:2d:44:5a:13:ae:da:9a:18:87:64:
-         30:cf:69:70:e8:38:47:de:55:27:06:86:9b:24:d5:b0:8f:17:
-         3b:95:87:7e:4a:45:45:2e:6d:70:27:90:32:62:a8:36:3e:47:
-         47:0f:0e:1b:93:cf:3d:3e:9b:2c:9a:ff:0c:ee:a7:1b:40:c4:
-         dc:f2:66:74:eb:d9:11:9d:60:b8:24:b4:89:c1:e4:61:20:3d:
-         38:af:45:ad:e8:ee:69:c3:96:8a:a5:c1:cd:dd:14:87:97:dc:
-         f8:32:84:a8:3b:0a:eb:61:0e:7c:4c:65:69:3d:02:92:db:c4:
-         bf:21:6f:89:fe:cc:76:df:c5:84:fb:c4:ea:1a:60:da:d0:c8:
-         27:7c:65:1b:cb:23:20:5a:e2:23:90:bd:f5:5c:0a:85:51:37:
-         84:47:a7:80:f4:e0:a0:72:8d:7a:b8:71:03:44:59:c6:cf:2c:
-         ae:df:91:a9:74:72:eb:a7:31:b2:81:65:19:e6:df:c3:4b:b7:
-         fc:9c:2c:f0
+    Signature Value:
+        1f:0a:d4:04:b7:38:42:e7:fa:85:ee:3a:f7:11:98:5a:79:d2:
+        43:8b:f0:2b:d2:fc:ad:7b:33:a0:25:a5:b5:3f:29:13:94:9c:
+        da:b6:e6:41:8c:9a:92:3b:cc:44:6e:0e:8e:8b:79:09:96:ed:
+        39:57:c4:d6:b1:7f:dd:bf:f1:26:75:89:7d:28:54:c5:e8:da:
+        12:28:02:5d:be:91:98:95:bf:ca:e8:20:d6:c6:6c:b2:af:09:
+        ab:3a:c2:c2:e5:b1:cf:ab:79:54:f1:44:de:77:e4:cb:18:f5:
+        7a:d9:5f:e9:88:cd:50:54:59:01:a0:83:1c:b2:ad:92:ea:df:
+        b1:24:84:c7:b5:17:e5:c3:b4:26:5f:24:90:da:e1:d4:ac:b8:
+        c7:e0:89:1c:56:20:aa:53:2d:51:55:0a:01:e2:4c:bc:8c:74:
+        59:9d:f5:f1:74:e7:8b:d8:71:12:01:2e:6e:4a:01:d7:fb:8d:
+        a8:2e:42:63:ab:11:57:1f:4a:1e:c0:43:3b:77:32:0d:fe:1f:
+        ec:62:47:27:a7:74:84:0a:82:3c:0f:5f:83:91:e1:78:35:88:
+        9d:e1:da:b1:00:cb:77:c7:fc:f2:a1:3d:c3:7a:de:ab:81:e4:
+        1b:ee:75:c9:b9:ea:f8:c1:5f:e6:15:6a:1f:96:ba:30:05:0f:
+        43:7c:21:b6
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBADs4tVen9taxGVW42kd0z5prbv8KXQYXM9vbOOXRnN3HPsIuhyBSSNCtDBI+
-92ZBZNLKs0yhCmxLSzOUdIMuLURaE67amhiHZDDPaXDoOEfeVScGhpsk1bCPFzuV
-h35KRUUubXAnkDJiqDY+R0cPDhuTzz0+myya/wzupxtAxNzyZnTr2RGdYLgktInB
-5GEgPTivRa3o7mnDloqlwc3dFIeX3PgyhKg7CuthDnxMZWk9ApLbxL8hb4n+zHbf
-xYT7xOoaYNrQyCd8ZRvLIyBa4iOQvfVcCoVRN4RHp4D04KByjXq4cQNEWcbPLK7f
-kal0cuunMbKBZRnm38NLt/ycLPA=
+ggEBAB8K1AS3OELn+oXuOvcRmFp50kOL8CvS/K17M6AlpbU/KROUnNq25kGMmpI7
+zERuDo6LeQmW7TlXxNaxf92/8SZ1iX0oVMXo2hIoAl2+kZiVv8roINbGbLKvCas6
+wsLlsc+reVTxRN535MsY9XrZX+mIzVBUWQGggxyyrZLq37EkhMe1F+XDtCZfJJDa
+4dSsuMfgiRxWIKpTLVFVCgHiTLyMdFmd9fF054vYcRIBLm5KAdf7jaguQmOrEVcf
+Sh7AQzt3Mg3+H+xiRyendIQKgjwPX4OR4Xg1iJ3h2rEAy3fH/PKhPcN63quB5Bvu
+dcm56vjBX+YVah+WujAFD0N8IbY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server4-cert.pem b/certs/ocsp/server4-cert.pem
index d11d065a4..47d88b8c9 100644
--- a/certs/ocsp/server4-cert.pem
+++ b/certs/ocsp/server4-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www4.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:9c:ef:8a:7e:84:4d:58:7a:b1:91:c8:cb:68:76:
                     df:fe:0a:29:fe:7f:74:35:d5:c3:fd:43:be:d7:89:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:02
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22222
-
     Signature Algorithm: sha256WithRSAEncryption
-         78:ac:f7:40:1e:05:a5:e6:46:e0:d9:f7:e6:1b:c8:d2:76:7a:
-         e3:e6:b9:5d:0a:73:47:78:4b:e0:58:e1:d7:86:8d:b0:cc:e1:
-         17:f5:88:c1:84:5a:0f:de:ab:d1:b6:ed:ce:c3:d2:e3:cd:ef:
-         50:6c:90:67:fd:c6:5c:1e:25:28:d6:1f:4e:75:67:b2:9b:16:
-         e7:74:f5:a2:a5:f6:a8:8f:da:de:20:51:c8:60:35:48:f9:0d:
-         5f:b1:45:62:a7:2d:ff:12:f9:29:6c:66:1b:80:33:30:6c:f0:
-         be:f7:22:47:a5:f9:75:e5:fb:1b:0c:fe:f5:09:31:a9:d8:7c:
-         0a:90:7e:92:48:b7:0d:11:a3:eb:39:d1:a8:fe:bd:8b:a6:81:
-         1e:38:7b:73:c7:cd:2e:c6:52:1b:68:60:2f:7d:ca:5e:32:4a:
-         ec:89:8a:50:fd:bc:81:d3:ea:8e:47:3b:8b:77:e7:d8:69:27:
-         86:25:da:24:0f:26:cc:a2:16:04:53:29:4a:55:26:3b:f5:13:
-         f2:5d:01:08:5f:9e:b9:81:48:28:3c:e7:36:6f:f9:76:07:16:
-         b9:79:b7:31:75:35:7e:c3:f0:0b:e2:0f:58:1a:3d:64:70:13:
-         2e:e1:3c:0b:70:08:69:15:bf:58:5c:ca:f3:fa:65:72:77:f7:
-         05:61:d4:d7
+    Signature Value:
+        9f:a1:9c:f1:ac:e6:40:7b:cf:56:57:fc:f8:18:89:f3:5c:3b:
+        47:e3:e6:14:85:a5:65:04:82:cd:b9:43:78:66:09:fd:8d:9f:
+        a1:92:97:ff:a3:b5:d7:ef:28:1b:93:5d:9c:a1:76:ff:b3:2e:
+        af:c5:83:f8:2f:ce:81:17:ce:25:f4:c7:7c:bb:b6:18:ac:50:
+        b6:9d:4c:e1:a6:52:89:28:50:22:ac:c6:b0:08:18:cb:c3:a4:
+        c8:e2:aa:66:5a:cf:f5:74:64:c7:a8:18:4d:99:85:5e:e0:80:
+        2f:7a:33:93:9f:76:92:89:b7:a2:1a:98:2c:90:d5:da:6c:c8:
+        28:4c:a7:1b:f9:6a:64:be:bc:f2:09:61:26:af:fc:a5:a8:4d:
+        31:ea:b2:c7:8f:b4:d7:ac:cf:fd:b0:26:72:21:59:ff:77:d3:
+        6e:04:d9:44:8c:dc:57:f3:7f:d0:a4:9d:03:62:72:ba:2c:1d:
+        84:b8:cd:21:76:1a:6a:d7:34:9f:fb:7f:e0:e6:1c:9c:cc:9a:
+        a8:2f:60:ca:38:65:c2:03:c2:8d:5e:38:e2:b4:a3:f2:81:bf:
+        b4:20:bf:1c:e3:94:b2:50:0c:9d:6d:de:eb:dc:fa:9f:71:1a:
+        05:cf:53:66:80:73:f8:d8:62:1d:f9:9e:27:ea:86:66:30:6b:
+        25:da:db:33
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 NC53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB
-AQB4rPdAHgWl5kbg2ffmG8jSdnrj5rldCnNHeEvgWOHXho2wzOEX9YjBhFoP3qvR
-tu3Ow9Ljze9QbJBn/cZcHiUo1h9OdWeymxbndPWipfaoj9reIFHIYDVI+Q1fsUVi
-py3/EvkpbGYbgDMwbPC+9yJHpfl15fsbDP71CTGp2HwKkH6SSLcNEaPrOdGo/r2L
-poEeOHtzx80uxlIbaGAvfcpeMkrsiYpQ/byB0+qORzuLd+fYaSeGJdokDybMohYE
-UylKVSY79RPyXQEIX565gUgoPOc2b/l2Bxa5ebcxdTV+w/AL4g9YGj1kcBMu4TwL
-cAhpFb9YXMrz+mVyd/cFYdTX
+AQCfoZzxrOZAe89WV/z4GInzXDtH4+YUhaVlBILNuUN4Zgn9jZ+hkpf/o7XX7ygb
+k12coXb/sy6vxYP4L86BF84l9Md8u7YYrFC2nUzhplKJKFAirMawCBjLw6TI4qpm
+Ws/1dGTHqBhNmYVe4IAvejOTn3aSibeiGpgskNXabMgoTKcb+WpkvrzyCWEmr/yl
+qE0x6rLHj7TXrM/9sCZyIVn/d9NuBNlEjNxX83/QpJ0DYnK6LB2EuM0hdhpq1zSf
++3/g5hyczJqoL2DKOGXCA8KNXjjitKPygb+0IL8c45SyUAydbd7r3PqfcRoFz1Nm
+gHP42GId+Z4n6oZmMGsl2tsz
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4:
                     6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         3b:38:b5:57:a7:f6:d6:b1:19:55:b8:da:47:74:cf:9a:6b:6e:
-         ff:0a:5d:06:17:33:db:db:38:e5:d1:9c:dd:c7:3e:c2:2e:87:
-         20:52:48:d0:ad:0c:12:3e:f7:66:41:64:d2:ca:b3:4c:a1:0a:
-         6c:4b:4b:33:94:74:83:2e:2d:44:5a:13:ae:da:9a:18:87:64:
-         30:cf:69:70:e8:38:47:de:55:27:06:86:9b:24:d5:b0:8f:17:
-         3b:95:87:7e:4a:45:45:2e:6d:70:27:90:32:62:a8:36:3e:47:
-         47:0f:0e:1b:93:cf:3d:3e:9b:2c:9a:ff:0c:ee:a7:1b:40:c4:
-         dc:f2:66:74:eb:d9:11:9d:60:b8:24:b4:89:c1:e4:61:20:3d:
-         38:af:45:ad:e8:ee:69:c3:96:8a:a5:c1:cd:dd:14:87:97:dc:
-         f8:32:84:a8:3b:0a:eb:61:0e:7c:4c:65:69:3d:02:92:db:c4:
-         bf:21:6f:89:fe:cc:76:df:c5:84:fb:c4:ea:1a:60:da:d0:c8:
-         27:7c:65:1b:cb:23:20:5a:e2:23:90:bd:f5:5c:0a:85:51:37:
-         84:47:a7:80:f4:e0:a0:72:8d:7a:b8:71:03:44:59:c6:cf:2c:
-         ae:df:91:a9:74:72:eb:a7:31:b2:81:65:19:e6:df:c3:4b:b7:
-         fc:9c:2c:f0
+    Signature Value:
+        1f:0a:d4:04:b7:38:42:e7:fa:85:ee:3a:f7:11:98:5a:79:d2:
+        43:8b:f0:2b:d2:fc:ad:7b:33:a0:25:a5:b5:3f:29:13:94:9c:
+        da:b6:e6:41:8c:9a:92:3b:cc:44:6e:0e:8e:8b:79:09:96:ed:
+        39:57:c4:d6:b1:7f:dd:bf:f1:26:75:89:7d:28:54:c5:e8:da:
+        12:28:02:5d:be:91:98:95:bf:ca:e8:20:d6:c6:6c:b2:af:09:
+        ab:3a:c2:c2:e5:b1:cf:ab:79:54:f1:44:de:77:e4:cb:18:f5:
+        7a:d9:5f:e9:88:cd:50:54:59:01:a0:83:1c:b2:ad:92:ea:df:
+        b1:24:84:c7:b5:17:e5:c3:b4:26:5f:24:90:da:e1:d4:ac:b8:
+        c7:e0:89:1c:56:20:aa:53:2d:51:55:0a:01:e2:4c:bc:8c:74:
+        59:9d:f5:f1:74:e7:8b:d8:71:12:01:2e:6e:4a:01:d7:fb:8d:
+        a8:2e:42:63:ab:11:57:1f:4a:1e:c0:43:3b:77:32:0d:fe:1f:
+        ec:62:47:27:a7:74:84:0a:82:3c:0f:5f:83:91:e1:78:35:88:
+        9d:e1:da:b1:00:cb:77:c7:fc:f2:a1:3d:c3:7a:de:ab:81:e4:
+        1b:ee:75:c9:b9:ea:f8:c1:5f:e6:15:6a:1f:96:ba:30:05:0f:
+        43:7c:21:b6
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBADs4tVen9taxGVW42kd0z5prbv8KXQYXM9vbOOXRnN3HPsIuhyBSSNCtDBI+
-92ZBZNLKs0yhCmxLSzOUdIMuLURaE67amhiHZDDPaXDoOEfeVScGhpsk1bCPFzuV
-h35KRUUubXAnkDJiqDY+R0cPDhuTzz0+myya/wzupxtAxNzyZnTr2RGdYLgktInB
-5GEgPTivRa3o7mnDloqlwc3dFIeX3PgyhKg7CuthDnxMZWk9ApLbxL8hb4n+zHbf
-xYT7xOoaYNrQyCd8ZRvLIyBa4iOQvfVcCoVRN4RHp4D04KByjXq4cQNEWcbPLK7f
-kal0cuunMbKBZRnm38NLt/ycLPA=
+ggEBAB8K1AS3OELn+oXuOvcRmFp50kOL8CvS/K17M6AlpbU/KROUnNq25kGMmpI7
+zERuDo6LeQmW7TlXxNaxf92/8SZ1iX0oVMXo2hIoAl2+kZiVv8roINbGbLKvCas6
+wsLlsc+reVTxRN535MsY9XrZX+mIzVBUWQGggxyyrZLq37EkhMe1F+XDtCZfJJDa
+4dSsuMfgiRxWIKpTLVFVCgHiTLyMdFmd9fF054vYcRIBLm5KAdf7jaguQmOrEVcf
+Sh7AQzt3Mg3+H+xiRyendIQKgjwPX4OR4Xg1iJ3h2rEAy3fH/PKhPcN63quB5Bvu
+dcm56vjBX+YVah+WujAFD0N8IbY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server5-cert.pem b/certs/ocsp/server5-cert.pem
index 0f42ba251..5ac6b8fee 100644
--- a/certs/ocsp/server5-cert.pem
+++ b/certs/ocsp/server5-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL REVOKED intermediate CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www5.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ac:73:6d:e9:fa:8c:36:72:3e:89:3b:52:29:bd:
                     14:70:a2:00:b4:08:58:b6:c6:c0:bf:80:6a:1f:a5:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:03
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22223
-
     Signature Algorithm: sha256WithRSAEncryption
-         84:bf:97:d9:fd:33:9a:1b:36:a4:48:58:45:f6:97:3b:58:4d:
-         40:ba:46:d0:7a:e3:53:40:d3:45:7f:1e:87:fd:66:bb:c0:43:
-         93:34:76:0b:68:31:e5:fb:89:15:d5:b3:59:c5:a3:f5:e7:79:
-         65:b3:1d:38:d2:cd:af:4d:7d:ea:9e:3e:ce:7e:51:90:83:b6:
-         19:2e:30:d5:0e:94:03:d2:5c:a0:d9:25:3f:8d:c2:97:67:ea:
-         4a:a6:f0:32:b3:e7:b6:bf:dc:a6:7a:5c:23:b8:46:05:52:80:
-         b1:9e:1e:53:05:a7:93:ce:2a:43:ae:f5:58:61:2d:d8:2d:77:
-         c9:50:7e:4a:47:36:04:0b:4c:23:b3:c8:f5:99:97:5c:5d:f1:
-         d9:f2:9a:5e:78:72:02:61:4f:eb:55:53:f1:bd:1c:45:75:fd:
-         7c:2e:db:41:ef:54:47:9b:9a:b9:60:fd:77:f9:9b:36:76:93:
-         ee:73:12:49:3e:bb:62:8a:3f:02:58:ba:73:16:e7:53:81:c2:
-         5c:f3:21:32:fe:60:42:dc:d5:8a:6a:9f:60:cc:1c:76:5a:e4:
-         9c:30:da:9e:32:d0:ca:d6:a5:d6:3e:28:9d:09:68:dc:6e:d9:
-         fd:54:92:5e:0d:20:4c:96:ff:f2:01:b5:72:22:cb:f1:fc:ed:
-         c7:cf:b1:54
+    Signature Value:
+        49:71:af:68:1a:f9:98:2c:8b:52:19:e0:6f:8a:f4:6d:10:34:
+        b7:6b:80:19:46:b4:06:59:33:c6:de:96:e0:fb:cd:11:7c:e8:
+        48:39:c0:4c:1d:ac:f7:d2:07:99:d1:bb:8b:77:12:01:9b:ee:
+        43:b0:ef:f9:98:02:93:62:a0:1c:7c:ac:e5:0e:29:a5:7e:fb:
+        ff:d6:56:43:1e:9c:67:29:d5:0c:d9:86:7a:94:99:80:33:a4:
+        34:cd:df:82:e4:35:59:c9:a2:68:53:4a:3d:33:40:2b:51:5b:
+        e9:70:95:93:4e:ba:f2:3f:24:36:2c:51:b6:ca:f3:ef:f4:d6:
+        46:36:8f:44:c9:88:f1:ec:93:16:43:85:66:5d:2a:0b:ce:4e:
+        1b:75:17:95:06:34:1e:a4:9f:aa:71:14:0c:18:21:f1:7d:d4:
+        ae:ad:d5:9b:ea:86:b4:80:4a:82:9d:00:0c:f8:42:6c:ee:77:
+        92:99:b7:69:e3:1e:8f:ac:73:c7:c9:63:1f:18:ae:85:04:b2:
+        9e:e9:cd:91:18:ad:54:d9:25:ab:12:7a:3e:51:05:34:7b:a4:
+        af:df:90:a1:86:39:d8:b0:98:01:61:7e:56:1e:34:26:3b:6b:
+        43:2c:73:0f:a6:f7:24:77:5f:d7:4a:9d:40:e1:2b:f5:2a:a2:
+        49:bf:aa:1c
 -----BEGIN CERTIFICATE-----
 MIIE9DCCA9ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM
 IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE
 AwwQd3d3NS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
@@ -84,12 +83,12 @@ A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l
 ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ
 aW5mb0B3b2xmc3NsLmNvbYIBAzALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk
 MCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIzMA0GCSqGSIb3DQEB
-CwUAA4IBAQCEv5fZ/TOaGzakSFhF9pc7WE1AukbQeuNTQNNFfx6H/Wa7wEOTNHYL
-aDHl+4kV1bNZxaP153llsx040s2vTX3qnj7OflGQg7YZLjDVDpQD0lyg2SU/jcKX
-Z+pKpvAys+e2v9ymelwjuEYFUoCxnh5TBaeTzipDrvVYYS3YLXfJUH5KRzYEC0wj
-s8j1mZdcXfHZ8ppeeHICYU/rVVPxvRxFdf18LttB71RHm5q5YP13+Zs2dpPucxJJ
-Prtiij8CWLpzFudTgcJc8yEy/mBC3NWKap9gzBx2WuScMNqeMtDK1qXWPiidCWjc
-btn9VJJeDSBMlv/yAbVyIsvx/O3Hz7FU
+CwUAA4IBAQBJca9oGvmYLItSGeBvivRtEDS3a4AZRrQGWTPG3pbg+80RfOhIOcBM
+Haz30geZ0buLdxIBm+5DsO/5mAKTYqAcfKzlDimlfvv/1lZDHpxnKdUM2YZ6lJmA
+M6Q0zd+C5DVZyaJoU0o9M0ArUVvpcJWTTrryPyQ2LFG2yvPv9NZGNo9EyYjx7JMW
+Q4VmXSoLzk4bdReVBjQepJ+qcRQMGCHxfdSurdWb6oa0gEqCnQAM+EJs7neSmbdp
+4x6PrHPHyWMfGK6FBLKe6c2RGK1U2SWrEno+UQU0e6Sv35ChhjnYsJgBYX5WHjQm
+O2tDLHMPpvckd1/XSp1A4Sv1KqJJv6oc
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL REVOKED intermediate CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28:
                     fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         2f:e1:b0:99:a9:71:0e:41:f8:b1:9d:38:c8:f4:3d:7c:79:ce:
-         d2:94:01:2a:b6:71:1b:4c:64:19:27:02:71:b4:43:64:42:f9:
-         2b:71:39:6e:64:4e:e8:32:b1:1e:1b:fd:7d:22:cb:8a:9c:34:
-         ce:ef:bb:dd:f2:4f:83:58:33:34:01:cb:b4:35:e2:ba:c6:cc:
-         aa:2f:ed:2e:e9:04:ec:cd:7f:06:50:b3:4e:37:cd:fe:96:69:
-         da:a3:fe:63:78:83:c5:86:7e:03:b2:11:e5:94:f8:56:e9:d1:
-         dd:5d:b4:05:4d:26:0e:09:c2:50:32:ce:6d:da:6b:b7:ee:e1:
-         1b:a9:b0:0f:59:d6:03:16:ee:47:16:2f:1f:58:f9:f8:48:d9:
-         59:ed:61:a1:af:7e:92:38:2e:40:0c:9b:e7:21:90:3b:10:6f:
-         61:ad:e0:95:57:e2:d5:39:dc:83:54:88:99:4a:5e:21:94:ce:
-         f9:0f:5e:e9:22:10:55:bb:97:f4:51:3f:50:83:ed:63:fb:ab:
-         d2:02:b3:aa:26:f7:fc:72:1c:84:e9:a0:a3:fa:b2:22:90:c8:
-         ac:61:84:2a:bd:3f:75:1f:1b:bf:83:a8:90:ce:4c:de:ee:eb:
-         65:b4:ff:f0:7a:b2:11:7a:78:60:c4:6e:da:e3:c8:a3:57:5b:
-         8f:58:e4:49
+    Signature Value:
+        9c:99:cf:4a:64:66:4f:74:91:47:3d:58:ed:c2:3a:57:d5:70:
+        70:d7:7e:63:2c:8e:06:5e:36:4b:60:92:74:3f:ca:2c:cf:43:
+        1b:b7:64:42:89:43:30:53:b2:6a:f4:ce:d8:ec:18:2d:20:4e:
+        2d:fb:2d:22:71:61:87:3a:35:dc:77:b5:bd:1e:b3:13:ae:bd:
+        71:ef:b3:21:9d:50:5f:0d:a9:52:76:9b:ea:25:be:f2:79:08:
+        49:16:9c:68:82:30:80:2d:47:ce:49:46:cc:66:95:47:c5:28:
+        89:d7:b4:b3:37:b0:14:21:34:58:c3:7b:94:91:2c:32:80:0e:
+        7e:fa:ed:07:e0:e3:52:8b:fc:73:f8:73:df:52:34:b0:63:a7:
+        02:26:5d:e9:e6:37:43:a3:f5:c3:be:5f:c4:86:6e:00:20:51:
+        7b:b6:48:85:11:f4:b3:79:4d:b7:14:20:f4:ea:c3:06:68:45:
+        1a:4f:db:09:df:30:3e:2c:89:bf:dc:4d:81:46:1c:3d:0b:b4:
+        a0:0f:79:d6:c5:1e:a8:81:fd:ff:80:b8:4b:f6:50:06:88:e9:
+        69:96:12:df:66:b8:db:46:60:f8:b4:35:f6:eb:f6:f9:a4:19:
+        d2:d6:d7:d8:c8:5f:0b:46:66:5d:3c:d3:18:17:78:b4:80:85:
+        ca:98:bd:33
 -----BEGIN CERTIFICATE-----
 MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L
 RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -177,12 +175,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp
 bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm
 MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN
-AQELBQADggEBAC/hsJmpcQ5B+LGdOMj0PXx5ztKUASq2cRtMZBknAnG0Q2RC+Stx
-OW5kTugysR4b/X0iy4qcNM7vu93yT4NYMzQBy7Q14rrGzKov7S7pBOzNfwZQs043
-zf6Wadqj/mN4g8WGfgOyEeWU+Fbp0d1dtAVNJg4JwlAyzm3aa7fu4RupsA9Z1gMW
-7kcWLx9Y+fhI2VntYaGvfpI4LkAMm+chkDsQb2Gt4JVX4tU53INUiJlKXiGUzvkP
-XukiEFW7l/RRP1CD7WP7q9ICs6om9/xyHITpoKP6siKQyKxhhCq9P3UfG7+DqJDO
-TN7u62W0//B6shF6eGDEbtrjyKNXW49Y5Ek=
+AQELBQADggEBAJyZz0pkZk90kUc9WO3COlfVcHDXfmMsjgZeNktgknQ/yizPQxu3
+ZEKJQzBTsmr0ztjsGC0gTi37LSJxYYc6Ndx3tb0esxOuvXHvsyGdUF8NqVJ2m+ol
+vvJ5CEkWnGiCMIAtR85JRsxmlUfFKInXtLM3sBQhNFjDe5SRLDKADn767Qfg41KL
+/HP4c99SNLBjpwImXenmN0Oj9cO+X8SGbgAgUXu2SIUR9LN5TbcUIPTqwwZoRRpP
+2wnfMD4sib/cTYFGHD0LtKAPedbFHqiB/f+AuEv2UAaI6WmWEt9muNtGYPi0Nfbr
+9vmkGdLW19jIXwtGZl080xgXeLSAhcqYvTM=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/test-leaf-response.der b/certs/ocsp/test-leaf-response.der
new file mode 100644
index 000000000..ec3443fa6
Binary files /dev/null and b/certs/ocsp/test-leaf-response.der differ
diff --git a/certs/ocsp/test-multi-response.der b/certs/ocsp/test-multi-response.der
index 2456e0555..48409120d 100644
Binary files a/certs/ocsp/test-multi-response.der and b/certs/ocsp/test-multi-response.der differ
diff --git a/certs/ocsp/test-response-nointern.der b/certs/ocsp/test-response-nointern.der
index 0214d02a3..bcd07c4f6 100644
Binary files a/certs/ocsp/test-response-nointern.der and b/certs/ocsp/test-response-nointern.der differ
diff --git a/certs/ocsp/test-response-rsapss.der b/certs/ocsp/test-response-rsapss.der
index 6c77e21cc..e8bb44485 100644
Binary files a/certs/ocsp/test-response-rsapss.der and b/certs/ocsp/test-response-rsapss.der differ
diff --git a/certs/ocsp/test-response.der b/certs/ocsp/test-response.der
index 6fffc3e70..ca8ef97e7 100644
Binary files a/certs/ocsp/test-response.der and b/certs/ocsp/test-response.der differ
diff --git a/certs/p521/ca-p521.der b/certs/p521/ca-p521.der
index 20d9279c5..71b54d2c9 100644
Binary files a/certs/p521/ca-p521.der and b/certs/p521/ca-p521.der differ
diff --git a/certs/p521/ca-p521.pem b/certs/p521/ca-p521.pem
index 992cdbfdf..098da260e 100644
--- a/certs/p521/ca-p521.pem
+++ b/certs/p521/ca-p521.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,27 +27,27 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Authority Key Identifier: 
-                keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
-
+                64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:88:02:42:01:7a:a6:21:f5:b6:c2:fa:e1:44:c6:03:f5:
-         54:2d:35:ef:d9:55:f6:61:45:90:48:8c:c2:3e:81:76:30:06:
-         05:c2:db:32:19:b5:df:37:44:a6:3f:33:fa:3a:c7:91:ae:0f:
-         fb:10:8b:b8:4d:41:b3:ed:c2:d2:5c:37:28:eb:d7:b7:6c:02:
-         42:01:47:23:40:e8:e2:ca:61:74:29:e0:a6:71:5b:0a:c9:45:
-         17:04:7d:5d:11:02:d7:f0:af:60:e0:4c:0a:97:96:09:2e:e0:
-         25:f8:50:d8:9c:f9:bd:17:3d:d3:50:cc:49:06:81:7e:af:fa:
-         85:b8:1f:80:c4:64:08:56:53:39:8d:2f:40
+    Signature Value:
+        30:81:87:02:42:00:dc:0c:25:e5:1b:16:51:e2:3d:7b:19:47:
+        87:83:2a:a0:a7:a7:06:39:86:42:4b:aa:e2:65:10:83:8d:1d:
+        b2:7a:d6:88:d4:a8:b4:bd:a8:f7:c7:fc:75:47:9f:bd:43:8d:
+        21:2d:fe:ee:b2:82:64:d0:c2:df:9c:6f:c9:bd:45:2d:a1:02:
+        41:3c:bf:79:6c:48:33:f8:32:e1:0c:d1:66:09:42:fb:4f:fa:
+        27:d5:bc:d3:13:67:9f:59:05:82:53:8b:86:7e:ec:4c:dc:52:
+        11:ef:6d:96:b1:91:f2:cf:3b:05:19:74:c4:f0:5e:bc:9a:17:
+        7e:03:d5:fc:d9:06:d2:74:31:bd:87:4b
 -----BEGIN CERTIFICATE-----
-MIIDITCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
+MIIDIDCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfUDUyMTESMBAGA1UECwwJUm9vdC1QNTIxMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfcDUy
 MTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
 HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwH
@@ -56,8 +56,8 @@ d29sZlNTTDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAC0YJC3k22zDaZvbGGcz
 x7L8AYaR7UNdOOAMJY2z27Hc3rchgM+H3mT0IT4tr3m99tAAS4F5+vcQqhnNQNce
 dTRTKQPtSFQh5Y+VtZtBjV/dctJao2MwYTAdBgNVHQ4EFgQUQIkdMF4MbtU9xtUl
 kNq2Qmft6YIwHwYDVR0jBBgwFoAUZKdolVMzGKIgkrxkVaarynZom8gwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYwAMIGIAkIB
-eqYh9bbC+uFExgP1VC0179lV9mFFkEiMwj6BdjAGBcLbMhm13zdEpj8z+jrHka4P
-+xCLuE1Bs+3C0lw3KOvXt2wCQgFHI0Do4sphdCngpnFbCslFFwR9XREC1/CvYOBM
-CpeWCS7gJfhQ2Jz5vRc901DMSQaBfq/6hbgfgMRkCFZTOY0vQA==
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYsAMIGHAkIA
+3Awl5RsWUeI9exlHh4MqoKenBjmGQkuq4mUQg40dsnrWiNSotL2o98f8dUefvUON
+IS3+7rKCZNDC35xvyb1FLaECQTy/eWxIM/gy4QzRZglC+0/6J9W80xNnn1kFglOL
+hn7sTNxSEe9tlrGR8s87BRl0xPBevJoXfgPV/NkG0nQxvYdL
 -----END CERTIFICATE-----
diff --git a/certs/p521/client-p521.der b/certs/p521/client-p521.der
index 2a7afad03..65994c7d5 100644
Binary files a/certs/p521/client-p521.der and b/certs/p521/client-p521.der differ
diff --git a/certs/p521/client-p521.pem b/certs/p521/client-p521.pem
index 43abb6541..ff667af94 100644
--- a/certs/p521/client-p521.pem
+++ b/certs/p521/client-p521.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            55:89:bc:f6:2c:af:36:2b:2f:5f:8c:ec:da:ed:37:60:89:d1:7f:81
+            1b:c8:e3:c8:1e:55:b1:f3:3f:1a:d6:06:8c:cf:b4:89:23:2e:7d:32
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Client-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Client-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -30,8 +30,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:20:E1:BF:57:E5:F3:C3:0C:72:84:6A:C6:DF:BC:22:D0:B7:25:E5:A4
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_p521/OU=Client-p521/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:55:89:BC:F6:2C:AF:36:2B:2F:5F:8C:EC:DA:ED:37:60:89:D1:7F:81
-
+                serial:1B:C8:E3:C8:1E:55:B1:F3:3F:1A:D6:06:8C:CF:B4:89:23:2E:7D:32
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -39,21 +38,22 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:88:02:42:01:3f:4e:19:e3:8b:f6:83:21:55:cb:49:cf:
-         bf:35:16:9c:cd:fb:5d:d8:d3:34:a2:35:ff:67:40:b6:3e:3d:
-         6e:2f:1d:01:78:7a:87:b1:ae:ad:cb:b3:8a:9a:4a:5b:a4:e2:
-         c9:6e:42:10:39:20:64:98:64:9b:2f:da:15:94:c8:51:ea:02:
-         42:00:bf:77:aa:d8:22:6b:b8:a0:9b:bf:5e:89:5d:f0:54:8e:
-         3c:08:a7:cb:28:11:c5:e1:45:17:d1:bf:d5:dc:bb:65:37:f1:
-         90:12:6c:62:d5:b5:b2:8f:73:e8:1b:ac:a8:80:03:a7:22:5d:
-         dc:1b:7d:c2:62:c4:f7:e4:ec:73:65:21:9f
+    Signature Value:
+        30:81:88:02:42:01:bc:ad:29:87:4d:cb:7e:28:2c:d6:59:9f:
+        bd:5c:bd:64:c2:5c:77:cc:af:05:31:23:c3:90:52:a9:f0:4b:
+        d0:9f:98:e0:fa:a7:9f:e3:2a:d7:a4:76:01:4a:8c:fe:56:fd:
+        71:90:ef:a4:fe:ef:db:2c:78:b9:92:83:c7:2e:68:b4:fd:02:
+        42:01:31:25:21:60:4b:bd:ca:42:a1:fa:40:33:ad:ad:5d:f9:
+        71:c0:24:23:57:0d:ca:4e:f0:9e:ba:ac:aa:15:13:e9:91:4f:
+        c9:98:28:c4:63:ea:ec:d5:92:7c:09:e1:82:2f:8e:68:18:da:
+        87:83:89:a6:ae:cb:5c:2f:81:7e:34:1f:99
 -----BEGIN CERTIFICATE-----
-MIIEVTCCA7agAwIBAgIUVYm89iyvNisvX4zs2u03YInRf4EwCgYIKoZIzj0EAwIw
+MIIEVTCCA7agAwIBAgIUG8jjyB5VsfM/GtYGjM+0iSMufTIwCgYIKoZIzj0EAwIw
 gbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjExFDASBgNVBAsMC0NsaWVudC1wNTIx
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIy
-MTkyOVoXDTI2MDkwODIyMTkyOVowgbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
+d29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIx
+MjUzMFoXDTI3MDkxNDIxMjUzMFowgbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
 b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjEx
 FDASBgNVBAsMC0NsaWVudC1wNTIxMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
 HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEB
@@ -65,11 +65,11 @@ wwxyhGrG37wi0Lcl5aQwgfIGA1UdIwSB6jCB54AUIOG/V+XzwwxyhGrG37wi0Lcl
 5aShgbikgbUwgbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
 VQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjExFDASBgNVBAsMC0Ns
 aWVudC1wNTIxMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMghRV
-ibz2LK82Ky9fjOza7TdgidF/gTAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4
+CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMghQb
+yOPIHlWx8z8a1gaMz7SJIy59MjAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4
 YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAK
-BggqhkjOPQQDAgOBjAAwgYgCQgE/Thnji/aDIVXLSc+/NRaczftd2NM0ojX/Z0C2
-Pj1uLx0BeHqHsa6ty7OKmkpbpOLJbkIQOSBkmGSbL9oVlMhR6gJCAL93qtgia7ig
-m79eiV3wVI48CKfLKBHF4UUX0b/V3LtlN/GQEmxi1bWyj3PoG6yogAOnIl3cG33C
-YsT35OxzZSGf
+BggqhkjOPQQDAgOBjAAwgYgCQgG8rSmHTct+KCzWWZ+9XL1kwlx3zK8FMSPDkFKp
+8EvQn5jg+qef4yrXpHYBSoz+Vv1xkO+k/u/bLHi5koPHLmi0/QJCATElIWBLvcpC
+ofpAM62tXflxwCQjVw3KTvCeuqyqFRPpkU/JmCjEY+rs1ZJ8CeGCL45oGNqHg4mm
+rstcL4F+NB+Z
 -----END CERTIFICATE-----
diff --git a/certs/p521/gen-p521-certs.sh b/certs/p521/gen-p521-certs.sh
index f13cd6fee..9ff0ffcd8 100755
--- a/certs/p521/gen-p521-certs.sh
+++ b/certs/p521/gen-p521-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/p521/root-p521.der b/certs/p521/root-p521.der
index a2c9eaefd..609af8a37 100644
Binary files a/certs/p521/root-p521.der and b/certs/p521/root-p521.der differ
diff --git a/certs/p521/root-p521.pem b/certs/p521/root-p521.pem
index 94c67397f..92d08155b 100644
--- a/certs/p521/root-p521.pem
+++ b/certs/p521/root-p521.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5a:b0:33:c0:79:0a:75:aa:a7:98:c9:77:e2:a0:3b:25:21:9c:19:85
+            63:fa:55:13:9f:9d:06:90:6a:76:23:3c:55:b0:95:60:c1:0c:89:08
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -28,27 +28,27 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Authority Key Identifier: 
-                keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
-
+                64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:87:02:42:00:f8:22:58:d1:cc:73:6f:28:15:7f:86:18:
-         d9:af:ed:44:51:bb:0a:6b:43:99:9d:97:b3:6e:ae:ac:61:09:
-         f5:55:6a:3c:35:fd:b5:2f:7f:d5:e2:93:10:93:99:ae:d7:75:
-         05:be:68:ca:13:b1:e5:d1:05:24:f9:5f:6a:f9:c2:7b:4a:02:
-         41:60:8b:76:dd:e0:02:de:2e:e7:ff:3b:33:f8:ef:6d:ca:31:
-         45:cb:cd:9e:73:f4:f1:26:eb:2a:6c:6c:ea:3f:81:f3:78:55:
-         5e:25:74:27:cb:57:8c:60:be:39:80:f6:e3:43:d8:80:b5:f9:
-         c5:8d:6d:c2:a8:6e:3e:67:50:5a:97:8e
+    Signature Value:
+        30:81:87:02:42:01:85:cb:28:b8:b8:e6:a1:f9:57:26:14:31:
+        33:80:0b:1e:04:9a:9a:c9:e6:b1:27:63:69:dd:a2:80:01:98:
+        8e:d7:5a:28:c4:9a:53:af:ec:4f:d7:ab:a6:34:36:d0:0c:e7:
+        4c:ee:ba:31:ba:97:d2:dd:2f:25:81:7b:71:b1:7e:71:8d:02:
+        41:05:13:c5:af:36:03:d6:6e:24:5e:fd:5b:84:6c:cf:de:ae:
+        f4:85:de:03:5a:e7:14:ba:b9:65:cc:c3:22:7e:56:58:e8:d4:
+        d1:3b:aa:45:3c:5b:78:80:77:0a:0a:a2:58:b6:cd:3e:7e:cf:
+        87:21:14:b5:ed:57:89:ba:84:ca:19:39
 -----BEGIN CERTIFICATE-----
-MIIDHDCCAn6gAwIBAgIUWrAzwHkKdaqnmMl34qA7JSGcGYUwCgYIKoZIzj0EAwIw
+MIIDHDCCAn6gAwIBAgIUY/pVE5+dBpBqdiM8VbCVYMEMiQgwCgYIKoZIzj0EAwIw
 gZcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMX1A1MjExEjAQBgNVBAsMCVJvb3QtUDUyMTEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgZcxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgZcxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUw
 EwYDVQQKDAx3b2xmU1NMX1A1MjExEjAQBgNVBAsMCVJvb3QtUDUyMTEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -57,8 +57,8 @@ UxW9X1Pvy3OpyBRsb33FfLS7jlbCQ0X7WBzGRT1/5U6AzETBBnp14WnJiqgBet8A
 RElznC9QP4OgHovRqvsIDJAFDQwXMVE+1oU7CRKC0aYIzchPalrIjI5dv9rMW5Wh
 6FopeCKyukmhhcZIinFTjYmjYzBhMB0GA1UdDgQWBBRkp2iVUzMYoiCSvGRVpqvK
 dmibyDAfBgNVHSMEGDAWgBRkp2iVUzMYoiCSvGRVpqvKdmibyDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBiwAwgYcCQgD4IljR
-zHNvKBV/hhjZr+1EUbsKa0OZnZezbq6sYQn1VWo8Nf21L3/V4pMQk5mu13UFvmjK
-E7Hl0QUk+V9q+cJ7SgJBYIt23eAC3i7n/zsz+O9tyjFFy82ec/TxJusqbGzqP4Hz
-eFVeJXQny1eMYL45gPbjQ9iAtfnFjW3CqG4+Z1Bal44=
+BTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBiwAwgYcCQgGFyyi4
+uOah+VcmFDEzgAseBJqayeaxJ2Np3aKAAZiO11ooxJpTr+xP16umNDbQDOdM7rox
+upfS3S8lgXtxsX5xjQJBBRPFrzYD1m4kXv1bhGzP3q70hd4DWucUurllzMMiflZY
+6NTRO6pFPFt4gHcKCqJYts0+fs+HIRS17VeJuoTKGTk=
 -----END CERTIFICATE-----
diff --git a/certs/p521/server-p521-cert.pem b/certs/p521/server-p521-cert.pem
index 5bc07c732..7eb1afc56 100644
--- a/certs/p521/server-p521-cert.pem
+++ b/certs/p521/server-p521-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Server-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,8 +27,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 85:86:9F:AE:73:5F:94:77:27:3B:15:15:C6:79:07:A8:42:4B:1E:F3
             X509v3 Authority Key Identifier: 
-                keyid:40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
-
+                40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -38,20 +37,21 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:87:02:41:51:c1:26:8c:3f:53:fe:7c:28:f5:3f:81:e6:
-         de:7b:ae:ad:f3:6e:be:c2:3a:88:91:f7:31:e8:24:5c:67:08:
-         7d:34:f5:54:2e:0a:50:f4:f7:9d:d5:96:19:ec:49:2c:da:a8:
-         a0:2a:08:71:cd:b7:17:1a:e3:10:b2:bf:41:8d:aa:b2:02:42:
-         01:00:b1:0d:96:19:a0:b1:76:d6:e1:a5:44:41:d4:c8:53:5a:
-         57:4a:b9:4a:a4:6a:ef:cd:97:e9:e4:4d:7c:c8:ea:37:37:61:
-         1a:ec:c7:1e:20:cd:2c:05:64:dd:54:e2:06:7b:74:af:05:0d:
-         59:5c:e9:cd:e8:a8:61:92:cb:8c:d9:f0
+    Signature Value:
+        30:81:87:02:42:01:20:fd:a4:13:5b:5d:37:f3:a5:40:2a:1e:
+        5e:35:16:1e:2d:11:2b:17:53:89:6c:b4:8f:fe:e7:6e:f6:51:
+        ef:b7:cc:85:38:3f:71:12:01:c3:a1:84:8e:32:62:24:f5:3d:
+        9a:00:86:94:97:75:0e:a1:fa:45:6a:ef:e7:17:09:e6:71:02:
+        41:7b:57:17:06:7a:3e:d0:a2:6f:32:21:d4:b4:90:d7:b4:3e:
+        da:6e:42:ce:a9:7d:b7:47:d9:ea:d2:e0:d0:dc:3d:40:d4:eb:
+        c6:2f:12:6c:ed:b6:11:4d:23:cb:49:a6:c8:cf:5f:5f:7d:82:
+        47:a2:5e:bb:0b:1f:a2:91:36:10:2a:5c
 -----BEGIN CERTIFICATE-----
 MIIDYjCCAsSgAwIBAgIBATAKBggqhkjOPQQDAjCBrjELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfcDUyMTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
 Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPy
-LGQBAQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGy
+LGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGy
 MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
 bjEVMBMGA1UECgwMd29sZlNTTF9wNTIxMRQwEgYDVQQLDAtTZXJ2ZXItcDUyMTEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -62,8 +62,8 @@ RpMf1WBjpi59jeo/4FvlyG4fp9mjWeWWJyL0AiuvW3gfE6gii+yuAX3AYROkNQoh
 o4GJMIGGMB0GA1UdDgQWBBSFhp+uc1+Udyc7FRXGeQeoQkse8zAfBgNVHSMEGDAW
 gBRAiR0wXgxu1T3G1SWQ2rZCZ+3pgjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
 AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAwCgYI
-KoZIzj0EAwIDgYsAMIGHAkFRwSaMP1P+fCj1P4Hm3nuurfNuvsI6iJH3MegkXGcI
-fTT1VC4KUPT3ndWWGexJLNqooCoIcc23FxrjELK/QY2qsgJCAQCxDZYZoLF21uGl
-REHUyFNaV0q5SqRq782X6eRNfMjqNzdhGuzHHiDNLAVk3VTiBnt0rwUNWVzpzeio
-YZLLjNnw
+KoZIzj0EAwIDgYsAMIGHAkIBIP2kE1tdN/OlQCoeXjUWHi0RKxdTiWy0j/7nbvZR
+77fMhTg/cRIBw6GEjjJiJPU9mgCGlJd1DqH6RWrv5xcJ5nECQXtXFwZ6PtCibzIh
+1LSQ17Q+2m5Czql9t0fZ6tLg0Nw9QNTrxi8SbO22EU0jy0mmyM9fX32CR6Jeuwsf
+opE2ECpc
 -----END CERTIFICATE-----
diff --git a/certs/p521/server-p521.der b/certs/p521/server-p521.der
index 784af1bb9..979f14f63 100644
Binary files a/certs/p521/server-p521.der and b/certs/p521/server-p521.der differ
diff --git a/certs/p521/server-p521.pem b/certs/p521/server-p521.pem
index 36f61e3ed..c6fda4e18 100644
--- a/certs/p521/server-p521.pem
+++ b/certs/p521/server-p521.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Server-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,8 +27,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 85:86:9F:AE:73:5F:94:77:27:3B:15:15:C6:79:07:A8:42:4B:1E:F3
             X509v3 Authority Key Identifier: 
-                keyid:40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
-
+                40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -38,20 +37,21 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:87:02:41:51:c1:26:8c:3f:53:fe:7c:28:f5:3f:81:e6:
-         de:7b:ae:ad:f3:6e:be:c2:3a:88:91:f7:31:e8:24:5c:67:08:
-         7d:34:f5:54:2e:0a:50:f4:f7:9d:d5:96:19:ec:49:2c:da:a8:
-         a0:2a:08:71:cd:b7:17:1a:e3:10:b2:bf:41:8d:aa:b2:02:42:
-         01:00:b1:0d:96:19:a0:b1:76:d6:e1:a5:44:41:d4:c8:53:5a:
-         57:4a:b9:4a:a4:6a:ef:cd:97:e9:e4:4d:7c:c8:ea:37:37:61:
-         1a:ec:c7:1e:20:cd:2c:05:64:dd:54:e2:06:7b:74:af:05:0d:
-         59:5c:e9:cd:e8:a8:61:92:cb:8c:d9:f0
+    Signature Value:
+        30:81:87:02:42:01:20:fd:a4:13:5b:5d:37:f3:a5:40:2a:1e:
+        5e:35:16:1e:2d:11:2b:17:53:89:6c:b4:8f:fe:e7:6e:f6:51:
+        ef:b7:cc:85:38:3f:71:12:01:c3:a1:84:8e:32:62:24:f5:3d:
+        9a:00:86:94:97:75:0e:a1:fa:45:6a:ef:e7:17:09:e6:71:02:
+        41:7b:57:17:06:7a:3e:d0:a2:6f:32:21:d4:b4:90:d7:b4:3e:
+        da:6e:42:ce:a9:7d:b7:47:d9:ea:d2:e0:d0:dc:3d:40:d4:eb:
+        c6:2f:12:6c:ed:b6:11:4d:23:cb:49:a6:c8:cf:5f:5f:7d:82:
+        47:a2:5e:bb:0b:1f:a2:91:36:10:2a:5c
 -----BEGIN CERTIFICATE-----
 MIIDYjCCAsSgAwIBAgIBATAKBggqhkjOPQQDAjCBrjELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfcDUyMTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
 Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPy
-LGQBAQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGy
+LGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGy
 MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
 bjEVMBMGA1UECgwMd29sZlNTTF9wNTIxMRQwEgYDVQQLDAtTZXJ2ZXItcDUyMTEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -62,10 +62,10 @@ RpMf1WBjpi59jeo/4FvlyG4fp9mjWeWWJyL0AiuvW3gfE6gii+yuAX3AYROkNQoh
 o4GJMIGGMB0GA1UdDgQWBBSFhp+uc1+Udyc7FRXGeQeoQkse8zAfBgNVHSMEGDAW
 gBRAiR0wXgxu1T3G1SWQ2rZCZ+3pgjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
 AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAwCgYI
-KoZIzj0EAwIDgYsAMIGHAkFRwSaMP1P+fCj1P4Hm3nuurfNuvsI6iJH3MegkXGcI
-fTT1VC4KUPT3ndWWGexJLNqooCoIcc23FxrjELK/QY2qsgJCAQCxDZYZoLF21uGl
-REHUyFNaV0q5SqRq782X6eRNfMjqNzdhGuzHHiDNLAVk3VTiBnt0rwUNWVzpzeio
-YZLLjNnw
+KoZIzj0EAwIDgYsAMIGHAkIBIP2kE1tdN/OlQCoeXjUWHi0RKxdTiWy0j/7nbvZR
+77fMhTg/cRIBw6GEjjJiJPU9mgCGlJd1DqH6RWrv5xcJ5nECQXtXFwZ6PtCibzIh
+1LSQ17Q+2m5Czql9t0fZ6tLg0Nw9QNTrxi8SbO22EU0jy0mmyM9fX32CR6Jeuwsf
+opE2ECpc
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -74,8 +74,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -96,27 +96,27 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Authority Key Identifier: 
-                keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
-
+                64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:88:02:42:01:7a:a6:21:f5:b6:c2:fa:e1:44:c6:03:f5:
-         54:2d:35:ef:d9:55:f6:61:45:90:48:8c:c2:3e:81:76:30:06:
-         05:c2:db:32:19:b5:df:37:44:a6:3f:33:fa:3a:c7:91:ae:0f:
-         fb:10:8b:b8:4d:41:b3:ed:c2:d2:5c:37:28:eb:d7:b7:6c:02:
-         42:01:47:23:40:e8:e2:ca:61:74:29:e0:a6:71:5b:0a:c9:45:
-         17:04:7d:5d:11:02:d7:f0:af:60:e0:4c:0a:97:96:09:2e:e0:
-         25:f8:50:d8:9c:f9:bd:17:3d:d3:50:cc:49:06:81:7e:af:fa:
-         85:b8:1f:80:c4:64:08:56:53:39:8d:2f:40
+    Signature Value:
+        30:81:87:02:42:00:dc:0c:25:e5:1b:16:51:e2:3d:7b:19:47:
+        87:83:2a:a0:a7:a7:06:39:86:42:4b:aa:e2:65:10:83:8d:1d:
+        b2:7a:d6:88:d4:a8:b4:bd:a8:f7:c7:fc:75:47:9f:bd:43:8d:
+        21:2d:fe:ee:b2:82:64:d0:c2:df:9c:6f:c9:bd:45:2d:a1:02:
+        41:3c:bf:79:6c:48:33:f8:32:e1:0c:d1:66:09:42:fb:4f:fa:
+        27:d5:bc:d3:13:67:9f:59:05:82:53:8b:86:7e:ec:4c:dc:52:
+        11:ef:6d:96:b1:91:f2:cf:3b:05:19:74:c4:f0:5e:bc:9a:17:
+        7e:03:d5:fc:d9:06:d2:74:31:bd:87:4b
 -----BEGIN CERTIFICATE-----
-MIIDITCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
+MIIDIDCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfUDUyMTESMBAGA1UECwwJUm9vdC1QNTIxMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfcDUy
 MTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
 HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwH
@@ -125,8 +125,8 @@ d29sZlNTTDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAC0YJC3k22zDaZvbGGcz
 x7L8AYaR7UNdOOAMJY2z27Hc3rchgM+H3mT0IT4tr3m99tAAS4F5+vcQqhnNQNce
 dTRTKQPtSFQh5Y+VtZtBjV/dctJao2MwYTAdBgNVHQ4EFgQUQIkdMF4MbtU9xtUl
 kNq2Qmft6YIwHwYDVR0jBBgwFoAUZKdolVMzGKIgkrxkVaarynZom8gwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYwAMIGIAkIB
-eqYh9bbC+uFExgP1VC0179lV9mFFkEiMwj6BdjAGBcLbMhm13zdEpj8z+jrHka4P
-+xCLuE1Bs+3C0lw3KOvXt2wCQgFHI0Do4sphdCngpnFbCslFFwR9XREC1/CvYOBM
-CpeWCS7gJfhQ2Jz5vRc901DMSQaBfq/6hbgfgMRkCFZTOY0vQA==
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYsAMIGHAkIA
+3Awl5RsWUeI9exlHh4MqoKenBjmGQkuq4mUQg40dsnrWiNSotL2o98f8dUefvUON
+IS3+7rKCZNDC35xvyb1FLaECQTy/eWxIM/gy4QzRZglC+0/6J9W80xNnn1kFglOL
+hn7sTNxSEe9tlrGR8s87BRl0xPBevJoXfgPV/NkG0nQxvYdL
 -----END CERTIFICATE-----
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index a25385d54..cf5154217 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # renewcerts.sh
 #
 # renews the following certs:
@@ -696,7 +696,7 @@ run_renewcerts(){
     check_result $? "Step 1"
 
     echo "Updating client-ecc-cert-rpk.der"
-    cp ecc-client-keyPub.der ./rpk/ecc-client-cert-rpk.der
+    cp ecc-client-keyPub.der ./rpk/client-ecc-cert-rpk.der
     check_result $? "Step 2"
 
     echo "Updating server-cert-rpk.der"
@@ -838,6 +838,7 @@ run_renewcerts(){
     cd ./crl || { echo "Failed to switch to dir ./crl"; exit 1; }
     echo "changed directory: cd/crl"
     echo ""
+    # has dependency on rsapss generation (rsapss should be ran first)
     ./gencrls.sh
     check_result $? "gencrls.sh"
     echo "ran ./gencrls.sh"
@@ -853,6 +854,15 @@ run_renewcerts(){
     echo ""
     openssl crl2pkcs7 -nocrl -certfile ./client-cert.pem -out test-degenerate.p7b -outform DER
     check_result $? ""
+
+    openssl smime -sign -in ./ca-cert.pem -out test-stream-sign.p7b -signer ./ca-cert.pem -nodetach -nocerts -binary -outform DER -stream -inkey ./ca-key.pem
+    check_result $? ""
+
+    echo "Creating test-stream-dec.p7b..."
+    echo ""
+    openssl cms -encrypt -in ca-cert.pem -recip client-cert.pem -out test-stream-dec.p7b -outform DER -stream
+    check_result $? ""
+
     echo "End of section"
     echo "---------------------------------------------------------------------"
 
diff --git a/certs/rid-cert.der b/certs/rid-cert.der
index 3ec3b8c03..11cfd749a 100644
Binary files a/certs/rid-cert.der and b/certs/rid-cert.der differ
diff --git a/certs/rsapss/ca-3072-rsapss.der b/certs/rsapss/ca-3072-rsapss.der
index c25d4e46b..ae86d11a8 100644
Binary files a/certs/rsapss/ca-3072-rsapss.der and b/certs/rsapss/ca-3072-rsapss.der differ
diff --git a/certs/rsapss/ca-3072-rsapss.pem b/certs/rsapss/ca-3072-rsapss.pem
index 65f0c14c7..9ebdd0041 100644
--- a/certs/rsapss/ca-3072-rsapss.pem
+++ b/certs/rsapss/ca-3072-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
                     7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
@@ -48,69 +48,68 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Authority Key Identifier: 
-                keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
-
+                AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         1f:c0:ae:b2:47:af:ec:86:67:3a:b6:8f:44:65:4a:af:29:fc:
-         17:92:a4:8f:03:6a:76:63:8d:65:4a:f6:52:23:a2:08:46:17:
-         c6:2c:87:76:2b:05:21:c1:70:2d:4d:65:ef:de:af:87:21:7e:
-         88:98:45:8b:06:8f:f8:56:4f:6a:29:f3:f4:72:5d:c3:f4:5a:
-         ee:6c:52:dc:40:72:4a:1a:4c:3b:84:b0:5a:64:cc:3a:62:c3:
-         d3:56:a9:e3:fd:4e:a2:3b:57:22:b7:f9:71:f7:5c:80:aa:4c:
-         26:ef:d5:10:e5:d9:ae:89:ff:90:82:2e:0a:ad:1c:da:a6:9c:
-         99:44:d5:fc:a0:3c:42:ad:e7:dd:8a:d0:c7:b8:d0:83:bb:4b:
-         00:e2:50:e5:81:6f:03:b8:bc:4d:d2:86:4d:8a:33:79:ca:e8:
-         a0:df:70:c1:3a:c3:55:05:f0:ac:d8:ab:55:0b:cf:44:60:b4:
-         af:03:f4:88:d9:49:81:7c:78:6a:af:5f:cd:28:e2:e1:37:f3:
-         28:b8:0e:05:5d:72:b3:b5:5b:f4:72:52:a3:7e:99:99:23:95:
-         26:17:cb:9c:66:83:21:d6:ac:f8:c8:b2:49:22:dc:32:9b:f2:
-         fc:5d:f7:fe:c0:a6:81:62:1c:43:25:2a:d3:66:37:76:db:15:
-         31:c4:6b:df:e8:70:a9:f9:96:8c:ec:94:d1:b2:fb:73:03:1b:
-         5d:7f:2b:1b:ab:47:72:ea:1b:9d:2d:43:d4:90:df:ca:c5:98:
-         9a:a2:01:6a:d3:55:1c:ad:d1:37:46:93:fe:e8:56:8c:6a:1c:
-         45:bf:cb:12:d1:aa:1c:98:08:af:f7:67:ed:41:65:3b:98:d0:
-         42:29:b0:68:ab:94:52:6e:72:e2:f4:df:8a:68:b5:1b:6d:3f:
-         35:d5:01:b8:60:eb:fe:f2:e9:33:90:db:59:5a:c4:d6:52:c6:
-         c7:1b:a8:a1:ef:64:db:96:ac:ce:fc:8d:e2:ac:75:f4:0d:bc:
-         49:36:8a:12:36:83
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        7e:3f:73:07:e2:0f:7e:e8:7c:7f:81:03:e7:e2:78:c2:f8:45:
+        27:e6:42:5a:21:35:26:17:31:aa:9e:65:05:84:47:46:cb:bd:
+        c0:30:32:a0:06:f1:a1:a7:68:89:0f:e7:a0:83:31:8f:d9:b4:
+        ad:2d:1e:82:e6:ba:bc:0c:a8:98:a6:75:97:8e:b1:bc:33:77:
+        f5:9c:f6:0b:39:f8:6f:d9:bb:35:75:80:e9:22:a4:75:cb:1a:
+        24:55:f7:96:bf:73:d2:6b:93:87:a7:c1:3c:97:75:ef:6a:9e:
+        51:12:43:60:fe:6c:46:01:ab:5a:a2:72:b5:cf:a9:47:8b:3c:
+        9d:d2:5b:c7:e1:f4:25:94:c4:3d:a3:62:10:0d:19:4e:72:66:
+        85:1e:7b:24:a6:93:46:be:5e:a6:f4:c9:52:4d:dd:2d:d4:15:
+        ef:f7:cb:75:90:2b:ba:6f:7d:84:90:26:f6:5a:92:e9:d0:b0:
+        c6:05:2e:10:d5:b5:12:da:cb:92:ed:6f:12:27:3a:cd:08:94:
+        f0:52:9b:08:52:47:77:e2:de:ce:51:20:6f:e7:b3:1a:21:ea:
+        2f:d5:8c:10:15:9c:e4:61:74:d4:c3:8f:4e:47:df:a2:3c:60:
+        da:61:60:a8:67:2b:40:30:4e:a3:5f:7b:f6:3d:7e:5f:0d:ce:
+        c8:2b:de:17:b0:dd:a9:9c:3d:b7:dc:7f:60:b9:4e:4a:24:cf:
+        75:b1:d3:ce:83:5e:6d:f3:28:78:fd:6e:3f:f5:69:50:08:57:
+        58:76:98:d6:86:ce:2d:42:0b:66:60:7f:fa:20:0d:4e:d6:0d:
+        ed:9a:2d:95:3e:d0:df:72:53:56:1e:d5:f5:60:ab:d9:eb:f1:
+        f3:76:9b:4f:04:13:5a:92:6c:af:93:23:cb:87:ec:ad:ef:f5:
+        e5:df:0c:e5:14:70:a9:ca:43:f9:aa:83:4f:bf:aa:de:21:75:
+        3f:70:6e:7b:fe:2e:ba:72:7e:3b:e2:88:70:b4:17:5a:bd:38:
+        f3:37:f0:f7:1d:99
 -----BEGIN CERTIFICATE-----
-MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
-b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
+MIIFlzCCA8qgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGdMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
+CgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290LVJTQS1QU1MxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
-MB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
-ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
-U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
-pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
-h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
-FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
-awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
-+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
-KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
-LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
-VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
-BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQAfwK6yR6/shmc6to9E
-ZUqvKfwXkqSPA2p2Y41lSvZSI6IIRhfGLId2KwUhwXAtTWXv3q+HIX6ImEWLBo/4
-Vk9qKfP0cl3D9FrubFLcQHJKGkw7hLBaZMw6YsPTVqnj/U6iO1cit/lx91yAqkwm
-79UQ5dmuif+Qgi4KrRzappyZRNX8oDxCrefditDHuNCDu0sA4lDlgW8DuLxN0oZN
-ijN5yuig33DBOsNVBfCs2KtVC89EYLSvA/SI2UmBfHhqr1/NKOLhN/MouA4FXXKz
-tVv0clKjfpmZI5UmF8ucZoMh1qz4yLJJItwym/L8Xff+wKaBYhxDJSrTZjd22xUx
-xGvf6HCp+ZaM7JTRsvtzAxtdfysbq0dy6hudLUPUkN/KxZiaogFq01UcrdE3RpP+
-6FaMahxFv8sS0aocmAiv92ftQWU7mNBCKbBoq5RSbnLi9N+KaLUbbT811QG4YOv+
-8ukzkNtZWsTWUsbHG6ih72TblqzO/I3irHX0DbxJNooSNoM=
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCCAaAwCwYJKoZIhvcNAQEKA4IBjwAw
+ggGKAoIBgQDIKkDI6658GDPLOFHmt3sRT83qNYdk2bLKz0shxIYqx6NvFT4exJsD
+gUs6XVNiEeII35dNNz14YlBAMSpwRBptaUn8d7jyQgmGml05zYR7Moo7sE+/PdQF
+fsCqKKXOsSg6WdkZEDrUH5EHB3NQpCvYGB8i+PRkPxOg2GB+U0w7l3C8NuW+MZdF
+Ve2iW4e1G45lPbcVCNESGqrsTlY1cKc+UGX3PjCcMtuyJHuHAiknEjWtjsMCIhPC
+blNF8BYhgeXVtZFgi9dcu8JwBvZQQUU2f0FEibaXI75213xyf+r0GRAXw9+PzZcg
+BMsdA2sJj9d7hH0ixeIQy8wRqqH1ZoUONVqMw4lhKdBcUy8JS5F+zuAS087ryVA8
+NvCmtPu1wt5hoKxvvH7vUwifsRitW+MBI94RpR991bb0ch1TdWaM22Ee6es880lp
+grYgaykDob5V5Ez4Jaeoo+M/Mh+upyqba1bdyVqxGgGgE9KOmizbfv1bDi7vkmnO
+8t7v0C8JDmcCAwEAAaNjMGEwHQYDVR0OBBYEFPhCzIjJyBj507AkZQZM/1Wrvw5/
+MB8GA1UdIwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgGGMEIGCSqGSIb3DQEBCjA1oA8wDQYJYIZIAWUDBAIC
+BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiBAICAU4DggGBAH4/cwfi
+D37ofH+BA+fieML4RSfmQlohNSYXMaqeZQWER0bLvcAwMqAG8aGnaIkP56CDMY/Z
+tK0tHoLmurwMqJimdZeOsbwzd/Wc9gs5+G/ZuzV1gOkipHXLGiRV95a/c9Jrk4en
+wTyXde9qnlESQ2D+bEYBq1qicrXPqUeLPJ3SW8fh9CWUxD2jYhANGU5yZoUeeySm
+k0a+Xqb0yVJN3S3UFe/3y3WQK7pvfYSQJvZakunQsMYFLhDVtRLay5LtbxInOs0I
+lPBSmwhSR3fi3s5RIG/nsxoh6i/VjBAVnORhdNTDj05H36I8YNphYKhnK0AwTqNf
+e/Y9fl8Nzsgr3hew3amcPbfcf2C5Tkokz3Wx086DXm3zKHj9bj/1aVAIV1h2mNaG
+zi1CC2Zgf/ogDU7WDe2aLZU+0N9yU1Ye1fVgq9nr8fN2m08EE1qSbK+TI8uH7K3v
+9eXfDOUUcKnKQ/mqg0+/qt4hdT9wbnv+LrpyfjviiHC0F1q9OPM38PcdmQ==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/ca-rsapss.der b/certs/rsapss/ca-rsapss.der
index 97738da64..780220725 100644
Binary files a/certs/rsapss/ca-rsapss.der and b/certs/rsapss/ca-rsapss.der differ
diff --git a/certs/rsapss/ca-rsapss.pem b/certs/rsapss/ca-rsapss.pem
index 1a69b8c9e..50d29547e 100644
--- a/certs/rsapss/ca-rsapss.pem
+++ b/certs/rsapss/ca-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
                     bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
@@ -36,66 +36,65 @@ Certificate:
                     cc:1d
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Authority Key Identifier: 
-                keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
-
+                64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         6c:79:0e:40:30:74:f6:02:08:61:df:c0:89:25:10:30:ea:e4:
-         e9:14:c8:c6:47:01:55:a4:f2:ed:ee:3f:55:da:62:39:04:cb:
-         3d:a1:78:56:76:30:fd:14:ea:b3:d8:21:99:c6:ca:ed:9f:18:
-         7d:15:4d:d2:cf:db:c3:a1:b4:56:0d:04:b1:72:9c:68:81:1f:
-         01:02:b8:8f:d6:d8:ed:47:3a:72:f2:e0:a5:9b:7b:50:75:00:
-         a4:ab:23:62:48:1f:bc:f4:50:86:ef:06:b3:f8:8b:6e:e0:39:
-         d1:8c:3b:8f:1f:ef:c5:ff:8c:2d:b2:1b:5d:82:32:b1:81:92:
-         02:7c:c9:ad:16:86:63:6c:95:41:ed:80:70:96:41:13:11:03:
-         9a:c1:41:d4:ca:e0:fd:7f:2d:d9:5b:60:d6:42:fe:aa:ac:73:
-         4e:6d:26:67:03:ec:53:e9:97:2f:73:3a:f5:c4:ba:cf:dc:db:
-         6c:f0:79:80:b1:52:f4:bf:12:c9:a7:ce:b1:2f:8d:6a:6a:a8:
-         9e:27:e9:d1:55:26:6b:20:8c:1f:90:57:6d:5e:dc:9e:ca:4c:
-         76:fc:35:76:dc:5a:06:90:50:88:7e:ad:9f:58:e3:39:10:e3:
-         64:19:9f:ea:fb:86:04:84:79:d6:20:ac:c8:45:8b:03:8c:eb:
-         b6:d4:e7:e4
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        78:31:94:fd:94:b9:31:68:97:cc:3b:60:8e:1b:4b:0b:c6:1b:
+        d4:64:d9:dd:ef:81:f2:fd:a0:18:a5:f4:92:47:07:84:55:f7:
+        f0:1d:25:45:15:cb:df:df:9c:d2:5a:db:f2:e9:1a:8e:98:5b:
+        7c:73:ea:13:3d:02:c2:89:06:50:3e:dd:4e:79:3a:86:1d:cc:
+        7c:04:09:d7:ed:53:86:d7:8a:2a:11:0a:84:14:da:47:d4:92:
+        0a:7f:e7:86:b9:08:a7:7c:da:e4:97:d7:04:25:22:98:0e:e7:
+        72:05:39:ac:57:18:22:76:26:13:8b:29:4d:b8:38:a4:17:8b:
+        fb:2e:bf:61:7a:34:94:09:f0:3f:1d:4a:61:75:ab:b8:31:42:
+        37:b2:47:a0:d9:cf:23:9f:da:61:e2:bf:39:dd:0d:e4:bf:b9:
+        ba:7d:22:ca:f0:53:ad:71:95:4f:1c:05:86:b9:30:63:b9:80:
+        20:0e:e3:4d:32:e0:e8:33:3e:64:27:f5:ae:f5:07:f1:a8:68:
+        3a:49:12:e5:b0:38:bc:d1:96:d2:de:60:02:eb:79:ca:2c:e8:
+        f2:39:09:91:6b:9a:a2:13:b9:01:c5:7f:36:dc:a3:e7:86:b4:
+        72:23:a7:38:26:2b:9a:6e:3c:99:69:f1:8e:cc:68:10:14:50:
+        a2:e9:2b:b1
 -----BEGIN CERTIFICATE-----
-MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
-bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
-d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
-AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
-AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
-4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
-F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
-Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
-4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
-pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
-8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
-MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
-AQEAbHkOQDB09gIIYd/AiSUQMOrk6RTIxkcBVaTy7e4/VdpiOQTLPaF4VnYw/RTq
-s9ghmcbK7Z8YfRVN0s/bw6G0Vg0EsXKcaIEfAQK4j9bY7Uc6cvLgpZt7UHUApKsj
-YkgfvPRQhu8Gs/iLbuA50Yw7jx/vxf+MLbIbXYIysYGSAnzJrRaGY2yVQe2AcJZB
-ExEDmsFB1Mrg/X8t2Vtg1kL+qqxzTm0mZwPsU+mXL3M69cS6z9zbbPB5gLFS9L8S
-yafOsS+Namqonifp0VUmayCMH5BXbV7cnspMdvw1dtxaBpBQiH6tn1jjORDjZBmf
-6vuGBIR51iCsyEWLA4zrttTn5A==
+MIIEyzCCA3+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgZ0xCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQK
+DA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBVjBBBgkqhkiG9w0BAQowNKAPMA0G
+CWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAD
+ggEPADCCAQoCggEBANYOx1BNKfWootQpW1jyvC0n3ohJGoQZK4SNlNF4EtZ7FNjS
+giSVq/5PVfvgVfw5N3tBgLSYb3/Ftz43+F8dLxIxiPmLOwCF5jalFz+apL5I/3o2
+Iiwj1J9bUtEX0cHyaRnYMsX3eeyDGYfjE6BDXrHpA+20CM17FGgPJU+Q8ASnuwiJ
+CNx2TnBJBEFNv7d/d3lq72hLYpeOM5EyKuNjFUf2YaQm2wIEtlfAp/Cq7CBykcMy
+q5h/hMboX9bgGtIkscdQu3OH3irD4sRgMrjkWlu15CmMiyhruxrcPP65756JKGC6
+pEBm1bvgYn+nK+EPOOYz6rIQDhTIP4ef/4sozB0CAwEAAaNjMGEwHQYDVR0OBBYE
+FJ4M4NPftkvzGWNcymyThqIUU5ExMB8GA1UdIwQYMBaAFGTV7IKHgN5a7UmY2AxU
+fUaepTzWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMEEGCSqGSIb3
+DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUD
+BAIBBQCiAwIBIAOCAQEAeDGU/ZS5MWiXzDtgjhtLC8Yb1GTZ3e+B8v2gGKX0kkcH
+hFX38B0lRRXL39+c0lrb8ukajphbfHPqEz0CwokGUD7dTnk6hh3MfAQJ1+1ThteK
+KhEKhBTaR9SSCn/nhrkIp3za5JfXBCUimA7ncgU5rFcYInYmE4spTbg4pBeL+y6/
+YXo0lAnwPx1KYXWruDFCN7JHoNnPI5/aYeK/Od0N5L+5un0iyvBTrXGVTxwFhrkw
+Y7mAIA7jTTLg6DM+ZCf1rvUH8ahoOkkS5bA4vNGW0t5gAut5yizo8jkJkWuaohO5
+AcV/Ntyj54a0ciOnOCYrmm48mWnxjsxoEBRQoukrsQ==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/client-3072-rsapss.der b/certs/rsapss/client-3072-rsapss.der
index 5f04bf3ee..2efdec23e 100644
Binary files a/certs/rsapss/client-3072-rsapss.der and b/certs/rsapss/client-3072-rsapss.der differ
diff --git a/certs/rsapss/client-3072-rsapss.pem b/certs/rsapss/client-3072-rsapss.pem
index 0de6bc885..56f0caff6 100644
--- a/certs/rsapss/client-3072-rsapss.pem
+++ b/certs/rsapss/client-3072-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            06:54:4f:66:0b:e2:32:6e:09:ab:a6:90:84:b3:1a:59:79:89:1a:9a
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+            17:02:5c:f5:8c:08:e0:6b:d9:3d:14:8f:e9:32:2e:32:b7:d0:d1:2b
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:bb:06:28:e4:7f:c9:41:76:be:26:c6:a9:ba:08:
                     e6:35:9c:33:a0:3c:5b:ab:95:23:d7:6b:61:d3:2e:
@@ -51,78 +51,77 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:8C:01:9F:4E:11:24:28:BF:3E:EA:82:EA:54:2A:C9:0F:F5:E4:C5:47
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:06:54:4F:66:0B:E2:32:6E:09:AB:A6:90:84:B3:1A:59:79:89:1A:9A
-
+                serial:17:02:5C:F5:8C:08:E0:6B:D9:3D:14:8F:E9:32:2E:32:B7:D0:D1:2B
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
                 DNS:example.com, IP Address:127.0.0.1
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         0b:90:18:ff:19:9d:5e:bc:34:de:1f:90:e8:27:89:1e:61:84:
-         79:84:e1:e7:b5:df:dc:b8:68:6b:59:02:33:b0:c8:0c:a7:31:
-         e3:95:b6:09:41:6b:e0:63:93:f5:9f:53:17:04:6d:08:e7:fe:
-         38:9e:27:82:29:55:46:f7:7a:65:61:7d:1e:8f:8c:35:70:8a:
-         2a:94:dc:62:c5:db:16:b8:bf:67:9c:f7:e1:09:fc:08:d7:95:
-         ae:9d:9c:27:f4:7c:71:37:62:c8:09:0b:b6:06:56:37:ff:fa:
-         fc:ba:c2:25:65:e5:c2:01:b4:37:8a:f5:1e:d6:d7:56:f6:df:
-         77:fa:99:26:16:61:8b:b2:f6:5f:de:cc:46:97:80:e8:55:36:
-         79:9a:c7:01:36:7b:73:3a:cc:ae:05:00:a1:91:2d:fb:57:0a:
-         72:e8:70:ab:4d:82:df:8d:5a:c5:67:fb:17:06:d9:a1:c4:66:
-         29:c6:58:d4:81:b9:89:d3:d1:8e:97:61:59:3a:be:4d:18:3a:
-         21:cf:94:0e:c7:20:30:35:a6:ed:a9:a1:de:bd:b7:ee:02:5f:
-         af:b0:8c:2e:57:15:7b:87:fd:d9:77:18:63:cc:d1:95:98:e2:
-         bd:d2:f4:15:38:98:13:dc:f1:ae:37:35:9e:1b:74:23:a3:20:
-         2a:3e:6a:d0:67:67:79:65:c0:6b:e3:08:66:8f:79:c6:1c:68:
-         68:b5:c4:f5:ec:8e:bc:c3:0b:73:6d:8b:61:33:17:90:f0:cb:
-         69:1c:2e:42:f1:c3:a0:4a:0d:8b:79:94:8e:40:97:c6:c0:4e:
-         f1:95:42:12:d9:ad:84:d5:9c:7b:52:4a:a9:e5:82:8f:5c:9f:
-         d4:c8:0e:14:0a:c2:27:33:57:1e:d9:60:5a:e6:2a:83:bb:91:
-         01:85:a0:14:b8:e4:bf:4a:43:7d:4f:40:36:d9:24:8b:a7:f3:
-         7c:a9:b1:cf:f0:ba:6b:d0:73:0a:aa:47:13:06:8f:ad:df:26:
-         0d:47:07:27:27:8f
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        19:1f:82:de:2e:f8:7c:ea:fa:2f:a4:9d:1c:31:46:2b:89:fb:
+        b5:b8:e3:91:4a:0f:33:e6:f8:4d:a4:f3:83:a1:25:97:8b:49:
+        a6:28:8f:6a:41:53:be:fc:ac:f2:08:72:d5:74:51:3f:36:af:
+        73:f7:66:55:de:e6:68:96:a9:d1:20:55:d5:f5:25:b5:8e:c7:
+        d5:73:e4:90:2c:7d:f3:d3:5b:a3:cf:43:37:ea:30:56:a2:7d:
+        f4:e6:5a:d7:92:a3:b9:8e:46:09:e1:cc:eb:73:2e:3d:d1:1d:
+        ef:7c:64:54:0a:6d:f3:3f:1f:77:d1:1f:a6:66:31:dd:28:bf:
+        61:25:81:05:18:ab:8a:87:5a:d6:68:bf:f4:a1:44:e4:01:8e:
+        84:66:cb:d8:cc:b8:b7:b3:50:fb:02:37:02:00:04:19:f5:80:
+        72:2f:f4:9f:e9:30:b9:0d:62:fb:56:5e:d9:ec:47:f3:ee:12:
+        31:9b:eb:a9:d1:2d:7d:40:31:3a:a0:ce:c7:84:c8:3d:3e:9a:
+        a2:9b:22:5e:80:86:96:48:71:17:5e:ca:d2:95:3e:c6:cc:12:
+        aa:16:ca:a7:e8:87:52:ea:e9:b0:6c:4c:c9:0b:26:7e:6c:8b:
+        82:dc:09:5c:82:05:96:0f:99:82:07:58:e5:f0:85:10:c7:57:
+        c6:e7:ad:49:fd:8d:5d:6b:48:92:4f:50:e4:d4:31:ef:f3:8b:
+        9b:15:e0:de:5e:d3:0c:3f:96:19:3c:2f:f2:93:e8:03:0b:dd:
+        a6:4d:0a:b5:fd:5c:af:df:4e:bc:e6:fc:90:8b:7a:31:9b:69:
+        00:bc:11:02:49:4b:bb:2f:4d:d9:74:6f:4c:5a:0c:b7:54:e9:
+        cd:97:50:7f:01:d4:16:8e:c7:8f:26:62:b5:6b:33:ef:b8:02:
+        5b:39:00:4e:63:a7:47:11:4a:ed:43:de:d0:73:ed:92:fc:2e:
+        6c:a4:80:56:c9:52:c2:05:0b:07:fe:63:f2:a0:68:4d:9c:b5:
+        6e:1b:6e:df:b3:ee
 -----BEGIN CERTIFICATE-----
-MIIGxTCCBPygAwIBAgIUBlRPZgviMm4Jq6aQhLMaWXmJGpowPgYJKoZIhvcNAQEK
-MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
-AgFOMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVu
-dC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwHhcN
-MjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCBtjELMAkGA1UEBhMCVVMxEDAO
-BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZT
-U0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
-ggGBALsGKOR/yUF2vibGqboI5jWcM6A8W6uVI9drYdMui43tHNlXrhpp4s5liC5l
-D8vxecssRpY+P1tZ5be1sTx8JuRWIVFdBHnZf1xxVOkemcH3vmwPe+9GjUAOo2vO
-mJtsDW3TJJ2e6GglnEZgkjdicyF3Gr1c8BFt7rlvso42VD7hcms2yYhIhhhs+Nex
-4OTXDCoVzJIzhL1xGgdwqgMk4c7CKLjjg/+6GVC3riL9++twcLAtF6A+qoVQQ2Ik
-XQBRuBH62MYGQAe9SrBCcFLPF5WxU/xojRO+oA7ES8sXcs3NCy7/ZkJQzHZ9cE59
-Yxbl2uH7mWwdBmyr7tM2Tsc0X/fQHlD9/kE5KVzhx7/EUDZ1ijZNCWrKKswatw2L
-Fm1IBzlh9cgHWpy/0qXxOTt+v2Ixk7opWskJ1wAwPtgYjJ6nKHVJqok03loUKV38
-RwWraoQPVyxkqzuYs9ZIutvxA9Ag95/vfVJQKONI7Sk+/v+Go2Q9fymio5NS5WrD
-qRNEzwIDAQABo4IBZzCCAWMwHQYDVR0OBBYEFIwBn04RJCi/PuqC6lQqyQ/15MVH
-MIH2BgNVHSMEge4wgeuAFIwBn04RJCi/PuqC6lQqyQ/15MVHoYG8pIG5MIG2MQsw
-CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEX
-MBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1Mx
-GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0yCFAZUT2YL4jJuCaum
-kISzGll5iRqaMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22H
-BH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GCSqGSIb3DQEB
-CjAxoA0wCwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIE
-AgIBTgOCAYEAC5AY/xmdXrw03h+Q6CeJHmGEeYTh57Xf3Lhoa1kCM7DIDKcx45W2
-CUFr4GOT9Z9TFwRtCOf+OJ4ngilVRvd6ZWF9Ho+MNXCKKpTcYsXbFri/Z5z34Qn8
-CNeVrp2cJ/R8cTdiyAkLtgZWN//6/LrCJWXlwgG0N4r1HtbXVvbfd/qZJhZhi7L2
-X97MRpeA6FU2eZrHATZ7czrMrgUAoZEt+1cKcuhwq02C341axWf7FwbZocRmKcZY
-1IG5idPRjpdhWTq+TRg6Ic+UDscgMDWm7amh3r237gJfr7CMLlcVe4f92XcYY8zR
-lZjivdL0FTiYE9zxrjc1nht0I6MgKj5q0GdneWXAa+MIZo95xhxoaLXE9eyOvMML
-c22LYTMXkPDLaRwuQvHDoEoNi3mUjkCXxsBO8ZVCEtmthNWce1JKqeWCj1yf1MgO
-FArCJzNXHtlgWuYqg7uRAYWgFLjkv0pDfU9ANtkki6fzfKmxz/C6a9BzCqpHEwaP
-rd8mDUcHJyeP
+MIIGzTCCBQCgAwIBAgIUFwJc9YwI4GvZPRSP6TIuMrfQ0SswQgYJKoZIhvcNAQEK
+MDWgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIF
+AKIEAgIBTjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNV
+BAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1D
+bGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NM
+MB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbYxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
+b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNQ2xpZW50LVJTQVBTUzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCCAaAwCwYJKoZIhvcNAQEKA4IBjwAw
+ggGKAoIBgQC7Bijkf8lBdr4mxqm6COY1nDOgPFurlSPXa2HTLouN7RzZV64aaeLO
+ZYguZQ/L8XnLLEaWPj9bWeW3tbE8fCbkViFRXQR52X9ccVTpHpnB975sD3vvRo1A
+DqNrzpibbA1t0ySdnuhoJZxGYJI3YnMhdxq9XPARbe65b7KONlQ+4XJrNsmISIYY
+bPjXseDk1wwqFcySM4S9cRoHcKoDJOHOwii444P/uhlQt64i/fvrcHCwLRegPqqF
+UENiJF0AUbgR+tjGBkAHvUqwQnBSzxeVsVP8aI0TvqAOxEvLF3LNzQsu/2ZCUMx2
+fXBOfWMW5drh+5lsHQZsq+7TNk7HNF/30B5Q/f5BOSlc4ce/xFA2dYo2TQlqyirM
+GrcNixZtSAc5YfXIB1qcv9Kl8Tk7fr9iMZO6KVrJCdcAMD7YGIyepyh1SaqJNN5a
+FCld/EcFq2qED1csZKs7mLPWSLrb8QPQIPef731SUCjjSO0pPv7/hqNkPX8poqOT
+UuVqw6kTRM8CAwEAAaOCAWcwggFjMB0GA1UdDgQWBBSMAZ9OESQovz7qgupUKskP
+9eTFRzCB9gYDVR0jBIHuMIHrgBSMAZ9OESQovz7qgupUKskP9eTFR6GBvKSBuTCB
+tjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
+YW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNB
+UFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMghQXAlz1jAjg
+a9k9FI/pMi4yt9DRKzAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
+Y29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBCBgkqhkiG
+9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFl
+AwQCAgUAogQCAgFOA4IBgQAZH4LeLvh86vovpJ0cMUYrifu1uOORSg8z5vhNpPOD
+oSWXi0mmKI9qQVO+/KzyCHLVdFE/Nq9z92ZV3uZolqnRIFXV9SW1jsfVc+SQLH3z
+01ujz0M36jBWon305lrXkqO5jkYJ4czrcy490R3vfGRUCm3zPx930R+mZjHdKL9h
+JYEFGKuKh1rWaL/0oUTkAY6EZsvYzLi3s1D7AjcCAAQZ9YByL/Sf6TC5DWL7Vl7Z
+7Efz7hIxm+up0S19QDE6oM7HhMg9PpqimyJegIaWSHEXXsrSlT7GzBKqFsqn6IdS
+6umwbEzJCyZ+bIuC3AlcggWWD5mCB1jl8IUQx1fG561J/Y1da0iST1Dk1DHv84ub
+FeDeXtMMP5YZPC/yk+gDC92mTQq1/Vyv30685vyQi3oxm2kAvBECSUu7L03ZdG9M
+Wgy3VOnNl1B/AdQWjsePJmK1azPvuAJbOQBOY6dHEUrtQ97Qc+2S/C5spIBWyVLC
+BQsH/mPyoGhNnLVuG27fs+4=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/client-rsapss.der b/certs/rsapss/client-rsapss.der
index 56a5cc87e..898826a23 100644
Binary files a/certs/rsapss/client-rsapss.der and b/certs/rsapss/client-rsapss.der differ
diff --git a/certs/rsapss/client-rsapss.pem b/certs/rsapss/client-rsapss.pem
index a2e0d319c..c21443fd4 100644
--- a/certs/rsapss/client-rsapss.pem
+++ b/certs/rsapss/client-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            66:c1:2c:85:1b:16:4c:37:fa:23:50:5c:f1:4b:99:11:2f:2c:ea:e0
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+            10:71:71:77:7a:99:10:aa:85:48:43:9f:0c:be:07:89:8a:3d:b3:ea
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c6:87:be:60:87:43:7d:c4:ac:e4:fa:3c:12:1d:
                     c7:cf:ea:5c:c4:93:72:e2:0d:37:47:33:3d:e0:a5:
@@ -37,76 +37,76 @@ Certificate:
                     e1:e7
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
             X509v3 Authority Key Identifier: 
                 keyid:59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:66:C1:2C:85:1B:16:4C:37:FA:23:50:5C:F1:4B:99:11:2F:2C:EA:E0
-
+                serial:10:71:71:77:7A:99:10:AA:85:48:43:9F:0C:BE:07:89:8A:3D:B3:EA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
                 DNS:example.com, IP Address:127.0.0.1
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         b0:79:5c:92:53:67:6c:04:98:74:61:9e:10:7d:17:59:0e:a6:
-         41:0b:84:df:a7:8a:2e:5e:c5:5b:2a:f9:1f:bc:34:36:94:d5:
-         d4:cf:fd:91:b6:7c:ee:db:07:21:12:ef:d1:06:ba:99:d1:4c:
-         e7:c5:db:96:00:dc:87:a7:40:54:0d:6a:a1:2e:31:34:59:bd:
-         02:78:40:85:cb:ea:fc:8c:bc:d6:1a:89:c9:3a:5c:06:c0:b2:
-         e6:cc:d2:ba:99:8a:62:81:f0:54:b6:18:56:91:2e:62:e4:16:
-         83:30:68:70:1b:bd:18:49:a0:14:a1:8d:10:b5:67:22:09:7d:
-         c1:f5:52:cd:9e:7b:bb:9d:64:78:fe:e9:f4:b7:9c:91:23:d5:
-         eb:73:f6:64:f8:b2:ec:be:90:da:e1:f0:6e:71:e4:ec:19:91:
-         3d:c4:e2:d9:f8:24:0c:93:47:16:57:03:67:1f:81:ac:d3:fb:
-         0c:04:d8:20:e1:74:0d:7c:20:99:dd:c5:dc:fd:eb:1e:49:5d:
-         1a:e6:7b:fc:77:b0:66:08:7c:c3:9b:9a:77:b6:b9:f7:8c:65:
-         21:0c:e8:12:f7:93:a1:c7:2d:03:0e:91:e4:f9:98:68:47:d2:
-         5d:c4:53:e7:96:02:76:75:63:f0:d0:67:ca:77:75:bc:1a:87:
-         d3:94:99:b1
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        c5:28:ca:e1:d5:b6:c2:b7:6e:bf:41:9b:6e:09:0f:04:70:7b:
+        fc:12:ec:12:45:7b:93:c2:7b:2c:e7:f4:bd:ae:2b:72:0e:3e:
+        82:a4:c5:e9:80:75:ad:df:86:2e:44:22:5a:0d:ae:79:d8:d2:
+        14:bc:1d:d5:73:55:29:55:6a:33:ae:1e:4a:6e:3f:59:11:a2:
+        9f:61:1f:af:46:8f:ee:0e:5e:e2:c4:cf:48:4a:f2:04:b8:2a:
+        04:eb:1d:3d:7b:e2:34:a7:67:8d:57:ea:59:1a:8d:e0:22:53:
+        83:7a:98:63:8d:93:e5:31:e5:8b:26:2a:56:8b:fc:57:ff:6f:
+        bb:f5:92:a4:0c:f3:f6:0d:25:8d:e6:a2:be:86:91:fa:63:0c:
+        c4:08:58:59:8d:44:bc:0c:a3:2c:20:07:68:43:66:dc:86:82:
+        63:17:5e:1d:28:ba:a5:de:03:5a:0b:dc:10:e6:ae:7e:ce:4b:
+        f2:42:41:9f:e7:7f:e9:ad:63:5d:dd:cd:8e:6c:ec:6a:2a:4f:
+        97:1b:bb:95:a3:84:88:f5:ef:1e:ed:7a:7f:47:7a:a1:f5:30:
+        f6:cb:7f:68:02:24:5b:be:5d:91:2a:38:1d:c7:49:32:a6:24:
+        4b:70:db:94:68:3e:65:9a:7d:13:b1:3a:70:a6:e2:be:4f:70:
+        b6:5e:dc:32
 -----BEGIN CERTIFICATE-----
-MIIF9TCCBK2gAwIBAgIUZsEshRsWTDf6I1Bc8UuZES8s6uAwPQYJKoZIhvcNAQEK
-MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
-ASAwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNQ2xpZW50
-LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0y
-MzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5MjhaMIG2MQswCQYDVQQGEwJVUzEQMA4G
-A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNT
-TF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
-AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
-AoIBAQDGh75gh0N9xKzk+jwSHcfP6lzEk3LiDTdHMz3gpexXFr2AKlr5obfubUZ8
-Ok4k4xdiWjiXCwMTpXpeEaFQ+xttFhNWu3cKe5jMhRHSkzHtdAE4PTcBNtZSwCf7
-U/uu/Va8AoCRgcztUUYWex2O8wZIgygRS7ine+iSjpP0jR36zHwoUT0hmJA/gCq5
-3CKH8I25p7vMpN0lrWWIKPEcT9wE8loPUrY1hFIY17/e49z28DzJ282xSBFLrnwe
-Way1jO4ugw/1KTQ5dMua+qbTY9VpetzyDUNGAxCnsJzNFbM2XkNeBUwDYpkp0FcF
-51TfsOVxOTfxE2ZwEvOHmAmPH+HnAgMBAAGjggFnMIIBYzAdBgNVHQ4EFgQUWXGH
-iNA+x+4ITYDyyfzPPXbmpWIwgfYGA1UdIwSB7jCB64AUWXGHiNA+x+4ITYDyyfzP
-PXbmpWKhgbykgbkwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UE
-CwwNQ2xpZW50LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJ
-KoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29s
-ZlNTTIIUZsEshRsWTDf6I1Bc8UuZES8s6uAwDAYDVR0TBAUwAwEB/zAcBgNVHREE
-FTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B
-AQgwCwYJYIZIAWUDBAIBogMCASADggEBALB5XJJTZ2wEmHRhnhB9F1kOpkELhN+n
-ii5exVsq+R+8NDaU1dTP/ZG2fO7bByES79EGupnRTOfF25YA3IenQFQNaqEuMTRZ
-vQJ4QIXL6vyMvNYaick6XAbAsubM0rqZimKB8FS2GFaRLmLkFoMwaHAbvRhJoBSh
-jRC1ZyIJfcH1Us2ee7udZHj+6fS3nJEj1etz9mT4suy+kNrh8G5x5OwZkT3E4tn4
-JAyTRxZXA2cfgazT+wwE2CDhdA18IJndxdz96x5JXRrme/x3sGYIfMObmne2ufeM
-ZSEM6BL3k6HHLQMOkeT5mGhH0l3EU+eWAnZ1Y/DQZ8p3dbwah9OUmbE=
+MIIGATCCBLWgAwIBAgIUEHFxd3qZEKqFSEOfDL4HiYo9s+owQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
+AKIDAgEgMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNs
+aWVudC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0ww
+HhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBtjELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
+bGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBVjBBBgkqhkiG9w0BAQowNKAPMA0G
+CWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAD
+ggEPADCCAQoCggEBAMaHvmCHQ33ErOT6PBIdx8/qXMSTcuINN0czPeCl7FcWvYAq
+Wvmht+5tRnw6TiTjF2JaOJcLAxOlel4RoVD7G20WE1a7dwp7mMyFEdKTMe10ATg9
+NwE21lLAJ/tT+679VrwCgJGBzO1RRhZ7HY7zBkiDKBFLuKd76JKOk/SNHfrMfChR
+PSGYkD+AKrncIofwjbmnu8yk3SWtZYgo8RxP3ATyWg9StjWEUhjXv97j3PbwPMnb
+zbFIEUuufB5ZrLWM7i6DD/UpNDl0y5r6ptNj1Wl63PINQ0YDEKewnM0VszZeQ14F
+TANimSnQVwXnVN+w5XE5N/ETZnAS84eYCY8f4ecCAwEAAaOCAWcwggFjMB0GA1Ud
+DgQWBBRZcYeI0D7H7ghNgPLJ/M89dualYjCB9gYDVR0jBIHuMIHrgBRZcYeI0D7H
+7ghNgPLJ/M89dualYqGBvKSBuTCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
+bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNT
+MRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5j
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/Is
+ZAEBDAd3b2xmU1NMghQQcXF3epkQqoVIQ58MvgeJij2z6jAMBgNVHRMEBTADAQH/
+MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRww
+GgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAMUoyuHVtsK3br9B
+m24JDwRwe/wS7BJFe5PCeyzn9L2uK3IOPoKkxemAda3fhi5EIloNrnnY0hS8HdVz
+VSlVajOuHkpuP1kRop9hH69Gj+4OXuLEz0hK8gS4KgTrHT174jSnZ41X6lkajeAi
+U4N6mGONk+Ux5YsmKlaL/Ff/b7v1kqQM8/YNJY3mor6GkfpjDMQIWFmNRLwMoywg
+B2hDZtyGgmMXXh0ouqXeA1oL3BDmrn7OS/JCQZ/nf+mtY13dzY5s7GoqT5cbu5Wj
+hIj17x7ten9HeqH1MPbLf2gCJFu+XZEqOB3HSTKmJEtw25RoPmWafROxOnCm4r5P
+cLZe3DI=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/renew-rsapss-certs.sh b/certs/rsapss/renew-rsapss-certs.sh
index 417e7b9ef..aa5951f15 100755
--- a/certs/rsapss/renew-rsapss-certs.sh
+++ b/certs/rsapss/renew-rsapss-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/rsapss/root-3072-rsapss.der b/certs/rsapss/root-3072-rsapss.der
index 265945fbe..15ff4dda9 100644
Binary files a/certs/rsapss/root-3072-rsapss.der and b/certs/rsapss/root-3072-rsapss.der differ
diff --git a/certs/rsapss/root-3072-rsapss.pem b/certs/rsapss/root-3072-rsapss.pem
index 77e180411..d229a3183 100644
--- a/certs/rsapss/root-3072-rsapss.pem
+++ b/certs/rsapss/root-3072-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            25:af:7b:c5:57:c8:31:42:fc:85:76:76:7a:01:a9:ca:68:a3:6a:d7
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+            7a:3d:5f:e1:2a:a5:f1:c2:27:b6:bd:6b:ef:c6:7c:57:16:e2:3f:fe
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:ad:cd:ed:4f:94:27:fa:57:28:90:bc:e5:35:b6:
                     96:36:18:25:45:e1:de:aa:87:98:88:61:2b:97:2a:
@@ -49,69 +49,68 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Authority Key Identifier: 
-                keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
-
+                AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         8f:d2:c7:8f:7f:7d:4e:ca:13:59:51:bb:2d:51:c7:bc:70:3c:
-         2d:a7:44:e2:b7:14:f2:1f:6f:9e:81:92:8d:f4:65:45:7d:72:
-         91:37:8f:21:b2:cf:aa:94:a2:cc:fe:63:a5:96:a3:a4:9c:f4:
-         ae:da:bd:b0:33:61:0b:54:05:da:7b:5a:7b:cc:5d:1a:59:a7:
-         59:ad:29:73:e2:ec:e8:ac:f4:89:f4:3b:4d:17:a8:72:ae:d0:
-         78:a1:f2:57:2a:15:e1:07:6c:c1:69:92:6a:a4:ea:24:30:bc:
-         fb:d4:95:6f:b9:dc:0e:4f:3e:a3:1f:e5:2e:2e:b0:5a:0a:1a:
-         39:e3:a8:7a:2c:03:32:c2:f7:b5:55:a6:2b:dc:6c:de:13:fc:
-         fa:bd:5f:ee:fe:af:a8:4b:c1:2e:2b:da:c1:29:d3:92:a6:3a:
-         dc:04:84:67:84:63:f8:b0:f0:4b:8f:5e:16:cd:97:22:32:28:
-         2d:bb:2d:07:74:49:1b:78:ce:4e:4b:ac:57:f8:21:f2:f6:2a:
-         0d:ad:ea:2a:3f:ed:c1:fc:9e:dc:62:b3:f3:43:bd:1d:14:e3:
-         97:51:1b:ef:df:0d:b4:04:b4:7a:8b:7a:16:be:d5:40:77:07:
-         cf:87:e3:2e:5e:df:ee:a2:bd:3c:50:af:a7:d1:34:84:50:9f:
-         73:2d:89:12:4b:8f:34:d6:6b:80:94:36:16:16:b0:5c:bc:36:
-         36:12:44:8b:f4:20:ef:08:3d:8c:d6:81:66:61:0e:57:85:54:
-         82:b3:f8:e3:98:21:44:ea:4a:a6:ff:ec:aa:b5:58:23:6a:03:
-         ed:c2:8c:22:f5:3d:14:7e:ff:f6:16:76:2e:20:2e:1a:1b:9c:
-         4c:6c:8d:f5:de:1c:09:59:67:ce:73:47:11:c7:ed:43:df:05:
-         07:75:e0:8e:15:96:61:4a:e9:32:0d:35:86:cc:1b:a1:7a:3a:
-         a3:8f:58:e2:21:fd:4b:d9:62:82:83:56:ed:dc:61:c2:13:79:
-         80:1c:89:f7:fc:02
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        30:fb:47:65:a5:bd:5e:d1:c0:5b:31:73:c5:6e:77:85:0d:a2:
+        25:99:89:a0:77:e3:03:17:82:78:b8:5f:01:d6:be:03:e3:7e:
+        2b:6b:9e:50:48:b3:14:1d:1a:e6:a7:b7:e7:f5:c8:9a:82:fd:
+        4e:0b:d6:e4:8f:c1:c9:66:c7:c8:54:c2:09:74:1e:70:4d:8f:
+        b8:8c:b3:86:20:8c:1e:90:10:c3:d2:df:bf:26:e2:77:f7:5b:
+        7a:f4:ce:52:ec:b9:b2:1b:c1:f4:e8:c7:09:0b:2d:24:fa:43:
+        08:5e:a6:f5:08:8a:c6:3f:11:64:10:c4:66:30:8a:a8:0e:6e:
+        80:d7:c7:ce:94:22:d5:bb:d9:e2:14:b4:ea:4e:ac:b0:b6:c2:
+        94:b8:c7:bd:8e:24:f9:f4:6d:0c:38:4c:29:2e:f9:56:30:23:
+        98:15:63:1e:8a:ba:26:15:d7:b2:14:f3:a0:8c:88:47:40:aa:
+        86:e2:b7:6b:6e:f6:99:ff:a7:73:3d:b1:ca:21:2c:9c:e3:bd:
+        e7:a8:cd:63:48:61:c5:23:d7:1c:73:af:81:f4:77:70:38:03:
+        6e:0c:98:a2:57:8b:70:5a:25:4e:e3:c0:fa:69:cc:88:f1:28:
+        c8:91:c6:31:8c:40:fd:94:dc:64:94:c4:13:73:8e:29:2c:72:
+        f6:e9:7d:08:2d:4c:cc:00:2f:a1:3a:19:03:4f:05:0f:e3:6c:
+        64:29:bf:49:c5:19:bc:58:2e:ea:f0:36:2e:52:8e:99:04:a3:
+        d6:03:e4:da:36:70:e4:c9:86:c3:96:a6:09:54:e4:aa:57:f8:
+        a2:09:48:89:3a:5d:a1:b0:27:25:d0:f0:31:4e:36:91:b5:55:
+        65:d1:8c:c0:8d:fd:83:0d:d4:5b:86:e5:2b:85:f6:1e:fa:a7:
+        36:ec:12:a4:88:8d:d7:a0:60:a4:27:85:b8:aa:d9:1f:8a:ba:
+        14:79:45:cc:51:5b:18:cf:89:24:9d:8b:f0:2f:74:c2:ce:8a:
+        82:73:3c:6b:eb:6c
 -----BEGIN CERTIFICATE-----
-MIIFjTCCA8SgAwIBAgIUJa97xVfIMUL8hXZ2egGpymijatcwPgYJKoZIhvcNAQEK
-MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
-AgFOMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
-LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
-LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTCCAaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIB
-gQCtze1PlCf6VyiQvOU1tpY2GCVF4d6qh5iIYSuXKuRO9gY2HDi1Xa6ZWZlwARL5
-Akl7rsGqeEEmm/YxCa8Ka+vyjDkv+f7gOKYvAO5AbpSMvj/BPms6rpHm1mw0GlSI
-tji4+MlYtI6ZDKs3bqFQJfHk4nZ4nJUSfjV/dGUdebeBRHijU/P0HBeAFbfB96Gz
-C2la5xJrSR8KhIhwGXMWvhzNtODnvwRhutpE61JBeka4jgKDwXUFYNBsDnV9Up75
-OBfeqMxc3eYCi/UwQxxamI/Dwdlf5m9u8XTW3otfi841ivRYig5r2pfNimqxf4NO
-fK62eI5R6Ek00Wjj0L9bsxda4NeUIBIme50Z+h4WZWXhVLv5T55j2twQ3LCbCSTV
-C5eD6yyzHhVQOJMGWowREmMhMZHDfL9U7SwvvPdjpDg2XPO7cT0NFfZavEzueFAx
-YUC/RSjStS/BCK++1gMAzxlp46CwkuwmQl4CpdEtz7hj386zImwa012JFZrEd5jN
-lX8CAwEAAaNjMGEwHQYDVR0OBBYEFKpx07GKS7tHFUdfm9AradFvhV72MB8GA1Ud
-IwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgGGMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUDBAICoRowGAYJ
-KoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOCAYEAj9LHj399TsoTWVG7LVHH
-vHA8LadE4rcU8h9vnoGSjfRlRX1ykTePIbLPqpSizP5jpZajpJz0rtq9sDNhC1QF
-2ntae8xdGlmnWa0pc+Ls6Kz0ifQ7TReocq7QeKHyVyoV4QdswWmSaqTqJDC8+9SV
-b7ncDk8+ox/lLi6wWgoaOeOoeiwDMsL3tVWmK9xs3hP8+r1f7v6vqEvBLivawSnT
-kqY63ASEZ4Rj+LDwS49eFs2XIjIoLbstB3RJG3jOTkusV/gh8vYqDa3qKj/twfye
-3GKz80O9HRTjl1Eb798NtAS0eot6Fr7VQHcHz4fjLl7f7qK9PFCvp9E0hFCfcy2J
-EkuPNNZrgJQ2FhawXLw2NhJEi/Qg7wg9jNaBZmEOV4VUgrP445ghROpKpv/sqrVY
-I2oD7cKMIvU9FH7/9hZ2LiAuGhucTGyN9d4cCVlnznNHEcftQ98FB3XgjhWWYUrp
-Mg01hswboXo6o49Y4iH9S9ligoNW7dxhwhN5gByJ9/wC
+MIIFlTCCA8igAwIBAgIUej1f4Sql8cIntr1r78Z8VxbiP/4wQgYJKoZIhvcNAQEK
+MDWgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIF
+AKIEAgIBTjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNV
+BAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfUlNBLVBTUzEVMBMGA1UECwwM
+Um9vdC1SU0EtUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0
+MjEyNTMwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNV
+BAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfUlNBLVBTUzEVMBMGA1UECwwM
+Um9vdC1SU0EtUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIB
+igKCAYEArc3tT5Qn+lcokLzlNbaWNhglReHeqoeYiGErlyrkTvYGNhw4tV2umVmZ
+cAES+QJJe67BqnhBJpv2MQmvCmvr8ow5L/n+4DimLwDuQG6UjL4/wT5rOq6R5tZs
+NBpUiLY4uPjJWLSOmQyrN26hUCXx5OJ2eJyVEn41f3RlHXm3gUR4o1Pz9BwXgBW3
+wfehswtpWucSa0kfCoSIcBlzFr4czbTg578EYbraROtSQXpGuI4Cg8F1BWDQbA51
+fVKe+TgX3qjMXN3mAov1MEMcWpiPw8HZX+ZvbvF01t6LX4vONYr0WIoOa9qXzYpq
+sX+DTnyutniOUehJNNFo49C/W7MXWuDXlCASJnudGfoeFmVl4VS7+U+eY9rcENyw
+mwkk1QuXg+sssx4VUDiTBlqMERJjITGRw3y/VO0sL7z3Y6Q4Nlzzu3E9DRX2WrxM
+7nhQMWFAv0Uo0rUvwQivvtYDAM8ZaeOgsJLsJkJeAqXRLc+4Y9/OsyJsGtNdiRWa
+xHeYzZV/AgMBAAGjYzBhMB0GA1UdDgQWBBSqcdOxiku7RxVHX5vQK2nRb4Ve9jAf
+BgNVHSMEGDAWgBSqcdOxiku7RxVHX5vQK2nRb4Ve9jAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwIBhjBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOA4IBgQAw+0dlpb1e
+0cBbMXPFbneFDaIlmYmgd+MDF4J4uF8B1r4D434ra55QSLMUHRrmp7fn9ciagv1O
+C9bkj8HJZsfIVMIJdB5wTY+4jLOGIIwekBDD0t+/JuJ391t69M5S7LmyG8H06McJ
+Cy0k+kMIXqb1CIrGPxFkEMRmMIqoDm6A18fOlCLVu9niFLTqTqywtsKUuMe9jiT5
+9G0MOEwpLvlWMCOYFWMeiromFdeyFPOgjIhHQKqG4rdrbvaZ/6dzPbHKISyc473n
+qM1jSGHFI9ccc6+B9HdwOANuDJiiV4twWiVO48D6acyI8SjIkcYxjED9lNxklMQT
+c44pLHL26X0ILUzMAC+hOhkDTwUP42xkKb9JxRm8WC7q8DYuUo6ZBKPWA+TaNnDk
+yYbDlqYJVOSqV/iiCUiJOl2hsCcl0PAxTjaRtVVl0YzAjf2DDdRbhuUrhfYe+qc2
+7BKkiI3XoGCkJ4W4qtkfiroUeUXMUVsYz4kknYvwL3TCzoqCczxr62w=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/root-rsapss.der b/certs/rsapss/root-rsapss.der
index 5538f1023..8e65d843e 100644
Binary files a/certs/rsapss/root-rsapss.der and b/certs/rsapss/root-rsapss.der differ
diff --git a/certs/rsapss/root-rsapss.pem b/certs/rsapss/root-rsapss.pem
index d22f5b04e..5fd261e87 100644
--- a/certs/rsapss/root-rsapss.pem
+++ b/certs/rsapss/root-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            73:13:23:bb:43:e9:76:b0:ce:25:f7:d5:65:b4:8f:7a:e5:7f:be:4f
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+            49:11:5c:6b:2a:d6:cc:28:df:24:40:1b:9f:b4:a9:ac:a6:40:9f:be
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:99:0a:01:b6:d1:40:7b:0c:ae:17:7e:e1:5c:8d:
                     fb:6b:cc:8f:06:51:75:e6:f0:97:ce:2f:76:fa:31:
@@ -37,66 +37,65 @@ Certificate:
                     ef:f5
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Authority Key Identifier: 
-                keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
-
+                64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         0f:1c:2d:bd:46:35:3b:80:d7:d1:45:74:d4:54:8d:ff:b0:29:
-         06:be:e4:c7:cc:93:06:9d:2c:0f:7d:82:2a:76:ed:36:4a:71:
-         cd:6b:47:94:e9:c9:29:c7:17:4e:c4:0a:0d:4a:53:92:fb:72:
-         b8:a7:a1:bb:87:fc:e1:7e:51:1b:b5:d7:34:63:7e:9f:ff:70:
-         2a:45:3c:db:fc:0a:d6:59:3a:76:30:09:81:40:94:28:4b:ca:
-         36:62:1f:d9:8a:58:3d:b1:3e:8e:9e:c2:01:2c:f9:aa:71:61:
-         0c:6f:46:99:c8:cb:a6:c5:9e:4a:40:3d:84:af:2f:0c:45:59:
-         f5:a9:c5:44:b6:4d:b7:d5:fd:5d:f3:5b:8d:0b:6a:69:e7:30:
-         76:76:ef:ee:ad:80:e3:45:92:a9:fa:32:43:bc:2c:c5:51:f4:
-         6e:3a:42:8e:fc:a1:eb:03:ca:3c:c5:fc:d7:62:cb:d5:34:92:
-         59:2d:f7:d0:fc:f2:e1:2c:5c:c2:94:f4:9d:3b:8f:d8:46:ed:
-         29:21:5c:1b:c6:da:30:71:8d:9f:00:03:82:34:33:1d:d7:20:
-         e8:4f:9f:9e:bd:91:25:fa:f7:0b:6a:64:99:ad:f3:f7:66:a4:
-         cd:b3:6d:e7:ec:06:9b:88:ce:a7:ef:59:e3:d0:6c:22:af:b8:
-         ce:7a:3b:60
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        62:9f:f5:04:3b:f8:a2:c2:9c:57:1c:9f:db:2d:6a:07:e1:0a:
+        c0:84:65:06:3c:a1:64:f4:1b:f0:ae:d3:a3:29:b1:26:ef:9f:
+        cb:e2:d9:ab:04:11:81:e1:f2:ef:18:5f:4d:c5:0f:e7:d0:6b:
+        02:d4:d8:32:1d:81:90:85:cf:aa:59:cc:fe:e2:9a:66:1c:80:
+        e8:5a:59:f2:d6:e7:1e:6e:de:64:96:bb:d5:75:8c:02:b5:53:
+        eb:71:18:d1:44:08:c4:7e:a9:de:c0:cf:54:ce:2f:ba:4e:6b:
+        a3:5c:1d:75:66:de:9c:6f:12:8c:80:e5:e0:3a:89:46:bd:fe:
+        3b:39:31:f3:b4:12:2b:5b:68:7f:b5:9b:4c:27:d4:c1:3c:5c:
+        89:12:e3:04:ba:26:3b:60:5a:0c:1e:18:26:8f:07:5c:ae:32:
+        e7:54:3e:c3:64:ce:22:28:e4:05:a4:94:e8:2c:9e:37:60:91:
+        b5:fa:96:66:e5:cc:6e:a1:25:a7:72:eb:69:49:78:93:51:0f:
+        d6:1e:51:c3:70:0b:86:18:61:ed:95:46:17:1b:56:bb:9a:45:
+        0d:58:ce:4a:4e:8d:92:fb:53:16:88:a6:d5:c8:38:4d:e7:eb:
+        3d:32:d7:5d:bd:9b:fa:c6:0a:57:ea:9e:d9:7b:54:84:38:7a:
+        14:30:ff:5f
 -----BEGIN CERTIFICATE-----
-MIIEvTCCA3WgAwIBAgIUcxMju0PpdrDOJffVZbSPeuV/vk8wPQYJKoZIhvcNAQEK
-MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
-ASAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
-UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTky
-OFowgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
-UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFl
-AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKC
-AQEAmQoBttFAewyuF37hXI37a8yPBlF15vCXzi92+jG973myLuS1ER/LKa0X7jIp
-BJqaFUNM52e4DnjP6944a0I5ZZAZ4FuUjujiGEvF0m7WePCJw9mw3BZ+aHK1ChvO
-siSMoMf8xthyrLd4wwV613iqfKusjK8K1+tLtSxA3b5aSk1tkwJp4gjll6lAbhg4
-be+OJ+NY+/Ob8Rn5kJpGjieWaP92wzbjc+LrzQCXNelkzTsN4/IC+4Cq3VXhLRA/
-CGK+q9xIDIW1XvsSyZ7Au/EKGGwV+edEShUJc0nYDJb33NACYsqRgfSyPLolqZiE
-0HUqsX+PnfjKluCClOOKs/bv9QIDAQABo2MwYTAdBgNVHQ4EFgQUZNXsgoeA3lrt
-SZjYDFR9Rp6lPNYwHwYDVR0jBBgwFoAUZNXsgoeA3lrtSZjYDFR9Rp6lPNYwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwPQYJKoZIhvcNAQEKMDCgDTAL
-BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEB
-AA8cLb1GNTuA19FFdNRUjf+wKQa+5MfMkwadLA99gip27TZKcc1rR5TpySnHF07E
-Cg1KU5L7crinobuH/OF+URu11zRjfp//cCpFPNv8CtZZOnYwCYFAlChLyjZiH9mK
-WD2xPo6ewgEs+apxYQxvRpnIy6bFnkpAPYSvLwxFWfWpxUS2TbfV/V3zW40Lamnn
-MHZ27+6tgONFkqn6MkO8LMVR9G46Qo78oesDyjzF/Ndiy9U0klkt99D88uEsXMKU
-9J07j9hG7SkhXBvG2jBxjZ8AA4I0Mx3XIOhPn569kSX69wtqZJmt8/dmpM2zbefs
-BpuIzqfvWePQbCKvuM56O2A=
+MIIEyTCCA32gAwIBAgIUSRFcayrWzCjfJEAbn7SprKZAn74wQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
+AKIDAgEgMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxS
+b290LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQy
+MTI1MzBaMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxS
+b290LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCAVYwQQYJKoZIhvcNAQEKMDSgDzANBglg
+hkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IB
+DwAwggEKAoIBAQCZCgG20UB7DK4XfuFcjftrzI8GUXXm8JfOL3b6Mb3vebIu5LUR
+H8sprRfuMikEmpoVQ0znZ7gOeM/r3jhrQjllkBngW5SO6OIYS8XSbtZ48InD2bDc
+Fn5ocrUKG86yJIygx/zG2HKst3jDBXrXeKp8q6yMrwrX60u1LEDdvlpKTW2TAmni
+COWXqUBuGDht744n41j785vxGfmQmkaOJ5Zo/3bDNuNz4uvNAJc16WTNOw3j8gL7
+gKrdVeEtED8IYr6r3EgMhbVe+xLJnsC78QoYbBX550RKFQlzSdgMlvfc0AJiypGB
+9LI8uiWpmITQdSqxf4+d+MqW4IKU44qz9u/1AgMBAAGjYzBhMB0GA1UdDgQWBBRk
+1eyCh4DeWu1JmNgMVH1GnqU81jAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1G
+nqU81jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjBBBgkqhkiG9w0B
+AQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQC
+AQUAogMCASADggEBAGKf9QQ7+KLCnFccn9stagfhCsCEZQY8oWT0G/Cu06MpsSbv
+n8vi2asEEYHh8u8YX03FD+fQawLU2DIdgZCFz6pZzP7immYcgOhaWfLW5x5u3mSW
+u9V1jAK1U+txGNFECMR+qd7Az1TOL7pOa6NcHXVm3pxvEoyA5eA6iUa9/js5MfO0
+EitbaH+1m0wn1ME8XIkS4wS6JjtgWgweGCaPB1yuMudUPsNkziIo5AWklOgsnjdg
+kbX6lmblzG6hJady62lJeJNRD9YeUcNwC4YYYe2VRhcbVruaRQ1YzkpOjZL7UxaI
+ptXIOE3n6z0y1129m/rGClfqntl7VIQ4ehQw/18=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-3072-rsapss-cert.pem b/certs/rsapss/server-3072-rsapss-cert.pem
index 600e757ca..37e4fff93 100644
--- a/certs/rsapss/server-3072-rsapss-cert.pem
+++ b/certs/rsapss/server-3072-rsapss-cert.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
                     f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
@@ -48,8 +48,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
             X509v3 Authority Key Identifier: 
-                keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
-
+                F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -58,65 +57,65 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         a1:de:92:ed:d2:4f:c8:85:21:4f:96:af:a2:74:a9:e7:3d:c7:
-         f5:84:8e:4c:6c:29:2b:ed:24:5e:60:ea:bb:43:c0:7f:b3:5d:
-         e5:d9:44:34:b3:d0:e1:d2:04:c1:f4:88:e3:7a:c8:a5:cb:85:
-         3e:27:52:d9:f4:c2:9e:45:35:e8:2b:ca:2d:c3:d4:30:53:c5:
-         c1:f4:9c:d1:98:bf:80:c2:91:88:da:37:f5:ed:6f:5f:73:83:
-         e7:3c:94:c9:b8:fe:e5:aa:0b:18:f4:69:92:a9:38:58:42:6a:
-         8b:2e:c0:37:aa:3e:50:8e:e9:93:26:ba:cd:28:da:79:fb:cf:
-         4d:8f:03:b8:e3:bd:5f:d2:c6:ad:42:66:9f:4d:51:fc:16:1a:
-         e9:80:45:45:c5:fe:e2:1e:15:08:5f:e8:dc:2d:03:e9:08:03:
-         ae:1a:dd:a0:3b:b9:65:98:c3:01:4a:4b:4f:ad:3d:20:cd:d0:
-         60:b8:7a:7b:26:4d:cb:ff:b4:f0:d2:9b:cf:ce:8e:d3:32:14:
-         23:a2:52:c8:20:fc:9c:23:21:13:e9:eb:2e:c0:1b:18:e8:09:
-         ac:e9:c9:2e:5e:63:6f:c4:60:b5:2c:61:12:25:a0:72:fe:ed:
-         7d:74:62:b5:2e:7a:91:83:96:64:ff:c2:ef:6f:8c:a8:7e:22:
-         d8:79:d1:16:d9:96:87:9e:9e:c4:34:71:cd:0c:ec:ac:e1:60:
-         44:29:b3:72:94:46:ea:08:82:c2:fa:05:55:c7:e5:16:5f:3b:
-         16:02:34:3c:ca:44:f8:a4:ba:c8:ae:7b:83:79:d7:20:45:14:
-         6a:5a:b7:85:80:ce:aa:cb:dc:46:41:70:01:54:dd:f4:58:20:
-         da:1d:df:2f:61:53:d4:57:de:53:4c:56:d0:70:60:59:1f:f8:
-         84:25:11:74:b1:12:1c:90:ef:11:07:65:ec:a3:64:df:0b:51:
-         d0:65:70:9c:a1:2f:9b:dd:10:dc:33:b3:1a:8e:5a:8a:68:43:
-         7f:9e:6b:b8:a4:33
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        94:26:51:a5:1f:de:83:65:08:74:bb:e8:d8:4f:79:a8:2a:18:
+        48:c2:cd:53:bf:46:27:11:3d:ec:65:35:47:42:f1:85:94:da:
+        da:eb:23:e4:78:54:78:80:e1:a8:7b:17:22:b2:ea:8b:4d:05:
+        8c:9e:16:30:62:92:09:c5:4f:46:d0:c2:4b:f0:2e:79:a3:23:
+        ee:8c:67:7e:7b:0f:39:d7:ce:52:4c:ea:d8:1e:0a:57:06:b1:
+        ad:c7:b0:19:90:cf:6c:68:54:78:6b:b7:ee:5c:bf:01:6c:a2:
+        15:19:6f:5f:a4:81:ce:66:ff:53:f7:68:e1:5c:e1:8d:bd:7e:
+        5a:02:56:48:1c:bf:52:08:21:6a:c9:3f:99:c6:d3:be:b8:66:
+        1b:db:4b:16:d8:f2:7b:95:be:1b:62:07:a4:ac:01:c0:a0:19:
+        2b:4b:f8:ca:d8:60:95:7a:65:fd:1c:3b:ad:71:6f:a1:11:07:
+        2e:83:78:60:55:be:12:6e:d2:98:f0:bf:87:51:17:90:93:f7:
+        2c:8e:ff:26:c1:a2:88:8d:47:9e:6f:b0:62:ee:de:74:d3:02:
+        b8:81:7b:2e:8c:99:3d:bf:43:92:cb:30:33:ec:52:66:47:99:
+        37:4a:65:75:87:f5:9f:bd:38:77:f6:52:a5:78:e3:80:30:20:
+        35:a9:af:4a:75:c5:81:47:6d:3a:9a:96:13:73:2f:13:8d:23:
+        c5:0d:06:5a:55:59:7e:e3:d5:72:7c:2e:38:86:92:dc:5a:dc:
+        19:c4:de:cd:e2:a9:27:c2:44:01:02:f2:df:97:4f:22:47:49:
+        32:e9:37:a4:82:89:1d:57:f1:c7:4a:1e:76:53:71:ec:dc:a6:
+        19:e6:d8:2f:f5:73:58:9e:e4:66:20:6a:88:97:88:a4:49:19:
+        16:f9:c8:da:61:84:66:c7:61:6e:e9:ee:f0:9f:22:fa:86:98:
+        8c:2a:72:2e:c8:ff:cc:98:95:68:24:cd:08:ad:47:eb:eb:47:
+        96:69:fb:af:1c:d2
 -----BEGIN CERTIFICATE-----
-MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIy
-MTkyOVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
-DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
-dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
-AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
-cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
-tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
-JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
-6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
-BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
-1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
-TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
-oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
-FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
-Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
-CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
-CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
-AYEAod6S7dJPyIUhT5avonSp5z3H9YSOTGwpK+0kXmDqu0PAf7Nd5dlENLPQ4dIE
-wfSI43rIpcuFPidS2fTCnkU16CvKLcPUMFPFwfSc0Zi/gMKRiNo39e1vX3OD5zyU
-ybj+5aoLGPRpkqk4WEJqiy7AN6o+UI7pkya6zSjaefvPTY8DuOO9X9LGrUJmn01R
-/BYa6YBFRcX+4h4VCF/o3C0D6QgDrhrdoDu5ZZjDAUpLT609IM3QYLh6eyZNy/+0
-8NKbz86O0zIUI6JSyCD8nCMhE+nrLsAbGOgJrOnJLl5jb8RgtSxhEiWgcv7tfXRi
-tS56kYOWZP/C72+MqH4i2HnRFtmWh56exDRxzQzsrOFgRCmzcpRG6giCwvoFVcfl
-Fl87FgI0PMpE+KS6yK57g3nXIEUUalq3hYDOqsvcRkFwAVTd9Fgg2h3fL2FT1Ffe
-U0xW0HBgWR/4hCURdLESHJDvEQdl7KNk3wtR0GVwnKEvm90Q3DOzGo5aimhDf55r
-uKQz
+MIIF1zCCBAqgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5
+MTQyMTI1MzBaMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4G
+A1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsM
+DVNlcnZlci1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZT
+U0wwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAvoR402t9sq5RiGhqM/H5
+xRpvl3GUIvTC8EmIK6RNFW/bzNTGb3Wm4iIGr5EmTqAtlxeVC0AadSObseDXXcwN
+Xwmeybc9+OViuzR1mQzm2n2VQO5fJ3b5ytYNHqcGn8V1V5ZEuXP03qqpr75LmPNs
+yNrZoiY1IUDnZ0vi2cRPuJZUF1nYyq+xVke+FVsF0ynM7CuZ+hMaKtBh0UHCJ13Z
+p/IpKOv75YnFAYOIHdxwGo8vO+U06Fvv7XZfilHqLZLC5oZtapKTw20ExZVoB/6a
+Mtk4yAbrM5K5C84uw2tqokFqzgnnSpCoL1kOdtxPuIbQS5XmG+TGWSbvHABOzvvP
+YwV+ptQJOf7TeUnyamoaF8sTpT3Z+rCkXxjo5VxLONXYuHY1oAvhmLlYw4jl+Erm
+0ISjXk2FydZ/nZ81KGZWBCXMG0z348s5vuBfqJO9oQvNY+AWB69AC8tuP4EMzYC/
+E/GSV6FIF9IpsFqi1UKEyGwJMcYFkt2j91bt518piOtLAgMBAAGjgYkwgYYwHQYD
+VR0OBBYEFMjx6R5gAcgjzNeYs7tlejLES5M5MB8GA1UdIwQYMBaAFPhCzIjJyBj5
+07AkZQZM/1Wrvw5/MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDBCBgkqhkiG9w0BAQow
+NaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUA
+ogQCAgFOA4IBgQCUJlGlH96DZQh0u+jYT3moKhhIws1Tv0YnET3sZTVHQvGFlNra
+6yPkeFR4gOGoexcisuqLTQWMnhYwYpIJxU9G0MJL8C55oyPujGd+ew85185STOrY
+HgpXBrGtx7AZkM9saFR4a7fuXL8BbKIVGW9fpIHOZv9T92jhXOGNvX5aAlZIHL9S
+CCFqyT+ZxtO+uGYb20sW2PJ7lb4bYgekrAHAoBkrS/jK2GCVemX9HDutcW+hEQcu
+g3hgVb4SbtKY8L+HUReQk/csjv8mwaKIjUeeb7Bi7t500wK4gXsujJk9v0OSyzAz
+7FJmR5k3SmV1h/WfvTh39lKleOOAMCA1qa9KdcWBR206mpYTcy8TjSPFDQZaVVl+
+49VyfC44hpLcWtwZxN7N4qknwkQBAvLfl08iR0ky6TekgokdV/HHSh52U3Hs3KYZ
+5tgv9XNYnuRmIGqIl4ikSRkW+cjaYYRmx2Fu6e7wnyL6hpiMKnIuyP/MmJVoJM0I
+rUfr60eWafuvHNI=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-3072-rsapss.der b/certs/rsapss/server-3072-rsapss.der
index 5df8b41be..fc4130c0c 100644
Binary files a/certs/rsapss/server-3072-rsapss.der and b/certs/rsapss/server-3072-rsapss.der differ
diff --git a/certs/rsapss/server-3072-rsapss.pem b/certs/rsapss/server-3072-rsapss.pem
index d3d85baeb..19c4bf0f0 100644
--- a/certs/rsapss/server-3072-rsapss.pem
+++ b/certs/rsapss/server-3072-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
                     f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
@@ -48,8 +48,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
             X509v3 Authority Key Identifier: 
-                keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
-
+                F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -58,85 +57,85 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         a1:de:92:ed:d2:4f:c8:85:21:4f:96:af:a2:74:a9:e7:3d:c7:
-         f5:84:8e:4c:6c:29:2b:ed:24:5e:60:ea:bb:43:c0:7f:b3:5d:
-         e5:d9:44:34:b3:d0:e1:d2:04:c1:f4:88:e3:7a:c8:a5:cb:85:
-         3e:27:52:d9:f4:c2:9e:45:35:e8:2b:ca:2d:c3:d4:30:53:c5:
-         c1:f4:9c:d1:98:bf:80:c2:91:88:da:37:f5:ed:6f:5f:73:83:
-         e7:3c:94:c9:b8:fe:e5:aa:0b:18:f4:69:92:a9:38:58:42:6a:
-         8b:2e:c0:37:aa:3e:50:8e:e9:93:26:ba:cd:28:da:79:fb:cf:
-         4d:8f:03:b8:e3:bd:5f:d2:c6:ad:42:66:9f:4d:51:fc:16:1a:
-         e9:80:45:45:c5:fe:e2:1e:15:08:5f:e8:dc:2d:03:e9:08:03:
-         ae:1a:dd:a0:3b:b9:65:98:c3:01:4a:4b:4f:ad:3d:20:cd:d0:
-         60:b8:7a:7b:26:4d:cb:ff:b4:f0:d2:9b:cf:ce:8e:d3:32:14:
-         23:a2:52:c8:20:fc:9c:23:21:13:e9:eb:2e:c0:1b:18:e8:09:
-         ac:e9:c9:2e:5e:63:6f:c4:60:b5:2c:61:12:25:a0:72:fe:ed:
-         7d:74:62:b5:2e:7a:91:83:96:64:ff:c2:ef:6f:8c:a8:7e:22:
-         d8:79:d1:16:d9:96:87:9e:9e:c4:34:71:cd:0c:ec:ac:e1:60:
-         44:29:b3:72:94:46:ea:08:82:c2:fa:05:55:c7:e5:16:5f:3b:
-         16:02:34:3c:ca:44:f8:a4:ba:c8:ae:7b:83:79:d7:20:45:14:
-         6a:5a:b7:85:80:ce:aa:cb:dc:46:41:70:01:54:dd:f4:58:20:
-         da:1d:df:2f:61:53:d4:57:de:53:4c:56:d0:70:60:59:1f:f8:
-         84:25:11:74:b1:12:1c:90:ef:11:07:65:ec:a3:64:df:0b:51:
-         d0:65:70:9c:a1:2f:9b:dd:10:dc:33:b3:1a:8e:5a:8a:68:43:
-         7f:9e:6b:b8:a4:33
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        94:26:51:a5:1f:de:83:65:08:74:bb:e8:d8:4f:79:a8:2a:18:
+        48:c2:cd:53:bf:46:27:11:3d:ec:65:35:47:42:f1:85:94:da:
+        da:eb:23:e4:78:54:78:80:e1:a8:7b:17:22:b2:ea:8b:4d:05:
+        8c:9e:16:30:62:92:09:c5:4f:46:d0:c2:4b:f0:2e:79:a3:23:
+        ee:8c:67:7e:7b:0f:39:d7:ce:52:4c:ea:d8:1e:0a:57:06:b1:
+        ad:c7:b0:19:90:cf:6c:68:54:78:6b:b7:ee:5c:bf:01:6c:a2:
+        15:19:6f:5f:a4:81:ce:66:ff:53:f7:68:e1:5c:e1:8d:bd:7e:
+        5a:02:56:48:1c:bf:52:08:21:6a:c9:3f:99:c6:d3:be:b8:66:
+        1b:db:4b:16:d8:f2:7b:95:be:1b:62:07:a4:ac:01:c0:a0:19:
+        2b:4b:f8:ca:d8:60:95:7a:65:fd:1c:3b:ad:71:6f:a1:11:07:
+        2e:83:78:60:55:be:12:6e:d2:98:f0:bf:87:51:17:90:93:f7:
+        2c:8e:ff:26:c1:a2:88:8d:47:9e:6f:b0:62:ee:de:74:d3:02:
+        b8:81:7b:2e:8c:99:3d:bf:43:92:cb:30:33:ec:52:66:47:99:
+        37:4a:65:75:87:f5:9f:bd:38:77:f6:52:a5:78:e3:80:30:20:
+        35:a9:af:4a:75:c5:81:47:6d:3a:9a:96:13:73:2f:13:8d:23:
+        c5:0d:06:5a:55:59:7e:e3:d5:72:7c:2e:38:86:92:dc:5a:dc:
+        19:c4:de:cd:e2:a9:27:c2:44:01:02:f2:df:97:4f:22:47:49:
+        32:e9:37:a4:82:89:1d:57:f1:c7:4a:1e:76:53:71:ec:dc:a6:
+        19:e6:d8:2f:f5:73:58:9e:e4:66:20:6a:88:97:88:a4:49:19:
+        16:f9:c8:da:61:84:66:c7:61:6e:e9:ee:f0:9f:22:fa:86:98:
+        8c:2a:72:2e:c8:ff:cc:98:95:68:24:cd:08:ad:47:eb:eb:47:
+        96:69:fb:af:1c:d2
 -----BEGIN CERTIFICATE-----
-MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIy
-MTkyOVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
-DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
-dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
-AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
-cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
-tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
-JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
-6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
-BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
-1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
-TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
-oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
-FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
-Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
-CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
-CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
-AYEAod6S7dJPyIUhT5avonSp5z3H9YSOTGwpK+0kXmDqu0PAf7Nd5dlENLPQ4dIE
-wfSI43rIpcuFPidS2fTCnkU16CvKLcPUMFPFwfSc0Zi/gMKRiNo39e1vX3OD5zyU
-ybj+5aoLGPRpkqk4WEJqiy7AN6o+UI7pkya6zSjaefvPTY8DuOO9X9LGrUJmn01R
-/BYa6YBFRcX+4h4VCF/o3C0D6QgDrhrdoDu5ZZjDAUpLT609IM3QYLh6eyZNy/+0
-8NKbz86O0zIUI6JSyCD8nCMhE+nrLsAbGOgJrOnJLl5jb8RgtSxhEiWgcv7tfXRi
-tS56kYOWZP/C72+MqH4i2HnRFtmWh56exDRxzQzsrOFgRCmzcpRG6giCwvoFVcfl
-Fl87FgI0PMpE+KS6yK57g3nXIEUUalq3hYDOqsvcRkFwAVTd9Fgg2h3fL2FT1Ffe
-U0xW0HBgWR/4hCURdLESHJDvEQdl7KNk3wtR0GVwnKEvm90Q3DOzGo5aimhDf55r
-uKQz
+MIIF1zCCBAqgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5
+MTQyMTI1MzBaMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4G
+A1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsM
+DVNlcnZlci1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZT
+U0wwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAvoR402t9sq5RiGhqM/H5
+xRpvl3GUIvTC8EmIK6RNFW/bzNTGb3Wm4iIGr5EmTqAtlxeVC0AadSObseDXXcwN
+Xwmeybc9+OViuzR1mQzm2n2VQO5fJ3b5ytYNHqcGn8V1V5ZEuXP03qqpr75LmPNs
+yNrZoiY1IUDnZ0vi2cRPuJZUF1nYyq+xVke+FVsF0ynM7CuZ+hMaKtBh0UHCJ13Z
+p/IpKOv75YnFAYOIHdxwGo8vO+U06Fvv7XZfilHqLZLC5oZtapKTw20ExZVoB/6a
+Mtk4yAbrM5K5C84uw2tqokFqzgnnSpCoL1kOdtxPuIbQS5XmG+TGWSbvHABOzvvP
+YwV+ptQJOf7TeUnyamoaF8sTpT3Z+rCkXxjo5VxLONXYuHY1oAvhmLlYw4jl+Erm
+0ISjXk2FydZ/nZ81KGZWBCXMG0z348s5vuBfqJO9oQvNY+AWB69AC8tuP4EMzYC/
+E/GSV6FIF9IpsFqi1UKEyGwJMcYFkt2j91bt518piOtLAgMBAAGjgYkwgYYwHQYD
+VR0OBBYEFMjx6R5gAcgjzNeYs7tlejLES5M5MB8GA1UdIwQYMBaAFPhCzIjJyBj5
+07AkZQZM/1Wrvw5/MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDBCBgkqhkiG9w0BAQow
+NaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUA
+ogQCAgFOA4IBgQCUJlGlH96DZQh0u+jYT3moKhhIws1Tv0YnET3sZTVHQvGFlNra
+6yPkeFR4gOGoexcisuqLTQWMnhYwYpIJxU9G0MJL8C55oyPujGd+ew85185STOrY
+HgpXBrGtx7AZkM9saFR4a7fuXL8BbKIVGW9fpIHOZv9T92jhXOGNvX5aAlZIHL9S
+CCFqyT+ZxtO+uGYb20sW2PJ7lb4bYgekrAHAoBkrS/jK2GCVemX9HDutcW+hEQcu
+g3hgVb4SbtKY8L+HUReQk/csjv8mwaKIjUeeb7Bi7t500wK4gXsujJk9v0OSyzAz
+7FJmR5k3SmV1h/WfvTh39lKleOOAMCA1qa9KdcWBR206mpYTcy8TjSPFDQZaVVl+
+49VyfC44hpLcWtwZxN7N4qknwkQBAvLfl08iR0ky6TekgokdV/HHSh52U3Hs3KYZ
+5tgv9XNYnuRmIGqIl4ikSRkW+cjaYYRmx2Fu6e7wnyL6hpiMKnIuyP/MmJVoJM0I
+rUfr60eWafuvHNI=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
                     7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
@@ -170,69 +169,68 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Authority Key Identifier: 
-                keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
-
+                AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         1f:c0:ae:b2:47:af:ec:86:67:3a:b6:8f:44:65:4a:af:29:fc:
-         17:92:a4:8f:03:6a:76:63:8d:65:4a:f6:52:23:a2:08:46:17:
-         c6:2c:87:76:2b:05:21:c1:70:2d:4d:65:ef:de:af:87:21:7e:
-         88:98:45:8b:06:8f:f8:56:4f:6a:29:f3:f4:72:5d:c3:f4:5a:
-         ee:6c:52:dc:40:72:4a:1a:4c:3b:84:b0:5a:64:cc:3a:62:c3:
-         d3:56:a9:e3:fd:4e:a2:3b:57:22:b7:f9:71:f7:5c:80:aa:4c:
-         26:ef:d5:10:e5:d9:ae:89:ff:90:82:2e:0a:ad:1c:da:a6:9c:
-         99:44:d5:fc:a0:3c:42:ad:e7:dd:8a:d0:c7:b8:d0:83:bb:4b:
-         00:e2:50:e5:81:6f:03:b8:bc:4d:d2:86:4d:8a:33:79:ca:e8:
-         a0:df:70:c1:3a:c3:55:05:f0:ac:d8:ab:55:0b:cf:44:60:b4:
-         af:03:f4:88:d9:49:81:7c:78:6a:af:5f:cd:28:e2:e1:37:f3:
-         28:b8:0e:05:5d:72:b3:b5:5b:f4:72:52:a3:7e:99:99:23:95:
-         26:17:cb:9c:66:83:21:d6:ac:f8:c8:b2:49:22:dc:32:9b:f2:
-         fc:5d:f7:fe:c0:a6:81:62:1c:43:25:2a:d3:66:37:76:db:15:
-         31:c4:6b:df:e8:70:a9:f9:96:8c:ec:94:d1:b2:fb:73:03:1b:
-         5d:7f:2b:1b:ab:47:72:ea:1b:9d:2d:43:d4:90:df:ca:c5:98:
-         9a:a2:01:6a:d3:55:1c:ad:d1:37:46:93:fe:e8:56:8c:6a:1c:
-         45:bf:cb:12:d1:aa:1c:98:08:af:f7:67:ed:41:65:3b:98:d0:
-         42:29:b0:68:ab:94:52:6e:72:e2:f4:df:8a:68:b5:1b:6d:3f:
-         35:d5:01:b8:60:eb:fe:f2:e9:33:90:db:59:5a:c4:d6:52:c6:
-         c7:1b:a8:a1:ef:64:db:96:ac:ce:fc:8d:e2:ac:75:f4:0d:bc:
-         49:36:8a:12:36:83
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        7e:3f:73:07:e2:0f:7e:e8:7c:7f:81:03:e7:e2:78:c2:f8:45:
+        27:e6:42:5a:21:35:26:17:31:aa:9e:65:05:84:47:46:cb:bd:
+        c0:30:32:a0:06:f1:a1:a7:68:89:0f:e7:a0:83:31:8f:d9:b4:
+        ad:2d:1e:82:e6:ba:bc:0c:a8:98:a6:75:97:8e:b1:bc:33:77:
+        f5:9c:f6:0b:39:f8:6f:d9:bb:35:75:80:e9:22:a4:75:cb:1a:
+        24:55:f7:96:bf:73:d2:6b:93:87:a7:c1:3c:97:75:ef:6a:9e:
+        51:12:43:60:fe:6c:46:01:ab:5a:a2:72:b5:cf:a9:47:8b:3c:
+        9d:d2:5b:c7:e1:f4:25:94:c4:3d:a3:62:10:0d:19:4e:72:66:
+        85:1e:7b:24:a6:93:46:be:5e:a6:f4:c9:52:4d:dd:2d:d4:15:
+        ef:f7:cb:75:90:2b:ba:6f:7d:84:90:26:f6:5a:92:e9:d0:b0:
+        c6:05:2e:10:d5:b5:12:da:cb:92:ed:6f:12:27:3a:cd:08:94:
+        f0:52:9b:08:52:47:77:e2:de:ce:51:20:6f:e7:b3:1a:21:ea:
+        2f:d5:8c:10:15:9c:e4:61:74:d4:c3:8f:4e:47:df:a2:3c:60:
+        da:61:60:a8:67:2b:40:30:4e:a3:5f:7b:f6:3d:7e:5f:0d:ce:
+        c8:2b:de:17:b0:dd:a9:9c:3d:b7:dc:7f:60:b9:4e:4a:24:cf:
+        75:b1:d3:ce:83:5e:6d:f3:28:78:fd:6e:3f:f5:69:50:08:57:
+        58:76:98:d6:86:ce:2d:42:0b:66:60:7f:fa:20:0d:4e:d6:0d:
+        ed:9a:2d:95:3e:d0:df:72:53:56:1e:d5:f5:60:ab:d9:eb:f1:
+        f3:76:9b:4f:04:13:5a:92:6c:af:93:23:cb:87:ec:ad:ef:f5:
+        e5:df:0c:e5:14:70:a9:ca:43:f9:aa:83:4f:bf:aa:de:21:75:
+        3f:70:6e:7b:fe:2e:ba:72:7e:3b:e2:88:70:b4:17:5a:bd:38:
+        f3:37:f0:f7:1d:99
 -----BEGIN CERTIFICATE-----
-MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
-b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
+MIIFlzCCA8qgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGdMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
+CgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290LVJTQS1QU1MxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
-MB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
-ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
-U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
-pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
-h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
-FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
-awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
-+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
-KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
-LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
-VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
-BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQAfwK6yR6/shmc6to9E
-ZUqvKfwXkqSPA2p2Y41lSvZSI6IIRhfGLId2KwUhwXAtTWXv3q+HIX6ImEWLBo/4
-Vk9qKfP0cl3D9FrubFLcQHJKGkw7hLBaZMw6YsPTVqnj/U6iO1cit/lx91yAqkwm
-79UQ5dmuif+Qgi4KrRzappyZRNX8oDxCrefditDHuNCDu0sA4lDlgW8DuLxN0oZN
-ijN5yuig33DBOsNVBfCs2KtVC89EYLSvA/SI2UmBfHhqr1/NKOLhN/MouA4FXXKz
-tVv0clKjfpmZI5UmF8ucZoMh1qz4yLJJItwym/L8Xff+wKaBYhxDJSrTZjd22xUx
-xGvf6HCp+ZaM7JTRsvtzAxtdfysbq0dy6hudLUPUkN/KxZiaogFq01UcrdE3RpP+
-6FaMahxFv8sS0aocmAiv92ftQWU7mNBCKbBoq5RSbnLi9N+KaLUbbT811QG4YOv+
-8ukzkNtZWsTWUsbHG6ih72TblqzO/I3irHX0DbxJNooSNoM=
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCCAaAwCwYJKoZIhvcNAQEKA4IBjwAw
+ggGKAoIBgQDIKkDI6658GDPLOFHmt3sRT83qNYdk2bLKz0shxIYqx6NvFT4exJsD
+gUs6XVNiEeII35dNNz14YlBAMSpwRBptaUn8d7jyQgmGml05zYR7Moo7sE+/PdQF
+fsCqKKXOsSg6WdkZEDrUH5EHB3NQpCvYGB8i+PRkPxOg2GB+U0w7l3C8NuW+MZdF
+Ve2iW4e1G45lPbcVCNESGqrsTlY1cKc+UGX3PjCcMtuyJHuHAiknEjWtjsMCIhPC
+blNF8BYhgeXVtZFgi9dcu8JwBvZQQUU2f0FEibaXI75213xyf+r0GRAXw9+PzZcg
+BMsdA2sJj9d7hH0ixeIQy8wRqqH1ZoUONVqMw4lhKdBcUy8JS5F+zuAS087ryVA8
+NvCmtPu1wt5hoKxvvH7vUwifsRitW+MBI94RpR991bb0ch1TdWaM22Ee6es880lp
+grYgaykDob5V5Ez4Jaeoo+M/Mh+upyqba1bdyVqxGgGgE9KOmizbfv1bDi7vkmnO
+8t7v0C8JDmcCAwEAAaNjMGEwHQYDVR0OBBYEFPhCzIjJyBj507AkZQZM/1Wrvw5/
+MB8GA1UdIwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgGGMEIGCSqGSIb3DQEBCjA1oA8wDQYJYIZIAWUDBAIC
+BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiBAICAU4DggGBAH4/cwfi
+D37ofH+BA+fieML4RSfmQlohNSYXMaqeZQWER0bLvcAwMqAG8aGnaIkP56CDMY/Z
+tK0tHoLmurwMqJimdZeOsbwzd/Wc9gs5+G/ZuzV1gOkipHXLGiRV95a/c9Jrk4en
+wTyXde9qnlESQ2D+bEYBq1qicrXPqUeLPJ3SW8fh9CWUxD2jYhANGU5yZoUeeySm
+k0a+Xqb0yVJN3S3UFe/3y3WQK7pvfYSQJvZakunQsMYFLhDVtRLay5LtbxInOs0I
+lPBSmwhSR3fi3s5RIG/nsxoh6i/VjBAVnORhdNTDj05H36I8YNphYKhnK0AwTqNf
+e/Y9fl8Nzsgr3hew3amcPbfcf2C5Tkokz3Wx086DXm3zKHj9bj/1aVAIV1h2mNaG
+zi1CC2Zgf/ogDU7WDe2aLZU+0N9yU1Ye1fVgq9nr8fN2m08EE1qSbK+TI8uH7K3v
+9eXfDOUUcKnKQ/mqg0+/qt4hdT9wbnv+LrpyfjviiHC0F1q9OPM38PcdmQ==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-mix-rsapss-cert.pem b/certs/rsapss/server-mix-rsapss-cert.pem
index 10cf45f5b..a0be3bdee 100644
--- a/certs/rsapss/server-mix-rsapss-cert.pem
+++ b/certs/rsapss/server-mix-rsapss-cert.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0xDE
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0xDE
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-MIX-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -39,8 +39,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
             X509v3 Authority Key Identifier: 
-                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
-
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -49,52 +48,52 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0xDE
-         Trailer Field: 0xBC (default)
-
-         14:99:93:0c:53:6c:7e:43:6d:28:73:f0:11:fa:80:13:79:af:
-         2d:c2:64:71:1d:90:5d:b2:2e:1f:4c:bf:30:21:12:16:82:a4:
-         8d:90:e7:e3:3c:ee:3a:d1:50:ba:18:e0:d5:e7:cb:6b:87:ae:
-         24:e1:0b:7c:c7:83:28:98:56:dc:63:d7:6e:d1:f6:a9:92:3e:
-         d5:aa:83:f3:c4:fe:53:26:d0:b3:e8:f2:0b:34:bb:cb:5d:53:
-         28:36:b9:ab:b8:13:a2:b3:53:ac:ab:c7:41:92:f5:e4:c7:66:
-         c6:af:15:f9:c2:a5:9c:c3:07:81:c9:c0:41:2c:40:11:5b:86:
-         63:c0:6e:1d:c7:e4:3f:41:a4:8d:18:2c:da:1a:fa:d7:39:d3:
-         b6:8f:be:87:0f:2b:a1:90:6a:d7:ba:df:cf:97:20:05:7e:8c:
-         a7:f8:90:bf:ec:b6:a6:44:08:81:57:19:15:a9:a9:0f:1c:5c:
-         78:ab:b8:35:5b:b0:8c:7d:48:f5:21:38:e7:a2:51:27:fc:24:
-         ea:2f:9f:f7:19:62:e6:1f:cf:1c:5d:9c:e2:b5:e7:b2:4c:ac:
-         fc:64:fd:0e:bd:5d:3b:02:44:94:ec:5e:1c:24:d1:3d:37:3b:
-         eb:23:2f:7a:46:c6:45:4d:55:1e:50:d2:6f:c2:16:5b:78:a7:
-         06:e1:ee:36
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0xDE
+        Trailer Field: 0x01 (default)
+        49:c6:44:a2:7a:fb:dc:b0:ca:d1:9d:90:24:a1:04:f3:c1:fb:
+        5a:e4:b0:e8:48:d0:c2:87:b4:bd:43:9d:e0:4e:23:49:0f:33:
+        b7:0f:e5:3b:d1:14:9c:4c:00:ec:06:6d:c4:d9:24:36:fc:46:
+        4a:d3:91:a5:ff:e2:3b:a9:ff:9f:f4:cd:fb:e3:d7:33:4d:af:
+        fd:53:29:be:a5:fa:3b:3d:8d:66:c4:b8:71:ca:8a:4f:b9:10:
+        af:79:00:f4:f1:41:7a:c8:9d:e4:53:81:05:59:99:2f:2e:a0:
+        f4:b4:44:3f:92:76:d1:0d:8f:2b:75:ac:20:73:10:9f:83:d0:
+        b7:9a:43:e8:b0:39:08:c9:55:ab:3c:44:59:e0:a0:4b:5d:46:
+        e0:ff:cb:11:35:25:4b:fa:7d:a9:75:87:a4:05:39:a4:19:a9:
+        3c:2e:d3:68:5b:cf:e7:94:23:10:b9:c2:a9:0c:af:ab:00:d5:
+        f1:92:f2:b4:ad:3c:cf:fd:de:b9:8b:56:30:4c:40:95:c0:fd:
+        53:2c:c3:30:98:0c:21:e6:b0:56:ca:84:e0:ed:3c:47:60:e9:
+        21:75:01:11:b9:f5:0b:a0:24:6a:12:0c:bc:ed:94:b2:48:79:
+        e7:69:19:7d:b2:1f:03:7b:80:08:a3:f3:b0:f3:da:3f:58:82:
+        b9:fb:06:d4
 -----BEGIN CERTIFICATE-----
-MIIEtzCCA26gAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wgZQxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
-YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgboxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
-DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JT
-QVBTUzEaMBgGA1UECwwRU2VydmVyLU1JWC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxR
-dfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/h
-Y2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNG
-M2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq8
-4dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwz
-ILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgYkwgYYwHQYDVR0OBBYEFLMRMsmS
-mITiyfjQO24DQsofDo48MB8GA1UdIwQYMBaAFCeOZxF0wyYdP+0zY7Ok2B0w5ejV
-MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF
-BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFl
-AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBABSZkwxT
-bH5DbShz8BH6gBN5ry3CZHEdkF2yLh9MvzAhEhaCpI2Q5+M87jrRULoY4NXny2uH
-riThC3zHgyiYVtxj127R9qmSPtWqg/PE/lMm0LPo8gs0u8tdUyg2uau4E6KzU6yr
-x0GS9eTHZsavFfnCpZzDB4HJwEEsQBFbhmPAbh3H5D9BpI0YLNoa+tc507aPvocP
-K6GQate638+XIAV+jKf4kL/stqZECIFXGRWpqQ8cXHiruDVbsIx9SPUhOOeiUSf8
-JOovn/cZYuYfzxxdnOK157JMrPxk/Q69XTsCRJTsXhwk0T03O+sjL3pGxkVNVR5Q
-0m/CFlt4pwbh7jY=
+MIIEvzCCA3KgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMIGUMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UE
+CgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53
+b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
+NDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG6MQswCQYDVQQGEwJVUzEQMA4G
+A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNT
+TF9SU0FQU1MxGjAYBgNVBAsMEVNlcnZlci1NSVgtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd/
+/lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZ
+DSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxA
+tGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQ
+oZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp
+2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4GJMIGGMB0GA1UdDgQWBBSz
+ETLJkpiE4sn40DtuA0LKHw6OPDAfBgNVHSMEGDAWgBQnjmcRdMMmHT/tM2OzpNgd
+MOXo1TAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggr
+BgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAwQgYJKoZIhvcNAQEKMDWgDzANBglg
+hkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOC
+AQEAScZEonr73LDK0Z2QJKEE88H7WuSw6EjQwoe0vUOd4E4jSQ8ztw/lO9EUnEwA
+7AZtxNkkNvxGStORpf/iO6n/n/TN++PXM02v/VMpvqX6Oz2NZsS4ccqKT7kQr3kA
+9PFBesid5FOBBVmZLy6g9LREP5J20Q2PK3WsIHMQn4PQt5pD6LA5CMlVqzxEWeCg
+S11G4P/LETUlS/p9qXWHpAU5pBmpPC7TaFvP55QjELnCqQyvqwDV8ZLytK08z/3e
+uYtWMExAlcD9UyzDMJgMIeawVsqE4O08R2DpIXUBEbn1C6AkahIMvO2Uskh552kZ
+fbIfA3uACKPzsPPaP1iCufsG1A==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-rsapss-cert.pem b/certs/rsapss/server-rsapss-cert.pem
index 2502ae951..6df55b26b 100644
--- a/certs/rsapss/server-rsapss-cert.pem
+++ b/certs/rsapss/server-rsapss-cert.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
                     89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
@@ -36,16 +36,15 @@ Certificate:
                     36:83
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
             X509v3 Authority Key Identifier: 
-                keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
-
+                9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -54,53 +53,53 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         44:ba:5d:7a:83:e4:65:ff:23:b8:4b:7c:9f:ab:2e:f7:dc:59:
-         7e:6b:40:67:54:09:42:9f:41:1d:a1:7e:a8:f9:47:48:c1:00:
-         63:cc:92:06:2c:3c:eb:f4:83:32:c2:2e:d1:78:f3:1e:52:60:
-         32:26:8e:b3:b3:62:3d:ba:2b:8d:74:ef:01:5c:cc:1b:7c:ac:
-         40:64:07:79:eb:f9:36:26:0e:e9:a8:55:5d:e5:10:87:17:0d:
-         69:63:34:4b:5b:09:c8:54:dd:43:1c:1a:62:bb:ac:00:eb:3f:
-         a8:fe:b3:b6:e0:8b:9e:1c:a5:f4:09:8a:f0:7b:2f:da:13:92:
-         af:ad:c0:f0:c5:16:18:30:53:a6:5d:b9:1f:97:4b:a6:ac:4c:
-         80:dc:01:28:d9:9f:45:73:bd:6c:30:d1:c7:73:33:c5:cc:df:
-         56:f4:72:04:00:78:dd:5f:d8:92:bb:87:e9:15:01:e3:f0:6e:
-         bb:aa:3e:85:f9:68:22:7a:1e:d3:4c:43:bf:01:ee:0a:aa:9c:
-         73:0b:38:d4:77:cf:b7:11:ca:5c:aa:e6:e6:25:9d:bf:41:8d:
-         79:37:0c:fa:53:41:c5:86:cf:10:29:9d:7a:7c:96:c5:e5:6c:
-         57:7b:89:e6:14:84:5b:54:22:c4:5c:81:a0:bf:a4:fc:76:71:
-         97:34:62:7d
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        c0:99:45:55:6f:8f:18:b8:48:c3:72:57:5a:af:06:55:a4:44:
+        de:d1:01:2c:43:c8:1b:96:e2:d5:f4:91:4c:1c:a2:45:9f:69:
+        4a:27:3c:cb:0b:c7:02:29:3e:53:b7:0f:81:6c:38:e8:b0:54:
+        d1:25:eb:73:88:31:36:01:46:5b:94:f7:75:bc:57:a9:f9:ea:
+        c7:de:88:d4:97:f9:de:11:53:75:40:0f:5b:bd:b0:9b:94:2a:
+        c2:a9:aa:19:2e:f0:1b:1d:1e:96:4f:ac:33:5a:c9:44:af:46:
+        8b:33:6e:83:79:00:1f:2c:09:bc:59:67:c2:6c:25:d4:24:fe:
+        5f:89:41:9b:b1:35:0a:4b:b9:8c:80:81:d8:a8:1c:95:e0:59:
+        53:2c:18:53:83:a8:3c:9a:28:24:82:3b:f8:75:2b:07:0e:cb:
+        69:3a:53:89:eb:48:54:8e:08:b9:a1:4d:ad:36:ba:d4:6c:7c:
+        7f:87:c6:86:86:6e:fc:73:3f:33:0d:9f:c0:ee:83:60:08:cf:
+        5e:e7:31:08:ed:eb:c9:69:84:fa:34:64:7f:7d:1c:f7:39:6d:
+        cf:32:e8:f9:06:ed:2f:7b:31:16:f5:51:7d:ad:09:7e:bf:e9:
+        f6:ba:ae:83:a7:0c:60:30:ca:4d:38:3b:50:f6:81:d1:1a:49:
+        98:73:68:98
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIx
-OTI4WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
-B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
-ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
-UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
-BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
-KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
-W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
-Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
-aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
-+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
-AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
-GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
-/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
-PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
-YIZIAWUDBAIBogMCASADggEBAES6XXqD5GX/I7hLfJ+rLvfcWX5rQGdUCUKfQR2h
-fqj5R0jBAGPMkgYsPOv0gzLCLtF48x5SYDImjrOzYj26K4107wFczBt8rEBkB3nr
-+TYmDumoVV3lEIcXDWljNEtbCchU3UMcGmK7rADrP6j+s7bgi54cpfQJivB7L9oT
-kq+twPDFFhgwU6ZduR+XS6asTIDcASjZn0VzvWww0cdzM8XM31b0cgQAeN1f2JK7
-h+kVAePwbruqPoX5aCJ6HtNMQ78B7gqqnHMLONR3z7cRylyq5uYlnb9BjXk3DPpT
-QcWGzxApnXp8lsXlbFd7ieYUhFtUIsRcgaC/pPx2cZc0Yn0=
+MIIFCzCCA7+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkx
+NDIxMjUzMFowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
+VQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwN
+U2VydmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNT
+TDCCAVYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3
+DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBDwAwggEKAoIBAQDX92zhAonMm3QQ
+8+wBy4nO7/YpYvx1P2qZutaI7K6zIDNE0gbXmSG780DOMLDhkExbWHVUHaLdvGMB
+SEM7Inp4KmVb2BFfm3vbIRy89KWtPtYHQdoEH+p47FfzU/1JK14ONAI7Xj5f3GPa
+1GgmGmHJJddTFuf7wKUtWTZ76cdCy5sVgf3UD8W3xknARXfqW6zKHqWcwYYb8p7t
+ZqDRO7ZvAlRpMA26VQEYwF99su6mvYmE/Og25LvTtJ7ds6aAMhI3MI4KiVTF60sc
+hQIr+CZjxCP4WTUYDijPXQdJ2MxgTTv7JyTw1kYPxVsWpZSKaRo0Ys3gMjJVuRZl
+UBGLXjaDAgMBAAGjgYkwgYYwHQYDVR0OBBYEFC0HabChb58M+iUFssqXCETfDpeo
+MB8GA1UdIwQYMBaAFJ4M4NPftkvzGWNcymyThqIUU5ExMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIB
+AQQEAwIGQDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAMCZRVVvjxi4SMNyV1qvBlWk
+RN7RASxDyBuW4tX0kUwcokWfaUonPMsLxwIpPlO3D4FsOOiwVNEl63OIMTYBRluU
+93W8V6n56sfeiNSX+d4RU3VAD1u9sJuUKsKpqhku8BsdHpZPrDNayUSvRoszboN5
+AB8sCbxZZ8JsJdQk/l+JQZuxNQpLuYyAgdioHJXgWVMsGFODqDyaKCSCO/h1KwcO
+y2k6U4nrSFSOCLmhTa02utRsfH+HxoaGbvxzPzMNn8Dug2AIz17nMQjt68lphPo0
+ZH99HPc5bc8y6PkG7S97MRb1UX2tCX6/6fa6roOnDGAwyk04O1D2gdEaSZhzaJg=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-rsapss.der b/certs/rsapss/server-rsapss.der
index 1015ec6b7..ba03ede10 100644
Binary files a/certs/rsapss/server-rsapss.der and b/certs/rsapss/server-rsapss.der differ
diff --git a/certs/rsapss/server-rsapss.pem b/certs/rsapss/server-rsapss.pem
index 77c7f0fd9..3fbebae08 100644
--- a/certs/rsapss/server-rsapss.pem
+++ b/certs/rsapss/server-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
                     89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
@@ -36,16 +36,15 @@ Certificate:
                     36:83
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
             X509v3 Authority Key Identifier: 
-                keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
-
+                9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -54,73 +53,73 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         44:ba:5d:7a:83:e4:65:ff:23:b8:4b:7c:9f:ab:2e:f7:dc:59:
-         7e:6b:40:67:54:09:42:9f:41:1d:a1:7e:a8:f9:47:48:c1:00:
-         63:cc:92:06:2c:3c:eb:f4:83:32:c2:2e:d1:78:f3:1e:52:60:
-         32:26:8e:b3:b3:62:3d:ba:2b:8d:74:ef:01:5c:cc:1b:7c:ac:
-         40:64:07:79:eb:f9:36:26:0e:e9:a8:55:5d:e5:10:87:17:0d:
-         69:63:34:4b:5b:09:c8:54:dd:43:1c:1a:62:bb:ac:00:eb:3f:
-         a8:fe:b3:b6:e0:8b:9e:1c:a5:f4:09:8a:f0:7b:2f:da:13:92:
-         af:ad:c0:f0:c5:16:18:30:53:a6:5d:b9:1f:97:4b:a6:ac:4c:
-         80:dc:01:28:d9:9f:45:73:bd:6c:30:d1:c7:73:33:c5:cc:df:
-         56:f4:72:04:00:78:dd:5f:d8:92:bb:87:e9:15:01:e3:f0:6e:
-         bb:aa:3e:85:f9:68:22:7a:1e:d3:4c:43:bf:01:ee:0a:aa:9c:
-         73:0b:38:d4:77:cf:b7:11:ca:5c:aa:e6:e6:25:9d:bf:41:8d:
-         79:37:0c:fa:53:41:c5:86:cf:10:29:9d:7a:7c:96:c5:e5:6c:
-         57:7b:89:e6:14:84:5b:54:22:c4:5c:81:a0:bf:a4:fc:76:71:
-         97:34:62:7d
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        c0:99:45:55:6f:8f:18:b8:48:c3:72:57:5a:af:06:55:a4:44:
+        de:d1:01:2c:43:c8:1b:96:e2:d5:f4:91:4c:1c:a2:45:9f:69:
+        4a:27:3c:cb:0b:c7:02:29:3e:53:b7:0f:81:6c:38:e8:b0:54:
+        d1:25:eb:73:88:31:36:01:46:5b:94:f7:75:bc:57:a9:f9:ea:
+        c7:de:88:d4:97:f9:de:11:53:75:40:0f:5b:bd:b0:9b:94:2a:
+        c2:a9:aa:19:2e:f0:1b:1d:1e:96:4f:ac:33:5a:c9:44:af:46:
+        8b:33:6e:83:79:00:1f:2c:09:bc:59:67:c2:6c:25:d4:24:fe:
+        5f:89:41:9b:b1:35:0a:4b:b9:8c:80:81:d8:a8:1c:95:e0:59:
+        53:2c:18:53:83:a8:3c:9a:28:24:82:3b:f8:75:2b:07:0e:cb:
+        69:3a:53:89:eb:48:54:8e:08:b9:a1:4d:ad:36:ba:d4:6c:7c:
+        7f:87:c6:86:86:6e:fc:73:3f:33:0d:9f:c0:ee:83:60:08:cf:
+        5e:e7:31:08:ed:eb:c9:69:84:fa:34:64:7f:7d:1c:f7:39:6d:
+        cf:32:e8:f9:06:ed:2f:7b:31:16:f5:51:7d:ad:09:7e:bf:e9:
+        f6:ba:ae:83:a7:0c:60:30:ca:4d:38:3b:50:f6:81:d1:1a:49:
+        98:73:68:98
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIx
-OTI4WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
-B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
-ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
-UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
-BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
-KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
-W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
-Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
-aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
-+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
-AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
-GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
-/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
-PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
-YIZIAWUDBAIBogMCASADggEBAES6XXqD5GX/I7hLfJ+rLvfcWX5rQGdUCUKfQR2h
-fqj5R0jBAGPMkgYsPOv0gzLCLtF48x5SYDImjrOzYj26K4107wFczBt8rEBkB3nr
-+TYmDumoVV3lEIcXDWljNEtbCchU3UMcGmK7rADrP6j+s7bgi54cpfQJivB7L9oT
-kq+twPDFFhgwU6ZduR+XS6asTIDcASjZn0VzvWww0cdzM8XM31b0cgQAeN1f2JK7
-h+kVAePwbruqPoX5aCJ6HtNMQ78B7gqqnHMLONR3z7cRylyq5uYlnb9BjXk3DPpT
-QcWGzxApnXp8lsXlbFd7ieYUhFtUIsRcgaC/pPx2cZc0Yn0=
+MIIFCzCCA7+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkx
+NDIxMjUzMFowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
+VQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwN
+U2VydmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNT
+TDCCAVYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3
+DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBDwAwggEKAoIBAQDX92zhAonMm3QQ
+8+wBy4nO7/YpYvx1P2qZutaI7K6zIDNE0gbXmSG780DOMLDhkExbWHVUHaLdvGMB
+SEM7Inp4KmVb2BFfm3vbIRy89KWtPtYHQdoEH+p47FfzU/1JK14ONAI7Xj5f3GPa
+1GgmGmHJJddTFuf7wKUtWTZ76cdCy5sVgf3UD8W3xknARXfqW6zKHqWcwYYb8p7t
+ZqDRO7ZvAlRpMA26VQEYwF99su6mvYmE/Og25LvTtJ7ds6aAMhI3MI4KiVTF60sc
+hQIr+CZjxCP4WTUYDijPXQdJ2MxgTTv7JyTw1kYPxVsWpZSKaRo0Ys3gMjJVuRZl
+UBGLXjaDAgMBAAGjgYkwgYYwHQYDVR0OBBYEFC0HabChb58M+iUFssqXCETfDpeo
+MB8GA1UdIwQYMBaAFJ4M4NPftkvzGWNcymyThqIUU5ExMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIB
+AQQEAwIGQDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAMCZRVVvjxi4SMNyV1qvBlWk
+RN7RASxDyBuW4tX0kUwcokWfaUonPMsLxwIpPlO3D4FsOOiwVNEl63OIMTYBRluU
+93W8V6n56sfeiNSX+d4RU3VAD1u9sJuUKsKpqhku8BsdHpZPrDNayUSvRoszboN5
+AB8sCbxZZ8JsJdQk/l+JQZuxNQpLuYyAgdioHJXgWVMsGFODqDyaKCSCO/h1KwcO
+y2k6U4nrSFSOCLmhTa02utRsfH+HxoaGbvxzPzMNn8Dug2AIz17nMQjt68lphPo0
+ZH99HPc5bc8y6PkG7S97MRb1UX2tCX6/6fa6roOnDGAwyk04O1D2gdEaSZhzaJg=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
                     bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
@@ -142,66 +141,65 @@ Certificate:
                     cc:1d
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Authority Key Identifier: 
-                keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
-
+                64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         6c:79:0e:40:30:74:f6:02:08:61:df:c0:89:25:10:30:ea:e4:
-         e9:14:c8:c6:47:01:55:a4:f2:ed:ee:3f:55:da:62:39:04:cb:
-         3d:a1:78:56:76:30:fd:14:ea:b3:d8:21:99:c6:ca:ed:9f:18:
-         7d:15:4d:d2:cf:db:c3:a1:b4:56:0d:04:b1:72:9c:68:81:1f:
-         01:02:b8:8f:d6:d8:ed:47:3a:72:f2:e0:a5:9b:7b:50:75:00:
-         a4:ab:23:62:48:1f:bc:f4:50:86:ef:06:b3:f8:8b:6e:e0:39:
-         d1:8c:3b:8f:1f:ef:c5:ff:8c:2d:b2:1b:5d:82:32:b1:81:92:
-         02:7c:c9:ad:16:86:63:6c:95:41:ed:80:70:96:41:13:11:03:
-         9a:c1:41:d4:ca:e0:fd:7f:2d:d9:5b:60:d6:42:fe:aa:ac:73:
-         4e:6d:26:67:03:ec:53:e9:97:2f:73:3a:f5:c4:ba:cf:dc:db:
-         6c:f0:79:80:b1:52:f4:bf:12:c9:a7:ce:b1:2f:8d:6a:6a:a8:
-         9e:27:e9:d1:55:26:6b:20:8c:1f:90:57:6d:5e:dc:9e:ca:4c:
-         76:fc:35:76:dc:5a:06:90:50:88:7e:ad:9f:58:e3:39:10:e3:
-         64:19:9f:ea:fb:86:04:84:79:d6:20:ac:c8:45:8b:03:8c:eb:
-         b6:d4:e7:e4
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        78:31:94:fd:94:b9:31:68:97:cc:3b:60:8e:1b:4b:0b:c6:1b:
+        d4:64:d9:dd:ef:81:f2:fd:a0:18:a5:f4:92:47:07:84:55:f7:
+        f0:1d:25:45:15:cb:df:df:9c:d2:5a:db:f2:e9:1a:8e:98:5b:
+        7c:73:ea:13:3d:02:c2:89:06:50:3e:dd:4e:79:3a:86:1d:cc:
+        7c:04:09:d7:ed:53:86:d7:8a:2a:11:0a:84:14:da:47:d4:92:
+        0a:7f:e7:86:b9:08:a7:7c:da:e4:97:d7:04:25:22:98:0e:e7:
+        72:05:39:ac:57:18:22:76:26:13:8b:29:4d:b8:38:a4:17:8b:
+        fb:2e:bf:61:7a:34:94:09:f0:3f:1d:4a:61:75:ab:b8:31:42:
+        37:b2:47:a0:d9:cf:23:9f:da:61:e2:bf:39:dd:0d:e4:bf:b9:
+        ba:7d:22:ca:f0:53:ad:71:95:4f:1c:05:86:b9:30:63:b9:80:
+        20:0e:e3:4d:32:e0:e8:33:3e:64:27:f5:ae:f5:07:f1:a8:68:
+        3a:49:12:e5:b0:38:bc:d1:96:d2:de:60:02:eb:79:ca:2c:e8:
+        f2:39:09:91:6b:9a:a2:13:b9:01:c5:7f:36:dc:a3:e7:86:b4:
+        72:23:a7:38:26:2b:9a:6e:3c:99:69:f1:8e:cc:68:10:14:50:
+        a2:e9:2b:b1
 -----BEGIN CERTIFICATE-----
-MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
-bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
-d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
-AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
-AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
-4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
-F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
-Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
-4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
-pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
-8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
-MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
-AQEAbHkOQDB09gIIYd/AiSUQMOrk6RTIxkcBVaTy7e4/VdpiOQTLPaF4VnYw/RTq
-s9ghmcbK7Z8YfRVN0s/bw6G0Vg0EsXKcaIEfAQK4j9bY7Uc6cvLgpZt7UHUApKsj
-YkgfvPRQhu8Gs/iLbuA50Yw7jx/vxf+MLbIbXYIysYGSAnzJrRaGY2yVQe2AcJZB
-ExEDmsFB1Mrg/X8t2Vtg1kL+qqxzTm0mZwPsU+mXL3M69cS6z9zbbPB5gLFS9L8S
-yafOsS+Namqonifp0VUmayCMH5BXbV7cnspMdvw1dtxaBpBQiH6tn1jjORDjZBmf
-6vuGBIR51iCsyEWLA4zrttTn5A==
+MIIEyzCCA3+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgZ0xCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQK
+DA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBVjBBBgkqhkiG9w0BAQowNKAPMA0G
+CWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAD
+ggEPADCCAQoCggEBANYOx1BNKfWootQpW1jyvC0n3ohJGoQZK4SNlNF4EtZ7FNjS
+giSVq/5PVfvgVfw5N3tBgLSYb3/Ftz43+F8dLxIxiPmLOwCF5jalFz+apL5I/3o2
+Iiwj1J9bUtEX0cHyaRnYMsX3eeyDGYfjE6BDXrHpA+20CM17FGgPJU+Q8ASnuwiJ
+CNx2TnBJBEFNv7d/d3lq72hLYpeOM5EyKuNjFUf2YaQm2wIEtlfAp/Cq7CBykcMy
+q5h/hMboX9bgGtIkscdQu3OH3irD4sRgMrjkWlu15CmMiyhruxrcPP65756JKGC6
+pEBm1bvgYn+nK+EPOOYz6rIQDhTIP4ef/4sozB0CAwEAAaNjMGEwHQYDVR0OBBYE
+FJ4M4NPftkvzGWNcymyThqIUU5ExMB8GA1UdIwQYMBaAFGTV7IKHgN5a7UmY2AxU
+fUaepTzWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMEEGCSqGSIb3
+DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUD
+BAIBBQCiAwIBIAOCAQEAeDGU/ZS5MWiXzDtgjhtLC8Yb1GTZ3e+B8v2gGKX0kkcH
+hFX38B0lRRXL39+c0lrb8ukajphbfHPqEz0CwokGUD7dTnk6hh3MfAQJ1+1ThteK
+KhEKhBTaR9SSCn/nhrkIp3za5JfXBCUimA7ncgU5rFcYInYmE4spTbg4pBeL+y6/
+YXo0lAnwPx1KYXWruDFCN7JHoNnPI5/aYeK/Od0N5L+5un0iyvBTrXGVTxwFhrkw
+Y7mAIA7jTTLg6DM+ZCf1rvUH8ahoOkkS5bA4vNGW0t5gAut5yizo8jkJkWuaohO5
+AcV/Ntyj54a0ciOnOCYrmm48mWnxjsxoEBRQoukrsQ==
 -----END CERTIFICATE-----
diff --git a/certs/server-cert-chain.der b/certs/server-cert-chain.der
index effd41c1d..8a4fab661 100644
Binary files a/certs/server-cert-chain.der and b/certs/server-cert-chain.der differ
diff --git a/certs/server-cert.der b/certs/server-cert.der
index e5cb198f6..91c6fa74d 100644
Binary files a/certs/server-cert.der and b/certs/server-cert.der differ
diff --git a/certs/server-cert.pem b/certs/server-cert.pem
index c0e639feb..6fc3db772 100644
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         4a:ff:b9:e5:85:9b:da:53:66:7f:07:22:bf:b6:19:ea:42:eb:
-         a4:11:07:62:ff:39:5f:33:37:3a:87:26:71:3d:13:b2:ca:b8:
-         64:38:7b:8a:99:48:0e:a5:a4:6b:b1:99:6e:e0:46:51:bd:19:
-         52:ad:bc:a6:7e:2a:7a:7c:23:a7:cc:db:5e:43:7d:6b:04:c8:
-         b7:dd:95:ad:f0:91:80:59:c5:19:91:26:27:91:b8:48:1c:eb:
-         55:b6:aa:7d:a4:38:f1:03:bc:6c:8b:aa:94:d6:3c:05:7a:96:
-         c5:06:f1:26:14:2e:75:fb:dd:e5:35:b3:01:2c:b3:ad:62:5a:
-         21:9a:08:be:56:fc:f9:a2:42:87:86:e5:a9:c5:99:cf:ae:14:
-         be:e0:b9:08:24:0d:1d:5c:d6:14:e1:4c:9f:40:b3:a9:e9:2d:
-         52:8b:4c:bf:ac:44:31:67:c1:8d:06:85:ec:0f:e4:99:d7:4b:
-         7b:21:06:66:d4:e4:f5:9d:ff:8e:f0:86:39:58:1d:a4:5b:e2:
-         63:ef:7c:c9:18:87:a8:02:25:10:3e:87:28:f9:f5:ef:47:9e:
-         a5:80:08:11:90:68:fe:d1:a3:a8:51:b9:37:ff:d5:ca:7c:87:
-         7f:6b:bc:2c:12:c8:c5:85:8b:fc:0c:c6:b9:86:b8:c9:04:c3:
-         51:37:d2:4f
+    Signature Value:
+        8a:f1:4e:e8:9f:59:b2:d9:13:ac:fc:42:c4:81:34:9f:6b:39:
+        57:9c:e9:92:5d:41:ac:05:35:b1:26:93:4d:4a:da:f8:51:82:
+        d2:8d:7f:d3:5c:6e:29:80:8d:9b:02:10:2b:64:f5:d1:31:06:
+        fa:85:2b:8f:63:32:14:76:7a:39:15:f3:4e:dd:fd:e2:2c:90:
+        15:d1:6f:73:87:ee:e6:c8:eb:ad:40:d5:e8:94:1f:a6:7e:26:
+        5b:87:ba:0f:06:5a:4d:55:7a:aa:c4:09:34:8b:f7:e5:cc:d6:
+        b7:6c:46:6d:a1:e6:66:66:4c:4b:e5:12:31:37:54:49:64:a5:
+        66:eb:e0:c6:a1:49:f8:4d:c3:d3:55:a4:05:d2:ac:fb:e1:c8:
+        69:30:4b:98:fd:72:1a:ab:9f:86:eb:0d:bd:7c:a6:3d:81:d9:
+        01:a7:8a:79:ab:3c:ce:e5:b6:c3:1b:ef:7d:5e:37:7b:37:7c:
+        91:89:59:11:21:11:7c:05:80:e1:a8:d6:f9:35:da:1b:86:06:
+        5a:32:67:6c:a9:2b:e0:31:7b:89:53:37:42:af:34:a4:53:d2:
+        7c:91:50:63:3a:8e:4a:1f:a3:90:4e:7c:41:59:1d:eb:7b:a2:
+        14:87:ba:76:36:a4:77:46:34:f2:55:50:f0:24:9f:83:83:da:
+        a6:aa:3c:c8
 -----BEGIN CERTIFICATE-----
 MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
 BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -80,30 +80,30 @@ BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
 M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
 DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFGubcMbxo5RlGaEIWO+njSt6g8HaMAwG
 A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
-hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
-vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
-i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
-JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
-W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
-DMa5hrjJBMNRN9JP
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCK8U7o
+n1my2ROs/ELEgTSfazlXnOmSXUGsBTWxJpNNStr4UYLSjX/TXG4pgI2bAhArZPXR
+MQb6hSuPYzIUdno5FfNO3f3iLJAV0W9zh+7myOutQNXolB+mfiZbh7oPBlpNVXqq
+xAk0i/flzNa3bEZtoeZmZkxL5RIxN1RJZKVm6+DGoUn4TcPTVaQF0qz74chpMEuY
+/XIaq5+G6w29fKY9gdkBp4p5qzzO5bbDG+99Xjd7N3yRiVkRIRF8BYDhqNb5Ndob
+hgZaMmdsqSvgMXuJUzdCrzSkU9J8kVBjOo5KH6OQTnxBWR3re6IUh7p2NqR3RjTy
+VVDwJJ+Dg9qmqjzI
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -130,8 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -139,27 +138,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-comp.der b/certs/server-ecc-comp.der
index b7e15586f..c0063c4b8 100644
Binary files a/certs/server-ecc-comp.der and b/certs/server-ecc-comp.der differ
diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem
index 8af59ab6e..8741568a0 100644
--- a/certs/server-ecc-comp.pem
+++ b/certs/server-ecc-comp.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            21:d7:53:80:24:5c:eb:bf:c0:a4:40:f4:42:19:3b:83:fd:58:c5:a6
+            0c:33:75:68:ff:2e:13:4a:2a:30:56:b4:a8:79:14:e2:c4:ca:61:54
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = Elliptic - comp, OU = Server ECC-comp, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Elliptic - comp, OU = Server ECC-comp, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -24,8 +24,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:21:D7:53:80:24:5C:EB:BF:C0:A4:40:F4:42:19:3B:83:FD:58:C5:A6
-
+                serial:0C:33:75:68:FF:2E:13:4A:2A:30:56:B4:A8:79:14:E2:C4:CA:61:54
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -33,17 +32,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:20:57:1a:59:bc:c9:45:0a:46:e6:16:da:17:ce:c3:
-         0a:57:57:f2:3d:15:cd:ca:1b:a7:a8:39:2e:9d:09:f3:3e:a0:
-         02:21:00:de:a3:3a:4d:88:38:2b:3a:84:de:2f:0a:81:14:57:
-         7f:7f:2e:d6:a5:4d:61:10:69:b9:a2:c6:51:cd:80:4a:63
+    Signature Value:
+        30:45:02:20:23:d1:f6:8f:d4:29:83:27:8f:4a:8e:49:44:49:
+        32:1c:12:e4:c1:33:b1:97:2b:31:cd:62:47:cb:b6:d0:eb:4d:
+        02:21:00:e0:6e:dc:48:70:aa:10:b2:74:d1:88:da:f1:3f:d9:
+        d7:e9:e4:88:e5:91:00:03:c1:0c:1f:54:a0:ca:4d:99:6a
 -----BEGIN CERTIFICATE-----
-MIIDdzCCAx2gAwIBAgIUIddTgCRc67/ApED0Qhk7g/1YxaYwCgYIKoZIzj0EAwIw
+MIIDdzCCAx2gAwIBAgIUDDN1aP8uE0oqMFa0qHkU4sTKYVQwCgYIKoZIzj0EAwIw
 gaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRgwFgYDVQQKDA9FbGxpcHRpYyAtIGNvbXAxGDAWBgNVBAsMD1NlcnZlciBF
 Q0MtY29tcDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTky
-OFowgaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+FhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUz
+MFowgaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRgwFgYDVQQKDA9FbGxpcHRpYyAtIGNvbXAxGDAWBgNVBAsMD1NlcnZl
 ciBFQ0MtY29tcDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
 AQkBFhBpbmZvQHdvbGZzc2wuY29tMDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgAC
@@ -52,9 +52,9 @@ FgQUjDg6a7gkt99u9FmsVk6q4limWhgwgeAGA1UdIwSB2DCB1YAUjDg6a7gkt99u
 9FmsVk6q4limWhihgaakgaMwgaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
 YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA9FbGxpcHRpYyAtIGNvbXAx
 GDAWBgNVBAsMD1NlcnZlciBFQ0MtY29tcDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
-Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQh11OAJFzrv8Ck
-QPRCGTuD/VjFpjAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29t
+Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQMM3Vo/y4TSiow
+VrSoeRTixMphVDAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29t
 hwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqhkjOPQQD
-AgNIADBFAiBXGlm8yUUKRuYW2hfOwwpXV/I9Fc3KG6eoOS6dCfM+oAIhAN6jOk2I
-OCs6hN4vCoEUV39/LtalTWEQabmixlHNgEpj
+AgNIADBFAiAj0faP1CmDJ49KjklESTIcEuTBM7GXKzHNYkfLttDrTQIhAOBu3Ehw
+qhCydNGI2vE/2dfp5IjlkQADwQwfVKDKTZlq
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-rsa.der b/certs/server-ecc-rsa.der
index 3c958432c..f59f0eb9a 100644
Binary files a/certs/server-ecc-rsa.der and b/certs/server-ecc-rsa.der differ
diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem
index 6db0901d5..34e4e6f21 100644
--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Elliptic - RSAsig, OU = ECC-RSAsig, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -25,8 +25,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -34,27 +33,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         16:b7:d3:9c:7c:6e:d2:b7:79:aa:5a:16:0b:1e:da:d0:f7:df:
-         64:c9:3c:b8:41:24:4b:1b:c2:83:5e:df:de:a8:8a:7c:eb:07:
-         75:20:f6:f3:4c:bd:3f:2e:f0:f0:da:4b:c5:d2:c4:f8:db:34:
-         75:e2:32:b4:34:92:8a:7f:d7:84:ea:df:99:ca:64:e6:7c:68:
-         05:1c:75:de:3f:06:65:5d:fc:29:c9:73:0f:4a:ad:fd:bc:0d:
-         91:37:67:63:55:65:93:99:56:84:25:1b:f1:50:03:31:2d:48:
-         ad:a3:38:91:29:88:b8:72:08:4c:11:36:35:20:13:78:98:d8:
-         84:30:c5:7b:70:24:45:8c:e1:55:80:06:5f:19:57:89:58:1c:
-         2a:40:fb:f3:a6:bf:ea:41:7a:79:2c:ab:fe:b6:16:5d:d5:fa:
-         32:50:9d:89:f2:cc:87:7a:57:cf:4d:38:c4:d5:33:9a:4d:83:
-         c9:00:b8:36:66:14:76:20:c1:7a:c7:f7:0a:94:69:ce:0a:0f:
-         81:04:12:5f:71:d0:d1:ff:08:d0:89:6f:ac:45:d3:06:23:a0:
-         76:88:ad:5d:9a:7a:8c:1f:61:d4:d8:21:1d:8e:05:89:d1:d4:
-         d6:86:5b:4b:43:e6:03:4a:10:48:f4:1b:9d:3b:76:d8:2c:ad:
-         fa:33:a5:70
+    Signature Value:
+        38:e8:66:c3:74:e0:5c:59:a9:12:46:ad:84:e3:b3:fa:3e:68:
+        90:d0:06:a4:2c:ab:f7:b3:b9:7c:89:62:fb:88:eb:88:04:d9:
+        4b:ac:7e:4b:4b:7c:7c:0f:e1:dd:73:ee:88:b3:e7:1e:00:7b:
+        fe:aa:24:50:d7:3c:c4:03:f2:ba:fd:81:ce:7a:0c:1c:48:6a:
+        33:ad:a7:f8:f7:ca:f7:00:47:5c:fc:f8:05:98:5f:ec:c3:aa:
+        75:93:03:a1:4e:7a:37:ec:8b:a9:99:fa:76:85:cb:c3:99:29:
+        70:1e:9c:41:f1:49:fd:e8:c0:75:0a:dd:a0:e0:d3:6e:7f:93:
+        7e:4d:2e:ee:a1:c9:db:fc:98:86:bb:67:7d:2f:74:00:10:7c:
+        24:5b:58:f3:5a:ed:96:6e:8f:34:ee:47:46:be:3e:96:25:2b:
+        7c:90:5b:65:24:48:66:5a:79:a6:6a:f5:ed:31:cf:0b:29:c3:
+        f1:ab:91:21:9c:79:99:c9:5c:4c:2b:ac:f1:21:5c:44:07:14:
+        45:e5:e0:84:ce:a3:49:59:8d:94:4a:9d:11:20:c3:d3:fc:ce:
+        8f:2c:38:5b:38:e7:b2:d0:71:9f:3f:de:4e:08:03:f9:11:58:
+        7c:46:04:0a:73:28:68:b8:17:17:02:45:9c:65:96:1a:b3:98:
+        4d:3b:fb:c7
 -----BEGIN CERTIFICATE-----
 MIIEKjCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g
 UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz
 bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO
@@ -64,13 +64,13 @@ BBYEFF1dJu+sfjb5m3YVK0olAiPvsokwMIHUBgNVHSMEgcwwgcmAFCeOZxF0wyYd
 P+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u
 dGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgxEzARBgNV
 BAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB7PZg8nBRCkzRFPq86UQw
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGjlGUZoQhY76eNK3qDwdow
 DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBABa3
-05x8btK3eapaFgse2tD332TJPLhBJEsbwoNe396oinzrB3Ug9vNMvT8u8PDaS8XS
-xPjbNHXiMrQ0kop/14Tq35nKZOZ8aAUcdd4/BmVd/CnJcw9Krf28DZE3Z2NVZZOZ
-VoQlG/FQAzEtSK2jOJEpiLhyCEwRNjUgE3iY2IQwxXtwJEWM4VWABl8ZV4lYHCpA
-+/Omv+pBenksq/62Fl3V+jJQnYnyzId6V89NOMTVM5pNg8kAuDZmFHYgwXrH9wqU
-ac4KD4EEEl9x0NH/CNCJb6xF0wYjoHaIrV2aeowfYdTYIR2OBYnR1NaGW0tD5gNK
-EEj0G507dtgsrfozpXA=
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADjo
+ZsN04FxZqRJGrYTjs/o+aJDQBqQsq/ezuXyJYvuI64gE2UusfktLfHwP4d1z7oiz
+5x4Ae/6qJFDXPMQD8rr9gc56DBxIajOtp/j3yvcAR1z8+AWYX+zDqnWTA6FOejfs
+i6mZ+naFy8OZKXAenEHxSf3owHUK3aDg025/k35NLu6hydv8mIa7Z30vdAAQfCRb
+WPNa7ZZujzTuR0a+PpYlK3yQW2UkSGZaeaZq9e0xzwspw/GrkSGceZnJXEwrrPEh
+XEQHFEXl4ITOo0lZjZRKnREgw9P8zo8sOFs457LQcZ8/3k4IA/kRWHxGBApzKGi4
+FxcCRZxllhqzmE07+8c=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-self.der b/certs/server-ecc-self.der
index fe076d68d..3892b069a 100644
Binary files a/certs/server-ecc-self.der and b/certs/server-ecc-self.der differ
diff --git a/certs/server-ecc-self.pem b/certs/server-ecc-self.pem
index 663c1948b..306b8752a 100644
--- a/certs/server-ecc-self.pem
+++ b/certs/server-ecc-self.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7e:ce:94:a4:69:82:50:e3:fe:e1:ca:d8:ff:0e:5f:8f:c9:b5:2b:5c
+            56:13:5e:22:d3:64:94:86:c6:dd:cf:fd:7f:bf:c9:84:93:ce:15:ca
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:27 2023 GMT
-            Not After : Dec 10 22:19:27 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -28,37 +28,35 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7E:CE:94:A4:69:82:50:E3:FE:E1:CA:D8:FF:0E:5F:8F:C9:B5:2B:5C
-
+                serial:56:13:5E:22:D3:64:94:86:C6:DD:CF:FD:7F:BF:C9:84:93:CE:15:CA
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:b1:ef:00:eb:7b:d1:e0:a8:95:1c:80:c8:11:
-         e3:66:46:fb:ff:f8:55:2f:45:20:98:72:b1:5b:e4:b6:3b:ce:
-         35:02:21:00:d7:b3:b6:bb:fd:41:86:04:a1:61:bd:2b:1c:5f:
-         a0:3d:52:51:97:e3:90:d0:5e:a6:c8:09:23:ae:3d:5c:2a:3c
+    Signature Value:
+        30:45:02:21:00:93:af:89:fe:2f:b2:5c:ac:04:da:f6:2b:73:
+        64:2e:6a:88:66:14:27:74:34:42:f2:13:37:f6:c9:bc:21:26:
+        57:02:20:30:bd:b1:51:c9:55:78:49:78:3d:09:78:dd:eb:d0:
+        23:fe:10:19:cb:b6:a7:64:f4:f8:e0:bd:a2:ff:55:df:e6
 -----BEGIN CERTIFICATE-----
-MIIDYDCCAwWgAwIBAgIUfs6UpGmCUOP+4crY/w5fj8m1K1wwCgYIKoZIzj0EAwIw
+MIIDSTCCAu+gAwIBAgIUVhNeItNklIbG3c/9f7/JhJPOFcowCgYIKoZIzj0EAwIw
 gZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjMxMjEzMjIxOTI3WhcNMzMxMjEwMjIxOTI3WjCBkDELMAkGA1UEBhMC
+b20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBkDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNV
 BAoMCEVsbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49
 AgEGCCqGSM49AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhh
-AumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0idijggE5MIIBNTAJBgNVHRME
+AumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0idijggEjMIIBHzAJBgNVHRME
 AjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUC
-I++yiTAwgdAGA1UdIwSByDCBxYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZakgZMw
-gZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
-ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQD
-DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b22CFH7OlKRpglDj/uHK2P8OX4/JtStcMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUE
-DDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJADBGAiEAse8A63vR4KiVHIDIEeNm
-Rvv/+FUvRSCYcrFb5LY7zjUCIQDXs7a7/UGGBKFhvSscX6A9UlGX45DQXqbICSOu
-PVwqPA==
+I++yiTAwgboGA1UdIwSBsjCBr6GBlqSBkzCBkDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw
+dGljMQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUVhNeItNklIbG3c/9f7/JhJPO
+FcowDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49
+BAMCA0gAMEUCIQCTr4n+L7JcrATa9itzZC5qiGYUJ3Q0QvITN/bJvCEmVwIgML2x
+UclVeEl4PQl43evQI/4QGcu2p2T0+OC9ov9V3+Y=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc.der b/certs/server-ecc.der
index 7d5e07e66..9c3700b33 100644
Binary files a/certs/server-ecc.der and b/certs/server-ecc.der differ
diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem
index 94978a551..d4a2f9f95 100644
--- a/certs/server-ecc.pem
+++ b/certs/server-ecc.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -23,8 +23,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -34,16 +33,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:86:bd:87:16:d2:9c:66:e7:5e:5c:28:0e:5f:
-         ef:94:61:2f:d4:21:6d:8e:c3:94:0a:1e:b5:6a:1d:c6:04:87:
-         c6:02:20:66:46:c4:29:d9:8e:eb:0b:f7:5b:32:13:eb:0a:ea:
-         47:99:4b:74:56:ba:21:97:b1:67:75:5c:f3:f3:c0:88:aa
+    Signature Value:
+        30:45:02:21:00:8b:82:a5:d2:f6:ca:84:ba:ad:2d:de:36:e9:
+        2a:4d:ee:4b:20:46:ba:ab:4e:d0:10:6e:eb:30:b6:7e:d8:af:
+        8c:02:20:06:74:40:6a:a9:31:54:fe:20:9d:c6:6d:2b:df:1d:
+        aa:63:da:fc:97:50:87:92:69:ee:63:57:b6:ec:e2:e9:fa
 -----BEGIN CERTIFICATE-----
 MIICojCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
 bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
@@ -51,7 +51,7 @@ A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
 IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
 K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud
 EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG
-CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAhr2HFtKcZudeXCgO
-X++UYS/UIW2Ow5QKHrVqHcYEh8YCIGZGxCnZjusL91syE+sK6keZS3RWuiGXsWd1
-XPPzwIiq
+CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAi4Kl0vbKhLqtLd42
+6SpN7ksgRrqrTtAQbuswtn7Yr4wCIAZ0QGqpMVT+IJ3GbSvfHapj2vyXUIeSae5j
+V7bs4un6
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc384-cert.der b/certs/server-ecc384-cert.der
index b4410ad4b..2638b193e 100644
Binary files a/certs/server-ecc384-cert.der and b/certs/server-ecc384-cert.der differ
diff --git a/certs/server-ecc384-cert.pem b/certs/server-ecc384-cert.pem
index 21d890987..ba1d04ba1 100644
--- a/certs/server-ecc384-cert.pem
+++ b/certs/server-ecc384-cert.pem
@@ -2,8 +2,8 @@
 MIIDnzCCAyagAwIBAgICEAEwCgYIKoZIzj0EAwMwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTIzMTIx
-MzIyMTkyN1oYDzIwNTMxMjA1MjIxOTI3WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTI0MTIx
+ODIxMjUyOVoYDzIwNTQxMjExMjEyNTI5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw
 dGljMRIwEAYDVQQLDAlFQ0MzODRTcnYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
 bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqGSM49AgEG
@@ -14,9 +14,9 @@ MB0GA1UdDgQWBBSCO/JlL/O0AMa8Bv15QnVLZdHOvDCB1wYDVR0jBIHPMIHMgBSr
 4MMmTBjUcrvShIycCgWSgBJTUqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
-b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFEXB9YZPVPLQmp3y
-n1IKRmavozXTMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAK
-BggqhkjOPQQDAwNnADBkAjA4AvK6JvDpyPBqda/IkyzM90qQIHKbomr7ayhuAG0k
-VENqh4nn4BED4EjmgEZ8FjoCMF4UuUIDJtYCMA8lqknSfpfxmWdSfbKw7eaM/ivj
-z5PuNjtIU2GSWQ1njRNDyi+keg==
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFFaBUbnOIn1WJzbB
+88oeB5Z04brGMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAK
+BggqhkjOPQQDAwNnADBkAjAYATAj5pIDNH3L+oUwPS8ur+j7nhcf+T3/4/EywRUY
+C/cZR0DTEPUTTJP3AOgkC74CMGuLTpj9RxsUyhnVbHMRDEMmCFO04ewoLYSs129j
+OKguYwcZubpKZ42SE1meXjmZOA==
 -----END CERTIFICATE-----
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
index 456297371..8bf60a03f 100644
--- a/certs/server-revoked-cert.pem
+++ b/certs/server-revoked-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_revoked, OU = Support_revoked, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
                     66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         5c:ae:98:a1:97:b7:b7:57:1b:47:32:9d:86:df:aa:5a:95:03:
-         8f:de:04:9f:27:1f:b3:bc:6d:50:63:53:6a:02:83:3d:5b:f6:
-         16:04:4a:04:84:65:d4:68:7c:f3:1d:8f:dc:ff:76:e1:b0:ce:
-         88:b1:31:57:c9:5c:14:bf:ae:b9:ee:82:a0:b0:c3:25:bb:5f:
-         0f:a7:00:fc:dd:73:27:8b:b8:dd:72:63:00:47:38:cb:09:66:
-         7a:0e:fb:8f:c3:6e:de:23:23:47:cd:7f:f0:4c:fa:31:fa:f5:
-         28:cb:2e:1c:3e:0a:92:8a:b2:c7:bd:37:21:39:d2:f6:ee:c4:
-         9c:28:7a:0a:88:8c:ca:ce:7d:e8:c3:a7:3f:bc:44:52:fb:e0:
-         68:95:f2:46:30:0f:1b:fa:ea:92:4c:86:c2:fe:62:48:91:5a:
-         ea:5a:9a:76:8a:23:dd:56:37:27:d8:91:2f:eb:77:eb:b8:30:
-         8e:5a:46:71:96:a2:24:f0:fa:1a:eb:39:cd:70:dc:ea:4e:bd:
-         49:88:4c:57:95:ff:f8:9e:b0:b7:13:10:26:51:3c:4b:bc:70:
-         3a:fc:1d:a2:6f:13:bf:ab:d4:3c:9e:06:ae:3b:6d:03:09:41:
-         e0:07:b0:85:22:09:c1:5d:39:d2:59:04:90:9d:46:20:0b:24:
-         82:82:c3:36
+    Signature Value:
+        45:72:59:97:b2:67:b1:84:57:91:f4:fc:87:4b:18:ce:96:de:
+        bc:90:30:81:f7:39:2a:7d:c2:56:e5:f5:ed:79:e5:7c:e0:81:
+        f1:6d:bd:cf:96:30:f8:9e:57:d7:ab:a8:ab:2e:02:2c:4b:1f:
+        0e:47:50:db:3d:c7:01:3e:7d:3f:d9:ad:fa:97:76:74:9a:2d:
+        5b:67:91:65:27:6b:64:7b:f3:b1:6f:18:0b:ec:7f:fa:ee:8a:
+        26:5b:61:88:f9:08:be:08:c3:b6:fe:c7:b2:14:5c:95:41:31:
+        26:3e:47:be:ee:d7:b4:2d:54:15:be:36:5c:e0:1f:b4:9d:9c:
+        3c:8e:1d:70:8d:c9:5e:35:38:9a:9d:0a:62:d5:8c:30:aa:f5:
+        e6:0e:eb:65:4e:77:cc:96:35:17:70:bb:3b:59:68:fe:4a:cf:
+        d3:39:3e:70:50:ce:df:27:d4:6b:a7:30:a4:a0:55:fa:f5:f2:
+        12:5d:c8:3d:9b:31:ff:7b:2c:55:f1:f6:6f:49:0c:5f:b3:1e:
+        23:91:57:ca:68:88:80:2d:55:f3:4f:1a:d8:b3:81:03:da:f2:
+        f8:01:27:01:c6:69:6e:67:cc:96:45:b5:2b:a5:ed:12:56:75:
+        8b:97:69:2a:7d:76:5a:5e:5a:7d:97:25:f6:94:15:9a:60:92:
+        fd:d5:8e:fc
 -----BEGIN CERTIFICATE-----
 MIIE+DCCA+CgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2
 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s
 ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
@@ -80,30 +80,30 @@ ggFFMIIBQTAdBgNVHQ4EFgQU2AkrWeEq7tnuQKqcq/BdKAlPIrswgdQGA1UdIwSB
 zDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqobAHs
-9mDycFEKTNEU+rzpRDAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG8aOU
+ZRmhCFjvp40reoPB2jAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
 Y29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG
-9w0BAQsFAAOCAQEAXK6YoZe3t1cbRzKdht+qWpUDj94Enycfs7xtUGNTagKDPVv2
-FgRKBIRl1Gh88x2P3P924bDOiLExV8lcFL+uue6CoLDDJbtfD6cA/N1zJ4u43XJj
-AEc4ywlmeg77j8Nu3iMjR81/8Ez6Mfr1KMsuHD4Kkoqyx703ITnS9u7EnCh6CoiM
-ys596MOnP7xEUvvgaJXyRjAPG/rqkkyGwv5iSJFa6lqadooj3VY3J9iRL+t367gw
-jlpGcZaiJPD6Gus5zXDc6k69SYhMV5X/+J6wtxMQJlE8S7xwOvwdom8Tv6vUPJ4G
-rjttAwlB4AewhSIJwV050lkEkJ1GIAskgoLDNg==
+9w0BAQsFAAOCAQEARXJZl7JnsYRXkfT8h0sYzpbevJAwgfc5Kn3CVuX17XnlfOCB
+8W29z5Yw+J5X16uoqy4CLEsfDkdQ2z3HAT59P9mt+pd2dJotW2eRZSdrZHvzsW8Y
+C+x/+u6KJlthiPkIvgjDtv7HshRclUExJj5Hvu7XtC1UFb42XOAftJ2cPI4dcI3J
+XjU4mp0KYtWMMKr15g7rZU53zJY1F3C7O1lo/krP0zk+cFDO3yfUa6cwpKBV+vXy
+El3IPZsx/3ssVfH2b0kMX7MeI5FXymiIgC1V808a2LOBA9ry+AEnAcZpbmfMlkW1
+K6XtElZ1i5dpKn12Wl5afZcl9pQVmmCS/dWO/A==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -130,8 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -139,27 +138,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/sm2/gen-sm2-certs.sh b/certs/sm2/gen-sm2-certs.sh
index af8ad9be6..790e91f50 100755
--- a/certs/sm2/gen-sm2-certs.sh
+++ b/certs/sm2/gen-sm2-certs.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 check_result(){
     if [ $1 -ne 0 ]; then
diff --git a/certs/statickeys/gen-static.sh b/certs/statickeys/gen-static.sh
index 681a77edf..a3fe1d5f9 100644
--- a/certs/statickeys/gen-static.sh
+++ b/certs/statickeys/gen-static.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # run from wolfssl root
 
diff --git a/certs/taoCert.txt b/certs/taoCert.txt
index 0973defb2..a34b517a0 100644
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -95,7 +95,7 @@ to use PKCS#5 v2 instead of v1.5 which is default add
 
 -v2 des3       # file Pkcs8Enc2
 
-to use PKCS#12 instead use -v1 witch a 12 algo like
+to use PKCS#12 instead use -v1 which a 12 algo like
 
 -v1 PBE-SHA1-3DES   # file Pkcs8Enc12 , see man pkcs8 for more info
 -v1 PBE-SHA1-RC4-128   # no longer file Pkcs8Enc12, arc4 now off by default
diff --git a/certs/test-degenerate.p7b b/certs/test-degenerate.p7b
index 80a4ad9e4..00ad6b0fd 100644
Binary files a/certs/test-degenerate.p7b and b/certs/test-degenerate.p7b differ
diff --git a/certs/test-pathlen/assemble-chains.sh b/certs/test-pathlen/assemble-chains.sh
index ff917cece..6a507d885 100755
--- a/certs/test-pathlen/assemble-chains.sh
+++ b/certs/test-pathlen/assemble-chains.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # assemble-chains.sh
 # Create certs and assemble all the certificate CA path test cert chains.
diff --git a/certs/test-pathlen/chainA-ICA1-pathlen0.pem b/certs/test-pathlen/chainA-ICA1-pathlen0.pem
index 43660b280..89c4f4cc7 100644
--- a/certs/test-pathlen/chainA-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainA-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:2b:a1:3f:be:c0:58:bd:3a:bc:0d:19:ac:ca:
                     7f:b9:3b:f0:8c:30:ff:04:b1:34:7e:26:86:96:36:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         2d:e4:7d:d6:d2:cc:93:aa:93:86:cd:e7:da:bb:02:f6:82:e3:
-         09:29:f5:54:0f:e1:d5:51:c1:98:1f:b8:ca:96:9e:1e:f6:5b:
-         e3:67:bb:42:b1:48:2f:61:c6:1f:c4:a6:f4:05:0f:de:65:7f:
-         d5:cc:35:09:fb:48:16:e8:cd:47:1f:63:e2:0f:f9:de:97:6e:
-         76:a2:29:ba:27:cc:0e:f1:b7:31:02:0f:50:ee:c6:80:8a:af:
-         0f:ae:76:51:91:2e:f5:a4:a9:e4:33:cc:9b:07:3c:36:b8:ff:
-         2a:62:86:09:90:b0:ac:f2:8e:7e:59:d0:11:2b:74:53:1a:9b:
-         a6:26:f6:d9:aa:01:81:32:0a:18:be:96:21:be:e7:a2:c9:40:
-         6c:fd:24:8b:6d:28:e5:e9:27:48:ae:8d:d0:5e:6f:c1:de:ef:
-         e3:3d:b6:11:07:42:0e:11:86:6b:03:86:fd:06:69:c5:ac:1d:
-         92:03:be:26:d1:db:78:4c:f0:93:89:32:60:ba:be:83:99:ac:
-         26:c5:aa:35:34:a1:9e:b5:e1:6a:15:83:4b:50:1e:62:3d:5b:
-         65:77:28:0c:24:23:e4:29:0b:90:7c:d4:2f:14:39:01:42:cc:
-         0b:19:a3:bd:46:db:a1:bd:67:5e:0e:41:db:a4:63:8d:22:ed:
-         64:75:d3:99
+    Signature Value:
+        8a:29:93:a3:95:fc:e7:03:9c:5d:3e:14:f0:d0:ac:de:03:fe:
+        43:21:3d:c9:5f:98:42:97:3d:7a:5d:83:fc:73:d1:43:99:67:
+        f8:51:99:d6:94:05:91:c7:44:30:43:6d:ff:a0:56:00:dc:c9:
+        f0:2e:cd:a6:5a:75:bf:30:ff:a3:01:c7:93:d5:a5:63:39:3f:
+        b8:2b:db:76:e9:c9:1b:2a:db:fb:48:3e:3f:87:d9:eb:8e:0e:
+        17:52:fb:01:c3:f6:b8:68:8e:d5:07:9e:59:c1:ac:28:3d:fa:
+        64:02:c5:08:1a:34:ff:37:7e:1c:ec:2d:de:05:ef:0a:5d:98:
+        75:15:6f:19:ce:dd:2a:54:29:54:23:6d:12:f9:39:38:fa:88:
+        dd:65:ad:cf:05:1e:f3:8c:77:77:5f:8a:13:5c:89:6a:ff:e9:
+        d0:80:11:bd:6f:0d:31:34:41:59:c3:60:54:cf:09:10:5d:c3:
+        b2:db:d2:d6:e5:b7:9f:18:f9:d2:42:ef:e7:88:17:31:0a:3a:
+        86:a9:70:f3:28:91:04:64:be:59:ad:d6:33:0f:05:14:13:27:
+        e3:5d:22:01:a0:c4:29:1c:b1:d7:c1:7a:b8:dc:3d:44:b3:ca:
+        81:a4:23:19:c1:59:22:8a:ef:10:54:c0:b2:88:f8:72:e5:9d:
+        0b:a7:df:ec
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQS1JQ0Ex
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFKgQ6sjvTwDN43nD69/2yIadRGwmMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAC3kfdbSzJOqk4bN59q7AvaC4wkp9VQP4dVRwZgfuMqW
-nh72W+Nnu0KxSC9hxh/EpvQFD95lf9XMNQn7SBbozUcfY+IP+d6XbnaiKbonzA7x
-tzECD1DuxoCKrw+udlGRLvWkqeQzzJsHPDa4/ypihgmQsKzyjn5Z0BErdFMam6Ym
-9tmqAYEyChi+liG+56LJQGz9JIttKOXpJ0iujdBeb8He7+M9thEHQg4RhmsDhv0G
-acWsHZIDvibR23hM8JOJMmC6voOZrCbFqjU0oZ614WoVg0tQHmI9W2V3KAwkI+Qp
-C5B81C8UOQFCzAsZo71G26G9Z14OQdukY40i7WR105k=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAIopk6OV/OcDnF0+FPDQrN4D/kMhPclfmEKXPXpdg/xz
+0UOZZ/hRmdaUBZHHRDBDbf+gVgDcyfAuzaZadb8w/6MBx5PVpWM5P7gr23bpyRsq
+2/tIPj+H2euODhdS+wHD9rhojtUHnlnBrCg9+mQCxQgaNP83fhzsLd4F7wpdmHUV
+bxnO3SpUKVQjbRL5OTj6iN1lrc8FHvOMd3dfihNciWr/6dCAEb1vDTE0QVnDYFTP
+CRBdw7Lb0tblt58Y+dJC7+eIFzEKOoapcPMokQRkvlmt1jMPBRQTJ+NdIgGgxCkc
+sdfBerjcPUSzyoGkIxnBWSKK7xBUwLKI+HLlnQun3+w=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainA-assembled.pem b/certs/test-pathlen/chainA-assembled.pem
index 84f6d231f..f01d52cb3 100644
--- a/certs/test-pathlen/chainA-assembled.pem
+++ b/certs/test-pathlen/chainA-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7a:d8:c8:6c:4f:a5:cd:72:25:87:ff:12:a3:
                     65:0e:1d:1f:78:b2:d7:1a:65:a1:e7:4e:bd:05:b5:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         22:20:83:3b:37:08:72:c7:c8:e1:69:f6:01:df:ec:70:8b:60:
-         c4:94:81:37:1d:f4:2a:d3:92:3e:1c:6c:b9:bd:a9:ba:61:b2:
-         1b:1f:b9:71:de:07:b0:5a:50:33:7b:83:22:44:e1:a5:4d:7e:
-         75:5a:09:ee:f2:c4:9a:8a:5d:7d:ad:69:81:bb:a9:86:cf:65:
-         e8:f6:50:2c:1e:e5:15:2b:0b:85:6a:02:26:c0:38:51:04:0f:
-         0a:6f:d1:b8:b4:e4:a4:b5:ae:a2:e6:ce:2c:41:b6:a2:6b:47:
-         82:0d:8a:2b:dd:91:d0:67:09:15:57:03:1e:95:4f:57:06:1a:
-         2a:e8:b6:fd:a7:1f:80:a0:f7:20:39:8b:3f:08:cd:7a:05:c4:
-         7c:72:92:d7:ff:40:a4:6c:10:64:2d:a8:a5:cc:ef:34:ea:49:
-         b0:d9:28:69:5c:c7:d4:41:f5:21:3d:60:74:c7:35:3d:5f:80:
-         78:34:09:60:06:f0:c8:3b:9c:b8:76:64:8e:ea:78:c1:e8:fc:
-         2c:a0:9a:9e:d7:2c:5f:1b:90:05:73:5f:58:c8:ad:2a:ef:b6:
-         a0:f2:f1:9e:f2:7c:48:d8:11:77:e3:0a:d4:26:7d:ad:0f:c1:
-         29:4b:9e:51:bc:a2:4d:98:ad:27:51:f3:1d:b3:2b:6e:00:95:
-         16:ae:3c:11
+    Signature Value:
+        3d:9b:43:ff:c8:94:a9:46:b4:bc:ad:2b:7d:d5:5e:25:43:fa:
+        b1:ac:d6:ab:f6:61:61:60:01:5f:f4:c5:be:a9:f6:6f:ee:e3:
+        8a:eb:7e:ab:28:6b:2d:40:e2:90:75:89:76:b2:75:99:50:32:
+        22:09:df:2b:72:3a:fe:c2:c5:e1:1e:69:9a:eb:62:93:bc:9c:
+        09:6f:3d:49:ce:59:a8:4c:6e:80:a3:32:dc:5e:cf:e7:28:ba:
+        7e:12:72:ba:ef:05:27:e9:38:90:cf:4e:25:f7:af:84:fe:79:
+        1e:23:b1:30:2b:3b:1c:2c:97:d2:c8:dc:c7:b1:ab:5d:d9:47:
+        f8:d2:7e:b4:bd:59:97:99:1d:04:b5:37:a0:41:e7:35:56:fc:
+        d3:b1:66:bb:06:93:3a:e1:71:cf:22:2f:73:38:e6:76:df:e6:
+        34:71:ce:8c:08:6d:84:69:b1:cf:e2:f2:5f:18:70:d7:ef:79:
+        26:26:1c:38:59:b5:55:59:17:a3:07:ed:d3:ac:76:90:08:de:
+        79:29:34:37:ff:6e:7d:2b:9b:53:e8:46:f5:db:e4:3a:3b:aa:
+        c5:32:eb:fe:ca:58:e7:52:90:d8:6c:19:da:1c:90:0d:8e:84:
+        3e:e8:26:cb:2d:4b:23:f1:25:07:ac:b8:2c:7b:db:cc:0e:36:
+        d5:71:82:70
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQS1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkEtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,12 +77,12 @@ VR0jBIG5MIG2gBSoEOrI708AzeN5w+vf9siGnURsJqGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAIiCDOzcIcsfI4Wn2Ad/scItg
-xJSBNx30KtOSPhxsub2pumGyGx+5cd4HsFpQM3uDIkThpU1+dVoJ7vLEmopdfa1p
-gbuphs9l6PZQLB7lFSsLhWoCJsA4UQQPCm/RuLTkpLWuoubOLEG2omtHgg2KK92R
-0GcJFVcDHpVPVwYaKui2/acfgKD3IDmLPwjNegXEfHKS1/9ApGwQZC2opczvNOpJ
-sNkoaVzH1EH1IT1gdMc1PV+AeDQJYAbwyDucuHZkjup4wej8LKCantcsXxuQBXNf
-WMitKu+2oPLxnvJ8SNgRd+MK1CZ9rQ/BKUueUbyiTZitJ1HzHbMrbgCVFq48EQ==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPZtD/8iUqUa0vK0rfdVeJUP6
+sazWq/ZhYWABX/TFvqn2b+7jiut+qyhrLUDikHWJdrJ1mVAyIgnfK3I6/sLF4R5p
+mutik7ycCW89Sc5ZqExugKMy3F7P5yi6fhJyuu8FJ+k4kM9OJfevhP55HiOxMCs7
+HCyX0sjcx7GrXdlH+NJ+tL1Zl5kdBLU3oEHnNVb807FmuwaTOuFxzyIvczjmdt/m
+NHHOjAhthGmxz+LyXxhw1+95JiYcOFm1VVkXowft06x2kAjeeSk0N/9ufSubU+hG
+9dvkOjuqxTLr/spY51KQ2GwZ2hyQDY6EPugmyy1LI/ElB6y4LHvbzA421XGCcA==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:2b:a1:3f:be:c0:58:bd:3a:bc:0d:19:ac:ca:
                     7f:b9:3b:f0:8c:30:ff:04:b1:34:7e:26:86:96:36:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         2d:e4:7d:d6:d2:cc:93:aa:93:86:cd:e7:da:bb:02:f6:82:e3:
-         09:29:f5:54:0f:e1:d5:51:c1:98:1f:b8:ca:96:9e:1e:f6:5b:
-         e3:67:bb:42:b1:48:2f:61:c6:1f:c4:a6:f4:05:0f:de:65:7f:
-         d5:cc:35:09:fb:48:16:e8:cd:47:1f:63:e2:0f:f9:de:97:6e:
-         76:a2:29:ba:27:cc:0e:f1:b7:31:02:0f:50:ee:c6:80:8a:af:
-         0f:ae:76:51:91:2e:f5:a4:a9:e4:33:cc:9b:07:3c:36:b8:ff:
-         2a:62:86:09:90:b0:ac:f2:8e:7e:59:d0:11:2b:74:53:1a:9b:
-         a6:26:f6:d9:aa:01:81:32:0a:18:be:96:21:be:e7:a2:c9:40:
-         6c:fd:24:8b:6d:28:e5:e9:27:48:ae:8d:d0:5e:6f:c1:de:ef:
-         e3:3d:b6:11:07:42:0e:11:86:6b:03:86:fd:06:69:c5:ac:1d:
-         92:03:be:26:d1:db:78:4c:f0:93:89:32:60:ba:be:83:99:ac:
-         26:c5:aa:35:34:a1:9e:b5:e1:6a:15:83:4b:50:1e:62:3d:5b:
-         65:77:28:0c:24:23:e4:29:0b:90:7c:d4:2f:14:39:01:42:cc:
-         0b:19:a3:bd:46:db:a1:bd:67:5e:0e:41:db:a4:63:8d:22:ed:
-         64:75:d3:99
+    Signature Value:
+        8a:29:93:a3:95:fc:e7:03:9c:5d:3e:14:f0:d0:ac:de:03:fe:
+        43:21:3d:c9:5f:98:42:97:3d:7a:5d:83:fc:73:d1:43:99:67:
+        f8:51:99:d6:94:05:91:c7:44:30:43:6d:ff:a0:56:00:dc:c9:
+        f0:2e:cd:a6:5a:75:bf:30:ff:a3:01:c7:93:d5:a5:63:39:3f:
+        b8:2b:db:76:e9:c9:1b:2a:db:fb:48:3e:3f:87:d9:eb:8e:0e:
+        17:52:fb:01:c3:f6:b8:68:8e:d5:07:9e:59:c1:ac:28:3d:fa:
+        64:02:c5:08:1a:34:ff:37:7e:1c:ec:2d:de:05:ef:0a:5d:98:
+        75:15:6f:19:ce:dd:2a:54:29:54:23:6d:12:f9:39:38:fa:88:
+        dd:65:ad:cf:05:1e:f3:8c:77:77:5f:8a:13:5c:89:6a:ff:e9:
+        d0:80:11:bd:6f:0d:31:34:41:59:c3:60:54:cf:09:10:5d:c3:
+        b2:db:d2:d6:e5:b7:9f:18:f9:d2:42:ef:e7:88:17:31:0a:3a:
+        86:a9:70:f3:28:91:04:64:be:59:ad:d6:33:0f:05:14:13:27:
+        e3:5d:22:01:a0:c4:29:1c:b1:d7:c1:7a:b8:dc:3d:44:b3:ca:
+        81:a4:23:19:c1:59:22:8a:ef:10:54:c0:b2:88:f8:72:e5:9d:
+        0b:a7:df:ec
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQS1JQ0Ex
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -164,12 +164,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFKgQ6sjvTwDN43nD69/2yIadRGwmMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAC3kfdbSzJOqk4bN59q7AvaC4wkp9VQP4dVRwZgfuMqW
-nh72W+Nnu0KxSC9hxh/EpvQFD95lf9XMNQn7SBbozUcfY+IP+d6XbnaiKbonzA7x
-tzECD1DuxoCKrw+udlGRLvWkqeQzzJsHPDa4/ypihgmQsKzyjn5Z0BErdFMam6Ym
-9tmqAYEyChi+liG+56LJQGz9JIttKOXpJ0iujdBeb8He7+M9thEHQg4RhmsDhv0G
-acWsHZIDvibR23hM8JOJMmC6voOZrCbFqjU0oZ614WoVg0tQHmI9W2V3KAwkI+Qp
-C5B81C8UOQFCzAsZo71G26G9Z14OQdukY40i7WR105k=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAIopk6OV/OcDnF0+FPDQrN4D/kMhPclfmEKXPXpdg/xz
+0UOZZ/hRmdaUBZHHRDBDbf+gVgDcyfAuzaZadb8w/6MBx5PVpWM5P7gr23bpyRsq
+2/tIPj+H2euODhdS+wHD9rhojtUHnlnBrCg9+mQCxQgaNP83fhzsLd4F7wpdmHUV
+bxnO3SpUKVQjbRL5OTj6iN1lrc8FHvOMd3dfihNciWr/6dCAEb1vDTE0QVnDYFTP
+CRBdw7Lb0tblt58Y+dJC7+eIFzEKOoapcPMokQRkvlmt1jMPBRQTJ+NdIgGgxCkc
+sdfBerjcPUSzyoGkIxnBWSKK7xBUwLKI+HLlnQun3+w=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainA-entity.pem b/certs/test-pathlen/chainA-entity.pem
index 52ed4c9d2..59a9aaf9c 100644
--- a/certs/test-pathlen/chainA-entity.pem
+++ b/certs/test-pathlen/chainA-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7a:d8:c8:6c:4f:a5:cd:72:25:87:ff:12:a3:
                     65:0e:1d:1f:78:b2:d7:1a:65:a1:e7:4e:bd:05:b5:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         22:20:83:3b:37:08:72:c7:c8:e1:69:f6:01:df:ec:70:8b:60:
-         c4:94:81:37:1d:f4:2a:d3:92:3e:1c:6c:b9:bd:a9:ba:61:b2:
-         1b:1f:b9:71:de:07:b0:5a:50:33:7b:83:22:44:e1:a5:4d:7e:
-         75:5a:09:ee:f2:c4:9a:8a:5d:7d:ad:69:81:bb:a9:86:cf:65:
-         e8:f6:50:2c:1e:e5:15:2b:0b:85:6a:02:26:c0:38:51:04:0f:
-         0a:6f:d1:b8:b4:e4:a4:b5:ae:a2:e6:ce:2c:41:b6:a2:6b:47:
-         82:0d:8a:2b:dd:91:d0:67:09:15:57:03:1e:95:4f:57:06:1a:
-         2a:e8:b6:fd:a7:1f:80:a0:f7:20:39:8b:3f:08:cd:7a:05:c4:
-         7c:72:92:d7:ff:40:a4:6c:10:64:2d:a8:a5:cc:ef:34:ea:49:
-         b0:d9:28:69:5c:c7:d4:41:f5:21:3d:60:74:c7:35:3d:5f:80:
-         78:34:09:60:06:f0:c8:3b:9c:b8:76:64:8e:ea:78:c1:e8:fc:
-         2c:a0:9a:9e:d7:2c:5f:1b:90:05:73:5f:58:c8:ad:2a:ef:b6:
-         a0:f2:f1:9e:f2:7c:48:d8:11:77:e3:0a:d4:26:7d:ad:0f:c1:
-         29:4b:9e:51:bc:a2:4d:98:ad:27:51:f3:1d:b3:2b:6e:00:95:
-         16:ae:3c:11
+    Signature Value:
+        3d:9b:43:ff:c8:94:a9:46:b4:bc:ad:2b:7d:d5:5e:25:43:fa:
+        b1:ac:d6:ab:f6:61:61:60:01:5f:f4:c5:be:a9:f6:6f:ee:e3:
+        8a:eb:7e:ab:28:6b:2d:40:e2:90:75:89:76:b2:75:99:50:32:
+        22:09:df:2b:72:3a:fe:c2:c5:e1:1e:69:9a:eb:62:93:bc:9c:
+        09:6f:3d:49:ce:59:a8:4c:6e:80:a3:32:dc:5e:cf:e7:28:ba:
+        7e:12:72:ba:ef:05:27:e9:38:90:cf:4e:25:f7:af:84:fe:79:
+        1e:23:b1:30:2b:3b:1c:2c:97:d2:c8:dc:c7:b1:ab:5d:d9:47:
+        f8:d2:7e:b4:bd:59:97:99:1d:04:b5:37:a0:41:e7:35:56:fc:
+        d3:b1:66:bb:06:93:3a:e1:71:cf:22:2f:73:38:e6:76:df:e6:
+        34:71:ce:8c:08:6d:84:69:b1:cf:e2:f2:5f:18:70:d7:ef:79:
+        26:26:1c:38:59:b5:55:59:17:a3:07:ed:d3:ac:76:90:08:de:
+        79:29:34:37:ff:6e:7d:2b:9b:53:e8:46:f5:db:e4:3a:3b:aa:
+        c5:32:eb:fe:ca:58:e7:52:90:d8:6c:19:da:1c:90:0d:8e:84:
+        3e:e8:26:cb:2d:4b:23:f1:25:07:ac:b8:2c:7b:db:cc:0e:36:
+        d5:71:82:70
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQS1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkEtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,10 +77,10 @@ VR0jBIG5MIG2gBSoEOrI708AzeN5w+vf9siGnURsJqGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAIiCDOzcIcsfI4Wn2Ad/scItg
-xJSBNx30KtOSPhxsub2pumGyGx+5cd4HsFpQM3uDIkThpU1+dVoJ7vLEmopdfa1p
-gbuphs9l6PZQLB7lFSsLhWoCJsA4UQQPCm/RuLTkpLWuoubOLEG2omtHgg2KK92R
-0GcJFVcDHpVPVwYaKui2/acfgKD3IDmLPwjNegXEfHKS1/9ApGwQZC2opczvNOpJ
-sNkoaVzH1EH1IT1gdMc1PV+AeDQJYAbwyDucuHZkjup4wej8LKCantcsXxuQBXNf
-WMitKu+2oPLxnvJ8SNgRd+MK1CZ9rQ/BKUueUbyiTZitJ1HzHbMrbgCVFq48EQ==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPZtD/8iUqUa0vK0rfdVeJUP6
+sazWq/ZhYWABX/TFvqn2b+7jiut+qyhrLUDikHWJdrJ1mVAyIgnfK3I6/sLF4R5p
+mutik7ycCW89Sc5ZqExugKMy3F7P5yi6fhJyuu8FJ+k4kM9OJfevhP55HiOxMCs7
+HCyX0sjcx7GrXdlH+NJ+tL1Zl5kdBLU3oEHnNVb807FmuwaTOuFxzyIvczjmdt/m
+NHHOjAhthGmxz+LyXxhw1+95JiYcOFm1VVkXowft06x2kAjeeSk0N/9ufSubU+hG
+9dvkOjuqxTLr/spY51KQ2GwZ2hyQDY6EPugmyy1LI/ElB6y4LHvbzA421XGCcA==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-ICA1-pathlen0.pem b/certs/test-pathlen/chainB-ICA1-pathlen0.pem
index f850ed0d3..d52bd5b08 100644
--- a/certs/test-pathlen/chainB-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainB-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:f7:aa:ae:91:d1:24:41:52:a1:22:e0:d3:97:
                     9b:e0:0c:94:9c:4a:e4:b3:85:ae:a9:43:9f:ec:7a:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6c:32:8c:c0:5a:4b:18:32:75:8d:04:83:3a:7d:0a:53:81:31:
-         ef:7e:47:8b:f3:69:c4:c5:16:82:70:fb:26:9f:f7:c9:d9:07:
-         80:45:40:e5:fd:22:f4:a9:90:b4:53:89:20:7d:8c:71:77:35:
-         50:79:39:8d:1c:a4:e5:0a:cb:d4:07:34:fd:76:3b:e7:4e:b5:
-         ca:6b:97:4b:e4:48:3c:28:5c:7b:6f:34:fc:f8:34:65:5a:d4:
-         33:a8:4f:6c:a7:c5:c9:2b:95:48:1a:d2:da:50:45:50:2a:b9:
-         16:dc:6a:6a:64:f1:52:55:7c:25:f8:35:4e:8e:86:f1:01:78:
-         56:11:10:6e:92:d0:45:6a:9d:03:a0:a3:b8:3b:97:fb:2d:a8:
-         1f:83:9d:d0:d9:af:8b:77:08:a2:0d:8e:15:18:97:7e:4b:d9:
-         6f:48:cd:a5:6e:04:29:e4:ba:c4:63:e7:a1:b1:bf:22:71:75:
-         24:da:6f:73:0f:d3:fc:84:af:68:3c:3d:c5:e0:72:f3:b8:2e:
-         8b:5f:d9:00:c6:7e:59:4e:b9:f4:12:a7:df:88:d0:67:f9:40:
-         17:4f:25:af:72:b7:a5:ee:b2:69:3b:b2:fe:a7:1b:6b:39:e6:
-         be:89:0e:ed:74:87:7e:25:bd:3d:c7:f6:f1:d9:10:47:1c:54:
-         47:0c:77:31
+    Signature Value:
+        6e:b4:42:22:b0:05:a2:fb:dd:ef:4d:8f:2d:ed:c8:3d:79:41:
+        5b:6e:23:ca:c4:39:5e:9f:69:42:12:fc:08:15:af:ee:39:7a:
+        cb:60:8b:9b:1f:77:9a:7a:1c:f0:49:86:50:2d:48:d3:5f:07:
+        94:45:e2:96:b6:e5:22:04:44:ea:fd:48:5b:13:d1:a8:89:57:
+        14:df:bb:e0:17:26:02:99:32:2e:92:4f:34:8d:c3:7d:a3:d7:
+        0a:ae:86:80:23:a0:fe:ba:99:ab:38:07:d6:4f:70:ba:77:49:
+        0f:ab:af:c7:2f:6f:00:3d:aa:95:ea:40:5a:de:5e:fe:7f:54:
+        48:aa:e0:1c:06:fd:7c:bb:8e:da:4c:a7:a4:b9:12:5e:65:ad:
+        5d:f6:dc:40:18:1e:4a:4f:da:5d:fa:ff:14:e7:0d:d5:f3:aa:
+        9d:72:4d:be:ae:02:73:65:3c:7a:95:e8:31:01:0f:83:73:25:
+        1b:88:a7:18:38:69:71:3e:0d:b2:cb:a1:43:a1:ba:e3:6a:b5:
+        c3:5e:cb:82:3b:cb:9d:86:a5:1e:1f:c4:b7:c8:c8:15:4f:9c:
+        fc:29:c5:86:09:9d:a2:51:40:19:66:df:66:fa:8e:d1:3a:33:
+        c4:eb:71:4a:03:3e:9c:d8:4a:29:15:9c:03:40:5a:8e:ff:ab:
+        f6:19:b4:f0
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkItSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAGwyjMBaSxgydY0Egzp9ClOBMe9+R4vzacTFFoJw+yaf98nZB4BF
-QOX9IvSpkLRTiSB9jHF3NVB5OY0cpOUKy9QHNP12O+dOtcprl0vkSDwoXHtvNPz4
-NGVa1DOoT2ynxckrlUga0tpQRVAquRbcampk8VJVfCX4NU6OhvEBeFYREG6S0EVq
-nQOgo7g7l/stqB+DndDZr4t3CKINjhUYl35L2W9IzaVuBCnkusRj56GxvyJxdSTa
-b3MP0/yEr2g8PcXgcvO4Lotf2QDGfllOufQSp9+I0Gf5QBdPJa9yt6Xusmk7sv6n
-G2s55r6JDu10h34lvT3H9vHZEEccVEcMdzE=
+AQELBQADggEBAG60QiKwBaL73e9Njy3tyD15QVtuI8rEOV6faUIS/AgVr+45estg
+i5sfd5p6HPBJhlAtSNNfB5RF4pa25SIEROr9SFsT0aiJVxTfu+AXJgKZMi6STzSN
+w32j1wquhoAjoP66mas4B9ZPcLp3SQ+rr8cvbwA9qpXqQFreXv5/VEiq4BwG/Xy7
+jtpMp6S5El5lrV323EAYHkpP2l36/xTnDdXzqp1yTb6uAnNlPHqV6DEBD4NzJRuI
+pxg4aXE+DbLLoUOhuuNqtcNey4I7y52GpR4fxLfIyBVPnPwpxYYJnaJRQBlm32b6
+jtE6M8TrcUoDPpzYSikVnANAWo7/q/YZtPA=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-ICA2-pathlen1.pem b/certs/test-pathlen/chainB-ICA2-pathlen1.pem
index a394e296f..51f1a0df1 100644
--- a/certs/test-pathlen/chainB-ICA2-pathlen1.pem
+++ b/certs/test-pathlen/chainB-ICA2-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7f:82:05:9d:5b:c4:49:e0:3e:1f:87:6e:17:
                     05:eb:e2:0a:d1:d1:a5:f5:cc:be:1d:46:d8:cd:a8:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         10:af:3a:e5:49:81:7e:0f:ef:ad:b4:62:02:de:5b:2f:d7:bd:
-         9c:59:b4:d3:ae:6c:60:12:ba:23:86:ee:34:4e:d5:29:00:1b:
-         6e:1e:6b:05:96:0d:2c:4e:5c:91:74:83:ad:ba:8b:fe:cd:a6:
-         9b:86:94:f7:7f:b4:5e:c9:cb:e6:6e:90:30:53:cb:44:27:f5:
-         0b:37:b9:f0:bc:37:cd:b9:fc:fb:77:03:54:82:b5:d2:97:12:
-         01:36:48:1f:a7:ae:7d:a3:c6:55:9e:c4:0e:0b:76:dc:e8:3c:
-         b0:cc:06:88:be:74:2e:03:82:72:38:80:ca:14:dc:63:82:6e:
-         73:3b:77:e8:c0:4d:e7:0e:8f:7e:9c:65:36:1c:d6:47:40:74:
-         ef:ce:fe:6d:60:83:77:18:c9:3c:9f:f6:06:a5:16:e6:07:53:
-         66:f0:49:42:dd:04:49:59:a9:b9:12:1f:a4:e9:c7:15:fb:34:
-         df:a5:19:62:93:65:6c:ef:66:90:61:fe:0e:19:56:0d:b2:5d:
-         b1:ee:55:40:32:7c:36:ff:54:6e:e4:55:16:7e:57:bd:82:f8:
-         b1:38:de:86:a8:e8:4d:7e:b2:b8:59:ef:79:89:a3:0e:63:39:
-         61:3f:f2:ab:b4:50:eb:74:7c:79:e7:f9:66:91:ff:ea:61:27:
-         df:be:c2:89
+    Signature Value:
+        3d:d1:6d:b2:c8:2a:c3:4a:25:fe:40:4c:df:64:a6:73:66:82:
+        a3:4d:fa:36:bb:16:71:26:3d:01:d6:93:6d:56:2a:cc:7b:4e:
+        4f:bd:79:eb:a1:27:22:61:17:bb:fa:30:0c:be:4e:d9:b2:26:
+        75:0f:f0:2e:87:fc:8d:19:31:2f:30:0d:c7:90:3a:10:14:0d:
+        eb:aa:db:f3:9c:a8:ec:bc:fa:27:ba:a4:ed:9e:37:96:dd:b7:
+        51:a7:3d:09:d3:6a:bb:35:8a:c5:a6:0d:58:30:5b:4f:2f:aa:
+        bb:67:2c:e4:73:6a:ca:10:a0:33:65:83:c6:6e:5b:f4:ed:af:
+        78:31:4e:58:07:15:e1:c3:61:93:d0:91:85:af:a7:39:37:b9:
+        e9:20:86:1c:83:4b:bc:73:80:62:92:08:df:40:7a:f4:8a:11:
+        a8:55:24:9d:69:21:60:ad:64:52:c3:09:f4:57:08:ff:d9:be:
+        a3:26:f8:db:aa:21:68:e6:f1:11:5a:34:d7:e9:18:dd:c5:39:
+        5d:9a:45:5a:c4:86:a3:b3:18:02:c1:17:d1:77:12:9e:1e:c5:
+        46:1b:53:62:97:82:6c:0c:20:25:d6:73:e7:54:5e:a6:d3:27:
+        b6:d7:5c:87:4f:3b:87:50:ec:78:3c:ca:74:df:a7:9f:f8:4c:
+        9e:d4:9d:87
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQi1JQ0Ey
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO5ZnVYLfApFROMVV+Ky8x1kb696MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBABCvOuVJgX4P7620YgLeWy/XvZxZtNOubGASuiOG7jRO
-1SkAG24eawWWDSxOXJF0g626i/7NppuGlPd/tF7Jy+ZukDBTy0Qn9Qs3ufC8N825
-/Pt3A1SCtdKXEgE2SB+nrn2jxlWexA4LdtzoPLDMBoi+dC4DgnI4gMoU3GOCbnM7
-d+jATecOj36cZTYc1kdAdO/O/m1gg3cYyTyf9galFuYHU2bwSULdBElZqbkSH6Tp
-xxX7NN+lGWKTZWzvZpBh/g4ZVg2yXbHuVUAyfDb/VG7kVRZ+V72C+LE43oao6E1+
-srhZ73mJow5jOWE/8qu0UOt0fHnn+WaR/+phJ9++wok=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAD3RbbLIKsNKJf5ATN9kpnNmgqNN+ja7FnEmPQHWk21W
+Ksx7Tk+9eeuhJyJhF7v6MAy+TtmyJnUP8C6H/I0ZMS8wDceQOhAUDeuq2/OcqOy8
++ie6pO2eN5bdt1GnPQnTars1isWmDVgwW08vqrtnLORzasoQoDNlg8ZuW/Ttr3gx
+TlgHFeHDYZPQkYWvpzk3uekghhyDS7xzgGKSCN9AevSKEahVJJ1pIWCtZFLDCfRX
+CP/ZvqMm+NuqIWjm8RFaNNfpGN3FOV2aRVrEhqOzGALBF9F3Ep4exUYbU2KXgmwM
+ICXWc+dUXqbTJ7bXXIdPO4dQ7Hg8ynTfp5/4TJ7UnYc=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-assembled.pem b/certs/test-pathlen/chainB-assembled.pem
index 836d817d4..9d6724c3e 100644
--- a/certs/test-pathlen/chainB-assembled.pem
+++ b/certs/test-pathlen/chainB-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:5f:d9:3d:d7:5b:11:aa:3e:53:31:d0:32:78:
                     87:fb:c0:8e:80:6d:fc:68:73:1f:9c:77:66:16:35:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainB-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         58:2b:2e:33:ed:42:7d:ce:8a:9f:2e:25:2f:7a:66:6f:d0:8a:
-         32:ee:70:b6:a0:ee:6f:ec:0c:52:af:d8:8c:2a:11:9f:f0:f3:
-         6a:41:bd:da:43:ad:82:5d:52:95:e2:6b:95:42:d1:24:09:ba:
-         7d:b5:6b:73:a2:96:3d:72:ba:65:cd:9c:c6:65:52:fb:68:65:
-         cb:55:5d:f5:44:fa:66:72:8c:1c:33:92:a6:37:77:44:16:86:
-         ed:f2:d3:a9:49:ff:aa:05:96:c8:e0:1c:b7:0a:60:e7:46:5e:
-         94:9d:c8:7a:31:41:98:96:38:17:a0:79:e3:1d:a3:13:06:17:
-         2d:b8:fd:6f:34:ed:e3:6d:36:e7:d4:5d:cf:00:4a:ce:a6:ff:
-         1c:87:d8:48:1b:65:b0:d0:72:70:48:15:bd:f1:3c:a9:06:f9:
-         7e:11:c1:43:6c:0b:60:d9:d9:5c:d3:3b:c2:18:eb:3f:82:eb:
-         fd:a5:1a:b2:a2:23:10:c3:30:af:4a:e9:d9:05:f1:e2:4e:e9:
-         41:bd:d7:dd:98:db:91:f2:15:54:4c:82:3d:22:aa:18:e5:e6:
-         df:9b:85:21:63:74:3d:08:a9:2e:35:e2:5e:61:32:78:04:49:
-         91:0d:8c:05:12:90:ec:f5:c5:d2:71:8a:2a:65:5c:b1:d4:14:
-         53:de:9b:98
+    Signature Value:
+        a7:1b:3e:d7:2b:6b:9e:36:3c:5e:53:dc:08:d2:a3:bb:83:aa:
+        1b:37:37:ed:c2:eb:3f:26:c9:34:2e:2c:d6:bd:3b:3c:4a:e1:
+        6d:98:11:ab:6a:0e:c9:2b:87:e9:22:1e:47:cb:f7:71:b9:c5:
+        07:47:5f:fd:15:2a:da:75:9d:7d:aa:f6:88:64:05:65:b4:19:
+        34:14:66:58:6a:d2:06:05:34:b2:07:2b:84:0a:61:39:82:cf:
+        fa:bc:88:b5:e5:cc:ec:07:1d:b5:43:66:5c:3c:ee:9d:39:9b:
+        ac:2c:30:f1:00:00:7a:59:72:b5:5c:11:d0:65:1b:ff:83:76:
+        d1:08:cf:33:45:4c:94:f2:87:af:eb:cd:88:1d:af:a1:b7:3c:
+        6a:64:52:4c:ab:89:b9:30:de:ef:be:d4:d4:a9:c5:f8:e0:74:
+        8e:b3:fb:91:56:74:60:41:f0:a5:b2:44:a0:a7:ea:37:2e:7d:
+        51:65:22:9f:91:59:da:2a:24:ba:69:04:ca:08:cc:b5:aa:a1:
+        28:55:7c:ac:ca:e0:2e:de:2f:c9:a5:d3:30:2b:21:d4:e1:49:
+        f1:82:d6:a6:9d:c7:5d:f6:82:c4:7b:3e:07:e2:ed:19:bf:b9:
+        58:8c:08:9c:06:97:f4:51:cd:c5:23:a6:cb:31:3b:94:62:2f:
+        a6:d9:54:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkItZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBTXkOSGWST5K7gGjrGPM+UsY/EDFqGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFgrLjPt
-Qn3Oip8uJS96Zm/QijLucLag7m/sDFKv2IwqEZ/w82pBvdpDrYJdUpXia5VC0SQJ
-un21a3Oilj1yumXNnMZlUvtoZctVXfVE+mZyjBwzkqY3d0QWhu3y06lJ/6oFlsjg
-HLcKYOdGXpSdyHoxQZiWOBegeeMdoxMGFy24/W807eNtNufUXc8ASs6m/xyH2Egb
-ZbDQcnBIFb3xPKkG+X4RwUNsC2DZ2VzTO8IY6z+C6/2lGrKiIxDDMK9K6dkF8eJO
-6UG9192Y25HyFVRMgj0iqhjl5t+bhSFjdD0IqS414l5hMngESZENjAUSkOz1xdJx
-iiplXLHUFFPem5g=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKcbPtcr
+a542PF5T3AjSo7uDqhs3N+3C6z8myTQuLNa9OzxK4W2YEatqDskrh+kiHkfL93G5
+xQdHX/0VKtp1nX2q9ohkBWW0GTQUZlhq0gYFNLIHK4QKYTmCz/q8iLXlzOwHHbVD
+Zlw87p05m6wsMPEAAHpZcrVcEdBlG/+DdtEIzzNFTJTyh6/rzYgdr6G3PGpkUkyr
+ibkw3u++1NSpxfjgdI6z+5FWdGBB8KWyRKCn6jcufVFlIp+RWdoqJLppBMoIzLWq
+oShVfKzK4C7eL8ml0zArIdThSfGC1qadx132gsR7Pgfi7Rm/uViMCJwGl/RRzcUj
+pssxO5RiL6bZVGo=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:f7:aa:ae:91:d1:24:41:52:a1:22:e0:d3:97:
                     9b:e0:0c:94:9c:4a:e4:b3:85:ae:a9:43:9f:ec:7a:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6c:32:8c:c0:5a:4b:18:32:75:8d:04:83:3a:7d:0a:53:81:31:
-         ef:7e:47:8b:f3:69:c4:c5:16:82:70:fb:26:9f:f7:c9:d9:07:
-         80:45:40:e5:fd:22:f4:a9:90:b4:53:89:20:7d:8c:71:77:35:
-         50:79:39:8d:1c:a4:e5:0a:cb:d4:07:34:fd:76:3b:e7:4e:b5:
-         ca:6b:97:4b:e4:48:3c:28:5c:7b:6f:34:fc:f8:34:65:5a:d4:
-         33:a8:4f:6c:a7:c5:c9:2b:95:48:1a:d2:da:50:45:50:2a:b9:
-         16:dc:6a:6a:64:f1:52:55:7c:25:f8:35:4e:8e:86:f1:01:78:
-         56:11:10:6e:92:d0:45:6a:9d:03:a0:a3:b8:3b:97:fb:2d:a8:
-         1f:83:9d:d0:d9:af:8b:77:08:a2:0d:8e:15:18:97:7e:4b:d9:
-         6f:48:cd:a5:6e:04:29:e4:ba:c4:63:e7:a1:b1:bf:22:71:75:
-         24:da:6f:73:0f:d3:fc:84:af:68:3c:3d:c5:e0:72:f3:b8:2e:
-         8b:5f:d9:00:c6:7e:59:4e:b9:f4:12:a7:df:88:d0:67:f9:40:
-         17:4f:25:af:72:b7:a5:ee:b2:69:3b:b2:fe:a7:1b:6b:39:e6:
-         be:89:0e:ed:74:87:7e:25:bd:3d:c7:f6:f1:d9:10:47:1c:54:
-         47:0c:77:31
+    Signature Value:
+        6e:b4:42:22:b0:05:a2:fb:dd:ef:4d:8f:2d:ed:c8:3d:79:41:
+        5b:6e:23:ca:c4:39:5e:9f:69:42:12:fc:08:15:af:ee:39:7a:
+        cb:60:8b:9b:1f:77:9a:7a:1c:f0:49:86:50:2d:48:d3:5f:07:
+        94:45:e2:96:b6:e5:22:04:44:ea:fd:48:5b:13:d1:a8:89:57:
+        14:df:bb:e0:17:26:02:99:32:2e:92:4f:34:8d:c3:7d:a3:d7:
+        0a:ae:86:80:23:a0:fe:ba:99:ab:38:07:d6:4f:70:ba:77:49:
+        0f:ab:af:c7:2f:6f:00:3d:aa:95:ea:40:5a:de:5e:fe:7f:54:
+        48:aa:e0:1c:06:fd:7c:bb:8e:da:4c:a7:a4:b9:12:5e:65:ad:
+        5d:f6:dc:40:18:1e:4a:4f:da:5d:fa:ff:14:e7:0d:d5:f3:aa:
+        9d:72:4d:be:ae:02:73:65:3c:7a:95:e8:31:01:0f:83:73:25:
+        1b:88:a7:18:38:69:71:3e:0d:b2:cb:a1:43:a1:ba:e3:6a:b5:
+        c3:5e:cb:82:3b:cb:9d:86:a5:1e:1f:c4:b7:c8:c8:15:4f:9c:
+        fc:29:c5:86:09:9d:a2:51:40:19:66:df:66:fa:8e:d1:3a:33:
+        c4:eb:71:4a:03:3e:9c:d8:4a:29:15:9c:03:40:5a:8e:ff:ab:
+        f6:19:b4:f0
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkItSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAGwyjMBaSxgydY0Egzp9ClOBMe9+R4vzacTFFoJw+yaf98nZB4BF
-QOX9IvSpkLRTiSB9jHF3NVB5OY0cpOUKy9QHNP12O+dOtcprl0vkSDwoXHtvNPz4
-NGVa1DOoT2ynxckrlUga0tpQRVAquRbcampk8VJVfCX4NU6OhvEBeFYREG6S0EVq
-nQOgo7g7l/stqB+DndDZr4t3CKINjhUYl35L2W9IzaVuBCnkusRj56GxvyJxdSTa
-b3MP0/yEr2g8PcXgcvO4Lotf2QDGfllOufQSp9+I0Gf5QBdPJa9yt6Xusmk7sv6n
-G2s55r6JDu10h34lvT3H9vHZEEccVEcMdzE=
+AQELBQADggEBAG60QiKwBaL73e9Njy3tyD15QVtuI8rEOV6faUIS/AgVr+45estg
+i5sfd5p6HPBJhlAtSNNfB5RF4pa25SIEROr9SFsT0aiJVxTfu+AXJgKZMi6STzSN
+w32j1wquhoAjoP66mas4B9ZPcLp3SQ+rr8cvbwA9qpXqQFreXv5/VEiq4BwG/Xy7
+jtpMp6S5El5lrV323EAYHkpP2l36/xTnDdXzqp1yTb6uAnNlPHqV6DEBD4NzJRuI
+pxg4aXE+DbLLoUOhuuNqtcNey4I7y52GpR4fxLfIyBVPnPwpxYYJnaJRQBlm32b6
+jtE6M8TrcUoDPpzYSikVnANAWo7/q/YZtPA=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7f:82:05:9d:5b:c4:49:e0:3e:1f:87:6e:17:
                     05:eb:e2:0a:d1:d1:a5:f5:cc:be:1d:46:d8:cd:a8:
@@ -213,34 +213,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         10:af:3a:e5:49:81:7e:0f:ef:ad:b4:62:02:de:5b:2f:d7:bd:
-         9c:59:b4:d3:ae:6c:60:12:ba:23:86:ee:34:4e:d5:29:00:1b:
-         6e:1e:6b:05:96:0d:2c:4e:5c:91:74:83:ad:ba:8b:fe:cd:a6:
-         9b:86:94:f7:7f:b4:5e:c9:cb:e6:6e:90:30:53:cb:44:27:f5:
-         0b:37:b9:f0:bc:37:cd:b9:fc:fb:77:03:54:82:b5:d2:97:12:
-         01:36:48:1f:a7:ae:7d:a3:c6:55:9e:c4:0e:0b:76:dc:e8:3c:
-         b0:cc:06:88:be:74:2e:03:82:72:38:80:ca:14:dc:63:82:6e:
-         73:3b:77:e8:c0:4d:e7:0e:8f:7e:9c:65:36:1c:d6:47:40:74:
-         ef:ce:fe:6d:60:83:77:18:c9:3c:9f:f6:06:a5:16:e6:07:53:
-         66:f0:49:42:dd:04:49:59:a9:b9:12:1f:a4:e9:c7:15:fb:34:
-         df:a5:19:62:93:65:6c:ef:66:90:61:fe:0e:19:56:0d:b2:5d:
-         b1:ee:55:40:32:7c:36:ff:54:6e:e4:55:16:7e:57:bd:82:f8:
-         b1:38:de:86:a8:e8:4d:7e:b2:b8:59:ef:79:89:a3:0e:63:39:
-         61:3f:f2:ab:b4:50:eb:74:7c:79:e7:f9:66:91:ff:ea:61:27:
-         df:be:c2:89
+    Signature Value:
+        3d:d1:6d:b2:c8:2a:c3:4a:25:fe:40:4c:df:64:a6:73:66:82:
+        a3:4d:fa:36:bb:16:71:26:3d:01:d6:93:6d:56:2a:cc:7b:4e:
+        4f:bd:79:eb:a1:27:22:61:17:bb:fa:30:0c:be:4e:d9:b2:26:
+        75:0f:f0:2e:87:fc:8d:19:31:2f:30:0d:c7:90:3a:10:14:0d:
+        eb:aa:db:f3:9c:a8:ec:bc:fa:27:ba:a4:ed:9e:37:96:dd:b7:
+        51:a7:3d:09:d3:6a:bb:35:8a:c5:a6:0d:58:30:5b:4f:2f:aa:
+        bb:67:2c:e4:73:6a:ca:10:a0:33:65:83:c6:6e:5b:f4:ed:af:
+        78:31:4e:58:07:15:e1:c3:61:93:d0:91:85:af:a7:39:37:b9:
+        e9:20:86:1c:83:4b:bc:73:80:62:92:08:df:40:7a:f4:8a:11:
+        a8:55:24:9d:69:21:60:ad:64:52:c3:09:f4:57:08:ff:d9:be:
+        a3:26:f8:db:aa:21:68:e6:f1:11:5a:34:d7:e9:18:dd:c5:39:
+        5d:9a:45:5a:c4:86:a3:b3:18:02:c1:17:d1:77:12:9e:1e:c5:
+        46:1b:53:62:97:82:6c:0c:20:25:d6:73:e7:54:5e:a6:d3:27:
+        b6:d7:5c:87:4f:3b:87:50:ec:78:3c:ca:74:df:a7:9f:f8:4c:
+        9e:d4:9d:87
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQi1JQ0Ey
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -254,12 +254,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO5ZnVYLfApFROMVV+Ky8x1kb696MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBABCvOuVJgX4P7620YgLeWy/XvZxZtNOubGASuiOG7jRO
-1SkAG24eawWWDSxOXJF0g626i/7NppuGlPd/tF7Jy+ZukDBTy0Qn9Qs3ufC8N825
-/Pt3A1SCtdKXEgE2SB+nrn2jxlWexA4LdtzoPLDMBoi+dC4DgnI4gMoU3GOCbnM7
-d+jATecOj36cZTYc1kdAdO/O/m1gg3cYyTyf9galFuYHU2bwSULdBElZqbkSH6Tp
-xxX7NN+lGWKTZWzvZpBh/g4ZVg2yXbHuVUAyfDb/VG7kVRZ+V72C+LE43oao6E1+
-srhZ73mJow5jOWE/8qu0UOt0fHnn+WaR/+phJ9++wok=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAD3RbbLIKsNKJf5ATN9kpnNmgqNN+ja7FnEmPQHWk21W
+Ksx7Tk+9eeuhJyJhF7v6MAy+TtmyJnUP8C6H/I0ZMS8wDceQOhAUDeuq2/OcqOy8
++ie6pO2eN5bdt1GnPQnTars1isWmDVgwW08vqrtnLORzasoQoDNlg8ZuW/Ttr3gx
+TlgHFeHDYZPQkYWvpzk3uekghhyDS7xzgGKSCN9AevSKEahVJJ1pIWCtZFLDCfRX
+CP/ZvqMm+NuqIWjm8RFaNNfpGN3FOV2aRVrEhqOzGALBF9F3Ep4exUYbU2KXgmwM
+ICXWc+dUXqbTJ7bXXIdPO4dQ7Hg8ynTfp5/4TJ7UnYc=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-entity.pem b/certs/test-pathlen/chainB-entity.pem
index d47835316..c5bbb3d8d 100644
--- a/certs/test-pathlen/chainB-entity.pem
+++ b/certs/test-pathlen/chainB-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:5f:d9:3d:d7:5b:11:aa:3e:53:31:d0:32:78:
                     87:fb:c0:8e:80:6d:fc:68:73:1f:9c:77:66:16:35:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainB-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         58:2b:2e:33:ed:42:7d:ce:8a:9f:2e:25:2f:7a:66:6f:d0:8a:
-         32:ee:70:b6:a0:ee:6f:ec:0c:52:af:d8:8c:2a:11:9f:f0:f3:
-         6a:41:bd:da:43:ad:82:5d:52:95:e2:6b:95:42:d1:24:09:ba:
-         7d:b5:6b:73:a2:96:3d:72:ba:65:cd:9c:c6:65:52:fb:68:65:
-         cb:55:5d:f5:44:fa:66:72:8c:1c:33:92:a6:37:77:44:16:86:
-         ed:f2:d3:a9:49:ff:aa:05:96:c8:e0:1c:b7:0a:60:e7:46:5e:
-         94:9d:c8:7a:31:41:98:96:38:17:a0:79:e3:1d:a3:13:06:17:
-         2d:b8:fd:6f:34:ed:e3:6d:36:e7:d4:5d:cf:00:4a:ce:a6:ff:
-         1c:87:d8:48:1b:65:b0:d0:72:70:48:15:bd:f1:3c:a9:06:f9:
-         7e:11:c1:43:6c:0b:60:d9:d9:5c:d3:3b:c2:18:eb:3f:82:eb:
-         fd:a5:1a:b2:a2:23:10:c3:30:af:4a:e9:d9:05:f1:e2:4e:e9:
-         41:bd:d7:dd:98:db:91:f2:15:54:4c:82:3d:22:aa:18:e5:e6:
-         df:9b:85:21:63:74:3d:08:a9:2e:35:e2:5e:61:32:78:04:49:
-         91:0d:8c:05:12:90:ec:f5:c5:d2:71:8a:2a:65:5c:b1:d4:14:
-         53:de:9b:98
+    Signature Value:
+        a7:1b:3e:d7:2b:6b:9e:36:3c:5e:53:dc:08:d2:a3:bb:83:aa:
+        1b:37:37:ed:c2:eb:3f:26:c9:34:2e:2c:d6:bd:3b:3c:4a:e1:
+        6d:98:11:ab:6a:0e:c9:2b:87:e9:22:1e:47:cb:f7:71:b9:c5:
+        07:47:5f:fd:15:2a:da:75:9d:7d:aa:f6:88:64:05:65:b4:19:
+        34:14:66:58:6a:d2:06:05:34:b2:07:2b:84:0a:61:39:82:cf:
+        fa:bc:88:b5:e5:cc:ec:07:1d:b5:43:66:5c:3c:ee:9d:39:9b:
+        ac:2c:30:f1:00:00:7a:59:72:b5:5c:11:d0:65:1b:ff:83:76:
+        d1:08:cf:33:45:4c:94:f2:87:af:eb:cd:88:1d:af:a1:b7:3c:
+        6a:64:52:4c:ab:89:b9:30:de:ef:be:d4:d4:a9:c5:f8:e0:74:
+        8e:b3:fb:91:56:74:60:41:f0:a5:b2:44:a0:a7:ea:37:2e:7d:
+        51:65:22:9f:91:59:da:2a:24:ba:69:04:ca:08:cc:b5:aa:a1:
+        28:55:7c:ac:ca:e0:2e:de:2f:c9:a5:d3:30:2b:21:d4:e1:49:
+        f1:82:d6:a6:9d:c7:5d:f6:82:c4:7b:3e:07:e2:ed:19:bf:b9:
+        58:8c:08:9c:06:97:f4:51:cd:c5:23:a6:cb:31:3b:94:62:2f:
+        a6:d9:54:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkItZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBTXkOSGWST5K7gGjrGPM+UsY/EDFqGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFgrLjPt
-Qn3Oip8uJS96Zm/QijLucLag7m/sDFKv2IwqEZ/w82pBvdpDrYJdUpXia5VC0SQJ
-un21a3Oilj1yumXNnMZlUvtoZctVXfVE+mZyjBwzkqY3d0QWhu3y06lJ/6oFlsjg
-HLcKYOdGXpSdyHoxQZiWOBegeeMdoxMGFy24/W807eNtNufUXc8ASs6m/xyH2Egb
-ZbDQcnBIFb3xPKkG+X4RwUNsC2DZ2VzTO8IY6z+C6/2lGrKiIxDDMK9K6dkF8eJO
-6UG9192Y25HyFVRMgj0iqhjl5t+bhSFjdD0IqS414l5hMngESZENjAUSkOz1xdJx
-iiplXLHUFFPem5g=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKcbPtcr
+a542PF5T3AjSo7uDqhs3N+3C6z8myTQuLNa9OzxK4W2YEatqDskrh+kiHkfL93G5
+xQdHX/0VKtp1nX2q9ohkBWW0GTQUZlhq0gYFNLIHK4QKYTmCz/q8iLXlzOwHHbVD
+Zlw87p05m6wsMPEAAHpZcrVcEdBlG/+DdtEIzzNFTJTyh6/rzYgdr6G3PGpkUkyr
+ibkw3u++1NSpxfjgdI6z+5FWdGBB8KWyRKCn6jcufVFlIp+RWdoqJLppBMoIzLWq
+oShVfKzK4C7eL8ml0zArIdThSfGC1qadx132gsR7Pgfi7Rm/uViMCJwGl/RRzcUj
+pssxO5RiL6bZVGo=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainC-ICA1-pathlen1.pem b/certs/test-pathlen/chainC-ICA1-pathlen1.pem
index bfd767cb7..51ee36cd4 100644
--- a/certs/test-pathlen/chainC-ICA1-pathlen1.pem
+++ b/certs/test-pathlen/chainC-ICA1-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:1a:6c:c1:bd:bb:9b:29:ca:35:3d:63:a3:29:
                     cd:a6:65:c4:9e:a3:c5:50:99:ad:51:90:0a:9a:9b:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         52:84:69:eb:36:71:76:74:41:ab:d8:70:ae:18:64:3f:b1:8d:
-         ef:ad:2f:6b:6b:e5:c3:5e:41:ca:6c:30:23:b5:6b:26:c2:18:
-         fa:b4:97:95:9f:50:16:29:94:5e:91:1b:90:22:db:1e:a8:7f:
-         eb:db:b9:38:d8:7d:8d:f9:1b:b2:c4:ab:0e:10:d4:ae:8e:a3:
-         56:c5:e0:ed:f9:37:eb:ce:1f:93:70:32:2a:aa:30:90:38:02:
-         58:e4:e7:e7:bb:80:64:a0:ef:8d:2f:15:2d:8b:d0:d8:b0:72:
-         0c:63:76:ba:cb:c8:1c:79:34:d9:d3:23:15:c2:b2:da:89:1a:
-         c6:24:16:60:2f:8a:80:fd:ac:cf:3d:0d:eb:1b:e1:ca:aa:37:
-         e5:a1:80:8d:14:e1:ca:94:f2:c4:7c:22:4a:54:f6:e4:e5:db:
-         57:13:a3:fb:9a:63:13:2c:6e:4b:33:cc:1e:de:73:7e:00:b9:
-         8f:3d:bf:ff:af:81:83:31:2e:42:b2:c9:df:23:ae:9a:35:cf:
-         3d:f4:98:fd:dc:58:15:01:41:a7:c0:6c:09:cd:88:39:24:71:
-         10:97:f3:e5:0e:ad:59:77:83:00:a0:03:9e:c8:cb:26:18:d1:
-         a1:60:bd:8a:53:a8:4e:08:0e:57:1e:5b:1d:df:a5:bd:04:01:
-         66:dd:30:2d
+    Signature Value:
+        6d:59:5b:3f:de:5d:19:6a:78:bd:c6:8e:07:7b:74:8b:0c:06:
+        4c:0d:4a:b1:38:76:fd:98:f0:36:34:92:43:49:5e:e7:6c:ab:
+        d2:db:2c:89:03:2f:4b:d1:b7:26:9b:ec:e4:26:b6:02:ec:8c:
+        0d:81:d4:ce:e7:c8:31:29:f2:bd:20:17:48:49:f1:4a:dd:4a:
+        38:d5:4a:59:d4:14:25:ab:3f:7d:36:f0:56:86:1f:49:06:de:
+        28:18:fc:f8:2a:6f:79:f2:d1:c8:10:48:67:5e:ab:38:6a:7c:
+        23:d4:e9:e7:c5:e8:3a:81:c1:95:c1:bd:78:e8:df:bc:b9:cb:
+        52:e8:65:77:df:65:6c:85:b6:84:71:03:59:15:95:7c:ce:63:
+        2c:a8:1f:5d:58:88:5d:51:b3:95:be:91:e8:c5:52:c5:f7:9c:
+        82:16:47:1b:68:05:ed:2e:bf:76:16:e7:f7:2c:d8:df:f8:23:
+        a4:90:38:e6:39:27:0e:7e:0a:68:3d:2c:65:f6:42:06:ca:55:
+        9f:66:fb:4a:44:7c:1b:e6:75:2b:ba:fd:fe:19:05:96:f9:0b:
+        22:f7:9a:82:c2:e1:10:67:c4:3a:26:f9:cb:c2:a5:b8:5c:e3:
+        6a:34:84:4a:7a:84:ab:ef:8e:be:e1:e4:40:66:fd:9b:b7:af:
+        40:ee:60:09
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQy1JQ0Ex
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFJQdLgc3xi9Swex5axPOCZBf9MRRMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAFKEaes2cXZ0QavYcK4YZD+xje+tL2tr5cNeQcpsMCO1
-aybCGPq0l5WfUBYplF6RG5Ai2x6of+vbuTjYfY35G7LEqw4Q1K6Oo1bF4O35N+vO
-H5NwMiqqMJA4Aljk5+e7gGSg740vFS2L0NiwcgxjdrrLyBx5NNnTIxXCstqJGsYk
-FmAvioD9rM89Desb4cqqN+WhgI0U4cqU8sR8IkpU9uTl21cTo/uaYxMsbkszzB7e
-c34AuY89v/+vgYMxLkKyyd8jrpo1zz30mP3cWBUBQafAbAnNiDkkcRCX8+UOrVl3
-gwCgA57IyyYY0aFgvYpTqE4IDlceWx3fpb0EAWbdMC0=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAG1ZWz/eXRlqeL3Gjgd7dIsMBkwNSrE4dv2Y8DY0kkNJ
+Xudsq9LbLIkDL0vRtyab7OQmtgLsjA2B1M7nyDEp8r0gF0hJ8UrdSjjVSlnUFCWr
+P3028FaGH0kG3igY/Pgqb3ny0cgQSGdeqzhqfCPU6efF6DqBwZXBvXjo37y5y1Lo
+ZXffZWyFtoRxA1kVlXzOYyyoH11YiF1Rs5W+kejFUsX3nIIWRxtoBe0uv3YW5/cs
+2N/4I6SQOOY5Jw5+Cmg9LGX2QgbKVZ9m+0pEfBvmdSu6/f4ZBZb5CyL3moLC4RBn
+xDom+cvCpbhc42o0hEp6hKvvjr7h5EBm/Zu3r0DuYAk=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainC-assembled.pem b/certs/test-pathlen/chainC-assembled.pem
index 55e61fa47..0acb7d75b 100644
--- a/certs/test-pathlen/chainC-assembled.pem
+++ b/certs/test-pathlen/chainC-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:34:e1:1c:2c:2d:a4:93:b5:c4:fc:65:40:fa:
                     94:68:74:24:ff:52:a4:df:3e:f1:7c:92:14:f0:f0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         b0:8e:f5:a6:d7:df:13:fb:72:58:82:1e:b8:e8:34:aa:12:cc:
-         39:4e:ad:b7:ff:b7:1b:d4:91:25:12:4f:af:f4:f0:9a:bf:e4:
-         0f:f1:3d:bb:46:e9:c1:61:a5:b1:42:f3:13:75:b1:60:df:ba:
-         36:62:f4:4d:e1:2c:23:ff:92:db:81:dc:72:71:74:00:6b:a2:
-         29:cd:6f:ff:3c:db:35:6c:8c:bf:d5:d4:af:20:78:65:6c:f3:
-         5c:e5:84:22:b6:1c:06:6e:fa:b1:fb:07:3e:76:60:58:36:73:
-         3c:97:ab:5a:27:56:d6:f9:ef:43:34:67:af:57:3e:d2:dc:2e:
-         e7:e4:1c:8b:cb:90:11:1a:b9:8e:01:3f:e4:a2:6c:93:b3:90:
-         cd:6c:05:1e:d7:2f:7a:00:de:00:be:e6:35:4c:25:fc:19:96:
-         27:9f:0d:0b:a8:9d:14:d9:89:4b:13:ec:53:e9:f9:31:b7:3f:
-         95:61:7e:b3:bb:32:a3:f1:94:53:49:b4:f5:c8:ee:83:0d:69:
-         5c:89:c3:21:e4:a5:d0:9c:af:30:af:64:e3:78:53:d5:5e:72:
-         2b:d8:d7:7a:45:03:ba:9f:93:c9:fb:8d:cc:94:41:d5:2a:eb:
-         87:ee:9f:c8:bf:ca:d1:6e:92:6b:96:af:20:6e:a5:42:9b:1d:
-         8b:2b:ad:d5
+    Signature Value:
+        7a:cd:a8:f1:f4:70:c1:61:8a:a7:f6:5a:49:83:32:7f:02:d1:
+        39:f6:56:cd:49:16:11:78:d5:13:a3:a0:f1:22:a5:97:5c:86:
+        ec:15:1d:07:89:8b:9a:49:1e:3f:7f:77:e7:de:97:56:ee:51:
+        28:ff:3a:71:52:22:bf:4c:99:ef:6b:76:0d:a8:81:4a:f8:db:
+        73:ba:b0:f4:e9:5d:e9:08:7c:b8:8a:87:aa:95:5e:da:f4:ab:
+        2a:4f:53:ae:02:fc:ba:26:93:ab:41:27:4a:78:9f:2a:7f:7a:
+        27:57:23:d3:36:aa:b0:c9:45:9c:09:7d:41:f2:71:fe:21:3e:
+        e7:b2:86:35:a8:bf:df:d3:74:8e:b2:ff:41:70:9c:40:38:2f:
+        4f:ec:b2:d1:b6:30:4c:a7:55:c5:60:19:e7:e7:c3:5f:84:fc:
+        59:70:62:83:00:eb:d7:8a:3b:a3:bd:cf:00:74:39:65:cf:ab:
+        0a:60:12:c8:51:d7:3d:96:2e:b5:d6:e5:2e:00:69:85:c7:39:
+        c3:db:70:ee:94:82:56:54:78:72:26:7f:12:64:e6:c6:9b:24:
+        7c:e2:79:72:13:8a:4c:47:d9:45:e0:82:b7:17:61:b5:c0:c4:
+        0f:10:fb:9d:ca:a3:54:b9:a1:01:71:44:07:27:c2:39:1d:89:
+        39:b9:00:23
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQy1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkMtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,12 +77,12 @@ VR0jBIG5MIG2gBSUHS4HN8YvUsHseWsTzgmQX/TEUaGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAsI71ptffE/tyWIIeuOg0qhLM
-OU6tt/+3G9SRJRJPr/Twmr/kD/E9u0bpwWGlsULzE3WxYN+6NmL0TeEsI/+S24Hc
-cnF0AGuiKc1v/zzbNWyMv9XUryB4ZWzzXOWEIrYcBm76sfsHPnZgWDZzPJerWidW
-1vnvQzRnr1c+0twu5+Qci8uQERq5jgE/5KJsk7OQzWwFHtcvegDeAL7mNUwl/BmW
-J58NC6idFNmJSxPsU+n5Mbc/lWF+s7syo/GUU0m09cjugw1pXInDIeSl0JyvMK9k
-43hT1V5yK9jXekUDup+TyfuNzJRB1Srrh+6fyL/K0W6Sa5avIG6lQpsdiyut1Q==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAes2o8fRwwWGKp/ZaSYMyfwLR
+OfZWzUkWEXjVE6Og8SKll1yG7BUdB4mLmkkeP393596XVu5RKP86cVIiv0yZ72t2
+DaiBSvjbc7qw9Old6Qh8uIqHqpVe2vSrKk9TrgL8uiaTq0EnSnifKn96J1cj0zaq
+sMlFnAl9QfJx/iE+57KGNai/39N0jrL/QXCcQDgvT+yy0bYwTKdVxWAZ5+fDX4T8
+WXBigwDr14o7o73PAHQ5Zc+rCmASyFHXPZYutdblLgBphcc5w9tw7pSCVlR4ciZ/
+EmTmxpskfOJ5chOKTEfZReCCtxdhtcDEDxD7ncqjVLmhAXFEByfCOR2JObkAIw==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:1a:6c:c1:bd:bb:9b:29:ca:35:3d:63:a3:29:
                     cd:a6:65:c4:9e:a3:c5:50:99:ad:51:90:0a:9a:9b:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         52:84:69:eb:36:71:76:74:41:ab:d8:70:ae:18:64:3f:b1:8d:
-         ef:ad:2f:6b:6b:e5:c3:5e:41:ca:6c:30:23:b5:6b:26:c2:18:
-         fa:b4:97:95:9f:50:16:29:94:5e:91:1b:90:22:db:1e:a8:7f:
-         eb:db:b9:38:d8:7d:8d:f9:1b:b2:c4:ab:0e:10:d4:ae:8e:a3:
-         56:c5:e0:ed:f9:37:eb:ce:1f:93:70:32:2a:aa:30:90:38:02:
-         58:e4:e7:e7:bb:80:64:a0:ef:8d:2f:15:2d:8b:d0:d8:b0:72:
-         0c:63:76:ba:cb:c8:1c:79:34:d9:d3:23:15:c2:b2:da:89:1a:
-         c6:24:16:60:2f:8a:80:fd:ac:cf:3d:0d:eb:1b:e1:ca:aa:37:
-         e5:a1:80:8d:14:e1:ca:94:f2:c4:7c:22:4a:54:f6:e4:e5:db:
-         57:13:a3:fb:9a:63:13:2c:6e:4b:33:cc:1e:de:73:7e:00:b9:
-         8f:3d:bf:ff:af:81:83:31:2e:42:b2:c9:df:23:ae:9a:35:cf:
-         3d:f4:98:fd:dc:58:15:01:41:a7:c0:6c:09:cd:88:39:24:71:
-         10:97:f3:e5:0e:ad:59:77:83:00:a0:03:9e:c8:cb:26:18:d1:
-         a1:60:bd:8a:53:a8:4e:08:0e:57:1e:5b:1d:df:a5:bd:04:01:
-         66:dd:30:2d
+    Signature Value:
+        6d:59:5b:3f:de:5d:19:6a:78:bd:c6:8e:07:7b:74:8b:0c:06:
+        4c:0d:4a:b1:38:76:fd:98:f0:36:34:92:43:49:5e:e7:6c:ab:
+        d2:db:2c:89:03:2f:4b:d1:b7:26:9b:ec:e4:26:b6:02:ec:8c:
+        0d:81:d4:ce:e7:c8:31:29:f2:bd:20:17:48:49:f1:4a:dd:4a:
+        38:d5:4a:59:d4:14:25:ab:3f:7d:36:f0:56:86:1f:49:06:de:
+        28:18:fc:f8:2a:6f:79:f2:d1:c8:10:48:67:5e:ab:38:6a:7c:
+        23:d4:e9:e7:c5:e8:3a:81:c1:95:c1:bd:78:e8:df:bc:b9:cb:
+        52:e8:65:77:df:65:6c:85:b6:84:71:03:59:15:95:7c:ce:63:
+        2c:a8:1f:5d:58:88:5d:51:b3:95:be:91:e8:c5:52:c5:f7:9c:
+        82:16:47:1b:68:05:ed:2e:bf:76:16:e7:f7:2c:d8:df:f8:23:
+        a4:90:38:e6:39:27:0e:7e:0a:68:3d:2c:65:f6:42:06:ca:55:
+        9f:66:fb:4a:44:7c:1b:e6:75:2b:ba:fd:fe:19:05:96:f9:0b:
+        22:f7:9a:82:c2:e1:10:67:c4:3a:26:f9:cb:c2:a5:b8:5c:e3:
+        6a:34:84:4a:7a:84:ab:ef:8e:be:e1:e4:40:66:fd:9b:b7:af:
+        40:ee:60:09
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQy1JQ0Ex
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -164,12 +164,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFJQdLgc3xi9Swex5axPOCZBf9MRRMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAFKEaes2cXZ0QavYcK4YZD+xje+tL2tr5cNeQcpsMCO1
-aybCGPq0l5WfUBYplF6RG5Ai2x6of+vbuTjYfY35G7LEqw4Q1K6Oo1bF4O35N+vO
-H5NwMiqqMJA4Aljk5+e7gGSg740vFS2L0NiwcgxjdrrLyBx5NNnTIxXCstqJGsYk
-FmAvioD9rM89Desb4cqqN+WhgI0U4cqU8sR8IkpU9uTl21cTo/uaYxMsbkszzB7e
-c34AuY89v/+vgYMxLkKyyd8jrpo1zz30mP3cWBUBQafAbAnNiDkkcRCX8+UOrVl3
-gwCgA57IyyYY0aFgvYpTqE4IDlceWx3fpb0EAWbdMC0=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAG1ZWz/eXRlqeL3Gjgd7dIsMBkwNSrE4dv2Y8DY0kkNJ
+Xudsq9LbLIkDL0vRtyab7OQmtgLsjA2B1M7nyDEp8r0gF0hJ8UrdSjjVSlnUFCWr
+P3028FaGH0kG3igY/Pgqb3ny0cgQSGdeqzhqfCPU6efF6DqBwZXBvXjo37y5y1Lo
+ZXffZWyFtoRxA1kVlXzOYyyoH11YiF1Rs5W+kejFUsX3nIIWRxtoBe0uv3YW5/cs
+2N/4I6SQOOY5Jw5+Cmg9LGX2QgbKVZ9m+0pEfBvmdSu6/f4ZBZb5CyL3moLC4RBn
+xDom+cvCpbhc42o0hEp6hKvvjr7h5EBm/Zu3r0DuYAk=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainC-entity.pem b/certs/test-pathlen/chainC-entity.pem
index f361a8979..c0097c6bc 100644
--- a/certs/test-pathlen/chainC-entity.pem
+++ b/certs/test-pathlen/chainC-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:34:e1:1c:2c:2d:a4:93:b5:c4:fc:65:40:fa:
                     94:68:74:24:ff:52:a4:df:3e:f1:7c:92:14:f0:f0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         b0:8e:f5:a6:d7:df:13:fb:72:58:82:1e:b8:e8:34:aa:12:cc:
-         39:4e:ad:b7:ff:b7:1b:d4:91:25:12:4f:af:f4:f0:9a:bf:e4:
-         0f:f1:3d:bb:46:e9:c1:61:a5:b1:42:f3:13:75:b1:60:df:ba:
-         36:62:f4:4d:e1:2c:23:ff:92:db:81:dc:72:71:74:00:6b:a2:
-         29:cd:6f:ff:3c:db:35:6c:8c:bf:d5:d4:af:20:78:65:6c:f3:
-         5c:e5:84:22:b6:1c:06:6e:fa:b1:fb:07:3e:76:60:58:36:73:
-         3c:97:ab:5a:27:56:d6:f9:ef:43:34:67:af:57:3e:d2:dc:2e:
-         e7:e4:1c:8b:cb:90:11:1a:b9:8e:01:3f:e4:a2:6c:93:b3:90:
-         cd:6c:05:1e:d7:2f:7a:00:de:00:be:e6:35:4c:25:fc:19:96:
-         27:9f:0d:0b:a8:9d:14:d9:89:4b:13:ec:53:e9:f9:31:b7:3f:
-         95:61:7e:b3:bb:32:a3:f1:94:53:49:b4:f5:c8:ee:83:0d:69:
-         5c:89:c3:21:e4:a5:d0:9c:af:30:af:64:e3:78:53:d5:5e:72:
-         2b:d8:d7:7a:45:03:ba:9f:93:c9:fb:8d:cc:94:41:d5:2a:eb:
-         87:ee:9f:c8:bf:ca:d1:6e:92:6b:96:af:20:6e:a5:42:9b:1d:
-         8b:2b:ad:d5
+    Signature Value:
+        7a:cd:a8:f1:f4:70:c1:61:8a:a7:f6:5a:49:83:32:7f:02:d1:
+        39:f6:56:cd:49:16:11:78:d5:13:a3:a0:f1:22:a5:97:5c:86:
+        ec:15:1d:07:89:8b:9a:49:1e:3f:7f:77:e7:de:97:56:ee:51:
+        28:ff:3a:71:52:22:bf:4c:99:ef:6b:76:0d:a8:81:4a:f8:db:
+        73:ba:b0:f4:e9:5d:e9:08:7c:b8:8a:87:aa:95:5e:da:f4:ab:
+        2a:4f:53:ae:02:fc:ba:26:93:ab:41:27:4a:78:9f:2a:7f:7a:
+        27:57:23:d3:36:aa:b0:c9:45:9c:09:7d:41:f2:71:fe:21:3e:
+        e7:b2:86:35:a8:bf:df:d3:74:8e:b2:ff:41:70:9c:40:38:2f:
+        4f:ec:b2:d1:b6:30:4c:a7:55:c5:60:19:e7:e7:c3:5f:84:fc:
+        59:70:62:83:00:eb:d7:8a:3b:a3:bd:cf:00:74:39:65:cf:ab:
+        0a:60:12:c8:51:d7:3d:96:2e:b5:d6:e5:2e:00:69:85:c7:39:
+        c3:db:70:ee:94:82:56:54:78:72:26:7f:12:64:e6:c6:9b:24:
+        7c:e2:79:72:13:8a:4c:47:d9:45:e0:82:b7:17:61:b5:c0:c4:
+        0f:10:fb:9d:ca:a3:54:b9:a1:01:71:44:07:27:c2:39:1d:89:
+        39:b9:00:23
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQy1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkMtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,10 +77,10 @@ VR0jBIG5MIG2gBSUHS4HN8YvUsHseWsTzgmQX/TEUaGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAsI71ptffE/tyWIIeuOg0qhLM
-OU6tt/+3G9SRJRJPr/Twmr/kD/E9u0bpwWGlsULzE3WxYN+6NmL0TeEsI/+S24Hc
-cnF0AGuiKc1v/zzbNWyMv9XUryB4ZWzzXOWEIrYcBm76sfsHPnZgWDZzPJerWidW
-1vnvQzRnr1c+0twu5+Qci8uQERq5jgE/5KJsk7OQzWwFHtcvegDeAL7mNUwl/BmW
-J58NC6idFNmJSxPsU+n5Mbc/lWF+s7syo/GUU0m09cjugw1pXInDIeSl0JyvMK9k
-43hT1V5yK9jXekUDup+TyfuNzJRB1Srrh+6fyL/K0W6Sa5avIG6lQpsdiyut1Q==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAes2o8fRwwWGKp/ZaSYMyfwLR
+OfZWzUkWEXjVE6Og8SKll1yG7BUdB4mLmkkeP393596XVu5RKP86cVIiv0yZ72t2
+DaiBSvjbc7qw9Old6Qh8uIqHqpVe2vSrKk9TrgL8uiaTq0EnSnifKn96J1cj0zaq
+sMlFnAl9QfJx/iE+57KGNai/39N0jrL/QXCcQDgvT+yy0bYwTKdVxWAZ5+fDX4T8
+WXBigwDr14o7o73PAHQ5Zc+rCmASyFHXPZYutdblLgBphcc5w9tw7pSCVlR4ciZ/
+EmTmxpskfOJ5chOKTEfZReCCtxdhtcDEDxD7ncqjVLmhAXFEByfCOR2JObkAIw==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainD-ICA1-pathlen127.pem b/certs/test-pathlen/chainD-ICA1-pathlen127.pem
index a9d4c15b3..909ceed4c 100644
--- a/certs/test-pathlen/chainD-ICA1-pathlen127.pem
+++ b/certs/test-pathlen/chainD-ICA1-pathlen127.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:81:78:a9:19:99:12:d1:cf:3d:51:54:1d:d3:
                     14:94:ed:3e:de:ff:e0:23:e4:f7:23:fc:5c:49:24:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:127
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         ae:70:5a:14:f9:fb:c6:c5:5e:19:92:18:5e:fc:6d:7a:9c:90:
-         34:2f:d4:7e:42:cf:88:80:3c:65:96:f7:4e:b7:26:c5:aa:6c:
-         6c:a0:31:51:7b:ad:92:42:9c:16:7e:5c:1a:f7:0b:d1:8a:b6:
-         41:fa:d1:a1:fc:86:6f:32:15:88:a8:b2:69:a6:38:2a:16:57:
-         55:d8:be:8f:6e:fa:4b:e6:a1:2b:db:4d:64:0c:08:76:31:37:
-         ec:c4:6d:2b:3a:62:a2:2e:9a:0d:29:57:95:3a:76:e4:b2:63:
-         90:07:72:04:f4:59:6e:be:94:00:13:0d:13:99:f8:97:df:16:
-         b5:70:32:d8:9f:84:07:3d:9d:be:87:50:33:3e:4e:ae:51:f1:
-         12:33:96:c4:d5:d1:df:cd:bf:eb:f5:20:a3:4c:36:9e:bd:d3:
-         5e:7f:56:05:e9:24:65:77:59:65:c0:53:c4:59:5f:3e:b3:37:
-         41:89:f4:f4:4a:ff:6c:97:f6:f1:49:09:9c:a2:a9:cf:17:27:
-         31:2e:db:04:52:f9:18:a5:67:6c:d2:0d:12:2a:ff:33:26:83:
-         20:1e:0e:81:e8:a4:b6:93:f9:d0:a3:b6:48:a1:5a:3e:b7:f0:
-         cd:b7:fe:66:6e:07:99:b0:6e:e6:a6:2b:93:7b:de:bc:41:5e:
-         0d:d3:22:65
+    Signature Value:
+        26:99:d3:de:3a:db:89:0e:08:cf:da:59:21:55:d6:54:df:7a:
+        28:70:e0:8f:60:af:e5:4b:1e:71:cd:8c:e4:07:1a:82:5b:bd:
+        82:48:3b:88:6c:47:9c:3b:d0:9a:f8:d3:54:78:97:58:21:e7:
+        47:a7:71:4e:ce:34:8a:5c:23:5b:a9:ca:1a:39:3a:ef:2e:56:
+        59:d0:18:42:65:bc:d7:21:85:12:02:26:00:d1:d4:a4:c8:be:
+        f1:e2:06:ce:e9:a0:65:63:99:7c:a5:fe:2e:bb:69:e3:7b:ab:
+        9d:94:ce:55:9a:f9:48:54:0b:64:51:d3:43:86:e6:5d:e3:1e:
+        17:13:f3:b3:3e:53:22:36:f8:17:a7:c2:82:60:b5:be:4a:ab:
+        22:10:26:eb:8c:47:12:64:f4:73:32:fd:01:04:f6:d3:80:3a:
+        c4:d1:5d:6f:33:4d:67:d3:19:94:e3:23:4e:94:28:a8:53:de:
+        d8:09:4b:7f:b1:36:57:55:de:d2:55:2d:89:a2:73:fa:5a:13:
+        67:33:b9:8d:09:8d:0e:06:8b:73:19:ba:cc:86:fc:64:e1:71:
+        f8:7d:f2:ae:55:da:8c:d9:a4:64:71:06:5b:55:5c:25:7f:83:
+        b8:20:e0:12:2a:76:a4:03:c0:a8:d6:d6:f5:5a:3b:31:44:94:
+        8d:91:45:d3
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRC1JQ0Ex
 LXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -78,12 +78,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUZ3j5rRxTQR9GvUmbcy583FwtC/swgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEArnBaFPn7xsVeGZIYXvxtepyQNC/UfkLPiIA8ZZb3
-TrcmxapsbKAxUXutkkKcFn5cGvcL0Yq2QfrRofyGbzIViKiyaaY4KhZXVdi+j276
-S+ahK9tNZAwIdjE37MRtKzpioi6aDSlXlTp25LJjkAdyBPRZbr6UABMNE5n4l98W
-tXAy2J+EBz2dvodQMz5OrlHxEjOWxNXR382/6/Ugo0w2nr3TXn9WBekkZXdZZcBT
-xFlfPrM3QYn09Er/bJf28UkJnKKpzxcnMS7bBFL5GKVnbNINEir/MyaDIB4Ogeik
-tpP50KO2SKFaPrfwzbf+Zm4HmbBu5qYrk3vevEFeDdMiZQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAJpnT3jrbiQ4Iz9pZIVXWVN96KHDgj2Cv5Usecc2M
+5Acaglu9gkg7iGxHnDvQmvjTVHiXWCHnR6dxTs40ilwjW6nKGjk67y5WWdAYQmW8
+1yGFEgImANHUpMi+8eIGzumgZWOZfKX+Lrtp43urnZTOVZr5SFQLZFHTQ4bmXeMe
+FxPzsz5TIjb4F6fCgmC1vkqrIhAm64xHEmT0czL9AQT204A6xNFdbzNNZ9MZlOMj
+TpQoqFPe2AlLf7E2V1Xe0lUtiaJz+loTZzO5jQmNDgaLcxm6zIb8ZOFx+H3yrlXa
+jNmkZHEGW1VcJX+DuCDgEip2pAPAqNbW9Vo7MUSUjZFF0w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainD-assembled.pem b/certs/test-pathlen/chainD-assembled.pem
index df69897ff..64c27d015 100644
--- a/certs/test-pathlen/chainD-assembled.pem
+++ b/certs/test-pathlen/chainD-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e2:5d:f4:bd:06:b6:a1:21:3a:2d:7f:cc:f2:5a:
                     15:36:28:0a:f2:bb:16:b5:ec:f9:e7:5b:92:ec:17:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         91:9a:e9:78:f5:c5:e1:87:94:b2:37:cb:fd:36:af:25:ad:9d:
-         00:33:93:3c:ea:29:04:75:9f:a0:b8:4a:d8:68:3d:9e:94:6b:
-         ac:6e:51:6b:83:92:48:c1:c8:c8:01:48:d9:ac:e5:85:35:4c:
-         43:c2:66:a3:3b:9c:97:71:ea:89:91:38:48:ab:d5:c5:c5:fb:
-         70:40:db:1e:03:9b:a8:fc:2c:93:d6:d1:fb:42:f2:64:7a:43:
-         09:59:3e:ed:71:9e:9d:62:a8:04:c8:52:5a:fd:d2:24:34:2d:
-         22:72:62:27:ca:fb:88:e2:b7:a9:14:b7:0a:89:9d:2d:4f:ea:
-         03:fc:a1:20:d6:98:73:1d:7a:96:42:47:d3:0c:7e:84:3d:1c:
-         f0:5b:90:6c:d0:2b:88:44:03:cc:a6:79:45:4f:bb:29:6b:73:
-         47:ae:4f:70:b0:b4:b6:d1:c7:ec:8e:db:df:81:d9:67:57:67:
-         82:3c:47:5f:92:1f:f0:58:61:9d:0b:9b:c4:4d:1f:4d:b7:d2:
-         80:e6:f7:48:40:91:87:1c:b9:47:c8:68:24:30:a0:ba:ef:e8:
-         7b:2e:33:85:3d:9c:d4:6b:7e:b1:1f:b7:c0:70:5d:77:49:73:
-         a2:f1:58:62:d6:a4:c9:37:d1:52:a4:d6:c6:9a:6e:a3:0c:f9:
-         16:2a:f0:76
+    Signature Value:
+        27:86:58:7e:3a:b1:e2:09:47:0f:50:80:d7:66:e4:12:b9:2e:
+        6a:ce:12:57:e7:eb:dc:7d:e4:80:6c:ee:2d:20:a9:71:30:5e:
+        9c:2a:54:c2:87:91:d5:d9:bf:93:63:0e:7f:60:20:3e:0c:8e:
+        04:c8:d9:34:8c:95:81:97:9f:a9:09:9d:fe:49:fd:2c:57:69:
+        be:d8:1c:ff:e1:75:56:22:85:5e:f4:81:5e:05:51:d3:55:ec:
+        85:9c:cd:84:60:1f:77:f4:f6:b4:44:b9:3b:f6:8d:2a:c1:91:
+        e7:64:26:b0:46:3c:17:13:a7:4d:d9:ea:ce:62:6d:0f:86:c1:
+        77:87:35:9f:8a:39:98:22:a3:63:ef:8d:76:e4:0a:b3:10:99:
+        a6:65:46:8d:2d:e9:c4:7d:08:2e:37:33:70:18:0b:b2:f1:ba:
+        d5:ee:b6:d7:b0:63:cf:26:48:cc:0d:8e:c6:f3:30:97:d8:05:
+        31:92:8b:ad:31:6d:c0:5c:c8:05:49:77:b9:f1:0b:de:c8:a2:
+        a0:dc:dc:6c:9c:5b:07:29:d6:13:af:67:13:5f:d3:93:a3:93:
+        a7:3b:84:41:6b:0b:25:99:e3:a9:a6:a9:18:0f:6a:84:73:23:
+        e4:4b:8c:4f:c5:4c:6b:36:73:86:0a:79:2e:0b:38:45:cf:b9:
+        2c:34:8d:46
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRC1JQ0ExLXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRC1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,12 +77,12 @@ BgNVHSMEgbkwgbaAFGd4+a0cU0EfRr1Jm3MufNxcLQv7oYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCRmul49cXhh5SyN8v9Nq8l
-rZ0AM5M86ikEdZ+guErYaD2elGusblFrg5JIwcjIAUjZrOWFNUxDwmajO5yXceqJ
-kThIq9XFxftwQNseA5uo/CyT1tH7QvJkekMJWT7tcZ6dYqgEyFJa/dIkNC0icmIn
-yvuI4repFLcKiZ0tT+oD/KEg1phzHXqWQkfTDH6EPRzwW5Bs0CuIRAPMpnlFT7sp
-a3NHrk9wsLS20cfsjtvfgdlnV2eCPEdfkh/wWGGdC5vETR9Nt9KA5vdIQJGHHLlH
-yGgkMKC67+h7LjOFPZzUa36xH7fAcF13SXOi8Vhi1qTJN9FSpNbGmm6jDPkWKvB2
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAnhlh+OrHiCUcPUIDXZuQS
+uS5qzhJX5+vcfeSAbO4tIKlxMF6cKlTCh5HV2b+TYw5/YCA+DI4EyNk0jJWBl5+p
+CZ3+Sf0sV2m+2Bz/4XVWIoVe9IFeBVHTVeyFnM2EYB939Pa0RLk79o0qwZHnZCaw
+RjwXE6dN2erOYm0PhsF3hzWfijmYIqNj74125AqzEJmmZUaNLenEfQguNzNwGAuy
+8brV7rbXsGPPJkjMDY7G8zCX2AUxkoutMW3AXMgFSXe58QveyKKg3NxsnFsHKdYT
+r2cTX9OTo5OnO4RBawslmeOppqkYD2qEcyPkS4xPxUxrNnOGCnkuCzhFz7ksNI1G
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:81:78:a9:19:99:12:d1:cf:3d:51:54:1d:d3:
                     14:94:ed:3e:de:ff:e0:23:e4:f7:23:fc:5c:49:24:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:127
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         ae:70:5a:14:f9:fb:c6:c5:5e:19:92:18:5e:fc:6d:7a:9c:90:
-         34:2f:d4:7e:42:cf:88:80:3c:65:96:f7:4e:b7:26:c5:aa:6c:
-         6c:a0:31:51:7b:ad:92:42:9c:16:7e:5c:1a:f7:0b:d1:8a:b6:
-         41:fa:d1:a1:fc:86:6f:32:15:88:a8:b2:69:a6:38:2a:16:57:
-         55:d8:be:8f:6e:fa:4b:e6:a1:2b:db:4d:64:0c:08:76:31:37:
-         ec:c4:6d:2b:3a:62:a2:2e:9a:0d:29:57:95:3a:76:e4:b2:63:
-         90:07:72:04:f4:59:6e:be:94:00:13:0d:13:99:f8:97:df:16:
-         b5:70:32:d8:9f:84:07:3d:9d:be:87:50:33:3e:4e:ae:51:f1:
-         12:33:96:c4:d5:d1:df:cd:bf:eb:f5:20:a3:4c:36:9e:bd:d3:
-         5e:7f:56:05:e9:24:65:77:59:65:c0:53:c4:59:5f:3e:b3:37:
-         41:89:f4:f4:4a:ff:6c:97:f6:f1:49:09:9c:a2:a9:cf:17:27:
-         31:2e:db:04:52:f9:18:a5:67:6c:d2:0d:12:2a:ff:33:26:83:
-         20:1e:0e:81:e8:a4:b6:93:f9:d0:a3:b6:48:a1:5a:3e:b7:f0:
-         cd:b7:fe:66:6e:07:99:b0:6e:e6:a6:2b:93:7b:de:bc:41:5e:
-         0d:d3:22:65
+    Signature Value:
+        26:99:d3:de:3a:db:89:0e:08:cf:da:59:21:55:d6:54:df:7a:
+        28:70:e0:8f:60:af:e5:4b:1e:71:cd:8c:e4:07:1a:82:5b:bd:
+        82:48:3b:88:6c:47:9c:3b:d0:9a:f8:d3:54:78:97:58:21:e7:
+        47:a7:71:4e:ce:34:8a:5c:23:5b:a9:ca:1a:39:3a:ef:2e:56:
+        59:d0:18:42:65:bc:d7:21:85:12:02:26:00:d1:d4:a4:c8:be:
+        f1:e2:06:ce:e9:a0:65:63:99:7c:a5:fe:2e:bb:69:e3:7b:ab:
+        9d:94:ce:55:9a:f9:48:54:0b:64:51:d3:43:86:e6:5d:e3:1e:
+        17:13:f3:b3:3e:53:22:36:f8:17:a7:c2:82:60:b5:be:4a:ab:
+        22:10:26:eb:8c:47:12:64:f4:73:32:fd:01:04:f6:d3:80:3a:
+        c4:d1:5d:6f:33:4d:67:d3:19:94:e3:23:4e:94:28:a8:53:de:
+        d8:09:4b:7f:b1:36:57:55:de:d2:55:2d:89:a2:73:fa:5a:13:
+        67:33:b9:8d:09:8d:0e:06:8b:73:19:ba:cc:86:fc:64:e1:71:
+        f8:7d:f2:ae:55:da:8c:d9:a4:64:71:06:5b:55:5c:25:7f:83:
+        b8:20:e0:12:2a:76:a4:03:c0:a8:d6:d6:f5:5a:3b:31:44:94:
+        8d:91:45:d3
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRC1JQ0Ex
 LXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -164,12 +164,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUZ3j5rRxTQR9GvUmbcy583FwtC/swgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEArnBaFPn7xsVeGZIYXvxtepyQNC/UfkLPiIA8ZZb3
-TrcmxapsbKAxUXutkkKcFn5cGvcL0Yq2QfrRofyGbzIViKiyaaY4KhZXVdi+j276
-S+ahK9tNZAwIdjE37MRtKzpioi6aDSlXlTp25LJjkAdyBPRZbr6UABMNE5n4l98W
-tXAy2J+EBz2dvodQMz5OrlHxEjOWxNXR382/6/Ugo0w2nr3TXn9WBekkZXdZZcBT
-xFlfPrM3QYn09Er/bJf28UkJnKKpzxcnMS7bBFL5GKVnbNINEir/MyaDIB4Ogeik
-tpP50KO2SKFaPrfwzbf+Zm4HmbBu5qYrk3vevEFeDdMiZQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAJpnT3jrbiQ4Iz9pZIVXWVN96KHDgj2Cv5Usecc2M
+5Acaglu9gkg7iGxHnDvQmvjTVHiXWCHnR6dxTs40ilwjW6nKGjk67y5WWdAYQmW8
+1yGFEgImANHUpMi+8eIGzumgZWOZfKX+Lrtp43urnZTOVZr5SFQLZFHTQ4bmXeMe
+FxPzsz5TIjb4F6fCgmC1vkqrIhAm64xHEmT0czL9AQT204A6xNFdbzNNZ9MZlOMj
+TpQoqFPe2AlLf7E2V1Xe0lUtiaJz+loTZzO5jQmNDgaLcxm6zIb8ZOFx+H3yrlXa
+jNmkZHEGW1VcJX+DuCDgEip2pAPAqNbW9Vo7MUSUjZFF0w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainD-entity.pem b/certs/test-pathlen/chainD-entity.pem
index 97f88a7da..0289e9d17 100644
--- a/certs/test-pathlen/chainD-entity.pem
+++ b/certs/test-pathlen/chainD-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e2:5d:f4:bd:06:b6:a1:21:3a:2d:7f:cc:f2:5a:
                     15:36:28:0a:f2:bb:16:b5:ec:f9:e7:5b:92:ec:17:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         91:9a:e9:78:f5:c5:e1:87:94:b2:37:cb:fd:36:af:25:ad:9d:
-         00:33:93:3c:ea:29:04:75:9f:a0:b8:4a:d8:68:3d:9e:94:6b:
-         ac:6e:51:6b:83:92:48:c1:c8:c8:01:48:d9:ac:e5:85:35:4c:
-         43:c2:66:a3:3b:9c:97:71:ea:89:91:38:48:ab:d5:c5:c5:fb:
-         70:40:db:1e:03:9b:a8:fc:2c:93:d6:d1:fb:42:f2:64:7a:43:
-         09:59:3e:ed:71:9e:9d:62:a8:04:c8:52:5a:fd:d2:24:34:2d:
-         22:72:62:27:ca:fb:88:e2:b7:a9:14:b7:0a:89:9d:2d:4f:ea:
-         03:fc:a1:20:d6:98:73:1d:7a:96:42:47:d3:0c:7e:84:3d:1c:
-         f0:5b:90:6c:d0:2b:88:44:03:cc:a6:79:45:4f:bb:29:6b:73:
-         47:ae:4f:70:b0:b4:b6:d1:c7:ec:8e:db:df:81:d9:67:57:67:
-         82:3c:47:5f:92:1f:f0:58:61:9d:0b:9b:c4:4d:1f:4d:b7:d2:
-         80:e6:f7:48:40:91:87:1c:b9:47:c8:68:24:30:a0:ba:ef:e8:
-         7b:2e:33:85:3d:9c:d4:6b:7e:b1:1f:b7:c0:70:5d:77:49:73:
-         a2:f1:58:62:d6:a4:c9:37:d1:52:a4:d6:c6:9a:6e:a3:0c:f9:
-         16:2a:f0:76
+    Signature Value:
+        27:86:58:7e:3a:b1:e2:09:47:0f:50:80:d7:66:e4:12:b9:2e:
+        6a:ce:12:57:e7:eb:dc:7d:e4:80:6c:ee:2d:20:a9:71:30:5e:
+        9c:2a:54:c2:87:91:d5:d9:bf:93:63:0e:7f:60:20:3e:0c:8e:
+        04:c8:d9:34:8c:95:81:97:9f:a9:09:9d:fe:49:fd:2c:57:69:
+        be:d8:1c:ff:e1:75:56:22:85:5e:f4:81:5e:05:51:d3:55:ec:
+        85:9c:cd:84:60:1f:77:f4:f6:b4:44:b9:3b:f6:8d:2a:c1:91:
+        e7:64:26:b0:46:3c:17:13:a7:4d:d9:ea:ce:62:6d:0f:86:c1:
+        77:87:35:9f:8a:39:98:22:a3:63:ef:8d:76:e4:0a:b3:10:99:
+        a6:65:46:8d:2d:e9:c4:7d:08:2e:37:33:70:18:0b:b2:f1:ba:
+        d5:ee:b6:d7:b0:63:cf:26:48:cc:0d:8e:c6:f3:30:97:d8:05:
+        31:92:8b:ad:31:6d:c0:5c:c8:05:49:77:b9:f1:0b:de:c8:a2:
+        a0:dc:dc:6c:9c:5b:07:29:d6:13:af:67:13:5f:d3:93:a3:93:
+        a7:3b:84:41:6b:0b:25:99:e3:a9:a6:a9:18:0f:6a:84:73:23:
+        e4:4b:8c:4f:c5:4c:6b:36:73:86:0a:79:2e:0b:38:45:cf:b9:
+        2c:34:8d:46
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRC1JQ0ExLXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRC1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,10 +77,10 @@ BgNVHSMEgbkwgbaAFGd4+a0cU0EfRr1Jm3MufNxcLQv7oYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCRmul49cXhh5SyN8v9Nq8l
-rZ0AM5M86ikEdZ+guErYaD2elGusblFrg5JIwcjIAUjZrOWFNUxDwmajO5yXceqJ
-kThIq9XFxftwQNseA5uo/CyT1tH7QvJkekMJWT7tcZ6dYqgEyFJa/dIkNC0icmIn
-yvuI4repFLcKiZ0tT+oD/KEg1phzHXqWQkfTDH6EPRzwW5Bs0CuIRAPMpnlFT7sp
-a3NHrk9wsLS20cfsjtvfgdlnV2eCPEdfkh/wWGGdC5vETR9Nt9KA5vdIQJGHHLlH
-yGgkMKC67+h7LjOFPZzUa36xH7fAcF13SXOi8Vhi1qTJN9FSpNbGmm6jDPkWKvB2
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAnhlh+OrHiCUcPUIDXZuQS
+uS5qzhJX5+vcfeSAbO4tIKlxMF6cKlTCh5HV2b+TYw5/YCA+DI4EyNk0jJWBl5+p
+CZ3+Sf0sV2m+2Bz/4XVWIoVe9IFeBVHTVeyFnM2EYB939Pa0RLk79o0qwZHnZCaw
+RjwXE6dN2erOYm0PhsF3hzWfijmYIqNj74125AqzEJmmZUaNLenEfQguNzNwGAuy
+8brV7rbXsGPPJkjMDY7G8zCX2AUxkoutMW3AXMgFSXe58QveyKKg3NxsnFsHKdYT
+r2cTX9OTo5OnO4RBawslmeOppqkYD2qEcyPkS4xPxUxrNnOGCnkuCzhFz7ksNI1G
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainE-ICA1-pathlen128.pem b/certs/test-pathlen/chainE-ICA1-pathlen128.pem
index 9093f9ef1..7eb3b2c86 100644
--- a/certs/test-pathlen/chainE-ICA1-pathlen128.pem
+++ b/certs/test-pathlen/chainE-ICA1-pathlen128.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:f3:6f:b8:db:10:df:89:df:3b:d9:2e:7a:c1:
                     34:1a:56:97:6c:73:04:fc:15:50:04:93:66:cb:17:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:128
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         95:df:c8:9f:0d:1a:2a:2b:8a:79:0c:c4:a9:05:4f:fc:a4:04:
-         d3:79:37:84:77:8d:17:db:d7:14:6b:1c:f5:f7:e8:04:6a:02:
-         ce:b3:63:39:f3:6e:9c:9d:0b:96:d1:dc:46:d0:3c:57:a1:19:
-         f9:aa:74:b0:16:15:18:91:c1:e9:9e:d6:52:b1:f0:d5:ac:0e:
-         cb:ca:06:e5:88:b1:4c:ad:af:a4:29:db:ce:ae:ce:d3:30:db:
-         99:f3:2a:77:e7:64:cc:07:2a:f0:e5:a9:27:97:ea:d6:a6:59:
-         a5:0c:42:4f:02:a4:31:42:fc:9b:92:de:8b:52:d3:92:8c:fd:
-         04:c2:d5:7b:80:bb:7a:90:ba:be:33:10:fd:07:d6:53:7f:b9:
-         86:93:9f:1b:4c:66:75:d4:d1:0b:cd:10:76:23:0e:37:a2:d6:
-         c1:5f:91:2b:d0:14:c3:2f:e7:46:e4:e9:6d:2d:f0:05:e5:78:
-         25:3c:7d:1d:1c:23:9a:cb:ba:30:c2:52:98:4e:16:ad:f4:30:
-         22:4a:41:e5:1c:c7:da:b1:79:ed:cd:b2:c3:83:42:a6:26:6e:
-         ee:4f:9f:14:f7:6e:f2:e9:70:07:0b:c9:59:5a:8f:50:10:cf:
-         09:77:a3:e1:96:47:e8:85:86:cd:8a:11:30:a0:72:05:11:50:
-         7e:ee:0b:e6
+    Signature Value:
+        1f:0a:51:ca:7f:ed:b8:62:ae:d4:7b:ad:d2:dc:82:16:68:de:
+        bd:0b:ff:7b:07:e9:ee:32:50:44:9c:f1:e7:a3:a5:3f:f2:c1:
+        4a:fa:2f:83:1a:b4:0a:8d:a2:40:4b:56:3b:66:62:c7:6e:ed:
+        13:76:0a:8a:ba:12:0c:81:57:9f:13:c5:08:ad:93:42:28:1c:
+        e5:fc:73:c2:21:4a:7f:4a:f8:b5:88:9f:65:55:d6:68:5b:7b:
+        94:b7:1b:9e:ab:12:f8:d9:05:c1:20:3f:75:5e:c9:88:83:9c:
+        fe:8e:68:5f:45:d7:df:c6:ee:8f:24:8c:b6:f3:7f:7b:77:8a:
+        5e:d8:0b:d8:3e:15:96:cf:49:45:f9:8b:54:75:83:d0:c6:45:
+        97:0b:31:11:89:47:68:03:e4:65:1f:a4:a4:17:40:0a:54:c4:
+        83:da:97:b8:0d:b4:ce:42:32:c6:ec:0e:90:c7:b5:33:18:a4:
+        98:27:8d:f5:4d:d6:23:38:ab:56:95:e2:c7:1f:2c:68:c5:5f:
+        88:57:60:ff:f6:18:3f:2f:30:fe:5e:22:6b:79:d3:b1:26:dc:
+        2a:17:4d:69:71:37:63:45:08:b5:22:18:80:41:e0:73:16:2d:
+        05:97:22:3a:18:d8:c9:94:e4:04:73:34:7b:b6:a1:4d:1f:90:
+        7c:4b:07:bf
 -----BEGIN CERTIFICATE-----
 MIIEzzCCA7egAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRS1JQ0Ex
 LXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -78,12 +78,12 @@ AAGjggEZMIIBFTAdBgNVHQ4EFgQURHsAfJwcl5+XqmvyXuaBfA6u5iswgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
-DQYJKoZIhvcNAQELBQADggEBAJXfyJ8NGiorinkMxKkFT/ykBNN5N4R3jRfb1xRr
-HPX36ARqAs6zYznzbpydC5bR3EbQPFehGfmqdLAWFRiRweme1lKx8NWsDsvKBuWI
-sUytr6Qp286uztMw25nzKnfnZMwHKvDlqSeX6tamWaUMQk8CpDFC/JuS3otS05KM
-/QTC1XuAu3qQur4zEP0H1lN/uYaTnxtMZnXU0QvNEHYjDjei1sFfkSvQFMMv50bk
-6W0t8AXleCU8fR0cI5rLujDCUphOFq30MCJKQeUcx9qxee3NssODQqYmbu5PnxT3
-bvLpcAcLyVlaj1AQzwl3o+GWR+iFhs2KETCgcgURUH7uC+Y=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAB8KUcp/7bhirtR7rdLcghZo3r0L/3sH6e4yUESc
+8eejpT/ywUr6L4MatAqNokBLVjtmYsdu7RN2Coq6EgyBV58TxQitk0IoHOX8c8Ih
+Sn9K+LWIn2VV1mhbe5S3G56rEvjZBcEgP3VeyYiDnP6OaF9F19/G7o8kjLbzf3t3
+il7YC9g+FZbPSUX5i1R1g9DGRZcLMRGJR2gD5GUfpKQXQApUxIPal7gNtM5CMsbs
+DpDHtTMYpJgnjfVN1iM4q1aV4scfLGjFX4hXYP/2GD8vMP5eImt507Em3CoXTWlx
+N2NFCLUiGIBB4HMWLQWXIjoY2MmU5ARzNHu2oU0fkHxLB78=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainE-assembled.pem b/certs/test-pathlen/chainE-assembled.pem
index bc868c384..416ab651d 100644
--- a/certs/test-pathlen/chainE-assembled.pem
+++ b/certs/test-pathlen/chainE-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:6f:49:bb:56:ea:34:4c:25:a6:8c:44:f6:c9:
                     75:8f:6b:83:b8:8b:ec:c6:f6:d3:c7:40:e2:d1:b2:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:44:7B:00:7C:9C:1C:97:9F:97:AA:6B:F2:5E:E6:81:7C:0E:AE:E6:2B
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         65:49:39:85:07:68:20:fe:f9:28:cb:c8:ec:2a:c9:6b:2c:06:
-         da:1b:92:b0:d7:c4:5c:37:7b:a5:48:16:15:77:08:05:0a:55:
-         2f:b7:f7:2b:ef:dd:dc:63:ab:04:f1:24:bf:ef:f4:73:43:1d:
-         5d:2a:1a:69:f5:a9:e8:af:d2:56:77:79:c0:46:07:95:b6:af:
-         b3:cb:2e:6b:6b:ed:99:29:cd:cc:4d:f4:f9:e6:25:1f:5b:e3:
-         a0:82:a9:5b:c3:73:6c:9a:c4:0b:5a:80:8a:16:5d:32:99:5d:
-         c2:85:ab:bb:94:f7:54:62:f4:8e:d5:7f:dd:ff:84:50:de:55:
-         e2:0d:67:52:32:5e:48:e0:36:b3:aa:a5:d6:57:35:cb:7a:2b:
-         d3:4e:42:75:15:56:f2:2f:45:9c:99:c5:4c:e7:2d:45:6e:86:
-         2f:4b:84:bf:49:1d:b2:fb:85:53:0a:99:28:fd:7a:3f:e8:b4:
-         a5:b9:6c:c2:55:cd:f3:82:c0:a3:ef:85:ed:69:28:78:1d:81:
-         0e:19:bd:a8:fb:a6:b7:ff:09:36:54:a6:44:96:cf:15:0c:45:
-         7e:ba:9a:50:4d:14:82:dc:ba:c2:97:08:74:89:a7:ff:ed:52:
-         89:ac:65:65:70:9a:8e:8a:43:86:46:a1:f8:23:96:e2:0a:65:
-         3f:2d:94:35
+    Signature Value:
+        af:d9:4f:48:01:07:74:ac:5a:19:b3:b8:d4:8d:a9:ff:f8:23:
+        57:c3:3b:e6:f5:ac:41:ab:0a:b5:71:32:a3:4f:4a:14:90:c4:
+        eb:ef:65:38:88:97:92:79:2d:7e:64:29:be:2a:5a:48:9b:b9:
+        b1:d7:4f:1c:3a:46:fc:2e:e9:72:4f:97:f7:c7:f5:f0:a2:d6:
+        01:7d:49:99:c8:ac:a2:b7:f9:4c:d5:57:8d:b0:69:b6:fa:59:
+        7e:77:9a:bc:61:bc:74:1c:24:75:d3:2e:1e:ea:79:9f:8c:c2:
+        75:e7:a5:54:b7:d9:3c:40:b5:45:d5:e9:e3:24:00:76:67:a2:
+        64:31:24:a7:2a:30:be:4f:c2:56:dd:89:0e:0d:09:1e:84:14:
+        a2:c8:32:6f:59:2d:df:7e:8c:75:a0:83:19:cc:a5:49:99:e1:
+        70:09:f0:70:83:32:3d:2b:07:f3:76:0a:ee:fc:91:d4:b3:b9:
+        0f:b7:73:f4:9b:f3:58:c7:4e:80:27:48:aa:72:f9:01:42:41:
+        e6:b7:5c:c1:93:47:48:e5:b9:54:d3:c2:de:02:8e:05:35:49:
+        36:82:62:5d:a7:08:9a:d0:d3:eb:a4:48:2c:a1:5a:39:06:01:
+        4f:9b:c4:19:c4:a2:36:b8:72:4c:50:cb:3e:77:e9:85:92:7b:
+        d5:91:4c:56
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRS1JQ0ExLXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,12 +77,12 @@ BgNVHSMEgbkwgbaAFER7AHycHJefl6pr8l7mgXwOruYroYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlSTmFB2gg/vkoy8jsKslr
-LAbaG5Kw18RcN3ulSBYVdwgFClUvt/cr793cY6sE8SS/7/RzQx1dKhpp9anor9JW
-d3nARgeVtq+zyy5ra+2ZKc3MTfT55iUfW+Oggqlbw3NsmsQLWoCKFl0ymV3Chau7
-lPdUYvSO1X/d/4RQ3lXiDWdSMl5I4DazqqXWVzXLeivTTkJ1FVbyL0WcmcVM5y1F
-boYvS4S/SR2y+4VTCpko/Xo/6LSluWzCVc3zgsCj74XtaSh4HYEOGb2o+6a3/wk2
-VKZEls8VDEV+uppQTRSC3LrClwh0iaf/7VKJrGVlcJqOikOGRqH4I5biCmU/LZQ1
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCv2U9IAQd0rFoZs7jUjan/
++CNXwzvm9axBqwq1cTKjT0oUkMTr72U4iJeSeS1+ZCm+KlpIm7mx108cOkb8Luly
+T5f3x/XwotYBfUmZyKyit/lM1VeNsGm2+ll+d5q8Ybx0HCR10y4e6nmfjMJ156VU
+t9k8QLVF1enjJAB2Z6JkMSSnKjC+T8JW3YkODQkehBSiyDJvWS3ffox1oIMZzKVJ
+meFwCfBwgzI9Kwfzdgru/JHUs7kPt3P0m/NYx06AJ0iqcvkBQkHmt1zBk0dI5blU
+08LeAo4FNUk2gmJdpwia0NPrpEgsoVo5BgFPm8QZxKI2uHJMUMs+d+mFknvVkUxW
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:f3:6f:b8:db:10:df:89:df:3b:d9:2e:7a:c1:
                     34:1a:56:97:6c:73:04:fc:15:50:04:93:66:cb:17:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:128
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         95:df:c8:9f:0d:1a:2a:2b:8a:79:0c:c4:a9:05:4f:fc:a4:04:
-         d3:79:37:84:77:8d:17:db:d7:14:6b:1c:f5:f7:e8:04:6a:02:
-         ce:b3:63:39:f3:6e:9c:9d:0b:96:d1:dc:46:d0:3c:57:a1:19:
-         f9:aa:74:b0:16:15:18:91:c1:e9:9e:d6:52:b1:f0:d5:ac:0e:
-         cb:ca:06:e5:88:b1:4c:ad:af:a4:29:db:ce:ae:ce:d3:30:db:
-         99:f3:2a:77:e7:64:cc:07:2a:f0:e5:a9:27:97:ea:d6:a6:59:
-         a5:0c:42:4f:02:a4:31:42:fc:9b:92:de:8b:52:d3:92:8c:fd:
-         04:c2:d5:7b:80:bb:7a:90:ba:be:33:10:fd:07:d6:53:7f:b9:
-         86:93:9f:1b:4c:66:75:d4:d1:0b:cd:10:76:23:0e:37:a2:d6:
-         c1:5f:91:2b:d0:14:c3:2f:e7:46:e4:e9:6d:2d:f0:05:e5:78:
-         25:3c:7d:1d:1c:23:9a:cb:ba:30:c2:52:98:4e:16:ad:f4:30:
-         22:4a:41:e5:1c:c7:da:b1:79:ed:cd:b2:c3:83:42:a6:26:6e:
-         ee:4f:9f:14:f7:6e:f2:e9:70:07:0b:c9:59:5a:8f:50:10:cf:
-         09:77:a3:e1:96:47:e8:85:86:cd:8a:11:30:a0:72:05:11:50:
-         7e:ee:0b:e6
+    Signature Value:
+        1f:0a:51:ca:7f:ed:b8:62:ae:d4:7b:ad:d2:dc:82:16:68:de:
+        bd:0b:ff:7b:07:e9:ee:32:50:44:9c:f1:e7:a3:a5:3f:f2:c1:
+        4a:fa:2f:83:1a:b4:0a:8d:a2:40:4b:56:3b:66:62:c7:6e:ed:
+        13:76:0a:8a:ba:12:0c:81:57:9f:13:c5:08:ad:93:42:28:1c:
+        e5:fc:73:c2:21:4a:7f:4a:f8:b5:88:9f:65:55:d6:68:5b:7b:
+        94:b7:1b:9e:ab:12:f8:d9:05:c1:20:3f:75:5e:c9:88:83:9c:
+        fe:8e:68:5f:45:d7:df:c6:ee:8f:24:8c:b6:f3:7f:7b:77:8a:
+        5e:d8:0b:d8:3e:15:96:cf:49:45:f9:8b:54:75:83:d0:c6:45:
+        97:0b:31:11:89:47:68:03:e4:65:1f:a4:a4:17:40:0a:54:c4:
+        83:da:97:b8:0d:b4:ce:42:32:c6:ec:0e:90:c7:b5:33:18:a4:
+        98:27:8d:f5:4d:d6:23:38:ab:56:95:e2:c7:1f:2c:68:c5:5f:
+        88:57:60:ff:f6:18:3f:2f:30:fe:5e:22:6b:79:d3:b1:26:dc:
+        2a:17:4d:69:71:37:63:45:08:b5:22:18:80:41:e0:73:16:2d:
+        05:97:22:3a:18:d8:c9:94:e4:04:73:34:7b:b6:a1:4d:1f:90:
+        7c:4b:07:bf
 -----BEGIN CERTIFICATE-----
 MIIEzzCCA7egAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRS1JQ0Ex
 LXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -164,12 +164,12 @@ AAGjggEZMIIBFTAdBgNVHQ4EFgQURHsAfJwcl5+XqmvyXuaBfA6u5iswgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
-DQYJKoZIhvcNAQELBQADggEBAJXfyJ8NGiorinkMxKkFT/ykBNN5N4R3jRfb1xRr
-HPX36ARqAs6zYznzbpydC5bR3EbQPFehGfmqdLAWFRiRweme1lKx8NWsDsvKBuWI
-sUytr6Qp286uztMw25nzKnfnZMwHKvDlqSeX6tamWaUMQk8CpDFC/JuS3otS05KM
-/QTC1XuAu3qQur4zEP0H1lN/uYaTnxtMZnXU0QvNEHYjDjei1sFfkSvQFMMv50bk
-6W0t8AXleCU8fR0cI5rLujDCUphOFq30MCJKQeUcx9qxee3NssODQqYmbu5PnxT3
-bvLpcAcLyVlaj1AQzwl3o+GWR+iFhs2KETCgcgURUH7uC+Y=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAB8KUcp/7bhirtR7rdLcghZo3r0L/3sH6e4yUESc
+8eejpT/ywUr6L4MatAqNokBLVjtmYsdu7RN2Coq6EgyBV58TxQitk0IoHOX8c8Ih
+Sn9K+LWIn2VV1mhbe5S3G56rEvjZBcEgP3VeyYiDnP6OaF9F19/G7o8kjLbzf3t3
+il7YC9g+FZbPSUX5i1R1g9DGRZcLMRGJR2gD5GUfpKQXQApUxIPal7gNtM5CMsbs
+DpDHtTMYpJgnjfVN1iM4q1aV4scfLGjFX4hXYP/2GD8vMP5eImt507Em3CoXTWlx
+N2NFCLUiGIBB4HMWLQWXIjoY2MmU5ARzNHu2oU0fkHxLB78=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainE-entity.pem b/certs/test-pathlen/chainE-entity.pem
index aa46f00a5..ba37f8772 100644
--- a/certs/test-pathlen/chainE-entity.pem
+++ b/certs/test-pathlen/chainE-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:6f:49:bb:56:ea:34:4c:25:a6:8c:44:f6:c9:
                     75:8f:6b:83:b8:8b:ec:c6:f6:d3:c7:40:e2:d1:b2:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:44:7B:00:7C:9C:1C:97:9F:97:AA:6B:F2:5E:E6:81:7C:0E:AE:E6:2B
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         65:49:39:85:07:68:20:fe:f9:28:cb:c8:ec:2a:c9:6b:2c:06:
-         da:1b:92:b0:d7:c4:5c:37:7b:a5:48:16:15:77:08:05:0a:55:
-         2f:b7:f7:2b:ef:dd:dc:63:ab:04:f1:24:bf:ef:f4:73:43:1d:
-         5d:2a:1a:69:f5:a9:e8:af:d2:56:77:79:c0:46:07:95:b6:af:
-         b3:cb:2e:6b:6b:ed:99:29:cd:cc:4d:f4:f9:e6:25:1f:5b:e3:
-         a0:82:a9:5b:c3:73:6c:9a:c4:0b:5a:80:8a:16:5d:32:99:5d:
-         c2:85:ab:bb:94:f7:54:62:f4:8e:d5:7f:dd:ff:84:50:de:55:
-         e2:0d:67:52:32:5e:48:e0:36:b3:aa:a5:d6:57:35:cb:7a:2b:
-         d3:4e:42:75:15:56:f2:2f:45:9c:99:c5:4c:e7:2d:45:6e:86:
-         2f:4b:84:bf:49:1d:b2:fb:85:53:0a:99:28:fd:7a:3f:e8:b4:
-         a5:b9:6c:c2:55:cd:f3:82:c0:a3:ef:85:ed:69:28:78:1d:81:
-         0e:19:bd:a8:fb:a6:b7:ff:09:36:54:a6:44:96:cf:15:0c:45:
-         7e:ba:9a:50:4d:14:82:dc:ba:c2:97:08:74:89:a7:ff:ed:52:
-         89:ac:65:65:70:9a:8e:8a:43:86:46:a1:f8:23:96:e2:0a:65:
-         3f:2d:94:35
+    Signature Value:
+        af:d9:4f:48:01:07:74:ac:5a:19:b3:b8:d4:8d:a9:ff:f8:23:
+        57:c3:3b:e6:f5:ac:41:ab:0a:b5:71:32:a3:4f:4a:14:90:c4:
+        eb:ef:65:38:88:97:92:79:2d:7e:64:29:be:2a:5a:48:9b:b9:
+        b1:d7:4f:1c:3a:46:fc:2e:e9:72:4f:97:f7:c7:f5:f0:a2:d6:
+        01:7d:49:99:c8:ac:a2:b7:f9:4c:d5:57:8d:b0:69:b6:fa:59:
+        7e:77:9a:bc:61:bc:74:1c:24:75:d3:2e:1e:ea:79:9f:8c:c2:
+        75:e7:a5:54:b7:d9:3c:40:b5:45:d5:e9:e3:24:00:76:67:a2:
+        64:31:24:a7:2a:30:be:4f:c2:56:dd:89:0e:0d:09:1e:84:14:
+        a2:c8:32:6f:59:2d:df:7e:8c:75:a0:83:19:cc:a5:49:99:e1:
+        70:09:f0:70:83:32:3d:2b:07:f3:76:0a:ee:fc:91:d4:b3:b9:
+        0f:b7:73:f4:9b:f3:58:c7:4e:80:27:48:aa:72:f9:01:42:41:
+        e6:b7:5c:c1:93:47:48:e5:b9:54:d3:c2:de:02:8e:05:35:49:
+        36:82:62:5d:a7:08:9a:d0:d3:eb:a4:48:2c:a1:5a:39:06:01:
+        4f:9b:c4:19:c4:a2:36:b8:72:4c:50:cb:3e:77:e9:85:92:7b:
+        d5:91:4c:56
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRS1JQ0ExLXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,10 +77,10 @@ BgNVHSMEgbkwgbaAFER7AHycHJefl6pr8l7mgXwOruYroYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlSTmFB2gg/vkoy8jsKslr
-LAbaG5Kw18RcN3ulSBYVdwgFClUvt/cr793cY6sE8SS/7/RzQx1dKhpp9anor9JW
-d3nARgeVtq+zyy5ra+2ZKc3MTfT55iUfW+Oggqlbw3NsmsQLWoCKFl0ymV3Chau7
-lPdUYvSO1X/d/4RQ3lXiDWdSMl5I4DazqqXWVzXLeivTTkJ1FVbyL0WcmcVM5y1F
-boYvS4S/SR2y+4VTCpko/Xo/6LSluWzCVc3zgsCj74XtaSh4HYEOGb2o+6a3/wk2
-VKZEls8VDEV+uppQTRSC3LrClwh0iaf/7VKJrGVlcJqOikOGRqH4I5biCmU/LZQ1
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCv2U9IAQd0rFoZs7jUjan/
++CNXwzvm9axBqwq1cTKjT0oUkMTr72U4iJeSeS1+ZCm+KlpIm7mx108cOkb8Luly
+T5f3x/XwotYBfUmZyKyit/lM1VeNsGm2+ll+d5q8Ybx0HCR10y4e6nmfjMJ156VU
+t9k8QLVF1enjJAB2Z6JkMSSnKjC+T8JW3YkODQkehBSiyDJvWS3ffox1oIMZzKVJ
+meFwCfBwgzI9Kwfzdgru/JHUs7kPt3P0m/NYx06AJ0iqcvkBQkHmt1zBk0dI5blU
+08LeAo4FNUk2gmJdpwia0NPrpEgsoVo5BgFPm8QZxKI2uHJMUMs+d+mFknvVkUxW
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-ICA1-pathlen1.pem b/certs/test-pathlen/chainF-ICA1-pathlen1.pem
index e2a14fe4b..b279272ee 100644
--- a/certs/test-pathlen/chainF-ICA1-pathlen1.pem
+++ b/certs/test-pathlen/chainF-ICA1-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e0:13:c9:b0:8e:9d:3f:88:d4:30:4a:b4:e8:11:
                     21:93:5c:20:45:08:f8:7a:91:b9:2c:ad:ff:60:aa:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:4A:53:4A:B7:30:78:35:91:B4:CB:DD:C8:22:74:89:AF:80:0F:7F:68
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         b3:d8:4b:f8:59:d5:7a:95:55:af:eb:07:0c:ac:db:b5:cc:b8:
-         aa:0d:81:1b:31:d4:0f:8a:ef:da:28:0e:52:f1:8b:25:54:47:
-         11:d8:62:a2:5b:5e:d5:fb:6d:b5:57:b4:a3:b6:d2:e0:e1:50:
-         8b:e1:7e:cd:3b:48:54:4b:55:48:18:12:fe:55:3b:1e:e2:b8:
-         34:b2:77:f7:21:05:9f:32:43:34:db:e4:d4:e3:d2:74:98:3e:
-         1f:39:97:ef:e3:89:d9:e2:c0:77:f9:d4:74:a5:13:c0:ce:9e:
-         3e:42:bc:0d:44:73:c5:76:47:81:dc:40:f4:06:bf:29:66:51:
-         7b:41:c5:35:73:fe:5c:7a:9c:bf:4c:19:c5:2b:7b:02:1f:45:
-         66:0c:64:01:29:77:a8:a2:ef:ba:61:19:27:a1:56:41:a6:73:
-         5d:9f:39:86:38:e9:0a:31:23:55:f1:02:54:ce:96:18:32:ae:
-         22:03:1d:fb:cb:90:45:54:8f:d2:29:17:9d:44:65:68:8c:d2:
-         25:df:a8:c2:29:1e:66:2c:c4:57:a1:ab:93:c7:34:a2:e3:94:
-         bd:dc:8f:51:d2:08:a6:3c:63:c9:c1:ee:90:de:39:92:fc:5e:
-         85:d4:f9:f0:b8:6e:09:30:0c:25:ce:c8:86:c1:75:5d:e8:e8:
-         90:90:ad:0d
+    Signature Value:
+        ad:61:8c:4f:98:84:87:b0:90:fb:4e:07:74:cf:14:6c:8f:30:
+        f6:13:85:db:b2:5e:12:af:9e:ab:4e:58:4e:15:75:c7:bd:8e:
+        50:e8:82:65:a6:0a:de:a3:1a:2c:d7:ba:13:6a:ba:17:f8:4e:
+        2b:ea:69:e5:c3:e1:55:ac:13:f6:c0:58:e6:a0:70:8f:c5:b8:
+        fc:a9:e9:58:07:c4:c5:0a:1f:8e:be:fb:85:ed:af:de:5e:fe:
+        cc:f5:63:50:d9:dc:83:76:0d:08:a2:61:48:43:af:0f:a5:41:
+        f0:5b:82:b2:53:de:ed:9f:55:d2:33:d7:4f:98:e2:5d:73:70:
+        b7:c5:92:e0:02:e2:5f:67:89:95:56:89:00:bd:76:e8:b9:72:
+        4d:02:c6:73:a1:fe:56:76:57:70:23:5f:e8:25:a3:38:2b:f6:
+        51:f7:c5:6f:41:62:43:e0:71:62:a0:42:2c:31:7b:c1:37:dc:
+        51:31:e4:b6:81:15:0a:78:35:8a:34:37:f7:93:46:4b:34:f3:
+        4a:32:8a:a0:2b:05:35:0e:16:d4:96:af:b0:95:65:5a:fc:f6:
+        3f:90:e2:f4:55:3e:54:f6:5e:31:e1:59:2c:da:af:c7:a6:65:
+        e5:ee:c5:d2:d2:09:4d:57:d7:04:0b:1e:4b:63:e7:91:0c:4a:
+        88:34:b3:a8
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkYtSUNBMS1wYXRobGVuMTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBALPYS/hZ1XqVVa/rBwys27XMuKoNgRsx1A+K79ooDlLxiyVURxHY
-YqJbXtX7bbVXtKO20uDhUIvhfs07SFRLVUgYEv5VOx7iuDSyd/chBZ8yQzTb5NTj
-0nSYPh85l+/jidniwHf51HSlE8DOnj5CvA1Ec8V2R4HcQPQGvylmUXtBxTVz/lx6
-nL9MGcUrewIfRWYMZAEpd6ii77phGSehVkGmc12fOYY46QoxI1XxAlTOlhgyriID
-HfvLkEVUj9IpF51EZWiM0iXfqMIpHmYsxFehq5PHNKLjlL3cj1HSCKY8Y8nB7pDe
-OZL8XoXU+fC4bgkwDCXOyIbBdV3o6JCQrQ0=
+AQELBQADggEBAK1hjE+YhIewkPtOB3TPFGyPMPYThduyXhKvnqtOWE4Vdce9jlDo
+gmWmCt6jGizXuhNquhf4TivqaeXD4VWsE/bAWOagcI/FuPyp6VgHxMUKH46++4Xt
+r95e/sz1Y1DZ3IN2DQiiYUhDrw+lQfBbgrJT3u2fVdIz10+Y4l1zcLfFkuAC4l9n
+iZVWiQC9dui5ck0CxnOh/lZ2V3AjX+glozgr9lH3xW9BYkPgcWKgQiwxe8E33FEx
+5LaBFQp4NYo0N/eTRks080oyiqArBTUOFtSWr7CVZVr89j+Q4vRVPlT2XjHhWSza
+r8emZeXuxdLSCU1X1wQLHktj55EMSog0s6g=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-ICA2-pathlen0.pem b/certs/test-pathlen/chainF-ICA2-pathlen0.pem
index 09e2a4232..8459aa6f7 100644
--- a/certs/test-pathlen/chainF-ICA2-pathlen0.pem
+++ b/certs/test-pathlen/chainF-ICA2-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:da:3a:22:65:f8:6d:1c:b7:1c:87:dd:27:f4:d7:
                     75:aa:7c:1c:37:31:b4:d6:a5:34:4b:36:40:ea:55:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         9b:28:44:f3:e9:c3:e9:38:03:1a:19:ac:80:f8:ef:e8:a6:3e:
-         83:80:71:30:48:6c:8e:28:10:f8:84:d3:12:0b:35:fc:f3:51:
-         87:9b:ef:48:9a:fd:5b:ca:b2:4e:61:94:ae:5b:a7:a7:36:2e:
-         e2:da:83:19:82:e4:cb:70:5d:c5:1a:de:4c:b6:be:c6:6e:d9:
-         f8:6c:6e:64:b4:96:7f:18:ba:b5:54:f1:8a:6f:75:27:e3:51:
-         98:50:f7:92:ff:a3:e8:65:ae:62:ab:7f:94:7c:e3:f9:3a:f5:
-         6d:9a:d7:98:6a:3b:5a:b3:1f:73:92:ad:f2:6b:7e:e5:10:ee:
-         3d:5a:73:28:18:0f:5c:e0:99:6f:1e:5f:61:da:e1:a4:d4:a1:
-         e7:69:b1:e0:9b:ba:e9:1b:6d:60:e2:b5:c6:9e:19:9f:21:d4:
-         d6:2f:da:56:15:d8:4f:b5:82:b2:62:83:a0:cd:70:05:2c:21:
-         61:6d:92:9a:91:fa:16:4e:0c:e1:4a:72:6f:ad:41:d1:d4:ed:
-         45:4d:07:8c:cf:79:9e:e5:95:3b:d6:27:cc:7d:f5:44:1d:6f:
-         90:4b:ef:0d:f5:7f:4a:3e:87:82:ad:db:01:40:42:85:4a:b0:
-         85:9b:cd:6b:0b:c3:a2:5e:48:c9:21:47:9d:f1:b0:2d:bc:5e:
-         d1:5f:a2:f5
+    Signature Value:
+        29:47:3b:ef:6e:d7:f9:18:75:75:19:df:76:1c:ae:ef:f6:1e:
+        24:6c:fa:f1:cc:3a:6f:ec:e7:2f:40:b8:93:c1:4c:76:c8:c9:
+        c8:88:17:9e:7c:28:47:81:a3:24:d0:3c:38:74:af:e1:1a:b6:
+        93:23:51:9f:2f:03:8b:a3:f3:38:c4:c4:bf:95:66:d1:6c:18:
+        2c:49:ed:cb:93:62:94:51:f8:39:59:6e:0a:d7:55:50:7e:0b:
+        1e:43:a8:25:30:70:c8:80:b1:dd:d6:fa:6f:c7:f2:ee:e7:07:
+        a2:b3:4b:16:b5:2a:39:b7:e6:d2:7f:df:72:f1:1f:27:3d:cc:
+        58:95:15:3c:5e:57:2b:83:91:03:61:0e:53:b2:fa:8a:51:1f:
+        73:19:8b:86:47:31:36:f1:84:b6:27:88:51:01:94:a1:41:f7:
+        1b:8c:55:c3:67:c2:31:60:68:83:2c:03:84:15:6a:d0:13:23:
+        bc:ce:e6:24:79:21:1f:0c:a2:7f:c0:a0:78:71:e2:21:a6:e7:
+        03:c3:8d:ce:80:0e:8b:f7:f2:6e:96:22:9a:ad:45:e2:ca:42:
+        ba:6b:60:d3:a9:43:d3:77:de:c4:37:33:40:42:b3:7c:ae:9b:
+        5e:20:5e:93:04:7a:c2:c0:69:04:19:ac:7b:44:3d:d5:d0:05:
+        f2:8a:53:86
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluRi1JQ0Ey
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFEpTSrcweDWRtMvdyCJ0ia+AD39oMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAJsoRPPpw+k4AxoZrID47+imPoOAcTBIbI4oEPiE0xIL
-NfzzUYeb70ia/VvKsk5hlK5bp6c2LuLagxmC5MtwXcUa3ky2vsZu2fhsbmS0ln8Y
-urVU8YpvdSfjUZhQ95L/o+hlrmKrf5R84/k69W2a15hqO1qzH3OSrfJrfuUQ7j1a
-cygYD1zgmW8eX2Ha4aTUoedpseCbuukbbWDitcaeGZ8h1NYv2lYV2E+1grJig6DN
-cAUsIWFtkpqR+hZODOFKcm+tQdHU7UVNB4zPeZ7llTvWJ8x99UQdb5BL7w31f0o+
-h4Kt2wFAQoVKsIWbzWsLw6JeSMkhR53xsC28XtFfovU=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAClHO+9u1/kYdXUZ33Ycru/2HiRs+vHMOm/s5y9AuJPB
+THbIyciIF558KEeBoyTQPDh0r+EatpMjUZ8vA4uj8zjExL+VZtFsGCxJ7cuTYpRR
++DlZbgrXVVB+Cx5DqCUwcMiAsd3W+m/H8u7nB6KzSxa1Kjm35tJ/33LxHyc9zFiV
+FTxeVyuDkQNhDlOy+opRH3MZi4ZHMTbxhLYniFEBlKFB9xuMVcNnwjFgaIMsA4QV
+atATI7zO5iR5IR8Mon/AoHhx4iGm5wPDjc6ADov38m6WIpqtReLKQrprYNOpQ9N3
+3sQ3M0BCs3yum14gXpMEesLAaQQZrHtEPdXQBfKKU4Y=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-assembled.pem b/certs/test-pathlen/chainF-assembled.pem
index aae43d35a..68814a201 100644
--- a/certs/test-pathlen/chainF-assembled.pem
+++ b/certs/test-pathlen/chainF-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:f8:2c:ad:25:a9:65:3b:72:13:5d:aa:7f:5b:
                     71:f5:e0:43:c4:3a:b3:36:0d:34:61:35:86:77:a0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:75:32:21:05:2B:60:FE:44:17:AF:18:65:86:85:19:82:3F:F9:64:83
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainF-ICA2-pathlen0/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         a3:86:46:c1:10:c2:92:fe:7d:9d:ce:49:ed:8c:bd:65:74:5e:
-         b7:19:53:d8:79:84:ca:f3:f3:e7:30:b7:b9:e1:61:b1:f3:77:
-         95:14:7b:fd:fe:d9:d0:eb:aa:05:30:d2:71:dc:fa:03:ea:08:
-         e2:c9:07:ec:bf:f6:41:1f:d3:39:a4:1b:7b:23:c7:a1:a7:fd:
-         c0:f6:0e:07:94:91:0e:b7:8e:92:40:05:fc:09:2e:c5:ba:46:
-         ce:94:e5:3e:09:04:e9:b7:c3:52:3e:2d:c1:01:11:d8:2f:b6:
-         10:1f:2d:3b:b1:1d:b0:c5:11:92:66:4d:52:2a:4e:d1:29:d3:
-         4f:fd:0d:2e:4a:60:ed:35:8c:02:91:35:77:3d:21:a5:03:3d:
-         d2:bc:4e:68:0e:f6:4d:f7:87:a4:85:e5:51:33:38:b7:1f:4c:
-         07:85:30:13:32:d9:d9:42:4f:ef:5f:a3:26:e0:60:79:c0:8a:
-         7b:00:8b:9f:18:4b:8e:b3:9e:3f:6b:69:70:03:4c:43:21:1a:
-         4d:80:04:48:a2:a0:ae:99:61:a8:84:35:35:99:c7:24:81:d8:
-         55:95:6b:93:dd:eb:e7:04:de:9f:d4:b9:82:4e:bd:a7:c7:c7:
-         80:5f:c4:78:d8:7b:65:4f:58:8e:d0:17:c8:90:1a:1c:8d:54:
-         1c:3d:d5:f4
+    Signature Value:
+        42:47:7f:36:55:45:b3:84:79:71:75:00:e8:dd:0c:e3:0c:1e:
+        41:8f:3c:d5:e5:8f:9f:71:80:3b:44:f3:e0:9e:29:44:2a:45:
+        f1:49:c6:a3:5a:8c:31:58:8b:79:8b:33:d7:ba:da:13:92:9d:
+        60:4e:d1:4f:8d:ff:ea:3f:e8:20:03:8e:67:03:88:e1:59:84:
+        e2:7b:86:e4:82:97:b2:fb:3e:9e:ee:df:b5:31:00:9f:32:2a:
+        7d:c1:36:90:d9:03:aa:f1:6f:07:75:ed:74:62:4e:13:86:cd:
+        9f:b0:29:e9:7e:63:db:d1:15:0a:ac:b3:22:a4:57:c9:49:5f:
+        c7:85:cc:30:4e:d3:62:27:16:df:51:8a:55:f7:b7:74:49:91:
+        26:a3:d3:75:ae:6d:47:40:ac:e2:d1:52:e0:97:d5:f2:c5:96:
+        0a:c5:bc:ed:e5:83:14:ea:65:d3:66:05:17:3d:bd:80:55:38:
+        6b:62:5b:be:e1:b0:6e:88:66:40:00:17:fb:46:29:22:ce:be:
+        57:54:4a:19:cf:ea:38:80:0a:2f:9f:6e:80:6d:06:9f:b5:68:
+        ad:da:98:ee:02:31:a1:e3:2c:2e:ac:d2:f0:2e:51:88:41:4b:
+        f9:04:99:67:63:af:ab:73:8d:cd:ed:2f:1a:69:10:b5:b1:f8:
+        71:6b:96:05
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkYtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBR1MiEFK2D+RBevGGWGhRmCP/lkg6GBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKOGRsEQ
-wpL+fZ3OSe2MvWV0XrcZU9h5hMrz8+cwt7nhYbHzd5UUe/3+2dDrqgUw0nHc+gPq
-COLJB+y/9kEf0zmkG3sjx6Gn/cD2DgeUkQ63jpJABfwJLsW6Rs6U5T4JBOm3w1I+
-LcEBEdgvthAfLTuxHbDFEZJmTVIqTtEp00/9DS5KYO01jAKRNXc9IaUDPdK8TmgO
-9k33h6SF5VEzOLcfTAeFMBMy2dlCT+9foybgYHnAinsAi58YS46znj9raXADTEMh
-Gk2ABEiioK6ZYaiENTWZxySB2FWVa5Pd6+cE3p/UuYJOvafHx4BfxHjYe2VPWI7Q
-F8iQGhyNVBw91fQ=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEJHfzZV
+RbOEeXF1AOjdDOMMHkGPPNXlj59xgDtE8+CeKUQqRfFJxqNajDFYi3mLM9e62hOS
+nWBO0U+N/+o/6CADjmcDiOFZhOJ7huSCl7L7Pp7u37UxAJ8yKn3BNpDZA6rxbwd1
+7XRiThOGzZ+wKel+Y9vRFQqssyKkV8lJX8eFzDBO02InFt9RilX3t3RJkSaj03Wu
+bUdArOLRUuCX1fLFlgrFvO3lgxTqZdNmBRc9vYBVOGtiW77hsG6IZkAAF/tGKSLO
+vldUShnP6jiACi+fboBtBp+1aK3amO4CMaHjLC6s0vAuUYhBS/kEmWdjr6tzjc3t
+LxppELWx+HFrlgU=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e0:13:c9:b0:8e:9d:3f:88:d4:30:4a:b4:e8:11:
                     21:93:5c:20:45:08:f8:7a:91:b9:2c:ad:ff:60:aa:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:4A:53:4A:B7:30:78:35:91:B4:CB:DD:C8:22:74:89:AF:80:0F:7F:68
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         b3:d8:4b:f8:59:d5:7a:95:55:af:eb:07:0c:ac:db:b5:cc:b8:
-         aa:0d:81:1b:31:d4:0f:8a:ef:da:28:0e:52:f1:8b:25:54:47:
-         11:d8:62:a2:5b:5e:d5:fb:6d:b5:57:b4:a3:b6:d2:e0:e1:50:
-         8b:e1:7e:cd:3b:48:54:4b:55:48:18:12:fe:55:3b:1e:e2:b8:
-         34:b2:77:f7:21:05:9f:32:43:34:db:e4:d4:e3:d2:74:98:3e:
-         1f:39:97:ef:e3:89:d9:e2:c0:77:f9:d4:74:a5:13:c0:ce:9e:
-         3e:42:bc:0d:44:73:c5:76:47:81:dc:40:f4:06:bf:29:66:51:
-         7b:41:c5:35:73:fe:5c:7a:9c:bf:4c:19:c5:2b:7b:02:1f:45:
-         66:0c:64:01:29:77:a8:a2:ef:ba:61:19:27:a1:56:41:a6:73:
-         5d:9f:39:86:38:e9:0a:31:23:55:f1:02:54:ce:96:18:32:ae:
-         22:03:1d:fb:cb:90:45:54:8f:d2:29:17:9d:44:65:68:8c:d2:
-         25:df:a8:c2:29:1e:66:2c:c4:57:a1:ab:93:c7:34:a2:e3:94:
-         bd:dc:8f:51:d2:08:a6:3c:63:c9:c1:ee:90:de:39:92:fc:5e:
-         85:d4:f9:f0:b8:6e:09:30:0c:25:ce:c8:86:c1:75:5d:e8:e8:
-         90:90:ad:0d
+    Signature Value:
+        ad:61:8c:4f:98:84:87:b0:90:fb:4e:07:74:cf:14:6c:8f:30:
+        f6:13:85:db:b2:5e:12:af:9e:ab:4e:58:4e:15:75:c7:bd:8e:
+        50:e8:82:65:a6:0a:de:a3:1a:2c:d7:ba:13:6a:ba:17:f8:4e:
+        2b:ea:69:e5:c3:e1:55:ac:13:f6:c0:58:e6:a0:70:8f:c5:b8:
+        fc:a9:e9:58:07:c4:c5:0a:1f:8e:be:fb:85:ed:af:de:5e:fe:
+        cc:f5:63:50:d9:dc:83:76:0d:08:a2:61:48:43:af:0f:a5:41:
+        f0:5b:82:b2:53:de:ed:9f:55:d2:33:d7:4f:98:e2:5d:73:70:
+        b7:c5:92:e0:02:e2:5f:67:89:95:56:89:00:bd:76:e8:b9:72:
+        4d:02:c6:73:a1:fe:56:76:57:70:23:5f:e8:25:a3:38:2b:f6:
+        51:f7:c5:6f:41:62:43:e0:71:62:a0:42:2c:31:7b:c1:37:dc:
+        51:31:e4:b6:81:15:0a:78:35:8a:34:37:f7:93:46:4b:34:f3:
+        4a:32:8a:a0:2b:05:35:0e:16:d4:96:af:b0:95:65:5a:fc:f6:
+        3f:90:e2:f4:55:3e:54:f6:5e:31:e1:59:2c:da:af:c7:a6:65:
+        e5:ee:c5:d2:d2:09:4d:57:d7:04:0b:1e:4b:63:e7:91:0c:4a:
+        88:34:b3:a8
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkYtSUNBMS1wYXRobGVuMTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBALPYS/hZ1XqVVa/rBwys27XMuKoNgRsx1A+K79ooDlLxiyVURxHY
-YqJbXtX7bbVXtKO20uDhUIvhfs07SFRLVUgYEv5VOx7iuDSyd/chBZ8yQzTb5NTj
-0nSYPh85l+/jidniwHf51HSlE8DOnj5CvA1Ec8V2R4HcQPQGvylmUXtBxTVz/lx6
-nL9MGcUrewIfRWYMZAEpd6ii77phGSehVkGmc12fOYY46QoxI1XxAlTOlhgyriID
-HfvLkEVUj9IpF51EZWiM0iXfqMIpHmYsxFehq5PHNKLjlL3cj1HSCKY8Y8nB7pDe
-OZL8XoXU+fC4bgkwDCXOyIbBdV3o6JCQrQ0=
+AQELBQADggEBAK1hjE+YhIewkPtOB3TPFGyPMPYThduyXhKvnqtOWE4Vdce9jlDo
+gmWmCt6jGizXuhNquhf4TivqaeXD4VWsE/bAWOagcI/FuPyp6VgHxMUKH46++4Xt
+r95e/sz1Y1DZ3IN2DQiiYUhDrw+lQfBbgrJT3u2fVdIz10+Y4l1zcLfFkuAC4l9n
+iZVWiQC9dui5ck0CxnOh/lZ2V3AjX+glozgr9lH3xW9BYkPgcWKgQiwxe8E33FEx
+5LaBFQp4NYo0N/eTRks080oyiqArBTUOFtSWr7CVZVr89j+Q4vRVPlT2XjHhWSza
+r8emZeXuxdLSCU1X1wQLHktj55EMSog0s6g=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:da:3a:22:65:f8:6d:1c:b7:1c:87:dd:27:f4:d7:
                     75:aa:7c:1c:37:31:b4:d6:a5:34:4b:36:40:ea:55:
@@ -213,34 +213,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         9b:28:44:f3:e9:c3:e9:38:03:1a:19:ac:80:f8:ef:e8:a6:3e:
-         83:80:71:30:48:6c:8e:28:10:f8:84:d3:12:0b:35:fc:f3:51:
-         87:9b:ef:48:9a:fd:5b:ca:b2:4e:61:94:ae:5b:a7:a7:36:2e:
-         e2:da:83:19:82:e4:cb:70:5d:c5:1a:de:4c:b6:be:c6:6e:d9:
-         f8:6c:6e:64:b4:96:7f:18:ba:b5:54:f1:8a:6f:75:27:e3:51:
-         98:50:f7:92:ff:a3:e8:65:ae:62:ab:7f:94:7c:e3:f9:3a:f5:
-         6d:9a:d7:98:6a:3b:5a:b3:1f:73:92:ad:f2:6b:7e:e5:10:ee:
-         3d:5a:73:28:18:0f:5c:e0:99:6f:1e:5f:61:da:e1:a4:d4:a1:
-         e7:69:b1:e0:9b:ba:e9:1b:6d:60:e2:b5:c6:9e:19:9f:21:d4:
-         d6:2f:da:56:15:d8:4f:b5:82:b2:62:83:a0:cd:70:05:2c:21:
-         61:6d:92:9a:91:fa:16:4e:0c:e1:4a:72:6f:ad:41:d1:d4:ed:
-         45:4d:07:8c:cf:79:9e:e5:95:3b:d6:27:cc:7d:f5:44:1d:6f:
-         90:4b:ef:0d:f5:7f:4a:3e:87:82:ad:db:01:40:42:85:4a:b0:
-         85:9b:cd:6b:0b:c3:a2:5e:48:c9:21:47:9d:f1:b0:2d:bc:5e:
-         d1:5f:a2:f5
+    Signature Value:
+        29:47:3b:ef:6e:d7:f9:18:75:75:19:df:76:1c:ae:ef:f6:1e:
+        24:6c:fa:f1:cc:3a:6f:ec:e7:2f:40:b8:93:c1:4c:76:c8:c9:
+        c8:88:17:9e:7c:28:47:81:a3:24:d0:3c:38:74:af:e1:1a:b6:
+        93:23:51:9f:2f:03:8b:a3:f3:38:c4:c4:bf:95:66:d1:6c:18:
+        2c:49:ed:cb:93:62:94:51:f8:39:59:6e:0a:d7:55:50:7e:0b:
+        1e:43:a8:25:30:70:c8:80:b1:dd:d6:fa:6f:c7:f2:ee:e7:07:
+        a2:b3:4b:16:b5:2a:39:b7:e6:d2:7f:df:72:f1:1f:27:3d:cc:
+        58:95:15:3c:5e:57:2b:83:91:03:61:0e:53:b2:fa:8a:51:1f:
+        73:19:8b:86:47:31:36:f1:84:b6:27:88:51:01:94:a1:41:f7:
+        1b:8c:55:c3:67:c2:31:60:68:83:2c:03:84:15:6a:d0:13:23:
+        bc:ce:e6:24:79:21:1f:0c:a2:7f:c0:a0:78:71:e2:21:a6:e7:
+        03:c3:8d:ce:80:0e:8b:f7:f2:6e:96:22:9a:ad:45:e2:ca:42:
+        ba:6b:60:d3:a9:43:d3:77:de:c4:37:33:40:42:b3:7c:ae:9b:
+        5e:20:5e:93:04:7a:c2:c0:69:04:19:ac:7b:44:3d:d5:d0:05:
+        f2:8a:53:86
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluRi1JQ0Ey
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -254,12 +254,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFEpTSrcweDWRtMvdyCJ0ia+AD39oMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAJsoRPPpw+k4AxoZrID47+imPoOAcTBIbI4oEPiE0xIL
-NfzzUYeb70ia/VvKsk5hlK5bp6c2LuLagxmC5MtwXcUa3ky2vsZu2fhsbmS0ln8Y
-urVU8YpvdSfjUZhQ95L/o+hlrmKrf5R84/k69W2a15hqO1qzH3OSrfJrfuUQ7j1a
-cygYD1zgmW8eX2Ha4aTUoedpseCbuukbbWDitcaeGZ8h1NYv2lYV2E+1grJig6DN
-cAUsIWFtkpqR+hZODOFKcm+tQdHU7UVNB4zPeZ7llTvWJ8x99UQdb5BL7w31f0o+
-h4Kt2wFAQoVKsIWbzWsLw6JeSMkhR53xsC28XtFfovU=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAClHO+9u1/kYdXUZ33Ycru/2HiRs+vHMOm/s5y9AuJPB
+THbIyciIF558KEeBoyTQPDh0r+EatpMjUZ8vA4uj8zjExL+VZtFsGCxJ7cuTYpRR
++DlZbgrXVVB+Cx5DqCUwcMiAsd3W+m/H8u7nB6KzSxa1Kjm35tJ/33LxHyc9zFiV
+FTxeVyuDkQNhDlOy+opRH3MZi4ZHMTbxhLYniFEBlKFB9xuMVcNnwjFgaIMsA4QV
+atATI7zO5iR5IR8Mon/AoHhx4iGm5wPDjc6ADov38m6WIpqtReLKQrprYNOpQ9N3
+3sQ3M0BCs3yum14gXpMEesLAaQQZrHtEPdXQBfKKU4Y=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-entity.pem b/certs/test-pathlen/chainF-entity.pem
index e63ff2523..83f4980e2 100644
--- a/certs/test-pathlen/chainF-entity.pem
+++ b/certs/test-pathlen/chainF-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:f8:2c:ad:25:a9:65:3b:72:13:5d:aa:7f:5b:
                     71:f5:e0:43:c4:3a:b3:36:0d:34:61:35:86:77:a0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:75:32:21:05:2B:60:FE:44:17:AF:18:65:86:85:19:82:3F:F9:64:83
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainF-ICA2-pathlen0/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         a3:86:46:c1:10:c2:92:fe:7d:9d:ce:49:ed:8c:bd:65:74:5e:
-         b7:19:53:d8:79:84:ca:f3:f3:e7:30:b7:b9:e1:61:b1:f3:77:
-         95:14:7b:fd:fe:d9:d0:eb:aa:05:30:d2:71:dc:fa:03:ea:08:
-         e2:c9:07:ec:bf:f6:41:1f:d3:39:a4:1b:7b:23:c7:a1:a7:fd:
-         c0:f6:0e:07:94:91:0e:b7:8e:92:40:05:fc:09:2e:c5:ba:46:
-         ce:94:e5:3e:09:04:e9:b7:c3:52:3e:2d:c1:01:11:d8:2f:b6:
-         10:1f:2d:3b:b1:1d:b0:c5:11:92:66:4d:52:2a:4e:d1:29:d3:
-         4f:fd:0d:2e:4a:60:ed:35:8c:02:91:35:77:3d:21:a5:03:3d:
-         d2:bc:4e:68:0e:f6:4d:f7:87:a4:85:e5:51:33:38:b7:1f:4c:
-         07:85:30:13:32:d9:d9:42:4f:ef:5f:a3:26:e0:60:79:c0:8a:
-         7b:00:8b:9f:18:4b:8e:b3:9e:3f:6b:69:70:03:4c:43:21:1a:
-         4d:80:04:48:a2:a0:ae:99:61:a8:84:35:35:99:c7:24:81:d8:
-         55:95:6b:93:dd:eb:e7:04:de:9f:d4:b9:82:4e:bd:a7:c7:c7:
-         80:5f:c4:78:d8:7b:65:4f:58:8e:d0:17:c8:90:1a:1c:8d:54:
-         1c:3d:d5:f4
+    Signature Value:
+        42:47:7f:36:55:45:b3:84:79:71:75:00:e8:dd:0c:e3:0c:1e:
+        41:8f:3c:d5:e5:8f:9f:71:80:3b:44:f3:e0:9e:29:44:2a:45:
+        f1:49:c6:a3:5a:8c:31:58:8b:79:8b:33:d7:ba:da:13:92:9d:
+        60:4e:d1:4f:8d:ff:ea:3f:e8:20:03:8e:67:03:88:e1:59:84:
+        e2:7b:86:e4:82:97:b2:fb:3e:9e:ee:df:b5:31:00:9f:32:2a:
+        7d:c1:36:90:d9:03:aa:f1:6f:07:75:ed:74:62:4e:13:86:cd:
+        9f:b0:29:e9:7e:63:db:d1:15:0a:ac:b3:22:a4:57:c9:49:5f:
+        c7:85:cc:30:4e:d3:62:27:16:df:51:8a:55:f7:b7:74:49:91:
+        26:a3:d3:75:ae:6d:47:40:ac:e2:d1:52:e0:97:d5:f2:c5:96:
+        0a:c5:bc:ed:e5:83:14:ea:65:d3:66:05:17:3d:bd:80:55:38:
+        6b:62:5b:be:e1:b0:6e:88:66:40:00:17:fb:46:29:22:ce:be:
+        57:54:4a:19:cf:ea:38:80:0a:2f:9f:6e:80:6d:06:9f:b5:68:
+        ad:da:98:ee:02:31:a1:e3:2c:2e:ac:d2:f0:2e:51:88:41:4b:
+        f9:04:99:67:63:af:ab:73:8d:cd:ed:2f:1a:69:10:b5:b1:f8:
+        71:6b:96:05
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkYtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBR1MiEFK2D+RBevGGWGhRmCP/lkg6GBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKOGRsEQ
-wpL+fZ3OSe2MvWV0XrcZU9h5hMrz8+cwt7nhYbHzd5UUe/3+2dDrqgUw0nHc+gPq
-COLJB+y/9kEf0zmkG3sjx6Gn/cD2DgeUkQ63jpJABfwJLsW6Rs6U5T4JBOm3w1I+
-LcEBEdgvthAfLTuxHbDFEZJmTVIqTtEp00/9DS5KYO01jAKRNXc9IaUDPdK8TmgO
-9k33h6SF5VEzOLcfTAeFMBMy2dlCT+9foybgYHnAinsAi58YS46znj9raXADTEMh
-Gk2ABEiioK6ZYaiENTWZxySB2FWVa5Pd6+cE3p/UuYJOvafHx4BfxHjYe2VPWI7Q
-F8iQGhyNVBw91fQ=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEJHfzZV
+RbOEeXF1AOjdDOMMHkGPPNXlj59xgDtE8+CeKUQqRfFJxqNajDFYi3mLM9e62hOS
+nWBO0U+N/+o/6CADjmcDiOFZhOJ7huSCl7L7Pp7u37UxAJ8yKn3BNpDZA6rxbwd1
+7XRiThOGzZ+wKel+Y9vRFQqssyKkV8lJX8eFzDBO02InFt9RilX3t3RJkSaj03Wu
+bUdArOLRUuCX1fLFlgrFvO3lgxTqZdNmBRc9vYBVOGtiW77hsG6IZkAAF/tGKSLO
+vldUShnP6jiACi+fboBtBp+1aK3amO4CMaHjLC6s0vAuUYhBS/kEmWdjr6tzjc3t
+LxppELWx+HFrlgU=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA1-pathlen0.pem b/certs/test-pathlen/chainG-ICA1-pathlen0.pem
index 29420ebed..7d0d981c9 100644
--- a/certs/test-pathlen/chainG-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainG-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d2:26:be:51:98:42:e0:1f:ae:fc:c2:cb:ba:d5:
                     0f:44:3b:0b:60:d8:49:ec:03:43:6b:06:ce:f2:28:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:E1:E6:9B:28:CF:FD:AB:45:C1:B7:A7:C4:C9:58:FC:41:E3:1A:5C:74
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA3-pathlen99/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6e:12:75:fb:ac:2b:b3:b5:f3:f8:0c:2b:61:c3:22:c0:1f:16:
-         cf:36:8c:b2:fc:be:83:ad:81:3d:e9:4e:76:e3:85:db:34:b4:
-         b1:a6:ed:fe:82:ee:b2:7c:64:14:e4:1f:d6:fb:16:3e:36:d7:
-         a1:f3:99:99:7c:48:96:50:d0:e4:29:43:42:93:7c:8e:24:fc:
-         ba:6b:89:1c:1b:c8:39:d2:62:5e:7f:ac:0c:e8:7d:f4:90:94:
-         a3:dc:5d:d4:25:60:07:6f:97:6c:a1:4f:5a:ec:84:70:46:de:
-         4d:74:a8:5c:48:32:94:6d:69:81:65:c6:c4:ef:3e:31:fc:40:
-         f5:5c:10:29:23:49:a7:ca:27:27:33:ed:3f:65:1a:95:f0:57:
-         5a:32:19:b4:4d:66:c5:19:15:4b:a9:79:c9:fb:cd:02:57:04:
-         c2:33:6d:6c:85:67:14:16:7a:d2:32:a0:66:c4:b9:0d:43:bd:
-         57:52:27:da:af:f1:df:68:27:74:b9:dd:d3:3c:ba:79:d0:46:
-         2c:91:fc:1c:65:a4:3a:ea:82:25:c9:b1:2f:7d:78:85:62:1f:
-         a4:4c:69:fc:a3:95:c3:0a:ce:ed:10:24:ec:f7:17:bf:22:42:
-         44:ac:0d:77:a1:3d:9d:d0:fb:03:1b:b7:79:8a:ba:6e:3c:a4:
-         3e:1c:0a:54
+    Signature Value:
+        10:ac:6a:7c:e3:78:f4:f0:6d:a5:c2:6f:6b:af:ef:eb:dd:98:
+        c5:ae:75:82:95:16:cb:c8:76:4e:84:44:d3:fd:6e:69:37:5c:
+        db:5a:f6:59:f1:a1:bb:5f:50:b9:6e:3d:b6:12:21:cb:14:91:
+        8e:b0:9c:35:96:38:b4:0d:51:4a:a7:a7:d2:23:54:82:04:96:
+        fb:8f:34:84:80:87:ac:b5:f9:3f:6f:ec:1d:c6:8b:ee:1a:ee:
+        d8:e2:d8:b5:e0:b6:b6:92:97:fb:c9:cf:67:e1:9a:40:ee:8d:
+        54:24:1a:cb:5b:1b:0b:6a:83:9d:cf:a6:3b:ec:41:96:f5:cb:
+        fe:87:52:23:66:67:4a:48:7f:3b:5a:d1:63:c7:c6:40:fd:41:
+        51:8e:86:3a:5f:34:50:cd:56:ce:de:1a:ab:a0:87:08:b4:b3:
+        89:fe:b3:64:11:be:c3:f7:81:f1:b4:c1:9d:c3:ce:72:49:d3:
+        c4:d2:33:0a:db:f1:85:76:69:2f:94:f8:59:77:b7:c8:ff:4c:
+        69:b9:68:bb:ee:ff:a1:17:cb:d9:7d:5a:8f:bb:a7:93:ed:e6:
+        dd:60:8d:25:31:5d:90:51:74:24:c3:8f:62:90:02:f8:db:ad:
+        fd:e9:0a:fd:c2:ad:6a:2f:83:4f:8b:49:7d:c8:60:6d:98:57:
+        43:15:f1:3a
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkctSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ ojELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHjAcBgNVBAMMFWNoYWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbhJ1+6wrs7Xz+AwrYcMiwB8WzzaMsvy+
-g62BPelOduOF2zS0sabt/oLusnxkFOQf1vsWPjbXofOZmXxIllDQ5ClDQpN8jiT8
-umuJHBvIOdJiXn+sDOh99JCUo9xd1CVgB2+XbKFPWuyEcEbeTXSoXEgylG1pgWXG
-xO8+MfxA9VwQKSNJp8onJzPtP2UalfBXWjIZtE1mxRkVS6l5yfvNAlcEwjNtbIVn
-FBZ60jKgZsS5DUO9V1In2q/x32gndLnd0zy6edBGLJH8HGWkOuqCJcmxL314hWIf
-pExp/KOVwwrO7RAk7PcXvyJCRKwNd6E9ndD7Axu3eYq6bjykPhwKVA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAEKxqfON49PBtpcJva6/v692Yxa51gpUW
+y8h2ToRE0/1uaTdc21r2WfGhu19QuW49thIhyxSRjrCcNZY4tA1RSqen0iNUggSW
++480hICHrLX5P2/sHcaL7hru2OLYteC2tpKX+8nPZ+GaQO6NVCQay1sbC2qDnc+m
+O+xBlvXL/odSI2ZnSkh/O1rRY8fGQP1BUY6GOl80UM1Wzt4aq6CHCLSzif6zZBG+
+w/eB8bTBncPOcknTxNIzCtvxhXZpL5T4WXe3yP9Mablou+7/oRfL2X1aj7unk+3m
+3WCNJTFdkFF0JMOPYpAC+Nut/ekK/cKtai+DT4tJfchgbZhXQxXxOg==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA2-pathlen1.pem b/certs/test-pathlen/chainG-ICA2-pathlen1.pem
index f7c7956ec..2a40d2e73 100644
--- a/certs/test-pathlen/chainG-ICA2-pathlen1.pem
+++ b/certs/test-pathlen/chainG-ICA2-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:3e:de:b9:f9:a9:d7:8e:7a:4b:f2:f1:8c:f9:
                     3b:1c:ce:59:31:4c:57:0c:2e:8a:0f:90:f0:dc:27:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:C1:CD:1F:81:13:82:24:3B:CF:64:51:7A:4C:E3:65:2E:75:1E:01:23
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA4-pathlen5/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         50:65:9b:1d:8b:6a:ae:9b:d4:f1:ff:57:ac:51:48:fd:c8:9e:
-         19:bb:b2:00:bf:54:ee:c8:d4:2f:eb:5b:ff:17:1e:7c:aa:1d:
-         d4:01:9f:e8:cb:c4:8c:e5:ee:99:04:33:e8:16:3a:fc:44:bd:
-         56:a5:45:e7:e9:fb:88:25:11:4b:07:73:5d:37:21:47:47:9d:
-         f8:e0:89:e0:e4:c0:6a:f4:64:25:e7:b7:d9:47:53:ff:d5:6f:
-         f3:e4:8d:b2:33:f6:ce:46:5b:80:82:8f:05:18:f4:bc:90:5a:
-         af:4a:7f:9d:67:08:f7:41:27:05:c5:34:46:03:fc:14:2e:4e:
-         81:f3:ca:3d:67:9e:a9:53:ec:5b:df:38:d4:b5:92:3d:55:94:
-         df:88:be:a1:e7:14:18:a2:9d:22:5d:10:69:f8:54:c3:a9:14:
-         ef:8e:af:e1:8a:f8:cd:6d:7e:26:30:2c:40:bc:50:49:e5:9f:
-         bc:8f:de:30:23:93:c4:25:b3:e6:fb:b5:64:82:57:41:ac:79:
-         1e:58:9e:6c:67:dc:18:ed:c4:60:79:06:b1:ee:9f:4c:2c:a3:
-         9c:61:d7:77:33:b5:64:50:65:88:33:a0:30:57:99:0f:a9:aa:
-         a7:b3:a8:0d:b1:c5:ce:5a:34:a8:31:47:e4:66:62:b2:11:0e:
-         b9:58:4f:06
+    Signature Value:
+        98:19:29:17:65:3d:c1:a4:8c:35:ae:dc:7f:28:6f:09:9e:4a:
+        02:60:70:d6:5d:bb:6a:44:23:38:28:59:63:3d:a8:38:3c:17:
+        2b:a4:73:67:b7:a8:3e:b1:ea:8d:50:f8:8f:89:d9:72:4c:59:
+        d3:48:b6:3a:52:f4:e5:b7:3d:9f:10:71:9e:7c:b1:1b:9b:f7:
+        9c:03:97:49:0d:0f:3b:23:58:a1:20:4e:39:cb:c8:26:04:57:
+        32:a9:74:cf:dd:f2:e4:dd:03:cd:e5:0d:5d:95:16:a8:06:7a:
+        c3:00:c7:ae:dc:37:a9:b4:3e:32:cf:b3:a4:ba:1f:7a:74:74:
+        29:c2:e5:9c:ee:11:85:b6:2d:10:83:35:c1:de:dc:89:7b:ca:
+        63:ac:89:b7:02:20:77:b1:0f:3e:02:c7:b2:e6:d4:51:e4:76:
+        47:b7:bc:94:fc:7f:61:22:5a:3c:3a:9b:bd:b2:d0:b7:ee:3a:
+        f5:b4:33:85:3b:d6:5b:17:8f:24:60:0b:66:6f:6a:2e:64:bb:
+        a1:0e:4c:18:14:09:ba:01:02:6a:20:ad:75:a1:2d:c1:cb:4b:
+        65:37:38:ac:33:9a:bd:df:1f:02:4a:df:a9:a2:68:a2:87:37:
+        dc:ca:7f:b1:a6:ae:ee:f8:3f:77:bf:6c:6b:b0:9b:73:9d:ef:
+        46:d3:bb:13
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTItcGF0aGxlbjExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -80,10 +80,10 @@ gaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR0wGwYDVQQDDBRjaGFpbkctSUNBNC1wYXRobGVuNTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAUGWbHYtqrpvU8f9XrFFI/cieGbuyAL9U
-7sjUL+tb/xcefKod1AGf6MvEjOXumQQz6BY6/ES9VqVF5+n7iCURSwdzXTchR0ed
-+OCJ4OTAavRkJee32UdT/9Vv8+SNsjP2zkZbgIKPBRj0vJBar0p/nWcI90EnBcU0
-RgP8FC5OgfPKPWeeqVPsW9841LWSPVWU34i+oecUGKKdIl0QafhUw6kU746v4Yr4
-zW1+JjAsQLxQSeWfvI/eMCOTxCWz5vu1ZIJXQax5HliebGfcGO3EYHkGse6fTCyj
-nGHXdzO1ZFBliDOgMFeZD6mqp7OoDbHFzlo0qDFH5GZishEOuVhPBg==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmBkpF2U9waSMNa7cfyhvCZ5KAmBw1l27
+akQjOChZYz2oODwXK6RzZ7eoPrHqjVD4j4nZckxZ00i2OlL05bc9nxBxnnyxG5v3
+nAOXSQ0POyNYoSBOOcvIJgRXMql0z93y5N0DzeUNXZUWqAZ6wwDHrtw3qbQ+Ms+z
+pLofenR0KcLlnO4RhbYtEIM1wd7ciXvKY6yJtwIgd7EPPgLHsubUUeR2R7e8lPx/
+YSJaPDqbvbLQt+469bQzhTvWWxePJGALZm9qLmS7oQ5MGBQJugECaiCtdaEtwctL
+ZTc4rDOavd8fAkrfqaJoooc33Mp/saau7vg/d79sa7Cbc53vRtO7Ew==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA3-pathlen99.pem b/certs/test-pathlen/chainG-ICA3-pathlen99.pem
index cbfb848db..160d33129 100644
--- a/certs/test-pathlen/chainG-ICA3-pathlen99.pem
+++ b/certs/test-pathlen/chainG-ICA3-pathlen99.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ac:f1:39:65:f7:9c:9d:f6:f0:d2:b7:18:16:24:
                     81:32:b7:a5:29:d6:f7:4e:31:38:a7:54:d6:eb:07:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:D4:92:AE:BD:3B:1C:66:4B:17:88:18:15:F8:27:AB:38:CC:07:5A:65
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA5-pathlen20/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:99
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:ad:52:52:31:8c:12:70:07:6c:05:83:b3:84:cf:c2:64:da:
-         43:d2:cc:6c:db:ef:a5:ae:9b:44:96:4e:fe:fd:b9:61:56:59:
-         e2:f2:52:c8:1b:52:2c:36:79:5d:6a:83:a1:c8:03:9a:7a:80:
-         4f:ee:9d:48:87:f4:cb:9b:5e:84:c8:f8:b8:0c:77:e1:cb:40:
-         ac:28:eb:58:07:e4:06:a7:50:e2:44:48:bc:a3:2f:5d:f1:fa:
-         0c:4d:1d:84:0a:57:e5:0c:b9:bb:41:b9:12:17:09:25:9f:99:
-         02:6b:9e:83:fb:07:f8:3f:59:b2:04:62:b7:12:e7:61:8b:48:
-         a7:cc:29:ce:11:f9:7c:64:dd:5c:51:d3:ac:0c:54:4b:22:7e:
-         29:de:98:50:80:f8:1a:65:64:3c:fb:a6:07:bb:e8:b1:a4:e8:
-         f1:7b:07:fd:e2:50:07:67:f5:7a:fa:76:4d:1c:7f:1a:e3:52:
-         ad:13:a6:b5:89:9e:f5:11:68:12:13:dc:59:86:9d:f9:83:18:
-         52:ee:09:24:6a:37:e9:85:95:ac:93:09:23:09:0e:f3:66:a8:
-         85:ee:d1:e4:40:01:f3:c2:c3:1f:48:74:76:2b:7e:4c:9b:a9:
-         a2:2f:c8:7c:74:60:2d:98:e8:63:09:cf:8f:a8:c8:8a:7f:c4:
-         d4:f3:34:ad
+    Signature Value:
+        03:3a:72:4d:48:13:39:45:02:48:80:fe:e2:b0:6f:69:90:fe:
+        ce:79:e0:76:b2:10:0c:a3:f7:99:3d:3c:76:de:27:83:e3:bc:
+        bd:a7:f0:c7:80:d8:db:0d:2b:04:fc:14:6b:4e:3f:6d:96:a6:
+        af:8f:be:eb:d9:cc:ec:92:15:06:cc:d6:eb:91:11:20:40:45:
+        9f:08:fe:19:fb:c5:ac:07:9d:9c:a5:ae:2e:01:d7:0a:02:a0:
+        1d:cf:62:e6:79:47:e4:57:21:1e:ed:9d:5b:94:d7:3f:4e:6a:
+        59:54:ec:29:bd:98:54:72:9c:b9:83:ac:09:b8:97:b1:c1:2e:
+        6b:c3:0b:5f:78:fa:46:d0:bf:8c:70:91:85:ec:17:93:54:f4:
+        b9:80:fc:4c:cd:ad:3f:ae:84:40:97:d0:ed:32:5f:de:09:55:
+        7c:26:bf:e6:85:27:09:77:1c:63:ce:3e:5c:3b:64:f8:d8:b7:
+        6c:74:e0:c9:eb:13:9b:2c:12:2f:02:ec:e3:e7:82:ef:a1:fe:
+        eb:93:39:d6:73:88:00:7f:15:af:ad:50:66:65:a1:15:41:22:
+        ce:0f:52:44:d4:82:9c:7c:9b:33:3d:bc:f8:5b:05:e4:5b:69:
+        db:11:00:41:d3:30:90:34:f2:74:0e:f5:d8:67:be:2e:70:f6:
+        e5:8f:0c:6d
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0E0LXBhdGhsZW41MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaIxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaIxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR4wHAYDVQQD
 DBVjaGFpbkctSUNBMy1wYXRobGVuOTkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -80,10 +80,10 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNS1wYXRobGVuMjAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBYzALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAutUlIxjBJwB2wFg7OEz8Jk2kPSzGzb
-76Wum0SWTv79uWFWWeLyUsgbUiw2eV1qg6HIA5p6gE/unUiH9MubXoTI+LgMd+HL
-QKwo61gH5AanUOJESLyjL13x+gxNHYQKV+UMubtBuRIXCSWfmQJrnoP7B/g/WbIE
-YrcS52GLSKfMKc4R+Xxk3VxR06wMVEsifinemFCA+BplZDz7pge76LGk6PF7B/3i
-UAdn9Xr6dk0cfxrjUq0TprWJnvURaBIT3FmGnfmDGFLuCSRqN+mFlayTCSMJDvNm
-qIXu0eRAAfPCwx9IdHYrfkybqaIvyHx0YC2Y6GMJz4+oyIp/xNTzNK0=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAM6ck1IEzlFAkiA/uKwb2mQ/s554Hay
+EAyj95k9PHbeJ4PjvL2n8MeA2NsNKwT8FGtOP22Wpq+PvuvZzOySFQbM1uuRESBA
+RZ8I/hn7xawHnZylri4B1woCoB3PYuZ5R+RXIR7tnVuU1z9OallU7Cm9mFRynLmD
+rAm4l7HBLmvDC194+kbQv4xwkYXsF5NU9LmA/EzNrT+uhECX0O0yX94JVXwmv+aF
+Jwl3HGPOPlw7ZPjYt2x04MnrE5ssEi8C7OPngu+h/uuTOdZziAB/Fa+tUGZloRVB
+Is4PUkTUgpx8mzM9vPhbBeRbadsRAEHTMJA08nQO9dhnvi5w9uWPDG0=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA4-pathlen5.pem b/certs/test-pathlen/chainG-ICA4-pathlen5.pem
index 2b56f422e..a76ae02fe 100644
--- a/certs/test-pathlen/chainG-ICA4-pathlen5.pem
+++ b/certs/test-pathlen/chainG-ICA4-pathlen5.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:4b:a0:77:b8:42:43:96:e1:f4:8d:1d:a6:2c:
                     d8:12:a2:40:49:11:eb:5f:fb:6c:1d:15:3e:af:dd:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:1D:51:80:B6:9A:A7:AC:DD:80:7B:4B:A2:0B:62:BE:E4:87:30:C7:CA
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA6-pathlen10/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:5
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a6:f3:32:99:ee:fd:de:b1:46:ad:68:a7:6f:d8:55:91:63:2d:
-         07:ce:91:2f:e3:ff:8f:03:e3:cf:c2:33:76:91:33:5f:13:70:
-         10:e4:e2:3b:70:02:fc:d2:7d:39:d2:1a:1e:82:2d:40:d8:a7:
-         bb:69:19:51:fb:c1:32:41:e5:cf:4f:39:f6:f8:dd:b4:cb:f2:
-         11:3e:dc:8d:c7:a6:90:27:14:4b:28:6f:20:9a:58:92:3a:42:
-         8c:c7:40:36:b5:c0:4a:7e:27:0b:37:a7:71:e4:fd:f4:8d:24:
-         8d:fe:3d:4a:59:4e:7e:86:02:f2:e2:09:95:59:ca:19:b9:23:
-         84:1e:c6:14:d9:c4:05:7a:93:77:b4:4a:f4:91:75:3f:89:43:
-         8b:b1:5f:a5:36:0a:2a:b0:a1:7b:8f:33:01:92:4d:c1:d9:51:
-         98:a3:1b:14:f9:34:8e:7c:db:a5:5c:2c:b2:cd:23:b6:f6:65:
-         25:aa:2c:5c:cc:38:49:b2:77:aa:8f:73:3b:00:1f:33:94:43:
-         fd:c2:34:ba:ee:ac:7d:0d:62:58:72:4d:ea:78:29:b5:b1:29:
-         99:70:8c:00:22:1c:a3:93:ca:cd:c8:02:21:57:2d:19:fd:a7:
-         fb:c7:1c:12:0c:49:04:73:4c:7e:dd:9f:9e:1c:5b:e4:2a:53:
-         b6:cf:7e:c4
+    Signature Value:
+        29:f0:28:23:e3:5b:7c:79:38:4f:54:fc:55:b5:0b:2a:32:2d:
+        a3:0f:21:95:80:74:dc:20:d1:21:97:ac:da:31:8c:e0:5f:c5:
+        a0:78:b9:3c:a9:33:5d:9b:28:5d:2a:fa:7f:99:30:3c:d4:74:
+        dd:64:b0:69:24:6e:5f:0d:df:29:93:e0:ca:b2:24:fd:fc:a8:
+        0f:21:ae:a7:f7:32:5d:bc:c0:88:d0:0c:37:6d:58:3b:2f:25:
+        cc:eb:d6:38:9d:4b:88:32:db:55:b3:18:a3:ad:e3:d6:cd:58:
+        40:6e:63:52:b6:bb:fd:55:99:5f:29:83:75:a0:33:25:bc:4a:
+        3f:8c:89:12:3e:3e:37:b5:56:27:3a:34:a1:61:b5:b0:4a:6c:
+        da:fd:ac:a1:c7:8c:88:fb:3a:4e:2e:ec:4c:0c:6b:3e:e9:11:
+        52:00:d4:77:ab:5a:1b:69:1b:cc:d8:85:57:d6:87:34:5b:8f:
+        db:fb:d6:1c:6a:47:61:64:4c:ef:f9:11:12:35:53:0a:64:52:
+        ac:0b:71:19:64:2d:56:85:ee:fa:11:42:49:c2:10:5c:06:20:
+        5b:66:9a:ef:5c:6b:1d:a9:12:86:7c:f9:44:6b:31:91:a0:5c:
+        ce:2f:ee:8f:7e:9b:ef:3c:dd:80:af:70:df:16:6d:91:73:0a:
+        42:31:af:82
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E1LXBhdGhsZW4yMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTQtcGF0aGxlbjUxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -80,10 +80,10 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNi1wYXRobGVuMTAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBBTALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKbzMpnu/d6xRq1op2/YVZFjLQfOkS/j
-/48D48/CM3aRM18TcBDk4jtwAvzSfTnSGh6CLUDYp7tpGVH7wTJB5c9POfb43bTL
-8hE+3I3HppAnFEsobyCaWJI6QozHQDa1wEp+Jws3p3Hk/fSNJI3+PUpZTn6GAvLi
-CZVZyhm5I4QexhTZxAV6k3e0SvSRdT+JQ4uxX6U2CiqwoXuPMwGSTcHZUZijGxT5
-NI5826VcLLLNI7b2ZSWqLFzMOEmyd6qPczsAHzOUQ/3CNLrurH0NYlhyTep4KbWx
-KZlwjAAiHKOTys3IAiFXLRn9p/vHHBIMSQRzTH7dn54cW+QqU7bPfsQ=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBACnwKCPjW3x5OE9U/FW1CyoyLaMPIZWA
+dNwg0SGXrNoxjOBfxaB4uTypM12bKF0q+n+ZMDzUdN1ksGkkbl8N3ymT4MqyJP38
+qA8hrqf3Ml28wIjQDDdtWDsvJczr1jidS4gy21WzGKOt49bNWEBuY1K2u/1VmV8p
+g3WgMyW8Sj+MiRI+Pje1Vic6NKFhtbBKbNr9rKHHjIj7Ok4u7EwMaz7pEVIA1Her
+WhtpG8zYhVfWhzRbj9v71hxqR2FkTO/5ERI1UwpkUqwLcRlkLVaF7voRQknCEFwG
+IFtmmu9cax2pEoZ8+URrMZGgXM4v7o9+m+883YCvcN8WbZFzCkIxr4I=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA5-pathlen20.pem b/certs/test-pathlen/chainG-ICA5-pathlen20.pem
index ff85cabc7..a5390a29c 100644
--- a/certs/test-pathlen/chainG-ICA5-pathlen20.pem
+++ b/certs/test-pathlen/chainG-ICA5-pathlen20.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:be:9d:98:a2:41:ca:64:1f:a2:34:dc:51:7d:49:
                     2b:f7:f8:7a:fc:1a:22:8d:3a:17:8e:00:9c:74:06:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:14:07:E8:A7:3A:A2:9C:DD:4C:30:B0:4D:F0:00:C4:88:C4:39:DF:73
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA7-pathlen100/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:20
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         d9:f9:09:10:86:29:c0:72:a4:93:87:4d:d3:79:ce:fa:f3:8a:
-         79:9a:d0:eb:6d:42:06:00:fc:2c:c3:fa:35:c5:b6:6d:a4:7f:
-         66:29:d2:ad:ed:50:a5:a8:1e:1b:24:db:f3:52:bf:54:b8:3f:
-         67:c2:be:f4:a4:fc:d2:77:74:a4:02:74:0d:fe:c5:e0:42:bd:
-         2b:7c:16:ae:a1:68:6f:e5:80:29:07:f3:5e:e4:0e:96:d2:ee:
-         cd:d2:82:00:22:a7:72:d7:c5:38:71:a0:ac:2a:38:03:c4:c1:
-         23:62:1e:fa:b3:24:32:0f:01:a4:64:a8:ab:79:60:55:77:da:
-         ca:76:00:14:2f:e0:e1:74:f9:72:e2:7d:aa:3d:6b:9f:50:ab:
-         72:31:40:4b:19:9d:b9:9a:12:de:db:15:c3:36:90:9d:48:6f:
-         7a:98:47:7a:65:a2:d5:5b:0c:f3:90:5d:dd:4e:1c:ba:72:b4:
-         ac:be:ca:1b:87:16:7f:f2:b0:33:9b:7a:26:37:eb:1f:cb:4d:
-         bf:c7:f1:01:80:b7:60:c4:ae:71:bb:ab:cc:bd:8a:ba:c4:23:
-         87:15:1e:b9:c7:6d:2d:44:fd:67:25:45:e2:cd:76:4d:87:a1:
-         80:e0:a2:e6:60:23:51:4d:17:b0:82:51:ef:0c:88:75:64:c1:
-         7b:8e:c2:29
+    Signature Value:
+        82:83:b0:69:a3:c1:19:0f:81:1d:53:ae:0d:44:60:ee:34:9a:
+        2b:58:3c:20:f1:ac:8d:ff:fe:8f:92:fe:ff:7a:bc:73:43:84:
+        c4:dd:63:3f:41:20:e9:5b:6d:da:4c:86:d9:7b:6c:41:1e:ab:
+        ad:4d:08:79:38:93:74:a0:ae:77:bb:13:7c:30:04:ca:92:b7:
+        b6:96:07:3f:ab:63:f2:2e:aa:87:b1:5a:55:76:a3:16:cc:3f:
+        36:a2:3a:07:e7:cb:5e:80:34:bf:7a:fa:df:8e:08:2b:24:b6:
+        d9:96:1f:3c:4f:be:9a:4b:88:45:e3:1b:64:f5:5f:f4:dd:24:
+        0b:de:e0:e8:16:b5:34:b4:79:0e:d2:f6:f1:62:91:db:63:c7:
+        a3:09:da:30:9e:10:3d:94:da:4a:3f:0f:c9:df:a8:39:e4:55:
+        eb:f8:34:e2:29:50:50:c7:65:32:67:93:3a:1d:e4:0b:ee:95:
+        fa:a5:55:a7:79:7d:7a:3f:51:1e:21:65:b8:70:13:80:c4:9d:
+        b4:73:c4:d1:75:86:4d:27:ed:e7:c2:0b:2a:d1:b4:cb:33:d6:
+        e1:82:2d:9a:cf:1b:34:77:80:32:f8:ff:2e:56:86:da:85:4e:
+        3e:88:02:e7:6b:cb:4a:5c:9e:7b:d5:9c:8f:9a:fe:6f:c0:b9:
+        85:11:21:db
 -----BEGIN CERTIFICATE-----
 MIIE1zCCA7+gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGiMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGiMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UE
 AwwVY2hhaW5HLUlDQTUtcGF0aGxlbjIwMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -80,10 +80,10 @@ MIGjMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
 U2VhdHRsZTEVMBMGA1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVl
 cmluZzEfMB0GA1UEAwwWY2hhaW5HLUlDQTctcGF0aGxlbjEwMDEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEUMAsGA1Ud
-DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA2fkJEIYpwHKkk4dN03nO+vOKeZrQ
-621CBgD8LMP6NcW2baR/ZinSre1QpageGyTb81K/VLg/Z8K+9KT80nd0pAJ0Df7F
-4EK9K3wWrqFob+WAKQfzXuQOltLuzdKCACKnctfFOHGgrCo4A8TBI2Ie+rMkMg8B
-pGSoq3lgVXfaynYAFC/g4XT5cuJ9qj1rn1CrcjFASxmduZoS3tsVwzaQnUhvephH
-emWi1VsM85Bd3U4cunK0rL7KG4cWf/KwM5t6JjfrH8tNv8fxAYC3YMSucburzL2K
-usQjhxUeucdtLUT9ZyVF4s12TYehgOCi5mAjUU0XsIJR7wyIdWTBe47CKQ==
+DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAgoOwaaPBGQ+BHVOuDURg7jSaK1g8
+IPGsjf/+j5L+/3q8c0OExN1jP0Eg6Vtt2kyG2XtsQR6rrU0IeTiTdKCud7sTfDAE
+ypK3tpYHP6tj8i6qh7FaVXajFsw/NqI6B+fLXoA0v3r6344IKyS22ZYfPE++mkuI
+ReMbZPVf9N0kC97g6Ba1NLR5DtL28WKR22PHownaMJ4QPZTaSj8Pyd+oOeRV6/g0
+4ilQUMdlMmeTOh3kC+6V+qVVp3l9ej9RHiFluHATgMSdtHPE0XWGTSft58ILKtG0
+yzPW4YItms8bNHeAMvj/LlaG2oVOPogC52vLSlyee9Wcj5r+b8C5hREh2w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA6-pathlen10.pem b/certs/test-pathlen/chainG-ICA6-pathlen10.pem
index 8f35c3849..be2c31d72 100644
--- a/certs/test-pathlen/chainG-ICA6-pathlen10.pem
+++ b/certs/test-pathlen/chainG-ICA6-pathlen10.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e1:4f:c9:e7:30:ea:06:ff:65:cb:2b:6c:f1:a8:
                     ac:f6:cf:10:6b:80:7a:af:5e:42:0a:0d:61:be:6f:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:12:E4:A4:19:85:AE:85:B7:D6:EB:63:04:D5:B9:B0:7E:57:5F:0C:16
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:10
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         74:9d:3a:da:91:b6:e0:2d:7d:89:b6:6d:16:7d:f0:28:ba:9f:
-         e5:52:a0:21:92:06:77:77:9a:9a:78:47:56:de:39:4d:64:43:
-         1c:e7:06:02:fd:00:42:1d:2d:71:ef:6e:a3:4f:39:1a:e9:fc:
-         8d:9c:94:32:60:a9:56:12:ee:69:7f:59:ef:30:5f:c4:d6:56:
-         26:1a:9a:bb:c4:ec:01:09:0a:e3:14:ab:44:41:08:75:2a:6b:
-         80:69:58:5d:2e:1a:2a:00:26:0c:b0:36:cd:fb:c1:87:7e:b8:
-         58:ce:4d:32:57:e5:62:2e:64:e3:c9:52:67:21:28:40:16:88:
-         b2:37:19:e0:93:c8:4c:ca:f9:2b:1d:2c:d9:91:82:ac:b4:79:
-         d9:90:79:e5:95:76:03:a2:6b:d8:ef:24:66:1d:a3:3b:6f:c6:
-         0c:95:f2:c3:59:37:f9:87:db:e6:a6:e5:f1:6f:70:92:60:e0:
-         6d:cd:b8:14:69:95:26:56:2c:cc:0e:7e:d4:39:dd:6e:44:32:
-         eb:27:15:00:0f:fa:02:60:32:a5:6c:69:f0:cd:31:c6:b8:ff:
-         1c:59:2f:0f:4d:28:9b:67:79:ea:4f:2c:a6:e0:f1:cf:19:3f:
-         4f:44:2c:61:2e:08:48:cb:11:e2:82:8a:c0:88:53:ad:6b:ba:
-         7e:d6:fa:61
+    Signature Value:
+        b2:a8:44:05:e8:64:53:f1:a8:c0:d3:ae:ec:58:41:a1:89:b1:
+        c3:b6:5c:ce:23:8a:62:e0:1e:d0:b6:e4:8b:bd:bb:3b:33:83:
+        27:b0:e6:e5:1b:c0:65:bd:4d:2d:bd:92:db:a1:c1:57:2a:05:
+        a1:4e:2d:98:fe:00:46:b9:ec:e9:9e:10:cb:3c:e4:84:3f:de:
+        4f:86:84:f6:12:37:67:6d:d2:c1:85:3b:da:aa:b4:43:68:9b:
+        30:b9:47:a9:04:70:74:b6:34:37:c0:dd:1c:60:a6:04:33:8e:
+        3b:d0:c8:cc:67:43:ef:79:56:09:bd:27:64:1d:a7:3e:a1:c9:
+        c9:29:99:5d:21:6a:d6:ee:2b:31:a0:f7:95:4e:8c:09:07:f5:
+        f7:64:ca:8e:47:4d:ce:08:1b:1c:a9:40:aa:d9:45:b2:ac:3f:
+        41:5f:d7:7c:ba:10:00:ba:1d:74:ea:45:3e:eb:df:10:4e:1b:
+        32:47:75:ae:c9:f3:d0:67:cc:01:89:ec:59:6a:d2:6a:00:5a:
+        5a:1d:62:4b:05:50:f0:ae:d3:9d:5e:13:89:c5:f1:3a:5f:29:
+        ac:90:5b:fa:09:3e:a0:35:1a:aa:47:39:17:82:74:c2:7f:f8:
+        05:4b:61:0d:19:f6:68:0f:9c:a5:9c:f2:56:16:28:d4:f1:a8:
+        80:5a:e9:d9
 -----BEGIN CERTIFICATE-----
 MIIEyTCCA7GgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRy1JQ0E3LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBojELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBojELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNV
 BAMMFWNoYWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -80,10 +80,10 @@ lzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
 ZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwDQYJKoZI
-hvcNAQELBQADggEBAHSdOtqRtuAtfYm2bRZ98Ci6n+VSoCGSBnd3mpp4R1beOU1k
-QxznBgL9AEIdLXHvbqNPORrp/I2clDJgqVYS7ml/We8wX8TWViYamrvE7AEJCuMU
-q0RBCHUqa4BpWF0uGioAJgywNs37wYd+uFjOTTJX5WIuZOPJUmchKEAWiLI3GeCT
-yEzK+SsdLNmRgqy0edmQeeWVdgOia9jvJGYdoztvxgyV8sNZN/mH2+am5fFvcJJg
-4G3NuBRplSZWLMwOftQ53W5EMusnFQAP+gJgMqVsafDNMca4/xxZLw9NKJtneepP
-LKbg8c8ZP09ELGEuCEjLEeKCisCIU61run7W+mE=
+hvcNAQELBQADggEBALKoRAXoZFPxqMDTruxYQaGJscO2XM4jimLgHtC25Iu9uzsz
+gyew5uUbwGW9TS29ktuhwVcqBaFOLZj+AEa57OmeEMs85IQ/3k+GhPYSN2dt0sGF
+O9qqtENomzC5R6kEcHS2NDfA3RxgpgQzjjvQyMxnQ+95Vgm9J2Qdpz6hyckpmV0h
+atbuKzGg95VOjAkH9fdkyo5HTc4IGxypQKrZRbKsP0Ff13y6EAC6HXTqRT7r3xBO
+GzJHda7J89BnzAGJ7Flq0moAWlodYksFUPCu051eE4nF8TpfKayQW/oJPqA1GqpH
+OReCdMJ/+AVLYQ0Z9mgPnKWc8lYWKNTxqIBa6dk=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA7-pathlen100.pem b/certs/test-pathlen/chainG-ICA7-pathlen100.pem
index 1a3bed297..83734caa0 100644
--- a/certs/test-pathlen/chainG-ICA7-pathlen100.pem
+++ b/certs/test-pathlen/chainG-ICA7-pathlen100.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:8c:d6:c4:29:20:60:9d:15:3d:0c:2a:fb:24:
                     2f:38:89:ed:37:c4:fc:57:67:2a:50:d8:eb:e2:6a:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:100
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         18:8c:dc:f0:e2:14:b8:33:68:ed:a7:5e:f9:12:72:93:58:a0:
-         91:2a:d5:87:77:21:24:e9:b6:af:d3:af:55:8b:31:1c:a8:bb:
-         3a:30:94:bb:aa:d4:5e:bb:17:d1:93:57:51:e6:32:f0:c7:e6:
-         76:86:06:6d:c7:2a:35:c2:a3:2f:54:d6:bf:b1:25:7e:e4:0b:
-         1a:dd:62:ce:34:d5:18:b4:4d:d0:76:52:d4:63:00:8b:90:72:
-         4e:77:ff:c1:1b:bf:31:d1:6d:d2:75:69:5a:0c:a6:b2:42:e7:
-         97:c9:a1:47:50:16:89:ee:20:ee:e7:c0:c8:06:7f:5e:55:0a:
-         79:90:ed:2d:11:83:49:23:f0:89:08:cb:9c:84:6e:f5:6b:fe:
-         b2:2c:16:0e:74:d9:a8:35:9b:1d:1c:6a:ab:58:dd:32:09:d2:
-         67:c2:eb:27:18:8e:70:31:58:c2:f1:20:06:98:ac:39:5a:c2:
-         0b:43:60:a8:74:35:b1:32:bd:83:4b:df:db:18:46:e1:ac:7e:
-         13:4a:09:6b:05:98:7a:98:e9:e0:1a:1d:a7:88:34:c6:4b:06:
-         14:69:78:8d:29:83:c2:ee:52:af:00:a3:4d:d8:61:04:5a:0c:
-         e5:62:f4:c7:ac:8a:f3:7d:90:10:08:7c:15:d1:37:01:3c:bc:
-         89:f8:60:24
+    Signature Value:
+        6e:e1:82:63:6d:12:37:10:55:48:1b:9a:15:95:0d:7b:25:3a:
+        46:59:ed:a0:57:cb:f5:fa:01:66:f8:a7:12:0a:a0:0e:8d:e1:
+        66:d5:83:46:0f:06:d3:47:2b:f9:0b:e3:b6:d8:8e:f2:2e:4c:
+        cd:74:a6:6d:90:51:62:58:4e:f2:a1:0a:ae:22:03:a2:1d:69:
+        ff:ab:05:62:5e:d2:89:a7:9f:67:11:f9:13:47:0a:8c:e9:56:
+        6e:88:38:50:df:53:20:47:6f:33:79:d1:a2:dc:f0:42:a6:10:
+        9b:9e:c0:93:4a:06:51:09:9e:1a:b1:c2:49:46:dd:4d:60:19:
+        d3:eb:5d:75:9f:9d:eb:c7:80:d8:4b:b1:72:6f:7c:99:0a:c3:
+        dc:96:13:03:60:2d:27:a3:b0:f0:2f:3c:83:fe:90:38:87:84:
+        fe:36:7d:c3:38:23:b2:a9:77:f9:9c:27:9e:67:2d:5e:98:ca:
+        e8:c6:59:c6:74:2f:19:42:08:52:e8:c2:ff:48:f4:8f:14:04:
+        ed:3e:6b:88:fb:d2:f7:b8:75:c6:27:f3:71:43:7c:ab:41:ad:
+        01:e4:13:51:f5:27:4f:7f:e6:c4:bb:5b:85:70:21:ac:75:ac:
+        2b:66:82:de:49:68:e4:00:1d:dc:54:d5:8f:d0:ad:19:c5:df:
+        38:69:af:fc
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRy1JQ0E3
 LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -78,12 +78,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUEuSkGYWuhbfW62ME1bmwfldfDBYwgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEAGIzc8OIUuDNo7ade+RJyk1igkSrVh3chJOm2r9Ov
-VYsxHKi7OjCUu6rUXrsX0ZNXUeYy8MfmdoYGbccqNcKjL1TWv7ElfuQLGt1izjTV
-GLRN0HZS1GMAi5ByTnf/wRu/MdFt0nVpWgymskLnl8mhR1AWie4g7ufAyAZ/XlUK
-eZDtLRGDSSPwiQjLnIRu9Wv+siwWDnTZqDWbHRxqq1jdMgnSZ8LrJxiOcDFYwvEg
-BpisOVrCC0NgqHQ1sTK9g0vf2xhG4ax+E0oJawWYepjp4Bodp4g0xksGFGl4jSmD
-wu5SrwCjTdhhBFoM5WL0x6yK832QEAh8FdE3ATy8ifhgJA==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAbuGCY20SNxBVSBuaFZUNeyU6RlntoFfL9foBZvin
+EgqgDo3hZtWDRg8G00cr+QvjttiO8i5MzXSmbZBRYlhO8qEKriIDoh1p/6sFYl7S
+iaefZxH5E0cKjOlWbog4UN9TIEdvM3nRotzwQqYQm57Ak0oGUQmeGrHCSUbdTWAZ
+0+tddZ+d68eA2Euxcm98mQrD3JYTA2AtJ6Ow8C88g/6QOIeE/jZ9wzgjsql3+Zwn
+nmctXpjK6MZZxnQvGUIIUujC/0j0jxQE7T5riPvS97h1xifzcUN8q0GtAeQTUfUn
+T3/mxLtbhXAhrHWsK2aC3klo5AAd3FTVj9CtGcXfOGmv/A==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-assembled.pem b/certs/test-pathlen/chainG-assembled.pem
index c8990912a..d4d4e749b 100644
--- a/certs/test-pathlen/chainG-assembled.pem
+++ b/certs/test-pathlen/chainG-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:7b:82:23:a2:34:e7:cb:89:4e:64:cc:f2:98:
                     c8:65:8f:e2:69:55:54:4b:3c:8b:c0:1f:67:37:7f:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:47:C0:19:4B:ED:C4:DA:97:B1:60:EA:5A:0A:42:6D:A5:D3:D8:25:31
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         27:b7:93:b7:fd:71:ab:7c:a5:a2:8e:e7:4c:77:67:4c:f2:28:
-         b7:82:bb:4a:85:95:bf:84:57:04:49:ac:be:02:cc:6b:fd:0f:
-         d8:66:c8:a0:eb:40:55:cf:a1:e3:d1:e0:fe:9a:40:b5:2e:ee:
-         b2:bf:48:fa:20:57:fd:c7:df:de:68:8f:82:5d:58:ec:25:0a:
-         a8:97:73:dc:e6:66:f5:49:64:9a:e9:b1:e2:86:4e:d1:04:59:
-         0f:32:e1:c5:dd:d4:39:b0:ad:e9:cc:ad:87:ef:ab:8e:fe:74:
-         4c:7e:b2:cb:41:3c:54:ed:b7:8d:4b:fd:97:6e:26:22:32:9e:
-         94:26:aa:45:7d:65:c1:c8:10:67:63:09:09:42:04:04:9d:0c:
-         53:bb:18:f6:ce:af:dc:e7:63:d4:c8:bb:b4:6a:86:52:45:6a:
-         96:a1:54:3d:8c:25:7d:1a:b1:16:65:7a:8b:ec:01:fa:c4:73:
-         98:49:3c:c3:18:2f:48:3e:45:10:45:c0:85:2c:16:88:65:2b:
-         02:0b:0b:02:67:d2:2a:1d:bd:66:14:f5:8d:d1:8e:f8:eb:7a:
-         b5:db:4e:f7:ce:fa:6f:67:a0:a2:6b:37:85:7a:f7:34:8a:71:
-         9a:e5:34:2a:fd:6a:4a:ec:3e:38:e3:30:89:f3:e6:c4:a9:a6:
-         a4:79:35:9b
+    Signature Value:
+        7a:13:a7:3c:50:c4:18:3d:cf:ee:9c:df:1b:50:59:cf:19:66:
+        5e:a6:d7:21:e8:38:e9:c1:74:73:1b:40:44:47:42:40:58:e4:
+        1b:0c:c1:61:10:9b:f7:4a:9c:7e:43:7e:23:2c:59:0f:a2:61:
+        4e:36:c7:95:af:64:a9:52:05:d0:87:87:54:63:6f:5f:14:97:
+        45:a2:85:ff:eb:d1:61:53:de:9e:30:0d:66:96:dd:cf:c1:ae:
+        9d:4d:f6:01:52:18:63:69:64:2b:7f:35:b9:91:50:83:e3:8b:
+        47:82:6e:bc:16:50:5f:1f:ea:5f:74:e0:e8:f7:6f:41:49:ed:
+        ca:d8:48:95:f4:6c:ba:2f:27:b7:fc:03:08:c5:61:72:b0:25:
+        63:56:08:1f:70:01:3b:65:48:7b:d6:04:77:5a:c0:60:af:a8:
+        0e:99:7a:9f:5c:6b:b3:d4:a0:d7:48:4d:7b:68:e5:52:1f:e8:
+        c3:d8:3d:6c:81:9e:96:1e:57:b1:cd:d7:01:80:76:df:3a:99:
+        7a:84:57:35:a8:ae:70:04:bd:62:64:39:88:17:be:f1:7a:5d:
+        c6:cf:d0:90:88:65:81:ae:e0:51:3a:b5:a9:90:68:56:2e:aa:
+        78:61:86:7a:89:9c:77:94:9b:37:4e:43:24:e5:f6:6a:2a:b4:
+        55:71:74:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkctZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBRHwBlL7cTal7Fg6loKQm2l09glMaGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACe3k7f9
-cat8paKO50x3Z0zyKLeCu0qFlb+EVwRJrL4CzGv9D9hmyKDrQFXPoePR4P6aQLUu
-7rK/SPogV/3H395oj4JdWOwlCqiXc9zmZvVJZJrpseKGTtEEWQ8y4cXd1DmwrenM
-rYfvq47+dEx+sstBPFTtt41L/ZduJiIynpQmqkV9ZcHIEGdjCQlCBASdDFO7GPbO
-r9znY9TIu7RqhlJFapahVD2MJX0asRZleovsAfrEc5hJPMMYL0g+RRBFwIUsFohl
-KwILCwJn0iodvWYU9Y3RjvjrerXbTvfO+m9noKJrN4V69zSKcZrlNCr9akrsPjjj
-MInz5sSppqR5NZs=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHoTpzxQ
+xBg9z+6c3xtQWc8ZZl6m1yHoOOnBdHMbQERHQkBY5BsMwWEQm/dKnH5DfiMsWQ+i
+YU42x5WvZKlSBdCHh1Rjb18Ul0Wihf/r0WFT3p4wDWaW3c/Brp1N9gFSGGNpZCt/
+NbmRUIPji0eCbrwWUF8f6l904Oj3b0FJ7crYSJX0bLovJ7f8AwjFYXKwJWNWCB9w
+ATtlSHvWBHdawGCvqA6Zep9ca7PUoNdITXto5VIf6MPYPWyBnpYeV7HN1wGAdt86
+mXqEVzWornAEvWJkOYgXvvF6XcbP0JCIZYGu4FE6tamQaFYuqnhhhnqJnHeUmzdO
+QyTl9moqtFVxdGo=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d2:26:be:51:98:42:e0:1f:ae:fc:c2:cb:ba:d5:
                     0f:44:3b:0b:60:d8:49:ec:03:43:6b:06:ce:f2:28:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:E1:E6:9B:28:CF:FD:AB:45:C1:B7:A7:C4:C9:58:FC:41:E3:1A:5C:74
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA3-pathlen99/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6e:12:75:fb:ac:2b:b3:b5:f3:f8:0c:2b:61:c3:22:c0:1f:16:
-         cf:36:8c:b2:fc:be:83:ad:81:3d:e9:4e:76:e3:85:db:34:b4:
-         b1:a6:ed:fe:82:ee:b2:7c:64:14:e4:1f:d6:fb:16:3e:36:d7:
-         a1:f3:99:99:7c:48:96:50:d0:e4:29:43:42:93:7c:8e:24:fc:
-         ba:6b:89:1c:1b:c8:39:d2:62:5e:7f:ac:0c:e8:7d:f4:90:94:
-         a3:dc:5d:d4:25:60:07:6f:97:6c:a1:4f:5a:ec:84:70:46:de:
-         4d:74:a8:5c:48:32:94:6d:69:81:65:c6:c4:ef:3e:31:fc:40:
-         f5:5c:10:29:23:49:a7:ca:27:27:33:ed:3f:65:1a:95:f0:57:
-         5a:32:19:b4:4d:66:c5:19:15:4b:a9:79:c9:fb:cd:02:57:04:
-         c2:33:6d:6c:85:67:14:16:7a:d2:32:a0:66:c4:b9:0d:43:bd:
-         57:52:27:da:af:f1:df:68:27:74:b9:dd:d3:3c:ba:79:d0:46:
-         2c:91:fc:1c:65:a4:3a:ea:82:25:c9:b1:2f:7d:78:85:62:1f:
-         a4:4c:69:fc:a3:95:c3:0a:ce:ed:10:24:ec:f7:17:bf:22:42:
-         44:ac:0d:77:a1:3d:9d:d0:fb:03:1b:b7:79:8a:ba:6e:3c:a4:
-         3e:1c:0a:54
+    Signature Value:
+        10:ac:6a:7c:e3:78:f4:f0:6d:a5:c2:6f:6b:af:ef:eb:dd:98:
+        c5:ae:75:82:95:16:cb:c8:76:4e:84:44:d3:fd:6e:69:37:5c:
+        db:5a:f6:59:f1:a1:bb:5f:50:b9:6e:3d:b6:12:21:cb:14:91:
+        8e:b0:9c:35:96:38:b4:0d:51:4a:a7:a7:d2:23:54:82:04:96:
+        fb:8f:34:84:80:87:ac:b5:f9:3f:6f:ec:1d:c6:8b:ee:1a:ee:
+        d8:e2:d8:b5:e0:b6:b6:92:97:fb:c9:cf:67:e1:9a:40:ee:8d:
+        54:24:1a:cb:5b:1b:0b:6a:83:9d:cf:a6:3b:ec:41:96:f5:cb:
+        fe:87:52:23:66:67:4a:48:7f:3b:5a:d1:63:c7:c6:40:fd:41:
+        51:8e:86:3a:5f:34:50:cd:56:ce:de:1a:ab:a0:87:08:b4:b3:
+        89:fe:b3:64:11:be:c3:f7:81:f1:b4:c1:9d:c3:ce:72:49:d3:
+        c4:d2:33:0a:db:f1:85:76:69:2f:94:f8:59:77:b7:c8:ff:4c:
+        69:b9:68:bb:ee:ff:a1:17:cb:d9:7d:5a:8f:bb:a7:93:ed:e6:
+        dd:60:8d:25:31:5d:90:51:74:24:c3:8f:62:90:02:f8:db:ad:
+        fd:e9:0a:fd:c2:ad:6a:2f:83:4f:8b:49:7d:c8:60:6d:98:57:
+        43:15:f1:3a
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkctSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ ojELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHjAcBgNVBAMMFWNoYWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbhJ1+6wrs7Xz+AwrYcMiwB8WzzaMsvy+
-g62BPelOduOF2zS0sabt/oLusnxkFOQf1vsWPjbXofOZmXxIllDQ5ClDQpN8jiT8
-umuJHBvIOdJiXn+sDOh99JCUo9xd1CVgB2+XbKFPWuyEcEbeTXSoXEgylG1pgWXG
-xO8+MfxA9VwQKSNJp8onJzPtP2UalfBXWjIZtE1mxRkVS6l5yfvNAlcEwjNtbIVn
-FBZ60jKgZsS5DUO9V1In2q/x32gndLnd0zy6edBGLJH8HGWkOuqCJcmxL314hWIf
-pExp/KOVwwrO7RAk7PcXvyJCRKwNd6E9ndD7Axu3eYq6bjykPhwKVA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAEKxqfON49PBtpcJva6/v692Yxa51gpUW
+y8h2ToRE0/1uaTdc21r2WfGhu19QuW49thIhyxSRjrCcNZY4tA1RSqen0iNUggSW
++480hICHrLX5P2/sHcaL7hru2OLYteC2tpKX+8nPZ+GaQO6NVCQay1sbC2qDnc+m
+O+xBlvXL/odSI2ZnSkh/O1rRY8fGQP1BUY6GOl80UM1Wzt4aq6CHCLSzif6zZBG+
+w/eB8bTBncPOcknTxNIzCtvxhXZpL5T4WXe3yP9Mablou+7/oRfL2X1aj7unk+3m
+3WCNJTFdkFF0JMOPYpAC+Nut/ekK/cKtai+DT4tJfchgbZhXQxXxOg==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:3e:de:b9:f9:a9:d7:8e:7a:4b:f2:f1:8c:f9:
                     3b:1c:ce:59:31:4c:57:0c:2e:8a:0f:90:f0:dc:27:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:C1:CD:1F:81:13:82:24:3B:CF:64:51:7A:4C:E3:65:2E:75:1E:01:23
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA4-pathlen5/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         50:65:9b:1d:8b:6a:ae:9b:d4:f1:ff:57:ac:51:48:fd:c8:9e:
-         19:bb:b2:00:bf:54:ee:c8:d4:2f:eb:5b:ff:17:1e:7c:aa:1d:
-         d4:01:9f:e8:cb:c4:8c:e5:ee:99:04:33:e8:16:3a:fc:44:bd:
-         56:a5:45:e7:e9:fb:88:25:11:4b:07:73:5d:37:21:47:47:9d:
-         f8:e0:89:e0:e4:c0:6a:f4:64:25:e7:b7:d9:47:53:ff:d5:6f:
-         f3:e4:8d:b2:33:f6:ce:46:5b:80:82:8f:05:18:f4:bc:90:5a:
-         af:4a:7f:9d:67:08:f7:41:27:05:c5:34:46:03:fc:14:2e:4e:
-         81:f3:ca:3d:67:9e:a9:53:ec:5b:df:38:d4:b5:92:3d:55:94:
-         df:88:be:a1:e7:14:18:a2:9d:22:5d:10:69:f8:54:c3:a9:14:
-         ef:8e:af:e1:8a:f8:cd:6d:7e:26:30:2c:40:bc:50:49:e5:9f:
-         bc:8f:de:30:23:93:c4:25:b3:e6:fb:b5:64:82:57:41:ac:79:
-         1e:58:9e:6c:67:dc:18:ed:c4:60:79:06:b1:ee:9f:4c:2c:a3:
-         9c:61:d7:77:33:b5:64:50:65:88:33:a0:30:57:99:0f:a9:aa:
-         a7:b3:a8:0d:b1:c5:ce:5a:34:a8:31:47:e4:66:62:b2:11:0e:
-         b9:58:4f:06
+    Signature Value:
+        98:19:29:17:65:3d:c1:a4:8c:35:ae:dc:7f:28:6f:09:9e:4a:
+        02:60:70:d6:5d:bb:6a:44:23:38:28:59:63:3d:a8:38:3c:17:
+        2b:a4:73:67:b7:a8:3e:b1:ea:8d:50:f8:8f:89:d9:72:4c:59:
+        d3:48:b6:3a:52:f4:e5:b7:3d:9f:10:71:9e:7c:b1:1b:9b:f7:
+        9c:03:97:49:0d:0f:3b:23:58:a1:20:4e:39:cb:c8:26:04:57:
+        32:a9:74:cf:dd:f2:e4:dd:03:cd:e5:0d:5d:95:16:a8:06:7a:
+        c3:00:c7:ae:dc:37:a9:b4:3e:32:cf:b3:a4:ba:1f:7a:74:74:
+        29:c2:e5:9c:ee:11:85:b6:2d:10:83:35:c1:de:dc:89:7b:ca:
+        63:ac:89:b7:02:20:77:b1:0f:3e:02:c7:b2:e6:d4:51:e4:76:
+        47:b7:bc:94:fc:7f:61:22:5a:3c:3a:9b:bd:b2:d0:b7:ee:3a:
+        f5:b4:33:85:3b:d6:5b:17:8f:24:60:0b:66:6f:6a:2e:64:bb:
+        a1:0e:4c:18:14:09:ba:01:02:6a:20:ad:75:a1:2d:c1:cb:4b:
+        65:37:38:ac:33:9a:bd:df:1f:02:4a:df:a9:a2:68:a2:87:37:
+        dc:ca:7f:b1:a6:ae:ee:f8:3f:77:bf:6c:6b:b0:9b:73:9d:ef:
+        46:d3:bb:13
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTItcGF0aGxlbjExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -256,12 +256,12 @@ gaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR0wGwYDVQQDDBRjaGFpbkctSUNBNC1wYXRobGVuNTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAUGWbHYtqrpvU8f9XrFFI/cieGbuyAL9U
-7sjUL+tb/xcefKod1AGf6MvEjOXumQQz6BY6/ES9VqVF5+n7iCURSwdzXTchR0ed
-+OCJ4OTAavRkJee32UdT/9Vv8+SNsjP2zkZbgIKPBRj0vJBar0p/nWcI90EnBcU0
-RgP8FC5OgfPKPWeeqVPsW9841LWSPVWU34i+oecUGKKdIl0QafhUw6kU746v4Yr4
-zW1+JjAsQLxQSeWfvI/eMCOTxCWz5vu1ZIJXQax5HliebGfcGO3EYHkGse6fTCyj
-nGHXdzO1ZFBliDOgMFeZD6mqp7OoDbHFzlo0qDFH5GZishEOuVhPBg==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmBkpF2U9waSMNa7cfyhvCZ5KAmBw1l27
+akQjOChZYz2oODwXK6RzZ7eoPrHqjVD4j4nZckxZ00i2OlL05bc9nxBxnnyxG5v3
+nAOXSQ0POyNYoSBOOcvIJgRXMql0z93y5N0DzeUNXZUWqAZ6wwDHrtw3qbQ+Ms+z
+pLofenR0KcLlnO4RhbYtEIM1wd7ciXvKY6yJtwIgd7EPPgLHsubUUeR2R7e8lPx/
+YSJaPDqbvbLQt+469bQzhTvWWxePJGALZm9qLmS7oQ5MGBQJugECaiCtdaEtwctL
+ZTc4rDOavd8fAkrfqaJoooc33Mp/saau7vg/d79sa7Cbc53vRtO7Ew==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ac:f1:39:65:f7:9c:9d:f6:f0:d2:b7:18:16:24:
                     81:32:b7:a5:29:d6:f7:4e:31:38:a7:54:d6:eb:07:
@@ -303,33 +303,33 @@ Certificate:
                 keyid:D4:92:AE:BD:3B:1C:66:4B:17:88:18:15:F8:27:AB:38:CC:07:5A:65
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA5-pathlen20/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:99
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:ad:52:52:31:8c:12:70:07:6c:05:83:b3:84:cf:c2:64:da:
-         43:d2:cc:6c:db:ef:a5:ae:9b:44:96:4e:fe:fd:b9:61:56:59:
-         e2:f2:52:c8:1b:52:2c:36:79:5d:6a:83:a1:c8:03:9a:7a:80:
-         4f:ee:9d:48:87:f4:cb:9b:5e:84:c8:f8:b8:0c:77:e1:cb:40:
-         ac:28:eb:58:07:e4:06:a7:50:e2:44:48:bc:a3:2f:5d:f1:fa:
-         0c:4d:1d:84:0a:57:e5:0c:b9:bb:41:b9:12:17:09:25:9f:99:
-         02:6b:9e:83:fb:07:f8:3f:59:b2:04:62:b7:12:e7:61:8b:48:
-         a7:cc:29:ce:11:f9:7c:64:dd:5c:51:d3:ac:0c:54:4b:22:7e:
-         29:de:98:50:80:f8:1a:65:64:3c:fb:a6:07:bb:e8:b1:a4:e8:
-         f1:7b:07:fd:e2:50:07:67:f5:7a:fa:76:4d:1c:7f:1a:e3:52:
-         ad:13:a6:b5:89:9e:f5:11:68:12:13:dc:59:86:9d:f9:83:18:
-         52:ee:09:24:6a:37:e9:85:95:ac:93:09:23:09:0e:f3:66:a8:
-         85:ee:d1:e4:40:01:f3:c2:c3:1f:48:74:76:2b:7e:4c:9b:a9:
-         a2:2f:c8:7c:74:60:2d:98:e8:63:09:cf:8f:a8:c8:8a:7f:c4:
-         d4:f3:34:ad
+    Signature Value:
+        03:3a:72:4d:48:13:39:45:02:48:80:fe:e2:b0:6f:69:90:fe:
+        ce:79:e0:76:b2:10:0c:a3:f7:99:3d:3c:76:de:27:83:e3:bc:
+        bd:a7:f0:c7:80:d8:db:0d:2b:04:fc:14:6b:4e:3f:6d:96:a6:
+        af:8f:be:eb:d9:cc:ec:92:15:06:cc:d6:eb:91:11:20:40:45:
+        9f:08:fe:19:fb:c5:ac:07:9d:9c:a5:ae:2e:01:d7:0a:02:a0:
+        1d:cf:62:e6:79:47:e4:57:21:1e:ed:9d:5b:94:d7:3f:4e:6a:
+        59:54:ec:29:bd:98:54:72:9c:b9:83:ac:09:b8:97:b1:c1:2e:
+        6b:c3:0b:5f:78:fa:46:d0:bf:8c:70:91:85:ec:17:93:54:f4:
+        b9:80:fc:4c:cd:ad:3f:ae:84:40:97:d0:ed:32:5f:de:09:55:
+        7c:26:bf:e6:85:27:09:77:1c:63:ce:3e:5c:3b:64:f8:d8:b7:
+        6c:74:e0:c9:eb:13:9b:2c:12:2f:02:ec:e3:e7:82:ef:a1:fe:
+        eb:93:39:d6:73:88:00:7f:15:af:ad:50:66:65:a1:15:41:22:
+        ce:0f:52:44:d4:82:9c:7c:9b:33:3d:bc:f8:5b:05:e4:5b:69:
+        db:11:00:41:d3:30:90:34:f2:74:0e:f5:d8:67:be:2e:70:f6:
+        e5:8f:0c:6d
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0E0LXBhdGhsZW41MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaIxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaIxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR4wHAYDVQQD
 DBVjaGFpbkctSUNBMy1wYXRobGVuOTkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -345,12 +345,12 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNS1wYXRobGVuMjAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBYzALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAutUlIxjBJwB2wFg7OEz8Jk2kPSzGzb
-76Wum0SWTv79uWFWWeLyUsgbUiw2eV1qg6HIA5p6gE/unUiH9MubXoTI+LgMd+HL
-QKwo61gH5AanUOJESLyjL13x+gxNHYQKV+UMubtBuRIXCSWfmQJrnoP7B/g/WbIE
-YrcS52GLSKfMKc4R+Xxk3VxR06wMVEsifinemFCA+BplZDz7pge76LGk6PF7B/3i
-UAdn9Xr6dk0cfxrjUq0TprWJnvURaBIT3FmGnfmDGFLuCSRqN+mFlayTCSMJDvNm
-qIXu0eRAAfPCwx9IdHYrfkybqaIvyHx0YC2Y6GMJz4+oyIp/xNTzNK0=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAM6ck1IEzlFAkiA/uKwb2mQ/s554Hay
+EAyj95k9PHbeJ4PjvL2n8MeA2NsNKwT8FGtOP22Wpq+PvuvZzOySFQbM1uuRESBA
+RZ8I/hn7xawHnZylri4B1woCoB3PYuZ5R+RXIR7tnVuU1z9OallU7Cm9mFRynLmD
+rAm4l7HBLmvDC194+kbQv4xwkYXsF5NU9LmA/EzNrT+uhECX0O0yX94JVXwmv+aF
+Jwl3HGPOPlw7ZPjYt2x04MnrE5ssEi8C7OPngu+h/uuTOdZziAB/Fa+tUGZloRVB
+Is4PUkTUgpx8mzM9vPhbBeRbadsRAEHTMJA08nQO9dhnvi5w9uWPDG0=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -359,12 +359,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:4b:a0:77:b8:42:43:96:e1:f4:8d:1d:a6:2c:
                     d8:12:a2:40:49:11:eb:5f:fb:6c:1d:15:3e:af:dd:
@@ -392,33 +392,33 @@ Certificate:
                 keyid:1D:51:80:B6:9A:A7:AC:DD:80:7B:4B:A2:0B:62:BE:E4:87:30:C7:CA
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA6-pathlen10/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:5
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a6:f3:32:99:ee:fd:de:b1:46:ad:68:a7:6f:d8:55:91:63:2d:
-         07:ce:91:2f:e3:ff:8f:03:e3:cf:c2:33:76:91:33:5f:13:70:
-         10:e4:e2:3b:70:02:fc:d2:7d:39:d2:1a:1e:82:2d:40:d8:a7:
-         bb:69:19:51:fb:c1:32:41:e5:cf:4f:39:f6:f8:dd:b4:cb:f2:
-         11:3e:dc:8d:c7:a6:90:27:14:4b:28:6f:20:9a:58:92:3a:42:
-         8c:c7:40:36:b5:c0:4a:7e:27:0b:37:a7:71:e4:fd:f4:8d:24:
-         8d:fe:3d:4a:59:4e:7e:86:02:f2:e2:09:95:59:ca:19:b9:23:
-         84:1e:c6:14:d9:c4:05:7a:93:77:b4:4a:f4:91:75:3f:89:43:
-         8b:b1:5f:a5:36:0a:2a:b0:a1:7b:8f:33:01:92:4d:c1:d9:51:
-         98:a3:1b:14:f9:34:8e:7c:db:a5:5c:2c:b2:cd:23:b6:f6:65:
-         25:aa:2c:5c:cc:38:49:b2:77:aa:8f:73:3b:00:1f:33:94:43:
-         fd:c2:34:ba:ee:ac:7d:0d:62:58:72:4d:ea:78:29:b5:b1:29:
-         99:70:8c:00:22:1c:a3:93:ca:cd:c8:02:21:57:2d:19:fd:a7:
-         fb:c7:1c:12:0c:49:04:73:4c:7e:dd:9f:9e:1c:5b:e4:2a:53:
-         b6:cf:7e:c4
+    Signature Value:
+        29:f0:28:23:e3:5b:7c:79:38:4f:54:fc:55:b5:0b:2a:32:2d:
+        a3:0f:21:95:80:74:dc:20:d1:21:97:ac:da:31:8c:e0:5f:c5:
+        a0:78:b9:3c:a9:33:5d:9b:28:5d:2a:fa:7f:99:30:3c:d4:74:
+        dd:64:b0:69:24:6e:5f:0d:df:29:93:e0:ca:b2:24:fd:fc:a8:
+        0f:21:ae:a7:f7:32:5d:bc:c0:88:d0:0c:37:6d:58:3b:2f:25:
+        cc:eb:d6:38:9d:4b:88:32:db:55:b3:18:a3:ad:e3:d6:cd:58:
+        40:6e:63:52:b6:bb:fd:55:99:5f:29:83:75:a0:33:25:bc:4a:
+        3f:8c:89:12:3e:3e:37:b5:56:27:3a:34:a1:61:b5:b0:4a:6c:
+        da:fd:ac:a1:c7:8c:88:fb:3a:4e:2e:ec:4c:0c:6b:3e:e9:11:
+        52:00:d4:77:ab:5a:1b:69:1b:cc:d8:85:57:d6:87:34:5b:8f:
+        db:fb:d6:1c:6a:47:61:64:4c:ef:f9:11:12:35:53:0a:64:52:
+        ac:0b:71:19:64:2d:56:85:ee:fa:11:42:49:c2:10:5c:06:20:
+        5b:66:9a:ef:5c:6b:1d:a9:12:86:7c:f9:44:6b:31:91:a0:5c:
+        ce:2f:ee:8f:7e:9b:ef:3c:dd:80:af:70:df:16:6d:91:73:0a:
+        42:31:af:82
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E1LXBhdGhsZW4yMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTQtcGF0aGxlbjUxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -434,12 +434,12 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNi1wYXRobGVuMTAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBBTALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKbzMpnu/d6xRq1op2/YVZFjLQfOkS/j
-/48D48/CM3aRM18TcBDk4jtwAvzSfTnSGh6CLUDYp7tpGVH7wTJB5c9POfb43bTL
-8hE+3I3HppAnFEsobyCaWJI6QozHQDa1wEp+Jws3p3Hk/fSNJI3+PUpZTn6GAvLi
-CZVZyhm5I4QexhTZxAV6k3e0SvSRdT+JQ4uxX6U2CiqwoXuPMwGSTcHZUZijGxT5
-NI5826VcLLLNI7b2ZSWqLFzMOEmyd6qPczsAHzOUQ/3CNLrurH0NYlhyTep4KbWx
-KZlwjAAiHKOTys3IAiFXLRn9p/vHHBIMSQRzTH7dn54cW+QqU7bPfsQ=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBACnwKCPjW3x5OE9U/FW1CyoyLaMPIZWA
+dNwg0SGXrNoxjOBfxaB4uTypM12bKF0q+n+ZMDzUdN1ksGkkbl8N3ymT4MqyJP38
+qA8hrqf3Ml28wIjQDDdtWDsvJczr1jidS4gy21WzGKOt49bNWEBuY1K2u/1VmV8p
+g3WgMyW8Sj+MiRI+Pje1Vic6NKFhtbBKbNr9rKHHjIj7Ok4u7EwMaz7pEVIA1Her
+WhtpG8zYhVfWhzRbj9v71hxqR2FkTO/5ERI1UwpkUqwLcRlkLVaF7voRQknCEFwG
+IFtmmu9cax2pEoZ8+URrMZGgXM4v7o9+m+883YCvcN8WbZFzCkIxr4I=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -448,12 +448,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:be:9d:98:a2:41:ca:64:1f:a2:34:dc:51:7d:49:
                     2b:f7:f8:7a:fc:1a:22:8d:3a:17:8e:00:9c:74:06:
@@ -481,33 +481,33 @@ Certificate:
                 keyid:14:07:E8:A7:3A:A2:9C:DD:4C:30:B0:4D:F0:00:C4:88:C4:39:DF:73
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA7-pathlen100/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:20
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         d9:f9:09:10:86:29:c0:72:a4:93:87:4d:d3:79:ce:fa:f3:8a:
-         79:9a:d0:eb:6d:42:06:00:fc:2c:c3:fa:35:c5:b6:6d:a4:7f:
-         66:29:d2:ad:ed:50:a5:a8:1e:1b:24:db:f3:52:bf:54:b8:3f:
-         67:c2:be:f4:a4:fc:d2:77:74:a4:02:74:0d:fe:c5:e0:42:bd:
-         2b:7c:16:ae:a1:68:6f:e5:80:29:07:f3:5e:e4:0e:96:d2:ee:
-         cd:d2:82:00:22:a7:72:d7:c5:38:71:a0:ac:2a:38:03:c4:c1:
-         23:62:1e:fa:b3:24:32:0f:01:a4:64:a8:ab:79:60:55:77:da:
-         ca:76:00:14:2f:e0:e1:74:f9:72:e2:7d:aa:3d:6b:9f:50:ab:
-         72:31:40:4b:19:9d:b9:9a:12:de:db:15:c3:36:90:9d:48:6f:
-         7a:98:47:7a:65:a2:d5:5b:0c:f3:90:5d:dd:4e:1c:ba:72:b4:
-         ac:be:ca:1b:87:16:7f:f2:b0:33:9b:7a:26:37:eb:1f:cb:4d:
-         bf:c7:f1:01:80:b7:60:c4:ae:71:bb:ab:cc:bd:8a:ba:c4:23:
-         87:15:1e:b9:c7:6d:2d:44:fd:67:25:45:e2:cd:76:4d:87:a1:
-         80:e0:a2:e6:60:23:51:4d:17:b0:82:51:ef:0c:88:75:64:c1:
-         7b:8e:c2:29
+    Signature Value:
+        82:83:b0:69:a3:c1:19:0f:81:1d:53:ae:0d:44:60:ee:34:9a:
+        2b:58:3c:20:f1:ac:8d:ff:fe:8f:92:fe:ff:7a:bc:73:43:84:
+        c4:dd:63:3f:41:20:e9:5b:6d:da:4c:86:d9:7b:6c:41:1e:ab:
+        ad:4d:08:79:38:93:74:a0:ae:77:bb:13:7c:30:04:ca:92:b7:
+        b6:96:07:3f:ab:63:f2:2e:aa:87:b1:5a:55:76:a3:16:cc:3f:
+        36:a2:3a:07:e7:cb:5e:80:34:bf:7a:fa:df:8e:08:2b:24:b6:
+        d9:96:1f:3c:4f:be:9a:4b:88:45:e3:1b:64:f5:5f:f4:dd:24:
+        0b:de:e0:e8:16:b5:34:b4:79:0e:d2:f6:f1:62:91:db:63:c7:
+        a3:09:da:30:9e:10:3d:94:da:4a:3f:0f:c9:df:a8:39:e4:55:
+        eb:f8:34:e2:29:50:50:c7:65:32:67:93:3a:1d:e4:0b:ee:95:
+        fa:a5:55:a7:79:7d:7a:3f:51:1e:21:65:b8:70:13:80:c4:9d:
+        b4:73:c4:d1:75:86:4d:27:ed:e7:c2:0b:2a:d1:b4:cb:33:d6:
+        e1:82:2d:9a:cf:1b:34:77:80:32:f8:ff:2e:56:86:da:85:4e:
+        3e:88:02:e7:6b:cb:4a:5c:9e:7b:d5:9c:8f:9a:fe:6f:c0:b9:
+        85:11:21:db
 -----BEGIN CERTIFICATE-----
 MIIE1zCCA7+gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGiMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGiMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UE
 AwwVY2hhaW5HLUlDQTUtcGF0aGxlbjIwMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -523,12 +523,12 @@ MIGjMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
 U2VhdHRsZTEVMBMGA1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVl
 cmluZzEfMB0GA1UEAwwWY2hhaW5HLUlDQTctcGF0aGxlbjEwMDEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEUMAsGA1Ud
-DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA2fkJEIYpwHKkk4dN03nO+vOKeZrQ
-621CBgD8LMP6NcW2baR/ZinSre1QpageGyTb81K/VLg/Z8K+9KT80nd0pAJ0Df7F
-4EK9K3wWrqFob+WAKQfzXuQOltLuzdKCACKnctfFOHGgrCo4A8TBI2Ie+rMkMg8B
-pGSoq3lgVXfaynYAFC/g4XT5cuJ9qj1rn1CrcjFASxmduZoS3tsVwzaQnUhvephH
-emWi1VsM85Bd3U4cunK0rL7KG4cWf/KwM5t6JjfrH8tNv8fxAYC3YMSucburzL2K
-usQjhxUeucdtLUT9ZyVF4s12TYehgOCi5mAjUU0XsIJR7wyIdWTBe47CKQ==
+DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAgoOwaaPBGQ+BHVOuDURg7jSaK1g8
+IPGsjf/+j5L+/3q8c0OExN1jP0Eg6Vtt2kyG2XtsQR6rrU0IeTiTdKCud7sTfDAE
+ypK3tpYHP6tj8i6qh7FaVXajFsw/NqI6B+fLXoA0v3r6344IKyS22ZYfPE++mkuI
+ReMbZPVf9N0kC97g6Ba1NLR5DtL28WKR22PHownaMJ4QPZTaSj8Pyd+oOeRV6/g0
+4ilQUMdlMmeTOh3kC+6V+qVVp3l9ej9RHiFluHATgMSdtHPE0XWGTSft58ILKtG0
+yzPW4YItms8bNHeAMvj/LlaG2oVOPogC52vLSlyee9Wcj5r+b8C5hREh2w==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -537,12 +537,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e1:4f:c9:e7:30:ea:06:ff:65:cb:2b:6c:f1:a8:
                     ac:f6:cf:10:6b:80:7a:af:5e:42:0a:0d:61:be:6f:
@@ -570,33 +570,33 @@ Certificate:
                 keyid:12:E4:A4:19:85:AE:85:B7:D6:EB:63:04:D5:B9:B0:7E:57:5F:0C:16
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:10
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         74:9d:3a:da:91:b6:e0:2d:7d:89:b6:6d:16:7d:f0:28:ba:9f:
-         e5:52:a0:21:92:06:77:77:9a:9a:78:47:56:de:39:4d:64:43:
-         1c:e7:06:02:fd:00:42:1d:2d:71:ef:6e:a3:4f:39:1a:e9:fc:
-         8d:9c:94:32:60:a9:56:12:ee:69:7f:59:ef:30:5f:c4:d6:56:
-         26:1a:9a:bb:c4:ec:01:09:0a:e3:14:ab:44:41:08:75:2a:6b:
-         80:69:58:5d:2e:1a:2a:00:26:0c:b0:36:cd:fb:c1:87:7e:b8:
-         58:ce:4d:32:57:e5:62:2e:64:e3:c9:52:67:21:28:40:16:88:
-         b2:37:19:e0:93:c8:4c:ca:f9:2b:1d:2c:d9:91:82:ac:b4:79:
-         d9:90:79:e5:95:76:03:a2:6b:d8:ef:24:66:1d:a3:3b:6f:c6:
-         0c:95:f2:c3:59:37:f9:87:db:e6:a6:e5:f1:6f:70:92:60:e0:
-         6d:cd:b8:14:69:95:26:56:2c:cc:0e:7e:d4:39:dd:6e:44:32:
-         eb:27:15:00:0f:fa:02:60:32:a5:6c:69:f0:cd:31:c6:b8:ff:
-         1c:59:2f:0f:4d:28:9b:67:79:ea:4f:2c:a6:e0:f1:cf:19:3f:
-         4f:44:2c:61:2e:08:48:cb:11:e2:82:8a:c0:88:53:ad:6b:ba:
-         7e:d6:fa:61
+    Signature Value:
+        b2:a8:44:05:e8:64:53:f1:a8:c0:d3:ae:ec:58:41:a1:89:b1:
+        c3:b6:5c:ce:23:8a:62:e0:1e:d0:b6:e4:8b:bd:bb:3b:33:83:
+        27:b0:e6:e5:1b:c0:65:bd:4d:2d:bd:92:db:a1:c1:57:2a:05:
+        a1:4e:2d:98:fe:00:46:b9:ec:e9:9e:10:cb:3c:e4:84:3f:de:
+        4f:86:84:f6:12:37:67:6d:d2:c1:85:3b:da:aa:b4:43:68:9b:
+        30:b9:47:a9:04:70:74:b6:34:37:c0:dd:1c:60:a6:04:33:8e:
+        3b:d0:c8:cc:67:43:ef:79:56:09:bd:27:64:1d:a7:3e:a1:c9:
+        c9:29:99:5d:21:6a:d6:ee:2b:31:a0:f7:95:4e:8c:09:07:f5:
+        f7:64:ca:8e:47:4d:ce:08:1b:1c:a9:40:aa:d9:45:b2:ac:3f:
+        41:5f:d7:7c:ba:10:00:ba:1d:74:ea:45:3e:eb:df:10:4e:1b:
+        32:47:75:ae:c9:f3:d0:67:cc:01:89:ec:59:6a:d2:6a:00:5a:
+        5a:1d:62:4b:05:50:f0:ae:d3:9d:5e:13:89:c5:f1:3a:5f:29:
+        ac:90:5b:fa:09:3e:a0:35:1a:aa:47:39:17:82:74:c2:7f:f8:
+        05:4b:61:0d:19:f6:68:0f:9c:a5:9c:f2:56:16:28:d4:f1:a8:
+        80:5a:e9:d9
 -----BEGIN CERTIFICATE-----
 MIIEyTCCA7GgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRy1JQ0E3LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBojELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBojELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNV
 BAMMFWNoYWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -612,12 +612,12 @@ lzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
 ZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwDQYJKoZI
-hvcNAQELBQADggEBAHSdOtqRtuAtfYm2bRZ98Ci6n+VSoCGSBnd3mpp4R1beOU1k
-QxznBgL9AEIdLXHvbqNPORrp/I2clDJgqVYS7ml/We8wX8TWViYamrvE7AEJCuMU
-q0RBCHUqa4BpWF0uGioAJgywNs37wYd+uFjOTTJX5WIuZOPJUmchKEAWiLI3GeCT
-yEzK+SsdLNmRgqy0edmQeeWVdgOia9jvJGYdoztvxgyV8sNZN/mH2+am5fFvcJJg
-4G3NuBRplSZWLMwOftQ53W5EMusnFQAP+gJgMqVsafDNMca4/xxZLw9NKJtneepP
-LKbg8c8ZP09ELGEuCEjLEeKCisCIU61run7W+mE=
+hvcNAQELBQADggEBALKoRAXoZFPxqMDTruxYQaGJscO2XM4jimLgHtC25Iu9uzsz
+gyew5uUbwGW9TS29ktuhwVcqBaFOLZj+AEa57OmeEMs85IQ/3k+GhPYSN2dt0sGF
+O9qqtENomzC5R6kEcHS2NDfA3RxgpgQzjjvQyMxnQ+95Vgm9J2Qdpz6hyckpmV0h
+atbuKzGg95VOjAkH9fdkyo5HTc4IGxypQKrZRbKsP0Ff13y6EAC6HXTqRT7r3xBO
+GzJHda7J89BnzAGJ7Flq0moAWlodYksFUPCu051eE4nF8TpfKayQW/oJPqA1GqpH
+OReCdMJ/+AVLYQ0Z9mgPnKWc8lYWKNTxqIBa6dk=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -626,12 +626,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:8c:d6:c4:29:20:60:9d:15:3d:0c:2a:fb:24:
                     2f:38:89:ed:37:c4:fc:57:67:2a:50:d8:eb:e2:6a:
@@ -658,34 +658,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:100
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         18:8c:dc:f0:e2:14:b8:33:68:ed:a7:5e:f9:12:72:93:58:a0:
-         91:2a:d5:87:77:21:24:e9:b6:af:d3:af:55:8b:31:1c:a8:bb:
-         3a:30:94:bb:aa:d4:5e:bb:17:d1:93:57:51:e6:32:f0:c7:e6:
-         76:86:06:6d:c7:2a:35:c2:a3:2f:54:d6:bf:b1:25:7e:e4:0b:
-         1a:dd:62:ce:34:d5:18:b4:4d:d0:76:52:d4:63:00:8b:90:72:
-         4e:77:ff:c1:1b:bf:31:d1:6d:d2:75:69:5a:0c:a6:b2:42:e7:
-         97:c9:a1:47:50:16:89:ee:20:ee:e7:c0:c8:06:7f:5e:55:0a:
-         79:90:ed:2d:11:83:49:23:f0:89:08:cb:9c:84:6e:f5:6b:fe:
-         b2:2c:16:0e:74:d9:a8:35:9b:1d:1c:6a:ab:58:dd:32:09:d2:
-         67:c2:eb:27:18:8e:70:31:58:c2:f1:20:06:98:ac:39:5a:c2:
-         0b:43:60:a8:74:35:b1:32:bd:83:4b:df:db:18:46:e1:ac:7e:
-         13:4a:09:6b:05:98:7a:98:e9:e0:1a:1d:a7:88:34:c6:4b:06:
-         14:69:78:8d:29:83:c2:ee:52:af:00:a3:4d:d8:61:04:5a:0c:
-         e5:62:f4:c7:ac:8a:f3:7d:90:10:08:7c:15:d1:37:01:3c:bc:
-         89:f8:60:24
+    Signature Value:
+        6e:e1:82:63:6d:12:37:10:55:48:1b:9a:15:95:0d:7b:25:3a:
+        46:59:ed:a0:57:cb:f5:fa:01:66:f8:a7:12:0a:a0:0e:8d:e1:
+        66:d5:83:46:0f:06:d3:47:2b:f9:0b:e3:b6:d8:8e:f2:2e:4c:
+        cd:74:a6:6d:90:51:62:58:4e:f2:a1:0a:ae:22:03:a2:1d:69:
+        ff:ab:05:62:5e:d2:89:a7:9f:67:11:f9:13:47:0a:8c:e9:56:
+        6e:88:38:50:df:53:20:47:6f:33:79:d1:a2:dc:f0:42:a6:10:
+        9b:9e:c0:93:4a:06:51:09:9e:1a:b1:c2:49:46:dd:4d:60:19:
+        d3:eb:5d:75:9f:9d:eb:c7:80:d8:4b:b1:72:6f:7c:99:0a:c3:
+        dc:96:13:03:60:2d:27:a3:b0:f0:2f:3c:83:fe:90:38:87:84:
+        fe:36:7d:c3:38:23:b2:a9:77:f9:9c:27:9e:67:2d:5e:98:ca:
+        e8:c6:59:c6:74:2f:19:42:08:52:e8:c2:ff:48:f4:8f:14:04:
+        ed:3e:6b:88:fb:d2:f7:b8:75:c6:27:f3:71:43:7c:ab:41:ad:
+        01:e4:13:51:f5:27:4f:7f:e6:c4:bb:5b:85:70:21:ac:75:ac:
+        2b:66:82:de:49:68:e4:00:1d:dc:54:d5:8f:d0:ad:19:c5:df:
+        38:69:af:fc
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRy1JQ0E3
 LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -699,12 +699,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUEuSkGYWuhbfW62ME1bmwfldfDBYwgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEAGIzc8OIUuDNo7ade+RJyk1igkSrVh3chJOm2r9Ov
-VYsxHKi7OjCUu6rUXrsX0ZNXUeYy8MfmdoYGbccqNcKjL1TWv7ElfuQLGt1izjTV
-GLRN0HZS1GMAi5ByTnf/wRu/MdFt0nVpWgymskLnl8mhR1AWie4g7ufAyAZ/XlUK
-eZDtLRGDSSPwiQjLnIRu9Wv+siwWDnTZqDWbHRxqq1jdMgnSZ8LrJxiOcDFYwvEg
-BpisOVrCC0NgqHQ1sTK9g0vf2xhG4ax+E0oJawWYepjp4Bodp4g0xksGFGl4jSmD
-wu5SrwCjTdhhBFoM5WL0x6yK832QEAh8FdE3ATy8ifhgJA==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAbuGCY20SNxBVSBuaFZUNeyU6RlntoFfL9foBZvin
+EgqgDo3hZtWDRg8G00cr+QvjttiO8i5MzXSmbZBRYlhO8qEKriIDoh1p/6sFYl7S
+iaefZxH5E0cKjOlWbog4UN9TIEdvM3nRotzwQqYQm57Ak0oGUQmeGrHCSUbdTWAZ
+0+tddZ+d68eA2Euxcm98mQrD3JYTA2AtJ6Ow8C88g/6QOIeE/jZ9wzgjsql3+Zwn
+nmctXpjK6MZZxnQvGUIIUujC/0j0jxQE7T5riPvS97h1xifzcUN8q0GtAeQTUfUn
+T3/mxLtbhXAhrHWsK2aC3klo5AAd3FTVj9CtGcXfOGmv/A==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-entity.pem b/certs/test-pathlen/chainG-entity.pem
index e1b5a3075..a32e574b7 100644
--- a/certs/test-pathlen/chainG-entity.pem
+++ b/certs/test-pathlen/chainG-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:7b:82:23:a2:34:e7:cb:89:4e:64:cc:f2:98:
                     c8:65:8f:e2:69:55:54:4b:3c:8b:c0:1f:67:37:7f:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:47:C0:19:4B:ED:C4:DA:97:B1:60:EA:5A:0A:42:6D:A5:D3:D8:25:31
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         27:b7:93:b7:fd:71:ab:7c:a5:a2:8e:e7:4c:77:67:4c:f2:28:
-         b7:82:bb:4a:85:95:bf:84:57:04:49:ac:be:02:cc:6b:fd:0f:
-         d8:66:c8:a0:eb:40:55:cf:a1:e3:d1:e0:fe:9a:40:b5:2e:ee:
-         b2:bf:48:fa:20:57:fd:c7:df:de:68:8f:82:5d:58:ec:25:0a:
-         a8:97:73:dc:e6:66:f5:49:64:9a:e9:b1:e2:86:4e:d1:04:59:
-         0f:32:e1:c5:dd:d4:39:b0:ad:e9:cc:ad:87:ef:ab:8e:fe:74:
-         4c:7e:b2:cb:41:3c:54:ed:b7:8d:4b:fd:97:6e:26:22:32:9e:
-         94:26:aa:45:7d:65:c1:c8:10:67:63:09:09:42:04:04:9d:0c:
-         53:bb:18:f6:ce:af:dc:e7:63:d4:c8:bb:b4:6a:86:52:45:6a:
-         96:a1:54:3d:8c:25:7d:1a:b1:16:65:7a:8b:ec:01:fa:c4:73:
-         98:49:3c:c3:18:2f:48:3e:45:10:45:c0:85:2c:16:88:65:2b:
-         02:0b:0b:02:67:d2:2a:1d:bd:66:14:f5:8d:d1:8e:f8:eb:7a:
-         b5:db:4e:f7:ce:fa:6f:67:a0:a2:6b:37:85:7a:f7:34:8a:71:
-         9a:e5:34:2a:fd:6a:4a:ec:3e:38:e3:30:89:f3:e6:c4:a9:a6:
-         a4:79:35:9b
+    Signature Value:
+        7a:13:a7:3c:50:c4:18:3d:cf:ee:9c:df:1b:50:59:cf:19:66:
+        5e:a6:d7:21:e8:38:e9:c1:74:73:1b:40:44:47:42:40:58:e4:
+        1b:0c:c1:61:10:9b:f7:4a:9c:7e:43:7e:23:2c:59:0f:a2:61:
+        4e:36:c7:95:af:64:a9:52:05:d0:87:87:54:63:6f:5f:14:97:
+        45:a2:85:ff:eb:d1:61:53:de:9e:30:0d:66:96:dd:cf:c1:ae:
+        9d:4d:f6:01:52:18:63:69:64:2b:7f:35:b9:91:50:83:e3:8b:
+        47:82:6e:bc:16:50:5f:1f:ea:5f:74:e0:e8:f7:6f:41:49:ed:
+        ca:d8:48:95:f4:6c:ba:2f:27:b7:fc:03:08:c5:61:72:b0:25:
+        63:56:08:1f:70:01:3b:65:48:7b:d6:04:77:5a:c0:60:af:a8:
+        0e:99:7a:9f:5c:6b:b3:d4:a0:d7:48:4d:7b:68:e5:52:1f:e8:
+        c3:d8:3d:6c:81:9e:96:1e:57:b1:cd:d7:01:80:76:df:3a:99:
+        7a:84:57:35:a8:ae:70:04:bd:62:64:39:88:17:be:f1:7a:5d:
+        c6:cf:d0:90:88:65:81:ae:e0:51:3a:b5:a9:90:68:56:2e:aa:
+        78:61:86:7a:89:9c:77:94:9b:37:4e:43:24:e5:f6:6a:2a:b4:
+        55:71:74:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkctZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBRHwBlL7cTal7Fg6loKQm2l09glMaGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACe3k7f9
-cat8paKO50x3Z0zyKLeCu0qFlb+EVwRJrL4CzGv9D9hmyKDrQFXPoePR4P6aQLUu
-7rK/SPogV/3H395oj4JdWOwlCqiXc9zmZvVJZJrpseKGTtEEWQ8y4cXd1DmwrenM
-rYfvq47+dEx+sstBPFTtt41L/ZduJiIynpQmqkV9ZcHIEGdjCQlCBASdDFO7GPbO
-r9znY9TIu7RqhlJFapahVD2MJX0asRZleovsAfrEc5hJPMMYL0g+RRBFwIUsFohl
-KwILCwJn0iodvWYU9Y3RjvjrerXbTvfO+m9noKJrN4V69zSKcZrlNCr9akrsPjjj
-MInz5sSppqR5NZs=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHoTpzxQ
+xBg9z+6c3xtQWc8ZZl6m1yHoOOnBdHMbQERHQkBY5BsMwWEQm/dKnH5DfiMsWQ+i
+YU42x5WvZKlSBdCHh1Rjb18Ul0Wihf/r0WFT3p4wDWaW3c/Brp1N9gFSGGNpZCt/
+NbmRUIPji0eCbrwWUF8f6l904Oj3b0FJ7crYSJX0bLovJ7f8AwjFYXKwJWNWCB9w
+ATtlSHvWBHdawGCvqA6Zep9ca7PUoNdITXto5VIf6MPYPWyBnpYeV7HN1wGAdt86
+mXqEVzWornAEvWJkOYgXvvF6XcbP0JCIZYGu4FE6tamQaFYuqnhhhnqJnHeUmzdO
+QyTl9moqtFVxdGo=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA1-pathlen0.pem b/certs/test-pathlen/chainH-ICA1-pathlen0.pem
index 6ffe410d8..8c8d4a98a 100644
--- a/certs/test-pathlen/chainH-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainH-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c7:f4:a6:7e:f2:cb:4f:6e:04:18:d3:53:d5:cf:
                     bf:7e:97:d1:74:94:fe:db:ad:61:3f:12:20:67:f3:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:80:49:61:8C:1D:13:08:56:B5:42:68:D5:B2:EA:89:2C:B4:8B:05:87
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         84:70:f5:e6:36:95:d1:b9:43:99:0b:7e:a9:b1:2f:5a:4a:58:
-         3f:73:83:a1:90:9e:b5:86:10:fb:0e:46:22:38:92:f2:07:19:
-         20:c3:82:f0:8d:38:4f:39:38:6b:bc:43:15:fe:b4:c2:78:49:
-         d4:78:2e:6e:41:cb:f8:c6:ed:b9:8c:76:ad:b6:d4:68:fa:82:
-         55:cc:b2:60:d5:ce:8c:bb:7a:dd:19:29:4e:c8:c6:f8:2a:1a:
-         b4:e7:8e:31:e8:63:76:bf:6e:77:98:3e:98:70:18:fb:d7:f5:
-         cc:47:da:35:54:d8:77:6e:54:db:3c:b0:b8:81:f0:ae:e2:a1:
-         92:ea:c4:dd:0c:4b:fa:15:82:e0:4b:c8:cc:81:1d:54:2b:53:
-         c9:ed:06:00:28:e7:c5:37:d0:46:14:24:5c:6f:d4:a8:d9:c6:
-         e5:57:8d:0a:66:27:89:93:fc:c3:46:0c:40:b6:eb:f3:52:16:
-         d5:ed:21:ee:20:89:bd:ff:12:6d:7b:8e:7d:9d:1a:41:f4:0c:
-         1c:ef:2d:ee:82:cf:9b:ca:8e:3e:fa:6c:13:79:13:5a:93:c4:
-         d8:99:1a:88:f0:c7:4c:76:4e:e7:b9:f3:1a:ec:77:42:c8:60:
-         f8:f6:2a:50:df:16:fa:bc:00:06:57:23:a9:34:c5:6f:d9:82:
-         00:78:1b:58
+    Signature Value:
+        4f:4a:9c:ef:2f:a2:03:d7:1a:83:e0:cc:d5:72:f9:fc:f6:32:
+        20:b8:55:f2:91:5a:21:71:9e:14:e9:a5:65:11:d6:ed:45:9f:
+        b6:6b:b5:c1:92:83:7c:40:78:cc:cc:06:44:91:cf:8a:40:88:
+        1b:99:c3:64:4f:f4:56:33:a8:e5:92:79:37:06:85:6b:91:57:
+        b7:d3:fa:ef:b4:5a:ab:43:6f:e9:d0:12:54:53:77:21:57:59:
+        15:de:12:9b:18:d6:3e:3e:24:ab:ad:7d:aa:33:bb:b0:ed:f4:
+        20:14:d4:5b:22:aa:99:9b:8c:05:95:3a:7e:b9:03:da:e9:ba:
+        49:64:d7:89:9a:f4:2e:19:36:82:b0:0d:4e:18:6b:f7:3e:e2:
+        b1:a7:e2:0c:cd:d2:ae:d0:35:a5:31:3c:4e:2b:32:d3:89:7c:
+        ed:59:7e:c3:f5:a1:97:90:e5:34:7b:05:94:e5:83:32:84:55:
+        7d:27:28:91:e7:c1:c2:d6:6b:ad:4f:cf:22:ac:36:72:90:5b:
+        65:cd:e1:5f:12:73:ba:72:b9:f8:7f:f9:a5:6a:e0:69:44:54:
+        fd:41:10:2a:94:26:0d:0d:5e:55:e2:db:6f:ca:a2:e1:36:23:
+        e2:f1:82:b1:44:e8:9f:d0:b5:a8:d1:d7:51:fa:ed:63:3d:f8:
+        4e:68:23:d2
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCEcPXmNpXRuUOZC36psS9aSlg/c4OhkJ61
-hhD7DkYiOJLyBxkgw4LwjThPOThrvEMV/rTCeEnUeC5uQcv4xu25jHatttRo+oJV
-zLJg1c6Mu3rdGSlOyMb4Khq0544x6GN2v253mD6YcBj71/XMR9o1VNh3blTbPLC4
-gfCu4qGS6sTdDEv6FYLgS8jMgR1UK1PJ7QYAKOfFN9BGFCRcb9So2cblV40KZieJ
-k/zDRgxAtuvzUhbV7SHuIIm9/xJte459nRpB9Awc7y3ugs+byo4++mwTeRNak8TY
-mRqI8MdMdk7nufMa7HdCyGD49ipQ3xb6vAAGVyOpNMVv2YIAeBtY
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBPSpzvL6ID1xqD4MzVcvn89jIguFXykVoh
+cZ4U6aVlEdbtRZ+2a7XBkoN8QHjMzAZEkc+KQIgbmcNkT/RWM6jlknk3BoVrkVe3
+0/rvtFqrQ2/p0BJUU3chV1kV3hKbGNY+PiSrrX2qM7uw7fQgFNRbIqqZm4wFlTp+
+uQPa6bpJZNeJmvQuGTaCsA1OGGv3PuKxp+IMzdKu0DWlMTxOKzLTiXztWX7D9aGX
+kOU0ewWU5YMyhFV9JyiR58HC1mutT88irDZykFtlzeFfEnO6crn4f/mlauBpRFT9
+QRAqlCYNDV5V4ttvyqLhNiPi8YKxROif0LWo0ddR+u1jPfhOaCPS
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA2-pathlen2.pem b/certs/test-pathlen/chainH-ICA2-pathlen2.pem
index c94264901..4d93d0b60 100644
--- a/certs/test-pathlen/chainH-ICA2-pathlen2.pem
+++ b/certs/test-pathlen/chainH-ICA2-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d9:b5:af:4b:ba:83:03:23:df:50:28:a8:c2:0c:
                     2c:f0:04:cb:2d:04:9b:1e:f5:f4:68:bc:d4:8e:b4:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:56:54:36:BE:23:2F:20:89:6D:A6:BA:9A:45:A4:88:0E:40:35:FD:F5
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         8f:ee:27:f5:45:63:56:eb:66:f5:c7:4f:b0:4a:16:ca:2a:e1:
-         de:75:7d:8b:09:12:0c:65:fe:a2:59:66:5e:b1:9f:1a:fc:e5:
-         a5:e5:c9:9b:4f:77:f1:87:8a:a7:36:2d:67:4d:ec:19:13:e3:
-         c1:9c:95:a5:90:ec:0f:39:5b:da:42:9f:73:6c:56:1f:aa:a8:
-         fb:69:82:a7:b2:21:b5:f7:fe:4e:1d:02:fc:30:e8:08:14:d8:
-         86:db:ca:31:da:4d:b8:9c:91:2b:45:b4:70:6b:87:9e:e5:4c:
-         ea:b4:7a:75:18:1e:4c:db:e8:b1:e7:f0:50:43:59:38:31:46:
-         57:59:ae:60:f8:8d:68:b6:49:3c:a5:4e:19:4c:e3:03:ef:5b:
-         bd:c0:9d:12:ba:b3:cb:f2:35:7a:81:a8:3b:95:9c:66:35:a2:
-         94:79:bb:c0:cd:cd:cb:32:d2:8d:ef:89:c6:1c:28:f1:c2:6c:
-         53:c7:fc:de:5e:c9:de:7e:11:61:d9:d7:b1:5e:61:d7:f1:a7:
-         e8:62:e1:f5:0f:f3:17:e8:e5:43:98:3b:cc:b7:cf:a4:ae:92:
-         6b:16:51:ea:38:5f:5e:59:74:87:72:aa:5e:5f:21:dd:d8:6c:
-         8a:e2:7d:11:5b:c1:5c:e9:76:aa:4f:60:46:51:5e:c0:b2:d3:
-         9b:f6:ba:ca
+    Signature Value:
+        47:fe:53:d4:55:2d:7a:8b:02:53:06:f7:18:4c:be:c9:30:f9:
+        53:d8:4c:58:e7:6a:53:db:b2:5b:8c:1b:63:9d:ba:c5:7e:6f:
+        dc:aa:df:78:7c:a6:b6:55:92:69:6a:09:25:1c:98:3f:45:db:
+        18:f8:81:7b:fb:a2:ae:95:81:50:c5:4a:e9:ae:31:b9:1e:ea:
+        22:5e:26:6e:63:be:79:b2:e7:bb:16:0c:be:56:29:db:dc:8f:
+        90:27:4a:9a:82:30:5e:6f:a8:7f:2b:56:e5:8b:3c:c5:47:46:
+        ca:a1:20:a2:f4:3d:8c:bc:cd:f5:48:b1:59:23:71:70:aa:6d:
+        5e:09:21:54:62:e2:05:5b:eb:d4:bc:fb:d3:8b:47:c2:47:31:
+        0f:c8:45:36:c2:f5:1c:1d:e0:79:4b:45:1a:3c:36:53:b2:ec:
+        3b:61:c0:7a:08:42:d7:2e:95:92:6b:6e:12:63:c7:61:bc:9c:
+        2c:02:04:84:d4:28:a7:56:3f:bc:27:73:37:00:82:ef:09:c1:
+        88:35:98:c1:77:8c:3f:4a:19:da:42:c5:89:00:54:ca:39:05:
+        42:80:97:8d:f0:39:ca:9a:5b:f7:b7:4e:86:68:b9:88:1f:79:
+        25:7c:79:e6:3b:58:8a:52:ca:10:47:95:64:bb:1d:fd:e7:51:
+        d8:94:3b:89
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMi1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQIwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCP7if1RWNW62b1x0+wShbKKuHedX2LCRIM
-Zf6iWWZesZ8a/OWl5cmbT3fxh4qnNi1nTewZE+PBnJWlkOwPOVvaQp9zbFYfqqj7
-aYKnsiG19/5OHQL8MOgIFNiG28ox2k24nJErRbRwa4ee5UzqtHp1GB5M2+ix5/BQ
-Q1k4MUZXWa5g+I1otkk8pU4ZTOMD71u9wJ0SurPL8jV6gag7lZxmNaKUebvAzc3L
-MtKN74nGHCjxwmxTx/zeXsnefhFh2dexXmHX8afoYuH1D/MX6OVDmDvMt8+krpJr
-FlHqOF9eWXSHcqpeXyHd2GyK4n0RW8Fc6XaqT2BGUV7AstOb9rrK
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBH/lPUVS16iwJTBvcYTL7JMPlT2ExY52pT
+27JbjBtjnbrFfm/cqt94fKa2VZJpagklHJg/RdsY+IF7+6KulYFQxUrprjG5Huoi
+XiZuY755sue7Fgy+Vinb3I+QJ0qagjBeb6h/K1blizzFR0bKoSCi9D2MvM31SLFZ
+I3Fwqm1eCSFUYuIFW+vUvPvTi0fCRzEPyEU2wvUcHeB5S0UaPDZTsuw7YcB6CELX
+LpWSa24SY8dhvJwsAgSE1CinVj+8J3M3AILvCcGINZjBd4w/ShnaQsWJAFTKOQVC
+gJeN8DnKmlv3t06GaLmIH3klfHnmO1iKUsoQR5Vkux3951HYlDuJ
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA3-pathlen2.pem b/certs/test-pathlen/chainH-ICA3-pathlen2.pem
index f28899d62..e9c6d811c 100644
--- a/certs/test-pathlen/chainH-ICA3-pathlen2.pem
+++ b/certs/test-pathlen/chainH-ICA3-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b7:b3:1a:1b:4a:80:1b:a2:e5:95:14:bc:55:e4:
                     77:dc:f3:7b:8a:9f:34:7c:93:db:c9:c9:d0:8b:b8:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:18:6D:44:83:EE:1F:EC:B4:22:F0:9C:EB:54:1E:4A:15:58:01:AA:13
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         75:ad:f2:f8:79:a5:c6:0d:4a:35:07:f6:75:1c:6c:0e:bf:3d:
-         d7:fc:81:de:57:9f:3f:f0:c9:8e:75:b8:23:0d:36:22:d6:d9:
-         57:dc:c0:5b:a4:9a:fa:ef:2a:b5:ad:e2:c5:96:84:1a:84:49:
-         a8:17:b7:2e:fd:45:21:8f:e4:f1:8a:e5:64:bb:50:96:31:62:
-         d7:4a:11:f4:fa:78:5b:bb:0d:0a:0e:91:bb:84:e8:c6:5d:1a:
-         03:1e:4b:50:5d:c5:03:f5:a3:32:fa:6c:5e:a8:c5:12:b4:5a:
-         c4:e6:ff:36:c3:4d:a7:1a:d1:b2:71:dd:89:1a:b2:08:46:60:
-         bb:8e:bb:df:bd:b9:0f:45:3d:25:06:eb:a7:95:11:a6:32:ee:
-         a0:2c:4c:2f:81:54:6f:54:16:d7:c3:85:6e:c4:78:43:a3:48:
-         2f:81:03:81:c2:02:0a:84:9d:a8:b5:3f:02:b4:c0:fd:b5:d5:
-         2f:f0:48:d7:0f:98:cb:0f:ca:e4:9c:1a:d8:1c:10:31:4b:9e:
-         9b:a9:44:63:03:a0:a0:de:bc:bd:0f:d9:5a:fa:81:f2:d5:7d:
-         de:4b:06:88:b8:0e:98:5c:fb:60:a2:10:e9:ad:38:c7:05:09:
-         9d:c9:bc:24:89:29:84:a5:3a:76:d9:ec:b8:9c:c7:9a:02:7e:
-         23:d6:1b:65
+    Signature Value:
+        24:19:e1:68:7d:9a:f3:0e:86:de:58:94:6e:3c:f0:b0:d6:be:
+        03:6b:0a:23:97:fd:e8:04:02:35:f5:05:de:08:6b:2d:79:a9:
+        f5:15:32:13:1b:e2:e5:ad:92:3e:c7:c4:ec:9c:80:2f:73:3e:
+        06:f7:14:1a:76:65:18:e2:76:44:b2:e8:6f:fb:0d:89:6c:6a:
+        ca:de:96:59:38:c9:0a:c2:48:6c:b6:fb:f6:53:13:47:f2:6c:
+        8f:df:fd:e4:94:42:88:25:2e:f1:31:97:64:c0:65:30:9c:17:
+        82:d2:ec:95:1a:a9:65:2f:fd:a1:9e:e8:0d:c3:e8:ef:b1:8d:
+        c9:77:88:38:a3:30:24:fe:23:1b:ca:61:f4:f7:0f:ed:22:41:
+        39:4c:94:34:b5:14:a5:61:c5:02:1d:ed:80:5b:78:60:18:eb:
+        16:3d:04:cd:64:a6:a2:86:77:7e:4e:0c:42:74:21:df:50:a1:
+        f4:79:24:56:c8:46:ae:2e:9d:9e:3c:fa:f9:ea:15:18:43:8b:
+        c4:97:ff:f4:0e:2f:b1:50:3d:b2:e2:63:2d:66:c4:e7:9d:f3:
+        75:c9:72:a9:0c:19:c0:61:e6:84:a5:e0:f4:f4:82:c7:c8:2d:
+        9b:19:b1:fd:b6:57:99:38:a4:6b:23:a2:ff:80:63:43:37:45:
+        24:16:25:45
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAHWt8vh5pcYNSjUH9nUcbA6/Pdf8gd5Xnz/wyY51uCMNNiLW2Vfc
-wFukmvrvKrWt4sWWhBqESagXty79RSGP5PGK5WS7UJYxYtdKEfT6eFu7DQoOkbuE
-6MZdGgMeS1BdxQP1ozL6bF6oxRK0WsTm/zbDTaca0bJx3YkasghGYLuOu9+9uQ9F
-PSUG66eVEaYy7qAsTC+BVG9UFtfDhW7EeEOjSC+BA4HCAgqEnai1PwK0wP211S/w
-SNcPmMsPyuScGtgcEDFLnpupRGMDoKDevL0P2Vr6gfLVfd5LBoi4Dphc+2CiEOmt
-OMcFCZ3JvCSJKYSlOnbZ7Licx5oCfiPWG2U=
+AQELBQADggEBACQZ4Wh9mvMOht5YlG488LDWvgNrCiOX/egEAjX1Bd4Iay15qfUV
+MhMb4uWtkj7HxOycgC9zPgb3FBp2ZRjidkSy6G/7DYlsasrellk4yQrCSGy2+/ZT
+E0fybI/f/eSUQoglLvExl2TAZTCcF4LS7JUaqWUv/aGe6A3D6O+xjcl3iDijMCT+
+IxvKYfT3D+0iQTlMlDS1FKVhxQId7YBbeGAY6xY9BM1kpqKGd35ODEJ0Id9QofR5
+JFbIRq4unZ48+vnqFRhDi8SX//QOL7FQPbLiYy1mxOed83XJcqkMGcBh5oSl4PT0
+gsfILZsZsf22V5k4pGsjov+AY0M3RSQWJUU=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA4-pathlen2.pem b/certs/test-pathlen/chainH-ICA4-pathlen2.pem
index 6f7c4e2cc..d0e6069fe 100644
--- a/certs/test-pathlen/chainH-ICA4-pathlen2.pem
+++ b/certs/test-pathlen/chainH-ICA4-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:f3:2f:8a:cd:9e:87:f1:01:f3:a4:c0:2d:66:
                     36:d7:11:2e:64:08:e8:f1:99:fa:a6:9c:f4:bd:3b:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a1:6c:a3:2e:95:bb:e7:f0:f4:70:b8:8c:5a:a7:29:54:13:6a:
-         5b:13:e3:62:6a:b5:06:68:41:91:2f:84:97:1f:25:c1:db:18:
-         5d:09:26:04:ab:aa:2d:4d:59:2e:96:70:8f:0e:5d:0b:b8:b0:
-         db:5f:14:70:9e:00:d8:31:1f:65:54:47:69:5c:11:e8:0c:97:
-         2e:ff:0d:2e:ee:45:18:5b:aa:83:21:b1:5d:66:f0:b7:b3:99:
-         09:c6:fd:11:7e:b5:67:a0:d2:3b:a2:e9:b0:96:1d:42:ac:6e:
-         ce:f2:80:4e:8c:87:36:af:b5:c4:bc:fb:5d:18:40:d4:7d:3a:
-         0f:c8:9f:f1:95:bb:8a:ad:18:f8:3c:e0:49:da:36:26:17:8c:
-         87:75:79:80:5f:c4:5a:48:93:ed:62:93:73:55:a3:73:d4:ba:
-         3c:54:f4:b2:ad:70:af:8f:93:4f:a7:15:49:e0:cf:88:2a:1f:
-         bf:18:f5:13:e4:5b:d3:37:29:12:db:8c:4d:b6:93:0b:02:70:
-         47:84:cc:0a:e8:28:de:89:a1:43:0f:16:28:a9:be:85:6e:62:
-         44:5c:69:a0:33:67:bf:ee:80:37:46:25:e4:d2:ec:56:07:67:
-         e4:d6:e0:92:a1:2f:7c:d8:18:d0:7a:02:82:5b:48:3d:61:9b:
-         5f:65:db:af
+    Signature Value:
+        36:81:19:93:e0:6e:2e:c5:e5:a6:d2:b6:ca:17:ff:67:d9:b8:
+        0c:24:ed:f7:eb:96:dd:e1:96:df:6d:ca:bf:8d:31:32:36:e2:
+        64:c6:4c:81:94:63:f6:f9:a3:23:69:8e:de:98:6a:54:aa:7e:
+        65:1f:81:43:d9:ba:a5:b5:e7:9b:58:28:4e:62:72:9a:58:e1:
+        8f:cc:12:5e:63:42:78:d6:26:bc:46:69:cd:0e:f3:56:df:e4:
+        38:0e:83:96:d5:33:5e:fd:0d:2a:f9:88:08:14:ec:12:fe:75:
+        a9:5f:54:3d:ea:ee:bd:b7:aa:77:cc:e4:b2:eb:f4:af:37:22:
+        5e:bb:2a:8b:b7:0b:b8:47:32:b8:56:ca:bb:ca:e9:de:fb:a0:
+        fc:ac:65:04:78:c6:1f:65:9e:8c:76:ef:82:75:8b:59:59:37:
+        d0:5d:97:9c:c0:8f:27:76:60:95:c4:b4:ba:e6:a3:9a:ce:c3:
+        df:02:ec:97:b5:06:9f:5e:f8:15:52:01:6d:fd:c5:73:b8:12:
+        35:49:e4:28:df:26:86:6d:93:4e:f3:6f:88:e5:51:98:5f:46:
+        49:69:02:17:ec:74:ed:7b:e2:b5:6c:24:d4:cf:4a:78:12:f6:
+        5d:4f:3d:3d:c8:ae:8f:53:aa:4e:2e:dd:3b:a9:0c:d4:b8:2e:
+        bd:e5:af:95
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFBhtRIPuH+y0IvCc61QeShVYAaoTMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAKFsoy6Vu+fw9HC4jFqnKVQTalsT42JqtQZoQZEvhJcf
-JcHbGF0JJgSrqi1NWS6WcI8OXQu4sNtfFHCeANgxH2VUR2lcEegMly7/DS7uRRhb
-qoMhsV1m8LezmQnG/RF+tWeg0jui6bCWHUKsbs7ygE6MhzavtcS8+10YQNR9Og/I
-n/GVu4qtGPg84EnaNiYXjId1eYBfxFpIk+1ik3NVo3PUujxU9LKtcK+Pk0+nFUng
-z4gqH78Y9RPkW9M3KRLbjE22kwsCcEeEzAroKN6JoUMPFiipvoVuYkRcaaAzZ7/u
-gDdGJeTS7FYHZ+TW4JKhL3zYGNB6AoJbSD1hm19l268=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBADaBGZPgbi7F5abStsoX/2fZuAwk7ffrlt3hlt9tyr+N
+MTI24mTGTIGUY/b5oyNpjt6YalSqfmUfgUPZuqW155tYKE5icppY4Y/MEl5jQnjW
+JrxGac0O81bf5DgOg5bVM179DSr5iAgU7BL+dalfVD3q7r23qnfM5LLr9K83Il67
+Kou3C7hHMrhWyrvK6d77oPysZQR4xh9lnox274J1i1lZN9Bdl5zAjyd2YJXEtLrm
+o5rOw98C7Je1Bp9e+BVSAW39xXO4EjVJ5CjfJoZtk07zb4jlUZhfRklpAhfsdO17
+4rVsJNTPSngS9l1PPT3Iro9Tqk4u3TupDNS4Lr3lr5U=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-assembled.pem b/certs/test-pathlen/chainH-assembled.pem
index 8b3bc6227..c430bee64 100644
--- a/certs/test-pathlen/chainH-assembled.pem
+++ b/certs/test-pathlen/chainH-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ba:ed:ab:c0:0d:92:6c:10:e4:50:9f:7c:98:cc:
                     87:fd:28:34:77:c0:58:28:52:2c:28:97:80:ec:78:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:48:80:87:28:EF:E6:28:0F:03:9B:DF:33:48:10:A0:E5:20:B3:69:50
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA2-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         06:45:21:fd:a8:95:fa:d4:96:c7:4f:83:6b:6c:c1:24:fa:b0:
-         14:42:db:7a:5c:7b:f4:8f:4e:66:78:bc:ff:65:bd:4a:a7:8e:
-         d0:78:33:6f:d2:aa:bb:9b:25:26:15:4d:9d:8e:39:16:99:70:
-         25:6a:2d:ee:78:54:80:13:71:f3:e1:6a:ec:56:57:1a:25:db:
-         8f:b3:64:22:d2:04:d1:b2:aa:ff:2c:d9:ae:6d:74:66:18:74:
-         58:38:4b:ec:77:69:f6:83:ed:4d:7d:4a:60:71:35:8e:14:02:
-         72:9e:93:22:a5:ca:d9:33:7e:12:c4:41:34:cf:c4:14:66:9a:
-         fa:04:aa:1f:e2:d9:5e:d3:42:9e:fa:c9:71:6e:f0:43:08:a7:
-         60:bc:eb:19:8e:70:09:24:12:6b:9a:10:60:fc:44:61:e3:f4:
-         0d:08:15:9e:a6:b3:7e:9b:be:d5:f9:63:9d:2f:be:c3:81:c6:
-         ef:e8:56:99:a2:58:f3:32:7c:c2:c2:b1:d9:6a:bd:51:79:eb:
-         18:02:44:b4:4e:e8:7c:3e:96:a4:ae:86:79:94:11:6f:1b:eb:
-         80:71:07:1f:4c:5d:88:67:39:62:6d:c2:0d:64:2a:07:66:48:
-         ca:b4:76:06:da:1c:40:24:77:34:a9:8b:26:d0:20:6b:94:25:
-         75:73:84:e7
+    Signature Value:
+        44:cd:05:6c:e3:bf:bc:7f:0a:a8:83:b5:82:a0:c8:4d:7d:10:
+        cf:83:03:84:83:21:ea:d1:2e:9c:2f:65:c4:c0:39:96:5c:bf:
+        0d:48:da:04:4e:09:c5:12:8c:0c:2a:15:dd:56:16:3b:95:51:
+        24:36:43:26:ee:05:e4:7a:3c:76:b5:3c:6e:5f:df:b9:71:57:
+        18:e2:36:93:61:50:ad:7c:2a:c2:57:7f:f0:5b:81:b7:6f:05:
+        1a:75:20:39:33:fa:d4:b6:96:f5:3f:21:d7:6e:b8:3a:65:c5:
+        b7:15:22:c1:34:80:41:94:0b:d0:7f:0b:7b:35:41:2f:04:6e:
+        1e:68:a3:f2:ed:6a:1b:54:b0:60:b3:ad:41:9a:73:96:c3:37:
+        90:6f:02:55:aa:66:f8:26:ea:17:cd:7f:08:6c:12:09:24:f5:
+        6d:54:5d:b7:4c:9d:47:ac:c7:a0:4c:ad:ad:4d:0d:7f:25:3c:
+        49:a1:bc:c0:f4:a0:75:fb:79:4c:7d:12:a2:b0:47:f6:ab:ed:
+        04:30:6c:94:a2:57:a2:4b:df:51:89:01:e6:34:51:85:e0:de:
+        77:0f:ad:b3:9b:25:06:a7:09:19:92:9a:c8:7f:a8:8a:c6:86:
+        da:71:48:04:7f:0d:69:8a:05:40:45:98:08:ad:03:36:89:84:
+        1e:b2:24:72
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkgtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBRIgIco7+YoDwOb3zNIEKDlILNpUKGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAAZFIf2o
-lfrUlsdPg2tswST6sBRC23pce/SPTmZ4vP9lvUqnjtB4M2/SqrubJSYVTZ2OORaZ
-cCVqLe54VIATcfPhauxWVxol24+zZCLSBNGyqv8s2a5tdGYYdFg4S+x3afaD7U19
-SmBxNY4UAnKekyKlytkzfhLEQTTPxBRmmvoEqh/i2V7TQp76yXFu8EMIp2C86xmO
-cAkkEmuaEGD8RGHj9A0IFZ6ms36bvtX5Y50vvsOBxu/oVpmiWPMyfMLCsdlqvVF5
-6xgCRLRO6Hw+lqSuhnmUEW8b64BxBx9MXYhnOWJtwg1kKgdmSMq0dgbaHEAkdzSp
-iybQIGuUJXVzhOc=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAETNBWzj
+v7x/CqiDtYKgyE19EM+DA4SDIerRLpwvZcTAOZZcvw1I2gROCcUSjAwqFd1WFjuV
+USQ2QybuBeR6PHa1PG5f37lxVxjiNpNhUK18KsJXf/BbgbdvBRp1IDkz+tS2lvU/
+IdduuDplxbcVIsE0gEGUC9B/C3s1QS8Ebh5oo/LtahtUsGCzrUGac5bDN5BvAlWq
+Zvgm6hfNfwhsEgkk9W1UXbdMnUesx6BMra1NDX8lPEmhvMD0oHX7eUx9EqKwR/ar
+7QQwbJSiV6JL31GJAeY0UYXg3ncPrbObJQanCRmSmsh/qIrGhtpxSAR/DWmKBUBF
+mAitAzaJhB6yJHI=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c7:f4:a6:7e:f2:cb:4f:6e:04:18:d3:53:d5:cf:
                     bf:7e:97:d1:74:94:fe:db:ad:61:3f:12:20:67:f3:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:80:49:61:8C:1D:13:08:56:B5:42:68:D5:B2:EA:89:2C:B4:8B:05:87
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         84:70:f5:e6:36:95:d1:b9:43:99:0b:7e:a9:b1:2f:5a:4a:58:
-         3f:73:83:a1:90:9e:b5:86:10:fb:0e:46:22:38:92:f2:07:19:
-         20:c3:82:f0:8d:38:4f:39:38:6b:bc:43:15:fe:b4:c2:78:49:
-         d4:78:2e:6e:41:cb:f8:c6:ed:b9:8c:76:ad:b6:d4:68:fa:82:
-         55:cc:b2:60:d5:ce:8c:bb:7a:dd:19:29:4e:c8:c6:f8:2a:1a:
-         b4:e7:8e:31:e8:63:76:bf:6e:77:98:3e:98:70:18:fb:d7:f5:
-         cc:47:da:35:54:d8:77:6e:54:db:3c:b0:b8:81:f0:ae:e2:a1:
-         92:ea:c4:dd:0c:4b:fa:15:82:e0:4b:c8:cc:81:1d:54:2b:53:
-         c9:ed:06:00:28:e7:c5:37:d0:46:14:24:5c:6f:d4:a8:d9:c6:
-         e5:57:8d:0a:66:27:89:93:fc:c3:46:0c:40:b6:eb:f3:52:16:
-         d5:ed:21:ee:20:89:bd:ff:12:6d:7b:8e:7d:9d:1a:41:f4:0c:
-         1c:ef:2d:ee:82:cf:9b:ca:8e:3e:fa:6c:13:79:13:5a:93:c4:
-         d8:99:1a:88:f0:c7:4c:76:4e:e7:b9:f3:1a:ec:77:42:c8:60:
-         f8:f6:2a:50:df:16:fa:bc:00:06:57:23:a9:34:c5:6f:d9:82:
-         00:78:1b:58
+    Signature Value:
+        4f:4a:9c:ef:2f:a2:03:d7:1a:83:e0:cc:d5:72:f9:fc:f6:32:
+        20:b8:55:f2:91:5a:21:71:9e:14:e9:a5:65:11:d6:ed:45:9f:
+        b6:6b:b5:c1:92:83:7c:40:78:cc:cc:06:44:91:cf:8a:40:88:
+        1b:99:c3:64:4f:f4:56:33:a8:e5:92:79:37:06:85:6b:91:57:
+        b7:d3:fa:ef:b4:5a:ab:43:6f:e9:d0:12:54:53:77:21:57:59:
+        15:de:12:9b:18:d6:3e:3e:24:ab:ad:7d:aa:33:bb:b0:ed:f4:
+        20:14:d4:5b:22:aa:99:9b:8c:05:95:3a:7e:b9:03:da:e9:ba:
+        49:64:d7:89:9a:f4:2e:19:36:82:b0:0d:4e:18:6b:f7:3e:e2:
+        b1:a7:e2:0c:cd:d2:ae:d0:35:a5:31:3c:4e:2b:32:d3:89:7c:
+        ed:59:7e:c3:f5:a1:97:90:e5:34:7b:05:94:e5:83:32:84:55:
+        7d:27:28:91:e7:c1:c2:d6:6b:ad:4f:cf:22:ac:36:72:90:5b:
+        65:cd:e1:5f:12:73:ba:72:b9:f8:7f:f9:a5:6a:e0:69:44:54:
+        fd:41:10:2a:94:26:0d:0d:5e:55:e2:db:6f:ca:a2:e1:36:23:
+        e2:f1:82:b1:44:e8:9f:d0:b5:a8:d1:d7:51:fa:ed:63:3d:f8:
+        4e:68:23:d2
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCEcPXmNpXRuUOZC36psS9aSlg/c4OhkJ61
-hhD7DkYiOJLyBxkgw4LwjThPOThrvEMV/rTCeEnUeC5uQcv4xu25jHatttRo+oJV
-zLJg1c6Mu3rdGSlOyMb4Khq0544x6GN2v253mD6YcBj71/XMR9o1VNh3blTbPLC4
-gfCu4qGS6sTdDEv6FYLgS8jMgR1UK1PJ7QYAKOfFN9BGFCRcb9So2cblV40KZieJ
-k/zDRgxAtuvzUhbV7SHuIIm9/xJte459nRpB9Awc7y3ugs+byo4++mwTeRNak8TY
-mRqI8MdMdk7nufMa7HdCyGD49ipQ3xb6vAAGVyOpNMVv2YIAeBtY
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBPSpzvL6ID1xqD4MzVcvn89jIguFXykVoh
+cZ4U6aVlEdbtRZ+2a7XBkoN8QHjMzAZEkc+KQIgbmcNkT/RWM6jlknk3BoVrkVe3
+0/rvtFqrQ2/p0BJUU3chV1kV3hKbGNY+PiSrrX2qM7uw7fQgFNRbIqqZm4wFlTp+
+uQPa6bpJZNeJmvQuGTaCsA1OGGv3PuKxp+IMzdKu0DWlMTxOKzLTiXztWX7D9aGX
+kOU0ewWU5YMyhFV9JyiR58HC1mutT88irDZykFtlzeFfEnO6crn4f/mlauBpRFT9
+QRAqlCYNDV5V4ttvyqLhNiPi8YKxROif0LWo0ddR+u1jPfhOaCPS
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d9:b5:af:4b:ba:83:03:23:df:50:28:a8:c2:0c:
                     2c:f0:04:cb:2d:04:9b:1e:f5:f4:68:bc:d4:8e:b4:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:56:54:36:BE:23:2F:20:89:6D:A6:BA:9A:45:A4:88:0E:40:35:FD:F5
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         8f:ee:27:f5:45:63:56:eb:66:f5:c7:4f:b0:4a:16:ca:2a:e1:
-         de:75:7d:8b:09:12:0c:65:fe:a2:59:66:5e:b1:9f:1a:fc:e5:
-         a5:e5:c9:9b:4f:77:f1:87:8a:a7:36:2d:67:4d:ec:19:13:e3:
-         c1:9c:95:a5:90:ec:0f:39:5b:da:42:9f:73:6c:56:1f:aa:a8:
-         fb:69:82:a7:b2:21:b5:f7:fe:4e:1d:02:fc:30:e8:08:14:d8:
-         86:db:ca:31:da:4d:b8:9c:91:2b:45:b4:70:6b:87:9e:e5:4c:
-         ea:b4:7a:75:18:1e:4c:db:e8:b1:e7:f0:50:43:59:38:31:46:
-         57:59:ae:60:f8:8d:68:b6:49:3c:a5:4e:19:4c:e3:03:ef:5b:
-         bd:c0:9d:12:ba:b3:cb:f2:35:7a:81:a8:3b:95:9c:66:35:a2:
-         94:79:bb:c0:cd:cd:cb:32:d2:8d:ef:89:c6:1c:28:f1:c2:6c:
-         53:c7:fc:de:5e:c9:de:7e:11:61:d9:d7:b1:5e:61:d7:f1:a7:
-         e8:62:e1:f5:0f:f3:17:e8:e5:43:98:3b:cc:b7:cf:a4:ae:92:
-         6b:16:51:ea:38:5f:5e:59:74:87:72:aa:5e:5f:21:dd:d8:6c:
-         8a:e2:7d:11:5b:c1:5c:e9:76:aa:4f:60:46:51:5e:c0:b2:d3:
-         9b:f6:ba:ca
+    Signature Value:
+        47:fe:53:d4:55:2d:7a:8b:02:53:06:f7:18:4c:be:c9:30:f9:
+        53:d8:4c:58:e7:6a:53:db:b2:5b:8c:1b:63:9d:ba:c5:7e:6f:
+        dc:aa:df:78:7c:a6:b6:55:92:69:6a:09:25:1c:98:3f:45:db:
+        18:f8:81:7b:fb:a2:ae:95:81:50:c5:4a:e9:ae:31:b9:1e:ea:
+        22:5e:26:6e:63:be:79:b2:e7:bb:16:0c:be:56:29:db:dc:8f:
+        90:27:4a:9a:82:30:5e:6f:a8:7f:2b:56:e5:8b:3c:c5:47:46:
+        ca:a1:20:a2:f4:3d:8c:bc:cd:f5:48:b1:59:23:71:70:aa:6d:
+        5e:09:21:54:62:e2:05:5b:eb:d4:bc:fb:d3:8b:47:c2:47:31:
+        0f:c8:45:36:c2:f5:1c:1d:e0:79:4b:45:1a:3c:36:53:b2:ec:
+        3b:61:c0:7a:08:42:d7:2e:95:92:6b:6e:12:63:c7:61:bc:9c:
+        2c:02:04:84:d4:28:a7:56:3f:bc:27:73:37:00:82:ef:09:c1:
+        88:35:98:c1:77:8c:3f:4a:19:da:42:c5:89:00:54:ca:39:05:
+        42:80:97:8d:f0:39:ca:9a:5b:f7:b7:4e:86:68:b9:88:1f:79:
+        25:7c:79:e6:3b:58:8a:52:ca:10:47:95:64:bb:1d:fd:e7:51:
+        d8:94:3b:89
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMi1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -256,12 +256,12 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQIwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCP7if1RWNW62b1x0+wShbKKuHedX2LCRIM
-Zf6iWWZesZ8a/OWl5cmbT3fxh4qnNi1nTewZE+PBnJWlkOwPOVvaQp9zbFYfqqj7
-aYKnsiG19/5OHQL8MOgIFNiG28ox2k24nJErRbRwa4ee5UzqtHp1GB5M2+ix5/BQ
-Q1k4MUZXWa5g+I1otkk8pU4ZTOMD71u9wJ0SurPL8jV6gag7lZxmNaKUebvAzc3L
-MtKN74nGHCjxwmxTx/zeXsnefhFh2dexXmHX8afoYuH1D/MX6OVDmDvMt8+krpJr
-FlHqOF9eWXSHcqpeXyHd2GyK4n0RW8Fc6XaqT2BGUV7AstOb9rrK
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBH/lPUVS16iwJTBvcYTL7JMPlT2ExY52pT
+27JbjBtjnbrFfm/cqt94fKa2VZJpagklHJg/RdsY+IF7+6KulYFQxUrprjG5Huoi
+XiZuY755sue7Fgy+Vinb3I+QJ0qagjBeb6h/K1blizzFR0bKoSCi9D2MvM31SLFZ
+I3Fwqm1eCSFUYuIFW+vUvPvTi0fCRzEPyEU2wvUcHeB5S0UaPDZTsuw7YcB6CELX
+LpWSa24SY8dhvJwsAgSE1CinVj+8J3M3AILvCcGINZjBd4w/ShnaQsWJAFTKOQVC
+gJeN8DnKmlv3t06GaLmIH3klfHnmO1iKUsoQR5Vkux3951HYlDuJ
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b7:b3:1a:1b:4a:80:1b:a2:e5:95:14:bc:55:e4:
                     77:dc:f3:7b:8a:9f:34:7c:93:db:c9:c9:d0:8b:b8:
@@ -303,33 +303,33 @@ Certificate:
                 keyid:18:6D:44:83:EE:1F:EC:B4:22:F0:9C:EB:54:1E:4A:15:58:01:AA:13
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         75:ad:f2:f8:79:a5:c6:0d:4a:35:07:f6:75:1c:6c:0e:bf:3d:
-         d7:fc:81:de:57:9f:3f:f0:c9:8e:75:b8:23:0d:36:22:d6:d9:
-         57:dc:c0:5b:a4:9a:fa:ef:2a:b5:ad:e2:c5:96:84:1a:84:49:
-         a8:17:b7:2e:fd:45:21:8f:e4:f1:8a:e5:64:bb:50:96:31:62:
-         d7:4a:11:f4:fa:78:5b:bb:0d:0a:0e:91:bb:84:e8:c6:5d:1a:
-         03:1e:4b:50:5d:c5:03:f5:a3:32:fa:6c:5e:a8:c5:12:b4:5a:
-         c4:e6:ff:36:c3:4d:a7:1a:d1:b2:71:dd:89:1a:b2:08:46:60:
-         bb:8e:bb:df:bd:b9:0f:45:3d:25:06:eb:a7:95:11:a6:32:ee:
-         a0:2c:4c:2f:81:54:6f:54:16:d7:c3:85:6e:c4:78:43:a3:48:
-         2f:81:03:81:c2:02:0a:84:9d:a8:b5:3f:02:b4:c0:fd:b5:d5:
-         2f:f0:48:d7:0f:98:cb:0f:ca:e4:9c:1a:d8:1c:10:31:4b:9e:
-         9b:a9:44:63:03:a0:a0:de:bc:bd:0f:d9:5a:fa:81:f2:d5:7d:
-         de:4b:06:88:b8:0e:98:5c:fb:60:a2:10:e9:ad:38:c7:05:09:
-         9d:c9:bc:24:89:29:84:a5:3a:76:d9:ec:b8:9c:c7:9a:02:7e:
-         23:d6:1b:65
+    Signature Value:
+        24:19:e1:68:7d:9a:f3:0e:86:de:58:94:6e:3c:f0:b0:d6:be:
+        03:6b:0a:23:97:fd:e8:04:02:35:f5:05:de:08:6b:2d:79:a9:
+        f5:15:32:13:1b:e2:e5:ad:92:3e:c7:c4:ec:9c:80:2f:73:3e:
+        06:f7:14:1a:76:65:18:e2:76:44:b2:e8:6f:fb:0d:89:6c:6a:
+        ca:de:96:59:38:c9:0a:c2:48:6c:b6:fb:f6:53:13:47:f2:6c:
+        8f:df:fd:e4:94:42:88:25:2e:f1:31:97:64:c0:65:30:9c:17:
+        82:d2:ec:95:1a:a9:65:2f:fd:a1:9e:e8:0d:c3:e8:ef:b1:8d:
+        c9:77:88:38:a3:30:24:fe:23:1b:ca:61:f4:f7:0f:ed:22:41:
+        39:4c:94:34:b5:14:a5:61:c5:02:1d:ed:80:5b:78:60:18:eb:
+        16:3d:04:cd:64:a6:a2:86:77:7e:4e:0c:42:74:21:df:50:a1:
+        f4:79:24:56:c8:46:ae:2e:9d:9e:3c:fa:f9:ea:15:18:43:8b:
+        c4:97:ff:f4:0e:2f:b1:50:3d:b2:e2:63:2d:66:c4:e7:9d:f3:
+        75:c9:72:a9:0c:19:c0:61:e6:84:a5:e0:f4:f4:82:c7:c8:2d:
+        9b:19:b1:fd:b6:57:99:38:a4:6b:23:a2:ff:80:63:43:37:45:
+        24:16:25:45
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -345,12 +345,12 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAHWt8vh5pcYNSjUH9nUcbA6/Pdf8gd5Xnz/wyY51uCMNNiLW2Vfc
-wFukmvrvKrWt4sWWhBqESagXty79RSGP5PGK5WS7UJYxYtdKEfT6eFu7DQoOkbuE
-6MZdGgMeS1BdxQP1ozL6bF6oxRK0WsTm/zbDTaca0bJx3YkasghGYLuOu9+9uQ9F
-PSUG66eVEaYy7qAsTC+BVG9UFtfDhW7EeEOjSC+BA4HCAgqEnai1PwK0wP211S/w
-SNcPmMsPyuScGtgcEDFLnpupRGMDoKDevL0P2Vr6gfLVfd5LBoi4Dphc+2CiEOmt
-OMcFCZ3JvCSJKYSlOnbZ7Licx5oCfiPWG2U=
+AQELBQADggEBACQZ4Wh9mvMOht5YlG488LDWvgNrCiOX/egEAjX1Bd4Iay15qfUV
+MhMb4uWtkj7HxOycgC9zPgb3FBp2ZRjidkSy6G/7DYlsasrellk4yQrCSGy2+/ZT
+E0fybI/f/eSUQoglLvExl2TAZTCcF4LS7JUaqWUv/aGe6A3D6O+xjcl3iDijMCT+
+IxvKYfT3D+0iQTlMlDS1FKVhxQId7YBbeGAY6xY9BM1kpqKGd35ODEJ0Id9QofR5
+JFbIRq4unZ48+vnqFRhDi8SX//QOL7FQPbLiYy1mxOed83XJcqkMGcBh5oSl4PT0
+gsfILZsZsf22V5k4pGsjov+AY0M3RSQWJUU=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -359,12 +359,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:f3:2f:8a:cd:9e:87:f1:01:f3:a4:c0:2d:66:
                     36:d7:11:2e:64:08:e8:f1:99:fa:a6:9c:f4:bd:3b:
@@ -391,34 +391,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a1:6c:a3:2e:95:bb:e7:f0:f4:70:b8:8c:5a:a7:29:54:13:6a:
-         5b:13:e3:62:6a:b5:06:68:41:91:2f:84:97:1f:25:c1:db:18:
-         5d:09:26:04:ab:aa:2d:4d:59:2e:96:70:8f:0e:5d:0b:b8:b0:
-         db:5f:14:70:9e:00:d8:31:1f:65:54:47:69:5c:11:e8:0c:97:
-         2e:ff:0d:2e:ee:45:18:5b:aa:83:21:b1:5d:66:f0:b7:b3:99:
-         09:c6:fd:11:7e:b5:67:a0:d2:3b:a2:e9:b0:96:1d:42:ac:6e:
-         ce:f2:80:4e:8c:87:36:af:b5:c4:bc:fb:5d:18:40:d4:7d:3a:
-         0f:c8:9f:f1:95:bb:8a:ad:18:f8:3c:e0:49:da:36:26:17:8c:
-         87:75:79:80:5f:c4:5a:48:93:ed:62:93:73:55:a3:73:d4:ba:
-         3c:54:f4:b2:ad:70:af:8f:93:4f:a7:15:49:e0:cf:88:2a:1f:
-         bf:18:f5:13:e4:5b:d3:37:29:12:db:8c:4d:b6:93:0b:02:70:
-         47:84:cc:0a:e8:28:de:89:a1:43:0f:16:28:a9:be:85:6e:62:
-         44:5c:69:a0:33:67:bf:ee:80:37:46:25:e4:d2:ec:56:07:67:
-         e4:d6:e0:92:a1:2f:7c:d8:18:d0:7a:02:82:5b:48:3d:61:9b:
-         5f:65:db:af
+    Signature Value:
+        36:81:19:93:e0:6e:2e:c5:e5:a6:d2:b6:ca:17:ff:67:d9:b8:
+        0c:24:ed:f7:eb:96:dd:e1:96:df:6d:ca:bf:8d:31:32:36:e2:
+        64:c6:4c:81:94:63:f6:f9:a3:23:69:8e:de:98:6a:54:aa:7e:
+        65:1f:81:43:d9:ba:a5:b5:e7:9b:58:28:4e:62:72:9a:58:e1:
+        8f:cc:12:5e:63:42:78:d6:26:bc:46:69:cd:0e:f3:56:df:e4:
+        38:0e:83:96:d5:33:5e:fd:0d:2a:f9:88:08:14:ec:12:fe:75:
+        a9:5f:54:3d:ea:ee:bd:b7:aa:77:cc:e4:b2:eb:f4:af:37:22:
+        5e:bb:2a:8b:b7:0b:b8:47:32:b8:56:ca:bb:ca:e9:de:fb:a0:
+        fc:ac:65:04:78:c6:1f:65:9e:8c:76:ef:82:75:8b:59:59:37:
+        d0:5d:97:9c:c0:8f:27:76:60:95:c4:b4:ba:e6:a3:9a:ce:c3:
+        df:02:ec:97:b5:06:9f:5e:f8:15:52:01:6d:fd:c5:73:b8:12:
+        35:49:e4:28:df:26:86:6d:93:4e:f3:6f:88:e5:51:98:5f:46:
+        49:69:02:17:ec:74:ed:7b:e2:b5:6c:24:d4:cf:4a:78:12:f6:
+        5d:4f:3d:3d:c8:ae:8f:53:aa:4e:2e:dd:3b:a9:0c:d4:b8:2e:
+        bd:e5:af:95
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -432,12 +432,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFBhtRIPuH+y0IvCc61QeShVYAaoTMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAKFsoy6Vu+fw9HC4jFqnKVQTalsT42JqtQZoQZEvhJcf
-JcHbGF0JJgSrqi1NWS6WcI8OXQu4sNtfFHCeANgxH2VUR2lcEegMly7/DS7uRRhb
-qoMhsV1m8LezmQnG/RF+tWeg0jui6bCWHUKsbs7ygE6MhzavtcS8+10YQNR9Og/I
-n/GVu4qtGPg84EnaNiYXjId1eYBfxFpIk+1ik3NVo3PUujxU9LKtcK+Pk0+nFUng
-z4gqH78Y9RPkW9M3KRLbjE22kwsCcEeEzAroKN6JoUMPFiipvoVuYkRcaaAzZ7/u
-gDdGJeTS7FYHZ+TW4JKhL3zYGNB6AoJbSD1hm19l268=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBADaBGZPgbi7F5abStsoX/2fZuAwk7ffrlt3hlt9tyr+N
+MTI24mTGTIGUY/b5oyNpjt6YalSqfmUfgUPZuqW155tYKE5icppY4Y/MEl5jQnjW
+JrxGac0O81bf5DgOg5bVM179DSr5iAgU7BL+dalfVD3q7r23qnfM5LLr9K83Il67
+Kou3C7hHMrhWyrvK6d77oPysZQR4xh9lnox274J1i1lZN9Bdl5zAjyd2YJXEtLrm
+o5rOw98C7Je1Bp9e+BVSAW39xXO4EjVJ5CjfJoZtk07zb4jlUZhfRklpAhfsdO17
+4rVsJNTPSngS9l1PPT3Iro9Tqk4u3TupDNS4Lr3lr5U=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-entity.pem b/certs/test-pathlen/chainH-entity.pem
index 42512cc12..51e25c97b 100644
--- a/certs/test-pathlen/chainH-entity.pem
+++ b/certs/test-pathlen/chainH-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ba:ed:ab:c0:0d:92:6c:10:e4:50:9f:7c:98:cc:
                     87:fd:28:34:77:c0:58:28:52:2c:28:97:80:ec:78:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:48:80:87:28:EF:E6:28:0F:03:9B:DF:33:48:10:A0:E5:20:B3:69:50
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA2-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         06:45:21:fd:a8:95:fa:d4:96:c7:4f:83:6b:6c:c1:24:fa:b0:
-         14:42:db:7a:5c:7b:f4:8f:4e:66:78:bc:ff:65:bd:4a:a7:8e:
-         d0:78:33:6f:d2:aa:bb:9b:25:26:15:4d:9d:8e:39:16:99:70:
-         25:6a:2d:ee:78:54:80:13:71:f3:e1:6a:ec:56:57:1a:25:db:
-         8f:b3:64:22:d2:04:d1:b2:aa:ff:2c:d9:ae:6d:74:66:18:74:
-         58:38:4b:ec:77:69:f6:83:ed:4d:7d:4a:60:71:35:8e:14:02:
-         72:9e:93:22:a5:ca:d9:33:7e:12:c4:41:34:cf:c4:14:66:9a:
-         fa:04:aa:1f:e2:d9:5e:d3:42:9e:fa:c9:71:6e:f0:43:08:a7:
-         60:bc:eb:19:8e:70:09:24:12:6b:9a:10:60:fc:44:61:e3:f4:
-         0d:08:15:9e:a6:b3:7e:9b:be:d5:f9:63:9d:2f:be:c3:81:c6:
-         ef:e8:56:99:a2:58:f3:32:7c:c2:c2:b1:d9:6a:bd:51:79:eb:
-         18:02:44:b4:4e:e8:7c:3e:96:a4:ae:86:79:94:11:6f:1b:eb:
-         80:71:07:1f:4c:5d:88:67:39:62:6d:c2:0d:64:2a:07:66:48:
-         ca:b4:76:06:da:1c:40:24:77:34:a9:8b:26:d0:20:6b:94:25:
-         75:73:84:e7
+    Signature Value:
+        44:cd:05:6c:e3:bf:bc:7f:0a:a8:83:b5:82:a0:c8:4d:7d:10:
+        cf:83:03:84:83:21:ea:d1:2e:9c:2f:65:c4:c0:39:96:5c:bf:
+        0d:48:da:04:4e:09:c5:12:8c:0c:2a:15:dd:56:16:3b:95:51:
+        24:36:43:26:ee:05:e4:7a:3c:76:b5:3c:6e:5f:df:b9:71:57:
+        18:e2:36:93:61:50:ad:7c:2a:c2:57:7f:f0:5b:81:b7:6f:05:
+        1a:75:20:39:33:fa:d4:b6:96:f5:3f:21:d7:6e:b8:3a:65:c5:
+        b7:15:22:c1:34:80:41:94:0b:d0:7f:0b:7b:35:41:2f:04:6e:
+        1e:68:a3:f2:ed:6a:1b:54:b0:60:b3:ad:41:9a:73:96:c3:37:
+        90:6f:02:55:aa:66:f8:26:ea:17:cd:7f:08:6c:12:09:24:f5:
+        6d:54:5d:b7:4c:9d:47:ac:c7:a0:4c:ad:ad:4d:0d:7f:25:3c:
+        49:a1:bc:c0:f4:a0:75:fb:79:4c:7d:12:a2:b0:47:f6:ab:ed:
+        04:30:6c:94:a2:57:a2:4b:df:51:89:01:e6:34:51:85:e0:de:
+        77:0f:ad:b3:9b:25:06:a7:09:19:92:9a:c8:7f:a8:8a:c6:86:
+        da:71:48:04:7f:0d:69:8a:05:40:45:98:08:ad:03:36:89:84:
+        1e:b2:24:72
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkgtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBRIgIco7+YoDwOb3zNIEKDlILNpUKGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAAZFIf2o
-lfrUlsdPg2tswST6sBRC23pce/SPTmZ4vP9lvUqnjtB4M2/SqrubJSYVTZ2OORaZ
-cCVqLe54VIATcfPhauxWVxol24+zZCLSBNGyqv8s2a5tdGYYdFg4S+x3afaD7U19
-SmBxNY4UAnKekyKlytkzfhLEQTTPxBRmmvoEqh/i2V7TQp76yXFu8EMIp2C86xmO
-cAkkEmuaEGD8RGHj9A0IFZ6ms36bvtX5Y50vvsOBxu/oVpmiWPMyfMLCsdlqvVF5
-6xgCRLRO6Hw+lqSuhnmUEW8b64BxBx9MXYhnOWJtwg1kKgdmSMq0dgbaHEAkdzSp
-iybQIGuUJXVzhOc=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAETNBWzj
+v7x/CqiDtYKgyE19EM+DA4SDIerRLpwvZcTAOZZcvw1I2gROCcUSjAwqFd1WFjuV
+USQ2QybuBeR6PHa1PG5f37lxVxjiNpNhUK18KsJXf/BbgbdvBRp1IDkz+tS2lvU/
+IdduuDplxbcVIsE0gEGUC9B/C3s1QS8Ebh5oo/LtahtUsGCzrUGac5bDN5BvAlWq
+Zvgm6hfNfwhsEgkk9W1UXbdMnUesx6BMra1NDX8lPEmhvMD0oHX7eUx9EqKwR/ar
+7QQwbJSiV6JL31GJAeY0UYXg3ncPrbObJQanCRmSmsh/qIrGhtpxSAR/DWmKBUBF
+mAitAzaJhB6yJHI=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-ICA1-no_pathlen.pem b/certs/test-pathlen/chainI-ICA1-no_pathlen.pem
index 1f075ac7a..3a89f3d0d 100644
--- a/certs/test-pathlen/chainI-ICA1-no_pathlen.pem
+++ b/certs/test-pathlen/chainI-ICA1-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:ba:06:ad:13:cf:da:fb:d1:cb:65:fe:26:58:
                     49:6a:01:14:a6:78:b2:2c:1d:ba:ba:d0:bd:27:38:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:D1:BA:FB:FF:1D:29:41:8A:6A:5F:B2:F3:A7:41:05:47:09:1F:48:42
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         04:ad:23:1a:c8:33:0d:3a:b7:a2:db:58:ab:51:89:0f:48:11:
-         53:88:36:74:51:c3:69:9a:ed:26:9f:24:f9:9b:a1:5d:31:26:
-         29:ce:3c:91:ce:37:d4:d6:50:30:e1:85:65:35:71:bc:20:f9:
-         27:22:5c:cf:aa:83:32:ff:f5:77:2b:79:31:d7:5f:21:8b:34:
-         14:83:d5:f4:e5:fc:f3:76:4a:09:d0:e8:d4:1b:c4:03:4e:a0:
-         a8:8a:e9:db:2e:33:e2:0b:58:70:76:37:d8:78:60:a2:78:9b:
-         af:62:0e:b4:cb:d9:51:0d:5f:dd:a5:c7:49:60:30:8d:35:46:
-         d1:7c:02:c0:2e:ae:74:36:dd:ef:ee:16:46:05:d2:16:ff:24:
-         e0:27:f5:35:01:4d:86:76:52:b4:81:c8:69:f1:62:c1:a1:28:
-         a5:0e:ae:d3:8f:80:a6:51:69:d6:db:8b:04:a0:cd:81:97:a2:
-         b5:09:e7:4f:21:75:07:30:fe:19:c5:8b:26:2d:6c:61:92:b0:
-         0c:01:3d:78:50:18:12:66:58:d9:66:a7:79:72:87:52:12:bd:
-         16:cf:fb:ab:6e:7b:8f:ac:0d:84:16:36:f6:87:27:95:6c:62:
-         b2:60:94:cb:83:69:42:96:98:5d:d2:a8:c4:b4:89:c0:f8:b8:
-         7a:f0:7b:b8
+    Signature Value:
+        9b:0a:4c:3a:f9:25:a4:a1:b1:39:17:06:ef:ba:85:a2:42:d7:
+        ad:2c:cd:62:cb:c7:5e:0d:57:80:a1:e6:1c:84:0e:c9:6d:35:
+        96:01:2a:70:3e:7f:d5:21:9b:fe:64:6b:9f:90:45:68:36:ec:
+        a9:dd:a3:d0:6e:bc:35:ff:a3:3e:d8:7c:1c:a1:ce:47:26:2f:
+        5f:5f:77:22:7b:21:31:2d:d7:ac:1f:02:2f:e4:d1:54:48:65:
+        0a:ec:6d:e4:0a:6a:0a:ed:e5:69:1d:2e:80:14:9e:37:56:42:
+        07:48:bc:91:77:ed:3e:ad:41:22:4c:f2:40:d1:6a:11:92:3f:
+        30:00:4f:c2:ea:82:f5:1d:2e:79:0c:5f:f5:08:93:85:8f:6f:
+        e0:da:1e:6b:17:d1:7e:cf:e8:54:ea:2d:3a:13:50:c8:81:40:
+        d5:4c:4d:dc:d7:62:d6:7f:73:49:07:d8:58:75:ed:3c:ba:71:
+        c8:ef:bb:25:5e:14:ae:d5:55:ed:0e:ad:fe:4a:fa:40:c3:5d:
+        a7:61:00:96:5b:02:13:f2:a4:a1:f6:07:4b:3a:58:d9:4d:ab:
+        82:12:c6:cd:8c:ce:76:3c:ae:1e:95:1b:ab:a2:aa:f1:c6:d7:
+        13:55:a4:7f:8f:b6:fe:03:f4:f2:57:70:16:45:c2:b7:01:3b:
+        b0:79:d4:d5
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -80,10 +80,10 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkktSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABK0jGsgzDTq3ottYq1GJD0gRU4g2dFHD
-aZrtJp8k+ZuhXTEmKc48kc431NZQMOGFZTVxvCD5JyJcz6qDMv/1dyt5MddfIYs0
-FIPV9OX883ZKCdDo1BvEA06gqIrp2y4z4gtYcHY32Hhgonibr2IOtMvZUQ1f3aXH
-SWAwjTVG0XwCwC6udDbd7+4WRgXSFv8k4Cf1NQFNhnZStIHIafFiwaEopQ6u04+A
-plFp1tuLBKDNgZeitQnnTyF1BzD+GcWLJi1sYZKwDAE9eFAYEmZY2WaneXKHUhK9
-Fs/7q257j6wNhBY29ocnlWxismCUy4NpQpaYXdKoxLSJwPi4evB7uA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmwpMOvklpKGxORcG77qFokLXrSzNYsvH
+Xg1XgKHmHIQOyW01lgEqcD5/1SGb/mRrn5BFaDbsqd2j0G68Nf+jPth8HKHORyYv
+X193InshMS3XrB8CL+TRVEhlCuxt5ApqCu3laR0ugBSeN1ZCB0i8kXftPq1BIkzy
+QNFqEZI/MABPwuqC9R0ueQxf9QiThY9v4NoeaxfRfs/oVOotOhNQyIFA1UxN3Ndi
+1n9zSQfYWHXtPLpxyO+7JV4UrtVV7Q6t/kr6QMNdp2EAllsCE/KkofYHSzpY2U2r
+ghLGzYzOdjyuHpUbq6Kq8cbXE1Wkf4+2/gP08ldwFkXCtwE7sHnU1Q==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-ICA2-no_pathlen.pem b/certs/test-pathlen/chainI-ICA2-no_pathlen.pem
index 5d5e89007..05d0639c0 100644
--- a/certs/test-pathlen/chainI-ICA2-no_pathlen.pem
+++ b/certs/test-pathlen/chainI-ICA2-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:1e:08:66:12:fe:20:07:10:1b:a1:27:0d:f9:
                     22:30:81:9b:ce:62:b1:a6:6d:49:d4:ed:b8:2d:4b:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:EE:37:A6:F2:40:D0:EF:FD:22:C7:A3:B4:6C:57:47:40:B9:99:F9:8D
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         14:61:ba:15:45:07:60:d4:c9:6d:ef:6f:74:2a:44:b5:34:a4:
-         df:0e:d9:f1:7b:7c:cb:50:db:d7:17:d3:9d:91:64:01:1b:93:
-         0d:b5:51:07:16:77:5f:2a:b5:9a:24:39:19:fc:ee:4d:79:4f:
-         c3:a3:9f:a1:07:e8:a3:0c:7e:04:0c:b0:33:a1:96:21:d2:ce:
-         88:41:28:88:82:39:7f:9d:54:2d:4c:56:df:41:8e:4a:59:69:
-         84:0b:fc:5d:47:06:84:ec:ae:4d:52:34:b2:1a:e8:61:e0:51:
-         8c:87:ad:c9:5d:f3:2e:bb:5b:36:d2:91:71:7f:f9:cf:f9:7f:
-         c3:2d:e5:7d:a7:fb:8a:2f:47:24:6c:3a:75:72:9b:c8:74:6f:
-         17:95:a4:d4:96:b4:3e:91:bf:c1:eb:89:18:ba:c3:e1:52:f8:
-         e8:a4:92:1b:c9:d8:a7:11:40:bf:62:9a:e6:ee:70:0a:f5:a3:
-         6d:06:0f:59:ad:53:8a:f6:b8:93:dc:39:59:b7:97:c2:3c:e2:
-         3b:e8:9f:5a:c9:42:35:d2:39:32:d8:9a:1d:3f:52:e6:cd:0b:
-         f9:d0:be:d8:ad:09:11:d7:6b:c2:c3:2e:d2:9b:92:99:a0:a8:
-         c9:0e:30:41:0e:73:77:48:ac:8b:69:28:3b:1c:76:b3:da:7f:
-         bd:04:95:07
+    Signature Value:
+        58:ae:c8:f4:6e:ca:c0:46:0e:59:bb:5d:05:e2:aa:0a:99:f4:
+        f6:91:af:31:f8:e5:44:4a:56:84:68:1e:5e:e4:b7:75:38:b0:
+        26:a4:9d:72:83:89:5a:20:30:ce:b1:8f:e0:6a:a3:99:68:da:
+        2f:b4:69:4f:4c:84:a5:0c:a3:d3:e7:05:c8:06:38:f4:01:00:
+        f1:f6:e8:db:b1:7c:ce:eb:58:35:cc:2e:8f:ee:0d:3d:03:27:
+        9b:f9:6f:ab:c9:55:45:ff:b9:67:70:00:dd:94:ff:6d:11:55:
+        26:24:05:ae:13:fc:db:38:c6:e2:05:df:94:11:37:59:1c:67:
+        a3:72:8c:99:2c:64:4c:5d:20:91:ff:2f:39:48:b7:23:92:56:
+        3b:27:79:03:c5:60:b7:b3:17:bc:b7:e5:4e:36:9f:99:47:06:
+        17:ee:f1:bf:3f:95:c5:41:73:8e:5b:f8:9b:61:1b:05:50:7a:
+        10:6e:77:45:d9:7b:40:99:a3:1e:d4:d6:90:60:18:2a:2d:b1:
+        21:1f:a4:84:e5:12:58:67:f4:06:06:74:93:0f:ba:4a:31:83:
+        d3:de:50:a3:76:3a:68:1b:44:00:56:48:3e:f9:a6:77:94:a9:
+        21:06:ea:e4:31:09:3c:b0:1f:9a:bb:58:9e:e1:ea:40:2d:ff:
+        d5:66:9b:8e
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSS1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkktSUNBMi1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -80,10 +80,10 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQAUYboVRQdg1Mlt7290KkS1NKTfDtnxe3zLUNvXF9OdkWQBG5MNtVEH
-FndfKrWaJDkZ/O5NeU/Do5+hB+ijDH4EDLAzoZYh0s6IQSiIgjl/nVQtTFbfQY5K
-WWmEC/xdRwaE7K5NUjSyGuhh4FGMh63JXfMuu1s20pFxf/nP+X/DLeV9p/uKL0ck
-bDp1cpvIdG8XlaTUlrQ+kb/B64kYusPhUvjopJIbydinEUC/Yprm7nAK9aNtBg9Z
-rVOK9riT3DlZt5fCPOI76J9ayUI10jky2JodP1LmzQv50L7YrQkR12vCwy7Sm5KZ
-oKjJDjBBDnN3SKyLaSg7HHaz2n+9BJUH
+CwUAA4IBAQBYrsj0bsrARg5Zu10F4qoKmfT2ka8x+OVESlaEaB5e5Ld1OLAmpJ1y
+g4laIDDOsY/gaqOZaNovtGlPTISlDKPT5wXIBjj0AQDx9ujbsXzO61g1zC6P7g09
+Ayeb+W+ryVVF/7lncADdlP9tEVUmJAWuE/zbOMbiBd+UETdZHGejcoyZLGRMXSCR
+/y85SLcjklY7J3kDxWC3sxe8t+VONp+ZRwYX7vG/P5XFQXOOW/ibYRsFUHoQbndF
+2XtAmaMe1NaQYBgqLbEhH6SE5RJYZ/QGBnSTD7pKMYPT3lCjdjpoG0QAVkg++aZ3
+lKkhBurkMQk8sB+au1ie4epALf/VZpuO
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-ICA3-pathlen2.pem b/certs/test-pathlen/chainI-ICA3-pathlen2.pem
index a80d5cbf3..73af0a6a7 100644
--- a/certs/test-pathlen/chainI-ICA3-pathlen2.pem
+++ b/certs/test-pathlen/chainI-ICA3-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b8:36:0c:66:a9:06:ce:ac:e0:7c:86:a1:69:9d:
                     be:28:cf:a3:81:f3:b4:dc:5f:c8:92:9d:f2:07:c0:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:91:da:f2:ae:94:93:70:85:33:26:3d:4b:23:65:52:a3:be:
-         0a:ed:7c:04:16:fa:f1:5f:3b:e2:06:f7:8e:03:41:46:bc:e9:
-         79:41:ff:09:a0:77:6c:58:a6:c7:0c:1d:8b:c0:f7:6c:82:93:
-         74:96:18:8a:ce:a0:00:19:46:0a:0c:d1:7a:40:66:46:ad:14:
-         9b:7f:bb:2f:88:c2:94:39:49:05:36:e7:f2:b0:04:44:49:e8:
-         99:07:6e:50:f0:61:18:a3:4a:e0:35:06:6a:7d:af:ac:f1:93:
-         fd:43:92:12:41:66:fc:60:8f:37:12:43:45:c6:38:9e:8a:e8:
-         4c:1d:48:7a:62:d2:e1:f4:99:12:5b:98:5a:2e:59:07:86:64:
-         af:4d:33:2e:e7:26:f2:68:7b:1e:4e:1b:60:bd:5d:19:d3:7c:
-         04:32:26:ea:23:33:6f:8d:30:27:84:4a:3d:8a:63:4f:02:81:
-         5a:ab:ea:ae:58:0a:ce:7e:74:a1:75:6a:c4:64:ae:a7:0a:31:
-         2f:41:ed:c5:12:7c:4a:34:e8:6d:22:f4:9f:3d:f2:4a:8c:ee:
-         7c:e7:81:50:e0:e5:f0:52:7d:28:79:3a:5a:c4:85:fb:7b:e6:
-         26:1f:71:47:c6:97:8b:4d:39:eb:4b:46:4c:d7:d7:d3:15:b6:
-         82:78:83:17
+    Signature Value:
+        42:3f:96:dd:92:89:f8:5b:5b:a7:6f:db:2d:53:82:15:a4:09:
+        ca:27:b0:e7:d1:5e:95:cc:1d:ef:bd:e2:78:e1:35:77:36:36:
+        f4:1e:59:6e:cf:93:88:8a:d4:6e:79:35:30:b6:bb:08:40:27:
+        1b:e4:87:e9:15:8c:99:a6:91:02:4c:f2:2e:2a:c5:50:1d:4e:
+        e8:50:ad:0c:12:fb:c9:5e:69:be:d4:be:e4:48:ec:5b:06:c1:
+        67:3f:9d:d9:5b:7b:ff:ae:10:b5:b1:a9:30:67:85:49:08:21:
+        5d:06:21:dd:6e:65:54:81:1d:28:9a:ea:e9:27:de:9f:2e:c5:
+        97:7f:33:54:b6:1d:b4:1c:e6:65:51:aa:82:1d:04:0d:93:37:
+        f2:86:9b:a1:0f:a9:f2:fd:97:15:38:44:52:df:8a:e6:67:27:
+        35:05:89:9d:8d:e8:d4:4d:58:50:d0:93:b2:3d:87:0e:45:d5:
+        d7:4b:b8:da:db:3a:b2:63:72:77:d7:af:69:68:a8:ea:ef:9e:
+        b4:7a:2d:f3:84:e3:47:c5:30:09:14:d6:dd:33:3c:79:3f:e7:
+        db:c3:48:f1:fc:df:65:e9:76:09:6d:23:43:eb:f5:94:1d:44:
+        a2:25:75:1a:b0:ab:2b:01:0c:47:d1:29:3b:d7:bc:92:76:de:
+        70:06:22:8c
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSS1JQ0Ez
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO43pvJA0O/9IsejtGxXR0C5mfmNMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAAuR2vKulJNwhTMmPUsjZVKjvgrtfAQW+vFfO+IG944D
-QUa86XlB/wmgd2xYpscMHYvA92yCk3SWGIrOoAAZRgoM0XpAZkatFJt/uy+IwpQ5
-SQU25/KwBERJ6JkHblDwYRijSuA1Bmp9r6zxk/1DkhJBZvxgjzcSQ0XGOJ6K6Ewd
-SHpi0uH0mRJbmFouWQeGZK9NMy7nJvJoex5OG2C9XRnTfAQyJuojM2+NMCeESj2K
-Y08CgVqr6q5YCs5+dKF1asRkrqcKMS9B7cUSfEo06G0i9J898kqM7nzngVDg5fBS
-fSh5OlrEhft75iYfcUfGl4tNOetLRkzX19MVtoJ4gxc=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAEI/lt2SifhbW6dv2y1TghWkCconsOfRXpXMHe+94njh
+NXc2NvQeWW7Pk4iK1G55NTC2uwhAJxvkh+kVjJmmkQJM8i4qxVAdTuhQrQwS+8le
+ab7UvuRI7FsGwWc/ndlbe/+uELWxqTBnhUkIIV0GId1uZVSBHSia6ukn3p8uxZd/
+M1S2HbQc5mVRqoIdBA2TN/KGm6EPqfL9lxU4RFLfiuZnJzUFiZ2N6NRNWFDQk7I9
+hw5F1ddLuNrbOrJjcnfXr2loqOrvnrR6LfOE40fFMAkU1t0zPHk/59vDSPH832Xp
+dgltI0Pr9ZQdRKIldRqwqysBDEfRKTvXvJJ23nAGIow=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-assembled.pem b/certs/test-pathlen/chainI-assembled.pem
index 5166cebc5..4b5f764be 100644
--- a/certs/test-pathlen/chainI-assembled.pem
+++ b/certs/test-pathlen/chainI-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:f3:ac:32:8f:52:af:a9:cf:9e:23:a4:96:8e:e9:
                     e8:0a:3a:b7:6a:7b:ba:70:85:68:e2:52:f3:38:39:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9E:54:B6:95:EA:89:07:A6:C9:E4:82:E8:D0:34:64:5D:08:CD:56:A0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         03:42:31:e4:a2:3f:2a:7a:a6:7e:87:61:8b:2c:a1:10:af:b4:
-         06:db:3f:77:85:88:c4:db:df:78:3d:d2:aa:aa:ac:cd:19:c1:
-         a7:47:66:e2:91:9b:59:ab:70:e0:74:1a:a7:b4:5c:30:3f:ea:
-         a3:14:6a:aa:3e:82:38:7d:2f:db:6f:43:60:db:20:cb:e4:69:
-         62:73:75:d8:22:db:c3:92:cb:96:d3:7c:5a:ca:d5:3a:d1:91:
-         20:2c:37:0f:3d:ef:8e:ca:0b:8b:73:af:79:66:ec:84:93:41:
-         71:a1:6d:86:57:1b:d9:83:7e:c0:18:b6:4f:3c:85:89:59:c8:
-         99:1e:e7:53:5d:2b:41:7c:24:d0:9a:73:43:b3:ee:69:de:60:
-         08:b9:f0:b2:ac:b5:24:70:06:b7:1e:7b:fd:30:07:80:24:45:
-         c5:4f:84:e7:a6:67:99:0b:42:45:38:54:90:01:49:b2:14:31:
-         48:09:2b:83:3e:37:2e:d5:fd:92:7b:4f:cb:2f:ea:0d:e7:d7:
-         07:62:6e:2e:c3:a4:64:e2:54:52:6e:66:41:a9:0d:68:3f:76:
-         8f:e9:42:3d:a2:23:b9:ed:fc:52:f5:d4:96:29:81:fd:80:39:
-         71:16:3c:df:c9:2f:ad:c3:83:56:f5:85:55:89:e6:c9:23:f6:
-         eb:0e:c7:34
+    Signature Value:
+        41:3c:dd:fb:a5:65:10:35:c0:7e:02:13:73:2b:cc:4c:f6:3e:
+        29:24:cf:64:03:30:8f:a1:99:72:50:a2:56:15:8c:56:d7:02:
+        45:b3:ed:32:67:cf:cb:9f:ce:0a:7a:5a:7e:23:7b:82:1a:88:
+        f3:c0:ca:8f:a8:ba:52:dc:eb:7c:09:ab:ea:bc:3c:26:d1:0c:
+        26:46:87:4d:03:9f:3b:44:6f:81:09:b3:9c:ab:99:6c:69:48:
+        3d:09:46:8f:86:1f:00:25:7b:5e:6d:23:ae:d1:be:b0:5d:20:
+        47:0e:ca:0b:3b:d8:78:1a:4e:3f:9c:37:20:3d:46:2d:fc:ad:
+        39:34:b8:f4:75:08:ce:6b:eb:ce:b0:16:45:e6:3f:8c:41:5f:
+        37:bd:2d:5c:45:43:7e:f0:35:f6:28:06:ca:1e:3d:99:b4:b6:
+        61:f0:7c:80:7d:fe:4a:6f:e1:cb:b9:16:91:46:de:f6:10:67:
+        45:f3:52:3c:c7:d2:90:48:16:61:55:dd:2b:6a:4f:39:86:e6:
+        9e:9d:88:d2:e8:99:0b:36:82:8b:4d:d2:ff:9f:57:2a:d4:6b:
+        a3:c3:7f:d7:28:46:96:4e:65:84:b5:d9:41:1a:41:dd:b4:47:
+        62:d5:ff:65:22:b1:aa:a6:c6:02:8a:1d:8b:01:89:f0:e0:36:
+        33:51:92:b5
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,12 +78,12 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-A0Ix5KI/KnqmfodhiyyhEK+0Bts/d4WIxNvfeD3SqqqszRnBp0dm4pGbWatw4HQa
-p7RcMD/qoxRqqj6COH0v229DYNsgy+RpYnN12CLbw5LLltN8WsrVOtGRICw3Dz3v
-jsoLi3OveWbshJNBcaFthlcb2YN+wBi2TzyFiVnImR7nU10rQXwk0JpzQ7Puad5g
-CLnwsqy1JHAGtx57/TAHgCRFxU+E56ZnmQtCRThUkAFJshQxSAkrgz43LtX9kntP
-yy/qDefXB2JuLsOkZOJUUm5mQakNaD92j+lCPaIjue38UvXUlimB/YA5cRY838kv
-rcODVvWFVYnmySP26w7HNA==
+QTzd+6VlEDXAfgITcyvMTPY+KSTPZAMwj6GZclCiVhWMVtcCRbPtMmfPy5/OCnpa
+fiN7ghqI88DKj6i6UtzrfAmr6rw8JtEMJkaHTQOfO0RvgQmznKuZbGlIPQlGj4Yf
+ACV7Xm0jrtG+sF0gRw7KCzvYeBpOP5w3ID1GLfytOTS49HUIzmvrzrAWReY/jEFf
+N70tXEVDfvA19igGyh49mbS2YfB8gH3+Sm/hy7kWkUbe9hBnRfNSPMfSkEgWYVXd
+K2pPOYbmnp2I0uiZCzaCi03S/59XKtRro8N/1yhGlk5lhLXZQRpB3bRHYtX/ZSKx
+qqbGAoodiwGJ8OA2M1GStQ==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:ba:06:ad:13:cf:da:fb:d1:cb:65:fe:26:58:
                     49:6a:01:14:a6:78:b2:2c:1d:ba:ba:d0:bd:27:38:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:D1:BA:FB:FF:1D:29:41:8A:6A:5F:B2:F3:A7:41:05:47:09:1F:48:42
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         04:ad:23:1a:c8:33:0d:3a:b7:a2:db:58:ab:51:89:0f:48:11:
-         53:88:36:74:51:c3:69:9a:ed:26:9f:24:f9:9b:a1:5d:31:26:
-         29:ce:3c:91:ce:37:d4:d6:50:30:e1:85:65:35:71:bc:20:f9:
-         27:22:5c:cf:aa:83:32:ff:f5:77:2b:79:31:d7:5f:21:8b:34:
-         14:83:d5:f4:e5:fc:f3:76:4a:09:d0:e8:d4:1b:c4:03:4e:a0:
-         a8:8a:e9:db:2e:33:e2:0b:58:70:76:37:d8:78:60:a2:78:9b:
-         af:62:0e:b4:cb:d9:51:0d:5f:dd:a5:c7:49:60:30:8d:35:46:
-         d1:7c:02:c0:2e:ae:74:36:dd:ef:ee:16:46:05:d2:16:ff:24:
-         e0:27:f5:35:01:4d:86:76:52:b4:81:c8:69:f1:62:c1:a1:28:
-         a5:0e:ae:d3:8f:80:a6:51:69:d6:db:8b:04:a0:cd:81:97:a2:
-         b5:09:e7:4f:21:75:07:30:fe:19:c5:8b:26:2d:6c:61:92:b0:
-         0c:01:3d:78:50:18:12:66:58:d9:66:a7:79:72:87:52:12:bd:
-         16:cf:fb:ab:6e:7b:8f:ac:0d:84:16:36:f6:87:27:95:6c:62:
-         b2:60:94:cb:83:69:42:96:98:5d:d2:a8:c4:b4:89:c0:f8:b8:
-         7a:f0:7b:b8
+    Signature Value:
+        9b:0a:4c:3a:f9:25:a4:a1:b1:39:17:06:ef:ba:85:a2:42:d7:
+        ad:2c:cd:62:cb:c7:5e:0d:57:80:a1:e6:1c:84:0e:c9:6d:35:
+        96:01:2a:70:3e:7f:d5:21:9b:fe:64:6b:9f:90:45:68:36:ec:
+        a9:dd:a3:d0:6e:bc:35:ff:a3:3e:d8:7c:1c:a1:ce:47:26:2f:
+        5f:5f:77:22:7b:21:31:2d:d7:ac:1f:02:2f:e4:d1:54:48:65:
+        0a:ec:6d:e4:0a:6a:0a:ed:e5:69:1d:2e:80:14:9e:37:56:42:
+        07:48:bc:91:77:ed:3e:ad:41:22:4c:f2:40:d1:6a:11:92:3f:
+        30:00:4f:c2:ea:82:f5:1d:2e:79:0c:5f:f5:08:93:85:8f:6f:
+        e0:da:1e:6b:17:d1:7e:cf:e8:54:ea:2d:3a:13:50:c8:81:40:
+        d5:4c:4d:dc:d7:62:d6:7f:73:49:07:d8:58:75:ed:3c:ba:71:
+        c8:ef:bb:25:5e:14:ae:d5:55:ed:0e:ad:fe:4a:fa:40:c3:5d:
+        a7:61:00:96:5b:02:13:f2:a4:a1:f6:07:4b:3a:58:d9:4d:ab:
+        82:12:c6:cd:8c:ce:76:3c:ae:1e:95:1b:ab:a2:aa:f1:c6:d7:
+        13:55:a4:7f:8f:b6:fe:03:f4:f2:57:70:16:45:c2:b7:01:3b:
+        b0:79:d4:d5
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -167,12 +167,12 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkktSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABK0jGsgzDTq3ottYq1GJD0gRU4g2dFHD
-aZrtJp8k+ZuhXTEmKc48kc431NZQMOGFZTVxvCD5JyJcz6qDMv/1dyt5MddfIYs0
-FIPV9OX883ZKCdDo1BvEA06gqIrp2y4z4gtYcHY32Hhgonibr2IOtMvZUQ1f3aXH
-SWAwjTVG0XwCwC6udDbd7+4WRgXSFv8k4Cf1NQFNhnZStIHIafFiwaEopQ6u04+A
-plFp1tuLBKDNgZeitQnnTyF1BzD+GcWLJi1sYZKwDAE9eFAYEmZY2WaneXKHUhK9
-Fs/7q257j6wNhBY29ocnlWxismCUy4NpQpaYXdKoxLSJwPi4evB7uA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmwpMOvklpKGxORcG77qFokLXrSzNYsvH
+Xg1XgKHmHIQOyW01lgEqcD5/1SGb/mRrn5BFaDbsqd2j0G68Nf+jPth8HKHORyYv
+X193InshMS3XrB8CL+TRVEhlCuxt5ApqCu3laR0ugBSeN1ZCB0i8kXftPq1BIkzy
+QNFqEZI/MABPwuqC9R0ueQxf9QiThY9v4NoeaxfRfs/oVOotOhNQyIFA1UxN3Ndi
+1n9zSQfYWHXtPLpxyO+7JV4UrtVV7Q6t/kr6QMNdp2EAllsCE/KkofYHSzpY2U2r
+ghLGzYzOdjyuHpUbq6Kq8cbXE1Wkf4+2/gP08ldwFkXCtwE7sHnU1Q==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:1e:08:66:12:fe:20:07:10:1b:a1:27:0d:f9:
                     22:30:81:9b:ce:62:b1:a6:6d:49:d4:ed:b8:2d:4b:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:EE:37:A6:F2:40:D0:EF:FD:22:C7:A3:B4:6C:57:47:40:B9:99:F9:8D
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         14:61:ba:15:45:07:60:d4:c9:6d:ef:6f:74:2a:44:b5:34:a4:
-         df:0e:d9:f1:7b:7c:cb:50:db:d7:17:d3:9d:91:64:01:1b:93:
-         0d:b5:51:07:16:77:5f:2a:b5:9a:24:39:19:fc:ee:4d:79:4f:
-         c3:a3:9f:a1:07:e8:a3:0c:7e:04:0c:b0:33:a1:96:21:d2:ce:
-         88:41:28:88:82:39:7f:9d:54:2d:4c:56:df:41:8e:4a:59:69:
-         84:0b:fc:5d:47:06:84:ec:ae:4d:52:34:b2:1a:e8:61:e0:51:
-         8c:87:ad:c9:5d:f3:2e:bb:5b:36:d2:91:71:7f:f9:cf:f9:7f:
-         c3:2d:e5:7d:a7:fb:8a:2f:47:24:6c:3a:75:72:9b:c8:74:6f:
-         17:95:a4:d4:96:b4:3e:91:bf:c1:eb:89:18:ba:c3:e1:52:f8:
-         e8:a4:92:1b:c9:d8:a7:11:40:bf:62:9a:e6:ee:70:0a:f5:a3:
-         6d:06:0f:59:ad:53:8a:f6:b8:93:dc:39:59:b7:97:c2:3c:e2:
-         3b:e8:9f:5a:c9:42:35:d2:39:32:d8:9a:1d:3f:52:e6:cd:0b:
-         f9:d0:be:d8:ad:09:11:d7:6b:c2:c3:2e:d2:9b:92:99:a0:a8:
-         c9:0e:30:41:0e:73:77:48:ac:8b:69:28:3b:1c:76:b3:da:7f:
-         bd:04:95:07
+    Signature Value:
+        58:ae:c8:f4:6e:ca:c0:46:0e:59:bb:5d:05:e2:aa:0a:99:f4:
+        f6:91:af:31:f8:e5:44:4a:56:84:68:1e:5e:e4:b7:75:38:b0:
+        26:a4:9d:72:83:89:5a:20:30:ce:b1:8f:e0:6a:a3:99:68:da:
+        2f:b4:69:4f:4c:84:a5:0c:a3:d3:e7:05:c8:06:38:f4:01:00:
+        f1:f6:e8:db:b1:7c:ce:eb:58:35:cc:2e:8f:ee:0d:3d:03:27:
+        9b:f9:6f:ab:c9:55:45:ff:b9:67:70:00:dd:94:ff:6d:11:55:
+        26:24:05:ae:13:fc:db:38:c6:e2:05:df:94:11:37:59:1c:67:
+        a3:72:8c:99:2c:64:4c:5d:20:91:ff:2f:39:48:b7:23:92:56:
+        3b:27:79:03:c5:60:b7:b3:17:bc:b7:e5:4e:36:9f:99:47:06:
+        17:ee:f1:bf:3f:95:c5:41:73:8e:5b:f8:9b:61:1b:05:50:7a:
+        10:6e:77:45:d9:7b:40:99:a3:1e:d4:d6:90:60:18:2a:2d:b1:
+        21:1f:a4:84:e5:12:58:67:f4:06:06:74:93:0f:ba:4a:31:83:
+        d3:de:50:a3:76:3a:68:1b:44:00:56:48:3e:f9:a6:77:94:a9:
+        21:06:ea:e4:31:09:3c:b0:1f:9a:bb:58:9e:e1:ea:40:2d:ff:
+        d5:66:9b:8e
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSS1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkktSUNBMi1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -256,12 +256,12 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQAUYboVRQdg1Mlt7290KkS1NKTfDtnxe3zLUNvXF9OdkWQBG5MNtVEH
-FndfKrWaJDkZ/O5NeU/Do5+hB+ijDH4EDLAzoZYh0s6IQSiIgjl/nVQtTFbfQY5K
-WWmEC/xdRwaE7K5NUjSyGuhh4FGMh63JXfMuu1s20pFxf/nP+X/DLeV9p/uKL0ck
-bDp1cpvIdG8XlaTUlrQ+kb/B64kYusPhUvjopJIbydinEUC/Yprm7nAK9aNtBg9Z
-rVOK9riT3DlZt5fCPOI76J9ayUI10jky2JodP1LmzQv50L7YrQkR12vCwy7Sm5KZ
-oKjJDjBBDnN3SKyLaSg7HHaz2n+9BJUH
+CwUAA4IBAQBYrsj0bsrARg5Zu10F4qoKmfT2ka8x+OVESlaEaB5e5Ld1OLAmpJ1y
+g4laIDDOsY/gaqOZaNovtGlPTISlDKPT5wXIBjj0AQDx9ujbsXzO61g1zC6P7g09
+Ayeb+W+ryVVF/7lncADdlP9tEVUmJAWuE/zbOMbiBd+UETdZHGejcoyZLGRMXSCR
+/y85SLcjklY7J3kDxWC3sxe8t+VONp+ZRwYX7vG/P5XFQXOOW/ibYRsFUHoQbndF
+2XtAmaMe1NaQYBgqLbEhH6SE5RJYZ/QGBnSTD7pKMYPT3lCjdjpoG0QAVkg++aZ3
+lKkhBurkMQk8sB+au1ie4epALf/VZpuO
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b8:36:0c:66:a9:06:ce:ac:e0:7c:86:a1:69:9d:
                     be:28:cf:a3:81:f3:b4:dc:5f:c8:92:9d:f2:07:c0:
@@ -302,34 +302,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:91:da:f2:ae:94:93:70:85:33:26:3d:4b:23:65:52:a3:be:
-         0a:ed:7c:04:16:fa:f1:5f:3b:e2:06:f7:8e:03:41:46:bc:e9:
-         79:41:ff:09:a0:77:6c:58:a6:c7:0c:1d:8b:c0:f7:6c:82:93:
-         74:96:18:8a:ce:a0:00:19:46:0a:0c:d1:7a:40:66:46:ad:14:
-         9b:7f:bb:2f:88:c2:94:39:49:05:36:e7:f2:b0:04:44:49:e8:
-         99:07:6e:50:f0:61:18:a3:4a:e0:35:06:6a:7d:af:ac:f1:93:
-         fd:43:92:12:41:66:fc:60:8f:37:12:43:45:c6:38:9e:8a:e8:
-         4c:1d:48:7a:62:d2:e1:f4:99:12:5b:98:5a:2e:59:07:86:64:
-         af:4d:33:2e:e7:26:f2:68:7b:1e:4e:1b:60:bd:5d:19:d3:7c:
-         04:32:26:ea:23:33:6f:8d:30:27:84:4a:3d:8a:63:4f:02:81:
-         5a:ab:ea:ae:58:0a:ce:7e:74:a1:75:6a:c4:64:ae:a7:0a:31:
-         2f:41:ed:c5:12:7c:4a:34:e8:6d:22:f4:9f:3d:f2:4a:8c:ee:
-         7c:e7:81:50:e0:e5:f0:52:7d:28:79:3a:5a:c4:85:fb:7b:e6:
-         26:1f:71:47:c6:97:8b:4d:39:eb:4b:46:4c:d7:d7:d3:15:b6:
-         82:78:83:17
+    Signature Value:
+        42:3f:96:dd:92:89:f8:5b:5b:a7:6f:db:2d:53:82:15:a4:09:
+        ca:27:b0:e7:d1:5e:95:cc:1d:ef:bd:e2:78:e1:35:77:36:36:
+        f4:1e:59:6e:cf:93:88:8a:d4:6e:79:35:30:b6:bb:08:40:27:
+        1b:e4:87:e9:15:8c:99:a6:91:02:4c:f2:2e:2a:c5:50:1d:4e:
+        e8:50:ad:0c:12:fb:c9:5e:69:be:d4:be:e4:48:ec:5b:06:c1:
+        67:3f:9d:d9:5b:7b:ff:ae:10:b5:b1:a9:30:67:85:49:08:21:
+        5d:06:21:dd:6e:65:54:81:1d:28:9a:ea:e9:27:de:9f:2e:c5:
+        97:7f:33:54:b6:1d:b4:1c:e6:65:51:aa:82:1d:04:0d:93:37:
+        f2:86:9b:a1:0f:a9:f2:fd:97:15:38:44:52:df:8a:e6:67:27:
+        35:05:89:9d:8d:e8:d4:4d:58:50:d0:93:b2:3d:87:0e:45:d5:
+        d7:4b:b8:da:db:3a:b2:63:72:77:d7:af:69:68:a8:ea:ef:9e:
+        b4:7a:2d:f3:84:e3:47:c5:30:09:14:d6:dd:33:3c:79:3f:e7:
+        db:c3:48:f1:fc:df:65:e9:76:09:6d:23:43:eb:f5:94:1d:44:
+        a2:25:75:1a:b0:ab:2b:01:0c:47:d1:29:3b:d7:bc:92:76:de:
+        70:06:22:8c
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSS1JQ0Ez
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -343,12 +343,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO43pvJA0O/9IsejtGxXR0C5mfmNMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAAuR2vKulJNwhTMmPUsjZVKjvgrtfAQW+vFfO+IG944D
-QUa86XlB/wmgd2xYpscMHYvA92yCk3SWGIrOoAAZRgoM0XpAZkatFJt/uy+IwpQ5
-SQU25/KwBERJ6JkHblDwYRijSuA1Bmp9r6zxk/1DkhJBZvxgjzcSQ0XGOJ6K6Ewd
-SHpi0uH0mRJbmFouWQeGZK9NMy7nJvJoex5OG2C9XRnTfAQyJuojM2+NMCeESj2K
-Y08CgVqr6q5YCs5+dKF1asRkrqcKMS9B7cUSfEo06G0i9J898kqM7nzngVDg5fBS
-fSh5OlrEhft75iYfcUfGl4tNOetLRkzX19MVtoJ4gxc=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAEI/lt2SifhbW6dv2y1TghWkCconsOfRXpXMHe+94njh
+NXc2NvQeWW7Pk4iK1G55NTC2uwhAJxvkh+kVjJmmkQJM8i4qxVAdTuhQrQwS+8le
+ab7UvuRI7FsGwWc/ndlbe/+uELWxqTBnhUkIIV0GId1uZVSBHSia6ukn3p8uxZd/
+M1S2HbQc5mVRqoIdBA2TN/KGm6EPqfL9lxU4RFLfiuZnJzUFiZ2N6NRNWFDQk7I9
+hw5F1ddLuNrbOrJjcnfXr2loqOrvnrR6LfOE40fFMAkU1t0zPHk/59vDSPH832Xp
+dgltI0Pr9ZQdRKIldRqwqysBDEfRKTvXvJJ23nAGIow=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-entity.pem b/certs/test-pathlen/chainI-entity.pem
index 9bc25f038..84259075d 100644
--- a/certs/test-pathlen/chainI-entity.pem
+++ b/certs/test-pathlen/chainI-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:f3:ac:32:8f:52:af:a9:cf:9e:23:a4:96:8e:e9:
                     e8:0a:3a:b7:6a:7b:ba:70:85:68:e2:52:f3:38:39:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9E:54:B6:95:EA:89:07:A6:C9:E4:82:E8:D0:34:64:5D:08:CD:56:A0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         03:42:31:e4:a2:3f:2a:7a:a6:7e:87:61:8b:2c:a1:10:af:b4:
-         06:db:3f:77:85:88:c4:db:df:78:3d:d2:aa:aa:ac:cd:19:c1:
-         a7:47:66:e2:91:9b:59:ab:70:e0:74:1a:a7:b4:5c:30:3f:ea:
-         a3:14:6a:aa:3e:82:38:7d:2f:db:6f:43:60:db:20:cb:e4:69:
-         62:73:75:d8:22:db:c3:92:cb:96:d3:7c:5a:ca:d5:3a:d1:91:
-         20:2c:37:0f:3d:ef:8e:ca:0b:8b:73:af:79:66:ec:84:93:41:
-         71:a1:6d:86:57:1b:d9:83:7e:c0:18:b6:4f:3c:85:89:59:c8:
-         99:1e:e7:53:5d:2b:41:7c:24:d0:9a:73:43:b3:ee:69:de:60:
-         08:b9:f0:b2:ac:b5:24:70:06:b7:1e:7b:fd:30:07:80:24:45:
-         c5:4f:84:e7:a6:67:99:0b:42:45:38:54:90:01:49:b2:14:31:
-         48:09:2b:83:3e:37:2e:d5:fd:92:7b:4f:cb:2f:ea:0d:e7:d7:
-         07:62:6e:2e:c3:a4:64:e2:54:52:6e:66:41:a9:0d:68:3f:76:
-         8f:e9:42:3d:a2:23:b9:ed:fc:52:f5:d4:96:29:81:fd:80:39:
-         71:16:3c:df:c9:2f:ad:c3:83:56:f5:85:55:89:e6:c9:23:f6:
-         eb:0e:c7:34
+    Signature Value:
+        41:3c:dd:fb:a5:65:10:35:c0:7e:02:13:73:2b:cc:4c:f6:3e:
+        29:24:cf:64:03:30:8f:a1:99:72:50:a2:56:15:8c:56:d7:02:
+        45:b3:ed:32:67:cf:cb:9f:ce:0a:7a:5a:7e:23:7b:82:1a:88:
+        f3:c0:ca:8f:a8:ba:52:dc:eb:7c:09:ab:ea:bc:3c:26:d1:0c:
+        26:46:87:4d:03:9f:3b:44:6f:81:09:b3:9c:ab:99:6c:69:48:
+        3d:09:46:8f:86:1f:00:25:7b:5e:6d:23:ae:d1:be:b0:5d:20:
+        47:0e:ca:0b:3b:d8:78:1a:4e:3f:9c:37:20:3d:46:2d:fc:ad:
+        39:34:b8:f4:75:08:ce:6b:eb:ce:b0:16:45:e6:3f:8c:41:5f:
+        37:bd:2d:5c:45:43:7e:f0:35:f6:28:06:ca:1e:3d:99:b4:b6:
+        61:f0:7c:80:7d:fe:4a:6f:e1:cb:b9:16:91:46:de:f6:10:67:
+        45:f3:52:3c:c7:d2:90:48:16:61:55:dd:2b:6a:4f:39:86:e6:
+        9e:9d:88:d2:e8:99:0b:36:82:8b:4d:d2:ff:9f:57:2a:d4:6b:
+        a3:c3:7f:d7:28:46:96:4e:65:84:b5:d9:41:1a:41:dd:b4:47:
+        62:d5:ff:65:22:b1:aa:a6:c6:02:8a:1d:8b:01:89:f0:e0:36:
+        33:51:92:b5
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,10 +78,10 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-A0Ix5KI/KnqmfodhiyyhEK+0Bts/d4WIxNvfeD3SqqqszRnBp0dm4pGbWatw4HQa
-p7RcMD/qoxRqqj6COH0v229DYNsgy+RpYnN12CLbw5LLltN8WsrVOtGRICw3Dz3v
-jsoLi3OveWbshJNBcaFthlcb2YN+wBi2TzyFiVnImR7nU10rQXwk0JpzQ7Puad5g
-CLnwsqy1JHAGtx57/TAHgCRFxU+E56ZnmQtCRThUkAFJshQxSAkrgz43LtX9kntP
-yy/qDefXB2JuLsOkZOJUUm5mQakNaD92j+lCPaIjue38UvXUlimB/YA5cRY838kv
-rcODVvWFVYnmySP26w7HNA==
+QTzd+6VlEDXAfgITcyvMTPY+KSTPZAMwj6GZclCiVhWMVtcCRbPtMmfPy5/OCnpa
+fiN7ghqI88DKj6i6UtzrfAmr6rw8JtEMJkaHTQOfO0RvgQmznKuZbGlIPQlGj4Yf
+ACV7Xm0jrtG+sF0gRw7KCzvYeBpOP5w3ID1GLfytOTS49HUIzmvrzrAWReY/jEFf
+N70tXEVDfvA19igGyh49mbS2YfB8gH3+Sm/hy7kWkUbe9hBnRfNSPMfSkEgWYVXd
+K2pPOYbmnp2I0uiZCzaCi03S/59XKtRro8N/1yhGlk5lhLXZQRpB3bRHYtX/ZSKx
+qqbGAoodiwGJ8OA2M1GStQ==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem b/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem
index 8daca2a55..285a8938c 100644
--- a/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem
+++ b/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:a7:6f:44:c2:11:cc:2c:f4:2a:a5:a8:08:53:4b:
                     0e:cd:96:23:bb:15:4a:2a:dd:f9:a7:19:2b:91:28:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:A3:F5:71:8A:60:80:3C:93:64:17:D9:2E:B5:C0:CE:A9:C1:14:17:C4
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA3-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         98:29:a6:c0:de:6c:d0:3d:c3:ff:d0:57:5f:83:48:bd:e0:80:
-         1c:7a:e0:81:a9:5e:43:17:01:1b:c0:d6:89:30:eb:21:47:9e:
-         8a:38:73:37:74:52:04:37:37:6e:7e:11:0e:f8:cb:c7:7c:4f:
-         43:4f:07:64:56:7a:f7:66:4f:98:2f:6a:01:ae:04:72:64:03:
-         32:88:e7:7e:60:ae:1e:16:93:4d:51:44:41:a7:b6:3e:19:e6:
-         20:c9:30:3a:8f:86:77:b9:9c:c2:b8:f1:d9:7a:a9:10:cc:ce:
-         95:46:bb:62:0d:d8:c8:78:37:51:51:2e:83:a8:5b:ef:fa:a0:
-         34:bb:a3:93:66:b6:4f:72:25:fc:e2:39:1a:3a:3f:74:c5:94:
-         88:0c:34:90:1e:f9:b0:d9:23:e4:29:33:4a:2f:59:c7:88:52:
-         c9:69:a9:6d:c7:8d:da:92:c3:4e:f3:c9:3c:5e:28:e1:ae:e0:
-         b7:ef:b4:07:18:70:b7:ea:2c:8a:e1:92:31:1c:71:26:cf:d5:
-         5b:c6:fd:88:db:8b:30:36:41:91:b1:fd:63:c3:3e:b2:e2:64:
-         5e:b2:ac:90:0c:6f:d5:21:4c:22:85:c5:0e:65:23:46:31:52:
-         31:f5:42:d8:b3:78:bb:3e:d2:f0:69:61:b9:45:4e:6b:79:78:
-         a8:60:23:7a
+    Signature Value:
+        2d:f4:e2:98:aa:1a:fc:7c:ed:5b:7a:6c:64:de:a9:9c:a3:1a:
+        19:7d:8e:a5:52:4e:2b:70:c3:b8:ef:5f:07:57:f5:52:d7:37:
+        e6:12:08:dc:d1:51:ac:e1:e7:19:9a:f5:87:44:db:d7:31:23:
+        4f:0a:a6:ac:b9:26:f2:d5:56:51:f2:41:29:fa:a4:ae:e8:bc:
+        a4:24:25:23:ff:5d:f8:dd:5a:a9:9a:28:13:66:ef:f3:f7:70:
+        cb:a2:48:2d:91:b8:ae:22:85:0c:08:10:be:cc:e0:d8:20:b2:
+        ab:c4:41:00:76:9d:18:ec:63:c7:48:f2:da:e2:3a:35:7e:6c:
+        82:ce:0b:fa:9f:c7:0f:28:39:c7:3d:c3:94:4d:85:75:79:1c:
+        18:e9:79:eb:69:8f:fe:9b:7b:8a:0e:7f:2f:8f:35:7d:b0:22:
+        25:50:79:da:5b:c7:44:9f:a5:cd:c1:b8:d9:cf:7d:10:34:60:
+        4f:c8:42:ea:71:4f:4a:e3:76:99:e4:49:8e:84:5b:ef:34:14:
+        18:77:c2:da:f6:80:72:b5:3e:40:3a:d5:93:22:06:05:3c:46:
+        17:ec:d3:b8:86:93:22:c9:b1:9c:03:3a:f2:88:1a:6d:7b:50:
+        ba:1a:50:85:d1:f5:f3:52:91:bd:88:c4:48:6b:67:8e:5f:f4:
+        34:15:95:35
 -----BEGIN CERTIFICATE-----
 MIIE1jCCA76gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -80,10 +80,10 @@ gaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR8wHQYDVQQDDBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZI
 hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0P
-BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCYKabA3mzQPcP/0Fdfg0i94IAceuCB
-qV5DFwEbwNaJMOshR56KOHM3dFIENzdufhEO+MvHfE9DTwdkVnr3Zk+YL2oBrgRy
-ZAMyiOd+YK4eFpNNUURBp7Y+GeYgyTA6j4Z3uZzCuPHZeqkQzM6VRrtiDdjIeDdR
-US6DqFvv+qA0u6OTZrZPciX84jkaOj90xZSIDDSQHvmw2SPkKTNKL1nHiFLJaalt
-x43aksNO88k8XijhruC377QHGHC36iyK4ZIxHHEmz9Vbxv2I24swNkGRsf1jwz6y
-4mResqyQDG/VIUwihcUOZSNGMVIx9ULYs3i7PtLwaWG5RU5reXioYCN6
+BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAt9OKYqhr8fO1bemxk3qmcoxoZfY6l
+Uk4rcMO4718HV/VS1zfmEgjc0VGs4ecZmvWHRNvXMSNPCqasuSby1VZR8kEp+qSu
+6LykJCUj/1343VqpmigTZu/z93DLokgtkbiuIoUMCBC+zODYILKrxEEAdp0Y7GPH
+SPLa4jo1fmyCzgv6n8cPKDnHPcOUTYV1eRwY6XnraY/+m3uKDn8vjzV9sCIlUHna
+W8dEn6XNwbjZz30QNGBPyELqcU9K43aZ5EmOhFvvNBQYd8La9oBytT5AOtWTIgYF
+PEYX7NO4hpMiybGcAzryiBpte1C6GlCF0fXzUpG9iMRIa2eOX/Q0FZU1
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem b/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem
index 0b9b86ac3..476eea481 100644
--- a/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem
+++ b/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:29:fd:89:aa:82:e0:1d:04:78:69:ec:61:58:
                     51:52:84:7e:6b:55:69:2c:f4:23:d6:1f:d8:ed:ab:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:CD:97:49:78:F7:31:61:ED:2F:71:1A:68:E9:45:2C:40:78:51:93:5B
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         44:d2:b6:d0:85:31:bf:1f:a2:b1:91:6b:ee:dc:80:ac:29:81:
-         0e:b4:c3:e8:8e:91:be:66:f2:44:61:8b:6c:44:17:d9:cd:15:
-         40:bd:ce:7c:ca:7d:ad:c8:e1:81:90:a4:28:57:88:71:49:9f:
-         03:bb:4b:8c:ff:02:08:98:d2:e4:b0:ca:be:f2:df:08:18:24:
-         f7:3c:22:be:f2:23:10:96:95:2b:f0:a0:ed:16:08:1a:1e:ce:
-         df:1d:f7:b3:35:af:f4:86:f2:16:b5:2c:90:bd:0a:f8:64:61:
-         da:c6:2e:4b:1f:05:30:1a:72:d3:51:33:26:61:5d:0d:14:0f:
-         b8:b9:dc:6f:78:57:a0:63:4c:f0:16:49:fd:48:54:c3:92:1e:
-         c0:04:8a:16:c0:9a:35:08:be:49:f2:dd:90:6a:90:48:d5:9f:
-         48:82:18:f2:04:d6:d8:07:55:17:99:8e:27:cf:86:8d:1b:a6:
-         02:72:42:a8:53:e6:5d:20:5a:8d:2e:d3:fc:a7:71:4c:b2:21:
-         9d:14:8c:f1:49:3c:ca:e7:e6:c6:51:7f:41:3c:37:1a:38:21:
-         a4:ee:9e:1b:cc:8b:09:df:35:de:18:c4:7a:89:32:b9:8d:15:
-         eb:07:5b:2b:5c:55:a5:44:db:fb:f2:15:16:1c:01:16:dd:de:
-         d9:7a:bf:dc
+    Signature Value:
+        65:04:5e:44:23:03:ee:fe:5b:a4:39:9b:2c:6e:2b:5f:5b:fa:
+        58:da:e1:da:f6:c9:a0:20:1a:c8:2e:cf:00:69:df:a9:49:ea:
+        a7:0d:87:71:b5:74:fa:00:55:32:62:62:00:66:c8:a9:53:27:
+        80:20:fc:c9:e3:3c:50:ba:6f:61:a7:ee:97:11:0d:02:f8:4d:
+        17:a1:51:20:c1:35:5d:bd:54:de:a5:a4:a0:30:c5:08:10:3b:
+        fe:8c:d2:f4:ac:74:a2:70:0b:aa:ef:1b:c2:a6:45:c7:5a:68:
+        b9:7a:33:b7:0b:2b:20:88:62:9a:11:7b:57:55:e9:5b:a0:8b:
+        9f:5e:2f:c2:54:ea:cd:e4:79:a2:c0:f5:b2:85:c4:b9:1c:fd:
+        29:06:b4:35:ed:50:e9:15:b7:0e:c6:f6:0a:b2:85:e3:96:5b:
+        60:16:58:6c:20:9f:19:73:06:3d:e5:a4:f9:0b:06:ce:7f:38:
+        b2:ce:4d:6b:11:a8:51:88:a3:e2:ba:f2:dc:37:b3:58:b5:e9:
+        c2:5f:10:18:63:a6:be:82:e4:d2:a0:43:10:76:b9:2d:8c:d8:
+        24:b6:4e:1c:a2:f5:7b:59:20:e6:59:e7:3b:43:96:27:b4:83:
+        5b:e3:fc:60:b7:b3:2e:d4:8b:01:d7:f3:0a:ad:c3:f9:79:d1:
+        e9:67:48:6c
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EzLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -80,10 +80,10 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkotSUNBNC1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEARNK20IUxvx+isZFr7tyArCmBDrTD6I6R
-vmbyRGGLbEQX2c0VQL3OfMp9rcjhgZCkKFeIcUmfA7tLjP8CCJjS5LDKvvLfCBgk
-9zwivvIjEJaVK/Cg7RYIGh7O3x33szWv9IbyFrUskL0K+GRh2sYuSx8FMBpy01Ez
-JmFdDRQPuLncb3hXoGNM8BZJ/UhUw5IewASKFsCaNQi+SfLdkGqQSNWfSIIY8gTW
-2AdVF5mOJ8+GjRumAnJCqFPmXSBajS7T/KdxTLIhnRSM8Uk8yufmxlF/QTw3Gjgh
-pO6eG8yLCd813hjEeokyuY0V6wdbK1xVpUTb+/IVFhwBFt3e2Xq/3A==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQReRCMD7v5bpDmbLG4rX1v6WNrh2vbJ
+oCAayC7PAGnfqUnqpw2HcbV0+gBVMmJiAGbIqVMngCD8yeM8ULpvYafulxENAvhN
+F6FRIME1Xb1U3qWkoDDFCBA7/ozS9Kx0onALqu8bwqZFx1pouXoztwsrIIhimhF7
+V1XpW6CLn14vwlTqzeR5osD1soXEuRz9KQa0Ne1Q6RW3Dsb2CrKF45ZbYBZYbCCf
+GXMGPeWk+QsGzn84ss5NaxGoUYij4rry3DezWLXpwl8QGGOmvoLk0qBDEHa5LYzY
+JLZOHKL1e1kg5lnnO0OWJ7SDW+P8YLezLtSLAdfzCq3D+XnR6WdIbA==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem b/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem
index a11ff4873..031766beb 100644
--- a/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem
+++ b/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:aa:f6:05:95:70:5a:53:c7:66:10:aa:90:79:
                     3b:cb:78:2a:ef:5f:43:22:71:7c:6d:47:99:a7:8b:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:FC:18:13:52:BB:33:4A:DB:1C:5B:D1:80:98:3E:40:86:95:58:72:F9
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         47:22:2e:50:b3:0b:ed:17:f9:70:a3:71:3e:8d:55:d4:2f:16:
-         4a:9e:b4:c9:1d:b4:fa:20:10:2b:0f:db:71:b9:50:bf:52:f6:
-         f8:ad:0d:65:69:13:99:e3:eb:ef:98:7e:9c:e7:f9:5d:ff:d4:
-         9b:76:44:ba:d6:ce:7d:c1:cb:03:c7:a0:30:b8:76:05:fe:a9:
-         ca:7d:fe:6f:da:4a:2b:a2:18:bc:98:f2:00:68:72:4a:93:ae:
-         85:e0:c0:01:f9:ca:ac:f5:11:26:72:e3:48:34:3a:ce:ac:de:
-         dc:4e:cf:8c:ea:78:72:40:0e:08:42:ec:6e:3e:f5:13:ce:fa:
-         d5:38:65:88:f7:e5:61:6b:85:18:e1:ec:5b:fb:6d:1c:52:df:
-         99:16:01:00:70:a8:1d:1e:89:39:df:c3:fb:de:17:cd:69:68:
-         bc:78:1f:21:9d:f3:69:bc:76:ee:00:e4:ea:ea:73:b4:4f:89:
-         07:14:3e:94:77:28:f1:75:97:c7:43:72:2d:79:f5:a0:36:b1:
-         e5:26:50:c6:23:6b:88:83:57:13:74:4d:27:8a:11:f6:98:64:
-         a7:b2:9e:3e:18:c6:a2:85:60:22:7a:a0:5a:70:38:08:7b:2c:
-         9a:1c:b9:32:e4:08:14:1b:a5:a1:ab:03:f6:60:8b:3d:b3:72:
-         c2:d8:de:ab
+    Signature Value:
+        7a:6a:ed:b3:87:78:d8:b7:0f:4e:26:15:b3:ee:b9:6f:c1:cc:
+        03:05:d4:d1:7d:32:73:d5:7a:1f:1c:a8:fc:f5:04:79:a5:79:
+        1f:9e:8c:42:df:ff:a4:9a:d7:ce:7f:27:f3:d1:ac:25:6f:ea:
+        51:05:de:48:0b:15:f8:19:e9:b7:ed:02:eb:31:97:a7:3b:e2:
+        1a:5e:c3:c2:5a:d5:27:08:07:59:22:b5:bb:42:39:1f:ca:05:
+        19:1d:3d:86:1c:fb:e1:26:bd:7f:22:93:a3:16:75:d3:7e:f2:
+        78:55:a4:67:a6:f6:ce:29:e6:bd:47:08:55:53:5f:43:96:f8:
+        d6:75:32:1f:9f:c1:a2:4e:8c:4a:ba:7f:03:cf:d3:0b:01:07:
+        d1:09:46:f9:9a:1a:14:1e:52:77:38:1c:1d:7b:95:51:5e:c8:
+        c9:02:90:78:b6:ac:ab:c1:0a:a4:12:8d:2a:cb:60:5a:11:9d:
+        62:f5:d3:bf:1f:97:38:c8:1f:1b:a3:59:a4:01:51:ca:32:f2:
+        d5:e7:86:95:71:23:82:af:a5:a2:d7:a4:11:4c:e0:60:06:b3:
+        dc:10:cb:81:bc:e1:18:4c:ff:39:a4:c7:43:43:e3:57:c0:e7:
+        df:d4:17:8f:5c:94:32:1f:7a:8b:39:5d:e4:c3:67:d7:7e:25:
+        3d:a1:33:10
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSi1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -80,10 +80,10 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQBHIi5QswvtF/lwo3E+jVXULxZKnrTJHbT6IBArD9txuVC/Uvb4rQ1l
-aROZ4+vvmH6c5/ld/9SbdkS61s59wcsDx6AwuHYF/qnKff5v2korohi8mPIAaHJK
-k66F4MAB+cqs9REmcuNINDrOrN7cTs+M6nhyQA4IQuxuPvUTzvrVOGWI9+Vha4UY
-4exb+20cUt+ZFgEAcKgdHok538P73hfNaWi8eB8hnfNpvHbuAOTq6nO0T4kHFD6U
-dyjxdZfHQ3ItefWgNrHlJlDGI2uIg1cTdE0nihH2mGSnsp4+GMaihWAieqBacDgI
-eyyaHLky5AgUG6WhqwP2YIs9s3LC2N6r
+CwUAA4IBAQB6au2zh3jYtw9OJhWz7rlvwcwDBdTRfTJz1XofHKj89QR5pXkfnoxC
+3/+kmtfOfyfz0awlb+pRBd5ICxX4Gem37QLrMZenO+IaXsPCWtUnCAdZIrW7Qjkf
+ygUZHT2GHPvhJr1/IpOjFnXTfvJ4VaRnpvbOKea9RwhVU19DlvjWdTIfn8GiToxK
+un8Dz9MLAQfRCUb5mhoUHlJ3OBwde5VRXsjJApB4tqyrwQqkEo0qy2BaEZ1i9dO/
+H5c4yB8bo1mkAVHKMvLV54aVcSOCr6Wi16QRTOBgBrPcEMuBvOEYTP85pMdDQ+NX
+wOff1BePXJQyH3qLOV3kw2fXfiU9oTMQ
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA4-pathlen2.pem b/certs/test-pathlen/chainJ-ICA4-pathlen2.pem
index 885a35ba0..35cfa13c7 100644
--- a/certs/test-pathlen/chainJ-ICA4-pathlen2.pem
+++ b/certs/test-pathlen/chainJ-ICA4-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:9d:4a:ee:6b:ff:b6:ec:88:21:23:84:03:b6:88:
                     bb:3e:5a:1b:95:03:2f:24:53:2d:57:3f:11:38:5d:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         38:0c:f8:b9:53:67:57:a3:18:3c:0a:74:2d:13:79:32:7b:e2:
-         4b:4f:82:5a:0e:7f:bb:ca:87:63:09:02:bd:31:62:2b:74:c4:
-         47:fe:96:4a:8b:97:ee:43:ea:be:d4:0d:07:3f:57:dd:e5:ea:
-         da:d8:30:94:64:73:b6:fd:d7:4f:72:41:ce:13:fc:65:c6:b1:
-         f7:5c:b7:60:d9:55:bd:c4:89:49:57:90:15:be:cc:93:ee:3e:
-         bd:37:22:7a:98:9d:17:69:4f:87:62:82:f6:03:2d:ee:52:22:
-         8c:86:bb:ba:93:9e:23:d8:d9:a2:4b:7e:ef:7d:59:d8:01:00:
-         8d:f8:e6:b0:ac:ef:41:72:ff:ab:0d:b1:4f:cd:1e:73:81:3a:
-         19:5a:3e:ac:da:f0:7f:be:b3:98:5f:22:08:96:2a:c4:41:43:
-         0b:83:30:07:c1:25:eb:2d:5f:60:a2:e5:b4:57:45:71:59:f9:
-         5b:b7:fd:3b:b3:4e:f0:cf:18:b9:0f:03:88:43:1d:9e:be:7b:
-         b1:a4:1f:e4:bc:ee:59:b7:2c:fe:a2:a6:08:96:f8:df:63:80:
-         02:a5:61:a8:16:86:d1:28:c5:db:c6:0a:bb:4a:e4:61:ec:50:
-         6c:58:c3:b0:0b:ba:be:fa:14:8c:36:59:ef:a3:6b:57:4a:6c:
-         3e:33:6e:8a
+    Signature Value:
+        bc:39:a9:d3:50:90:56:d9:eb:d6:24:96:5b:9c:ac:e1:ad:c8:
+        94:b3:0f:cf:66:30:62:4f:aa:51:e1:3e:40:b7:36:2c:d2:60:
+        37:04:bd:e3:82:ab:ab:ca:ef:d5:a0:1d:3d:58:ed:8a:82:3b:
+        c8:09:0d:92:f6:00:3c:ec:4e:bf:cb:cc:d1:ee:9f:00:c6:95:
+        0f:d9:f2:3d:37:41:f4:9c:c1:98:f2:eb:92:bf:ea:d7:9d:20:
+        be:e2:e8:40:0c:fc:7b:4a:0a:42:f7:a5:18:ab:97:91:e2:b4:
+        cf:97:34:2e:15:ee:92:bc:ca:82:8a:43:12:ee:50:c2:09:0a:
+        53:a0:b1:b0:ac:08:ea:ab:49:ae:86:16:a6:cf:eb:e4:cc:a6:
+        ae:2a:64:d3:dc:35:1e:70:39:db:61:35:25:52:1b:6c:85:11:
+        ad:22:46:d8:c9:7c:2f:c3:9a:c7:50:e8:a5:81:f9:45:d9:f6:
+        c4:93:03:21:c0:86:2a:e4:f1:17:8c:a8:17:12:88:06:f7:a5:
+        0f:a7:c2:33:6b:58:1b:c0:a9:c7:01:9c:d7:f0:73:68:ee:ef:
+        1a:c4:eb:48:8b:c5:a2:7c:aa:5c:89:33:b4:a3:6d:70:4c:95:
+        01:26:c2:44:e9:9e:fd:34:ef:f4:15:d7:aa:dc:92:9a:16:a2:
+        7f:2c:12:4d
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSi1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFPwYE1K7M0rbHFvRgJg+QIaVWHL5MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBADgM+LlTZ1ejGDwKdC0TeTJ74ktPgloOf7vKh2MJAr0x
-Yit0xEf+lkqLl+5D6r7UDQc/V93l6trYMJRkc7b9109yQc4T/GXGsfdct2DZVb3E
-iUlXkBW+zJPuPr03InqYnRdpT4digvYDLe5SIoyGu7qTniPY2aJLfu99WdgBAI34
-5rCs70Fy/6sNsU/NHnOBOhlaPqza8H++s5hfIgiWKsRBQwuDMAfBJestX2Ci5bRX
-RXFZ+Vu3/TuzTvDPGLkPA4hDHZ6+e7GkH+S87lm3LP6ipgiW+N9jgAKlYagWhtEo
-xdvGCrtK5GHsUGxYw7ALur76FIw2We+ja1dKbD4zboo=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBALw5qdNQkFbZ69YkllucrOGtyJSzD89mMGJPqlHhPkC3
+NizSYDcEveOCq6vK79WgHT1Y7YqCO8gJDZL2ADzsTr/LzNHunwDGlQ/Z8j03QfSc
+wZjy65K/6tedIL7i6EAM/HtKCkL3pRirl5HitM+XNC4V7pK8yoKKQxLuUMIJClOg
+sbCsCOqrSa6GFqbP6+TMpq4qZNPcNR5wOdthNSVSG2yFEa0iRtjJfC/DmsdQ6KWB
++UXZ9sSTAyHAhirk8ReMqBcSiAb3pQ+nwjNrWBvAqccBnNfwc2ju7xrE60iLxaJ8
+qlyJM7SjbXBMlQEmwkTpnv007/QV16rckpoWon8sEk0=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-assembled.pem b/certs/test-pathlen/chainJ-assembled.pem
index 33394ec6f..77ff37342 100644
--- a/certs/test-pathlen/chainJ-assembled.pem
+++ b/certs/test-pathlen/chainJ-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b3:fb:51:a0:ac:69:8b:35:06:bf:7a:ee:b4:a1:
                     8a:7e:ae:31:75:ad:e7:45:7b:e6:d9:bb:7c:e9:73:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9C:7B:3A:10:B3:08:99:05:00:AF:3E:E0:A4:5D:D9:AF:82:BC:4D:C0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         46:5c:9c:45:3c:a5:1d:27:7f:4b:b6:2d:7d:aa:03:28:53:a5:
-         e3:cb:5a:63:16:58:5c:fe:97:65:c4:1e:d3:34:fe:8f:46:6e:
-         09:e4:2f:18:c9:fd:d0:7b:90:ab:f6:a5:89:fb:d0:0c:3a:f8:
-         3c:53:d5:3b:3a:2e:c0:dd:59:e1:6f:ed:e8:d4:1f:d3:9f:5e:
-         c8:1f:50:ba:6d:16:1f:25:ab:e0:aa:74:8f:38:50:e8:98:f9:
-         07:0f:71:3f:16:ce:cc:51:f8:ff:61:47:33:b4:98:36:63:19:
-         06:3e:0c:a1:69:ba:67:64:9c:46:8a:ea:3e:62:27:c0:b3:60:
-         7a:37:2b:fc:e2:c5:a8:8f:82:69:48:ff:4f:be:c4:8a:22:a3:
-         53:db:df:ee:c5:87:b7:da:55:f7:cd:48:e1:45:e7:22:f2:ec:
-         bd:94:2c:a5:e5:ea:9c:60:c6:b8:83:6a:6a:9a:c9:46:9b:6e:
-         88:38:d2:56:65:42:a6:5a:0f:d0:60:92:06:f4:1f:d9:5f:cd:
-         07:93:04:00:1a:c1:eb:d8:a8:78:80:9f:c2:b7:b2:e9:4d:8c:
-         6d:09:85:f0:87:c1:d6:d9:12:72:13:68:71:16:f7:53:f4:92:
-         9b:d4:46:31:b5:45:32:7b:f8:e6:dd:bf:d1:f9:aa:da:d3:7e:
-         06:2b:dd:fa
+    Signature Value:
+        3d:38:93:d4:04:f4:c3:d7:8c:db:4d:e3:3b:44:2d:62:76:65:
+        c9:ad:66:7f:29:f9:80:1f:87:70:c5:f7:0a:d9:63:ee:8c:cb:
+        22:74:88:a4:5c:07:21:fe:2e:d7:10:4d:0b:c9:6e:2d:ff:ab:
+        ab:c3:05:d1:b7:46:18:cb:84:89:3a:70:1b:d7:25:85:b1:fe:
+        4e:9f:cd:72:3b:2e:a0:cd:5f:97:b5:7d:ae:93:c9:b7:be:2e:
+        82:36:1f:00:0c:90:b3:3c:77:2c:e4:dc:3e:d1:83:f2:2e:7f:
+        a0:a3:71:11:b7:77:ce:54:81:82:12:c3:30:55:8d:2d:21:57:
+        a4:87:43:36:32:aa:8c:6d:fc:ec:89:61:99:e6:c5:19:09:a1:
+        10:13:87:50:05:ac:87:af:c1:5e:a8:76:68:44:94:d6:ad:d9:
+        67:50:45:0f:d5:a5:e5:be:77:1e:85:6a:f4:74:8a:28:60:75:
+        7c:ce:e2:d4:1f:e0:ba:b3:4e:d4:06:a9:8b:60:83:e4:b1:a7:
+        6b:4e:ae:fd:43:c8:12:d9:b2:cf:50:ba:e4:ee:39:c9:0b:59:
+        15:5f:c1:77:7c:93:60:31:ce:9a:a9:b7:15:68:e2:b4:cb:c3:
+        7e:31:69:84:55:82:c4:59:03:e9:78:b1:a9:7f:eb:0d:09:b4:
+        ba:5c:4e:f3
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSi1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,12 +78,12 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-RlycRTylHSd/S7YtfaoDKFOl48taYxZYXP6XZcQe0zT+j0ZuCeQvGMn90HuQq/al
-ifvQDDr4PFPVOzouwN1Z4W/t6NQf059eyB9Qum0WHyWr4Kp0jzhQ6Jj5Bw9xPxbO
-zFH4/2FHM7SYNmMZBj4MoWm6Z2ScRorqPmInwLNgejcr/OLFqI+CaUj/T77EiiKj
-U9vf7sWHt9pV981I4UXnIvLsvZQspeXqnGDGuINqaprJRptuiDjSVmVCploP0GCS
-BvQf2V/NB5MEABrB69ioeICfwrey6U2MbQmF8IfB1tkSchNocRb3U/SSm9RGMbVF
-Mnv45t2/0fmq2tN+Bivd+g==
+PTiT1AT0w9eM203jO0QtYnZlya1mfyn5gB+HcMX3Ctlj7ozLInSIpFwHIf4u1xBN
+C8luLf+rq8MF0bdGGMuEiTpwG9clhbH+Tp/NcjsuoM1fl7V9rpPJt74ugjYfAAyQ
+szx3LOTcPtGD8i5/oKNxEbd3zlSBghLDMFWNLSFXpIdDNjKqjG387IlhmebFGQmh
+EBOHUAWsh6/BXqh2aESU1q3ZZ1BFD9Wl5b53HoVq9HSKKGB1fM7i1B/gurNO1Aap
+i2CD5LGna06u/UPIEtmyz1C65O45yQtZFV/Bd3yTYDHOmqm3FWjitMvDfjFphFWC
+xFkD6XixqX/rDQm0ulxO8w==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:a7:6f:44:c2:11:cc:2c:f4:2a:a5:a8:08:53:4b:
                     0e:cd:96:23:bb:15:4a:2a:dd:f9:a7:19:2b:91:28:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:A3:F5:71:8A:60:80:3C:93:64:17:D9:2E:B5:C0:CE:A9:C1:14:17:C4
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA3-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         98:29:a6:c0:de:6c:d0:3d:c3:ff:d0:57:5f:83:48:bd:e0:80:
-         1c:7a:e0:81:a9:5e:43:17:01:1b:c0:d6:89:30:eb:21:47:9e:
-         8a:38:73:37:74:52:04:37:37:6e:7e:11:0e:f8:cb:c7:7c:4f:
-         43:4f:07:64:56:7a:f7:66:4f:98:2f:6a:01:ae:04:72:64:03:
-         32:88:e7:7e:60:ae:1e:16:93:4d:51:44:41:a7:b6:3e:19:e6:
-         20:c9:30:3a:8f:86:77:b9:9c:c2:b8:f1:d9:7a:a9:10:cc:ce:
-         95:46:bb:62:0d:d8:c8:78:37:51:51:2e:83:a8:5b:ef:fa:a0:
-         34:bb:a3:93:66:b6:4f:72:25:fc:e2:39:1a:3a:3f:74:c5:94:
-         88:0c:34:90:1e:f9:b0:d9:23:e4:29:33:4a:2f:59:c7:88:52:
-         c9:69:a9:6d:c7:8d:da:92:c3:4e:f3:c9:3c:5e:28:e1:ae:e0:
-         b7:ef:b4:07:18:70:b7:ea:2c:8a:e1:92:31:1c:71:26:cf:d5:
-         5b:c6:fd:88:db:8b:30:36:41:91:b1:fd:63:c3:3e:b2:e2:64:
-         5e:b2:ac:90:0c:6f:d5:21:4c:22:85:c5:0e:65:23:46:31:52:
-         31:f5:42:d8:b3:78:bb:3e:d2:f0:69:61:b9:45:4e:6b:79:78:
-         a8:60:23:7a
+    Signature Value:
+        2d:f4:e2:98:aa:1a:fc:7c:ed:5b:7a:6c:64:de:a9:9c:a3:1a:
+        19:7d:8e:a5:52:4e:2b:70:c3:b8:ef:5f:07:57:f5:52:d7:37:
+        e6:12:08:dc:d1:51:ac:e1:e7:19:9a:f5:87:44:db:d7:31:23:
+        4f:0a:a6:ac:b9:26:f2:d5:56:51:f2:41:29:fa:a4:ae:e8:bc:
+        a4:24:25:23:ff:5d:f8:dd:5a:a9:9a:28:13:66:ef:f3:f7:70:
+        cb:a2:48:2d:91:b8:ae:22:85:0c:08:10:be:cc:e0:d8:20:b2:
+        ab:c4:41:00:76:9d:18:ec:63:c7:48:f2:da:e2:3a:35:7e:6c:
+        82:ce:0b:fa:9f:c7:0f:28:39:c7:3d:c3:94:4d:85:75:79:1c:
+        18:e9:79:eb:69:8f:fe:9b:7b:8a:0e:7f:2f:8f:35:7d:b0:22:
+        25:50:79:da:5b:c7:44:9f:a5:cd:c1:b8:d9:cf:7d:10:34:60:
+        4f:c8:42:ea:71:4f:4a:e3:76:99:e4:49:8e:84:5b:ef:34:14:
+        18:77:c2:da:f6:80:72:b5:3e:40:3a:d5:93:22:06:05:3c:46:
+        17:ec:d3:b8:86:93:22:c9:b1:9c:03:3a:f2:88:1a:6d:7b:50:
+        ba:1a:50:85:d1:f5:f3:52:91:bd:88:c4:48:6b:67:8e:5f:f4:
+        34:15:95:35
 -----BEGIN CERTIFICATE-----
 MIIE1jCCA76gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -167,12 +167,12 @@ gaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR8wHQYDVQQDDBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZI
 hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0P
-BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCYKabA3mzQPcP/0Fdfg0i94IAceuCB
-qV5DFwEbwNaJMOshR56KOHM3dFIENzdufhEO+MvHfE9DTwdkVnr3Zk+YL2oBrgRy
-ZAMyiOd+YK4eFpNNUURBp7Y+GeYgyTA6j4Z3uZzCuPHZeqkQzM6VRrtiDdjIeDdR
-US6DqFvv+qA0u6OTZrZPciX84jkaOj90xZSIDDSQHvmw2SPkKTNKL1nHiFLJaalt
-x43aksNO88k8XijhruC377QHGHC36iyK4ZIxHHEmz9Vbxv2I24swNkGRsf1jwz6y
-4mResqyQDG/VIUwihcUOZSNGMVIx9ULYs3i7PtLwaWG5RU5reXioYCN6
+BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAt9OKYqhr8fO1bemxk3qmcoxoZfY6l
+Uk4rcMO4718HV/VS1zfmEgjc0VGs4ecZmvWHRNvXMSNPCqasuSby1VZR8kEp+qSu
+6LykJCUj/1343VqpmigTZu/z93DLokgtkbiuIoUMCBC+zODYILKrxEEAdp0Y7GPH
+SPLa4jo1fmyCzgv6n8cPKDnHPcOUTYV1eRwY6XnraY/+m3uKDn8vjzV9sCIlUHna
+W8dEn6XNwbjZz30QNGBPyELqcU9K43aZ5EmOhFvvNBQYd8La9oBytT5AOtWTIgYF
+PEYX7NO4hpMiybGcAzryiBpte1C6GlCF0fXzUpG9iMRIa2eOX/Q0FZU1
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:29:fd:89:aa:82:e0:1d:04:78:69:ec:61:58:
                     51:52:84:7e:6b:55:69:2c:f4:23:d6:1f:d8:ed:ab:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:CD:97:49:78:F7:31:61:ED:2F:71:1A:68:E9:45:2C:40:78:51:93:5B
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         44:d2:b6:d0:85:31:bf:1f:a2:b1:91:6b:ee:dc:80:ac:29:81:
-         0e:b4:c3:e8:8e:91:be:66:f2:44:61:8b:6c:44:17:d9:cd:15:
-         40:bd:ce:7c:ca:7d:ad:c8:e1:81:90:a4:28:57:88:71:49:9f:
-         03:bb:4b:8c:ff:02:08:98:d2:e4:b0:ca:be:f2:df:08:18:24:
-         f7:3c:22:be:f2:23:10:96:95:2b:f0:a0:ed:16:08:1a:1e:ce:
-         df:1d:f7:b3:35:af:f4:86:f2:16:b5:2c:90:bd:0a:f8:64:61:
-         da:c6:2e:4b:1f:05:30:1a:72:d3:51:33:26:61:5d:0d:14:0f:
-         b8:b9:dc:6f:78:57:a0:63:4c:f0:16:49:fd:48:54:c3:92:1e:
-         c0:04:8a:16:c0:9a:35:08:be:49:f2:dd:90:6a:90:48:d5:9f:
-         48:82:18:f2:04:d6:d8:07:55:17:99:8e:27:cf:86:8d:1b:a6:
-         02:72:42:a8:53:e6:5d:20:5a:8d:2e:d3:fc:a7:71:4c:b2:21:
-         9d:14:8c:f1:49:3c:ca:e7:e6:c6:51:7f:41:3c:37:1a:38:21:
-         a4:ee:9e:1b:cc:8b:09:df:35:de:18:c4:7a:89:32:b9:8d:15:
-         eb:07:5b:2b:5c:55:a5:44:db:fb:f2:15:16:1c:01:16:dd:de:
-         d9:7a:bf:dc
+    Signature Value:
+        65:04:5e:44:23:03:ee:fe:5b:a4:39:9b:2c:6e:2b:5f:5b:fa:
+        58:da:e1:da:f6:c9:a0:20:1a:c8:2e:cf:00:69:df:a9:49:ea:
+        a7:0d:87:71:b5:74:fa:00:55:32:62:62:00:66:c8:a9:53:27:
+        80:20:fc:c9:e3:3c:50:ba:6f:61:a7:ee:97:11:0d:02:f8:4d:
+        17:a1:51:20:c1:35:5d:bd:54:de:a5:a4:a0:30:c5:08:10:3b:
+        fe:8c:d2:f4:ac:74:a2:70:0b:aa:ef:1b:c2:a6:45:c7:5a:68:
+        b9:7a:33:b7:0b:2b:20:88:62:9a:11:7b:57:55:e9:5b:a0:8b:
+        9f:5e:2f:c2:54:ea:cd:e4:79:a2:c0:f5:b2:85:c4:b9:1c:fd:
+        29:06:b4:35:ed:50:e9:15:b7:0e:c6:f6:0a:b2:85:e3:96:5b:
+        60:16:58:6c:20:9f:19:73:06:3d:e5:a4:f9:0b:06:ce:7f:38:
+        b2:ce:4d:6b:11:a8:51:88:a3:e2:ba:f2:dc:37:b3:58:b5:e9:
+        c2:5f:10:18:63:a6:be:82:e4:d2:a0:43:10:76:b9:2d:8c:d8:
+        24:b6:4e:1c:a2:f5:7b:59:20:e6:59:e7:3b:43:96:27:b4:83:
+        5b:e3:fc:60:b7:b3:2e:d4:8b:01:d7:f3:0a:ad:c3:f9:79:d1:
+        e9:67:48:6c
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EzLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -256,12 +256,12 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkotSUNBNC1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEARNK20IUxvx+isZFr7tyArCmBDrTD6I6R
-vmbyRGGLbEQX2c0VQL3OfMp9rcjhgZCkKFeIcUmfA7tLjP8CCJjS5LDKvvLfCBgk
-9zwivvIjEJaVK/Cg7RYIGh7O3x33szWv9IbyFrUskL0K+GRh2sYuSx8FMBpy01Ez
-JmFdDRQPuLncb3hXoGNM8BZJ/UhUw5IewASKFsCaNQi+SfLdkGqQSNWfSIIY8gTW
-2AdVF5mOJ8+GjRumAnJCqFPmXSBajS7T/KdxTLIhnRSM8Uk8yufmxlF/QTw3Gjgh
-pO6eG8yLCd813hjEeokyuY0V6wdbK1xVpUTb+/IVFhwBFt3e2Xq/3A==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQReRCMD7v5bpDmbLG4rX1v6WNrh2vbJ
+oCAayC7PAGnfqUnqpw2HcbV0+gBVMmJiAGbIqVMngCD8yeM8ULpvYafulxENAvhN
+F6FRIME1Xb1U3qWkoDDFCBA7/ozS9Kx0onALqu8bwqZFx1pouXoztwsrIIhimhF7
+V1XpW6CLn14vwlTqzeR5osD1soXEuRz9KQa0Ne1Q6RW3Dsb2CrKF45ZbYBZYbCCf
+GXMGPeWk+QsGzn84ss5NaxGoUYij4rry3DezWLXpwl8QGGOmvoLk0qBDEHa5LYzY
+JLZOHKL1e1kg5lnnO0OWJ7SDW+P8YLezLtSLAdfzCq3D+XnR6WdIbA==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:aa:f6:05:95:70:5a:53:c7:66:10:aa:90:79:
                     3b:cb:78:2a:ef:5f:43:22:71:7c:6d:47:99:a7:8b:
@@ -303,33 +303,33 @@ Certificate:
                 keyid:FC:18:13:52:BB:33:4A:DB:1C:5B:D1:80:98:3E:40:86:95:58:72:F9
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         47:22:2e:50:b3:0b:ed:17:f9:70:a3:71:3e:8d:55:d4:2f:16:
-         4a:9e:b4:c9:1d:b4:fa:20:10:2b:0f:db:71:b9:50:bf:52:f6:
-         f8:ad:0d:65:69:13:99:e3:eb:ef:98:7e:9c:e7:f9:5d:ff:d4:
-         9b:76:44:ba:d6:ce:7d:c1:cb:03:c7:a0:30:b8:76:05:fe:a9:
-         ca:7d:fe:6f:da:4a:2b:a2:18:bc:98:f2:00:68:72:4a:93:ae:
-         85:e0:c0:01:f9:ca:ac:f5:11:26:72:e3:48:34:3a:ce:ac:de:
-         dc:4e:cf:8c:ea:78:72:40:0e:08:42:ec:6e:3e:f5:13:ce:fa:
-         d5:38:65:88:f7:e5:61:6b:85:18:e1:ec:5b:fb:6d:1c:52:df:
-         99:16:01:00:70:a8:1d:1e:89:39:df:c3:fb:de:17:cd:69:68:
-         bc:78:1f:21:9d:f3:69:bc:76:ee:00:e4:ea:ea:73:b4:4f:89:
-         07:14:3e:94:77:28:f1:75:97:c7:43:72:2d:79:f5:a0:36:b1:
-         e5:26:50:c6:23:6b:88:83:57:13:74:4d:27:8a:11:f6:98:64:
-         a7:b2:9e:3e:18:c6:a2:85:60:22:7a:a0:5a:70:38:08:7b:2c:
-         9a:1c:b9:32:e4:08:14:1b:a5:a1:ab:03:f6:60:8b:3d:b3:72:
-         c2:d8:de:ab
+    Signature Value:
+        7a:6a:ed:b3:87:78:d8:b7:0f:4e:26:15:b3:ee:b9:6f:c1:cc:
+        03:05:d4:d1:7d:32:73:d5:7a:1f:1c:a8:fc:f5:04:79:a5:79:
+        1f:9e:8c:42:df:ff:a4:9a:d7:ce:7f:27:f3:d1:ac:25:6f:ea:
+        51:05:de:48:0b:15:f8:19:e9:b7:ed:02:eb:31:97:a7:3b:e2:
+        1a:5e:c3:c2:5a:d5:27:08:07:59:22:b5:bb:42:39:1f:ca:05:
+        19:1d:3d:86:1c:fb:e1:26:bd:7f:22:93:a3:16:75:d3:7e:f2:
+        78:55:a4:67:a6:f6:ce:29:e6:bd:47:08:55:53:5f:43:96:f8:
+        d6:75:32:1f:9f:c1:a2:4e:8c:4a:ba:7f:03:cf:d3:0b:01:07:
+        d1:09:46:f9:9a:1a:14:1e:52:77:38:1c:1d:7b:95:51:5e:c8:
+        c9:02:90:78:b6:ac:ab:c1:0a:a4:12:8d:2a:cb:60:5a:11:9d:
+        62:f5:d3:bf:1f:97:38:c8:1f:1b:a3:59:a4:01:51:ca:32:f2:
+        d5:e7:86:95:71:23:82:af:a5:a2:d7:a4:11:4c:e0:60:06:b3:
+        dc:10:cb:81:bc:e1:18:4c:ff:39:a4:c7:43:43:e3:57:c0:e7:
+        df:d4:17:8f:5c:94:32:1f:7a:8b:39:5d:e4:c3:67:d7:7e:25:
+        3d:a1:33:10
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSi1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -345,12 +345,12 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQBHIi5QswvtF/lwo3E+jVXULxZKnrTJHbT6IBArD9txuVC/Uvb4rQ1l
-aROZ4+vvmH6c5/ld/9SbdkS61s59wcsDx6AwuHYF/qnKff5v2korohi8mPIAaHJK
-k66F4MAB+cqs9REmcuNINDrOrN7cTs+M6nhyQA4IQuxuPvUTzvrVOGWI9+Vha4UY
-4exb+20cUt+ZFgEAcKgdHok538P73hfNaWi8eB8hnfNpvHbuAOTq6nO0T4kHFD6U
-dyjxdZfHQ3ItefWgNrHlJlDGI2uIg1cTdE0nihH2mGSnsp4+GMaihWAieqBacDgI
-eyyaHLky5AgUG6WhqwP2YIs9s3LC2N6r
+CwUAA4IBAQB6au2zh3jYtw9OJhWz7rlvwcwDBdTRfTJz1XofHKj89QR5pXkfnoxC
+3/+kmtfOfyfz0awlb+pRBd5ICxX4Gem37QLrMZenO+IaXsPCWtUnCAdZIrW7Qjkf
+ygUZHT2GHPvhJr1/IpOjFnXTfvJ4VaRnpvbOKea9RwhVU19DlvjWdTIfn8GiToxK
+un8Dz9MLAQfRCUb5mhoUHlJ3OBwde5VRXsjJApB4tqyrwQqkEo0qy2BaEZ1i9dO/
+H5c4yB8bo1mkAVHKMvLV54aVcSOCr6Wi16QRTOBgBrPcEMuBvOEYTP85pMdDQ+NX
+wOff1BePXJQyH3qLOV3kw2fXfiU9oTMQ
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -359,12 +359,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:9d:4a:ee:6b:ff:b6:ec:88:21:23:84:03:b6:88:
                     bb:3e:5a:1b:95:03:2f:24:53:2d:57:3f:11:38:5d:
@@ -391,34 +391,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         38:0c:f8:b9:53:67:57:a3:18:3c:0a:74:2d:13:79:32:7b:e2:
-         4b:4f:82:5a:0e:7f:bb:ca:87:63:09:02:bd:31:62:2b:74:c4:
-         47:fe:96:4a:8b:97:ee:43:ea:be:d4:0d:07:3f:57:dd:e5:ea:
-         da:d8:30:94:64:73:b6:fd:d7:4f:72:41:ce:13:fc:65:c6:b1:
-         f7:5c:b7:60:d9:55:bd:c4:89:49:57:90:15:be:cc:93:ee:3e:
-         bd:37:22:7a:98:9d:17:69:4f:87:62:82:f6:03:2d:ee:52:22:
-         8c:86:bb:ba:93:9e:23:d8:d9:a2:4b:7e:ef:7d:59:d8:01:00:
-         8d:f8:e6:b0:ac:ef:41:72:ff:ab:0d:b1:4f:cd:1e:73:81:3a:
-         19:5a:3e:ac:da:f0:7f:be:b3:98:5f:22:08:96:2a:c4:41:43:
-         0b:83:30:07:c1:25:eb:2d:5f:60:a2:e5:b4:57:45:71:59:f9:
-         5b:b7:fd:3b:b3:4e:f0:cf:18:b9:0f:03:88:43:1d:9e:be:7b:
-         b1:a4:1f:e4:bc:ee:59:b7:2c:fe:a2:a6:08:96:f8:df:63:80:
-         02:a5:61:a8:16:86:d1:28:c5:db:c6:0a:bb:4a:e4:61:ec:50:
-         6c:58:c3:b0:0b:ba:be:fa:14:8c:36:59:ef:a3:6b:57:4a:6c:
-         3e:33:6e:8a
+    Signature Value:
+        bc:39:a9:d3:50:90:56:d9:eb:d6:24:96:5b:9c:ac:e1:ad:c8:
+        94:b3:0f:cf:66:30:62:4f:aa:51:e1:3e:40:b7:36:2c:d2:60:
+        37:04:bd:e3:82:ab:ab:ca:ef:d5:a0:1d:3d:58:ed:8a:82:3b:
+        c8:09:0d:92:f6:00:3c:ec:4e:bf:cb:cc:d1:ee:9f:00:c6:95:
+        0f:d9:f2:3d:37:41:f4:9c:c1:98:f2:eb:92:bf:ea:d7:9d:20:
+        be:e2:e8:40:0c:fc:7b:4a:0a:42:f7:a5:18:ab:97:91:e2:b4:
+        cf:97:34:2e:15:ee:92:bc:ca:82:8a:43:12:ee:50:c2:09:0a:
+        53:a0:b1:b0:ac:08:ea:ab:49:ae:86:16:a6:cf:eb:e4:cc:a6:
+        ae:2a:64:d3:dc:35:1e:70:39:db:61:35:25:52:1b:6c:85:11:
+        ad:22:46:d8:c9:7c:2f:c3:9a:c7:50:e8:a5:81:f9:45:d9:f6:
+        c4:93:03:21:c0:86:2a:e4:f1:17:8c:a8:17:12:88:06:f7:a5:
+        0f:a7:c2:33:6b:58:1b:c0:a9:c7:01:9c:d7:f0:73:68:ee:ef:
+        1a:c4:eb:48:8b:c5:a2:7c:aa:5c:89:33:b4:a3:6d:70:4c:95:
+        01:26:c2:44:e9:9e:fd:34:ef:f4:15:d7:aa:dc:92:9a:16:a2:
+        7f:2c:12:4d
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSi1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -432,12 +432,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFPwYE1K7M0rbHFvRgJg+QIaVWHL5MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBADgM+LlTZ1ejGDwKdC0TeTJ74ktPgloOf7vKh2MJAr0x
-Yit0xEf+lkqLl+5D6r7UDQc/V93l6trYMJRkc7b9109yQc4T/GXGsfdct2DZVb3E
-iUlXkBW+zJPuPr03InqYnRdpT4digvYDLe5SIoyGu7qTniPY2aJLfu99WdgBAI34
-5rCs70Fy/6sNsU/NHnOBOhlaPqza8H++s5hfIgiWKsRBQwuDMAfBJestX2Ci5bRX
-RXFZ+Vu3/TuzTvDPGLkPA4hDHZ6+e7GkH+S87lm3LP6ipgiW+N9jgAKlYagWhtEo
-xdvGCrtK5GHsUGxYw7ALur76FIw2We+ja1dKbD4zboo=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBALw5qdNQkFbZ69YkllucrOGtyJSzD89mMGJPqlHhPkC3
+NizSYDcEveOCq6vK79WgHT1Y7YqCO8gJDZL2ADzsTr/LzNHunwDGlQ/Z8j03QfSc
+wZjy65K/6tedIL7i6EAM/HtKCkL3pRirl5HitM+XNC4V7pK8yoKKQxLuUMIJClOg
+sbCsCOqrSa6GFqbP6+TMpq4qZNPcNR5wOdthNSVSG2yFEa0iRtjJfC/DmsdQ6KWB
++UXZ9sSTAyHAhirk8ReMqBcSiAb3pQ+nwjNrWBvAqccBnNfwc2ju7xrE60iLxaJ8
+qlyJM7SjbXBMlQEmwkTpnv007/QV16rckpoWon8sEk0=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-entity.pem b/certs/test-pathlen/chainJ-entity.pem
index 24ac93b90..c5fdd4923 100644
--- a/certs/test-pathlen/chainJ-entity.pem
+++ b/certs/test-pathlen/chainJ-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b3:fb:51:a0:ac:69:8b:35:06:bf:7a:ee:b4:a1:
                     8a:7e:ae:31:75:ad:e7:45:7b:e6:d9:bb:7c:e9:73:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9C:7B:3A:10:B3:08:99:05:00:AF:3E:E0:A4:5D:D9:AF:82:BC:4D:C0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         46:5c:9c:45:3c:a5:1d:27:7f:4b:b6:2d:7d:aa:03:28:53:a5:
-         e3:cb:5a:63:16:58:5c:fe:97:65:c4:1e:d3:34:fe:8f:46:6e:
-         09:e4:2f:18:c9:fd:d0:7b:90:ab:f6:a5:89:fb:d0:0c:3a:f8:
-         3c:53:d5:3b:3a:2e:c0:dd:59:e1:6f:ed:e8:d4:1f:d3:9f:5e:
-         c8:1f:50:ba:6d:16:1f:25:ab:e0:aa:74:8f:38:50:e8:98:f9:
-         07:0f:71:3f:16:ce:cc:51:f8:ff:61:47:33:b4:98:36:63:19:
-         06:3e:0c:a1:69:ba:67:64:9c:46:8a:ea:3e:62:27:c0:b3:60:
-         7a:37:2b:fc:e2:c5:a8:8f:82:69:48:ff:4f:be:c4:8a:22:a3:
-         53:db:df:ee:c5:87:b7:da:55:f7:cd:48:e1:45:e7:22:f2:ec:
-         bd:94:2c:a5:e5:ea:9c:60:c6:b8:83:6a:6a:9a:c9:46:9b:6e:
-         88:38:d2:56:65:42:a6:5a:0f:d0:60:92:06:f4:1f:d9:5f:cd:
-         07:93:04:00:1a:c1:eb:d8:a8:78:80:9f:c2:b7:b2:e9:4d:8c:
-         6d:09:85:f0:87:c1:d6:d9:12:72:13:68:71:16:f7:53:f4:92:
-         9b:d4:46:31:b5:45:32:7b:f8:e6:dd:bf:d1:f9:aa:da:d3:7e:
-         06:2b:dd:fa
+    Signature Value:
+        3d:38:93:d4:04:f4:c3:d7:8c:db:4d:e3:3b:44:2d:62:76:65:
+        c9:ad:66:7f:29:f9:80:1f:87:70:c5:f7:0a:d9:63:ee:8c:cb:
+        22:74:88:a4:5c:07:21:fe:2e:d7:10:4d:0b:c9:6e:2d:ff:ab:
+        ab:c3:05:d1:b7:46:18:cb:84:89:3a:70:1b:d7:25:85:b1:fe:
+        4e:9f:cd:72:3b:2e:a0:cd:5f:97:b5:7d:ae:93:c9:b7:be:2e:
+        82:36:1f:00:0c:90:b3:3c:77:2c:e4:dc:3e:d1:83:f2:2e:7f:
+        a0:a3:71:11:b7:77:ce:54:81:82:12:c3:30:55:8d:2d:21:57:
+        a4:87:43:36:32:aa:8c:6d:fc:ec:89:61:99:e6:c5:19:09:a1:
+        10:13:87:50:05:ac:87:af:c1:5e:a8:76:68:44:94:d6:ad:d9:
+        67:50:45:0f:d5:a5:e5:be:77:1e:85:6a:f4:74:8a:28:60:75:
+        7c:ce:e2:d4:1f:e0:ba:b3:4e:d4:06:a9:8b:60:83:e4:b1:a7:
+        6b:4e:ae:fd:43:c8:12:d9:b2:cf:50:ba:e4:ee:39:c9:0b:59:
+        15:5f:c1:77:7c:93:60:31:ce:9a:a9:b7:15:68:e2:b4:cb:c3:
+        7e:31:69:84:55:82:c4:59:03:e9:78:b1:a9:7f:eb:0d:09:b4:
+        ba:5c:4e:f3
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSi1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,10 +78,10 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-RlycRTylHSd/S7YtfaoDKFOl48taYxZYXP6XZcQe0zT+j0ZuCeQvGMn90HuQq/al
-ifvQDDr4PFPVOzouwN1Z4W/t6NQf059eyB9Qum0WHyWr4Kp0jzhQ6Jj5Bw9xPxbO
-zFH4/2FHM7SYNmMZBj4MoWm6Z2ScRorqPmInwLNgejcr/OLFqI+CaUj/T77EiiKj
-U9vf7sWHt9pV981I4UXnIvLsvZQspeXqnGDGuINqaprJRptuiDjSVmVCploP0GCS
-BvQf2V/NB5MEABrB69ioeICfwrey6U2MbQmF8IfB1tkSchNocRb3U/SSm9RGMbVF
-Mnv45t2/0fmq2tN+Bivd+g==
+PTiT1AT0w9eM203jO0QtYnZlya1mfyn5gB+HcMX3Ctlj7ozLInSIpFwHIf4u1xBN
+C8luLf+rq8MF0bdGGMuEiTpwG9clhbH+Tp/NcjsuoM1fl7V9rpPJt74ugjYfAAyQ
+szx3LOTcPtGD8i5/oKNxEbd3zlSBghLDMFWNLSFXpIdDNjKqjG387IlhmebFGQmh
+EBOHUAWsh6/BXqh2aESU1q3ZZ1BFD9Wl5b53HoVq9HSKKGB1fM7i1B/gurNO1Aap
+i2CD5LGna06u/UPIEtmyz1C65O45yQtZFV/Bd3yTYDHOmqm3FWjitMvDfjFphFWC
+xFkD6XixqX/rDQm0ulxO8w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/refreshkeys.sh b/certs/test-pathlen/refreshkeys.sh
index b70b7ecca..02ef5f039 100755
--- a/certs/test-pathlen/refreshkeys.sh
+++ b/certs/test-pathlen/refreshkeys.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 keyList=(
             chainA-ICA1-key.pem chainA-entity-key.pem
diff --git a/certs/test-servercert-rc2.p12 b/certs/test-servercert-rc2.p12
index 3cfe92a16..b9e546c2c 100644
Binary files a/certs/test-servercert-rc2.p12 and b/certs/test-servercert-rc2.p12 differ
diff --git a/certs/test-servercert.p12 b/certs/test-servercert.p12
index 64ccb1041..764cba5aa 100644
Binary files a/certs/test-servercert.p12 and b/certs/test-servercert.p12 differ
diff --git a/certs/test-stream-dec.p7b b/certs/test-stream-dec.p7b
new file mode 100644
index 000000000..a70b37fc4
Binary files /dev/null and b/certs/test-stream-dec.p7b differ
diff --git a/certs/test-stream-sign.p7b b/certs/test-stream-sign.p7b
new file mode 100644
index 000000000..60d10ecd6
Binary files /dev/null and b/certs/test-stream-sign.p7b differ
diff --git a/certs/test/cert-bad-neg-int.der b/certs/test/cert-bad-neg-int.der
new file mode 100644
index 000000000..8e5fc4647
Binary files /dev/null and b/certs/test/cert-bad-neg-int.der differ
diff --git a/certs/test/cert-bad-oid.der b/certs/test/cert-bad-oid.der
new file mode 100644
index 000000000..cda316511
Binary files /dev/null and b/certs/test/cert-bad-oid.der differ
diff --git a/certs/test/cert-bad-utf8.der b/certs/test/cert-bad-utf8.der
new file mode 100644
index 000000000..54e088910
Binary files /dev/null and b/certs/test/cert-bad-utf8.der differ
diff --git a/certs/test/cert-ext-ia.der b/certs/test/cert-ext-ia.der
index 29ec9fdde..11445bd39 100644
Binary files a/certs/test/cert-ext-ia.der and b/certs/test/cert-ext-ia.der differ
diff --git a/certs/test/cert-ext-ia.pem b/certs/test/cert-ext-ia.pem
index e6c037441..0e082fe3b 100644
--- a/certs/test/cert-ext-ia.pem
+++ b/certs/test/cert-ext-ia.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIEAzCCAuugAwIBAgIUEEaaRNPZiiXZqFxu6gwfzxyXYkYwDQYJKoZIhvcNAQEL
+MIIEIjCCAwqgAwIBAgIUQ/3qAfjYJadJx3VZ0hJd8G1k8gQwDQYJKoZIhvcNAQEL
 BQAwgZ8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
 DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
-E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIx
-OTI5WjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
+E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEy
+NTMwWjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
 BAcMCEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5n
 aW5lZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEiMCAGCSqGSIb3DQEJ
 ARYTc3VwcG9ydEB3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
@@ -13,12 +13,13 @@ nFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0l
 T+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRp
 o0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGW
 Srzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgI
-vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaM1MDMwDQYDVR02AQH/BAMCAQEw
-IgYJYIZIAYb4QgENBBUWE1Rlc3RpbmcgaW5oaWJpdCBhbnkwDQYJKoZIhvcNAQEL
-BQADggEBAHOBELBVkuhE2xGCnFEBk7Gvsphqe4GcsKYRp/JiyOMp+Fa01A+F7aiU
-vVi9JOdOlEFsbd32YoTdPCSqtSpzXXLJ/BdaREWvVLg3OshiwhNPPA2Q09gQI8ES
-I9yq7kWLesDGVLcXpdM+QHovNT8wrru8wi/LoWpKNHP4TYy1Tvuxr2ngC2UygsSX
-RGymPImVO8EPNBNh8zgP3p6zjyRDWs7tttct2u28mSR+ouRJ/8pQDp0ZVNbvedxI
-nj02OpIijuSj/CEwV3AuPJWaUbCxyL1bvnPcG1HKqvvt5/Ljo8h0pLRUpjwJDvFk
-8JWbuQSQThwRAsWtRO7RarZN7+P1AmI=
+vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNUMFIwDQYDVR02AQH/BAMCAQEw
+IgYJYIZIAYb4QgENBBUWE1Rlc3RpbmcgaW5oaWJpdCBhbnkwHQYDVR0OBBYEFLMR
+MsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUAA4IBAQCv+LnCSsulpdgc
+rGsIOOj6l9aBwDzpXUCRq5f1iP21R6eCWuw0AloypxQGXOERzriWKrftcZsCIUYO
+norS/SrCI7fyTO/tlg/FLsAMLFb20CNcUxr2I2IBOhITN0nNIZsC3R5mh4vlUZzP
+kyL96tK/iBm52Xiz2s7WYXkUEOMXdeTATffCzGod/Qe8Lv2QH0zWrAB/frpSCw9G
+EOTiAvxvWEzWGupiABRkF0C1r/Mzk/f7SyX2jLW3NlG+UbnWADgk7ZXsQ7JR2ZXW
+96voC11VG+ie/WS4v4eYZVX56mK9696+uRUqfwoBMypMGwAeOYTVQ8JFpOuobwwx
+urOK1vdB
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-joi.der b/certs/test/cert-ext-joi.der
index e4550c7a2..a48f1ef0f 100644
Binary files a/certs/test/cert-ext-joi.der and b/certs/test/cert-ext-joi.der differ
diff --git a/certs/test/cert-ext-joi.pem b/certs/test/cert-ext-joi.pem
index d19266866..a0d36541e 100644
--- a/certs/test/cert-ext-joi.pem
+++ b/certs/test/cert-ext-joi.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIFXDCCBESgAwIBAgIUWY9gYq+bg6hpLLlEPeuSQjQPvW8wDQYJKoZIhvcNAQEL
+MIIFXDCCBESgAwIBAgIUaAUAD+ezyA+zhY6gpJpcOm53ymkwDQYJKoZIhvcNAQEL
 BQAwgccxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
 bGZzc3NsLmNvbTETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgEC
-DApDYWxpZm9ybmlhMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgccx
+DApDYWxpZm9ybmlhMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgccx
 CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu
 MREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3Ns
@@ -21,11 +21,11 @@ xzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ad29sZnNz
 c2wuY29tMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNh
-bGlmb3JuaWGCFFmPYGKvm4OoaSy5RD3rkkI0D71vMAwGA1UdEwQFMAMBAf8wDQYJ
-KoZIhvcNAQELBQADggEBALY9RCPRvuHf04Mxqv6UJZv7MslCwQwbavD3ZYigNrlS
-f+qhS7SqFcUyXGbOfpiFCgobnwxK/Xg2K20xuauA8tIaJ3egeu0KFZUAaz4EOMvQ
-IWSUwp5maDKjQw7PX+W5GYY73uUxjDMlIFD0lVDTByeRp+YNfTZEBbjZlKDFohEf
-BEIyONlZdOvAIR+9dAZRjfF94WZuiUluq90yCTnDT2UIor1IzS964LuropYSH3oV
-QAdPOa87r5nY4tLScPU8hxfOP1i8aCuELiHgo6XuZZXt1qlBb7kIXz/rITd9ZvRm
-WVysY/2A38K7CBiv0biKfS83PVai8HuFKR+yZ1wxtk0=
+bGlmb3JuaWGCFGgFAA/ns8gPs4WOoKSaXDpud8ppMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAIoznH+W19lYzslchTKt/Ck1zlOvwdMOh5ii5AUrnp3d
++LxOBtLE/6SPruGj5+83tAa79IWVhxw+vpSarqyJMdhU/j4w2fSNCErD9TApy6Ux
+rWaME4JuaPxWS0CKzmQ8wzthPouQgC1GUW60+3wRnYUX/1Jq7QelOuYaNU5V4Cgy
+Tn0+psTpYWBnIQO5Ialx+yMus4uq5HnpBCuL+OYEloxhJh9aX4kIHK0gjMZ9GW5N
+3dlkuB5wNqudKjfCQl78d9OrnqssJZbpKlh89mdW0XZmjKcSRKe/qaqWLpZ3xbpY
+KrZ8gr5ec4wTmgoHRO9oMYPZaPEoTskjwIHlcLqPomc=
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-mnc.der b/certs/test/cert-ext-mnc.der
index f0c0aaaee..6a5791004 100644
Binary files a/certs/test/cert-ext-mnc.der and b/certs/test/cert-ext-mnc.der differ
diff --git a/certs/test/cert-ext-multiple.der b/certs/test/cert-ext-multiple.der
index b56d37756..b23ff2517 100644
Binary files a/certs/test/cert-ext-multiple.der and b/certs/test/cert-ext-multiple.der differ
diff --git a/certs/test/cert-ext-multiple.pem b/certs/test/cert-ext-multiple.pem
index ef5d7f064..514a94745 100644
--- a/certs/test/cert-ext-multiple.pem
+++ b/certs/test/cert-ext-multiple.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIFmDCCBICgAwIBAgIUOjAPanhO0Ayey1xIEr6HkMHASLcwDQYJKoZIhvcNAQEL
+MIIFmDCCBICgAwIBAgIUJ1V44oiXxesEMRmrcKI46MNfsB4wDQYJKoZIhvcNAQEL
 BQAwgcIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
 DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
 E3N1cHBvcnRAd29sZnNzbC5jb20xDzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwH
-TWFpbiBTdDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIHCMQswCQYD
+TWFpbiBTdDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIHCMQswCQYD
 VQQGEwJBVTETMBEGA1UECAwKUXVlZW5zbGFuZDERMA8GA1UEBwwIQnJpc2JhbmUx
 FDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QHdv
@@ -22,11 +22,11 @@ BwMBMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCCAQIGA1UdIwSB+jCB
 EQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwL
 d29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRAd29sZnNzbC5jb20x
-DzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdIIUOjAPanhO0Ayey1xI
-Er6HkMHASLcwDQYJKoZIhvcNAQELBQADggEBACLwxkk4RY5cD1/a47cHuRaDPn22
-XgpK5tZBMtU5PmkakKNWkW2xGTAwTmycus5iXOAxforA7PrGzFKlAnS+TmIhCFwv
-B0IwNZzCCwtQs3ilouOJyf30GxpV5BSJspBdjLflC9Vt+7OrjnRM84a4VaMNttps
-PlcGoZL1lLI2xtkhWXLeC1UdhXG8gsNXT/TpPOJ1+T4ElNr/RVTG60sp446f0kXd
-kX/dCrUD8+FTX5WZQmaawRHPRfV1d597dNuj539Za8e+XXJ5iOs0M+6YTqI9tvdA
-z23hUIs1BawnRcRYGS0rEYERBwcepvyEkQZoFfGKLoSuziRMIqnrQe3IzZ8=
+DzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdIIUJ1V44oiXxesEMRmr
+cKI46MNfsB4wDQYJKoZIhvcNAQELBQADggEBAKJy37k1QlYZi1kqS2FVQcJu+BmG
+HESeXX5YHSkuAAGML/7RvIr8WHHKQ99XsMrfxh2rDQBmXzK70iSOTPYGMglmKfgp
+ClGY+LVaMwXcBXS5aJieQ1Gfh2Qfx497VRHEaEgpTb/S6w9d3h/DlNlgt0Ph8VcQ
+6pSTHF5g/fo5ejaLGRyn6rO4/m8wjnncmoKJxNWwATHPMbuiXFI+gVq8jaN64Sdf
+52k42MsQLtAD7xPtNnmTYP+da783oRMCCPStbi5iWuiTdHMwAL0SQilXCNiEBGcH
+Xhfw1S0ekG6ijSc5qxu6UnbWoyyN8pyf9fht8OGvOG1LdfXrJdPDeAnb+X4=
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-nc.der b/certs/test/cert-ext-nc.der
index 5abf34986..10271ba2d 100644
Binary files a/certs/test/cert-ext-nc.der and b/certs/test/cert-ext-nc.der differ
diff --git a/certs/test/cert-ext-nc.pem b/certs/test/cert-ext-nc.pem
index 6bea29f54..b2a0c5ecc 100644
--- a/certs/test/cert-ext-nc.pem
+++ b/certs/test/cert-ext-nc.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIENTCCAx2gAwIBAgIUZubV8ronA4VrOHLZUH2CnIIiunUwDQYJKoZIhvcNAQEL
+MIIENTCCAx2gAwIBAgIUGplfHdReO3yPN9k7YfsSeO+fd6swDQYJKoZIhvcNAQEL
 BQAwezELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcM
 CEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5l
-ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5Mjla
-Fw0yNjA5MDgyMjE5MjlaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs
+ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBa
+Fw0yNzA5MTQyMTI1MzBaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs
 YW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDAS
 BgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi
 MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu
@@ -16,10 +16,10 @@ AAGjgbAwga0wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MB8GA1UdIwQY
 MBaAFLMRMsmSmITiyfjQO24DQsofDo48MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
 VR0PAQH/BAQDAgGGMB4GA1UdHgEB/wQUMBKgEDAOgQwud29sZnNzbC5jb20wJwYJ
 YIZIAYb4QgENBBoWGFRlc3RpbmcgbmFtZSBjb25zdHJhaW50czANBgkqhkiG9w0B
-AQsFAAOCAQEALtoSqDAnQmXFMjZk6XRf+uvBu6/fH+1tCmL828q03s2Mee+sRF1m
-C9mFRT1Q+M7pvqEb9t+hgQ9jry68EFBqC2VY6WWl95chrP+uojdZO6sDbMWsBxDi
-oD/ZWa8jjDtT+JJNTY0TVKfg83mSRC+1nQxHsV4zAlXsRHinG+pmzQgkYUrNCpjG
-d12z2bRqYBignVENubQEAZT945sioMuwO8jD8CtWd7Ie5qc7WFxBVO/wo7j2Slbt
-/dy+sVc+IHN7fe6MVD9cGivYpKmSJvw/VtiZbpgCvIX93fwZj7ltEiZBaGv2mNRx
-jdUVGWzyjnQTgIRuBX7Oa7Q8r89+s3B9oA==
+AQsFAAOCAQEAAkumXr/7gj5fSU5BrUsTJ/G+EkCj/BqZN/9i5Jg4Ukb3GjBusWtC
+BdwwlNzeKPHHCMXGckMGnUsy2kc+HG2DbR217RySxE+r+rRtjPdUyJbyz1HtoJ75
+o5foADB2eoF/QbCYs5CPfF4UzfYK42zxrkM2Ug2OuLdkCibCPvZr1Mbtb6/jQNTx
+yvk9pIWxniqM2ZOc6/UFzVWYeoSs2RQM9f2wvzlQSt4mHdLHHJCPuLniFNMmKhIS
+5tP+l3ckze+/yJnEEw7c6RxkhYL/zbxzGn02DouCNL1iw8Hgnrzn8bmrmHsXgiwu
+WSwKHwx4vfVMeVbRgj2yQ9pwsUxMKFLS3Q==
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-ncdns.der b/certs/test/cert-ext-ncdns.der
index d3f837089..c69e00bf6 100644
Binary files a/certs/test/cert-ext-ncdns.der and b/certs/test/cert-ext-ncdns.der differ
diff --git a/certs/test/cert-ext-ncmixed.der b/certs/test/cert-ext-ncmixed.der
index 4d3bb0c73..adad83f0f 100644
Binary files a/certs/test/cert-ext-ncmixed.der and b/certs/test/cert-ext-ncmixed.der differ
diff --git a/certs/test/cert-ext-nct.der b/certs/test/cert-ext-nct.der
index 5c0f65dfc..0c95bd743 100644
Binary files a/certs/test/cert-ext-nct.der and b/certs/test/cert-ext-nct.der differ
diff --git a/certs/test/cert-ext-nct.pem b/certs/test/cert-ext-nct.pem
index 5b888dfa2..1d6b4260d 100644
--- a/certs/test/cert-ext-nct.pem
+++ b/certs/test/cert-ext-nct.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIEGDCCAwCgAwIBAgIUQhQ9kNUYipe8daCTUP2VaziSi08wDQYJKoZIhvcNAQEL
+MIIENzCCAx+gAwIBAgIUApQdu+yQVfwqOADqFPgZc2zM/OswDQYJKoZIhvcNAQEL
 BQAwgZ8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
 DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
-E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIx
-OTI5WjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
+E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEy
+NTMwWjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
 BAcMCEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5n
 aW5lZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEiMCAGCSqGSIb3DQEJ
 ARYTc3VwcG9ydEB3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
@@ -13,12 +13,13 @@ nFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0l
 T+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRp
 o0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGW
 Srzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgI
-vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNKMEgwFAYJYIZIAYb4QgEBAQH/
+vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNpMGcwFAYJYIZIAYb4QgEBAQH/
 BAQDAgZAMDAGCWCGSAGG+EIBDQQjFiFUZXN0aW5nIE5ldHNjYXBlIENlcnRpZmlj
-YXRlIFR5cGUwDQYJKoZIhvcNAQELBQADggEBABmExniLoyrtx7sbbQS8nubTyoYv
-KfAreqCd5+2c2Vmq5o0wkA2HZLVlFi7ENewT0YaEqiP3HyPsu62P0N48GB43jPBg
-N58V+d/P8LERKx2/wjCfq15VX4Iave38K+/CzG+WKbaWc93ADUpOFvaZIejjiErx
-vQr3L2LyrEB0o6CDi+BPpKSQqW2O91HeIE+3P/trM2DF7RJApt0vVczxkepWxfa1
-piamsWT9rdE+7yeG9/I7RNY51dXQBnElJSULhrhBhqtRaCUcDe+KOocFq2NgEhku
-7IegJ888gZ5oZlYqOj9TUzS0ayXw8H8/6ZboH/AsvxBdQN7xOqmsDbpe3TA=
+YXRlIFR5cGUwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3
+DQEBCwUAA4IBAQC/uKHXHC6BNAUNalaJIhQnzynJeYSTLvMiF9OZq+N+JaKO9cC3
+k4w3UgXuOzT39ACeKrw9NsIuzEIBmQ8yQCJ0ysQQ0ktVnqexk6wcu/Imz0RE4Sm2
+S4tvO/+gmw1QuOgO3uTVyELSENw2PSQmkAeUFIQERE1ZpAgYd6UL2y6vXRxoG1co
+SvY84WA+0G7DbWMomro1QvJJo54hBi/vWM4DkHj5vpOqNf7UpDyjmbUktz5s/XcW
+mJaGK9ZEdDnOqJsJQmW3Qk3pOhuRajZAVQs/4BClfVQu9B8zKtzNUDEmSpWkAHlR
+cueppqgSnNEiBtHgxM+nojVloeAvUT3ubckn
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-ndir-exc.der b/certs/test/cert-ext-ndir-exc.der
index 5d8ebb081..d8a8898dc 100644
Binary files a/certs/test/cert-ext-ndir-exc.der and b/certs/test/cert-ext-ndir-exc.der differ
diff --git a/certs/test/cert-ext-ndir-exc.pem b/certs/test/cert-ext-ndir-exc.pem
index 486fcee67..f66f4111e 100644
--- a/certs/test/cert-ext-ndir-exc.pem
+++ b/certs/test/cert-ext-ndir-exc.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIE/TCCA+WgAwIBAgIUA9ASAQLXcBK7u66dI1+5Cvh9DMowDQYJKoZIhvcNAQEL
+MIIE/TCCA+WgAwIBAgIUGLfQcZfivHqxsscd/s2U10c095wwDQYJKoZIhvcNAQEL
 BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
-bGZzc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGVMQsw
+bGZzc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
 MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
 D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
@@ -18,12 +18,12 @@ gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
-bYIUA9ASAQLXcBK7u66dI1+5Cvh9DMowDAYDVR0TBAUwAwEB/zA2BgNVHR4BAf8E
+bYIUGLfQcZfivHqxsscd/s2U10c095wwDAYDVR0TBAUwAwEB/zA2BgNVHR4BAf8E
 LDAqoSgwJqQkMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMA0G
-CSqGSIb3DQEBCwUAA4IBAQCAF2rfhuz15dhfIlAaTKZ5caj09r9vdvsPKED2LsN1
-ufvD/DHJsFLLlL/a9Rk5HzaAC2/V7D1nytGdo+cDJAbbZP4jX7xKvTSPiXGwM85b
-xoZiCjApK6BBzBAEvPVO2g7XTPDAUtzSFUcibS9OXOBMQ8Kqua4oSAy02bpWTTj2
-1wZWr3okbRVuFNmX969wqJ2TA10QjySgMC7NoaW5sKG5Be65f0e8ClQ1UdDBq+7C
-TUkI1+eSjpPtRH38T89pK+zqKMwCq/Ugp/yDvmTn9tWjtdAE9bS92+3HBo/smJH7
-pTpRGG18pD7Su5B9QlSSbNZ0Sv5BJieCk9yQo81fcGtE
+CSqGSIb3DQEBCwUAA4IBAQCw3cmgfQC0d4SW5A/tOKqTiM2FqpupklMz5XSR2foY
+BDGHH/QUa/HUnvQPuE7KUoa8DqOyBYyato7Ejj2HuLcZlsPnT1kTLv4P4visrrvH
+fGKipT5ojv9sTKc9LTiohzlt08u7uqm7DKtuuDIBUCWgAWJV/DsKJWfiAPZo7bxS
+KPJJsPv+zMrMFazIrmlT8jez3VSoHToLWKIaJysJ8xJDR4kIrUJYAsXfZAPQkRUd
+6/1/r5g6Mt6Df4NbXiMccqCsiNvyEhVqx49nUQy4jPzJdA05TNkLnWYrC3Y2VqXR
+HjtgKkKIINqvkg1sryHpcCXRcX9MsRkbVZnq+ZuY1V6V
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-ndir.der b/certs/test/cert-ext-ndir.der
index 1feebd79a..64039ae30 100644
Binary files a/certs/test/cert-ext-ndir.der and b/certs/test/cert-ext-ndir.der differ
diff --git a/certs/test/cert-ext-ndir.pem b/certs/test/cert-ext-ndir.pem
index 9a108cdd7..8054a3770 100644
--- a/certs/test/cert-ext-ndir.pem
+++ b/certs/test/cert-ext-ndir.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIE6DCCA9CgAwIBAgIUGsYHXq1zN8MtgL5Bg4sW7+8Uj+gwDQYJKoZIhvcNAQEL
+MIIE6DCCA9CgAwIBAgIUJGVxqI+7O15e3Pq4GKOWbl8e524wDQYJKoZIhvcNAQEL
 BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
-bGZzc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGVMQsw
+bGZzc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
 MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
 D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
@@ -18,12 +18,12 @@ gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
-bYIUGsYHXq1zN8MtgL5Bg4sW7+8Uj+gwDAYDVR0TBAUwAwEB/zAhBgNVHR4BAf8E
-FzAVoBMwEaQPMA0xCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBCwUAA4IBAQA/NW29
-VNYpDOtANk/T8s2F9pYMWNR2uCV+9uCCGHHI2gCjZKq1megHkN90dlBiDCcyjLpO
-Waj62FeNppBoYaeTO77clNDyloJl/EXRqPUgc7IK4J2KNq0emrc2Xce08I8pXuEs
-dh5H6W/9m5Y0N0SBB3xdPGzg6RPB3nZNiyoeDRwzUhIDLwl/i0qA9ZtEjhFIb3+u
-w7LbDNAXgz5T8ZfRGHgoOutrqra2lh9LEoALWLJ+ZxY35vr0ZLf4mVAyj/cr67EA
-uTM/xeJbtj1y5/ADmenbW0nUcSeS/Eyp1s9eFC4hOQDnAQALzi2zrvK2LlxON6Rx
-3OyA5WbvJJbFdxxH
+bYIUJGVxqI+7O15e3Pq4GKOWbl8e524wDAYDVR0TBAUwAwEB/zAhBgNVHR4BAf8E
+FzAVoBMwEaQPMA0xCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBCwUAA4IBAQAKUBPw
+WOCJHe3lUkCjruXfucIQfDLK8bz2MEO3ch1vrbjDsbDNaMqP3w4PpRshzmCTdypk
+RcWMKLo1UEJsS6Vzs5qwsX/yxxGy0zvc47+E7hb71mw9rZKJ6K7J/ByC7trU37xS
+G2iFM+HQ0m9lEhSeCU+o70X0d61f3+NzNRAUlRa6XfdSdnHU+GvJmibS1+E/++Hn
+3f6jazaAAfPt1B4rVTlOF4W2sphk0giPQLoy895yt+QulI52IhvIU28nNDxgxu5I
+PXobiyNqhqij2p3G+9FdOnP+S2gsGLQjp9FwLDh/4TtBCHAJYdaf2iI4LMy2V3x/
+8K3QRK4bEQgJsEMn
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-over-max-altnames.cfg b/certs/test/cert-over-max-altnames.cfg
new file mode 100644
index 000000000..5aa44eb75
--- /dev/null
+++ b/certs/test/cert-over-max-altnames.cfg
@@ -0,0 +1,1070 @@
+[ req ]
+default_bits        = 2048
+prompt              = no
+distinguished_name  = dn
+x509_extensions     = extensions
+
+[ dn ]
+C  = US
+ST = Montana
+L  = Bozeman
+O  = wolfSSL Inc
+OU = Engineering
+CN = www.wolfssl.com
+
+[ extensions ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = example1.com
+DNS.2 = example2.com
+DNS.3 = example3.com
+DNS.4 = example4.com
+DNS.5 = example5.com
+DNS.6 = example6.com
+DNS.7 = example7.com
+DNS.8 = example8.com
+DNS.9 = example9.com
+DNS.10 = example10.com
+DNS.11 = example11.com
+DNS.12 = example12.com
+DNS.13 = example13.com
+DNS.14 = example14.com
+DNS.15 = example15.com
+DNS.16 = example16.com
+DNS.17 = example17.com
+DNS.18 = example18.com
+DNS.19 = example19.com
+DNS.20 = example20.com
+DNS.21 = example21.com
+DNS.22 = example22.com
+DNS.23 = example23.com
+DNS.24 = example24.com
+DNS.25 = example25.com
+DNS.26 = example26.com
+DNS.27 = example27.com
+DNS.28 = example28.com
+DNS.29 = example29.com
+DNS.30 = example30.com
+DNS.31 = example31.com
+DNS.32 = example32.com
+DNS.33 = example33.com
+DNS.34 = example34.com
+DNS.35 = example35.com
+DNS.36 = example36.com
+DNS.37 = example37.com
+DNS.38 = example38.com
+DNS.39 = example39.com
+DNS.40 = example40.com
+DNS.41 = example41.com
+DNS.42 = example42.com
+DNS.43 = example43.com
+DNS.44 = example44.com
+DNS.45 = example45.com
+DNS.46 = example46.com
+DNS.47 = example47.com
+DNS.48 = example48.com
+DNS.49 = example49.com
+DNS.50 = example50.com
+DNS.51 = example51.com
+DNS.52 = example52.com
+DNS.53 = example53.com
+DNS.54 = example54.com
+DNS.55 = example55.com
+DNS.56 = example56.com
+DNS.57 = example57.com
+DNS.58 = example58.com
+DNS.59 = example59.com
+DNS.60 = example60.com
+DNS.61 = example61.com
+DNS.62 = example62.com
+DNS.63 = example63.com
+DNS.64 = example64.com
+DNS.65 = example65.com
+DNS.66 = example66.com
+DNS.67 = example67.com
+DNS.68 = example68.com
+DNS.69 = example69.com
+DNS.70 = example70.com
+DNS.71 = example71.com
+DNS.72 = example72.com
+DNS.73 = example73.com
+DNS.74 = example74.com
+DNS.75 = example75.com
+DNS.76 = example76.com
+DNS.77 = example77.com
+DNS.78 = example78.com
+DNS.79 = example79.com
+DNS.80 = example80.com
+DNS.81 = example81.com
+DNS.82 = example82.com
+DNS.83 = example83.com
+DNS.84 = example84.com
+DNS.85 = example85.com
+DNS.86 = example86.com
+DNS.87 = example87.com
+DNS.88 = example88.com
+DNS.89 = example89.com
+DNS.90 = example90.com
+DNS.91 = example91.com
+DNS.92 = example92.com
+DNS.93 = example93.com
+DNS.94 = example94.com
+DNS.95 = example95.com
+DNS.96 = example96.com
+DNS.97 = example97.com
+DNS.98 = example98.com
+DNS.99 = example99.com
+DNS.100 = example100.com
+DNS.101 = example101.com
+DNS.102 = example102.com
+DNS.103 = example103.com
+DNS.104 = example104.com
+DNS.105 = example105.com
+DNS.106 = example106.com
+DNS.107 = example107.com
+DNS.108 = example108.com
+DNS.109 = example109.com
+DNS.110 = example110.com
+DNS.111 = example111.com
+DNS.112 = example112.com
+DNS.113 = example113.com
+DNS.114 = example114.com
+DNS.115 = example115.com
+DNS.116 = example116.com
+DNS.117 = example117.com
+DNS.118 = example118.com
+DNS.119 = example119.com
+DNS.120 = example120.com
+DNS.121 = example121.com
+DNS.122 = example122.com
+DNS.123 = example123.com
+DNS.124 = example124.com
+DNS.125 = example125.com
+DNS.126 = example126.com
+DNS.127 = example127.com
+DNS.128 = example128.com
+DNS.129 = example129.com
+DNS.130 = example130.com
+DNS.131 = example131.com
+DNS.132 = example132.com
+DNS.133 = example133.com
+DNS.134 = example134.com
+DNS.135 = example135.com
+DNS.136 = example136.com
+DNS.137 = example137.com
+DNS.138 = example138.com
+DNS.139 = example139.com
+DNS.140 = example140.com
+DNS.141 = example141.com
+DNS.142 = example142.com
+DNS.143 = example143.com
+DNS.144 = example144.com
+DNS.145 = example145.com
+DNS.146 = example146.com
+DNS.147 = example147.com
+DNS.148 = example148.com
+DNS.149 = example149.com
+DNS.150 = example150.com
+DNS.151 = example151.com
+DNS.152 = example152.com
+DNS.153 = example153.com
+DNS.154 = example154.com
+DNS.155 = example155.com
+DNS.156 = example156.com
+DNS.157 = example157.com
+DNS.158 = example158.com
+DNS.159 = example159.com
+DNS.160 = example160.com
+DNS.161 = example161.com
+DNS.162 = example162.com
+DNS.163 = example163.com
+DNS.164 = example164.com
+DNS.165 = example165.com
+DNS.166 = example166.com
+DNS.167 = example167.com
+DNS.168 = example168.com
+DNS.169 = example169.com
+DNS.170 = example170.com
+DNS.171 = example171.com
+DNS.172 = example172.com
+DNS.173 = example173.com
+DNS.174 = example174.com
+DNS.175 = example175.com
+DNS.176 = example176.com
+DNS.177 = example177.com
+DNS.178 = example178.com
+DNS.179 = example179.com
+DNS.180 = example180.com
+DNS.181 = example181.com
+DNS.182 = example182.com
+DNS.183 = example183.com
+DNS.184 = example184.com
+DNS.185 = example185.com
+DNS.186 = example186.com
+DNS.187 = example187.com
+DNS.188 = example188.com
+DNS.189 = example189.com
+DNS.190 = example190.com
+DNS.191 = example191.com
+DNS.192 = example192.com
+DNS.193 = example193.com
+DNS.194 = example194.com
+DNS.195 = example195.com
+DNS.196 = example196.com
+DNS.197 = example197.com
+DNS.198 = example198.com
+DNS.199 = example199.com
+DNS.200 = example200.com
+DNS.201 = example201.com
+DNS.202 = example202.com
+DNS.203 = example203.com
+DNS.204 = example204.com
+DNS.205 = example205.com
+DNS.206 = example206.com
+DNS.207 = example207.com
+DNS.208 = example208.com
+DNS.209 = example209.com
+DNS.210 = example210.com
+DNS.211 = example211.com
+DNS.212 = example212.com
+DNS.213 = example213.com
+DNS.214 = example214.com
+DNS.215 = example215.com
+DNS.216 = example216.com
+DNS.217 = example217.com
+DNS.218 = example218.com
+DNS.219 = example219.com
+DNS.220 = example220.com
+DNS.221 = example221.com
+DNS.222 = example222.com
+DNS.223 = example223.com
+DNS.224 = example224.com
+DNS.225 = example225.com
+DNS.226 = example226.com
+DNS.227 = example227.com
+DNS.228 = example228.com
+DNS.229 = example229.com
+DNS.230 = example230.com
+DNS.231 = example231.com
+DNS.232 = example232.com
+DNS.233 = example233.com
+DNS.234 = example234.com
+DNS.235 = example235.com
+DNS.236 = example236.com
+DNS.237 = example237.com
+DNS.238 = example238.com
+DNS.239 = example239.com
+DNS.240 = example240.com
+DNS.241 = example241.com
+DNS.242 = example242.com
+DNS.243 = example243.com
+DNS.244 = example244.com
+DNS.245 = example245.com
+DNS.246 = example246.com
+DNS.247 = example247.com
+DNS.248 = example248.com
+DNS.249 = example249.com
+DNS.250 = example250.com
+DNS.251 = example251.com
+DNS.252 = example252.com
+DNS.253 = example253.com
+DNS.254 = example254.com
+DNS.255 = example255.com
+DNS.256 = example256.com
+DNS.257 = example257.com
+DNS.258 = example258.com
+DNS.259 = example259.com
+DNS.260 = example260.com
+DNS.261 = example261.com
+DNS.262 = example262.com
+DNS.263 = example263.com
+DNS.264 = example264.com
+DNS.265 = example265.com
+DNS.266 = example266.com
+DNS.267 = example267.com
+DNS.268 = example268.com
+DNS.269 = example269.com
+DNS.270 = example270.com
+DNS.271 = example271.com
+DNS.272 = example272.com
+DNS.273 = example273.com
+DNS.274 = example274.com
+DNS.275 = example275.com
+DNS.276 = example276.com
+DNS.277 = example277.com
+DNS.278 = example278.com
+DNS.279 = example279.com
+DNS.280 = example280.com
+DNS.281 = example281.com
+DNS.282 = example282.com
+DNS.283 = example283.com
+DNS.284 = example284.com
+DNS.285 = example285.com
+DNS.286 = example286.com
+DNS.287 = example287.com
+DNS.288 = example288.com
+DNS.289 = example289.com
+DNS.290 = example290.com
+DNS.291 = example291.com
+DNS.292 = example292.com
+DNS.293 = example293.com
+DNS.294 = example294.com
+DNS.295 = example295.com
+DNS.296 = example296.com
+DNS.297 = example297.com
+DNS.298 = example298.com
+DNS.299 = example299.com
+DNS.300 = example300.com
+DNS.301 = example301.com
+DNS.302 = example302.com
+DNS.303 = example303.com
+DNS.304 = example304.com
+DNS.305 = example305.com
+DNS.306 = example306.com
+DNS.307 = example307.com
+DNS.308 = example308.com
+DNS.309 = example309.com
+DNS.310 = example310.com
+DNS.311 = example311.com
+DNS.312 = example312.com
+DNS.313 = example313.com
+DNS.314 = example314.com
+DNS.315 = example315.com
+DNS.316 = example316.com
+DNS.317 = example317.com
+DNS.318 = example318.com
+DNS.319 = example319.com
+DNS.320 = example320.com
+DNS.321 = example321.com
+DNS.322 = example322.com
+DNS.323 = example323.com
+DNS.324 = example324.com
+DNS.325 = example325.com
+DNS.326 = example326.com
+DNS.327 = example327.com
+DNS.328 = example328.com
+DNS.329 = example329.com
+DNS.330 = example330.com
+DNS.331 = example331.com
+DNS.332 = example332.com
+DNS.333 = example333.com
+DNS.334 = example334.com
+DNS.335 = example335.com
+DNS.336 = example336.com
+DNS.337 = example337.com
+DNS.338 = example338.com
+DNS.339 = example339.com
+DNS.340 = example340.com
+DNS.341 = example341.com
+DNS.342 = example342.com
+DNS.343 = example343.com
+DNS.344 = example344.com
+DNS.345 = example345.com
+DNS.346 = example346.com
+DNS.347 = example347.com
+DNS.348 = example348.com
+DNS.349 = example349.com
+DNS.350 = example350.com
+DNS.351 = example351.com
+DNS.352 = example352.com
+DNS.353 = example353.com
+DNS.354 = example354.com
+DNS.355 = example355.com
+DNS.356 = example356.com
+DNS.357 = example357.com
+DNS.358 = example358.com
+DNS.359 = example359.com
+DNS.360 = example360.com
+DNS.361 = example361.com
+DNS.362 = example362.com
+DNS.363 = example363.com
+DNS.364 = example364.com
+DNS.365 = example365.com
+DNS.366 = example366.com
+DNS.367 = example367.com
+DNS.368 = example368.com
+DNS.369 = example369.com
+DNS.370 = example370.com
+DNS.371 = example371.com
+DNS.372 = example372.com
+DNS.373 = example373.com
+DNS.374 = example374.com
+DNS.375 = example375.com
+DNS.376 = example376.com
+DNS.377 = example377.com
+DNS.378 = example378.com
+DNS.379 = example379.com
+DNS.380 = example380.com
+DNS.381 = example381.com
+DNS.382 = example382.com
+DNS.383 = example383.com
+DNS.384 = example384.com
+DNS.385 = example385.com
+DNS.386 = example386.com
+DNS.387 = example387.com
+DNS.388 = example388.com
+DNS.389 = example389.com
+DNS.390 = example390.com
+DNS.391 = example391.com
+DNS.392 = example392.com
+DNS.393 = example393.com
+DNS.394 = example394.com
+DNS.395 = example395.com
+DNS.396 = example396.com
+DNS.397 = example397.com
+DNS.398 = example398.com
+DNS.399 = example399.com
+DNS.400 = example400.com
+DNS.401 = example401.com
+DNS.402 = example402.com
+DNS.403 = example403.com
+DNS.404 = example404.com
+DNS.405 = example405.com
+DNS.406 = example406.com
+DNS.407 = example407.com
+DNS.408 = example408.com
+DNS.409 = example409.com
+DNS.410 = example410.com
+DNS.411 = example411.com
+DNS.412 = example412.com
+DNS.413 = example413.com
+DNS.414 = example414.com
+DNS.415 = example415.com
+DNS.416 = example416.com
+DNS.417 = example417.com
+DNS.418 = example418.com
+DNS.419 = example419.com
+DNS.420 = example420.com
+DNS.421 = example421.com
+DNS.422 = example422.com
+DNS.423 = example423.com
+DNS.424 = example424.com
+DNS.425 = example425.com
+DNS.426 = example426.com
+DNS.427 = example427.com
+DNS.428 = example428.com
+DNS.429 = example429.com
+DNS.430 = example430.com
+DNS.431 = example431.com
+DNS.432 = example432.com
+DNS.433 = example433.com
+DNS.434 = example434.com
+DNS.435 = example435.com
+DNS.436 = example436.com
+DNS.437 = example437.com
+DNS.438 = example438.com
+DNS.439 = example439.com
+DNS.440 = example440.com
+DNS.441 = example441.com
+DNS.442 = example442.com
+DNS.443 = example443.com
+DNS.444 = example444.com
+DNS.445 = example445.com
+DNS.446 = example446.com
+DNS.447 = example447.com
+DNS.448 = example448.com
+DNS.449 = example449.com
+DNS.450 = example450.com
+DNS.451 = example451.com
+DNS.452 = example452.com
+DNS.453 = example453.com
+DNS.454 = example454.com
+DNS.455 = example455.com
+DNS.456 = example456.com
+DNS.457 = example457.com
+DNS.458 = example458.com
+DNS.459 = example459.com
+DNS.460 = example460.com
+DNS.461 = example461.com
+DNS.462 = example462.com
+DNS.463 = example463.com
+DNS.464 = example464.com
+DNS.465 = example465.com
+DNS.466 = example466.com
+DNS.467 = example467.com
+DNS.468 = example468.com
+DNS.469 = example469.com
+DNS.470 = example470.com
+DNS.471 = example471.com
+DNS.472 = example472.com
+DNS.473 = example473.com
+DNS.474 = example474.com
+DNS.475 = example475.com
+DNS.476 = example476.com
+DNS.477 = example477.com
+DNS.478 = example478.com
+DNS.479 = example479.com
+DNS.480 = example480.com
+DNS.481 = example481.com
+DNS.482 = example482.com
+DNS.483 = example483.com
+DNS.484 = example484.com
+DNS.485 = example485.com
+DNS.486 = example486.com
+DNS.487 = example487.com
+DNS.488 = example488.com
+DNS.489 = example489.com
+DNS.490 = example490.com
+DNS.491 = example491.com
+DNS.492 = example492.com
+DNS.493 = example493.com
+DNS.494 = example494.com
+DNS.495 = example495.com
+DNS.496 = example496.com
+DNS.497 = example497.com
+DNS.498 = example498.com
+DNS.499 = example499.com
+DNS.500 = example500.com
+DNS.501 = example501.com
+DNS.502 = example502.com
+DNS.503 = example503.com
+DNS.504 = example504.com
+DNS.505 = example505.com
+DNS.506 = example506.com
+DNS.507 = example507.com
+DNS.508 = example508.com
+DNS.509 = example509.com
+DNS.510 = example510.com
+DNS.511 = example511.com
+DNS.512 = example512.com
+DNS.513 = example513.com
+DNS.514 = example514.com
+DNS.515 = example515.com
+DNS.516 = example516.com
+DNS.517 = example517.com
+DNS.518 = example518.com
+DNS.519 = example519.com
+DNS.520 = example520.com
+DNS.521 = example521.com
+DNS.522 = example522.com
+DNS.523 = example523.com
+DNS.524 = example524.com
+DNS.525 = example525.com
+DNS.526 = example526.com
+DNS.527 = example527.com
+DNS.528 = example528.com
+DNS.529 = example529.com
+DNS.530 = example530.com
+DNS.531 = example531.com
+DNS.532 = example532.com
+DNS.533 = example533.com
+DNS.534 = example534.com
+DNS.535 = example535.com
+DNS.536 = example536.com
+DNS.537 = example537.com
+DNS.538 = example538.com
+DNS.539 = example539.com
+DNS.540 = example540.com
+DNS.541 = example541.com
+DNS.542 = example542.com
+DNS.543 = example543.com
+DNS.544 = example544.com
+DNS.545 = example545.com
+DNS.546 = example546.com
+DNS.547 = example547.com
+DNS.548 = example548.com
+DNS.549 = example549.com
+DNS.550 = example550.com
+DNS.551 = example551.com
+DNS.552 = example552.com
+DNS.553 = example553.com
+DNS.554 = example554.com
+DNS.555 = example555.com
+DNS.556 = example556.com
+DNS.557 = example557.com
+DNS.558 = example558.com
+DNS.559 = example559.com
+DNS.560 = example560.com
+DNS.561 = example561.com
+DNS.562 = example562.com
+DNS.563 = example563.com
+DNS.564 = example564.com
+DNS.565 = example565.com
+DNS.566 = example566.com
+DNS.567 = example567.com
+DNS.568 = example568.com
+DNS.569 = example569.com
+DNS.570 = example570.com
+DNS.571 = example571.com
+DNS.572 = example572.com
+DNS.573 = example573.com
+DNS.574 = example574.com
+DNS.575 = example575.com
+DNS.576 = example576.com
+DNS.577 = example577.com
+DNS.578 = example578.com
+DNS.579 = example579.com
+DNS.580 = example580.com
+DNS.581 = example581.com
+DNS.582 = example582.com
+DNS.583 = example583.com
+DNS.584 = example584.com
+DNS.585 = example585.com
+DNS.586 = example586.com
+DNS.587 = example587.com
+DNS.588 = example588.com
+DNS.589 = example589.com
+DNS.590 = example590.com
+DNS.591 = example591.com
+DNS.592 = example592.com
+DNS.593 = example593.com
+DNS.594 = example594.com
+DNS.595 = example595.com
+DNS.596 = example596.com
+DNS.597 = example597.com
+DNS.598 = example598.com
+DNS.599 = example599.com
+DNS.600 = example600.com
+DNS.601 = example601.com
+DNS.602 = example602.com
+DNS.603 = example603.com
+DNS.604 = example604.com
+DNS.605 = example605.com
+DNS.606 = example606.com
+DNS.607 = example607.com
+DNS.608 = example608.com
+DNS.609 = example609.com
+DNS.610 = example610.com
+DNS.611 = example611.com
+DNS.612 = example612.com
+DNS.613 = example613.com
+DNS.614 = example614.com
+DNS.615 = example615.com
+DNS.616 = example616.com
+DNS.617 = example617.com
+DNS.618 = example618.com
+DNS.619 = example619.com
+DNS.620 = example620.com
+DNS.621 = example621.com
+DNS.622 = example622.com
+DNS.623 = example623.com
+DNS.624 = example624.com
+DNS.625 = example625.com
+DNS.626 = example626.com
+DNS.627 = example627.com
+DNS.628 = example628.com
+DNS.629 = example629.com
+DNS.630 = example630.com
+DNS.631 = example631.com
+DNS.632 = example632.com
+DNS.633 = example633.com
+DNS.634 = example634.com
+DNS.635 = example635.com
+DNS.636 = example636.com
+DNS.637 = example637.com
+DNS.638 = example638.com
+DNS.639 = example639.com
+DNS.640 = example640.com
+DNS.641 = example641.com
+DNS.642 = example642.com
+DNS.643 = example643.com
+DNS.644 = example644.com
+DNS.645 = example645.com
+DNS.646 = example646.com
+DNS.647 = example647.com
+DNS.648 = example648.com
+DNS.649 = example649.com
+DNS.650 = example650.com
+DNS.651 = example651.com
+DNS.652 = example652.com
+DNS.653 = example653.com
+DNS.654 = example654.com
+DNS.655 = example655.com
+DNS.656 = example656.com
+DNS.657 = example657.com
+DNS.658 = example658.com
+DNS.659 = example659.com
+DNS.660 = example660.com
+DNS.661 = example661.com
+DNS.662 = example662.com
+DNS.663 = example663.com
+DNS.664 = example664.com
+DNS.665 = example665.com
+DNS.666 = example666.com
+DNS.667 = example667.com
+DNS.668 = example668.com
+DNS.669 = example669.com
+DNS.670 = example670.com
+DNS.671 = example671.com
+DNS.672 = example672.com
+DNS.673 = example673.com
+DNS.674 = example674.com
+DNS.675 = example675.com
+DNS.676 = example676.com
+DNS.677 = example677.com
+DNS.678 = example678.com
+DNS.679 = example679.com
+DNS.680 = example680.com
+DNS.681 = example681.com
+DNS.682 = example682.com
+DNS.683 = example683.com
+DNS.684 = example684.com
+DNS.685 = example685.com
+DNS.686 = example686.com
+DNS.687 = example687.com
+DNS.688 = example688.com
+DNS.689 = example689.com
+DNS.690 = example690.com
+DNS.691 = example691.com
+DNS.692 = example692.com
+DNS.693 = example693.com
+DNS.694 = example694.com
+DNS.695 = example695.com
+DNS.696 = example696.com
+DNS.697 = example697.com
+DNS.698 = example698.com
+DNS.699 = example699.com
+DNS.700 = example700.com
+DNS.701 = example701.com
+DNS.702 = example702.com
+DNS.703 = example703.com
+DNS.704 = example704.com
+DNS.705 = example705.com
+DNS.706 = example706.com
+DNS.707 = example707.com
+DNS.708 = example708.com
+DNS.709 = example709.com
+DNS.710 = example710.com
+DNS.711 = example711.com
+DNS.712 = example712.com
+DNS.713 = example713.com
+DNS.714 = example714.com
+DNS.715 = example715.com
+DNS.716 = example716.com
+DNS.717 = example717.com
+DNS.718 = example718.com
+DNS.719 = example719.com
+DNS.720 = example720.com
+DNS.721 = example721.com
+DNS.722 = example722.com
+DNS.723 = example723.com
+DNS.724 = example724.com
+DNS.725 = example725.com
+DNS.726 = example726.com
+DNS.727 = example727.com
+DNS.728 = example728.com
+DNS.729 = example729.com
+DNS.730 = example730.com
+DNS.731 = example731.com
+DNS.732 = example732.com
+DNS.733 = example733.com
+DNS.734 = example734.com
+DNS.735 = example735.com
+DNS.736 = example736.com
+DNS.737 = example737.com
+DNS.738 = example738.com
+DNS.739 = example739.com
+DNS.740 = example740.com
+DNS.741 = example741.com
+DNS.742 = example742.com
+DNS.743 = example743.com
+DNS.744 = example744.com
+DNS.745 = example745.com
+DNS.746 = example746.com
+DNS.747 = example747.com
+DNS.748 = example748.com
+DNS.749 = example749.com
+DNS.750 = example750.com
+DNS.751 = example751.com
+DNS.752 = example752.com
+DNS.753 = example753.com
+DNS.754 = example754.com
+DNS.755 = example755.com
+DNS.756 = example756.com
+DNS.757 = example757.com
+DNS.758 = example758.com
+DNS.759 = example759.com
+DNS.760 = example760.com
+DNS.761 = example761.com
+DNS.762 = example762.com
+DNS.763 = example763.com
+DNS.764 = example764.com
+DNS.765 = example765.com
+DNS.766 = example766.com
+DNS.767 = example767.com
+DNS.768 = example768.com
+DNS.769 = example769.com
+DNS.770 = example770.com
+DNS.771 = example771.com
+DNS.772 = example772.com
+DNS.773 = example773.com
+DNS.774 = example774.com
+DNS.775 = example775.com
+DNS.776 = example776.com
+DNS.777 = example777.com
+DNS.778 = example778.com
+DNS.779 = example779.com
+DNS.780 = example780.com
+DNS.781 = example781.com
+DNS.782 = example782.com
+DNS.783 = example783.com
+DNS.784 = example784.com
+DNS.785 = example785.com
+DNS.786 = example786.com
+DNS.787 = example787.com
+DNS.788 = example788.com
+DNS.789 = example789.com
+DNS.790 = example790.com
+DNS.791 = example791.com
+DNS.792 = example792.com
+DNS.793 = example793.com
+DNS.794 = example794.com
+DNS.795 = example795.com
+DNS.796 = example796.com
+DNS.797 = example797.com
+DNS.798 = example798.com
+DNS.799 = example799.com
+DNS.800 = example800.com
+DNS.801 = example801.com
+DNS.802 = example802.com
+DNS.803 = example803.com
+DNS.804 = example804.com
+DNS.805 = example805.com
+DNS.806 = example806.com
+DNS.807 = example807.com
+DNS.808 = example808.com
+DNS.809 = example809.com
+DNS.810 = example810.com
+DNS.811 = example811.com
+DNS.812 = example812.com
+DNS.813 = example813.com
+DNS.814 = example814.com
+DNS.815 = example815.com
+DNS.816 = example816.com
+DNS.817 = example817.com
+DNS.818 = example818.com
+DNS.819 = example819.com
+DNS.820 = example820.com
+DNS.821 = example821.com
+DNS.822 = example822.com
+DNS.823 = example823.com
+DNS.824 = example824.com
+DNS.825 = example825.com
+DNS.826 = example826.com
+DNS.827 = example827.com
+DNS.828 = example828.com
+DNS.829 = example829.com
+DNS.830 = example830.com
+DNS.831 = example831.com
+DNS.832 = example832.com
+DNS.833 = example833.com
+DNS.834 = example834.com
+DNS.835 = example835.com
+DNS.836 = example836.com
+DNS.837 = example837.com
+DNS.838 = example838.com
+DNS.839 = example839.com
+DNS.840 = example840.com
+DNS.841 = example841.com
+DNS.842 = example842.com
+DNS.843 = example843.com
+DNS.844 = example844.com
+DNS.845 = example845.com
+DNS.846 = example846.com
+DNS.847 = example847.com
+DNS.848 = example848.com
+DNS.849 = example849.com
+DNS.850 = example850.com
+DNS.851 = example851.com
+DNS.852 = example852.com
+DNS.853 = example853.com
+DNS.854 = example854.com
+DNS.855 = example855.com
+DNS.856 = example856.com
+DNS.857 = example857.com
+DNS.858 = example858.com
+DNS.859 = example859.com
+DNS.860 = example860.com
+DNS.861 = example861.com
+DNS.862 = example862.com
+DNS.863 = example863.com
+DNS.864 = example864.com
+DNS.865 = example865.com
+DNS.866 = example866.com
+DNS.867 = example867.com
+DNS.868 = example868.com
+DNS.869 = example869.com
+DNS.870 = example870.com
+DNS.871 = example871.com
+DNS.872 = example872.com
+DNS.873 = example873.com
+DNS.874 = example874.com
+DNS.875 = example875.com
+DNS.876 = example876.com
+DNS.877 = example877.com
+DNS.878 = example878.com
+DNS.879 = example879.com
+DNS.880 = example880.com
+DNS.881 = example881.com
+DNS.882 = example882.com
+DNS.883 = example883.com
+DNS.884 = example884.com
+DNS.885 = example885.com
+DNS.886 = example886.com
+DNS.887 = example887.com
+DNS.888 = example888.com
+DNS.889 = example889.com
+DNS.890 = example890.com
+DNS.891 = example891.com
+DNS.892 = example892.com
+DNS.893 = example893.com
+DNS.894 = example894.com
+DNS.895 = example895.com
+DNS.896 = example896.com
+DNS.897 = example897.com
+DNS.898 = example898.com
+DNS.899 = example899.com
+DNS.900 = example900.com
+DNS.901 = example901.com
+DNS.902 = example902.com
+DNS.903 = example903.com
+DNS.904 = example904.com
+DNS.905 = example905.com
+DNS.906 = example906.com
+DNS.907 = example907.com
+DNS.908 = example908.com
+DNS.909 = example909.com
+DNS.910 = example910.com
+DNS.911 = example911.com
+DNS.912 = example912.com
+DNS.913 = example913.com
+DNS.914 = example914.com
+DNS.915 = example915.com
+DNS.916 = example916.com
+DNS.917 = example917.com
+DNS.918 = example918.com
+DNS.919 = example919.com
+DNS.920 = example920.com
+DNS.921 = example921.com
+DNS.922 = example922.com
+DNS.923 = example923.com
+DNS.924 = example924.com
+DNS.925 = example925.com
+DNS.926 = example926.com
+DNS.927 = example927.com
+DNS.928 = example928.com
+DNS.929 = example929.com
+DNS.930 = example930.com
+DNS.931 = example931.com
+DNS.932 = example932.com
+DNS.933 = example933.com
+DNS.934 = example934.com
+DNS.935 = example935.com
+DNS.936 = example936.com
+DNS.937 = example937.com
+DNS.938 = example938.com
+DNS.939 = example939.com
+DNS.940 = example940.com
+DNS.941 = example941.com
+DNS.942 = example942.com
+DNS.943 = example943.com
+DNS.944 = example944.com
+DNS.945 = example945.com
+DNS.946 = example946.com
+DNS.947 = example947.com
+DNS.948 = example948.com
+DNS.949 = example949.com
+DNS.950 = example950.com
+DNS.951 = example951.com
+DNS.952 = example952.com
+DNS.953 = example953.com
+DNS.954 = example954.com
+DNS.955 = example955.com
+DNS.956 = example956.com
+DNS.957 = example957.com
+DNS.958 = example958.com
+DNS.959 = example959.com
+DNS.960 = example960.com
+DNS.961 = example961.com
+DNS.962 = example962.com
+DNS.963 = example963.com
+DNS.964 = example964.com
+DNS.965 = example965.com
+DNS.966 = example966.com
+DNS.967 = example967.com
+DNS.968 = example968.com
+DNS.969 = example969.com
+DNS.970 = example970.com
+DNS.971 = example971.com
+DNS.972 = example972.com
+DNS.973 = example973.com
+DNS.974 = example974.com
+DNS.975 = example975.com
+DNS.976 = example976.com
+DNS.977 = example977.com
+DNS.978 = example978.com
+DNS.979 = example979.com
+DNS.980 = example980.com
+DNS.981 = example981.com
+DNS.982 = example982.com
+DNS.983 = example983.com
+DNS.984 = example984.com
+DNS.985 = example985.com
+DNS.986 = example986.com
+DNS.987 = example987.com
+DNS.988 = example988.com
+DNS.989 = example989.com
+DNS.990 = example990.com
+DNS.991 = example991.com
+DNS.992 = example992.com
+DNS.993 = example993.com
+DNS.994 = example994.com
+DNS.995 = example995.com
+DNS.996 = example996.com
+DNS.997 = example997.com
+DNS.998 = example998.com
+DNS.999 = example999.com
+DNS.1000 = example1000.com
+DNS.1001 = example1001.com
+DNS.1002 = example1002.com
+DNS.1003 = example1003.com
+DNS.1004 = example1004.com
+DNS.1005 = example1005.com
+DNS.1006 = example1006.com
+DNS.1007 = example1007.com
+DNS.1008 = example1008.com
+DNS.1009 = example1009.com
+DNS.1010 = example1010.com
+DNS.1011 = example1011.com
+DNS.1012 = example1012.com
+DNS.1013 = example1013.com
+DNS.1014 = example1014.com
+DNS.1015 = example1015.com
+DNS.1016 = example1016.com
+DNS.1017 = example1017.com
+DNS.1018 = example1018.com
+DNS.1019 = example1019.com
+DNS.1020 = example1020.com
+DNS.1021 = example1021.com
+DNS.1022 = example1022.com
+DNS.1023 = example1023.com
+DNS.1024 = example1024.com
+DNS.1025 = example1025.com
+DNS.1026 = example1026.com
+DNS.1027 = example1027.com
+DNS.1028 = example1028.com
+DNS.1029 = example1029.com
+DNS.1030 = example1030.com
+DNS.1031 = example1031.com
+DNS.1032 = example1032.com
+DNS.1033 = example1033.com
+DNS.1034 = example1034.com
+DNS.1035 = example1035.com
+DNS.1036 = example1036.com
+DNS.1037 = example1037.com
+DNS.1038 = example1038.com
+DNS.1039 = example1039.com
+DNS.1040 = example1040.com
+DNS.1041 = example1041.com
+DNS.1042 = example1042.com
+DNS.1043 = example1043.com
+DNS.1044 = example1044.com
+DNS.1045 = example1045.com
+DNS.1046 = example1046.com
+DNS.1047 = example1047.com
+DNS.1048 = example1048.com
+DNS.1049 = example1049.com
+DNS.1050 = example1050.com
+
+
diff --git a/certs/test/cert-over-max-altnames.der b/certs/test/cert-over-max-altnames.der
new file mode 100644
index 000000000..098f7f897
Binary files /dev/null and b/certs/test/cert-over-max-altnames.der differ
diff --git a/certs/test/cert-over-max-altnames.pem b/certs/test/cert-over-max-altnames.pem
new file mode 100644
index 000000000..049ed9826
--- /dev/null
+++ b/certs/test/cert-over-max-altnames.pem
@@ -0,0 +1,371 @@
+-----BEGIN CERTIFICATE-----
+MIJFGTCCRAGgAwIBAgIUX76ChQ/mP72YjfkBX53CYI4jt4YwDQYJKoZIhvcNAQEL
+BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
+emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu
+ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3
+MDkxNDIxMjUzMFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
+BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF
+bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY
+06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGL
+YlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlc
+OM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+
+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+
+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4JBmzCC
+QZcwgkF0BgNVHREEgkFrMIJBZ4IMZXhhbXBsZTEuY29tggxleGFtcGxlMi5jb22C
+DGV4YW1wbGUzLmNvbYIMZXhhbXBsZTQuY29tggxleGFtcGxlNS5jb22CDGV4YW1w
+bGU2LmNvbYIMZXhhbXBsZTcuY29tggxleGFtcGxlOC5jb22CDGV4YW1wbGU5LmNv
+bYINZXhhbXBsZTEwLmNvbYINZXhhbXBsZTExLmNvbYINZXhhbXBsZTEyLmNvbYIN
+ZXhhbXBsZTEzLmNvbYINZXhhbXBsZTE0LmNvbYINZXhhbXBsZTE1LmNvbYINZXhh
+bXBsZTE2LmNvbYINZXhhbXBsZTE3LmNvbYINZXhhbXBsZTE4LmNvbYINZXhhbXBs
+ZTE5LmNvbYINZXhhbXBsZTIwLmNvbYINZXhhbXBsZTIxLmNvbYINZXhhbXBsZTIy
+LmNvbYINZXhhbXBsZTIzLmNvbYINZXhhbXBsZTI0LmNvbYINZXhhbXBsZTI1LmNv
+bYINZXhhbXBsZTI2LmNvbYINZXhhbXBsZTI3LmNvbYINZXhhbXBsZTI4LmNvbYIN
+ZXhhbXBsZTI5LmNvbYINZXhhbXBsZTMwLmNvbYINZXhhbXBsZTMxLmNvbYINZXhh
+bXBsZTMyLmNvbYINZXhhbXBsZTMzLmNvbYINZXhhbXBsZTM0LmNvbYINZXhhbXBs
+ZTM1LmNvbYINZXhhbXBsZTM2LmNvbYINZXhhbXBsZTM3LmNvbYINZXhhbXBsZTM4
+LmNvbYINZXhhbXBsZTM5LmNvbYINZXhhbXBsZTQwLmNvbYINZXhhbXBsZTQxLmNv
+bYINZXhhbXBsZTQyLmNvbYINZXhhbXBsZTQzLmNvbYINZXhhbXBsZTQ0LmNvbYIN
+ZXhhbXBsZTQ1LmNvbYINZXhhbXBsZTQ2LmNvbYINZXhhbXBsZTQ3LmNvbYINZXhh
+bXBsZTQ4LmNvbYINZXhhbXBsZTQ5LmNvbYINZXhhbXBsZTUwLmNvbYINZXhhbXBs
+ZTUxLmNvbYINZXhhbXBsZTUyLmNvbYINZXhhbXBsZTUzLmNvbYINZXhhbXBsZTU0
+LmNvbYINZXhhbXBsZTU1LmNvbYINZXhhbXBsZTU2LmNvbYINZXhhbXBsZTU3LmNv
+bYINZXhhbXBsZTU4LmNvbYINZXhhbXBsZTU5LmNvbYINZXhhbXBsZTYwLmNvbYIN
+ZXhhbXBsZTYxLmNvbYINZXhhbXBsZTYyLmNvbYINZXhhbXBsZTYzLmNvbYINZXhh
+bXBsZTY0LmNvbYINZXhhbXBsZTY1LmNvbYINZXhhbXBsZTY2LmNvbYINZXhhbXBs
+ZTY3LmNvbYINZXhhbXBsZTY4LmNvbYINZXhhbXBsZTY5LmNvbYINZXhhbXBsZTcw
+LmNvbYINZXhhbXBsZTcxLmNvbYINZXhhbXBsZTcyLmNvbYINZXhhbXBsZTczLmNv
+bYINZXhhbXBsZTc0LmNvbYINZXhhbXBsZTc1LmNvbYINZXhhbXBsZTc2LmNvbYIN
+ZXhhbXBsZTc3LmNvbYINZXhhbXBsZTc4LmNvbYINZXhhbXBsZTc5LmNvbYINZXhh
+bXBsZTgwLmNvbYINZXhhbXBsZTgxLmNvbYINZXhhbXBsZTgyLmNvbYINZXhhbXBs
+ZTgzLmNvbYINZXhhbXBsZTg0LmNvbYINZXhhbXBsZTg1LmNvbYINZXhhbXBsZTg2
+LmNvbYINZXhhbXBsZTg3LmNvbYINZXhhbXBsZTg4LmNvbYINZXhhbXBsZTg5LmNv
+bYINZXhhbXBsZTkwLmNvbYINZXhhbXBsZTkxLmNvbYINZXhhbXBsZTkyLmNvbYIN
+ZXhhbXBsZTkzLmNvbYINZXhhbXBsZTk0LmNvbYINZXhhbXBsZTk1LmNvbYINZXhh
+bXBsZTk2LmNvbYINZXhhbXBsZTk3LmNvbYINZXhhbXBsZTk4LmNvbYINZXhhbXBs
+ZTk5LmNvbYIOZXhhbXBsZTEwMC5jb22CDmV4YW1wbGUxMDEuY29tgg5leGFtcGxl
+MTAyLmNvbYIOZXhhbXBsZTEwMy5jb22CDmV4YW1wbGUxMDQuY29tgg5leGFtcGxl
+MTA1LmNvbYIOZXhhbXBsZTEwNi5jb22CDmV4YW1wbGUxMDcuY29tgg5leGFtcGxl
+MTA4LmNvbYIOZXhhbXBsZTEwOS5jb22CDmV4YW1wbGUxMTAuY29tgg5leGFtcGxl
+MTExLmNvbYIOZXhhbXBsZTExMi5jb22CDmV4YW1wbGUxMTMuY29tgg5leGFtcGxl
+MTE0LmNvbYIOZXhhbXBsZTExNS5jb22CDmV4YW1wbGUxMTYuY29tgg5leGFtcGxl
+MTE3LmNvbYIOZXhhbXBsZTExOC5jb22CDmV4YW1wbGUxMTkuY29tgg5leGFtcGxl
+MTIwLmNvbYIOZXhhbXBsZTEyMS5jb22CDmV4YW1wbGUxMjIuY29tgg5leGFtcGxl
+MTIzLmNvbYIOZXhhbXBsZTEyNC5jb22CDmV4YW1wbGUxMjUuY29tgg5leGFtcGxl
+MTI2LmNvbYIOZXhhbXBsZTEyNy5jb22CDmV4YW1wbGUxMjguY29tgg5leGFtcGxl
+MTI5LmNvbYIOZXhhbXBsZTEzMC5jb22CDmV4YW1wbGUxMzEuY29tgg5leGFtcGxl
+MTMyLmNvbYIOZXhhbXBsZTEzMy5jb22CDmV4YW1wbGUxMzQuY29tgg5leGFtcGxl
+MTM1LmNvbYIOZXhhbXBsZTEzNi5jb22CDmV4YW1wbGUxMzcuY29tgg5leGFtcGxl
+MTM4LmNvbYIOZXhhbXBsZTEzOS5jb22CDmV4YW1wbGUxNDAuY29tgg5leGFtcGxl
+MTQxLmNvbYIOZXhhbXBsZTE0Mi5jb22CDmV4YW1wbGUxNDMuY29tgg5leGFtcGxl
+MTQ0LmNvbYIOZXhhbXBsZTE0NS5jb22CDmV4YW1wbGUxNDYuY29tgg5leGFtcGxl
+MTQ3LmNvbYIOZXhhbXBsZTE0OC5jb22CDmV4YW1wbGUxNDkuY29tgg5leGFtcGxl
+MTUwLmNvbYIOZXhhbXBsZTE1MS5jb22CDmV4YW1wbGUxNTIuY29tgg5leGFtcGxl
+MTUzLmNvbYIOZXhhbXBsZTE1NC5jb22CDmV4YW1wbGUxNTUuY29tgg5leGFtcGxl
+MTU2LmNvbYIOZXhhbXBsZTE1Ny5jb22CDmV4YW1wbGUxNTguY29tgg5leGFtcGxl
+MTU5LmNvbYIOZXhhbXBsZTE2MC5jb22CDmV4YW1wbGUxNjEuY29tgg5leGFtcGxl
+MTYyLmNvbYIOZXhhbXBsZTE2My5jb22CDmV4YW1wbGUxNjQuY29tgg5leGFtcGxl
+MTY1LmNvbYIOZXhhbXBsZTE2Ni5jb22CDmV4YW1wbGUxNjcuY29tgg5leGFtcGxl
+MTY4LmNvbYIOZXhhbXBsZTE2OS5jb22CDmV4YW1wbGUxNzAuY29tgg5leGFtcGxl
+MTcxLmNvbYIOZXhhbXBsZTE3Mi5jb22CDmV4YW1wbGUxNzMuY29tgg5leGFtcGxl
+MTc0LmNvbYIOZXhhbXBsZTE3NS5jb22CDmV4YW1wbGUxNzYuY29tgg5leGFtcGxl
+MTc3LmNvbYIOZXhhbXBsZTE3OC5jb22CDmV4YW1wbGUxNzkuY29tgg5leGFtcGxl
+MTgwLmNvbYIOZXhhbXBsZTE4MS5jb22CDmV4YW1wbGUxODIuY29tgg5leGFtcGxl
+MTgzLmNvbYIOZXhhbXBsZTE4NC5jb22CDmV4YW1wbGUxODUuY29tgg5leGFtcGxl
+MTg2LmNvbYIOZXhhbXBsZTE4Ny5jb22CDmV4YW1wbGUxODguY29tgg5leGFtcGxl
+MTg5LmNvbYIOZXhhbXBsZTE5MC5jb22CDmV4YW1wbGUxOTEuY29tgg5leGFtcGxl
+MTkyLmNvbYIOZXhhbXBsZTE5My5jb22CDmV4YW1wbGUxOTQuY29tgg5leGFtcGxl
+MTk1LmNvbYIOZXhhbXBsZTE5Ni5jb22CDmV4YW1wbGUxOTcuY29tgg5leGFtcGxl
+MTk4LmNvbYIOZXhhbXBsZTE5OS5jb22CDmV4YW1wbGUyMDAuY29tgg5leGFtcGxl
+MjAxLmNvbYIOZXhhbXBsZTIwMi5jb22CDmV4YW1wbGUyMDMuY29tgg5leGFtcGxl
+MjA0LmNvbYIOZXhhbXBsZTIwNS5jb22CDmV4YW1wbGUyMDYuY29tgg5leGFtcGxl
+MjA3LmNvbYIOZXhhbXBsZTIwOC5jb22CDmV4YW1wbGUyMDkuY29tgg5leGFtcGxl
+MjEwLmNvbYIOZXhhbXBsZTIxMS5jb22CDmV4YW1wbGUyMTIuY29tgg5leGFtcGxl
+MjEzLmNvbYIOZXhhbXBsZTIxNC5jb22CDmV4YW1wbGUyMTUuY29tgg5leGFtcGxl
+MjE2LmNvbYIOZXhhbXBsZTIxNy5jb22CDmV4YW1wbGUyMTguY29tgg5leGFtcGxl
+MjE5LmNvbYIOZXhhbXBsZTIyMC5jb22CDmV4YW1wbGUyMjEuY29tgg5leGFtcGxl
+MjIyLmNvbYIOZXhhbXBsZTIyMy5jb22CDmV4YW1wbGUyMjQuY29tgg5leGFtcGxl
+MjI1LmNvbYIOZXhhbXBsZTIyNi5jb22CDmV4YW1wbGUyMjcuY29tgg5leGFtcGxl
+MjI4LmNvbYIOZXhhbXBsZTIyOS5jb22CDmV4YW1wbGUyMzAuY29tgg5leGFtcGxl
+MjMxLmNvbYIOZXhhbXBsZTIzMi5jb22CDmV4YW1wbGUyMzMuY29tgg5leGFtcGxl
+MjM0LmNvbYIOZXhhbXBsZTIzNS5jb22CDmV4YW1wbGUyMzYuY29tgg5leGFtcGxl
+MjM3LmNvbYIOZXhhbXBsZTIzOC5jb22CDmV4YW1wbGUyMzkuY29tgg5leGFtcGxl
+MjQwLmNvbYIOZXhhbXBsZTI0MS5jb22CDmV4YW1wbGUyNDIuY29tgg5leGFtcGxl
+MjQzLmNvbYIOZXhhbXBsZTI0NC5jb22CDmV4YW1wbGUyNDUuY29tgg5leGFtcGxl
+MjQ2LmNvbYIOZXhhbXBsZTI0Ny5jb22CDmV4YW1wbGUyNDguY29tgg5leGFtcGxl
+MjQ5LmNvbYIOZXhhbXBsZTI1MC5jb22CDmV4YW1wbGUyNTEuY29tgg5leGFtcGxl
+MjUyLmNvbYIOZXhhbXBsZTI1My5jb22CDmV4YW1wbGUyNTQuY29tgg5leGFtcGxl
+MjU1LmNvbYIOZXhhbXBsZTI1Ni5jb22CDmV4YW1wbGUyNTcuY29tgg5leGFtcGxl
+MjU4LmNvbYIOZXhhbXBsZTI1OS5jb22CDmV4YW1wbGUyNjAuY29tgg5leGFtcGxl
+MjYxLmNvbYIOZXhhbXBsZTI2Mi5jb22CDmV4YW1wbGUyNjMuY29tgg5leGFtcGxl
+MjY0LmNvbYIOZXhhbXBsZTI2NS5jb22CDmV4YW1wbGUyNjYuY29tgg5leGFtcGxl
+MjY3LmNvbYIOZXhhbXBsZTI2OC5jb22CDmV4YW1wbGUyNjkuY29tgg5leGFtcGxl
+MjcwLmNvbYIOZXhhbXBsZTI3MS5jb22CDmV4YW1wbGUyNzIuY29tgg5leGFtcGxl
+MjczLmNvbYIOZXhhbXBsZTI3NC5jb22CDmV4YW1wbGUyNzUuY29tgg5leGFtcGxl
+Mjc2LmNvbYIOZXhhbXBsZTI3Ny5jb22CDmV4YW1wbGUyNzguY29tgg5leGFtcGxl
+Mjc5LmNvbYIOZXhhbXBsZTI4MC5jb22CDmV4YW1wbGUyODEuY29tgg5leGFtcGxl
+MjgyLmNvbYIOZXhhbXBsZTI4My5jb22CDmV4YW1wbGUyODQuY29tgg5leGFtcGxl
+Mjg1LmNvbYIOZXhhbXBsZTI4Ni5jb22CDmV4YW1wbGUyODcuY29tgg5leGFtcGxl
+Mjg4LmNvbYIOZXhhbXBsZTI4OS5jb22CDmV4YW1wbGUyOTAuY29tgg5leGFtcGxl
+MjkxLmNvbYIOZXhhbXBsZTI5Mi5jb22CDmV4YW1wbGUyOTMuY29tgg5leGFtcGxl
+Mjk0LmNvbYIOZXhhbXBsZTI5NS5jb22CDmV4YW1wbGUyOTYuY29tgg5leGFtcGxl
+Mjk3LmNvbYIOZXhhbXBsZTI5OC5jb22CDmV4YW1wbGUyOTkuY29tgg5leGFtcGxl
+MzAwLmNvbYIOZXhhbXBsZTMwMS5jb22CDmV4YW1wbGUzMDIuY29tgg5leGFtcGxl
+MzAzLmNvbYIOZXhhbXBsZTMwNC5jb22CDmV4YW1wbGUzMDUuY29tgg5leGFtcGxl
+MzA2LmNvbYIOZXhhbXBsZTMwNy5jb22CDmV4YW1wbGUzMDguY29tgg5leGFtcGxl
+MzA5LmNvbYIOZXhhbXBsZTMxMC5jb22CDmV4YW1wbGUzMTEuY29tgg5leGFtcGxl
+MzEyLmNvbYIOZXhhbXBsZTMxMy5jb22CDmV4YW1wbGUzMTQuY29tgg5leGFtcGxl
+MzE1LmNvbYIOZXhhbXBsZTMxNi5jb22CDmV4YW1wbGUzMTcuY29tgg5leGFtcGxl
+MzE4LmNvbYIOZXhhbXBsZTMxOS5jb22CDmV4YW1wbGUzMjAuY29tgg5leGFtcGxl
+MzIxLmNvbYIOZXhhbXBsZTMyMi5jb22CDmV4YW1wbGUzMjMuY29tgg5leGFtcGxl
+MzI0LmNvbYIOZXhhbXBsZTMyNS5jb22CDmV4YW1wbGUzMjYuY29tgg5leGFtcGxl
+MzI3LmNvbYIOZXhhbXBsZTMyOC5jb22CDmV4YW1wbGUzMjkuY29tgg5leGFtcGxl
+MzMwLmNvbYIOZXhhbXBsZTMzMS5jb22CDmV4YW1wbGUzMzIuY29tgg5leGFtcGxl
+MzMzLmNvbYIOZXhhbXBsZTMzNC5jb22CDmV4YW1wbGUzMzUuY29tgg5leGFtcGxl
+MzM2LmNvbYIOZXhhbXBsZTMzNy5jb22CDmV4YW1wbGUzMzguY29tgg5leGFtcGxl
+MzM5LmNvbYIOZXhhbXBsZTM0MC5jb22CDmV4YW1wbGUzNDEuY29tgg5leGFtcGxl
+MzQyLmNvbYIOZXhhbXBsZTM0My5jb22CDmV4YW1wbGUzNDQuY29tgg5leGFtcGxl
+MzQ1LmNvbYIOZXhhbXBsZTM0Ni5jb22CDmV4YW1wbGUzNDcuY29tgg5leGFtcGxl
+MzQ4LmNvbYIOZXhhbXBsZTM0OS5jb22CDmV4YW1wbGUzNTAuY29tgg5leGFtcGxl
+MzUxLmNvbYIOZXhhbXBsZTM1Mi5jb22CDmV4YW1wbGUzNTMuY29tgg5leGFtcGxl
+MzU0LmNvbYIOZXhhbXBsZTM1NS5jb22CDmV4YW1wbGUzNTYuY29tgg5leGFtcGxl
+MzU3LmNvbYIOZXhhbXBsZTM1OC5jb22CDmV4YW1wbGUzNTkuY29tgg5leGFtcGxl
+MzYwLmNvbYIOZXhhbXBsZTM2MS5jb22CDmV4YW1wbGUzNjIuY29tgg5leGFtcGxl
+MzYzLmNvbYIOZXhhbXBsZTM2NC5jb22CDmV4YW1wbGUzNjUuY29tgg5leGFtcGxl
+MzY2LmNvbYIOZXhhbXBsZTM2Ny5jb22CDmV4YW1wbGUzNjguY29tgg5leGFtcGxl
+MzY5LmNvbYIOZXhhbXBsZTM3MC5jb22CDmV4YW1wbGUzNzEuY29tgg5leGFtcGxl
+MzcyLmNvbYIOZXhhbXBsZTM3My5jb22CDmV4YW1wbGUzNzQuY29tgg5leGFtcGxl
+Mzc1LmNvbYIOZXhhbXBsZTM3Ni5jb22CDmV4YW1wbGUzNzcuY29tgg5leGFtcGxl
+Mzc4LmNvbYIOZXhhbXBsZTM3OS5jb22CDmV4YW1wbGUzODAuY29tgg5leGFtcGxl
+MzgxLmNvbYIOZXhhbXBsZTM4Mi5jb22CDmV4YW1wbGUzODMuY29tgg5leGFtcGxl
+Mzg0LmNvbYIOZXhhbXBsZTM4NS5jb22CDmV4YW1wbGUzODYuY29tgg5leGFtcGxl
+Mzg3LmNvbYIOZXhhbXBsZTM4OC5jb22CDmV4YW1wbGUzODkuY29tgg5leGFtcGxl
+MzkwLmNvbYIOZXhhbXBsZTM5MS5jb22CDmV4YW1wbGUzOTIuY29tgg5leGFtcGxl
+MzkzLmNvbYIOZXhhbXBsZTM5NC5jb22CDmV4YW1wbGUzOTUuY29tgg5leGFtcGxl
+Mzk2LmNvbYIOZXhhbXBsZTM5Ny5jb22CDmV4YW1wbGUzOTguY29tgg5leGFtcGxl
+Mzk5LmNvbYIOZXhhbXBsZTQwMC5jb22CDmV4YW1wbGU0MDEuY29tgg5leGFtcGxl
+NDAyLmNvbYIOZXhhbXBsZTQwMy5jb22CDmV4YW1wbGU0MDQuY29tgg5leGFtcGxl
+NDA1LmNvbYIOZXhhbXBsZTQwNi5jb22CDmV4YW1wbGU0MDcuY29tgg5leGFtcGxl
+NDA4LmNvbYIOZXhhbXBsZTQwOS5jb22CDmV4YW1wbGU0MTAuY29tgg5leGFtcGxl
+NDExLmNvbYIOZXhhbXBsZTQxMi5jb22CDmV4YW1wbGU0MTMuY29tgg5leGFtcGxl
+NDE0LmNvbYIOZXhhbXBsZTQxNS5jb22CDmV4YW1wbGU0MTYuY29tgg5leGFtcGxl
+NDE3LmNvbYIOZXhhbXBsZTQxOC5jb22CDmV4YW1wbGU0MTkuY29tgg5leGFtcGxl
+NDIwLmNvbYIOZXhhbXBsZTQyMS5jb22CDmV4YW1wbGU0MjIuY29tgg5leGFtcGxl
+NDIzLmNvbYIOZXhhbXBsZTQyNC5jb22CDmV4YW1wbGU0MjUuY29tgg5leGFtcGxl
+NDI2LmNvbYIOZXhhbXBsZTQyNy5jb22CDmV4YW1wbGU0MjguY29tgg5leGFtcGxl
+NDI5LmNvbYIOZXhhbXBsZTQzMC5jb22CDmV4YW1wbGU0MzEuY29tgg5leGFtcGxl
+NDMyLmNvbYIOZXhhbXBsZTQzMy5jb22CDmV4YW1wbGU0MzQuY29tgg5leGFtcGxl
+NDM1LmNvbYIOZXhhbXBsZTQzNi5jb22CDmV4YW1wbGU0MzcuY29tgg5leGFtcGxl
+NDM4LmNvbYIOZXhhbXBsZTQzOS5jb22CDmV4YW1wbGU0NDAuY29tgg5leGFtcGxl
+NDQxLmNvbYIOZXhhbXBsZTQ0Mi5jb22CDmV4YW1wbGU0NDMuY29tgg5leGFtcGxl
+NDQ0LmNvbYIOZXhhbXBsZTQ0NS5jb22CDmV4YW1wbGU0NDYuY29tgg5leGFtcGxl
+NDQ3LmNvbYIOZXhhbXBsZTQ0OC5jb22CDmV4YW1wbGU0NDkuY29tgg5leGFtcGxl
+NDUwLmNvbYIOZXhhbXBsZTQ1MS5jb22CDmV4YW1wbGU0NTIuY29tgg5leGFtcGxl
+NDUzLmNvbYIOZXhhbXBsZTQ1NC5jb22CDmV4YW1wbGU0NTUuY29tgg5leGFtcGxl
+NDU2LmNvbYIOZXhhbXBsZTQ1Ny5jb22CDmV4YW1wbGU0NTguY29tgg5leGFtcGxl
+NDU5LmNvbYIOZXhhbXBsZTQ2MC5jb22CDmV4YW1wbGU0NjEuY29tgg5leGFtcGxl
+NDYyLmNvbYIOZXhhbXBsZTQ2My5jb22CDmV4YW1wbGU0NjQuY29tgg5leGFtcGxl
+NDY1LmNvbYIOZXhhbXBsZTQ2Ni5jb22CDmV4YW1wbGU0NjcuY29tgg5leGFtcGxl
+NDY4LmNvbYIOZXhhbXBsZTQ2OS5jb22CDmV4YW1wbGU0NzAuY29tgg5leGFtcGxl
+NDcxLmNvbYIOZXhhbXBsZTQ3Mi5jb22CDmV4YW1wbGU0NzMuY29tgg5leGFtcGxl
+NDc0LmNvbYIOZXhhbXBsZTQ3NS5jb22CDmV4YW1wbGU0NzYuY29tgg5leGFtcGxl
+NDc3LmNvbYIOZXhhbXBsZTQ3OC5jb22CDmV4YW1wbGU0NzkuY29tgg5leGFtcGxl
+NDgwLmNvbYIOZXhhbXBsZTQ4MS5jb22CDmV4YW1wbGU0ODIuY29tgg5leGFtcGxl
+NDgzLmNvbYIOZXhhbXBsZTQ4NC5jb22CDmV4YW1wbGU0ODUuY29tgg5leGFtcGxl
+NDg2LmNvbYIOZXhhbXBsZTQ4Ny5jb22CDmV4YW1wbGU0ODguY29tgg5leGFtcGxl
+NDg5LmNvbYIOZXhhbXBsZTQ5MC5jb22CDmV4YW1wbGU0OTEuY29tgg5leGFtcGxl
+NDkyLmNvbYIOZXhhbXBsZTQ5My5jb22CDmV4YW1wbGU0OTQuY29tgg5leGFtcGxl
+NDk1LmNvbYIOZXhhbXBsZTQ5Ni5jb22CDmV4YW1wbGU0OTcuY29tgg5leGFtcGxl
+NDk4LmNvbYIOZXhhbXBsZTQ5OS5jb22CDmV4YW1wbGU1MDAuY29tgg5leGFtcGxl
+NTAxLmNvbYIOZXhhbXBsZTUwMi5jb22CDmV4YW1wbGU1MDMuY29tgg5leGFtcGxl
+NTA0LmNvbYIOZXhhbXBsZTUwNS5jb22CDmV4YW1wbGU1MDYuY29tgg5leGFtcGxl
+NTA3LmNvbYIOZXhhbXBsZTUwOC5jb22CDmV4YW1wbGU1MDkuY29tgg5leGFtcGxl
+NTEwLmNvbYIOZXhhbXBsZTUxMS5jb22CDmV4YW1wbGU1MTIuY29tgg5leGFtcGxl
+NTEzLmNvbYIOZXhhbXBsZTUxNC5jb22CDmV4YW1wbGU1MTUuY29tgg5leGFtcGxl
+NTE2LmNvbYIOZXhhbXBsZTUxNy5jb22CDmV4YW1wbGU1MTguY29tgg5leGFtcGxl
+NTE5LmNvbYIOZXhhbXBsZTUyMC5jb22CDmV4YW1wbGU1MjEuY29tgg5leGFtcGxl
+NTIyLmNvbYIOZXhhbXBsZTUyMy5jb22CDmV4YW1wbGU1MjQuY29tgg5leGFtcGxl
+NTI1LmNvbYIOZXhhbXBsZTUyNi5jb22CDmV4YW1wbGU1MjcuY29tgg5leGFtcGxl
+NTI4LmNvbYIOZXhhbXBsZTUyOS5jb22CDmV4YW1wbGU1MzAuY29tgg5leGFtcGxl
+NTMxLmNvbYIOZXhhbXBsZTUzMi5jb22CDmV4YW1wbGU1MzMuY29tgg5leGFtcGxl
+NTM0LmNvbYIOZXhhbXBsZTUzNS5jb22CDmV4YW1wbGU1MzYuY29tgg5leGFtcGxl
+NTM3LmNvbYIOZXhhbXBsZTUzOC5jb22CDmV4YW1wbGU1MzkuY29tgg5leGFtcGxl
+NTQwLmNvbYIOZXhhbXBsZTU0MS5jb22CDmV4YW1wbGU1NDIuY29tgg5leGFtcGxl
+NTQzLmNvbYIOZXhhbXBsZTU0NC5jb22CDmV4YW1wbGU1NDUuY29tgg5leGFtcGxl
+NTQ2LmNvbYIOZXhhbXBsZTU0Ny5jb22CDmV4YW1wbGU1NDguY29tgg5leGFtcGxl
+NTQ5LmNvbYIOZXhhbXBsZTU1MC5jb22CDmV4YW1wbGU1NTEuY29tgg5leGFtcGxl
+NTUyLmNvbYIOZXhhbXBsZTU1My5jb22CDmV4YW1wbGU1NTQuY29tgg5leGFtcGxl
+NTU1LmNvbYIOZXhhbXBsZTU1Ni5jb22CDmV4YW1wbGU1NTcuY29tgg5leGFtcGxl
+NTU4LmNvbYIOZXhhbXBsZTU1OS5jb22CDmV4YW1wbGU1NjAuY29tgg5leGFtcGxl
+NTYxLmNvbYIOZXhhbXBsZTU2Mi5jb22CDmV4YW1wbGU1NjMuY29tgg5leGFtcGxl
+NTY0LmNvbYIOZXhhbXBsZTU2NS5jb22CDmV4YW1wbGU1NjYuY29tgg5leGFtcGxl
+NTY3LmNvbYIOZXhhbXBsZTU2OC5jb22CDmV4YW1wbGU1NjkuY29tgg5leGFtcGxl
+NTcwLmNvbYIOZXhhbXBsZTU3MS5jb22CDmV4YW1wbGU1NzIuY29tgg5leGFtcGxl
+NTczLmNvbYIOZXhhbXBsZTU3NC5jb22CDmV4YW1wbGU1NzUuY29tgg5leGFtcGxl
+NTc2LmNvbYIOZXhhbXBsZTU3Ny5jb22CDmV4YW1wbGU1NzguY29tgg5leGFtcGxl
+NTc5LmNvbYIOZXhhbXBsZTU4MC5jb22CDmV4YW1wbGU1ODEuY29tgg5leGFtcGxl
+NTgyLmNvbYIOZXhhbXBsZTU4My5jb22CDmV4YW1wbGU1ODQuY29tgg5leGFtcGxl
+NTg1LmNvbYIOZXhhbXBsZTU4Ni5jb22CDmV4YW1wbGU1ODcuY29tgg5leGFtcGxl
+NTg4LmNvbYIOZXhhbXBsZTU4OS5jb22CDmV4YW1wbGU1OTAuY29tgg5leGFtcGxl
+NTkxLmNvbYIOZXhhbXBsZTU5Mi5jb22CDmV4YW1wbGU1OTMuY29tgg5leGFtcGxl
+NTk0LmNvbYIOZXhhbXBsZTU5NS5jb22CDmV4YW1wbGU1OTYuY29tgg5leGFtcGxl
+NTk3LmNvbYIOZXhhbXBsZTU5OC5jb22CDmV4YW1wbGU1OTkuY29tgg5leGFtcGxl
+NjAwLmNvbYIOZXhhbXBsZTYwMS5jb22CDmV4YW1wbGU2MDIuY29tgg5leGFtcGxl
+NjAzLmNvbYIOZXhhbXBsZTYwNC5jb22CDmV4YW1wbGU2MDUuY29tgg5leGFtcGxl
+NjA2LmNvbYIOZXhhbXBsZTYwNy5jb22CDmV4YW1wbGU2MDguY29tgg5leGFtcGxl
+NjA5LmNvbYIOZXhhbXBsZTYxMC5jb22CDmV4YW1wbGU2MTEuY29tgg5leGFtcGxl
+NjEyLmNvbYIOZXhhbXBsZTYxMy5jb22CDmV4YW1wbGU2MTQuY29tgg5leGFtcGxl
+NjE1LmNvbYIOZXhhbXBsZTYxNi5jb22CDmV4YW1wbGU2MTcuY29tgg5leGFtcGxl
+NjE4LmNvbYIOZXhhbXBsZTYxOS5jb22CDmV4YW1wbGU2MjAuY29tgg5leGFtcGxl
+NjIxLmNvbYIOZXhhbXBsZTYyMi5jb22CDmV4YW1wbGU2MjMuY29tgg5leGFtcGxl
+NjI0LmNvbYIOZXhhbXBsZTYyNS5jb22CDmV4YW1wbGU2MjYuY29tgg5leGFtcGxl
+NjI3LmNvbYIOZXhhbXBsZTYyOC5jb22CDmV4YW1wbGU2MjkuY29tgg5leGFtcGxl
+NjMwLmNvbYIOZXhhbXBsZTYzMS5jb22CDmV4YW1wbGU2MzIuY29tgg5leGFtcGxl
+NjMzLmNvbYIOZXhhbXBsZTYzNC5jb22CDmV4YW1wbGU2MzUuY29tgg5leGFtcGxl
+NjM2LmNvbYIOZXhhbXBsZTYzNy5jb22CDmV4YW1wbGU2MzguY29tgg5leGFtcGxl
+NjM5LmNvbYIOZXhhbXBsZTY0MC5jb22CDmV4YW1wbGU2NDEuY29tgg5leGFtcGxl
+NjQyLmNvbYIOZXhhbXBsZTY0My5jb22CDmV4YW1wbGU2NDQuY29tgg5leGFtcGxl
+NjQ1LmNvbYIOZXhhbXBsZTY0Ni5jb22CDmV4YW1wbGU2NDcuY29tgg5leGFtcGxl
+NjQ4LmNvbYIOZXhhbXBsZTY0OS5jb22CDmV4YW1wbGU2NTAuY29tgg5leGFtcGxl
+NjUxLmNvbYIOZXhhbXBsZTY1Mi5jb22CDmV4YW1wbGU2NTMuY29tgg5leGFtcGxl
+NjU0LmNvbYIOZXhhbXBsZTY1NS5jb22CDmV4YW1wbGU2NTYuY29tgg5leGFtcGxl
+NjU3LmNvbYIOZXhhbXBsZTY1OC5jb22CDmV4YW1wbGU2NTkuY29tgg5leGFtcGxl
+NjYwLmNvbYIOZXhhbXBsZTY2MS5jb22CDmV4YW1wbGU2NjIuY29tgg5leGFtcGxl
+NjYzLmNvbYIOZXhhbXBsZTY2NC5jb22CDmV4YW1wbGU2NjUuY29tgg5leGFtcGxl
+NjY2LmNvbYIOZXhhbXBsZTY2Ny5jb22CDmV4YW1wbGU2NjguY29tgg5leGFtcGxl
+NjY5LmNvbYIOZXhhbXBsZTY3MC5jb22CDmV4YW1wbGU2NzEuY29tgg5leGFtcGxl
+NjcyLmNvbYIOZXhhbXBsZTY3My5jb22CDmV4YW1wbGU2NzQuY29tgg5leGFtcGxl
+Njc1LmNvbYIOZXhhbXBsZTY3Ni5jb22CDmV4YW1wbGU2NzcuY29tgg5leGFtcGxl
+Njc4LmNvbYIOZXhhbXBsZTY3OS5jb22CDmV4YW1wbGU2ODAuY29tgg5leGFtcGxl
+NjgxLmNvbYIOZXhhbXBsZTY4Mi5jb22CDmV4YW1wbGU2ODMuY29tgg5leGFtcGxl
+Njg0LmNvbYIOZXhhbXBsZTY4NS5jb22CDmV4YW1wbGU2ODYuY29tgg5leGFtcGxl
+Njg3LmNvbYIOZXhhbXBsZTY4OC5jb22CDmV4YW1wbGU2ODkuY29tgg5leGFtcGxl
+NjkwLmNvbYIOZXhhbXBsZTY5MS5jb22CDmV4YW1wbGU2OTIuY29tgg5leGFtcGxl
+NjkzLmNvbYIOZXhhbXBsZTY5NC5jb22CDmV4YW1wbGU2OTUuY29tgg5leGFtcGxl
+Njk2LmNvbYIOZXhhbXBsZTY5Ny5jb22CDmV4YW1wbGU2OTguY29tgg5leGFtcGxl
+Njk5LmNvbYIOZXhhbXBsZTcwMC5jb22CDmV4YW1wbGU3MDEuY29tgg5leGFtcGxl
+NzAyLmNvbYIOZXhhbXBsZTcwMy5jb22CDmV4YW1wbGU3MDQuY29tgg5leGFtcGxl
+NzA1LmNvbYIOZXhhbXBsZTcwNi5jb22CDmV4YW1wbGU3MDcuY29tgg5leGFtcGxl
+NzA4LmNvbYIOZXhhbXBsZTcwOS5jb22CDmV4YW1wbGU3MTAuY29tgg5leGFtcGxl
+NzExLmNvbYIOZXhhbXBsZTcxMi5jb22CDmV4YW1wbGU3MTMuY29tgg5leGFtcGxl
+NzE0LmNvbYIOZXhhbXBsZTcxNS5jb22CDmV4YW1wbGU3MTYuY29tgg5leGFtcGxl
+NzE3LmNvbYIOZXhhbXBsZTcxOC5jb22CDmV4YW1wbGU3MTkuY29tgg5leGFtcGxl
+NzIwLmNvbYIOZXhhbXBsZTcyMS5jb22CDmV4YW1wbGU3MjIuY29tgg5leGFtcGxl
+NzIzLmNvbYIOZXhhbXBsZTcyNC5jb22CDmV4YW1wbGU3MjUuY29tgg5leGFtcGxl
+NzI2LmNvbYIOZXhhbXBsZTcyNy5jb22CDmV4YW1wbGU3MjguY29tgg5leGFtcGxl
+NzI5LmNvbYIOZXhhbXBsZTczMC5jb22CDmV4YW1wbGU3MzEuY29tgg5leGFtcGxl
+NzMyLmNvbYIOZXhhbXBsZTczMy5jb22CDmV4YW1wbGU3MzQuY29tgg5leGFtcGxl
+NzM1LmNvbYIOZXhhbXBsZTczNi5jb22CDmV4YW1wbGU3MzcuY29tgg5leGFtcGxl
+NzM4LmNvbYIOZXhhbXBsZTczOS5jb22CDmV4YW1wbGU3NDAuY29tgg5leGFtcGxl
+NzQxLmNvbYIOZXhhbXBsZTc0Mi5jb22CDmV4YW1wbGU3NDMuY29tgg5leGFtcGxl
+NzQ0LmNvbYIOZXhhbXBsZTc0NS5jb22CDmV4YW1wbGU3NDYuY29tgg5leGFtcGxl
+NzQ3LmNvbYIOZXhhbXBsZTc0OC5jb22CDmV4YW1wbGU3NDkuY29tgg5leGFtcGxl
+NzUwLmNvbYIOZXhhbXBsZTc1MS5jb22CDmV4YW1wbGU3NTIuY29tgg5leGFtcGxl
+NzUzLmNvbYIOZXhhbXBsZTc1NC5jb22CDmV4YW1wbGU3NTUuY29tgg5leGFtcGxl
+NzU2LmNvbYIOZXhhbXBsZTc1Ny5jb22CDmV4YW1wbGU3NTguY29tgg5leGFtcGxl
+NzU5LmNvbYIOZXhhbXBsZTc2MC5jb22CDmV4YW1wbGU3NjEuY29tgg5leGFtcGxl
+NzYyLmNvbYIOZXhhbXBsZTc2My5jb22CDmV4YW1wbGU3NjQuY29tgg5leGFtcGxl
+NzY1LmNvbYIOZXhhbXBsZTc2Ni5jb22CDmV4YW1wbGU3NjcuY29tgg5leGFtcGxl
+NzY4LmNvbYIOZXhhbXBsZTc2OS5jb22CDmV4YW1wbGU3NzAuY29tgg5leGFtcGxl
+NzcxLmNvbYIOZXhhbXBsZTc3Mi5jb22CDmV4YW1wbGU3NzMuY29tgg5leGFtcGxl
+Nzc0LmNvbYIOZXhhbXBsZTc3NS5jb22CDmV4YW1wbGU3NzYuY29tgg5leGFtcGxl
+Nzc3LmNvbYIOZXhhbXBsZTc3OC5jb22CDmV4YW1wbGU3NzkuY29tgg5leGFtcGxl
+NzgwLmNvbYIOZXhhbXBsZTc4MS5jb22CDmV4YW1wbGU3ODIuY29tgg5leGFtcGxl
+NzgzLmNvbYIOZXhhbXBsZTc4NC5jb22CDmV4YW1wbGU3ODUuY29tgg5leGFtcGxl
+Nzg2LmNvbYIOZXhhbXBsZTc4Ny5jb22CDmV4YW1wbGU3ODguY29tgg5leGFtcGxl
+Nzg5LmNvbYIOZXhhbXBsZTc5MC5jb22CDmV4YW1wbGU3OTEuY29tgg5leGFtcGxl
+NzkyLmNvbYIOZXhhbXBsZTc5My5jb22CDmV4YW1wbGU3OTQuY29tgg5leGFtcGxl
+Nzk1LmNvbYIOZXhhbXBsZTc5Ni5jb22CDmV4YW1wbGU3OTcuY29tgg5leGFtcGxl
+Nzk4LmNvbYIOZXhhbXBsZTc5OS5jb22CDmV4YW1wbGU4MDAuY29tgg5leGFtcGxl
+ODAxLmNvbYIOZXhhbXBsZTgwMi5jb22CDmV4YW1wbGU4MDMuY29tgg5leGFtcGxl
+ODA0LmNvbYIOZXhhbXBsZTgwNS5jb22CDmV4YW1wbGU4MDYuY29tgg5leGFtcGxl
+ODA3LmNvbYIOZXhhbXBsZTgwOC5jb22CDmV4YW1wbGU4MDkuY29tgg5leGFtcGxl
+ODEwLmNvbYIOZXhhbXBsZTgxMS5jb22CDmV4YW1wbGU4MTIuY29tgg5leGFtcGxl
+ODEzLmNvbYIOZXhhbXBsZTgxNC5jb22CDmV4YW1wbGU4MTUuY29tgg5leGFtcGxl
+ODE2LmNvbYIOZXhhbXBsZTgxNy5jb22CDmV4YW1wbGU4MTguY29tgg5leGFtcGxl
+ODE5LmNvbYIOZXhhbXBsZTgyMC5jb22CDmV4YW1wbGU4MjEuY29tgg5leGFtcGxl
+ODIyLmNvbYIOZXhhbXBsZTgyMy5jb22CDmV4YW1wbGU4MjQuY29tgg5leGFtcGxl
+ODI1LmNvbYIOZXhhbXBsZTgyNi5jb22CDmV4YW1wbGU4MjcuY29tgg5leGFtcGxl
+ODI4LmNvbYIOZXhhbXBsZTgyOS5jb22CDmV4YW1wbGU4MzAuY29tgg5leGFtcGxl
+ODMxLmNvbYIOZXhhbXBsZTgzMi5jb22CDmV4YW1wbGU4MzMuY29tgg5leGFtcGxl
+ODM0LmNvbYIOZXhhbXBsZTgzNS5jb22CDmV4YW1wbGU4MzYuY29tgg5leGFtcGxl
+ODM3LmNvbYIOZXhhbXBsZTgzOC5jb22CDmV4YW1wbGU4MzkuY29tgg5leGFtcGxl
+ODQwLmNvbYIOZXhhbXBsZTg0MS5jb22CDmV4YW1wbGU4NDIuY29tgg5leGFtcGxl
+ODQzLmNvbYIOZXhhbXBsZTg0NC5jb22CDmV4YW1wbGU4NDUuY29tgg5leGFtcGxl
+ODQ2LmNvbYIOZXhhbXBsZTg0Ny5jb22CDmV4YW1wbGU4NDguY29tgg5leGFtcGxl
+ODQ5LmNvbYIOZXhhbXBsZTg1MC5jb22CDmV4YW1wbGU4NTEuY29tgg5leGFtcGxl
+ODUyLmNvbYIOZXhhbXBsZTg1My5jb22CDmV4YW1wbGU4NTQuY29tgg5leGFtcGxl
+ODU1LmNvbYIOZXhhbXBsZTg1Ni5jb22CDmV4YW1wbGU4NTcuY29tgg5leGFtcGxl
+ODU4LmNvbYIOZXhhbXBsZTg1OS5jb22CDmV4YW1wbGU4NjAuY29tgg5leGFtcGxl
+ODYxLmNvbYIOZXhhbXBsZTg2Mi5jb22CDmV4YW1wbGU4NjMuY29tgg5leGFtcGxl
+ODY0LmNvbYIOZXhhbXBsZTg2NS5jb22CDmV4YW1wbGU4NjYuY29tgg5leGFtcGxl
+ODY3LmNvbYIOZXhhbXBsZTg2OC5jb22CDmV4YW1wbGU4NjkuY29tgg5leGFtcGxl
+ODcwLmNvbYIOZXhhbXBsZTg3MS5jb22CDmV4YW1wbGU4NzIuY29tgg5leGFtcGxl
+ODczLmNvbYIOZXhhbXBsZTg3NC5jb22CDmV4YW1wbGU4NzUuY29tgg5leGFtcGxl
+ODc2LmNvbYIOZXhhbXBsZTg3Ny5jb22CDmV4YW1wbGU4NzguY29tgg5leGFtcGxl
+ODc5LmNvbYIOZXhhbXBsZTg4MC5jb22CDmV4YW1wbGU4ODEuY29tgg5leGFtcGxl
+ODgyLmNvbYIOZXhhbXBsZTg4My5jb22CDmV4YW1wbGU4ODQuY29tgg5leGFtcGxl
+ODg1LmNvbYIOZXhhbXBsZTg4Ni5jb22CDmV4YW1wbGU4ODcuY29tgg5leGFtcGxl
+ODg4LmNvbYIOZXhhbXBsZTg4OS5jb22CDmV4YW1wbGU4OTAuY29tgg5leGFtcGxl
+ODkxLmNvbYIOZXhhbXBsZTg5Mi5jb22CDmV4YW1wbGU4OTMuY29tgg5leGFtcGxl
+ODk0LmNvbYIOZXhhbXBsZTg5NS5jb22CDmV4YW1wbGU4OTYuY29tgg5leGFtcGxl
+ODk3LmNvbYIOZXhhbXBsZTg5OC5jb22CDmV4YW1wbGU4OTkuY29tgg5leGFtcGxl
+OTAwLmNvbYIOZXhhbXBsZTkwMS5jb22CDmV4YW1wbGU5MDIuY29tgg5leGFtcGxl
+OTAzLmNvbYIOZXhhbXBsZTkwNC5jb22CDmV4YW1wbGU5MDUuY29tgg5leGFtcGxl
+OTA2LmNvbYIOZXhhbXBsZTkwNy5jb22CDmV4YW1wbGU5MDguY29tgg5leGFtcGxl
+OTA5LmNvbYIOZXhhbXBsZTkxMC5jb22CDmV4YW1wbGU5MTEuY29tgg5leGFtcGxl
+OTEyLmNvbYIOZXhhbXBsZTkxMy5jb22CDmV4YW1wbGU5MTQuY29tgg5leGFtcGxl
+OTE1LmNvbYIOZXhhbXBsZTkxNi5jb22CDmV4YW1wbGU5MTcuY29tgg5leGFtcGxl
+OTE4LmNvbYIOZXhhbXBsZTkxOS5jb22CDmV4YW1wbGU5MjAuY29tgg5leGFtcGxl
+OTIxLmNvbYIOZXhhbXBsZTkyMi5jb22CDmV4YW1wbGU5MjMuY29tgg5leGFtcGxl
+OTI0LmNvbYIOZXhhbXBsZTkyNS5jb22CDmV4YW1wbGU5MjYuY29tgg5leGFtcGxl
+OTI3LmNvbYIOZXhhbXBsZTkyOC5jb22CDmV4YW1wbGU5MjkuY29tgg5leGFtcGxl
+OTMwLmNvbYIOZXhhbXBsZTkzMS5jb22CDmV4YW1wbGU5MzIuY29tgg5leGFtcGxl
+OTMzLmNvbYIOZXhhbXBsZTkzNC5jb22CDmV4YW1wbGU5MzUuY29tgg5leGFtcGxl
+OTM2LmNvbYIOZXhhbXBsZTkzNy5jb22CDmV4YW1wbGU5MzguY29tgg5leGFtcGxl
+OTM5LmNvbYIOZXhhbXBsZTk0MC5jb22CDmV4YW1wbGU5NDEuY29tgg5leGFtcGxl
+OTQyLmNvbYIOZXhhbXBsZTk0My5jb22CDmV4YW1wbGU5NDQuY29tgg5leGFtcGxl
+OTQ1LmNvbYIOZXhhbXBsZTk0Ni5jb22CDmV4YW1wbGU5NDcuY29tgg5leGFtcGxl
+OTQ4LmNvbYIOZXhhbXBsZTk0OS5jb22CDmV4YW1wbGU5NTAuY29tgg5leGFtcGxl
+OTUxLmNvbYIOZXhhbXBsZTk1Mi5jb22CDmV4YW1wbGU5NTMuY29tgg5leGFtcGxl
+OTU0LmNvbYIOZXhhbXBsZTk1NS5jb22CDmV4YW1wbGU5NTYuY29tgg5leGFtcGxl
+OTU3LmNvbYIOZXhhbXBsZTk1OC5jb22CDmV4YW1wbGU5NTkuY29tgg5leGFtcGxl
+OTYwLmNvbYIOZXhhbXBsZTk2MS5jb22CDmV4YW1wbGU5NjIuY29tgg5leGFtcGxl
+OTYzLmNvbYIOZXhhbXBsZTk2NC5jb22CDmV4YW1wbGU5NjUuY29tgg5leGFtcGxl
+OTY2LmNvbYIOZXhhbXBsZTk2Ny5jb22CDmV4YW1wbGU5NjguY29tgg5leGFtcGxl
+OTY5LmNvbYIOZXhhbXBsZTk3MC5jb22CDmV4YW1wbGU5NzEuY29tgg5leGFtcGxl
+OTcyLmNvbYIOZXhhbXBsZTk3My5jb22CDmV4YW1wbGU5NzQuY29tgg5leGFtcGxl
+OTc1LmNvbYIOZXhhbXBsZTk3Ni5jb22CDmV4YW1wbGU5NzcuY29tgg5leGFtcGxl
+OTc4LmNvbYIOZXhhbXBsZTk3OS5jb22CDmV4YW1wbGU5ODAuY29tgg5leGFtcGxl
+OTgxLmNvbYIOZXhhbXBsZTk4Mi5jb22CDmV4YW1wbGU5ODMuY29tgg5leGFtcGxl
+OTg0LmNvbYIOZXhhbXBsZTk4NS5jb22CDmV4YW1wbGU5ODYuY29tgg5leGFtcGxl
+OTg3LmNvbYIOZXhhbXBsZTk4OC5jb22CDmV4YW1wbGU5ODkuY29tgg5leGFtcGxl
+OTkwLmNvbYIOZXhhbXBsZTk5MS5jb22CDmV4YW1wbGU5OTIuY29tgg5leGFtcGxl
+OTkzLmNvbYIOZXhhbXBsZTk5NC5jb22CDmV4YW1wbGU5OTUuY29tgg5leGFtcGxl
+OTk2LmNvbYIOZXhhbXBsZTk5Ny5jb22CDmV4YW1wbGU5OTguY29tgg5leGFtcGxl
+OTk5LmNvbYIPZXhhbXBsZTEwMDAuY29tgg9leGFtcGxlMTAwMS5jb22CD2V4YW1w
+bGUxMDAyLmNvbYIPZXhhbXBsZTEwMDMuY29tgg9leGFtcGxlMTAwNC5jb22CD2V4
+YW1wbGUxMDA1LmNvbYIPZXhhbXBsZTEwMDYuY29tgg9leGFtcGxlMTAwNy5jb22C
+D2V4YW1wbGUxMDA4LmNvbYIPZXhhbXBsZTEwMDkuY29tgg9leGFtcGxlMTAxMC5j
+b22CD2V4YW1wbGUxMDExLmNvbYIPZXhhbXBsZTEwMTIuY29tgg9leGFtcGxlMTAx
+My5jb22CD2V4YW1wbGUxMDE0LmNvbYIPZXhhbXBsZTEwMTUuY29tgg9leGFtcGxl
+MTAxNi5jb22CD2V4YW1wbGUxMDE3LmNvbYIPZXhhbXBsZTEwMTguY29tgg9leGFt
+cGxlMTAxOS5jb22CD2V4YW1wbGUxMDIwLmNvbYIPZXhhbXBsZTEwMjEuY29tgg9l
+eGFtcGxlMTAyMi5jb22CD2V4YW1wbGUxMDIzLmNvbYIPZXhhbXBsZTEwMjQuY29t
+gg9leGFtcGxlMTAyNS5jb22CD2V4YW1wbGUxMDI2LmNvbYIPZXhhbXBsZTEwMjcu
+Y29tgg9leGFtcGxlMTAyOC5jb22CD2V4YW1wbGUxMDI5LmNvbYIPZXhhbXBsZTEw
+MzAuY29tgg9leGFtcGxlMTAzMS5jb22CD2V4YW1wbGUxMDMyLmNvbYIPZXhhbXBs
+ZTEwMzMuY29tgg9leGFtcGxlMTAzNC5jb22CD2V4YW1wbGUxMDM1LmNvbYIPZXhh
+bXBsZTEwMzYuY29tgg9leGFtcGxlMTAzNy5jb22CD2V4YW1wbGUxMDM4LmNvbYIP
+ZXhhbXBsZTEwMzkuY29tgg9leGFtcGxlMTA0MC5jb22CD2V4YW1wbGUxMDQxLmNv
+bYIPZXhhbXBsZTEwNDIuY29tgg9leGFtcGxlMTA0My5jb22CD2V4YW1wbGUxMDQ0
+LmNvbYIPZXhhbXBsZTEwNDUuY29tgg9leGFtcGxlMTA0Ni5jb22CD2V4YW1wbGUx
+MDQ3LmNvbYIPZXhhbXBsZTEwNDguY29tgg9leGFtcGxlMTA0OS5jb22CD2V4YW1w
+bGUxMDUwLmNvbTAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwDQYJKoZI
+hvcNAQELBQADggEBALHZ0dP5m3388g1xwY27mXegrb7Zgj3BA6raYIb4rhD9ZrnF
+tlTvgryp1Ca996P1SgSOA3VtEtseIEtiyrB6kW30lLwXRR5hmE3nYPgcQCWmHfSX
+p1Ylp2ZVXdxzmmUUocD83lGkFNk8W6FJUoqpQ51T0nT4CbTUeQYnTRHSFR6zL29+
+WBg1dyLjfYYzssrwmvfv5l5N7VgUzMAJk83p9JXWLB1iDysdAVej54OBGidEOfKR
+FXy2NGbaO5baW9gwKNR2daz0UsHd5Ud41iSLmO+3XXPyv6qroQSdhCuEurDNlKvf
+a0V/wEG9ovsLFtswH97vIkJMqQB8DnLn4IrUJsE=
+-----END CERTIFICATE-----
diff --git a/certs/test/cert-over-max-nc.cfg b/certs/test/cert-over-max-nc.cfg
new file mode 100644
index 000000000..307f74233
--- /dev/null
+++ b/certs/test/cert-over-max-nc.cfg
@@ -0,0 +1,18 @@
+[ req ]
+default_bits        = 2048
+prompt              = no
+distinguished_name  = dn
+x509_extensions     = extensions
+
+[ dn ]
+C  = US
+ST = Montana
+L  = Bozeman
+O  = wolfSSL Inc
+OU = Engineering
+CN = www.wolfssl.com
+
+[ extensions ]
+basicConstraints=critical,CA:true
+nameConstraints = permitted;DNS:.ex1.com,permitted;DNS:.ex2.com,permitted;DNS:.ex3.com,permitted;DNS:.ex4.com,permitted;DNS:.ex5.com,permitted;DNS:.ex6.com,permitted;DNS:.ex7.com,permitted;DNS:.ex8.com,permitted;DNS:.ex9.com,permitted;DNS:.ex10.com,permitted;DNS:.ex11.com,permitted;DNS:.ex12.com,permitted;DNS:.ex13.com,permitted;DNS:.ex14.com,permitted;DNS:.ex15.com,permitted;DNS:.ex16.com,permitted;DNS:.ex17.com,permitted;DNS:.ex18.com,permitted;DNS:.ex19.com,permitted;DNS:.ex20.com,permitted;DNS:.ex21.com,permitted;DNS:.ex22.com,permitted;DNS:.ex23.com,permitted;DNS:.ex24.com,permitted;DNS:.ex25.com,permitted;DNS:.ex26.com,permitted;DNS:.ex27.com,permitted;DNS:.ex28.com,permitted;DNS:.ex29.com,permitted;DNS:.ex30.com,permitted;DNS:.ex31.com,permitted;DNS:.ex32.com,permitted;DNS:.ex33.com,permitted;DNS:.ex34.com,permitted;DNS:.ex35.com,permitted;DNS:.ex36.com,permitted;DNS:.ex37.com,permitted;DNS:.ex38.com,permitted;DNS:.ex39.com,permitted;DNS:.ex40.com,permitted;DNS:.ex41.com,permitted;DNS:.ex42.com,permitted;DNS:.ex43.com,permitted;DNS:.ex44.com,permitted;DNS:.ex45.com,permitted;DNS:.ex46.com,permitted;DNS:.ex47.com,permitted;DNS:.ex48.com,permitted;DNS:.ex49.com,permitted;DNS:.ex50.com,permitted;DNS:.ex51.com,permitted;DNS:.ex52.com,permitted;DNS:.ex53.com,permitted;DNS:.ex54.com,permitted;DNS:.ex55.com,permitted;DNS:.ex56.com,permitted;DNS:.ex57.com,permitted;DNS:.ex58.com,permitted;DNS:.ex59.com,permitted;DNS:.ex60.com,permitted;DNS:.ex61.com,permitted;DNS:.ex62.com,permitted;DNS:.ex63.com,permitted;DNS:.ex64.com,permitted;DNS:.ex65.com,permitted;DNS:.ex66.com,permitted;DNS:.ex67.com,permitted;DNS:.ex68.com,permitted;DNS:.ex69.com,permitted;DNS:.ex70.com,permitted;DNS:.ex71.com,permitted;DNS:.ex72.com,permitted;DNS:.ex73.com,permitted;DNS:.ex74.com,permitted;DNS:.ex75.com,permitted;DNS:.ex76.com,permitted;DNS:.ex77.com,permitted;DNS:.ex78.com,permitted;DNS:.ex79.com,permitted;DNS:.ex80.com,permitted;DNS:.ex81.com,permitted;DNS:.ex82.com,permitted;DNS:.ex83.com,permitted;DNS:.ex84.com,permitted;DNS:.ex85.com,permitted;DNS:.ex86.com,permitted;DNS:.ex87.com,permitted;DNS:.ex88.com,permitted;DNS:.ex89.com,permitted;DNS:.ex90.com,permitted;DNS:.ex91.com,permitted;DNS:.ex92.com,permitted;DNS:.ex93.com,permitted;DNS:.ex94.com,permitted;DNS:.ex95.com,permitted;DNS:.ex96.com,permitted;DNS:.ex97.com,permitted;DNS:.ex98.com,permitted;DNS:.ex99.com,permitted;DNS:.ex100.com,permitted;DNS:.ex101.com,permitted;DNS:.ex102.com,permitted;DNS:.ex103.com,permitted;DNS:.ex104.com,permitted;DNS:.ex105.com,permitted;DNS:.ex106.com,permitted;DNS:.ex107.com,permitted;DNS:.ex108.com,permitted;DNS:.ex109.com,permitted;DNS:.ex110.com,permitted;DNS:.ex111.com,permitted;DNS:.ex112.com,permitted;DNS:.ex113.com,permitted;DNS:.ex114.com,permitted;DNS:.ex115.com,permitted;DNS:.ex116.com,permitted;DNS:.ex117.com,permitted;DNS:.ex118.com,permitted;DNS:.ex119.com,permitted;DNS:.ex120.com,permitted;DNS:.ex121.com,permitted;DNS:.ex122.com,permitted;DNS:.ex123.com,permitted;DNS:.ex124.com,permitted;DNS:.ex125.com,permitted;DNS:.ex126.com,permitted;DNS:.ex127.com,permitted;DNS:.ex128.com,permitted;DNS:.ex129.com,permitted;DNS:.ex130.com
+
diff --git a/certs/test/cert-over-max-nc.der b/certs/test/cert-over-max-nc.der
new file mode 100644
index 000000000..5e4670843
Binary files /dev/null and b/certs/test/cert-over-max-nc.der differ
diff --git a/certs/test/cert-over-max-nc.pem b/certs/test/cert-over-max-nc.pem
new file mode 100644
index 000000000..6fbca89bd
--- /dev/null
+++ b/certs/test/cert-over-max-nc.pem
@@ -0,0 +1,58 @@
+-----BEGIN CERTIFICATE-----
+MIIKdzCCCV+gAwIBAgIUUU9JN4Ib8FyktlU9Vhgz8fa7JcUwDQYJKoZIhvcNAQEL
+BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
+emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu
+ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3
+MDkxNDIxMjUzMFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
+BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF
+bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY
+06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGL
+YlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlc
+OM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+
+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+
+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4IG+TCC
+BvUwDwYDVR0TAQH/BAUwAwEB/zCCBsEGA1UdHgSCBrgwgga0oIIGsDAKggguZXgx
+LmNvbTAKggguZXgyLmNvbTAKggguZXgzLmNvbTAKggguZXg0LmNvbTAKggguZXg1
+LmNvbTAKggguZXg2LmNvbTAKggguZXg3LmNvbTAKggguZXg4LmNvbTAKggguZXg5
+LmNvbTALggkuZXgxMC5jb20wC4IJLmV4MTEuY29tMAuCCS5leDEyLmNvbTALggku
+ZXgxMy5jb20wC4IJLmV4MTQuY29tMAuCCS5leDE1LmNvbTALggkuZXgxNi5jb20w
+C4IJLmV4MTcuY29tMAuCCS5leDE4LmNvbTALggkuZXgxOS5jb20wC4IJLmV4MjAu
+Y29tMAuCCS5leDIxLmNvbTALggkuZXgyMi5jb20wC4IJLmV4MjMuY29tMAuCCS5l
+eDI0LmNvbTALggkuZXgyNS5jb20wC4IJLmV4MjYuY29tMAuCCS5leDI3LmNvbTAL
+ggkuZXgyOC5jb20wC4IJLmV4MjkuY29tMAuCCS5leDMwLmNvbTALggkuZXgzMS5j
+b20wC4IJLmV4MzIuY29tMAuCCS5leDMzLmNvbTALggkuZXgzNC5jb20wC4IJLmV4
+MzUuY29tMAuCCS5leDM2LmNvbTALggkuZXgzNy5jb20wC4IJLmV4MzguY29tMAuC
+CS5leDM5LmNvbTALggkuZXg0MC5jb20wC4IJLmV4NDEuY29tMAuCCS5leDQyLmNv
+bTALggkuZXg0My5jb20wC4IJLmV4NDQuY29tMAuCCS5leDQ1LmNvbTALggkuZXg0
+Ni5jb20wC4IJLmV4NDcuY29tMAuCCS5leDQ4LmNvbTALggkuZXg0OS5jb20wC4IJ
+LmV4NTAuY29tMAuCCS5leDUxLmNvbTALggkuZXg1Mi5jb20wC4IJLmV4NTMuY29t
+MAuCCS5leDU0LmNvbTALggkuZXg1NS5jb20wC4IJLmV4NTYuY29tMAuCCS5leDU3
+LmNvbTALggkuZXg1OC5jb20wC4IJLmV4NTkuY29tMAuCCS5leDYwLmNvbTALggku
+ZXg2MS5jb20wC4IJLmV4NjIuY29tMAuCCS5leDYzLmNvbTALggkuZXg2NC5jb20w
+C4IJLmV4NjUuY29tMAuCCS5leDY2LmNvbTALggkuZXg2Ny5jb20wC4IJLmV4Njgu
+Y29tMAuCCS5leDY5LmNvbTALggkuZXg3MC5jb20wC4IJLmV4NzEuY29tMAuCCS5l
+eDcyLmNvbTALggkuZXg3My5jb20wC4IJLmV4NzQuY29tMAuCCS5leDc1LmNvbTAL
+ggkuZXg3Ni5jb20wC4IJLmV4NzcuY29tMAuCCS5leDc4LmNvbTALggkuZXg3OS5j
+b20wC4IJLmV4ODAuY29tMAuCCS5leDgxLmNvbTALggkuZXg4Mi5jb20wC4IJLmV4
+ODMuY29tMAuCCS5leDg0LmNvbTALggkuZXg4NS5jb20wC4IJLmV4ODYuY29tMAuC
+CS5leDg3LmNvbTALggkuZXg4OC5jb20wC4IJLmV4ODkuY29tMAuCCS5leDkwLmNv
+bTALggkuZXg5MS5jb20wC4IJLmV4OTIuY29tMAuCCS5leDkzLmNvbTALggkuZXg5
+NC5jb20wC4IJLmV4OTUuY29tMAuCCS5leDk2LmNvbTALggkuZXg5Ny5jb20wC4IJ
+LmV4OTguY29tMAuCCS5leDk5LmNvbTAMggouZXgxMDAuY29tMAyCCi5leDEwMS5j
+b20wDIIKLmV4MTAyLmNvbTAMggouZXgxMDMuY29tMAyCCi5leDEwNC5jb20wDIIK
+LmV4MTA1LmNvbTAMggouZXgxMDYuY29tMAyCCi5leDEwNy5jb20wDIIKLmV4MTA4
+LmNvbTAMggouZXgxMDkuY29tMAyCCi5leDExMC5jb20wDIIKLmV4MTExLmNvbTAM
+ggouZXgxMTIuY29tMAyCCi5leDExMy5jb20wDIIKLmV4MTE0LmNvbTAMggouZXgx
+MTUuY29tMAyCCi5leDExNi5jb20wDIIKLmV4MTE3LmNvbTAMggouZXgxMTguY29t
+MAyCCi5leDExOS5jb20wDIIKLmV4MTIwLmNvbTAMggouZXgxMjEuY29tMAyCCi5l
+eDEyMi5jb20wDIIKLmV4MTIzLmNvbTAMggouZXgxMjQuY29tMAyCCi5leDEyNS5j
+b20wDIIKLmV4MTI2LmNvbTAMggouZXgxMjcuY29tMAyCCi5leDEyOC5jb20wDIIK
+LmV4MTI5LmNvbTAMggouZXgxMzAuY29tMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2Oz
+pNgdMOXo1TANBgkqhkiG9w0BAQsFAAOCAQEAI9SAyCVbUW7h/vHpVveLUj0v1KTW
+HGr9sYNhTA/zO9VcboXiR79v/cUb4PJEhkDmQSBmO+2GIUNNpzB9/D3fxz47uqTo
+3rZoUuyWUJTgUirGoXwEDHqTrdlnLZQwC9ZPepDaBqMOscZ0XbJGEsnYtiOS90YE
+FvPEgJzFgJkDAU/1KR+10JE66xweL/NjUmrv7LDLzgZl0pMj08Hq3zzB0/JxSy5g
+6kGnX9ULJGKunPs1TiVGJebDZnYgPUuDNApb8ivOBZgo9a5MgY33IB0gpZBu6S60
+pLvW6WjEjalCwAjFekjwlhC3kOAMRMYJiEms9auUdrrpgyBtc0T4OxT0Lg==
+-----END CERTIFICATE-----
diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem
index b83fdd3c0..9ba821617 100644
--- a/certs/test/digsigku.pem
+++ b/certs/test/digsigku.pem
@@ -6,8 +6,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA1
         Issuer: C = US, ST = Washington, L = Seattle, O = Foofarah, OU = Arglebargle, CN = foobarbaz, emailAddress = info@worlss.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Foofarah, OU = Arglebargle, CN = foobarbaz, emailAddress = info@worlss.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,22 +27,22 @@ Certificate:
                 keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
                 DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com
                 serial:E3:81:4B:48:A5:70:61:70
-
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Non Repudiation, Key Encipherment
     Signature Algorithm: ecdsa-with-SHA1
-         30:45:02:20:21:e7:44:3e:5a:98:1a:49:25:db:d1:db:d3:fb:
-         2f:ec:4d:c6:2c:2f:92:f6:cd:7d:a3:b9:5c:25:93:9f:4d:83:
-         02:21:00:82:da:52:9f:37:0c:81:9e:26:9c:fb:da:6f:4f:84:
-         b8:5d:19:69:94:a2:08:68:ed:99:4e:51:9e:45:28:74:0c
+    Signature Value:
+        30:45:02:21:00:fe:c1:a2:dc:18:3a:70:73:7a:48:5b:68:cd:
+        70:25:04:23:51:21:98:35:c7:6b:ae:1a:73:4e:69:7c:25:09:
+        be:02:20:66:68:19:93:48:4f:0f:89:83:10:a2:cb:54:89:e9:
+        46:bf:9f:b2:e1:2b:c1:f4:b4:14:79:cc:bc:d6:eb:4c:1c
 -----BEGIN CERTIFICATE-----
 MIIDKDCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
 VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
-b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTIzMTIx
-MzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTI0MTIx
+ODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
 aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
 CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
@@ -53,6 +53,6 @@ MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO
 BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds
 ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv
 QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIFYDAJBgcqhkjOPQQBA0gAMEUCICHnRD5amBpJJdvR29P7L+xNxiwvkvbN
-faO5XCWTn02DAiEAgtpSnzcMgZ4mnPvab0+EuF0ZaZSiCGjtmU5RnkUodAw=
+/wQEAwIFYDAJBgcqhkjOPQQBA0gAMEUCIQD+waLcGDpwc3pIW2jNcCUEI1EhmDXH
+a64ac05pfCUJvgIgZmgZk0hPD4mDEKLLVInpRr+fsuErwfS0FHnMvNbrTBw=
 -----END CERTIFICATE-----
diff --git a/certs/test/expired/expired-ca.pem b/certs/test/expired/expired-ca.pem
index 08f316b20..b50d94563 100644
--- a/certs/test/expired/expired-ca.pem
+++ b/certs/test/expired/expired-ca.pem
@@ -10,7 +10,7 @@ Certificate:
         Subject: CN = www.wolfssl.com, ST = Montana, C = US, emailAddress = info@wolfssl.com, OU = Engineering
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -32,21 +32,22 @@ Certificate:
                     36:79
                 Exponent: 65537 (0x10001)
     Signature Algorithm: sha256WithRSAEncryption
-         ab:8a:ab:ae:77:a2:61:62:01:54:51:95:7c:d5:6c:76:cb:fe:
-         ac:b8:cd:bc:ec:c4:75:71:16:62:59:67:02:ab:e2:fb:9c:74:
-         46:be:d9:08:8c:30:d1:0d:5c:c8:48:ff:6d:77:29:6d:c1:4c:
-         bc:90:44:e6:d9:aa:e8:c1:ae:b1:81:b2:58:50:b3:23:59:35:
-         c0:c3:e1:34:98:ef:68:86:fb:e9:9a:a1:63:41:54:cb:ab:73:
-         03:c3:1a:e9:5f:50:81:b8:a8:b8:05:14:7d:1e:fa:a2:2b:b8:
-         68:eb:c8:b0:b6:50:df:2b:96:c7:26:b9:ca:c9:41:e1:83:c5:
-         3e:06:11:56:a3:54:f5:e2:26:65:b9:7f:e4:5f:fb:49:ef:82:
-         7d:15:24:72:02:5b:2b:d7:c9:d4:dc:26:08:78:f2:c3:73:c6:
-         25:56:d1:30:99:39:09:43:5d:e6:e3:ca:f2:3f:68:13:13:d6:
-         d2:df:5f:05:5b:09:48:27:87:5a:60:eb:c2:ff:93:7d:5c:e0:
-         45:c4:85:21:d3:43:1d:c2:78:0d:e5:ff:2b:27:f0:e9:d4:a4:
-         40:02:5f:27:19:94:4b:ea:64:cc:e2:d6:04:e5:70:7a:01:a5:
-         6f:3f:3c:ce:3d:84:cf:fb:d9:80:c3:df:fb:44:2f:1e:2f:32:
-         e9:56:6b:5b
+    Signature Value:
+        ab:8a:ab:ae:77:a2:61:62:01:54:51:95:7c:d5:6c:76:cb:fe:
+        ac:b8:cd:bc:ec:c4:75:71:16:62:59:67:02:ab:e2:fb:9c:74:
+        46:be:d9:08:8c:30:d1:0d:5c:c8:48:ff:6d:77:29:6d:c1:4c:
+        bc:90:44:e6:d9:aa:e8:c1:ae:b1:81:b2:58:50:b3:23:59:35:
+        c0:c3:e1:34:98:ef:68:86:fb:e9:9a:a1:63:41:54:cb:ab:73:
+        03:c3:1a:e9:5f:50:81:b8:a8:b8:05:14:7d:1e:fa:a2:2b:b8:
+        68:eb:c8:b0:b6:50:df:2b:96:c7:26:b9:ca:c9:41:e1:83:c5:
+        3e:06:11:56:a3:54:f5:e2:26:65:b9:7f:e4:5f:fb:49:ef:82:
+        7d:15:24:72:02:5b:2b:d7:c9:d4:dc:26:08:78:f2:c3:73:c6:
+        25:56:d1:30:99:39:09:43:5d:e6:e3:ca:f2:3f:68:13:13:d6:
+        d2:df:5f:05:5b:09:48:27:87:5a:60:eb:c2:ff:93:7d:5c:e0:
+        45:c4:85:21:d3:43:1d:c2:78:0d:e5:ff:2b:27:f0:e9:d4:a4:
+        40:02:5f:27:19:94:4b:ea:64:cc:e2:d6:04:e5:70:7a:01:a5:
+        6f:3f:3c:ce:3d:84:cf:fb:d9:80:c3:df:fb:44:2f:1e:2f:32:
+        e9:56:6b:5b
 -----BEGIN CERTIFICATE-----
 MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
 c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
diff --git a/certs/test/expired/expired-cert.pem b/certs/test/expired/expired-cert.pem
index 9fc58c764..d68182f60 100644
--- a/certs/test/expired/expired-cert.pem
+++ b/certs/test/expired/expired-cert.pem
@@ -10,7 +10,7 @@ Certificate:
         Subject: CN = www.wolfssl.com, ST = Montana, C = US, emailAddress = info@wolfssl.com, OU = Engineering
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,21 +32,22 @@ Certificate:
                     ad:d7
                 Exponent: 65537 (0x10001)
     Signature Algorithm: sha256WithRSAEncryption
-         71:a7:78:76:da:ba:98:0f:3d:21:cd:42:76:fe:b9:e3:b9:2e:
-         49:a6:8c:31:de:6e:4b:b4:b4:e2:d8:a7:d3:ee:1c:fe:c9:92:
-         e2:e1:e2:ef:b2:a7:7f:a8:ba:4b:e2:aa:16:e5:ab:5d:e6:28:
-         35:cc:1b:8b:8d:b0:86:07:c8:21:8e:90:a6:86:2c:05:23:d9:
-         a0:4b:bf:8a:81:f0:0f:33:73:af:40:e8:84:dc:bb:dd:af:e4:
-         6e:c0:30:d1:60:5c:c2:1e:af:7d:82:16:b7:e5:ad:74:6c:9e:
-         ff:71:23:2c:70:ac:51:5f:7d:dc:39:90:44:f2:69:b7:84:0b:
-         65:4e:4f:0c:8a:ff:0a:6e:9c:56:cd:87:0b:5e:49:7b:eb:25:
-         e1:e9:1c:ac:73:e4:bd:d0:6f:e0:d8:77:dd:54:df:a5:16:64:
-         ab:82:0e:c7:ae:fd:1c:cb:22:f2:e3:f3:81:54:7a:26:0e:98:
-         f4:dc:bb:9c:a1:b8:47:e9:fc:d4:6e:84:51:9d:0e:fa:b2:d5:
-         9a:76:6f:f0:30:39:4e:39:cd:84:78:29:4f:d5:7b:eb:06:f2:
-         37:ee:3c:c1:8b:3c:b5:21:12:e8:ed:67:a0:98:d6:13:3f:14:
-         70:5e:09:67:de:d1:82:8b:88:50:57:d0:fb:fc:d7:64:14:99:
-         12:71:61:2f
+    Signature Value:
+        71:a7:78:76:da:ba:98:0f:3d:21:cd:42:76:fe:b9:e3:b9:2e:
+        49:a6:8c:31:de:6e:4b:b4:b4:e2:d8:a7:d3:ee:1c:fe:c9:92:
+        e2:e1:e2:ef:b2:a7:7f:a8:ba:4b:e2:aa:16:e5:ab:5d:e6:28:
+        35:cc:1b:8b:8d:b0:86:07:c8:21:8e:90:a6:86:2c:05:23:d9:
+        a0:4b:bf:8a:81:f0:0f:33:73:af:40:e8:84:dc:bb:dd:af:e4:
+        6e:c0:30:d1:60:5c:c2:1e:af:7d:82:16:b7:e5:ad:74:6c:9e:
+        ff:71:23:2c:70:ac:51:5f:7d:dc:39:90:44:f2:69:b7:84:0b:
+        65:4e:4f:0c:8a:ff:0a:6e:9c:56:cd:87:0b:5e:49:7b:eb:25:
+        e1:e9:1c:ac:73:e4:bd:d0:6f:e0:d8:77:dd:54:df:a5:16:64:
+        ab:82:0e:c7:ae:fd:1c:cb:22:f2:e3:f3:81:54:7a:26:0e:98:
+        f4:dc:bb:9c:a1:b8:47:e9:fc:d4:6e:84:51:9d:0e:fa:b2:d5:
+        9a:76:6f:f0:30:39:4e:39:cd:84:78:29:4f:d5:7b:eb:06:f2:
+        37:ee:3c:c1:8b:3c:b5:21:12:e8:ed:67:a0:98:d6:13:3f:14:
+        70:5e:09:67:de:d1:82:8b:88:50:57:d0:fb:fc:d7:64:14:99:
+        12:71:61:2f
 -----BEGIN CERTIFICATE-----
 MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
 c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
diff --git a/certs/test/gen-badsig.sh b/certs/test/gen-badsig.sh
index aafe06f97..ca0b89d16 100755
--- a/certs/test/gen-badsig.sh
+++ b/certs/test/gen-badsig.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 generate() {
     # read in certificate and alter the last part of the signature
diff --git a/certs/test/gen-ext-certs.sh b/certs/test/gen-ext-certs.sh
index badb1b4d3..65e8caca5 100755
--- a/certs/test/gen-ext-certs.sh
+++ b/certs/test/gen-ext-certs.sh
@@ -311,3 +311,1148 @@ authorityKeyIdentifier = keyid:always,issuer:always
 EOF
 gen_cert
 
+OUT=certs/test/cert-over-max-nc
+KEYFILE=certs/ca-key.der
+CONFIG=certs/test/cert-over-max-nc.cfg
+tee >$CONFIG <<EOF
+[ req ]
+default_bits        = 2048
+prompt              = no
+distinguished_name  = dn
+x509_extensions     = extensions
+
+[ dn ]
+C  = US
+ST = Montana
+L  = Bozeman
+O  = wolfSSL Inc
+OU = Engineering
+CN = www.wolfssl.com
+
+[ extensions ]
+basicConstraints=critical,CA:true
+nameConstraints = permitted;DNS:.ex1.com,permitted;DNS:.ex2.com,permitted;\
+DNS:.ex3.com,permitted;DNS:.ex4.com,permitted;DNS:.ex5.com,permitted;\
+DNS:.ex6.com,permitted;DNS:.ex7.com,permitted;DNS:.ex8.com,permitted;\
+DNS:.ex9.com,permitted;DNS:.ex10.com,permitted;DNS:.ex11.com,permitted;\
+DNS:.ex12.com,permitted;DNS:.ex13.com,permitted;DNS:.ex14.com,permitted;\
+DNS:.ex15.com,permitted;DNS:.ex16.com,permitted;DNS:.ex17.com,permitted;\
+DNS:.ex18.com,permitted;DNS:.ex19.com,permitted;DNS:.ex20.com,permitted;\
+DNS:.ex21.com,permitted;DNS:.ex22.com,permitted;DNS:.ex23.com,permitted;\
+DNS:.ex24.com,permitted;DNS:.ex25.com,permitted;DNS:.ex26.com,permitted;\
+DNS:.ex27.com,permitted;DNS:.ex28.com,permitted;DNS:.ex29.com,permitted;\
+DNS:.ex30.com,permitted;DNS:.ex31.com,permitted;DNS:.ex32.com,permitted;\
+DNS:.ex33.com,permitted;DNS:.ex34.com,permitted;DNS:.ex35.com,permitted;\
+DNS:.ex36.com,permitted;DNS:.ex37.com,permitted;DNS:.ex38.com,permitted;\
+DNS:.ex39.com,permitted;DNS:.ex40.com,permitted;DNS:.ex41.com,permitted;\
+DNS:.ex42.com,permitted;DNS:.ex43.com,permitted;DNS:.ex44.com,permitted;\
+DNS:.ex45.com,permitted;DNS:.ex46.com,permitted;DNS:.ex47.com,permitted;\
+DNS:.ex48.com,permitted;DNS:.ex49.com,permitted;DNS:.ex50.com,permitted;\
+DNS:.ex51.com,permitted;DNS:.ex52.com,permitted;DNS:.ex53.com,permitted;\
+DNS:.ex54.com,permitted;DNS:.ex55.com,permitted;DNS:.ex56.com,permitted;\
+DNS:.ex57.com,permitted;DNS:.ex58.com,permitted;DNS:.ex59.com,permitted;\
+DNS:.ex60.com,permitted;DNS:.ex61.com,permitted;DNS:.ex62.com,permitted;\
+DNS:.ex63.com,permitted;DNS:.ex64.com,permitted;DNS:.ex65.com,permitted;\
+DNS:.ex66.com,permitted;DNS:.ex67.com,permitted;DNS:.ex68.com,permitted;\
+DNS:.ex69.com,permitted;DNS:.ex70.com,permitted;DNS:.ex71.com,permitted;\
+DNS:.ex72.com,permitted;DNS:.ex73.com,permitted;DNS:.ex74.com,permitted;\
+DNS:.ex75.com,permitted;DNS:.ex76.com,permitted;DNS:.ex77.com,permitted;\
+DNS:.ex78.com,permitted;DNS:.ex79.com,permitted;DNS:.ex80.com,permitted;\
+DNS:.ex81.com,permitted;DNS:.ex82.com,permitted;DNS:.ex83.com,permitted;\
+DNS:.ex84.com,permitted;DNS:.ex85.com,permitted;DNS:.ex86.com,permitted;\
+DNS:.ex87.com,permitted;DNS:.ex88.com,permitted;DNS:.ex89.com,permitted;\
+DNS:.ex90.com,permitted;DNS:.ex91.com,permitted;DNS:.ex92.com,permitted;\
+DNS:.ex93.com,permitted;DNS:.ex94.com,permitted;DNS:.ex95.com,permitted;\
+DNS:.ex96.com,permitted;DNS:.ex97.com,permitted;DNS:.ex98.com,permitted;\
+DNS:.ex99.com,permitted;DNS:.ex100.com,permitted;DNS:.ex101.com,permitted;\
+DNS:.ex102.com,permitted;DNS:.ex103.com,permitted;DNS:.ex104.com,permitted;\
+DNS:.ex105.com,permitted;DNS:.ex106.com,permitted;DNS:.ex107.com,permitted;\
+DNS:.ex108.com,permitted;DNS:.ex109.com,permitted;DNS:.ex110.com,permitted;\
+DNS:.ex111.com,permitted;DNS:.ex112.com,permitted;DNS:.ex113.com,permitted;\
+DNS:.ex114.com,permitted;DNS:.ex115.com,permitted;DNS:.ex116.com,permitted;\
+DNS:.ex117.com,permitted;DNS:.ex118.com,permitted;DNS:.ex119.com,permitted;\
+DNS:.ex120.com,permitted;DNS:.ex121.com,permitted;DNS:.ex122.com,permitted;\
+DNS:.ex123.com,permitted;DNS:.ex124.com,permitted;DNS:.ex125.com,permitted;\
+DNS:.ex126.com,permitted;DNS:.ex127.com,permitted;DNS:.ex128.com,permitted;\
+DNS:.ex129.com,permitted;DNS:.ex130.com
+
+EOF
+gen_cert
+
+OUT=certs/test/cert-over-max-altnames
+KEYFILE=certs/ca-key.der
+CONFIG=certs/test/cert-over-max-altnames.cfg
+tee >$CONFIG <<EOF
+[ req ]
+default_bits        = 2048
+prompt              = no
+distinguished_name  = dn
+x509_extensions     = extensions
+
+[ dn ]
+C  = US
+ST = Montana
+L  = Bozeman
+O  = wolfSSL Inc
+OU = Engineering
+CN = www.wolfssl.com
+
+[ extensions ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = example1.com
+DNS.2 = example2.com
+DNS.3 = example3.com
+DNS.4 = example4.com
+DNS.5 = example5.com
+DNS.6 = example6.com
+DNS.7 = example7.com
+DNS.8 = example8.com
+DNS.9 = example9.com
+DNS.10 = example10.com
+DNS.11 = example11.com
+DNS.12 = example12.com
+DNS.13 = example13.com
+DNS.14 = example14.com
+DNS.15 = example15.com
+DNS.16 = example16.com
+DNS.17 = example17.com
+DNS.18 = example18.com
+DNS.19 = example19.com
+DNS.20 = example20.com
+DNS.21 = example21.com
+DNS.22 = example22.com
+DNS.23 = example23.com
+DNS.24 = example24.com
+DNS.25 = example25.com
+DNS.26 = example26.com
+DNS.27 = example27.com
+DNS.28 = example28.com
+DNS.29 = example29.com
+DNS.30 = example30.com
+DNS.31 = example31.com
+DNS.32 = example32.com
+DNS.33 = example33.com
+DNS.34 = example34.com
+DNS.35 = example35.com
+DNS.36 = example36.com
+DNS.37 = example37.com
+DNS.38 = example38.com
+DNS.39 = example39.com
+DNS.40 = example40.com
+DNS.41 = example41.com
+DNS.42 = example42.com
+DNS.43 = example43.com
+DNS.44 = example44.com
+DNS.45 = example45.com
+DNS.46 = example46.com
+DNS.47 = example47.com
+DNS.48 = example48.com
+DNS.49 = example49.com
+DNS.50 = example50.com
+DNS.51 = example51.com
+DNS.52 = example52.com
+DNS.53 = example53.com
+DNS.54 = example54.com
+DNS.55 = example55.com
+DNS.56 = example56.com
+DNS.57 = example57.com
+DNS.58 = example58.com
+DNS.59 = example59.com
+DNS.60 = example60.com
+DNS.61 = example61.com
+DNS.62 = example62.com
+DNS.63 = example63.com
+DNS.64 = example64.com
+DNS.65 = example65.com
+DNS.66 = example66.com
+DNS.67 = example67.com
+DNS.68 = example68.com
+DNS.69 = example69.com
+DNS.70 = example70.com
+DNS.71 = example71.com
+DNS.72 = example72.com
+DNS.73 = example73.com
+DNS.74 = example74.com
+DNS.75 = example75.com
+DNS.76 = example76.com
+DNS.77 = example77.com
+DNS.78 = example78.com
+DNS.79 = example79.com
+DNS.80 = example80.com
+DNS.81 = example81.com
+DNS.82 = example82.com
+DNS.83 = example83.com
+DNS.84 = example84.com
+DNS.85 = example85.com
+DNS.86 = example86.com
+DNS.87 = example87.com
+DNS.88 = example88.com
+DNS.89 = example89.com
+DNS.90 = example90.com
+DNS.91 = example91.com
+DNS.92 = example92.com
+DNS.93 = example93.com
+DNS.94 = example94.com
+DNS.95 = example95.com
+DNS.96 = example96.com
+DNS.97 = example97.com
+DNS.98 = example98.com
+DNS.99 = example99.com
+DNS.100 = example100.com
+DNS.101 = example101.com
+DNS.102 = example102.com
+DNS.103 = example103.com
+DNS.104 = example104.com
+DNS.105 = example105.com
+DNS.106 = example106.com
+DNS.107 = example107.com
+DNS.108 = example108.com
+DNS.109 = example109.com
+DNS.110 = example110.com
+DNS.111 = example111.com
+DNS.112 = example112.com
+DNS.113 = example113.com
+DNS.114 = example114.com
+DNS.115 = example115.com
+DNS.116 = example116.com
+DNS.117 = example117.com
+DNS.118 = example118.com
+DNS.119 = example119.com
+DNS.120 = example120.com
+DNS.121 = example121.com
+DNS.122 = example122.com
+DNS.123 = example123.com
+DNS.124 = example124.com
+DNS.125 = example125.com
+DNS.126 = example126.com
+DNS.127 = example127.com
+DNS.128 = example128.com
+DNS.129 = example129.com
+DNS.130 = example130.com
+DNS.131 = example131.com
+DNS.132 = example132.com
+DNS.133 = example133.com
+DNS.134 = example134.com
+DNS.135 = example135.com
+DNS.136 = example136.com
+DNS.137 = example137.com
+DNS.138 = example138.com
+DNS.139 = example139.com
+DNS.140 = example140.com
+DNS.141 = example141.com
+DNS.142 = example142.com
+DNS.143 = example143.com
+DNS.144 = example144.com
+DNS.145 = example145.com
+DNS.146 = example146.com
+DNS.147 = example147.com
+DNS.148 = example148.com
+DNS.149 = example149.com
+DNS.150 = example150.com
+DNS.151 = example151.com
+DNS.152 = example152.com
+DNS.153 = example153.com
+DNS.154 = example154.com
+DNS.155 = example155.com
+DNS.156 = example156.com
+DNS.157 = example157.com
+DNS.158 = example158.com
+DNS.159 = example159.com
+DNS.160 = example160.com
+DNS.161 = example161.com
+DNS.162 = example162.com
+DNS.163 = example163.com
+DNS.164 = example164.com
+DNS.165 = example165.com
+DNS.166 = example166.com
+DNS.167 = example167.com
+DNS.168 = example168.com
+DNS.169 = example169.com
+DNS.170 = example170.com
+DNS.171 = example171.com
+DNS.172 = example172.com
+DNS.173 = example173.com
+DNS.174 = example174.com
+DNS.175 = example175.com
+DNS.176 = example176.com
+DNS.177 = example177.com
+DNS.178 = example178.com
+DNS.179 = example179.com
+DNS.180 = example180.com
+DNS.181 = example181.com
+DNS.182 = example182.com
+DNS.183 = example183.com
+DNS.184 = example184.com
+DNS.185 = example185.com
+DNS.186 = example186.com
+DNS.187 = example187.com
+DNS.188 = example188.com
+DNS.189 = example189.com
+DNS.190 = example190.com
+DNS.191 = example191.com
+DNS.192 = example192.com
+DNS.193 = example193.com
+DNS.194 = example194.com
+DNS.195 = example195.com
+DNS.196 = example196.com
+DNS.197 = example197.com
+DNS.198 = example198.com
+DNS.199 = example199.com
+DNS.200 = example200.com
+DNS.201 = example201.com
+DNS.202 = example202.com
+DNS.203 = example203.com
+DNS.204 = example204.com
+DNS.205 = example205.com
+DNS.206 = example206.com
+DNS.207 = example207.com
+DNS.208 = example208.com
+DNS.209 = example209.com
+DNS.210 = example210.com
+DNS.211 = example211.com
+DNS.212 = example212.com
+DNS.213 = example213.com
+DNS.214 = example214.com
+DNS.215 = example215.com
+DNS.216 = example216.com
+DNS.217 = example217.com
+DNS.218 = example218.com
+DNS.219 = example219.com
+DNS.220 = example220.com
+DNS.221 = example221.com
+DNS.222 = example222.com
+DNS.223 = example223.com
+DNS.224 = example224.com
+DNS.225 = example225.com
+DNS.226 = example226.com
+DNS.227 = example227.com
+DNS.228 = example228.com
+DNS.229 = example229.com
+DNS.230 = example230.com
+DNS.231 = example231.com
+DNS.232 = example232.com
+DNS.233 = example233.com
+DNS.234 = example234.com
+DNS.235 = example235.com
+DNS.236 = example236.com
+DNS.237 = example237.com
+DNS.238 = example238.com
+DNS.239 = example239.com
+DNS.240 = example240.com
+DNS.241 = example241.com
+DNS.242 = example242.com
+DNS.243 = example243.com
+DNS.244 = example244.com
+DNS.245 = example245.com
+DNS.246 = example246.com
+DNS.247 = example247.com
+DNS.248 = example248.com
+DNS.249 = example249.com
+DNS.250 = example250.com
+DNS.251 = example251.com
+DNS.252 = example252.com
+DNS.253 = example253.com
+DNS.254 = example254.com
+DNS.255 = example255.com
+DNS.256 = example256.com
+DNS.257 = example257.com
+DNS.258 = example258.com
+DNS.259 = example259.com
+DNS.260 = example260.com
+DNS.261 = example261.com
+DNS.262 = example262.com
+DNS.263 = example263.com
+DNS.264 = example264.com
+DNS.265 = example265.com
+DNS.266 = example266.com
+DNS.267 = example267.com
+DNS.268 = example268.com
+DNS.269 = example269.com
+DNS.270 = example270.com
+DNS.271 = example271.com
+DNS.272 = example272.com
+DNS.273 = example273.com
+DNS.274 = example274.com
+DNS.275 = example275.com
+DNS.276 = example276.com
+DNS.277 = example277.com
+DNS.278 = example278.com
+DNS.279 = example279.com
+DNS.280 = example280.com
+DNS.281 = example281.com
+DNS.282 = example282.com
+DNS.283 = example283.com
+DNS.284 = example284.com
+DNS.285 = example285.com
+DNS.286 = example286.com
+DNS.287 = example287.com
+DNS.288 = example288.com
+DNS.289 = example289.com
+DNS.290 = example290.com
+DNS.291 = example291.com
+DNS.292 = example292.com
+DNS.293 = example293.com
+DNS.294 = example294.com
+DNS.295 = example295.com
+DNS.296 = example296.com
+DNS.297 = example297.com
+DNS.298 = example298.com
+DNS.299 = example299.com
+DNS.300 = example300.com
+DNS.301 = example301.com
+DNS.302 = example302.com
+DNS.303 = example303.com
+DNS.304 = example304.com
+DNS.305 = example305.com
+DNS.306 = example306.com
+DNS.307 = example307.com
+DNS.308 = example308.com
+DNS.309 = example309.com
+DNS.310 = example310.com
+DNS.311 = example311.com
+DNS.312 = example312.com
+DNS.313 = example313.com
+DNS.314 = example314.com
+DNS.315 = example315.com
+DNS.316 = example316.com
+DNS.317 = example317.com
+DNS.318 = example318.com
+DNS.319 = example319.com
+DNS.320 = example320.com
+DNS.321 = example321.com
+DNS.322 = example322.com
+DNS.323 = example323.com
+DNS.324 = example324.com
+DNS.325 = example325.com
+DNS.326 = example326.com
+DNS.327 = example327.com
+DNS.328 = example328.com
+DNS.329 = example329.com
+DNS.330 = example330.com
+DNS.331 = example331.com
+DNS.332 = example332.com
+DNS.333 = example333.com
+DNS.334 = example334.com
+DNS.335 = example335.com
+DNS.336 = example336.com
+DNS.337 = example337.com
+DNS.338 = example338.com
+DNS.339 = example339.com
+DNS.340 = example340.com
+DNS.341 = example341.com
+DNS.342 = example342.com
+DNS.343 = example343.com
+DNS.344 = example344.com
+DNS.345 = example345.com
+DNS.346 = example346.com
+DNS.347 = example347.com
+DNS.348 = example348.com
+DNS.349 = example349.com
+DNS.350 = example350.com
+DNS.351 = example351.com
+DNS.352 = example352.com
+DNS.353 = example353.com
+DNS.354 = example354.com
+DNS.355 = example355.com
+DNS.356 = example356.com
+DNS.357 = example357.com
+DNS.358 = example358.com
+DNS.359 = example359.com
+DNS.360 = example360.com
+DNS.361 = example361.com
+DNS.362 = example362.com
+DNS.363 = example363.com
+DNS.364 = example364.com
+DNS.365 = example365.com
+DNS.366 = example366.com
+DNS.367 = example367.com
+DNS.368 = example368.com
+DNS.369 = example369.com
+DNS.370 = example370.com
+DNS.371 = example371.com
+DNS.372 = example372.com
+DNS.373 = example373.com
+DNS.374 = example374.com
+DNS.375 = example375.com
+DNS.376 = example376.com
+DNS.377 = example377.com
+DNS.378 = example378.com
+DNS.379 = example379.com
+DNS.380 = example380.com
+DNS.381 = example381.com
+DNS.382 = example382.com
+DNS.383 = example383.com
+DNS.384 = example384.com
+DNS.385 = example385.com
+DNS.386 = example386.com
+DNS.387 = example387.com
+DNS.388 = example388.com
+DNS.389 = example389.com
+DNS.390 = example390.com
+DNS.391 = example391.com
+DNS.392 = example392.com
+DNS.393 = example393.com
+DNS.394 = example394.com
+DNS.395 = example395.com
+DNS.396 = example396.com
+DNS.397 = example397.com
+DNS.398 = example398.com
+DNS.399 = example399.com
+DNS.400 = example400.com
+DNS.401 = example401.com
+DNS.402 = example402.com
+DNS.403 = example403.com
+DNS.404 = example404.com
+DNS.405 = example405.com
+DNS.406 = example406.com
+DNS.407 = example407.com
+DNS.408 = example408.com
+DNS.409 = example409.com
+DNS.410 = example410.com
+DNS.411 = example411.com
+DNS.412 = example412.com
+DNS.413 = example413.com
+DNS.414 = example414.com
+DNS.415 = example415.com
+DNS.416 = example416.com
+DNS.417 = example417.com
+DNS.418 = example418.com
+DNS.419 = example419.com
+DNS.420 = example420.com
+DNS.421 = example421.com
+DNS.422 = example422.com
+DNS.423 = example423.com
+DNS.424 = example424.com
+DNS.425 = example425.com
+DNS.426 = example426.com
+DNS.427 = example427.com
+DNS.428 = example428.com
+DNS.429 = example429.com
+DNS.430 = example430.com
+DNS.431 = example431.com
+DNS.432 = example432.com
+DNS.433 = example433.com
+DNS.434 = example434.com
+DNS.435 = example435.com
+DNS.436 = example436.com
+DNS.437 = example437.com
+DNS.438 = example438.com
+DNS.439 = example439.com
+DNS.440 = example440.com
+DNS.441 = example441.com
+DNS.442 = example442.com
+DNS.443 = example443.com
+DNS.444 = example444.com
+DNS.445 = example445.com
+DNS.446 = example446.com
+DNS.447 = example447.com
+DNS.448 = example448.com
+DNS.449 = example449.com
+DNS.450 = example450.com
+DNS.451 = example451.com
+DNS.452 = example452.com
+DNS.453 = example453.com
+DNS.454 = example454.com
+DNS.455 = example455.com
+DNS.456 = example456.com
+DNS.457 = example457.com
+DNS.458 = example458.com
+DNS.459 = example459.com
+DNS.460 = example460.com
+DNS.461 = example461.com
+DNS.462 = example462.com
+DNS.463 = example463.com
+DNS.464 = example464.com
+DNS.465 = example465.com
+DNS.466 = example466.com
+DNS.467 = example467.com
+DNS.468 = example468.com
+DNS.469 = example469.com
+DNS.470 = example470.com
+DNS.471 = example471.com
+DNS.472 = example472.com
+DNS.473 = example473.com
+DNS.474 = example474.com
+DNS.475 = example475.com
+DNS.476 = example476.com
+DNS.477 = example477.com
+DNS.478 = example478.com
+DNS.479 = example479.com
+DNS.480 = example480.com
+DNS.481 = example481.com
+DNS.482 = example482.com
+DNS.483 = example483.com
+DNS.484 = example484.com
+DNS.485 = example485.com
+DNS.486 = example486.com
+DNS.487 = example487.com
+DNS.488 = example488.com
+DNS.489 = example489.com
+DNS.490 = example490.com
+DNS.491 = example491.com
+DNS.492 = example492.com
+DNS.493 = example493.com
+DNS.494 = example494.com
+DNS.495 = example495.com
+DNS.496 = example496.com
+DNS.497 = example497.com
+DNS.498 = example498.com
+DNS.499 = example499.com
+DNS.500 = example500.com
+DNS.501 = example501.com
+DNS.502 = example502.com
+DNS.503 = example503.com
+DNS.504 = example504.com
+DNS.505 = example505.com
+DNS.506 = example506.com
+DNS.507 = example507.com
+DNS.508 = example508.com
+DNS.509 = example509.com
+DNS.510 = example510.com
+DNS.511 = example511.com
+DNS.512 = example512.com
+DNS.513 = example513.com
+DNS.514 = example514.com
+DNS.515 = example515.com
+DNS.516 = example516.com
+DNS.517 = example517.com
+DNS.518 = example518.com
+DNS.519 = example519.com
+DNS.520 = example520.com
+DNS.521 = example521.com
+DNS.522 = example522.com
+DNS.523 = example523.com
+DNS.524 = example524.com
+DNS.525 = example525.com
+DNS.526 = example526.com
+DNS.527 = example527.com
+DNS.528 = example528.com
+DNS.529 = example529.com
+DNS.530 = example530.com
+DNS.531 = example531.com
+DNS.532 = example532.com
+DNS.533 = example533.com
+DNS.534 = example534.com
+DNS.535 = example535.com
+DNS.536 = example536.com
+DNS.537 = example537.com
+DNS.538 = example538.com
+DNS.539 = example539.com
+DNS.540 = example540.com
+DNS.541 = example541.com
+DNS.542 = example542.com
+DNS.543 = example543.com
+DNS.544 = example544.com
+DNS.545 = example545.com
+DNS.546 = example546.com
+DNS.547 = example547.com
+DNS.548 = example548.com
+DNS.549 = example549.com
+DNS.550 = example550.com
+DNS.551 = example551.com
+DNS.552 = example552.com
+DNS.553 = example553.com
+DNS.554 = example554.com
+DNS.555 = example555.com
+DNS.556 = example556.com
+DNS.557 = example557.com
+DNS.558 = example558.com
+DNS.559 = example559.com
+DNS.560 = example560.com
+DNS.561 = example561.com
+DNS.562 = example562.com
+DNS.563 = example563.com
+DNS.564 = example564.com
+DNS.565 = example565.com
+DNS.566 = example566.com
+DNS.567 = example567.com
+DNS.568 = example568.com
+DNS.569 = example569.com
+DNS.570 = example570.com
+DNS.571 = example571.com
+DNS.572 = example572.com
+DNS.573 = example573.com
+DNS.574 = example574.com
+DNS.575 = example575.com
+DNS.576 = example576.com
+DNS.577 = example577.com
+DNS.578 = example578.com
+DNS.579 = example579.com
+DNS.580 = example580.com
+DNS.581 = example581.com
+DNS.582 = example582.com
+DNS.583 = example583.com
+DNS.584 = example584.com
+DNS.585 = example585.com
+DNS.586 = example586.com
+DNS.587 = example587.com
+DNS.588 = example588.com
+DNS.589 = example589.com
+DNS.590 = example590.com
+DNS.591 = example591.com
+DNS.592 = example592.com
+DNS.593 = example593.com
+DNS.594 = example594.com
+DNS.595 = example595.com
+DNS.596 = example596.com
+DNS.597 = example597.com
+DNS.598 = example598.com
+DNS.599 = example599.com
+DNS.600 = example600.com
+DNS.601 = example601.com
+DNS.602 = example602.com
+DNS.603 = example603.com
+DNS.604 = example604.com
+DNS.605 = example605.com
+DNS.606 = example606.com
+DNS.607 = example607.com
+DNS.608 = example608.com
+DNS.609 = example609.com
+DNS.610 = example610.com
+DNS.611 = example611.com
+DNS.612 = example612.com
+DNS.613 = example613.com
+DNS.614 = example614.com
+DNS.615 = example615.com
+DNS.616 = example616.com
+DNS.617 = example617.com
+DNS.618 = example618.com
+DNS.619 = example619.com
+DNS.620 = example620.com
+DNS.621 = example621.com
+DNS.622 = example622.com
+DNS.623 = example623.com
+DNS.624 = example624.com
+DNS.625 = example625.com
+DNS.626 = example626.com
+DNS.627 = example627.com
+DNS.628 = example628.com
+DNS.629 = example629.com
+DNS.630 = example630.com
+DNS.631 = example631.com
+DNS.632 = example632.com
+DNS.633 = example633.com
+DNS.634 = example634.com
+DNS.635 = example635.com
+DNS.636 = example636.com
+DNS.637 = example637.com
+DNS.638 = example638.com
+DNS.639 = example639.com
+DNS.640 = example640.com
+DNS.641 = example641.com
+DNS.642 = example642.com
+DNS.643 = example643.com
+DNS.644 = example644.com
+DNS.645 = example645.com
+DNS.646 = example646.com
+DNS.647 = example647.com
+DNS.648 = example648.com
+DNS.649 = example649.com
+DNS.650 = example650.com
+DNS.651 = example651.com
+DNS.652 = example652.com
+DNS.653 = example653.com
+DNS.654 = example654.com
+DNS.655 = example655.com
+DNS.656 = example656.com
+DNS.657 = example657.com
+DNS.658 = example658.com
+DNS.659 = example659.com
+DNS.660 = example660.com
+DNS.661 = example661.com
+DNS.662 = example662.com
+DNS.663 = example663.com
+DNS.664 = example664.com
+DNS.665 = example665.com
+DNS.666 = example666.com
+DNS.667 = example667.com
+DNS.668 = example668.com
+DNS.669 = example669.com
+DNS.670 = example670.com
+DNS.671 = example671.com
+DNS.672 = example672.com
+DNS.673 = example673.com
+DNS.674 = example674.com
+DNS.675 = example675.com
+DNS.676 = example676.com
+DNS.677 = example677.com
+DNS.678 = example678.com
+DNS.679 = example679.com
+DNS.680 = example680.com
+DNS.681 = example681.com
+DNS.682 = example682.com
+DNS.683 = example683.com
+DNS.684 = example684.com
+DNS.685 = example685.com
+DNS.686 = example686.com
+DNS.687 = example687.com
+DNS.688 = example688.com
+DNS.689 = example689.com
+DNS.690 = example690.com
+DNS.691 = example691.com
+DNS.692 = example692.com
+DNS.693 = example693.com
+DNS.694 = example694.com
+DNS.695 = example695.com
+DNS.696 = example696.com
+DNS.697 = example697.com
+DNS.698 = example698.com
+DNS.699 = example699.com
+DNS.700 = example700.com
+DNS.701 = example701.com
+DNS.702 = example702.com
+DNS.703 = example703.com
+DNS.704 = example704.com
+DNS.705 = example705.com
+DNS.706 = example706.com
+DNS.707 = example707.com
+DNS.708 = example708.com
+DNS.709 = example709.com
+DNS.710 = example710.com
+DNS.711 = example711.com
+DNS.712 = example712.com
+DNS.713 = example713.com
+DNS.714 = example714.com
+DNS.715 = example715.com
+DNS.716 = example716.com
+DNS.717 = example717.com
+DNS.718 = example718.com
+DNS.719 = example719.com
+DNS.720 = example720.com
+DNS.721 = example721.com
+DNS.722 = example722.com
+DNS.723 = example723.com
+DNS.724 = example724.com
+DNS.725 = example725.com
+DNS.726 = example726.com
+DNS.727 = example727.com
+DNS.728 = example728.com
+DNS.729 = example729.com
+DNS.730 = example730.com
+DNS.731 = example731.com
+DNS.732 = example732.com
+DNS.733 = example733.com
+DNS.734 = example734.com
+DNS.735 = example735.com
+DNS.736 = example736.com
+DNS.737 = example737.com
+DNS.738 = example738.com
+DNS.739 = example739.com
+DNS.740 = example740.com
+DNS.741 = example741.com
+DNS.742 = example742.com
+DNS.743 = example743.com
+DNS.744 = example744.com
+DNS.745 = example745.com
+DNS.746 = example746.com
+DNS.747 = example747.com
+DNS.748 = example748.com
+DNS.749 = example749.com
+DNS.750 = example750.com
+DNS.751 = example751.com
+DNS.752 = example752.com
+DNS.753 = example753.com
+DNS.754 = example754.com
+DNS.755 = example755.com
+DNS.756 = example756.com
+DNS.757 = example757.com
+DNS.758 = example758.com
+DNS.759 = example759.com
+DNS.760 = example760.com
+DNS.761 = example761.com
+DNS.762 = example762.com
+DNS.763 = example763.com
+DNS.764 = example764.com
+DNS.765 = example765.com
+DNS.766 = example766.com
+DNS.767 = example767.com
+DNS.768 = example768.com
+DNS.769 = example769.com
+DNS.770 = example770.com
+DNS.771 = example771.com
+DNS.772 = example772.com
+DNS.773 = example773.com
+DNS.774 = example774.com
+DNS.775 = example775.com
+DNS.776 = example776.com
+DNS.777 = example777.com
+DNS.778 = example778.com
+DNS.779 = example779.com
+DNS.780 = example780.com
+DNS.781 = example781.com
+DNS.782 = example782.com
+DNS.783 = example783.com
+DNS.784 = example784.com
+DNS.785 = example785.com
+DNS.786 = example786.com
+DNS.787 = example787.com
+DNS.788 = example788.com
+DNS.789 = example789.com
+DNS.790 = example790.com
+DNS.791 = example791.com
+DNS.792 = example792.com
+DNS.793 = example793.com
+DNS.794 = example794.com
+DNS.795 = example795.com
+DNS.796 = example796.com
+DNS.797 = example797.com
+DNS.798 = example798.com
+DNS.799 = example799.com
+DNS.800 = example800.com
+DNS.801 = example801.com
+DNS.802 = example802.com
+DNS.803 = example803.com
+DNS.804 = example804.com
+DNS.805 = example805.com
+DNS.806 = example806.com
+DNS.807 = example807.com
+DNS.808 = example808.com
+DNS.809 = example809.com
+DNS.810 = example810.com
+DNS.811 = example811.com
+DNS.812 = example812.com
+DNS.813 = example813.com
+DNS.814 = example814.com
+DNS.815 = example815.com
+DNS.816 = example816.com
+DNS.817 = example817.com
+DNS.818 = example818.com
+DNS.819 = example819.com
+DNS.820 = example820.com
+DNS.821 = example821.com
+DNS.822 = example822.com
+DNS.823 = example823.com
+DNS.824 = example824.com
+DNS.825 = example825.com
+DNS.826 = example826.com
+DNS.827 = example827.com
+DNS.828 = example828.com
+DNS.829 = example829.com
+DNS.830 = example830.com
+DNS.831 = example831.com
+DNS.832 = example832.com
+DNS.833 = example833.com
+DNS.834 = example834.com
+DNS.835 = example835.com
+DNS.836 = example836.com
+DNS.837 = example837.com
+DNS.838 = example838.com
+DNS.839 = example839.com
+DNS.840 = example840.com
+DNS.841 = example841.com
+DNS.842 = example842.com
+DNS.843 = example843.com
+DNS.844 = example844.com
+DNS.845 = example845.com
+DNS.846 = example846.com
+DNS.847 = example847.com
+DNS.848 = example848.com
+DNS.849 = example849.com
+DNS.850 = example850.com
+DNS.851 = example851.com
+DNS.852 = example852.com
+DNS.853 = example853.com
+DNS.854 = example854.com
+DNS.855 = example855.com
+DNS.856 = example856.com
+DNS.857 = example857.com
+DNS.858 = example858.com
+DNS.859 = example859.com
+DNS.860 = example860.com
+DNS.861 = example861.com
+DNS.862 = example862.com
+DNS.863 = example863.com
+DNS.864 = example864.com
+DNS.865 = example865.com
+DNS.866 = example866.com
+DNS.867 = example867.com
+DNS.868 = example868.com
+DNS.869 = example869.com
+DNS.870 = example870.com
+DNS.871 = example871.com
+DNS.872 = example872.com
+DNS.873 = example873.com
+DNS.874 = example874.com
+DNS.875 = example875.com
+DNS.876 = example876.com
+DNS.877 = example877.com
+DNS.878 = example878.com
+DNS.879 = example879.com
+DNS.880 = example880.com
+DNS.881 = example881.com
+DNS.882 = example882.com
+DNS.883 = example883.com
+DNS.884 = example884.com
+DNS.885 = example885.com
+DNS.886 = example886.com
+DNS.887 = example887.com
+DNS.888 = example888.com
+DNS.889 = example889.com
+DNS.890 = example890.com
+DNS.891 = example891.com
+DNS.892 = example892.com
+DNS.893 = example893.com
+DNS.894 = example894.com
+DNS.895 = example895.com
+DNS.896 = example896.com
+DNS.897 = example897.com
+DNS.898 = example898.com
+DNS.899 = example899.com
+DNS.900 = example900.com
+DNS.901 = example901.com
+DNS.902 = example902.com
+DNS.903 = example903.com
+DNS.904 = example904.com
+DNS.905 = example905.com
+DNS.906 = example906.com
+DNS.907 = example907.com
+DNS.908 = example908.com
+DNS.909 = example909.com
+DNS.910 = example910.com
+DNS.911 = example911.com
+DNS.912 = example912.com
+DNS.913 = example913.com
+DNS.914 = example914.com
+DNS.915 = example915.com
+DNS.916 = example916.com
+DNS.917 = example917.com
+DNS.918 = example918.com
+DNS.919 = example919.com
+DNS.920 = example920.com
+DNS.921 = example921.com
+DNS.922 = example922.com
+DNS.923 = example923.com
+DNS.924 = example924.com
+DNS.925 = example925.com
+DNS.926 = example926.com
+DNS.927 = example927.com
+DNS.928 = example928.com
+DNS.929 = example929.com
+DNS.930 = example930.com
+DNS.931 = example931.com
+DNS.932 = example932.com
+DNS.933 = example933.com
+DNS.934 = example934.com
+DNS.935 = example935.com
+DNS.936 = example936.com
+DNS.937 = example937.com
+DNS.938 = example938.com
+DNS.939 = example939.com
+DNS.940 = example940.com
+DNS.941 = example941.com
+DNS.942 = example942.com
+DNS.943 = example943.com
+DNS.944 = example944.com
+DNS.945 = example945.com
+DNS.946 = example946.com
+DNS.947 = example947.com
+DNS.948 = example948.com
+DNS.949 = example949.com
+DNS.950 = example950.com
+DNS.951 = example951.com
+DNS.952 = example952.com
+DNS.953 = example953.com
+DNS.954 = example954.com
+DNS.955 = example955.com
+DNS.956 = example956.com
+DNS.957 = example957.com
+DNS.958 = example958.com
+DNS.959 = example959.com
+DNS.960 = example960.com
+DNS.961 = example961.com
+DNS.962 = example962.com
+DNS.963 = example963.com
+DNS.964 = example964.com
+DNS.965 = example965.com
+DNS.966 = example966.com
+DNS.967 = example967.com
+DNS.968 = example968.com
+DNS.969 = example969.com
+DNS.970 = example970.com
+DNS.971 = example971.com
+DNS.972 = example972.com
+DNS.973 = example973.com
+DNS.974 = example974.com
+DNS.975 = example975.com
+DNS.976 = example976.com
+DNS.977 = example977.com
+DNS.978 = example978.com
+DNS.979 = example979.com
+DNS.980 = example980.com
+DNS.981 = example981.com
+DNS.982 = example982.com
+DNS.983 = example983.com
+DNS.984 = example984.com
+DNS.985 = example985.com
+DNS.986 = example986.com
+DNS.987 = example987.com
+DNS.988 = example988.com
+DNS.989 = example989.com
+DNS.990 = example990.com
+DNS.991 = example991.com
+DNS.992 = example992.com
+DNS.993 = example993.com
+DNS.994 = example994.com
+DNS.995 = example995.com
+DNS.996 = example996.com
+DNS.997 = example997.com
+DNS.998 = example998.com
+DNS.999 = example999.com
+DNS.1000 = example1000.com
+DNS.1001 = example1001.com
+DNS.1002 = example1002.com
+DNS.1003 = example1003.com
+DNS.1004 = example1004.com
+DNS.1005 = example1005.com
+DNS.1006 = example1006.com
+DNS.1007 = example1007.com
+DNS.1008 = example1008.com
+DNS.1009 = example1009.com
+DNS.1010 = example1010.com
+DNS.1011 = example1011.com
+DNS.1012 = example1012.com
+DNS.1013 = example1013.com
+DNS.1014 = example1014.com
+DNS.1015 = example1015.com
+DNS.1016 = example1016.com
+DNS.1017 = example1017.com
+DNS.1018 = example1018.com
+DNS.1019 = example1019.com
+DNS.1020 = example1020.com
+DNS.1021 = example1021.com
+DNS.1022 = example1022.com
+DNS.1023 = example1023.com
+DNS.1024 = example1024.com
+DNS.1025 = example1025.com
+DNS.1026 = example1026.com
+DNS.1027 = example1027.com
+DNS.1028 = example1028.com
+DNS.1029 = example1029.com
+DNS.1030 = example1030.com
+DNS.1031 = example1031.com
+DNS.1032 = example1032.com
+DNS.1033 = example1033.com
+DNS.1034 = example1034.com
+DNS.1035 = example1035.com
+DNS.1036 = example1036.com
+DNS.1037 = example1037.com
+DNS.1038 = example1038.com
+DNS.1039 = example1039.com
+DNS.1040 = example1040.com
+DNS.1041 = example1041.com
+DNS.1042 = example1042.com
+DNS.1043 = example1043.com
+DNS.1044 = example1044.com
+DNS.1045 = example1045.com
+DNS.1046 = example1046.com
+DNS.1047 = example1047.com
+DNS.1048 = example1048.com
+DNS.1049 = example1049.com
+DNS.1050 = example1050.com
+
+
+EOF
+gen_cert
+
diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh
index 264408942..7564bb358 100755
--- a/certs/test/gen-testcerts.sh
+++ b/certs/test/gen-testcerts.sh
@@ -36,9 +36,7 @@ build_test_cert_conf() {
     echo "prompt = no"                                  >> "$1".conf
     echo "default_bits        = 2048"                   >> "$1".conf
     echo "distinguished_name  = req_distinguished_name" >> "$1".conf
-    if [ -n "$3" ]; then
-        echo "req_extensions      = req_ext"            >> "$1".conf
-    fi
+    echo "req_extensions      = req_ext"                >> "$1".conf
     if [ -n "$4" ]; then
         echo "basicConstraints=CA:true,pathlen:0"       >> "$1".conf
         echo ""                                         >> "$1".conf
@@ -52,8 +50,8 @@ build_test_cert_conf() {
     echo "CN = $2"                                      >> "$1".conf
     echo "emailAddress = info@wolfssl.com"              >> "$1".conf
     echo ""                                             >> "$1".conf
+    echo "[ req_ext ]"                                  >> "$1".conf
     if [ -n "$3" ]; then
-        echo "[ req_ext ]"                              >> "$1".conf
         case "$3" in
             *DER*)
                echo "subjectAltName = $3"               >> "$1".conf
@@ -64,6 +62,8 @@ build_test_cert_conf() {
                echo "DNS.1 = $3"                        >> "$1".conf
                ;;
         esac
+    else
+        echo "subjectKeyIdentifier = hash"              >> "$1".conf
     fi
 }
 
@@ -85,15 +85,9 @@ generate_test_cert() {
     check_result $?
 
     echo "step 4 create cert"
-    if [ "$3" = "" ]; then
-        openssl x509 -req -days 1000 -sha256 \
-                     -in "$1".csr -signkey ../server-key.pem \
-                     -out "$1".pem -extfile "$1".conf
-    else
-        openssl x509 -req -days 1000 -sha256 \
-                     -in "$1".csr -signkey ../server-key.pem \
-                     -out "$1".pem -extensions req_ext -extfile "$1".conf
-    fi
+    openssl x509 -req -days 1000 -sha256 \
+                 -in "$1".csr -signkey ../server-key.pem \
+                 -out "$1".pem -extensions req_ext -extfile "$1".conf
     check_result $?
     rm "$1".conf
     rm "$1".csr
@@ -126,6 +120,31 @@ generate_test_cert() {
     check_result $?
 }
 
+generate_test_trusted_cert() {
+    rm "$1".der
+    rm "$1".pem
+
+    echo "step 1 create configuration"
+    build_test_cert_conf "$1" "$2" "$3"
+    check_result $?
+
+    echo "step 2 create csr"
+    openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf
+    check_result $?
+
+    echo "step 3 check csr"
+    openssl req -text -noout -in "$1".csr -config "$1".conf
+    check_result $?
+
+    echo "step 4 create cert"
+    openssl x509 -req -days 1000 -sha256 \
+                 -in "$1".csr -signkey ../server-key.pem \
+                 -out "$1".pem -extensions req_ext -addtrust serverAuth -trustout -extfile "$1".conf
+    check_result $?
+    rm "$1".conf
+    rm "$1".csr
+}
+
 generate_expired_certs() {
     rm "$1".der
     rm "$1".pem
@@ -206,3 +225,6 @@ generate_test_cert server-garbage localhost garbage
 # Generate Expired Certificates
 generate_expired_certs expired/expired-ca ../ca-key.pem 1
 generate_expired_certs expired/expired-cert ../server-key.pem
+
+
+generate_test_trusted_cert ossl-trusted-cert localhost "" 1
diff --git a/certs/test/include.am b/certs/test/include.am
index 8f123f35f..c69ec42b8 100644
--- a/certs/test/include.am
+++ b/certs/test/include.am
@@ -29,7 +29,14 @@ EXTRA_DIST += \
          certs/test/cert-ext-joi.cfg \
          certs/test/cert-ext-multiple.cfg \
          certs/test/cert-ext-multiple.der \
-         certs/test/cert-ext-multiple.pem
+         certs/test/cert-ext-multiple.pem \
+         certs/test/cert-bad-neg-int.der \
+         certs/test/cert-bad-oid.der \
+         certs/test/cert-bad-utf8.der \
+         certs/test/cert-over-max-altnames.cfg \
+         certs/test/cert-over-max-altnames.pem \
+         certs/test/cert-over-max-nc.cfg \
+         certs/test/cert-over-max-nc.pem
 
 # The certs/server-cert with the last byte (signature byte) changed
 EXTRA_DIST += \
@@ -60,6 +67,7 @@ EXTRA_DIST += \
          certs/test/server-badaltname.pem \
          certs/test/server-localhost.der \
          certs/test/server-localhost.pem \
+         certs/test/ossl-trusted-cert.pem \
          certs/test/ktri-keyid-cms.msg \
          certs/test/smime-test.p7s \
          certs/test/smime-test-canon.p7s \
diff --git a/certs/test/ktri-keyid-cms.msg b/certs/test/ktri-keyid-cms.msg
index 85b22ad2a..ba68571f7 100644
Binary files a/certs/test/ktri-keyid-cms.msg and b/certs/test/ktri-keyid-cms.msg differ
diff --git a/certs/test/ossl-trusted-cert.pem b/certs/test/ossl-trusted-cert.pem
new file mode 100644
index 000000000..e8e2ea1b7
--- /dev/null
+++ b/certs/test/ossl-trusted-cert.pem
@@ -0,0 +1,29 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUwMTMw
+MjE0NTQ2WhcNMjcxMDI3MjE0NTQ2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
+BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
+M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
+DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFACr6s+Ce0259tiQB3+gnZ7kb6T9MAwG
+A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBqX+1+
+o2hLg3bT22ktzzG7y1Xu+7ZymPHCf7c2inTuFQq8epdbQ4RHwlk9/y8T52CM063y
+DJPPzXBYiGFwLo7Eff3pOCxsGRCGZZm5Yj/oCgN2dEywDPoOf6J+PBz589obsYU6
+d2QqcnhghWK6pM+9OdR5idtv4tOpnPEpehMJE14Oxg36nNDobn2rqKgSrvd1xbEh
+SnNwN6ZYwlLHCj+uGEEIFiLfZFisaEqmQlXA1THIUJMMypiwJ9snSXzZN6g+Ssw7
+AG+1kSbrbpnuECTBO4GBoJ7qcnhqPe1fbP/atwb7hh4RiHKXEVVQv96fu6BZ3cHH
+rb8OQ3qAW+juUlxaMAwwCgYIKwYBBQUHAwE=
+-----END TRUSTED CERTIFICATE-----
diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der
index f7181161f..6c3b272d2 100644
Binary files a/certs/test/server-badaltname.der and b/certs/test/server-badaltname.der differ
diff --git a/certs/test/server-badaltname.pem b/certs/test/server-badaltname.pem
index dbd2d157a..eae252bec 100644
--- a/certs/test/server-badaltname.pem
+++ b/certs/test/server-badaltname.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            76:31:fe:b4:f4:ed:14:f1:b8:24:69:74:77:72:59:ce:c1:61:05:a0
+            2a:28:73:f4:22:96:4c:a2:52:a0:5f:54:72:35:38:8c:f7:49:98:9b
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:www.nomatch.com
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         3c:65:49:0e:32:4f:66:4b:ab:7d:a1:10:d4:ac:1f:8f:ed:70:
-         a5:62:eb:83:90:26:30:9a:2b:3e:fd:6c:d0:5d:ae:ac:3f:96:
-         89:76:31:8a:72:ab:c7:f7:25:a4:f5:d5:87:47:ec:71:d8:04:
-         a1:32:56:a0:b1:60:11:e8:11:3e:97:87:1f:d8:39:03:e1:22:
-         91:01:bd:ec:38:f3:26:d9:d0:0a:67:99:c2:c4:06:89:5a:45:
-         d9:cb:49:ba:df:ee:f3:a9:11:0b:7b:89:7d:e4:e1:78:c7:60:
-         ed:d6:66:4e:54:9a:9b:07:f8:f8:cb:86:bd:1a:5a:56:ae:9e:
-         89:74:01:d0:a8:47:c5:be:22:b1:a1:0c:d1:5e:cb:0a:df:46:
-         8f:f6:ed:2c:a0:fa:24:41:92:f5:eb:28:e6:5e:a1:04:c2:b2:
-         51:f0:55:78:fc:e0:52:e7:ac:dd:ff:59:f0:36:d7:d0:c3:b7:
-         0e:b4:d9:8d:cb:df:23:28:aa:df:bd:07:e9:65:24:76:10:28:
-         09:43:7a:be:20:2d:e3:3c:0d:4a:18:e0:b4:15:c9:be:d7:bf:
-         b5:46:ae:92:94:c2:b6:c1:b4:26:9d:0a:ef:17:0e:dd:c4:25:
-         44:78:a8:e2:08:b9:65:3d:05:de:54:17:c9:74:71:f9:c8:bb:
-         66:4e:c9:85
+    Signature Value:
+        a0:80:d8:92:67:d6:c0:f0:21:39:cd:e9:66:56:bd:ce:76:95:
+        41:99:ca:4f:ed:5a:1f:c4:74:87:27:67:56:a6:15:39:65:2d:
+        1c:d7:04:99:2c:05:cf:b0:73:8a:19:63:5c:17:f6:07:e0:fd:
+        6d:35:bf:1e:99:7e:3b:7a:32:36:9f:df:cd:c0:1b:cb:95:57:
+        bb:d0:3a:5a:7b:ec:d5:1c:fc:72:64:05:c9:ae:1a:f3:77:1a:
+        04:c7:c5:b8:a8:d2:9e:8f:6c:40:50:af:d1:2a:07:23:5a:eb:
+        50:29:e7:48:27:9d:f5:d3:6c:1e:c8:21:e1:04:0c:0c:0e:95:
+        67:8c:9d:8c:c4:a5:be:50:fc:d6:76:12:cf:6d:fb:32:45:f5:
+        75:97:50:21:cd:57:c3:9c:20:18:38:a1:92:9e:2e:36:02:10:
+        c2:c3:a5:52:32:7e:d1:b6:98:86:d2:5b:63:b7:ef:0f:12:c4:
+        96:92:a7:ca:41:42:c0:dd:24:f5:e1:9f:68:bc:fc:ae:23:98:
+        0e:93:7b:52:ad:ff:e4:f4:45:af:9f:7b:5d:db:0b:60:fa:56:
+        62:3d:71:a2:52:59:51:87:4a:55:f6:bb:fb:04:bd:e1:3b:48:
+        a4:20:37:40:03:f6:56:6e:22:af:c9:89:3a:a7:d0:b4:80:e9:
+        4b:9c:e0:84
 -----BEGIN CERTIFICATE-----
-MIIDsjCCApqgAwIBAgIUdjH+tPTtFPG4JGl0d3JZzsFhBaAwDQYJKoZIhvcNAQEL
+MIID0TCCArmgAwIBAgIUKihz9CKWTKJSoF9UcjU4jPdJmJswDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABox4wHDAaBgNVHREEEzARgg93d3cubm9tYXRjaC5j
-b20wDQYJKoZIhvcNAQELBQADggEBADxlSQ4yT2ZLq32hENSsH4/tcKVi64OQJjCa
-Kz79bNBdrqw/lol2MYpyq8f3JaT11YdH7HHYBKEyVqCxYBHoET6Xhx/YOQPhIpEB
-vew48ybZ0ApnmcLEBolaRdnLSbrf7vOpEQt7iX3k4XjHYO3WZk5UmpsH+PjLhr0a
-Wlaunol0AdCoR8W+IrGhDNFeywrfRo/27Syg+iRBkvXrKOZeoQTCslHwVXj84FLn
-rN3/WfA219DDtw602Y3L3yMoqt+9B+llJHYQKAlDer4gLeM8DUoY4LQVyb7Xv7VG
-rpKUwrbBtCadCu8XDt3EJUR4qOIIuWU9Bd5UF8l0cfnIu2ZOyYU=
+4eZhg8XSlt/Z0E+t1wIDAQABoz0wOzAaBgNVHREEEzARgg93d3cubm9tYXRjaC5j
+b20wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUA
+A4IBAQCggNiSZ9bA8CE5zelmVr3OdpVBmcpP7VofxHSHJ2dWphU5ZS0c1wSZLAXP
+sHOKGWNcF/YH4P1tNb8emX47ejI2n9/NwBvLlVe70Dpae+zVHPxyZAXJrhrzdxoE
+x8W4qNKej2xAUK/RKgcjWutQKedIJ53102weyCHhBAwMDpVnjJ2MxKW+UPzWdhLP
+bfsyRfV1l1AhzVfDnCAYOKGSni42AhDCw6VSMn7RtpiG0ltjt+8PEsSWkqfKQULA
+3ST14Z9ovPyuI5gOk3tSrf/k9EWvn3td2wtg+lZiPXGiUllRh0pV9rv7BL3hO0ik
+IDdAA/ZWbiKvyYk6p9C0gOlLnOCE
 -----END CERTIFICATE-----
diff --git a/certs/test/server-badaltnull.der b/certs/test/server-badaltnull.der
index d34ca7e97..d7b1e3192 100644
Binary files a/certs/test/server-badaltnull.der and b/certs/test/server-badaltnull.der differ
diff --git a/certs/test/server-badaltnull.pem b/certs/test/server-badaltnull.pem
index 530b307d8..121f47292 100644
--- a/certs/test/server-badaltnull.pem
+++ b/certs/test/server-badaltnull.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            75:94:fd:49:d7:c1:2b:ca:02:75:4d:37:61:ca:48:1b:60:40:bc:e2
+            5b:6e:37:ff:6f:59:9b:23:63:13:8f:d2:c3:a7:c6:8a:6a:14:92:31
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 0
..localhost.h
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         9c:a2:c0:49:d7:4b:a2:cf:6d:83:b7:06:a0:b2:60:4e:a3:ca:
-         57:8e:0f:8f:65:0a:e5:3b:12:8f:06:5e:f7:7c:4c:22:09:8e:
-         88:a9:34:c4:ed:5a:01:45:8e:c6:06:bc:f9:41:96:6f:dc:7c:
-         3e:5b:b9:19:ff:77:f1:49:a1:84:e9:11:8a:d2:d7:6c:13:53:
-         cd:48:61:7d:a4:0b:30:e9:62:32:f5:01:a4:27:5c:3b:d1:cf:
-         cb:cb:c6:8d:2d:9d:3f:89:46:13:4f:2c:5b:4c:a8:ab:7d:23:
-         a5:98:9f:ad:ba:fc:2c:4b:44:17:3d:99:8d:7a:53:21:f7:8f:
-         25:d8:84:ba:41:c2:c9:0f:24:d7:06:6e:cc:93:f7:13:f3:21:
-         64:05:b0:82:96:44:d0:1d:dd:e0:5c:d1:32:f2:55:08:25:05:
-         2a:23:d6:ae:bc:e5:29:8d:13:06:1d:d0:cc:9e:b0:04:c2:1c:
-         3e:c5:6d:60:6b:d8:25:d8:23:0a:8c:f9:74:7a:e5:5b:21:b6:
-         b5:74:de:c9:34:2d:75:c5:01:41:47:c6:76:08:8c:21:59:4f:
-         4d:9b:16:05:c1:43:15:a2:17:b2:ab:70:6a:51:18:3f:c9:ac:
-         48:16:a1:23:38:e2:90:ea:ac:df:5a:b5:7f:ed:be:9b:42:a5:
-         e2:2b:5c:c7
+    Signature Value:
+        7b:28:fc:26:31:e7:6f:e7:da:82:ea:7e:e8:f4:f6:f4:23:fb:
+        c8:97:e9:c8:f2:25:50:f6:02:90:4c:ad:df:5d:9b:0e:02:e8:
+        93:94:30:88:0b:09:7d:fd:0f:90:2b:d1:06:b0:4f:96:1a:9e:
+        ca:1e:3b:13:97:96:3f:fe:b4:d7:73:bc:c3:ad:c3:31:90:c9:
+        85:87:63:1a:75:29:74:b5:3c:79:a7:5f:b8:83:16:98:03:a8:
+        9e:09:9c:91:97:67:78:ba:6b:96:f6:fa:fc:56:81:bc:3d:3e:
+        47:5f:01:c4:ad:e1:8d:65:24:ca:31:37:49:d0:cf:8e:cc:9e:
+        c6:3f:3e:b7:98:62:0c:6c:f0:01:8f:03:0b:79:06:69:1c:52:
+        7d:01:80:4e:09:b1:fb:80:64:19:76:bd:42:be:bf:59:85:e5:
+        70:88:a9:8d:19:19:e1:64:54:ed:71:1e:08:04:cf:64:23:e7:
+        6e:23:d1:5d:cc:46:3c:c2:00:14:dc:84:91:b5:bc:ae:e4:a1:
+        d0:f5:92:3f:9c:eb:28:02:cd:ca:e8:90:cd:68:41:20:a3:ed:
+        d3:73:99:ac:74:da:91:21:79:ca:5f:8d:d7:93:b6:14:66:8b:
+        f4:0f:bd:17:fd:9c:d6:40:e0:52:42:26:dd:45:f3:f5:7b:53:
+        14:7f:a5:08
 -----BEGIN CERTIFICATE-----
-MIIDrjCCApagAwIBAgIUdZT9SdfBK8oCdU03YcpIG2BAvOIwDQYJKoZIhvcNAQEL
+MIIDzTCCArWgAwIBAgIUW243/29ZmyNjE4/Sw6fGimoUkjEwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABoxowGDAWBgNVHREEDzANggtsb2NhbGhvc3QAaDAN
-BgkqhkiG9w0BAQsFAAOCAQEAnKLASddLos9tg7cGoLJgTqPKV44Pj2UK5TsSjwZe
-93xMIgmOiKk0xO1aAUWOxga8+UGWb9x8Plu5Gf938UmhhOkRitLXbBNTzUhhfaQL
-MOliMvUBpCdcO9HPy8vGjS2dP4lGE08sW0yoq30jpZifrbr8LEtEFz2ZjXpTIfeP
-JdiEukHCyQ8k1wZuzJP3E/MhZAWwgpZE0B3d4FzRMvJVCCUFKiPWrrzlKY0TBh3Q
-zJ6wBMIcPsVtYGvYJdgjCoz5dHrlWyG2tXTeyTQtdcUBQUfGdgiMIVlPTZsWBcFD
-FaIXsqtwalEYP8msSBahIzjikOqs31q1f+2+m0Kl4itcxw==
+4eZhg8XSlt/Z0E+t1wIDAQABozkwNzAWBgNVHREEDzANggtsb2NhbGhvc3QAaDAd
+BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZIhvcNAQELBQADggEB
+AHso/CYx52/n2oLqfuj09vQj+8iX6cjyJVD2ApBMrd9dmw4C6JOUMIgLCX39D5Ar
+0QawT5YansoeOxOXlj/+tNdzvMOtwzGQyYWHYxp1KXS1PHmnX7iDFpgDqJ4JnJGX
+Z3i6a5b2+vxWgbw9PkdfAcSt4Y1lJMoxN0nQz47MnsY/PreYYgxs8AGPAwt5Bmkc
+Un0BgE4JsfuAZBl2vUK+v1mF5XCIqY0ZGeFkVO1xHggEz2Qj524j0V3MRjzCABTc
+hJG1vK7kodD1kj+c6ygCzcrokM1oQSCj7dNzmax02pEhecpfjdeTthRmi/QPvRf9
+nNZA4FJCJt1F8/V7UxR/pQg=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-badcn.der b/certs/test/server-badcn.der
index a707a5f0f..4aeb08c78 100644
Binary files a/certs/test/server-badcn.der and b/certs/test/server-badcn.der differ
diff --git a/certs/test/server-badcn.pem b/certs/test/server-badcn.pem
index ad42bb9aa..24be9f5ad 100644
--- a/certs/test/server-badcn.pem
+++ b/certs/test/server-badcn.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:9d:a3:77:36:7a:b9:40:c0:3f:62:ae:d7:80:c0:a4:88:f9:82:5f
+            5e:0c:68:fc:ee:45:c3:c4:93:92:92:1b:f0:6e:45:c8:a0:bd:e7:d2
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,28 +32,32 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         2f:03:d9:42:ae:10:f3:4b:42:c1:9d:6a:aa:09:da:f1:55:8a:
-         0b:76:ce:51:d5:16:95:24:49:ac:14:1b:f6:b4:81:bd:c4:2b:
-         9c:f2:34:8b:a5:18:a6:00:82:70:00:c1:8f:26:90:da:70:70:
-         60:bf:c8:98:d2:d1:c7:86:fd:68:60:f2:54:46:e5:e0:d9:58:
-         c4:85:01:32:b1:02:43:06:61:f5:61:3f:fd:80:b0:75:2c:3a:
-         50:d8:c9:11:6e:36:17:8e:e0:a6:3f:b1:bd:17:96:31:c9:04:
-         e9:53:84:6a:e6:bc:c3:82:1a:fc:8f:63:e9:68:c9:b3:ed:61:
-         8d:08:a2:9d:c8:4e:57:09:50:2c:16:6f:9a:c7:31:cc:6c:fd:
-         3c:37:01:06:f1:c7:98:e6:c5:ee:cb:3e:6f:6b:20:bc:dc:64:
-         17:2e:d7:5b:95:2a:18:e5:ab:4c:5e:97:1c:e5:7d:e5:72:cd:
-         fe:b6:6d:9b:36:c6:4b:70:dc:97:5f:49:31:93:1b:2b:ca:d1:
-         c8:12:24:31:c2:78:50:bf:aa:28:e6:42:78:ae:e1:08:7a:64:
-         da:46:89:d6:07:4a:cb:51:36:69:11:6c:a9:61:fc:b1:03:21:
-         c2:82:6a:15:d7:98:58:1c:40:55:08:e0:32:9e:05:78:c6:a0:
-         b8:d9:11:2f
+    Signature Value:
+        81:71:e5:13:96:ab:99:46:c2:9e:8b:7c:b1:1c:96:08:f0:39:
+        fd:ad:85:ef:6f:54:60:6c:d4:ec:b4:65:69:3e:37:e3:c3:37:
+        ea:22:b8:79:ae:ba:b3:c4:29:8d:87:84:93:f4:74:81:7d:e6:
+        1d:2d:ee:37:86:4c:f2:a2:e8:b5:a7:ad:e4:c3:43:fa:9e:ff:
+        2b:d8:48:22:05:6c:e3:56:49:47:27:f6:3f:bb:45:5f:a2:25:
+        bc:24:3c:c6:16:57:3d:db:98:56:5c:47:a5:f7:ad:ee:0b:94:
+        f1:b8:5c:6a:5e:69:fc:a4:2e:b3:24:21:13:2b:0d:25:1b:2a:
+        ba:bb:e8:00:d2:80:59:e6:1f:01:f5:62:9d:70:84:04:dd:f2:
+        5f:ab:c0:6c:f8:75:37:e1:a4:14:df:ac:9c:ff:63:bd:70:92:
+        4a:c1:dd:2e:79:05:40:94:c4:92:2b:33:5d:aa:00:0f:d9:a1:
+        aa:48:79:4a:8b:c3:54:c4:cc:63:e6:4d:d6:cd:80:b2:77:6a:
+        63:16:6d:3b:47:63:e9:3d:41:e1:d2:d0:41:00:83:20:35:c6:
+        7d:36:5f:62:bf:a9:a1:a7:bf:c2:b4:44:9f:3c:f3:33:28:47:
+        01:bc:be:fb:4b:9c:81:4a:f8:81:b9:6f:cc:a4:81:95:79:24:
+        e7:06:6b:8e
 -----BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIUM52jdzZ6uUDAP2Ku14DApIj5gl8wDQYJKoZIhvcNAQEL
+MIIDtTCCAp2gAwIBAgIUXgxo/O5Fw8STkpIb8G5FyKC959IwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -62,11 +66,11 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvA9lCrhDzS0LB
-nWqqCdrxVYoLds5R1RaVJEmsFBv2tIG9xCuc8jSLpRimAIJwAMGPJpDacHBgv8iY
-0tHHhv1oYPJURuXg2VjEhQEysQJDBmH1YT/9gLB1LDpQ2MkRbjYXjuCmP7G9F5Yx
-yQTpU4Rq5rzDghr8j2PpaMmz7WGNCKKdyE5XCVAsFm+axzHMbP08NwEG8ceY5sXu
-yz5vayC83GQXLtdblSoY5atMXpcc5X3lcs3+tm2bNsZLcNyXX0kxkxsrytHIEiQx
-wnhQv6oo5kJ4ruEIemTaRonWB0rLUTZpEWypYfyxAyHCgmoV15hYHEBVCOAyngV4
-xqC42REv
+4eZhg8XSlt/Z0E+t1wIDAQABoyEwHzAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNC
+yh8OjjwwDQYJKoZIhvcNAQELBQADggEBAIFx5ROWq5lGwp6LfLEclgjwOf2the9v
+VGBs1Oy0ZWk+N+PDN+oiuHmuurPEKY2HhJP0dIF95h0t7jeGTPKi6LWnreTDQ/qe
+/yvYSCIFbONWSUcn9j+7RV+iJbwkPMYWVz3bmFZcR6X3re4LlPG4XGpeafykLrMk
+IRMrDSUbKrq76ADSgFnmHwH1Yp1whATd8l+rwGz4dTfhpBTfrJz/Y71wkkrB3S55
+BUCUxJIrM12qAA/ZoapIeUqLw1TEzGPmTdbNgLJ3amMWbTtHY+k9QeHS0EEAgyA1
+xn02X2K/qaGnv8K0RJ888zMoRwG8vvtLnIFK+IG5b8ykgZV5JOcGa44=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-badcnnull.der b/certs/test/server-badcnnull.der
index bd1524f6f..c493efb53 100644
Binary files a/certs/test/server-badcnnull.der and b/certs/test/server-badcnnull.der differ
diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem
index ed89ce736..8f35c0aa3 100644
--- a/certs/test/server-badcnnull.pem
+++ b/certs/test/server-badcnnull.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            29:9c:4e:32:2d:67:08:52:16:03:ba:4f:eb:47:e3:a2:ef:55:06:15
+            17:94:c2:a9:62:50:9d:86:e1:29:9f:9b:fc:aa:fd:1c:ea:5f:d9:d2
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,29 +32,33 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         b7:a0:3f:bf:60:6d:0e:49:aa:e4:a8:00:b6:7d:d5:15:58:60:
-         5d:cb:40:70:46:04:6c:e3:6d:04:b0:2a:eb:e2:64:b3:4f:a6:
-         47:ae:22:c8:41:a1:cc:01:0c:1a:b2:6f:d2:e5:cf:b8:ac:c7:
-         3c:a8:04:0d:7e:53:c5:9f:ec:f6:26:1e:d7:ed:6d:44:a5:8f:
-         64:7b:bd:f4:19:fd:70:d5:39:7a:d9:22:72:2d:ec:09:0d:61:
-         e9:1f:3d:61:70:13:1c:d6:34:44:1d:04:a7:2c:96:08:0b:e6:
-         63:e5:02:e6:95:d3:49:75:a9:e2:d0:e4:6e:9c:87:17:3a:30:
-         d4:dd:16:58:f8:cc:39:ff:a4:2d:3f:26:bf:40:92:6e:b2:b6:
-         6d:03:d8:68:a2:4a:3d:cf:b9:00:93:58:54:5a:ef:ea:6d:28:
-         c3:8c:c1:0e:60:5a:8c:df:5d:d5:0b:cb:b5:e5:6c:57:7a:b6:
-         ac:8c:64:67:f4:68:8d:73:50:41:11:6c:14:b6:65:7d:57:ff:
-         27:b5:f3:5e:7e:d4:07:29:49:6b:0c:aa:ed:b2:aa:32:a3:b4:
-         78:bc:2d:18:6f:a6:fa:ea:b2:c8:a4:a3:f2:cc:da:43:9c:eb:
-         92:ea:7a:1a:8f:4b:ed:87:eb:f6:80:ea:6a:de:d7:ac:0e:9e:
-         47:2d:37:30
+    Signature Value:
+        17:68:5d:de:f1:0e:17:a5:79:89:e1:75:ec:32:c7:91:92:19:
+        80:57:05:c7:ed:0d:ee:ba:62:79:d0:16:0e:68:82:69:65:c9:
+        f3:a7:d0:cc:88:8b:29:62:cd:b5:ba:ae:7b:9f:50:8f:5e:97:
+        94:ce:9c:b4:20:6c:0c:e7:8f:0a:b6:fd:42:36:a3:9f:da:c6:
+        ee:d4:0a:2b:ea:60:06:5f:1d:f2:e9:33:87:51:44:a2:15:c2:
+        8f:32:82:ef:ff:24:e5:8f:e7:23:98:1c:5c:22:c4:d7:27:12:
+        33:8e:ad:77:5b:35:d4:87:6e:c3:92:1b:df:a6:b3:df:66:16:
+        e0:d6:85:42:78:eb:b4:1a:0d:56:89:a5:e7:d4:db:b0:23:48:
+        c8:5f:a3:a7:c0:cc:46:40:96:3d:be:bb:b9:10:03:46:2d:67:
+        c8:e7:f1:6b:25:f3:ae:57:3d:dc:c8:06:1b:d3:8d:97:35:c1:
+        07:b9:0e:c1:26:a1:30:71:90:e8:79:84:8a:c6:36:8f:36:cc:
+        a5:0a:12:90:dd:19:a2:cc:e2:d6:c5:7d:53:b2:a5:86:fd:b8:
+        8f:bd:5f:6c:59:49:5a:ef:8b:d6:ac:d3:cc:ae:d7:6b:6a:fc:
+        f1:df:17:48:c0:11:42:a1:29:5e:3f:57:ed:2d:c1:b9:09:b5:
+        6e:dc:3f:3f
 -----BEGIN CERTIFICATE-----
-MIID1DCCArygAwIBAgIUKZxOMi1nCFIWA7pP60fjou9VBhUwDQYJKoZIhvcNAQEL
+MIID9zCCAt+gAwIBAgIUF5TCqWJQnYbhKZ+b/Kr9HOpf2dIwDQYJKoZIhvcNAQEL
 BQAwgaMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzE5MDcGA1UEAwwwREVSOjMwOjBk
 OjgyOjBiOjZjOjZmOjYzOjYxOjZjOjY4OjZmOjczOjc0OjAwOjY4MR8wHQYJKoZI
-hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkw
-ODIyMTkyOVowgaMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIzMTEyM1oXDTI3MDkx
+NDIzMTEyM1owgaMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
 VQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzE5MDcGA1UEAwwwREVS
 OjMwOjBkOjgyOjBiOjZjOjZmOjYzOjYxOjZjOjY4OjZmOjczOjc0OjAwOjY4MR8w
 HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEF
@@ -63,11 +67,12 @@ fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwb
 U7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEu
 uBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTS
 ELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0
-sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABMA0GCSqGSIb3DQEB
-CwUAA4IBAQC3oD+/YG0OSarkqAC2fdUVWGBdy0BwRgRs420EsCrr4mSzT6ZHriLI
-QaHMAQwasm/S5c+4rMc8qAQNflPFn+z2Jh7X7W1EpY9ke730Gf1w1Tl62SJyLewJ
-DWHpHz1hcBMc1jREHQSnLJYIC+Zj5QLmldNJdani0ORunIcXOjDU3RZY+Mw5/6Qt
-Pya/QJJusrZtA9hooko9z7kAk1hUWu/qbSjDjMEOYFqM313VC8u15WxXerasjGRn
-9GiNc1BBEWwUtmV9V/8ntfNeftQHKUlrDKrtsqoyo7R4vC0Yb6b66rLIpKPyzNpD
-nOuS6noaj0vth+v2gOpq3tesDp5HLTcw
+sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABoyEwHzAdBgNVHQ4E
+FgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZIhvcNAQELBQADggEBABdoXd7x
+DheleYnhdewyx5GSGYBXBcftDe66YnnQFg5ogmllyfOn0MyIiylizbW6rnufUI9e
+l5TOnLQgbAznjwq2/UI2o5/axu7UCivqYAZfHfLpM4dRRKIVwo8ygu//JOWP5yOY
+HFwixNcnEjOOrXdbNdSHbsOSG9+ms99mFuDWhUJ467QaDVaJpefU27AjSMhfo6fA
+zEZAlj2+u7kQA0YtZ8jn8Wsl865XPdzIBhvTjZc1wQe5DsEmoTBxkOh5hIrGNo82
+zKUKEpDdGaLM4tbFfVOypYb9uI+9X2xZSVrvi9as08yu12tq/PHfF0jAEUKhKV4/
+V+0twbkJtW7cPz8=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-cert-ecc-badsig.der b/certs/test/server-cert-ecc-badsig.der
index 3e1a890db..d9fee3fd2 100644
Binary files a/certs/test/server-cert-ecc-badsig.der and b/certs/test/server-cert-ecc-badsig.der differ
diff --git a/certs/test/server-cert-ecc-badsig.pem b/certs/test/server-cert-ecc-badsig.pem
index 13285961c..ff32a1750 100644
--- a/certs/test/server-cert-ecc-badsig.pem
+++ b/certs/test/server-cert-ecc-badsig.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -23,8 +23,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -34,16 +33,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:86:bd:87:16:d2:9c:66:e7:5e:5c:28:0e:5f:
-         ef:94:61:2f:d4:21:6d:8e:c3:94:0a:1e:b5:6a:1d:c6:04:87:
-         c6:02:20:66:46:c4:29:d9:8e:eb:0b:f7:5b:32:13:eb:0a:ea:
-         47:99:4b:74:56:ba:21:97:b1:67:75:5c:f3:f3:c0:88:aa
+    Signature Value:
+        30:45:02:21:00:8b:82:a5:d2:f6:ca:84:ba:ad:2d:de:36:e9:
+        2a:4d:ee:4b:20:46:ba:ab:4e:d0:10:6e:eb:30:b6:7e:d8:af:
+        8c:02:20:06:74:40:6a:a9:31:54:fe:20:9d:c6:6d:2b:df:1d:
+        aa:63:da:fc:97:50:87:92:69:ee:63:57:b6:ec:e2:e9:fa
 -----BEGIN CERTIFICATE-----
 MIICojCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
 bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
@@ -51,7 +51,7 @@ A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
 IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
 K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud
 EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG
-CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAhr2HFtKcZudeXCgO
-X++UYS/UIW2Ow5QKHrVqHcYEh8YCIGZGxCnZjusL91syE+sK6keZS3RWuiGXsWd1
-XPPzxIiq
+CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAi4Kl0vbKhLqtLd42
+6SpN7ksgRrqrTtAQbuswtn7Yr4wCIAZ0QGqpMVT+IJ3GbSvfHapj2vyXUIeSae5j
+V7bsxun6
 -----END CERTIFICATE-----
diff --git a/certs/test/server-cert-rsa-badsig.der b/certs/test/server-cert-rsa-badsig.der
index e5cb198f6..91c6fa74d 100644
Binary files a/certs/test/server-cert-rsa-badsig.der and b/certs/test/server-cert-rsa-badsig.der differ
diff --git a/certs/test/server-cert-rsa-badsig.pem b/certs/test/server-cert-rsa-badsig.pem
index 171894d22..ab49b8f35 100644
--- a/certs/test/server-cert-rsa-badsig.pem
+++ b/certs/test/server-cert-rsa-badsig.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         4a:ff:b9:e5:85:9b:da:53:66:7f:07:22:bf:b6:19:ea:42:eb:
-         a4:11:07:62:ff:39:5f:33:37:3a:87:26:71:3d:13:b2:ca:b8:
-         64:38:7b:8a:99:48:0e:a5:a4:6b:b1:99:6e:e0:46:51:bd:19:
-         52:ad:bc:a6:7e:2a:7a:7c:23:a7:cc:db:5e:43:7d:6b:04:c8:
-         b7:dd:95:ad:f0:91:80:59:c5:19:91:26:27:91:b8:48:1c:eb:
-         55:b6:aa:7d:a4:38:f1:03:bc:6c:8b:aa:94:d6:3c:05:7a:96:
-         c5:06:f1:26:14:2e:75:fb:dd:e5:35:b3:01:2c:b3:ad:62:5a:
-         21:9a:08:be:56:fc:f9:a2:42:87:86:e5:a9:c5:99:cf:ae:14:
-         be:e0:b9:08:24:0d:1d:5c:d6:14:e1:4c:9f:40:b3:a9:e9:2d:
-         52:8b:4c:bf:ac:44:31:67:c1:8d:06:85:ec:0f:e4:99:d7:4b:
-         7b:21:06:66:d4:e4:f5:9d:ff:8e:f0:86:39:58:1d:a4:5b:e2:
-         63:ef:7c:c9:18:87:a8:02:25:10:3e:87:28:f9:f5:ef:47:9e:
-         a5:80:08:11:90:68:fe:d1:a3:a8:51:b9:37:ff:d5:ca:7c:87:
-         7f:6b:bc:2c:12:c8:c5:85:8b:fc:0c:c6:b9:86:b8:c9:04:c3:
-         51:37:d2:4f
+    Signature Value:
+        8a:f1:4e:e8:9f:59:b2:d9:13:ac:fc:42:c4:81:34:9f:6b:39:
+        57:9c:e9:92:5d:41:ac:05:35:b1:26:93:4d:4a:da:f8:51:82:
+        d2:8d:7f:d3:5c:6e:29:80:8d:9b:02:10:2b:64:f5:d1:31:06:
+        fa:85:2b:8f:63:32:14:76:7a:39:15:f3:4e:dd:fd:e2:2c:90:
+        15:d1:6f:73:87:ee:e6:c8:eb:ad:40:d5:e8:94:1f:a6:7e:26:
+        5b:87:ba:0f:06:5a:4d:55:7a:aa:c4:09:34:8b:f7:e5:cc:d6:
+        b7:6c:46:6d:a1:e6:66:66:4c:4b:e5:12:31:37:54:49:64:a5:
+        66:eb:e0:c6:a1:49:f8:4d:c3:d3:55:a4:05:d2:ac:fb:e1:c8:
+        69:30:4b:98:fd:72:1a:ab:9f:86:eb:0d:bd:7c:a6:3d:81:d9:
+        01:a7:8a:79:ab:3c:ce:e5:b6:c3:1b:ef:7d:5e:37:7b:37:7c:
+        91:89:59:11:21:11:7c:05:80:e1:a8:d6:f9:35:da:1b:86:06:
+        5a:32:67:6c:a9:2b:e0:31:7b:89:53:37:42:af:34:a4:53:d2:
+        7c:91:50:63:3a:8e:4a:1f:a3:90:4e:7c:41:59:1d:eb:7b:a2:
+        14:87:ba:76:36:a4:77:46:34:f2:55:50:f0:24:9f:83:83:da:
+        a6:aa:3c:c8
 -----BEGIN CERTIFICATE-----
 MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
 BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -80,30 +80,30 @@ BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
 M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
 DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFGubcMbxo5RlGaEIWO+njSt6g8HaMAwG
 A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
-hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
-vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
-i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
-JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
-W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
-DMa5hrjJBMNRN9JP
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCK8U7o
+n1my2ROs/ELEgTSfazlXnOmSXUGsBTWxJpNNStr4UYLSjX/TXG4pgI2bAhArZPXR
+MQb6hSuPYzIUdno5FfNO3f3iLJAV0W9zh+7myOutQNXolB+mfiZbh7oPBlpNVXqq
+xAk0i/flzNa3bEZtoeZmZkxL5RIxN1RJZKVm6+DGoUn4TcPTVaQF0qz74chpMEuY
+/XIaq5+G6w29fKY9gdkBp4p5qzzO5bbDG+99Xjd7N3yRiVkRIRF8BYDhqNb5Ndob
+hgZaMmdsqSvgMXuJUzdCrzSkU9J8kVBjOo5KH6OQTnxBWR3re6IUh7p2NqR3RjTy
+VVDwJJ+Dg9qmqjzI
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -130,8 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -139,27 +138,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmixjU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NxjM=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-duplicate-policy.pem b/certs/test/server-duplicate-policy.pem
index 8450ca92c..36636668e 100644
--- a/certs/test/server-duplicate-policy.pem
+++ b/certs/test/server-duplicate-policy.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = testing duplicate policy, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Certificate Policies: 
@@ -47,29 +46,29 @@ Certificate:
                   CPS: www.wolfssl.com
                   User Notice:
                     Explicit Text: Test of duplicate OIDs with different qualifiers
-
     Signature Algorithm: sha256WithRSAEncryption
-         ae:92:7f:94:c1:59:de:ec:62:89:79:b5:70:75:22:54:90:c1:
-         42:6a:dd:79:50:7b:f5:eb:23:9e:99:84:6c:ba:ca:d8:2e:15:
-         ed:f2:cb:ee:2a:b7:50:ca:82:fe:52:87:93:cf:22:5a:db:23:
-         3f:c2:22:a4:5a:02:f9:73:ac:0e:fe:2e:62:fb:6a:5d:1d:71:
-         13:ae:b8:c3:af:e9:6a:4c:a9:73:ca:fb:a9:69:b3:a2:62:ec:
-         e8:20:44:63:bf:49:ea:aa:90:e4:00:9c:fe:69:8c:99:4a:32:
-         e6:1a:2b:ae:1b:b9:82:53:8c:b0:06:ac:10:40:42:aa:68:da:
-         40:b7:92:f0:78:f6:5a:b6:ae:a2:a6:45:58:05:58:58:ca:bc:
-         85:92:92:52:e2:a4:c0:aa:9e:9a:03:f1:d4:a9:1f:46:ed:49:
-         76:71:76:3a:bb:47:ee:12:24:60:db:a4:2c:0d:9c:62:bf:1d:
-         a3:b4:80:68:18:32:32:51:9f:0a:49:3e:5c:20:f4:45:c8:11:
-         4d:b3:43:b1:a1:33:8b:07:b5:b4:86:66:0c:f7:b9:62:0a:2f:
-         53:29:dd:d0:9a:1a:64:86:7e:f6:72:fd:f9:ee:75:a1:20:d5:
-         dc:9d:03:60:32:f6:11:a9:9b:56:d7:5d:b0:65:fd:5f:c8:0e:
-         08:a4:f0:e6
+    Signature Value:
+        57:df:4f:80:68:25:ae:e1:7e:dd:de:db:f9:73:17:bb:20:c7:
+        b9:32:fa:c6:3e:23:f7:36:e7:26:ac:8c:a3:f5:b4:09:1f:4d:
+        4e:fd:57:8b:4b:bb:4c:3f:87:4b:67:48:6b:1e:fa:45:a6:51:
+        c4:38:86:70:34:30:97:4f:93:79:a3:6c:3a:00:62:1b:65:8c:
+        38:1a:11:5b:e1:52:bb:20:df:4f:ba:e9:a9:2a:fe:96:44:09:
+        32:ae:50:7a:ef:eb:d3:cb:8a:31:39:da:db:42:82:96:56:a2:
+        37:ec:ac:92:a8:9d:f8:2a:11:cc:be:55:f8:f0:0c:ff:2d:3b:
+        da:4f:3d:50:01:17:b8:79:ac:95:f7:31:7b:74:de:df:e1:68:
+        08:f4:3d:5b:7c:c2:fe:87:b6:81:35:79:3b:ed:14:be:07:04:
+        70:b7:46:7f:de:a5:4f:3c:37:f8:40:85:9a:46:b7:8e:62:78:
+        74:81:69:ce:d7:1b:d1:e8:c1:2e:8a:f2:cf:4d:56:ff:4c:ec:
+        b9:05:da:fb:a1:f7:58:18:b0:29:6e:9c:15:03:e7:8c:e5:37:
+        59:52:4c:d3:c6:be:68:62:87:09:ca:25:3d:e3:a4:e2:bf:d0:
+        85:de:de:d0:b5:04:48:91:05:75:c3:d9:64:e0:69:70:d7:ed:
+        79:6a:3d:7f
 -----BEGIN CERTIFICATE-----
 MIIFMTCCBBmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf
 BgNVBAsMGHRlc3RpbmcgZHVwbGljYXRlIHBvbGljeTEYMBYGA1UEAwwPd3d3Lndv
 bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -83,31 +82,31 @@ o4IBfTCCAXkwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwCQYDVR0TBAIwADB2BgNVHSAEbzBtMAUGAyoDBDBkBgMq
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowCQYDVR0TBAIwADB2BgNVHSAEbzBtMAUGAyoDBDBkBgMq
 AwQwXTAbBggrBgEFBQcCARYPd3d3LndvbGZzc2wuY29tMD4GCCsGAQUFBwICMDIa
 MFRlc3Qgb2YgZHVwbGljYXRlIE9JRHMgd2l0aCBkaWZmZXJlbnQgcXVhbGlmaWVy
-czANBgkqhkiG9w0BAQsFAAOCAQEArpJ/lMFZ3uxiiXm1cHUiVJDBQmrdeVB79esj
-npmEbLrK2C4V7fLL7iq3UMqC/lKHk88iWtsjP8IipFoC+XOsDv4uYvtqXR1xE664
-w6/pakypc8r7qWmzomLs6CBEY79J6qqQ5ACc/mmMmUoy5horrhu5glOMsAasEEBC
-qmjaQLeS8Hj2WrauoqZFWAVYWMq8hZKSUuKkwKqemgPx1KkfRu1JdnF2OrtH7hIk
-YNukLA2cYr8do7SAaBgyMlGfCkk+XCD0RcgRTbNDsaEziwe1tIZmDPe5YgovUynd
-0JoaZIZ+9nL9+e51oSDV3J0DYDL2EambVtddsGX9X8gOCKTw5g==
+czANBgkqhkiG9w0BAQsFAAOCAQEAV99PgGglruF+3d7b+XMXuyDHuTL6xj4j9zbn
+JqyMo/W0CR9NTv1Xi0u7TD+HS2dIax76RaZRxDiGcDQwl0+TeaNsOgBiG2WMOBoR
+W+FSuyDfT7rpqSr+lkQJMq5Qeu/r08uKMTna20KCllaiN+yskqid+CoRzL5V+PAM
+/y072k89UAEXuHmslfcxe3Te3+FoCPQ9W3zC/oe2gTV5O+0UvgcEcLdGf96lTzw3
++ECFmka3jmJ4dIFpztcb0ejBLoryz01W/0zsuQXa+6H3WBiwKW6cFQPnjOU3WVJM
+08a+aGKHCcolPeOk4r/Qhd7e0LUESJEFdcPZZOBpcNfteWo9fw==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -134,8 +133,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -143,27 +141,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -178,12 +177,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-garbage.der b/certs/test/server-garbage.der
index c488dc57c..03e447221 100644
Binary files a/certs/test/server-garbage.der and b/certs/test/server-garbage.der differ
diff --git a/certs/test/server-garbage.pem b/certs/test/server-garbage.pem
index 4c074ef63..6726b63e1 100644
--- a/certs/test/server-garbage.pem
+++ b/certs/test/server-garbage.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            29:92:30:0a:e4:14:e1:59:32:49:a9:66:fd:11:f5:b2:16:d6:7a:d0
+            44:af:a7:b0:61:69:50:85:94:af:87:41:9b:43:ea:eb:6e:ce:bc:1c
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:garbage
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         34:5e:01:46:29:63:4f:93:cf:48:77:45:39:48:68:cf:c6:54:
-         94:56:14:6f:17:2d:e1:83:48:8b:91:70:6d:5f:d8:14:fc:a4:
-         a9:bc:fa:58:63:ce:57:2f:c5:b6:61:8b:c3:6d:dc:39:83:2e:
-         f3:78:d9:2b:b9:ed:f0:ef:c2:82:17:1b:ac:97:2a:c0:3a:9f:
-         f9:b7:6b:a6:0e:1c:af:17:be:74:d0:ff:11:ea:48:6d:f6:b8:
-         e8:11:db:c9:ca:49:e5:18:d9:51:3d:eb:76:56:b6:ce:da:cd:
-         a6:cb:ac:a3:06:5e:b7:b0:f6:2b:ba:dc:0f:c4:12:01:7e:8b:
-         c7:e4:ad:59:72:4a:a5:25:7a:bd:ec:1d:f4:89:f8:aa:c7:c8:
-         ad:8c:1c:d5:19:55:f9:32:75:f6:04:2c:67:86:d5:e8:f5:be:
-         bd:76:0b:bb:bb:8f:7d:1a:70:a2:9c:16:88:ca:de:14:9d:a2:
-         0a:23:36:fd:02:bc:6d:ee:f4:7a:41:e2:2d:21:d0:5f:eb:ec:
-         4e:4b:71:aa:80:57:63:da:39:2b:ce:37:5a:26:64:ad:6b:bc:
-         a6:24:90:b6:e8:b2:4a:19:98:e8:06:17:12:f8:57:74:44:f7:
-         b9:16:67:2d:be:66:fb:4d:a6:66:e7:b5:58:f8:9c:51:1d:56:
-         fd:ef:bf:6e
+    Signature Value:
+        7f:66:0a:08:a6:40:ae:0b:3f:2e:ab:e7:fb:16:93:d4:88:15:
+        a1:fe:e5:ef:1e:64:95:66:60:d4:59:4a:e5:3a:f0:12:40:6c:
+        8f:9f:42:b2:61:09:76:a0:bc:9c:49:90:17:29:3b:db:87:20:
+        ab:61:f7:73:e4:ea:45:08:56:2f:f4:11:32:b8:5c:30:b5:4f:
+        39:e6:32:41:5a:4c:a9:27:5a:a5:fa:29:44:b0:f0:88:39:1a:
+        0d:bc:4c:44:05:c5:5b:80:b1:75:5f:88:af:6b:65:f7:cd:96:
+        1b:cb:25:f9:90:83:bf:58:74:4d:2e:d5:e0:d3:a0:78:bb:79:
+        46:6c:3f:23:1f:f7:78:48:56:30:1a:1f:61:d7:a0:a3:10:78:
+        9f:32:1a:d7:c8:e0:67:0b:bd:5d:e5:77:54:54:af:e4:40:64:
+        f9:3e:13:5a:6f:f0:e7:bf:e5:a4:ef:7f:b9:23:e3:b0:75:b9:
+        e8:fa:d5:12:e8:df:5f:1e:09:1c:0a:89:c4:f5:a5:d1:af:eb:
+        37:fe:cf:19:85:5b:ce:fd:ad:7b:2c:b3:4c:44:3f:3e:45:c9:
+        83:0e:16:9b:a3:6d:25:a9:88:3f:46:7e:dd:21:8d:4a:a5:96:
+        3d:3e:71:fb:f7:4a:ea:ee:ab:b2:5d:ad:3d:3b:62:c8:bb:66:
+        a6:ac:07:7f
 -----BEGIN CERTIFICATE-----
-MIIDnDCCAoSgAwIBAgIUKZIwCuQU4VkySalm/RH1shbWetAwDQYJKoZIhvcNAQEL
+MIIDuzCCAqOgAwIBAgIURK+nsGFpUIWUr4dBm0Pq627OvBwwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTMw
-WhcNMjYwOTA4MjIxOTMwWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjMxMTIz
+WhcNMjcwOTE0MjMxMTIzWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
 YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV
 BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG
@@ -65,11 +68,11 @@ e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/
 C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM
 vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3
 uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC
-AwEAAaMWMBQwEgYDVR0RBAswCYIHZ2FyYmFnZTANBgkqhkiG9w0BAQsFAAOCAQEA
-NF4BRiljT5PPSHdFOUhoz8ZUlFYUbxct4YNIi5FwbV/YFPykqbz6WGPOVy/FtmGL
-w23cOYMu83jZK7nt8O/CghcbrJcqwDqf+bdrpg4crxe+dND/EepIbfa46BHbycpJ
-5RjZUT3rdla2ztrNpsusowZet7D2K7rcD8QSAX6Lx+StWXJKpSV6vewd9In4qsfI
-rYwc1RlV+TJ19gQsZ4bV6PW+vXYLu7uPfRpwopwWiMreFJ2iCiM2/QK8be70ekHi
-LSHQX+vsTktxqoBXY9o5K843WiZkrWu8piSQtuiyShmY6AYXEvhXdET3uRZnLb5m
-+02mZue1WPicUR1W/e+/bg==
+AwEAAaM1MDMwEgYDVR0RBAswCYIHZ2FyYmFnZTAdBgNVHQ4EFgQUsxEyyZKYhOLJ
++NA7bgNCyh8OjjwwDQYJKoZIhvcNAQELBQADggEBAH9mCgimQK4LPy6r5/sWk9SI
+FaH+5e8eZJVmYNRZSuU68BJAbI+fQrJhCXagvJxJkBcpO9uHIKth93Pk6kUIVi/0
+ETK4XDC1TznmMkFaTKknWqX6KUSw8Ig5Gg28TEQFxVuAsXVfiK9rZffNlhvLJfmQ
+g79YdE0u1eDToHi7eUZsPyMf93hIVjAaH2HXoKMQeJ8yGtfI4GcLvV3ld1RUr+RA
+ZPk+E1pv8Oe/5aTvf7kj47B1uej61RLo318eCRwKicT1pdGv6zf+zxmFW879rXss
+s0xEPz5FyYMOFpujbSWpiD9Gft0hjUqllj0+cfv3Suruq7JdrT07Ysi7ZqasB38=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodalt.der b/certs/test/server-goodalt.der
index e5ffb53dd..97523dca1 100644
Binary files a/certs/test/server-goodalt.der and b/certs/test/server-goodalt.der differ
diff --git a/certs/test/server-goodalt.pem b/certs/test/server-goodalt.pem
index e9a84e872..0301b2c72 100644
--- a/certs/test/server-goodalt.pem
+++ b/certs/test/server-goodalt.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            32:70:6e:5f:3a:4b:a4:f1:68:7f:40:58:7b:f4:de:25:f8:da:7a:cf
+            29:58:d0:14:fc:30:87:e9:92:88:93:69:43:1d:3d:3e:d1:c4:4f:09
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:localhost
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         1a:fb:18:e0:cc:2f:fe:92:34:87:01:35:a1:e3:9f:8b:c5:5a:
-         22:f6:9a:2f:19:08:99:1d:0d:e7:23:84:23:28:dd:ff:13:39:
-         ca:73:1e:e0:c5:22:21:ab:b3:0e:74:a3:e6:c9:7b:a2:50:6c:
-         35:c1:2f:30:eb:90:c5:36:4a:95:3c:43:c5:e4:fc:80:08:ce:
-         69:2a:3f:50:66:8f:81:71:24:61:68:d3:34:69:b8:d7:11:27:
-         b8:53:21:5f:19:6f:cc:66:e4:fd:07:95:7f:e1:d3:d4:91:2b:
-         6f:d0:01:dc:5c:0c:72:10:2b:da:a7:2c:9d:eb:e3:e2:86:84:
-         ab:b5:73:01:00:02:84:29:90:10:c0:13:70:d7:d8:da:da:ac:
-         dc:75:8e:a8:ef:a3:c4:cf:aa:c2:83:66:8f:f9:0d:23:0d:9a:
-         1b:b2:d3:04:3d:91:1e:f1:9a:5f:15:85:94:af:89:8b:d7:6d:
-         cf:f8:06:e1:e8:30:b6:ef:6d:fc:33:19:a1:91:af:fc:f3:bf:
-         0d:ae:97:ec:c3:ea:1e:17:76:3b:e4:57:c1:bd:27:16:58:03:
-         95:02:6f:c8:fa:7e:0b:7b:a8:d4:e7:38:11:b3:a8:6f:ce:6e:
-         6f:9f:68:c2:c6:93:06:00:49:0a:76:43:2c:8d:b0:49:9f:02:
-         fb:e2:6a:39
+    Signature Value:
+        3a:11:87:c4:39:d0:6b:90:68:03:07:14:9a:dd:4c:ec:2d:01:
+        d6:95:86:f9:75:43:66:9c:49:db:b9:a9:c0:79:fd:da:0d:d7:
+        fd:1e:a9:04:88:d8:b3:c3:45:c5:2b:1a:9f:e2:89:af:77:44:
+        ae:6e:e8:b4:1d:70:f6:16:f6:cf:fa:47:f5:b8:38:d2:60:b3:
+        e6:7f:62:27:cf:0b:ff:16:f2:27:7b:1d:d1:56:e3:f2:1f:21:
+        35:58:49:3a:a8:3b:d8:e6:db:39:e2:52:d5:39:1e:f2:31:23:
+        da:fe:34:af:98:fe:d5:2e:d6:a6:0a:4d:cc:48:60:bd:a0:1e:
+        c9:13:08:f6:0f:f5:fc:9d:00:09:e0:64:a8:af:1b:8f:0c:3f:
+        b5:17:be:68:47:65:81:8e:68:a6:ac:f8:ea:fa:bd:01:e2:f7:
+        54:d3:00:7e:a1:3b:ee:cb:d4:3f:42:8f:ef:85:a8:46:92:15:
+        da:0d:02:54:fa:c4:86:ef:80:be:29:d1:d5:a2:43:f8:79:a9:
+        53:f2:01:74:f6:31:80:85:61:a1:2c:98:da:7b:d5:3f:42:53:
+        55:d5:fd:c7:be:8f:57:78:db:dc:8b:e6:78:92:40:e9:33:53:
+        bc:3d:e7:4f:64:ec:32:c0:bf:12:d6:34:e3:94:1f:a7:6b:b2:
+        52:5b:56:27
 -----BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIUMnBuXzpLpPFof0BYe/TeJfjaes8wDQYJKoZIhvcNAQEL
+MIIDyzCCArOgAwIBAgIUKVjQFPwwh+mSiJNpQx09PtHETwkwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABoxgwFjAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJ
-KoZIhvcNAQELBQADggEBABr7GODML/6SNIcBNaHjn4vFWiL2mi8ZCJkdDecjhCMo
-3f8TOcpzHuDFIiGrsw50o+bJe6JQbDXBLzDrkMU2SpU8Q8Xk/IAIzmkqP1Bmj4Fx
-JGFo0zRpuNcRJ7hTIV8Zb8xm5P0HlX/h09SRK2/QAdxcDHIQK9qnLJ3r4+KGhKu1
-cwEAAoQpkBDAE3DX2NrarNx1jqjvo8TPqsKDZo/5DSMNmhuy0wQ9kR7xml8VhZSv
-iYvXbc/4BuHoMLbvbfwzGaGRr/zzvw2ul+zD6h4XdjvkV8G9JxZYA5UCb8j6fgt7
-qNTnOBGzqG/Obm+faMLGkwYASQp2QyyNsEmfAvviajk=
+4eZhg8XSlt/Z0E+t1wIDAQABozcwNTAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYD
+VR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUAA4IBAQA6
+EYfEOdBrkGgDBxSa3UzsLQHWlYb5dUNmnEnbuanAef3aDdf9HqkEiNizw0XFKxqf
+4omvd0Subui0HXD2FvbP+kf1uDjSYLPmf2Inzwv/FvInex3RVuPyHyE1WEk6qDvY
+5ts54lLVOR7yMSPa/jSvmP7VLtamCk3MSGC9oB7JEwj2D/X8nQAJ4GSorxuPDD+1
+F75oR2WBjmimrPjq+r0B4vdU0wB+oTvuy9Q/Qo/vhahGkhXaDQJU+sSG74C+KdHV
+okP4ealT8gF09jGAhWGhLJjae9U/QlNV1f3Hvo9XeNvci+Z4kkDpM1O8PedPZOwy
+wL8S1jTjlB+na7JSW1Yn
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der
index 64290e698..bf69fe555 100644
Binary files a/certs/test/server-goodaltwild.der and b/certs/test/server-goodaltwild.der differ
diff --git a/certs/test/server-goodaltwild.pem b/certs/test/server-goodaltwild.pem
index 2d3b41346..0bcd15c82 100644
--- a/certs/test/server-goodaltwild.pem
+++ b/certs/test/server-goodaltwild.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            4c:d4:49:58:80:7d:50:06:e0:9e:5c:a6:4a:e1:90:26:53:59:90:89
+            55:6f:ba:c1:27:17:d6:05:e5:7e:2b:64:44:77:37:6c:43:27:53:1c
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:*localhost
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         4d:31:3b:e4:6f:26:b4:33:2f:1a:10:12:34:f8:97:47:79:05:
-         74:51:97:1c:22:96:89:b9:b3:63:af:e4:d4:eb:9f:97:e7:b3:
-         8f:eb:52:0a:94:39:de:2f:df:4c:9c:15:0b:c0:91:b9:68:95:
-         58:a1:78:82:82:4d:e7:81:c4:45:1a:94:d9:16:40:46:27:f3:
-         33:08:8c:dd:c0:93:f4:2c:0e:1b:26:d5:fd:2f:8d:39:6f:63:
-         63:be:3d:96:c4:3d:d7:25:1b:56:11:53:4e:c2:3c:fb:cb:ed:
-         73:ab:87:c5:5f:5b:a6:47:4b:da:7e:84:30:ff:90:0b:b1:d0:
-         15:e8:39:3d:0f:4f:de:a9:60:15:e3:44:c4:46:ee:c7:52:ff:
-         ee:23:1d:8c:73:53:87:e9:94:82:60:9b:ca:b8:b4:41:5f:3b:
-         bd:36:03:54:b2:bf:42:69:bd:49:b7:0f:26:16:ec:03:2c:b9:
-         0c:38:15:20:c5:b6:9a:18:f1:30:7e:4a:11:7f:da:44:54:de:
-         1e:0d:d1:e5:c9:46:0c:1b:50:6a:4d:61:89:58:61:46:40:2a:
-         fe:18:9d:64:90:ea:32:61:85:92:5a:3e:41:43:83:4d:ec:f4:
-         98:15:95:f0:79:55:7f:81:59:31:2b:80:a8:ea:60:5c:78:04:
-         3d:42:d0:51
+    Signature Value:
+        40:87:46:bf:1e:07:d3:d6:b2:aa:e1:57:60:18:63:cd:98:d0:
+        12:81:55:c7:87:62:d4:f8:6d:49:a4:b2:8d:25:5a:7b:10:47:
+        1a:21:72:59:fe:47:b8:7e:e2:24:e8:a4:42:e0:30:06:f3:9d:
+        aa:47:c5:a2:48:71:30:3b:f8:99:f7:fc:bb:5d:44:59:81:da:
+        b9:bb:3c:d3:9c:e5:d7:2d:59:35:2a:0a:48:5f:12:a7:ec:bc:
+        0f:34:43:7b:76:eb:1e:c8:25:0a:84:74:da:4a:dc:8b:52:34:
+        56:ab:2f:c1:f3:bd:3e:71:94:a5:3c:61:79:1f:5b:28:cd:66:
+        3b:d4:e9:82:eb:e5:55:65:eb:44:2b:54:35:d9:1d:6c:d5:c4:
+        1d:bf:a7:e0:6f:4b:b9:14:d5:b1:80:82:d6:9e:da:49:e8:7f:
+        d1:08:8f:ea:ec:e1:ba:cb:4f:1d:e0:4e:31:39:34:0d:98:62:
+        c4:a8:93:28:4a:76:9e:70:c9:43:cd:93:21:ae:38:9e:81:1a:
+        aa:0d:91:cc:3a:39:7e:ce:12:6b:7c:4d:6c:26:9a:1a:cb:68:
+        af:e4:06:be:8d:36:cc:37:19:0a:67:77:1c:13:c0:42:d6:24:
+        52:e3:8e:2c:94:01:f2:54:11:21:8c:1a:08:18:a8:07:8c:73:
+        26:53:05:09
 -----BEGIN CERTIFICATE-----
-MIIDrTCCApWgAwIBAgIUTNRJWIB9UAbgnlymSuGQJlNZkIkwDQYJKoZIhvcNAQEL
+MIIDzDCCArSgAwIBAgIUVW+6wScX1gXlfitkRHc3bEMnUxwwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABoxkwFzAVBgNVHREEDjAMggoqbG9jYWxob3N0MA0G
-CSqGSIb3DQEBCwUAA4IBAQBNMTvkbya0My8aEBI0+JdHeQV0UZccIpaJubNjr+TU
-65+X57OP61IKlDneL99MnBULwJG5aJVYoXiCgk3ngcRFGpTZFkBGJ/MzCIzdwJP0
-LA4bJtX9L405b2Njvj2WxD3XJRtWEVNOwjz7y+1zq4fFX1umR0vafoQw/5ALsdAV
-6Dk9D0/eqWAV40TERu7HUv/uIx2Mc1OH6ZSCYJvKuLRBXzu9NgNUsr9Cab1Jtw8m
-FuwDLLkMOBUgxbaaGPEwfkoRf9pEVN4eDdHlyUYMG1BqTWGJWGFGQCr+GJ1kkOoy
-YYWSWj5BQ4NN7PSYFZXweVV/gVkxK4Co6mBceAQ9QtBR
+4eZhg8XSlt/Z0E+t1wIDAQABozgwNjAVBgNVHREEDjAMggoqbG9jYWxob3N0MB0G
+A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDANBgkqhkiG9w0BAQsFAAOCAQEA
+QIdGvx4H09ayquFXYBhjzZjQEoFVx4di1PhtSaSyjSVaexBHGiFyWf5HuH7iJOik
+QuAwBvOdqkfFokhxMDv4mff8u11EWYHaubs805zl1y1ZNSoKSF8Sp+y8DzRDe3br
+HsglCoR02krci1I0VqsvwfO9PnGUpTxheR9bKM1mO9TpguvlVWXrRCtUNdkdbNXE
+Hb+n4G9LuRTVsYCC1p7aSeh/0QiP6uzhustPHeBOMTk0DZhixKiTKEp2nnDJQ82T
+Ia44noEaqg2RzDo5fs4Sa3xNbCaaGstor+QGvo02zDcZCmd3HBPAQtYkUuOOLJQB
+8lQRIYwaCBioB4xzJlMFCQ==
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodcn.der b/certs/test/server-goodcn.der
index ff652b1e7..4986c8bf6 100644
Binary files a/certs/test/server-goodcn.der and b/certs/test/server-goodcn.der differ
diff --git a/certs/test/server-goodcn.pem b/certs/test/server-goodcn.pem
index d449306bd..a28127443 100644
--- a/certs/test/server-goodcn.pem
+++ b/certs/test/server-goodcn.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7c:c0:69:44:bd:22:dd:2c:29:c1:55:88:f4:14:63:f5:ac:07:6d:c5
+            20:e4:76:1c:be:16:94:8a:8c:e8:34:37:a5:1b:37:c9:f9:42:c9:30
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,28 +32,32 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         49:ff:59:9d:20:42:36:a3:d1:3d:5d:c1:37:24:42:22:9d:8a:
-         f9:61:98:45:0b:0d:9d:f7:1a:30:0b:54:9a:65:e7:e4:68:84:
-         59:c1:28:43:8f:59:08:43:83:4e:95:9c:0d:91:43:53:6a:19:
-         cc:f1:d0:af:74:5a:12:34:8e:0c:18:21:83:ad:4f:a9:a5:fe:
-         df:af:9d:96:22:1b:21:0d:fd:99:6f:58:0c:cb:4a:e6:7f:32:
-         df:d5:10:b2:70:f0:4d:49:6e:1f:64:82:58:27:a8:58:c9:9b:
-         f1:de:30:b6:bd:8b:a6:23:3c:58:a5:d9:f5:74:b2:c1:96:b3:
-         6b:56:d5:45:47:3d:ba:f9:0e:ba:59:73:43:31:cc:2a:2c:bd:
-         87:01:f9:f0:bc:6e:f2:6e:20:a3:07:ca:f7:43:e7:1b:35:85:
-         bc:f7:84:1e:ff:33:21:74:19:45:85:b4:81:77:64:41:1b:02:
-         c9:e3:a4:39:48:62:8d:fd:1b:96:6f:64:dc:e9:75:a5:74:c3:
-         a5:3c:55:87:0d:cd:4c:ec:f5:9a:e9:9f:a3:0b:a4:80:ef:c7:
-         58:4b:f4:60:b7:5a:4c:dc:93:10:79:43:c3:ac:1b:b1:6d:d8:
-         8f:b6:f5:db:82:0d:6e:58:38:9d:23:97:41:7d:39:cd:9c:89:
-         7d:64:bc:4f
+    Signature Value:
+        66:a2:01:32:ef:f2:60:53:90:50:4e:11:cf:80:0c:66:32:fc:
+        f2:16:d1:26:15:57:fe:43:2f:ee:f4:ab:05:cd:db:b7:b7:f7:
+        9d:b4:11:b3:4a:b5:4f:bf:01:ba:3d:89:05:7c:2e:42:66:fd:
+        a9:c9:e8:9d:9a:85:95:7e:1f:35:41:eb:45:d3:ea:de:a3:1c:
+        eb:36:ad:3e:c9:a0:1c:31:c3:e3:f5:4c:bc:a7:7e:04:52:70:
+        e7:89:dd:a3:fc:32:a2:7b:26:b9:ea:2b:9e:06:9d:a7:6d:1f:
+        1d:52:e9:11:3f:a1:1d:87:1e:82:17:eb:05:78:e5:70:f3:23:
+        3f:15:73:12:31:cd:11:b3:b1:fa:2b:7c:6b:5d:2d:04:6c:5f:
+        28:9c:39:ba:50:0e:8a:ec:4b:2b:11:fb:09:e8:c6:05:5c:b4:
+        45:7a:e5:52:78:fe:c0:c3:57:c1:df:ce:a8:9b:86:d5:c6:6a:
+        61:c6:36:7a:50:3d:7e:b9:3e:e6:6e:40:6e:d9:08:65:ef:88:
+        11:bc:37:f2:cb:5f:04:ec:9e:c8:4c:48:2f:26:6c:1c:e4:e0:
+        b6:a8:63:b7:42:4c:81:2e:f0:3d:d8:a0:e1:6c:16:3e:40:4b:
+        ec:1b:43:9d:99:c8:36:99:cd:d7:1c:6d:c7:98:88:ce:05:b6:
+        93:de:19:d1
 -----BEGIN CERTIFICATE-----
-MIIDhDCCAmygAwIBAgIUfMBpRL0i3SwpwVWI9BRj9awHbcUwDQYJKoZIhvcNAQEL
+MIIDpzCCAo+gAwIBAgIUIOR2HL4WlIqM6DQ3pRs3yflCyTAwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5
-WhcNMjYwOTA4MjIxOTI5WjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjMxMTIz
+WhcNMjcwOTE0MjMxMTIzWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
 YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV
 BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG
@@ -62,10 +66,11 @@ e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/
 C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM
 vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3
 uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC
-AwEAATANBgkqhkiG9w0BAQsFAAOCAQEASf9ZnSBCNqPRPV3BNyRCIp2K+WGYRQsN
-nfcaMAtUmmXn5GiEWcEoQ49ZCEODTpWcDZFDU2oZzPHQr3RaEjSODBghg61PqaX+
-36+dliIbIQ39mW9YDMtK5n8y39UQsnDwTUluH2SCWCeoWMmb8d4wtr2LpiM8WKXZ
-9XSywZaza1bVRUc9uvkOullzQzHMKiy9hwH58Lxu8m4gowfK90PnGzWFvPeEHv8z
-IXQZRYW0gXdkQRsCyeOkOUhijf0blm9k3Ol1pXTDpTxVhw3NTOz1mumfowukgO/H
-WEv0YLdaTNyTEHlDw6wbsW3Yj7b124INblg4nSOXQX05zZyJfWS8Tw==
+AwEAAaMhMB8wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3
+DQEBCwUAA4IBAQBmogEy7/JgU5BQThHPgAxmMvzyFtEmFVf+Qy/u9KsFzdu3t/ed
+tBGzSrVPvwG6PYkFfC5CZv2pyeidmoWVfh81QetF0+reoxzrNq0+yaAcMcPj9Uy8
+p34EUnDnid2j/DKieya56iueBp2nbR8dUukRP6Edhx6CF+sFeOVw8yM/FXMSMc0R
+s7H6K3xrXS0EbF8onDm6UA6K7EsrEfsJ6MYFXLRFeuVSeP7Aw1fB386om4bVxmph
+xjZ6UD1+uT7mbkBu2Qhl74gRvDfyy18E7J7ITEgvJmwc5OC2qGO3QkyBLvA92KDh
+bBY+QEvsG0Odmcg2mc3XHG3HmIjOBbaT3hnR
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodcnwild.der b/certs/test/server-goodcnwild.der
index c91430739..64122b2cc 100644
Binary files a/certs/test/server-goodcnwild.der and b/certs/test/server-goodcnwild.der differ
diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem
index 256cf26fc..35b68c1e9 100644
--- a/certs/test/server-goodcnwild.pem
+++ b/certs/test/server-goodcnwild.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2e:f2:01:15:bc:ba:a6:74:6e:b4:49:8e:f3:09:8c:9c:ca:3e:fe:32
+            57:58:1d:6f:ff:69:c2:43:43:a6:f2:d9:11:c3:8f:71:7f:f6:c3:ee
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,28 +32,32 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         96:b2:8f:e5:31:57:57:6a:f2:48:1e:97:9a:71:75:10:22:a1:
-         38:2c:9e:4f:d7:2f:7c:5d:e7:9f:19:8f:9c:00:b3:74:7e:10:
-         69:7b:a5:71:2f:36:a2:79:02:51:4d:bb:e1:78:01:77:f6:13:
-         85:84:46:ac:96:88:5b:47:4d:dd:d2:fd:5e:e4:49:3a:64:0b:
-         67:af:95:3e:bf:40:4d:0f:a0:28:61:37:6b:41:b9:ad:dc:8c:
-         f4:0c:8b:b5:49:20:19:e2:7f:0b:63:e5:fc:06:6d:16:4f:ba:
-         b6:1a:3c:d4:4f:b3:a4:bd:c0:96:f5:a8:7f:01:85:a3:4a:ab:
-         c3:73:77:68:55:1b:26:84:60:2f:72:af:d1:c4:55:4a:a8:3d:
-         ce:fc:3e:b3:55:37:aa:df:0f:07:6c:5f:2b:0f:05:7f:bc:df:
-         62:b3:68:f5:c2:0c:48:f8:b6:41:c5:e0:ac:7d:a4:50:f2:bc:
-         61:0a:1c:5b:c5:b8:31:b1:ea:95:3f:6a:23:88:b3:74:7b:9f:
-         1d:7c:11:23:f3:89:8b:71:a5:fa:e6:39:2c:10:af:8e:e9:8e:
-         c6:25:ca:76:db:d9:95:40:e5:15:f3:67:d6:67:3b:9e:42:9e:
-         ec:c2:cb:3a:c1:f8:bc:eb:b5:24:6d:ef:f6:00:ba:70:75:a4:
-         32:7d:d0:33
+    Signature Value:
+        b6:7f:c6:0e:d0:6c:f9:0e:df:5d:71:ca:0c:fe:23:6b:14:f2:
+        0e:c1:c2:60:17:cb:c9:f4:0e:39:52:b9:8d:71:71:b1:d9:2d:
+        cb:0c:af:17:64:27:63:10:4f:25:96:bc:4e:ec:67:4a:bf:01:
+        8a:d7:bd:60:49:f4:41:74:c2:48:3e:ef:4a:2c:e9:c0:bb:5f:
+        2b:38:2e:24:b7:40:f0:be:5c:57:23:bf:46:12:a8:47:78:0d:
+        2f:76:fc:9d:3b:e3:93:40:25:18:2b:64:df:13:f1:db:26:72:
+        3d:8c:c4:b8:e9:dc:60:fc:3a:48:de:58:80:c9:8a:0d:a8:14:
+        b2:81:5e:00:b5:a6:0e:a2:c8:06:4e:d5:0a:3b:37:6b:64:d8:
+        77:2b:09:0a:44:f4:bd:c8:51:78:29:6d:e1:5d:ae:a3:04:44:
+        45:dc:d5:ea:2f:f4:18:46:a0:27:89:cc:4e:68:e0:d5:d4:d9:
+        b0:d4:b1:68:fb:dd:d7:9e:9b:2a:3b:08:cf:d3:bc:f4:b9:9c:
+        75:3c:70:7c:25:6c:b1:fa:b0:8c:6f:bd:cc:e8:ff:a3:e2:4a:
+        f5:d8:b5:3f:b9:ee:72:2a:0c:03:6f:ec:dc:e3:dc:65:85:d0:
+        8b:4f:b5:b9:cf:40:87:27:9b:7d:2a:b9:4e:16:31:16:7f:69:
+        21:e3:ad:f4
 -----BEGIN CERTIFICATE-----
-MIIDhjCCAm6gAwIBAgIULvIBFby6pnRutEmO8wmMnMo+/jIwDQYJKoZIhvcNAQEL
+MIIDqTCCApGgAwIBAgIUV1gdb/9pwkNDpvLZEcOPcX/2w+4wDQYJKoZIhvcNAQEL
 BQAwfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRMwEQYDVQQDDAoqbG9jYWxob3N0
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTky
-OVoXDTI2MDkwODIyMTkyOVowfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIzMTEy
+M1oXDTI3MDkxNDIzMTEyM1owfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRMwEQYD
 VQQDDAoqbG9jYWxob3N0MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB
@@ -62,10 +66,11 @@ yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF
 9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1m
 UQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOV
 oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t
-1wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWso/lMVdXavJIHpeacXUQIqE4LJ5P
-1y98XeefGY+cALN0fhBpe6VxLzaieQJRTbvheAF39hOFhEaslohbR03d0v1e5Ek6
-ZAtnr5U+v0BND6AoYTdrQbmt3Iz0DIu1SSAZ4n8LY+X8Bm0WT7q2GjzUT7OkvcCW
-9ah/AYWjSqvDc3doVRsmhGAvcq/RxFVKqD3O/D6zVTeq3w8HbF8rDwV/vN9is2j1
-wgxI+LZBxeCsfaRQ8rxhChxbxbgxseqVP2ojiLN0e58dfBEj84mLcaX65jksEK+O
-6Y7GJcp229mVQOUV82fWZzueQp7swss6wfi867Ukbe/2ALpwdaQyfdAz
+1wIDAQABoyEwHzAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZI
+hvcNAQELBQADggEBALZ/xg7QbPkO311xygz+I2sU8g7BwmAXy8n0DjlSuY1xcbHZ
+LcsMrxdkJ2MQTyWWvE7sZ0q/AYrXvWBJ9EF0wkg+70os6cC7Xys4LiS3QPC+XFcj
+v0YSqEd4DS92/J0745NAJRgrZN8T8dsmcj2MxLjp3GD8OkjeWIDJig2oFLKBXgC1
+pg6iyAZO1Qo7N2tk2HcrCQpE9L3IUXgpbeFdrqMEREXc1eov9BhGoCeJzE5o4NXU
+2bDUsWj73deemyo7CM/TvPS5nHU8cHwlbLH6sIxvvczo/6PiSvXYtT+57nIqDANv
+7Nzj3GWF0ItPtbnPQIcnm30quU4WMRZ/aSHjrfQ=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-localhost.der b/certs/test/server-localhost.der
index 2ed23e20b..5384ee9c8 100644
Binary files a/certs/test/server-localhost.der and b/certs/test/server-localhost.der differ
diff --git a/certs/test/server-localhost.pem b/certs/test/server-localhost.pem
index fc4df2da4..569426d83 100644
--- a/certs/test/server-localhost.pem
+++ b/certs/test/server-localhost.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            32:31:fc:d6:4a:77:2b:3b:c9:07:02:ae:b4:e7:b7:d3:a4:61:56:2b
+            6b:d5:4f:73:be:43:aa:47:d4:ce:30:d4:5b:39:58:1e:05:94:6d:48
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:localhost
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         af:7a:bb:f0:b6:1e:12:8a:60:ec:c8:91:34:a3:d3:80:92:f3:
-         bc:c7:37:e9:96:75:a8:67:a0:94:b9:2a:df:81:02:23:28:6a:
-         72:de:81:03:33:88:1b:60:75:16:77:dc:72:40:3e:d9:d8:ab:
-         6f:3e:99:7a:7c:db:37:13:40:b6:4d:82:47:7c:75:7a:6f:9d:
-         ca:89:54:8c:17:15:9a:80:9a:7c:b5:e3:4b:7e:74:fd:2f:28:
-         98:79:f5:56:96:d6:5c:9c:b4:94:62:32:d2:31:1b:53:5c:71:
-         be:45:37:69:9f:e4:07:87:fa:d7:a7:63:bc:5c:8a:5c:71:9c:
-         31:25:d8:93:ae:cf:db:98:50:e5:52:58:de:44:f7:4f:7e:4a:
-         a9:9c:ac:0a:84:03:ba:c4:46:e4:83:00:e6:dd:a5:33:43:e9:
-         5d:ea:fc:89:85:10:57:d0:0e:5e:43:13:72:60:ec:bb:5c:e9:
-         c3:ca:52:2d:06:e6:5b:d5:fd:e9:30:e0:da:80:78:b2:a1:a7:
-         84:ed:c0:e4:f9:f7:6d:94:a5:aa:6b:84:b1:7e:85:45:12:4c:
-         8d:52:91:5d:d1:e6:d7:32:0a:97:22:59:80:db:9d:de:68:90:
-         bd:a7:d0:9c:11:60:86:8c:89:8a:e1:19:75:09:e8:78:bb:23:
-         47:68:23:3c
+    Signature Value:
+        5b:8e:ee:b0:95:5c:91:e1:60:2f:ad:7e:c4:57:50:5f:32:4c:
+        77:3c:2f:db:a2:ad:75:15:02:e1:3f:10:d5:3f:8c:4f:47:91:
+        5c:3e:dd:98:15:52:a9:bf:57:65:f6:2a:40:64:07:89:4a:38:
+        10:fd:54:e8:70:32:bd:f0:fe:cf:82:67:f4:4b:b5:18:aa:95:
+        c8:2f:8f:75:7a:33:dc:9f:5e:82:5e:38:eb:2b:45:1d:95:ea:
+        62:74:56:b4:ce:a2:eb:90:c3:42:6c:31:4e:30:d7:d1:3c:85:
+        81:1b:82:f0:58:0e:be:55:da:ab:2c:69:4d:6f:e5:8d:af:fe:
+        7d:ad:a9:62:a2:b5:ab:29:a7:f7:0c:78:12:ed:a3:db:32:99:
+        41:90:11:4e:ee:97:99:0a:b6:89:19:c7:dd:1c:98:bf:d4:c4:
+        8a:6b:0b:52:8a:0a:e9:c5:96:be:cc:95:9c:78:27:b8:5b:41:
+        d8:05:47:0c:99:49:21:b0:26:76:6f:bc:7b:a0:b3:75:77:05:
+        95:a5:4a:28:4a:8e:f6:4a:07:6b:f9:26:a3:4f:f2:9e:de:af:
+        52:3e:36:30:57:f8:13:6b:66:a9:20:26:55:d1:e4:62:54:0c:
+        dd:a7:7d:4a:66:5f:af:53:98:53:c6:72:57:4c:15:5f:c4:08:
+        3c:ed:1d:30
 -----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIUMjH81kp3KzvJBwKutOe306RhViswDQYJKoZIhvcNAQEL
+MIIDvTCCAqWgAwIBAgIUa9VPc75DqkfUzjDUWzlYHgWUbUgwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5
-WhcNMjYwOTA4MjIxOTI5WjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjMxMTIz
+WhcNMjcwOTE0MjMxMTIzWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
 YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV
 BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG
@@ -65,11 +68,12 @@ e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/
 C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM
 vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3
 uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC
-AwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IB
-AQCvervwth4SimDsyJE0o9OAkvO8xzfplnWoZ6CUuSrfgQIjKGpy3oEDM4gbYHUW
-d9xyQD7Z2KtvPpl6fNs3E0C2TYJHfHV6b53KiVSMFxWagJp8teNLfnT9LyiYefVW
-ltZcnLSUYjLSMRtTXHG+RTdpn+QHh/rXp2O8XIpccZwxJdiTrs/bmFDlUljeRPdP
-fkqpnKwKhAO6xEbkgwDm3aUzQ+ld6vyJhRBX0A5eQxNyYOy7XOnDylItBuZb1f3p
-MODagHiyoaeE7cDk+fdtlKWqa4SxfoVFEkyNUpFd0ebXMgqXIlmA253eaJC9p9Cc
-EWCGjImK4Rl1Ceh4uyNHaCM8
+AwEAAaM3MDUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBSzETLJkpiE
+4sn40DtuA0LKHw6OPDANBgkqhkiG9w0BAQsFAAOCAQEAW47usJVckeFgL61+xFdQ
+XzJMdzwv26KtdRUC4T8Q1T+MT0eRXD7dmBVSqb9XZfYqQGQHiUo4EP1U6HAyvfD+
+z4Jn9Eu1GKqVyC+PdXoz3J9egl446ytFHZXqYnRWtM6i65DDQmwxTjDX0TyFgRuC
+8FgOvlXaqyxpTW/lja/+fa2pYqK1qymn9wx4Eu2j2zKZQZARTu6XmQq2iRnH3RyY
+v9TEimsLUooK6cWWvsyVnHgnuFtB2AVHDJlJIbAmdm+8e6CzdXcFlaVKKEqO9koH
+a/kmo0/ynt6vUj42MFf4E2tmqSAmVdHkYlQM3ad9SmZfr1OYU8ZyV0wVX8QIPO0d
+MA==
 -----END CERTIFICATE-----
diff --git a/cmake/Config.cmake.in b/cmake/Config.cmake.in
index 19d60ed7e..3b8098b6b 100644
--- a/cmake/Config.cmake.in
+++ b/cmake/Config.cmake.in
@@ -1,3 +1,9 @@
-@PACKAGE_INIT@
-
-include ( "${CMAKE_CURRENT_LIST_DIR}/wolfssl-targets.cmake" )
+@PACKAGE_INIT@
+
+include(CMakeFindDependencyMacro)
+if (@HAVE_PTHREAD@)
+  find_dependency(Threads)
+endif()
+
+
+include ( "${CMAKE_CURRENT_LIST_DIR}/wolfssl-targets.cmake" )
diff --git a/cmake/README.md b/cmake/README.md
index f3d9a5269..04b3bf386 100644
--- a/cmake/README.md
+++ b/cmake/README.md
@@ -4,4 +4,4 @@ This directory contains some supplementary functions for the [CMakeLists.txt](..
 
 See also cmake notes in the [INSTALL](../INSTALL) documentation file.
 
-
+If new CMake build options are added `cmake/options.h.in` must also be updated.
diff --git a/cmake/config.in b/cmake/config.in
index 4082325b5..f2524e41e 100644
--- a/cmake/config.in
+++ b/cmake/config.in
@@ -1,6 +1,12 @@
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #cmakedefine HAVE_ARPA_INET_H @HAVE_ARPA_INET_H@
 
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#cmakedefine HAVE_SYS_IOCTL_H @HAVE_SYS_IOCTL_H@
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#cmakedefine HAVE_NETDB_H @HAVE_NETDB_H@
+
 /* Define to 1 if you have the <sys/socket.h> header file. */
 #cmakedefine HAVE_SYS_SOCKET_H @HAVE_SYS_SOCKET_H@
 
@@ -40,6 +46,9 @@
 /* Define to 1 if the system has the type `__uint128_t'. */
 #cmakedefine HAVE___UINT128_T @HAVE___UINT128_T@
 
+/* Define to 1 if the system has the type `uintptr_t'. */
+#cmakedefine HAVE_UINTPTR_T @HAVE_UINTPTR_T@
+
 /* Define to the full name of this package. */
 #define PACKAGE_NAME "@CMAKE_PROJECT_NAME@"
 
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index 6b5b9a7f9..c36219400 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -1,7 +1,7 @@
 function(override_cache VAR VAL)
     get_property(VAR_STRINGS CACHE ${VAR} PROPERTY STRINGS)
     LIST(FIND VAR_STRINGS ${VAL} CK)
-    if(-1 EQUAL ${CK})
+    if(-1 EQUAL ${CK} AND DEFINED VAR_STRINGS)
         message(SEND_ERROR
             "\"${VAL}\" is not valid override value for \"${VAR}\"."
             " Please select value from \"${VAR_STRINGS}\"\n")
@@ -10,10 +10,15 @@ function(override_cache VAR VAL)
 endfunction()
 
 function(add_option NAME HELP_STRING DEFAULT VALUES)
-    # Set the default value for the option.
-    set(${NAME} ${DEFAULT} CACHE STRING ${HELP_STRING})
-    # Set the list of allowed values for the option.
-    set_property(CACHE ${NAME} PROPERTY STRINGS ${VALUES})
+    if(VALUES STREQUAL "yes;no")
+        # Set the default value for the option.
+        set(${NAME} ${DEFAULT} CACHE BOOL ${HELP_STRING})
+    else()
+        # Set the default value for the option.
+        set(${NAME} ${DEFAULT} CACHE STRING ${HELP_STRING})
+        # Set the list of allowed values for the option.
+        set_property(CACHE ${NAME} PROPERTY STRINGS ${VALUES})
+    endif()
 
     if(DEFINED ${NAME})
         list(FIND VALUES ${${NAME}} IDX)
@@ -73,10 +78,10 @@ function(generate_build_flags)
     if(WOLFSSL_AESCCM OR WOLFSSL_USER_SETTINGS)
         set(BUILD_AESCCM "yes" PARENT_SCOPE)
     endif()
-    set(BUILD_ARM_ASM ${WOLFSSL_ARM_ASM} PARENT_SCOPE)
+    set(BUILD_ARMASM ${WOLFSSL_ARM_ASM} PARENT_SCOPE)
     set(BUILD_XILINX ${WOLFSSL_XILINX} PARENT_SCOPE)
     set(BUILD_AESNI ${WOLFSSL_AESNI} PARENT_SCOPE)
-    set(BUILD_INTEL_ASM ${WOLFSSL_INTEL_ASM} PARENT_SCOPE)
+    set(BUILD_INTELASM ${WOLFSSL_INTEL_ASM} PARENT_SCOPE)
     set(BUILD_AFALG ${WOLFSSL_AFALG} PARENT_SCOPE)
     set(BUILD_DEVCRYPTO ${WOLFSSL_DEVCRYPTO} PARENT_SCOPE)
     if(WOLFSSL_CAMELLIA OR WOLFSSL_USER_SETTINGS)
@@ -193,11 +198,21 @@ function(generate_build_flags)
     if(WOLFSSL_XCHACHA OR WOLFSSL_USER_SETTINGS)
         set(BUILD_XCHACHA "yes" PARENT_SCOPE)
     endif()
+    if(WOLFSSL_KYBER OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_KYBER "yes" PARENT_SCOPE)
+    endif()
     if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
         set(BUILD_SPHINCS "yes" PARENT_SCOPE)
         set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
         set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
+        set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
+    endif()
+    if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_LMS "yes" PARENT_SCOPE)
+    endif()
+    if(WOLFSSL_XMSS OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_XMSS "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS)
         message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA")
@@ -217,8 +232,6 @@ function(generate_build_flags)
         set(BUILD_CRL_MONITOR "yes" PARENT_SCOPE)
     endif()
     set(BUILD_QUIC ${WOLFSSL_QUIC} PARENT_SCOPE)
-    set(BUILD_USER_RSA ${WOLFSSL_USER_RSA} PARENT_SCOPE)
-    set(BUILD_USER_CRYPTO ${WOLFSSL_USER_CRYPTO} PARENT_SCOPE)
     set(BUILD_WNR ${WOLFSSL_WNR} PARENT_SCOPE)
     if(WOLFSSL_SRP OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SRP "yes" PARENT_SCOPE)
@@ -247,7 +260,7 @@ function(generate_build_flags)
     endif()
     set(BUILD_EXAMPLE_CLIENTS ${WOLFSSL_EXAMPLES} PARENT_SCOPE)
     set(BUILD_TESTS ${WOLFSSL_EXAMPLES} PARENT_SCOPE)
-    if(NOT WOLFSSL_SINGLETHREADED AND WOLFSSL_EXAMPLES AND NOT WOLFSSL_LEAN_TLS)
+    if(NOT WOLFSSL_SINGLE_THREADED AND WOLFSSL_EXAMPLES AND NOT WOLFSSL_LEAN_TLS)
         set(BUILD_THREADED_EXAMPLES "yes" PARENT_SCOPE)
     endif()
     set(BUILD_WOLFCRYPT_TESTS ${WOLFSSL_CRYPT_TESTS} PARENT_SCOPE)
@@ -281,13 +294,12 @@ function(generate_build_flags)
     if(WOLFSSL_SP_ARM_CORTEX_ASM OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SP_ARM_CORTEX "yes" PARENT_SCOPE)
     endif()
-    if(WOLFSSL_SP_X86_64_ASM OR WOLFSSL_USER_SETTINGS)
+    if(WOLFSSL_X86_64_BUILD AND (WOLFSSL_SP_X86_64_ASM OR WOLFSSL_USER_SETTINGS))
         set(BUILD_SP_X86_64 "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_SP_MATH OR WOLFSSL_SP_MATH_ALL OR WOLFSSL_USER_SETTINGS)
         set(BUILD_SP_INT "yes" PARENT_SCOPE)
     endif()
-    set(BUILD_FAST_RSA ${WOLFSSL_FAST_RSA} PARENT_SCOPE)
     set(BUILD_MCAPI ${WOLFSSL_MCAPI} PARENT_SCOPE)
     set(BUILD_ASYNCCRYPT ${WOLFSSL_ASYNCCRYPT} PARENT_SCOPE)
     set(BUILD_WOLFEVENT ${WOLFSSL_ASYNCCRYPT} PARENT_SCOPE)
@@ -393,6 +405,10 @@ function(generate_lib_src_list LIB_SOURCES)
 
               if(BUILD_SHA3)
                    list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+
+                   if(BUILD_INTELASM)
+                        list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+                   endif()
               endif()
 
               if(BUILD_DH)
@@ -493,14 +509,10 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/async.c)
          endif()
 
-         if(NOT BUILD_USER_RSA AND BUILD_RSA)
-              if(BUILD_FAST_RSA)
-                   list(APPEND LIB_SOURCES wolfcrypt/user-crypto/src/rsa.c)
-              else()
-                   if(NOT BUILD_FIPS_V2)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
-                   endif()
-              endif()
+         if(BUILD_RSA)
+               if(NOT BUILD_FIPS_V2)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
+               endif()
          endif()
 
          if(BUILD_SP)
@@ -511,9 +523,10 @@ function(generate_lib_src_list LIB_SOURCES)
               endif()
 
               if(BUILD_SP_X86_64)
-                   list(APPEND LIB_SOURCES
-                        wolfcrypt/src/sp_x86_64.c
-                        wolfcrypt/src/sp_x86_64_asm.S)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64.c)
+                    if(WOLFSSL_X86_64_BUILD_ASM)
+                         list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64_asm.S)
+                    endif()
               endif()
 
               if(NOT BUILD_FIPS_V2 AND BUILD_SP_ARM32)
@@ -579,6 +592,10 @@ function(generate_lib_src_list LIB_SOURCES)
 
          if(NOT BUILD_FIPS_V2 AND BUILD_SHA3)
               list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+
+              if(BUILD_INTELASM)
+                   list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+              endif()
          endif()
     endif()
 
@@ -587,6 +604,11 @@ function(generate_lib_src_list LIB_SOURCES)
          wolfcrypt/src/wc_port.c
          wolfcrypt/src/error.c)
 
+    if(BUILD_OQS_HELPER)
+        list(APPEND LIB_SOURCES
+            wolfcrypt/src/port/liboqs/liboqs.c)
+    endif()
+
     if(BUILD_ARIA)
         list(APPEND LIB_SOURCES
             wolfcrypt/src/port/aria/aria-crypt.c
@@ -789,10 +811,29 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
          endif()
 
+         if(BUILD_WC_KYBER)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber_poly.c)
+
+              if(BUILD_INTELASM)
+                   list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber_asm.S)
+              endif()
+         endif()
+
          if(BUILD_EXT_KYBER)
               list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c)
          endif()
 
+         if(BUILD_WC_LMS)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c)
+         endif()
+
+         if(BUILD_WC_XMSS)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c)
+         endif()
+
          if(BUILD_LIBZ)
               list(APPEND LIB_SOURCES wolfcrypt/src/compress.c)
          endif()
@@ -913,31 +954,72 @@ function(generate_lib_src_list LIB_SOURCES)
     set(LIB_SOURCES ${LIB_SOURCES} PARENT_SCOPE)
 endfunction()
 
-function(add_to_options_file DEFINITIONS OPTION_FILE)
-    list(REMOVE_DUPLICATES DEFINITIONS)
-    foreach(DEF IN LISTS DEFINITIONS)
-        if(DEF MATCHES "^-D")
-            if(DEF MATCHES "^-D(N)?DEBUG(=.+)?")
-                message("not outputting (N)DEBUG to ${OPTION_FILE}")
-            endif()
+# Function: set_wolfssl_definitions
+#   Parameter: SEARCH_VALUE  The string to search for. (e.g. "WOLFSSL_SHA3")
+#   Returns:   RESULT
+#
+# Searches WOLFSSL_DEFINITIONS for SEARCH_VALUE
+#   Returns RESULT = 1 (true) if the search value is found
+#
+# Ensures setting is only added once and prints status messages.
+#
+# Also sets a parent (global in cmake file) variable by the same name to 1.
+#
+# See also get_wolfssl_definitions() for query-only.
+#
+function(set_wolfssl_definitions SEARCH_VALUE RESULT)
+    if (${SEARCH_VALUE} STREQUAL "")
+        message(FATAL_ERROR "Function set_wolfssl_definitions cannot have blank SEARCH_VALUE")
+    endif()
 
-            # allow user to ignore system options
-            if(DEF MATCHES "^-D_.*")
-                file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS\n")
-            endif()
+    list(FIND WOLFSSL_DEFINITIONS "${SEARCH_VALUE}" pos)
+    string(SUBSTRING "${SEARCH_VALUE}" 0 2 PREFIX_VALUE)
 
-            string(REGEX REPLACE "^-D" "" DEF_NO_PREFIX ${DEF})
-            string(REGEX REPLACE "=.*$" "" DEF_NO_EQUAL_NO_VAL ${DEF_NO_PREFIX})
-            string(REPLACE "=" " " DEF_NO_EQUAL ${DEF_NO_PREFIX})
+    if ("${PREFIX_VALUE}" STREQUAL "-D")
+        message(FATAL_ERROR "Do not specify the -D prefix in set_wolfssl_definitions")
+    endif()
 
-            file(APPEND ${OPTION_FILE} "#undef  ${DEF_NO_EQUAL_NO_VAL}\n")
-            file(APPEND ${OPTION_FILE} "#define ${DEF_NO_EQUAL}\n")
+    if(${pos} EQUAL -1)
+        message(STATUS "${SEARCH_VALUE} not found in WOLFSSL_DEFINITIONS.")
 
-            if(DEF MATCHES "^-D_.*")
-                file(APPEND ${OPTION_FILE} "#endif\n")
-            endif()
+        message(STATUS "Enabling ${SEARCH_VALUE}")
+        list(APPEND WOLFSSL_DEFINITIONS "-D${SEARCH_VALUE}")
+        set(${SEARCH_VALUE} 1 PARENT_SCOPE)
+        # override_cache("${SEARCH_VALUE}" "yes") # Need to check that value is settable
+        set(${RESULT} 1 PARENT_SCOPE)
+        message(STATUS "Enabling ${SEARCH_VALUE} - success")
 
-            file(APPEND ${OPTION_FILE} "\n")
-        endif()
-    endforeach()
+    else()
+        message(STATUS "${SEARCH_VALUE} found in WOLFSSL_DEFINITIONS.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Function: get_wolfssl_definitions
+#   Parameter: SEARCH_VALUE  The string to search for. (e.g. "WOLFSSL_SHA3")
+#   Returns:   RESULT
+#
+# Searches WOLFSSL_DEFINITIONS for SEARCH_VALUE
+#   Returns RESULT = 1 (true) if the search value is found
+#
+# Unlike set_wolfssl_definitions(), this function only queries the WOLFSSL_DEFINITIONS.
+#
+function(get_wolfssl_definitions SEARCH_VALUE RESULT)
+    if (${SEARCH_VALUE} STREQUAL "")
+        message(FATAL_ERROR "Function get_wolfssl_definitions cannot have blank SEARCH_VALUE")
+    endif()
+
+    list(FIND WOLFSSL_DEFINITIONS "${SEARCH_VALUE}" pos)
+    string(SUBSTRING "${SEARCH_VALUE}" 0 2 PREFIX_VALUE)
+
+    if ("${PREFIX_VALUE}" STREQUAL "-D")
+        message(FATAL_ERROR "Do not specify the -D prefix in get_wolfssl_definitions")
+    endif()
+
+
+    if(${pos} EQUAL -1)
+        message(STATUS "${SEARCH_VALUE} not found in WOLFSSL_DEFINITIONS.")
+    else()
+        message(STATUS "${SEARCH_VALUE} found in WOLFSSL_DEFINITIONS.")
+    endif()
 endfunction()
diff --git a/cmake/include.am b/cmake/include.am
index f1af70fcd..b7cd6c791 100644
--- a/cmake/include.am
+++ b/cmake/include.am
@@ -2,5 +2,6 @@ EXTRA_DIST += cmake/README.md
 EXTRA_DIST += cmake/Config.cmake.in
 EXTRA_DIST += cmake/config.in
 EXTRA_DIST += cmake/functions.cmake
+EXTRA_DIST += cmake/options.h.in
 EXTRA_DIST += cmake/modules/FindARIA.cmake
 EXTRA_DIST += cmake/modules/FindOQS.cmake
diff --git a/cmake/options.h.in b/cmake/options.h.in
new file mode 100644
index 000000000..13e56625c
--- /dev/null
+++ b/cmake/options.h.in
@@ -0,0 +1,400 @@
+/* options.h.in
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* cmake template for options.h */
+
+#ifdef WOLFSSL_NO_OPTIONS_H
+/* options.h inhibited by configuration */
+#elif !defined(WOLFSSL_OPTIONS_H)
+#define WOLFSSL_OPTIONS_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef WOLFSSL_OPTIONS_IGNORE_SYS
+#undef _GNU_SOURCE
+#cmakedefine _GNU_SOURCE
+#undef _POSIX_THREADS
+#cmakedefine _POSIX_THREADS
+#endif
+#undef ASIO_USE_WOLFSSL
+#cmakedefine ASIO_USE_WOLFSSL
+#undef BOOST_ASIO_USE_WOLFSSL
+#cmakedefine BOOST_ASIO_USE_WOLFSSL
+#undef CURVE25519_SMALL
+#cmakedefine CURVE25519_SMALL
+#undef CURVE448_SMALL
+#cmakedefine CURVE448_SMALL
+#undef DEBUG
+#cmakedefine DEBUG
+#undef DEBUG_WOLFSSL
+#cmakedefine DEBUG_WOLFSSL
+#undef ECC_SHAMIR
+#cmakedefine ECC_SHAMIR
+#undef ECC_TIMING_RESISTANT
+#cmakedefine ECC_TIMING_RESISTANT
+#undef ED25519_SMALL
+#cmakedefine ED25519_SMALL
+#undef ED448_SMALL
+#cmakedefine ED448_SMALL
+#undef GCM_SMALL
+#cmakedefine GCM_SMALL
+#undef GCM_TABLE
+#cmakedefine GCM_TABLE
+#undef GCM_TABLE_4BIT
+#cmakedefine GCM_TABLE_4BIT
+#undef GCM_WORD32
+#cmakedefine GCM_WORD32
+#undef HAVE___UINT128_T
+#cmakedefine HAVE___UINT128_T 1
+#undef HAVE_AES_KEYWRAP
+#cmakedefine HAVE_AES_KEYWRAP
+#undef HAVE_AESCCM
+#cmakedefine HAVE_AESCCM
+#undef HAVE_AESGCM
+#cmakedefine HAVE_AESGCM
+#undef HAVE_ALPN
+#cmakedefine HAVE_ALPN
+#undef HAVE_ARIA
+#cmakedefine HAVE_ARIA
+#undef HAVE_CERTIFICATE_STATUS_REQUEST
+#cmakedefine HAVE_CERTIFICATE_STATUS_REQUEST
+#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#cmakedefine HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#undef HAVE_CHACHA
+#cmakedefine HAVE_CHACHA
+#undef HAVE_CRL
+#cmakedefine HAVE_CRL
+#undef HAVE_CRL_IO
+#cmakedefine HAVE_CRL_IO
+#undef WOLFSSL_CUSTOM_CURVES
+#cmakedefine WOLFSSL_CUSTOM_CURVES
+#undef HAVE_CURVE25519
+#cmakedefine HAVE_CURVE25519
+#undef HAVE_CURVE448
+#cmakedefine HAVE_CURVE448
+#undef HAVE_DH_DEFAULT_PARAMS
+#cmakedefine HAVE_DH_DEFAULT_PARAMS
+#undef HAVE_ECC
+#cmakedefine HAVE_ECC
+#undef HAVE_ECH
+#cmakedefine HAVE_ECH
+#undef HAVE_ED25519
+#cmakedefine HAVE_ED25519
+#undef HAVE_ED448
+#cmakedefine HAVE_ED448
+#undef HAVE_ENCRYPT_THEN_MAC
+#cmakedefine HAVE_ENCRYPT_THEN_MAC
+#undef HAVE_EX_DATA
+#cmakedefine HAVE_EX_DATA
+#undef HAVE_EXTENDED_MASTER
+#cmakedefine HAVE_EXTENDED_MASTER
+#undef HAVE_FFDHE_2048
+#cmakedefine HAVE_FFDHE_2048
+#undef HAVE_HASHDRBG
+#cmakedefine HAVE_HASHDRBG
+#undef HAVE_HKDF
+#cmakedefine HAVE_HKDF
+#undef HAVE_HPKE
+#cmakedefine HAVE_HPKE
+#undef HAVE_KEYING_MATERIAL
+#cmakedefine HAVE_KEYING_MATERIAL
+#undef HAVE_LIBOQS
+#cmakedefine HAVE_LIBOQS
+#undef HAVE_MAX_FRAGMENT
+#cmakedefine HAVE_MAX_FRAGMENT
+#undef HAVE_OCSP
+#cmakedefine HAVE_OCSP
+#undef HAVE_ONE_TIME_AUTH
+#cmakedefine HAVE_ONE_TIME_AUTH
+#undef HAVE_PKCS7
+#cmakedefine HAVE_PKCS7
+#undef HAVE_POLY1305
+#cmakedefine HAVE_POLY1305
+#undef HAVE_PTHREAD
+#cmakedefine HAVE_PTHREAD 1
+#undef HAVE_REPRODUCIBLE_BUILD
+#cmakedefine HAVE_REPRODUCIBLE_BUILD
+#undef HAVE_SESSION_TICKET
+#cmakedefine HAVE_SESSION_TICKET
+#undef HAVE_SNI
+#cmakedefine HAVE_SNI
+#undef HAVE_SUPPORTED_CURVES
+#cmakedefine HAVE_SUPPORTED_CURVES
+#undef HAVE_THREAD_LS
+#cmakedefine HAVE_THREAD_LS
+#undef HAVE_TLS_EXTENSIONS
+#cmakedefine HAVE_TLS_EXTENSIONS
+#undef HAVE_TRUNCATED_HMAC
+#cmakedefine HAVE_TRUNCATED_HMAC
+#undef HAVE_TRUSTED_CA
+#cmakedefine HAVE_TRUSTED_CA
+#undef HAVE_X963_KDF
+#cmakedefine HAVE_X963_KDF
+#undef NO_AES
+#cmakedefine NO_AES
+#undef NO_AES_CBC
+#cmakedefine NO_AES_CBC
+#undef NO_ASN
+#cmakedefine NO_ASN
+#undef NO_ASN_CRYPT
+#cmakedefine NO_ASN_CRYPT
+#undef NO_BIG_INT
+#cmakedefine NO_BIG_INT
+#undef NO_CERTS
+#cmakedefine NO_CERTS
+#undef NO_CHACHA_ASM
+#cmakedefine NO_CHACHA_ASM
+#undef NO_CODING
+#cmakedefine NO_CODING
+#undef NO_CURVED25519_128BIT
+#cmakedefine NO_CURVED25519_128BIT
+#undef NO_CURVED448_128BIT
+#cmakedefine NO_CURVED448_128BIT
+#undef NO_DES3
+#cmakedefine NO_DES3
+#undef NO_DH
+#cmakedefine NO_DH
+#undef NO_DSA
+#cmakedefine NO_DSA
+#undef NO_ERROR_QUEUE
+#cmakedefine NO_ERROR_QUEUE
+#undef NO_ERROR_STRINGS
+#cmakedefine NO_ERROR_STRINGS
+#undef NO_FILESYSTEM
+#cmakedefine NO_FILESYSTEM
+#undef NO_INLINE
+#cmakedefine NO_INLINE
+#undef NO_MD4
+#cmakedefine NO_MD4
+#undef NO_MD5
+#cmakedefine NO_MD5
+#undef NO_OLD_RNGNAME
+#cmakedefine NO_OLD_RNGNAME
+#undef NO_OLD_SHA_NAMES
+#cmakedefine NO_OLD_SHA_NAMES
+#undef NO_OLD_SSL_NAMES
+#cmakedefine NO_OLD_SSL_NAMES
+#undef NO_OLD_TLS
+#cmakedefine NO_OLD_TLS
+#undef NO_OLD_WC_NAMES
+#cmakedefine NO_OLD_WC_NAMES
+#undef NO_PKCS12
+#cmakedefine NO_PKCS12
+#undef NO_PSK
+#cmakedefine NO_PSK
+#undef NO_PWDBASED
+#cmakedefine NO_PWDBASED
+#undef NO_RC4
+#cmakedefine NO_RC4
+#undef NO_RSA
+#cmakedefine NO_RSA
+#undef NO_SESSION_CACHE_REF
+#cmakedefine NO_SESSION_CACHE_REF
+#undef NO_SHA
+#cmakedefine NO_SHA
+#undef NO_WOLFSSL_MEMORY
+#cmakedefine NO_WOLFSSL_MEMORY
+#undef OPENSSL_ALL
+#cmakedefine OPENSSL_ALL
+#undef OPENSSL_EXTRA
+#cmakedefine OPENSSL_EXTRA
+#undef OPENSSL_NO_SSL2
+#cmakedefine OPENSSL_NO_SSL2
+#undef OPENSSL_NO_SSL3
+#cmakedefine OPENSSL_NO_SSL3
+#undef SSL_TXT_TLSV1_2
+#cmakedefine SSL_TXT_TLSV1_2
+#undef TFM_ECC256
+#cmakedefine TFM_ECC256
+#undef TFM_NO_ASM
+#cmakedefine TFM_NO_ASM
+#undef TFM_TIMING_RESISTANT
+#cmakedefine TFM_TIMING_RESISTANT
+#undef USE_FAST_MATH
+#cmakedefine USE_FAST_MATH
+#undef WC_16BIT_CPU
+#cmakedefine WC_16BIT_CPU
+#undef WC_ECC_NONBLOCK
+#cmakedefine WC_ECC_NONBLOCK
+#undef WC_NO_ASYNC_THREADING
+#cmakedefine WC_NO_ASYNC_THREADING
+#undef WC_NO_HARDEN
+#cmakedefine WC_NO_HARDEN
+#undef WC_NO_HASHDRBG
+#cmakedefine WC_NO_HASHDRBG
+#undef WC_NO_RNG
+#cmakedefine WC_NO_RNG
+#undef WC_NO_RSA_OAEP
+#cmakedefine WC_NO_RSA_OAEP
+#undef WC_RSA_BLINDING
+#cmakedefine WC_RSA_BLINDING
+#undef WC_RSA_NO_PADDING
+#cmakedefine WC_RSA_NO_PADDING
+#undef WC_RSA_PSS
+#cmakedefine WC_RSA_PSS
+#undef WOLF_CRYPTO_CB
+#cmakedefine WOLF_CRYPTO_CB
+#undef WOLFSSL_AARCH64_BUILD
+#cmakedefine WOLFSSL_AARCH64_BUILD
+#undef WOLFSSL_AES_CFB
+#cmakedefine WOLFSSL_AES_CFB
+#undef WOLFSSL_AES_COUNTER
+#cmakedefine WOLFSSL_AES_COUNTER
+#undef WOLFSSL_AES_DIRECT
+#cmakedefine WOLFSSL_AES_DIRECT
+#undef WOLFSSL_AES_OFB
+#cmakedefine WOLFSSL_AES_OFB
+#undef WOLFSSL_AES_SIV
+#cmakedefine WOLFSSL_AES_SIV
+#undef WOLFSSL_ALT_CERT_CHAINS
+#cmakedefine WOLFSSL_ALT_CERT_CHAINS
+#undef WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
+#cmakedefine WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
+#undef WOLFSSL_ASIO
+#cmakedefine WOLFSSL_ASIO
+#undef WOLFSSL_BASE64_ENCODE
+#cmakedefine WOLFSSL_BASE64_ENCODE
+#undef WOLFSSL_CAAM
+#cmakedefine WOLFSSL_CAAM
+#undef WOLFSSL_CERT_EXT
+#cmakedefine WOLFSSL_CERT_EXT
+#undef WOLFSSL_CERT_GEN
+#cmakedefine WOLFSSL_CERT_GEN
+#undef WOLFSSL_CERT_GEN_CACHE
+#cmakedefine WOLFSSL_CERT_GEN_CACHE
+#undef WOLFSSL_CERT_NAME_ALL
+#cmakedefine WOLFSSL_CERT_NAME_ALL
+#undef WOLFSSL_CERT_REQ
+#cmakedefine WOLFSSL_CERT_REQ
+#undef WOLFSSL_CMAC
+#cmakedefine WOLFSSL_CMAC
+#undef WOLFSSL_DES_ECB
+#cmakedefine WOLFSSL_DES_ECB
+#undef WOLFSSL_DH_CONST
+#cmakedefine WOLFSSL_DH_CONST
+#undef WOLFSSL_DTLS
+#cmakedefine WOLFSSL_DTLS
+#undef WOLFSSL_DTLS_CID
+#cmakedefine WOLFSSL_DTLS_CID
+#undef WOLFSSL_DTLS13
+#cmakedefine WOLFSSL_DTLS13
+#undef WOLFSSL_EITHER_SIDE
+#cmakedefine WOLFSSL_EITHER_SIDE
+#undef WOLFSSL_ENCRYPTED_KEYS
+#cmakedefine WOLFSSL_ENCRYPTED_KEYS
+#undef WOLFSSL_ERROR_CODE_OPENSSL
+#cmakedefine WOLFSSL_ERROR_CODE_OPENSSL
+#undef WOLFSSL_IP_ALT_NAME
+#cmakedefine WOLFSSL_IP_ALT_NAME
+#undef WOLFSSL_KEY_GEN
+#cmakedefine WOLFSSL_KEY_GEN
+#undef WOLFSSL_NO_ASM
+#cmakedefine WOLFSSL_NO_ASM
+#undef WOLFSSL_NO_SHAKE128
+#cmakedefine WOLFSSL_NO_SHAKE128
+#undef WOLFSSL_NO_SHAKE256
+#cmakedefine WOLFSSL_NO_SHAKE256
+#undef WOLFSSL_NO_TLS12
+#cmakedefine WOLFSSL_NO_TLS12
+#undef WOLFSSL_POST_HANDSHAKE_AUTH
+#cmakedefine WOLFSSL_POST_HANDSHAKE_AUTH
+#undef WOLFSSL_PSS_LONG_SALT
+#cmakedefine WOLFSSL_PSS_LONG_SALT
+#undef WOLFSSL_PUBLIC_MP
+#cmakedefine WOLFSSL_PUBLIC_MP
+#undef WOLFSSL_QUIC
+#cmakedefine WOLFSSL_QUIC
+#undef WOLFSSL_SEND_HRR_COOKIE
+#cmakedefine WOLFSSL_SEND_HRR_COOKIE
+#undef WOLFSSL_SHA224
+#cmakedefine WOLFSSL_SHA224
+#undef WOLFSSL_SHA3
+#cmakedefine WOLFSSL_SHA3
+#undef WOLFSSL_SHA3_SMALL
+#cmakedefine WOLFSSL_SHA3_SMALL
+#undef WOLFSSL_SHA384
+#cmakedefine WOLFSSL_SHA384
+#undef WOLFSSL_SHA512
+#cmakedefine WOLFSSL_SHA512
+#undef WOLFSSL_SHAKE128
+#cmakedefine WOLFSSL_SHAKE128
+#undef WOLFSSL_SHAKE256
+#cmakedefine WOLFSSL_SHAKE256
+#undef WOLFSSL_SRTP
+#cmakedefine WOLFSSL_SRTP
+#undef WOLFSSL_SYS_CA_CERTS
+#cmakedefine WOLFSSL_SYS_CA_CERTS
+#undef WOLFSSL_TICKET_HAVE_ID
+#cmakedefine WOLFSSL_TICKET_HAVE_ID
+#undef WOLFSSL_TICKET_NONCE_MALLOC
+#cmakedefine WOLFSSL_TICKET_NONCE_MALLOC
+#undef WOLFSSL_TLS13
+#cmakedefine WOLFSSL_TLS13
+#undef WOLFSSL_USE_ALIGN
+#cmakedefine WOLFSSL_USE_ALIGN
+#undef WOLFSSL_USER_SETTINGS_ASM
+#cmakedefine WOLFSSL_USER_SETTINGS_ASM
+#undef WOLFSSL_W64_WRAPPER
+#cmakedefine WOLFSSL_W64_WRAPPER
+#undef WOLFSSL_WOLFSSH
+#cmakedefine WOLFSSL_WOLFSSH
+#undef WOLFSSL_X86_64_BUILD
+#cmakedefine WOLFSSL_X86_64_BUILD
+#undef NO_DES3_TLS_SUITES
+#cmakedefine NO_DES3_TLS_SUITES
+#undef WOLFSSL_EXPERIMENTAL_SETTINGS
+#cmakedefine WOLFSSL_EXPERIMENTAL_SETTINGS
+#undef WOLFSSL_HAVE_KYBER
+#cmakedefine WOLFSSL_HAVE_KYBER
+#undef WOLFSSL_WC_KYBER
+#cmakedefine WOLFSSL_WC_KYBER
+#undef NO_WOLFSSL_STUB
+#cmakedefine NO_WOLFSSL_STUB
+#undef HAVE_ECC_SECPR2
+#cmakedefine HAVE_ECC_SECPR2
+#undef HAVE_ECC_SECPR3
+#cmakedefine HAVE_ECC_SECPR3
+#undef HAVE_ECC_BRAINPOOL
+#cmakedefine HAVE_ECC_BRAINPOOL
+#undef HAVE_ECC_KOBLITZ
+#cmakedefine HAVE_ECC_KOBLITZ
+#undef HAVE_ECC_CDH
+#cmakedefine HAVE_ECC_CDH
+#undef WOLFSSL_HAVE_LMS
+#cmakedefine WOLFSSL_HAVE_LMS
+#undef WOLFSSL_WC_LMS
+#cmakedefine WOLFSSL_WC_LMS
+#undef WOLFSSL_HAVE_XMSS
+#cmakedefine WOLFSSL_HAVE_XMSS
+#undef WOLFSSL_WC_XMSS
+#cmakedefine WOLFSSL_WC_XMSS
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_OPTIONS_H */
+
diff --git a/commit-tests.sh b/commit-tests.sh
index ab5b5010d..e7ba76f03 100755
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #commit-tests.sh
 
diff --git a/configure.ac b/configure.ac
index 0e2d07061..3a0aa63f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,15 +1,18 @@
 # configure.ac
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2024 wolfSSL Inc.
 #
 # This file is part of wolfSSL. (formerly known as CyaSSL)
 #
 #
-AC_COPYRIGHT([Copyright (C) 2006-2023 wolfSSL Inc.])
+AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.7.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
+# Inhibit unwanted regeneration of autotools artifacts by Makefile.
+AM_MAINTAINER_MODE([disable])
+
 # The following sets CFLAGS to empty if unset on command line.  We do not
 # want the default "-g -O2" that AC_PROG_CC sets automatically.
 : ${CFLAGS=""}
@@ -45,22 +48,20 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
 
 # shared library versioning
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
-# these numbers don't always line up nicely with the library version.
-WOLFSSL_LIBRARY_VERSION_FIRST=42
+
+# increment if interfaces have been removed or changed
+WOLFSSL_LIBRARY_VERSION_FIRST=43
+
+# increment if interfaces have been added
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
 WOLFSSL_LIBRARY_VERSION_SECOND=0
+
+# increment if source code has changed
+# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
+# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
 WOLFSSL_LIBRARY_VERSION_THIRD=0
-WOLFSSL_LIBRARY_VERSION=42:0:0
-#                        | | |
-#                 +------+ | +---+
-#                 |        |     |
-#                current:revision:age
-#                 |        |     |
-#                 |        |     +- increment if interfaces have been added
-#                 |        |        set to zero if interfaces have been removed
-#                 |        |        or changed
-#                 |        +- increment if source code has changed
-#                 |           set to zero if current is incremented
-#                 +- increment if interfaces have been added, removed or changed
+
+WOLFSSL_LIBRARY_VERSION=${WOLFSSL_LIBRARY_VERSION_FIRST}:${WOLFSSL_LIBRARY_VERSION_SECOND}:${WOLFSSL_LIBRARY_VERSION_THIRD}
 AC_SUBST([WOLFSSL_LIBRARY_VERSION_FIRST])
 AC_SUBST([WOLFSSL_LIBRARY_VERSION_SECOND])
 AC_SUBST([WOLFSSL_LIBRARY_VERSION_THIRD])
@@ -71,7 +72,7 @@ AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
        AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
        ])
 
-WOLFSSL_BUILD_DATE=$(date -R)
+WOLFSSL_BUILD_DATE=$(LC_TIME=C date +"%a, %d %b %Y %T %z")
 AC_SUBST([WOLFSSL_BUILD_DATE])
 
 
@@ -102,6 +103,21 @@ else
     REPRODUCIBLE_BUILD_DEFAULT=no
 fi
 
+# Fail when an option is passed that is not recognized
+m4_divert_once([DEFAULTS], [enable_option_checking=fatal])
+
+# Allow experimental settings
+AC_ARG_ENABLE([experimental],
+    [AS_HELP_STRING([--enable-experimental],[Allow experimental settings in the configuration (default: disabled)])],
+    [ ENABLED_EXPERIMENTAL=$enableval ],
+    [ ENABLED_EXPERIMENTAL=no ]
+    )
+if test "$ENABLED_EXPERIMENTAL" = "yes"
+then
+    AS_IF([ test "$ENABLED_DISTRO" = "yes" && test "$ENABLED_EXPERIMENTAL" = "yes" ],[ AC_MSG_ERROR([--enable-distro and --enable-experimental are mutually exclusive.]) ])
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
+    AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
+fi
 
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])
 AC_CHECK_LIB([network],[socket])
@@ -187,6 +203,34 @@ AS_IF([test "$ax_enable_debug" = "yes"],
       [AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"],
       [AM_CCASFLAGS="$AM_CCASFLAGS -DNDEBUG"])
 
+AC_ARG_ENABLE([debug-code-points],
+    [ AS_HELP_STRING([--enable-debug-code-points],[Include source file and line number in --enable-verbose messages.]) ],
+    [ ENABLED_DEBUG_CODEPOINTS=$enableval ],
+    [ ENABLED_DEBUG_CODEPOINTS=no ]
+    )
+
+if test "$ENABLED_DEBUG_CODEPOINTS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEBUG_CODEPOINTS"
+fi
+
+AC_ARG_ENABLE([debug-trace-errcodes],
+    [ AS_HELP_STRING([--enable-debug-trace-errcodes],[Print trace messages when library errors are thrown.]) ],
+    [ ENABLED_DEBUG_TRACE_ERRCODES=$enableval ],
+    [ ENABLED_DEBUG_TRACE_ERRCODES=no ]
+    )
+
+if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEBUG_TRACE_ERROR_CODES"
+fi
+
+if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "backtrace"
+then
+    AM_CFLAGS="$AM_CFLAGS -g -funwind-tables -DWOLFSSL_DEBUG_BACKTRACE_ERROR_CODES"
+    AM_LDFLAGS="$AM_LDFLAGS -lbacktrace"
+fi
+
 # Start without certificates enabled and enable if a certificate algorithm is
 # enabled
 ENABLED_CERTS="no"
@@ -251,6 +295,25 @@ AC_ARG_ENABLE([hmac],
     [ ENABLED_HMAC=yes ]
     )
 
+# enable HMAC hash copying automatically for x86_64 and aarch64 (except Linux kernel module)
+HMAC_COPY_DEFAULT=no
+if test "$ENABLED_LINUXKM_DEFAULTS" = "no"
+then
+    if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
+    then
+        HMAC_COPY_DEFAULT=yes
+    fi
+fi
+AC_ARG_ENABLE([hmac-copy],
+    [AS_HELP_STRING([--enable-hmac-copy],[Enables digest copying implementation for HMAC (default: disabled)])],
+    [ ENABLED_HMAC_COPY=$enableval ],
+    [ ENABLED_HMAC_COPY=$HMAC_COPY_DEFAULT ]
+    )
+if test "$ENABLED_HMAC_COPY" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HMAC_COPY_HASH"
+fi
+
 AC_ARG_ENABLE([do178],
     [AS_HELP_STRING([--enable-do178],[Enable DO-178, Will NOT work w/o DO178 license (default: disabled)])],
     [ENABLED_DO178=$enableval],
@@ -275,7 +338,6 @@ then
 fi
 AC_SUBST([ENABLED_ASM])
 
-
 # Default math is SP Math all and not fast math
 # FIPS v1 and v2 must use fast math
 DEF_SP_MATH="yes"
@@ -287,6 +349,22 @@ AC_ARG_ENABLE([fips],
     [ENABLED_FIPS=$enableval],
     [ENABLED_FIPS="no"])
 
+# wolfProvider Options
+AC_ARG_ENABLE([wolfprovider],
+    [AS_HELP_STRING([--enable-wolfprovider],[Enable wolfProvider options (default: disabled)])],
+    [ ENABLED_WOLFPROVIDER=$enableval ],
+    [ ENABLED_WOLFPROVIDER=no ]
+    )
+if test "x$ENABLED_WOLFPROVIDER" != "xno"
+then
+    test -z "$enable_all_crypto" && enable_all_crypto=yes
+    test -z "$enable_opensslcoexist" && enable_opensslcoexist=yes
+    test -z "$enable_sha" && enable_sha=yes
+    test -z "$with_eccminsz" && with_eccminsz=192
+    test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
+fi
+
 # wolfEngine Options
 AC_ARG_ENABLE([engine],
     [AS_HELP_STRING([--enable-engine],[Enable wolfEngine options (default: disabled)])],
@@ -294,6 +372,11 @@ AC_ARG_ENABLE([engine],
     [ ENABLED_WOLFENGINE=no ]
     )
 
+if test "x$ENABLED_WOLFENGINE" != "xno"
+then
+    test -z "$with_eccminsz" && with_eccminsz=192
+fi
+
 AS_CASE([$ENABLED_WOLFENGINE],
     [no],[
         ENABLED_WOLFENGINE="no"
@@ -309,6 +392,10 @@ AS_CASE([$ENABLED_WOLFENGINE],
         ENABLED_WOLFENGINE="yes"
         ENABLED_FIPS="v5"
     ],
+    [fips-v6],[
+        ENABLED_WOLFENGINE="yes"
+        ENABLED_FIPS="v6"
+    ],
     [fips-ready],[
         ENABLED_WOLFENGINE="yes"
         ENABLED_FIPS="ready"
@@ -329,12 +416,13 @@ AS_CASE([$ENABLED_WOLFENGINE],
 #   v2 - FIPS 140-2 Cert 3389
 #   cert3389 - alias for v2
 #   rand - wolfRand
-#   v5-RC12 - FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
-#   v5 - currently, alias for v5-RC12
+#   v5 - FIPS 140-3 Cert 4718
+#   cert4718 - alias for v5
 #   ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
 #   dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
 #   v5-ready - Alias for ready.
 #   v5-dev - Alias for dev.
+#   v6     - The SRTP-KDF-full-submission
 #
 # These options have been retired, but are listed here for historical reference:
 #   v5-RC8 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC8).
@@ -345,6 +433,7 @@ AS_CASE([$ENABLED_WOLFENGINE],
 #             HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
 #   v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11
 #             HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
+#   v5-RC12 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
 AS_CASE([$ENABLED_FIPS],
     [no],[
         FIPS_VERSION="none"
@@ -353,16 +442,16 @@ AS_CASE([$ENABLED_FIPS],
         FIPS_VERSION="disabled"
         ENABLED_FIPS="no"
     ],
-    [v1|yes|cert2425],[
+    [v1|cert2425],[
         FIPS_VERSION="v1"
-        HAVE_FIPS_VERSION=1
+        HAVE_FIPS_VERSION_MAJOR=1
         ENABLED_FIPS="yes"
         DEF_SP_MATH="no"
         DEF_FAST_MATH="yes"
     ],
     [v2|cert3389],[
         FIPS_VERSION="v2"
-        HAVE_FIPS_VERSION=2
+        HAVE_FIPS_VERSION_MAJOR=2
         HAVE_FIPS_VERSION_MINOR=0
         ENABLED_FIPS="yes"
         DEF_SP_MATH="no"
@@ -370,46 +459,95 @@ AS_CASE([$ENABLED_FIPS],
     ],
     [rand],[
         FIPS_VERSION="rand"
-        HAVE_FIPS_VERSION=2
+        HAVE_FIPS_VERSION_MAJOR=2
         HAVE_FIPS_VERSION_MINOR=1
         ENABLED_FIPS="yes"
         DEF_SP_MATH="no"
         DEF_FAST_MATH="no"
     ],
-    [v5|v5-RC12],[
-        FIPS_VERSION="v5-RC12"
-        HAVE_FIPS_VERSION=5
+    [v5|cert4718],[
+        FIPS_VERSION="v5"
+        HAVE_FIPS_VERSION_MAJOR=5
         HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=1
         ENABLED_FIPS="yes"
         DEF_SP_MATH="no"
         DEF_FAST_MATH="yes"
     ],
-    [ready|v5-ready],[
-        FIPS_VERSION="ready"
-        HAVE_FIPS_VERSION=5
+    [v5-RC12],[
+        FIPS_VERSION="v5-RC12"
+        HAVE_FIPS_VERSION_MAJOR=5
+        HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=0
+        ENABLED_FIPS="yes"
+        DEF_SP_MATH="no"
+        DEF_FAST_MATH="yes"
+    ],
+    [v5-ready],[
+        FIPS_VERSION="v5-ready"
+        HAVE_FIPS_VERSION_MAJOR=5
         HAVE_FIPS_VERSION_MINOR=3
         ENABLED_FIPS="yes"
         DEF_SP_MATH="no"
         DEF_FAST_MATH="yes"
     ],
-    [dev|v5-dev],[
-        FIPS_VERSION="dev"
-        HAVE_FIPS_VERSION=5
+    [v5-dev],[
+        FIPS_VERSION="v5-dev"
+        HAVE_FIPS_VERSION_MAJOR=5
         HAVE_FIPS_VERSION_MINOR=3
         ENABLED_FIPS="yes"
         # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
     ],
+    [v6],[
+        FIPS_VERSION="v6"
+        HAVE_FIPS_VERSION=6
+        HAVE_FIPS_VERSION_MAJOR=6
+        HAVE_FIPS_VERSION_MINOR=0
+        HAVE_FIPS_VERSION_PATCH=0
+        ENABLED_FIPS="yes"
+        DEF_SP_MATH="yes"
+        DEF_FAST_MATH="no"
+    ],
+    # Should always remain one ahead of the latest so as not to be confused with
+    # the latest
+    [ready|v6-ready],[
+        FIPS_VERSION="ready"
+        HAVE_FIPS_VERSION=7
+        HAVE_FIPS_VERSION_MAJOR=7
+        HAVE_FIPS_VERSION_MINOR=0
+        HAVE_FIPS_VERSION_PATCH=0
+        ENABLED_FIPS="yes"
+        DEF_SP_MATH="yes"
+        DEF_FAST_MATH="no"
+    ],
+    [dev|v6-dev],[
+        FIPS_VERSION="dev"
+        HAVE_FIPS_VERSION_MAJOR=7
+        HAVE_FIPS_VERSION_MINOR=0
+        HAVE_FIPS_VERSION_PATCH=0
+        ENABLED_FIPS="yes"
+        # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
+    ],
     [
-        AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (main options: v1, v2, v5, ready, dev, rand, no, disabled)])
+        AS_IF([test "$ENABLED_FIPS" = "yes"],[ENABLED_FIPS="(unset)"],[ENABLED_FIPS=\"$ENABLED_FIPS\"])
+        AC_MSG_ERROR([Invalid value for --enable-fips $ENABLED_FIPS (main options: v1, v2, v5, v6, ready, dev, rand, no, disabled)])
     ])
 
+if test -z "$HAVE_FIPS_VERSION_MAJOR"
+then
+    HAVE_FIPS_VERSION_MAJOR=0
+fi
 if test -z "$HAVE_FIPS_VERSION_MINOR"
 then
     HAVE_FIPS_VERSION_MINOR=0
 fi
+if test -z "$HAVE_FIPS_VERSION_PATCH"
+then
+    HAVE_FIPS_VERSION_PATCH=0
+fi
 if test -z "$HAVE_FIPS_VERSION"
 then
-    HAVE_FIPS_VERSION=0
+    HAVE_FIPS_VERSION="$HAVE_FIPS_VERSION_MAJOR"
 fi
 
 if test "$ENABLED_FIPS" != "no"
@@ -451,9 +589,37 @@ then
         RANLIB=ranlib
     fi
     xxx_ranlib_flags=$(${RANLIB} --help 2>&1)
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD"
+
     AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr" lt_ar_flags="Dcr"])
     AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"])
+
+    if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "backtrace"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD -g0"
+    fi
+
+    # opportunistically use -ffile-prefix-map (added in GCC8 and LLVM10)
+
+    if "$CC" -ffile-prefix-map=/tmp=. -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
+        #include <stdlib.h>
+        int main(int argc, char **argv) {
+            (void)argc; (void)argv; return 0;
+        }
+        EOF
+    then
+        AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/="
+    fi
+
+    # opportunistically force linker option --build-id=sha1 (usually the default)
+    if "$CC" -Wl,--build-id=sha1 -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
+        #include <stdlib.h>
+        int main(int argc, char **argv) {
+            (void)argc; (void)argv; return 0;
+        }
+        EOF
+    then
+        AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=sha1"
+    fi
 fi
 
 
@@ -557,6 +723,17 @@ fi
 
 # MATH LIBRARY SELECTION
 
+# Assure consistency of defaults
+if test "$DEF_FAST_MATH" = "yes" && ( (test "$enable_sp_math" != "no" && test "$enable_sp_math" != "") || test "$enable_heapmath" = "yes")
+then
+    DEF_FAST_MATH=no
+fi
+
+if test "$DEF_SP_MATH" = "yes" && (test "$enable_fastmath" = "yes" || test "$enable_fasthugemath" = "yes" || test "$enable_heapmath" = "yes")
+then
+    DEF_SP_MATH=no
+fi
+
 # Single Precision maths implementation
 AC_ARG_ENABLE([sp],
     [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
@@ -628,14 +805,14 @@ fi
 
 # fastmath
 AC_ARG_ENABLE([fastmath],
-    [AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: disabled)])],
+    [AS_HELP_STRING([--enable-fastmath],[Enable legacy Tom's Fast Math back end (default: disabled)])],
     [ ENABLED_FASTMATH=$enableval ],
     [ ENABLED_FASTMATH=$DEF_FAST_MATH ]
     )
 
 # fast HUGE math
 AC_ARG_ENABLE([fasthugemath],
-    [AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
+    [AS_HELP_STRING([--enable-fasthugemath],[Enable legacy Tom's Fast Math + huge code (default: disabled)])],
     [ ENABLED_FASTHUGEMATH=$enableval ],
     [ ENABLED_FASTHUGEMATH=no ]
     )
@@ -659,6 +836,69 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_BUILD"
 fi
 
+
+AC_ARG_ENABLE([leanpsk],
+    [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
+    [ ENABLED_LEANPSK=$enableval ],
+    [ ENABLED_LEANPSK=no ]
+    )
+
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
+    ENABLED_SLOWMATH="no"
+    ENABLED_SINGLETHREADED="yes"
+    enable_lowresource=yes
+fi
+
+
+# ASN
+
+# disabling ASN implicitly disables certs, RSA, DSA, and ECC,
+# and also disables MPI unless DH is enabled.
+
+# turn off ASN if leanpsk on
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    enable_asn=no
+fi
+
+AC_ARG_ENABLE([asn],
+    [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
+    [ ENABLED_ASN=$enableval ],
+    [ ENABLED_ASN=yes ]
+    )
+
+for v in `echo $ENABLED_ASN | tr "," " "`
+do
+    case $v in
+    all)
+        # Enable all ASN features
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
+        ENABLED_ASN=yes
+        ;;
+    template | yes)
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
+        ENABLED_ASN=yes
+        ;;
+    original)
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
+        ;;
+    nocrypt)
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
+        enable_pwdbased=no
+        ;;
+    no)
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
+        enable_pwdbased=no
+        ;;
+    *)
+        AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
+        break;;
+esac
+done
+
+
 # if sp-math-all is not set, then enable fast math
 if test "x$ENABLED_FASTMATH" = "xyes" && test "$enable_sp_math_all" = "" && test "$enable_sp_math" = ""
 then
@@ -700,9 +940,54 @@ then
     ENABLED_SP_MATH_ALL="no"
 fi
 
+# wolfCrypt Only Build
+AC_ARG_ENABLE([cryptonly],
+    [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
+    [ENABLED_CRYPTONLY=$enableval],
+    [ENABLED_CRYPTONLY=no])
+
+AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
+
+# TLS
+AC_ARG_ENABLE([tls],
+    [AS_HELP_STRING([--enable-tls],[Enable TLS support (default: enabled)])],
+    [ ENABLED_TLS=$enableval ],
+    [ ENABLED_TLS=yes ]
+    )
+
+if test "$ENABLED_CRYPTONLY" = "yes"
+then
+    ENABLED_TLS=no
+fi
+if test "$ENABLED_TLS" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_TLS"
+    test "$enable_tls13" = "" && enable_tls13=no
+    test "$enable_tlsv12" = "" && enable_tlsv12=no
+    test "$enable_tlsv10" = "" && enable_tlsv10=no
+    test "$enable_dtls" = "" && enable_dtls=no
+    test "$enable_dtls13" = "" && enable_dtls13=no
+    test "$enable_dtls_mtu" = "" && enable_dtls_mtu=no
+    test "$enable_dtlscid" = "" && enable_dtlscid=no
+    test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=no
+    test "$enable_mcast" = "" && enable_mcast=no
+    test "$enable_srtp" = "" && enable_srtp=no
+    test "$enable_ocsp" = "" && enable_ocsp=no
+    test "$enable_tlsx" = "" && enable_tlsx=no
+    test "$enable_sni" = "" && enable_sni=no
+    test "$enable_crl_monitor" = "" && enable_crl_monitor=no
+    test "$enable_alpn" = "" && enable_alpn=no
+    test "$enable_pkcallbacks" = "" && enable_pkcallbacks=no
+    test "$enable_quic" = "" && enable_quic=no
+    test "$enable_ech" = "" && enable_ech=no
+    test "$enable_ocspstapling" = "" && enable_ocspstapling=no
+
+    # Disable all open source compatibility enables that might get set with all
+    test "$enable_all_osp" = "" && enable_all_osp=no
+fi
 
 
-# ALL FEATURES
+# All features, except conflicting or experimental:
 AC_ARG_ENABLE([all],
     [AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
     [ ENABLED_ALL=$enableval ],
@@ -710,182 +995,65 @@ AC_ARG_ENABLE([all],
     )
 if test "$ENABLED_ALL" = "yes"
 then
+    test "$enable_all_crypto" = "" && enable_all_crypto=yes
+
+    test "$enable_all_osp" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_all_osp=yes
+
     test "$enable_dtls" = "" && enable_dtls=yes
+    test "$enable_dtls_mtu" = "" && enable_dtls_mtu=yes
+    test "$enable_dtlscid" = "" && enable_dtlscid=yes
+    test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=yes
     if test "x$FIPS_VERSION" != "xv1"
     then
         test "$enable_tls13" = "" && enable_tls13=yes
-        test "$enable_rsapss" = "" && enable_rsapss=yes
+        test "$enable_dtls13" = "" && enable_dtls13=yes
     fi
 
-    # this set is also enabled by enable-all-crypto:
-    test "$enable_atomicuser" = "" && enable_atomicuser=yes
-    test "$enable_aesgcm" = "" && enable_aesgcm=yes
-    test "$enable_aesccm" = "" && enable_aesccm=yes
-    test "$enable_aesctr" = "" && enable_aesctr=yes
-    test "$enable_aeseax" = "" && enable_aeseax=yes
-    test "$enable_aesofb" = "" && enable_aesofb=yes
-    test "$enable_aescfb" = "" && enable_aescfb=yes
-    test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
-    test "$enable_camellia" = "" && enable_camellia=yes
-    test "$enable_ripemd" = "" && enable_ripemd=yes
-    test "$enable_sha224" = "" && enable_sha224=yes
-    test "$enable_shake128" = "" && enable_shake128=yes
-    test "$enable_shake256" = "" && enable_shake256=yes
-    test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
-    test "$enable_keygen" = "" && enable_keygen=yes
-    test "$enable_certgen" = "" && enable_certgen=yes
-    test "$enable_certreq" = "" && enable_certreq=yes
-    test "$enable_certext" = "" && enable_certext=yes
-    test "$enable_sep" = "" && enable_sep=yes
-    test "$enable_hkdf" = "" && enable_hkdf=yes
-    test "$enable_curve25519" = "" && enable_curve25519=yes
-    test "$enable_curve448" = "" && enable_curve448=yes
-    test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
-    test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
-    test "$enable_psk" = "" && enable_psk=yes
-    test "$enable_cmac" = "" && enable_cmac=yes
-    test "$enable_siphash" = "" && enable_siphash=yes
-    test "$enable_xts" = "" && enable_xts=yes
-    test "$enable_ocsp" = "" && enable_ocsp=yes
-    test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
-    test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
-    test "$enable_crl" = "" && enable_crl=yes
-    test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
-    test "$enable_tlsx" = "" && enable_tlsx=yes
-    test "$enable_pwdbased" = "" && enable_pwdbased=yes
-    test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
-    test "$enable_x963kdf" = "" && enable_x963kdf=yes
-    test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes
-    test "$enable_indef" = "" && enable_indef=yes
-    test "$enable_enckeys" = "" && enable_enckeys=yes
-    test "$enable_hashflags" = "" && enable_hashflags=yes
-    test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
-    test "$enable_base64encode" = "" && enable_base64encode=yes
-    test "$enable_base16" = "" && enable_base16=yes
-    test "$enable_arc4" = "" && enable_arc4=yes
-    test "$enable_des3" = "" && enable_des3=yes
-    test "$enable_blake2" = "" && enable_blake2=yes
-    test "$enable_blake2s" = "" && enable_blake2s=yes
-    test "$enable_md2" = "" && enable_md2=yes
-    test "$enable_md4" = "" && enable_md4=yes
-    test "$enable_cryptocb" = "" && enable_cryptocb=yes
-    test "$enable_anon" = "" && enable_anon=yes
-    test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
-
     test "$enable_savesession" = "" && enable_savesession=yes
     test "$enable_savecert" = "" && enable_savecert=yes
     test "$enable_postauth" = "" && enable_postauth=yes
     test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
     test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
-    test "$enable_webserver" = "" && enable_webserver=yes
     test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
     test "$enable_sni" = "" && enable_sni=yes
     test "$enable_maxfragment" = "" && enable_maxfragment=yes
     test "$enable_alpn" = "" && enable_alpn=yes
     test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
-    test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
+    test "$enable_trustedca" = "" && enable_trustedca=yes
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
     test "$enable_earlydata" = "" && enable_earlydata=yes
     test "$enable_ech" = "" && enable_ech=yes
-
-    if test "$ENABLED_32BIT" != "yes"
-    then
-        test "$enable_sha512" = "" && enable_sha512=yes
-        test "$enable_sha3" = "" && enable_sha3=yes
-    fi
+    test "$enable_rpk" = "" && enable_rpk=yes
 
     if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
     then
-        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
-        test "$enable_compkey" = "" && enable_compkey=yes
         test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
     fi
 
-    # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
-    if test "$ENABLED_SP_MATH" = "no"
+    if test "$ENABLED_SP_MATH" != "yes"
     then
-        test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
-        test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
-        test "$enable_brainpool" = "" && enable_brainpool=yes
-        test "$enable_srp" = "" && enable_srp=yes
         # linuxkm is incompatible with opensslextra and its dependents.
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
-            if test "$ENABLED_FIPS" = "no"
-            then
-                if test "$ENABLED_32BIT" != "yes"
-                then
-                    test "$enable_openssh" = "" && enable_openssh=yes
-                fi
-                # S/MIME support requires PKCS7, which requires no FIPS.
-                test "$enable_smime" = "" && enable_smime=yes
-            fi
             test "$enable_opensslextra" = "" && enable_opensslextra=yes
             test "$enable_opensslall" = "" && enable_opensslall=yes
             test "$enable_certservice" = "" && enable_certservice=yes
-            test "$enable_lighty" = "" && enable_lighty=yes
-            test "$enable_nginx" = "" && enable_nginx=yes
-            test "$enable_openvpn" = "" && enable_openvpn=yes
-            test "$enable_asio" = "" && enable_asio=yes
-            test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
-            test "$enable_qt" = "" && enable_qt=yes
         fi
     fi
 
     if test "$ENABLED_FIPS" = "no"
     then
-        test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
-        test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
         test "$enable_scep" = "" && enable_scep=yes
-        test "$enable_pkcs7" = "" && enable_pkcs7=yes
-        test "$enable_nullcipher" = "" && enable_nullcipher=yes
         test "$enable_mcast" = "" && enable_mcast=yes
-        if test "$ENABLED_32BIT" != "yes"
-        then
-            test "$enable_ed25519" = "" && enable_ed25519=yes
-            test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
-            test "$enable_ed448" = "" && enable_ed448=yes
-            test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
-        fi
-
-        if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
-        then
-            # these use DES3:
-            test "$enable_stunnel" = "" && enable_stunnel=yes
-            test "$enable_curl" = "" && enable_curl=yes
-            test "$enable_tcpdump" = "" && enable_tcpdump=yes
-
-            test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
-            test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
-        fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "dev"; then
-        test "$enable_aessiv" = "" && enable_aessiv=yes
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_srtp" = "" && enable_srtp=yes
     fi
 
-    # Enable DH const table speedups (eliminates `-lm` math lib dependency)
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
-    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
-
-    # Enable multiple attribute additions such as DC
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
-
-    # Enable AES Decrypt, AES ECB
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB"
-
-    # Enable Alt Names, DER Load, Keep Certs, CRL IO with Timeout
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
-
-    # Enable DH Extra
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
-
-    # Enable deterministic ECC signing API with variant
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
-
-    # Store issuer name components when parsing certificates.
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
 
     # Certificate extensions and alt. names for FPKI use
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
@@ -898,7 +1066,154 @@ then
 fi
 
 
-# ALL CRYPTO FEATURES
+# All OSP meta-features:
+AC_ARG_ENABLE([all-osp],
+    [AS_HELP_STRING([--enable-all-osp],[Enable all OSP meta feature sets (default: disabled)])],
+    [ ENABLED_ALL_OSP=$enableval ],
+    [ ENABLED_ALL_OSP=no]
+    )
+
+if test "$ENABLED_ALL_OSP" = "yes"
+then
+    if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+    then
+        AC_MSG_ERROR([--enable-all-osp is incompatible with --enable-linuxkm-defaults])
+    fi
+
+    test "$enable_webserver" = "" && enable_webserver=yes
+
+    if test "$ENABLED_SP_MATH" != "yes"
+    then
+        if test "$ENABLED_FIPS" = "no"
+        then
+            # S/MIME support requires PKCS7, which requires no FIPS.
+            test "$enable_smime" = "" && enable_smime=yes
+            if test "$ENABLED_32BIT" != "yes"
+            then
+                test "$enable_openssh" = "" && enable_openssh=yes
+            fi
+        fi
+
+        if test "$ENABLED_ALL_OSP" != "no"
+        then
+            test "$enable_lighty" = "" && enable_lighty=yes
+            test "$enable_nginx" = "" && enable_nginx=yes
+            test "$enable_openvpn" = "" && enable_openvpn=yes
+            test "$enable_asio" = "" && enable_asio=yes
+            test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
+            if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
+                test "$enable_qt" = "" && enable_qt=yes
+            fi
+        fi
+    fi
+
+    if test "$ENABLED_FIPS" = "no"
+    then
+        # these use DES3:
+        test "$enable_stunnel" = "" && enable_stunnel=yes
+        test "$enable_curl" = "" && enable_curl=yes
+        test "$enable_tcpdump" = "" && enable_tcpdump=yes
+    fi
+fi
+
+
+# Auto-selected activation of all applicable asm accelerations
+
+# Enable asm automatically only if the compiler advertises itself as full Gnu C.
+if "$CC" $AM_CFLAGS $CPPFLAGS $CFLAGS -x c - -o /dev/null >/dev/null 2>&1 <<'    EOF'
+    #include <stdlib.h>
+    int main(int argc, char **argv) {
+        (void)argc; (void)argv;
+    #ifdef __STRICT_ANSI__
+        #error __STRICT_ANSI__
+    #endif
+    #ifndef __GNUC__
+        #error !__GNUC__
+    #endif
+        return 0;
+    }
+    EOF
+then
+    HAVE_GNUC=yes
+fi
+
+if test "$enable_all_crypto" = "yes" &&
+   test "$ENABLED_LINUXKM_DEFAULTS" = "no" &&
+   test "$ENABLED_ASM" != "no" &&
+   test "$HAVE_GNUC" = "yes" &&
+   test "$enable_sp_asm" != "no" &&
+   test "$enable_intelasm" != "no" &&
+   test "$enable_armasm" != "no" &&
+   test "$enable_afalg" != "yes" &&
+   test "$ENABLED_32BIT" = "no"
+then
+    DEFAULT_ENABLED_ALL_ASM=yes
+else
+    DEFAULT_ENABLED_ALL_ASM=no
+fi
+
+AC_ARG_ENABLE([all-asm],
+    [AS_HELP_STRING([--enable-all-asm],[Enable all applicable assembly accelerations (default: disabled)])],
+    [ ENABLED_ALL_ASM=$enableval ],
+    [ ENABLED_ALL_ASM=$DEFAULT_ENABLED_ALL_ASM ]
+    )
+
+if test "$ENABLED_ALL_ASM" != "no"
+then
+    if test "$ENABLED_ASM" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-asm])
+    fi
+
+    if test "$enable_sp_asm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-sp-asm])
+    fi
+
+    if test "$enable_intelasm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-intelasm])
+    fi
+
+    if test "$enable_armasm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-armasm])
+    fi
+
+    case "$host_cpu" in
+        *x86_64*|*amd64*)
+            if test "$enable_intelasm" = ""
+            then
+                enable_intelasm=yes
+            fi
+            if test "$ENABLED_SP" != "no"
+            then
+                ENABLED_SP_ASM=yes
+                if test "$ENABLED_SP" = ""
+                then
+                    ENABLED_SP=yes
+                fi
+            fi
+            ;;
+        *aarch64*)
+            if test "$enable_armasm" = ""
+            then
+               enable_armasm=yes
+            fi
+            if test "$ENABLED_SP" != "no"
+            then
+                ENABLED_SP_ASM=yes
+                if test "$ENABLED_SP" = ""
+                then
+                    ENABLED_SP=yes
+                fi
+            fi
+            ;;
+    esac
+fi
+
+
+# All wolfCrypt features:
 AC_ARG_ENABLE([all-crypto],
     [AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
     [ ENABLED_ALL_CRYPT=$enableval ],
@@ -917,8 +1232,8 @@ then
     test "$enable_camellia" = "" && enable_camellia=yes
     test "$enable_ripemd" = "" && enable_ripemd=yes
     test "$enable_sha224" = "" && enable_sha224=yes
-    test "$enable_shake128" = "" && enable_shake128=yes
-    test "$enable_shake256" = "" && enable_shake256=yes
+    test "$enable_sha512" = "" && enable_sha512=yes
+    test "$enable_sha3" = "" && enable_sha3=yes
     test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
     test "$enable_keygen" = "" && enable_keygen=yes
     test "$enable_certgen" = "" && enable_certgen=yes
@@ -933,7 +1248,6 @@ then
     test "$enable_psk" = "" && enable_psk=yes
     test "$enable_cmac" = "" && enable_cmac=yes
     test "$enable_siphash" = "" && enable_siphash=yes
-    test "$enable_xts" = "" && enable_xts=yes
     test "$enable_ocsp" = "" && enable_ocsp=yes
     test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
     test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
@@ -951,48 +1265,41 @@ then
     test "$enable_base64encode" = "" && enable_base64encode=yes
     test "$enable_base16" = "" && enable_base16=yes
     test "$enable_arc4" = "" && enable_arc4=yes
-    test "$enable_des3" = "" && enable_des3=yes
     test "$enable_blake2" = "" && enable_blake2=yes
     test "$enable_blake2s" = "" && enable_blake2s=yes
     test "$enable_md2" = "" && enable_md2=yes
     test "$enable_md4" = "" && enable_md4=yes
-    test "$enable_cryptocb" = "" && enable_cryptocb=yes
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
 
-    if test "$ENABLED_32BIT" != "yes"
+    if test "x$FIPS_VERSION" != "xv1"
     then
-        test "$enable_sha512" = "" && enable_sha512=yes
-        test "$enable_sha3" = "" && enable_sha3=yes
+        test "$enable_rsapss" = "" && enable_rsapss=yes
     fi
 
-    if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
-    then
-        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
-        test "$enable_compkey" = "" && enable_compkey=yes
-    fi
-
-    if test "$ENABLED_SP_MATH" = "no"
+    # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
+    if test "$ENABLED_SP_MATH" != "yes"
     then
         test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
-        test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
-        test "$enable_brainpool" = "" && enable_brainpool=yes
+        if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
+            test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
+            test "$enable_ecccustcurves" != "no" && test "$enable_brainpool" = "" && enable_brainpool=yes
+            test "$enable_ecccustcurves" != "no" && AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH -DHAVE_ECC_KOBLITZ -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3"
+        fi
         test "$enable_srp" = "" && enable_srp=yes
     fi
 
     if test "$ENABLED_FIPS" = "no"
     then
+        test "$enable_cryptocb" = "" && enable_cryptocb=yes
         test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
         test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
         test "$enable_pkcs7" = "" && enable_pkcs7=yes
         test "$enable_nullcipher" = "" && enable_nullcipher=yes
-        if test "$ENABLED_32BIT" != "yes"
-        then
-            test "$enable_ed25519" = "" && enable_ed25519=yes
-            test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
-            test "$enable_ed448" = "" && enable_ed448=yes
-            test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
-        fi
+        test "$enable_ed25519" = "" && enable_ed25519=yes
+        test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
+        test "$enable_ed448" = "" && enable_ed448=yes
+        test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
 
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
@@ -1001,19 +1308,32 @@ then
         fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "dev"; then
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
+        test "$enable_aesxts" = "" && enable_aesxts=yes
+        test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
         test "$enable_aessiv" = "" && enable_aessiv=yes
+        test "$enable_shake128" = "" && enable_shake128=yes
+        test "$enable_shake256" = "" && enable_shake256=yes
+        test "$enable_compkey" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_compkey=yes
+        # AFALG lacks AES-ECB
+        test "$enable_srtp_kdf" = "" && test "$enable_afalg" != "yes" && enable_srtp_kdf=yes
     fi
 
-    # Enable AES Decrypt, AES ECB, Alt Names, DER Load
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
+        test "$enable_des3" = "" && enable_des3=yes
+        test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES"
 
     # Enable DH const table speedups (eliminates `-lm` math lib dependency)
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
     DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 
-    # Enable multiple attribute additions such as DC
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
+    # Enable all parsing features for ASN */
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
 
     # Enable DH Extra
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
@@ -1029,10 +1349,12 @@ fi
 ENABLED_LIBOQS="no"
 tryliboqsdir=""
 AC_ARG_WITH([liboqs],
-    [AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) EXPERIMENTAL!])],
+    [AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) (requires --enable-experimental)])],
     [
+        AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([LIBOQS requires --enable-experimental.]) ])
         AC_MSG_CHECKING([for liboqs])
         LIBS="$LIBS -loqs"
+        AM_CFLAGS="$AM_CFLAGS -pthread"
 
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
 
@@ -1044,7 +1366,7 @@ AC_ARG_WITH([liboqs],
                 tryliboqsdir="/usr/local"
             fi
 
-            CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
+            CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
             LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
 
             AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
@@ -1074,8 +1396,7 @@ AC_ARG_WITH([liboqs],
 
 # KYBER
 # Used:
-#  - SHA3, Shake128 and Shake256, or
-#  - SHA256, SHA512, AES-CTR
+#  - SHA3, Shake128 and Shake256
 AC_ARG_ENABLE([kyber],
     [AS_HELP_STRING([--enable-kyber],[Enable KYBER (default: disabled)])],
     [ ENABLED_KYBER=$enableval ],
@@ -1083,23 +1404,29 @@ AC_ARG_ENABLE([kyber],
     )
 
 ENABLED_WC_KYBER=no
+ENABLED_ML_KEM=unset
+ENABLED_KYBER_MAKE_KEY=no
+ENABLED_KYBER_ENCAPSULATE=no
+ENABLED_KYBER_DECAPSULATE=no
 for v in `echo $ENABLED_KYBER | tr "," " "`
 do
   case $v in
-  yes | all)
+  yes)
     ENABLED_KYBER512=yes
     ENABLED_KYBER768=yes
     ENABLED_KYBER1024=yes
+    ENABLED_KYBER_MAKE_KEY=yes
+    ENABLED_KYBER_ENCAPSULATE=yes
+    ENABLED_KYBER_DECAPSULATE=yes
     ;;
   no)
     ;;
-  wolfssl)
-    ENABLED_WC_KYBER=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
-    ;;
   small)
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_SMALL"
     ;;
+  cache-a)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
+    ;;
   512)
     ENABLED_KYBER512=yes
     ;;
@@ -1109,6 +1436,26 @@ do
   1024)
     ENABLED_KYBER1024=yes
     ;;
+  make)
+    ENABLED_KYBER_MAKE_KEY=yes
+    ;;
+  encapsulate|enc)
+    ENABLED_KYBER_ENCAPSULATE=yes
+    ;;
+  decapsulate|dec)
+    ENABLED_KYBER_DECAPSULATE=yes
+    ;;
+  all)
+    ENABLED_KYBER_MAKE_KEY=yes
+    ENABLED_KYBER_ENCAPSULATE=yes
+    ENABLED_KYBER_DECAPSULATE=yes
+    ;;
+  original)
+    ENABLED_ORIGINAL=yes
+    ;;
+  ml-kem)
+    ENABLED_ML_KEM=yes
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
     break;;
@@ -1118,15 +1465,52 @@ done
 if test "$ENABLED_KYBER" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_KYBER"
+    # Use liboqs if specified.
+    if test "$ENABLED_LIBOQS" = "no"; then
+        ENABLED_WC_KYBER=yes
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER"
+    fi
 
-    if test "$ENABLED_KYBER512" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
+    if test "$ENABLED_ORIGINAL" = "yes"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_ORIGINAL"
+        if test "$ENABLED_KYBER512" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
+        fi
+        if test "$ENABLED_KYBER768" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
+        fi
+        if test "$ENABLED_KYBER1024" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
+        fi
+        if test "$ENABLED_ML_KEM" = "unset"; then
+            ENABLED_ML_KEM=no
+        fi
     fi
-    if test "$ENABLED_KYBER768" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
+    if test "$ENABLED_ML_KEM" = "unset"; then
+        ENABLED_ML_KEM=yes
     fi
-    if test "$ENABLED_KYBER1024" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
+    if test "$ENABLED_ML_KEM" = "yes"; then
+        if test "$ENABLED_KYBER512" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
+        fi
+        if test "$ENABLED_KYBER768" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
+        fi
+        if test "$ENABLED_KYBER1024" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
+        fi
+    else
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
+    fi
+    if test "$ENABLED_KYBER_MAKE_KEY" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_MAKE_KEY"
+    fi
+    if test "$ENABLED_KYBER_ENCAPSULATE" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_ENCAPSULATE"
+    fi
+    if test "$ENABLED_KYBER_DECAPSULATE" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_DECAPSULATE"
     fi
 
     if test "$ENABLED_WC_KYBER" = "yes"
@@ -1134,24 +1518,114 @@ then
         test "$enable_sha3" = "" && enable_sha3=yes
         test "$enable_shake128" = "" && enable_shake128=yes
         test "$enable_shake256" = "" && enable_shake256=yes
-    else
-        # Default is to use liboqs. Make sure its enabled.
-        if test "$ENABLED_LIBOQS" = "no"; then
-            AC_MSG_ERROR([The default implementation for kyber is liboqs.
-            Please use --with-liboqs.])
-        fi
     fi
 fi
 
+# Dilithium
+#  - SHA3, Shake128, Shake256 and AES-CTR
+AC_ARG_ENABLE([dilithium],
+    [AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (default: disabled)])],
+    [ ENABLED_DILITHIUM=$enableval ],
+    [ ENABLED_DILITHIUM=no ]
+    )
+
+ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM
+ENABLED_DILITHIUM_MAKE_KEY=no
+ENABLED_DILITHIUM_SIGN=no
+ENABLED_DILITHIUM_VERIFY=no
+for v in `echo $ENABLED_DILITHIUM_OPTS | tr "," " "`
+do
+  case $v in
+  yes)
+    ENABLED_MLDSA44=yes
+    ENABLED_MLDSA65=yes
+    ENABLED_MLDSA87=yes
+    ENABLED_DILITHIUM_MAKE_KEY=yes
+    ENABLED_DILITHIUM_SIGN=yes
+    ENABLED_DILITHIUM_VERIFY=yes
+    ;;
+  no)
+    ;;
+  all)
+    ENABLED_DILITHIUM_MAKE_KEY=yes
+    ENABLED_DILITHIUM_SIGN=yes
+    ENABLED_DILITHIUM_VERIFY=yes
+    ;;
+  make)
+    ENABLED_DILITHIUM_MAKE_KEY=yes
+    ;;
+  sign)
+    ENABLED_DILITHIUM_SIGN=yes
+    ;;
+  verify)
+    ENABLED_DILITHIUM_VERIFY=yes
+    ;;
+  verify-only)
+    ENABLED_DILITHIUM_MAKE_KEY=no
+    ENABLED_DILITHIUM_SIGN=no
+    ENABLED_DILITHIUM_VERIFY=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_VERIFY_ONLY"
+    ;;
+  small)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_SMALL"
+    ;;
+  44)
+    ENABLED_MLDSA44=yes
+    ;;
+  65)
+    ENABLED_MLDSA65=yes
+    ;;
+  87)
+    ENABLED_MLDSA87=yes
+    ;;
+  draft|fips204-draft)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT"
+    ;;
+  *)
+    AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
+    break;;
+  esac
+done
+
+if test "$ENABLED_DILITHIUM" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"
+
+    if test "$ENABLED_MLDSA44" = ""; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_44"
+    fi
+    if test "$ENABLED_MLDSA65" = ""; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_65"
+    fi
+    if test "$ENABLED_MLDSA87" = ""; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_87"
+    fi
+    if test "$ENABLED_DILITHIUM_MAKE_KEY" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_MAKE_KEY"
+    fi
+    if test "$ENABLED_DILITHIUM_SIGN" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_SIGN"
+    fi
+    if test "$ENABLED_DILITHIUM_VERIFY" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_VERIFY"
+    fi
+
+    if test "$ENABLED_LIBOQS" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_DILITHIUM"
+        test "$enable_sha3" = "" && enable_sha3=yes
+        test "$enable_shake128" = "" && enable_shake128=yes
+        test "$enable_shake256" = "" && enable_shake256=yes
+    fi
+fi
 
 # XMSS
+ENABLED_WC_XMSS=no
 AC_ARG_ENABLE([xmss],
     [AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
     [ ENABLED_XMSS=$enableval ],
     [ ENABLED_XMSS=no ]
     )
 
-ENABLED_WC_XMSS=no
 for v in `echo $ENABLED_XMSS | tr "," " "`
 do
   case $v in
@@ -1160,12 +1634,10 @@ do
   no)
     ;;
   verify-only)
-    XMSS_VERIFY_ONLY=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XMSS_VERIFY_ONLY -DXMSS_VERIFY_ONLY"
     ;;
-  wolfssl)
-    ENABLED_WC_XMSS=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS"
+  small)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS_SMALL"
     ;;
   *)
     AC_MSG_ERROR([Invalid choice for XMSS []: $ENABLED_XMSS.])
@@ -1173,27 +1645,14 @@ do
   esac
 done
 
-if test "$ENABLED_XMSS" != "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS"
-
-    if test "$ENABLED_WC_XMSS" = "no";
-    then
-        # Default is to use hash-sigs XMSS lib. Make sure it's enabled.
-        if test "$ENABLED_LIBXMSS" = "no"; then
-            AC_MSG_ERROR([The default implementation for XMSS is the xmss-reference lib.
-            Please use --with-libxmss.])
-        fi
-    fi
-fi
-
 # libxmss
 # Get the path to xmss-reference.
 ENABLED_LIBXMSS="no"
 trylibxmssdir=""
 AC_ARG_WITH([libxmss],
-    [AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. EXPERIMENTAL!])],
+    [AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])],
     [
+        AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ])
         AC_MSG_CHECKING([for libxmss])
 
         trylibxmssdir=$withval
@@ -1238,14 +1697,27 @@ AC_ARG_WITH([libxmss],
     [XMSS_ROOT=""]
 )
 
+if test "$ENABLED_XMSS" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS"
+
+    # Use hash-sigs XMSS lib if enabled.
+    if test "$ENABLED_LIBXMSS" = "yes"; then
+        ENABLED_WC_XMSS=no
+    else
+        ENABLED_WC_XMSS=yes
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS"
+    fi
+fi
+
 # LMS
+ENABLED_WC_LMS=no
 AC_ARG_ENABLE([lms],
     [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
     [ ENABLED_LMS=$enableval ],
     [ ENABLED_LMS=no ]
     )
 
-ENABLED_WC_LMS=no
 for v in `echo $ENABLED_LMS | tr "," " "`
 do
   case $v in
@@ -1254,12 +1726,16 @@ do
   no)
     ;;
   verify-only)
-    LMS_VERIFY_ONLY=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY"
     ;;
-  wolfssl)
-    ENABLED_WC_LMS=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
+  small)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL"
+    ;;
+  no-sha256-256)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_LMS_SHA256_256"
+    ;;
+  sha256-192)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192"
     ;;
   *)
     AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
@@ -1267,27 +1743,14 @@ do
   esac
 done
 
-if test "$ENABLED_LMS" != "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
-
-    if test "$ENABLED_WC_LMS" = "no";
-    then
-        # Default is to use hash-sigs LMS lib. Make sure it's enabled.
-        if test "$ENABLED_LIBLMS" = "no"; then
-            AC_MSG_ERROR([The default implementation for LMS is the hash-sigs LMS/HSS lib.
-            Please use --with-liblms.])
-        fi
-    fi
-fi
-
 # liblms
 # Get the path to the hash-sigs LMS HSS lib.
 ENABLED_LIBLMS="no"
 tryliblmsdir=""
 AC_ARG_WITH([liblms],
-    [AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) EXPERIMENTAL!])],
+    [AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])],
     [
+        AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ])
         AC_MSG_CHECKING([for liblms])
 
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <hss.h>]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ])
@@ -1348,6 +1811,19 @@ AC_ARG_WITH([liblms],
     ]
 )
 
+if test "$ENABLED_LMS" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
+
+    # Use hash-sigs LMS lib if enabled.
+    if test "$ENABLED_LIBLMS" = "yes"; then
+        ENABLED_WC_LMS=no
+    else
+        ENABLED_WC_LMS=yes
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
+    fi
+fi
+
 # SINGLE THREADED
 AC_ARG_ENABLE([singlethreaded],
     [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
@@ -1380,14 +1856,6 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_RWLOCK"
 fi
 
-# wolfCrypt Only Build
-AC_ARG_ENABLE([cryptonly],
-    [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
-    [ENABLED_CRYPTONLY=$enableval],
-    [ENABLED_CRYPTONLY=no])
-
-AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
-
 # ECH
 AC_ARG_ENABLE([ech],
     [AS_HELP_STRING([--enable-ech],[Enable ECH (default: disabled)])],
@@ -1602,6 +2070,7 @@ AC_ARG_ENABLE([mcast],
 # OpenLDAP (--enable-openldap)
 # hitch (--enable-hitch)
 # memcached (--enable-memcached)
+# Mosquitto (--enable-mosquitto) HAVE_MOSQUITTO
 
 # Bind DNS compatibility Build
 AC_ARG_ENABLE([bind],
@@ -1665,12 +2134,25 @@ AC_ARG_ENABLE([openldap],
     [ ENABLED_OPENLDAP=no ]
     )
 
+# Mosquitto support
+AC_ARG_ENABLE([mosquitto],
+    [AS_HELP_STRING([--enable-mosquitto],[Enable Mosquitto support (default: disabled)])],
+    [ ENABLED_MOSQUITTO=$enableval ],
+    [ ENABLED_MOSQUITTO=no ]
+    )
+
+if test "x$ENABLED_MOSQUITTO" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_MOSQUITTO"
+fi
+
 # lighty Support
 AC_ARG_ENABLE([lighty],
     [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
     [ ENABLED_LIGHTY=$enableval ],
     [ ENABLED_LIGHTY=no ]
     )
+
 # rsyslog Support
 AC_ARG_ENABLE([rsyslog],
     [AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])],
@@ -1758,7 +2240,7 @@ AC_ARG_ENABLE([ffmpeg],
     )
 
 
-#IP alternative name Support
+# IP alternative name Support
 AC_ARG_ENABLE([ip-alt-name],
     [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
     [ ENABLE_IP_ALT_NAME=$enableval ],
@@ -1770,7 +2252,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
 fi
 
-#Qt Support
+# QT Support
 AC_ARG_ENABLE([qt],
     [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
     [ ENABLED_QT=$enableval ],
@@ -1828,9 +2310,9 @@ AC_ARG_ENABLE([opensslcoexist],
 
 if test "x$ENABLED_OPENSSLCOEXIST" = "xyes" || test "$ENABLED_WOLFENGINE" = "yes"
 then
-    # make sure old names are disabled
-    enable_oldnames=no
-
+    # make sure old names are disabled (except RNG)
+    AM_CFLAGS="$AM_CFLAGS -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
+    AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
     AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
 fi
 
@@ -1930,14 +2412,14 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
    test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
    test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
    test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || test "$ENABLED_HITCH" = "yes"
 then
     ENABLED_OPENSSLALL="yes"
 fi
 
 # OPENSSL Extra Compatibility
 AC_ARG_ENABLE([opensslextra],
-    [AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
+    [AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled). Skip compat header install using "noinstall"])],
     [ ENABLED_OPENSSLEXTRA=$enableval ],
     [ ENABLED_OPENSSLEXTRA=no ]
     )
@@ -1996,6 +2478,16 @@ else
     AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN -DWC_NO_CACHE_RESISTANT"
 fi
 
+# Fault protection hardening
+AC_ARG_ENABLE([faultharden],
+    [AS_HELP_STRING([--enable-faultharden],[Enable Fault Hardened build (default: disabled)])],
+    [ENABLED_FAULTHARDEN=$enableval],
+    [ENABLED_FAULTHARDEN=no])
+
+if test "$ENABLED_FAULTHARDEN" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_SIG_FAULTS -DWOLFSSL_CHECK_VER_FAULTS"
+fi
 
 # IPv6 Test Apps
 AC_ARG_ENABLE([ipv6],
@@ -2059,21 +2551,6 @@ then
     DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 fi
 
-# lean psk build
-AC_ARG_ENABLE([leanpsk],
-    [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
-    [ ENABLED_LEANPSK=$enableval ],
-    [ ENABLED_LEANPSK=no ]
-    )
-
-if test "$ENABLED_LEANPSK" = "yes"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
-    ENABLED_SLOWMATH="no"
-    ENABLED_SINGLETHREADED="yes"
-    enable_lowresource=yes
-fi
-
 
 # lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
 AC_ARG_ENABLE([leantls],
@@ -2306,7 +2783,7 @@ AC_ARG_WITH([se050],
     [
         AC_MSG_CHECKING([for SE050])
 
-        LIBS="$LIBS -lSSS_APIs"
+        LIBS="$LIBS -lSSS_APIs -lex_common"
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ])
 
         if test "x$libse050_linked" = "xno" ; then
@@ -2604,8 +3081,9 @@ then
 fi
 
 
+ENABLED_ARMASM_CRYPTO="unknown"
 ENABLED_ARMASM_INLINE="no"
-ENABLED_ARMASM_SHA3="no"
+ENABLED_ARMASM_SHA3="unknown"
 ENABLED_ARMASM_CRYPTO_SM4="no"
 # ARM Assembly
 # Both SHA3 and SHA512 instructions available with ARMV8.2-a
@@ -2625,6 +3103,9 @@ then
         inline)
             ENABLED_ARMASM_INLINE=yes
             ;;
+        no-crypto)
+            ENABLED_ARMASM_CRYPTO=no
+            ;;
         sha512-crypto | sha3-crypto)
             case $host_cpu in
             *aarch64*)
@@ -2636,6 +3117,16 @@ then
             ENABLED_ARMASM_SHA3=yes
             ENABLED_ARMASM_PLUS=yes
             ;;
+        no-sha512-crypto | no-sha3-crypto)
+            case $host_cpu in
+            *aarch64*)
+                ;;
+            *)
+                AC_MSG_ERROR([SHA512/SHA3 instructions only available on Aarch64 CPU.])
+                break;;
+            esac
+            ENABLED_ARMASM_SHA3=no
+            ;;
         sm4)
             case $host_cpu in
             *aarch64*)
@@ -2680,8 +3171,10 @@ then
         *aarch64*)
             case $host_os in
             *darwin*)
-                # All known Aarch64 Mac computers support SHA-512 instructions
-                ENABLED_ARMASM_SHA3=yes
+                # Turn it on unless explicitly turned off.
+                if test "$ENABLED_ARMASM_SHA3" = "unknown"; then
+                    ENABLED_ARMASM_SHA3="yes"
+                fi
                 ;;
             *)
                 # +crypto needed for hardware acceleration
@@ -2694,14 +3187,17 @@ then
                         AM_CPPFLAGS="$AM_CPPFLAGS+sm4"
                     fi
                 else
-                    AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
+                    AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto -DWOLFSSL_AARCH64_NO_SQRDMLSH"
                 fi
                 ;;
             esac
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
-            ENABLED_ARMASM_CRYPTO=yes
+            if test "$ENABLED_ARMASM_CRYPTO" = "unknown"; then
+                ENABLED_ARMASM_CRYPTO=yes
+            fi
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_64=yes
 
             # Check for and set -mstrict-align compiler flag
             # Used to set assumption that Aarch64 systems will not handle
@@ -2720,24 +3216,44 @@ then
             esac
             AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto])
             ;;
-        armv7a*)
+        armv7a* | armv7l*)
             AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon])
+            if test "$ENABLED_FIPS" != "no" ||
+                test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
+            then
+                # Use inline ASM with FIPS because of known "issue" with the
+                # assembly code
+                ENABLED_ARMASM_INLINE=yes
+                AC_MSG_NOTICE([32bit ARMv7-a found, setting inline for FIPS])
+            fi
             ;;
         armv7m*)
             # QEMU doesn't work with armv7-m
-            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
+            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_THUMB=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv7-m found])
+            if test "$ENABLED_FIPS" != "no" ||
+                test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
+            then
+                # Use inline ASM with FIPS because of known "issue" with the
+                # assembly code
+                ENABLED_ARMASM_INLINE=yes
+                AC_MSG_NOTICE([32bit ARMv7-m found, setting inline for FIPS])
+            fi
             ;;
         armv6*)
             AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=6"
@@ -2745,6 +3261,7 @@ then
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv6 found])
             ;;
         armv4*)
@@ -2753,6 +3270,7 @@ then
             ENABLED_ARMASM_CRYPTO=no
             ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv4 found])
             ;;
         *)
@@ -2761,6 +3279,7 @@ then
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=yes
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
             ;;
         esac
@@ -2771,12 +3290,18 @@ if test "$ENABLED_ARMASM_SHA3" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
 fi
+if test "$ENABLED_ARMASM_SHA3" = "unknown"; then
+    ENABLED_ARMASM_SHA3="no"
+fi
 if test "$ENABLED_ARMASM_SM3" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM3"
 fi
 if test "$ENABLED_ARMASM_SM4" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM4"
 fi
+if test "$ENABLED_ARMASM_CRYPTO" = "unknown"; then
+    ENABLED_ARMASM_CRYPTO=no
+fi
 if test "$ENABLED_ARMASM_CRYPTO" = "no"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_NO_HW_CRYPTO"
 fi
@@ -2789,6 +3314,84 @@ if test "$ENABLED_ARMASM_INLINE" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_INLINE"
 fi
 
+# RISC-V Assembly
+AC_ARG_ENABLE([riscv-asm],
+    [AS_HELP_STRING([--enable-riscv-asm],[Enable wolfSSL RISC-V ASM support (default: disabled).])],
+    [ ENABLED_RISCV_ASM=$enableval ],
+    [ ENABLED_RISCV_ASM=no ]
+    )
+if test "$ENABLED_RISCV_ASM" != "no" && test "$ENABLED_ASM" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_ASM"
+    ENABLED_AESGCM_STREAM=no # not yet implemented
+    AC_MSG_NOTICE([64bit RISC-V assembly for AES])
+fi
+
+ENABLED_RISCV_ASM_OPTS=$ENABLED_RISCV_ASM
+for v in `echo $ENABLED_RISCV_ASM_OPTS | tr "," " "`
+do
+  case $v in
+  yes)
+    ;;
+  no)
+    ;;
+  zbb)
+    # REV8
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION"
+    ;;
+  zbc|zbkc)
+    # CLMUL, CLMULH
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_CARRYLESS"
+    ;;
+  zbkb)
+    # PACK, REV8
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION"
+    ;;
+  zbt)
+    # FSL, FSR, FSRI, CMOV, CMIX - QEMU doesn't know about these instructions
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION_TERNARY"
+    ;;
+  zkn|zkned)
+    # AES encrypt/decrpyt, SHA-2
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM"
+    ;;
+  zv)
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR"
+    ;;
+  zvbb|zvkb)
+    # VBREV8
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION"
+    ;;
+  zvbc)
+    # VCLMUL, VCLMULH
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CARRYLESS"
+    ;;
+  zvkg)
+    # VGMUL, VHHSH
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_GCM"
+    ;;
+  zvkned)
+    # Vector AES, SHA-2
+    ENABLED_RISCV_ASM=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CRYPTO_ASM"
+    ;;
+  *)
+    AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zv,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.])
+    break
+    ;;
+  esac
+done
+
+
 # Xilinx hardened crypto
 AC_ARG_ENABLE([xilinx],
     [AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
@@ -2906,7 +3509,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
         if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
         then
-                AM_CFLAGS="$AM_CFLAGS -DWC_AES_C_DYNAMIC_FALLBACK"
+                AM_CFLAGS="$AM_CFLAGS -DWC_C_DYNAMIC_FALLBACK"
         fi
         if test "$CC" != "icc"
         then
@@ -3250,11 +3853,6 @@ AC_ARG_ENABLE([nullcipher],
     [ ENABLED_NULL_CIPHER=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes"
-then
-    ENABLED_NULL_CIPHER="yes"
-fi
-
 if test "$ENABLED_NULL_CIPHER" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
@@ -3331,7 +3929,8 @@ fi
 
 # set sha3 default
 SHA3_DEFAULT=no
-if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64") && test "$ENABLED_32BIT" = "no"
+if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" ||
+    test "$host_cpu" = "amd64")
 then
     if test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -ge 2
     then
@@ -3373,7 +3972,7 @@ AC_ARG_ENABLE([sha512],
     )
 
 # options that don't require sha512
-if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
+if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes"
 then
     ENABLED_SHA512="no"
 fi
@@ -3399,7 +3998,7 @@ AC_ARG_ENABLE([sha384],
     )
 
 # options that don't require sha384
-if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
+if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes"
 then
     ENABLED_SHA384="no"
 fi
@@ -3440,7 +4039,7 @@ AC_ARG_ENABLE([sessioncerts],
 
 if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
    test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
-   test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes"
+   test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_SESSIONCERTS=yes
 fi
@@ -3457,7 +4056,7 @@ fi
 
 # KEY GENERATION
 AC_ARG_ENABLE([keygen],
-    [AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])],
+    [AS_HELP_STRING([--enable-keygen],[Enable key generation (only applies to RSA key generation) (default: disabled)])],
     [ ENABLED_KEYGEN=$enableval ],
     [ ENABLED_KEYGEN=no ]
     )
@@ -3470,6 +4069,12 @@ then
     ENABLED_KEYGEN=yes
 fi
 
+# ATTRIBUTE CERTIFICATES
+AC_ARG_ENABLE([acert],
+    [AS_HELP_STRING([--enable-acert],[Enable attribute certificate support (default: disabled)])],
+    [ ENABLED_ACERT=$enableval ],
+    [ ENABLED_ACERT=no ]
+    )
 
 # CERT GENERATION
 AC_ARG_ENABLE([certgen],
@@ -3580,15 +4185,6 @@ AC_ARG_ENABLE([srtp-kdf],
     [ ENABLED_SRTP_KDF=$enableval ],
     [ ENABLED_SRTP_KDF=no ]
     )
-if test "$ENABLED_SRTP" = "yes"
-then
-  ENABLED_SRTP_KDF="yes"
-fi
-if test "$ENABLED_SRTP_KDF" = "yes"
-then
-  AM_CFLAGS="$AM_CFLAGS -DWC_SRTP_KDF -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT"
-fi
-
 
 # DSA
 AC_ARG_ENABLE([dsa],
@@ -3690,36 +4286,20 @@ then
     ENABLED_ECCCUSTCURVES="all"
 fi
 
-if test "$ENABLED_ECCCUSTCURVES" != "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
-
-    # For distro, all or ecccustcurves=all builds, enable all curve types
-    if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
-    then
-        # Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
-
-        # Enable ECC Cofactor support
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
-
-        # If fastmath enabled and on x86 use speedups
-        if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" -o "$host_cpu" = "amd64"
-        then
-            AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
-        fi
-    fi
-fi
-
 # ECC Minimum Key Size
-ENABLED_ECCMINSZ=224
 AC_ARG_WITH([eccminsz],
-    [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])],
+    [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits non-FIPS / 192 bits with FIPS)])],
+    [ ENABLED_ECCMINSZ=$withval ],
     [
-        ENABLED_ECCMINSZ=$withval
-        AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval"
+        if test "x$ENABLED_FIPS" = "xno"
+        then
+            ENABLED_ECCMINSZ=224
+        else
+            ENABLED_ECCMINSZ=192
+        fi
     ]
 )
+AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$ENABLED_ECCMINSZ"
 
 # Compressed Key
 AC_ARG_ENABLE([compkey],
@@ -3728,7 +4308,8 @@ AC_ARG_ENABLE([compkey],
     [ ENABLED_COMPKEY=no ]
     )
 
-if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes"
+if (test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes") &&
+   (test "$HAVE_FIPS_VERSION" != "5")
 then
     ENABLED_COMPKEY=yes
 fi
@@ -3794,6 +4375,17 @@ then
         ENABLED_CURVE25519=yes
     fi
 
+    if test "$ENABLED_CURVE25519" = "noasm"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
+    fi
+
+    if test "$ENABLED_CURVE25519" = "yes" && test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+    then
+        ENABLED_CURVE25519=noasm
+        AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
+    fi
+
     AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
     AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519"
     ENABLED_FEMATH=yes
@@ -3830,25 +4422,6 @@ AC_ARG_ENABLE([curve448],
     [ ENABLED_CURVE448=no ]
     )
 
-if test "$ENABLED_CURVE448" != "no"
-then
-    if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL"
-        ENABLED_CURVE448_SMALL=yes
-        ENABLED_CURVE448=yes
-    fi
-
-    if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT"
-        ENABLED_CURVE448=yes
-    fi
-
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"
-    ENABLED_FE448=yes
-fi
-
 # ED448
 AC_ARG_ENABLE([ed448],
     [AS_HELP_STRING([--enable-ed448],[Enable ED448 (default: disabled)])],
@@ -3861,50 +4434,6 @@ AC_ARG_ENABLE([ed448-stream],
     [ ENABLED_ED448_STREAM=no ]
     )
 
-if test "$ENABLED_ED448" != "no" && test "$ENABLED_32BIT" = "no"
-then
-    if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DED448_SMALL"
-        ENABLED_ED448_SMALL=yes
-        ENABLED_CURVE448_SMALL=yes
-        ENABLED_ED448=yes
-    fi
-
-    if test "$ENABLED_SHA512" = "no"
-    then
-        AC_MSG_ERROR([cannot enable ed448 without enabling sha512.])
-    fi
-    if test "$HAVE_FIPS_VERSION" = 2
-    then
-        AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode])
-    fi
-    ENABLED_FE448=yes
-    ENABLED_GE448=yes
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448"
-
-    # EdDSA448 requires SHAKE256 which requires SHA-3
-    if test "$ENABLED_SHA3" = "no"
-    then
-        ENABLED_SHA3=yes
-    fi
-    ENABLED_SHAKE256=yes
-
-    ENABLED_CERTS=yes
-fi
-
-if test "$ENABLED_ED448_STREAM" != "no"
-then
-    if test "$ENABLED_ED448" = "no"
-    then
-        AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled])
-    else
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
-        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
-    fi
-fi
-
-
 # FP ECC, Fixed Point cache ECC
 AC_ARG_ENABLE([fpecc],
     [AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
@@ -4001,6 +4530,11 @@ AC_ARG_ENABLE([psk],
     [ ENABLED_PSK=no ]
     )
 
+if test "x$ENABLED_MOSQUITTO" = "xyes"
+then
+    ENABLED_PSK=yes
+fi
+
 # Single PSK identity
 AC_ARG_ENABLE([psk-one-id],
     [AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
@@ -4145,7 +4679,7 @@ fi
 
 if test "$ENABLED_STACKSIZE" = "verbose"
 then
-    if test "$thread_ls_on" != "yes"
+    if test "$thread_ls_on" != "yes" && test "x$ENABLED_SINGLETHREADED" = "xno"
     then
         AC_MSG_ERROR(stacksize-verbose needs thread-local storage.)
     fi
@@ -4283,6 +4817,11 @@ fi
 if test "$ENABLED_WOLFSENTRY" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
+    if test "$ENABLED_OPENSSLEXTRA" = "no"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
+    fi
     WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry"
 fi
 
@@ -4494,45 +5033,6 @@ then
 fi
 
 
-# ASN
-# turn off asn, which means no certs, no rsa, no dsa, no ecc,
-# and no big int (unless dh is on)
-AC_ARG_ENABLE([asn],
-    [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
-    [ ENABLED_ASN=$enableval ],
-    [ ENABLED_ASN=yes ]
-    )
-
-if test "$ENABLED_ASN" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
-    enable_pwdbased=no
-else
-    if test "$ENABLED_ASN" = "template"; then
-        ENABLED_ASN="yes"
-    fi
-    if test "$ENABLED_ASN" = "yes"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
-    else
-        if test "$ENABLED_ASN" != "original"; then
-            AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
-        fi
-    fi
-
-    # turn off ASN if leanpsk on
-    if test "$ENABLED_LEANPSK" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
-        ENABLED_ASN=no
-    else
-        if test "$ENABLED_ASN" = "nocrypt"
-        then
-            AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
-            enable_pwdbased=no
-        fi
-    fi
-fi
-
 if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
    test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
 then
@@ -4544,11 +5044,6 @@ then
     AC_MSG_ERROR([please disable dsa if disabling asn.])
 fi
 
-if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno"
-then
-    AC_MSG_ERROR([please disable ecc if disabling asn.])
-fi
-
 # No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint)
 if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
    test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \
@@ -4656,10 +5151,6 @@ AC_ARG_ENABLE([dtlscid],
     )
 if test "x$ENABLED_DTLS_CID" = "xyes"
 then
-        if test "x$ENABLED_DTLS13" != "xyes"
-        then
-                AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ConnectionID])
-        fi
   AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CID"
 fi
 
@@ -4759,6 +5250,13 @@ then
     ENABLED_DES3="yes"
 fi
 
+# DES3 TLS suites
+AC_ARG_ENABLE([des3-tls-suites],
+    [AS_HELP_STRING([--enable-des3-tls-suites],[Enable DES3 TLS cipher suites (default: disabled)])],
+    [ ENABLED_DES3_TLS_SUITES=$enableval ],
+    [ ENABLED_DES3_TLS_SUITES=no ]
+    )
+
 # ARC4
 if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
    test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes"
@@ -4832,18 +5330,28 @@ AS_IF([test "x$ENABLED_CMAC" = "xyes"],
 
 
 # AES-XTS
-AC_ARG_ENABLE([xts],
-    [AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])],
-    [ ENABLED_XTS=$enableval ],
-    [ ENABLED_XTS=no ]
+AC_ARG_ENABLE([aesxts],
+    [AS_HELP_STRING([--enable-aesxts],[Enable AES XTS (default: disabled)])],
+    [ ENABLED_AESXTS=$enableval ],
+    [ ENABLED_AESXTS=no ]
     )
 
-AS_IF([test "x$ENABLED_XTS" = "xyes"],
-      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
-AS_IF([test "x$ENABLED_XTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
-      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
-AS_IF([test "x$ENABLED_XTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
-      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+AS_IF([test "$ENABLED_AESXTS" = "yes" && test "$ENABLED_ARMASM" = "no"],
+    [ ENABLED_AESXTS_STREAM_DEFAULT=yes ],
+    [ ENABLED_AESXTS_STREAM_DEFAULT=no ]
+    )
+
+AC_ARG_ENABLE([aesxts-stream],
+    [AS_HELP_STRING([--enable-aesxts-stream],[Enable wolfSSL AES-XTS support with streaming APIs (default: disabled)])],
+    [ ENABLED_AESXTS_STREAM=$enableval ],
+    [ ENABLED_AESXTS_STREAM=$ENABLED_AESXTS_STREAM_DEFAULT ]
+    )
+
+# legacy old option name, for compatibility:
+AC_ARG_ENABLE([xts],
+    [AS_HELP_STRING([--enable-xts],[Please use --enable-aesxts])],
+    [ ENABLED_AESXTS=$enableval ]
+    )
 
 # Web Server Build
 AC_ARG_ENABLE([webserver],
@@ -4881,15 +5389,251 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWC_RC2"
 fi
 
+# CUDA
+AC_ARG_ENABLE([cuda],
+    [AS_HELP_STRING([--enable-cuda],[Enable NVidia CUDA support (default: disabled)])],
+    [ ENABLED_CUDA=$enableval ],
+    [ ENABLED_CUDA=no ]
+    )
+
+if test "$ENABLED_CUDA" = "yes"
+then
+    CC=nvcc
+    AM_CFLAGS="$AM_CFLAGS -DWC_CUDA -DHAVE_CUDA"
+fi
+
+# Certificate Service Support (CFLAG sections later) keep above FIPS section
+AC_ARG_ENABLE([certservice],
+    [AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
+    [ ENABLED_CERT_SERVICE=$enableval ],
+    [ ENABLED_CERT_SERVICE=no ]
+    )
+
+# PWDBASED (CFLAG sections later) keep above FIPS section
+AC_ARG_ENABLE([pwdbased],
+    [AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
+    [ ENABLED_PWDBASED=$enableval ],
+    [ ENABLED_PWDBASED=no ]
+    )
+
+# MemUse Entropy
+# wolfEntropy Software Jitter SP800-90B certifiable entropy source
+AC_ARG_ENABLE([wolfEntropy],
+    [AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])],
+    [ ENABLED_ENTROPY_MEMUSE=$enableval ],
+    [ ENABLED_ENTROPY_MEMUSE=no ]
+    )
+AC_ARG_ENABLE([entropy-memuse],
+    [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
+    [ ENABLED_ENTROPY_MEMUSE=$enableval ]
+    )
+
+# AES key wrap
+AC_ARG_ENABLE([aeskeywrap],
+    [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
+    [ ENABLED_AESKEYWRAP=$enableval ],
+    [ ENABLED_AESKEYWRAP=no ]
+    )
 
 # FIPS feature and macro setup
+
+AS_IF([test "$FIPS_VERSION" = "dev"],
+    [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
+AS_IF([test "$FIPS_VERSION" = "ready"],
+    [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
+
 AS_CASE([$FIPS_VERSION],
-    [v5*|ready|dev], [ # FIPS 140-3
+    [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF
+        AM_CFLAGS="$AM_CFLAGS \
+            -DHAVE_FIPS \
+            -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
+            -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
+            -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
+            -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
+            -DHAVE_ECC_CDH \
+            -DWC_RSA_NO_PADDING \
+            -DECC_USER_CURVES \
+            -DHAVE_ECC384 \
+            -DHAVE_ECC521 \
+            -DWOLFSSL_VALIDATE_FFC_IMPORT \
+            -DHAVE_FFDHE_Q \
+            -DHAVE_FFDHE_3072 \
+            -DHAVE_FFDHE_4096 \
+            -DHAVE_FFDHE_6144 \
+            -DHAVE_FFDHE_8192"
+
+        # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback
+        AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
+            [AM_CFLAGS="$AM_CFLAGS \
+                -DWC_RNG_SEED_CB \
+                -DWOLFSSL_ECDSA_SET_K \
+                -DWOLFSSL_VALIDATE_ECC_IMPORT \
+                -DWOLFSSL_VALIDATE_ECC_KEYGEN \
+                -DHAVE_ECC192 \
+                -DHAVE_ECC224 \
+                -DHAVE_ECC256"])
+
+        DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
+# optimizations section
+
+# protocol section
+        AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
+            [enable_ssh="yes"])
+
+        AS_IF([test "$ENABLED_HKDF" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")],
+            [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
+
+        AS_IF([test "x$ENABLED_PWDBASED" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_pwdbased" != "no")],
+            [ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2 -DHAVE_AESGCM"])
+
+        AS_IF([test "x$ENABLED_SRTP" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_srtp" != "no")],
+            [ENABLED_SRTP="yes"])
+        AS_IF([test "x$ENABLED_SRTP_KDF" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_srtp_kdf" != "no")],
+            [ENABLED_SRTP_KDF="yes"])
+
+# public key section
+        AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
+            [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
+
+#        AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
+#               (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
+#            [ENABLED_COMPKEY="yes"])
+
+        AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
+            [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
+
+        AS_IF([test "$ENABLED_ECC" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")],
+            [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
+             AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes"],
+                 [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
+
+        AS_IF([test "x$ENABLED_ED25519" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed25519" != "no")],
+            [ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"])
+        AS_IF([test "$ENABLED_CURVE25519" = "no" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_curve25519" != "no")],
+            [ENABLED_CURVE25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"])
+
+        AS_IF([test "x$ENABLED_ED448" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed448" != "no")],
+            [ENABLED_ED448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT"])
+        AS_IF([test "x$ENABLED_CURVE448" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_curve448" != "no")],
+            [ENABLED_CURVE448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"])
+
+        AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed25519_stream" != "no")],
+            [ENABLED_ED25519_STREAM="yes"])
+        AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_ed448_stream" != "no")],
+            [ENABLED_ED448_STREAM="yes"])
+
+        AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" &&
+               test "$FIPS_VERSION" != "dev"],
+            [AC_MSG_WARN([Forcing off ecccustcurves for FIPS ${FIPS_VERSION}.])
+             ENABLED_ECCCUSTCURVES="no"])
+
+# Hashing section
+        AS_IF([test "x$ENABLED_SHA3" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_sha3" != "no")],
+            [ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
+
+        AS_IF([test "$ENABLED_SHA224" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
+            [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
+
+        AS_IF([test "$ENABLED_SHA512" = "no" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")],
+            [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
+
+        # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
+
+        # Shake128 because we're testing SHAKE256
+        AS_IF([test "x$ENABLED_SHAKE128" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "no")],
+            [ENABLED_SHAKE128="yes"])
+
+        # Shake256 mandated for ED448
+        AS_IF([test "x$ENABLED_SHAKE256" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "no")],
+            [ENABLED_SHAKE256="yes"])
+
+# Aes section
+        AS_IF([test "$ENABLED_AESCCM" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")],
+            [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
+
+        AS_IF([test "$ENABLED_AESCTR" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")],
+            [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
+
+        AS_IF([test "$ENABLED_CMAC" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")],
+            [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
+
+        AS_IF([test "$ENABLED_AESGCM" = "no" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
+            [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
+
+        # AES-GCM streaming is part of the v6 FIPS suite, but isn't implemented
+        # for armasm on arm-v7 or earlier (see armasm setup above).
+        AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no") &&
+               ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")],
+            [ENABLED_AESGCM_STREAM="yes"])
+
+        AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")],
+            [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])
+
+        AS_IF([test "x$ENABLED_AESCFB" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aescfb" != "no")],
+            [ENABLED_AESCFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"])
+
+        AS_IF([test "x$ENABLED_AESXTS" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "no")],
+            [ENABLED_AESXTS="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS"])
+        AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
+            [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+
+        AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no") &&
+               ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")],
+            [ENABLED_AESXTS_STREAM="yes"])
+
+        AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
+               (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
+               (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
+               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
+            [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
+
+        AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aeskeywrap" != "no")],
+            [ENABLED_AESKEYWRAP="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP"])
+
+# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
+        AS_IF([test "$ENABLED_OLD_TLS" != "no"],
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+
+    ],
+    [v5*], [ # FIPS 140-3
 
         AM_CFLAGS="$AM_CFLAGS \
             -DHAVE_FIPS \
             -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
+            -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
             -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
+            -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
             -DHAVE_ECC_CDH \
             -DWC_RSA_NO_PADDING \
             -DECC_USER_CURVES \
@@ -4917,74 +5661,116 @@ AS_CASE([$FIPS_VERSION],
 
         # force various features to FIPS 140-3 defaults, unless overridden with dev:
 
-        AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
+        AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
             [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
-        AS_IF([test "$ENABLED_COMPKEY" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
-            [ENABLED_COMPKEY="no"])
+        AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_compkey" = "yes")],
+            [AC_MSG_WARN([Forcing off compkey for FIPS ${FIPS_VERSION}.])
+             ENABLED_COMPKEY="no"])
 
-        AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
+        AS_IF([test "$ENABLED_SHA224" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
             [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
 
-        AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
+        AS_IF([test "$ENABLED_SHA3" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha3" != "no")],
+            [ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
+
+        AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")],
             [enable_ssh="yes"])
 
-        # Shake128 is a SHA-3 algorithm not in our FIPS algorithm list
-        AS_IF([test "$ENABLED_SHAKE128" != "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "yes")],
-            [ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
+        # Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list
+        AS_IF([test "$ENABLED_SHAKE128" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake128" = "yes")],
+            [AC_MSG_WARN([Forcing off shake128 for FIPS ${FIPS_VERSION}.])
+             ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
 
-        # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
-        AS_IF([test "$ENABLED_SHAKE256" != "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "yes")],
-            [ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
+        # Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list
+        AS_IF([test "$ENABLED_SHAKE256" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake256" = "yes")],
+            [AC_MSG_WARN([Forcing off shake256 for FIPS ${FIPS_VERSION}.])
+             ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
 
-        # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
+        # SHA512-224 and SHA512-256 are SHA-2 algorithms outside the v5 FIPS algorithm list
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
 
-        AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")],
+        AS_IF([test "$ENABLED_AESCCM" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")],
             [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
 
-        AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
+        AS_IF([test "$ENABLED_AESXTS" = "yes" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesxts" = "yes")],
+            [AC_MSG_WARN([Forcing off aesxts for FIPS ${FIPS_VERSION}.])
+             ENABLED_AESXTS="no"])
+
+        AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
             [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
 
-        AS_IF([test "$ENABLED_ECC" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")],
+        AS_IF([test "$ENABLED_ECC" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")],
             [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
-             AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_eccshamir" != "no")],
+             AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" &&
+                    (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")],
                  [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
 
-        AS_IF([test "$ENABLED_AESCTR" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")],
+        AS_IF([test "$ENABLED_AESCTR" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")],
             [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
 
-        AS_IF([test "$ENABLED_CMAC" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")],
+        AS_IF([test "$ENABLED_CMAC" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")],
             [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
 
-        AS_IF([test "$ENABLED_HKDF" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")],
+        AS_IF([test "$ENABLED_HKDF" != "yes" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")],
             [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
 
         AS_IF([test "$ENABLED_INTELASM" = "yes"],
             [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
 
-        AS_IF([test "$ENABLED_SHA512" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")],
+        AS_IF([test "$ENABLED_SHA512" = "no" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
 
-        AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
+        AS_IF([test "$ENABLED_AESGCM" = "no" &&
+               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
 
-        # AES-GCM streaming isn't part of the current FIPS suite.
-        AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "yes")],
-            [ENABLED_AESGCM_STREAM="no"])
+        # AES-GCM streaming isn't part of the v5 FIPS suite.
+        AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesgcm_stream" = "yes")],
+            [AC_MSG_WARN([Forcing off aesgcm-stream for FIPS ${FIPS_VERSION}.])
+             ENABLED_AESGCM_STREAM="no"])
 
         # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
         AS_IF([test "$ENABLED_OLD_TLS" != "no"],
-            [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
 
         AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
-            [AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")],
+            [AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
+                    (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
                 [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
 
+        AS_IF([test "$ENABLED_SRTP" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp" = "yes")],
+            [AC_MSG_WARN([Forcing off srtp for FIPS ${FIPS_VERSION}.])
+             ENABLED_SRTP="no"])
+
+        AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp_kdf" = "yes")],
+            [AC_MSG_WARN([Forcing off srtp-kdf for FIPS ${FIPS_VERSION}.])
+             ENABLED_SRTP_KDF="no"])
+
         AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
                (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
                (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
-               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
+               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes") ||
+               (test "$ENABLED_AESXTS" = "yes" && test "$HAVE_AESXTS_PORT" != "yes")],
             [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
     ],
 
@@ -4992,7 +5778,9 @@ AS_CASE([$FIPS_VERSION],
         AM_CFLAGS="$AM_CFLAGS \
             -DHAVE_FIPS \
             -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
+            -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
             -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
+            -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
             -DWOLFSSL_KEY_GEN \
             -DWOLFSSL_SHA224 \
             -DWOLFSSL_AES_DIRECT \
@@ -5043,11 +5831,22 @@ AS_CASE([$FIPS_VERSION],
     ],
 
     ["rand"],[
-        AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR"
+        AM_CFLAGS="$AM_CFLAGS \
+            -DWOLFCRYPT_FIPS_RAND \
+            -DHAVE_FIPS \
+            -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
+            -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
+            -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
+            -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH"
     ],
 
     ["v1"],[ # FIPS 140-2, Cert 2425
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
+        AM_CFLAGS="$AM_CFLAGS \
+            -DHAVE_FIPS \
+            -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
+            -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
+            -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
+            -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH"
         AS_IF([test "x$ENABLED_SHA512" = "xno"],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
         AS_IF([test "x$ENABLED_AESGCM" = "xno"],
@@ -5058,7 +5857,7 @@ AS_CASE([$FIPS_VERSION],
 AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno" && test "$ENABLE_LINUXKM" = "no"],
     [AC_MSG_ERROR([FIPS requires Thread Local Storage])])
 
-AS_IF([(test "$ENABLED_NULL_CIPHER" = "yes" || test "$ENABLED_LEANPSK" = "yes") && test "$ENABLED_FIPS" != "no" && test "$FIPS_VERSION" != "dev"],
+AS_IF([(test "$ENABLED_NULL_CIPHER" = "yes" || test "$ENABLED_LEANPSK" = "yes") && test "$ENABLED_FIPS" != "no" && test "$FIPS_VERSION" != "dev" && test "$FIPS_VERSION" != "v5-dev"],
     [AC_MSG_ERROR([FIPS is incompatible with nullcipher])])
 
 # SELFTEST
@@ -5089,38 +5888,143 @@ AS_CASE([$SELFTEST_VERSION],
         AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE"
     ])
 
+AS_IF([test "x$ENABLED_AESXTS" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
+AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
+      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
+      [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+
+# ECC Custom Curves
+if test "$ENABLED_ECCCUSTCURVES" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
+
+    # For distro, all or ecccustcurves=all builds, enable all curve types
+    if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
+    then
+        # Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
+
+        # Enable ECC Cofactor support
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
+
+        # If fastmath enabled and on x86 use speedups
+        if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" -o "$host_cpu" = "amd64"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
+        fi
+    fi
+fi
+
+# Curve448
+if test "$ENABLED_CURVE448" != "no"
+then
+    if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL"
+        ENABLED_CURVE448_SMALL=yes
+        ENABLED_CURVE448=yes
+    fi
+
+    if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT"
+        ENABLED_CURVE448=yes
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"
+    ENABLED_FE448=yes
+fi
+
+# Ed448
+if test "$ENABLED_ED448" != "no"
+then
+    if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DED448_SMALL"
+        ENABLED_ED448_SMALL=yes
+        ENABLED_CURVE448_SMALL=yes
+        ENABLED_ED448=yes
+    fi
+
+    if test "$ENABLED_SHA512" = "no"
+    then
+        AC_MSG_ERROR([cannot enable ed448 without enabling sha512.])
+    fi
+    if test "x$HAVE_FIPS_VERSION" = "x2"
+    then
+        AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode])
+    fi
+    ENABLED_FE448=yes
+    ENABLED_GE448=yes
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448"
+
+    # EdDSA448 requires SHAKE256 which requires SHA-3
+    if test "$ENABLED_SHA3" = "no"
+    then
+        ENABLED_SHA3=yes
+    fi
+    ENABLED_SHAKE256=yes
+
+    ENABLED_CERTS=yes
+fi
+
+if test "$ENABLED_ED448_STREAM" != "no"
+then
+    if test "$ENABLED_ED448" = "no"
+    then
+        AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled])
+    else
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
+    fi
+fi
+
+
+# SRTP-KDF
+if test "$ENABLED_SRTP" = "yes"
+then
+  ENABLED_SRTP_KDF="yes"
+fi
+if test "$ENABLED_SRTP_KDF" = "yes"
+then
+  AM_CFLAGS="$AM_CFLAGS -DWC_SRTP_KDF -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT"
+fi
 
 # Set SHA-3 flags
-if test "$ENABLED_SHA3" != "no" && test "$ENABLED_32BIT" = "no"
+if test "$ENABLED_SHA3" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
 fi
 
 # Set SHAKE128 flags
-# FIPS does not support SHAKE 128
-AS_IF([test "x$ENABLED_FIPS" = "xyes"],[ENABLED_SHAKE128="no"])
+# FIPS traditionally does not support SHAKE 128, v6 does
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],
+        [ENABLED_SHAKE128="no"])
 
-if test "$ENABLED_SHAKE128" != "no" && test "$ENABLED_32BIT" = "no"
+if test "$ENABLED_SHAKE128" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE128"
     if test "$ENABLED_SHA3" = "no"
     then
-        AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
+        AC_MSG_ERROR([shake128 requires SHA-3: --enable-sha3])
     fi
 else
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"
 fi
 
 # Set SHAKE256 flags
-# FIPS does not support SHAKE 256
-AS_IF([test "x$ENABLED_FIPS" = "xyes"],[ENABLED_SHAKE256="no"])
+# FIPS traditionally does not support SHAKE 256, v6 does
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],
+        [ENABLED_SHAKE256="no"])
 
-if test "$ENABLED_SHAKE256" != "no" && test "$ENABLED_32BIT" = "no"
+if test "$ENABLED_SHAKE256" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
     if test "$ENABLED_SHA3" = "no"
     then
-        AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
+        AC_MSG_ERROR([shake256 requires SHA-3: --enable-sha3])
     fi
 else
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
@@ -5201,6 +6105,17 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_XCHACHA"
 fi
 
+# ASCON
+AC_ARG_ENABLE([ascon],
+    [AS_HELP_STRING([--enable-ascon],[Enable ASCON (default: disabled).])],
+    [ ENABLED_ASCON=$enableval ],
+    [ ENABLED_ASCON=no]
+    )
+
+if test "$ENABLED_ASCON" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_ASCON"
+fi
 
 # Hash DRBG
 AC_ARG_ENABLE([hashdrbg],
@@ -5223,14 +6138,7 @@ else
     fi
 fi
 
-
-# MemUse Entropy
-AC_ARG_ENABLE([entropy-memuse],
-    [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
-    [ ENABLED_ENTROPY_MEMUSE=$enableval ],
-    [ ENABLED_ENTROPY_MEMUSE=no ]
-    )
-
+# MemUse Entropy (AKA wolfEntropy)
 if test "x$ENABLED_ENTROPY_MEMUSE" != "xno"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_ENTROPY_MEMUSE"
@@ -5281,6 +6189,19 @@ else
 fi
 
 
+# C89 build
+AC_ARG_ENABLE([c89],
+    [AS_HELP_STRING([--enable-c89],[Build with C89 toolchain (default: disabled)])],
+    [ ENABLED_C89=$enableval ],
+    [ ENABLED_C89=no ]
+    )
+
+if test "$ENABLED_C89" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLF_C89"
+    test "$enable_inline" = "" && enable_inline=no
+fi
+
 # inline Build
 AC_ARG_ENABLE([inline],
     [AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
@@ -5295,7 +6216,8 @@ fi
 
 
 # OCSP
-if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
+if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
+   test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     test "$enable_ocsp" = "" && enable_ocsp=yes
 fi
@@ -5322,12 +6244,31 @@ fi
 
 # Certificate Status Request : a.k.a. OCSP Stapling
 AC_ARG_ENABLE([ocspstapling],
-    [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
+    [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling ((options: yes, no-multi, no, disabled default: disabled)])],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
     )
+AS_CASE([$ENABLED_CERTIFICATE_STATUS_REQUEST],
+    [no],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="no"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ],
+    [disabled],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="no"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ],
+    [yes],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+        ENABLED_TLS_OCSP_MULTI="yes"
+    ],
+    [no-multi],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ])
 
-if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \
+   test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \
+   test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
 fi
@@ -5375,9 +6316,11 @@ AC_ARG_ENABLE([crl],
     [ ENABLED_CRL=no ]
     )
 
-if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
-   test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
-   test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes"
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || \
+   test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" ||  \
+   test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
+   test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" || \
+   test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_CRL=yes
 fi
@@ -5420,65 +6363,6 @@ then
     esac
 fi
 
-
-# USER CRYPTO
-ENABLED_USER_CRYPTO="no"
-ENABLED_USER_RSA="no"
-AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
-trycryptodir=""
-AC_ARG_WITH([user-crypto],
-    [AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
-    [
-        CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
-        LIBS="$LIBS -lusercrypto"
-
-        if test "x$withval" != "xno" ; then
-            trycryptodir=$withval
-        fi
-        if test "x$withval" = "xyes" ; then
-            trycryptodir="/usr/local"
-        fi
-
-        LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
-        CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
-
-        #Look for RSA Init function in usercrypto lib
-        AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
-
-       if test "x$user_rsa_linked" = "xyes" ; then
-            AC_MSG_NOTICE([User user_rsa.h being used])
-            AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
-            ENABLED_USER_RSA=yes
-            ENABLED_USER_CRYPTO=yes
-       fi
-
-
-        #Display check and find result of link attempts
-        AC_MSG_CHECKING([for USER_CRYPTO])
-        if test "x$ENABLED_USER_CRYPTO" = "xno" ; then
-            AC_MSG_RESULT([no])
-            AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
-                    Specify its path using --with-user-crypto=/dir/])
-        else
-            AC_MSG_RESULT([yes])
-            # Check if .la is available if not then rely on exported path
-            if test -e $trycryptodir/lib/libusercrypto.la
-            then
-                LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"
-            else
-                LIB_ADD="-lusercrypto $LIB_ADD"
-            fi
-            AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
-            AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
-        fi
-    ]
-)
-
-if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
-then
-    AC_MSG_ERROR([cannot enable user crypto and fips, user crypto possibility of using code in fips boundary.])
-fi
-
 # Whitewood netRandom client library
 ENABLED_WNR="no"
 trywnrdir=""
@@ -5751,7 +6635,7 @@ fi
 AC_ARG_ENABLE([ticket-nonce-malloc],
     [AS_HELP_STRING([--enable-ticket-nonce-malloc], [Enable dynamic allocation of ticket nonces (default: disabled)])],
     [ ENABLED_TICKET_NONCE_MALLOC=$enableval ],
-    [ ENABLED_TICKET_NONCE_MALLOC=no ]
+    [ ENABLED_TICKET_NONCE_MALLOC=no_implicit ]
     )
 
 if test "$ENABLED_TICKET_NONCE_MALLOC" = "yes"
@@ -5797,7 +6681,7 @@ then
     ENABLED_ENCRYPT_THEN_MAC=yes
     AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
     # Check the ECC supported curves prereq
-    AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
+    AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
           [ENABLED_SUPPORTED_CURVES=yes
            AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
 fi
@@ -6063,13 +6947,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
 fi
 
-
 # Certificate Service Support
-AC_ARG_ENABLE([certservice],
-    [AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
-    [ ENABLED_CERT_SERVICE=$enableval ],
-    [ ENABLED_CERT_SERVICE=no ]
-    )
 if test "$ENABLED_CERT_SERVICE" = "yes"
 then
     # Requires ecc,certgen, and opensslextra make sure on
@@ -6109,6 +6987,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
     AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT"
 
     # Enable prereqs if not already enabled
     if test "x$ENABLED_DTLS" = "xno"
@@ -6116,6 +6996,28 @@ then
         ENABLED_DTLS="yes"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
     fi
+
+    if test "x$ENABLED_DTLS13" = "xno"
+    then
+        ENABLED_DTLS13="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_DROP_STATS"
+        if test "x$ENABLED_SEND_HRR_COOKIE" = "xundefined"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
+            ENABLED_SEND_HRR_COOKIE="yes"
+        fi
+        if test "x$ENABLED_AES" = "xyes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
+        fi
+    fi
+
+    if test "x$ENABLED_DTLS_MTU" = "xno"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
+    fi
+
     if test "x$ENABLED_OPENSSLEXTRA" = "xno"
     then
         ENABLED_OPENSSLEXTRA="yes"
@@ -6218,6 +7120,12 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
     fi
 
+    if test "x$ENABLED_SESSIONCERTS" = "xno"
+    then
+        ENABLED_SESSIONCERTS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+    fi
+
     # cert gen requires alt names
     ENABLED_ALTNAMES="yes"
 fi
@@ -6636,7 +7544,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
 
         # Check the ECC supported curves prereq
-        AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes"],
+        AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no"],
               [ENABLED_SUPPORTED_CURVES=yes
                AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
     fi
@@ -6706,7 +7614,7 @@ then
         ENABLED_WOLFSSH="yes"
     fi
 
-    if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
     then
         ENABLED_OPENSSLEXTRA="yes"
     fi
@@ -6762,6 +7670,13 @@ then
     AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
 
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
+
+    # support longer session ticket nonce
+    if test "$ENABLED_TICKET_NONCE_MALLOC" = "no_implicit"
+    then
+        ENABLED_TICKET_NONCE_MALLOC="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_NONCE_MALLOC"
+    fi
 fi
 
 if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
@@ -6954,13 +7869,6 @@ then
 fi
 
 # PWDBASED has to come after certservice since we want it on w/o explicit on
-# PWDBASED
-AC_ARG_ENABLE([pwdbased],
-    [AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
-    [ ENABLED_PWDBASED=$enableval ],
-    [ ENABLED_PWDBASED=no ]
-    )
-
 if test "$ENABLED_PWDBASED" = "no"
 then
     if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \
@@ -7538,10 +8446,12 @@ if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then
 
     case $host_cpu in
     *x86_64* | *aarch64* | *amd64*)
-      AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
-      ;;
+        if test "$ENABLED_SP_SMALL" = "no"; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
+        fi
+        ;;
     *)
-      ;;
+        ;;
     esac
 fi
 if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then
@@ -7731,7 +8641,7 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM"
     ENABLED_SP_ARM64_ASM=yes
     ;;
-  *armv7a*)
+  *armv7a* | *armv7l*)
     if test "$ENABLED_ARMASM" = "no"; then
       AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
     fi
@@ -7741,11 +8651,13 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
     ;;
   *cortex* | *armv7m*)
     if test "$ENABLED_ARMASM" = "no"; then
-        AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -DWOLFSSL_ARM_ARCH=7"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
+        AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARM_ARCH=7"
     fi
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
     ENABLED_SP_ARM_CORTEX_ASM=yes
+    ENABLED_ARM_THUMB=yes
     ;;
   *armv6*)
     if test "$ENABLED_ARMASM" = "no"; then
@@ -7795,171 +8707,6 @@ fi
 # End - Single Precision option handling                                       #
 ################################################################################
 
-# Fast RSA using Intel IPP
-ippdir="${srcdir}/IPP"
-ipplib="lib" # if autoconf guesses 32bit system changes lib directory
-fastRSA_found=no
-abs_path=`pwd`
-
-# set up variables used
-IPPLIBS=
-IPPHEADERS=
-IPPLINK=
-
-AC_ARG_ENABLE([fast-rsa],
-    [AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
-    [ ENABLED_FAST_RSA=$enableval ],
-    [ ENABLED_FAST_RSA=no ],
-    )
-
-# Fast RSA does not support RSA-PSS
-if test "$ENABLED_RSAPSS" = "yes"; then
-    ENABLED_FAST_RSA=no
-fi
-
-if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
-
-    if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
-        ipplib="lib_32" # 32 bit OS detected
-    fi
-
-#   Use static IPP Libraries
-if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
-    case $host_os in
-    *darwin*)
-        ipplib="$ipplib/mac_static"
-        AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
-                Dynamic IPP libraries supported on Mac])
-        break;;
-
-    *linux*)
-        ipplib="$ipplib/linux_static"
-        break;;
-    *)
-        ENABLED_FAST_RSA=no
-    esac
-
-    if test -e $srcdir/IPP/$ipplib/libippcore.a && test -e $srcdir/IPP/$ipplib/libippcp.a
-    then
-        :
-    else
-        ENABLED_FAST_RSA=no
-    fi
-    AC_CHECK_HEADERS([IPP/include/ipp.h IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
-    LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
-    if test "$ENABLED_FAST_RSA" = "no"; then
-        AC_MSG_ERROR([Could not find fast rsa libraries])
-    fi
-else
-
-#   Check for and use bundled IPP libraries
-if test "$ENABLED_FAST_RSA" = "yes"; then
-    AC_MSG_NOTICE([Using local IPP crypto library])
-
-    AC_CHECK_HEADER([$abs_path/IPP/include/ippcp.h],
-    [
-        # build and default locations on linux and mac
-        STORE_LDFLAGS=${LDFLAGS}
-        STORE_CPPFLAGS=${CPPFLAGS}
-
-        # using LDFLAGS instead of AM_ temporarily to test link to library
-        LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
-        CPPFLAGS="-I$ippdir/include"
-        AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
-        name="$ippdir/$ipplib/libippcp"
-        case $host_os in
-        *darwin*)
-            # check file existence and conditionally set variables
-            if test -e $abs_path/IPP/$ipplib/libippcp.dylib
-            then
-                IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
-                IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
-            else
-                fastRSA_found=no
-            fi
-            break;;
-
-        *linux*)
-            # check file existence and conditionally set variables
-            if test -e $abs_path/IPP/$ipplib/libippcp.so.9.0
-            then
-                if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
-                    IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
-                    IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
-                else
-                    IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
-                    IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
-                fi
-            else
-                fastRSA_found=no
-            fi
-            break;;
-        *)
-            fastRSA_found=no
-        esac
-
-        if test "$fastRSA_found" = "yes"; then
-            # was successful so add tested LDFLAGS to AM_ flags
-            AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
-            AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
-            IPPHEADERS="${srcdir}/IPP/include/*.h"
-        fi
-
-        # restore LDFLAGS to user set
-        LDFLAGS=${STORE_LDFLAGS}
-        CPPFLAGS=${STORE_CPPFLAGS}
-    ], [fastRSA_found=no])
-fi
-
-# Don't cache the result so it can be checked
-AS_UNSET([ac_cv_header_ippcp_h])
-AS_UNSET([ac_cv_header_ipp_h])
-AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
-
-#   Check link and see if user has pre-existing IPP Libraries if not using local
-if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
-    AC_MSG_NOTICE([Checking if IPP crypto library installed])
-    AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
-        [
-            fastRSA_found=yes
-            AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
-        ], [ fastRSA_found=no])
-    ], [fastRSA_found=no])
-
-    # Error out on not finding libraries
-    if test "$fastRSA_found" = "no"; then
-        AC_MSG_ERROR([Could not find fast rsa libraries])
-    fi
-fi
-fi # end of if for shared library
-else # if user rsa is set than do not use fast rsa option
-    if test "$ENABLED_FAST_RSA" = "yes"; then
-        AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
-    fi
-fi # end of if for user rsa crypto or fips
-
-#   End result of checking for IPP Libraries
-AC_MSG_CHECKING([for fast RSA])
-if test "$ENABLED_FAST_RSA" = "yes"; then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
-    # add in user crypto header that uses Intel IPP
-    AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
-    if test "$enable_shared" = "yes"; then
-        LIBS="$LIBS -lippcore -lippcp"
-        LIB_ADD="-lippcp -lippcore $LIB_ADD"
-    else
-        LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
-    fi
-    AC_MSG_RESULT([yes])
-else
-    AC_MSG_RESULT([no])
-fi
-
-AC_SUBST([IPPLIBS])
-AC_SUBST([IPPHEADERS])
-AC_SUBST([IPPLINK])
-
-
 # static memory use
 AC_ARG_ENABLE([staticmemory],
     [AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
@@ -7967,13 +8714,34 @@ AC_ARG_ENABLE([staticmemory],
     [ ENABLED_STATICMEMORY=no ]
     )
 
+for v in `echo $ENABLED_STATICMEMORY | tr "," " "`
+do
+  case $v in
+  yes)
+    ;;
+  no)
+    ;;
+  small|lean)
+    ENABLED_STATICMEMORY=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_LEAN"
+    ;;
+  debug)
+    ENABLED_STATICMEMORY=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK"
+    ;;
+  *)
+    AC_MSG_ERROR([Invalid choice for staticmemory.])
+    break;;
+  esac
+done
+
 if test "x$ENABLED_STATICMEMORY" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
 
     if test "x$ENABLED_HEAPMATH" = "xyes"
     then
-        AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
+        AC_MSG_ERROR([--enable-heapmath is incompatible with --enable-staticmemory.])
     fi
     if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
     then
@@ -8032,6 +8800,19 @@ AC_ARG_ENABLE([cryptocb],
     [ ENABLED_CRYPTOCB=no ]
     )
 
+# Enable testing of cryptoCb using software crypto. On platforms where wolfCrypt tests
+# are used to test a custom cryptoCb, it may be desired to disable this so wolfCrypt tests
+# don't also test software implementations of every algorithm
+AC_ARG_ENABLE([cryptocb-sw-test],
+    [AS_HELP_STRING([--disable-cryptocb-sw-test],[Disable wolfCrypt crypto callback tests using software crypto (default: enabled). Only valid with --enable-cryptocb])],
+    [ if test "x$ENABLED_CRYPTOCB" = "xno"; then
+          AC_MSG_ERROR([--disable-cryptocb-sw-test requires --enable-cryptocb])
+      else
+          ENABLED_CRYPTOCB_SW_TEST=$enableval
+      fi ],
+    [ ENABLED_CRYPTOCB_SW_TEST=yes ]
+    )
+
 if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no"
 then
     ENABLED_CRYPTOCB=yes
@@ -8041,6 +8822,11 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
 fi
 
+if test "$ENABLED_CRYPTOCB_SW_TEST" = "no"
+then
+        AM_CFLAGS="$AM_CFLAGS -DWC_TEST_NO_CRYPTOCB_SW_TEST"
+fi
+
 
 
 # Asynchronous Crypto
@@ -8113,6 +8899,19 @@ else
 fi
 
 
+# Support for autosar shim
+AC_ARG_ENABLE([autosar],
+    [AS_HELP_STRING([--enable-autosar],[Enable AutoSAR support (default: disabled)])],
+    [ ENABLED_AUTOSAR=$enableval ],
+    [ ENABLED_AUTOSAR=no ]
+    )
+
+if test "$ENABLED_AUTOSAR" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AUTOSAR"
+fi
+
+
 # Session Export
 AC_ARG_ENABLE([sessionexport],
     [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
@@ -8132,14 +8931,8 @@ then
 fi
 
 
-# AES key wrap
-AC_ARG_ENABLE([aeskeywrap],
-    [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
-    [ ENABLED_AESKEYWRAP=$enableval ],
-    [ ENABLED_AESKEYWRAP=no ]
-    )
-
-if test "$ENABLED_WPAS" != "no" && test "$ENABLED_FIPS" = "no"
+if test "$ENABLED_WPAS" != "no" &&
+    ( test "$ENABLED_FIPS" = "no" || test "x$FIPS_VERSION" = "xv6" )
 then
     ENABLED_AESKEYWRAP="yes"
 fi
@@ -8226,7 +9019,7 @@ fi
 AC_ARG_WITH([max-ecc-bits],
     [AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])],
     [WITH_MAX_ECC_BITS=$withval],
-    [WITH_MAX_ECC_BITS="$DEFAULT_MAX_ECC_BITS"])
+    )
 
 if test -n "$WITH_MAX_ECC_BITS"; then
    if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then
@@ -8248,6 +9041,46 @@ if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
    fi
 fi
 
+AC_ARG_ENABLE([linuxkm-lkcapi-register],
+    [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.  Possible values are "none", "all", "cbc(aes)", "cfb(aes)", "gcm(aes)", and "xts(aes)", or a comma-separate combination. (default: none)])],
+    [ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
+    [ENABLED_LINUXKM_LKCAPI_REGISTER=none]
+    )
+if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none"
+then
+    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
+
+    if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_RISCV_ASM" = "no" && test "$ENABLED_FIPS" = "no"; then
+        ENABLED_AESGCM_STREAM=yes
+    fi
+
+    if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" = "yes"
+    then
+        ENABLED_LINUXKM_LKCAPI_REGISTER=all
+    fi
+
+    for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ')
+    do
+        case "$lkcapi_alg" in
+        all) test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
+             AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL"           ;;
+        'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
+        'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
+                    test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;;
+        'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
+                    test "$ENABLED_AESGCM_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesgcm-stream is required for LKCAPI.])
+                    test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;;
+        'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.])
+                    test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;;
+        *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".])      ;;
+        esac
+    done
+fi
+
 # Library Suffix
 LIBSUFFIX=""
 AC_ARG_WITH([libsuffix],
@@ -8263,6 +9096,25 @@ AC_ARG_WITH([libsuffix],
 )
 AC_SUBST(LIBSUFFIX)
 
+# Support system wide crypto-policy file:
+#   - Pass path to your wolfssl.config system crypto-policy file.
+#   - Pass no argument to use default.
+AC_ARG_WITH([sys-crypto-policy],
+    [AS_HELP_STRING([--with-sys-crypto-policy=PATH],[Support for system-wide crypto-policy file. (default: disabled)])],
+    [ SYS_CRYPTO_POLICY=$withval],
+    [ SYS_CRYPTO_POLICY=no ]
+    )
+
+if test "$SYS_CRYPTO_POLICY" != "no"; then
+    if test "$SYS_CRYPTO_POLICY" = "yes"; then
+        # Default to the wolfssl fedora crypto-policy file.
+        SYS_CRYPTO_POLICY="/etc/crypto-policies/back-ends/wolfssl.config"
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CRYPTO_POLICY"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CRYPTO_POLICY_FILE=\"$SYS_CRYPTO_POLICY\""
+fi
+
 AC_ARG_ENABLE([context-extra-user-data],
     [AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])],
     [ ENABLED_EX_DATA=$enableval ],
@@ -8321,6 +9173,23 @@ AC_ARG_ENABLE([sys-ca-certs],
     [ ENABLED_SYS_CA_CERTS=yes ]
     )
 
+AC_ARG_ENABLE([dual-alg-certs],
+    [AS_HELP_STRING([--enable-dual-alg-certs],[Enable support for dual key/signature certificates in TLS 1.3 as defined in X9.146 (requires --enable-experimental) (default: disabled)])],
+    [ ENABLED_DUAL_ALG_CERTS=$enableval ],
+    [ ENABLED_DUAL_ALG_CERTS=no ]
+    )
+
+AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
+
+AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_CRYPTONLY" = "yes" ],[ AC_MSG_ERROR([dual-alg-certs is incompatible with --enable-cryptonly.]) ])
+
+# Adds functionality to support Raw Public Key (RPK) RFC7250
+AC_ARG_ENABLE([rpk],
+    [AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])],
+    [ ENABLED_RPK=$enableval ],
+    [ ENABLED_RPK=no ]
+    )
+
 # check if should run the trusted peer certs test
 # (for now checking both C_FLAGS and C_EXTRA_FLAGS)
 AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
@@ -8345,7 +9214,6 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
         ENABLED_TRUSTED_PEER_CERT=yes
     else
         CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
@@ -8357,7 +9225,7 @@ fi
 # determine if we have key validation mechanism
 if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
 then
-    if test "x$ENABLED_ASN" = "xyes"
+    if test "$ENABLED_ASN" != "no" && test "$ENABLED_ASN" != "nocrypt"
     then
         ENABLED_PKI="yes"
     fi
@@ -8387,6 +9255,7 @@ case $host_cpu in
   *arm*)
     if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
       AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6"
+      ENABLED_ARM_THUMB=yes
     else
       if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
         AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5"
@@ -8504,6 +9373,12 @@ then
         ENABLED_DES3="yes"
     fi
 
+    # Has support for PKCS7
+    if test "$ENABLED_PKCS7" = "no"
+    then
+        ENABLED_PKCS7=yes
+    fi
+
     # Uses alt name
     ENABLED_ALTNAMES="yes"
 
@@ -8531,12 +9406,12 @@ if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
    test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
    test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
    test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes"
 then
     ENABLED_OPENSSLEXTRA="yes"
 fi
 
-if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no"
+if test "$ENABLED_ED25519" != "no"
 then
     if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
     then
@@ -8686,12 +9561,21 @@ AS_IF([test "x$ENABLED_ASN" = "xno"],
 AS_IF([test "x$ENABLED_SYS_CA_CERTS" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CA_CERTS"])
 
+AS_IF([test "x$ENABLED_DUAL_ALG_CERTS" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DUAL_ALG_CERTS"])
+
+AS_IF([test "x$ENABLED_RPK" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DHAVE_RPK"])
+
 AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"])
 
 AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
+AS_IF([test "x$ENABLED_ACERT" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ACERT"])
+
 AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
 
@@ -8701,9 +9585,9 @@ AS_IF([test "x$ENABLED_CERTGEN" = "xyes"],
 AS_IF([test "x$ENABLED_CERTEXT" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"])
 
-AS_IF([test "x$ENABLED_ED25519" = "xyes" && test "x$ENABLED_32BIT" = "xno"],
+AS_IF([test "x$ENABLED_ED25519" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"])
-AS_IF([test "x$ENABLED_ED25519" = "xyes" && test "x$ENABLED_32BIT" = "xno"],
+AS_IF([test "x$ENABLED_ED25519" = "xyes"],
       [AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_ED25519"])
 
 AS_IF([test "x$ENABLED_ED25519_SMALL" = "xyes"],
@@ -8717,6 +9601,8 @@ AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"],
 
 AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"])
 
+AS_IF([test "x$ENABLED_MOSQUITTO" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"])
+
 if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
@@ -8749,7 +9635,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DNO_HMAC"
 fi
 
-if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+if test "$ENABLED_OPENSSLEXTRA" = "yes"
 then
   AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
 fi
@@ -8818,6 +9704,14 @@ else
     fi
 fi
 
+if test "x$ENABLED_DES3_TLS_SUITES" = "xno"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_DES3_TLS_SUITES"
+else
+    AS_IF([test "x$ENABLED_DES3" = "xno"],
+        [AC_MSG_ERROR([DES3 TLS suites require DES3])])
+fi
+
 if test "$ENABLED_AESGCM" != "no"
 then
     if test "$ENABLED_AESGCM" = "word"
@@ -8862,6 +9756,17 @@ then
     fi
 fi
 
+if test "$ENABLED_AESXTS_STREAM" != "no"
+then
+    if test "$ENABLED_AESXTS" = "no"
+    then
+        AC_MSG_ERROR([AES-XTS streaming enabled but AES-XTS is disabled])
+    else
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESXTS_STREAM"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESXTS_STREAM"
+    fi
+fi
+
 if test "$ENABLED_IOTSAFE" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IOTSAFE"
@@ -8880,7 +9785,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
     AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
-    AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=192"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE"
 fi
 
 if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
@@ -8951,9 +9856,6 @@ if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
     if test "x$ENABLED_OPENSSLALL" = "xyes"; then
         AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
     fi
-    if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then
-        AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
-    fi
 fi
 
 if test "$ENABLED_WOLFSSH" = "yes" && test "$ENABLED_HMAC" = "no"
@@ -8993,7 +9895,17 @@ if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then
    LT_LIB_M
 fi
 
-
+# multiple OCSP stapling for TLS 1.3 Certificate extension
+if test "$ENABLED_CERTIFICATE_STATUS_REQUEST" = "yes"
+then
+    if test "$ENABLED_TLS13" = "yes"
+    then
+        if test "$ENABLED_TLS_OCSP_MULTI" = "yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_OCSP_MULTI"
+        fi
+    fi
+fi
 ################################################################################
 
 # USER SETTINGS
@@ -9016,7 +9928,10 @@ fi
 # For distro disable custom build options that interfere with symbol generation
 if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
 then
-    AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
+    if test "$ENABLED_CUDA" != "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
+    fi
     if test "$ax_enable_debug" = "no"
     then
     AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
@@ -9093,8 +10008,8 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
     AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
 
-    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_CRYPTONLY" = "no"; then
-        AC_MSG_ERROR([--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.])
+    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_LINUXKM_PIE" = "yes" && test "$ENABLED_CRYPTONLY" = "no"; then
+        AC_MSG_ERROR([--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm.])
     fi
     if test "$ENABLED_FILESYSTEM" = "yes"; then
         AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
@@ -9123,9 +10038,6 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     if test "$ENABLED_FASTMATH" = "yes"; then
         AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).])
     fi
-    if test "$ENABLED_FAST_RSA" = "yes"; then
-        AC_MSG_ERROR([--enable-fastrsa is incompatible with --enable-linuxkm.])
-    fi
     if test "$ENABLED_LIBZ_RSA" = "yes"; then
         AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.])
     fi
@@ -9138,7 +10050,7 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     if test "$ENABLED_SMALL_STACK" != "yes"; then
         AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
     fi
-    if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
+    if test "$ENABLED_SP_MATH" != "yes" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
         AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
     fi
     if test "$ENABLED_STACKSIZE" != "no"; then
@@ -9152,10 +10064,18 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     fi
 fi
 
+AS_IF([test "$ENABLED_ASM" = "no" && (test "$ENABLED_INTELASM" != "no" || \
+                                      test "$ENABLED_AESNI" != "no" || \
+                                      test "$ENABLED_ARMASM" != "no" || \
+                                      test "$ENABLED_RISCV_ASM" != "no" || \
+                                      test "$ENABLED_SP_ASM" != "no")],
+      [AC_MSG_WARN([Conflicting asm settings.])])
+
 # The following AM_CONDITIONAL statements set flags for use in the Makefiles.
 # Some of these affect build targets and objects, some trigger different
 # test scripts for make check.
 AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
+AM_CONDITIONAL([BUILD_OPENSSL_COMPAT],[test "x$ENABLED_OPENSSLEXTRA" != "xnoinstall"])
 AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
 AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -9172,11 +10092,16 @@ AM_CONDITIONAL([BUILD_SNIFFER],  [ test "x$ENABLED_SNIFFER"   = "xyes" || test "
 AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes"])
 AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_XTS],[test "x$ENABLED_XTS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_AESXTS],[test "x$ENABLED_AESXTS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"])
+AM_CONDITIONAL([BUILD_ARM_THUMB],[test "$ENABLED_ARM_THUMB" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_NONTHUMB],[test "$ENABLED_ARM_THUMB" != "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_32],[test "$ENABLED_ARM_32" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_64],[test "$ENABLED_ARM_64" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"])
 AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
 AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
 AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
@@ -9196,7 +10121,8 @@ AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENA
 AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_CURVE25519],[test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_CURVE25519_INTELASM],[test "$ENABLED_CURVE25519" != "noasm" && test "$ENABLED_INTELASM" = "yes"])
 AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"])
@@ -9207,6 +10133,7 @@ AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes"
 AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -9224,6 +10151,7 @@ AM_CONDITIONAL([BUILD_FIPS_V1],[test "$HAVE_FIPS_VERSION" = 1])
 AM_CONDITIONAL([BUILD_FIPS_V2],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 0])
 AM_CONDITIONAL([BUILD_FIPS_RAND],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1])
 AM_CONDITIONAL([BUILD_FIPS_V5],[test "$HAVE_FIPS_VERSION" = 5])
+AM_CONDITIONAL([BUILD_FIPS_V6],[test $HAVE_FIPS_VERSION -ge 6])
 AM_CONDITIONAL([BUILD_FIPS_CURRENT],[test "$HAVE_FIPS_VERSION" -ge 2 ])
     # BUILD_FIPS_CURRENT is for builds after cert 2425.
 AM_CONDITIONAL([BUILD_SIPHASH],[test "x$ENABLED_SIPHASH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -9234,17 +10162,17 @@ AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" != "xno" || test "x$ENABLED_U
 AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes" || test "x$ENABLED_CHACHA" = "xnoasm" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_XCHACHA],[test "x$ENABLED_XCHACHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_ASCON],[test "x$ENABLED_ASCON" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SM2],[test "x$ENABLED_SM2" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SM3],[test "x$ENABLED_SM3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
+AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" && test "x$ENABLED_TLS13" = "xyes" && test "x$ENABLED_TLS_OCSP_MULTI" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
-AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
-AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"])
 AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
@@ -9254,12 +10182,12 @@ AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
 AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"])
+AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes"])
 AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_HEAPMATH],[test "x$ENABLED_HEAPMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
 AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
-AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes"] && [test "x$ENABLED_ASN_PRINT" = "xyes"] && [test "x$ENABLED_ASN" = "xyes"])
+AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_ASN_PRINT" = "xyes" && test "$ENABLED_ASN" != "no"])
 AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
 AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
 AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
@@ -9290,7 +10218,6 @@ AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENAB
 AM_COND_IF([BUILD_SP], [INCLUDE_SP_INT="yes"])
 AM_COND_IF([BUILD_SP_INT], [INCLUDE_SP_INT="yes"])
 AC_SUBST([INCLUDE_SP_INT])
-AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"])
 AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
 AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
 AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
@@ -9306,6 +10233,7 @@ AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"])
 AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"])
 AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"])
 AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"])
+AM_CONDITIONAL([BUILD_CUDA],[test "x$ENABLED_CUDA" = "xyes"])
 AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" != "xno"])
 AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"])
 AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"])
@@ -9323,6 +10251,8 @@ AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_U
 AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
 AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
+AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
+AM_CONDITIONAL([BUILD_AUTOSAR],[test "x$ENABLED_AUTOSAR" = "xyes"])
 
 if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
    (test "$ax_enable_debug" = "yes" ||
@@ -9351,6 +10281,7 @@ AC_SUBST([AM_LDFLAGS])
 AC_SUBST([AM_CCASFLAGS])
 AC_SUBST([LIB_ADD])
 AC_SUBST([LIB_STATIC_ADD])
+AC_SUBST([LIBM])
 
 # FINAL
 AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
@@ -9370,7 +10301,7 @@ AX_AM_JOBSERVER([yes])
 
 # See Automake 9.4.1 Built Sources Example
 AC_DEFUN([AX_OUT_OF_TREE_FILE],[
-  AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && >> $srcdir/$1])
+  AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && echo -n >> $srcdir/$1])
 ])
 
 AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/async.h])
@@ -9419,14 +10350,16 @@ rm -f $OPTION_FILE
 echo "/* wolfssl options.h" > $OPTION_FILE
 echo " * generated from configure options" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
-echo " * Copyright (C) 2006-2023 wolfSSL Inc." >> $OPTION_FILE
+echo " * Copyright (C) 2006-2024 wolfSSL Inc." >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " */" >> $OPTION_FILE
 
 echo "" >> $OPTION_FILE
-echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
+echo "#ifdef WOLFSSL_NO_OPTIONS_H" >> $OPTION_FILE
+echo "/* options.h inhibited by configuration */" >> $OPTION_FILE
+echo "#elif !defined(WOLFSSL_OPTIONS_H)" >> $OPTION_FILE
 echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
@@ -9439,7 +10372,7 @@ echo "" >> $OPTION_FILE
 # note: cut requires an argument to exit with success.
 if colrm >/dev/null 2>&1 </dev/null; then
     TRIM="colrm 3"
-elif cut --version >/dev/null 2>&1 </dev/null; then
+elif echo "" | cut -c1 >/dev/null 2>&1 </dev/null; then
     TRIM="cut -c1-2"
 else
     AC_MSG_ERROR([Could not find colrm or cut to make options file])
@@ -9502,6 +10435,11 @@ echo "" >> $OPTION_FILE
 echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
 
+if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no"
+then
+    support/gen-debug-trace-error-codes.sh || AC_MSG_ERROR([Header generation for debug-trace-errcodes failed.])
+fi
+
 if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no"
 then
     SAVE_CFLAGS=$CFLAGS
@@ -9559,7 +10497,6 @@ echo "   * FPU enable as flags:        $ASFLAGS_FPU_ENABLE_SIMD_DISABLE" && \
 echo "   * SIMD+FPU disable as flags:  $ASFLAGS_FPUSIMD_DISABLE" && \
 echo "   * SIMD+FPU enable as flags:   $ASFLAGS_FPUSIMD_ENABLE" && \
 echo "   * Linux kernel module PIE:    $ENABLED_LINUXKM_PIE"
-echo "   * Linux kernel module bench:  $ENABLED_LINUXKM_BENCHMARKS"
 
 echo "   * Debug enabled:              $ax_enable_debug"
 echo "   * Coverage enabled:           $ax_enable_coverage"
@@ -9568,6 +10505,12 @@ echo "   * make -j:                    $enable_jobserver"
 echo "   * VCS checkout:               $ac_cv_vcs_checkout"
 echo
 echo "   Features "
+if test "$ENABLED_EXPERIMENTAL" = "yes"
+then
+    echo "   * Experimental settings:      Allowed"
+else
+    echo "   * Experimental settings:      Forbidden"
+fi
 if test "$ENABLED_FIPS" = "yes"; then
 echo "   * FIPS:                       $FIPS_VERSION"
 else
@@ -9589,7 +10532,7 @@ if test "$ENABLED_SP_MATH_ALL" != "no"
 then
     ENABLED_SP_MATH_DESC="all"
 else
-    if test "$ENABLED_SP_MATH" != "no"
+    if test "$ENABLED_SP_MATH" = "yes"
     then
         ENABLED_SP_MATH_DESC="restricted"
     else
@@ -9613,12 +10556,18 @@ echo "   * AES-CCM:                    $ENABLED_AESCCM"
 echo "   * AES-CTR:                    $ENABLED_AESCTR"
 echo "   * AES-CFB:                    $ENABLED_AESCFB"
 echo "   * AES-OFB:                    $ENABLED_AESOFB"
+echo "   * AES-XTS:                    $ENABLED_AESXTS"
+echo "   * AES-XTS streaming:          $ENABLED_AESXTS_STREAM"
 echo "   * AES-SIV:                    $ENABLED_AESSIV"
 echo "   * AES-EAX:                    $ENABLED_AESEAX"
 echo "   * AES Bitspliced:             $ENABLED_AESBS"
+echo "   * AES Key Wrap:               $ENABLED_AESKEYWRAP"
 echo "   * ARIA:                       $ENABLED_ARIA"
+echo "   * ASCON:                      $ENABLED_ASCON"
 echo "   * DES3:                       $ENABLED_DES3"
+echo "   * DES3 TLS Suites:            $ENABLED_DES3_TLS_SUITES"
 echo "   * Camellia:                   $ENABLED_CAMELLIA"
+echo "   * CUDA:                       $ENABLED_CUDA"
 echo "   * SM4-ECB:                    $ENABLED_SM4_ECB"
 echo "   * SM4-CBC:                    $ENABLED_SM4_CBC"
 echo "   * SM4-CTR:                    $ENABLED_SM4_CTR"
@@ -9642,6 +10591,7 @@ echo "   * BLAKE2S:                    $ENABLED_BLAKE2S"
 echo "   * SipHash:                    $ENABLED_SIPHASH"
 echo "   * CMAC:                       $ENABLED_CMAC"
 echo "   * keygen:                     $ENABLED_KEYGEN"
+echo "   * acert:                      $ENABLED_ACERT"
 echo "   * certgen:                    $ENABLED_CERTGEN"
 echo "   * certreq:                    $ENABLED_CERTREQ"
 echo "   * certext:                    $ENABLED_CERTEXT"
@@ -9649,7 +10599,8 @@ echo "   * certgencache:               $ENABLED_certgencache"
 echo "   * CHACHA:                     $ENABLED_CHACHA"
 echo "   * XCHACHA:                    $ENABLED_XCHACHA"
 echo "   * Hash DRBG:                  $ENABLED_HASHDRBG"
-echo "   * MmemUse Entropy:            $ENABLED_ENTROPY_MEMUSE"
+echo "   * MmemUse Entropy:"
+echo "   * (AKA: wolfEntropy):         $ENABLED_ENTROPY_MEMUSE"
 echo "   * PWDBASED:                   $ENABLED_PWDBASED"
 echo "   * Encrypted keys:             $ENABLED_ENCKEYS"
 echo "   * scrypt:                     $ENABLED_SCRYPT"
@@ -9689,6 +10640,7 @@ echo "   * XMSS_ROOT:                  $XMSS_ROOT"
 fi
 echo "   * KYBER:                      $ENABLED_KYBER"
 echo "   * KYBER wolfSSL impl:         $ENABLED_WC_KYBER"
+echo "   * DILITHIUM:                  $ENABLED_DILITHIUM"
 echo "   * ECCSI                       $ENABLED_ECCSI"
 echo "   * SAKKE                       $ENABLED_SAKKE"
 echo "   * ASN:                        $ENABLED_ASN"
@@ -9718,6 +10670,7 @@ echo "   * strongSwan:                 $ENABLED_STRONGSWAN"
 echo "   * OpenLDAP:                   $ENABLED_OPENLDAP"
 echo "   * hitch:                      $ENABLED_HITCH"
 echo "   * memcached:                  $ENABLED_MEMCACHED"
+echo "   * Mosquitto                   $ENABLED_MOSQUITTO"
 echo "   * ERROR_STRINGS:              $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                       $ENABLED_DTLS"
 echo "   * DTLS v1.3:                  $ENABLED_DTLS13"
@@ -9730,6 +10683,7 @@ echo "   * TLS v1.0 (Old):             $ENABLED_TLSV10"
 echo "   * TLS v1.1 (Old):             $ENABLED_OLD_TLS"
 echo "   * TLS v1.2:                   $ENABLED_TLSV12"
 echo "   * TLS v1.3:                   $ENABLED_TLS13"
+echo "   * RPK:                        $ENABLED_RPK"
 echo "   * Post-handshake Auth:        $ENABLED_TLS13_POST_AUTH"
 echo "   * Early Data:                 $ENABLED_TLS13_EARLY_DATA"
 echo "   * QUIC:                       $ENABLED_QUIC"
@@ -9774,14 +10728,17 @@ echo "   * wolfSCEP:                   $ENABLED_WOLFSCEP"
 echo "   * Secure Remote Password:     $ENABLED_SRP"
 echo "   * Small Stack:                $ENABLED_SMALL_STACK"
 echo "   * Linux Kernel Module:        $ENABLED_LINUXKM"
+
+test "$ENABLED_LINUXKM" = "yes" && \
+echo "   * Linux kernel module bench:  $ENABLED_LINUXKM_BENCHMARKS" && \
+echo "   * Linux kernel alg register:  $ENABLED_LINUXKM_LKCAPI_REGISTER"
+
 echo "   * valgrind unit tests:        $ENABLED_VALGRIND"
 echo "   * LIBZ:                       $ENABLED_LIBZ"
 echo "   * Examples:                   $ENABLED_EXAMPLES"
 echo "   * Crypt tests:                $ENABLED_CRYPT_TESTS"
 echo "   * Stack sizes in tests:       $ENABLED_STACKSIZE"
 echo "   * Heap stats in tests:        $ENABLED_TRACKMEMORY"
-echo "   * User Crypto:                $ENABLED_USER_CRYPTO"
-echo "   * Fast RSA:                   $ENABLED_FAST_RSA"
 echo "   * Asynchronous Crypto:        $ENABLED_ASYNCCRYPT"
 echo "   * Asynchronous Crypto (sim):  $ENABLED_ASYNCCRYPT_SW"
 echo "   * Cavium Nitrox:              $ENABLED_CAVIUM"
@@ -9794,9 +10751,10 @@ fi
 echo "   * ARM ASM:                    $ENABLED_ARMASM"
 echo "   * ARM ASM SHA512/SHA3 Crypto  $ENABLED_ARMASM_SHA3"
 echo "   * ARM ASM SM3/SM4 Crypto      $ENABLED_ARMASM_CRYPTO_SM4"
-echo "   * AES Key Wrap:               $ENABLED_AESKEYWRAP"
+echo "   * RISC-V ASM                  $ENABLED_RISCV_ASM"
 echo "   * Write duplicate:            $ENABLED_WRITEDUP"
 echo "   * Xilinx Hardware Acc.:       $ENABLED_XILINX"
+echo "   * C89:                        $ENABLED_C89"
 echo "   * Inline Code:                $ENABLED_INLINE"
 echo "   * Linux AF_ALG:               $ENABLED_AFALG"
 echo "   * Linux KCAPI:                $ENABLED_KCAPI"
@@ -9810,12 +10768,16 @@ echo "   * NXP SE050:                  $ENABLED_SE050"
 echo "   * Maxim Integrated MAXQ10XX:  $ENABLED_MAXQ10XX"
 echo "   * PSA:                        $ENABLED_PSA"
 echo "   * System CA certs:            $ENABLED_SYS_CA_CERTS"
+echo "   * Dual alg cert support:      $ENABLED_DUAL_ALG_CERTS"
 echo "   * ERR Queues per Thread:      $ENABLED_ERRORQUEUEPERTHREAD"
 echo "   * rwlock:                     $ENABLED_RWLOCK"
 echo "   * keylog export:              $ENABLED_KEYLOG_EXPORT"
+echo "   * AutoSAR :                   $ENABLED_AUTOSAR"
 echo ""
 echo "---"
 
+echo "./configure flags: $(./config.status --config)"
+
 fi # $silent != yes
 
 ################################################################################
@@ -9824,7 +10786,7 @@ fi # $silent != yes
 
 if test "$ENABLED_ASYNCCRYPT" = "yes" && ! test -s $srcdir/wolfcrypt/src/async.c
 then
-    AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
+    AC_MSG_WARN([Make sure real async files are loaded. See async-check.sh or the wolfssl/wolfAsyncCrypt GitHub repo.])
 fi
 
 # MinGW static vs shared library
@@ -9844,3 +10806,17 @@ if test "$MINGW_LIB_WARNING" = "yes"
 then
     AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
 fi
+
+if test -n "$WITH_MAX_ECC_BITS"; then
+    if test "$WITH_MAX_ECC_BITS" -lt "$ENABLED_ECCMINSZ"; then
+        AC_MSG_ERROR([--with-max-ecc-bits argument ($WITH_MAX_ECC_BITS) must be greater than --with-eccminsz argument ($ENABLED_ECCMINSZ)])
+    fi
+fi
+
+if test "$silent" != "yes"; then
+
+echo "---"
+echo "Note: Make sure your application includes \"wolfssl/options.h\" before any other wolfSSL headers."
+echo "      You can define \"WOLFSSL_USE_OPTIONS_H\" in your application to include this automatically."
+
+fi
diff --git a/devin_lifeguard.yaml b/devin_lifeguard.yaml
new file mode 100644
index 000000000..c3834eeaa
--- /dev/null
+++ b/devin_lifeguard.yaml
@@ -0,0 +1,145 @@
+rules:
+  - name: no-void-functions
+    trigger: >-
+      All functions must return a value. Avoid using void return types to ensure
+      error values can be propagated upstream.
+    solution: >-
+      Change the function to return an appropriate error code or result instead
+      of void. Ensure all return paths provide a meaningful value.
+  - name: avoid-recursion
+    trigger: >-
+      Recursion is not allowed. Prefer iterative solutions to reduce stack usage
+      and prevent potential stack overflows.
+    solution: >-
+      Refactor the recursive function into an iterative one using loops or other
+      control structures.
+  - name: use-forcezero
+    trigger: >-
+      Sensitive data such as private keys must be zeroized using `ForceZero()`
+      to prevent the compiler from optimizing away the zeroization.
+    solution: >-
+      Replace `memset` or similar functions with `ForceZero(variable, size)` to
+      ensure sensitive data is properly cleared from memory.
+  - name: check-all-return-codes
+    trigger: >-
+      Every return code from function calls must be checked to handle errors
+      appropriately and prevent unexpected behavior.
+    solution: >-
+      After each function call, add error handling logic to check the return
+      value and respond accordingly.
+  - name: no-memory-leaks
+    trigger: >-
+      Memory or resources allocated must have a clear path to being released to
+      prevent memory leaks.
+    solution: >-
+      Ensure that every allocation has a corresponding free or release call. Use
+      resource management patterns to handle allocations and deallocations.
+  - name: do-not-change-external-apis
+    trigger: >-
+      External facing APIs should not be altered. Instead of modifying an
+      existing API, create a new version with the necessary parameters.
+    solution: >-
+      If additional parameters are needed, create a new function (e.g., `f_ex(a,
+      b)`) and have the original function (`f(a)`) call the new one with default
+      or null parameters.
+  - name: limit-stack-usage
+    trigger: >-
+      Functions should not use more than 100 bytes of stack. Excessive stack
+      usage can lead to stack overflows and reduced performance.
+    solution: >-
+      Apply the `WOLFSSL_SMALL_STACK` pattern by dynamically allocating large
+      variables to minimize stack usage within the function.
+  - name: prefer-constant-time
+    trigger: >-
+      Implement algorithms in constant time to prevent timing attacks and ensure
+      security.
+    solution: >-
+      Review and refactor algorithms to ensure their execution time does not
+      depend on input values. Use constant-time libraries or functions where
+      applicable.
+  - name: use-sizeof
+    trigger: >-
+      Avoid hard-coded numeric values for sizes. Use `sizeof()` to ensure
+      portability and maintainability.
+    solution: >-
+      Replace hard-coded sizes with `sizeof(type)` to automatically adapt to
+      changes in type sizes.
+  - name: use-typedefs-not-stdint
+    trigger: >-
+      Use `byte`, `word16`, `word32` instead of standard integer types like
+      `uint32_t` to maintain consistency across the codebase.
+    solution: >-
+      Replace instances of `uint32_t` and similar types with the designated
+      typedefs such as `word32`.
+  - name: use-c-style-comments
+    trigger: >-
+      Only C-style comments (`/* */`) are allowed in C code. C++ style comments
+      (`//`) should not be used.
+    solution: >-
+      Replace all `//` comments with `/* */` to adhere to the project's
+      commenting standards.
+  - name: pointer-null-check
+    trigger: >-
+      Always check for null pointers using the `ptr != NULL` pattern to prevent
+      dereferencing null pointers.
+    solution: >-
+      Add a condition to verify that the pointer is not null before using it,
+      e.g., `if (ptr != NULL) { /* use ptr */ }`.
+  - name: declare-const-pointers
+    trigger: >-
+      Pointer parameters that are not modified within a function should be
+      declared as `const` to enhance code safety and clarity.
+    solution: >-
+      Add the `const` keyword to pointer parameters that are not intended to be
+      modified, e.g., `const void *ptr`.
+  - name: struct-member-order
+    trigger: >-
+      Struct members should be ordered in descending size to optimize memory
+      alignment and reduce padding.
+    solution: >-
+      Reorder the members of the struct so that larger data types are declared
+      before smaller ones.
+  - name: no-always-success-stubs
+    trigger: >-
+      when implementing a stub function that is not fully developed, returning
+      success unconditionally can hide real logic and debugging information
+    solution: >-
+      either implement the stub with real logic or return an appropriate error
+      code to indicate "not yet implemented," so that failures are not silently
+      ignored
+  - name: free-allocated-memory
+    trigger: |-
+      allocating memory but forgetting to free it on all code paths
+      or using functions that allocate buffers without a corresponding free
+    solution: >-
+      for every XMALLOC call, ensure there's a matching XFREE on every return
+      path
+
+      if handing ownership off, confirm the new owner also properly frees it
+  - name: check-return-codes
+    trigger: >-
+      calling library functions that return non-zero in case of error, but not
+      checking or handling those return values
+    solution: >-
+      always verify and handle function return codes
+
+      if ret != 0, do not continue silently; either propagate the error or
+      handle it
+  - name: handle-partial-writes
+    trigger: >-
+      calling a write function (e.g., wolfSSL_write_ex) that may write only part
+      of the data, returning fewer bytes than requested or a particular status
+    solution: >-
+      if partial writes are possible, loop until the entire buffer is written or
+      an error occurs
+
+      do not assume a single call wrote or accepted all bytes
+  - name: manage-ephemeral-objects-correctly
+    trigger: >-
+      generating or importing ephemeral objects (e.g., ephemeral keys, ephemeral
+      certs) and forgetting to finalize or free them, or double-freeing them
+    solution: >-
+      coordinate ephemeral object ownership carefully
+
+      ensure ephemeral structures are freed once no longer needed, and avoid
+      reusing pointers after free
diff --git a/doc/QUIC.md b/doc/QUIC.md
index 3ab3f8de1..e0de42589 100644
--- a/doc/QUIC.md
+++ b/doc/QUIC.md
@@ -8,7 +8,7 @@ TLS works on top of the Internet's TCP protocol stack. The TCP is shipped as par
 and accessible via system calls and APIs. TCP itself is not secured by TLS, only the data sent via it is
 protected. TCP does not have to know anything about TLS.
 
-QUIC, on the other hand, is always protected by TLS. A QUIC implementation does always need an 
+QUIC, on the other hand, is always protected by TLS. A QUIC implementation does always need an
 implementation of the TLS protocol, specifically TLSv1.3. It does this in new ways and TLS
 implementations need to accommodate these. Those specifics have been added to wolfSSL.
 
@@ -51,13 +51,13 @@ The above configuration has also been added to [curl](https://github.com/curl/cu
 
 ### why?
 
-Why all these different blocks? 
+Why all these different blocks?
 
 The separation of HTTP/3 and QUIC is natural when you think about the relationship between TCP and HTTP/1.1. Like TCP, QUIC can and will carry other protocols. HTTP/3 is only the first one. Most likely 'DNS over QUIC' (DoQ) is the next popular, replacing DoH.
 
 The separation of QUIC's "crypto" parts from its other protocol enabling functions is a matter of security. In its experimental beginnings, QUIC had its own security design. With the emerging TLSv1.3 and all it improvements, plus decades of experience, it seemed rather unwise to have something separate in QUIC.
 
-Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementers happily make use of existing TLS libraries. 
+Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementers happily make use of existing TLS libraries.
 
 ## wolfSSL API
 
@@ -76,7 +76,7 @@ A QUIC protocol handler installs these via `wolfSSL_CTX_set_quic_method()` or `w
 
 ```
   DATA ---recv+decrypt---+
-                         v 
+                         v
             wolfSSL_provide_quic_data(ssl, ...)
             wolfSSL_do_handshake(ssl);
                   +-> add_handshake_data_callback(REPLY)
diff --git a/doc/dox_comments/header_files-ja/arc4.h b/doc/dox_comments/header_files-ja/arc4.h
index bf3f8151f..4c1e6ee91 100644
--- a/doc/dox_comments/header_files-ja/arc4.h
+++ b/doc/dox_comments/header_files-ja/arc4.h
@@ -1,7 +1,7 @@
 /*!
-    \ingroup ARC4 
+    \ingroup ARC4
     \brief  ��関数���ッファ内�入力メッセージを暗�化��出力�ッファー�暗�文を�置�る������ッファー�ら暗�文を復�化��り�ARC4暗�化を使用���出力�ッファーOUTを出力��り���。��関数�暗�化�復�化�両方�使用�れ��。��方法�呼�出�れる�能性��る場�����WC_ARC4SETKEYを使用��ARC4構造を�期化�る必���り��。
-    \return none 
+    \return none
     \param arc4  メッセージ�処��使用�れるARC4構造���インタ
     \param out  処��れ�メッセージを�存�る出力�ッファ���インタ
     \param in  プロセス�るメッセージを�む入力�ッファ���インタ
@@ -24,9 +24,9 @@
 int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length);
 
 /*!
-    \ingroup ARC4 
+    \ingroup ARC4
     \brief  ��関数�ARC4オブジェクト�キーを設定���れを暗����使用�る����期化���。WC_ARC4PROCESSを使用��暗�化�使用�る��呼�出�れる必���り��。
-    \return none 
+    \return none
     \param arc4  暗�化�使用�れるARC4構造���インタ
     \param key  ARC4構造を�期化�る���キー
     _Example_
diff --git a/doc/dox_comments/header_files-ja/asn_public.h b/doc/dox_comments/header_files-ja/asn_public.h
index 164108fe4..0cade01b4 100644
--- a/doc/dox_comments/header_files-ja/asn_public.h
+++ b/doc/dox_comments/header_files-ja/asn_public.h
@@ -1870,7 +1870,7 @@ int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts);
     \return  0 �功時�返���。
     \return  BAD_FUNC_ARG asn1�NULL�場��返�れ��。
     \return  BAD_FUNC_ARG val�範囲外�場��返�れ��。
- 
+
     \param opts  Asn1PrintOptions構造体���インタ
     \param opt   設定�る情報���インタ
     \param val   設定値
diff --git a/doc/dox_comments/header_files-ja/blake2.h b/doc/dox_comments/header_files-ja/blake2.h
index 61dad75a5..3e5f97601 100644
--- a/doc/dox_comments/header_files-ja/blake2.h
+++ b/doc/dox_comments/header_files-ja/blake2.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  ��関数�Blake2 Hash関数�使用�る���Blake2b構造を�期化���。
     \return 0  Blake2B構造��期化��功��ダイジェストサイズを設定�����返�れ��。
     \param b2b  �期化�る���Blake2b構造���インタ
@@ -14,7 +14,7 @@
 int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
 
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  ��関数��与�られ�入力データ�Blake2B�ッシュを更新���。��関数��wc_initblake2b�後�呼�出�れ�最後��ッシュ：wc_blake2bfinal�準備�����る��繰り返���。
     \return 0  与�られ�データを使用��Blake2B構造を正常�更新�る�返�れ��。
     \return -1  入力データ�圧縮中�障害�発生��場�
@@ -40,7 +40,7 @@ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
 int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz);
 
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  ��関数��以��供給�れ�入力データ�Blake2b�ッシュを計算���。出力�ッシュ�長�REQUESTSZ��る���求�れ�場��B2B構造�DigestSZを使用���。��関数��wc_initblake2b�後�呼�出�れ�wc_blake2bupdate�必���入力データ�対��処��れ����。
     \return 0  Blake2B Hash�計算��功�����返�れ���
     \return -1  blake2b�ッシュを解����る間�失敗��る場�
diff --git a/doc/dox_comments/header_files-ja/bn.h b/doc/dox_comments/header_files-ja/bn.h
index 30afb2b4d..eb2749a42 100644
--- a/doc/dox_comments/header_files-ja/bn.h
+++ b/doc/dox_comments/header_files-ja/bn.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  ��関数��次�数学「R =（A ^ P）％M�を実行���。
     \return SSL_SUCCESS  数学�作を���実行���。
     \return SSL_FAILURE  エラーケース�����場�
diff --git a/doc/dox_comments/header_files-ja/camellia.h b/doc/dox_comments/header_files-ja/camellia.h
index 5371a79ed..c07af016d 100644
--- a/doc/dox_comments/header_files-ja/camellia.h
+++ b/doc/dox_comments/header_files-ja/camellia.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  ��関数��Camelliaオブジェクト�キー��期化ベクトルを設定���れを暗����使用�る����期化���。
     \return 0  キー��期化ベクトルを正常�設定�る�返�れ��
     \return BAD_FUNC_ARG  入力引数�1��エラー処���る場��返�れ��
@@ -27,7 +27,7 @@ int  wc_CamelliaSetKey(Camellia* cam,
                                    const byte* key, word32 len, const byte* iv);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  ��関数��Camelliaオブジェクト��期化ベクトルを設定���。
     \return 0  キー��期化ベクトルを正常�設定�る�返�れ��
     \return BAD_FUNC_ARG  入力引数�1��エラー処���る場��返�れ��
@@ -46,7 +46,7 @@ int  wc_CamelliaSetKey(Camellia* cam,
 int  wc_CamelliaSetIV(Camellia* cam, const byte* iv);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  ��機能���供�れ�Camelliaオブジェクトを使用��1ブロック暗�化���。�れ��ッファー�最��16�イトブロックを解���暗�化�果を�ッファアウト�格����。��機能を使用�る���WC_CAMELLIASETKEYを使用��Camelliaオブジェクトを�期化�る必���り��。
     \return none  ���返���。
     \param cam  暗�化�使用�る椿構造���インタ
@@ -66,7 +66,7 @@ int  wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
                                                                 const byte* in);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  ��機能���供�れ�Camelliaオブジェクトを使用��1ブロック復�化���。�れ��ッファ内�最��16�イトブロックを解����れを復�化���果を�ッファアウト�格����。��機能を使用�る���WC_CAMELLIASETKEYを使用��Camelliaオブジェクトを�期化�る必���り��。
     \return none  ���返���。
     \param cam  暗�化�使用�る椿構造���インタ
@@ -86,7 +86,7 @@ int  wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
                                                                 const byte* in);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  ��関数���ッファー�平文を暗�化����出力を�ッファOUT�格����。暗�ブロック�ェーン（CBC）を使用��Camelliaを使用����暗�化を実行���。
     \return none  ���返���。
     \param cam  暗�化�使用�る椿構造���インタ
@@ -107,7 +107,7 @@ int wc_CamelliaCbcEncrypt(Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  ��関数���ッファ内�暗�文を復�化����出力を�ッファOUT�格����。暗�ブロック�ェーン（CBC）を�載��Camelliaを使用����復�化を実行���。
     \return none  ���返���。
     \param cam  暗�化�使用�る椿構造���インタ
diff --git a/doc/dox_comments/header_files-ja/chacha.h b/doc/dox_comments/header_files-ja/chacha.h
index 171256ea2..dea2a6cc5 100644
--- a/doc/dox_comments/header_files-ja/chacha.h
+++ b/doc/dox_comments/header_files-ja/chacha.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  ��関数�Chachaオブジェクト��期化ベクトル（nonce）を設定��暗����使用�る����期化���。WC_CHACHA_SETKEYを使用���キー�設定�れ�後�呼�出�れる����。暗�化��ラウンド�差���を使用�る必���り��。
     \return 0  �期化ベクトルを正常�設定�る�返�れ��
     \return BAD_FUNC_ARG  CTX入力引数�処�中�エラー�発生��場�
@@ -21,7 +21,7 @@
 int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  ��関数���ッファ入力�らテキストを処���暗�化���復�化���果を�ッファ出力�格����。
     \return 0  入力�暗�化���復�化��功�����返�れ��
     \return BAD_FUNC_ARG  CTX入力引数�処�中�エラー�発生��場�
@@ -46,7 +46,7 @@ int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                               word32 msglen);
 
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  ��関数�Chachaオブジェクト�キーを設定���れを暗����使用�る����期化���。NONCEをWC_CHACHA_SETIV�設定�る���WC_CHACHA_PROCESSを使用��暗�化�使用�る��呼�出�必���り��。
     \return 0  キー�設定��功�����返�れ��
     \return BAD_FUNC_ARG  CTX入力引数�処�中�エラー�発生��場�����キー�16���32�イト�長���る場�
diff --git a/doc/dox_comments/header_files-ja/cmac.h b/doc/dox_comments/header_files-ja/cmac.h
index 95612f6c2..401949a03 100644
--- a/doc/dox_comments/header_files-ja/cmac.h
+++ b/doc/dox_comments/header_files-ja/cmac.h
@@ -23,6 +23,8 @@
      \sa wc_InitCmac_ex
      \sa wc_CmacUpdate
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_InitCmac(Cmac* cmac,
                  const byte* key�word32 keySz�
@@ -55,6 +57,8 @@ int wc_InitCmac(Cmac* cmac,
      \sa wc_InitCmac_ex
      \sa wc_CmacUpdate
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_InitCmac_ex(Cmac* cmac,
                  const byte* key, word32 keySz,
@@ -75,17 +79,40 @@ int wc_InitCmac_ex(Cmac* cmac,
 
      \sa wc_InitCmac
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_CmacUpdate(Cmac* cmac,
                    const byte* in, word32 inSz);
 
+/*!
+    \ingroup CMAC
+    \brief 暗�ベース�メッセージ�証コード�最終�果を生����。����使用��コンテキスト�クリーンアップ�行���ん。
+    \return �功��ら0を返���
+    \param cmac Cmac構造体���インタ
+    \param out �果を格��る�ッファ���インタ
+    \param outSz �果出力先�ッファ�サイズ
+
+    _Example_
+    \code
+    ret = wc_CmacFinalNoFree(cmac, out, &outSz);
+    (void)wc_CmacFree(cmac);
+    \endcode
+
+    \sa wc_InitCmac
+    \sa wc_CmacFinal
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFree
+*/
+int wc_CmacFinalNoFree(Cmac* cmac,
+                 byte* out, word32* outSz);
 /*!
      \ingroup CMAC
-     \brief 暗�ベース�メッセージ�証コードを使用��最終�果を生����
+     \brief 暗�ベース�メッセージ�証コードを使用��最終�果を生����。加���内部�wc_CmacFreeを呼�出��コンテキス�をクリーンアップ���。
      \return �功��ら0を返���
      \param cmac Cmac構造体���インタ
-     \param out �果�出力先�ッファ���インタ
-     \param outSz �果�出力先�ッファサイズ (in/out)
+     \param out �果を格��る�ッファ���インタ
+     \param outSz �果出力先�ッファ�サイズ
 
      _例_
      \code
@@ -94,10 +121,31 @@ int wc_CmacUpdate(Cmac* cmac,
 
      \sa wc_InitCmac
      \sa wc_CmacFinal
+     \sa wc_CmacFinalNoFree
+     \sa wc_CmacFree
 */
 int wc_CmacFinal(Cmac* cmac,
                   byte* out, word32* outSz);
 
+/*!
+    \ingroup CMAC
+    \brief CMAC処�中�Cmac構造体内�確��れ�オブジェクトを開放���。
+    \return �功��ら0を返���
+    \param cmac Cmac構造体���インタ
+
+    _Example_
+    \code
+    ret = wc_CmacFinalNoFree(cmac, out, &outSz);
+    (void)wc_CmacFree(cmac);
+    \endcode
+
+    \sa wc_InitCmac
+    \sa wc_CmacFinalNoFree
+    \sa wc_CmacFinal
+    \sa wc_CmacFree
+*/
+int wc_CmacFree(Cmac* cmac);
+
 /*!
      \ingroup CMAC
      \brief CMACを生��る���シングルショット関数
@@ -156,4 +204,4 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
      ret = wc_CMAC_Grow(cmac�in�inSz)
      \endcode
 */
-int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
\ No newline at end of file
+int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
diff --git a/doc/dox_comments/header_files-ja/coding.h b/doc/dox_comments/header_files-ja/coding.h
index 7205bd0bd..2abcf3248 100644
--- a/doc/dox_comments/header_files-ja/coding.h
+++ b/doc/dox_comments/header_files-ja/coding.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  ��機能��与�られ�BASS64符�化入力�IN��よ�出力�ッファを出力�ッファOUT�格����。���変数outlen内�出力�ッファ�書�込�れ�サイズも設定���。
     \return 0  Base64エンコード入力�復�化��功�����返�れ��
     \return BAD_FUNC_ARG  復�化�れ�入力を�存�る���出力�ッファ�����る場��返�れ��。
@@ -26,7 +26,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out,
                                word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  ��機能�与�られ�入力を符�化��符�化�果を出力�ッファOUT�格����。エスケープ％0A行末�代�り��従�� '\ N'行�終�りを��データを書�込���。正常�完了�る����機能����出力�ッファ�書�込�れ��イト数�統一�れ��。
     \return 0  Base64エンコード入力�復�化��功�����返�れ��
     \return BAD_FUNC_ARG  出力�ッファ������エンコード�れ�入力を�存�る場��返�れ��。
@@ -53,7 +53,7 @@ int Base64_Encode(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  ��機能�与�られ�入力を符�化��符�化�果を出力�ッファOUT�格����。�れ� '\ n "行�終�り�����％0aエスケープ行�終�りを��データを書�込���。正常�完了�る����機能����出力�ッファ�書�込�れ��イト数�統一�れ��。
     \return 0  Base64エンコード入力�復�化��功�����返�れ��
     \return BAD_FUNC_ARG  出力�ッファ������エンコード�れ�入力を�存�る場��返�れ��。
@@ -80,7 +80,7 @@ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  ��機能�与�られ�入力を符�化��符�化�果を出力�ッファOUT�格����。�れ�新��行���データを書�込���。正常�完了�る����関数����出力�ッファ�書�込�れ��イト数�統一�れ�も�を設定���
     \return 0  Base64エンコード入力�復�化��功�����返�れ��
     \return BAD_FUNC_ARG  出力�ッファ������エンコード�れ�入力を�存�る場��返�れ��。
@@ -106,7 +106,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  ��機能��与�られ�BASE16符�化入力�IN��よ�出力�ッファ���果を記憶�る。���変数outlen内�出力�ッファ�書�込�れ�サイズも設定���。
     \return 0  Base16エンコード入力�復�����復�化�����返�れ��
     \return BAD_FUNC_ARG  出力�ッファ�復�化�れ�入力を�存�る�も����る場�����入力長�2���数���場��返�れ��。
@@ -132,7 +132,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
 int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  BASE16出力��エンコード入力。
     \return 0  �功
     \return BAD_FUNC_ARG  IN�OUT����outlen�NULL�場�����outlen�Inlen Plus 1を超���る場��返���。
diff --git a/doc/dox_comments/header_files-ja/compress.h b/doc/dox_comments/header_files-ja/compress.h
index aee9fed37..a52265203 100644
--- a/doc/dox_comments/header_files-ja/compress.h
+++ b/doc/dox_comments/header_files-ja/compress.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Compression 
+    \ingroup Compression
     \brief  ��関数���フマン符�化を用��与�られ�入力データを圧縮��出力をOUT�格��る。出力�ッファ��圧縮��能������存在�る���出力�ッファ�入力�ッファよりも大������。�れ���ルックアップテーブルを必�����。出力�ッファ�対��SRCSZ + 0.1％+ 12を割り当�る��を�勧����。
     \return On  入力データ�圧縮��功��出力�ッファ�格��れ��る�イト数を返���。
     \return COMPRESS_INIT_E  圧縮����ストリーム��期化中�エラー��る場�
@@ -24,7 +24,7 @@
 int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags);
 
 /*!
-    \ingroup Compression 
+    \ingroup Compression
     \brief  ��関数���フマン符�化を用��所定�圧縮データを解���出力をOUT�格��る。
     \return Success  入力データ�解���功��場���出力�ッファ�格��れ��る�イト数を返���。
     \return COMPRESS_INIT_E:  圧縮����ストリーム��期化中�エラー��る場�
diff --git a/doc/dox_comments/header_files-ja/cryptocb.h b/doc/dox_comments/header_files-ja/cryptocb.h
index 24ee2233e..3b8e3dbd9 100644
--- a/doc/dox_comments/header_files-ja/cryptocb.h
+++ b/doc/dox_comments/header_files-ja/cryptocb.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup CryptoCb 
+    \ingroup CryptoCb
     \brief  ��関数��Crypto Operationsをキーストア�Secure Element�HSM�PKCS11���TPM���外部�ードウェア�オフロード�る���固有�デ�イス識別�（DEVID）�コール�ック関数を登録���。Cryptoコール�ック�STSAFE�場���wolfcrypt / src / port / st / stsafe.c�wolfssl_stsafe_cryptodevcb関数を�照������。TPMベース�Cryptoコール�ック�例���wolftpm src / tpm2_wrap.c�wolftpm2_cryptodevcb関数を�照������。
     \return CRYPTOCB_UNAVAILABLE  ソフトウェア暗�を使用�る���フォール�ック�る
     \return 0  �功����
@@ -73,7 +73,7 @@
 int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 
 /*!
-    \ingroup CryptoCb 
+    \ingroup CryptoCb
     \brief  ��関数��固有�デ�イス識別�（devid）コール�ック関数を除外���。
     \return none  ���返���。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/curve25519.h b/doc/dox_comments/header_files-ja/curve25519.h
index 5ddc615a9..7f7150327 100644
--- a/doc/dox_comments/header_files-ja/curve25519.h
+++ b/doc/dox_comments/header_files-ja/curve25519.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��与�られ�サイズ（Keysize）�指定�れ�乱数発生器RNGを使用��Curve25519キーを生����れを指定�れ�Curve25519_Key構造体�格����。キー構造�WC_CURVE25519_INIT（）を介���期化�れ�後�呼�出�れる����。
     \return 0  キー�生���功���れを指定�れ�Curve25519_Key構造体�格����。
     \return ECC_BAD_ARG_E  入力キーサイズ�Curve25519キー（32�イト）�キーシェイズ�対応�����場��返�れ��。
@@ -27,7 +27,7 @@
 int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��秘密�秘密���信��公開�を考�る��共有秘密�を計算���。生��れ�秘密�を�ッファアウト��存��ounlent�秘密��変数を割り当���。ビッグエンディアン��をサ�ート���。
     \return 0  共有秘密�を正常�計算�����返�れ���。
     \return BAD_FUNC_ARG  渡�れ�入力パラメータ���れ��NULL�場��返�れ��。
@@ -59,7 +59,7 @@ int wc_curve25519_shared_secret(curve25519_key* private_key,
                                 byte* out, word32* outlen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��秘密�秘密���信��公開�を考�る��共有秘密�を計算���。生��れ�秘密�を�ッファアウト��存��ounlent�秘密��変数を割り当���。ビッグ・リトルエンディアン�両方をサ�ート���。
     \return 0  共有秘密�を正常�計算�����返�れ���。
     \return BAD_FUNC_ARG  渡�れ�入力パラメータ���れ��NULL�場��返�れ��。
@@ -94,7 +94,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
                                    byte* out, word32* outlen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�Curve25519キーを�期化���。構造�キーを生��る��呼�出�れる����。
     \return 0  Curve25519_Key構造体��期化��功����。
     \return BAD_FUNC_ARG  キー�NULL����返�れ��。
@@ -110,7 +110,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
 int wc_curve25519_init(curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�Curve25519オブジェクトを解放���。
     _Example_
     \code
@@ -125,7 +125,7 @@ int wc_curve25519_init(curve25519_key* key);
 void wc_curve25519_free(curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�Curve25519秘密���をイン�ート���。（ビッグエンディアン）。
     \return 0  秘密��イン�ート��功����。
     \return BAD_FUNC_ARG  キー���PRIV�NULL�場��返���。
@@ -153,7 +153,7 @@ int wc_curve25519_import_private(const byte* priv, word32 privSz,
                                  curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  CURVE25519秘密��イン�ート��。（大��エンディアン）。
     \return 0  秘密��イン�ート��功����。
     \return BAD_FUNC_ARG  キー���PRIV�NULL�場��返���。
@@ -184,7 +184,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
                                     curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��パブリック秘密�ペアをCurve25519_Key構造体�イン�ート���。ビッグエンディアン��。
     \return 0  Curve25519_Key構造体��イン�ート�返�れ��
     \return BAD_FUNC_ARG  入力パラメータ���れ��NULL�場��返���。
@@ -221,7 +221,7 @@ int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��パブリック秘密�ペアをCurve25519_Key構造体�イン�ート���。ビッグ・リトルエンディアン�両方をサ�ート���。
     \return 0  Curve25519_Key構造体��イン�ート�返�れ��
     \return BAD_FUNC_ARG  入力パラメータ���れ��NULL�場��返���。
@@ -260,7 +260,7 @@ int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
                                         curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�Curve25519_Key構造体�ら秘密�をエクス�ート���れを指定�れ�アウト�ッファ�格����。���エクス�ート�れ�キー�サイズ��るよ��概�を設定���。ビッグエンディアン��。
     \return 0  Curve25519_Key構造体�ら秘密�を正常�エクス�ート����。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -291,7 +291,7 @@ int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
                                      word32* outLen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�Curve25519_Key構造体�ら秘密�をエクス�ート���れを指定�れ�アウト�ッファ�格����。���エクス�ート�れ�キー�サイズ��るよ��概�を設定���。�れ�ビッグ・リトルエンディアン�を指定����。
     \return 0  Curve25519_Key構造体�ら秘密�を正常�エクス�ート����。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -324,7 +324,7 @@ int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
                                         word32* outLen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��指定�れ��ッファ�ら公開�をイン�ート���れをCurve25519_Key構造体�格����。
     \return 0  公開�をCurve25519_Key構造体�正常�イン�ート����。
     \return ECC_BAD_ARG_E  InLenパラメータ�キー構造�キーサイズ�一致���場��返�れ��。
@@ -358,7 +358,7 @@ int wc_curve25519_import_public(const byte* in, word32 inLen,
                                 curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��指定�れ��ッファ�ら公開�をイン�ート���れをCurve25519_Key構造体�格����。
     \return 0  公開�をCurve25519_Key構造体�正常�イン�ート����。
     \return ECC_BAD_ARG_E  InLenパラメータ�キー構造�キーサイズ�一致���場��返�れ��。
@@ -393,7 +393,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
                                    curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数��公開��ッファ�指定�れ�エンディアン�対��有効�Curve2519キー値を�����る��を確����。
     \return 0  公開��値�有効����返�れ��。
     \return ECC_BAD_ARG_E  公開��値�無効�場��返�れ��。
@@ -420,7 +420,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
 int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�指定�れ�キー構造�ら公開�をエクス�ート���果をアウト�ッファ�格����。ビッグエンディアン��。
     \return 0  Curve25519_Key構造体�ら公開�を正常�エクス�ート�る上�返�れ��。
     \return ECC_BAD_ARG_E  outlen�curve25519_pub_key_sizeより���場��返�れ��。
@@ -449,7 +449,7 @@ int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
 int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�指定�れ�キー構造�ら公開�をエクス�ート���果をアウト�ッファ�格����。ビッグ・リトルエンディアン�両方をサ�ート���。
     \return 0  Curve25519_Key構造体�ら公開�を正常�エクス�ート�る上�返�れ��。
     \return ECC_BAD_ARG_E  outlen�curve25519_pub_key_sizeより���場��返�れ��。
@@ -481,7 +481,7 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
                                    word32* outLen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  Export Curve25519キーペア。ビッグエンディアン��。
     \return 0  Curve25519_Key構造体�らキーペア�エクス�ート��功����。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -516,7 +516,7 @@ int wc_curve25519_export_key_raw(curve25519_key* key,
                                  byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  Export Curve25519キーペア。ビッグ・リトルエンディアン。
     \return 0  Curve25519_Key構造体�らキーペア�エクス�ート��功����。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -555,7 +555,7 @@ int wc_curve25519_export_key_raw_ex(curve25519_key* key,
                                     int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  ��関数�与�られ�キー構造�キーサイズを返���。
     \return Success  有効��期化�れ�Curve25519_Key構造体を考慮�る��キー�サイズを返���。
     \return 0  キー�NULL�場��返�れ��
diff --git a/doc/dox_comments/header_files-ja/curve448.h b/doc/dox_comments/header_files-ja/curve448.h
index 4a6a1d2e7..d6d8a307a 100644
--- a/doc/dox_comments/header_files-ja/curve448.h
+++ b/doc/dox_comments/header_files-ja/curve448.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��与�られ�サイズ（Keysize）�サイズ�指定�れ�乱数発生器RNGを使用��Curve448キーを生����れを指定�れ�Curve448_Key構造体�格����。キー構造�WC_CURVE448_INIT（）を介���期化�れ�後�呼�出�れる����。
     \return 0  キー�生���功���れを指定�れ�Curve448_Key構造体�格����。
     \return ECC_BAD_ARG_E  入力キーサイズ�Curve448キー（56�イト）�キーシェイズ�対応�����場��返�れ��。
@@ -27,7 +27,7 @@
 int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��秘密�秘密���信��公開�を考�る��共有秘密�を計算���。生��れ�秘密�を�ッファアウト��存��ounlent�秘密��変数を割り当���。ビッグエンディアン��をサ�ート���。
     \return 0  共有秘密�を正常�計算�る上�返��れ���
     \return BAD_FUNC_ARG  渡�れ�入力パラメーター���れ��NULL�場��返�れ��
@@ -58,7 +58,7 @@ int wc_curve448_shared_secret(curve448_key* private_key,
                                 byte* out, word32* outlen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��秘密�秘密���信��公開�を考�る��共有秘密�を計算���。生��れ�秘密�を�ッファアウト��存��ounlent�秘密��変数を割り当���。ビッグ・リトルエンディアン�両方をサ�ート���。
     \return 0  共有秘密�を正常�計算�����返�れ���。
     \return BAD_FUNC_ARG  渡�れ�入力パラメータ���れ��NULL�場��返�れ��。
@@ -92,7 +92,7 @@ int wc_curve448_shared_secret_ex(curve448_key* private_key,
                                    byte* out, word32* outlen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�Curve448キーを�期化���。構造�キーを生��る��呼�出�れる����。
     \return 0  Curve448_Key構造体��期化��功����。
     \return BAD_FUNC_ARG  キー�NULL����返�れ��。
@@ -108,7 +108,7 @@ int wc_curve448_shared_secret_ex(curve448_key* private_key,
 int wc_curve448_init(curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�Curve448オブジェクトを解放���。
     _Example_
     \code
@@ -123,7 +123,7 @@ int wc_curve448_init(curve448_key* key);
 void wc_curve448_free(curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�Curve448秘密���をイン�ート���。（ビッグエンディアン）。
     \return 0  秘密��イン�ート��功����。
     \return BAD_FUNC_ARG  キー���PRIV�NULL�場��返���。
@@ -151,7 +151,7 @@ int wc_curve448_import_private(const byte* priv, word32 privSz,
                                  curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  CURVE448秘密��イン�ート��。（ビッグエンディアン）。
     \return 0  秘密��イン�ート��功����。
     \return BAD_FUNC_ARG  キー���PRIV�NULL�場��返���。
@@ -182,7 +182,7 @@ int wc_curve448_import_private_ex(const byte* priv, word32 privSz,
                                     curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��public-秘密��ペアをCurve448_Key構造体�イン�ート���。ビッグエンディアン��。
     \return 0  Curve448_Key構造体��イン�ート時�返�れ��。
     \return BAD_FUNC_ARG  入力パラメータ���れ��NULL�場��返���。
@@ -219,7 +219,7 @@ int wc_curve448_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��public-秘密��ペアをCurve448_Key構造体�イン�ート���。ビッグ・リトルエンディアン�両方をサ�ート���。
     \return 0  Curve448_Key構造体��イン�ート時�返�れ��。
     \return BAD_FUNC_ARG  入力パラメータ���れ��NULL�場��返���。
@@ -259,7 +259,7 @@ int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz,
                                         curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�Curve448_Key構造体�ら秘密�をエクス�ート���れを指定�れ��ッファ�格����。���エクス�ート�れ�キー�サイズ��るよ��概�を設定���。ビッグエンディアン��。
     \return 0  Curve448_Key構造体�ら秘密�を正常�エクス�ート�る上�返�れ���。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -290,7 +290,7 @@ int wc_curve448_export_private_raw(curve448_key* key, byte* out,
                                      word32* outLen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�Curve448_Key構造体�ら秘密�をエクス�ート���れを指定�れ��ッファ�格����。���エクス�ート�れ�キー�サイズ��るよ��概�を設定���。�れ�大���リトルエンディアン�を指定����。
     \return 0  Curve448_Key構造体�ら秘密�を正常�エクス�ート�る上�返�れ���。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -323,7 +323,7 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out,
                                         word32* outLen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��指定�れ��ッファ�ら公開�をイン�ート���れをCurve448_Key構造体�格����。
     \return 0  公開�をCurve448_Key構造体�正常�イン�ート����。
     \return ECC_BAD_ARG_E  InLenパラメータ�キー構造�キーサイズ�一致���場��返�れ��。
@@ -357,7 +357,7 @@ int wc_curve448_import_public(const byte* in, word32 inLen,
                                 curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��指定�れ��ッファ�ら公開�をイン�ート���れをCurve448_Key構造体�格����。
     \return 0  公開�をCurve448_Key構造体�正常�イン�ート����。
     \return ECC_BAD_ARG_E  InLenパラメータ�キー構造�キーサイズ�一致���場��返�れ��。
@@ -392,7 +392,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen,
                                    curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数��公開��ッファ�エンディアン順�付�を与�られ�有効�Curve448キー値を���る��を確����。
     \return 0  公開��値�有効����返�れ��。
     \return ECC_BAD_ARG_E  公開��値�無効�場��返�れ��。
@@ -419,7 +419,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen,
 int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�指定�れ�キー構造�ら公開�をエクス�ート���果をアウト�ッファ�格����。ビッグエンディアン��。
     \return 0  Curve448_Key構造体�ら公開��エクス�ート��功����。
     \return ECC_BAD_ARG_E  outlen�curve448_pub_key_sizeより���場��返�れ��。
@@ -449,7 +449,7 @@ int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
 int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�指定�れ�キー構造�ら公開�をエクス�ート���果をアウト�ッファ�格����。ビッグ・リトルエンディアン�両方をサ�ート���。
     \return 0  Curve448_Key構造体�ら公開��エクス�ート��功����。
     \return ECC_BAD_ARG_E  outlen�curve448_pub_key_sizeより���場��返�れ��。
@@ -481,7 +481,7 @@ int wc_curve448_export_public_ex(curve448_key* key, byte* out,
                                    word32* outLen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�指定�れ�キー構造�らキーペアをエクス�ート���果をアウト�ッファ�格����。ビッグエンディアン��。
     \return 0  Curve448_Key構造体�らキーペア�エクス�ート��功����。
     \return BAD_FUNC_ARG  入力パラメータ�NULL�場��返�れ��。
@@ -516,7 +516,7 @@ int wc_curve448_export_key_raw(curve448_key* key,
                                  byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  Curve448キーペアをエクス�ート���。ビッグ����リトルエンディアン。
     \brief  ��関数�指定�れ�キー構造�らキーペアをエクス�ート���果をアウト�ッファ�格����。ビッグ����リトルエンディアン。
     \return 0  �功
@@ -556,7 +556,7 @@ int wc_curve448_export_key_raw_ex(curve448_key* key,
                                     int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  ��関数�与�られ�キー構造�キーサイズを返���。
     \return Success  有効��期化�れ�Curve448_Key構造体を考慮�る��キー�サイズを返���。
     \return 0  キー�NULL�場��返�れ��。
diff --git a/doc/dox_comments/header_files-ja/des3.h b/doc/dox_comments/header_files-ja/des3.h
index c7f57aba0..a8829ef43 100644
--- a/doc/dox_comments/header_files-ja/des3.h
+++ b/doc/dox_comments/header_files-ja/des3.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数��引数���与�られ�DES構造体�キー��期化ベクトル（IV）を設定���。����れら����期化�れ����場���暗�化�復�化�必���ッファー�スペースを�期化��割り当���。注：IV�指定�れ����場�（i.e.iv == null）�期化ベクトル��デフォルト�IV 0��り��。
     \return 0  DES構造体�キー��期化ベクトルを正常�設定�る
     \param des  �期化�るDES構造���インタ
@@ -24,7 +24,7 @@ int  wc_Des_SetKey(Des* des, const byte* key,
                                const byte* iv, int dir);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数��引数���与�られ�DES構造体��期化ベクトル（IV）を設定���。NULL IVを渡��ら��期化ベクトルを0�設定���。
     \return none  ���返���。
     \param des  IVを設定�る���DES構造���インタ
@@ -41,7 +41,7 @@ int  wc_Des_SetKey(Des* des, const byte* key,
 void wc_Des_SetIV(Des* des, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力メッセージを暗�化���果を出力�ッファー�格����。暗�ブロック�ェーン�ェーン（CBC）モード�DES暗�化を使用���。
     \return 0  与�られ�入力メッセージ�暗�化��功�����返�れ��
     \param des  暗�化�使用�るDES構造���インタ
@@ -66,7 +66,7 @@ int  wc_Des_CbcEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力暗�文を復�化���果�平文を出力�ッファー�出力���。暗�ブロック�ェーン�ェーン（CBC）モード�DES暗�化を使用���。
     \return 0  与�られ�暗�文を正常�復�化�����返�れ���
     \param des  復�化�使用�るDES構造���インタ
@@ -91,7 +91,7 @@ int  wc_Des_CbcDecrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力メッセージを暗�化���果を出力�ッファー�格����。電�コードブック（ECB）モード�DES暗�化を使用���。
     \return 0:  与�られ�平文を正常�暗�化�る�返�れ��。
     \param des  暗�化�使用�るDES構造���インタ
@@ -115,7 +115,7 @@ int  wc_Des_EcbEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力メッセージを暗�化���果を出力�ッファー�格����。電�コードブック（ECB）モード�DES3暗�化を使用���。警告：������ユースケース�ECBモード�安全性�低��考�られ����。�能��りECB APIを直接使用��������。
     \return 0  与�られ�平文を正常�暗�化�る�返�れ��
     \param des3  暗�化�使用�るDES3構造���インタ
@@ -139,7 +139,7 @@ int wc_Des3_EcbEncrypt(Des3* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数��引数���与�られ�DES3構造�キー��期化ベクトル（IV）を設定���。����れら����期化�れ����場���暗�化�復�化�必���ッファー�スペースを�期化��割り当���。注：IV�指定�れ����場�（i.e.iv == null）�期化ベクトル��デフォルト�IV 0��り��。
     \return 0  DES構造体�キー��期化ベクトルを正常�設定�る
     \param des3  �期化�るDES3構造���インタ
@@ -165,7 +165,7 @@ int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数��引数���与�られ�DES3構造��期化ベクトル（IV）を設定���。NULL IVを渡��ら��期化ベクトルを0�設定���。
     \return none  ���返���。
     \param des  IVを設定�る���DES3構造���インタ
@@ -184,7 +184,7 @@ int  wc_Des3_SetKey(Des3* des, const byte* key,
 int  wc_Des3_SetIV(Des3* des, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力メッセージを暗�化���果を出力�ッファー�格����。暗�ブロック�ェーン（CBC）モード�トリプルDES（3DES）暗�化を使用���。
     \return 0  与�られ�入力メッセージ�暗�化��功�����返�れ��
     \param des  暗�化�使用�るDES3構造���インタ
@@ -209,7 +209,7 @@ int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
                                     const byte* in,word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力暗�文を復�化���果�平文を出力�ッファー�出力���。暗�ブロック�ェーン（CBC）モード�トリプルDES（3DES）暗�化を使用���。
     \return 0  与�られ�暗�文を正常�復�化�����返�れ���
     \param des  復�化�使用�るDES3構造���インタ
diff --git a/doc/dox_comments/header_files-ja/dh.h b/doc/dox_comments/header_files-ja/dh.h
index 45dda386b..e8db7eae7 100644
--- a/doc/dox_comments/header_files-ja/dh.h
+++ b/doc/dox_comments/header_files-ja/dh.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��関数��Diffie-Hellman Exchangeプロトコルを使用��安全�秘密�を交渉�る��使用�る���Diffie-Hellmanキーを�期化���。
     \return none  ���返���。
     _Example_
@@ -13,7 +13,7 @@
 int wc_InitDhKey(DhKey* key);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��関数��Diffie-Hellman Exchangeプロトコルを使用��安全�秘密�を�ゴシエート�る���使用�れ�後�Diffie-Hellmanキーを解放���。
     \return none  ���返���。
     _Example_
@@ -28,7 +28,7 @@ int wc_InitDhKey(DhKey* key);
 void wc_FreeDhKey(DhKey* key);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��関数�diffie-hellmanパブリックパラメータ�基���パブリック/秘密�ペアを生���PRIVS�秘密��Pub�公開�を格����。�期化�れ�Diffie-Hellmanキー��期化�れ�RNG構造を�り��。
     \return BAD_FUNC_ARG  ��関数��入力�1�を解��るエラー��る場��返�れ��
     \return RNG_FAILURE_E  RNGを使用��乱数を生��るエラー�発生��場�
@@ -63,7 +63,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                  word32* privSz, byte* pub, word32* pubSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��関数��ローカル秘密���信��公開��基������れ�秘密�を生����。交��両��完了��場����関数�対称通信����秘密����を生����。共有秘密��生���功�る��書�れ�秘密��サイズ�仲間��存�れ��。
     \return 0  ���れ�秘密��生���功����
     \return MP_INIT_E  共有秘密��生�中�エラー�発生��場��返��れる�能性��り��
@@ -100,7 +100,7 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        word32 pubSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��機能��DERフォーマット�キーを�む与�られ�入力�ッファ�らDiffie-Hellmanキーをデコード���。�果をDHKEY構造体�格����。
     \return 0  入力キー�復���功�����返�れ��
     \return ASN_PARSE_E  入力�シーケンスを解���エラー��る場��返�れ��
@@ -128,7 +128,7 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                            word32);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��関数��入力秘密�パラメータを使用��DHKEY構造体�キーを設定���。WC_DHKEYDECODE��異�り���関数�入力キー�DERフォーマット�フォーマット�れ�代�り�PARSED入力パラメータP（Prime）�G（Base）を��入れる必���り��ん。
     \return 0  ��設定��功����
     \return BAD_FUNC_ARG  入力パラメータ���れ��NULL�評価�れ�場��返�れ��。
@@ -157,7 +157,7 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                         word32 gSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  ��関数��与�られ�入力�ッファ�らDiffie-HellmanパラメータP（Prime）�G（ベース）をフォーマット�れ����。
     \return 0  DHパラメータ�抽出��功����
     \return ASN_PARSE_E  DERフォーマット�DH証明書�解�中�エラー�発生��場��返�れ��。
@@ -187,7 +187,7 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
                             word32* pInOutSz, byte* g, word32* gInOutSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -196,7 +196,7 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
 const DhParams* wc_Dh_ffdhe2048_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe4096_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -205,7 +205,7 @@ const DhParams* wc_Dh_ffdhe2048_Get(void);
 const DhParams* wc_Dh_ffdhe3072_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -214,7 +214,7 @@ const DhParams* wc_Dh_ffdhe3072_Get(void);
 const DhParams* wc_Dh_ffdhe4096_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
@@ -223,7 +223,7 @@ const DhParams* wc_Dh_ffdhe4096_Get(void);
 const DhParams* wc_Dh_ffdhe6144_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
@@ -232,13 +232,13 @@ const DhParams* wc_Dh_ffdhe6144_Get(void);
 const DhParams* wc_Dh_ffdhe8192_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
 */
 int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
                         const byte* priv, word32 privSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
 */
 int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz);
 
diff --git a/doc/dox_comments/header_files-ja/doxygen_groups.h b/doc/dox_comments/header_files-ja/doxygen_groups.h
index 0571fedaf..41c8495a9 100644
--- a/doc/dox_comments/header_files-ja/doxygen_groups.h
+++ b/doc/dox_comments/header_files-ja/doxygen_groups.h
@@ -6,6 +6,7 @@
     \defgroup Camellia Algorithms - Camellia
     \defgroup ChaCha Algorithms - ChaCha
     \defgroup ChaCha20Poly1305 Algorithms - ChaCha20_Poly1305
+  　\defgroup CMAC Algorithm - CMAC
     \defgroup Crypto Callbacks - CryptoCb
     \defgroup Curve25519 Algorithms - Curve25519
     \defgroup Curve448 Algorithms - Curve448
@@ -153,7 +154,7 @@
       -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
       -# Derive SSV and auth data: wc_DeriveSakkeSSV()
       -# Free SAKKE Key: wc_FreeSakkeKey()
-    
+
     \defgroup SAKKE_Setup Setup SAKKE Key
     Operations for establishing a SAKKE key.
 
diff --git a/doc/dox_comments/header_files-ja/doxygen_pages.h b/doc/dox_comments/header_files-ja/doxygen_pages.h
index 39065f819..56b9025e0 100644
--- a/doc/dox_comments/header_files-ja/doxygen_pages.h
+++ b/doc/dox_comments/header_files-ja/doxygen_pages.h
@@ -34,6 +34,7 @@
         <li>\ref Camellia</li>
         <li>\ref ChaCha</li>
         <li>\ref ChaCha20Poly1305</li>
+        <li>\ref CMAC</li>
         <li>\ref Crypto Callbacks</li>
         <li>\ref Curve25519</li>
         <li>\ref Curve448</li>
diff --git a/doc/dox_comments/header_files-ja/dsa.h b/doc/dox_comments/header_files-ja/dsa.h
index 64ae4733d..066a0a2e5 100644
--- a/doc/dox_comments/header_files-ja/dsa.h
+++ b/doc/dox_comments/header_files-ja/dsa.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  ��関数��デジタル署�アルゴリズム（DSA）を介���証�使用�る���DSAKEYオブジェクトを�期化���。
     \return 0  �功�戻り���。
     \return BAD_FUNC_ARG  NULLキー�渡�れ�場��返�れ��。
@@ -14,7 +14,7 @@
 int wc_InitDsaKey(DsaKey* key);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  ��関数��使用�れ�後�dsakeyオブジェクトを解放���。
     \return none  ���返���。
     _Example_
@@ -29,7 +29,7 @@ int wc_InitDsaKey(DsaKey* key);
 void wc_FreeDsaKey(DsaKey* key);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  ��機能�入力ダイジェスト�署����果を出力�ッファー�格����。
     \return 0  入力ダイジェスト�正常�署������返�れ���
     \return MP_INIT_E  DSA署��処��エラー��る場��返�れる�能性��り��。
@@ -67,7 +67,7 @@ int wc_DsaSign(const byte* digest, byte* out,
                            DsaKey* key, WC_RNG* rng);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  ��関数��秘密�を考�る��ダイジェスト�署�を検証���。回答パラメータ�キー�正��検証�れ��る�����正常�検証�対応�る1��よ�失敗��検証�対応�る0�格��れ��。
     \return 0  検証�求�処���功�����返�れ��。注：�れ��署��検証�れ��る��を�味�る�������関数��功���������。
     \return MP_INIT_E  DSA署��処��エラー��る場��返�れる�能性��り��。
@@ -106,7 +106,7 @@ int wc_DsaVerify(const byte* digest, const byte* sig,
                              DsaKey* key, int* answer);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  ��機能��DSA公開�を�むDERフォーマット�証明書�ッファを復���与�られ�DSakey構造体�キーを格����。���入力読��り�長��応��INOUTIDXパラメータを設定���。
     \return 0  dsakeyオブジェクト�公開�を正常�設定�る
     \return ASN_PARSE_E  証明書�ッファを読���らエンコーディング�エラー��る場�
@@ -133,7 +133,7 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
                                       DsaKey* key, word32 inSz);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  ��機能��DSA秘密�を�むDERフォーマット�証明書�ッファをデコード��指定�れ�DSakey構造体�キーを格����。���入力読��り�長��応��INOUTIDXパラメータを設定���。
     \return 0  dsakeyオブジェクト�秘密�を正常�設定�る�返�れ���
     \return ASN_PARSE_E  証明書�ッファを読���らエンコーディング�エラー��る場�
@@ -160,7 +160,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
                                        DsaKey* key, word32 inSz);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  DSAKEYキーをDERフォーマット�出力��書�込�（Inlen）�書�込�れ��イトを返���。
     \return outLen  �功�書�れ��イト数
     \return BAD_FUNC_ARG  キー���出力�NULL���キー - >タイプ�DSA_PRIVATE���り��ん。
@@ -187,7 +187,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
 int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  DSAキーを作����。
     \return MP_OKAY  �功
     \return BAD_FUNC_ARG  RNG���DSA���ら��null��。
@@ -212,7 +212,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  FIPS 186-4��modulus_size値�有効�値を定義���（1024,160）（2048,256）（3072,256）
     \return 0  �功
     \return BAD_FUNC_ARG  RNG���DSA�NULL���MODULUS_SIZE�無効��。
diff --git a/doc/dox_comments/header_files-ja/ed448.h b/doc/dox_comments/header_files-ja/ed448.h
index d1f20f23d..b75d27e37 100644
--- a/doc/dox_comments/header_files-ja/ed448.h
+++ b/doc/dox_comments/header_files-ja/ed448.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��秘密��らED448公開�を生����。公開�を�ッファPubkey�格���Pubkeysz����ッファ�書�込�れ��イトを設定���。
     \return 0  公開��作���功�����返�れ��。
     \return BAD_FUNC_ARG  IFIキー���PubKey�NULL�評価�れ�場�����指定�れ�キーサイズ�57�イト����場�（ED448��57�イト�キー��り��）。
@@ -31,7 +31,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
                          word32 pubKeySz);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数�新��ED448キーを生����れをキー�格����。
     \return 0  ED448_Keyを正常�作������返�れ��。
     \return BAD_FUNC_ARG  RNG���Key�NULL�評価�れ�場�����指定�れ�キーサイズ�57�イト����場�（ED448��57�イト�キー��り��）。
@@ -58,7 +58,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
 int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448_Keyオブジェクトを使用��メッセージ�正解を�証���。
     \return 0  メッセージ�署�を正常�生��る�返�れ��。
     \return BAD_FUNC_ARG  入力パラメータ���れ��NULL�評価�れ�場�����出力�ッファ������生��れ�署�を�存�る場��返�れ��。
@@ -94,7 +94,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
                         word32 *outlen, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��Ed448_Keyオブジェクトを使用��メッセージダイジェスト�署���信頼性を�証���。コンテキスト�署��れ�データ�一部�����れ����。�ッシュ��署�計算��プリ�ッシュメッセージ��。メッセージダイジェストを作��る���使用�れる�ッシュアルゴリズム�Shake-256���れ��り��ん。
     \return 0  メッセージダイジェスト�署�を正常�生��る�返�れ��。
     \return BAD_FUNC_ARG  返�れ�入力パラメータ�NULL�評価�れ��。出力�ッファ������生��れ�署�を�存�る��������。
@@ -135,7 +135,7 @@ int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
                          const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448_Keyオブジェクトを使用��メッセージ�正解を�証���。コンテキスト�署��れ�データ�一部�����れ����。署�計算���メッセージ�事���ッシュ�れ����。
     \return 0  メッセージ�署�を正常�生��る�返�れ��。
     \return BAD_FUNC_ARG  返�れ�入力パラメータ�NULL�評価�れ��。出力�ッファ������生��れ�署�を�存�る��������。
@@ -176,7 +176,7 @@ int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out,
                         byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��メッセージ�ED448署�を確���信頼性を確����。文脈�データ検証済��一部�����れ����。答��RESを介��返�れ�有効�署��対応�る1�無効�署��対応�る0を返���。
     \return 0  署�検証��証を正常�実行�����返�れ��。
     \return BAD_FUNC_ARG  ��れ��入力パラメータ�NULL�評価�れ�場�����SIGLEN�署��実際�長��一致���場��返�れ��。
@@ -214,7 +214,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��メッセージ�ダイジェスト�ED448シグ��ャを検証���信頼性を確����。文脈�データ検証済��一部�����れ����。�ッシュ��署�計算��プリ�ッシュメッセージ��。メッセージダイジェストを作��る���使用�れる�ッシュアルゴリズム�Shake-256���れ��り��ん。答��RESを介��返�れ�有効�署��対応�る1�無効�署��対応�る0を返���。
     \return 0  署�検証��証を正常�実行�����返�れ��。
     \return BAD_FUNC_ARG  ��れ��入力パラメータ�NULL�評価�れ�場�����SIGLEN�署��実際�長��一致���場��返�れ��。
@@ -252,7 +252,7 @@ int wc_ed448ph_verify_hash(const byte* sig, word32 siglen, const byte* hash,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��メッセージ�ED448署�を確���信頼性を確����。文脈�データ検証済��一部�����れ����。検証��メッセージ�プリ�ッシュ�れ����。答��RESを介��返�れ�有効�署��対応�る1�無効�署��対応�る0を返���。
     \return 0  署�検証��証を正常�実行�����返�れ��。
     \return BAD_FUNC_ARG  ��れ��入力パラメータ�NULL�評価�れ�場�����SIGLEN�署��実際�長��一致���場��返�れ��。
@@ -290,7 +290,7 @@ int wc_ed448ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��メッセージ検証�将��使用����ED448_Keyオブジェクトを�期化���。
     \return 0  ED448_Keyオブジェクト��期化��功��ら返�れ��。
     \return BAD_FUNC_ARG  キー�NULL�場��返�れ��。
@@ -306,7 +306,7 @@ int wc_ed448ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
 int wc_ed448_init(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数���れ�使用�れ�後�ED448オブジェクトを解放���。
     _Example_
     \code
@@ -321,7 +321,7 @@ int wc_ed448_init(ed448_key* key);
 void wc_ed448_free(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��公開�を�む�ッファ�らPublic ED448_Keyペアをイン�ート���。��関数�圧縮キー��圧縮キー�両方を処����。
     \return 0  ED448_Key�イン�ート��功����。
     \return BAD_FUNC_ARG  IN���KEY�NULL�評価�れ��る場�����INLEN�ED448キー�サイズより���場��返�れ��。
@@ -346,7 +346,7 @@ void wc_ed448_free(ed448_key* key);
 int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ed448秘密�を�ッファ�ら��イン�ート���。
     \return 0  ED448秘密��イン�ート��功����。
     \return BAD_FUNC_ARG  IN���KEY�NULL�評価�れ�場�����PRIVSZ�ED448_KEY_SIZEよりも���場��返�れ��。
@@ -373,7 +373,7 @@ int wc_ed448_import_private_only(const byte* priv, word32 privSz,
                                  ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��一対��ッファ�らパブリック/プライベートED448キーペアをイン�ート���。��関数�圧縮キー��圧縮キー�両方を処����。
     \return 0  ED448キー�イン�ート��功����。
     \return BAD_FUNC_ARG  IN���KEY�NULL�評価�れ�場�����PROVSZ�ED448_KEY_SIZE���PUBSZ���れ��eD448_PUB_KEY_SIZEよりも���場��返�れ��。
@@ -404,7 +404,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
                                const byte* pub, word32 pubSz, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448_Key構造体�ら秘密�をエクス�ート���。公開�を�ッファアウト�格���ounteren����ッファ�書�込�れ��イトを設定���。
     \return 0  公開��エクス�ート��功��ら返�れ��。
     \return BAD_FUNC_ARG  ��れ��入力値�NULL�評価�れ�場��返�れ��。
@@ -432,7 +432,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
 int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448_Key構造体�ら�秘密���をエクス�ート���。秘密�を�ッファアウト�格���outlen����ッファ�書�込�れ��イトを設定���。
     \return 0  秘密��エクス�ート��功��ら返�れ��。
     \return ECC_BAD_ARG_E  ��れ��入力値�NULL�評価�れ�場��返�れ��。
@@ -459,7 +459,7 @@ int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448_Key構造体�らキーペアをエクス�ート���。キーペアを�ッファOUT�格���ounteren����ッファ�書�込�れ��イトを設定���。
     \return 0  キーペア�エクス�ート��功��ら返�れ��。
     \return ECC_BAD_ARG_E  ��れ��入力値�NULL�評価�れ�場��返�れ��。
@@ -490,7 +490,7 @@ int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448_Key構造体��別�プライベートキー�公開�をエクス�ート���。秘密�を�ッファーPriv�格���PRIVSZ����ッファ�書�込�れ��イトを設定���。公開�を�ッファPUB�格���Pubsz����ッファ�書�込�れ��イトを設定���。
     \return 0  キーペア�エクス�ート��功��ら返�れ��。
     \return ECC_BAD_ARG_E  ��れ��入力値�NULL�評価�れ�場��返�れ��。
@@ -524,7 +524,7 @@ int wc_ed448_export_key(ed448_key* key,
                           byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ed448_key構造体�公開�を�ェック���。
     \return 0  プライベートキー�公開��一致��場��返�れ��。
     \return BAD_FUNC_ARGS  与�られ�キー�NULL�場��返�れ��。
@@ -549,7 +549,7 @@ int wc_ed448_check_key(ed448_key* key);
 
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448秘密��サイズ -  57�イトを返���。
     \return ED448_KEY_SIZE  有効�秘密��サイズ（57�イト）。
     \return BAD_FUNC_ARGS  与�られ�キー�NULL�場��返�れ��。
@@ -569,7 +569,7 @@ int wc_ed448_check_key(ed448_key* key);
 int wc_ed448_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��秘密�サイズ（secret + public）を�イト���返���。
     \return ED448_PRV_KEY_SIZE  秘密��サイズ（114�イト）。
     \return BAD_FUNC_ARG  key引数�null�場��返���。
@@ -590,7 +590,7 @@ int wc_ed448_size(ed448_key* key);
 int wc_ed448_priv_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数�圧縮�サイズを�イト���返���（公開�）。
     \return ED448_PUB_KEY_SIZE  圧縮公開��サイズ（57�イト）。
     \return BAD_FUNC_ARG  key引数�null�場��返���。
@@ -610,7 +610,7 @@ int wc_ed448_priv_size(ed448_key* key);
 int wc_ed448_pub_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  ��関数��ED448シグ��ャ�サイズ（�イト数114）を返���。
     \return ED448_SIG_SIZE  ED448シグ��ャ（114�イト）�サイズ。
     \return BAD_FUNC_ARG  key引数�null�場��返���。
diff --git a/doc/dox_comments/header_files-ja/error-crypt.h b/doc/dox_comments/header_files-ja/error-crypt.h
index c558c33be..e660d1f32 100644
--- a/doc/dox_comments/header_files-ja/error-crypt.h
+++ b/doc/dox_comments/header_files-ja/error-crypt.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Error 
+    \ingroup Error
     \brief  ��関数��特定��ッファ内�特定�エラーコード�エラー文字列を格����。
     \return none  ���返���。
     \param error  文字列を�得�る���エラーコード
@@ -17,7 +17,7 @@
 void wc_ErrorString(int err, char* buff);
 
 /*!
-    \ingroup Error 
+    \ingroup Error
     \brief  ��関数��特定�エラーコード�エラー文字列を返���。
     \return string  エラーコード�エラー文字列を文字列リテラル���返���。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/evp.h b/doc/dox_comments/header_files-ja/evp.h
index 93355400e..d6fef8e5d 100644
--- a/doc/dox_comments/header_files-ja/evp.h
+++ b/doc/dox_comments/header_files-ja/evp.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  �れ�れ�wolfssl_evp_cipher�インタ�ゲッター関数。最��プログラム内�wolfssl_evp_init（）を1回呼�出�必���り��。wolfssl_des_ecbマクロ��wolfssl_evp_des_ede3_ecb（）�対��定義�る必���り��。
     \return pointer  DES EDE3�作����wolfssl_evp_cipher�インタを返���。
     _Example_
@@ -14,7 +14,7 @@
 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  �れ�れ�wolfssl_evp_cipher�インタ�ゲッター関数。最��プログラム内�wolfssl_evp_init（）を1回呼�出�必���り��。wolfssl_des_ecbマクロ��wolfssl_evp_des_ecb（）�対��定義�る必���り��。
     \return pointer  DES�作����wolfssl_evp_cipher�インタを返���。
     _Example_
@@ -28,7 +28,7 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_md_ctxを�期化�る機能。��関数�wolfssl_engine�wolfssl_engineを使用������wolfssl_evp_digestinit（）�ラッパー��。
     \return SSL_SUCCESS  正常�設定�れ��る場�。
     \return SSL_FAILURE  �功�����場�
@@ -56,7 +56,7 @@ int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                      WOLFSSL_ENGINE *impl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを�期化�る機能。��関数�wolfssl_engine�wolfssl_engineを使用������wolfssl_ciphinit（）�ラッパー��。
     \return SSL_SUCCESS  正常�設定�れ��る場�。
     \return SSL_FAILURE  �功�����場�
@@ -96,7 +96,7 @@ int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     int enc);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを�期化�る機能。WolfSSL�WOLFSSL_ENGINEを使用��������関数�wolfssl_evp_ciphinit（）�ラッパー��。暗�化フラグを暗�化�るよ��設定���。
     \return SSL_SUCCESS  正常�設定�れ��る場�。
     \return SSL_FAILURE  �功�����場�
@@ -128,7 +128,7 @@ int  wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* iv);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを�期化�る機能。WolfSSL�WOLFSSL_ENGINEを使用��������関数�wolfssl_evp_ciphinit（）�ラッパー��。暗�化フラグを復�化�るよ��設定���。
     \return SSL_SUCCESS  正常�設定�れ��る場�。
     \return SSL_FAILURE  �功�����場�
@@ -169,7 +169,7 @@ int  wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* iv);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  データを暗�化/復�化�る機能。�ッファ内��暗�化���復�化�れ�OUT�ッファ��果を�����。OUTOR�暗�化/復�化�れ�情報�長���り��。
     \return SSL_SUCCESS  �功��場�
     \return SSL_FAILURE  �功�����場�
@@ -201,7 +201,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    const unsigned char *in, int inl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  ��関数��パディングを追加�る最終暗�化�作を実行���。wolfssl_evp_ciph_no_paddingフラグ�wolfssl_evp_cipher_ctx構造�設定�れ��る場��1�返�れ�暗�化/復�化�行�れ��ん。PADDING FLAG�SETIパディングを追加��暗�化�る��暗�化�CTX�設定�れ��る��復�化�れ����パディング値��ェック�れ��。
     \return 1  �功�戻り���。
     \return 0  失敗�����場�
@@ -221,7 +221,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    unsigned char *out, int *outl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL EVP_CIPHER_CTX構造キー長�設定機能
     \return SSL_SUCCESS  正常�設定�れ��る場�。
     \return SSL_FAILURE  キー�長�を設定������場�。
@@ -239,7 +239,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                                      int keylen);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  �れ�CTXブロックサイズ�Getter関数��。
     \return size  ctx-> block_sizeを返���。
     _Example_
@@ -253,7 +253,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  �れ�暗��ブロックサイズ�ゲッター関数��。
     \return size  ブロックサイズを返���。
     _Example_
@@ -266,7 +266,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL evp_cipher_ctx構造�設定機能
     \return none  ���返���。
     \param ctx  フラグを設定�る構造
@@ -283,7 +283,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
 void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL evp_cipher_ctx構造�クリア機能
     \return none  ���返���。
     \param ctx  フラグをクリア�る���構造
@@ -300,7 +300,7 @@ void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctx構造����セッター機能パディングを使用�る。
     \return SSL_SUCCESS  正常�設定�れ��る場�。
     \return BAD_FUNC_ARG  NULL引数�渡�れ�場�。
@@ -317,7 +317,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
 
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctx構造�ゲッター関数廃止予定�V1.1.0
     \return unsigned  フラグ/モード�長�。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/hash.h b/doc/dox_comments/header_files-ja/hash.h
index e7ab99a7b..82ca76b70 100644
--- a/doc/dox_comments/header_files-ja/hash.h
+++ b/doc/dox_comments/header_files-ja/hash.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  ��関数��供�れ�wc_hashtype�OIDを返���。
     \return OID  戻り値0を超������
     \return HASH_TYPE_E  �ッシュ型�サ�ート�れ����ん。
@@ -18,7 +18,7 @@
 int wc_HashGetOID(enum wc_HashType hash_type);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  ��関数��hash_type�ダイジェスト（出力）�サイズを返���。返�サイズ��WC_HASH��供�れる出力�ッファ��分�大����を確��る���使用�れ��。
     \return Success  正�戻り値���ッシュ�ダイジェストサイズを示���。
     \return Error  hash_type�サ�ート�れ����場��hash_type_eを返���。
@@ -36,7 +36,7 @@ int wc_HashGetOID(enum wc_HashType hash_type);
 int wc_HashGetDigestSize(enum wc_HashType hash_type);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  ��関数���供�れ�データ�ッファ上��ッシュを実行���供�れ��ッシュ�ッファ��れを返���。
     \return 0  �����れ���れ以外�誤り（bad_func_argやbuffer_e��）。
     \param hash_type  "wc_hash_type_sha256"��� "enum wc_hashtype"�ら��ッシュ型。
@@ -61,7 +61,7 @@ int wc_Hash(enum wc_HashType hash_type,
     byte* hash, word32 hash_len);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  データを正常��ッシュ�����返�れ��。
     \return Memory_E  メモリエラー�メモリを割り当�る�������ん。�れ�����スタックオプション�有効�����る����。
@@ -86,7 +86,7 @@ int wc_Hash(enum wc_HashType hash_type,
 int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  ���返�れ���...。
     \return Memory_E  メモリエラー�メモリを割り当�る�������ん。�れ�����スタックオプション�有効�����る����。
@@ -103,7 +103,7 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 int wc_ShaHash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  ���返�れ���...
     \return Memory_E  メモリエラー�メモリを割り当�る�������ん。�れ�����スタックオプション�有効�����る����。
@@ -120,7 +120,7 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash);
 int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  �功
     \return <0  エラー
@@ -137,7 +137,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  入力�れ�データを正常��ッシュ�����返�れ��
     \return Memory_E  メモリエラー�メモリを割り当�る�������ん。�れ�����スタックオプション�有効�����る����。
@@ -154,7 +154,7 @@ int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 int wc_Sha512Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  データを正常��ッシュ�����返�れ��
     \return Memory_E  メモリエラー�メモリを割り当�る�������ん。�れ�����スタックオプション�有効�����る����。
diff --git a/doc/dox_comments/header_files-ja/hmac.h b/doc/dox_comments/header_files-ja/hmac.h
index 7202e3c07..7a60f4eb2 100644
--- a/doc/dox_comments/header_files-ja/hmac.h
+++ b/doc/dox_comments/header_files-ja/hmac.h
@@ -3,8 +3,8 @@
     \brief  ��関数�HMACオブジェクトを�期化����暗�化タイプ�キー��よ�HMAC�長�を設定���。
     \return 0  HMACオブジェクト��期化��功����
     \return BAD_FUNC_ARG  入力タイプ�無効�場��返�れ��。有効�オプション�次���り��.MD5�SHA�SHA256�SHA384�SHA3-224�SHA3-256�SHA3-384�SHA3-512
-    \return MEMORY_E  �ッシュ�使用�る構造体�割り当�メモリ�割り当���る場�
-    \return HMAC_MIN_KEYLEN_E  FIPS実装を使用�る���返�れる����り�指定�れ�キー長�最�許容FIPS�格よりも短���。
+    \return MEMORY_E  �ッシュ�使用�る構造体�割り当�メモリ�割り当�エラー��る場�
+    \return HMAC_MIN_KEYLEN_E  FIPS実装を使用�る����指定�れ�キー�FIPS�格�最�許容(14�イト)よりも短�
     \param hmac  �期化�るHMACオブジェクト���インタ
     \param type  HMACオブジェクトを使用�る暗�化方�を指定���。有効�オプション�次���り��.MD5�SHA�SHA256�SHA384�SHA3-224�SHA3-256�SHA3-384�SHA3-512
     \param key  HMACオブジェクトを�期化�るキーを�む�ッファ���インタ
@@ -13,7 +13,7 @@
     Hmac hmac;
     byte key[] = { // initialize with key to use for encryption };
     if (wc_HmacSetKey(&hmac, MD5, key, sizeof(key)) != 0) {
-    	// error initializing Hmac object
+        // error initializing Hmac object
     }
     \endcode
     \sa wc_HmacUpdate
@@ -25,7 +25,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz);
     \ingroup HMAC
     \brief  ��関数��HMACを使用���証�るメッセージを更新���。HMACオブジェクト�WC_HMACSETKEY��期化�れ�後�呼�出�れる����。��関数���ッシュ��メッセージを更新�る���複数回呼�出�れる����り��。必��応��wc_hmacupdateを呼�出��後�最終�証済�メッセージタグを�得�る���wc_hmacfinalを呼�出�必���り��。
     \return 0  �証�るメッセージ�更新��功����
-    \return MEMORY_E  �ッシュアルゴリズム�使用�る���メモリを割り当�るエラー��る場�
+    \return MEMORY_E  �ッシュアルゴリズム�使用�る���メモリ割り当�エラー��る場�
     \param hmac  メッセージを更新�るHMACオブジェクト���インタ
     \param msg  追加�るメッセージを�む�ッファ���インタ
     _Example_
diff --git a/doc/dox_comments/header_files-ja/iotsafe.h b/doc/dox_comments/header_files-ja/iotsafe.h
index 13f30fe5a..3a839eff7 100644
--- a/doc/dox_comments/header_files-ja/iotsafe.h
+++ b/doc/dox_comments/header_files-ja/iotsafe.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ��関数�与�られ�コンテキスト��IoTセーフサ�ートを有効����。
     \param ctx  IOTセーフサ�ートを有効��る必���るWOLFSSL_CTXオブジェクト���インタ
     \return 0  �功��
@@ -19,7 +19,7 @@ int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ��関数��IOT-SAFE TLSコール�ックを特定�SSLセッション�接続���。
     \brief  スロット�ID�1�イト�長��場��SSLセッションをIoT-Safeアプレット�接続�るよ��呼�出�必���り��。IOTセーフスロット�ID�2�イト以上�場��\ REF WOLFSSL_IOTSAFE_ON_EX「WOLFSSL_IOTSAFE_ON_EX（）�を使用�る必���り��。
     \param ssl  コール�ック�有効��るWolfSSLオブジェクト���インタ
@@ -55,7 +55,7 @@ int wolfSSL_iotsafe_on(WOLFSSL *ssl, byte privkey_id,
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ��関数��IOT-SAFE TLSコール�ックを特定�SSLセッション�接続���。�れ��IOTセーフスロット�IDを�照�渡�������IDフィールド�長�をパラメータ "id_size"�指定����。
     \param ssl  コール�ック�有効��るWolfSSLオブジェクト���インタ
     \param privkey_id  ホスト�秘密�を�むIoTセーフアプレットスロット�ID���インタ
@@ -100,7 +100,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  AT + CSIMコマンド�リードコール�ックを関連付���。��入力関数�通常�モデム�通信�るUART�ャ�ル�読��りイベント�関連付�られ����。読��りコール�ック�関連付�られ��る����時�IoT-Safeサ�ートを使用�る����コンテキスト�グロー�ル�変更��。
     _Example_
     \code
@@ -116,7 +116,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
 void wolfIoTSafe_SetCSIM_read_cb(wolfSSL_IOTSafe_CSIM_read_cb rf);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  AT + CSIMコマンド�書�込�コール�ックを関連付���。��出力関数�通常�モデム�通信�るUART�ャ�ル上�ライトイベント�関連付�られ����。Write Callback�関連付�られ��る����時�IoT-Safeサ�ートを使用�る����コンテキスト�グロー�ル�変更��。
     _Example_
     \code
@@ -131,7 +131,7 @@ void wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOTセーフ機能getrandomを使用���指定�れ�サイズ�ランダム��ッファを生����。��関数��WolfCrypt RNGオブジェクト�よ��自動的�使用�れ��。
     \param out  ランダム��イトシーケンス�格��れ��る�ッファ。
     \param sz  生��るランダムシーケンス�サイズ（�イト��）
@@ -140,7 +140,7 @@ int wolfIoTSafe_GetRandom(unsigned char* out, word32 sz);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOT-Safeアプレット上�ファイル��存�れ��る証明書をイン�ート��ローカル�メモリ��存���。1�イト�ファイルIDフィールド�動作���。
     \param id  証明書��存�れ��るIOTセーフ・アプレット�ファイルID
     \param output  証明書�イン�ート�れる�ッファー
@@ -171,7 +171,7 @@ int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOT-Safeアプレット上�ファイル��存�れ��る証明書をイン�ート��ローカル�メモリ��存���。\ ref wolfiotsafe_getcert "wolfiotsafe_getcert"��等��。����2�イト以上�ファイルID�呼�出��������。
     \param id  証明書��存�れ��るIOT-SAFEアプレット�ファイルID���インタ
     \param id_sz  ファイルID�サイズ：�イト数
@@ -207,7 +207,7 @@ int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz);
 int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, unsigned long sz);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOTセーフアプレット�格��れ��るECC 256ビット�公開�をECC_Keyオブジェクト�イン�ート���。
     \param key  IOT-SAFEアプレット�らイン�ート�れ�キーを�むECC_KEYオブジェクト
     \param id  公開���存�れ��るIOTセーフアプレット�キーID
@@ -218,7 +218,7 @@ int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, u
 int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC_KEYオブジェクト�らIOT-SAFEアプレット��書�込��能�パブリックキースロット�ECC 256ビット公開�をエクス�ート���。
     \param key  エクス�ート�る�を�むecc_keyオブジェクト
     \param id  公開���存�れ��るIOTセーフアプレット�キーID
@@ -230,7 +230,7 @@ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC_KEYオブジェクト�らIOT-SAFEアプレット��書�込��能�パブリックキースロット�ECC 256ビット公開�をエクス�ート���。\ ref WC_IOTSAFE_ECC_IMPORT_PUBLIC「WC_IOTSAFE_ECC_IMPORT_PUBLIC���等�も���2�イト以上�キーID�呼�出������る点を除���。
     \param key  エクス�ート�る�を�むecc_keyオブジェクト
     \param id  公開���存�れるIOTセーフアプレット�キーID���インタ
@@ -242,7 +242,7 @@ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
 int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットキーをECC_KEYオブジェクト�らIOTセーフアプレット�書�込��能�プライベートキースロット�エクス�ート���。
     \param key  エクス�ート�る�を�むecc_keyオブジェクト
     \param id  秘密���存�れるIOTセーフアプレット�キーID
@@ -254,7 +254,7 @@ int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size);
 int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットキーをECC_KEYオブジェクト�らIOTセーフアプレット�書�込��能�プライベートキースロット�エクス�ート���。\ ref WC_IOTSAFE_ECC_EXPORT_PRIVATE「WC_IOTSAFE_ECC_EXPORT_PRIVATE�を除��2�イト以上�キーIDを呼�出������る点を除��
     \param key  エクス�ート�る�を�むecc_keyオブジェクト
     \param id  秘密���存�れるIOTセーフアプレット�キーID���インタ
@@ -267,7 +267,7 @@ int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id);
 int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  事�計算�れ�256ビット�ッシュ�署����IOT-SAFEアプレット��以���存�れ�プライベートキー����プリプロビジョニング�れ����。
     \param in  サイン�るメッセージ�ッシュを�む�ッファ���インタ
     \param inlen  署��るメッセージ�長�
@@ -282,7 +282,7 @@ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size)
 int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  事�計算�れ�256ビット�ッシュ�署����IOT-SAFEアプレット��以���存�れ�プライベートキー����プリプロビジョニング�れ����。\ ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash"��等��。����2�イト以上�キーID�呼�出��������。
     \param in  サイン�るメッセージ�ッシュを�む�ッファ���インタ
     \param inlen  署��るメッセージ�長�
@@ -298,7 +298,7 @@ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen,
 int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  予�計算�れ�256ビット�ッシュ�対�るECCシグ��ャを�IOT-SAFEアプレット内�プリプロビジョニング����プロビジョニング�れ�プリプロビジョニングを使用���。�果�RES�書�込�れ��。1�有効��0�無効��。注：有効�テスト�戻り値を使用��������。Res��を使用������。
     \return 0  �功�る�（署��無効����も）
     \return <  故障�場��0
@@ -313,7 +313,7 @@ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outle
 int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  予�計算�れ�256ビット�ッシュ�対�るECCシグ��ャを�IOT-SAFEアプレット内�プリプロビジョニング����プロビジョニング�れ�プリプロビジョニングを使用���。�果�RES�書�込�れ��。1�有効��0�無効��。注：有効�テスト�戻り値を使用��������。Res��を使用������。\ ref WC_IOTSAFE_ECC_VERIFY_HASH "WC_IOTSAFE_ECC_VERIFY_HASH"を除��2�イト以上�キーID�呼�出������る点を除���。
     \return 0  �功�る�（署��無効����も）
     \return <  故障�場��0
@@ -329,7 +329,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hash
 int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビット�キーペアを生����れを（書�込��能�）スロット�IOTセーフ�アプレット��存���。
     \param key_id  ECCキーペア�IOTセーフアプレット�格��れ��るスロット�ID。
     \return 0  �功�る�
@@ -340,7 +340,7 @@ int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 h
 int wc_iotsafe_ecc_gen_k(byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビット�キーペアを生����れを（書�込��能�）スロット�IOTセーフ�アプレット��存���。\ ref wc_iotsafe_ecc_gen_k "wc_iotsafe_ecc_gen_k"��等��。����2�イト以上�キーID�呼�出��������。
     \param key_id  ECCキーペア�IOTセーフアプレット�格��れ��るスロット�ID。
     \param id_size  キーIDサイズ
diff --git a/doc/dox_comments/header_files-ja/logging.h b/doc/dox_comments/header_files-ja/logging.h
index 1f6a57233..47b61417e 100644
--- a/doc/dox_comments/header_files-ja/logging.h
+++ b/doc/dox_comments/header_files-ja/logging.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Logging 
+    \ingroup Logging
     \brief  ��関数��WolfSSLログメッセージを処��る���使用�れるロギングコール�ックを登録���。デフォルト���システム�IT fprintf（）をSTDERR�サ�ート���る場�����関数を使用�る���よ���ユーザー�よ��何�も実行����。
     \return Success  �功��場����関数�0を返���。
     \return BAD_FUNC_ARG  関数�インタ��供�れ����場��返�れるエラー��。
@@ -24,7 +24,7 @@
 int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
 /*!
-    \ingroup Debug 
+    \ingroup Debug
     \brief  ビルド時�ロギング�有効�����る場����関数�実行時�ロギングをオン����。ビルド時�ログ記録を有効��る��--enable-debug���debug_wolfsslを定義���。
     \return 0  �功�る�。
     \return NOT_COMPILED_IN  ��ビルド�対��ロギング�有効�������場��返�れるエラー��。
@@ -38,7 +38,7 @@ int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 int  wolfSSL_Debugging_ON(void);
 
 /*!
-    \ingroup Debug 
+    \ingroup Debug
     \brief  ��関数�ランタイムロギングメッセージをオフ����。彼ら����消���る場���行動��られ��ん。
     \return none  ���返���。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/md2.h b/doc/dox_comments/header_files-ja/md2.h
index b96f50452..07d854502 100644
--- a/doc/dox_comments/header_files-ja/md2.h
+++ b/doc/dox_comments/header_files-ja/md2.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  ��関数�MD2を�期化���。�れ�WC_MD2HASH�よ��自動的�呼�出�れ��。
     \return 0  �期化��功�����返�れ��
     _Example_
@@ -20,7 +20,7 @@
 void wc_InitMd2(Md2*);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \param md2  暗�化�使用�るMD2構造���インタ
@@ -46,7 +46,7 @@ void wc_InitMd2(Md2*);
 void wc_Md2Update(Md2* md2, const byte* data, word32 len);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。
     \return 0  ファイナライズ��功�����返�れ��。
     \param md2  暗�化�使用�るMD2構造���インタ
@@ -71,7 +71,7 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len);
 void wc_Md2Final(Md2* md2, byte* hash);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  利便性機能�������ッシュを処������果を�ッシュ�入れ��。
     \return 0  データを正常��ッシュ�����返�れ��。
     \return Memory_E  メモリエラー�メモリを割り当�る�������ん。�れ�����スタックオプション�有効�����る����。
diff --git a/doc/dox_comments/header_files-ja/md4.h b/doc/dox_comments/header_files-ja/md4.h
index b7a203330..be9e537ee 100644
--- a/doc/dox_comments/header_files-ja/md4.h
+++ b/doc/dox_comments/header_files-ja/md4.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  ��関数�MD4を�期化���。�れ�WC_MD4HASH�よ��自動的�呼�出�れ��。
     \return 0  �期化��功�����返�れ��
     _Example_
@@ -20,7 +20,7 @@
 void wc_InitMd4(Md4*);
 
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \param md4  暗�化�使用�るMD4構造���インタ
@@ -46,7 +46,7 @@ void wc_InitMd4(Md4*);
 void wc_Md4Update(Md4* md4, const byte* data, word32 len);
 
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。
     \return 0  ファイナライズ��功�����返�れ��。
     \param md4  暗�化�使用�るMD4構造���インタ
diff --git a/doc/dox_comments/header_files-ja/md5.h b/doc/dox_comments/header_files-ja/md5.h
index 68c9b6e5d..78bdb8bd6 100644
--- a/doc/dox_comments/header_files-ja/md5.h
+++ b/doc/dox_comments/header_files-ja/md5.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  ��関数�MD5を�期化���。�れ�WC_MD5HASH�よ��自動的�呼�出�れ��。
     \return 0  �期化��功�����返�れ��。
     \return BAD_FUNC_ARG  MD5構造�NULL値���渡�れ�場��返�れ��。
@@ -28,7 +28,7 @@
 int wc_InitMd5(wc_Md5*);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \return BAD_FUNC_ARG  MD5構造�NULL�場�����データ�NULL��LEN�ゼロより大��場��返�れ��。DATAパラメーター�NULL�LEN�ゼロ�場��関数�エラーを返�������ん。
@@ -61,7 +61,7 @@ int wc_InitMd5(wc_Md5*);
 int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。MD5構造体�リセット�れ��。注：��関数��habe_intel_qa�定義�れ��る場��intelqasymmd5（）を呼�出��果も返���。
     \return 0  ファイナライズ��功�����返�れ��。
     \return BAD_FUNC_ARG  MD5構造����ッシュ�インタ�NULL�渡�れ�場��返�れ��。
@@ -93,7 +93,7 @@ int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
 int wc_Md5Final(wc_Md5* md5, byte* hash);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  MD5構造をリセット���。注：�れ��wolfssl_ti_hash�定義�れ��る場����サ�ート�れ����。
     \return none  ���返���。
     _Example_
@@ -118,7 +118,7 @@ int wc_Md5Final(wc_Md5* md5, byte* hash);
 void wc_Md5Free(wc_Md5*);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  �ッシュデータを�得���。�果��ッシュ�入れられ��。MD5構造�リセット�れ��ん。
     \return none  ���リターン
     \param md5  暗�化�使用�るMD5構造���インタ。
diff --git a/doc/dox_comments/header_files-ja/memory.h b/doc/dox_comments/header_files-ja/memory.h
index ecad955ab..e7e838f73 100644
--- a/doc/dox_comments/header_files-ja/memory.h
+++ b/doc/dox_comments/header_files-ja/memory.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  ��関数�malloc（）�似������WolfSSL�使用�るよ��構��れ��るメモリ割り当�関数を呼�出���。デフォルト���WolfSSL�malloc（）を使用���。�れ��WolfSSLメモリ抽象化レイヤを使用��変更���� -  wolfssl_setAllocator（）を�照������。注WOLFSSL_MALLOC��WOLFSSL�よ��直接呼�出�れ��ん��代�り�Macro XMalloc�よ��呼�出�れ��。デフォルト�ビルド�場��size引数���存在���。wolfssl_static_memoryビルドを使用�る場���ヒープ�タイプ引数���れ��。
     \return pointer  �功��場����関数�割り当�られ�メモリ���インタを返���。
     \return error  エラー��る場���NULL�返�れ��。
@@ -19,7 +19,7 @@
 void* wolfSSL_Malloc(size_t size, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  ��関数�free（）�似������WolfSSL�使用�るよ��構��れ��るメモリフリー機能を呼�出���。デフォルト���WolfSSL�free（）を使用���。�れ��WolfSSLメモリ抽象化レイヤを使用��変更���� -  wolfssl_setAllocator（）を�照������。注WOLFSSL_FREE�WOLFSSL�よ��直接呼�出�れ��ん��代�り�マクロXFree�よ��呼�出�れ��。デフォルト�ビルド�場��PTR引数���存在���。wolfssl_static_memoryビルドを使用�る場���ヒープ�タイプ引数���れ��。
     \return none  ���返���。
     \param ptr  解放�れるメモリ���インタ。
@@ -43,7 +43,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type);
 void  wolfSSL_Free(void *ptr, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  ��関数�REALLOC（）�似������WolfSSL�使用�るよ��構��れ��るメモリ�割り当�機能を呼�出���。デフォルト���WolfSSL�RealLoc（）を使用���。�れ��WolfSSLメモリ抽象化レイヤを使用��変更���� -  wolfssl_setAllocator（）を�照������。注WOLFSSL_REALLOC�WOLFSSL�よ��直接呼�出�れ��ん��代�り�マクロXrealloc�よ��呼�出�れ��。デフォルト�ビルド�場��size引数���存在���。wolfssl_static_memoryビルドを使用�る場���ヒープ�タイプ引数���れ��。
     \return pointer  �功��場����関数�マイ�イントを�割り当��る����インタを返���。�れ�PTR����インタ����新���インタ�場所��り得る。
     \return Null  エラー��る場���NULL�返�れ��。
@@ -65,7 +65,7 @@ void  wolfSSL_Free(void *ptr, void* heap, int type);
 void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  ��機能��WolfSSL�使用�る割り当�関数を登録���。デフォルト���システム��れをサ�ート���る場��Malloc / Free�RealLoc�使用�れ��。��機能を使用�る��実行時�ユーザー�独自�メモリ�ンドラをインストール����。
     \return Success  �功��場����関数�0を返���。
     \return BAD_FUNC_ARG  関数�インタ��供�れ����場��返�れるエラー��。
@@ -101,7 +101,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
                                       wolfSSL_Realloc_cb);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  ��機能���的メモリ機能�使用�れ��る場�（--enable-staticMemory）�場��使用����。メモリ�「�ケット��最���ッファサイズを示���。�れ�より�パーティション化�れ�後�追加�未使用�メモリ�終了���よ����ッファサイズを計算�る方法��能��り��。返�れ�値��正�場��使用�るコンピュータ��ッファサイズ��。
     \return Success  �ッファサイズ計算を正常�完了�る��正�値�返�れ��。��返�れ�値�最���ッファサイズ��。
     \return Failure  ����負�値�エラー�場��見��れ��。
@@ -124,7 +124,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
 int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  ��機能���的メモリ機能�使用�れ��る場�（--enable-staticMemory）�場��使用����。メモリ��パーティション�必��パディング�サイズを示���。��パディングサイズ��メモリアライメント����追加�メモリ管�構造を�む必���るサイズ��り��。
     \return On  正常�メモリパディング計算戻り値�正�値��り��
     \return All  負�値�エラーケース�見��れ��。
diff --git a/doc/dox_comments/header_files-ja/pem.h b/doc/dox_comments/header_files-ja/pem.h
index 3b322644e..e94085e7d 100644
--- a/doc/dox_comments/header_files-ja/pem.h
+++ b/doc/dox_comments/header_files-ja/pem.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  ��関数��PEM形��wolfssl_bio構造体�キーを書�込���。
     \return SSL_SUCCESS  �功�る�。
     \return SSL_FAILURE  失敗�る�。
diff --git a/doc/dox_comments/header_files-ja/pkcs7.h b/doc/dox_comments/header_files-ja/pkcs7.h
index 85d1b68cf..924ae4f3f 100644
--- a/doc/dox_comments/header_files-ja/pkcs7.h
+++ b/doc/dox_comments/header_files-ja/pkcs7.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数��DERフォーマット�証明書を使用��PKCS7構造を�期化���。空�PKCS7構造を�期化�る���NULL CERT�CERTSZ�場��0を渡��������。
     \return 0  PKCS7構造��期化��功����
     \return MEMORY_E  xmalloc�メモリを割り当�るエラー��る場�
@@ -33,7 +33,7 @@
 int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数��PKCS7��期化装置�よ��割り当�られ�メモリを解放���。
     \return none  ���返���。
     _Example_
@@ -48,7 +48,7 @@ int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 void wc_PKCS7_Free(PKCS7* pkcs7);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数�PKCS7データコンテンツタイプを構築��PKCS7構造をパーセル�能�PKCS7データパケットを�む�ッファ�エンコード���。
     \return Success  PKCS7データを�ッファ�正常�エンコード�る��PKCS7構造内�索引を返���。��インデックス��出力�ッファ�書�込�れ��イト�も対応�����。
     \return BUFFER_E  指定�れ��ッファ�エンコード�れ�証明書を���る���分�大�����場��返�れ��
@@ -81,7 +81,7 @@ int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数�PKCS7署�付�データコンテンツタイプを構築��PKCS7構造をPARSable PKCS7署�付�データパケットを�む�ッファ�エンコード���。
     \return Success  PKCS7データを�ッファ�正常�エンコード�る��PKCS7構造内�索引を返���。��インデックス��出力�ッファ�書�込�れ��イト�も対応�����。
     \return BAD_FUNC_ARG  PKCS7構造�署�付�データパケットを生��る���1�以上��求�素�欠����る場��返�れ��。
@@ -135,9 +135,9 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
                                        byte* output, word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数��PKCS7�署�付�データコンテンツタイプを構築��PKCS7構造をエンコード��Parsable PKCS7署�付�データパケットを�むヘッダー�よ�フッター�ッファ�エンコード���。�れ��コンテンツ���れ��ん。�ッシュを計算��データ��供�る必���り��
-    \return 0=Success 
+    \return 0=Success
     \return BAD_FUNC_ARG  PKCS7構造�署�付�データパケットを生��る���1�以上��求�素�欠����る場��返�れ��。
     \return MEMORY_E  メモリ�割り当�中�エラー�発生��場��返�れ��
     \return PUBLIC_KEY_E  公開��解�中�エラー��る場�
@@ -194,7 +194,7 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -205,12 +205,12 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_VerifySignedData_ex
 */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
+int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数���信�れ�PKCS7�署�付�データメッセージを�り�証明書リスト�証明書失効リストを抽出���ら署�を検証���。与�られ�PKCS7構造�抽出�れ�コンテンツを格����。
     \return 0  メッセージ�ら情報を抽出�る����功����
     \return BAD_FUNC_ARG  入力パラメータ�1��無効�場��返�れ��
@@ -263,7 +263,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
 
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��機能���信�れ�PKCS7署�付�データメッセージをHASH /ヘッダー/フッター����り出���ら�証明書リスト�証明書失効リストを抽出���ら�署�を検証���。与�られ�PKCS7構造�抽出�れ�コンテンツを格����。
     \return 0  メッセージ�ら情報を抽出�る����功����
     \return BAD_FUNC_ARG  入力パラメータ�1��無効�場��返�れ��
@@ -321,7 +321,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -332,12 +332,12 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_EncodeSignedData_ex
 */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
+int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数��PKCS7構造を編集��PKCS7構造を符�化��Parsable PKCS7エンベロープデータパケットを�む�ッファ�編集���。
     \return Success  エンベロープデータ形��メッセージを正常�エンコード�る上�返信�れ�出力�ッファ�書�込�れ�サイズを返���。
     \return BAD_FUNC_ARG:  入力パラメータ�1��無効�場�����PKCS7構造�必���素を欠����る場�
@@ -376,7 +376,7 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  ��関数�PKCS7エンベロープデータコンテンツタイプをアントラップ��復�化��メッセージを出力�デコード���。渡�れ�PKCS7オブジェクト�秘密�を使用��メッセージを復�化���。
     \return On  メッセージ�ら情報を抽出�る���出力�書�込�れ��イト数を返���。
     \return BAD_FUNC_ARG  入力パラメータ�1��無効�場��返�れ��
diff --git a/doc/dox_comments/header_files-ja/poly1305.h b/doc/dox_comments/header_files-ja/poly1305.h
index e7af5fbf2..905a30025 100644
--- a/doc/dox_comments/header_files-ja/poly1305.h
+++ b/doc/dox_comments/header_files-ja/poly1305.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  ��関数��Poly1305コンテキスト構造�キーを設定���ッシュ��期化���。注：セキュリティを確��る����WC_POLY1305FINAL�メッセージ�ッシュを生���後�新��キーを設定�る必���り��。
     \return 0  キーを正常�設定��Poly1305構造��期化
     \return BAD_FUNC_ARG  与�られ�キー�32�イト�長����場�����Poly1305コンテキスト�NULL�場�
@@ -18,7 +18,7 @@ int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
                                   word32 kySz);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  ��関数��Poly1305構造を���ッシュ�メッセージを更新���。
     \return 0  �ッシュ��メッセージ�更新��功����
     \return BAD_FUNC_ARG  Poly1305構造�NULL�場��返�れ��
@@ -42,7 +42,7 @@ int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
 int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  ��関数�入力メッセージ��ッシュを計算���果をMAC�格����。��後�キーをリセット�る必���り��。
     \return 0  最後�Mac�計算��功��
     \return BAD_FUNC_ARG  Poly1305構造�NULL�場��返�れ��
@@ -68,7 +68,7 @@ int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  ��ロード�れ�最近�TLS AEADパディング方�を使用��MAC（タグ）を作��る�期化�れ�Poly1305構造体を�り��。
     \return 0  �功
     \return BAD_FUNC_ARG  CTX�INPUT����TAG�NULL�場�����追加�NULL��ADDSZ�0より大��場�����TAGSZ�WC_POLY1305_MAC_SZより���場��返�れ��。
diff --git a/doc/dox_comments/header_files-ja/psa.h b/doc/dox_comments/header_files-ja/psa.h
index fed655db9..15c359b84 100644
--- a/doc/dox_comments/header_files-ja/psa.h
+++ b/doc/dox_comments/header_files-ja/psa.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  ��関数��与�られ�コンテキスト��PSAサ�ートを�能����。
     \param ctx  PSAサ�ートを有効��る必���るWOLFSSL_CTXオブジェクト���インタ
     \return WOLFSSL_SUCCESS  �功��
@@ -19,7 +19,7 @@
 int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  与�られ�SSLセッション�PSAコンテキストを設定�る機能
     \param ssl  CTX�有効��るWolfSSL���インタ
     \param ctx  Struct PSA_SSL_CTX���インタ（SSLセッション�固有��る必���り��）
@@ -41,14 +41,14 @@ int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx);
 int wolfSSL_set_psa_ctx(WOLFSSL *ssl, struct psa_ssl_ctx *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  ��関数�PSAコンテキスト�よ��使用�れるリソースを解放���
     \sa wolfSSL_set_psa_ctx
 */
 void wolfSSL_free_psa_ctx(struct psa_ssl_ctx *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  ��関数��SSLセッション�よ��使用�れる秘密�を設定���
     \param ctx  構造体PSA_SSL_CTX���インタ
     _Example_
diff --git a/doc/dox_comments/header_files-ja/random.h b/doc/dox_comments/header_files-ja/random.h
index b513d6d5d..372014708 100644
--- a/doc/dox_comments/header_files-ja/random.h
+++ b/doc/dox_comments/header_files-ja/random.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  Init Global WhiteWood Netrandom�コンテキスト
     \return 0  �功
     \return BAD_FUNC_ARG  configfile�null���タイムアウト���ら���定的��。
@@ -21,7 +21,7 @@
 int  wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  無料�Global WhiteWood Netrandomコンテキスト。
     \return 0  �功
     \return BAD_MUTEX_E  Wnr_Mutex�ミューテックスをロック�るエラー
@@ -38,7 +38,7 @@ int  wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
 int  wc_FreeNetRandom(void);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNG�シード（OS�ら）�キー暗�を�得���。割り当�られ�RNG-> DRBG（決定論的ランダムビットジェ�レータ）�割り当�られ��（WC_FREERNG�割り当�られ��る必���り��）。�れ�ブロッキング�作��。
     \return 0  �功�����。
     \return MEMORY_E  XMalloc�失敗����
@@ -74,7 +74,7 @@ int  wc_FreeNetRandom(void);
 int  wc_InitRng(WC_RNG*);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  疑似ランダムデータ�SZ�イトを出力�コピー���。必��応��RNG（ブロッキング）���。
     \return 0  �功��
     \return BAD_FUNC_ARG  入力�NULL���SZ�MAX_REQUEST_LENを超�����
@@ -106,7 +106,7 @@ int  wc_InitRng(WC_RNG*);
 int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  新��WC_RNG構造を作����。
     \return WC_RNG  �功�構造
     \return NULL  誤り�
@@ -130,7 +130,7 @@ int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
 WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  wc_rng_generateBlockを呼�出���疑似ランダムデータ��イトをb�コピー���。必��応��RNG��販�れ��。
     \return 0  �功��
     \return BAD_FUNC_ARG  入力�NULL���SZ�MAX_REQUEST_LENを超�����
@@ -162,7 +162,7 @@ WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNG�DRGBを安全�解放�る���必�����呼�出�れる����。ゼロ�Xfrees RNG-DRBG。
     \return 0  �功��
     \return BAD_FUNC_ARG  RNG���RNG-> DRGB NULL
@@ -189,7 +189,7 @@ int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 int  wc_FreeRng(WC_RNG*);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGを安全�自由�解放�る���RNG����������呼�出�れる����。
     _Example_
     \code
@@ -212,7 +212,7 @@ int  wc_FreeRng(WC_RNG*);
 WC_RNG* wc_rng_free(WC_RNG* rng);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  DRBG�機能を作��テスト���。
     \return 0  �功��
     \return BAD_FUNC_ARG  ELTOPYA�出力�NULL���������。Reseed Set Entropyb�NULL���れ��ら��場�
diff --git a/doc/dox_comments/header_files-ja/ripemd.h b/doc/dox_comments/header_files-ja/ripemd.h
index 478171afe..73f4e4402 100644
--- a/doc/dox_comments/header_files-ja/ripemd.h
+++ b/doc/dox_comments/header_files-ja/ripemd.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  ��関数��RIPemd�ダイジェスト��ッファ�LOLEN ,HILENを�期化�る���よ��RIPemd構造を�期化���。
     \return 0  機能�実行��功�����戻り��。RIPEMD構造��期化�れ��。
     \return BAD_FUNC_ARG  RIPEMD構造�NULL�場��返�れ��。
@@ -18,7 +18,7 @@
 int wc_InitRipeMd(RipeMd*);
 
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  ��関数�データ入力�RIPemdダイジェストを生����果をRIPemd-> Digest�ッファ�格����。WC_RIPEMDUPDATEを実行��後�生��れ�RIPemd-> Digestを既知��証タグ�比較��メッセージ�信頼性を比較�る必���り��。
     \return 0  機能�実行��功�����戻り��。
     \return BAD_FUNC_ARG  RIPEMD構造�NULL�場�����データ�NULL��LEN�ゼロ���場��返�れ��。データ�NULL��り�LEN�0�場����関数�実行�れる����。
@@ -42,7 +42,7 @@ int wc_InitRipeMd(RipeMd*);
 int wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len);
 
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  ��関数�計算�れ�ダイジェストを�ッシュ�コピー���。無傷�ブロック��る場����方法��ブロックを0S�パッケージ���ッシュ�コピー�る����ブロック�ラウンドをダイジェスト�����。RIPEMD�状態�リセット�れ��。
     \return 0  機能�実行��功�����戻り��。RIPEMD構造�状態�リセット�れ���。
     \return BAD_FUNC_ARG  RIPEMD構造体����ッシュパラメータ�NULL�場��返�れ��。
diff --git a/doc/dox_comments/header_files-ja/rsa.h b/doc/dox_comments/header_files-ja/rsa.h
index 99d4e236c..2ac0149bd 100644
--- a/doc/dox_comments/header_files-ja/rsa.h
+++ b/doc/dox_comments/header_files-ja/rsa.h
@@ -13,7 +13,6 @@
     	// error initializing RSA key
     }
     \endcode
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
@@ -47,7 +46,6 @@ int  wc_InitRsaKey(RsaKey* key, void* heap);
     }
     \endcode
     \sa wc_InitRsaKey
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
diff --git a/doc/dox_comments/header_files-ja/sha.h b/doc/dox_comments/header_files-ja/sha.h
index be7e24aad..ce199690e 100644
--- a/doc/dox_comments/header_files-ja/sha.h
+++ b/doc/dox_comments/header_files-ja/sha.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ��関数�SHAを�期化���。�れ�自動的�WC_Shahash�よ��呼�出�れ��。
     \return 0  �期化��功�����返�れ��
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha(wc_Sha*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \param sha  暗�化�使用�るSHA構造���インタ
@@ -46,7 +46,7 @@ int wc_InitSha(wc_Sha*);
 int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。SHA構造体�状態をリセット���。
     \return 0  ファイナライズ��功�����返�れ��。
     \param sha  暗�化�使用�るSHA構造���インタ
@@ -71,7 +71,7 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
 int wc_ShaFinal(wc_Sha* sha, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  �期化�れ�SHA構造体�よ��使用�れるメモリをクリーンアップ�る���使用�れ��。注：�れ��wolfssl_ti_hash�定義�れ��る場����サ�ート�れ����。
     \return No  戻り値。
     _Example_
@@ -88,7 +88,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash);
 void wc_ShaFree(wc_Sha*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  �ッシュデータを�得���。�果��ッシュ�入れられ��。SHA構造体�状態をリセット���ん。
     \return 0  ファイナライズ��功�����返�れ��。
     \param sha  暗�化�使用�るSHA構造���インタ
diff --git a/doc/dox_comments/header_files-ja/sha256.h b/doc/dox_comments/header_files-ja/sha256.h
index a717ee868..6cedcec1e 100644
--- a/doc/dox_comments/header_files-ja/sha256.h
+++ b/doc/dox_comments/header_files-ja/sha256.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ��関数�SHA256を�期化���。�れ�WC_SHA256HASH�よ��自動的�呼�出�れ��。
     \return 0  �期化��功�����返�れ��
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha256(wc_Sha256*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \param sha256  暗�化�使用�るSHA256構造���インタ
@@ -46,7 +46,7 @@ int wc_InitSha256(wc_Sha256*);
 int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。SHA256構造体�状態をリセット���。
     \return 0  ファイナライズ��功�����返�れ��。
     \param sha256  暗�化�使用�るSHA256構造���インタ
@@ -71,7 +71,7 @@ int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
 int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  SHA256構造をリセット���。注：�れ��wolfssl_ti_hash�定義�れ��る場����サ�ート�れ����。
     \return none  ���返���。
     _Example_
@@ -96,7 +96,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 void wc_Sha256Free(wc_Sha256*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  �ッシュデータを�得���。�果��ッシュ�入れられ��。SHA256構造体�状態をリセット���ん。
     \return 0  ファイナライズ��功�����返�れ��。
     \param sha256  暗�化�使用�るSHA256構造���インタ
@@ -118,7 +118,7 @@ void wc_Sha256Free(wc_Sha256*);
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  SHA224構造を�期化�る���使用�れ��。
     \return 0  �功
     \return 1  SHA224�NULL����エラー�返�れ���。
@@ -137,7 +137,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 int wc_InitSha224(wc_Sha224*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  �功
     \return 1  関数�失敗��場��エラー�返�れ��。
@@ -165,7 +165,7 @@ int wc_InitSha224(wc_Sha224*);
 int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。SHA224構造体�状態をリセット���。
     \return 0  �功
     \return <0  エラー
diff --git a/doc/dox_comments/header_files-ja/sha512.h b/doc/dox_comments/header_files-ja/sha512.h
index 50af2373a..6d8a835d3 100644
--- a/doc/dox_comments/header_files-ja/sha512.h
+++ b/doc/dox_comments/header_files-ja/sha512.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ��関数�SHA512を�期化���。�れ�WC_SHA512HASH�よ��自動的�呼�出�れ��。
     \return 0  �期化��功�����返�れ��
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha512(wc_Sha512*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \param sha512  暗�化�使用�るSHA512構造���インタ
@@ -46,7 +46,7 @@ int wc_InitSha512(wc_Sha512*);
 int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。
     \return 0  �ッシュを確定�る����返�れ���。
     \param sha512  暗�化�使用�るSHA512構造���インタ
@@ -71,7 +71,7 @@ int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
 int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ��関数�SHA384を�期化���。�れ�WC_SHA384HASH�よ��自動的�呼�出�れ��。
     \return 0  �期化��功�����返�れ��
     _Example_
@@ -92,7 +92,7 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
 int wc_InitSha384(wc_Sha384*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  データをダイジェスト�正常�追加�る�返�れ��。
     \param sha384  暗�化�使用�るSHA384構造���インタ
@@ -118,7 +118,7 @@ int wc_InitSha384(wc_Sha384*);
 int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データ��ッシュを確定���。�果��ッシュ�入れられ��。
     \return 0  ファイナライズ��功�����返�れ��。
     \param sha384  暗�化�使用�るSHA384構造���インタ
diff --git a/doc/dox_comments/header_files-ja/signature.h b/doc/dox_comments/header_files-ja/signature.h
index b9c1a3c51..1017faf86 100644
--- a/doc/dox_comments/header_files-ja/signature.h
+++ b/doc/dox_comments/header_files-ja/signature.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  ��関数���果�シグ��ャ�最大サイズを返���。
     \return Returns  sig_type_e sig_type�サ�ート�れ����場�sig_type�無効�場��bad_func_argを返���。正�戻り値��署��最大サイズを示���。
     \param sig_type  wc_signature_type_ecc���wc_signature_type_rsa���署�型列挙型値。
@@ -24,7 +24,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
     const void* key, word32 key_len);
 
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  ��関数��データを�ッシュ���果��ッシュ�キーを使用��署�を使用��署�を使用��署�を検証���。
     \return 0  �功
     \return SIG_TYPE_E  -231�署�タイプ�有効/利用�能��
@@ -65,7 +65,7 @@ int wc_SignatureVerify(
     const void* key, word32 key_len);
 
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  ��関数��キーを使用��データ�ら署�を生����。��データ��ッシュを作���キーを使用���ッシュ�署����。
     \return 0  �功
     \return SIG_TYPE_E  -231�署�タイプ�有効/利用�能��
diff --git a/doc/dox_comments/header_files-ja/siphash.h b/doc/dox_comments/header_files-ja/siphash.h
index 2027a611b..59cccf776 100644
--- a/doc/dox_comments/header_files-ja/siphash.h
+++ b/doc/dox_comments/header_files-ja/siphash.h
@@ -1,6 +1,6 @@
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  ��関数��Macサイズ�キー�Siphashを�期化���。
     \return 0  �期化��功�����返�れ��
     \return BAD_FUNC_ARG  Siphash���キー�NULL����返�れ��
@@ -31,7 +31,7 @@ int wc_InitSipHash(SipHash* siphash, const unsigned char* key,
     unsigned char outSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  長�LEN��供�れ��イト�列を絶���ッシュ�るよ��呼�出��������。
     \return 0  Mac�データを追加��ら�返�れ��
     \return BAD_FUNC_ARG  Siphash�null���返�れ���
@@ -62,7 +62,7 @@ int wc_SipHashUpdate(SipHash* siphash, const unsigned char* in,
     word32 inSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  データ�Macingを確定���。�果�出入り�る。
     \return 0  ファイナライズ��功�����返�れ��。
     \return BAD_FUNC_ARG  Siphash�OUT�NULL����返�れ��
@@ -93,7 +93,7 @@ int wc_SipHashFinal(SipHash* siphash, unsigned char* out,
     unsigned char outSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  ��機能�Siphashを使用��データを1ショット���キー�基���MACを計算���。
     \return 0  Macing��功�����返�れ���
     \return BAD_FUNC_ARG  キー���OUT�NULL����返�れ��
diff --git a/doc/dox_comments/header_files-ja/ssl.h b/doc/dox_comments/header_files-ja/ssl.h
index 5efe2b62f..e3b55c7f3 100644
--- a/doc/dox_comments/header_files-ja/ssl.h
+++ b/doc/dox_comments/header_files-ja/ssl.h
@@ -2464,9 +2464,9 @@ int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
     \ingroup Setup
     \brief  ��関数�SSLセッションキャッシュ機能を有効���無効����。
     動作�モード�使用�れる値�よ��異�り��。
-    モード�値�次���り��：  
-    SSL_SESS_CACHE_OFF  - セッションキャッシングを無効����。デフォルト�セッションキャッシング�オン�������。  
-    SSL_SESS_CACHE_NO_AUTO_CLEAR  - セッションキャッシュ�オートフラッシュを無効����。デフォルト�自動フラッシング�オン�������。  
+    モード�値�次���り��：
+    SSL_SESS_CACHE_OFF  - セッションキャッシングを無効����。デフォルト�セッションキャッシング�オン�������。
+    SSL_SESS_CACHE_NO_AUTO_CLEAR  - セッションキャッシュ�オートフラッシュを無効����。デフォルト�自動フラッシング�オン�������。
 
     \return SSL_SUCCESS  �功�戻り��。
     \param ctx  wolfSSL_CTX_new()�作��れ�SSLコンテキスト���インタ。
@@ -10877,7 +10877,7 @@ WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
 WOLFSSL_METHOD *wolfTLSv1_3_method(void);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  ��関数�クライアント��呼�出�れる場����サー�ー��Certificateメッセージ��信��る証明書タイプを設定���。
  サー�ー��呼�出�れる場�����入れ�能�クライアント証明書タイプを設定���。
  Raw Public Key 証明書を��信���場�����関数を使��証明書タイプを設定���れ��り��ん。
@@ -10910,7 +10910,7 @@ WOLFSSL_METHOD *wolfTLSv1_3_method(void);
 int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  ��関数�サー�ー��呼�出�れる場����クライアント��Certificateメッセージ��信��る証明書タイプを設定���。
  クライアント��呼�出�れる場�����入れ�能�サー�ー証明書タイプを設定���。
  Raw Public Key 証明書を��信���場�����関数を使��証明書タイプを設定���れ��り��ん。
@@ -10944,7 +10944,7 @@ int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  ��関数�クライアント��呼�出�れる場����サー�ー��Certificateメッセージ��信��る証明書タイプを設定���。
  サー�ー��呼�出�れる場�����入れ�能�クライアント証明書タイプを設定���。
  Raw Public Key 証明書を��信���場�����関数を使��証明書タイプを設定���れ��り��ん。
@@ -10978,7 +10978,7 @@ int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  ��関数�サー�ー��呼�出�れる場����クライアント��Certificateメッセージ��信��る証明書タイプを設定���。
  クライアント��呼�出�れる場�����入れ�能�サー�ー証明書タイプを設定���。
  Raw Public Key 証明書を��信���場�����関数を使��証明書タイプを設定���れ��り��ん。
@@ -11012,7 +11012,7 @@ int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup SSL 
+ \ingroup SSL
  \brief  ��関数��ンドシェーク終了後�呼�出��相手���ゴシエーション��果得られ�クライアント証明書�タイプを返���。
  �ゴシエーション�発生���場���戻り値���WOLFSSL_SUCCESS�返�れ����
  証明書タイプ����WOLFSSL_CERT_TYPE_UNKNOWN�返�れ��。
@@ -11040,7 +11040,7 @@ int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
 
 /*!
- \ingroup SSL 
+ \ingroup SSL
  \brief  ��関数��ンドシェーク終了後�呼�出��相手���ゴシエーション��果得られ�サー�ー証明書�タイプを返���。
  �ゴシエーション�発生���場���戻り値���WOLFSSL_SUCCESS�返�れ����証明書タイプ����WOLFSSL_CERT_TYPE_UNKNOWN�返�れ��。
  \return WOLFSSL_SUCCESS �功時���り��。tp�返�れ�証明書タイプ�WOLFSSL_CERT_TYPE_X509,
@@ -11213,7 +11213,7 @@ int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl);
 
  \brief ��コ�クション�他�ピア�対��レコードを�信�る���コ�クションIDをセット���。
  RFC9146�RFC9147を�照������。コ�クションID�最大値�DTLS_CID_MAX_SIZE���れ��り��ん。
- DTLS_CID_MAX_SIZE�ビルド時�値を指定��能���255�イトを��る�������ん。 
+ DTLS_CID_MAX_SIZE�ビルド時�値を指定��能���255�イトを��る�������ん。
 
 
  \return WOLFSSL_SUCCESS コ�クションID�セット���場��返�れ��。�れ以外�エラーコード�返�れ��。
diff --git a/doc/dox_comments/header_files-ja/tfm.h b/doc/dox_comments/header_files-ja/tfm.h
index 94facaf38..63412d026 100644
--- a/doc/dox_comments/header_files-ja/tfm.h
+++ b/doc/dox_comments/header_files-ja/tfm.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Math 
+    \ingroup Math
     \brief  ��関数��整数�最大サイズ�ランタイムFastMath設定を�ェック���。FP_SIZE�正��機能�る����FP_SIZE��ライブラリー�一致���れ��ら�����ユーザー�WolfCryptライブラリを独立��使用���る場������。���ェック�CheckFastMathSettings（）���定義�れ����。�れ��CheckRuntimeFastMath�FP_SIZEを比較�る����ミスマッ���る場��0を返���。
     \return FP_SIZE  数学ライブラリ�利用�能�最大サイズ�対応�るFP_SIZEを返���。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/types.h b/doc/dox_comments/header_files-ja/types.h
index 1988f06f3..b8f64b589 100644
--- a/doc/dox_comments/header_files-ja/types.h
+++ b/doc/dox_comments/header_files-ja/types.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  �れ�実際��関数�����む��プリプロセッサマクロ��り�ユーザー�自分�Malloc�Realloc��よ�標準�Cメモリ関数�代�り�自由�関数�置���る�������。外部メモリ機能を使用�る���xmalloc_userを定義���。�れ�より�メモリ機能をフォーム�外部関数�置�����.extern void * xmalloc（size_t n�void * heap�int型）; extern void * XrealLoc（void * p�size_t n�void *ヒープ�int型）。 extern void xfree（void * p�void * heap�int型）; wolfssl_malloc�wolfssl_realloc�wolfssl_free�代�り�基本的�Cメモリ機能を使用�る���NO_WOLFSSL_MEMORYを定義���。�れ�より�メモリ関数�次�も��置���られ��。#define Xmalloc（s�h�t）（（void）h�（void）t�malloc（（s）））#define xfree（p�h�t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p�n�h�t）Realloc（（p）�（n））�れら�オプション��れも�択�れ����場��システム�デフォルト�使用�れ��。 WolfSSLメモリ機能ユーザー�コール�ックフックを介��カスタムメモリ機能を設定����（Wolfssl_Malloc�WolfSSL_Realloc�wolfssl_freeを�照）。��オプション��メモリ関数を次�も��置�����。#define xmalloc（s�h�t）（（void）H�（Void）T�wolfssl_malloc（（s）））#define xfree（p�h�t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p�n�h�t）wolfssl_realloc（（p）�（n））
     \return pointer  �功��メモリ���インタを返���
 	\return NULL  失敗��
@@ -21,7 +21,7 @@
 void* XMALLOC(size_t n, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  �れ�実際��関数�����む��プリプロセッサマクロ��り�ユーザー�自分�Malloc�Realloc��よ�標準�Cメモリ関数�代�り�自由�関数�置���る�������。外部メモリ機能を使用�る���xmalloc_userを定義���。�れ�より�メモリ機能をフォーム�外部関数�置�����.extern void * xmalloc（size_t n�void * heap�int型）; extern void * XrealLoc（void * p�size_t n�void *ヒープ�int型）。 extern void xfree（void * p�void * heap�int型）; wolfssl_malloc�wolfssl_realloc�wolfssl_free�代�り�基本的�Cメモリ機能を使用�る���NO_WOLFSSL_MEMORYを定義���。�れ�より�メモリ関数�次�も��置���られ��。#define Xmalloc（s�h�t）（（void）h�（void）t�malloc（（s）））#define xfree（p�h�t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p�n�h�t）Realloc（（p）�（n））�れら�オプション��れも�択�れ����場��システム�デフォルト�使用�れ��。 WolfSSLメモリ機能ユーザー�コール�ックフックを介��カスタムメモリ機能を設定����（Wolfssl_Malloc�WolfSSL_Realloc�wolfssl_freeを�照）。��オプション��メモリ関数を次�も��置�����。#define xmalloc（s�h�t）（（void）H�（Void）T�wolfssl_malloc（（s）））#define xfree（p�h�t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p�n�h�t）wolfssl_realloc（（p）�（n））
     \return Return  �功��メモリを割り当�る�インタ
 	\return NULL  失敗��
@@ -42,7 +42,7 @@ void* XMALLOC(size_t n, void* heap, int type);
 void* XREALLOC(void *p, size_t n, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  �れ�実際��関数�����む��プリプロセッサマクロ��り�ユーザー�自分�Malloc�Realloc��よ�標準�Cメモリ関数�代�り�自由�関数�置���る�������。外部メモリ機能を使用�る���xmalloc_userを定義���。�れ�より�メモリ機能をフォーム�外部関数�置�����.extern void * xmalloc（size_t n�void * heap�int型）; extern void * XrealLoc（void * p�size_t n�void *ヒープ�int型）。 extern void xfree（void * p�void * heap�int型）; wolfssl_malloc�wolfssl_realloc�wolfssl_free�代�り�基本的�Cメモリ機能を使用�る���NO_WOLFSSL_MEMORYを定義���。�れ�より�メモリ関数�次�も��置���られ��。#define Xmalloc（s�h�t）（（void）h�（void）t�malloc（（s）））#define xfree（p�h�t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p�n�h�t）Realloc（（p）�（n））�れら�オプション��れも�択�れ����場��システム�デフォルト�使用�れ��。 WolfSSLメモリ機能ユーザー�コール�ックフックを介��カスタムメモリ機能を設定����（Wolfssl_Malloc�WolfSSL_Realloc�wolfssl_freeを�照）。��オプション��メモリ関数を次�も��置�����。#define xmalloc（s�h�t）（（void）H�（Void）T�wolfssl_malloc（（s）））#define xfree（p�h�t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p�n�h�t）wolfssl_realloc（（p）�（n））
     \return none  ���返���。
     \param p  無料�アドレス���インタ
@@ -63,7 +63,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
 void XFREE(void *p, void* heap, int type);
 
 /*!
-    \ingroup Math 
+    \ingroup Math
     \brief  ��関数�コンパイル時クラス�設定を�ェック���。設定�正��機能�る���ライブラリ間�ライブラリ間�一致�る必���る���ユーザー�WolfCryptライブラリを独立��使用���る場������。���ェック�CheckCtcSettings（）���定義�れ����。�れ��CheckRuntimeSettings�CTC_Settingsを比較�る����ミスマッ���る場��0����1�一致��場��1を返���。
     \return settings  実行時CTC_SETTINGS（コンパイル時設定）を返���。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/wc_encrypt.h b/doc/dox_comments/header_files-ja/wc_encrypt.h
index 2f0f230af..e209928b2 100644
--- a/doc/dox_comments/header_files-ja/wc_encrypt.h
+++ b/doc/dox_comments/header_files-ja/wc_encrypt.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup AES 
+    \ingroup AES
     \brief  入力�ッファー�ら暗�を復�化��AES�Cipher Block Chainingを使用��出力�ッファ�出力�ッファー�入れ��。��関数��AES構造を�期化�る必���り��ん。代�り��キー�IV（�期化ベクトル）を�り��れらを使用��AESオブジェクトを�期化���ら暗�テキストを復�化���。
     \return 0  メッセージ�復�化��功����
     \return BAD_ALIGN_E  ブロック整列エラー�戻り���
@@ -33,7 +33,7 @@ int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                          const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力暗�文を復�化���果�平文を出力�ッファー�出力���。暗�ブロック�ェーン�ェーン（CBC）モード�DES暗�化を使用���。��関数��wc_des_cbcdecrypt�代�り��ユーザー�DES構造体を直接インスタンス化���メッセージを復�化��るよ�����。
     \return 0  与�られ�暗�文を正常�復�化�����返�れ���
     \return MEMORY_E  DES構造体�割り当�スペース�割り当�られ��る場��返�れ�
@@ -62,7 +62,7 @@ int  wc_Des_CbcDecryptWithKey(byte* out,
                                           const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力平文を暗�化���果�暗�文を出力�ッファー�出力���。暗�ブロック�ェーン�ェーン（CBC）モード�DES暗�化を使用���。��関数��WC_DES_CBCENCRYPT�代�り��り�ユーザー�DES構造を直接インスタンス化���メッセージを暗�化����。
     \return 0  データ�暗�化��功��後�返�れ��。
     \return MEMORY_E  DES構造体�メモリを割り当�るエラー��る場��返�れ��。
@@ -90,7 +90,7 @@ int  wc_Des_CbcEncryptWithKey(byte* out,
                                           const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力平文を暗�化���果�暗�文を出力�ッファー�出力���。暗�ブロック�ェーン（CBC）モード�トリプルDES（3DES）暗�化を使用���。��関数��WC_DES3_CBCENCRYPT�代�り��り�ユーザー�DES3構造を直接インスタンス化���メッセージを暗�化����。
     \return 0  データ�暗�化��功��後�返�れ��。
     \return MEMORY_E  DES構造体�メモリを割り当�るエラー��る場��返�れ��。
@@ -121,7 +121,7 @@ int  wc_Des3_CbcEncryptWithKey(byte* out,
                                            const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  ��関数�入力暗�文を復�化���果�平文を出力�ッファー�出力���。暗�ブロック�ェーン（CBC）モード�トリプルDES（3DES）暗�化を使用���。��関数��wc_des3_cbcdecrypt�代�り��ユーザー�DES3構造を直接インスタンス化���メッセージを復�化��るよ�����。
     \return 0  与�られ�暗�文を正常�復�化�����返�れ���
     \return MEMORY_E  DES構造体�割り当�スペース�割り当�られ��る場��返�れ�
diff --git a/doc/dox_comments/header_files-ja/wc_port.h b/doc/dox_comments/header_files-ja/wc_port.h
index 9a725cdca..9d0c370c6 100644
--- a/doc/dox_comments/header_files-ja/wc_port.h
+++ b/doc/dox_comments/header_files-ja/wc_port.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  WolfCrypt�よ��使用�れるリソースを�期化�る���使用�れ��。
     \return 0  �功�る�。
     \return <0  initリソース�失敗�る�。
@@ -15,7 +15,7 @@
 int wolfCrypt_Init(void);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  WolfCrypt�よ��使用�れるリソースをクリーンアップ�る���使用�れ��。
     \return 0  �功�る�。
     \return <0  リソース�クリーンアップ�失敗����。
diff --git a/doc/dox_comments/header_files-ja/wolfio.h b/doc/dox_comments/header_files-ja/wolfio.h
index 65e0a5cc3..135af87aa 100644
--- a/doc/dox_comments/header_files-ja/wolfio.h
+++ b/doc/dox_comments/header_files-ja/wolfio.h
@@ -1,5 +1,5 @@
 /*!
-    \brief  
+    \brief
     \return Success  ��関数��読��られ��イト数を返���。
     \return WOLFSSL_CBIO_ERR_WANT_READ  最後�エラー�socket_ewouldbolcok���socket_eagain��れ��メッセージを返�れ��。
     \return WOLFSSL_CBIO_ERR_TIMEOUT  "Socket Timeout"メッセージを返����。
@@ -30,7 +30,7 @@
 int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  ��関数��信�れ��イト数を返���。
     \return WOLFSSL_CBIO_ERR_WANT_WRITE  最後�エラー�socket_ewouldblock���socket_eagain��れ�� "Block"メッセージを返���。
     \return WOLFSSL_CBIO_ERR_CONN_RST  最後�エラー�socket_econnreset�場�� "Connection Reset"メッセージ�返�れ��。
@@ -58,7 +58,7 @@ int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  ��関数��実行��功��場��読�込�れ�NB�イトを返���。
     \return WOLFSSL_CBIO_ERR_WANT_READ  接続�拒��れ�場�����「ブロック�エラー�発生��場��機能�スロー�れ���。
     \return WOLFSSL_CBIO_ERR_TIMEOUT  ソケット�タイムアウト��場��返�れ��。
@@ -89,7 +89,7 @@ int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
 
 /*!
-    \brief  
+    \brief
     \return Success  ��関数��信�れ��イト数を返���。
     \return WOLFSSL_CBIO_ERR_WANT_WRITE  最後�エラー�socket_ewouldblock���socket_eagainエラー�場�� "Block"メッセージを返���。
     \return WOLFSSL_CBIO_ERR_CONN_RST  最後�エラー�socket_econnreset�場�� "Connection Reset"メッセージ�返�れ��。
@@ -119,7 +119,7 @@ int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
 int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  ��関数���ッファ�コピー�れ��イト数を返���。
     \return GEN_COOKIE_E  getPeername�EmbedGenerateCookie�失敗��場��返�れ��。
     \param ssl  wolfssl_new（）を使用��作��れ�WolfSSL構造���インタ。
@@ -145,7 +145,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
                                            int sz, void*);
 
 /*!
-    \brief  
+    \brief
     \return none  ���返���。
     \param ctx  ヒープヒント��void�インタ。
     _Example_
@@ -222,7 +222,7 @@ void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
 void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  ��関数��WolfSSL構造体�IOCB_READCTXメン�ーを返���。
     \return pointer  ��関数��wolfssl構造体�iocb_readctxメン�ー��void�インタを返���。
     \return NULL  wolfssl構造体�NULL�場��返�れ��。
@@ -245,7 +245,7 @@ void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
 void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  ��関数��WolfSSL構造�IOCB_WRITECTXメン�ーを返���。
     \return pointer  ��関数��WolfSSL構造�IOCB_WRITECTXメン�ー��void�インタを返���。
     \return NULL  wolfssl構造体�NULL�場��返�れ��。
@@ -303,7 +303,7 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
 void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  ��関数��wolfssl構造内�nxctx構造体�NxSocketメン�ー�NXWAITメン�ーを設定���。
     \return none  ���返���。
     \param ssl  wolfssl_new（）を使用��作��れ�WolfSSL構造���インタ。
@@ -347,7 +347,7 @@ void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
 void  wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb);
 
 /*!
-    \ingroup Setup 
+    \ingroup Setup
     \brief  ��関数��WolfSSL構造�IOCB_COOKIECTXメン�ーを返���。
     \return pointer  ��関数��iocb_cookiectx�格��れ��るvoid�インタ値を返���。
     \return NULL  WolfSSL構造体�NULL�場�
@@ -369,7 +369,7 @@ void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
 
 
 /*!
-    \ingroup Setup 
+    \ingroup Setup
     \brief  ��関数��WolfSSL�WolfSSL_ISOTP�コンパイル�れ��る場��使用�る場���WolfSSL�場��ISO-TPコンテキストを設定���。
     \return 0  �功�る��故障�wolfssl_cbio_err_general
     \param ssl  wolfsslコンテキスト
diff --git a/doc/dox_comments/header_files/ascon.h b/doc/dox_comments/header_files/ascon.h
new file mode 100644
index 000000000..3aab14fc9
--- /dev/null
+++ b/doc/dox_comments/header_files/ascon.h
@@ -0,0 +1,469 @@
+/*!
+    \ingroup ASCON
+    \brief This function initializes the ASCON context for hashing.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context pointer is NULL.
+
+    \param a pointer to the ASCON context to initialize.
+
+    _Example_
+    \code
+    wc_AsconHash256 a;
+    byte data[] = {0x01, 0x02, 0x03};
+    byte hash[ASCON_HASH256_SZ];
+
+    if (wc_AsconHash256_Init(&a) != 0)
+        // handle error
+    if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0)
+        // handle error
+    if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0)
+        // handle error
+    // hash contains the final hash
+    \endcode
+
+    \sa wc_AsconHash256_Update
+    \sa wc_AsconHash256_Final
+    */
+int wc_AsconHash256_Init(wc_AsconHash256* a);
+
+/*!
+    \ingroup ASCON
+    \brief This function updates the ASCON hash with the input data.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or input pointer is NULL.
+
+    \param ctx pointer to the ASCON context.
+    \param in pointer to the input data.
+    \param inSz size of the input data.
+
+    _Example_
+    \code
+    wc_AsconHash256 a;
+    byte data[] = {0x01, 0x02, 0x03};
+    byte hash[ASCON_HASH256_SZ];
+
+    if (wc_AsconHash256_Init(&a) != 0)
+        // handle error
+    if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0)
+        // handle error
+    if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0)
+        // handle error
+    // hash contains the final hash
+    \endcode
+
+    \sa wc_AsconHash256_Init
+    \sa wc_AsconHash256_Final
+    */
+int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, word32 dataSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function finalizes the ASCON hash and produces the output.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL.
+
+    \param ctx pointer to the ASCON context.
+    \param out pointer to the output buffer.
+    \param outSz size of the output buffer, should be at least ASCON_HASH256_SZ.
+
+    _Example_
+    \code
+    wc_AsconHash256 a;
+    byte data[] = {0x01, 0x02, 0x03};
+    byte hash[ASCON_HASH256_SZ];
+
+    if (wc_AsconHash256_Init(&a) != 0)
+        // handle error
+    if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0)
+        // handle error
+    if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0)
+        // handle error
+    // hash contains the final hash
+    \endcode
+
+    \sa wc_AsconHash256_Init
+    \sa wc_AsconHash256_Update
+    */
+int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash);
+
+/*!
+    \ingroup ASCON
+    \brief This function allocates and initializes a new Ascon AEAD context.
+
+    \return pointer to the newly allocated Ascon AEAD context
+    \return NULL on failure.
+
+    _Example_
+    \code
+    wc_AsconAEAD128* a = wc_AsconAEAD128_New();
+    if (a == NULL) {
+        // handle allocation error
+    }
+    wc_AsconAEAD128_Free(a);
+    \endcode
+
+    \sa wc_AsconAEAD128_Free
+*/
+wc_AsconAEAD128* wc_AsconAEAD128_New(void);
+
+/*!
+    \ingroup ASCON
+    \brief This function frees the resources associated with the Ascon AEAD
+           context.
+
+    \param a pointer to the Ascon AEAD context to free.
+
+    _Example_
+    \code
+    wc_AsconAEAD128* a = wc_AsconAEAD128_New();
+    if (a == NULL) {
+        // handle allocation error
+    }
+    // Use the context
+    wc_AsconAEAD128_Free(a);
+    \endcode
+
+    \sa wc_AsconAEAD128_New
+*/
+void wc_AsconAEAD128_Free(wc_AsconAEAD128 *a);
+
+
+/*!
+    \ingroup ASCON
+    \brief This function initializes an Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL.
+
+    \param a pointer to the Ascon AEAD context to initialize.
+
+    _Example_
+    \code
+    AsconAead a;
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAeadEncrypt
+    \sa wc_AsconAeadDecrypt
+    */
+int wc_AsconAEAD128_Init(wc_AsconAEAD128* a);
+
+/*!
+    \ingroup ASCON
+    \brief This function deinitializes an Ascon AEAD context. It does not
+           free the context.
+
+    \param a pointer to the Ascon AEAD context to deinitialize.
+
+    _Example_
+    \code
+    AsconAead a;
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    wc_AsconAEAD128_Clear(&a);
+    \endcode
+
+    \sa wc_AsconAeadEncrypt
+    \sa wc_AsconAeadDecrypt
+    */
+void wc_AsconAEAD128_Clear(wc_AsconAEAD128 *a);
+
+/*!
+    \ingroup ASCON
+    \brief This function sets the key for the Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or key pointer is NULL.
+    \return BAD_STATE_E if the key has already been set.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param key pointer to the key buffer of length ASCON_AEAD128_KEY_SZ.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+*/
+int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key);
+
+/*!
+    \ingroup ASCON
+    \brief This function sets the nonce for the Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or nonce pointer is NULL.
+    \return BAD_STATE_E if the nonce has already been set.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param nonce pointer to the nonce buffer of length ASCON_AEAD128_NONCE_SZ.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetAD
+*/
+int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce);
+
+/*!
+    \ingroup ASCON
+    \brief This function sets the associated data for the Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or associated data pointer is NULL.
+    \return BAD_STATE_E if the key or nonce has not been set.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param ad pointer to the associated data buffer.
+    \param adSz size of the associated data buffer.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte ad[] = { ... };
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+*/
+int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad, word32 adSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function encrypts a plaintext message using Ascon AEAD. The
+           output is stored in the out buffer. The length of the output is
+           equal to the length of the input.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL or the input
+            is NULL while the input size is greater than 0.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for decryption.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param out pointer to the output buffer to store the ciphertext.
+    \param in pointer to the input buffer containing the plaintext message.
+    \param inSz length of the input buffer.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptUpdate(&a, ciphertext, plaintext,
+                                      sizeof(plaintext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAeadInit
+    \sa wc_AsconAEAD128_Clear
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_EncryptFinal
+    \sa wc_AsconAEAD128_DecryptUpdate
+    \sa wc_AsconAEAD128_DecryptFinal
+    */
+int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in,
+                                  word32 inSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function finalizes the encryption process using Ascon AEAD and
+           produces the authentication tag.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL or the input
+            is NULL while the input size is greater than 0.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for decryption.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param tag pointer to the output buffer to store the authentication tag.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptUpdate(&a, ciphertext, plaintext,
+                                      sizeof(plaintext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_EncryptUpdate
+    \sa wc_AsconAEAD128_DecryptUpdate
+    \sa wc_AsconAEAD128_DecryptFinal
+    */
+int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag);
+
+/*!
+    \ingroup ASCON
+    \brief This function updates the decryption process using Ascon AEAD. The
+           output is stored in the out buffer. The length of the output is
+           equal to the length of the input.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL or the input
+            is NULL while the input size is greater than 0.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for encryption.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param out pointer to the output buffer to store the plaintext.
+    \param in pointer to the input buffer containing the ciphertext message.
+    \param inSz length of the input buffer.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptUpdate(&a, plaintext, ciphertext,
+                                      sizeof(ciphertext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_EncryptUpdate
+    \sa wc_AsconAEAD128_EncryptFinal
+    \sa wc_AsconAEAD128_DecryptFinal
+    */
+int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in,
+                                  word32 inSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function finalizes the decryption process using Ascon AEAD and
+           verifies the authentication tag.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or tag pointer is NULL.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for encryption.
+    \return ASCON_AUTH_E if the authentication tag does not match.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param tag pointer to the buffer containing the authentication tag to verify
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptUpdate(&a, plaintext, ciphertext,
+                                      sizeof(ciphertext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_DecryptUpdate
+    \sa wc_AsconAEAD128_EncryptUpdate
+    \sa wc_AsconAEAD128_EncryptFinal
+    */
+int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag);
+
+
diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h
index e7505e228..3b9cc7282 100644
--- a/doc/dox_comments/header_files/asn_public.h
+++ b/doc/dox_comments/header_files/asn_public.h
@@ -1557,6 +1557,219 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output,
 int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output,
                                      word32 inLen, int with_AlgCurve, int comp);
 
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 private key (only) from a DER
+    encoded buffer
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded private key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519KeyDecode
+    \sa wc_Curve25519PublicKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+
+    if (wc_Curve25519PrivateKeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding private key
+    }
+    \endcode
+*/
+int wc_Curve25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                  curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 public key (only) from a DER
+    encoded buffer.
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded public key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519KeyDecode
+    \sa wc_Curve25519PrivateKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    if (wc_Curve25519PublicKeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding public key
+    }
+    \endcode
+*/
+int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
+                                 curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 key from a DER encoded buffer. It
+    can decode either a private key, a public key, or both.
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519PrivateKeyDecode
+    \sa wc_Curve25519PublicKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    if (wc_Curve25519KeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding key
+    }
+    \endcode
+*/
+int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx,
+                           curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 private key to DER format. If the
+    input key structure contains a public key, it will be ignored.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing private key to
+    encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+
+    \sa wc_Curve25519KeyToDer
+    \sa wc_Curve25519PublicKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519PrivateKeyToDer(&key, der, derSz);
+    \endcode
+*/
+int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output,
+                                 word32 inLen);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 public key to DER format. If the
+    input key structure contains a private key, it will be ignored.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing public key to
+    encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+    \param withAlg Whether to include algorithm identifier in the DER encoding
+
+    \sa wc_Curve25519KeyToDer
+    \sa wc_Curve25519PrivateKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519PublicKeyToDer(&key, der, derSz, 1);
+    \endcode
+*/
+int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                                int withAlg);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 key to DER format. It can encode
+    either a private key, a public key, or both.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing key to encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+    \param withAlg Whether to include algorithm identifier in the DER encoding
+
+    \sa wc_Curve25519PrivateKeyToDer
+    \sa wc_Curve25519PublicKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519KeyToDer(&key, der, derSz, 1);
+    \endcode
+*/
+int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                          int withAlg);
+
 /*!
     \ingroup ASN
 
@@ -1662,7 +1875,7 @@ void wc_SetCert_Free(Cert* cert);
     \return Length of traditional private key on success.
     \return Negative values on failure.
 
-    \param input Buffer containing unencrypted PKCS#8 private key. 
+    \param input Buffer containing unencrypted PKCS#8 private key.
     \param inOutIdx Index into the input buffer. On input, it should be a byte
     offset to the beginning of the the PKCS#8 buffer. On output, it will be the
     byte offset to the traditional private key within the input buffer.
@@ -1691,7 +1904,7 @@ int wc_GetPkcs8TraditionalOffset(byte* input,
 
     \brief This function takes in a DER private key and converts it to PKCS#8
     format. Also used in creating PKCS#12 shrouded key bags. See RFC 5208.
-    
+
     \return The size of the PKCS#8 key placed into out on success.
     \return LENGTH_ONLY_E if out is NULL, with required output buffer size in
     outSz.
@@ -1840,7 +2053,7 @@ int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
 
     \brief This function takes a traditional, DER key, converts it to PKCS#8
      format, and encrypts it. It uses wc_CreatePKCS8Key and wc_EncryptPKCS8Key
-     to do this. 
+     to do this.
 
     \return The size of the encrypted key placed in out on success.
     \return LENGTH_ONLY_E if out is NULL, with required output buffer size in
@@ -2199,7 +2412,7 @@ int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts);
     \return  0 on success.
     \return  BAD_FUNC_ARG when asn1 is NULL.
     \return  BAD_FUNC_ARG when val is out of range for option.
- 
+
     \param opts  The ASN.1 options for printing.
     \param opt   An option to set value for.
     \param val   The value to set.
diff --git a/doc/dox_comments/header_files/cmac.h b/doc/dox_comments/header_files/cmac.h
index 58ea35ea4..7f3ebffdc 100644
--- a/doc/dox_comments/header_files/cmac.h
+++ b/doc/dox_comments/header_files/cmac.h
@@ -126,7 +126,8 @@ int wc_CmacFinalNoFree(Cmac* cmac,
     \sa wc_CmacFinalNoFree
     \sa wc_CmacFree
 */
-int wc_CmacFinalNoFree(Cmac* cmac);
+int wc_CmacFinal(Cmac* cmac,
+                 byte* out, word32* outSz);
 
 /*!
     \ingroup CMAC
diff --git a/doc/dox_comments/header_files/cryptocb.h b/doc/dox_comments/header_files/cryptocb.h
index 152f8823e..35cc88ef2 100644
--- a/doc/dox_comments/header_files/cryptocb.h
+++ b/doc/dox_comments/header_files/cryptocb.h
@@ -1,14 +1,14 @@
 /*!
     \ingroup CryptoCb
 
-    \brief This function registers a unique device identifier (devID) and 
-    callback function for offloading crypto operations to external 
+    \brief This function registers a unique device identifier (devID) and
+    callback function for offloading crypto operations to external
     hardware such as Key Store, Secure Element, HSM, PKCS11 or TPM.
 
     For STSAFE with Crypto Callbacks example see
     wolfcrypt/src/port/st/stsafe.c and the wolfSSL_STSAFE_CryptoDevCb function.
 
-    For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb 
+    For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb
     function in wolfTPM src/tpm2_wrap.c
 
     \return CRYPTOCB_UNAVAILABLE to fallback to using software crypto
@@ -90,7 +90,7 @@ int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 /*!
     \ingroup CryptoCb
 
-    \brief This function un-registers a unique device identifier (devID) 
+    \brief This function un-registers a unique device identifier (devID)
     callback function.
 
     \return none No returns.
diff --git a/doc/dox_comments/header_files/doxygen_groups.h b/doc/dox_comments/header_files/doxygen_groups.h
index 709d462b1..5cac25e2d 100644
--- a/doc/dox_comments/header_files/doxygen_groups.h
+++ b/doc/dox_comments/header_files/doxygen_groups.h
@@ -154,7 +154,7 @@
       -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
       -# Derive SSV and auth data: wc_DeriveSakkeSSV()
       -# Free SAKKE Key: wc_FreeSakkeKey()
-    
+
     \defgroup SAKKE_Setup Setup SAKKE Key
     Operations for establishing a SAKKE key.
 
diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h
index 49de5aa02..20bd89ccd 100644
--- a/doc/dox_comments/header_files/ecc.h
+++ b/doc/dox_comments/header_files/ecc.h
@@ -1722,7 +1722,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt);
 
     \param ctx pointer to the ecEncCtx for which to set the salt
     \param salt pointer to salt buffer
-    \param len length salt in bytes
+    \param sz length salt in bytes
 
     _Example_
     \code
@@ -1742,7 +1742,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt);
     \sa wc_ecc_ctx_get_peer_salt
 */
 
-int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len);
+int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz);
 
 /*!
     \ingroup ECC
@@ -2006,3 +2006,29 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     \endcode
 */
 int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
+
+/*!
+    \ingroup ECC
+
+    \brief Compare a curve which has larger key than specified size or the curve matched curve ID,
+         set a curve with smaller key size to the key.
+
+    \return 0 Returned upon successfully setting the key
+
+    \param keysize Key size in bytes
+    \param curve_id Curve ID
+
+                                                                                                        _Example_
+    \code int ret;
+    ecc_key ecc;
+
+    ret = wc_ecc_init(&ecc);
+    if (ret != 0)
+        return ret;
+        ret = wc_ecc_set_curve(&ecc, 32, ECC_SECP256R1));
+        if (ret != 0)
+            return ret;
+
+    \endcode
+*/
+int wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id);
diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h
index b4176da9b..9ab61de62 100644
--- a/doc/dox_comments/header_files/ed25519.h
+++ b/doc/dox_comments/header_files/ed25519.h
@@ -8,7 +8,7 @@
     \return 0 Returned upon successfully making the public key.
     \return BAD_FUNC_ARG Returned if key or pubKey evaluate to NULL, or if the
     specified key size is not 32 bytes (Ed25519 has 32 byte keys).
-    \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have 
+    \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have
     the private key in it.
     \return MEMORY_E Returned if there is an error allocating memory
     during function execution.
@@ -188,8 +188,7 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out,
 
     \brief This function signs a message digest using an ed25519_key object
     to guarantee authenticity. The context is included as part of the data
-    signed. The message is pre-hashed before signature calculation. The hash
-    algorithm used to create message digest must be SHAKE-256.
+    signed. The message is pre-hashed before signature calculation.
 
     \return 0 Returned upon successfully generating a signature for the
     message digest.
diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h
index a3ea82088..2f186b56b 100644
--- a/doc/dox_comments/header_files/ed448.h
+++ b/doc/dox_comments/header_files/ed448.h
@@ -133,7 +133,6 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
     \brief This function signs a message digest using an ed448_key object
     to guarantee authenticity. The context is included as part of the data
     signed. The hash is the pre-hashed message before signature calculation.
-    The hash algorithm used to create message digest must be SHAKE-256.
 
     \return 0 Returned upon successfully generating a signature for the
     message digest.
@@ -162,7 +161,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
 
     byte sig[114]; // will hold generated signature
     sigSz = sizeof(sig);
-    byte hash[] = { initialize with SHAKE-256 hash of message };
+    byte hash[] = { initialize hash of message };
     byte context[] = { initialize with context of signing };
 
     wc_InitRng(&rng); // initialize rng
@@ -297,7 +296,6 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
     \brief This function verifies the Ed448 signature of the digest of a message
     to ensure authenticity. The context is included as part of the data
     verified. The hash is the pre-hashed message before signature calculation.
-    The hash algorithm used to create message digest must be SHAKE-256.
     The answer is returned through res, with 1 corresponding to a valid
     signature, and 0 corresponding to an invalid signature.
 
@@ -325,7 +323,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
     int ret, verified = 0;
 
     byte sig[] { initialize with received signature };
-    byte hash[] = { initialize with SHAKE-256 hash of message };
+    byte hash[] = { initialize hash of message };
     byte context[] = { initialize with context of signature };
     // initialize key with received public key
     ret = wc_ed448ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
diff --git a/doc/dox_comments/header_files/hmac.h b/doc/dox_comments/header_files/hmac.h
index a7c416828..1db707a8b 100644
--- a/doc/dox_comments/header_files/hmac.h
+++ b/doc/dox_comments/header_files/hmac.h
@@ -8,9 +8,9 @@
     \return BAD_FUNC_ARG Returned if the input type is invalid (see type param)
     \return MEMORY_E Returned if there is an error allocating memory for the
     structure to use for hashing
-    \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
+    \return HMAC_MIN_KEYLEN_E Returned when using a FIPS implementation
     and the key length specified is shorter than the minimum acceptable
-    FIPS standard
+    FIPS standard of 14 bytes
 
     \param hmac pointer to the Hmac object to initialize
     \param type type specifying which encryption method the Hmac object
diff --git a/doc/dox_comments/header_files/iotsafe.h b/doc/dox_comments/header_files/iotsafe.h
index d04d8f31f..46bd2e5da 100644
--- a/doc/dox_comments/header_files/iotsafe.h
+++ b/doc/dox_comments/header_files/iotsafe.h
@@ -346,7 +346,7 @@ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size)
 
 /*!
     \ingroup IoTSafe
-    \brief Sign a pre-computed 256-bit HASH, using a private key previously stored, or pre-provisioned,
+    \brief Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned,
     in the IoT-Safe applet.
 
     \param in pointer to the buffer containing the message hash to sign
@@ -367,7 +367,7 @@ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen,
 
 /*!
     \ingroup IoTSafe
-    \brief Sign a pre-computed 256-bit HASH, using a private key previously stored, or pre-provisioned,
+    \brief Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned,
            in the IoT-Safe applet. Equivalent to \ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash",
            except that it can be invoked with a key ID of two or more bytes.
 
@@ -390,7 +390,7 @@ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outle
 
 /*!
     \ingroup IoTSafe
-    \brief Verify an ECC signature against a pre-computed 256-bit HASH, using a public key previously stored, or pre-provisioned,
+    \brief Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned,
     in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid.
     Note: Do not use the return value to test for valid. Only use res.
 
@@ -412,7 +412,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hash
 
 /*!
     \ingroup IoTSafe
-    \brief Verify an ECC signature against a pre-computed 256-bit HASH, using a public key previously stored, or pre-provisioned,
+    \brief Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned,
     in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid.
     Note: Do not use the return value to test for valid. Only use res.
     Equivalent to \ref wc_iotsafe_ecc_verify_hash "wc_iotsafe_ecc_verify_hash",
diff --git a/doc/dox_comments/header_files/kdf.h b/doc/dox_comments/header_files/kdf.h
index 02088c75d..145811bd0 100644
--- a/doc/dox_comments/header_files/kdf.h
+++ b/doc/dox_comments/header_files/kdf.h
@@ -223,3 +223,39 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
 */
 int wc_SRTP_KDF_kdr_to_idx(word32 kdr);
 
+/**
+ * \brief Performs the single-step key derivation function (KDF) as specified in
+ * SP800-56C option 1.
+ *
+ * \param [in] z The input keying material.
+ * \param [in] zSz The size of the input keying material.
+ * \param [in] fixedInfo The fixed information to be included in the KDF.
+ * \param [in] fixedInfoSz The size of the fixed information.
+ * \param [in] derivedSecretSz The desired size of the derived secret.
+ * \param [in] hashType The hash algorithm to be used in the KDF.
+ * \param [out] output The buffer to store the derived secret.
+ * \param [in] outputSz The size of the output buffer.
+ *
+
+ * \return 0 if the KDF operation is successful,
+ * \return BAD_FUNC_ARG if the input parameters are invalid.
+ * \return negative error code if the KDF operation fails.
+ *
+ *    _Example_
+    \code
+    unsigned char z[32] = { ... };
+    unsigned char fixedInfo[16] = { ... };
+    unsigned char output[32];
+    int ret;
+
+    ret = wc_KDA_KDF_onestep(z, sizeof(z), fixedInfo, sizeof(fixedInfo),
+        sizeof(output), WC_HASH_TYPE_SHA256, output, sizeof(output));
+    if (ret != 0) {
+        WOLFSSL_MSG("wc_KDA_KDF_onestep failed");
+    }
+    \endcode
+ */
+int wc_KDA_KDF_onestep(const byte* z, word32 zSz,
+    const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz,
+    enum wc_HashType hashType, byte* output, word32 outputSz);
+
diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h
index 24594783d..fbc2172fc 100644
--- a/doc/dox_comments/header_files/memory.h
+++ b/doc/dox_comments/header_files/memory.h
@@ -4,9 +4,9 @@
     \brief This function is similar to malloc(), but calls the memory
     allocation function which wolfSSL has been configured to use. By default,
     wolfSSL uses malloc().  This can be changed using the wolfSSL memory
-    abstraction layer - see wolfSSL_SetAllocators(). Note wolfSSL_Malloc is not 
+    abstraction layer - see wolfSSL_SetAllocators(). Note wolfSSL_Malloc is not
     called directly by wolfSSL, but instead called by macro XMALLOC.
-    For the default build only the size argument exists. If using 
+    For the default build only the size argument exists. If using
     WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
     \return pointer If successful, this function returns a pointer to
@@ -37,9 +37,9 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type);
     \brief This function is similar to free(), but calls the memory free
     function which wolfSSL has been configured to use. By default, wolfSSL
     uses free(). This can be changed using the wolfSSL memory abstraction
-    layer - see wolfSSL_SetAllocators(). Note wolfSSL_Free is not 
+    layer - see wolfSSL_SetAllocators(). Note wolfSSL_Free is not
     called directly by wolfSSL, but instead called by macro XFREE.
-    For the default build only the ptr argument exists. If using 
+    For the default build only the ptr argument exists. If using
     WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
     \return none No returns.
@@ -73,8 +73,8 @@ void  wolfSSL_Free(void *ptr, void* heap, int type);
     \brief This function is similar to realloc(), but calls the memory
     re-allocation function which wolfSSL has been configured to use.
     By default, wolfSSL uses realloc().  This can be changed using the
-    wolfSSL memory abstraction layer - see wolfSSL_SetAllocators(). 
-    Note wolfSSL_Realloc is not called directly by wolfSSL, but instead called 
+    wolfSSL memory abstraction layer - see wolfSSL_SetAllocators().
+    Note wolfSSL_Realloc is not called directly by wolfSSL, but instead called
     by macro XREALLOC. For the default build only the size argument exists.
     If using WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
@@ -217,3 +217,195 @@ int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
     \sa wolfSSL_Free
 */
 int wolfSSL_MemoryPaddingSz(void);
+
+/*!
+    \ingroup Memory
+
+    \brief This function is used to set aside static memory for a CTX.
+    Memory set aside is then used for the CTX’s lifetime and for any SSL objects created
+    from the CTX. By passing in a NULL ctx pointer and a wolfSSL_method_func function the creation
+    of the CTX itself will also use static memory. wolfSSL_method_func has the function signature
+    of WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);.
+    Passing in 0 for max makes it behave as if not set and no max concurrent use restrictions
+    is in place.
+    The flag value passed in determines how the memory is used and behavior while operating.
+    Available flags are the following.
+
+    0 - default general memory
+
+    WOLFMEM_IO_POOL - used for input/output buffer when sending receiving messages.
+    Overrides general memory, so all memory in buffer passed in is used for IO.
+    WOLFMEM_IO_FIXED - same as WOLFMEM_IO_POOL but each SSL now keeps two
+    buffers to themselves for their lifetime.
+    WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running.
+
+    \return If successful, SSL_SUCCESS will be returned.
+    \return All unsuccessful return values will be less than 0 or equal to SSL_FAILURE.
+
+    \param ctx address of pointer to a WOLFSSL_CTX structure.
+    \param method function to create protocol. (should be NULL if ctx is not also NULL)
+    \param buf memory to use for all operations.
+    \param sz size of memory buffer being passed in.
+    \param flag type of memory.
+    \param max max concurrent operations.
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx;
+    WOLFSSL* ssl;
+    int ret;
+    unsigned char memory[MAX];
+    int memorySz = MAX;
+    unsigned char IO[MAX];
+    int IOSz = MAX;
+    int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS;
+    ...
+    // create ctx also using static memory, start with general memory to use
+    ctx = NULL:
+    ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex, memory, memorySz, 0,
+    MAX_CONCURRENT_HANDSHAKES);
+    if (ret != SSL_SUCCESS) {
+    // handle error case
+    }
+    // load in memory for use with IO
+    ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag, MAX_CONCURRENT_IO);
+    if (ret != SSL_SUCCESS) {
+    // handle error case
+    }
+    ...
+    \endcode
+
+    \sa wolfSSL_CTX_new
+    \sa wolfSSL_CTX_is_static_memory
+    \sa wolfSSL_is_static_memory
+*/
+int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
+        unsigned char* buf, unsigned int sz, int flag, int max);
+
+/*!
+    \ingroup Memory
+
+    \brief This function does not change any of the connections behavior and is used only for
+    gathering information about the static memory usage.
+
+    \return A value of 1 is returned if using static memory for the CTX is true.
+    \return 0 is returned if not using static memory.
+
+    \param ctx a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
+    \param mem_stats structure to hold information about staic memory usage.
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx;
+    int ret;
+    WOLFSSL_MEM_STATS mem_stats;
+    ...
+    //get information about static memory with CTX
+
+    ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats);
+
+    if (ret == 1) {
+        // handle case of is using static memory
+        // print out or inspect elements of mem_stats
+    }
+
+    if (ret == 0) {
+        //handle case of ctx not using static memory
+    }
+    ...
+    \endcode
+
+    \sa wolfSSL_CTX_new
+    \sa wolfSSL_CTX_load_static_memory
+    \sa wolfSSL_is_static_memory
+*/
+int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats);
+
+/*!
+    \ingroup Memory
+
+    \brief wolfSSL_is_static_memory is used to gather information about a SSL’s static
+    memory usage. The return value indicates if static memory is being used and
+    WOLFSSL_MEM_CONN_STATS will be filled out if and only if the flag WOLFMEM_TRACK_STATS was
+    passed to the parent CTX when loading in static memory.
+
+    \return A value of 1 is returned if using static memory for the CTX is true.
+    \return 0 is returned if not using static memory.
+
+    \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
+    \param mem_stats structure to contain static memory usage
+
+    _Example_
+    \code
+    WOLFSSL* ssl;
+    int ret;
+    WOLFSSL_MEM_CONN_STATS mem_stats;
+
+    ...
+
+    ret = wolfSSL_is_static_memory(ssl, mem_stats);
+
+    if (ret == 1) {
+        // handle case when is static memory
+        // investigate elements in mem_stats if WOLFMEM_TRACK_STATS flag
+    }
+    ...
+    \endcode
+
+    \sa wolfSSL_new
+    \sa wolfSSL_CTX_is_static_memory
+*/
+int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats);
+
+/*!
+    \ingroup Memory
+
+    \brief This function is used to set aside static memory for wolfCrypt use. Memory can be
+    used by passing the created heap hint into functions. An example of this is when calling
+    wc_InitRng_ex. The flag value passed in determines how the memory is used and behavior
+    while operating, in general wolfCrypt operations will use memory from a WOLFMEM_GENERAL pool.
+    Available flags are the following.
+
+    WOLFMEM_GENERAL - default general memory
+
+    WOLFMEM_IO_POOL - used for input/output buffer when sending receiving messages.
+        Overrides general memory, so all memory in buffer passed in is used for IO.
+    WOLFMEM_IO_FIXED - same as WOLFMEM_IO_POOL but each SSL now keeps two
+        buffers to themselves for their lifetime.
+    WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running
+
+    \return If successful, 0 will be returned.
+    \return All unsuccessful return values will be less than 0.
+
+    \param hint WOLFSSL_HEAP_HINT structure to use
+    \param buf memory to use for all operations.
+    \param sz size of memory buffer being passed in.
+    \param flag type of memory.
+    \param max max concurrent operations (handshakes, IO).
+
+    _Example_
+    \code
+    WOLFSSL_HEAP_HINT hint;
+    int ret;
+    unsigned char memory[MAX];
+    int memorySz = MAX;
+    int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS;
+    ...
+
+    // load in memory for use
+
+    ret = wc_LoadStaticMemory(&hint, memory, memorySz, flag, 0);
+    if (ret != SSL_SUCCESS) {
+        // handle error case
+    }
+    ...
+
+    ret = wc_InitRng_ex(&rng, hint, 0);
+
+    // check ret value
+    \endcode
+
+    \sa none
+*/
+int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz,
+                int flag, int max);
diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h
index 0a329085e..5b70953ef 100644
--- a/doc/dox_comments/header_files/pkcs7.h
+++ b/doc/dox_comments/header_files/pkcs7.h
@@ -205,8 +205,8 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
 
     \brief This function builds the PKCS7 signed data content type, encoding
     the PKCS7 structure into a header and footer buffer containing a parsable PKCS7
-    signed data packet. This does not include the content. 
-    A hash must be computed and provided for the data 
+    signed data packet. This does not include the content.
+    A hash must be computed and provided for the data
 
     \return 0=Success
     \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or
@@ -244,11 +244,11 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \param hashSz size of the digest
     \param outputHead pointer to the buffer in which to store the
     encoded certificate header
-    \param outputHeadSz pointer populated with size of output header buffer 
+    \param outputHeadSz pointer populated with size of output header buffer
     and returns actual size
     \param outputFoot pointer to the buffer in which to store the
     encoded certificate footer
-    \param outputFootSz pointer populated with size of output footer buffer 
+    \param outputFootSz pointer populated with size of output footer buffer
     and returns actual size
 
     _Example_
@@ -285,7 +285,7 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -297,8 +297,8 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_VerifySignedData_ex
 */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
+int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz);
 
 /*!
@@ -382,9 +382,9 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
 /*!
     \ingroup PKCS7
 
-    \brief This function takes in a transmitted PKCS7 signed data message as 
-    hash/header/footer, then extracts the certificate list and certificate 
-    revocation list, and then verifies the signature. It stores the extracted 
+    \brief This function takes in a transmitted PKCS7 signed data message as
+    hash/header/footer, then extracts the certificate list and certificate
+    revocation list, and then verifies the signature. It stores the extracted
     content in the given PKCS7 structure.
 
     \return 0 Returned on successfully extracting the information
@@ -426,10 +426,10 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     certificates
     \param hashBuf pointer to computed hash for the content data
     \param hashSz size of the digest
-    \param pkiMsgHead pointer to the buffer containing the signed message header 
+    \param pkiMsgHead pointer to the buffer containing the signed message header
     to verify and decode
     \param pkiMsgHeadSz size of the signed message header
-    \param pkiMsgFoot pointer to the buffer containing the signed message footer 
+    \param pkiMsgFoot pointer to the buffer containing the signed message footer
     to verify and decode
     \param pkiMsgFootSz size of the signed message footer
 
@@ -463,7 +463,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -475,8 +475,8 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_EncodeSignedData_ex
 */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
+int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
 /*!
diff --git a/doc/dox_comments/header_files/rsa.h b/doc/dox_comments/header_files/rsa.h
index f62e1686c..2245052f3 100644
--- a/doc/dox_comments/header_files/rsa.h
+++ b/doc/dox_comments/header_files/rsa.h
@@ -27,7 +27,6 @@
     }
     \endcode
 
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
@@ -77,7 +76,6 @@ int  wc_InitRsaKey(RsaKey* key, void* heap);
     \endcode
 
     \sa wc_InitRsaKey
-    \sa wc_RsaInitCavium
     \sa wc_FreeRsaKey
     \sa wc_RsaSetRNG
 */
@@ -133,6 +131,51 @@ int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
 */
 int  wc_FreeRsaKey(RsaKey* key);
 
+/*!
+    \ingroup RSA
+
+    \brief Function that does the RSA operation directly with no padding. The input
+        size must match key size. Typically this is
+        used when padding is already done on the RSA input.
+
+    \return size On successfully encryption the size of the encrypted buffer
+    is returned
+    \return RSA_BUFFER_E RSA buffer error, output too small or input too large
+
+    \param in buffer to do operation on
+    \param inLen length of input buffer
+    \param out buffer to hold results
+    \param outSz gets set to size of result buffer. Should be passed in as length
+        of out buffer. If the pointer "out" is null then outSz gets set to the
+        expected buffer size needed and LENGTH_ONLY_E gets returned.
+    \param key initialized RSA key to use for encrypt/decrypt
+    \param type if using private or public key (RSA_PUBLIC_ENCRYPT,
+        RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT)
+    \param rng initialized WC_RNG struct
+
+    _Example_
+    \code
+    int ret;
+    WC_RNG rng;
+    RsaKey key;
+    byte  in[256];
+    byte out[256];
+    word32 outSz = (word32)sizeof(out);
+    …
+
+    ret = wc_RsaDirect(in, (word32)sizeof(in), out, &outSz, &key,
+        RSA_PRIVATE_ENCRYPT, &rng);
+    if (ret < 0) {
+	    //handle error
+    }
+    \endcode
+
+    \sa wc_RsaPublicEncrypt
+    \sa wc_RsaPrivateDecrypt
+*/
+int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
+        RsaKey* key, int type, WC_RNG* rng);
+
 /*!
     \ingroup RSA
 
@@ -290,6 +333,12 @@ int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
     if (ret < 0) {
         return -1;
     }
+    if (ret != inLen) {
+        return -1;
+    }
+    if (XMEMCMP(in, plain, ret) != 0) {
+        return -1;
+    }
     \endcode
 
     \sa wc_RsaPad
@@ -360,6 +409,12 @@ int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
     if (ret < 0) {
         return -1;
     }
+    if (ret != inLen) {
+        return -1;
+    }
+    if (XMEMCMP(in, plain, ret) != 0) {
+        return -1;
+    }
     \endcode
 
     \sa wc_RsaSSL_Sign
diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index a96b3888f..7da361348 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -1997,8 +1997,8 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
 /*!
     \ingroup IO
 
-    \brief This function returns the file descriptor (fd) used as the
-    input/output facility for the SSL connection.  Typically this
+    \brief This function returns the read file descriptor (fd) used as the
+    input facility for the SSL connection.  Typically this
     will be a socket file descriptor.
 
     \return fd If successful the call will return the SSL session file
@@ -2016,9 +2016,38 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
     \endcode
 
     \sa wolfSSL_set_fd
+    \sa wolfSSL_set_read_fd
+    \sa wolfSSL_set_write_fd
 */
 int  wolfSSL_get_fd(const WOLFSSL*);
 
+/*!
+    \ingroup IO
+
+    \brief This function returns the write file descriptor (fd) used as the
+    output facility for the SSL connection.  Typically this
+    will be a socket file descriptor.
+
+    \return fd If successful the call will return the SSL session file
+    descriptor.
+
+    \param ssl pointer to the SSL session, created with wolfSSL_new().
+
+    _Example_
+    \code
+    int sockfd;
+    WOLFSSL* ssl = 0;
+    ...
+    sockfd = wolfSSL_get_wfd(ssl);
+    ...
+    \endcode
+
+    \sa wolfSSL_set_fd
+    \sa wolfSSL_set_read_fd
+    \sa wolfSSL_set_write_fd
+*/
+int  wolfSSL_get_wfd(const WOLFSSL*);
+
 /*!
     \ingroup Setup
 
@@ -2086,15 +2115,18 @@ int  wolfSSL_get_using_nonblock(WOLFSSL*);
     \brief This function writes sz bytes from the buffer, data, to the SSL
     connection, ssl. If necessary, wolfSSL_write() will negotiate an SSL/TLS
     session if the handshake has not already been performed yet by
-    wolfSSL_connect() or wolfSSL_accept(). wolfSSL_write() works with both
-    blocking and non-blocking I/O.  When the underlying I/O is non-blocking,
-    wolfSSL_write() will return when the underlying I/O could not satisfy the
-    needs of wolfSSL_write() to continue.  In this case, a call to
-    wolfSSL_get_error() will yield either SSL_ERROR_WANT_READ or
-    SSL_ERROR_WANT_WRITE.  The calling process must then repeat the call to
-    wolfSSL_write() when the underlying I/O is ready. If the underlying I/O
-    is blocking, wolfSSL_write() will only return once the buffer data of
-    size sz has been completely written or an error occurred.
+    wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
+    feature is compiled in, this function progresses the handshake only up to
+    the point when it is possible to send data. Next invocations of
+    wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
+    handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
+    When the underlying I/O is non-blocking, wolfSSL_write() will return when
+    the underlying I/O could not satisfy the needs of wolfSSL_write() to
+    continue.  In this case, a call to wolfSSL_get_error() will yield either
+    SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.  The calling process must then
+    repeat the call to wolfSSL_write() when the underlying I/O is ready. If the
+    underlying I/O is blocking, wolfSSL_write() will only return once the buffer
+    data of size sz has been completely written or an error occurred.
 
     \return >0 the number of bytes written upon success.
     \return 0 will be returned upon failure.  Call wolfSSL_get_error() for
@@ -2286,6 +2318,48 @@ int  wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
 */
 int  wolfSSL_accept(WOLFSSL*);
 
+/*!
+    \ingroup IO
+
+    \brief This function is called on the server side and statelessly listens
+    for an SSL client to initiate the DTLS handshake.
+
+    \return WOLFSSL_SUCCESS ClientHello containing a valid cookie was received.
+    The connection can be continued with wolfSSL_accept().
+    \return WOLFSSL_FAILURE The I/O layer returned WANT_READ. This is either
+    because there is no data to read and we are using non-blocking sockets or
+    we sent a cookie request and we are waiting for a reply. The user should
+    call wolfDTLS_accept_stateless again after data becomes available in
+    the I/O layer.
+    \return WOLFSSL_FATAL_ERROR A fatal error occurred. The ssl object should be
+    free'd and allocated again to continue.
+
+    \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
+
+    _Example_
+    \code
+    int ret = 0;
+    int err = 0;
+    WOLFSSL* ssl;
+    ...
+    do {
+        ret = wolfDTLS_accept_stateless(ssl);
+        if (ret == WOLFSSL_FATAL_ERROR)
+            // re-allocate the ssl object with wolfSSL_free() and wolfSSL_new()
+    } while (ret != WOLFSSL_SUCCESS);
+    ret = wolfSSL_accept(ssl);
+    if (ret != SSL_SUCCESS) {
+        err = wolfSSL_get_error(ssl, ret);
+        printf(“error = %d, %s\n�, err, wolfSSL_ERR_error_string(err, buffer));
+    }
+    \endcode
+
+    \sa wolfSSL_accept
+    \sa wolfSSL_get_error
+    \sa wolfSSL_connect
+*/
+int  wolfDTLS_accept_stateless(WOLFSSL* ssl);
+
 /*!
     \ingroup Setup
 
@@ -3853,12 +3927,53 @@ int  wolfSSL_dtls(WOLFSSL* ssl);
     \endcode
 
     \sa wolfSSL_dtls_get_current_timeout
+    \sa wolfSSL_dtls_set_pending_peer
     \sa wolfSSL_dtls_get_peer
     \sa wolfSSL_dtls_got_timeout
     \sa wolfSSL_dtls
 */
 int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
 
+/*!
+    \brief This function sets the pending DTLS peer, peer (sockaddr_in) with
+    size of peerSz. This sets the pending peer that will be upgraded to a
+    regular peer when we successfully de-protect the next record. This is useful
+    in scenarios where the peer's address can change to avoid off-path attackers
+    from changing the peer address. This should be used with Connection ID's to
+    allow seamless and safe transition to a new peer address.
+
+    \return SSL_SUCCESS will be returned upon success.
+    \return SSL_FAILURE will be returned upon failure.
+    \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
+    with DTLS support.
+
+    \param ssl    a pointer to a WOLFSSL structure, created using wolfSSL_new().
+    \param peer   pointer to peer’s sockaddr_in structure. If NULL then the peer
+                  information in ssl is cleared.
+    \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
+                  then the peer information in ssl is cleared.
+
+    _Example_
+    \code
+    int ret = 0;
+    WOLFSSL* ssl;
+    sockaddr_in addr;
+    ...
+    ret = wolfSSL_dtls_set_pending_peer(ssl, &addr, sizeof(addr));
+    if (ret != SSL_SUCCESS) {
+	    // failed to set DTLS peer
+    }
+    \endcode
+
+    \sa wolfSSL_dtls_get_current_timeout
+    \sa wolfSSL_dtls_set_peer
+    \sa wolfSSL_dtls_get_peer
+    \sa wolfSSL_dtls_got_timeout
+    \sa wolfSSL_dtls
+*/
+int  wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
+                                   unsigned int peerSz);
+
 /*!
     \brief This function gets the sockaddr_in (of size peerSz) of the current
     DTLS peer.  The function will compare peerSz to the actual DTLS peer size
@@ -3896,6 +4011,41 @@ int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
 */
 int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
 
+/*!
+    \brief This function gets the sockaddr_in (of size peerSz) of the current
+    DTLS peer.  This is a zero-copy alternative to wolfSSL_dtls_get_peer().
+
+    \return SSL_SUCCESS will be returned upon success.
+    \return SSL_FAILURE will be returned upon failure.
+    \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
+    with DTLS support.
+
+    \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
+    \param peer pointer to return the internal buffer holding the peer address
+    \param peerSz output the size of the actual sockaddr_in structure
+    pointed to by peer.
+
+    _Example_
+    \code
+    int ret = 0;
+    WOLFSSL* ssl;
+    sockaddr_in* addr;
+    unsigned int addrSz;
+    ...
+    ret = wolfSSL_dtls_get_peer(ssl, &addr, &addrSz);
+    if (ret != SSL_SUCCESS) {
+	    // failed to get DTLS peer
+    }
+    \endcode
+
+    \sa wolfSSL_dtls_get_current_timeout
+    \sa wolfSSL_dtls_got_timeout
+    \sa wolfSSL_dtls_set_peer
+    \sa wolfSSL_dtls
+*/
+int  wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                            unsigned int* peerSz);
+
 /*!
     \ingroup Debug
 
@@ -4037,8 +4187,8 @@ int  wolfSSL_session_reused(WOLFSSL* ssl);
 
     \return 0 returned if the connection is not established, i.e. the WOLFSSL
     struct is NULL or the handshake is not done.
-    \return 1 returned if the connection is not established i.e. the WOLFSSL
-    struct is null or the handshake is not done.
+    \return 1 returned if the connection is established i.e. the WOLFSSL
+    handshake is done.
 
     \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
 
@@ -7596,18 +7746,49 @@ int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
     WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
     WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
     …
-    if(!wolfSSL_CTX_UnloadCAs(ctx)){
+    if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){
     	// The function did not unload CAs
     }
     \endcode
 
     \sa wolfSSL_CertManagerUnloadCAs
     \sa LockMutex
-    \sa FreeSignerTable
     \sa UnlockMutex
 */
 int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
 
+
+/*!
+    \ingroup Setup
+
+    \brief This function unloads intermediate certificates added to the CA
+    signer list and frees them.
+
+    \return SSL_SUCCESS returned on successful execution of the function.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or there
+    are otherwise unpermitted argument values passed in a subroutine.
+    \return BAD_STATE_E returned if the WOLFSSL_CTX has a reference count > 1.
+    \return BAD_MUTEX_E returned if there was a mutex error. The LockMutex()
+    did not return 0.
+
+    \param ctx a pointer to a WOLFSSL_CTX structure, created using
+    wolfSSL_CTX_new().
+
+    _Example_
+    \code
+    WOLFSSL_METHOD method = wolfTLSv1_2_client_method();
+    WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method);
+    …
+    if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){
+        // The function did not unload CAs
+    }
+    \endcode
+
+    \sa wolfSSL_CTX_UnloadCAs
+    \sa wolfSSL_CertManagerUnloadIntermediateCerts
+*/
+int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
+
 /*!
     \ingroup Setup
 
@@ -7722,9 +7903,9 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
@@ -7779,9 +7960,9 @@ int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     // Example for force loading an expired certificate
@@ -7835,9 +8016,9 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
@@ -7886,9 +8067,9 @@ int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -7936,9 +8117,9 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte keyBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -7985,9 +8166,9 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certChainBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
     if (ret != SSL_SUCCESS) {
@@ -8031,10 +8212,10 @@ int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte certBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
@@ -8080,10 +8261,10 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte keyBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
     ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -8127,10 +8308,10 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte certChainBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
     ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
     if (ret != SSL_SUCCESS) {
@@ -9548,17 +9729,44 @@ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
     #include <wolfssl/ssl.h>
 
     WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
-    WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew();
+    WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
     ...
-    if(wolfSSL_CertManagerUnloadCAs(ctx->cm) != SSL_SUCCESS){
+    if(wolfSSL_CertManagerUnloadCAs(cm) != SSL_SUCCESS){
+        Failure case.
+    }
+    \endcode
+
+    \sa UnlockMutex
+*/
+int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
+
+/*!
+    \ingroup CertManager
+    \brief This function unloads intermediate certificates add to the CA
+    signer list.
+
+    \return SSL_SUCCESS returned on successful execution of the function.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER is NULL.
+    \return BAD_MUTEX_E returned if there was a mutex error.
+
+    \param cm a pointer to a WOLFSSL_CERT_MANAGER structure,
+    created using wolfSSL_CertManagerNew().
+
+    _Example_
+    \code
+    #include <wolfssl/ssl.h>
+
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
+    WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx);
+    ...
+    if(wolfSSL_CertManagerUnloadIntermediateCerts(cm) != SSL_SUCCESS){
     	Failure case.
     }
     \endcode
 
-    \sa FreeSignerTable
     \sa UnlockMutex
 */
-int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
+int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm);
 
 /*!
     \ingroup CertManager
@@ -9951,6 +10159,85 @@ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
 int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
                                  CbMissingCRL cb);
 
+/*!
+    \ingroup CertManager
+    \brief This function sets the CRL Update callback. If
+    HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same
+    issuer and a lower CRL number exists when a CRL is added, then the
+    CbUpdateCRL is called with the details of the existing entry and the
+    new one replacing it.
+
+    \return SSL_SUCCESS returned upon successful execution of the function and
+    subroutines.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
+
+    \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
+    the certificate.
+    \param cb a function pointer to (*CbUpdateCRL) that is set to the
+    cbUpdateCRL member of the WOLFSSL_CERT_MANAGER.
+    Signature requirement:
+	void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new);
+
+    _Example_
+    \code
+    #include <wolfssl/ssl.h>
+
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
+    WOLFSSL* ssl = wolfSSL_new(ctx);
+    …
+    void cb(CrlInfo *old, CrlInfo *new){
+	    Function body.
+    }
+    …
+    CbUpdateCRL cb = CbUpdateCRL;
+    …
+    if(ctx){
+        return wolfSSL_CertManagerSetCRLUpdate_Cb(SSL_CM(ssl), cb);
+    }
+    \endcode
+
+    \sa CbUpdateCRL
+*/
+int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm,
+                                       CbUpdateCRL cb);
+
+/*!
+    \ingroup CertManager
+    \brief This function yields a structure with parsed CRL information from
+    an encoded CRL buffer.
+
+    \return SSL_SUCCESS returned upon successful execution of the function and
+    subroutines.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
+
+    \param cm   the WOLFSSL_CERT_MANAGER structure..
+    \param info pointer to caller managed CrlInfo structure that will receive
+                the CRL information.
+    \param buff input buffer containing encoded CRL.
+    \param sz   the length in bytes of the input CRL data in buff.
+    \param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_DER
+
+    _Example_
+    \code
+    #include <wolfssl/ssl.h>
+
+    CrlInfo info;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+
+    cm = wolfSSL_CertManagerNew();
+
+    // Read crl data from file into buffer
+
+    wolfSSL_CertManagerGetCRLInfo(cm, &info, crlData, crlDataLen,
+                                  WOLFSSL_FILETYPE_PEM);
+    \endcode
+
+    \sa CbUpdateCRL
+    \sa wolfSSL_SetCRL_Cb
+*/
+int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
+    const byte* buff, long sz, int type)
+
 /*!
     \ingroup CertManager
     \brief This function frees the CRL stored in the Cert Manager. An
@@ -10136,7 +10423,7 @@ int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
     \sa wolfSSL_CertManagerSetOCSPOverrideURL
     \sa wolfSSL_CertManagerCheckOCSP
     \sa wolfSSL_CertManagerEnableOCSPStapling
-    \sa wolfSSL_ENableOCSP
+    \sa wolfSSL_EnableOCSP
     \sa wolfSSL_DisableOCSP
     \sa wolfSSL_SetOCSP_Cb
 */
@@ -10295,7 +10582,13 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor);
 int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
 
 /*!
-    \brief This function enables OCSP certificate verification.
+    \brief This function enables OCSP certificate verification. The value of
+    options if formed by or’ing one or more of the following options:
+    WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
+     certificates. The override URL is specified using the
+     wolfSSL_CTX_SetOCSP_OverrideURL() function.
+    WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
+    WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
 
     \return SSL_SUCCESS returned if the function and subroutines executes
     without errors.
@@ -10550,10 +10843,13 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
     \brief This function sets options to configure behavior of OCSP
     functionality in wolfSSL.  The value of options if formed by or’ing
     one or more of the following options:
-    WOLFSSL_OCSP_ENABLE - enable OCSP lookups	WOLFSSL_OCSP_URL_OVERRIDE -
-    use the override URL instead of the URL in certificates. The override URL
-    is specified using the wolfSSL_CTX_SetOCSP_OverrideURL() function. This
-    function only sets the OCSP options when wolfSSL has been compiled with
+    WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in
+     certificates. The override URL is specified using the
+     wolfSSL_CTX_SetOCSP_OverrideURL() function.
+    WOLFSSL_OCSP_CHECKALL - Set all OCSP checks on
+    WOLFSSL_OCSP_NO_NONCE - Set nonce option for creating OCSP requests
+
+    This function only sets the OCSP options when wolfSSL has been compiled with
     OCSP support (--enable-ocsp, #define HAVE_OCSP).
 
     \return SSL_SUCCESS is returned upon success.
@@ -10566,12 +10862,17 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
 
     _Example_
     \code
-    WOLFSSL_CTX* ctx = 0;
-    ...
-    wolfSSL_CTX_OCSP_set_options(ctx, WOLFSSL_OCSP_ENABLE);
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
+    int options; // initialize to option constant
+    …
+    int ret = wolfSSL_CTX_EnableOCSP(ctx, options);
+    if(ret != SSL_SUCCESS){
+        // OCSP is not enabled
+    }
     \endcode
 
-    \sa wolfSSL_CTX_OCSP_set_override_url
+    \sa wolfSSL_CertManagerEnableOCSP
+    \sa wolfSSL_EnableOCSP
 */
 int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options);
 
@@ -11176,7 +11477,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
     \return MEMORY_E is the error returned when there is not enough memory.
 
     \param ssl pointer to a SSL object, created with wolfSSL_new().
-    \param mfl indicates witch is the Maximum Fragment Length requested for the
+    \param mfl indicates which is the Maximum Fragment Length requested for the
     session. The available options are: enum { WOLFSSL_MFL_2_9  = 1, 512 bytes
     WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes
     WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192
@@ -13938,9 +14239,11 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
 
     \brief This function reads any early data from a client on resumption.
     Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
-    to accept a client and read any early data in the handshake.
-    If there is no early data than the handshake will be processed as normal.
-    This function is only used with servers.
+    to accept a client and read any early data in the handshake. The function
+    should be invoked until wolfSSL_is_init_finished() returns true. Early data
+    may be sent by the client in multiple messages. If there is no early data
+    then the handshake will be processed as normal. This function is only used
+    with servers.
 
     \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
     \param [out] data a buffer to hold the early data read from client.
@@ -13951,7 +14254,7 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
     not using TLSv1.3.
     \return SIDE_ERROR if called with a client.
     \return WOLFSSL_FATAL_ERROR if accepting a connection fails.
-    \return WOLFSSL_SUCCESS if successful.
+    \return Number of early data bytes read (may be zero).
 
     _Example_
     \code
@@ -13963,19 +14266,16 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
     char buffer[80];
     ...
 
-    ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
-    if (ret != SSL_SUCCESS) {
-        err = wolfSSL_get_error(ssl, ret);
-        printf(“error = %d, %s\n�, err, wolfSSL_ERR_error_string(err, buffer));
-    }
-    if (outSz > 0) {
-        // early data available
-    }
-    ret = wolfSSL_accept_TLSv13(ssl);
-    if (ret != SSL_SUCCESS) {
-        err = wolfSSL_get_error(ssl, ret);
-        printf(“error = %d, %s\n�, err, wolfSSL_ERR_error_string(err, buffer));
-    }
+    do {
+        ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz);
+        if (ret < 0) {
+            err = wolfSSL_get_error(ssl, ret);
+            printf(“error = %d, %s\n�, err, wolfSSL_ERR_error_string(err, buffer));
+        }
+        if (outSz > 0) {
+            // early data available
+        }
+    } while (!wolfSSL_is_init_finished(ssl));
     \endcode
 
     \sa wolfSSL_write_early_data
@@ -13985,6 +14285,39 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
 int  wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
     int* outSz);
 
+/*!
+    \ingroup IO
+
+    \brief This function is called to inject data into the WOLFSSL object. This
+    is useful when data needs to be read from a single place and demultiplexed
+    into multiple connections. The caller should then call wolfSSL_read() to
+    extract the plaintext data from the WOLFSSL object.
+
+    \param [in] ssl a pointer to a WOLFSSL structure, created using
+                    wolfSSL_new().
+    \param [in] data data to inject into the ssl object.
+    \param [in] sz number of bytes of data to inject.
+
+    \return BAD_FUNC_ARG if any pointer parameter is NULL or sz <= 0
+    \return APP_DATA_READY if there is application data left to read
+    \return MEMORY_E if allocation fails
+    \return WOLFSSL_SUCCESS on success
+
+    _Example_
+    \code
+    byte buf[2000]
+    sz = recv(fd, buf, sizeof(buf), 0);
+    if (sz <= 0)
+        // error
+    if (wolfSSL_inject(ssl, buf, sz) != WOLFSSL_SUCCESS)
+        // error
+    sz = wolfSSL_read(ssl, buf, sizeof(buf);
+    \endcode
+
+    \sa wolfSSL_read
+*/
+int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz);
+
 /*!
     \ingroup Setup
 
@@ -14802,6 +15135,7 @@ connection into the buffer pointed by the parameter buffer. See RFC 9146 and RFC
  \param buffer A buffer where the ConnectionID will be copied
  \param bufferSz available space in buffer
 
+ \sa wolfSSL_dtls_cid_get0_rx
  \sa wolfSSL_dtls_cid_use
  \sa wolfSSL_dtls_cid_is_enabled
  \sa wolfSSL_dtls_cid_set
@@ -14814,6 +15148,26 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
 
 /*!
 
+\brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
+9147.
+
+ \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
+
+ \param ssl A WOLFSSL object pointern
+ \param cid Pointer that will be set to the internal memory that holds the CID
+
+ \sa wolfSSL_dtls_cid_get_rx
+ \sa wolfSSL_dtls_cid_use
+ \sa wolfSSL_dtls_cid_is_enabled
+ \sa wolfSSL_dtls_cid_set
+ \sa wolfSSL_dtls_cid_get_rx_size
+ \sa wolfSSL_dtls_cid_get_tx_size
+ \sa wolfSSL_dtls_cid_get_tx
+*/
+int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid);
+
+/*!
+
 \brief Get the size of the ConnectionID used to send records in this
 connection. See RFC 9146 and RFC 9147. The size is stored in the parameter size.
 
@@ -14845,6 +15199,7 @@ available size need to be provided in bufferSz.
  \param buffer A buffer where the ConnectionID will be copied
  \param bufferSz available space in buffer
 
+ \sa wolfSSL_dtls_cid_get0_tx
  \sa wolfSSL_dtls_cid_use
  \sa wolfSSL_dtls_cid_is_enabled
  \sa wolfSSL_dtls_cid_set
@@ -14855,6 +15210,50 @@ available size need to be provided in bufferSz.
 int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
 
+/*!
+
+\brief Get the ConnectionID used when sending records in this connection. See
+RFC 9146 and RFC 9147.
+
+ \return WOLFSSL_SUCCESS if ConnectionID was correctly retrieved, error code
+ otherwise
+
+ \param ssl A WOLFSSL object pointern
+ \param cid Pointer that will be set to the internal memory that holds the CID
+
+ \sa wolfSSL_dtls_cid_get_tx
+ \sa wolfSSL_dtls_cid_use
+ \sa wolfSSL_dtls_cid_is_enabled
+ \sa wolfSSL_dtls_cid_set
+ \sa wolfSSL_dtls_cid_get_rx_size
+ \sa wolfSSL_dtls_cid_get_rx
+ \sa wolfSSL_dtls_cid_get_tx_size
+*/
+int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
+
+/*!
+
+\brief Extract the ConnectionID from a record datagram/message. See
+RFC 9146 and RFC 9147.
+
+ \param msg buffer holding the datagram read from the network
+ \param msgSz size of msg in bytes
+ \param cid pointer to the start of the CID inside the msg buffer
+ \param cidSz the expected size of the CID. The record layer does not have a CID
+ size field so we have to know beforehand the size of the CID. It is recommended
+ to use a constant CID for all connections.
+
+ \sa wolfSSL_dtls_cid_get_tx
+ \sa wolfSSL_dtls_cid_use
+ \sa wolfSSL_dtls_cid_is_enabled
+ \sa wolfSSL_dtls_cid_set
+ \sa wolfSSL_dtls_cid_get_rx_size
+ \sa wolfSSL_dtls_cid_get_rx
+ \sa wolfSSL_dtls_cid_get_tx_size
+*/
+const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz);
+
 /*!
     \ingroup TLS
 
@@ -14940,7 +15339,7 @@ WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
     \param [out] sigAlgo The enum Key_Sum of the authentication algorithm
 
     \return 0            when info was correctly set
-    \return BAD_FUNC_ARG when either input paramters are NULL or the bytes
+    \return BAD_FUNC_ARG when either input parameters are NULL or the bytes
                          are not a recognized sigalg suite
 
     _Example_
diff --git a/doc/dox_comments/header_files/types.h b/doc/dox_comments/header_files/types.h
index 65faa10a5..6f1ecee26 100644
--- a/doc/dox_comments/header_files/types.h
+++ b/doc/dox_comments/header_files/types.h
@@ -23,14 +23,14 @@
     #define XMALLOC(s, h, t) 	((void)h, (void)t, wolfSSL_Malloc((s)))
     #define XFREE(p, h, t)   	{void* xp = (p); if((xp)) wolfSSL_Free((xp));}
     #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
-    	
+
     \return pointer Return a pointer to allocated memory on success
 	\return NULL on failure
-	
+
 	\param s size of memory to allocate
-	\param h (used by custom XMALLOC function) pointer to the heap to use	
+	\param h (used by custom XMALLOC function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -39,7 +39,7 @@
 	    return MEMORY_E;
     }
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
@@ -75,19 +75,19 @@ void* XMALLOC(size_t n, void* heap, int type);
 
     \return Return a pointer to allocated memory on success
 	\return NULL on failure
-	
+
 	\param p pointer to the address to reallocate
 	\param n size of memory to allocate
-	\param h (used by custom XREALLOC function) pointer to the heap to use	
+	\param h (used by custom XREALLOC function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = (int*)XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     int* twentyInts = (int*)XREALLOC(tenInts, sizeof(int)*20, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
@@ -123,9 +123,9 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
     \return none No returns.
 
     \param p pointer to the address to free
-	\param h (used by custom XFREE function) pointer to the heap to use	
+	\param h (used by custom XFREE function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = XMALLOC(sizeof(int) * 10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -134,7 +134,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
 	    return MEMORY_E;
     }
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
diff --git a/doc/dox_comments/header_files/wolfio.h b/doc/dox_comments/header_files/wolfio.h
index a1404fbe6..673242aaf 100644
--- a/doc/dox_comments/header_files/wolfio.h
+++ b/doc/dox_comments/header_files/wolfio.h
@@ -422,9 +422,9 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
     flags parameter may include one or more of the following:
     #define MSG_OOB 0x1  // process out-of-band data,
     #define MSG_DONTROUTE  0x4  // bypass routing, use direct interface.
-    The flag MSG_OOB is used to send ``out-of-band'' data on sockets that
+    The flag MSG_OOB is used to send 'out-of-band' data on sockets that
     support this notion (e.g.  SOCK_STREAM); the underlying protocol must also
-    support ``out-of-band'' data.  MSG_DONTROUTE is usually used only by
+    support 'out-of-band' data.  MSG_DONTROUTE is usually used only by
     diagnostic or routing programs.�
 
     \return none No returns.
@@ -575,3 +575,46 @@ int wolfSSL_SetIO_ISOTP(WOLFSSL *ssl, isotp_wolfssl_ctx *ctx,
         can_recv_fn recv_fn, can_send_fn send_fn, can_delay_fn delay_fn,
         word32 receive_delay, char *receive_buffer, int receive_buffer_size,
         void *arg);
+
+/*!
+    \ingroup Setup
+
+    \brief This function disables reading from the IO layer.
+
+    \param ssl the wolfSSL context
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
+    WOLFSSL* ssl = wolfSSL_new(ctx);
+    wolfSSL_SSLDisableRead(ssl);
+    \endcode
+
+    \sa wolfSSL_CTX_SetIORecv
+    \sa wolfSSL_SSLSetIORecv
+    \sa wolfSSL_SSLEnableRead
+ */
+void wolfSSL_SSLDisableRead(WOLFSSL *ssl);
+
+/*!
+    \ingroup Setup
+
+    \brief This function enables reading from the IO layer. Reading is enabled
+           by default and should be used to undo wolfSSL_SSLDisableRead();
+
+    \param ssl the wolfSSL context
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
+    WOLFSSL* ssl = wolfSSL_new(ctx);
+    wolfSSL_SSLDisableRead(ssl);
+    ...
+    wolfSSL_SSLEnableRead(ssl);
+    \endcode
+
+    \sa wolfSSL_CTX_SetIORecv
+    \sa wolfSSL_SSLSetIORecv
+    \sa wolfSSL_SSLEnableRead
+ */
+void wolfSSL_SSLEnableRead(WOLFSSL *ssl);
diff --git a/doc/formats/html/html_changes/customdoxygen.css b/doc/formats/html/html_changes/customdoxygen.css
index 2c553fdea..478f7cf54 100644
--- a/doc/formats/html/html_changes/customdoxygen.css
+++ b/doc/formats/html/html_changes/customdoxygen.css
@@ -418,7 +418,7 @@ p.formulaDsp {
 }
 
 img.formulaDsp {
-	
+
 }
 
 img.formulaInl {
diff --git a/doc/formats/html/html_changes/doxygen.css b/doc/formats/html/html_changes/doxygen.css
index c49b43f3e..ee1bde225 100644
--- a/doc/formats/html/html_changes/doxygen.css
+++ b/doc/formats/html/html_changes/doxygen.css
@@ -321,7 +321,7 @@ p.formulaDsp {
 }
 
 img.formulaDsp {
-	
+
 }
 
 img.formulaInl {
diff --git a/doc/generate_documentation.sh b/doc/generate_documentation.sh
index e5defefe3..7a7bbf9df 100755
--- a/doc/generate_documentation.sh
+++ b/doc/generate_documentation.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+# This script depends on g++, cmake, git, and make to be installed
 
 POSIXLY_CORRECT=1
 
@@ -8,30 +9,6 @@ GEN_PDF=false
 GEN_ALL=false
 INSTALL_DOX=false
 
-command -v g++
-if [ $? -ne "0" ]; then
-echo "Please install g++"
-exit 1
-fi
-
-command -v cmake
-if [ $? -ne "0" ]; then
-echo "Please install cmake"
-exit 1
-fi
-
-command -v git
-if [ $? -ne "0" ]; then
-echo "Please install git"
-exit 1
-fi
-
-command -v make
-if [ $? -ne "0" ]; then
-echo "Please install make"
-exit 1
-fi
-
 # Checking arguments and setting appropriate option variables
 
 for var in "$@"
diff --git a/examples/asn1/asn1.c b/examples/asn1/asn1.c
index 28e909578..cb9a199ec 100644
--- a/examples/asn1/asn1.c
+++ b/examples/asn1/asn1.c
@@ -1,6 +1,6 @@
 /* asn1.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -66,13 +66,18 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
     word32 len = 0;
     size_t read_len;
     /* Allocate a minimum amount. */
-    unsigned char* data = (unsigned char*)malloc(DATA_INC_LEN);
+    unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (data != NULL) {
         /* Read more data. */
         while ((read_len = fread(data + len, 1, DATA_INC_LEN, fp)) != 0) {
             unsigned char* p;
 
+            if (ferror(fp)) {
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                return IO_FAILED_E;
+            }
+
             /* Add read data amount to length. */
             len += (word32)read_len;
 
@@ -82,10 +87,10 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             }
 
             /* Make space for more data to be added to buffer. */
-            p = (unsigned char*)realloc(data, len + DATA_INC_LEN);
+            p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (p == NULL) {
                 /* Reallocation failed - free current buffer. */
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 data = NULL;
                 break;
             }
@@ -127,12 +132,13 @@ static int PrintDer(FILE* fp)
         /* Print DER/BER. */
         ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
 }
 
+#ifndef NO_CODING
 /* Print ASN.1 of a file containing Base64 encoding of BER/DER data.
  *
  * @param [in] fp  File pointer to read from.
@@ -162,7 +168,7 @@ static int PrintBase64(FILE* fp)
             ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         }
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
@@ -180,8 +186,8 @@ static int FindPem(unsigned char* data, word32 offset, word32 len,
     word32* start, word32* end)
 {
     int ret = 0;
-    word32 i;
-    word32 j;
+    word32 i = 0;
+    word32 j = 0;
 
     /* Find header. */
     for (i = offset; i < len; i++) {
@@ -274,11 +280,12 @@ static int PrintPem(FILE* fp, int pem_skip)
             ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         }
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
 }
+#endif
 
 /* Usage lines to show. */
 const char* usage[] = {
@@ -288,7 +295,9 @@ const char* usage[] = {
     "Options:",
     "  -?, --help           display this help and exit",
     "  -b, --branch         draw branches before tag name",
+#ifndef NO_CODING
     "  -B, --base64         file contents are Base64 encoded",
+#endif
     "  -d, --dump           show all ASN.1 item data as a hex dump",
     "  -h, --headers        show all ASN.1 item headers as a hex dump",
     "  -i, --indent         indent tag name with depth",
@@ -297,7 +306,9 @@ const char* usage[] = {
     "  -N, --no-dump-text   do not show data as a hex dump text",
     "  -o, --offset OFFSET  start decoding from offset",
     "  -O, --oid            show wolfSSL OID value in text",
+#ifndef NO_CODING
     "  -p, --pem            file contents are PEM",
+#endif
     "  -s, --skip-pem NUM   number of PEM blocks to skip",
 };
 /* Number of usage lines. */
@@ -342,11 +353,13 @@ int main(int argc, char* argv[])
             (strcmp(argv[0], "--branch") == 0)) {
             wc_Asn1PrintOptions_Set(&opts, ASN1_PRINT_OPT_DRAW_BRANCH, 1);
         }
+#ifndef NO_CODING
         /* File is Base64 encoded data. */
         else if ((strcmp(argv[0], "-b64") == 0) ||
                  (strcmp(argv[0], "--base64") == 0)) {
             file_format = FORMAT_BASE64;
         }
+#endif
         /* Dump all ASN.1 item data. */
         else if ((strcmp(argv[0], "-d") == 0) ||
                  (strcmp(argv[0], "--dump") == 0)) {
@@ -403,11 +416,13 @@ int main(int argc, char* argv[])
                  (strcmp(argv[0], "--oid") == 0)) {
             wc_Asn1PrintOptions_Set(&opts, ASN1_PRINT_OPT_SHOW_OID, 1);
         }
+#ifndef NO_CODING
         /* File contains PEM blocks. */
         else if ((strcmp(argv[0], "-p") == 0) ||
                  (strcmp(argv[0], "--pem") == 0)) {
             file_format = FORMAT_PEM;
         }
+#endif
         /* Skip a number of PEM blocks. */
         else if ((strcmp(argv[0], "-s") == 0) ||
                  (strcmp(argv[0], "--skip-pem") == 0)) {
@@ -436,6 +451,10 @@ int main(int argc, char* argv[])
             return 1;
         }
         else {
+            if (fp != stdin) {
+                fprintf(stderr, "At most one input file can be supplied.\n");
+                return 1;
+            }
             /* Name of file to read. */
             fp = fopen(argv[0], "r");
             if (fp == NULL) {
@@ -458,12 +477,16 @@ int main(int argc, char* argv[])
     if (file_format == FORMAT_DER) {
         ret = PrintDer(fp);
     }
+#ifndef NO_CODING
     else if (file_format == FORMAT_BASE64) {
         ret = PrintBase64(fp);
     }
+#endif
+#ifndef NO_CODING
     else if (file_format == FORMAT_PEM) {
         ret = PrintPem(fp, pem_skip);
     }
+#endif
 
     if (ret != 0) {
         fprintf(stderr, "%s\n", wc_GetErrorString(ret));
diff --git a/examples/async/async_client.c b/examples/async/async_client.c
index a0df6a146..b2c60c1b1 100644
--- a/examples/async/async_client.c
+++ b/examples/async/async_client.c
@@ -1,8 +1,8 @@
 /* async_client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,12 +16,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
 /* TLS client demonstrating asynchronous cryptography features and optionally
  * using the crypto or PK callbacks */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* std */
 #include <stdlib.h>
 #include <stdio.h>
@@ -180,7 +184,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -188,7 +192,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "wolfSSL_connect error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -210,7 +214,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -218,7 +222,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_write(ssl, buff, (int)len);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != (int)len) {
         fprintf(stderr, "wolfSSL_write error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -232,7 +236,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -240,7 +244,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         fprintf(stderr, "wolfSSL_read error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_server.c b/examples/async/async_server.c
index 41eaae86e..186a7de67 100644
--- a/examples/async/async_server.c
+++ b/examples/async/async_server.c
@@ -1,8 +1,8 @@
 /* async_server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,12 +16,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
 /* TLS server demonstrating asynchronous cryptography features and optionally
  * using the crypto or PK callbacks */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* std */
 #include <stdlib.h>
 #include <stdio.h>
@@ -244,7 +248,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -252,7 +256,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_accept(ssl);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "wolfSSL_accept error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -269,7 +273,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -277,7 +281,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0) {
             fprintf(stderr, "wolfSSL_read error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
@@ -304,7 +308,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -312,7 +316,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_write(ssl, buff, (int)len);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != (int)len) {
             fprintf(stderr, "wolfSSL_write error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_tls.c b/examples/async/async_tls.c
index 1d4f68d53..3ab14c4bc 100644
--- a/examples/async/async_tls.c
+++ b/examples/async/async_tls.c
@@ -1,8 +1,8 @@
 /* async-tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,9 +16,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef WOLFSSL_USER_SETTINGS
 #include <wolfssl/options.h>
 #endif
@@ -41,7 +45,7 @@
 /* This is where you would plug-in calls to your own hardware crypto */
 int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* bypass HW by default */
     AsyncTlsCryptoCbCtx* myCtx = (AsyncTlsCryptoCbCtx*)ctx;
 
     if (info == NULL)
diff --git a/examples/async/async_tls.h b/examples/async/async_tls.h
index d5403e24f..5944f93dc 100644
--- a/examples/async/async_tls.h
+++ b/examples/async/async_tls.h
@@ -1,6 +1,6 @@
 /* async-tls.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/async/include.am b/examples/async/include.am
index b8a611750..5f189451c 100644
--- a/examples/async/include.am
+++ b/examples/async/include.am
@@ -2,20 +2,25 @@
 # All paths should be given relative to the root
 
 if BUILD_ASYNCCRYPT
+
 noinst_HEADERS += examples/async/async_tls.h
 
+if BUILD_EXAMPLE_CLIENTS
 noinst_PROGRAMS += examples/async/async_client
 examples_async_async_client_SOURCES      = examples/async/async_client.c examples/async/async_tls.c
 examples_async_async_client_LDADD        = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD)
 examples_async_async_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la
 examples_async_async_client_CFLAGS       = $(AM_CFLAGS)
+endif
 
+if BUILD_EXAMPLE_SERVERS
 noinst_PROGRAMS += examples/async/async_server
 examples_async_async_server_SOURCES      = examples/async/async_server.c examples/async/async_tls.c
 examples_async_async_server_LDADD        = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD)
 examples_async_async_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la
 examples_async_async_server_CFLAGS       = $(AM_CFLAGS)
 endif
+endif
 
 dist_example_DATA+= examples/async/async_server.c
 dist_example_DATA+= examples/async/async_client.c
diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
index 8289d6a7f..e44f164c2 100644
--- a/examples/benchmark/tls_bench.c
+++ b/examples/benchmark/tls_bench.c
@@ -1,6 +1,6 @@
 /* tls_bench.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,7 +32,6 @@ Or
   bench_tls(args);
 */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -40,6 +39,10 @@ Or
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/ssl.h>
@@ -69,7 +72,8 @@ Or
 #endif
 
 /* PTHREAD requires server and client enabled */
-#if defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER))
     #if !defined(SINGLE_THREADED)
         #ifdef __GNUC__  /* GCC compiler */
             #pragma message "PTHREAD requires server and client enabled."
@@ -137,7 +141,7 @@ platform supports it"
 #define SHOW_VERBOSE        0 /* Default output is tab delimited format */
 
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
-    !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && defined(USE_WOLFSSL_IO)
 
 /* shutdown message - nice signal to server, we are done */
 static const char* kShutdown = "shutdown";
@@ -288,12 +292,31 @@ static struct group_info groups[] = {
     { WOLFSSL_FFDHE_6144, "FFDHE_6144" },
     { WOLFSSL_FFDHE_8192, "FFDHE_8192" },
 #ifdef HAVE_PQC
+#ifndef WOLFSSL_NO_ML_KEM
+    { WOLFSSL_ML_KEM_512, "ML_KEM_512" },
+    { WOLFSSL_ML_KEM_768, "ML_KEM_768" },
+    { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
+    { WOLFSSL_P256_ML_KEM_512,   "P256_ML_KEM_512"   },
+    { WOLFSSL_P384_ML_KEM_768,   "P384_ML_KEM_768"   },
+    { WOLFSSL_P256_ML_KEM_768,   "P256_ML_KEM_768"   },
+    { WOLFSSL_P521_ML_KEM_1024,  "P521_ML_KEM_1024"  },
+    { WOLFSSL_P384_ML_KEM_1024,  "P384_ML_KEM_1024"  },
+    { WOLFSSL_X25519_ML_KEM_512, "X25519_ML_KEM_512" },
+    { WOLFSSL_X448_ML_KEM_768,   "X448_ML_KEM_768"   },
+    { WOLFSSL_X25519_ML_KEM_768, "X25519_ML_KEM_768" },
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
     { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
     { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
-    { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
-    { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
-    { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
+    { WOLFSSL_P256_KYBER_LEVEL1,   "P256_KYBER_LEVEL1"   },
+    { WOLFSSL_P384_KYBER_LEVEL3,   "P384_KYBER_LEVEL3"   },
+    { WOLFSSL_P256_KYBER_LEVEL3,   "P256_KYBER_LEVEL3"   },
+    { WOLFSSL_P521_KYBER_LEVEL5,   "P521_KYBER_LEVEL5"   },
+    { WOLFSSL_X25519_KYBER_LEVEL1, "X25519_KYBER_LEVEL1" },
+    { WOLFSSL_X448_KYBER_LEVEL3,   "X448_KYBER_LEVEL3"   },
+    { WOLFSSL_X25519_KYBER_LEVEL3, "X25519_KYBER_LEVEL3" },
+#endif
 #endif
     { 0, NULL }
 };
@@ -383,6 +406,32 @@ char* myoptarg = NULL;
 int DoneHandShake = 0;
 #endif
 
+
+#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 5)
+static int run_all_CAST(void)
+{
+    int ret = 0;
+    int cast_idx = 0;
+
+    for (cast_idx = 0; cast_idx < FIPS_CAST_COUNT; cast_idx++) {
+        if ((ret = wc_RunCast_fips(cast_idx)) != 0) {
+#ifdef NO_ERROR_STRINGS
+            fprintf(stderr,
+                    "ERROR: FIPS CAST failed with return code: %d\n", ret);
+#else
+            fprintf(stderr,
+                    "ERROR: FIPS CAST failed for algorithm: %s\n",
+                    wc_GetErrorString(ret));
+#endif
+            return ret;
+        }
+    }
+
+    return ret;
+}
+#endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */
+
+
 static double gettime_secs(int reset)
 {
     struct timeval tv;
@@ -412,7 +461,7 @@ static int ServerMemSend(info_t* info, char* buf, int sz)
     }
 #endif
 
-    XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz);
+    XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, (size_t)sz);
     info->to_client.write_idx += sz;
     info->to_client.write_bytes += sz;
 
@@ -443,7 +492,7 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
     }
 #endif
 
-    XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], sz);
+    XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], (size_t)sz);
     info->to_server.read_idx += sz;
     info->to_server.read_bytes += sz;
 
@@ -486,7 +535,7 @@ static int ClientMemSend(info_t* info, char* buf, int sz)
     }
 #endif
 
-    XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz);
+    XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, (size_t)sz);
     info->to_server.write_idx += sz;
     info->to_server.write_bytes += sz;
 
@@ -517,7 +566,7 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
     }
 #endif
 
-    XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], sz);
+    XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], (size_t)sz);
     info->to_client.read_idx += sz;
     info->to_client.read_bytes += sz;
 
@@ -544,7 +593,7 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
 
 static int SocketRecv(int sockFd, char* buf, int sz)
 {
-    int recvd = (int)recv(sockFd, buf, sz, 0);
+    int recvd = (int)recv(sockFd, buf, (size_t)sz, 0);
     if (recvd == -1) {
         switch (errno) {
     #if EAGAIN != SOCKET_EWOULDBLOCK
@@ -572,7 +621,7 @@ static int SocketRecv(int sockFd, char* buf, int sz)
 
 static int SocketSend(int sockFd, char* buf, int sz)
 {
-    int sent = (int)send(sockFd, buf, sz, 0);
+    int sent = (int)send(sockFd, buf, (size_t)sz, 0);
     if (sent == -1) {
         switch (errno) {
     #if EAGAIN != SOCKET_EWOULDBLOCK
@@ -618,7 +667,7 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
         }
     }
 
-    recvd = (int)recvfrom(sd, buf, sz, 0, (SOCKADDR*)&peer, &peerSz);
+    recvd = (int)recvfrom(sd, buf, (size_t)sz, 0, (SOCKADDR*)&peer, &peerSz);
 
     if (recvd < 0) {
         if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
@@ -658,7 +707,7 @@ static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer,
 {
     int sent;
 
-    sent = (int)sendto(sd, buf, sz, 0, peer, peerSz);
+    sent = (int)sendto(sd, buf, (size_t)sz, 0, peer, peerSz);
 
     if (sent < 0) {
         if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
@@ -813,13 +862,13 @@ static int SetupSocketAndConnect(info_t* info, const char* host,
     /* Setup server address */
     XMEMSET(&servAddr, 0, sizeof(servAddr));
     servAddr.sin_family = AF_INET;
-    servAddr.sin_port = htons(port);
+    servAddr.sin_port = htons((uint16_t)port);
 
     /* Resolve host */
     entry = gethostbyname(host);
     if (entry) {
         XMEMCPY(&servAddr.sin_addr.s_addr, entry->h_addr_list[0],
-            entry->h_length);
+            (size_t)entry->h_length);
     }
     else {
         servAddr.sin_addr.s_addr = inet_addr(host);
@@ -981,7 +1030,7 @@ static int bench_tls_client(info_t* info)
 
 
     /* Allocate and initialize a packet sized buffer */
-    writeBuf = (unsigned char*)XMALLOC(info->packetSize, NULL,
+    writeBuf = (unsigned char*)XMALLOC((size_t)info->packetSize, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (writeBuf == NULL) {
         fprintf(stderr, "failed to allocate write memory\n");
@@ -990,7 +1039,7 @@ static int bench_tls_client(info_t* info)
 
     /* Allocate read buffer */
     readBufSz = info->packetSize;
-    readBuf = (unsigned char*)XMALLOC(readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    readBuf = (unsigned char*)XMALLOC((size_t)readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (readBuf == NULL) {
         fprintf(stderr, "failed to allocate read memory\n");
         ret = MEMORY_E; goto exit;
@@ -1089,7 +1138,7 @@ static int bench_tls_client(info_t* info)
             info->client.shutdown = 1;
 
             writeSz = (int)XSTRLEN(kShutdown) + 1;
-            XMEMCPY(writeBuf, kShutdown, writeSz); /* include null term */
+            XMEMCPY(writeBuf, kShutdown, (size_t)writeSz); /* include null term */
             if (info->showVerbose) {
                 fprintf(stderr, "Sending shutdown\n");
             }
@@ -1102,8 +1151,8 @@ static int bench_tls_client(info_t* info)
             }
         }
         else {
-            XMEMSET(writeBuf, 0, info->packetSize);
-            XSTRNCPY((char*)writeBuf, kTestStr, info->packetSize);
+            XMEMSET(writeBuf, 0, (size_t)info->packetSize);
+            XSTRNCPY((char*)writeBuf, kTestStr, (size_t)info->packetSize);
         }
 
         /* write / read echo loop */
@@ -1131,7 +1180,7 @@ static int bench_tls_client(info_t* info)
             total_sz += ret;
 
             /* read echo of message from server */
-            XMEMSET(readBuf, 0, readBufSz);
+            XMEMSET(readBuf, 0, (size_t)readBufSz);
             start = gettime_secs(1);
         #ifndef BENCH_USE_NONBLOCK
             ret = wolfSSL_read(cli_ssl, readBuf, readBufSz);
@@ -1152,7 +1201,7 @@ static int bench_tls_client(info_t* info)
             ret = 0; /* reset return code */
 
             /* validate echo */
-            if (XMEMCMP((char*)writeBuf, (char*)readBuf, writeSz) != 0) {
+            if (XMEMCMP((char*)writeBuf, (char*)readBuf, (size_t)writeSz) != 0) {
                 fprintf(stderr, "echo check failed!\n");
                 ret = wolfSSL_get_error(cli_ssl, ret);
                 goto exit;
@@ -1169,7 +1218,7 @@ exit:
 
     if (ret != 0 && ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "Client Error: %d (%s)\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((unsigned long)ret));
     }
 
     /* clean up */
@@ -1190,7 +1239,7 @@ exit:
 }
 
 #if !defined(SINGLE_THREADED) && defined(WOLFSSL_THREAD_NO_JOIN)
-static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN client_thread(void* args)
+static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN client_thread(void* args)
 {
     int ret;
     info_t* info = (info_t*)args;
@@ -1203,7 +1252,7 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN client_thread(void* args)
     THREAD_CHECK_RET(wolfSSL_CondSignal(&info->to_server.cond));
     THREAD_CHECK_RET(wolfSSL_CondEnd(&info->to_server.cond));
 
-    WOLFSSL_RETURN_FROM_THREAD(0);
+    RETURN_FROM_THREAD_NOJOIN(0);
 }
 #endif /* !SINGLE_THREADED */
 #endif /* !NO_WOLFSSL_CLIENT */
@@ -1224,7 +1273,7 @@ static int SetupSocketAndListen(int* listenFd, word32 port, int doDTLS)
     /* Setup server address */
     XMEMSET(&servAddr, 0, sizeof(servAddr));
     servAddr.sin_family = AF_INET;
-    servAddr.sin_port = htons(port);
+    servAddr.sin_port = htons((uint16_t)port);
     servAddr.sin_addr.s_addr = INADDR_ANY;
 
 #ifdef WOLFSSL_DTLS
@@ -1440,7 +1489,7 @@ static int bench_tls_server(info_t* info)
 
     /* Allocate read buffer */
     readBufSz = info->packetSize;
-    readBuf = (unsigned char*)XMALLOC(readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    readBuf = (unsigned char*)XMALLOC((size_t)readBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (readBuf == NULL) {
         fprintf(stderr, "failed to allocate read memory\n");
         ret = MEMORY_E; goto exit;
@@ -1538,7 +1587,7 @@ static int bench_tls_server(info_t* info)
             double rxTime;
 
             /* read message from client */
-            XMEMSET(readBuf, 0, readBufSz);
+            XMEMSET(readBuf, 0, (size_t)readBufSz);
             start = gettime_secs(1);
         #ifndef BENCH_USE_NONBLOCK
             ret = wolfSSL_read(srv_ssl, readBuf, readBufSz);
@@ -1615,7 +1664,7 @@ exit:
 
     if (ret != 0 && ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "Server Error: %d (%s)\n", ret,
-                wolfSSL_ERR_reason_error_string(ret));
+                wolfSSL_ERR_reason_error_string((unsigned long)ret));
     }
 
     /* clean up */
@@ -1635,7 +1684,7 @@ exit:
 }
 
 #if !defined(SINGLE_THREADED) && defined(WOLFSSL_THREAD_NO_JOIN)
-static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN server_thread(void* args)
+static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN server_thread(void* args)
 {
     int ret = 0;
     info_t* info = (info_t*)args;
@@ -1663,7 +1712,7 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN server_thread(void* args)
     THREAD_CHECK_RET(wolfSSL_CondSignal(&info->to_client.cond));
     THREAD_CHECK_RET(wolfSSL_CondEnd(&info->to_client.cond));
 
-    WOLFSSL_RETURN_FROM_THREAD(0);
+    RETURN_FROM_THREAD_NOJOIN(0);
 }
 #endif /* !SINGLE_THREADED */
 #endif /* !NO_WOLFSSL_SERVER */
@@ -1790,7 +1839,9 @@ static int SetupSupportedGroups(int verbose)
                     printf("Will benchmark the following group: %s\n",
                        groups[i].name);
                 }
-            } else if (uks_ret == BAD_FUNC_ARG || uks_ret == NOT_COMPILED_IN) {
+            } else if (uks_ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) ||
+                       uks_ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
+            {
                 groups[i].group = 0;
                 if (verbose) {
                     printf("Will NOT benchmark the following group: %s\n",
@@ -1834,7 +1885,7 @@ int bench_tls(void* args)
     int argClientOnly = 0;
     int argServerOnly = 0;
     const char* argHost = BENCH_DEFAULT_HOST;
-    int argPort = BENCH_DEFAULT_PORT;
+    word32 argPort = BENCH_DEFAULT_PORT;
     int argShowPeerInfo = 0;
 #ifndef SINGLE_THREADED
     int doShutdown;
@@ -1863,6 +1914,23 @@ int bench_tls(void* args)
     /* Initialize wolfSSL */
     wolfSSL_Init();
 
+#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 5)
+    /*
+     * When running benchmarks on FIPS builds, we need to run ALL CASTs up
+     * front before spawning client/server threads, otherwise there is the
+     * possibility that both threads try to run a CAST at the same time during
+     * the handshake. In this scenario, the thread that doesn't win the race
+     * will not be able to run the CAST, since it returns "busy", which is treated
+     * as a failure. Running the CASTs up front is a simpler solution than
+     * implementing an additional layer of synchronization.
+     */
+    if ((ret = run_all_CAST()) != 0)
+    {
+        fprintf(stderr, "CAST failed. Exiting benchmark\n");
+        goto exit;
+    }
+#endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */
+
     /* Parse command line arguments */
     while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:g")) != -1) {
         switch (ch) {
@@ -1883,7 +1951,7 @@ int bench_tls(void* args)
                 break;
 
             case 'P':
-                argPort = atoi(myoptarg);
+                argPort = (word32)atoi(myoptarg);
                 break;
 
             case 'd' :
@@ -2003,12 +2071,12 @@ int bench_tls(void* args)
 #endif
 
     /* Allocate test info array */
-    theadInfo = (info_t*)XMALLOC(sizeof(info_t) * argThreadPairs, NULL,
+    theadInfo = (info_t*)XMALLOC(sizeof(info_t) * (size_t)argThreadPairs, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (theadInfo == NULL) {
         ret = MEMORY_E; goto exit;
     }
-    XMEMSET(theadInfo, 0, sizeof(info_t) * argThreadPairs);
+    XMEMSET(theadInfo, 0, sizeof(info_t) * (size_t)argThreadPairs);
 
 #ifndef NO_WOLFSSL_SERVER
     /* Use same listen socket to avoid timing issues between client and server */
@@ -2073,7 +2141,7 @@ int bench_tls(void* args)
                 XMEMSET(info, 0, sizeof(info_t));
 
                 info->host = argHost;
-                info->port = argPort + i; /* threads must have separate ports */
+                info->port = argPort + (word32)i; /* threads must have separate ports */
                 info->cipher = cipher;
 
             #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
@@ -2279,7 +2347,7 @@ int main(int argc, char** argv)
     args.return_code = 0;
 
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
-    !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && defined(USE_WOLFSSL_IO)
     bench_tls(&args);
 #endif
 
diff --git a/examples/benchmark/tls_bench.h b/examples/benchmark/tls_bench.h
index 6ed021b63..06822ffb2 100644
--- a/examples/benchmark/tls_bench.h
+++ b/examples/benchmark/tls_bench.h
@@ -1,6 +1,6 @@
 /* tls_bench.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/client/client.c b/examples/client/client.c
index 0141be1fb..dca255c19 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1,6 +1,6 @@
 /* client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,6 +32,9 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h>
 
 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
@@ -53,7 +56,8 @@ static const char *wolfsentry_config_path = NULL;
 #include <examples/client/client.h>
 #include <wolfssl/error-ssl.h>
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
+
 
 #ifdef NO_FILESYSTEM
 #ifdef NO_RSA
@@ -183,10 +187,10 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
     while (ret != WOLFSSL_SUCCESS &&
         (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         #ifdef WOLFSSL_NONBLOCK_OCSP
-            || error == OCSP_WANT_READ
+            || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
         #endif
     )) {
         int currTimeout = 1;
@@ -197,7 +201,7 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
             printf("... client would write block\n");
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-        if (error == WC_PENDING_E) {
+        if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) break;
         }
@@ -221,10 +225,10 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
         if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
             || (select_ret == TEST_ERROR_READY)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         #ifdef WOLFSSL_NONBLOCK_OCSP
-            || error == OCSP_WANT_READ
+            || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
         #endif
         ) {
         #ifndef WOLFSSL_CALLBACKS
@@ -324,12 +328,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X25519;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x25519");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (useX448) {
@@ -339,12 +343,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X448;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x448");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else {
@@ -355,12 +359,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SECP256R1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve secp256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
         #ifdef WOLFSSL_SM2
             do {
@@ -368,12 +372,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SM2P256V1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve sm2p256v1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
     #endif
         }
@@ -385,12 +389,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             if (ret == WOLFSSL_SUCCESS)
                 groups[count++] = WOLFSSL_FFDHE_2048;
         #ifdef WOLFSSL_ASYNC_CRYPT
-            else if (ret == WC_PENDING_E)
+            else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         #endif
             else
                 err_sys("unable to use DH 2048-bit parameters");
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
     #ifdef HAVE_PQC
@@ -398,24 +402,128 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
         if (usePqc) {
             int group = 0;
 
+    #ifndef WOLFSSL_NO_ML_KEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
+                group = WOLFSSL_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
+                group = WOLFSSL_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
+                group = WOLFSSL_ML_KEM_1024;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
+                group = WOLFSSL_P256_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
+                group = WOLFSSL_P384_ML_KEM_768;
+            }
+            else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) {
+                group = WOLFSSL_P256_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
+                group = WOLFSSL_P521_ML_KEM_1024;
+            }
+            else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) {
+                group = WOLFSSL_P384_ML_KEM_1024;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) {
+                group = WOLFSSL_X25519_ML_KEM_512;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) {
+                group = WOLFSSL_X25519_ML_KEM_768;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) {
+                group = WOLFSSL_X448_ML_KEM_768;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_NO_ML_KEM */
+    #ifdef WOLFSSL_KYBER_ORIGINAL
+        #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
                 group = WOLFSSL_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_P256_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
                 group = WOLFSSL_P384_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
+            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) {
+                group = WOLFSSL_P256_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_P521_KYBER_LEVEL5;
-            } else {
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) {
+                group = WOLFSSL_X25519_KYBER_LEVEL1;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) {
+                group = WOLFSSL_X25519_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) {
+                group = WOLFSSL_X448_KYBER_LEVEL3;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_KYBER_ORIGINAL */
+            {
                 err_sys("invalid post-quantum KEM specified");
             }
 
@@ -452,16 +560,16 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != msgSz) {
         LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
-                                         wolfSSL_ERR_error_string(err, buffer));
+                                         wolfSSL_ERR_error_string((unsigned long)err, buffer));
         wolfSSL_free(ssl); ssl = NULL;
         wolfSSL_CTX_free(ctx); ctx = NULL;
         err_sys("SSL_write_early_data failed");
@@ -564,14 +672,14 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
                 if (ret != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         /* returns the number of polled items or <0 for error */
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         #ifdef WOLFSSL_EARLY_DATA
             EarlyDataStatus(ssl);
         #endif
@@ -668,13 +776,13 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
         if (ret != WOLFSSL_SUCCESS) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret == WOLFSSL_SUCCESS) {
         /* Perform throughput test */
         char *tx_buffer, *rx_buffer;
@@ -683,8 +791,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
         conn_time = current_time(0) - start;
 
         /* Allocate TX/RX buffers */
-        tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        rx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (tx_buffer && rx_buffer) {
             WC_RNG rng;
 
@@ -698,7 +806,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                 size_t xfer_bytes;
 
                 /* Generate random data to send */
-                ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block);
+                ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, (word32)block);
                 wc_FreeRng(&rng);
                 if(ret != 0) {
                     err_sys("wc_RNG_GenerateBlock failed");
@@ -710,7 +818,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                     int len, rx_pos, select_ret;
 
                     /* Determine packet size */
-                    len = min(block, (int)(throughput - xfer_bytes));
+                    len = (int)min((word32)block, (word32)(throughput - xfer_bytes));
 
                     /* Perform TX */
                     start = current_time(1);
@@ -720,13 +828,13 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                         if (ret <= 0) {
                             err = wolfSSL_get_error(ssl, 0);
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
                         #endif
                         }
-                    } while (err == WC_PENDING_E);
+                    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
                     if (ret != len) {
                         LOG_ERROR("SSL_write bench error %d!\n", err);
                         if (!exitWithRet)
@@ -746,7 +854,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                             if (ret <= 0) {
                                 err = wolfSSL_get_error(ssl, 0);
                             #ifdef WOLFSSL_ASYNC_CRYPT
-                                if (err == WC_PENDING_E) {
+                                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                     if (ret < 0) break;
                                 }
@@ -766,16 +874,16 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                     }
 
                     /* Compare TX and RX buffers */
-                    if (XMEMCMP(tx_buffer, rx_buffer, len) != 0) {
-                        free(tx_buffer);
+                    if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) {
+                        XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         tx_buffer = NULL;
-                        free(rx_buffer);
+                        XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         rx_buffer = NULL;
                         err_sys("Compare TX and RX buffers failed");
                     }
 
                     /* Update overall position */
-                    xfer_bytes += len;
+                    xfer_bytes += (size_t)len;
                 }
             }
             else {
@@ -801,7 +909,7 @@ doExit:
     if (exitWithRet)
         return err;
 
-#ifdef __MINGW32__
+#if defined(__MINGW32__) || defined(_WIN32)
 #define SIZE_FMT "%d"
 #define SIZE_TYPE int
 #else
@@ -815,8 +923,8 @@ doExit:
         "\tRX      %8.3f ms (%8.3f MBps)\n",
         (SIZE_TYPE)throughput,
         conn_time * 1000,
-        tx_time * 1000, throughput / tx_time / 1024 / 1024,
-        rx_time * 1000, throughput / rx_time / 1024 / 1024
+        (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024,
+        (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024
     );
 
     return EXIT_SUCCESS;
@@ -852,7 +960,7 @@ static int StartTLS_Init(SOCKET_T* sockfd)
     }
 
     /* C: EHLO mail.example.com */
-    if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) !=
+    if (send(*sockfd, starttlsCmd[1], (SIZE_TYPE)XSTRLEN(starttlsCmd[1]), 0) !=
               (int)XSTRLEN(starttlsCmd[1]))
         err_sys("failed to send STARTTLS EHLO command\n");
 
@@ -869,7 +977,7 @@ static int StartTLS_Init(SOCKET_T* sockfd)
     }
 
     /* C: STARTTLS */
-    if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) !=
+    if (send(*sockfd, starttlsCmd[3], (SIZE_TYPE)XSTRLEN(starttlsCmd[3]), 0) !=
               (int)XSTRLEN(starttlsCmd[3])) {
         err_sys("failed to send STARTTLS command\n");
     }
@@ -909,13 +1017,13 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
         if (ret < 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != (int)XSTRLEN(starttlsCmd[5])) {
         err_sys("failed to send SMTP QUIT command\n");
     }
@@ -926,13 +1034,13 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
         if (ret < 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         err_sys("failed to read SMTP closing down response\n");
     }
@@ -965,7 +1073,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
@@ -974,13 +1082,13 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
     } while (err == WOLFSSL_ERROR_WANT_WRITE ||
              err == WOLFSSL_ERROR_WANT_READ
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || err == WC_PENDING_E
+        || err == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     );
     if (ret != msgSz) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
         LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err,
-                                        wolfSSL_ERR_error_string(err, buffer));
+                                        wolfSSL_ERR_error_string((unsigned long)err, buffer));
         if (!exitWithRet) {
             err_sys("SSL_write failed");
         }
@@ -1002,16 +1110,18 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
             else
         #endif
             if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) {
+                    err != WOLFSSL_ERROR_WANT_WRITE &&
+                    err != WC_NO_ERR_TRACE(APP_DATA_READY))
+            {
                 LOG_ERROR("SSL_read reply error %d, %s\n", err,
-                                         wolfSSL_ERR_error_string(err, buffer));
+                                         wolfSSL_ERR_error_string((unsigned long)err, buffer));
                 if (!exitWithRet) {
                     err_sys("SSL_read failed");
                 }
@@ -1034,9 +1144,9 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
     } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
         || err == WOLFSSL_ERROR_WANT_WRITE
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || err == WC_PENDING_E
+        || err == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
-        || err == APP_DATA_READY
+        || err == WC_NO_ERR_TRACE(APP_DATA_READY)
     );
     if (ret > 0) {
         reply[ret] = 0; /* null terminate */
@@ -1090,7 +1200,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
     if (ret != 0) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
         LOG_ERROR("SSL_write%s msg error %d, %s\n", str, ret,
-                                        wolfSSL_ERR_error_string(ret, buffer));
+                                        wolfSSL_ERR_error_string((unsigned long)ret, buffer));
     }
 
     return ret;
@@ -1103,7 +1213,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
 /*  4. add the same message into Japanese section         */
 /*     (will be translated later)                         */
 /*  5. add printf() into suitable position of Usage()     */
-static const char* client_usage_msg[][75] = {
+static const char* client_usage_msg[][78] = {
     /* English */
     {
         " NOTE: All files relative to wolfSSL home dir\n",          /* 0 */
@@ -1162,6 +1272,7 @@ static const char* client_usage_msg[][75] = {
         "-D          Override Date Errors example\n",                   /* 18 */
         "-e          List Every cipher suite available, \n",            /* 19 */
         "-g          Send server HTTP GET\n",                           /* 20 */
+#ifdef WOLFSSL_DTLS
 #ifndef WOLFSSL_DTLS13
         "-u          Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
             " (default)\n",                                             /* 21 */
@@ -1169,6 +1280,7 @@ static const char* client_usage_msg[][75] = {
         "-u          Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2"
             " (default), -v 4 for DTLSv1.3\n",                          /* 21 */
 #endif /* !WOLFSSL_DTLS13 */
+#endif
 #ifdef WOLFSSL_SCTP
         "-G          Use SCTP DTLS,"
                 " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n",  /* 22 */
@@ -1219,28 +1331,32 @@ static const char* client_usage_msg[][75] = {
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
         "-W <num>    Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n",     /* 41 */
         "            With 'm' at end indicates MUST staple\n",          /* 42 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
+        "            -W 1 -v 4, Perform multi OCSP stapling for TLS13\n",
+                                                                        /* 43 */
+#endif
 #endif
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
-        "-U          Atomic User Record Layer Callbacks\n",             /* 43 */
+        "-U          Atomic User Record Layer Callbacks\n",             /* 44 */
 #endif
 #ifdef HAVE_PK_CALLBACKS
-        "-P          Public Key Callbacks\n",                           /* 44 */
+        "-P          Public Key Callbacks\n",                           /* 45 */
 #endif
 #ifdef HAVE_ANON
-        "-a          Anonymous client\n",                               /* 45 */
+        "-a          Anonymous client\n",                               /* 46 */
 #endif
 #ifdef HAVE_CRL
-        "-C          Disable CRL\n",                                    /* 46 */
+        "-C          Disable CRL\n",                                    /* 47 */
 #endif
 #ifdef WOLFSSL_TRUST_PEER_CERT
-        "-E <file>   Path to load trusted peer cert\n",                 /* 47 */
+        "-E <file>   Path to load trusted peer cert\n",                 /* 48 */
 #endif
 #ifdef HAVE_WNR
-        "-q <file>   Whitewood config file,      defaults\n",           /* 48 */
+        "-q <file>   Whitewood config file,      defaults\n",           /* 49 */
 #endif
         "-H <arg>    Internal tests"
-            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
-        "                            loadSSL, disallowETM]\n",          /* 50 */
+            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
+            "                            loadSSL, disallowETM]\n",      /* 50 */
 #ifdef WOLFSSL_TLS13
         "-J          Use HelloRetryRequest to choose group for KE\n",   /* 51 */
         "-K          Key Exchange for PSK not using (EC)DHE\n",         /* 52 */
@@ -1276,51 +1392,75 @@ static const char* client_usage_msg[][75] = {
 #ifdef HAVE_TRUSTED_CA
         "-5          Use Trusted CA Key Indication\n",                  /* 63 */
 #endif
-        "-6          Simulate WANT_WRITE errors on every other IO send\n",
+        "-6          Simulate WANT_WRITE errors on every other IO send\n", /* 64 */
 #ifdef HAVE_CURVE448
-        "-8          Use X448 for key exchange\n",                      /* 66 */
+        "-8          Use X448 for key exchange\n",                      /* 65 */
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
     !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
         "-9          Use hash dir look up for certificate loading\n"
-        "            loading from <wolfSSL home>/certs folder\n"
-        "            files in the folder would have the form \"hash.N\" file name\n"
-        "            e.g symbolic link to the file at certs folder\n"
-        "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
-                                                                        /* 67 */
+            "            loading from <wolfSSL home>/certs folder\n"
+            "            files in the folder would have the form \"hash.N\" file name\n"
+            "            e.g symbolic link to the file at certs folder\n"
+            "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+                                                                        /* 66 */
 #endif
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
     !defined(WOLFSENTRY_NO_JSON)
         "--wolfsentry-config <file>    Path for JSON wolfSentry config\n",
-                                                                        /* 68 */
+                                                                        /* 67 */
 #endif
 #ifndef WOLFSSL_TLS13
         "-7          Set minimum downgrade protocol version [0-3] "
         " SSLv3(0) - TLS1.2(3)\n",
 #else
         "-7          Set minimum downgrade protocol version [0-4] "
-           " SSLv3(0) - TLS1.3(4)\n",                                   /* 69 */
+           " SSLv3(0) - TLS1.3(4)\n",                                   /* 68 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n",  /* 70 */
+        "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n"
+            "            P384_ML_KEM_1024, X25519_ML_KEM_512, "
+            "X25519_ML_KEM_768,\n"
+            "            X448_ML_KEM_768\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, "
+            "P521_KYBER_LEVEL5,\n"
+            "            X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, "
+            "X448_KYBER_LEVEL3\n"
+#endif
+            "",
+                                                                        /* 69 */
 #endif
 #ifdef WOLFSSL_SRTP
-        "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 71 */
+        "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 70 */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
-        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
+        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
-        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 73 */
+        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 72 */
 #endif
 #ifndef NO_PSK
-        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
+        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
+#endif
+#ifdef HAVE_RPK
+        "--rpk  Use RPK for the defined certificates\n", /* 74 */
+#endif
+        "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 76 */
 #endif
         "\n"
            "For simpler wolfSSL TLS client examples, visit\n"
-           "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 75 */
+           "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
         NULL,
     },
 #ifndef NO_MULTIBYTE_PRINT
@@ -1383,6 +1523,7 @@ static const char* client_usage_msg[][75] = {
         "-D          日付エラー用コール�ック例�上書�を行�\n",       /* 18 */
         "-e          利用�能�全��暗�スイートをリスト, \n",         /* 19 */
         "-g          サー�ー� HTTP GET を�信\n",                     /* 20 */
+#ifdef WOLFSSL_DTLS
         "-u          UDP DTLSを使用�る。\n"
 #ifndef WOLFSSL_DTLS13
         "           -v 2 を追加指定�る�DTLSv1, "
@@ -1392,6 +1533,7 @@ static const char* client_usage_msg[][75] = {
                     "-v 3 を追加指定�る� DTLSv1.2 (既定値),\n"
         "           -v 4 を追加指定�る� DTLSv1.3\n",                    /* 21 */
 #endif /* !WOLFSSL_DTLS13 */
+#endif /* WOLFSSL_DTLS */
 #ifdef WOLFSSL_SCTP
         "-G          SCTP DTLSを使用�る。-v 2 を追加指定�る�"
                 " DTLSv1, -v 3 を追加指定�る� DTLSv1.2 (既定値)\n",   /* 22 */
@@ -1440,30 +1582,34 @@ static const char* client_usage_msg[][75] = {
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
         "-W <num>    OCSP Staplingを使用�る"
                                          " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
-        "            'm' を最後�指定�る�必� staple を使用�る\n"    /* 42 */
+        "            'm' を最後�指定�る�必� staple を使用�る\n"       /* 42 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
+        "            -W 1 -v 4, "
+        "TLS13 使用時�複数(Multi)� OCSP を実施���\n"                   /* 43 */
+#endif
 #endif
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
         "-U          アトミック・ユーザー記録�"
-                                           "コール�ックを利用�る\n",  /* 43 */
+                                           "コール�ックを利用�る\n",  /* 44 */
 #endif
 #ifdef HAVE_PK_CALLBACKS
-        "-P          公開�コール�ック\n",                             /* 44 */
+        "-P          公開�コール�ック\n",                             /* 45 */
 #endif
 #ifdef HAVE_ANON
-        "-a          匿�クライアント\n",                               /* 45 */
+        "-a          匿�クライアント\n",                               /* 46 */
 #endif
 #ifdef HAVE_CRL
-        "-C          CRLを無効\n",                                      /* 46 */
+        "-C          CRLを無効\n",                                      /* 47 */
 #endif
 #ifdef WOLFSSL_TRUST_PEER_CERT
-        "-E <file>   信頼出�るピア�証明書ロード�為�パス\n",         /* 47 */
+        "-E <file>   信頼出�るピア�証明書ロード�為�パス\n",         /* 48 */
 #endif
 #ifdef HAVE_WNR
-        "-q <file>   Whitewood コンフィグファイル,      既定値\n",      /* 48 */
+        "-q <file>   Whitewood コンフィグファイル,      既定値\n",      /* 49 */
 #endif
         "-H <arg>    内部テスト"
-        " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
-        "                            loadSSL, disallowETM]\n",          /* 50 */
+            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
+            "                            loadSSL, disallowETM]\n",  /* 50 */
 #ifdef WOLFSSL_TLS13
         "-J          HelloRetryRequestをKE�グループ�択�使用�る\n",  /* 51 */
         "-K          �交��PSKを使用�(EC)DHE�使用���\n",         /* 52 */
@@ -1500,9 +1646,9 @@ static const char* client_usage_msg[][75] = {
 #ifdef HAVE_TRUSTED_CA
         "-5          信頼��る�証局��表示を使用�る\n",             /* 63 */
 #endif
-        "-6          WANT_WRITE エラーを全��IO �信�シミュレート���\n",
+        "-6          WANT_WRITE エラーを全��IO �信�シミュレート���\n", /* 64 */
 #ifdef HAVE_CURVE448
-        "-8          �交�� X448 を使用�る\n",                      /* 66 */
+        "-8          �交�� X448 を使用�る\n",                      /* 65 */
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
@@ -1512,40 +1658,58 @@ static const char* client_usage_msg[][75] = {
         "            フォルダー中�ファイル��\"hash.N\"[N:0-9]���る必���り��\n"
         "            以下�例��ca-cert.pem�シンボリックリンクを設定���\n"
         "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
-                                                                        /* 67 */
+                                                                        /* 66 */
 #endif
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
     !defined(WOLFSENTRY_NO_JSON)
         "--wolfsentry-config <file>    wolfSentry コンフィグファイル\n",
-                                                                      /* 68 */
+                                                                      /* 67 */
 #endif
 #ifndef WOLFSSL_TLS13
         "-7          最�ダウングレード�能�プロトコル�ージョンを設定��� [0-3] "
         " SSLv3(0) - TLS1.2(3)\n",
 #else
         "-7          最�ダウングレード�能�プロトコル�ージョンを設定��� [0-4] "
-        " SSLv3(0) - TLS1.3(4)\n",                            /* 69 */
+        " SSLv3(0) - TLS1.3(4)\n",                            /* 68 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> post-quantum ��付�グループ���共有�� [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
+        "--pqc <alg> post-quantum ��付�グループ���共有��:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 69 */
 #endif
 #ifdef WOLFSSL_SRTP
-        "--srtp <profile> (デフォルト� SRTP_AES128_CM_SHA1_80)\n", /* 71 */
+        "--srtp <profile> (デフォルト� SRTP_AES128_CM_SHA1_80)\n", /* 70 */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
-        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
+        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
-        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 73 */
+        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 72 */
 #endif
 #ifndef NO_PSK
-        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
+        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
+#endif
+#ifdef HAVE_RPK
+        "--rpk  Use RPK for the defined certificates\n", /* 74 */
+#endif
+        "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 76 */
 #endif
         "\n"
         "より簡��wolfSSL TLS クライアント�例�����"
                                          "下記�アクセス������\n"
-        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 75 */
+        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
         NULL,
     },
 #endif
@@ -1645,7 +1809,9 @@ static void Usage(void)
     printf("%s", msg[++msgid]); /* -D */
     printf("%s", msg[++msgid]); /* -e */
     printf("%s", msg[++msgid]); /* -g */
+#ifdef WOLFSSL_DTLS
     printf("%s", msg[++msgid]); /* -u */
+#endif
 #ifdef WOLFSSL_SCTP
     printf("%s", msg[++msgid]); /* -G */
 #endif
@@ -1760,12 +1926,11 @@ static void Usage(void)
     printf("%s", msg[++msgid]); /* --wolfsentry-config */
 #endif
     printf("%s", msg[++msgid]); /* -7 */
-    printf("%s", msg[++msgid]); /* Examples repo link */
 #ifdef HAVE_PQC
     printf("%s", msg[++msgid]);     /* --pqc */
-    printf("%s", msg[++msgid]);     /* --pqc options */
-    printf("%s", msg[++msgid]);     /* more --pqc options */
-    printf("%s", msg[++msgid]);     /* more --pqc options */
+#endif
+#ifdef WOLFSSL_SRTP
+    printf("%s", msg[++msgid]);     /* dtls-srtp */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
     printf("%s", msg[++msgid]); /* --sys-ca-certs */
@@ -1773,9 +1938,14 @@ static void Usage(void)
 #ifdef HAVE_SUPPORTED_CURVES
     printf("%s", msg[++msgid]); /* --onlyPskDheKe */
 #endif
-#ifdef WOLFSSL_SRTP
-    printf("%s", msg[++msgid]);     /* dtls-srtp */
+#ifndef NO_PSK
+    printf("%s", msg[++msgid]); /* --openssl-psk */
 #endif
+#ifdef HAVE_RPK
+    printf("%s", msg[++msgid]); /* --rpk */
+#endif
+    printf("%s", msg[++msgid]); /* --files-are-der */
+    printf("%s", msg[++msgid]); /* Documentation Hint */
 }
 
 #ifdef WOLFSSL_SRTP
@@ -1804,7 +1974,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args)
 
     ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
                                                    &srtp_secret_length);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         LOG_ERROR("DTLS SRTP: Error getting keying material length\n");
         return ret;
     }
@@ -1852,6 +2022,39 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args)
 }
 #endif /* WOLFSSL_SRTP */
 
+#if defined(WOLFSSL_STATIC_MEMORY) && \
+    defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK)
+static void ExampleDebugMemoryCb(size_t sz, int bucketSz, byte st, int type) {
+    switch (st) {
+        case WOLFSSL_DEBUG_MEMORY_ALLOC:
+            if (type == DYNAMIC_TYPE_IN_BUFFER) {
+                printf("IN BUFFER: ");
+            }
+
+            if (type == DYNAMIC_TYPE_OUT_BUFFER) {
+                printf("OUT BUFFER: ");
+            }
+
+            printf("Alloc'd %d bytes using bucket size %d\n", (int)sz,
+                bucketSz);
+            break;
+
+        case WOLFSSL_DEBUG_MEMORY_FAIL:
+            printf("Failed when trying to allocate %d bytes\n", (int)sz);
+            break;
+
+        case WOLFSSL_DEBUG_MEMORY_FREE:
+            printf("Free'ing : %d\n", (int)sz);
+            break;
+
+        case WOLFSSL_DEBUG_MEMORY_INIT:
+            printf("Creating memory bucket of size : %d\n", bucketSz);
+            break;
+    }
+}
+#endif
+
+
 
 THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 {
@@ -1919,6 +2122,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         { "openssl-psk", 0, 265 },
 #endif
         { "quieter", 0, 266 },
+#ifdef HAVE_RPK
+        { "rpk", 0, 267 },
+#endif /* HAVE_RPK */
+        { "files-are-der", 0, 268 },
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        { "crypto-policy", 1, 269 },
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
         { 0, 0, 0 }
     };
 #endif
@@ -2059,6 +2269,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int useDtlsCID = 0;
     char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
 #endif /* WOLFSSL_DTLS_CID */
+#ifdef HAVE_RPK
+    int useRPK = 0;
+#endif /* HAVE_RPK */
+    int fileFormat = WOLFSSL_FILETYPE_PEM;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    const char * policy = NULL;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 
     char buffer[WOLFSSL_MAX_ERROR_SZ];
 
@@ -2075,13 +2293,26 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         byte memory[80000];
     #endif
     byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
+    #if !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     WOLFSSL_MEM_CONN_STATS ssl_stats;
-    #ifdef DEBUG_WOLFSSL
+    #if defined(DEBUG_WOLFSSL)
         WOLFSSL_MEM_STATS mem_stats;
     #endif
+    #endif
     WOLFSSL_HEAP_HINT *heap = NULL;
 #endif
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Set our preference for verification to be for both the native and
+     * alternative chains. Ultimately, its the server's choice. This will be
+     * used in the call to wolfSSL_UseCKS(). */
+    byte cks_order[3] = {
+        WOLFSSL_CKS_SIGSPEC_BOTH,
+        WOLFSSL_CKS_SIGSPEC_ALTERNATIVE,
+        WOLFSSL_CKS_SIGSPEC_NATIVE,
+    };
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     ((func_args*)args)->return_code = -1; /* error state */
 
 #ifndef NO_RSA
@@ -2134,6 +2365,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     (void)usePqc;
     (void)pqcAlg;
     (void)opensslPsk;
+    (void)fileFormat;
     StackTrap();
 
     /* Reinitialize the global myVerifyAction. */
@@ -2223,7 +2455,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                     err_sys("provided connection ID is too big");
                 }
                 else {
-                    strcpy(dtlsCID, myoptarg);
+                    XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE);
                 }
             }
             break;
@@ -2331,7 +2563,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 }
                 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
                     printf("Verify should not override error\n");
-                    myVerifyAction = VERIFY_USE_PREVERFIY;
+                    myVerifyAction = VERIFY_USE_PREVERIFY;
                 }
                 else if (XSTRCMP(myoptarg, "useSupCurve") == 0) {
                     printf("Attempting to test use supported curve\n");
@@ -2393,7 +2625,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 break;
 
             case 'B' :
-                throughput = atol(myoptarg);
+                throughput = (size_t)atol(myoptarg);
                 for (; *myoptarg != '\0'; myoptarg++) {
                     if (*myoptarg == ',') {
                         block = atoi(myoptarg + 1);
@@ -2456,7 +2688,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
             case 'F' :
                 #ifdef HAVE_MAX_FRAGMENT
-                    maxFragment = atoi(myoptarg);
+                    maxFragment = (byte)atoi(myoptarg);
                     if (maxFragment < WOLFSSL_MFL_MIN ||
                                                maxFragment > WOLFSSL_MFL_MAX) {
                         Usage();
@@ -2483,7 +2715,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 {
                     word32 myoptargSz;
 
-                    statusRequest = atoi(myoptarg);
+                    statusRequest = (byte)atoi(myoptarg);
                     if (statusRequest > OCSP_STAPLING_OPT_MAX) {
                         Usage();
                         XEXIT_T(MY_EX_USAGE);
@@ -2756,6 +2988,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             case 266:
                 quieter = 1;
                 break;
+            case 267:
+#ifdef HAVE_RPK
+                useRPK = 1;
+#endif /* HAVE_RPK */
+                break;
+            case 268:
+                fileFormat = WOLFSSL_FILETYPE_ASN1;
+                break;
+            case 269:
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+                policy = myoptarg;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+                break;
+
             default:
                 Usage();
                 XEXIT_T(MY_EX_USAGE);
@@ -2983,9 +3229,16 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (method == NULL)
         err_sys("unable to get method");
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (policy != NULL) {
+        if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
+            err_sys("wolfSSL_crypto_policy_enable failed");
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 #ifdef WOLFSSL_STATIC_MEMORY
-    #ifdef DEBUG_WOLFSSL
+    #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     /* print off helper buffer sizes for use with static memory
      * printing to stderr in case of debug mode turned on */
     LOG_ERROR("static memory management size = %d\n",
@@ -3002,6 +3255,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         err_sys("unable to load static memory");
     }
 
+#if defined(WOLFSSL_STATIC_MEMORY) && \
+    defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK)
+    wolfSSL_SetDebugMemoryCb(ExampleDebugMemoryCb);
+#endif
     ctx = wolfSSL_CTX_new_ex(method(heap), heap);
     if (ctx == NULL)
         err_sys("unable to get ctx");
@@ -3074,7 +3331,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef WOLFSSL_SRTP
     if (dtlsSrtpProfiles != NULL) {
         if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
-                                                           != WOLFSSL_SUCCESS) {
+                                                           != 0) {
             err_sys("unable to set DTLS SRTP profile");
         }
     }
@@ -3119,7 +3376,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
                                                            defined(WOLFSSL_DTLS)
     if (dtlsMTU)
-        wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+        wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
 #endif
 
 #ifndef NO_DH
@@ -3129,6 +3386,21 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
+#ifdef HAVE_RPK
+    if (useRPK) {
+        char ctype[] = {WOLFSSL_CERT_TYPE_RPK};
+        char stype[] = {WOLFSSL_CERT_TYPE_RPK};
+
+        wolfSSL_CTX_set_client_cert_type(ctx, ctype, sizeof(ctype)/sizeof(ctype[0]));
+        wolfSSL_CTX_set_server_cert_type(ctx, stype, sizeof(stype)/sizeof(stype[0]));
+        usePsk = 0;
+        #ifdef HAVE_CRL
+            disableCRL = 1;
+        #endif
+        doPeerCheck = 0;
+    }
+#endif /* HAVE_RPK */
+
     if (usePsk) {
 #ifndef NO_PSK
         const char *defaultCipherList = cipherList;
@@ -3261,7 +3533,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys("can't load client cert buffer");
     #elif !defined(TEST_LOAD_BUFFER)
-        if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
+        if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, fileFormat)
                                                            != WOLFSSL_SUCCESS) {
             wolfSSL_CTX_free(ctx); ctx = NULL;
             err_sys("can't load client cert file, check file and run from"
@@ -3285,7 +3557,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys("can't load client private key buffer");
     #elif !defined(TEST_LOAD_BUFFER)
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, fileFormat)
                                          != WOLFSSL_SUCCESS) {
             wolfSSL_CTX_free(ctx); ctx = NULL;
             err_sys("can't load client private key file, check file and run "
@@ -3377,7 +3649,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     #endif
     }
     if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
-            myVerifyAction == VERIFY_USE_PREVERFIY) {
+            myVerifyAction == VERIFY_USE_PREVERIFY) {
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
     }
     else if (!usePsk && !useAnon && doPeerCheck == 0) {
@@ -3486,8 +3758,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-    if (postHandAuth)
-        wolfSSL_CTX_allow_post_handshake_auth(ctx);
+    if (postHandAuth) {
+        if (wolfSSL_CTX_allow_post_handshake_auth(ctx) != 0) {
+            err_sys("unable to support post handshake auth");
+        }
+    }
 #endif
 
     if (benchmark) {
@@ -3528,7 +3803,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
     #endif
 
-#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
+    !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         LOG_ERROR("Before creating SSL\n");
         if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
             err_sys("ctx not using static memory");
@@ -3558,9 +3834,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         err_sys("unable to get SSL object");
     }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) {
+        wolfSSL_CTX_free(ctx); ctx = NULL;
+        err_sys("unable to set the CKS order.");
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 #ifndef NO_PSK
     if (usePsk) {
-    #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
+    #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+        defined(TEST_PSK_USE_SESSION)
         SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
     #endif
     }
@@ -3575,7 +3859,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             err_sys("can't load client cert buffer");
         }
     #elif !defined(TEST_LOAD_BUFFER)
-        if (wolfSSL_use_certificate_chain_file(ssl, ourCert)
+        if (wolfSSL_use_certificate_chain_file_format(ssl, ourCert, fileFormat)
                                                            != WOLFSSL_SUCCESS) {
             wolfSSL_CTX_free(ctx); ctx = NULL;
             err_sys("can't load client cert file, check file and run from"
@@ -3596,7 +3880,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys("can't load client private key buffer");
     #elif !defined(TEST_LOAD_BUFFER)
-        if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_use_PrivateKey_file(ssl, ourKey, fileFormat)
                                          != WOLFSSL_SUCCESS) {
             wolfSSL_CTX_free(ctx); ctx = NULL;
             err_sys("can't load client private key file, check file and run "
@@ -3619,7 +3903,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
-#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
+    !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     LOG_ERROR("After creating SSL\n");
     if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
         err_sys("ctx not using static memory");
@@ -3850,13 +4135,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 #else
     timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
@@ -3866,7 +4151,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (ret != WOLFSSL_SUCCESS) {
         err = wolfSSL_get_error(ssl, 0);
         LOG_ERROR("wolfSSL_connect error %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buffer));
+            wolfSSL_ERR_error_string((unsigned long)err, buffer));
 
         /* cleanup */
         wolfSSL_free(ssl); ssl = NULL;
@@ -4037,7 +4322,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         if (err == WOLFSSL_SUCCESS)
             printf("Received ALPN protocol : %s (%d)\n",
                    protocol_name, protocol_nameSz);
-        else if (err == WOLFSSL_ALPN_NOT_FOUND)
+        else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
             printf("No ALPN response received (no match with server)\n");
         else
             printf("Getting ALPN protocol name failed\n");
@@ -4051,10 +4336,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)
@@ -4093,12 +4375,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                         else {
                             do {
                             #ifdef WOLFSSL_ASYNC_CRYPT
-                                if (err == WC_PENDING_E) {
+                                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                     if (ret < 0) break;
                                 }
                             #endif
-                                if (err == APP_DATA_READY) {
+                                if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                                     if (wolfSSL_read(ssl, reply,
                                             sizeof(reply)-1) < 0) {
                                         err_sys("APP DATA should be present "
@@ -4114,9 +4396,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                                 }
                             } while (ret != WOLFSSL_SUCCESS &&
                                     (err == WOLFSSL_ERROR_WANT_READ ||
-                                        err == WOLFSSL_ERROR_WANT_WRITE ||
-                                        err == APP_DATA_READY ||
-                                        err == WC_PENDING_E));
+                                     err == WOLFSSL_ERROR_WANT_WRITE ||
+                                     err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
+                                     err == WC_NO_ERR_TRACE(WC_PENDING_E)));
                         }
 
                         if (ret == WOLFSSL_SUCCESS) {
@@ -4143,12 +4425,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
 #ifdef WOLFSSL_ASYNC_CRYPT
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -4173,12 +4455,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
 #ifdef WOLFSSL_ASYNC_CRYPT
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -4207,11 +4489,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         printf("SSL connect ok, sending GET...\n");
 
         msgSz = (int)XSTRLEN(kHttpGetMsg);
-        XMEMCPY(msg, kHttpGetMsg, msgSz);
+        XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz);
     }
     else {
         msgSz = (int)XSTRLEN(kHelloMsg);
-        XMEMCPY(msg, kHelloMsg, msgSz);
+        XMEMCPY(msg, kHelloMsg, (size_t)msgSz);
     }
 
 /* allow some time for exporting the session */
@@ -4327,7 +4609,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 
     /* display collected statistics */
-#ifdef WOLFSSL_STATIC_MEMORY
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
         err_sys("static memory was not used with ssl");
 
@@ -4442,14 +4724,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if (ret != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(sslResume, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(sslResume,
                                                     WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         }
 #else
         timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
@@ -4458,7 +4740,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
         if (ret != WOLFSSL_SUCCESS) {
             LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err,
-                wolfSSL_ERR_error_string(err, buffer));
+                wolfSSL_ERR_error_string((unsigned long)err, buffer));
             wolfSSL_free(sslResume); sslResume = NULL;
             CloseSocket(sockfd);
             wolfSSL_CTX_free(ctx); ctx = NULL;
@@ -4484,7 +4766,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (err == WOLFSSL_SUCCESS)
                 printf("Received ALPN protocol : %s (%d)\n",
                        protocol_name, protocol_nameSz);
-            else if (err == WOLFSSL_ALPN_NOT_FOUND)
+            else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
                 printf("Not received ALPN response (no match with server)\n");
             else
                 printf("Getting ALPN protocol name failed\n");
@@ -4539,11 +4821,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         XMEMSET(msg, 0, sizeof(msg));
         if (sendGET) {
             msgSz = (int)XSTRLEN(kHttpGetMsg);
-            XMEMCPY(msg, kHttpGetMsg, msgSz);
+            XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz);
         }
         else {
             msgSz = (int)XSTRLEN(kResumeMsg);
-            XMEMCPY(msg, kResumeMsg, msgSz);
+            XMEMCPY(msg, kResumeMsg, (size_t)msgSz);
         }
 
         (void)ClientWriteRead(sslResume, msg, msgSz, reply, sizeof(reply)-1,
@@ -4554,7 +4836,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             wolfSSL_shutdown(sslResume);    /* bidirectional shutdown */
 
         /* display collected statistics */
-    #ifdef WOLFSSL_STATIC_MEMORY
+    #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
             err_sys("static memory was not used with ssl");
 
@@ -4606,7 +4888,7 @@ exit:
     WOLFSSL_RETURN_FROM_THREAD(0);
 }
 
-#endif /* !NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
 
 
 /* so overall tests can pull in test function */
@@ -4616,7 +4898,6 @@ exit:
     {
         func_args args;
 
-
         StartTCP();
 
 #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
@@ -4632,7 +4913,7 @@ exit:
         wolfSSL_Init();
         ChangeToWolfRoot();
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 #ifdef HAVE_STACK_SIZE
         StackSizeCheck(&args, client_test);
 #else
diff --git a/examples/client/client.h b/examples/client/client.h
index 3317670e5..377bfed36 100644
--- a/examples/client/client.h
+++ b/examples/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index 3f5c79a05..0843627d5 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{3ADE9549-582D-4D8E-9826-B172197A7959}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="client.c" />
   </ItemGroup>
diff --git a/examples/configs/README.md b/examples/configs/README.md
index 8ed282cc7..048c79d45 100644
--- a/examples/configs/README.md
+++ b/examples/configs/README.md
@@ -6,13 +6,17 @@ Example wolfSSL configuration file templates for use when autoconf is not availa
 
 * `user_settings_template.h`: Template that allows modular algorithm and feature selection using `#if 0` logic.
 * `user_settings_all.h`: This is wolfSSL with all features enabled. Equivalent to `./configure --enable-all`.
-* `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`.
-* `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20.
+* `user_settings_arduino.h`: An example Arduino file. See also [wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL).
+*.`user_settings_EBSnet.h`: Example configuration file for use with EBSnet ports.
 * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options.
 * `user_settings_fipsv5.h`: The FIPS v5 (ready) 140-3 build options. Equivalent to `./configure --enable-fips=v5-dev`.
+* `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`.
+* `user_settings_platformio.h`: An example for PlatformIO library. See also [platformio/wolfssl](https://registry.platformio.org/libraries/wolfssl/wolfssl)
 * `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack.
+* `user_settings_tls12`: Example for TLS v1.2 client only, ECC only, AES GCM only, SHA2-256 only.
+* `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20.
+* `user_settings_wolfssh.h`: Minimum options for building wolfSSH. See comment at top for ./configure used to generate.
 * `user_settings_wolftpm.h`: Minimum options for building wolfTPM. See comment at top for ./configure used to generate.
-*.`user_settings_EBSnet.h`: Example configuration file for use with EBSnet ports.
 
 ## Usage
 
diff --git a/examples/configs/include.am b/examples/configs/include.am
index 781fbcbca..ab2453412 100644
--- a/examples/configs/include.am
+++ b/examples/configs/include.am
@@ -3,11 +3,17 @@
 
 EXTRA_DIST += examples/configs/README.md
 EXTRA_DIST += examples/configs/user_settings_all.h
-EXTRA_DIST += examples/configs/user_settings_min_ecc.h
-EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h
-EXTRA_DIST += examples/configs/user_settings_template.h
+EXTRA_DIST += examples/configs/user_settings_arduino.h
+EXTRA_DIST += examples/configs/user_settings_EBSnet.h
+EXTRA_DIST += examples/configs/user_settings_eccnonblock.h
+EXTRA_DIST += examples/configs/user_settings_espressif.h
 EXTRA_DIST += examples/configs/user_settings_fipsv2.h
 EXTRA_DIST += examples/configs/user_settings_fipsv5.h
+EXTRA_DIST += examples/configs/user_settings_min_ecc.h
+EXTRA_DIST += examples/configs/user_settings_platformio.h
 EXTRA_DIST += examples/configs/user_settings_stm32.h
+EXTRA_DIST += examples/configs/user_settings_template.h
+EXTRA_DIST += examples/configs/user_settings_tls12.h
+EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h
+EXTRA_DIST += examples/configs/user_settings_wolfssh.h
 EXTRA_DIST += examples/configs/user_settings_wolftpm.h
-EXTRA_DIST += examples/configs/user_settings_EBSnet.h
diff --git a/examples/configs/user_settings_EBSnet.h b/examples/configs/user_settings_EBSnet.h
index 3d1486998..e7255bf5a 100644
--- a/examples/configs/user_settings_EBSnet.h
+++ b/examples/configs/user_settings_EBSnet.h
@@ -1,6 +1,6 @@
 /* user_settings_EBSnet.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_all.h b/examples/configs/user_settings_all.h
index c484b90be..fd8724582 100644
--- a/examples/configs/user_settings_all.h
+++ b/examples/configs/user_settings_all.h
@@ -1,6 +1,6 @@
 /* user_settings_all.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,7 +46,7 @@ extern "C" {
 #define HAVE_EXT_CACHE
 #define ATOMIC_USER /* Enable Atomic Record Layer callbacks */
 #define HAVE_PK_CALLBACKS /* Enable public key callbacks */
-#define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
+#define WOLFSSL_ALT_CERT_CHAINS /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
 #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
 #define WOLFSSL_HAVE_CERT_SERVICE
 #define WOLFSSL_JNI
@@ -126,6 +126,7 @@ extern "C" {
 #define WOLFSSL_CUSTOM_OID
 #define HAVE_OID_ENCODING
 #define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ALT_NAMES /* Support subject alternative names extension */
 
 /* Certificate Revocation */
 #define HAVE_OCSP
diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h
new file mode 100644
index 000000000..49415bccd
--- /dev/null
+++ b/examples/configs/user_settings_arduino.h
@@ -0,0 +1,486 @@
+/* examples/configs/user_settings_arduino.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This is a sample Arduino user_settings.h for wolfSSL
+  >> Edit with caution. This is the file copied to wolfSSL Arduino library.
+  >> at publish time. (lines with ">>" are removed)
+*/
+
+/* Define a macro to display user settings version in example code: */
+#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.4"
+
+/* Due to limited build control, we'll ignore file warnings. */
+/* See https://github.com/arduino/arduino-cli/issues/631     */
+#undef  WOLFSSL_IGNORE_FILE_WARN
+#define WOLFSSL_IGNORE_FILE_WARN
+
+#define NO_FILESYSTEM
+#define USE_CERT_BUFFERS_2048
+
+/* Make sure this is not an ESP-IDF file */
+#undef  WOLFSSL_ESPIDF
+
+#define HAVE_ECC
+#define WOLFSSL_SMALL_STACK
+/* #define WOLFSSL_SMALL_STACK_EXTRA    */
+/* #define WOLFSSL_SMALL_STACK_CIPHERS  */
+/* #define NO_DH                        */
+#define MICRO_SESSION_CACHE
+
+/* RSA must be enabled for examples, but can be disabled like this: */
+/* #define NO_RSA */
+#define RSA_LOW_MEM
+
+#define NO_OLD_TLS
+/* TLS 1.3                                 */
+/* #define WOLFSSL_TLS13 */
+#if defined(WOLFSSL_TLS13)
+    #define HAVE_TLS_EXTENSIONS
+    #define WC_RSA_PSS
+    #define HAVE_HKDF
+    #define HAVE_AEAD
+#endif
+
+/*  #define HAVE_SUPPORTED_CURVES  */
+
+/* Cannot use WOLFSSL_NO_MALLOC with small stack */
+/* #define WOLFSSL_NO_MALLOC */
+
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+
+/* To further reduce size, client or server functionality can be disabled.
+ * Here, we check if the example code gave us a hint.
+ *
+ * The calling application can define either one of these macros before
+ * including the Arduino wolfssl.h library file:
+ *
+ *    WOLFSSL_CLIENT_EXAMPLE
+ *    WOLFSSL_SERVER_EXAMPLE
+ */
+#if defined(WOLFSSL_CLIENT_EXAMPLE)
+    #define NO_WOLFSSL_SERVER
+#elif defined(WOLFSSL_SERVER_EXAMPLE)
+    #define NO_WOLFSSL_CLIENT
+#else
+    /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
+     * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
+    #define NO_WOLFSSL_SERVER_CLIENT_MISSING
+    #warning "Define WOLFSSL_CLIENT_EXAMPLE or WOLFSSL_SERVER_EXAMPLE to" \
+             " optimize memory for small embedded devices."
+    /* Both can be disabled in wolfssl test & benchmark */
+#endif
+
+
+#define NO_DH
+#define NO_DSA
+#define USE_FAST_MATH
+#define WOLFSSL_SMALL_STACK
+#define SINGLE_THREADED
+#define WOLFSSL_LOW_MEMORY
+#define HAVE_AESGCM
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+
+/* Optional OPENSSL compatibility */
+/* #define OPENSSL_EXTRA */
+/* #define OPENSSL_ALL */
+
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+/* when you want to use AES counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* RSA primitive specific definition */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Define USE_FAST_MATH and SMALL_STACK                        */
+    #define ESP32_USE_RSA_PRIMITIVE
+
+    #if defined(CONFIG_IDF_TARGET_ESP32)
+
+        /* NOTE HW unreliable for small values! */
+        /* threshold for performance adjustment for HW primitive use   */
+        /* X bits of G^X mod P greater than                            */
+        #undef  ESP_RSA_EXPT_XBITS
+        #define ESP_RSA_EXPT_XBITS 32
+
+        /* X and Y of X * Y mod P greater than                         */
+        #undef  ESP_RSA_MULM_BITS
+        #define ESP_RSA_MULM_BITS  16
+
+    #endif
+#endif
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
+#define ESP_RSA_TIMEOUT_CNT    0x249F00
+
+#define HASH_SIZE_LIMIT /* for test.c */
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+/* Default is HW enabled unless turned off.
+** Uncomment these lines to force SW instead of HW acceleration */
+
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    /*  TODO: Revisit ESP8266 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+#else
+    /* Anything else encountered, disable HW acceleration */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+#define DEBUG_WOLFSSL
+/* Debug options:
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+*/
+
+#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+#define WOLFSSL_HW_METRICS
+#define ALT_ECC_SIZE
+/* #define HASH_SIZE_LIMIT */ /* for test.c */
+
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+#define WOLFSSL_PUBLIC_MP /* used by benchmark */
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
+/* The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+/* Conditional macros used in wolfSSL TLS client and server examples */
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #if defined(USE_CERT_BUFFERS_2048)
+        #ifdef USE_CERT_BUFFERS_1024
+            #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
+        #endif
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #ifdef USE_CERT_BUFFERS_2048
+            #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
+        #endif
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif
diff --git a/examples/configs/user_settings_eccnonblock.h b/examples/configs/user_settings_eccnonblock.h
new file mode 100644
index 000000000..8996ff0b6
--- /dev/null
+++ b/examples/configs/user_settings_eccnonblock.h
@@ -0,0 +1,138 @@
+/* user_settings_eccnonblock.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example wolfSSL user_settings.h file for ECC only non-blocking crypto.
+ * See doc/dox_comments/header_files/ecc.h wc_ecc_set_nonblock for example.
+ */
+
+/* Settings based on this configure:
+./configure --enable-cryptonly --enable-ecc=nonblock --with-eccminsz=256 \
+    --enable-sp=nonblock,ec256,nomalloc --enable-sp-math --disable-sp-asm \
+    --disable-rsa --disable-dh \
+    CFLAGS="-DWOLFSSL_DEBUG_NONBLOCK -DSP_WORD_SIZE=32 -DECC_USER_CURVES \
+            -DWOLFSSL_PUBLIC_MP"
+*/
+
+/* Tested using:
+cp ./examples/configs/user_settings_eccnonblock.h user_settings.h
+./configure --enable-usersettings --enable-debug --disable-examples
+make
+./wolfcrypt/test/test/wolfcrypt
+*/
+
+/* Example test results:
+ecc_test_curve keySize = 32
+ECC non-block sign: 12301 times
+ECC non-block verify: 24109 times
+ECC non-block key gen: 11784 times
+ECC non-block shared secret: 11783 times
+
+ecc_test_curve keySize = 48
+ECC non-block sign: 18445 times
+ECC non-block verify: 36141 times
+ECC non-block key gen: 17672 times
+ECC non-block shared secret: 17671 times
+
+ecc_test_curve keySize = 66
+ECC non-block sign: 25021 times
+ECC non-block verify: 49019 times
+ECC non-block key gen: 23974 times
+ECC non-block shared secret: 23973 times
+*/
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Choose the ECC curve */
+#define ECC_USER_CURVES /* Manually specify curves enabled */
+#if   1 /* SECP256R1 */
+    #define ECC_MIN_KEY_SZ 256
+#elif 1 /* SECP384R1 */
+    #define HAVE_ECC384
+    #define NO_ECC256
+    #define ECC_MIN_KEY_SZ 384
+    #define WOLFSSL_SP_NO_256
+    #define WOLFSSL_SP_384
+#else /* SECP521R1 */
+    #define HAVE_ECC521
+    #define NO_ECC256
+    #define ECC_MIN_KEY_SZ 521
+    #define WOLFSSL_SP_NO_256
+    #define WOLFSSL_SP_521
+#endif
+
+/* Features */
+#define WOLFCRYPT_ONLY
+#define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_PUBLIC_MP /* expose mp_ math API's */
+#define HAVE_HASHDRBG /* enable hash based pseudo RNG */
+
+/* ECC */
+#define HAVE_ECC
+#define WC_ECC_NONBLOCK
+#define ECC_TIMING_RESISTANT
+
+/* Math options */
+/* sp_c32.c */
+#define SP_WORD_SIZE 32
+#define WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_SP_SMALL
+#define WOLFSSL_SP_NO_MALLOC
+#define WOLFSSL_SP_NONBLOCK
+#define WOLFSSL_SP_MATH /* forces only single precision */
+
+/* Hashing */
+#define WOLFSL_SHA512
+#define WOLFSL_SHA384
+#undef NO_SHA256
+
+/* Debugging */
+#if 1
+    #undef  DEBUG_WOLFSSL
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_DEBUG_NONBLOCK
+#endif
+
+/* Disabled algorithms */
+#define NO_OLD_TLS
+#define NO_RSA
+#define NO_DH
+#define NO_PSK
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+#define NO_DSA
+#define NO_DES3
+#define NO_BIG_INT
+#define NO_RC4
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/examples/configs/user_settings_espressif.h b/examples/configs/user_settings_espressif.h
new file mode 100644
index 000000000..c626982cf
--- /dev/null
+++ b/examples/configs/user_settings_espressif.h
@@ -0,0 +1,1098 @@
+/* wolfssl-component include/user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
+/*
+ * ONE of these Espressif chip families will be detected from sdkconfig:
+ *
+ * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
+ * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
+ */
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
+#define BENCH_EMBEDDED
+
+/* TLS 1.3                                 */
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
+
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
+
+#define NO_FILESYSTEM
+
+#define NO_OLD_TLS
+
+#define HAVE_AESGCM
+
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
+/* when you want to use SHA224 */
+#define WOLFSSL_SHA224
+
+/* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
+
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
+/* #define HAVE_PKCS7 */
+
+#if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use AES counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
+
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+    #define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
+
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef  USE_FAST_MATH         */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
+
+#define WOLFSSL_SMALL_STACK
+
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
+
+/* #define HAVE_HASHDRBG */
+
+#if 0
+/* Example for additional cert functions */
+#define WOLFSSL_KEY_GEN
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
+
+
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/* command-line options
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
+#else
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
+/* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
+*/
+
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
+#define WOLFSSL_HW_METRICS
+
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
+
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+/* Conditional macros used in wolfSSL TLS client and server examples */
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/examples/configs/user_settings_fipsv2.h b/examples/configs/user_settings_fipsv2.h
index f6096341e..971b39e3f 100644
--- a/examples/configs/user_settings_fipsv2.h
+++ b/examples/configs/user_settings_fipsv2.h
@@ -1,6 +1,6 @@
 /* user_settings_fipsv2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_fipsv5.h b/examples/configs/user_settings_fipsv5.h
index 9f6bbfd46..52752df05 100644
--- a/examples/configs/user_settings_fipsv5.h
+++ b/examples/configs/user_settings_fipsv5.h
@@ -1,6 +1,6 @@
 /* user_settings_fipsv5.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_min_ecc.h b/examples/configs/user_settings_min_ecc.h
index f05250033..28c1157ba 100644
--- a/examples/configs/user_settings_min_ecc.h
+++ b/examples/configs/user_settings_min_ecc.h
@@ -1,6 +1,6 @@
 /* user_settings_min_ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h
new file mode 100644
index 000000000..5b6bbbc98
--- /dev/null
+++ b/examples/configs/user_settings_platformio.h
@@ -0,0 +1,790 @@
+/* examples/configs/user_settings_platformio.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This is a sample PlatformIO user_settings.h for wolfSSL
+ *
+ * Do not include any wolfssl headers here
+ *
+ * When editing this file:
+ * ensure wolfssl_test and wolfssl_benchmark settings match.
+ */
+
+ /* Define a macro to display user settings version in example code: */
+#define WOLFSSL_USER_SETTINGS_ID "PlatformIO user_settings.h v5.7.0-test.rev02"
+
+/*
+ * For other platforms see:
+ *   https://github.com/wolfSSL/wolfssl/tree/master/examples/configs
+ */
+
+#if defined(ESP_IDF_VERSION_MAJOR) || defined(WOLFSSL_ESPIDF) || \
+             defined(ESP_PLATFORM) || defined(WOLFSSL_ESP32)
+    #include "sdkconfig.h"
+    /* The #include "protocol_examples_common.h" fails for PlatformIO,
+     * so disable the WiFi *not needed for test and benchmark examples. */
+    #define NO_ESP_SDK_WIFI
+#endif
+
+
+/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
+/* Experimental Kyber */
+#if 0
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_SHA3
+#endif
+
+/* Used only by benchmark: */
+#define BENCH_EMBEDDED
+#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* Due to limited build control, we'll ignore file warnings. */
+/* See github.com/arduino/arduino-cli/issues/631     */
+#undef  WOLFSSL_IGNORE_FILE_WARN
+#define WOLFSSL_IGNORE_FILE_WARN
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* TODO: known PlatformIO problem if SINGLE_THREADED is not enabled.  */
+/* See https://github.com/wolfSSL/wolfssl/issues/7533 */
+#define SINGLE_THREADED
+
+/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* Uncommon settings for testing only */
+#define TEST_ESPIDF_ALL_WOLFSSL
+#ifdef  TEST_ESPIDF_ALL_WOLFSSL
+    #define WOLFSSL_MD2
+    #define HAVE_BLAKE2
+    #define HAVE_BLAKE2B
+    #define HAVE_BLAKE2S
+
+    #define WC_RC2
+    #define WOLFSSL_ALLOW_RC4
+
+    #define HAVE_POLY1305
+
+    #define WOLFSSL_AES_128
+    #define WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_CFB
+    #define WOLFSSL_AES_XTS
+
+    #define WOLFSSL_WOLFSSH
+
+    #define HAVE_AESGCM
+    #define WOLFSSL_AES_COUNTER
+
+    #define HAVE_FFDHE
+    #define HAVE_FFDHE_2048
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO Full size SRP is disabled on the ESP8266 at this time.
+         * Low memory issue? */
+        #define WOLFCRYPT_HAVE_SRP
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+          defined(CONFIG_IDF_TARGET_ESP32S2) || \
+          defined(CONFIG_IDF_TARGET_ESP32S3)
+        /* SRP Known to be working on this target:*/
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32H2)
+        /* SRP Known to be working on this target:*/
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #else
+        /* For everything else, give a try and see if SRP working: */
+        #define WOLFCRYPT_HAVE_SRP
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+
+    #define HAVE_DH
+
+    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+    /* #define HAVE_CAMELLIA */
+
+    /* DSA requires old SHA */
+    #define HAVE_DSA
+
+    /* Needs SHA512 ? */
+    #define HAVE_HPKE
+
+    /* Not for Espressif? */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP32H2) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #undef HAVE_ECC
+            #undef HAVE_ECC_CDH
+            #undef HAVE_CURVE25519
+
+            /* TODO does CHACHA also need alignment? Failing on ESP8266
+             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
+            #ifdef HAVE_CHACHA
+                #error "HAVE_CHACHA not supported on ESP8266"
+            #endif
+            #ifdef HAVE_XCHACHA
+                #error "HAVE_XCHACHA not supported on ESP8266"
+            #endif
+        #else
+            #define HAVE_XCHACHA
+            #define HAVE_CHACHA
+            /* TODO Not enabled at this time, needs further testing:
+             *   #define WC_SRTP_KDF
+             *   #define HAVE_COMP_KEY
+             *   #define WOLFSSL_HAVE_XMSS
+             */
+        #endif
+        /* TODO AES-EAX not working on this platform */
+
+        /* Optionally disable DH
+         *   #undef HAVE_DH
+         *   #undef HAVE_FFDHE
+         */
+
+        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+        #ifndef HAVE_ECC
+            #define ECC_SHAMIR
+        #endif
+    #else
+        #define WOLFSSL_AES_EAX
+
+        #define ECC_SHAMIR
+    #endif
+
+    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+    /* #define WOLFSSL_CAAM      */
+    /* #define WOLFSSL_CAAM_BLOB */
+
+    #define WOLFSSL_AES_SIV
+    #define WOLFSSL_CMAC
+
+    #define WOLFSSL_CERT_PIV
+
+    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+    /* #define HAVE_SCRYPT */
+    #define SCRYPT_TEST_ALL
+    #define HAVE_X963_KDF
+#endif
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
+/* Cannot use WOLFSSL_NO_MALLOC with small stack */
+/* #define WOLFSSL_NO_MALLOC */
+
+#define BENCH_EMBEDDED
+
+/* TLS 1.3                                 */
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define WC_RSA_PSS
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_SUPPORTED_CURVES
+
+#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+#define NO_FILESYSTEM
+
+/* To further reduce size, client or server functionality can be disabled.
+ * Here, we check if the example code gave us a hint.
+ *
+ * The calling application can define either one of these macros before
+ * including the Arduino wolfssl.h library file:
+ *
+ *    WOLFSSL_CLIENT_EXAMPLE
+ *    WOLFSSL_SERVER_EXAMPLE
+ */
+#if defined(WOLFSSL_CLIENT_EXAMPLE)
+    #define NO_WOLFSSL_SERVER
+#elif defined(WOLFSSL_SERVER_EXAMPLE)
+    #define NO_WOLFSSL_CLIENT
+#else
+    /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
+     * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
+    #define NO_WOLFSSL_SERVER_CLIENT_MISSING
+    /* Both can be disabled in wolfssl test & benchmark */
+#endif
+
+#define NO_OLD_TLS
+
+#define HAVE_AESGCM
+
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
+/* when you want to use SHA224 */
+#define WOLFSSL_SHA224
+
+/* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* when you want to use SHA512 */
+#define WOLFSSL_SHA512
+
+/* when you want to use SHA3 */
+#define WOLFSSL_SHA3
+
+ /* ED25519 requires SHA512 */
+#define HAVE_ED25519
+
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* TODO determine low memory configuration for ECC. */
+#else
+    #define HAVE_ECC
+    #define HAVE_CURVE25519
+    #define CURVE25519_SMALL
+#endif
+
+#define HAVE_ED25519
+
+/* Optional OPENSSL compatibility */
+#define OPENSSL_EXTRA
+
+/* #Optional HAVE_PKCS7 */
+#define HAVE_PKCS7
+
+#if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use AES counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
+
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
+#define ESP_RSA_TIMEOUT_CNT    0x349F00
+
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef USE_FAST_MATH          */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+
+#define WOLFSSL_SMALL_STACK
+
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#define  HAVE_SESSION_TICKET
+
+/* #define HAVE_HASHDRBG */
+
+#define WOLFSSL_KEY_GEN
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_SYS_CA_CERTS
+
+
+#define WOLFSSL_CERT_TEXT
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/* command-line options
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
+#else
+    /* Anything else encountered, disable HW acceleration */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
+/* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
+*/
+
+/* Pause in a loop rather than exit. */
+#define WOLFSSL_ESPIDF_ERROR_PAUSE
+
+#define WOLFSSL_HW_METRICS
+#define ALT_ECC_SIZE
+
+/* for test.c: */
+/* #define HASH_SIZE_LIMIT */
+
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
+
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   github.com/wolfSSL/wolfssl/pull/6825
+ *   github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+/* Conditional macros used in wolfSSL TLS client and server examples */
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #if defined(USE_CERT_BUFFERS_2048)
+        #ifdef USE_CERT_BUFFERS_1024
+            #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
+        #endif
+        #include <wolfssl/certs_test.h>
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #ifdef USE_CERT_BUFFERS_2048
+            #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
+        #endif
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h
index 9f02cf2bf..381b9785b 100644
--- a/examples/configs/user_settings_stm32.h
+++ b/examples/configs/user_settings_stm32.h
@@ -1,7 +1,7 @@
 /* wolfSSL_conf.h (example of generated wolfSSL.I-CUBE-wolfSSL_conf.h using
  * default_conf.ftl and STM32CubeIDE or STM32CubeMX tool)
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,6 +50,9 @@ extern "C" {
 /*---------- WOLF_CONF_DTLS -----------*/
 #define WOLF_CONF_DTLS      0
 
+/*---------- WOLF_CONF_DTLS13 -----------*/
+#define WOLF_CONF_DTLS13    0
+
 /*---------- WOLF_CONF_MATH -----------*/
 #define WOLF_CONF_MATH      4
 
@@ -78,7 +81,7 @@ extern "C" {
 #define WOLF_CONF_CHAPOLY      1
 
 /*---------- WOLF_CONF_EDCURVE25519 -----------*/
-#define WOLF_CONF_EDCURVE25519      0
+#define WOLF_CONF_EDCURVE25519      1
 
 /*---------- WOLF_CONF_MD5 -----------*/
 #define WOLF_CONF_MD5      0
@@ -93,10 +96,10 @@ extern "C" {
 #define WOLF_CONF_SHA2_256      1
 
 /*---------- WOLF_CONF_SHA2_384 -----------*/
-#define WOLF_CONF_SHA2_384      0
+#define WOLF_CONF_SHA2_384      1
 
 /*---------- WOLF_CONF_SHA2_512 -----------*/
-#define WOLF_CONF_SHA2_512      0
+#define WOLF_CONF_SHA2_512      1
 
 /*---------- WOLF_CONF_SHA3 -----------*/
 #define WOLF_CONF_SHA3      0
@@ -119,8 +122,23 @@ extern "C" {
 /*---------- WOLF_CONF_TEST -----------*/
 #define WOLF_CONF_TEST      1
 
-/*---------- WOLF_CONF_PQM4 -----------*/
-#define WOLF_CONF_PQM4      0
+/*---------- WOLF_CONF_KYBER -----------*/
+#define WOLF_CONF_KYBER      0
+
+/*---------- WOLF_CONF_ARMASM -----------*/
+#define WOLF_CONF_ARMASM      1
+
+/*---------- WOLF_CONF_IO -----------*/
+#define WOLF_CONF_IO      1
+
+/*---------- WOLF_CONF_RESUMPTION -----------*/
+#define WOLF_CONF_RESUMPTION      0
+
+/*---------- WOLF_CONF_TPM -----------*/
+#define WOLF_CONF_TPM      0
+
+/*---------- WOLF_CONF_PK -----------*/
+#define WOLF_CONF_PK      0
 
 /* ------------------------------------------------------------------------- */
 /* Hardware platform */
@@ -163,12 +181,18 @@ extern "C" {
     #undef  NO_STM32_CRYPTO
     #define STM32_HAL_V2
     #define HAL_CONSOLE_UART huart3
+#elif defined(STM32H7S3xx)
+    #define WOLFSSL_STM32H7S
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32H753xx)
     #define WOLFSSL_STM32H7
     #undef  NO_STM32_HASH
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart3
-#elif defined(STM32H723xx)
+#elif defined(STM32H723xx) || defined(STM32H725xx) || defined(STM32H743xx)
     #define WOLFSSL_STM32H7
     #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
@@ -209,11 +233,14 @@ extern "C" {
     #define HAL_CONSOLE_UART huart2
     #define NO_STM32_RNG
     #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */
-#elif defined(STM32U575xx) || defined(STM32U585xx)
+#elif defined(STM32G491xx)
+    #define WOLFSSL_STM32G4
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx)
     #define HAL_CONSOLE_UART huart1
     #define WOLFSSL_STM32U5
     #define STM32_HAL_V2
-    #ifdef STM32U585xx
+    #if defined(STM32U585xx) || defined(STM32U5A9xx)
         #undef  NO_STM32_HASH
         #undef  NO_STM32_CRYPTO
         #define WOLFSSL_STM32_PKA
@@ -223,14 +250,22 @@ extern "C" {
     #define HAL_CONSOLE_UART huart3
     #define STM32_HAL_V2
     #undef  NO_STM32_HASH
-
+#elif defined(STM32MP135Fxx)
+    #define WOLFSSL_STM32MP13
+    #define HAL_CONSOLE_UART huart4
+    #define STM32_HAL_V2
+    #undef NO_STM32_HASH
+    #undef NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define WOLFSSL_STM32_PKA_V2
 #else
     #warning Please define a hardware platform!
     /* This means there is not a pre-defined platform for your board/CPU */
     /* You need to define a CPU type, HW crypto and debug UART */
     /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
         WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
-        WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
+        WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB, WOLFSSL_STM32U5 and
+        WOLFSSL_STM32MP13 */
     #define WOLFSSL_STM32F4
 
     /* Debug UART used for printf */
@@ -248,6 +283,7 @@ extern "C" {
     //#define STM32_HAL_V2
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Platform */
 /* ------------------------------------------------------------------------- */
@@ -255,12 +291,25 @@ extern "C" {
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
-#define WOLFSSL_USER_IO
-#define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
+#define WOLFSSL_WOLFSSH
+
 
 /* ------------------------------------------------------------------------- */
-/* Operating System */
+/* Network stack: 1=User IO (custom), 2=LWIP (posix), 3=LWIP (native) */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_IO) && WOLF_CONF_IO == 2
+    #define WOLFSSL_LWIP
+#elif defined(WOLF_CONF_IO) && WOLF_CONF_IO == 3
+    #define WOLFSSL_LWIP_NATIVE
+#else /* custom */
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_SOCK
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Operating System: 1=Bare-metal/Single threaded, 2=FREERTOS */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
@@ -268,22 +317,32 @@ extern "C" {
     #define SINGLE_THREADED
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
-/* 1=Fast (stack)
- * 2=Normal (heap)
- * 3=Single Precision C (only common curves/key sizes)
- * 4=Single Precision ASM Cortex-M3+
- * 5=Single Precision ASM Cortex-M0 (Generic Thumb)
- * 6=Single Precision C all small
- * 7=Single Precision C all big
+/* 1=Fast (stack)                      (tfm.c)
+ * 2=Normal (heap)                     (integer.c)
+ * 3-5=Single Precision: only common curves/key sizes:
+ *                   (ECC 256/384/521 and RSA/DH 2048/3072/4096)
+ *   3=Single Precision C              (sp_c32.c)
+ *   4=Single Precision ASM Cortex-M3+ (sp_cortexm.c)
+ *   5=Single Precision ASM Cortex-M0  (sp_armthumb.c)
+ * 6=Wolf multi-precision C small      (sp_int.c)
+ * 7=Wolf multi-precision C big        (sp_int.c)
  */
+
 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 1
     /* fast (stack) math - tfm.c */
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
 
+    #if !defined(NO_RSA) || !defined(NO_DH)
+        /* Maximum math bits (Max DH/RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
     /* Optimizations (TFM_ARM, TFM_ASM or none) */
     //#define TFM_NO_ASM
     //#define TFM_ASM
@@ -298,19 +357,26 @@ extern "C" {
     #endif
     #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
         #define WOLFSSL_HAVE_SP_RSA
+        //#define WOLFSSL_SP_NO_2048
+        //#define WOLFSSL_SP_NO_3072
+        //#define WOLFSSL_SP_4096
     #endif
     #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
         #define WOLFSSL_HAVE_SP_DH
     #endif
     #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
         #define WOLFSSL_HAVE_SP_ECC
+        //#define WOLFSSL_SP_NO_256
+        #define WOLFSSL_SP_384
+        //#define WOLFSSL_SP_521
     #endif
     #if WOLF_CONF_MATH == 6 || WOLF_CONF_MATH == 7
         #define WOLFSSL_SP_MATH_ALL /* use sp_int.c multi precision math */
+        //#define WOLFSSL_SP_ARM_THUMB /* enable ARM Thumb ASM speedups */
     #else
         #define WOLFSSL_SP_MATH    /* disable non-standard curves / key sizes */
     #endif
-    #define SP_WORD_SIZE 32
+    #define SP_WORD_SIZE 32 /* force 32-bit mode */
 
     /* Enable to put all math on stack (no heap) */
     //#define WOLFSSL_SP_NO_MALLOC
@@ -328,6 +394,7 @@ extern "C" {
     #endif
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
@@ -336,6 +403,8 @@ extern "C" {
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_ENCRYPT_THEN_MAC
 #define HAVE_EXTENDED_MASTER
+#define WOLFSSL_ASN_TEMPLATE
+#define HAVE_SNI
 
 #if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
     #define WOLFSSL_TLS13
@@ -344,6 +413,10 @@ extern "C" {
 #if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
     #define WOLFSSL_DTLS
 #endif
+#if defined(WOLF_CONF_DTLS13) && WOLF_CONF_DTLS13 == 1
+    #define WOLFSSL_DTLS13
+    #define WOLFSSL_SEND_HRR_COOKIE
+#endif
 #if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
     #define NO_PSK
 #endif
@@ -367,18 +440,23 @@ extern "C" {
 #endif
 
 /* TLS Session Cache */
-#if 0
+#if defined(WOLF_CONF_RESUMPTION) && WOLF_CONF_RESUMPTION == 1
     #define SMALL_SESSION_CACHE
+    #define HAVE_SESSION_TICKET
 #else
     #define NO_SESSION_CACHE
 #endif
 
-/* Post Quantum
- * Note: PQM4 is compatible with STM32. The project can be found at:
- * https://github.com/mupq/pqm4
- */
-#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
-    #define HAVE_PQM4
+/* TPM support */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_PUBLIC_MP
+    /* also AES CFB - enabled below */
+#endif
+
+/* TLS key callbacks */
+#if defined(WOLF_CONF_PK) && WOLF_CONF_PK == 1
+    #define HAVE_PK_CALLBACKS
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -387,12 +465,6 @@ extern "C" {
 /* RSA */
 #undef NO_RSA
 #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
-    #ifdef USE_FAST_MATH
-        /* Maximum math bits (Max RSA key bits * 2) */
-        #undef  FP_MAX_BITS
-        #define FP_MAX_BITS     4096
-    #endif
-
     /* half as much memory but twice as slow */
     #undef  RSA_LOW_MEM
     //#define RSA_LOW_MEM
@@ -420,7 +492,7 @@ extern "C" {
     //#define HAVE_ECC192
     //#define HAVE_ECC224
     #undef NO_ECC256
-    //#define HAVE_ECC384
+    #define HAVE_ECC384
     //#define HAVE_ECC521
 
     /* Fixed point cache (speeds repeated operations against same private key) */
@@ -446,8 +518,8 @@ extern "C" {
     //#define HAVE_COMP_KEY
 
     #ifdef USE_FAST_MATH
-        #ifdef NO_RSA
-            /* Custom fastmath size if not using RSA */
+        #if defined(NO_RSA) && defined(NO_DH)
+            /* Custom fastmath size if not using RSA/DH */
             /* MAX = ROUND32(ECC BITS) * 2 */
             #define FP_MAX_BITS     (256 * 2)
         #else
@@ -474,20 +546,31 @@ extern "C" {
 #endif
 
 /* AES */
-#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM >= 1
     #define HAVE_AESGCM
+    #define HAVE_AES_DECRYPT
+
     /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
     /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
-    #define GCM_SMALL
-    #define HAVE_AES_DECRYPT
+    #if WOLF_CONF_AESGCM == 2
+        #define GCM_TABLE_4BIT
+    #else
+        #define GCM_SMALL
+    #endif
 #endif
 
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
     #define HAVE_AES_CBC
     #define HAVE_AES_DECRYPT
+#else
+    #define NO_AES_CBC
 #endif
 
 /* Other possible AES modes */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#endif
+
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -516,7 +599,7 @@ extern "C" {
     #define HAVE_ED25519
 
     /* Optionally use small math (less flash usage, but much slower) */
-    #define CURVED25519_SMALL
+    //#define CURVED25519_SMALL
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -554,7 +637,7 @@ extern "C" {
     //#define USE_SLOW_SHA512
 
     #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+    #define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #endif
 
 /* Sha2-384 */
@@ -576,6 +659,54 @@ extern "C" {
     #define NO_MD5
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Post-Quantum Crypto */
+/* ------------------------------------------------------------------------- */
+/* NOTE: this is after the hashing section to override the potential SHA3 undef
+ * above. */
+#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
+    #undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+
+    #undef  WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_HAVE_KYBER
+
+    #undef  WOLFSSL_WC_KYBER
+    #define WOLFSSL_WC_KYBER
+
+    #undef  WOLFSSL_NO_SHAKE128
+    #undef  WOLFSSL_SHAKE128
+    #define WOLFSSL_SHAKE128
+
+    #undef  WOLFSSL_NO_SHAKE256
+    #undef  WOLFSSL_SHAKE256
+    #define WOLFSSL_SHAKE256
+
+    #undef  WOLFSSL_SHA3
+    #define WOLFSSL_SHA3
+#endif /* WOLF_CONF_KYBER */
+
+/* ------------------------------------------------------------------------- */
+/* Crypto Acceleration */
+/* ------------------------------------------------------------------------- */
+/* This enables inline assembly speedups for SHA2, SHA3, AES,
+ * ChaCha20/Poly1305 and Ed/Curve25519. These settings work for Cortex M4/M7
+ * and the source code is located in wolfcrypt/src/port/arm/
+ */
+#if defined(WOLF_CONF_ARMASM) && WOLF_CONF_ARMASM == 1
+    #define WOLFSSL_ARMASM
+    #define WOLFSSL_ARMASM_INLINE
+    #define WOLFSSL_ARMASM_NO_HW_CRYPTO
+    #define WOLFSSL_ARMASM_NO_NEON
+    #define WOLFSSL_ARMASM_THUMB2
+    #define WOLFSSL_ARM_ARCH 7
+    /* Disable H/W offloading if accelerating S/W crypto */
+    #undef  NO_STM32_HASH
+    #define NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define NO_STM32_CRYPTO
+#endif
+
 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
 /* ------------------------------------------------------------------------- */
@@ -584,6 +715,7 @@ extern "C" {
 #define USE_CERT_BUFFERS_2048
 #define USE_CERT_BUFFERS_256
 
+
 /* ------------------------------------------------------------------------- */
 /* Debugging */
 /* ------------------------------------------------------------------------- */
@@ -602,6 +734,7 @@ extern "C" {
     //#define NO_ERROR_STRINGS
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Port */
 /* ------------------------------------------------------------------------- */
@@ -610,6 +743,7 @@ extern "C" {
 /* Allows custom "custom_time()" function to be used for benchmark */
 #define WOLFSSL_USER_CURRTIME
 
+
 /* ------------------------------------------------------------------------- */
 /* RNG */
 /* ------------------------------------------------------------------------- */
@@ -622,6 +756,7 @@ extern "C" {
     #define WC_NO_RNG
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
 /* ------------------------------------------------------------------------- */
@@ -650,6 +785,8 @@ extern "C" {
 #define NO_RC4
 #define NO_MD4
 #define NO_DES3
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
@@ -664,6 +801,7 @@ extern "C" {
     #define NO_ASN_TIME
 #endif
 
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/examples/configs/user_settings_template.h b/examples/configs/user_settings_template.h
index f8673fab3..bbd47b1bf 100644
--- a/examples/configs/user_settings_template.h
+++ b/examples/configs/user_settings_template.h
@@ -1,6 +1,6 @@
 /* user_settings_template.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -354,6 +354,7 @@ extern "C" {
 
     /* prototypes for user heap override functions */
     /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
     #include <stddef.h>  /* for size_t */
     extern void *myMalloc(size_t n, void* heap, int type);
     extern void myFree(void *p, void* heap, int type);
diff --git a/examples/configs/user_settings_tls12.h b/examples/configs/user_settings_tls12.h
new file mode 100644
index 000000000..69a7b95b8
--- /dev/null
+++ b/examples/configs/user_settings_tls12.h
@@ -0,0 +1,158 @@
+/* user_settings_tls12.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example for TLS v1.2 client only, ECC only, AES GCM only, SHA2-256 only */
+/* Derived using:
+ * ./configure --disable-rsa --disable-dh --disable-tls13 --disable-chacha \
+ *     --disable-poly1305 --disable-sha224 --disable-sha --disable-md5
+ * From generated wolfssl/options.h
+ * Build and Test using:
+ * ./configure --enable-usersettings --disable-examples
+ * make
+ * ./wolfcrypt/test/testwolfcrypt
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+/* Use the SetIO callbacks, not the internal wolfio.c socket code */
+#define WOLFSSL_USER_IO
+#define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
+//#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
+#define NO_FILESYSTEM
+#define NO_WRITEV
+#define NO_SIG_WRAPPER
+
+/* ------------------------------------------------------------------------- */
+/* Math */
+/* ------------------------------------------------------------------------- */
+/* Math Options */
+#if 1 /* Single-precision (SP) wolf math - ECC only */
+    #define WOLFSSL_HAVE_SP_ECC   /* use sp_c32.c for math */
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_SP_MATH       /* only SP math - eliminates fast math code */
+    /* optional Cortex-M3+ speedup with inline assembly */
+    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#elif 1
+    /* Multi-precision wolf math */
+    #define WOLFSSL_SP_MATH_ALL   /* use sp_int.c generic math */
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+#else
+    /* Fast Math - tfm.c */
+    #define USE_FAST_MATH
+    #define TFM_TIMING_RESISTANT
+    #define WOLFSSL_NO_ASM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* TLS */
+/* ------------------------------------------------------------------------- */
+/* Enable TLS v1.2 (on by default) */
+#undef  WOLFSSL_NO_TLS12
+/* Disable TLS server code */
+#define NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_CLIENT
+/* Disable TLS v1.3 code */
+#undef  WOLFSSL_TLS13
+/* Disable older TLS version prior to 1.2 */
+#define NO_OLD_TLS
+
+/* Enable default TLS extensions */
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_EXTENDED_MASTER
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_SERVER_RENEGOTIATION_INFO
+//#define HAVE_SNI /* optional Server Name Indicator (SNI) */
+
+/* ASN */
+#define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */
+
+/* Disable Features */
+#define NO_SESSION_CACHE /* disable session resumption */
+#define NO_PSK /* pre-shared-key support */
+
+/* ------------------------------------------------------------------------- */
+/* Algorithms */
+/* ------------------------------------------------------------------------- */
+/* RNG */
+#define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
+
+/* Enable ECC */
+#define HAVE_ECC
+#define ECC_USER_CURVES      /* Enable only ECC curves specific */
+#undef  NO_ECC256            /* Enable SECP256R1 only (on by default) */
+#define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
+/* Optional ECC calculation speed improvement if not using SP implementation */
+//#define ECC_SHAMIR
+
+/* Enable SHA2-256 only (on by default) */
+#undef NO_SHA256
+//#define USE_SLOW_SHA256 /* Reduces code size by not partially unrolling */
+
+/* Enable AES GCM only */
+#define HAVE_AESGCM
+#define GCM_SMALL /* use small GHASH table */
+#define NO_AES_CBC /* Disable AES CBC */
+
+/* Optional Features */
+//#define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */
+
+
+/* Disable Algorithms */
+#define NO_RSA
+#define NO_DH
+#define NO_SHA
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+#define NO_DES3
+#define NO_PWDBASED
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 0
+    #define DEBUG_WOLFSSL
+#else
+    #if 1
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h
index ee283710b..7c921390a 100644
--- a/examples/configs/user_settings_wolfboot_keytools.h
+++ b/examples/configs/user_settings_wolfboot_keytools.h
@@ -4,7 +4,7 @@
  * Enabled via WOLFSSL_USER_SETTINGS.
  *
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,6 @@
 #define WOLFSSL_SHAKE256
 
 /* RSA */
-#define HAVE_RSA
 #define WOLFSSL_HAVE_SP_RSA
 #define WC_RSA_BLINDING
 #define WOLFSSL_KEY_GEN
@@ -86,7 +85,7 @@
 #define NO_RABBIT
 #define NO_MD5
 #define NO_SIG_WRAPPER
-#define NO_CERT
+#define NO_CERTS
 #define NO_SESSION_CACHE
 #define NO_HC128
 #define NO_DES3
diff --git a/examples/configs/user_settings_wolfssh.h b/examples/configs/user_settings_wolfssh.h
new file mode 100644
index 000000000..23b1fda94
--- /dev/null
+++ b/examples/configs/user_settings_wolfssh.h
@@ -0,0 +1,214 @@
+/* user_settings_wolfssh.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* To use the rename file to user_settings.h and define WOLFSSL_USER_SETTINGS */
+
+/* Started from the following configure and hand tuned, organized and commented:
+./configure --enable-wolfssh --enable-sp=small --enable-sp-math \
+--disable-sp-asm --disable-asm --disable-sys-ca-certs --enable-aesgcm=small \
+--enable-cryptonly --disable-sha3 --disable-chacha --disable-poly1305 \
+--disable-md5 --disable-error-queue-per-thread --disable-pkcs12 \
+--disable-errorstrings --disable-sni --disable-sha224
+make
+*/
+
+/* Tested using:
+cp ./examples/configs/user_settings_wolfssh.h user_settings.h
+cp ./examples/configs/user_settings_wolfssh.h ../wolfSSH/user_settings.h
+
+wolfSSL:
+./configure --enable-usersettings --disable-examples CFLAGS="-Os"
+make
+sudo make install
+
+wolfSSH:
+./configure --enable-scp --disable-shared --disable-term \
+    CFLAGS="-DWOLFSSL_USER_SETTINGS -Os"
+make
+*/
+
+#ifndef WOLFSSL_USER_SETTINGS_SSH_H
+#define WOLFSSL_USER_SETTINGS_SSH_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* #define USE_LOW_RESOURCE */
+
+/* Platform */
+#ifdef USE_LOW_RESOURCE
+    /* Threading and filesystem required for wolfSSH tests \
+     * Can be set for wolfSSH library only use */
+    #define SINGLE_THREADED
+    #define NO_FILESYSTEM
+    #define BENCH_EMBEDDED
+#endif
+
+/* Features */
+#define WOLFSSL_WOLFSSH
+#if 1
+    #define WOLFCRYPT_ONLY /* no TLS */
+#endif
+#define HAVE_HASHDRBG
+#define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_PUBLIC_MP
+#ifndef USE_LOW_RESOURCE
+    #define WOLFSSL_BASE64_ENCODE
+#endif
+
+#ifndef WOLFCRYPT_ONLY
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define HAVE_ENCRYPT_THEN_MAC
+#endif
+
+/* Timing Resistance */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+/* Asymmetric */
+#if 1 /* RSA - PKCS1v1.5 */
+    #undef NO_RSA
+    #define WC_NO_RSA_OAEP /* SSH does not use OAEP */
+
+    #ifdef USE_LOW_RESOURCE
+        #define RSA_LOW_MEM
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+#if 1 /* DH */
+    /* RFC 4253 requires "DH w/SHA-1"
+     * RFC 9142 requires "diffie-hellman-group14-sha256"
+     */
+    #undef NO_DH
+    #ifndef WOLFCRYPT_ONLY
+        #define HAVE_DH_DEFAULT_PARAMS
+        #define HAVE_FFDHE_2048
+    #endif
+#else
+    #define NO_DH
+#endif
+#if 1 /* ECC */
+    #define HAVE_ECC
+    #ifndef USE_LOW_RESOURCE /* optional ECC SHAMIR speedup */
+        #define ECC_SHAMIR
+    #endif
+    #define ECC_USER_CURVES
+    #ifndef USE_LOW_RESOURCE
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+    #endif
+#endif
+
+/* Symmetric AES CBC/GCM */
+#undef NO_AES_CBC
+#if 1 /* GCM */
+    #define HAVE_AESGCM
+    #define GCM_SMALL
+#endif
+#ifdef USE_LOW_RESOURCE
+    #define WOLFSSL_AES_SMALL_TABLES
+#endif
+
+/* Hashing SHA-1/SHA2-256 */
+#undef NO_SHA
+#undef NO_SHA256
+#ifdef USE_LOW_RESOURCE
+    #define USE_SLOW_SHA
+    #define USE_SLOW_SHA256
+#endif
+#if 0
+    #define WOLFSSL_SHA384
+    #define WOLFSSL_SHA512
+    #ifdef USE_LOW_RESOURCE
+        #define USE_SLOW_SHA512
+    #endif
+#endif
+
+
+/* Math */
+/* Multi Precision (MP): Enable support for uncommon key sizes / curves */
+#if 0
+    #define WOLFSSL_SP_MATH_ALL
+#endif
+
+/* Single Precision (SP) Math */
+#define WOLFSSL_SP_MATH
+#define WOLFSSL_SP_SMALL
+
+#if !defined(NO_RSA) || !defined(NO_DH)
+    #undef WOLFSSL_SP_NO_2048 /* 2048-bit */
+    #ifdef USE_LOW_RESOURCE
+        #define WOLFSSL_SP_NO_3072 /* 3072-bit */
+    #else
+        #undef WOLFSSL_SP_NO_3072 /* 3072-bit */
+        #define WOLFSSL_SP_4096   /* 4096-bit */
+    #endif
+
+    #ifndef NO_RSA
+        #define WOLFSSL_HAVE_SP_RSA
+    #endif
+    #ifndef NO_DH
+        #define WOLFSSL_HAVE_SP_DH
+    #endif
+#endif
+#ifdef HAVE_ECC
+    #define WOLFSSL_HAVE_SP_ECC
+
+    #undef WOLFSSL_SP_NO_256 /* 256-bit */
+    #ifdef HAVE_ECC384
+        #define WOLFSSL_SP_384 /* 384-bit */
+    #endif
+    #ifdef HAVE_ECC521
+        #define WOLFSSL_SP_521 /* 521-bit */
+    #endif
+#endif
+
+/* Disable Algorithms */
+#define NO_DSA
+#define NO_DES3
+#define NO_MD4
+#define NO_MD5
+#define NO_RC4
+#define NO_PSK
+#define NO_PKCS12
+#define NO_PWDBASED
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+/* Disable Features */
+#define NO_ERROR_STRINGS
+#define WC_NO_ASYNC_THREADING
+#define NO_DES3_TLS_SUITES
+#define NO_OLD_TLS
+#define WOLFSSL_NO_TLS12
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_USER_SETTINGS_SSH_H */
diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h
index 679721130..229b33d14 100644
--- a/examples/configs/user_settings_wolftpm.h
+++ b/examples/configs/user_settings_wolftpm.h
@@ -1,6 +1,6 @@
 /* user_settings_wolftpm.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -131,7 +131,7 @@ extern "C" {
 #else
     #define NO_RSA
 #endif
-#ifndef USE_LOW_RESOURCE /* ECC */
+#if 1 /* ECC - needed for encrypt ECC salt */
     #define HAVE_ECC
     #define ECC_USER_CURVES /* default to only SECP256R1 */
 #endif
diff --git a/examples/crypto_policies/default/wolfssl.txt b/examples/crypto_policies/default/wolfssl.txt
new file mode 100644
index 000000000..ffecfdc32
--- /dev/null
+++ b/examples/crypto_policies/default/wolfssl.txt
@@ -0,0 +1 @@
+@SECLEVEL=2:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK:!RC4:!eNULL:!aNULL
diff --git a/examples/crypto_policies/future/wolfssl.txt b/examples/crypto_policies/future/wolfssl.txt
new file mode 100644
index 000000000..a8f4a6066
--- /dev/null
+++ b/examples/crypto_policies/future/wolfssl.txt
@@ -0,0 +1 @@
+@SECLEVEL=3:EECDH:EDH:PSK:DHEPSK:ECDHEPSK:!RSAPSK:!kRSA:!AES128:!RC4:!eNULL:!aNULL:!SHA1
diff --git a/examples/crypto_policies/legacy/wolfssl.txt b/examples/crypto_policies/legacy/wolfssl.txt
new file mode 100644
index 000000000..75781383f
--- /dev/null
+++ b/examples/crypto_policies/legacy/wolfssl.txt
@@ -0,0 +1 @@
+@SECLEVEL=1:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK:!eNULL:!aNULL
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index 662aca0f1..269962bce 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -1,6 +1,6 @@
 /* echoclient.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,12 +24,20 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
-/* let's use cyassl layer AND cyassl openssl layer */
-#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#include <wolfssl/ssl.h>
 
 /* Force enable the compatibility macros for this example */
+#undef TEST_OPENSSL_COEXIST
+#undef OPENSSL_COEXIST
+#ifndef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+#include <wolfssl/ssl.h>
+
 #ifdef WOLFSSL_DTLS
     #include <wolfssl/error-ssl.h>
 #endif
@@ -45,14 +53,11 @@
 
 #include <wolfssl/test.h>
 
-#ifndef OPENSSL_EXTRA_X509_SMALL
-#define OPENSSL_EXTRA_X509_SMALL
-#endif
 #include <wolfssl/openssl/ssl.h>
 
 #include <examples/echoclient/echoclient.h>
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 
 
 #ifdef NO_FILESYSTEM
@@ -248,16 +253,16 @@ void echoclient_test(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = SSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "SSL_connect error %d, %s\n", err,
-            ERR_error_string(err, buffer));
+            ERR_error_string((unsigned long)err, buffer));
         err_sys("SSL_connect failed");
     }
 
@@ -271,16 +276,16 @@ void echoclient_test(void* args)
             if (ret <= 0) {
                 err = SSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != sendSz) {
             fprintf(stderr, "SSL_write msg error %d, %s\n", err,
-                ERR_error_string(err, buffer));
+                ERR_error_string((unsigned long)err, buffer));
             err_sys("SSL_write failed");
         }
 
@@ -306,13 +311,13 @@ void echoclient_test(void* args)
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret > 0) {
                 reply[ret] = 0;
                 LIBCALL_CHECK_RET(fputs(reply, fout));
@@ -320,7 +325,9 @@ void echoclient_test(void* args)
                 sendSz -= ret;
             }
 #ifdef WOLFSSL_DTLS
-            else if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+            else if (wolfSSL_dtls(ssl) &&
+                     err == WC_NO_ERR_TRACE(DECRYPT_ERROR))
+            {
                 /* This condition is OK. The packet should be dropped
                  * silently when there is a decrypt or MAC error on
                  * a DTLS record. */
@@ -329,7 +336,7 @@ void echoclient_test(void* args)
 #endif
             else {
                 fprintf(stderr, "SSL_read msg error %d, %s\n", err,
-                    ERR_error_string(err, buffer));
+                    ERR_error_string((unsigned long)err, buffer));
                 err_sys("SSL_read failed");
             }
         }
@@ -346,13 +353,13 @@ void echoclient_test(void* args)
         if (ret <= 0) {
             err = SSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
 #else
     SSL_shutdown(ssl);
 #endif
@@ -374,7 +381,7 @@ void echoclient_test(void* args)
     ((func_args*)args)->return_code = 0;
 }
 
-#endif /* !NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
 
 /* so overall tests can pull in test function */
 #ifndef NO_MAIN_DRIVER
@@ -401,7 +408,7 @@ void echoclient_test(void* args)
 #ifndef WOLFSSL_TIRTOS
         ChangeToWolfRoot();
 #endif
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
         echoclient_test(&args);
 #endif
 
diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h
index 23c4597c3..21ae0d0d6 100644
--- a/examples/echoclient/echoclient.h
+++ b/examples/echoclient/echoclient.h
@@ -1,6 +1,6 @@
 /* echoclient.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 9fa8aad0f..68eb81b1d 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{8362A816-C5DC-4E22-B5C5-9E6806387073}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoclient.c" />
   </ItemGroup>
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index c6afdcb09..7c8806138 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -1,6 +1,6 @@
 /* echoserver.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,14 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h> /* name change portability layer */
 #include <wolfssl/wolfcrypt/settings.h>
 #ifdef HAVE_ECC
@@ -48,7 +56,7 @@
 
 #include "examples/echoserver/echoserver.h"
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
 #ifdef NO_FILESYSTEM
 #ifdef NO_RSA
@@ -341,16 +349,16 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "SSL_accept error = %d, %s\n", err,
-                wolfSSL_ERR_error_string(err, buffer));
+                wolfSSL_ERR_error_string((unsigned long)err, buffer));
             fprintf(stderr, "SSL_accept failed\n");
             wolfSSL_free(ssl);
             CloseSocket(clientfd);
@@ -381,17 +389,17 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 if (ret <= 0) {
                     err = wolfSSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0) {
                 if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
                     fprintf(stderr, "SSL_read echo error %d, %s!\n", err,
-                        wolfSSL_ERR_error_string(err, buffer));
+                        wolfSSL_ERR_error_string((unsigned long)err, buffer));
                 }
                 break;
             }
@@ -444,16 +452,16 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                     if (ret <= 0) {
                         err = wolfSSL_get_error(write_ssl, 0);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_PENDING_E) {
+                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
                             if (ret < 0) break;
                         }
                     #endif
                     }
-                } while (err == WC_PENDING_E);
+                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
                 if (ret != echoSz) {
                     fprintf(stderr, "SSL_write get error = %d, %s\n", err,
-                        wolfSSL_ERR_error_string(err, buffer));
+                        wolfSSL_ERR_error_string((unsigned long)err, buffer));
                     err_sys("SSL_write get failed");
                 }
                 break;
@@ -470,17 +478,17 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 if (ret <= 0) {
                     err = wolfSSL_get_error(write_ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
 
             if (ret != echoSz) {
                 fprintf(stderr, "SSL_write echo error = %d, %s\n", err,
-                        wolfSSL_ERR_error_string(err, buffer));
+                        wolfSSL_ERR_error_string((unsigned long)err, buffer));
                 err_sys("SSL_write echo failed");
             }
         }
@@ -528,7 +536,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
     WOLFSSL_RETURN_FROM_THREAD(0);
 }
 
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
 
 
 /* so overall tests can pull in test function */
@@ -554,7 +562,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
         wolfSSL_Debugging_ON();
 #endif
         ChangeToWolfRoot();
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
         echoserver_test(&args);
 #endif
         wolfSSL_Cleanup();
diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h
index a73c549ea..b4e8cc17a 100644
--- a/examples/echoserver/echoserver.h
+++ b/examples/echoserver/echoserver.h
@@ -1,6 +1,6 @@
 /* echoserver.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index 28bd2a836..68c4f1680 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{07D97C48-E08F-4E34-9F67-3064039FF2CB}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -110,6 +154,12 @@
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+    <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoserver.c" />
   </ItemGroup>
diff --git a/examples/pem/pem.c b/examples/pem/pem.c
index 61d7e1aee..3347314b6 100644
--- a/examples/pem/pem.c
+++ b/examples/pem/pem.c
@@ -1,6 +1,6 @@
 /* pem.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,7 +100,7 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
     word32 len = 0;
     size_t read_len;
     /* Allocate a minimum amount. */
-    unsigned char* data = (unsigned char*)malloc(DATA_INC_LEN + BLOCK_SIZE_MAX);
+    unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN + BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (data != NULL) {
         /* Read more data. */
@@ -116,19 +116,17 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             }
 
             /* Make space for more data to be added to buffer. */
-            p = (unsigned char*)realloc(data, len + DATA_INC_LEN +
-                BLOCK_SIZE_MAX);
+            p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN +
+                BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (p == NULL) {
                 /* Reallocation failed - free current buffer. */
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 data = NULL;
                 break;
             }
             /* Set data to new pointer. */
             data = p;
         }
-        /* Done with file. */
-        fclose(fp);
     }
 
     if (data != NULL) {
@@ -161,8 +159,6 @@ static int WriteFile(FILE* fp, const char* data, word32 len)
        fprintf(stderr, "Failed to write\n");
        ret = 1;
     }
-    /* Close file. */
-    fclose(fp);
 
     return ret;
 }
@@ -294,8 +290,8 @@ static int FindPem(char* data, word32 offset, word32 len, word32* start,
     word32* end, int* type)
 {
     int ret = 0;
-    word32 i;
-    word32 type_off;
+    word32 i = 0;
+    word32 type_off = 0;
     char str[PEM_TYPE_MAX_LEN];
 
     /* Find header. */
@@ -555,7 +551,7 @@ static int EncryptDer(unsigned char* in, word32 in_len, char* password,
         ret = wc_CreateEncryptedPKCS8Key(in, in_len, NULL, enc_len, password,
             (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz,
             (int)iterations, &rng, NULL);
-        if (ret == LENGTH_ONLY_E) {
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             ret = 0;
         }
         else if (ret == 0) {
@@ -564,7 +560,7 @@ static int EncryptDer(unsigned char* in, word32 in_len, char* password,
     }
     if (ret == 0) {
         /* Allocate memory for encrypted DER data. */
-        *enc = (unsigned char*)malloc(*enc_len);
+        *enc = (unsigned char*)XMALLOC(*enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (*enc == NULL) {
             ret = 1;
         }
@@ -617,7 +613,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
     }
     if ((ret == 0) && (pem_len > 0)) {
         /* Allocate memory to hold PEM encoding. */
-        pem = (unsigned char*)malloc(pem_len);
+        pem = (unsigned char*)XMALLOC(pem_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
             ret = 1;
         }
@@ -628,7 +624,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
             type);
         if (ret <= 0) {
             fprintf(stderr, "Could not convert DER to PEM\n");
-            free(pem);
+            XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         if (ret > 0) {
             *out = pem;
@@ -766,7 +762,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No type string provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             type_str = argv[0];
         }
@@ -776,12 +773,19 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
+            }
+            if (in_file != stdin) {
+                fprintf(stderr, "At most one input file can be supplied.\n");
+                ret = 1;
+                goto out;
             }
             in_file = fopen(argv[0], "r");
             if (in_file == NULL) {
                 fprintf(stderr, "File not able to be read: %s\n", argv[0]);
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* Name of output file. */
@@ -790,7 +794,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             out_name = argv[0];
         }
@@ -801,7 +806,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             offset = (word32)strtoul(argv[0], NULL, 10);
         }
@@ -813,7 +819,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No password provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             info.passwd_cb = password_from_userdata;
             info.passwd_userdata = argv[0];
@@ -842,10 +849,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE version provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbeVer(argv[0], &pbe_ver) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* PBE algorithm. */
@@ -855,10 +864,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbe(argv[0], &pbe) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* PBES2 algorithm. */
@@ -868,10 +879,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE algorithm provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbeAlg(argv[0], &pbe_alg) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* Number of PBE iterations. */
@@ -881,7 +894,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             iterations = (unsigned int)strtoul(argv[0], NULL, 10);
         }
@@ -892,13 +906,15 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No salt size provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             salt_sz = (unsigned int)strtoul(argv[0], NULL, 10);
             if (salt_sz > SALT_MAX_LEN) {
                 fprintf(stderr, "Salt size must be no bigger than %d: %d\n",
                     SALT_MAX_LEN, salt_sz);
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
 #endif /* WOLFSSL_ENCRYPTED_KEYS !NO_PWDBASED */
@@ -914,12 +930,14 @@ int main(int argc, char* argv[])
         else if ((strcmp(argv[0], "-?") == 0) ||
                  (strcmp(argv[0], "--help") == 0)) {
             Usage();
-            return 0;
+            ret = 0;
+            goto out;
         }
         else {
             fprintf(stderr, "Bad option: %s\n", argv[0]);
             Usage();
-            return 1;
+            ret = 1;
+            goto out;
         }
 
         /* Move on to next command line argument. */
@@ -1001,25 +1019,33 @@ int main(int argc, char* argv[])
         }
     }
 
+out:
     /* Dispose of allocated data. */
     if (der != NULL) {
         wc_FreeDer(&der);
     }
     else if (out != NULL) {
-        free(out);
+        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
     !defined(NO_PWDBASED)
     if (enc != NULL) {
-        free(enc);
+        XFREE(enc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif
     if (in != NULL) {
-        free(in);
+        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (ret < 0) {
         fprintf(stderr, "%s\n", wc_GetErrorString(ret));
     }
+
+    if ((in_file != stdin) && (in_file != NULL))
+        (void)fclose(in_file);
+
+    if ((out_file != stdout) && (out_file != NULL))
+        (void)fclose(out_file);
+
     return (ret == 0) ? 0 : 1;
 }
 
diff --git a/examples/sctp/sctp-client-dtls.c b/examples/sctp/sctp-client-dtls.c
index d38f5579a..a2d103292 100644
--- a/examples/sctp/sctp-client-dtls.c
+++ b/examples/sctp/sctp-client-dtls.c
@@ -1,6 +1,6 @@
 /* sctp-client-dtls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
 /* wolfssl */
 #ifndef WOLFSSL_USER_SETTINGS
diff --git a/examples/sctp/sctp-client.c b/examples/sctp/sctp-client.c
index fdabe43c4..46cc0a50c 100644
--- a/examples/sctp/sctp-client.c
+++ b/examples/sctp/sctp-client.c
@@ -1,6 +1,6 @@
 /* sctp-client.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef WOLFSSL_USER_SETTINGS
     #include <wolfssl/options.h>
 #endif
diff --git a/examples/sctp/sctp-server-dtls.c b/examples/sctp/sctp-server-dtls.c
index c02522f20..a6335c5f2 100644
--- a/examples/sctp/sctp-server-dtls.c
+++ b/examples/sctp/sctp-server-dtls.c
@@ -1,6 +1,6 @@
 /* sctp-server-dtls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* wolfssl */
 #ifndef WOLFSSL_USER_SETTINGS
     #include <wolfssl/options.h>
diff --git a/examples/sctp/sctp-server.c b/examples/sctp/sctp-server.c
index 3f8f6d803..fb335f779 100644
--- a/examples/sctp/sctp-server.c
+++ b/examples/sctp/sctp-server.c
@@ -1,6 +1,6 @@
 /* sctp-server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef WOLFSSL_USER_SETTINGS
     #include <wolfssl/options.h>
 #endif
diff --git a/examples/server/server.c b/examples/server/server.c
index c88f37594..2f093d161 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -1,6 +1,6 @@
 /* server.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,6 +33,15 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
+/* Force enable the compatibility macros for this example */
+#ifndef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+#endif
+#include <wolfssl/openssl/ssl.h>
+
+#undef OPENSSL_EXTRA_X509_SMALL
 #include <wolfssl/ssl.h> /* name change portability layer */
 
 #ifdef HAVE_ECC
@@ -64,15 +73,9 @@ static const char *wolfsentry_config_path = NULL;
 #include <wolfssl/test.h>
 #include <wolfssl/error-ssl.h>
 
-/* Force enable the compatibility macros for this example */
-#ifndef OPENSSL_EXTRA_X509_SMALL
-#define OPENSSL_EXTRA_X509_SMALL
-#endif
-#include <wolfssl/openssl/ssl.h>
-
 #include "examples/server/server.h"
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
 #if defined(WOLFSSL_TLS13) && ( \
        defined(HAVE_ECC) \
@@ -262,7 +265,8 @@ static WC_INLINE int PeekSeq(const char* buf, word32* seq)
     const char* c = buf + 3;
 
     if ((c[0] | c[1] | c[2] | c[3]) == 0) {
-        *seq = (c[4] << 24) | (c[5] << 16) | (c[6] << 8) | c[7];
+        *seq = ((word32)c[4] << 24) | ((word32)c[5] << 16) |
+                ((word32)c[6] << 8) | (word32)c[7];
         return 1;
     }
 
@@ -292,8 +296,8 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
         }
     }
 
-    sent = (int)sendto(sd, buf, sz, 0, (const SOCKADDR*)&dtlsCtx->peer.sa,
-                                                             dtlsCtx->peer.sz);
+    sent = (int)sendto(sd, buf, (size_t)sz, 0,
+                        (const SOCKADDR*)&dtlsCtx->peer.sa, dtlsCtx->peer.sz);
 
     sent = TranslateReturnCode(sent, sd);
 
@@ -341,7 +345,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
     while (ret != WOLFSSL_SUCCESS &&
         (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
     )) {
         if (error == WOLFSSL_ERROR_WANT_READ) {
@@ -352,7 +356,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         }
 
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (error == WC_PENDING_E) {
+        if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) break;
         }
@@ -377,7 +381,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
             || (select_ret == TEST_ERROR_READY)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             #ifndef WOLFSSL_CALLBACKS
@@ -419,7 +423,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
     size_t xfer_bytes = 0;
     char* buffer;
 
-    buffer = (char*)malloc(block);
+    buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!buffer) {
         err_sys_ex(runWithErrors, "Server buffer malloc failed");
     }
@@ -431,7 +435,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
         if (select_ret == TEST_RECV_READY) {
 
             if (throughput)
-                len = min(block, (int)(throughput - xfer_bytes));
+                len = (int)min((word32)block, (word32)(throughput - xfer_bytes));
             else
                 len = block;
             rx_pos = 0;
@@ -446,22 +450,23 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                     else
                 #endif
                     if (err != WOLFSSL_ERROR_WANT_READ &&
-                                             err != WOLFSSL_ERROR_WANT_WRITE &&
-                                             err != WOLFSSL_ERROR_ZERO_RETURN &&
-                                             err != APP_DATA_READY) {
+                        err != WOLFSSL_ERROR_WANT_WRITE &&
+                        err != WOLFSSL_ERROR_ZERO_RETURN &&
+                        err != WC_NO_ERR_TRACE(APP_DATA_READY))
+                    {
                         LOG_ERROR("SSL_read echo error %d\n", err);
                         err_sys_ex(runWithErrors, "SSL_read failed");
                         break;
                     }
                     if (err == WOLFSSL_ERROR_ZERO_RETURN) {
-                        free(buffer);
+                        XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         return WOLFSSL_ERROR_ZERO_RETURN;
                     }
                 }
@@ -479,18 +484,18 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
             /* Write data */
             do {
                 err = 0; /* reset error */
-                ret = SSL_write(ssl, buffer, min(len, rx_pos));
+                ret = SSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos));
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
-            if (ret != (int)min(len, rx_pos)) {
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+            if (ret != (int)min((word32)len, (word32)rx_pos)) {
                 LOG_ERROR("SSL_write echo error %d\n", err);
                 err_sys_ex(runWithErrors, "SSL_write failed");
             }
@@ -499,11 +504,11 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                 tx_time += current_time(0) - start;
             }
 
-            xfer_bytes += len;
+            xfer_bytes += (size_t)len;
         }
     }
 
-    free(buffer);
+    XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (throughput) {
 #ifdef __MINGW32__
@@ -513,14 +518,19 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
 #define SIZE_FMT "%zu"
 #define SIZE_TYPE size_t
 #endif
-        printf(
-            "wolfSSL Server Benchmark " SIZE_FMT " bytes\n"
-            "\tRX      %8.3f ms (%8.3f MBps)\n"
-            "\tTX      %8.3f ms (%8.3f MBps)\n",
-            (SIZE_TYPE)throughput,
-            rx_time * 1000, throughput / rx_time / 1024 / 1024,
-            tx_time * 1000, throughput / tx_time / 1024 / 1024
-        );
+        if (rx_time > 0.0 && tx_time > 0.0) {
+            printf(
+                "wolfSSL Server Benchmark " SIZE_FMT " bytes\n"
+                "\tRX      %8.3f ms (%8.3f MBps)\n"
+                "\tTX      %8.3f ms (%8.3f MBps)\n",
+                (SIZE_TYPE)throughput,
+                (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024,
+                (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024
+            );
+        }
+        else {
+            printf("Invalid rx_time: %f or tx_time: %f\n", rx_time, tx_time);
+        }
     }
 
     return 0;
@@ -539,7 +549,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             err = SSL_get_error(ssl, ret);
 
         #ifdef HAVE_SECURE_RENEGOTIATION
-            if (err == APP_DATA_READY) {
+            if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                 /* If we receive a message during renegotiation
                  * then just print it. We return the message sent
                  * after the renegotiation. */
@@ -557,14 +567,14 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             }
         #endif
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
             else
         #endif
         #ifdef WOLFSSL_DTLS
-            if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+            if (wolfSSL_dtls(ssl) && err == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
                 LOG_ERROR("Dropped client's message due to a bad MAC\n");
             }
             else
@@ -573,11 +583,11 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
                     && err != WOLFSSL_ERROR_WANT_WRITE /* Can happen during
                                                         * handshake */
         #ifdef HAVE_SECURE_RENEGOTIATION
-                    && err != APP_DATA_READY
+                    && err != WC_NO_ERR_TRACE(APP_DATA_READY)
         #endif
             ) {
                 LOG_ERROR("SSL_read input error %d, %s\n", err,
-                                                 ERR_error_string(err, buffer));
+                                                 ERR_error_string((unsigned long)err, buffer));
                 err_sys_ex(runWithErrors, "SSL_read failed");
             }
         }
@@ -589,14 +599,14 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             #endif
             do {
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
                 ret = wolfSSL_peek(ssl, buffer, 0);
                 err = SSL_get_error(ssl, ret);
-            } while (err == WC_PENDING_E
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)
                 || err == WOLFSSL_ERROR_WANT_READ
                 || err == WOLFSSL_ERROR_WANT_WRITE);
             if (err < 0) {
@@ -605,7 +615,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             if (wolfSSL_pending(ssl))
                 err = WOLFSSL_ERROR_WANT_READ;
         }
-    } while (err == WC_PENDING_E
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)
              || err == WOLFSSL_ERROR_WANT_READ
              || err == WOLFSSL_ERROR_WANT_WRITE);
     if (ret > 0) {
@@ -635,7 +645,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
             err = SSL_get_error(ssl, 0);
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
@@ -646,11 +656,12 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
             len = (outputLen -= ret);
             err = WOLFSSL_ERROR_WANT_WRITE;
         }
-    } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+             err == WOLFSSL_ERROR_WANT_WRITE);
     if (ret != outputLen) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
         LOG_ERROR("SSL_write msg error %d, %s\n", err,
-                                                 ERR_error_string(err, buffer));
+                                                 ERR_error_string((unsigned long)err, buffer));
         err_sys_ex(runWithErrors, "SSL_write failed");
     }
 }
@@ -678,12 +689,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X25519;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x25519");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (useX448) {
@@ -693,35 +704,141 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X448;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x448");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (usePqc == 1) {
     #ifdef HAVE_PQC
             groups[count] = 0;
+    #ifndef WOLFSSL_NO_ML_KEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_1024;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_P256_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_P384_ML_KEM_768;
+            }
+            else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_P256_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_P521_ML_KEM_1024;
+            }
+            else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_P384_ML_KEM_1024;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_X25519_ML_KEM_512;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_X25519_ML_KEM_768;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_X448_ML_KEM_768;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_NO_ML_KEM */
+    #ifdef WOLFSSL_KYBER_ORIGINAL
+        #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
                 groups[count] = WOLFSSL_P384_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
+            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) {
+                groups[count] = WOLFSSL_P256_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_P521_KYBER_LEVEL5;
             }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) {
+                groups[count] = WOLFSSL_X25519_KYBER_LEVEL1;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) {
+                groups[count] = WOLFSSL_X25519_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) {
+                groups[count] = WOLFSSL_X448_KYBER_LEVEL3;
+            }
+            else
+        #endif
+    #endif
+            {
+                err_sys("invalid post-quantum KEM specified");
+            }
 
             if (groups[count] == 0) {
                 err_sys("invalid post-quantum KEM specified");
@@ -746,24 +863,24 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SECP256R1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve secp256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #elif defined(WOLFSSL_SM2)
             do {
                 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1);
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SM2P256V1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve sm2p256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
     #endif
         }
@@ -775,12 +892,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             if (ret == WOLFSSL_SUCCESS)
                 groups[count++] = WOLFSSL_FFDHE_2048;
         #ifdef WOLFSSL_ASYNC_CRYPT
-            else if (ret == WC_PENDING_E)
+            else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         #endif
             else
                 err_sys("unable to use DH 2048-bit parameters");
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
     if (count >= MAX_GROUP_NUMBER)
@@ -801,7 +918,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
 /*  4. add the same message into Japanese section         */
 /*     (will be translated later)                         */
 /*  5. add printf() into suitable position of Usage()     */
-static const char* server_usage_msg[][65] = {
+static const char* server_usage_msg[][66] = {
     /* English */
     {
         " NOTE: All files relative to wolfSSL home dir\n",               /* 0 */
@@ -951,8 +1068,25 @@ static const char* server_usage_msg[][65] = {
            " SSLv3(0) - TLS1.3(4)\n",                                   /* 59 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5,  P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */
+        "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n"
+            "            P384_ML_KEM_1024, X25519_ML_KEM_512, "
+            "X25519_ML_KEM_768,\n"
+            "            X448_ML_KEM_768\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, "
+            "P521_KYBER_LEVEL5,\n"
+            "            X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, "
+            "X448_KYBER_LEVEL3\n"
+#endif
+            "",
+                                                                        /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -969,11 +1103,18 @@ static const char* server_usage_msg[][65] = {
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
         "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 64 */
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        "--altPrivKey <file> Generate alternative signature with this key.\n",
+                                                                        /* 65 */
+#endif
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 66 */
 #endif
         "\n"
            "For simpler wolfSSL TLS server examples, visit\n"
            "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
-                                                                        /* 65 */
+                                                                        /* 67 */
         NULL,
     },
 #ifndef NO_MULTIBYTE_PRINT
@@ -1139,8 +1280,19 @@ static const char* server_usage_msg[][65] = {
         " SSLv3(0) - TLS1.3(4)\n",                          /* 59 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> post-quantum ��付�グループ���共有�� [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */
+        "--pqc <alg> post-quantum ��付�グループ���共有��:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルト�SRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -1159,11 +1311,19 @@ static const char* server_usage_msg[][65] = {
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
         "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 64 */
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        "--altPrivKey <file> Generate alternative signature with this key.\n",
+                                                                        /* 65 */
+#endif
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 66 */
 #endif
         "\n"
         "より簡��wolfSSL TSL クライアント�例�����"
                                           "下記�アクセス������\n"
-        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 65 */
+        "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
+                                                                        /* 67 */
         NULL,
     },
 #endif
@@ -1320,7 +1480,10 @@ static void Usage(void)
 #ifdef HAVE_SUPPORTED_CURVES
     printf("%s", msg[++msgId]);     /* --onlyPskDheKe */
 #endif
-    printf("%s", msg[++msgId]); /* Examples repo link */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    printf("%s", msg[++msgId]);     /* --altPrivKey */
+#endif
+    printf("%s", msg[++msgId]);     /* Examples repo link */
 }
 
 #ifdef WOLFSSL_SRTP
@@ -1347,7 +1510,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args)
 
     ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
                                                    &srtp_secret_length);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         LOG_ERROR("DTLS SRTP: Error getting key material length\n");
         return ret;
     }
@@ -1436,6 +1599,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         {"crl-dir", 1, 265},
 #endif
         {"quieter", 0, 266},
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        { "altPrivKey", 1, 267},
+#endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        { "crypto-policy", 1, 268 },
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
         { 0, 0, 0 }
     };
 #endif
@@ -1560,6 +1729,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
     char* crlDir = NULL;
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    const char * policy = NULL;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 #ifdef WOLFSSL_STATIC_MEMORY
     /* Note: Actual memory used is much less, this is the entire buffer buckets,
@@ -1580,10 +1752,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         byte memory[80000];
     #endif
     byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */
+    #if !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     WOLFSSL_MEM_CONN_STATS ssl_stats;
-    #ifdef DEBUG_WOLFSSL
+    #if defined(DEBUG_WOLFSSL)
         WOLFSSL_MEM_STATS mem_stats;
     #endif
+    #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
     int onlyKeyShare = 0;
@@ -1600,6 +1774,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     int useX448 = 0;
     int usePqc = 0;
     char* pqcAlg = NULL;
+    char* altPrivKey = NULL;
     int exitWithRet = 0;
     int loadCertKeyIntoSSLObj = 0;
 
@@ -1674,6 +1849,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     (void)nonBlocking;
     (void)pqcAlg;
     (void)usePqc;
+    (void)altPrivKey;
 
 #ifdef WOLFSSL_TIRTOS
     fdOpenSession(Task_self());
@@ -1834,7 +2010,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 }
                 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
                     printf("Verify should use preverify (just show info)\n");
-                    myVerifyAction = VERIFY_USE_PREVERFIY;
+                    myVerifyAction = VERIFY_USE_PREVERIFY;
                 }
                 else if (XSTRCMP(myoptarg, "loadSSL") == 0) {
                     printf("Also load cert/key into wolfSSL object\n");
@@ -1962,7 +2138,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 break;
 
             case 'B':
-                throughput = atol(myoptarg);
+                throughput = (size_t)atol(myoptarg);
                 for (; *myoptarg != '\0'; myoptarg++) {
                     if (*myoptarg == ',') {
                         block = atoi(myoptarg + 1);
@@ -2121,7 +2297,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 #if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO)
                     XMEMSET(&dtlsCtx, 0, sizeof(dtlsCtx));
                     doBlockSeq = 1;
-                    dtlsCtx.blockSeq = atoi(myoptarg);
+                    dtlsCtx.blockSeq = (word32)atoi(myoptarg);
                 #endif
                     break;
 
@@ -2298,7 +2474,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                     err_sys("provided connection ID is too big");
                 }
                 else {
-                    strcpy(dtlsCID, myoptarg);
+                    XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE);
                 }
             }
             break;
@@ -2320,6 +2496,17 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             quieter = 1;
             break;
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        case 267:
+            altPrivKey = myoptarg;
+            break;
+#endif
+            case 268:
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+                policy = myoptarg;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+                break;
+
         case -1:
             default:
                 Usage();
@@ -2473,8 +2660,16 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     if (method == NULL)
         err_sys_ex(runWithErrors, "unable to get method");
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (policy != NULL) {
+        if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
+            err_sys("wolfSSL_crypto_policy_enable failed");
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 #ifdef WOLFSSL_STATIC_MEMORY
-    #ifdef DEBUG_WOLFSSL
+    #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     /* print off helper buffer sizes for use with static memory
      * printing to stderr in case of debug mode turned on */
     LOG_ERROR("static memory management size = %d\n",
@@ -2536,7 +2731,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #ifdef WOLFSSL_SRTP
     if (dtlsSrtpProfiles != NULL) {
         if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
-                                                           != WOLFSSL_SUCCESS) {
+                                                           != 0) {
             err_sys_ex(catastrophic, "unable to set DTLS SRTP profile");
         }
     }
@@ -2630,7 +2825,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
                                                            defined(WOLFSSL_DTLS)
     if (dtlsMTU)
-        wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+        wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
 #endif
 
 #ifdef WOLFSSL_SCTP
@@ -2697,6 +2892,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                                          != WOLFSSL_SUCCESS)
             err_sys_ex(catastrophic, "can't load server private key file, "
                        "check file and run from wolfSSL home dir");
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+        if ((altPrivKey != NULL) &&
+            wolfSSL_CTX_use_AltPrivateKey_file(ctx, altPrivKey,
+                                               WOLFSSL_FILETYPE_PEM)
+                                               != WOLFSSL_SUCCESS)
+            err_sys_ex(catastrophic, "can't load alt private key file, "
+                       "check file and run from wolfSSL home dir");
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
     #else
         /* loads private key file using buffer API */
         load_buffer(ctx, ourKey, WOLFSSL_KEY);
@@ -2927,7 +3130,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 err_sys_ex(runWithErrors, "tcp accept failed");
             }
         }
-#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
+    !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         LOG_ERROR("Before creating SSL\n");
         if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
             err_sys_ex(runWithErrors, "ctx not using static memory");
@@ -3016,7 +3220,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         }
 #endif
 
-#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
+#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \
+    !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         LOG_ERROR("After creating SSL\n");
         if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
             err_sys_ex(runWithErrors, "ctx not using static memory");
@@ -3146,19 +3351,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             #ifdef CAN_FORCE_CURVE
             if (force_curve_group_id > 0) {
                 do {
-                    ret = wolfSSL_UseKeyShare(ssl, force_curve_group_id);
+                    ret = wolfSSL_UseKeyShare(ssl, (word16)force_curve_group_id);
                     if (ret == WOLFSSL_SUCCESS) {
 
                     }
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                    else if (ret == WC_PENDING_E) {
+                    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     }
                     #endif
                     else {
                         err_sys("Failed wolfSSL_UseKeyShare in force-curve");
                     }
-                } while (ret == WC_PENDING_E);
+                } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                 ret = wolfSSL_set_groups(ssl, &force_curve_group_id, 1);
                 if (WOLFSSL_SUCCESS != ret) {
                     err_sys("Failed wolfSSL_set_groups in force-curve");
@@ -3361,7 +3566,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                     if (ret <= 0) {
                         err = SSL_get_error(ssl, 0);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_PENDING_E) {
+                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             /* returns the number of polled items or <0 for
                              * error */
                             ret = wolfSSL_AsyncPoll(ssl,
@@ -3374,7 +3579,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                         input[ret] = 0; /* null terminate message */
                         printf("Early Data Client message: %s\n", input);
                     }
-                } while (err == WC_PENDING_E || ret > 0);
+                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || ret > 0);
             }
     #endif
             do {
@@ -3383,13 +3588,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 if (ret != WOLFSSL_SUCCESS) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         }
 #else
         if (nonBlocking) {
@@ -3408,7 +3613,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = SSL_get_error(ssl, 0);
             LOG_ERROR("SSL_accept error %d, %s\n", err,
-                                            ERR_error_string(err, buffer));
+                                            ERR_error_string((unsigned long)err, buffer));
             if (!exitWithRet) {
                 err_sys_ex(runWithErrors, "SSL_accept failed");
             } else {
@@ -3492,10 +3697,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
         size = wolfSSL_get_server_random(ssl, rnd, size);
         if (size == 0) {
-            if (rnd) {
-                XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                rnd = NULL;
-            }
+            XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            rnd = NULL;
             err_sys_ex(runWithErrors, "error getting server random buffer");
         }
 
@@ -3533,10 +3736,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         unsigned int receivedCIDSz;
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)
@@ -3562,7 +3762,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             if (err == WOLFSSL_SUCCESS)
                 printf("Sent ALPN protocol : %s (%d)\n",
                        protocol_name, protocol_nameSz);
-            else if (err == WOLFSSL_ALPN_NOT_FOUND)
+            else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
                 printf("No ALPN response sent (no match)\n");
             else
                 printf("Getting ALPN protocol name failed\n");
@@ -3574,7 +3774,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             else
                 printf("Get list of client's protocol name failed\n");
 
-            free(list);
+            (void)wolfSSL_ALPN_FreePeerProtocol(ssl, &list);
         }
 #endif
 
@@ -3593,12 +3793,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                             err == WOLFSSL_ERROR_WANT_WRITE) {
                         do {
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
                         #endif
-                            if (err == APP_DATA_READY) {
+                            if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                                 if (wolfSSL_read(ssl, input, sizeof(input)-1) < 0) {
                                     err_sys("APP DATA should be present but error returned");
                                 }
@@ -3610,9 +3810,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                             }
                         } while (ret != WOLFSSL_SUCCESS &&
                                 (err == WOLFSSL_ERROR_WANT_READ ||
-                                        err == WOLFSSL_ERROR_WANT_WRITE ||
-                                        err == APP_DATA_READY ||
-                                        err == WC_PENDING_E));
+                                 err == WOLFSSL_ERROR_WANT_WRITE ||
+                                 err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
+                                 err == WC_NO_ERR_TRACE(WC_PENDING_E)));
 
                         if (ret == WOLFSSL_SUCCESS) {
                             printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
@@ -3633,12 +3833,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
 #ifdef WOLFSSL_ASYNC_CRYPT
                     err = wolfSSL_get_error(ssl, 0);
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -3672,8 +3872,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                                ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
 
-                wolfSSL_request_certificate(ssl);
-
+                if (wolfSSL_request_certificate(ssl) != WOLFSSL_SUCCESS) {
+                    LOG_ERROR("Request for post-hs certificate failed\n");
+                }
+                else {
+                    LOG_ERROR("Successfully requested post-hs certificate\n");
+                }
             }
 
     #endif
@@ -3705,11 +3909,16 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 ServerRead(ssl, input, sizeof(input)-1);
 #endif
         }
-        else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
+        else if (err == 0 ||
+                 err == WOLFSSL_ERROR_ZERO_RETURN)
+        {
             err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
             /* Got close notify. Ignore it if not expecting a failure. */
-            if (err == WOLFSSL_ERROR_ZERO_RETURN && exitWithRet == 0)
+            if (err == WOLFSSL_ERROR_ZERO_RETURN &&
+                exitWithRet == 0)
+            {
                 err = 0;
+            }
             if (err != 0) {
                 SSL_free(ssl); ssl = NULL;
                 SSL_CTX_free(ctx); ctx = NULL;
@@ -3762,7 +3971,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         }
 
         /* display collected statistics */
-#ifdef WOLFSSL_STATIC_MEMORY
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
             err_sys_ex(runWithErrors, "static memory was not used with ssl");
 
@@ -3853,7 +4062,7 @@ exit:
     WOLFSSL_RETURN_FROM_THREAD(0);
 }
 
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
 
 
 /* so overall tests can pull in test function */
@@ -3884,7 +4093,7 @@ exit:
 #endif
         ChangeToWolfRoot();
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 #ifdef HAVE_STACK_SIZE
         StackSizeCheck(&args, server_test);
 #else
diff --git a/examples/server/server.h b/examples/server/server.h
index e0c8ad7ba..05c3a8fdd 100644
--- a/examples/server/server.h
+++ b/examples/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index 8f11fee8f..3695fc1eb 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="server.c" />
   </ItemGroup>
diff --git a/fips-check.sh b/fips-check.sh
index b31b16dd0..462990be4 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # fips-check.sh
 # This script checks the current revision of the code against the
@@ -14,13 +14,22 @@
 MAKE="${MAKE:-make}"
 GIT="${GIT:-git -c advice.detachedHead=false}"
 TEST_DIR="${TEST_DIR:-XXX-fips-test}"
+case "$TEST_DIR" in
+    /*) ;;
+    *) TEST_DIR="${PWD}/${TEST_DIR}"
+       ;;
+esac
 FLAVOR="${FLAVOR:-linux}"
 KEEP="${KEEP:-no}"
+MAKECHECK=${MAKECHECK:-yes}
+DOCONFIGURE=${DOCONFIGURE:-yes}
+DOAUTOGEN=${DOAUTOGEN:-yes}
 FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
+WOLFSSL_REPO="${WOLFSSL_REPO:-git@github.com:wolfssl/wolfssl.git}"
 
 Usage() {
     cat <<usageText
-Usage: $0 [flavor] [keep]
+Usage: $0 [flavor] [keep] [nomakecheck] [nodoconfigure] [noautogen]
 Flavor is one of:
     linuxv2 (FIPSv2, use for Win10)
     fipsv2-OE-ready (ready FIPSv2)
@@ -31,7 +40,12 @@ Flavor is one of:
     fips-ready (ready FIPS 140-3)
     fips-dev (dev FIPS 140-3)
     wolfrand
-Keep (default off) retains the temp dir $TEST_DIR for inspection.
+    wolfentropy
+    v6.0.0
+keep: (default off) retains the temp dir $TEST_DIR for inspection.
+nomakecheck: (default off) don't run make check
+nodoconfigure: (default off) don't run configure
+noautogen: (default off) don't run autogen
 
 Example:
     $0 windows keep
@@ -39,7 +53,11 @@ usageText
 }
 
 while [ "$1" ]; do
-  if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi
+  if [ "$1" = 'keep' ]; then KEEP='yes';
+  elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
+  elif [ "$1" = 'nodoconfigure' ]; then DOCONFIGURE='no';
+  elif [ "$1" = 'noautogen' ]; then DOCONFIGURE='no'; DOAUTOGEN='no';
+  else FLAVOR="$1"; fi
   shift
 done
 
@@ -137,10 +155,10 @@ marvell-linux-selftest)
     'wolfssl/wolfcrypt/sha512.h:v4.1.0-stable'
   )
   ;;
-linuxv5)
-  FIPS_OPTION='v5'
+linuxv5-RC12)
+  FIPS_OPTION='v5-RC12'
   FIPS_FILES=(
-    'wolfcrypt/src/fips.c:WCv5.0-RC12'
+    'wolfcrypt/src/fips.c:WCv5.2.0.1-RC01'
     'wolfcrypt/src/fips_test.c:WCv5.0-RC12'
     'wolfcrypt/src/wolfcrypt_first.c:WCv5.0-RC12'
     'wolfcrypt/src/wolfcrypt_last.c:WCv5.0-RC12'
@@ -179,14 +197,14 @@ linuxv5)
     'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12'
   )
   ;;
-linuxv5.2.1)
+linuxv5|linuxv5.2.1)
   FIPS_OPTION='v5'
   FIPS_FILES=(
     'wolfcrypt/src/fips.c:v5.2.1-stable'
     'wolfcrypt/src/fips_test.c:v5.2.1-stable'
     'wolfcrypt/src/wolfcrypt_first.c:v5.2.1-stable'
     'wolfcrypt/src/wolfcrypt_last.c:v5.2.1-stable'
-    'wolfssl/wolfcrypt/fips.h:v5.2.1-stable'
+    'wolfssl/wolfcrypt/fips.h:v5.2.1-stable-OS_Seed-HdrOnly'
   )
   WOLFCRYPT_FILES=(
     'wolfcrypt/src/aes.c:v5.2.1-stable'
@@ -213,7 +231,7 @@ linuxv5.2.1)
     'wolfssl/wolfcrypt/fips_test.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/hmac.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/kdf.h:v5.2.1-stable'
-    'wolfssl/wolfcrypt/random.h:v5.2.1-stable'
+    'wolfssl/wolfcrypt/random.h:v5.2.1-stable-OS_Seed-HdrOnly'
     'wolfssl/wolfcrypt/rsa.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/sha.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/sha256.h:v5.2.1-stable'
@@ -221,8 +239,111 @@ linuxv5.2.1)
     'wolfssl/wolfcrypt/sha512.h:v5.2.1-stable'
   )
   ;;
+v6.0.0)
+  WOLF_REPO_TAG='WCv6.0.0-RC4'
+  FIPS_REPO_TAG='WCv6.0.0-RC4'
+  ASM_PICKUPS_TAG='WCv6.0.0-RC4'
+  FIPS_OPTION='v6'
+  FIPS_FILES=(
+    "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
+    "wolfcrypt/src/fips_test.c:${FIPS_REPO_TAG}"
+    "wolfcrypt/src/wolfcrypt_first.c:${FIPS_REPO_TAG}"
+    "wolfcrypt/src/wolfcrypt_last.c:${FIPS_REPO_TAG}"
+    "wolfssl/wolfcrypt/fips.h:${FIPS_REPO_TAG}"
+  )
+  WOLFCRYPT_FILES=(
+    "wolfcrypt/src/aes_asm.asm:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_gcm_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_gcm_x86_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_xts_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-aes-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-curve25519_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-curve25519.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha256-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha3-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha512-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-aes.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-curve25519_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-curve25519.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha3-asm.S:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha512-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha512.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/cmac.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/curve25519.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/curve448.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/dh.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/ecc.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/ed25519.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/ed448.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/hmac.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/kdf.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/pwdbased.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/random.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/rsa.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha256_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha3.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha3_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha512_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha512.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sp_arm32.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_arm64.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_armthumb.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_c32.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_c64.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_cortexm.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_x86_64_asm.asm:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sp_x86_64_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sp_x86_64.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-aes-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-aes-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-curve25519_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-curve25519.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha256-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha3-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha512-asm.S:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/aes.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/cmac.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/curve25519.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/curve448.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/dh.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/ecc.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/ed25519.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/ed448.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/fips_test.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/hmac.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/kdf.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/pwdbased.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/random.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/rsa.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha256.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha3.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha512.h:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha3.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha512.c:${WOLF_REPO_TAG}"
+  )
+  ;;
 fips-ready|fips-dev)
-  FIPS_OPTION='ready'
+  if [ "$FLAVOR" = 'fips-dev' ]; then
+      FIPS_OPTION='dev'
+  else
+      FIPS_OPTION='ready'
+  fi
   FIPS_FILES=(
     'wolfcrypt/src/fips.c:master'
     'wolfcrypt/src/fips_test.c:master'
@@ -231,7 +352,6 @@ fips-ready|fips-dev)
     'wolfssl/wolfcrypt/fips.h:master'
   )
   WOLFCRYPT_FILES=()
-  if [ "$FLAVOR" = 'fips-dev' ]; then FIPS_OPTION='dev'; fi
   ;;
 wolfrand)
   FIPS_OPTION='rand'
@@ -251,6 +371,41 @@ wolfrand)
     'wolfssl/wolfcrypt/sha256.h:WCv4-stable'
   )
   ;;
+wolfentropy)
+  FIPS_OPTION='v6'
+  FIPS_FILES=(
+    'wolfcrypt/src/fips.c:wolfEntropy1'
+    'wolfcrypt/src/fips_test.c:wolfEntropy1'
+    'wolfcrypt/src/wolfcrypt_first.c:wolfEntropy1'
+    'wolfcrypt/src/wolfcrypt_last.c:wolfEntropy1'
+    'wolfssl/wolfcrypt/fips.h:wolfEntropy1'
+  )
+  WOLFCRYPT_FILES=(
+    'wolfcrypt/src/aes.c:wolfEntropy1'
+    'wolfcrypt/src/aes_asm.asm:wolfEntropy1'
+    'wolfcrypt/src/aes_asm.S:wolfEntropy1'
+    'wolfcrypt/src/aes_gcm_asm.S:wolfEntropy1'
+    'wolfcrypt/src/ecc.c:wolfEntropy1'
+    'wolfcrypt/src/hmac.c:wolfEntropy1'
+    'wolfcrypt/src/kdf.c:wolfEntropy1'
+    'wolfcrypt/src/random.c:wolfEntropy1'
+    'wolfcrypt/src/sha256.c:wolfEntropy1'
+    'wolfcrypt/src/sha256_asm.S:wolfEntropy1'
+    'wolfcrypt/src/sha3.c:wolfEntropy1'
+    'wolfcrypt/src/sha512.c:wolfEntropy1'
+    'wolfcrypt/src/sha512_asm.S:wolfEntropy1'
+    'wolfssl/wolfcrypt/aes.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/ecc.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/fips_test.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/hmac.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/kdf.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/random.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/sha256.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/sha3.h:wolfEntropy1'
+    'wolfssl/wolfcrypt/sha512.h:wolfEntropy1'
+  )
+  ;;
+
 *)
   Usage
   exit 1
@@ -262,8 +417,7 @@ esac
 function checkout_files() {
     local name
     local tag
-    for file_entry in "$@"
-    do
+    for file_entry in "$@"; do
         name=${file_entry%%:*}
         tag=${file_entry#*:}
         if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
@@ -283,14 +437,12 @@ function copy_fips_files() {
     local bname
     local dname
     local tag
-    for file_entry in "$@"
-    do
+    for file_entry in "$@"; do
         name=${file_entry%%:*}
         tag=${file_entry#*:}
         bname=$(basename "$name")
         dname=$(dirname "$name")
-        if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
-        then
+        if ! $GIT rev-parse -q --verify "my$tag" >/dev/null; then
             $GIT branch --no-track "my$tag" "$tag" || exit $?
         fi
         $GIT checkout "my$tag" -- "$bname" || exit $?
@@ -298,23 +450,144 @@ function copy_fips_files() {
     done
 }
 
-if ! $GIT clone . "$TEST_DIR"; then
-    echo "fips-check: Couldn't duplicate current working directory."
+# Note, it would be cleaner to compute the tag lists using associative arrays,
+# but those were introduced in bash-4.  It's more important to maintain backward
+# compatibility here.
+
+declare -a WOLFCRYPT_TAGS_NEEDED_UNSORTED WOLFCRYPT_TAGS_NEEDED
+if [ ${#WOLFCRYPT_FILES[@]} -gt 0 ]; then
+    for file_entry in "${WOLFCRYPT_FILES[@]}"; do
+        WOLFCRYPT_TAGS_NEEDED_UNSORTED+=("${file_entry#*:}")
+    done
+    while IFS= read -r tag; do WOLFCRYPT_TAGS_NEEDED+=("$tag"); done < <(IFS=$'\n'; sort -u <<< "${WOLFCRYPT_TAGS_NEEDED_UNSORTED[*]}")
+    if [ "${#WOLFCRYPT_TAGS_NEEDED[@]}" = "0" ]; then
+        echo "Error -- missing wolfCrypt tags." 1>&2
+        exit 1
+    fi
+fi
+
+declare -a FIPS_TAGS_NEEDED_UNSORTED FIPS_TAGS_NEEDED
+for file_entry in "${FIPS_FILES[@]}"; do
+    FIPS_TAGS_NEEDED_UNSORTED+=("${file_entry#*:}")
+done
+while IFS= read -r tag; do FIPS_TAGS_NEEDED+=("$tag"); done < <(IFS=$'\n'; sort -u <<< "${FIPS_TAGS_NEEDED_UNSORTED[*]}")
+if [ "${#FIPS_TAGS_NEEDED[@]}" = "0" ]; then
+    echo "Error -- missing FIPS tags." 1>&2
     exit 1
 fi
 
-pushd "$TEST_DIR" || exit 2
+if [ ${#WOLFCRYPT_TAGS_NEEDED[@]} -gt 0 ]; then
+    echo "wolfCrypt tag$( [[ ${#WOLFCRYPT_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
 
-if ! $GIT clone "$FIPS_REPO" fips
-then
-    echo "fips-check: Couldn't check out FIPS repository."
+    # Only use shallow fetch if the repo already has shallow branches, to avoid
+    # tainting full repos with shallow objects.
+    if [ -f .git/shallow ]; then
+        shallow_args=(--depth 1)
+    else
+        shallow_args=()
+    fi
+
+    for tag in "${WOLFCRYPT_TAGS_NEEDED[@]}"; do
+        if $GIT describe --long --exact-match "$tag" 2>/dev/null; then
+            continue
+        fi
+        if ! $GIT fetch "${shallow_args[@]}" "$WOLFSSL_REPO" tag "$tag"; then
+            echo "Can't fetch wolfCrypt tag: $tag" 1>&2
+            exit 1
+        fi
+        # Make sure the tag is associated:
+        $GIT tag "$tag" FETCH_HEAD >/dev/null 2>&1
+    done
+fi
+
+if ! $GIT clone --shared . "$TEST_DIR"; then
+    echo "fips-check: Couldn't clone current working directory." 1>&2
     exit 1
 fi
 
+# If there is a FIPS repo under the parent directory, leverage that:
+if [ -d ../fips/.git ]; then
+    pushd ../fips 1>/dev/null || exit 2
+
+    # Only use shallow fetch if the repo already has shallow branches, to avoid
+    # tainting full repos with shallow objects.
+    if [ -f .git/shallow ]; then
+        shallow_args=(--depth 1)
+    else
+        shallow_args=()
+    fi
+
+    echo "FIPS tag$( [[ ${#FIPS_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
+    for tag in "${FIPS_TAGS_NEEDED[@]}"; do
+        if [ "$tag" = "master" ]; then
+            # master is handled specially below.
+            continue
+        fi
+        if $GIT describe --long --exact-match "$tag" 2>/dev/null; then
+            continue
+        fi
+        if ! $GIT fetch "${shallow_args[@]}" "$FIPS_REPO" tag "$tag"; then
+            echo "Can't fetch FIPS tag: $tag" 1>&2
+            exit 1
+        fi
+        # Make sure the tag is associated:
+        $GIT tag "$tag" FETCH_HEAD >/dev/null 2>&1
+    done
+
+    # The current tooling for the FIPS tests is in the master branch and must be
+    # checked out here.
+    if ! $GIT clone --shared --branch master . "${TEST_DIR}/fips"; then
+        echo "fips-check: Couldn't clone current working directory." 1>&2
+        exit 1
+    fi
+
+    popd 1>/dev/null || exit 2
+
+    # Make sure master is up-to-date:
+    pushd "${TEST_DIR}/fips" 1>/dev/null || exit 2
+    if ! $GIT pull "$FIPS_REPO" master; then
+        echo "Can't refresh master FIPS tag" 1>&2
+        exit 1
+    fi
+    popd 1>/dev/null || exit 2
+fi
+
+pushd "$TEST_DIR" 1>/dev/null || exit 2
+
+if [ ! -d fips ]; then
+    # The current tooling for the FIPS tests is in the master branch and must be
+    # checked out here.
+    if ! $GIT clone --depth 1 --branch master "$FIPS_REPO" fips; then
+        echo "fips-check: Couldn't check out FIPS repository."
+        exit 1
+    fi
+
+    pushd fips 1>/dev/null || exit 2
+    echo "FIPS tag$( [[ ${#FIPS_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
+    for tag in "${FIPS_TAGS_NEEDED[@]}"; do
+        if [ "$tag" = "master" ]; then
+            # master was just cloned fresh from $FIPS_REPO above.
+            continue
+        fi
+        if $GIT describe --long --exact-match "$tag" 2>/dev/null; then
+            continue
+        fi
+        # The FIPS repo here is an ephemeral clone, so we can safely use shallow
+        # fetch unconditionally.
+        if ! $GIT fetch --depth 1 "$FIPS_REPO" tag "$tag"; then
+            echo "Can't fetch FIPS tag: $tag" 1>&2
+            exit 1
+        fi
+        # Make sure the tag is associated:
+        $GIT tag "$tag" FETCH_HEAD >/dev/null 2>&1
+    done
+    popd 1>/dev/null || exit 2
+fi
+
 checkout_files "${WOLFCRYPT_FILES[@]}" || exit 3
-pushd fips || exit 2
+pushd fips 1>/dev/null || exit 2
 copy_fips_files "${FIPS_FILES[@]}" || exit 3
-popd || exit 2
+popd 1>/dev/null || exit 2
 
 # When checking out cert 3389 ready code, NIST will no longer perform
 # new certifications on 140-2 modules. If we were to use the latest files from
@@ -322,52 +595,53 @@ popd || exit 2
 # Since OE additions can still be processed for cert3389 we will call 140-2
 # ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but
 # would not be good for a new certification effort with the latest files.
-if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]
-then
+if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
     cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak
     sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c
 fi
 
 # run the make test
-./autogen.sh
-
-case "$FIPS_OPTION" in
-cavp-selftest)
-    ./configure --enable-selftest
-    ;;
-cavp-selftest-v2)
-    ./configure --enable-selftest=v2
-    ;;
-*)
-    ./configure --enable-fips=$FIPS_OPTION
-    ;;
-esac
-
-if ! $MAKE
-then
-    echo 'fips-check: Make failed. Debris left for analysis.'
-    exit 3
+if [ "$DOAUTOGEN" = "yes" ]; then
+    ./autogen.sh
 fi
 
-if [ -s wolfcrypt/src/fips_test.c ]
-then
-    NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
-    if [ -n "$NEWHASH" ]; then
-        cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
-        sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
-        make clean
+if [ "$DOCONFIGURE" = "yes" ]; then
+    case "$FIPS_OPTION" in
+    cavp-selftest)
+        ./configure --enable-selftest
+        ;;
+    cavp-selftest-v2)
+        ./configure --enable-selftest=v2
+        ;;
+    *)
+        ./configure --enable-fips=$FIPS_OPTION
+        ;;
+    esac
+
+    if ! $MAKE; then
+        echo 'fips-check: Make failed. Debris left for analysis.'
+        exit 3
+    fi
+
+    if [ -s wolfcrypt/src/fips_test.c ]; then
+        NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
+        if [ -n "$NEWHASH" ]; then
+            cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
+            sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
+            make clean
+        fi
+    fi
+
+    if [ "$MAKECHECK" = "yes" ]; then
+        if ! $MAKE check; then
+            echo 'fips-check: Test failed. Debris left for analysis.'
+            exit 3
+        fi
     fi
 fi
 
-if ! $MAKE check
-then
-    echo 'fips-check: Test failed. Debris left for analysis.'
-    exit 3
-fi
-
 # Clean up
-popd || exit 2
-if [ "$KEEP" = 'no' ];
-then
+popd 1>/dev/null || exit 2
+if [ "$KEEP" = 'no' ]; then
     rm -rf "$TEST_DIR"
 fi
diff --git a/fips-hash.sh b/fips-hash.sh
index 8bb6de4ec..7ae25eeeb 100755
--- a/fips-hash.sh
+++ b/fips-hash.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 if test ! -x ./wolfcrypt/test/testwolfcrypt
 then
@@ -18,4 +18,3 @@ then
     cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
     sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
 fi
-
diff --git a/gencertbuf.pl b/gencertbuf.pl
index 5bc018874..8f0ba607c 100755
--- a/gencertbuf.pl
+++ b/gencertbuf.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # gencertbuf.pl
 # version 1.1
@@ -116,14 +116,6 @@ my @fileList_falcon = (
         ["certs/falcon/bench_falcon_level5_key.der", "bench_falcon_level5_key" ],
         );
 
-#Dilithium Post-Quantum Keys
-#Used with HAVE_PQC
-my @fileList_dilithium = (
-        ["certs/dilithium/bench_dilithium_level2_key.der", "bench_dilithium_level2_key" ],
-        ["certs/dilithium/bench_dilithium_level3_key.der", "bench_dilithium_level3_key" ],
-        ["certs/dilithium/bench_dilithium_level5_key.der", "bench_dilithium_level5_key" ],
-        );
-
 #Sphincs+ Post-Quantum Keys
 #Used with HAVE_PQC
 my @fileList_sphincs = (
@@ -146,7 +138,6 @@ my $num_2048 = @fileList_2048;
 my $num_3072 = @fileList_3072;
 my $num_4096 = @fileList_4096;
 my $num_falcon = @fileList_falcon;
-my $num_dilithium = @fileList_dilithium;
 my $num_sphincs = @fileList_sphincs;
 
 # open our output file, "+>" creates and/or truncates
@@ -229,7 +220,7 @@ for (my $i = 0; $i < $num_4096; $i++) {
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_4096 */\n\n";
 
 # convert and print falcon keys
-print OUT_FILE "#if defined(HAVE_PQC) && defined(HAVE_FALCON)\n\n";
+print OUT_FILE "#if defined(HAVE_FALCON)\n\n";
 for (my $i = 0; $i < $num_falcon; $i++) {
 
     my $fname = $fileList_falcon[$i][0];
@@ -243,27 +234,1817 @@ for (my $i = 0; $i < $num_falcon; $i++) {
     print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
 }
 
-print OUT_FILE "#endif /* HAVE_PQC && HAVE_FALCON */\n\n";
+print OUT_FILE "#endif /* HAVE_FALCON */\n\n";
 
-# convert and print dilithium keys
-print OUT_FILE "#if defined (HAVE_PQC) && defined(HAVE_DILITHIUM)\n\n";
-for (my $i = 0; $i < $num_dilithium; $i++) {
+# print dilithium raw keys
+print OUT_FILE "#if defined(HAVE_DILITHIUM)
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
-    my $fname = $fileList_dilithium[$i][0];
-    my $sname = $fileList_dilithium[$i][1];
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
+static const unsigned char bench_dilithium_level2_key[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xd8, 0x79, 0x4c, 0xee, 0x92, 0x2b, 0x37, 0xab,
+    0xb1, 0x16, 0x65, 0x72, 0xc3, 0x49, 0xc2, 0xec, 0xfd, 0x9a,
+    0xe6, 0x2d, 0x1e, 0x5b, 0xe3, 0x04, 0x96, 0x16, 0xad, 0x97,
+    0x5d, 0xac, 0xf2, 0xcc, 0x62, 0x2e, 0x34, 0x5d, 0x67, 0x19,
+    0x47, 0xee, 0x0f, 0x8b, 0x97, 0x60, 0xb4, 0x0b, 0xeb, 0x6a,
+    0x7a, 0x75, 0x14, 0x27, 0x00, 0x39, 0xd6, 0x60, 0xce, 0x39,
+    0x6e, 0x69, 0x46, 0xe1, 0x0d, 0xf9, 0xa6, 0xfa, 0x8c, 0xcf,
+    0x65, 0x50, 0x59, 0x1d, 0xb0, 0x26, 0xc2, 0xe2, 0xf1, 0xb9,
+    0xcd, 0x09, 0x60, 0xcc, 0xbb, 0x57, 0xd6, 0xac, 0xcc, 0xf9,
+    0x58, 0x73, 0xa8, 0x81, 0x61, 0x2f, 0xd2, 0xa4, 0x5b, 0x98,
+    0x0d, 0x12, 0x88, 0x51, 0x63, 0x38, 0x6e, 0xa2, 0x46, 0x64,
+    0x52, 0xc0, 0x71, 0xc1, 0x42, 0x68, 0xd8, 0x42, 0x32, 0x5c,
+    0xb4, 0x44, 0x08, 0x95, 0x48, 0xa2, 0x46, 0x6c, 0x0b, 0x10,
+    0x09, 0xc8, 0x24, 0x4d, 0x18, 0x37, 0x4c, 0x4c, 0x82, 0x05,
+    0x02, 0x22, 0x10, 0x4a, 0x86, 0x30, 0x03, 0x03, 0x11, 0x44,
+    0x22, 0x62, 0x01, 0xa9, 0x51, 0x13, 0x02, 0x2c, 0x19, 0x85,
+    0x65, 0x51, 0x14, 0x01, 0x9c, 0xb2, 0x81, 0x0a, 0x49, 0x52,
+    0xa2, 0xb2, 0x4c, 0x98, 0x34, 0x01, 0x0a, 0x07, 0x06, 0x58,
+    0xb2, 0x69, 0x51, 0x24, 0x2d, 0x59, 0x12, 0x52, 0xe0, 0xb4,
+    0x04, 0x14, 0x40, 0x29, 0xa2, 0xb0, 0x31, 0x54, 0xc0, 0x40,
+    0x63, 0x00, 0x69, 0x18, 0x47, 0x85, 0xc8, 0x30, 0x81, 0x0b,
+    0x15, 0x0a, 0xd8, 0xa0, 0x0c, 0x5c, 0x20, 0x4a, 0x11, 0x38,
+    0x64, 0x04, 0x94, 0x84, 0xd3, 0x24, 0x72, 0x58, 0x38, 0x28,
+    0x18, 0x37, 0x6d, 0x94, 0xc0, 0x4d, 0xa0, 0xa6, 0x0c, 0x9a,
+    0x82, 0x31, 0xc2, 0x40, 0x48, 0xda, 0x46, 0x85, 0x03, 0x00,
+    0x05, 0xd8, 0x02, 0x4d, 0x0b, 0x85, 0x40, 0xe2, 0x32, 0x86,
+    0x4c, 0xa0, 0x65, 0x8a, 0x36, 0x65, 0x42, 0x18, 0x6e, 0x60,
+    0x36, 0x0d, 0x40, 0xc0, 0x01, 0x5a, 0x44, 0x42, 0xc4, 0xa4,
+    0x0d, 0xd4, 0x88, 0x8d, 0x88, 0x22, 0x52, 0x00, 0xc0, 0x0c,
+    0x5b, 0x36, 0x90, 0x09, 0x20, 0x22, 0x08, 0x03, 0x12, 0x90,
+    0x12, 0x42, 0x04, 0x20, 0x29, 0x8c, 0x48, 0x6d, 0x20, 0x32,
+    0x08, 0x94, 0x88, 0x6c, 0x10, 0x87, 0x21, 0xc1, 0x44, 0x02,
+    0x52, 0x40, 0x12, 0xdb, 0xc8, 0x24, 0x14, 0x09, 0x2c, 0x93,
+    0x40, 0x09, 0x64, 0xc8, 0x4c, 0x08, 0x48, 0x70, 0xa1, 0x10,
+    0x81, 0x4a, 0x80, 0x8c, 0x20, 0x03, 0x31, 0x18, 0xb3, 0x80,
+    0xd3, 0x82, 0x25, 0x4c, 0x94, 0x8c, 0x1c, 0x93, 0x89, 0x1a,
+    0x91, 0x51, 0xd1, 0xb6, 0x68, 0x43, 0x14, 0x25, 0x84, 0x48,
+    0x61, 0x82, 0x40, 0x24, 0xdb, 0x22, 0x4d, 0x63, 0x16, 0x66,
+    0x62, 0x90, 0x50, 0xa1, 0x18, 0x86, 0x49, 0x28, 0x25, 0xa0,
+    0x10, 0x68, 0x8c, 0x04, 0x00, 0x08, 0x32, 0x4e, 0x22, 0x43,
+    0x31, 0x42, 0x96, 0x28, 0x11, 0x23, 0x89, 0xd2, 0xc4, 0x6d,
+    0x11, 0x82, 0x8d, 0x8a, 0xa8, 0x90, 0xd2, 0x06, 0x29, 0x80,
+    0x82, 0x89, 0x00, 0xa8, 0x41, 0x00, 0x13, 0x6a, 0x12, 0xa8,
+    0x04, 0x83, 0xc2, 0x51, 0x13, 0x09, 0x08, 0x62, 0xb4, 0x8d,
+    0x94, 0xc2, 0x44, 0x5a, 0xb4, 0x08, 0x0a, 0x10, 0x48, 0xa1,
+    0x28, 0x20, 0x1b, 0xb7, 0x64, 0x60, 0x24, 0x25, 0x48, 0xc0,
+    0x00, 0x0a, 0x10, 0x09, 0x64, 0xb8, 0x88, 0xcb, 0x44, 0x64,
+    0x54, 0x90, 0x05, 0xd2, 0xb8, 0x21, 0x49, 0x28, 0x28, 0x49,
+    0x42, 0x0d, 0x63, 0xa0, 0x65, 0xcb, 0x90, 0x30, 0x51, 0x82,
+    0x8d, 0x5c, 0xc6, 0x0c, 0x51, 0x06, 0x6a, 0x1a, 0x27, 0x22,
+    0x01, 0xa8, 0x24, 0x61, 0xb2, 0x84, 0x23, 0x40, 0x86, 0xa3,
+    0xb4, 0x48, 0x19, 0x28, 0x0c, 0x14, 0x06, 0x2e, 0xe2, 0x02,
+    0x0d, 0xc4, 0x90, 0x09, 0x08, 0x06, 0x66, 0x9b, 0xc8, 0x10,
+    0x5c, 0x46, 0x21, 0xca, 0xa8, 0x30, 0x83, 0x20, 0x89, 0x03,
+    0x83, 0x6c, 0xa1, 0x46, 0x8c, 0x90, 0x14, 0x4c, 0x99, 0x02,
+    0x81, 0x53, 0x02, 0x10, 0x8b, 0x48, 0x91, 0xe4, 0x40, 0x4a,
+    0x22, 0xb1, 0x88, 0xc1, 0x06, 0x0e, 0xc3, 0xa8, 0x08, 0xc8,
+    0x46, 0x92, 0x03, 0xb5, 0x4c, 0x23, 0x03, 0x0c, 0xa4, 0x06,
+    0x2e, 0xdc, 0x92, 0x81, 0x0c, 0x45, 0x22, 0x40, 0x34, 0x91,
+    0x90, 0x96, 0x48, 0x81, 0x82, 0x31, 0xcb, 0x16, 0x72, 0x49,
+    0xc8, 0x29, 0x44, 0x86, 0x90, 0x60, 0x22, 0x4e, 0x42, 0x42,
+    0x09, 0x4b, 0x82, 0x20, 0x0a, 0xb2, 0x64, 0x20, 0x86, 0x70,
+    0x1a, 0xc0, 0x00, 0x1c, 0x41, 0x49, 0x89, 0x84, 0x05, 0x0c,
+    0x36, 0x49, 0x19, 0x99, 0x6d, 0x00, 0x08, 0x50, 0x23, 0x96,
+    0x6c, 0xe0, 0x44, 0x08, 0x98, 0x24, 0x2c, 0x0a, 0x23, 0x20,
+    0x12, 0x04, 0x31, 0xc9, 0x06, 0x32, 0x14, 0x01, 0x41, 0x08,
+    0x37, 0x08, 0x58, 0x00, 0x0c, 0x19, 0x04, 0x29, 0x90, 0x18,
+    0x05, 0xe1, 0x88, 0x44, 0xc2, 0x20, 0x6c, 0xd1, 0x46, 0x64,
+    0xd9, 0x26, 0x62, 0x09, 0x88, 0x68, 0x02, 0x29, 0x29, 0xe1,
+    0x18, 0x65, 0x98, 0x04, 0x24, 0xe4, 0x34, 0x0c, 0x12, 0x85,
+    0x2d, 0x20, 0x14, 0x06, 0x24, 0x15, 0x82, 0x89, 0x08, 0x91,
+    0x60, 0x84, 0x28, 0x24, 0x34, 0x41, 0x1b, 0x49, 0x22, 0xd3,
+    0x96, 0x64, 0x1b, 0x86, 0x4c, 0x0c, 0xb9, 0x20, 0x20, 0x39,
+    0x04, 0x04, 0x34, 0x6d, 0xc1, 0x28, 0x32, 0x08, 0x14, 0x44,
+    0x81, 0x18, 0x2e, 0xda, 0x38, 0x41, 0x63, 0x18, 0x26, 0xd8,
+    0x48, 0x26, 0x12, 0x20, 0x21, 0x09, 0xc5, 0x25, 0x92, 0x42,
+    0x0c, 0x88, 0x04, 0x64, 0x11, 0x43, 0x8a, 0x19, 0x92, 0x60,
+    0x5c, 0xc6, 0x31, 0xa1, 0x24, 0x6a, 0xd8, 0xb6, 0x49, 0x1b,
+    0x81, 0x90, 0xe2, 0x32, 0x4e, 0x62, 0x44, 0x21, 0x80, 0xb8,
+    0x10, 0x4b, 0x90, 0x49, 0x5c, 0x06, 0x09, 0x48, 0x20, 0x49,
+    0xa2, 0x92, 0x71, 0x5c, 0x48, 0x02, 0xc8, 0x08, 0x81, 0xa4,
+    0x32, 0x66, 0xc9, 0x30, 0x11, 0xca, 0x92, 0x91, 0xc0, 0x00,
+    0x41, 0x44, 0x98, 0x4d, 0x98, 0x12, 0x4e, 0x92, 0x46, 0x8e,
+    0x49, 0xb8, 0x64, 0xdc, 0x18, 0x50, 0x51, 0xb4, 0x48, 0x08,
+    0x47, 0x24, 0x08, 0x46, 0x32, 0x1b, 0x23, 0x00, 0x09, 0xb8,
+    0x04, 0x0a, 0x44, 0x0c, 0x0b, 0xc7, 0x8d, 0x19, 0xa4, 0x09,
+    0x11, 0x30, 0x41, 0xe3, 0x24, 0x45, 0x89, 0x1f, 0x65, 0x54,
+    0xf6, 0x38, 0x04, 0x37, 0xcc, 0x89, 0xc3, 0xc5, 0xdc, 0x43,
+    0xd9, 0x13, 0x56, 0x06, 0x05, 0x50, 0x29, 0x4e, 0x0f, 0xa5,
+    0x5c, 0x5d, 0xd7, 0x82, 0xa1, 0x63, 0x59, 0x0d, 0x3e, 0x5b,
+    0x00, 0xe6, 0x0e, 0xd8, 0x1c, 0xc7, 0xaf, 0xc0, 0x48, 0xb6,
+    0x07, 0x5c, 0x65, 0x00, 0x89, 0xb3, 0x09, 0xbc, 0x4a, 0xaa,
+    0xa6, 0x72, 0xbe, 0x6b, 0x9a, 0xb3, 0x5b, 0x27, 0x82, 0x65,
+    0x9b, 0xc9, 0x6f, 0x19, 0x88, 0x94, 0x0b, 0x37, 0x44, 0x2f,
+    0xe3, 0x9a, 0x02, 0xda, 0xff, 0x11, 0xb0, 0x48, 0x89, 0x70,
+    0x8c, 0x84, 0xc2, 0xc0, 0x31, 0x4a, 0xad, 0x70, 0xe1, 0xa7,
+    0x15, 0xfd, 0xb2, 0x6d, 0x93, 0xda, 0x17, 0x68, 0xc4, 0xe3,
+    0xfd, 0x2c, 0x08, 0x15, 0xb9, 0xa4, 0xc5, 0x1b, 0x97, 0xc9,
+    0xa3, 0xaf, 0x0d, 0x21, 0x06, 0x3d, 0xf1, 0x05, 0xd4, 0x35,
+    0x80, 0x2e, 0x23, 0x99, 0xbd, 0x3a, 0x1a, 0x6c, 0xad, 0xbf,
+    0x56, 0xb5, 0xd3, 0x95, 0x1b, 0x30, 0x4d, 0x56, 0xc1, 0x77,
+    0xe6, 0xd6, 0xab, 0x94, 0x46, 0x68, 0xd7, 0xb8, 0xe4, 0x9d,
+    0xb2, 0x8d, 0xc4, 0xd1, 0xc8, 0x92, 0xbe, 0x5d, 0x1f, 0x58,
+    0x55, 0x7f, 0x11, 0x55, 0xc5, 0x2e, 0xc3, 0x9e, 0x2a, 0x29,
+    0x51, 0xe8, 0x75, 0x49, 0xa7, 0xa3, 0xda, 0x0b, 0xcf, 0xf8,
+    0x3f, 0x78, 0xac, 0x4c, 0x4e, 0x78, 0x6f, 0x0e, 0x67, 0xad,
+    0x94, 0x59, 0x20, 0x5e, 0x37, 0x18, 0xb9, 0x09, 0x87, 0xdb,
+    0xdd, 0xf0, 0xc2, 0x4d, 0x03, 0xcc, 0x98, 0x22, 0x4b, 0xe5,
+    0x7d, 0x8e, 0x74, 0x7e, 0xa9, 0x1b, 0xeb, 0x7a, 0xae, 0xaf,
+    0x2e, 0x7c, 0x3c, 0xc0, 0x1a, 0x30, 0x40, 0x0d, 0x79, 0x86,
+    0x53, 0xcc, 0x0b, 0x2b, 0xbe, 0xa5, 0x72, 0x3b, 0xbb, 0x53,
+    0x9e, 0xd5, 0xc2, 0x23, 0x1d, 0x35, 0xcd, 0x22, 0x12, 0xed,
+    0x9a, 0xee, 0xc8, 0xf9, 0x05, 0x27, 0xdb, 0x46, 0x56, 0xcc,
+    0x24, 0x4d, 0xee, 0xaf, 0xab, 0xa9, 0x78, 0x75, 0x75, 0xb9,
+    0xd1, 0xfd, 0x39, 0x3a, 0xb2, 0xa2, 0xeb, 0x87, 0x76, 0xb2,
+    0x19, 0x47, 0x88, 0xab, 0x42, 0x85, 0x4b, 0xd9, 0x76, 0x22,
+    0x68, 0x4b, 0xc9, 0x88, 0x38, 0x28, 0x0a, 0x34, 0x5d, 0x12,
+    0x4f, 0xf5, 0x43, 0x64, 0x44, 0x8c, 0x3c, 0xc2, 0x99, 0x91,
+    0x4e, 0xfd, 0xfd, 0x9c, 0x73, 0xbf, 0x85, 0xf9, 0x9f, 0xe1,
+    0x53, 0x19, 0xc8, 0x19, 0xcb, 0x7c, 0xdb, 0x9a, 0x3a, 0x2c,
+    0x34, 0x55, 0x8c, 0x64, 0x6f, 0xc5, 0xb7, 0x93, 0x53, 0xb4,
+    0x97, 0x7e, 0xc2, 0xf8, 0x7e, 0x8d, 0x44, 0x10, 0xca, 0x49,
+    0xf5, 0x5c, 0xe8, 0xce, 0xc4, 0xcc, 0x42, 0xf0, 0x85, 0xf1,
+    0xf2, 0x10, 0xa7, 0x0b, 0x37, 0x6a, 0x8e, 0x50, 0x96, 0x96,
+    0x9d, 0xd9, 0x8f, 0x54, 0x45, 0x56, 0xf8, 0x64, 0x88, 0xab,
+    0x51, 0x4f, 0x9f, 0x61, 0xd9, 0x12, 0x87, 0xac, 0x1d, 0xc1,
+    0x23, 0xea, 0xb3, 0x5d, 0xa4, 0x6d, 0xfa, 0x58, 0x92, 0x8f,
+    0x77, 0x78, 0x61, 0xe5, 0xe4, 0x33, 0xdb, 0x10, 0x2d, 0xdd,
+    0xb6, 0xd7, 0xb4, 0xd0, 0x8d, 0xd1, 0xa8, 0x0b, 0x94, 0xdf,
+    0xcf, 0xd7, 0xac, 0xdf, 0x47, 0x0b, 0x38, 0xe0, 0xa5, 0xf8,
+    0xc3, 0xd2, 0xc3, 0xfb, 0x0f, 0x98, 0x00, 0x2b, 0x17, 0x3c,
+    0x44, 0x70, 0x36, 0x47, 0x27, 0x89, 0x41, 0xcb, 0x87, 0x5a,
+    0xa4, 0x2c, 0x57, 0x6d, 0x8c, 0xcb, 0xc0, 0x7d, 0x6b, 0xf5,
+    0xa1, 0x17, 0x39, 0x4a, 0xb5, 0xac, 0xc6, 0x41, 0x90, 0x66,
+    0x85, 0xc4, 0x4b, 0x18, 0xc6, 0xe6, 0x09, 0x6d, 0x6e, 0xbb,
+    0x7f, 0x72, 0x96, 0xd3, 0x21, 0x5a, 0x96, 0xaf, 0x9e, 0xb6,
+    0x0b, 0x3f, 0xe8, 0x83, 0xe5, 0x53, 0x11, 0x81, 0xc6, 0xab,
+    0x40, 0xa9, 0x09, 0xb6, 0x74, 0x5e, 0xe1, 0xc3, 0x82, 0x1e,
+    0xda, 0x2f, 0x24, 0xe0, 0x94, 0x8f, 0x07, 0xb7, 0x9b, 0xc6,
+    0x50, 0xef, 0x3a, 0x79, 0x89, 0x4d, 0x6f, 0x16, 0x33, 0x04,
+    0x24, 0x7e, 0x4a, 0xab, 0x5d, 0x03, 0x29, 0xad, 0xba, 0xa3,
+    0x6c, 0xe2, 0x05, 0xab, 0x4d, 0x69, 0xb6, 0x61, 0x39, 0x9d,
+    0xc3, 0x53, 0x11, 0xc0, 0xe3, 0xaa, 0x2e, 0xdc, 0x74, 0x09,
+    0xbd, 0x19, 0xb5, 0xbb, 0x51, 0x1e, 0x77, 0x3e, 0xce, 0x64,
+    0x13, 0xeb, 0x74, 0x03, 0xb7, 0x49, 0x99, 0xb0, 0x71, 0x99,
+    0xe6, 0x17, 0x3c, 0x80, 0xe6, 0xb5, 0x51, 0xe9, 0xb3, 0xe4,
+    0x2b, 0xaa, 0x52, 0x15, 0x99, 0x4e, 0x46, 0x6d, 0x67, 0x8e,
+    0x79, 0xc4, 0x3c, 0xa6, 0xdc, 0x8f, 0xed, 0x87, 0xb9, 0x68,
+    0x6d, 0xdc, 0x19, 0xa1, 0x52, 0x37, 0x06, 0x76, 0xad, 0xe9,
+    0x61, 0x5c, 0x82, 0x16, 0x81, 0xaf, 0x3a, 0x89, 0xbf, 0x72,
+    0xb0, 0xc7, 0x88, 0x3c, 0x58, 0xfe, 0xe4, 0xa5, 0x41, 0x50,
+    0xfc, 0x8a, 0x15, 0xb0, 0x78, 0xd4, 0x77, 0x06, 0x4b, 0xc4,
+    0x21, 0x7f, 0xaa, 0x2b, 0x88, 0x7f, 0x8c, 0x3b, 0x9b, 0xbb,
+    0x2e, 0x41, 0xcf, 0x9b, 0x06, 0xd3, 0x4d, 0xcf, 0xb2, 0x9c,
+    0x91, 0x46, 0x35, 0x3a, 0x5a, 0x0b, 0xe4, 0xac, 0x96, 0x7c,
+    0xe0, 0xd4, 0x34, 0xe5, 0xab, 0xae, 0xa7, 0x67, 0xbf, 0x4d,
+    0xab, 0x48, 0xfd, 0xcb, 0x3f, 0x5c, 0xde, 0x3f, 0x83, 0xcc,
+    0x52, 0x0f, 0xdd, 0x7f, 0x20, 0x25, 0xed, 0xee, 0xd0, 0x14,
+    0x38, 0xf7, 0x33, 0x4c, 0x3c, 0x5e, 0x23, 0x80, 0xa3, 0x0a,
+    0xe8, 0xb0, 0xef, 0x5b, 0xca, 0xc9, 0x97, 0x13, 0x98, 0xfe,
+    0x91, 0x62, 0x14, 0xa8, 0x64, 0xf6, 0x20, 0xc9, 0xc9, 0x6f,
+    0x8b, 0xc0, 0xec, 0x39, 0x15, 0xa7, 0x59, 0x62, 0x68, 0x21,
+    0xe1, 0x5f, 0xf6, 0xa1, 0x76, 0xb0, 0xca, 0x1b, 0x2a, 0x71,
+    0xe3, 0x1a, 0x24, 0x91, 0x1f, 0x3a, 0xbb, 0xf1, 0xc9, 0x09,
+    0x42, 0x48, 0x7e, 0x19, 0x1b, 0xf1, 0xf0, 0x13, 0x33, 0xf1,
+    0x62, 0x31, 0x00, 0x97, 0x73, 0x9b, 0x3c, 0x26, 0xf8, 0x42,
+    0xd0, 0xd4, 0x41, 0x1b, 0x9f, 0x7e, 0x43, 0x4b, 0x0b, 0x08,
+    0xd7, 0xa0, 0xa8, 0x32, 0x34, 0x0a, 0xc9, 0xef, 0xb8, 0xeb,
+    0xe7, 0x64, 0x3b, 0x40, 0x88, 0xe0, 0x60, 0x59, 0x07, 0xef,
+    0xb9, 0x5f, 0x71, 0x92, 0x90, 0xa4, 0x5f, 0x34, 0x38, 0x93,
+    0x92, 0x43, 0x87, 0xaf, 0xdd, 0x87, 0x63, 0x8c, 0x1d, 0xe5,
+    0x86, 0x9e, 0xe6, 0xde, 0x94, 0xdd, 0x33, 0x5d, 0x95, 0x64,
+    0xd8, 0xc4, 0x8a, 0x3c, 0xe7, 0x4b, 0xd6, 0x3f, 0xc5, 0x69,
+    0x6a, 0xa8, 0x7f, 0x0f, 0x93, 0x77, 0x02, 0x46, 0x66, 0xa5,
+    0xa0, 0x60, 0x8b, 0xec, 0xb1, 0xa2, 0xfc, 0x2a, 0x09, 0xb8,
+    0x08, 0x1c, 0x05, 0x6b, 0x78, 0xb7, 0x7a, 0xe5, 0x60, 0xa4,
+    0xaf, 0x3a, 0x9d, 0xaa, 0xf5, 0x22, 0x9b, 0x5e, 0xef, 0xc3,
+    0x46, 0xed, 0x67, 0xd0, 0x8b, 0xda, 0xb4, 0xa3, 0x34, 0x32,
+    0x20, 0x9d, 0x88, 0x7e, 0x43, 0x42, 0x6f, 0x02, 0xf8, 0x48,
+    0x9b, 0xc5, 0x02, 0xad, 0xaa, 0xa9, 0xee, 0x19, 0x1b, 0xde,
+    0x02, 0x83, 0x81, 0x10, 0xa6, 0x79, 0x4e, 0xad, 0x15, 0xf7,
+    0x3e, 0x4e, 0x1e, 0x72, 0xfe, 0x52, 0x49, 0x24, 0xce, 0x82,
+    0x31, 0x59, 0x72, 0xae, 0xd5, 0x34, 0x50, 0x87, 0x8b, 0xe3,
+    0x8e, 0xec, 0x61, 0x35, 0x13, 0x57, 0xb1, 0xe6, 0xac, 0xfb,
+    0x16, 0xc3, 0x1a, 0x98, 0x92, 0xcb, 0xcd, 0xc9, 0xf7, 0x10,
+    0x6a, 0x43, 0x96, 0x33, 0x2d, 0x6f, 0x6c, 0x76, 0xb0, 0xf6,
+    0x48, 0x4c, 0xae, 0x13, 0x67, 0x5d, 0x42, 0x01, 0x8e, 0x54,
+    0x51, 0xcc, 0x65, 0xf1, 0x95, 0x11, 0x3c, 0x96, 0x2a, 0x5a,
+    0x42, 0x3d, 0x9b, 0xbb, 0xb7, 0x7b, 0x28, 0x96, 0x09, 0xbb,
+    0xed, 0x2d, 0xbc, 0xb7, 0x90, 0x62, 0xd3, 0xbe, 0xbd, 0xae,
+    0x50, 0x15, 0x96, 0xc1, 0x03, 0x91, 0x14, 0x34, 0x4f, 0x21,
+    0xa5, 0x6e, 0x78, 0x4a, 0x5d, 0x8b, 0xcf, 0x5b, 0x1a, 0x8a,
+    0x57, 0x43, 0xb8, 0x25, 0xd3, 0xa2, 0xcd, 0x78, 0xb4, 0x93,
+    0x07, 0x7a, 0x14, 0xc1, 0x0c, 0x6f, 0x5f, 0x5e, 0xcb, 0x11,
+    0x17, 0x81, 0x0d, 0x7d, 0x0f, 0xda, 0xd1, 0x92, 0x43, 0x56,
+    0xaf, 0x75, 0x53, 0x44, 0x1f, 0xc7, 0x9c, 0xd3, 0xc5, 0x47,
+    0xe0, 0xac, 0x4a, 0x11, 0xe4, 0xfe, 0x6c, 0x80, 0x79, 0xcc,
+    0x60, 0x7a, 0xd9, 0x56, 0x65, 0x83, 0x5e, 0xcf, 0x37, 0x27,
+    0x55, 0xe2, 0x4d, 0xf9, 0xd6, 0x09, 0x2d, 0xee, 0xda, 0x10,
+    0x6b, 0xdc, 0xd2, 0x70, 0x46, 0x94, 0xaa, 0xf5, 0x21, 0xc5,
+    0xf0, 0x79, 0xdb, 0x9b, 0x8e, 0x9a, 0xdb, 0x5a, 0x56, 0x41,
+    0x43, 0xe7, 0x1f, 0x8d, 0xfd, 0xda, 0x12, 0x5f, 0xf7, 0x9e,
+    0x47, 0x1a, 0xf7, 0x73, 0x40, 0x67, 0xc2, 0x61, 0x07, 0x33,
+    0x16, 0x78, 0x60, 0x05, 0x85, 0x5c, 0x2f, 0x2b, 0xbf, 0x2c,
+    0x7a, 0x39, 0xc6, 0xed, 0xcb, 0x43, 0x66, 0x27, 0x93, 0xcd,
+    0x92, 0x8d, 0x62, 0x8c, 0xaa, 0x61, 0x1c, 0x9c, 0x4c, 0x90,
+    0xba, 0xba, 0x4b, 0xc1, 0xf1, 0x22, 0xde, 0xe0, 0xf9, 0x3e,
+    0x04, 0xb9, 0x56, 0xa3, 0x1c, 0xe8, 0xda, 0xd6, 0x09, 0x4a,
+    0x7d, 0x89, 0xbc, 0xf4, 0xe8, 0x4d, 0xa1, 0xe8, 0x34, 0x90,
+    0xa5, 0x31, 0x3a, 0xec, 0x56, 0xc5, 0xd2, 0x92, 0x0b, 0xe9,
+    0x58, 0xbb, 0xb2, 0x84, 0x9b, 0xa9, 0x1d, 0x19, 0xdb, 0x7a,
+    0x02, 0x75, 0x79, 0x16, 0x35, 0xee, 0x3a, 0x3f, 0x4e, 0x5e,
+    0x11, 0x90, 0x04, 0x03, 0xce, 0x8b, 0xa0, 0xd8, 0xc1, 0xee,
+    0x52, 0x33, 0x6e, 0xd2, 0x6e, 0x06, 0x5c, 0x99, 0x24, 0x6f,
+    0x16, 0xd9, 0x90, 0x28, 0xe5, 0x2d, 0x91, 0x6f, 0x1a, 0x57,
+    0xf0, 0x4c, 0x7c, 0x3f, 0x7b, 0xd7, 0x30, 0xed, 0x6d, 0x21,
+    0xb7, 0xf8, 0xed, 0xf3, 0x34, 0x89, 0xfa, 0xf0, 0x51, 0x6f,
+    0x99, 0xa0, 0x5e, 0xf8, 0x74, 0xc7, 0x4f, 0xb5, 0x59, 0x52,
+    0xbe, 0x45, 0xac, 0x3f, 0x34, 0x51, 0x87, 0x6e, 0x84, 0xea,
+    0xb0, 0x40, 0xe1, 0x84, 0x16, 0x66, 0x30, 0xf1, 0x5c, 0xb2,
+    0x74, 0x25, 0x03, 0xe3, 0x2e, 0x82, 0xc5, 0x60, 0x9d, 0xe4,
+    0xca, 0xec, 0x49, 0x6b, 0x4e, 0x5a, 0x09, 0xa8, 0xfe, 0xff,
+    0x1d, 0xa1, 0xe8, 0xec, 0x9a, 0x22, 0x3b, 0xd6, 0x72, 0x93,
+    0x6f, 0x6b, 0x5a, 0xfb, 0x2d, 0x5a, 0xde, 0x01, 0x3e, 0xf6,
+    0xdc, 0x77, 0x55, 0x1e, 0x32, 0x19, 0xc8, 0xa1, 0xbb, 0xcf,
+    0xcb, 0x41, 0x54, 0xa2, 0xcb, 0xe6, 0x61, 0xca, 0x43, 0x63,
+    0xd2, 0x2c, 0xae, 0xf4, 0xd9, 0x49, 0xb1, 0x75, 0x1a, 0x06,
+    0x92, 0x13, 0x90, 0x57, 0x89, 0x8e, 0x9f, 0x26, 0xc5, 0x14,
+    0xd8, 0xc7, 0x93, 0xb2, 0xaa, 0x3a, 0x9c, 0x10, 0xd5, 0x68,
+    0x52, 0x28, 0x39, 0xee, 0x30, 0xdc, 0x00, 0x4b, 0x65, 0x72,
+    0x59, 0x98, 0xad, 0x2e, 0x8c, 0xaf, 0x4e, 0x79, 0x0a, 0x8c,
+    0x0c, 0x9d, 0xb6, 0x43, 0x26, 0x83, 0x71, 0x7b, 0x1e, 0x86,
+    0x4d, 0x33, 0xd7, 0x20, 0x29, 0x6a, 0xbf, 0x2f, 0x8e, 0x4b,
+    0x13, 0x35, 0x65, 0xc8, 0xec, 0xe3, 0x2c, 0xde, 0xfb, 0x30,
+    0x57, 0xa9, 0x92, 0x22, 0x5d, 0x79, 0x16, 0x07, 0x73, 0x9b,
+    0xe2, 0x6e, 0xd4, 0x99, 0xb4, 0x35, 0xfd, 0xa2, 0xb5, 0xd9,
+    0xe5, 0x74, 0xd1, 0xb2, 0xcf, 0x32, 0xf1, 0x19, 0x69, 0xcf,
+    0x1e, 0x10, 0xcc, 0x3c, 0xaf, 0xbe, 0xa4, 0x33, 0x11, 0x83,
+    0x64, 0xc0, 0x39, 0xe5, 0xb0, 0x8f, 0x32, 0xf4, 0x01, 0x6a,
+    0x2a, 0x11, 0x8e, 0xdd, 0x03, 0x81, 0x39, 0xe7, 0x70, 0x16,
+    0x2f, 0x0e, 0x24, 0xa9, 0x12, 0x0b, 0xdb, 0xa8, 0x6c, 0xb3,
+    0xf3, 0x74, 0x95, 0xca, 0x64, 0x1d, 0xee, 0x25, 0xc5, 0x27,
+    0xed, 0x0f, 0x82, 0xb5, 0x7a, 0x62, 0x27, 0xb2, 0x87, 0x53,
+    0x11, 0x39, 0x5e, 0xb8, 0x11, 0xca, 0x25, 0xe8, 0x17, 0x46,
+    0xd3, 0x0f, 0x5d, 0x70, 0x68, 0xe1, 0x5f, 0xd1, 0xab, 0x65,
+    0xe5, 0x42, 0x87, 0x1e, 0x96, 0xaf, 0x13, 0x0c, 0x9b, 0x15,
+    0x75, 0x14, 0x31, 0x75, 0xcc, 0x15, 0xbf, 0x2c, 0x74, 0xab,
+    0xc9, 0x9c, 0xda, 0x62, 0x1d, 0xeb, 0x19, 0x81, 0x67, 0x5e,
+    0xcd, 0x54, 0x87, 0x07, 0x67, 0xba, 0xe3, 0xf6, 0x03, 0xbe,
+    0x6d, 0x64, 0x2d, 0xbc, 0xec, 0x54, 0x13, 0x12, 0x5b, 0x44,
+    0x90, 0x95, 0x86, 0x77, 0x8c, 0x59, 0xbd, 0x8e, 0xba, 0xb1,
+    0x12, 0xea, 0xc1, 0x94, 0x37, 0xa0, 0x11, 0xff, 0xb2, 0xa4,
+    0xc3, 0x61, 0xf2, 0xa3, 0x49, 0xbe, 0xe7, 0xb6, 0x96, 0x2f,
+};
+static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key);
 
-    print OUT_FILE "/* $fname */\n";
-    print OUT_FILE "static const unsigned char $sname\[] =\n";
-    print OUT_FILE "{\n";
-    file_to_hex($fname);
-    print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
-}
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
-print OUT_FILE "#endif /* HAVE_PQC && HAVE_DILITHIUM */\n\n";
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
+static const unsigned char bench_dilithium_level2_pubkey[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b,
+    0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81,
+    0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31,
+    0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a,
+    0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79,
+    0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7,
+    0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8,
+    0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c,
+    0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02,
+    0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26,
+    0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a,
+    0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38,
+    0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d,
+    0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4,
+    0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb,
+    0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8,
+    0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c,
+    0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72,
+    0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe,
+    0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa,
+    0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92,
+    0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5,
+    0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2,
+    0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b,
+    0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e,
+    0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77,
+    0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58,
+    0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad,
+    0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55,
+    0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f,
+    0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc,
+    0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27,
+    0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d,
+    0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51,
+    0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18,
+    0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21,
+    0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79,
+    0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b,
+    0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f,
+    0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50,
+    0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d,
+    0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83,
+    0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46,
+    0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5,
+    0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19,
+    0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b,
+    0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc,
+    0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20,
+    0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45,
+    0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff,
+    0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07,
+    0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a,
+    0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e,
+    0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5,
+    0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00,
+    0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d,
+    0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34,
+    0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3,
+    0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12,
+    0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1,
+    0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37,
+    0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde,
+    0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9,
+    0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee,
+    0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f,
+    0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b,
+    0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4,
+    0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf,
+    0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3,
+    0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75,
+    0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87,
+    0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45,
+    0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f,
+    0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39,
+    0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf,
+    0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d,
+    0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55,
+    0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0,
+    0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49,
+    0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3,
+    0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6,
+    0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71,
+    0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d,
+    0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a,
+    0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac,
+    0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9,
+    0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe,
+    0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e,
+    0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2,
+    0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7,
+    0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9,
+    0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f,
+    0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d,
+    0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa,
+    0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60,
+    0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef,
+    0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82,
+    0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83,
+    0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61,
+    0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e,
+    0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2,
+    0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37,
+    0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f,
+    0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3,
+    0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34,
+    0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9,
+    0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12,
+    0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e,
+    0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a,
+    0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5,
+    0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7,
+    0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9,
+    0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76,
+    0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7,
+    0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66,
+    0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99,
+    0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a,
+    0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1,
+    0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68,
+    0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39,
+    0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a,
+    0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81,
+    0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42,
+    0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d,
+    0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6,
+    0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
+    0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
+    0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
+    0xfe, 0x4b,
+};
+static const int sizeof_bench_dilithium_level2_pubkey =
+    sizeof(bench_dilithium_level2_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
+static const unsigned char bench_dilithium_level3_key[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x72, 0xdd, 0x85, 0x06, 0xf6, 0x94, 0x0a, 0x57,
+    0x52, 0xcd, 0xac, 0x83, 0x4a, 0xe5, 0xbe, 0xa4, 0x30, 0x79,
+    0x9e, 0xc6, 0xd6, 0x04, 0xc8, 0x73, 0xdc, 0x5e, 0x41, 0x75,
+    0x2f, 0xac, 0x76, 0x57, 0x03, 0x08, 0x46, 0xcb, 0xaf, 0x4c,
+    0x6a, 0x4f, 0x20, 0x18, 0xb3, 0x2e, 0x11, 0x54, 0xb5, 0x94,
+    0xe6, 0x6f, 0x76, 0xf6, 0xb9, 0x73, 0x9a, 0x07, 0x73, 0xe8,
+    0x90, 0xd1, 0x04, 0xda, 0xc5, 0x97, 0xb9, 0x52, 0x51, 0xc8,
+    0xc9, 0xcc, 0x87, 0x29, 0xa1, 0xde, 0x79, 0x9b, 0xf8, 0x7f,
+    0x80, 0x3f, 0xfd, 0xb3, 0x24, 0xa5, 0xba, 0xf5, 0xd6, 0xd4,
+    0x07, 0xbd, 0xa7, 0x1b, 0xd0, 0xe1, 0xd0, 0x43, 0x14, 0x52,
+    0x27, 0x03, 0x33, 0x76, 0x00, 0x67, 0x30, 0x23, 0x76, 0x34,
+    0x72, 0x02, 0x41, 0x62, 0x12, 0x43, 0x86, 0x30, 0x18, 0x28,
+    0x46, 0x27, 0x45, 0x20, 0x88, 0x33, 0x54, 0x10, 0x03, 0x81,
+    0x44, 0x50, 0x06, 0x44, 0x56, 0x30, 0x37, 0x38, 0x38, 0x46,
+    0x03, 0x85, 0x01, 0x86, 0x43, 0x80, 0x78, 0x28, 0x83, 0x55,
+    0x37, 0x44, 0x80, 0x12, 0x17, 0x51, 0x78, 0x46, 0x22, 0x01,
+    0x53, 0x54, 0x63, 0x87, 0x77, 0x38, 0x11, 0x81, 0x43, 0x30,
+    0x15, 0x47, 0x66, 0x11, 0x40, 0x65, 0x70, 0x56, 0x62, 0x28,
+    0x21, 0x65, 0x30, 0x45, 0x63, 0x53, 0x31, 0x80, 0x81, 0x71,
+    0x23, 0x62, 0x85, 0x03, 0x07, 0x56, 0x16, 0x28, 0x18, 0x35,
+    0x07, 0x38, 0x60, 0x68, 0x17, 0x30, 0x15, 0x20, 0x04, 0x13,
+    0x13, 0x61, 0x51, 0x58, 0x00, 0x37, 0x51, 0x58, 0x14, 0x06,
+    0x12, 0x55, 0x13, 0x46, 0x76, 0x05, 0x51, 0x87, 0x32, 0x62,
+    0x50, 0x41, 0x88, 0x24, 0x50, 0x31, 0x65, 0x36, 0x31, 0x02,
+    0x75, 0x35, 0x78, 0x27, 0x36, 0x08, 0x01, 0x77, 0x22, 0x77,
+    0x30, 0x80, 0x11, 0x21, 0x28, 0x26, 0x68, 0x27, 0x13, 0x70,
+    0x50, 0x44, 0x88, 0x20, 0x50, 0x67, 0x65, 0x74, 0x17, 0x46,
+    0x50, 0x16, 0x42, 0x75, 0x35, 0x12, 0x60, 0x12, 0x17, 0x13,
+    0x36, 0x72, 0x04, 0x77, 0x07, 0x55, 0x20, 0x27, 0x15, 0x02,
+    0x25, 0x12, 0x57, 0x71, 0x37, 0x45, 0x43, 0x34, 0x40, 0x31,
+    0x78, 0x50, 0x31, 0x28, 0x17, 0x84, 0x87, 0x43, 0x25, 0x75,
+    0x58, 0x05, 0x61, 0x56, 0x41, 0x44, 0x57, 0x67, 0x85, 0x54,
+    0x00, 0x88, 0x88, 0x50, 0x68, 0x11, 0x14, 0x42, 0x08, 0x74,
+    0x73, 0x00, 0x38, 0x08, 0x45, 0x28, 0x62, 0x43, 0x36, 0x20,
+    0x30, 0x10, 0x87, 0x83, 0x67, 0x62, 0x02, 0x48, 0x46, 0x50,
+    0x08, 0x08, 0x41, 0x43, 0x78, 0x22, 0x65, 0x87, 0x43, 0x84,
+    0x25, 0x36, 0x58, 0x64, 0x30, 0x10, 0x20, 0x68, 0x82, 0x47,
+    0x60, 0x31, 0x76, 0x68, 0x74, 0x68, 0x75, 0x61, 0x16, 0x26,
+    0x82, 0x50, 0x32, 0x61, 0x41, 0x22, 0x38, 0x20, 0x86, 0x75,
+    0x74, 0x00, 0x77, 0x12, 0x81, 0x35, 0x51, 0x78, 0x88, 0x64,
+    0x82, 0x00, 0x41, 0x55, 0x62, 0x87, 0x51, 0x41, 0x74, 0x51,
+    0x53, 0x27, 0x33, 0x84, 0x68, 0x86, 0x57, 0x60, 0x44, 0x30,
+    0x22, 0x32, 0x10, 0x52, 0x22, 0x83, 0x48, 0x53, 0x66, 0x74,
+    0x14, 0x52, 0x32, 0x71, 0x41, 0x08, 0x83, 0x67, 0x41, 0x38,
+    0x46, 0x80, 0x88, 0x14, 0x84, 0x30, 0x85, 0x35, 0x46, 0x20,
+    0x54, 0x84, 0x56, 0x84, 0x54, 0x82, 0x14, 0x11, 0x52, 0x07,
+    0x86, 0x46, 0x05, 0x82, 0x26, 0x85, 0x75, 0x07, 0x88, 0x75,
+    0x51, 0x17, 0x54, 0x32, 0x68, 0x66, 0x08, 0x23, 0x66, 0x06,
+    0x42, 0x28, 0x00, 0x84, 0x27, 0x27, 0x43, 0x47, 0x12, 0x27,
+    0x13, 0x15, 0x17, 0x74, 0x85, 0x14, 0x12, 0x62, 0x06, 0x47,
+    0x17, 0x60, 0x00, 0x10, 0x85, 0x16, 0x55, 0x64, 0x46, 0x62,
+    0x77, 0x05, 0x51, 0x23, 0x52, 0x37, 0x51, 0x78, 0x35, 0x66,
+    0x14, 0x15, 0x78, 0x40, 0x16, 0x54, 0x67, 0x30, 0x61, 0x24,
+    0x26, 0x86, 0x56, 0x83, 0x62, 0x78, 0x88, 0x83, 0x50, 0x06,
+    0x13, 0x21, 0x33, 0x73, 0x16, 0x44, 0x86, 0x77, 0x65, 0x28,
+    0x12, 0x40, 0x62, 0x54, 0x55, 0x84, 0x00, 0x11, 0x77, 0x38,
+    0x71, 0x51, 0x38, 0x32, 0x33, 0x67, 0x15, 0x77, 0x24, 0x33,
+    0x44, 0x11, 0x05, 0x65, 0x13, 0x03, 0x72, 0x63, 0x81, 0x58,
+    0x08, 0x03, 0x34, 0x23, 0x61, 0x00, 0x02, 0x63, 0x86, 0x40,
+    0x03, 0x71, 0x34, 0x27, 0x45, 0x10, 0x34, 0x26, 0x83, 0x28,
+    0x31, 0x35, 0x26, 0x05, 0x58, 0x41, 0x11, 0x10, 0x65, 0x35,
+    0x22, 0x42, 0x28, 0x88, 0x46, 0x06, 0x57, 0x33, 0x88, 0x46,
+    0x04, 0x86, 0x88, 0x88, 0x51, 0x74, 0x82, 0x27, 0x58, 0x14,
+    0x11, 0x08, 0x13, 0x16, 0x61, 0x16, 0x14, 0x44, 0x83, 0x85,
+    0x71, 0x44, 0x55, 0x82, 0x16, 0x62, 0x85, 0x05, 0x43, 0x41,
+    0x73, 0x53, 0x60, 0x01, 0x80, 0x68, 0x33, 0x13, 0x43, 0x44,
+    0x73, 0x36, 0x65, 0x35, 0x22, 0x26, 0x13, 0x31, 0x36, 0x83,
+    0x30, 0x27, 0x15, 0x11, 0x54, 0x53, 0x24, 0x84, 0x75, 0x24,
+    0x72, 0x78, 0x34, 0x24, 0x35, 0x80, 0x06, 0x38, 0x88, 0x11,
+    0x41, 0x01, 0x34, 0x87, 0x77, 0x20, 0x14, 0x50, 0x55, 0x12,
+    0x17, 0x48, 0x87, 0x74, 0x58, 0x42, 0x31, 0x46, 0x36, 0x37,
+    0x26, 0x50, 0x04, 0x75, 0x77, 0x15, 0x41, 0x53, 0x04, 0x04,
+    0x26, 0x61, 0x65, 0x87, 0x55, 0x56, 0x07, 0x81, 0x28, 0x21,
+    0x41, 0x61, 0x41, 0x50, 0x17, 0x47, 0x25, 0x50, 0x20, 0x83,
+    0x46, 0x87, 0x18, 0x45, 0x40, 0x21, 0x06, 0x08, 0x12, 0x25,
+    0x71, 0x13, 0x35, 0x55, 0x54, 0x61, 0x00, 0x52, 0x74, 0x78,
+    0x13, 0x84, 0x55, 0x40, 0x14, 0x40, 0x78, 0x12, 0x88, 0x43,
+    0x33, 0x24, 0x66, 0x88, 0x22, 0x44, 0x15, 0x37, 0x81, 0x27,
+    0x84, 0x18, 0x28, 0x11, 0x58, 0x51, 0x71, 0x21, 0x02, 0x83,
+    0x70, 0x48, 0x32, 0x46, 0x00, 0x70, 0x17, 0x30, 0x63, 0x21,
+    0x46, 0x60, 0x50, 0x72, 0x77, 0x45, 0x83, 0x75, 0x26, 0x31,
+    0x47, 0x34, 0x47, 0x84, 0x87, 0x63, 0x22, 0x83, 0x21, 0x10,
+    0x21, 0x51, 0x47, 0x46, 0x31, 0x06, 0x57, 0x82, 0x65, 0x24,
+    0x61, 0x66, 0x24, 0x68, 0x14, 0x03, 0x43, 0x41, 0x04, 0x14,
+    0x47, 0x61, 0x57, 0x87, 0x43, 0x83, 0x43, 0x25, 0x87, 0x36,
+    0x72, 0x51, 0x38, 0x51, 0x54, 0x54, 0x84, 0x40, 0x15, 0x30,
+    0x35, 0x34, 0x43, 0x61, 0x63, 0x42, 0x77, 0x31, 0x42, 0x06,
+    0x61, 0x03, 0x01, 0x41, 0x08, 0x84, 0x02, 0x65, 0x04, 0x72,
+    0x32, 0x00, 0x21, 0x10, 0x54, 0x73, 0x04, 0x42, 0x48, 0x11,
+    0x74, 0x18, 0x63, 0x73, 0x28, 0x61, 0x36, 0x80, 0x20, 0x86,
+    0x24, 0x42, 0x16, 0x11, 0x71, 0x83, 0x78, 0x38, 0x82, 0x47,
+    0x67, 0x18, 0x56, 0x86, 0x85, 0x66, 0x18, 0x24, 0x50, 0x74,
+    0x72, 0x02, 0x66, 0x83, 0x63, 0x08, 0x25, 0x32, 0x15, 0x78,
+    0x33, 0x08, 0x34, 0x44, 0x08, 0x28, 0x10, 0x25, 0x40, 0x11,
+    0x04, 0x76, 0x60, 0x16, 0x65, 0x16, 0x13, 0x30, 0x53, 0x14,
+    0x77, 0x06, 0x06, 0x88, 0x64, 0x47, 0x08, 0x23, 0x11, 0x56,
+    0x46, 0x61, 0x48, 0x64, 0x73, 0x66, 0x07, 0x65, 0x41, 0x24,
+    0x67, 0x45, 0x42, 0x18, 0x62, 0x01, 0x70, 0x88, 0x03, 0x77,
+    0x22, 0x85, 0x77, 0x02, 0x85, 0x03, 0x65, 0x15, 0x57, 0x51,
+    0x28, 0x72, 0x53, 0x32, 0x05, 0x58, 0x84, 0x54, 0x03, 0x81,
+    0x63, 0x23, 0x38, 0x27, 0x01, 0x85, 0x61, 0x12, 0x28, 0x62,
+    0x22, 0x67, 0x56, 0x66, 0x63, 0x08, 0x74, 0x63, 0x21, 0x01,
+    0x46, 0x10, 0x08, 0x18, 0x07, 0x86, 0x47, 0x70, 0x50, 0x25,
+    0x45, 0x06, 0x55, 0x88, 0x46, 0x11, 0x23, 0x84, 0x70, 0x02,
+    0x24, 0x88, 0x52, 0x60, 0x12, 0x72, 0x63, 0x05, 0x81, 0x21,
+    0x26, 0x07, 0x64, 0x03, 0x56, 0x48, 0x27, 0x04, 0x38, 0x86,
+    0x25, 0x65, 0x21, 0x25, 0x77, 0x21, 0x62, 0x28, 0x82, 0x71,
+    0x85, 0x73, 0x78, 0x24, 0x78, 0x51, 0x61, 0x02, 0x81, 0x14,
+    0x67, 0x61, 0x08, 0x88, 0x31, 0x77, 0x06, 0x24, 0x45, 0x13,
+    0x67, 0x67, 0x54, 0x67, 0x00, 0x12, 0x62, 0x54, 0x11, 0x27,
+    0x51, 0x48, 0x07, 0x33, 0x01, 0x24, 0x04, 0x64, 0x11, 0x83,
+    0x18, 0x52, 0x55, 0x23, 0x24, 0x58, 0x53, 0x78, 0x30, 0x43,
+    0x31, 0x76, 0x62, 0x01, 0x08, 0x73, 0x21, 0x32, 0x12, 0x78,
+    0x22, 0x68, 0x33, 0x45, 0x33, 0x73, 0x02, 0x74, 0x21, 0x81,
+    0x02, 0x16, 0x54, 0x31, 0x55, 0x76, 0x25, 0x76, 0x41, 0x36,
+    0x75, 0x22, 0x78, 0x16, 0x60, 0x48, 0x58, 0x28, 0x83, 0x50,
+    0x88, 0x66, 0x72, 0x70, 0x21, 0x21, 0x24, 0x16, 0x62, 0x57,
+    0x20, 0x13, 0x80, 0x61, 0x15, 0x45, 0x42, 0x86, 0x00, 0x25,
+    0x77, 0x58, 0x84, 0x01, 0x66, 0x16, 0x46, 0x56, 0x68, 0x57,
+    0x12, 0x20, 0x75, 0x60, 0x41, 0x85, 0x02, 0x88, 0x12, 0x68,
+    0x20, 0x02, 0x41, 0x18, 0x87, 0x13, 0x17, 0x33, 0x74, 0x11,
+    0x08, 0x37, 0x47, 0x08, 0x31, 0x67, 0x08, 0x50, 0x61, 0x54,
+    0x56, 0x71, 0x63, 0x26, 0x85, 0x22, 0x07, 0x87, 0x71, 0x28,
+    0x20, 0x47, 0x48, 0x66, 0x54, 0x38, 0x03, 0x41, 0x38, 0x21,
+    0x70, 0x50, 0x66, 0x53, 0x56, 0x70, 0x74, 0x55, 0x70, 0x28,
+    0x52, 0x01, 0x42, 0x65, 0x53, 0x73, 0x32, 0x33, 0x67, 0x42,
+    0x67, 0x85, 0x18, 0x45, 0x12, 0x37, 0x58, 0x82, 0x13, 0x73,
+    0x78, 0x77, 0x03, 0x42, 0x04, 0x65, 0x55, 0x66, 0x07, 0x25,
+    0x07, 0x37, 0x40, 0x78, 0x66, 0x71, 0x11, 0x21, 0x43, 0x25,
+    0x87, 0x40, 0x58, 0x63, 0x33, 0x43, 0x52, 0x10, 0x31, 0x53,
+    0x56, 0x48, 0x05, 0x55, 0x77, 0x77, 0x26, 0x87, 0x28, 0x43,
+    0x61, 0x46, 0x11, 0x76, 0x82, 0x50, 0x42, 0x04, 0x32, 0x88,
+    0x18, 0x66, 0x16, 0x36, 0x64, 0x41, 0x38, 0x17, 0x55, 0x43,
+    0x06, 0x25, 0x80, 0x27, 0x21, 0x16, 0x81, 0x22, 0x64, 0x60,
+    0x38, 0x16, 0x82, 0x40, 0x72, 0x34, 0x73, 0x52, 0x61, 0x85,
+    0x11, 0x16, 0x00, 0x25, 0x03, 0x30, 0x06, 0x80, 0x21, 0x56,
+    0x64, 0x52, 0x23, 0x26, 0x37, 0x75, 0x73, 0x65, 0x53, 0x27,
+    0x37, 0x47, 0x56, 0x76, 0x80, 0x38, 0x53, 0x62, 0x14, 0x24,
+    0x64, 0x03, 0x66, 0x21, 0x72, 0x16, 0x36, 0x34, 0x11, 0x65,
+    0x61, 0x62, 0x86, 0x02, 0x83, 0x27, 0x80, 0x82, 0x70, 0x72,
+    0x52, 0x60, 0x20, 0x87, 0x58, 0x58, 0x14, 0x38, 0x47, 0x03,
+    0x10, 0x72, 0x60, 0x48, 0x02, 0x01, 0x17, 0x21, 0x61, 0x62,
+    0x38, 0x64, 0x27, 0x53, 0x57, 0x13, 0x68, 0x18, 0x26, 0x62,
+    0x43, 0x42, 0x21, 0x85, 0x70, 0x23, 0x58, 0x13, 0x72, 0x04,
+    0x04, 0x08, 0x05, 0x82, 0x26, 0x18, 0x82, 0x47, 0x87, 0x71,
+    0x32, 0x28, 0x68, 0x25, 0x87, 0x24, 0x06, 0x74, 0x41, 0x44,
+    0x08, 0x64, 0x68, 0x30, 0x24, 0x44, 0x21, 0x73, 0x03, 0x45,
+    0x70, 0x41, 0x06, 0x78, 0x38, 0x33, 0x88, 0x13, 0x31, 0x14,
+    0x18, 0x17, 0x45, 0x06, 0x26, 0x67, 0x66, 0x73, 0x82, 0x56,
+    0x66, 0x88, 0x70, 0x22, 0x55, 0x47, 0x27, 0x50, 0x86, 0x55,
+    0x53, 0x00, 0x28, 0x55, 0x40, 0x62, 0xe9, 0x37, 0x65, 0xe1,
+    0x30, 0x48, 0x6b, 0x35, 0x76, 0x96, 0x05, 0x21, 0xce, 0xed,
+    0x46, 0xae, 0x7e, 0x6d, 0xc9, 0xf1, 0xc9, 0xb3, 0x7a, 0xa7,
+    0xde, 0xa7, 0x62, 0x18, 0x11, 0xc0, 0xd8, 0xd0, 0x17, 0x0f,
+    0x38, 0xaf, 0x0e, 0x3d, 0xaf, 0xe6, 0x63, 0xb0, 0xc4, 0x68,
+    0x4e, 0x29, 0xa4, 0xf4, 0x20, 0x22, 0xbc, 0x82, 0x15, 0x1d,
+    0x08, 0x39, 0x18, 0xfe, 0x69, 0x55, 0x06, 0x3d, 0xf4, 0xa3,
+    0xe7, 0x29, 0x23, 0xa4, 0xd9, 0xa4, 0x22, 0x06, 0x2d, 0x5f,
+    0x22, 0xb3, 0x9b, 0x1c, 0xb6, 0x3e, 0xf3, 0xf4, 0x8a, 0xb3,
+    0x35, 0x18, 0x4c, 0x1f, 0xaf, 0xd4, 0xcf, 0x5b, 0x9b, 0xa7,
+    0xf8, 0xd2, 0x86, 0x71, 0x8e, 0x64, 0x96, 0xd1, 0x6e, 0xad,
+    0xd2, 0x7e, 0x16, 0x5b, 0x38, 0x91, 0x0e, 0x40, 0xaa, 0x07,
+    0x6a, 0x63, 0x2a, 0xc0, 0x5b, 0x14, 0x79, 0x52, 0xcb, 0x23,
+    0x6e, 0x76, 0x95, 0xd0, 0x90, 0x6c, 0x18, 0xe7, 0x89, 0xee,
+    0xb9, 0x7f, 0x33, 0x08, 0x35, 0x8f, 0xa3, 0xaa, 0xaa, 0x10,
+    0x2f, 0x8b, 0xc9, 0x6c, 0x1d, 0x95, 0xb5, 0xb8, 0x54, 0x0d,
+    0x67, 0x86, 0xd4, 0x5d, 0xae, 0x8f, 0x33, 0x20, 0xe2, 0x35,
+    0xda, 0x71, 0x53, 0x24, 0xad, 0x16, 0x84, 0x2e, 0x98, 0xcd,
+    0x00, 0xa2, 0x69, 0x6a, 0x12, 0x9a, 0x86, 0xf3, 0x9f, 0x18,
+    0x6c, 0x9f, 0x24, 0xbe, 0xb3, 0xf4, 0x90, 0xb3, 0xc4, 0xa4,
+    0x8b, 0xce, 0x88, 0x60, 0xa0, 0x91, 0xb8, 0x9a, 0x52, 0xe5,
+    0xfe, 0x16, 0x6d, 0xff, 0xb3, 0xdc, 0x50, 0x79, 0xfe, 0x31,
+    0x24, 0xd4, 0x59, 0x5f, 0xf9, 0xb4, 0x70, 0x0b, 0x15, 0x93,
+    0xd9, 0xe9, 0x92, 0xb6, 0xf5, 0x80, 0x34, 0x63, 0x66, 0x78,
+    0xcf, 0xa9, 0xce, 0x48, 0xbf, 0xbe, 0x9e, 0xfa, 0xdd, 0x7d,
+    0xf4, 0x16, 0xe2, 0xd2, 0x98, 0x13, 0xe2, 0x76, 0xdd, 0x0a,
+    0xc7, 0x2d, 0xe8, 0x88, 0x8e, 0x1a, 0xc0, 0xfc, 0xe8, 0x35,
+    0xaf, 0x5d, 0xe2, 0x4c, 0x96, 0x82, 0x4c, 0xe5, 0x89, 0x14,
+    0xb8, 0x27, 0x39, 0xb5, 0x55, 0xc5, 0xa5, 0x8a, 0x01, 0xcc,
+    0xfd, 0xbd, 0xa9, 0xec, 0xae, 0xc0, 0xe7, 0xd7, 0xf8, 0x11,
+    0x84, 0x35, 0x99, 0x26, 0xb6, 0xc6, 0xf7, 0x35, 0xe0, 0x93,
+    0xd8, 0xd7, 0xbf, 0xc0, 0xc8, 0x44, 0xfd, 0x46, 0xf5, 0xb7,
+    0xc5, 0x5a, 0x75, 0xd3, 0xc7, 0xfa, 0xf4, 0xe1, 0xc0, 0x84,
+    0x5e, 0x31, 0xfe, 0x69, 0x80, 0x5a, 0xe5, 0x4b, 0x9b, 0x5b,
+    0xa4, 0x5c, 0x23, 0xaa, 0x85, 0xc9, 0x9a, 0xbd, 0x71, 0x49,
+    0x11, 0x30, 0x8b, 0x81, 0xa1, 0xdd, 0xf8, 0xb8, 0x74, 0x91,
+    0xe7, 0xf7, 0x82, 0x42, 0x70, 0x22, 0x95, 0xf0, 0xcc, 0x9f,
+    0x02, 0x33, 0x0f, 0x08, 0x3b, 0x04, 0x31, 0xd7, 0x4f, 0x86,
+    0x78, 0x49, 0xb9, 0x90, 0xf5, 0x8f, 0xec, 0x12, 0x84, 0x52,
+    0x03, 0x1f, 0x64, 0x5e, 0xf0, 0x2a, 0xeb, 0x87, 0xa5, 0xec,
+    0x95, 0x25, 0x64, 0x25, 0x49, 0x3b, 0x3c, 0x30, 0xed, 0x3b,
+    0xe9, 0x36, 0xfd, 0xae, 0xa6, 0x26, 0xd3, 0x45, 0xbc, 0x1b,
+    0x78, 0x5f, 0xce, 0x27, 0x45, 0x1c, 0xd5, 0xf9, 0xa7, 0xda,
+    0x62, 0xe6, 0x7e, 0xd3, 0xbb, 0xd8, 0x0a, 0xfd, 0xf5, 0xa5,
+    0x31, 0x09, 0x6e, 0x40, 0xe8, 0xcf, 0xc1, 0x42, 0x8e, 0x2e,
+    0x75, 0x65, 0xaa, 0x91, 0x6f, 0xc7, 0x75, 0x3a, 0x1e, 0x40,
+    0x99, 0x71, 0x5e, 0x00, 0xae, 0x07, 0xad, 0x43, 0x49, 0xdd,
+    0x6d, 0x36, 0xe3, 0xa8, 0xdf, 0x2c, 0x39, 0xa2, 0x57, 0xd7,
+    0x93, 0xa1, 0x16, 0x80, 0x89, 0xa6, 0x56, 0x69, 0x75, 0xea,
+    0xb8, 0xb2, 0x43, 0x0c, 0xdf, 0x46, 0x05, 0x9a, 0x39, 0x08,
+    0x3b, 0xb6, 0x76, 0xe3, 0x5b, 0x98, 0x5b, 0x48, 0xc0, 0x11,
+    0x14, 0x6f, 0xcd, 0xb7, 0xaa, 0x08, 0x1e, 0x53, 0x9b, 0x94,
+    0x9d, 0xa2, 0xe6, 0x99, 0xcb, 0x1c, 0xb4, 0xbf, 0x55, 0x84,
+    0x12, 0xc9, 0xf1, 0xf0, 0x94, 0xd9, 0x7d, 0x61, 0xa9, 0xe7,
+    0xe6, 0xc1, 0xe2, 0xca, 0x6b, 0x36, 0x80, 0x72, 0x31, 0x79,
+    0xbf, 0xe7, 0x3e, 0x99, 0x9e, 0xd5, 0x59, 0xd4, 0x97, 0x14,
+    0xd5, 0xfa, 0x93, 0x37, 0x8a, 0x65, 0xa5, 0xb6, 0x4e, 0xba,
+    0xb3, 0x84, 0xf2, 0xc1, 0x55, 0xb6, 0x94, 0x31, 0x30, 0xe7,
+    0xb2, 0x71, 0x4e, 0xc6, 0x21, 0x50, 0xf3, 0xcf, 0x7c, 0xbc,
+    0x26, 0xb7, 0x20, 0xcb, 0x2d, 0x9e, 0x55, 0x23, 0x7c, 0xf0,
+    0x97, 0x16, 0x57, 0x5b, 0xcc, 0xc5, 0x48, 0xc9, 0xc8, 0xee,
+    0x1e, 0x11, 0x6b, 0x72, 0x3b, 0x29, 0x71, 0xa4, 0xed, 0x08,
+    0x6c, 0x38, 0xc6, 0x2e, 0x64, 0x3b, 0x16, 0xd8, 0x4d, 0x19,
+    0xe8, 0x94, 0xd3, 0xd5, 0xb4, 0x18, 0xb4, 0x03, 0x24, 0x62,
+    0xe7, 0x44, 0x5e, 0x09, 0x60, 0xc6, 0xa9, 0xa6, 0xca, 0xbe,
+    0x83, 0xe5, 0xf1, 0xbd, 0x04, 0x22, 0x4b, 0x1b, 0x08, 0x0b,
+    0xa6, 0x20, 0x95, 0xf2, 0x78, 0x8c, 0x3e, 0x73, 0x03, 0x7b,
+    0x75, 0x2c, 0xe5, 0x72, 0xec, 0xc9, 0x25, 0x06, 0x6b, 0x3a,
+    0x5e, 0x0e, 0x96, 0xd0, 0xe3, 0x85, 0xb0, 0xb5, 0x6a, 0x83,
+    0x40, 0x41, 0x94, 0xce, 0xa1, 0x07, 0x79, 0x07, 0xe2, 0x50,
+    0xa4, 0xde, 0x7d, 0x64, 0x2f, 0x7e, 0x43, 0xd5, 0x72, 0xd1,
+    0xa7, 0xb9, 0x76, 0xa3, 0xfc, 0x25, 0x33, 0xd7, 0x95, 0xb5,
+    0xd9, 0x94, 0x93, 0x55, 0xaf, 0x04, 0x86, 0x4a, 0xfc, 0x2f,
+    0x5f, 0x3d, 0x34, 0x86, 0xf2, 0x9a, 0x31, 0x4c, 0xc9, 0xad,
+    0x08, 0xa5, 0x03, 0x91, 0x8a, 0x7e, 0x46, 0xc9, 0x44, 0x61,
+    0x11, 0x59, 0x4f, 0xbb, 0x70, 0xf9, 0x9d, 0x3e, 0x6d, 0x53,
+    0xb4, 0x16, 0x28, 0xd3, 0x67, 0x52, 0x14, 0xad, 0xba, 0xb1,
+    0x21, 0xaf, 0x84, 0x18, 0xc9, 0x37, 0x78, 0xb3, 0x78, 0x92,
+    0x95, 0xad, 0x1b, 0xc0, 0x70, 0xe7, 0xe9, 0x06, 0x02, 0xed,
+    0x6c, 0x99, 0x4e, 0x43, 0xc0, 0xa4, 0x6f, 0x23, 0xa8, 0x02,
+    0xc4, 0xbd, 0xc0, 0x16, 0xc4, 0xed, 0xe0, 0xe1, 0x56, 0x06,
+    0x3f, 0xf4, 0x77, 0x12, 0x72, 0x52, 0x04, 0xe8, 0xe4, 0x26,
+    0xe5, 0x01, 0x47, 0x5b, 0x8a, 0xca, 0x07, 0x3b, 0xc9, 0xb1,
+    0x42, 0x8f, 0x7d, 0x64, 0x7d, 0x5d, 0x6a, 0x95, 0xde, 0x4d,
+    0x4b, 0xd3, 0xfa, 0xcf, 0xf0, 0x25, 0x27, 0x96, 0x48, 0xb6,
+    0xcc, 0x68, 0x29, 0x37, 0x95, 0xcd, 0x36, 0xb7, 0xb0, 0xd6,
+    0xf1, 0xfc, 0x4f, 0xe9, 0xa8, 0x6b, 0x9d, 0x75, 0xc7, 0x9b,
+    0x19, 0xaf, 0xbb, 0x8a, 0xaf, 0x4b, 0xb8, 0xe2, 0xeb, 0x8d,
+    0xd9, 0xf5, 0x75, 0xc5, 0xc8, 0x0b, 0xf2, 0x1c, 0xf9, 0x9e,
+    0xc7, 0x4d, 0x7c, 0x71, 0x47, 0xbd, 0x57, 0x7e, 0xe6, 0x59,
+    0xca, 0x8c, 0xf2, 0x0c, 0x47, 0x4a, 0x90, 0xa7, 0xf5, 0xb8,
+    0xb2, 0x43, 0x97, 0xdb, 0xbe, 0x76, 0x37, 0x29, 0x36, 0x40,
+    0xaa, 0x7a, 0x81, 0xf0, 0xa0, 0xd0, 0x81, 0x39, 0x88, 0xf0,
+    0x23, 0xb0, 0xa4, 0xbe, 0x5e, 0xd8, 0x33, 0x98, 0x5d, 0x9d,
+    0xb5, 0xd4, 0x1c, 0x00, 0xe2, 0x30, 0xb8, 0x68, 0x58, 0x65,
+    0x30, 0x94, 0x3d, 0xf2, 0x75, 0x0c, 0x8e, 0x3b, 0xee, 0x9b,
+    0xce, 0x6c, 0x67, 0x68, 0x54, 0x86, 0x7d, 0x27, 0x2a, 0x2f,
+    0xf7, 0x25, 0xff, 0x22, 0x1e, 0x74, 0xbd, 0x72, 0x11, 0xf4,
+    0x47, 0x8e, 0x2f, 0x0d, 0xb9, 0x31, 0xac, 0x5c, 0x1d, 0xa0,
+    0x11, 0xea, 0x16, 0x24, 0x86, 0x76, 0xbd, 0xa3, 0x41, 0x7f,
+    0x00, 0xe6, 0xe2, 0x86, 0x93, 0xff, 0x02, 0x07, 0xce, 0x49,
+    0xe4, 0xaf, 0x00, 0x9b, 0x15, 0xa6, 0x05, 0xf7, 0x54, 0xd1,
+    0xbb, 0xa7, 0x09, 0x67, 0xe6, 0x99, 0xf9, 0x23, 0xe6, 0xaa,
+    0x6f, 0xcb, 0xe1, 0xc1, 0xac, 0x7b, 0x98, 0xa9, 0x14, 0x43,
+    0x55, 0x22, 0x2c, 0x7a, 0x4a, 0x4a, 0x63, 0xc1, 0xfe, 0x5c,
+    0xca, 0xf4, 0x91, 0x3b, 0x6f, 0xf8, 0x7e, 0x2a, 0xa1, 0x4a,
+    0xc3, 0x16, 0x1c, 0x1d, 0x53, 0x7d, 0x0e, 0x77, 0x0d, 0x72,
+    0x07, 0x78, 0xea, 0xce, 0xe4, 0x0c, 0xf7, 0xce, 0xa0, 0xef,
+    0xa1, 0xdb, 0x6b, 0x5f, 0xfd, 0xeb, 0x68, 0xc7, 0x76, 0xfd,
+    0x35, 0xd2, 0xcb, 0xa4, 0xf6, 0xe6, 0x6b, 0xdb, 0xe9, 0xd5,
+    0x1e, 0x05, 0x8a, 0xba, 0xed, 0x77, 0x94, 0x36, 0x6c, 0x3c,
+    0xe2, 0x23, 0xf8, 0x84, 0xa1, 0xe3, 0xcd, 0xfa, 0x1d, 0x31,
+    0x52, 0x4d, 0xbc, 0x16, 0x31, 0x92, 0xd7, 0xbe, 0x2e, 0xd6,
+    0x6d, 0x1d, 0x58, 0x4e, 0xd8, 0x06, 0x8f, 0xb3, 0xe6, 0x79,
+    0x60, 0x92, 0x71, 0x1f, 0x72, 0x84, 0x55, 0x7b, 0xfa, 0xc8,
+    0xcf, 0x20, 0x16, 0x2f, 0xc7, 0x13, 0x17, 0xd1, 0x2d, 0xd1,
+    0x0d, 0x84, 0x48, 0x08, 0x69, 0xd1, 0x55, 0xb1, 0x08, 0xb6,
+    0x17, 0x8c, 0x38, 0x31, 0xa4, 0x77, 0x73, 0xc0, 0xe9, 0xfc,
+    0x5f, 0x8e, 0xb3, 0x74, 0x1f, 0xab, 0xcf, 0xf5, 0x26, 0x26,
+    0x20, 0x80, 0xd8, 0x13, 0x42, 0xcf, 0xc7, 0x9d, 0xd6, 0x5b,
+    0x1a, 0xfd, 0x46, 0x83, 0xba, 0xc1, 0xe5, 0x92, 0xe9, 0x27,
+    0xa8, 0xa0, 0x36, 0xd5, 0x31, 0x75, 0x7b, 0x8f, 0x53, 0xf6,
+    0xbd, 0x08, 0x1a, 0x86, 0x81, 0x83, 0x85, 0x07, 0x44, 0x3e,
+    0xf9, 0x72, 0x47, 0xe0, 0xf1, 0xbe, 0x43, 0x6a, 0xc3, 0x00,
+    0x94, 0xd3, 0x19, 0x81, 0xde, 0xf3, 0xfd, 0x57, 0x98, 0xdc,
+    0x57, 0xfe, 0x9f, 0x4b, 0x38, 0x23, 0xad, 0xa8, 0xd4, 0x07,
+    0x07, 0x5c, 0xca, 0x25, 0xb8, 0x77, 0x7e, 0x45, 0x01, 0x9b,
+    0xd4, 0x45, 0x5b, 0x94, 0x47, 0x18, 0x35, 0x66, 0xad, 0x0a,
+    0x97, 0x06, 0xc6, 0xa7, 0xaa, 0x50, 0xbf, 0x07, 0x90, 0xfe,
+    0x50, 0x8d, 0xd9, 0x1f, 0xdd, 0x33, 0xa4, 0xa7, 0x23, 0x48,
+    0xa3, 0xd6, 0x5d, 0xb8, 0x9e, 0x97, 0x22, 0x32, 0xd3, 0x8a,
+    0xb0, 0x5e, 0xb3, 0xc9, 0x0b, 0x24, 0x09, 0x66, 0x2e, 0xea,
+    0x94, 0x9c, 0x90, 0x4f, 0x3e, 0x93, 0xcf, 0x30, 0x3f, 0xb4,
+    0xbe, 0x5e, 0x6c, 0xaf, 0x1a, 0xff, 0x00, 0xc7, 0x74, 0x2e,
+    0x8b, 0x08, 0xe9, 0x22, 0x61, 0xc5, 0xd1, 0x21, 0x15, 0xa1,
+    0xba, 0x37, 0xd2, 0x24, 0xfd, 0xa5, 0x63, 0x9a, 0x97, 0xfa,
+    0xfe, 0xb2, 0xa5, 0x1b, 0x3b, 0xbd, 0xb7, 0xb3, 0x2f, 0x3d,
+    0xf1, 0x5a, 0xf2, 0xf6, 0xe4, 0x12, 0xe4, 0x3a, 0x26, 0x3c,
+    0x21, 0x5c, 0xd6, 0x83, 0x65, 0x26, 0x86, 0xcc, 0x47, 0x84,
+    0xd7, 0x26, 0x31, 0x31, 0xcf, 0x1d, 0xd6, 0xc4, 0xa4, 0xf2,
+    0xd4, 0x25, 0x54, 0x2b, 0x81, 0x00, 0x1d, 0xd8, 0xdf, 0x04,
+    0xb8, 0x4b, 0xcf, 0xe5, 0x16, 0xf4, 0x4a, 0x17, 0xc5, 0xd8,
+    0xd3, 0xdf, 0xe4, 0xb7, 0xd3, 0x98, 0xb6, 0x73, 0xa0, 0x37,
+    0x67, 0xbb, 0x8b, 0xc3, 0xfc, 0xac, 0x6e, 0x6c, 0x0e, 0x5d,
+    0x44, 0xb0, 0x9d, 0xf8, 0xae, 0x17, 0x9b, 0xf9, 0xcb, 0xe8,
+    0xfe, 0xc1, 0x7b, 0x78, 0x16, 0xf6, 0x74, 0x04, 0x7d, 0x38,
+    0x17, 0x36, 0x09, 0xe3, 0x73, 0xa1, 0x76, 0x78, 0x7c, 0x14,
+    0xb3, 0x83, 0x91, 0x59, 0x27, 0xea, 0x8c, 0x69, 0xe6, 0xa5,
+    0x21, 0xcd, 0x78, 0xc7, 0x26, 0xa2, 0xfb, 0xd4, 0xf3, 0xaf,
+    0x3f, 0xcf, 0x51, 0x10, 0xcc, 0x4b, 0xdd, 0x14, 0xf4, 0xf3,
+    0xb8, 0xea, 0x07, 0xa7, 0x76, 0xe7, 0xbe, 0xec, 0x01, 0xb5,
+    0x1e, 0xdc, 0xc3, 0x55, 0x19, 0xb1, 0x16, 0x3f, 0xfe, 0xd4,
+    0x15, 0x49, 0xaf, 0x04, 0x9d, 0x38, 0xdd, 0x86, 0x53, 0x2a,
+    0x80, 0x62, 0x42, 0xb7, 0x98, 0x42, 0x38, 0xaf, 0x9d, 0x87,
+    0xe2, 0x3f, 0xea, 0x7e, 0x0a, 0x35, 0xb8, 0xee, 0xa5, 0x48,
+    0x09, 0x08, 0xc5, 0x0d, 0xae, 0x01, 0xd5, 0xec, 0x43, 0x29,
+    0x3b, 0xfb, 0x78, 0xc4, 0x96, 0x01, 0x1c, 0x21, 0xf2, 0xc9,
+    0x44, 0x68, 0x24, 0x66, 0x86, 0x96, 0xb8, 0xc8, 0xe9, 0xd0,
+    0x38, 0x0e, 0x96, 0x4d, 0xcc, 0x45, 0xab, 0xe1, 0xca, 0x50,
+    0x10, 0x20, 0x01, 0xbe, 0x89, 0xc0, 0x43, 0x84, 0xd8, 0x38,
+    0x52, 0xc0, 0xaf, 0x4d, 0x6b, 0x99, 0x0b, 0xc0, 0xc2, 0x99,
+    0x07, 0xc6, 0x78, 0xa8, 0xf7, 0x32, 0x84, 0x86, 0xc5, 0x1a,
+    0x95, 0x81, 0xa6, 0x6a, 0x05, 0xa7, 0x9d, 0x81, 0x0e, 0x32,
+    0x18, 0x11, 0x4a, 0x0f, 0xfc, 0x17, 0x9e, 0xf7, 0xbf, 0x54,
+    0x82, 0xed, 0xba, 0x6f, 0xbd, 0x41, 0xc1, 0xca, 0x55, 0x6c,
+    0xff, 0x32, 0x6b, 0xa2, 0x59, 0xae, 0xae, 0x92, 0xc1, 0xb5,
+    0xa6, 0xfc, 0xaf, 0x09, 0x48, 0x57, 0xd6, 0xee, 0x38, 0x99,
+    0xb4, 0xe3, 0x8f, 0xb7, 0xfc, 0x6a, 0x0a, 0x3b, 0x08, 0xe1,
+    0x81, 0x46, 0x11, 0xeb, 0x4a, 0x98, 0x43, 0x16, 0x16, 0x1f,
+    0x68, 0xdb, 0xb9, 0x71, 0x19, 0xfe, 0x8b, 0xe6, 0xb7, 0x8b,
+    0xc1, 0x3b, 0x90, 0xc5, 0x89, 0x1d, 0xca, 0xd9, 0x19, 0x6c,
+    0xe8, 0x01, 0xf4, 0x19, 0x50, 0x3e, 0x93, 0x84, 0xbf, 0xaa,
+    0x9a, 0x3d, 0x20, 0x4c, 0x4e, 0x79, 0x83, 0xec, 0x46, 0x83,
+    0x09, 0x00, 0xc3, 0x8a, 0xad, 0xd5, 0x2b, 0x08, 0xd1, 0x47,
+    0xac, 0x96, 0x0e, 0x34, 0xf0, 0x89, 0x1a, 0x0f, 0xf2, 0x51,
+    0x8d, 0x2c, 0xb5, 0xf2, 0xfe, 0x8c, 0xdc, 0xed, 0x41, 0x51,
+    0x8c, 0x71, 0x12, 0x05, 0xec, 0x68, 0x21, 0x86, 0x94, 0xf4,
+    0xfb, 0xfc, 0xaa, 0xc7, 0xc7, 0xbb, 0x74, 0xa2, 0x8b, 0x76,
+    0x62, 0x1c, 0x64, 0x11, 0xa0, 0xd0, 0x5f, 0x46, 0x64, 0xd4,
+    0x47, 0xbc, 0x8a, 0x5b, 0x2b, 0xc2, 0xc1, 0x88, 0xb2, 0x30,
+    0xbd, 0x02, 0x17, 0x18, 0x0a, 0xd7, 0x9b, 0x3d, 0x91, 0xb9,
+    0x2c, 0x83, 0x24, 0xb4, 0x8b, 0x9d, 0x02, 0xaf, 0xb2, 0x4e,
+    0x57, 0xe1, 0xb0, 0xa2, 0xf3, 0x7c, 0xde, 0x15, 0xba, 0x60,
+    0xbd, 0x80, 0xbe, 0x6d, 0x6f, 0x16, 0xb3, 0xb9, 0xb8, 0x6a,
+    0x55, 0xb4, 0xad, 0xf1, 0x01, 0x63, 0x40, 0x01, 0xba, 0x5b,
+    0x5d, 0x9a, 0xbc, 0xf0, 0x58, 0xa8, 0xf7, 0xbb, 0x8e, 0x91,
+    0xa0, 0xfd, 0x8c, 0x49, 0x8f, 0x1a, 0xbb, 0x2a, 0x28, 0x0d,
+    0x7a, 0xa6, 0xc2, 0xd7, 0x41, 0x16, 0xed, 0x61, 0x5d, 0xc4,
+    0xe7, 0xcf, 0x2b, 0xb4, 0xb9, 0x10, 0x6f, 0x38, 0x42, 0x88,
+    0x94, 0x6e, 0x75, 0x2c, 0x89, 0xac, 0xa0, 0xe9, 0x81, 0xec,
+    0x2d, 0x62, 0xa3, 0xba, 0x3c, 0x40, 0xdb, 0x65, 0x56, 0x8e,
+    0xc7, 0xd8, 0xb0, 0xd4, 0xf9, 0x04, 0x2b, 0x4c, 0x83, 0x20,
+    0xbe, 0xad, 0xb8, 0x66, 0x1c, 0x20, 0x32, 0xb3, 0xf6, 0xf1,
+    0xac, 0xa5, 0x8a, 0x72, 0x9a, 0x41, 0x1d, 0x6e, 0xa0, 0x16,
+    0xe0, 0x0c, 0x39, 0xb6, 0x06, 0x96, 0x55, 0xb7, 0xda, 0x1c,
+    0x54, 0x08, 0xf6, 0x30, 0x1b, 0xb6, 0x57, 0xca, 0x7d, 0xb0,
+    0xdc, 0x9e, 0xfa, 0x5c, 0x38, 0x7f, 0xac, 0x37, 0x80, 0x26,
+    0xba, 0xdc, 0x7a, 0x95, 0xe5, 0x7b, 0x90, 0xf3, 0x1a, 0xc7,
+    0x31, 0x8e, 0x97, 0x07, 0x9a, 0xb8, 0xbe, 0xae, 0x16, 0x11,
+    0x44, 0xb0, 0x01, 0xf5, 0xe8, 0x37, 0x1a, 0x67, 0xfe, 0x00,
+    0x8f, 0xa1, 0xf5, 0x03, 0x7c, 0xed, 0xbf, 0x42, 0xf4, 0x78,
+    0x2b, 0xfb, 0x9f, 0x8c, 0xb3, 0x63, 0x0b, 0x42, 0xbf, 0xae,
+    0x8e, 0xf7, 0x6f, 0xb4, 0xb1, 0xe8, 0x75, 0x8c, 0xdf, 0x69,
+    0xc6, 0xe1, 0x3a, 0x26, 0x05, 0x47, 0x03, 0x61, 0xfc, 0xc5,
+    0xa9, 0xc1, 0x4f, 0x70, 0xce, 0x18, 0xbb, 0x01, 0xe6, 0x11,
+    0xc9, 0xa7, 0x7e, 0x65, 0xb8, 0xdc, 0x61, 0x3d, 0x9b, 0x47,
+    0x2e, 0x34, 0x16, 0xa1, 0x73, 0x61, 0x91, 0xed, 0x45, 0xe3,
+    0x01, 0x26, 0xee, 0x16, 0x76, 0x0e, 0xb7, 0xa1, 0xc0, 0xb3,
+    0xac, 0xf0, 0xa5, 0x3b, 0xf6, 0x64, 0x1b, 0x93, 0x94, 0x5c,
+    0x8f, 0x4c, 0x25, 0x89, 0xa1, 0x92, 0x32, 0x50, 0x28, 0x03,
+    0x8b, 0xff, 0xc4, 0xf6, 0x2a, 0xe8, 0xda, 0x8d, 0xfe, 0x49,
+    0xb5, 0x33, 0x01, 0xca, 0x2d, 0x2d, 0x60, 0x33, 0xd6, 0x30,
+    0x38, 0x8a, 0x1e, 0x38, 0x3d, 0x78, 0x11, 0xff, 0xef, 0x1c,
+    0x82, 0x33, 0xbb, 0xfc, 0x95, 0xef, 0x79, 0xb0, 0x59, 0xbd,
+    0x2c, 0xfd, 0x1c, 0x3f, 0x42, 0xda, 0xdf, 0xbd, 0x56, 0xf2,
+    0xd6, 0xae, 0x2d, 0x23, 0x36, 0xed, 0xb1, 0x8d, 0x62, 0x58,
+    0x71, 0x66, 0x21, 0xe0, 0x4d, 0xee, 0xf4, 0x16, 0x48, 0xa6,
+    0xcf, 0x1a, 0x8a, 0xf0, 0x8a, 0xd1, 0x53, 0xf6, 0xe5, 0x4e,
+    0x98, 0x9d, 0x7d, 0x6c, 0xd2, 0xdf, 0xb8, 0x2d, 0xa6, 0xe5,
+    0x8a, 0xd6, 0xb5, 0xae, 0x61, 0x96, 0xfa, 0x6b, 0xca, 0x7f,
+    0x08, 0xc2, 0x2b, 0x67, 0x30, 0x5e, 0x21, 0x3b, 0xa4, 0x84,
+    0x95, 0xc6, 0x2f, 0x2c, 0x1f, 0xe2, 0x0e, 0x1a, 0xc3, 0x89,
+    0x6a, 0x6a, 0xe7, 0x08, 0xf9, 0x74, 0xee, 0x4f, 0xcd, 0x5e,
+    0xe8, 0xce, 0x55, 0x4d, 0x38, 0xed, 0x62, 0x35, 0xee, 0xfc,
+    0x14, 0x56, 0xb9, 0xf0, 0xce, 0x29, 0x1c, 0x21, 0x40, 0x51,
+    0xe4, 0x76, 0xe3, 0xa6, 0xd8, 0x3d, 0x54, 0x58, 0x51, 0xe5,
+    0xf0, 0xdc, 0x50, 0x39, 0x43, 0x67, 0x44, 0x14, 0xcc, 0x6e,
+    0x5a, 0xb1, 0x15, 0xec, 0xb4, 0x3e, 0x0e, 0xef, 0x8e, 0x72,
+    0x6a, 0xdf, 0xba, 0x37, 0x27, 0x15, 0x62, 0xc3, 0xbd, 0xee,
+    0x1d, 0xb1, 0x24, 0x2f, 0x57, 0x51, 0xf1, 0x8f, 0xfb, 0xd1,
+    0x10, 0x6f, 0x11, 0xb9, 0x94, 0x5c, 0x9c, 0x12, 0x26, 0x46,
+    0x46, 0x7b, 0x31, 0x0e, 0xad, 0x93, 0xe4, 0x4f, 0x09, 0xe3,
+    0xbf, 0xc5, 0xe3, 0x11, 0xa4, 0x25, 0x8d, 0x9b, 0x8e, 0x26,
+    0x02, 0xaa, 0x72, 0x18, 0xce, 0x89, 0x67, 0xfc, 0x1c, 0x28,
+    0xab, 0x11, 0x5a, 0x84, 0x23, 0x7c, 0x91, 0xac, 0x6b, 0x48,
+    0x9c, 0x39, 0x14, 0xa3, 0xac, 0xc6, 0x30, 0xbc, 0x1e, 0x0c,
+    0xd3, 0x34, 0x19, 0xa9, 0x2b, 0xe7, 0xa4, 0xf8, 0xc1, 0xf0,
+    0x3c, 0x60, 0xa2, 0xf7, 0x51, 0x86, 0xcf, 0x42, 0xad, 0x34,
+    0x81, 0xa6, 0x93, 0x0b, 0x88, 0x4c, 0xbf, 0xd2, 0x4f, 0xe0,
+    0xdb, 0xb2, 0x1d, 0x6d, 0xb2, 0x5c, 0xac, 0xd8, 0x64, 0x85,
+    0xc3, 0x35, 0x6e, 0x5d, 0xaf, 0x63, 0x3e, 0x47, 0xb7, 0x5d,
+    0x39, 0x21, 0x36, 0xa6, 0xd4, 0xef, 0x9e, 0x1c, 0x1f, 0xd6,
+    0xa4, 0xe0, 0xe4, 0x22, 0x75, 0x1e, 0xeb, 0x15, 0xb4, 0xee,
+    0x43, 0x37, 0x06, 0xf9, 0x77, 0xbf, 0x68, 0x9b, 0x9a, 0x7f,
+    0x38, 0x30, 0x87, 0xde, 0x0c, 0x6a, 0x39, 0x41, 0xe1, 0xed,
+    0xf4, 0x18, 0x6e, 0x29, 0x44, 0xf0, 0xfc, 0xb6, 0x09, 0x5b,
+    0xb3, 0x30, 0xc9, 0x0a, 0x8c, 0x41, 0x6f, 0x1e, 0x95, 0xbe,
+    0x93, 0x3c, 0x11, 0x9b, 0x24, 0xf7, 0x57, 0xb8, 0xc5, 0x9b,
+    0x08, 0xaa, 0xcd, 0x24, 0x86, 0x98, 0x59, 0x0f, 0xc6, 0x0e,
+    0xd2, 0x71, 0xb2, 0x5e, 0xae, 0x72, 0xc9, 0x69, 0x3b, 0x80,
+    0xc2, 0x27,
+};
+static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
+static const unsigned char bench_dilithium_level3_pubkey[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d,
+    0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92,
+    0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24,
+    0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e,
+    0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4,
+    0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc,
+    0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4,
+    0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6,
+    0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc,
+    0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49,
+    0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71,
+    0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09,
+    0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1,
+    0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00,
+    0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46,
+    0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85,
+    0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9,
+    0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7,
+    0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0,
+    0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc,
+    0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb,
+    0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f,
+    0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a,
+    0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d,
+    0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40,
+    0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e,
+    0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea,
+    0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd,
+    0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea,
+    0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b,
+    0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9,
+    0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc,
+    0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3,
+    0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce,
+    0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1,
+    0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac,
+    0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e,
+    0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b,
+    0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9,
+    0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d,
+    0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda,
+    0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9,
+    0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86,
+    0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4,
+    0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b,
+    0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32,
+    0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf,
+    0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca,
+    0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15,
+    0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2,
+    0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14,
+    0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3,
+    0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0,
+    0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a,
+    0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e,
+    0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75,
+    0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40,
+    0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40,
+    0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75,
+    0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64,
+    0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a,
+    0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91,
+    0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8,
+    0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19,
+    0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35,
+    0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d,
+    0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9,
+    0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c,
+    0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69,
+    0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34,
+    0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f,
+    0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee,
+    0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30,
+    0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4,
+    0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5,
+    0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63,
+    0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63,
+    0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14,
+    0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10,
+    0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97,
+    0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12,
+    0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac,
+    0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7,
+    0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4,
+    0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30,
+    0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a,
+    0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62,
+    0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4,
+    0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c,
+    0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5,
+    0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c,
+    0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d,
+    0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3,
+    0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca,
+    0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed,
+    0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca,
+    0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c,
+    0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97,
+    0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3,
+    0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6,
+    0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4,
+    0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c,
+    0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7,
+    0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04,
+    0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06,
+    0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3,
+    0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9,
+    0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4,
+    0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c,
+    0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71,
+    0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc,
+    0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd,
+    0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c,
+    0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7,
+    0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d,
+    0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4,
+    0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f,
+    0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69,
+    0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7,
+    0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0,
+    0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24,
+    0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84,
+    0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22,
+    0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e,
+    0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f,
+    0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a,
+    0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f,
+    0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e,
+    0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57,
+    0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70,
+    0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62,
+    0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48,
+    0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75,
+    0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f,
+    0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc,
+    0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c,
+    0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5,
+    0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2,
+    0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52,
+    0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b,
+    0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72,
+    0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63,
+    0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a,
+    0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7,
+    0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b,
+    0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2,
+    0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58,
+    0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78,
+    0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06,
+    0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f,
+    0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98,
+    0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f,
+    0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8,
+    0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75,
+    0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee,
+    0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5,
+    0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d,
+    0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24,
+    0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b,
+    0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7,
+    0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58,
+    0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b,
+    0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91,
+    0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a,
+    0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c,
+    0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1,
+    0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b,
+    0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc,
+    0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23,
+    0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58,
+    0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82,
+    0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63,
+    0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac,
+    0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81,
+    0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52,
+    0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2,
+    0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e,
+    0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34,
+    0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff,
+    0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5,
+    0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea,
+    0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6,
+    0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77,
+    0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab,
+    0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d,
+    0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09,
+    0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe,
+    0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e,
+    0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08,
+    0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
+    0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
+    0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
+    0x1b, 0x10,
+};
+static const int sizeof_bench_dilithium_level3_pubkey =
+    sizeof(bench_dilithium_level3_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
+static const unsigned char bench_dilithium_level5_key[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0xfd, 0x0f, 0x8f, 0x6e, 0xad, 0x75, 0x9b, 0xc9,
+    0xb1, 0xb9, 0x90, 0x93, 0xbf, 0xce, 0x02, 0x2d, 0x12, 0x0c,
+    0x54, 0x2e, 0xe2, 0x3e, 0x52, 0xff, 0xe0, 0x7a, 0xca, 0x2d,
+    0x81, 0x84, 0xea, 0x16, 0x1f, 0x10, 0xc4, 0xc9, 0xde, 0xcd,
+    0xf6, 0xbd, 0x60, 0xc9, 0xb3, 0xd0, 0x0f, 0x57, 0xeb, 0x71,
+    0x78, 0x9b, 0xb5, 0x72, 0x2a, 0x65, 0x11, 0x14, 0xff, 0x63,
+    0x8d, 0x38, 0xcf, 0xa4, 0xf4, 0xad, 0xd0, 0x68, 0x84, 0x97,
+    0xfe, 0xd3, 0x91, 0xa0, 0xe4, 0xc3, 0x74, 0xcf, 0x20, 0x87,
+    0x89, 0x84, 0x1f, 0x75, 0x91, 0xe3, 0xb3, 0x47, 0x8b, 0xfe,
+    0x76, 0xb7, 0x2d, 0x30, 0x89, 0x02, 0x04, 0xc9, 0x93, 0xa8,
+    0x31, 0xd3, 0x84, 0x2d, 0xe4, 0x26, 0x12, 0xdb, 0x94, 0x08,
+    0x12, 0x45, 0x45, 0xca, 0x44, 0x89, 0x52, 0xc4, 0x28, 0x41,
+    0x46, 0x01, 0x1c, 0x93, 0x20, 0x8b, 0x40, 0x6d, 0x09, 0x36,
+    0x65, 0x4c, 0xa2, 0x40, 0x62, 0xb8, 0x2c, 0x1b, 0x00, 0x20,
+    0x61, 0x42, 0x8c, 0x24, 0xa7, 0x10, 0x19, 0x27, 0x25, 0x22,
+    0x14, 0x31, 0x13, 0x33, 0x46, 0x0c, 0x22, 0x22, 0x18, 0xa7,
+    0x91, 0x0c, 0x24, 0x61, 0xd9, 0x32, 0x46, 0xc8, 0x96, 0x49,
+    0x5c, 0x90, 0x89, 0x9b, 0x84, 0x01, 0x5c, 0x08, 0x42, 0x64,
+    0x84, 0x85, 0x0c, 0x42, 0x21, 0x20, 0x48, 0x21, 0x92, 0x00,
+    0x28, 0x83, 0x20, 0x4c, 0x08, 0xc7, 0x51, 0x99, 0x06, 0x66,
+    0x01, 0x18, 0x51, 0x13, 0x48, 0x0a, 0x0b, 0x42, 0x90, 0x4c,
+    0x14, 0x08, 0x83, 0x14, 0x6d, 0x10, 0x10, 0x91, 0xe2, 0xc4,
+    0x8d, 0xe1, 0x12, 0x11, 0x10, 0x40, 0x29, 0x99, 0x92, 0x30,
+    0x12, 0x39, 0x6c, 0x91, 0x86, 0x68, 0x08, 0x83, 0x0c, 0x54,
+    0x80, 0x80, 0xa2, 0x08, 0x52, 0x09, 0x30, 0x71, 0x0c, 0x10,
+    0x04, 0x53, 0x00, 0x65, 0x91, 0x12, 0x2d, 0x0c, 0xa2, 0x8c,
+    0x18, 0x14, 0x45, 0xd8, 0x14, 0x06, 0xe4, 0x36, 0x72, 0x93,
+    0x10, 0x68, 0x09, 0xc2, 0x08, 0x51, 0x14, 0x8c, 0x13, 0x39,
+    0x11, 0xd8, 0x44, 0x02, 0x18, 0x39, 0x29, 0x98, 0x16, 0x71,
+    0x82, 0x40, 0x70, 0x01, 0x10, 0x8c, 0x1a, 0x30, 0x08, 0x02,
+    0x03, 0x41, 0x5a, 0x00, 0x40, 0xa4, 0x16, 0x90, 0x20, 0x26,
+    0x32, 0x00, 0x49, 0x61, 0x20, 0x20, 0x0c, 0x1a, 0xb0, 0x10,
+    0x63, 0x10, 0x11, 0x58, 0x30, 0x0d, 0x59, 0x80, 0x68, 0x90,
+    0x46, 0x2a, 0x91, 0xa8, 0x71, 0x98, 0x20, 0x40, 0x21, 0x83,
+    0x6c, 0xc0, 0x48, 0x0d, 0x8b, 0x90, 0x11, 0x08, 0x09, 0x31,
+    0x8c, 0x00, 0x12, 0x10, 0x14, 0x6e, 0xc2, 0x06, 0x32, 0x1a,
+    0x26, 0x10, 0x0a, 0x91, 0x44, 0x08, 0x99, 0x8d, 0x60, 0x86,
+    0x28, 0x11, 0x20, 0x6d, 0xa3, 0x12, 0x81, 0x8b, 0xc6, 0x51,
+    0xcb, 0xa0, 0x61, 0x09, 0x97, 0x61, 0x48, 0xb6, 0x0d, 0x21,
+    0x49, 0x51, 0x08, 0x13, 0x0c, 0x0a, 0x34, 0x86, 0x49, 0x80,
+    0x65, 0x14, 0x39, 0x04, 0x21, 0x01, 0x81, 0x9a, 0xb8, 0x4d,
+    0x04, 0x41, 0x48, 0x03, 0x92, 0x81, 0x62, 0x14, 0x6c, 0x10,
+    0x16, 0x11, 0xe2, 0xa2, 0x49, 0xe3, 0x30, 0x65, 0x04, 0x93,
+    0x8d, 0x1c, 0x33, 0x70, 0x1b, 0x15, 0x50, 0xe4, 0x38, 0x80,
+    0x21, 0x37, 0x06, 0x20, 0xc6, 0x24, 0xc8, 0x22, 0x88, 0x4a,
+    0x44, 0x80, 0x14, 0x43, 0x88, 0x54, 0x44, 0x42, 0x11, 0x49,
+    0x41, 0x19, 0xb9, 0x2d, 0xcc, 0x04, 0x0d, 0x19, 0xc1, 0x65,
+    0x5b, 0xa0, 0x11, 0x94, 0x00, 0x84, 0xe4, 0xb6, 0x41, 0xc2,
+    0x18, 0x72, 0x5c, 0x02, 0x69, 0x11, 0x85, 0x24, 0x13, 0x35,
+    0x00, 0x62, 0x34, 0x04, 0x58, 0x40, 0x21, 0x00, 0xc4, 0x28,
+    0x0c, 0x17, 0x30, 0x10, 0x47, 0x60, 0x4b, 0xc2, 0x61, 0x9c,
+    0x80, 0x2c, 0x20, 0x94, 0x31, 0x58, 0x92, 0x09, 0xcc, 0x00,
+    0x02, 0x42, 0x94, 0x69, 0x99, 0x28, 0x06, 0x98, 0x02, 0x52,
+    0x90, 0x32, 0x6e, 0x8a, 0x18, 0x2e, 0x54, 0x94, 0x81, 0x03,
+    0xc6, 0x89, 0x03, 0xa1, 0x84, 0x48, 0x82, 0x48, 0x52, 0xc4,
+    0x00, 0x91, 0x30, 0x24, 0x20, 0x12, 0x0d, 0x83, 0x80, 0x05,
+    0x92, 0x48, 0x61, 0x98, 0x46, 0x92, 0xe1, 0xa6, 0x25, 0x20,
+    0x93, 0x4d, 0x1c, 0x37, 0x2c, 0x9b, 0x94, 0x8d, 0xc8, 0x88,
+    0x80, 0xa2, 0x18, 0x72, 0x0c, 0x09, 0x70, 0x81, 0x36, 0x90,
+    0x24, 0x45, 0x69, 0x53, 0x36, 0x6c, 0xd2, 0x20, 0x51, 0x23,
+    0xc1, 0x8c, 0x62, 0xb0, 0x70, 0x11, 0xb2, 0x70, 0xcb, 0x84,
+    0x69, 0x4b, 0x32, 0x89, 0x01, 0x21, 0x81, 0x02, 0x38, 0x66,
+    0xa3, 0x26, 0x12, 0x24, 0xa3, 0x30, 0x22, 0x24, 0x84, 0x18,
+    0xb9, 0x84, 0x40, 0x16, 0x50, 0x22, 0x44, 0x31, 0x1b, 0x13,
+    0x8d, 0x53, 0x02, 0x89, 0x4a, 0x22, 0x10, 0x53, 0x18, 0x01,
+    0x58, 0x30, 0x2d, 0x00, 0x05, 0x08, 0x13, 0x80, 0x84, 0xc2,
+    0x22, 0x0e, 0x88, 0x26, 0x2a, 0x04, 0xc4, 0x4c, 0x19, 0x43,
+    0x01, 0xc8, 0x38, 0x4c, 0xd1, 0xb2, 0x90, 0x13, 0x29, 0x10,
+    0x12, 0x48, 0x22, 0x01, 0xa8, 0x51, 0xd1, 0x92, 0x40, 0x11,
+    0x27, 0x62, 0x10, 0x01, 0x0c, 0x0c, 0xc6, 0x28, 0xe3, 0x46,
+    0x60, 0x24, 0x01, 0x8d, 0x14, 0xb6, 0x10, 0x50, 0xb6, 0x25,
+    0x44, 0x38, 0x40, 0x44, 0xc2, 0x0c, 0x19, 0xc0, 0x64, 0x9c,
+    0x44, 0x02, 0x21, 0x25, 0x65, 0x02, 0x23, 0x86, 0x1a, 0x12,
+    0x70, 0x51, 0x24, 0x91, 0x09, 0x08, 0x44, 0x09, 0x35, 0x66,
+    0x91, 0x04, 0x12, 0x43, 0x42, 0x8d, 0x22, 0xa0, 0x70, 0x14,
+    0x91, 0x25, 0xa0, 0x00, 0x80, 0xe4, 0x00, 0x90, 0x44, 0xb2,
+    0x61, 0x14, 0x20, 0x6e, 0xca, 0x14, 0x0d, 0x23, 0x85, 0x68,
+    0xda, 0x40, 0x92, 0x0b, 0xb1, 0x20, 0x92, 0x04, 0x46, 0xc0,
+    0x08, 0x8a, 0x40, 0xc4, 0x4d, 0x0c, 0x17, 0x45, 0xd3, 0x18,
+    0x52, 0x1b, 0x46, 0x24, 0xc2, 0x24, 0x71, 0x83, 0x10, 0x80,
+    0xc8, 0x82, 0x68, 0xc2, 0x96, 0x81, 0x0a, 0x01, 0x92, 0x60,
+    0xb4, 0x84, 0x09, 0xc6, 0x00, 0x04, 0x37, 0x90, 0x0b, 0xa0,
+    0x28, 0x12, 0x27, 0x09, 0x94, 0x80, 0x50, 0xd8, 0x04, 0x86,
+    0x08, 0x13, 0x8a, 0x4a, 0x06, 0x89, 0x9b, 0xc4, 0x60, 0xe3,
+    0xa2, 0x20, 0xe0, 0x38, 0x21, 0x22, 0xb4, 0x68, 0x0a, 0xa1,
+    0x0c, 0x01, 0x24, 0x32, 0x4c, 0x48, 0x30, 0xa2, 0x80, 0x8d,
+    0x58, 0x44, 0x10, 0xc8, 0x94, 0x6d, 0x21, 0xc3, 0x61, 0xcb,
+    0x98, 0x24, 0xdc, 0x38, 0x11, 0xc9, 0x18, 0x11, 0x20, 0x01,
+    0x50, 0x1c, 0x34, 0x8d, 0x02, 0x03, 0x09, 0x0a, 0x40, 0x61,
+    0xd4, 0xb8, 0x84, 0x9c, 0xc2, 0x09, 0x04, 0xb1, 0x89, 0x83,
+    0x86, 0x84, 0x19, 0x83, 0x0c, 0x5a, 0x86, 0x89, 0x10, 0x21,
+    0x0d, 0xd1, 0xc2, 0x80, 0x18, 0x29, 0x2a, 0x0c, 0x01, 0x50,
+    0x89, 0x88, 0x48, 0x03, 0xa7, 0x85, 0x21, 0x92, 0x64, 0xc4,
+    0x16, 0x81, 0x94, 0x06, 0x6c, 0x53, 0x26, 0x12, 0x90, 0xb6,
+    0x21, 0x0b, 0xa8, 0x64, 0x43, 0x96, 0x84, 0x41, 0x88, 0x70,
+    0xe3, 0xa6, 0x44, 0x12, 0xc0, 0x09, 0x01, 0xc7, 0x60, 0xc3,
+    0x20, 0x42, 0xc3, 0x40, 0x68, 0x10, 0xa6, 0x51, 0xa4, 0xa0,
+    0x71, 0x54, 0x98, 0x04, 0x88, 0xb2, 0x00, 0x54, 0x18, 0x6a,
+    0x48, 0x98, 0x20, 0x21, 0xb2, 0x8d, 0x82, 0x20, 0x81, 0x99,
+    0x16, 0x81, 0x0a, 0xc5, 0x88, 0x0a, 0x23, 0x11, 0x8a, 0x16,
+    0x44, 0x24, 0xc9, 0x29, 0x59, 0x08, 0x91, 0x1c, 0x29, 0x05,
+    0x14, 0xc9, 0x44, 0xe3, 0x20, 0x10, 0x1b, 0xa1, 0x64, 0x82,
+    0xa2, 0x90, 0x00, 0x00, 0x82, 0x98, 0xb2, 0x85, 0xc8, 0x04,
+    0x28, 0xc8, 0xb2, 0x65, 0xc9, 0xc6, 0x88, 0xcc, 0x08, 0x91,
+    0x84, 0x08, 0x30, 0x94, 0x94, 0x8d, 0xc0, 0x18, 0x46, 0x82,
+    0x36, 0x4c, 0x83, 0x10, 0x72, 0x23, 0xb1, 0x88, 0x81, 0x20,
+    0x8e, 0x19, 0x03, 0x8a, 0x94, 0x46, 0x22, 0x21, 0x35, 0x8e,
+    0x04, 0xc0, 0x88, 0x5b, 0xb6, 0x09, 0x0a, 0x18, 0x44, 0x21,
+    0x90, 0x65, 0x03, 0xb2, 0x21, 0xc4, 0x10, 0x50, 0xc1, 0x80,
+    0x0c, 0x09, 0x40, 0x49, 0xe4, 0xa8, 0x8c, 0xa4, 0x36, 0x61,
+    0x59, 0x12, 0x86, 0x20, 0x08, 0x2d, 0x10, 0x19, 0x85, 0xe4,
+    0x34, 0x60, 0xc4, 0xb6, 0x60, 0x00, 0x18, 0x06, 0x8c, 0xb8,
+    0x45, 0x19, 0x13, 0x4a, 0x53, 0xc4, 0x40, 0xc9, 0x38, 0x71,
+    0xd9, 0x48, 0x10, 0x59, 0x08, 0x02, 0x02, 0x10, 0x69, 0x53,
+    0x28, 0x80, 0x22, 0x81, 0x4c, 0xc9, 0x16, 0x26, 0xa1, 0x48,
+    0x64, 0x19, 0x21, 0x11, 0x1c, 0x37, 0x88, 0x4b, 0x94, 0x2c,
+    0x48, 0xc8, 0x6c, 0x63, 0x88, 0x65, 0x81, 0x40, 0x61, 0xa1,
+    0x44, 0x31, 0x82, 0x18, 0x08, 0x80, 0x00, 0x26, 0x50, 0x14,
+    0x49, 0xa1, 0x32, 0x50, 0x02, 0xc8, 0x45, 0x0c, 0x07, 0x24,
+    0x13, 0x01, 0x6d, 0x0a, 0xb3, 0x90, 0x64, 0x30, 0x85, 0x21,
+    0x09, 0x61, 0x44, 0x44, 0x72, 0x08, 0x32, 0x06, 0xe1, 0xa2,
+    0x21, 0xdb, 0xa4, 0x09, 0x5a, 0xb4, 0x71, 0x43, 0xb2, 0x09,
+    0x82, 0xc4, 0x64, 0x88, 0xa0, 0x91, 0xca, 0x14, 0x90, 0xa4,
+    0xa8, 0x41, 0xc1, 0x38, 0x85, 0x12, 0x32, 0x60, 0x1a, 0x11,
+    0x72, 0x53, 0x32, 0x2c, 0xe3, 0x08, 0x4d, 0x24, 0xc6, 0x28,
+    0x0a, 0x03, 0x8c, 0x88, 0x06, 0x05, 0xa0, 0xa8, 0x05, 0x84,
+    0xa2, 0x4c, 0x80, 0x40, 0x62, 0xda, 0x24, 0x81, 0x9a, 0x16,
+    0x91, 0x24, 0x81, 0x04, 0xa4, 0x46, 0x51, 0xc2, 0xa8, 0x25,
+    0x20, 0x28, 0x42, 0x13, 0x46, 0x2c, 0x63, 0x42, 0x72, 0x03,
+    0x88, 0x28, 0xa3, 0x22, 0x24, 0x1a, 0x02, 0x26, 0x42, 0xa2,
+    0x11, 0x11, 0xb0, 0x51, 0x92, 0xb4, 0x6c, 0xe2, 0x32, 0x85,
+    0x10, 0xc2, 0x41, 0xc1, 0x40, 0x46, 0x4c, 0x26, 0x01, 0x1c,
+    0x35, 0x02, 0x0c, 0x14, 0x0c, 0x18, 0x81, 0x00, 0x10, 0x26,
+    0x02, 0xc8, 0x32, 0x8c, 0xe4, 0x02, 0x68, 0xcc, 0x14, 0x2e,
+    0x89, 0x38, 0x60, 0x10, 0x12, 0x24, 0x93, 0x42, 0x65, 0xe3,
+    0x24, 0x29, 0x08, 0x80, 0x41, 0x09, 0x29, 0x46, 0x5b, 0x26,
+    0x49, 0x5b, 0x30, 0x80, 0x03, 0xc1, 0x2c, 0x04, 0x09, 0x82,
+    0x4c, 0x48, 0x2d, 0x1c, 0x36, 0x4d, 0xdb, 0x02, 0x86, 0x21,
+    0xb5, 0x51, 0x81, 0x80, 0x2d, 0xcb, 0x20, 0x81, 0x5b, 0x34,
+    0x41, 0x89, 0x36, 0x48, 0x44, 0xa0, 0x05, 0x59, 0xb6, 0x64,
+    0x12, 0x45, 0x21, 0x20, 0x31, 0x51, 0x0a, 0xc3, 0x8c, 0x14,
+    0x48, 0x71, 0x18, 0x35, 0x24, 0x20, 0x45, 0x05, 0x88, 0x20,
+    0x09, 0x08, 0xb1, 0x29, 0x18, 0xa0, 0x09, 0x4a, 0x00, 0x8a,
+    0xe2, 0xb8, 0x45, 0x02, 0x27, 0x89, 0xd8, 0x10, 0x25, 0x51,
+    0x82, 0x8c, 0x13, 0x92, 0x30, 0x1c, 0x24, 0x8e, 0x1c, 0x93,
+    0x4d, 0xa3, 0x48, 0x51, 0x93, 0xa8, 0x69, 0xe2, 0x04, 0x89,
+    0x13, 0x13, 0x61, 0xcb, 0x98, 0x8c, 0x09, 0x21, 0x62, 0x4b,
+    0x14, 0x4e, 0x11, 0xa3, 0x09, 0x98, 0x40, 0x42, 0x91, 0x12,
+    0x08, 0x80, 0x84, 0x2d, 0xc0, 0x12, 0x60, 0x03, 0xa4, 0x29,
+    0x18, 0x80, 0x01, 0x94, 0x44, 0x8a, 0x12, 0x11, 0x72, 0xc4,
+    0x22, 0x32, 0x9a, 0x46, 0x88, 0x1b, 0x16, 0x4d, 0x4b, 0x08,
+    0x11, 0x02, 0x48, 0x45, 0x81, 0xa4, 0x64, 0xe1, 0x88, 0x0c,
+    0x63, 0x10, 0x70, 0x48, 0x98, 0x05, 0x9b, 0xb8, 0x84, 0x03,
+    0x14, 0x05, 0x44, 0x86, 0x0c, 0x20, 0x11, 0x68, 0xbe, 0x71,
+    0x83, 0xc2, 0x69, 0xde, 0x49, 0xad, 0xb4, 0xdb, 0x93, 0xcb,
+    0x20, 0x2b, 0xbd, 0x95, 0x97, 0x57, 0x7e, 0xcb, 0xbc, 0x73,
+    0xb6, 0x3d, 0x16, 0x4a, 0x0e, 0xe4, 0x9c, 0x81, 0xb1, 0x5d,
+    0x27, 0x64, 0xa2, 0x14, 0x12, 0x1b, 0x8e, 0xd0, 0xd8, 0x38,
+    0xf6, 0xc7, 0xbb, 0x9f, 0x77, 0x3c, 0x62, 0x04, 0x92, 0xe1,
+    0x97, 0xaf, 0x24, 0xa7, 0xf9, 0xf0, 0x8d, 0x3a, 0xbf, 0x5d,
+    0xab, 0x5c, 0x97, 0x0f, 0xfc, 0x35, 0xbc, 0x62, 0xd8, 0x42,
+    0xfd, 0xc7, 0x8b, 0xf7, 0x80, 0xd1, 0x38, 0x68, 0x14, 0x5e,
+    0x4f, 0x99, 0x31, 0xc7, 0xaf, 0xbd, 0x27, 0xce, 0x1c, 0x5b,
+    0x09, 0x1b, 0xcf, 0xbb, 0xfb, 0xf9, 0xf4, 0x90, 0x4c, 0xc1,
+    0xa2, 0x12, 0xf9, 0xd0, 0xa5, 0x2c, 0xfd, 0x7b, 0x55, 0xb0,
+    0xb1, 0xc6, 0x42, 0xe6, 0xeb, 0x10, 0x5e, 0xe9, 0x00, 0xe8,
+    0x46, 0xe4, 0xe0, 0x8b, 0x21, 0xbc, 0xb1, 0xa9, 0x9e, 0x75,
+    0x66, 0xf0, 0xb8, 0x87, 0xb9, 0x11, 0x7e, 0x28, 0x6c, 0x4d,
+    0x58, 0xcd, 0x54, 0x71, 0x0c, 0x6a, 0xcc, 0xfb, 0x52, 0xc2,
+    0x5b, 0xcc, 0x19, 0x67, 0x4f, 0xc2, 0x2f, 0x09, 0x62, 0x51,
+    0x82, 0xeb, 0x9b, 0x94, 0x11, 0xb4, 0x5a, 0x67, 0x7f, 0x58,
+    0x18, 0xb2, 0x3f, 0x37, 0x1f, 0x94, 0x44, 0x73, 0x6a, 0x02,
+    0xf5, 0xfb, 0x5b, 0x03, 0xac, 0x5d, 0xc6, 0xa9, 0x79, 0x8f,
+    0x0f, 0x50, 0xa0, 0x57, 0x46, 0x05, 0x6d, 0x58, 0xde, 0x6e,
+    0x8d, 0x9c, 0x0e, 0x6a, 0xb5, 0x9b, 0x1b, 0x22, 0x74, 0xad,
+    0x00, 0x55, 0x27, 0x46, 0xce, 0xbb, 0x82, 0x77, 0x4e, 0x6e,
+    0x59, 0x38, 0x26, 0xb3, 0xc7, 0xbc, 0x97, 0x54, 0x83, 0x69,
+    0x1f, 0x3e, 0xbd, 0x0f, 0xff, 0x2f, 0xca, 0xb9, 0xea, 0x91,
+    0x26, 0x8e, 0x0a, 0x78, 0x25, 0xf6, 0x6b, 0x11, 0x30, 0xd7,
+    0xe2, 0xf4, 0x2b, 0xda, 0xcf, 0xe1, 0x4a, 0x47, 0xab, 0x5f,
+    0x54, 0x34, 0x38, 0xac, 0xd1, 0xbf, 0x45, 0xad, 0x4b, 0x52,
+    0x0f, 0x4c, 0xa2, 0xac, 0x22, 0x7c, 0xb6, 0xed, 0x7f, 0xd5,
+    0x63, 0x3b, 0x1a, 0x3b, 0xf2, 0x3d, 0x9b, 0x96, 0x92, 0x08,
+    0xb9, 0x95, 0x13, 0xaf, 0x20, 0x26, 0x8b, 0x15, 0x97, 0x89,
+    0xa5, 0x88, 0x8f, 0x78, 0xb4, 0x57, 0x9d, 0x51, 0x96, 0x9c,
+    0x98, 0x93, 0xd5, 0x83, 0xf9, 0xff, 0x94, 0x29, 0x1e, 0xa5,
+    0x28, 0xa4, 0x0c, 0x22, 0xab, 0xbc, 0x70, 0x48, 0xa2, 0x16,
+    0x1c, 0xa4, 0xba, 0x8b, 0xfe, 0xb2, 0xa9, 0x03, 0x96, 0x5f,
+    0xb4, 0x84, 0x8e, 0xb4, 0xbb, 0x7b, 0x11, 0xc5, 0xc2, 0xdb,
+    0xe3, 0x88, 0xb5, 0xd3, 0xac, 0x07, 0x33, 0x53, 0xe8, 0x10,
+    0x9e, 0xc5, 0x81, 0xb0, 0x77, 0x2f, 0x4f, 0x6d, 0x0d, 0x89,
+    0xb4, 0x04, 0x98, 0x05, 0xe6, 0xd3, 0x36, 0x97, 0xcd, 0x3e,
+    0x4d, 0xc6, 0x21, 0xe4, 0x0b, 0xcf, 0xed, 0xa7, 0x4d, 0xd9,
+    0xd3, 0x25, 0xec, 0xec, 0x47, 0xfd, 0x06, 0x92, 0x77, 0x25,
+    0x3c, 0x44, 0xe6, 0x5d, 0xb4, 0x35, 0x2b, 0x5d, 0x05, 0x65,
+    0x63, 0x0b, 0xd9, 0xb8, 0x28, 0xdf, 0xdd, 0xfd, 0x64, 0x18,
+    0x42, 0x19, 0x7f, 0x12, 0x78, 0xdd, 0xf0, 0x64, 0xd6, 0x99,
+    0xb8, 0x74, 0x81, 0xe2, 0xb9, 0xc8, 0x67, 0x6d, 0x31, 0x22,
+    0xa5, 0x68, 0xa1, 0x8d, 0x3e, 0x49, 0xbe, 0x10, 0x68, 0xa8,
+    0x74, 0x1d, 0x18, 0xcf, 0x00, 0xe1, 0x4f, 0x77, 0xd8, 0xc6,
+    0xe3, 0x08, 0xbb, 0x4c, 0xed, 0xff, 0xd9, 0x9b, 0xb0, 0xd1,
+    0x50, 0xbb, 0x8b, 0x91, 0xcd, 0x5f, 0x2a, 0xfb, 0x8f, 0x4d,
+    0x3c, 0x98, 0xba, 0xd7, 0x98, 0x99, 0xa7, 0x22, 0x14, 0xd7,
+    0x94, 0xb5, 0xb8, 0xa4, 0x52, 0x31, 0xa7, 0xa1, 0xa4, 0x28,
+    0xee, 0x31, 0xb5, 0xd0, 0xc1, 0x07, 0x05, 0x16, 0x1d, 0x53,
+    0x45, 0x62, 0x23, 0x05, 0x44, 0xb6, 0x4f, 0x92, 0x03, 0x53,
+    0x9a, 0x71, 0x56, 0xae, 0x16, 0x81, 0xb4, 0xc9, 0x98, 0xf4,
+    0x7f, 0x11, 0x37, 0xc2, 0xc8, 0xf2, 0xe4, 0x48, 0xe3, 0xcc,
+    0xf1, 0xe3, 0x3d, 0x8e, 0x13, 0x5b, 0x25, 0xad, 0xce, 0x6f,
+    0xed, 0x60, 0x4f, 0x7d, 0x51, 0xe1, 0xd0, 0x74, 0xf4, 0xed,
+    0xf3, 0x84, 0xa6, 0x0e, 0xba, 0xb4, 0x8e, 0x5a, 0xb9, 0x12,
+    0x70, 0x43, 0x4c, 0xb5, 0xa5, 0x1e, 0x86, 0xa5, 0xe3, 0x4d,
+    0x76, 0x95, 0xce, 0x2c, 0x53, 0x3a, 0x4e, 0x3f, 0x47, 0x73,
+    0x85, 0x88, 0xd9, 0x39, 0x21, 0x83, 0x24, 0x68, 0x6a, 0x1e,
+    0x77, 0xdf, 0x59, 0xc5, 0x1b, 0xe2, 0xb1, 0x47, 0x9d, 0xee,
+    0x45, 0x1e, 0xc6, 0xd4, 0x43, 0xe2, 0xc7, 0x1c, 0x98, 0x84,
+    0xe0, 0x39, 0xe9, 0x9f, 0xa0, 0xa2, 0x24, 0x4a, 0x88, 0x46,
+    0xf3, 0x50, 0x52, 0xb5, 0xae, 0x37, 0x5c, 0xa1, 0x7d, 0xad,
+    0x7c, 0x30, 0x3e, 0xcd, 0x80, 0x1c, 0xac, 0xf4, 0xe6, 0xb5,
+    0x9f, 0x22, 0xb6, 0xfb, 0x0e, 0x6d, 0x80, 0x10, 0xf7, 0x3f,
+    0xdd, 0x5b, 0xd9, 0xd4, 0x03, 0x14, 0x41, 0x90, 0x88, 0xa8,
+    0xcf, 0x50, 0xa2, 0xf2, 0x7e, 0xf0, 0x0a, 0x7f, 0xed, 0x77,
+    0x09, 0x48, 0x32, 0x55, 0xe9, 0x93, 0xe7, 0x27, 0x18, 0x46,
+    0x17, 0x03, 0x25, 0x8e, 0x17, 0x5d, 0xe8, 0x9e, 0xb1, 0xb4,
+    0x9d, 0x1a, 0x5e, 0xbe, 0xa8, 0xb8, 0x45, 0x30, 0xc6, 0xa5,
+    0xb4, 0xaf, 0xf3, 0x0d, 0x91, 0x9c, 0xa9, 0x5b, 0x4c, 0xbb,
+    0x19, 0x19, 0x39, 0x51, 0x36, 0x80, 0xf7, 0x10, 0xf7, 0x73,
+    0x49, 0x17, 0xec, 0xbc, 0x92, 0x08, 0x21, 0xb1, 0x0c, 0x23,
+    0xc4, 0xd6, 0xd2, 0xb3, 0xfd, 0xae, 0xe7, 0x71, 0xf3, 0x50,
+    0x11, 0x27, 0x1a, 0x85, 0xf0, 0xab, 0xd8, 0x16, 0x64, 0xcb,
+    0xad, 0xbb, 0xae, 0x54, 0x37, 0xa3, 0xa8, 0xf4, 0x09, 0x67,
+    0x54, 0x61, 0x86, 0x0f, 0x0e, 0x25, 0x0d, 0xda, 0x4a, 0xc7,
+    0xe7, 0x02, 0x80, 0x6b, 0x59, 0xd2, 0xc8, 0x88, 0x4d, 0x7d,
+    0xfd, 0x3d, 0x48, 0x04, 0x6d, 0x95, 0xdf, 0xc2, 0x8b, 0x23,
+    0x70, 0x4a, 0xf5, 0xdc, 0xc9, 0x24, 0x8d, 0x7e, 0x52, 0x22,
+    0x7e, 0x9c, 0x5c, 0x32, 0xa5, 0xd5, 0xf2, 0x11, 0x08, 0xa0,
+    0xd4, 0xa2, 0xd8, 0xdb, 0x1d, 0x9f, 0x1b, 0x54, 0x8f, 0xb5,
+    0xf6, 0x71, 0x71, 0x49, 0xbc, 0x38, 0x09, 0xb6, 0x24, 0x94,
+    0x80, 0x1f, 0x2d, 0x0c, 0xc7, 0xe4, 0xd6, 0xcd, 0xab, 0x53,
+    0x79, 0x28, 0xed, 0x48, 0x23, 0x14, 0x2f, 0x0b, 0x3a, 0xd0,
+    0xa7, 0x08, 0xe1, 0xfd, 0x1e, 0xb6, 0xdd, 0x12, 0x93, 0x2d,
+    0x95, 0x06, 0xba, 0x95, 0xcb, 0x1a, 0xed, 0xfb, 0x60, 0xe7,
+    0xf1, 0x1c, 0xad, 0xc3, 0xea, 0x8d, 0x3c, 0x53, 0x32, 0xb5,
+    0x38, 0x26, 0xdd, 0x39, 0xf0, 0x39, 0x4e, 0x6f, 0x3e, 0xa9,
+    0xea, 0x25, 0x29, 0xb8, 0x6c, 0x7d, 0x0a, 0x91, 0xd4, 0xb9,
+    0x7b, 0x67, 0xe4, 0xe5, 0x63, 0xd7, 0x6b, 0x03, 0xa5, 0xd7,
+    0xe8, 0xd2, 0xc0, 0x34, 0x53, 0xa6, 0x16, 0x21, 0x2a, 0x2a,
+    0x09, 0xd3, 0xad, 0xa1, 0x2c, 0x6a, 0x88, 0x2d, 0x90, 0x06,
+    0xba, 0x0b, 0xaa, 0xd1, 0xdb, 0xa4, 0xd0, 0x49, 0x0f, 0x42,
+    0xe1, 0xca, 0xf0, 0x69, 0x15, 0x63, 0xcb, 0x0b, 0x4c, 0x2e,
+    0x99, 0x20, 0x44, 0xe3, 0x6e, 0x32, 0x8a, 0xa1, 0x5c, 0x5b,
+    0x03, 0xeb, 0xb5, 0x05, 0xff, 0x1a, 0x76, 0x38, 0x1c, 0xb0,
+    0x74, 0xf1, 0x5a, 0x0d, 0x8a, 0xd2, 0x4e, 0x38, 0x11, 0x86,
+    0xb0, 0x2d, 0xd3, 0x88, 0xe2, 0x0f, 0x51, 0x68, 0xb9, 0x79,
+    0x96, 0x50, 0x95, 0xdc, 0x69, 0xcb, 0xa6, 0x25, 0x4a, 0xdf,
+    0xa1, 0x39, 0x13, 0x47, 0x0a, 0xf0, 0xeb, 0xcb, 0x14, 0x01,
+    0x28, 0x9c, 0x0f, 0xe2, 0x62, 0xca, 0xb5, 0x40, 0x51, 0x45,
+    0x8e, 0x18, 0x88, 0xc9, 0x58, 0xaf, 0xb3, 0x48, 0xd5, 0x20,
+    0xe8, 0xd8, 0x5b, 0xa2, 0x98, 0x74, 0x25, 0xfa, 0x25, 0x19,
+    0x82, 0x22, 0xfa, 0x82, 0x7c, 0x38, 0x8d, 0x62, 0x86, 0x01,
+    0x63, 0x20, 0x36, 0x8e, 0xaf, 0x15, 0x8a, 0x74, 0x1e, 0xfd,
+    0x7f, 0xbe, 0x60, 0xc3, 0x65, 0x31, 0xce, 0xdb, 0x92, 0xb9,
+    0x13, 0x2a, 0x78, 0xa9, 0xfc, 0x6a, 0x7b, 0x18, 0xec, 0x0c,
+    0x7b, 0x4c, 0x86, 0xaf, 0xea, 0x6d, 0x52, 0x09, 0x76, 0x52,
+    0x87, 0x8a, 0x0b, 0x2a, 0xf3, 0x93, 0x35, 0x92, 0x8b, 0x60,
+    0x42, 0x2e, 0x12, 0xa9, 0xf7, 0x7c, 0x61, 0x5c, 0x8f, 0xc0,
+    0xaa, 0x6e, 0x6a, 0xf6, 0x48, 0x48, 0xc6, 0x3e, 0xe0, 0x1d,
+    0xb4, 0xfb, 0xc4, 0xd8, 0x01, 0xb8, 0xf2, 0xf4, 0xdf, 0xc1,
+    0xba, 0xb5, 0xf2, 0x27, 0x3f, 0xdb, 0x78, 0x62, 0x1c, 0x0a,
+    0xbe, 0xdb, 0xdd, 0x3c, 0x0c, 0x29, 0x85, 0xf1, 0x44, 0x5f,
+    0x2b, 0x43, 0x80, 0x57, 0xa7, 0x5a, 0x4d, 0x1b, 0xbe, 0x03,
+    0xe7, 0x55, 0x7b, 0x91, 0x9d, 0x4c, 0x8b, 0xd7, 0xfd, 0xde,
+    0x65, 0x7e, 0xa8, 0x48, 0xbb, 0xa9, 0x96, 0x06, 0x7f, 0xc0,
+    0x6c, 0xed, 0x87, 0x53, 0x77, 0xb4, 0x5a, 0x7c, 0xbb, 0xce,
+    0xcf, 0x01, 0x08, 0x45, 0x61, 0xc1, 0x28, 0xb6, 0xf2, 0xb4,
+    0x5b, 0x6b, 0x84, 0xfe, 0x18, 0x09, 0x39, 0xc1, 0xc8, 0x96,
+    0x36, 0x6e, 0xba, 0x7e, 0x48, 0x12, 0xe6, 0xdc, 0x22, 0x48,
+    0x17, 0x0b, 0xbd, 0x92, 0x64, 0xfa, 0xc9, 0x9b, 0x07, 0xda,
+    0xed, 0x04, 0x68, 0x42, 0x15, 0x8c, 0xf9, 0xd8, 0xc3, 0x0d,
+    0x21, 0x9d, 0x96, 0xbc, 0xc3, 0x07, 0x1a, 0x2c, 0x59, 0x3f,
+    0x1a, 0x83, 0x43, 0xf0, 0xe0, 0xde, 0xe3, 0x40, 0x8e, 0x04,
+    0x66, 0x3c, 0x87, 0x1e, 0xfa, 0x7b, 0x8a, 0x7b, 0xd2, 0x9e,
+    0x15, 0xf5, 0xec, 0x3c, 0x72, 0x7e, 0x2d, 0x19, 0xf8, 0xfd,
+    0xf0, 0x28, 0x71, 0x8a, 0xf5, 0xcb, 0x4c, 0x61, 0x5f, 0x85,
+    0xe0, 0x6f, 0xb8, 0xf3, 0x17, 0x10, 0xcb, 0x44, 0x45, 0x8c,
+    0x96, 0x08, 0xa1, 0xf1, 0x48, 0xa4, 0x1d, 0xea, 0x35, 0x2f,
+    0x82, 0x2b, 0xc2, 0x0b, 0xef, 0x73, 0xe1, 0xc2, 0x35, 0xdb,
+    0xe7, 0x68, 0xfd, 0xb0, 0xe8, 0x7b, 0x2d, 0x0f, 0xfd, 0x53,
+    0x1b, 0xb8, 0x36, 0x54, 0xd6, 0x43, 0x30, 0xcf, 0x83, 0xb0,
+    0x18, 0xda, 0x9b, 0x86, 0x82, 0xfa, 0xe6, 0x37, 0x5b, 0x9e,
+    0xa4, 0xdb, 0x7c, 0x59, 0x25, 0x59, 0xc6, 0x46, 0x36, 0x72,
+    0xc5, 0x72, 0xd8, 0x2f, 0x26, 0xe2, 0xee, 0xe3, 0xcb, 0xe5,
+    0x33, 0x1f, 0x18, 0x2e, 0x16, 0xce, 0xd2, 0x9c, 0x89, 0x6e,
+    0xd5, 0x21, 0xfa, 0x58, 0x83, 0xa9, 0x4c, 0x69, 0x97, 0x7d,
+    0xae, 0x1f, 0x65, 0xd5, 0xdb, 0xf0, 0xfe, 0xd5, 0x32, 0xb1,
+    0x50, 0x72, 0xdf, 0x2b, 0xe2, 0xc1, 0xe6, 0x2e, 0x8b, 0x87,
+    0xa8, 0x4e, 0x84, 0xbe, 0xc9, 0x27, 0xb5, 0x74, 0x7e, 0x13,
+    0x17, 0x57, 0x9c, 0xc6, 0xd3, 0x9f, 0xcd, 0x86, 0x50, 0x4b,
+    0x6c, 0x50, 0xa2, 0xba, 0xfe, 0xf6, 0xd5, 0x85, 0x68, 0x31,
+    0x89, 0xfb, 0xeb, 0xfe, 0x92, 0xb0, 0xd0, 0x4c, 0xbc, 0x65,
+    0x4b, 0x62, 0xe2, 0xdf, 0x88, 0x7e, 0x90, 0xe0, 0xb3, 0xec,
+    0x13, 0x69, 0x33, 0xea, 0x53, 0x69, 0x9a, 0x0b, 0x27, 0xfb,
+    0xca, 0x9f, 0x9e, 0x1f, 0xcf, 0xb1, 0xeb, 0xf4, 0x8f, 0xe2,
+    0x53, 0xc8, 0xe6, 0x51, 0x75, 0xee, 0xb1, 0x34, 0x3e, 0x37,
+    0xdd, 0x2d, 0x3a, 0x72, 0x76, 0x33, 0xc1, 0x27, 0xe7, 0xbd,
+    0xc1, 0x7f, 0xcb, 0x53, 0x5d, 0xdf, 0xc4, 0x1f, 0x36, 0xdb,
+    0x6a, 0x91, 0x1f, 0x6a, 0xa5, 0xc6, 0xe2, 0x37, 0x68, 0x1a,
+    0x7d, 0xf7, 0xed, 0x2a, 0xc7, 0x99, 0x5e, 0xbd, 0x59, 0x57,
+    0x09, 0x22, 0x7e, 0x9c, 0xbd, 0x8e, 0xad, 0xbe, 0xee, 0xa5,
+    0x2a, 0xe3, 0x9f, 0xff, 0x14, 0xda, 0xba, 0x90, 0x37, 0xba,
+    0x3a, 0x42, 0xcd, 0x4a, 0x28, 0x47, 0x27, 0x58, 0x7a, 0x33,
+    0x93, 0x77, 0x83, 0x29, 0xab, 0x47, 0x19, 0x43, 0x00, 0x6f,
+    0xe7, 0x77, 0xc1, 0xaa, 0xd6, 0xbc, 0xc0, 0x1b, 0xd0, 0xdf,
+    0xf9, 0x40, 0x4d, 0xb2, 0x60, 0xce, 0x59, 0x17, 0x0a, 0xa9,
+    0x14, 0x4e, 0x6a, 0x30, 0x1b, 0x26, 0x68, 0x55, 0x12, 0x19,
+    0x62, 0x85, 0x5d, 0xa6, 0xb4, 0x48, 0x4a, 0xe9, 0xe1, 0x57,
+    0xb1, 0x48, 0xf3, 0x86, 0xd1, 0x50, 0x2e, 0x1d, 0x57, 0xbe,
+    0x09, 0xf8, 0x53, 0x40, 0xd9, 0x55, 0xd9, 0x71, 0x4c, 0xa7,
+    0xdb, 0x61, 0x82, 0x4e, 0x00, 0x58, 0xe4, 0x89, 0xae, 0xa6,
+    0x1a, 0x4b, 0xe3, 0x9d, 0xec, 0x65, 0xee, 0xe1, 0x7b, 0xdb,
+    0x4f, 0x8d, 0xf3, 0xd9, 0x89, 0xaa, 0xd1, 0x31, 0x30, 0xde,
+    0xc3, 0x5c, 0xbc, 0xb9, 0x60, 0x0a, 0xe0, 0x13, 0x14, 0x85,
+    0x08, 0x60, 0xc5, 0x1c, 0xc2, 0x9d, 0x8b, 0x6e, 0xb8, 0x94,
+    0x11, 0x6f, 0xd3, 0xee, 0xfb, 0xf8, 0x15, 0xd8, 0xa4, 0x0b,
+    0x92, 0xdf, 0x7c, 0x9a, 0xa2, 0xec, 0xa3, 0x3d, 0xbc, 0xcd,
+    0xe8, 0xb5, 0xb3, 0xf5, 0xe8, 0xee, 0x2a, 0x57, 0xf7, 0x58,
+    0xc4, 0xaa, 0xeb, 0x33, 0x44, 0x5f, 0x62, 0xbe, 0x90, 0x48,
+    0xe5, 0xcb, 0x6a, 0xcb, 0x55, 0x94, 0x6d, 0xe6, 0x22, 0x03,
+    0xeb, 0xcb, 0x05, 0xb8, 0xb4, 0xa5, 0xbe, 0xec, 0x79, 0x21,
+    0x0d, 0xb3, 0x5c, 0x74, 0x11, 0xcb, 0xb3, 0xa6, 0x06, 0x2f,
+    0x73, 0xd1, 0x14, 0xd9, 0x70, 0x4e, 0xc5, 0xf5, 0xff, 0xfd,
+    0x49, 0x3b, 0xa9, 0x22, 0x80, 0x2a, 0x5e, 0xf9, 0xae, 0xa5,
+    0xd4, 0x3c, 0x74, 0xd7, 0x5a, 0x5d, 0x88, 0x6f, 0x99, 0xe2,
+    0x4c, 0xa3, 0x9b, 0x15, 0xb8, 0xfd, 0x0b, 0x0d, 0x57, 0x03,
+    0xe8, 0xda, 0x78, 0xc4, 0x63, 0x49, 0x48, 0x7a, 0x39, 0xcd,
+    0xfa, 0xad, 0x92, 0x55, 0x4a, 0x0e, 0x68, 0x08, 0xb9, 0x34,
+    0xe0, 0x14, 0x6e, 0x19, 0xed, 0x69, 0x14, 0x7f, 0xc1, 0x7d,
+    0x12, 0xac, 0x5d, 0xf7, 0x62, 0x6f, 0x77, 0x65, 0xa3, 0xc2,
+    0xf9, 0xda, 0x43, 0x9e, 0x6b, 0x82, 0xd9, 0x14, 0x57, 0x02,
+    0x09, 0x9f, 0xa7, 0x15, 0x27, 0xe8, 0xad, 0xa1, 0x73, 0xc7,
+    0xb6, 0x11, 0x4c, 0x5e, 0xf4, 0x1a, 0x0a, 0x97, 0x98, 0x5e,
+    0x29, 0x8a, 0x8b, 0xa5, 0xbd, 0x86, 0x7f, 0x6d, 0x31, 0x72,
+    0x6d, 0xe5, 0xcf, 0x13, 0xff, 0xb9, 0x4e, 0x69, 0x66, 0x37,
+    0x1b, 0xfb, 0xe8, 0xb7, 0x60, 0xfe, 0xbf, 0xaa, 0x06, 0x88,
+    0xa4, 0xa2, 0x0b, 0x33, 0x55, 0xac, 0x61, 0x77, 0x0a, 0x6f,
+    0x1f, 0xaf, 0xd8, 0x9b, 0xc7, 0x26, 0x13, 0xf6, 0xc4, 0xef,
+    0xce, 0x0f, 0x16, 0x86, 0x64, 0x1b, 0xc0, 0x71, 0x35, 0xf9,
+    0x1f, 0xaf, 0xc4, 0x7a, 0xa3, 0x3b, 0x89, 0x40, 0xcb, 0x09,
+    0x11, 0x7b, 0x01, 0x54, 0xd5, 0xd2, 0x2a, 0xc8, 0xfe, 0x0e,
+    0xef, 0x8c, 0xfb, 0x2b, 0x08, 0x12, 0x6d, 0xbb, 0xa8, 0x2e,
+    0x7a, 0x2b, 0xc2, 0x91, 0x2a, 0x76, 0x0b, 0x31, 0x30, 0x4a,
+    0x5b, 0xca, 0x96, 0xc9, 0x89, 0xa0, 0x12, 0x40, 0x76, 0xbe,
+    0xcd, 0x59, 0x5f, 0xc2, 0x7b, 0xaf, 0xf6, 0x29, 0xde, 0xe9,
+    0x24, 0x61, 0x3f, 0x46, 0x78, 0xa7, 0xda, 0x65, 0xb0, 0xb3,
+    0xae, 0xf3, 0x72, 0x6e, 0x37, 0x6e, 0xae, 0xb1, 0x3b, 0xf6,
+    0x60, 0xa1, 0x92, 0x86, 0x9e, 0x97, 0x4f, 0x5e, 0x86, 0x88,
+    0x32, 0x06, 0x7c, 0xe3, 0x37, 0x7e, 0xb1, 0x83, 0xf5, 0x83,
+    0x05, 0x43, 0xb3, 0xe3, 0xa1, 0x68, 0xe5, 0x4c, 0x92, 0x9c,
+    0x61, 0xa3, 0x5d, 0xcf, 0x23, 0xe7, 0xce, 0xf5, 0x7f, 0xbb,
+    0xf7, 0x89, 0x5e, 0xa8, 0xf0, 0xa1, 0xff, 0x1a, 0xaf, 0x15,
+    0xc8, 0x3d, 0x8b, 0xce, 0x06, 0xa4, 0x60, 0xd6, 0x40, 0x19,
+    0x48, 0x33, 0x53, 0x34, 0x9e, 0xd8, 0x75, 0xfc, 0x45, 0x73,
+    0x35, 0x8f, 0x70, 0x04, 0x80, 0xa1, 0xe5, 0xfc, 0x98, 0xb0,
+    0x52, 0x63, 0x41, 0x84, 0x57, 0xa2, 0x85, 0x4e, 0x68, 0x13,
+    0x2d, 0x3e, 0x4b, 0x68, 0x7f, 0x43, 0x04, 0x05, 0x02, 0x5a,
+    0x16, 0x67, 0x5a, 0xc5, 0xea, 0xac, 0x25, 0x61, 0xd4, 0xa4,
+    0xe7, 0xbe, 0x13, 0x95, 0xbd, 0x03, 0xb4, 0x26, 0xe3, 0xbf,
+    0x7e, 0xe5, 0x0b, 0x34, 0xeb, 0x59, 0x5d, 0xd7, 0xdb, 0x1e,
+    0x07, 0xfc, 0x63, 0xab, 0xbb, 0xc6, 0x7a, 0x51, 0x50, 0x59,
+    0x13, 0x4b, 0x27, 0x88, 0x98, 0xdc, 0x01, 0x37, 0xeb, 0x58,
+    0x75, 0xde, 0x5a, 0xa4, 0x6b, 0xdd, 0xba, 0x01, 0x40, 0xf7,
+    0x1c, 0x0a, 0xf3, 0x02, 0x3d, 0x54, 0x64, 0xf2, 0x85, 0x43,
+    0x90, 0xc0, 0x69, 0x18, 0x94, 0x95, 0x6e, 0x57, 0x14, 0xda,
+    0x27, 0x0a, 0x42, 0xb2, 0x5a, 0x78, 0xe4, 0xf1, 0x45, 0x85,
+    0x54, 0xec, 0x44, 0xa0, 0xcb, 0xf4, 0xd1, 0x3a, 0x85, 0x74,
+    0x0f, 0x04, 0x67, 0xf4, 0x42, 0x01, 0xc4, 0x04, 0x66, 0x48,
+    0x6c, 0xbe, 0x84, 0x38, 0x6e, 0xda, 0x23, 0xd0, 0xd1, 0x26,
+    0x94, 0x11, 0x65, 0x2e, 0xc6, 0xd8, 0x6e, 0x25, 0x17, 0x43,
+    0x9f, 0x55, 0x2d, 0x1d, 0x55, 0xa9, 0xdd, 0x3b, 0xc7, 0x09,
+    0xde, 0x26, 0x64, 0xd4, 0x85, 0x21, 0x15, 0x0d, 0x4a, 0x45,
+    0x4d, 0xba, 0x13, 0x9e, 0x3b, 0x5e, 0xc2, 0xf7, 0xc1, 0x34,
+    0xc5, 0x74, 0xd4, 0x95, 0x19, 0x3d, 0x69, 0x9c, 0xae, 0xef,
+    0x13, 0x95, 0x2c, 0x77, 0xdd, 0x64, 0x2c, 0x12, 0x31, 0x7d,
+    0xb5, 0x55, 0xde, 0x69, 0x35, 0x3f, 0x77, 0x72, 0xc6, 0x21,
+    0x22, 0x23, 0x7a, 0x05, 0xbf, 0x92, 0xae, 0x49, 0x7f, 0x74,
+    0x17, 0x97, 0x5f, 0x5b, 0x4d, 0x7d, 0x86, 0x23, 0x04, 0xe0,
+    0xff, 0x10, 0x06, 0xc3, 0xd3, 0x05, 0xde, 0xc4, 0xae, 0xaf,
+    0x3d, 0x2d, 0xaf, 0x3c, 0xaf, 0xd3, 0xd5, 0xfd, 0x84, 0xd8,
+    0x3b, 0x6c, 0x8e, 0x8b, 0x23, 0x8b, 0x16, 0xaa, 0x67, 0xf1,
+    0xde, 0xa4, 0x4b, 0x5a, 0x39, 0x60, 0x73, 0xd2, 0x9f, 0x1f,
+    0x8c, 0xcf, 0xbc, 0xaa, 0x74, 0x9e, 0x8d, 0xfd, 0xc3, 0xb7,
+    0x86, 0xe5, 0xbb, 0x5a, 0x4d, 0x3d, 0xe2, 0xc3, 0x28, 0x78,
+    0x26, 0xd4, 0xb3, 0x45, 0x94, 0xd3, 0x2d, 0xbf, 0x8c, 0x92,
+    0x56, 0x3c, 0x6e, 0xea, 0x53, 0x38, 0x7f, 0x22, 0x67, 0xc9,
+    0xa7, 0x14, 0x20, 0xb9, 0x13, 0xc4, 0xa0, 0x44, 0x83, 0xc4,
+    0x19, 0xca, 0x98, 0x71, 0xc7, 0x13, 0x70, 0x3a, 0xa7, 0xfb,
+    0x9e, 0xc4, 0x94, 0x8c, 0xfd, 0x21, 0x36, 0x88, 0xea, 0x23,
+    0xc7, 0x43, 0x52, 0x9f, 0xf4, 0x9e, 0xb1, 0xb4, 0xd3, 0x20,
+    0x65, 0xd8, 0x18, 0x25, 0x80, 0xb7, 0xe4, 0x5c, 0x96, 0x3a,
+    0xa3, 0xb5, 0x40, 0x63, 0xac, 0x02, 0x34, 0x51, 0xf7, 0x12,
+    0xea, 0x97, 0x9d, 0x3e, 0xe7, 0xcb, 0x88, 0x15, 0xaa, 0xe3,
+    0xfe, 0xe5, 0x42, 0xe5, 0x48, 0xcf, 0xc6, 0x8e, 0x0e, 0xc6,
+    0x48, 0xdb, 0xe5, 0x1e, 0x79, 0x99, 0xed, 0x78, 0xa6, 0x37,
+    0xdd, 0xe3, 0x7b, 0x01, 0xdd, 0x20, 0x63, 0x45, 0x57, 0xd1,
+    0x0f, 0x05, 0x5d, 0x29, 0xad, 0x99, 0x6c, 0x27, 0xa3, 0x0c,
+    0x72, 0x81, 0xb1, 0x26, 0x16, 0xaf, 0x11, 0x65, 0xba, 0x79,
+    0xbc, 0xb8, 0xfe, 0xe7, 0xc5, 0xe6, 0x4c, 0xfa, 0x37, 0xc5,
+    0xe0, 0x2e, 0x4e, 0xef, 0x75, 0xe4, 0x04, 0xaf, 0xfa, 0x41,
+    0x7f, 0x58, 0x2e, 0x8f, 0x95, 0x5f, 0x15, 0x5c, 0x15, 0x23,
+    0x81, 0xb7, 0x2c, 0x81, 0x70, 0xf5, 0xcc, 0x60, 0x09, 0x7e,
+    0xf1, 0x0d, 0x9c, 0x9d, 0xcc, 0xa0, 0x30, 0xa8, 0x82, 0x23,
+    0x5f, 0x94, 0xcb, 0x18, 0xc4, 0x32, 0xe6, 0xab, 0xcd, 0x96,
+    0x9e, 0xab, 0xcd, 0x68, 0x6f, 0x88, 0xb7, 0x72, 0x65, 0xbc,
+    0x1e, 0x05, 0x60, 0xfe, 0x6b, 0x77, 0x2a, 0x11, 0x63, 0x59,
+    0x29, 0xdb, 0xba, 0xe0, 0x50, 0xd5, 0x51, 0x77, 0x16, 0xb8,
+    0xb7, 0xf4, 0xa9, 0xbe, 0xf0, 0xa5, 0xaa, 0x20, 0x50, 0x2e,
+    0x73, 0x21, 0xee, 0x77, 0xa3, 0xc8, 0xbc, 0x0c, 0x16, 0x0f,
+    0x83, 0x7b, 0xaf, 0xbb, 0x91, 0x95, 0xd3, 0x6e, 0xe7, 0x28,
+    0x77, 0x00, 0xbc, 0x83, 0x46, 0xa5, 0x0a, 0x19, 0xe8, 0x10,
+    0xfb, 0x24, 0xeb, 0x27, 0xc2, 0xa3, 0xdd, 0xb8, 0x5b, 0x27,
+    0xb9, 0xbb, 0x49, 0xd9, 0xd0, 0x32, 0x94, 0x48, 0x1b, 0xb8,
+    0xf8, 0xb2, 0x30, 0xf4, 0x1f, 0x3d, 0xbf, 0xe6, 0xf3, 0x34,
+    0xd3, 0x32, 0x85, 0x67, 0x85, 0x13, 0x3e, 0x20, 0xb7, 0xfa,
+    0x74, 0x27, 0x74, 0x8f, 0x55, 0x47, 0x15, 0x91, 0x0b, 0x3f,
+    0xb1, 0x18, 0xe7, 0x11, 0x1e, 0x52, 0xd8, 0xd1, 0x3f, 0xb9,
+    0x5d, 0x4f, 0x88, 0xb9, 0x1e, 0x5a, 0xb6, 0x90, 0x64, 0xad,
+    0x6f, 0x8d, 0x33, 0xb3, 0x57, 0xde, 0x3e, 0x13, 0xb3, 0x9f,
+    0x2d, 0x00, 0xb1, 0x79, 0x84, 0x60, 0x6d, 0x3c, 0x5f, 0xc0,
+    0x34, 0x08, 0x4b, 0x58, 0x33, 0x59, 0xfe, 0xe5, 0xed, 0xd3,
+    0x10, 0xd8, 0xd8, 0x85, 0xc3, 0xc9, 0x71, 0xcf, 0x40, 0x96,
+    0xc0, 0xd5, 0x5e, 0x62, 0xe7, 0xcb, 0x33, 0xee, 0x72, 0xb5,
+    0xb8, 0x6e, 0xea, 0x13, 0xde, 0xeb, 0x82, 0x03, 0x8e, 0x6c,
+    0xb3, 0x67, 0xb1, 0x5f, 0xd4, 0xe1, 0xd9, 0xc2, 0x7a, 0x97,
+    0xbb, 0xd4, 0x5e, 0x0b, 0xfe, 0xc1, 0xb3, 0x1f, 0x2b, 0x1a,
+    0x37, 0x98, 0x26, 0x27, 0xb1, 0xaf, 0x4c, 0x55, 0xe1, 0xae,
+    0x4c, 0x86, 0x80, 0x4b, 0xc5, 0xf2, 0x35, 0x48, 0x81, 0xf7,
+    0x83, 0x75, 0x63, 0x08, 0x0d, 0x77, 0x41, 0x14, 0xbc, 0xf3,
+    0x6e, 0x46, 0xbd, 0x9c, 0x5a, 0x4f, 0x5c, 0x89, 0x26, 0xb6,
+    0x6c, 0xde, 0x0d, 0x15, 0x31, 0xec, 0x7e, 0x13, 0xf2, 0x99,
+    0x74, 0x40, 0x3c, 0xe1, 0xea, 0xa0, 0xc9, 0x99, 0x0a, 0x4b,
+    0x17, 0x74, 0xff, 0x47, 0x15, 0x76, 0x5e, 0x44, 0xa2, 0x1c,
+    0x93, 0xd3, 0xe6, 0xa2, 0x82, 0x0f, 0x7f, 0x55, 0xa8, 0xf3,
+    0x79, 0xc3, 0xa8, 0x9f, 0x37, 0x2b, 0x97, 0x7e, 0x90, 0x71,
+    0xfc, 0xa7, 0xff, 0xc6, 0xc7, 0x93, 0x5c, 0xc9, 0xed, 0x20,
+    0x60, 0xbd, 0x5c, 0x36, 0x05, 0x55, 0x51, 0x55, 0x51, 0x15,
+    0x36, 0x01, 0x17, 0xa9, 0x56, 0x27, 0x44, 0x66, 0xc9, 0x3a,
+    0xb9, 0xbb, 0xee, 0x04, 0xb6, 0x2a, 0xfd, 0x10, 0x9a, 0x46,
+    0xdd, 0x5d, 0x6d, 0xad, 0x21, 0x86, 0x6d, 0x62, 0x8a, 0x4a,
+    0xbc, 0x73, 0xf0, 0x9d, 0x93, 0x0d, 0xf1, 0x62, 0xfa, 0x58,
+    0x64, 0x37, 0x4f, 0x0b, 0xa3, 0xa1, 0x52, 0xce, 0x03, 0xce,
+    0x0f, 0x77, 0x29, 0xad, 0x47, 0x38, 0xca, 0xbc, 0x61, 0xe6,
+    0xad, 0xe4, 0x8b, 0xf1, 0x82, 0xa8, 0xd5, 0xe3, 0x8c, 0xd3,
+    0xa0, 0xc4, 0xc0, 0x5e, 0x3b, 0xa1, 0x66, 0x2a, 0x6e, 0x88,
+    0x24, 0x56, 0xe4, 0x84, 0x0a, 0x36, 0x72, 0xf3, 0x5c, 0x11,
+    0xd9, 0x66, 0xd8, 0x45, 0x5c, 0x83, 0x9e, 0x1c, 0x8c, 0xc6,
+    0xf6, 0x6e, 0x6a, 0xb1, 0x52, 0xed, 0x6c, 0x6a, 0x6d, 0x23,
+    0xb9, 0x0b, 0x66, 0x26, 0x5a, 0x16, 0x16, 0x90, 0x43, 0xb9,
+    0xc3, 0x02, 0xc1, 0x43, 0x93, 0x13, 0x94, 0xfe, 0xc3, 0x59,
+    0x49, 0xbe, 0x1e, 0x26, 0x1b, 0x9d, 0x8e, 0xba, 0xc4, 0x29,
+    0x51, 0x05, 0x28, 0x1f, 0x55, 0x59, 0x1c, 0x3e, 0x25, 0x86,
+    0xcc, 0xc7, 0xd9, 0xd3, 0xa8, 0xe7, 0x10, 0xa0, 0xb6, 0x23,
+    0xb9, 0xaf, 0x00, 0x8b, 0x7d, 0xf1, 0x5b, 0xd6, 0xb7, 0x56,
+    0x44, 0x9b, 0x0a, 0xec, 0xa6, 0x2b, 0xb4, 0x4e, 0x1d, 0x4f,
+    0xc5, 0x0b, 0x45, 0xd2, 0x3a, 0xc5, 0xc0, 0xbf, 0xb9, 0xdd,
+    0x59, 0x21, 0xf2, 0x67, 0x25, 0x88, 0x9b, 0xb6, 0x66, 0x83,
+    0xbf, 0x62, 0xfe, 0x7c, 0xfa, 0x9e, 0x50, 0xed, 0x15, 0x93,
+    0xb6, 0x7a, 0xb0, 0xc4, 0xbe, 0xcf, 0x2a, 0x70, 0x4e, 0x52,
+    0x20, 0xc1, 0x24, 0x08, 0x49, 0xd9, 0x05, 0x04, 0x53, 0x73,
+    0xf3, 0xcf, 0x14, 0x70, 0xac, 0x3c, 0x45, 0x0f, 0x08, 0xa3,
+    0xae, 0x43, 0xe7, 0x7f, 0x1f, 0xe2, 0x14, 0xf1, 0xbb, 0x25,
+    0x20, 0xfd, 0xe4, 0xaf, 0x44, 0x9e, 0x77, 0x88, 0x4d, 0x26,
+    0x09, 0xb1, 0xb0, 0x12, 0xf5, 0xdf, 0x3c, 0x53, 0x48, 0x78,
+    0xb9, 0x60, 0x41, 0xd3, 0x8f, 0x8d, 0x11, 0x63, 0x60, 0x28,
+    0x30, 0x07, 0xa2, 0x14, 0x3b, 0x8c, 0x50, 0xe2, 0xee, 0x73,
+    0x39, 0x66, 0xd1, 0x51, 0x87, 0xac, 0x90, 0x9b, 0x2c, 0x6d,
+    0x8d, 0xd5, 0x75, 0x3f, 0xc6, 0xf1, 0x8f, 0xdf, 0xdb, 0x45,
+    0x38, 0xf8, 0xd6, 0x7e, 0xc7, 0x7c, 0x44, 0x08, 0x4a, 0x14,
+    0xa0, 0x84, 0x7c, 0x8b, 0x88, 0x40, 0x93, 0x89, 0xae, 0x2c,
+    0x20, 0x07, 0x80, 0xec, 0xce, 0x4c, 0x2c, 0x4e, 0x49, 0x79,
+    0x53, 0xe7, 0xde, 0xa2, 0x9e, 0x67, 0x21, 0x53, 0x7c, 0x85,
+    0xe7, 0x6f, 0xbd, 0x93, 0xab, 0x63, 0xba, 0xf0, 0xbd, 0xea,
+    0x39, 0x16, 0x47, 0xbf, 0xe6, 0x0c, 0xcb, 0x63, 0xc7, 0xc5,
+    0xf1, 0xdc, 0x5a, 0x52, 0xcd, 0x4c, 0x53, 0x8b, 0x7e, 0xb1,
+    0xc3, 0x4e, 0xe7, 0x61, 0x25, 0x01, 0xec, 0xae, 0x06, 0x74,
+    0x9f, 0xbc, 0xbb, 0x2a, 0x47, 0x46, 0xe8, 0xae, 0xf2, 0xab,
+    0x15, 0xed, 0xa6, 0x86, 0x8f, 0x2f, 0xe5, 0x67, 0x0f, 0xdd,
+    0xbf, 0x70, 0x53, 0xaa, 0x9b, 0x74,
+};
+static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
+static const unsigned char bench_dilithium_level5_pubkey[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0,
+    0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c,
+    0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75,
+    0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6,
+    0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0,
+    0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d,
+    0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f,
+    0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1,
+    0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31,
+    0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23,
+    0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13,
+    0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23,
+    0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b,
+    0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4,
+    0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d,
+    0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6,
+    0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a,
+    0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a,
+    0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6,
+    0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41,
+    0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21,
+    0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55,
+    0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d,
+    0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35,
+    0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27,
+    0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9,
+    0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9,
+    0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18,
+    0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4,
+    0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf,
+    0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79,
+    0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57,
+    0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68,
+    0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67,
+    0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac,
+    0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68,
+    0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7,
+    0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08,
+    0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5,
+    0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0,
+    0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9,
+    0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88,
+    0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6,
+    0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff,
+    0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68,
+    0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde,
+    0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5,
+    0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02,
+    0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f,
+    0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90,
+    0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51,
+    0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d,
+    0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e,
+    0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0,
+    0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb,
+    0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a,
+    0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41,
+    0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6,
+    0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c,
+    0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f,
+    0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec,
+    0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7,
+    0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02,
+    0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8,
+    0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13,
+    0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54,
+    0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23,
+    0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb,
+    0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13,
+    0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c,
+    0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa,
+    0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb,
+    0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae,
+    0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64,
+    0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7,
+    0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75,
+    0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2,
+    0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00,
+    0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd,
+    0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86,
+    0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67,
+    0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43,
+    0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f,
+    0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20,
+    0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b,
+    0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7,
+    0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68,
+    0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9,
+    0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84,
+    0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98,
+    0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35,
+    0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81,
+    0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e,
+    0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc,
+    0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c,
+    0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45,
+    0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd,
+    0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20,
+    0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab,
+    0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69,
+    0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99,
+    0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4,
+    0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a,
+    0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba,
+    0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50,
+    0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae,
+    0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2,
+    0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62,
+    0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e,
+    0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c,
+    0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a,
+    0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70,
+    0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d,
+    0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72,
+    0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb,
+    0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a,
+    0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99,
+    0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c,
+    0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39,
+    0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2,
+    0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf,
+    0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69,
+    0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17,
+    0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6,
+    0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b,
+    0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5,
+    0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1,
+    0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31,
+    0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76,
+    0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81,
+    0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35,
+    0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73,
+    0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d,
+    0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3,
+    0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74,
+    0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8,
+    0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68,
+    0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa,
+    0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08,
+    0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b,
+    0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93,
+    0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb,
+    0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88,
+    0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc,
+    0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3,
+    0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b,
+    0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34,
+    0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92,
+    0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c,
+    0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3,
+    0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a,
+    0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1,
+    0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15,
+    0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe,
+    0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a,
+    0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61,
+    0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf,
+    0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d,
+    0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a,
+    0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38,
+    0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4,
+    0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6,
+    0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72,
+    0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78,
+    0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52,
+    0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3,
+    0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b,
+    0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55,
+    0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1,
+    0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa,
+    0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66,
+    0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45,
+    0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45,
+    0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a,
+    0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40,
+    0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3,
+    0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77,
+    0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53,
+    0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90,
+    0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37,
+    0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5,
+    0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10,
+    0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc,
+    0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f,
+    0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f,
+    0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f,
+    0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce,
+    0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25,
+    0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac,
+    0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7,
+    0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad,
+    0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97,
+    0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88,
+    0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba,
+    0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b,
+    0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d,
+    0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b,
+    0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5,
+    0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2,
+    0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a,
+    0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49,
+    0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c,
+    0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99,
+    0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47,
+    0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde,
+    0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc,
+    0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6,
+    0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58,
+    0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c,
+    0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e,
+    0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5,
+    0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71,
+    0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf,
+    0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00,
+    0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9,
+    0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5,
+    0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd,
+    0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3,
+    0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e,
+    0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51,
+    0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3,
+    0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d,
+    0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a,
+    0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71,
+    0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37,
+    0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58,
+    0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6,
+    0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25,
+    0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64,
+    0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6,
+    0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f,
+    0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4,
+    0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc,
+    0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25,
+    0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18,
+    0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1,
+    0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d,
+    0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce,
+    0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34,
+    0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9,
+    0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18,
+    0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88,
+    0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e,
+    0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30,
+    0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f,
+    0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64,
+    0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32,
+    0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa,
+    0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d,
+    0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d,
+    0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5,
+    0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8,
+    0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25,
+    0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
+    0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
+    0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
+    0x0a, 0x93,
+};
+static const int sizeof_bench_dilithium_level5_pubkey =
+    sizeof(bench_dilithium_level5_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#endif /* HAVE_DILITHIUM */
+
+";
 
 # convert and print sphincs keys
-print OUT_FILE "#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)\n\n";
+print OUT_FILE "#if defined(HAVE_SPHINCS)\n\n";
 for (my $i = 0; $i < $num_sphincs; $i++) {
 
     my $fname = $fileList_sphincs[$i][0];
@@ -277,7 +2058,7 @@ for (my $i = 0; $i < $num_sphincs; $i++) {
     print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
 }
 
-print OUT_FILE "#endif /* HAVE_PQC && HAVE_SPHINCS */\n\n";
+print OUT_FILE "#endif /* HAVE_SPHINCS */\n\n";
 
 # convert and print 256-bit cert/keys
 print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";
diff --git a/lib/dummy b/lib/dummy
deleted file mode 100644
index 13c3b18cd..000000000
--- a/lib/dummy
+++ /dev/null
@@ -1,2 +0,0 @@
-// this is a dummy file
-
diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild
index 093a7a112..0198d04da 100644
--- a/linuxkm/Kbuild
+++ b/linuxkm/Kbuild
@@ -1,6 +1,6 @@
 # Linux kernel-native Makefile ("Kbuild") for libwolfssl.ko
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,7 +18,8 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 
-SHELL=/bin/bash
+.ONESHELL:
+SHELL=bash
 
 ifeq "$(WOLFSSL_OBJ_FILES)" ""
     $(error $$WOLFSSL_OBJ_FILES is unset.)
@@ -32,6 +33,10 @@ WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -is
 
 ifeq "$(KERNEL_ARCH)" "x86"
     WOLFSSL_CFLAGS += -mpreferred-stack-boundary=4
+else ifeq "$(KERNEL_ARCH)" "aarch64"
+    WOLFSSL_CFLAGS += -mno-outline-atomics
+else ifeq "$(KERNEL_ARCH)" "arm64"
+    WOLFSSL_CFLAGS += -mno-outline-atomics
 endif
 
 obj-m := libwolfssl.o
@@ -44,18 +49,33 @@ endif
 
 $(obj)/linuxkm/module_exports.o: $(WOLFSSL_OBJ_TARGETS)
 
+ifndef KERNEL_THREAD_STACK_SIZE
+    ifdef CROSS_COMPILE
+        KERNEL_THREAD_STACK_SIZE=16384
+    endif
+endif
+
 # this mechanism only works in kernel 5.x+ (fallback to hardcoded value)
-hostprogs := linuxkm/get_thread_size
-always-y := $(hostprogs)
+ifndef KERNEL_THREAD_STACK_SIZE
+    hostprogs := linuxkm/get_thread_size
+    always-y := $(hostprogs)
+endif
+
+HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer
+
 # "-mindirect-branch=keep -mfunction-return=keep" to avoid "undefined reference
 #  to `__x86_return_thunk'" on CONFIG_RETHUNK kernels (5.19.0-rc7)
-HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer -mindirect-branch=keep -mfunction-return=keep
+ifeq "$(KERNEL_ARCH)" "x86"
+  HOST_EXTRACFLAGS += -mindirect-branch=keep -mfunction-return=keep
+endif
 
 # this rule is needed to get build to succeed in 4.x (get_thread_size still doesn't get built)
 $(obj)/linuxkm/get_thread_size: $(src)/linuxkm/get_thread_size.c
 
-$(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size
-KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384)
+ifndef KERNEL_THREAD_STACK_SIZE
+    $(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size
+    KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384)
+endif
 MAX_STACK_FRAME_SIZE=$(shell echo $$(( $(KERNEL_THREAD_STACK_SIZE) / 4)))
 
 libwolfssl-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/module_exports.o
@@ -70,7 +90,7 @@ endif
 ccflags-y := $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_NO_VECTOR_INSNS)
 
 $(obj)/libwolfssl.mod.o: ccflags-y :=
-$(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER
+$(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS_H
 
 $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS)
 
@@ -90,15 +110,14 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
 endif
 
-ifeq "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
-    $(obj)/linuxkm/module_hooks.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS)
-    $(obj)/linuxkm/module_hooks.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE)
-endif
+$(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H
+$(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE)
 
 asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPUSIMD_DISABLE)
 
 # vectorized implementations that are kernel-safe are listed here.
-# these are known kernel-compatible, but they still irritate objtool.
+# these are known kernel-compatible, but need the vector instructions enabled in the assembler,
+# and most of them still irritate objtool.
 $(obj)/wolfcrypt/src/aes_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/aes_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/aes_gcm_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
@@ -107,6 +126,21 @@ $(obj)/wolfcrypt/src/aes_xts_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU
 $(obj)/wolfcrypt/src/aes_xts_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/sp_x86_64_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/sp_x86_64_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/sha256_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/sha256_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/sha512_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/sha512_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/sha3_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/sha3_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/chacha_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/chacha_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/poly1305_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/poly1305_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/wc_kyber_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+
+ifndef READELF
+    READELF := readelf
+endif
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 
@@ -116,10 +150,6 @@ ifndef NM
     NM := nm
 endif
 
-ifndef READELF
-    READELF := readelf
-endif
-
 ifndef OBJCOPY
     OBJCOPY := objcopy
 endif
@@ -129,48 +159,54 @@ rename-pie-text-and-data-sections:
 ifneq "$(quiet)" "silent_"
 	@echo -n '  Checking wolfCrypt for unresolved symbols and forbidden relocations... '
 endif
-	@cd "$(obj)" || exit $$?; \
-	$(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?; \
-	undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?; \
-	GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2; \
-	rm wolfcrypt_test_link.o; \
-	if [ -n "$$undefined" ]; then \
-	    echo "wolfCrypt container has unresolved symbols:" 1>&2; \
-	    echo "$$undefined" 1>&2; \
-	    exit 1; \
-	fi; \
-	if [ -n "$$GOT_relocs" ]; then \
-	    echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2; \
-	    echo "$$GOT_relocs" 1>&2; \
-	    exit 1; \
+	@cd "$(obj)" || exit $$?
+	$(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?
+	undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?
+	GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2
+	rm wolfcrypt_test_link.o
+	if [ -n "$$undefined" ]; then
+	    echo "wolfCrypt container has unresolved symbols:" 1>&2
+	    echo "$$undefined" 1>&2
+	    exit 1
+	fi
+	if [ -n "$$GOT_relocs" ]; then
+	    echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2
+	    echo "$$GOT_relocs" 1>&2
+	    exit 1
 	fi
 ifneq "$(quiet)" "silent_"
-	@echo 'OK.'
+	echo 'OK.'
 endif
-	@cd "$(obj)" || exit $$?; \
-	for file in $(WOLFCRYPT_PIE_FILES); do \
-	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt "$$file" || exit $$?; \
+	cd "$(obj)" || exit $$?
+	for file in $(WOLFCRYPT_PIE_FILES); do
+	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?
 	done
 ifneq "$(quiet)" "silent_"
-	@echo '  wolfCrypt .{text,data} sections containerized to .{text,data}.wolfcrypt'
+	echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
 endif
 
-$(src)/linuxkm/module_exports.c: rename-pie-text-and-data-sections
+$(obj)/linuxkm/module_exports.c: rename-pie-text-and-data-sections
 
 endif
 
 
 # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags.
 # exclude symbols that don't match wc_* or wolf*.
-$(src)/linuxkm/module_exports.c: $(src)/linuxkm/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
-	@cp $< $@
-	@readelf --symbols --wide $(WOLFSSL_OBJ_TARGETS) |				\
-		awk '/^ *[0-9]+: / {							\
-		  if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}				\
-		  if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {	\
-		    print "EXPORT_SYMBOL_NS_GPL(" $$8 ", WOLFSSL);";    		\
-		  }									\
-		}' >> $@
-	@echo -e '#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, WOLFSSL);\n#endif' >> $@
+$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
+	@cp $< $@ || exit $$?
+	if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then
+	    # use ASCII octal escape to avoid syntax disruption in the awk script.
+	    ns='\042WOLFSSL\042'
+	else
+	    ns='WOLFSSL'
+	fi
+	$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) |
+		$(AWK) '/^ *[0-9]+: / {
+		  if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}
+		  if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {
+		    print "EXPORT_SYMBOL_NS_GPL(" $$8 ", '"$$ns"');";
+		  }
+		}' >> $@ || exit $$?
+	echo -e "#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, $${ns});\n#endif" >> $@
 
-clean-files := module_exports.c linuxkm src wolfcrypt/src wolfcrypt/test wolfcrypt
+clean-files := linuxkm src wolfcrypt
diff --git a/linuxkm/Makefile b/linuxkm/Makefile
index 667015fbe..d673da6c3 100644
--- a/linuxkm/Makefile
+++ b/linuxkm/Makefile
@@ -1,6 +1,6 @@
 # libwolfssl Linux kernel module Makefile (wraps Kbuild-native makefile)
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,7 +18,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 
-SHELL=/bin/bash
+SHELL=bash
 
 all: libwolfssl.ko libwolfssl.ko.signed
 
@@ -47,6 +47,10 @@ else
     WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST
 endif
 
+ifeq "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
+    WOLFSSL_OBJ_FILES+=wolfcrypt/benchmark/benchmark.o
+endif
+
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     WOLFCRYPT_PIE_FILES := linuxkm/pie_first.o $(filter wolfcrypt/src/%,$(WOLFSSL_OBJ_FILES)) linuxkm/pie_redirect_table.o linuxkm/pie_last.o
     WOLFSSL_OBJ_FILES := $(WOLFCRYPT_PIE_FILES) $(filter-out $(WOLFCRYPT_PIE_FILES),$(WOLFSSL_OBJ_FILES))
@@ -54,16 +58,41 @@ endif
 
 export WOLFSSL_CFLAGS WOLFSSL_ASFLAGS WOLFSSL_OBJ_FILES WOLFCRYPT_PIE_FILES
 
+ifneq "$(host_triplet)" "$(build_triplet)"
+    CROSS_COMPILE := 'CROSS_COMPILE=$(host_triplet)-'
+endif
+
+OVERRIDE_PATHS :=
+
+ifdef CC
+    ifneq "$(CC)" "cc"
+        OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'CC=$(CC)'
+    endif
+endif
+ifdef AS
+    ifneq "$(AS)" "as"
+        OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'AS=$(AS)'
+    endif
+endif
+ifdef LD
+    ifneq "$(LD)" "ld"
+        OVERRIDE_PATHS := $(OVERRIDE_PATHS) 'LD=$(LD)'
+    endif
+endif
+
 libwolfssl.ko:
-	@if test -z "$(KERNEL_ROOT)"; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi
-	@if test -z "$(AM_CFLAGS)$(CFLAGS)"; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi
-	@if test -z "$(src_libwolfssl_la_OBJECTS)"; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi
-	@mkdir -p linuxkm src wolfcrypt/src wolfcrypt/test
-	@if test ! -h $(SRC_TOP)/Kbuild; then ln -s $(MODULE_TOP)/Kbuild $(SRC_TOP)/Kbuild; fi
+	@if test -z '$(KERNEL_ROOT)'; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi
+	@if test -z '$(AM_CFLAGS)$(CFLAGS)'; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi
+	@if test -z '$(src_libwolfssl_la_OBJECTS)'; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi
+        # after commit 9a0ebe5011 (6.10), sources must be in $(obj).  work around this by making links to all needed sources:
+	@mkdir -p '$(MODULE_TOP)/linuxkm'
+	@test '$(MODULE_TOP)/module_hooks.c' -ef '$(MODULE_TOP)/linuxkm/module_hooks.c' || cp --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)'/*.[ch] '$(MODULE_TOP)/linuxkm/'
+	@test '$(SRC_TOP)/wolfcrypt/src/wc_port.c' -ef '$(MODULE_TOP)/wolfcrypt/src/wc_port.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/wolfcrypt' '$(MODULE_TOP)/'
+	@test '$(SRC_TOP)/src/wolfio.c' -ef '$(MODULE_TOP)/src/wolfio.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/src' '$(MODULE_TOP)/'
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
-	+$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(SRC_TOP) $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
+	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
 else
-	+$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(SRC_TOP) $(KBUILD_EXTRA_FLAGS)
+	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS)
 endif
 
 libwolfssl.ko.signed: libwolfssl.ko
@@ -106,6 +135,9 @@ install modules_install:
 # note, must supply $(MODULE_TOP) as the src value for clean so that Kbuild is included, else
 # the top Makefile (which is not for the kernel build) would be included here.
 clean:
+	$(RM) -rf '$(MODULE_TOP)/linuxkm'
+	$(RM) -rf '$(MODULE_TOP)/wolfcrypt'
+	$(RM) -rf '$(MODULE_TOP)/src'
 	+$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(MODULE_TOP) clean
 
 .PHONY: check
diff --git a/linuxkm/get_thread_size.c b/linuxkm/get_thread_size.c
index ed273864e..91095945d 100644
--- a/linuxkm/get_thread_size.c
+++ b/linuxkm/get_thread_size.c
@@ -1,7 +1,7 @@
 /* get_thread_size.c -- trivial program to determine stack frame size
  * for a Linux kernel thread, given a configured source tree.
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/include.am b/linuxkm/include.am
index cec11ad2d..3fac8ca93 100644
--- a/linuxkm/include.am
+++ b/linuxkm/include.am
@@ -12,4 +12,6 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/pie_redirect_table.c \
 	      linuxkm/pie_last.c \
 	      linuxkm/linuxkm_memory.c \
-	      linuxkm/linuxkm_wc_port.h
+	      linuxkm/linuxkm_wc_port.h \
+	      linuxkm/lkcapi_glue.c \
+	      linuxkm/x86_vector_register_glue.c
diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c
index 31a7b9355..e17a56ccc 100644
--- a/linuxkm/linuxkm_memory.c
+++ b/linuxkm/linuxkm_memory.c
@@ -1,6 +1,6 @@
 /* linuxkm_memory.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,214 +71,6 @@ void *lkm_realloc(void *ptr, size_t newsize) {
 }
 #endif /* HAVE_KVMALLOC */
 
-#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
-
-static unsigned int wc_linuxkm_fpu_states_n_tracked = 0;
-
-struct wc_thread_fpu_count_ent {
-    volatile pid_t pid;
-    unsigned int fpu_state;
-};
-struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_states = NULL;
-#define WC_FPU_COUNT_MASK 0x7fffffffU
-#define WC_FPU_SAVED_MASK 0x80000000U
-
-WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void)
-{
-    if (wc_linuxkm_fpu_states != NULL) {
-        static int warned_for_repeat_alloc = 0;
-        if (! warned_for_repeat_alloc) {
-            pr_err("attempt at repeat allocation"
-                   " in allocate_wolfcrypt_linuxkm_fpu_states\n");
-            warned_for_repeat_alloc = 1;
-        }
-        return BAD_STATE_E;
-    }
-
-    if (nr_cpu_ids >= 16)
-        wc_linuxkm_fpu_states_n_tracked = nr_cpu_ids * 2;
-    else
-        wc_linuxkm_fpu_states_n_tracked = 32;
-
-    wc_linuxkm_fpu_states =
-        (struct wc_thread_fpu_count_ent *)malloc(
-            wc_linuxkm_fpu_states_n_tracked * sizeof(wc_linuxkm_fpu_states[0]));
-
-    if (! wc_linuxkm_fpu_states) {
-        pr_err("allocation of %lu bytes for "
-               "wc_linuxkm_fpu_states failed.\n",
-               nr_cpu_ids * sizeof(struct fpu_state *));
-        return MEMORY_E;
-    }
-
-    memset(wc_linuxkm_fpu_states, 0, wc_linuxkm_fpu_states_n_tracked * sizeof(wc_linuxkm_fpu_states[0]));
-
-    return 0;
-}
-
-void free_wolfcrypt_linuxkm_fpu_states(void) {
-    struct wc_thread_fpu_count_ent *i, *i_endptr;
-    pid_t i_pid;
-
-    if (wc_linuxkm_fpu_states == NULL) {
-        pr_err("free_wolfcrypt_linuxkm_fpu_states called"
-               " before allocate_wolfcrypt_linuxkm_fpu_states.\n");
-        return;
-    }
-
-    for (i = wc_linuxkm_fpu_states,
-             i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked];
-         i < i_endptr;
-         ++i)
-    {
-        i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME);
-        if (i_pid == 0)
-            continue;
-        if (i->fpu_state != 0) {
-            pr_err("free_wolfcrypt_linuxkm_fpu_states called"
-                   " with nonzero state 0x%x for pid %d.\n", i->fpu_state, i_pid);
-            i->fpu_state = 0;
-        }
-    }
-
-    free(wc_linuxkm_fpu_states);
-    wc_linuxkm_fpu_states = NULL;
-}
-
-/* lock-(mostly)-free thread-local storage facility for tracking recursive fpu pushing/popping */
-static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p) {
-    struct wc_thread_fpu_count_ent *i, *i_endptr, *i_empty;
-    pid_t my_pid = task_pid_nr(current), i_pid;
-
-    {
-        static int _warned_on_null = 0;
-        if (wc_linuxkm_fpu_states == NULL)
-        {
-            if (_warned_on_null == 0) {
-                pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
-                       " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
-                _warned_on_null = 1;
-            }
-            return NULL;
-        }
-    }
-
-    i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked];
-
-    for (;;) {
-        for (i = wc_linuxkm_fpu_states,
-                 i_empty = NULL;
-             i < i_endptr;
-             ++i)
-        {
-            i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME);
-            if (i_pid == my_pid)
-                return i;
-            if ((i_empty == NULL) && (i_pid == 0))
-                i_empty = i;
-        }
-        if ((i_empty == NULL) || (! create_p))
-            return NULL;
-
-        i_pid = 0;
-        if (__atomic_compare_exchange_n(
-                &(i_empty->pid),
-                &i_pid,
-                my_pid,
-                0 /* weak */,
-                __ATOMIC_SEQ_CST /* success_memmodel */,
-                __ATOMIC_SEQ_CST /* failure_memmodel */))
-        {
-            return i_empty;
-        }
-    }
-}
-
-static void wc_linuxkm_fpu_state_free(struct wc_thread_fpu_count_ent *ent) {
-    if (ent->fpu_state != 0) {
-        static int warned_nonzero_fpu_state = 0;
-        if (! warned_nonzero_fpu_state) {
-            pr_err("wc_linuxkm_fpu_state_free for pid %d"
-                   " with nonzero fpu_state 0x%x.\n", ent->pid, ent->fpu_state);
-            warned_nonzero_fpu_state = 1;
-        }
-        ent->fpu_state = 0;
-    }
-    __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
-}
-
-WARN_UNUSED_RESULT int save_vector_registers_x86(void)
-{
-    struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(1);
-    if (pstate == NULL)
-        return ENOMEM;
-
-    /* allow for nested calls */
-    if (pstate->fpu_state != 0U) {
-        if ((pstate->fpu_state & WC_FPU_COUNT_MASK)
-            == WC_FPU_COUNT_MASK)
-        {
-            pr_err("save_vector_registers_x86 recursion register overflow for "
-                   "pid %d.\n", pstate->pid);
-            return BAD_STATE_E;
-        } else {
-            ++pstate->fpu_state;
-            return 0;
-        }
-    }
-
-    if (irq_fpu_usable()) {
-#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-        /* inhibit migration, which gums up the algorithm in kernel_fpu_{begin,end}(). */
-        migrate_disable();
-#endif
-        kernel_fpu_begin();
-        pstate->fpu_state = 1U; /* set msb 0 to trigger kernel_fpu_end() at cleanup. */
-    } else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0)) {
-        static int warned_fpu_forbidden = 0;
-        if (! warned_fpu_forbidden)
-            pr_err("save_vector_registers_x86 called from IRQ handler.\n");
-        wc_linuxkm_fpu_state_free(pstate);
-        return EPERM;
-    } else {
-#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-        migrate_disable();
-#endif
-        /* assume already safely in_kernel_fpu. */
-        pstate->fpu_state =
-            WC_FPU_SAVED_MASK + 1U; /* set msb 1 to inhibit kernel_fpu_end() at cleanup. */
-    }
-
-    return 0;
-}
-
-void restore_vector_registers_x86(void)
-{
-    struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0);
-    if (pstate == NULL) {
-        pr_err("restore_vector_registers_x86 called by pid %d "
-               "with no saved state.\n", task_pid_nr(current));
-        return;
-    }
-
-    if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) {
-        return;
-    }
-
-    if (pstate->fpu_state == 0U)
-        kernel_fpu_end();
-    else
-        pstate->fpu_state = 0U;
-#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-    migrate_enable();
-#endif
-
-    wc_linuxkm_fpu_state_free(pstate);
-
-    return;
-}
-#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS && CONFIG_X86 */
-
 #if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
 /* needed in 6.1+ because show_free_areas() static definition in mm.h calls
  * __show_free_areas(), which isn't exported (neither was show_free_areas()).
@@ -294,3 +86,11 @@ void my__show_free_areas(
     return;
 }
 #endif
+
+#if defined(__PIE__) && defined(CONFIG_FORTIFY_SOURCE)
+/* needed because FORTIFY_SOURCE inline implementations call fortify_panic(). */
+void __my_fortify_panic(const char *name) {
+    pr_emerg("__my_fortify_panic in %s\n", name);
+    BUG();
+}
+#endif
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index c155f5283..c8a2ddc92 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -1,6 +1,6 @@
 /* linuxkm_wc_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,6 +30,11 @@
         #error Unsupported kernel.
     #endif
 
+    #if defined(HAVE_FIPS) && defined(LINUXKM_LKCAPI_REGISTER_AESXTS) && defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS)
+        /* CONFIG_CRYPTO_MANAGER_EXTRA_TESTS expects AES-XTS-384 to work, even when CONFIG_CRYPTO_FIPS, but FIPS 140-3 only allows AES-XTS-256 and AES-XTS-512. */
+        #error CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is incompatible with FIPS wolfCrypt AES-XTS -- please reconfigure the target kernel to disable CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
+    #endif
+
     #ifdef HAVE_CONFIG_H
         #ifndef PACKAGE_NAME
             #error wc_port.h included before config.h
@@ -65,8 +70,8 @@
           (int)_xatoi_res;                              \
         })
 
-    /* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack objects,
-     *   but gives adequate alignment with "32".
+    /* Kbuild+gcc on x86 doesn't consistently honor the default ALIGN16 on stack
+     * objects, but gives adequate alignment with "32".
      */
     #if defined(CONFIG_X86) && !defined(ALIGN16)
         #define ALIGN16 __attribute__ ( (aligned (32)))
@@ -115,12 +120,143 @@
     _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\"");
     _Pragma("GCC diagnostic ignored \"-Wtype-limits\"");
     _Pragma("GCC diagnostic ignored \"-Wswitch-enum\"");
+    _Pragma("GCC diagnostic ignored \"-Wcast-function-type\""); /* needed for kernel 4.14.336 */
 
     #include <linux/kconfig.h>
+
+    #if defined(__PIE__) && defined(CONFIG_ARM64)
+        #define alt_cb_patch_nops my__alt_cb_patch_nops
+    #endif
+
     #include <linux/kernel.h>
     #include <linux/ctype.h>
+
+    #if defined(CONFIG_FORTIFY_SOURCE) || defined(DEBUG_LINUXKM_FORTIFY_OVERLAY)
+        #ifdef __PIE__
+            /* the inline definitions in fortify-string.h use non-inline
+             * fortify_panic().
+             */
+            extern void __my_fortify_panic(const char *name) __noreturn __cold;
+            #define fortify_panic __my_fortify_panic
+        #endif
+
+        /* the _FORTIFY_SOURCE macros and implementations for several string
+         * functions are incompatible with libwolfssl, so just reimplement with
+         * inlines and remap with macros.
+         */
+
+        #define __ARCH_STRLEN_NO_REDIRECT
+        #define __ARCH_MEMCPY_NO_REDIRECT
+        #define __ARCH_MEMSET_NO_REDIRECT
+        #define __ARCH_MEMMOVE_NO_REDIRECT
+
+        /* the inline definitions in fortify-string.h use non-inline
+         * strlen().
+         */
+        static inline size_t strlen(const char *s) {
+            const char *s_start = s;
+            while (*s)
+                ++s;
+            return (size_t)((uintptr_t)s - (uintptr_t)s_start);
+        }
+
+        #include <linux/string.h>
+
+        #undef strlen
+        #define strlen(s) \
+            ((__builtin_constant_p(s) && __builtin_constant_p(*(s))) ? \
+             (sizeof(s) - 1) : strlen(s))
+
+        static inline void *my_memcpy(void *dest, const void *src, size_t n) {
+            if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
+                   & (uintptr_t)(sizeof(uintptr_t) - 1)))
+            {
+                uintptr_t *src_longs = (uintptr_t *)src,
+                    *dest_longs = (uintptr_t *)dest,
+                    *endp = (uintptr_t *)((u8 *)src + n);
+                while (src_longs < endp)
+                    *dest_longs++ = *src_longs++;
+            } else {
+                u8 *src_bytes = (u8 *)src,
+                    *dest_bytes = (u8 *)dest,
+                    *endp = src_bytes + n;
+                while (src_bytes < endp)
+                    *dest_bytes++ = *src_bytes++;
+            }
+            return dest;
+        }
+        #undef memcpy
+        #define memcpy my_memcpy
+
+        static inline void *my_memset(void *dest, int c, size_t n) {
+            if (! (((uintptr_t)dest | (uintptr_t)n)
+                   & (uintptr_t)(sizeof(uintptr_t) - 1)))
+            {
+                uintptr_t c_long = __builtin_choose_expr(
+                    sizeof(uintptr_t) == 8,
+                    (uintptr_t)(u8)c * 0x0101010101010101UL,
+                    (uintptr_t)(u8)c * 0x01010101U
+                    );
+                uintptr_t *dest_longs = (uintptr_t *)dest,
+                    *endp = (uintptr_t *)((u8 *)dest_longs + n);
+                while (dest_longs < endp)
+                    *dest_longs++ = c_long;
+            } else {
+                u8 *dest_bytes = (u8 *)dest, *endp = dest_bytes + n;
+                while (dest_bytes < endp)
+                    *dest_bytes++ = (u8)c;
+            }
+            return dest;
+        }
+        #undef memset
+        #define memset my_memset
+
+        static inline void *my_memmove(void *dest, const void *src, size_t n) {
+            if (! (((uintptr_t)dest | (uintptr_t)src | (uintptr_t)n)
+                   & (uintptr_t)(sizeof(uintptr_t) - 1)))
+            {
+                uintptr_t *src_longs = (uintptr_t *)src,
+                    *dest_longs = (uintptr_t *)dest;
+                n >>= __builtin_choose_expr(
+                    sizeof(uintptr_t) == 8,
+                    3U,
+                    2U);
+                if (src_longs < dest_longs) {
+                    uintptr_t *startp = src_longs;
+                    src_longs += n - 1;
+                    dest_longs += n - 1;
+                    while (src_longs >= startp)
+                        *dest_longs-- = *src_longs--;
+                } else if (src_longs > dest_longs) {
+                    uintptr_t *endp = src_longs + n;
+                    while (src_longs < endp)
+                        *dest_longs++ = *src_longs++;
+                }
+            } else {
+                u8 *src_bytes = (u8 *)src, *dest_bytes = (u8 *)dest;
+                if (src_bytes < dest_bytes) {
+                    u8 *startp = src_bytes;
+                    src_bytes += n - 1;
+                    dest_bytes += n - 1;
+                    while (src_bytes >= startp)
+                        *dest_bytes-- = *src_bytes--;
+                } else if (src_bytes > dest_bytes) {
+                    u8 *endp = src_bytes + n;
+                    while (src_bytes < endp)
+                        *dest_bytes++ = *src_bytes++;
+                }
+            }
+            return dest;
+        }
+        #undef memmove
+        #define memmove my_memmove
+
+    #endif /* CONFIG_FORTIFY_SOURCE */
+
     #include <linux/init.h>
     #include <linux/module.h>
+    #include <linux/delay.h>
+
     #ifdef __PIE__
         /* without this, mm.h brings in static, but not inline, pmd_to_page(),
          * with direct references to global vmem variables.
@@ -146,7 +282,33 @@
     #include <linux/net.h>
     #include <linux/slab.h>
 
-    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
+    #ifdef LINUXKM_LKCAPI_REGISTER
+        #include <linux/crypto.h>
+        #include <linux/scatterlist.h>
+        #include <crypto/scatterwalk.h>
+        #include <crypto/internal/aead.h>
+        #include <crypto/internal/skcipher.h>
+
+        /* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
+         * loaded simultaneously, and the Linux in-tree implementations have two
+         * AES key structs in each context, one for each direction.  in
+         * linuxkm/lkcapi_glue.c (used for CBC, CFB, and GCM), we do the same
+         * thing with "struct km_AesCtx".  however, wolfCrypt struct AesXts
+         * already has two AES expanded keys, the main and tweak, and the tweak
+         * is always used in the encrypt direction regardless of the main
+         * direction.  to avoid allocating and computing a duplicate second
+         * tweak encrypt key, we set
+         * WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS, which adds a second
+         * Aes slot to wolfCrypt's struct AesXts, and activates support for
+         * AES_ENCRYPTION_AND_DECRYPTION on AES-XTS.
+         */
+        #ifndef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        #endif
+    #endif
+
+    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
+        defined(WOLFSSL_SP_X86_64_ASM)
         #ifndef CONFIG_X86
             #error X86 SIMD extensions requested, but CONFIG_X86 is not set.
         #endif
@@ -172,36 +334,98 @@
         #endif
     #endif
 
-    /* benchmarks.c uses floating point math, so needs a working SAVE_VECTOR_REGISTERS(). */
-    #if defined(WOLFSSL_LINUXKM_BENCHMARKS) && !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
+    /* benchmarks.c uses floating point math, so needs a working
+     * SAVE_VECTOR_REGISTERS().
+     */
+    #if defined(WOLFSSL_LINUXKM_BENCHMARKS) && \
+        !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
         #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
     #endif
 
-    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
+        defined(CONFIG_X86)
+
+        extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void);
+        extern void free_wolfcrypt_linuxkm_fpu_states(void);
+        extern __must_check int can_save_vector_registers_x86(void);
+        extern __must_check int save_vector_registers_x86(void);
+        extern void restore_vector_registers_x86(void);
+
         #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
             #include <asm/i387.h>
         #else
             #include <asm/simd.h>
         #endif
+        #ifndef CAN_SAVE_VECTOR_REGISTERS
+            #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+                #define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
+            #else
+                #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86()
+            #endif
+        #endif
         #ifndef SAVE_VECTOR_REGISTERS
-            #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } }
-            #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
+            #define SAVE_VECTOR_REGISTERS(fail_clause) {    \
+                int _svr_ret = save_vector_registers_x86(); \
+                if (_svr_ret != 0) {                        \
+                    fail_clause                             \
+                }                                           \
+            }
+        #endif
+        #ifndef SAVE_VECTOR_REGISTERS2
+            #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+                #define SAVE_VECTOR_REGISTERS2() ({                    \
+                    int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
+                    (_fuzzer_ret == 0) ?                               \
+                     save_vector_registers_x86() :                     \
+                     _fuzzer_ret;                                      \
+                })
+            #else
+                #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86()
+            #endif
         #endif
         #ifndef RESTORE_VECTOR_REGISTERS
             #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
         #endif
+
     #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
+
+        #error kernel module ARM SIMD is not yet tested or usable.
+
         #include <asm/fpsimd.h>
+
+        static WARN_UNUSED_RESULT inline int save_vector_registers_arm(void)
+        {
+            preempt_disable();
+            if (! may_use_simd()) {
+                preempt_enable();
+                return BAD_STATE_E;
+            } else {
+                fpsimd_preserve_current_state();
+                return 0;
+            }
+        }
+        static inline void restore_vector_registers_arm(void)
+        {
+            fpsimd_restore_current_state();
+            preempt_enable();
+        }
+
         #ifndef SAVE_VECTOR_REGISTERS
             #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } }
+        #endif
+        #ifndef SAVE_VECTOR_REGISTERS2
             #define SAVE_VECTOR_REGISTERS2() save_vector_registers_arm()
         #endif
+        #ifndef CAN_SAVE_VECTOR_REGISTERS
+            #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_arm()
+        #endif
         #ifndef RESTORE_VECTOR_REGISTERS
             #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm()
         #endif
+
     #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
         #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
-    #endif
+    #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
 
     _Pragma("GCC diagnostic pop");
 
@@ -220,6 +444,25 @@
     #ifdef HAVE_FIPS
         extern int wolfCrypt_FIPS_first(void);
         extern int wolfCrypt_FIPS_last(void);
+        #if FIPS_VERSION3_GE(6,0,0)
+            extern int wolfCrypt_FIPS_AES_sanity(void);
+            extern int wolfCrypt_FIPS_CMAC_sanity(void);
+            extern int wolfCrypt_FIPS_DH_sanity(void);
+            extern int wolfCrypt_FIPS_ECC_sanity(void);
+            extern int wolfCrypt_FIPS_ED25519_sanity(void);
+            extern int wolfCrypt_FIPS_ED448_sanity(void);
+            extern int wolfCrypt_FIPS_HMAC_sanity(void);
+            extern int wolfCrypt_FIPS_KDF_sanity(void);
+            extern int wolfCrypt_FIPS_PBKDF_sanity(void);
+            extern int wolfCrypt_FIPS_DRBG_sanity(void);
+            extern int wolfCrypt_FIPS_RSA_sanity(void);
+            extern int wolfCrypt_FIPS_SHA_sanity(void);
+            extern int wolfCrypt_FIPS_SHA256_sanity(void);
+            extern int wolfCrypt_FIPS_SHA512_sanity(void);
+            extern int wolfCrypt_FIPS_SHA3_sanity(void);
+            extern int wolfCrypt_FIPS_FT_sanity(void);
+            extern int wc_RunAllCast_fips(void);
+        #endif
     #endif
 
     #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
@@ -228,8 +471,27 @@
         struct Signer *GetCA(void *signers, unsigned char *hash);
         #ifndef NO_SKID
             struct Signer *GetCAByName(void* signers, unsigned char *hash);
-        #endif
-    #endif
+            #ifdef HAVE_OCSP
+                struct Signer* GetCAByKeyHash(void* vp, const unsigned char* keyHash);
+            #endif /* HAVE_OCSP */
+            #ifdef WOLFSSL_AKID_NAME
+                struct Signer* GetCAByAKID(void* vp, const unsigned char* issuer,
+                                           unsigned int issuerSz,
+                                           const unsigned char* serial,
+                                           unsigned int serialSz);
+            #endif
+        #endif /* NO_SKID */
+
+        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+            struct WOLFSSL_X509_NAME;
+            extern int wolfSSL_X509_NAME_add_entry_by_NID(struct WOLFSSL_X509_NAME *name, int nid,
+                                               int type, const unsigned char *bytes,
+                                               int len, int loc, int set);
+            extern void wolfSSL_X509_NAME_free(struct WOLFSSL_X509_NAME* name);
+            extern struct WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap);
+        #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+    #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
 
     #if defined(__PIE__) && !defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE)
         #error "compiling -fPIE requires PIE redirect table."
@@ -291,26 +553,46 @@
         #else
             typeof(printk) *printk;
         #endif
+
+#ifdef CONFIG_FORTIFY_SOURCE
+        typeof(__warn_printk) *__warn_printk;
+#endif
+
         typeof(snprintf) *snprintf;
 
         const unsigned char *_ctype;
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+        typeof(kmalloc_noprof) *kmalloc_noprof;
+        typeof(krealloc_noprof) *krealloc_noprof;
+        typeof(kzalloc_noprof) *kzalloc_noprof;
+        typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof;
+        typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof;
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
+        typeof(kmalloc_noprof) *kmalloc_noprof;
+        typeof(krealloc_noprof) *krealloc_noprof;
+        typeof(kzalloc_noprof) *kzalloc_noprof;
+        typeof(kvmalloc_node_noprof) *kvmalloc_node_noprof;
+        typeof(kmalloc_trace_noprof) *kmalloc_trace_noprof;
+#else /* <6.10.0 */
         typeof(kmalloc) *kmalloc;
-        typeof(kfree) *kfree;
-        typeof(ksize) *ksize;
         typeof(krealloc) *krealloc;
         #ifdef HAVE_KVMALLOC
         typeof(kvmalloc_node) *kvmalloc_node;
-        typeof(kvfree) *kvfree;
         #endif
-        typeof(is_vmalloc_addr) *is_vmalloc_addr;
-
         #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
             typeof(kmalloc_trace) *kmalloc_trace;
         #else
             typeof(kmem_cache_alloc_trace) *kmem_cache_alloc_trace;
             typeof(kmalloc_order_trace) *kmalloc_order_trace;
         #endif
+#endif /* <6.10.0 */
+        #ifdef HAVE_KVMALLOC
+        typeof(kvfree) *kvfree;
+        #endif
+        typeof(kfree) *kfree;
+        typeof(ksize) *ksize;
+        typeof(is_vmalloc_addr) *is_vmalloc_addr;
 
         typeof(get_random_bytes) *get_random_bytes;
         #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -322,34 +604,15 @@
         #endif
 
         struct task_struct *(*get_current)(void);
-        int (*preempt_count)(void);
 
         #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
 
-            #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0)
-                typeof(cpu_number) *cpu_number;
-            #else
-                typeof(pcpu_hot) *pcpu_hot;
-            #endif
-            typeof(nr_cpu_ids) *nr_cpu_ids;
-
-            #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-                /* note the current and needed version of these were added in af449901b8 (2020-Sep-17) */
-                typeof(migrate_disable) *migrate_disable;
-                typeof(migrate_enable) *migrate_enable;
-            #endif
-
             #ifdef CONFIG_X86
-                typeof(irq_fpu_usable) *irq_fpu_usable;
-                /* kernel_fpu_begin() replaced by kernel_fpu_begin_mask() in commit e4512289,
-                 * released in kernel 5.11, backported to 5.4.93
-                 */
-                #ifdef kernel_fpu_begin
-                    typeof(kernel_fpu_begin_mask) *kernel_fpu_begin_mask;
-                #else
-                    typeof(kernel_fpu_begin) *kernel_fpu_begin;
-                #endif
-                typeof(kernel_fpu_end) *kernel_fpu_end;
+                typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states;
+                typeof(can_save_vector_registers_x86) *can_save_vector_registers_x86;
+                typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states;
+                typeof(restore_vector_registers_x86) *restore_vector_registers_x86;
+                typeof(save_vector_registers_x86) *save_vector_registers_x86;
             #else /* !CONFIG_X86 */
                 #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
             #endif /* arch */
@@ -370,12 +633,60 @@
         #ifdef HAVE_FIPS
         typeof(wolfCrypt_FIPS_first) *wolfCrypt_FIPS_first;
         typeof(wolfCrypt_FIPS_last) *wolfCrypt_FIPS_last;
+        #if FIPS_VERSION3_GE(6,0,0)
+            typeof(wolfCrypt_FIPS_AES_sanity) *wolfCrypt_FIPS_AES_sanity;
+            typeof(wolfCrypt_FIPS_CMAC_sanity) *wolfCrypt_FIPS_CMAC_sanity;
+            typeof(wolfCrypt_FIPS_DH_sanity) *wolfCrypt_FIPS_DH_sanity;
+            typeof(wolfCrypt_FIPS_ECC_sanity) *wolfCrypt_FIPS_ECC_sanity;
+            typeof(wolfCrypt_FIPS_ED25519_sanity) *wolfCrypt_FIPS_ED25519_sanity;
+            typeof(wolfCrypt_FIPS_ED448_sanity) *wolfCrypt_FIPS_ED448_sanity;
+            typeof(wolfCrypt_FIPS_HMAC_sanity) *wolfCrypt_FIPS_HMAC_sanity;
+            typeof(wolfCrypt_FIPS_KDF_sanity) *wolfCrypt_FIPS_KDF_sanity;
+            typeof(wolfCrypt_FIPS_PBKDF_sanity) *wolfCrypt_FIPS_PBKDF_sanity;
+            typeof(wolfCrypt_FIPS_DRBG_sanity) *wolfCrypt_FIPS_DRBG_sanity;
+            typeof(wolfCrypt_FIPS_RSA_sanity) *wolfCrypt_FIPS_RSA_sanity;
+            typeof(wolfCrypt_FIPS_SHA_sanity) *wolfCrypt_FIPS_SHA_sanity;
+            typeof(wolfCrypt_FIPS_SHA256_sanity) *wolfCrypt_FIPS_SHA256_sanity;
+            typeof(wolfCrypt_FIPS_SHA512_sanity) *wolfCrypt_FIPS_SHA512_sanity;
+            typeof(wolfCrypt_FIPS_SHA3_sanity) *wolfCrypt_FIPS_SHA3_sanity;
+            typeof(wolfCrypt_FIPS_FT_sanity) *wolfCrypt_FIPS_FT_sanity;
+            typeof(wc_RunAllCast_fips) *wc_RunAllCast_fips;
+        #endif
         #endif
 
         #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
         typeof(GetCA) *GetCA;
         #ifndef NO_SKID
         typeof(GetCAByName) *GetCAByName;
+        #ifdef HAVE_OCSP
+        typeof(GetCAByKeyHash) *GetCAByKeyHash;
+        #endif /* HAVE_OCSP */
+        #endif /* NO_SKID */
+        #ifdef WOLFSSL_AKID_NAME
+        typeof(GetCAByAKID) *GetCAByAKID;
+        #endif /* WOLFSSL_AKID_NAME */
+
+        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+        typeof(wolfSSL_X509_NAME_add_entry_by_NID) *wolfSSL_X509_NAME_add_entry_by_NID;
+        typeof(wolfSSL_X509_NAME_free) *wolfSSL_X509_NAME_free;
+        typeof(wolfSSL_X509_NAME_new_ex) *wolfSSL_X509_NAME_new_ex;
+        #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+        #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+        #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+        typeof(dump_stack) *dump_stack;
+        #endif
+
+        #ifdef CONFIG_ARM64
+        #ifdef __PIE__
+            /* alt_cb_patch_nops defined early to allow shimming in system
+             * headers, but now we need the native one.
+             */
+            #undef alt_cb_patch_nops
+            typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops;
+        #else
+            typeof(alt_cb_patch_nops) *alt_cb_patch_nops;
         #endif
         #endif
 
@@ -429,26 +740,51 @@
     #else
         #define printk (wolfssl_linuxkm_get_pie_redirect_table()->printk)
     #endif
+
+    #ifdef CONFIG_FORTIFY_SOURCE
+        #define __warn_printk (wolfssl_linuxkm_get_pie_redirect_table()->__warn_printk)
+    #endif
+
     #define snprintf (wolfssl_linuxkm_get_pie_redirect_table()->snprintf)
 
     #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype)
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+    /* see include/linux/alloc_tag.h and include/linux/slab.h */
+    #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
+    #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof)
+    #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
+    #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof)
+    #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof)
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
+    /* see include/linux/alloc_tag.h and include/linux/slab.h */
+    #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
+    #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof)
+    #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
+    #define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof)
+    #define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof)
+#else /* <6.10.0 */
     #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc)
-    #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree)
-    #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize)
     #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc)
     #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO)
     #ifdef HAVE_KVMALLOC
         #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node)
-        #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree)
     #endif
-    #define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr)
     #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
         #define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace)
     #else
         #define kmem_cache_alloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmem_cache_alloc_trace)
         #define kmalloc_order_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_order_trace)
     #endif
+#endif /* <6.10.0 */
+
+    #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree)
+    #ifdef HAVE_KVMALLOC
+        #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree)
+    #endif
+    #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize)
+
+    #define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr)
 
     #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes)
     #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -461,33 +797,15 @@
 
     #undef get_current
     #define get_current (wolfssl_linuxkm_get_pie_redirect_table()->get_current)
-    #undef preempt_count
-    #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count)
 
-    #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-        #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0)
-            #define cpu_number (*(wolfssl_linuxkm_get_pie_redirect_table()->cpu_number))
-        #else
-            #define pcpu_hot (*(wolfssl_linuxkm_get_pie_redirect_table()->pcpu_hot))
-        #endif
-        #define nr_cpu_ids (*(wolfssl_linuxkm_get_pie_redirect_table()->nr_cpu_ids))
-
-        #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-            #define migrate_disable (*(wolfssl_linuxkm_get_pie_redirect_table()->migrate_disable))
-            #define migrate_enable (*(wolfssl_linuxkm_get_pie_redirect_table()->migrate_enable))
-        #endif
-
-        #ifdef CONFIG_X86
-            #define irq_fpu_usable (wolfssl_linuxkm_get_pie_redirect_table()->irq_fpu_usable)
-            #ifdef kernel_fpu_begin
-                #define kernel_fpu_begin_mask (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin_mask)
-            #else
-                #define kernel_fpu_begin (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin)
-            #endif
-            #define kernel_fpu_end (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_end)
-        #else /* !CONFIG_X86 */
-            #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
-        #endif /* archs */
+    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+        #define allocate_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->allocate_wolfcrypt_linuxkm_fpu_states)
+        #define can_save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->can_save_vector_registers_x86)
+        #define free_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->free_wolfcrypt_linuxkm_fpu_states)
+        #define restore_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->restore_vector_registers_x86)
+        #define save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->save_vector_registers_x86)
+    #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
+        #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
     #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
 
     #define __mutex_init (wolfssl_linuxkm_get_pie_redirect_table()->__mutex_init)
@@ -514,47 +832,30 @@
         #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA)
         #ifndef NO_SKID
             #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName)
+            #ifdef HAVE_OCSP
+                #define GetCAByKeyHash (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByKeyHash)
+            #endif /* HAVE_OCSP */
+        #endif /* NO_SKID */
+        #ifdef WOLFSSL_AKID_NAME
+            #define GetCAByAKID (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByAKID)
         #endif
+
+        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+            #define wolfSSL_X509_NAME_add_entry_by_NID (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_add_entry_by_NID)
+            #define wolfSSL_X509_NAME_free (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_free)
+            #define wolfSSL_X509_NAME_new_ex (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_new_ex)
+        #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+    #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+    #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+        #define dump_stack (wolfssl_linuxkm_get_pie_redirect_table()->dump_stack)
     #endif
 
     #endif /* __PIE__ */
 
     #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
 
-#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-
-#ifdef CONFIG_X86
-
-    extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void);
-    extern void free_wolfcrypt_linuxkm_fpu_states(void);
-    extern __must_check int save_vector_registers_x86(void);
-    extern void restore_vector_registers_x86(void);
-
-#elif defined(CONFIG_ARM) || defined(CONFIG_ARM64)
-
-    #error kernel module ARM SIMD is not yet tested or usable.
-
-    static WARN_UNUSED_RESULT inline int save_vector_registers_arm(void)
-    {
-        preempt_disable();
-        if (! may_use_simd()) {
-            preempt_enable();
-            return BAD_STATE_E;
-        } else {
-            fpsimd_preserve_current_state();
-            return 0;
-        }
-    }
-    static inline void restore_vector_registers_arm(void)
-    {
-        fpsimd_restore_current_state();
-        preempt_enable();
-    }
-
-#endif
-
-#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
-
     /* remove this multifariously conflicting macro, picked up from
      * Linux arch/<arch>/include/asm/current.h.
      */
@@ -607,6 +908,7 @@
      */
     #include <linux/mutex.h>
     typedef struct mutex wolfSSL_Mutex;
+    #define WOLFSSL_MUTEX_INITIALIZER(lockname) __MUTEX_INITIALIZER(lockname)
 
     /* prevent gcc's mm_malloc.h from being included, since it unconditionally
      * includes stdlib.h, which is kernel-incompatible.
@@ -616,11 +918,13 @@
     /* fun fact: since linux commit 59bb47985c, kmalloc with power-of-2 size is
      * aligned to the size.
      */
-    #define WC_LINUXKM_ROUND_UP_P_OF_2(x) (                                         \
-    {                                                                               \
-        size_t _alloc_sz = (x);                                                     \
-        _alloc_sz = 1UL << ((sizeof(_alloc_sz) * 8UL) - __builtin_clzl(_alloc_sz)); \
-        _alloc_sz;                                                                  \
+    #define WC_LINUXKM_ROUND_UP_P_OF_2(x) (                                \
+    {                                                                      \
+        size_t _alloc_sz = (x);                                            \
+        if (_alloc_sz < 8192)                                              \
+          _alloc_sz = 1UL <<                                               \
+              ((sizeof(_alloc_sz) * 8UL) - __builtin_clzl(_alloc_sz - 1)); \
+        _alloc_sz;                                                         \
     })
     #ifdef HAVE_KVMALLOC
         #define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), GFP_KERNEL, NUMA_NO_NODE)
@@ -633,8 +937,14 @@
         #define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), GFP_KERNEL)
     #endif
 
-#ifdef WOLFSSL_TRACK_MEMORY
+    #ifndef static_assert
+        #define static_assert(expr, ...) __static_assert(expr, ##__VA_ARGS__, #expr)
+        #define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
+    #endif
+
     #include <wolfssl/wolfcrypt/memory.h>
+
+#ifdef WOLFSSL_TRACK_MEMORY
     #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); wolfSSL_Malloc(s);})
     #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
         #define XFREE(p, h, t)       ({(void)(h); (void)(t); wolfSSL_Free(p);})
@@ -654,11 +964,18 @@
 
     #include <linux/limits.h>
 
+    #ifndef INT32_MAX
+        #define INT32_MAX INT_MAX
+    #endif
+    #ifndef UINT32_MAX
+        #define UINT32_MAX UINT_MAX
+    #endif
+
     /* Linux headers define these using C expressions, but we need
      * them to be evaluable by the preprocessor, for use in sp_int.h.
      */
     #if BITS_PER_LONG == 64
-        _Static_assert(sizeof(ULONG_MAX) == 8,
+        static_assert(sizeof(ULONG_MAX) == 8,
                        "BITS_PER_LONG is 64, but ULONG_MAX is not.");
 
         #undef UCHAR_MAX
@@ -680,7 +997,7 @@
 
     #elif BITS_PER_LONG == 32
 
-        _Static_assert(sizeof(ULONG_MAX) == 4,
+        static_assert(sizeof(ULONG_MAX) == 4,
                        "BITS_PER_LONG is 32, but ULONG_MAX is not.");
 
         #undef UCHAR_MAX
diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c
new file mode 100644
index 000000000..d3c6fda67
--- /dev/null
+++ b/linuxkm/lkcapi_glue.c
@@ -0,0 +1,3133 @@
+/* lkcapi_glue.c -- glue logic to register wolfCrypt implementations with
+ * the Linux Kernel Cryptosystem
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* included by linuxkm/module_hooks.c */
+
+#ifndef LINUXKM_LKCAPI_REGISTER
+    #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
+#endif
+
+/* kernel crypto self-test includes test setups that have different expected
+ * results FIPS vs non-FIPS.
+ */
+#if defined(CONFIG_CRYPTO_MANAGER) && \
+    (defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS))
+#error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS.
+#endif
+
+#ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY
+/* Larger number means higher priority.  The highest in-tree priority is 4001,
+ * in the Cavium driver.
+ */
+#define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 10000
+#endif
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+static int disable_setkey_warnings = 0;
+#else
+#define disable_setkey_warnings 0
+#endif
+
+#ifndef NO_AES
+
+/* note the FIPS code will be returned on failure even in non-FIPS builds. */
+#define LINUXKM_LKCAPI_AES_KAT_MISMATCH_E AES_KAT_FIPS_E
+#define LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E AESGCM_KAT_FIPS_E
+
+#define WOLFKM_AESCBC_NAME   "cbc(aes)"
+#define WOLFKM_AESCFB_NAME   "cfb(aes)"
+#define WOLFKM_AESGCM_NAME   "gcm(aes)"
+#define WOLFKM_AESXTS_NAME   "xts(aes)"
+
+#ifdef WOLFSSL_AESNI
+    #define WOLFKM_DRIVER_ISA_EXT "-aesni"
+#else
+    #define WOLFKM_DRIVER_ISA_EXT ""
+#endif
+
+#ifdef HAVE_FIPS
+    #ifndef HAVE_FIPS_VERSION
+        #define WOLFKM_DRIVER_FIPS "-fips-140"
+    #elif HAVE_FIPS_VERSION >= 5
+        #define WOLFKM_DRIVER_FIPS "-fips-140-3"
+    #elif HAVE_FIPS_VERSION == 2
+        #define WOLFKM_DRIVER_FIPS "-fips-140-2"
+    #else
+        #define WOLFKM_DRIVER_FIPS "-fips-140"
+    #endif
+#else
+    #define WOLFKM_DRIVER_FIPS ""
+#endif
+
+#define WOLFKM_DRIVER_SUFFIX \
+    WOLFKM_DRIVER_ISA_EXT WOLFKM_DRIVER_FIPS "-wolfcrypt"
+
+#define WOLFKM_AESCBC_DRIVER ("cbc-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESCFB_DRIVER ("cfb-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESGCM_DRIVER ("gcm-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESXTS_DRIVER ("xts-aes" WOLFKM_DRIVER_SUFFIX)
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+static int  linuxkm_test_aescbc(void);
+#endif
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
+    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
+#endif
+static int  linuxkm_test_aescfb(void);
+#endif
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
+    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
+#endif
+static int  linuxkm_test_aesgcm(void);
+#endif
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+static int  linuxkm_test_aesxts(void);
+#endif
+
+/* km_AesX(): wrappers to wolfcrypt wc_AesX functions and
+ * structures.  */
+
+#include <wolfssl/wolfcrypt/aes.h>
+
+struct km_AesCtx {
+    Aes          *aes_encrypt; /* allocated in km_AesInitCommon() to assure
+                                * alignment, needed for AESNI.
+                                */
+    Aes          *aes_decrypt; /* same. */
+};
+
+#if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESGCM)
+
+static void km_AesExitCommon(struct km_AesCtx * ctx);
+
+static int km_AesInitCommon(
+    struct km_AesCtx * ctx,
+    const char * name,
+    int need_decryption)
+{
+    int err;
+
+    ctx->aes_encrypt = (Aes *)malloc(sizeof(*ctx->aes_encrypt));
+
+    if (! ctx->aes_encrypt) {
+        pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
+               name, sizeof(*ctx->aes_encrypt));
+        return MEMORY_E;
+    }
+
+    err = wc_AesInit(ctx->aes_encrypt, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesInit failed: %d\n", name, err);
+        free(ctx->aes_encrypt);
+        ctx->aes_encrypt = NULL;
+        return -EINVAL;
+    }
+
+    if (! need_decryption) {
+        ctx->aes_decrypt = NULL;
+        return 0;
+    }
+
+    ctx->aes_decrypt = (Aes *)malloc(sizeof(*ctx->aes_decrypt));
+
+    if (! ctx->aes_decrypt) {
+        pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
+               name, sizeof(*ctx->aes_decrypt));
+        km_AesExitCommon(ctx);
+        return MEMORY_E;
+    }
+
+    err = wc_AesInit(ctx->aes_decrypt, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesInit failed: %d\n", name, err);
+        free(ctx->aes_decrypt);
+        ctx->aes_decrypt = NULL;
+        km_AesExitCommon(ctx);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+static void km_AesExitCommon(struct km_AesCtx * ctx)
+{
+    if (ctx->aes_encrypt) {
+        wc_AesFree(ctx->aes_encrypt);
+        free(ctx->aes_encrypt);
+        ctx->aes_encrypt = NULL;
+    }
+    if (ctx->aes_decrypt) {
+        wc_AesFree(ctx->aes_decrypt);
+        free(ctx->aes_decrypt);
+        ctx->aes_decrypt = NULL;
+    }
+}
+
+#if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCFB)
+
+static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
+                              unsigned int key_len, const char * name)
+{
+    int err;
+
+    err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
+        return -EINVAL;
+    }
+
+    if (ctx->aes_decrypt) {
+        err = wc_AesSetKey(ctx->aes_decrypt, in_key, key_len, NULL,
+                           AES_DECRYPTION);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
+                       name, err);
+            return -EINVAL;
+        }
+    }
+
+    return 0;
+}
+
+static void km_AesExit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    km_AesExitCommon(ctx);
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_ALL ||
+        * LINUXKM_LKCAPI_REGISTER_AESCBC ||
+        * LINUXKM_LKCAPI_REGISTER_AESCFB
+        */
+
+#endif /* LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC ||
+        * LINUXKM_LKCAPI_REGISTER_AESCFB || LINUXKM_LKCAPI_REGISTER_AESGCM
+        */
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+static int km_AesCbcInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESCBC_DRIVER, 1);
+}
+
+static int km_AesCbcSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCBC_DRIVER);
+}
+
+static int km_AesCbcEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        return err;
+    }
+
+    err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesSetIV failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesCbcEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcEncrypt failed for %u bytes: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), nbytes, err);
+            return -EINVAL;
+        }
+
+        nbytes &= WC_AES_BLOCK_SIZE - 1;
+        err = skcipher_walk_done(&walk, nbytes);
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, ctx->aes_encrypt->reg, WC_AES_BLOCK_SIZE);
+
+    return err;
+}
+
+static int km_AesCbcDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        return err;
+    }
+
+    err = wc_AesSetIV(ctx->aes_decrypt, walk.iv);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesCbcDecrypt(ctx->aes_decrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcDecrypt failed for %u bytes: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), nbytes, err);
+            return -EINVAL;
+        }
+
+        nbytes &= WC_AES_BLOCK_SIZE - 1;
+        err = skcipher_walk_done(&walk, nbytes);
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, ctx->aes_decrypt->reg, WC_AES_BLOCK_SIZE);
+
+    return err;
+}
+
+static struct skcipher_alg cbcAesAlg = {
+    .base.cra_name        = WOLFKM_AESCBC_NAME,
+    .base.cra_driver_name = WOLFKM_AESCBC_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = WC_AES_BLOCK_SIZE,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesCbcInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = WC_AES_BLOCK_SIZE,
+    .setkey               = km_AesCbcSetKey,
+    .encrypt              = km_AesCbcEncrypt,
+    .decrypt              = km_AesCbcDecrypt,
+};
+static int cbcAesAlg_loaded = 0;
+
+#endif /* HAVE_AES_CBC &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
+        */
+
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+static int km_AesCfbInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESCFB_DRIVER, 0);
+}
+
+static int km_AesCfbSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCFB_DRIVER);
+}
+
+static int km_AesCfbEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesSetKey failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = wc_AesCfbEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCfbEncrypt failed %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static int km_AesCfbDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesSetKey failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = wc_AesCfbDecrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCfbDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    return err;
+}
+
+static struct skcipher_alg cfbAesAlg = {
+    .base.cra_name        = WOLFKM_AESCFB_NAME,
+    .base.cra_driver_name = WOLFKM_AESCFB_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = WC_AES_BLOCK_SIZE,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesCfbInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = WC_AES_BLOCK_SIZE,
+    .setkey               = km_AesCfbSetKey,
+    .encrypt              = km_AesCfbEncrypt,
+    .decrypt              = km_AesCfbDecrypt,
+};
+static int cfbAesAlg_loaded = 0;
+
+#endif /* WOLFSSL_AES_CFB &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
+        */
+
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+#ifndef WOLFSSL_AESGCM_STREAM
+    #error LKCAPI registration of AES-GCM requires WOLFSSL_AESGCM_STREAM (--enable-aesgcm-stream).
+#endif
+
+static int km_AesGcmInit(struct crypto_aead * tfm)
+{
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESGCM_DRIVER, 0);
+}
+
+static void km_AesGcmExit(struct crypto_aead * tfm)
+{
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+    km_AesExitCommon(ctx);
+}
+
+static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
+                           unsigned int key_len)
+{
+    int err;
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+
+    err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesGcmSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+static int km_AesGcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize)
+{
+    (void)tfm;
+    if (authsize > WC_AES_BLOCK_SIZE ||
+        authsize < WOLFSSL_MIN_AUTH_TAG_SZ) {
+        pr_err("%s: invalid authsize: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize);
+        return -EINVAL;
+    }
+    return 0;
+}
+
+/*
+ * aead ciphers receive data in scatterlists in following order:
+ *   encrypt
+ *     req->src: aad||plaintext
+ *     req->dst: aad||ciphertext||tag
+ *   decrypt
+ *     req->src: aad||ciphertext||tag
+ *     req->dst: aad||plaintext, return 0 or -EBADMSG
+ */
+
+static int km_AesGcmEncrypt(struct aead_request *req)
+{
+    struct crypto_aead * tfm = NULL;
+    struct km_AesCtx *   ctx = NULL;
+    struct skcipher_walk walk;
+    struct scatter_walk  assocSgWalk;
+    unsigned int         nbytes = 0;
+    u8                   authTag[WC_AES_BLOCK_SIZE];
+    int                  err = 0;
+    unsigned int         assocLeft = 0;
+    unsigned int         cryptLeft = 0;
+    u8 *                 assoc = NULL;
+
+    tfm = crypto_aead_reqtfm(req);
+    ctx = crypto_aead_ctx(tfm);
+    assocLeft = req->assoclen;
+    cryptLeft = req->cryptlen;
+
+    scatterwalk_start(&assocSgWalk, req->src);
+
+    err = skcipher_walk_aead_encrypt(&walk, req, false);
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_aead_encrypt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -1;
+    }
+
+    err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
+                        WC_AES_BLOCK_SIZE);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmInit failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    assoc = scatterwalk_map(&assocSgWalk);
+    if (unlikely(IS_ERR(assoc))) {
+        pr_err("%s: scatterwalk_map failed: %ld\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+               PTR_ERR(assoc));
+        return err;
+    }
+
+    err = wc_AesGcmEncryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
+                                 assoc, assocLeft);
+    assocLeft -= assocLeft;
+    scatterwalk_unmap(assoc);
+    assoc = NULL;
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        int n = nbytes;
+
+        if (likely(cryptLeft && nbytes)) {
+            n = cryptLeft < nbytes ? cryptLeft : nbytes;
+
+            err = wc_AesGcmEncryptUpdate(
+                ctx->aes_encrypt,
+                walk.dst.virt.addr,
+                walk.src.virt.addr,
+                cryptLeft,
+                NULL, 0);
+            nbytes -= n;
+            cryptLeft -= n;
+        }
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    err = wc_AesGcmEncryptFinal(ctx->aes_encrypt, authTag, tfm->authsize);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmEncryptFinal failed with return code %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    /* Now copy the auth tag into request scatterlist. */
+    scatterwalk_map_and_copy(authTag, req->dst,
+                             req->assoclen + req->cryptlen,
+                             tfm->authsize, 1);
+
+    return err;
+}
+
+static int km_AesGcmDecrypt(struct aead_request *req)
+{
+    struct crypto_aead * tfm = NULL;
+    struct km_AesCtx *   ctx = NULL;
+    struct skcipher_walk walk;
+    struct scatter_walk  assocSgWalk;
+    unsigned int         nbytes = 0;
+    u8                   origAuthTag[WC_AES_BLOCK_SIZE];
+    int                  err = 0;
+    unsigned int         assocLeft = 0;
+    unsigned int         cryptLeft = 0;
+    u8 *                 assoc = NULL;
+
+    tfm = crypto_aead_reqtfm(req);
+    ctx = crypto_aead_ctx(tfm);
+    assocLeft = req->assoclen;
+    cryptLeft = req->cryptlen - tfm->authsize;
+
+    /* Copy out original auth tag from req->src. */
+    scatterwalk_map_and_copy(origAuthTag, req->src,
+                             req->assoclen + req->cryptlen - tfm->authsize,
+                             tfm->authsize, 0);
+
+    scatterwalk_start(&assocSgWalk, req->src);
+
+    err = skcipher_walk_aead_decrypt(&walk, req, false);
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_aead_decrypt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return err;
+    }
+
+    err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
+                        WC_AES_BLOCK_SIZE);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmInit failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    assoc = scatterwalk_map(&assocSgWalk);
+    if (unlikely(IS_ERR(assoc))) {
+        pr_err("%s: scatterwalk_map failed: %ld\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+               PTR_ERR(assoc));
+        return err;
+    }
+
+    err = wc_AesGcmDecryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
+                                 assoc, assocLeft);
+    assocLeft -= assocLeft;
+    scatterwalk_unmap(assoc);
+    assoc = NULL;
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        int n = nbytes;
+
+        if (likely(cryptLeft && nbytes)) {
+            n = cryptLeft < nbytes ? cryptLeft : nbytes;
+
+            err = wc_AesGcmDecryptUpdate(
+                ctx->aes_encrypt,
+                walk.dst.virt.addr,
+                walk.src.virt.addr,
+                cryptLeft,
+                NULL, 0);
+            nbytes -= n;
+            cryptLeft -= n;
+        }
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    err = wc_AesGcmDecryptFinal(ctx->aes_encrypt, origAuthTag, tfm->authsize);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmDecryptFinal failed with return code %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+
+        if (err == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
+            return -EBADMSG;
+        }
+        else {
+            return -EINVAL;
+        }
+    }
+
+    return err;
+}
+
+static struct aead_alg gcmAesAead = {
+    .base.cra_name        = WOLFKM_AESGCM_NAME,
+    .base.cra_driver_name = WOLFKM_AESGCM_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = 1,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesGcmInit,
+    .exit                 = km_AesGcmExit,
+    .setkey               = km_AesGcmSetKey,
+    .setauthsize          = km_AesGcmSetAuthsize,
+    .encrypt              = km_AesGcmEncrypt,
+    .decrypt              = km_AesGcmDecrypt,
+    .ivsize               = WC_AES_BLOCK_SIZE,
+    .maxauthsize          = WC_AES_BLOCK_SIZE,
+    .chunksize            = WC_AES_BLOCK_SIZE,
+};
+static int gcmAesAead_loaded = 0;
+
+#endif /* HAVE_AESGCM &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
+        */
+
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+#ifndef WOLFSSL_AESXTS_STREAM
+    #error LKCAPI registration of AES-XTS requires WOLFSSL_AESXTS_STREAM (--enable-aesxts-stream).
+#endif
+
+struct km_AesXtsCtx {
+    XtsAes *aesXts; /* allocated in km_AesXtsInitCommon() to assure alignment
+                     * for AESNI.
+                     */
+};
+
+static int km_AesXtsInitCommon(struct km_AesXtsCtx * ctx, const char * name)
+{
+    int err;
+
+    ctx->aesXts = (XtsAes *)malloc(sizeof(*ctx->aesXts));
+
+    if (! ctx->aesXts)
+        return -MEMORY_E;
+
+    err = wc_AesXtsInit(ctx->aesXts, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: km_AesXtsInitCommon failed: %d\n", name, err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+static int km_AesXtsInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesXtsInitCommon(ctx, WOLFKM_AESXTS_DRIVER);
+}
+
+static void km_AesXtsExit(struct crypto_skcipher *tfm)
+{
+    struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
+    wc_AesXtsFree(ctx->aesXts);
+    free(ctx->aesXts);
+    ctx->aesXts = NULL;
+}
+
+static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    int err;
+    struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
+
+    err = wc_AesXtsSetKeyNoInit(ctx->aesXts, in_key, key_len,
+                                AES_ENCRYPTION_AND_DECRYPTION);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
+/* see /usr/src/linux/drivers/md/dm-crypt.c */
+
+static int km_AesXtsEncrypt(struct skcipher_request *req)
+{
+    int                      err = 0;
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesXtsCtx *    ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    if (req->cryptlen < WC_AES_BLOCK_SIZE)
+        return -EINVAL;
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    if (walk.nbytes == walk.total) {
+        err = wc_AesXtsEncrypt(ctx->aesXts, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes, walk.iv, walk.ivsize);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesXtsEncrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, 0);
+
+    } else {
+        int tail = req->cryptlen % WC_AES_BLOCK_SIZE;
+        struct skcipher_request subreq;
+        struct XtsAesStreamData stream;
+
+        if (tail > 0) {
+            int blocks = DIV_ROUND_UP(req->cryptlen, WC_AES_BLOCK_SIZE) - 2;
+
+            skcipher_walk_abort(&walk);
+
+            skcipher_request_set_tfm(&subreq, tfm);
+            skcipher_request_set_callback(&subreq,
+                                          skcipher_request_flags(req),
+                                          NULL, NULL);
+            skcipher_request_set_crypt(&subreq, req->src, req->dst,
+                                       blocks * WC_AES_BLOCK_SIZE, req->iv);
+            req = &subreq;
+
+            err = skcipher_walk_virt(&walk, req, false);
+            if (!walk.nbytes)
+                return err ? : -EINVAL;
+        } else {
+            tail = 0;
+        }
+
+        err = wc_AesXtsEncryptInit(ctx->aesXts, walk.iv, walk.ivsize, &stream);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesXtsEncryptInit failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        while ((nbytes = walk.nbytes) != 0) {
+            /* if this isn't the final call, pass block-aligned data to prevent
+             * end-of-message ciphertext stealing.
+             */
+            if (nbytes < walk.total)
+                nbytes &= ~(WC_AES_BLOCK_SIZE - 1);
+
+            if (nbytes & ((unsigned int)WC_AES_BLOCK_SIZE - 1U))
+                err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr,
+                                            walk.src.virt.addr, nbytes,
+                                            &stream);
+            else
+                err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr,
+                                             walk.src.virt.addr, nbytes,
+                                             &stream);
+
+            if (unlikely(err)) {
+                pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+                return -EINVAL;
+            }
+
+            err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+            if (unlikely(err)) {
+                pr_err("%s: skcipher_walk_done failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+                return err;
+            }
+        }
+
+        if (unlikely(tail > 0)) {
+            struct scatterlist sg_src[2], sg_dst[2];
+            struct scatterlist *src, *dst;
+
+            dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen);
+            if (req->dst != req->src)
+                dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
+
+            skcipher_request_set_crypt(req, src, dst, WC_AES_BLOCK_SIZE + tail,
+                                       req->iv);
+
+            err = skcipher_walk_virt(&walk, &subreq, false);
+            if (err)
+                return err;
+
+            err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr,
+                                         walk.src.virt.addr, walk.nbytes,
+                                         &stream);
+
+            if (unlikely(err)) {
+                pr_err("%s: wc_AesXtsEncryptFinal failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+                return -EINVAL;
+            }
+
+            err = skcipher_walk_done(&walk, 0);
+        } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
+            err = wc_AesXtsEncryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
+        }
+    }
+
+    return err;
+}
+
+static int km_AesXtsDecrypt(struct skcipher_request *req)
+{
+    int                      err = 0;
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesXtsCtx *    ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    if (req->cryptlen < WC_AES_BLOCK_SIZE)
+        return -EINVAL;
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    if (walk.nbytes == walk.total) {
+        err = wc_AesXtsDecrypt(ctx->aesXts,
+                               walk.dst.virt.addr, walk.src.virt.addr,
+                               walk.nbytes, walk.iv, walk.ivsize);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesXtsDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        err = skcipher_walk_done(&walk, 0);
+    } else {
+        int tail = req->cryptlen % WC_AES_BLOCK_SIZE;
+        struct skcipher_request subreq;
+        struct XtsAesStreamData stream;
+
+        if (unlikely(tail > 0)) {
+            int blocks = DIV_ROUND_UP(req->cryptlen, WC_AES_BLOCK_SIZE) - 2;
+
+            skcipher_walk_abort(&walk);
+
+            skcipher_request_set_tfm(&subreq, tfm);
+            skcipher_request_set_callback(&subreq,
+                                          skcipher_request_flags(req),
+                                          NULL, NULL);
+            skcipher_request_set_crypt(&subreq, req->src, req->dst,
+                                       blocks * WC_AES_BLOCK_SIZE, req->iv);
+            req = &subreq;
+
+            err = skcipher_walk_virt(&walk, req, false);
+            if (!walk.nbytes)
+                return err ? : -EINVAL;
+        } else {
+            tail = 0;
+        }
+
+        err = wc_AesXtsDecryptInit(ctx->aesXts, walk.iv, walk.ivsize, &stream);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesXtsDecryptInit failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        while ((nbytes = walk.nbytes) != 0) {
+            /* if this isn't the final call, pass block-aligned data to prevent
+             * end-of-message ciphertext stealing.
+             */
+            if (nbytes < walk.total)
+                nbytes &= ~(WC_AES_BLOCK_SIZE - 1);
+
+            if (nbytes & ((unsigned int)WC_AES_BLOCK_SIZE - 1U))
+                err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr,
+                                            walk.src.virt.addr, nbytes,
+                                            &stream);
+            else
+                err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr,
+                                             walk.src.virt.addr, nbytes,
+                                             &stream);
+
+            if (unlikely(err)) {
+                pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+                return -EINVAL;
+            }
+
+            err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+
+            if (unlikely(err)) {
+                pr_err("%s: skcipher_walk_done failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+                return err;
+            }
+        }
+
+        if (unlikely(tail > 0)) {
+            struct scatterlist sg_src[2], sg_dst[2];
+            struct scatterlist *src, *dst;
+
+            dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen);
+            if (req->dst != req->src)
+                dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
+
+            skcipher_request_set_crypt(req, src, dst, WC_AES_BLOCK_SIZE + tail,
+                                       req->iv);
+
+            err = skcipher_walk_virt(&walk, &subreq, false);
+            if (err)
+                return err;
+
+            err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr,
+                                         walk.src.virt.addr, walk.nbytes,
+                                         &stream);
+
+            if (unlikely(err)) {
+                pr_err("%s: wc_AesXtsDecryptFinal failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+                return -EINVAL;
+            }
+
+            err = skcipher_walk_done(&walk, 0);
+        } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
+            err = wc_AesXtsDecryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
+        }
+    }
+    return err;
+}
+
+static struct skcipher_alg xtsAesAlg = {
+    .base.cra_name          = WOLFKM_AESXTS_NAME,
+    .base.cra_driver_name   = WOLFKM_AESXTS_DRIVER,
+    .base.cra_priority      = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize     = WC_AES_BLOCK_SIZE,
+    .base.cra_ctxsize       = sizeof(struct km_AesXtsCtx),
+    .base.cra_module        = THIS_MODULE,
+
+    .min_keysize            = 2 * AES_128_KEY_SIZE,
+    .max_keysize            = 2 * AES_256_KEY_SIZE,
+    .ivsize                 = WC_AES_BLOCK_SIZE,
+    .walksize               = 2 * WC_AES_BLOCK_SIZE,
+    .init                   = km_AesXtsInit,
+    .exit                   = km_AesXtsExit,
+    .setkey                 = km_AesXtsSetKey,
+    .encrypt                = km_AesXtsEncrypt,
+    .decrypt                = km_AesXtsDecrypt
+};
+static int xtsAesAlg_loaded = 0;
+
+#endif /* WOLFSSL_AES_XTS &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
+        */
+
+/* cipher tests, cribbed from test.c, with supplementary LKCAPI tests: */
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+static int linuxkm_test_aescbc(void)
+{
+    int    ret = 0;
+    struct crypto_skcipher *  tfm = NULL;
+    struct skcipher_request * req = NULL;
+    struct scatterlist        src, dst;
+    Aes    *aes;
+    int    aes_inited = 0;
+    static const byte key32[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    static const byte p_vector[] =
+    /* Now is the time for all good men w/o trailing 0 */
+    {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
+        0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
+    };
+    static const byte iv[] = "1234567890abcdef";
+
+    static const byte c_vector[] =
+    {
+        0xd7,0xd6,0x04,0x5b,0x4d,0xc4,0x90,0xdf,
+        0x4a,0x82,0xed,0x61,0x26,0x4e,0x23,0xb3,
+        0xe4,0xb5,0x85,0x30,0x29,0x4c,0x9d,0xcf,
+        0x73,0xc9,0x46,0xd1,0xaa,0xc8,0xcb,0x62
+    };
+
+    byte    iv_copy[sizeof(iv)];
+    byte    enc[sizeof(p_vector)];
+    byte    dec[sizeof(p_vector)];
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+
+    aes = (Aes *)malloc(sizeof(*aes));
+    if (aes == NULL)
+        return -ENOMEM;
+
+    XMEMSET(enc, 0, sizeof(enc));
+    XMEMSET(dec, 0, sizeof(enc));
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cbc_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = wc_AesCbcEncrypt(aes, enc, p_vector, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCbcEncrypt failed with return code %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
+        pr_err("wolfcrypt wc_AesCbcEncrypt KAT mismatch\n");
+        return LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+    }
+
+    /* Re init for decrypt and set flag. */
+    wc_AesFree(aes);
+    aes_inited = 0;
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cbc_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = wc_AesCbcDecrypt(aes, dec, enc, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCbcDecrypt failed with return code %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: p_vector and dec do not match: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    /* now the kernel crypto part */
+    enc2 = malloc(sizeof(p_vector));
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        goto test_cbc_end;
+    }
+
+    dec2 = malloc(sizeof(p_vector));
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        goto test_cbc_end;
+    }
+
+    memcpy(dec2, p_vector, sizeof(p_vector));
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESCBC_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               WOLFKM_AESCBC_DRIVER, PTR_ERR(tfm));
+        goto test_cbc_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name =
+            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESCBC_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESCBC_NAME, driver_name, WOLFKM_AESCBC_DRIVER);
+            ret = -ENOENT;
+            goto test_cbc_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating AES skcipher request %s failed\n",
+               WOLFKM_AESCBC_DRIVER);
+        goto test_cbc_end;
+    }
+
+    sg_init_one(&src, dec2, sizeof(p_vector));
+    sg_init_one(&dst, enc2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = XMEMCMP(enc, enc2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: enc and enc2 do not match: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    memset(dec2, 0, sizeof(p_vector));
+    sg_init_one(&src, enc2, sizeof(p_vector));
+    sg_init_one(&dst, dec2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_cbc_end;
+    }
+
+    ret = XMEMCMP(dec, dec2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: dec and dec2 do not match: %d\n", ret);
+        goto test_cbc_end;
+    }
+
+test_cbc_end:
+
+    if (enc2) { free(enc2); }
+    if (dec2) { free(dec2); }
+    if (req) { skcipher_request_free(req); }
+    if (tfm) { crypto_free_skcipher(tfm); }
+
+    if (aes_inited)
+        wc_AesFree(aes);
+    free(aes);
+
+    return ret;
+}
+
+#endif /* HAVE_AES_CBC &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
+        */
+
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+static int linuxkm_test_aescfb(void)
+{
+    int    ret = 0;
+    struct crypto_skcipher *  tfm = NULL;
+    struct skcipher_request * req = NULL;
+    struct scatterlist        src, dst;
+    Aes    *aes;
+    int    aes_inited = 0;
+    static const byte key32[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    static const byte p_vector[] =
+    /* Now is the time for all good men w/o trailing 0 */
+    {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
+        0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
+    };
+    static const byte iv[] = "1234567890abcdef";
+    static const byte c_vector[] =
+    {
+        0x56,0x35,0x3f,0xdd,0xde,0xa6,0x15,0x87,
+        0x57,0xdc,0x34,0x62,0x9a,0x68,0x96,0x51,
+        0xc7,0x09,0xb9,0x4e,0x47,0x6b,0x24,0x72,
+        0x19,0x5a,0xdf,0x7e,0xba,0xa8,0x01,0xb6
+    };
+    byte    iv_copy[sizeof(iv)];
+    byte    enc[sizeof(p_vector)];
+    byte    dec[sizeof(p_vector)];
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+
+    aes = (Aes *)malloc(sizeof(*aes));
+    if (aes == NULL)
+        return -ENOMEM;
+
+    XMEMSET(enc, 0, sizeof(enc));
+    XMEMSET(dec, 0, sizeof(enc));
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cfb_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = wc_AesCfbEncrypt(aes, enc, p_vector, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCfbEncrypt failed with return code %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
+        pr_err("wolfcrypt wc_AesCfbEncrypt KAT mismatch\n");
+        return LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+    }
+
+    /* Re init for decrypt and set flag. */
+    wc_AesFree(aes);
+    aes_inited = 0;
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
+        goto test_cfb_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    if (ret) {
+        pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = wc_AesCfbDecrypt(aes, dec, enc, sizeof(p_vector));
+    if (ret) {
+        pr_err("wolfcrypt wc_AesCfbDecrypt failed with return code %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: p_vector and dec do not match: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    /* now the kernel crypto part */
+    enc2 = malloc(sizeof(p_vector));
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        goto test_cfb_end;
+    }
+
+    dec2 = malloc(sizeof(p_vector));
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        goto test_cfb_end;
+    }
+
+    memcpy(dec2, p_vector, sizeof(p_vector));
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESCFB_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               WOLFKM_AESCFB_DRIVER, PTR_ERR(tfm));
+        goto test_cfb_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name =
+            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER);
+            ret = -ENOENT;
+            goto test_cfb_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating AES skcipher request %s failed\n",
+               WOLFKM_AESCFB_DRIVER);
+        goto test_cfb_end;
+    }
+
+    sg_init_one(&src, dec2, sizeof(p_vector));
+    sg_init_one(&dst, enc2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = XMEMCMP(enc, enc2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: enc and enc2 do not match: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    memset(dec2, 0, sizeof(p_vector));
+    sg_init_one(&src, enc2, sizeof(p_vector));
+    sg_init_one(&dst, dec2, sizeof(p_vector));
+
+    XMEMCPY(iv_copy, iv, sizeof(iv));
+    skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_decrypt returned: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+    ret = XMEMCMP(dec, dec2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: dec and dec2 do not match: %d\n", ret);
+        goto test_cfb_end;
+    }
+
+test_cfb_end:
+
+    if (enc2) { free(enc2); }
+    if (dec2) { free(dec2); }
+    if (req) { skcipher_request_free(req); }
+    if (tfm) { crypto_free_skcipher(tfm); }
+
+    if (aes_inited)
+        wc_AesFree(aes);
+    free(aes);
+
+    return ret;
+}
+
+#endif /* WOLFSSL_AES_CFB &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCFB)
+        */
+
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+static int linuxkm_test_aesgcm(void)
+{
+    int     ret = 0;
+    struct crypto_aead *  tfm = NULL;
+    struct aead_request * req = NULL;
+    struct scatterlist *  src = NULL;
+    struct scatterlist *  dst = NULL;
+    Aes    *aes;
+    int    aes_inited = 0;
+    static const byte key32[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    static const byte p_vector[] =
+    /* Now is the time for all w/o trailing 0 */
+    {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    static const byte assoc[] =
+    {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    static const byte ivstr[] = "1234567890abcdef";
+    static const byte c_vector[] =
+    {
+        0x0c,0x97,0x05,0x3c,0xef,0x5c,0x63,0x6b,
+        0x15,0xe4,0x00,0x63,0xf8,0x8c,0xd0,0x95,
+        0x27,0x81,0x90,0x9c,0x9f,0xe6,0x98,0xe9
+    };
+    static const byte KAT_authTag[] =
+    {
+        0xc9,0xd5,0x7a,0x77,0xac,0x28,0xc2,0xe7,
+        0xe4,0x28,0x90,0xaa,0x09,0xab,0xf9,0x7c
+    };
+    byte    enc[sizeof(p_vector)];
+    byte    authTag[WC_AES_BLOCK_SIZE];
+    byte    dec[sizeof(p_vector)];
+    u8 *    assoc2 = NULL;
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+    u8 *    iv = NULL;
+    size_t  encryptLen = sizeof(p_vector);
+    size_t  decryptLen = sizeof(p_vector) + sizeof(authTag);
+
+    /* Init stack variables. */
+    XMEMSET(enc, 0, sizeof(p_vector));
+    XMEMSET(dec, 0, sizeof(p_vector));
+    XMEMSET(authTag, 0, WC_AES_BLOCK_SIZE);
+
+    aes = (Aes *)malloc(sizeof(*aes));
+    if (aes == NULL)
+        return -ENOMEM;
+
+    ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+    if (ret) {
+        pr_err("error: wc_AesInit failed with return code %d.\n", ret);
+        goto test_gcm_end;
+    }
+    aes_inited = 1;
+
+    ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
+                        WC_AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, assoc, sizeof(assoc));
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptUpdate failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmEncryptUpdate(aes, enc, p_vector, sizeof(p_vector), NULL, 0);
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptUpdate failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
+        pr_err("wolfcrypt AES-GCM KAT mismatch on ciphertext\n");
+        ret = LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E;
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmEncryptFinal(aes, authTag, WC_AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    if (XMEMCMP(authTag, KAT_authTag, sizeof(KAT_authTag)) != 0) {
+        pr_err("wolfcrypt AES-GCM KAT mismatch on authTag\n");
+        ret = LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E;
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
+                        WC_AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmDecryptUpdate(aes, dec, enc, sizeof(p_vector),
+                                 assoc, sizeof(assoc));
+    if (ret) {
+        pr_err("error: wc_AesGcmDecryptUpdate failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    ret = wc_AesGcmDecryptFinal(aes, authTag, WC_AES_BLOCK_SIZE);
+    if (ret) {
+        pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
+               ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: gcm: p_vector and dec do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    /* now the kernel crypto part */
+    assoc2 = malloc(sizeof(assoc));
+    if (IS_ERR(assoc2)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+    memset(assoc2, 0, sizeof(assoc));
+    memcpy(assoc2, assoc, sizeof(assoc));
+
+    iv = malloc(WC_AES_BLOCK_SIZE);
+    if (IS_ERR(iv)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+    memset(iv, 0, WC_AES_BLOCK_SIZE);
+    memcpy(iv, ivstr, WC_AES_BLOCK_SIZE);
+
+    enc2 = malloc(decryptLen);
+    if (IS_ERR(enc2)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+
+    dec2 = malloc(decryptLen);
+    if (IS_ERR(dec2)) {
+        pr_err("error: malloc failed\n");
+        goto test_gcm_end;
+    }
+
+    memset(enc2, 0, decryptLen);
+    memset(dec2, 0, decryptLen);
+    memcpy(dec2, p_vector, sizeof(p_vector));
+
+    tfm = crypto_alloc_aead(WOLFKM_AESGCM_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               WOLFKM_AESGCM_DRIVER, PTR_ERR(tfm));
+        goto test_gcm_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER);
+            ret = -ENOENT;
+            goto test_gcm_end;
+        }
+    }
+#endif
+
+    ret = crypto_aead_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
+    if (ret) {
+        pr_err("error: crypto_aead_setkey returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = crypto_aead_setauthsize(tfm, sizeof(authTag));
+    if (ret) {
+        pr_err("error: crypto_aead_setauthsize returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    req = aead_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating AES aead request %s failed: %ld\n",
+               WOLFKM_AESCBC_DRIVER, PTR_ERR(req));
+        goto test_gcm_end;
+    }
+
+    src = malloc(sizeof(struct scatterlist) * 2);
+    dst = malloc(sizeof(struct scatterlist) * 2);
+
+    if (IS_ERR(src) || IS_ERR(dst)) {
+        pr_err("error: malloc src or dst failed: %ld, %ld\n",
+               PTR_ERR(src), PTR_ERR(dst));
+        goto test_gcm_end;
+    }
+
+    sg_init_table(src, 2);
+    sg_set_buf(src, assoc2, sizeof(assoc));
+    sg_set_buf(&src[1], dec2, sizeof(p_vector));
+
+    sg_init_table(dst, 2);
+    sg_set_buf(dst, assoc2, sizeof(assoc));
+    sg_set_buf(&dst[1], enc2, decryptLen);
+
+    aead_request_set_callback(req, 0, NULL, NULL);
+    aead_request_set_ad(req, sizeof(assoc));
+    aead_request_set_crypt(req, src, dst, sizeof(p_vector), iv);
+
+    ret = crypto_aead_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_aead_encrypt returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(enc, enc2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: enc and enc2 do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(authTag, enc2 + encryptLen, sizeof(authTag));
+    if (ret) {
+        pr_err("error: authTags do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    /* Now decrypt crypto request. Reverse src and dst. */
+    memset(dec2, 0, decryptLen);
+    aead_request_set_ad(req, sizeof(assoc));
+    aead_request_set_crypt(req, dst, src, decryptLen, iv);
+
+    ret = crypto_aead_decrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_aead_decrypt returned: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+    ret = XMEMCMP(dec, dec2, sizeof(p_vector));
+    if (ret) {
+        pr_err("error: dec and dec2 do not match: %d\n", ret);
+        goto test_gcm_end;
+    }
+
+test_gcm_end:
+    if (req) { aead_request_free(req); req = NULL; }
+    if (tfm) { crypto_free_aead(tfm); tfm = NULL; }
+
+    if (src) { free(src); src = NULL; }
+    if (dst) { free(dst); dst = NULL; }
+
+    if (dec2) { free(dec2); dec2 = NULL; }
+    if (enc2) { free(enc2); enc2 = NULL; }
+
+    if (assoc2) { free(assoc2); assoc2 = NULL; }
+    if (iv) { free(iv); iv = NULL; }
+
+    if (aes_inited)
+        wc_AesFree(aes);
+    free(aes);
+
+    return ret;
+}
+
+#endif /* HAVE_AESGCM &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
+        */
+
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+/* test vectors from
+ * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html
+ */
+#ifdef WOLFSSL_AES_128
+static int aes_xts_128_test(void)
+{
+    XtsAes *aes = NULL;
+    int aes_inited = 0;
+    int ret = 0;
+#define AES_XTS_128_TEST_BUF_SIZ (WC_AES_BLOCK_SIZE * 2 + 8)
+    unsigned char *buf = NULL;
+    unsigned char *cipher = NULL;
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+    struct scatterlist *  src = NULL;
+    struct scatterlist *  dst = NULL;
+    struct crypto_skcipher *tfm = NULL;
+    struct skcipher_request *req = NULL;
+    struct XtsAesStreamData stream;
+    byte* large_input = NULL;
+
+    /* 128 key tests */
+    static const unsigned char k1[] = {
+        0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
+        0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
+        0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+        0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
+    };
+
+    static const unsigned char i1[] = {
+        0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    static const unsigned char p1[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
+    };
+
+    /* plain text test of partial block is not from NIST test vector list */
+    static const unsigned char pp[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    static const unsigned char c1[] = {
+        0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
+        0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
+    };
+
+    /* plain text test of partial block is not from NIST test vector list */
+    static const unsigned char cp[] = {
+        0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
+        0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
+        0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
+    };
+
+    static const unsigned char k2[] = {
+        0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
+        0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
+        0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
+        0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
+    };
+
+    static const unsigned char i2[] = {
+        0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
+        0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
+    };
+
+    static const unsigned char p2[] = {
+        0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
+        0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
+        0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
+        0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
+    };
+
+    static const unsigned char c2[] = {
+        0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
+        0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
+        0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
+        0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
+    };
+
+#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
+    static const unsigned char k3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    };
+    static const unsigned char i3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    };
+    static const unsigned char p3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
+    };
+    static const unsigned char c3[] = {
+        0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
+        0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
+        0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
+        0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
+        0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
+    };
+#endif /* HAVE_FIPS */
+
+    if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
+        == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    if ((buf = (unsigned char *)XMALLOC(AES_XTS_128_TEST_BUF_SIZ, NULL,
+                                        DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+    if ((cipher = (unsigned char *)XMALLOC(AES_XTS_128_TEST_BUF_SIZ, NULL,
+                                           DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsInit(aes, NULL, INVALID_DEVID);
+    if (ret != 0)
+        goto out;
+    else
+        aes_inited = 1;
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+
+    ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
+                                 p2 + WC_AES_BLOCK_SIZE,
+                                 sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* partial block encryption test */
+    XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(cp, cipher, sizeof(cp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(cp, cipher, sizeof(cp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* partial block decrypt test */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(pp, buf, sizeof(pp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(pp, buf, sizeof(pp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* NIST decrypt test vector */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+#endif
+
+    /* fail case with decrypting using wrong key */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p2, buf, sizeof(p2)) == 0) { /* fail case with wrong key */
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* set correct key and retest */
+    XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p2, buf, sizeof(p2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#ifndef HAVE_FIPS
+
+    /* Test ciphertext stealing in-place. */
+    XMEMCPY(buf, p3, sizeof(p3));
+    ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+
+    ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c3, buf, sizeof(c3))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p3, buf, sizeof(p3))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+#endif /* HAVE_FIPS */
+
+    {
+    #define LARGE_XTS_SZ        1024
+        int i;
+        int j;
+        int k;
+
+        large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (large_input == NULL) {
+            ret = MEMORY_E;
+            goto out;
+        }
+
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        /* first, encrypt block by block then decrypt with a one-shot call. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+            if (ret != 0)
+                goto out;
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+                else
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
+                if (ret != 0)
+                    goto out;
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
+                sizeof(i1));
+            if (ret != 0)
+                goto out;
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+                    goto out;
+                }
+            }
+        }
+
+        /* second, encrypt with a one-shot call then decrypt block by block. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
+                sizeof(i1));
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+            if (ret != 0)
+                goto out;
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+                else
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
+                if (ret != 0)
+                    goto out;
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+                    goto out;
+                }
+            }
+        }
+    }
+
+    /* now the kernel crypto part */
+
+    enc2 = XMALLOC(sizeof(pp), NULL, DYNAMIC_TYPE_AES);
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dec2 = XMALLOC(sizeof(pp), NULL, DYNAMIC_TYPE_AES);
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    src = XMALLOC(sizeof(*src) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! src) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dst = XMALLOC(sizeof(*dst) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! dst) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESXTS_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        ret = PTR_ERR(tfm);
+        pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name =
+            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
+            ret = -ENOENT;
+            goto test_xts_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_ivsize(tfm);
+    if (ret != sizeof(stream.tweak_block)) {
+        pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()"
+               " returned %d but expected %d\n",
+               WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(stream.tweak_block));
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    ret = crypto_skcipher_setkey(tfm, k1, sizeof(k1));
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey for %s returned: %d\n",
+               WOLFKM_AESXTS_NAME, ret);
+        goto test_xts_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        ret = PTR_ERR(req);
+        pr_err("error: allocating AES skcipher request %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, p1, sizeof(p1));
+    memset(enc2, 0, sizeof(p1));
+
+    sg_init_one(src, dec2, sizeof(p1));
+    sg_init_one(dst, enc2, sizeof(p1));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(c1, enc2, sizeof(c1));
+    if (ret) {
+        pr_err("error: c1 and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(p1));
+    sg_init_one(src, enc2, sizeof(p1));
+    sg_init_one(dst, dec2, sizeof(p1));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(p1, dec2, sizeof(p1));
+    if (ret) {
+        pr_err("error: p1 and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, pp, sizeof(pp));
+    memset(enc2, 0, sizeof(pp));
+
+    sg_init_one(src, dec2, sizeof(pp));
+    sg_init_one(dst, enc2, sizeof(pp));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(cp, enc2, sizeof(cp));
+    if (ret) {
+        pr_err("error: cp and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(pp));
+    sg_init_one(src, enc2, sizeof(pp));
+    sg_init_one(dst, dec2, sizeof(pp));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(pp, dec2, sizeof(pp));
+    if (ret) {
+        pr_err("error: pp and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    test_xts_end:
+
+    XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(src, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dst, NULL, DYNAMIC_TYPE_AES);
+    if (req)
+        skcipher_request_free(req);
+    if (tfm)
+        crypto_free_skcipher(tfm);
+
+  out:
+
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (aes_inited)
+        wc_AesXtsFree(aes);
+
+    XFREE(buf, NULL, DYNAMIC_TYPE_AES);
+    XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+
+#undef AES_XTS_128_TEST_BUF_SIZ
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+
+#ifdef WOLFSSL_AES_256
+static int aes_xts_256_test(void)
+{
+    XtsAes *aes = NULL;
+    int aes_inited = 0;
+    int ret = 0;
+#define AES_XTS_256_TEST_BUF_SIZ (WC_AES_BLOCK_SIZE * 3)
+    unsigned char *buf = NULL;
+    unsigned char *cipher = NULL;
+    u8 *    enc2 = NULL;
+    u8 *    dec2 = NULL;
+    struct scatterlist *  src = NULL;
+    struct scatterlist *  dst = NULL;
+    struct crypto_skcipher *tfm = NULL;
+    struct skcipher_request *req = NULL;
+    struct XtsAesStreamData stream;
+    byte* large_input = NULL;
+
+    /* 256 key tests */
+    static const unsigned char k1[] = {
+        0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
+        0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
+        0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
+        0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
+        0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
+        0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
+        0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
+        0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
+    };
+
+    static const unsigned char i1[] = {
+        0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
+        0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
+    };
+
+    static const unsigned char p1[] = {
+        0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
+        0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
+        0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
+        0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
+    };
+
+    static const unsigned char c1[] = {
+        0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
+        0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
+        0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
+        0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
+    };
+
+    /* plain text test of partial block is not from NIST test vector list */
+    static const unsigned char pp[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    static const unsigned char cp[] = {
+        0x65, 0x5e, 0x1d, 0x37, 0x4a, 0x91, 0xe7, 0x6c,
+        0x4f, 0x83, 0x92, 0xbc, 0x5a, 0x10, 0x55, 0x27,
+        0x61, 0x0e, 0x5a, 0xde, 0xca, 0xc5, 0x12, 0xd8
+    };
+
+    static const unsigned char k2[] = {
+        0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
+        0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
+        0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
+        0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
+        0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
+        0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
+        0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
+        0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
+    };
+
+    static const unsigned char i2[] = {
+        0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
+        0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
+    };
+
+    static const unsigned char p2[] = {
+        0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
+        0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
+        0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
+        0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
+        0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
+        0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
+    };
+
+    static const unsigned char c2[] = {
+        0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
+        0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
+        0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
+        0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
+        0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
+        0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
+    };
+
+    if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
+        == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    if ((buf = (unsigned char *)XMALLOC(AES_XTS_256_TEST_BUF_SIZ, NULL,
+                                        DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+    if ((cipher = (unsigned char *)XMALLOC(AES_XTS_256_TEST_BUF_SIZ, NULL,
+                                           DYNAMIC_TYPE_AES)) == NULL)
+    {
+        ret = MEMORY_E;
+        goto out;
+    }
+
+    ret = wc_AesXtsInit(aes, NULL, INVALID_DEVID);
+    if (ret != 0)
+        goto out;
+    else
+        aes_inited = 1;
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+
+    ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
+                                 p2 + WC_AES_BLOCK_SIZE,
+                                 sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c2, buf, sizeof(c2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* partial block encryption test */
+    XMEMSET(cipher, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+
+    /* partial block decrypt test */
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(pp, buf, sizeof(pp))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    /* NIST decrypt test vector */
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
+    if (ret != 0)
+        goto out;
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+    if (ret != 0)
+        goto out;
+    if (XMEMCMP(p2, buf, sizeof(p2))) {
+        ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+        goto out;
+    }
+
+    {
+    #define LARGE_XTS_SZ        1024
+        int i;
+        int j;
+        int k;
+
+        large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (large_input == NULL) {
+            ret = MEMORY_E;
+            goto out;
+        }
+
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        /* first, encrypt block by block then decrypt with a one-shot call. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+            if (ret != 0)
+                goto out;
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+                else
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
+                if (ret != 0)
+                    goto out;
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
+                sizeof(i1));
+            if (ret != 0)
+                goto out;
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+                    goto out;
+                }
+            }
+        }
+
+        /* second, encrypt with a one-shot call then decrypt block by block. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
+                sizeof(i1));
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                goto out;
+            ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+            if (ret != 0)
+                goto out;
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+                else
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
+                if (ret != 0)
+                    goto out;
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
+                    goto out;
+                }
+            }
+        }
+    }
+
+    /* now the kernel crypto part */
+
+    enc2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES);
+    if (!enc2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dec2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES);
+    if (!dec2) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    src = XMALLOC(sizeof(*src) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! src) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    dst = XMALLOC(sizeof(*dst) * 2, NULL, DYNAMIC_TYPE_AES);
+    if (! dst) {
+        pr_err("error: malloc failed\n");
+        ret = -ENOMEM;
+        goto test_xts_end;
+    }
+
+    tfm = crypto_alloc_skcipher(WOLFKM_AESXTS_NAME, 0, 0);
+    if (IS_ERR(tfm)) {
+        ret = PTR_ERR(tfm);
+        pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    {
+        const char *driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
+            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+                   WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
+            ret = -ENOENT;
+            goto test_xts_end;
+        }
+    }
+#endif
+
+    ret = crypto_skcipher_ivsize(tfm);
+    if (ret != sizeof(stream.tweak_block)) {
+        pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()"
+               " returned %d but expected %d\n",
+               WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(stream.tweak_block));
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    ret = crypto_skcipher_setkey(tfm, k1, sizeof(k1));
+    if (ret) {
+        pr_err("error: crypto_skcipher_setkey for %s returned: %d\n",
+               WOLFKM_AESXTS_NAME, ret);
+        goto test_xts_end;
+    }
+
+    req = skcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        ret = PTR_ERR(req);
+        pr_err("error: allocating AES skcipher request %s failed: %d\n",
+               WOLFKM_AESXTS_DRIVER, ret);
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, p1, sizeof(p1));
+    memset(enc2, 0, sizeof(p1));
+
+    sg_init_one(src, dec2, sizeof(p1));
+    sg_init_one(dst, enc2, sizeof(p1));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(c1, enc2, sizeof(c1));
+    if (ret) {
+        pr_err("error: c1 and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(p1));
+    sg_init_one(src, enc2, sizeof(p1));
+    sg_init_one(dst, dec2, sizeof(p1));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(p1, dec2, sizeof(p1));
+    if (ret) {
+        pr_err("error: p1 and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memcpy(dec2, pp, sizeof(pp));
+    memset(enc2, 0, sizeof(pp));
+
+    sg_init_one(src, dec2, sizeof(pp));
+    sg_init_one(dst, enc2, sizeof(pp));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
+
+    ret = crypto_skcipher_encrypt(req);
+
+    if (ret) {
+        pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(cp, enc2, sizeof(cp));
+    if (ret) {
+        pr_err("error: cp and enc2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    memset(dec2, 0, sizeof(pp));
+    sg_init_one(src, enc2, sizeof(pp));
+    sg_init_one(dst, dec2, sizeof(pp));
+
+    memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
+    skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
+
+    ret = crypto_skcipher_decrypt(req);
+
+    if (ret) {
+        pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
+        goto test_xts_end;
+    }
+
+    ret = XMEMCMP(pp, dec2, sizeof(pp));
+    if (ret) {
+        pr_err("error: pp and dec2 do not match: %d\n", ret);
+        ret = -EINVAL;
+        goto test_xts_end;
+    }
+
+    test_xts_end:
+
+    XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
+    XFREE(src, NULL, DYNAMIC_TYPE_AES);
+    XFREE(dst, NULL, DYNAMIC_TYPE_AES);
+    if (req)
+        skcipher_request_free(req);
+    if (tfm)
+        crypto_free_skcipher(tfm);
+
+  out:
+
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (aes_inited)
+        wc_AesXtsFree(aes);
+
+    XFREE(buf, NULL, DYNAMIC_TYPE_AES);
+    XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
+
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+
+#undef AES_XTS_256_TEST_BUF_SIZ
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_256 */
+
+static int linuxkm_test_aesxts(void) {
+    int ret;
+
+    #ifdef WOLFSSL_AES_128
+    ret = aes_xts_128_test();
+    if (ret != 0) {
+        pr_err("aes_xts_128_test() failed with retval %d.\n", ret);
+        goto out;
+    }
+    #endif
+    #ifdef WOLFSSL_AES_256
+    ret = aes_xts_256_test();
+    if (ret != 0) {
+        pr_err("aes_xts_256_test() failed with retval %d.\n", ret);
+        goto out;
+    }
+    #endif
+
+out:
+
+    return ret;
+}
+
+#endif /* WOLFSSL_AES_XTS &&
+        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
+        */
+
+#endif /* !NO_AES */
+
+#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
+        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+    #ifdef CONFIG_CRYPTO_FIPS
+        #include <linux/fips.h>
+    #else
+        #error wolfCrypt FIPS with LINUXKM_LKCAPI_REGISTER and CONFIG_CRYPTO_MANAGER requires CONFIG_CRYPTO_FIPS
+    #endif
+#endif
+
+static int linuxkm_lkcapi_register(void)
+{
+    int ret = 0;
+#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
+        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+    int enabled_fips = 0;
+#endif
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+    /* temporarily disable warnings around setkey failures, which are expected
+     * from the crypto fuzzer in FIPS configs, and potentially in others.
+     * unexpected setkey failures are fatal errors returned by the fuzzer.
+     */
+    disable_setkey_warnings = 1;
+#endif
+#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
+        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+    if (! fips_enabled) {
+        /* temporarily assert system-wide FIPS status, to disable FIPS-forbidden
+         * test vectors and fuzzing from the CRYPTO_MANAGER.
+         */
+        enabled_fips = fips_enabled = 1;
+    }
+#endif
+
+#define REGISTER_ALG(alg, installer, tester) do {                       \
+        if (alg ## _loaded) {                                           \
+            pr_err("ERROR: %s is already registered.\n",                \
+                   (alg).base.cra_driver_name);                         \
+            ret = -EEXIST;                                              \
+            goto out;                                                   \
+        }                                                               \
+                                                                        \
+        ret =  (installer)(&(alg));                                     \
+                                                                        \
+        if (ret) {                                                      \
+            pr_err("ERROR: " #installer " for %s failed "               \
+                   "with return code %d.\n",                            \
+                   (alg).base.cra_driver_name, ret);                    \
+            goto out;                                                   \
+        }                                                               \
+                                                                        \
+        alg ## _loaded = 1;                                             \
+                                                                        \
+        ret = (tester());                                               \
+                                                                        \
+        if (ret) {                                                      \
+            pr_err("ERROR: self-test for %s failed "                    \
+                   "with return code %d.\n",                            \
+                   (alg).base.cra_driver_name, ret);                    \
+            goto out;                                                   \
+        }                                                               \
+        pr_info("%s self-test OK -- "                                   \
+                "registered for %s with priority %d.\n",                \
+                (alg).base.cra_driver_name,                             \
+                (alg).base.cra_name,                                    \
+                (alg).base.cra_priority);                               \
+    } while (0)
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+    REGISTER_ALG(cbcAesAlg, crypto_register_skcipher, linuxkm_test_aescbc);
+#endif
+
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+    REGISTER_ALG(cfbAesAlg, crypto_register_skcipher, linuxkm_test_aescfb);
+#endif
+
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+    REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm);
+#endif
+
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+    REGISTER_ALG(xtsAesAlg, crypto_register_skcipher, linuxkm_test_aesxts);
+#endif
+
+#undef REGISTER_ALG
+
+    out:
+
+#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
+        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+    if (enabled_fips)
+        fips_enabled = 0;
+#endif
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+    disable_setkey_warnings = 0;
+#endif
+
+    return ret;
+}
+
+static void linuxkm_lkcapi_unregister(void)
+{
+#define UNREGISTER_ALG(alg, uninstaller) do {                           \
+        if (alg ## _loaded) {                                           \
+            (uninstaller)(&(alg));                                      \
+            alg ## _loaded = 0;                                         \
+        }                                                               \
+    } while (0)
+
+#if defined(HAVE_AES_CBC) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+
+    UNREGISTER_ALG(cbcAesAlg, crypto_unregister_skcipher);
+#endif
+#if defined(WOLFSSL_AES_CFB) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+
+    UNREGISTER_ALG(cfbAesAlg, crypto_unregister_skcipher);
+#endif
+#if defined(HAVE_AESGCM) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+
+    UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead);
+#endif
+#if defined(WOLFSSL_AES_XTS) && \
+    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+
+    UNREGISTER_ALG(xtsAesAlg, crypto_unregister_skcipher);
+#endif
+
+#undef UNREGISTER_ALG
+}
diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template
index b8266f84b..699f83c45 100644
--- a/linuxkm/module_exports.c.template
+++ b/linuxkm/module_exports.c.template
@@ -1,7 +1,7 @@
 /* module_exports.c.template -- static preamble for dynamically generated
  * module_exports.c (see Kbuild)
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -149,6 +149,32 @@
     #include <wolfssl/wolfcrypt/kdf.h>
 #endif
 
+#ifdef WOLFSSL_HAVE_KYBER
+    #include <wolfssl/wolfcrypt/kyber.h>
+#ifdef WOLFSSL_WC_KYBER
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#endif
+#if defined(WOLFSSL_HAVE_XMSS)
+    #include <wolfssl/wolfcrypt/xmss.h>
+#ifdef HAVE_LIBXMSS
+    #include <wolfssl/wolfcrypt/ext_xmss.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_xmss.h>
+#endif
+#endif
+#if defined(WOLFSSL_HAVE_LMS)
+    #include <wolfssl/wolfcrypt/lms.h>
+#ifdef HAVE_LIBLMS
+    #include <wolfssl/wolfcrypt/ext_lms.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_lms.h>
+#endif
+#endif
+#ifdef HAVE_DILITHIUM
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
+
 #ifdef OPENSSL_EXTRA
   #ifndef WOLFCRYPT_ONLY
       #include <wolfssl/openssl/evp.h>
@@ -189,3 +215,6 @@
 #include <wolfssl/openssl/pem.h>
 #endif
 
+#if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
+#include <wolfssl/openssl/fips_rand.h>
+#endif
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 5b5133742..1899b9cfd 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -1,6 +1,6 @@
 /* module_hooks.c -- module load/unload hooks for libwolfssl.ko
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,8 +20,12 @@
  */
 
 #ifndef WOLFSSL_LICENSE
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+#define WOLFSSL_LICENSE "wolfSSL Commercial"
+#else
 #define WOLFSSL_LICENSE "GPL v2"
 #endif
+#endif
 
 #define FIPS_NO_WRAPPERS
 
@@ -43,7 +47,6 @@
 #endif
 #ifndef NO_CRYPT_TEST
     #include <wolfcrypt/test/test.h>
-    #include <linux/delay.h>
 #endif
 
 static int libwolfssl_cleanup(void) {
@@ -67,6 +70,8 @@ static int libwolfssl_cleanup(void) {
 
 #ifdef HAVE_LINUXKM_PIE_SUPPORT
 
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+
 extern int wolfCrypt_PIE_first_function(void);
 extern int wolfCrypt_PIE_last_function(void);
 extern const unsigned int wolfCrypt_PIE_rodata_start[];
@@ -86,6 +91,8 @@ static unsigned int hash_span(char *start, char *end) {
     return sum;
 }
 
+#endif /* DEBUG_LINUXKM_PIE_SUPPORT */
+
 #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
 extern struct wolfssl_linuxkm_pie_redirect_table wolfssl_linuxkm_pie_redirect_table;
 static int set_up_wolfssl_linuxkm_pie_redirect_table(void);
@@ -98,7 +105,7 @@ static void lkmFipsCb(int ok, int err, const char* hash)
 {
     if ((! ok) || (err != 0))
         pr_err("libwolfssl FIPS error: %s\n", wc_GetErrorString(err));
-    if (err == IN_CORE_FIPS_E) {
+    if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
         pr_err("In-core integrity hash check failure.\n"
                "Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
                hash ? hash : "<null>");
@@ -114,14 +121,17 @@ static int updateFipsHash(void);
 #endif
 
 #ifdef WOLFSSL_LINUXKM_BENCHMARKS
-#undef HAVE_PTHREAD
-#define STRING_USER
-#define NO_MAIN_FUNCTION
-#define current_time benchmark_current_time
-#define WOLFSSL_NO_FLOAT_FMT
-#include "wolfcrypt/benchmark/benchmark.c"
+extern int wolfcrypt_benchmark_main(int argc, char** argv);
 #endif /* WOLFSSL_LINUXKM_BENCHMARKS */
 
+#ifdef LINUXKM_LKCAPI_REGISTER
+    #include "linuxkm/lkcapi_glue.c"
+#endif
+
+#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+    #include "linuxkm/x86_vector_register_glue.c"
+#endif
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
 static int __init wolfssl_init(void)
 #else
@@ -148,7 +158,7 @@ static int wolfssl_init(void)
         return ret;
 #endif
 
-#ifdef HAVE_LINUXKM_PIE_SUPPORT
+#if defined(HAVE_LINUXKM_PIE_SUPPORT) && defined(DEBUG_LINUXKM_PIE_SUPPORT)
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0)
     /* see linux commit ac3b432839 */
@@ -215,7 +225,7 @@ static int wolfssl_init(void)
                 text_hash, pie_text_end-pie_text_start,
                 rodata_hash, pie_rodata_end-pie_rodata_start);
     }
-#endif /* HAVE_LINUXKM_PIE_SUPPORT */
+#endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */
 
 #ifdef HAVE_FIPS
     ret = wolfCrypt_SetCb_fips(lkmFipsCb);
@@ -226,28 +236,14 @@ static int wolfssl_init(void)
     fipsEntry();
     ret = wolfCrypt_GetStatus_fips();
     if (ret != 0) {
-        pr_err("wolfCrypt_GetStatus_fips() failed: %s\n", wc_GetErrorString(ret));
-        if (ret == IN_CORE_FIPS_E) {
+        pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
+        if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
             const char *newhash = wolfCrypt_GetCoreHash_fips();
             pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
                    newhash ? newhash : "<null>");
         }
         return -ECANCELED;
     }
-
-    pr_info("wolfCrypt FIPS ["
-
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 3)
-            "ready"
-#elif defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) \
-    && defined(WOLFCRYPT_FIPS_RAND)
-            "140-2 rand"
-#elif defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
-            "140-2"
-#else
-            "140"
-#endif
-            "] POST succeeded.\n");
 #endif /* HAVE_FIPS */
 
 #ifdef WC_RNG_SEED_CB
@@ -274,6 +270,40 @@ static int wolfssl_init(void)
     }
 #endif
 
+#ifdef HAVE_FIPS
+    ret = wc_RunAllCast_fips();
+    if (ret != 0) {
+        pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret);
+        return -ECANCELED;
+    }
+
+    pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup "
+            "self-test succeeded.\n",
+#ifdef HAVE_FIPS_VERSION_MAJOR
+            HAVE_FIPS_VERSION_MAJOR,
+#else
+            HAVE_FIPS_VERSION,
+#endif
+#ifdef HAVE_FIPS_VERSION_MINOR
+            HAVE_FIPS_VERSION_MINOR,
+#else
+            0,
+#endif
+#ifdef HAVE_FIPS_VERSION_PATCH
+            HAVE_FIPS_VERSION_PATCH,
+#else
+            0,
+#endif
+#ifdef HAVE_FIPS_VERSION_PORT
+            "-",
+            HAVE_FIPS_VERSION_PORT
+#else
+            "",
+            ""
+#endif
+        );
+#endif /* HAVE_FIPS */
+
 #ifndef NO_CRYPT_TEST
     ret = wolfcrypt_test(NULL);
     if (ret < 0) {
@@ -283,6 +313,21 @@ static int wolfssl_init(void)
         return -ECANCELED;
     }
     pr_info("wolfCrypt self-test passed.\n");
+#else
+    pr_info("skipping full wolfcrypt_test() "
+            "(configure with --enable-crypttests to enable).\n");
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER
+    ret = linuxkm_lkcapi_register();
+
+    if (ret) {
+        pr_err("linuxkm_lkcapi_register() failed with return code %d.\n", ret);
+        linuxkm_lkcapi_unregister();
+        (void)libwolfssl_cleanup();
+        msleep(10);
+        return -ECANCELED;
+    }
 #endif
 
 #ifdef WOLFSSL_LINUXKM_BENCHMARKS
@@ -322,6 +367,10 @@ static void __exit wolfssl_exit(void)
 static void wolfssl_exit(void)
 #endif
 {
+#ifdef LINUXKM_LKCAPI_REGISTER
+    linuxkm_lkcapi_unregister();
+#endif
+
     (void)libwolfssl_cleanup();
 
     return;
@@ -341,11 +390,22 @@ static struct task_struct *my_get_current_thread(void) {
     return get_current();
 }
 
-/* ditto for preempt_count(). */
-static int my_preempt_count(void) {
-    return preempt_count();
+#if defined(WOLFSSL_LINUXKM_SIMD_X86) && defined(WOLFSSL_COMMERCIAL_LICENSE)
+
+/* ditto for fpregs_lock/fpregs_unlock */
+#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+static void my_fpregs_lock(void) {
+    fpregs_lock();
 }
 
+static void my_fpregs_unlock(void) {
+    fpregs_unlock();
+}
+
+#endif /* WOLFSSL_LINUXKM_SIMD_X86 && WOLFSSL_COMMERCIAL_LICENSE */
+
+#endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
+
 static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     memset(
         &wolfssl_linuxkm_pie_redirect_table,
@@ -355,6 +415,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 #ifndef __ARCH_MEMCMP_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memcmp = memcmp;
 #endif
+#ifndef CONFIG_FORTIFY_SOURCE
 #ifndef __ARCH_MEMCPY_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memcpy = memcpy;
 #endif
@@ -364,6 +425,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 #ifndef __ARCH_MEMMOVE_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memmove = memmove;
 #endif
+#endif /* !CONFIG_FORTIFY_SOURCE */
 #ifndef __ARCH_STRCMP_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.strcmp = strcmp;
 #endif
@@ -395,19 +457,33 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     #else
         wolfssl_linuxkm_pie_redirect_table.printk = printk;
     #endif
+
+#ifdef CONFIG_FORTIFY_SOURCE
+    wolfssl_linuxkm_pie_redirect_table.__warn_printk = __warn_printk;
+#endif
+
     wolfssl_linuxkm_pie_redirect_table.snprintf = snprintf;
 
     wolfssl_linuxkm_pie_redirect_table._ctype = _ctype;
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+    wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof;
+    wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof;
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
+    wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof;
+    wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof;
+#else
     wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc;
-    wolfssl_linuxkm_pie_redirect_table.kfree = kfree;
-    wolfssl_linuxkm_pie_redirect_table.ksize = ksize;
     wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc;
 #ifdef HAVE_KVMALLOC
     wolfssl_linuxkm_pie_redirect_table.kvmalloc_node = kvmalloc_node;
-    wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree;
 #endif
-    wolfssl_linuxkm_pie_redirect_table.is_vmalloc_addr = is_vmalloc_addr;
     #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
         wolfssl_linuxkm_pie_redirect_table.kmalloc_trace =
             kmalloc_trace;
@@ -417,6 +493,14 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
         wolfssl_linuxkm_pie_redirect_table.kmalloc_order_trace =
             kmalloc_order_trace;
     #endif
+#endif
+
+    wolfssl_linuxkm_pie_redirect_table.kfree = kfree;
+    wolfssl_linuxkm_pie_redirect_table.ksize = ksize;
+#ifdef HAVE_KVMALLOC
+    wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree;
+#endif
+    wolfssl_linuxkm_pie_redirect_table.is_vmalloc_addr = is_vmalloc_addr;
 
     wolfssl_linuxkm_pie_redirect_table.get_random_bytes = get_random_bytes;
     #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -431,34 +515,15 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     #endif
 
     wolfssl_linuxkm_pie_redirect_table.get_current = my_get_current_thread;
-    wolfssl_linuxkm_pie_redirect_table.preempt_count = my_preempt_count;
-
-#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-
-    #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0)
-        wolfssl_linuxkm_pie_redirect_table.cpu_number = &cpu_number;
-    #else
-        wolfssl_linuxkm_pie_redirect_table.pcpu_hot = &pcpu_hot;
-    #endif
-    wolfssl_linuxkm_pie_redirect_table.nr_cpu_ids = &nr_cpu_ids;
-
-    #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
-        wolfssl_linuxkm_pie_redirect_table.migrate_disable = &migrate_disable;
-        wolfssl_linuxkm_pie_redirect_table.migrate_enable = &migrate_enable;
-    #endif
-
-#ifdef WOLFSSL_LINUXKM_SIMD_X86
-    wolfssl_linuxkm_pie_redirect_table.irq_fpu_usable = irq_fpu_usable;
-    #ifdef kernel_fpu_begin
-    wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin_mask =
-        kernel_fpu_begin_mask;
-    #else
-    wolfssl_linuxkm_pie_redirect_table.kernel_fpu_begin =
-        kernel_fpu_begin;
-    #endif
-    wolfssl_linuxkm_pie_redirect_table.kernel_fpu_end = kernel_fpu_end;
-#endif /* WOLFSSL_LINUXKM_SIMD_X86 */
 
+#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+    wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states;
+    wolfssl_linuxkm_pie_redirect_table.can_save_vector_registers_x86 = can_save_vector_registers_x86;
+    wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states;
+    wolfssl_linuxkm_pie_redirect_table.restore_vector_registers_x86 = restore_vector_registers_x86;
+    wolfssl_linuxkm_pie_redirect_table.save_vector_registers_x86 = save_vector_registers_x86;
+#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
+    #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
 #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
 
     wolfssl_linuxkm_pie_redirect_table.__mutex_init = __mutex_init;
@@ -477,23 +542,82 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
         wolfCrypt_FIPS_first;
     wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_last =
         wolfCrypt_FIPS_last;
+    #if FIPS_VERSION3_GE(6,0,0)
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_AES_sanity =
+        wolfCrypt_FIPS_AES_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_CMAC_sanity =
+        wolfCrypt_FIPS_CMAC_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_DH_sanity =
+        wolfCrypt_FIPS_DH_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ECC_sanity =
+        wolfCrypt_FIPS_ECC_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ED25519_sanity =
+        wolfCrypt_FIPS_ED25519_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_ED448_sanity =
+        wolfCrypt_FIPS_ED448_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_HMAC_sanity =
+        wolfCrypt_FIPS_HMAC_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_KDF_sanity =
+        wolfCrypt_FIPS_KDF_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_PBKDF_sanity =
+        wolfCrypt_FIPS_PBKDF_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_DRBG_sanity =
+        wolfCrypt_FIPS_DRBG_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_RSA_sanity =
+        wolfCrypt_FIPS_RSA_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA_sanity =
+        wolfCrypt_FIPS_SHA_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA256_sanity =
+        wolfCrypt_FIPS_SHA256_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA512_sanity =
+        wolfCrypt_FIPS_SHA512_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_SHA3_sanity =
+        wolfCrypt_FIPS_SHA3_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wolfCrypt_FIPS_FT_sanity =
+        wolfCrypt_FIPS_FT_sanity;
+    wolfssl_linuxkm_pie_redirect_table.wc_RunAllCast_fips =
+        wc_RunAllCast_fips;
+    #endif
 #endif
 
 #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
     wolfssl_linuxkm_pie_redirect_table.GetCA = GetCA;
 #ifndef NO_SKID
     wolfssl_linuxkm_pie_redirect_table.GetCAByName = GetCAByName;
+#ifdef HAVE_OCSP
+    wolfssl_linuxkm_pie_redirect_table.GetCAByKeyHash = GetCAByKeyHash;
+#endif /* HAVE_OCSP */
+#endif /* NO_SKID */
+#ifdef WOLFSSL_AKID_NAME
+    wolfssl_linuxkm_pie_redirect_table.GetCAByAKID = GetCAByAKID;
+#endif /* WOLFSSL_AKID_NAME */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_add_entry_by_NID = wolfSSL_X509_NAME_add_entry_by_NID;
+    wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_free = wolfSSL_X509_NAME_free;
+    wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_new_ex = wolfSSL_X509_NAME_new_ex;
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+    wolfssl_linuxkm_pie_redirect_table.dump_stack = dump_stack;
 #endif
+
+#ifdef CONFIG_ARM64
+    wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops;
 #endif
 
     /* runtime assert that the table has no null slots after initialization. */
     {
         unsigned long *i;
+        static_assert(sizeof(unsigned long) == sizeof(void *),
+                      "unexpected pointer size");
         for (i = (unsigned long *)&wolfssl_linuxkm_pie_redirect_table;
              i < (unsigned long *)&wolfssl_linuxkm_pie_redirect_table._last_slot;
              ++i)
             if (*i == 0) {
-                pr_err("wolfCrypt container redirect table initialization was incomplete.\n");
+                pr_err("wolfCrypt container redirect table initialization was "
+                       "incomplete [%lu].\n",
+                       i-(unsigned long *)&wolfssl_linuxkm_pie_redirect_table);
                 return -EFAULT;
             }
     }
@@ -684,11 +808,19 @@ static int updateFipsHash(void)
         }
     }
 
-    if (XMEMCMP(hash, binVerify, WC_SHA256_DIGEST_SIZE) == 0)
+    if (XMEMCMP(hash, binVerify, WC_SHA256_DIGEST_SIZE) == 0) {
+#if defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
+        pr_info("updateFipsHash: verifyCore already matches [%s]\n", verifyCore);
+#else
         pr_info("updateFipsHash: verifyCore already matches.\n");
-    else {
+#endif
+    } else {
         XMEMCPY(verifyCore, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1);
+#if defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
+        pr_info("updateFipsHash: verifyCore updated [%s].\n", base16_hash);
+#else
         pr_info("updateFipsHash: verifyCore updated.\n");
+#endif
     }
 
     ret = 0;
@@ -697,16 +829,11 @@ static int updateFipsHash(void)
 
     if (tfm != NULL)
         crypto_free_shash(tfm);
-    if (desc != NULL)
-        XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (hash != NULL)
-        XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (base16_hash != NULL)
-        XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (binCoreKey != NULL)
-        XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (binVerify != NULL)
-        XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
diff --git a/linuxkm/pie_first.c b/linuxkm/pie_first.c
index aa2117bc6..d0c108c5b 100644
--- a/linuxkm/pie_first.c
+++ b/linuxkm/pie_first.c
@@ -1,6 +1,6 @@
 /* linuxkm/pie_first.c -- memory fenceposts for checking binary image stability
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/pie_last.c b/linuxkm/pie_last.c
index 35de6fc47..87d1cd04b 100644
--- a/linuxkm/pie_last.c
+++ b/linuxkm/pie_last.c
@@ -1,6 +1,6 @@
 /* linuxkm/pie_last.c -- memory fenceposts for checking binary image stability
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/pie_redirect_table.c b/linuxkm/pie_redirect_table.c
index c624b9efc..75433dd32 100644
--- a/linuxkm/pie_redirect_table.c
+++ b/linuxkm/pie_redirect_table.c
@@ -1,6 +1,6 @@
 /* pie_redirect_table.c -- module load/unload hooks for libwolfssl.ko
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c
new file mode 100644
index 000000000..818230b69
--- /dev/null
+++ b/linuxkm/x86_vector_register_glue.c
@@ -0,0 +1,574 @@
+/* x86_vector_register_glue.c -- glue logic to save and restore vector registers
+ * on x86
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* included by linuxkm/module_hooks.c */
+
+#if !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) || !defined(CONFIG_X86)
+    #error x86_vector_register_glue.c included in non-vectorized/non-x86 project.
+#endif
+
+/* kernel 4.19 -- the most recent LTS before 5.4 -- lacks the necessary safety
+ * checks in __kernel_fpu_begin(), and lacks TIF_NEED_FPU_LOAD.
+ */
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0))
+    #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS on x86 requires kernel 5.4.0 or higher.
+#endif
+
+static unsigned int wc_linuxkm_fpu_states_n_tracked = 0;
+
+struct wc_thread_fpu_count_ent {
+    volatile pid_t pid;
+    unsigned int fpu_state;
+};
+struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_states = NULL;
+
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+
+#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS
+    #error WOLFSSL_COMMERCIAL_LICENSE requires LINUXKM_FPU_STATES_FOLLOW_THREADS
+#endif
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#pragma GCC diagnostic ignored "-Wnested-externs"
+/* avoid dependence on "alternatives_patched" and "xfd_validate_state()". */
+#undef CONFIG_X86_DEBUG_FPU
+#include "../kernel/fpu/internal.h"
+#include "../kernel/fpu/xstate.h"
+#pragma GCC diagnostic pop
+
+static union wc_linuxkm_fpu_savebuf {
+    byte buf[1024]; /* must be 64-byte-aligned */
+    struct fpstate fpstate;
+} *wc_linuxkm_fpu_savebufs = NULL;
+
+#endif /* WOLFSSL_COMMERCIAL_LICENSE */
+
+#define WC_FPU_COUNT_MASK 0x7fffffffU
+#define WC_FPU_SAVED_MASK 0x80000000U
+
+WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void)
+{
+    if (wc_linuxkm_fpu_states != NULL) {
+#ifdef HAVE_FIPS
+        /* see note below in wc_linuxkm_fpu_state_assoc_unlikely(). */
+        return 0;
+#else
+        static int warned_for_repeat_alloc = 0;
+        if (! warned_for_repeat_alloc) {
+            pr_err("attempt at repeat allocation"
+                   " in allocate_wolfcrypt_linuxkm_fpu_states\n");
+            warned_for_repeat_alloc = 1;
+        }
+        return BAD_STATE_E;
+#endif
+    }
+
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+    if (nr_cpu_ids >= 16)
+        wc_linuxkm_fpu_states_n_tracked = nr_cpu_ids * 2;
+    else
+        wc_linuxkm_fpu_states_n_tracked = 32;
+#else
+    wc_linuxkm_fpu_states_n_tracked = nr_cpu_ids;
+#endif
+
+    wc_linuxkm_fpu_states =
+        (struct wc_thread_fpu_count_ent *)malloc(
+            wc_linuxkm_fpu_states_n_tracked * sizeof(wc_linuxkm_fpu_states[0]));
+
+    if (! wc_linuxkm_fpu_states) {
+        pr_err("allocation of %lu bytes for "
+               "wc_linuxkm_fpu_states failed.\n",
+               nr_cpu_ids * sizeof(struct fpu_state *));
+        return MEMORY_E;
+    }
+
+    memset(wc_linuxkm_fpu_states, 0, wc_linuxkm_fpu_states_n_tracked
+           * sizeof(wc_linuxkm_fpu_states[0]));
+
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+    wc_linuxkm_fpu_savebufs = (union wc_linuxkm_fpu_savebuf *)malloc(
+        wc_linuxkm_fpu_states_n_tracked * sizeof(*wc_linuxkm_fpu_savebufs));
+    if (! wc_linuxkm_fpu_savebufs) {
+        pr_err("allocation of %lu bytes for "
+               "wc_linuxkm_fpu_savebufs failed.\n",
+               WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked)
+               * sizeof(*wc_linuxkm_fpu_savebufs));
+        free(wc_linuxkm_fpu_states);
+        wc_linuxkm_fpu_states = NULL;
+        return MEMORY_E;
+    }
+    if ((uintptr_t)wc_linuxkm_fpu_savebufs
+        & (WC_LINUXKM_ROUND_UP_P_OF_2(sizeof(*wc_linuxkm_fpu_savebufs)) - 1))
+    {
+        pr_err("allocation of %lu bytes for "
+               "wc_linuxkm_fpu_savebufs allocated with wrong alignment 0x%lx.\n",
+               WC_LINUXKM_ROUND_UP_P_OF_2(wc_linuxkm_fpu_states_n_tracked)
+               * sizeof(*wc_linuxkm_fpu_savebufs),
+               (uintptr_t)wc_linuxkm_fpu_savebufs);
+        free(wc_linuxkm_fpu_savebufs);
+        wc_linuxkm_fpu_savebufs = NULL;
+        free(wc_linuxkm_fpu_states);
+        wc_linuxkm_fpu_states = NULL;
+        return MEMORY_E;
+    }
+
+#endif
+
+    return 0;
+}
+
+void free_wolfcrypt_linuxkm_fpu_states(void) {
+    struct wc_thread_fpu_count_ent *i, *i_endptr;
+    pid_t i_pid;
+
+    if (wc_linuxkm_fpu_states == NULL) {
+        pr_err("free_wolfcrypt_linuxkm_fpu_states called"
+               " before allocate_wolfcrypt_linuxkm_fpu_states.\n");
+        return;
+    }
+
+    for (i = wc_linuxkm_fpu_states,
+             i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked];
+         i < i_endptr;
+         ++i)
+    {
+        i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME);
+        if (i_pid == 0)
+            continue;
+        if (i->fpu_state != 0) {
+            pr_err("free_wolfcrypt_linuxkm_fpu_states called"
+                   " with nonzero state 0x%x for pid %d.\n", i->fpu_state, i_pid);
+            i->fpu_state = 0;
+        }
+    }
+
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+    free(wc_linuxkm_fpu_savebufs);
+    wc_linuxkm_fpu_savebufs = NULL;
+#endif
+    free(wc_linuxkm_fpu_states);
+    wc_linuxkm_fpu_states = NULL;
+}
+
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+/* legacy thread-local storage facility for tracking recursive fpu
+ * pushing/popping
+ */
+static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(int create_p) {
+    struct wc_thread_fpu_count_ent *i, *i_endptr, *i_empty;
+    pid_t my_pid = task_pid_nr(current), i_pid;
+
+    {
+        static int _warned_on_null = 0;
+        if (wc_linuxkm_fpu_states == NULL)
+        {
+#ifdef HAVE_FIPS
+            /* FIPS needs to use SHA256 for the core verify HMAC, before
+             * reaching the regular wolfCrypt_Init() logic.  to break the
+             * dependency loop on intelasm builds, we allocate here.
+             * this is not thread-safe and doesn't need to be.
+             */
+            if ((! create_p) || (allocate_wolfcrypt_linuxkm_fpu_states() != 0))
+#endif
+            {
+                if (_warned_on_null == 0) {
+                    pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
+                           " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
+                    _warned_on_null = 1;
+                }
+                return NULL;
+            }
+        }
+    }
+
+    i_endptr = &wc_linuxkm_fpu_states[wc_linuxkm_fpu_states_n_tracked];
+
+    for (;;) {
+        for (i = wc_linuxkm_fpu_states,
+                 i_empty = NULL;
+             i < i_endptr;
+             ++i)
+        {
+            i_pid = __atomic_load_n(&i->pid, __ATOMIC_CONSUME);
+            if (i_pid == my_pid)
+                return i;
+            if ((i_empty == NULL) && (i_pid == 0))
+                i_empty = i;
+        }
+        if ((i_empty == NULL) || (! create_p))
+            return NULL;
+
+        i_pid = 0;
+        if (__atomic_compare_exchange_n(
+                &(i_empty->pid),
+                &i_pid,
+                my_pid,
+                0 /* weak */,
+                __ATOMIC_SEQ_CST /* success_memmodel */,
+                __ATOMIC_SEQ_CST /* failure_memmodel */))
+        {
+            return i_empty;
+        }
+    }
+}
+
+#else /* !LINUXKM_FPU_STATES_FOLLOW_THREADS */
+
+/* lock-free O(1)-lookup CPU-local storage facility for tracking recursive fpu
+ * pushing/popping.
+ *
+ * caller must have already called kernel_fpu_begin() or preempt_disable()
+ * before entering this or the streamlined inline version of it below.
+ */
+static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc_unlikely(int create_p) {
+    int my_cpu = raw_smp_processor_id();
+    pid_t my_pid = task_pid_nr(current), slot_pid;
+    struct wc_thread_fpu_count_ent *slot;
+
+    {
+        static int _warned_on_null = 0;
+        if (wc_linuxkm_fpu_states == NULL)
+        {
+#ifdef HAVE_FIPS
+            /* FIPS needs to use SHA256 for the core verify HMAC, before
+             * reaching the regular wolfCrypt_Init() logic.  to break the
+             * dependency loop on intelasm builds, we allocate here.
+             * this is not thread-safe and doesn't need to be.
+             */
+            int ret = allocate_wolfcrypt_linuxkm_fpu_states();
+            if (ret != 0)
+#endif
+            {
+                if (_warned_on_null == 0) {
+                    pr_err("wc_linuxkm_fpu_state_assoc called by pid %d"
+                           " before allocate_wolfcrypt_linuxkm_fpu_states.\n", my_pid);
+                    _warned_on_null = 1;
+                }
+                return NULL;
+            }
+        }
+    }
+
+    slot = &wc_linuxkm_fpu_states[my_cpu];
+    slot_pid = __atomic_load_n(&slot->pid, __ATOMIC_CONSUME);
+    if (slot_pid == my_pid) {
+        if (create_p) {
+            static int _warned_on_redundant_create_p = 0;
+            if (_warned_on_redundant_create_p < 10) {
+                pr_err("wc_linuxkm_fpu_state_assoc called with create_p=1 by"
+                       " pid %d on cpu %d with cpu slot already reserved by"
+                       " said pid.\n", my_pid, my_cpu);
+                ++_warned_on_redundant_create_p;
+            }
+        }
+        return slot;
+    }
+    if (create_p) {
+        if (slot_pid == 0) {
+            __atomic_store_n(&slot->pid, my_pid, __ATOMIC_RELEASE);
+            return slot;
+        } else {
+            /* if the slot is already occupied, that can be benign due to a
+             * migration, but it will require fixup by the thread that owns the
+             * slot, which will happen when it releases its lock, or sooner (see
+             * below).
+             */
+            static int _warned_on_mismatched_pid = 0;
+            if (_warned_on_mismatched_pid < 10) {
+                pr_warn("wc_linuxkm_fpu_state_assoc called by pid %d on cpu %d"
+                       " but cpu slot already reserved by pid %d.\n",
+                        my_pid, my_cpu, slot_pid);
+                ++_warned_on_mismatched_pid;
+            }
+            return NULL;
+        }
+    } else {
+        /* check for migration.  this can happen despite our best efforts if any
+         * I/O occurred while locked, e.g. kernel messages like "uninitialized
+         * urandom read".  since we're locked now, we can safely migrate the
+         * entry in wc_linuxkm_fpu_states[], freeing up the slot on the previous
+         * cpu.
+         */
+        unsigned int cpu_i;
+        for (cpu_i = 0; cpu_i < wc_linuxkm_fpu_states_n_tracked; ++cpu_i) {
+            if (__atomic_load_n(
+                    &wc_linuxkm_fpu_states[cpu_i].pid,
+                    __ATOMIC_CONSUME)
+                == my_pid)
+            {
+                wc_linuxkm_fpu_states[my_cpu] = wc_linuxkm_fpu_states[cpu_i];
+                __atomic_store_n(&wc_linuxkm_fpu_states[cpu_i].fpu_state, 0,
+                                 __ATOMIC_RELEASE);
+                __atomic_store_n(&wc_linuxkm_fpu_states[cpu_i].pid, 0,
+                                 __ATOMIC_RELEASE);
+                return &wc_linuxkm_fpu_states[my_cpu];
+            }
+        }
+        return NULL;
+    }
+}
+
+static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
+    int create_p)
+{
+    int my_cpu = raw_smp_processor_id(); /* my_cpu is only trustworthy if we're
+                                          * already nonpreemptible -- we'll
+                                          * determine that soon enough by
+                                          * checking if the pid matches or,
+                                          * failing that, if create_p.
+                                          */
+    pid_t my_pid = task_pid_nr(current), slot_pid;
+    struct wc_thread_fpu_count_ent *slot;
+
+    if (unlikely(wc_linuxkm_fpu_states == NULL))
+        return wc_linuxkm_fpu_state_assoc_unlikely(create_p);
+
+    slot = &wc_linuxkm_fpu_states[my_cpu];
+    slot_pid = __atomic_load_n(&slot->pid, __ATOMIC_CONSUME);
+    if (slot_pid == my_pid) {
+        if (unlikely(create_p))
+            return wc_linuxkm_fpu_state_assoc_unlikely(create_p);
+        else
+            return slot;
+    }
+    if (likely(create_p)) {
+        if (likely(slot_pid == 0)) {
+            __atomic_store_n(&slot->pid, my_pid, __ATOMIC_RELEASE);
+            return slot;
+        } else {
+            return wc_linuxkm_fpu_state_assoc_unlikely(create_p);
+        }
+    } else {
+        return wc_linuxkm_fpu_state_assoc_unlikely(create_p);
+    }
+}
+
+#endif /* !LINUXKM_FPU_STATES_FOLLOW_THREADS */
+
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+static struct fpstate *wc_linuxkm_fpstate_buf_from_fpu_state(
+    struct wc_thread_fpu_count_ent *state)
+{
+    size_t i = (size_t)(state - wc_linuxkm_fpu_states) / sizeof(*state);
+    return &wc_linuxkm_fpu_savebufs[i].fpstate;
+}
+#endif
+
+static void wc_linuxkm_fpu_state_release_unlikely(
+    struct wc_thread_fpu_count_ent *ent)
+{
+    if (ent->fpu_state != 0) {
+        static int warned_nonzero_fpu_state = 0;
+        if (! warned_nonzero_fpu_state) {
+            pr_err("wc_linuxkm_fpu_state_free for pid %d"
+                   " with nonzero fpu_state 0x%x.\n", ent->pid, ent->fpu_state);
+            warned_nonzero_fpu_state = 1;
+        }
+        ent->fpu_state = 0;
+    }
+    __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
+}
+
+static inline void wc_linuxkm_fpu_state_release(
+    struct wc_thread_fpu_count_ent *ent)
+{
+    if (unlikely(ent->fpu_state != 0))
+        return wc_linuxkm_fpu_state_release_unlikely(ent);
+    __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
+}
+
+WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
+{
+    if (irq_fpu_usable())
+        return 1;
+    else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0))
+        return 0;
+    else if (test_thread_flag(TIF_NEED_FPU_LOAD))
+        return 1;
+    return 0;
+}
+
+WARN_UNUSED_RESULT int save_vector_registers_x86(void)
+{
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+    struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(1);
+#else
+    struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0);
+#endif
+
+    /* allow for nested calls */
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+    if (pstate == NULL)
+        return MEMORY_E;
+#endif
+    if (
+#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        (pstate != NULL) &&
+#endif
+        (pstate->fpu_state != 0U))
+    {
+        if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK)
+                     == WC_FPU_COUNT_MASK))
+        {
+            pr_err("save_vector_registers_x86 recursion register overflow for "
+                   "pid %d.\n", pstate->pid);
+            return BAD_STATE_E;
+        } else {
+            ++pstate->fpu_state;
+            return 0;
+        }
+    }
+
+    if (irq_fpu_usable()
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0))
+        /* work around a kernel bug -- see linux commit 59f5ede3bc0f0.
+         * what we really want here is this_cpu_read(in_kernel_fpu), but
+         * in_kernel_fpu is an unexported static array.
+         */
+        && !test_thread_flag(TIF_NEED_FPU_LOAD)
+#endif
+        )
+    {
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+        struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate);
+        fpregs_lock();
+        fpstate->xfeatures = ~0UL;
+        os_xsave(fpstate);
+#else /* !WOLFSSL_COMMERCIAL_LICENSE */
+    #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+        (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
+        /* inhibit migration, which gums up the algorithm in
+         * kernel_fpu_{begin,end}().
+         */
+        migrate_disable();
+    #endif
+        kernel_fpu_begin();
+
+#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        pstate = wc_linuxkm_fpu_state_assoc(1);
+        if (pstate == NULL) {
+            kernel_fpu_end();
+    #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+        (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+        !defined(WOLFSSL_COMMERCIAL_LICENSE)
+            migrate_enable();
+    #endif
+            return BAD_STATE_E;
+        }
+#endif
+
+#endif /* !WOLFSSL_COMMERCIAL_LICENSE */
+        /* set msb to 0 to trigger kernel_fpu_end() at cleanup. */
+        pstate->fpu_state = 1U;
+    } else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0)) {
+        static int warned_fpu_forbidden = 0;
+        if (! warned_fpu_forbidden)
+            pr_err("save_vector_registers_x86 called from IRQ handler.\n");
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        wc_linuxkm_fpu_state_release(pstate);
+#endif
+        return BAD_STATE_E;
+    } else if (!test_thread_flag(TIF_NEED_FPU_LOAD)) {
+        static int warned_fpu_forbidden = 0;
+        if (! warned_fpu_forbidden)
+            pr_err("save_vector_registers_x86 called with !irq_fpu_usable from"
+                   " thread without previous FPU save.\n");
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        wc_linuxkm_fpu_state_release(pstate);
+#endif
+        return BAD_STATE_E;
+    } else {
+        /* assume already safely in_kernel_fpu from caller, but recursively
+         * preempt_disable() to be extra-safe.
+         */
+        preempt_disable();
+#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+    (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+    !defined(WOLFSSL_COMMERCIAL_LICENSE)
+        migrate_disable();
+#endif
+#ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        pstate = wc_linuxkm_fpu_state_assoc(1);
+        if (pstate == NULL) {
+        #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+            (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+            !defined(WOLFSSL_COMMERCIAL_LICENSE)
+            migrate_enable();
+        #endif
+            preempt_enable();
+            return BAD_STATE_E;
+        }
+#endif
+        /* set msb to 1 to inhibit kernel_fpu_end() at cleanup. */
+        pstate->fpu_state =
+            WC_FPU_SAVED_MASK + 1U;
+    }
+
+    return 0;
+}
+
+void restore_vector_registers_x86(void)
+{
+    struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0);
+    if (unlikely(pstate == NULL)) {
+        pr_err("restore_vector_registers_x86 called by pid %d on CPU %d "
+               "with no saved state.\n", task_pid_nr(current),
+               raw_smp_processor_id());
+        return;
+    }
+
+    if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) {
+        return;
+    }
+
+    if (pstate->fpu_state == 0U) {
+#ifdef WOLFSSL_COMMERCIAL_LICENSE
+        struct fpstate *fpstate = wc_linuxkm_fpstate_buf_from_fpu_state(pstate);
+        os_xrstor(fpstate, fpstate->xfeatures);
+        fpregs_unlock();
+#else
+    #ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        wc_linuxkm_fpu_state_release(pstate);
+    #endif
+        kernel_fpu_end();
+#endif
+    } else {
+        pstate->fpu_state = 0U;
+    #ifndef LINUXKM_FPU_STATES_FOLLOW_THREADS
+        wc_linuxkm_fpu_state_release(pstate);
+    #endif
+        preempt_enable();
+    }
+#if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
+    (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) && \
+    !defined(WOLFSSL_COMMERCIAL_LICENSE)
+    migrate_enable();
+#endif
+
+#ifdef LINUXKM_FPU_STATES_FOLLOW_THREADS
+    wc_linuxkm_fpu_state_release(pstate);
+#endif
+
+    return;
+}
diff --git a/m4/ax_atomic.m4 b/m4/ax_atomic.m4
index b1fa58753..d8c8d0d2c 100644
--- a/m4/ax_atomic.m4
+++ b/m4/ax_atomic.m4
@@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC],
       [[int
         main (int argc, char **argv)
         {
-          volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2;
+          volatile unsigned long ul1 = 1;
+          unsigned long ul2 = 0, ul3 = 2;
           __atomic_load_n(&ul1, __ATOMIC_SEQ_CST);
           __atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
           __atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST);
-          __atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST);
+          __atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST);
           __atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
           __atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
-          volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2;
+          volatile unsigned long long ull1 = 1;
+          unsigned long long ull2 = 0, ull3 = 2;
           __atomic_load_n(&ull1, __ATOMIC_SEQ_CST);
           __atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
           __atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST);
-          __atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST);
+          __atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST);
           __atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
           __atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
           return 0;
diff --git a/m4/ax_debug.m4 b/m4/ax_debug.m4
index 94e4c9cb6..42808535b 100644
--- a/m4/ax_debug.m4
+++ b/m4/ax_debug.m4
@@ -14,23 +14,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4
index d9ae175c0..d4377a70e 100644
--- a/m4/ax_harden_compiler_flags.m4
+++ b/m4/ax_harden_compiler_flags.m4
@@ -19,23 +19,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/m4/ax_linuxkm.m4 b/m4/ax_linuxkm.m4
index aebc2a603..34e794b77 100644
--- a/m4/ax_linuxkm.m4
+++ b/m4/ax_linuxkm.m4
@@ -1,6 +1,6 @@
 # ax_linuxkm.m4 -- macros for getting attributes of default configured kernel
 #
-# Copyright (C) 2006-2023 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/m4/ax_vcs_checkout.m4 b/m4/ax_vcs_checkout.m4
index 4636b58ed..63d5e9bea 100644
--- a/m4/ax_vcs_checkout.m4
+++ b/m4/ax_vcs_checkout.m4
@@ -16,23 +16,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/mcapi/crypto.c b/mcapi/crypto.c
index abfe65f78..9b79e6035 100644
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -1,6 +1,6 @@
 /* crypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,9 @@
 #ifdef HAVE_CONFIG_H
     #include "config.h"
 #endif
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef MICROCHIP_MPLAB_HARMONY
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index 451119307..dcb315d9c 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -173,9 +173,9 @@ enum {
 typedef struct CRYPT_AES_CTX {
     /* big enough to hold internal, but check on init */
     #ifdef WOLF_PRIVATE_KEY_ID
-    int holder[110];
+    int holder[114];
     #else
-    int holder[92];
+    int holder[96];
     #endif
 } CRYPT_AES_CTX;
 
diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c
index 7e5acbc08..404b37aaf 100644
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -1,6 +1,6 @@
 /* mcapi_test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,11 +23,16 @@
 
 /* Tests Microchip CRYPTO API layer */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
-
-/* mc api header */
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+/* mc api header */
 #include "crypto.h"
 
 /* sanity test against our default implementation, wolfssl headers  */
diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c
index ef4c82a91..6d27f94f1 100644
--- a/mplabx/benchmark_main.c
+++ b/mplabx/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mplabx/test_main.c b/mplabx/test_main.c
index e072c08db..8ffa3c76b 100644
--- a/mplabx/test_main.c
+++ b/mplabx/test_main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mqx/wolfcrypt_test/Sources/main.c b/mqx/wolfcrypt_test/Sources/main.c
index 040a2bf3c..0276c7c80 100644
--- a/mqx/wolfcrypt_test/Sources/main.c
+++ b/mqx/wolfcrypt_test/Sources/main.c
@@ -58,7 +58,7 @@ typedef struct func_args {
 /*TASK*-----------------------------------------------------------------
  * Function Name  : Main_task
  * Comments       :
- *    This task opens the SD card device and runs the 
+ *    This task opens the SD card device and runs the
  *    wolfCrypt test functions located in test.c.
  *END------------------------------------------------------------------*/
 
@@ -69,7 +69,7 @@ void Main_task(uint32_t initial_data)
     char         filesystem_name[] = "a:";
     char         partman_name[]    = "pm:";
     MQX_FILE_PTR com_handle, sdcard_handle, filesystem_handle, partman_handle;
-    
+
     ret = sdcard_open(&com_handle, &sdcard_handle, &partman_handle,
                       &filesystem_handle, partman_name, filesystem_name);
     if (ret != 0) {
@@ -77,9 +77,9 @@ void Main_task(uint32_t initial_data)
         _mqx_exit(1);
     }
     printf("SD card installed to %s\n", filesystem_name);
-    
+
     wolfcrypt_test(&args);
-    
+
     ret = sdcard_close(&sdcard_handle, &partman_handle,
                        &filesystem_handle, partman_name, filesystem_name);
     if (ret != 0) {
@@ -87,7 +87,7 @@ void Main_task(uint32_t initial_data)
         _mqx_exit(1);
     }
     printf("SD card uninstalled.\n");
-    
+
     _mqx_exit(0);
 
 }
diff --git a/mqx/wolfssl_client/Sources/main.h b/mqx/wolfssl_client/Sources/main.h
index 1740ddcb4..beb1fdfa9 100644
--- a/mqx/wolfssl_client/Sources/main.h
+++ b/mqx/wolfssl_client/Sources/main.h
@@ -15,7 +15,7 @@
 
 #include <wolfssl/ssl.h>
 
-#define MAIN_TASK 	1
+#define MAIN_TASK 1
 
 extern void Main_task(uint32_t);
 extern void setup_ethernet(void);
@@ -34,10 +34,10 @@ static inline void err_sys(const char* msg)
         _mqx_exit(1);
 }
 
-/* PPP device must be set manually and 
+/* PPP device must be set manually and
  * must be different from the default IO channel (BSP_DEFAULT_IO_CHANNEL)
  */
-#define PPP_DEVICE      "ittyb:" 
+#define PPP_DEVICE      "ittyb:"
 
 /*
  * Define PPP_DEVICE_DUN only when using PPP to communicate
@@ -54,7 +54,7 @@ static inline void err_sys(const char* msg)
     #define ENET_IPMASK   IPADDR(255,255,255,0)
 #endif
 
-#define GATE_IPADDR		  IPADDR(192,168,1,1)
+#define GATE_IPADDR       IPADDR(192,168,1,1)
 
 #endif /* __main_h_ */
 
diff --git a/pre-commit.sh b/pre-commit.sh
deleted file mode 100755
index a426d0d37..000000000
--- a/pre-commit.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-#
-# Our "pre-commit" hook.
-
-# save current config
-echo "\n\nSaving current config\n\n"
-cp config.status tmp.status
-cp wolfssl/options.h tmp.options.h
-
-# stash modified files, if any, that are not part of this commit, don't test
-# them
-STASHED=0
-if ! git diff --quiet
-then
-    STASHED=1
-    echo "\n\nStashing modified files not part of commit\n\n"
-    git stash -q --keep-index
-fi
-
-# do the commit tests
-echo "\n\nRunning commit tests...\n\n"
-./commit-tests.sh
-RESULT=$?
-
-# restore modified files not part of this commit
-if test $STASHED -eq 1
-then
-    echo "\n\nPopping stashed modified files not part of commit\n"
-    git stash pop -q
-fi
-
-# restore current config
-echo "\nRestoring current config\n"
-mv tmp.status config.status
-# don't show output in case error from above
-./config.status >/dev/null 2>&1
-mv tmp.options.h wolfssl/options.h
-make clean >/dev/null 2>&1
-make -j 8 >/dev/null 2>&1
-
-[ $RESULT -ne 0 ] && echo "\nOops, your commit failed\n" && exit 1
-
-echo "\nCommit tests passed!\n"
-exit 0
diff --git a/pre-push.sh b/pre-push.sh
deleted file mode 100755
index 2251bd33c..000000000
--- a/pre-push.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-#
-#
-# Our "pre-push" hook.
-
-RESULT=0
-
-if [ -d ./fips ];
-then
-    echo "\n\nTesting with FIPS release code...\n\n"
-    ./fips-check.sh
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
-fi
-
-[ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1
-
-echo "\nPush tests passed!\n"
-exit 0
diff --git a/pull_to_vagrant.sh b/pull_to_vagrant.sh
index 15d88d97d..9cba08d69 100755
--- a/pull_to_vagrant.sh
+++ b/pull_to_vagrant.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 SRC=vagrant
 DST=wolfssl
 
diff --git a/scripts/aria-cmake-build-test.sh b/scripts/aria-cmake-build-test.sh
index 1a6258fc4..b501ac6fa 100644
--- a/scripts/aria-cmake-build-test.sh
+++ b/scripts/aria-cmake-build-test.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # aria_cmake_build_test.sh
 #
@@ -115,8 +115,7 @@ build_aria_test() {
 
     # View the available ciphers with:
     echo "checking wolfsl client ssl version numbers SSLv3(0) - TLS1.3(4):"
-    ./examples/client/client -V
-    if [ $? -eq 0 ]; then
+    if ./examples/client/client -V; then
         echo "Confirmed ./examples/client/client operational."
     else
         echo "ERROR ./examples/client/client error = $?"
diff --git a/scripts/benchmark_compare.sh b/scripts/benchmark_compare.sh
new file mode 100755
index 000000000..98c2d5a9b
--- /dev/null
+++ b/scripts/benchmark_compare.sh
@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+# This script is designed to compare the output of wolfcrypt/benchmark test
+# application. If the file has an extension ".csv", then it will parse the
+# comma separated format, otherwise it will use the standard output format. The
+# green colored output field is the better result.
+# Usage: benchmark_compare.sh <first file> <second file>
+# You can define a few variables to set options:
+# THRESHOLD  - set the threshold for equality between two results
+# OUTPUT_CSV - set to "1" to print CSV
+
+FIRST_FILE=$1
+SECOND_FILE=$2
+THRESHOLD=${THRESHOLD:-"10"}
+OUTPUT_CSV=${OUTPUT_CSV:-"0"}
+
+declare -A symStats
+declare -A asymStats
+
+function getAlgo() { # getAlgo <asCSV> <mode> <line>
+    if [ "$asCSV" = 1 ]; then
+        declare -a fields
+        IFS=',' read -ra fields <<< "$line"
+        if [ "$mode" = 1 ]; then
+            echo "${fields[0]}"
+        else
+            if [ "${fields[2]}" = "" ]; then
+                echo "${fields[0]}"
+            else
+                echo "${fields[0]}-${fields[2]}"
+            fi
+        fi
+    else
+        if [ "$mode" = 1 ]; then
+            echo "$line" | sed 's/ *[0-9]* MiB.*//g'
+        else
+            if [[ $line == "scrypt"* ]]; then
+                echo "scrypt"
+            else
+                echo "$line" | sed 's/ *[0-9]* ops.*//g' | sed 's/ \+[0-9]\+ \+/-/g'
+            fi
+        fi
+    fi
+}
+
+function getValue() { # getValue <asCSV> <mode> <line>
+    if [ "$asCSV" = 1 ]; then
+        declare -a fields
+        IFS=',' read -ra fields <<< "$line"
+        if [ "$mode" = 1 ]; then
+            echo "${fields[1]}"
+        else
+            echo "${fields[4]}"
+        fi
+    else
+        if [ "$mode" = 1 ]; then
+            echo "$line" | sed 's/.*seconds, *//g' | sed 's/ *MiB\/s.*//g'
+        else
+            echo "$line" | sed 's/.* ms, *//g' | sed 's/ ops\/sec.*//g'
+        fi
+    fi
+}
+
+asCSV=0
+mode=0
+while IFS= read -r line; do
+    if [[ $FIRST_FILE == *".csv" ]]; then
+        asCSV=1
+        if [[ $line == *"Symmetric Ciphers"* ]]; then
+            mode=1
+            read
+            read
+        elif [[ $line == *"Asymmetric Ciphers"* ]]; then
+            mode=2
+            read
+            read
+        elif [[ $line == "" ]]; then
+            mode=0
+        fi
+    else
+        asCSV=0
+        if [[ $line == *"MiB/s"* ]]; then
+            mode=1
+        elif [[ $line == *"ops/sec"* ]]; then
+            mode=2
+        else
+            mode=0
+        fi
+    fi
+    if [ "$mode" -ne 0 ]; then
+            ALGO=`getAlgo "$asCSV" "$mode" "$line"`
+            VALUE=`getValue "$asCSV" "$mode" "$line"`
+
+            if [ "$mode" = "1" ]; then
+                symStats["${ALGO}"]=${VALUE}
+            elif [ "$mode" = "2" ]; then
+                asymStats["${ALGO}"]=${VALUE}
+            fi
+    fi
+done < ${FIRST_FILE}
+
+RED='\033[0;31m'
+GRN='\033[0;32m'
+NC='\033[0m' # No Color
+function printData() { # printData <ALGO> <val1> <val2>
+    ALGO=$1
+    VAL1=$2
+    VAL2=$3
+    if (( $(echo "sqrt( (${VAL1} - ${VAL2})^2 ) < ${THRESHOLD}" | bc -l) )); then
+        # take absolute value and check if less than a threshold
+        echo "${ALGO},${GRN}${VAL1}${NC},=,${GRN}${VAL2}${NC}\n"
+    elif (( $(echo "${VAL1} > ${VAL2}" | bc -l) )); then
+        echo "${ALGO},${GRN}${VAL1}${NC},>,${VAL2}\n"
+    else
+        echo "${ALGO},${VAL1},<,${GRN}${VAL2}${NC}\n"
+    fi
+}
+
+asCSV=0
+mode=0
+while IFS= read -r line; do
+    if [[ $SECOND_FILE == *".csv" ]]; then
+        asCSV=1
+        if [[ $line == *"Symmetric Ciphers"* ]]; then
+            RES+="ALGO,${FIRST_FILE},diff(MB/s),${SECOND_FILE}\n"
+            mode=1
+            read
+            read
+        elif [[ $line == *"Asymmetric Ciphers"* ]]; then
+            RES+="\nALGO,${FIRST_FILE},diff(ops/sec),${SECOND_FILE}\n"
+            mode=2
+            read
+            read
+        elif [[ $line == "" ]]; then
+            mode=0
+        fi
+    else
+        asCSV=0
+        if [[ $line == *"MiB/s"* ]]; then
+            mode=1
+        elif [[ $line == *"ops/sec"* ]]; then
+            mode=2
+        else
+            mode=0
+        fi
+    fi
+    if [ "$mode" -ne 0 ]; then
+        if [[ $line == *","* ]]; then
+            ALGO=`getAlgo "$asCSV" "$mode" "$line"`
+            VALUE=`getValue "$asCSV" "$mode" "$line"`
+
+            if [ "$mode" = "1" ]; then
+                RES+=`printData "${ALGO}" "${symStats["${ALGO}"]}" "${VALUE}"`
+            elif [ "$mode" = "2" ]; then
+                RES+=`printData "${ALGO}" "${asymStats["${ALGO}"]}" "${VALUE}"`
+            fi
+        fi
+    fi
+done < ${SECOND_FILE}
+
+if [ "${OUTPUT_CSV}" = "1" ]; then
+    echo -e "$RES"
+else
+    echo -e "$RES" | column -t -s ',' -L
+fi
diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test
index da245d485..17c26d15a 100755
--- a/scripts/crl-revoked.test
+++ b/scripts/crl-revoked.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #crl.test
 # if we can, isolate the network namespace to eliminate port collisions.
@@ -217,8 +217,14 @@ else
    exit_hash_dir_code=0
 fi
 
-# run the test
-run_test
+# Check that server is enabled
+./examples/server/server -? 2>&1 | grep -- 'Create Ready file'
+if [ $? -eq 0 ]; then
+    # run the test
+    run_test
+else
+    exit_code=0
+fi
 
 # If we get to this exit, exit_code will be a 1 signaling failure
 echo "exiting with $exit_code certificate was not revoked"
diff --git a/scripts/dertoc.pl b/scripts/dertoc.pl
index c02d7d3f3..cf5b1fa79 100755
--- a/scripts/dertoc.pl
+++ b/scripts/dertoc.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # dertoc.pl
 # version 1.0
diff --git a/scripts/dtls.test b/scripts/dtls.test
index 2bf36d197..a563db5e0 100755
--- a/scripts/dtls.test
+++ b/scripts/dtls.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # This script can be run with several environment variables set dictating its
 # run. You can set the following to what you like:
@@ -25,17 +25,21 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then
     fi
 fi
 
+kill_server() {
+    for i in $(jobs -pr); do
+        if [ "$i" != "$TCPDUMP_PID" ]; then
+            kill -9 $i
+        fi
+    done
+    # empty print to show which backgrounded processes were killed
+    sleep 0.2 && echo
+}
+
 cleanup () {
     echo
     echo "Cleaning up..."
-    if [ ! -z "$UDP_PROXY_PID" ];then
-        echo "Killing udp_proxy $UDP_PROXY_PID"
-        kill $UDP_PROXY_PID
-    fi
-    if [ ! -z "$SERVER_PID" ];then
-        echo "Killing server $SERVER_PID"
-        kill $SERVER_PID
-    fi
+    kill_server
+
     if [ ! -z "$TCPDUMP_PID" ];then
         echo "Killing tcpdump $TCPDUMP_PID"
         sleep 1
@@ -69,9 +73,8 @@ run_test() { # usage: run_test "<testName>" "<udp-proxy args>" "<server args>" "
     echo "" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file
     echo -e "\n${1}\n"
     stdbuf -oL -eL $WOLFSSL_ROOT/examples/server/server -u -p$SERVER_PORT $DTLS_VERSION $3 2>&1 | prepend "[server] " &
-    SERVER_PID=$(($! - 1))
+    sleep 0.2
     stdbuf -oL -eL $UDP_PROXY_BIN -p $PROXY_PORT -s 127.0.0.1:$SERVER_PORT $UDP_PROXY_EXTRA_ARGS $2 2>&1 | prepend "[udp-proxy] " &
-    UDP_PROXY_PID=$(($! - 1))
     sleep 0.2
     # Wrap this command in a timeout so that a deadlock won't bring down the entire test
     timeout -s KILL 1m stdbuf -oL -eL $WOLFSSL_ROOT/examples/client/client -u -p$PROXY_PORT $DTLS_VERSION $4 2>&1 | prepend "[client] "
@@ -79,10 +82,7 @@ run_test() { # usage: run_test "<testName>" "<udp-proxy args>" "<server args>" "
         echo "***Test failed***"
         ((NUM_TESTS_FAILED++))
     fi
-    kill $SERVER_PID >&/dev/null # make sure the server is no longer running
-    SERVER_PID=
-    kill $UDP_PROXY_PID
-    UDP_PROXY_PID=
+    kill_server
 }
 
 test_dropping_packets () {
diff --git a/scripts/dtlscid.test b/scripts/dtlscid.test
index ff05181e9..127f728f5 100755
--- a/scripts/dtlscid.test
+++ b/scripts/dtlscid.test
@@ -1,6 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-set -e
+# dtlscid.test
+# Copyright wolfSSL 2022-2024
 
 # if we can, isolate the network namespace to eliminate port collisions.
 if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
diff --git a/scripts/external.test b/scripts/external.test
index 671f6f9a3..970f6ad6d 100755
--- a/scripts/external.test
+++ b/scripts/external.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # external.test
 
@@ -16,24 +16,28 @@ if ! ./examples/client/client -V | grep -q 3; then
 fi
 
 # cloudflare seems to change CAs quickly, disabled by default
-if test -n "$WOLFSSL_EXTERNAL_TEST"; then
-
-    BUILD_FLAGS="$(./examples/client/client '-#')"
-    if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
-        echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
-        exit 77
-    fi
-
-    if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
-        echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
-        exit 77
-    fi
-
-    echo "WOLFSSL_EXTERNAL_TEST set, running test..."
-else
-    echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
+    echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
     exit 77
 fi
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
+    exit 77
+fi
+
+
+BUILD_FLAGS="$(./examples/client/client '-#')"
+if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
+    echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
+    exit 77
+fi
+
+if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
+    echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
+    exit 77
+fi
+
+echo "WOLFSSL_EXTERNAL_TEST set, running test..."
 
 # is our desired server there?
 "${SCRIPT_DIR}"/ping.test $server 2
diff --git a/scripts/google.test b/scripts/google.test
index 6eacc4d4f..5e3e8f0f9 100755
--- a/scripts/google.test
+++ b/scripts/google.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # google.test
 
@@ -6,6 +6,15 @@ server=www.google.com
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
+if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
+    echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
+    exit 77
+fi
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
+    exit 77
+fi
+
 if ! ./examples/client/client -V | grep -q 3; then
     echo 'skipping google.test because TLS1.2 is not available.' 1>&2
     exit 77
diff --git a/scripts/include.am b/scripts/include.am
index eab99c611..c42fce2a7 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -27,6 +27,9 @@ endif
 
 if BUILD_OCSP_STAPLING
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test
+if BUILD_OCSP_STAPLING_MULTI
+dist_noinst_SCRIPTS+= scripts/ocsp-stapling_tls13multi.test
+endif
 if !BUILD_OCSP_STAPLING_V2
 testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log
 endif
@@ -34,6 +37,9 @@ scripts/ocsp-stapling.log: scripts/ocsp.log
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log
+if BUILD_OCSP_STAPLING_MULTI
+scripts/ocsp-stapling_tls13multi.log: scripts/ocsp-stapling-with-ca-as-responder.log
+endif
 endif
 
 if BUILD_OCSP_STAPLING_V2
@@ -128,5 +134,6 @@ dist_noinst_SCRIPTS+= scripts/dtlscid.test
 endif
 
 EXTRA_DIST += scripts/bench/bench_functions.sh
+EXTRA_DIST += scripts/benchmark_compare.sh
 
 EXTRA_DIST += scripts/user_settings_asm.sh
diff --git a/scripts/makedistsmall.sh b/scripts/makedistsmall.sh
index 9c38e568a..88b554633 100755
--- a/scripts/makedistsmall.sh
+++ b/scripts/makedistsmall.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #set -v
 
 # Script to produce a small source/header only package (with CMake support)
@@ -62,7 +62,6 @@ rm -rf ./swig
 rm -rf ./tests
 rm -rf ./testsuite
 rm -rf ./tirtos
-rm -rf ./wolfcrypt/user-crypto
 rm -rf ./wrapper
 rm -f -- *.rc *.supp *.ac *.am *.conf *.sh *.cproject *.project *.pl
 rm -f Vagrantfile SCRIPTS-LIST quit input resource.h
diff --git a/scripts/memtest.sh b/scripts/memtest.sh
index 34e6b07df..5cb7c5a93 100755
--- a/scripts/memtest.sh
+++ b/scripts/memtest.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Run this script from the wolfSSL root as `./scripts/memtest.sh`.
 
@@ -14,7 +14,7 @@ make
 
 for i in {1..1000}
 do
-    echo "Trying $i...\n"
+    echo -e "Trying ${i}...\n"
 
         ./tests/unit.test > ./scripts/memtest.txt 2>&1
 
diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test
index 5ae2ef106..d4137395b 100755
--- a/scripts/ocsp-stapling-with-ca-as-responder.test
+++ b/scripts/ocsp-stapling-with-ca-as-responder.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ocsp-stapling-with-ca-as-responder.test
 
diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test
index c14fbf0e7..2d544da1b 100755
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ocsp-stapling.test
 # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
@@ -11,6 +11,12 @@ if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
 
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo 'skipping oscp-stapling.test because WOLFSSL_EXTERNAL_TEST is \
+    defined to the value 0.'
+    exit 77
+fi
+
 if ! ./examples/client/client -V | grep -q 3; then
     echo 'skipping ocsp-stapling.test because TLS1.2 is not available.' 1>&2
     exit 77
@@ -21,6 +27,20 @@ if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
     exit 77
 fi
 
+if ./examples/client/client -V | grep -q 4; then
+    tls13=yes
+fi
+if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+    dtls13=yes
+fi
+./examples/client/client '-?' 2>&1 | grep -- 'Perform multi OCSP stapling for TLS13'
+if [ $? -eq 0 ]; then
+    tls13multi=yes
+else
+    tls13multi=no
+fi
+
+
 if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
     IPV6_SUPPORTED=yes
 else
@@ -340,7 +360,7 @@ RESULT=$?
 printf '%s\n\n' "Test successfully REVOKED!"
 
 
-if ./examples/client/client -V | grep -q 4; then
+ if [[ ("$tls13" == "yes") && ("$tls13multi" == "no") ]]; then
     printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"
     # client test against our own server - GOOD CERT
     remove_single_rF "$ready_file2"
@@ -388,13 +408,48 @@ else
     echo 'skipping TLS1.3 stapling tests.' 1>&2
 fi
 
+# DTLS 1.2 and 1.3 cases
+if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then
+  printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------"
+ # client test against our own server, must staple - GOOD CERT
+ echo $ready_file2
+  ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
+                          -k certs/ocsp/server1-key.pem -u -v 3 \
+                          -p $port3 &
+  wolf_pid3=$!
+
+  sleep 0.2
+  ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \
+                           -W 1 -p $port3
+  RESULT=$?
+  [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1
+  printf '%s\n\n' "Test PASSED!"
+fi
+
+ if [[ ("$dtls13" == "yes") && ("$tls13multi" == "no") ]]; then
+  printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------"
+ # client test against our own server, must staple - GOOD CERT
+  ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
+                          -k certs/ocsp/server1-key.pem -u -v 4 \
+                          -p $port3 &
+  wolf_pid3=$!
+  sleep 0.2
+  ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \
+                           -W 1 -p $port3
+  RESULT=$?
+  [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1
+  printf '%s\n\n' "Test PASSED!"
+
+fi
+
 # need a unique port since may run the same time as testsuite
 generate_port() {
     #-------------------------------------------------------------------------#
     # Generate a random port number
     #-------------------------------------------------------------------------#
 
-    if [[ "$OSTYPE" == "linux"* ]]; then
+    if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys"
+                                || "$OSTYPE" == "cygwin"* ]]; then
         port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
     elif [[ "$OSTYPE" == "darwin"* ]]; then
         port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test
index 18df01463..c5664b37a 100755
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ocsp-stapling2.test
 # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
@@ -43,7 +43,7 @@ fi
 if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
     if [[ "$IPV6_SUPPORTED" == "no" ]]; then
         echo 'Skipping IPV6 test in environment lacking IPV6 support.'
-        exit 0
+        exit 77
     fi
     LOCALHOST='[::1]'
     LOCALHOST_FOR_NC='-6 ::1'
@@ -334,9 +334,19 @@ openssl ocsp -port $port3 -nmin 1                               \
     "$@"                                                        \
     &
 
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port4 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
 sleep 0.1
 # "jobs" is not portable for posix. Must use bash interpreter!
-[ $(jobs -r | wc -l) -ne 3 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
+[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
 
 printf '\n\n%s\n\n' "All OCSP responders started successfully!"
 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
@@ -352,18 +362,18 @@ RESULT=$?
 [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
 printf '%s\n\n' "Test PASSED!"
 
-printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW"
-#printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------"
-#remove_single_rF $ready_file5
-#./examples/server/server -c certs/ocsp/server3-cert.pem \
-#                         -k certs/ocsp/server3-key.pem -R $ready_file5 \
-#                         -p $port5 &
-#wait_for_readyFile $ready_file5 $server_pid5 $port5
-#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
-#                         -p $port5
-#RESULT=$?
-#[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
-#printf '%s\n\n' "Test PASSED!"
+printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------"
+remove_single_rF $ready_file5
+./examples/server/server -c certs/ocsp/server3-cert.pem \
+                         -k certs/ocsp/server3-key.pem -R $ready_file5 \
+                         -p $port5 &
+server_pid5=$!
+wait_for_readyFile $ready_file5 $server_pid5 $port5
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
+                         -p $port5
+RESULT=$?
+[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
+printf '%s\n\n' "Test PASSED!"
 
 printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------"
 # client test against our own server - REVOKED SERVER CERT
@@ -457,7 +467,8 @@ generate_port() {
     # Generate a random port number
     #-------------------------------------------------------------------------#
 
-    if [[ "$OSTYPE" == "linux"* ]]; then
+    if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys"
+                                || "$OSTYPE" == "cygwin" ]]; then
         port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
     elif [[ "$OSTYPE" == "darwin"* ]]; then
         port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
@@ -499,6 +510,22 @@ RESULT=$?
                  && exit 1
 printf '%s\n\n' "Test PASSED!"
 
+
+if ./examples/client/client -? 2>&1 | grep -q 'DTLS'; then
+printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------"
+# client test against our own server - GOOD CERTS
+./examples/server/server -c certs/ocsp/server3-cert.pem \
+                         -k certs/ocsp/server3-key.pem -R $ready_file5 \
+                         -p $port5 -u -v 3 &
+server_pid5=$!
+sleep 0.2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \
+                         -p $port5
+RESULT=$?
+[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+printf '%s\n\n' "Test PASSED!"
+fi
+
 printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"
 
 exit 0
diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test
new file mode 100755
index 000000000..27ef90031
--- /dev/null
+++ b/scripts/ocsp-stapling_tls13multi.test
@@ -0,0 +1,522 @@
+#!/bin/bash
+
+# ocsp-stapling_tls13multi.test
+# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
+
+SCRIPT_DIR="$(dirname "$0")"
+
+# if we can, isolate the network namespace to eliminate port collisions.
+if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
+     if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
+         export NETWORK_UNSHARE_HELPER_CALLED=yes
+         exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
+     fi
+elif [ "${AM_BWRAPPED-}" != "yes" ]; then
+    bwrap_path="$(command -v bwrap)"
+    if [ -n "$bwrap_path" ]; then
+        export AM_BWRAPPED=yes
+        exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
+    fi
+    unset AM_BWRAPPED
+fi
+
+if [[ -z "${RETRIES_REMAINING-}" ]]; then
+    export RETRIES_REMAINING=2
+fi
+
+if ! ./examples/client/client -V | grep -q 4; then
+    tls13=no
+
+else
+    tls13=yes
+fi
+
+if ! ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+    dtls13=no
+else
+    dtls13=yes
+fi
+
+if [[ ("$tls13" == "no") && ("$dtls13" == "no") ]]; then
+    echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2
+    exit 77
+fi
+
+if ! ./examples/client/client -V | grep -q 4; then
+    tls13=no
+    echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2
+    exit 77
+else
+    tls13=yes
+fi
+
+if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
+    IPV6_SUPPORTED=yes
+else
+    IPV6_SUPPORTED=no
+fi
+
+if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
+    if [[ "$IPV6_SUPPORTED" == "no" ]]; then
+        echo 'Skipping IPV6 test in environment lacking IPV6 support.'
+        exit 77
+    fi
+    LOCALHOST='[::1]'
+    LOCALHOST_FOR_NC='-6 ::1'
+else
+    LOCALHOST='127.0.0.1'
+    LOCALHOST_FOR_NC='127.0.0.1'
+fi
+
+PARENTDIR="$PWD"
+
+# create a unique workspace directory ending in PID for the script instance ($$)
+# to make this instance orthogonal to any others running, even on same repo.
+# TCP ports are also carefully formed below from the PID, to minimize conflicts.
+
+#WORKSPACE="${PARENTDIR}/workspace.pid$$"
+#mkdir "${WORKSPACE}" || exit $?
+
+WORKSPACE="$(mktemp -d -p ${PARENTDIR})"
+
+cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $?
+cd "$WORKSPACE" || exit $?
+ln -s ../examples
+
+CERT_DIR="certs/ocsp"
+
+
+ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$
+ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$
+ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$
+ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$
+ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$
+printf '%s\n' "ready file 1:  $ready_file1"
+printf '%s\n' "ready file 2:  $ready_file2"
+printf '%s\n' "ready file 3:  $ready_file3"
+printf '%s\n' "ready file 4:  $ready_file4"
+printf '%s\n' "ready file 5:  $ready_file5"
+
+test_cnf="ocsp_s2.cnf"
+
+wait_for_readyFile(){
+
+    counter=0
+
+    while [ ! -s $1 -a "$counter" -lt 20 ]; do
+        if [[ -n "${2-}" ]]; then
+            if ! kill -0 $2 2>&-; then
+                echo "pid $2 for port ${3-} exited before creating ready file.  bailing..."
+                exit 1
+            fi
+        fi
+        echo -e "waiting for ready file..."
+        sleep 0.1
+        counter=$((counter+ 1))
+    done
+
+    if test -e $1; then
+        echo -e "found ready file, starting client..."
+    else
+        echo -e "NO ready file at $1 -- ending test..."
+        exit 1
+    fi
+
+}
+
+remove_single_rF(){
+    if test -e $1; then
+        printf '%s\n' "removing ready file: $1"
+        rm $1
+    fi
+}
+#create a configure file for cert generation with the port 0 solution
+create_new_cnf() {
+    echo "Random Ports Selected: $1 $2 $3 $4"
+
+    cat <<- EOF > $test_cnf
+        #
+        # openssl configuration file for OCSP certificates
+        #
+
+        # Extensions to add to a certificate request (intermediate1-ca)
+        [ v3_req1 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$1
+
+        # Extensions to add to a certificate request (intermediate2-ca)
+        [ v3_req2 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$2
+
+        # Extensions to add to a certificate request (intermediate3-ca)
+        [ v3_req3 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$3
+
+        # Extensions for a typical CA
+        [ v3_ca ]
+        basicConstraints       = CA:true
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = keyCertSign, cRLSign
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$4
+
+        # OCSP extensions.
+        [ v3_ocsp ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        extendedKeyUsage       = OCSPSigning
+EOF
+
+    mv $test_cnf $CERT_DIR/$test_cnf
+    cd $CERT_DIR
+    CURR_LOC="$PWD"
+    printf '%s\n' "echo now in $CURR_LOC"
+    ./renewcerts-for-test.sh $test_cnf
+    cd $WORKSPACE
+}
+
+remove_ready_file(){
+    if test -e $ready_file1; then
+        printf '%s\n' "removing ready file: $ready_file1"
+        rm $ready_file1
+    fi
+    if test -e $ready_file2; then
+        printf '%s\n' "removing ready file: $ready_file2"
+        rm $ready_file2
+    fi
+    if test -e $ready_file3; then
+        printf '%s\n' "removing ready file: $ready_file3"
+        rm $ready_file3
+    fi
+    if test -e $ready_file4; then
+        printf '%s\n' "removing ready file: $ready_file4"
+        rm $ready_file4
+    fi
+    if test -e $ready_file5; then
+        printf '%s\n' "removing ready file: $ready_file5"
+        rm $ready_file5
+    fi
+}
+
+cleanup()
+{
+    exit_status=$?
+    for i in $(jobs -pr)
+    do
+        kill -s KILL "$i"
+    done
+    remove_ready_file
+    rm $CERT_DIR/$test_cnf
+    cd "$PARENTDIR" || return 1
+    rm -r "$WORKSPACE" || return 1
+
+    if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then
+        echo "retrying..."
+        RETRIES_REMAINING=$((RETRIES_REMAINING - 1))
+        exec $0 "$@"
+    fi
+}
+trap cleanup EXIT INT TERM HUP
+
+[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
+
+# check if supported key size is large enough to handle 4096 bit RSA
+size="$(./examples/client/client '-?' | grep "Max RSA key")"
+size="${size//[^0-9]/}"
+if [ ! -z "$size" ]; then
+    printf 'check on max key size of %d ...' $size
+    if [ $size -lt 4096 ]; then
+        printf '%s\n' "4096 bit RSA keys not supported"
+        exit 0
+    fi
+    printf 'OK\n'
+fi
+
+#get four unique ports
+
+# choose consecutive ports based on the PID, skipping any that are
+# already bound, to avoid the birthday problem in case other
+# instances are sharing this host.
+
+get_first_free_port() {
+    local ret="$1"
+    while :; do
+        if [[ "$ret" -ge 65536 ]]; then
+            ret=1024
+        fi
+        if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then
+            break
+        fi
+        ret=$((ret+1))
+    done
+    echo "$ret"
+    return 0
+}
+
+base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
+port1=$(get_first_free_port $base_port)
+port2=$(get_first_free_port $((port1 + 1)))
+port3=$(get_first_free_port $((port2 + 1)))
+port4=$(get_first_free_port $((port3 + 1)))
+port5=$(get_first_free_port $((port4 + 1)))
+
+# 1:
+./examples/server/server -R $ready_file1 -p $port1 &
+server_pid1=$!
+wait_for_readyFile $ready_file1 $server_pid1 $port1
+if [ ! -f $ready_file1 ]; then
+    printf '%s\n' "Failed to create ready file1: \"$ready_file1\""
+    exit 1
+fi
+# 2:
+./examples/server/server -R $ready_file2 -p $port2 &
+server_pid2=$!
+wait_for_readyFile $ready_file2 $server_pid2 $port2
+if [ ! -f $ready_file2 ]; then
+    printf '%s\n' "Failed to create ready file2: \"$ready_file2\""
+    exit 1
+fi
+# 3:
+./examples/server/server -R $ready_file3 -p $port3 &
+server_pid3=$!
+wait_for_readyFile $ready_file3 $server_pid3 $port3
+if [ ! -f $ready_file3 ]; then
+    printf '%s\n' "Failed to create ready file3: \"$ready_file3\""
+    exit 1
+fi
+# 4:
+./examples/server/server -R $ready_file4 -p $port4 &
+server_pid4=$!
+wait_for_readyFile $ready_file4 $server_pid4 $port4
+if [ ! -f $ready_file4 ]; then
+    printf '%s\n' "Failed to create ready file4: \"$ready_file4\""
+    exit 1
+fi
+
+printf '%s\n' "------------- PORTS ---------------"
+printf '%s' "Random ports selected: $port1 $port2"
+printf '%s\n' " $port3 $port4"
+printf '%s\n' "-----------------------------------"
+# Use client connections to cleanly shutdown the servers
+./examples/client/client -p $port1
+./examples/client/client -p $port2
+./examples/client/client -p $port3
+./examples/client/client -p $port4
+create_new_cnf $port1 $port2 $port3 \
+               $port4
+
+sleep 0.1
+
+# setup ocsp responders
+# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port1 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port2 -nmin 1                               \
+    -index   certs/ocsp/index-intermediate2-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate2-ca-cert.pem               \
+    "$@"                                                        \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port3 -nmin 1                               \
+    -index   certs/ocsp/index-intermediate3-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate3-ca-cert.pem               \
+    "$@"                                                        \
+    &
+
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port4 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
+sleep 0.1
+# "jobs" is not portable for posix. Must use bash interpreter!
+[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
+
+printf '\n\n%s\n\n' "All OCSP responders started successfully!"
+
+if [ "$tls13" == "yes" ]; then
+    printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
+    # client test against our own server - GOOD CERTS
+    ./examples/server/server -c certs/ocsp/server3-cert.pem \
+                            -k certs/ocsp/server3-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+    printf '%s\n\n' "Test PASSED!"
+
+    printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
+    # client test against our own server - REVOKED SERVER CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 &
+    sleep 0.1
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------------"
+    # client test against our own server - REVOKED INTERMEDIATE CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server5-cert.pem \
+                            -k certs/ocsp/server5-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server5-cert.pem \
+                            -k certs/ocsp/server5-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server1-cert.pem \
+                            -k certs/ocsp/server1-key.pem -R $ready_file5 -v 4 \
+                            -p $port5 -H loadSSL &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1
+    wait $server_pid5
+    if [ $? -ne 0 ]; then
+        printf '%s\n' "Unexpected server result"
+        exit 1
+    fi
+    printf '%s\n\n' "Test successful"
+    printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -H loadSSL -v 4 &
+    server_pid5=$!
+    sleep 0.1
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    wait $server_pid5
+    if [ $? -ne 1 ]; then
+        printf '%s\n' "Unexpected server result"
+        exit 1
+    fi
+    printf '%s\n\n' "Test successfully REVOKED!"
+fi
+
+if [ "$dtls13" == "yes" ]; then
+    printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS ---------------"
+    # client test against our own server - GOOD CERTS
+    ./examples/server/server -c certs/ocsp/server3-cert.pem \
+                            -k certs/ocsp/server3-key.pem -R $ \
+                            -p $port5 -u -v 4 &
+    server_pid5=$!
+    sleep 0.2
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+    printf '%s\n\n' "Test PASSED!"
+
+    printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD REVOKE --------------"
+    # client test against our own server - REVOKED SERVER CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    sleep 0.2
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+fi
+
+# need a unique port since may run the same time as testsuite
+generate_port() {
+    #-------------------------------------------------------------------------#
+    # Generate a random port number
+    #-------------------------------------------------------------------------#
+
+    if [[ "$OSTYPE" == "linux"* ]]; then
+        port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
+    elif [[ "$OSTYPE" == "darwin"* ]]; then
+        port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
+    else
+        echo "Unknown OS TYPE"
+        exit 1
+    fi
+}
+
+printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"
+
+exit 0
diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index 0131b0bfd..74764de90 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -50,7 +50,7 @@ else
 fi
 
 server=www.google.com
-ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem
+ca=certs/external/ca-google-root.pem
 
 if [ "$AM_BWRAPPED" != "yes" ]; then
     # is our desired server there?
diff --git a/scripts/openssl.test b/scripts/openssl.test
index 9bd98e5f1..f797a9ff8 100755
--- a/scripts/openssl.test
+++ b/scripts/openssl.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # openssl.test
 
@@ -64,6 +64,7 @@ anon_wolfssl_pid=$no_pid
 wolf_cases_tested=0
 wolf_cases_total=0
 counter=0
+wolfssl_no_resume=""
 testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
 versionName="Invalid"
 if [ "$OPENSSL" = "" ]; then
@@ -279,7 +280,7 @@ check_server_ready() {
     server_ready=0
     while [ "$counter" -lt 20 ]; do
         echo -e "waiting for $server_name ready..."
-        echo -e Checking | nc localhost $server_port
+        echo -e Checking | nc -w 5 localhost $server_port
         nc_result=$?
         if [ $nc_result = 0 ]
         then
@@ -328,6 +329,10 @@ do_wolfssl_client() {
     then
         wolfssl_resume=
     fi
+    if [ "$wolfssl_no_resume" = "yes" ]
+    then
+        wolfssl_resume=
+    fi
     if [ "$version" != "5" -a "$version" != "" ]
     then
         echo "#"
@@ -516,6 +521,19 @@ then
     if [ "$wolf_rsa" != "" ]; then
         echo "wolfSSL supports RSA"
     fi
+    # Check if RSA-PSS certificates supported in wolfSSL
+    wolf_rsapss=`$WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1`
+    case $wolf_rsapss in
+    *"ca file"*)
+        echo "wolfSSL does not support RSA-PSS"
+        wolf_rsapss=""
+        ;;
+    *)
+        ;;
+    esac
+    if [ "$wolf_rsapss" != "" ]; then
+        echo "wolfSSL supports RSA-PSS"
+    fi
     # Check if ECC certificates supported in wolfSSL
     wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1`
     case $wolf_ecc in
@@ -1143,7 +1161,7 @@ do
                 do_wolfssl_client
                 psk=""
                 adh=""
-                openssl_psk="-psk 0123456789abcdef0123456789abcdef"
+                openssl_psk="-psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
                 open_temp_cases_total=$((open_temp_cases_total + 1))
                 port=$wolfssl_port
                 do_openssl_client
@@ -1228,6 +1246,49 @@ do
 done
 IFS="$OIFS" #restore separator
 
+# Skip RSA-PSS interop test when RSA-PSS is not supported
+if [ "$wolf_rsapss" != "" -a "$ecdhe_avail" = "yes" -a "$wolf_rsa" = "yes" ]
+then
+    # Test for RSA-PSS certs interop
+    # Was running into alert sent by openssl server with version 1.1.1 released
+    # in Sep 2018. To avoid this issue check that openssl version 3.0.0 or later
+    # is used.
+
+    $OPENSSL version | awk '{print $2}' | \
+        awk -F. '{if ($1 >= 3) exit 1; else exit 0;}'
+    RESULT=$?
+    if [ "$RESULT" = "0" ]; then
+        echo -e "Old version of openssl detected, skipping interop RSA-PSS test"
+    else
+        echo -e "Doing interop RSA-PSS test"
+
+        key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem
+        cert_file=${CERT_DIR}/rsapss/server-rsapss.pem
+        ca_file=${CERT_DIR}/client-cert.pem
+        openssl_suite="RSAPSS"
+        start_openssl_server
+
+        cert="${CERT_DIR}/client-cert.pem"
+        key="${CERT_DIR}/client-key.pem"
+        caCert="${CERT_DIR}/rsapss/ca-rsapss.pem"
+        crl="-C"
+        wolfSuite="ALL"
+        wolfssl_no_resume="yes"
+        port=$server_port
+
+        if [ "$wolf_tls13" != "" ]
+        then
+            version="4"
+            do_wolfssl_client
+        fi
+
+        if [ "$wolf_tls" != "" ]
+        then
+            version="3"
+            do_wolfssl_client
+        fi
+    fi
+fi
 do_cleanup
 
 echo -e "wolfSSL total cases   $wolf_cases_total"
diff --git a/scripts/openssl_srtp.test b/scripts/openssl_srtp.test
index 500ea5c14..509db8a6c 100755
--- a/scripts/openssl_srtp.test
+++ b/scripts/openssl_srtp.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Test WolfSSL/OpenSSL srtp interoperability
 #
 # TODO: add OpenSSL client with WolfSSL server
diff --git a/scripts/pem.test b/scripts/pem.test
index 7c32f8b03..65720cd6d 100755
--- a/scripts/pem.test
+++ b/scripts/pem.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # pem.test
 # Copyright wolfSSL 2023-2023
diff --git a/scripts/ping.test b/scripts/ping.test
index c823492e3..3b8d5df20 100755
--- a/scripts/ping.test
+++ b/scripts/ping.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # ping.test
 
diff --git a/scripts/pkcallbacks.test b/scripts/pkcallbacks.test
index 7fcb697f0..d4bf4309d 100755
--- a/scripts/pkcallbacks.test
+++ b/scripts/pkcallbacks.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #pkcallbacks.test
 
diff --git a/scripts/psk.test b/scripts/psk.test
index baeca0210..58edace27 100755
--- a/scripts/psk.test
+++ b/scripts/psk.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # psk.test
 # copyright wolfSSL 2016
diff --git a/scripts/resume.test b/scripts/resume.test
index 49839b4da..06f25be00 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #resume.test
 
diff --git a/scripts/sniffer-gen.sh b/scripts/sniffer-gen.sh
index eac160979..4cc1207e5 100755
--- a/scripts/sniffer-gen.sh
+++ b/scripts/sniffer-gen.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #set -x
 
 # Run this script from the wolfSSL root
diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test
index 0be4587fb..e827da754 100755
--- a/scripts/sniffer-testsuite.test
+++ b/scripts/sniffer-testsuite.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 #sniffer-testsuite.test
 
diff --git a/scripts/stm32l4-v4_0_1_build.sh b/scripts/stm32l4-v4_0_1_build.sh
index b4eb3650e..156ab8885 100755
--- a/scripts/stm32l4-v4_0_1_build.sh
+++ b/scripts/stm32l4-v4_0_1_build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 WOLF_ROOT=$(eval "pwd")
 echo "WOLF_ROOT set to: \"$WOLF_ROOT\""
 cd ../ || exit 5
diff --git a/scripts/tls13.test b/scripts/tls13.test
index aa53af901..085ffc180 100755
--- a/scripts/tls13.test
+++ b/scripts/tls13.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # tls13.test
 # Copyright wolfSSL 2016-2021
diff --git a/scripts/trusted_peer.test b/scripts/trusted_peer.test
index 3936e79de..cdcca7b25 100755
--- a/scripts/trusted_peer.test
+++ b/scripts/trusted_peer.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # trusted_peer.test
 # copyright wolfSSL 2016
diff --git a/src/bio.c b/src/bio.c
index 85de16dd5..80fa6a183 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -1,6 +1,6 @@
 /* bio.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,10 +24,9 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#if defined(OPENSSL_EXTRA) && !defined(_WIN32)
+#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)
     /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */
-    #undef  _GNU_SOURCE
-    #define _GNU_SOURCE
+    #define _GNU_SOURCE 1
 #endif
 
 #if !defined(WOLFSSL_BIO_INCLUDED)
@@ -50,7 +49,7 @@
  */
 static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len)
 {
-    word32 frmtSz = len;
+    word32 frmtSz = (word32)len;
 
     WOLFSSL_ENTER("wolfSSL_BIO_BASE64_read");
 
@@ -70,16 +69,35 @@ static int wolfSSL_BIO_BASE64_read(WOLFSSL_BIO* bio, void* buf, int len)
  */
 static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
 {
-    int   sz;
+    int   sz1;
+    int   sz2;
     char* pt;
 
-    sz = wolfSSL_BIO_nread(bio, &pt, len);
+    if (buf == NULL || len == 0)
+        return 0;
 
-    if (sz > 0) {
-        XMEMCPY(buf, pt, sz);
+    /* default no retry */
+    bio->flags &= ~(WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY);
+    sz1 = wolfSSL_BIO_nread(bio, &pt, len);
+    if (sz1 > 0) {
+        XMEMCPY(buf, pt, sz1);
+        buf = (char*)buf + sz1;
+        len -= sz1;
+        if (len > 0) {
+            /* try again to see if maybe we wrapped around the ring buffer */
+            sz2 = wolfSSL_BIO_nread(bio, &pt, len);
+            if (sz2 > 0) {
+                XMEMCPY(buf, pt, sz2);
+                sz1 += sz2;
+            }
+        }
+    }
+    if (sz1 == 0) {
+        bio->flags |= WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY;
+        sz1 = -1;
     }
 
-    return sz;
+    return sz1;
 }
 
 #ifndef WOLFSSL_BIO_RESIZE_THRESHOLD
@@ -124,11 +142,11 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
             return WOLFSSL_BIO_ERROR;
         }
 
-        XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz);
+        XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, (size_t)sz);
         bio->rdIdx += sz;
 
         if (bio->rdIdx >= bio->wrSz) {
-            if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+            if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
                 bio->wrSz = bio->wrSzReset;
             }
             else {
@@ -142,26 +160,26 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
                 bio->wrSz = 0;
                 bio->mem_buf->length = 0;
             }
-            bio->ptr = bio->mem_buf->data;
+            bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         }
         else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD &&
-                !(bio->flags & BIO_FLAGS_MEM_RDONLY)) {
+                !(bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY)) {
             /* Resize the memory so we are not taking up more than necessary.
              * memmove reverts internally to memcpy if areas don't overlap */
             XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx,
-                    bio->wrSz - bio->rdIdx);
+                    (long unsigned int)bio->wrSz - (size_t)bio->rdIdx);
             bio->wrSz -= bio->rdIdx;
             bio->rdIdx = 0;
             /* Resize down to WOLFSSL_BIO_RESIZE_THRESHOLD for fewer
              * allocations. */
             if (wolfSSL_BUF_MEM_resize(bio->mem_buf,
-                    bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? bio->wrSz :
-                            WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) {
+                bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ?
+                (size_t)bio->wrSz : WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) {
                 WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error");
                 return WOLFSSL_BIO_ERROR;
             }
-            bio->mem_buf->length = bio->wrSz;
-            bio->ptr = bio->mem_buf->data;
+            bio->mem_buf->length = (size_t)bio->wrSz;
+            bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         }
     }
     else {
@@ -182,6 +200,7 @@ int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b)
 }
 
 #ifndef WOLFCRYPT_ONLY
+#ifndef NO_TLS
 /* Helper function to read from WOLFSSL_BIO_SSL type
  *
  * returns the number of bytes read on success
@@ -198,11 +217,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
         return WOLFSSL_FATAL_ERROR;
 
     bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */
-    ret = wolfSSL_read((WOLFSSL*)bio->ptr, buf, len);
+    ret = wolfSSL_read(bio->ptr.ssl, buf, len);
     if (ret == 0)
         front->eof = 1;
     else if (ret < 0) {
-        int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0);
+        int err = wolfSSL_get_error(bio->ptr.ssl, 0);
         if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) {
             front->eof = 1;
         }
@@ -213,25 +232,26 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
 
     return ret;
 }
+#endif /* !NO_TLS */
 
 static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
 {
-    if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
-        if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf,
-                        sz) != WOLFSSL_SUCCESS)
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) {
+        if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf,
+                        (unsigned int)sz) != WOLFSSL_SUCCESS)
         {
             return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
-        if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, sz)
+        if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, buf, (size_t)sz)
                 != WOLFSSL_SUCCESS) {
             return WOLFSSL_FATAL_ERROR;
         }
     }
     return sz;
 }
-#endif /* WOLFCRYPT_ONLY */
+#endif /* !WOLFCRYPT_ONLY */
 
 
 /* Used to read data from a WOLFSSL_BIO structure
@@ -271,6 +291,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
     }
 
     while (bio != NULL && ret >= 0) {
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        int inhibit_flow_increment = 0;
+#endif
         /* check for custom read */
         if (bio->method && bio->method->readCb) {
             ret = bio->method->readCb(bio, (char*)buf, len);
@@ -283,19 +306,22 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
                 break;
             case WOLFSSL_BIO_BIO: /* read BIOs */
                 ret = wolfSSL_BIO_BIO_read(bio, buf, len);
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+                inhibit_flow_increment = 1;
+#endif
                 break;
             case WOLFSSL_BIO_MEMORY:
                 ret = wolfSSL_BIO_MEMORY_read(bio, buf, len);
                 break;
             case WOLFSSL_BIO_FILE:
             #ifndef NO_FILESYSTEM
-                if (bio->ptr) {
-                    ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr);
+                if (bio->ptr.fh) {
+                    ret = (int)XFREAD(buf, 1, (size_t)len, bio->ptr.fh);
                 }
                 else {
-                #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \
+                #if defined(XREAD) && !defined(NO_WOLFSSL_DIR) && \
                     !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                    ret = (int)XREAD(bio->num, buf, len);
+                    ret = (int)XREAD(bio->num.fd, buf, (size_t)len);
                 #else
                     WOLFSSL_MSG("No file pointer and XREAD not enabled");
                     ret = NOT_COMPILED_IN;
@@ -307,7 +333,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
             #endif /* !NO_FILESYSTEM */
                 break;
             case WOLFSSL_BIO_SSL:
-            #ifndef WOLFCRYPT_ONLY
+            #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
                 ret = wolfSSL_BIO_SSL_read(bio, buf, len, front);
             #else
                 WOLFSSL_MSG("WOLFSSL_BIO_SSL used with WOLFCRYPT_ONLY");
@@ -326,14 +352,56 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
             #ifdef USE_WOLFSSL_IO
                 /* BIO requires built-in socket support
                  *  (cannot be used with WOLFSSL_USER_IO) */
-                ret = wolfIO_Recv(bio->num, (char*)buf, len, 0);
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
             #else
                 ret = NOT_COMPILED_IN;
             #endif
                 break;
+
+            case WOLFSSL_BIO_DGRAM:
+            #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \
+                defined(USE_WOLFSSL_IO)
+                /* BIO requires built-in socket support
+                 *  (cannot be used with WOLFSSL_USER_IO) */
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                if (bio->connected)
+                    ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0);
+                else {
+                    wolfSSL_BIO_ADDR_clear(&bio->peer_addr);
+                    ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr,
+                                          (char*)buf, len, 0);
+                }
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+                break;
+
+            case WOLFSSL_BIO_NULL:
+                ret = 0;
+                break;
+
             } /* switch */
         }
 
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        if ((ret > 0) && (!inhibit_flow_increment)) {
+            bio->bytes_read += (word32)ret;
+        }
+#endif
+
         /* case where front of list is done */
         if (bio == front) {
             break; /* at front of list so be done */
@@ -384,14 +452,15 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
     /* get the encoded length */
     if (bio->flags & WOLFSSL_BIO_FLAG_BASE64_NO_NL) {
         if (Base64_Encode_NoNl((const byte*)data, inLen, NULL,
-                    &sz) != LENGTH_ONLY_E) {
+                    &sz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             WOLFSSL_MSG("Error with base64 get length");
             return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
-        if (Base64_Encode((const byte*)data, inLen, NULL, &sz) !=
-            LENGTH_ONLY_E) {
+        if (Base64_Encode((const byte*)data, inLen, NULL, &sz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
             WOLFSSL_MSG("Error with base64 get length");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -433,11 +502,11 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
 
     (void)heap;
 
-    return inLen;
+    return (int)inLen;
 }
 #endif /* WOLFSSL_BASE64_ENCODE */
 
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
 /* Helper function for writing to a WOLFSSL_BIO_SSL type
  *
  * returns the amount written in bytes on success
@@ -449,16 +518,16 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
 
     WOLFSSL_ENTER("wolfSSL_BIO_SSL_write");
 
-    if (bio->ptr == NULL) {
+    if (bio->ptr.ssl == NULL) {
         return BAD_FUNC_ARG;
     }
 
     bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */
-    ret = wolfSSL_write((WOLFSSL*)bio->ptr, data, len);
+    ret = wolfSSL_write(bio->ptr.ssl, data, len);
     if (ret == 0)
         front->eof = 1;
     else if (ret < 0) {
-        int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0);
+        int err = wolfSSL_get_error(bio->ptr.ssl, 0);
         if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) {
             front->eof = 1;
         }
@@ -468,8 +537,7 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
     }
     return ret;
 }
-#endif /* WOLFCRYPT_ONLY */
-
+#endif /* !WOLFCRYPT_ONLY && !NO_TLS */
 
 /* Writes to a WOLFSSL_BIO_BIO type.
  *
@@ -478,27 +546,45 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
 static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
         int len)
 {
-    int   sz;
+    int   sz1;
+    int   sz2;
     char* buf;
 
     WOLFSSL_ENTER("wolfSSL_BIO_BIO_write");
 
     /* adding in sanity checks for static analysis tools */
-    if (bio == NULL || data == NULL) {
-        return BAD_FUNC_ARG;
-    }
+    if (bio == NULL || data == NULL || len == 0)
+        return 0;
 
-    sz = wolfSSL_BIO_nwrite(bio, &buf, len);
-
-    /* test space for write */
-    if (sz <= 0) {
+    /* default no retry */
+    bio->flags &= ~(WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY);
+    sz1 = wolfSSL_BIO_nwrite(bio, &buf, len);
+    if (sz1 == 0) {
+        bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
         WOLFSSL_MSG("No room left to write");
-        return sz;
+        return WOLFSSL_BIO_ERROR;
+    }
+    if (sz1 < 0) {
+        WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite");
+        return sz1;
+    }
+    XMEMCPY(buf, data, (size_t)sz1);
+    data = (char*)data + sz1;
+    len -= sz1;
+
+    if (len > 0) {
+        /* try again to see if maybe we wrapped around the ring buffer */
+        sz2 = wolfSSL_BIO_nwrite(bio, &buf, len);
+        if (sz2 > 0) {
+            XMEMCPY(buf, data, (size_t)sz2);
+            sz1 += sz2;
+            if (len > sz2)
+                bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
+        }
     }
 
-    XMEMCPY(buf, data, sz);
 
-    return sz;
+    return sz1;
 }
 
 
@@ -521,15 +607,15 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
         WOLFSSL_MSG("one of input parameters is null");
         return WOLFSSL_FAILURE;
     }
-    if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+    if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
         return WOLFSSL_FAILURE;
     }
 
     if (len == 0)
         return WOLFSSL_SUCCESS; /* Return early to make logic simpler */
 
-    if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, bio->wrSz + len, 0)
-            == 0) {
+    if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) +
+                                                    ((size_t)len), 0) == 0) {
         WOLFSSL_MSG("Error growing memory area");
         return WOLFSSL_FAILURE;
     }
@@ -539,9 +625,9 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
         return WOLFSSL_FAILURE;
     }
 
-    XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len);
-    bio->ptr = bio->mem_buf->data;
-    bio->num = (int)bio->mem_buf->max;
+    XMEMCPY(bio->mem_buf->data + bio->wrSz, data, (size_t)len);
+    bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
+    bio->num.length = bio->mem_buf->max;
     bio->wrSz += len;
     bio->wrIdx += len;
 
@@ -562,14 +648,14 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len)
         return BAD_FUNC_ARG;
     }
 
-    if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
-        if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data,
-                    len) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) {
+        if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data,
+                    (unsigned int)len) != WOLFSSL_SUCCESS) {
             ret = WOLFSSL_BIO_ERROR;
         }
     }
     else {
-        if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, len)
+        if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, data, (size_t)len)
                 != WOLFSSL_SUCCESS) {
             ret =  WOLFSSL_BIO_ERROR;
         }
@@ -611,6 +697,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
     }
 
     while (bio != NULL && ret >= 0) {
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        int inhibit_flow_increment = 0;
+#endif
         /* check for custom write */
         if (bio->method && bio->method->writeCb) {
             ret = bio->method->writeCb(bio, (const char*)data, len);
@@ -625,7 +714,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
                 if (ret > 0) {
                     /* change so that data is formatted buffer */
                     data = frmt;
-                    len  = frmtSz;
+                    len  = (int)frmtSz;
                 }
             #else
                 WOLFSSL_MSG("WOLFSSL_BIO_BASE64 used without "
@@ -636,19 +725,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             }
             case WOLFSSL_BIO_BIO: /* write bios */
                 ret = wolfSSL_BIO_BIO_write(bio, data, len);
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+                inhibit_flow_increment = 1;
+#endif
                 break;
             case WOLFSSL_BIO_MEMORY:
                 ret = wolfSSL_BIO_MEMORY_write(bio, data, len);
                 break;
             case WOLFSSL_BIO_FILE:
             #ifndef NO_FILESYSTEM
-                if (bio->ptr) {
-                    ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
+                if (bio->ptr.fh) {
+                    ret = (int)XFWRITE(data, 1, (size_t)len, bio->ptr.fh);
                 }
                 else {
-                #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \
+                #if defined(XWRITE) && !defined(NO_WOLFSSL_DIR) && \
                     !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                    ret = (int)XWRITE(bio->num, data, len);
+                    ret = (int)XWRITE(bio->num.fd, data, (size_t)len);
                 #else
                     WOLFSSL_MSG("No file pointer and XWRITE not enabled");
                     ret = NOT_COMPILED_IN;
@@ -660,7 +752,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             #endif /* !NO_FILESYSTEM */
                 break;
             case WOLFSSL_BIO_SSL:
-            #ifndef WOLFCRYPT_ONLY
+            #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
                 /* already got eof, again is error */
                 if (front->eof) {
                     ret = WOLFSSL_FATAL_ERROR;
@@ -689,19 +781,59 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             #ifdef USE_WOLFSSL_IO
                 /* BIO requires built-in socket support
                  *  (cannot be used with WOLFSSL_USER_IO) */
-                ret = wolfIO_Send(bio->num, (char*)data, len, 0);
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
             #else
                 ret = NOT_COMPILED_IN;
             #endif
                 break;
+
+            case WOLFSSL_BIO_DGRAM:
+                #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \
+                    defined(USE_WOLFSSL_IO)
+                /* BIO requires built-in socket support
+                 *  (cannot be used with WOLFSSL_USER_IO) */
+                bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
+                if (bio->connected)
+                    ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0);
+                else if (bio->peer_addr.sa.sa_family == AF_UNSPEC)
+                    ret = SOCKET_ERROR_E;
+                else
+                    ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) {
+                    bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
+                }
+                if (ret < 0) {
+                    ret = WOLFSSL_BIO_ERROR;
+                }
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+                break;
+
+            case WOLFSSL_BIO_NULL:
+                ret = len;
+                break;
+
             } /* switch */
         }
 
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        if ((ret > 0) && (! inhibit_flow_increment))
+            bio->bytes_written += (word32)ret;
+#endif
+
         /* advance to the next bio in list */
         bio = bio->next;
     }
 
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
 exit_chain:
 #endif
 
@@ -712,7 +844,7 @@ exit_chain:
                                  (const char*)data, len, 0, ret);
     }
 
-    if (frmt != NULL) {
+    if (front != NULL) {
         XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
@@ -744,19 +876,62 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
     }
 
     switch(cmd) {
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
+        case WOLFSSL_BIO_CTRL_PENDING:
+        case WOLFSSL_BIO_CTRL_WPENDING:
             ret = (long)wolfSSL_BIO_ctrl_pending(bio);
             break;
-        case BIO_CTRL_INFO:
+        case WOLFSSL_BIO_CTRL_INFO:
             ret = (long)wolfSSL_BIO_get_mem_data(bio, parg);
             break;
-        case BIO_CTRL_FLUSH:
+        case WOLFSSL_BIO_CTRL_FLUSH:
             ret = (long)wolfSSL_BIO_flush(bio);
             break;
-        case BIO_CTRL_RESET:
+        case WOLFSSL_BIO_CTRL_RESET:
             ret = (long)wolfSSL_BIO_reset(bio);
             break;
+
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+        case WOLFSSL_BIO_CTRL_DGRAM_CONNECT:
+        case WOLFSSL_BIO_CTRL_DGRAM_SET_PEER:
+        {
+            socklen_t addr_size;
+            if (parg == NULL) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+            addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg);
+            if (addr_size == 0) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+            XMEMCPY(&bio->peer_addr, parg, addr_size);
+            ret = WOLFSSL_SUCCESS;
+            break;
+        }
+
+        case WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED:
+            if (parg == NULL) {
+                wolfSSL_BIO_ADDR_clear(&bio->peer_addr);
+                bio->connected = 0;
+            }
+            else {
+                socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg);
+                if (addr_size == 0) {
+                    ret = WOLFSSL_FAILURE;
+                    break;
+                }
+                XMEMCPY(&bio->peer_addr, parg, addr_size);
+                bio->connected = 1;
+            }
+            ret = WOLFSSL_SUCCESS;
+            break;
+
+        case WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU:
+            ret = 0; /* not implemented */
+            break;
+
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
         default:
             WOLFSSL_MSG("CMD not yet implemented");
             ret = WOLFSSL_FAILURE;
@@ -790,8 +965,51 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio)
 
     return WOLFSSL_FAILURE;
 }
-#endif
 
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) {
+    WOLFSSL_BIO_ADDR *addr =
+        (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO);
+    if (addr)
+        addr->sa.sa_family = AF_UNSPEC;
+    return addr;
+}
+
+void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) {
+    XFREE(addr, NULL, DYNAMIC_TYPE_BIO);
+}
+
+void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) {
+    if (addr == NULL)
+        return;
+    XMEMSET(addr, 0, sizeof(*addr));
+    addr->sa.sa_family = AF_UNSPEC;
+}
+
+socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) {
+    switch (addr->sa.sa_family) {
+#ifndef WOLFSSL_NO_BIO_ADDR_IN
+    case AF_INET:
+        return sizeof(addr->sa_in);
+#endif
+#ifdef WOLFSSL_IPV6
+    case AF_INET6:
+        return sizeof(addr->sa_in6);
+#endif
+#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN)
+    case AF_UNIX:
+        return sizeof(addr->sa_un);
+#endif
+    default:
+        /* must return zero if length can't be determined, to avoid buffer
+         * overruns in callers.
+         */
+        return 0;
+    }
+}
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
 
 /* helper function for wolfSSL_BIO_gets
  * size till a newline is hit
@@ -852,15 +1070,15 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
     switch (bio->type) {
 #ifndef NO_FILESYSTEM
         case WOLFSSL_BIO_FILE:
-            if (((XFILE)bio->ptr) == XBADFILE) {
+            if (bio->ptr.fh == XBADFILE) {
                 return WOLFSSL_BIO_ERROR;
             }
 
             #if defined(MICRIUM) || defined(LSR_FS) || defined(EBSNET)
             WOLFSSL_MSG("XFGETS not ported for this system yet");
-            ret = XFGETS(buf, sz, (XFILE)bio->ptr);
+            ret = XFGETS(buf, sz, bio->ptr.fh);
             #else
-            if (XFGETS(buf, sz, (XFILE)bio->ptr) != NULL) {
+            if (XFGETS(buf, sz, bio->ptr.fh) != NULL) {
                 ret = (int)XSTRLEN(buf);
             }
             else {
@@ -907,7 +1125,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
                 char* c;
                 int   cSz;
                 cSz = wolfSSL_BIO_nread0(bio, &c);
-                if (cSz == 0) {
+                if (cSz <= 0) {
                     ret = 0; /* Nothing to read */
                     buf[0] = '\0';
                     break;
@@ -928,7 +1146,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
 
                 ret = wolfSSL_BIO_nread(bio, &c, cSz);
                 if (ret > 0 && ret < sz) {
-                    XMEMCPY(buf, c, ret);
+                    XMEMCPY(buf, c, (size_t)ret);
                 }
                 break;
             }
@@ -936,21 +1154,25 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
 #ifndef WOLFCRYPT_ONLY
         /* call final on hash */
         case WOLFSSL_BIO_MD:
-            if (wolfSSL_EVP_MD_CTX_size((WOLFSSL_EVP_MD_CTX*)bio->ptr) > sz) {
+            if (wolfSSL_EVP_MD_CTX_size(bio->ptr.md_ctx) > sz) {
                 WOLFSSL_MSG("Output buffer was too small for digest");
                 ret = WOLFSSL_FAILURE;
             }
             else {
                 unsigned int szOut = 0;
-                ret = wolfSSL_EVP_DigestFinal((WOLFSSL_EVP_MD_CTX*)bio->ptr,
+                ret = wolfSSL_EVP_DigestFinal(bio->ptr.md_ctx,
                         (unsigned char*)buf, &szOut);
                 if (ret == WOLFSSL_SUCCESS) {
-                    ret = szOut;
+                    ret = (int)szOut;
                 }
             }
             break;
 #endif /* WOLFCRYPT_ONLY */
 
+        case WOLFSSL_BIO_NULL:
+            ret = 0;
+            break;
+
         default:
             WOLFSSL_MSG("BIO type not supported yet with wolfSSL_BIO_gets");
     }
@@ -1046,13 +1268,13 @@ size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio)
         return 0;
 
     if (bio->type == WOLFSSL_BIO_MEMORY) {
-        return bio->wrSz;
+        return (size_t)bio->wrSz;
     }
 
     /* type BIO_BIO then check paired buffer */
     if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) {
         WOLFSSL_BIO* pair = bio->pair;
-        return pair->wrIdx;
+        return (size_t)pair->wrIdx;
     }
 
     return 0;
@@ -1097,13 +1319,13 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
     }
 
 #ifndef WOLFCRYPT_ONLY
-    if (bio->type == WOLFSSL_BIO_SSL && bio->ptr != NULL) {
-        return (long)wolfSSL_pending((WOLFSSL*)bio->ptr);
+    if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) {
+        return (size_t)wolfSSL_pending(bio->ptr.ssl);
     }
 #endif
 
     if (bio->type == WOLFSSL_BIO_MEMORY) {
-        return bio->wrSz - bio->rdIdx;
+        return (size_t)(bio->wrSz - bio->rdIdx);
     }
 
     /* type BIO_BIO then check paired buffer */
@@ -1112,11 +1334,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
         if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) {
             /* in wrap around state where beginning of buffer is being
              * overwritten */
-            return pair->wrSz - pair->rdIdx + pair->wrIdx;
+            return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) +
+                                                ((size_t)pair->wrIdx);
         }
         else {
             /* simple case where has not wrapped around */
-            return pair->wrIdx - pair->rdIdx;
+            return (size_t)(pair->wrIdx - pair->rdIdx);
         }
     }
     return 0;
@@ -1126,7 +1349,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
 long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
 {
     WOLFSSL_BIO* front = bio;
-    long ret = WOLFSSL_FAILURE;
+    long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr");
 
@@ -1152,7 +1375,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
         bio = bio->prev;
     }
 
-    return ret;
+    if (ret == WOLFSSL_SUCCESS)
+        return ret;
+    else
+        return WOLFSSL_FAILURE;
 }
 
 #ifdef OPENSSL_ALL
@@ -1160,7 +1386,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
                                 int closeFlag)
     {
         if (!bio || !bufMem ||
-            (closeFlag != BIO_NOCLOSE && closeFlag != BIO_CLOSE))
+           (closeFlag != WOLFSSL_BIO_NOCLOSE && closeFlag != WOLFSSL_BIO_CLOSE))
             return BAD_FUNC_ARG;
 
         if (bio->mem_buf)
@@ -1168,12 +1394,12 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
                 wolfSSL_BUF_MEM_free(bio->mem_buf);
 
         bio->mem_buf = bufMem;
-        bio->shutdown = closeFlag;
+        bio->shutdown = closeFlag ? WOLFSSL_BIO_CLOSE : WOLFSSL_BIO_NOCLOSE;
 
         bio->wrSz = (int)bio->mem_buf->length;
         bio->wrSzReset = bio->wrSz;
-        bio->num = (int)bio->mem_buf->max;
-        bio->ptr = bio->mem_buf->data;
+        bio->num.length = bio->mem_buf->max;
+        bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         bio->wrIdx = 0;
         bio->rdIdx = 0;
 
@@ -1206,15 +1432,16 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
         return WOLFSSL_FAILURE;
     }
 
-    if (bio->ptr != NULL) {
-        XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    if (bio->ptr.mem_buf_data != NULL) {
+        XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL);
     }
 
-    bio->ptr = (byte*)XMALLOC(size, bio->heap, DYNAMIC_TYPE_OPENSSL);
-    if (bio->ptr == NULL) {
+    bio->ptr.mem_buf_data = (byte*)XMALLOC((size_t)size, bio->heap,
+                                           DYNAMIC_TYPE_OPENSSL);
+    if (bio->ptr.mem_buf_data == NULL) {
         WOLFSSL_MSG("Memory allocation error");
         bio->wrSz  = 0;
-        bio->num = 0;
+        bio->num.length = 0;
         bio->wrIdx = 0;
         bio->rdIdx = 0;
         if (bio->mem_buf != NULL) {
@@ -1225,13 +1452,13 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
         return WOLFSSL_FAILURE;
     }
     bio->wrSz  = (int)size;
-    bio->num = (int)size;
+    bio->num.length = (size_t)size;
     bio->wrIdx = 0;
     bio->rdIdx = 0;
     if (bio->mem_buf != NULL) {
-        bio->mem_buf->data = (char*)bio->ptr;
-        bio->mem_buf->length = bio->num;
-        bio->mem_buf->max = bio->num;
+        bio->mem_buf->data = (char*)bio->ptr.mem_buf_data;
+        bio->mem_buf->length = bio->num.length;
+        bio->mem_buf->max = bio->num.length;
     }
 
     return WOLFSSL_SUCCESS;
@@ -1259,12 +1486,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2)
     }
 
     /* set default write size if not already set */
-    if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1,
+    if (b1->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b1,
                             WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
 
-    if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2,
+    if (b2->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b2,
                             WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -1297,7 +1524,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
 
     if (bio == NULL || buf == NULL) {
         WOLFSSL_MSG("NULL argument passed in");
-        return 0;
+        return -2;
     }
 
     /* if paired read from pair */
@@ -1305,7 +1532,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
         WOLFSSL_BIO* pair = bio->pair;
 
         /* case where have wrapped around write buffer */
-        *buf = (char*)pair->ptr + pair->rdIdx;
+        *buf = (char*)pair->ptr.mem_buf_data + pair->rdIdx;
         if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) {
             return pair->wrSz - pair->rdIdx;
         }
@@ -1314,7 +1541,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
         }
     }
 
-    return 0;
+    return -2;
 }
 
 
@@ -1337,13 +1564,13 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
     if (bio->pair != NULL) {
         /* special case if asking to read 0 bytes */
         if (num == 0) {
-            *buf = (char*)bio->pair->ptr + bio->pair->rdIdx;
+            *buf = (char*)bio->pair->ptr.mem_buf_data + bio->pair->rdIdx;
             return 0;
         }
 
         /* get amount able to read and set buffer pointer */
         sz = wolfSSL_BIO_nread0(bio, buf);
-        if (sz == 0) {
+        if (sz < 0) {
             return WOLFSSL_BIO_ERROR;
         }
 
@@ -1351,6 +1578,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
             sz = num;
         }
         bio->pair->rdIdx += sz;
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        bio->pair->bytes_read += (word32)sz;
+#endif
 
         /* check if have read to the end of the buffer and need to reset */
         if (bio->pair->rdIdx == bio->pair->wrSz) {
@@ -1388,7 +1618,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
 
     if (bio->pair != NULL) {
         if (num == 0) {
-            *buf = (char*)bio->ptr + bio->wrIdx;
+            *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx;
             return 0;
         }
 
@@ -1427,8 +1657,11 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
         if (num < sz) {
             sz = num;
         }
-        *buf = (char*)bio->ptr + bio->wrIdx;
+        *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx;
         bio->wrIdx += sz;
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+        bio->bytes_written += (word32)sz;
+#endif
 
         /* if at the end of the buffer and space for wrap around then set
          * write index back to 0 */
@@ -1440,6 +1673,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
     return sz;
 }
 
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio)
+{
+    word64 ret = 0;
+    if (bio == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return 0;
+    }
+    while (bio) {
+        ret += bio->bytes_read;
+        bio = bio->next;
+    }
+
+    return ret;
+}
+
+word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio)
+{
+    word64 ret = 0;
+    if (bio == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return 0;
+    }
+    while (bio) {
+        ret += bio->bytes_written;
+        bio = bio->next;
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */
 
 /* Reset BIO to initial state */
 int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
@@ -1455,46 +1719,46 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
     switch (bio->type) {
         #ifndef NO_FILESYSTEM
         case WOLFSSL_BIO_FILE:
-            if (XFSEEK((XFILE)bio->ptr, 0, XSEEK_SET) != 0)
+            if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0)
                 return WOLFSSL_BIO_ERROR;
             else
-                return 0;
+                return WOLFSSL_SUCCESS;
         #endif
 
         case WOLFSSL_BIO_BIO:
             bio->rdIdx = 0;
             bio->wrIdx = 0;
-            return 0;
+            return WOLFSSL_SUCCESS;
 
         case WOLFSSL_BIO_MEMORY:
             bio->rdIdx = 0;
-            if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+            if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
                 bio->wrIdx = bio->wrSzReset;
                 bio->wrSz  = bio->wrSzReset;
             }
             else {
                 bio->wrSz  = 0;
-                XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
-                bio->ptr = NULL;
-                bio->num = 0;
+                XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL);
+                bio->ptr.mem_buf_data = NULL;
+                bio->num.length = 0;
                 if (bio->mem_buf != NULL) {
                     bio->mem_buf->data = NULL;
                     bio->mem_buf->length = 0;
                     bio->mem_buf->max = 0;
                 }
             }
-            return 0;
+            return WOLFSSL_SUCCESS;
 
 #ifndef WOLFCRYPT_ONLY
         case WOLFSSL_BIO_MD:
-            if (bio->ptr != NULL) {
+            if (bio->ptr.md_ctx != NULL) {
                 const WOLFSSL_EVP_MD* md =
-                    wolfSSL_EVP_MD_CTX_md((WOLFSSL_EVP_MD_CTX*)bio->ptr);
-                wolfSSL_EVP_MD_CTX_cleanup((WOLFSSL_EVP_MD_CTX*)bio->ptr);
-                wolfSSL_EVP_MD_CTX_init((WOLFSSL_EVP_MD_CTX*)bio->ptr);
-                wolfSSL_EVP_DigestInit((WOLFSSL_EVP_MD_CTX*)bio->ptr, md);
+                    wolfSSL_EVP_MD_CTX_md(bio->ptr.md_ctx);
+                wolfSSL_EVP_MD_CTX_cleanup(bio->ptr.md_ctx);
+                wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx);
+                wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md);
             }
-            return 0;
+            return WOLFSSL_SUCCESS;
 #endif /* WOLFCRYPT_ONLY */
 
         default:
@@ -1544,7 +1808,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
     }
 
     bio->shutdown = (byte)c;
-    bio->ptr = (XFILE)fp;
+    bio->ptr.fh = fp;
 
     return WOLFSSL_SUCCESS;
 }
@@ -1562,7 +1826,7 @@ long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp)
         return WOLFSSL_FAILURE;
     }
 
-    *fp = (XFILE)bio->ptr;
+    *fp = bio->ptr.fh;
 
     return WOLFSSL_SUCCESS;
 }
@@ -1577,15 +1841,20 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
     }
 
     if (bio->type == WOLFSSL_BIO_FILE) {
-        if (((XFILE)bio->ptr) != XBADFILE && bio->shutdown == BIO_CLOSE) {
-            XFCLOSE((XFILE)bio->ptr);
+        if (bio->ptr.fh != XBADFILE && bio->shutdown == WOLFSSL_BIO_CLOSE) {
+            XFCLOSE(bio->ptr.fh);
         }
 
-        bio->ptr = XFOPEN(name, "w");
-        if (((XFILE)bio->ptr) == XBADFILE) {
+        /* 'b' flag is ignored on POSIX targets, but on Windows it assures
+         * inhibition of LF<->CRLF rewriting, so that there is consistency
+         * between the size and contents of the representation in memory and on
+         * disk.
+         */
+        bio->ptr.fh = XFOPEN(name, "wb");
+        if (bio->ptr.fh == XBADFILE) {
             return WOLFSSL_FAILURE;
         }
-        bio->shutdown = BIO_CLOSE;
+        bio->shutdown = WOLFSSL_BIO_CLOSE;
 
         return WOLFSSL_SUCCESS;
     }
@@ -1599,13 +1868,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
       WOLFSSL_ENTER("wolfSSL_BIO_seek");
 
       if (bio == NULL) {
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
       }
 
       /* offset ofs from beginning of file */
       if (bio->type == WOLFSSL_BIO_FILE &&
-              XFSEEK((XFILE)bio->ptr, ofs, SEEK_SET) < 0) {
-          return -1;
+              XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) {
+          return WOLFSSL_FATAL_ERROR;
       }
 
       return 0;
@@ -1622,16 +1891,16 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio)
     WOLFSSL_ENTER("wolfSSL_BIO_tell");
 
     if (bio == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (bio->type != WOLFSSL_BIO_FILE) {
         return 0;
     }
 
-    pos = (int)XFTELL((XFILE)bio->ptr);
+    pos = (int)XFTELL(bio->ptr.fh);
     if (pos < 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     else
         return pos;
 }
@@ -1652,7 +1921,7 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
 
 int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio)
 {
-    int len;
+    int len = 0;
 #ifndef NO_FILESYSTEM
     long memSz = 0;
     XFILE file;
@@ -1758,15 +2027,16 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
     if (bio) {
         switch (bio->type) {
             case WOLFSSL_BIO_SOCKET:
+            case WOLFSSL_BIO_DGRAM:
             #ifdef XFCNTL
                 {
                     int ret;
-                    int flag = XFCNTL(bio->num, F_GETFL, 0);
+                    int flag = XFCNTL(bio->num.fd, F_GETFL, 0);
                     if (on) {
-                        ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
+                        ret = XFCNTL(bio->num.fd, F_SETFL, flag | O_NONBLOCK);
                     }
                     else {
-                        ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
+                        ret = XFCNTL(bio->num.fd, F_SETFL, flag & ~O_NONBLOCK);
                     }
 
                     if (ret == -1) {
@@ -1777,7 +2047,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
                 break;
             case WOLFSSL_BIO_SSL:
             #ifdef WOLFSSL_DTLS
-                wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on);
+                wolfSSL_dtls_set_using_nonblock(bio->ptr.ssl, (int)on);
             #endif
                 break;
 
@@ -1925,7 +2195,7 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p)
     }
 
     if (p) {
-        *(byte**)p = (byte*)mem_bio->ptr + mem_bio->rdIdx;
+        *(byte**)p = mem_bio->ptr.mem_buf_data + mem_bio->rdIdx;
     }
 
     return mem_bio->wrSz - mem_bio->rdIdx;
@@ -1946,11 +2216,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
     if (bio->method != NULL && bio->method->ctrlCb != NULL) {
         WOLFSSL_MSG("Calling custom BIO flush callback");
-        return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL);
+        return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_FLUSH, 0, NULL);
     }
     else if (bio->type == WOLFSSL_BIO_FILE) {
 #if !defined(NO_FILESYSTEM) && defined(XFFLUSH)
-        if (XFFLUSH((FILE *)bio->ptr) != 0)
+        if (XFFLUSH(bio->ptr.fh) != 0)
             return WOLFSSL_FAILURE;
 
 #endif /* !NO_FILESYSTEM && XFFLUSH */
@@ -1974,14 +2244,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
     /* return the context and initialize the BIO state */
     int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         if ((bio != NULL) && (mdcp != NULL)) {
-            *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr;
+            *mdcp = bio->ptr.md_ctx;
             ret = WOLFSSL_SUCCESS;
         }
 
-        return ret;
+        if (ret == WOLFSSL_SUCCESS)
+            return ret;
+        else
+            return WOLFSSL_FAILURE;
     }
 
     WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
@@ -2049,6 +2322,15 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         return &meth;
     }
 
+    WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void)
+    {
+        static WOLFSSL_BIO_METHOD meth =
+                WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_NULL);
+
+        WOLFSSL_ENTER("wolfSSL_BIO_s_null");
+
+        return &meth;
+    }
 
     WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
     {
@@ -2069,11 +2351,38 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         if (bio) {
             bio->type  = WOLFSSL_BIO_SOCKET;
             bio->shutdown = (byte)closeF;
-            bio->num   = sfd;
+            bio->num.fd = (SOCKET_T)sfd;
         }
         return bio;
     }
 
+
+#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS)
+    WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void)
+    {
+        static WOLFSSL_BIO_METHOD meth =
+                WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM);
+
+        WOLFSSL_ENTER("wolfSSL_BIO_s_datagram");
+
+        return &meth;
+    }
+
+
+    WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF)
+    {
+        WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram());
+
+        WOLFSSL_ENTER("wolfSSL_BIO_new_dgram");
+        if (bio) {
+            bio->shutdown = (byte)closeF;
+            bio->num.fd = (SOCKET_T)fd;
+        }
+        return bio;
+    }
+#endif
+
+
     /**
      * Create new socket BIO object. This is a pure TCP connection with
      * no SSL or TLS protection.
@@ -2093,15 +2402,16 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             else
                 port = str + XSTRLEN(str); /* point to null terminator */
 
-            bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */
+            bio->ip = (char*)XMALLOC(
+                    (size_t)(port - str) + 1, /* +1 for null char */
                     bio->heap, DYNAMIC_TYPE_OPENSSL);
             if (bio->ip != NULL) {
-                XMEMCPY(bio->ip, str, port - str);
+                XMEMCPY(bio->ip, str, (size_t)(port - str));
                 bio->ip[port - str] = '\0';
                 bio->type  = WOLFSSL_BIO_SOCKET;
             }
             else {
-                BIO_free(bio);
+                wolfSSL_BIO_free(bio);
                 bio = NULL;
             }
         }
@@ -2190,8 +2500,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return WOLFSSL_FAILURE;
         }
 
-        b->num = (int)sfd;
-        b->shutdown = BIO_CLOSE;
+        b->num.fd = sfd;
+        b->shutdown = WOLFSSL_BIO_CLOSE;
         return WOLFSSL_SUCCESS;
     }
 
@@ -2214,23 +2524,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return WOLFSSL_FAILURE;
         }
 
-        if (b->num == WOLFSSL_BIO_ERROR) {
+        if (b->num.fd == SOCKET_INVALID) {
             if (wolfIO_TcpBind(&sfd, b->port) < 0) {
                 WOLFSSL_MSG("wolfIO_TcpBind error");
                 return WOLFSSL_FAILURE;
             }
-            b->num = (int)sfd;
-            b->shutdown = BIO_CLOSE;
+            b->num.fd = sfd;
+            b->shutdown = WOLFSSL_BIO_CLOSE;
         }
         else {
             WOLFSSL_BIO* new_bio;
-            int newfd = wolfIO_TcpAccept(b->num, NULL, NULL);
+            int newfd = wolfIO_TcpAccept(b->num.fd, NULL, NULL);
             if (newfd < 0) {
                 WOLFSSL_MSG("wolfIO_TcpBind error");
                 return WOLFSSL_FAILURE;
             }
             /* Create a socket BIO for using the accept'ed connection */
-            new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE);
+            new_bio = wolfSSL_BIO_new_socket(newfd, WOLFSSL_BIO_CLOSE);
             if (new_bio == NULL) {
                 WOLFSSL_MSG("wolfSSL_BIO_new_socket error");
                 CloseSocket(newfd);
@@ -2274,6 +2584,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         return ret;
     }
 
+#ifndef NO_TLS
     long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b)
     {
         WOLFSSL_ENTER("wolfSSL_BIO_do_handshake");
@@ -2281,8 +2592,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             WOLFSSL_MSG("Bad parameter");
             return WOLFSSL_FAILURE;
         }
-        if (b->type == WOLFSSL_BIO_SSL && b->ptr != NULL) {
-            return wolfSSL_negotiate((WOLFSSL*)b->ptr);
+        if (b->type == WOLFSSL_BIO_SSL && b->ptr.ssl != NULL) {
+            return wolfSSL_negotiate(b->ptr.ssl);
         }
         else {
             WOLFSSL_MSG("Not SSL BIO or no SSL object set");
@@ -2307,27 +2618,28 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return;
         }
 
-        if (b->ptr != NULL) {
-            int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr);
-            if (rc == SSL_SHUTDOWN_NOT_DONE) {
+        if (b->ptr.ssl != NULL) {
+            int rc = wolfSSL_shutdown(b->ptr.ssl);
+            if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) {
                 /* In this case, call again to give us a chance to read the
                  * close notify alert from the other end. */
-                wolfSSL_shutdown((WOLFSSL*)b->ptr);
+                wolfSSL_shutdown(b->ptr.ssl);
             }
         }
         else {
             WOLFSSL_MSG("BIO has no SSL pointer set.");
         }
     }
+#endif
 
     long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
     {
-        long ret = WOLFSSL_FAILURE;
+        long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
 
         if (b != NULL) {
-            b->ptr   = ssl;
+            b->ptr.ssl = ssl;
             b->shutdown = (byte)closeF;
             if (b->next != NULL)
                 wolfSSL_set_bio(ssl, b->next, b->next);
@@ -2335,7 +2647,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             ret = WOLFSSL_SUCCESS;
         }
 
-        return ret;
+        if (ret == WOLFSSL_SUCCESS)
+            return ret;
+        else
+            return WOLFSSL_FAILURE;
     }
 
     long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl)
@@ -2355,7 +2670,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             return WOLFSSL_FAILURE;
         }
 
-        *ssl = (WOLFSSL*)bio->ptr;
+        *ssl = bio->ptr.ssl;
 
         return WOLFSSL_SUCCESS;
     }
@@ -2393,7 +2708,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             else
                 wolfSSL_set_connect_state(ssl);
         }
-        if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) !=
+        if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, WOLFSSL_BIO_CLOSE) !=
             WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set SSL pointer in BIO.");
             err = 1;
@@ -2477,9 +2792,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
         else {
             size_t currLen = XSTRLEN(b->ip);
+        #ifdef WOLFSSL_NO_REALLOC
+            char* tmp = NULL;
+        #endif
+
             if (currLen != newLen) {
+        #ifdef WOLFSSL_NO_REALLOC
+                tmp = b->ip;
+                b->ip = (char*)XMALLOC(newLen+1, b->heap, DYNAMIC_TYPE_OPENSSL);
+                if (b->ip != NULL && tmp != NULL) {
+                    XMEMCPY(b->ip, tmp, newLen);
+                    XFREE(tmp, b->heap, DYNAMIC_TYPE_OPENSSL);
+                    tmp = NULL;
+            }
+        #else
                 b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap,
                     DYNAMIC_TYPE_OPENSSL);
+        #endif
                 if (b->ip == NULL) {
                     WOLFSSL_MSG("Hostname realloc failed.");
                     return WOLFSSL_FAILURE;
@@ -2499,7 +2828,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         WOLFSSL_ENTER("wolfSSL_BIO_set_fd");
 
         if (b != NULL) {
-            b->num = fd;
+            b->num.fd = (SOCKET_T)fd;
             b->shutdown = (byte)closeF;
         }
 
@@ -2542,8 +2871,22 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 #else
             bio->method = method;
 #endif
-            bio->shutdown = BIO_CLOSE; /* default to close things */
-            bio->num = WOLFSSL_BIO_ERROR;
+            bio->shutdown = WOLFSSL_BIO_CLOSE; /* default to close things */
+
+            if ((bio->type == WOLFSSL_BIO_SOCKET) ||
+                (bio->type == WOLFSSL_BIO_DGRAM))
+            {
+                bio->num.fd = SOCKET_INVALID;
+            }
+            else if (bio->type == WOLFSSL_BIO_FILE) {
+#ifndef NO_FILESYSTEM
+                bio->ptr.fh = XBADFILE;
+#endif
+                bio->num.fd = SOCKET_INVALID;
+            }
+            else {
+                bio->num.length = 0;
+            }
             bio->init = 1;
 
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
@@ -2575,8 +2918,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
 
             if (method->type == WOLFSSL_BIO_MD) {
-                bio->ptr = wolfSSL_EVP_MD_CTX_new();
-                if (bio->ptr == NULL) {
+                bio->ptr.md_ctx = wolfSSL_EVP_MD_CTX_new();
+                if (bio->ptr.md_ctx == NULL) {
                     WOLFSSL_MSG("Memory error");
                     wolfSSL_BIO_free(bio);
                     return NULL;
@@ -2610,17 +2953,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             len = (int)XSTRLEN((const char*)buf) + 1;
         }
 
-        if (len > 0 && wolfSSL_BUF_MEM_resize(bio->mem_buf, len) == 0) {
+        if (len > 0 && wolfSSL_BUF_MEM_resize(bio->mem_buf, (size_t)len) == 0) {
             wolfSSL_BIO_free(bio);
             return NULL;
         }
 
-        bio->num = (int)bio->mem_buf->max;
+        bio->num.length = bio->mem_buf->max;
         bio->wrSz = len;
-        bio->ptr = bio->mem_buf->data;
-        if (len > 0 && bio->ptr != NULL) {
-            XMEMCPY(bio->ptr, buf, len);
-            bio->flags |= BIO_FLAGS_MEM_RDONLY;
+        bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
+        if (len > 0 && bio->ptr.mem_buf_data != NULL) {
+            XMEMCPY(bio->ptr.mem_buf_data, buf, (size_t)len);
+            bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY;
             bio->wrSzReset = bio->wrSz;
         }
 
@@ -2682,44 +3025,53 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 bio->pair->pair = NULL;
             }
 
-            if (bio->ip != NULL) {
-                XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL);
-            }
+            XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL);
 
             if (bio->shutdown) {
-                if (bio->type == WOLFSSL_BIO_SSL && bio->ptr)
-                    wolfSSL_free((WOLFSSL*)bio->ptr);
+                if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl)
+                    wolfSSL_free(bio->ptr.ssl);
             #ifdef CloseSocket
-                if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0))
-                    CloseSocket(bio->num);
+                if (((bio->type == WOLFSSL_BIO_SOCKET) ||
+                     (bio->type == WOLFSSL_BIO_DGRAM)) &&
+                    (bio->num.fd != SOCKET_INVALID))
+                {
+                    CloseSocket(bio->num.fd);
+                }
             #endif
             }
 
         #ifndef NO_FILESYSTEM
-            if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) {
-                if (bio->ptr) {
-                    XFCLOSE((XFILE)bio->ptr);
+            if (bio->type == WOLFSSL_BIO_FILE &&
+                bio->shutdown == WOLFSSL_BIO_CLOSE)
+            {
+                if (bio->ptr.fh) {
+                    XFCLOSE(bio->ptr.fh);
                 }
             #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
                 && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                else if (bio->num != WOLFSSL_BIO_ERROR) {
-                    XCLOSE(bio->num);
+                else if (bio->num.fd != SOCKET_INVALID) {
+                    XCLOSE(bio->num.fd);
                 }
             #endif
             }
         #endif
 
-            if (bio->shutdown != BIO_NOCLOSE) {
-                if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) {
+            if (bio->shutdown != WOLFSSL_BIO_NOCLOSE) {
+                if (bio->type == WOLFSSL_BIO_MEMORY &&
+                    bio->ptr.mem_buf_data != NULL)
+                {
                     if (bio->mem_buf != NULL) {
-                        if (bio->mem_buf->data != (char*)bio->ptr) {
-                            XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
-                            bio->ptr = NULL;
+                        if ((byte *)bio->mem_buf->data != bio->ptr.mem_buf_data)
+                        {
+                            XFREE(bio->ptr.mem_buf_data, bio->heap,
+                                  DYNAMIC_TYPE_OPENSSL);
+                            bio->ptr.mem_buf_data = NULL;
                         }
                     }
                     else {
-                        XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
-                        bio->ptr = NULL;
+                        XFREE(bio->ptr.mem_buf_data, bio->heap,
+                              DYNAMIC_TYPE_OPENSSL);
+                        bio->ptr.mem_buf_data = NULL;
                     }
                 }
                 if (bio->mem_buf != NULL) {
@@ -2729,7 +3081,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
 
             if (bio->type == WOLFSSL_BIO_MD) {
-                wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr);
+                wolfSSL_EVP_MD_CTX_free(bio->ptr.md_ctx);
             }
 
             XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
@@ -2768,8 +3120,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
 
         /* SSL BIO's should use the next object in the chain for IO */
-        if (top->type == WOLFSSL_BIO_SSL && top->ptr)
-            wolfSSL_set_bio((WOLFSSL*)top->ptr, append, append);
+        if (top->type == WOLFSSL_BIO_SSL && top->ptr.ssl)
+            wolfSSL_set_bio(top->ptr.ssl, append, append);
 
         return top;
     }
@@ -2873,9 +3225,11 @@ int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd)
     WOLFSSL_ENTER("wolfSSL_BIO_get_fd");
 
     if (bio != NULL) {
+        if (bio->num.fd == SOCKET_INVALID)
+            return WOLFSSL_BIO_ERROR;
         if (fd != NULL)
-            *fd = bio->num;
-        return bio->num;
+            *fd = (int)bio->num.fd;
+        return (int)bio->num.fd;
     }
 
     return WOLFSSL_BIO_ERROR;
@@ -2950,10 +3304,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
     switch (bio->type) {
 #if !defined(NO_FILESYSTEM)
         case WOLFSSL_BIO_FILE:
-            if (bio->ptr == NULL) {
-                return -1;
+            if (bio->ptr.fh == XBADFILE) {
+                return WOLFSSL_FATAL_ERROR;
             }
-            ret = XVFPRINTF((XFILE)bio->ptr, format, args);
+            ret = XVFPRINTF(bio->ptr.fh, format, args);
             break;
 #endif
 
@@ -2977,11 +3331,11 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
                 count = XVSNPRINTF(NULL, 0, format, args);
                 if (count >= 0)
                 {
-                    pt = (char*)XMALLOC(count + 1, bio->heap,
+                    pt = (char*)XMALLOC((size_t)count + 1, bio->heap,
                                         DYNAMIC_TYPE_TMP_BUFFER);
                     if (pt != NULL)
                     {
-                        count = XVSNPRINTF(pt, count + 1, format, copy);
+                        count = XVSNPRINTF(pt, (size_t)count + 1, format, copy);
                         if (count >= 0)
                         {
                             ret = wolfSSL_BIO_write(bio, pt, count);
@@ -3047,21 +3401,24 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
             return wolfSSL_BIO_write(bio, "\tNULL", 5);
         }
 
-        XSPRINTF(line, "%04x - ", lineOffset);
+        (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset);
         o = 7;
         for (i = 0; i < BIO_DUMP_LINE_LEN; i++) {
             if (i < length)
-                XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]);
+                (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o),
+                    "%02x ", (unsigned char)buf[i]);
             else
-                XSPRINTF(line + o, "   ");
+                (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o),
+                "   ");
             if (i == 7)
-                XSPRINTF(line + o + 2, "-");
+                (void)XSNPRINTF(line + o + 2, (size_t)((int)sizeof(line) -
+                (o + 2)), "-");
             o += 3;
         }
-        XSPRINTF(line + o, "  ");
+        (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "  ");
         o += 2;
         for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) {
-            XSPRINTF(line + o, "%c",
+            (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%c",
                      ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.');
             o++;
         }
@@ -3103,7 +3460,7 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
         if (fp == XBADFILE)
             return WOLFSSL_BAD_FILE;
 
-        if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_BIO_set_fp(b, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) {
             XFCLOSE(fp);
             return WOLFSSL_BAD_FILE;
         }
@@ -3140,7 +3497,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
         return bio;
     }
 
-    if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) {
         XFCLOSE(fp);
         wolfSSL_BIO_free(bio);
         bio = NULL;
diff --git a/src/conf.c b/src/conf.c
index cfc6085a4..341385696 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,6 +1,6 @@
 /* conf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -133,7 +133,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             goto error;
         }
-        if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_push(ret->data, strBuf) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_push error");
             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             goto error;
@@ -146,9 +146,7 @@ error:
         wolfSSL_TXT_DB_free(ret);
         ret = NULL;
     }
-    if (buf) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -204,7 +202,10 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
                 return WOLFSSL_FAILURE;
             }
         }
-        idx[-1] = '\n';
+        if (idx > buf)
+            idx[-1] = '\n';
+        else
+            return WOLFSSL_FAILURE;
         sz = (int)(idx - buf);
 
         if (wolfSSL_BIO_write(out, buf, sz) != sz) {
@@ -228,7 +229,7 @@ int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
         return WOLFSSL_FAILURE;
     }
 
-    if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_push(db->data, row) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_push error");
         return WOLFSSL_FAILURE;
     }
@@ -452,11 +453,11 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
     sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
     value->section = section->section;
 
-    if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(sk, value) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         return WOLFSSL_FAILURE;
     }
-    if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE);
         return WOLFSSL_FAILURE;
@@ -499,7 +500,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
 
     ret->value = (char*)sk;
 
-    if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         goto error;
     }
@@ -605,7 +606,7 @@ char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
         return NULL;
 }
 
-int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group,
         const char *name, long *result)
 {
     char *str;
@@ -772,8 +773,18 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
                     /* This will allocate slightly more memory than necessary
                      * but better be safe */
                     strLen += valueLen;
+                #ifdef WOLFSSL_NO_REALLOC
+                    newRet = (char*)XMALLOC(strLen + 1, NULL,
+                            DYNAMIC_TYPE_OPENSSL);
+                    if (newRet != NULL && ret != NULL) {
+                       XMEMCPY(newRet, ret, (strLen - valueLen) + 1);
+                       XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+                       ret = NULL;
+                    }
+                #else
                     newRet = (char*)XREALLOC(ret, strLen + 1, NULL,
                             DYNAMIC_TYPE_OPENSSL);
+                #endif
                     if (!newRet) {
                         WOLFSSL_MSG("realloc error");
                         goto expand_cleanup;
@@ -793,8 +804,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
     return ret ? ret : str;
 
 expand_cleanup:
-    if (ret)
-        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
     return NULL;
 }
 
@@ -803,7 +813,7 @@ expand_cleanup:
         {(idx)++;}
 int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_BIO *in = NULL;
     char* buf = NULL;
     char* idx = NULL;
@@ -961,8 +971,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
 cleanup:
     if (in)
         wolfSSL_BIO_free(in);
-    if (buf)
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (eline)
         *eline = line;
     return ret;
@@ -986,13 +995,11 @@ void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val)
         if (val->name) {
             /* Not a section. Don't free section as it is a shared pointer. */
             XFREE(val->name, NULL, DYNAMIC_TYPE_OPENSSL);
-            if (val->value)
-                XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL);
+            XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL);
         }
         else {
             /* Section so val->value is a stack */
-            if (val->section)
-                XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
+            XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
             /* Only free the stack structures. The contained conf values
              * will be freed in wolfSSL_NCONF_free */
             sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value;
@@ -1545,7 +1552,7 @@ static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx,
  */
 int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     const conf_cmd_tbl* confcmd = NULL;
     WOLFSSL_ENTER("wolfSSL_CONF_cmd");
 
@@ -1588,7 +1595,7 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
 
     confcmd = wolfssl_conf_find_cmd(cctx, cmd);
     if (confcmd == NULL)
-        return SSL_CONF_TYPE_UNKNOWN;
+        return WOLFSSL_CONF_TYPE_UNKNOWN;
     return (int)confcmd->data_type;
 }
 
@@ -1599,4 +1606,33 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
  * END OF CONF API
  ******************************************************************************/
 
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void)
+{
+    WOLFSSL_INIT_SETTINGS* init = (WOLFSSL_INIT_SETTINGS*)XMALLOC(
+            sizeof(WOLFSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL);
+
+    return init;
+}
+
+void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init)
+{
+    XFREE(init, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+
+#ifndef NO_WOLFSSL_STUB
+int wolfSSL_OPENSSL_INIT_set_config_appname(WOLFSSL_INIT_SETTINGS* init,
+        char* appname)
+{
+    (void)init;
+    (void)appname;
+    WOLFSSL_STUB("OPENSSL_INIT_set_config_appname");
+    return WOLFSSL_SUCCESS;
+}
+#endif
+
+#endif /* OPENSSL_EXTRA */
+
+
+
 #endif /* WOLFSSL_CONF_INCLUDED */
diff --git a/src/crl.c b/src/crl.c
index 9c847b8cf..6a03a39d7 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -1,6 +1,6 @@
 /* crl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -69,9 +69,9 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
     crl->cm = cm;
     crl->crlList  = NULL;
     crl->currentEntry = NULL;
+#ifdef HAVE_CRL_MONITOR
     crl->monitors[0].path = NULL;
     crl->monitors[1].path = NULL;
-#ifdef HAVE_CRL_MONITOR
     crl->tid = INVALID_THREAD_VAL;
     crl->mfd = WOLFSSL_CRL_MFD_INIT_VAL;
     crl->setup = 0; /* thread setup done predicate */
@@ -87,6 +87,13 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
         WOLFSSL_MSG("Init Mutex failed");
         return BAD_MUTEX_E;
     }
+#ifdef OPENSSL_ALL
+    {
+        int ret;
+        wolfSSL_RefInit(&crl->ref, &ret);
+        (void)ret;
+    }
+#endif
 
     return 0;
 }
@@ -110,18 +117,18 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
 #if defined(OPENSSL_EXTRA)
     crle->lastDateAsn1.length = MAX_DATE_SIZE;
     XMEMCPY (crle->lastDateAsn1.data, crle->lastDate,
-             crle->lastDateAsn1.length);
+             (size_t)crle->lastDateAsn1.length);
     crle->lastDateAsn1.type = crle->lastDateFormat;
     crle->nextDateAsn1.length = MAX_DATE_SIZE;
     XMEMCPY (crle->nextDateAsn1.data, crle->nextDate,
-             crle->nextDateAsn1.length);
+             (size_t)crle->nextDateAsn1.length);
     crle->nextDateAsn1.type = crle->nextDateFormat;
 
     crle->issuer = NULL;
     wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer,
                           dcrl->issuerSz);
     if (crle->issuer == NULL) {
-        return WOLFSSL_FAILURE;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 #ifdef CRL_STATIC_REVOKED_LIST
@@ -141,14 +148,31 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
         crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
                                           DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->toBeSigned == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         crle->signature = (byte*)XMALLOC(crle->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->signature == NULL) {
             XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
             crle->toBeSigned = NULL;
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
+
+    #ifdef WC_RSA_PSS
+        crle->sigParamsSz = dcrl->sigParamsLength;
+        if (dcrl->sigParamsLength > 0) {
+            crle->sigParams = (byte*)XMALLOC(crle->sigParamsSz, heap,
+                                             DYNAMIC_TYPE_CRL_ENTRY);
+            if (crle->sigParams== NULL) {
+                XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+                crle->toBeSigned = NULL;
+                XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
+                crle->signature = NULL;
+                return WOLFSSL_FATAL_ERROR;
+            }
+            XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex,
+                crle->sigParamsSz);
+        }
+    #endif
         XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz);
         XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz);
     #ifndef NO_SKID
@@ -196,16 +220,17 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
 
     WOLFSSL_ENTER("FreeCRL_Entry");
 
-    while (tmp) {
+    while (tmp != NULL) {
         next = tmp->next;
         XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
         tmp = next;
     }
 #endif
-    if (crle->signature != NULL)
-        XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
-    if (crle->toBeSigned != NULL)
-        XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+    XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
+    XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
+#ifdef WC_RSA_PSS
+    XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
+#endif
 #if defined(OPENSSL_EXTRA)
     if (crle->issuer != NULL) {
         FreeX509Name(crle->issuer);
@@ -223,16 +248,31 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
 {
     CRL_Entry* tmp;
 
+    WOLFSSL_ENTER("FreeCRL");
+
     if (crl == NULL)
         return;
 
+#ifdef OPENSSL_ALL
+    {
+        int ret;
+        int doFree = 0;
+        wolfSSL_RefDec(&crl->ref, &doFree, &ret);
+        if (ret != 0)
+            WOLFSSL_MSG("Couldn't lock x509 mutex");
+        if (!doFree)
+            return;
+    }
+#endif
+
     tmp = crl->crlList;
-    WOLFSSL_ENTER("FreeCRL");
+#ifdef HAVE_CRL_MONITOR
     if (crl->monitors[0].path)
         XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
 
     if (crl->monitors[1].path)
         XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
+#endif
 
     XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
     crl->currentEntry = NULL;
@@ -291,18 +331,17 @@ static int FindRevokedSerial(RevokedCert* rc, byte* serial, int serialSz,
 #else
     (void)totalCerts;
     /* search in the linked list*/
-
     while (rc) {
         if (serialHash == NULL) {
             if (rc->serialSz == serialSz &&
-                   XMEMCMP(rc->serialNumber, serial, rc->serialSz) == 0) {
+                   XMEMCMP(rc->serialNumber, serial, (size_t)rc->serialSz) == 0) {
                 WOLFSSL_MSG("Cert revoked");
                 ret = CRL_CERT_REVOKED;
                 break;
             }
         }
         else {
-            ret = CalcHashId(rc->serialNumber, rc->serialSz, hash);
+            ret = CalcHashId(rc->serialNumber, (word32)rc->serialSz, hash);
             if (ret != 0)
                 break;
             if (XMEMCMP(hash, serialHash, SIGNER_DIGEST_SIZE) == 0) {
@@ -337,13 +376,20 @@ static int VerifyCRLE(const WOLFSSL_CRL* crl, CRL_Entry* crle)
     }
 
     ret = VerifyCRL_Signature(&sigCtx, crle->toBeSigned, crle->tbsSz,
-            crle->signature, crle->signatureSz, crle->signatureOID, ca,
-            crl->heap);
+            crle->signature, crle->signatureSz, crle->signatureOID,
+        #ifdef WC_RSA_PSS
+            crle->sigParams, (int)crle->sigParamsSz,
+        #else
+            NULL, 0,
+        #endif
+            ca, crl->heap);
 
-    if (ret == 0)
+    if (ret == 0) {
         crle->verified = 1;
-    else
+    }
+    else {
         crle->verified = ret;
+    }
 
     return ret;
 }
@@ -362,6 +408,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
     for (crle = crl->crlList; crle != NULL; crle = crle->next) {
         if (XMEMCMP(crle->issuerHash, issuerHash, CRL_DIGEST_SIZE) == 0) {
+            int nextDateValid = 1;
+
             WOLFSSL_MSG("Found CRL Entry on list");
 
             if (crle->verified == 0) {
@@ -394,19 +442,22 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
         #endif
             {
             #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
-                if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
+                if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) {
                     WOLFSSL_MSG("CRL next date is no longer valid");
-                    ret = ASN_AFTER_DATE_E;
+                    nextDateValid = 0;
                 }
             #endif
             }
-            if (ret == 0) {
+            if (nextDateValid) {
                 foundEntry = 1;
                 ret = FindRevokedSerial(crle->certs, serial, serialSz,
                         serialHash, crle->totalCerts);
                 if (ret != 0)
                     break;
             }
+            else if (foundEntry == 0) {
+                ret = CRL_CERT_DATE_ERR;
+            }
         }
     }
 
@@ -446,8 +497,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
     if (foundEntry == 0) {
         /* perform embedded lookup */
         if (crl->crlIOCb) {
-            ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz);
-            if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
+            int cbRet = crl->crlIOCb(crl, (const char*)extCrlInfo,
+                                     extCrlInfoSz);
+            if (cbRet == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                 ret = OCSP_WANT_READ;
             }
             else if (ret >= 0) {
@@ -461,17 +513,18 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
     /* if not find entry in the CRL list, it looks at the folder that sets  */
     /* by LOOKUP_ctrl because user would want to use hash_dir.              */
     /* Loading <issuer-hash>.rN form CRL file if find at the folder,        */
     /* and try again checking Cert in the CRL list.                         */
     /* When not set the folder or not use hash_dir, do nothing.             */
-    if ((foundEntry == 0) && (ret != OCSP_WANT_READ)) {
-        if (crl->cm->x509_store_p != NULL) {
-            ret = LoadCertByIssuer(crl->cm->x509_store_p,
+    if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
+        if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
+            int loadRet = LoadCertByIssuer(crl->cm->x509_store_p,
                           (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
-            if (ret == WOLFSSL_SUCCESS) {
+            if (loadRet == WOLFSSL_SUCCESS) {
                 /* try again */
                 ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
                         serialHash, &foundEntry);
@@ -481,18 +534,18 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 #endif
     if (foundEntry == 0) {
         WOLFSSL_MSG("Couldn't find CRL for status check");
-        if (ret != CRL_CERT_DATE_ERR) {
+        if (ret != WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR)) {
             ret = CRL_MISSING;
         }
 
-        if (crl->cm->cbMissingCRL) {
+        if (crl->cm != NULL && crl->cm->cbMissingCRL) {
             char url[256];
 
             WOLFSSL_MSG("Issuing missing CRL callback");
             url[0] = '\0';
             if (extCrlInfo) {
                 if (extCrlInfoSz < (int)sizeof(url) -1 ) {
-                    XMEMCPY(url, extCrlInfo, extCrlInfoSz);
+                    XMEMCPY(url, extCrlInfo, (size_t)extCrlInfoSz);
                     url[extCrlInfoSz] = '\0';
                 }
                 else  {
@@ -502,6 +555,13 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
             crl->cm->cbMissingCRL(url);
         }
+
+        if (crl->cm != NULL && crl->cm->crlCb &&
+                crl->cm->crlCb(ret, crl, crl->cm, crl->cm->crlCbCtx)) {
+            if (ret != 0)
+                WOLFSSL_MSG("Overriding CRL error");
+            ret = 0;
+        }
     }
 
     return ret;
@@ -519,17 +579,50 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
             NULL, cert->extCrlInfo, cert->extCrlInfoSz, issuerName);
 }
 
+#ifdef HAVE_CRL_UPDATE_CB
+static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info)
+{
+    info->issuerHash = (byte *)entry->issuerHash;
+    info->issuerHashLen = CRL_DIGEST_SIZE;
+    info->lastDate = (byte *)entry->lastDate;
+    info->lastDateMaxLen = MAX_DATE_SIZE;
+    info->lastDateFormat = entry->lastDateFormat;
+    info->nextDate = (byte *)entry->nextDate;
+    info->nextDateMaxLen = MAX_DATE_SIZE;
+    info->nextDateFormat = entry->nextDateFormat;
+    info->crlNumber = (sword32)entry->crlNumber;
+}
+
+static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
+{
+    info->issuerHash = (byte *)entry->issuerHash;
+    info->issuerHashLen = SIGNER_DIGEST_SIZE;
+    info->lastDate = (byte *)entry->lastDate;
+    info->lastDateMaxLen = MAX_DATE_SIZE;
+    info->lastDateFormat = entry->lastDateFormat;
+    info->nextDate = (byte *)entry->nextDate;
+    info->nextDateMaxLen = MAX_DATE_SIZE;
+    info->nextDateFormat = entry->nextDateFormat;
+    info->crlNumber = (sword32)entry->crlNumber;
+}
+#endif
 
 /* Add Decoded CRL, 0 on success */
 static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
                   int verified)
 {
     CRL_Entry* crle = NULL;
+    CRL_Entry* curr = NULL;
+    CRL_Entry* prev = NULL;
+#ifdef HAVE_CRL_UPDATE_CB
+    CrlInfo old;
+    CrlInfo cnew;
+#endif
 
     WOLFSSL_ENTER("AddCRL");
 
     if (crl == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     crle = crl->currentEntry;
 
@@ -544,7 +637,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
     if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) {
         WOLFSSL_MSG("Init CRL Entry failed");
         CRL_Entry_free(crle, crl->heap);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wc_LockRwLock_Wr(&crl->crlLock) != 0) {
@@ -553,8 +646,43 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
         return BAD_MUTEX_E;
     }
 
-    crle->next = crl->crlList;
-    crl->crlList = crle;
+    for (curr = crl->crlList; curr != NULL; curr = curr->next) {
+        if (XMEMCMP(curr->issuerHash, crle->issuerHash, CRL_DIGEST_SIZE) == 0) {
+            if (crle->crlNumber <= curr->crlNumber) {
+                WOLFSSL_MSG("Same or newer CRL entry already exists");
+                CRL_Entry_free(crle, crl->heap);
+                wc_UnLockRwLock(&crl->crlLock);
+                return BAD_FUNC_ARG;
+            }
+
+            crle->next = curr->next;
+            if (prev != NULL) {
+                prev->next = crle;
+            }
+            else {
+                crl->crlList = crle;
+            }
+
+#ifdef HAVE_CRL_UPDATE_CB
+            if (crl->cm && crl->cm->cbUpdateCRL != NULL) {
+                SetCrlInfo(curr, &old);
+                SetCrlInfo(crle, &cnew);
+                crl->cm->cbUpdateCRL(&old, &cnew);
+            }
+#endif
+
+            break;
+        }
+        prev = curr;
+    }
+
+    if (curr != NULL) {
+        CRL_Entry_free(curr, crl->heap);
+    }
+    else {
+        crle->next = crl->crlList;
+        crl->crlList = crle;
+    }
     wc_UnLockRwLock(&crl->crlLock);
     /* Avoid heap-use-after-free after crl->crlList is released */
     crl->currentEntry = NULL;
@@ -591,7 +719,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
         else {
             WOLFSSL_MSG("Pem to Der failed");
             FreeDer(&der);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #else
         ret = NOT_COMPILED_IN;
@@ -619,13 +747,15 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
     InitDecodedCRL(dcrl, crl->heap);
     ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz,
                    verify, crl->cm);
-    if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
+    if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)
+                      && verify == NO_VERIFY)) {
         WOLFSSL_MSG("ParseCRL error");
         CRL_Entry_free(crl->currentEntry, crl->heap);
         crl->currentEntry = NULL;
     }
     else {
-        ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E);
+        ret = AddCRL(crl, dcrl, myBuffer,
+                     ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
         if (ret != 0) {
             WOLFSSL_MSG("AddCRL error");
             crl->currentEntry = NULL;
@@ -643,14 +773,95 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
     return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
 }
 
+#ifdef HAVE_CRL_UPDATE_CB
+/* Fill out CRL info structure, WOLFSSL_SUCCESS on ok */
+int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff,
+    long sz, int type)
+{
+    int          ret = WOLFSSL_SUCCESS;
+    const byte*  myBuffer = buff;    /* if DER ok, otherwise switch */
+    DerBuffer*   der = NULL;
+    CRL_Entry*   crle = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCRL*  dcrl;
+#else
+    DecodedCRL   dcrl[1];
+#endif
+
+    WOLFSSL_ENTER("GetCRLInfo");
+
+    if (crl == NULL || info == NULL || buff == NULL || sz == 0)
+        return BAD_FUNC_ARG;
+
+    if (type == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
+        if (ret == 0) {
+            myBuffer = der->buffer;
+            sz = der->length;
+        }
+        else {
+            WOLFSSL_MSG("Pem to Der failed");
+            FreeDer(&der);
+            return -1;
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (dcrl == NULL) {
+        FreeDer(&der);
+        return MEMORY_E;
+    }
+#endif
+
+    crle = CRL_Entry_new(crl->heap);
+    if (crle == NULL) {
+        WOLFSSL_MSG("alloc CRL Entry failed");
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+        FreeDer(&der);
+        return MEMORY_E;
+    }
+
+    InitDecodedCRL(dcrl, crl->heap);
+    ret = ParseCRL(crle->certs, dcrl, myBuffer, (word32)sz,
+                   0, crl->cm);
+    if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E))) {
+        WOLFSSL_MSG("ParseCRL error");
+        CRL_Entry_free(crle, crl->heap);
+        crle = NULL;
+    }
+    else {
+        SetCrlInfoFromDecoded((DecodedCRL*)dcrl, info);
+    }
+
+    FreeDecodedCRL(dcrl);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    FreeDer(&der);
+    CRL_Entry_free(crle, crl->heap);
+
+    return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
+}
+#endif
+
 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
 /* helper function to create a new dynamic WOLFSSL_X509_CRL structure */
 static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm)
 {
     WOLFSSL_X509_CRL* ret;
 
-    ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), cm->heap,
-                DYNAMIC_TYPE_CRL);
+    ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL),
+            cm != NULL ? cm->heap : NULL, DYNAMIC_TYPE_CRL);
     if (ret != NULL) {
         if (InitCRL(ret, cm) < 0) {
             WOLFSSL_MSG("Unable to initialize new CRL structure");
@@ -707,7 +918,7 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
 static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
 {
     CRL_Entry *dupl;
-    const size_t copyOffset = OFFSETOF(CRL_Entry, verifyMutex) +
+    const size_t copyOffset = WC_OFFSETOF(CRL_Entry, verifyMutex) +
             sizeof(ent->verifyMutex);
 #ifdef CRL_STATIC_REVOKED_LIST
     if (ent->totalCerts > CRL_MAX_REVOKED_CERTS) {
@@ -725,9 +936,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
 
 #ifndef CRL_STATIC_REVOKED_LIST
     dupl->certs = DupRevokedCertList(ent->certs, heap);
+    if (ent->certs != NULL && dupl->certs == NULL) {
+        CRL_Entry_free(dupl, heap);
+        return NULL;
+    }
 #endif
 #ifdef OPENSSL_EXTRA
     dupl->issuer = wolfSSL_X509_NAME_dup(ent->issuer);
+    if (ent->issuer != NULL && dupl->issuer == NULL) {
+        CRL_Entry_free(dupl, heap);
+        return NULL;
+    }
 #endif
 
     if (!ent->verified) {
@@ -735,18 +954,36 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
                                           DYNAMIC_TYPE_CRL_ENTRY);
         dupl->signature = (byte*)XMALLOC(dupl->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
-        if (dupl->toBeSigned == NULL || dupl->signature == NULL) {
+    #ifdef WC_RSA_PSS
+        dupl->sigParams = (byte*)XMALLOC(dupl->sigParamsSz, heap,
+                                         DYNAMIC_TYPE_CRL_ENTRY);
+    #endif
+        if (dupl->toBeSigned == NULL || dupl->signature == NULL
+        #ifdef WC_RSA_PSS
+            /* allow sigParamsSz is zero and XMALLOC(0) to return NULL */
+            || (dupl->sigParams == NULL && dupl->sigParamsSz != 0)
+        #endif
+        ) {
             CRL_Entry_free(dupl, heap);
             return NULL;
         }
         XMEMCPY(dupl->toBeSigned, ent->toBeSigned, dupl->tbsSz);
         XMEMCPY(dupl->signature, ent->signature, dupl->signatureSz);
+    #ifdef WC_RSA_PSS
+        if (dupl->sigParamsSz > 0) {
+            XMEMCPY(dupl->sigParams, ent->sigParams, dupl->sigParamsSz);
+        }
+    #endif
     }
     else {
         dupl->toBeSigned = NULL;
         dupl->tbsSz = 0;
         dupl->signature = NULL;
         dupl->signatureSz = 0;
+#ifdef WC_RSA_PSS
+        dupl->sigParams = NULL;
+        dupl->sigParamsSz = 0;
+#endif
 #if !defined(NO_SKID) && !defined(NO_ASN)
         dupl->extAuthKeyIdSet = 0;
 #endif
@@ -794,8 +1031,9 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
         return BAD_FUNC_ARG;
     }
 
+#ifdef HAVE_CRL_MONITOR
     if (crl->monitors[0].path) {
-        int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1;
+        size_t pathSz = XSTRLEN(crl->monitors[0].path) + 1;
         dupl->monitors[0].path = (char*)XMALLOC(pathSz, dupl->heap,
                 DYNAMIC_TYPE_CRL_MONITOR);
         if (dupl->monitors[0].path != NULL) {
@@ -807,7 +1045,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
     }
 
     if (crl->monitors[1].path) {
-        int pathSz = (int)XSTRLEN(crl->monitors[1].path) + 1;
+        size_t pathSz = XSTRLEN(crl->monitors[1].path) + 1;
         dupl->monitors[1].path = (char*)XMALLOC(pathSz, dupl->heap,
                 DYNAMIC_TYPE_CRL_MONITOR);
         if (dupl->monitors[1].path != NULL) {
@@ -817,12 +1055,16 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
             if (dupl->monitors[0].path != NULL) {
                 XFREE(dupl->monitors[0].path, dupl->heap,
                         DYNAMIC_TYPE_CRL_MONITOR);
+                dupl->monitors[0].path = NULL;
             }
             return MEMORY_E;
         }
     }
+#endif
 
     dupl->crlList = DupCRL_list(crl->crlList, dupl->heap);
+    if (dupl->crlList == NULL)
+        return MEMORY_E;
 #ifdef HAVE_CRL_IO
     dupl->crlIOCb = crl->crlIOCb;
 #endif
@@ -830,6 +1072,20 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
     return 0;
 }
 
+WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl)
+{
+    WOLFSSL_X509_CRL* ret;
+
+    WOLFSSL_ENTER("wolfSSL_X509_CRL_dup");
+
+    ret = wolfSSL_X509_crl_new(crl->cm);
+    if (ret != NULL && DupX509_CRL(ret, crl) != 0) {
+        FreeCRL(ret, 1);
+        ret = NULL;
+    }
+    return ret;
+}
+
 /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */
 int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
 {
@@ -877,7 +1133,7 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
         }
 
         if (crl != newcrl && wc_LockRwLock_Rd(&newcrl->crlLock) != 0) {
-            WOLFSSL_MSG("wc_LockRwLock_Wr failed");
+            WOLFSSL_MSG("wc_LockRwLock_Rd failed");
             wc_UnLockRwLock(&crl->crlLock);
             return BAD_MUTEX_E;
         }
@@ -949,7 +1205,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (crl->monitors[0].path) {
@@ -960,7 +1216,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -972,7 +1228,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -982,7 +1238,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     newList = tmp->crlList;
@@ -1031,10 +1287,14 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
     struct kevent change;
 
     /* trigger custom shutdown */
+#if defined(NOTE_TRIGGER)
     EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
+#elif defined(EV_TRIGGER)
+    EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_TRIGGER, 0, 0, NULL);
+#endif
     if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
         WOLFSSL_MSG("kevent trigger customer event failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -1166,7 +1426,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
     /* write to our custom event */
     if (write(mfd, &w64, sizeof(w64)) < 0) {
         WOLFSSL_MSG("StopMonitor write failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -1309,7 +1569,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
 {
     if (SetEvent(mfd) == 0) {
         WOLFSSL_MSG("SetEvent custom event trigger failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return 0;
 }
@@ -1546,6 +1806,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
             ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl, VERIFY);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("CRL file load failed");
+                wc_ReadDirClose(readCtx);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
                 return ret;
             }
         }
diff --git a/src/dtls.c b/src/dtls.c
index fceeedbec..8c063bd85 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -1,6 +1,6 @@
 /* dtls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -101,19 +101,29 @@ void DtlsResetState(WOLFSSL* ssl)
     ssl->options.tls = 0;
     ssl->options.tls1_1 = 0;
     ssl->options.tls1_3 = 0;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+    /* Clear the pending peer in case user set */
+    XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap,
+          DYNAMIC_TYPE_SOCKADDR);
+    ssl->buffers.dtlsCtx.pendingPeer.sa = NULL;
+    ssl->buffers.dtlsCtx.pendingPeer.sz = 0;
+    ssl->buffers.dtlsCtx.pendingPeer.bufSz = 0;
+#endif
 }
 
 int DtlsIgnoreError(int err)
 {
     /* Whitelist of errors not to ignore */
     switch (err) {
-    case MEMORY_E:
-    case MEMORY_ERROR:
-    case ASYNC_INIT_E:
-    case ASYNC_OP_E:
-    case SOCKET_ERROR_E:
-    case WANT_READ:
-    case WANT_WRITE:
+    case WC_NO_ERR_TRACE(MEMORY_E):
+    case WC_NO_ERR_TRACE(MEMORY_ERROR):
+    case WC_NO_ERR_TRACE(ASYNC_INIT_E):
+    case WC_NO_ERR_TRACE(ASYNC_OP_E):
+    case WC_NO_ERR_TRACE(SOCKET_ERROR_E):
+    case WC_NO_ERR_TRACE(WANT_READ):
+    case WC_NO_ERR_TRACE(WANT_WRITE):
+    case WC_NO_ERR_TRACE(COOKIE_ERROR):
         return 0;
     default:
         return 1;
@@ -186,14 +196,14 @@ typedef struct WolfSSL_CH {
     byte dtls12cookieSet:1;
 } WolfSSL_CH;
 
-static int ReadVector8(const byte* input, WolfSSL_ConstVector* v)
+static word32 ReadVector8(const byte* input, WolfSSL_ConstVector* v)
 {
     v->size = *input;
     v->elements = input + OPAQUE8_LEN;
     return v->size + OPAQUE8_LEN;
 }
 
-static int ReadVector16(const byte* input, WolfSSL_ConstVector* v)
+static word32 ReadVector16(const byte* input, WolfSSL_ConstVector* v)
 {
     word16 size16;
     ato16(input, &size16);
@@ -207,12 +217,20 @@ static int CreateDtls12Cookie(const WOLFSSL* ssl, const WolfSSL_CH* ch,
 {
     int ret;
     Hmac cookieHmac;
+
+    if (ssl->buffers.dtlsCookieSecret.buffer == NULL ||
+            ssl->buffers.dtlsCookieSecret.length == 0) {
+        WOLFSSL_MSG("Missing DTLS 1.2 cookie secret");
+        return COOKIE_ERROR;
+    }
+
     ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, DTLS_COOKIE_TYPE,
             ssl->buffers.dtlsCookieSecret.buffer,
             ssl->buffers.dtlsCookieSecret.length);
         if (ret == 0) {
+            /* peerLock not necessary. Still in handshake phase. */
             ret = wc_HmacUpdate(&cookieHmac,
                    (const byte*)ssl->buffers.dtlsCtx.peer.sa,
                                 ssl->buffers.dtlsCtx.peer.sz);
@@ -259,7 +277,7 @@ static int CheckDtlsCookie(const WOLFSSL* ssl, WolfSSL_CH* ch,
             return BUFFER_E;
         ret = TlsCheckCookie(ssl, ch->cookieExt.elements + OPAQUE16_LEN,
                 (word16)(ch->cookieExt.size - OPAQUE16_LEN));
-        if (ret < 0 && ret != HRR_COOKIE_ERROR)
+        if (ret < 0 && ret != WC_NO_ERR_TRACE(HRR_COOKIE_ERROR))
             return ret;
         *cookieGood = ret > 0;
         ret = 0;
@@ -347,7 +365,8 @@ static int FindExtByType(WolfSSL_ConstVector* ret, word16 extType,
         ato16(exts.elements + idx, &type);
         idx += OPAQUE16_LEN;
         idx += ReadVector16(exts.elements + idx, &ext);
-        if (idx > exts.size)
+        if (idx > exts.size ||
+                ext.elements + ext.size > exts.elements + exts.size)
             return BUFFER_ERROR;
         if (type == extType) {
             XMEMCPY(ret, &ext, sizeof(ext));
@@ -480,7 +499,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
                          ch->extension, &tlsxFound);
     if (ret != 0)
         return ret;
-    if (!tlsxFound) {
+    if (!tlsxFound || tlsxSupportedVersions.elements == NULL) {
         *isTls13 = 0;
         return 0;
     }
@@ -708,9 +727,14 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
          * and if they don't match we will error out there anyway. */
         byte modes;
 
+        /* TLSX_PreSharedKey_Parse_ClientHello uses word16 length */
+        if (tlsx.size > WOLFSSL_MAX_16BIT) {
+            ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
+        }
+
         /* Ask the user for the ciphersuite matching this identity */
         if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts,
-                tlsx.elements, tlsx.size, ssl->heap) == 0)
+                tlsx.elements, (word16)tlsx.size, ssl->heap) == 0)
             FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites);
         /* Revert to full handshake if PSK parsing failed */
 
@@ -721,8 +745,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
                 goto dtls13_cleanup;
             if (!tlsxFound)
                 ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup);
-            ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, tlsx.size,
-                                              client_hello, &modes);
+            ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, (word16)tlsx.size,
+                                               client_hello, &modes);
             if (ret != 0)
                 goto dtls13_cleanup;
             if ((modes & (1 << PSK_DHE_KE)) &&
@@ -824,8 +848,6 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
         WOLFSSL* nonConstSSL = (WOLFSSL*)ssl;
         TLSX* sslExts = nonConstSSL->extensions;
 
-        if (ret != 0)
-            goto dtls13_cleanup;
         nonConstSSL->options.tls = 1;
         nonConstSSL->options.tls1_1 = 1;
         nonConstSSL->options.tls1_3 = 1;
@@ -945,8 +967,13 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
             int tlsxFound;
             ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
                                  &tlsxFound);
-            if (ret != 0)
+            if (ret != 0) {
+                if (isFirstCHFrag) {
+                    WOLFSSL_MSG("\t\tCookie probably missing from first "
+                                "fragment. Dropping.");
+                }
                 return ret;
+            }
         }
     }
 #endif
@@ -1002,11 +1029,20 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
             ssl->options.dtlsStateful = 1;
             /* Update the window now that we enter the stateful parsing */
 #ifdef WOLFSSL_DTLS13
-            if (isTls13)
+            if (isTls13) {
+                /* Set record numbers before current record number as read */
+                Dtls13Epoch* e;
                 ret = Dtls13UpdateWindowRecordRecvd(ssl);
+                e = Dtls13GetEpoch(ssl, ssl->keys.curEpoch64);
+                if (e != NULL)
+                    XMEMSET(e->window, 0xFF, sizeof(e->window));
+            }
             else
 #endif
                 DtlsUpdateWindow(ssl);
+            /* Set record numbers before current record number as read */
+            XMEMSET(ssl->keys.peerSeq->window, 0xFF,
+                    sizeof(ssl->keys.peerSeq->window));
         }
     }
 
@@ -1016,22 +1052,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 
 #if defined(WOLFSSL_DTLS_CID)
 
-typedef struct ConnectionID {
-    byte length;
-/* Ignore "nonstandard extension used : zero-sized array in struct/union"
- * MSVC warning */
-#ifdef _MSC_VER
-#pragma warning(disable: 4200)
-#endif
-    byte id[];
-} ConnectionID;
-
-typedef struct CIDInfo {
-    ConnectionID* tx;
-    ConnectionID* rx;
-    byte negotiated : 1;
-} CIDInfo;
-
 static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap)
 {
     ConnectionID* ret;
@@ -1097,6 +1117,26 @@ static int DtlsCidGet(WOLFSSL* ssl, unsigned char* buf, int bufferSz, int rx)
     return WOLFSSL_SUCCESS;
 }
 
+static int DtlsCidGet0(WOLFSSL* ssl, unsigned char** cid, int rx)
+{
+    ConnectionID* id;
+    CIDInfo* info;
+
+    if (ssl == NULL || cid == NULL)
+        return BAD_FUNC_ARG;
+
+    info = DtlsCidGetInfo(ssl);
+    if (info == NULL)
+        return WOLFSSL_FAILURE;
+
+    id = rx ? info->rx : info->tx;
+    if (id == NULL || id->length == 0)
+        return WOLFSSL_SUCCESS;
+
+    *cid = id->id;
+    return WOLFSSL_SUCCESS;
+}
+
 static CIDInfo* DtlsCidGetInfoFromExt(byte* ext)
 {
     WOLFSSL** sslPtr;
@@ -1133,10 +1173,8 @@ void TLSX_ConnectionID_Free(byte* ext, void* heap)
     info = DtlsCidGetInfoFromExt(ext);
     if (info == NULL)
         return;
-    if (info->rx != NULL)
-        XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX);
-    if (info->tx != NULL)
-        XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX);
+    XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX);
+    XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX);
     XFREE(info, heap, DYNAMIC_TYPE_TLSX);
     DtlsCidUnsetInfoFromExt(ext);
     XFREE(ext, heap, DYNAMIC_TYPE_TLSX);
@@ -1182,7 +1220,7 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
     info = (CIDInfo*)XMALLOC(sizeof(CIDInfo), ssl->heap, DYNAMIC_TYPE_TLSX);
     if (info == NULL)
         return MEMORY_ERROR;
-    ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL**), ssl->heap, DYNAMIC_TYPE_TLSX);
+    ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL*), ssl->heap, DYNAMIC_TYPE_TLSX);
     if (ext == NULL) {
         XFREE(info, ssl->heap, DYNAMIC_TYPE_TLSX);
         return MEMORY_ERROR;
@@ -1211,9 +1249,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
 int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     byte isRequest)
 {
-    ConnectionID* id;
     CIDInfo* info;
-    byte cidSize;
+    byte cidSz;
     TLSX* ext;
 
     ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
@@ -1229,35 +1266,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         }
     }
 
+    if (length < OPAQUE8_LEN)
+        return BUFFER_ERROR;
+
+    cidSz = *input;
+    if (cidSz + OPAQUE8_LEN > length)
+        return BUFFER_ERROR;
+
     info = DtlsCidGetInfo(ssl);
     if (info == NULL)
         return BAD_STATE_E;
 
     /* it may happen if we process two ClientHello because the server sent an
-     * HRR request */
-    if (info->tx != NULL) {
+     * HRR/HVR request */
+    if (info->tx != NULL || info->negotiated) {
         if (ssl->options.side != WOLFSSL_SERVER_END &&
-            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
+            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE &&
+            !IsSCR(ssl))
             return BAD_STATE_E;
 
-        XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
-        info->tx = NULL;
+        /* Should not be null if negotiated */
+        if (info->tx == NULL)
+            return BAD_STATE_E;
+
+        /* For now we don't support changing the CID on a rehandshake */
+        if (cidSz != info->tx->length ||
+                XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0)
+            return DTLS_CID_ERROR;
     }
-
-    if (length < OPAQUE8_LEN)
-        return BUFFER_ERROR;
-
-    cidSize = *input;
-    if (cidSize + OPAQUE8_LEN > length)
-        return BUFFER_ERROR;
-
-    if (cidSize > 0) {
-        id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap,
-            DYNAMIC_TYPE_TLSX);
+    else if (cidSz > 0) {
+        ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz,
+                ssl->heap, DYNAMIC_TYPE_TLSX);
         if (id == NULL)
             return MEMORY_ERROR;
-        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize);
-        id->length = cidSize;
+        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz);
+        id->length = cidSz;
         info->tx = id;
     }
 
@@ -1297,10 +1340,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl)
 {
     int ret;
 
-    /* CID is supported on DTLSv1.3 only */
-    if (!IsAtLeastTLSv1_3(ssl->version))
-        return WOLFSSL_FAILURE;
-
     ssl->options.useDtlsCID = 1;
     ret = TLSX_ConnectionID_Use(ssl);
     if (ret != 0)
@@ -1326,8 +1365,9 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
         return WOLFSSL_FAILURE;
 
     if (cidInfo->rx != NULL) {
-        XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
-        cidInfo->rx = NULL;
+        WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a "
+                    "connection");
+        return WOLFSSL_FAILURE;
     }
 
     /* empty CID */
@@ -1355,6 +1395,11 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buf,
     return DtlsCidGet(ssl, buf, bufferSz, 1);
 }
 
+int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid)
+{
+    return DtlsCidGet0(ssl, cid, 1);
+}
+
 int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size)
 {
     return DtlsCidGetSize(ssl, size, 0);
@@ -1366,7 +1411,77 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
     return DtlsCidGet(ssl, buf, bufferSz, 0);
 }
 
+int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid)
+{
+    return DtlsCidGet0(ssl, cid, 0);
+}
+
+int wolfSSL_dtls_cid_max_size(void)
+{
+    return DTLS_CID_MAX_SIZE;
+}
+
+const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz)
+{
+    /* we need at least the first byte to check version */
+    if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz)
+        return NULL;
+    if (msg[0] == dtls12_cid) {
+        /* DTLS 1.2 CID packet */
+        if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz)
+            return NULL;
+        /* content type(1) + version(2) + epoch(2) + sequence(6) */
+        return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
+                OPAQUE32_LEN;
+    }
+#ifdef WOLFSSL_DTLS13
+    else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) {
+        /* DTLS 1.3 CID packet */
+        if (msgSz < OPAQUE8_LEN + cidSz)
+            return NULL;
+        return msg + OPAQUE8_LEN;
+    }
+#endif
+    return NULL;
+}
 #endif /* WOLFSSL_DTLS_CID */
+
+byte DtlsGetCidTxSize(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_DTLS_CID
+    unsigned int cidSz;
+    int ret;
+    ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz);
+    if (ret != WOLFSSL_SUCCESS)
+        return 0;
+    return (byte)cidSz;
+#else
+    (void)ssl;
+    return 0;
+#endif
+}
+
+byte DtlsGetCidRxSize(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_DTLS_CID
+    unsigned int cidSz;
+    int ret;
+    ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz);
+    if (ret != WOLFSSL_SUCCESS)
+        return 0;
+    return (byte)cidSz;
+#else
+    (void)ssl;
+    return 0;
+#endif
+}
+
+byte wolfSSL_is_stateful(WOLFSSL* ssl)
+{
+    return (byte)(ssl != NULL ? ssl->options.dtlsStateful : 0);
+}
+
 #endif /* WOLFSSL_DTLS */
 
 #endif /* WOLFCRYPT_ONLY */
diff --git a/src/dtls13.c b/src/dtls13.c
index 3591d67b4..a9beec6ca 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -1,6 +1,6 @@
 /* dtls13.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader {
     byte fragmentLength[3];
 } Dtls13HandshakeHeader;
 
+wc_static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
+
 /**
  * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
  * record
@@ -183,7 +185,8 @@ int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
     /* seq[0] combines the epoch and 16 MSB of sequence number. We write on the
        epoch field and will overflow to the first two bytes of the sequence
        number */
-    c32toa(seq[0], hdr->epoch);
+    c16toa((word16)(seq[0] >> 16), hdr->epoch);
+    c16toa((word16)seq[0], hdr->sequenceNumber);
     c32toa(seq[1], &hdr->sequenceNumber[2]);
 
     c16toa(length, hdr->length);
@@ -258,10 +261,12 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
         if (c->aes == NULL)
             return BAD_STATE_E;
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
+    || defined(WOLFSSL_LINUXKM))
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
 #else
         wc_AesEncryptDirect(c->aes, mask, ciphertext);
+        return 0;
 #endif
     }
 #endif /* HAVE_AESGCM || HAVE_AESCCM */
@@ -338,9 +343,17 @@ static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs)
     if (ssl->options.dtlsStateful)
         ssl->keys.dtls_expected_peer_handshake_number++;
 
-    /* we need to send ACKs on the last message of a flight that needs explicit
-       acknowledgment */
-    ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs);
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        /* we need to send ACKs on the last message of a flight that needs
+         * explicit acknowledgment */
+        ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs);
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
+    }
 }
 
 int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
@@ -394,8 +407,10 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
          * from there, the message can be considered processed successfully.
          * WANT_WRITE means that we are done with processing the msg and we are
          * waiting to flush the output buffer. */
-        if ((ret == 0 || ret == WANT_WRITE) || (msg->type == certificate_request &&
-                         ssl->options.handShakeDone && ret == WC_PENDING_E)) {
+        if ((ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) ||
+                        (msg->type == certificate_request &&
+                         ssl->options.handShakeDone &&
+                         ret == WC_NO_ERR_TRACE(WC_PENDING_E))) {
             if (IsAtLeastTLSv1_3(ssl->version))
                 Dtls13MsgWasProcessed(ssl, (enum HandShakeType)msg->type);
             else if (downgraded)
@@ -482,22 +497,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz,
     wc_HashAlg hashCtx;
     int type = wolfSSL_GetHmacType_ex(specs);
 
+    if (type < 0)
+        return type;
+
     header[0] = (byte)client_hello;
     c32to24(length, header + 1);
 
-    ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId);
+    ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId);
     if (ret == 0) {
-        ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN);
+        ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN);
         if (ret == 0)
-            ret = wc_HashUpdate(&hashCtx, type, body, length);
+            ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length);
         if (ret == 0)
-            ret = wc_HashFinal(&hashCtx, type, hash);
+            ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash);
         if (ret == 0) {
-            *hashSz = wc_HashGetDigestSize(type);
+            *hashSz = wc_HashGetDigestSize((enum wc_HashType)type);
             if (*hashSz < 0)
                 ret = *hashSz;
         }
-        wc_HashFree(&hashCtx, type);
+        wc_HashFree(&hashCtx, (enum wc_HashType)type);
     }
     return ret;
 }
@@ -555,9 +573,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size,
     else {
         msg = output + recordHeaderLength;
 
-        if (length <= recordHeaderLength)
-            return BUFFER_ERROR;
-
         if (hashOutput) {
             ret = Dtls13HashHandshake(ssl, msg, recordLength);
             if (ret != 0)
@@ -649,8 +664,17 @@ static void Dtls13RtxRecordUnlink(WOLFSSL* ssl, Dtls13RtxRecord** prevNext,
     Dtls13RtxRecord* r)
 {
     /* if r was at the tail of the list, update the tail pointer */
-    if (r->next == NULL)
-        ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
+    if (r->next == NULL) {
+    #ifdef WOLFSSL_RW_THREADED
+        if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+    #endif
+        {
+            ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
+        #ifdef WOLFSSL_RW_THREADED
+            wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+        #endif
+        }
+    }
 
     /* unlink */
     *prevNext = r->next;
@@ -707,12 +731,20 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq)
 
     WOLFSSL_ENTER("Dtls13RtxAddAck");
 
-    rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
-    if (rn == NULL)
-        return MEMORY_E;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
+        if (rn == NULL)
+            return MEMORY_E;
 
-    rn->next = ssl->dtls13Rtx.seenRecords;
-    ssl->dtls13Rtx.seenRecords = rn;
+        rn->next = ssl->dtls13Rtx.seenRecords;
+        ssl->dtls13Rtx.seenRecords = rn;
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
+    }
 
     return 0;
 }
@@ -725,15 +757,23 @@ static void Dtls13RtxFlushAcks(WOLFSSL* ssl)
 
     WOLFSSL_ENTER("Dtls13RtxFlushAcks");
 
-    list = ssl->dtls13Rtx.seenRecords;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        list = ssl->dtls13Rtx.seenRecords;
 
-    while (list != NULL) {
-        rn = list;
-        list = rn->next;
-        XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+        while (list != NULL) {
+            rn = list;
+            list = rn->next;
+            XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+        }
+
+        ssl->dtls13Rtx.seenRecords = NULL;
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
     }
-
-    ssl->dtls13Rtx.seenRecords = NULL;
 }
 
 static int Dtls13DetectDisruption(WOLFSSL* ssl, word32 fragOffset)
@@ -809,9 +849,7 @@ static void Dtls13MaybeSaveClientHello(WOLFSSL* ssl)
         while (r != NULL) {
             if (r->handshakeType == client_hello) {
                 Dtls13RtxRecordUnlink(ssl, prev_next, r);
-                if (ssl->dtls13ClientHello != NULL)
-                    XFREE(ssl->dtls13ClientHello, ssl->heap,
-                        DYNAMIC_TYPE_DTLS_MSG);
+                XFREE(ssl->dtls13ClientHello, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
                 ssl->dtls13ClientHello = r->data;
                 ssl->dtls13ClientHelloSz = r->length;
                 r->data = NULL;
@@ -919,7 +957,7 @@ static int Dtls13SendOneFragmentRtx(WOLFSSL* ssl,
         handshakeType, hashOutput, Dtls13SendNow(ssl, handshakeType));
 
     if (rtxRecord != NULL) {
-        if (ret == 0 || ret == WANT_WRITE)
+        if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE))
             Dtls13RtxAddRecord(&ssl->dtls13Rtx, rtxRecord);
         else
             Dtls13FreeRtxBufferRecord(ssl, rtxRecord);
@@ -979,7 +1017,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl)
         ret = Dtls13SendOneFragmentRtx(ssl,
             (enum HandShakeType)ssl->dtls13FragHandshakeType,
             (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0);
-        if (ret == WANT_WRITE) {
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
             ssl->dtls13FragOffset += fragLength;
             return ret;
         }
@@ -1051,45 +1089,26 @@ static WC_INLINE word8 Dtls13GetEpochBits(w64wrapper epoch)
 }
 
 #ifdef WOLFSSL_DTLS_CID
-static byte Dtls13GetCidTxSize(WOLFSSL* ssl)
-{
-    unsigned int cidSz;
-    int ret;
-    ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz);
-    if (ret != WOLFSSL_SUCCESS)
-        return 0;
-    return (byte)cidSz;
-}
-
-static byte Dtls13GetCidRxSize(WOLFSSL* ssl)
-{
-    unsigned int cidSz;
-    int ret;
-    ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz);
-    if (ret != WOLFSSL_SUCCESS)
-        return 0;
-    return (byte)cidSz;
-}
 
 static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx)
 {
-    byte cidSize;
+    byte cidSz;
     int ret;
 
     if (!wolfSSL_dtls_cid_is_enabled(ssl))
         return 0;
 
-    cidSize = Dtls13GetCidTxSize(ssl);
+    cidSz = DtlsGetCidTxSize(ssl);
 
     /* no cid */
-    if (cidSize == 0)
+    if (cidSz == 0)
         return 0;
     *flags |= DTLS13_CID_BIT;
-    /* we know that we have at least cidSize of space */
-    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize);
+    /* we know that we have at least cidSz of space */
+    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz);
     if (ret != WOLFSSL_SUCCESS)
         return ret;
-    *idx += cidSize;
+    *idx += cidSz;
     return 0;
 }
 
@@ -1133,10 +1152,13 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags,
     return 0;
 }
 
+int Dtls13UnifiedHeaderCIDPresent(byte flags)
+{
+    return Dtls13IsUnifiedHeader(flags) && (flags & DTLS13_CID_BIT);
+}
+
 #else
 #define Dtls13AddCID(a, b, c, d) 0
-#define Dtls13GetCidRxSize(a) 0
-#define Dtls13GetCidTxSize(a) 0
 #define Dtls13UnifiedHeaderParseCID(a, b, c, d, e) 0
 #endif /* WOLFSSL_DTLS_CID */
 
@@ -1208,6 +1230,11 @@ int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
     return 0;
 }
 
+int Dtls13MinimumRecordLength(WOLFSSL* ssl)
+{
+    return Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT;
+}
+
 /**
  * Dtls13EncryptRecordNumber() - encrypt record number in the header
  * @ssl: ssl object
@@ -1224,14 +1251,20 @@ int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength)
     if (ssl == NULL || hdr == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef HAVE_NULL_CIPHER
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null)
+        return 0;
+#endif /*HAVE_NULL_CIPHER */
+
     /* we need at least a 16 bytes of ciphertext to encrypt record number see
        4.2.3*/
-    if (recordLength < Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT)
+    if (recordLength < Dtls13MinimumRecordLength(ssl))
         return BUFFER_ERROR;
 
     seqLength = (*hdr & DTLS13_LEN_BIT) ? DTLS13_SEQ_16_LEN : DTLS13_SEQ_8_LEN;
 
-    cidSz = Dtls13GetCidTxSize(ssl);
+    cidSz = DtlsGetCidTxSize(ssl);
     /* header flags + seq number + CID size*/
     hdrLength = OPAQUE8_LEN + seqLength + cidSz;
 
@@ -1262,7 +1295,7 @@ word16 Dtls13GetRlHeaderLength(WOLFSSL* ssl, byte isEncrypted)
     if (!isEncrypted)
         return DTLS_RECORD_HEADER_SZ;
 
-    return DTLS13_UNIFIED_HEADER_SIZE + Dtls13GetCidTxSize(ssl);
+    return DTLS13_UNIFIED_HEADER_SIZE + DtlsGetCidTxSize(ssl);
 }
 
 /**
@@ -1389,7 +1422,7 @@ int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, word16* size)
         return BAD_FUNC_ARG;
 
     /* flags (1) + CID + seq 8bit (1) */
-    *size = OPAQUE8_LEN + Dtls13GetCidRxSize(ssl) + OPAQUE8_LEN;
+    *size = OPAQUE8_LEN + DtlsGetCidRxSize(ssl) + OPAQUE8_LEN;
     if (input & DTLS13_SEQ_LEN_BIT)
         *size += OPAQUE8_LEN;
     if (input & DTLS13_LEN_BIT)
@@ -1452,17 +1485,22 @@ int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input,
         hdrInfo->recordLength = inputSize - idx;
     }
 
-    /* minimum size for a dtls1.3 packet is 16 bytes (to have enough ciphertext
-       to create record number xor mask). (draft 43 - Sec 4.2.3) */
-    if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
-        return LENGTH_ERROR;
-    if (inputSize < idx + DTLS13_RN_MASK_SIZE)
-        return BUFFER_ERROR;
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
+    if (ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null)
+    {
+        /* minimum size for a dtls1.3 packet is 16 bytes (to have enough
+         * ciphertext to create record number xor mask).
+         * (draft 43 - Sec 4.2.3) */
+        if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
+            return LENGTH_ERROR;
+        if (inputSize < idx + DTLS13_RN_MASK_SIZE)
+            return BUFFER_ERROR;
 
-    ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
-        DEPROTECT);
-    if (ret != 0)
-        return ret;
+        ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
+            DEPROTECT);
+        if (ret != 0)
+            return ret;
+    }
 
     if (seqLen == DTLS13_SEQ_16_LEN) {
         hdrInfo->seqHiPresent = 1;
@@ -1561,7 +1599,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
         ret = Dtls13SendFragment(ssl, output, (word16)sendSz, r->length + headerLength,
             (enum HandShakeType)r->handshakeType, 0,
             isLast || !ssl->options.groupMessages);
-        if (ret != 0 && ret != WANT_WRITE)
+        if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
 
         if (r->rnIdx >= DTLS13_RETRANS_RN_SIZE)
@@ -1575,7 +1613,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
         r->seq[r->rnIdx] = seq;
         r->rnIdx++;
 
-        if (ret == WANT_WRITE) {
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
             /* this fragment will be sent eventually. Move it to the end of the
                list so next time we start with a new one. */
             Dtls13RtxMoveToEndOfList(ssl, prevNext, r);
@@ -1682,7 +1720,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
     isFirst = fragOff == 0;
     isComplete = isFirst && fragLength == messageLength;
 
-    if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) {
+    if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) {
 #ifdef WOLFSSL_DTLS_CH_FRAG
         byte tls13 = 0;
         /* check if the first CH fragment contains a valid cookie */
@@ -1874,7 +1912,7 @@ int Dtls13HandshakeSend(WOLFSSL* ssl, byte* message, word16 outputSize,
     if (maxLen < maxFrag) {
         ret = Dtls13SendOneFragmentRtx(ssl, handshakeType, outputSize, message,
             length, hashOutput);
-        if (ret == 0 || ret == WANT_WRITE)
+        if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE))
             ssl->keys.dtls_handshake_number++;
     }
     else {
@@ -2521,13 +2559,25 @@ static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch,
 int Dtls13DoScheduledWork(WOLFSSL* ssl)
 {
     int ret;
+    int sendAcks;
 
     WOLFSSL_ENTER("Dtls13DoScheduledWork");
 
     ssl->dtls13SendingAckOrRtx = 1;
 
-    if (ssl->dtls13Rtx.sendAcks) {
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0)
+        return ret;
+#endif
+    sendAcks = ssl->dtls13Rtx.sendAcks;
+    if (sendAcks) {
         ssl->dtls13Rtx.sendAcks = 0;
+    }
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
+    if (sendAcks) {
         ret = SendDtls13Ack(ssl);
         if (ret != 0)
             return ret;
@@ -2584,7 +2634,7 @@ int Dtls13RtxTimeout(WOLFSSL* ssl)
 
     /* Increase timeout on long timeout */
     if (DtlsMsgPoolTimeout(ssl) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     return Dtls13RtxSendBuffered(ssl);
 }
@@ -2603,13 +2653,28 @@ static int Dtls13RtxHasKeyUpdateBuffered(WOLFSSL* ssl)
     return 0;
 }
 
+int DoDtls13KeyUpdateAck(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) {
+        /* we removed the KeyUpdate message because it was ACKed */
+        ssl->dtls13WaitKeyUpdateAck = 0;
+        ret = Dtls13KeyUpdateAckReceived(ssl);
+    }
+
+    return ret;
+}
+
 int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
     word32* processedSize)
 {
     const byte* ackMessage;
     w64wrapper epoch, seq;
     word16 length;
+#ifndef WOLFSSL_RW_THREADED
     int ret;
+#endif
     int i;
 
     if (inputSize < OPAQUE16_LEN)
@@ -2641,15 +2706,13 @@ int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
         ssl->options.serverState = SERVER_FINISHED_ACKED;
     }
 
+#ifndef WOLFSSL_RW_THREADED
     if (ssl->dtls13WaitKeyUpdateAck) {
-        if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) {
-            /* we removed the KeyUpdate message because it was ACKed */
-            ssl->dtls13WaitKeyUpdateAck = 0;
-            ret = Dtls13KeyUpdateAckReceived(ssl);
-            if (ret != 0)
-                return ret;
-        }
+        ret = DoDtls13KeyUpdateAck(ssl);
+        if (ret != 0)
+            return ret;
     }
+#endif
 
     *processedSize = length + OPAQUE16_LEN;
 
@@ -2700,9 +2763,17 @@ int SendDtls13Ack(WOLFSSL* ssl)
     if (ret != 0)
         return ret;
 
-    ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length);
-    if (ret != 0)
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0)
         return ret;
+#endif
+    ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length);
+#ifdef WOLFSSL_RW_THREADED
+    wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
+        if (ret != 0)
+            return ret;
 
     output = GetOutputBuffer(ssl);
 
diff --git a/src/include.am b/src/include.am
index a69822fff..0a34c41f9 100644
--- a/src/include.am
+++ b/src/include.am
@@ -21,7 +21,10 @@ EXTRA_DIST += src/ssl_asn1.c
 EXTRA_DIST += src/ssl_bn.c
 EXTRA_DIST += src/ssl_certman.c
 EXTRA_DIST += src/ssl_crypto.c
+EXTRA_DIST += src/ssl_load.c
 EXTRA_DIST += src/ssl_misc.c
+EXTRA_DIST += src/ssl_p7p12.c
+EXTRA_DIST += src/ssl_sess.c
 EXTRA_DIST += src/x509.c
 EXTRA_DIST += src/x509_str.c
 
@@ -32,25 +35,11 @@ if !BUILD_NO_LIBRARY
 lib_LTLIBRARIES+= src/libwolfssl@LIBSUFFIX@.la
 endif
 src_libwolfssl@LIBSUFFIX@_la_SOURCES =
-src_libwolfssl@LIBSUFFIX@_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${WOLFSSL_LIBRARY_VERSION}
+src_libwolfssl@LIBSUFFIX@_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-number ${WOLFSSL_LIBRARY_VERSION}
 src_libwolfssl@LIBSUFFIX@_la_LIBADD = $(LIBM) $(LIB_ADD) $(LIB_STATIC_ADD)
 src_libwolfssl@LIBSUFFIX@_la_CFLAGS = -DBUILDING_WOLFSSL $(AM_CFLAGS) -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(EXTRA_CFLAGS)\""
 src_libwolfssl@LIBSUFFIX@_la_CPPFLAGS = -DBUILDING_WOLFSSL $(AM_CPPFLAGS)
 
-# install the packaged IPP libraries
-if BUILD_FAST_RSA
-
-# Link needed IPP libraries
-noinst_SCRIPTS+=IPP_links
-IPP_links:
-	@$(IPPLINK)
-
-ippdir = $(libdir)
-ipp_DATA = $(IPPLIBS)
-
-include_HEADERS+=$(IPPHEADERS)
-endif # BUILD_FAST_RSA
-
 if BUILD_FIPS
 
 if BUILD_FIPS_V2
@@ -73,6 +62,9 @@ endif
 
 if BUILD_AES
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c
+if BUILD_CUDA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/cuda/aes-cuda.cu
+endif BUILD_CUDA
 endif
 
 if BUILD_AESNI
@@ -93,23 +85,29 @@ if BUILD_SHA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c
 endif
 
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S
 endif
+endif
 
 if BUILD_SHA512
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif
 endif
+endif
 
 if BUILD_SHA3
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
 endif
+endif
 
 if BUILD_DH
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dh.c
@@ -159,25 +157,236 @@ endif
 
 if BUILD_AES
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c
+if BUILD_CUDA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/cuda/aes-cuda.cu
+endif BUILD_CUDA
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+endif !BUILD_ARMASM_NEON
+
+if BUILD_AESNI
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
+if BUILD_X86_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
+endif
+endif
+
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c
+endif BUILD_RISCV_ASM
+endif BUILD_AES
+
+if BUILD_SHA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c
+endif
+
+if BUILD_ARMASM_NEON
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
+if !BUILD_X86_ASM
+if BUILD_INTELASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S
+endif BUILD_INTELASM
+endif !BUILD_X86_ASM
+endif !BUILD_ARMASM
+endif !BUILD_ARMASM_NEON
+
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c
+endif BUILD_RISCV_ASM
+
+if BUILD_SHA512
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c
+else
+if BUILD_ARMASM_NEON
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512-asm.S
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
+if !BUILD_X86_ASM
+if BUILD_INTELASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
+endif BUILD_INTELASM
+endif !BUILD_X86_ASM
+endif !BUILD_ARMASM
+endif !BUILD_ARMASM_NEON
+endif !BUILD_RISCV_ASM
+endif BUILD_SHA512
+
+if BUILD_SHA3
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3.c
+if BUILD_ARMASM_NEON
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM_NEON
+if BUILD_ARMASM
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
+if !BUILD_X86_ASM
+if BUILD_INTELASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
+endif
+endif
+endif
+
+if BUILD_DH
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dh.c
+endif
+
+if BUILD_CMAC
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/cmac.c
+endif
+
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fips.c \
+                             wolfcrypt/src/fips_test.c
+
+# fips last file
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
+endif BUILD_FIPS_V5
+
+if BUILD_FIPS_V6
+# FIPS 140-3 SRTP-KDF first file
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += \
+               wolfcrypt/src/wolfcrypt_first.c
+
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += \
+               wolfcrypt/src/hmac.c \
+               wolfcrypt/src/random.c
+
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/kdf.c
+
+if BUILD_RSA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rsa.c
+endif
+
+if BUILD_ECC
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ecc.c
+endif
+
+if BUILD_AES
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c
+if BUILD_ARMASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
+endif BUILD_ARMASM
+if BUILD_ARMASM_NEON
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -208,11 +417,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
@@ -222,7 +439,14 @@ endif BUILD_INTELASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
 
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c
+endif BUILD_RISCV_ASM
+
 if BUILD_SHA512
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c
+else
 if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
@@ -236,11 +460,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -249,6 +481,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif BUILD_INTELASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+endif !BUILD_RISCV_ASM
 endif BUILD_SHA512
 
 if BUILD_SHA3
@@ -260,6 +493,26 @@ else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
+if BUILD_ARMASM
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
@@ -273,12 +526,101 @@ if BUILD_CMAC
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/cmac.c
 endif
 
+if BUILD_CURVE448
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve448.c
+endif
+
+if BUILD_ED448
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed448.c
+endif
+
+if BUILD_CURVE25519
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c
+endif
+
+if BUILD_ED25519
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed25519.c
+endif
+
+if BUILD_ARMASM
+if BUILD_ARMASM_NEON
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+endif
+if BUILD_ARM_64
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
+endif
+if BUILD_ARM_64
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif !BUILD_ARMASM_NEON
+endif BUILD_ARMASM
+
+if BUILD_PWDBASED
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/pwdbased.c
+endif BUILD_PWDBASED
+
+if BUILD_SP
+if BUILD_SP_C32
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_c32.c
+endif
+if BUILD_SP_C64
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_c64.c
+endif
+
+if BUILD_SP_X86_64
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_x86_64.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_x86_64_asm.S
+endif
+if !BUILD_FIPS_V2
+if BUILD_SP_ARM32
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_arm32.c
+endif
+endif
+if BUILD_SP_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_armthumb.c
+endif
+if !BUILD_FIPS_V2
+if BUILD_SP_ARM64
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_arm64.c
+endif
+endif
+if BUILD_SP_ARM_CORTEX
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_cortexm.c
+endif
+endif BUILD_SP
+
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fips.c \
                              wolfcrypt/src/fips_test.c
 
 # fips last file
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
-endif BUILD_FIPS_V5
+endif BUILD_FIPS_V6
+
 
 endif BUILD_FIPS
 
@@ -311,9 +653,11 @@ endif !BUILD_DO178
 if !BUILD_FIPS_RAND
 
 if !BUILD_FIPS_V5
+if !BUILD_FIPS_V6
 if BUILD_KDF
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/kdf.c
 endif
+endif !BUILD_FIPS_V6
 endif !BUILD_FIPS_V5
 
 if !BUILD_FIPS_CURRENT
@@ -335,18 +679,33 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256_asm.S
 endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c
+endif BUILD_RISCV_ASM
+
 endif !BUILD_FIPS_CURRENT
 
 if BUILD_AFALG
@@ -370,22 +729,17 @@ if BUILD_ASYNCCRYPT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/async.c
 endif
 
-if !BUILD_USER_RSA
 if BUILD_RSA
-if BUILD_FAST_RSA
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/user-crypto/src/rsa.c
-else
 if !BUILD_FIPS_CURRENT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rsa.c
 endif !BUILD_FIPS_CURRENT
 endif
-endif
-endif
 
 if BUILD_RC2
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rc2.c
 endif
 
+if !BUILD_FIPS_V6
 if BUILD_SP
 if BUILD_SP_C32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_c32.c
@@ -415,6 +769,8 @@ if BUILD_SP_ARM_CORTEX
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_cortexm.c
 endif
 endif BUILD_SP
+endif !BUILD_FIPS_V6
+
 if BUILD_SP_INT
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sp_int.c
 endif
@@ -422,33 +778,55 @@ endif
 if !BUILD_FIPS_CURRENT
 if BUILD_AES
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c
+if BUILD_CUDA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/cuda/aes-cuda.cu
+endif BUILD_CUDA
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+
 if BUILD_AFALG
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c
 endif BUILD_AFALG
+
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c
+endif BUILD_RISCV_ASM
 endif BUILD_AES
 endif !BUILD_FIPS_CURRENT
 
@@ -472,6 +850,9 @@ endif !BUILD_FIPS_CURRENT
 
 if !BUILD_FIPS_CURRENT
 if BUILD_SHA512
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c
+else
 if BUILD_ARMASM_NEON
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
@@ -485,19 +866,30 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S
 endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif !BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
+endif !BUILD_RISCV_ASM
 endif BUILD_SHA512
 endif !BUILD_FIPS_CURRENT
 
@@ -511,10 +903,32 @@ else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha3-asm.S
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
+if BUILD_ARMASM
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
 endif
+endif
 endif !BUILD_FIPS_CURRENT
 
 if !BUILD_FIPS_CURRENT
@@ -555,9 +969,11 @@ endif !BUILD_FIPS_CURRENT
 if !BUILD_FIPS_CURRENT
 if BUILD_SM3
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sm3.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sm3_asm.S
 endif
+endif
 endif BUILD_SM3
 endif !BUILD_FIPS_CURRENT
 
@@ -619,13 +1035,38 @@ if !BUILD_FIPS_RAND
 
 if BUILD_POLY1305
 if BUILD_ARMASM
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c
 endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305.c
+endif
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-poly1305.c
+endif
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/poly1305.c
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/poly1305_asm.S
 endif
 endif
+endif
 
 if BUILD_RC4
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/arc4.c
@@ -639,10 +1080,15 @@ if BUILD_MD5
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/md5.c
 endif
 
+if !BUILD_FIPS_V6
 if BUILD_PWDBASED
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/pwdbased.c
+endif BUILD_PWDBASED
+endif !BUILD_FIPS_V6
+
+if BUILD_PKCS12
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/pkcs12.c
-endif
+endif BUILD_PKCS12
 
 if BUILD_DSA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dsa.c
@@ -680,17 +1126,46 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/blake2s.c
 endif
 
 if BUILD_CHACHA
-if BUILD_ARMASM_NEON
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
-else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
+if BUILD_ARMASM
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha.c
+endif
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c
+endif BUILD_RISCV_ASM
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S
-endif
-endif
+endif BUILD_INTELASM
+endif !BUILD_X86_ASM
+endif !BUILD_ARMASM
 if BUILD_POLY1305
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c
-endif
+endif BUILD_POLY1305
+endif BUILD_CHACHA
+
+if BUILD_ASCON
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ascon.c
 endif
 
 if !BUILD_INLINE
@@ -718,24 +1193,53 @@ if BUILD_SAKKE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sakke.c
 endif
 
-if !BUILD_FIPS_CURRENT
 if BUILD_WC_KYBER
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c
+if BUILD_ARMASM
+if BUILD_ARM_THUMB
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
+endif !BUILD_ARMASM_INLINE
+endif !BUILD_ARM_THUMB
+endif BUILD_ARMASM
+if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S
 endif
 endif
+if BUILD_ARMASM_NEON
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-kyber-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-kyber-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM_NEON
+endif
+
+if BUILD_DILITHIUM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
 endif
 
 if BUILD_WC_LMS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms_impl.c
 endif
 
 if BUILD_WC_XMSS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c
 endif
 
+if !BUILD_FIPS_V6
 if BUILD_CURVE25519
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c
 endif
@@ -743,38 +1247,67 @@ endif
 if BUILD_ED25519
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed25519.c
 endif
+endif !BUILD_FIPS_V6
 
 if BUILD_FEMATH
 if BUILD_CURVE25519_SMALL
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_low_mem.c
 else
-if BUILD_INTELASM
+if BUILD_CURVE25519_INTELASM
+if !BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
+endif !BUILD_X86_ASM
 else
 if BUILD_ARMASM
+if !BUILD_FIPS_V6
 if BUILD_ARMASM_NEON
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
 else
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
+endif !BUILD_FIPS_V6
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_operations.c
 endif !BUILD_ARMASM
-endif !BUILD_INTELASM
+endif !BUILD_CURVE25519_INTELASM
 endif !BUILD_CURVE25519_SMALL
 endif BUILD_FEMATH
 
@@ -784,33 +1317,46 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_low_mem.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c
 if !BUILD_FEMATH
-if BUILD_INTELASM
+if BUILD_CURVE25519_INTELASM
+if !BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
+endif !BUILD_X86_ASM
 else
+if !BUILD_FIPS_V6
 if BUILD_ARMASM
 if BUILD_ARMASM_NEON
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
-endif
+endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
 endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
 endif
+endif !BUILD_ARMASM_INLINE
+endif !BUILD_ARMASM_NEON
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_operations.c
-endif
-endif
-endif
-endif
-endif
+endif !BUILD_ARMASM
+endif !BUILD_FIPS_V6
+endif !BUILD_CURVE25519_INTELASM
+endif !BUILD_FEMATH
+endif !BUILD_ED25519_SMALL
+endif BUILD_GEMATH
 
+if !BUILD_FIPS_V6
 if BUILD_CURVE448
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve448.c
 endif
@@ -818,6 +1364,7 @@ endif
 if BUILD_ED448
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ed448.c
 endif
+endif !BUILD_FIPS_V6
 
 if BUILD_FE448
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_448.c
@@ -835,6 +1382,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/falcon.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sphincs.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_kyber.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
 endif
 
 if BUILD_LIBLMS
@@ -900,6 +1448,9 @@ endif
 
 endif !BUILD_CRYPTONLY
 
+if BUILD_XILINX
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/xilinx/xil-aesgcm.c
+endif
 
 endif !BUILD_FIPS_RAND
 
@@ -907,3 +1458,4 @@ if BUILD_ARIA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
 endif
+
diff --git a/src/internal.c b/src/internal.c
index a1c3128ce..d6c47eb6f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1,6 +1,6 @@
 /* internal.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,6 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -94,12 +92,6 @@
  *      pair
  */
 
-
-#ifdef EXTERNAL_OPTS_OPENVPN
-#error EXTERNAL_OPTS_OPENVPN should not be defined\
-    when building wolfSSL
-#endif
-
 #ifndef WOLFCRYPT_ONLY
 
 #include <wolfssl/internal.h>
@@ -149,7 +141,7 @@
 #endif
 
 
-#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
+#define ERROR_OUT(err, eLabel) { ret = (int)(err); goto eLabel; }
 
 #ifdef _MSC_VER
     /* disable for while(0) cases at the .c level for now */
@@ -199,7 +191,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
     #else
         #define SSL_TICKET_CTX(ssl) ssl->ctx->ticketEncCtx
     #endif
-    #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
+    #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
         static int TicketEncCbCtx_Init(WOLFSSL_CTX* ctx,
                                        TicketEncCbCtx* keyCtx);
         static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx);
@@ -212,6 +204,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
     #endif
 #endif
 
+int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional,
+                      byte dec, byte** seq, int verifyOrder);
 
 #ifdef WOLFSSL_DTLS
     static int _DtlsCheckWindow(WOLFSSL* ssl);
@@ -266,6 +260,49 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
 #endif /* !WOLFSSL_NO_TLS12 */
 
 
+#if !defined(NO_CERT) && defined(WOLFSSL_BLIND_PRIVATE_KEY)
+int wolfssl_priv_der_blind(WC_RNG* rng, DerBuffer* key, DerBuffer** mask)
+{
+    int ret = 0;
+    WC_RNG local_rng;
+
+    if (key != NULL) {
+        if (*mask != NULL) {
+            FreeDer(mask);
+        }
+        ret = AllocDer(mask, key->length, key->type, key->heap);
+        if ((ret == 0) && (rng == NULL)) {
+            if (wc_InitRng(&local_rng) != 0) {
+                ret = RNG_FAILURE_E;
+            }
+            else {
+                rng = &local_rng;
+            }
+        }
+        if (ret == 0) {
+             ret = wc_RNG_GenerateBlock(rng, (*mask)->buffer, (*mask)->length);
+        }
+        if (ret == 0) {
+            xorbuf(key->buffer, (*mask)->buffer, (*mask)->length);
+        }
+
+        if (rng == &local_rng) {
+            wc_FreeRng(rng);
+        }
+    }
+
+    return ret;
+}
+
+void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
+{
+    if (key != NULL) {
+        xorbuf(key->buffer, mask->buffer, mask->length);
+    }
+}
+#endif
+
+
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 #endif
@@ -301,7 +338,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
     {
         wolfSSL_CTX_keylog_cb_func logCb = NULL;
         int msSz;
-        int hasVal;
+        int invalidCount;
         int i;
         const char* label = SSC_CR;
         int labelSz = sizeof(SSC_CR);
@@ -312,32 +349,34 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
         int ret;
         (void)ctx;
 
-        if (ssl == NULL || secret == NULL || *secretSz == 0)
+        if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0)
             return BAD_FUNC_ARG;
         if (ssl->arrays == NULL)
             return BAD_FUNC_ARG;
 
-        /* get the user-callback func from CTX*/
+        /* get the user-callback func from CTX */
         logCb = ssl->ctx->keyLogCb;
-        if (logCb == NULL)
-            return 0;
+        if (logCb == NULL) {
+            return 0; /* no logging callback */
+        }
 
-        /* need to make sure the given master-secret has a meaningful value */
+        /* make sure the given master-secret has a meaningful value */
         msSz   = *secretSz;
-        hasVal = 0;
+        invalidCount = 0;
         for (i = 0; i < msSz; i++) {
-            if (*((byte*)secret) != 0) {
-                hasVal = 1;
-                break;
+            if (((byte*)secret)[i] == 0) {
+                invalidCount++;
             }
         }
-        if (hasVal == 0)
-            return 0; /* master-secret looks invalid */
+        if (invalidCount == *secretSz) {
+            WOLFSSL_MSG("master-secret is not valid");
+            return 0; /* ignore error */
+        }
 
         /* build up a hex-decoded keylog string
-           "CLIENT_RANDOM <hex-encoded client random> <hex-encoded master-secret>"
-           note that each keylog string does not have CR/LF.
-        */
+         * "CLIENT_RANDOM <hex-encoded client rand> <hex-encoded master-secret>"
+         * note that each keylog string does not have CR/LF.
+         */
         buffSz  = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1;
         log     = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
         if (log == NULL)
@@ -367,8 +406,9 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
                     ret = 0;
                 }
             }
-            else
-                ret = MEMORY_E;
+            else {
+                ret = BUFFER_E;
+            }
         }
         /* Zero out Base16 encoded secret and other data. */
         ForceZero(log, buffSz);
@@ -517,6 +557,22 @@ int IsTLS(const WOLFSSL* ssl)
 {
     if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
         return 1;
+#ifdef WOLFSSL_DTLS
+    if (ssl->version.major == DTLS_MAJOR)
+        return 1;
+#endif
+
+    return 0;
+}
+
+int IsTLS_ex(const ProtocolVersion pv)
+{
+    if (pv.major == SSLv3_MAJOR && pv.minor >=TLSv1_MINOR)
+        return 1;
+#ifdef WOLFSSL_DTLS
+    if (pv.major == DTLS_MAJOR)
+        return 1;
+#endif
 
     return 0;
 }
@@ -734,16 +790,16 @@ static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
             ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
         byte *pt = (byte*)ssl->encrypt.aes->reg;
 
-        if ((idx + 2*AES_BLOCK_SIZE) > len) {
+        if ((idx + 2*WC_AES_BLOCK_SIZE) > len) {
             WOLFSSL_MSG("Can not fit AES state into buffer");
             return BUFFER_E;
         }
-        XMEMCPY(exp + idx, pt, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(exp + idx, pt, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
 
         pt = (byte*)ssl->decrypt.aes->reg;
-        XMEMCPY(exp + idx, pt, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(exp + idx, pt, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
     }
 
     WOLFSSL_LEAVE("ExportCipherSpecState", idx);
@@ -986,12 +1042,12 @@ static int ImportCipherSpecState(WOLFSSL* ssl, const byte* exp, word32 len,
     if (type == WOLFSSL_EXPORT_TLS &&
             ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
         byte *pt = (byte*)ssl->encrypt.aes->reg;
-        XMEMCPY(pt, exp + idx, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(pt, exp + idx, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
 
         pt = (byte*)ssl->decrypt.aes->reg;
-        XMEMCPY(pt, exp + idx, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(pt, exp + idx, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
     }
 
     WOLFSSL_LEAVE("ImportCipherSpecState", idx);
@@ -1254,7 +1310,7 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
     exp[idx++] = 0;
 #endif
 #ifdef HAVE_ANON
-    exp[idx++] = options->haveAnon;
+    exp[idx++] = options->useAnon;
 #else
     exp[idx++] = 0;
 #endif
@@ -1459,7 +1515,7 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
     idx++;
 #endif
 #ifdef HAVE_ANON
-    options->haveAnon = exp[idx++];     /* User wants to allow Anon suites */
+    options->useAnon = exp[idx++];     /* User wants to allow Anon suites */
 #else
     idx++;
 #endif
@@ -2046,9 +2102,9 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
 
         /* possible AES state needed */
         if (type == WOLFSSL_EXPORT_TLS) {
-            *sz += AES_BLOCK_SIZE*2;
+            *sz += WC_AES_BLOCK_SIZE*2;
         }
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (ret == 0) {
@@ -2108,7 +2164,7 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
         }
     }
 
-    if (ret != 0 && ret != LENGTH_ONLY_E && buf != NULL) {
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) && buf != NULL) {
         /*in a fail case clear the buffer which could contain partial key info*/
         XMEMSET(buf, 0, *sz);
     }
@@ -2169,7 +2225,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
         ssl->options.haveECC  = 1;      /* server turns on with ECC key cert */
     }
 #endif
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
         ssl->options.haveFalconSig  = 1; /* always on client side */
@@ -2180,7 +2235,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
         ssl->options.haveDilithiumSig  = 1; /* always on client side */
     }
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
 
 #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
@@ -2210,6 +2264,225 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+/* Check the wolfssl method meets minimum requirements for
+ * the given security level.
+ *
+ * Returns  0 if method meets security level.
+ * Returns  CRYPTO_POLICY_FORBIDDEN otherwise.
+ * */
+static int wolfSSL_crypto_policy_method_allowed(WOLFSSL_METHOD * method,
+                                                int level)
+{
+    if (level == 0) {
+        /* permissive, no restrictions. */
+        return 0;
+    }
+
+    #ifdef WOLFSSL_DTLS
+    if (method->version.major == DTLS_MAJOR) {
+        if (method->version.minor == DTLS_MINOR) {
+            /* sec level must be 1 or lower. */
+            if (level > 1) {
+                return CRYPTO_POLICY_FORBIDDEN;
+            }
+        }
+    }
+    else
+    #endif /* WOLFSSL_DTLS */
+    {
+        if (method->version.minor == SSLv3_MINOR) {
+            /* sec level must be 0. */
+            if (level > 0) {
+                return CRYPTO_POLICY_FORBIDDEN;
+            }
+        }
+        else if (method->version.minor == TLSv1_MINOR ||
+                 method->version.minor == TLSv1_1_MINOR) {
+            /* sec level must be 1 or lower. */
+            if (level > 1) {
+                return CRYPTO_POLICY_FORBIDDEN;
+            }
+        }
+    }
+
+    /* nothing else to check, all other combinations ok. */
+
+    return 0;
+}
+
+/* Configure the CTX to conform to the security policy.
+ *
+ * Also, check the WOLFSSL_METHOD against the supplied security
+ * level.
+ *
+ * Returns  CRYPTO_POLICY_FORBIDDEN if not allowed per policy.
+ * Returns  BAD_FUNC_ARG on null args.
+ * Returns  0 if ok.
+ * */
+int wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx,
+                                   WOLFSSL_METHOD * method)
+{
+    byte         minDowngrade = 0x00;
+    #ifdef WOLFSSL_DTLS
+    int          dtls = 0;
+    #endif /* WOLFSSL_DTLS */
+    int          level = 0;
+    #if !defined(NO_DH) || !defined(NO_RSA)
+    word16       minKeySz = 0; /* minimum DH or RSA key size */
+    #endif /* !NO_DH || !NO_RSA*/
+    #ifdef HAVE_ECC
+    short        minEccKeySz = 0; /* minimum allowed ECC key size */
+    #endif /* HAVE_ECC */
+
+
+    if (ctx == NULL || method == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    #ifdef WOLFSSL_DTLS
+    dtls = (method->version.major == DTLS_MAJOR);
+    #endif /* WOLFSSL_DTLS */
+
+    /* get the crypto policy security level. */
+    level = wolfSSL_crypto_policy_get_level();
+
+    if (level < 0 || level > 5) {
+        WOLFSSL_MSG_EX("crypto_policy_init_ctx: invalid level: %d", level);
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check requested method per security level. */
+    if (wolfSSL_crypto_policy_method_allowed(method, level) != 0) {
+        WOLFSSL_MSG_EX("crypto_policy_init_ctx: "
+                       "method=%d, SECLEVEL=%d combination not allowed",
+                       method->version.minor, level);
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+
+    /* Set appropriate min downgrade per security level. */
+    #ifdef WOLFSSL_DTLS
+    if (dtls) {
+        switch (level) {
+        case 1:
+            minDowngrade = DTLS_MINOR;
+            break;
+        case 2:
+        case 3:
+        case 4:
+        case 5:
+            minDowngrade = DTLSv1_2_MINOR;
+            break;
+        case 0:
+        default:
+            /* Permissive, no restrictions. Allow defaults. */
+            minDowngrade = WOLFSSL_MIN_DTLS_DOWNGRADE;
+            break;
+        }
+    }
+    else
+    #endif /* WOLFSSL_DTLS */
+    {
+        switch (level) {
+        case 1:
+            /* prohibit SSLv3 and lower. */
+            minDowngrade = TLSv1_MINOR;
+            break;
+        case 2:
+        case 3:
+        case 4:
+        case 5:
+            /* prohibit TLSv1_1 and lower. */
+            minDowngrade = TLSv1_2_MINOR;
+            break;
+        case 0:
+        default:
+            ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE;
+            break;
+        }
+    }
+
+    /* Set min RSA and DH key size. */
+    #if !defined(NO_DH) || !defined(NO_RSA)
+    switch (level) {
+    case 1:
+        minKeySz = 128; /* 1024 bits / 8 */
+        break;
+    case 2:
+        minKeySz = 256; /* 2048 bits / 8 */
+        break;
+    case 3:
+        minKeySz = 384; /* 3072 bits / 8 */
+        break;
+    case 4:
+        minKeySz = 960; /* 7680 bits / 8 */
+        break;
+    case 5:
+        minKeySz = 1920; /* 15360 bits / 8 */
+        break;
+    case 0:
+    default:
+        break;
+    }
+    #endif /* !NO_DH || !NO_RSA*/
+
+    /* Set min ECC key size. */
+    #ifdef HAVE_ECC
+    switch (level) {
+    case 1:
+        minEccKeySz = 20; /* 160 bits / 8 */
+        break;
+    case 2:
+        minEccKeySz = 28; /* 224 bits / 8 */
+        break;
+    case 3:
+        minEccKeySz = 32; /* 256 bits / 8 */
+        break;
+    case 4:
+        minEccKeySz = 48; /* 384 bits / 8 */
+        break;
+    case 5:
+        minEccKeySz = 64; /* 512 bits / 8 */
+        break;
+    default:
+    case 0:
+        break;
+    }
+    #endif /* HAVE_ECC */
+
+    /* Finally set the ctx values. */
+    ctx->minDowngrade = minDowngrade;
+    ctx->secLevel = level;
+    ctx->method = method;
+
+    #if !defined(NO_DH) || !defined(NO_RSA)
+    if (minKeySz > 0) {
+        #ifndef NO_DH
+        if (minKeySz > MAX_DHKEY_SZ) {
+            WOLFSSL_MSG_EX("crypto_policy_init_ctx: minKeySz=%d, "
+                           "but MAX_DHKEY_SZ=%d",
+                           minKeySz, MAX_DHKEY_SZ);
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+        ctx->minDhKeySz  = minKeySz;
+        ctx->maxDhKeySz  = MAX_DHKEY_SZ;
+        #endif /* NO_DH */
+        #ifndef NO_RSA
+        ctx->minRsaKeySz = minKeySz;
+        #endif /* NO_RSA */
+    }
+    #endif /* !NO_DH || !NO_RSA*/
+
+    #ifdef HAVE_ECC
+    if (minEccKeySz > 0) {
+        ctx->minEccKeySz  = minEccKeySz;
+    }
+    #endif /* HAVE_ECC */
+
+    return 0;
+}
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 /* Initialize SSL context, return 0 on success */
 int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 {
@@ -2237,7 +2510,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
         ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE;
     }
 
-    wolfSSL_RefInit(&ctx->ref, &ret);
+    wolfSSL_RefWithMutexInit(&ctx->ref, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     if (ret < 0) {
         WOLFSSL_MSG("Mutex error on CTX init");
@@ -2251,6 +2524,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 
 #ifndef NO_CERTS
     ctx->privateKeyDevId = INVALID_DEVID;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    ctx->altPrivateKeyDevId = INVALID_DEVID;
+#endif
 #endif
 
 #ifndef NO_DH
@@ -2260,18 +2536,17 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 #ifndef NO_RSA
     ctx->minRsaKeySz = MIN_RSAKEY_SZ;
 #endif
+
 #ifdef HAVE_ECC
     ctx->minEccKeySz  = MIN_ECCKEY_SZ;
     ctx->eccTempKeySz = ECDHE_SIZE;
 #endif
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     ctx->minFalconKeySz = MIN_FALCONKEY_SZ;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
     ctx->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
     ctx->verifyDepth = MAX_CHAIN_DEPTH;
 #ifdef OPENSSL_EXTRA
     ctx->cbioFlag = WOLFSSL_CBIO_NONE;
@@ -2335,7 +2610,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
     wolfSSL_CTX_set_server_cert_type(ctx, NULL, 0); /* set to default */
 #endif /* HAVE_RPK */
 
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     if (method->side == WOLFSSL_CLIENT_END)
         ctx->haveFalconSig = 1;        /* always on client side */
@@ -2346,7 +2620,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
         ctx->haveDilithiumSig = 1;     /* always on client side */
                                        /* server can turn on by loading key */
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
 #ifdef HAVE_ECC
     if (method->side == WOLFSSL_CLIENT_END) {
         ctx->haveECDSAsig  = 1;        /* always on client side */
@@ -2398,22 +2671,27 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
         return MEMORY_E;
     }
     XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
+
     /* WOLFSSL_X509_LOOKUP */
-    if ((ctx->x509_store.lookup.dirs =
-                            (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
-                            heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
-        WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
-        XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
-        ctx->param = NULL;
+    if ((ctx->x509_store.lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(
+                           sizeof(WOLFSSL_BY_DIR),
+                           heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
+        WOLFSSL_MSG("ctx->x509_store.lookup.dirs: allocation error");
         return MEMORY_E;
     }
     XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
+
+    /* param */
+    if ((ctx->x509_store.param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
+                           sizeof(WOLFSSL_X509_VERIFY_PARAM),
+                           heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
+        WOLFSSL_MSG("ctx->x509_store.param: allocation error");
+        return MEMORY_E;
+    }
+    XMEMSET(ctx->x509_store.param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
+
     if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
         WOLFSSL_MSG("Bad mutex init");
-        XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
-        ctx->param = NULL;
-        XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
-        ctx->x509_store.lookup.dirs = NULL;
         WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E);
         return BAD_MUTEX_E;
     }
@@ -2435,7 +2713,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
 
 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
-#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
+#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
     ret = TicketEncCbCtx_Init(ctx, &ctx->ticketKeyCtx);
     if (ret != 0) return ret;
     ctx->ticketEncCb = DefTicketEncCb;
@@ -2483,6 +2761,14 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
     ctx->doAppleNativeCertValidationFlag = 0;
 #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    ret = wolfSSL_crypto_policy_init_ctx(ctx, method);
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("crypto_policy_init_ctx returned %d", ret);
+        return ret;
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     return ret;
 }
 
@@ -2501,7 +2787,7 @@ void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data)
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
 /* free all ech configs in the list */
-static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
+void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
 {
     WOLFSSL_EchConfig* working_config = configs;
     WOLFSSL_EchConfig* next_config;
@@ -2512,8 +2798,7 @@ static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
         XFREE(working_config->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(working_config->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
-        if (working_config->raw != NULL)
-            XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
         if (working_config->receiverPrivkey != NULL) {
             wc_HpkeFreeKey(NULL, working_config->kemId,
@@ -2557,13 +2842,13 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     wolfEventQueue_Free(&ctx->event_queue);
 #endif /* HAVE_WOLF_EVENT */
 
+#ifndef NO_TLS /* its a static global see ssl.c "gNoTlsMethod" */
     XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD);
+#endif
     ctx->method = NULL;
 
-    if (ctx->suites) {
-        XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
-        ctx->suites = NULL;
-    }
+    XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
+    ctx->suites = NULL;
 
 #ifndef NO_DH
     XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -2585,6 +2870,18 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         ForceZero(ctx->privateKey->buffer, ctx->privateKey->length);
     }
     FreeDer(&ctx->privateKey);
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    FreeDer(&ctx->privateKeyMask);
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (ctx->altPrivateKey != NULL && ctx->altPrivateKey->buffer != NULL) {
+        ForceZero(ctx->altPrivateKey->buffer, ctx->altPrivateKey->length);
+    }
+    FreeDer(&ctx->altPrivateKey);
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    FreeDer(&ctx->altPrivateKeyMask);
+#endif
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef OPENSSL_ALL
     wolfSSL_EVP_PKEY_free(ctx->privateKeyPKey);
 #endif
@@ -2650,9 +2947,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL);
         ctx->alpn_cli_protos = NULL;
     }
-    if (ctx->param) {
-        XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
-        ctx->param = NULL;
+    XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
+    ctx->param = NULL;
+
+    if (ctx->x509_store.param) {
+        XFREE(ctx->x509_store.param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
+        ctx->x509_store.param = NULL;
     }
 
     if (ctx->x509_store.lookup.dirs) {
@@ -2693,21 +2993,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     (void)heapAtCTXInit;
 }
 
-#ifdef WOLFSSL_STATIC_MEMORY
-static void SSL_CtxResourceFreeStaticMem(void* heap)
-{
-    if (heap != NULL
-    #ifdef WOLFSSL_HEAP_TEST
-        /* avoid dereferencing a test value */
-         && heap != (void*)WOLFSSL_HEAP_TEST
-    #endif
-    ) {
-        WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
-        WOLFSSL_HEAP*      mem  = hint->memory;
-        wc_FreeMutex(&mem->memory_mutex);
-    }
-}
-#endif /* WOLFSSL_STATIC_MEMORY */
 
 void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 {
@@ -2721,17 +3006,14 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 #endif
 
     /* decrement CTX reference count */
-    wolfSSL_RefDec(&ctx->ref, &isZero, &ret);
+    wolfSSL_RefWithMutexDec(&ctx->ref, &isZero, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     if (ret < 0) {
         /* check error state, if mutex error code then mutex init failed but
          * CTX was still malloc'd */
-        if (ctx->err == CTX_INIT_MUTEX_E) {
+        if (ctx->err == WC_NO_ERR_TRACE(CTX_INIT_MUTEX_E)) {
             SSL_CtxResourceFree(ctx);
             XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
-        #ifdef WOLFSSL_STATIC_MEMORY
-            SSL_CtxResourceFreeStaticMem(heap);
-        #endif
         }
         return;
     }
@@ -2741,17 +3023,23 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 
     if (isZero) {
         WOLFSSL_MSG("CTX ref count down to 0, doing full free");
-
+#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
+    !defined(NO_SHA256) && !defined(WC_NO_RNG)
+        if (ctx->srp != NULL) {
+            XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
+            ctx->srp_password = NULL;
+            wc_SrpTerm(ctx->srp);
+            XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
+            ctx->srp = NULL;
+        }
+#endif
         SSL_CtxResourceFree(ctx);
 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
-    !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
+    !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
         TicketEncCbCtx_Free(&ctx->ticketKeyCtx);
 #endif
         wolfSSL_RefFree(&ctx->ref);
         XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
-    #ifdef WOLFSSL_STATIC_MEMORY
-        SSL_CtxResourceFreeStaticMem(heap);
-    #endif
     }
     else {
         WOLFSSL_MSG("CTX ref count not 0 yet, no free");
@@ -2805,100 +3093,92 @@ void InitCiphers(WOLFSSL* ssl)
 
 }
 
+static void FreeCiphersSide(Ciphers *cipher, void* heap)
+{
+#ifdef BUILD_ARC4
+    wc_Arc4Free(cipher->arc4);
+    XFREE(cipher->arc4, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->arc4 = NULL;
+#endif
+#ifdef BUILD_DES3
+    wc_Des3Free(cipher->des3);
+    XFREE(cipher->des3, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->des3 = NULL;
+#endif
+#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
+    /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes,
+     * dec->aes) */
+    wc_AesFree(cipher->aes);
+    XFREE(cipher->aes, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->aes = NULL;
+#endif
+#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
+    wc_Sm4Free(cipher->sm4);
+    XFREE(cipher->sm4, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->sm4 = NULL;
+#endif
+#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
+    !defined(WOLFSSL_NO_TLS12)
+    XFREE(cipher->additional, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->additional = NULL;
+#endif
+#ifdef CIPHER_NONCE
+    XFREE(cipher->nonce, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->nonce = NULL;
+#endif
+#ifdef HAVE_ARIA
+    wc_AriaFreeCrypt(cipher->aria);
+    XFREE(cipher->aria, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->aria = NULL;
+#endif
+#ifdef HAVE_CAMELLIA
+    XFREE(cipher->cam, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->cam = NULL;
+#endif
+#ifdef HAVE_CHACHA
+    if (cipher->chacha)
+        ForceZero(cipher->chacha, sizeof(ChaCha));
+    XFREE(cipher->chacha, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->chacha = NULL;
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
+    wc_HmacFree(cipher->hmac);
+    XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->hmac = NULL;
+#endif
+}
 
 /* Free ciphers */
 void FreeCiphers(WOLFSSL* ssl)
 {
-    (void)ssl;
-#ifdef BUILD_ARC4
-    wc_Arc4Free(ssl->encrypt.arc4);
-    wc_Arc4Free(ssl->decrypt.arc4);
-    XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef BUILD_DES3
-    wc_Des3Free(ssl->encrypt.des3);
-    wc_Des3Free(ssl->decrypt.des3);
-    XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
-    /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */
-    wc_AesFree(ssl->encrypt.aes);
-    wc_AesFree(ssl->decrypt.aes);
-    XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-    wc_Sm4Free(ssl->encrypt.sm4);
-    wc_Sm4Free(ssl->decrypt.sm4);
-    XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
-    !defined(WOLFSSL_NO_TLS12)
-    XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef CIPHER_NONCE
-    XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_ARIA
-    wc_AriaFreeCrypt(ssl->encrypt.aria);
-    wc_AriaFreeCrypt(ssl->decrypt.aria);
-    XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CAMELLIA
-    XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CHACHA
-    if (ssl->encrypt.chacha)
-        ForceZero(ssl->encrypt.chacha, sizeof(ChaCha));
-    if (ssl->decrypt.chacha)
-        ForceZero(ssl->decrypt.chacha, sizeof(ChaCha));
-    XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
+    FreeCiphersSide(&ssl->encrypt, ssl->heap);
+    FreeCiphersSide(&ssl->decrypt, ssl->heap);
+
 #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
     if (ssl->auth.poly1305)
         ForceZero(ssl->auth.poly1305, sizeof(Poly1305));
     XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
-    wc_HmacFree(ssl->encrypt.hmac);
-    wc_HmacFree(ssl->decrypt.hmac);
-    XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    ssl->auth.poly1305 = NULL;
 #endif
 
 #ifdef WOLFSSL_DTLS13
 #ifdef BUILD_AES
-    if (ssl->dtlsRecordNumberEncrypt.aes != NULL) {
-        wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes);
-        XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-        ssl->dtlsRecordNumberEncrypt.aes = NULL;
-    }
-    if (ssl->dtlsRecordNumberDecrypt.aes != NULL) {
-        wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes);
-        XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-        ssl->dtlsRecordNumberDecrypt.aes = NULL;
-    }
+    wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes);
+    wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes);
+    XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    ssl->dtlsRecordNumberEncrypt.aes = NULL;
+    ssl->dtlsRecordNumberDecrypt.aes = NULL;
 #endif /* BUILD_AES */
 #ifdef HAVE_CHACHA
-    XFREE(ssl->dtlsRecordNumberEncrypt.chacha,
-          ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->dtlsRecordNumberDecrypt.chacha,
-          ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberEncrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberDecrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
     ssl->dtlsRecordNumberEncrypt.chacha = NULL;
     ssl->dtlsRecordNumberDecrypt.chacha = NULL;
 #endif /* HAVE_CHACHA */
 #endif /* WOLFSSL_DTLS13 */
 }
 
-
 void InitCipherSpecs(CipherSpecs* cs)
 {
     XMEMSET(cs, 0, sizeof(CipherSpecs));
@@ -2990,7 +3270,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
         }
         else
     #endif
-    #ifdef HAVE_PQC
     #ifdef HAVE_FALCON
         if (sigAlgo == falcon_level1_sa_algo) {
             ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
@@ -3020,7 +3299,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
         }
         else
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
 #ifdef WC_RSA_PSS
         if (sigAlgo == rsa_pss_sa_algo) {
             /* RSA PSS is sig then mac */
@@ -3039,7 +3317,7 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
     }
 }
 
-void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2,
+void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
     int keySz, word16* len)
 {
     word16 idx = 0;
@@ -3081,7 +3359,6 @@ void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2,
             &idx);
     }
 #endif
-#if defined(HAVE_PQC)
 #ifdef HAVE_FALCON
     if (haveSig & SIG_FALCON) {
         AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz,
@@ -3100,7 +3377,6 @@ void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2,
             keySz, &idx);
     }
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
     if (haveSig & SIG_RSA) {
     #ifdef WC_RSA_PSS
         if (tls1_2) {
@@ -3146,30 +3422,6 @@ void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int haveSig, int tls1_2,
     *len = idx;
 }
 
-void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
-    int haveFalconSig, int haveDilithiumSig, int haveAnon, int tls1_2,
-    int keySz)
-{
-    InitSuitesHashSigAlgo_ex(suites->hashSigAlgo, haveECDSAsig, haveRSAsig,
-            haveFalconSig, haveDilithiumSig, haveAnon, tls1_2, keySz,
-            &suites->hashSigAlgoSz);
-}
-
-void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig,
-    int haveRSAsig, int haveFalconSig, int haveDilithiumSig, int haveAnon,
-    int tls1_2, int keySz, word16* len)
-{
-    int have = 0;
-
-    if (haveECDSAsig)     have |= SIG_ECDSA;
-    if (haveRSAsig)       have |= SIG_RSA;
-    if (haveFalconSig)    have |= SIG_FALCON;
-    if (haveDilithiumSig) have |= SIG_DILITHIUM;
-    if (haveAnon)         have |= SIG_ANON;
-
-    InitSuitesHashSigAlgo_ex2(hashSigAlgo, have, tls1_2, keySz, len);
-}
-
 int AllocateCtxSuites(WOLFSSL_CTX* ctx)
 {
     if (ctx->suites == NULL) {
@@ -3205,8 +3457,8 @@ int AllocateSuites(WOLFSSL* ssl)
 void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
                 word16 havePSK, word16 haveDH, word16 haveECDSAsig,
                 word16 haveECC, word16 haveStaticRSA, word16 haveStaticECC,
-                word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon,
-                word16 haveNull, int side)
+                word16 haveAnon, word16 haveNull, word16 haveAES128,
+                word16 haveSHA1, word16 haveRC4, int side)
 {
     word16 idx = 0;
     int    tls    = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
@@ -3218,9 +3470,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     int    haveRSAsig = 1;
 
 #ifdef WOLFSSL_DTLS
-    /* If DTLS v1.2 or later than set tls1_2 flag */
-    if (pv.major == DTLS_MAJOR && pv.minor <= DTLSv1_2_MINOR) {
-        tls1_2 = 1;
+    if (pv.major == DTLS_MAJOR) {
+        dtls   = 1;
+        tls    = 1;
+        /* May be dead assignments dependent upon configuration */
+        (void) dtls;
+        (void) tls;
+        tls1_2 = pv.minor <= DTLSv1_2_MINOR;
     }
 #endif
 
@@ -3232,13 +3488,15 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     (void)haveStaticRSA;
     (void)haveStaticECC;
     (void)haveECC;
+    (void)haveECDSAsig;
     (void)side;
     (void)haveRSA;    /* some builds won't read */
     (void)haveRSAsig; /* non ecc builds won't read */
     (void)haveAnon;   /* anon ciphers optional */
     (void)haveNull;
-    (void)haveFalconSig;
-    (void)haveDilithiumSig;
+    (void)haveAES128;
+    (void)haveSHA1;
+    (void)haveRC4;
 
     if (suites == NULL) {
         WOLFSSL_MSG("InitSuites pointer error");
@@ -3249,13 +3507,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         return;      /* trust user settings, don't override */
 
 #ifdef WOLFSSL_TLS13
-#ifdef BUILD_TLS_AES_128_GCM_SHA256
-    if (tls1_3) {
-        suites->suites[idx++] = TLS13_BYTE;
-        suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
-    }
-#endif
-
 #ifdef BUILD_TLS_AES_256_GCM_SHA384
     if (tls1_3) {
         suites->suites[idx++] = TLS13_BYTE;
@@ -3263,6 +3514,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     }
 #endif
 
+#ifdef BUILD_TLS_AES_128_GCM_SHA256
+    if (tls1_3 && haveAES128) {
+        suites->suites[idx++] = TLS13_BYTE;
+        suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
+    }
+#endif
+
 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
     if (tls1_3) {
         suites->suites[idx++] = TLS13_BYTE;
@@ -3271,14 +3529,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_AES_128_CCM_SHA256
-    if (tls1_3) {
+    if (tls1_3 && haveAES128) {
         suites->suites[idx++] = TLS13_BYTE;
         suites->suites[idx++] = TLS_AES_128_CCM_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
-    if (tls1_3) {
+    if (tls1_3 && haveAES128) {
         suites->suites[idx++] = TLS13_BYTE;
         suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256;
     }
@@ -3330,17 +3588,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     haveRSAsig = 0;    /* can't have RSA sig if don't have RSA */
 #endif
 
-#ifdef WOLFSSL_DTLS
-    if (pv.major == DTLS_MAJOR) {
-        dtls   = 1;
-        tls    = 1;
-        /* May be dead assignments dependent upon configuration */
-        (void) dtls;
-        (void) tls;
-        tls1_2 = pv.minor <= DTLSv1_2_MINOR;
-    }
-#endif
-
 #ifdef HAVE_RENEGOTIATION_INDICATION
     if (side == WOLFSSL_CLIENT_END) {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3356,7 +3603,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3376,9 +3623,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     #ifdef OPENSSL_EXTRA
-    if ((tls1_2 && haveRSA) || (tls1_2 && haveECDSAsig)) {
+    if ((tls1_2 && haveRSA && haveAES128) ||
+        (tls1_2 && haveECDSAsig && haveAES128)) {
     #else
-    if (tls1_2 && haveRSA) {
+    if (tls1_2 && haveRSA && haveAES128) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
@@ -3393,7 +3641,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveDH && haveRSA) {
+    if (tls1_2 && haveDH && haveRSA && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3407,7 +3655,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveRSA && haveStaticRSA) {
+    if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3421,7 +3669,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveECC && haveStaticECC) {
+    if (tls1_2 && haveECC && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3435,7 +3683,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveRSAsig && haveStaticECC) {
+    if (tls1_2 && haveRSAsig && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3449,7 +3697,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256;
     }
@@ -3463,7 +3711,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
-    if (tls1_2 && haveDH && haveAnon) {
+    if (tls1_2 && haveDH && haveAnon && haveAES128 && haveSHA1) {
       suites->suites[idx++] = CIPHER_BYTE;
       suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
     }
@@ -3477,7 +3725,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveDH && havePSK) {
+    if (tls1_2 && haveDH && havePSK && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
     }
@@ -3491,7 +3739,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && havePSK) {
+    if (tls1_2 && havePSK && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
     }
@@ -3525,7 +3773,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 /* Place as higher priority for MYSQL */
 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
     }
@@ -3534,9 +3782,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     #ifdef OPENSSL_EXTRA
-    if ((tls1_2 && haveRSA) || (tls1_2 && haveECDSAsig)) {
+    if ((tls1_2 && haveRSA && haveAES128) ||
+        (tls1_2 && haveECDSAsig && haveAES128)) {
     #else
-    if (tls1_2 && haveRSA) {
+    if (tls1_2 && haveRSA && haveAES128) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
@@ -3544,21 +3793,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveRSAsig && haveStaticECC) {
+    if (tls1_2 && haveRSAsig && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveECC && haveStaticECC) {
+    if (tls1_2 && haveECC && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
     }
@@ -3597,56 +3846,56 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-    if (tls && haveECC) {
+    if (tls && haveECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-    if (tls && haveECC && haveStaticECC) {
+    if (tls && haveECC && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-    if (tls && haveECC) {
+    if (tls && haveECC && haveAES128 && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-    if (tls && haveECC && haveStaticECC) {
+    if (tls && haveECC && haveStaticECC && haveAES128 && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveECC) {
+    if (!dtls && tls && haveECC && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveECC && haveStaticECC) {
+    if (!dtls && tls && haveECC && haveStaticECC && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveECC) {
+    if (tls && haveECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveECC && haveStaticECC) {
+    if (tls && haveECC && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
     }
@@ -3654,9 +3903,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
     #ifdef OPENSSL_EXTRA
-    if ((tls && haveRSA) || (tls && haveECDSAsig)) {
+    if ((tls && haveRSA && haveSHA1) || (tls && haveECDSAsig && haveSHA1)) {
     #else
-    if (tls && haveRSA) {
+    if (tls && haveRSA && haveSHA1) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
@@ -3664,7 +3913,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveRSAsig && haveStaticECC) {
+    if (tls && haveRSAsig && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
     }
@@ -3672,9 +3921,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     #ifdef OPENSSL_EXTRA
-    if ((tls && haveRSA) || (tls && haveECDSAsig)) {
+    if ((tls && haveRSA && haveAES128 && haveSHA1) ||
+        (tls && haveECDSAsig && haveAES128 && haveSHA1)) {
     #else
-    if (tls && haveRSA) {
+    if (tls && haveRSA && haveAES128 && haveSHA1) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
@@ -3682,21 +3932,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveRSAsig && haveStaticECC) {
+    if (tls && haveRSAsig && haveStaticECC && haveAES128 && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveRSA) {
+    if (!dtls && tls && haveRSA && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveRSAsig && haveStaticECC) {
+    if (!dtls && tls && haveRSAsig && haveStaticECC && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
     }
@@ -3704,9 +3954,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     #ifdef OPENSSL_EXTRA
-    if ((tls && haveRSA) || (tls && haveECDSAsig)) {
+    if ((tls && haveRSA && haveSHA1) || (tls && haveECDSAsig && haveSHA1)) {
     #else
-    if (tls && haveRSA) {
+    if (tls && haveRSA && haveSHA1) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
@@ -3714,21 +3964,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveRSAsig && haveStaticECC) {
+    if (tls && haveRSAsig && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
     }
@@ -3742,7 +3992,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
-    if (tls1_2 && haveRSA && haveStaticRSA) {
+    if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
     }
@@ -3769,9 +4019,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && haveDH && haveRSA)
+    if (tls1_2 && haveDH && haveRSA && haveAES128)
 #else
-    if (tls && haveDH && haveRSA)
+    if (tls && haveDH && haveRSA && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3782,7 +4032,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 /* Place as higher priority for MYSQL testing */
 #if !defined(WOLFSSL_MYSQL_COMPATIBLE)
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
     }
@@ -3790,14 +4040,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveAES128 && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
     }
@@ -3817,9 +4067,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && haveRSA && haveStaticRSA)
+    if (tls1_2 && haveRSA && haveStaticRSA && haveAES128)
 #else
-    if (tls && haveRSA && haveStaticRSA)
+    if (tls && haveRSA && haveStaticRSA && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3828,14 +4078,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveAES128 && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
     }
@@ -3872,7 +4122,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
-    if (tls && haveECC && haveNull) {
+    if (tls && haveECC && haveNull && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
     }
@@ -3886,7 +4136,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
-    if (tls && haveRSA && haveNull && haveStaticRSA) {
+    if (tls && haveRSA && haveNull && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
     }
@@ -3905,7 +4155,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
-    if (tls && havePSK) {
+    if (tls && havePSK && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
     }
@@ -3937,9 +4187,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && haveDH && havePSK)
+    if (tls1_2 && haveDH && havePSK && haveAES128)
 #else
-    if (tls && haveDH && havePSK)
+    if (tls && haveDH && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3949,9 +4199,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && havePSK)
+    if (tls1_2 && havePSK && haveAES128)
 #else
-    if (tls1 && havePSK)
+    if (tls1 && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3960,14 +4210,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
-    if (tls && havePSK) {
+    if (tls && havePSK && haveAES128 && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
-    if (tls && haveDH && havePSK) {
+    if (tls && haveDH && havePSK && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
     }
@@ -4018,9 +4268,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && havePSK)
+    if (tls1_2 && havePSK && haveAES128)
 #else
-    if (tls && havePSK)
+    if (tls && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = ECC_BYTE;
@@ -4030,9 +4280,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && havePSK)
+    if (tls1_2 && havePSK && haveAES128)
 #else
-    if (tls && havePSK)
+    if (tls && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = ECDHE_PSK_BYTE;
@@ -4041,7 +4291,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
-    if (tls && havePSK) {
+    if (tls && havePSK && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
     }
@@ -4055,7 +4305,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
-    if (tls && havePSK) {
+    if (tls && havePSK && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
     }
@@ -4136,49 +4386,49 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
-    if (!dtls && haveRSA && haveStaticRSA) {
+    if (!dtls && haveRSA && haveStaticRSA && haveSHA1 && haveRC4) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
-    if (!dtls && haveRSA && haveStaticRSA) {
+    if (!dtls && haveRSA && haveStaticRSA && haveRC4) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
     }
 #endif
 
 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
-    if (haveRSA && haveStaticRSA) {
+    if (haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-    if (tls && haveDH && haveRSA && haveStaticRSA) {
+    if (tls && haveDH && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-    if (tls && haveDH && haveRSA && haveStaticRSA) {
+    if (tls && haveDH && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
     }
@@ -4256,18 +4506,25 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     suites->suiteSz = idx;
 
     if (suites->hashSigAlgoSz == 0) {
-        int haveSig = 0;
-        haveSig |= (haveRSAsig | haveRSA) ? SIG_RSA : 0;
-        haveSig |= (haveECDSAsig | haveECC) ? SIG_ECDSA : 0;
-    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-        haveSig |= (haveECDSAsig | haveECC) ? SIG_SM2 : 0;
-    #endif
-        haveSig |= haveFalconSig ? SIG_FALCON : 0;
-        haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0;
-        haveSig &= ~SIG_ANON;
-        InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, tls1_2, keySz,
+        InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, keySz,
             &suites->hashSigAlgoSz);
     }
+
+    /* Moved to the end as we set some of the vars but never use them */
+    (void)tls;  /* shut up compiler */
+    (void)tls1_2;
+    (void)dtls;
+    (void)haveDH;
+    (void)havePSK;
+    (void)haveStaticRSA;
+    (void)haveStaticECC;
+    (void)haveECC;
+    (void)haveECDSAsig;
+    (void)side;
+    (void)haveRSA;    /* some builds won't read */
+    (void)haveRSAsig; /* non ecc builds won't read */
+    (void)haveAnon;   /* anon ciphers optional */
+    (void)haveNull;
 }
 
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \
@@ -4325,35 +4582,37 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
             }
             break;
     #endif
-#ifdef HAVE_PQC
-        case PQC_SA_MAJOR:
-            /* Hash performed as part of sign/verify operation. */
+    /* Hash performed as part of sign/verify operation.
+     * However, if we want a dual alg signature with a classic algorithm as
+     * alternative, we need an explicit hash algo here. */
     #ifdef HAVE_FALCON
+        case FALCON_SA_MAJOR:
             if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                 *hsType = falcon_level1_sa_algo;
-                *hashAlgo = sha512_mac;
+                *hashAlgo = sha256_mac;
             }
             else if (input[1] == FALCON_LEVEL5_SA_MINOR) {
                 *hsType = falcon_level5_sa_algo;
                 *hashAlgo = sha512_mac;
             }
+            break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        case DILITHIUM_SA_MAJOR:
             if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                 *hsType = dilithium_level2_sa_algo;
-                *hashAlgo = sha512_mac;
+                *hashAlgo = sha256_mac;
             }
             else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
                 *hsType = dilithium_level3_sa_algo;
-                *hashAlgo = sha512_mac;
+                *hashAlgo = sha384_mac;
             }
             else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
                 *hsType = dilithium_level5_sa_algo;
                 *hashAlgo = sha512_mac;
             }
-    #endif /* HAVE_DILITHIUM */
             break;
-#endif
+    #endif /* HAVE_DILITHIUM */
         default:
             *hashAlgo = input[0];
             *hsType   = input[1];
@@ -4504,23 +4763,17 @@ void FreeX509(WOLFSSL_X509* x509)
         x509->authKeyId = NULL;
         XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
         x509->subjKeyId = NULL;
-        if (x509->authInfo != NULL) {
-            XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
-            x509->authInfo = NULL;
-        }
-        if (x509->rawCRLInfo != NULL) {
-            XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
-            x509->rawCRLInfo = NULL;
-        }
-        if (x509->CRLInfo != NULL) {
-            XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
-            x509->CRLInfo = NULL;
-        }
+        wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
+        x509->subjKeyIdStr = NULL;
+        XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->authInfo = NULL;
+        XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->rawCRLInfo = NULL;
+        XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->CRLInfo = NULL;
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
             defined(WOLFSSL_QT)
-        if (x509->authInfoCaIssuer != NULL) {
-            XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT);
-        }
+        XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT);
         if (x509->ext_sk != NULL) {
             wolfSSL_sk_X509_EXTENSION_pop_free(x509->ext_sk, NULL);
         }
@@ -4575,6 +4828,17 @@ void FreeX509(WOLFSSL_X509* x509)
         x509->altNames = NULL;
     }
 
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+    XFREE(x509->sapkiDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+    x509->sapkiDer = NULL;
+    XFREE(x509->altSigAlgDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+    x509->altSigAlgDer = NULL;
+    if (x509->altSigValDer) {
+        XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->altSigValDer= NULL;
+    }
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
         wolfSSL_RefFree(&x509->ref);
     #endif
@@ -4688,8 +4952,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
 #endif /* !NO_CERTS */
 
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-static word32 MacSize(const WOLFSSL* ssl)
+word32 MacSize(const WOLFSSL* ssl)
 {
 #ifdef HAVE_TRUNCATED_HMAC
     word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
@@ -4700,7 +4963,6 @@ static word32 MacSize(const WOLFSSL* ssl)
 
     return digestSz;
 }
-#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
 
 #ifndef NO_RSA
 #if !defined(WOLFSSL_NO_TLS12) || \
@@ -4840,14 +5102,14 @@ int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (key && ret == WC_PENDING_E) {
+    if (key && ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     /* For positive response return in outSz */
     if (ret > 0) {
-        *outSz = ret;
+        *outSz = (word32)ret;
         ret = 0;
     }
 
@@ -4860,7 +5122,7 @@ int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
               int hashAlgo, RsaKey* key, buffer* keyBufInfo)
 {
-    int ret = SIG_VERIFY_E;
+    int ret = WC_NO_ERR_TRACE(SIG_VERIFY_E);
 
 #ifdef HAVE_PK_CALLBACKS
     const byte* keyBuf = NULL;
@@ -4887,7 +5149,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
 #endif
 
 #if defined(WC_RSA_PSS)
-    if (sigAlgo == rsa_pss_sa_algo) {
+    if (sigAlgo == rsa_pss_sa_algo || sigAlgo == rsa_pss_pss_algo) {
         enum wc_HashType hashType = WC_HASH_TYPE_NONE;
         int mgf = 0;
 
@@ -4916,7 +5178,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
         !defined(WOLFSSL_RENESAS_TSIP_TLS)
     else
     #else
-    if (!ssl->ctx->RsaVerifyCb || ret == CRYPTOCB_UNAVAILABLE)
+    if (!ssl->ctx->RsaVerifyCb || ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
     #endif
 #endif /*HAVE_PK_CALLBACKS */
     {
@@ -4925,7 +5187,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -4998,7 +5260,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
                                            TypeHash(hashAlgo), mgf,
                                            keyBuf, keySz, ctx);
             if (ret > 0) {
-                ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret,
+                ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, (word32)ret,
                                              hashType);
                 if (ret != 0) {
                     ret = VERIFY_CERT_ERROR;
@@ -5016,7 +5278,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
                 ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret,
                                              hashType);
     #else
-                ret = wc_RsaPSS_CheckPadding_ex(plain, plainSz, out, ret,
+                ret = wc_RsaPSS_CheckPadding_ex(plain, plainSz, out, (word32)ret,
                                                 hashType, -1,
                                                 mp_count_bits(&key->n));
     #endif
@@ -5063,7 +5325,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (key && ret == WC_PENDING_E) {
+    if (key && ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5123,7 +5385,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5143,7 +5405,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
     RsaKey* key, buffer* keyBufInfo)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 #ifdef HAVE_PK_CALLBACKS
     const byte* keyBuf = NULL;
     word32 keySz = 0;
@@ -5175,7 +5437,7 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
         !defined(WOLFSSL_RENESAS_TSIP_TLS)
     else
     #else
-    if (!ssl->ctx->RsaEncCb || ret == CRYPTOCB_UNAVAILABLE)
+    if (!ssl->ctx->RsaEncCb || ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
     #endif
 #endif /* HAVE_PK_CALLBACKS */
     {
@@ -5184,14 +5446,14 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     /* For positive response return in outSz */
     if (ret > 0) {
-        *outSz = ret;
+        *outSz = (word32)ret;
         ret = 0;
     }
 
@@ -5244,7 +5506,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
         ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf,
             keySz, ctx);
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-        if (ret == CRYPTOCB_UNAVAILABLE) {
+        if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key);
         }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
@@ -5257,7 +5519,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (key && ret == WC_PENDING_E) {
+    if (key && ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5270,7 +5532,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
     word32 outSz, ecc_key* key, buffer* keyBufInfo)
 {
-    int ret = SIG_VERIFY_E;
+    int ret = WC_NO_ERR_TRACE(SIG_VERIFY_E);
 #ifdef HAVE_PK_CALLBACKS
     const byte* keyBuf = NULL;
     word32 keySz = 0;
@@ -5304,7 +5566,7 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
         !defined(WOLFSSL_MAXQ108X)
     else
     #else
-    if (!ssl->ctx->EccVerifyCb || ret == CRYPTOCB_UNAVAILABLE)
+    if (!ssl->ctx->EccVerifyCb || ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
     #endif
 #endif /* HAVE_PK_CALLBACKS  */
     {
@@ -5313,7 +5575,7 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
     else
@@ -5386,7 +5648,7 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5445,7 +5707,7 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
 #ifdef HAVE_PK_CALLBACKS
     if (ssl->ctx->EccKeyGenCb) {
         void* ctx = wolfSSL_GetEccKeyGenCtx(ssl);
-        ret = ssl->ctx->EccKeyGenCb(ssl, key, keySz, ecc_curve, ctx);
+        ret = ssl->ctx->EccKeyGenCb(ssl, key, (unsigned int)keySz, ecc_curve, ctx);
     }
     else
 #endif
@@ -5463,7 +5725,7 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5503,7 +5765,7 @@ int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id, word32 idSz, const byte* sig,
     word32 sigSz, const byte* msg, word32 msgSz, ecc_key* key,
     buffer* keyBufInfo)
 {
-    int ret = SIG_VERIFY_E;
+    int ret = WC_NO_ERR_TRACE(SIG_VERIFY_E);
     byte hash[WC_SM3_DIGEST_SIZE];
 
     (void)ssl;
@@ -5626,7 +5888,7 @@ int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5700,7 +5962,7 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
     else
@@ -5726,7 +5988,6 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
      */
     static int X25519GetKey(WOLFSSL* ssl, curve25519_key** otherKey)
     {
-        int ret = NO_PEER_KEY;
         struct curve25519_key* tmpKey = NULL;
 
         if (ssl == NULL || otherKey == NULL) {
@@ -5749,10 +6010,11 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
 
         if (tmpKey) {
             *otherKey = (curve25519_key *)tmpKey;
-            ret = 0;
+            return 0;
+        }
+        else {
+            return NO_PEER_KEY;
         }
-
-        return ret;
     }
 #endif /* HAVE_PK_CALLBACKS */
 
@@ -5790,13 +6052,19 @@ static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key,
     else
 #endif
     {
-        ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen,
-                                             EC25519_LITTLE_ENDIAN);
+    #ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_set_rng(priv_key, ssl->rng);
+        if (ret == 0)
+    #endif
+        {
+            ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen,
+                                                 EC25519_LITTLE_ENDIAN);
+        }
     }
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5842,7 +6110,7 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -5950,7 +6218,7 @@ int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -6024,7 +6292,7 @@ int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
     else
@@ -6050,7 +6318,6 @@ int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
      */
     static int X448GetKey(WOLFSSL* ssl, curve448_key** otherKey)
     {
-        int ret = NO_PEER_KEY;
         struct curve448_key* tmpKey = NULL;
 
         if (ssl == NULL || otherKey == NULL) {
@@ -6072,10 +6339,11 @@ int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
 
         if (tmpKey) {
             *otherKey = (curve448_key *)tmpKey;
-            ret = 0;
+            return 0;
+        }
+        else {
+            return NO_PEER_KEY;
         }
-
-        return ret;
     }
 #endif /* HAVE_PK_CALLBACKS */
 
@@ -6120,7 +6388,7 @@ static int X448SharedSecret(WOLFSSL* ssl, curve448_key* priv_key,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -6165,7 +6433,7 @@ static int X448MakeKey(WOLFSSL* ssl, curve448_key* key, curve448_key* peer)
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -6202,7 +6470,7 @@ int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
         ret = ssl->ctx->DhGenerateKeyPairCb(dhKey, ssl->rng, priv, privSz,
                                             pub, pubSz);
     }
-    if (ret == NOT_COMPILED_IN)
+    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
 #endif
     {
         PRIVATE_KEY_UNLOCK();
@@ -6212,7 +6480,7 @@ int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -6282,7 +6550,7 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
 
     /* Handle async pending response */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev);
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -6368,19 +6636,19 @@ int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx)
 static void InitSuites_EitherSide(Suites* suites, ProtocolVersion pv, int keySz,
         word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig,
         word16 haveECC, word16 haveStaticECC,
-        word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon,
+        word16 haveAnon,
         int side)
 {
     /* make sure server has DH params, and add PSK if there */
     if (side == WOLFSSL_SERVER_END) {
         InitSuites(suites, pv, keySz, haveRSA, havePSK, haveDH, haveECDSAsig,
-                   haveECC, TRUE, haveStaticECC, haveFalconSig,
-                   haveDilithiumSig, haveAnon, TRUE, side);
+                   haveECC, TRUE, haveStaticECC,
+                   haveAnon, TRUE, TRUE, TRUE, TRUE, side);
     }
     else {
         InitSuites(suites, pv, keySz, haveRSA, havePSK, TRUE, haveECDSAsig,
-                   haveECC, TRUE, haveStaticECC, haveFalconSig,
-                   haveDilithiumSig, haveAnon, TRUE, side);
+                   haveECC, TRUE, haveStaticECC,
+                   haveAnon, TRUE, TRUE, TRUE, TRUE, side);
     }
 }
 
@@ -6397,14 +6665,14 @@ void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx)
     havePSK = ctx->havePSK;
 #endif /* NO_PSK */
 #ifdef HAVE_ANON
-    haveAnon = ctx->haveAnon;
+    haveAnon = ctx->useAnon;
 #endif /* HAVE_ANON*/
 #ifndef NO_CERTS
     keySz = ctx->privateKeySz;
 #endif
     InitSuites_EitherSide(ctx->suites, ctx->method->version, keySz,
             haveRSA, havePSK, ctx->haveDH, ctx->haveECDSAsig, ctx->haveECC,
-            ctx->haveStaticECC, ctx->haveFalconSig, ctx->haveDilithiumSig,
+            ctx->haveStaticECC,
             haveAnon, ctx->method->side);
 }
 
@@ -6430,7 +6698,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
 #endif /* NO_PSK */
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
 #ifdef HAVE_ANON
-    haveAnon = (byte)ssl->options.haveAnon;
+    haveAnon = (byte)ssl->options.useAnon;
 #endif /* HAVE_ANON*/
 #ifdef WOLFSSL_MULTICAST
     haveMcast = (byte)ssl->options.haveMcast;
@@ -6459,8 +6727,7 @@ int InitSSL_Suites(WOLFSSL* ssl)
         InitSuites_EitherSide(ssl->suites, ssl->version, keySz, haveRSA,
                 havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
                 ssl->options.haveECC, ssl->options.haveStaticECC,
-                ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                ssl->options.haveAnon, ssl->options.side);
+                ssl->options.useAnon, ssl->options.side);
     }
 
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@@ -6573,7 +6840,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef OPENSSL_EXTRA
     #ifdef WOLFSSL_TLS13
     if (ssl->version.minor == TLSv1_3_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.3 set but not "
                         "allowed and downgrading disabled.");
@@ -6585,7 +6852,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     }
     #endif
     if (ssl->version.minor == TLSv1_2_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.2 set but not "
                         "allowed and downgrading disabled.");
@@ -6596,7 +6863,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = TLSv1_1_MINOR;
     }
     if (ssl->version.minor == TLSv1_1_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.1 set but not "
                         "allowed and downgrading disabled.");
@@ -6608,7 +6875,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = TLSv1_MINOR;
     }
     if (ssl->version.minor == TLSv1_MINOR &&
-        (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
+        (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1 set but not "
                         "allowed and downgrading disabled.");
@@ -6621,7 +6888,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = SSLv3_MINOR;
     }
     if (ssl->version.minor == SSLv3_MINOR &&
-        (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
+        (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) {
         WOLFSSL_MSG("\tError, option set to not allow SSLv3");
         WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
         return VERSION_ERROR;
@@ -6651,8 +6918,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
      * then we possibly already have a side defined. Don't overwrite unless
      * the context has a well defined role. */
     if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END)
-        ssl->options.side      = ctx->method->side;
-    ssl->options.downgrade    = ctx->method->downgrade;
+        ssl->options.side      = (word16)(ctx->method->side);
+    ssl->options.downgrade    = (word16)(ctx->method->downgrade);
     ssl->options.minDowngrade = ctx->minDowngrade;
 
     ssl->options.haveRSA          = ctx->haveRSA;
@@ -6664,7 +6931,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
 
 #ifndef NO_PSK
-    ssl->options.havePSK       = ctx->havePSK;
+    ssl->options.havePSK       = (word16)(ctx->havePSK);
     ssl->options.client_psk_cb = ctx->client_psk_cb;
     ssl->options.server_psk_cb = ctx->server_psk_cb;
     ssl->options.psk_ctx       = ctx->psk_ctx;
@@ -6680,7 +6947,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 
 #ifdef HAVE_ANON
-    ssl->options.haveAnon = ctx->haveAnon;
+    ssl->options.useAnon = ctx->useAnon;
 #endif
 #ifndef NO_DH
     ssl->options.minDhKeySz = ctx->minDhKeySz;
@@ -6692,14 +6959,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef HAVE_ECC
     ssl->options.minEccKeySz = ctx->minEccKeySz;
 #endif
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     ssl->options.minFalconKeySz = ctx->minFalconKeySz;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
     ssl->options.minDilithiumKeySz = ctx->minDilithiumKeySz;
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     ssl->options.verifyDepth = ctx->verifyDepth;
 #endif
@@ -6736,18 +7001,109 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif /* HAVE_RPK */
 
 #ifndef NO_CERTS
+#ifdef WOLFSSL_COPY_CERT
+    /* If WOLFSSL_COPY_CERT is defined, always copy the cert */
+    if (ctx->certificate != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
+            ctx->certificate->length, ctx->certificate->type,
+            ctx->certificate->heap);
+        if (ret != 0) {
+            return ret;
+        }
+
+        ssl->buffers.weOwnCert = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+    if (ctx->certChain != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
+            ctx->certChain->length, ctx->certChain->type,
+            ctx->certChain->heap);
+        if (ret != 0) {
+            return ret;
+        }
+
+        ssl->buffers.weOwnCertChain = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+#else
     /* ctx still owns certificate, certChain, key, dh, and cm */
     ssl->buffers.certificate = ctx->certificate;
     ssl->buffers.certChain = ctx->certChain;
+#endif
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
+#ifndef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_COPY_KEY
+    if (ctx->privateKey != NULL) {
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+        }
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
+        ssl->buffers.weOwnKey = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
+#else
     ssl->buffers.key      = ctx->privateKey;
+#endif
+#else
+    if (ctx->privateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
+        ssl->buffers.weOwnKey = 1;
+        /* Blind the private key for the SSL with new random mask. */
+        wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            &ssl->buffers.keyMask);
+        if (ret != 0) {
+            return ret;
+        }
+    }
+#endif
     ssl->buffers.keyType  = ctx->privateKeyType;
     ssl->buffers.keyId    = ctx->privateKeyId;
     ssl->buffers.keyLabel = ctx->privateKeyLabel;
     ssl->buffers.keySz    = ctx->privateKeySz;
     ssl->buffers.keyDevId = ctx->privateKeyDevId;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#ifndef WOLFSSL_BLIND_PRIVATE_KEY
+    ssl->buffers.altKey   = ctx->altPrivateKey;
+#else
+    if (ctx->altPrivateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
+            ctx->altPrivateKey->length, ctx->altPrivateKey->type,
+            ctx->altPrivateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
+        /* Blind the private key for the SSL with new random mask. */
+        wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
+            &ssl->buffers.altKeyMask);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = WOLFSSL_SUCCESS;
+    }
+#endif
+    ssl->buffers.altKeyType  = ctx->altPrivateKeyType;
+    ssl->buffers.altKeyId    = ctx->altPrivateKeyId;
+    ssl->buffers.altKeyLabel = ctx->altPrivateKeyLabel;
+    ssl->buffers.altKeySz    = ctx->altPrivateKeySz;
+    ssl->buffers.altKeyDevId = ctx->altPrivateKeyDevId;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif
 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
                ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
@@ -6786,7 +7142,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         }
     }  /* writeDup check */
 
-    if (ctx->mask != 0 && wolfSSL_set_options(ssl, ctx->mask) == 0) {
+    if (ctx->mask != 0 && wolfSSL_set_options(ssl, (long)ctx->mask) == 0) {
         WOLFSSL_MSG("wolfSSL_set_options error");
         return BAD_FUNC_ARG;
     }
@@ -6809,12 +7165,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
     /* Don't change recv callback if currently using BIO's */
-    if (ssl->CBIORecv != BioReceive)
+    if (ssl->CBIORecv != SslBioReceive)
 #endif
         ssl->CBIORecv = ctx->CBIORecv;
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
     /* Don't change send callback if currently using BIO's */
-    if (ssl->CBIOSend != BioSend)
+    if (ssl->CBIOSend != SslBioSend)
 #endif
         ssl->CBIOSend = ctx->CBIOSend;
     ssl->verifyDepth = ctx->verifyDepth;
@@ -6919,7 +7275,7 @@ void FreeHandshakeHashes(WOLFSSL* ssl)
          (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \
         !defined(WOLFSSL_NO_CLIENT_AUTH)
         if (ssl->hsHashes->messages != NULL) {
-            ForceZero(ssl->hsHashes->messages, ssl->hsHashes->length);
+            ForceZero(ssl->hsHashes->messages, (word32)ssl->hsHashes->length);
             XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
             ssl->hsHashes->messages = NULL;
          }
@@ -6934,7 +7290,7 @@ void FreeHandshakeHashes(WOLFSSL* ssl)
 int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
   HS_Hashes** destination)
 {
-    int ret = 0;
+    int ret;
     HS_Hashes* tmpHashes;
 
     if (source == NULL)
@@ -6944,7 +7300,11 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
     tmpHashes = ssl->hsHashes;
     ssl->hsHashes = *destination;
 
-    InitHandshakeHashes(ssl);
+    ret = InitHandshakeHashes(ssl);
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret);
+        return ret;
+    }
 
     *destination = ssl->hsHashes;
     ssl->hsHashes = tmpHashes;
@@ -6952,50 +7312,51 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
   /* now copy the source contents to the destination */
 #ifndef NO_OLD_TLS
     #ifndef NO_SHA
-        ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha);
+    ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha);
     #endif
     #ifndef NO_MD5
-        if (ret == 0)
-            ret = wc_Md5Copy(&source->hashMd5, &(*destination)->hashMd5);
+    if (ret == 0)
+        ret = wc_Md5Copy(&source->hashMd5, &(*destination)->hashMd5);
     #endif
     #endif /* !NO_OLD_TLS */
     #ifndef NO_SHA256
-        if (ret == 0)
-            ret = wc_Sha256Copy(&source->hashSha256,
-                &(*destination)->hashSha256);
+    if (ret == 0)
+        ret = wc_Sha256Copy(&source->hashSha256,
+            &(*destination)->hashSha256);
     #endif
     #ifdef WOLFSSL_SHA384
-        if (ret == 0)
-            ret = wc_Sha384Copy(&source->hashSha384,
-                &(*destination)->hashSha384);
+    if (ret == 0)
+        ret = wc_Sha384Copy(&source->hashSha384,
+            &(*destination)->hashSha384);
     #endif
     #ifdef WOLFSSL_SHA512
-        if (ret == 0)
-            ret = wc_Sha512Copy(&source->hashSha512,
-                &(*destination)->hashSha512);
+    if (ret == 0)
+        ret = wc_Sha512Copy(&source->hashSha512,
+            &(*destination)->hashSha512);
     #endif
     #ifdef WOLFSSL_SM3
-        if (ret == 0)
-            ret = wc_Sm3Copy(&source->hashSm3,
-                &(*destination)->hashSm3);
+    if (ret == 0)
+        ret = wc_Sm3Copy(&source->hashSm3,
+            &(*destination)->hashSm3);
     #endif
     #if (defined(HAVE_ED25519) || defined(HAVE_ED448) || \
          (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \
         !defined(WOLFSSL_NO_CLIENT_AUTH)
-        if (ret == 0 && source->messages != NULL) {
-            (*destination)->messages = (byte*)XMALLOC(source->length, ssl->heap,
-                DYNAMIC_TYPE_HASHES);
-            (*destination)->length = source->length;
-            (*destination)->prevLen = source->prevLen;
+    if (ret == 0 && source->messages != NULL) {
+        (*destination)->messages = (byte*)XMALLOC((size_t)source->length,
+        ssl->heap,
+        (int)DYNAMIC_TYPE_HASHES);
+        (*destination)->length = source->length;
+        (*destination)->prevLen = source->prevLen;
 
-            if ((*destination)->messages == NULL) {
-                ret = MEMORY_E;
-            }
-            else {
-                XMEMCPY((*destination)->messages, source->messages,
-                    source->length);
-            }
+        if ((*destination)->messages == NULL) {
+            ret = MEMORY_E;
         }
+        else {
+            XMEMCPY((*destination)->messages, source->messages,
+                (size_t)source->length);
+        }
+    }
     #endif
 
     return ret;
@@ -7122,6 +7483,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
         ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap));
 
+        ssl_hint->memory = ctx_hint->memory;
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
+    #ifndef SINGLE_THREADED
         /* lock and check IO count / handshake count */
         if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
             WOLFSSL_MSG("Bad memory_mutex lock");
@@ -7130,10 +7494,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E);
             return BAD_MUTEX_E;
         }
+    #endif
         if (ctx_hint->memory->maxHa > 0 &&
                            ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) {
             WOLFSSL_MSG("At max number of handshakes for static memory");
+        #ifndef SINGLE_THREADED
             wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+        #endif
             XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
             ssl->heap = NULL; /* free and set to NULL for IO counter */
             return MEMORY_E;
@@ -7142,16 +7509,19 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         if (ctx_hint->memory->maxIO > 0 &&
                            ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) {
             WOLFSSL_MSG("At max number of IO allowed for static memory");
+        #ifndef SINGLE_THREADED
             wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+        #endif
             XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
             ssl->heap = NULL; /* free and set to NULL for IO counter */
             return MEMORY_E;
         }
         ctx_hint->memory->curIO++;
         ctx_hint->memory->curHa++;
-        ssl_hint->memory = ctx_hint->memory;
         ssl_hint->haFlag = 1;
+    #ifndef SINGLE_THREADED
         wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+    #endif
 
         /* check if tracking stats */
         if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) {
@@ -7165,26 +7535,37 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
         /* check if using fixed IO buffers */
         if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) {
+        #ifndef SINGLE_THREADED
             if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
                 WOLFSSL_MSG("Bad memory_mutex lock");
                 WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E);
                 return BAD_MUTEX_E;
             }
+        #endif
             if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) {
+            #ifndef SINGLE_THREADED
                 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+            #endif
                 return MEMORY_E;
             }
             if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) {
+            #ifndef SINGLE_THREADED
                 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+            #endif
                 return MEMORY_E;
             }
             if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) {
                 WOLFSSL_MSG("Not enough memory to create fixed IO buffers");
+            #ifndef SINGLE_THREADED
                 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+            #endif
                 return MEMORY_E;
             }
+       #ifndef SINGLE_THREADED
             wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
+        #endif
         }
+    #endif /* !WOLFSSL_STATIC_MEMORY_LEAN */
     #ifdef WOLFSSL_HEAP_TEST
         }
     #endif
@@ -7202,6 +7583,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
     ssl->buffers.outputBuffer.bufferSize  = STATIC_BUFFER_LEN;
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    {
+        int i;
+        for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+            ssl->buffers.encrypt[i].avail = 1;
+        }
+    }
+#endif
+
 #ifdef KEEP_PEER_CERT
     InitX509(&ssl->peerCert, 0, ssl->heap);
 #endif
@@ -7245,6 +7635,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.dtlsCtx.rfd            = -1;
     ssl->buffers.dtlsCtx.wfd            = -1;
 
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_InitRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return BAD_MUTEX_E;
+#endif
+
     ssl->IOCB_ReadCtx  = &ssl->buffers.dtlsCtx;  /* prevent invalid pointer access if not */
     ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;  /* correctly set */
 #else
@@ -7356,6 +7751,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
     ssl->options.disallowEncThenMac = ctx->disallowEncThenMac;
 #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    ssl->options.disableECH         = ctx->disableECH;
+#endif
 
     /* default alert state (none) */
     ssl->alert_history.last_rx.code  = -1;
@@ -7388,6 +7786,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     /* all done with init, now can return errors, call other stuff */
     if ((ret = ReinitSSL(ssl, ctx, writeDup)) != 0) {
+        WOLFSSL_MSG_EX("ReinitSSL failed. err = %d", ret);
         return ret;
     }
 
@@ -7400,6 +7799,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             return MEMORY_E;
         }
         XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
+
+        /* pass on PARAM flags value from ctx to ssl */
+        if (wolfSSL_X509_VERIFY_PARAM_set_flags(wolfSSL_get0_param(ssl),
+            (unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags(
+            wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("ssl->param set flags error");
+            return WOLFSSL_FAILURE;
+        }
 #endif
 
         if (ctx->suites == NULL) {
@@ -7418,9 +7825,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     /* requires valid arrays and suites unless writeDup ing */
     if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS
 #ifdef WOLFSSL_NO_INIT_CTX_KEY
-        && ret != NO_PRIVATE_KEY
+        && ret != WC_NO_ERR_TRACE(NO_PRIVATE_KEY)
 #endif
         ) {
+        WOLFSSL_MSG_EX("SetSSL_CTX failed. err = %d", ret);
         return ret;
     }
     ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
@@ -7434,20 +7842,21 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     /* hsHashes */
     ret = InitHandshakeHashes(ssl);
-    if (ret != 0)
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret);
         return ret;
+    }
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
     if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
-        if (!IsAtLeastTLSv1_3(ssl->version)) {
-                ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
-                if (ret != 0) {
-                    WOLFSSL_MSG("DTLS Cookie Secret error");
-                    return ret;
-                }
+        /* Initialize both in case we allow downgrading. */
+        ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
+        if (ret != 0) {
+            WOLFSSL_MSG("DTLS Cookie Secret error");
+            return ret;
         }
 #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
-        else {
+        if (IsAtLeastTLSv1_3(ssl->version)) {
             ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("DTLS1.3 Cookie secret error");
@@ -7477,10 +7886,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     ssl->session = wolfSSL_NewSession(ssl->heap);
     if (ssl->session == NULL) {
-        WOLFSSL_MSG("SSL Session Memory error");
+        WOLFSSL_MSG_EX("SSL Session Memory error. wolfSSL_NewSession "
+                       "err = %d", ret);
         return MEMORY_E;
     }
-
 #ifdef HAVE_SESSION_TICKET
     ssl->options.noTicketTls12 = ctx->noTicketTls12;
 #endif
@@ -7533,6 +7942,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0];
     ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT;
     ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords;
+
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_InitMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0) {
+        return ret;
+    }
+#endif
 #endif /* WOLFSSL_DTLS13 */
 
 #ifdef WOLFSSL_QUIC
@@ -7553,7 +7969,23 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     defined(WOLFSSL_SSLKEYLOGFILE) && defined(WOLFSSL_TLS13)
     (void)wolfSSL_set_tls13_secret_cb(ssl, tls13ShowSecrets, NULL);
 #endif
-
+#if defined(HAVE_SECRET_CALLBACK) && defined(SHOW_SECRETS)
+    (void)wolfSSL_set_secret_cb(ssl, tlsShowSecrets, NULL);
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    ssl->sigSpec = ctx->sigSpec;
+    ssl->sigSpecSz = ctx->sigSpecSz;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#ifdef HAVE_OCSP
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    ssl->response_idx = 0;
+#endif
+#endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    ssl->secLevel = ctx->secLevel;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+    /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
+    WOLFSSL_MSG_EX("InitSSL done. return 0 (success)");
     return 0;
 }
 
@@ -7622,7 +8054,6 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
                 wc_curve448_free((curve448_key*)*pKey);
                 break;
         #endif /* HAVE_CURVE448 */
-        #if defined(HAVE_PQC)
         #if defined(HAVE_FALCON)
             case DYNAMIC_TYPE_FALCON:
                 wc_falcon_free((falcon_key*)*pKey);
@@ -7633,7 +8064,6 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
                 wc_dilithium_free((dilithium_key*)*pKey);
                 break;
         #endif /* HAVE_DILITHIUM */
-        #endif /* HAVE_PQC */
         #ifndef NO_DH
             case DYNAMIC_TYPE_DH:
                 wc_FreeDhKey((DhKey*)*pKey);
@@ -7651,8 +8081,8 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
 
 int AllocKey(WOLFSSL* ssl, int type, void** pKey)
 {
-    int ret = BAD_FUNC_ARG;
-    int sz = 0;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+    size_t sz = 0;
 #ifdef HAVE_ECC
     ecc_key* eccKey;
 #endif /* HAVE_ECC */
@@ -7670,7 +8100,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
         WOLFSSL_MSG("Key already present!");
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* allow calling this again for async reentry */
-        if (ssl->error == WC_PENDING_E) {
+        if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             return 0;
         }
     #endif
@@ -7709,7 +8139,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
             sz = sizeof(curve448_key);
             break;
     #endif /* HAVE_CURVE448 */
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         case DYNAMIC_TYPE_FALCON:
             sz = sizeof(falcon_key);
@@ -7720,7 +8149,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
             sz = sizeof(dilithium_key);
             break;
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
     #ifndef NO_DH
         case DYNAMIC_TYPE_DH:
             sz = sizeof(DhKey);
@@ -7784,20 +8212,18 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
             ret = 0;
             break;
     #endif /* HAVE_CURVE448 */
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         case DYNAMIC_TYPE_FALCON:
-            wc_falcon_init((falcon_key*)*pKey);
+            wc_falcon_init_ex((falcon_key*)*pKey, ssl->heap, ssl->devId);
             ret = 0;
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
         case DYNAMIC_TYPE_DILITHIUM:
-            wc_dilithium_init((dilithium_key*)*pKey);
+            wc_dilithium_init_ex((dilithium_key*)*pKey, ssl->heap, ssl->devId);
             ret = 0;
             break;
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
     #ifdef HAVE_CURVE448
         case DYNAMIC_TYPE_CURVE448:
             wc_curve448_init((curve448_key*)*pKey);
@@ -7823,8 +8249,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
 
 #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \
-    defined(HAVE_CURVE448) || (defined(HAVE_PQC) && defined(HAVE_FALCON)) || \
-    (defined(HAVE_PQC) && defined(HAVE_DILITHIUM))
+    defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
 static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
 {
     int ret = 0;
@@ -7870,12 +8295,18 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
             ret = wc_curve448_init((curve448_key*)pKey);
             break;
     #endif /* HAVE_CURVE448 */
-    #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+    #if defined(HAVE_FALCON)
         case DYNAMIC_TYPE_FALCON:
             wc_falcon_free((falcon_key*)pKey);
             ret = wc_falcon_init((falcon_key*)pKey);
             break;
-    #endif /* HAVE_PQC && HAVE_FALCON */
+    #endif /* HAVE_FALCON */
+    #if defined(HAVE_DILITHIUM)
+        case DYNAMIC_TYPE_DILITHIUM:
+            wc_dilithium_free((dilithium_key*)pKey);
+            ret = wc_dilithium_init((dilithium_key*)pKey);
+            break;
+    #endif /* HAVE_DILITHIUM */
     #ifndef NO_DH
         case DYNAMIC_TYPE_DH:
             wc_FreeDhKey((DhKey*)pKey);
@@ -7933,7 +8364,10 @@ void FreeKeyExchange(WOLFSSL* ssl)
     }
 
     /* Free handshake key */
-    FreeKey(ssl, ssl->hsType, &ssl->hsKey);
+    FreeKey(ssl, (int)ssl->hsType, &ssl->hsKey);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    FreeKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
 #ifndef NO_DH
     /* Free temp DH key */
@@ -7945,13 +8379,21 @@ void FreeKeyExchange(WOLFSSL* ssl)
 /* Free up all memory used by Suites structure from WOLFSSL */
 void FreeSuites(WOLFSSL* ssl)
 {
-#ifdef OPENSSL_ALL
+#ifdef OPENSSL_EXTRA
     if (ssl->suitesStack != NULL) {
         /* Enough to free stack structure since WOLFSSL_CIPHER
          * isn't allocated separately. */
         wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack);
         ssl->suitesStack = NULL;
     }
+    if (ssl->clSuitesStack != NULL) {
+        /* Enough to free stack structure since WOLFSSL_CIPHER
+         * isn't allocated separately. */
+        wolfSSL_sk_SSL_CIPHER_free(ssl->clSuitesStack);
+        ssl->clSuitesStack = NULL;
+    }
+    XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+    ssl->clSuites = NULL;
 #endif
     XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
     ssl->suites = NULL;
@@ -7959,7 +8401,7 @@ void FreeSuites(WOLFSSL* ssl)
 
 
 /* In case holding SSL object in array and don't want to free actual ssl */
-void SSL_ResourceFree(WOLFSSL* ssl)
+void wolfSSL_ResourceFree(WOLFSSL* ssl)
 {
     /* Note: any resources used during the handshake should be released in the
      * function FreeHandshakeResources(). Be careful with the special cases
@@ -8048,10 +8490,31 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     XFREE(ssl->peerSceTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
     Renesas_cmn_Cleanup(ssl);
 #endif
+#ifndef NO_TLS
     if (ssl->buffers.inputBuffer.dynamicFlag)
         ShrinkInputBuffer(ssl, FORCED_FREE);
     if (ssl->buffers.outputBuffer.dynamicFlag)
         ShrinkOutputBuffer(ssl);
+#endif
+#ifdef WOLFSSL_THREADED_CRYPT
+    {
+        int i;
+        for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+            bufferStatic* buff = &ssl->buffers.encrypt[i].buffer;
+
+            ssl->buffers.encrypt[i].stop = 1;
+            FreeCiphersSide(&ssl->buffers.encrypt[i].encrypt, ssl->heap);
+            if (buff->dynamicFlag) {
+                XFREE(buff->buffer - buff->offset, ssl->heap,
+                    DYNAMIC_TYPE_OUT_BUFFER);
+                buff->buffer      = buff->staticBuffer;
+                buff->bufferSize  = STATIC_BUFFER_LEN;
+                buff->offset      = 0;
+                buff->dynamicFlag = 0;
+            }
+        }
+    }
+#endif
 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
     if (ssl->buffers.tls13CookieSecret.buffer != NULL) {
         ForceZero(ssl->buffers.tls13CookieSecret.buffer,
@@ -8069,6 +8532,14 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     }
     XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
     ssl->buffers.dtlsCtx.peer.sa = NULL;
+#ifdef WOLFSSL_RW_THREADED
+    wc_FreeRwLock(&ssl->buffers.dtlsCtx.peerLock);
+#endif
+#ifdef WOLFSSL_DTLS_CID
+    XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap,
+            DYNAMIC_TYPE_SOCKADDR);
+    ssl->buffers.dtlsCtx.pendingPeer.sa = NULL;
+#endif
 #ifndef NO_WOLFSSL_SERVER
     if (ssl->buffers.dtlsCookieSecret.buffer != NULL) {
         ForceZero(ssl->buffers.dtlsCookieSecret.buffer,
@@ -8170,7 +8641,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
         }
     #endif
 #endif
-#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+#if defined(HAVE_FALCON)
     FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
     ssl->peerFalconKeyPresent = 0;
 #endif
@@ -8220,10 +8691,15 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     }
 #endif
 #ifdef OPENSSL_EXTRA
-    if (ssl->param) {
-        XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
-    }
+    XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
 #endif
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+    if (ssl->ocspResp) {
+        XFREE(ssl->ocspResp, NULL, 0);
+        ssl->ocspResp = NULL;
+        ssl->ocspRespSz = 0;
+    }
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     while (ssl->certReqCtx != NULL) {
         CertReqCtx* curr = ssl->certReqCtx;
@@ -8253,14 +8729,17 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     /* avoid dereferencing a test value */
     if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
     #endif
+        void* heap = ssl->ctx ? ssl->ctx->heap : ssl->heap;
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
         WOLFSSL_HEAP*      ctx_heap;
-        void* heap = ssl->ctx ? ssl->ctx->heap : ssl->heap;
 
         ctx_heap = ssl_hint->memory;
+    #ifndef SINGLE_THREADED
         if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
             WOLFSSL_MSG("Bad memory_mutex lock");
         }
+    #endif
         ctx_heap->curIO--;
         if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) {
             WOLFSSL_MSG("Error freeing fixed output buffer");
@@ -8268,15 +8747,20 @@ void SSL_ResourceFree(WOLFSSL* ssl)
         if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) {
             WOLFSSL_MSG("Error freeing fixed output buffer");
         }
-        if (ssl_hint->haFlag && ctx_heap->curHa > 0) { /* check if handshake count has been decreased*/
+
+        /* check if handshake count has been decreased*/
+        if (ssl_hint->haFlag && ctx_heap->curHa > 0) {
             ctx_heap->curHa--;
         }
+    #ifndef SINGLE_THREADED
         wc_UnLockMutex(&(ctx_heap->memory_mutex));
+    #endif
 
         /* check if tracking stats */
         if (ctx_heap->flag & WOLFMEM_TRACK_STATS) {
             XFREE(ssl_hint->stats, heap, DYNAMIC_TYPE_SSL);
         }
+    #endif /* !WOLFSSL_STATIC_MEMORY_LEAN */
         XFREE(ssl->heap, heap, DYNAMIC_TYPE_SSL);
     #ifdef WOLFSSL_HEAP_TEST
     }
@@ -8288,6 +8772,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
      * isn't allocated separately. */
     wolfSSL_sk_CIPHER_free(ssl->supportedCiphers);
     wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL);
+    wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL);
     #ifdef KEEP_OUR_CERT
     wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL);
     #endif
@@ -8298,6 +8783,10 @@ void SSL_ResourceFree(WOLFSSL* ssl)
 #endif
 #ifdef WOLFSSL_DTLS13
     Dtls13FreeFsmResources(ssl);
+
+#ifdef WOLFSSL_RW_THREADED
+    wc_FreeMutex(&ssl->dtls13Rtx.mutex);
+#endif
 #endif /* WOLFSSL_DTLS13 */
 #ifdef WOLFSSL_QUIC
     wolfSSL_quic_free(ssl);
@@ -8306,6 +8795,9 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     wolfSSL_CTX_free(ssl->initial_ctx);
     ssl->initial_ctx = NULL;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    XFREE(ssl->peerSigSpec, ssl->heap, DYNAMIC_TYPE_TLSX);
+#endif
 }
 
 /* Free any handshake resources no longer needed */
@@ -8339,9 +8831,11 @@ void FreeHandshakeResources(WOLFSSL* ssl)
     }
 #endif
 
+#ifndef NO_TLS
     /* input buffer */
     if (ssl->buffers.inputBuffer.dynamicFlag)
         ShrinkInputBuffer(ssl, NO_FORCED_FREE);
+#endif
 
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     if (!ssl->options.tls1_3)
@@ -8410,10 +8904,14 @@ void FreeHandshakeResources(WOLFSSL* ssl)
         FreeKey(ssl, DYNAMIC_TYPE_ED448, (void**)&ssl->peerEd448Key);
         ssl->peerEd448KeyPresent = 0;
 #endif /* HAVE_ED448 */
-#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+#if defined(HAVE_FALCON)
         FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
         ssl->peerFalconKeyPresent = 0;
-#endif /* HAVE_PQC */
+#endif /* HAVE_FALCON */
+#if defined(HAVE_DILITHIUM)
+        FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
+        ssl->peerDilithiumKeyPresent = 0;
+#endif /* HAVE_DILITHIUM */
     }
 
 #ifdef HAVE_ECC
@@ -8476,8 +8974,14 @@ void FreeHandshakeResources(WOLFSSL* ssl)
     }
 #endif /* !NO_DH */
 
-#ifndef NO_CERTS
-    wolfSSL_UnloadCertsKeys(ssl);
+#if !defined(NO_CERTS) && !defined(OPENSSL_EXTRA) && \
+    !defined(WOLFSSL_WPAS_SMALL)
+#ifndef WOLFSSL_POST_HANDSHAKE_AUTH
+    if (ssl->options.side != WOLFSSL_CLIENT_END)
+#endif
+    {
+        wolfSSL_UnloadCertsKeys(ssl);
+    }
 #endif
 #ifdef HAVE_PK_CALLBACKS
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
@@ -8524,6 +9028,14 @@ void FreeHandshakeResources(WOLFSSL* ssl)
         * !WOLFSSL_POST_HANDSHAKE_AUTH */
 #endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */
 
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+    if (ssl->ocspResp != NULL) {
+        XFREE(ssl->ocspResp, NULL, 0);
+        ssl->ocspResp = NULL;
+        ssl->ocspRespSz = 0;
+    }
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
+
 #ifdef WOLFSSL_STATIC_MEMORY
     /* when done with handshake decrement current handshake count */
     if (ssl->heap != NULL) {
@@ -8535,14 +9047,20 @@ void FreeHandshakeResources(WOLFSSL* ssl)
         WOLFSSL_HEAP*      ctx_heap;
 
         ctx_heap = ssl_hint->memory;
+    #ifndef SINGLE_THREADED
         if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
             WOLFSSL_MSG("Bad memory_mutex lock");
         }
+    #endif
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         if (ctx_heap->curHa > 0) {
             ctx_heap->curHa--;
         }
         ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */
+    #endif
+    #ifndef SINGLE_THREADED
         wc_UnLockMutex(&(ctx_heap->memory_mutex));
+    #endif
     #ifdef WOLFSSL_HEAP_TEST
     }
     #endif
@@ -8555,7 +9073,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
 void FreeSSL(WOLFSSL* ssl, void* heap)
 {
     WOLFSSL_CTX* ctx = ssl->ctx;
-    SSL_ResourceFree(ssl);
+    wolfSSL_ResourceFree(ssl);
     XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
     if (ctx)
         FreeSSL_Ctx(ctx); /* will decrement and free underlying CTX if 0 */
@@ -8742,8 +9260,7 @@ void DtlsMsgDelete(DtlsMsg* item, void* heap)
             DtlsMsgDestroyFragBucket(item->fragBucketList, heap);
             item->fragBucketList = next;
         }
-        if (item->raw != NULL)
-            XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG);
+        XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG);
         XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
     }
 }
@@ -8961,7 +9478,7 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)
      * alignment of char.
      */
     dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList
-                                          + OFFSETOF(DtlsFragBucket,buf)
+                                          + WC_OFFSETOF(DtlsFragBucket,buf)
                                           - DTLS_HANDSHAKE_HEADER_SZ);
 
     msg->fragBucketList = NULL;
@@ -9380,7 +9897,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
 
                 WriteSEQ(ssl, epochOrder, dtls->sequence_number);
                 DtlsSEQIncrement(ssl, epochOrder);
-                if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0) {
+                if ((ret = CheckAvailableSize(ssl, (int)pool->sz)) != 0) {
                     WOLFSSL_ERROR(ret);
                     return ret;
                 }
@@ -9395,7 +9912,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
                 int    inputSz, sendSz;
 
                 input = pool->raw;
-                inputSz = pool->sz;
+                inputSz = (int)pool->sz;
                 sendSz = inputSz + cipherExtraData(ssl);
 
 #ifdef HAVE_SECURE_RENEGOTIATION
@@ -9659,7 +10176,12 @@ ProtocolVersion MakeDTLSv1_3(void)
 
 #elif defined(FREERTOS)
 
-    #include "task.h"
+    #ifdef PLATFORMIO
+        #include <freertos/FreeRTOS.h>
+        #include <freertos/task.h>
+    #else
+        #include "task.h"
+    #endif
 
     unsigned int LowResTimer(void)
     {
@@ -9741,7 +10263,12 @@ ProtocolVersion MakeDTLSv1_3(void)
 
     word32 LowResTimer(void)
     {
-        return k_uptime_get() / 1000;
+        int64_t t;
+    #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX)
+        k_cpu_idle();
+    #endif
+        t = k_uptime_get(); /* returns current uptime in milliseconds */
+        return (word32)(t / 1000);
     }
 
 #elif defined(WOLFSSL_LINUXKM)
@@ -9771,6 +10298,8 @@ ProtocolVersion MakeDTLSv1_3(void)
      */
 #endif /* !NO_ASN_TIME */
 
+
+#ifndef NO_TLS
 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
                ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
                 (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
@@ -9834,22 +10363,22 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_StoreMessage(ssl, data, sz);
-    if (ret != 0 && ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         return ret;
     }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                           defined(WOLFSSL_ALLOW_TLS_SHA1))
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);
+    wc_ShaUpdate(&ssl->hsHashes->hashSha, data, (word32)(sz));
 #endif
 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
-    wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz);
+    wc_Md5Update(&ssl->hsHashes->hashMd5, data, (word32)(sz));
 #endif
 
     if (IsAtLeastTLSv1_2(ssl)) {
     #ifndef NO_SHA256
-        ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, data, sz);
+        ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, data, (word32)sz);
         if (ret != 0)
             return ret;
     #ifdef WOLFSSL_DEBUG_TLS
@@ -9859,7 +10388,7 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
     #endif
     #endif
     #ifdef WOLFSSL_SHA384
-        ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, data, sz);
+        ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, data, (word32)sz);
         if (ret != 0)
             return ret;
     #ifdef WOLFSSL_DEBUG_TLS
@@ -9869,7 +10398,7 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
     #endif
     #endif
     #ifdef WOLFSSL_SHA512
-        ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, data, sz);
+        ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, data, (word32)sz);
         if (ret != 0)
             return ret;
     #ifdef WOLFSSL_DEBUG_TLS
@@ -9928,6 +10457,13 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
             sz  -= dtls_record_extra;
 #endif /* WOLFSSL_DTLS13 */
         } else {
+#ifdef WOLFSSL_DTLS_CID
+            byte cidSz = DtlsGetCidTxSize(ssl);
+            if (IsEncryptionOn(ssl, 1) && cidSz > 0) {
+                adj += cidSz;
+                sz  -= cidSz + 1; /* +1 to not hash the real content type */
+            }
+#endif
             adj += DTLS_RECORD_EXTRA;
             sz  -= DTLS_RECORD_EXTRA;
         }
@@ -9968,7 +10504,8 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz)
 
 
 /* add record layer header for message */
-static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl, int epochOrder)
+static void AddRecordHeader(byte* output, word32 length, byte type,
+        WOLFSSL* ssl, int epochOrder)
 {
     RecordLayerHeader* rl;
 
@@ -10007,12 +10544,18 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl
     }
     else {
 #ifdef WOLFSSL_DTLS
-        DtlsRecordLayerHeader* dtls;
-
         /* dtls record layer header extensions */
-        dtls = (DtlsRecordLayerHeader*)output;
+        DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)output;
+#ifdef WOLFSSL_DTLS_CID
+        byte cidSz = 0;
+        if (type == dtls12_cid && (cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+            wolfSSL_dtls_cid_get_tx(ssl, output + DTLS12_CID_OFFSET, cidSz);
+            c16toa((word16)length, output + DTLS12_CID_OFFSET + cidSz);
+        }
+        else
+#endif
+            c16toa((word16)length, dtls->length);
         WriteSEQ(ssl, epochOrder, dtls->sequence_number);
-        c16toa((word16)length, dtls->length);
 #endif
     }
 }
@@ -10114,6 +10657,8 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     int maxFrag;
     int ret = 0;
     int headerSz;
+    int rHdrSz = 0; /* record header size */
+    int hsHdrSz = 0; /* handshake header size */
 
     WOLFSSL_ENTER("SendHandshakeMsg");
     (void)type;
@@ -10122,8 +10667,10 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     if (ssl == NULL || input == NULL)
         return BAD_FUNC_ARG;
 #ifdef WOLFSSL_DTLS
-    if (ssl->options.dtls)
-        headerSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
+    if (ssl->options.dtls) {
+        rHdrSz = DTLS_RECORD_HEADER_SZ;
+        hsHdrSz = DTLS_HANDSHAKE_HEADER_SZ;
+    }
     else
 #endif
     {
@@ -10131,7 +10678,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
          * per fragment like in DTLS. The handshake header should
          * already be in the input buffer. */
         inputSz += HANDSHAKE_HEADER_SZ;
-        headerSz = RECORD_HEADER_SZ;
+        rHdrSz = RECORD_HEADER_SZ;
     }
     maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz);
 
@@ -10146,7 +10693,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     if (!ssl->options.buildingMsg) {
         /* Hash it before the loop as we modify the input with
          * encryption on */
-        ret = HashOutput(ssl, input, headerSz + (int)inputSz, 0);
+        ret = HashRaw(ssl, input + rHdrSz, (int)(inputSz) + hsHdrSz);
         if (ret != 0)
             return ret;
 #ifdef WOLFSSL_DTLS
@@ -10156,6 +10703,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             ssl->keys.dtls_handshake_number--;
 #endif
     }
+    headerSz = rHdrSz + hsHdrSz;
     while (ssl->fragOffset < inputSz) {
         byte* output;
         int outputSz;
@@ -10168,7 +10716,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             fragSz = inputSz - ssl->fragOffset;
 
         /* check for available size */
-        outputSz = headerSz + fragSz;
+        outputSz = headerSz + (int)fragSz;
         if (IsEncryptionOn(ssl, 1))
             outputSz += cipherExtraData(ssl);
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
@@ -10226,7 +10774,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             }
 #endif
         }
-        ssl->buffers.outputBuffer.length += outputSz;
+        ssl->buffers.outputBuffer.length += (word32)outputSz;
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
         if (ssl->hsInfoOn) {
             AddPacketName(ssl, packetName);
@@ -10276,14 +10824,14 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
 
     if (ssl->CBIORecv == NULL) {
         WOLFSSL_MSG("Your IO Recv callback is null, please set");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 retry:
     recvd = ssl->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
     if (recvd < 0) {
         switch (recvd) {
-            case WOLFSSL_CBIO_ERR_GENERAL:        /* general/unknown error */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL):
                 #ifdef WOLFSSL_APACHE_HTTPD
                 #ifndef NO_BIO
                     if (ssl->biord) {
@@ -10295,26 +10843,26 @@ retry:
                     }
                 #endif
                 #endif
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_WANT_READ:      /* want read, would block */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ):
                 if (retryLimit > 0 && ssl->ctx->autoRetry &&
                         !ssl->options.handShakeDone && !ssl->options.dtls) {
                     retryLimit--;
                     goto retry;
                 }
-                return WANT_READ;
+                return WC_NO_ERR_TRACE(WANT_READ);
 
-            case WOLFSSL_CBIO_ERR_CONN_RST:       /* connection reset */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST):
                 #ifdef USE_WINDOWS_API
                 if (ssl->options.dtls) {
                     goto retry;
                 }
                 #endif
                 ssl->options.connReset = 1;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_ISR:            /* interrupt */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */
                 /* see if we got our timeout */
                 #ifdef WOLFSSL_CALLBACKS
                     if (ssl->toInfoOn) {
@@ -10332,13 +10880,13 @@ retry:
                         }
                     }
                 #endif
-                goto retry;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_CONN_CLOSE:     /* peer closed connection */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE):
                 ssl->options.isClosed = 1;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_TIMEOUT:
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT):
             #ifdef WOLFSSL_DTLS
 #ifdef WOLFSSL_DTLS13
                 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
@@ -10346,7 +10894,7 @@ retry:
                     if (Dtls13RtxTimeout(ssl) < 0) {
                         WOLFSSL_MSG(
                             "Error trying to retransmit DTLS buffered message");
-                        return -1;
+                        return WOLFSSL_FATAL_ERROR;
                     }
                     goto retry;
                 }
@@ -10361,7 +10909,7 @@ retry:
                     goto retry;
                 }
             #endif
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
             default:
                 WOLFSSL_MSG("Unexpected recv return code");
@@ -10394,8 +10942,8 @@ void ShrinkOutputBuffer(WOLFSSL* ssl)
  * calls ShrinkInputBuffer itself when it is safe to do so. Don't overuse it. */
 void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
 {
-    int usedLength = ssl->buffers.inputBuffer.length -
-                     ssl->buffers.inputBuffer.idx;
+    int usedLength = (int)(ssl->buffers.inputBuffer.length -
+                     ssl->buffers.inputBuffer.idx);
     if (!forcedFree && (usedLength > STATIC_BUFFER_LEN ||
             ssl->buffers.clearOutputBuffer.length > 0))
         return;
@@ -10405,7 +10953,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
     if (!forcedFree && usedLength > 0) {
         XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
                ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
-               usedLength);
+               (size_t)(usedLength));
     }
 
     ForceZero(ssl->buffers.inputBuffer.buffer,
@@ -10417,7 +10965,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
     ssl->buffers.inputBuffer.dynamicFlag = 0;
     ssl->buffers.inputBuffer.offset      = 0;
     ssl->buffers.inputBuffer.idx = 0;
-    ssl->buffers.inputBuffer.length = usedLength;
+    ssl->buffers.inputBuffer.length = (word32)usedLength;
 }
 
 int SendBuffered(WOLFSSL* ssl)
@@ -10454,19 +11002,19 @@ retry:
         if (sent < 0) {
             switch (sent) {
 
-                case WOLFSSL_CBIO_ERR_WANT_WRITE:        /* would block */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE):
                     if (retryLimit > 0 && ssl->ctx->autoRetry &&
                             !ssl->options.handShakeDone && !ssl->options.dtls) {
                         retryLimit--;
                         goto retry;
                     }
-                    return WANT_WRITE;
+                    return WC_NO_ERR_TRACE(WANT_WRITE);
 
-                case WOLFSSL_CBIO_ERR_CONN_RST:          /* connection reset */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST):
                     ssl->options.connReset = 1;
                     break;
 
-                case WOLFSSL_CBIO_ERR_ISR:               /* interrupt */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */
                     /* see if we got our timeout */
                     #ifdef WOLFSSL_CALLBACKS
                         if (ssl->toInfoOn) {
@@ -10486,7 +11034,7 @@ retry:
                     #endif
                     continue;
 
-                case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): /* epipe */
                     ssl->options.connReset = 1;  /* treat same as reset */
                     break;
 
@@ -10502,8 +11050,8 @@ retry:
             return SEND_OOB_READ_E;
         }
 
-        ssl->buffers.outputBuffer.idx += sent;
-        ssl->buffers.outputBuffer.length -= sent;
+        ssl->buffers.outputBuffer.idx += (word32)sent;
+        ssl->buffers.outputBuffer.length -= (word32)sent;
     }
 
     ssl->buffers.outputBuffer.idx = 0;
@@ -10514,6 +11062,69 @@ retry:
     return 0;
 }
 
+#ifdef WOLFSSL_THREADED_CRYPT
+static WC_INLINE int GrowAnOutputBuffer(WOLFSSL* ssl,
+    bufferStatic* outputBuffer, int size)
+{
+    byte* tmp;
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    byte  hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
+                                      RECORD_HEADER_SZ;
+    byte align = WOLFSSL_GENERAL_ALIGNMENT;
+#else
+    const byte align = WOLFSSL_GENERAL_ALIGNMENT;
+#endif
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    /* the encrypted data will be offset from the front of the buffer by
+       the header, if the user wants encrypted alignment they need
+       to define their alignment requirement */
+
+    while (align < hdrSz)
+        align *= 2;
+#endif
+
+    tmp = (byte*)XMALLOC(size + outputBuffer->length + align,
+                             ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
+    WOLFSSL_MSG("growing output buffer");
+
+    if (tmp == NULL)
+        return MEMORY_E;
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    if (align)
+        tmp += align - hdrSz;
+#endif
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    /* can be from IO memory pool which does not need copy if same buffer */
+    if (outputBuffer->length && tmp == outputBuffer->buffer) {
+        outputBuffer->bufferSize = size + outputBuffer->length;
+        return 0;
+    }
+#endif
+
+    if (outputBuffer->length)
+        XMEMCPY(tmp, outputBuffer->buffer, outputBuffer->length);
+
+    if (outputBuffer->dynamicFlag) {
+        XFREE(outputBuffer->buffer - outputBuffer->offset, ssl->heap,
+              DYNAMIC_TYPE_OUT_BUFFER);
+    }
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    if (align)
+        outputBuffer->offset = align - hdrSz;
+    else
+#endif
+        outputBuffer->offset = 0;
+
+    outputBuffer->buffer = tmp;
+    outputBuffer->dynamicFlag = 1;
+    outputBuffer->bufferSize = size + outputBuffer->length;
+    return 0;
+}
+#endif
 
 /* returns the current location in the output buffer to start writing to */
 byte* GetOutputBuffer(WOLFSSL* ssl)
@@ -10534,8 +11145,7 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
 #else
     const byte align = WOLFSSL_GENERAL_ALIGNMENT;
 #endif
-    int newSz = size + ssl->buffers.outputBuffer.idx +
-                ssl->buffers.outputBuffer.length;
+    word32 newSz;
 
 #if WOLFSSL_GENERAL_ALIGNMENT > 0
     /* the encrypted data will be offset from the front of the buffer by
@@ -10546,7 +11156,15 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
         align *= 2;
 #endif
 
-    tmp = (byte*)XMALLOC(newSz + align, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
+    if (! WC_SAFE_SUM_WORD32(ssl->buffers.outputBuffer.idx,
+                             ssl->buffers.outputBuffer.length, newSz))
+        return BUFFER_E;
+    if (! WC_SAFE_SUM_WORD32(newSz, (word32)size, newSz))
+        return BUFFER_E;
+    if (! WC_SAFE_SUM_WORD32(newSz, align, newSz))
+        return BUFFER_E;
+    tmp = (byte*)XMALLOC(newSz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
+    newSz -= align;
     WOLFSSL_MSG("growing output buffer");
 
     if (tmp == NULL)
@@ -10619,7 +11237,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
         return BAD_FUNC_ARG;
     }
 
-    tmp = (byte*)XMALLOC(size + usedLength + align,
+    tmp = (byte*)XMALLOC((size_t)(size + usedLength + align),
                              ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
     WOLFSSL_MSG("growing input buffer");
 
@@ -10643,7 +11261,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
 
     if (usedLength)
         XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
-                    ssl->buffers.inputBuffer.idx, usedLength);
+                    ssl->buffers.inputBuffer.idx, (size_t)(usedLength));
 
     if (ssl->buffers.inputBuffer.dynamicFlag) {
         if (IsEncryptionOn(ssl, 1)) {
@@ -10663,9 +11281,9 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
         ssl->buffers.inputBuffer.offset = 0;
 
     ssl->buffers.inputBuffer.buffer = tmp;
-    ssl->buffers.inputBuffer.bufferSize = size + usedLength;
+    ssl->buffers.inputBuffer.bufferSize = (word32)(size + usedLength);
     ssl->buffers.inputBuffer.idx    = 0;
-    ssl->buffers.inputBuffer.length = usedLength;
+    ssl->buffers.inputBuffer.length = (word32)usedLength;
 
     return 0;
 }
@@ -10830,13 +11448,8 @@ int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted)
 static WC_INLINE int isLastMsg(const WOLFSSL* ssl, word32 msgSz)
 {
     word32 extra = 0;
-    if (IsEncryptionOn(ssl, 0)) {
+    if (IsEncryptionOn(ssl, 0))
         extra = ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            extra += MacSize(ssl);
-#endif
-    }
     return (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) + msgSz + extra
             == ssl->curSize;
 }
@@ -10969,24 +11582,17 @@ static int MsgCheckBoundary(const WOLFSSL* ssl, byte type,
  * @param ssl   The current connection
  * @param type  The enum HandShakeType of the current message
  * @param msgSz Size of the current message
- * @return
+ * @return int (less than 0 on fail, 0 on success)
  */
 int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz)
 {
     int ret = 0;
 #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
-    byte version_negotiated = 0;
-
-    WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
-
-#ifdef WOLFSSL_DTLS
     /* Version has only been negotiated after we either send or process a
      * ServerHello message */
-    if (ssl->options.dtls)
-        version_negotiated = ssl->options.serverState >= SERVER_HELLO_COMPLETE;
-    else
-#endif
-        version_negotiated = 1;
+    byte version_negotiated = ssl->options.serverState >= SERVER_HELLO_COMPLETE;
+
+    WOLFSSL_ENTER("EarlySanityCheckMsgReceived");
 
     if (version_negotiated)
         ret = MsgCheckEncryption(ssl, type, ssl->keys.decryptedCur == 1);
@@ -11064,6 +11670,11 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     if (ret != 0)
         return ret;
 
+    if (ssl->dtls13CurRlLength > sizeof(ssl->dtls13CurRL)) {
+        WOLFSSL_MSG("Record header too long");
+        return SEQUENCE_ERROR;
+    }
+
     if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) {
         /* when using DTLS over a medium that does not guarantee that a full
          * message is received in a single read, we may end up without the full
@@ -11116,6 +11727,9 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
 static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     RecordLayerHeader* rh, word16* size)
 {
+#ifdef WOLFSSL_DTLS_CID
+    byte cidSz = 0;
+#endif
 
 #ifdef HAVE_FUZZER
     if (ssl->fuzzerCb)
@@ -11132,7 +11746,9 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         /* version 1.3 already negotiated */
         if (ssl->options.tls1_3) {
             ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size);
-            if (ret == 0 || ret != SEQUENCE_ERROR || ret != DTLS_CID_ERROR)
+            if (ret == 0 ||
+                ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) &&
+                 (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR))))
                 return ret;
         }
 
@@ -11154,7 +11770,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     if (ssl->buffers.inputBuffer.length - *inOutIdx < DTLS_RECORD_HEADER_SZ) {
         ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ);
         /* Check if Dtls13RtxTimeout(ssl) returned socket error */
-        if (ret == SOCKET_ERROR_E)
+        if (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E))
             return ret;
         if (ret != 0)
             return LENGTH_ERROR;
@@ -11167,6 +11783,11 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     *inOutIdx += ENUM_LEN + VERSION_SZ;
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch);
 
+#ifdef WOLFSSL_DTLS_CID
+    if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0)
+        return DTLS_CID_ERROR;
+#endif
+
 #ifdef WOLFSSL_DTLS13
     /* only non protected message can use the DTLSPlaintext record header */
     if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -11198,6 +11819,20 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     ssl->keys.curSeq = w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
 #endif /* WOLFSSL_DTLS13 */
 
+#ifdef WOLFSSL_DTLS_CID
+    if (rh->type == dtls12_cid) {
+        byte* ourCid = NULL;
+        if (ssl->buffers.inputBuffer.length - *inOutIdx <
+                (word32)cidSz + LENGTH_SZ)
+            return LENGTH_ERROR;
+        if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
+            return DTLS_CID_ERROR;
+        if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz)
+                != 0)
+            return DTLS_CID_ERROR;
+        *inOutIdx += cidSz;
+    }
+#endif
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, size);
     *inOutIdx += LENGTH_SZ;
 
@@ -11223,7 +11858,13 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
             ssl->fuzzerCb(ssl, ssl->buffers.inputBuffer.buffer + *inOutIdx,
                           RECORD_HEADER_SZ, FUZZ_HEAD, ssl->fuzzerCtx);
 #endif
-        XMEMCPY(rh, ssl->buffers.inputBuffer.buffer + *inOutIdx, RECORD_HEADER_SZ);
+        /* Set explicitly rather than make assumptions on struct layout */
+        rh->type      = ssl->buffers.inputBuffer.buffer[*inOutIdx];
+        rh->pvMajor   = ssl->buffers.inputBuffer.buffer[*inOutIdx + 1];
+        rh->pvMinor   = ssl->buffers.inputBuffer.buffer[*inOutIdx + 2];
+        rh->length[0] = ssl->buffers.inputBuffer.buffer[*inOutIdx + 3];
+        rh->length[1] = ssl->buffers.inputBuffer.buffer[*inOutIdx + 4];
+
         *inOutIdx += RECORD_HEADER_SZ;
         ato16(rh->length, size);
     }
@@ -11239,8 +11880,12 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     /* DTLSv1.3 MUST check window after deprotecting to avoid timing channel
        (RFC9147 Section 4.5.1) */
     if (IsDtlsNotSctpMode(ssl) && !IsAtLeastTLSv1_3(ssl->version)) {
+        byte needsEnc = rh->type == application_data; /* can't be epoch 0 */
+#ifdef WOLFSSL_DTLS_CID
+        needsEnc = needsEnc || rh->type == dtls12_cid;
+#endif
         if (!_DtlsCheckWindow(ssl) ||
-                (rh->type == application_data && ssl->keys.curEpoch == 0) ||
+                (needsEnc && ssl->keys.curEpoch == 0) ||
                 (rh->type == alert && ssl->options.handShakeDone &&
                         ssl->keys.curEpoch == 0 && ssl->keys.dtls_epoch != 0)) {
             WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR);
@@ -11286,7 +11931,20 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
             }
         }
 #endif /* WOLFSSL_DTLS13 */
-        else {
+        /* Don't care about protocol version being lower than expected on alerts
+         * sent back before version negotiation. */
+        else if (!(ssl->options.side == WOLFSSL_CLIENT_END &&
+                            ssl->options.connectState == CLIENT_HELLO_SENT &&
+                            rh->type == alert &&
+                            rh->pvMajor == ssl->version.major &&
+        #ifdef WOLFSSL_DTLS
+                            ((ssl->options.dtls && rh->pvMinor == DTLS_MINOR) ||
+                             (!ssl->options.dtls &&
+                              rh->pvMinor < ssl->version.minor))
+        #else
+                            (rh->pvMinor < ssl->version.minor)
+        #endif
+                   )) {
             WOLFSSL_MSG("SSL version error");
             WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
             return VERSION_ERROR;              /* only use requested version */
@@ -11318,6 +11976,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         case change_cipher_spec:
         case application_data:
         case alert:
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+        case dtls12_cid:
+#endif
 #ifdef WOLFSSL_DTLS13
         case ack:
 #endif /* WOLFSSL_DTLS13 */
@@ -11377,7 +12038,7 @@ int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
 {
     word32 idx = *inOutIdx;
 
-    *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
+    *inOutIdx += DTLS_HANDSHAKE_HEADER_SZ;
     if (*inOutIdx > totalSz) {
         WOLFSSL_ERROR(BUFFER_E);
         return BUFFER_E;
@@ -11541,14 +12202,9 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     if (ssl == NULL)
         return BAD_FUNC_ARG;
 
-#ifndef NO_TLS
     if (ssl->options.tls) {
         ret = BuildTlsFinished(ssl, hashes, sender);
     }
-#else
-    (void)hashes;
-    (void)sender;
-#endif
 #ifndef NO_OLD_TLS
     if (!ssl->options.tls) {
         ret = BuildMD5(ssl, hashes, sender);
@@ -11572,6 +12228,8 @@ int CipherRequires(byte first, byte second, int requirement)
 {
 
     (void)requirement;
+    (void)first;
+    (void)second;
 
 #ifndef WOLFSSL_NO_TLS12
 
@@ -12213,63 +12871,105 @@ int CipherRequires(byte first, byte second, int requirement)
 }
 
 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
-
+#endif /* !NO_TLS */
 
 #ifndef NO_CERTS
 
-
 /* Match names with wildcards, each wildcard can represent a single name
    component or fragment but not multiple names, i.e.,
    *.z.com matches y.z.com but not x.y.z.com
 
+   If flags contains WOLFSSL_LEFT_MOST_WILDCARD_ONLY, wildcard only applies
+   to left-most name component, compatible with RFC 2830 identity checking.
+
    return 1 on success */
-int MatchDomainName(const char* pattern, int len, const char* str)
+int MatchDomainName(const char* pattern, int patternLen, const char* str,
+                    word32 strLen, unsigned int flags)
 {
     int ret = 0;
+    byte wildcardEligible = 1;
+    byte leftWildcardOnly = flags & WOLFSSL_LEFT_MOST_WILDCARD_ONLY;
 
-    if (pattern == NULL || str == NULL || len <= 0)
+    if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
         return 0;
 
-    while (len > 0) {
-
-        char p = (char)XTOLOWER((unsigned char)*pattern++);
+    while (patternLen > 0) {
+        /* Get the next pattern char to evaluate */
+        char p = (char)XTOLOWER((unsigned char)*pattern);
         if (p == '\0')
             break;
 
-        if (p == '*') {
-            char s;
+        pattern++;
 
-            while (--len > 0) {
-                p = (char)XTOLOWER((unsigned char)*pattern);
-                pattern++;
-                if (p != '*')
-                    break;
+        if ((p == '*') && wildcardEligible) {
+            char s;
+            /* We will always match '*' */
+            patternLen--;
+
+            /* Only single wildcard allowed with strict left only */
+            if (leftWildcardOnly) {
+                wildcardEligible = 0;
             }
 
-            if (len == 0)
-                p = '\0';
-
-            while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
-                if (s == p)
+            /* Consume any extra '*' chars until the next non '*' char. */
+            while (patternLen > 0) {
+                p = (char)XTOLOWER((unsigned char)*pattern);
+                pattern++;
+                if (p == '\0' && patternLen > 0)
+                    return 0;
+                if (p != '*')
                     break;
+                if (leftWildcardOnly && (p == '*')) {
+                    /* RFC2830 only allows single left-most wildcard */
+                    return 0;
+                }
+
+                patternLen--;
+            }
+
+            /* Consume str until we reach next char in pattern after '*' or
+             * end of string */
+            while (strLen > 0) {
+                s = (char)XTOLOWER((unsigned char) *str);
+                str++;
+                strLen--;
+
+                /* p is next char in pattern after '*', or '*' if '*' is the
+                 * last char in the pattern (in which case patternLen is 1) */
+                if ( ((s == p) && (patternLen > 0))) {
+                    /* We had already counted the '*' as matched, this means
+                     * we also matched the next non '*' char in pattern */
+                    patternLen--;
+                    break;
+                }
+
+                /* If strlen is 0, we have consumed the entire string. Count that
+                 * as a match of '*' */
+                if (strLen == 0) {
+                    break;
+                }
+
                 if (s == '.')
                     return 0;
-                str++;
             }
         }
         else {
+            /* Past left-most wildcard location, not eligible if flag set*/
+            if (leftWildcardOnly && wildcardEligible) {
+                wildcardEligible = 0;
+            }
+
+            /* Simple case, pattern match exactly */
             if (p != (char)XTOLOWER((unsigned char) *str))
                 return 0;
-        }
 
-
-        if (len > 0) {
             str++;
-            len--;
+            strLen--;
+            patternLen--;
         }
     }
 
-    if (*str == '\0' && len == 0) {
+    if (strLen == 0 && patternLen == 0) {
         ret = 1; /* success */
     }
 
@@ -12281,14 +12981,16 @@ int MatchDomainName(const char* pattern, int len, const char* str)
  * Fail if there are wild patterns and they didn't match.
  * Check the common name if no alternative names matched.
  *
- * dCert    Decoded cert to get the alternative names from.
- * domain   Domain name to compare against.
- * checkCN  Whether to check the common name.
- * returns  1 : match was found.
- *          0 : no match found.
- *         -1 : No matches and wild pattern match failed.
+ * dCert     Decoded cert to get the alternative names from.
+ * domain    Domain name to compare against.
+ * domainLen Length of the domain name.
+ * checkCN   Whether to check the common name.
+ * returns   1 : match was found.
+ *           0 : no match found.
+ *          -1 : No matches and wild pattern match failed.
  */
-int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
+int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
+                     int* checkCN, unsigned int flags)
 {
     int match = 0;
     DNS_entry* altName = NULL;
@@ -12307,19 +13009,19 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
     while (altName) {
         WOLFSSL_MSG("\tindividual AltName check");
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
         if (altName->type == ASN_IP_TYPE) {
             buf = altName->ipString;
             len = (word32)XSTRLEN(buf);
         }
         else
-#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+#endif /* WOLFSSL_IP_ALT_NAME */
         {
             buf = altName->name;
-            len = altName->len;
+            len = (word32)altName->len;
         }
 
-        if (MatchDomainName(buf, len, domain)) {
+        if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) {
             match = 1;
             if (checkCN != NULL) {
                 *checkCN = 0;
@@ -12348,15 +13050,15 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
  * domainNameLen  The length of the domain name.
  * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
  */
-int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
+int CheckHostName(DecodedCert* dCert, const char *domainName,
+                  size_t domainNameLen, unsigned int flags)
 {
     int checkCN;
-    int ret = DOMAIN_NAME_MISMATCH;
+    int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH);
 
-    /* Assume name is NUL terminated. */
-    (void)domainNameLen;
-
-    if (CheckForAltNames(dCert, domainName, &checkCN) != 1) {
+    if (CheckForAltNames(dCert, domainName, (word32)domainNameLen,
+                                            &checkCN, flags) != 1) {
+        ret = DOMAIN_NAME_MISMATCH;
         WOLFSSL_MSG("DomainName match on alt names failed");
     }
     else {
@@ -12366,10 +13068,11 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
 #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
     if (checkCN == 1) {
         if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
-                            domainName) == 1) {
+                            domainName, (word32)domainNameLen, flags) == 1) {
             ret = 0;
         }
         else {
+            ret = DOMAIN_NAME_MISMATCH;
             WOLFSSL_MSG("DomainName match on common name failed");
         }
     }
@@ -12382,7 +13085,7 @@ int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
 {
     WOLFSSL_MSG("Checking IPAddr");
 
-    return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc));
+    return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc), 0);
 }
 
 
@@ -12392,7 +13095,7 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 {
    if (chain->count < MAX_CHAIN_DEPTH &&
                                certSz < MAX_X509_SIZE) {
-        chain->certs[chain->count].length = certSz;
+        chain->certs[chain->count].length = (int)certSz;
         XMEMCPY(chain->certs[chain->count].buffer, certBuf, certSz);
         chain->count++;
     }
@@ -12402,17 +13105,63 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 }
 #endif
 
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(WOLFSSL_ACERT)
+    static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
+{
+    /* Copy from to the beginning of to */
+    DNS_entry** prev_next = to;
+    DNS_entry* next;
+
+    if (to == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    next = *to;
+
+    for (; from != NULL; from = from->next) {
+        DNS_entry* dnsEntry;
+
+        if (type != -1 && from->type != type)
+            continue;
+
+        dnsEntry = AltNameDup(from, heap);
+        if (dnsEntry == NULL) {
+            WOLFSSL_MSG("\tOut of Memory");
+            return MEMORY_E;
+        }
+
+        dnsEntry->next = next;
+        *prev_next = dnsEntry;
+        prev_next = &dnsEntry->next;
+    }
+
+    return 0;
+}
+#endif /* KEEP_PEER_CERT || SESSION_CERTS ||
+        * OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
+        * WOLFSSL_ACERT */
+
+
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
 {
-    if (nameType == SUBJECT) {
+    if (name->dynamicName) {
+        XFREE(name->name, name->heap, DYNAMIC_TYPE_X509);
+        name->name = name->staticName;
+        name->dynamicName = 0;
+    }
+
+    if (nameType == ASN_SUBJECT) {
         XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX);
         name->name[ASN_NAME_MAX - 1] = '\0';
         name->sz = (int)XSTRLEN(name->name) + 1;
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
         name->rawLen = min(dCert->subjectRawLen, ASN_NAME_MAX);
-        XMEMCPY(name->raw, dCert->subjectRaw, name->rawLen);
+        if (name->rawLen > 0)
+            XMEMCPY(name->raw, dCert->subjectRaw, name->rawLen);
 #endif
     }
     else {
@@ -12422,60 +13171,13 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) \
     && (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
         name->rawLen = min(dCert->issuerRawLen, ASN_NAME_MAX);
-        if (name->rawLen) {
+        if (name->rawLen > 0) {
             XMEMCPY(name->raw, dCert->issuerRaw, name->rawLen);
         }
 #endif
     }
 }
 
-
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
-    !defined(IGNORE_NAME_CONSTRAINTS)
-/* copies over additional alt names such as dirName
- * returns 0 on success
- */
-static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type,
-        void* heap)
-{
-    DNS_entry* cur = from;
-
-    if (to == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    while (cur != NULL) {
-        if (cur->type == type) {
-            DNS_entry* dnsEntry;
-            int strLen = cur->len;
-
-            dnsEntry = AltNameNew(heap);
-            if (dnsEntry == NULL) {
-                WOLFSSL_MSG("\tOut of Memory");
-                return MEMORY_E;
-            }
-
-            dnsEntry->type = type;
-            dnsEntry->name = (char*)XMALLOC(strLen + 1, heap,
-                    DYNAMIC_TYPE_ALTNAME);
-            if (dnsEntry->name == NULL) {
-                WOLFSSL_MSG("\tOut of Memory");
-                XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME);
-                return MEMORY_E;
-            }
-            dnsEntry->len = strLen;
-            XMEMCPY(dnsEntry->name, cur->name, strLen);
-            dnsEntry->name[strLen] = '\0';
-
-            dnsEntry->next = *to;
-            *to = dnsEntry;
-        }
-        cur = cur->next;
-    }
-    return 0;
-}
-#endif /* OPENSSL_EXTRA */
-
 #ifdef WOLFSSL_CERT_REQ
 static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
@@ -12487,7 +13189,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
             x509->challengePw[dCert->cPwdLen] = '\0';
         #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
             if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_challengePassword,
+                                        WC_NID_pkcs9_challengePassword,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->cPwd,
                                         dCert->cPwdLen) != WOLFSSL_SUCCESS) {
@@ -12509,7 +13211,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
         }
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_contentType,
+                                        WC_NID_pkcs9_contentType,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->contentType,
                                         dCert->contentTypeLen) !=
@@ -12523,7 +13225,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
     if (dCert->sNum) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_serialNumber,
+                                        WC_NID_serialNumber,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->sNum,
                                         dCert->sNumLen) != WOLFSSL_SUCCESS) {
@@ -12533,7 +13235,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->unstructuredName) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_unstructuredName,
+                                        WC_NID_pkcs9_unstructuredName,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->unstructuredName,
                                         dCert->unstructuredNameLen)
@@ -12544,7 +13246,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->surname) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_surname,
+                                        WC_NID_surname,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->surname,
                                         dCert->surnameLen) != WOLFSSL_SUCCESS) {
@@ -12554,7 +13256,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->givenName) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_givenName,
+                                        WC_NID_givenName,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->givenName,
                                         dCert->givenNameLen) != WOLFSSL_SUCCESS) {
@@ -12564,7 +13266,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->dnQualifier) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_dnQualifier,
+                                        WC_NID_dnQualifier,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->dnQualifier,
                                         dCert->dnQualifierLen) != WOLFSSL_SUCCESS) {
@@ -12574,7 +13276,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->initials) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_initials,
+                                        WC_NID_initials,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->initials,
                                         dCert->initialsLen) != WOLFSSL_SUCCESS) {
@@ -12589,11 +13291,10 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 #endif /* WOLFSSL_CERT_REQ */
 
 /* Copy parts X509 needs from Decoded cert, 0 on success */
-/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the
- * altNames pointers could be free'd by second x509 still active by first */
 int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
     int ret = 0;
+    int minSz;
 
     if (x509 == NULL || dCert == NULL ||
         dCert->subjectCNLen < 0)
@@ -12607,7 +13308,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
     x509->version = dCert->version + 1;
 
-    CopyDecodedName(&x509->issuer, dCert, ISSUER);
+    CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER);
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     if (dCert->issuerName != NULL) {
         wolfSSL_X509_set_issuer_name(x509,
@@ -12615,7 +13316,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
         x509->issuer.x509 = x509;
     }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
-    CopyDecodedName(&x509->subject, dCert, SUBJECT);
+    CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT);
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     if (dCert->subjectName != NULL) {
         wolfSSL_X509_set_subject_name(x509,
@@ -12643,55 +13344,51 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 #endif /* WOLFSSL_CERT_REQ */
 
 #ifdef WOLFSSL_SEP
-    {
-        int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
-        if (minSz > 0) {
-            x509->deviceTypeSz = minSz;
-            XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
-        }
-        else
-            x509->deviceTypeSz = 0;
-        minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
-        if (minSz > 0) {
-            x509->hwTypeSz = minSz;
-            XMEMCPY(x509->hwType, dCert->hwType, minSz);
-        }
-        else
-            x509->hwTypeSz = 0;
-        minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
-        if (minSz > 0) {
-            x509->hwSerialNumSz = minSz;
-            XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
-        }
-        else
-            x509->hwSerialNumSz = 0;
+    minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
+    if (minSz > 0) {
+        x509->deviceTypeSz = minSz;
+        XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
     }
+    else
+        x509->deviceTypeSz = 0;
+    minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
+    if (minSz > 0) {
+        x509->hwTypeSz = minSz;
+        XMEMCPY(x509->hwType, dCert->hwType, minSz);
+    }
+    else
+        x509->hwTypeSz = 0;
+    minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
+    if (minSz > 0) {
+        x509->hwSerialNumSz = minSz;
+        XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
+    }
+    else
+        x509->hwSerialNumSz = 0;
 #endif /* WOLFSSL_SEP */
-    {
-        int minSz;
-        if (dCert->beforeDateLen > 0) {
-            minSz = min(dCert->beforeDate[1], MAX_DATE_SZ);
-            x509->notBefore.type = dCert->beforeDate[0];
-            x509->notBefore.length = minSz;
-            XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
-        }
-        else
-            x509->notBefore.length = 0;
-        if (dCert->afterDateLen > 0) {
-            minSz = min(dCert->afterDate[1], MAX_DATE_SZ);
-            x509->notAfter.type = dCert->afterDate[0];
-            x509->notAfter.length = minSz;
-            XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
-        }
-        else
-            x509->notAfter.length = 0;
+
+    if (dCert->beforeDateLen > 0) {
+        minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
+        x509->notBefore.type = dCert->beforeDate[0];
+        x509->notBefore.length = minSz;
+        XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
     }
+    else
+        x509->notBefore.length = 0;
+    if (dCert->afterDateLen > 0) {
+        minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
+        x509->notAfter.type = dCert->afterDate[0];
+        x509->notAfter.length = minSz;
+        XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
+    }
+    else
+        x509->notAfter.length = 0;
 
     if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
         x509->pubKey.buffer = (byte*)XMALLOC(
                         dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if (x509->pubKey.buffer != NULL) {
-            x509->pubKeyOID = dCert->keyOID;
+            x509->pubKeyOID = (int)dCert->keyOID;
             x509->pubKey.length = dCert->pubKeySize;
             XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
         }
@@ -12699,7 +13396,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             ret = MEMORY_E;
 #if defined(OPENSSL_ALL)
         if (ret == 0) {
-            x509->key.pubKeyOID = dCert->keyOID;
+            x509->key.pubKeyOID = (int)dCert->keyOID;
 
             if (!x509->key.algor) {
                 x509->key.algor = wolfSSL_X509_ALGOR_new();
@@ -12737,7 +13434,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
         else {
             XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
             x509->sig.length = dCert->sigLength;
-            x509->sigOID = dCert->signatureOID;
+            x509->sigOID = (int)dCert->signatureOID;
         }
 #if defined(OPENSSL_ALL)
         wolfSSL_ASN1_OBJECT_free(x509->algor.algorithm);
@@ -12761,19 +13458,21 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
         }
     }
 
-    x509->altNames       = dCert->altNames;
-    dCert->weOwnAltNames = 0;
+    /* add alt names from dCert to X509 */
+    if (CopyAltNames(&x509->altNames, dCert->altNames, -1, x509->heap) != 0) {
+        return MEMORY_E;
+    }
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
     !defined(IGNORE_NAME_CONSTRAINTS)
     /* add copies of email names from dCert to X509 */
-    if (CopyAdditionalAltNames(&x509->altNames, dCert->altEmailNames,
+    if (CopyAltNames(&x509->altNames, dCert->altEmailNames,
                 ASN_RFC822_TYPE, x509->heap) != 0) {
         return MEMORY_E;
     }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS)
     /* add copies of alternate directory names from dCert to X509 */
-    if (CopyAdditionalAltNames(&x509->altNames, dCert->altDirNames,
+    if (CopyAltNames(&x509->altNames, dCert->altDirNames,
                 ASN_DIR_TYPE, x509->heap) != 0) {
         return MEMORY_E;
     }
@@ -12822,7 +13521,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             ret = MEMORY_E;
         }
     }
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+    #ifdef WOLFSSL_ASN_CA_ISSUER
     if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) {
         x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap,
                 DYNAMIC_TYPE_X509_EXT);
@@ -12908,10 +13607,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     #ifndef IGNORE_NETSCAPE_CERT_TYPE
     x509->nsCertType = dCert->nsCertType;
     #endif
-    #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+    #ifdef WOLFSSL_SEP
         x509->certPolicySet = dCert->extCertPolicySet;
         x509->certPolicyCrit = dCert->extCertPolicyCrit;
-    #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+    #endif
     #ifdef WOLFSSL_CERT_EXT
         {
             int i;
@@ -12939,19 +13638,181 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     x509->pkCurveOID = dCert->pkCurveOID;
 #endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Copy over alternative sig and pubkey. In this case we will allocate new
+     * buffers for them as we have no knowledge of when the DecodedCert is
+     * freed. */
+    if (dCert->extSapkiSet) {
+        x509->sapkiDer = (byte*)XMALLOC(dCert->sapkiLen, x509->heap,
+                                        DYNAMIC_TYPE_X509_EXT);
+        if (x509->sapkiDer != NULL) {
+            XMEMCPY(x509->sapkiDer, dCert->sapkiDer, dCert->sapkiLen);
+            x509->sapkiLen = dCert->sapkiLen;
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+    if (dCert->extAltSigAlgSet) {
+        x509->altSigAlgDer = (byte*)XMALLOC(dCert->altSigAlgLen, x509->heap,
+                                            DYNAMIC_TYPE_X509_EXT);
+        if (x509->altSigAlgDer != NULL) {
+            XMEMCPY(x509->altSigAlgDer, dCert->altSigAlgDer,
+                    dCert->altSigAlgLen);
+            x509->altSigAlgLen = dCert->altSigAlgLen;
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+    if (dCert->extAltSigValSet) {
+        x509->altSigValDer = (byte*)XMALLOC(dCert->altSigValLen, x509->heap,
+                                            DYNAMIC_TYPE_X509_EXT);
+        if (x509->altSigValDer != NULL) {
+            XMEMCPY(x509->altSigValDer, dCert->altSigValDer,
+                    dCert->altSigValLen);
+            x509->altSigValLen = dCert->altSigValLen;
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     return ret;
 }
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 
-#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
-     (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
-static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
-                      word32 status_length)
+#if defined(WOLFSSL_ACERT)
+/* Copy a DecodedAcert structure to an X509_ACERT.
+ *
+ * @param [out]     x509        the dst X509 acert structure
+ * @param [in]      dAcert      the src decoded acert structure
+ *
+ * @return  0   on success
+ * @return  < 0 on error
+ * */
+int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
+{
+    int ret = 0;
+
+    if (x509 == NULL || dAcert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Copy version and serial number. */
+    x509->version = dAcert->version + 1;
+
+    XMEMCPY(x509->serial, dAcert->serial, EXTERNAL_SERIAL_SIZE);
+    x509->serialSz = dAcert->serialSz;
+
+    if (dAcert->holderSerialSz > 0) {
+        /* This ACERT Holder field had a serial number. Copy it. */
+        XMEMCPY(x509->holderSerial, dAcert->holderSerial,
+                dAcert->holderSerialSz);
+        x509->holderSerialSz = dAcert->holderSerialSz;
+    }
+
+    /* Copy before and after dates. */
+    {
+        int minSz = 0;
+
+        if (dAcert->beforeDateLen > 0) {
+            minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ);
+            x509->notBefore.type = dAcert->beforeDate[0];
+            x509->notBefore.length = minSz;
+            XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz);
+        }
+        else {
+            x509->notBefore.length = 0;
+        }
+
+        if (dAcert->afterDateLen > 0) {
+            minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ);
+            x509->notAfter.type = dAcert->afterDate[0];
+            x509->notAfter.length = minSz;
+            XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz);
+        }
+        else {
+            x509->notAfter.length = 0;
+        }
+    }
+
+    /* Copy the signature. */
+    if (dAcert->signature != NULL && dAcert->sigLength != 0 &&
+            dAcert->sigLength <= MAX_ENCODED_SIG_SZ) {
+        x509->sig.buffer = (byte*)XMALLOC(
+                          dAcert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
+        if (x509->sig.buffer == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(x509->sig.buffer, dAcert->signature, dAcert->sigLength);
+            x509->sig.length = dAcert->sigLength;
+            x509->sigOID = (int)dAcert->signatureOID;
+        }
+    }
+
+    /* if der contains original source buffer then store for potential
+     * retrieval */
+    if (dAcert->source != NULL && dAcert->maxIdx > 0) {
+        if (AllocDer(&x509->derCert, dAcert->maxIdx, CERT_TYPE, x509->heap)
+                                                                         == 0) {
+            XMEMCPY(x509->derCert->buffer, dAcert->source, dAcert->maxIdx);
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+
+    /* Copy holder and att cert issuer names if present. */
+    if (CopyAltNames(&x509->holderIssuerName, dAcert->holderIssuerName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (CopyAltNames(&x509->holderEntityName, dAcert->holderEntityName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (CopyAltNames(&x509->AttCertIssuerName, dAcert->AttCertIssuerName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (dAcert->rawAttr && dAcert->rawAttrLen > 0) {
+        /* Allocate space for the raw Attributes field, then copy it in. */
+        x509->rawAttr = (byte*)XMALLOC(dAcert->rawAttrLen, x509->heap,
+                                       DYNAMIC_TYPE_X509_EXT);
+        if (x509->rawAttr != NULL) {
+            XMEMCPY(x509->rawAttr, dAcert->rawAttr, dAcert->rawAttrLen);
+            x509->rawAttrLen = dAcert->rawAttrLen;
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_ACERT */
+
+
+#if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+     defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && !defined(WOLFSSL_NO_TLS12)
+static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                      word32 status_length, int idx)
 {
     int ret = 0;
     OcspRequest* request;
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    TLSX* ext =  TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    CertificateStatusRequest* csr;
+#else
+    (void)idx;
+#endif
     #ifdef WOLFSSL_SMALL_STACK
         CertStatus* status;
         OcspEntry* single;
@@ -12963,11 +13824,19 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     #endif
 
     WOLFSSL_ENTER("ProcessCSR");
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    if (ext) {
+        /* status request */
+        csr = (CertificateStatusRequest*)ext->data;
+        if (csr && !csr->ssl)
+            csr->ssl = ssl;
+    }
+#endif
     do {
         #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
             if (ssl->status_request) {
-                request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
+                request = (OcspRequest*)TLSX_CSR_GetRequest_ex(ssl->extensions,
+                                idx);
                 ssl->status_request = 0;
                 break;
             }
@@ -12990,27 +13859,31 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     #ifdef WOLFSSL_SMALL_STACK
         status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_STATUS);
+                                      DYNAMIC_TYPE_OCSP_STATUS);
         single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_ENTRY);
+                                     DYNAMIC_TYPE_OCSP_ENTRY);
         response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_REQUEST);
+                                          DYNAMIC_TYPE_OCSP_REQUEST);
 
         if (status == NULL || single == NULL || response == NULL) {
-            if (status)
+            if (status != NULL) {
                 XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-            if (single)
+            }
+            if (single != NULL) {
                 XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-            if (response)
+            }
+            if (response != NULL) {
                 XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }
 
             return MEMORY_ERROR;
         }
     #endif
 
+    /* InitOcspResponse sets single and status to response struct. */
     InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap);
 
-    if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0)
+    if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0, 0) != 0)
         ret = BAD_CERTIFICATE_STATUS_ERROR;
     else if (CompareOcspReqResp(request, response) != 0)
         ret = BAD_CERTIFICATE_STATUS_ERROR;
@@ -13028,17 +13901,25 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     *inOutIdx += status_length;
 
+    /* FreeOcspResponse frees status and single only if
+     * single->isDynamic is set. */
     FreeOcspResponse(response);
 
     #ifdef WOLFSSL_SMALL_STACK
-        XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-        XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-        XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+    XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+    XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+    XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
     #endif
 
     WOLFSSL_LEAVE("ProcessCSR", ret);
     return ret;
 }
+
+static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                      word32 status_length)
+{
+    return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0);
+}
 #endif
 
 
@@ -13051,7 +13932,7 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        const unsigned char* keyDer, unsigned int keySz,
        int* result, void* ctx)
     {
-        int ret = NOT_COMPILED_IN;
+        int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
         WOLFSSL* ssl = (WOLFSSL*)ctx;
 
         if (ssl && ssl->ctx->EccVerifyCb) {
@@ -13066,7 +13947,7 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        unsigned char** out, const unsigned char* keyDer, unsigned int keySz,
        void* ctx)
     {
-        int ret = NOT_COMPILED_IN;
+        int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
         WOLFSSL* ssl = (WOLFSSL*)ctx;
 
         if (ssl && ssl->ctx->RsaVerifyCb) {
@@ -13116,7 +13997,6 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
 
 #endif /* HAVE_PK_CALLBACKS */
 
-
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 void DoCertFatalAlert(WOLFSSL* ssl, int ret)
 {
@@ -13128,24 +14008,26 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret)
 
     /* Determine alert reason */
     alertWhy = bad_certificate;
-    if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) {
+    if (ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E) ||
+        ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E)) {
         alertWhy = certificate_expired;
     }
-    else if (ret == ASN_NO_SIGNER_E || ret == ASN_PATHLEN_INV_E ||
-            ret == ASN_PATHLEN_SIZE_E) {
+    else if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+             ret == WC_NO_ERR_TRACE(ASN_PATHLEN_INV_E) ||
+             ret == WC_NO_ERR_TRACE(ASN_PATHLEN_SIZE_E)) {
         alertWhy = unknown_ca;
     }
 #ifdef OPENSSL_EXTRA
-    else if (ret == CRL_CERT_REVOKED) {
+    else if (ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED)) {
         alertWhy = certificate_revoked;
     }
 #endif
 #if defined(HAVE_RPK)
-    else if (ret == UNSUPPORTED_CERTIFICATE) {
+    else if (ret == WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)) {
         alertWhy = unsupported_certificate;
     }
 #endif /* HAVE_RPK */
-    else if (ret == NO_PEER_CERT) {
+    else if (ret == WC_NO_ERR_TRACE(NO_PEER_CERT)) {
 #ifdef WOLFSSL_TLS13
         if (ssl->options.tls1_3) {
             alertWhy = certificate_required;
@@ -13157,11 +14039,174 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret)
         }
     }
 
+#ifndef NO_TLS
     /* send fatal alert and mark connection closed */
     SendAlert(ssl, alert_fatal, alertWhy); /* try to send */
+#else
+    (void)alertWhy;
+#endif
     ssl->options.isClosed = 1;
 }
 
+int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
+        WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args,
+        int cert_err, void* heap, int* x509Free)
+{
+    WOLFSSL_X509_STORE_CTX* store = NULL;
+    char* domain = NULL;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLFSSL_X509* x509 = NULL;
+#endif
+
+    *x509Free = 0;
+
+    store = wolfSSL_X509_STORE_CTX_new_ex(heap);
+    if (store == NULL)
+        goto mem_error;
+    domain = (char*)XMALLOC(ASN_NAME_MAX, heap, DYNAMIC_TYPE_STRING);
+    if (domain == NULL)
+        goto mem_error;
+
+    domain[0] = '\0';
+
+    /* build subject CN as string to return in store */
+    if (args->dCertInit && args->dCert && args->dCert->subjectCN) {
+        int subjectCNLen = args->dCert->subjectCNLen;
+        if (subjectCNLen > ASN_NAME_MAX-1)
+            subjectCNLen = ASN_NAME_MAX-1;
+        if (subjectCNLen > 0) {
+            XMEMCPY(domain, args->dCert->subjectCN, (size_t)(subjectCNLen));
+            domain[subjectCNLen] = '\0';
+        }
+    }
+
+#ifndef OPENSSL_COMPATIBLE_DEFAULTS
+    store->error = cert_err;
+#else
+    store->error = GetX509Error(cert_err);
+#endif
+    store->error_depth = args->certIdx;
+    store->discardSessionCerts = 0;
+    store->domain = domain;
+    if (ssl != NULL) {
+        if (ssl->verifyCbCtx != NULL) {
+            /* Use the WOLFSSL user context if set */
+            store->userCtx = ssl->verifyCbCtx;
+        }
+        else {
+            /* Else use the WOLFSSL_CTX user context */
+            store->userCtx = ssl->ctx->verifyCbCtx;
+        }
+    }
+    else {
+        store->userCtx = cm;
+    }
+    store->certs = args->certs;
+    store->totalCerts = args->totalCerts;
+#if defined(HAVE_EX_DATA) && \
+    (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
+    if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl)
+            != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX");
+    }
+#endif
+
+    if (ssl != NULL) {
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+        store->store = SSL_STORE(ssl);
+#if defined(OPENSSL_EXTRA)
+        store->depth = args->count;
+        /* Overwrite with non-default param values in SSL */
+        if (ssl->param) {
+            if (ssl->param->check_time)
+                store->param->check_time = ssl->param->check_time;
+
+            if (ssl->param->flags)
+                store->param->flags = ssl->param->flags;
+#ifdef WOLFSSL_LOCAL_X509_STORE
+            else if (SSL_STORE(ssl) && SSL_STORE(ssl)->param &&
+                    SSL_STORE(ssl)->param->flags)
+                store->param->flags = SSL_STORE(ssl)->param->flags;
+#endif
+
+
+            if (ssl->param->hostName[0])
+                XMEMCPY(store->param->hostName, ssl->param->hostName,
+                        WOLFSSL_HOST_NAME_MAX);
+
+        }
+#endif /* defined(OPENSSL_EXTRA) */
+#endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)*/
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    #ifdef KEEP_PEER_CERT
+        if (args->certIdx == 0) {
+            FreeX509(&ssl->peerCert);
+            InitX509(&ssl->peerCert, 0, ssl->heap);
+            if (CopyDecodedToX509(&ssl->peerCert, args->dCert) == 0)
+                WOLFSSL_MSG("Unable to copy to ssl->peerCert");
+            store->current_cert = &ssl->peerCert; /* use existing X509 */
+        }
+        else
+    #endif
+        {
+            x509 = wolfSSL_X509_new_ex(heap);
+            if (x509 == NULL)
+                goto mem_error;
+            if (CopyDecodedToX509(x509, args->dCert) == 0) {
+                store->current_cert = x509;
+                *x509Free = 1;
+            }
+            else {
+                goto mem_error;
+            }
+        }
+#endif
+#ifdef SESSION_CERTS
+        store->sesChain = &ssl->session->chain;
+#endif
+    }
+    *store_pt = store;
+    return 0;
+mem_error:
+    if (store != NULL)
+        wolfSSL_X509_STORE_CTX_free(store);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    if (x509 != NULL)
+        wolfSSL_X509_free(x509);
+#endif
+    XFREE(domain, heap, DYNAMIC_TYPE_STRING);
+    return MEMORY_E;
+}
+
+void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store,
+        WOLFSSL* ssl, void* heap, int x509Free)
+{
+    (void)ssl;
+    (void)x509Free;
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    wolfSSL_sk_X509_pop_free(store->chain, NULL);
+    store->chain = NULL;
+#endif
+#ifdef SESSION_CERTS
+    if ((ssl != NULL) && (store->discardSessionCerts)) {
+        WOLFSSL_MSG("Verify callback requested discard sess certs");
+        ssl->session->chain.count = 0;
+    #ifdef WOLFSSL_ALT_CERT_CHAINS
+        ssl->session->altChain.count = 0;
+    #endif
+    }
+#endif /* SESSION_CERTS */
+    XFREE(store->domain, heap, DYNAMIC_TYPE_STRING);
+    store->domain = NULL;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    if (x509Free)
+        wolfSSL_X509_free(store->current_cert);
+    store->current_cert = NULL;
+#endif
+    wolfSSL_X509_STORE_CTX_free(store);
+}
+
 /* WOLFSSL_ALWAYS_VERIFY_CB: Use verify callback for success or failure cases */
 /* WOLFSSL_VERIFY_CB_ALL_CERTS: Issue callback for all intermediate certificates */
 
@@ -13170,10 +14215,10 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret)
  * store->error_depth member to determine index (0=peer, >1 intermediates)
  */
 
-int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
+int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err,
                                                         ProcPeerCertArgs* args)
 {
-    int verify_ok = 0, use_cb = 0;
+    int verify_ok = 0, use_cb = 0, ret = cert_err;
     void *heap;
 
     if (cm == NULL) {
@@ -13183,12 +14228,12 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
     heap = (ssl != NULL) ? ssl->heap : cm->heap;
 
     /* Determine if verify was okay */
-    if (ret == 0) {
+    if (cert_err == 0) {
         verify_ok = 1;
     }
 
     /* Determine if verify callback should be used */
-    if (ret != 0) {
+    if (cert_err != 0) {
         if ((ssl != NULL) && (!ssl->options.verifyNone)) {
             use_cb = 1; /* always report errors */
         }
@@ -13213,8 +14258,9 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
                 ssl->param && ssl->param->hostName[0]) {
             /* If altNames names is present, then subject common name is ignored */
             if (args->dCert->altNames != NULL) {
-                if (CheckForAltNames(args->dCert, ssl->param->hostName, NULL) != 1) {
-                    if (ret == 0) {
+                if (CheckForAltNames(args->dCert, ssl->param->hostName,
+                    (word32)XSTRLEN(ssl->param->hostName), NULL, 0) != 1) {
+                    if (cert_err == 0) {
                         ret = DOMAIN_NAME_MISMATCH;
                         WOLFSSL_ERROR_VERBOSE(ret);
                     }
@@ -13223,10 +14269,12 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
         #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
             else {
                 if (args->dCert->subjectCN) {
-                    if (MatchDomainName(args->dCert->subjectCN,
-                                        args->dCert->subjectCNLen,
-                                        ssl->param->hostName) == 0) {
-                        if (ret == 0) {
+                    if (MatchDomainName(
+                            args->dCert->subjectCN,
+                            args->dCert->subjectCNLen,
+                            ssl->param->hostName,
+                            (word32)XSTRLEN(ssl->param->hostName), 0) == 0) {
+                        if (cert_err == 0) {
                             ret = DOMAIN_NAME_MISMATCH;
                             WOLFSSL_ERROR_VERBOSE(ret);
                         }
@@ -13235,7 +14283,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
             }
         #else
             else {
-                if (ret == 0) {
+                if (cert_err == 0) {
                     ret = DOMAIN_NAME_MISMATCH;
                     WOLFSSL_ERROR_VERBOSE(ret);
                 }
@@ -13247,7 +14295,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
         if ((args->dCertInit != 0) && (args->dCert != NULL) && (ssl != NULL) &&
             (ssl->param != NULL) && (XSTRLEN(ssl->param->ipasc) > 0)) {
             if (CheckIPAddr(args->dCert, ssl->param->ipasc) != 0) {
-                if (ret == 0) {
+                if (cert_err == 0) {
                     ret = IPADDR_MISMATCH;
                     WOLFSSL_ERROR_VERBOSE(ret);
                 }
@@ -13259,6 +14307,10 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
     if ((use_cb && (ssl != NULL) && ((ssl->verifyCallback != NULL)
     #ifdef OPENSSL_ALL
         || (ssl->ctx->verifyCertCb != NULL)
+    #endif
+    #if defined(WOLFSSL_LOCAL_X509_STORE) && \
+        (defined(OPENSSL_ALL) || defined(WOLFSSL_QT))
+        || (SSL_STORE(ssl) != NULL && SSL_STORE(ssl)->verify_cb != NULL)
     #endif
         ))
     #ifndef NO_WOLFSSL_CM_VERIFY
@@ -13266,157 +14318,20 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
     #endif
         ) {
         int verifyFail = 0;
-    #ifdef WOLFSSL_SMALL_STACK
-        WOLFSSL_X509_STORE_CTX* store;
-        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        WOLFSSL_X509* x509;
-        #endif
-        char* domain = NULL;
-    #else
-        WOLFSSL_X509_STORE_CTX store[1];
-        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        WOLFSSL_X509           x509[1];
-        #endif
-        char domain[ASN_NAME_MAX];
-    #endif
-    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+        WOLFSSL_X509_STORE_CTX* store = NULL;
         int x509Free = 0;
-    #endif
+        int setupRet = SetupStoreCtxCallback(&store, ssl, cm, args, cert_err,
+                heap, &x509Free);
 
-    #ifdef WOLFSSL_SMALL_STACK
-        store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
-            sizeof(WOLFSSL_X509_STORE_CTX), heap, DYNAMIC_TYPE_X509_STORE);
-        if (store == NULL) {
-            return MEMORY_E;
-        }
-        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
-            DYNAMIC_TYPE_X509);
-        if (x509 == NULL) {
-            XFREE(store, heap, DYNAMIC_TYPE_X509_STORE);
-            return MEMORY_E;
-        }
-        #endif
-        domain = (char*)XMALLOC(ASN_NAME_MAX, heap, DYNAMIC_TYPE_STRING);
-        if (domain == NULL) {
-            XFREE(store, heap, DYNAMIC_TYPE_X509_STORE);
-            #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-            XFREE(x509, heap, DYNAMIC_TYPE_X509);
-            #endif
-            return MEMORY_E;
-        }
-    #endif /* WOLFSSL_SMALL_STACK */
+        if (setupRet != 0)
+            return setupRet;
 
-        XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
-    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
-    #endif
-        domain[0] = '\0';
-
-        /* build subject CN as string to return in store */
-        if (args->dCertInit && args->dCert && args->dCert->subjectCN) {
-            int subjectCNLen = args->dCert->subjectCNLen;
-            if (subjectCNLen > ASN_NAME_MAX-1)
-                subjectCNLen = ASN_NAME_MAX-1;
-            if (subjectCNLen > 0) {
-                XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen);
-                domain[subjectCNLen] = '\0';
-            }
-        }
-
-#ifndef OPENSSL_COMPATIBLE_DEFAULTS
-        store->error = ret;
-#else
-        store->error = GetX509Error(ret);
-#endif
-        store->error_depth = args->certIdx;
-        store->discardSessionCerts = 0;
-        store->domain = domain;
-        if (ssl != NULL) {
-            if (ssl->verifyCbCtx != NULL) {
-                /* Use the WOLFSSL user context if set */
-                store->userCtx = ssl->verifyCbCtx;
-            }
-            else {
-                /* Else use the WOLFSSL_CTX user context */
-                store->userCtx = ssl->ctx->verifyCbCtx;
-            }
-        }
-        else {
-            store->userCtx = cm;
-        }
-        store->certs = args->certs;
-        store->totalCerts = args->totalCerts;
-    #if defined(HAVE_EX_DATA) && \
-        (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
-        if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl)
-                != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX");
-        }
-    #endif
-
-        if (ssl != NULL) {
-    #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-            store->store = SSL_STORE(ssl);
-    #if defined(OPENSSL_EXTRA)
-            store->depth = args->count;
-            store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
-                            sizeof(WOLFSSL_X509_VERIFY_PARAM),
-                            heap, DYNAMIC_TYPE_OPENSSL);
-            if (store->param == NULL) {
-        #ifdef WOLFSSL_SMALL_STACK
-                XFREE(domain, heap, DYNAMIC_TYPE_STRING);
-            #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-                XFREE(x509, heap, DYNAMIC_TYPE_X509);
-            #endif
-                XFREE(store, heap, DYNAMIC_TYPE_X509_STORE);
-        #endif
-                return MEMORY_E;
-            }
-            XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
-            /* Overwrite with non-default param values in SSL */
-            if (ssl->param) {
-                if (ssl->param->check_time)
-                    store->param->check_time = ssl->param->check_time;
-
-                if (ssl->param->flags)
-                    store->param->flags = ssl->param->flags;
-
-                if (ssl->param->hostName[0])
-                    XMEMCPY(store->param->hostName, ssl->param->hostName,
-                            WOLFSSL_HOST_NAME_MAX);
-
-            }
-    #endif /* defined(OPENSSL_EXTRA) */
-    #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)*/
-    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        #ifdef KEEP_PEER_CERT
-            if (args->certIdx == 0) {
-                store->current_cert = &ssl->peerCert; /* use existing X509 */
-            }
-            else
-        #endif
-            {
-                InitX509(x509, 0, heap);
-                if (CopyDecodedToX509(x509, args->dCert) == 0) {
-                    store->current_cert = x509;
-                    x509Free = 1;
-                }
-                else {
-                    FreeX509(x509);
-                }
-            }
-    #endif
-    #ifdef SESSION_CERTS
-            store->sesChain = &ssl->session->chain;
-    #endif
-        }
     #ifndef NO_WOLFSSL_CM_VERIFY
         /* non-zero return code indicates failure override */
         if (cm->verifyCallback != NULL) {
             store->userCtx = cm;
             if (cm->verifyCallback(verify_ok, store)) {
-                if (ret != 0) {
+                if (cert_err != 0) {
                     WOLFSSL_MSG("Verify CM callback overriding error!");
                     ret = 0;
                 }
@@ -13432,7 +14347,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
             /* non-zero return code indicates failure override */
             if (ssl->ctx->verifyCertCb) {
                 if (ssl->ctx->verifyCertCb(store, ssl->ctx->verifyCertCbArg)) {
-                    if (ret != 0) {
+                    if (cert_err != 0) {
                         WOLFSSL_MSG("Verify Cert callback overriding error!");
                         ret = 0;
                     }
@@ -13442,11 +14357,10 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
                 }
             }
     #endif
-
             /* non-zero return code indicates failure override */
             if (ssl->verifyCallback) {
                 if (ssl->verifyCallback(verify_ok, store)) {
-                    if (ret != 0) {
+                    if (cert_err != 0) {
                         WOLFSSL_MSG("Verify callback overriding error!");
                         ret = 0;
                     }
@@ -13455,11 +14369,25 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
                     verifyFail = 1;
                 }
             }
+#if defined(WOLFSSL_LOCAL_X509_STORE) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_QT))
+            if (SSL_STORE(ssl) != NULL && SSL_STORE(ssl)->verify_cb != NULL) {
+                if (SSL_STORE(ssl)->verify_cb(verify_ok, store)) {
+                    if (cert_err != 0) {
+                        WOLFSSL_MSG("Store Verify callback overriding error!");
+                        ret = 0;
+                    }
+                }
+                else {
+                    verifyFail = 1;
+                }
+            }
+#endif
         }
 
         if (verifyFail) {
             /* induce error if one not present */
-            if (ret == 0) {
+            if (cert_err == 0) {
                 ret = VERIFY_CERT_ERROR;
                 WOLFSSL_ERROR_VERBOSE(ret);
             }
@@ -13467,36 +14395,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
             /* mark as verify error */
             args->verifyErr = 1;
         }
-    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        if (x509Free) {
-            FreeX509(x509);
-        }
-    #endif
-    #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-        wolfSSL_sk_X509_pop_free(store->chain, NULL);
-        store->chain = NULL;
-    #endif
-    #ifdef SESSION_CERTS
-        if ((ssl != NULL) && (store->discardSessionCerts)) {
-            WOLFSSL_MSG("Verify callback requested discard sess certs");
-            ssl->session->chain.count = 0;
-        #ifdef WOLFSSL_ALT_CERT_CHAINS
-            ssl->session->altChain.count = 0;
-        #endif
-        }
-    #endif /* SESSION_CERTS */
-#ifdef OPENSSL_EXTRA
-        if ((ssl != NULL) && (store->param)) {
-            XFREE(store->param, heap, DYNAMIC_TYPE_OPENSSL);
-        }
-#endif
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(domain, heap, DYNAMIC_TYPE_STRING);
-        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        XFREE(x509, heap, DYNAMIC_TYPE_X509);
-        #endif
-        XFREE(store, heap, DYNAMIC_TYPE_X509_STORE);
-    #endif
+        CleanupStoreCtxCallback(store, ssl, heap, x509Free);
     }
 
     (void)heap;
@@ -13504,21 +14403,61 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
     return ret;
 }
 
+#ifdef HAVE_CRL
+void DoCrlCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
+        ProcPeerCertArgs* args, int* outRet)
+{
+#if defined(WOLFSSL_LOCAL_X509_STORE) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_QT))
+    int ret = 0;
+    void* heap = (ssl != NULL) ? ssl->heap : cm->heap;
+    WOLFSSL_X509_STORE* cert_store = (ssl != NULL) ? SSL_STORE(ssl) : NULL;
+
+    if (cert_store != NULL && cert_store->get_crl_cb != NULL) {
+        WOLFSSL_CRL* userCrl = NULL;
+        WOLFSSL_X509_STORE_CTX* store = NULL;
+        int x509Free = 0;
+
+        ret = SetupStoreCtxCallback(&store, ssl, cm, args, 0, heap,
+                &x509Free);
+        if (ret != 0) {
+            *outRet = ret;
+            return;
+        }
+
+        ret = cert_store->get_crl_cb(store, &userCrl, store->current_cert);
+        if (ret == 1 && userCrl != NULL) {
+            /* Point to current cm to be able to verify CRL */
+            userCrl->cm = SSL_CM(ssl);
+            *outRet = CheckCertCRL(userCrl, args->dCert);
+        }
+        else
+            *outRet = CRL_MISSING;
+
+        if (userCrl != NULL)
+            wolfSSL_X509_CRL_free(userCrl);
+        CleanupStoreCtxCallback(store, ssl, heap, x509Free);
+    }
+#else
+    (void)cm;
+    (void)ssl;
+    (void)args;
+    (void)outRet;
+#endif
+}
+#endif
+
 static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
 {
     ProcPeerCertArgs* args = (ProcPeerCertArgs*)pArgs;
 
     (void)ssl;
 
-    if (args->certs) {
-        XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
-        args->certs = NULL;
-    }
+    XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
+    args->certs = NULL;
 #ifdef WOLFSSL_TLS13
-    if (args->exts) {
-        XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
-        args->exts = NULL;
-    }
+    XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
+    args->exts = NULL;
 #endif
     if (args->dCert) {
         if (args->dCertInit) {
@@ -13531,7 +14470,8 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
 }
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
 /* load certificate file which has the form <hash>.(r)N[0..N]       */
 /* in the folder.                                                   */
 /* (r), in the case of CRL file                                     */
@@ -13573,7 +14513,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
     #if defined(NO_SHA) && !defined(NO_SHA256)
         retHash = wc_Sha256Hash((const byte*)pbuf, len, dgt);
     #elif !defined(NO_SHA)
-        retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
+        retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt);
     #endif
         if (retHash == 0) {
             /* 4 bytes in little endian as unsigned long */
@@ -13627,9 +14567,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
         /* / <hashvalue>.(r)N\0                                         */
         /*|1|     8    |1|1|1|1|           => 13                        */
         len = (int)XSTRLEN(entry->dir_name) + 13;
-        if (filename != NULL) {
-            XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
-        }
+        XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
 
         filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
         if (filename == NULL) {
@@ -13643,7 +14581,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
 
         for (; suffix < MAX_SUFFIX; suffix++) {
             /* /folder-path/<hash>.(r)N[0..9] */
-            if (XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name,
+            if (XSNPRINTF(filename, (size_t)len, "%s/%08lx.%s%d", entry->dir_name,
                                                        hash, post, suffix)
                 >= len)
             {
@@ -13704,7 +14642,8 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
                         ph->hash_value = hash;
                         ph->last_suffix = suffix;
 
-                        ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
+                        ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph) > 0
+                                ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     }
                 }
                 wc_UnLockMutex(&lookup->dirs->lock);
@@ -13738,6 +14677,7 @@ static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args,
     buffer* cert;
     byte* subjectHash = NULL;
     int alreadySigner = 0;
+    Signer *extraSigners = NULL;
 #if defined(HAVE_RPK)
     int cType;
 #endif
@@ -13768,7 +14708,7 @@ PRAGMA_GCC_DIAG_POP
     /* check if returning from non-blocking OCSP */
     /* skip this section because cert is already initialized and parsed */
 #ifdef WOLFSSL_NONBLOCK_OCSP
-    if (args->lastErr == OCSP_WANT_READ) {
+    if (args->lastErr == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
         args->lastErr = 0; /* clear error */
         return 0;
     }
@@ -13798,7 +14738,7 @@ PRAGMA_GCC_DIAG_POP
         }
 
         /* perform cert parsing and signature check */
-        sigRet = CheckCertSignature(cert->buffer, cert->length,
+        sigRet = wc_CheckCertSignature(cert->buffer, cert->length,
                                          ssl->heap, SSL_CM(ssl));
         /* fail on errors here after the ParseCertRelative call, so dCert is populated */
 
@@ -13839,9 +14779,13 @@ PRAGMA_GCC_DIAG_POP
             return ret;
     #endif
     }
-
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+    if (verify != NO_VERIFY && TLSX_CSR2_IsMulti(ssl->extensions)) {
+        extraSigners = TLSX_CSR2_GetPendingSigners(ssl->extensions);
+    }
+#endif
     /* Parse Certificate */
-    ret = ParseCertRelative(args->dCert, certType, verify, SSL_CM(ssl));
+    ret = ParseCertRelative(args->dCert, certType, verify, SSL_CM(ssl), extraSigners);
 
 #if defined(HAVE_RPK)
     /* if cert type has negotiated with peer, confirm the cert received has
@@ -13874,7 +14818,9 @@ PRAGMA_GCC_DIAG_POP
 #endif /* HAVE_RPK */
 
     /* perform below checks for date failure cases */
-    if (ret == 0 || ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) {
+    if (ret == 0 ||
+        ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) ||
+        ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
         /* get subject and determine if already loaded */
     #ifndef NO_SKID
         if (args->dCert->extAuthKeyIdSet)
@@ -13897,7 +14843,7 @@ PRAGMA_GCC_DIAG_POP
         *pAlreadySigner = alreadySigner;
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ret = wolfSSL_AsyncPush(ssl,
             args->dCert->sigCtx.asyncDev);
     }
@@ -13909,7 +14855,7 @@ PRAGMA_GCC_DIAG_POP
      * original return code is returned. */
     if (ssl->ctx && ssl->ctx->ProcessPeerCertCb) {
         int new_ret = ssl->ctx->ProcessPeerCertCb(ssl, args->dCert);
-        if (new_ret != NOT_COMPILED_IN) {
+        if (new_ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
             ret = new_ret;
         }
     }
@@ -13978,7 +14924,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
             }
             break;
     #endif /* HAVE_ED448 */
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         case FALCON_LEVEL1k:
             if (ssl->options.minFalconKeySz < 0 ||
@@ -13997,8 +14942,8 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
             }
             break;
     #endif /* HAVE_FALCON */
-    #endif /* HAVE_PQC */
     #if defined(HAVE_DILITHIUM)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
             if (ssl->options.minDilithiumKeySz < 0 ||
                 DILITHIUM_LEVEL2_KEY_SIZE
@@ -14023,6 +14968,31 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
                 ret = DILITHIUM_KEY_SIZE_E;
             }
             break;
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        case ML_DSA_LEVEL2k:
+            if (ssl->options.minDilithiumKeySz < 0 ||
+                ML_DSA_LEVEL2_KEY_SIZE
+                < (word16)ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG("Dilithium key size in cert chain error");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+            break;
+        case ML_DSA_LEVEL3k:
+            if (ssl->options.minDilithiumKeySz < 0 ||
+                ML_DSA_LEVEL3_KEY_SIZE
+                < (word16)ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG( "Dilithium key size in cert chain error");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+            break;
+        case ML_DSA_LEVEL5k:
+            if (ssl->options.minDilithiumKeySz < 0 ||
+                ML_DSA_LEVEL5_KEY_SIZE
+                < (word16)ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG("Dilithium key size in cert chain error");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+            break;
     #endif /* HAVE_DILITHIUM */
         default:
             WOLFSSL_MSG("Key size not checked");
@@ -14034,11 +15004,59 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
     return ret;
 }
 
+#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) \
+        && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+static int ProcessPeerCertsChainOCSPStatusCheck(WOLFSSL* ssl)
+{
+    int ret = 0;
+    word32 i;
+    word32 idx = 0;
+    TLSX* ext =  TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    CertificateStatusRequest* csr;
+
+    if (ext) {
+        csr = (CertificateStatusRequest*)ext->data;
+        if (csr == NULL) {
+            return 0;
+        }
+    } else
+        return 0;
+
+    /* error when leaf cert doesn't have certificate status */
+    if (csr->requests < 1 || csr->responses[0].length == 0) {
+        WOLFSSL_MSG("Leaf cert doesn't have certificate status.");
+        return BAD_CERTIFICATE_STATUS_ERROR;
+    }
+
+    for (i = 0; i < csr->requests; i++) {
+        if (csr->responses[i].length != 0) {
+            ssl->status_request = 1;
+            idx = 0;
+            ret = ProcessCSR_ex(ssl,
+                    csr->responses[i].buffer,
+                    &idx, csr->responses[i].length, i);
+            if (ret < 0) {
+                WOLFSSL_ERROR_VERBOSE(ret);
+                break;
+            }
+        }
+        else {
+            WOLFSSL_MSG("Intermediate cert doesn't have certificate status.");
+        }
+    }
+
+    return ret;
+}
+
+#endif
+
 #ifdef HAVE_CRL
-static int ProcessPeerCertsChainCRLCheck(WOLFSSL_CERT_MANAGER* cm, Signer* ca)
+static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args)
 {
     Signer* prev = NULL;
     int ret = 0;
+    WOLFSSL_CERT_MANAGER* cm = SSL_CM(ssl);
+    Signer* ca = args->dCert->ca;
     /* End loop if no more issuers found or if we have
      * found a self signed cert (ca == prev) */
     for (; ret == 0 && ca != NULL && ca != prev;
@@ -14046,12 +15064,36 @@ static int ProcessPeerCertsChainCRLCheck(WOLFSSL_CERT_MANAGER* cm, Signer* ca)
         ret = CheckCertCRL_ex(cm->crl, ca->issuerNameHash, NULL, 0,
                 ca->serialHash, NULL, 0, NULL);
         if (ret != 0)
+            DoCrlCallback(cm, ssl, args, &ret);
+        if (ret != 0){
+            WOLFSSL_ERROR_VERBOSE(ret);
+            WOLFSSL_MSG("\tCRL check not ok");
             break;
+        }
     }
     return ret;
 }
 #endif
 
+#ifdef OPENSSL_EXTRA
+/* account for verify params flag set */
+static int AdjustCMForParams(WOLFSSL* ssl)
+{
+    int flags;
+    WOLFSSL_X509_VERIFY_PARAM* param;
+
+    param = wolfSSL_get0_param(ssl);
+    flags = wolfSSL_X509_VERIFY_PARAM_get_flags(param);
+
+    /* For now there is a possible contradiction of PARAM flags and store flags.
+     * Do not disable CRL support if it has already been enabled with store. */
+    if (flags == 0) {
+        return WOLFSSL_SUCCESS;
+    }
+    return wolfSSL_X509_STORE_set_flags(SSL_STORE(ssl), flags);
+}
+#endif
+
 int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      word32 totalSz)
 {
@@ -14067,6 +15109,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     byte* subjectHash = NULL;
     int alreadySigner = 0;
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    int addToPendingCAs = 0;
+#endif
     WOLFSSL_ENTER("ProcessPeerCerts");
 
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
@@ -14080,7 +15125,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     args = (ProcPeerCertArgs*)ssl->async->args;
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_ppc;
@@ -14088,11 +15133,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     else
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifdef WOLFSSL_NONBLOCK_OCSP
-    if (ssl->error == OCSP_WANT_READ) {
+    if (ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
         /* Re-entry after non-blocking OCSP */
     #ifdef WOLFSSL_ASYNC_CRYPT
-        /* if async operationg not pending, reset error code */
-        if (ret == WC_NO_PENDING_E)
+        /* if async operations not pending, reset error code */
+        if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E))
             ret = 0;
     #endif
     }
@@ -14117,6 +15162,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     #endif
     }
 
+#ifdef OPENSSL_EXTRA
+    /* account for verify params flag set */
+    if (AdjustCMForParams(ssl) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Issue with updating store flags from PARAMS set");
+        ERROR_OUT(WOLFSSL_FAILURE, exit_ppc);
+    }
+#endif
+
     switch (ssl->options.asyncState)
     {
         case TLS_ASYNC_BEGIN:
@@ -14210,7 +15263,25 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 ERROR_OUT(BUFFER_ERROR, exit_ppc);
             }
             c24to32(input + args->idx, &listSz);
-            args->idx += OPAQUE24_LEN;
+#ifdef HAVE_RPK
+            /*
+             * If this is RPK from the peer, then single cert (if TLS1.2).
+             * So, ListSz location is same as CertSz location, so fake
+             * we have just seen this ListSz.
+             */
+            if (!IsAtLeastTLSv1_3(ssl->version) &&
+                ((ssl->options.side == WOLFSSL_SERVER_END &&
+                  ssl->options.rpkState.received_ClientCertTypeCnt == 1 &&
+                  ssl->options.rpkState.received_ClientCertTypes[0] == WOLFSSL_CERT_TYPE_RPK) ||
+                 (ssl->options.side == WOLFSSL_CLIENT_END &&
+                  ssl->options.rpkState.received_ServerCertTypeCnt == 1 &&
+                  ssl->options.rpkState.received_ServerCertTypes[0] == WOLFSSL_CERT_TYPE_RPK))) {
+                listSz += OPAQUE24_LEN;
+            } else
+#endif /* HAVE_RPK */
+            {
+                args->idx += OPAQUE24_LEN;
+            }
             if (listSz > MAX_CERTIFICATE_SZ) {
                 ERROR_OUT(BUFFER_ERROR, exit_ppc);
             }
@@ -14288,8 +15359,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     args->idx += extSz;
                     listSz -= extSz + OPAQUE16_LEN;
                     WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions",
-                            args->exts[args->totalCerts].length);
+                        args->exts[args->totalCerts].length);
                     #if !defined(NO_TLS)
+                    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+                    ssl->response_idx = args->totalCerts;
+                    #endif
                     ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer,
                         (word16)args->exts[args->totalCerts].length,
                         certificate, NULL);
@@ -14408,8 +15482,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         &subjectHash, &alreadySigner);
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
-                    if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) {
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
+                    if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+                        ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
                         WOLFSSL_MSG("try to load certificate if hash dir is set");
                         ret = LoadCertByIssuer(SSL_STORE(ssl),
                            (WOLFSSL_X509_NAME*)args->dCert->issuerName,
@@ -14429,14 +15505,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     }
 #endif
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (ret == WC_PENDING_E)
+                    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                         goto exit_ppc;
                 #endif
                     if (ret == 0) {
                         ret = ProcessPeerCertCheckKey(ssl, args);
                     }
-                    else if (ret == ASN_PARSE_E || ret == BUFFER_E ||
-                             ret == MEMORY_E) {
+                    else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) ||
+                             ret == WC_NO_ERR_TRACE(BUFFER_E) ||
+                             ret == WC_NO_ERR_TRACE(MEMORY_E)) {
                         WOLFSSL_MSG(
                             "Got Peer cert ASN PARSE_E, BUFFER E, MEMORY_E");
                         ERROR_OUT(ret, exit_ppc);
@@ -14471,19 +15548,36 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     if (ret == 0) {
                 #ifdef HAVE_OCSP
                     #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
-                        if (ssl->status_request_v2) {
+                        addToPendingCAs = 0;
+                        if (ssl->options.side == WOLFSSL_CLIENT_END &&
+                            ssl->status_request_v2 &&
+                            TLSX_CSR2_IsMulti(ssl->extensions)) {
                             ret = TLSX_CSR2_InitRequests(ssl->extensions,
                                                     args->dCert, 0, ssl->heap);
+                            addToPendingCAs = 1;
                         }
                         else /* skips OCSP and force CRL check */
                     #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
+                    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+                        if (IsAtLeastTLSv1_3(ssl->version) &&
+                            ssl->options.side == WOLFSSL_CLIENT_END &&
+                            ssl->status_request) {
+                            /* We check CSR in Certificate message sent from
+                             * Server. Server side will check client
+                             * certificates by traditional OCSP if enabled
+                             */
+                            ret = TLSX_CSR_InitRequest_ex(ssl->extensions,
+                                    args->dCert, ssl->heap, args->certIdx);
+                        }
+                        else
+                    #endif
                         if (SSL_CM(ssl)->ocspEnabled &&
                                             SSL_CM(ssl)->ocspCheckAll) {
                             WOLFSSL_MSG("Doing Non Leaf OCSP check");
                             ret = CheckCertOCSP_ex(SSL_CM(ssl)->ocsp,
                                                     args->dCert, ssl);
                         #ifdef WOLFSSL_NONBLOCK_OCSP
-                            if (ret == OCSP_WANT_READ) {
+                            if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
                                 args->lastErr = ret;
                                 goto exit_ppc;
                             }
@@ -14507,7 +15601,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                    responder, do a CRL lookup. If any other
                                    error, skip the CRL lookup and fail the
                                    certificate. */
-                                doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
+                                doCrlLookup = (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN));
                             }
                         #endif /* HAVE_OCSP */
 
@@ -14520,19 +15614,21 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                  * same WOULD_BLOCK error code as OCSP's I/O
                                  * callback, and it is enabling it using the
                                  * same flag. */
-                                if (ret == OCSP_WANT_READ) {
+                                if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
                                     args->lastErr = ret;
                                     goto exit_ppc;
                                 }
                             #endif
+                                if (ret != 0)
+                                    DoCrlCallback(SSL_CM(ssl), ssl, args, &ret);
                                 if (ret != 0) {
                                     WOLFSSL_ERROR_VERBOSE(ret);
                                     WOLFSSL_MSG("\tCRL check not ok");
                                 }
                                 if (ret == 0 &&
                                         args->certIdx == args->totalCerts-1) {
-                                    ret = ProcessPeerCertsChainCRLCheck(
-                                            SSL_CM(ssl), args->dCert->ca);
+                                    ret = ProcessPeerCertsChainCRLCheck(ssl,
+                                            args);
                                     if (ret != 0) {
                                         WOLFSSL_ERROR_VERBOSE(ret);
                                         WOLFSSL_MSG("\tCRL chain check not ok");
@@ -14561,7 +15657,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         chain mode only requires that the peer certificate
                         validate to a trusted CA */
                     if (ret != 0 && args->dCert->isCA) {
-                        if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) {
+                        if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+                            ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
                             if (!ssl->options.usingAltCertChain) {
                                 WOLFSSL_MSG("Trying alternate cert chain");
                                 ssl->options.usingAltCertChain = 1;
@@ -14584,7 +15681,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      * for a CA cert to fail validation here, as we will verify
                      * the entire chain when we hit the peer (leaf) cert */
                     if ((ssl->ctx->doAppleNativeCertValidationFlag)
-                        && (ret == ASN_NO_SIGNER_E)) {
+                        && (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E))) {
 
                         WOLFSSL_MSG("Bypassing errors to allow for Apple native"
                                     " CA validation");
@@ -14602,8 +15699,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     /* Do verify callback */
                     ret = DoVerifyCallback(SSL_CM(ssl), ssl, ret, args);
                     if (ssl->options.verifyNone &&
-                              (ret == CRL_MISSING || ret == CRL_CERT_REVOKED ||
-                               ret == CRL_CERT_DATE_ERR)) {
+                              (ret == WC_NO_ERR_TRACE(CRL_MISSING) ||
+                               ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED) ||
+                               ret == WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR))) {
                         WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
                         ret = ssl->error = 0;
                     }
@@ -14614,6 +15712,66 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         skipAddCA = 1;
                     }
                 #endif
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+                    if (ret == 0 && addToPendingCAs && !alreadySigner) {
+#ifdef WOLFSSL_SMALL_STACK
+                        DecodedCert *dCertAdd = NULL;
+#else
+                        DecodedCert dCertAdd[1];
+#endif
+                        int dCertAdd_inited = 0;
+                        DerBuffer *derBuffer = NULL;
+                        buffer* cert = &args->certs[args->certIdx];
+                        Signer *s = NULL;
+
+#ifdef WOLFSSL_SMALL_STACK
+                        dCertAdd = (DecodedCert *)
+                            XMALLOC(sizeof(*dCertAdd), ssl->heap,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+                        if (dCertAdd == NULL) {
+                            ret = MEMORY_E;
+                            goto exit_req_v2;
+                        }
+#endif
+                        InitDecodedCert(dCertAdd, cert->buffer, cert->length,
+                                        ssl->heap);
+                        dCertAdd_inited = 1;
+                        ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY,
+                                        SSL_CM(ssl));
+                        if (ret != 0) {
+                            goto exit_req_v2;
+                        }
+                        ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap);
+                        if (ret != 0 || derBuffer == NULL) {
+                            goto exit_req_v2;
+                        }
+                        XMEMCPY(derBuffer->buffer, cert->buffer, cert->length);
+                        s = MakeSigner(SSL_CM(ssl)->heap);
+                        if (s == NULL) {
+                            ret = MEMORY_E;
+                            goto exit_req_v2;
+                        }
+                        ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer);
+                        if (ret != 0) {
+                            goto exit_req_v2;
+                        }
+                        skipAddCA = 1;
+                        ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s);
+
+                    exit_req_v2:
+                        if (s && (ret != 0))
+                            FreeSigner(s, SSL_CM(ssl)->heap);
+                        if (derBuffer)
+                            FreeDer(&derBuffer);
+                        if (dCertAdd_inited)
+                            FreeDecodedCert(dCertAdd);
+#ifdef WOLFSSL_SMALL_STACK
+                        XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+                        if (ret != 0)
+                            goto exit_ppc;
+                    }
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
 
                     /* If valid CA then add to Certificate Manager */
                     if (ret == 0 && args->dCert->isCA &&
@@ -14694,8 +15852,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         &subjectHash, &alreadySigner);
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
-                    if (ret == ASN_NO_SIGNER_E || ret == ASN_SELF_SIGNED_E) {
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
+    !defined(NO_STDIO_FILESYSTEM)
+                    if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+                        ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
                         int lastErr = ret; /* save error from last time */
                         WOLFSSL_MSG("try to load certificate if hash dir is set");
                         ret = LoadCertByIssuer(SSL_STORE(ssl),
@@ -14716,7 +15876,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     }
 #endif
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     goto exit_ppc;
             #endif
                 if (ret == 0) {
@@ -14773,8 +15933,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         args->fatal = 0;
                     }
                 }
-                else if (ret == ASN_PARSE_E || ret == BUFFER_E ||
-                         ret == MEMORY_E || ret == BAD_FUNC_ARG) {
+                else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) ||
+                         ret == WC_NO_ERR_TRACE(BUFFER_E) ||
+                         ret == WC_NO_ERR_TRACE(MEMORY_E) ||
+                         ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
                     WOLFSSL_MSG("Got Peer cert ASN_PARSE_E, BUFFER_E, MEMORY_E,"
                                 " BAD_FUNC_ARG");
                 #if defined(WOLFSSL_EXTRA_ALERTS) || defined(OPENSSL_EXTRA) || \
@@ -14792,11 +15954,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
                     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
                     if (ssl->peerVerifyRet == 0) { /* Return first cert error here */
-                        if (ret == ASN_BEFORE_DATE_E) {
+                        if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E)) {
                             ssl->peerVerifyRet =
                            (unsigned long)WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID;
                         }
-                        else if (ret == ASN_AFTER_DATE_E) {
+                        else if (ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
                             ssl->peerVerifyRet =
                             (unsigned long)WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED;
                         }
@@ -14812,7 +15974,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         WOLFSSL_MSG(
                             "\tCallback override available, will continue");
                         /* check if fatal error */
-                        args->fatal = (args->verifyErr) ? 1 : 0;
+                        args->fatal = (args->verifyErr) ? (word16)(1)
+                                                        : (word16)(0);
                         if (args->fatal)
                             DoCertFatalAlert(ssl, ret);
                     }
@@ -14889,24 +16052,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     if (ssl->options.side == WOLFSSL_CLIENT_END) {
                 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
                         if (ssl->status_request) {
-                            args->fatal = (TLSX_CSR_InitRequest(ssl->extensions,
-                                                args->dCert, ssl->heap) != 0);
+                            args->fatal = (TLSX_CSR_InitRequest_ex(
+                                                ssl->extensions, args->dCert,
+                                                ssl->heap, args->certIdx) != 0);
                             doLookup = 0;
                             WOLFSSL_MSG("\tHave status request");
                         #if defined(WOLFSSL_TLS13)
                             if (ssl->options.tls1_3) {
-                                TLSX* ext = TLSX_Find(ssl->extensions,
-                                                           TLSX_STATUS_REQUEST);
-                                if (ext != NULL) {
-                                    word32 idx = 0;
-                                    CertificateStatusRequest* csr =
-                                           (CertificateStatusRequest*)ext->data;
-                                    ret = ProcessCSR(ssl, csr->response.buffer,
-                                                    &idx, csr->response.length);
-                                    if (ret < 0) {
-                                        WOLFSSL_ERROR_VERBOSE(ret);
-                                        goto exit_ppc;
-                                    }
+                                ret = ProcessPeerCertsChainOCSPStatusCheck(ssl);
+                                if (ret < 0) {
+                                    WOLFSSL_ERROR_VERBOSE(ret);
+                                    goto exit_ppc;
                                 }
                             }
                         #endif
@@ -14934,11 +16090,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         ret = CheckCertOCSP_ex(SSL_CM(ssl)->ocsp,
                                                     args->dCert, ssl);
                     #ifdef WOLFSSL_NONBLOCK_OCSP
-                        if (ret == OCSP_WANT_READ) {
+                        if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
                             goto exit_ppc;
                         }
                     #endif
-                        doLookup = (ret == OCSP_CERT_UNKNOWN);
+                        doLookup = (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN));
                         if (ret != 0) {
                             WOLFSSL_MSG("\tOCSP Lookup not ok");
                             args->fatal = 0;
@@ -14946,9 +16102,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             if (ssl->peerVerifyRet == 0) {
                                 /* Return first cert error here */
                                 ssl->peerVerifyRet =
-                                        ret == OCSP_CERT_REVOKED
-                                            ? WOLFSSL_X509_V_ERR_CERT_REVOKED
-                                            : WOLFSSL_X509_V_ERR_CERT_REJECTED;
+                                    ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED)
+                                    ? WOLFSSL_X509_V_ERR_CERT_REVOKED
+                                    : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
                         #endif
                         }
@@ -14964,10 +16120,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                          * same WOULD_BLOCK error code as OCSP's I/O
                          * callback, and it is enabling it using the
                          * same flag. */
-                        if (ret == OCSP_WANT_READ) {
+                        if (ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
                             goto exit_ppc;
                         }
                     #endif
+                        if (ret != 0)
+                            DoCrlCallback(SSL_CM(ssl), ssl, args, &ret);
                         if (ret != 0) {
                             WOLFSSL_MSG("\tCRL check not ok");
                             args->fatal = 0;
@@ -14975,7 +16133,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             if (ssl->peerVerifyRet == 0) {
                                 /* Return first cert error here */
                                 ssl->peerVerifyRet =
-                                        ret == CRL_CERT_REVOKED
+                                        ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED)
                                             ? WOLFSSL_X509_V_ERR_CERT_REVOKED
                                             : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
@@ -14986,8 +16144,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             SSL_CM(ssl)->crlCheckAll && args->totalCerts == 1) {
                         /* Check the entire cert chain */
                         if (args->dCert->ca != NULL) {
-                            ret = ProcessPeerCertsChainCRLCheck(SSL_CM(ssl),
-                                    args->dCert->ca);
+                            ret = ProcessPeerCertsChainCRLCheck(ssl, args);
                             if (ret != 0) {
                                 WOLFSSL_ERROR_VERBOSE(ret);
                                 WOLFSSL_MSG("\tCRL chain check not ok");
@@ -15007,28 +16164,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 if (args->fatal == 0) {
                     int copyRet = 0;
 
-                    #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
-                        if (ssl->options.handShakeDone) {
-                            FreeX509(&ssl->peerCert);
-                            InitX509(&ssl->peerCert, 0, ssl->heap);
-                        }
-                        else
-                    #endif
-                    #ifdef HAVE_SECURE_RENEGOTIATION
-                        if (ssl->secure_renegotiation &&
-                                           ssl->secure_renegotiation->enabled) {
-                            /* free old peer cert */
-                            FreeX509(&ssl->peerCert);
-                            InitX509(&ssl->peerCert, 0, ssl->heap);
-                        }
-                        else
-                    #endif
-                        {
-                        }
-
-                    /* set X509 format for peer cert */
+                    /* free old peer cert */
+                    FreeX509(&ssl->peerCert);
+                    InitX509(&ssl->peerCert, 0, ssl->heap);
                     copyRet = CopyDecodedToX509(&ssl->peerCert, args->dCert);
-                    if (copyRet == MEMORY_E) {
+                    if (copyRet == WC_NO_ERR_TRACE(MEMORY_E)) {
                         args->fatal = 1;
                     }
                 }
@@ -15129,7 +16269,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     if (args->dCert->altNames) {
                         if (CheckForAltNames(args->dCert,
                                 (char*)ssl->buffers.domainName.buffer,
-                                NULL) != 1) {
+                                (ssl->buffers.domainName.buffer == NULL ? 0 :
+                                (word32)XSTRLEN(
+                                (const char *)ssl->buffers.domainName.buffer)),
+                                NULL, 0) != 1) {
                             WOLFSSL_MSG("DomainName match on alt names failed");
                             /* try to get peer key still */
                             ret = DOMAIN_NAME_MISMATCH;
@@ -15138,9 +16281,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     }
                     else {
                         if (MatchDomainName(
-                                 args->dCert->subjectCN,
-                                 args->dCert->subjectCNLen,
-                                 (char*)ssl->buffers.domainName.buffer) == 0) {
+                                args->dCert->subjectCN,
+                                args->dCert->subjectCNLen,
+                                (char*)ssl->buffers.domainName.buffer,
+                                (ssl->buffers.domainName.buffer == NULL ? 0 :
+                                (word32)XSTRLEN(
+                                (const char *)ssl->buffers.domainName.buffer)
+                                ), 0) == 0)
+                        {
                             WOLFSSL_MSG("DomainName match on common name failed");
                             ret = DOMAIN_NAME_MISMATCH;
                             WOLFSSL_ERROR_VERBOSE(ret);
@@ -15150,11 +16298,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     /* Old behavior. */
                     if (MatchDomainName(args->dCert->subjectCN,
                                 args->dCert->subjectCNLen,
-                                (char*)ssl->buffers.domainName.buffer) == 0) {
+                                (char*)ssl->buffers.domainName.buffer,
+                                (ssl->buffers.domainName.buffer == NULL ? 0 :
+                                (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
+                    {
                         WOLFSSL_MSG("DomainName match on common name failed");
                         if (CheckForAltNames(args->dCert,
                                  (char*)ssl->buffers.domainName.buffer,
-                                 NULL) != 1) {
+                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
+                                 (word32)XSTRLEN(ssl->buffers.domainName.buffer)),
+                                 NULL, 0) != 1) {
                             WOLFSSL_MSG(
                                 "DomainName match on alt names failed too");
                             /* try to get peer key still */
@@ -15445,7 +16598,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         break;
                     }
                 #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
-                #if defined(HAVE_PQC)
                 #if defined(HAVE_FALCON)
                     case FALCON_LEVEL1k:
                     case FALCON_LEVEL5k:
@@ -15495,10 +16647,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         break;
                     }
                 #endif /* HAVE_FALCON */
-                #if defined(HAVE_DILITHIUM)
+                #if defined(HAVE_DILITHIUM) && \
+                    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+                    case ML_DSA_LEVEL2k:
+                    case ML_DSA_LEVEL3k:
+                    case ML_DSA_LEVEL5k:
+                    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                     case DILITHIUM_LEVEL2k:
                     case DILITHIUM_LEVEL3k:
                     case DILITHIUM_LEVEL5k:
+                    #endif
                     {
                         int keyRet = 0;
                         if (ssl->peerDilithiumKey == NULL) {
@@ -15512,18 +16670,32 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         }
 
                         if (keyRet == 0) {
-                            if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
+                            if (args->dCert->keyOID == ML_DSA_LEVEL2k) {
                                 keyRet = wc_dilithium_set_level(
-                                             ssl->peerDilithiumKey, 2);
+                                             ssl->peerDilithiumKey, WC_ML_DSA_44);
+                            }
+                            else if (args->dCert->keyOID == ML_DSA_LEVEL3k) {
+                                keyRet = wc_dilithium_set_level(
+                                             ssl->peerDilithiumKey, WC_ML_DSA_65);
+                            }
+                            else if (args->dCert->keyOID == ML_DSA_LEVEL5k) {
+                                keyRet = wc_dilithium_set_level(
+                                             ssl->peerDilithiumKey, WC_ML_DSA_87);
+                            }
+                            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+                            else if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
+                                keyRet = wc_dilithium_set_level(
+                                             ssl->peerDilithiumKey, WC_ML_DSA_44_DRAFT);
                             }
                             else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
                                 keyRet = wc_dilithium_set_level(
-                                             ssl->peerDilithiumKey, 3);
+                                             ssl->peerDilithiumKey, WC_ML_DSA_65_DRAFT);
                             }
                             else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
                                 keyRet = wc_dilithium_set_level(
-                                             ssl->peerDilithiumKey, 5);
+                                             ssl->peerDilithiumKey, WC_ML_DSA_87_DRAFT);
                             }
+                            #endif
                         }
 
                         if (keyRet != 0 ||
@@ -15548,7 +16720,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         break;
                     }
                 #endif /* HAVE_DILITHIUM */
-                #endif /* HAVE_PQC */
                     default:
                         break;
                 }
@@ -15607,8 +16778,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             ret = DoVerifyCallback(SSL_CM(ssl), ssl, ret, args);
 
             if (ssl->options.verifyNone &&
-                              (ret == CRL_MISSING || ret == CRL_CERT_REVOKED ||
-                               ret == CRL_CERT_DATE_ERR)) {
+                              (ret == WC_NO_ERR_TRACE(CRL_MISSING) ||
+                               ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED) ||
+                               ret == WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR))) {
                 WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
                 ret = ssl->error = 0;
             }
@@ -15624,13 +16796,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 ssl->options.serverState = SERVER_CERT_COMPLETE;
             }
 
-            if (IsEncryptionOn(ssl, 0)) {
+            if (IsEncryptionOn(ssl, 0))
                 args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                if (ssl->options.startedETMRead)
-                    args->idx += MacSize(ssl);
-            #endif
-            }
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_END;
@@ -15655,7 +16822,8 @@ exit_ppc:
 
 
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-    if (ret == WC_PENDING_E || ret == OCSP_WANT_READ) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+        ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
         /* Mark message as not received so it can process again */
         ssl->msgsReceived.got_certificate = 0;
 
@@ -15701,7 +16869,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     /* Reset the session cert chain count in case the session resume failed,
      * do not reset if we are resuming after an async wait */
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-    if (ssl->error != OCSP_WANT_READ && ssl->error != WC_PENDING_E)
+    if (ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ) &&
+        ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
 #endif
     {
         ssl->session->chain.count = 0;
@@ -15730,6 +16899,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     int    ret = 0;
     byte   status_type;
     word32 status_length;
+    int endCertificateOK = 0;
 
     WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_DO);
     WOLFSSL_ENTER("DoCertificateStatus");
@@ -15753,6 +16923,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */
         case WOLFSSL_CSR2_OCSP:
             ret = ProcessCSR(ssl, input, inOutIdx, status_length);
+            endCertificateOK = (ret == 0);
             break;
 
     #endif
@@ -15763,6 +16934,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             OcspRequest* request;
             word32 list_length = status_length;
             byte   idx = 0;
+            Signer *pendingCAs = NULL;
 
             #ifdef WOLFSSL_SMALL_STACK
                 CertStatus*   status;
@@ -15774,14 +16946,12 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 OcspResponse response[1];
             #endif
 
-            do {
-                if (ssl->status_request_v2) {
-                    ssl->status_request_v2 = 0;
-                    break;
-                }
-
+            if (!ssl->status_request_v2)
                 return BUFFER_ERROR;
-            } while(0);
+
+            ssl->status_request_v2 = 0;
+
+            pendingCAs = TLSX_CSR2_GetPendingSigners(ssl->extensions);
 
             #ifdef WOLFSSL_SMALL_STACK
                 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
@@ -15792,12 +16962,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                                              DYNAMIC_TYPE_OCSP_REQUEST);
 
                 if (status == NULL || single == NULL || response == NULL) {
-                    if (status)
-                        XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-                    if (single)
-                        XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-                    if (response)
-                        XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+                    XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+                    XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+                    XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
 
                     return MEMORY_ERROR;
                 }
@@ -15821,23 +16988,27 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 if (status_length) {
                     InitOcspResponse(response, single, status, input +*inOutIdx,
                                      status_length, ssl->heap);
-
+                    response->pendingCAs = pendingCAs;
                     if ((OcspResponseDecode(response, SSL_CM(ssl), ssl->heap,
-                                                                        0) != 0)
+                            0, 0) != 0)
                     ||  (response->responseStatus != OCSP_SUCCESSFUL)
                     ||  (response->single->status->status != CERT_GOOD))
                         ret = BAD_CERTIFICATE_STATUS_ERROR;
 
-                    while (ret == 0) {
+                    if (ret == 0) {
                         request = (OcspRequest*)TLSX_CSR2_GetRequest(
-                                ssl->extensions, status_type, idx++);
+                                ssl->extensions, status_type, idx);
 
-                        if (request == NULL)
+                        if (request == NULL) {
                             ret = BAD_CERTIFICATE_STATUS_ERROR;
-                        else if (CompareOcspReqResp(request, response) == 0)
-                            break;
-                        else if (idx == 1) /* server cert must be OK */
+                        }
+                        else if (CompareOcspReqResp(request, response) != 0) {
                             ret = BAD_CERTIFICATE_STATUS_ERROR;
+                        }
+                        else {
+                            if (idx == 0) /* server cert must be OK */
+                                endCertificateOK = 1;
+                        }
                     }
 
                     /* only frees 'single' if single->isDynamic is set */
@@ -15846,6 +17017,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     *inOutIdx   += status_length;
                     list_length -= status_length;
                 }
+                idx++;
             }
 
             ssl->status_request_v2 = 0;
@@ -15865,26 +17037,29 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             ret = BUFFER_ERROR;
     }
 
+    /* end certificate MUST be present */
+    if (endCertificateOK == 0)
+        ret = BAD_CERTIFICATE_STATUS_ERROR;
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    if (ret == 0) {
+        if (TLSX_CSR2_MergePendingCA(ssl) < 0) {
+            WOLFSSL_MSG("Failed to merge pending CAs");
+        }
+    }
+    else {
+        TLSX_CSR2_ClearPendingCA(ssl);
+    }
+#endif
+
     if (ret != 0) {
         WOLFSSL_ERROR_VERBOSE(ret);
         SendAlert(ssl, alert_fatal, bad_certificate_status_response);
     }
 
     if (IsEncryptionOn(ssl, 0)) {
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > size)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz + digestSz;
-        }
-        else
-    #endif
-        {
-            if (*inOutIdx + ssl->keys.padSz > size)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz;
-        }
+        if (*inOutIdx + ssl->keys.padSz > size)
+            return BUFFER_E;
+        *inOutIdx += ssl->keys.padSz;
     }
 
     WOLFSSL_LEAVE("DoCertificateStatus", ret);
@@ -15915,24 +17090,12 @@ static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (IsEncryptionOn(ssl, 0)) {
         /* If size == totalSz then we are in DtlsMsgDrain so no need to worry
          * about padding */
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            word32 digestSz = MacSize(ssl);
-            if (size != totalSz &&
-                    *inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz + digestSz;
-        }
-        else
-    #endif
-        {
-            /* access beyond input + size should be checked against totalSz */
-            if (size != totalSz &&
-                    *inOutIdx + ssl->keys.padSz > totalSz)
-                return BUFFER_E;
+        /* access beyond input + size should be checked against totalSz */
+        if (size != totalSz &&
+                *inOutIdx + ssl->keys.padSz > totalSz)
+            return BUFFER_E;
 
-            *inOutIdx += ssl->keys.padSz;
-        }
+        *inOutIdx += ssl->keys.padSz;
     }
 
     if (ssl->options.side == WOLFSSL_SERVER_END) {
@@ -15969,17 +17132,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
      * If size == totalSz then we are in DtlsMsgDrain so no need to worry about
      * padding */
     if (size != totalSz) {
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            if (*inOutIdx + size + ssl->keys.padSz + MacSize(ssl) > totalSz)
-                return BUFFER_E;
-        }
-        else
-    #endif
-        {
-            if (*inOutIdx + size + ssl->keys.padSz > totalSz)
-                return BUFFER_E;
-        }
+        if (*inOutIdx + size + ssl->keys.padSz > totalSz)
+            return BUFFER_E;
     }
 
     #ifdef WOLFSSL_CALLBACKS
@@ -16022,21 +17176,17 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
 
     /* force input exhaustion at ProcessReply consuming padSz */
     *inOutIdx += size + ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        *inOutIdx += MacSize(ssl);
-#endif
 
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
 #endif
         if (!ssl->options.resuming) {
 #ifdef OPENSSL_EXTRA
             if (ssl->CBIS != NULL) {
-                ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
             }
 #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -16049,13 +17199,13 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
     else {
         ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbmode = WOLFSSL_CB_MODE_READ;
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
 #endif
         if (ssl->options.resuming) {
 #ifdef OPENSSL_EXTRA
             if (ssl->CBIS != NULL) {
-                ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
             }
 #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -16268,44 +17418,6 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                 WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
                 return OUT_OF_ORDER_E;
             }
-#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
-                                     defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-            if (ssl->msgsReceived.got_certificate_status == 0) {
-                int csrRet = 0;
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
-                if (csrRet == 0 && ssl->status_request) {
-                    WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
-                    csrRet = TLSX_CSR_ForceRequest(ssl);
-                }
-#endif
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
-                if (csrRet == 0 && ssl->status_request_v2) {
-                    WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
-                    csrRet = TLSX_CSR2_ForceRequest(ssl);
-                }
-#endif
-                if (csrRet != 0) {
-                    /* Error out if OCSP lookups are enabled and failed or if
-                     * the user requires stapling. */
-                    if (SSL_CM(ssl)->ocspEnabled || SSL_CM(ssl)->ocspMustStaple)
-                        return csrRet;
-                }
-                /* Check that a status request extension was seen as the
-                 * CertificateStatus wasn't when an OCSP staple is required.
-                 */
-                if (
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
-                     !ssl->status_request &&
-#endif
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
-                     !ssl->status_request_v2 &&
-#endif
-                                                 SSL_CM(ssl)->ocspMustStaple) {
-                    WOLFSSL_ERROR_VERBOSE(OCSP_CERT_UNKNOWN);
-                    return OCSP_CERT_UNKNOWN;
-                }
-            }
-#endif
 
             break;
 #endif
@@ -16378,6 +17490,54 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                     return OUT_OF_ORDER_E;
                 }
             }
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+                                     defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+            if (ssl->msgsReceived.got_certificate_status == 0) {
+                int csrRet = 0;
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+                if (csrRet == 0 && ssl->status_request) {
+                    WOLFSSL_MSG("No CertificateStatus before ServerHelloDone");
+                    csrRet = TLSX_CSR_ForceRequest(ssl);
+                }
+#endif
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+                if (csrRet == 0 && ssl->status_request_v2) {
+                    WOLFSSL_MSG("No CertificateStatus before ServerHelloDone");
+                    csrRet = TLSX_CSR2_ForceRequest(ssl);
+                }
+                if (ssl->status_request_v2) {
+                    if (csrRet == 0) {
+                        if (TLSX_CSR2_MergePendingCA(ssl) < 0) {
+                            WOLFSSL_MSG("Failed to merge pending CAs");
+                        }
+                    }
+                    else {
+                        TLSX_CSR2_ClearPendingCA(ssl);
+                    }
+                }
+#endif
+                if (csrRet != 0) {
+                    /* Error out if OCSP lookups are enabled and failed or if
+                     * the user requires stapling. */
+                    if (SSL_CM(ssl)->ocspEnabled || SSL_CM(ssl)->ocspMustStaple)
+                        return csrRet;
+                }
+                /* Check that a status request extension was seen as the
+                 * CertificateStatus wasn't when an OCSP staple is required.
+                 */
+                if (
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+                     !ssl->status_request &&
+#endif
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+                     !ssl->status_request_v2 &&
+#endif
+                                                 SSL_CM(ssl)->ocspMustStaple) {
+                    WOLFSSL_ERROR_VERBOSE(OCSP_CERT_UNKNOWN);
+                    return OCSP_CERT_UNKNOWN;
+                }
+            }
+#endif
             break;
 #endif
 
@@ -16562,10 +17722,6 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     expectedIdx = *inOutIdx + size +
                   (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead && ssl->keys.encryptionOn)
-        expectedIdx += MacSize(ssl);
-#endif
 
 #if !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_SECURE_RENEGOTIATION) && \
@@ -16648,13 +17804,13 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     /* hello_request not hashed */
     if (type != hello_request
     #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     #ifdef WOLFSSL_NONBLOCK_OCSP
-            && ssl->error != OCSP_WANT_READ
+            && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ)
     #endif
     ) {
-        ret = HashInput(ssl, input + *inOutIdx, size);
+        ret = HashInput(ssl, input + *inOutIdx, (int)size);
         if (ret != 0) {
             WOLFSSL_MSG("Incomplete handshake hashes");
             return ret;
@@ -16668,6 +17824,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         case certificate_request:
         case server_hello_done:
             if (ssl->options.resuming) {
+                /* Client requested resumption, but server is doing a
+                 * full handshake */
+
+                /* The server's decision to resume isn't known until after the
+                 * "server_hello". If subsequent handshake messages like
+                 * "certificate" or "server_key_exchange" are received then we
+                 * are doing a full handshake */
+
+                /* If the server included a session id then we
+                 * treat this as a fatal error, since the server said it was
+                 * doing resumption, but did not. */
+
                 /* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4
                  *   Alternatively, the client MAY include an empty Session ID
                  *   in the ClientHello.  In this case, the client ignores the
@@ -16676,7 +17844,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                  *   messages.
                  */
 #ifndef WOLFSSL_WPAS
-                if (ssl->session->sessionIDSz != 0) {
+                if (ssl->arrays->sessionIDSz != 0) {
                     /* Fatal error. Only try to send an alert. RFC 5246 does not
                      * allow for reverting back to a full handshake after the
                      * server has indicated the intention to do a resumption. */
@@ -16698,9 +17866,9 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
 #ifdef OPENSSL_EXTRA
     if (ssl->CBIS != NULL){
-        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbmode = WOLFSSL_CB_MODE_READ;
         ssl->cbtype = type;
-        ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+        ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
     }
 #endif
 
@@ -16716,23 +17884,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         WOLFSSL_MSG("processing hello verify request");
         ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
         if (IsEncryptionOn(ssl, 0)) {
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz + digestSz;
-            }
-            else
-        #endif
-            {
-                /* access beyond input + size should be checked against totalSz
-                 */
-                if (*inOutIdx + ssl->keys.padSz > totalSz)
-                    return BUFFER_E;
+            /* access beyond input + size should be checked against totalSz
+             */
+            if (*inOutIdx + ssl->keys.padSz > totalSz)
+                return BUFFER_E;
 
-                *inOutIdx += ssl->keys.padSz;
-            }
+            *inOutIdx += ssl->keys.padSz;
         }
         break;
 
@@ -16747,7 +17904,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                                IsAtLeastTLSv1_3(ssl->version)) {
 
         #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-            if (ret != WC_PENDING_E && ret != OCSP_WANT_READ)
+            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) &&
+                ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))
         #endif
             {
                 ssl->options.cacheMessages = 0;
@@ -16804,13 +17962,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             AddLateName("ServerHelloDone", &ssl->timeoutInfo);
     #endif
         ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead)
-                *inOutIdx += MacSize(ssl);
-        #endif
-        }
         break;
 
     case finished:
@@ -16829,7 +17982,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         if (ssl->options.resuming || !ssl->options.verifyPeer || \
                      !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) {
         #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-            if (ret != WC_PENDING_E && ret != OCSP_WANT_READ)
+            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) &&
+                ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))
         #endif
             {
                 ssl->options.cacheMessages = 0;
@@ -16844,24 +17998,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* If size == totalSz then we are in DtlsMsgDrain so no need to worry
          * about padding */
         if (IsEncryptionOn(ssl, 0)) {
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead) {
-                word32 digestSz = MacSize(ssl);
-                if (size != totalSz &&
-                        *inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz + digestSz;
-            }
-            else
-        #endif
-            {
-                /* access beyond input + size should be checked against totalSz
-                 */
-                if (size != totalSz &&
-                        *inOutIdx + ssl->keys.padSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz;
-            }
+            /* access beyond input + size should be checked against totalSz
+             */
+            if (size != totalSz &&
+                    *inOutIdx + ssl->keys.padSz > totalSz)
+                return BUFFER_E;
+            *inOutIdx += ssl->keys.padSz;
         }
         break;
 
@@ -16895,7 +18037,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
     /* if async, offset index so this msg will be processed again */
-    if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
+    if ((ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+         ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) && *inOutIdx > 0) {
         *inOutIdx -= HANDSHAKE_HEADER_SZ;
     #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
@@ -16905,7 +18048,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     }
 
     /* make sure async error is cleared */
-    if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) {
+    if (ret == 0 && (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+                     ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
         ssl->error = 0;
     }
 #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */
@@ -17028,7 +18172,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         }
 
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ssl->error != WC_PENDING_E)
+        if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
     #endif
         {
             /* for async this copy was already done, do not replace, since
@@ -17048,7 +18192,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                      ssl->arrays->pendingMsgSz - idx,
                                      ssl->arrays->pendingMsgSz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 /* setup to process fragment again */
                 ssl->arrays->pendingMsgOffset -= inputLength;
                 *inOutIdx -= inputLength;
@@ -17080,43 +18224,41 @@ int SendFatalAlertOnly(WOLFSSL *ssl, int error)
 
     switch (error) {
         /* not fatal errors */
-    case WANT_WRITE:
-    case WANT_READ:
-    case ZERO_RETURN:
+    case WC_NO_ERR_TRACE(WANT_WRITE):
+    case WC_NO_ERR_TRACE(WANT_READ):
+    case WC_NO_ERR_TRACE(ZERO_RETURN):
 #ifdef WOLFSSL_NONBLOCK_OCSP
-    case OCSP_WANT_READ:
+    case WC_NO_ERR_TRACE(OCSP_WANT_READ):
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
-    case WC_PENDING_E:
+    case WC_NO_ERR_TRACE(WC_PENDING_E):
 #endif
         return 0;
 
     /* peer already disconnected and ssl is possibly in bad state
      * don't try to send an alert */
-    case SOCKET_ERROR_E:
+    case WC_NO_ERR_TRACE(SOCKET_ERROR_E):
         return error;
 
-    case BUFFER_ERROR:
-    case ASN_PARSE_E:
-    case COMPRESSION_ERROR:
+    case WC_NO_ERR_TRACE(BUFFER_ERROR):
+    case WC_NO_ERR_TRACE(ASN_PARSE_E):
+    case WC_NO_ERR_TRACE(COMPRESSION_ERROR):
         why = decode_error;
         break;
-    case MATCH_SUITE_ERROR:
-        why = illegal_parameter;
-        break;
-    case VERIFY_FINISHED_ERROR:
-    case SIG_VERIFY_E:
+    case WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR):
+    case WC_NO_ERR_TRACE(SIG_VERIFY_E):
         why = decrypt_error;
         break;
-    case DUPLICATE_MSG_E:
-    case NO_CHANGE_CIPHER_E:
-    case OUT_OF_ORDER_E:
+    case WC_NO_ERR_TRACE(DUPLICATE_MSG_E):
+    case WC_NO_ERR_TRACE(NO_CHANGE_CIPHER_E):
+    case WC_NO_ERR_TRACE(OUT_OF_ORDER_E):
         why = unexpected_message;
         break;
-    case ECC_OUT_OF_RANGE_E:
+    case WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E):
         why = bad_record_mac;
         break;
-    case VERSION_ERROR:
+    case WC_NO_ERR_TRACE(MATCH_SUITE_ERROR):
+    case WC_NO_ERR_TRACE(VERSION_ERROR):
     default:
         why = handshake_failure;
         break;
@@ -17600,12 +18742,12 @@ int DtlsMsgDrain(WOLFSSL* ssl)
             DtlsTxMsgListClean(ssl);
         }
         else if (!IsAtLeastTLSv1_3(ssl->version)) {
-            if (SendFatalAlertOnly(ssl, ret) == SOCKET_ERROR_E) {
+            if (SendFatalAlertOnly(ssl, ret) == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
                 ret = SOCKET_ERROR_E;
             }
         }
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             break;
         }
     #endif
@@ -17724,22 +18866,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                          input + *inOutIdx, size, type,
                          fragOffset, fragSz, ssl->heap);
             *inOutIdx += fragSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
-                    WOLFSSL_ERROR(BUFFER_E);
-                    return BUFFER_E;
-                }
-                *inOutIdx += digestSz;
-            }
-            else
-            #endif
-            {
-                if (*inOutIdx + ssl->keys.padSz > totalSz) {
-                    WOLFSSL_ERROR(BUFFER_E);
-                    return BUFFER_E;
-                }
+            if (*inOutIdx + ssl->keys.padSz > totalSz) {
+                WOLFSSL_ERROR(BUFFER_E);
+                return BUFFER_E;
             }
             *inOutIdx += ssl->keys.padSz;
             ret = 0;
@@ -17780,22 +18909,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* Already saw this message and processed it. It can be ignored. */
         WOLFSSL_MSG("Already saw this message and processed it");
         *inOutIdx += fragSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
-            *inOutIdx += digestSz;
-        }
-        else
-        #endif
-        {
-            if (*inOutIdx + ssl->keys.padSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
+        if (*inOutIdx + ssl->keys.padSz > totalSz) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
         }
         #ifndef WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
         if (IsDtlsNotSctpMode(ssl) &&
@@ -17828,17 +18944,11 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      input + *inOutIdx, size, type,
                      fragOffset, fragSz, ssl->heap);
         *inOutIdx += fragSz;
-        *inOutIdx += ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + digestSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
-            *inOutIdx += digestSz;
+        if (*inOutIdx + ssl->keys.padSz > totalSz) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
         }
-#endif
+        *inOutIdx += ssl->keys.padSz;
         ret = 0;
         if (ssl->dtls_rx_msg_list != NULL && ssl->dtls_rx_msg_list->ready)
             ret = DtlsMsgDrain(ssl);
@@ -17858,14 +18968,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             if (idx + fragSz + ssl->keys.padSz > totalSz)
                 return BUFFER_E;
             *inOutIdx = idx + fragSz + ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += digestSz;
-            }
-#endif
             /* In async mode always store the message and process it with
              * DtlsMsgDrain because in case of a WC_PENDING_E it will be
              * easier this way. */
@@ -17902,6 +19004,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 }
 #endif /* WOLFSSL_DTLS13 */
 
+#ifndef NO_TLS
 #ifndef WOLFSSL_NO_TLS12
 
 #ifdef HAVE_AEAD
@@ -17922,8 +19025,8 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
 /* Used for the older version of creating AEAD tags with Poly1305 */
-static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
-                       byte* cipher, word16 sz, byte* tag)
+static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, int additionalSz,
+        const byte* out, byte* cipher, word16 sz, byte* tag)
 {
     int ret       = 0;
     int msglen    = (sz - ssl->specs.aead_mac_size);
@@ -17941,12 +19044,12 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
         return ret;
 
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
-                   AEAD_AUTH_DATA_SZ)) != 0)
+            additionalSz)) != 0)
         return ret;
 
     /* length of additional input plus padding */
     XMEMSET(padding, 0, sizeof(padding));
-    padding[0] = AEAD_AUTH_DATA_SZ;
+    padding[0] = additionalSz;
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
                     sizeof(padding))) != 0)
         return ret;
@@ -17954,7 +19057,7 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
 
     /* add cipher info and then its length */
     XMEMSET(padding, 0, sizeof(padding));
-    if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
+    if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, (word32)msglen)) != 0)
         return ret;
 
     /* 32 bit size of cipher to 64 bit endian */
@@ -17989,19 +19092,21 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
  * Return 0 on success negative values in error case
  */
 int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
-                              word16 sz)
+                              word16 sz, byte type)
 {
-    const byte* additionalSrc = input - RECORD_HEADER_SZ;
     int ret       = 0;
     word32 msgLen = (sz - ssl->specs.aead_mac_size);
     byte tag[POLY1305_AUTH_SZ];
     byte add[AEAD_AUTH_DATA_SZ];
+    int  addSz = 0;
     byte nonce[CHACHA20_NONCE_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
     #ifdef CHACHA_AEAD_TEST
         int i;
     #endif
     Keys* keys = &ssl->keys;
+    byte* seq = NULL;
+    int verifyOrder = CUR_ORDER;
 
     XMEMSET(tag,   0, sizeof(tag));
     XMEMSET(nonce, 0, sizeof(nonce));
@@ -18019,36 +19124,22 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     /* opaque SEQ number stored for AD */
     if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) {
         if (ssl->keys.dtls_epoch ==
-                    ssl->secure_renegotiation->tmp_keys.dtls_epoch) {
+                    ssl->secure_renegotiation->tmp_keys.dtls_epoch)
             keys = &ssl->secure_renegotiation->tmp_keys;
-            WriteSEQ(ssl, CUR_ORDER, add);
-        }
         else
-            WriteSEQ(ssl, PREV_ORDER, add);
+            verifyOrder = PREV_ORDER;
     }
-    else
 #endif
-        WriteSEQ(ssl, CUR_ORDER, add);
+
+    addSz = writeAeadAuthData(ssl, msgLen, type, add, 0, &seq, verifyOrder);
+    if (addSz < 0)
+        return addSz;
 
     if (ssl->options.oldPoly != 0) {
         /* get nonce. SEQ should not be incremented again here */
-        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
+        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ);
     }
 
-    /* Store the type, version. Unfortunately, they are in
-     * the input buffer ahead of the plaintext. */
-    #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
-            additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-        }
-    #endif
-
-    /* add TLS message size to additional data */
-    add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
-    add[AEAD_AUTH_DATA_SZ - 1] =  msgLen       & 0xff;
-
-    XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
-
     #ifdef CHACHA_AEAD_TEST
         printf("Encrypt Additional : ");
         for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
@@ -18067,15 +19158,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     if (ssl->options.oldPoly == 0) {
         /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
          * record sequence number XORed with client_write_IV/server_write_IV */
-        XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
-        nonce[4]  ^= add[0];
-        nonce[5]  ^= add[1];
-        nonce[6]  ^= add[2];
-        nonce[7]  ^= add[3];
-        nonce[8]  ^= add[4];
-        nonce[9]  ^= add[5];
-        nonce[10] ^= add[6];
-        nonce[11] ^= add[7];
+        XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ);
+        xorbuf(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ);
@@ -18130,7 +19214,7 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
 
     /* get the poly1305 tag using either old padding scheme or more recent */
     if (ssl->options.oldPoly != 0) {
-        if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
+        if ((ret = Poly1305TagOld(ssl, add, addSz, (const byte* )out,
                                                          poly, sz, tag)) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -18148,8 +19232,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
         #endif
             return ret;
         }
-        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
-                            sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
+        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, out, msgLen,
+                tag, sizeof(tag))) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18205,12 +19289,14 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                            word16 sz)
 {
     byte add[AEAD_AUTH_DATA_SZ];
+    int  addSz = 0;
     byte nonce[CHACHA20_NONCE_SZ];
     byte tag[POLY1305_AUTH_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
     int ret    = 0;
     int msgLen = (sz - ssl->specs.aead_mac_size);
     Keys* keys = &ssl->keys;
+    byte* seq = NULL;
 
     #ifdef CHACHA_AEAD_TEST
        int i;
@@ -18239,24 +19325,16 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
         keys = &ssl->secure_renegotiation->tmp_keys;
 #endif
 
-    /* sequence number field is 64-bits */
-    WriteSEQ(ssl, PEER_ORDER, add);
+
+    addSz = writeAeadAuthData(ssl, msgLen, no_type, add, 1, &seq, PEER_ORDER);
+    if (addSz < 0)
+        return addSz;
 
     if (ssl->options.oldPoly != 0) {
         /* get nonce, SEQ should not be incremented again here */
-        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
+        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ);
     }
 
-    /* get AD info */
-    /* Store the type, version. */
-    add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-    add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-    add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-    /* add TLS message size to additional data */
-    add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
-    add[AEAD_AUTH_DATA_SZ - 1] =  msgLen       & 0xff;
-
     #ifdef CHACHA_AEAD_TEST
         printf("Decrypt Additional : ");
         for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
@@ -18268,15 +19346,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
     if (ssl->options.oldPoly == 0) {
         /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
          * record sequence number XORed with client_write_IV/server_write_IV */
-        XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
-        nonce[4]  ^= add[0];
-        nonce[5]  ^= add[1];
-        nonce[6]  ^= add[2];
-        nonce[7]  ^= add[3];
-        nonce[8]  ^= add[4];
-        nonce[9]  ^= add[5];
-        nonce[10] ^= add[6];
-        nonce[11] ^= add[7];
+        XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ);
+        xorbuf(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ);
@@ -18321,7 +19392,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
     /* get the tag using Poly1305 */
     if (ssl->options.oldPoly != 0) {
-        if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
+        if ((ret = Poly1305TagOld(ssl, add, addSz, input, poly, sz, tag))
+                != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18338,8 +19410,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
         #endif
             return ret;
         }
-        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
-                          sizeof(add), input, msgLen, tag, sizeof(tag))) != 0) {
+        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, input,
+                (word32)msgLen, tag, sizeof(tag))) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18363,7 +19435,7 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
     /* if the tag was good decrypt message */
     if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain,
-                                                           input, msgLen)) != 0)
+                                                           input, (word32)msgLen)) != 0)
         return ret;
 
     #ifdef CHACHA_AEAD_TEST
@@ -18423,9 +19495,74 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in,
 
 #endif
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_AEAD_CID_SZ(s, dec) \
+                ((dec) ? DtlsGetCidRxSize((s)) \
+                       : DtlsGetCidTxSize((s)))
+#define TLS_AEAD_CID(s, dec, b, c) \
+                ((dec) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
+                       : wolfSSL_dtls_cid_get_tx((s), (b), (c)))
+#endif
+/**
+ *
+ * @param ssl           WOLFSSL object
+ * @param sz            Length of fragment
+ * @param type          Record content type
+ * @param additional    AAD output buffer. Assumed AEAD_AUTH_DATA_SZ length.
+ * @param dec           Are we decrypting
+ * @return >= 0         length of auth data
+ *         < 0          error
+ */
+int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type,
+        byte* additional, byte dec, byte** seq, int verifyOrder)
+{
+    word32 idx = 0;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    byte cidSz = 0;
+    if (ssl->options.dtls && (cidSz = TLS_AEAD_CID_SZ(ssl, dec)) > 0) {
+        if (cidSz > DTLS_CID_MAX_SIZE) {
+            WOLFSSL_MSG("DTLS CID too large");
+            return DTLS_CID_ERROR;
+        }
+
+        XMEMSET(additional + idx, 0xFF, SEQ_SZ);
+        idx += SEQ_SZ;
+        additional[idx++] = dtls12_cid;
+        additional[idx++] = cidSz;
+        additional[idx++] = dtls12_cid;
+        additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major;
+        additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor;
+        WriteSEQ(ssl, verifyOrder, additional + idx);
+        if (seq != NULL)
+            *seq = additional + idx;
+        idx += SEQ_SZ;
+        if (TLS_AEAD_CID(ssl, dec, additional + idx, (unsigned int)cidSz)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            WOLFSSL_MSG("DTLS CID write failed");
+            return DTLS_CID_ERROR;
+        }
+        idx += cidSz;
+        c16toa(sz, additional + idx);
+        idx += LENGTH_SZ;
+
+        return (int)idx;
+    }
+#endif
+    if (seq != NULL)
+        *seq = additional + idx;
+    WriteSEQ(ssl, verifyOrder, additional + idx);
+    idx += SEQ_SZ;
+    additional[idx++] = dec ? ssl->curRL.type : type;
+    additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major;
+    additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor;
+    c16toa(sz, additional + idx);
+    idx += LENGTH_SZ;
+
+    return (int)idx;
+}
 
 static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
-    word16 sz, int asyncOkay)
+    word16 sz, int asyncOkay, byte type)
 {
     int ret = 0;
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -18462,7 +19599,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
 
             ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E && asyncOkay) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) {
                 ret = wolfSSL_AsyncPush(ssl, asyncDev);
             }
         #endif
@@ -18480,7 +19617,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         #endif
             ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E && asyncOkay) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) {
                 ret = wolfSSL_AsyncPush(ssl, asyncDev);
             }
         #endif
@@ -18492,7 +19629,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
         {
             AES_AUTH_ENCRYPT_FUNC aes_auth_fn;
-            const byte* additionalSrc;
+            int additionalSz;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* initialize event */
@@ -18510,27 +19647,17 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         #else
             aes_auth_fn = AES_CCM_ENCRYPT;
         #endif
-            additionalSrc = input - 5;
 
-            XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
-
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
-
-            /* Store the type, version. Unfortunately, they are in
-             * the input buffer ahead of the plaintext. */
-        #ifdef WOLFSSL_DTLS
-            if (ssl->options.dtls) {
-                additionalSrc -= DTLS_HANDSHAKE_EXTRA;
+            additionalSz = writeAeadAuthData(ssl,
+                    /* Length of the plain text minus the explicit
+                     * IV length minus the authentication tag size. */
+                    sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, type,
+                    ssl->encrypt.additional, 0, NULL, CUR_ORDER);
+            if (additionalSz < 0) {
+                ret = additionalSz;
+                break;
             }
-        #endif
-            XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
-                                                        additionalSrc, 3);
 
-            /* Store the length of the plain text minus the explicit
-             * IV length minus the authentication tag size. */
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                ssl->encrypt.additional + AEAD_LEN_OFFSET);
 #if !defined(NO_PUBLIC_GCM_SET_IV) && \
     ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
@@ -18548,23 +19675,23 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                          ssl->encrypt.nonce, AESGCM_NONCE_SZ,
                          out + sz - ssl->specs.aead_mac_size,
                          ssl->specs.aead_mac_size,
-                         ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
+                         ssl->encrypt.additional, (word32)(additionalSz));
             }
 
-            if (ret == NOT_COMPILED_IN)
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         #endif /* HAVE_PK_CALLBACKS */
             {
                 ret = aes_auth_fn(ssl->encrypt.aes,
-                        out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
-                        sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                        ssl->encrypt.nonce, AESGCM_NONCE_SZ,
-                        out + sz - ssl->specs.aead_mac_size,
-                        ssl->specs.aead_mac_size,
-                        ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
+                    out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
+                    sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size,
+                    ssl->encrypt.nonce, AESGCM_NONCE_SZ,
+                    out + sz - ssl->specs.aead_mac_size,
+                    ssl->specs.aead_mac_size,
+                    ssl->encrypt.additional, (word32)(additionalSz));
             }
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E && asyncOkay) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) {
                 ret = wolfSSL_AsyncPush(ssl, asyncDev);
             }
         #endif
@@ -18581,27 +19708,18 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #ifdef HAVE_ARIA
         case wolfssl_aria_gcm:
         {
-            const byte* additionalSrc = input - RECORD_HEADER_SZ;
+            int additionalSz;
             byte *outBuf = NULL;
-            XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
 
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
+            additionalSz = ret = writeAeadAuthData(ssl,
+                    /* Length of the plain text minus the explicit
+                     * IV length minus the authentication tag size. */
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type,
+                    ssl->encrypt.additional, 0, NULL, CUR_ORDER);
+            if (ret < 0)
+                break;
+            ret = 0;
 
-            /* Store the type, version. Unfortunately, they are in
-             * the input buffer ahead of the plaintext. */
-        #ifdef WOLFSSL_DTLS
-            if (ssl->options.dtls) {
-                additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-            }
-        #endif
-            XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
-                                                        additionalSrc, 3);
-
-            /* Store the length of the plain text minus the explicit
-             * IV length minus the authentication tag size. */
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                ssl->encrypt.additional + AEAD_LEN_OFFSET);
             XMEMCPY(ssl->encrypt.nonce,
                                 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
             XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
@@ -18616,7 +19734,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                     (byte*) input + AESGCM_EXP_IV_SZ,
                     sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                     ssl->encrypt.nonce, AESGCM_NONCE_SZ,
-                    ssl->encrypt.additional, AEAD_AUTH_DATA_SZ,
+                    ssl->encrypt.additional, additionalSz,
                     out + sz - ssl->specs.aead_mac_size,
                     ssl->specs.aead_mac_size
                     );
@@ -18639,7 +19757,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
         !defined(NO_CHAPOL_AEAD)
         case wolfssl_chacha:
-            ret = ChachaAEADEncrypt(ssl, out, input, sz);
+            ret = ChachaAEADEncrypt(ssl, out, input, sz, type);
             break;
     #endif
 
@@ -18654,7 +19772,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         #endif
             ret = wc_Sm4CbcEncrypt(ssl->encrypt.sm4, out, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E && asyncOkay) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) {
                 ret = wolfSSL_AsyncPush(ssl, asyncDev);
             }
         #endif
@@ -18718,7 +19836,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                     ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E && asyncOkay) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && asyncOkay) {
                 ret = wolfSSL_AsyncPush(ssl, asyncDev);
             }
         #endif
@@ -18748,7 +19866,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* if async is not okay, then block */
-    if (ret == WC_PENDING_E && !asyncOkay) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) && !asyncOkay) {
         ret = wc_AsyncWait(ret, asyncDev, event_flags);
     }
 #endif
@@ -18757,12 +19875,12 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
 }
 
 static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
-    word16 sz, int asyncOkay)
+    word16 sz, int asyncOkay, byte type)
 {
     int ret = 0;
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ssl->error == WC_PENDING_E) {
+    if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ssl->error = 0; /* clear async */
     }
 #endif
@@ -18848,14 +19966,14 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
 
         case CIPHER_STATE_DO:
         {
-            ret = EncryptDo(ssl, out, input, sz, asyncOkay);
+            ret = EncryptDo(ssl, out, input, sz, asyncOkay, type);
 
             /* Advance state */
             ssl->encrypt.state = CIPHER_STATE_END;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* If pending, then leave and return will resume below */
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
         #endif
@@ -18951,7 +20069,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
 
             ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev);
             }
         #endif
@@ -18969,7 +20087,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         #endif
             ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
             }
         #endif
@@ -18981,6 +20099,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
         {
             wc_AesAuthDecryptFunc aes_auth_fn;
+            int additionalSz;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* initialize event */
@@ -18999,17 +20118,13 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
             aes_auth_fn = wc_AesCcmDecrypt;
         #endif
 
-            XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
-
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
-
-            ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-            ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-            ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                    ssl->decrypt.additional + AEAD_LEN_OFFSET);
+            additionalSz = writeAeadAuthData(ssl,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type,
+                    ssl->decrypt.additional, 1, NULL, PEER_ORDER);
+            if (additionalSz < 0) {
+                ret = additionalSz;
+                break;
+            }
 
         #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
             if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
@@ -19028,26 +20143,26 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                 ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0,
                         plain + AESGCM_EXP_IV_SZ,
                         input + AESGCM_EXP_IV_SZ,
-                        sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
+                        sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size,
                         ssl->decrypt.nonce, AESGCM_NONCE_SZ,
                         (byte *)(input + sz - ssl->specs.aead_mac_size),
                         ssl->specs.aead_mac_size,
-                        ssl->decrypt.additional, AEAD_AUTH_DATA_SZ);
+                        ssl->decrypt.additional, (word32)(additionalSz));
             }
 
-            if (ret == NOT_COMPILED_IN)
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         #endif /* HAVE_PK_CALLBACKS */
             {
                 if ((ret = aes_auth_fn(ssl->decrypt.aes,
-                            plain + AESGCM_EXP_IV_SZ,
-                            input + AESGCM_EXP_IV_SZ,
-                            sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                            ssl->decrypt.nonce, AESGCM_NONCE_SZ,
-                            input + sz - ssl->specs.aead_mac_size,
-                            ssl->specs.aead_mac_size,
-                            ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
+                    plain + AESGCM_EXP_IV_SZ,
+                    input + AESGCM_EXP_IV_SZ,
+                    sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size,
+                    ssl->decrypt.nonce, AESGCM_NONCE_SZ,
+                    input + sz - ssl->specs.aead_mac_size,
+                    ssl->specs.aead_mac_size,
+                    ssl->decrypt.additional, (word32)(additionalSz))) < 0) {
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (ret == WC_PENDING_E) {
+                    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPush(ssl,
                                                 &ssl->decrypt.aes->asyncDev);
                     }
@@ -19062,17 +20177,14 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         case wolfssl_aria_gcm:
         {
             byte *outBuf = NULL;
-            XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
+            int additionalSz;
 
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
-
-            ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-            ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-            ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                    ssl->decrypt.additional + AEAD_LEN_OFFSET);
+            additionalSz = ret = writeAeadAuthData(ssl,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type,
+                    ssl->decrypt.additional, 1, NULL, PEER_ORDER);
+            if (ret < 0)
+                break;
+            ret = 0;
 
         #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
             if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
@@ -19095,7 +20207,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                                 (byte *)input + AESGCM_EXP_IV_SZ,
                                 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                                 ssl->decrypt.nonce, AESGCM_NONCE_SZ,
-                                ssl->decrypt.additional, AEAD_AUTH_DATA_SZ,
+                                ssl->decrypt.additional, additionalSz,
                                 (byte *)input + sz - ssl->specs.aead_mac_size,
                                 ssl->specs.aead_mac_size
                                 );
@@ -19133,7 +20245,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         #endif
             ret = wc_Sm4CbcDecrypt(ssl->decrypt.sm4, plain, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
             }
         #endif
@@ -19194,7 +20306,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                         ssl->specs.aead_mac_size,
                         ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E) {
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPush(ssl,
                                             &ssl->decrypt.sm4->asyncDev);
                 }
@@ -19234,9 +20346,9 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* check for still pending */
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             return ret;
 
         ssl->error = 0; /* clear async */
@@ -19351,7 +20463,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* If pending, leave and return below */
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
         #endif
@@ -19418,12 +20530,7 @@ static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl)
 /* check cipher text size for sanity */
 static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
 {
-#ifdef HAVE_TRUNCATED_HMAC
-    word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
-                                           : ssl->specs.hash_size;
-#else
-    word32 minLength = ssl->specs.hash_size; /* covers stream */
-#endif
+    word32 minLength = MacSize(ssl);
 
 #ifndef WOLFSSL_AEAD_ONLY
     if (ssl->specs.cipher_type == block) {
@@ -19470,7 +20577,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
 
 
 #ifndef WOLFSSL_AEAD_ONLY
-#ifdef WOLSSL_OLD_TIMINGPADVERIFY
+#ifdef WOLFSSL_OLD_TIMINGPADVERIFY
 #define COMPRESS_LOWER      64
 #define COMPRESS_UPPER      55
 #define COMPRESS_CONSTANT   13
@@ -19814,7 +20921,7 @@ static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac)
         r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE;
 #endif
 
-    XMEMSET(mac, 0, macSz);
+    XMEMSET(mac, 0, (size_t)(macSz));
     for (i = scanStart; i < sz; i += macSz) {
         for (j = 0; j < macSz && j + i < sz; j++) {
             started = ctMaskGTE(i + j, macStart);
@@ -19855,7 +20962,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
     /* 4th argument has potential to underflow, ssl->hmac function should
      * either increment the size by (macSz + padLen + 1) before use or check on
      * the size to make sure is valid. */
-    ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
+    ret = ssl->hmac(ssl, verify, input, (word32)(pLen - macSz - padLen - 1), padLen,
                                                         content, 1, PEER_ORDER);
     good |= MaskMac(input, pLen, ssl->specs.hash_size, verify);
 
@@ -19876,46 +20983,66 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
     return ret;
 }
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
-#endif /* WOLSSL_OLD_TIMINGPADVERIFY */
+#endif /* WOLFSSL_OLD_TIMINGPADVERIFY */
 #endif /* WOLFSSL_AEAD_ONLY */
 
 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
 {
-    word32 msgSz   = WOLFSSL_IS_QUIC(ssl)? ssl->curSize : ssl->keys.encryptSz;
+    word32 msgSz   = ssl->curSize;
     word32 idx     = *inOutIdx;
     int    dataSz;
-    int    ivExtra = 0;
     byte*  rawData = input + idx;  /* keep current  for hmac */
 #ifdef HAVE_LIBZ
     byte   decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
 #endif
+#ifdef WOLFSSL_EARLY_DATA
+    int    isEarlyData = ssl->options.tls1_3 &&
+                         ssl->options.handShakeDone == 0 &&
+                         ssl->options.side == WOLFSSL_SERVER_END;
+    int    acceptEarlyData = ssl->earlyData != no_early_data &&
+                         ssl->options.clientState == CLIENT_HELLO_COMPLETE;
+#endif
+
+#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_DTLS13)
+    if (ssl->options.tls1_3 && ssl->options.dtls)
+        isEarlyData = isEarlyData && w64Equal(ssl->keys.curEpoch64,
+                w64From32(0x0, DTLS13_EPOCH_EARLYDATA));
+#endif
 
 #ifdef WOLFSSL_EARLY_DATA
-    if (ssl->options.tls1_3 && ssl->options.handShakeDone == 0) {
-        int process = 0;
-
-        if (ssl->options.side == WOLFSSL_SERVER_END) {
-            if ((ssl->earlyData != no_early_data) &&
-                          (ssl->options.clientState == CLIENT_HELLO_COMPLETE)) {
-                process = 1;
-            }
-            if (!process) {
-                WOLFSSL_MSG("Ignoring EarlyData!");
-                *inOutIdx += ssl->curSize;
-                if (*inOutIdx > ssl->buffers.inputBuffer.length)
-                    return BUFFER_E;
-
-                return 0;
-            }
-        }
-        if (!process) {
-            WOLFSSL_MSG("Received App data before a handshake completed");
-            if (sniff == NO_SNIFF) {
-                SendAlert(ssl, alert_fatal, unexpected_message);
-            }
-            WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
-            return OUT_OF_ORDER_E;
-        }
+    if (isEarlyData && acceptEarlyData) {
+        WOLFSSL_MSG("Processing EarlyData");
+    }
+    else if (isEarlyData && !acceptEarlyData) {
+        WOLFSSL_MSG("Ignoring EarlyData!");
+        *inOutIdx += ssl->curSize;
+        if (*inOutIdx > ssl->buffers.inputBuffer.length)
+            return BUFFER_E;
+#ifdef WOLFSSL_DTLS13
+        /* Receiving app data from the traffic epoch before the handshake is
+         * done means that there was a disruption. */
+        if (ssl->options.dtls && !w64Equal(ssl->keys.curEpoch64,
+                                        w64From32(0x0, DTLS13_EPOCH_EARLYDATA)))
+            ssl->dtls13Rtx.sendAcks = 1;
+#endif
+        return 0;
+    }
+    else
+#endif
+#ifdef WOLFSSL_DTLS
+    if (ssl->options.handShakeDone == 0 && ssl->options.dtls) {
+        WOLFSSL_MSG("Dropping app data received before handshake complete");
+        *inOutIdx += ssl->curSize;
+        if (*inOutIdx > ssl->buffers.inputBuffer.length)
+            return BUFFER_E;
+#ifdef WOLFSSL_DTLS13
+        /* Receiving app data from the traffic epoch before the handshake is
+         * done means that there was a disruption. */
+        if (ssl->options.tls1_3 && !w64Equal(ssl->keys.curEpoch64,
+                                        w64From32(0x0, DTLS13_EPOCH_EARLYDATA)))
+            ssl->dtls13Rtx.sendAcks = 1;
+#endif
+        return 0;
     }
     else
 #endif
@@ -19945,23 +21072,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
     }
 #endif
 
-#ifndef WOLFSSL_AEAD_ONLY
-    if (ssl->specs.cipher_type == block) {
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-    }
-    else
-#endif
-    if (ssl->specs.cipher_type == aead) {
-        if (CipherHasExpIV(ssl))
-            ivExtra = AESGCM_EXP_IV_SZ;
-    }
-
-    dataSz = msgSz - ivExtra - ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        dataSz -= MacSize(ssl);
-#endif
+    dataSz = (int)(msgSz - ssl->keys.padSz);
     if (dataSz < 0) {
         WOLFSSL_MSG("App data buffer error, malicious input?");
         if (sniff == NO_SNIFF) {
@@ -19993,17 +21104,13 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
             if (dataSz < 0) return dataSz;
         }
 #endif
-        idx += rawSz;
+        idx += (word32)rawSz;
 
         ssl->buffers.clearOutputBuffer.buffer = rawData;
-        ssl->buffers.clearOutputBuffer.length = dataSz;
+        ssl->buffers.clearOutputBuffer.length = (unsigned int)dataSz;
     }
 
     idx += ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        idx += MacSize(ssl);
-#endif
 
 #ifdef HAVE_LIBZ
     /* decompress could be bigger, overwrite after verify */
@@ -20219,7 +21326,11 @@ static void LogAlert(int type)
     typeStr = AlertTypeToString(type);
     if (typeStr != NULL) {
         char buff[60];
-        XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr);
+        if (XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr)
+            >= (int)sizeof(buff))
+        {
+            buff[sizeof(buff) - 1] = 0;
+        }
         WOLFSSL_MSG(buff);
     }
 #else
@@ -20249,26 +21360,8 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
         }
     #endif
 
-    if (IsEncryptionOn(ssl, 0)) {
-        int ivExtra = 0;
-#ifndef WOLFSSL_AEAD_ONLY
-        if (ssl->specs.cipher_type == block) {
-            if (ssl->options.tls1_1)
-                ivExtra = ssl->specs.block_size;
-        }
-        else
-#endif
-        if (ssl->specs.cipher_type == aead) {
-            if (CipherHasExpIV(ssl))
-                ivExtra = AESGCM_EXP_IV_SZ;
-        }
-        dataSz -= ivExtra;
+    if (IsEncryptionOn(ssl, 0))
         dataSz -= ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            dataSz -= MacSize(ssl);
-    #endif
-    }
 
     /* make sure can read the message */
     if (dataSz != ALERT_SIZE) {
@@ -20311,10 +21404,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
 
     if (IsEncryptionOn(ssl, 0)) {
         *inOutIdx += ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            *inOutIdx += MacSize(ssl);
-    #endif
     }
 
     return level;
@@ -20327,11 +21416,14 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
     int usedLength;
     int dtlsExtra = 0;
 
+    if (ssl->options.disableRead)
+        return WC_NO_ERR_TRACE(WANT_READ);
 
     /* check max input length */
-    usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
-    maxLength  = ssl->buffers.inputBuffer.bufferSize - usedLength;
-    inSz       = (int)(size - usedLength);      /* from last partial read */
+    usedLength = (int)(ssl->buffers.inputBuffer.length -
+                       ssl->buffers.inputBuffer.idx);
+    maxLength  = (int)(ssl->buffers.inputBuffer.bufferSize -
+                       (word32)usedLength);
 
 #ifdef WOLFSSL_DTLS
     if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) {
@@ -20345,15 +21437,24 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
         if (size < (word32)inSz)
             dtlsExtra = (int)(inSz - size);
     }
+    else
 #endif
+    {
+        /* check that no lengths or size values are negative */
+        if (usedLength < 0 || maxLength < 0) {
+            return BUFFER_ERROR;
+        }
 
-    /* check that no lengths or size values are negative */
-    if (usedLength < 0 || maxLength < 0 || inSz <= 0) {
-        return BUFFER_ERROR;
+        /* Return if we have enough data already in the buffer */
+        if (size <= (word32)usedLength) {
+            return 0;
+        }
+
+        inSz = (int)(size - (word32)usedLength); /* from last partial read */
     }
 
     if (inSz > maxLength) {
-        if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
+        if (GrowInputBuffer(ssl, (int)(size + (word32)dtlsExtra), usedLength) < 0)
             return MEMORY_E;
     }
 
@@ -20361,20 +21462,20 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
     if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
         XMEMMOVE(ssl->buffers.inputBuffer.buffer,
                 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
-                usedLength);
+                (size_t)(usedLength));
 
     /* remove processed data */
     ssl->buffers.inputBuffer.idx    = 0;
-    ssl->buffers.inputBuffer.length = usedLength;
+    ssl->buffers.inputBuffer.length = (word32)usedLength;
 
     /* read data from network */
     do {
         int in = wolfSSLReceive(ssl,
                      ssl->buffers.inputBuffer.buffer +
                      ssl->buffers.inputBuffer.length,
-                     inSz);
-        if (in == WANT_READ)
-            return WANT_READ;
+                     (word32)inSz);
+        if (in == WC_NO_ERR_TRACE(WANT_READ))
+            return WC_NO_ERR_TRACE(WANT_READ);
 
         if (in < 0) {
             WOLFSSL_ERROR_VERBOSE(SOCKET_ERROR_E);
@@ -20386,7 +21487,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
             return RECV_OVERFLOW_E;
         }
 
-        ssl->buffers.inputBuffer.length += in;
+        ssl->buffers.inputBuffer.length += (word32)in;
         inSz -= in;
 
     } while (ssl->buffers.inputBuffer.length < size);
@@ -20423,7 +21524,7 @@ static WC_INLINE int VerifyMacEnc(WOLFSSL* ssl, const byte* input, word32 msgSz,
     }
 
     ret  = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER);
-    ret |= ConstantCompare(verify, input + msgSz - digestSz, digestSz);
+    ret |= ConstantCompare(verify, input + msgSz - digestSz, (int)digestSz);
     if (ret != 0) {
         WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR);
         return VERIFY_MAC_ERROR;
@@ -20440,20 +21541,12 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     int    ret;
     word32 pad     = 0;
     word32 padByte = 0;
-#ifdef HAVE_TRUNCATED_HMAC
-    word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
-                                          : ssl->specs.hash_size;
-#else
-    word32 digestSz = ssl->specs.hash_size;
-#endif
+    word32 digestSz = MacSize(ssl);
     byte   verify[WC_MAX_DIGEST_SIZE];
 
 
     if (ssl->specs.cipher_type == block) {
-        int ivExtra = 0;
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-        pad = *(input + msgSz - ivExtra - 1);
+        pad = input[msgSz - 1];
         padByte = 1;
 
         if (ssl->options.tls) {
@@ -20462,16 +21555,18 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             if(ssl->ctx->VerifyMacCb) {
                 void* ctx = wolfSSL_GetVerifyMacCtx(ssl);
                 ret = ssl->ctx->VerifyMacCb(ssl, input,
-                           (msgSz - ivExtra) - digestSz - pad - 1,
-                           digestSz, content, ctx);
-                if (ret != 0 && ret != PROTOCOLCB_UNAVAILABLE) {
+                                            msgSz - digestSz - pad - 1,
+                                            digestSz, (word32)content, ctx);
+                if (ret != 0 &&
+                    ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) {
                     return ret;
                 }
             }
-            if (!ssl->ctx->VerifyMacCb || ret == PROTOCOLCB_UNAVAILABLE)
+            if (!ssl->ctx->VerifyMacCb ||
+                ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
-            ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
-                                  content);
+            ret = TimingPadVerify(ssl, input, (int)pad, (int)digestSz,
+                                  (int)msgSz, content);
             if (ret != 0)
                 return ret;
         }
@@ -20489,9 +21584,9 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             }
             (void)PadCheck(dummy, (byte)pad, MAX_PAD_SIZE);  /* timing only */
             ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
-                            pad, content, 1, PEER_ORDER);
+                            (int)pad, content, 1, PEER_ORDER);
             if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
-                                digestSz) != 0) {
+                                (int)digestSz) != 0) {
                 WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR);
                 return VERIFY_MAC_ERROR;
             }
@@ -20504,7 +21599,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     else if (ssl->specs.cipher_type == stream) {
         ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1,
                         PEER_ORDER);
-        if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0) {
+        if (ConstantCompare(verify, input + msgSz - digestSz, (int)digestSz) != 0) {
             WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR);
             return VERIFY_MAC_ERROR;
         }
@@ -20520,7 +21615,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     }
 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
     else {
-        *padSz = digestSz + pad + padByte;
+        *padSz = pad + padByte;
     }
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
 
@@ -20560,7 +21655,8 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
     }
 
     if ((ssl->options.handShakeDone && retcode != 0)
-        || retcode == SEQUENCE_ERROR || retcode == DTLS_CID_ERROR) {
+        || retcode == WC_NO_ERR_TRACE(SEQUENCE_ERROR)
+        || retcode == WC_NO_ERR_TRACE(DTLS_CID_ERROR)) {
         WOLFSSL_MSG_EX("Silently dropping DTLS message: %d", retcode);
         return 1;
     }
@@ -20588,16 +21684,91 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
 }
 #endif /* WOLFSSL_DTLS */
 
-int ProcessReply(WOLFSSL* ssl)
+#if defined(WOLFSSL_TLS13) || \
+    (defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID))
+static int removeMsgInnerPadding(WOLFSSL* ssl)
 {
-    return ProcessReplyEx(ssl, 0);
+    word32 i = ssl->buffers.inputBuffer.idx +
+        ssl->curSize;
+    if (ssl->specs.cipher_type == aead)
+        i -= ssl->specs.aead_mac_size;
+    else
+        i -= ssl->keys.padSz + MacSize(ssl);
+
+    /* check that the end of the logical length doesn't extend
+     * past the real buffer */
+    if (i > ssl->buffers.inputBuffer.length || i == 0) {
+        WOLFSSL_ERROR(BUFFER_ERROR);
+        return BUFFER_ERROR;
+    }
+
+    /* Remove padding from end of plain text. */
+    for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
+        if (ssl->buffers.inputBuffer.buffer[i] != 0)
+            break;
+    }
+
+    /* Get the real content type from the end of the data. */
+    ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
+    /* consider both contentType byte and MAC as padding */
+    ssl->keys.padSz = ssl->buffers.inputBuffer.idx
+        + ssl->curSize - i;
+    return 0;
 }
+#endif
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+static void dtlsClearPeer(WOLFSSL_SOCKADDR* peer)
+{
+    XFREE(peer->sa, NULL, DYNAMIC_TYPE_SOCKADDR);
+    peer->sa = NULL;
+    peer->sz = 0;
+    peer->bufSz = 0;
+}
+
+
+/**
+ * @brief Handle pending peer during record processing.
+ * @param ssl           WOLFSSL object.
+ * @param deprotected   0 when we have not decrypted the record yet
+ *                      1 when we have decrypted and verified the record
+ */
+static void dtlsProcessPendingPeer(WOLFSSL* ssl, int deprotected)
+{
+    if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
+        if (!deprotected) {
+            /* Here we have just read an entire record from the network. It is
+             * still encrypted. If processingPendingRecord is set then that
+             * means that an error occurred when processing the previous record.
+             * In that case we should clear the pendingPeer because we only
+             * want to allow it to be valid for one record. */
+            if (ssl->buffers.dtlsCtx.processingPendingRecord) {
+                /* Clear the pending peer. */
+                dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer);
+            }
+            ssl->buffers.dtlsCtx.processingPendingRecord =
+                    !ssl->buffers.dtlsCtx.processingPendingRecord;
+        }
+        else {
+            /* Pending peer present and record deprotected. Update the peer. */
+            (void)wolfSSL_dtls_set_peer(ssl,
+                    &ssl->buffers.dtlsCtx.pendingPeer.sa,
+                    ssl->buffers.dtlsCtx.pendingPeer.sz);
+            ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+            dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer);
+        }
+    }
+    else {
+        ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+    }
+}
+#endif
 
 /* Process input requests. Return 0 is done, 1 is call again to complete, and
    negative number is error. If allowSocketErr is set, SOCKET_ERROR_E in
    ssl->error will be whitelisted. This is useful when the connection has been
    closed and the endpoint wants to check for an alert sent by the other end. */
-int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
+static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 {
     int    ret = 0, type = internal_error, readSz;
     int    atomicUser = 0;
@@ -20610,17 +21781,20 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
         atomicUser = 1;
 #endif
 
-    if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
+    if (ssl->error != 0 &&
+        ssl->error != WC_NO_ERR_TRACE(WANT_READ) &&
+        ssl->error != WC_NO_ERR_TRACE(WANT_WRITE)
     #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-        && ssl->error != APP_DATA_READY
+        && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY)
     #endif
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     #ifdef WOLFSSL_NONBLOCK_OCSP
-        && ssl->error != OCSP_WANT_READ
+        && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ)
     #endif
-        && (allowSocketErr != 1 || ssl->error != SOCKET_ERROR_E)
+        && (allowSocketErr != 1 ||
+            ssl->error != WC_NO_ERR_TRACE(SOCKET_ERROR_E))
     ) {
         WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
         return ssl->error;
@@ -20631,7 +21805,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 #if defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \
     (defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP))
     if (allowSocketErr == 1 && \
-        (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) {
+        (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+         ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
         return ssl->error;
     }
 #endif
@@ -20662,8 +21837,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 #endif
 
     ret = RetrySendAlert(ssl);
-    if (ret != 0)
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("RetrySendAlert failed, giving up. err = %d", ret);
         return ret;
+    }
 
     for (;;) {
         switch (ssl->options.processReply) {
@@ -20688,7 +21865,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 
             /* get header or return error */
             if (!ssl->options.dtls) {
-                if ((ret = GetInputData(ssl, readSz)) < 0)
+                if ((ret = GetInputData(ssl, (word32)readSz)) < 0)
                     return ret;
             } else {
             #ifdef WOLFSSL_DTLS
@@ -20696,7 +21873,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                 used = ssl->buffers.inputBuffer.length -
                        ssl->buffers.inputBuffer.idx;
                 if (used < readSz) {
-                    if ((ret = GetInputData(ssl, readSz)) < 0)
+                    if ((ret = GetInputData(ssl, (word32)readSz)) < 0)
                         return ret;
                 }
             #endif
@@ -20790,6 +21967,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                                        &ssl->curRL, &ssl->curSize);
 
 #ifdef WOLFSSL_DTLS
+#ifdef WOLFSSL_DTLS_CID
+            if (ssl->options.dtls)
+                dtlsProcessPendingPeer(ssl, 0);
+#endif
             if (ssl->options.dtls && DtlsShouldDrop(ssl, ret)) {
                     ssl->options.processReply = doProcessInit;
                     ssl->buffers.inputBuffer.length = 0;
@@ -20810,7 +21991,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 #endif
             if (ret != 0) {
                 switch (ret) {
-                case VERSION_ERROR:
+                case WC_NO_ERR_TRACE(VERSION_ERROR):
                     /* send alert per RFC5246 Appendix E. Backward
                      * Compatibility */
                     if (ssl->options.side == WOLFSSL_CLIENT_END)
@@ -20818,7 +21999,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                             wolfssl_alert_protocol_version);
                     break;
 #ifdef HAVE_MAX_FRAGMENT
-                case LENGTH_ERROR:
+                case WC_NO_ERR_TRACE(LENGTH_ERROR):
                     SendAlert(ssl, alert_fatal, record_overflow);
                     break;
 #endif /* HAVE_MAX_FRAGMENT */
@@ -20848,7 +22029,7 @@ default:
             if (!ssl->options.dtls) {
                 if ((ret = GetInputData(ssl, ssl->curSize)) < 0) {
 #ifdef WOLFSSL_EXTRA_ALERTS
-                    if (ret != WANT_READ)
+                    if (ret != WC_NO_ERR_TRACE(WANT_READ))
                         SendAlert(ssl, alert_fatal, bad_record_mac);
 #endif
                     return ret;
@@ -20892,8 +22073,6 @@ default:
             ssl->keys.padSz = 0;
 
             ssl->options.processReply = verifyEncryptedMessage;
-            /* in case > 1 msg per record */
-            ssl->curStartIdx = ssl->buffers.inputBuffer.idx;
             FALL_THROUGH;
 
         /* verify digest of encrypted message */
@@ -20905,7 +22084,7 @@ default:
                                    ssl->buffers.inputBuffer.idx,
                                    ssl->curSize, ssl->curRL.type);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return ret;
             #endif
                 if (ret < 0) {
@@ -20997,13 +22176,14 @@ default:
                                 /* Mask on indicates this is expected to be a
                                  * padding byte.
                                  */
-                                padding &= ctMaskLTE(i, ssl->keys.padSz);
+                                padding &= ctMaskLTE((int)i,
+                                                       (int)ssl->keys.padSz);
                                 /* When this is a padding byte and not equal
                                  * to length then mask is set.
                                  */
                                 invalid |= padding &
                                            ctMaskNotEq(in->buffer[off - i],
-                                                       ssl->keys.padSz);
+                                                       (int)ssl->keys.padSz);
                             }
                             /* If mask is set then there was an error. */
                             if (invalid) {
@@ -21052,7 +22232,7 @@ default:
                 }
 
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return ret;
             #endif
 
@@ -21060,12 +22240,17 @@ default:
             #ifndef WOLFSSL_NO_TLS12
                     /* handle success */
                 #ifndef WOLFSSL_AEAD_ONLY
-                    if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
+                    if (ssl->options.tls1_1 &&
+                            ssl->specs.cipher_type == block) {
                         ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
+                        ssl->curSize -= ssl->specs.block_size;
+                    }
                 #endif
                     /* go past TLSv1.1 IV */
-                    if (CipherHasExpIV(ssl))
+                    if (CipherHasExpIV(ssl)) {
                         ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
+                        ssl->curSize -= AESGCM_EXP_IV_SZ;
+                    }
             #endif
                 }
                 else {
@@ -21136,7 +22321,7 @@ default:
                                     ssl->curSize, ssl->curRL.type,
                                     &ssl->keys.padSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (ret == WC_PENDING_E)
+                    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                         return ret;
                 #endif
                     if (ret < 0) {
@@ -21162,39 +22347,58 @@ default:
 
                 ssl->keys.encryptSz    = ssl->curSize;
                 ssl->keys.decryptedCur = 1;
-#ifdef WOLFSSL_TLS13
-                if (ssl->options.tls1_3) {
-                    /* end of plaintext */
-                    word16 i = (word16)(ssl->buffers.inputBuffer.idx +
-                                 ssl->curSize - ssl->specs.aead_mac_size);
-
-                    if (i > ssl->buffers.inputBuffer.length) {
-                        WOLFSSL_ERROR(BUFFER_ERROR);
-                        return BUFFER_ERROR;
-                    }
-
-                    /* Remove padding from end of plain text. */
-                    for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
-                        if (ssl->buffers.inputBuffer.buffer[i] != 0)
-                            break;
-                    }
-
-                    /* Get the real content type from the end of the data. */
-                    ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
-                    /* consider both contentType byte and MAC as padding */
-                    ssl->keys.padSz = ssl->buffers.inputBuffer.idx
-                        + ssl->curSize - i;
-                }
-#endif
             }
 
+            if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 1) {
+#if defined(WOLFSSL_TLS13) || \
+    (defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID))
+                int removePadding = 0;
+                if (ssl->options.tls1_3)
+                    removePadding = 1;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+                if (!ssl->options.tls1_3 && ssl->options.dtls &&
+                        ssl->curRL.type == dtls12_cid)
+                    removePadding = 1;
+#endif
+                if (removePadding) {
+                    ret = removeMsgInnerPadding(ssl);
+                    if (ret != 0)
+                        return ret;
+                }
+                else
+#endif
+                {
+                    /* With atomicUser the callback should have already included
+                     * the mac in the padding size. The ETM callback doesn't do
+                     * this for some reason. */
+                    if (ssl->specs.cipher_type != aead
+#ifdef ATOMIC_USER
+                             && (!atomicUser
+#ifdef HAVE_ENCRYPT_THEN_MAC
+                                 || ssl->options.startedETMRead
+#endif /* HAVE_ENCRYPT_THEN_MAC */
+                                )
+#endif /* !ATOMIC_USER */
+                       )
+                    {
+                        /* consider MAC as padding */
+                        ssl->keys.padSz += MacSize(ssl);
+                    }
+                }
+
+            }
+
+            /* in case > 1 msg per record */
+            ssl->curStartIdx = ssl->buffers.inputBuffer.idx;
+
             ssl->options.processReply = runProcessingOneRecord;
             FALL_THROUGH;
 
         /* the record layer is here */
         case runProcessingOneRecord:
-#ifdef WOLFSSL_DTLS13
+#ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
+#ifdef WOLFSSL_DTLS13
                 if (IsAtLeastTLSv1_3(ssl->version)) {
                     if (!Dtls13CheckWindow(ssl)) {
                         /* drop packet */
@@ -21218,11 +22422,18 @@ default:
                         }
                     }
                 }
-                else if (IsDtlsNotSctpMode(ssl)) {
+                else
+#endif /* WOLFSSL_DTLS13 */
+                if (IsDtlsNotSctpMode(ssl)) {
                     DtlsUpdateWindow(ssl);
                 }
+#ifdef WOLFSSL_DTLS_CID
+                /* Update the peer if we were able to de-protect the message */
+                if (IsEncryptionOn(ssl, 0))
+                    dtlsProcessPendingPeer(ssl, 1);
+#endif
             }
-#endif /* WOLFSSL_DTLS13 */
+#endif /* WOLFSSL_DTLS */
             ssl->options.processReply = runProcessingOneMessage;
             FALL_THROUGH;
 
@@ -21234,11 +22445,7 @@ default:
             }
        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
             if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
-                /* For TLS v1.1 the block size and explicit IV are added to idx,
-                 * so it needs to be included in this limit check */
-                if ((ssl->curSize - ssl->keys.padSz -
-                        (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) -
-                        MacSize(ssl) > MAX_PLAINTEXT_SZ)
+                if ((ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ)
 #ifdef WOLFSSL_ASYNC_CRYPT
                         && ssl->buffers.inputBuffer.length !=
                                 ssl->buffers.inputBuffer.idx
@@ -21255,12 +22462,8 @@ default:
             else
        #endif
             /* TLS13 plaintext limit is checked earlier before decryption */
-            /* For TLS v1.1 the block size and explicit IV are added to idx,
-             * so it needs to be included in this limit check */
             if (!IsAtLeastTLSv1_3(ssl->version)
-                    && ssl->curSize - ssl->keys.padSz -
-                        (ssl->buffers.inputBuffer.idx - ssl->curStartIdx)
-                            > MAX_PLAINTEXT_SZ
+                    && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ
 #ifdef WOLFSSL_ASYNC_CRYPT
                     && ssl->buffers.inputBuffer.length !=
                             ssl->buffers.inputBuffer.idx
@@ -21287,14 +22490,15 @@ default:
                                 ssl->buffers.inputBuffer.buffer,
                                 &ssl->buffers.inputBuffer.idx,
                                 ssl->buffers.inputBuffer.length);
-                            if (ret == 0 || ret == WC_PENDING_E) {
+                            if (ret == 0 ||
+                                ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 /* Reset timeout as we have received a valid
                                  * DTLS handshake message */
                                 ssl->dtls_timeout = ssl->dtls_timeout_init;
                             }
                             else {
                                 if (SendFatalAlertOnly(ssl, ret)
-                                        == SOCKET_ERROR_E) {
+                                        == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
                                     ret = SOCKET_ERROR_E;
                                 }
                             }
@@ -21335,7 +22539,8 @@ default:
                                             &ssl->buffers.inputBuffer.idx,
                                             ssl->buffers.inputBuffer.length);
                         if (ret != 0) {
-                            if (SendFatalAlertOnly(ssl, ret) == SOCKET_ERROR_E)
+                            if (SendFatalAlertOnly(ssl, ret) ==
+                                WC_NO_ERR_TRACE(SOCKET_ERROR_E))
                                 ret = SOCKET_ERROR_E;
                         }
 #else
@@ -21369,13 +22574,13 @@ default:
                              * calling DtlsMsgPoolSend. This msg is done
                              * processing so let's move on. */
                         && (!ssl->options.dtls
-                            || ret != WANT_WRITE)
+                            || ret != WC_NO_ERR_TRACE(WANT_WRITE))
 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* In async case, on pending, move onto next message.
                      * Current message should have been DtlsMsgStore'ed and
                      * should be processed with DtlsMsgDrain */
                             && (!ssl->options.dtls
-                                || ret != WC_PENDING_E)
+                                || ret != WC_NO_ERR_TRACE(WC_PENDING_E))
 #endif
                     ) {
                         WOLFSSL_ERROR(ret);
@@ -21446,28 +22651,8 @@ default:
                     }
 
                     if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
-#ifdef HAVE_AEAD
-                        if (ssl->specs.cipher_type == aead) {
-                            if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
-                                ssl->curSize -= AESGCM_EXP_IV_SZ;
-                            ssl->buffers.inputBuffer.idx += ssl->specs.aead_mac_size;
-                            ssl->curSize -= ssl->specs.aead_mac_size;
-                        }
-                        else
-#endif
-                        {
-                            ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
-                            ssl->curSize -= (word16)ssl->keys.padSz;
-                            ssl->curSize -= ssl->specs.iv_size;
-                        }
-
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                        if (ssl->options.startedETMRead) {
-                            word32 digestSz = MacSize(ssl);
-                            ssl->buffers.inputBuffer.idx += digestSz;
-                            ssl->curSize -= (word16)digestSz;
-                        }
-            #endif
+                        ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
+                        ssl->curSize -= (word16)ssl->keys.padSz;
                     }
 
                     if (ssl->curSize != 1) {
@@ -21488,7 +22673,8 @@ default:
                         /* Check for duplicate CCS message in DTLS mode.
                          * DTLS allows for duplicate messages, and it should be
                          * skipped. Also skip if out of order. */
-                            if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E)
+                            if (ret != WC_NO_ERR_TRACE(DUPLICATE_MSG_E) &&
+                                ret != WC_NO_ERR_TRACE(OUT_OF_ORDER_E))
                                 return ret;
                             /* Reset error */
                             ret = 0;
@@ -21567,6 +22753,7 @@ default:
                         #endif
                         }
                     #endif
+                #ifndef WOLFSSL_RW_THREADED
                     #ifdef WOLFSSL_TLS13
                         if (ssl->keys.keyUpdateRespond) {
                             WOLFSSL_MSG("No KeyUpdate from peer seen");
@@ -21574,6 +22761,7 @@ default:
                             return SANITY_MSG_E;
                         }
                     #endif
+                #endif
                     if ((ret = DoApplicationData(ssl,
                                                 ssl->buffers.inputBuffer.buffer,
                                                 &ssl->buffers.inputBuffer.idx,
@@ -21583,7 +22771,7 @@ default:
                         defined(HAVE_SECURE_RENEGOTIATION)
                         /* Not really an error. We will return after cleaning
                          * up the processReply state. */
-                        if (ret != APP_DATA_READY)
+                        if (ret != WC_NO_ERR_TRACE(APP_DATA_READY))
                     #endif
                             return ret;
                     }
@@ -21670,32 +22858,17 @@ default:
                 ssl->options.processReply = runProcessingOneMessage;
 
                 if (IsEncryptionOn(ssl, 0)) {
-                    WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead) {
-                        word32 digestSz = MacSize(ssl);
-                        if (ssl->buffers.inputBuffer.idx >=
-                                                   ssl->keys.padSz + digestSz) {
-                            ssl->buffers.inputBuffer.idx -=
-                                                     ssl->keys.padSz + digestSz;
-                        }
-                        else {
-                            WOLFSSL_MSG("\tmiddle padding error");
-                            WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
-                            return FATAL_ERROR;
-                        }
+                    /* With encryption on, we advance the index by the value
+                     * of ssl->keys.padSz. Since padding only appears once, we
+                     * only can do this at the end of record parsing. We have to
+                     * reset the index to the start of the next message here. */
+                    if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
+                        ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
                     }
-                    else
-             #endif
-                    {
-                        if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
-                            ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
-                        }
-                        else {
-                            WOLFSSL_MSG("\tmiddle padding error");
-                            WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
-                            return FATAL_ERROR;
-                        }
+                    else {
+                        WOLFSSL_MSG("\tBuffer advanced not enough error");
+                        WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
+                        return FATAL_ERROR;
                     }
                 }
             }
@@ -21712,7 +22885,7 @@ default:
 #endif
 #if defined(WOLFSSL_DTLS13) || defined(HAVE_SECURE_RENEGOTIATION)
             /* Signal to user that we have application data ready to read */
-            if (ret == APP_DATA_READY)
+            if (ret == WC_NO_ERR_TRACE(APP_DATA_READY))
                 return ret;
 #endif
             /* It is safe to shrink the input buffer here now. local vars will
@@ -21728,6 +22901,35 @@ default:
     }
 }
 
+int ProcessReply(WOLFSSL* ssl)
+{
+    return ProcessReplyEx(ssl, 0);
+}
+
+int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
+{
+    int ret;
+
+    ret = DoProcessReplyEx(ssl, allowSocketErr);
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        /* Don't clear pending peer if we are going to re-enter
+         * DoProcessReplyEx */
+        if (ret != WC_NO_ERR_TRACE(WANT_READ)
+#ifdef WOLFSSL_ASYNC_CRYPT
+                && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
+#endif
+            ) {
+            dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer);
+            ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+        }
+    }
+#endif
+
+    return ret;
+}
+
 #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \
              (defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT))
 int SendChangeCipher(WOLFSSL* ssl)
@@ -21738,17 +22940,17 @@ int SendChangeCipher(WOLFSSL* ssl)
     int                ret;
 
     #ifdef OPENSSL_EXTRA
-    ssl->cbmode = SSL_CB_MODE_WRITE;
+    ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
     if (ssl->options.side == WOLFSSL_SERVER_END){
         ssl->options.serverState = SERVER_CHANGECIPHERSPEC_COMPLETE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
     }
-    else{
+    else {
         ssl->options.clientState =
             CLIENT_CHANGECIPHERSPEC_COMPLETE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
     }
     #endif
 
@@ -21786,7 +22988,7 @@ int SendChangeCipher(WOLFSSL* ssl)
         input[0] = 1;  /* turn it on */
     #ifdef WOLFSSL_DTLS
         if (IsDtlsNotSctpMode(ssl) &&
-                (ret = DtlsMsgPoolSave(ssl, input, inputSz, change_cipher_hs)) != 0) {
+                (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, change_cipher_hs)) != 0) {
             return ret;
         }
     #endif
@@ -21799,7 +23001,7 @@ int SendChangeCipher(WOLFSSL* ssl)
     #ifdef WOLFSSL_DTLS
     else {
         if (IsDtlsNotSctpMode(ssl)) {
-            if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, change_cipher_hs)) != 0)
+            if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, change_cipher_hs)) != 0)
                 return ret;
             DtlsSEQIncrement(ssl, CUR_ORDER);
         }
@@ -21814,7 +23016,7 @@ int SendChangeCipher(WOLFSSL* ssl)
                 return ret;
         }
     #endif
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
 #ifdef WOLFSSL_TLS13
     if (!ssl->options.tls1_3)
@@ -21903,7 +23105,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
         ret = wc_Md5Final(&md5, result);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* TODO: Make non-blocking */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
         }
     #endif
@@ -21923,7 +23125,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
         ret =  wc_Md5Final(&md5, digest);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* TODO: Make non-blocking */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
         }
     #endif
@@ -21953,7 +23155,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
         ret = wc_ShaFinal(&sha, result);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* TODO: Make non-blocking */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
         }
     #endif
@@ -21973,7 +23175,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
         ret =  wc_ShaFinal(&sha, digest);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* TODO: Make non-blocking */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
         }
     #endif
@@ -22185,11 +23387,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
     (void)epochOrder;
 
-#ifndef NO_TLS
 #if defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13)
+    /* TLS v1.3 only */
     return BuildTls13Message(ssl, output, outSz, input, inSz, type,
                                                hashOutput, sizeOnly, asyncOkay);
 #else
+    /* TLS v1.2 or v1.3 */
 #ifdef WOLFSSL_TLS13
     if (ssl->options.tls1_3) {
         return BuildTls13Message(ssl, output, outSz, input, inSz, type,
@@ -22197,6 +23400,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
     }
 #endif
 
+#ifndef WOLFSSL_NO_TLS12
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = WC_NO_PENDING_E;
     if (asyncOkay) {
@@ -22206,7 +23410,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         args = &ssl->async->buildArgs;
 
         ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
-        if (ret != WC_NO_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
             /* Check for error */
             if (ret < 0)
                 goto exit_buildmsg;
@@ -22220,7 +23424,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
     /* Reset state */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_NO_PENDING_E)
+    if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E))
 #endif
     {
         ret = 0;
@@ -22230,9 +23434,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         ssl->options.buildMsgState = BUILD_MSG_BEGIN;
         XMEMSET(args, 0, sizeof(BuildMsgArgs));
 
-        args->sz = RECORD_HEADER_SZ + inSz;
+        args->sz = RECORD_HEADER_SZ + (word32)inSz;
         args->idx  = RECORD_HEADER_SZ;
         args->headerSz = RECORD_HEADER_SZ;
+        args->type = (byte)type;
     }
 
     switch (ssl->options.buildMsgState) {
@@ -22298,6 +23503,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 args->sz       += DTLS_RECORD_EXTRA;
                 args->idx      += DTLS_RECORD_EXTRA;
                 args->headerSz += DTLS_RECORD_EXTRA;
+        #ifdef WOLFSSL_DTLS_CID
+                if (ssl->options.dtls) {
+                    byte cidSz = 0;
+                    if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+                        args->sz       += cidSz;
+                        args->idx      += cidSz;
+                        args->headerSz += cidSz;
+                        args->sz++; /* real_type. no padding. */
+                    }
+                }
+        #endif
             }
         #endif
 
@@ -22379,7 +23595,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #endif
 
             args->size = (word16)(args->sz - args->headerSz);    /* include mac and digest */
-            AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder);
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+            if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0)
+                args->type = dtls12_cid;
+#endif
+            AddRecordHeader(output, args->size, args->type, ssl, epochOrder);
 
             /* write to output */
             if (args->ivSz > 0) {
@@ -22387,8 +23608,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                                         min(args->ivSz, MAX_IV_SZ));
                 args->idx += min(args->ivSz, MAX_IV_SZ);
             }
-            XMEMCPY(output + args->idx, input, inSz);
-            args->idx += inSz;
+            XMEMCPY(output + args->idx, input, (size_t)(inSz));
+            args->idx += (word32)inSz;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+            if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) {
+                output[args->idx++] = (byte)type; /* type goes after input */
+                inSz++;
+            }
+#endif
+            /* Make sure we don't access input anymore as inSz may have been
+             * incremented */
+            input = NULL;
 
             ssl->options.buildMsgState = BUILD_MSG_HASH;
         }
@@ -22400,7 +23630,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 goto exit_buildmsg;
 
             if (type == handshake && hashOutput) {
-                ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
+                ret = HashOutput(ssl, output,
+                    (int)(args->headerSz + (word32)inSz), (int)args->ivSz);
                 if (ret != 0)
                     goto exit_buildmsg;
             }
@@ -22436,7 +23667,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             if (ssl->options.startedETMWrite) {
                 if (ssl->ctx->EncryptMacCb) {
                     ret = ssl->ctx->EncryptMacCb(ssl, output + args->idx +
-                                                 args->pad + 1, type, 0,
+                                                 args->pad + 1, args->type, 0,
                                                  output + args->headerSz,
                                                  output + args->headerSz,
                                                  args->size - args->digestSz,
@@ -22449,8 +23680,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             {
                 if (ssl->ctx->MacEncryptCb) {
                     ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx,
-                                    output + args->headerSz + args->ivSz, inSz,
-                                    type, 0, output + args->headerSz,
+                                    output + args->headerSz + args->ivSz,
+                                    (unsigned int)inSz, args->type, 0,
+                                    output + args->headerSz,
                                     output + args->headerSz, args->size,
                                     ssl->MacEncryptCtx);
                     goto exit_buildmsg;
@@ -22481,8 +23713,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 #endif
 
                     ret = ssl->hmac(ssl, hmac,
-                                     output + args->headerSz + args->ivSz, inSz,
-                                     -1, type, 0, epochOrder);
+                                     output + args->headerSz + args->ivSz,
+                                     (word32)inSz, -1, args->type, 0,
+                                     epochOrder);
                     XMEMCPY(output + args->idx, hmac, args->digestSz);
 
                 #ifdef WOLFSSL_SMALL_STACK
@@ -22493,7 +23726,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             #endif
                 {
                     ret = ssl->hmac(ssl, output + args->idx, output +
-                                args->headerSz + args->ivSz, inSz, -1, type, 0, epochOrder);
+                                args->headerSz + args->ivSz, (word32)inSz, -1,
+                                args->type, 0, epochOrder);
                 }
             }
         #endif /* WOLFSSL_AEAD_ONLY */
@@ -22529,18 +23763,42 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                         ssl->keys.dtls_prev_sequence_number_lo;
             }
     #endif
+
+#ifdef WOLFSSL_THREADED_CRYPT
+    if (asyncOkay) {
+        WOLFSSL_MSG("Not encrypting\n");
+        /* make sure build message state is reset */
+        ssl->options.buildMsgState = BUILD_MSG_BEGIN;
+
+        /* return sz on success */
+        if (ret == 0) {
+            ret = args->sz;
+        }
+        else {
+            WOLFSSL_ERROR_VERBOSE(ret);
+        }
+
+        /* Final cleanup */
+        FreeBuildMsgArgs(ssl, args);
+
+        return ret;
+    }
+    else
+#endif
+    {
     #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
             if (ssl->options.startedETMWrite) {
                 ret = Encrypt(ssl, output + args->headerSz,
                                           output + args->headerSz,
                                           (word16)(args->size - args->digestSz),
-                                          asyncOkay);
+                                          asyncOkay, args->type);
             }
             else
     #endif
             {
                 ret = Encrypt(ssl, output + args->headerSz,
-                                output + args->headerSz, args->size, asyncOkay);
+                                output + args->headerSz, args->size, asyncOkay,
+                                args->type);
             }
     #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
             /* Restore sequence numbers */
@@ -22550,11 +23808,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
             }
     #endif
+    }
             }
 
             if (ret != 0) {
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret != WC_PENDING_E)
+                if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
             #endif
                 {
                     /* Zeroize plaintext. */
@@ -22601,8 +23860,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 #endif
 
                     ret = ssl->hmac(ssl, hmac, output + args->headerSz,
-                                    args->ivSz + inSz + args->pad + 1, -1, type,
-                                    0, epochOrder);
+                                    args->ivSz + inSz + args->pad + 1, -1,
+                                    args->type, 0, epochOrder);
                     XMEMCPY(output + args->idx + args->pad + 1, hmac,
                                                                 args->digestSz);
 
@@ -22615,8 +23874,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 {
                     ret = ssl->hmac(ssl, output + args->idx + args->pad + 1,
                                     output + args->headerSz,
-                                    args->ivSz + inSz + args->pad + 1, -1, type,
-                                    0, epochOrder);
+                                    args->ivSz + (word32)inSz + args->pad + 1,
+                                    -1, args->type, 0, epochOrder);
                 }
             }
         #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
@@ -22631,7 +23890,7 @@ exit_buildmsg:
     WOLFSSL_LEAVE("BuildMessage", ret);
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         return ret;
     }
 #endif
@@ -22646,7 +23905,7 @@ exit_buildmsg:
 
     /* return sz on success */
     if (ret == 0) {
-        ret = args->sz;
+        ret = (int)args->sz;
     }
     else {
         WOLFSSL_ERROR_VERBOSE(ret);
@@ -22654,9 +23913,7 @@ exit_buildmsg:
 
     /* Final cleanup */
     FreeBuildMsgArgs(ssl, args);
-
     return ret;
-#endif /* !WOLFSSL_NO_TLS12 */
 #else
     (void)outSz;
     (void)inSz;
@@ -22664,8 +23921,8 @@ exit_buildmsg:
     (void)hashOutput;
     (void)asyncOkay;
     return NOT_COMPILED_IN;
-#endif /* NO_TLS */
-
+#endif /* !WOLFSSL_NO_TLS12 */
+#endif
 }
 
 #ifndef WOLFSSL_NO_TLS12
@@ -22687,6 +23944,13 @@ int SendFinished(WOLFSSL* ssl)
 
     /* check for available size */
     outputSz = sizeof(input) + MAX_MSG_EXTRA;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        byte cidSz = 0;
+        if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+            outputSz += cidSz + 1; /* +1 for inner content type */
+    }
+#endif
 
     /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state
      * is not advanced yet */
@@ -22710,7 +23974,8 @@ int SendFinished(WOLFSSL* ssl)
 
     /* get output buffer */
     output = GetOutputBuffer(ssl);
-    AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
+    AddHandShakeHeader(input, (word32)finishedSz, 0,
+            (word32)finishedSz, finished, ssl);
 
     /* make finished hashes */
     hashes = (Hashes*)&input[headerSz];
@@ -22750,6 +24015,7 @@ int SendFinished(WOLFSSL* ssl)
         }
     #endif
 
+    ssl->keys.encryptionOn = 1;
     sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
                                                  handshake, 1, 0, 0, CUR_ORDER);
     if (sendSz < 0)
@@ -22763,9 +24029,9 @@ int SendFinished(WOLFSSL* ssl)
         if (ssl->options.side == WOLFSSL_SERVER_END) {
         #ifdef OPENSSL_EXTRA
             ssl->options.serverState = SERVER_FINISHED_COMPLETE;
-            ssl->cbmode = SSL_CB_MODE_WRITE;
+            ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
             if (ssl->CBIS != NULL)
-                ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
         #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
@@ -22778,9 +24044,9 @@ int SendFinished(WOLFSSL* ssl)
         if (ssl->options.side == WOLFSSL_CLIENT_END) {
         #ifdef OPENSSL_EXTRA
             ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
-            ssl->cbmode = SSL_CB_MODE_WRITE;
+            ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
             if (ssl->CBIS != NULL)
-                ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
         #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
@@ -22800,7 +24066,7 @@ int SendFinished(WOLFSSL* ssl)
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     ret = SendBuffered(ssl);
 
@@ -22822,6 +24088,7 @@ int SendFinished(WOLFSSL* ssl)
     return ret;
 }
 #endif /* WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS */
 
 #ifndef NO_WOLFSSL_SERVER
 #if (!defined(WOLFSSL_NO_TLS12) && \
@@ -22833,17 +24100,21 @@ int SendFinished(WOLFSSL* ssl)
  *
  * Returns 0 on success
  */
-static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
-                             DecodedCert* cert, byte* certData, word32 length)
+int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+                             DecodedCert* cert, byte* certData, word32 length,
+                             byte *ctxOwnsRequest)
 {
     int ret;
 
     if (request != NULL)
         XMEMSET(request, 0, sizeof(OcspRequest));
 
+    if (ctxOwnsRequest!= NULL)
+        *ctxOwnsRequest = 0;
+
     InitDecodedCert(cert, certData, length, ssl->heap);
     /* TODO: Setup async support here */
-    ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl));
+    ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL);
     if (ret != 0) {
         WOLFSSL_MSG("ParseCert failed");
     }
@@ -22851,11 +24122,14 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
         ret = InitOcspRequest(request, cert, 0, ssl->heap);
     if (ret == 0) {
         /* make sure ctx OCSP request is updated */
-        if (!ssl->buffers.weOwnCert) {
+        if (!ssl->buffers.weOwnCert && SSL_CM(ssl) != NULL) {
             wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock;
             if (wc_LockMutex(ocspLock) == 0) {
-                if (ssl->ctx->certOcspRequest == NULL)
+                if (ssl->ctx->certOcspRequest == NULL) {
                     ssl->ctx->certOcspRequest = request;
+                    if (ctxOwnsRequest!= NULL)
+                        *ctxOwnsRequest = 1;
+                }
                 wc_UnLockMutex(ocspLock);
             }
         }
@@ -22884,6 +24158,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
     int          ret = 0;
     OcspRequest* request = NULL;
     byte createdRequest  = 0;
+    byte ctxOwnsRequest = 0;
 
     if (ssl == NULL || ocspRequest == NULL || response == NULL)
         return BAD_FUNC_ARG;
@@ -22921,7 +24196,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
         createdRequest = 1;
         if (ret == 0) {
             ret = CreateOcspRequest(ssl, request, cert, der->buffer,
-                                                                   der->length);
+                      der->length, &ctxOwnsRequest);
         }
 
         if (ret != 0) {
@@ -22940,15 +24215,15 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
                                ssl->heap);
 
         /* Suppressing, not critical */
-        if (ret == OCSP_CERT_REVOKED ||
-            ret == OCSP_CERT_UNKNOWN ||
-            ret == OCSP_LOOKUP_FAIL) {
+        if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) ||
+            ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) ||
+            ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) {
             ret = 0;
         }
     }
 
     /* free request up if error case found otherwise return it */
-    if (ret != 0 && createdRequest) {
+    if (ret != 0 && createdRequest && !ctxOwnsRequest) {
         FreeOcspRequest(request);
         XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
     }
@@ -22980,6 +24255,14 @@ int cipherExtraData(WOLFSSL* ssl)
         cipherExtra = ssl->specs.iv_size + ssl->specs.block_size +
             ssl->specs.hash_size;
     }
+    /* Add space needed for the CID */
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        byte cidSz = 0;
+        if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+            cipherExtra += cidSz + 1; /* +1 for inner content type */
+    }
+#endif
     /* Sanity check so we don't ever return negative. */
     return cipherExtra > 0 ? cipherExtra : 0;
 }
@@ -22994,6 +24277,9 @@ int SendCertificate(WOLFSSL* ssl)
     int    ret = 0;
     word32 certSz, certChainSz, headerSz, listSz, payloadSz;
     word32 length, maxFragment;
+#ifdef HAVE_RPK
+    int    usingRpkTls12 = 0;
+#endif /* HAVE_RPK */
 
     WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
     WOLFSSL_ENTER("SendCertificate");
@@ -23003,6 +24289,21 @@ int SendCertificate(WOLFSSL* ssl)
         return 0;  /* not needed */
     }
 
+#ifdef HAVE_RPK
+    if (!IsAtLeastTLSv1_3(ssl->version)) {
+        /* If this is (D)TLS1.2 and RPK, then single cert, not list. */
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            if (ssl->options.rpkState.sending_ServerCertTypeCnt == 1 &&
+                ssl->options.rpkState.sending_ServerCertTypes[0] == WOLFSSL_CERT_TYPE_RPK)
+                usingRpkTls12 = 1;
+        } else if (ssl->options.side == WOLFSSL_CLIENT_END) {
+            if (ssl->options.rpkState.sending_ClientCertTypeCnt == 1 &&
+                ssl->options.rpkState.sending_ClientCertTypes[0] == WOLFSSL_CERT_TYPE_RPK)
+                usingRpkTls12 = 1;
+        }
+    }
+#endif /* HAVE_RPK */
+
     if (ssl->options.sendVerify == SEND_BLANK_CERT) {
     #ifdef OPENSSL_EXTRA
         if (ssl->version.major == SSLv3_MAJOR
@@ -23025,10 +24326,19 @@ int SendCertificate(WOLFSSL* ssl)
             return BUFFER_ERROR;
         }
         certSz = ssl->buffers.certificate->length;
-        headerSz = 2 * CERT_HEADER_SZ;
+#ifdef HAVE_RPK
+        if (usingRpkTls12) {
+            headerSz = 1 * CERT_HEADER_SZ;
+            listSz = certSz;
+        } else {
+#endif /* HAVE_RPK */
+            headerSz = 2 * CERT_HEADER_SZ;
+            listSz = certSz + CERT_HEADER_SZ;
+#ifdef HAVE_RPK
+        }
+#endif /* HAVE_RPK */
         /* list + cert size */
         length = certSz + headerSz;
-        listSz = certSz + CERT_HEADER_SZ;
 
         /* may need to send rest of chain, already has leading size(s) */
         if (certSz && ssl->buffers.certChain) {
@@ -23047,7 +24357,7 @@ int SendCertificate(WOLFSSL* ssl)
 
     maxFragment = MAX_RECORD_SIZE;
 
-    maxFragment = wolfSSL_GetMaxFragSize(ssl, maxFragment);
+    maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, (int)maxFragment);
 
     while (length > 0 && ret == 0) {
         byte*  output = NULL;
@@ -23067,12 +24377,12 @@ int SendCertificate(WOLFSSL* ssl)
                 else {
                     fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
                 }
-                sendSz += fragSz + HANDSHAKE_HEADER_SZ;
+                sendSz += (int)(fragSz) + HANDSHAKE_HEADER_SZ;
                 i += HANDSHAKE_HEADER_SZ;
             }
             else {
                 fragSz = min(length, maxFragment);
-                sendSz += fragSz;
+                sendSz += (int)(fragSz);
             }
 
             if (IsEncryptionOn(ssl, 1))
@@ -23121,12 +24431,18 @@ int SendCertificate(WOLFSSL* ssl)
             }
 
             /* list total */
-            c32to24(listSz, output + i);
-            if (ssl->options.dtls || !IsEncryptionOn(ssl, 1))
-                HashRaw(ssl, output + i, CERT_HEADER_SZ);
-            i += CERT_HEADER_SZ;
-            length -= CERT_HEADER_SZ;
-            fragSz -= CERT_HEADER_SZ;
+#ifdef HAVE_RPK
+            if (!usingRpkTls12) {
+#endif /* HAVE_RPK */
+                c32to24(listSz, output + i);
+                if (ssl->options.dtls || !IsEncryptionOn(ssl, 1))
+                    HashRaw(ssl, output + i, CERT_HEADER_SZ);
+                i += CERT_HEADER_SZ;
+                length -= CERT_HEADER_SZ;
+                fragSz -= CERT_HEADER_SZ;
+#ifdef HAVE_RPK
+            }
+#endif /* HAVE_RPK */
             if (certSz) {
                 c32to24(certSz, output + i);
                 if (ssl->options.dtls || !IsEncryptionOn(ssl, 1))
@@ -23136,10 +24452,10 @@ int SendCertificate(WOLFSSL* ssl)
                 fragSz -= CERT_HEADER_SZ;
 
                 if (ssl->options.dtls || !IsEncryptionOn(ssl, 1)) {
-                    HashRaw(ssl, ssl->buffers.certificate->buffer, certSz);
+                    HashRaw(ssl, ssl->buffers.certificate->buffer, (int)certSz);
                     if (certChainSz)
                         HashRaw(ssl, ssl->buffers.certChain->buffer,
-                                      certChainSz);
+                                      (int)certChainSz);
                 }
             }
         }
@@ -23178,7 +24494,7 @@ int SendCertificate(WOLFSSL* ssl)
 
         if (IsEncryptionOn(ssl, 1)) {
             byte* input = NULL;
-            int   inputSz = i; /* build msg adds rec hdr */
+            int   inputSz = (int)i; /* build msg adds rec hdr */
             int   recordHeaderSz = RECORD_HEADER_SZ;
 
             if (ssl->options.dtls)
@@ -23191,11 +24507,11 @@ int SendCertificate(WOLFSSL* ssl)
             }
 
             if (inputSz > 0) {  /* clang thinks could be zero, let's help */
-                input = (byte*)XMALLOC(inputSz, ssl->heap,
+                input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
                                        DYNAMIC_TYPE_IN_BUFFER);
                 if (input == NULL)
                     return MEMORY_E;
-                XMEMCPY(input, output + recordHeaderSz, inputSz);
+                XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             }
 
 #ifndef WOLFSSL_DTLS
@@ -23207,7 +24523,7 @@ int SendCertificate(WOLFSSL* ssl)
                                                               handshake, 1, 0, 0, CUR_ORDER);
             else /* DTLS 1.2 has to ignore fragmentation in hashing so we need to
                   * calculate the hash ourselves above */ {
-                if ((ret = DtlsMsgPoolSave(ssl, input, inputSz, certificate)) != 0) {
+                if ((ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, certificate)) != 0) {
                     XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                     return ret;
                 }
@@ -23222,10 +24538,10 @@ int SendCertificate(WOLFSSL* ssl)
                 return sendSz;
         }
         else {
-            sendSz = i;
+            sendSz = (int)i;
         #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl)) {
-                if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, certificate)) != 0)
+                if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, certificate)) != 0)
                     return ret;
             }
             if (ssl->options.dtls)
@@ -23244,12 +24560,12 @@ int SendCertificate(WOLFSSL* ssl)
         }
     #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
         if (!ssl->options.groupMessages)
             ret = SendBuffered(ssl);
     }
 
-    if (ret != WANT_WRITE) {
+    if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) {
         /* Clean up the fragment offset. */
         ssl->options.buildingMsg = 0;
         ssl->fragOffset = 0;
@@ -23338,7 +24654,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
     /* get output buffer */
     output = GetOutputBuffer(ssl);
 
-    AddHeaders(output, reqSz, certificate_request, ssl);
+    AddHeaders(output, (word32)reqSz, certificate_request, ssl);
 
     /* write to output */
     output[i++] = (byte)typeTotal;  /* # of types */
@@ -23405,7 +24721,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
 
         if (IsEncryptionOn(ssl, 1)) {
             byte* input = NULL;
-            int   inputSz = i; /* build msg adds rec hdr */
+            int   inputSz = (int)i; /* build msg adds rec hdr */
             int   recordHeaderSz = RECORD_HEADER_SZ;
 
             if (ssl->options.dtls)
@@ -23417,14 +24733,16 @@ int SendCertificateRequest(WOLFSSL* ssl)
                 return BUFFER_E;
             }
 
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, inputSz, certificate_request)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
+                                           certificate_request)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -23436,10 +24754,11 @@ int SendCertificateRequest(WOLFSSL* ssl)
             if (sendSz < 0)
                 return sendSz;
         } else {
-            sendSz = i;
+            sendSz = (int)i;
             #ifdef WOLFSSL_DTLS
                 if (IsDtlsNotSctpMode(ssl)) {
-                    if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, certificate_request)) != 0)
+                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz,
+                                    certificate_request)) != 0)
                         return ret;
                 }
                 if (ssl->options.dtls)
@@ -23460,7 +24779,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
                 return ret;
         }
     #endif
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     if (ssl->options.groupMessages)
         ret = 0;
     else
@@ -23483,6 +24802,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
     byte*  output  = NULL;
     word32 idx     = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
     word32 length  = ENUM_LEN;
+    word32 headerSz= idx;
     int    sendSz  = 0;
     int    ret     = 0;
     int    i       = 0;
@@ -23502,93 +24822,93 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
         default:
             return 0;
     }
+#ifdef WOLFSSL_DTLS
+    if (ssl->options.dtls) {
+        headerSz = idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
+        sendSz  = idx + length;
 
-    sendSz = idx + length;
+    } else
+#endif
+    sendSz = (int)(idx + length);
 
     if (ssl->keys.encryptionOn)
         sendSz += MAX_MSG_EXTRA;
 
-    /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state
-     * is not advanced yet */
-    ssl->options.buildingMsg = 1;
+    output =(byte*)XMALLOC(sendSz, ssl->heap, DYNAMIC_TYPE_OCSP);
+    if (output == NULL)
+        return MEMORY_E;
 
-    if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
-        output = GetOutputBuffer(ssl);
+    AddHeaders(output, length, certificate_status, ssl);
 
-        AddHeaders(output, length, certificate_status, ssl);
+    output[idx++] = type;
 
-        output[idx++] = type;
-
-        if (type == WOLFSSL_CSR2_OCSP_MULTI) {
-            c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
-            idx += OPAQUE24_LEN;
-        }
-
-        for (i = 0; i < count; i++) {
-            c32to24(status[i].length, output + idx);
-            idx += OPAQUE24_LEN;
-
-            XMEMCPY(output + idx, status[i].buffer, status[i].length);
-            idx += status[i].length;
-        }
-
-        if (IsEncryptionOn(ssl, 1)) {
-            byte* input;
-            int   inputSz = idx; /* build msg adds rec hdr */
-            int   recordHeaderSz = RECORD_HEADER_SZ;
-
-            if (ssl->options.dtls)
-                recordHeaderSz += DTLS_RECORD_EXTRA;
-            inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
-            if (input == NULL)
-                return MEMORY_E;
-
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
-            #ifdef WOLFSSL_DTLS
-                ret = DtlsMsgPoolSave(ssl, input, inputSz, certificate_status);
-            #endif
-            if (ret == 0)
-                sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
-                                      handshake, 1, 0, 0, CUR_ORDER);
-            XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
-
-            if (sendSz < 0)
-                ret = sendSz;
-        }
-        else {
-            #ifdef WOLFSSL_DTLS
-                if (ret == 0 && IsDtlsNotSctpMode(ssl))
-                    ret = DtlsMsgPoolSave(ssl, output, sendSz, certificate_status);
-                if (ret == 0 && ssl->options.dtls)
-                    DtlsSEQIncrement(ssl, CUR_ORDER);
-            #endif
-            ret = HashOutput(ssl, output, sendSz, 0);
-        }
-
-    #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
-        if (ret == 0 && ssl->hsInfoOn)
-            AddPacketName(ssl, "CertificateStatus");
-        if (ret == 0 && ssl->toInfoOn) {
-            ret = AddPacketInfo(ssl, "CertificateStatus", handshake, output,
-                    sendSz, WRITE_PROTO, 0, ssl->heap);
-            if (ret != 0)
-                return ret;
-        }
-    #endif
-
-        if (ret == 0) {
-            ssl->options.buildingMsg = 0;
-            ssl->buffers.outputBuffer.length += sendSz;
-            if (!ssl->options.groupMessages)
-                ret = SendBuffered(ssl);
-        }
+    if (type == WOLFSSL_CSR2_OCSP_MULTI) {
+        c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
+        idx += OPAQUE24_LEN;
     }
 
+    for (i = 0; i < count; i++) {
+        c32to24(status[i].length, output + idx);
+        idx += OPAQUE24_LEN;
+
+        XMEMCPY(output + idx, status[i].buffer, status[i].length);
+        idx += status[i].length;
+    }
+    /* Send Message. Handled message fragmentation in the function if needed */
+    ret = SendHandshakeMsg(ssl, output, (sendSz - headerSz), certificate_status,
+                "Certificate Status");
+    XFREE(output, ssl->heap, DYNAMIC_TYPE_OCSP);
+
     WOLFSSL_LEAVE("BuildCertificateStatus", ret);
     return ret;
 }
 #endif
+
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) &&                                \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||                         \
+    defined(WOLFSSL_HAPROXY))
+static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
+{
+    WOLFSSL_OCSP *ocsp;
+    void *ioCtx = NULL;
+    buffer response;
+    int ret;
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ocsp = SSL_CM(ssl)->ocsp_stapling;
+    if (ocsp == NULL || ocsp->statusCb == NULL)
+        return BAD_FUNC_ARG;
+    ioCtx = (ssl->ocspIOCtx != NULL) ?  ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
+    XMEMSET(&response, 0, sizeof(response));
+    WOLFSSL_MSG("Calling ocsp->statusCb");
+    ret = ocsp->statusCb(ssl, ioCtx);
+    switch (ret) {
+        case SSL_TLSEXT_ERR_OK:
+            if (ssl->ocspResp == NULL || ssl->ocspRespSz == 0) {
+                ret = 0;
+                break;
+            }
+            response.buffer = ssl->ocspResp;
+            response.length = ssl->ocspRespSz;
+            ret = BuildCertificateStatus(ssl, WOLFSSL_CSR_OCSP, &response, 1);
+            break;
+        case SSL_TLSEXT_ERR_NOACK:
+            /* No OCSP response to send */
+            ret = 0;
+            break;
+        case SSL_TLSEXT_ERR_ALERT_FATAL:
+        /* fall through */
+        default:
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+    return ret;
+}
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && (defined(OPENSSL_ALL) ||
+          defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
 #endif /* NO_WOLFSSL_SERVER */
 
 /* handle generation of certificate_status (22) */
@@ -23600,7 +24920,10 @@ int SendCertificateStatus(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_SEND);
     WOLFSSL_ENTER("SendCertificateStatus");
 
-    (void) ssl;
+    if (ssl == NULL || SSL_CM(ssl) == NULL) {
+        WOLFSSL_MSG("SendCertificateStatus bad args");
+        return BAD_FUNC_ARG;
+    }
 
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
     status_type = ssl->status_request;
@@ -23610,6 +24933,16 @@ int SendCertificateStatus(WOLFSSL* ssl)
     status_type = status_type ? status_type : ssl->status_request_v2;
 #endif
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY))
+    if (SSL_CM(ssl)->ocsp_stapling != NULL &&
+            SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
+        if (ssl->status_request == WOLFSSL_CSR_OCSP)
+            return BuildCertificateStatusWithStatusCB(ssl);
+    }
+#endif
+
     switch (status_type) {
 
     #ifndef NO_WOLFSSL_SERVER
@@ -23636,7 +24969,8 @@ int SendCertificateStatus(WOLFSSL* ssl)
             }
 
             /* Let's not error out the connection if we can't verify our cert */
-            if (ret == ASN_SELF_SIGNED_E || ret == ASN_NO_SIGNER_E)
+            if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) ||
+                ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E))
                 ret = 0;
 
             if (response.buffer) {
@@ -23654,6 +24988,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
         {
             OcspRequest* request = ssl->ctx->certOcspRequest;
             buffer responses[1 + MAX_CHAIN_DEPTH];
+            byte ctxOwnsRequest = 0;
             int i = 0;
 
             XMEMSET(responses, 0, sizeof(responses));
@@ -23710,29 +25045,29 @@ int SendCertificateStatus(WOLFSSL* ssl)
 
                         if (idx > chain->length)
                             break;
-
                         ret = CreateOcspRequest(ssl, request, cert, der.buffer,
-                                                der.length);
+                                                der.length, &ctxOwnsRequest);
                         if (ret == 0) {
                             request->ssl = ssl;
                         ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
                                         request, &responses[i + 1], ssl->heap);
 
                             /* Suppressing, not critical */
-                            if (ret == OCSP_CERT_REVOKED ||
-                                ret == OCSP_CERT_UNKNOWN ||
-                                ret == OCSP_LOOKUP_FAIL) {
+                            if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) ||
+                                ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) ||
+                                ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) {
                                 ret = 0;
                             }
 
 
                             i++;
-                            FreeOcspRequest(request);
+                            if (!ctxOwnsRequest)
+                                FreeOcspRequest(request);
                         }
                     }
                 }
-
-                XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+                if (!ctxOwnsRequest)
+                    XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
             #ifdef WOLFSSL_SMALL_STACK
                 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
             #endif
@@ -23745,9 +25080,9 @@ int SendCertificateStatus(WOLFSSL* ssl)
                                            request, &responses[++i], ssl->heap);
 
                     /* Suppressing, not critical */
-                    if (ret == OCSP_CERT_REVOKED ||
-                        ret == OCSP_CERT_UNKNOWN ||
-                        ret == OCSP_LOOKUP_FAIL) {
+                    if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) ||
+                        ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) ||
+                        ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) {
                         ret = 0;
                     }
                 }
@@ -23768,7 +25103,8 @@ int SendCertificateStatus(WOLFSSL* ssl)
             }
 
             /* Let's not error out the connection if we can't verify our cert */
-            if (ret == ASN_SELF_SIGNED_E || ret == ASN_NO_SIGNER_E)
+            if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) ||
+                ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E))
                 ret = 0;
 
             break;
@@ -23958,25 +25294,127 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
 }
 #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */
 
-int SendData(WOLFSSL* ssl, const void* data, int sz)
+#ifdef WOLFSSL_THREADED_CRYPT
+int SendAsyncData(WOLFSSL* ssl)
 {
-    int sent = 0,  /* plainText size */
-        sendSz,
+    int i;
+
+    for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+        ThreadCrypt* encrypt = &ssl->buffers.encrypt[i];
+
+        if (encrypt->done) {
+            int error;
+
+            GrowOutputBuffer(ssl, encrypt->buffer.length);
+            XMEMCPY(ssl->buffers.outputBuffer.buffer, encrypt->buffer.buffer,
+                encrypt->buffer.length);
+            ssl->buffers.outputBuffer.length = encrypt->buffer.length;
+            ssl->buffers.outputBuffer.idx = 0;
+            encrypt->done = 0;
+            encrypt->avail = 1;
+            if ((error = SendBuffered(ssl)) < 0) {
+                ssl->error = error;
+                WOLFSSL_ERROR(ssl->error);
+                /* store for next call if WANT_WRITE or user embedSend() that
+                   doesn't present like WANT_WRITE */
+                ssl->buffers.plainSz  = encrypt->buffer.length;
+                ssl->buffers.prevSent = encrypt->buffer.length;
+                if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                        (ssl->options.connReset || ssl->options.isClosed)) {
+                    return SOCKET_PEER_CLOSED_E;  /* peer reset or closed */
+                }
+                return ssl->error;
+            }
+
+            /* only one message per attempt */
+            if (ssl->options.partialWrite == 1) {
+                WOLFSSL_MSG("Partial Write on, only sending one record");
+                break;
+            }
+        }
+    }
+
+    return 0;
+}
+#endif
+
+#ifndef NO_TLS
+
+/**
+ * ssl_in_handshake():
+ * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is
+ * needed in the handshake.
+ *
+ * In TLSv1.2 negotiate until the end of the handshake, unless:
+ * 1 in SCR and sending data or
+ * 2 in SCR and we have plain data ready
+ * Early data logic may bypass this logic in TLSv1.3 when appropriate.
+ */
+static int ssl_in_handshake(WOLFSSL *ssl, int sending_data)
+{
+int SendAsyncData = 1;
+(void)SendAsyncData;
+    if (IsSCR(ssl)) {
+        if (sending_data) {
+            /* allow sending data in SCR */
+            return 0;
+        } else {
+            /* allow reading buffered data in SCR */
+            if (ssl->buffers.clearOutputBuffer.length != 0)
+                return 0;
+        }
+        return 1;
+    }
+
+    if (ssl->options.handShakeState != HANDSHAKE_DONE)
+        return 1;
+
+    if (ssl->options.side == WOLFSSL_SERVER_END) {
+        if (IsAtLeastTLSv1_3(ssl->version))
+            return ssl->options.acceptState < TLS13_TICKET_SENT;
+        if (IsAtLeastTLSv1_2(ssl))
+            return ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE;
+        return 0;
+    }
+
+    if (ssl->options.side == WOLFSSL_CLIENT_END) {
+        if (IsAtLeastTLSv1_3(ssl->version))
+            return ssl->options.connectState < FINISHED_DONE;
+        if (IsAtLeastTLSv1_2(ssl))
+            return ssl->options.connectState < SECOND_REPLY_DONE;
+        return 0;
+    }
+
+    return 0;
+}
+
+int SendData(WOLFSSL* ssl, const void* data, size_t sz)
+{
+    word32 sent = 0; /* plainText size */
+    int sendSz,
         ret;
 #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
     int groupMsgs = 0;
 #endif
+    int error = ssl->error;
 
-    if (ssl->error == WANT_WRITE
+    if (sz > INT_MAX) {
+        WOLFSSL_MSG("SendData sz overflow");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (error == WC_NO_ERR_TRACE(WANT_WRITE)
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || ssl->error == WC_PENDING_E
+        || error == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
+        error = 0;
         ssl->error = 0;
     }
 
     /* don't allow write after decrypt or mac error */
-    if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR) {
+    if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
+        error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
         /* For DTLS allow these possible errors and allow the session
             to continue despite them */
         if (ssl->options.dtls) {
@@ -23989,7 +25427,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     }
 
 #ifdef WOLFSSL_EARLY_DATA
-    if (ssl->earlyData != no_early_data) {
+    if (ssl->options.side == WOLFSSL_CLIENT_END &&
+            ssl->earlyData != no_early_data &&
+            ssl->earlyData != done_early_data) {
         if (ssl->options.handShakeState == HANDSHAKE_DONE) {
             WOLFSSL_MSG("handshake complete, trying to send early data");
             ssl->error = BUILD_MSG_ERROR;
@@ -23999,28 +25439,51 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         groupMsgs = 1;
     #endif
     }
-    else if (IsAtLeastTLSv1_3(ssl->version) &&
+    else
+#endif
+    if (IsAtLeastTLSv1_3(ssl->version) &&
             ssl->options.side == WOLFSSL_SERVER_END &&
             ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
         /* We can send data without waiting on peer finished msg */
         WOLFSSL_MSG("server sending data before receiving client finished");
     }
-    else
-#endif
-    if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
+    else if (ssl_in_handshake(ssl, 1)) {
         int err;
         WOLFSSL_MSG("handshake not complete, trying to finish");
         if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* if async would block return WANT_WRITE */
-            if (ssl->error == WC_PENDING_E) {
+            if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return WOLFSSL_CBIO_ERR_WANT_WRITE;
             }
         #endif
-            return  err;
+            return err;
         }
     }
 
+#ifdef WOLFSSL_RW_THREADED
+#ifdef WOLFSSL_DTLS13
+    if (ssl->options.dtls) {
+        /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */
+        if ((error = Dtls13DoScheduledWork(ssl)) < 0) {
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
+        }
+    }
+#endif /* WOLFSSL_DTLS13 */
+#ifdef WOLFSSL_TLS13
+    if (ssl->options.sendKeyUpdate) {
+        ssl->options.sendKeyUpdate = 0;
+        ret = SendTls13KeyUpdate(ssl);
+        if (ret != 0) {
+            ssl->error = BUILD_MSG_ERROR;
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+#endif
+#endif
+
     /* last time system socket output buffer was full, try again to send */
     if (ssl->buffers.outputBuffer.length > 0
     #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
@@ -24028,24 +25491,25 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     #endif
         ) {
         WOLFSSL_MSG("output buffer was full, trying to send again");
-        if ( (ssl->error = SendBuffered(ssl)) < 0) {
-            WOLFSSL_ERROR(ssl->error);
-            if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset ||
-                                                 ssl->options.isClosed)) {
-                ssl->error = SOCKET_PEER_CLOSED_E;
-                WOLFSSL_ERROR(ssl->error);
+        if ( (error = SendBuffered(ssl)) < 0) {
+            WOLFSSL_ERROR(error);
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    (ssl->options.connReset || ssl->options.isClosed)) {
+                error = SOCKET_PEER_CLOSED_E;
+                ssl->error = error;
+                WOLFSSL_ERROR(error);
                 return 0;  /* peer reset or closed */
             }
-            return ssl->error;
+            return (ssl->error = error);
         }
         else {
             /* advance sent to previous sent + plain size just sent */
             sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
             WOLFSSL_MSG("sent write buffered data");
 
-            if (sent > sz) {
+            if (sent > (word32)sz) {
                 WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
-                return ssl->error = BAD_FUNC_ARG;
+                return (ssl->error = BAD_FUNC_ARG);
             }
         }
     }
@@ -24056,6 +25520,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         return WOLFSSL_FATAL_ERROR;
     }
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    ret = SendAsyncData(ssl);
+    if (ret != 0) {
+        ssl->error = ret;
+        return WOLFSSL_FATAL_ERROR;
+    }
+    if (ssl->dtls13WaitKeyUpdateAck) {
+        ret = DoDtls13KeyUpdateAck(ssl);
+        if (ret != 0)
+            return ret;
+    }
+#endif
+
     for (;;) {
         byte* out;
         byte* sendBuffer = (byte*)data + sent;  /* may switch on comp */
@@ -24064,6 +25541,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef HAVE_LIBZ
         byte  comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
 #endif
+#ifdef WOLFSSL_THREADED_CRYPT
+        int i;
+        ThreadCrypt* encrypt = NULL;
+#endif
 
 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
         if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -24083,7 +25564,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
                 return ssl->error = BAD_STATE_E;
 
 #ifdef WOLFSSL_EARLY_DATA
-            isEarlyData = ssl->earlyData != no_early_data;
+            isEarlyData = ssl->options.side == WOLFSSL_CLIENT_END &&
+                    ssl->earlyData != no_early_data &&
+                    ssl->earlyData != done_early_data;
 #endif
 
             if (isEarlyData) {
@@ -24113,34 +25596,66 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 
 #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
-            buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
+            buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent);
         }
         else
 #endif
         {
-            buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
+            buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent);
 
         }
 
-        if (sent == sz) break;
+        if (sent == (word32)sz) break;
 
 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
-        if (ssl->options.dtls && (buffSz < sz - sent)) {
-            ssl->error = DTLS_SIZE_ERROR;
-            WOLFSSL_ERROR(ssl->error);
-            return ssl->error;
+        if (ssl->options.dtls && ((size_t)buffSz < (word32)sz - sent)) {
+            error = DTLS_SIZE_ERROR;
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
         }
 #endif
         outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ;
         if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3)
             outputSz += cipherExtraData(ssl);
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+        if (ssl->options.dtls) {
+            byte cidSz = 0;
+            if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+                outputSz += cidSz + 1; /* +1 for inner content type */
+        }
+#endif
+
         /* check for available size */
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
-            return ssl->error = ret;
+            return (ssl->error = ret);
 
         /* get output buffer */
+#ifndef WOLFSSL_THREADED_CRYPT
         out = GetOutputBuffer(ssl);
+#else
+        do {
+            for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+                if (ssl->buffers.encrypt[i].avail) {
+                    encrypt = &ssl->buffers.encrypt[i];
+                    break;
+                }
+            }
+            if (encrypt == NULL) {
+                ret = SendAsyncData(ssl);
+                if (ret != 0) {
+                    ssl->error = ret;
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
+        }
+        while (encrypt == NULL);
+        encrypt->done = 0;
+        encrypt->avail = 0;
+        GrowAnOutputBuffer(ssl, &encrypt->buffer, outputSz);
+        out = encrypt->buffer.buffer;
+#endif
 
 #ifdef HAVE_LIBZ
         if (ssl->options.usingCompression) {
@@ -24175,7 +25690,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         }
         if (sendSz < 0) {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (sendSz == WC_PENDING_E)
+            if (sendSz == WC_NO_ERR_TRACE(WC_PENDING_E))
                 ssl->error = sendSz;
         #endif
             return BUILD_MSG_ERROR;
@@ -24184,21 +25699,73 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef WOLFSSL_ASYNC_CRYPT
         FreeAsyncCtx(ssl, 0);
 #endif
-        ssl->buffers.outputBuffer.length += sendSz;
+#ifdef WOLFSSL_THREADED_CRYPT
+        if (!encrypt->init) {
+            SetKeys(&encrypt->encrypt, NULL, &ssl->keys, &ssl->specs,
+                ssl->options.side, ssl->heap, ssl->devId, ssl->rng,
+                ssl->options.tls1_3);
+            encrypt->init = 1;
+        }
+        encrypt->buffer.length = sendSz;
+        encrypt->offset = RECORD_HEADER_SZ;
+        if (ssl->options.dtls) {
+            encrypt->offset += DTLS_RECORD_EXTRA;
+        }
+        encrypt->cryptLen = outputSz - encrypt->offset;
+    #ifdef HAVE_TRUNCATED_HMAC
+        if (ssl->truncated_hmac) {
+            encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, ssl->specs.hash_size);
+        }
+        else
+    #endif
+        {
+            encrypt->cryptLen -= ssl->specs.hash_size;
+        }
 
-        if ( (ssl->error = SendBuffered(ssl)) < 0) {
-            WOLFSSL_ERROR(ssl->error);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+    ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
+        XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
+        XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV,
+            AESGCM_EXP_IV_SZ);
+#endif
+        XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ);
+        WriteSEQ(ssl, CUR_ORDER, encrypt->additional);
+        XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, encrypt->buffer.buffer,
+            3);
+        c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ -
+            ssl->specs.aead_mac_size, encrypt->additional + AEAD_LEN_OFFSET);
+
+    #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls)
+            DtlsSEQIncrement(ssl, CUR_ORDER);
+    #endif
+
+        if (encrypt->signal != NULL) {
+            encrypt->signal(encrypt->signalCtx, ssl);
+        }
+        return sendSz;
+#else
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
+
+        if ( (error = SendBuffered(ssl)) < 0) {
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
             /* store for next call if WANT_WRITE or user embedSend() that
                doesn't present like WANT_WRITE */
             ssl->buffers.plainSz  = buffSz;
             ssl->buffers.prevSent = sent;
-            if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset ||
-                                                 ssl->options.isClosed)) {
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    (ssl->options.connReset || ssl->options.isClosed)) {
+                error = SOCKET_PEER_CLOSED_E;
                 ssl->error = SOCKET_PEER_CLOSED_E;
-                WOLFSSL_ERROR(ssl->error);
+                WOLFSSL_ERROR(error);
                 return 0;  /* peer reset or closed */
             }
-            return ssl->error;
+            return error;
+        }
+        else {
+            ssl->error = 0; /* Clear any previous errors */
         }
 
         sent += buffSz;
@@ -24208,20 +25775,29 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
             WOLFSSL_MSG("Partial Write on, only sending one record");
             break;
         }
+#endif
     }
 
     return sent;
 }
 
 /* process input data */
-int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
+int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek)
 {
     int size;
+    int error = ssl->error;
 
     WOLFSSL_ENTER("ReceiveData");
 
+    if (sz > INT_MAX) {
+        WOLFSSL_MSG("ReceiveData sz overflow");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
     /* reset error state */
-    if (ssl->error == WANT_READ || ssl->error == WOLFSSL_ERROR_WANT_READ) {
+    if (error == WC_NO_ERR_TRACE(WANT_READ) ||
+        error == WOLFSSL_ERROR_WANT_READ) {
+        error = 0;
         ssl->error = 0;
     }
 
@@ -24229,52 +25805,42 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     if (ssl->options.dtls) {
         /* In DTLS mode, we forgive some errors and allow the session
          * to continue despite them. */
-        if (ssl->error == VERIFY_MAC_ERROR ||
-            ssl->error == DECRYPT_ERROR ||
-            ssl->error == DTLS_SIZE_ERROR) {
+        if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
+            error == WC_NO_ERR_TRACE(DECRYPT_ERROR) ||
+            error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) {
 
+            error = 0;
             ssl->error = 0;
         }
     }
 #endif /* WOLFSSL_DTLS */
 
-    if (ssl->error != 0 && ssl->error != WANT_WRITE
+    if (error != 0 && error != WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && error != WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
 #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-            && ssl->error != APP_DATA_READY
+            && error != WC_NO_ERR_TRACE(APP_DATA_READY)
 #endif
     ) {
         WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
-        return ssl->error;
+        return error;
     }
 
 #ifdef WOLFSSL_EARLY_DATA
-    if (ssl->earlyData != no_early_data) {
+    if (ssl->options.side == WOLFSSL_SERVER_END &&
+          ssl->earlyData > early_data_ext && ssl->earlyData < done_early_data) {
     }
     else
 #endif
     {
-        int negotiate = 0;
-#ifdef HAVE_SECURE_RENEGOTIATION
-        if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
-            if (ssl->options.handShakeState != HANDSHAKE_DONE
-                && ssl->buffers.clearOutputBuffer.length == 0)
-                negotiate = 1;
-        }
-        else
-#endif
-        if (ssl->options.handShakeState != HANDSHAKE_DONE)
-            negotiate = 1;
-
-        if (negotiate) {
+        if (ssl_in_handshake(ssl, 0)) {
             int err;
             WOLFSSL_MSG("Handshake not complete, trying to finish");
             if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
             #ifdef WOLFSSL_ASYNC_CRYPT
                 /* if async would block return WANT_WRITE */
-                if (ssl->error == WC_PENDING_E) {
+                if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     return WOLFSSL_CBIO_ERR_WANT_READ;
                 }
             #endif
@@ -24296,32 +25862,39 @@ startScr:
 #endif
 
     while (ssl->buffers.clearOutputBuffer.length == 0) {
-        if ( (ssl->error = ProcessReply(ssl)) < 0) {
-            if (ssl->error == ZERO_RETURN) {
+        if ( (error = ProcessReply(ssl)) < 0) {
+            if (error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
+                ssl->error = error;
                 WOLFSSL_MSG("Zero return, no more data coming");
                 return 0; /* no more data coming */
             }
-            if (ssl->error == SOCKET_ERROR_E) {
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
                 if (ssl->options.connReset || ssl->options.isClosed) {
                     WOLFSSL_MSG("Peer reset or closed, connection done");
-                    ssl->error = SOCKET_PEER_CLOSED_E;
-                    WOLFSSL_ERROR(ssl->error);
+                    error = SOCKET_PEER_CLOSED_E;
+                    ssl->error = error;
+                    WOLFSSL_ERROR(error);
                     return 0; /* peer reset or closed */
                 }
             }
-            WOLFSSL_ERROR(ssl->error);
-            return ssl->error;
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
         }
 
-#ifdef WOLFSSL_DTLS13
+#ifndef WOLFSSL_RW_THREADED
+    #ifdef WOLFSSL_DTLS13
         if (ssl->options.dtls) {
             /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */
-            if ((ssl->error = Dtls13DoScheduledWork(ssl)) < 0) {
-                WOLFSSL_ERROR(ssl->error);
-                return ssl->error;
+            if ((error = Dtls13DoScheduledWork(ssl)) < 0) {
+                ssl->error = error;
+                WOLFSSL_ERROR(error);
+                return error;
             }
         }
-#endif /* WOLFSSL_DTLS13 */
+    #endif /* WOLFSSL_DTLS13 */
+#endif
+
         #ifdef HAVE_SECURE_RENEGOTIATION
             if (ssl->secure_renegotiation &&
                 ssl->secure_renegotiation->startScr) {
@@ -24337,7 +25910,7 @@ startScr:
                 if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* if async would block return WANT_WRITE */
-                    if (ssl->error == WC_PENDING_E) {
+                    if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         return WOLFSSL_CBIO_ERR_WANT_READ;
                     }
                 #endif
@@ -24370,12 +25943,13 @@ startScr:
 #endif
     }
 
-    size = min(sz, (int)ssl->buffers.clearOutputBuffer.length);
+    size = (sz < (size_t)ssl->buffers.clearOutputBuffer.length) ?
+        (int)sz : (int)ssl->buffers.clearOutputBuffer.length;
 
-    XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
+    XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, (size_t)(size));
 
     if (peek == 0) {
-        ssl->buffers.clearOutputBuffer.length -= size;
+        ssl->buffers.clearOutputBuffer.length -= (word32)size;
         ssl->buffers.clearOutputBuffer.buffer += size;
     }
 
@@ -24434,7 +26008,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
 
    #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_CB_ALERT, type);
+            ssl->CBIS(ssl, WOLFSSL_CB_ALERT, type);
         }
    #endif
    #ifdef WOLFSSL_DTLS
@@ -24449,7 +26023,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
         /* If CheckAvailableSize returned WANT_WRITE due to a blocking write
          * then discard pending output and just send the alert. */
         if (ssl->options.dtls) {
-            if (ret != WANT_WRITE || severity != alert_fatal)
+            if (ret != WC_NO_ERR_TRACE(WANT_WRITE) || severity != alert_fatal)
                 return ret;
             ShrinkOutputBuffer(ssl);
             if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) {
@@ -24512,6 +26086,11 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
 #endif /* WOLFSSL_DTLS13 */
             {
                 AddRecordHeader(output, ALERT_SIZE, alert, ssl, CUR_ORDER);
+#ifdef WOLFSSL_DTLS
+                /* AddRecordHeader doesn't increment the seq number */
+                if (ssl->options.dtls)
+                    DtlsSEQIncrement(ssl, CUR_ORDER);
+#endif
             }
 
         output += RECORD_HEADER_SZ;
@@ -24541,7 +26120,21 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    /*
+     * We check if we are trying to send a
+     * CLOSE_NOTIFY alert.
+     * */
+    if (type == close_notify) {
+        if (!ssl->options.sentNotify) {
+            ssl->options.sentNotify = 1;
+        }
+        else {
+            /* CLOSE_NOTIFY already sent */
+            return 0;
+        }
+    }
+
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     ret = SendBuffered(ssl);
 
@@ -24553,10 +26146,21 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
     return ret;
 }
 
+#endif /* !NO_TLS */
+
 int RetrySendAlert(WOLFSSL* ssl)
 {
-    int type = ssl->pendingAlert.code;
-    int severity = ssl->pendingAlert.level;
+    int ret = 0;
+    int type;
+    int severity;
+    WOLFSSL_ENTER("RetrySendAlert");
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    type = ssl->pendingAlert.code;
+    severity = ssl->pendingAlert.level;
 
     if (severity == alert_none)
         return 0;
@@ -24564,14 +26168,26 @@ int RetrySendAlert(WOLFSSL* ssl)
     ssl->pendingAlert.code = 0;
     ssl->pendingAlert.level = alert_none;
 
-    return SendAlert_ex(ssl, severity, type);
+#ifndef NO_TLS
+    ret = SendAlert_ex(ssl, severity, type);
+#else
+    (void)type;
+#endif
+    return ret;
 }
 
 /* send alert message */
 int SendAlert(WOLFSSL* ssl, int severity, int type)
 {
+    int ret = 0;
+    WOLFSSL_ENTER("SendAlert");
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
     if (ssl->pendingAlert.level != alert_none) {
-        int ret = RetrySendAlert(ssl);
+        ret = RetrySendAlert(ssl);
         if (ret != 0) {
             if (ssl->pendingAlert.level == alert_none ||
                     (ssl->pendingAlert.level != alert_fatal &&
@@ -24584,10 +26200,17 @@ int SendAlert(WOLFSSL* ssl, int severity, int type)
             return ret;
         }
     }
-
-    return SendAlert_ex(ssl, severity, type);
+#ifndef NO_TLS
+    ret = SendAlert_ex(ssl, severity, type);
+#endif /* !NO_TLS */
+    return ret;
 }
 
+
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
+
 const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 {
 #ifdef NO_ERROR_STRINGS
@@ -24605,16 +26228,21 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     }
 
     /* pass to wolfCrypt */
-    if (error < MAX_CODE_E && error > MIN_CODE_E) {
+    if ((error <= WC_SPAN1_FIRST_E && error >= WC_SPAN1_MIN_CODE_E) ||
+        (error <= WC_SPAN2_FIRST_E && error >= WC_SPAN2_MIN_CODE_E))
+    {
         return wc_GetErrorString(error);
     }
 
-    switch (error) {
-
+    if (error == 0) {
 #ifdef OPENSSL_EXTRA
-    case 0 :
         return "ok";
+#else
+        return "unknown error number";
 #endif
+    }
+
+    switch ((enum wolfSSL_ErrorCodes)error) { /* // NOLINT(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
     case UNSUPPORTED_SUITE :
         return "unsupported cipher suite";
@@ -24724,9 +26352,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case -WOLFSSL_ERROR_WANT_X509_LOOKUP:
         return "application client cert callback asked to be called again";
 
-    case -WOLFSSL_ERROR_SSL:
-        return "fatal TLS protocol error";
-
     case BUFFER_ERROR :
         return "malformed buffer input error";
 
@@ -24804,6 +26429,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case CRL_MISSING:
         return "CRL missing, not loaded";
 
+    case CRYPTO_POLICY_FORBIDDEN:
+        return "Operation forbidden by system crypto-policy";
+
     case MONITOR_SETUP_E:
         return "CRL monitor setup error";
 
@@ -24822,6 +26450,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case MAX_CHAIN_ERROR:
         return "Maximum Chain Depth Exceeded";
 
+    case MAX_CERT_EXTENSIONS_ERR:
+        return "Maximum Cert Extension Exceeded";
+
     case COOKIE_ERROR:
         return "DTLS Cookie Error";
 
@@ -24882,6 +26513,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case SESSION_TICKET_EXPECT_E:
         return "Session Ticket Error";
 
+    case SCR_DIFFERENT_CERT_E:
+        return "SCR Different cert error";
+
     case SESSION_SECRET_CB_E:
         return "Session Secret Callback Error";
 
@@ -25047,52 +26681,27 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case UNSUPPORTED_CERTIFICATE:
         return "Unsupported certificate type";
 
-#ifdef HAVE_HTTP_CLIENT
     case HTTP_TIMEOUT:
         return "HTTP timeout for OCSP or CRL req";
+
     case HTTP_RECV_ERR:
         return "HTTP Receive error";
+
     case HTTP_HEADER_ERR:
         return "HTTP Header error";
+
     case HTTP_PROTO_ERR:
         return "HTTP Protocol error";
+
     case HTTP_STATUS_ERR:
         return "HTTP Status error";
+
     case HTTP_VERSION_ERR:
         return "HTTP Version error";
+
     case HTTP_APPSTR_ERR:
         return "HTTP Application string error";
-#endif
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-    /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with
-     *       -WOLFSSL_ERROR_WANT_CONNECT. */
-    case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID:
-        return "certificate not yet valid";
-    case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED:
-        return "certificate has expired";
-    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        return "certificate signature failure";
-    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        return "format error in certificate's notAfter field";
-    case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        return "self-signed certificate in certificate chain";
-    case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        return "unable to get local issuer certificate";
-    case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        return "unable to verify the first certificate";
-    case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        return "certificate chain too long";
-    case -WOLFSSL_X509_V_ERR_CERT_REVOKED:
-        return "certificate revoked";
-    case -WOLFSSL_X509_V_ERR_INVALID_CA:
-        return "invalid CA certificate";
-    case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        return "path length constraint exceeded";
-    case -WOLFSSL_X509_V_ERR_CERT_REJECTED:
-        return "certificate rejected";
-    case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-        return "subject issuer mismatch";
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */
+
     case UNSUPPORTED_PROTO_VERSION:
         #ifdef OPENSSL_EXTRA
         return "WRONG_SSL_VERSION";
@@ -25102,30 +26711,138 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 
     case FALCON_KEY_SIZE_E:
         return "Wrong key size for Falcon.";
+
     case DILITHIUM_KEY_SIZE_E:
         return "Wrong key size for Dilithium.";
 
-#ifdef WOLFSSL_QUIC
     case QUIC_TP_MISSING_E:
         return "QUIC transport parameter not set";
+
     case QUIC_WRONG_ENC_LEVEL:
         return "QUIC data received at wrong encryption level";
-#endif
+
     case DTLS_CID_ERROR:
         return "DTLS ConnectionID mismatch or missing";
+
     case DTLS_TOO_MANY_FRAGMENTS_E:
         return "Received too many fragmented messages from peer error";
 
     case DUPLICATE_TLS_EXT_E:
         return "Duplicate TLS extension in message.";
 
-    default :
-        return "unknown error number";
+    case WOLFSSL_ALPN_NOT_FOUND:
+        return "TLS extension not found";
+
+    case WOLFSSL_BAD_CERTTYPE:
+        return "Certificate type not supported";
+
+    case WOLFSSL_BAD_STAT:
+        return "bad status";
+
+    case WOLFSSL_BAD_PATH:
+        return "No certificates found at designated path";
+
+    case WOLFSSL_BAD_FILETYPE:
+        return "Data format not supported";
+
+    case WOLFSSL_BAD_FILE:
+        return "Input/output error on file";
+
+    case WOLFSSL_NOT_IMPLEMENTED:
+        return "Function not implemented";
+
+    case WOLFSSL_UNKNOWN:
+        return "Unknown algorithm (EVP)";
+
+    case WOLFSSL_FATAL_ERROR:
+        return "fatal error";
+
+    case WOLFSSL_PEM_R_NO_START_LINE_E:
+        return "No more matching objects found (PEM)";
+
+    case WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E:
+        return "Error getting password (PEM)";
+
+    case WOLFSSL_PEM_R_BAD_PASSWORD_READ_E:
+        return "Bad password (PEM)";
+
+    case WOLFSSL_PEM_R_BAD_DECRYPT_E :
+        return "Decryption failed (PEM)";
+
+    case WOLFSSL_ASN1_R_HEADER_TOO_LONG_E:
+        return "ASN header too long (compat)";
+
+    case WOLFSSL_EVP_R_BAD_DECRYPT_E :
+        return "Decryption failed (EVP)";
+
+    case WOLFSSL_EVP_R_BN_DECODE_ERROR:
+        return "Bignum decode error (EVP)";
+
+    case WOLFSSL_EVP_R_DECODE_ERROR  :
+        return "Decode error (EVP)";
+
+    case WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
+        return "Private key decode error (EVP)";
     }
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    switch (error) {
+    /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with
+     *       -WOLFSSL_ERROR_WANT_CONNECT.
+     */
+
+    case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID:
+        return "certificate not yet valid";
+
+    case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED:
+        return "certificate has expired";
+
+    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return "certificate signature failure";
+
+    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return "format error in certificate's notAfter field";
+
+    case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return "self-signed certificate in certificate chain";
+
+    case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return "unable to get local issuer certificate";
+
+    case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return "unable to verify the first certificate";
+
+    case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return "certificate chain too long";
+
+    case -WOLFSSL_X509_V_ERR_CERT_REVOKED:
+        return "certificate revoked";
+
+    case -WOLFSSL_X509_V_ERR_INVALID_CA:
+        return "invalid CA certificate";
+
+    case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return "path length constraint exceeded";
+
+    case -WOLFSSL_X509_V_ERR_CERT_REJECTED:
+        return "certificate rejected";
+
+    case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return "subject issuer mismatch";
+    }
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
+
+    return "unknown error number";
+
 #endif /* NO_ERROR_STRINGS */
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#include <wolfssl/debug-trace-error-codes.h>
+#endif
+
 const char* wolfSSL_ERR_func_error_string(unsigned long e)
 {
     (void)e;
@@ -25150,9 +26867,9 @@ const char* wolfSSL_ERR_lib_error_string(unsigned long e)
 #if defined(OPENSSL_EXTRA)
     libe = wolfSSL_ERR_GET_LIB(e);
     switch (libe) {
-    case ERR_LIB_PEM:
+    case WOLFSSL_ERR_LIB_PEM:
         return "wolfSSL PEM routines";
-    case ERR_LIB_EVP:
+    case WOLFSSL_ERR_LIB_EVP:
         return "wolfSSL digital envelope routines";
     default:
         return "";
@@ -25164,7 +26881,7 @@ const char* wolfSSL_ERR_lib_error_string(unsigned long e)
 
 void SetErrorString(int error, char* str)
 {
-    XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
+    XSTRNCPY(str, wolfSSL_ERR_reason_error_string((unsigned long)error), WOLFSSL_MAX_ERROR_SZ);
     str[WOLFSSL_MAX_ERROR_SZ-1] = 0;
 }
 
@@ -25194,7 +26911,7 @@ void SetErrorString(int error, char* str)
      */
 
     #ifndef NO_ERROR_STRINGS
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
             #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
             #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -25203,7 +26920,7 @@ void SetErrorString(int error, char* str)
             #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
         #endif
     #else
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
             #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
             #define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -25997,7 +27714,7 @@ const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]) {
 
 /* Returns the number of bits based on the cipher enc string, or 0 on failure */
 int SetCipherBits(const char* enc) {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if ((XSTRCMP(enc,"AESGCM(256)") == 0) ||
         (XSTRCMP(enc,"AES(256)") == 0) ||
@@ -26065,13 +27782,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
 }
 
 int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                           byte* cipherSuite, int* flags)
+                       byte* cipherSuite, byte* major, byte* minor, int* flags)
 {
-    int           ret = BAD_FUNC_ARG;
+    int           ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     int           i;
     unsigned long len;
     const char*   nameDelim;
 
+    (void)major;
+    (void)minor;
+
     /* Support trailing : */
     nameDelim = XSTRSTR(name, ":");
     if (nameDelim)
@@ -26089,9 +27809,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
 #endif
 
         if (found) {
-            *cipherSuite0 = cipher_names[i].cipherSuite0;
-            *cipherSuite  = cipher_names[i].cipherSuite;
-            *flags = cipher_names[i].flags;
+            if (cipherSuite0 != NULL)
+                *cipherSuite0 = cipher_names[i].cipherSuite0;
+            if (cipherSuite != NULL)
+                *cipherSuite  = cipher_names[i].cipherSuite;
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
+    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
+            if (major != NULL)
+                *major = cipher_names[i].major;
+            if (minor != NULL)
+                *minor = cipher_names[i].minor;
+#endif
+            if (flags != NULL)
+                *flags = cipher_names[i].flags;
             ret = 0;
             break;
         }
@@ -26114,7 +27844,8 @@ ciphersuites introduced through the "bulk" ciphersuites.
 
 @return true on success, else false.
 */
-int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
+static int ParseCipherList(Suites* suites,
+        const char* list, ProtocolVersion version, int privateKeySz, byte side)
 {
     int       ret              = 0;
     int       idx              = 0;
@@ -26128,6 +27859,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
     word16    haveNull         = 1; /* allowed by default if compiled in */
     int       callInitSuites   = 0;
     word16    havePSK          = 0;
+    word16    haveAES128       = 1; /* allowed by default if compiled in */
+    word16    haveSHA1         = 1; /* allowed by default if compiled in */
+    word16    haveRC4          = 1; /* allowed by default if compiled in */
 #endif
     const int suiteSz       = GetCipherNamesSize();
     const char* next        = list;
@@ -26137,20 +27871,24 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         return 0;
     }
 
-    if (next[0] == 0 || XSTRCMP(next, "ALL") == 0 ||
-        XSTRCMP(next, "DEFAULT") == 0 || XSTRCMP(next, "HIGH") == 0) {
+    if (next[0] == '\0' ||
+        XSTRCMP(next, "ALL") == 0 ||
+        XSTRCMP(next, "DEFAULT") == 0 ||
+        XSTRCMP(next, "HIGH") == 0)
+    {
         /* Add all ciphersuites except anonymous and null ciphers. Prefer RSA */
 #ifndef NO_RSA
         haveRSA = 1;
 #endif
-        InitSuites(suites, ctx->method->version,
+        InitSuites(suites, version,
 #ifndef NO_CERTS
-                ctx->privateKeySz,
+                privateKeySz,
 #else
                 0,
 #endif
-                haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0,
-                ctx->method->side);
+                haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 0, 0, 1,
+                1, 1, side
+        );
         return 1; /* wolfSSL default */
     }
 
@@ -26170,6 +27908,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
             if (length > currLen) {
                 length = currLen;
             }
+            if (currLen == 0)
+                break;
+            ++next; /* increment to skip ':' */
         }
 
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@@ -26200,7 +27941,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                         substrCurrent[length] = '\0';
                     }
                     else {
-                        length = (int)XSTRLEN(substrCurrent);
+                        length = (word32)XSTRLEN(substrCurrent);
                     }
 
                     /* check if is a public key type */
@@ -26227,9 +27968,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                 haveSig |= SIG_ANON;
             else
                 haveSig &= ~SIG_ANON;
-        #ifdef HAVE_ANON
-            ctx->haveAnon = (haveSig & SIG_ANON) == SIG_ANON;
-        #endif
             haveRSA = 1;
             haveDH = 1;
             haveECC = 1;
@@ -26252,9 +27990,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         if (XSTRCMP(name, "HIGH") == 0 && allowing) {
             /* Disable static, anonymous, and null ciphers */
             haveSig &= ~SIG_ANON;
-        #ifdef HAVE_ANON
-            ctx->haveAnon = 0;
-        #endif
             haveRSA = 1;
             haveDH = 1;
             haveECC = 1;
@@ -26274,9 +28009,6 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                 haveSig |= SIG_ANON;
             else
                 haveSig &= ~SIG_ANON;
-        #ifdef HAVE_ANON
-            ctx->haveAnon = allowing;
-        #endif
             if (allowing) {
                 /* Allow RSA by default. */
                 if (!haveECC)
@@ -26357,6 +28089,29 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
             continue;
         }
 
+        #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        if (XSTRCMP(name, "AES128") == 0) {
+            haveAES128 = allowing;
+            callInitSuites = 1;
+            ret = 1;
+            continue;
+        }
+
+        if (XSTRCMP(name, "SHA1") == 0) {
+            haveSHA1 = allowing;
+            callInitSuites = 1;
+            ret = 1;
+            continue;
+        }
+
+        if (XSTRCMP(name, "RC4") == 0) {
+            haveRC4 = allowing;
+            callInitSuites = 1;
+            ret = 1;
+            continue;
+        }
+        #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
         if (XSTRCMP(name, "LOW") == 0 || XSTRCMP(name, "MEDIUM") == 0) {
             /* No way to limit or allow low bit sizes */
             if (allowing) {
@@ -26378,6 +28133,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
             /* wolfSSL doesn't support "export" ciphers. We can skip this */
             continue;
         }
+
+        #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        if (XSTRNCMP(name, WOLFSSL_SECLEVEL_STR,
+                     strlen(WOLFSSL_SECLEVEL_STR)) == 0) {
+            /* Skip the "@SECLEVEL=N" string, we'll process it elsewhere. */
+            continue;
+        }
+        #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
     #endif /* OPENSSL_EXTRA */
 
         for (i = 0; i < suiteSz; i++) {
@@ -26390,7 +28153,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
 
             #ifdef WOLFSSL_DTLS
                 /* don't allow stream ciphers with DTLS */
-                if (ctx->method->version.major == DTLS_MAJOR) {
+                if (version.major == DTLS_MAJOR) {
                     if (XSTRSTR(name, "RC4"))
                     {
                         WOLFSSL_MSG("Stream ciphers not supported with DTLS");
@@ -26432,14 +28195,12 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                                                              defined(HAVE_ED448)
                     haveSig |= SIG_ECDSA;
                 #endif
-                #if defined(HAVE_PQC)
                 #ifdef HAVE_FALCON
                     haveSig |= SIG_FALCON;
                 #endif /* HAVE_FALCON */
                 #ifdef HAVE_DILITHIUM
                     haveSig |= SIG_DILITHIUM;
                 #endif /* HAVE_DILITHIUM */
-                #endif /* HAVE_PQC */
                 }
                 else
             #ifdef BUILD_TLS_SM4_GCM_SM3
@@ -26501,28 +28262,26 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                 break;
             }
         }
-    }
-    while (next++); /* ++ needed to skip ':' */
+    } while (next);
 
     if (ret) {
         int keySz = 0;
     #ifndef NO_CERTS
-        keySz = ctx->privateKeySz;
+        keySz = privateKeySz;
     #endif
     #ifdef OPENSSL_EXTRA
         if (callInitSuites) {
             suites->setSuites = 0; /* Force InitSuites */
             suites->hashSigAlgoSz = 0; /* Force InitSuitesHashSigAlgo call
                                         * inside InitSuites */
-            InitSuites(suites, ctx->method->version, keySz, (word16)haveRSA,
+            InitSuites(suites, version, keySz, (word16)haveRSA,
                        (word16)havePSK, (word16)haveDH,
                        (word16)((haveSig & SIG_ECDSA) != 0),
                        (word16)haveECC, (word16)haveStaticRSA,
                        (word16)haveStaticECC,
-                       (word16)((haveSig & SIG_FALCON) != 0),
-                       (word16)((haveSig & SIG_DILITHIUM) != 0),
                        (word16)((haveSig & SIG_ANON) != 0),
-                       (word16)haveNull, ctx->method->side);
+                       (word16)haveNull, (word16)haveAES128,
+                       (word16)haveSHA1, (word16)haveRC4, side);
             /* Restore user ciphers ahead of defaults */
             XMEMMOVE(suites->suites + idx, suites->suites,
                     min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx));
@@ -26532,12 +28291,12 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
     #endif
         {
             suites->suiteSz   = (word16)idx;
-            InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, 1, keySz,
-                 &suites->hashSigAlgoSz);
+            InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz,
+                                  &suites->hashSigAlgoSz);
         }
 
 #ifdef HAVE_RENEGOTIATION_INDICATION
-        if (ctx->method->side == WOLFSSL_CLIENT_END) {
+        if (side == WOLFSSL_CLIENT_END) {
             if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) {
                 WOLFSSL_MSG("Too many ciphersuites");
                 return 0;
@@ -26551,11 +28310,48 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
         suites->setSuites = 1;
     }
 
-    (void)ctx;
+#ifdef NO_CERTS
+    (void)privateKeySz;
+#endif
 
     return ret;
 }
 
+int SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
+        Suites* suites, const char* list)
+{
+    ProtocolVersion version;
+    int privateKeySz = 0;
+    byte side;
+
+    if (ctx != NULL) {
+        version = ctx->method->version;
+#ifndef NO_CERTS
+        privateKeySz = ctx->privateKeySz;
+#endif
+        side = ctx->method->side;
+    }
+    else if (ssl != NULL) {
+        version = ssl->version;
+#ifndef NO_CERTS
+        privateKeySz = ssl->buffers.keySz;
+#endif
+        side = (byte)ssl->options.side;
+    }
+    else {
+        WOLFSSL_MSG("SetCipherList_ex parameter error");
+        return 0;
+    }
+
+    return ParseCipherList(suites, list, version, privateKeySz, side);
+}
+
+int SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
+                                 const char* list)
+{
+    return SetCipherList_ex(ctx, NULL, suites, list);
+}
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
 int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
                            const int listSz)
@@ -26634,14 +28430,12 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
         #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
             haveECDSAsig = 1;
         #endif
-        #if defined(HAVE_PQC)
         #ifdef HAVE_FALCON
             haveFalconSig = 1;
         #endif /* HAVE_FALCON */
         #ifdef HAVE_DILITHIUM
             haveDilithiumSig = 1;
         #endif /* HAVE_DILITHIUM */
-        #endif /* HAVE_PQC */
         }
         else
     #endif /* WOLFSSL_TLS13 */
@@ -26681,7 +28475,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
         haveSig |= haveFalconSig ? SIG_FALCON : 0;
         haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0;
         haveSig |= haveAnon ? SIG_ANON : 0;
-        InitSuitesHashSigAlgo_ex2(suites->hashSigAlgo, haveSig, 1, keySz,
+        InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz,
             &suites->hashSigAlgoSz);
 #ifdef HAVE_RENEGOTIATION_INDICATION
         if (ctx->method->side == WOLFSSL_CLIENT_END) {
@@ -26882,7 +28676,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
         return sigAlgo == ed448_sa_algo;
     }
 #endif
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     if (ssl->pkCurveOID == CTC_FALCON_LEVEL1) {
         /* Certificate has Falcon level 1 key, only match with Falcon level 1
@@ -26896,6 +28689,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
     }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
         /* Certificate has Dilithium level 2 key, only match with it. */
         return sigAlgo == dilithium_level2_sa_algo;
@@ -26908,8 +28702,20 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
         /* Certificate has Dilithium level 5 key, only match with it. */
         return sigAlgo == dilithium_level5_sa_algo;
     }
+    #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+    if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2) {
+        /* Certificate has ML-DSA level 2 key, only match with it. */
+        return sigAlgo == dilithium_level2_sa_algo;
+    }
+    if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL3) {
+        /* Certificate has ML-DSA level 3 key, only match with it. */
+        return sigAlgo == dilithium_level3_sa_algo;
+    }
+    if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL5) {
+        /* Certificate has ML-DSA level 5 key, only match with it. */
+        return sigAlgo == dilithium_level5_sa_algo;
+    }
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
 #ifdef WC_RSA_PSS
     /* RSA certificate and PSS sig alg. */
     if (ssl->options.sigAlgo == rsa_sa_algo) {
@@ -26933,7 +28739,7 @@ static int CmpEccStrength(int hashAlgo, int curveSz)
 {
     int dgstSz = GetMacDigestSize((byte)hashAlgo);
     if (dgstSz <= 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return dgstSz - (curveSz & (~0x3));
 }
 #endif
@@ -26960,10 +28766,43 @@ static byte MinHashAlgo(WOLFSSL* ssl)
     return sha_mac;
 }
 
-int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
+/* Check if a given peer hashSigAlgo is supported in our ssl->suites or
+ * ssl->ctx->suites.
+ *
+ * Returns 1 on match.
+ * Returns 0 otherwise.
+ * */
+static int SupportedHashSigAlgo(WOLFSSL* ssl, const byte * hashSigAlgo)
+{
+    const Suites * suites = NULL;
+    word32         i = 0;
+
+    if (ssl == NULL || hashSigAlgo == NULL) {
+        return 0;
+    }
+
+    suites = WOLFSSL_SUITES(ssl);
+
+    if (suites == NULL || suites->hashSigAlgoSz == 0) {
+        return 0;
+    }
+
+    for (i = 0; (i+1) < suites->hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) {
+        if (XMEMCMP(&suites->hashSigAlgo[i], hashSigAlgo,
+                    HELLO_EXT_SIGALGO_SZ) == 0) {
+            /* Match found. */
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
+                    int matchSuites)
 {
     word32 i;
-    int ret = MATCH_SUITE_ERROR;
+    int ret = WC_NO_ERR_TRACE(MATCH_SUITE_ERROR);
     byte minHash;
 
     /* set defaults */
@@ -27001,6 +28840,14 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
         if (!MatchSigAlgo(ssl, sigAlgo))
             continue;
 
+        if (matchSuites) {
+            /* Keep looking if peer algorithm isn't supported in our ssl->suites
+             * or ssl->ctx->suites. */
+            if (!SupportedHashSigAlgo(ssl, &hashSigAlgo[i])) {
+                continue;
+            }
+        }
+
     #ifdef HAVE_ED25519
         if (ssl->pkCurveOID == ECC_ED25519_OID) {
             /* Matched Ed25519 - set chosen and finished. */
@@ -27019,7 +28866,6 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
             break;
         }
     #endif
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         if (ssl->pkCurveOID == CTC_FALCON_LEVEL1 ||
             ssl->pkCurveOID == CTC_FALCON_LEVEL5 ) {
@@ -27031,17 +28877,22 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
         }
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
-        if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 ||
-            ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 ||
-            ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
-            /* Matched Dilithium - set chosen and finished. */
+        if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2 ||
+            ssl->pkCurveOID == CTC_ML_DSA_LEVEL3 ||
+            ssl->pkCurveOID == CTC_ML_DSA_LEVEL5
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2
+         || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3
+         || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
+            /* Matched ML-DSA or Dilithium - set chosen and finished. */
             ssl->options.sigAlgo = sigAlgo;
             ssl->options.hashAlgo = hashAlgo;
             ret = 0;
             break;
         }
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
 
     #if defined(WOLFSSL_ECDSA_MATCH_HASH) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
         #error "WOLFSSL_ECDSA_MATCH_HASH and USE_ECDSA_KEYSZ_HASH_ALGO cannot "
@@ -27402,7 +29253,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
 int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
                         int label, int id, void* heap, int devId)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
     if (hsType == DYNAMIC_TYPE_RSA) {
 #ifndef NO_RSA
@@ -27417,7 +29268,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
             ret = wc_InitRsaKey_Label(rsaKey, (char*)data, heap, devId);
         }
         else if (id) {
-            ret = wc_InitRsaKey_Id(rsaKey, data, length, heap, devId);
+            ret = wc_InitRsaKey_Id(rsaKey, data, (int)length, heap, devId);
         }
         if (ret == 0) {
             *pkey = (void*)rsaKey;
@@ -27440,7 +29291,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
             ret = wc_ecc_init_label(ecKey, (char*)data, heap, devId);
         }
         else if (id) {
-            ret = wc_ecc_init_id(ecKey, data, length, heap, devId);
+            ret = wc_ecc_init_id(ecKey, data, (int)length, heap, devId);
         }
         if (ret == 0) {
             *pkey = (void*)ecKey;
@@ -27450,6 +29301,55 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
         }
 #endif
     }
+    else if (hsType == DYNAMIC_TYPE_DILITHIUM) {
+#if defined(HAVE_DILITHIUM)
+        dilithium_key* dilithiumKey;
+
+        dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
+                                               DYNAMIC_TYPE_DILITHIUM);
+        if (dilithiumKey == NULL) {
+            return MEMORY_E;
+        }
+
+        if (label) {
+            ret = wc_dilithium_init_label(dilithiumKey, (char*)data,
+                                          heap, devId);
+        }
+        else if (id) {
+            ret = wc_dilithium_init_id(dilithiumKey, data, length, heap, devId);
+        }
+        if (ret == 0) {
+            *pkey = (void*)dilithiumKey;
+        }
+        else {
+            XFREE(dilithiumKey, heap, DYNAMIC_TYPE_DILITHIUM);
+        }
+#endif
+    }
+    else if (hsType == DYNAMIC_TYPE_FALCON) {
+#if defined(HAVE_FALCON)
+        falcon_key* falconKey;
+
+        falconKey = (falcon_key*)XMALLOC(sizeof(falcon_key), heap,
+                                         DYNAMIC_TYPE_FALCON);
+        if (falconKey == NULL) {
+            return MEMORY_E;
+        }
+
+        if (label) {
+            ret = wc_falcon_init_label(falconKey, (char*)data, heap, devId);
+        }
+        else if (id) {
+            ret = wc_falcon_init_id(falconKey, data, length, heap, devId);
+        }
+        if (ret == 0) {
+            *pkey = (void*)falconKey;
+        }
+        else {
+            XFREE(falconKey, heap, DYNAMIC_TYPE_FALCON);
+        }
+#endif
+    }
 
     return ret;
 }
@@ -27465,9 +29365,9 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
  * length  The length of a signature.
  * returns 0 on success, otherwise failure.
  */
-int DecodePrivateKey(WOLFSSL *ssl, word16* length)
+int DecodePrivateKey(WOLFSSL *ssl, word32* length)
 {
-    int      ret = BAD_FUNC_ARG;
+    int      ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     int      keySz;
     word32   idx;
 
@@ -27480,7 +29380,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
         #endif
         ) {
-            *length = (word16)GetPrivateKeySigSize(ssl);
+            *length = (word32)GetPrivateKeySigSize(ssl);
             return 0;
         }
         else
@@ -27498,7 +29398,14 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             ssl->hsType = DYNAMIC_TYPE_RSA;
         else if (ssl->buffers.keyType == ecc_dsa_sa_algo)
             ssl->hsType = DYNAMIC_TYPE_ECC;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        else if ((ssl->buffers.keyType == falcon_level1_sa_algo) ||
+                 (ssl->buffers.keyType == falcon_level5_sa_algo))
+            ssl->hsType = DYNAMIC_TYPE_FALCON;
+        else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) ||
+                 (ssl->buffers.keyType == dilithium_level3_sa_algo) ||
+                 (ssl->buffers.keyType == dilithium_level5_sa_algo))
+            ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
+        ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -27512,9 +29419,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             }
             else if (ssl->buffers.keyId) {
                 ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey,
-                                       ssl->buffers.key->buffer,
-                                       ssl->buffers.key->length, ssl->heap,
-                                       ssl->buffers.keyDevId);
+                                    (ssl->buffers.key->buffer),
+                                    (int)(ssl->buffers.key->length),
+                                    ssl->heap,
+                                    ssl->buffers.keyDevId);
             }
             if (ret == 0) {
                 if (ssl->buffers.keySz < ssl->options.minRsaKeySz) {
@@ -27523,7 +29431,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
                 }
 
                 /* Return the maximum signature length. */
-                *length = (word16)ssl->buffers.keySz;
+                *length = (word32)ssl->buffers.keySz;
             }
     #else
             ret = NOT_COMPILED_IN;
@@ -27538,7 +29446,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             }
             else if (ssl->buffers.keyId) {
                 ret = wc_ecc_init_id((ecc_key*)ssl->hsKey,
-                                     ssl->buffers.key->buffer,
+                                     (ssl->buffers.key->buffer),
                                      ssl->buffers.key->length, ssl->heap,
                                      ssl->buffers.keyDevId);
             }
@@ -27549,7 +29457,82 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
                 }
 
                 /* Return the maximum signature length. */
-                *length = (word16)wc_ecc_sig_size_calc(ssl->buffers.keySz);
+                *length = (word32)wc_ecc_sig_size_calc(ssl->buffers.keySz);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if ((ssl->buffers.keyType == falcon_level1_sa_algo) ||
+                 (ssl->buffers.keyType == falcon_level5_sa_algo)) {
+    #if defined(HAVE_FALCON)
+            if (ssl->buffers.keyLabel) {
+                ret = wc_falcon_init_label((falcon_key*)ssl->hsKey,
+                                           (char*)ssl->buffers.key->buffer,
+                                           ssl->heap, ssl->buffers.keyDevId);
+            }
+            else if (ssl->buffers.keyId) {
+                ret = wc_falcon_init_id((falcon_key*)ssl->hsKey,
+                                        ssl->buffers.key->buffer,
+                                        ssl->buffers.key->length, ssl->heap,
+                                        ssl->buffers.keyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keyType == falcon_level1_sa_algo) {
+                    ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 1);
+                }
+                else if (ssl->buffers.keyType == falcon_level5_sa_algo) {
+                    ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 5);
+                }
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keySz < ssl->options.minFalconKeySz) {
+                    WOLFSSL_MSG("Falcon key size too small");
+                    ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = wc_falcon_sig_size((falcon_key*)ssl->hsKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) ||
+                 (ssl->buffers.keyType == dilithium_level3_sa_algo) ||
+                 (ssl->buffers.keyType == dilithium_level5_sa_algo)) {
+    #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+            if (ssl->buffers.keyLabel) {
+                ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey,
+                                              (char*)ssl->buffers.key->buffer,
+                                              ssl->heap, ssl->buffers.keyDevId);
+            }
+            else if (ssl->buffers.keyId) {
+                ret = wc_dilithium_init_id((dilithium_key*)ssl->hsKey,
+                                        ssl->buffers.key->buffer,
+                                        ssl->buffers.key->length, ssl->heap,
+                                        ssl->buffers.keyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
+                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44);
+                }
+                else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
+                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65);
+                }
+                else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
+                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87);
+                }
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keySz < ssl->options.minDilithiumKeySz) {
+                    WOLFSSL_MSG("Dilithium key size too small");
+                    ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = wc_dilithium_sig_size(
+                                    (dilithium_key*)ssl->hsKey);
             }
     #else
             ret = NOT_COMPILED_IN;
@@ -27562,7 +29545,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
 #ifndef NO_RSA
     if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) {
         ssl->hsType = DYNAMIC_TYPE_RSA;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -27602,7 +29585,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             }
 
             /* Return the maximum signature length. */
-            *length = (word16)keySz;
+            *length = (word32)keySz;
 
             goto exit_dpk;
         }
@@ -27611,7 +29594,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
 
 #ifdef HAVE_ECC
 #ifndef NO_RSA
-    FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    FreeKey(ssl, (int)ssl->hsType, (void**)&ssl->hsKey);
 #endif /* !NO_RSA */
 
     if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0
@@ -27620,7 +29603,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
     #endif
         ) {
         ssl->hsType = DYNAMIC_TYPE_ECC;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -27650,6 +29633,12 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
                                      (ecc_key*)ssl->hsKey,
                                      ssl->buffers.key->length);
         }
+    #endif
+    #ifdef WOLFSSL_SM2
+        if ((ret == 0) && (ssl->buffers.keyType == sm2_sa_algo)) {
+            ret = wc_ecc_set_curve((ecc_key*)ssl->hsKey,
+                WOLFSSL_SM2_KEY_BITS / 8, ECC_SM2P256V1);
+        }
     #endif
         if (ret == 0) {
             WOLFSSL_MSG("Using ECC private key");
@@ -27662,7 +29651,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             }
 
             /* Return the maximum signature length. */
-            *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
+            *length = (word32)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
 
             goto exit_dpk;
         }
@@ -27782,8 +29771,11 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
         }
     }
 #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
-#if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
+    #if !defined(NO_RSA) || defined(HAVE_ECC)
+        FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    #endif
+
     if (ssl->buffers.keyType == falcon_level1_sa_algo ||
         ssl->buffers.keyType == falcon_level5_sa_algo ||
         ssl->buffers.keyType == 0) {
@@ -27832,19 +29824,25 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             WOLFSSL_MSG("Using Falcon private key");
 
             /* Check it meets the minimum Falcon key size requirements. */
-            if (FALCON_MAX_KEY_SIZE < ssl->options.minFalconKeySz) {
+            keySz = wc_falcon_size((falcon_key*)ssl->hsKey);
+            if (keySz < ssl->options.minFalconKeySz) {
                 WOLFSSL_MSG("Falcon key size too small");
                 ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk);
             }
 
             /* Return the maximum signature length. */
-            *length = FALCON_MAX_SIG_SIZE;
+            *length = wc_falcon_sig_size((falcon_key*)ssl->hsKey);
 
             goto exit_dpk;
         }
     }
 #endif /* HAVE_FALCON */
-#if defined(HAVE_DILITHIUM)
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+    #if !defined(NO_RSA) || defined(HAVE_ECC)
+        FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    #endif
+
     if (ssl->buffers.keyType == dilithium_level2_sa_algo ||
         ssl->buffers.keyType == dilithium_level3_sa_algo ||
         ssl->buffers.keyType == dilithium_level5_sa_algo ||
@@ -27857,13 +29855,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
         }
 
         if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44);
         }
         else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65);
         }
         else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87);
         }
         else {
             /* What if ssl->buffers.keyType is 0? We might want to do something
@@ -27892,26 +29890,27 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
         /* Set start of data to beginning of buffer. */
         idx = 0;
         /* Decode the key assuming it is a Dilithium private key. */
-        ret = wc_dilithium_import_private_only(ssl->buffers.key->buffer,
-                                               ssl->buffers.key->length,
-                                               (dilithium_key*)ssl->hsKey);
+        ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.key->buffer,
+                                            &idx,
+                                            (dilithium_key*)ssl->hsKey,
+                                            ssl->buffers.key->length);
         if (ret == 0) {
             WOLFSSL_MSG("Using Dilithium private key");
 
             /* Check it meets the minimum Dilithium key size requirements. */
-            if (DILITHIUM_MAX_KEY_SIZE < ssl->options.minDilithiumKeySz) {
+            keySz = wc_dilithium_size((dilithium_key*)ssl->hsKey);
+            if (keySz < ssl->options.minDilithiumKeySz) {
                 WOLFSSL_MSG("Dilithium key size too small");
                 ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
             }
 
             /* Return the maximum signature length. */
-            *length = DILITHIUM_MAX_SIG_SIZE;
+            *length = wc_dilithium_sig_size((dilithium_key*)ssl->hsKey);
 
             goto exit_dpk;
         }
     }
 #endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
 
     (void)idx;
     (void)keySz;
@@ -27925,6 +29924,444 @@ exit_dpk:
     return ret;
 }
 
+#if defined(WOLFSSL_DUAL_ALG_CERTS)
+/* This is just like the above, but only consider RSA, ECC, Falcon and
+ * Dilthium; Furthermore, use the alternative key, not the native key.
+ */
+int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
+{
+    int      ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+    int      keySz;
+    word32   idx;
+
+    /* make sure alt private key exists */
+    if (ssl->buffers.altKey == NULL || ssl->buffers.altKey->buffer == NULL) {
+        WOLFSSL_MSG("Alternative Private key missing!");
+        ERROR_OUT(NO_PRIVATE_KEY, exit_dapk);
+    }
+
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ssl->buffers.altKey, ssl->buffers.altKeyMask);
+#endif
+
+#ifdef WOLF_PRIVATE_KEY_ID
+    if (ssl->buffers.altKeyDevId != INVALID_DEVID &&
+        (ssl->buffers.altKeyId || ssl->buffers.altKeyLabel)) {
+        if (ssl->buffers.altKeyType == rsa_sa_algo)
+            ssl->hsAltType = DYNAMIC_TYPE_RSA;
+        else if (ssl->buffers.altKeyType == ecc_dsa_sa_algo)
+            ssl->hsAltType = DYNAMIC_TYPE_ECC;
+        else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) ||
+                 (ssl->buffers.altKeyType == falcon_level5_sa_algo))
+            ssl->hsAltType = DYNAMIC_TYPE_FALCON;
+        else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) ||
+                 (ssl->buffers.altKeyType == dilithium_level3_sa_algo) ||
+                 (ssl->buffers.altKeyType == dilithium_level5_sa_algo))
+            ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        if (ssl->buffers.altKeyType == rsa_sa_algo) {
+    #ifndef NO_RSA
+            if (ssl->buffers.altKeyLabel) {
+                ret = wc_InitRsaKey_Label((RsaKey*)ssl->hsAltKey,
+                                          (char*)ssl->buffers.altKey->buffer,
+                                          ssl->heap, ssl->buffers.altKeyDevId);
+            }
+            else if (ssl->buffers.altKeyId) {
+                ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsAltKey,
+                                       ssl->buffers.altKey->buffer,
+                                       ssl->buffers.altKey->length, ssl->heap,
+                                       ssl->buffers.altKeyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.altKeySz < ssl->options.minRsaKeySz) {
+                    WOLFSSL_MSG("RSA key size too small");
+                    ERROR_OUT(RSA_KEY_SIZE_E, exit_dapk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = ssl->buffers.altKeySz;
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (ssl->buffers.altKeyType == ecc_dsa_sa_algo) {
+    #ifdef HAVE_ECC
+            if (ssl->buffers.altKeyLabel) {
+                ret = wc_ecc_init_label((ecc_key*)ssl->hsAltKey,
+                                        (char*)ssl->buffers.altKey->buffer,
+                                        ssl->heap, ssl->buffers.altKeyDevId);
+            }
+            else if (ssl->buffers.altKeyId) {
+                ret = wc_ecc_init_id((ecc_key*)ssl->hsAltKey,
+                                     ssl->buffers.altKey->buffer,
+                                     ssl->buffers.altKey->length, ssl->heap,
+                                     ssl->buffers.altKeyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.altKeySz < ssl->options.minEccKeySz) {
+                    WOLFSSL_MSG("ECC key size too small");
+                    ERROR_OUT(ECC_KEY_SIZE_E, exit_dapk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = wc_ecc_sig_size_calc(ssl->buffers.altKeySz);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) ||
+                 (ssl->buffers.altKeyType == falcon_level5_sa_algo)) {
+    #if defined(HAVE_FALCON)
+            if (ssl->buffers.altKeyLabel) {
+                ret = wc_falcon_init_label((falcon_key*)ssl->hsAltKey,
+                                           (char*)ssl->buffers.altKey->buffer,
+                                           ssl->heap, ssl->buffers.altKeyDevId);
+            }
+            else if (ssl->buffers.altKeyId) {
+                ret = wc_falcon_init_id((falcon_key*)ssl->hsAltKey,
+                                        ssl->buffers.altKey->buffer,
+                                        ssl->buffers.altKey->length, ssl->heap,
+                                        ssl->buffers.altKeyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.altKeyType == falcon_level1_sa_algo) {
+                    ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 1);
+                }
+                else if (ssl->buffers.altKeyType == falcon_level5_sa_algo) {
+                    ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5);
+                }
+            }
+            if (ret == 0) {
+                if (ssl->buffers.altKeySz < ssl->options.minFalconKeySz) {
+                    WOLFSSL_MSG("Falcon key size too small");
+                    ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) ||
+                 (ssl->buffers.altKeyType == dilithium_level3_sa_algo) ||
+                 (ssl->buffers.altKeyType == dilithium_level5_sa_algo)) {
+    #if defined(HAVE_DILITHIUM)
+            if (ssl->buffers.altKeyLabel) {
+                ret = wc_dilithium_init_label((dilithium_key*)ssl->hsAltKey,
+                                        (char*)ssl->buffers.altKey->buffer,
+                                        ssl->heap, ssl->buffers.altKeyDevId);
+            }
+            else if (ssl->buffers.altKeyId) {
+                ret = wc_dilithium_init_id((dilithium_key*)ssl->hsAltKey,
+                                        ssl->buffers.altKey->buffer,
+                                        ssl->buffers.altKey->length, ssl->heap,
+                                        ssl->buffers.altKeyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
+                    ret = wc_dilithium_set_level(
+                                        (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44);
+                }
+                else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
+                    ret = wc_dilithium_set_level(
+                                        (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65);
+                }
+                else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
+                    ret = wc_dilithium_set_level(
+                                        (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87);
+                }
+            }
+            if (ret == 0) {
+                if (ssl->buffers.altKeySz < ssl->options.minDilithiumKeySz) {
+                    WOLFSSL_MSG("Dilithium key size too small");
+                    ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = wc_dilithium_sig_size(
+                                    (dilithium_key*)ssl->hsAltKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        goto exit_dapk;
+    }
+#endif /* WOLF_PRIVATE_KEY_ID */
+
+#ifndef NO_RSA
+    if (ssl->buffers.altKeyType == rsa_sa_algo ||
+        ssl->buffers.altKeyType == 0) {
+        ssl->hsAltType = DYNAMIC_TYPE_RSA;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        WOLFSSL_MSG("Trying RSA private key");
+
+        /* Set start of data to beginning of buffer. */
+        idx = 0;
+        /* Decode the key assuming it is an RSA private key. */
+        ret = wc_RsaPrivateKeyDecode(ssl->buffers.altKey->buffer, &idx,
+                    (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey->length);
+    #ifdef WOLF_PRIVATE_KEY_ID
+        /* if using external key then allow using a public key */
+        if (ret != 0 && (ssl->devId != INVALID_DEVID
+        #ifdef HAVE_PK_CALLBACKS
+            || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
+        #endif
+        )) {
+            WOLFSSL_MSG("Trying RSA public key with crypto callbacks");
+            idx = 0;
+            ret = wc_RsaPublicKeyDecode(ssl->buffers.altKey->buffer, &idx,
+                        (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey->length);
+        }
+    #endif
+        if (ret == 0) {
+            WOLFSSL_MSG("Using RSA private key");
+
+            /* It worked so check it meets minimum key size requirements. */
+            keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsAltKey);
+            if (keySz < 0) { /* check if keySz has error case */
+                ERROR_OUT(keySz, exit_dapk);
+            }
+
+            if (keySz < ssl->options.minRsaKeySz) {
+                WOLFSSL_MSG("RSA key size too small");
+                ERROR_OUT(RSA_KEY_SIZE_E, exit_dapk);
+            }
+
+            /* Return the maximum signature length. */
+            *length = keySz;
+
+            goto exit_dapk;
+        }
+    }
+#endif /* !NO_RSA */
+
+#ifdef HAVE_ECC
+#ifndef NO_RSA
+    FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
+#endif /* !NO_RSA */
+
+    if (ssl->buffers.altKeyType == ecc_dsa_sa_algo ||
+        ssl->buffers.altKeyType == 0
+    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+         || ssl->buffers.altKeyType == sm2_sa_algo
+    #endif
+        ) {
+        ssl->hsAltType = DYNAMIC_TYPE_ECC;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+    #ifndef NO_RSA
+        WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
+    #else
+        WOLFSSL_MSG("Trying ECC private key");
+    #endif
+
+        /* Set start of data to beginning of buffer. */
+        idx = 0;
+        /* Decode the key assuming it is an ECC private key. */
+        ret = wc_EccPrivateKeyDecode(ssl->buffers.altKey->buffer, &idx,
+                                     (ecc_key*)ssl->hsAltKey,
+                                     ssl->buffers.altKey->length);
+    #ifdef WOLF_PRIVATE_KEY_ID
+        /* if using external key then allow using a public key */
+        if (ret != 0 && (ssl->devId != INVALID_DEVID
+        #ifdef HAVE_PK_CALLBACKS
+            || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
+        #endif
+        )) {
+            WOLFSSL_MSG("Trying ECC public key with crypto callbacks");
+            idx = 0;
+            ret = wc_EccPublicKeyDecode(ssl->buffers.altKey->buffer, &idx,
+                                     (ecc_key*)ssl->hsAltKey,
+                                     ssl->buffers.altKey->length);
+        }
+    #endif
+        if (ret == 0) {
+            WOLFSSL_MSG("Using ECC private key");
+
+            /* Check it meets the minimum ECC key size requirements. */
+            keySz = wc_ecc_size((ecc_key*)ssl->hsAltKey);
+            if (keySz < ssl->options.minEccKeySz) {
+                WOLFSSL_MSG("ECC key size too small");
+                ERROR_OUT(ECC_KEY_SIZE_E, exit_dapk);
+            }
+
+            /* Return the maximum signature length. */
+            *length = wc_ecc_sig_size((ecc_key*)ssl->hsAltKey);
+
+            goto exit_dapk;
+        }
+    }
+#endif
+#if defined(HAVE_FALCON)
+    #if !defined(NO_RSA) || defined(HAVE_ECC)
+        FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
+    #endif
+
+    if (ssl->buffers.altKeyType == falcon_level1_sa_algo ||
+        ssl->buffers.altKeyType == falcon_level5_sa_algo ||
+        ssl->buffers.altKeyType == 0) {
+
+        ssl->hsAltType = DYNAMIC_TYPE_FALCON;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        if (ssl->buffers.altKeyType == falcon_level1_sa_algo) {
+            ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 1);
+        }
+        else if (ssl->buffers.altKeyType == falcon_level5_sa_algo) {
+            ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5);
+        }
+        else {
+            /* What if ssl->buffers.keyType is 0? We might want to do something
+             * more graceful here. */
+            ret = ALGO_ID_E;
+        }
+
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        #if defined(HAVE_ECC)
+            WOLFSSL_MSG("Trying Falcon private key, ECC didn't work");
+        #elif !defined(NO_RSA)
+            WOLFSSL_MSG("Trying Falcon private key, RSA didn't work");
+        #else
+            WOLFSSL_MSG("Trying Falcon private key");
+        #endif
+
+        /* Set start of data to beginning of buffer. */
+        idx = 0;
+        /* Decode the key assuming it is a Falcon private key. */
+        ret = wc_falcon_import_private_only(ssl->buffers.altKey->buffer,
+                                            ssl->buffers.altKey->length,
+                                            (falcon_key*)ssl->hsAltKey);
+        if (ret == 0) {
+            WOLFSSL_MSG("Using Falcon private key");
+
+            /* Check it meets the minimum Falcon key size requirements. */
+            keySz = wc_falcon_size((falcon_key*)ssl->hsAltKey);
+            if (keySz < ssl->options.minFalconKeySz) {
+                WOLFSSL_MSG("Falcon key size too small");
+                ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk);
+            }
+
+            /* Return the maximum signature length. */
+            *length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
+
+            goto exit_dapk;
+        }
+    }
+#endif /* HAVE_FALCON */
+#if defined(HAVE_DILITHIUM)
+    #if !defined(NO_RSA) || defined(HAVE_ECC)
+        FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
+    #endif
+
+    if (ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
+        ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
+        ssl->buffers.altKeyType == dilithium_level5_sa_algo ||
+        ssl->buffers.altKeyType == 0) {
+
+        ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM;
+        ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44);
+        }
+        else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65);
+        }
+        else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87);
+        }
+        else {
+            /* What if ssl->buffers.keyType is 0? We might want to do something
+             * more graceful here. */
+            ret = ALGO_ID_E;
+        }
+
+        if (ret != 0) {
+            goto exit_dapk;
+        }
+
+        #if defined(HAVE_FALCON)
+            WOLFSSL_MSG("Trying Dilithium private key, Falcon didn't work");
+        #elif defined(HAVE_ECC)
+            WOLFSSL_MSG("Trying Dilithium private key, ECC didn't work");
+        #elif !defined(NO_RSA)
+            WOLFSSL_MSG("Trying Dilithium private key, RSA didn't work");
+        #else
+            WOLFSSL_MSG("Trying Dilithium private key");
+        #endif
+
+        /* Set start of data to beginning of buffer. */
+        idx = 0;
+        /* Decode the key assuming it is a Dilithium private key. */
+        ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.altKey->buffer,
+                                            &idx,
+                                            (dilithium_key*)ssl->hsAltKey,
+                                            ssl->buffers.altKey->length);
+        if (ret == 0) {
+            WOLFSSL_MSG("Using Dilithium private key");
+
+            /* Check it meets the minimum Dilithium key size requirements. */
+            keySz = wc_dilithium_size((dilithium_key*)ssl->hsAltKey);
+            if (keySz < ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG("Dilithium key size too small");
+                ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk);
+            }
+
+            /* Return the maximum signature length. */
+            *length = wc_dilithium_sig_size((dilithium_key*)ssl->hsAltKey);
+
+            goto exit_dapk;
+        }
+    }
+#endif /* HAVE_DILITHIUM */
+
+    (void)idx;
+    (void)keySz;
+    (void)length;
+
+exit_dapk:
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    if (ret == 0) {
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
+            &ssl->buffers.altKeyMask);
+    }
+    else {
+        wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+    }
+#endif
+
+    if (ret != 0) {
+        WOLFSSL_ERROR_VERBOSE(ret);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
 
 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12)
@@ -27995,7 +30432,7 @@ static int SigAlgoCachesMsgs(int sigAlgo)
 }
 
 static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
-    const byte* data, int sz, byte sigAlgo)
+    const byte* data, word32 sz, byte sigAlgo)
 {
     int ret = 0;
     int digest_sz = wc_HashGetDigestSize(hashType);
@@ -28005,11 +30442,16 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
     }
 
     if (ret == 0) {
+        word32 new_size = SEED_LEN;
         /* buffer for signature */
-        ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + sz, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-        if (ssl->buffers.sig.buffer == NULL) {
+        if (! WC_SAFE_SUM_WORD32(new_size, sz, new_size))
             ret = MEMORY_E;
+        else {
+            ssl->buffers.sig.buffer = (byte*)XMALLOC(new_size, ssl->heap,
+                                                        DYNAMIC_TYPE_SIGNATURE);
+            if (ssl->buffers.sig.buffer == NULL) {
+                ret = MEMORY_E;
+            }
         }
     }
     if (ret == 0) {
@@ -28026,11 +30468,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         ssl->buffers.digest.length = (unsigned int)digest_sz;
 
         /* buffer for hash */
-        if (!ssl->buffers.digest.buffer) {
-            if (!ssl->options.dontFreeDigest) {
-                XFREE(ssl->buffers.digest.buffer, ssl->heap,
-                    DYNAMIC_TYPE_DIGEST);
-            }
+        if (!ssl->options.dontFreeDigest) {
+            XFREE(ssl->buffers.digest.buffer, ssl->heap,
+                  DYNAMIC_TYPE_DIGEST);
         }
         ssl->options.dontFreeDigest = 0;
 
@@ -28062,7 +30502,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif /* !WOLFSSL_NO_TLS12 */
 
 /* client only parts */
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 
     int HaveUniqueSessionObj(WOLFSSL* ssl)
     {
@@ -28088,7 +30528,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         int                sendSz;
         int                idSz;
         int                ret;
-        word16             extSz = 0;
+        word32             extSz = 0;
         const Suites*      suites;
 
         if (ssl == NULL) {
@@ -28137,7 +30577,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         }
 #endif
         length = VERSION_SZ + RAN_LEN
-               + idSz + ENUM_LEN
+               + (word32)idSz + ENUM_LEN
                + SUITE_LEN
                + COMP_LEN + ENUM_LEN;
 #ifndef NO_FORCE_SCR_SAME_SUITE
@@ -28167,7 +30607,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         if (extSz != 0)
             length += extSz + HELLO_EXT_SZ_SZ;
 #endif
-        sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+        sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
         if (ssl->arrays == NULL) {
             return BAD_FUNC_ARG;
@@ -28177,7 +30617,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         if (ssl->options.dtls) {
             length += ENUM_LEN;   /* cookie */
             if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
-            sendSz  = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
+            sendSz  = (int)length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
             idx    += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
         }
 #endif
@@ -28274,7 +30714,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         (void)idx; /* suppress analyzer warning, keep idx current */
 #else
         if (extSz != 0) {
-            c16toa(extSz, output + idx);
+            c16toa((word16)(extSz), output + idx);
             idx += HELLO_EXT_SZ_SZ;
 
             if (IsAtLeastTLSv1_2(ssl)) {
@@ -28308,20 +30748,22 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         if (IsEncryptionOn(ssl, 1)) {
             byte* input;
-            int   inputSz = idx; /* build msg adds rec hdr */
+            int   inputSz = (int)idx; /* build msg adds rec hdr */
             int   recordHeaderSz = RECORD_HEADER_SZ;
 
             if (ssl->options.dtls)
                 recordHeaderSz += DTLS_RECORD_EXTRA;
             inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, inputSz, client_hello)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
+                                          client_hello)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -28335,7 +30777,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         } else {
             #ifdef WOLFSSL_DTLS
                 if (IsDtlsNotSctpMode(ssl)) {
-                    if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, client_hello)) != 0)
+                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, client_hello)) != 0)
                         return ret;
                 }
                 if (ssl->options.dtls)
@@ -28348,9 +30790,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
 #endif
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
@@ -28365,7 +30807,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.buildingMsg = 0;
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -28390,9 +30832,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif
 
 #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
+        if (ssl->options.dtls)
             DtlsMsgPoolReset(ssl);
-        }
 #endif
 
         if (OPAQUE16_LEN + OPAQUE8_LEN > size)
@@ -28429,6 +30870,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             if (!ssl->options.downgrade ||
                     ssl->options.minDowngrade <= DTLSv1_3_MINOR)
                 return VERSION_ERROR;
+
+            /* Cannot be DTLS1.3 as HELLO_VERIFY_REQUEST */
+            ssl->options.tls1_3 = 0;
         }
 #endif /* defined(WOLFSSL_DTLS13) && defined(WOLFSSL_TLS13) */
 
@@ -28459,8 +30903,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif
 
         ret = ret ||
-              (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
-                                          ssl->session->sessionID, ID_LEN) == 0);
+              (ssl->options.haveSessionId && ssl->arrays->sessionIDSz == ID_LEN
+                      && ssl->session->sessionIDSz == ID_LEN
+                      && XMEMCMP(ssl->arrays->sessionID,
+                              ssl->session->sessionID, ID_LEN) == 0);
 
         return ret;
     }
@@ -28484,7 +30930,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS);
         }
         #endif
 
@@ -28815,7 +31261,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                         else
                             i += extSz;
 
-                        totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
+                        totalExtSz -= (word16)(OPAQUE16_LEN) +
+                                    (word16)(OPAQUE16_LEN) +
+                                    extSz;
                     }
 
                     *inOutIdx = i;
@@ -28843,15 +31291,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
 
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMWrite &&
-                                              ssl->specs.cipher_type == block) {
-                *inOutIdx += MacSize(ssl);
-            }
-        #endif
-        }
 
 #ifdef HAVE_SECRET_CALLBACK
         if (ssl->sessionSecretCb != NULL
@@ -29030,7 +31471,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             if ((len > size) || ((*inOutIdx - begin) + len > size))
                 return BUFFER_ERROR;
 
-            if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
+            if (PickHashSigAlgo(ssl, input + *inOutIdx, len, 0) != 0 &&
                                              ssl->buffers.certificate &&
                                              ssl->buffers.certificate->buffer) {
             #ifdef HAVE_PK_CALLBACKS
@@ -29101,7 +31542,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
                 InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap);
 
-                ret = GetName(cert, SUBJECT, dnSz);
+                ret = GetName(cert, ASN_SUBJECT, dnSz);
 
                 if (ret == 0) {
                     if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL)
@@ -29109,12 +31550,12 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                 }
 
                 if (ret == 0) {
-                    CopyDecodedName(name, cert, SUBJECT);
+                    CopyDecodedName(name, cert, ASN_SUBJECT);
                 }
 
                 if (ret == 0) {
                     if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
-                        == WOLFSSL_FAILURE)
+                        <= 0)
                     {
                         ret = MEMORY_ERROR;
                     }
@@ -29134,7 +31575,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         #endif
 
             *inOutIdx += dnSz;
-            len -= OPAQUE16_LEN + dnSz;
+            len -= (word16)(OPAQUE16_LEN) + dnSz;
         }
 
     #ifdef OPENSSL_EXTRA
@@ -29183,13 +31624,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             ssl->options.sendVerify = SEND_BLANK_CERT;
         }
 
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead)
-                *inOutIdx += MacSize(ssl);
-        #endif
-        }
 
         WOLFSSL_LEAVE("DoCertificateRequest", 0);
         WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);
@@ -29203,7 +31639,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
     static int CheckCurveId(int tlsCurveId)
     {
-        int ret = ECC_CURVE_ERROR;
+        int ret = WC_NO_ERR_TRACE(ECC_CURVE_ERROR);
 
         switch (tlsCurveId) {
     #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
@@ -29271,7 +31707,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID;
         #endif /* !NO_ECC_SECP */
     #endif
-            default: break;
+            default:
+                ret = WC_NO_ERR_TRACE(ECC_CURVE_ERROR);
+                break;
         }
 
         return ret;
@@ -29293,8 +31731,6 @@ typedef struct DskeArgs {
     word16 verifySigSz;
 #endif
     word16 sigSz;
-    byte   sigAlgo;
-    byte   hashAlgo;
 #if !defined(NO_RSA) && defined(WC_RSA_PSS)
     int    bits;
 #endif
@@ -29309,10 +31745,8 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
                                                           defined(HAVE_CURVE448)
-    if (args->verifySig) {
-        XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
-        args->verifySig = NULL;
-    }
+    XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+    args->verifySig = NULL;
 #endif
 }
 
@@ -29599,7 +32033,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
     args = (DskeArgs*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_dske;
@@ -29613,8 +32047,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
         XMEMSET(args, 0, sizeof(DskeArgs));
         args->idx = *inOutIdx;
         args->begin = *inOutIdx;
-        args->sigAlgo = ssl->specs.sig_algo;
-        args->hashAlgo = sha_mac;
+        ssl->options.peerSigAlgo = ssl->specs.sig_algo;
+        ssl->options.peerHashAlgo = sha_mac;
     #ifdef WOLFSSL_ASYNC_CRYPT
         ssl->async->freeArgs = FreeDskeArgs;
     #endif
@@ -29651,9 +32085,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     }
 
                     /* get PSK server hint from the wire */
-                    srvHintLen = min(length, MAX_PSK_ID_LEN);
+                    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
                     XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                                                                    srvHintLen);
+                            (size_t)(srvHintLen));
                     ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
                     args->idx += length;
                     break;
@@ -29694,7 +32128,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     if ((curveOid = CheckCurveId(b)) < 0) {
                         ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
                     }
-                    ssl->ecdhCurveOID = curveOid;
+                    ssl->ecdhCurveOID = (word32)curveOid;
                 #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
                     ssl->namedGroup = 0;
                 #endif
@@ -29725,9 +32159,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 input + args->idx, length,
                                 EC25519_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == BUFFER_E)
+                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                 SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == ECC_OUT_OF_RANGE_E)
+                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                 SendAlert(ssl, alert_fatal, bad_record_mac);
                             else {
                                 SendAlert(ssl, alert_fatal, illegal_parameter);
@@ -29768,9 +32202,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 input + args->idx, length,
                                 EC448_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == BUFFER_E)
+                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                 SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == ECC_OUT_OF_RANGE_E)
+                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                 SendAlert(ssl, alert_fatal, bad_record_mac);
                             else {
                                 SendAlert(ssl, alert_fatal, illegal_parameter);
@@ -29805,7 +32239,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         }
                     }
 
-                    curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
+                    curveId = wc_ecc_get_oid((word32)curveOid, NULL, NULL);
                     if (wc_ecc_import_x963_ex(input + args->idx, length,
                                         ssl->peerEccKey, curveId) != 0) {
                     #ifdef WOLFSSL_EXTRA_ALERTS
@@ -29838,7 +32272,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     }
 
                     /* get PSK server hint from the wire */
-                    srvHintLen = min(length, MAX_PSK_ID_LEN);
+                    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
                     XMEMCPY(ssl->arrays->server_hint, input + args->idx,
                                                                 srvHintLen);
                     ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
@@ -29871,9 +32305,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     }
 
                     /* get PSK server hint from the wire */
-                    srvHintLen = min(length, MAX_PSK_ID_LEN);
+                    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
                     XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                                                                    srvHintLen);
+                                                    (size_t)(srvHintLen));
                     ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
 
                     args->idx += length;
@@ -29894,6 +32328,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     if ((curveOid = CheckCurveId(b)) < 0) {
                         ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
                     }
+                    ssl->ecdhCurveOID = (word32)curveOid;
 
                     length = input[args->idx++];
                     if ((args->idx - args->begin) + length > size) {
@@ -29921,9 +32356,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 input + args->idx, length,
                                 EC25519_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == BUFFER_E)
+                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                 SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == ECC_OUT_OF_RANGE_E)
+                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                 SendAlert(ssl, alert_fatal, bad_record_mac);
                             else {
                                 SendAlert(ssl, alert_fatal, illegal_parameter);
@@ -29964,9 +32399,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 input + args->idx, length,
                                 EC448_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == BUFFER_E)
+                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                 SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == ECC_OUT_OF_RANGE_E)
+                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                 SendAlert(ssl, alert_fatal, bad_record_mac);
                             else {
                                 SendAlert(ssl, alert_fatal, illegal_parameter);
@@ -30001,7 +32436,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         }
                     }
 
-                    curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
+                    curveId = wc_ecc_get_oid((word32)curveOid, NULL, NULL);
                     if (wc_ecc_import_x963_ex(input + args->idx, length,
                         ssl->peerEccKey, curveId) != 0) {
                         ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
@@ -30046,14 +32481,14 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     ERROR_OUT(NOT_COMPILED_IN, exit_dske);
             #else
                     enum wc_HashType hashType;
-                    word16 verifySz;
+                    word32 verifySz;
                     byte sigAlgo;
 
                     if (ssl->options.usingAnon_cipher) {
                         break;
                     }
 
-                    verifySz = (word16)(args->idx - args->begin);
+                    verifySz = (args->idx - args->begin);
                     if (verifySz > MAX_DH_SZ) {
                         ERROR_OUT(BUFFER_ERROR, exit_dske);
                     }
@@ -30064,43 +32499,59 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                             ERROR_OUT(BUFFER_ERROR, exit_dske);
                         }
 
-                        DecodeSigAlg(&input[args->idx], &args->hashAlgo,
+                        /* Check if hashSigAlgo in Server Key Exchange is supported
+                         * in our ssl->suites or ssl->ctx->suites. */
+                        if (!SupportedHashSigAlgo(ssl, &input[args->idx])) {
+                        #ifdef WOLFSSL_EXTRA_ALERTS
+                            SendAlert(ssl, alert_fatal, handshake_failure);
+                        #endif
+                            ERROR_OUT(MATCH_SUITE_ERROR, exit_dske);
+                        }
+
+                        DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
                                      &sigAlgo);
                     #ifndef NO_RSA
                         if (sigAlgo == rsa_pss_sa_algo &&
-                                                 args->sigAlgo == rsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                                 ssl->options.peerSigAlgo == rsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
+                        }
+                        else
+                    #endif
+                    #ifdef WC_RSA_PSS
+                        if (sigAlgo == rsa_pss_pss_algo &&
+                                ssl->options.peerSigAlgo == rsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                     #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                         if (sigAlgo == sm2_sa_algo &&
-                                             args->sigAlgo == ecc_dsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                             ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                     #ifdef HAVE_ED25519
                         if (sigAlgo == ed25519_sa_algo &&
-                                             args->sigAlgo == ecc_dsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                             ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                     #ifdef HAVE_ED448
                         if (sigAlgo == ed448_sa_algo &&
-                                             args->sigAlgo == ecc_dsa_sa_algo) {
-                            args->sigAlgo = sigAlgo;
+                                             ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
                         }
                         else
                     #endif
                         /* Signature algorithm from message must match signature
                          * algorithm in cipher suite. */
-                        if (sigAlgo != args->sigAlgo) {
+                        if (sigAlgo != ssl->options.peerSigAlgo) {
                             ERROR_OUT(ALGO_ID_E, exit_dske);
                         }
                         args->idx += 2;
-                        hashType = HashAlgoToType(args->hashAlgo);
+                        hashType = HashAlgoToType(ssl->options.peerHashAlgo);
                         if (hashType == WC_HASH_TYPE_NONE) {
                             ERROR_OUT(ALGO_ID_E, exit_dske);
                         }
@@ -30108,7 +32559,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         /* only using sha and md5 for rsa */
                         #ifndef NO_OLD_TLS
                             hashType = WC_HASH_TYPE_SHA;
-                            if (args->sigAlgo == rsa_sa_algo) {
+                            if (ssl->options.peerSigAlgo == rsa_sa_algo) {
                                 hashType = WC_HASH_TYPE_MD5_SHA;
                             }
                         #else
@@ -30129,16 +32580,17 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     }
 
                     ret = HashSkeData(ssl, hashType, input + args->begin,
-                        verifySz, args->sigAlgo);
+                        verifySz, ssl->options.peerSigAlgo);
                     if (ret != 0) {
                         goto exit_dske;
                     }
 
-                    switch (args->sigAlgo)
+                    switch (ssl->options.peerSigAlgo)
                     {
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
                         case rsa_pss_sa_algo:
+                        case rsa_pss_pss_algo:
                     #endif
                         case rsa_sa_algo:
                         {
@@ -30182,7 +32634,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
 
                     default:
                         ret = ALGO_ID_E;
-                    } /* switch (args->sigAlgo) */
+                    } /* switch (ssl->options.peerSigAlgo) */
 
             #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 && !HAVE_ED448 */
                     break;
@@ -30234,18 +32686,19 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                                             args->verifySigSz);
                     }
 
-                    switch (args->sigAlgo)
+                    switch (ssl->options.peerSigAlgo)
                     {
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
                         case rsa_pss_sa_algo:
+                        case rsa_pss_pss_algo:
                     #endif
                         case rsa_sa_algo:
                         {
                             ret = RsaVerify(ssl,
                                 args->verifySig, args->verifySigSz,
                                 &args->output,
-                                args->sigAlgo, args->hashAlgo,
+                                ssl->options.peerSigAlgo, ssl->options.peerHashAlgo,
                                 ssl->peerRsaKey,
                             #ifdef HAVE_PK_CALLBACKS
                                 &ssl->buffers.peerRsaKey
@@ -30262,7 +32715,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 ret = 0;
                             }
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (ret != WC_PENDING_E)
+                            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         #endif
                             {
                                 /* peerRsaKey */
@@ -30283,16 +32736,16 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         #ifdef HAVE_PK_CALLBACKS
                             if (ssl->ctx && ssl->ctx->ProcessServerSigKexCb) {
                                 ret = ssl->ctx->ProcessServerSigKexCb(ssl,
-                                    args->sigAlgo,
+                                    ssl->options.peerSigAlgo,
                                     args->verifySig, args->verifySigSz,
                                     ssl->buffers.sig.buffer, SEED_LEN,
                                     &ssl->buffers.sig.buffer[SEED_LEN],
                                     (ssl->buffers.sig.length - SEED_LEN));
                             }
                         #endif /* HAVE_PK_CALLBACKS */
-                            if (ret == NOT_COMPILED_IN) {
+                            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
                             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                                if (args->sigAlgo == sm2_sa_algo) {
+                                if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                                     ret = Sm2wSm3Verify(ssl,
                                         TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ,
                                         args->verifySig, args->verifySigSz,
@@ -30324,7 +32777,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                             }
 
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (ret != WC_PENDING_E)
+                            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         #endif
                             {
                                 /* peerEccDsaKey */
@@ -30354,7 +32807,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                             );
 
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (ret != WC_PENDING_E)
+                            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         #endif
                             {
                                 /* peerEccDsaKey */
@@ -30384,7 +32837,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                             );
 
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (ret != WC_PENDING_E)
+                            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         #endif
                             {
                                 /* peerEccDsaKey */
@@ -30445,23 +32898,24 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     /* increment index after verify is done */
                     args->idx += args->verifySigSz;
 
-                    switch(args->sigAlgo)
+                    switch(ssl->options.peerSigAlgo)
                     {
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
                         case rsa_pss_sa_algo:
+                        case rsa_pss_pss_algo:
                         #ifdef HAVE_SELFTEST
                             ret = wc_RsaPSS_CheckPadding(
                                              ssl->buffers.digest.buffer,
                                              ssl->buffers.digest.length,
                                              args->output, args->sigSz,
-                                             HashAlgoToType(args->hashAlgo));
+                                             HashAlgoToType(ssl->options.peerHashAlgo));
                         #else
                             ret = wc_RsaPSS_CheckPadding_ex(
                                              ssl->buffers.digest.buffer,
                                              ssl->buffers.digest.length,
                                              args->output, args->sigSz,
-                                             HashAlgoToType(args->hashAlgo),
+                                             HashAlgoToType(ssl->options.peerHashAlgo),
                                              -1, args->bits);
                         #endif
                             if (ret != 0)
@@ -30501,7 +32955,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                 encSigSz = wc_EncodeSignature(encodedSig,
                                     ssl->buffers.digest.buffer,
                                     ssl->buffers.digest.length,
-                                    TypeHash(args->hashAlgo));
+                                    TypeHash(ssl->options.peerHashAlgo));
                                 if (encSigSz != args->sigSz || !args->output ||
                                     XMEMCMP(args->output, encodedSig,
                                             min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
@@ -30569,13 +33023,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
 
         case TLS_ASYNC_FINALIZE:
         {
-            if (IsEncryptionOn(ssl, 0)) {
+            if (IsEncryptionOn(ssl, 0))
                 args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                if (ssl->options.startedETMRead)
-                    args->idx += MacSize(ssl);
-            #endif
-            }
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_END;
@@ -30601,7 +33050,7 @@ exit_dske:
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* Handle async operation */
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         /* Mark message as not received so it can process again */
         ssl->msgsReceived.got_server_key_exchange = 0;
 
@@ -30638,14 +33087,10 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
 
     (void)ssl;
 
-    if (args->encSecret) {
-        XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
-        args->encSecret = NULL;
-    }
-    if (args->input) {
-        XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
-        args->input = NULL;
-    }
+    XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+    args->encSecret = NULL;
+    XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+    args->input = NULL;
 }
 
 /* handle generation client_key_exchange (16) */
@@ -30664,9 +33109,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
 #ifdef OPENSSL_EXTRA
     ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
-    ssl->cbmode = SSL_CB_MODE_WRITE;
+    ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
     if (ssl->CBIS != NULL)
-        ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+        ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
 #endif
 
 #ifdef WOLFSSL_ASYNC_IO
@@ -30682,7 +33127,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_scke;
@@ -30778,7 +33223,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                         /* create private key */
                         ssl->hsType = DYNAMIC_TYPE_CURVE25519;
-                        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                        ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
                         if (ret != 0) {
                             goto exit_scke;
                         }
@@ -30829,7 +33274,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* create ephemeral private key */
                     ssl->hsType = DYNAMIC_TYPE_ECC;
-                    ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                    ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
                     if (ret != 0) {
                         goto exit_scke;
                     }
@@ -30880,7 +33325,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                         /* create private key */
                         ssl->hsType = DYNAMIC_TYPE_CURVE25519;
-                        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                        ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
                         if (ret != 0) {
                             goto exit_scke;
                         }
@@ -30928,7 +33373,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* create ephemeral private key */
                     ssl->hsType = DYNAMIC_TYPE_ECC;
-                    ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                    ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
                     if (ret != 0) {
                         goto exit_scke;
                     }
@@ -30982,11 +33427,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         void* ctx = wolfSSL_GetGenPreMasterCtx(ssl);
                         ret = ssl->ctx->GenPreMasterCb(ssl,
                             ssl->arrays->preMasterSecret, ENCRYPT_LEN, ctx);
-                        if (ret != 0 && ret != PROTOCOLCB_UNAVAILABLE) {
+                        if (ret != 0 &&
+                            ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) {
                             goto exit_scke;
                         }
                     }
-                    if (!ssl->ctx->GenPreMasterCb || ret == PROTOCOLCB_UNAVAILABLE)
+                    if (!ssl->ctx->GenPreMasterCb ||
+                        ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
                     #endif
                     {
                         /* build PreMasterSecret with RNG data */
@@ -31076,23 +33523,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                 case psk_kea:
                 {
                     byte* pms = ssl->arrays->preMasterSecret;
-                    int cbret = (int)ssl->options.client_psk_cb(ssl,
+                    ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
                         ssl->arrays->server_hint, ssl->arrays->client_identity,
                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
-
-                    if (cbret == 0 || cbret > MAX_PSK_KEY_LEN) {
-                        if (cbret != USE_HW_PSK) {
-                            ERROR_OUT(PSK_KEY_ERROR, exit_scke);
-                        }
-                    }
-
-                    if (cbret == USE_HW_PSK) {
-                        /* USE_HW_PSK indicates that the hardware has the PSK
-                         * and generates the premaster secret. */
-                        ssl->arrays->psk_keySz = 0;
-                    }
-                    else {
-                        ssl->arrays->psk_keySz = (word32)cbret;
+                    if (ssl->arrays->psk_keySz == 0 ||
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
+                        ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                     }
 
                     /* Ensure the buffer is null-terminated. */
@@ -31104,7 +33541,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     XMEMCPY(args->encSecret, ssl->arrays->client_identity,
                             args->encSz);
                     ssl->options.peerAuthGood = 1;
-                    if (cbret != USE_HW_PSK) {
+                    if ((int)ssl->arrays->psk_keySz > 0) {
                         /* CLIENT: Pre-shared Key for peer authentication. */
 
                         /* make psk pre master secret */
@@ -31120,8 +33557,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2)
                                                    + (2 * OPAQUE16_LEN);
                         ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                        ssl->arrays->psk_keySz = 0; /* No further need */
                     }
+                    ssl->arrays->psk_keySz = 0; /* No further need */
                     break;
                 }
             #endif /* !NO_PSK */
@@ -31132,12 +33569,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     args->output = args->encSecret;
 
                     ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
-                         ssl->arrays->server_hint, ssl->arrays->client_identity,
-                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
+                        ssl->arrays->server_hint, ssl->arrays->client_identity,
+                        MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                     if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
                         ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                     }
+
                     ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                     esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
 
@@ -31213,12 +33652,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* Send PSK client identity */
                     ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
-                         ssl->arrays->server_hint, ssl->arrays->client_identity,
-                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
+                        ssl->arrays->server_hint, ssl->arrays->client_identity,
+                        MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                     if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
                         ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                     }
+
                     ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                     esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
                     if (esSz > MAX_PSK_ID_LEN) {
@@ -31238,7 +33679,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     args->length = MAX_ENCRYPT_SZ;
 
                     /* Create shared ECC key leaving room at the beginning
-                       of buffer for size of shared key. */
+                     * of buffer for size of shared key. */
                     ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
 
                 #ifdef HAVE_CURVE25519
@@ -31451,7 +33892,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -31472,7 +33913,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -31490,7 +33931,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         WOLFSSL_CLIENT_END
                     );
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (ret != WC_PENDING_E)
+                    if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                 #endif
                     {
                         FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -31519,7 +33960,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -31540,7 +33981,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -31563,7 +34004,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     if (!ssl->specs.static_ecdh
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                        && ret != WC_PENDING_E
+                        && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                 #endif
                      && !ssl->options.keepResources) {
                         FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -31629,13 +34070,15 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     pms += ssl->arrays->preMasterSz;
 
                     /* make psk pre master secret */
-                    /* length of key + length 0s + length of key + key */
-                    c16toa((word16)ssl->arrays->psk_keySz, pms);
-                    pms += OPAQUE16_LEN;
-                    XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                    ssl->arrays->preMasterSz +=
-                                         ssl->arrays->psk_keySz + OPAQUE16_LEN;
-                    ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                    if ((int)ssl->arrays->psk_keySz > 0) {
+                        /* length of key + length 0s + length of key + key */
+                        c16toa((word16)ssl->arrays->psk_keySz, pms);
+                        pms += OPAQUE16_LEN;
+                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        ssl->arrays->preMasterSz +=
+                                            ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                        ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                    }
                     ssl->arrays->psk_keySz = 0; /* No further need */
                     break;
                 }
@@ -31656,18 +34099,19 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     args->encSz += args->length + OPAQUE8_LEN;
 
                     /* Create pre master secret is the concatenation of
-                       eccSize + eccSharedKey + pskSize + pskKey */
+                     * eccSize + eccSharedKey + pskSize + pskKey */
                     c16toa((word16)ssl->arrays->preMasterSz, pms);
                     ssl->arrays->preMasterSz += OPAQUE16_LEN;
                     pms += ssl->arrays->preMasterSz;
 
-                    c16toa((word16)ssl->arrays->psk_keySz, pms);
-                    pms += OPAQUE16_LEN;
-                    XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                    ssl->arrays->preMasterSz +=
-                                          ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                    if ((int)ssl->arrays->psk_keySz > 0) {
+                        c16toa((word16)ssl->arrays->psk_keySz, pms);
+                        pms += OPAQUE16_LEN;
+                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
 
-                    ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                    }
                     ssl->arrays->psk_keySz = 0; /* No further need */
                     break;
                 }
@@ -31719,7 +34163,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
             }
 
             idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-            args->sendSz = args->encSz + tlsSz + idx;
+            args->sendSz = (int)(args->encSz + tlsSz + idx);
 
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
@@ -31753,8 +34197,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                 if (ssl->options.dtls)
                     recordHeaderSz += DTLS_RECORD_EXTRA;
-                args->inputSz = idx - recordHeaderSz; /* buildmsg adds rechdr */
-                args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
+                args->inputSz = (int)idx - recordHeaderSz; /* buildmsg adds rechdr */
+                args->input = (byte*)XMALLOC((size_t)args->inputSz, ssl->heap,
                                                        DYNAMIC_TYPE_IN_BUFFER);
                 if (args->input == NULL) {
                     ERROR_OUT(MEMORY_E, exit_scke);
@@ -31817,12 +34261,12 @@ int SendClientKeyExchange(WOLFSSL* ssl)
             }
         #endif
 
-            ssl->buffers.outputBuffer.length += args->sendSz;
+            ssl->buffers.outputBuffer.length += (word32)args->sendSz;
 
             if (!ssl->options.groupMessages) {
                 ret = SendBuffered(ssl);
             }
-            if (ret == 0 || ret == WANT_WRITE) {
+            if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
                 int tmpRet = MakeMasterSecret(ssl);
                 if (tmpRet != 0) {
                     ret = tmpRet;   /* save WANT_WRITE unless more serious */
@@ -31852,7 +34296,9 @@ exit_scke:
 
 #ifdef WOLFSSL_ASYNC_IO
     /* Handle async operation */
-    if (ret == WC_PENDING_E || ret == WANT_WRITE) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+        ret == WC_NO_ERR_TRACE(WANT_WRITE))
+    {
         if (ssl->options.buildingMsg)
             return ret;
         /* If we have completed all states then we will not enter this function
@@ -31900,7 +34346,7 @@ typedef struct ScvArgs {
     word32 sigSz;
     int    sendSz;
     int    inputSz;
-    word16 length;
+    word32 length;
     byte   sigAlgo;
 } ScvArgs;
 
@@ -31911,15 +34357,11 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
     (void)ssl;
 
 #ifndef NO_RSA
-    if (args->verifySig) {
-        XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
-        args->verifySig = NULL;
-    }
+    XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+    args->verifySig = NULL;
 #endif
-    if (args->input) {
-        XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
-        args->input = NULL;
-    }
+    XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+    args->input = NULL;
 }
 
 /* handle generation of certificate_verify (15) */
@@ -31936,6 +34378,10 @@ int SendCertificateVerify(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND);
     WOLFSSL_ENTER("SendCertificateVerify");
 
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+#endif
+
 #ifdef WOLFSSL_ASYNC_IO
     if (ssl->async == NULL) {
         ssl->async = (struct WOLFSSL_ASYNC*)
@@ -31948,10 +34394,10 @@ int SendCertificateVerify(WOLFSSL* ssl)
     args = (ScvArgs*)ssl->async->args;
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* BuildMessage does its own Pop */
-    if (ssl->error != WC_PENDING_E ||
+    if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) ||
             ssl->options.asyncState != TLS_ASYNC_END)
         ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_scv;
@@ -31982,16 +34428,20 @@ int SendCertificateVerify(WOLFSSL* ssl)
         case TLS_ASYNC_BEGIN:
         {
             if (ssl->options.sendVerify == SEND_BLANK_CERT) {
+            #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+                wolfssl_priv_der_unblind(ssl->buffers.key,
+                    ssl->buffers.keyMask);
+            #endif
                 return 0;  /* sent blank cert, can't verify */
             }
 
-            args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
+            args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
             if (IsEncryptionOn(ssl, 1)) {
                 args->sendSz += MAX_MSG_EXTRA;
             }
 
             /* Use tmp buffer */
-            args->input = (byte*)XMALLOC(args->sendSz,
+            args->input = (byte*)XMALLOC((size_t)args->sendSz,
                     ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
             if (args->input == NULL)
                 ERROR_OUT(MEMORY_E, exit_scv);
@@ -32119,7 +34569,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                 }
 
                 /* prepend hdr */
-                c16toa(args->length, args->verify + args->extraSz);
+                c16toa((word16)args->length, args->verify + args->extraSz);
             }
             #ifdef WC_RSA_PSS
             else if (args->sigAlgo == rsa_pss_sa_algo) {
@@ -32129,7 +34579,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                 args->sigSz = ENCRYPT_LEN;
 
                 /* prepend hdr */
-                c16toa(args->length, args->verify + args->extraSz);
+                c16toa((word16)args->length, args->verify + args->extraSz);
             }
             #endif
         #endif /* !NO_RSA */
@@ -32264,13 +34714,20 @@ int SendCertificateVerify(WOLFSSL* ssl)
 
                 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                     if (ssl->buffers.keyType == sm2_sa_algo) {
+                    #ifdef HAVE_PK_CALLBACKS
+                        buffer tmp;
+
+                        tmp.length = ssl->buffers.key->length;
+                        tmp.buffer = ssl->buffers.key->buffer;
+                    #endif
+
                         ret = Sm3wSm2Verify(ssl,
                             TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ,
                             ssl->buffers.sig.buffer, ssl->buffers.sig.length,
                             ssl->buffers.digest.buffer,
                             ssl->buffers.digest.length, key,
                         #ifdef HAVE_PK_CALLBACKS
-                            ssl->buffers.key
+                            &tmp
                         #else
                             NULL
                         #endif
@@ -32279,12 +34736,19 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     else
                 #endif
                     {
+                    #ifdef HAVE_PK_CALLBACKS
+                        buffer tmp;
+
+                        tmp.length = ssl->buffers.key->length;
+                        tmp.buffer = ssl->buffers.key->buffer;
+                    #endif
+
                         ret = EccVerify(ssl,
                             ssl->buffers.sig.buffer, ssl->buffers.sig.length,
                             ssl->buffers.digest.buffer,
                             ssl->buffers.digest.length, key,
                         #ifdef HAVE_PK_CALLBACKS
-                            ssl->buffers.key
+                            &tmp
                         #else
                             NULL
                         #endif
@@ -32308,7 +34772,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
         #endif
                     args->length = (word16)ssl->buffers.sig.length;
                     /* prepend hdr */
-                    c16toa(args->length, args->verify + args->extraSz);
+                    c16toa((word16)args->length, args->verify + args->extraSz);
                     XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
                             ssl->buffers.sig.buffer, ssl->buffers.sig.length);
                     break;
@@ -32337,7 +34801,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     );
 
                     /* free temporary buffer now */
-                    if (ret != WC_PENDING_E) {
+                    if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
                         args->verifySig = NULL;
                     }
@@ -32386,15 +34850,24 @@ int SendCertificateVerify(WOLFSSL* ssl)
     } /* switch(ssl->options.asyncState) */
 
 exit_scv:
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    if (ret == 0) {
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            &ssl->buffers.keyMask);
+    }
+    else {
+        wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+    }
+#endif
 
     WOLFSSL_LEAVE("SendCertificateVerify", ret);
     WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_SEND);
 
 #ifdef WOLFSSL_ASYNC_IO
     /* Handle async operation */
-    if (ret == WANT_WRITE
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            || ret == WC_PENDING_E
+            || ret == WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
             )
         return ret;
@@ -32528,13 +35001,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
     }
 
-    if (IsEncryptionOn(ssl, 0)) {
+    if (IsEncryptionOn(ssl, 0))
         *inOutIdx += ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            *inOutIdx += MacSize(ssl);
-    #endif
-    }
 
     ssl->expect_session_ticket = 0;
 
@@ -32545,11 +35013,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #endif /* HAVE_SESSION_TICKET */
 
-#endif /* NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
+/* end client only parts */
+
 
 #ifndef NO_CERTS
 
-#ifdef WOLF_PRIVATE_KEY_ID
+#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS)
     int GetPrivateKeySigSize(WOLFSSL* ssl)
     {
         int sigSz = 0;
@@ -32590,7 +35060,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
         return sigSz;
     }
-#endif /* HAVE_PK_CALLBACKS */
+#endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */
 
 #endif /* NO_CERTS */
 
@@ -32679,36 +35149,129 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif /* HAVE_ECC */
 
+#ifdef WOLFSSL_HAVE_KYBER
+    /* Returns 1 when the given group is a PQC group, 0 otherwise. */
+    int NamedGroupIsPqc(int group)
+    {
+        switch (group) {
+        #ifndef WOLFSSL_NO_ML_KEM
+            case WOLFSSL_ML_KEM_512:
+            case WOLFSSL_ML_KEM_768:
+            case WOLFSSL_ML_KEM_1024:
+        #endif
+        #ifdef WOLFSSL_KYBER_ORIGINAL
+            case WOLFSSL_KYBER_LEVEL1:
+            case WOLFSSL_KYBER_LEVEL3:
+            case WOLFSSL_KYBER_LEVEL5:
+        #endif
+                return 1;
+            default:
+                return 0;
+        }
+    }
+
+    /* Returns 1 when the given group is a PQC hybrid group, 0 otherwise. */
+    int NamedGroupIsPqcHybrid(int group)
+    {
+        switch (group) {
+        #ifndef WOLFSSL_NO_ML_KEM
+            case WOLFSSL_P256_ML_KEM_768:
+            case WOLFSSL_X25519_ML_KEM_768:
+            case WOLFSSL_P384_ML_KEM_1024:
+            case WOLFSSL_P256_ML_KEM_512:
+            case WOLFSSL_P384_ML_KEM_768:
+            case WOLFSSL_P521_ML_KEM_1024:
+            case WOLFSSL_X25519_ML_KEM_512:
+            case WOLFSSL_X448_ML_KEM_768:
+        #endif
+        #ifdef WOLFSSL_KYBER_ORIGINAL
+            case WOLFSSL_P256_KYBER_LEVEL3:
+            case WOLFSSL_X25519_KYBER_LEVEL3:
+            case WOLFSSL_P256_KYBER_LEVEL1:
+            case WOLFSSL_P384_KYBER_LEVEL3:
+            case WOLFSSL_P521_KYBER_LEVEL5:
+            case WOLFSSL_X25519_KYBER_LEVEL1:
+            case WOLFSSL_X448_KYBER_LEVEL3:
+        #endif
+                return 1;
+            default:
+                return 0;
+        }
+    }
+#endif /* WOLFSSL_HAVE_KYBER */
+
     int TranslateErrorToAlert(int err)
     {
         switch (err) {
-            case BUFFER_ERROR:
+            case WC_NO_ERR_TRACE(BUFFER_ERROR):
                 return decode_error;
-            case EXT_NOT_ALLOWED:
-            case PEER_KEY_ERROR:
-            case ECC_PEERKEY_ERROR:
-            case BAD_KEY_SHARE_DATA:
-            case PSK_KEY_ERROR:
-            case INVALID_PARAMETER:
-            case HRR_COOKIE_ERROR:
+            case WC_NO_ERR_TRACE(EXT_NOT_ALLOWED):
+            case WC_NO_ERR_TRACE(PEER_KEY_ERROR):
+            case WC_NO_ERR_TRACE(ECC_PEERKEY_ERROR):
+            case WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA):
+            case WC_NO_ERR_TRACE(PSK_KEY_ERROR):
+            case WC_NO_ERR_TRACE(INVALID_PARAMETER):
+            case WC_NO_ERR_TRACE(HRR_COOKIE_ERROR):
+            case WC_NO_ERR_TRACE(BAD_BINDER):
                 return illegal_parameter;
-            case INCOMPLETE_DATA:
+            case WC_NO_ERR_TRACE(INCOMPLETE_DATA):
                 return missing_extension;
-            case MATCH_SUITE_ERROR:
-            case MISSING_HANDSHAKE_DATA:
+            case WC_NO_ERR_TRACE(MATCH_SUITE_ERROR):
+            case WC_NO_ERR_TRACE(MISSING_HANDSHAKE_DATA):
                 return handshake_failure;
-            case VERSION_ERROR:
+            case WC_NO_ERR_TRACE(VERSION_ERROR):
                 return wolfssl_alert_protocol_version;
             default:
                 return invalid_alert;
         }
     }
 
+    /* search suites for specific one, idx on success, negative on error */
+    int FindSuite(const Suites* suites, byte first, byte second)
+    {
+        int i;
 
-#ifndef NO_WOLFSSL_SERVER
+        if (suites == NULL || suites->suiteSz == 0) {
+            WOLFSSL_MSG("Suites pointer error or suiteSz 0");
+            return SUITES_ERROR;
+        }
+
+        for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) {
+            if (suites->suites[i]   == first &&
+                suites->suites[i+1] == second )
+                return i;
+        }
+
+        return MATCH_SUITE_ERROR;
+    }
+
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
 #ifndef WOLFSSL_NO_TLS12
 
+    static int getSessionID(WOLFSSL* ssl)
+    {
+        int sessIdSz = 0;
+        (void)ssl;
+#ifndef NO_SESSION_CACHE
+        /* if no session cache don't send a session ID */
+        if (!ssl->options.sessionCacheOff)
+            sessIdSz = ID_LEN;
+#endif
+#ifdef HAVE_SESSION_TICKET
+        /* we may be echoing an ID as part of session tickets */
+        if (ssl->options.useTicket) {
+            /* echo session id sz can be 0,32 or bogus len in between */
+            sessIdSz = ssl->arrays->sessionIDSz;
+            if (sessIdSz > ID_LEN) {
+                WOLFSSL_MSG("Bad bogus session id len");
+                return BUFFER_ERROR;
+            }
+        }
+#endif /* HAVE_SESSION_TICKET */
+        return sessIdSz;
+    }
+
     /* handle generation of server_hello (2) */
     int SendServerHello(WOLFSSL* ssl)
     {
@@ -32717,17 +35280,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         word16 length;
         word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
         int    sendSz;
-        byte   sessIdSz = ID_LEN;
-    #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
-        byte   echoId   = 0;  /* ticket echo id flag */
-    #endif
-        byte   cacheOff = 0;  /* session cache off flag */
+        byte   sessIdSz;
 
         WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
         WOLFSSL_ENTER("SendServerHello");
 
+        ret = getSessionID(ssl);
+        if (ret < 0)
+            return ret;
+        sessIdSz = (byte)ret;
+
         length = VERSION_SZ + RAN_LEN
-               + ID_LEN + ENUM_LEN
+               + ENUM_LEN + sessIdSz
                + SUITE_LEN
                + ENUM_LEN;
 
@@ -32735,45 +35299,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ret = TLSX_GetResponseSize(ssl, server_hello, &length);
         if (ret != 0)
             return ret;
-    #ifdef HAVE_SESSION_TICKET
-        if (ssl->options.useTicket) {
-            /* echo session id sz can be 0,32 or bogus len in between */
-            sessIdSz = ssl->arrays->sessionIDSz;
-            if (sessIdSz > ID_LEN) {
-                WOLFSSL_MSG("Bad bogus session id len");
-                return BUFFER_ERROR;
-            }
-            if (!IsAtLeastTLSv1_3(ssl->version))
-                length -= (ID_LEN - sessIdSz);  /* adjust ID_LEN assumption */
-            echoId = 1;
-        }
-    #endif /* HAVE_SESSION_TICKET */
 #else
         if (ssl->options.haveEMS) {
             length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
         }
 #endif
 
-        /* is the session cache off at build or runtime */
-#ifdef NO_SESSION_CACHE
-        cacheOff = 1;
-#else
-        if (ssl->options.sessionCacheOff == 1) {
-            cacheOff = 1;
-        }
-#endif
-
-        /* if no session cache don't send a session ID unless we're echoing
-         * an ID as part of session tickets */
-        if (cacheOff == 1
-        #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
-            && echoId == 0
-        #endif
-            ) {
-            length -= ID_LEN;    /* adjust ID_LEN assumption */
-            sessIdSz = 0;
-        }
-
         sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
         #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
@@ -32804,11 +35335,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         /* then random and session id */
         if (!ssl->options.resuming) {
-            /* generate random part and session id */
-            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
-                RAN_LEN + sizeof(sessIdSz) + sessIdSz);
-            if (ret != 0)
-                return ret;
+            word32 genRanLen = RAN_LEN;
 
 #ifdef WOLFSSL_TLS13
             if (TLSv1_3_Capable(ssl)) {
@@ -32816,6 +35343,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
                         tls13Downgrade, TLS13_DOWNGRADE_SZ);
                 output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl);
+                genRanLen -= TLS13_DOWNGRADE_SZ + 1;
             }
             else
 #endif
@@ -32827,12 +35355,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
                         tls13Downgrade, TLS13_DOWNGRADE_SZ);
                 output[idx + RAN_LEN - 1] = 0;
+                genRanLen -= TLS13_DOWNGRADE_SZ + 1;
             }
 
-            /* store info in SSL for later */
+            /* generate random part */
+            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen);
+            if (ret != 0)
+                return ret;
             XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
             idx += RAN_LEN;
+
+            /* generate session id */
             output[idx++] = sessIdSz;
+            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz);
+            if (ret != 0)
+                return ret;
             XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
             ssl->arrays->sessionIDSz = sessIdSz;
         }
@@ -32892,20 +35429,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         if (IsEncryptionOn(ssl, 1)) {
             byte* input;
-            int   inputSz = idx; /* build msg adds rec hdr */
+            int   inputSz = (int)idx; /* build msg adds rec hdr */
             int   recordHeaderSz = RECORD_HEADER_SZ;
 
             if (ssl->options.dtls)
                 recordHeaderSz += DTLS_RECORD_EXTRA;
             inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, inputSz, server_hello)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -32919,7 +35457,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         } else {
             #ifdef WOLFSSL_DTLS
                 if (IsDtlsNotSctpMode(ssl)) {
-                    if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, server_hello)) != 0)
+                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello)) != 0)
                         return ret;
                 }
                 if (ssl->options.dtls)
@@ -32943,7 +35481,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
         ssl->options.buildingMsg = 0;
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         if (ssl->options.groupMessages)
             ret = 0;
@@ -32966,7 +35504,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             return 0;
         }
 
-        return (byte)GetCurveByOID(key->dp->oidSum);
+        return (byte)GetCurveByOID((int)key->dp->oidSum);
     }
 
 #endif /* HAVE_ECC */
@@ -32991,7 +35529,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
         word32 exportSz;
     #endif
-        int    sendSz;
+        word32 sendSz;
         int    inputSz;
     } SskeArgs;
 
@@ -33002,16 +35540,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         (void)ssl;
 
     #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
-        if (args->exportBuf) {
-            XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
-            args->exportBuf = NULL;
-        }
+        XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
+        args->exportBuf = NULL;
     #endif
     #ifndef NO_RSA
-        if (args->verifySig) {
-            XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
-            args->verifySig = NULL;
-        }
+        XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+        args->verifySig = NULL;
     #endif
         (void)args;
     }
@@ -33030,6 +35564,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_SEND);
         WOLFSSL_ENTER("SendServerKeyExchange");
 
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+    #endif
+
     #ifdef WOLFSSL_ASYNC_IO
         if (ssl->async == NULL) {
             ssl->async = (struct WOLFSSL_ASYNC*)
@@ -33042,7 +35580,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         args = (SskeArgs*)ssl->async->args;
     #ifdef WOLFSSL_ASYNC_CRYPT
         ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-        if (ret != WC_NO_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
             /* Check for error */
             if (ret < 0)
                 goto exit_sske;
@@ -33127,7 +35665,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             goto exit_sske;
 
                         if (ssl->buffers.serverDH_Pub.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and
+                            /* Free'd in wolfSSL_ResourceFree and
                              * FreeHandshakeResources */
                             ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
                                     pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -33141,7 +35679,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         pSz = wc_DhGetNamedKeyMinSize(ssl->namedGroup);
 
                         if (ssl->buffers.serverDH_Priv.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and
+                            /* Free'd in wolfSSL_ResourceFree and
                              * FreeHandshakeResources */
                             ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
                                     pSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -33210,7 +35748,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         }
 
                         if (ssl->buffers.serverDH_Pub.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
+                            /* Free'd in wolfSSL_ResourceFree
+                             * and FreeHandshakeResources
+                             */
                             ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
                                     ssl->buffers.serverDH_P.length,
                                     ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -33222,7 +35762,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         }
 
                         if (ssl->buffers.serverDH_Priv.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
+                            /* Free'd in wolfSSL_ResourceFree
+                             * and FreeHandshakeResources
+                             */
                             ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
                                     ssl->buffers.serverDH_P.length,
                                     ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -33332,7 +35874,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             if (ssl->eccTempKeyPresent == 0) {
                                 ret = X25519MakeKey(ssl,
                                         (curve25519_key*)ssl->eccTempKey, NULL);
-                                if (ret == 0 || ret == WC_PENDING_E) {
+                                if (ret == 0 ||
+                                    ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ssl->eccTempKeyPresent =
                                         DYNAMIC_TYPE_CURVE25519;
                                 }
@@ -33359,7 +35902,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             if (ssl->eccTempKeyPresent == 0) {
                                 ret = X448MakeKey(ssl,
                                           (curve448_key*)ssl->eccTempKey, NULL);
-                                if (ret == 0 || ret == WC_PENDING_E) {
+                                if (ret == 0 ||
+                                    ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ssl->eccTempKeyPresent =
                                         DYNAMIC_TYPE_CURVE448;
                                 }
@@ -33384,7 +35928,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
                         if (ssl->eccTempKeyPresent == 0) {
                             ret = EccMakeKey(ssl, ssl->eccTempKey, NULL);
-                            if (ret == 0 || ret == WC_PENDING_E) {
+                            if (ret == 0 ||
+                                ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ssl->eccTempKeyPresent = DYNAMIC_TYPE_ECC;
                             }
                         }
@@ -33708,7 +36253,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         if (ssl->buffers.key == NULL) {
                         #ifdef HAVE_PK_CALLBACKS
                             if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
-                                args->tmpSigSz = GetPrivateKeySigSize(ssl);
+                                args->tmpSigSz = (word32)GetPrivateKeySigSize(ssl);
                                 if (args->tmpSigSz == 0) {
                                     ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
                                 }
@@ -33725,7 +36270,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         #endif
                             case rsa_sa_algo:
                             {
-                                word16 keySz;
+                                word32 keySz;
 
                                 ssl->buffers.keyType = rsa_sa_algo;
                                 ret = DecodePrivateKey(ssl, &keySz);
@@ -33743,9 +36288,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         #endif
                             case ecc_dsa_sa_algo:
                             {
-                                word16 keySz;
+                                word32 keySz;
 
-                                ssl->buffers.keyType = ecc_dsa_sa_algo;
+                                ssl->buffers.keyType = ssl->options.sigAlgo;
                                 ret = DecodePrivateKey(ssl, &keySz);
                                 if (ret != 0) {
                                     goto exit_sske;
@@ -33758,7 +36303,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         #ifdef HAVE_ED25519
                             case ed25519_sa_algo:
                             {
-                                word16 keySz;
+                                word32 keySz;
 
                                 ssl->buffers.keyType = ed25519_sa_algo;
                                 ret = DecodePrivateKey(ssl, &keySz);
@@ -33774,7 +36319,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         #ifdef HAVE_ED448
                             case ed448_sa_algo:
                             {
-                                word16 keySz;
+                                word32 keySz;
 
                                 ssl->buffers.keyType = ed448_sa_algo;
                                 ret = DecodePrivateKey(ssl, &keySz);
@@ -33977,7 +36522,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         preSigSz  = args->length;
 
                         if (!ssl->options.usingAnon_cipher) {
-                            word16 keySz = 0;
+                            word32 keySz = 0;
 
                             /* sig length */
                             args->length += LENGTH_SZ;
@@ -34444,6 +36989,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                 else
                             #endif /* WOLFSSL_SM2 */
                                 {
+                                #ifdef HAVE_PK_CALLBACKS
+                                    buffer tmp;
+
+                                    tmp.length = ssl->buffers.key->length;
+                                    tmp.buffer = ssl->buffers.key->buffer;
+                                #endif
+
                                     ret = EccVerify(ssl,
                                         args->output + LENGTH_SZ + args->idx,
                                         args->sigSz,
@@ -34451,7 +37003,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                         ssl->buffers.digest.length,
                                         key,
                                     #ifdef HAVE_PK_CALLBACKS
-                                        ssl->buffers.key
+                                        &tmp
                                     #else
                                         NULL
                                     #endif
@@ -34463,7 +37015,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                     goto exit_sske;
                                 }
                             }
-                            #if defined(HAVE_E25519) || defined(HAVE_ED448)
+                            #if defined(HAVE_ED25519) || defined(HAVE_ED448)
                             FALL_THROUGH;
                             #endif
                         #endif /*  WOLFSSL_CHECK_SIG_FAULTS */
@@ -34586,14 +37138,24 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     exit_sske:
 
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        if (ret == 0) {
+            ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+                &ssl->buffers.keyMask);
+        }
+        else {
+            wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+        }
+    #endif
+
         WOLFSSL_LEAVE("SendServerKeyExchange", ret);
         WOLFSSL_END(WC_FUNC_SERVER_KEY_EXCHANGE_SEND);
 
     #ifdef WOLFSSL_ASYNC_IO
         /* Handle async operation */
-        if (ret == WANT_WRITE
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)
         #ifdef WOLFSSL_ASYNC_CRYPT
-                || ret == WC_PENDING_E
+                || ret == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
                 )
             return ret;
@@ -34623,30 +37185,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         return ret;
     }
 
-#if defined(HAVE_SERVER_RENEGOTIATION_INFO) || defined(HAVE_FALLBACK_SCSV) || \
-                                                            defined(OPENSSL_ALL)
-
-    /* search suites for specific one, idx on success, negative on error */
-    static int FindSuite(Suites* suites, byte first, byte second)
-    {
-        int i;
-
-        if (suites == NULL || suites->suiteSz == 0) {
-            WOLFSSL_MSG("Suites pointer error or suiteSz 0");
-            return SUITES_ERROR;
-        }
-
-        for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) {
-            if (suites->suites[i]   == first &&
-                suites->suites[i+1] == second )
-                return i;
-        }
-
-        return MATCH_SUITE_ERROR;
-    }
-
-#endif
-
 #endif /* !WOLFSSL_NO_TLS12 */
 
     /* Make sure server cert/key are valid for this suite, true on success
@@ -34756,7 +37294,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             int ret = TLSX_KeyShare_Choose(ssl, extensions, first, second,
                                            &cs->clientKSE, &searched);
 
-            if (ret == MEMORY_E) {
+            if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
                 WOLFSSL_MSG("TLSX_KeyShare_Choose() failed in "
                             "VerifyServerSuite() with MEMORY_E");
                 return 0;
@@ -34771,7 +37309,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 cs->doHelloRetry = 1;
             }
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E)
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 return ret;
         #endif
             if (!cs->doHelloRetry && ret != 0)
@@ -34838,7 +37376,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             for (i = 0; i < suites->suiteSz; i += 2) {
                 for (j = 0; j < peerSuites->suiteSz; j += 2) {
                     ret = CompareSuites(ssl, suites, peerSuites, i, j, cs, extensions);
-                    if (ret != MATCH_SUITE_ERROR)
+                    if (ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR))
                         return ret;
                 }
             }
@@ -34848,7 +37386,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             for (j = 0; j < peerSuites->suiteSz; j += 2) {
                 for (i = 0; i < suites->suiteSz; i += 2) {
                     ret = CompareSuites(ssl, suites, peerSuites, i, j, cs, extensions);
-                    if (ret != MATCH_SUITE_ERROR)
+                    if (ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR))
                         return ret;
                 }
             }
@@ -34887,7 +37425,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ret != 0)
             return ret;
         ret = PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
-                                         peerSuites->hashSigAlgoSz);
+                              peerSuites->hashSigAlgoSz, 1);
         if (ret != 0)
             return ret;
 
@@ -35010,9 +37548,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                        ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                       ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.haveAnon,
-                       TRUE, ssl->options.side);
+                       ssl->options.useAnon,
+                       TRUE, TRUE, TRUE, TRUE, ssl->options.side);
         }
 
         /* suite size */
@@ -35070,7 +37607,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ssl->options.usingCompression = 0;  /* turn off */
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         *inOutIdx = idx;
 
         ssl->options.haveSessionId = 1;
@@ -35139,6 +37676,47 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     {
         int ret = 0;
         WOLFSSL_SESSION* session;
+
+#ifdef HAVE_SECRET_CALLBACK
+        if (ssl->sessionSecretCb != NULL
+#ifdef HAVE_SESSION_TICKET
+                && ssl->session->ticketLen > 0
+#endif
+                ) {
+            int secretSz = SECRET_LEN;
+            WOLFSSL_MSG("Calling session secret callback");
+            ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
+                                       RAN_LEN);
+            if (ret == 0) {
+                ret = ssl->sessionSecretCb(ssl, ssl->arrays->masterSecret,
+                                              &secretSz, ssl->sessionSecretCtx);
+                if (secretSz != SECRET_LEN)
+                    ret = SESSION_SECRET_CB_E;
+            }
+            if (ret == 0)
+                ret = MatchSuite(ssl, clSuites);
+            if (ret == 0) {
+                #ifdef NO_OLD_TLS
+                    ret = DeriveTlsKeys(ssl);
+                #else
+                    #ifndef NO_TLS
+                        if (ssl->options.tls)
+                            ret = DeriveTlsKeys(ssl);
+                    #endif
+                        if (!ssl->options.tls)
+                            ret = DeriveKeys(ssl);
+                #endif
+                /* SERVER: peer auth based on session secret. */
+                ssl->options.peerAuthGood = (ret == 0);
+                ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
+            }
+            if (ret != 0)
+                WOLFSSL_ERROR_VERBOSE(ret);
+            WOLFSSL_LEAVE("HandleTlsResumption", ret);
+            return ret;
+        }
+#endif /* HAVE_SECRET_CALLBACK */
+
     #ifdef HAVE_SESSION_TICKET
         if (ssl->options.useTicket == 1) {
             session = ssl->session;
@@ -35209,7 +37787,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 ret = SetCipherSpecs(ssl);
                 if (ret == 0) {
                     ret = PickHashSigAlgo(ssl, clSuites->hashSigAlgo,
-                                               clSuites->hashSigAlgoSz);
+                                          clSuites->hashSigAlgoSz, 0);
                 }
             }
             else if (ret == 0) {
@@ -35251,11 +37829,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     {
         byte            b;
         ProtocolVersion pv;
-#ifdef WOLFSSL_SMALL_STACK
-        Suites*         clSuites = NULL;
-#else
-        Suites          clSuites[1];
-#endif
         word32          i = *inOutIdx;
         word32          begin = i;
         int             ret = 0;
@@ -35285,7 +37858,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
                     /* propagate socket errors to avoid re-calling send alert */
                     err = SendAlert(ssl, alert_fatal, alertType);
-                    if (err == SOCKET_ERROR_E)
+                    if (err == WC_NO_ERR_TRACE(SOCKET_ERROR_E))
                         ret = SOCKET_ERROR_E;
                 }
                 *inOutIdx += helloSz;
@@ -35323,8 +37896,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR)
             pv.minor = TLSv1_2_MINOR;
 
-        lesserVersion = !ssl->options.dtls && ssl->version.minor > pv.minor;
-        lesserVersion |= ssl->options.dtls && ssl->version.minor < pv.minor;
+        lesserVersion = (byte)(!ssl->options.dtls &&
+                                    ssl->version.minor > pv.minor);
+        lesserVersion |= ssl->options.dtls &&ssl->version.minor < pv.minor;
 
         if (lesserVersion) {
             byte   belowMinDowngrade;
@@ -35401,9 +37975,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                        ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                       ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.haveAnon,
-                       TRUE, ssl->options.side);
+                       ssl->options.useAnon,
+                       TRUE, TRUE, TRUE, TRUE, ssl->options.side);
         }
 
         /* check if option is set to not allow the current version
@@ -35479,9 +38052,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                            ssl->options.haveDH, ssl->options.haveECDSAsig,
                            ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                           ssl->options.haveFalconSig,
-                           ssl->options.haveDilithiumSig, ssl->options.haveAnon,
-                           TRUE, ssl->options.side);
+                           ssl->options.useAnon,
+                           TRUE, TRUE, TRUE, TRUE, ssl->options.side);
             }
         }
 
@@ -35555,46 +38127,50 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             goto out;
         }
 
-#ifdef WOLFSSL_SMALL_STACK
-        clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
+        XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+        ssl->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
                                        DYNAMIC_TYPE_SUITES);
-        if (clSuites == NULL) {
+        if (ssl->clSuites == NULL) {
             ret = MEMORY_E;
             goto out;
         }
-#endif
-        XMEMSET(clSuites, 0, sizeof(Suites));
-        ato16(&input[i], &clSuites->suiteSz);
+        XMEMSET(ssl->clSuites, 0, sizeof(Suites));
+        ato16(&input[i], &ssl->clSuites->suiteSz);
         i += OPAQUE16_LEN;
 
         /* Cipher suite lists are always multiples of two in length. */
-        if (clSuites->suiteSz % 2 != 0) {
+        if (ssl->clSuites->suiteSz % 2 != 0) {
             ret = BUFFER_ERROR;
             goto out;
         }
 
         /* suites and compression length check */
-        if ((i - begin) + clSuites->suiteSz + OPAQUE8_LEN > helloSz) {
+        if ((i - begin) + ssl->clSuites->suiteSz + OPAQUE8_LEN > helloSz) {
             ret = BUFFER_ERROR;
             goto out;
         }
 
-        if (clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) {
+        if (ssl->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) {
             ret = BUFFER_ERROR;
             goto out;
         }
 
-        XMEMCPY(clSuites->suites, input + i, clSuites->suiteSz);
+        XMEMCPY(ssl->clSuites->suites, input + i, ssl->clSuites->suiteSz);
 
 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
         /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
-        if (FindSuite(clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
+        if (FindSuite(ssl->clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >=
+                0) {
             TLSX* extension;
 
             /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
             ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
-            if (ret != WOLFSSL_SUCCESS)
+            if (ret != WOLFSSL_SUCCESS) {
+                ret = SECURE_RENEGOTIATION_E;
                 goto out;
+            } else {
+                ret = 0;
+            }
 
             extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
             if (extension) {
@@ -35606,7 +38182,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
 #if defined(HAVE_FALLBACK_SCSV) || defined(OPENSSL_ALL)
         /* check for TLS_FALLBACK_SCSV suite */
-        if (FindSuite(clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
+        if (FindSuite(ssl->clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
             WOLFSSL_MSG("Found Fallback SCSV");
             if (ssl->ctx->method->version.minor > pv.minor) {
                 WOLFSSL_MSG("Client trying to connect with lesser version");
@@ -35617,8 +38193,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
 #endif
 
-        i += clSuites->suiteSz;
-        clSuites->hashSigAlgoSz = 0;
+        i += ssl->clSuites->suiteSz;
+        ssl->clSuites->hashSigAlgoSz = 0;
 
         /* compression length */
         b = input[i++];
@@ -35705,7 +38281,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #ifdef HAVE_TLS_EXTENSIONS
                 /* tls extensions */
                 if ((ret = TLSX_Parse(ssl, input + i, totalExtSz, client_hello,
-                                                                    clSuites)))
+                                                                ssl->clSuites)))
                     goto out;
     #ifdef WOLFSSL_TLS13
                 if (TLSX_Find(ssl->extensions,
@@ -35761,15 +38337,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             goto out;
                         }
 
-                        clSuites->hashSigAlgoSz = hashSigAlgoSz;
-                        if (clSuites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
+                        ssl->clSuites->hashSigAlgoSz = hashSigAlgoSz;
+                        if (ssl->clSuites->hashSigAlgoSz >
+                                WOLFSSL_MAX_SIGALGO) {
                             WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, "
                                                                   "truncating");
-                            clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
+                            ssl->clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
                         }
 
-                        XMEMCPY(clSuites->hashSigAlgo, &input[i],
-                                                      clSuites->hashSigAlgoSz);
+                        XMEMCPY(ssl->clSuites->hashSigAlgo, &input[i],
+                                                  ssl->clSuites->hashSigAlgoSz);
 
                         i += hashSigAlgoSz;
                     }
@@ -35780,7 +38357,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     else
                         i += extSz;
 
-                    totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
+                    totalExtSz -= (word16)(OPAQUE16_LEN + OPAQUE16_LEN) + extSz;
                 }
 #endif
                 *inOutIdx = i;
@@ -35798,8 +38375,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->options.haveSessionId = 1;
 
         /* ProcessOld uses same resume code */
+        WOLFSSL_MSG_EX("ssl->options.resuming %d", ssl->options.resuming);
         if (ssl->options.resuming) {
-            ret = HandleTlsResumption(ssl, clSuites);
+            ret = HandleTlsResumption(ssl, ssl->clSuites);
             if (ret != 0)
                 goto out;
 
@@ -35835,19 +38413,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
 
 #ifdef OPENSSL_EXTRA
-        ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables
-                                   *
-                                   * (suppress warning that ssl, a persistent
-                                   * non-local allocation, has its ->clSuites
-                                   * set to clSuites, a local stack allocation.
-                                   * we clear this assignment before returning.)
-                                   */
         /* Give user last chance to provide a cert for cipher selection */
         if (ret == 0 && ssl->ctx->certSetupCb != NULL)
             ret = CertSetupCbWrapper(ssl);
 #endif
         if (ret == 0)
-            ret = MatchSuite(ssl, clSuites);
+            ret = MatchSuite(ssl, ssl->clSuites);
 
 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_ENCRYPT_THEN_MAC) && \
     !defined(WOLFSSL_AEAD_ONLY)
@@ -35865,12 +38436,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
 
     out:
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if !defined(OPENSSL_EXTRA)
+        XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
         ssl->clSuites = NULL;
-#endif
-#ifdef WOLFSSL_SMALL_STACK
-        if (clSuites != NULL)
-            XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
 #endif
         WOLFSSL_LEAVE("DoClientHello", ret);
         WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
@@ -35893,8 +38461,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         word32 sigSz;
         word32 idx;
         word32 begin;
-        byte   hashAlgo;
-        byte   sigAlgo;
     } DcvArgs;
 
     static void FreeDcvArgs(WOLFSSL* ssl, void* pArgs)
@@ -35931,7 +38497,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         args = (DcvArgs*)ssl->async->args;
 
         ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-        if (ret != WC_NO_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
             /* Check for error */
             if (ret < 0)
                 goto exit_dcv;
@@ -35943,8 +38509,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ret = 0;
             ssl->options.asyncState = TLS_ASYNC_BEGIN;
             XMEMSET(args, 0, sizeof(DcvArgs));
-            args->hashAlgo = sha_mac;
-            args->sigAlgo = anonymous_sa_algo;
+            ssl->options.peerHashAlgo = sha_mac;
+            ssl->options.peerSigAlgo = anonymous_sa_algo;
             args->idx = *inOutIdx;
             args->begin = *inOutIdx;
         #ifdef WOLFSSL_ASYNC_CRYPT
@@ -35975,34 +38541,34 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         ERROR_OUT(BUFFER_ERROR, exit_dcv);
                     }
 
-                    DecodeSigAlg(&input[args->idx], &args->hashAlgo,
-                                 &args->sigAlgo);
+                    DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
+                                 &ssl->options.peerSigAlgo);
                     args->idx += 2;
                 }
             #ifndef NO_RSA
                 else if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0)
-                    args->sigAlgo = rsa_sa_algo;
+                    ssl->options.peerSigAlgo = rsa_sa_algo;
             #endif
             #ifdef HAVE_ECC
                 else if (ssl->peerEccDsaKeyPresent) {
                 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                     if (ssl->peerEccDsaKey->dp->id == ECC_SM2P256V1) {
-                        args->sigAlgo = sm2_sa_algo;
+                        ssl->options.peerSigAlgo = sm2_sa_algo;
                     }
                     else
                 #endif
                     {
-                        args->sigAlgo = ecc_dsa_sa_algo;
+                        ssl->options.peerSigAlgo = ecc_dsa_sa_algo;
                     }
                 }
             #endif
             #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
                 else if (ssl->peerEd25519KeyPresent)
-                    args->sigAlgo = ed25519_sa_algo;
+                    ssl->options.peerSigAlgo = ed25519_sa_algo;
             #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
             #if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
                 else if (ssl->peerEd448KeyPresent)
-                    args->sigAlgo = ed448_sa_algo;
+                    ssl->options.peerSigAlgo = ed448_sa_algo;
             #endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
 
                 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
@@ -36038,15 +38604,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 #endif
 
                     if (IsAtLeastTLSv1_2(ssl)) {
-                        if (args->sigAlgo != ecc_dsa_sa_algo
+                        if (ssl->options.peerSigAlgo != ecc_dsa_sa_algo
                         #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                            && args->sigAlgo != sm2_sa_algo
+                            && ssl->options.peerSigAlgo != sm2_sa_algo
                         #endif
                             ) {
                             WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
                         }
 
-                        SetDigest(ssl, args->hashAlgo);
+                        SetDigest(ssl, ssl->options.peerHashAlgo);
                     }
                 }
             #endif /* HAVE_ECC */
@@ -36054,7 +38620,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 if (ssl->peerEd25519KeyPresent) {
                     WOLFSSL_MSG("Doing ED25519 peer cert verify");
                     if (IsAtLeastTLSv1_2(ssl) &&
-                                             args->sigAlgo != ed25519_sa_algo) {
+                                             ssl->options.peerSigAlgo != ed25519_sa_algo) {
                         WOLFSSL_MSG(
                                "Oops, peer sent ED25519 key but not in verify");
                     }
@@ -36064,7 +38630,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 if (ssl->peerEd448KeyPresent) {
                     WOLFSSL_MSG("Doing ED448 peer cert verify");
                     if (IsAtLeastTLSv1_2(ssl) &&
-                                               args->sigAlgo != ed448_sa_algo) {
+                                               ssl->options.peerSigAlgo != ed448_sa_algo) {
                         WOLFSSL_MSG(
                                  "Oops, peer sent ED448 key but not in verify");
                     }
@@ -36086,7 +38652,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         input + args->idx,
                         args->sz,
                         &args->output,
-                        args->sigAlgo, args->hashAlgo,
+                        ssl->options.peerSigAlgo, ssl->options.peerHashAlgo,
                         ssl->peerRsaKey,
                     #ifdef HAVE_PK_CALLBACKS
                         &ssl->buffers.peerRsaKey
@@ -36095,10 +38661,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     #endif
                     );
                     if (ret >= 0) {
-                        if (args->sigAlgo == rsa_sa_algo)
-                            args->sendSz = ret;
+                        if (ssl->options.peerSigAlgo == rsa_sa_algo)
+                            args->sendSz = (word32)ret;
                         else {
-                            args->sigSz = ret;
+                            args->sigSz = (word32)ret;
                             args->sendSz = ssl->buffers.digest.length;
                         }
                         ret = 0;
@@ -36110,7 +38676,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     WOLFSSL_MSG("Doing ECC peer cert verify");
 
                 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                    if (args->sigAlgo == sm2_sa_algo) {
+                    if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                         ret = Sm2wSm3Verify(ssl,
                             TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ,
                             input + args->idx, args->sz,
@@ -36184,7 +38750,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
             #ifdef WOLFSSL_ASYNC_CRYPT
                 /* handle async pending */
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     goto exit_dcv;
             #endif
 
@@ -36205,21 +38771,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
                     if (IsAtLeastTLSv1_2(ssl)) {
                     #ifdef WC_RSA_PSS
-                        if (args->sigAlgo == rsa_pss_sa_algo) {
-                            SetDigest(ssl, args->hashAlgo);
+                        if (ssl->options.peerSigAlgo == rsa_pss_sa_algo) {
+                            SetDigest(ssl, ssl->options.peerHashAlgo);
 
                         #ifdef HAVE_SELFTEST
                             ret = wc_RsaPSS_CheckPadding(
                                             ssl->buffers.digest.buffer,
                                             ssl->buffers.digest.length,
                                             args->output, args->sigSz,
-                                            HashAlgoToType(args->hashAlgo));
+                                            HashAlgoToType(ssl->options.peerHashAlgo));
                         #else
                             ret = wc_RsaPSS_CheckPadding_ex(
                                             ssl->buffers.digest.buffer,
                                             ssl->buffers.digest.length,
                                             args->output, args->sigSz,
-                                            HashAlgoToType(args->hashAlgo), -1,
+                                            HashAlgoToType(ssl->options.peerHashAlgo), -1,
                                             mp_count_bits(&ssl->peerRsaKey->n));
                         #endif
                             if (ret != 0) {
@@ -36240,17 +38806,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             }
                         #endif
 
-                            if (args->sigAlgo != rsa_sa_algo) {
+                            if (ssl->options.peerSigAlgo != rsa_sa_algo) {
                                 WOLFSSL_MSG("Oops, peer sent RSA key but not "
                                             "in verify");
                             }
 
-                            SetDigest(ssl, args->hashAlgo);
+                            SetDigest(ssl, ssl->options.peerHashAlgo);
 
                             args->sigSz = wc_EncodeSignature(encodedSig,
                                 ssl->buffers.digest.buffer,
                                 ssl->buffers.digest.length,
-                                TypeHash(args->hashAlgo));
+                                TypeHash(ssl->options.peerHashAlgo));
 
                             if (args->sendSz != args->sigSz || !args->output ||
                                 XMEMCMP(args->output, encodedSig,
@@ -36288,13 +38854,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
             case TLS_ASYNC_FINALIZE:
             {
-                if (IsEncryptionOn(ssl, 0)) {
+                if (IsEncryptionOn(ssl, 0))
                     args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead)
-                        args->idx += MacSize(ssl);
-            #endif
-                }
 
                 ssl->options.havePeerVerify = 1;
 
@@ -36322,7 +38883,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* Handle async operation */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             /* Mark message as not received so it can process again */
             ssl->msgsReceived.got_certificate_verify = 0;
 
@@ -36330,9 +38891,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
     #endif /* WOLFSSL_ASYNC_CRYPT */
     #ifdef WOLFSSL_EXTRA_ALERTS
-        if (ret == BUFFER_ERROR)
+        if (ret == WC_NO_ERR_TRACE(BUFFER_ERROR))
             SendAlert(ssl, alert_fatal, decode_error);
-        else if (ret == SIG_VERIFY_E)
+        else if (ret == WC_NO_ERR_TRACE(SIG_VERIFY_E))
             SendAlert(ssl, alert_fatal, decrypt_error);
         else if (ret != 0)
             SendAlert(ssl, alert_fatal, bad_certificate);
@@ -36407,14 +38968,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 inputSz += DTLS_HANDSHAKE_EXTRA;
             }
 
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, inputSz, server_hello_done)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -36428,7 +38990,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         } else {
             #ifdef WOLFSSL_DTLS
                 if (IsDtlsNotSctpMode(ssl)) {
-                    if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, server_hello_done)) != 0)
+                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, server_hello_done)) != 0)
                         return ret;
                 }
                 if (ssl->options.dtls)
@@ -36452,7 +39014,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
         ssl->options.buildingMsg = 0;
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -36545,7 +39107,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         it = (InternalTicket*)et->enc_ticket;
 
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ssl->error != WC_PENDING_E)
+        if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
     #endif
         {
             XMEMSET(et, 0, sizeof(*et));
@@ -36629,7 +39191,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
+                /* WOLFSSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
@@ -36643,7 +39205,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             itHash = HashObject((byte*)it, sizeof(*it), &error);
             if (error == 0) {
                 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac,
-                        1, et->enc_ticket, sizeof(InternalTicket), &encLen,
+                        1, et->enc_ticket, WOLFSSL_INTERNAL_TICKET_LEN, &encLen,
                         SSL_TICKET_CTX(ssl));
             }
             else {
@@ -36652,13 +39214,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
         if (ret != WOLFSSL_TICKET_RET_OK) {
 #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
 #endif
             goto error;
         }
-        if (encLen < (int)sizeof(InternalTicket) ||
+        if (encLen < (int)WOLFSSL_INTERNAL_TICKET_LEN ||
                 encLen > (int)WOLFSSL_TICKET_ENC_SZ) {
             WOLFSSL_MSG("Bad user ticket encrypt size");
             ret = BAD_TICKET_KEY_CB_SZ;
@@ -36734,7 +39296,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         WOLFSSL_ENTER("DoDecryptTicket");
 
         if (len > SESSION_TICKET_LEN ||
-            len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
+            len < (word32)(WOLFSSL_INTERNAL_TICKET_LEN +
+                           WOLFSSL_TICKET_FIXED_SZ)) {
             WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ);
             return WOLFSSL_TICKET_RET_REJECT;
         }
@@ -36752,7 +39315,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
+                /* WOLFSSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
@@ -36773,7 +39336,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
         if (ret != WOLFSSL_TICKET_RET_OK) {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
         #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -36782,7 +39345,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 return WOLFSSL_TICKET_RET_REJECT;
             }
         }
-        if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) {
+        if (outLen > (int)inLen || outLen < (int)WOLFSSL_INTERNAL_TICKET_LEN) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
             WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ);
             return BAD_TICKET_KEY_CB_SZ;
@@ -36850,7 +39413,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         diff -= ticketSeen;
         if (diff > timeout * 1000 ||
             diff > (sword64)TLS13_MAX_TICKET_AGE * 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #else
         sword64 diff;
         sword64 ticketSeen; /* Time ticket seen (ms) */
@@ -36868,7 +39431,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         diff -= ticketSeen;
         if (diff > timeout * 1000 ||
             diff > (sword64)TLS13_MAX_TICKET_AGE * 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         ato32(psk->it->ageAdd, &ticketAdd);
         /* Subtract client's ticket age and unobfuscate. */
@@ -36878,7 +39441,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
          * Allow +/- 1000 milliseconds on ticket age.
          */
         if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
 #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
         /* Check whether resumption is possible based on suites in SSL and
@@ -36886,18 +39449,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
          */
         (void)ssl;
         if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #else
         (void)suite;
         if (!FindSuiteSSL(ssl, psk->it->suite))
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
 #ifdef OPENSSL_EXTRA
         if (ssl->sessionCtxSz > 0 &&
                (psk->it->sessionCtxSz != ssl->sessionCtxSz ||
                 XMEMCMP(psk->it->sessionCtx, ssl->sessionCtx,
                         ssl->sessionCtxSz) != 0))
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         return 0;
     }
@@ -37059,7 +39622,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
         if (sess == NULL) {
             ret = TlsSessionCacheGetAndRdLock(id, &sess, &freeCtx->row,
-                    ssl->options.side);
+                    (byte)ssl->options.side);
             if (ret != 0)
                 sess = NULL;
         }
@@ -37105,8 +39668,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 WOLFSSL_MSG("Found session matching the session id"
                             " found in the ticket");
                 /* Allocate and populate an InternalTicket */
+            #ifdef WOLFSSL_NO_REALLOC
+                tmp = (byte*)XMALLOC(sizeof(InternalTicket), ssl->heap,
+                        DYNAMIC_TYPE_TLSX);
+                if (tmp != NULL && psk->identity != NULL)
+                {
+                   XMEMCPY(tmp, psk->identity, psk->identityLen);
+                   XFREE(psk->identity, ssl->heap, DYNAMIC_TYPE_TLSX);
+                   psk->identity = NULL;
+                }
+            #else
                 tmp = (byte*)XREALLOC(psk->identity, sizeof(InternalTicket),
                         ssl->heap, DYNAMIC_TYPE_TLSX);
+            #endif
                 if (tmp != NULL) {
                     XMEMSET(tmp, 0, sizeof(InternalTicket));
                     psk->identity = tmp;
@@ -37181,6 +39755,22 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         WOLFSSL_START(WC_FUNC_TICKET_DO);
         WOLFSSL_ENTER("DoClientTicket");
 
+#ifdef HAVE_SECRET_CALLBACK
+        if (ssl->ticketParseCb != NULL) {
+            decryptRet = WOLFSSL_TICKET_RET_OK;
+            if (!ssl->ticketParseCb(ssl, input, len, ssl->ticketParseCtx)) {
+                /* Failure kills the connection */
+                decryptRet = WOLFSSL_TICKET_RET_FATAL;
+            }
+            else {
+                if (wolfSSL_set_SessionTicket(ssl, input, len) !=
+                        WOLFSSL_SUCCESS)
+                    decryptRet = WOLFSSL_TICKET_RET_REJECT;
+            }
+            goto cleanup;
+        }
+        else
+#endif
 #ifdef WOLFSSL_TLS13
         if (len == ID_LEN && IsAtLeastTLSv1_3(ssl->version)) {
             /* This is a stateful ticket. We can be sure about this because
@@ -37195,7 +39785,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
         else
 #endif
+        if (len >= sizeof(*it))
             decryptRet = DoDecryptTicket(ssl, input, len, &it);
+        else
+            WOLFSSL_MSG("Ticket is smaller than InternalTicket. Rejecting.");
+
 
         if (decryptRet != WOLFSSL_TICKET_RET_OK &&
                 decryptRet != WOLFSSL_TICKET_RET_CREATE) {
@@ -37271,7 +39865,7 @@ cleanup:
         }
 
         length += ssl->session->ticketLen;
-        sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+        sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
         if (!ssl->options.dtls) {
             if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
@@ -37313,7 +39907,7 @@ cleanup:
 
         if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
             byte* input;
-            int   inputSz = idx; /* build msg adds rec hdr */
+            int   inputSz = (int)idx; /* build msg adds rec hdr */
             int   recordHeaderSz = RECORD_HEADER_SZ;
 
             if (ssl->options.dtls)
@@ -37334,7 +39928,7 @@ cleanup:
         else {
             #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
-                if ((ret = DtlsMsgPoolSave(ssl, output, sendSz, session_ticket)) != 0)
+                if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, session_ticket)) != 0)
                     return ret;
 
                 DtlsSEQIncrement(ssl, CUR_ORDER);
@@ -37357,7 +39951,7 @@ cleanup:
         return ret;
     }
 
-#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
+#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
 
 /* Initialize the context for session ticket encryption.
  *
@@ -37456,7 +40050,123 @@ static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx)
     wc_FreeRng(&keyCtx->rng);
 }
 
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+#ifdef WOLFSSL_TICKET_ENC_CBC_HMAC
+/* Ticket encryption/decryption implementation.
+ *
+ * @param [in]   key     Key for encryption/decryption and HMAC.
+ * @param [in]   keyLen  Length of key in bytes.
+ * @param [in]   iv      IV/Nonce for encryption/decryption.
+ * @param [in]   aad     Additional authentication data.
+ * @param [in]   aadSz   Length of additional authentication data.
+ * @param [in]   in      Data to encrypt/decrypt.
+ * @param [in]   inLen   Length of encrypted data.
+ * @param [out]  out     Resulting data from encrypt/decrypt.
+ * @param [out]  outLen  Size of resulting data.
+ * @param [in]   tag     Authentication tag for encrypted data.
+ * @param [in]   heap    Dynamic memory allocation data hint.
+ * @param [in]   enc     1 when encrypting, 0 when decrypting.
+ * @return  0 on success.
+ * @return  Other value when encryption/decryption fails.
+ */
+static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
+                        byte* in, int inLen, byte* out, int* outLen, byte* tag,
+                        void* heap, int enc)
+{
+    int ret;
+#ifdef WOLFSSL_SMALL_STACK
+    Aes*  aes;
+    Hmac* hmac;
+#else
+    Aes  aes[1];
+    Hmac hmac[1];
+#endif
+
+    (void)heap;
+
+#ifdef WOLFSSL_SMALL_STACK
+    aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (aes == NULL)
+        return MEMORY_E;
+    hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (hmac == NULL) {
+        XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    XMEMSET(aes, 0, sizeof(Aes));
+    XMEMSET(hmac, 0, sizeof(Hmac));
+
+    ret = wc_HmacInit(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (ret == 0) {
+        ret = wc_HmacSetKey(hmac, WOLFSSL_TICKET_ENC_HMAC, key + keyLen -
+            WOLFSSL_TICKET_HMAC_KEY_SZ, WOLFSSL_TICKET_HMAC_KEY_SZ);
+    }
+    if (ret == 0) {
+        ret = wc_HmacUpdate(hmac, aad, aadSz);
+    }
+
+    if (ret == 0) {
+        if (enc) {
+            ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+            if (ret == 0) {
+                ret = wc_AesSetKey(aes, key,
+                    keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_ENCRYPTION);
+            }
+            if (ret == 0) {
+                ret = wc_HmacUpdate(hmac, in, inLen);
+            }
+            if (ret == 0) {
+                ret = wc_AesCbcEncrypt(aes, in, out, inLen);
+            }
+            if (ret == 0) {
+                XMEMSET(tag, 0, WOLFSSL_TICKET_MAC_SZ);
+                ret = wc_HmacFinal(hmac, tag);
+            }
+            wc_AesFree(aes);
+        }
+        else {
+            unsigned char calcTag[WOLFSSL_TICKET_MAC_SZ];
+
+            ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+            if (ret == 0) {
+                ret = wc_AesSetKey(aes, key,
+                    keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_DECRYPTION);
+            }
+            if (ret == 0) {
+                ret = wc_AesCbcDecrypt(aes, in, out, inLen);
+            }
+            if (ret == 0) {
+                ret = wc_HmacUpdate(hmac, out, inLen);
+            }
+            if (ret == 0) {
+                XMEMSET(calcTag, 0, WOLFSSL_TICKET_MAC_SZ);
+                ret = wc_HmacFinal(hmac, calcTag);
+            }
+            if (ret == 0) {
+                int i;
+                calcTag[0] ^= tag[0];
+                for (i = 1; i < WOLFSSL_TICKET_MAC_SZ; i++) {
+                    calcTag[0] |= calcTag[i] ^ tag[i];
+                }
+                /* Return a negative value when no match. */
+                ret = -calcTag[0];
+            }
+            wc_AesFree(aes);
+        }
+    }
+    wc_HmacFree(hmac);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    *outLen = inLen;
+
+    return ret;
+}
+#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
     !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
     !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
 /* Ticket encryption/decryption implementation.
@@ -37543,7 +40253,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
         }
         if (ret == 0) {
             ret = wc_AesGcmEncrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ,
-                                   tag, AES_BLOCK_SIZE, aad, aadSz);
+                                   tag, WC_AES_BLOCK_SIZE, aad, aadSz);
         }
         wc_AesFree(aes);
     }
@@ -37554,7 +40264,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
         }
         if (ret == 0) {
             ret = wc_AesGcmDecrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ,
-                                   tag, AES_BLOCK_SIZE, aad, aadSz);
+                                   tag, WC_AES_BLOCK_SIZE, aad, aadSz);
         }
         wc_AesFree(aes);
     }
@@ -37751,6 +40461,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
     WOLFSSL_ENTER("DefTicketEncCb");
 
+    if ((!enc) && (inLen != WOLFSSL_INTERNAL_TICKET_LEN)) {
+        return BUFFER_E;
+    }
+
     /* Check we have setup the RNG, name and primary key. */
     if (keyCtx->expirary[0] == 0) {
 #ifndef SINGLE_THREADED
@@ -37988,7 +40702,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
             ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
             ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
         }
-        AddHeaders(output, length, hello_verify_request, ssl);
+        AddHeaders(output, (word32)length, hello_verify_request, ssl);
 
         output[idx++] = DTLS_MAJOR;
         output[idx++] = DTLS_MINOR;
@@ -38072,6 +40786,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
         WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
         WOLFSSL_ENTER("DoClientKeyExchange");
 
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+    #endif
+
     #ifdef WOLFSSL_ASYNC_CRYPT
         if (ssl->async == NULL) {
             ssl->async = (struct WOLFSSL_ASYNC*)
@@ -38083,7 +40801,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
         args = (DckeArgs*)ssl->async->args;
 
         ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-        if (ret != WC_NO_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
             /* Check for error */
             if (ret < 0)
                 goto exit_dcke;
@@ -38227,7 +40945,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                 #ifndef NO_RSA
                     case rsa_kea:
                     {
-                        word16 keySz;
+                        word32 keySz;
 
                         ssl->buffers.keyType = rsa_sa_algo;
                         ret = DecodePrivateKey(ssl, &keySz);
@@ -38304,31 +41022,35 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             MAX_PSK_KEY_LEN);
 
                         if (ssl->arrays->psk_keySz == 0 ||
-                                ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                            #if defined(WOLFSSL_EXTRA_ALERTS) || \
-                                defined(WOLFSSL_PSK_IDENTITY_ALERT)
-                                SendAlert(ssl, alert_fatal,
-                                        unknown_psk_identity);
-                            #endif
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
+                        #if defined(WOLFSSL_EXTRA_ALERTS) || \
+                            defined(WOLFSSL_PSK_IDENTITY_ALERT)
+                            SendAlert(ssl, alert_fatal,
+                                    unknown_psk_identity);
+                        #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
                         /* SERVER: Pre-shared Key for peer authentication. */
                         ssl->options.peerAuthGood = 1;
 
                         /* make psk pre master secret */
-                        /* length of key + length 0s + length of key + key */
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
+                        if ((int)ssl->arrays->psk_keySz > 0) {
+                            /* length of key + length 0s + length of key + key */
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        XMEMSET(pms, 0, ssl->arrays->psk_keySz);
-                        pms += ssl->arrays->psk_keySz;
+                            XMEMSET(pms, 0, ssl->arrays->psk_keySz);
+                            pms += ssl->arrays->psk_keySz;
 
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                        ssl->arrays->preMasterSz =
-                            (ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
+                            XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                            ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
+                                (OPAQUE16_LEN * 2);
+                        }
+                        ssl->arrays->psk_keySz = 0; /* no further need */
                         break;
                     }
                 #endif /* !NO_PSK */
@@ -38343,7 +41065,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         if (ssl->specs.static_ecdh &&
                                           ssl->ecdhCurveOID != ECC_X25519_OID &&
                                           ssl->ecdhCurveOID != ECC_X448_OID) {
-                            word16 keySz;
+                            word32 keySz;
 
                             ssl->buffers.keyType = ecc_dsa_sa_algo;
                             ret = DecodePrivateKey(ssl, &keySz);
@@ -38393,9 +41115,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                                     input + args->idx, args->length,
                                     EC25519_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                                if (ret == BUFFER_E)
+                                if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                     SendAlert(ssl, alert_fatal, decode_error);
-                                else if (ret == ECC_OUT_OF_RANGE_E)
+                                else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                     SendAlert(ssl, alert_fatal, bad_record_mac);
                                 else {
                                     SendAlert(ssl, alert_fatal,
@@ -38450,9 +41172,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                                     input + args->idx, args->length,
                                     EC448_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                                if (ret == BUFFER_E)
+                                if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                     SendAlert(ssl, alert_fatal, decode_error);
-                                else if (ret == ECC_OUT_OF_RANGE_E)
+                                else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                     SendAlert(ssl, alert_fatal, bad_record_mac);
                                 else {
                                     SendAlert(ssl, alert_fatal,
@@ -38518,7 +41240,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
                         }
 
-                        ssl->arrays->preMasterSz = private_key->dp->size;
+                        ssl->arrays->preMasterSz = (word32)private_key->dp->size;
 
                         ssl->peerEccKeyPresent = 1;
 
@@ -38695,9 +41417,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                                     input + args->idx, args->length,
                                     EC25519_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                                if (ret == BUFFER_E)
+                                if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                     SendAlert(ssl, alert_fatal, decode_error);
-                                else if (ret == ECC_OUT_OF_RANGE_E)
+                                else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                     SendAlert(ssl, alert_fatal, bad_record_mac);
                                 else {
                                     SendAlert(ssl, alert_fatal,
@@ -38754,9 +41476,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                                     input + args->idx, args->length,
                                     EC448_LITTLE_ENDIAN)) != 0) {
                         #ifdef WOLFSSL_EXTRA_ALERTS
-                                if (ret == BUFFER_E)
+                                if (ret == WC_NO_ERR_TRACE(BUFFER_E))
                                     SendAlert(ssl, alert_fatal, decode_error);
-                                else if (ret == ECC_OUT_OF_RANGE_E)
+                                else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
                                     SendAlert(ssl, alert_fatal, bad_record_mac);
                                 else {
                                     SendAlert(ssl, alert_fatal,
@@ -38857,15 +41579,15 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                          *       RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR
                          */
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (ret == WC_PENDING_E)
+                        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                             goto exit_dcke;
                     #endif
-                        if (ret == BAD_FUNC_ARG)
+                        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
                             goto exit_dcke;
 
                         lenErrMask = 0 - (SECRET_LEN != args->sigSz);
                         args->lastErr = (ret & (~lenErrMask)) |
-                            (RSA_PAD_E & lenErrMask);
+                            (WC_NO_ERR_TRACE(RSA_PAD_E) & lenErrMask);
                         ret = 0;
                         break;
                     } /* rsa_kea */
@@ -38923,7 +41645,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             WOLFSSL_SERVER_END
                         );
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (ret != WC_PENDING_E)
+                        if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                     #endif
                         {
                             FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -38979,7 +41701,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                                 WOLFSSL_SERVER_END
                             );
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (ret != WC_PENDING_E)
+                            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         #endif
                             {
                                 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -39000,7 +41722,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                                 WOLFSSL_SERVER_END
                             );
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (ret != WC_PENDING_E)
+                            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         #endif
                             {
                                 FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -39020,7 +41742,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         );
                         if (!ssl->specs.static_ecdh
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                     #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -39075,8 +41797,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         ret = args->lastErr;
                         args->lastErr = 0; /* reset */
                         /* On error 'ret' will be negative */
-                        mask = ((unsigned int)ret >>
-                                                   ((sizeof(ret) * 8) - 1)) - 1;
+                        mask = (byte)(((unsigned int)ret >> ((sizeof(ret) * 8) - 1)) - 1);
 
                         /* build PreMasterSecret */
                         ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
@@ -39143,24 +41864,27 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             MAX_PSK_KEY_LEN);
 
                         if (ssl->arrays->psk_keySz == 0 ||
-                                ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                            #if defined(WOLFSSL_EXTRA_ALERTS) || \
-                                defined(WOLFSSL_PSK_IDENTITY_ALERT)
-                                SendAlert(ssl, alert_fatal,
-                                        unknown_psk_identity);
-                            #endif
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
+                        #if defined(WOLFSSL_EXTRA_ALERTS) || \
+                            defined(WOLFSSL_PSK_IDENTITY_ALERT)
+                            SendAlert(ssl, alert_fatal,
+                                    unknown_psk_identity);
+                        #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
                         /* SERVER: Pre-shared Key for peer authentication. */
                         ssl->options.peerAuthGood = 1;
 
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
+                        if ((int)ssl->arrays->psk_keySz > 0) {
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        XMEMCPY(pms, ssl->arrays->psk_key,
-                                                    ssl->arrays->psk_keySz);
-                        ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
-                                                                OPAQUE16_LEN;
+                            XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                            ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                            ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        }
+                        ssl->arrays->psk_keySz = 0; /* no further need */
                         break;
                     }
                 #endif /* !NO_DH && !NO_PSK */
@@ -39186,18 +41910,21 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                             MAX_PSK_KEY_LEN);
 
                         if (ssl->arrays->psk_keySz == 0 ||
-                                   ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                        (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
                         /* SERVER: Pre-shared Key for peer authentication. */
                         ssl->options.peerAuthGood = 1;
+                        if ((int)ssl->arrays->psk_keySz > 0) {
+                            c16toa((word16) ssl->arrays->psk_keySz, pms);
+                            pms += OPAQUE16_LEN;
 
-                        c16toa((word16) ssl->arrays->psk_keySz, pms);
-                        pms += OPAQUE16_LEN;
-
-                        XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
-                        ssl->arrays->preMasterSz +=
-                                      ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                            XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                            ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
+                            ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
+                        }
+                        ssl->arrays->psk_keySz = 0; /* no further need */
                         break;
                     }
                 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
@@ -39217,13 +41944,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
             case TLS_ASYNC_FINALIZE:
             {
-                if (IsEncryptionOn(ssl, 0)) {
+                if (IsEncryptionOn(ssl, 0))
                     args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead)
-                        args->idx += MacSize(ssl);
-            #endif
-                }
 
                 ret = MakeMasterSecret(ssl);
 
@@ -39256,11 +41978,21 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
     exit_dcke:
 
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        if (ret == 0) {
+            ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+                &ssl->buffers.keyMask);
+        }
+        else {
+            wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+        }
+    #endif
+
         WOLFSSL_LEAVE("DoClientKeyExchange", ret);
         WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* Handle async operation */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             /* Mark message as not received so it can process again */
             ssl->msgsReceived.got_client_key_exchange = 0;
 
@@ -39304,7 +42036,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
            WOLFSSL_EXTRA_ALERTS is defined, indicating user is OK with
            potential information disclosure from alerts. */
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EXTRA_ALERTS)
-        ad = SSL_AD_UNRECOGNIZED_NAME;
+        ad = WOLFSSL_AD_UNRECOGNIZED_NAME;
 #endif
         /* Stunnel supports a custom sni callback to switch an SSL's ctx
         * when SNI is received. Call it now if exists */
@@ -39331,7 +42063,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
     }
 #endif /* HAVE_SNI */
 
-#endif /* NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
 
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -39352,7 +42084,8 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)
         event = &asyncDev->event;
 
         ret = wolfAsync_EventPop(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL);
-        if (ret != WC_NO_PENDING_E && ret != WC_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E) &&
+            ret != WC_NO_ERR_TRACE(WC_PENDING_E)) {
             /* advance key share state if doesn't need called again */
             if (state && (asyncDev->event.flags & WC_ASYNC_FLAG_CALL_AGAIN) == 0) {
                 (*state)++;
@@ -39365,7 +42098,7 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)
     #if (defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)) && \
         !defined(WOLFSSL_ASYNC_CRYPT_SW) && !defined(HAVE_INTEL_QA) && \
         !defined(HAVE_CAVIUM)
-        else if (ret == WC_PENDING_E) {
+        else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             /* Allow the underlying crypto API to be called again to trigger the
              * crypto or PK callback. The actual callback must be called, since
              * the completion is not detected in the poll like Intel QAT or
@@ -39564,7 +42297,7 @@ int wolfSSL_sk_BY_DIR_HASH_find(
         }
         next = next->next;
     }
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 /* return a number of WOLFSSL_BY_DIR_HASH in stack */
 int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
@@ -39572,7 +42305,7 @@ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
 
     if (sk == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)sk->num;
 }
 /* return WOLFSSL_BY_DIR_HASH instance at i */
@@ -39733,9 +42466,7 @@ void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry)
         wolfSSL_sk_BY_DIR_HASH_free(entry->hashes);
     }
 
-    if (entry->dir_name != NULL) {
-        XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
 
     XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL);
 }
@@ -39757,7 +42488,7 @@ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk)
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num");
 
     if (sk == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)sk->num;
 }
 /* return WOLFSSL_BY_DIR_entry instance at i */
@@ -39975,7 +42706,8 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
     }
 
     for (i = 0; i < totalCerts; i++) {
-        secCert = ConvertToSecCertificateRef(certs[i].buffer, certs[i].length);
+        secCert = ConvertToSecCertificateRef(certs[i].buffer,
+                (int)certs[i].length);
         if (!secCert) {
             WOLFSSL_MSG("Error: can't convert DER cert to SecCertificateRef");
             ret = 0;
diff --git a/src/keys.c b/src/keys.c
index fa04c4dbb..79560710f 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1,6 +1,6 @@
 /* keys.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,7 +28,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
 
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
@@ -105,7 +105,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
  * @param cipherSuite  [in]
  * @param specs        [out] CipherSpecs
  * @param opts         [in/out] Options can be NULL
- * @return
+ * @return int (less than 0 on fail, 0 on success)
  */
 int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
                       CipherSpecs* specs, Options* opts)
@@ -341,7 +341,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -358,7 +358,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -374,7 +374,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -431,7 +431,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -448,7 +448,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -466,7 +466,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -503,7 +503,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -530,7 +530,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -547,7 +547,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -601,7 +601,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -618,7 +618,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -635,7 +635,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -653,7 +653,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -671,8 +671,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
         break;
@@ -689,8 +689,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
         break;
@@ -707,8 +707,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
         break;
@@ -747,7 +747,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -764,7 +764,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -781,7 +781,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -798,7 +798,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -814,7 +814,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -907,7 +907,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -924,7 +924,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -941,7 +941,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -958,7 +958,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -976,7 +976,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -994,7 +994,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1012,7 +1012,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1068,8 +1068,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
         break;
@@ -1086,8 +1086,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
         break;
@@ -1104,8 +1104,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
         if (opts != NULL)
@@ -1124,8 +1124,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
         if (opts != NULL)
@@ -1144,8 +1144,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
         if (opts != NULL)
@@ -1164,8 +1164,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
         if (opts != NULL)
@@ -1184,8 +1184,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
         if (opts != NULL)
@@ -1204,8 +1204,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
-        specs->iv_size               = AESGCM_IMP_IV_SZ;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
+        specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
         if (opts != NULL)
@@ -1273,7 +1273,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_128_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
             specs->iv_size               = AESGCM_NONCE_SZ;
             specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1291,7 +1291,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_256_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
             specs->iv_size               = AESGCM_NONCE_SZ;
             specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1329,8 +1329,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_128_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
-            specs->iv_size               = AESGCM_NONCE_SZ;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
+            specs->iv_size               = AESCCM_NONCE_SZ;
             specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
             break;
@@ -1347,8 +1347,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_128_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
-            specs->iv_size               = AESGCM_NONCE_SZ;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
+            specs->iv_size               = AESCCM_NONCE_SZ;
             specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
             break;
@@ -1375,7 +1375,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1440,7 +1440,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = SM4_KEY_SIZE;
         specs->block_size            = SM4_BLOCK_SIZE;
-        specs->iv_size               = GCM_IMP_IV_SZ;
+        specs->iv_size               = CCM_IMP_IV_SZ;
         specs->aead_mac_size         = SM4_CCM_AUTH_SZ;
 
         break;
@@ -1564,7 +1564,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1581,7 +1581,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1649,7 +1649,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1666,7 +1666,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1683,7 +1683,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1703,7 +1703,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1723,7 +1723,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1743,7 +1743,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1763,7 +1763,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1783,7 +1783,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1802,7 +1802,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1821,7 +1821,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1840,7 +1840,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1859,7 +1859,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1878,7 +1878,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1992,7 +1992,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2026,7 +2026,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2043,7 +2043,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2060,7 +2060,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2077,7 +2077,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2095,7 +2095,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2113,7 +2113,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2131,7 +2131,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2149,7 +2149,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2166,7 +2166,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2183,7 +2183,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2200,7 +2200,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2217,7 +2217,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2234,7 +2234,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2251,7 +2251,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2268,7 +2268,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2285,7 +2285,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -2371,7 +2371,7 @@ static int SetPrefix(byte* sha_input, int idx)
 #endif
 
 
-static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
+int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                    int side, void* heap, int devId, WC_RNG* rng, int tls13)
 {
     (void)rng;
@@ -2976,13 +2976,13 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
 
         if (enc && enc->cam == NULL)
             enc->cam =
-                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
+                (wc_Camellia*)XMALLOC(sizeof(wc_Camellia), heap, DYNAMIC_TYPE_CIPHER);
         if (enc && enc->cam == NULL)
             return MEMORY_E;
 
         if (dec && dec->cam == NULL)
             dec->cam =
-                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
+                (wc_Camellia*)XMALLOC(sizeof(wc_Camellia), heap, DYNAMIC_TYPE_CIPHER);
         if (dec && dec->cam == NULL)
             return MEMORY_E;
 
@@ -3318,9 +3318,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                                                            DYNAMIC_TYPE_CIPHER);
                 if (enc->hmac == NULL)
                     return MEMORY_E;
-            }
 
-            if (enc) {
                 if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
                     WOLFSSL_MSG("HmacInit failed in SetKeys");
                     XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
@@ -3334,9 +3332,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                                                            DYNAMIC_TYPE_CIPHER);
                 if (dec->hmac == NULL)
                     return MEMORY_E;
-            }
 
-            if (dec) {
                 if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
                     WOLFSSL_MSG("HmacInit failed in SetKeys");
                     XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
@@ -3561,7 +3557,8 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
         void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
         ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
     }
-    if (!ssl->ctx->EncryptKeysCb || ret == PROTOCOLCB_UNAVAILABLE)
+    if (!ssl->ctx->EncryptKeysCb ||
+        ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
     {
         ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
@@ -3668,7 +3665,8 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
 /* TLS can call too */
 int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
 {
-    int sz, i = 0;
+    size_t sz;
+    int i = 0;
     Keys* keys = &ssl->keys;
 #ifdef WOLFSSL_DTLS
     /* In case of DTLS, ssl->keys is updated here */
@@ -3712,7 +3710,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
             XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
             XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
     #endif
-            i += sz;
+            i += (int)sz;
         }
         sz = ssl->specs.key_size;
     #ifdef WOLFSSL_DTLS
@@ -3725,7 +3723,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
     #endif
         XMEMCPY(keys->client_write_key, &keyData[i], sz);
         XMEMCPY(keys->server_write_key, &keyData[i], sz);
-        i += sz;
+        i += (int)sz;
 
         sz = ssl->specs.iv_size;
     #ifdef WOLFSSL_DTLS
@@ -3767,7 +3765,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
         #endif
             XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
     #endif
-            i += sz;
+            i += (int)sz;
         }
         if (side & PROVISION_SERVER) {
     #ifndef WOLFSSL_AEAD_ONLY
@@ -3778,7 +3776,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
         #endif
             XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
     #endif
-            i += sz;
+            i += (int)sz;
         }
     }
     sz = ssl->specs.key_size;
@@ -3789,7 +3787,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
                     keys->client_write_key, sz);
     #endif
         XMEMCPY(keys->client_write_key, &keyData[i], sz);
-        i += sz;
+        i += (int)sz;
     }
     if (side & PROVISION_SERVER) {
     #ifdef WOLFSSL_DTLS
@@ -3798,7 +3796,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
                     keys->server_write_key, sz);
     #endif
         XMEMCPY(keys->server_write_key, &keyData[i], sz);
-        i += sz;
+        i += (int)sz;
     }
 
     sz = ssl->specs.iv_size;
@@ -3809,7 +3807,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
                     keys->client_write_IV, sz);
     #endif
         XMEMCPY(keys->client_write_IV, &keyData[i], sz);
-        i += sz;
+        i += (int)sz;
     }
     if (side & PROVISION_SERVER) {
     #ifdef WOLFSSL_DTLS
@@ -3874,12 +3872,12 @@ int DeriveKeys(WOLFSSL* ssl)
 
     if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
         keyData   == NULL || md5      == NULL || sha      == NULL) {
-        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (keyData)   XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         return MEMORY_E;
     }
@@ -3910,7 +3908,8 @@ int DeriveKeys(WOLFSSL* ssl)
             XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
             if (ret == 0) {
                 ret = wc_ShaUpdate(sha, shaInput,
-                    (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
+                    (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX +
+                        (word32)(j));
             }
             if (ret == 0) {
                 ret = wc_ShaFinal(sha, shaOutput);
@@ -3944,12 +3943,13 @@ int DeriveKeys(WOLFSSL* ssl)
 
 static int CleanPreMaster(WOLFSSL* ssl)
 {
-    int i, ret, sz = ssl->arrays->preMasterSz;
+    int i, ret, sz = (int)(ssl->arrays->preMasterSz);
 
     for (i = 0; i < sz; i++)
         ssl->arrays->preMasterSecret[i] = 0;
 
-    ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
+    ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
+                                                            (word32)(sz));
     if (ret != 0)
         return ret;
 
@@ -4011,11 +4011,11 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
 
     if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
                              md5      == NULL || sha      == NULL) {
-        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         return MEMORY_E;
     }
@@ -4037,8 +4037,8 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
             }
 
             idx = 0;
-            XMEMCPY(shaInput, prefix, i + 1);
-            idx += i + 1;
+            XMEMCPY(shaInput, prefix, (size_t)(i + 1));
+            idx += (word32)(i + 1);
 
             XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
             idx += pmsSz;
@@ -4111,4 +4111,4 @@ int MakeMasterSecret(WOLFSSL* ssl)
 #endif
 }
 
-#endif /* WOLFCRYPT_ONLY */
+#endif /* !WOLFCRYPT_ONLY && !NO_TLS */
diff --git a/src/ocsp.c b/src/ocsp.c
index c56ec22f1..8ded866ac 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -1,6 +1,6 @@
 /* ocsp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -90,8 +90,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap)
     for (status = entry->status; status; status = next) {
         next = status->next;
 
-        if (status->rawOcspResponse)
-            XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS);
+        XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS);
 
 #ifdef OPENSSL_EXTRA
         if (status->serialInt) {
@@ -144,7 +143,7 @@ static int xstat2err(int st)
 
 int CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert, WOLFSSL* ssl)
 {
-    int ret = OCSP_LOOKUP_FAIL;
+    int ret = WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL);
 
 #ifdef WOLFSSL_SMALL_STACK
     OcspRequest* ocspRequest;
@@ -227,7 +226,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
                   OcspEntry* entry, CertStatus** status, buffer* responseBuffer,
                   void* heap)
 {
-    int ret = OCSP_INVALID_STATUS;
+    int ret = WC_NO_ERR_TRACE(OCSP_INVALID_STATUS);
 
     WOLFSSL_ENTER("GetOcspStatus");
 
@@ -241,7 +240,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
 
     for (*status = entry->status; *status; *status = (*status)->next)
         if ((*status)->serialSz == request->serialSz
-        &&  !XMEMCMP((*status)->serial, request->serial, (*status)->serialSz))
+        &&  !XMEMCMP((*status)->serial, request->serial, (size_t)(*status)->serialSz))
             break;
 
     if (responseBuffer && *status && !(*status)->rawOcspResponse) {
@@ -251,10 +250,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
     else if (*status) {
 #ifndef NO_ASN_TIME
         if (XVALIDATE_DATE((*status)->thisDate,
-                                             (*status)->thisDateFormat, BEFORE)
+                                         (*status)->thisDateFormat, ASN_BEFORE)
         &&  ((*status)->nextDate[0] != 0)
         &&  XVALIDATE_DATE((*status)->nextDate,
-                                             (*status)->nextDateFormat, AFTER))
+                                         (*status)->nextDateFormat, ASN_AFTER))
 #endif
         {
             ret = xstat2err((*status)->status);
@@ -284,7 +283,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
  * ocsp           Context object for OCSP status.
  * response       OCSP response message data.
  * responseSz     Length of OCSP response message data.
- * reponseBuffer  Buffer object to return the response with.
+ * responseBuffer Buffer object to return the response with.
  * status         The certificate status object.
  * entry          The OCSP entry for this certificate.
  * ocspRequest    Request corresponding to response.
@@ -318,18 +317,23 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
                                                        DYNAMIC_TYPE_OCSP_REQUEST);
 
     if (newStatus == NULL || newSingle == NULL || ocspResponse == NULL) {
-        if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS);
-        if (newSingle) XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
-        if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
+        XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS);
+        XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+        XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
 
         WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
         return MEMORY_E;
     }
 #endif
-    InitOcspResponse(ocspResponse, newSingle, newStatus, response, responseSz,
-                     ocsp->cm->heap);
-
-    ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0);
+    InitOcspResponse(ocspResponse, newSingle, newStatus, response,
+                     (word32)responseSz, ocsp->cm->heap);
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    if (ocspRequest != NULL && ocspRequest->ssl != NULL &&
+           TLSX_CSR2_IsMulti(((WOLFSSL*)ocspRequest->ssl)->extensions)) {
+        ocspResponse->pendingCAs = TLSX_CSR2_GetPendingSigners(((WOLFSSL*)ocspRequest->ssl)->extensions);
+    }
+#endif
+    ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0, 0);
     if (ret != 0) {
         ocsp->error = ret;
         WOLFSSL_LEAVE("OcspResponseDecode failed", ocsp->error);
@@ -350,12 +354,12 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
     }
 
     if (responseBuffer) {
-        responseBuffer->buffer = (byte*)XMALLOC(responseSz, heap,
+        responseBuffer->buffer = (byte*)XMALLOC((size_t)responseSz, heap,
                                                 DYNAMIC_TYPE_TMP_BUFFER);
 
         if (responseBuffer->buffer) {
-            responseBuffer->length = responseSz;
-            XMEMCPY(responseBuffer->buffer, response, responseSz);
+            responseBuffer->length = (unsigned int)responseSz;
+            XMEMCPY(responseBuffer->buffer, response, (size_t)responseSz);
         }
     }
 
@@ -370,10 +374,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
     }
 
     if (status != NULL) {
-        if (status->rawOcspResponse) {
-            XFREE(status->rawOcspResponse, ocsp->cm->heap,
-                  DYNAMIC_TYPE_OCSP_STATUS);
-        }
+        XFREE(status->rawOcspResponse, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
 
         /* Replace existing certificate entry with updated */
         ocspResponse->single->status->next = status->next;
@@ -410,10 +411,10 @@ end:
     if (ret == 0 && validated == 1) {
         WOLFSSL_MSG("New OcspResponse validated");
     }
-    else if (ret == OCSP_CERT_REVOKED) {
+    else if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED)) {
         WOLFSSL_MSG("OCSP revoked");
     }
-    else if (ret == OCSP_CERT_UNKNOWN) {
+    else if (ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) {
         WOLFSSL_MSG("OCSP unknown");
     }
     else {
@@ -466,7 +467,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
 
     ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer,
                         heap);
-    if (ret != OCSP_INVALID_STATUS)
+    if (ret != WC_NO_ERR_TRACE(OCSP_INVALID_STATUS))
         return ret;
 
     if (responseBuffer) {
@@ -479,32 +480,6 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
     ioCtx = (ssl && ssl->ocspIOCtx != NULL) ?
                                         ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-    if (ocsp->statusCb != NULL && ssl != NULL) {
-        WOLFSSL_MSG("Calling ocsp->statusCb");
-        ret = ocsp->statusCb(ssl, ioCtx);
-        switch (ret) {
-            case SSL_TLSEXT_ERR_OK:
-                ret = wolfSSL_get_ocsp_response(ssl, &response);
-                ret = CheckOcspResponse(ocsp, response, ret, responseBuffer,
-                                        status, entry, NULL, heap);
-                if (response != NULL)
-                    XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
-                break;
-            case SSL_TLSEXT_ERR_NOACK:
-                ret = OCSP_LOOKUP_FAIL;
-                break;
-            case SSL_TLSEXT_ERR_ALERT_FATAL:
-            default:
-                WOLFSSL_LEAVE("CheckOcspRequest", ocsp->error);
-                ret = WOLFSSL_FATAL_ERROR;
-                break;
-        }
-        WOLFSSL_LEAVE("CheckOcspRequest", ret);
-        return ret;
-    }
-#endif
-
     if (ocsp->cm->ocspUseOverrideURL) {
         url = ocsp->cm->ocspOverrideURL;
         if (url != NULL && url[0] != '\0')
@@ -522,20 +497,23 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
         return 0;
     }
 
-    request = (byte*)XMALLOC(requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
+    request = (byte*)XMALLOC((size_t)requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
     if (request == NULL) {
         WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
         return MEMORY_ERROR;
     }
 
-    requestSz = EncodeOcspRequest(ocspRequest, request, requestSz);
+    requestSz = EncodeOcspRequest(ocspRequest, request, (word32)requestSz);
     if (requestSz > 0 && ocsp->cm->ocspIOCb) {
         responseSz = ocsp->cm->ocspIOCb(ioCtx, url, urlSz,
                                         request, requestSz, &response);
     }
-    if (responseSz == WOLFSSL_CBIO_ERR_WANT_READ) {
+    if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
         ret = OCSP_WANT_READ;
     }
+    else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){
+        ret = HTTP_TIMEOUT;
+    }
 
     XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
 
@@ -555,7 +533,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
 
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
 static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert,
-        void* vp) {
+        void* vp, Signer* pendingCAs) {
     /* Attempt to build a chain up to cert's issuer */
     WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
     Signer* ca = NULL;
@@ -574,8 +552,16 @@ static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert,
 
     /* End loop if no more issuers found or if we have found a self
      * signed cert (ca == prev) */
-    for (ca = GetCAByName(cm, single->issuerHash); ca != NULL && ca != prev;
-            prev = ca, ca = GetCAByName(cm, ca->issuerNameHash)) {
+    ca = GetCAByName(cm, single->issuerHash);
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    if (ca == NULL && pendingCAs != NULL) {
+        ca = findSignerByName(pendingCAs, single->issuerHash);
+    }
+#else
+    (void)pendingCAs;
+#endif
+    for (; ca != NULL && ca != prev;
+            prev = ca) {
         if (XMEMCMP(cert->issuerHash, ca->issuerNameHash,
                 OCSP_DIGEST_SIZE) == 0) {
             WOLFSSL_MSG("\tOCSP Response signed by authorized "
@@ -584,6 +570,12 @@ static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert,
             passed = 1;
             break;
         }
+        ca = GetCAByName(cm, ca->issuerNameHash);
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+        if (ca == NULL && pendingCAs != NULL) {
+            ca = findSignerByName(pendingCAs, single->issuerHash);
+        }
+#endif
     }
     return passed;
 }
@@ -632,16 +624,13 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
             }
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
             else if (vp != NULL) {
-                passed = CheckOcspResponderChain(single, cert, vp);
+                passed = CheckOcspResponderChain(single, cert, vp, bs->pendingCAs);
             }
 #endif
         }
 
         if (!passed) {
             WOLFSSL_MSG("\tOCSP Responder not authorized");
-#ifdef OPENSSL_EXTRA
-            bs->verifyError = OCSP_BAD_ISSUER;
-#endif
             ret = BAD_OCSP_RESPONDER;
             break;
         }
@@ -649,8 +638,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
     return ret;
 }
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
+
+/* compatibility layer OCSP functions */
+#ifdef OPENSSL_EXTRA
 int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
     WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
     WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
@@ -663,7 +653,7 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
 
     single = bs->single;
     while (single != NULL) {
-        if ((XMEMCMP(single->status->serial, id->status->serial, single->status->serialSz) == 0)
+        if ((XMEMCMP(single->status->serial, id->status->serial, (size_t)single->status->serialSz) == 0)
          && (XMEMCMP(single->issuerHash, id->issuerHash, OCSP_DIGEST_SIZE) == 0)
          && (XMEMCMP(single->issuerKeyHash, id->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) {
             break;
@@ -676,10 +666,17 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
 
     if (status != NULL)
         *status = single->status->status;
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (thisupd != NULL)
         *thisupd = &single->status->thisDateParsed;
     if (nextupd != NULL)
         *nextupd = &single->status->nextDateParsed;
+#else
+    if (thisupd != NULL)
+        *thisupd = NULL;
+    if (nextupd != NULL)
+        *nextupd = NULL;
+#endif
 
     /* TODO: Not needed for Nginx or httpd */
     if (reason != NULL)
@@ -730,13 +727,23 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
     WOLFSSL_CERT_MANAGER* cm = NULL;
     int ret = -1;
     DerBuffer* derCert = NULL;
+    int dgstType;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *cert = NULL;
 #else
     DecodedCert cert[1];
 #endif
 
-    (void)dgst;
+    if (dgst == NULL) {
+        dgstType = WC_HASH_TYPE_SHA;
+    }
+    else if (wolfSSL_EVP_get_hashinfo(dgst, &dgstType, NULL) !=
+             WOLFSSL_SUCCESS) {
+        return NULL;
+    }
+
+    if (dgstType != OCSP_DIGEST)
+        return NULL;
 
     cm = wolfSSL_CertManagerNew();
     if (cm == NULL
@@ -783,14 +790,15 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
 
     InitDecodedCert(cert, subject->derCert->buffer,
                     subject->derCert->length, NULL);
-    if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
+    if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL) != 0) {
         FreeDecodedCert(cert);
         goto out;
     }
     else {
+        certId->hashAlgoOID = wc_HashGetOID(OCSP_DIGEST);
         XMEMCPY(certId->issuerHash, cert->issuerHash, OCSP_DIGEST_SIZE);
         XMEMCPY(certId->issuerKeyHash, cert->issuerKeyHash, OCSP_DIGEST_SIZE);
-        XMEMCPY(certId->status->serial, cert->serial, cert->serialSz);
+        XMEMCPY(certId->status->serial, cert->serial, (size_t)cert->serialSz);
         certId->status->serialSz = cert->serialSz;
         FreeDecodedCert(cert);
     }
@@ -802,16 +810,15 @@ out:
     if (ret != 0) {
         if (derCert != NULL)
             FreeDer(&derCert);
-        if (certId != NULL) {
+        if (cm != NULL) {
             XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL);
             certId = NULL;
-        }
-        if (certStatus)
             XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL);
+        }
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (cert != NULL)
+    if (cm != NULL)
         XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
 #endif
 
@@ -826,85 +833,249 @@ void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
     wolfSSL_OCSP_RESPONSE_free(basicResponse);
 }
 
-/* Signature verified in DecodeBasicOcspResponse.
- * But no store available to verify certificate. */
-int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
-    WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags)
+/* Calculate ancode CertID DER encoding following RFC 6960:
+   CertID ::= SEQUENCE {
+       hashAlgorithm       AlgorithmIdentifier,
+       issuerNameHash      OCTET STRING,
+       issuerKeyHash       OCTET STRING,
+       serialNumber        CertificateSerialNumber }
+*/
+static int OcspEncodeCertID(WOLFSSL_OCSP_CERTID* id, byte* output,
+    word32* totalSz, word32* intSize)
 {
-    int         ret = WOLFSSL_FAILURE;
-#ifdef WOLFSSL_SMALL_STACK
-    DecodedCert *cert;
-#else
-    DecodedCert cert[1];
-#endif
-    byte        certInit = 0;
-    int         idx;
+    word32 idx = 0;
+    int ret;
 
-    (void)certs;
+    if (id == NULL || totalSz == NULL || intSize == NULL ||
+        (output != NULL && (*totalSz == 0 || *totalSz <= *intSize)))
+        return BAD_FUNC_ARG;
 
-    if (flags & OCSP_NOVERIFY)
-        return WOLFSSL_SUCCESS;
+    if (output != NULL) {
+        ret = SetSequence(*intSize, output);
+        if (ret < 0)
+            return ret;
+        idx += ret;
+    }
 
-#ifdef WOLFSSL_SMALL_STACK
-    cert = (DecodedCert *)
-        XMALLOC(sizeof(*cert), (st && st->cm) ? st->cm->heap : NULL,
-                DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
-        return WOLFSSL_FAILURE;
-#endif
+    ret = SetAlgoID(id->hashAlgoOID, ((output != NULL) ? output + idx : output),
+        oidHashType, 0);
+    if (ret <= 0)
+        return -1;
+    idx += ret;
 
-#ifdef OPENSSL_EXTRA
-    if (bs->verifyError != OCSP_VERIFY_ERROR_NONE)
-        goto out;
-#endif
+    /* issuerNameHash */
+    ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output));
+    if (ret < 0)
+        return ret;
+    idx += ret;
+    if (output != NULL)
+        XMEMCPY(output + idx, id->issuerHash, OCSP_DIGEST_SIZE);
+    idx += OCSP_DIGEST_SIZE;
 
-    if (flags & OCSP_TRUSTOTHER) {
-        for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) {
-            WOLFSSL_X509* x = wolfSSL_sk_X509_value(certs, idx);
-            int derSz = 0;
-            const byte* der = wolfSSL_X509_get_der(x, &derSz);
-            if (der != NULL && derSz == (int)bs->certSz &&
-                    XMEMCMP(bs->cert, der, derSz) == 0) {
-                ret = WOLFSSL_SUCCESS;
-                goto out;
-            }
+    /* issuerKeyHash */
+    ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output));
+    if (ret < 0)
+        return ret;
+    idx += ret;
+    if (output != NULL)
+        XMEMCPY(output + idx, id->issuerKeyHash, OCSP_DIGEST_SIZE);
+    idx += OCSP_DIGEST_SIZE;
+
+    /* serialNumber */
+    ret = SetASNInt(id->status->serialSz, id->status->serial[0], ((output != NULL) ? output + idx : output));
+    if (ret < 0)
+        return ret;
+    idx += ret;
+    if (output != NULL)
+        XMEMCPY(output + idx, id->status->serial, id->status->serialSz);
+    idx += id->status->serialSz;
+
+    if (output == NULL) {
+        *intSize = idx;
+        ret = SetSequence(idx, NULL);
+        if (ret < 0)
+            return ret;
+        idx += ret;
+        *totalSz = idx;
+    }
+    else if (idx != *totalSz) {
+        return BUFFER_E;
+    }
+
+    return 0;
+}
+
+static int OcspRespIdMatches(OcspResponse* resp, const byte* NameHash,
+    const byte* keyHash)
+{
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
+        return XMEMCMP(NameHash, resp->responderId.nameHash,
+                   SIGNER_DIGEST_SIZE) == 0;
+    }
+    else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) {
+        return XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
+    }
+
+    return 0;
+}
+
+static int OcspFindSigner(WOLFSSL_OCSP_BASICRESP *resp,
+    WOLF_STACK_OF(WOLFSSL_X509) *certs, DecodedCert **signer, int *embedded,
+    unsigned long flags)
+{
+    WOLFSSL_X509 *signer_x509 = NULL;
+    DecodedCert *certDecoded;
+    int i;
+
+    certDecoded = (DecodedCert *)XMALLOC(sizeof(*certDecoded), resp->heap,
+                                            DYNAMIC_TYPE_DCERT);
+    if (certDecoded == NULL)
+        return MEMORY_E;
+
+    for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) {
+        signer_x509 = wolfSSL_sk_X509_value(certs, i);
+        if (signer_x509 == NULL)
+            continue;
+
+        InitDecodedCert(certDecoded, signer_x509->derCert->buffer,
+                       signer_x509->derCert->length, resp->heap);
+        if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY,
+                NULL, NULL) == 0) {
+                if (OcspRespIdMatches(resp, certDecoded->subjectHash,
+                        certDecoded->subjectKeyHash)) {
+                    *signer = certDecoded;
+                    *embedded = 0;
+                    return 0;
+                }
+        }
+        FreeDecodedCert(certDecoded);
+    }
+
+    if (flags & WOLFSSL_OCSP_NOINTERN) {
+        XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT);
+        return ASN_NO_SIGNER_E;
+    }
+
+    /* not found in certs, search the cert embedded in the response */
+    InitDecodedCert(certDecoded, resp->cert, resp->certSz, resp->heap);
+    if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
+        if (OcspRespIdMatches(resp, certDecoded->subjectHash,
+                certDecoded->subjectKeyHash)) {
+            *signer = certDecoded;
+            *embedded = 1;
+            return 0;
         }
     }
+    FreeDecodedCert(certDecoded);
 
-    InitDecodedCert(cert, bs->cert, bs->certSz, NULL);
-    certInit = 1;
-    if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm) < 0)
-        goto out;
-
-    if (!(flags & OCSP_NOCHECKS)) {
-        if (CheckOcspResponder(bs, cert, st->cm) != 0)
-            goto out;
-    }
-
-    ret = WOLFSSL_SUCCESS;
-out:
-    if (certInit)
-        FreeDecodedCert(cert);
+    XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT);
+    return ASN_NO_SIGNER_E;
+}
 
+static int OcspVerifySigner(WOLFSSL_OCSP_BASICRESP *resp, DecodedCert *cert,
+     WOLFSSL_X509_STORE *st, unsigned long flags)
+{
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(cert, (st && st->cm) ? st->cm->heap : NULL, DYNAMIC_TYPE_DCERT);
+    DecodedCert *c = NULL;
+#else
+    DecodedCert c[1];
 #endif
 
+    int ret = -1;
+    if (st == NULL)
+        return ASN_OCSP_CONFIRM_E;
+
+#ifdef WOLFSSL_SMALL_STACK
+    c = (DecodedCert *)XMALLOC(sizeof(*c), NULL, DYNAMIC_TYPE_DCERT);
+    if (c == NULL)
+        return MEMORY_E;
+#endif
+
+    InitDecodedCert(c, cert->source, cert->maxIdx, NULL);
+    if (ParseCertRelative(c, CERT_TYPE, VERIFY, st->cm, NULL) != 0) {
+        ret = ASN_OCSP_CONFIRM_E;
+        goto err;
+    }
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) {
+        ret = CheckOcspResponder(resp, c, st->cm);
+    }
+    else {
+        ret = 0;
+    }
+#else
+    (void)resp;
+    (void)flags;
+    ret = 0;
+#endif
+
+err:
+    FreeDecodedCert(c);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(c, NULL, DYNAMIC_TYPE_DCERT);
+#endif
     return ret;
 }
+/* Signature verified in DecodeBasicOcspResponse.
+ * But no store available to verify certificate. */
+int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP* bs,
+    WOLF_STACK_OF(WOLFSSL_X509) * certs, WOLFSSL_X509_STORE* st,
+    unsigned long flags)
+{
+    int         ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    int embedded;
+    DecodedCert *cert = NULL;
+
+    ret = OcspFindSigner(bs, certs, &cert, &embedded, flags);
+    if (ret != 0) {
+        WOLFSSL_MSG("OCSP no signer found");
+        return WOLFSSL_FAILURE;
+    }
+
+    /* skip certificate verification if cert in certs and TRUST_OTHER is true */
+    if (!embedded && (flags & WOLFSSL_OCSP_TRUSTOTHER) != 0)
+        flags |= WOLFSSL_OCSP_NOVERIFY;
+
+    /* verify response signature */
+    ret = ConfirmSignature(
+        &cert->sigCtx,
+        bs->response, bs->responseSz,
+        cert->publicKey, cert->pubKeySize, cert->keyOID,
+        bs->sig, bs->sigSz, bs->sigOID, bs->sigParams, bs->sigParamsSz,
+        NULL);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("OCSP signature verification failed");
+        ret = -1;
+        goto err;
+    }
+
+    if ((flags & WOLFSSL_OCSP_NOVERIFY) == 0) {
+        ret = OcspVerifySigner(bs, cert, st, flags);
+    }
+
+err:
+    FreeDecodedCert(cert);
+    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
 
 void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response)
 {
+    OcspEntry *s, *sNext;
     if (response == NULL)
         return;
 
-    if (response->single != NULL) {
-        FreeOcspEntry(response->single, NULL);
-        XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+
+    s = response->single;
+    while (s != NULL) {
+        sNext = s->next;
+        FreeOcspEntry(s, NULL);
+        XFREE(s, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+        s = sNext;
     }
 
-    if (response->source != NULL)
-        XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
 }
@@ -933,18 +1104,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
         long fcur;
         long flen;
 
-        if (bio->ptr == NULL)
+        if (bio->ptr.fh == NULL)
             return NULL;
 
-        fcur = XFTELL((XFILE)bio->ptr);
+        fcur = XFTELL(bio->ptr.fh);
         if (fcur < 0)
             return NULL;
-        if(XFSEEK((XFILE)bio->ptr, 0, SEEK_END) != 0)
+        if(XFSEEK(bio->ptr.fh, 0, SEEK_END) != 0)
             return NULL;
-        flen = XFTELL((XFILE)bio->ptr);
+        flen = XFTELL(bio->ptr.fh);
         if (flen < 0)
             return NULL;
-        if (XFSEEK((XFILE)bio->ptr, fcur, SEEK_SET) != 0)
+        if (XFSEEK(bio->ptr.fh, fcur, SEEK_SET) != 0)
             return NULL;
 
         /* check calculated length */
@@ -952,7 +1123,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
         if (fcur > MAX_WOLFSSL_FILE_SIZE || fcur <= 0)
             return NULL;
 
-        data = (byte*)XMALLOC(fcur, 0, DYNAMIC_TYPE_TMP_BUFFER);
+        data = (byte*)XMALLOC((size_t)fcur, 0, DYNAMIC_TYPE_TMP_BUFFER);
         if (data == NULL)
             return NULL;
         dataAlloced = 1;
@@ -997,7 +1168,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
         XMEMSET(resp, 0, sizeof(OcspResponse));
     }
 
-    resp->source = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (resp->source == NULL) {
         XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
         return NULL;
@@ -1021,19 +1192,22 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
     }
     XMEMSET(resp->single->status, 0, sizeof(CertStatus));
 
-    XMEMCPY(resp->source, *data, len);
-    resp->maxIdx = len;
+    XMEMCPY(resp->source, *data, (size_t)len);
+    resp->maxIdx = (word32)len;
 
-    ret = OcspResponseDecode(resp, NULL, NULL, 1);
-    if (ret != 0 && ret != ASN_OCSP_CONFIRM_E) {
+    ret = OcspResponseDecode(resp, NULL, NULL, 1, 1);
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) {
         /* for just converting from a DER to an internal structure the CA may
          * not yet be known to this function for signature verification */
         wolfSSL_OCSP_RESPONSE_free(resp);
         return NULL;
     }
 
-    if (GetSequence(*data, &idx, &length, len) >= 0)
-        (*data) += idx + length;
+    if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
+        (*data) += (unsigned char) ((int)idx + length);
+
+    if (response != NULL && *response == NULL)
+        *response = resp;
 
     return resp;
 }
@@ -1042,10 +1216,10 @@ int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
     unsigned char** data)
 {
     if (data == NULL)
-        return response->maxIdx;
+        return (int)response->maxIdx;
 
     XMEMCPY(*data, response->source, response->maxIdx);
-    return response->maxIdx;
+    return (int)response->maxIdx;
 }
 
 int wolfSSL_OCSP_response_status(OcspResponse *response)
@@ -1076,29 +1250,9 @@ const char *wolfSSL_OCSP_response_status_str(long s)
 WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
 {
     WOLFSSL_OCSP_BASICRESP* bs;
+    const unsigned char *ptr = response->source;
 
-    bs = (WOLFSSL_OCSP_BASICRESP*)XMALLOC(sizeof(WOLFSSL_OCSP_BASICRESP), NULL,
-                                          DYNAMIC_TYPE_OCSP_REQUEST);
-    if (bs == NULL)
-        return NULL;
-
-    XMEMCPY(bs, response, sizeof(OcspResponse));
-    bs->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
-                                    DYNAMIC_TYPE_OCSP_ENTRY);
-    bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (bs->single == NULL || bs->source == NULL) {
-        if (bs->single) {
-            XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
-            bs->single = NULL;
-        }
-        wolfSSL_OCSP_RESPONSE_free(bs);
-        bs = NULL;
-    }
-    else {
-        XMEMCPY(bs->single, response->single, sizeof(OcspEntry));
-        XMEMCPY(bs->source, response->source, response->maxIdx);
-        bs->single->ownStatus = 0;
-    }
+    bs = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, response->maxIdx);
     return bs;
 }
 
@@ -1124,11 +1278,14 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
 {
     int size;
 
+    if (request == NULL)
+        return BAD_FUNC_ARG;
+
     size = EncodeOcspRequest(request, NULL, 0);
     if (size <= 0 || data == NULL)
         return size;
 
-    return EncodeOcspRequest(request, *data, size);
+    return EncodeOcspRequest(request, *data, (word32) size);
 }
 
 WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
@@ -1145,14 +1302,13 @@ WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
     XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE);
     XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE);
     if (cid->status->serialSz > req->serialSz) {
-        if (req->serial != NULL)
-            XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
-        req->serial = (byte*)XMALLOC(cid->status->serialSz,
+        XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
+        req->serial = (byte*)XMALLOC((size_t)cid->status->serialSz,
                 req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
         if (req->serial == NULL)
             return NULL;
     }
-    XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz);
+    XMEMCPY(req->serial, cid->status->serial, (size_t)cid->status->serialSz);
     req->serialSz = cid->status->serialSz;
 
     return req;
@@ -1172,9 +1328,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id)
     }
     return certId;
 }
-#endif
 
-#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY)
 #ifndef NO_BIO
 int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
         WOLFSSL_OCSP_REQUEST *req)
@@ -1188,7 +1342,7 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
 
     size = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
     if (size > 0) {
-        data = (unsigned char*) XMALLOC(size, out->heap,
+        data = (unsigned char*) XMALLOC((size_t)size, out->heap,
                 DYNAMIC_TYPE_TMP_BUFFER);
     }
 
@@ -1213,22 +1367,59 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
 
 int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data)
 {
-    if (id == NULL || data == NULL)
-        return WOLFSSL_FAILURE;
+    int allocated = 0;
+    word32 derSz = 0;
+    word32 intSz = 0;
+    int ret;
+    WOLFSSL_ENTER("wolfSSL_i2d_OCSP_CERTID");
 
-    if (*data != NULL) {
-        XMEMCPY(*data, id->rawCertId, id->rawCertIdSize);
-        *data = *data + id->rawCertIdSize;
+    if (id == NULL)
+        return -1;
+
+    if (id->rawCertId != NULL) {
+        derSz = id->rawCertIdSize;
     }
     else {
-        *data = (unsigned char*)XMALLOC(id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL);
-        if (*data == NULL) {
-            return WOLFSSL_FAILURE;
+        ret = OcspEncodeCertID(id, NULL, &derSz, &intSz);
+        if (ret != 0) {
+            WOLFSSL_MSG("Failed to calculate CertID size");
+            return -1;
         }
-        XMEMCPY(*data, id->rawCertId, id->rawCertIdSize);
     }
 
-    return id->rawCertIdSize;
+    if (data == NULL) {
+        return derSz;
+    }
+
+    if (*data == NULL) {
+        /* Allocate buffer for DER encoding */
+        *data = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*data == NULL) {
+            WOLFSSL_MSG("Failed to allocate memory for CertID DER encoding");
+            return -1;
+        }
+        allocated = 1;
+    }
+
+    if (id->rawCertId != NULL) {
+        XMEMCPY(*data, id->rawCertId, id->rawCertIdSize);
+    }
+    else {
+        ret = OcspEncodeCertID(id, *data, &derSz, &intSz);
+        if (ret < 0) {
+            WOLFSSL_MSG("Failed to encode CertID");
+            if (allocated) {
+                XFREE(*data, NULL, DYNAMIC_TYPE_OPENSSL);
+                *data = NULL;
+            }
+            return -1;
+        }
+    }
+
+    if (!allocated)
+        *data += derSz;
+
+    return derSz;
 }
 
 WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
@@ -1236,47 +1427,54 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
                                              int length)
 {
     WOLFSSL_OCSP_CERTID *cid = NULL;
+    int isAllocated = 0;
+    word32 idx = 0;
+    int ret;
 
-    if ((cidOut != NULL) && (derIn != NULL) && (*derIn != NULL) &&
-        (length > 0)) {
+    if (derIn == NULL || *derIn == NULL || length <= 0)
+        return NULL;
 
+    if (cidOut != NULL && *cidOut != NULL) {
         cid = *cidOut;
-
-        /* If a NULL is passed we allocate the memory for the caller. */
-        if (cid == NULL) {
-            cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*cid), NULL,
-                                                DYNAMIC_TYPE_OPENSSL);
-        }
-        else if (cid->rawCertId != NULL) {
-            XFREE(cid->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
-            cid->rawCertId = NULL;
-            cid->rawCertIdSize = 0;
-        }
-
-        if (cid != NULL) {
-            cid->rawCertId = (byte*)XMALLOC(length + 1, NULL, DYNAMIC_TYPE_OPENSSL);
-            if (cid->rawCertId != NULL) {
-                XMEMCPY(cid->rawCertId, *derIn, length);
-                cid->rawCertIdSize = length;
-
-                /* Per spec. advance past the data that is being returned
-                 * to the caller. */
-                *cidOut = cid;
-                *derIn = *derIn + length;
-
-                return cid;
-            }
-        }
+        FreeOcspEntry(cid, NULL);
+    }
+    else {
+        cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+        if (cid == NULL)
+            return NULL;
+        isAllocated = 1;
     }
 
-    if ((cid != NULL) && ((cidOut == NULL) || (cid != *cidOut))) {
+    XMEMSET(cid, 0, sizeof(WOLFSSL_OCSP_CERTID));
+    cid->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+        DYNAMIC_TYPE_OCSP_STATUS);
+    if (cid->status == NULL) {
         XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
+        return NULL;
+    }
+    XMEMSET(cid->status, 0, sizeof(CertStatus));
+    cid->ownStatus = 1;
+
+    ret = OcspDecodeCertID(*derIn, &idx, length, cid);
+    if (ret != 0) {
+        FreeOcspEntry(cid, NULL);
+        if (isAllocated) {
+            XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        return NULL;
     }
 
-    return NULL;
+    *derIn += idx;
+
+    if (isAllocated && cidOut != NULL)
+        *cidOut = cid;
+
+    return cid;
 }
 
-const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
+const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
+    const WOLFSSL_OCSP_SINGLERESP *single)
 {
     return single;
 }
@@ -1303,7 +1501,7 @@ int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b)
         if (a->status != NULL && b->status != NULL) {
             if (a->status->serialSz == b->status->serialSz)
                 ret = XMEMCMP(a->status->serial, b->status->serial,
-                        a->status->serialSz);
+                        (size_t)a->status->serialSz);
             else
                 ret = -1;
         }
@@ -1324,11 +1522,17 @@ int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
     if (single == NULL)
         return WOLFSSL_FAILURE;
 
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (thisupd != NULL)
         *thisupd = &single->status->thisDateParsed;
     if (nextupd != NULL)
         *nextupd = &single->status->nextDateParsed;
-
+#else
+    if (thisupd != NULL)
+        *thisupd = NULL;
+    if (nextupd != NULL)
+        *nextupd = NULL;
+#endif
     if (reason != NULL)
         *reason = 0;
     if (revtime != NULL)
@@ -1373,9 +1577,325 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int
     return single;
 }
 
-#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */
+#endif /* OPENSSL_EXTRA */
+
+#ifdef OPENSSL_ALL
+
+/*******************************************************************************
+ * START OF WOLFSSL_OCSP_REQ_CTX API
+ ******************************************************************************/
+
+enum ocspReqStates {
+    ORS_INVALID = 0,
+    ORS_HEADER_ADDED,
+    ORS_REQ_DONE
+};
+
+enum ocspReqIOStates {
+    ORIOS_INVALID = 0,
+    ORIOS_WRITE,
+    ORIOS_READ
+};
+
+WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline)
+{
+    WOLFSSL_OCSP_REQ_CTX* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_new");
+
+    if (maxline <= 0)
+        maxline = OCSP_MAX_REQUEST_SZ;
+
+    ret = (WOLFSSL_OCSP_REQ_CTX*)XMALLOC(sizeof(*ret), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ret != NULL) {
+        XMEMSET(ret, 0, sizeof(*ret));
+        ret->buf = (byte*)XMALLOC((word32)maxline, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ret->buf == NULL)
+            goto error;
+        ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
+        ret->bufLen = maxline;
+        ret->bio = bio;
+        ret->ioState = ORIOS_WRITE;
+    }
+
+    return ret;
+error:
+    wolfSSL_OCSP_REQ_CTX_free(ret);
+    return NULL;
+}
+
+void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_free");
+    if (ctx != NULL) {
+        if (ctx->buf != NULL)
+            XFREE(ctx->buf, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ctx->reqResp != NULL)
+            wolfSSL_BIO_free(ctx->reqResp);
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+}
+
+WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
+        const char *path, OcspRequest *req, int maxline)
+{
+    WOLFSSL_OCSP_REQ_CTX* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_new");
+
+    ret = wolfSSL_OCSP_REQ_CTX_new(bio, maxline);
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfSSL_OCSP_REQ_CTX_http(ret, "POST", path) != WOLFSSL_SUCCESS)
+        goto error;
+
+    if (req != NULL &&
+            wolfSSL_OCSP_REQ_CTX_set1_req(ret, req) != WOLFSSL_SUCCESS)
+        goto error;
+
+    return ret;
+error:
+    wolfSSL_OCSP_REQ_CTX_free(ret);
+    return NULL;
+}
+
+int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
+                             const char *name, const char *value)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_add1_header");
+
+    if (name == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+    if (wolfSSL_BIO_puts(ctx->reqResp, name) <= 0) {
+        WOLFSSL_MSG("wolfSSL_BIO_puts error");
+        return WOLFSSL_FAILURE;
+    }
+    if (value != NULL) {
+        if (wolfSSL_BIO_write(ctx->reqResp, ": ", 2) != 2) {
+            WOLFSSL_MSG("wolfSSL_BIO_write error");
+            return WOLFSSL_FAILURE;
+        }
+        if (wolfSSL_BIO_puts(ctx->reqResp, value) <= 0) {
+            WOLFSSL_MSG("wolfSSL_BIO_puts error");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
+        WOLFSSL_MSG("wolfSSL_BIO_write error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_HEADER_ADDED;
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, const char *op,
+        const char *path)
+{
+    static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_http");
+
+    if (ctx == NULL || op == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (path == NULL)
+        path = "/";
+
+    if (wolfSSL_BIO_printf(ctx->reqResp, http_hdr, op, path) <= 0) {
+        WOLFSSL_MSG("WOLFSSL_OCSP_REQ_CTX: wolfSSL_BIO_printf error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_HEADER_ADDED;
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, OcspRequest *req)
+{
+    static const char req_hdr[] =
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+    /* Should be enough to hold Content-Length */
+    char req_hdr_buf[sizeof(req_hdr) + 10];
+    int req_hdr_buf_len;
+    int req_len = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_set1_req");
+
+    if (ctx == NULL || req == NULL) {
+        WOLFSSL_MSG("Bad parameters");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (req_len <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request len error");
+        return WOLFSSL_FAILURE;
+    }
+
+    req_hdr_buf_len =
+            XSNPRINTF(req_hdr_buf, sizeof(req_hdr_buf), req_hdr, req_len);
+    if (req_hdr_buf_len >= (int)sizeof(req_hdr_buf)) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request too long");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(ctx->reqResp, req_hdr_buf, req_hdr_buf_len) <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: wolfSSL_BIO_write error");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_i2d_OCSP_REQUEST_bio(ctx->reqResp, req) <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request i2d error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_REQ_DONE;
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int OCSP_REQ_CTX_bio_cb(char *buf, int sz, void *ctx)
+{
+    return BioReceiveInternal((WOLFSSL_BIO*)ctx, NULL, buf, sz);
+}
+
+int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_nbio");
+
+    if (ctx == NULL) {
+        WOLFSSL_MSG("Bad parameters");
+        return WOLFSSL_FAILURE;
+    }
+
+    switch ((enum ocspReqIOStates)ctx->ioState) {
+        case ORIOS_WRITE:
+        case ORIOS_READ:
+            break;
+        case ORIOS_INVALID:
+        default:
+            WOLFSSL_MSG("Invalid ctx->ioState state");
+            return WOLFSSL_FAILURE;
+    }
+
+    if (ctx->ioState == ORIOS_WRITE) {
+        switch ((enum ocspReqStates)ctx->state) {
+            case ORS_HEADER_ADDED:
+                /* Write final new line to complete http header */
+                if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
+                    WOLFSSL_MSG("wolfSSL_BIO_write error");
+                    return WOLFSSL_FAILURE;
+                }
+                break;
+            case ORS_REQ_DONE:
+                break;
+            case ORS_INVALID:
+            default:
+                WOLFSSL_MSG("Invalid WOLFSSL_OCSP_REQ_CTX state");
+                return WOLFSSL_FAILURE;
+        }
+    }
+
+    switch ((enum ocspReqIOStates)ctx->ioState) {
+        case ORIOS_WRITE:
+        {
+            const unsigned char *req;
+            int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&req);
+            if (reqLen <= 0) {
+                WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error");
+                return WOLFSSL_FAILURE;
+            }
+            while (ctx->sent < reqLen) {
+                int sent = wolfSSL_BIO_write(ctx->bio, req + ctx->sent,
+                        reqLen - ctx->sent);
+                if (sent <= 0) {
+                    if (wolfSSL_BIO_should_retry(ctx->bio))
+                        return WOLFSSL_FATAL_ERROR;
+                    WOLFSSL_MSG("wolfSSL_BIO_write error");
+                    ctx->ioState = ORIOS_INVALID;
+                    return 0;
+                }
+                ctx->sent += sent;
+            }
+            ctx->sent = 0;
+            ctx->ioState = ORIOS_READ;
+            (void)wolfSSL_BIO_reset(ctx->reqResp);
+            FALL_THROUGH;
+        }
+        case ORIOS_READ:
+        {
+            byte* resp = NULL;
+            int respLen;
+            int ret;
+
+            if (ctx->buf == NULL) /* Should be allocated in new call */
+                return WOLFSSL_FAILURE;
+
+            ret = wolfIO_HttpProcessResponseOcspGenericIO(OCSP_REQ_CTX_bio_cb,
+                    ctx->bio, &resp, ctx->buf, ctx->bufLen, NULL);
+            if (ret <= 0) {
+                if (resp != NULL)
+                    XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_WANT_READ))
+                {
+                    return WOLFSSL_FATAL_ERROR;
+                }
+                return WOLFSSL_FAILURE;
+            }
+            respLen = ret;
+            ret = wolfSSL_BIO_write(ctx->reqResp, resp, respLen);
+            XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
+            if (ret != respLen) {
+                WOLFSSL_MSG("wolfSSL_BIO_write error");
+                return WOLFSSL_FAILURE;
+            }
+            break;
+        }
+        case ORIOS_INVALID:
+        default:
+            WOLFSSL_MSG("Invalid ctx->ioState state");
+            return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    int ret;
+    int len;
+    const unsigned char *resp = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_nbio");
+
+    if (presp == NULL)
+        return WOLFSSL_FAILURE;
+
+    ret = wolfSSL_OCSP_REQ_CTX_nbio(ctx);
+    if (ret != WOLFSSL_SUCCESS)
+        return ret;
+
+    len = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&resp);
+    if (len <= 0)
+        return WOLFSSL_FAILURE;
+    return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL
+            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+/*******************************************************************************
+ * END OF WOLFSSL_OCSP_REQ_CTX API
+ ******************************************************************************/
 
-#ifdef OPENSSL_EXTRA
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
         int idx)
@@ -1432,13 +1952,13 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
 
         if (cid->status->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) {
             /* allocate data buffer, +2 for type and length */
-            ser->data = (unsigned char*)XMALLOC(cid->status->serialSz + 2, NULL,
+            ser->data = (unsigned char*)XMALLOC((size_t)cid->status->serialSz + 2, NULL,
                 DYNAMIC_TYPE_OPENSSL);
             if (ser->data == NULL) {
                 wolfSSL_ASN1_INTEGER_free(ser);
                 return 0;
             }
-            ser->dataMax = cid->status->serialSz + 2;
+            ser->dataMax = (unsigned int)cid->status->serialSz + 2;
             ser->isDynamic = 1;
         } else {
             /* Use array instead of dynamic memory */
@@ -1448,12 +1968,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
 
         #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
             /* Serial number starts at 0 index of ser->data */
-            XMEMCPY(&ser->data[i], cid->status->serial, cid->status->serialSz);
+            XMEMCPY(&ser->data[i], cid->status->serial,
+                (size_t)cid->status->serialSz);
             ser->length = cid->status->serialSz;
         #else
             ser->data[i++] = ASN_INTEGER;
             i += SetLength(cid->status->serialSz, ser->data + i);
-            XMEMCPY(&ser->data[i], cid->status->serial, cid->status->serialSz);
+            XMEMCPY(&ser->data[i], cid->status->serial,
+                (size_t)cid->status->serialSz);
             ser->length = i + cid->status->serialSz;
         #endif
 
@@ -1493,7 +2015,7 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val,
         sz = MAX_OCSP_NONCE_SZ;
 
     if (val != NULL) {
-        XMEMCPY(req->nonce, val, sz);
+        XMEMCPY(req->nonce, val, (size_t)sz);
     }
     else {
         if (
@@ -1506,7 +2028,7 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val,
             WOLFSSL_MSG("RNG init failed");
             return WOLFSSL_FAILURE;
         }
-        if (wc_RNG_GenerateBlock(&rng, req->nonce, sz) != 0) {
+        if (wc_RNG_GenerateBlock(&rng, req->nonce, (word32)sz) != 0) {
             WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
             wc_FreeRng(&rng);
             return WOLFSSL_FAILURE;
@@ -1554,19 +2076,20 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
 
     /* nonce present in req only */
     if (reqNonce != NULL && rspNonce == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     /* nonces are present and equal, return 1. Extra NULL check for fixing
         scan-build warning. */
     if (reqNonceSz == rspNonceSz && reqNonce && rspNonce) {
-        if (XMEMCMP(reqNonce, rspNonce, reqNonceSz) == 0)
+        if (XMEMCMP(reqNonce, rspNonce, (size_t)reqNonceSz) == 0)
             return 1;
     }
 
     /* nonces are present but not equal */
     return 0;
 }
-#endif /* OPENSSL_EXTRA */
+
+#endif /* OPENSSL_ALL */
 
 #else /* HAVE_OCSP */
 
diff --git a/src/pk.c b/src/pk.c
index f3d1483b1..25fa65824 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -1,6 +1,6 @@
 /* pk.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,13 +25,19 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
 #ifndef WC_NO_RNG
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 
 #ifdef HAVE_ECC
     #include <wolfssl/wolfcrypt/ecc.h>
+    #ifdef HAVE_SELFTEST
+        /* point compression types. */
+        #define ECC_POINT_COMP_EVEN 0x02
+        #define ECC_POINT_COMP_ODD  0x03
+        #define ECC_POINT_UNCOMP    0x04
+    #endif
 #endif
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -49,15 +55,6 @@
     #include <wolfssl/wolfcrypt/rsa.h>
 #endif
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \
-    (!defined(HAVE_USER_RSA) || defined(HAVE_ECC) || \
-     (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
-/* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY.
- * Implementation in ssl.c.
- */
-static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
-#endif
-
 /*******************************************************************************
  * COMMON FUNCTIONS
  ******************************************************************************/
@@ -169,7 +166,25 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
         if ((ret > 0) && ((memSz - ret) > 0) &&
                  (bio->type != WOLFSSL_BIO_FILE)) {
             int res;
-            res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
+            if (!alloced) {
+                /* If wolfssl_read_bio() points mem at the buffer internal to
+                 * bio, we need to dup it before calling wolfSSL_BIO_write(),
+                 * because the latter may reallocate the bio, invalidating the
+                 * mem pointer before reading from it.
+                 */
+                char *mem_dup = (char *)XMALLOC((size_t)(memSz - ret),
+                                                NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                if (mem_dup != NULL) {
+                    XMEMCPY(mem_dup, mem + ret, (size_t)(memSz - ret));
+                    res = wolfSSL_BIO_write(bio, mem_dup, memSz - ret);
+                    mem = mem_dup;
+                    alloced = 1;
+                }
+                else
+                    res = MEMORY_E;
+            }
+            else
+                res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
             if (res != memSz - ret) {
                 WOLFSSL_ERROR_MSG("Unable to write back excess data");
                 if (res < 0) {
@@ -181,7 +196,7 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
             }
         }
         if (alloced) {
-            XFREE(mem, NULL, DYNAMIC_TYPE_OPENSSL);
+            XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
     }
 
@@ -220,8 +235,8 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
 #endif /* !NO_FILESYSTEM */
 #endif
 
-#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) \
-    && !defined(HAVE_USER_RSA)) || !defined(WOLFCRYPT_ONLY))
+#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
+    || !defined(WOLFCRYPT_ONLY))
 /* Convert DER data to PEM in an allocated buffer.
  *
  * @param [in]  der    Buffer containing DER data.
@@ -230,33 +245,36 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
  * @param [in]  heap   Heap hint for dynamic memory allocation.
  * @param [out] out    Allocated buffer containing PEM.
  * @param [out] outSz  Size of PEM encoding.
- * @return  WOLFSSL_FAILURE on error.
- * @return  WOLFSSL_SUCCESS on success.
+ * @return  1 on success.
+ * @return  0 on error.
  */
 static int der_to_pem_alloc(const unsigned char* der, int derSz, int type,
     void* heap, byte** out, int* outSz)
 {
-    int ret = WOLFSSL_SUCCESS;
+    int ret = 1;
     int pemSz;
     byte* pem = NULL;
 
     (void)heap;
 
+    /* Convert DER to PEM - to get size. */
     pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, type);
     if (pemSz < 0) {
-        ret = WOLFSSL_FAILURE;
+        ret = 0;
     }
 
-    if (ret == WOLFSSL_SUCCESS) {
+    if (ret == 1) {
+        /* Allocate memory for PEM to be encoded into. */
         pem = (byte*)XMALLOC((size_t)pemSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
-            ret = WOLFSSL_FAILURE;
+            ret = 0;
         }
     }
 
-    if ((ret == WOLFSSL_SUCCESS) && (wc_DerToPem(der, (word32)derSz, pem,
-            (word32)pemSz, type) < 0)) {
-        ret = WOLFSSL_FAILURE;
+    /* Convert DER to PEM. */
+    if ((ret == 1) && (wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz,
+            type) < 0)) {
+        ret = 0;
         XFREE(pem, heap, DYNAMIC_TYPE_TMP_BUFFER);
         pem = NULL;
     }
@@ -273,8 +291,8 @@ static int der_to_pem_alloc(const unsigned char* der, int derSz, int type,
  * @param [in]      derSz  Size of DER data in bytes.
  * @param [in, out] bio    BIO object to write with.
  * @param [in]      type   Type of key being encoded.
- * @return  WOLFSSL_FAILURE on error.
- * @return  WOLFSSL_SUCCESS on success.
+ * @return  1 on success.
+ * @return  0 on error.
  */
 static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
     WOLFSSL_BIO* bio, int type)
@@ -284,11 +302,11 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
     byte* pem = NULL;
 
     ret = der_to_pem_alloc(der, derSz, type, bio->heap, &pem, &pemSz);
-    if (ret == WOLFSSL_SUCCESS) {
+    if (ret == 1) {
         int len = wolfSSL_BIO_write(bio, pem, pemSz);
         if (len != pemSz) {
             WOLFSSL_ERROR_MSG("Unable to write full PEM to BIO");
-            ret = WOLFSSL_FAILURE;
+            ret = 0;
         }
     }
 
@@ -298,8 +316,7 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
 #endif
 #endif
 
-#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-     !defined(HAVE_USER_RSA)) || \
+#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
      (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
      (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN))
 #if !defined(NO_FILESYSTEM)
@@ -310,8 +327,8 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
  * @param [in] fp     File pointer to write with.
  * @param [in] type   Type of key being encoded.
  * @param [in] heap   Heap hint for dynamic memory allocation.
- * @return  WOLFSSL_FAILURE on error.
- * @return  WOLFSSL_SUCCESS on success.
+ * @return  1 on success.
+ * @return  0 on error.
  */
 static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
     XFILE fp, int type, void* heap)
@@ -321,11 +338,11 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
     byte* pem = NULL;
 
     ret = der_to_pem_alloc(der, derSz, type, heap, &pem, &pemSz);
-    if (ret == WOLFSSL_SUCCESS) {
+    if (ret == 1) {
         int len = (int)XFWRITE(pem, 1, (size_t)pemSz, fp);
         if (len != pemSz) {
             WOLFSSL_ERROR_MSG("Unable to write full PEM to BIO");
-            ret = WOLFSSL_FAILURE;
+            ret = 0;
         }
     }
 
@@ -335,12 +352,157 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
 #endif
 #endif
 
+#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
+/* Encrypt private key into PEM format.
+ *
+ * DER is encrypted in place.
+ *
+ * @param [in]  der         DER encoding of private key.
+ * @param [in]  derSz       Size of DER in bytes.
+ * @param [in]  cipher      EVP cipher.
+ * @param [in]  passwd      Password to use with encryption.
+ * @param [in]  passedSz    Size of password in bytes.
+ * @param [out] cipherInfo  PEM cipher information lines.
+ * @param [in]  maxDerSz    Maximum size of DER buffer.
+ * @return  1 on success.
+ * @return  0 on error.
+ */
+int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
+    unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz)
+{
+    int ret = 0;
+    int paddingSz = 0;
+    word32 idx;
+    word32 cipherInfoSz = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    EncryptedInfo* info = NULL;
+#else
+    EncryptedInfo  info[1];
+#endif
+
+    WOLFSSL_ENTER("EncryptDerKey");
+
+    /* Validate parameters. */
+    if ((der == NULL) || (derSz == NULL) || (cipher == NULL) ||
+            (passwd == NULL) || (cipherInfo == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    #ifdef WOLFSSL_SMALL_STACK
+    if (ret == 0) {
+        /* Allocate encrypted info. */
+        info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
+            DYNAMIC_TYPE_ENCRYPTEDINFO);
+        if (info == NULL) {
+            WOLFSSL_MSG("malloc failed");
+            ret = MEMORY_E;
+        }
+    }
+    #endif
+    if (ret == 0) {
+        /* Clear the encrypted info and set name. */
+        XMEMSET(info, 0, sizeof(EncryptedInfo));
+        XSTRNCPY(info->name, cipher, NAME_SZ - 1);
+        info->name[NAME_SZ - 1] = '\0'; /* null term */
+
+        /* Get encrypted info from name. */
+        ret = wc_EncryptedInfoGet(info, info->name);
+        if (ret != 0) {
+            WOLFSSL_MSG("unsupported cipher");
+        }
+    }
+
+    if (ret == 0) {
+        /* Generate a random salt. */
+        if (wolfSSL_RAND_bytes(info->iv, (int)info->ivSz) != 1) {
+            WOLFSSL_MSG("generate iv failed");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+
+    if (ret == 0) {
+        /* Calculate padding size - always a padding block. */
+        paddingSz = (int)info->ivSz - ((*derSz) % (int)info->ivSz);
+        /* Check der is big enough. */
+        if (maxDerSz < (*derSz) + paddingSz) {
+            WOLFSSL_MSG("not enough DER buffer allocated");
+            ret = BAD_FUNC_ARG;
+        }
+    }
+    if (ret == 0) {
+        /* Set padding bytes to padding length. */
+        XMEMSET(der + (*derSz), (byte)paddingSz, (size_t)paddingSz);
+        /* Add padding to DER size. */
+        (*derSz) += (int)paddingSz;
+
+        /* Encrypt DER buffer. */
+        ret = wc_BufferKeyEncrypt(info, der, (word32)*derSz, passwd, passwdSz,
+            WC_MD5);
+        if (ret != 0) {
+            WOLFSSL_MSG("encrypt key failed");
+        }
+    }
+
+    if (ret == 0) {
+        /* Create cipher info : 'cipher_name,Salt(hex)' */
+        cipherInfoSz = (word32)(2 * info->ivSz + XSTRLEN(info->name) + 2);
+        /* Allocate memory for PEM encryption lines. */
+        *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL, DYNAMIC_TYPE_STRING);
+        if (*cipherInfo == NULL) {
+            WOLFSSL_MSG("malloc failed");
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 0) {
+        /* Copy in name and add on comma. */
+        XSTRLCPY((char*)*cipherInfo, info->name, cipherInfoSz);
+        XSTRLCAT((char*)*cipherInfo, ",", cipherInfoSz);
+
+        /* Find end of string. */
+        idx = (word32)XSTRLEN((char*)*cipherInfo);
+        /* Calculate remaining bytes. */
+        cipherInfoSz -= idx;
+
+        /* Encode IV into PEM encryption lines. */
+        ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo + idx,
+            &cipherInfoSz);
+        if (ret != 0) {
+            WOLFSSL_MSG("Base16_Encode failed");
+            XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+            *cipherInfo = NULL;
+        }
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Free dynamically allocated info. */
+    XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
+#endif
+    return ret == 0;
+}
+#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
+
+
 #if defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
-    ((!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC))
+    (!defined(NO_RSA) || defined(HAVE_ECC))
+/* Encrypt the DER in PEM format.
+ *
+ * @param [in]  der       DER encoded private key.
+ * @param [in]  derSz     Size of DER in bytes.
+ * @param [in]  cipher    EVP cipher.
+ * @param [in]  passwd    Password to use in encryption.
+ * @param [in]  passwdSz  Size of password in bytes.
+ * @param [in]  type      PEM type of write out.
+ * @param [in]  heap      Dynamic memory hint.
+ * @param [out] out       Allocated buffer containing PEM encoding.
+ *                        heap was NULL and dynamic type is DYNAMIC_TYPE_KEY.
+ * @param [out] outSz     Size of PEM encoding in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
 static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type,
-    void* heap, byte** out, int* outSz)
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    int type, void* heap, byte** out, int* outSz)
 {
     int ret = 1;
     byte* tmp = NULL;
@@ -356,8 +518,19 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
         byte *tmpBuf;
 
         /* Add space for padding. */
+    #ifdef WOLFSSL_NO_REALLOC
+        tmpBuf = (byte*)XMALLOC((size_t)(derSz + blockSz), heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmpBuf != NULL && der != NULL)
+        {
+                XMEMCPY(tmpBuf, der, (size_t)(derSz));
+                XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
+                der = NULL;
+        }
+    #else
         tmpBuf = (byte*)XREALLOC(der, (size_t)(derSz + blockSz), heap,
             DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
         if (tmpBuf == NULL) {
             WOLFSSL_ERROR_MSG("Extending DER buffer failed");
             ret = 0; /* der buffer is free'd at the end of the function */
@@ -532,8 +705,7 @@ static int pk_bn_field_print_fp(XFILE fp, int indent, const char* field,
 #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM &&
         * (!NO_DSA || !NO_RSA || HAVE_ECC) */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA) && \
-    !defined(HAVE_FAST_RSA)
+#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA)
 /* snprintf() must be available */
 
 /* Maximum number of extra indent spaces on each line. */
@@ -737,10 +909,13 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
     return ret;
 }
 
-#endif /* XSNPRINTF && !NO_BIO && !NO_RSA && !HAVE_FAST_RSA */
+#endif /* XSNPRINTF && !NO_BIO && !NO_RSA */
 
-#if !defined(NO_RSA) || (!defined(NO_DH) && !defined(NO_CERTS) && \
-    defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || defined(HAVE_ECC)
+#endif /* OPENSSL_EXTRA */
+
+#if !defined(NO_CERTS) || (defined(OPENSSL_EXTRA) && (!defined(NO_RSA) || \
+    (!defined(NO_DH) && defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || \
+    defined(HAVE_ECC)))
 
 /* Uses the DER SEQUENCE to determine size of DER data.
  *
@@ -768,9 +943,7 @@ static int wolfssl_der_length(const unsigned char* seq, int len)
     return ret;
 }
 
-#endif /* !NO_RSA */
-
-#endif /* OPENSSL_EXTRA */
+#endif
 
 /*******************************************************************************
  * START OF RSA API
@@ -922,8 +1095,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
     #endif
 
         if (rsa->internal != NULL) {
-        #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
-            !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
+        #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
             /* Check if RNG is owned before freeing it. */
             if (rsa->ownRng) {
                 WC_RNG* rng = ((RsaKey*)(rsa->internal))->rng;
@@ -1022,8 +1194,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
             rsaKeyInited = 1;
         }
     }
-    #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
-        !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
+    #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
     if (!err) {
         WC_RNG* rng;
 
@@ -1052,8 +1223,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
             /* Won't fail as key and rng are not NULL. */
         }
     }
-    #endif /* !HAVE_FIPS && !HAVE_USER_RSA && !HAVE_FAST_RSA &&
-            * WC_RSA_BLINDING */
+    #endif /* !HAVE_FIPS && WC_RSA_BLINDING */
     if (!err) {
         /* Set wolfCrypt RSA key into RSA key. */
         rsa->internal = key;
@@ -1105,7 +1275,7 @@ int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa)
 
 #ifdef OPENSSL_EXTRA
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 
 /* Allocate a new RSA key and make it a copy.
  *
@@ -1161,12 +1331,10 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
 
 /* wolfSSL_RSAPrivateKey_dup not supported */
 
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
-#ifndef HAVE_USER_RSA
 static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
     void* heap);
-#endif
 
 /*
  * RSA to/from bin APIs
@@ -1270,8 +1438,6 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **out,
     return rsa;
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(HAVE_USER_RSA) && \
-    !defined(HAVE_FAST_RSA)
 /* Converts an internal RSA structure to DER format for the private key.
  *
  * If "pp" is null then buffer size only is returned.
@@ -1345,8 +1511,6 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
 
     return ret;
 }
-#endif /* defined(OPENSSL_EXTRA) && !defined(HAVE_USER_RSA) &&
-        * !defined(HAVE_FAST_RSA) */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -1359,8 +1523,7 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
     || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
-    !defined(HAVE_FAST_RSA) && !defined(NO_BIO)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_BIO)
 
 /* Read DER data from a BIO.
  *
@@ -1395,7 +1558,11 @@ static int wolfssl_read_der_bio(WOLFSSL_BIO* bio, unsigned char** out)
         WOLFSSL_ERROR_MSG("Malloc failure");
         err = 1;
     }
-    if (!err) {
+    if ((!err) && (derLen <= (int)sizeof(seq))) {
+        /* Copy the previously read data into the buffer. */
+        XMEMCPY(der, seq, derLen);
+    }
+    else if (!err) {
         /* Calculate the unread amount. */
         int len = derLen - (int)sizeof(seq);
         /* Copy the previously read data into the buffer. */
@@ -1464,8 +1631,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
     XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return key;
 }
-#endif /* defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) &&
-        * !defined(HAVE_FAST_RSA) && !NO_BIO */
+#endif /* defined(WOLFSSL_KEY_GEN) && !NO_BIO */
 
 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
 
@@ -1475,7 +1641,6 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
 
 #ifdef OPENSSL_EXTRA
 
-#ifndef HAVE_USER_RSA
 /* Create a DER encoding of key.
  *
  * Not OpenSSL API.
@@ -1612,7 +1777,6 @@ static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
     WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret);
     return ret;
 }
-#endif /* !HAVE_USER_RSA */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -1660,7 +1824,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
     if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -1675,11 +1839,11 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
             rsa->pkcs8HeaderSz = (word16)idx;
         }
         /* When decoding and not PKCS#8, return will be ASN_PARSE_E. */
-        else if (res != ASN_PARSE_E) {
+        else if (res != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
             /* Something went wrong while decoding. */
             WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 "
                               "header");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -1701,13 +1865,13 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
                  WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed");
             }
             WOLFSSL_ERROR_VERBOSE(res);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Set external RSA key data from wolfCrypt key. */
         if (SetRsaExternal(rsa) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         else {
             rsa->inSet = 1;
@@ -1772,7 +1936,7 @@ static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in,
 #ifdef OPENSSL_EXTRA
 
 #ifndef NO_BIO
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 /* Writes PEM encoding of an RSA public key to a BIO.
  *
  * @param [in] bio  BIO object to write to.
@@ -1803,7 +1967,7 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
         ret = 0;
     }
     if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio,
-            PUBLICKEY_TYPE) != WOLFSSL_SUCCESS)) {
+            PUBLICKEY_TYPE) != 1)) {
         ret = 0;
     }
 
@@ -1812,10 +1976,10 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 #endif /* !NO_BIO */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 #ifndef NO_FILESYSTEM
 
 /* Writes PEM encoding of an RSA public key to a file pointer.
@@ -1848,7 +2012,7 @@ static int wolfssl_pem_write_rsa_public_key(XFILE fp, WOLFSSL_RSA* rsa,
         ret = 0;
     }
     if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, type,
-            rsa->heap) != WOLFSSL_SUCCESS)) {
+            rsa->heap) != 1)) {
         ret = 0;
     }
 
@@ -1886,7 +2050,7 @@ int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* rsa)
     return wolfssl_pem_write_rsa_public_key(fp, rsa, RSA_PUBLICKEY_TYPE);
 }
 #endif /* !NO_FILESYSTEM */
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
 #ifndef NO_BIO
 /* Create an RSA public key by reading the PEM encoded data from the BIO.
@@ -1922,6 +2086,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
     }
     return rsa;
 }
+
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
+{
+    char* data = NULL;
+    int dataSz = 0;
+    int memAlloced = 0;
+    WOLFSSL_RSA* rsa = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+        if (memAlloced)
+            XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return NULL;
+    }
+
+    rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz,
+            WOLFSSL_RSA_LOAD_PUBLIC);
+    if (memAlloced)
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return rsa;
+}
 #endif /* !NO_BIO */
 
 #ifndef NO_FILESYSTEM
@@ -1983,7 +2173,7 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
 
 #endif /* NO_FILESYSTEM */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
+#if defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
 
 /* Writes PEM encoding of an RSA private key to newly allocated buffer.
@@ -1999,8 +2189,9 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
-    unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen)
+int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    unsigned char **pem, int *pLen)
 {
     int ret = 1;
     byte* derBuf = NULL;
@@ -2105,7 +2296,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
  * @return  0 on failure.
  */
 int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
     wc_pem_password_cb *cb, void *arg)
 {
     int ret = 1;
@@ -2142,7 +2333,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
     return ret;
 }
 #endif /* NO_FILESYSTEM */
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */
+#endif /* WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */
 
 #ifndef NO_BIO
 /* Create an RSA private key by reading the PEM encoded data from the BIO.
@@ -2290,7 +2481,7 @@ int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent)
 }
 #endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(HAVE_FAST_RSA)
+#if defined(XSNPRINTF) && !defined(NO_BIO)
 /* snprintf() must be available */
 
 /* Maximum size of a header line. */
@@ -2322,7 +2513,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
 
     /* Validate parameters. */
     if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2398,7 +2589,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
 
     return ret;
 }
-#endif /* XSNPRINTF && !NO_BIO && !HAVE_FAST_RSA */
+#endif /* XSNPRINTF && !NO_BIO */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -2407,7 +2598,6 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
  */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Set RSA key data (external) from wolfCrypt RSA key (internal).
  *
  * @param [in, out] rsa  RSA key.
@@ -2423,7 +2613,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
     /* Validate parameters. */
     if ((rsa == NULL) || (rsa->internal == NULL)) {
         WOLFSSL_ERROR_MSG("rsa key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2443,6 +2633,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
         }
 
         if (key->type == RSA_PRIVATE) {
+    #ifndef WOLFSSL_RSA_PUBLIC_ONLY
             if (ret == 1) {
                 /* Copy private exponent. */
                 ret = wolfssl_bn_set_value(&rsa->d, &key->d);
@@ -2464,7 +2655,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
                     WOLFSSL_ERROR_MSG("rsa q error");
                 }
             }
-        #ifndef RSA_LOW_MEM
+        #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+            !defined(RSA_LOW_MEM)
             if (ret == 1) {
                 /* Copy d mod p-1. */
                 ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP);
@@ -2486,7 +2678,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
                     WOLFSSL_ERROR_MSG("rsa u error");
                 }
             }
-        #endif /* !RSA_LOW_MEM */
+        #endif
+    #else
+            WOLFSSL_ERROR_MSG("rsa private key not compiled in ");
+            ret = 0;
+    #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
         }
     }
     if (ret == 1) {
@@ -2500,12 +2696,10 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
 
     return ret;
 }
-#endif /* !HAVE_USER_RSA && !HAVE_FAST_RSA */
 #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef OPENSSL_EXTRA
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Set wolfCrypt RSA key data (internal) from RSA key (external).
  *
  * @param [in, out] rsa  RSA key.
@@ -2521,7 +2715,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
     /* Validate parameters. */
     if ((rsa == NULL) || (rsa->internal == NULL)) {
         WOLFSSL_ERROR_MSG("rsa key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2530,24 +2724,25 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         /* Copy down modulus if available. */
         if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) {
             WOLFSSL_ERROR_MSG("rsa n key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down public exponent if available. */
         if ((ret == 1) && (rsa->e != NULL) &&
                 (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) {
             WOLFSSL_ERROR_MSG("rsa e key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Enough numbers for public key */
         key->type = RSA_PUBLIC;
 
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
         /* Copy down private exponent if available. */
         if ((ret == 1) && (rsa->d != NULL)) {
             if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) {
                 WOLFSSL_ERROR_MSG("rsa d key error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             else {
                 /* Enough numbers for private key */
@@ -2559,38 +2754,39 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         if ((ret == 1) && (rsa->p != NULL) &&
                 (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) {
             WOLFSSL_ERROR_MSG("rsa p key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down second prime if available. */
         if ((ret == 1) && (rsa->q != NULL) &&
                 (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) {
             WOLFSSL_ERROR_MSG("rsa q key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
-    #ifndef RSA_LOW_MEM
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
         /* Copy down d mod p-1 if available. */
         if ((ret == 1) && (rsa->dmp1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) {
             WOLFSSL_ERROR_MSG("rsa dP key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down d mod q-1 if available. */
-        if ((ret == 1) && (rsa->dmp1 != NULL) &&
+        if ((ret == 1) && (rsa->dmq1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) {
             WOLFSSL_ERROR_MSG("rsa dQ key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down 1/q mod p if available. */
         if ((ret == 1) && (rsa->iqmp != NULL) &&
                 (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) {
             WOLFSSL_ERROR_MSG("rsa u key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
-    #endif /* !RSA_LOW_MEM */
+#endif
+#endif
 
         if (ret == 1) {
             /* All available numbers have been set down. */
@@ -2601,8 +2797,6 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#endif /* HAVE_USER_RSA */
-
 /* Set the RSA method into object.
  *
  * @param [in, out] rsa   RSA key.
@@ -2679,8 +2873,6 @@ int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa)
     return ret;
 }
 
-#ifndef HAVE_USER_RSA
-
 /* Get the BN objects that are the Chinese-Remainder Theorem (CRT) parameters.
  *
  * Only for those that are not NULL parameters.
@@ -2922,8 +3114,6 @@ int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
     return ret;
 }
 
-#endif /* !HAVE_USER_RSA */
-
 /* Get the flags of the RSA key.
  *
  * @param [in] rsa  RSA key.
@@ -3088,7 +3278,6 @@ int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa)
  * RSA generate APIs
  */
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
 /* Get a random number generator associated with the RSA key.
  *
  * If not able, then get the global if possible.
@@ -3131,7 +3320,6 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA* rsa, WC_RNG** tmpRng, int* initTmpRng)
 
     return rng;
 }
-#endif
 
 /* Use the wolfCrypt RSA APIs to generate a new RSA key.
  *
@@ -3155,6 +3343,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits,
 #endif
     int initTmpRng = 0;
     WC_RNG* rng = NULL;
+    long en = 0;
 #endif
 
     (void)cb;
@@ -3168,10 +3357,12 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits,
         /* Something went wrong so return memory error. */
         ret = MEMORY_E;
     }
+    if ((ret == 0) && ((en = (long)wolfSSL_BN_get_word(e)) <= 0)) {
+        ret = BAD_FUNC_ARG;
+    }
     if (ret == 0) {
         /* Generate an RSA key. */
-        ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits,
-            (long)wolfSSL_BN_get_word(e), rng);
+        ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, en, rng);
         if (ret != MP_OKAY) {
             WOLFSSL_ERROR_MSG("wc_MakeRsaKey failed");
         }
@@ -3266,7 +3457,7 @@ WOLFSSL_RSA* wolfSSL_RSA_generate_key(int bits, unsigned long e,
         ret = wolfssl_rsa_generate_key_native(rsa, bits, bn, NULL);
     #ifdef HAVE_FIPS
         /* Keep trying if failed to find a prime. */
-        if (ret == PRIME_GEN_E) {
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) {
             continue;
         }
     #endif
@@ -3317,7 +3508,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e,
             int gen_ret = wolfssl_rsa_generate_key_native(rsa, bits, e, cb);
         #ifdef HAVE_FIPS
             /* Keep trying again if public key value didn't work. */
-            if (gen_ret == PRIME_GEN_E) {
+            if (gen_ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) {
                 continue;
             }
         #endif
@@ -3375,15 +3566,18 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e,
  * @param [out] em       Encoded message.
  * @param [in[  mHash    Message hash.
  * @param [in]  hashAlg  Hash algorithm.
+ * @param [in]  mgf1Hash MGF algorithm.
  * @param [in]  saltLen  Length of salt to generate.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
-    const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
+
+int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, int saltLen)
 {
     int ret = 1;
-    enum wc_HashType hashType;
+    enum wc_HashType hashType = WC_HASH_TYPE_NONE;
     int hashLen = 0;
     int emLen = 0;
     int mgf = 0;
@@ -3403,6 +3597,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
         ret = 0;
     }
 
+    if (mgf1Hash == NULL)
+        mgf1Hash = hashAlg;
+
     if (ret == 1) {
         /* Get/create an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
@@ -3428,7 +3625,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     }
     if (ret == 1) {
         /* Get the wolfCrypt MGF algorithm from hash algorithm. */
-        mgf = wc_hash2mgf(hashType);
+        mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash));
         if (mgf == WC_MGF1NONE) {
             WOLFSSL_ERROR_MSG("wc_hash2mgf error");
             ret = 0;
@@ -3446,7 +3643,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     if (ret == 1) {
         /* Get length of RSA key - encrypted message length. */
         emLen = wolfSSL_RSA_size(rsa);
-        if (ret <= 0) {
+        if (emLen <= 0) {
             WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error");
             ret = 0;
         }
@@ -3499,6 +3696,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     return ret;
 }
 
+int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
+    const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
+{
+    return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL,
+            saltLen);
+}
+
 /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message.
  *
  * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram.
@@ -3506,14 +3710,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
  * @param [in]  rsa      RSA key.
  * @param [in[  mHash    Message hash.
  * @param [in]  hashAlg  Hash algorithm.
+ * @param [in]  mgf1Hash MGF algorithm.
  * @param [in]  em       Encoded message.
  * @param [in]  saltLen  Length of salt to generate.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
-                                 const WOLFSSL_EVP_MD *hashAlg,
-                                 const unsigned char *em, int saltLen)
+int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen)
 {
     int ret = 1;
     int hashLen = 0;
@@ -3531,6 +3736,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
         ret = 0;
     }
 
+    if (mgf1Hash == NULL)
+        mgf1Hash = hashAlg;
+
     /* TODO: use wolfCrypt RSA key to get emLen and bits? */
     /* Set the external data from the wolfCrypt RSA key if not done. */
     if ((ret == 1) && (!rsa->exSet)) {
@@ -3593,7 +3801,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
 
     if (ret == 1) {
         /* Get the wolfCrypt MGF algorithm from hash algorithm. */
-        if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) {
+        if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) {
             WOLFSSL_ERROR_MSG("wc_hash2mgf error");
             ret = 0;
         }
@@ -3636,6 +3844,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
     XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
+
+int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
+                                 const WOLFSSL_EVP_MD *hashAlg,
+                                 const unsigned char *em, int saltLen)
+{
+    return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em,
+            saltLen);
+}
 #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
 #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY ||
         *                WOLFSSL_NGINX) */
@@ -3652,8 +3868,6 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
 
 #if defined(OPENSSL_EXTRA)
 
-#if !defined(HAVE_USER_RSA)
-
 /* Encode the message hash.
  *
  * Used by signing and verification.
@@ -3678,15 +3892,15 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
         ret = 0;
     }
 
-    if ((ret == 1) && (hashAlg != NID_undef) &&
-            (padding == RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (hashAlg != WC_NID_undef) &&
+            (padding == WC_RSA_PKCS1_PADDING)) {
         /* Convert hash algorithm to hash type for PKCS#1.5 padding. */
         hType = (int)nid2oid(hashAlg, oidHashType);
         if (hType == -1) {
             ret = 0;
         }
     }
-    if ((ret == 1) && (padding == RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (padding == WC_RSA_PKCS1_PADDING)) {
         /* PKCS#1.5 encoding. */
         word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType);
         if (encSz == 0) {
@@ -3698,7 +3912,7 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
         }
     }
     /* Other padding schemes require the hash as is. */
-    if ((ret == 1) && (padding != RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PADDING)) {
         XMEMCPY(enc, hash, hLen);
         *encLen = hLen;
     }
@@ -3726,7 +3940,7 @@ int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen,
     }
     /* flag is 1: output complete signature. */
     return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
-        sigLen, rsa, 1, RSA_PKCS1_PADDING);
+        sigLen, rsa, 1, WC_RSA_PKCS1_PADDING);
 }
 
 /* Sign the message hash using hash algorithm and RSA key.
@@ -3756,7 +3970,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
             *sigLen = RSA_MAX_SIZE / CHAR_BIT;
         }
         ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
-            sigLen, rsa, flag, RSA_PKCS1_PADDING);
+            sigLen, rsa, flag, WC_RSA_PKCS1_PADDING);
     }
 
     return ret;
@@ -3778,7 +3992,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
  *                           0: Output the value that the unpadded signature
  *                              should be compared to.
  * @param [in]      padding  Padding to use. Only RSA_PKCS1_PSS_PADDING and
- *                           RSA_PKCS1_PADDING are currently supported for
+ *                           WC_RSA_PKCS1_PADDING are currently supported for
  *                           signing.
  * @return  1 on success.
  * @return  0 on failure.
@@ -3867,7 +4081,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     if (ret == 1) {
         switch (padding) {
     #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen,
                 (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) {
                 WOLFSSL_ERROR_MSG("Bad Rsa Sign no pad");
@@ -3877,7 +4091,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     #endif
     #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1))
-        case RSA_PKCS1_PSS_PADDING:
+        case WC_RSA_PKCS1_PSS_PADDING:
         {
             enum wc_HashType hType =
                 wc_OidGetHash((int)nid2oid(hashAlg, oidHashType));
@@ -3896,14 +4110,14 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
         }
     #endif
     #ifndef WC_NO_RSA_OAEP
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             /* Not a signature padding scheme. */
             WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for "
                               "signing");
             ret = 0;
             break;
     #endif
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
         {
             /* Sign (private encrypt) PKCS#1 encoded signature. */
             if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen,
@@ -3956,7 +4170,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
     WOLFSSL_RSA* rsa)
 {
     return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa,
-        RSA_PKCS1_PADDING);
+        WC_RSA_PKCS1_PADDING);
 }
 
 /**
@@ -3971,7 +4185,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
  * @param [in]  sigLen   Length of signature data.
  * @param [in]  rsa      RSA key used to sign the input
  * @param [in]  padding  Padding to use. Only RSA_PKCS1_PSS_PADDING and
- *                       RSA_PKCS1_PADDING are currently supported for
+ *                       WC_RSA_PKCS1_PADDING are currently supported for
  *                       signing.
  * @return  1 on success.
  * @return  0 on failure.
@@ -4011,7 +4225,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
         }
     }
 #ifdef WOLFSSL_SMALL_STACK
-    if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) {
         /* Allocate memory for encoded signature. */
         encodedSig = (unsigned char *)XMALLOC(len, NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -4021,7 +4235,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
         }
     }
 #endif
-    if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) {
         /* Make encoded signature to compare with decrypted signature. */
         if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len,
                 padding) <= 0) {
@@ -4050,7 +4264,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
     if (ret == 1) {
     #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1))
-        if (padding == RSA_PKCS1_PSS_PADDING) {
+        if (padding == WC_RSA_PKCS1_PSS_PADDING) {
             /* Check PSS padding is valid. */
             if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen,
                     hType, DEF_PSS_SALT_LEN,
@@ -4082,8 +4296,6 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
  * RSA public/private encrypt/decrypt APIs
  */
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
-
 /* Encrypt with the RSA public key.
  *
  * Return compliant with OpenSSL.
@@ -4121,43 +4333,43 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
     #if !defined(HAVE_FIPS)
         /* Convert to wolfCrypt padding, hash and MGF. */
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             pad_type = WC_RSA_OAEP_PAD;
             hash = WC_HASH_TYPE_SHA;
             mgf = WC_MGF1SHA1;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         default:
             WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding "
                               "scheme");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         /* Check for supported padding schemes in FIPS. */
         /* TODO: Do we support more schemes in later versions of FIPS? */
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4165,7 +4377,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4173,7 +4385,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         /* Get an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
         if (rng == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4199,7 +4411,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret);
     return ret;
@@ -4234,41 +4446,41 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
     #if !defined(HAVE_FIPS)
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             pad_type = WC_RSA_OAEP_PAD;
             hash = WC_HASH_TYPE_SHA;
             mgf = WC_MGF1SHA1;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         default:
             WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         /* Check for supported padding schemes in FIPS. */
         /* TODO: Do we support more schemes in later versions of FIPS? */
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4276,7 +4488,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4294,7 +4506,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret);
     return ret;
@@ -4325,35 +4537,35 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         /* TODO: RSA_X931_PADDING not supported */
         default:
             WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4361,7 +4573,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4380,7 +4592,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret);
     return ret;
@@ -4417,45 +4629,45 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
     #ifdef WC_RSA_NO_PADDING
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
     #endif
             break;
         /* TODO: RSA_X931_PADDING not supported */
         default:
             WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
         /* Get an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
         if (rng == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     if (ret == 0) {
         /* Use wolfCrypt to private-encrypt with RSA key.
          * Size of output buffer must be size of RSA key. */
-        if (padding == RSA_PKCS1_PADDING) {
+        if (padding == WC_RSA_PKCS1_PADDING) {
             ret = wc_RsaSSL_Sign(from, (word32)len, to,
                 (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng);
         }
     #ifdef WC_RSA_NO_PADDING
-        else if (padding == RSA_NO_PADDING) {
+        else if (padding == WC_RSA_NO_PAD) {
             word32 outLen = (word32)wolfSSL_RSA_size(rsa);
             ret = wc_RsaFunction(from, (word32)len, to, &outLen,
                     RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng);
@@ -4476,12 +4688,11 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret);
     return ret;
 }
-#endif /* !HAVE_USER_RSA && !HAVE_FAST_RSA */
 
 /*
  * RSA misc operation APIs
@@ -4512,7 +4723,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
     if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) ||
             (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) {
         WOLFSSL_ERROR_MSG("rsa no init error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -4521,7 +4732,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
                                      DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             WOLFSSL_ERROR_MSG("Memory allocation failure");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -4530,7 +4741,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         /* Initialize temp MP integer. */
         if (mp_init(tmp) != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_init error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4541,7 +4752,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_sub_d error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4550,7 +4761,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
             (mp_int*)rsa->dmp1->internal);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_mod error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4558,7 +4769,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_sub_d error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4567,21 +4778,21 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
             (mp_int*)rsa->dmq1->internal);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_mod error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     mp_clear(t);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (tmp != NULL)
+    if (rsa != NULL) {
         XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 #endif
 
     return ret;
 }
 
-#endif /* !HAVE_USER_RSA */
 
 #ifndef NO_WOLFSSL_STUB
 /* Enable blinding for RSA key operations.
@@ -4749,34 +4960,34 @@ int SetDsaExternal(WOLFSSL_DSA* dsa)
 
     if (dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("dsa key NULL error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     key = (DsaKey*)dsa->internal;
 
     if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) {
         WOLFSSL_MSG("dsa p key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) {
         WOLFSSL_MSG("dsa q key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) {
         WOLFSSL_MSG("dsa g key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->pub_key, &key->y) != 1) {
         WOLFSSL_MSG("dsa y key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->priv_key, &key->x) != 1) {
         WOLFSSL_MSG("dsa x key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->exSet = 1;
@@ -4794,7 +5005,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
 
     if (dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("dsa key NULL error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     key = (DsaKey*)dsa->internal;
@@ -4802,25 +5013,25 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
     if (dsa->p != NULL &&
         wolfssl_bn_get_value(dsa->p, &key->p) != 1) {
         WOLFSSL_MSG("rsa p key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->q != NULL &&
         wolfssl_bn_get_value(dsa->q, &key->q) != 1) {
         WOLFSSL_MSG("rsa q key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->g != NULL &&
         wolfssl_bn_get_value(dsa->g, &key->g) != 1) {
         WOLFSSL_MSG("rsa g key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->pub_key != NULL) {
         if (wolfssl_bn_get_value(dsa->pub_key, &key->y) != 1) {
             WOLFSSL_MSG("rsa pub_key error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* public key */
@@ -4830,7 +5041,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
     if (dsa->priv_key != NULL) {
         if (wolfssl_bn_get_value(dsa->priv_key, &key->x) != 1) {
             WOLFSSL_MSG("rsa priv_key error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* private key */
@@ -4878,7 +5089,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
 #ifdef WOLFSSL_SMALL_STACK
         tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRng == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         if (wc_InitRng(tmpRng) == 0) {
             rng = tmpRng;
@@ -4982,7 +5193,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 #ifdef WOLFSSL_SMALL_STACK
         tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRng == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         if (wc_InitRng(tmpRng) == 0) {
             rng = tmpRng;
@@ -5066,15 +5277,19 @@ int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
     WOLFSSL_ENTER("wolfSSL_DSA_set0_key");
 
     /* The private key may be NULL */
-    if (pub_key == NULL) {
+    if (d->pub_key == NULL && pub_key == NULL) {
         WOLFSSL_MSG("Bad parameter");
         return 0;
     }
 
-    wolfSSL_BN_free(d->pub_key);
-    wolfSSL_BN_free(d->priv_key);
-    d->pub_key = pub_key;
-    d->priv_key = priv_key;
+    if (pub_key != NULL) {
+        wolfSSL_BN_free(d->pub_key);
+        d->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        wolfSSL_BN_free(d->priv_key);
+        d->priv_key = priv_key;
+    }
 
     return 1;
 }
@@ -5150,20 +5365,20 @@ int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out)
     if (sig == NULL || sig->r == NULL || sig->s == NULL ||
             out == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (StoreECC_DSA_Sig(buf, &bufLen,
             (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) {
         WOLFSSL_MSG("StoreECC_DSA_Sig error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out == NULL) {
         byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1);
         if (tmp == NULL) {
             WOLFSSL_MSG("malloc error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         *out = tmp;
     }
@@ -5287,13 +5502,13 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
 
     return ret;
 }
-#endif /* HAVE_SELFTEST */
 
-/* return 1 on success, < 0 otherwise */
-int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
-                       WOLFSSL_DSA* dsa)
+#endif /* !HAVE_SELFTEST */
+
+static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet,
+        WOLFSSL_DSA* dsa)
 {
-    int     ret = -1;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int     initTmpRng = 0;
     WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
@@ -5302,25 +5517,23 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     WC_RNG  tmpRng[1];
 #endif
 
-    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
-
     if (d == NULL || sigRet == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return ret;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->inSet == 0) {
         WOLFSSL_MSG("No DSA internal set, do it");
         if (SetDsaInternal(dsa) != 1) {
             WOLFSSL_MSG("SetDsaInternal failed");
-            return ret;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
 #ifdef WOLFSSL_SMALL_STACK
     tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
     if (tmpRng == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
 
     if (wc_InitRng(tmpRng) == 0) {
@@ -5329,14 +5542,30 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     }
     else {
         WOLFSSL_MSG("Bad RNG Init, trying global");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
+        tmpRng = NULL;
+#endif
         rng = wolfssl_get_global_rng();
+        if (! rng)
+            return WOLFSSL_FATAL_ERROR;
     }
 
     if (rng) {
-        if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
-            WOLFSSL_MSG("DsaSign failed");
+#ifdef HAVE_SELFTEST
+        if (dLen != WC_SHA_DIGEST_SIZE ||
+                wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
+            WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+#else
+        if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
+            WOLFSSL_MSG("wc_DsaSign_ex failed");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+#endif
         else
-            ret = 1;
+            ret = WOLFSSL_SUCCESS;
     }
 
     if (initTmpRng)
@@ -5348,6 +5577,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     return ret;
 }
 
+/* return 1 on success, < 0 otherwise */
+int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
+                       WOLFSSL_DSA* dsa)
+{
+    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
+
+    return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa);
+}
+
 #ifndef HAVE_SELFTEST
 WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
                                         int inLen, WOLFSSL_DSA* dsa)
@@ -5358,12 +5596,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
 
-    if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !dsa) {
         WOLFSSL_MSG("Bad function arguments");
         return NULL;
     }
 
-    if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) {
+    if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) {
         WOLFSSL_MSG("wolfSSL_DSA_do_sign error");
         return NULL;
     }
@@ -5382,18 +5620,16 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
     /* 2 * sigLen for the two points r and s */
     return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen);
 }
-#endif /* !HAVE_SELFTEST */
+#endif
 
-int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig,
                         WOLFSSL_DSA* dsa, int *dsacheck)
 {
-    int    ret = -1;
-
-    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+    int    ret;
 
     if (d == NULL || sig == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (dsa->inSet == 0)
     {
@@ -5401,17 +5637,35 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
 
         if (SetDsaInternal(dsa) != 1) {
             WOLFSSL_MSG("SetDsaInternal failed");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
-    ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
-    if (ret != 0 || *dsacheck != 1) {
+#ifdef HAVE_SELFTEST
+    ret = dLen == WC_SHA_DIGEST_SIZE ?
+          wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG;
+#else
+    ret = wc_DsaVerify_ex(d, (word32)dLen, sig, (DsaKey*)dsa->internal,
+        dsacheck);
+#endif
+    if (ret != 0) {
         WOLFSSL_MSG("DsaVerify failed");
-        return ret;
+        return WOLFSSL_FATAL_ERROR;
+    }
+    if (*dsacheck != 1) {
+        WOLFSSL_MSG("DsaVerify sig failed");
+        return WOLFSSL_FAILURE;
     }
 
-    return 1;
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+                        WOLFSSL_DSA* dsa, int *dsacheck)
+{
+    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+
+    return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck);
 }
 
 
@@ -5436,7 +5690,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex");
 
-    if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !sig || !dsa) {
         WOLFSSL_MSG("Bad function arguments");
         return 0;
     }
@@ -5488,16 +5742,16 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
     if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1)
         return 0;
 
-    if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck)
+    if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck)
                                          != 1) || dsacheck != 1) {
         return 0;
     }
 
     return 1;
 }
-#endif /* !HAVE_SELFTEST */
+#endif
 
-WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
+int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
     unsigned char** out)
 {
     int ret = 0;
@@ -5514,7 +5768,7 @@ WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
     if (ret == 0) {
         key = (DsaKey*)dsa->internal;
         ret = wc_DsaKeyToParamsDer_ex(key, NULL, &derLen);
-        if (ret == LENGTH_ONLY_E) {
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             ret = 0;
         }
     }
@@ -5606,99 +5860,115 @@ WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA** dsa, const unsigned char** der,
  * Returns 1 or 0
  */
 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
-                                       const EVP_CIPHER* cipher,
-                                       unsigned char* passwd, int len,
-                                       wc_pem_password_cb* cb, void* arg)
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    wc_pem_password_cb* cb, void* arg)
 {
-    int ret = 0, der_max_len = 0, derSz = 0;
-    byte *derBuf;
-    WOLFSSL_EVP_PKEY* pkey;
+    int ret = 1;
+    byte *pem = NULL;
+    int pLen = 0;
 
     WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSAPrivateKey");
 
-    if (bio == NULL || dsa == NULL) {
+    (void)cb;
+    (void)arg;
+
+    /* Validate parameters. */
+    if ((bio == NULL) || (dsa == NULL)) {
         WOLFSSL_MSG("Bad Function Arguments");
-        return 0;
+        ret = 0;
     }
 
-    pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
-    if (pkey == NULL) {
-        WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
-        return 0;
+    if (ret == 1) {
+        ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, cipher, passwd, passwdSz,
+            &pem, &pLen);
     }
 
-    pkey->type   = EVP_PKEY_DSA;
-    pkey->dsa    = dsa;
-    pkey->ownDsa = 0;
-
-    /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
-    der_max_len = MAX_DSA_PRIVKEY_SZ;
-
-    derBuf = (byte*)XMALLOC((size_t)der_max_len, bio->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (derBuf == NULL) {
-        WOLFSSL_MSG("Malloc failed");
-        wolfSSL_EVP_PKEY_free(pkey);
-        return 0;
+    /* Write PEM to BIO. */
+    if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) != pLen)) {
+        WOLFSSL_ERROR_MSG("DSA private key BIO write failed");
+        ret = 0;
     }
 
-    /* convert key to der format */
-    derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, (word32)der_max_len);
-    if (derSz < 0) {
-        WOLFSSL_MSG("wc_DsaKeyToDer failed");
-        XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        wolfSSL_EVP_PKEY_free(pkey);
-        return 0;
-    }
-
-    pkey->pkey.ptr = (char*)XMALLOC((size_t)derSz, bio->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (pkey->pkey.ptr == NULL) {
-        WOLFSSL_MSG("key malloc failed");
-        XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        wolfSSL_EVP_PKEY_free(pkey);
-        return 0;
-    }
-
-    /* add der info to the evp key */
-    pkey->pkey_sz = derSz;
-    XMEMCPY(pkey->pkey.ptr, derBuf, (size_t)derSz);
-    XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-    ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len,
-                                        cb, arg);
-    wolfSSL_EVP_PKEY_free(pkey);
-
+    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
     return ret;
 }
 
 #ifndef HAVE_SELFTEST
+/* Encode the DSA public key as DER.
+ *
+ * @param [in]  key   DSA key to encode.
+ * @param [out] der   Pointer through which buffer is returned.
+ * @param [in]  heap  Heap hint.
+ * @return  Size of encoding on success.
+ * @return  0 on error.
+ */
+static int wolfssl_dsa_key_to_pubkey_der(WOLFSSL_DSA* key, unsigned char** der,
+    void* heap)
+{
+    int sz;
+    unsigned char* buf = NULL;
+
+    /* Use maximum encoded size to allocate. */
+    sz = MAX_DSA_PUBKEY_SZ;
+    /* Allocate memory to hold encoding. */
+    buf = (byte*)XMALLOC((size_t)sz, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        sz = 0;
+    }
+    if (sz > 0) {
+        /* Encode public key to DER using wolfSSL.  */
+        sz = wc_DsaKeyToPublicDer((DsaKey*)key->internal, buf, (word32)sz);
+        if (sz < 0) {
+            WOLFSSL_MSG("wc_DsaKeyToPublicDer failed");
+            sz = 0;
+        }
+    }
+
+    /* Return buffer on success. */
+    if (sz > 0) {
+        *der = buf;
+    }
+    else {
+        /* Dispose of any dynamically allocated data not returned. */
+        XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+
+    return sz;
+}
+
 /* Takes a DSA public key and writes it out to a WOLFSSL_BIO
  * Returns 1 or 0
  */
 int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
 {
-    int ret = 0;
-    WOLFSSL_EVP_PKEY* pkey;
+    int ret = 1;
+    unsigned char* derBuf = NULL;
+    int derSz = 0;
+
     WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY");
 
-    if (bio == NULL || dsa == NULL) {
-        WOLFSSL_MSG("Bad function arguments");
+    /* Validate parameters. */
+    if ((bio == NULL) || (dsa == NULL)) {
+        WOLFSSL_MSG("Bad Function Arguments");
         return 0;
     }
 
-    pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
-    if (pkey == NULL) {
-        WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
-        return 0;
+    /* Encode public key in EC key as DER. */
+    derSz = wolfssl_dsa_key_to_pubkey_der(dsa, &derBuf, bio->heap);
+    if (derSz == 0) {
+        ret = 0;
     }
 
-    pkey->type   = EVP_PKEY_DSA;
-    pkey->dsa    = dsa;
-    pkey->ownDsa = 0;
+    /* Write out to BIO the PEM encoding of the DSA public key. */
+    if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio,
+            PUBLICKEY_TYPE) != 1)) {
+        ret = 0;
+    }
+
+    /* Dispose of any dynamically allocated data. */
+    XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
-    ret = pem_write_bio_pubkey(bio, pkey);
-    wolfSSL_EVP_PKEY_free(pkey);
     return ret;
 }
 #endif /* HAVE_SELFTEST */
@@ -5708,7 +5978,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
  *   1 if success, 0 if error
  */
 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
-                                        const EVP_CIPHER* cipher,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int passwdSz,
                                         unsigned char **pem, int *pLen)
 {
@@ -5778,8 +6048,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
     if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
         XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
-        if (cipherInfo != NULL)
-            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
         return 0;
     }
 
@@ -5790,13 +6059,11 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
         WOLFSSL_MSG("wc_DerToPemEx failed");
         XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
-        if (cipherInfo != NULL)
-            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
         return 0;
     }
     XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
-    if (cipherInfo != NULL)
-        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
+    XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
 
     *pem = (byte*)XMALLOC((size_t)((*pLen)+1), NULL, DYNAMIC_TYPE_KEY);
     if (*pem == NULL) {
@@ -5831,7 +6098,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
  *   1 if success, 0 if error
  */
 int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
-                                    const EVP_CIPHER *enc,
+                                    const WOLFSSL_EVP_CIPHER *enc,
                                     unsigned char *kstr, int klen,
                                     wc_pem_password_cb *cb, void *u)
 {
@@ -5972,19 +6239,19 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz
 
     if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal,
         (word32)derSz);
     if (ret < 0) {
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetDsaExternal(dsa) != 1) {
         WOLFSSL_MSG("SetDsaExternal failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->inSet = 1;
@@ -6004,7 +6271,7 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
 
     if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (opt == WOLFSSL_DSA_LOAD_PRIVATE) {
@@ -6019,17 +6286,17 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
     if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) {
         WOLFSSL_ERROR_VERBOSE(ret);
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) {
         WOLFSSL_ERROR_VERBOSE(ret);
         WOLFSSL_MSG("DsaPublicKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetDsaExternal(dsa) != 1) {
         WOLFSSL_MSG("SetDsaExternal failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->inSet = 1;
@@ -6277,17 +6544,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
      * FIPS v2 module */
     switch (nid) {
 #ifdef HAVE_FFDHE_2048
-    case NID_ffdhe2048:
+    case WC_NID_ffdhe2048:
         params = wc_Dh_ffdhe2048_Get();
         break;
 #endif /* HAVE_FFDHE_2048 */
 #ifdef HAVE_FFDHE_3072
-    case NID_ffdhe3072:
+    case WC_NID_ffdhe3072:
         params = wc_Dh_ffdhe3072_Get();
         break;
 #endif /* HAVE_FFDHE_3072 */
 #ifdef HAVE_FFDHE_4096
-    case NID_ffdhe4096:
+    case WC_NID_ffdhe4096:
         params = wc_Dh_ffdhe4096_Get();
         break;
 #endif /* HAVE_FFDHE_4096 */
@@ -6373,17 +6640,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
 
     switch (nid) {
 #ifdef HAVE_FFDHE_2048
-    case NID_ffdhe2048:
+    case WC_NID_ffdhe2048:
         name = WC_FFDHE_2048;
         break;
 #endif /* HAVE_FFDHE_2048 */
 #ifdef HAVE_FFDHE_3072
-    case NID_ffdhe3072:
+    case WC_NID_ffdhe3072:
         name = WC_FFDHE_3072;
         break;
 #endif /* HAVE_FFDHE_3072 */
 #ifdef HAVE_FFDHE_4096
-    case NID_ffdhe4096:
+    case WC_NID_ffdhe4096:
         name = WC_FFDHE_4096;
         break;
 #endif /* HAVE_FFDHE_4096 */
@@ -7147,7 +7414,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
 
 #ifndef NO_CERTS
 
-/* Load the DER encoded DH parameters/key into DH key.
+/* Load the DER encoded DH parameters into DH key.
  *
  * @param [in, out] dh      DH key to load parameters into.
  * @param [in]      der     Buffer holding DER encoded parameters data.
@@ -7158,7 +7425,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
  * @return  0 on success.
  * @return  1 when decoding DER or setting the external key fails.
  */
-static int wolfssl_dh_load_key(WOLFSSL_DH* dh, const unsigned char* der,
+static int wolfssl_dh_load_params(WOLFSSL_DH* dh, const unsigned char* der,
     word32* idx, word32 derSz)
 {
     int err = 0;
@@ -7271,7 +7538,7 @@ WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH** dh, const unsigned char** pp,
         WOLFSSL_ERROR_MSG("wolfSSL_DH_new() failed");
         err = 1;
     }
-    if ((!err) && (wolfssl_dh_load_key(newDh, *pp, &idx,
+    if ((!err) && (wolfssl_dh_load_params(newDh, *pp, &idx,
             (word32)length) != 0)) {
         WOLFSSL_ERROR_MSG("Loading DH parameters failed");
         err = 1;
@@ -7334,7 +7601,7 @@ int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out)
             *out += len;
         }
         /* An error occurred unless only length returned. */
-        else if (ret != LENGTH_ONLY_E) {
+        else if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             err = 1;
         }
     }
@@ -7428,13 +7695,13 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz)
     if ((dh == NULL) || (dh->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
-    if ((ret == 1) && (wolfssl_dh_load_key(dh, derBuf, &idx,
+    if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx,
             (word32)derSz) != 0)) {
         WOLFSSL_ERROR_MSG("DH key decode failed");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -7484,7 +7751,7 @@ static WOLFSSL_DH *wolfssl_dhparams_read_pem(WOLFSSL_DH **dh,
     }
     if (memAlloced) {
         /* PEM data no longer needed.  */
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+        XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     if (!err) {
@@ -7622,10 +7889,10 @@ WOLFSSL_DH* wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH** dh,
 static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
     void* heap)
 {
-    int ret = -1;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int err = 0;
     byte* der = NULL;
-    word32 derSz;
+    word32 derSz = 0;
     DhKey* key = NULL;
 
     (void)heap;
@@ -7639,7 +7906,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
         /* Use wolfSSL API to get length of DER encode DH parameters. */
         key = (DhKey*)dh->internal;
         ret = wc_DhParamsToDer(key, NULL, &derSz);
-        if (ret != LENGTH_ONLY_E) {
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             WOLFSSL_ERROR_MSG("Failed to get size of DH params");
             err = 1;
         }
@@ -7666,9 +7933,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
         *out = der;
         der = NULL;
     }
-    if (der != NULL) {
-        XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -7684,7 +7949,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
 int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh)
 {
     int ret = 1;
-    int derSz;
+    int derSz = 0;
     byte* derBuf = NULL;
     void* heap = NULL;
 
@@ -7710,7 +7975,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh)
         }
     }
     if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp,
-            DH_PARAM_TYPE, NULL) != WOLFSSL_SUCCESS)) {
+            DH_PARAM_TYPE, NULL) != 1)) {
         ret = 0;
     }
 
@@ -7753,7 +8018,7 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
     /* Validate parameters. */
     if ((dh == NULL) || (dh->internal == NULL)) {
         WOLFSSL_ERROR_MSG("dh key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -7765,21 +8030,21 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
         /* Set the prime. */
         if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) {
             WOLFSSL_ERROR_MSG("dh param p error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_G)) {
         /* Set the generator. */
         if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) {
             WOLFSSL_ERROR_MSG("dh param g error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_Q)) {
         /* Set the order. */
         if (wolfssl_bn_set_value(&dh->q, &key->q) != 1) {
             WOLFSSL_ERROR_MSG("dh param q error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #ifdef WOLFSSL_DH_EXTRA
@@ -7787,14 +8052,14 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
         /* Set the private key. */
         if (wolfssl_bn_set_value(&dh->priv_key, &key->priv) != 1) {
             WOLFSSL_ERROR_MSG("No DH Private Key");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_PUB)) {
         /* Set the public key. */
         if (wolfssl_bn_set_value(&dh->pub_key, &key->pub) != 1) {
             WOLFSSL_ERROR_MSG("No DH Public Key");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif /* WOLFSSL_DH_EXTRA */
@@ -7839,7 +8104,7 @@ int SetDhInternal(WOLFSSL_DH* dh)
     /* Validate parameters. */
     if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 1) {
         /* Get the wolfSSL DH key. */
@@ -7848,26 +8113,26 @@ int SetDhInternal(WOLFSSL_DH* dh)
         /* Clear out key and initialize. */
         wc_FreeDhKey(key);
         if (wc_InitDhKey(key) != 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Transfer prime. */
         if (wolfssl_bn_get_value(dh->p, &key->p) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Transfer generator. */
         if (wolfssl_bn_get_value(dh->g, &key->g) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #ifdef HAVE_FFDHE_Q
     /* Transfer order if available. */
     if ((ret == 1) && (dh->q != NULL)) {
         if (wolfssl_bn_get_value(dh->q, &key->q) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -7876,14 +8141,14 @@ int SetDhInternal(WOLFSSL_DH* dh)
     if ((ret == 1) && (dh->priv_key != NULL) &&
             (!wolfSSL_BN_is_zero(dh->priv_key))) {
         if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Transfer public key if available. */
     if ((ret == 1) && (dh->pub_key != NULL) &&
             (!wolfSSL_BN_is_zero(dh->pub_key))) {
         if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif /* WOLFSSL_DH_EXTRA */
@@ -7906,17 +8171,14 @@ int SetDhInternal(WOLFSSL_DH* dh)
  */
 int wolfSSL_DH_size(WOLFSSL_DH* dh)
 {
-    int ret = -1;
-
     WOLFSSL_ENTER("wolfSSL_DH_size");
 
-    /* Validate parameter. */
-    if (dh != NULL) {
-        /* Size of key is size of prime in bytes. */
-        ret = wolfSSL_BN_num_bytes(dh->p);
-    }
+    if (dh == NULL)
+        return WOLFSSL_FATAL_ERROR;
 
-    return ret;
+    /* Validate parameter. */
+    /* Size of key is size of prime in bytes. */
+    return wolfSSL_BN_num_bytes(dh->p);
 }
 
 /**
@@ -8443,6 +8705,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
         /* Private key size can be as much as the size of the prime. */
         if (dh->length) {
             privSz = (word32)(dh->length / 8); /* to bytes */
+            /* Special case where priv key is larger than dh->length / 8
+             * See GeneratePrivateDh */
+            if (dh->length == 128)
+                privSz = 21;
         }
         else {
             privSz = pubSz;
@@ -8509,26 +8775,14 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 }
 
 
-/* Compute the shared key from the private key and peer's public key.
- *
- * Return code compliant with OpenSSL.
- * OpenSSL returns 0 when number of bits in p are smaller than minimum
- * supported.
- *
- * @param [out] key       Buffer to place shared key.
- * @param [in]  otherPub  Peer's public key.
- * @param [in]  dh        DH key containing private key.
- * @return  -1 on error.
- * @return  Size of shared secret in bytes on success.
- */
-int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
-    WOLFSSL_DH* dh)
+static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
+    WOLFSSL_DH* dh, int ct)
 {
     int            ret    = 0;
     word32         keySz  = 0;
     int            pubSz  = MAX_DHKEY_SZ;
     int            privSz = MAX_DHKEY_SZ;
-    int            sz;
+    int            sz     = 0;
 #ifdef WOLFSSL_SMALL_STACK
     unsigned char* pub    = NULL;
     unsigned char* priv   = NULL;
@@ -8542,19 +8796,19 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
     /* Validate parameters. */
     if ((dh == NULL) || (dh->priv_key == NULL) || (otherPub == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the maximum size of computed DH key. */
-    if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) {
+    if ((ret == 0) && ((keySz = (word32)wolfSSL_DH_size(dh)) == 0)) {
         WOLFSSL_ERROR_MSG("Bad DH_size");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* Validate the size of the private key. */
         sz = wolfSSL_BN_num_bytes(dh->priv_key);
         if (sz > (int)privSz) {
             WOLFSSL_ERROR_MSG("Bad priv internal size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
@@ -8567,7 +8821,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         sz = wolfSSL_BN_num_bytes(otherPub);
         if (sz > pubSz) {
             WOLFSSL_ERROR_MSG("Bad otherPub size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -8577,14 +8831,14 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         pub = (unsigned char*)XMALLOC((size_t)sz, NULL,
             DYNAMIC_TYPE_PUBLIC_KEY);
         if (pub == NULL)
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* Allocate memory for the private key array. */
         priv = (unsigned char*)XMALLOC((size_t)privSz, NULL,
             DYNAMIC_TYPE_PRIVATE_KEY);
         if (priv == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
@@ -8592,28 +8846,58 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         /* Get the private key into the array. */
         privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
         if (privSz <= 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* Get the public key into the array. */
         pubSz  = wolfSSL_BN_bn2bin(otherPub, pub);
-        if (privSz <= 0) {
-            ret = -1;
+        if (pubSz <= 0) {
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Synchronize the external into the internal parameters. */
     if ((ret == 0) && ((dh->inSet == 0) && (SetDhInternal(dh) != 1))) {
         WOLFSSL_ERROR_MSG("Bad DH set internal");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     PRIVATE_KEY_UNLOCK();
     /* Calculate shared secret from private and public keys. */
-    if ((ret == 0) && (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
-            (word32)privSz, pub, (word32)pubSz) < 0)) {
-        WOLFSSL_ERROR_MSG("wc_DhAgree failed");
-        ret = -1;
+    if (ret == 0) {
+        word32 padded_keySz = keySz;
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && !defined(HAVE_SELFTEST)
+        if (ct) {
+            if (wc_DhAgree_ct((DhKey*)dh->internal, key, &keySz, priv,
+                           (word32)privSz, pub, (word32)pubSz) < 0) {
+                WOLFSSL_ERROR_MSG("wc_DhAgree_ct failed");
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+        }
+        else
+#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
+        {
+            if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
+                           (word32)privSz, pub, (word32)pubSz) < 0) {
+                WOLFSSL_ERROR_MSG("wc_DhAgree failed");
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+        }
+
+        if ((ret == 0) && ct) {
+            /* Arrange for correct fixed-length, right-justified key, even if
+             * the crypto back end doesn't support it.  With some crypto back
+             * ends this forgoes formal constant-timeness on the key agreement,
+             * but assured that wolfSSL_DH_compute_key_padded() functions
+             * correctly.
+             */
+            if (keySz < padded_keySz) {
+                XMEMMOVE(key, key + (padded_keySz - keySz),
+                         padded_keySz - keySz);
+                XMEMSET(key, 0, padded_keySz - keySz);
+                keySz = padded_keySz;
+            }
+        }
     }
     if (ret == 0) {
         /* Return actual length. */
@@ -8637,6 +8921,45 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
 
     return ret;
 }
+
+/* Compute the shared key from the private key and peer's public key.
+ *
+ * Return code compliant with OpenSSL.
+ * OpenSSL returns 0 when number of bits in p are smaller than minimum
+ * supported.
+ *
+ * @param [out] key       Buffer to place shared key.
+ * @param [in]  otherPub  Peer's public key.
+ * @param [in]  dh        DH key containing private key.
+ * @return  -1 on error.
+ * @return  Size of shared secret in bytes on success.
+ */
+int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
+    WOLFSSL_DH* dh)
+{
+    return _DH_compute_key(key, otherPub, dh, 0);
+}
+
+/* Compute the shared key from the private key and peer's public key as in
+ * wolfSSL_DH_compute_key, but using constant time processing, with an output
+ * key length fixed at the nominal DH key size.  Leading zeros are retained.
+ *
+ * Return code compliant with OpenSSL.
+ * OpenSSL returns 0 when number of bits in p are smaller than minimum
+ * supported.
+ *
+ * @param [out] key       Buffer to place shared key.
+ * @param [in]  otherPub  Peer's public key.
+ * @param [in]  dh        DH key containing private key.
+ * @return  -1 on error.
+ * @return  Size of shared secret in bytes on success.
+ */
+int wolfSSL_DH_compute_key_padded(unsigned char* key,
+    const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh)
+{
+    return _DH_compute_key(key, otherPub, dh, 1);
+}
+
 #endif /* !HAVE_FIPS || (HAVE_FIPS && !WOLFSSL_DH_EXTRA) ||
         * HAVE_FIPS_VERSION > 2 */
 
@@ -8741,7 +9064,7 @@ int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth)
 
     if (meth != NULL) {
         /* Only field type supported by code base. */
-        nid = NID_X9_62_prime_field;
+        nid = WC_NID_X9_62_prime_field;
     }
 
     return nid;
@@ -8765,66 +9088,66 @@ int EccEnumToNID(int n)
 
     switch(n) {
         case ECC_SECP192R1:
-            return NID_X9_62_prime192v1;
+            return WC_NID_X9_62_prime192v1;
         case ECC_PRIME192V2:
-            return NID_X9_62_prime192v2;
+            return WC_NID_X9_62_prime192v2;
         case ECC_PRIME192V3:
-            return NID_X9_62_prime192v3;
+            return WC_NID_X9_62_prime192v3;
         case ECC_PRIME239V1:
-            return NID_X9_62_prime239v1;
+            return WC_NID_X9_62_prime239v1;
         case ECC_PRIME239V2:
-            return NID_X9_62_prime239v2;
+            return WC_NID_X9_62_prime239v2;
         case ECC_PRIME239V3:
-            return NID_X9_62_prime239v3;
+            return WC_NID_X9_62_prime239v3;
         case ECC_SECP256R1:
-            return NID_X9_62_prime256v1;
+            return WC_NID_X9_62_prime256v1;
         case ECC_SECP112R1:
-            return NID_secp112r1;
+            return WC_NID_secp112r1;
         case ECC_SECP112R2:
-            return NID_secp112r2;
+            return WC_NID_secp112r2;
         case ECC_SECP128R1:
-            return NID_secp128r1;
+            return WC_NID_secp128r1;
         case ECC_SECP128R2:
-            return NID_secp128r2;
+            return WC_NID_secp128r2;
         case ECC_SECP160R1:
-            return NID_secp160r1;
+            return WC_NID_secp160r1;
         case ECC_SECP160R2:
-            return NID_secp160r2;
+            return WC_NID_secp160r2;
         case ECC_SECP224R1:
-            return NID_secp224r1;
+            return WC_NID_secp224r1;
         case ECC_SECP384R1:
-            return NID_secp384r1;
+            return WC_NID_secp384r1;
         case ECC_SECP521R1:
-            return NID_secp521r1;
+            return WC_NID_secp521r1;
         case ECC_SECP160K1:
-            return NID_secp160k1;
+            return WC_NID_secp160k1;
         case ECC_SECP192K1:
-            return NID_secp192k1;
+            return WC_NID_secp192k1;
         case ECC_SECP224K1:
-            return NID_secp224k1;
+            return WC_NID_secp224k1;
         case ECC_SECP256K1:
-            return NID_secp256k1;
+            return WC_NID_secp256k1;
         case ECC_BRAINPOOLP160R1:
-            return NID_brainpoolP160r1;
+            return WC_NID_brainpoolP160r1;
         case ECC_BRAINPOOLP192R1:
-            return NID_brainpoolP192r1;
+            return WC_NID_brainpoolP192r1;
         case ECC_BRAINPOOLP224R1:
-            return NID_brainpoolP224r1;
+            return WC_NID_brainpoolP224r1;
         case ECC_BRAINPOOLP256R1:
-            return NID_brainpoolP256r1;
+            return WC_NID_brainpoolP256r1;
         case ECC_BRAINPOOLP320R1:
-            return NID_brainpoolP320r1;
+            return WC_NID_brainpoolP320r1;
         case ECC_BRAINPOOLP384R1:
-            return NID_brainpoolP384r1;
+            return WC_NID_brainpoolP384r1;
         case ECC_BRAINPOOLP512R1:
-            return NID_brainpoolP512r1;
+            return WC_NID_brainpoolP512r1;
     #ifdef WOLFSSL_SM2
         case ECC_SM2P256V1:
-            return NID_sm2;
+            return WC_NID_sm2;
     #endif
         default:
             WOLFSSL_MSG("NID not found");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
@@ -8840,95 +9163,96 @@ int EccEnumToNID(int n)
  */
 int NIDToEccEnum(int nid)
 {
-    /* -1 on error. */
-    int id = -1;
+    int id;
 
     WOLFSSL_ENTER("NIDToEccEnum");
 
     switch (nid) {
-        case NID_X9_62_prime192v1:
+        case WC_NID_X9_62_prime192v1:
             id = ECC_SECP192R1;
             break;
-        case NID_X9_62_prime192v2:
+        case WC_NID_X9_62_prime192v2:
             id = ECC_PRIME192V2;
             break;
-        case NID_X9_62_prime192v3:
+        case WC_NID_X9_62_prime192v3:
             id = ECC_PRIME192V3;
             break;
-        case NID_X9_62_prime239v1:
+        case WC_NID_X9_62_prime239v1:
             id = ECC_PRIME239V1;
             break;
-        case NID_X9_62_prime239v2:
+        case WC_NID_X9_62_prime239v2:
             id = ECC_PRIME239V2;
             break;
-        case NID_X9_62_prime239v3:
+        case WC_NID_X9_62_prime239v3:
             id = ECC_PRIME239V3;
             break;
-        case NID_X9_62_prime256v1:
+        case WC_NID_X9_62_prime256v1:
             id = ECC_SECP256R1;
             break;
-        case NID_secp112r1:
+        case WC_NID_secp112r1:
             id = ECC_SECP112R1;
             break;
-        case NID_secp112r2:
+        case WC_NID_secp112r2:
             id = ECC_SECP112R2;
             break;
-        case NID_secp128r1:
+        case WC_NID_secp128r1:
             id = ECC_SECP128R1;
             break;
-        case NID_secp128r2:
+        case WC_NID_secp128r2:
             id = ECC_SECP128R2;
             break;
-        case NID_secp160r1:
+        case WC_NID_secp160r1:
             id = ECC_SECP160R1;
             break;
-        case NID_secp160r2:
+        case WC_NID_secp160r2:
             id = ECC_SECP160R2;
             break;
-        case NID_secp224r1:
+        case WC_NID_secp224r1:
             id = ECC_SECP224R1;
             break;
-        case NID_secp384r1:
+        case WC_NID_secp384r1:
             id = ECC_SECP384R1;
             break;
-        case NID_secp521r1:
+        case WC_NID_secp521r1:
             id = ECC_SECP521R1;
             break;
-        case NID_secp160k1:
+        case WC_NID_secp160k1:
             id = ECC_SECP160K1;
             break;
-        case NID_secp192k1:
+        case WC_NID_secp192k1:
             id = ECC_SECP192K1;
             break;
-        case NID_secp224k1:
+        case WC_NID_secp224k1:
             id = ECC_SECP224K1;
             break;
-        case NID_secp256k1:
+        case WC_NID_secp256k1:
             id = ECC_SECP256K1;
             break;
-        case NID_brainpoolP160r1:
+        case WC_NID_brainpoolP160r1:
             id = ECC_BRAINPOOLP160R1;
             break;
-        case NID_brainpoolP192r1:
+        case WC_NID_brainpoolP192r1:
             id = ECC_BRAINPOOLP192R1;
             break;
-        case NID_brainpoolP224r1:
+        case WC_NID_brainpoolP224r1:
             id = ECC_BRAINPOOLP224R1;
             break;
-        case NID_brainpoolP256r1:
+        case WC_NID_brainpoolP256r1:
             id = ECC_BRAINPOOLP256R1;
             break;
-        case NID_brainpoolP320r1:
+        case WC_NID_brainpoolP320r1:
             id = ECC_BRAINPOOLP320R1;
             break;
-        case NID_brainpoolP384r1:
+        case WC_NID_brainpoolP384r1:
             id = ECC_BRAINPOOLP384R1;
             break;
-        case NID_brainpoolP512r1:
+        case WC_NID_brainpoolP512r1:
             id = ECC_BRAINPOOLP512R1;
             break;
         default:
             WOLFSSL_MSG("NID not found");
+            /* -1 on error. */
+            id = WOLFSSL_FATAL_ERROR;
     }
 
     return id;
@@ -9040,13 +9364,19 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
  * @return  NULL on error.
  */
 static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
-    const unsigned char* in, long inSz)
+    const unsigned char** in_pp, long inSz)
 {
     int err = 0;
     WOLFSSL_EC_GROUP* ret = NULL;
     word32 idx = 0;
     word32 oid = 0;
     int id = 0;
+    const unsigned char* in;
+
+    if (in_pp == NULL || *in_pp == NULL)
+        return NULL;
+
+    in = *in_pp;
 
     /* Use the group passed in. */
     if ((group != NULL) && (*group != NULL)) {
@@ -9095,6 +9425,9 @@ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
         }
         ret = NULL;
     }
+    else {
+        *in_pp += idx;
+    }
     return ret;
 }
 
@@ -9126,7 +9459,8 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     }
     if (!err) {
         /* Create EC group from DER encoding. */
-        ret = wolfssl_ec_group_d2i(group, der->buffer, der->length);
+        const byte** p = (const byte**)&der->buffer;
+        ret = wolfssl_ec_group_d2i(group, p, der->length);
         if (ret == NULL) {
             WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP");
         }
@@ -9137,6 +9471,52 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     return ret;
 }
 
+WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
+        const unsigned char **in, long len)
+{
+    return wolfssl_ec_group_d2i(out, in, len);
+}
+
+int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp)
+{
+    unsigned char* out = NULL;
+    int len = 0;
+    int idx;
+    const byte* oid = NULL;
+    word32 oidSz = 0;
+
+    if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) ||
+            grp->curve_idx < 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid
+     * is just the numerical representation. */
+    if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    len = SetObjectId((int)oidSz, NULL) + (int)oidSz;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    idx = SetObjectId((int)oidSz, out);
+    XMEMCPY(out + idx, oid, oidSz);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
 #endif /* !NO_BIO */
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
@@ -9205,7 +9585,7 @@ int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
     if ((a == NULL) || (b == NULL)) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
         /* Return error value. */
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Compare NID and wolfSSL curve index. */
     else {
@@ -9278,53 +9658,53 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
     }
     else {
         switch (group->curve_nid) {
-            case NID_secp112r1:
-            case NID_secp112r2:
+            case WC_NID_secp112r1:
+            case WC_NID_secp112r2:
                 degree = 112;
                 break;
-            case NID_secp128r1:
-            case NID_secp128r2:
+            case WC_NID_secp128r1:
+            case WC_NID_secp128r2:
                 degree = 128;
                 break;
-            case NID_secp160k1:
-            case NID_secp160r1:
-            case NID_secp160r2:
-            case NID_brainpoolP160r1:
+            case WC_NID_secp160k1:
+            case WC_NID_secp160r1:
+            case WC_NID_secp160r2:
+            case WC_NID_brainpoolP160r1:
                 degree = 160;
                 break;
-            case NID_secp192k1:
-            case NID_brainpoolP192r1:
-            case NID_X9_62_prime192v1:
-            case NID_X9_62_prime192v2:
-            case NID_X9_62_prime192v3:
+            case WC_NID_secp192k1:
+            case WC_NID_brainpoolP192r1:
+            case WC_NID_X9_62_prime192v1:
+            case WC_NID_X9_62_prime192v2:
+            case WC_NID_X9_62_prime192v3:
                 degree = 192;
                 break;
-            case NID_secp224k1:
-            case NID_secp224r1:
-            case NID_brainpoolP224r1:
+            case WC_NID_secp224k1:
+            case WC_NID_secp224r1:
+            case WC_NID_brainpoolP224r1:
                 degree = 224;
                 break;
-            case NID_X9_62_prime239v1:
-            case NID_X9_62_prime239v2:
-            case NID_X9_62_prime239v3:
+            case WC_NID_X9_62_prime239v1:
+            case WC_NID_X9_62_prime239v2:
+            case WC_NID_X9_62_prime239v3:
                 degree = 239;
                 break;
-            case NID_secp256k1:
-            case NID_brainpoolP256r1:
-            case NID_X9_62_prime256v1:
+            case WC_NID_secp256k1:
+            case WC_NID_brainpoolP256r1:
+            case WC_NID_X9_62_prime256v1:
                 degree = 256;
                 break;
-            case NID_brainpoolP320r1:
+            case WC_NID_brainpoolP320r1:
                 degree = 320;
                 break;
-            case NID_secp384r1:
-            case NID_brainpoolP384r1:
+            case WC_NID_secp384r1:
+            case WC_NID_brainpoolP384r1:
                 degree = 384;
                 break;
-            case NID_brainpoolP512r1:
+            case WC_NID_brainpoolP512r1:
                 degree = 512;
                 break;
-            case NID_secp521r1:
+            case WC_NID_secp521r1:
                 degree = 521;
                 break;
         }
@@ -9356,7 +9736,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
     /* Validate parameter. */
     if ((group == NULL) || (group->curve_idx < 0)) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -9365,7 +9745,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
         order = (mp_int *)XMALLOC(sizeof(*order), NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (order == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -9427,6 +9807,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
         ret = 0;
     }
 
+    if (ret == 1 &&
+            (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx");
+        ret = 0;
+    }
+
     if (ret == 1) {
         mp = (mp_int*)order->internal;
     }
@@ -9472,7 +9858,7 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
     /* Validate parameter. */
     if ((p == NULL) || (p->internal == NULL)) {
         WOLFSSL_MSG("ECPoint NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get internal point as a wolfCrypt EC point. */
@@ -9481,19 +9867,19 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
         /* Set X ordinate if available. */
         if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) {
             WOLFSSL_MSG("ecc point X error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Y ordinate if available. */
         if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y,
                 point->y) != 1)) {
             WOLFSSL_MSG("ecc point Y error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Z ordinate if available. */
         if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z,
                 point->z) != 1)) {
             WOLFSSL_MSG("ecc point Z error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Internal values set when operations succeeded. */
         p->inSet = (ret == 1);
@@ -9519,7 +9905,7 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p)
     /* Validate parameter. */
     if ((p == NULL) || (p->internal == NULL)) {
         WOLFSSL_MSG("ECPoint NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get internal point as a wolfCrypt EC point. */
@@ -9528,17 +9914,17 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p)
         /* Set X ordinate. */
         if (wolfssl_bn_set_value(&p->X, point->x) != 1) {
             WOLFSSL_MSG("ecc point X error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Y ordinate. */
         if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) {
             WOLFSSL_MSG("ecc point Y error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Z ordinate. */
         if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) {
             WOLFSSL_MSG("ecc point Z error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* External values set when operations succeeded. */
         p->exSet = (ret == 1);
@@ -9744,7 +10130,6 @@ void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *point)
 #endif
 }
 
-#ifndef HAVE_SELFTEST
 /* Convert EC point to hex string that as either uncompressed or compressed.
  *
  * ECC point compression types were not included in selftest ecc.h
@@ -9790,7 +10175,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
     if (!err) {
         /* <format byte> <x-ordinate> [<y-ordinate>] */
         len = sz + 1;
-        if (form == POINT_CONVERSION_UNCOMPRESSED) {
+        if (form == WC_POINT_CONVERSION_UNCOMPRESSED) {
             /* Include y ordinate when uncompressed. */
             len += sz;
         }
@@ -9816,7 +10201,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
         }
     }
     if (!err) {
-        if (form == POINT_CONVERSION_COMPRESSED) {
+        if (form == WC_POINT_CONVERSION_COMPRESSED) {
             /* Compressed format byte value dependent on whether y-ordinate is
              * odd.
              */
@@ -9857,7 +10242,100 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
     return hex;
 }
 
-#endif /* HAVE_SELFTEST */
+static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz)
+{
+    word32 i;
+    for (i = 0; i < sz; i++) {
+        signed char ch1, ch2;
+        ch1 = HexCharToByte(hex[i * 2]);
+        ch2 = HexCharToByte(hex[i * 2 + 1]);
+        if ((ch1 < 0) || (ch2 < 0)) {
+            WOLFSSL_MSG("hex_to_bytes: syntax error");
+            return 0;
+        }
+        output[i] = (unsigned char)((ch1 << 4) + ch2);
+    }
+    return sz;
+}
+
+WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group,
+            const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx)
+{
+    /* for uncompressed mode */
+    size_t str_sz;
+    WOLFSSL_BIGNUM *Gx  = NULL;
+    WOLFSSL_BIGNUM *Gy  = NULL;
+    char   strGx[MAX_ECC_BYTES * 2 + 1];
+
+    /* for compressed mode */
+    int    key_sz;
+    byte   *octGx = (byte *)strGx; /* octGx[MAX_ECC_BYTES] */
+
+    int p_alloc = 0;
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_hex2point");
+
+    if (group == NULL || hex == NULL || ctx == NULL)
+        return NULL;
+
+    if (p == NULL) {
+        if ((p = wolfSSL_EC_POINT_new(group)) == NULL) {
+            WOLFSSL_MSG("wolfSSL_EC_POINT_new");
+            goto err;
+        }
+        p_alloc = 1;
+    }
+
+    key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8;
+    if (hex[0] ==  '0' && hex[1] == '4') { /* uncompressed mode */
+        str_sz = (size_t)key_sz * 2;
+
+        XMEMSET(strGx, 0x0, str_sz + 1);
+        XMEMCPY(strGx, hex + 2, str_sz);
+
+        if (wolfSSL_BN_hex2bn(&Gx, strGx) == 0)
+            goto err;
+
+        if (wolfSSL_BN_hex2bn(&Gy, hex + 2 + str_sz) == 0)
+            goto err;
+
+        ret = wolfSSL_EC_POINT_set_affine_coordinates_GFp
+                                            (group, p, Gx, Gy, ctx);
+
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp");
+            goto err;
+        }
+    }
+    else if (hex[0] == '0' && (hex[1] == '2' || hex[1] == '3')) {
+        size_t sz = XSTRLEN(hex + 2) / 2;
+        /* compressed mode */
+        octGx[0] = ECC_POINT_COMP_ODD;
+        if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) {
+            goto err;
+        }
+        if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p)
+                                            != WOLFSSL_SUCCESS) {
+            goto err;
+        }
+    }
+    else
+        goto err;
+
+    wolfSSL_BN_free(Gx);
+    wolfSSL_BN_free(Gy);
+    return p;
+
+err:
+    wolfSSL_BN_free(Gx);
+    wolfSSL_BN_free(Gy);
+    if (p_alloc) {
+        wolfSSL_EC_POINT_free(p);
+    }
+    return NULL;
+
+}
 
 /* Encode the EC point as an uncompressed point in DER.
  *
@@ -9900,7 +10378,8 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
         int ret = wc_ecc_export_point_der(group->curve_idx,
             (ecc_point*)point->internal, out, len);
         /* Check return. When out is NULL, return will be length only error. */
-        if ((ret != MP_OKAY) && ((out != NULL) || (ret != LENGTH_ONLY_E))) {
+        if ((ret != MP_OKAY) && ((out != NULL) ||
+                                 (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)))) {
             WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
             res = 0;
         }
@@ -10030,7 +10509,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
     int err = 0;
     word32 enc_len = (word32)len;
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-    int compressed = ((form == POINT_CONVERSION_COMPRESSED) ? 1 : 0);
+    int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0);
 #endif /* !HAVE_SELFTEST */
 
     WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct");
@@ -10055,7 +10534,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
         if (buf != NULL) {
             /* Check whether buffer has space. */
             if (len < 1) {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E);
                 err = 1;
             }
             else {
@@ -10067,9 +10546,9 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
     /* Not infinity. */
     else if (!err) {
         /* Validate format. */
-        if (form != POINT_CONVERSION_UNCOMPRESSED
+        if (form != WC_POINT_CONVERSION_UNCOMPRESSED
         #ifndef HAVE_SELFTEST
-                && form != POINT_CONVERSION_COMPRESSED
+                && form != WC_POINT_CONVERSION_COMPRESSED
         #endif /* !HAVE_SELFTEST */
             ) {
             WOLFSSL_MSG("Unsupported point form");
@@ -10091,7 +10570,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
             /* Check return. When buf is NULL, return will be length only
              * error.
              */
-            if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) {
+            if (ret != ((buf != NULL) ? MP_OKAY : WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
                 err = 1;
             }
         }
@@ -10150,8 +10629,8 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
  * @param [in]      group  EC group.
  * @param [in]      point  EC point.
  * @param [in]      form   Format of encoding. Valid values:
- *                         POINT_CONVERSION_UNCOMPRESSED,
- *                         POINT_CONVERSION_COMPRESSED.
+ *                         WC_POINT_CONVERSION_UNCOMPRESSED,
+ *                         WC_POINT_CONVERSION_COMPRESSED.
  * @param [in, out] bn     BN to hold point value.
  *                         When NULL a new BN is allocated otherwise this is
  *                         returned on success.
@@ -10368,10 +10847,10 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
     }
 
     /* Copy the externally set x and y ordinates. */
-    if ((ret == 1) && (BN_copy(x, point->X) == NULL)) {
+    if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) {
         ret = 0;
     }
-    if ((ret == 1) && (BN_copy(y, point->Y) == NULL)) {
+    if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) {
         ret = 0;
     }
 
@@ -11125,43 +11604,43 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
     /* Check that the big numbers were allocated. */
     if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) ||
             (mod == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the modulus for the curve. */
     if ((ret == 0) &&
             (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* bt = Bx * (Az ^ 2). When Az is one then just copy. */
         if (BN_is_one(a->Z)) {
             if (BN_copy(bt, b->X) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* az = Az ^ 2 */
         else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* bt = Bx * az = Bx * (Az ^ 2) */
         else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */
         if (BN_is_one(b->Z)) {
             if (BN_copy(at, a->X) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* bz = Bz ^ 2 */
         else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* at = Ax * bz = Ax * (Bz ^ 2) */
         else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Compare x-ordinates. */
@@ -11172,32 +11651,32 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
         /* bt = By * (Az ^ 3). When Az is one then just copy. */
         if (BN_is_one(a->Z)) {
             if (BN_copy(bt, b->Y) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* az = az * Az = Az ^ 3 */
         else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* bt = By * az = By * (Az ^ 3) */
         else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */
         if (BN_is_one(b->Z)) {
             if (BN_copy(at, a->Y) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* bz = bz * Bz = Bz ^ 3 */
         else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* at = Ay * bz = Ay * (Bz ^ 3) */
         else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Compare y-ordinates. */
@@ -11237,7 +11716,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
     if ((group == NULL) || (a == NULL) || (a->internal == NULL) ||
             (b == NULL) || (b->internal == NULL)) {
         WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret != -1) {
     #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
@@ -11388,7 +11867,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
         /* Cache heap hint. */
         key->heap = heap;
         /* Initialize fields to defaults. */
-        key->form     = POINT_CONVERSION_UNCOMPRESSED;
+        key->form     = WC_POINT_CONVERSION_UNCOMPRESSED;
 
         /* Initialize reference count. */
         wolfSSL_RefInit(&key->ref, &err);
@@ -11414,7 +11893,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
 
     if (!err) {
         /* Group unknown at creation */
-        key->group = wolfSSL_EC_GROUP_new_by_curve_name(NID_undef);
+        key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef);
         if (key->group == NULL) {
             WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
             err = 1;
@@ -11578,7 +12057,8 @@ static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src)
 
     if (ret == 0) {
         /* Copy private key. */
-        ret = mp_copy(wc_ecc_key_get_priv(src), wc_ecc_key_get_priv(dst));
+        ret = mp_copy(wc_ecc_key_get_priv((ecc_key*)src),
+            wc_ecc_key_get_priv(dst));
         if (ret != MP_OKAY) {
             WOLFSSL_MSG("mp_copy error");
         }
@@ -11750,7 +12230,7 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
 {
     int ret = 1;
     size_t len = 0;
-    int form = POINT_CONVERSION_UNCOMPRESSED;
+    int form = WC_POINT_CONVERSION_UNCOMPRESSED;
 
     WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey");
 
@@ -11770,9 +12250,9 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
     if (ret == 1) {
     #ifdef HAVE_COMP_KEY
         /* Default to compressed form if not set */
-        form = (key->form != POINT_CONVERSION_UNCOMPRESSED) ?
-               POINT_CONVERSION_UNCOMPRESSED :
-               POINT_CONVERSION_COMPRESSED;
+        form = (key->form == WC_POINT_CONVERSION_UNCOMPRESSED) ?
+               WC_POINT_CONVERSION_UNCOMPRESSED :
+               WC_POINT_CONVERSION_COMPRESSED;
     #endif
 
         /* Calculate length of point encoding. */
@@ -11897,7 +12377,7 @@ WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key,
  *
  * @param [in]      key  EC key to encode.
  * @param [in, out] out  On in, reference to buffer to place DER encoding into.
- *                       On out, reference to buffer adter the encoding.
+ *                       On out, reference to buffer after the encoding.
  *                       May be NULL.
  * @return  Length of DER encoding on success.
  * @return  0 on error.
@@ -12013,11 +12493,11 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
     if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_MSG("Bad function arguments");
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
     if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) &&
             (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) {
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
 
     if (res == 1) {
@@ -12034,9 +12514,9 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
             res = 1;
         }
         /* Error out on parsing error. */
-        else if (ret != ASN_PARSE_E) {
+        else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
             WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
-            res = -1;
+            res = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -12053,7 +12533,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
                 ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key),
                     ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC);
                 if (tmp == NULL) {
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
                 else {
                     /* We now try again as x.963 [point type][x][opt y]. */
@@ -12085,7 +12565,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
             else {
                 WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
             }
-            res = -1;
+            res = WOLFSSL_FATAL_ERROR;
         }
 
         /* Internal key updated - update whether it is a valid key. */
@@ -12095,22 +12575,69 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
     /* Set the external EC key based on value in internal. */
     if ((res == 1) && (SetECKeyExternal(key) != 1)) {
         WOLFSSL_MSG("SetECKeyExternal failed");
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
 
     return res;
 }
 
+
+#ifndef NO_BIO
+
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+        WOLFSSL_EC_KEY **out)
+{
+    char* data = NULL;
+    int dataSz = 0;
+    int memAlloced = 0;
+    WOLFSSL_EC_KEY* ec = NULL;
+    int err = 0;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+        WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
+        err = 1;
+    }
+
+    if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
+        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
+        err = 1;
+    }
+
+    /* Load the EC key with the public key from the DER encoding. */
+    if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
+            dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
+        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
+        err = 1;
+    }
+
+    if (memAlloced)
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (err) { /* on error */
+        wolfSSL_EC_KEY_free(ec);
+        ec = NULL;
+    }
+    else { /* on success */
+        if (out != NULL)
+            *out = ec;
+    }
+
+    return ec;
+}
+
+#endif /* !NO_BIO */
+
 /*
  * EC key PEM APIs
  */
 
-#if (defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM)) || \
-    (!defined(NO_BIO) && (defined(WOLFSSL_KEY_GEN) || \
-     defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)))
+#ifdef HAVE_ECC_KEY_EXPORT
+#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_FILESYSTEM) || !defined(NO_BIO))
 /* Encode the EC public key as DER.
- *
- * Also used by pem_write_pubkey().
  *
  * @param [in]  key   EC key to encode.
  * @param [out] der   Pointer through which buffer is returned.
@@ -12205,6 +12732,7 @@ int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key)
     return ret;
 }
 #endif
+#endif
 
 #ifndef NO_BIO
 /* Read a PEM encoded EC public key from a BIO.
@@ -12331,7 +12859,7 @@ WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
 }
 #endif /* !NO_BIO */
 
-#if defined(WOLFSSL_KEY_GEN)
+#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC_KEY_EXPORT)
 #ifndef NO_BIO
 /* Write out the EC public key as PEM to the BIO.
  *
@@ -12360,7 +12888,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
         ret = 0;
     }
 
-    /* Write out to BIO the PEM encoding of the EC private key. */
+    /* Write out to BIO the PEM encoding of the EC public key. */
     if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio,
             ECC_PUBLICKEY_TYPE) != 1)) {
         ret = 0;
@@ -12388,7 +12916,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     wc_pem_password_cb* cb, void* arg)
 {
     int ret = 1;
@@ -12436,7 +12964,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     unsigned char **pem, int *pLen)
 {
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
@@ -12468,7 +12996,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
         /* Calculate maximum size of DER encoding.
          * 4 > size of pub, priv + ASN.1 additional information */
         der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) +
-                      AES_BLOCK_SIZE;
+                      WC_AES_BLOCK_SIZE;
 
         /* Allocate buffer big enough to hold encoding. */
         derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL,
@@ -12525,7 +13053,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
     wc_pem_password_cb *cb, void *pass)
 {
     int ret = 1;
@@ -12563,7 +13091,7 @@ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec,
 }
 
 #endif /* NO_FILESYSTEM */
-#endif /* defined(WOLFSSL_KEY_GEN) */
+#endif /* WOLFSSL_KEY_GEN && HAVE_ECC_KEY_EXPORT */
 
 /*
  * EC key print APIs
@@ -12628,7 +13156,7 @@ int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent)
     if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) {
         /* Get the public key point as one BN. */
         WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group,
-            key->pub_key, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
+            key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
         if (pubBn == NULL) {
             WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed.");
             ret = 0;
@@ -12691,7 +13219,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
     /* Validate parameter. */
     if ((eckey == NULL) || (eckey->internal == NULL)) {
         WOLFSSL_MSG("ec key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         ecc_key* key = (ecc_key*)eckey->internal;
@@ -12706,13 +13234,13 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
             if (wc_ecc_copy_point(&key->pubkey,
                     (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
                 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
 
             /* Set external public key from internal wolfCrypt, public key. */
             if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) {
                 WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
 
@@ -12721,7 +13249,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
                 (wolfssl_bn_set_value(&eckey->priv_key,
                 wc_ecc_key_get_priv(key)) != 1)) {
             WOLFSSL_MSG("ec priv key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* External values set when operations succeeded. */
@@ -12749,7 +13277,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
     if ((eckey == NULL) || (eckey->internal == NULL) ||
             (eckey->group == NULL)) {
         WOLFSSL_MSG("ec key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         ecc_key* key = (ecc_key*)eckey->internal;
@@ -12759,7 +13287,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
         if ((eckey->group->curve_idx < 0) ||
             (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
             WOLFSSL_MSG("invalid curve idx");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         if (ret == 1) {
@@ -12772,14 +13300,14 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
         if ((ret == 1) && pubSet) {
             if (ec_point_internal_set(eckey->pub_key) != 1) {
                 WOLFSSL_MSG("ec key pub error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             /* Copy public point to key. */
             if ((ret == 1) && (wc_ecc_copy_point(
                     (ecc_point*)eckey->pub_key->internal, &key->pubkey) !=
                     MP_OKAY)) {
                 WOLFSSL_MSG("wc_ecc_copy_point error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
 
             if (ret == 1) {
@@ -12793,7 +13321,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
             if (wolfssl_bn_get_value(eckey->priv_key,
                     wc_ecc_key_get_priv(key)) != 1) {
                 WOLFSSL_MSG("ec key priv error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             /* private key */
             if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) {
@@ -12819,32 +13347,29 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
  * @return  Point conversion format on success.
  * @return  -1 on error.
  */
-point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
+wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(
+    const WOLFSSL_EC_KEY* key)
 {
-    int ret = -1;
-
-    if (key != NULL) {
-        ret = key->form;
-    }
-
-    return ret;
+    if (key == NULL)
+        return WOLFSSL_FATAL_ERROR;
+    return key->form;
 }
 
 /* Set point conversion format into EC key.
  *
  * @param [in, out] key   EC key to set format into.
  * @param [in]      form  Point conversion format. Valid values:
- *                          POINT_CONVERSION_UNCOMPRESSED,
- *                          POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
+ *                          WC_POINT_CONVERSION_UNCOMPRESSED,
+ *                          WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
  */
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form)
 {
     if (key == NULL) {
         WOLFSSL_MSG("Key passed in NULL");
     }
-    else if (form == POINT_CONVERSION_UNCOMPRESSED
+    else if (form == WC_POINT_CONVERSION_UNCOMPRESSED
 #ifdef HAVE_COMP_KEY
-          || form == POINT_CONVERSION_COMPRESSED
+          || form == WC_POINT_CONVERSION_COMPRESSED
 #endif
              ) {
         key->form = (unsigned char)form;
@@ -13135,13 +13660,17 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
         /* Check if we know which internal curve index to use. */
         if (key->group->curve_idx < 0) {
             /* Generate key using the default curve. */
+#if FIPS_VERSION3_GE(6,0,0)
+            key->group->curve_idx = ECC_SECP256R1; /* FIPS default to 256 */
+#else
             key->group->curve_idx = ECC_CURVE_DEF;
+#endif
         }
 
         /* Create a random number generator. */
         rng = wolfssl_make_rng(tmpRng, &initTmpRng);
         if (rng == NULL) {
-            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
+            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG");
             res = 0;
         }
     }
@@ -13149,11 +13678,30 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
         /* NIDToEccEnum returns -1 for invalid NID so if key->group->curve_nid
          * is 0 then pass ECC_CURVE_DEF as arg */
         int eccEnum = key->group->curve_nid ?
+#if FIPS_VERSION3_GE(6,0,0)
+            NIDToEccEnum(key->group->curve_nid) : ECC_SECP256R1;
+#else
             NIDToEccEnum(key->group->curve_nid) : ECC_CURVE_DEF;
+#endif
         /* Get the internal EC key. */
         ecc_key* ecKey = (ecc_key*)key->internal;
         /* Make the key using internal API. */
-        int ret = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum);
+        int ret = 0;
+
+#if FIPS_VERSION3_GE(6,0,0)
+        /* In the case of FIPS only allow key generation with approved curves */
+        if (eccEnum != ECC_SECP256R1 && eccEnum != ECC_SECP224R1 &&
+            eccEnum != ECC_SECP384R1 && eccEnum != ECC_SECP521R1) {
+            WOLFSSL_MSG("Unsupported curve selected in FIPS mode");
+            res = 0;
+        }
+        if (res == 1) {
+#endif
+        ret  = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum);
+#if FIPS_VERSION3_GE(6,0,0)
+        }
+#endif
+
     #if defined(WOLFSSL_ASYNC_CRYPT)
         /* Wait on asynchronouse operation. */
         ret = wc_AsyncWait(ret, &ecKey->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -13412,6 +13960,7 @@ WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig,
 int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
 {
     word32 len = 0;
+    int    update_p = 1;
 
     /* Validate parameter. */
     if (sig != NULL) {
@@ -13431,6 +13980,17 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
         /* Add in the length of the SEQUENCE. */
         len += (word32)1 + ASN_LEN_SIZE(len);
 
+        #ifdef WOLFSSL_I2D_ECDSA_SIG_ALLOC
+        if ((pp != NULL) && (*pp == NULL)) {
+            *pp = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
+            if (*pp != NULL) {
+                WOLFSSL_MSG("malloc error");
+                return 0;
+            }
+            update_p = 0;
+        }
+        #endif
+
         /* Encode only if there is a buffer to encode into. */
         if ((pp != NULL) && (*pp != NULL)) {
             /* Encode using the internal representations of r and s. */
@@ -13439,7 +13999,7 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
                 /* No bytes encoded. */
                 len = 0;
             }
-            else {
+            else if (update_p) {
                 /* Update pointer to after encoding. */
                 *pp += len;
             }
@@ -13518,7 +14078,7 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
 {
     int err = 0;
     int len = 0;
-    const EC_GROUP *group = NULL;
+    const WOLFSSL_EC_GROUP *group = NULL;
     int bits = 0;
 
     /* Validate parameter. */
@@ -13643,7 +14203,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
     if ((dgst == NULL) || (sig == NULL) || (key == NULL) ||
             (key->internal == NULL)) {
         WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Ensure internal EC key is set from external. */
@@ -13652,7 +14212,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
 
         if (SetECKeyInternal(key) != 1) {
             WOLFSSL_MSG("SetECKeyInternal failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -13663,7 +14223,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
                 (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified,
                 (ecc_key *)key->internal) != MP_OKAY) {
             WOLFSSL_MSG("wc_ecc_verify_hash failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         else if (verified == 0) {
             WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
@@ -13677,7 +14237,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
                 (word32)dLen, &verified, (ecc_key*)key->internal);
             if (ret != MP_OKAY) {
                 WOLFSSL_MSG("wc_ecc_verify_hash failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             else if (verified == 0) {
                 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
@@ -13890,6 +14450,79 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outLen,
 
 /* End ECDH */
 
+#ifndef NO_WOLFSSL_STUB
+const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_OpenSSL");
+
+    return NULL;
+}
+
+WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new(
+        const WOLFSSL_EC_KEY_METHOD *meth)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_new");
+
+    (void)meth;
+
+    return NULL;
+}
+
+void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_free");
+
+    (void)meth;
+}
+
+void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth,
+        void* a1, void* a2, void* a3, void* a4, void* a5, void* a6)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_init");
+
+    (void)meth;
+    (void)a1;
+    (void)a2;
+    (void)a3;
+    (void)a4;
+    (void)a5;
+    (void)a6;
+}
+
+void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth,
+        void* a1, void* a2, void* a3)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_sign");
+
+    (void)meth;
+    (void)a1;
+    (void)a2;
+    (void)a3;
+}
+
+const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method(
+        const WOLFSSL_EC_KEY *key)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_get_method");
+
+    (void)key;
+
+    return NULL;
+}
+
+int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key,
+        const WOLFSSL_EC_KEY_METHOD *meth)
+{
+    WOLFSSL_STUB("wolfSSL_EC_KEY_set_method");
+
+    (void)key;
+    (void)meth;
+
+    return 0;
+}
+
+#endif /* !NO_WOLFSSL_STUB */
+
 #endif /* OPENSSL_EXTRA */
 
 #endif /* HAVE_ECC */
@@ -13898,5 +14531,2286 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outLen,
  * END OF EC API
  ******************************************************************************/
 
+/*******************************************************************************
+ * START OF EC25519 API
+ ******************************************************************************/
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
+
+/* Generate an EC25519 key pair.
+ *
+ * Output keys are in little endian format.
+ *
+ * @param [out]     priv    EC25519 private key data.
+ * @param [in, out] privSz  On in, the size of priv in bytes.
+ *                          On out, the length of the private key data in bytes.
+ * @param [out]     pub     EC25519 public key data.
+ * @param [in, out] pubSz   On in, the size of pub in bytes.
+ *                          On out, the length of the public key data in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
+    unsigned char *pub, unsigned int *pubSz)
+{
+#ifdef WOLFSSL_KEY_GEN
+    int res = 1;
+    int initTmpRng = 0;
+    WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    WC_RNG *tmpRng = NULL;
+#else
+    WC_RNG tmpRng[1];
+#endif
+    curve25519_key key;
+
+    WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (privSz == NULL) || (*privSz < CURVE25519_KEYSIZE) ||
+            (pub == NULL) || (pubSz == NULL) || (*pubSz < CURVE25519_KEYSIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    if (res) {
+        /* Create a random number generator. */
+        rng = wolfssl_make_rng(tmpRng, &initTmpRng);
+        if (rng == NULL) {
+            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG");
+            res = 0;
+        }
+    }
+
+    /* Initialize a Curve25519 key. */
+    if (res && (wc_curve25519_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_curve25519_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Make a Curve25519 key pair. */
+        int ret = wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key);
+        if (ret != MP_OKAY) {
+            WOLFSSL_MSG("wc_curve25519_make_key failed");
+            res = 0;
+        }
+        if (res) {
+            /* Export Curve25519 key pair to buffers. */
+            ret = wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
+                pubSz, EC25519_LITTLE_ENDIAN);
+            if (ret != MP_OKAY) {
+                WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
+                res = 0;
+            }
+        }
+
+        /* Dispose of key. */
+        wc_curve25519_free(&key);
+    }
+
+    if (initTmpRng) {
+        wc_FreeRng(rng);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
+    #endif
+    }
+
+    return res;
+#else
+    WOLFSSL_MSG("No Key Gen built in");
+
+    (void)priv;
+    (void)privSz;
+    (void)pub;
+    (void)pubSz;
+
+    return 0;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* Compute a shared secret from private and public EC25519 keys.
+ *
+ * Input and output keys are in little endian format
+ *
+ * @param [out]     shared    Shared secret buffer.
+ * @param [in, out] sharedSz  On in, the size of shared in bytes.
+ *                            On out, the length of the secret in bytes.
+ * @param [in]      priv      EC25519 private key data.
+ * @param [in]      privSz    Length of the private key data in bytes.
+ * @param [in]      pub       EC25519 public key data.
+ * @param [in]      pubSz     Length of the public key data in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
+    const unsigned char *priv, unsigned int privSz, const unsigned char *pub,
+    unsigned int pubSz)
+{
+#ifdef WOLFSSL_KEY_GEN
+    int res = 1;
+    curve25519_key privkey;
+    curve25519_key pubkey;
+
+    WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
+
+    /* Validate parameters. */
+    if ((shared == NULL) || (sharedSz == NULL) ||
+            (*sharedSz < CURVE25519_KEYSIZE) || (priv == NULL) ||
+            (privSz < CURVE25519_KEYSIZE) || (pub == NULL) ||
+            (pubSz < CURVE25519_KEYSIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    /* Initialize private key object. */
+    if (res && (wc_curve25519_init(&privkey) != 0)) {
+        WOLFSSL_MSG("wc_curve25519_init privkey failed");
+        res = 0;
+    }
+    if (res) {
+    #ifdef WOLFSSL_CURVE25519_BLINDING
+        /* An RNG is needed. */
+        if (wc_curve25519_set_rng(&privkey, wolfssl_make_global_rng()) != 0) {
+            res = 0;
+        }
+        else
+    #endif
+        /* Initialize public key object. */
+        if (wc_curve25519_init(&pubkey) != MP_OKAY) {
+            WOLFSSL_MSG("wc_curve25519_init pubkey failed");
+            res = 0;
+        }
+        if (res) {
+            /* Import our private key. */
+            int ret = wc_curve25519_import_private_ex(priv, privSz, &privkey,
+                EC25519_LITTLE_ENDIAN);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
+                res = 0;
+            }
+
+            if (res) {
+                /* Import peer's public key. */
+                ret = wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
+                    EC25519_LITTLE_ENDIAN);
+                if (ret != 0) {
+                    WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
+                    res = 0;
+                }
+            }
+            if (res) {
+                /* Compute shared secret. */
+                ret = wc_curve25519_shared_secret_ex(&privkey, &pubkey, shared,
+                    sharedSz, EC25519_LITTLE_ENDIAN);
+                if (ret != 0) {
+                    WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
+                    res = 0;
+                }
+            }
+
+            wc_curve25519_free(&pubkey);
+        }
+        wc_curve25519_free(&privkey);
+    }
+
+    return res;
+#else
+    WOLFSSL_MSG("No Key Gen built in");
+
+    (void)shared;
+    (void)sharedSz;
+    (void)priv;
+    (void)privSz;
+    (void)pub;
+    (void)pubSz;
+
+    return 0;
+#endif /* WOLFSSL_KEY_GEN */
+}
+#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
+
+/*******************************************************************************
+ * END OF EC25519 API
+ ******************************************************************************/
+
+/*******************************************************************************
+ * START OF ED25519 API
+ ******************************************************************************/
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
+/* Generate an ED25519 key pair.
+ *
+ * Output keys are in little endian format.
+ *
+ * @param [out]     priv    ED25519 private key data.
+ * @param [in, out] privSz  On in, the size of priv in bytes.
+ *                          On out, the length of the private key data in bytes.
+ * @param [out]     pub     ED25519 public key data.
+ * @param [in, out] pubSz   On in, the size of pub in bytes.
+ *                          On out, the length of the public key data in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
+    unsigned char *pub, unsigned int *pubSz)
+{
+#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ED25519_KEY_EXPORT)
+    int res = 1;
+    int initTmpRng = 0;
+    WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    WC_RNG *tmpRng = NULL;
+#else
+    WC_RNG tmpRng[1];
+#endif
+    ed25519_key key;
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (privSz == NULL) ||
+            (*privSz < ED25519_PRV_KEY_SIZE) || (pub == NULL) ||
+            (pubSz == NULL) || (*pubSz < ED25519_PUB_KEY_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    if (res) {
+        /* Create a random number generator. */
+        rng = wolfssl_make_rng(tmpRng, &initTmpRng);
+        if (rng == NULL) {
+            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG");
+            res = 0;
+        }
+    }
+
+    /* Initialize an Ed25519 key. */
+    if (res && (wc_ed25519_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_ed25519_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Make an Ed25519 key pair. */
+        int ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_ed25519_make_key failed");
+            res = 0;
+        }
+        if (res) {
+            /* Export Curve25519 key pair to buffers. */
+            ret = wc_ed25519_export_key(&key, priv, privSz, pub, pubSz);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_ed25519_export_key failed");
+                res = 0;
+            }
+        }
+
+        wc_ed25519_free(&key);
+    }
+
+    if (initTmpRng) {
+        wc_FreeRng(rng);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
+    #endif
+    }
+
+    return res;
+#else
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+#else
+    WOLFSSL_MSG("No ED25519 key export built in");
+#endif
+
+    (void)priv;
+    (void)privSz;
+    (void)pub;
+    (void)pubSz;
+
+    return 0;
+#endif /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */
+}
+
+/* Sign a message with Ed25519 using the private key.
+ *
+ * Input and output keys are in little endian format.
+ * Priv is a buffer containing private and public part of key.
+ *
+ * @param [in]      msg     Message to be signed.
+ * @param [in]      msgSz   Length of message in bytes.
+ * @param [in]      priv    ED25519 private key data.
+ * @param [in]      privSz  Length in bytes of private key data.
+ * @param [out]     sig     Signature buffer.
+ * @param [in, out] sigSz   On in, the length of the signature buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
+    const unsigned char *priv, unsigned int privSz, unsigned char *sig,
+    unsigned int *sigSz)
+{
+#if defined(HAVE_ED25519_SIGN) && defined(WOLFSSL_KEY_GEN) && \
+    defined(HAVE_ED25519_KEY_IMPORT)
+    ed25519_key key;
+    int res = 1;
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_sign");
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (privSz != ED25519_PRV_KEY_SIZE) ||
+            (msg == NULL) || (sig == NULL) || (sigSz == NULL) ||
+            (*sigSz < ED25519_SIG_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    /* Initialize Ed25519 key. */
+    if (res && (wc_ed25519_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_curve25519_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Import private and public key. */
+        int ret = wc_ed25519_import_private_key(priv, privSz / 2,
+            priv + (privSz / 2), ED25519_PUB_KEY_SIZE, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_ed25519_import_private failed");
+            res = 0;
+        }
+
+        if (res) {
+            /* Sign message with Ed25519. */
+            ret = wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
+                res = 0;
+            }
+        }
+
+        wc_ed25519_free(&key);
+    }
+
+    return res;
+#else
+#if !defined(HAVE_ED25519_SIGN)
+    WOLFSSL_MSG("No ED25519 sign built in");
+#elif !defined(WOLFSSL_KEY_GEN)
+    WOLFSSL_MSG("No Key Gen built in");
+#elif !defined(HAVE_ED25519_KEY_IMPORT)
+    WOLFSSL_MSG("No ED25519 Key import built in");
+#endif
+
+    (void)msg;
+    (void)msgSz;
+    (void)priv;
+    (void)privSz;
+    (void)sig;
+    (void)sigSz;
+
+    return 0;
+#endif /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */
+}
+
+/* Verify a message with Ed25519 using the public key.
+ *
+ * Input keys are in little endian format.
+ *
+ * @param [in] msg     Message to be verified.
+ * @param [in] msgSz   Length of message in bytes.
+ * @param [in] pub     ED25519 public key data.
+ * @param [in] privSz  Length in bytes of public key data.
+ * @param [in] sig     Signature buffer.
+ * @param [in] sigSz   Length of the signature in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
+    const unsigned char *pub, unsigned int pubSz, const unsigned char *sig,
+    unsigned int sigSz)
+{
+#if defined(HAVE_ED25519_VERIFY) && defined(WOLFSSL_KEY_GEN) && \
+    defined(HAVE_ED25519_KEY_IMPORT)
+    ed25519_key key;
+    int res = 1;
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_verify");
+
+    /* Validate parameters. */
+    if ((pub == NULL) || (pubSz != ED25519_PUB_KEY_SIZE) || (msg == NULL) ||
+            (sig == NULL) || (sigSz != ED25519_SIG_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    /* Initialize Ed25519 key. */
+    if (res && (wc_ed25519_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_curve25519_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Import public key. */
+        int ret = wc_ed25519_import_public(pub, pubSz, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_ed25519_import_public failed");
+            res = 0;
+        }
+
+        if (res) {
+            int check = 0;
+
+            /* Verify signature with message and public key. */
+            ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz, &check,
+                &key);
+            /* Check for errors in verification process. */
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_ed25519_verify_msg failed");
+                res = 0;
+            }
+            /* Check signature is valid. */
+            else if (!check) {
+                WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
+                res = 0;
+            }
+        }
+
+        wc_ed25519_free(&key);
+    }
+
+    return res;
+#else
+#if !defined(HAVE_ED25519_VERIFY)
+    WOLFSSL_MSG("No ED25519 verify built in");
+#elif !defined(WOLFSSL_KEY_GEN)
+    WOLFSSL_MSG("No Key Gen built in");
+#elif !defined(HAVE_ED25519_KEY_IMPORT)
+    WOLFSSL_MSG("No ED25519 Key import built in");
+#endif
+
+    (void)msg;
+    (void)msgSz;
+    (void)pub;
+    (void)pubSz;
+    (void)sig;
+    (void)sigSz;
+
+    return 0;
+#endif /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */
+}
+
+#endif /* OPENSSL_EXTRA && HAVE_ED25519 */
+
+/*******************************************************************************
+ * END OF ED25519 API
+ ******************************************************************************/
+
+/*******************************************************************************
+ * START OF EC448 API
+ ******************************************************************************/
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448)
+/* Generate an EC448 key pair.
+ *
+ * Output keys are in little endian format.
+ *
+ * @param [out]     priv    EC448 private key data.
+ * @param [in, out] privSz  On in, the size of priv in bytes.
+ *                          On out, the length of the private key data in bytes.
+ * @param [out]     pub     EC448 public key data.
+ * @param [in, out] pubSz   On in, the size of pub in bytes.
+ *                          On out, the length of the public key data in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz,
+                               unsigned char *pub, unsigned int *pubSz)
+{
+#ifdef WOLFSSL_KEY_GEN
+    int res = 1;
+    int initTmpRng = 0;
+    WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    WC_RNG *tmpRng = NULL;
+#else
+    WC_RNG tmpRng[1];
+#endif
+    curve448_key key;
+
+    WOLFSSL_ENTER("wolfSSL_EC448_generate_key");
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (privSz == NULL) || (*privSz < CURVE448_KEY_SIZE) ||
+            (pub == NULL) || (pubSz == NULL) || (*pubSz < CURVE448_KEY_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    if (res) {
+        /* Create a random number generator. */
+        rng = wolfssl_make_rng(tmpRng, &initTmpRng);
+        if (rng == NULL) {
+            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG");
+            res = 0;
+        }
+    }
+
+    /* Initialize a Curve448 key. */
+    if (res && (wc_curve448_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_curve448_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Make a Curve448 key pair. */
+        int ret = wc_curve448_make_key(rng, CURVE448_KEY_SIZE, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_curve448_make_key failed");
+            res = 0;
+        }
+        if (res) {
+            /* Export Curve448 key pair to buffers. */
+            ret = wc_curve448_export_key_raw_ex(&key, priv, privSz, pub, pubSz,
+                EC448_LITTLE_ENDIAN);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_curve448_export_key_raw_ex failed");
+                res = 0;
+            }
+        }
+
+        /* Dispose of key. */
+        wc_curve448_free(&key);
+    }
+
+    if (initTmpRng) {
+        wc_FreeRng(rng);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
+    #endif
+    }
+
+    return res;
+#else
+    WOLFSSL_MSG("No Key Gen built in");
+
+    (void)priv;
+    (void)privSz;
+    (void)pub;
+    (void)pubSz;
+
+    return 0;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* Compute a shared secret from private and public EC448 keys.
+ *
+ * Input and output keys are in little endian format
+ *
+ * @param [out]     shared    Shared secret buffer.
+ * @param [in, out] sharedSz  On in, the size of shared in bytes.
+ *                            On out, the length of the secret in bytes.
+ * @param [in]      priv      EC448 private key data.
+ * @param [in]      privSz    Length of the private key data in bytes.
+ * @param [in]      pub       EC448 public key data.
+ * @param [in]      pubSz     Length of the public key data in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz,
+                             const unsigned char *priv, unsigned int privSz,
+                             const unsigned char *pub, unsigned int pubSz)
+{
+#ifdef WOLFSSL_KEY_GEN
+    int res = 1;
+    curve448_key privkey;
+    curve448_key pubkey;
+
+    WOLFSSL_ENTER("wolfSSL_EC448_shared_key");
+
+    /* Validate parameters. */
+    if ((shared == NULL) || (sharedSz == NULL) ||
+            (*sharedSz < CURVE448_KEY_SIZE) || (priv == NULL) ||
+            (privSz < CURVE448_KEY_SIZE) || (pub == NULL) ||
+            (pubSz < CURVE448_KEY_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    /* Initialize private key object. */
+    if (res && (wc_curve448_init(&privkey) != 0)) {
+        WOLFSSL_MSG("wc_curve448_init privkey failed");
+        res = 0;
+    }
+    if (res) {
+        /* Initialize public key object. */
+        if (wc_curve448_init(&pubkey) != MP_OKAY) {
+            WOLFSSL_MSG("wc_curve448_init pubkey failed");
+            res = 0;
+        }
+        if (res) {
+            /* Import our private key. */
+            int ret = wc_curve448_import_private_ex(priv, privSz, &privkey,
+                EC448_LITTLE_ENDIAN);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_curve448_import_private_ex failed");
+                res = 0;
+            }
+
+            if (res) {
+                /* Import peer's public key. */
+                ret = wc_curve448_import_public_ex(pub, pubSz, &pubkey,
+                    EC448_LITTLE_ENDIAN);
+                if (ret != 0) {
+                    WOLFSSL_MSG("wc_curve448_import_public_ex failed");
+                    res = 0;
+                }
+            }
+            if (res) {
+                /* Compute shared secret. */
+                ret = wc_curve448_shared_secret_ex(&privkey, &pubkey, shared,
+                    sharedSz, EC448_LITTLE_ENDIAN);
+                if (ret != 0) {
+                    WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
+                    res = 0;
+                }
+            }
+
+            wc_curve448_free(&pubkey);
+        }
+        wc_curve448_free(&privkey);
+    }
+
+    return res;
+#else
+    WOLFSSL_MSG("No Key Gen built in");
+
+    (void)shared;
+    (void)sharedSz;
+    (void)priv;
+    (void)privSz;
+    (void)pub;
+    (void)pubSz;
+
+    return 0;
+#endif /* WOLFSSL_KEY_GEN */
+}
+#endif /* OPENSSL_EXTRA && HAVE_CURVE448 */
+
+/*******************************************************************************
+ * END OF EC448 API
+ ******************************************************************************/
+
+/*******************************************************************************
+ * START OF ED448 API
+ ******************************************************************************/
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448)
+/* Generate an ED448 key pair.
+ *
+ * Output keys are in little endian format.
+ *
+ * @param [out]     priv    ED448 private key data.
+ * @param [in, out] privSz  On in, the size of priv in bytes.
+ *                          On out, the length of the private key data in bytes.
+ * @param [out]     pub     ED448 public key data.
+ * @param [in, out] pubSz   On in, the size of pub in bytes.
+ *                          On out, the length of the public key data in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz,
+    unsigned char *pub, unsigned int *pubSz)
+{
+#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ED448_KEY_EXPORT)
+    int res = 1;
+    int initTmpRng = 0;
+    WC_RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    WC_RNG *tmpRng = NULL;
+#else
+    WC_RNG tmpRng[1];
+#endif
+    ed448_key key;
+
+    WOLFSSL_ENTER("wolfSSL_ED448_generate_key");
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (privSz == NULL) ||
+            (*privSz < ED448_PRV_KEY_SIZE) || (pub == NULL) ||
+            (pubSz == NULL) || (*pubSz < ED448_PUB_KEY_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    if (res) {
+        /* Create a random number generator. */
+        rng = wolfssl_make_rng(tmpRng, &initTmpRng);
+        if (rng == NULL) {
+            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG");
+            res = 0;
+        }
+    }
+
+    /* Initialize an Ed448 key. */
+    if (res && (wc_ed448_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_ed448_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Make an Ed448 key pair. */
+        int ret = wc_ed448_make_key(rng, ED448_KEY_SIZE, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_ed448_make_key failed");
+            res = 0;
+        }
+        if (res) {
+            /* Export Curve448 key pair to buffers. */
+            ret = wc_ed448_export_key(&key, priv, privSz, pub, pubSz);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_ed448_export_key failed");
+                res = 0;
+            }
+        }
+
+        wc_ed448_free(&key);
+    }
+
+    if (initTmpRng) {
+        wc_FreeRng(rng);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
+    #endif
+    }
+
+    return res;
+#else
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+#else
+    WOLFSSL_MSG("No ED448 key export built in");
+#endif
+
+    (void)priv;
+    (void)privSz;
+    (void)pub;
+    (void)pubSz;
+
+    return 0;
+#endif /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */
+}
+
+/* Sign a message with Ed448 using the private key.
+ *
+ * Input and output keys are in little endian format.
+ * Priv is a buffer containing private and public part of key.
+ *
+ * @param [in]      msg     Message to be signed.
+ * @param [in]      msgSz   Length of message in bytes.
+ * @param [in]      priv    ED448 private key data.
+ * @param [in]      privSz  Length in bytes of private key data.
+ * @param [out]     sig     Signature buffer.
+ * @param [in, out] sigSz   On in, the length of the signature buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz,
+    const unsigned char *priv, unsigned int privSz, unsigned char *sig,
+    unsigned int *sigSz)
+{
+#if defined(HAVE_ED448_SIGN) && defined(WOLFSSL_KEY_GEN) && \
+    defined(HAVE_ED448_KEY_IMPORT)
+    ed448_key key;
+    int res = 1;
+
+    WOLFSSL_ENTER("wolfSSL_ED448_sign");
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (privSz != ED448_PRV_KEY_SIZE) ||
+            (msg == NULL) || (sig == NULL) || (sigSz == NULL) ||
+            (*sigSz < ED448_SIG_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    /* Initialize Ed448 key. */
+    if (res && (wc_ed448_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_curve448_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Import private and public key. */
+        int ret = wc_ed448_import_private_key(priv, privSz / 2,
+            priv + (privSz / 2), ED448_PUB_KEY_SIZE, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_ed448_import_private failed");
+            res = 0;
+        }
+
+        if (res) {
+            /* Sign message with Ed448 - no context. */
+            ret = wc_ed448_sign_msg(msg, msgSz, sig, sigSz, &key, NULL, 0);
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
+                res = 0;
+            }
+        }
+
+        wc_ed448_free(&key);
+    }
+
+    return res;
+#else
+#if !defined(HAVE_ED448_SIGN)
+    WOLFSSL_MSG("No ED448 sign built in");
+#elif !defined(WOLFSSL_KEY_GEN)
+    WOLFSSL_MSG("No Key Gen built in");
+#elif !defined(HAVE_ED448_KEY_IMPORT)
+    WOLFSSL_MSG("No ED448 Key import built in");
+#endif
+
+    (void)msg;
+    (void)msgSz;
+    (void)priv;
+    (void)privSz;
+    (void)sig;
+    (void)sigSz;
+
+    return 0;
+#endif /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */
+}
+
+/* Verify a message with Ed448 using the public key.
+ *
+ * Input keys are in little endian format.
+ *
+ * @param [in] msg     Message to be verified.
+ * @param [in] msgSz   Length of message in bytes.
+ * @param [in] pub     ED448 public key data.
+ * @param [in] privSz  Length in bytes of public key data.
+ * @param [in] sig     Signature buffer.
+ * @param [in] sigSz   Length of the signature in bytes.
+ * @return  1 on success
+ * @return  0 on failure.
+ */
+int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz,
+    const unsigned char *pub, unsigned int pubSz, const unsigned char *sig,
+    unsigned int sigSz)
+{
+#if defined(HAVE_ED448_VERIFY) && defined(WOLFSSL_KEY_GEN) && \
+    defined(HAVE_ED448_KEY_IMPORT)
+    ed448_key key;
+    int res = 1;
+
+    WOLFSSL_ENTER("wolfSSL_ED448_verify");
+
+    /* Validate parameters. */
+    if ((pub == NULL) || (pubSz != ED448_PUB_KEY_SIZE) || (msg == NULL) ||
+            (sig == NULL) || (sigSz != ED448_SIG_SIZE)) {
+        WOLFSSL_MSG("Bad arguments");
+        res = 0;
+    }
+
+    /* Initialize Ed448 key. */
+    if (res && (wc_ed448_init(&key) != 0)) {
+        WOLFSSL_MSG("wc_curve448_init failed");
+        res = 0;
+    }
+    if (res) {
+        /* Import public key. */
+        int ret = wc_ed448_import_public(pub, pubSz, &key);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_ed448_import_public failed");
+            res = 0;
+        }
+
+        if (res) {
+            int check = 0;
+
+            /* Verify signature with message and public key - no context. */
+            ret = wc_ed448_verify_msg((byte*)sig, sigSz, msg, msgSz, &check,
+                &key, NULL, 0);
+            /* Check for errors in verification process. */
+            if (ret != 0) {
+                WOLFSSL_MSG("wc_ed448_verify_msg failed");
+                res = 0;
+            }
+            /* Check signature is valid. */
+            else if (!check) {
+                WOLFSSL_MSG("wc_ed448_verify_msg failed (signature invalid)");
+                res = 0;
+            }
+        }
+
+        wc_ed448_free(&key);
+    }
+
+    return res;
+#else
+#if !defined(HAVE_ED448_VERIFY)
+    WOLFSSL_MSG("No ED448 verify built in");
+#elif !defined(WOLFSSL_KEY_GEN)
+    WOLFSSL_MSG("No Key Gen built in");
+#elif !defined(HAVE_ED448_KEY_IMPORT)
+    WOLFSSL_MSG("No ED448 Key import built in");
+#endif
+
+    (void)msg;
+    (void)msgSz;
+    (void)pub;
+    (void)pubSz;
+    (void)sig;
+    (void)sigSz;
+
+    return 0;
+#endif /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */
+}
+#endif /* OPENSSL_EXTRA && HAVE_ED448 */
+
+/*******************************************************************************
+ * END OF ED448 API
+ ******************************************************************************/
+
+/*******************************************************************************
+ * START OF GENERIC PUBLIC KEY PEM APIs
+ ******************************************************************************/
+
+#ifdef OPENSSL_EXTRA
+/* Sets default callback password for PEM.
+ *
+ * @param [out] buf       Buffer to hold password.
+ * @param [in]  num       Number of characters in buffer.
+ * @param [in]  rwFlag    Read/write flag. Ignored.
+ * @param [in]  userData  User data - assumed to be default password.
+ * @return  Password size on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_def_callback(char* buf, int num, int rwFlag, void* userData)
+{
+    int sz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_def_callback");
+
+    (void)rwFlag;
+
+    /* We assume that the user passes a default password as userdata */
+    if ((buf != NULL) && (userData != NULL)) {
+        sz = (int)XSTRLEN((const char*)userData);
+        sz = (int)min((word32)sz, (word32)num);
+        XMEMCPY(buf, userData, (size_t)sz);
+    }
+    else {
+        WOLFSSL_MSG("Error, default password cannot be created.");
+    }
+
+    return sz;
+}
+
+#ifndef NO_BIO
+/* Writes a public key to a WOLFSSL_BIO encoded in PEM format.
+ *
+ * @param [in] bio  BIO to write to.
+ * @param [in] key  Public key to write in PEM format.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
+{
+    int ret = 0;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY");
+
+    if ((bio != NULL) && (key != NULL)) {
+        switch (key->type) {
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+            case WC_EVP_PKEY_RSA:
+                ret = wolfSSL_PEM_write_bio_RSA_PUBKEY(bio, key->rsa);
+                break;
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
+#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
+            case WC_EVP_PKEY_DSA:
+                ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa);
+                break;
+#endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
+    defined(WOLFSSL_KEY_GEN)
+            case WC_EVP_PKEY_EC:
+                ret = wolfSSL_PEM_write_bio_EC_PUBKEY(bio, key->ecc);
+                break;
+#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
+#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
+            case WC_EVP_PKEY_DH:
+                /* DH public key not supported. */
+                WOLFSSL_MSG("Writing DH PUBKEY not supported!");
+                break;
+#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
+            default:
+                /* Key type not supported. */
+                WOLFSSL_MSG("Unknown Key type!");
+                break;
+        }
+    }
+
+    return ret;
+}
+
+/* Writes a private key to a WOLFSSL_BIO encoded in PEM format.
+ *
+ * @param [in] bio     BIO to write to.
+ * @param [in] key     Public key to write in PEM format.
+ * @param [in] cipher  Encryption cipher to use.
+ * @param [in] passwd  Password to use when encrypting.
+ * @param [in] len     Length of password.
+ * @param [in] cb      Password callback.
+ * @param [in] arg     Password callback argument.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len,
+    wc_pem_password_cb* cb, void* arg)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey");
+
+    (void)cipher;
+    (void)passwd;
+    (void)len;
+    (void)cb;
+    (void)arg;
+
+    /* Validate parameters. */
+    if ((bio == NULL) || (key == NULL)) {
+        WOLFSSL_MSG("Bad Function Arguments");
+        ret = 0;
+    }
+
+    if (ret == 1) {
+    #ifdef WOLFSSL_KEY_GEN
+        switch (key->type) {
+        #ifndef NO_RSA
+            case WC_EVP_PKEY_RSA:
+                /* Write using RSA specific API. */
+                ret = wolfSSL_PEM_write_bio_RSAPrivateKey(bio, key->rsa,
+                    cipher, passwd, len, cb, arg);
+                break;
+        #endif
+        #ifndef NO_DSA
+            case WC_EVP_PKEY_DSA:
+                /* Write using DSA specific API. */
+                ret = wolfSSL_PEM_write_bio_DSAPrivateKey(bio, key->dsa,
+                    cipher, passwd, len, cb, arg);
+                break;
+        #endif
+        #ifdef HAVE_ECC
+            case WC_EVP_PKEY_EC:
+            #if defined(HAVE_ECC_KEY_EXPORT)
+                /* Write using EC specific API. */
+                ret = wolfSSL_PEM_write_bio_ECPrivateKey(bio, key->ecc,
+                    cipher, passwd, len, cb, arg);
+            #else
+                ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr,
+                    key->pkey_sz, bio, EC_PRIVATEKEY_TYPE);
+            #endif
+                break;
+        #endif
+        #ifndef NO_DH
+            case WC_EVP_PKEY_DH:
+                /* Write using generic API with DH type. */
+                ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr,
+                    key->pkey_sz, bio, DH_PRIVATEKEY_TYPE);
+                break;
+        #endif
+            default:
+                WOLFSSL_MSG("Unknown Key type!");
+                ret = 0;
+                break;
+        }
+    #else
+        int type = 0;
+
+        switch (key->type) {
+        #ifndef NO_DSA
+            case WC_EVP_PKEY_DSA:
+                type = DSA_PRIVATEKEY_TYPE;
+                break;
+        #endif
+        #ifdef HAVE_ECC
+            case WC_EVP_PKEY_EC:
+                type = ECC_PRIVATEKEY_TYPE;
+                break;
+        #endif
+        #ifndef NO_DH
+            case WC_EVP_PKEY_DH:
+                type = DH_PRIVATEKEY_TYPE;
+                break;
+        #endif
+        #ifndef NO_RSA
+            case WC_EVP_PKEY_RSA:
+                type = PRIVATEKEY_TYPE;
+                break;
+        #endif
+            default:
+                ret = 0;
+                break;
+        }
+        if (ret == 1) {
+            /* Write using generic API with generic type. */
+            ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr, key->pkey_sz,
+                bio, type);
+        }
+    #endif
+    }
+
+    return ret;
+}
+#endif /* !NO_BIO */
+
+#ifndef NO_BIO
+/* Create a private key object from the data in the BIO.
+ *
+ * @param [in]      bio   BIO to read from.
+ * @param [in, out] key   Public key object. Object used if passed in.
+ * @param [in]      cb    Password callback.
+ * @param [in]      arg   Password callback argument.
+ * @return  A WOLFSSL_EVP_PKEY object on success.
+ * @return  NULL on failure.
+ */
+WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
+    WOLFSSL_EVP_PKEY **key, wc_pem_password_cb *cb, void *arg)
+{
+    int err = 0;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    DerBuffer* der = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY");
+
+    if (bio == NULL) {
+        err = 1;
+    }
+
+    /* Read the PEM public key from the BIO and convert to DER. */
+    if ((!err) && (pem_read_bio_key(bio, cb, arg, PUBLICKEY_TYPE, NULL,
+            &der) < 0)) {
+        err = 1;
+    }
+
+    if (!err) {
+        const unsigned char* ptr = der->buffer;
+
+        /* Use key passed in if set. */
+        if ((key != NULL) && (*key != NULL)) {
+            pkey = *key;
+        }
+
+        /* Convert DER data to a public key object. */
+        if (wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length) == NULL) {
+            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
+            pkey = NULL;
+            err = 1;
+        }
+    }
+
+    /* Return the key if possible. */
+    if ((!err) && (key != NULL) && (pkey != NULL)) {
+        *key = pkey;
+    }
+    /* Dispose of the DER encoding. */
+    FreeDer(&der);
+
+    WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0);
+
+    return pkey;
+}
+
+/* Create a private key object from the data in the BIO.
+ *
+ * @param [in]      bio   BIO to read from.
+ * @param [in, out] key   Private key object. Object used if passed in.
+ * @param [in]      cb    Password callback.
+ * @param [in]      arg   Password callback argument.
+ * @return  A WOLFSSL_EVP_PKEY object on success.
+ * @return  NULL on failure.
+ */
+WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
+    WOLFSSL_EVP_PKEY** key, wc_pem_password_cb* cb, void* arg)
+{
+    int err = 0;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    DerBuffer* der = NULL;
+    int keyFormat = 0;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey");
+
+    /* Validate parameters. */
+    if (bio == NULL) {
+        err = 1;
+    }
+
+    /* Read the PEM private key from the BIO and convert to DER. */
+    if ((!err) && (pem_read_bio_key(bio, cb, arg, PRIVATEKEY_TYPE, &keyFormat,
+            &der) < 0)) {
+        err = 1;
+    }
+
+    if (!err) {
+        const unsigned char* ptr = der->buffer;
+        int type;
+
+        /* Set key type based on format returned. */
+        switch (keyFormat) {
+            /* No key format set - default to RSA. */
+            case 0:
+            case RSAk:
+                type = WC_EVP_PKEY_RSA;
+                break;
+            case DSAk:
+                type = WC_EVP_PKEY_DSA;
+                break;
+            case ECDSAk:
+                type = WC_EVP_PKEY_EC;
+                break;
+            case DHk:
+                type = WC_EVP_PKEY_DH;
+                break;
+            default:
+                type = WOLFSSL_FATAL_ERROR;
+                break;
+        }
+
+        /* Use key passed in if set. */
+        if ((key != NULL) && (*key != NULL)) {
+            pkey = *key;
+        }
+
+        /* Convert DER data to a private key object. */
+        if (wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length) == NULL) {
+            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
+            pkey = NULL;
+            err = 1;
+        }
+    }
+
+    /* Return the key if possible. */
+    if ((!err) && (key != NULL) && (pkey != NULL)) {
+        *key = pkey;
+    }
+    /* Dispose of the DER encoding. */
+    FreeDer(&der);
+
+    WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", err);
+
+    return pkey;
+}
+
+
+WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(
+    WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb,
+    void* arg)
+{
+    return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg);
+}
+#endif /* !NO_BIO */
+
+#if !defined(NO_FILESYSTEM)
+/* Create a private key object from the data in a file.
+ *
+ * @param [in]      fp    File pointer.
+ * @param [in, out] key   Public key object. Object used if passed in.
+ * @param [in]      cb    Password callback.
+ * @param [in]      arg   Password callback argument.
+ * @return  A WOLFSSL_EVP_PKEY object on success.
+ * @return  NULL on failure.
+ */
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **key,
+    wc_pem_password_cb *cb, void *arg)
+{
+    int err = 0;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    DerBuffer* der = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_read_PUBKEY");
+
+    /* Validate parameters. */
+    if (fp == XBADFILE) {
+        err = 1;
+    }
+
+    /* Read the PEM public key from the file and convert to DER. */
+    if ((!err) && ((pem_read_file_key(fp, cb, arg, PUBLICKEY_TYPE, NULL,
+            &der) < 0) || (der == NULL))) {
+        err = 1;
+    }
+    if (!err) {
+        const unsigned char* ptr = der->buffer;
+
+        /* Use key passed in if set. */
+        if ((key != NULL) && (*key != NULL)) {
+            pkey = *key;
+        }
+
+        /* Convert DER data to a public key object. */
+        if (wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length) == NULL) {
+            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
+            pkey = NULL;
+            err = 1;
+        }
+    }
+
+    /* Return the key if possible. */
+    if ((!err) && (key != NULL) && (pkey != NULL)) {
+        *key = pkey;
+    }
+    /* Dispose of the DER encoding. */
+    FreeDer(&der);
+
+    WOLFSSL_LEAVE("wolfSSL_PEM_read_PUBKEY", 0);
+
+    return pkey;
+}
+
+#ifndef NO_CERTS
+/* Create a private key object from the data in a file.
+ *
+ * @param [in]      fp    File pointer.
+ * @param [in, out] key   Private key object. Object used if passed in.
+ * @param [in]      cb    Password callback.
+ * @param [in]      arg   Password callback argument.
+ * @return  A WOLFSSL_EVP_PKEY object on success.
+ * @return  NULL on failure.
+ */
+WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key,
+    wc_pem_password_cb *cb, void *arg)
+{
+    int err = 0;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    DerBuffer* der = NULL;
+    int keyFormat = 0;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_read_PrivateKey");
+
+    /* Validate parameters. */
+    if (fp == XBADFILE) {
+        err = 1;
+    }
+
+    /* Read the PEM private key from the file and convert to DER. */
+    if ((!err) && (pem_read_file_key(fp, cb, arg, PRIVATEKEY_TYPE, &keyFormat,
+            &der)) < 0) {
+        err = 1;
+    }
+
+    if (!err) {
+        const unsigned char* ptr = der->buffer;
+        int type;
+
+        /* Set key type based on format returned. */
+        switch (keyFormat) {
+            /* No key format set - default to RSA. */
+            case 0:
+            case RSAk:
+                type = WC_EVP_PKEY_RSA;
+                break;
+            case DSAk:
+                type = WC_EVP_PKEY_DSA;
+                break;
+            case ECDSAk:
+                type = WC_EVP_PKEY_EC;
+                break;
+            case DHk:
+                type = WC_EVP_PKEY_DH;
+                break;
+            default:
+                type = WOLFSSL_FATAL_ERROR;
+                break;
+        }
+
+        /* Use key passed in if set. */
+        if ((key != NULL) && (*key != NULL)) {
+            pkey = *key;
+        }
+
+        /* Convert DER data to a private key object. */
+        if (wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length) == NULL) {
+            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
+            pkey = NULL;
+            err = 1;
+        }
+    }
+
+    /* Return the key if possible. */
+    if ((!err) && (key != NULL) && (pkey != NULL)) {
+        *key = pkey;
+    }
+    /* Dispose of the DER encoding. */
+    FreeDer(&der);
+
+    WOLFSSL_LEAVE("wolfSSL_PEM_read_PrivateKey", 0);
+
+    return pkey;
+}
+#endif /* !NO_CERTS */
+#endif /* !NO_FILESYSTEM */
+
+#ifndef NO_CERTS
+
+#if !defined(NO_BIO) || !defined(NO_FILESYSTEM)
+#define PEM_BEGIN              "-----BEGIN "
+#define PEM_BEGIN_SZ           11
+#define PEM_END                "-----END "
+#define PEM_END_SZ             9
+#define PEM_HDR_FIN            "-----"
+#define PEM_HDR_FIN_SZ         5
+#define PEM_HDR_FIN_EOL_NEWLINE   "-----\n"
+#define PEM_HDR_FIN_EOL_NULL_TERM "-----\0"
+#define PEM_HDR_FIN_EOL_SZ     6
+
+/* Find strings and return middle offsets.
+ *
+ * Find first string in pem as a prefix and then locate second string as a
+ * postfix.
+ * len returning with 0 indicates not found.
+ *
+ * @param [in]  pem      PEM data.
+ * @param [in]  pemLen   Length of PEM data.
+ * @param [in]  idx      Current index.
+ * @param [in]  prefix   First string to find.
+ * @param [in]  postfix  Second string to find after first.
+ * @param [out] start    Start index of data between strings.
+ * @param [out] len      Length of data between strings.
+ */
+static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix,
+    const char* postfix, int* start, int* len)
+{
+    int prefixLen = (int)XSTRLEN(prefix);
+    int postfixLen = (int)XSTRLEN(postfix);
+
+    *start = *len = 0;
+    /* Find prefix part. */
+    for (; idx < pemLen - prefixLen; idx++) {
+        if ((pem[idx] == prefix[0]) &&
+                (XMEMCMP(pem + idx, prefix, (size_t)prefixLen) == 0)) {
+            idx += prefixLen;
+            *start = idx;
+            break;
+        }
+    }
+    /* Find postfix part. */
+    for (; idx < pemLen - postfixLen; idx++) {
+        if ((pem[idx] == postfix[0]) &&
+                (XMEMCMP(pem + idx, postfix, (size_t)postfixLen) == 0)) {
+            *len = idx - *start;
+            break;
+        }
+    }
+}
+
+/* Parse out content type name, any encryption headers and DER encoding.
+ *
+ * @param [in]  pem     PEM data.
+ * @param [in]  pemLen  Length of PEM data.
+ * @param [out] name    Name of content type.
+ * @param [out] header  Encryption headers.
+ * @param [out] data    DER encoding from PEM.
+ * @param [out] len     Length of DER data.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  ASN_NO_PEM_HEADER when no header found or different names found.
+ */
+static int pem_read_data(char* pem, int pemLen, char **name, char **header,
+    unsigned char **data, long *len)
+{
+    int ret = 0;
+    int start;
+    int nameLen;
+    int startHdr = 0;
+    int hdrLen = 0;
+    int startEnd = 0;
+    int endLen;
+
+    *name = NULL;
+    *header = NULL;
+
+    /* Find header. */
+    pem_find_pattern(pem, pemLen, 0, PEM_BEGIN, PEM_HDR_FIN, &start, &nameLen);
+    /* Allocate memory for header name. */
+    *name = (char*)XMALLOC((size_t)nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (*name == NULL) {
+        ret = MEMORY_E;
+    }
+    if (ret == 0) {
+        /* Put in header name. */
+        (*name)[nameLen] = '\0';
+        if (nameLen == 0) {
+            ret = ASN_NO_PEM_HEADER;
+        }
+        else {
+            XMEMCPY(*name, pem + start, (size_t)nameLen);
+        }
+    }
+    if (ret == 0) {
+        /* Find encryption headers after header. */
+        start += nameLen + PEM_HDR_FIN_SZ;
+        pem_find_pattern(pem, pemLen, start, "\n", "\n\n", &startHdr, &hdrLen);
+        if (hdrLen > 0) {
+            /* Include first of two '\n' characters. */
+            hdrLen++;
+        }
+        /* Allocate memory for encryption header string. */
+        *header = (char*)XMALLOC((size_t)hdrLen + 1, NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+        if (*header == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 0) {
+        /* Put in encryption header string. */
+        (*header)[hdrLen] = '\0';
+        if (hdrLen > 0) {
+            XMEMCPY(*header, pem + startHdr, (size_t)hdrLen);
+            start = startHdr + hdrLen + 1;
+        }
+
+        /* Find footer. */
+        pem_find_pattern(pem, pemLen, start, PEM_END, PEM_HDR_FIN, &startEnd,
+            &endLen);
+        /* Validate header name and footer name are the same. */
+        if ((endLen != nameLen) ||
+                 (XMEMCMP(*name, pem + startEnd, (size_t)nameLen) != 0)) {
+            ret = ASN_NO_PEM_HEADER;
+        }
+    }
+    if (ret == 0) {
+        unsigned char* der = (unsigned char*)pem;
+        word32 derLen;
+
+        /* Convert PEM body to DER. */
+        derLen = (word32)(startEnd - PEM_END_SZ - start);
+        ret = Base64_Decode(der + start, derLen, der, &derLen);
+        if (ret == 0) {
+            /* Return the DER data. */
+            *data = der;
+            *len = derLen;
+        }
+    }
+
+    return ret;
+}
+
+/* Encode the DER data in PEM format into a newly allocated buffer.
+ *
+ * @param [in]  name       Header/footer name.
+ * @param [in]  header     Encryption header.
+ * @param [in]  data       DER data.
+ * @param [in]  len        Length of DER data.
+ * @param [out] pemOut     PEM encoded data.
+ * @param [out] pemOutLen  Length of PEM encoded data.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int pem_write_data(const char *name, const char *header,
+    const unsigned char *data, long len, char** pemOut, word32* pemOutLen)
+{
+    int ret = 0;
+    int nameLen;
+    int headerLen;
+    char* pem = NULL;
+    word32 pemLen;
+    word32 derLen = (word32)len;
+    byte* p;
+
+    nameLen = (int)XSTRLEN(name);
+    headerLen = (int)XSTRLEN(header);
+
+    /* DER encode for PEM. */
+    pemLen  = (derLen + 2) / 3 * 4;
+    pemLen += (pemLen + 63) / 64;
+    /* Header */
+    pemLen += (word32)(PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ);
+    if (headerLen > 0) {
+        /* Encryption lines plus extra carriage return. */
+        pemLen += (word32)headerLen + 1;
+    }
+    /* Trailer */
+    pemLen += (word32)(PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ);
+
+    pem = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (pem == NULL) {
+        ret = MEMORY_E;
+    }
+    p = (byte*)pem;
+
+    if (ret == 0) {
+        /* Add header. */
+        XMEMCPY(p, PEM_BEGIN, PEM_BEGIN_SZ);
+        p += PEM_BEGIN_SZ;
+        XMEMCPY(p, name, (size_t)nameLen);
+        p += nameLen;
+        XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ);
+        p += PEM_HDR_FIN_EOL_SZ;
+
+        if (headerLen > 0) {
+            /* Add encryption header. */
+            XMEMCPY(p, header, (size_t)headerLen);
+            p += headerLen;
+            /* Blank line after a header and before body. */
+            *(p++) = '\n';
+        }
+
+        /* Add DER data as PEM. */
+        pemLen -= (word32)((size_t)p - (size_t)pem);
+        ret = Base64_Encode(data, derLen, p, &pemLen);
+    }
+    if (ret == 0) {
+        p += pemLen;
+
+        /* Add trailer. */
+        XMEMCPY(p, PEM_END, PEM_END_SZ);
+        p += PEM_END_SZ;
+        XMEMCPY(p, name, (size_t)nameLen);
+        p += nameLen;
+        XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ);
+        p += PEM_HDR_FIN_EOL_SZ;
+
+        /* Return buffer and length of data. */
+        *pemOut = pem;
+        *pemOutLen = (word32)((size_t)p - (size_t)pem);
+    }
+
+    return ret;
+}
+#endif /* !NO_BIO || !NO_FILESYSTEM */
+
+#ifndef NO_BIO
+/* Read PEM encoded data from a BIO.
+ *
+ * Reads the entire contents in.
+ *
+ * @param [in]  bio     BIO to read from.
+ * @param [out] name    Name of content type.
+ * @param [out] header  Encryption headers.
+ * @param [out] data    DER encoding from PEM.
+ * @param [out] len     Length of DER data.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header,
+    unsigned char **data, long *len)
+{
+    int res = 1;
+    char* pem = NULL;
+    int pemLen = 0;
+    int memAlloced = 1;
+
+    /* Validate parameters. */
+    if ((bio == NULL) || (name == NULL) || (header == NULL) || (data == NULL) ||
+            (len == NULL)) {
+        res = 0;
+    }
+
+    /* Load all the data from the BIO. */
+    if ((res == 1) && (wolfssl_read_bio(bio, &pem, &pemLen, &memAlloced) !=
+             0)) {
+        res = 0;
+    }
+    if ((res == 1) && (!memAlloced)) {
+        /* Need to return allocated memory - make sure it is allocated. */
+        char* p = (char*)XMALLOC((size_t)pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (p == NULL) {
+            res = 0;
+        }
+        else {
+            /* Copy the data into new buffer. */
+            XMEMCPY(p, pem, (size_t)pemLen);
+            pem = p;
+        }
+    }
+
+    /* Read the PEM data. */
+    if ((res == 1) && (pem_read_data(pem, pemLen, name, header, data, len) !=
+            0)) {
+        /* Dispose of any allocated memory. */
+        XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(*name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(*header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        *name = NULL;
+        *header = NULL;
+        res = 0;
+    }
+
+    return res;
+}
+
+/* Encode the DER data in PEM format into a BIO.
+ *
+ * @param [in] bio     BIO to write to.
+ * @param [in] name    Header/footer name.
+ * @param [in] header  Encryption header.
+ * @param [in] data    DER data.
+ * @param [in] len     Length of DER data.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name,
+    const char *header, const unsigned char *data, long len)
+{
+    int err = 0;
+    char* pem = NULL;
+    word32 pemLen = 0;
+
+    /* Validate parameters. */
+    if ((bio == NULL) || (name == NULL) || (header == NULL) || (data == NULL)) {
+        err = BAD_FUNC_ARG;
+    }
+
+    /* Encode into a buffer. */
+    if (!err) {
+        err = pem_write_data(name, header, data, len, &pem, &pemLen);
+    }
+
+    /* Write PEM into BIO. */
+    if ((!err) && (wolfSSL_BIO_write(bio, pem, (int)pemLen) != (int)pemLen)) {
+        err = IO_FAILED_E;
+    }
+
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return (!err) ? (int)pemLen : 0;
+}
+#endif /* !NO_BIO */
+
+#if !defined(NO_FILESYSTEM)
+/* Read PEM encoded data from a file.
+ *
+ * Reads the entire contents in.
+ *
+ * @param [in]  bio     BIO to read from.
+ * @param [out] name    Name of content type.
+ * @param [out] header  Encryption headers.
+ * @param [out] data    DER encoding from PEM.
+ * @param [out] len     Length of DER data.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_read(XFILE fp, char **name, char **header, unsigned char **data,
+    long *len)
+{
+    int res = 1;
+    char* pem = NULL;
+    int pemLen = 0;
+
+    /* Validate parameters. */
+    if ((fp == XBADFILE) || (name == NULL) || (header == NULL) ||
+            (data == NULL) || (len == NULL)) {
+        res = 0;
+    }
+
+    /* Load all the data from the file. */
+    if ((res == 1) && (wolfssl_read_file(fp, &pem, &pemLen) != 0)) {
+        res = 0;
+    }
+
+    /* Read the PEM data. */
+    if ((res == 1) && (pem_read_data(pem, pemLen, name, header, data, len) !=
+            0)) {
+        /* Dispose of any allocated memory. */
+        XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(*name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(*header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        *name = NULL;
+        *header = NULL;
+        res = 0;
+    }
+
+    return res;
+}
+
+/* Encode the DER data in PEM format into a file.
+ *
+ * @param [in] fp      File pointer to write to.
+ * @param [in] name    Header/footer name.
+ * @param [in] header  Encryption header.
+ * @param [in] data    DER data.
+ * @param [in] len     Length of DER data.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header,
+    const unsigned char *data, long len)
+{
+    int err = 0;
+    char* pem = NULL;
+    word32 pemLen = 0;
+
+    /* Validate parameters. */
+    if ((fp == XBADFILE) || (name == NULL) || (header == NULL) ||
+            (data == NULL)) {
+        err = 1;
+    }
+
+    /* Encode into a buffer. */
+    if ((!err) && (pem_write_data(name, header, data, len, &pem, &pemLen) !=
+            0)) {
+        pemLen = 0;
+        err = 1;
+    }
+
+    /* Write PEM to a file. */
+    if ((!err) && (XFWRITE(pem, 1, pemLen, fp) != pemLen)) {
+        pemLen = 0;
+    }
+
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return (int)pemLen;
+}
+#endif
+
+/* Get EVP cipher info from encryption header string.
+ *
+ * @param [in]  header  Encryption header.
+ * @param [out] cipher  EVP Cipher info.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header, EncryptedInfo* cipher)
+{
+    int res = 1;
+
+    /* Validate parameters. */
+    if ((header == NULL) || (cipher == NULL)) {
+        res = 0;
+    }
+
+    if (res == 1) {
+        XMEMSET(cipher, 0, sizeof(*cipher));
+
+        if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0) {
+            res = 0;
+        }
+    }
+
+    return res;
+}
+
+/* Apply cipher to DER data.
+ *
+ * @param [in]      cipher  EVP cipher info.
+ * @param [in, out] data    On in, encrypted DER data.
+ *                          On out, unencrypted DER data.
+ * @param [in, out] len     On in, length of encrypted DER data.
+ *                          On out, length of unencrypted DER data.
+ * @param [in]      cb      Password callback.
+ * @param [in]      ctx     Context for password callback.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
+    wc_pem_password_cb* cb, void* ctx)
+{
+    int ret = 1;
+    char password[NAME_SZ];
+    int passwordSz = 0;
+
+    /* Validate parameters. */
+    if ((cipher == NULL) || (data == NULL) || (len == NULL) || (cb == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        /* Get password and length. */
+        passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx);
+        if (passwordSz < 0) {
+            ret = 0;
+        }
+    }
+
+    if (ret == 1) {
+        /* Decrypt the data using password and MD5. */
+        if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password,
+                passwordSz, WC_MD5) != 0) {
+            ret = WOLFSSL_FAILURE;
+        }
+    }
+
+    if (passwordSz > 0) {
+        /* Ensure password is erased from memory. */
+        ForceZero(password, (word32)passwordSz);
+    }
+
+    return ret;
+}
+
+#endif /* !NO_CERTS */
+#endif /* OPENSSL_EXTRA */
+
+#ifdef OPENSSL_ALL
+#if !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+
+/* Encrypt the key into a buffer using PKCS$8 and a password.
+ *
+ * @param [in]      pkey      Private key to encrypt.
+ * @param [in]      enc       EVP cipher.
+ * @param [in]      passwd    Password to encrypt with.
+ * @param [in]      passwdSz  Number of bytes in password.
+ * @param [in]      key       Buffer to hold encrypted key.
+ * @param [in, out] keySz     On in, size of buffer in bytes.
+ *                            On out, size of encrypted key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when EVP cipher not supported.
+ */
+int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
+    const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
+    word32* keySz)
+{
+    int ret;
+    WC_RNG rng;
+
+    /* Initialize a new random number generator. */
+    ret = wc_InitRng(&rng);
+    if (ret == 0) {
+        int encAlgId = 0;
+
+        /* Convert EVP cipher to a support encryption id. */
+    #ifndef NO_DES3
+        if (enc == EVP_DES_CBC) {
+            encAlgId = DESb;
+        }
+        else if (enc == EVP_DES_EDE3_CBC) {
+            encAlgId = DES3b;
+        }
+        else
+    #endif
+#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+    #ifdef WOLFSSL_AES_128
+        if (enc == EVP_AES_128_CBC) {
+            encAlgId = AES128CBCb;
+        }
+        else
+     #endif
+    #ifdef WOLFSSL_AES_256
+        if (enc == EVP_AES_256_CBC) {
+            encAlgId = AES256CBCb;
+        }
+        else
+     #endif
+#endif
+        {
+            ret = BAD_FUNC_ARG;
+        }
+
+        if (ret == 0) {
+            /* Encrypt private into buffer. */
+            ret = TraditionalEnc((byte*)pkey->pkey.ptr, (word32)pkey->pkey_sz,
+                key, keySz, passwd, passwdSz, PKCS5, PBES2, encAlgId,
+                NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL);
+            if (ret > 0) {
+                *keySz = (word32)ret;
+            }
+        }
+        /* Dispose of random number generator. */
+        wc_FreeRng(&rng);
+    }
+
+    return ret;
+}
+
+/* Encode private key in PKCS#8 format.
+ *
+ * @param [in]      pkey   Private key.
+ * @param [out]     key    Buffer to hold encoding.
+ * @param [in, out] keySz  On in, size of buffer in bytes.
+ * @param                  On out, size of encoded key in bytes.
+ * @return  0 on success.
+ */
+int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
+{
+    int ret = 0;
+    int algId = 0;
+    const byte* curveOid = 0;
+    word32 oidSz = 0;
+
+    /* Get the details of the private key. */
+#ifdef HAVE_ECC
+    if (pkey->type == WC_EVP_PKEY_EC) {
+        /* ECC private and get curve OID information. */
+        algId = ECDSAk;
+        ret = wc_ecc_get_oid((word32)pkey->ecc->group->curve_oid, &curveOid,
+            &oidSz);
+    }
+    else
+#endif
+    if (pkey->type == WC_EVP_PKEY_RSA) {
+        /* RSA private has no curve information. */
+        algId = RSAk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+    else if (pkey->type == WC_EVP_PKEY_DSA) {
+        /* DSA has no curve information. */
+        algId = DSAk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+#ifndef NO_DH
+    else if (pkey->type == WC_EVP_PKEY_DH) {
+        if (pkey->dh == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) {
+            /* Special case. DH buffer is always in PKCS8 format */
+            if (keySz == NULL)
+                return BAD_FUNC_ARG;
+
+            *keySz = (word32)pkey->pkey_sz;
+            if (key == NULL)
+                return LENGTH_ONLY_E;
+
+            XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz);
+            return pkey->pkey_sz;
+        }
+
+        /* DH has no curve information. */
+        algId = DHk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+#endif
+    else {
+        ret = NOT_COMPILED_IN;
+    }
+
+    if (ret >= 0) {
+        /* Encode private key in PKCS#8 format. */
+        ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr,
+            (word32)pkey->pkey_sz, algId, curveOid, oidSz);
+    }
+
+    return ret;
+}
+
+#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM))
+/* Write PEM encoded, PKCS#8 formatted private key to BIO.
+ *
+ * @param [out] pem       Buffer holding PEM encoding.
+ * @param [out] pemSz     Size of data in buffer in bytes.
+ * @param [in]  pkey      Private key to write.
+ * @param [in]  enc       Encryption information to use. May be NULL.
+ * @param [in]  passwd    Password to use when encrypting. May be NULL.
+ * @param [in]  passwdSz  Size of password in bytes.
+ * @param [in]  cb        Password callback. Used when passwd is NULL. May be
+ *                        NULL.
+ * @param [in]  ctx       Context for password callback.
+ * @return  Length of PEM encoding on success.
+ * @return  0 on failure.
+ */
+static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
+    WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
+    int passwdSz, wc_pem_password_cb* cb, void* ctx)
+{
+    int res = 1;
+    int ret = 0;
+    char password[NAME_SZ];
+    byte* key = NULL;
+    word32 keySz = 0;
+    int type = PKCS8_PRIVATEKEY_TYPE;
+
+    /* Validate parameters. */
+    if (pkey == NULL) {
+        res = 0;
+    }
+
+    if (res == 1) {
+        /* Guestimate key size and PEM size. */
+        if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+            res = 0;
+        }
+    }
+    if (res == 1) {
+        if (enc != NULL) {
+            /* Add on enough for extra DER data when encrypting. */
+            keySz += 128;
+        }
+        /* PEM encoding size from DER size. */
+        *pemSz  = (int)(keySz + 2) / 3 * 4;
+        *pemSz += (*pemSz + 63) / 64;
+        /* Header and footer. */
+        if (enc != NULL) {
+            /* Name is: 'ENCRYPTED PRIVATE KEY'. */
+            *pemSz += 74;
+        }
+        else {
+            /* Name is: 'PRIVATE KEY'. */
+            *pemSz += 54;
+        }
+
+        /* Allocate enough memory to hold PEM encoded encrypted key. */
+        *pem = (byte*)XMALLOC((size_t)*pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (*pem == NULL) {
+            res = 0;
+        }
+        else {
+            /* Use end of PEM buffer for key data. */
+            key = *pem + *pemSz - keySz;
+        }
+    }
+
+    if ((res == 1) && (enc != NULL)) {
+        /* Set type for PEM. */
+        type = PKCS8_ENC_PRIVATEKEY_TYPE;
+
+        if (passwd == NULL) {
+            /* Get the password by using callback. */
+            passwdSz = cb(password, sizeof(password), 1, ctx);
+            if (passwdSz < 0) {
+                res = 0;
+            }
+            passwd = password;
+        }
+
+        if (res == 1) {
+            /* Encrypt the private key. */
+            ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
+            if (ret <= 0) {
+                res = 0;
+            }
+        }
+
+        /* Zeroize the password from memory. */
+        if ((password == passwd) && (passwdSz > 0)) {
+            ForceZero(password, (word32)passwdSz);
+        }
+    }
+    else if ((res == 1) && (enc == NULL)) {
+        /* Set type for PEM. */
+        type = PKCS8_PRIVATEKEY_TYPE;
+
+        /* Encode private key in PKCS#8 format. */
+        ret = pkcs8_encode(pkey, key, &keySz);
+        if (ret < 0) {
+            res = 0;
+        }
+    }
+
+    if (res == 1) {
+        /* Encode PKCS#8 formatted key to PEM. */
+        ret = wc_DerToPemEx(key, keySz, *pem, (word32)*pemSz, NULL, type);
+        if (ret < 0) {
+            res = 0;
+        }
+        else {
+            *pemSz = ret;
+        }
+    }
+
+    /* Return appropriate return code. */
+    return (res == 0) ? 0 : ret;
+
+}
+#endif /* !NO_BIO || (!NO_FILESYSTEM && !NO_STDIO_FILESYSTEM) */
+
+#ifndef NO_BIO
+/* Write PEM encoded, PKCS#8 formatted private key to BIO.
+ *
+ * TODO: OpenSSL returns 1 and 0 only.
+ *
+ * @param [in] bio       BIO to write to.
+ * @param [in] pkey      Private key to write.
+ * @param [in] enc       Encryption information to use. May be NULL.
+ * @param [in] passwd    Password to use when encrypting. May be NULL.
+ * @param [in] passwdSz  Size of password in bytes.
+ * @param [in] cb        Password callback. Used when passwd is NULL. May be
+ *                       NULL.
+ * @param [in] ctx       Context for password callback.
+ * @return  Length of PEM encoding on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
+    WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
+    int passwdSz, wc_pem_password_cb* cb, void* ctx)
+{
+    byte* pem = NULL;
+    int pemSz = 0;
+    int res = 1;
+
+    /* Validate parameters. */
+    if (bio == NULL) {
+        res = 0;
+    }
+    if (res == 1) {
+        /* Write private key to memory. */
+        res = pem_write_mem_pkcs8privatekey(&pem, &pemSz, pkey, enc, passwd,
+            passwdSz, cb, ctx);
+    }
+
+    /* Write encoded key to BIO. */
+    if ((res >= 1) && (wolfSSL_BIO_write(bio, pem, pemSz) != pemSz)) {
+        res = 0;
+    }
+
+    /* Dispose of dynamically allocated memory (pem and key). */
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return res;
+}
+
+int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        PKCS8_PRIV_KEY_INFO* keyInfo)
+{
+    return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0,
+            NULL, NULL);
+}
+#endif /* !NO_BIO */
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+/* Write PEM encoded, PKCS#8 formatted private key to BIO.
+ *
+ * TODO: OpenSSL returns 1 and 0 only.
+ *
+ * @param [in] f         File pointer.
+ * @param [in] pkey      Private key to write.
+ * @param [in] enc       Encryption information to use. May be NULL.
+ * @param [in] passwd    Password to use when encrypting. May be NULL.
+ * @param [in] passwdSz  Size of password in bytes.
+ * @param [in] cb        Password callback. Used when passwd is NULL. May be
+ *                       NULL.
+ * @param [in] ctx       Context for password callback.
+ * @return  Length of PEM encoding on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_PEM_write_PKCS8PrivateKey(XFILE f, WOLFSSL_EVP_PKEY* pkey,
+    const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz,
+    wc_pem_password_cb* cb, void* ctx)
+{
+    byte* pem = NULL;
+    int pemSz = 0;
+    int res = 1;
+
+    /* Validate parameters. */
+    if (f == XBADFILE) {
+        res = 0;
+    }
+    if (res == 1) {
+        /* Write private key to memory. */
+        res = pem_write_mem_pkcs8privatekey(&pem, &pemSz, pkey, enc, passwd,
+            passwdSz, cb, ctx);
+    }
+
+    /* Write encoded key to file. */
+    if ((res >= 1) && (XFWRITE(pem, 1, (size_t)pemSz, f) != (size_t)pemSz)) {
+        res = 0;
+    }
+
+    /* Dispose of dynamically allocated memory (pem and key). */
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return res;
+}
+#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
+
+#endif /* !NO_PWDBASED && HAVE_PKCS8 */
+#endif /* OPENSSL_ALL */
+
+/*******************************************************************************
+ * END OF GENERIC PUBLIC KEY PEM APIs
+ ******************************************************************************/
+
 #endif /* !WOLFSSL_PK_INCLUDED */
 
diff --git a/src/quic.c b/src/quic.c
index 02622a7e4..82b0e3395 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -1,6 +1,6 @@
 /* quic.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -82,7 +82,12 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl,
             qr->capacity = qr->len = (word32)len;
         }
         else {
-            qr->capacity = qr->len = qr_length(data, len);
+            qr->capacity = qr->len = (word32) qr_length(data, len);
+            if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
+                WOLFSSL_MSG("QUIC length read larger than expected");
+                quic_record_free(ssl, qr);
+                return NULL;
+            }
         }
         if (qr->capacity == 0) {
             qr->capacity = 2*1024;
@@ -118,17 +123,25 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
         missing = 4 - qr->end;
         if (len < missing) {
             XMEMCPY(qr->data + qr->end, data, len);
-            qr->end += len;
+            qr->end += (word32)len;
             consumed = len;
             goto cleanup; /* len consumed, but qr->len still unknown */
         }
         XMEMCPY(qr->data + qr->end, data, missing);
-        qr->end += missing;
+        qr->end += (word32)missing;
         len -= missing;
         data += missing;
         consumed = missing;
 
-        qr->len = qr_length(qr->data, qr->end);
+        qr->len = (word32)qr_length(qr->data, qr->end);
+
+        /* sanity check on length read from wire before use */
+        if (qr->len > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
+            WOLFSSL_MSG("Length read for quic is larger than expected");
+            ret = BUFFER_E;
+            goto cleanup;
+        }
+
         if (qr->len > qr->capacity) {
             uint8_t *ndata = (uint8_t*)XREALLOC(qr->data, qr->len, ssl->heap,
                                                 DYNAMIC_TYPE_TMP_BUFFER);
@@ -141,25 +154,23 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
         }
     }
 
-    if (quic_record_complete(qr) || len == 0) {
-        return 0;
+    if (!quic_record_complete(qr) && len != 0) {
+        missing = qr->len - qr->end;
+        if (len > missing) {
+            len = missing;
+        }
+        XMEMCPY(qr->data + qr->end, data, len);
+        qr->end += (word32)len;
+        consumed += len;
     }
 
-    missing = qr->len - qr->end;
-    if (len > missing) {
-        len = missing;
-    }
-    XMEMCPY(qr->data + qr->end, data, len);
-    qr->end += len;
-    consumed += len;
-
 cleanup:
     *pconsumed = (ret == WOLFSSL_SUCCESS) ? consumed : 0;
     return ret;
 }
 
 
-static word32 add_rec_header(byte* output, word32 length, int type)
+static word32 add_rec_header(byte* output, word32 length, byte type)
 {
     RecordLayerHeader* rl;
 
@@ -175,15 +186,21 @@ static word32 add_rec_header(byte* output, word32 length, int type)
     return RECORD_HEADER_SZ;
 }
 
-static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
+static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
 {
     word32 len = qr->end - qr->start;
     word32 offset = 0;
-    word16 rlen;
+    word32 rlen;
 
     if (len <= 0) {
         return 0;
     }
+
+    /* We check if the buf is at least RECORD_HEADER_SZ */
+    if (sz < RECORD_HEADER_SZ) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
     if (qr->rec_hdr_remain == 0) {
         /* start a new TLS record */
         rlen = (qr->len <= (word32)MAX_RECORD_SIZE) ?
@@ -205,7 +222,7 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
         qr->start += len;
         qr->rec_hdr_remain -= len;
     }
-    return len + offset;
+    return (sword32)(len + offset);
 }
 
 
@@ -223,7 +240,7 @@ const QuicTransportParam* QuicTransportParam_new(const uint8_t* data,
         return NULL;
     }
     XMEMCPY((uint8_t*)tp->data, data, len);
-    tp->len = len;
+    tp->len = (word16)len;
     return tp;
 }
 
@@ -595,7 +612,7 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl)
             else {
                 ret = wolfSSL_read_early_data(ssl, tmpbuffer,
                                               sizeof(tmpbuffer), &len);
-                if (ret < 0 && ssl->error == ZERO_RETURN) {
+                if (ret < 0 && ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
                     /* this is expected, since QUIC handles the actual early
                      * data separately. */
                     ret = WOLFSSL_SUCCESS;
@@ -615,7 +632,9 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl)
 cleanup:
     if (ret <= 0
         && ssl->options.handShakeState == HANDSHAKE_DONE
-        && (ssl->error == ZERO_RETURN || ssl->error == WANT_READ)) {
+        && (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) ||
+            ssl->error == WC_NO_ERR_TRACE(WANT_READ)))
+    {
         ret = WOLFSSL_SUCCESS;
     }
     if (ret == WOLFSSL_SUCCESS) {
@@ -753,7 +772,7 @@ cleanup:
 /* Called internally when SSL wants a certain amount of input. */
 int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
 {
-    word32 n = 0;
+    sword32 n = 0;
     int transferred = 0;
 
     WOLFSSL_ENTER("wolfSSL_quic_receive");
@@ -761,6 +780,11 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
         n = 0;
         if (ssl->quic.input_head) {
             n = quic_record_transfer(ssl->quic.input_head, buf, sz);
+
+            /* record too small to be fit into a RecordLayerHeader struct. */
+            if (n == -1) {
+                return WOLFSSL_FATAL_ERROR;
+            }
             if (quic_record_done(ssl->quic.input_head)) {
                 QuicRecord* qr = ssl->quic.input_head;
                 ssl->quic.input_head = qr->next;
@@ -778,9 +802,9 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
             ssl->error = transferred = WANT_READ;
             goto cleanup;
         }
-        sz -= n;
+        sz -= (word32)n;
         buf += n;
-        transferred += n;
+        transferred += (int)n;
     }
 cleanup:
     WOLFSSL_LEAVE("wolfSSL_quic_receive", transferred);
@@ -823,8 +847,8 @@ static int wolfSSL_quic_send_internal(WOLFSSL* ssl)
                 goto cleanup;
             }
             output += len;
-            length -= len;
-            ssl->quic.output_rec_remain -= len;
+            length -= (word32)len;
+            ssl->quic.output_rec_remain -= (word32)len;
         }
         else {
             /* at start of a TLS Record */
@@ -901,8 +925,12 @@ int wolfSSL_quic_forward_secrets(WOLFSSL* ssl, int ktype, int side)
         goto cleanup;
     }
 
-    ret = !ssl->quic.method->set_encryption_secrets(
-        ssl, level, rx_secret, tx_secret, ssl->specs.hash_size);
+    if(!ssl->quic.method->set_encryption_secrets(
+        ssl, level, rx_secret, tx_secret, ssl->specs.hash_size)) {
+        WOLFSSL_MSG("WOLFSSL_QUIC_FORWARD_SECRETS failed");
+        ret = WOLFSSL_FATAL_ERROR;
+        goto cleanup;
+    }
 
     /* Having installed the secrets, any future read/write will happen
      * at the level. Except early data, which is detected on the record
@@ -977,11 +1005,13 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
             evp_cipher = wolfSSL_EVP_chacha20_poly1305();
             break;
 #endif
-#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
+#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
         case TLS_AES_128_CCM_SHA256:
-            FALL_THROUGH;
+            evp_cipher = wolfSSL_EVP_aes_128_ccm();
+            break;
         case TLS_AES_128_CCM_8_SHA256:
-            evp_cipher = wolfSSL_EVP_aes_128_ctr();
+            WOLFSSL_MSG("wolfSSL_quic_get_aead: no CCM-8 support in EVP layer");
+            evp_cipher = NULL;
             break;
 #endif
 
@@ -998,7 +1028,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
     return evp_cipher;
 }
 
-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */
+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
                          const WOLFSSL_EVP_CIPHER* c2)
 {
     /* We could check on nid equality, but we seem to have singulars */
@@ -1021,27 +1052,40 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_hp(WOLFSSL* ssl)
     }
 
     switch (cipher->cipherSuite) {
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
+#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_COUNTER)
+        /* This has to be CTR even though the spec says that ECB is used for
+         * mask generation. ngtcp2_crypto_hp_mask uses a hack where they pass
+         * in the "ECB" input as the IV for the CTR cipher and then the input
+         * is just a cleared buffer. They do this so that the EVP
+         * init-update-final cycle can be used without the padding that is added
+         * for EVP_aes_(128|256)_ecb. */
+#if defined(WOLFSSL_AES_128)
         case TLS_AES_128_GCM_SHA256:
             evp_cipher = wolfSSL_EVP_aes_128_ctr();
             break;
+#endif
+#if defined(WOLFSSL_AES_256)
         case TLS_AES_256_GCM_SHA384:
             evp_cipher = wolfSSL_EVP_aes_256_ctr();
             break;
 #endif
+#endif
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
         case TLS_CHACHA20_POLY1305_SHA256:
             evp_cipher = wolfSSL_EVP_chacha20();
             break;
 #endif
-#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
+#if !defined(NO_AES) && defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) && \
+        defined(WOLFSSL_AES_COUNTER)
+        /* This has to be CTR. See comment above. */
         case TLS_AES_128_CCM_SHA256:
-            FALL_THROUGH;
-        case TLS_AES_128_CCM_8_SHA256:
             evp_cipher = wolfSSL_EVP_aes_128_ctr();
             break;
+        case TLS_AES_128_CCM_8_SHA256:
+            WOLFSSL_MSG("wolfSSL_quic_get_hp: no CCM-8 support in EVP layer");
+            evp_cipher = NULL;
+            break;
 #endif
-
         default:
             evp_cipher = NULL;
             break;
@@ -1059,8 +1103,7 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher)
 {
     size_t ret;
 #ifdef WOLFSSL_SMALL_STACK
-    WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX *)XMALLOC(
-        sizeof(*ctx), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
     if (ctx == NULL)
         return 0;
 #else
@@ -1070,7 +1113,7 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher)
     XMEMSET(ctx, 0, sizeof(*ctx));
     if (wolfSSL_EVP_CipherInit(ctx, aead_cipher, NULL, NULL, 0)
         == WOLFSSL_SUCCESS) {
-        ret = ctx->authTagSz;
+        ret = (size_t)ctx->authTagSz;
     } else {
         ret = 0;
     }
@@ -1085,30 +1128,12 @@ size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER* aead_cipher)
 
 int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER* aead_cipher)
 {
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
-    if (evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_128_gcm())
-#ifdef WOLFSSL_AES_256
-        || evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_256_gcm())
-#endif
-    ) {
-        return 1;
-    }
-#else
-    (void)aead_cipher;
-#endif
-    return 0;
+    return WOLFSSL_EVP_CIPHER_mode(aead_cipher) == WOLFSSL_EVP_CIPH_GCM_MODE;
 }
 
 int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER* aead_cipher)
 {
-#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
-    if (evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_128_ctr())) {
-        return 1;
-    }
-#else
-    (void)aead_cipher;
-#endif
-    return 0;
+    return WOLFSSL_EVP_CIPHER_mode(aead_cipher) == WOLFSSL_EVP_CIPH_CCM_MODE;
 }
 
 int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER* aead_cipher)
@@ -1170,7 +1195,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf_extract");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1178,7 +1203,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS
@@ -1207,7 +1232,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf_expand");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1215,7 +1240,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)"", 0) != WOLFSSL_SUCCESS
@@ -1230,7 +1255,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
 cleanup:
     if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+        wolfSSL_EVP_PKEY_CTX_free(pctx);
     WOLFSSL_LEAVE("wolfSSL_quic_hkdf_expand", ret);
     return ret;
 }
@@ -1247,7 +1272,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1255,7 +1280,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS
@@ -1270,7 +1295,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
 cleanup:
     if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+        wolfSSL_EVP_PKEY_CTX_free(pctx);
     WOLFSSL_LEAVE("wolfSSL_quic_hkdf", ret);
     return ret;
 }
@@ -1323,7 +1348,7 @@ int wolfSSL_quic_aead_encrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
                 ctx, dest, &len, plain, (int)plainlen) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CipherFinal(ctx, dest + len, &len) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CIPHER_CTX_ctrl(
-                ctx, EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen)
+                ctx, WOLFSSL_EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen)
            != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -1345,12 +1370,12 @@ int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
         return WOLFSSL_FAILURE;
     }
 
-    enclen -= ctx->authTagSz;
+    enclen -= (size_t)ctx->authTagSz;
     tag = enc + enclen;
 
     if (wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CIPHER_CTX_ctrl(
-                ctx, EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag)
+                ctx, WOLFSSL_EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag)
             != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CipherUpdate(ctx, NULL, &len, aad, (int)aadlen)
             != WOLFSSL_SUCCESS
diff --git a/src/sniffer.c b/src/sniffer.c
index ddcb54033..b15067b5a 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1,6 +1,6 @@
 /* sniffer.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -227,8 +227,8 @@ BOOL APIENTRY DllMain( HMODULE hModule,
 #endif /* _WIN32 */
 
 
-static WOLFSSL_GLOBAL int TraceOn = 0;         /* Trace is off by default */
-static WOLFSSL_GLOBAL XFILE TraceFile = 0;
+static WC_THREADSHARED int TraceOn = 0;         /* Trace is off by default */
+static WC_THREADSHARED XFILE TraceFile = 0;
 
 
 /* windows uses .rc table for this */
@@ -447,7 +447,6 @@ typedef struct SnifferServer {
     struct SnifferServer* next;                  /* for list */
 } SnifferServer;
 
-
 /* Session Flags */
 typedef struct Flags {
     byte           side;            /* which end is current packet headed */
@@ -567,52 +566,52 @@ typedef struct SnifferSession {
 
 
 /* Sniffer Server List and mutex */
-static THREAD_LS_T WOLFSSL_GLOBAL SnifferServer* ServerList = NULL;
+static THREAD_LS_T SnifferServer* ServerList = NULL;
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex;
+static WC_THREADSHARED wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex);
 #endif
 
 /* Session Hash Table, mutex, and count */
-static THREAD_LS_T WOLFSSL_GLOBAL SnifferSession* SessionTable[HASH_SIZE];
+static THREAD_LS_T SnifferSession* SessionTable[HASH_SIZE];
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex;
+static WC_THREADSHARED wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex);
 #endif
-static THREAD_LS_T WOLFSSL_GLOBAL int SessionCount = 0;
+static THREAD_LS_T int SessionCount = 0;
 
-static WOLFSSL_GLOBAL int RecoveryEnabled    = 0;  /* global switch */
-static WOLFSSL_GLOBAL int MaxRecoveryMemory  = -1;
+static WC_THREADSHARED int RecoveryEnabled    = 0;  /* global switch */
+static WC_THREADSHARED int MaxRecoveryMemory  = -1;
                                            /* per session max recovery memory */
 #ifndef WOLFSSL_SNIFFER_NO_RECOVERY
 /* Recovery of missed data switches and stats */
-static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex; /* for stats */
+static WC_THREADSHARED wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */
 /* # of sessions with missed data */
-static WOLFSSL_GLOBAL word32 MissedDataSessions = 0;
+static WC_THREADSHARED word32 MissedDataSessions = 0;
 #endif
 
 /* Connection Info Callback */
-static WOLFSSL_GLOBAL SSLConnCb ConnectionCb;
-static WOLFSSL_GLOBAL void*     ConnectionCbCtx = NULL;
+static WC_THREADSHARED SSLConnCb ConnectionCb;
+static WC_THREADSHARED void*     ConnectionCbCtx = NULL;
 
 #ifdef WOLFSSL_SNIFFER_STATS
 /* Sessions Statistics */
-static WOLFSSL_GLOBAL SSLStats SnifferStats;
-static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex;
+static WC_THREADSHARED SSLStats SnifferStats;
+static WC_THREADSHARED wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex);
 #endif
 
 #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK
-static WOLFSSL_GLOBAL SSLKeyCb KeyCb;
-static WOLFSSL_GLOBAL void*    KeyCbCtx = NULL;
+static WC_THREADSHARED SSLKeyCb KeyCb;
+static WC_THREADSHARED void*    KeyCbCtx = NULL;
 #endif
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 /* Watch Key Callback */
-static WOLFSSL_GLOBAL SSLWatchCb WatchCb;
-static WOLFSSL_GLOBAL void*      WatchCbCtx = NULL;
+static WC_THREADSHARED SSLWatchCb WatchCb;
+static WC_THREADSHARED void*      WatchCbCtx = NULL;
 #endif
 
 #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
 /* Store Data Callback */
-static WOLFSSL_GLOBAL SSLStoreDataCb StoreDataCb;
+static WC_THREADSHARED SSLStoreDataCb StoreDataCb;
 #endif
 
 
@@ -657,7 +656,7 @@ static void UpdateMissedDataSessions(void)
 
 
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
-    static WOLFSSL_GLOBAL int CryptoDeviceId = INVALID_DEVID;
+    static WC_THREADSHARED int CryptoDeviceId = INVALID_DEVID;
 #endif
 
 #if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
@@ -683,6 +682,7 @@ static int addKeyLogSnifferServerHelper(const char* address,
 void ssl_InitSniffer_ex(int devId)
 {
     wolfSSL_Init();
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 #ifndef HAVE_C___ATOMIC
     wc_InitMutex(&ServerListMutex);
     wc_InitMutex(&SessionMutex);
@@ -694,6 +694,11 @@ void ssl_InitSniffer_ex(int devId)
     XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
     wc_InitMutex(&StatsMutex);
 #endif
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
+
+#ifdef WOLFSSL_SNIFFER_STATS
+    XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
+#endif
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
     CryptoDeviceId = devId;
 #endif
@@ -846,14 +851,11 @@ static void FreeSnifferSession(SnifferSession* session)
         XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
 #endif
 #ifdef WOLFSSL_TLS13
-        if (session->cliKeyShare)
-            XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #ifdef HAVE_MAX_FRAGMENT
-        if (session->tlsFragBuf) {
-            XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            session->tlsFragBuf = NULL;
-        }
+        XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        session->tlsFragBuf = NULL;
 #endif
     }
     XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION);
@@ -903,6 +905,7 @@ void ssl_FreeSniffer(void)
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
 
 
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 #ifndef WOLFSSL_SNIFFER_NO_RECOVERY
     wc_FreeMutex(&RecoveryMutex);
 #endif
@@ -910,6 +913,7 @@ void ssl_FreeSniffer(void)
     wc_FreeMutex(&SessionMutex);
     wc_FreeMutex(&ServerListMutex);
 #endif
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
 
 #ifdef WOLF_CRYPTO_CB
     #ifdef HAVE_INTEL_QA_SYNC
@@ -1652,31 +1656,31 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
     int ret = -1;
 
     if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (keySz == 0) {
         /* load from file */
         file = XFOPEN(keyFile, "rb");
-        if (file == XBADFILE) return -1;
+        if (file == XBADFILE) return WOLFSSL_FATAL_ERROR;
         if(XFSEEK(file, 0, XSEEK_END) != 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         fileSz = XFTELL(file);
         if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         if(XFSEEK(file, 0, XSEEK_SET) != 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE);
         if (loadBuf == NULL) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         ret = (int)XFREAD(loadBuf, 1, fileSz, file);
@@ -1684,14 +1688,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
 
         if (ret != fileSz) {
             XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
         /* use buffer directly */
         loadBuf = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_FILE);
         if (loadBuf == NULL) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         fileSz = keySz;
         XMEMCPY(loadBuf, keyFile, fileSz);
@@ -1728,7 +1732,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
     }
 
     if (ret < 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -1747,14 +1751,14 @@ static int CreateWatchSnifferServer(char* error)
             DYNAMIC_TYPE_SNIFFER_SERVER);
     if (sniffer == NULL) {
         SetError(MEMORY_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     InitSnifferServer(sniffer);
     sniffer->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
     if (!sniffer->ctx) {
         SetError(MEMORY_STR, error, NULL, 0);
         FreeSnifferServer(sniffer);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
     if (CryptoDeviceId != INVALID_DEVID)
@@ -1796,7 +1800,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
                 NULL, DYNAMIC_TYPE_SNIFFER_NAMED_KEY);
         if (namedKey == NULL) {
             SetError(MEMORY_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         XMEMSET(namedKey, 0, sizeof(NamedKey));
 
@@ -1811,7 +1815,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
         if (ret < 0) {
             SetError(KEY_FILE_STR, error, NULL, 0);
             FreeNamedKey(namedKey);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -1845,7 +1849,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
 #ifdef HAVE_SNI
             FreeNamedKey(namedKey);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         InitSnifferServer(sniffer);
 
@@ -1861,7 +1865,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             FreeNamedKey(namedKey);
 #endif
             FreeSnifferServer(sniffer);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
         if (CryptoDeviceId != INVALID_DEVID)
@@ -1902,7 +1906,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             SetError(KEY_FILE_STR, error, NULL, 0);
             if (isNew)
                 FreeSnifferServer(sniffer);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #ifdef WOLF_CRYPTO_CB
         wolfSSL_CTX_SetDevId(sniffer->ctx, CryptoDeviceId);
@@ -2120,7 +2124,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
 
     if (version != IPV6) {
         SetError(BAD_IPVER_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* Here, we need to move onto next header if not TCP. */
@@ -2130,7 +2134,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
             int hdrsz = (exthdr->length + 1) * 8;
             if (hdrsz > length - exthdrsz) {
                 SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             exthdrsz += hdrsz;
             exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz);
@@ -2142,7 +2146,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (!IsServerRegistered6(iphdr->src) && !IsServerRegistered6(iphdr->dst)) {
         SetError(SERVER_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -2176,12 +2180,12 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error,
 
     if (version != IPV4) {
         SetError(BAD_IPVER_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (iphdr->protocol != TCP_PROTOCOL) {
         SetError(BAD_PROTO_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     info->length  = IP_HL(iphdr);
@@ -2474,7 +2478,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
     args = (SetupKeysArgs*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_sk;
@@ -2573,7 +2577,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -2796,7 +2800,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
 
                 /* if curve not provided in key share data, then use private
@@ -2889,7 +2893,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
             if (ret == 0) {
@@ -2972,7 +2976,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
             if (ret == 0) {
@@ -3082,7 +3086,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
     #endif /* HAVE_CURVE448 */
 
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             /* Handle async pending response */
             ret = wolfSSL_AsyncPush(ssl, asyncDev);
             break;
@@ -3158,13 +3162,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
         if (SetCipherSpecs(session->sslServer) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             session->verboseErr = 1;
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
         if (SetCipherSpecs(session->sslClient) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             session->verboseErr = 1;
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
     #ifdef WOLFSSL_TLS13
@@ -3196,7 +3200,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
         }
         if (ret != 0) {
             SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
     #ifdef SHOW_SECRETS
@@ -3221,7 +3225,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
 exit_sk:
 
     /* Handle async pending response */
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         return ret;
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -3256,7 +3260,7 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
         session->sslServer->buffers.key->length == 0) {
 
         SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -3284,7 +3288,7 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len,
             info->key_len = (word16)((input[index] << 8) | input[index+1]);
             index += OPAQUE16_LEN;
             if (info->key_len == 0 || info->key_len > len - index) {
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             info->key = &input[index];
             index += info->key_len;
@@ -3388,7 +3392,7 @@ static int ProcessServerKeyShare(SnifferSession* session, const byte* input, int
     }
     if (ret != 0) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -3413,7 +3417,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through hint len */
     if (TICKET_HINT_LEN > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += TICKET_HINT_LEN; /* skip over hint len */
     *sslBytes -= TICKET_HINT_LEN;
@@ -3424,7 +3428,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         /* make sure can read through hint age and nonce len */
         if (TICKET_HINT_AGE_LEN + 1 > *sslBytes) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         input     += TICKET_HINT_AGE_LEN; /* skip over hint age */
         *sslBytes -= TICKET_HINT_AGE_LEN;
@@ -3433,7 +3437,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         len = input[0];
         if (len > MAX_TICKET_NONCE_STATIC_SZ) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         input += OPAQUE8_LEN;
         *sslBytes -= OPAQUE8_LEN;
@@ -3451,7 +3455,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through len */
     if (OPAQUE16_LEN > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     len = (word16)((input[0] << 8) | input[1]);
@@ -3461,7 +3465,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through ticket */
     if (len > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -3471,7 +3475,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     #ifdef HAVE_SESSION_TICKET
         if (SetTicket(session->sslServer, input, len) != 0) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* set haveSessionId to use the wolfSession cache */
@@ -3498,7 +3502,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         /* capture last part of sessionID as macID (32 bytes) */
         if (len < ID_LEN) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         /* store session with macID as sessionID */
         session->sslServer->options.haveSessionId = 1;
@@ -3542,7 +3546,7 @@ static int DoResume(SnifferSession* session, char* error)
             INC_STAT(SnifferStats.sslResumeMisses);
         #endif
             SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -3567,13 +3571,13 @@ static int DoResume(SnifferSession* session, char* error)
     if (SetCipherSpecs(session->sslServer) != 0) {
         SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetCipherSpecs(session->sslClient) != 0) {
         SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -3612,7 +3616,7 @@ static int DoResume(SnifferSession* session, char* error)
 
     if (ret != 0) {
         SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -3641,7 +3645,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     /* make sure can read through session len */
     if (toRead > *sslBytes) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMCPY(&pv, input, VERSION_SZ);
@@ -3666,7 +3670,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     /* make sure can read through compression */
     if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (b) {
     #ifdef WOLFSSL_TLS13
@@ -3714,7 +3718,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 
     if (b) {
         SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* extensions */
@@ -3725,7 +3729,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         /* make sure can read len */
         if (SUITE_LEN > *sslBytes) {
             SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         len = (word16)((input[0] << 8) | input[1]);
         input     += SUITE_LEN;
@@ -3733,7 +3737,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         /* make sure can read through all extensions */
         if (len > *sslBytes) {
             SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
@@ -3752,7 +3756,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
             if (extLen > *sslBytes) {
                 SetError(SERVER_HELLO_INPUT_STR, error, session,
                          FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         #ifdef DEBUG_SNIFFER
             printf("\tserver_hello ext: 0x%02x (len %d)\n", extType, extLen);
@@ -3765,7 +3769,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
                 if (ret != 0) {
                     SetError(SERVER_HELLO_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 break;
         #endif
@@ -3831,14 +3835,14 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #ifndef WOLFSSL_TLS13
         SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
     }
     else {
 #ifdef WOLFSSL_NO_TLS12
         SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
     }
 
@@ -3850,8 +3854,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #endif
 
     if (session->sslServer->options.haveSessionId) {
-        if (XMEMCMP(session->sslServer->arrays->sessionID,
-                session->sslClient->arrays->sessionID, ID_LEN) == 0) {
+        if (session->sslServer->arrays->sessionIDSz == ID_LEN &&
+                session->sslClient->arrays->sessionIDSz == ID_LEN &&
+                XMEMCMP(session->sslServer->arrays->sessionID,
+                        session->sslClient->arrays->sessionID, ID_LEN) == 0) {
             doResume = 1;
         }
     }
@@ -3890,7 +3896,8 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (session->sslServer->error != WC_PENDING_E && session->pendSeq == 0)
+    if (session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) &&
+        session->pendSeq == 0)
 #endif
     {
         /* hash server_hello */
@@ -3924,7 +3931,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
             session, error, &session->cliKs);
         if (ret != 0) {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
         #endif
@@ -4002,7 +4009,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read up to session len */
     if (toRead > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* skip, get negotiated one from server hello */
@@ -4024,7 +4031,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     if (bLen) {
         if (ID_LEN > *sslBytes) {
             SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         Trace(CLIENT_RESUME_TRY_STR);
 #ifdef WOLFSSL_TLS13
@@ -4050,7 +4057,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (SUITE_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     len = (word16)((input[0] << 8) | input[1]);
     input     += SUITE_LEN;
@@ -4058,7 +4065,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read suites + comp len */
     if (len + ENUM_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += len;
     *sslBytes -= len;
@@ -4069,7 +4076,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (bLen > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += bLen;
     *sslBytes -= bLen;
@@ -4083,7 +4090,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (SUITE_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     len = (word16)((input[0] << 8) | input[1]);
     input     += SUITE_LEN;
@@ -4091,7 +4098,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read through all extensions */
     if (len > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
@@ -4109,7 +4116,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
         /* make sure can read through individual extension */
         if (extLen > *sslBytes) {
             SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
     #ifdef DEBUG_SNIFFER
@@ -4158,7 +4165,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             word16 ksLen = (word16)((input[0] << 8) | input[1]);
             if (ksLen + OPAQUE16_LEN > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             /* cache key share data till server_hello */
             session->cliKeyShareSz = ksLen;
@@ -4182,7 +4189,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             idsLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (idsLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
 
@@ -4190,7 +4197,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             idLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (idLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
             identity = &input[idx];
@@ -4206,7 +4213,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             bindersLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (bindersLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
             binders = &input[idx];
@@ -4241,7 +4248,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             if (extLen && extLen < ID_LEN) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session,
                          FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             if (extLen) {
                 if (session->ticketID == NULL) {
@@ -4250,7 +4257,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
                     if (session->ticketID == 0) {
                         SetError(MEMORY_STR, error, session,
                                  FATAL_ERROR_STATE);
-                        return -1;
+                        return WOLFSSL_FATAL_ERROR;
                     }
                 }
 
@@ -4287,12 +4294,12 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
     char* error)
 {
     int ret;
-    Sha256 sha;
-    byte digest[SHA256_DIGEST_SIZE];
+    wc_Sha256 sha;
+    byte digest[WC_SHA256_DIGEST_SIZE];
 
     if (WatchCb == NULL) {
         SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = wc_InitSha256(&sha);
@@ -4302,7 +4309,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
         ret = wc_Sha256Final(&sha, digest);
     if (ret != 0) {
         SetError(WATCH_HASH_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = WatchCb((void*)session, digest, sizeof(digest),
@@ -4312,7 +4319,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
         INC_STAT(SnifferStats.sslKeysUnmatched);
 #endif
         SetError(WATCH_FAIL_STR, error, session, FATAL_ERROR_STATE);
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
 #ifdef WOLFSSL_SNIFFER_STATS
@@ -4336,7 +4343,7 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
 
     if (*sslBytes < CERT_HEADER_SZ) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -4353,14 +4360,14 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
 
     if (*sslBytes < (int)certChainSz) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ato24(input, &certSz);
     input += OPAQUE24_LEN;
     if (*sslBytes < (int)certSz) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     *sslBytes -= certChainSz;
@@ -4438,7 +4445,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
 
             if (ret != 0) {
                 SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
 
             session->flags.gotFinished = 1;
@@ -4474,7 +4481,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
 
         if (ret != 0) {
             SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -4524,7 +4531,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
 
     if (*sslBytes < HANDSHAKE_HEADER_SZ) {
         SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     type = input[0];
     size = (input[1] << 16) | (input[2] << 8) | input[3];
@@ -4571,7 +4578,8 @@ static int DoHandShake(const byte* input, int* sslBytes,
 #ifdef WOLFSSL_TLS13
     if (type != client_hello && type != server_hello
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && session->sslServer->error != WC_PENDING_E && session->pendSeq == 0
+        && session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E)
+        && session->pendSeq == 0
     #endif
     ) {
         /* For resumption the hash is before / after client_hello PSK binder */
@@ -4589,7 +4597,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
         if (HashUpdate(session->hash, input, size) != 0) {
             SetError(EXTENDED_MASTER_HASH_STR, error,
                      session, FATAL_ERROR_STATE);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
             goto exit;
         }
     }
@@ -4623,7 +4631,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                 /* can't know temp key passively */
                 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
                 session->verboseErr = 1;
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
 
 #if defined(WOLFSSL_SNIFFER_STATS)
                 INC_STAT(SnifferStats.sslEphemeralMisses);
@@ -4674,7 +4682,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                     else {
                         SetError(EXTENDED_MASTER_HASH_STR, error,
                                 session, FATAL_ERROR_STATE);
-                        ret = -1;
+                        ret = WOLFSSL_FATAL_ERROR;
                     }
                     XMEMSET(session->hash, 0, sizeof(HsHashes));
                     XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
@@ -4689,7 +4697,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
             if (ret == 0) {
                 ret = ProcessClientKeyExchange(input, sslBytes, session, error);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return ret;
             #endif
                 if (ret != 0) {
@@ -4706,7 +4714,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
             break;
         default:
             SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
             break;
     }
 
@@ -4714,10 +4722,8 @@ static int DoHandShake(const byte* input, int* sslBytes,
 exit:
 #endif
 #ifdef HAVE_MAX_FRAGMENT
-    if (session->tlsFragBuf) {
-        XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        session->tlsFragBuf = NULL;
-    }
+    XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    session->tlsFragBuf = NULL;
 #endif
 
     *sslBytes = startBytes - size;  /* actual bytes of full process */
@@ -4756,7 +4762,7 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
 
             ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev);
             }
         #endif
@@ -4774,7 +4780,7 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         #endif
             ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
             }
         #endif
@@ -4819,7 +4825,7 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                         ssl->decrypt.additional, AEAD_AUTH_DATA_SZ,
                         NULL, 0)) < 0) {
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E) {
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
                 }
             #endif
@@ -4877,9 +4883,9 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
 #ifdef WOLFSSL_ASYNC_CRYPT
     if (ssl->decrypt.state != CIPHER_STATE_BEGIN) {
         ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
-        if (ret != WC_NO_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
             /* check for still pending */
-            if (ret == WC_PENDING_E)
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 return ret;
 
             ssl->error = 0; /* clear async */
@@ -4935,7 +4941,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input,
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* If pending, return now */
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
         #endif
@@ -4987,7 +4993,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
     }
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* for async the symmetric operations are blocking */
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         do {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         } while (ret == 0);
@@ -5002,6 +5008,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
         return NULL;
     }
 
+    ssl->curSize = sz;
     ssl->keys.encryptSz = sz;
     if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
         output += ssl->specs.block_size; /* go past TLSv1.1 IV */
@@ -5242,14 +5249,14 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
 
     if (*rhSize > *sslBytes) {
         SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
                                 (word16)*rhSize);
-    if (ret < 0 && ret != MATCH_SUITE_ERROR) {
+    if (ret < 0 && ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) {
         SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     Trace(OLD_CLIENT_OK_STR);
@@ -5315,7 +5322,7 @@ static int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
     /* field, but tcp checksum offloading could negate calculation */
     if (checksum == 0)
         return 0;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 #endif
 
@@ -5338,7 +5345,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     /* ip header */
     if (length < IP_HDR_SZ) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     version = IP_V(iphdr);
@@ -5352,31 +5359,31 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     }
 
     if (CheckIpHdr(iphdr, ipInfo, length, error, trace) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (checkReg &&
            !IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
         SetError(SERVER_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
     /* tcp header */
     if (length < (ipInfo->length + TCP_HDR_SZ)) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     tcphdr = (TcpHdr*)(packet + ipInfo->length);
     if (CheckTcpHdr(tcphdr, tcpInfo, error, trace) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (checkReg &&
          !IsPortRegistered(tcpInfo->srcPort) &&
             !IsPortRegistered(tcpInfo->dstPort)) {
         SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -5384,7 +5391,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     *sslFrame = packet + ipInfo->length + tcpInfo->length;
     if (*sslFrame > packet + length) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* We only care about the data in the TCP/IP record. There may be extra
@@ -5426,7 +5433,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
                 return 1;
 
             SetError(MEMORY_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         return 1;
     }
@@ -5449,7 +5456,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
 #endif
 
             SetError(BAD_SESSION_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     return 0;
@@ -5510,12 +5517,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory != -1 &&
                       (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         *front = add;
         *reassemblyMemory += sslBytes;
@@ -5532,12 +5539,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory -1 &&
                       (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add->next = curr;
         *front = add;
@@ -5574,13 +5581,13 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory != -1 &&
                          (int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
                            &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add->next  = prev->next;
         prev->next = add;
@@ -5672,7 +5679,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
 
         if (real + *sslBytes > *expected) {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (session->sslServer->error != WC_PENDING_E &&
+            if (session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) &&
                 session->pendSeq != tcpInfo->sequence)
         #endif
             {
@@ -5728,7 +5735,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
                  * already been ack'd during handshake */
                 if (
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    session->sslServer->error != WC_PENDING_E &&
+                    session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) &&
                     session->pendSeq != tcpInfo->sequence &&
                 #endif
                                                    FindPrevAck(session, real)) {
@@ -5850,7 +5857,7 @@ static int FindNextRecordInAssembly(SnifferSession* session,
             if ( *sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -5942,7 +5949,7 @@ static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
         TraceAck(real, expected);
 
         if (real > expected)
-            return -1;  /* we missed a packet, ACKing data we never saw */
+            return WOLFSSL_FATAL_ERROR;  /* we missed a packet, ACKing data we never saw */
     }
     return 0;
 }
@@ -5991,7 +5998,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
             UpdateMissedDataSessions();
         #endif
             SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         else {
             SetError(ACK_MISSED_STR, error, session, 0);
@@ -6018,8 +6025,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
 static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
                           const byte** sslFrame, SnifferSession** pSession,
-                          int* sslBytes, const byte** end,
-                          void* vChain, word32 chainSz, char* error)
+                          int* sslBytes, const byte** end, char* error)
 {
     word32 length;
     SnifferSession* session = *pSession;
@@ -6032,7 +6038,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* if this is a pending async packet do not "grow" on partial (we already did) */
     if (session->pendSeq == tcpInfo->sequence) {
-        if (session->sslServer->error == WC_PENDING_E) {
+        if (session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             return 0; /* don't check pre-record again */
         }
         /* if record check already done then restore, otherwise process normal */
@@ -6062,13 +6068,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 
     if (session->flags.fatalError == FATAL_ERROR_STATE) {
         SetError(FATAL_ERROR_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (skipPartial) {
         if (FindNextRecordInAssembly(session,
                                      sslFrame, sslBytes, end, error) < 0) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -6086,56 +6092,15 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
         if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
             if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
                 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         }
-        if (vChain == NULL) {
-            XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
-                    *sslFrame, *sslBytes);
-            *sslBytes += length;
-            ssl->buffers.inputBuffer.length = *sslBytes;
-            *sslFrame = ssl->buffers.inputBuffer.buffer;
-            *end = *sslFrame + *sslBytes;
-        }
-        else {
-    #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
-            struct iovec* chain = (struct iovec*)vChain;
-            word32 i, offset, headerSz, qty, remainder;
-
-            Trace(CHAIN_INPUT_STR);
-            headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base);
-            remainder = *sslBytes;
-
-            if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
-                if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
-                    SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
-                }
-            }
-
-            qty = min(*sslBytes, (word32)chain[0].iov_len - headerSz);
-            XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
-                (byte*)chain[0].iov_base + headerSz, qty);
-            offset = length;
-            for (i = 1; i < chainSz; i++) {
-                offset += qty;
-                remainder -= qty;
-
-                if (chain[i].iov_len > remainder)
-                    qty = remainder;
-                else
-                    qty = (word32)chain[i].iov_len;
-                XMEMCPY(ssl->buffers.inputBuffer.buffer + offset,
-                        chain[i].iov_base, qty);
-            }
-
-            *sslBytes += length;
-            ssl->buffers.inputBuffer.length = *sslBytes;
-            *sslFrame = ssl->buffers.inputBuffer.buffer;
-            *end = *sslFrame + *sslBytes;
-    #endif
-            (void)chainSz;
-        }
+        XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
+                *sslFrame, *sslBytes);
+        *sslBytes += length;
+        ssl->buffers.inputBuffer.length = *sslBytes;
+        *sslFrame = ssl->buffers.inputBuffer.buffer;
+        *end = *sslFrame + *sslBytes;
     }
 
     if (session->flags.clientHello == 0 && **sslFrame != handshake) {
@@ -6147,7 +6112,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 #ifdef OLD_HELLO_ALLOWED
         int ret = DoOldHello(session, *sslFrame, &rhSize, sslBytes, error);
         if (ret < 0)
-            return -1;  /* error already set */
+            return WOLFSSL_FATAL_ERROR;  /* error already set */
         if (*sslBytes <= 0)
             return 1;
 #endif
@@ -6258,7 +6223,7 @@ doMessage:
     rhSize = 0;
     if (sslBytes < 0) {
         SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (sslBytes >= RECORD_HEADER_SZ) {
         if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
@@ -6280,7 +6245,7 @@ doMessage:
             if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
             XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
@@ -6318,11 +6283,11 @@ doMessage:
         }
         if (ssl->decrypt.setup != 1) {
             SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         if (CheckAvailableSize(ssl, rhSize) < 0) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
@@ -6346,7 +6311,7 @@ doMessage:
         if (errCode != 0) {
             if ((enum ContentType)rh.type == application_data) {
                 SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             /* do not end session for failures on handshake packets */
             return 0;
@@ -6364,14 +6329,14 @@ doPart:
                 Trace(GOT_HANDSHAKE_STR);
                 ret = DoHandShake(sslFrame, &sslBytes, session, error, rhSize);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return ret;
             #endif
                 if (ret != 0 || sslBytes > startIdx) {
                     if (session->flags.fatalError == 0)
                         SetError(BAD_HANDSHAKE_STR, error, session,
                                  FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
 
                 /* DoHandShake now fully decrements sslBytes to remaining */
@@ -6425,7 +6390,7 @@ doPart:
                                 *data = NULL;
                                 SetError(MEMORY_STR, error, session,
                                          FATAL_ERROR_STATE);
-                                return -1;
+                                return WOLFSSL_FATAL_ERROR;
                             }
                             *data = tmpData;
                             XMEMCPY(*data + decoded,
@@ -6445,7 +6410,7 @@ doPart:
                                     stored = StoreDataCb(buf, bufSz, offset,
                                             ctx);
                                     if (stored <= 0) {
-                                        return -1;
+                                        return WOLFSSL_FATAL_ERROR;
                                     }
                                     offset += stored;
                                 } while (offset < bufSz);
@@ -6453,13 +6418,13 @@ doPart:
                             else {
                                 SetError(STORE_DATA_CB_MISSING_STR, error,
                                         session, FATAL_ERROR_STATE);
-                                return -1;
+                                return WOLFSSL_FATAL_ERROR;
                             }
 #else
                             (void)ctx;
                             SetError(NO_DATA_DEST_STR, error, session,
                                     FATAL_ERROR_STATE);
-                            return -1;
+                            return WOLFSSL_FATAL_ERROR;
 #endif
                         }
                         TraceAddedData(ret, decoded);
@@ -6470,7 +6435,7 @@ doPart:
                 else {
                     /* set error, but do not treat fatal */
                     SetError(BAD_APP_DATA_STR, error,session, 0);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 if (ssl->buffers.outputBuffer.dynamicFlag)
                     ShrinkOutputBuffer(ssl);
@@ -6491,10 +6456,11 @@ doPart:
         case ack:
             /* TODO */
 #endif /* WOLFSSL_DTLS13 */
+        case dtls12_cid:
         case no_type:
         default:
             SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 
     /* do we have another msg in record ? */
@@ -6610,27 +6576,33 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 {
     TcpInfo           tcpInfo;
     IpInfo            ipInfo;
+    byte*             tmpPacket = NULL;        /* Assemble the chain */
     const byte*       sslFrame;
     const byte*       end;
     int               sslBytes;                /* ssl bytes unconsumed */
     int               ret;
     SnifferSession*   session = NULL;
-    void* vChain = NULL;
-    word32 chainSz = 0;
 
     if (isChain) {
 #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
         struct iovec* chain;
         word32 i;
 
-        vChain = (void*)packet;
-        chainSz = (word32)length;
+        word32 chainSz = (word32)length;
 
-        chain = (struct iovec*)vChain;
+        chain = (struct iovec*)packet;
         length = 0;
-        for (i = 0; i < chainSz; i++)
+        for (i = 0; i < chainSz; i++) length += chain[i].iov_len;
+
+        tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER);
+        if (tmpPacket == NULL) return MEMORY_E;
+
+        length = 0;
+        for (i = 0; i < chainSz; i++) {
+            XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len);
             length += chain[i].iov_len;
-        packet = (const byte*)chain[0].iov_base;
+        }
+        packet = (const byte*)tmpPacket;
 #else
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
         return WOLFSSL_SNIFFER_ERROR;
@@ -6639,18 +6611,27 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 
     if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
                      error, 1, 1) != 0) {
-        return WOLFSSL_SNIFFER_ERROR;
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
     }
 
     end = sslFrame + sslBytes;
 
     ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
 #ifdef WOLFSSL_ASYNC_CRYPT
-    else if (ret == WC_PENDING_E) return WC_PENDING_E;
+    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+        ret = WC_PENDING_E;
+        goto exit_decode;
+    }
 #endif
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         if (sslBytes > 0) {
@@ -6663,7 +6644,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
             INC_STAT(SnifferStats.sslDecryptedPackets);
         }
 #endif
-         return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -6671,43 +6653,56 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 #endif
 
     ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslDecryptedPackets);
 #endif
-        return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
     else if (ret != 0) {
-        /* return specific error case */
-        return ret;
+        goto exit_decode; /* return specific error case */
     }
 
     ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
-                         &end, vChain, chainSz, error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+                         &end, error);
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslDecryptedPackets);
 #endif
-        return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* make sure this server was polled */
-    if (asyncOkay && session->sslServer->error == WC_PENDING_E &&
+    if (asyncOkay &&
+        session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) &&
         !session->flags.wasPolled) {
-        return WC_PENDING_E;
+        ret = WC_PENDING_E;
+        goto exit_decode;
     }
 #endif
 
 #ifdef WOLFSSL_SNIFFER_STATS
     #ifdef WOLFSSL_ASYNC_CRYPT
-    if (session->sslServer->error != WC_PENDING_E)
+    if (session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E))
     #endif
     {
         if (sslBytes > 0) {
@@ -6729,7 +6724,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
         session->sslServer->error = ret;
 #ifdef WOLFSSL_ASYNC_CRYPT
         /* capture the seq pending for this session */
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             session->flags.wasPolled = 0;
             session->pendSeq = tcpInfo.sequence;
             if (!asyncOkay || CryptoDeviceId == INVALID_DEVID) {
@@ -6738,23 +6733,29 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
                 wolfSSL_AsyncPoll(session->sslServer, WOLF_POLL_FLAG_CHECK_HW);
             }
             else {
-                return ret; /* return to caller */
+                goto exit_decode; /* return to caller */
             }
         }
         else {
             session->pendSeq = 0;
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
 #else
     (void)asyncOkay;
 #endif
 
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
     if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) {
         CopySessionInfo(session, sslInfo);
     }
 
+exit_decode:
+    if (isChain) {
+        XFREE(tmpPacket, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER);
+    }
     return ret;
 }
 
@@ -6841,7 +6842,7 @@ int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
     (void)error;
 
     if (sz < 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (data != NULL) {
@@ -6861,11 +6862,15 @@ int ssl_Trace(const char* traceFile, char* error)
     if (traceFile) {
         /* Don't try to reopen the file */
         if (TraceFile == NULL) {
-            TraceFile = XFOPEN(traceFile, "a");
-            if (!TraceFile) {
-                SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
-                return -1;
-             }
+            if (XSTRCMP(traceFile, "-") == 0) {
+                TraceFile = stdout;
+            } else {
+                TraceFile = XFOPEN(traceFile, "a");
+                if (!TraceFile) {
+                    SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
             TraceOn = 1;
         }
     }
@@ -6934,7 +6939,7 @@ int ssl_GetSessionStats(unsigned int* active,     unsigned int* total,
         return 0;
     else {
         SetError(BAD_SESSION_STATS, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 }
 
@@ -6975,7 +6980,7 @@ int ssl_ResetStatistics(void)
 int ssl_ReadStatistics(SSLStats* stats)
 {
     if (stats == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     LOCK_STAT();
     XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
@@ -6989,7 +6994,7 @@ int ssl_ReadStatistics(SSLStats* stats)
 int ssl_ReadResetStatistics(SSLStats* stats)
 {
     if (stats == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     LOCK_STAT();
     XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
@@ -7035,10 +7040,10 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
     int ret;
 
     if (vSniffer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (key == NULL || keySz == 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sniffer = (SnifferSession*)vSniffer;
@@ -7067,7 +7072,7 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
 
     if (ret != WOLFSSL_SUCCESS) {
         SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -7081,10 +7086,10 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
     int ret;
 
     if (vSniffer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (keyFile == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* Remap the keyType from what the user can use to
@@ -7096,7 +7101,7 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
     if (ret < 0) {
         SetError(KEY_FILE_STR, error, NULL, 0);
         XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER,
@@ -7231,11 +7236,11 @@ typedef struct SecretNode {
 #define WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE HASH_SIZE
 #endif
 
-static THREAD_LS_T WOLFSSL_GLOBAL
+static THREAD_LS_T
 SecretNode*
 secretHashTable[WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE] = {NULL};
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex;
+static WC_THREADSHARED wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex);
 #endif
 
 static unsigned int secretHashFunction(unsigned char* clientRandom);
diff --git a/src/ssl.c b/src/ssl.c
index 8eaa1919a..ca2a52c1b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1,6 +1,6 @@
 /* ssl.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,10 +25,9 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#if defined(OPENSSL_EXTRA) && !defined(_WIN32)
+#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)
     /* turn on GNU extensions for XISASCII */
-    #undef  _GNU_SOURCE
-    #define _GNU_SOURCE
+    #define _GNU_SOURCE 1
 #endif
 
 #if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \
@@ -54,7 +53,8 @@
     #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
                 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \
                 && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
-        #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README"
+        #error "No cipher suites defined because DH disabled, ECC disabled, " \
+               "and no static suites defined. Please see top of README"
     #endif
     #ifdef WOLFSSL_CERT_GEN
         /* need access to Cert struct for creating certificate */
@@ -115,14 +115,15 @@
     #include <wolfssl/wolfcrypt/curve25519.h>
     #include <wolfssl/wolfcrypt/ed25519.h>
     #include <wolfssl/wolfcrypt/curve448.h>
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         #include <wolfssl/wolfcrypt/falcon.h>
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
         #include <wolfssl/wolfcrypt/dilithium.h>
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
+    #if defined(HAVE_SPHINCS)
+        #include <wolfssl/wolfcrypt/sphincs.h>
+    #endif /* HAVE_SPHINCS */
     #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
         #ifdef HAVE_OCSP
             #include <wolfssl/openssl/ocsp.h>
@@ -137,12 +138,6 @@
         && !defined(WC_NO_RNG)
         #include <wolfssl/wolfcrypt/srp.h>
     #endif
-    #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
-        #include <wolfssl/wolfcrypt/pkcs7.h>
-    #endif
-    #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
-        #include <wolfssl/openssl/pkcs7.h>
-    #endif /* OPENSSL_ALL && HAVE_PKCS7 */
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -160,25 +155,6 @@
 #endif
 #endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */
 
-#ifdef WOLFSSL_SYS_CA_CERTS
-
-#ifdef _WIN32
-    #include <windows.h>
-    #include <wincrypt.h>
-
-    /* mingw gcc does not support pragma comment, and the
-     * linking with crypt32 is handled in configure.ac */
-    #if !defined(__MINGW32__) && !defined(__MINGW64__)
-        #pragma comment(lib, "crypt32")
-    #endif
-#endif
-
-#if defined(__APPLE__) && defined(HAVE_SECURITY_SECTRUSTSETTINGS_H)
-#include <Security/SecTrustSettings.h>
-#endif
-
-#endif /* WOLFSSL_SYS_CA_CERTS */
-
 /*
  * OPENSSL_COMPATIBLE_DEFAULTS:
  *     Enable default behaviour that is compatible with OpenSSL. For example
@@ -215,6 +191,9 @@
 #ifndef WOLFCRYPT_ONLY
 #define WOLFSSL_SSL_CERTMAN_INCLUDED
 #include "src/ssl_certman.c"
+
+#define WOLFSSL_SSL_SESS_INCLUDED
+#include "src/ssl_sess.c"
 #endif
 
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
@@ -223,94 +202,45 @@
  *
  * For OpenSSL compatibility.
  *
- * This function shouldn't exist!
- * Uses defines in wolfssl/openssl/evp.h.
- * Uses EccEnumToNID which uses defines in wolfssl/openssl/ec.h.
- *
  * @param [in] sn  Short name of OID.
  * @return  NID corresponding to shortname on success.
- * @return  NID_undef when not recognized.
+ * @return  WC_NID_undef when not recognized.
  */
 int wc_OBJ_sn2nid(const char *sn)
 {
-    const struct {
-        const char *sn;
-        int  nid;
-    } sn2nid[] = {
-#ifndef NO_CERTS
-        {WOLFSSL_COMMON_NAME, NID_commonName},
-        {WOLFSSL_COUNTRY_NAME, NID_countryName},
-        {WOLFSSL_LOCALITY_NAME, NID_localityName},
-        {WOLFSSL_STATE_NAME, NID_stateOrProvinceName},
-        {WOLFSSL_ORG_NAME, NID_organizationName},
-        {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
-    #ifdef WOLFSSL_CERT_NAME_ALL
-        {WOLFSSL_NAME, NID_name},
-        {WOLFSSL_INITIALS, NID_initials},
-        {WOLFSSL_GIVEN_NAME, NID_givenName},
-        {WOLFSSL_DNQUALIFIER, NID_dnQualifier},
-    #endif
-        {WOLFSSL_EMAIL_ADDR, NID_emailAddress},
-#endif
-        {"SHA1", NID_sha1},
-        {NULL, -1}};
-    int i;
-#ifdef HAVE_ECC
-    char curveName[ECC_MAXNAME + 1];
-    int eccEnum;
-#endif
-
+    const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info;
+    size_t i;
     WOLFSSL_ENTER("wc_OBJ_sn2nid");
-
-    for(i=0; sn2nid[i].sn != NULL; i++) {
-        if (XSTRCMP(sn, sn2nid[i].sn) == 0) {
-            return sn2nid[i].nid;
-        }
+    for (i = 0; i < wolfssl_object_info_sz; i++, obj_info++) {
+        if (XSTRCMP(sn, obj_info->sName) == 0)
+            return obj_info->nid;
     }
-
-#ifdef HAVE_ECC
-    if (XSTRLEN(sn) > ECC_MAXNAME)
-        return NID_undef;
-
-    /* Nginx uses this OpenSSL string. */
-    if (XSTRCMP(sn, "prime256v1") == 0)
-        sn = "SECP256R1";
-    /* OpenSSL allows lowercase curve names */
-    for (i = 0; i < (int)(sizeof(curveName) - 1) && *sn; i++) {
-        curveName[i] = (char)XTOUPPER((unsigned char) *sn++);
-    }
-    curveName[i] = '\0';
-    /* find based on name and return NID */
-    for (i = 0;
-#ifndef WOLFSSL_ECC_CURVE_STATIC
-         ecc_sets[i].size != 0 && ecc_sets[i].name != NULL;
-#else
-         ecc_sets[i].size != 0;
-#endif
-         i++) {
-        if (XSTRCMP(curveName, ecc_sets[i].name) == 0) {
-            eccEnum = ecc_sets[i].id;
-            /* Convert enum value in ecc_curve_id to OpenSSL NID */
-            return EccEnumToNID(eccEnum);
-        }
-    }
-#endif /* HAVE_ECC */
-
-    return NID_undef;
+    WOLFSSL_MSG("short name not found in table");
+    return WC_NID_undef;
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef WOLFCRYPT_ONLY
 
+
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+/* The system wide crypto-policy. Configured by wolfSSL_crypto_policy_enable.
+ * */
+static struct SystemCryptoPolicy crypto_policy;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && !defined(NO_DSA))
 
 #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
 static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
+static volatile int initGlobalRNG = 0;
 
-static wolfSSL_Mutex globalRNGMutex;
+static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 static int globalRNGMutex_valid = 0;
+#endif
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG)
 static WOLFSSL_DRBG_CTX* gDrbgDefCtx = NULL;
@@ -406,8 +336,11 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local)
      *                OPENSSL_EXTRA where RAND callbacks are not used */
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
         static const WOLFSSL_RAND_METHOD* gRandMethods = NULL;
+        static wolfSSL_Mutex gRandMethodMutex
+            WOLFSSL_MUTEX_INITIALIZER_CLAUSE(gRandMethodMutex);
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         static int gRandMethodsInit = 0;
-        static wolfSSL_Mutex gRandMethodMutex;
+        #endif
     #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */
 #endif /* OPENSSL_EXTRA */
 
@@ -424,47 +357,6 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local)
 
 #include <wolfssl/wolfcrypt/hpke.h>
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
-const WOLF_EC_NIST_NAME kNistCurves[] = {
-    {XSTR_SIZEOF("P-192"),   "P-192",   NID_X9_62_prime192v1},
-    {XSTR_SIZEOF("P-256"),   "P-256",   NID_X9_62_prime256v1},
-    {XSTR_SIZEOF("P-112"),   "P-112",   NID_secp112r1},
-    {XSTR_SIZEOF("P-112-2"), "P-112-2", NID_secp112r2},
-    {XSTR_SIZEOF("P-128"),   "P-128",   NID_secp128r1},
-    {XSTR_SIZEOF("P-128-2"), "P-128-2", NID_secp128r2},
-    {XSTR_SIZEOF("P-160"),   "P-160",   NID_secp160r1},
-    {XSTR_SIZEOF("P-160-2"), "P-160-2", NID_secp160r2},
-    {XSTR_SIZEOF("P-224"),   "P-224",   NID_secp224r1},
-    {XSTR_SIZEOF("P-384"),   "P-384",   NID_secp384r1},
-    {XSTR_SIZEOF("P-521"),   "P-521",   NID_secp521r1},
-    {XSTR_SIZEOF("K-160"),   "K-160",   NID_secp160k1},
-    {XSTR_SIZEOF("K-192"),   "K-192",   NID_secp192k1},
-    {XSTR_SIZEOF("K-224"),   "K-224",   NID_secp224k1},
-    {XSTR_SIZEOF("K-256"),   "K-256",   NID_secp256k1},
-    {XSTR_SIZEOF("B-160"),   "B-160",   NID_brainpoolP160r1},
-    {XSTR_SIZEOF("B-192"),   "B-192",   NID_brainpoolP192r1},
-    {XSTR_SIZEOF("B-224"),   "B-224",   NID_brainpoolP224r1},
-    {XSTR_SIZEOF("B-256"),   "B-256",   NID_brainpoolP256r1},
-    {XSTR_SIZEOF("B-320"),   "B-320",   NID_brainpoolP320r1},
-    {XSTR_SIZEOF("B-384"),   "B-384",   NID_brainpoolP384r1},
-    {XSTR_SIZEOF("B-512"),   "B-512",   NID_brainpoolP512r1},
-#ifdef HAVE_PQC
-    {XSTR_SIZEOF("KYBER_LEVEL1"), "KYBER_LEVEL1", WOLFSSL_KYBER_LEVEL1},
-    {XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3},
-    {XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5},
-#ifdef HAVE_LIBOQS
-    {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", WOLFSSL_P256_KYBER_LEVEL1},
-    {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", WOLFSSL_P384_KYBER_LEVEL3},
-    {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", WOLFSSL_P521_KYBER_LEVEL5},
-#endif
-#endif
-#ifdef WOLFSSL_SM2
-    {XSTR_SIZEOF("SM2"),     "SM2",     NID_sm2},
-#endif
-    {0, NULL, 0},
-};
-#endif
-
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
 /* create the hpke key and ech config to send to clients */
 int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
@@ -608,6 +500,18 @@ int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
     return GetEchConfigsEx(ctx->echConfigs, output, outputLen);
 }
 
+void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable)
+{
+    if (ctx != NULL) {
+        ctx->disableECH = !enable;
+        if (ctx->disableECH) {
+            TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap);
+            FreeEchConfigs(ctx->echConfigs, ctx->heap);
+            ctx->echConfigs = NULL;
+        }
+    }
+}
+
 /* set the ech config from base64 for our client ssl object, base64 is the
  * format ech configs are sent using dns records */
 int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
@@ -897,7 +801,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
 
     if (output == NULL) {
         *outputLen = totalLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (totalLen > *outputLen) {
@@ -1002,6 +906,18 @@ int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen)
     return GetEchConfigsEx(ssl->echConfigs, output, outputLen);
 }
 
+void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable)
+{
+    if (ssl != NULL) {
+        ssl->options.disableECH = !enable;
+        if (ssl->options.disableECH) {
+            TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
+            FreeEchConfigs(ssl->echConfigs, ssl->heap);
+            ssl->echConfigs = NULL;
+        }
+    }
+}
+
 /* get the raw ech configs from our linked list of ech config structs */
 int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 {
@@ -1038,7 +954,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
             workingOutputLen = *outputLen - totalLen;
 
         /* only error we break on, other 2 we need to keep finding length */
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return BAD_FUNC_ARG;
 
         workingConfig = workingConfig->next;
@@ -1046,7 +962,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 
     if (output == NULL) {
         *outputLen = totalLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (totalLen > *outputLen) {
@@ -1063,218 +979,26 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 }
 #endif /* WOLFSSL_TLS13 && HAVE_ECH */
 
+#ifdef OPENSSL_EXTRA
+static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+        Suites* suites, const char* list);
+#endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 #endif
 
-#ifdef WOLFSSL_SESSION_EXPORT
-/* Used to import a serialized TLS session.
- * WARNING: buf contains sensitive information about the state and is best to be
- *          encrypted before storing if stored.
- *
- * @param ssl WOLFSSL structure to import the session into
- * @param buf serialized session
- * @param sz  size of buffer 'buf'
- * @return the number of bytes read from buffer 'buf'
- */
-int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)
-{
-    if (ssl == NULL || buf == NULL) {
-        return BAD_FUNC_ARG;
-    }
-    return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS);
-}
-
-
-/* Used to export a serialized TLS session.
- * WARNING: buf contains sensitive information about the state and is best to be
- *          encrypted before storing if stored.
- *
- * @param ssl WOLFSSL structure to export the session from
- * @param buf output of serialized session
- * @param sz  size in bytes set in 'buf'
- * @return the number of bytes written into buffer 'buf'
- */
-int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
-{
-    if (ssl == NULL || sz == NULL) {
-        return BAD_FUNC_ARG;
-    }
-    return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS);
-}
-
-#ifdef WOLFSSL_DTLS
-int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)
-{
-    WOLFSSL_ENTER("wolfSSL_session_import");
-
-    if (ssl == NULL || buf == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* sanity checks on buffer and protocol are done in internal function */
-    return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS);
-}
-
-
-/* Sets the function to call for serializing the session. This function is
- * called right after the handshake is completed. */
-int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func)
-{
-
-    WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export");
-
-    /* purposefully allow func to be NULL */
-    if (ctx == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    ctx->dtls_export = func;
-
-    return WOLFSSL_SUCCESS;
-}
-
-
-/* Sets the function in WOLFSSL struct to call for serializing the session. This
- * function is called right after the handshake is completed. */
-int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func)
-{
-
-    WOLFSSL_ENTER("wolfSSL_dtls_set_export");
-
-    /* purposefully allow func to be NULL */
-    if (ssl == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    ssl->dtls_export = func;
-
-    return WOLFSSL_SUCCESS;
-}
-
-
-/* This function allows for directly serializing a session rather than using
- * callbacks. It has less overhead by removing a temporary buffer and gives
- * control over when the session gets serialized. When using callbacks the
- * session is always serialized immediately after the handshake is finished.
- *
- * buf is the argument to contain the serialized session
- * sz  is the size of the buffer passed in
- * ssl is the WOLFSSL struct to serialize
- * returns the size of serialized session on success, 0 on no action, and
- *         negative value on error */
-int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
-{
-    WOLFSSL_ENTER("wolfSSL_dtls_export");
-
-    if (ssl == NULL || sz == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (buf == NULL) {
-        *sz = MAX_EXPORT_BUFFER;
-        return 0;
-    }
-
-    /* if not DTLS do nothing */
-    if (!ssl->options.dtls) {
-        WOLFSSL_MSG("Currently only DTLS export is supported");
-        return 0;
-    }
-
-    /* copy over keys, options, and dtls state struct */
-    return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS);
-}
-
-
-/* This function is similar to wolfSSL_dtls_export but only exports the portion
- * of the WOLFSSL structure related to the state of the connection, i.e. peer
- * sequence number, epoch, AEAD state etc.
- *
- * buf is the argument to contain the serialized state, if null then set "sz" to
- *     buffer size required
- * sz  is the size of the buffer passed in
- * ssl is the WOLFSSL struct to serialize
- * returns the size of serialized session on success, 0 on no action, and
- *         negative value on error */
-int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf,
-        unsigned int* sz)
-{
-    WOLFSSL_ENTER("wolfSSL_dtls_export_state_only");
-
-    if (ssl == NULL || sz == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (buf == NULL) {
-        *sz = MAX_EXPORT_STATE_BUFFER;
-        return 0;
-    }
-
-    /* if not DTLS do nothing */
-    if (!ssl->options.dtls) {
-        WOLFSSL_MSG("Currently only DTLS export state is supported");
-        return 0;
-    }
-
-    /* copy over keys, options, and dtls state struct */
-    return wolfSSL_dtls_export_state_internal(ssl, buf, *sz);
-}
-
-
-/* returns 0 on success */
-int wolfSSL_send_session(WOLFSSL* ssl)
-{
-    int ret;
-    byte* buf;
-    word32 bufSz = MAX_EXPORT_BUFFER;
-
-    WOLFSSL_ENTER("wolfSSL_send_session");
-
-    if (ssl == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (buf == NULL) {
-        return MEMORY_E;
-    }
-
-    /* if not DTLS do nothing */
-    if (!ssl->options.dtls) {
-        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        WOLFSSL_MSG("Currently only DTLS export is supported");
-        return 0;
-    }
-
-    /* copy over keys, options, and dtls state struct */
-    ret = wolfSSL_session_export_internal(ssl, buf, &bufSz, WOLFSSL_EXPORT_DTLS);
-    if (ret < 0) {
-        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        return ret;
-    }
-
-    /* if no error ret has size of buffer */
-    ret = ssl->dtls_export(ssl, buf, ret, NULL);
-    if (ret != WOLFSSL_SUCCESS) {
-        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        return ret;
-    }
-
-    XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    return 0;
-}
-#endif /* WOLFSSL_DTLS */
-#endif /* WOLFSSL_SESSION_EXPORT */
-
 /* prevent multiple mutex initializations */
-static volatile WOLFSSL_GLOBAL int initRefCount = 0;
-#ifdef WOLFSSL_MUTEX_INITIALIZER
-static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex = WOLFSSL_MUTEX_INITIALIZER;
-#else
-static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex;   /* init ref count mutex */
-static WOLFSSL_GLOBAL int count_mutex_valid = 0;
+static volatile WC_THREADSHARED int initRefCount = 0;
+/* init ref count mutex */
+static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+static WC_THREADSHARED volatile int inits_count_mutex_valid = 0;
+#endif
+
+#ifdef NO_TLS
+static const WOLFSSL_METHOD gNoTlsMethod;
 #endif
 
 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
@@ -1294,15 +1018,18 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("wolfSSL_Init failed");
             WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0);
-            if (method != NULL) {
-                XFREE(method, heap, DYNAMIC_TYPE_METHOD);
-            }
+            XFREE(method, heap, DYNAMIC_TYPE_METHOD);
             return NULL;
         }
     }
 
+#ifndef NO_TLS
     if (method == NULL)
         return ctx;
+#else
+    /* a blank TLS method */
+    method = (WOLFSSL_METHOD*)&gNoTlsMethod;
+#endif
 
     ctx = (WOLFSSL_CTX*)XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
     if (ctx) {
@@ -1342,8 +1069,8 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
         wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
         wolfSSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
         if (wolfSSL_CTX_set_min_proto_version(ctx,
-                                              (method->version.major == DTLS_MAJOR) ?
-                                               DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS ||
+                (method->version.major == DTLS_MAJOR) ?
+                DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS ||
 #ifdef HAVE_ANON
                 wolfSSL_CTX_allow_anon_cipher(ctx) != WOLFSSL_SUCCESS ||
 #endif
@@ -1355,6 +1082,30 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
     }
 #endif
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    /* Load the crypto-policy ciphers if configured. */
+    if (ctx && wolfSSL_crypto_policy_is_enabled()) {
+        const char * list = wolfSSL_crypto_policy_get_ciphers();
+        int          ret = 0;
+
+        if (list != NULL && *list != '\0') {
+            if (AllocateCtxSuites(ctx) != 0) {
+                WOLFSSL_MSG("allocate ctx suites failed");
+                wolfSSL_CTX_free(ctx);
+                ctx = NULL;
+            }
+            else {
+                ret = wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list);
+                if (ret != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("parse cipher list failed");
+                    wolfSSL_CTX_free(ctx);
+                    ctx = NULL;
+                }
+            }
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0);
     return ctx;
 }
@@ -1375,7 +1126,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
 int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx)
 {
     int ret;
-    wolfSSL_RefInc(&ctx->ref, &ret);
+    wolfSSL_RefWithMutexInc(&ctx->ref, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     return ((ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);
 #else
@@ -1389,18 +1140,6 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_free");
     if (ctx) {
-#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
-        if (ctx->srp != NULL) {
-            if (ctx->srp_password != NULL){
-                XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
-                ctx->srp_password = NULL;
-            }
-            wc_SrpTerm(ctx->srp);
-            XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
-            ctx->srp = NULL;
-        }
-#endif
         FreeSSL_Ctx(ctx);
     }
 
@@ -1479,17 +1218,35 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
 
     WOLFSSL_ENTER("wolfSSL_new");
 
-    if (ctx == NULL)
-        return ssl;
+    if (ctx == NULL) {
+        WOLFSSL_MSG("wolfSSL_new ctx is null");
+        return NULL;
+    }
 
     ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
-    if (ssl)
-        if ( (ret = InitSSL(ssl, ctx, 0)) < 0) {
-            FreeSSL(ssl, ctx->heap);
-            ssl = 0;
-        }
 
-    WOLFSSL_LEAVE("wolfSSL_new", ret);
+    if (ssl == NULL) {
+        WOLFSSL_MSG_EX("ssl xmalloc failed to allocate %d bytes",
+                        (int)sizeof(WOLFSSL));
+    }
+    else {
+        ret = InitSSL(ssl, ctx, 0);
+        if (ret < 0) {
+            WOLFSSL_MSG_EX("wolfSSL_new failed during InitSSL. err = %d", ret);
+            FreeSSL(ssl, ctx->heap);
+            ssl = NULL;
+        }
+        else if (ret == 0) {
+            WOLFSSL_MSG("wolfSSL_new InitSSL success");
+        }
+        else {
+            /* Only success (0) or negative values should ever be seen. */
+            WOLFSSL_MSG_EX("WARNING: wolfSSL_new unexpected InitSSL return"
+                           " value = %d", ret);
+        } /* InitSSL check */
+    } /* ssl XMALLOC success */
+
+    WOLFSSL_LEAVE("wolfSSL_new InitSSL =", ret);
     (void)ret;
 
     return ssl;
@@ -1500,8 +1257,14 @@ WOLFSSL_ABI
 void wolfSSL_free(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_free");
-    if (ssl)
+
+    if (ssl) {
+        WOLFSSL_MSG_EX("Free SSL: %p", (wc_ptr_t)ssl);
         FreeSSL(ssl, ssl->ctx->heap);
+    }
+    else {
+        WOLFSSL_MSG("Free SSL: wolfSSL_free already null");
+    }
     WOLFSSL_LEAVE("wolfSSL_free", 0);
 }
 
@@ -1586,6 +1349,18 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
     XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion));
     XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion));
 
+#ifdef HAVE_ONE_TIME_AUTH
+#ifdef HAVE_POLY1305
+    if (ssl->auth.setup && ssl->auth.poly1305 != NULL) {
+        dup->auth.poly1305 = (Poly1305*)XMALLOC(sizeof(Poly1305), dup->heap,
+            DYNAMIC_TYPE_CIPHER);
+        if (dup->auth.poly1305 == NULL)
+            return MEMORY_E;
+        dup->auth.setup = 1;
+    }
+#endif
+#endif
+
     /* dup side now owns encrypt/write ciphers */
     XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
 
@@ -1850,7 +1625,7 @@ int wolfSSL_get_ciphers(char* buf, int len)
     for (i = 0; i < ciphersSz; i++) {
         int cipherNameSz = (int)XSTRLEN(ciphers[i].name);
         if (cipherNameSz + 1 < len) {
-            XSTRNCPY(buf, ciphers[i].name, len);
+            XSTRNCPY(buf, ciphers[i].name, (size_t)len);
             buf += cipherNameSz;
 
             if (i < ciphersSz - 1)
@@ -1887,7 +1662,7 @@ int wolfSSL_get_ciphers_iana(char* buf, int len)
 #endif
         cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana);
         if (cipherNameSz + 1 < len) {
-            XSTRNCPY(buf, ciphers[i].name_iana, len);
+            XSTRNCPY(buf, ciphers[i].name_iana, (size_t)len);
             buf += cipherNameSz;
 
             if (i < ciphersSz - 1)
@@ -1912,8 +1687,8 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
         return NULL;
 
     cipher = wolfSSL_get_cipher_name_iana(ssl);
-    len = min(len, (int)(XSTRLEN(cipher) + 1));
-    XMEMCPY(buf, cipher, len);
+    len = (int)min((word32)len, (word32)(XSTRLEN(cipher) + 1));
+    XMEMCPY(buf, cipher, (size_t)len);
     return buf;
 }
 
@@ -1928,6 +1703,17 @@ int wolfSSL_get_fd(const WOLFSSL* ssl)
     return fd;
 }
 
+int wolfSSL_get_wfd(const WOLFSSL* ssl)
+{
+    int fd = -1;
+    WOLFSSL_ENTER("wolfSSL_get_fd");
+    if (ssl) {
+        fd = ssl->wfd;
+    }
+    WOLFSSL_LEAVE("wolfSSL_get_fd", fd);
+    return fd;
+}
+
 
 int wolfSSL_dtls(WOLFSSL* ssl)
 {
@@ -2060,38 +1846,58 @@ int wolfSSL_dtls_free_peer(void* addr)
 }
 #endif
 
+#ifdef WOLFSSL_DTLS
+static int SockAddrSet(WOLFSSL_SOCKADDR* sockAddr, void* peer,
+                       unsigned int peerSz, void* heap)
+{
+    if (peer == NULL || peerSz == 0) {
+        if (sockAddr->sa != NULL)
+            XFREE(sockAddr->sa, heap, DYNAMIC_TYPE_SOCKADDR);
+        sockAddr->sa = NULL;
+        sockAddr->sz = 0;
+        sockAddr->bufSz = 0;
+        return WOLFSSL_SUCCESS;
+    }
+
+    if (peerSz > sockAddr->bufSz) {
+        if (sockAddr->sa != NULL)
+            XFREE(sockAddr->sa, heap, DYNAMIC_TYPE_SOCKADDR);
+        sockAddr->sa =
+                (void*)XMALLOC(peerSz, heap, DYNAMIC_TYPE_SOCKADDR);
+        if (sockAddr->sa == NULL) {
+            sockAddr->sz = 0;
+            sockAddr->bufSz = 0;
+            return WOLFSSL_FAILURE;
+        }
+        sockAddr->bufSz = peerSz;
+    }
+    XMEMCPY(sockAddr->sa, peer, peerSz);
+    sockAddr->sz = peerSz;
+    return WOLFSSL_SUCCESS;
+}
+#endif
+
 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 {
 #ifdef WOLFSSL_DTLS
-    void* sa;
+    int ret;
 
     if (ssl == NULL)
         return WOLFSSL_FAILURE;
-
-    if (peer == NULL || peerSz == 0) {
-        if (ssl->buffers.dtlsCtx.peer.sa != NULL)
-            XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
-        ssl->buffers.dtlsCtx.peer.sa = NULL;
-        ssl->buffers.dtlsCtx.peer.sz = 0;
-        ssl->buffers.dtlsCtx.peer.bufSz = 0;
-        ssl->buffers.dtlsCtx.userSet = 0;
-        return WOLFSSL_SUCCESS;
-    }
-
-    sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
-    if (sa != NULL) {
-        if (ssl->buffers.dtlsCtx.peer.sa != NULL) {
-            XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
-            ssl->buffers.dtlsCtx.peer.sa = NULL;
-        }
-        XMEMCPY(sa, peer, peerSz);
-        ssl->buffers.dtlsCtx.peer.sa = sa;
-        ssl->buffers.dtlsCtx.peer.sz = peerSz;
-        ssl->buffers.dtlsCtx.peer.bufSz = peerSz;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Wr(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_FAILURE;
+#endif
+    ret = SockAddrSet(&ssl->buffers.dtlsCtx.peer, peer, peerSz, ssl->heap);
+    if (ret == WOLFSSL_SUCCESS && !(peer == NULL || peerSz == 0))
         ssl->buffers.dtlsCtx.userSet = 1;
-        return WOLFSSL_SUCCESS;
-    }
-    return WOLFSSL_FAILURE;
+    else
+        ssl->buffers.dtlsCtx.userSet = 0;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        ret = WOLFSSL_FAILURE;
+#endif
+    return ret;
 #else
     (void)ssl;
     (void)peer;
@@ -2100,21 +1906,97 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 #endif
 }
 
+#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_NO_SOCK)
+int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
+{
+#ifdef WOLFSSL_DTLS
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+
+    if (ssl == NULL)
+        return WOLFSSL_FAILURE;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_FAILURE;
+#endif
+    if (ssl->buffers.dtlsCtx.peer.sa != NULL &&
+            ssl->buffers.dtlsCtx.peer.sz == peerSz &&
+            sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa,
+                    (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer,
+                    (XSOCKLENT)peerSz)) {
+        /* Already the current peer. */
+        if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
+            /* Clear any other pendingPeer */
+            XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap,
+                  DYNAMIC_TYPE_SOCKADDR);
+            ssl->buffers.dtlsCtx.pendingPeer.sa = NULL;
+            ssl->buffers.dtlsCtx.pendingPeer.sz = 0;
+            ssl->buffers.dtlsCtx.pendingPeer.bufSz = 0;
+        }
+        ret = WOLFSSL_SUCCESS;
+    }
+    else {
+        ret = SockAddrSet(&ssl->buffers.dtlsCtx.pendingPeer, peer, peerSz,
+                ssl->heap);
+    }
+    if (ret == WOLFSSL_SUCCESS)
+        ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        ret = WOLFSSL_FAILURE;
+#endif
+    return ret;
+#else
+    (void)ssl;
+    (void)peer;
+    (void)peerSz;
+    return WOLFSSL_NOT_IMPLEMENTED;
+#endif
+}
+#endif /* WOLFSSL_DTLS_CID && !WOLFSSL_NO_SOCK */
+
 int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
 {
 #ifdef WOLFSSL_DTLS
-    if (ssl == NULL) {
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    if (ssl == NULL)
         return WOLFSSL_FAILURE;
-    }
-
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_FAILURE;
+#endif
     if (peer != NULL && peerSz != NULL
             && *peerSz >= ssl->buffers.dtlsCtx.peer.sz
             && ssl->buffers.dtlsCtx.peer.sa != NULL) {
         *peerSz = ssl->buffers.dtlsCtx.peer.sz;
         XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
-        return WOLFSSL_SUCCESS;
+        ret = WOLFSSL_SUCCESS;
     }
-    return WOLFSSL_FAILURE;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        ret = WOLFSSL_FAILURE;
+#endif
+    return ret;
+#else
+    (void)ssl;
+    (void)peer;
+    (void)peerSz;
+    return WOLFSSL_NOT_IMPLEMENTED;
+#endif
+}
+
+int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                           unsigned int* peerSz)
+{
+#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_RW_THREADED)
+    if (ssl == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (peer == NULL || peerSz == NULL)
+        return WOLFSSL_FAILURE;
+
+    *peer = ssl->buffers.dtlsCtx.peer.sa;
+    *peerSz = ssl->buffers.dtlsCtx.peer.sz;
+    return WOLFSSL_SUCCESS;
 #else
     (void)ssl;
     (void)peer;
@@ -2178,6 +2060,18 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
     return WOLFSSL_SUCCESS;
 }
 
+#ifdef OPENSSL_EXTRA
+/* Maps to compatibility API SSL_set_mtu and is same as wolfSSL_dtls_set_mtu,
+ * but expects only success or failure returns. */
+int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu)
+{
+    if (wolfSSL_dtls_set_mtu(ssl, mtu) == WOLFSSL_SUCCESS)
+        return WOLFSSL_SUCCESS;
+    else
+        return WOLFSSL_FAILURE;
+}
+#endif /* OPENSSL_EXTRA */
+
 #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */
 
 #ifdef WOLFSSL_SRTP
@@ -2185,10 +2079,12 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
 static const WOLFSSL_SRTP_PROTECTION_PROFILE gSrtpProfiles[] = {
     /* AES CCM 128, Salt:112-bits, Auth HMAC-SHA1 Tag: 80-bits
      * (master_key:128bits + master_salt:112bits) * 2 = 480 bits (60) */
-    {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, (((128 + 112) * 2) / 8) },
+    {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80,
+     (((128 + 112) * 2) / 8) },
     /* AES CCM 128, Salt:112-bits, Auth HMAC-SHA1 Tag: 32-bits
      * (master_key:128bits + master_salt:112bits) * 2 = 480 bits (60) */
-    {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, (((128 + 112) * 2) / 8) },
+    {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32,
+     (((128 + 112) * 2) / 8) },
     /* NULL Cipher, Salt:112-bits, Auth HMAC-SHA1 Tag 80-bits */
     {"SRTP_NULL_SHA1_80", SRTP_NULL_SHA1_80, ((112 * 2) / 8)},
     /* NULL Cipher, Salt:112-bits, Auth HMAC-SHA1 Tag 32-bits */
@@ -2261,20 +2157,53 @@ static int DtlsSrtpSelProfiles(word16* id, const char* profile_str)
     return WOLFSSL_SUCCESS;
 }
 
+/**
+ * @brief Set the SRTP protection profiles for DTLS.
+ *
+ * @param ctx Pointer to the WOLFSSL_CTX structure representing the SSL/TLS
+ *            context.
+ * @param profile_str A colon-separated string of SRTP profile names.
+ * @return 0 on success to match OpenSSL
+ * @return 1 on error to match OpenSSL
+ */
 int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         ret = DtlsSrtpSelProfiles(&ctx->dtlsSrtpProfiles, profile_str);
     }
+
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+        ret = 1;
+    } else {
+        ret = 0;
+    }
+
     return ret;
 }
+
+/**
+ * @brief Set the SRTP protection profiles for DTLS.
+ *
+ * @param ssl Pointer to the WOLFSSL structure representing the SSL/TLS
+ *            session.
+ * @param profile_str A colon-separated string of SRTP profile names.
+ * @return 0 on success to match OpenSSL
+ * @return 1 on error to match OpenSSL
+ */
 int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ssl != NULL) {
         ret = DtlsSrtpSelProfiles(&ssl->dtlsSrtpProfiles, profile_str);
     }
+
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+        ret = 1;
+    } else {
+        ret = 0;
+    }
+
     return ret;
 }
 
@@ -2315,15 +2244,15 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl,
         return EXT_MISSING;
     }
     if (out == NULL) {
-        *olen = profile->kdfBits;
-        return LENGTH_ONLY_E;
+        *olen = (size_t)profile->kdfBits;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*olen < (size_t)profile->kdfBits) {
         return BUFFER_E;
     }
 
-    return wolfSSL_export_keying_material(ssl, out, profile->kdfBits,
+    return wolfSSL_export_keying_material(ssl, out, (size_t)profile->kdfBits,
             DTLS_SRTP_KEYING_MATERIAL_LABEL,
             XSTR_SIZEOF(DTLS_SRTP_KEYING_MATERIAL_LABEL), NULL, 0, 0);
 }
@@ -2365,7 +2294,7 @@ int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, word16 id)
 
     WOLFSSL_ENTER("wolfSSL_CTX_mcast_set_member_id");
 
-    if (ctx == NULL || id > 255)
+    if (ctx == NULL || id > WOLFSSL_MAX_8BIT)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
@@ -2432,7 +2361,8 @@ int wolfSSL_set_secret(WOLFSSL* ssl, word16 epoch,
 
     if (ret == 0) {
         XMEMCPY(ssl->arrays->preMasterSecret, preMasterSecret, preMasterSz);
-        XMEMSET(ssl->arrays->preMasterSecret + preMasterSz, 0, ENCRYPT_LEN - preMasterSz);
+        XMEMSET(ssl->arrays->preMasterSecret + preMasterSz, 0,
+            ENCRYPT_LEN - preMasterSz);
         ssl->arrays->preMasterSz = preMasterSz;
         XMEMCPY(ssl->arrays->clientRandom, clientRandom, RAN_LEN);
         XMEMCPY(ssl->arrays->serverRandom, serverRandom, RAN_LEN);
@@ -2499,7 +2429,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub)
     int i;
 
     WOLFSSL_ENTER("wolfSSL_mcast_peer_add");
-    if (ssl == NULL || peerId > 255)
+    if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT)
         return BAD_FUNC_ARG;
 
     if (!sub) {
@@ -2524,7 +2454,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub)
         }
         else {
             WOLFSSL_MSG("No room in peer list.");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     else {
@@ -2555,7 +2485,7 @@ int wolfSSL_mcast_peer_known(WOLFSSL* ssl, unsigned short peerId)
 
     WOLFSSL_ENTER("wolfSSL_mcast_peer_known");
 
-    if (ssl == NULL || peerId > 255) {
+    if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT) {
         return BAD_FUNC_ARG;
     }
 
@@ -2611,11 +2541,11 @@ int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx)
 
 #endif /* WOLFSSL_LEANPSK */
 
-
+#ifndef NO_TLS
 /* return underlying connect or accept, WOLFSSL_SUCCESS on ok */
 int wolfSSL_negotiate(WOLFSSL* ssl)
 {
-    int err = WOLFSSL_FATAL_ERROR;
+    int err = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_negotiate");
 
@@ -2650,7 +2580,7 @@ int wolfSSL_negotiate(WOLFSSL* ssl)
 
     return err;
 }
-
+#endif /* !NO_TLS */
 
 WOLFSSL_ABI
 WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl)
@@ -2683,7 +2613,8 @@ int wolfSSL_GetObjectSize(void)
 #ifdef WOLFSSL_SM4
     printf("\tsizeof sm4          = %lu\n", (unsigned long)sizeof(Sm4));
 #endif
-    printf("sizeof cipher specs     = %lu\n", (unsigned long)sizeof(CipherSpecs));
+    printf("sizeof cipher specs     = %lu\n", (unsigned long)
+        sizeof(CipherSpecs));
     printf("sizeof keys             = %lu\n", (unsigned long)sizeof(Keys));
     printf("sizeof Hashes(2)        = %lu\n", (unsigned long)sizeof(Hashes));
 #ifndef NO_MD5
@@ -2716,10 +2647,13 @@ int wolfSSL_GetObjectSize(void)
 #ifdef HAVE_ECC
     printf("sizeof ecc_key          = %lu\n", (unsigned long)sizeof(ecc_key));
 #endif
-    printf("sizeof WOLFSSL_CIPHER    = %lu\n", (unsigned long)sizeof(WOLFSSL_CIPHER));
-    printf("sizeof WOLFSSL_SESSION   = %lu\n", (unsigned long)sizeof(WOLFSSL_SESSION));
+    printf("sizeof WOLFSSL_CIPHER    = %lu\n", (unsigned long)
+        sizeof(WOLFSSL_CIPHER));
+    printf("sizeof WOLFSSL_SESSION   = %lu\n", (unsigned long)
+        sizeof(WOLFSSL_SESSION));
     printf("sizeof WOLFSSL           = %lu\n", (unsigned long)sizeof(WOLFSSL));
-    printf("sizeof WOLFSSL_CTX       = %lu\n", (unsigned long)sizeof(WOLFSSL_CTX));
+    printf("sizeof WOLFSSL_CTX       = %lu\n", (unsigned long)
+        sizeof(WOLFSSL_CTX));
 #endif
 
     return sizeof(WOLFSSL);
@@ -2739,13 +2673,11 @@ int wolfSSL_METHOD_GetObjectSize(void)
 
 #ifdef WOLFSSL_STATIC_MEMORY
 
-int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
-                                   unsigned char* buf, unsigned int sz,
-                                   int flag, int maxSz)
+int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
+    wolfSSL_method_func method, unsigned char* buf, unsigned int sz, int flag,
+    int maxSz)
 {
-    WOLFSSL_HEAP*      heap;
-    WOLFSSL_HEAP_HINT* hint;
-    word32 idx = 0;
+    WOLFSSL_HEAP_HINT* hint = NULL;
 
     if (ctx == NULL || buf == NULL) {
         return BAD_FUNC_ARG;
@@ -2755,42 +2687,23 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method
         return BAD_FUNC_ARG;
     }
 
-    if (*ctx == NULL || (*ctx)->heap == NULL) {
-        if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
-            return BUFFER_E; /* not enough memory for structures */
-        }
-        heap = (WOLFSSL_HEAP*)buf;
-        idx += sizeof(WOLFSSL_HEAP);
-        if (wolfSSL_init_memory_heap(heap) != 0) {
-            return WOLFSSL_FAILURE;
-        }
-        hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
-        idx += sizeof(WOLFSSL_HEAP_HINT);
-        XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
-        hint->memory = heap;
+    /* If there is a heap already, capture it in hint. */
+    if (*ctx && (*ctx)->heap != NULL) {
+        hint = (*ctx)->heap;
+    }
 
-        if (*ctx && (*ctx)->heap == NULL) {
+    if (wc_LoadStaticMemory(&hint, buf, sz, flag, maxSz)) {
+        WOLFSSL_MSG("Error loading static memory");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (*ctx) {
+        if ((*ctx)->heap == NULL) {
             (*ctx)->heap = (void*)hint;
         }
     }
     else {
-#ifdef WOLFSSL_HEAP_TEST
-        /* do not load in memory if test has been set */
-        if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) {
-            return WOLFSSL_SUCCESS;
-        }
-#endif
-        hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap);
-        heap = hint->memory;
-    }
-
-    if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) {
-        WOLFSSL_MSG("Error partitioning memory");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* create ctx if needed */
-    if (*ctx == NULL) {
+        /* create ctx if needed */
         *ctx = wolfSSL_CTX_new_ex(method(hint), hint);
         if (*ctx == NULL) {
             WOLFSSL_MSG("Error creating ctx");
@@ -2798,19 +2711,6 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method
         }
     }
 
-    /* determine what max applies too */
-    if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
-        heap->maxIO = maxSz;
-    }
-    else { /* general memory used in handshakes */
-        heap->maxHa = maxSz;
-    }
-
-    heap->flag |= flag;
-
-    (void)maxSz;
-    (void)method;
-
     return WOLFSSL_SUCCESS;
 }
 
@@ -2822,6 +2722,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
     }
     WOLFSSL_ENTER("wolfSSL_is_static_memory");
 
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
     /* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */
     if (mem_stats != NULL && ssl->heap != NULL) {
         WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
@@ -2830,7 +2731,9 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
             XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS));
         }
     }
+#endif
 
+    (void)mem_stats;
     return (ssl->heap) ? 1 : 0;
 }
 
@@ -2842,6 +2745,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
     }
     WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory");
 
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
     /* fill out statistics if wanted */
     if (mem_stats != NULL && ctx->heap != NULL) {
         WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory;
@@ -2849,13 +2753,15 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
             return MEMORY_E;
         }
     }
+#endif
 
+    (void)mem_stats;
     return (ctx->heap) ? 1 : 0;
 }
 
 #endif /* WOLFSSL_STATIC_MEMORY */
 
-
+#ifndef NO_TLS
 /* return max record layer size plaintext input size */
 int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
 {
@@ -2889,18 +2795,28 @@ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
     if (inSz > maxSize)
         return INPUT_SIZE_E;
 
-    return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0, CUR_ORDER);
+    return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0,
+        CUR_ORDER);
 }
 
 
 #ifdef HAVE_ECC
 int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
 {
+    WOLFSSL_ENTER("wolfSSL_CTX_SetMinEccKey_Sz");
     if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
         WOLFSSL_MSG("Key size must be divisible by 8 or ctx was null");
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minEccKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->minEccKeySz     = keySz / 8;
 #ifndef NO_CERTS
     ctx->cm->minEccKeySz = keySz / 8;
@@ -2911,11 +2827,20 @@ int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
 
 int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
 {
+    WOLFSSL_ENTER("wolfSSL_SetMinEccKey_Sz");
     if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
         WOLFSSL_MSG("Key size must be divisible by 8 or ssl was null");
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minEccKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.minEccKeySz = keySz / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2930,6 +2855,14 @@ int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minRsaKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->minRsaKeySz     = keySz / 8;
     ctx->cm->minRsaKeySz = keySz / 8;
     return WOLFSSL_SUCCESS;
@@ -2943,6 +2876,14 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minRsaKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.minRsaKeySz = keySz / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2950,138 +2891,6 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
 
 #ifndef NO_DH
 
-#ifdef OPENSSL_EXTRA
-long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
-{
-    int pSz, gSz;
-    byte *p, *g;
-    int ret = 0;
-
-    WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
-
-    if (!ssl || !dh)
-        return BAD_FUNC_ARG;
-
-    /* Get needed size for p and g */
-    pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
-    gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
-
-    if (pSz <= 0 || gSz <= 0)
-        return -1;
-
-    p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (!p)
-        return MEMORY_E;
-
-    g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (!g) {
-        XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        return MEMORY_E;
-    }
-
-    pSz = wolfSSL_BN_bn2bin(dh->p, p);
-    gSz = wolfSSL_BN_bn2bin(dh->g, g);
-
-    if (pSz >= 0 && gSz >= 0) /* Conversion successful */
-        ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
-
-    XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-
-    return pSz > 0 && gSz > 0 ? ret : -1;
-}
-#endif /* OPENSSL_EXTRA */
-
-/* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
-int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
-                    const unsigned char* g, int gSz)
-{
-    WOLFSSL_ENTER("wolfSSL_SetTmpDH");
-
-    if (ssl == NULL || p == NULL || g == NULL)
-        return BAD_FUNC_ARG;
-
-    if ((word16)pSz < ssl->options.minDhKeySz)
-        return DH_KEY_SIZE_E;
-    if ((word16)pSz > ssl->options.maxDhKeySz)
-        return DH_KEY_SIZE_E;
-
-    /* this function is for server only */
-    if (ssl->options.side == WOLFSSL_CLIENT_END)
-        return SIDE_ERROR;
-
-    #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
-        !defined(HAVE_SELFTEST)
-        ssl->options.dhKeyTested = 0;
-        ssl->options.dhDoKeyTest = 1;
-    #endif
-
-    if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
-        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        ssl->buffers.serverDH_P.buffer = NULL;
-    }
-    if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
-        XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        ssl->buffers.serverDH_G.buffer = NULL;
-    }
-
-    ssl->buffers.weOwnDH = 1;  /* SSL owns now */
-    ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap,
-                                                    DYNAMIC_TYPE_PUBLIC_KEY);
-    if (ssl->buffers.serverDH_P.buffer == NULL)
-            return MEMORY_E;
-
-    ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap,
-                                                    DYNAMIC_TYPE_PUBLIC_KEY);
-    if (ssl->buffers.serverDH_G.buffer == NULL) {
-        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        ssl->buffers.serverDH_P.buffer = NULL;
-        return MEMORY_E;
-    }
-
-    ssl->buffers.serverDH_P.length = pSz;
-    ssl->buffers.serverDH_G.length = gSz;
-
-    XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
-    XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
-
-    ssl->options.haveDH = 1;
-
-    if (ssl->options.side != WOLFSSL_NEITHER_END) {
-        word16 havePSK;
-        word16 haveRSA;
-        int    keySz   = 0;
-        int    ret;
-
-    #ifndef NO_PSK
-        havePSK = ssl->options.havePSK;
-    #else
-        havePSK = 0;
-    #endif
-    #ifdef NO_RSA
-        haveRSA = 0;
-    #else
-        haveRSA = 1;
-    #endif
-    #ifndef NO_CERTS
-        keySz = ssl->buffers.keySz;
-    #endif
-        ret = AllocateSuites(ssl);
-        if (ret != 0)
-            return ret;
-        InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
-                   ssl->options.haveDH, ssl->options.haveECDSAsig,
-                   ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
-    }
-
-    WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
-
-    return WOLFSSL_SUCCESS;
-}
-
-
 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
     !defined(HAVE_SELFTEST)
 /* Enables or disables the session's DH key prime test. */
@@ -3102,87 +2911,19 @@ int wolfSSL_SetEnableDhKeyTest(WOLFSSL* ssl, int enable)
 }
 #endif
 
-
-/* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
-int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
-                         const unsigned char* g, int gSz)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
-    if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
-
-    if ((word16)pSz < ctx->minDhKeySz)
-        return DH_KEY_SIZE_E;
-    if ((word16)pSz > ctx->maxDhKeySz)
-        return DH_KEY_SIZE_E;
-
-    #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
-        !defined(HAVE_SELFTEST)
-    {
-        WC_RNG rng;
-        int error, freeKey = 0;
-    #ifdef WOLFSSL_SMALL_STACK
-        DhKey *checkKey = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
-        if (checkKey == NULL)
-            return MEMORY_E;
-    #else
-        DhKey checkKey[1];
-    #endif
-
-        error = wc_InitRng(&rng);
-        if (!error)
-            error = wc_InitDhKey(checkKey);
-        if (!error) {
-            freeKey = 1;
-            error = wc_DhSetCheckKey(checkKey,
-                                 p, pSz, g, gSz, NULL, 0, 0, &rng);
-        }
-        if (freeKey)
-            wc_FreeDhKey(checkKey);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(checkKey, NULL, DYNAMIC_TYPE_DH);
-    #endif
-        wc_FreeRng(&rng);
-        if (error)
-            return error;
-
-        ctx->dhKeyTested = 1;
-    }
-    #endif
-
-    XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    ctx->serverDH_P.buffer = NULL;
-    XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    ctx->serverDH_G.buffer = NULL;
-
-    ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (ctx->serverDH_P.buffer == NULL)
-       return MEMORY_E;
-
-    ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (ctx->serverDH_G.buffer == NULL) {
-        XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        ctx->serverDH_P.buffer = NULL;
-        return MEMORY_E;
-    }
-
-    ctx->serverDH_P.length = pSz;
-    ctx->serverDH_G.length = gSz;
-
-    XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
-    XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
-
-    ctx->haveDH = 1;
-
-    WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
-    return WOLFSSL_SUCCESS;
-}
-
-
 int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits)
 {
     if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->minDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -3193,6 +2934,14 @@ int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits)
     if (ssl == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.minDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -3203,6 +2952,14 @@ int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits)
     if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->maxDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -3213,6 +2970,14 @@ int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits)
     if (ssl == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.maxDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -3229,14 +2994,13 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
 #endif /* !NO_DH */
 
 
-WOLFSSL_ABI
-int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
+static int wolfSSL_write_internal(WOLFSSL* ssl, const void* data, size_t sz)
 {
     int ret;
 
     WOLFSSL_ENTER("wolfSSL_write");
 
-    if (ssl == NULL || data == NULL || sz < 0)
+    if (ssl == NULL || data == NULL)
         return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_QUIC
@@ -3245,20 +3009,6 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
         return BAD_FUNC_ARG;
     }
 #endif
-#ifdef WOLFSSL_EARLY_DATA
-    if (IsAtLeastTLSv1_3(ssl->version) &&
-            ssl->options.side == WOLFSSL_SERVER_END &&
-            ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
-        /* We can send data without waiting on peer finished msg */
-        WOLFSSL_MSG("server sending data before receiving client finished");
-    }
-    else if (ssl->earlyData != no_early_data &&
-            (ret = wolfSSL_negotiate(ssl)) < 0) {
-        ssl->error = ret;
-        return WOLFSSL_FATAL_ERROR;
-    }
-    ssl->earlyData = no_early_data;
-#endif
 
 #ifdef HAVE_WRITE_DUP
     { /* local variable scope */
@@ -3296,8 +3046,8 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
 
     #ifdef OPENSSL_EXTRA
     if (ssl->CBIS != NULL) {
-        ssl->CBIS(ssl, SSL_CB_WRITE, WOLFSSL_SUCCESS);
-        ssl->cbmode = SSL_CB_WRITE;
+        ssl->CBIS(ssl, WOLFSSL_CB_WRITE, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_WRITE;
     }
     #endif
     ret = SendData(ssl, data, sz);
@@ -3310,13 +3060,97 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
         return ret;
 }
 
-static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
+WOLFSSL_ABI
+int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
+{
+    WOLFSSL_ENTER("wolfSSL_write");
+
+    if (sz < 0)
+        return BAD_FUNC_ARG;
+
+    return wolfSSL_write_internal(ssl, data, (size_t)sz);
+}
+
+int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
+{
+    int maxLength;
+    int usedLength;
+
+    WOLFSSL_ENTER("wolfSSL_inject");
+
+    if (ssl == NULL || data == NULL || sz <= 0)
+        return BAD_FUNC_ARG;
+
+    usedLength = (int)(ssl->buffers.inputBuffer.length -
+                       ssl->buffers.inputBuffer.idx);
+    maxLength  = (int)(ssl->buffers.inputBuffer.bufferSize -
+                       (word32)usedLength);
+
+    if (sz > maxLength) {
+        /* Need to make space */
+        int ret;
+        if (ssl->buffers.clearOutputBuffer.length > 0) {
+            /* clearOutputBuffer points into so reallocating inputBuffer will
+             * invalidate clearOutputBuffer and lose app data */
+            WOLFSSL_MSG("Can't inject while there is application data to read");
+            return APP_DATA_READY;
+        }
+        ret = GrowInputBuffer(ssl, sz, usedLength);
+        if (ret < 0)
+            return ret;
+    }
+
+    XMEMCPY(ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
+            data, sz);
+    ssl->buffers.inputBuffer.length += sz;
+
+    return WOLFSSL_SUCCESS;
+}
+
+
+int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz, size_t* wr)
+{
+    int ret;
+
+    if (wr != NULL) {
+        *wr = 0;
+    }
+
+    ret = wolfSSL_write_internal(ssl, data, sz);
+    if (ret >= 0) {
+        if (wr != NULL) {
+            *wr = (size_t)ret;
+        }
+
+        /* handle partial write cases, if not set then a partial write is
+         * considered a failure case, or if set and ret is 0 then is a fail */
+        if (ret == 0 && ssl->options.partialWrite) {
+            ret = 0;
+        }
+        else if ((size_t)ret < sz && !ssl->options.partialWrite) {
+            ret = 0;
+        }
+        else {
+            /* wrote out all application data, or wrote out 1 byte or more with
+             * partial write flag set */
+            ret = 1;
+        }
+    }
+    else {
+        ret = 0;
+    }
+
+    return ret;
+}
+
+
+static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, size_t sz, int peek)
 {
     int ret;
 
     WOLFSSL_ENTER("wolfSSL_read_internal");
 
-    if (ssl == NULL || data == NULL || sz < 0)
+    if (ssl == NULL || data == NULL)
         return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_QUIC
@@ -3340,8 +3174,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
     /* make sure bidirectional TLS shutdown completes */
     if (ssl->error == WOLFSSL_ERROR_SYSCALL || ssl->options.shutdownDone) {
         /* ask the underlying transport the connection is closed */
-        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx) ==
-                                            WOLFSSL_CBIO_ERR_CONN_CLOSE) {
+        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx)
+            == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE))
+        {
             ssl->options.isClosed = 1;
             ssl->error = WOLFSSL_ERROR_ZERO_RETURN;
         }
@@ -3364,9 +3199,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
 
 #ifdef HAVE_WRITE_DUP
     if (ssl->dupWrite) {
-        if (ssl->error != 0 && ssl->error != WANT_READ
+        if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_READ)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             int notifyErr;
@@ -3393,7 +3228,10 @@ int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
 {
     WOLFSSL_ENTER("wolfSSL_peek");
 
-    return wolfSSL_read_internal(ssl, data, sz, TRUE);
+    if (sz < 0)
+        return BAD_FUNC_ARG;
+
+    return wolfSSL_read_internal(ssl, data, (size_t)sz, TRUE);
 }
 
 
@@ -3402,19 +3240,46 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
 {
     WOLFSSL_ENTER("wolfSSL_read");
 
+    if (sz < 0)
+        return BAD_FUNC_ARG;
+
     #ifdef OPENSSL_EXTRA
     if (ssl == NULL) {
         return BAD_FUNC_ARG;
     }
     if (ssl->CBIS != NULL) {
-        ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS);
-        ssl->cbmode = SSL_CB_READ;
+        ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_READ;
     }
     #endif
-    return wolfSSL_read_internal(ssl, data, sz, FALSE);
+    return wolfSSL_read_internal(ssl, data, (size_t)sz, FALSE);
 }
 
 
+/* returns 0 on failure and on no read */
+int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd)
+{
+    int ret;
+
+    #ifdef OPENSSL_EXTRA
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (ssl->CBIS != NULL) {
+        ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_READ;
+    }
+    #endif
+    ret = wolfSSL_read_internal(ssl, data, sz, FALSE);
+
+    if (ret > 0 && rd != NULL) {
+        *rd = (size_t)ret;
+    }
+
+    if (ret <= 0) ret = 0;
+    return ret;
+}
+
 #ifdef WOLFSSL_MULTICAST
 
 int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz)
@@ -3423,17 +3288,17 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz)
 
     WOLFSSL_ENTER("wolfSSL_mcast_read");
 
-    if (ssl == NULL)
+    if ((ssl == NULL) || (sz < 0))
         return BAD_FUNC_ARG;
 
-    ret = wolfSSL_read_internal(ssl, data, sz, FALSE);
+    ret = wolfSSL_read_internal(ssl, data, (size_t)sz, FALSE);
     if (ssl->options.dtls && ssl->options.haveMcast && id != NULL)
         *id = ssl->keys.curPeerId;
     return ret;
 }
 
 #endif /* WOLFSSL_MULTICAST */
-
+#endif /* !NO_TLS */
 
 /* helpers to set the device id, WOLFSSL_SUCCESS on ok */
 WOLFSSL_ABI
@@ -3480,6 +3345,7 @@ void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
 }
 
 
+#ifndef NO_TLS
 #ifdef HAVE_SNI
 
 WOLFSSL_ABI
@@ -3530,7 +3396,7 @@ word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
         *data = NULL;
 
     if (ssl && ssl->extensions)
-        return TLSX_SNI_GetRequest(ssl->extensions, type, data);
+        return TLSX_SNI_GetRequest(ssl->extensions, type, data, 0);
 
     return 0;
 }
@@ -3545,7 +3411,7 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
     return BAD_FUNC_ARG;
 }
 
-#endif /* NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER */
 
 #endif /* HAVE_SNI */
 
@@ -3731,15 +3597,36 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_FFDHE_6144:
         case WOLFSSL_FFDHE_8192:
 
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+        case WOLFSSL_ML_KEM_512:
+        case WOLFSSL_ML_KEM_768:
+        case WOLFSSL_ML_KEM_1024:
+    #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)
+        case WOLFSSL_P256_ML_KEM_512:
+        case WOLFSSL_P384_ML_KEM_768:
+        case WOLFSSL_P521_ML_KEM_1024:
+        case WOLFSSL_P384_ML_KEM_1024:
+        case WOLFSSL_X25519_ML_KEM_512:
+        case WOLFSSL_X448_ML_KEM_768:
+        case WOLFSSL_X25519_ML_KEM_768:
+        case WOLFSSL_P256_ML_KEM_768:
+    #endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
         case WOLFSSL_KYBER_LEVEL1:
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
-    #ifdef HAVE_LIBOQS
+    #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)
         case WOLFSSL_P256_KYBER_LEVEL1:
         case WOLFSSL_P384_KYBER_LEVEL3:
         case WOLFSSL_P521_KYBER_LEVEL5:
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+        case WOLFSSL_X448_KYBER_LEVEL3:
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+        case WOLFSSL_P256_KYBER_LEVEL3:
     #endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
 #endif
             return 1;
 
@@ -3775,7 +3662,7 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
 #endif /* NO_TLS */
 }
 
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13)
+#if defined(OPENSSL_EXTRA)
 int  wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
                                         int count)
 {
@@ -3793,7 +3680,7 @@ int  wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
 #ifdef HAVE_ECC
         else {
             /* groups may be populated with curve NIDs */
-            int oid = nid2oid(groups[i], oidCurveType);
+            int oid = (int)nid2oid(groups[i], oidCurveType);
             int name = (int)GetCurveByOID(oid);
             if (name == 0) {
                 WOLFSSL_MSG("Invalid group name");
@@ -3828,7 +3715,7 @@ int  wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count)
 #ifdef HAVE_ECC
         else {
             /* groups may be populated with curve NIDs */
-            int oid = nid2oid(groups[i], oidCurveType);
+            int oid = (int)nid2oid(groups[i], oidCurveType);
             int name = (int)GetCurveByOID(oid);
             if (name == 0) {
                 WOLFSSL_MSG("Invalid group name");
@@ -3846,7 +3733,7 @@ int  wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count)
     return wolfSSL_set_groups(ssl, _groups, count) == WOLFSSL_SUCCESS ?
             WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
 }
-#endif /* OPENSSL_EXTRA && WOLFSSL_TLS13 */
+#endif /* OPENSSL_EXTRA */
 #endif /* HAVE_SUPPORTED_CURVES */
 
 /* Application-Layer Protocol Negotiation */
@@ -3859,7 +3746,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
     char    *list, *ptr, **token;
     word16  len;
     int     idx = 0;
-    int     ret = WOLFSSL_FAILURE;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_UseALPN");
 
@@ -3887,7 +3774,8 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
         return MEMORY_ERROR;
     }
 
-    token = (char **)XMALLOC(sizeof(char *) * (WOLFSSL_MAX_ALPN_NUMBER+1), ssl->heap, DYNAMIC_TYPE_ALPN);
+    token = (char **)XMALLOC(sizeof(char *) * (WOLFSSL_MAX_ALPN_NUMBER+1),
+        ssl->heap, DYNAMIC_TYPE_ALPN);
     if (token == NULL) {
         XFREE(list, ssl->heap, DYNAMIC_TYPE_ALPN);
         WOLFSSL_MSG("Memory failure");
@@ -3964,7 +3852,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
             *list = NULL;
             return WOLFSSL_FAILURE;
         }
-        XMEMCPY(p, s + i, len);
+        XMEMCPY(p, s + i, (size_t)len);
     }
     *p = 0;
 
@@ -3993,12 +3881,14 @@ int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list)
 /* user is forcing ability to use secure renegotiation, we discourage it */
 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 #if defined(NO_TLS)
     (void)ssl;
 #else
     if (ssl)
         ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap);
+    else
+        ret = BAD_FUNC_ARG;
 
     if (ret == WOLFSSL_SUCCESS) {
         TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
@@ -4084,7 +3974,7 @@ static int _Rehandshake(WOLFSSL* ssl)
 
         ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
 
-#if !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_TLS12)
         if (ssl->options.side == WOLFSSL_SERVER_END) {
             ret = SendHelloRequest(ssl);
             if (ret != 0) {
@@ -4092,7 +3982,7 @@ static int _Rehandshake(WOLFSSL* ssl)
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !WOLFSSL_NO_TLS12 */
 
         ret = InitHandshakeHashes(ssl);
         if (ret != 0) {
@@ -4320,7 +4210,8 @@ int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
             }
         }
         else { /* Ticket requires dynamic ticket storage */
-            if (ssl->session->ticketLen < bufSz) { /* is dyn buffer big enough */
+            /* is dyn buffer big enough */
+            if (ssl->session->ticketLen < bufSz) {
                 if (ssl->session->ticketLenAlloc > 0) {
                     XFREE(ssl->session->ticket, ssl->session->heap,
                           DYNAMIC_TYPE_SESSION_TICK);
@@ -4433,12 +4324,31 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
 }
 #endif
 
+int wolfSSL_SendUserCanceled(WOLFSSL* ssl)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_recv");
+
+    if (ssl != NULL) {
+        ssl->error = SendAlert(ssl, alert_warning, user_canceled);
+        if (ssl->error < 0) {
+            WOLFSSL_ERROR(ssl->error);
+        }
+        else {
+            ret = wolfSSL_shutdown(ssl);
+        }
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_SendUserCanceled", ret);
+
+    return ret;
+}
 
 /* WOLFSSL_SUCCESS on ok */
 WOLFSSL_ABI
 int wolfSSL_shutdown(WOLFSSL* ssl)
 {
-    int  ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     WOLFSSL_ENTER("wolfSSL_shutdown");
 
     if (ssl == NULL)
@@ -4480,13 +4390,14 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
         /* call wolfSSL_shutdown again for bidirectional shutdown */
         if (ssl->options.sentNotify && !ssl->options.closeNotify) {
             ret = ProcessReply(ssl);
-            if ((ret == ZERO_RETURN) || (ret == SOCKET_ERROR_E)) {
+            if ((ret == WC_NO_ERR_TRACE(ZERO_RETURN)) ||
+                (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E))) {
                 /* simulate OpenSSL behavior */
                 ssl->options.shutdownDone = 1;
                 /* Clear error */
                 ssl->error = WOLFSSL_ERROR_NONE;
                 ret = WOLFSSL_SUCCESS;
-            } else if (ret == MEMORY_E) {
+            } else if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
                 ret = WOLFSSL_FATAL_ERROR;
             } else if (ssl->error == WOLFSSL_ERROR_NONE) {
                 ret = WOLFSSL_SHUTDOWN_NOT_DONE;
@@ -4511,7 +4422,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
 
     return ret;
 }
-
+#endif /* !NO_TLS */
 
 /* get current error state value */
 int wolfSSL_state(WOLFSSL* ssl)
@@ -4537,21 +4448,20 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret)
     WOLFSSL_LEAVE("wolfSSL_get_error", ssl->error);
 
     /* make sure converted types are handled in SetErrorString() too */
-    if (ssl->error == WANT_READ)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
         return WOLFSSL_ERROR_WANT_READ;         /* convert to OpenSSL type */
-    else if (ssl->error == WANT_WRITE)
+    else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
         return WOLFSSL_ERROR_WANT_WRITE;        /* convert to OpenSSL type */
-    else if (ssl->error == ZERO_RETURN || ssl->options.shutdownDone)
+    else if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) ||
+             ssl->options.shutdownDone)
         return WOLFSSL_ERROR_ZERO_RETURN;       /* convert to OpenSSL type */
 #ifdef OPENSSL_EXTRA
-    else if (ssl->error == SOCKET_PEER_CLOSED_E)
+    else if (ssl->error == WC_NO_ERR_TRACE(MATCH_SUITE_ERROR))
+        return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
+    else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E))
         return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
 #endif
-#if defined(WOLFSSL_HAPROXY)
-    return GetX509Error(ssl->error);
-#else
-    return (ssl->error);
-#endif
+    return ssl->error;
 }
 
 
@@ -4568,12 +4478,12 @@ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
 /* returns SSL_WRITING, SSL_READING or SSL_NOTHING */
 int wolfSSL_want(WOLFSSL* ssl)
 {
-    int rw_state = SSL_NOTHING;
+    int rw_state = WOLFSSL_NOTHING;
     if (ssl) {
-        if (ssl->error == WANT_READ)
-            rw_state = SSL_READING;
-        else if (ssl->error == WANT_WRITE)
-            rw_state = SSL_WRITING;
+        if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
+            rw_state = WOLFSSL_READING;
+        else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
+            rw_state = WOLFSSL_WRITING;
     }
     return rw_state;
 }
@@ -4583,24 +4493,22 @@ int wolfSSL_want(WOLFSSL* ssl)
 int wolfSSL_want_read(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_want_read");
-    if (ssl->error == WANT_READ)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
         return 1;
 
     return 0;
 }
 
-
 /* return TRUE if current error is want write */
 int wolfSSL_want_write(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_want_write");
-    if (ssl->error == WANT_WRITE)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
         return 1;
 
     return 0;
 }
 
-
 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
 {
     WOLFSSL_ENTER("wolfSSL_ERR_error_string");
@@ -4993,7 +4901,7 @@ int wolfSSL_GetCipherType(WOLFSSL* ssl)
     if (ssl->specs.cipher_type == aead)
         return WOLFSSL_AEAD_TYPE;
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 
@@ -5109,7 +5017,7 @@ int wolfSSL_pending(WOLFSSL* ssl)
     if (ssl == NULL)
         return WOLFSSL_FAILURE;
 
-    return ssl->buffers.clearOutputBuffer.length;
+    return (int)ssl->buffers.clearOutputBuffer.length;
 }
 
 int wolfSSL_has_pending(const WOLFSSL* ssl)
@@ -5135,7 +5043,7 @@ int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
 #endif
 
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 /* connect enough to get peer cert chain */
 int wolfSSL_connect_cert(WOLFSSL* ssl)
 {
@@ -5169,9 +5077,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
 /* make minVersion the internal equivalent SSL version */
 static int SetMinVersionHelper(byte* minVersion, int version)
 {
-#ifdef NO_TLS
     (void)minVersion;
-#endif
 
     switch (version) {
 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
@@ -5238,6 +5144,12 @@ int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     return SetMinVersionHelper(&ctx->minDowngrade, version);
 }
 
@@ -5252,6 +5164,12 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     return SetMinVersionHelper(&ssl->options.minDowngrade, version);
 }
 
@@ -5278,6 +5196,20 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl)
                 break;
         }
     }
+#ifdef WOLFSSL_DTLS
+    if (ssl->version.major == DTLS_MAJOR) {
+        switch (ssl->version.minor) {
+            case DTLS_MINOR :
+                return WOLFSSL_DTLSV1;
+            case DTLSv1_2_MINOR :
+                return WOLFSSL_DTLSV1_2;
+            case DTLSv1_3_MINOR :
+                return WOLFSSL_DTLSV1_3;
+            default:
+                break;
+        }
+    }
+#endif /* WOLFSSL_DTLS */
 
     return VERSION_ERROR;
 }
@@ -5347,8 +5279,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
     return WOLFSSL_SUCCESS;
 }
 #endif /* !leanpsk */
@@ -5418,8 +5349,13 @@ int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert)
         return  ret;
     tp = cm->tpTable[row];
     while (tp) {
-        if (XMEMCMP(cert->subjectHash, tp->subjectNameHash,
+        if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
                 SIGNER_DIGEST_SIZE) == 0)
+    #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+         && (XMEMCMP(cert->issuerHash, tp->issuerHash,
+                SIGNER_DIGEST_SIZE) == 0)
+    #endif
+        )
             ret = 1;
     #ifndef NO_SKID
         if (cert->extSubjKeyIdSet) {
@@ -5459,8 +5395,13 @@ TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert)
 
     tp = cm->tpTable[row];
     while (tp) {
-        if (XMEMCMP(cert->subjectHash, tp->subjectNameHash,
+        if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
                 SIGNER_DIGEST_SIZE) == 0)
+        #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+             && (XMEMCMP(cert->issuerHash, tp->issuerHash,
+                SIGNER_DIGEST_SIZE) == 0)
+        #endif
+            )
             ret = tp;
     #ifndef NO_SKID
         if (cert->extSubjKeyIdSet) {
@@ -5538,6 +5479,42 @@ Signer* GetCA(void* vp, byte* hash)
     return ret;
 }
 
+#if defined(HAVE_OCSP)
+Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
+{
+    WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
+    Signer* ret = NULL;
+    Signer* signers;
+    int row;
+
+    if (cm == NULL || keyHash == NULL)
+        return NULL;
+
+    /* try lookup using keyHash as subjKeyID first */
+    ret = GetCA(vp, (byte*)keyHash);
+    if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+        return ret;
+    }
+
+    /* if we can't find the cert, we have to scan the full table */
+    if (wc_LockMutex(&cm->caLock) != 0)
+        return NULL;
+
+    /* Unfortunately we need to look through the entire table */
+    for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
+        for (signers = cm->caTable[row]; signers != NULL;
+                signers = signers->next) {
+            if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+                ret = signers;
+                break;
+            }
+        }
+    }
+
+    wc_UnLockMutex(&cm->caLock);
+    return ret;
+}
+#endif
 #ifdef WOLFSSL_AKID_NAME
 Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
         const byte* serial, word32 serialSz)
@@ -5615,7 +5592,8 @@ Signer* GetCAByName(void* vp, byte* hash)
 /* add a trusted peer cert to linked list */
 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
 {
-    int ret, row;
+    int ret = 0;
+    int row = 0;
     TrustedPeerCert* peerCert;
     DecodedCert* cert;
     DerBuffer*   der = *pDer;
@@ -5689,14 +5667,19 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
         #endif
             XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
                     SIGNER_DIGEST_SIZE);
-            peerCert->next    = NULL; /* If Key Usage not set, all uses valid. */
+        #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+            XMEMCPY(peerCert->issuerHash, cert->issuerHash,
+                    SIGNER_DIGEST_SIZE);
+        #endif
+            /* If Key Usage not set, all uses valid. */
+            peerCert->next    = NULL;
             cert->subjectCN = 0;
         #ifndef IGNORE_NAME_CONSTRAINTS
             cert->permittedNames = NULL;
             cert->excludedNames = NULL;
         #endif
 
-            row = TrustedPeerHashSigner(peerCert->subjectNameHash);
+            row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash);
 
             if (wc_LockMutex(&cm->tpLock) == 0) {
                 peerCert->next = cm->tpTable[row];
@@ -5725,6 +5708,38 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
 }
 #endif /* WOLFSSL_TRUST_PEER_CERT */
 
+int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s)
+{
+    byte*   subjectHash;
+    Signer* signers;
+    word32  row;
+
+    if (cm == NULL || s == NULL)
+        return BAD_FUNC_ARG;
+
+#ifndef NO_SKID
+    subjectHash = s->subjectKeyIdHash;
+#else
+    subjectHash = s->subjectNameHash;
+#endif
+
+    if (AlreadySigner(cm, subjectHash)) {
+        FreeSigner(s, cm->heap);
+        return 0;
+    }
+
+    row = HashSigner(subjectHash);
+
+    if (wc_LockMutex(&cm->caLock) != 0)
+        return BAD_MUTEX_E;
+
+    signers = cm->caTable[row];
+    s->next = signers;
+    cm->caTable[row] = s;
+
+    wc_UnLockMutex(&cm->caLock);
+    return 0;
+}
 
 /* owns der, internal now uses too */
 /* type flag ids from user or from chain received during verify
@@ -5759,6 +5774,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 #endif
 
     InitDecodedCert(cert, der->buffer, der->length, cm->heap);
+
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    if (cm->unknownExtCallback != NULL) {
+        wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
+    }
+#endif
+
     ret = ParseCert(cert, CA_TYPE, verify, cm);
     WOLFSSL_MSG("\tParsed new CA");
 
@@ -5810,7 +5832,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                 }
                 break;
             #endif /* HAVE_ED448 */
-            #if defined(HAVE_PQC)
             #if defined(HAVE_FALCON)
             case FALCON_LEVEL1k:
                 if (cm->minFalconKeySz < 0 ||
@@ -5828,6 +5849,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                 break;
             #endif /* HAVE_FALCON */
             #if defined(HAVE_DILITHIUM)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
             case DILITHIUM_LEVEL2k:
                 if (cm->minDilithiumKeySz < 0 ||
                     DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
@@ -5849,8 +5871,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                     WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
                 }
                 break;
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            case ML_DSA_LEVEL2k:
+                if (cm->minDilithiumKeySz < 0 ||
+                    ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
+                    ret = DILITHIUM_KEY_SIZE_E;
+                    WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
+                }
+                break;
+            case ML_DSA_LEVEL3k:
+                if (cm->minDilithiumKeySz < 0 ||
+                    ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
+                    ret = DILITHIUM_KEY_SIZE_E;
+                    WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
+                }
+                break;
+            case ML_DSA_LEVEL5k:
+                if (cm->minDilithiumKeySz < 0 ||
+                    ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
+                    ret = DILITHIUM_KEY_SIZE_E;
+                    WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
+                }
+                break;
             #endif /* HAVE_DILITHIUM */
-            #endif /* HAVE_PQC */
 
             default:
                 WOLFSSL_MSG("\tNo key size check done on CA");
@@ -5858,13 +5901,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         }
     }
 
-    if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
+    if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
+        type != WOLFSSL_TEMP_CA) {
         WOLFSSL_MSG("\tCan't add as CA if not actually one");
         ret = NOT_CA_ERROR;
     }
 #ifndef ALLOW_INVALID_CERTSIGN
     else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
-        !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
+        type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
+        (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
         /* Intermediate CA certs are required to have the keyCertSign
         * extension set. User loaded root certs are not. */
         WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
@@ -5881,55 +5926,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         if (!signer)
             ret = MEMORY_ERROR;
     }
-#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL)
-    if (ret == 0 && signer != NULL)
-        ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash);
-#endif
     if (ret == 0 && signer != NULL) {
-    #ifdef WOLFSSL_SIGNER_DER_CERT
-        ret = AllocDer(&signer->derCert, der->length, der->type, NULL);
-    }
-    if (ret == 0 && signer != NULL) {
-        XMEMCPY(signer->derCert->buffer, der->buffer, der->length);
-    #endif
-        signer->keyOID         = cert->keyOID;
-        if (cert->pubKeyStored) {
-            signer->publicKey      = cert->publicKey;
-            signer->pubKeySize     = cert->pubKeySize;
-        }
-        if (cert->subjectCNStored) {
-            signer->nameLen        = cert->subjectCNLen;
-            signer->name           = cert->subjectCN;
-        }
-        signer->maxPathLen     = cert->maxPathLen;
-        signer->selfSigned     = cert->selfSigned;
-    #ifndef IGNORE_NAME_CONSTRAINTS
-        signer->permittedNames = cert->permittedNames;
-        signer->excludedNames  = cert->excludedNames;
-    #endif
-    #ifndef NO_SKID
-        XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
-                SIGNER_DIGEST_SIZE);
-    #endif
-        XMEMCPY(signer->subjectNameHash, cert->subjectHash,
-                SIGNER_DIGEST_SIZE);
-    #if defined(HAVE_OCSP) || defined(HAVE_CRL)
-        XMEMCPY(signer->issuerNameHash, cert->issuerHash,
-                SIGNER_DIGEST_SIZE);
-    #endif
-    #ifdef HAVE_OCSP
-        XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash,
-                KEYID_SIZE);
-    #endif
-        signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
-                                                : 0xFFFF;
-        signer->next    = NULL; /* If Key Usage not set, all uses valid. */
-        cert->publicKey = 0;    /* in case lock fails don't free here.   */
-        cert->subjectCN = 0;
-    #ifndef IGNORE_NAME_CONSTRAINTS
-        cert->permittedNames = NULL;
-        cert->excludedNames = NULL;
-    #endif
+        ret = FillSigner(signer, cert, type, der);
 
     #ifndef NO_SKID
         row = HashSigner(signer->subjectKeyIdHash);
@@ -5937,7 +5935,31 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         row = HashSigner(signer->subjectNameHash);
     #endif
 
-        if (wc_LockMutex(&cm->caLock) == 0) {
+    #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
+        /* Verify CA by TSIP so that generated tsip key is going to          */
+        /* be able to be used for peer's cert verification                   */
+        /* TSIP is only able to handle USER CA, and only one CA.             */
+        /* Therefore, it doesn't need to call TSIP again if there is already */
+        /* verified CA.                                                      */
+        if ( ret == 0 && signer != NULL ) {
+            signer->cm_idx = row;
+            if (type == WOLFSSL_USER_CA) {
+                if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
+                        cert->maxIdx,
+                        cert->sigCtx.CertAtt.pubkey_n_start,
+                        cert->sigCtx.CertAtt.pubkey_n_len - 1,
+                        cert->sigCtx.CertAtt.pubkey_e_start,
+                        cert->sigCtx.CertAtt.pubkey_e_len - 1,
+                     row/* cm index */))
+                    < 0)
+                    WOLFSSL_MSG("Renesas_RootCertVerify() failed");
+                else
+                    WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
+            }
+        }
+    #endif /* TSIP or SCE */
+
+        if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
             signer->next = cm->caTable[row];
             cm->caTable[row] = signer;   /* takes ownership */
             wc_UnLockMutex(&cm->caLock);
@@ -5949,28 +5971,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
             ret = BAD_MUTEX_E;
         }
     }
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
-    /* Verify CA by TSIP so that generated tsip key is going to be able to */
-    /* be used for peer's cert verification                                */
-    /* TSIP is only able to handle USER CA, and only one CA.               */
-    /* Therefore, it doesn't need to call TSIP again if there is already   */
-    /* verified CA.                                                        */
-    if ( ret == 0 && signer != NULL ) {
-        signer->cm_idx = row;
-        if (type == WOLFSSL_USER_CA) {
-            if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx,
-                 cert->sigCtx.CertAtt.pubkey_n_start,
-                 cert->sigCtx.CertAtt.pubkey_n_len - 1,
-                 cert->sigCtx.CertAtt.pubkey_e_start,
-                cert->sigCtx.CertAtt.pubkey_e_len - 1,
-                 row/* cm index */))
-                < 0)
-                WOLFSSL_MSG("Renesas_RootCertVerify() failed");
-            else
-                WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
-        }
-    }
-#endif /* TSIP or SCE */
 
     WOLFSSL_MSG("\tFreeing Parsed CA");
     FreeDecodedCert(cert);
@@ -5991,191 +5991,52 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 #endif /* !NO_CERTS */
 
 
-#ifndef NO_SESSION_CACHE
-
-    /* basic config gives a cache with 33 sessions, adequate for clients and
-       embedded servers
-
-       TITAN_SESSION_CACHE allows just over 2 million sessions, for servers
-       with titanic amounts of memory with long session ID timeouts and high
-       levels of traffic.
-
-       ENABLE_SESSION_CACHE_ROW_LOCK: Allows row level locking for increased
-       performance with large session caches
-
-       HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
-       allows over 13,000 new sessions per minute or over 200 new sessions per
-       second
-
-       BIG_SESSION_CACHE yields 20,027 sessions
-
-       MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
-       aren't under heavy load, basically allows 200 new sessions per minute
-
-       SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
-       or systems where the default of nearly 3kB is too much RAM, this define
-       uses less than 500 bytes RAM
-
-       default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
-    */
-    #if defined(TITAN_SESSION_CACHE)
-        #define SESSIONS_PER_ROW 31
-        #define SESSION_ROWS 64937
-        #ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-            #define ENABLE_SESSION_CACHE_ROW_LOCK
-        #endif
-    #elif defined(HUGE_SESSION_CACHE)
-        #define SESSIONS_PER_ROW 11
-        #define SESSION_ROWS 5981
-    #elif defined(BIG_SESSION_CACHE)
-        #define SESSIONS_PER_ROW 7
-        #define SESSION_ROWS 2861
-    #elif defined(MEDIUM_SESSION_CACHE)
-        #define SESSIONS_PER_ROW 5
-        #define SESSION_ROWS 211
-    #elif defined(SMALL_SESSION_CACHE)
-        #define SESSIONS_PER_ROW 2
-        #define SESSION_ROWS 3
-    #else
-        #define SESSIONS_PER_ROW 3
-        #define SESSION_ROWS 11
-    #endif
-    #define INVALID_SESSION_ROW (-1)
-
-    #ifdef NO_SESSION_CACHE_ROW_LOCK
-        #undef ENABLE_SESSION_CACHE_ROW_LOCK
-    #endif
-
-    typedef struct SessionRow {
-        int nextIdx;                           /* where to place next one   */
-        int totalCount;                        /* sessions ever on this row */
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-        WOLFSSL_SESSION* Sessions[SESSIONS_PER_ROW];
-        void* heap;
-#else
-        WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
-#endif
-
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        /* not included in import/export */
-        wolfSSL_RwLock row_lock;
-        int lock_valid;
-    #endif
-    } SessionRow;
-    #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2))
-
-    static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS];
-
-    #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
-        static WOLFSSL_GLOBAL word32 PeakSessions;
-    #endif
-
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-    #define SESSION_ROW_RD_LOCK(row)   wc_LockRwLock_Rd(&(row)->row_lock)
-    #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&(row)->row_lock)
-    #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&(row)->row_lock);
-    #else
-    static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */
-    static WOLFSSL_GLOBAL int session_lock_valid = 0;
-    #define SESSION_ROW_RD_LOCK(row)   wc_LockRwLock_Rd(&session_lock)
-    #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&session_lock)
-    #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&session_lock);
-    #endif
-
-    #if !defined(NO_SESSION_CACHE_REF) && defined(NO_CLIENT_CACHE)
-    #error ClientCache is required when not using NO_SESSION_CACHE_REF
-    #endif
-
-    #ifndef NO_CLIENT_CACHE
-
-        #ifndef CLIENT_SESSIONS_MULTIPLIER
-            #ifdef NO_SESSION_CACHE_REF
-                #define CLIENT_SESSIONS_MULTIPLIER 1
-            #else
-                /* ClientSession objects are lightweight (compared to
-                 * WOLFSSL_SESSION) so to decrease chance that user will reuse
-                 * the wrong session, increase the ClientCache size. This will
-                 * make the entire ClientCache about the size of one
-                 * WOLFSSL_SESSION object. */
-                #define CLIENT_SESSIONS_MULTIPLIER 8
-            #endif
-        #endif
-        #define CLIENT_SESSIONS_PER_ROW \
-                                (SESSIONS_PER_ROW * CLIENT_SESSIONS_MULTIPLIER)
-        #define CLIENT_SESSION_ROWS (SESSION_ROWS * CLIENT_SESSIONS_MULTIPLIER)
-
-        #if CLIENT_SESSIONS_PER_ROW > 65535
-        #error CLIENT_SESSIONS_PER_ROW too big
-        #endif
-        #if CLIENT_SESSION_ROWS > 65535
-        #error CLIENT_SESSION_ROWS too big
-        #endif
-
-        struct ClientSession {
-            word16 serverRow;            /* SessionCache Row id */
-            word16 serverIdx;            /* SessionCache Idx (column) */
-            word32 sessionIDHash;
-        };
-    #ifndef WOLFSSL_CLIENT_SESSION_DEFINED
-        typedef struct ClientSession ClientSession;
-        #define WOLFSSL_CLIENT_SESSION_DEFINED
-    #endif
-
-        typedef struct ClientRow {
-            int nextIdx;                /* where to place next one   */
-            int totalCount;             /* sessions ever on this row */
-            ClientSession Clients[CLIENT_SESSIONS_PER_ROW];
-        } ClientRow;
-
-        static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS];
-                                                     /* Client Cache */
-                                                     /* uses session mutex */
-
-        static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex; /* ClientCache mutex */
-        static WOLFSSL_GLOBAL int clisession_mutex_valid = 0;
-    #endif /* !NO_CLIENT_CACHE */
-
-    void EvictSessionFromCache(WOLFSSL_SESSION* session)
-    {
-#ifdef HAVE_EX_DATA
-        int save_ownExData = session->ownExData;
-        session->ownExData = 1; /* Make sure ex_data access doesn't lead back
-                                 * into the cache. */
-#endif
-#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
-        if (session->rem_sess_cb != NULL) {
-            session->rem_sess_cb(NULL, session);
-            session->rem_sess_cb = NULL;
-        }
-#endif
-        ForceZero(session->masterSecret, SECRET_LEN);
-        XMEMSET(session->sessionID, 0, ID_LEN);
-        session->sessionIDSz = 0;
-#ifdef HAVE_SESSION_TICKET
-        if (session->ticketLenAlloc > 0) {
-            XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
-            session->ticket = session->staticTicket;
-            session->ticketLen = 0;
-            session->ticketLenAlloc = 0;
-        }
-#endif
-#ifdef HAVE_EX_DATA
-        session->ownExData = save_ownExData;
-#endif
-    }
-
-#endif /* !NO_SESSION_CACHE */
-
 #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
 static int wolfSSL_RAND_InitMutex(void);
 #endif
 
+/* If we don't have static mutex initializers, but we do have static atomic
+ * initializers, activate WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS to leverage
+ * the latter.
+ *
+ * See further explanation below in wolfSSL_Init().
+ */
+#ifndef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #if !defined(WOLFSSL_MUTEX_INITIALIZER) && !defined(SINGLE_THREADED) && \
+            defined(WOLFSSL_ATOMIC_OPS) && defined(WOLFSSL_ATOMIC_INITIALIZER)
+        #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 1
+    #else
+        #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0
+    #endif
+#elif defined(WOLFSSL_MUTEX_INITIALIZER) || defined(SINGLE_THREADED)
+    #undef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0
+#endif
+
+#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #ifndef WOLFSSL_ATOMIC_OPS
+        #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_OPS
+    #endif
+    #ifndef WOLFSSL_ATOMIC_INITIALIZER
+        #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_INITIALIZER
+    #endif
+    static wolfSSL_Atomic_Int inits_count_mutex_atomic_initing_flag =
+        WOLFSSL_ATOMIC_INITIALIZER(0);
+#endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS && !WOLFSSL_MUTEX_INITIALIZER */
+
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
 static void AtExitCleanup(void)
 {
     if (initRefCount > 0) {
         initRefCount = 1;
         (void)wolfSSL_Cleanup();
+#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+        if (inits_count_mutex_valid == 1) {
+            (void)wc_FreeMutex(&inits_count_mutex);
+            inits_count_mutex_valid = 0;
+            inits_count_mutex_atomic_initing_flag = 0;
+        }
+#endif
     }
 }
 #endif
@@ -6190,22 +6051,63 @@ int wolfSSL_Init(void)
 
     WOLFSSL_ENTER("wolfSSL_Init");
 
-    #if FIPS_VERSION_GE(5,1)
-        ret = wolfCrypt_SetPrivateKeyReadEnable_fips(1, WC_KEYTYPE_ALL);
-        if (ret != 0)
-            return ret;
-        else
-            ret = WOLFSSL_SUCCESS;
-    #endif
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    if (inits_count_mutex_valid == 0) {
+    #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
 
-    if (initRefCount == 0) {
+        /* Without this mitigation, if two threads enter wolfSSL_Init() at the
+         * same time, and both see zero inits_count_mutex_valid, then both will
+         * run wc_InitMutex(&inits_count_mutex), leading to process corruption
+         * or (best case) a resource leak.
+         *
+         * When WOLFSSL_ATOMIC_INITIALIZER() is available, we can mitigate this
+         * by use an atomic counting int as a mutex.
+         */
+
+        if (wolfSSL_Atomic_Int_FetchAdd(&inits_count_mutex_atomic_initing_flag,
+                                        1) != 0)
+        {
+            (void)wolfSSL_Atomic_Int_FetchSub(
+                &inits_count_mutex_atomic_initing_flag, 1);
+            return DEADLOCK_AVERTED_E;
+        }
+    #endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS */
+        if (wc_InitMutex(&inits_count_mutex) != 0) {
+            WOLFSSL_MSG("Bad Init Mutex count");
+    #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+            (void)wolfSSL_Atomic_Int_FetchSub(
+                &inits_count_mutex_atomic_initing_flag, 1);
+    #endif
+            return BAD_MUTEX_E;
+        }
+        else {
+            inits_count_mutex_valid = 1;
+        }
+    }
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
+
+    if (wc_LockMutex(&inits_count_mutex) != 0) {
+        WOLFSSL_MSG("Bad Lock Mutex count");
+        return BAD_MUTEX_E;
+    }
+
+#if FIPS_VERSION_GE(5,1)
+    if ((ret == WOLFSSL_SUCCESS) && (initRefCount == 0)) {
+        ret = wolfCrypt_SetPrivateKeyReadEnable_fips(1, WC_KEYTYPE_ALL);
+        if (ret == 0)
+            ret = WOLFSSL_SUCCESS;
+    }
+#endif
+
+    if ((ret == WOLFSSL_SUCCESS) && (initRefCount == 0)) {
         /* Initialize crypto for use with TLS connection */
+
         if (wolfCrypt_Init() != 0) {
             WOLFSSL_MSG("Bad wolfCrypt Init");
             ret = WC_INIT_E;
         }
 
-#ifdef HAVE_GLOBAL_RNG
+#if defined(HAVE_GLOBAL_RNG) && !defined(WOLFSSL_MUTEX_INITIALIZER)
         if (ret == WOLFSSL_SUCCESS) {
             if (wc_InitMutex(&globalRNGMutex) != 0) {
                 WOLFSSL_MSG("Bad Init Mutex rng");
@@ -6260,6 +6162,7 @@ int wolfSSL_Init(void)
         }
     #endif
     #ifndef NO_CLIENT_CACHE
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (ret == WOLFSSL_SUCCESS) {
             if (wc_InitMutex(&clisession_mutex) != 0) {
                 WOLFSSL_MSG("Bad Init Mutex session");
@@ -6269,19 +6172,9 @@ int wolfSSL_Init(void)
                 clisession_mutex_valid = 1;
             }
         }
+        #endif
     #endif
 #endif
-#ifndef WOLFSSL_MUTEX_INITIALIZER
-        if (ret == WOLFSSL_SUCCESS) {
-            if (wc_InitMutex(&count_mutex) != 0) {
-                WOLFSSL_MSG("Bad Init Mutex count");
-                ret = BAD_MUTEX_E;
-            }
-            else {
-                count_mutex_valid = 1;
-            }
-        }
-#endif /* !WOLFSSL_MUTEX_INITIALIZER */
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
         /* OpenSSL registers cleanup using atexit */
         if ((ret == WOLFSSL_SUCCESS) && (atexit(AtExitCleanup) != 0)) {
@@ -6291,1668 +6184,312 @@ int wolfSSL_Init(void)
 #endif
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    /* System wide crypto policy disabled by default. */
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     if (ret == WOLFSSL_SUCCESS) {
-        if (wc_LockMutex(&count_mutex) != 0) {
-            WOLFSSL_MSG("Bad Lock Mutex count");
-            ret = BAD_MUTEX_E;
-        }
-        else {
-            initRefCount++;
-            wc_UnLockMutex(&count_mutex);
-        }
+        initRefCount++;
+    }
+    else {
+        initRefCount = 1; /* Force cleanup */
     }
 
+    wc_UnLockMutex(&inits_count_mutex);
+
     if (ret != WOLFSSL_SUCCESS) {
-        initRefCount = 1; /* Force cleanup */
         (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
     }
 
     return ret;
 }
 
-
-#ifndef NO_CERTS
-
-/* process user cert chain to pass during the handshake */
-static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
-                         long sz, int format, int type, WOLFSSL* ssl,
-                         long* used, EncryptedInfo* info, int verify)
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+/* Helper function for wolfSSL_crypto_policy_enable and
+ * wolfSSL_crypto_policy_enable_buffer.
+ *
+ * Parses the crypto policy string, verifies values,
+ * and sets in global crypto policy struct. Not thread
+ * safe. String length has already been verified.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns CRYPTO_POLICY_FORBIDDEN if already enabled.
+ * Returns < 0 on misc error.
+ * */
+static int crypto_policy_parse(void)
 {
-    int ret = 0;
-    void* heap = wolfSSL_CTX_GetHeap(ctx, ssl);
+    const char * hdr = WOLFSSL_SECLEVEL_STR;
+    int          sec_level = 0;
+    size_t       i = 0;
 
-    if ((type == CA_TYPE) && (ctx == NULL)) {
-        WOLFSSL_MSG("Need context for CA load");
-        return BAD_FUNC_ARG;
+    /* All policies should begin with "@SECLEVEL=<N>" (N={0..5}) followed
+     * by bulk cipher list. */
+    if (XMEMCMP(crypto_policy.str, hdr, strlen(hdr)) != 0) {
+        WOLFSSL_MSG("error: crypto policy: invalid header");
+        return WOLFSSL_BAD_FILE;
     }
 
-    /* we may have a user cert chain, try to consume */
-    if ((type == CERT_TYPE || type == CHAIN_CERT_TYPE || type == CA_TYPE) &&
-            (info->consumed < sz)) {
-    #ifdef WOLFSSL_SMALL_STACK
-        byte   staticBuffer[1];                 /* force heap usage */
-    #else
-        byte   staticBuffer[FILE_BUFFER_SIZE];  /* tmp chain buffer */
-    #endif
-        byte*  chainBuffer = staticBuffer;
-        int    dynamicBuffer = 0;
-        word32 bufferSz;
-        long   consumed = info->consumed;
-        word32 idx = 0;
-        int    gotOne = 0;
-    #ifdef WOLFSSL_TLS13
-        int cnt = 0;
-    #endif
-
-        /* Calculate max possible size, including max headers */
-        bufferSz = (word32)(sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH);
-        if (bufferSz > sizeof(staticBuffer)) {
-            WOLFSSL_MSG("Growing Tmp Chain Buffer");
-            /* will shrink to actual size */
-            chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
-            if (chainBuffer == NULL) {
-                return MEMORY_E;
-            }
-            dynamicBuffer = 1;
-        }
-
-        WOLFSSL_MSG("Processing Cert Chain");
-        while (consumed < sz) {
-            DerBuffer* part = NULL;
-            word32 remain = (word32)(sz - consumed);
-            info->consumed = 0;
-
-            if (format == WOLFSSL_FILETYPE_PEM) {
-            #ifdef WOLFSSL_PEM_TO_DER
-                ret = PemToDer(buff + consumed, remain, type, &part,
-                               heap, info, NULL);
-            #else
-                ret = NOT_COMPILED_IN;
-            #endif
-            }
-            else {
-                int length = remain;
-                if (format == WOLFSSL_FILETYPE_ASN1) {
-                    /* get length of der (read sequence) */
-                    word32 inOutIdx = 0;
-                    if (GetSequence(buff + consumed, &inOutIdx, &length,
-                            remain) < 0) {
-                        ret = ASN_NO_PEM_HEADER;
-                    }
-                    length += inOutIdx; /* include leading sequence */
-                }
-                info->consumed = length;
-                if (ret == 0) {
-                    ret = AllocDer(&part, length, type, heap);
-                    if (ret == 0) {
-                        XMEMCPY(part->buffer, buff + consumed, length);
-                    }
-                }
-            }
-            if (ret == 0) {
-                gotOne = 1;
-#ifdef WOLFSSL_TLS13
-                cnt++;
-#endif
-                if ((idx + part->length + CERT_HEADER_SZ) > bufferSz) {
-                    WOLFSSL_MSG("   Cert Chain bigger than buffer. "
-                                "Consider increasing MAX_CHAIN_DEPTH");
-                    ret = BUFFER_E;
-                }
-                else {
-                    c32to24(part->length, &chainBuffer[idx]);
-                    idx += CERT_HEADER_SZ;
-                    XMEMCPY(&chainBuffer[idx], part->buffer, part->length);
-                    idx += part->length;
-                    consumed  += info->consumed;
-                    if (used)
-                        *used += info->consumed;
-                }
-
-                /* add CA's to certificate manager */
-                if (ret == 0 && type == CA_TYPE) {
-                    /* verify CA unless user set to no verify */
-                    ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA, verify);
-                    if (ret == WOLFSSL_SUCCESS) {
-                        ret = 0; /* converted success case */
-                    }
-                    gotOne = 0; /* don't exit loop for CA type */
-                }
-            }
-
-            FreeDer(&part);
-
-            if (ret == ASN_NO_PEM_HEADER && gotOne) {
-                WOLFSSL_MSG("We got one good cert, so stuff at end ok");
-                break;
-            }
-
-            if (ret < 0) {
-                WOLFSSL_MSG("   Error in Cert in Chain");
-                if (dynamicBuffer)
-                    XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
-                return ret;
-            }
-            WOLFSSL_MSG("   Consumed another Cert in Chain");
-        }
-        WOLFSSL_MSG("Finished Processing Cert Chain");
-
-        /* only retain actual size used */
-        ret = 0;
-        if (idx > 0) {
-            if (ssl) {
-                if (ssl->buffers.weOwnCertChain) {
-                    FreeDer(&ssl->buffers.certChain);
-                }
-                ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
-                if (ret == 0) {
-                    XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer,
-                            idx);
-                    ssl->buffers.weOwnCertChain = 1;
-                }
-            #ifdef WOLFSSL_TLS13
-                ssl->buffers.certChainCnt = cnt;
-            #endif
-            } else if (ctx) {
-                FreeDer(&ctx->certChain);
-                ret = AllocDer(&ctx->certChain, idx, type, heap);
-                if (ret == 0) {
-                    XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
-                }
-            #ifdef WOLFSSL_TLS13
-                ctx->certChainCnt = cnt;
-            #endif
-            }
-        }
-
-        if (dynamicBuffer)
-            XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
+    {
+        /* Extract the security level. */
+        char *       policy_mem = crypto_policy.str;
+        policy_mem += strlen(hdr);
+        sec_level = (int) (*policy_mem - '0');
     }
 
-    return ret;
-}
-
-#ifndef NO_RSA
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION > 2))
-static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    int devId)
-{
-    int ret;
-
-    (void)devId;
-
-    *idx = 0;
-    ret = wc_RsaPrivateKeyValidate(der->buffer, idx, keySz, der->length);
-#ifdef WOLF_PRIVATE_KEY_ID
-    if ((ret != 0) && (devId != INVALID_DEVID
-    #ifdef HAVE_PK_CALLBACKS
-            || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
-                                wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-    #endif
-    )) {
-        word32 nSz;
-
-        /* if using crypto or PK callbacks, try public key decode */
-        *idx = 0;
-        ret = wc_RsaPublicKeyDecode_ex(der->buffer, idx, der->length, NULL,
-            &nSz, NULL, NULL);
-        if (ret == 0) {
-            *keySz = (int)nSz;
-        }
+    if (sec_level < MIN_WOLFSSL_SEC_LEVEL ||
+        sec_level > MAX_WOLFSSL_SEC_LEVEL) {
+        WOLFSSL_MSG_EX("error: invalid SECLEVEL: %d", sec_level);
+        return WOLFSSL_BAD_FILE;
     }
-#endif
-    if (ret != 0) {
-    #if !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
-        !defined(HAVE_ED448) && !defined(HAVE_PQC)
-        WOLFSSL_MSG("RSA decode failed and other algorithms "
-                    "not enabled to try");
-        ret = WOLFSSL_BAD_FILE;
-    #else
-        ret = 0; /* continue trying other algorithms */
-    #endif
-    }
-    else {
-        /* check that the size of the RSA key is enough */
-        int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz;
-        if (*keySz < minRsaSz) {
-            ret = RSA_KEY_SIZE_E;
-            WOLFSSL_MSG("Private Key size too small");
+
+    /* Remove trailing '\r' or '\n'. */
+    for (i = 0; i < MAX_WOLFSSL_CRYPTO_POLICY_SIZE; ++i) {
+        if (crypto_policy.str[i] == '\0') {
+            break;
         }
 
-        if (ssl) {
-            ssl->buffers.keyType = rsa_sa_algo;
-            ssl->buffers.keySz = *keySz;
-        }
-        else {
-            ctx->privateKeyType = rsa_sa_algo;
-            ctx->privateKeySz = *keySz;
-        }
-
-        *keyFormat = RSAk;
-
-        if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
-            ssl->options.haveStaticECC = 0;
-            *resetSuites = 1;
+        if (crypto_policy.str[i] == '\r' || crypto_policy.str[i] == '\n') {
+            crypto_policy.str[i] = '\0';
+            break;
         }
     }
 
-    return ret;
-}
-#else
-static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap, int devId)
-{
-    int ret;
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+    WOLFSSL_MSG_EX("info: SECLEVEL=%d", sec_level);
+    WOLFSSL_MSG_EX("info: using crypto-policy file: %s, %ld", policy_file, sz);
+    #endif /* DEBUG_WOLFSSL_VERBOSE */
 
-    /* make sure RSA key can be used */
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey* key;
-#else
-    RsaKey  key[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
-    if (key == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_InitRsaKey_ex(key, heap, devId);
-    if (ret == 0) {
-        *idx = 0;
-        ret = wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length);
-    #ifdef WOLF_PRIVATE_KEY_ID
-        if (ret != 0 && (devId != INVALID_DEVID
-        #ifdef HAVE_PK_CALLBACKS
-            || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
-                                wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-        #endif
-        )) {
-            /* if using crypto or PK callbacks, try public key decode */
-            *idx = 0;
-            ret = wc_RsaPublicKeyDecode(der->buffer, idx, key, der->length);
-        }
-    #endif
-        if (ret != 0) {
-        #if !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
-            !defined(HAVE_ED448) && !defined(HAVE_PQC)
-            WOLFSSL_MSG("RSA decode failed and other algorithms "
-                        "not enabled to try");
-            ret = WOLFSSL_BAD_FILE;
-        #else
-            ret = 0; /* continue trying other algorithms */
-        #endif
-        }
-        else {
-            /* check that the size of the RSA key is enough */
-            int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz;
-            *keySz = wc_RsaEncryptSize((RsaKey*)key);
-            if (*keySz < minRsaSz) {
-                ret = RSA_KEY_SIZE_E;
-                WOLFSSL_MSG("Private Key size too small");
-            }
-
-            if (ssl) {
-                ssl->buffers.keyType = rsa_sa_algo;
-                ssl->buffers.keySz = *keySz;
-            }
-            else {
-                ctx->privateKeyType = rsa_sa_algo;
-                ctx->privateKeySz = *keySz;
-            }
-
-            *keyFormat = RSAk;
-
-            if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
-                ssl->options.haveStaticECC = 0;
-                *resetSuites = 1;
-            }
-        }
-
-        wc_FreeRsaKey(key);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(key, heap, DYNAMIC_TYPE_RSA);
-#endif
-
-    return ret;
-}
-#endif
-#endif /* !NO_RSA */
-
-#ifdef HAVE_ECC
-static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap, int devId)
-{
-    int ret = 0;
-    /* make sure ECC key can be used */
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key* key;
-#else
-    ecc_key  key[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC);
-    if (key == NULL)
-        return MEMORY_E;
-#endif
-
-    if (wc_ecc_init_ex(key, heap, devId) == 0) {
-        *idx = 0;
-        ret = wc_EccPrivateKeyDecode(der->buffer, idx, key, der->length);
-    #ifdef WOLF_PRIVATE_KEY_ID
-        if (ret != 0 && (devId != INVALID_DEVID
-        #ifdef HAVE_PK_CALLBACKS
-            || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
-                                wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-        #endif
-        )) {
-            /* if using crypto or PK callbacks, try public key decode */
-            *idx = 0;
-            ret = wc_EccPublicKeyDecode(der->buffer, idx, key, der->length);
-        }
-    #endif
-        if (ret == 0) {
-            /* check for minimum ECC key size and then free */
-            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
-            *keySz = wc_ecc_size(key);
-            if (*keySz < minKeySz) {
-                WOLFSSL_MSG("ECC private key too small");
-                ret = ECC_KEY_SIZE_E;
-            }
-
-            *keyFormat = ECDSAk;
-            if (ssl) {
-                ssl->options.haveStaticECC = 1;
-                ssl->buffers.keyType = ecc_dsa_sa_algo;
-            #ifdef WOLFSSL_SM2
-                if (key->dp->id == ECC_SM2P256V1)
-                    ssl->buffers.keyType = sm2_sa_algo;
-                else
-            #endif
-                    ssl->buffers.keyType = ecc_dsa_sa_algo;
-                ssl->buffers.keySz = *keySz;
-            }
-            else {
-                ctx->haveStaticECC = 1;
-                ctx->privateKeyType = ecc_dsa_sa_algo;
-            #ifdef WOLFSSL_SM2
-                if (key->dp->id == ECC_SM2P256V1)
-                    ctx->privateKeyType = sm2_sa_algo;
-                else
-            #endif
-                    ctx->privateKeyType = ecc_dsa_sa_algo;
-                ctx->privateKeySz = *keySz;
-            }
-
-            if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
-                *resetSuites = 1;
-            }
-        }
-        else {
-            ret = 0; /* continue trying other algorithms */
-        }
-
-        wc_ecc_free(key);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(key, heap, DYNAMIC_TYPE_ECC);
-#endif
-    return ret;
-}
-#endif /* HAVE_ECC */
-
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
-static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap, int devId)
-{
-    int ret;
-    /* make sure Ed25519 key can be used */
-#ifdef WOLFSSL_SMALL_STACK
-    ed25519_key* key;
-#else
-    ed25519_key  key[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
-                                                          DYNAMIC_TYPE_ED25519);
-    if (key == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_ed25519_init_ex(key, heap, devId);
-    if (ret == 0) {
-        *idx = 0;
-        ret = wc_Ed25519PrivateKeyDecode(der->buffer, idx, key, der->length);
-    #ifdef WOLF_PRIVATE_KEY_ID
-        if (ret != 0 && (devId != INVALID_DEVID
-        #ifdef HAVE_PK_CALLBACKS
-            || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
-                                wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-        #endif
-        )) {
-            /* if using crypto or PK callbacks, try public key decode */
-            *idx = 0;
-            ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length);
-        }
-    #endif
-        if (ret == 0) {
-            /* check for minimum key size and then free */
-            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
-            *keySz = ED25519_KEY_SIZE;
-            if (*keySz < minKeySz) {
-                WOLFSSL_MSG("ED25519 private key too small");
-                ret = ECC_KEY_SIZE_E;
-            }
-            if (ret == 0) {
-                if (ssl) {
-                    ssl->buffers.keyType = ed25519_sa_algo;
-                    ssl->buffers.keySz = *keySz;
-                }
-                else if (ctx) {
-                    ctx->privateKeyType = ed25519_sa_algo;
-                    ctx->privateKeySz = *keySz;
-                }
-
-                *keyFormat = ED25519k;
-                if (ssl != NULL) {
-#if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED25519_CLIENT_AUTH)
-                    /* ED25519 requires caching enabled for tracking message
-                     * hash used in EdDSA_Update for signing */
-                    ssl->options.cacheMessages = 1;
-#endif
-                    if (ssl->options.side == WOLFSSL_SERVER_END) {
-                        *resetSuites = 1;
-                    }
-                }
-            }
-        }
-        else {
-            ret = 0; /* continue trying other algorithms */
-        }
-
-        wc_ed25519_free(key);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(key, heap, DYNAMIC_TYPE_ED25519);
-#endif
-    return ret;
-}
-#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
-
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
-static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap, int devId)
-{
-    int ret;
-    /* make sure Ed448 key can be used */
-#ifdef WOLFSSL_SMALL_STACK
-    ed448_key* key = NULL;
-#else
-    ed448_key  key[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    key = (ed448_key*)XMALLOC(sizeof(ed448_key), heap, DYNAMIC_TYPE_ED448);
-    if (key == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_ed448_init_ex(key, heap, devId);
-    if (ret == 0) {
-        *idx = 0;
-        ret = wc_Ed448PrivateKeyDecode(der->buffer, idx, key, der->length);
-    #ifdef WOLF_PRIVATE_KEY_ID
-        if (ret != 0 && (devId != INVALID_DEVID
-        #ifdef HAVE_PK_CALLBACKS
-            || ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
-                                wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-        #endif
-        )) {
-            /* if using crypto or PK callbacks, try public key decode */
-            *idx = 0;
-            ret = wc_Ed448PublicKeyDecode(der->buffer, idx, key, der->length);
-        }
-    #endif
-        if (ret == 0) {
-            /* check for minimum key size and then free */
-            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
-            *keySz = ED448_KEY_SIZE;
-            if (*keySz < minKeySz) {
-                WOLFSSL_MSG("ED448 private key too small");
-                ret = ECC_KEY_SIZE_E;
-            }
-        }
-        if (ret == 0) {
-            if (ssl) {
-                ssl->buffers.keyType = ed448_sa_algo;
-                ssl->buffers.keySz = *keySz;
-            }
-            else if (ctx) {
-                ctx->privateKeyType = ed448_sa_algo;
-                ctx->privateKeySz = *keySz;
-            }
-
-            *keyFormat = ED448k;
-            if (ssl != NULL) {
-                /* ED448 requires caching enabled for tracking message
-                 * hash used in EdDSA_Update for signing */
-                ssl->options.cacheMessages = 1;
-                if (ssl->options.side == WOLFSSL_SERVER_END) {
-                    *resetSuites = 1;
-                }
-            }
-        }
-
-        wc_ed448_free(key);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(key, heap, DYNAMIC_TYPE_ED448);
-#endif
-    return ret;
-}
-#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
-
-#if defined(HAVE_PQC)
-#if defined(HAVE_FALCON)
-static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap)
-{
-    int ret;
-    /* make sure Falcon key can be used */
-    falcon_key* key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap,
-                                           DYNAMIC_TYPE_FALCON);
-    if (key == NULL) {
-        return MEMORY_E;
-    }
-    ret = wc_falcon_init(key);
-    if (ret == 0) {
-        if (*keyFormat == FALCON_LEVEL1k) {
-            ret = wc_falcon_set_level(key, 1);
-        }
-        else if (*keyFormat == FALCON_LEVEL5k) {
-            ret = wc_falcon_set_level(key, 5);
-        }
-        else {
-            /* What if *keyformat is 0? We might want to do something more
-             * graceful here. */
-            wc_falcon_free(key);
-            ret = ALGO_ID_E;
-        }
-    }
-
-    if (ret == 0) {
-        *idx = 0;
-        ret = wc_falcon_import_private_only(der->buffer, der->length, key);
-        if (ret == 0) {
-            /* check for minimum key size and then free */
-            int minKeySz = ssl ? ssl->options.minFalconKeySz :
-                                 ctx->minFalconKeySz;
-            *keySz = FALCON_MAX_KEY_SIZE;
-            if (*keySz < minKeySz) {
-                WOLFSSL_MSG("Falcon private key too small");
-                ret = FALCON_KEY_SIZE_E;
-            }
-            if (ssl) {
-                if (*keyFormat == FALCON_LEVEL1k) {
-                    ssl->buffers.keyType = falcon_level1_sa_algo;
-                }
-                else {
-                    ssl->buffers.keyType = falcon_level5_sa_algo;
-                }
-                ssl->buffers.keySz = *keySz;
-            }
-            else {
-                if (*keyFormat == FALCON_LEVEL1k) {
-                    ctx->privateKeyType = falcon_level1_sa_algo;
-                }
-                else {
-                    ctx->privateKeyType = falcon_level5_sa_algo;
-                }
-                ctx->privateKeySz = *keySz;
-            }
-
-            if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
-                *resetSuites = 1;
-            }
-        }
-        wc_falcon_free(key);
-    }
-    XFREE(key, heap, DYNAMIC_TYPE_FALCON);
-    return ret;
-}
-#endif
-
-#if defined(HAVE_DILITHIUM)
-static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap)
-{
-    int ret;
-    /* make sure Dilithium key can be used */
-    dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
-                                                 DYNAMIC_TYPE_DILITHIUM);
-    if (key == NULL) {
-        return MEMORY_E;
-    }
-    ret = wc_dilithium_init(key);
-    if (ret == 0) {
-        if (*keyFormat == DILITHIUM_LEVEL2k) {
-            ret = wc_dilithium_set_level(key, 2);
-        }
-        else if (*keyFormat == DILITHIUM_LEVEL3k) {
-            ret = wc_dilithium_set_level(key, 3);
-        }
-        else if (*keyFormat == DILITHIUM_LEVEL5k) {
-            ret = wc_dilithium_set_level(key, 5);
-        }
-        else {
-            /* What if *keyformat is 0? We might want to do something more
-             * graceful here. */
-            wc_dilithium_free(key);
-            ret = ALGO_ID_E;
-        }
-    }
-
-    if (ret == 0) {
-        *idx = 0;
-        ret = wc_dilithium_import_private_only(der->buffer, der->length, key);
-        if (ret == 0) {
-            /* check for minimum key size and then free */
-            int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
-                                 ctx->minDilithiumKeySz;
-            *keySz = DILITHIUM_MAX_KEY_SIZE;
-            if (*keySz < minKeySz) {
-                WOLFSSL_MSG("Dilithium private key too small");
-                ret = DILITHIUM_KEY_SIZE_E;
-            }
-            if (ssl) {
-                if (*keyFormat == DILITHIUM_LEVEL2k) {
-                    ssl->buffers.keyType = dilithium_level2_sa_algo;
-                }
-                else if (*keyFormat == DILITHIUM_LEVEL3k) {
-                    ssl->buffers.keyType = dilithium_level3_sa_algo;
-                }
-                else if (*keyFormat == DILITHIUM_LEVEL5k) {
-                    ssl->buffers.keyType = dilithium_level5_sa_algo;
-                }
-                ssl->buffers.keySz = *keySz;
-            }
-            else {
-                if (*keyFormat == DILITHIUM_LEVEL2k) {
-                    ctx->privateKeyType = dilithium_level2_sa_algo;
-                }
-                else if (*keyFormat == DILITHIUM_LEVEL3k) {
-                    ctx->privateKeyType = dilithium_level3_sa_algo;
-                }
-                else if (*keyFormat == DILITHIUM_LEVEL5k) {
-                    ctx->privateKeyType = dilithium_level5_sa_algo;
-                }
-                ctx->privateKeySz = *keySz;
-            }
-
-            if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
-                *resetSuites = 1;
-            }
-        }
-        wc_dilithium_free(key);
-    }
-    XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
-
-    return ret;
-}
-#endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
-
-static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-    DerBuffer* der, int* keySz, word32* idx, int* resetSuites, int* keyFormat,
-    void* heap, int devId)
-{
-    int ret = 0;
-
-    (void)heap;
-    (void)devId;
-
-    if (ctx == NULL && ssl == NULL)
-        return BAD_FUNC_ARG;
-    if (!der || !keySz || !idx || !resetSuites || !keyFormat)
-        return BAD_FUNC_ARG;
-
-#ifndef NO_RSA
-    if ((*keyFormat == 0 || *keyFormat == RSAk)) {
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION > 2))
-        ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keySz, idx, resetSuites,
-            keyFormat, devId);
-#else
-        ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keySz, idx, resetSuites,
-            keyFormat, heap, devId);
-#endif
-        if (ret != 0)
-            return ret;
-    }
-#endif
-#ifdef HAVE_ECC
-    if ((*keyFormat == 0) || (*keyFormat == ECDSAk)
-    #ifdef WOLFSSL_SM2
-        || (*keyFormat == SM2k)
-    #endif
-        ) {
-        ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keySz, idx, resetSuites,
-            keyFormat, heap, devId);
-        if (ret != 0)
-            return ret;
-    }
-#endif /* HAVE_ECC */
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
-    if ((*keyFormat == 0 || *keyFormat == ED25519k)) {
-        ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keySz, idx,
-            resetSuites, keyFormat, heap, devId);
-        if (ret != 0)
-            return ret;
-    }
-#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
-    if ((*keyFormat == 0 || *keyFormat == ED448k)) {
-        ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keySz, idx,
-            resetSuites, keyFormat, heap, devId);
-        if (ret != 0)
-            return ret;
-    }
-#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
-#if defined(HAVE_PQC)
-#if defined(HAVE_FALCON)
-    if (((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
-         (*keyFormat == FALCON_LEVEL5k))) {
-        ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keySz, idx,
-            resetSuites, keyFormat, heap);
-        if (ret != 0)
-            return ret;
-    }
-#endif /* HAVE_FALCON */
-#if defined(HAVE_DILITHIUM)
-    if ((*keyFormat == 0) ||
-        (*keyFormat == DILITHIUM_LEVEL2k) ||
-        (*keyFormat == DILITHIUM_LEVEL3k) ||
-        (*keyFormat == DILITHIUM_LEVEL5k)) {
-        ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keySz, idx,
-            resetSuites, keyFormat, heap);
-        if (ret != 0) {
-            return ret;
-        }
-    }
-#endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
-    return ret;
-}
-
-/* process the buffer buff, length sz, into ctx of format and type
-   used tracks bytes consumed, userChain specifies a user cert chain
-   to pass during the handshake */
-int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
-                         long sz, int format, int type, WOLFSSL* ssl,
-                         long* used, int userChain, int verify)
-{
-    DerBuffer*    der = NULL;
-    int           ret = 0;
-    int           done = 0;
-    int           keyFormat = 0;
-    int           resetSuites = 0;
-    void*         heap = wolfSSL_CTX_GetHeap(ctx, ssl);
-    int           devId = wolfSSL_CTX_GetDevId(ctx, ssl);
-    word32        idx = 0;
-    int           keySz = 0;
-#if (defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)) || \
-     defined(HAVE_PKCS8)
-    word32        algId = 0;
-#endif
-#ifdef WOLFSSL_SMALL_STACK
-    EncryptedInfo* info = NULL;
-#else
-    EncryptedInfo  info[1];
-#endif
-
-    (void)devId;
-    (void)idx;
-    (void)keySz;
-
-    if (used)
-        *used = sz;     /* used bytes default to sz, PEM chain may shorten*/
-
-    /* check args */
-    if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM)
-        return WOLFSSL_BAD_FILETYPE;
-
-    if (ctx == NULL && ssl == NULL)
-        return BAD_FUNC_ARG;
-
-    /* This API does not handle CHAIN_CERT_TYPE */
-    if (type == CHAIN_CERT_TYPE)
-        return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
-    info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap,
-                                   DYNAMIC_TYPE_ENCRYPTEDINFO);
-    if (info == NULL)
-        return MEMORY_E;
-#endif
-
-    XMEMSET(info, 0, sizeof(EncryptedInfo));
-#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
-    if (ctx) {
-        info->passwd_cb       = ctx->passwd_cb;
-        info->passwd_userdata = ctx->passwd_userdata;
-    }
-#endif
-
-    if (format == WOLFSSL_FILETYPE_PEM) {
-    #ifdef WOLFSSL_PEM_TO_DER
-        ret = PemToDer(buff, sz, type, &der, heap, info, &keyFormat);
-    #else
-        ret = NOT_COMPILED_IN;
-    #endif
-    }
-    else {
-        /* ASN1 (DER) */
-        int length = (int)sz;
-        word32 inOutIdx = 0;
-        /* get length of der (read sequence or octet string) */
-        if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) {
-            length += inOutIdx; /* include leading sequence */
-        }
-        /* get length using octet string (allowed for private key types) */
-        else if (type == PRIVATEKEY_TYPE &&
-                    GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) {
-            length += inOutIdx; /* include leading oct string */
-        }
-        else {
-            ret = ASN_PARSE_E;
-        }
-
-        info->consumed = length;
-
-        if (ret == 0) {
-            ret = AllocDer(&der, (word32)length, type, heap);
-            if (ret == 0) {
-                XMEMCPY(der->buffer, buff, length);
-            }
-
-        #ifdef HAVE_PKCS8
-            /* if private key try and remove PKCS8 header */
-            if (ret == 0 && type == PRIVATEKEY_TYPE) {
-                if ((ret = ToTraditional_ex(der->buffer, der->length,
-                                                                 &algId)) > 0) {
-                    /* Found PKCS8 header */
-                    /* ToTraditional_ex moves buff and returns adjusted length */
-                    der->length = ret;
-                    keyFormat = algId;
-                }
-                ret = 0; /* failures should be ignored */
-            }
-        #endif
-        }
-    }
-
-    if (used) {
-        *used = info->consumed;
-    }
-
-    /* process user chain */
-    if (ret >= 0) {
-        /* Chain should have server cert first, then intermediates, then root.
-         * First certificate in chain is processed below after ProcessUserChain
-         *   and is loaded into ssl->buffers.certificate.
-         * Remainder are processed using ProcessUserChain and are loaded into
-         *   ssl->buffers.certChain. */
-        if (userChain) {
-            ret = ProcessUserChain(ctx, buff, sz, format, CHAIN_CERT_TYPE, ssl,
-                                   used, info, verify);
-            if (ret == ASN_NO_PEM_HEADER) { /* Additional chain is optional */
-                unsigned long pemErr = 0;
-                CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr);
-                ret = 0;
-            }
-        }
-    }
-
-    /* info is only used for private key with DER or PEM, so free now */
-    if (ret < 0 || type != PRIVATEKEY_TYPE) {
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
-    #endif
-    }
-
-    /* check for error */
-    if (ret < 0) {
-        FreeDer(&der);
-        done = 1;
-    }
-
-    if (done == 1) {
-        /* No operation, just skip the next section */
-    }
-    /* Handle DER owner */
-    else if (type == CA_TYPE) {
-        if (ctx == NULL) {
-            WOLFSSL_MSG("Need context for CA load");
-            FreeDer(&der);
-            return BAD_FUNC_ARG;
-        }
-        /* verify CA unless user set to no verify */
-        ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify);
-        done = 1;
-    }
-#ifdef WOLFSSL_TRUST_PEER_CERT
-    else if (type == TRUSTED_PEER_TYPE) {
-        /* add trusted peer cert. der is freed within */
-        if (ctx != NULL)
-            ret = AddTrustedPeer(ctx->cm, &der, verify);
-        else {
-            SSL_CM_WARNING(ssl);
-            ret = AddTrustedPeer(SSL_CM(ssl), &der, verify);
-        }
-        if (ret != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Error adding trusted peer");
-        }
-        done = 1;
-    }
-#endif /* WOLFSSL_TRUST_PEER_CERT */
-    else if (type == CERT_TYPE) {
-        if (ssl != NULL) {
-             /* Make sure previous is free'd */
-            if (ssl->buffers.weOwnCert) {
-                FreeDer(&ssl->buffers.certificate);
-            #ifdef KEEP_OUR_CERT
-                wolfSSL_X509_free(ssl->ourCert);
-                ssl->ourCert = NULL;
-            #endif
-            }
-            ssl->buffers.certificate = der;
-        #ifdef KEEP_OUR_CERT
-            ssl->keepCert = 1; /* hold cert for ssl lifetime */
-        #endif
-            ssl->buffers.weOwnCert = 1;
-        }
-        else if (ctx != NULL) {
-            FreeDer(&ctx->certificate); /* Make sure previous is free'd */
-        #ifdef KEEP_OUR_CERT
-            if (ctx->ourCert) {
-                if (ctx->ownOurCert)
-                    wolfSSL_X509_free(ctx->ourCert);
-                ctx->ourCert = NULL;
-            }
-        #endif
-            ctx->certificate = der;
-        }
-    }
-    else if (type == PRIVATEKEY_TYPE) {
-        if (ssl != NULL) {
-             /* Make sure previous is free'd */
-            if (ssl->buffers.weOwnKey) {
-                ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length);
-                FreeDer(&ssl->buffers.key);
-            }
-            ssl->buffers.key = der;
-#ifdef WOLFSSL_CHECK_MEM_ZERO
-            wc_MemZero_Add("SSL Buffers key", der->buffer, der->length);
-#endif
-            ssl->buffers.weOwnKey = 1;
-        }
-        else if (ctx != NULL) {
-            if (ctx->privateKey != NULL && ctx->privateKey->buffer != NULL) {
-                ForceZero(ctx->privateKey->buffer, ctx->privateKey->length);
-            }
-            FreeDer(&ctx->privateKey);
-            ctx->privateKey = der;
-#ifdef WOLFSSL_CHECK_MEM_ZERO
-            wc_MemZero_Add("CTX private key", der->buffer, der->length);
-#endif
-        }
-    }
-    else {
-        FreeDer(&der);
-        return WOLFSSL_BAD_CERTTYPE;
-    }
-
-    if (done == 1) {
-        /* No operation, just skip the next section */
-    }
-    else if (type == PRIVATEKEY_TYPE) {
-        ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites,
-                &keyFormat, heap, devId);
-
-    #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
-        /* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */
-        /* If private key type PKCS8 header wasn't already removed (algoId == 0) */
-        if ((ret != 0 || keyFormat == 0)
-            && format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0)
-        {
-            int   passwordSz = NAME_SZ;
-        #ifndef WOLFSSL_SMALL_STACK
-            char  password[NAME_SZ];
-        #else
-            char* password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
-            if (password == NULL) {
-                XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
-                FreeDer(&der);
-                return MEMORY_E;
-            }
-        #endif
-            /* get password */
-            ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
-                info->passwd_userdata);
-            if (ret >= 0) {
-                passwordSz = ret;
-            #ifdef WOLFSSL_CHECK_MEM_ZERO
-                wc_MemZero_Add("ProcessBuffer password", password, passwordSz);
-            #endif
-
-                /* PKCS8 decrypt */
-                ret = ToTraditionalEnc(der->buffer, der->length,
-                                       password, passwordSz, &algId);
-                if (ret >= 0) {
-                    ForceZero(der->buffer + ret, der->length - ret);
-                    der->length = ret;
-                }
-                /* ignore failures and try parsing as unencrypted */
-
-                ForceZero(password, passwordSz);
-            }
-
-        #ifdef WOLFSSL_SMALL_STACK
-            XFREE(password, heap, DYNAMIC_TYPE_STRING);
-        #elif defined(WOLFSSL_CHECK_MEM_ZERO)
-            wc_MemZero_Check(password, NAME_SZ);
-        #endif
-            ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx,
-                &resetSuites, &keyFormat, heap, devId);
-        }
-    #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
-
-        if (ret != 0) {
-        #ifdef WOLFSSL_SMALL_STACK
-            XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
-        #endif
-            return ret;
-        }
-        if (keyFormat == 0) {
-#ifdef OPENSSL_EXTRA
-            /* Reaching this point probably means that the
-             * decryption password is wrong */
-            if (info->passwd_cb)
-                EVPerr(0, EVP_R_BAD_DECRYPT);
-#endif
-        #ifdef WOLFSSL_SMALL_STACK
-            XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
-        #endif
-            WOLFSSL_ERROR(WOLFSSL_BAD_FILE);
-            return WOLFSSL_BAD_FILE;
-        }
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
-    #endif
-
-        (void)devId;
-    }
-    else if (type == CERT_TYPE) {
-    #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert;
-    #else
-        DecodedCert  cert[1];
-    #endif
-    #ifdef WOLF_PRIVATE_KEY_ID
-        int keyType = 0;
-    #endif
-
-    #ifdef WOLFSSL_SMALL_STACK
-        cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
-                                     DYNAMIC_TYPE_DCERT);
-        if (cert == NULL)
-            return MEMORY_E;
-    #endif
-
-        WOLFSSL_MSG("Checking cert signature type");
-        InitDecodedCert_ex(cert, der->buffer, der->length, heap, devId);
-
-        if (DecodeToKey(cert, 0) < 0) {
-            WOLFSSL_MSG("Decode to key failed");
-            FreeDecodedCert(cert);
-        #ifdef WOLFSSL_SMALL_STACK
-            XFREE(cert, heap, DYNAMIC_TYPE_DCERT);
-        #endif
-            return WOLFSSL_BAD_FILE;
-        }
-#if defined(HAVE_RPK)
-        if (ssl) {
-            ssl->options.rpkState.isRPKLoaded = 0;
-            if (cert->isRPK) {
-                ssl->options.rpkState.isRPKLoaded = 1;
-            }
-        }
-        else if (ctx) {
-            ctx->rpkState.isRPKLoaded = 0;
-            if (cert->isRPK) {
-                ctx->rpkState.isRPKLoaded = 1;
-            }
-        }
-#endif /* HAVE_RPK */
-
-        if (ssl) {
-            if (ssl->options.side == WOLFSSL_SERVER_END)
-                resetSuites = 1;
-        }
-        else if (ctx && ctx->method->side == WOLFSSL_SERVER_END) {
-            resetSuites = 1;
-        }
-        if (ssl && ssl->ctx->haveECDSAsig) {
-            WOLFSSL_MSG("SSL layer setting cert, CTX had ECDSA, turning off");
-            ssl->options.haveECDSAsig = 0;   /* may turn back on next */
-        }
-
-        switch (cert->signatureOID) {
-            case CTC_SHAwECDSA:
-            case CTC_SHA256wECDSA:
-            case CTC_SHA384wECDSA:
-            case CTC_SHA512wECDSA:
-            case CTC_ED25519:
-            case CTC_ED448:
-        #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-            case CTC_SM3wSM2:
-        #endif
-                WOLFSSL_MSG("ECDSA/ED25519/ED448 cert signature");
-                if (ssl)
-                    ssl->options.haveECDSAsig = 1;
-                else if (ctx)
-                    ctx->haveECDSAsig = 1;
-                break;
-            case CTC_FALCON_LEVEL1:
-            case CTC_FALCON_LEVEL5:
-                WOLFSSL_MSG("Falcon cert signature");
-                if (ssl)
-                    ssl->options.haveFalconSig = 1;
-                else if (ctx)
-                    ctx->haveFalconSig = 1;
-                break;
-            case CTC_DILITHIUM_LEVEL2:
-            case CTC_DILITHIUM_LEVEL3:
-            case CTC_DILITHIUM_LEVEL5:
-                WOLFSSL_MSG("Dilithium cert signature");
-                if (ssl)
-                    ssl->options.haveDilithiumSig = 1;
-                else if (ctx)
-                    ctx->haveDilithiumSig = 1;
-                break;
-            default:
-                WOLFSSL_MSG("Not ECDSA cert signature");
-                break;
-        }
-
-    #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
-        (defined(HAVE_PQC) && defined(HAVE_LIBOQS)) || !defined(NO_RSA)
-        if (ssl) {
-        #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \
-            (defined(HAVE_CURVE448) && defined(HAVE_ED448))
-            ssl->pkCurveOID = cert->pkCurveOID;
-        #endif
-        #ifndef WC_STRICT_SIG
-            if (cert->keyOID == ECDSAk) {
-                ssl->options.haveECC = 1;
-            }
-            #ifndef NO_RSA
-            else if (cert->keyOID == RSAk) {
-                ssl->options.haveRSA = 1;
-            }
-            #ifdef WC_RSA_PSS
-            else if (cert->keyOID == RSAPSSk) {
-                ssl->options.haveRSA = 1;
-            }
-            #endif
-            #endif
-            #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                else if (cert->keyOID == SM2k) {
-                    ssl->options.haveECC = 1;
-                }
-            #endif
-            #ifdef HAVE_ED25519
-                else if (cert->keyOID == ED25519k) {
-                    ssl->options.haveECC = 1;
-                }
-            #endif
-            #ifdef HAVE_ED448
-                else if (cert->keyOID == ED448k) {
-                    ssl->options.haveECC = 1;
-                }
-            #endif
-            #ifdef HAVE_PQC
-            #ifdef HAVE_FALCON
-                else if (cert->keyOID == FALCON_LEVEL1k ||
-                         cert->keyOID == FALCON_LEVEL5k) {
-                    ssl->options.haveFalconSig = 1;
-                }
-            #endif /* HAVE_FALCON */
-            #ifdef HAVE_DILITHIUM
-                else if (cert->keyOID == DILITHIUM_LEVEL2k ||
-                         cert->keyOID == DILITHIUM_LEVEL3k ||
-                         cert->keyOID == DILITHIUM_LEVEL5k) {
-                    ssl->options.haveDilithiumSig = 1;
-                }
-            #endif /* HAVE_DILITHIUM */
-            #endif /* HAVE_PQC */
-        #else
-            ssl->options.haveECC = ssl->options.haveECDSAsig;
-        #endif
-        }
-        else if (ctx) {
-        #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
-            ctx->pkCurveOID = cert->pkCurveOID;
-        #endif
-        #ifndef WC_STRICT_SIG
-            if (cert->keyOID == ECDSAk) {
-                ctx->haveECC = 1;
-            }
-            #ifndef NO_RSA
-            else if (cert->keyOID == RSAk) {
-                ctx->haveRSA = 1;
-            }
-            #ifdef WC_RSA_PSS
-            else if (cert->keyOID == RSAPSSk) {
-                ctx->haveRSA = 1;
-            }
-            #endif
-            #endif
-            #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-            else if (cert->keyOID == SM2k) {
-                ctx->haveECC = 1;
-            }
-            #endif
-            #ifdef HAVE_ED25519
-                else if (cert->keyOID == ED25519k) {
-                    ctx->haveECC = 1;
-                }
-            #endif
-            #ifdef HAVE_ED448
-                else if (cert->keyOID == ED448k) {
-                    ctx->haveECC = 1;
-                }
-            #endif
-            #ifdef HAVE_PQC
-            #ifdef HAVE_FALCON
-                else if (cert->keyOID == FALCON_LEVEL1k ||
-                         cert->keyOID == FALCON_LEVEL5k) {
-                    ctx->haveFalconSig = 1;
-                }
-            #endif /* HAVE_FALCON */
-            #ifdef HAVE_DILITHIUM
-                else if (cert->keyOID == DILITHIUM_LEVEL2k ||
-                         cert->keyOID == DILITHIUM_LEVEL3k ||
-                         cert->keyOID == DILITHIUM_LEVEL5k) {
-                    ctx->haveDilithiumSig = 1;
-                }
-            #endif /* HAVE_DILITHIUM */
-            #endif /* HAVE_PQC */
-        #else
-            ctx->haveECC = ctx->haveECDSAsig;
-        #endif
-        }
-    #endif
-
-        /* check key size of cert unless specified not to */
-        switch (cert->keyOID) {
-        #ifndef NO_RSA
-            #ifdef WC_RSA_PSS
-            case RSAPSSk:
-            #endif
-            case RSAk:
-            #ifdef WOLF_PRIVATE_KEY_ID
-                keyType = rsa_sa_algo;
-            #endif
-                /* Determine RSA key size by parsing public key */
-                idx = 0;
-                ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx,
-                    cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL);
-                if (ret < 0)
-                    break;
-
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minRsaKeySz < 0 ||
-                          keySz < (int)ssl->options.minRsaKeySz ||
-                          keySz > (RSA_MAX_SIZE / 8)) {
-                        ret = RSA_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate RSA key size too small");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minRsaKeySz < 0 ||
-                            keySz < (int)ctx->minRsaKeySz ||
-                            keySz > (RSA_MAX_SIZE / 8)) {
-                        ret = RSA_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate RSA key size too small");
-                    }
-                }
-                break;
-        #endif /* !NO_RSA */
-        #ifdef HAVE_ECC
-            case ECDSAk:
-            #ifdef WOLF_PRIVATE_KEY_ID
-                keyType = ecc_dsa_sa_algo;
-            #endif
-                /* Determine ECC key size based on curve */
-            #ifdef WOLFSSL_CUSTOM_CURVES
-                if (cert->pkCurveOID == 0 && cert->pkCurveSize != 0) {
-                    keySz = cert->pkCurveSize * 8;
-                }
-                else
-            #endif
-                {
-                    keySz = wc_ecc_get_curve_size_from_id(
-                        wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL));
-                }
-
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minEccKeySz < 0 ||
-                          keySz < (int)ssl->options.minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate ECC key size error");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minEccKeySz < 0 ||
-                                  keySz < (int)ctx->minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate ECC key size error");
-                    }
-                }
-                break;
-        #endif /* HAVE_ECC */
-        #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-            case SM2k:
-            #ifdef WOLF_PRIVATE_KEY_ID
-                keyType = sm2_sa_algo;
-            #endif
-                /* Determine ECC key size based on curve */
-                keySz = wc_ecc_get_curve_size_from_id(
-                    wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL));
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minEccKeySz < 0 ||
-                          keySz < (int)ssl->options.minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Ed key size error");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minEccKeySz < 0 ||
-                                  keySz < (int)ctx->minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate ECC key size error");
-                    }
-                }
-                break;
-        #endif /* HAVE_ED25519 */
-        #ifdef HAVE_ED25519
-            case ED25519k:
-            #ifdef WOLF_PRIVATE_KEY_ID
-                keyType = ed25519_sa_algo;
-            #endif
-                /* ED25519 is fixed key size */
-                keySz = ED25519_KEY_SIZE;
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minEccKeySz < 0 ||
-                          keySz < (int)ssl->options.minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Ed key size error");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minEccKeySz < 0 ||
-                                  keySz < (int)ctx->minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate ECC key size error");
-                    }
-                }
-                break;
-        #endif /* HAVE_ED25519 */
-        #ifdef HAVE_ED448
-            case ED448k:
-            #ifdef WOLF_PRIVATE_KEY_ID
-                keyType = ed448_sa_algo;
-            #endif
-                /* ED448 is fixed key size */
-                keySz = ED448_KEY_SIZE;
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minEccKeySz < 0 ||
-                          keySz < (int)ssl->options.minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Ed key size error");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minEccKeySz < 0 ||
-                                  keySz < (int)ctx->minEccKeySz) {
-                        ret = ECC_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate ECC key size error");
-                    }
-                }
-                break;
-        #endif /* HAVE_ED448 */
-        #if defined(HAVE_PQC)
-        #if defined(HAVE_FALCON)
-            case FALCON_LEVEL1k:
-            case FALCON_LEVEL5k:
-                /* Falcon is fixed key size */
-                keySz = FALCON_MAX_KEY_SIZE;
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minFalconKeySz < 0 ||
-                          keySz < (int)ssl->options.minFalconKeySz) {
-                        ret = FALCON_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Falcon key size error");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minFalconKeySz < 0 ||
-                                  keySz < (int)ctx->minFalconKeySz) {
-                        ret = FALCON_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Falcon key size error");
-                    }
-                }
-                break;
-        #endif /* HAVE_FALCON */
-        #if defined(HAVE_DILITHIUM)
-            case DILITHIUM_LEVEL2k:
-            case DILITHIUM_LEVEL3k:
-            case DILITHIUM_LEVEL5k:
-                /* Dilithium is fixed key size */
-                keySz = DILITHIUM_MAX_KEY_SIZE;
-                if (ssl && !ssl->options.verifyNone) {
-                    if (ssl->options.minDilithiumKeySz < 0 ||
-                          keySz < (int)ssl->options.minDilithiumKeySz) {
-                        ret = DILITHIUM_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Dilithium key size error");
-                    }
-                }
-                else if (ctx && !ctx->verifyNone) {
-                    if (ctx->minDilithiumKeySz < 0 ||
-                                  keySz < (int)ctx->minDilithiumKeySz) {
-                        ret = DILITHIUM_KEY_SIZE_E;
-                        WOLFSSL_MSG("Certificate Dilithium key size error");
-                    }
-                }
-                break;
-        #endif /* HAVE_DILITHIUM */
-        #endif /* HAVE_PQC */
-
-            default:
-                WOLFSSL_MSG("No key size check done on certificate");
-                break; /* do no check if not a case for the key */
-        }
-
-    #ifdef WOLF_PRIVATE_KEY_ID
-        if (ssl != NULL) {
-            ssl->buffers.keyType = (byte)keyType;
-            ssl->buffers.keySz = keySz;
-        }
-        else if (ctx != NULL) {
-            ctx->privateKeyType = (byte)keyType;
-            ctx->privateKeySz = keySz;
-        }
-    #endif
-
-        FreeDecodedCert(cert);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(cert, heap, DYNAMIC_TYPE_DCERT);
-    #endif
-
-        if (ret != 0) {
-            done = 1;
-        }
-    }
-
-    if (done == 1) {
-    #if !defined(NO_WOLFSSL_CM_VERIFY) && (!defined(NO_WOLFSSL_CLIENT) || \
-                                           !defined(WOLFSSL_NO_CLIENT_AUTH))
-        if ((type == CA_TYPE) || (type == CERT_TYPE)) {
-            /* Call to over-ride status */
-            if ((ctx != NULL) && (ctx->cm != NULL) &&
-                (ctx->cm->verifyCallback != NULL)) {
-                ret = CM_VerifyBuffer_ex(ctx->cm, buff,
-                        sz, format, (ret == WOLFSSL_SUCCESS ? 0 : ret));
-            }
-        }
-    #endif /* NO_WOLFSSL_CM_VERIFY */
-
-        return ret;
-    }
-
-
-    if (ssl && resetSuites) {
-        word16 havePSK = 0;
-        word16 haveRSA = 0;
-
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-        if (ssl->options.havePSK) {
-            havePSK = 1;
-        }
-    #endif
-    #ifndef NO_RSA
-        haveRSA = 1;
-    #endif
-        keySz = ssl->buffers.keySz;
-
-        if (AllocateSuites(ssl) != 0)
-            return WOLFSSL_FAILURE;
-        /* let's reset suites */
-        InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
-                   havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
-                   ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
-    }
-    else if (ctx && resetSuites) {
-        word16 havePSK = 0;
-        word16 haveRSA = 0;
-
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-        if (ctx->havePSK) {
-            havePSK = 1;
-        }
-    #endif
-    #ifndef NO_RSA
-        haveRSA = 1;
-    #endif
-        keySz = ctx->privateKeySz;
-
-        if (AllocateCtxSuites(ctx) != 0)
-            return WOLFSSL_FAILURE;
-        /* let's reset suites */
-        InitSuites(ctx->suites, ctx->method->version, keySz, haveRSA,
-                   havePSK, ctx->haveDH, ctx->haveECDSAsig,
-                   ctx->haveECC, TRUE, ctx->haveStaticECC,
-                   ctx->haveFalconSig, ctx->haveDilithiumSig,
-#ifdef HAVE_ANON
-                   ctx->haveAnon,
-#else
-                   FALSE,
-#endif
-                   TRUE, ctx->method->side);
-    }
+    crypto_policy.secLevel = sec_level;
+    crypto_policy.enabled = 1;
 
     return WOLFSSL_SUCCESS;
 }
 
-
-/* CA PEM file for verification, may have multiple/chain certs to process */
-static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
-                        long sz, int format, int type, WOLFSSL* ssl, int verify)
+#ifndef NO_FILESYSTEM
+/* Enables wolfSSL system wide crypto-policy, using the given policy
+ * file arg. If NULL is passed, then the default system crypto-policy
+ * file that was set at configure time will be used instead.
+ *
+ * While enabled:
+ *   - TLS methods, min key sizes, and cipher lists are all configured
+ *     automatically by the policy.
+ *   - Attempting to use lesser strength parameters will fail with
+ *     error CRYPTO_POLICY_FORBIDDEN.
+ *
+ * Disable with wolfSSL_crypto_policy_disable.
+ *
+ * Note: the wolfSSL_crypto_policy_X API are not thread safe, and should
+ * only be called at program init time.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns CRYPTO_POLICY_FORBIDDEN if already enabled.
+ * Returns < 0 on misc error.
+ * */
+int wolfSSL_crypto_policy_enable(const char * policy_file)
 {
-    long used   = 0;
-    int  ret    = 0;
-    int  gotOne = 0;
+    XFILE   file;
+    long    sz = 0;
+    size_t  n_read = 0;
 
-    WOLFSSL_MSG("Processing CA PEM file");
-    while (used < sz) {
-        long consumed = 0;
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_enable");
 
-        ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
-                            &consumed, 0, verify);
-
-        if (ret == MEMORY_E) {
-            return ret;
-        }
-        else if (ret < 0) {
-#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL)
-            DerBuffer*    der = NULL;
-            EncryptedInfo info;
-
-            WOLFSSL_MSG("Trying a CRL");
-            if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info,
-                                                                   NULL) == 0) {
-                WOLFSSL_MSG("   Processed a CRL");
-                wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer,
-                                            der->length, WOLFSSL_FILETYPE_ASN1);
-                FreeDer(&der);
-                used += info.consumed;
-                continue;
-            }
-#endif
-
-            if (consumed > 0) { /* Made progress in file */
-                WOLFSSL_ERROR(ret);
-                WOLFSSL_MSG("CA Parse failed, with progress in file.");
-                WOLFSSL_MSG("Search for other certs in file");
-            }
-            else {
-                WOLFSSL_MSG("CA Parse failed, no progress in file.");
-                WOLFSSL_MSG("Do not continue search for other certs in file");
-                break;
-            }
-        }
-        else {
-            WOLFSSL_MSG("   Processed a CA");
-            gotOne = 1;
-        }
-        used += consumed;
+    if (wolfSSL_crypto_policy_is_enabled()) {
+        WOLFSSL_MSG_EX("error: crypto policy already enabled: %s",
+                       policy_file);
+        return CRYPTO_POLICY_FORBIDDEN;
     }
 
-    if (gotOne) {
-        WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
-        return WOLFSSL_SUCCESS;
+    if (policy_file == NULL) {
+        /* Use the configure-time default if NULL passed. */
+        policy_file = WC_STRINGIFY(WOLFSSL_CRYPTO_POLICY_FILE);
     }
-    return ret;
+
+    if (policy_file == NULL || *policy_file == '\0') {
+        WOLFSSL_MSG("error: crypto policy empty file");
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+
+    file = XFOPEN(policy_file, "rb");
+
+    if (file == XBADFILE) {
+        WOLFSSL_MSG_EX("error: crypto policy file open failed: %s",
+                       policy_file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    if (XFSEEK(file, 0, XSEEK_END) != 0) {
+        WOLFSSL_MSG_EX("error: crypto policy file seek end failed: %s",
+                       policy_file);
+        XFCLOSE(file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    sz = XFTELL(file);
+
+    if (XFSEEK(file, 0, XSEEK_SET) != 0) {
+        WOLFSSL_MSG_EX("error: crypto policy file seek failed: %s",
+                       policy_file);
+        XFCLOSE(file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    if (sz <= 0 || sz > MAX_WOLFSSL_CRYPTO_POLICY_SIZE) {
+        WOLFSSL_MSG_EX("error: crypto policy file %s, invalid size: %ld",
+                       policy_file, sz);
+        XFCLOSE(file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    n_read = XFREAD(crypto_policy.str, 1, sz, file);
+    XFCLOSE(file);
+
+    if (n_read != (size_t) sz) {
+        WOLFSSL_MSG_EX("error: crypto policy file %s: read %zu, "
+                       "expected %ld", policy_file, n_read, sz);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    crypto_policy.str[n_read] = '\0';
+
+    return crypto_policy_parse();
+}
+#endif /* ! NO_FILESYSTEM */
+
+/* Same behavior as wolfSSL_crypto_policy_enable, but loads
+ * via memory buf instead of file.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns CRYPTO_POLICY_FORBIDDEN if already enabled.
+ * Returns < 0 on misc error.
+ * */
+int wolfSSL_crypto_policy_enable_buffer(const char * buf)
+{
+    size_t sz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_enable_buffer");
+
+    if (wolfSSL_crypto_policy_is_enabled()) {
+        WOLFSSL_MSG_EX("error: crypto policy already enabled");
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+
+    if (buf == NULL || *buf == '\0') {
+        return BAD_FUNC_ARG;
+    }
+
+    sz = XSTRLEN(buf);
+
+    if (sz == 0 || sz > MAX_WOLFSSL_CRYPTO_POLICY_SIZE) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+    XMEMCPY(crypto_policy.str, buf, sz);
+
+    return crypto_policy_parse();
 }
 
+/* Returns whether the system wide crypto-policy is enabled.
+ *
+ * Returns 1 if enabled.
+ *         0 if disabled.
+ * */
+int wolfSSL_crypto_policy_is_enabled(void)
+{
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_is_enabled");
+
+    return crypto_policy.enabled == 1;
+}
+
+/* Disables the system wide crypto-policy.
+ * note: SSL and CTX structures already instantiated will
+ * keep their security policy parameters. This will only
+ * affect new instantiations.
+ * */
+void wolfSSL_crypto_policy_disable(void)
+{
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_disable");
+    crypto_policy.enabled = 0;
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+    return;
+}
+
+/* Get the crypto-policy bulk cipher list string.
+ * String is not owned by caller, should not be freed.
+ *
+ * Returns pointer to bulk cipher list string.
+ * Returns NULL if NOT enabled, or on error.
+ * */
+const char * wolfSSL_crypto_policy_get_ciphers(void)
+{
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_get_ciphers");
+
+    if (crypto_policy.enabled == 1) {
+        /* The crypto policy config will have
+         * this form:
+         *   "@SECLEVEL=2:kEECDH:kRSA..." */
+        return crypto_policy.str;
+    }
+
+    return NULL;
+}
+
+/* Get the configured crypto-policy security level.
+ * A security level of 0 does not impose any additional
+ * restrictions.
+ *
+ * Returns 1 - 5 if enabled.
+ * Returns 0 if NOT enabled.
+ * */
+int wolfSSL_crypto_policy_get_level(void)
+{
+    if (crypto_policy.enabled == 1) {
+        return crypto_policy.secLevel;
+    }
+
+    return 0;
+}
+
+/* Get security level from ssl structure.
+ * @param ssl  a pointer to WOLFSSL structure
+ */
+int wolfSSL_get_security_level(const WOLFSSL * ssl)
+{
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    return ssl->secLevel;
+}
+
+#ifndef NO_WOLFSSL_STUB
+/*
+ * Set security level (wolfSSL doesn't support setting the security level).
+ *
+ * The security level can only be set through a system wide crypto-policy
+ * with wolfSSL_crypto_policy_enable().
+ *
+ * @param ssl  a pointer to WOLFSSL structure
+ * @param level security level
+ */
+void wolfSSL_set_security_level(WOLFSSL * ssl, int level)
+{
+    WOLFSSL_ENTER("wolfSSL_set_security_level");
+    (void)ssl;
+    (void)level;
+}
+#endif /* !NO_WOLFSSL_STUB */
+
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
+
+#define WOLFSSL_SSL_LOAD_INCLUDED
+#include <src/ssl_load.c>
+
+#ifndef NO_CERTS
 
 #ifdef HAVE_CRL
 
@@ -8054,7 +6591,6 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
         return BAD_FUNC_ARG;
 }
 
-
 int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
@@ -8133,557 +6669,11 @@ int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx)
     else
         return BAD_FUNC_ARG;
 }
-#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || \
+        * HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
 
 #endif /* HAVE_OCSP */
 
-/* macro to get verify settings for AddCA */
-#define GET_VERIFY_SETTING_CTX(ctx) \
-    ((ctx) && (ctx)->verifyNone ? NO_VERIFY : VERIFY)
-#define GET_VERIFY_SETTING_SSL(ssl) \
-    ((ssl)->options.verifyNone ? NO_VERIFY : VERIFY)
-
-#ifndef NO_FILESYSTEM
-
-/* process a file with name fname into ctx of format and type
-   userChain specifies a user certificate chain to pass during handshake */
-int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
-                WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte   staticBuffer[1]; /* force heap usage */
-#else
-    byte   staticBuffer[FILE_BUFFER_SIZE];
-#endif
-    byte*  myBuffer = staticBuffer;
-    int    dynamic = 0;
-    int    ret;
-    long   sz = 0;
-    XFILE  file;
-    void*  heapHint = wolfSSL_CTX_GetHeap(ctx, ssl);
-#ifndef NO_CODING
-    const char* header = NULL;
-    const char* footer = NULL;
-#endif
-
-    (void)crl;
-    (void)heapHint;
-
-    if (fname == NULL) return WOLFSSL_BAD_FILE;
-
-    file = XFOPEN(fname, "rb");
-    if (file == XBADFILE) return WOLFSSL_BAD_FILE;
-    if (XFSEEK(file, 0, XSEEK_END) != 0) {
-        XFCLOSE(file);
-        return WOLFSSL_BAD_FILE;
-    }
-    sz = XFTELL(file);
-    if (XFSEEK(file, 0, XSEEK_SET) != 0) {
-        XFCLOSE(file);
-        return WOLFSSL_BAD_FILE;
-    }
-
-    if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
-        WOLFSSL_MSG("ProcessFile file size error");
-        XFCLOSE(file);
-        return WOLFSSL_BAD_FILE;
-    }
-
-    if (sz > (long)sizeof(staticBuffer)) {
-        WOLFSSL_MSG("Getting dynamic buffer");
-        myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
-        if (myBuffer == NULL) {
-            XFCLOSE(file);
-            return WOLFSSL_BAD_FILE;
-        }
-        dynamic = 1;
-    }
-
-    if ((size_t)XFREAD(myBuffer, 1, sz, file) != (size_t)sz)
-        ret = WOLFSSL_BAD_FILE;
-    else {
-        /* Try to detect type by parsing cert header and footer */
-        if (type == DETECT_CERT_TYPE) {
-#ifndef NO_CODING
-            if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
-               (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
-                type = CA_TYPE;
-            }
-#ifdef HAVE_CRL
-            else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
-                    (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
-                type = CRL_TYPE;
-            }
-#endif
-            else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
-                    (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
-                type = CERT_TYPE;
-            }
-            else
-#endif
-            {
-                WOLFSSL_MSG("Failed to detect certificate type");
-                if (dynamic)
-                    XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
-                XFCLOSE(file);
-                return WOLFSSL_BAD_CERTTYPE;
-            }
-        }
-        if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE)
-                                          && format == WOLFSSL_FILETYPE_PEM) {
-            ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl,
-                                     verify);
-        }
-#ifdef HAVE_CRL
-        else if (type == CRL_TYPE)
-            ret = BufferLoadCRL(crl, myBuffer, sz, format, verify);
-#endif
-        else
-            ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
-                                userChain, verify);
-    }
-
-    XFCLOSE(file);
-    if (dynamic)
-        XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
-
-    return ret;
-}
-
-/* loads file then loads each file in path, no c_rehash */
-int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
-                                     const char* path, word32 flags)
-{
-    int ret = WOLFSSL_SUCCESS;
-#ifndef NO_WOLFSSL_DIR
-    int successCount = 0;
-#endif
-    int verify;
-
-    WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex");
-
-    if (ctx == NULL || (file == NULL && path == NULL)) {
-        return WOLFSSL_FAILURE;
-    }
-
-    verify = GET_VERIFY_SETTING_CTX(ctx);
-    if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
-        verify = VERIFY_SKIP_DATE;
-
-    if (file) {
-        ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
-                          NULL, verify);
-#ifndef NO_WOLFSSL_DIR
-        if (ret == WOLFSSL_SUCCESS)
-            successCount++;
-#endif
-#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
-        ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM);
-        if (ret != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error");
-        }
-#endif
-    }
-
-    if (ret == WOLFSSL_SUCCESS && path) {
-#ifndef NO_WOLFSSL_DIR
-        char* name = NULL;
-        int fileRet;
-        int failCount = 0;
-    #ifdef WOLFSSL_SMALL_STACK
-        ReadDirCtx* readCtx;
-        readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
-                                                       DYNAMIC_TYPE_DIRCTX);
-        if (readCtx == NULL)
-            return MEMORY_E;
-    #else
-        ReadDirCtx readCtx[1];
-    #endif
-
-        /* try to load each regular file in path */
-        fileRet = wc_ReadDirFirst(readCtx, path, &name);
-        while (fileRet == 0 && name) {
-            WOLFSSL_MSG(name); /* log file name */
-            ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE,
-                              NULL, 0, NULL, verify);
-            if (ret != WOLFSSL_SUCCESS) {
-                /* handle flags for ignoring errors, skipping expired certs or
-                   by PEM certificate header error */
-                if ( (flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) ||
-                    ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) &&
-                       (ret == ASN_NO_PEM_HEADER))) {
-                    /* Do not fail here if a certificate fails to load,
-                       continue to next file */
-                    unsigned long err = 0;
-                    CLEAR_ASN_NO_PEM_HEADER_ERROR(err);
-    #if defined(WOLFSSL_QT)
-                    ret = WOLFSSL_SUCCESS;
-    #endif
-                }
-                else {
-                    WOLFSSL_ERROR(ret);
-                    WOLFSSL_MSG("Load CA file failed, continuing");
-                    failCount++;
-                }
-            }
-            else {
-    #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
-                ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM);
-                if (ret != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error. Ignoring"
-                            "this error.");
-                }
-    #endif
-                successCount++;
-            }
-            fileRet = wc_ReadDirNext(readCtx, path, &name);
-        }
-        wc_ReadDirClose(readCtx);
-
-        /* pass directory read failure to response code */
-        if (fileRet != WC_READDIR_NOFILE) {
-            ret = fileRet;
-    #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
-            if (ret == BAD_PATH_ERROR &&
-                flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR) {
-               /* QSslSocket always loads certs in system folder
-                * when it is initialized.
-                * Compliant with OpenSSL when flag sets.
-                */
-                ret = WOLFSSL_SUCCESS;
-            }
-            else {
-                /* qssl socket wants to know errors. */
-                WOLFSSL_ERROR(ret);
-            }
-    #endif
-        }
-        /* report failure if no files were loaded or there were failures */
-        else if (successCount == 0 || failCount > 0) {
-            /* use existing error code if exists */
-    #if defined(WOLFSSL_QT)
-            /* compliant with OpenSSL when flag sets*/
-            if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE))
-    #endif
-            {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-        else {
-            ret = WOLFSSL_SUCCESS;
-        }
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
-    #endif
-#else
-        ret = NOT_COMPILED_IN;
-        (void)flags;
-#endif
-    }
-
-    return ret;
-}
-
-WOLFSSL_ABI
-int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
-                                     const char* path)
-{
-    int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
-        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
-
-    return WS_RETURN_CODE(ret,WOLFSSL_FAILURE);
-}
-
-#ifdef WOLFSSL_SYS_CA_CERTS
-
-#ifdef USE_WINDOWS_API
-
-static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded)
-{
-    int ret = WOLFSSL_SUCCESS;
-    word32 i;
-    HANDLE handle = NULL;
-    PCCERT_CONTEXT certCtx = NULL;
-    LPCSTR storeNames[2] = {"ROOT", "CA"};
-    HCRYPTPROV_LEGACY hProv = (HCRYPTPROV_LEGACY)NULL;
-
-    if (ctx == NULL || loaded == NULL) {
-        ret = WOLFSSL_FAILURE;
-    }
-
-    for (i = 0; ret == WOLFSSL_SUCCESS &&
-         i < sizeof(storeNames)/sizeof(*storeNames); ++i) {
-        handle = CertOpenSystemStoreA(hProv, storeNames[i]);
-        if (handle != NULL) {
-            while ((certCtx = CertEnumCertificatesInStore(handle, certCtx))
-                   != NULL) {
-                if (certCtx->dwCertEncodingType == X509_ASN_ENCODING) {
-                    if (ProcessBuffer(ctx, certCtx->pbCertEncoded,
-                          certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1,
-                          CA_TYPE, NULL, NULL, 0,
-                          GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-                        /*
-                         * Set "loaded" as long as we've loaded one CA
-                         * cert.
-                         */
-                        *loaded = 1;
-                    }
-                }
-            }
-        }
-        else {
-            WOLFSSL_MSG_EX("Failed to open cert store %s.", storeNames[i]);
-        }
-
-        if (handle != NULL && !CertCloseStore(handle, 0)) {
-            WOLFSSL_MSG_EX("Failed to close cert store %s.", storeNames[i]);
-            ret = WOLFSSL_FAILURE;
-        }
-    }
-
-    return ret;
-}
-
-#elif defined(__APPLE__)
-
-#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \
-  && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
-/*
- * Manually obtains certificates from the system trust store and loads them
- * directly into wolfSSL "the old way".
- *
- * As of MacOS 14.0 we are still able to use this method to access system
- * certificates. Accessibility of this API is indicated by the presence of the
- * Security/SecTrustSettings.h header. In the likely event that Apple removes
- * access to this API on Macs, this function should be removed and the
- * DoAppleNativeCertValidation() routine should be used for all devices.
- */
-static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded)
-{
-    int ret = WOLFSSL_SUCCESS;
-    word32 i;
-    const unsigned int trustDomains[] = {
-        kSecTrustSettingsDomainUser,
-        kSecTrustSettingsDomainAdmin,
-        kSecTrustSettingsDomainSystem
-    };
-    CFArrayRef certs;
-    OSStatus stat;
-    CFIndex numCerts;
-    CFDataRef der;
-    CFIndex j;
-
-    if (ctx == NULL || loaded == NULL) {
-        ret = WOLFSSL_FAILURE;
-    }
-
-    for (i = 0; ret == WOLFSSL_SUCCESS &&
-         i < sizeof(trustDomains)/sizeof(*trustDomains); ++i) {
-        stat = SecTrustSettingsCopyCertificates(
-            (SecTrustSettingsDomain)trustDomains[i], &certs);
-        if (stat == errSecSuccess) {
-            numCerts = CFArrayGetCount(certs);
-            for (j = 0; j < numCerts; ++j) {
-                der = SecCertificateCopyData((SecCertificateRef)
-                          CFArrayGetValueAtIndex(certs, j));
-                if (der != NULL) {
-                    if (ProcessBuffer(ctx, CFDataGetBytePtr(der),
-                          CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1,
-                          CA_TYPE, NULL, NULL, 0,
-                          GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-                        /*
-                         * Set "loaded" as long as we've loaded one CA
-                         * cert.
-                         */
-                        *loaded = 1;
-                    }
-
-                    CFRelease(der);
-                }
-            }
-
-            CFRelease(certs);
-        }
-        else if (stat == errSecNoTrustSettings) {
-            WOLFSSL_MSG_EX("No trust settings for domain %d, moving to next "
-                "domain.", trustDomains[i]);
-        }
-        else {
-            WOLFSSL_MSG_EX("SecTrustSettingsCopyCertificates failed with"
-                " status %d.", stat);
-            ret = WOLFSSL_FAILURE;
-            break;
-        }
-    }
-
-    return ret;
-}
-#endif /* defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) */
-
-#else
-
-/* Potential system CA certs directories on Linux/Unix distros. */
-static const char* systemCaDirs[] = {
-#if defined(__ANDROID__) || defined(ANDROID)
-    "/system/etc/security/cacerts"      /* Android */
-#else
-    "/etc/ssl/certs",                   /* Debian, Ubuntu, Gentoo, others */
-    "/etc/pki/ca-trust/source/anchors", /* Fedora, RHEL */
-    "/etc/pki/tls/certs"                /* Older RHEL */
-#endif
-};
-
-const char** wolfSSL_get_system_CA_dirs(word32* num)
-{
-    const char** ret;
-
-    if (num == NULL) {
-        ret = NULL;
-    }
-    else {
-        ret = systemCaDirs;
-        *num = sizeof(systemCaDirs)/sizeof(*systemCaDirs);
-    }
-
-    return ret;
-}
-
-static int LoadSystemCaCertsNix(WOLFSSL_CTX* ctx, byte* loaded) {
-    int ret = WOLFSSL_SUCCESS;
-    word32 i;
-
-    if (ctx == NULL || loaded == NULL) {
-        ret = WOLFSSL_FAILURE;
-    }
-
-    for (i = 0; ret == WOLFSSL_SUCCESS &&
-         i < sizeof(systemCaDirs)/sizeof(*systemCaDirs); ++i) {
-        WOLFSSL_MSG_EX("Attempting to load system CA certs from %s.",
-            systemCaDirs[i]);
-        /*
-         * We want to keep trying to load more CAs even if one cert in
-         * the directory is bad and can't be used (e.g. if one is expired),
-         * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR.
-         */
-        if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, systemCaDirs[i],
-                WOLFSSL_LOAD_FLAG_IGNORE_ERR) != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG_EX("Failed to load CA certs from %s, trying "
-                "next possible location.", systemCaDirs[i]);
-        }
-        else {
-            WOLFSSL_MSG_EX("Loaded CA certs from %s.",
-                systemCaDirs[i]);
-            *loaded = 1;
-            /* Stop searching after we've loaded one directory. */
-            break;
-        }
-    }
-
-    return ret;
-}
-
-#endif
-
-int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx)
-{
-    int ret;
-    byte loaded = 0;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_load_system_CA_certs");
-
-#ifdef USE_WINDOWS_API
-
-    ret = LoadSystemCaCertsWindows(ctx, &loaded);
-
-#elif defined(__APPLE__)
-
-#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \
-  && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
-    /* As of MacOS 14.0 we are still able to access system certificates and
-     * load them manually into wolfSSL "the old way". Accessibility of this API
-     * is indicated by the presence of the Security/SecTrustSettings.h header */
-    ret = LoadSystemCaCertsMac(ctx, &loaded);
-#elif defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
-    /* For other Apple devices, Apple has removed the ability to obtain
-     * certificates from the trust store, so we can't use wolfSSL's built-in
-     * certificate validation mechanisms anymore. We instead must call into the
-     * Security Framework APIs to authenticate peer certificates when received.
-     * (see src/internal.c:DoAppleNativeCertValidation()).
-     * Thus, there is no CA "loading" required, but to keep behavior consistent
-     * with the current API (not using system CA certs unless this function has
-     * been called), we simply set a flag indicating that the new apple trust
-     * verification routine should be used later */
-    ctx->doAppleNativeCertValidationFlag = 1;
-    ret = WOLFSSL_SUCCESS;
-    loaded = 1;
-
-#if FIPS_VERSION_GE(2,0) /* Gate back to cert 3389 FIPS modules */
-#warning "Cryptographic operations may occur outside the FIPS module boundary" \
-         "Please review FIPS claims for cryptography on this Apple device"
-#endif /* FIPS_VERSION_GE(2,0) */
-
-#else
-/* HAVE_SECURITY_SECXXX_H macros are set by autotools or CMake when searching
- * system for the required SDK headers. If building with user_settings.h, you
- * will need to manually define WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
- * and ensure the appropriate Security.framework headers and libraries are
- * visible to your compiler */
-#error "WOLFSSL_SYS_CA_CERTS on Apple devices requires Security.framework" \
-       " header files to be detected, or a manual override with" \
-       " WOLFSSL_APPLE_NATIVE_CERT_VALIDATION"
-#endif
-
-#else
-
-    ret = LoadSystemCaCertsNix(ctx, &loaded);
-
-#endif
-
-    if (ret == WOLFSSL_SUCCESS && !loaded) {
-        ret = WOLFSSL_BAD_PATH;
-    }
-
-    WOLFSSL_LEAVE("wolfSSL_CTX_load_system_CA_certs", ret);
-
-    return ret;
-}
-
-#endif /* WOLFSSL_SYS_CA_CERTS */
-
-#ifdef WOLFSSL_TRUST_PEER_CERT
-/* Used to specify a peer cert to match when connecting
-    ctx : the ctx structure to load in peer cert
-    file: the string name of cert file
-    type: type of format such as PEM/DER
- */
-int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert");
-
-    if (ctx == NULL || file == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return ProcessFile(ctx, file, type, TRUSTED_PEER_TYPE, NULL, 0, NULL,
-                       GET_VERIFY_SETTING_CTX(ctx));
-}
-
-int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int type)
-{
-    WOLFSSL_ENTER("wolfSSL_trust_peer_cert");
-
-    if (ssl == NULL || file == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return ProcessFile(NULL, file, type, TRUSTED_PEER_TYPE, ssl, 0, NULL,
-                       GET_VERIFY_SETTING_SSL(ssl));
-}
-#endif /* WOLFSSL_TRUST_PEER_CERT */
-
-#endif /* NO_FILESYSTEM */
-
 #ifdef HAVE_CRL
 
 int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
@@ -8733,7 +6723,6 @@ int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type)
 }
 #endif
 
-
 int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
 {
     WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
@@ -8745,6 +6734,17 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
         return BAD_FUNC_ARG;
 }
 
+int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
+    if (ssl) {
+        SSL_CM_WARNING(ssl);
+        return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx);
+    }
+    else
+        return BAD_FUNC_ARG;
+}
+
 #ifdef HAVE_CRL_IO
 int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
 {
@@ -8810,6 +6810,15 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
         return BAD_FUNC_ARG;
 }
 
+int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb");
+    if (ctx)
+        return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx);
+    else
+        return BAD_FUNC_ARG;
+}
+
 #ifdef HAVE_CRL_IO
 int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
 {
@@ -8825,64 +6834,6 @@ int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
 #endif /* HAVE_CRL */
 
 
-#ifndef NO_FILESYSTEM
-
-
-#ifdef WOLFSSL_DER_LOAD
-
-/* Add format parameter to allow DER load of CA files */
-int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
-                                          int format)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
-    if (ctx == NULL || file == NULL)
-        return WOLFSSL_FAILURE;
-
-    if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL,
-                    GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-
-    return WOLFSSL_FAILURE;
-}
-
-#endif /* WOLFSSL_DER_LOAD */
-
-
-
-WOLFSSL_ABI
-int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
-                                     int format)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
-
-    if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL,
-                    GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-
-    return WOLFSSL_FAILURE;
-}
-
-
-WOLFSSL_ABI
-int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
-                                    int format)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
-
-    if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL,
-                    GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-
-    return WOLFSSL_FAILURE;
-}
-
-
-#endif /* NO_FILESYSTEM */
-
-
 /* Sets the max chain depth when verifying a certificate chain. Default depth
  * is set to MAX_CHAIN_DEPTH.
  *
@@ -8928,131 +6879,153 @@ long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx)
 #endif
 }
 
+#ifndef NO_CHECK_PRIVATE_KEY
 
-#ifndef NO_FILESYSTEM
-
-
-WOLFSSL_ABI
-int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
+#ifdef WOLF_PRIVATE_KEY_ID
+/* Check private against public in certificate for match using external
+ * device with given devId */
+static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
+    const byte* pubKey, word32 pubSz, int label, int id, void* heap, int devId)
 {
-    /* process up to MAX_CHAIN_DEPTH plus subject cert */
-    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
+    int ret = 0;
+    int type = 0;
+    void *pkey = NULL;
 
-    if (ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
-                    GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
+    if (privKey == NULL) {
+        return MISSING_KEY;
     }
 
-   return WOLFSSL_FAILURE;
-}
-
-
-int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx,
-                                                  const char* file, int format)
-{
-    /* process up to MAX_CHAIN_DEPTH plus subject cert */
-    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format");
-
-    if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL,
-                    GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
+#ifndef NO_RSA
+    if (keyOID == RSAk) {
+        type = DYNAMIC_TYPE_RSA;
+    }
+#ifdef WC_RSA_PSS
+    if (keyOID == RSAPSSk) {
+        type = DYNAMIC_TYPE_RSA;
     }
-
-   return WOLFSSL_FAILURE;
-}
-
-
-#ifndef NO_DH
-
-/* server Diffie-Hellman parameters */
-static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-                                        const char* fname, int format)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte   staticBuffer[1]; /* force heap usage */
-#else
-    byte   staticBuffer[FILE_BUFFER_SIZE];
 #endif
-    byte*  myBuffer = staticBuffer;
-    int    dynamic = 0;
-    int    ret;
-    long   sz = 0;
-    XFILE  file;
-
-    if (ctx == NULL || fname == NULL)
-        return BAD_FUNC_ARG;
-
-    file = XFOPEN(fname, "rb");
-    if (file == XBADFILE) return WOLFSSL_BAD_FILE;
-    if(XFSEEK(file, 0, XSEEK_END) != 0) {
-        XFCLOSE(file);
-        return WOLFSSL_BAD_FILE;
+#endif
+#ifdef HAVE_ECC
+    if (keyOID == ECDSAk) {
+        type = DYNAMIC_TYPE_ECC;
     }
-    sz = XFTELL(file);
-    if(XFSEEK(file, 0, XSEEK_SET) != 0) {
-        XFCLOSE(file);
-        return WOLFSSL_BAD_FILE;
+#endif
+#if defined(HAVE_DILITHIUM)
+    if ((keyOID == ML_DSA_LEVEL2k) ||
+        (keyOID == ML_DSA_LEVEL3k) ||
+        (keyOID == ML_DSA_LEVEL5k)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (keyOID == DILITHIUM_LEVEL2k)
+     || (keyOID == DILITHIUM_LEVEL3k)
+     || (keyOID == DILITHIUM_LEVEL5k)
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        ) {
+        type = DYNAMIC_TYPE_DILITHIUM;
     }
-
-    if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
-        WOLFSSL_MSG("SetTmpDH file size error");
-        XFCLOSE(file);
-        return WOLFSSL_BAD_FILE;
+#endif
+#if defined(HAVE_FALCON)
+    if ((keyOID == FALCON_LEVEL1k) ||
+        (keyOID == FALCON_LEVEL5k)) {
+        type = DYNAMIC_TYPE_FALCON;
     }
+#endif
 
-    if (sz > (long)sizeof(staticBuffer)) {
-        WOLFSSL_MSG("Getting dynamic buffer");
-        myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
-        if (myBuffer == NULL) {
-            XFCLOSE(file);
-            return WOLFSSL_BAD_FILE;
+    ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id,
+                              heap, devId);
+    #ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+        #ifndef NO_RSA
+        if (keyOID == RSAk
+        #ifdef WC_RSA_PSS
+            || keyOID == RSAPSSk
+        #endif
+            ) {
+            ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz);
         }
-        dynamic = 1;
+        #endif
+        #ifdef HAVE_ECC
+        if (keyOID == ECDSAk) {
+            ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey, pubSz);
+        }
+        #endif
+        #if defined(HAVE_DILITHIUM)
+        if ((keyOID == ML_DSA_LEVEL2k) ||
+            (keyOID == ML_DSA_LEVEL3k) ||
+            (keyOID == ML_DSA_LEVEL5k)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (keyOID == DILITHIUM_LEVEL2k)
+         || (keyOID == DILITHIUM_LEVEL3k)
+         || (keyOID == DILITHIUM_LEVEL5k)
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
+            ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
+                                        WC_PQC_SIG_TYPE_DILITHIUM,
+                                        pubKey, pubSz);
+        }
+        #endif
+        #if defined(HAVE_FALCON)
+        if ((keyOID == FALCON_LEVEL1k) ||
+            (keyOID == FALCON_LEVEL5k)) {
+            ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
+                                        WC_PQC_SIG_TYPE_FALCON,
+                                        pubKey, pubSz);
+        }
+        #endif
     }
-
-    if ((size_t)XFREAD(myBuffer, 1, sz, file) != (size_t)sz)
-        ret = WOLFSSL_BAD_FILE;
-    else {
-        if (ssl)
-            ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
-        else
-            ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
+    #else
+        /* devId was set, don't check, for now */
+        /* TODO: Add callback for private key check? */
+        (void) pubKey;
+        (void) pubSz;
+    #endif
+    if (pkey != NULL) {
+    #ifndef NO_RSA
+        if (keyOID == RSAk
+        #ifdef WC_RSA_PSS
+            || keyOID == RSAPSSk
+        #endif
+            ) {
+            wc_FreeRsaKey((RsaKey*)pkey);
+        }
+    #endif
+    #ifdef HAVE_ECC
+        if (keyOID == ECDSAk) {
+            wc_ecc_free((ecc_key*)pkey);
+        }
+    #endif
+    #if defined(HAVE_DILITHIUM)
+        if ((keyOID == ML_DSA_LEVEL2k) ||
+            (keyOID == ML_DSA_LEVEL3k) ||
+            (keyOID == ML_DSA_LEVEL5k)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (keyOID == DILITHIUM_LEVEL2k)
+         || (keyOID == DILITHIUM_LEVEL3k)
+         || (keyOID == DILITHIUM_LEVEL5k)
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
+            wc_dilithium_free((dilithium_key*)pkey);
+        }
+    #endif
+    #if defined(HAVE_FALCON)
+        if ((keyOID == FALCON_LEVEL1k) ||
+            (keyOID == FALCON_LEVEL5k)) {
+            wc_falcon_free((falcon_key*)pkey);
+        }
+    #endif
+        XFREE(pkey, heap, type);
     }
 
-    XFCLOSE(file);
-    if (dynamic)
-        XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
-
     return ret;
 }
+#endif /* WOLF_PRIVATE_KEY_ID */
 
-/* server Diffie-Hellman parameters */
-int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
-{
-    if (ssl == NULL)
-        return BAD_FUNC_ARG;
-
-    return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
-}
-
-
-/* server Diffie-Hellman parameters */
-int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
-{
-    return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
-}
-
-#endif /* NO_DH */
-
-#endif /* NO_FILESYSTEM */
-
-#ifndef NO_CHECK_PRIVATE_KEY
 /* Check private against public in certificate for match
  *
  * Returns WOLFSSL_SUCCESS on good private key
  *         WOLFSSL_FAILURE if mismatched */
-static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
-    int devId, int isKeyLabel, int isKeyId)
+static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
+    void* heap, int devId, int isKeyLabel, int isKeyId, int altDevId,
+    int isAltKeyLabel, int isAltKeyId)
 {
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert* der = NULL;
@@ -9061,7 +7034,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
 #endif
     word32 size;
     byte*  buff;
-    int    ret = WOLFSSL_FAILURE;
+    int    ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("check_cert_key");
 
@@ -9070,7 +7043,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+    der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_DCERT);
     if (der == NULL)
         return MEMORY_E;
 #endif
@@ -9078,10 +7051,10 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
     size = cert->length;
     buff = cert->buffer;
     InitDecodedCert_ex(der, buff, size, heap, devId);
-    if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
+    if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
         FreeDecodedCert(der);
     #ifdef WOLFSSL_SMALL_STACK
-        XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
+        XFREE(der, heap, DYNAMIC_TYPE_DCERT);
     #endif
         return WOLFSSL_FAILURE;
     }
@@ -9090,68 +7063,10 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
     buff = key->buffer;
 #ifdef WOLF_PRIVATE_KEY_ID
     if (devId != INVALID_DEVID) {
-        int type = 0;
-        void *pkey = NULL;
-
-    #ifndef NO_RSA
-        if (der->keyOID == RSAk) {
-            type = DYNAMIC_TYPE_RSA;
-        }
-    #ifdef WC_RSA_PSS
-        if (der->keyOID == RSAPSSk) {
-            type = DYNAMIC_TYPE_RSA;
-        }
-    #endif
-    #endif
-    #ifdef HAVE_ECC
-        if (der->keyOID == ECDSAk) {
-            type = DYNAMIC_TYPE_ECC;
-        }
-    #endif
-
-        ret = CreateDevPrivateKey(&pkey, buff, size, type,
-                                  isKeyLabel, isKeyId, heap, devId);
-        #ifdef WOLF_CRYPTO_CB
-        if (ret == 0) {
-            #ifndef NO_RSA
-            if (der->keyOID == RSAk
-            #ifdef WC_RSA_PSS
-                || der->keyOID == RSAPSSk
-            #endif
-                ) {
-                ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey,
-                                               der->publicKey, der->pubKeySize);
-            }
-            #endif
-            #ifdef HAVE_ECC
-            if (der->keyOID == ECDSAk) {
-                ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey,
-                                               der->publicKey, der->pubKeySize);
-            }
-            #endif
-        }
-        #else
-            /* devId was set, don't check, for now */
-            /* TODO: Add callback for private key check? */
-        #endif
-        if (pkey != NULL) {
-        #ifndef NO_RSA
-            if (der->keyOID == RSAk
-            #ifdef WC_RSA_PSS
-                || der->keyOID == RSAPSSk
-            #endif
-                ) {
-                wc_FreeRsaKey((RsaKey*)pkey);
-            }
-        #endif
-        #ifdef HAVE_ECC
-            if (der->keyOID == ECDSAk) {
-                wc_ecc_free((ecc_key*)pkey);
-            }
-        #endif
-            XFREE(pkey, heap, type);
-        }
-        if (ret != CRYPTOCB_UNAVAILABLE) {
+        ret = check_cert_key_dev(der->keyOID, buff, size, der->publicKey,
+                                 der->pubKeySize, isKeyLabel, isKeyId, heap,
+                                 devId);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
         }
     }
@@ -9160,20 +7075,86 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
         ret = CRYPTOCB_UNAVAILABLE;
     }
 
-    if (ret == CRYPTOCB_UNAVAILABLE)
+    if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
 #endif /* WOLF_PRIVATE_KEY_ID */
     {
-        ret = wc_CheckPrivateKeyCert(buff, size, der);
+        ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap);
         ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
     }
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (ret == WOLFSSL_SUCCESS && der->extSapkiSet && der->sapkiDer != NULL) {
+        /* Certificate contains an alternative public key. Hence, we also
+         * need an alternative private key. */
+        if (altKey == NULL) {
+            ret = MISSING_KEY;
+            buff = NULL;
+            size = 0;
+        }
+        else {
+            size = altKey->length;
+            buff = altKey->buffer;
+        }
+#ifdef WOLF_PRIVATE_KEY_ID
+        if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) {
+            /* We have to decode the public key first */
+            word32 idx = 0;
+            /* Dilithium has the largest public key at the moment */
+            word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+            byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
+                                            DYNAMIC_TYPE_PUBLIC_KEY);
+            if (decodedPubKey == NULL) {
+                ret = MEMORY_E;
+            }
+            if (ret == WOLFSSL_SUCCESS) {
+                if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) {
+                    /* Simply copy the data */
+                    XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen);
+                    pubKeyLen = der->sapkiLen;
+                    ret = 0;
+                }
+                else {
+                    ret = DecodeAsymKeyPublic(der->sapkiDer, &idx,
+                                              der->sapkiLen, decodedPubKey,
+                                              &pubKeyLen, der->sapkiOID);
+                }
+            }
+            if (ret == 0) {
+                ret = check_cert_key_dev(der->sapkiOID, buff, size,
+                                         decodedPubKey, pubKeyLen,
+                                         isAltKeyLabel, isAltKeyId,
+                                         heap, altDevId);
+            }
+            XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+                ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
+            }
+        }
+        else {
+            /* fall through if unavailable */
+            ret = CRYPTOCB_UNAVAILABLE;
+        }
+
+        if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+#endif /* WOLF_PRIVATE_KEY_ID */
+        {
+            ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap);
+            ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
+        }
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
     FreeDecodedCert(der);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
+    XFREE(der, heap, DYNAMIC_TYPE_DCERT);
 #endif
 
     (void)devId;
     (void)isKeyLabel;
     (void)isKeyId;
+    (void)altKey;
+    (void)altDevId;
+    (void)isAltKeyLabel;
+    (void)isAltKeyId;
 
     return ret;
 }
@@ -9186,11 +7167,59 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
  *         WOLFSSL_FAILURE if mismatched. */
 int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
 {
+    int res;
+
     if (ctx == NULL) {
         return WOLFSSL_FAILURE;
     }
-    return check_cert_key(ctx->certificate, ctx->privateKey, ctx->heap,
-        ctx->privateKeyDevId, ctx->privateKeyLabel, ctx->privateKeyId);
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask);
+    wolfssl_priv_der_unblind(ctx->altPrivateKey, ctx->altPrivateKeyMask);
+#endif
+    res = check_cert_key(ctx->certificate, ctx->privateKey, ctx->altPrivateKey,
+            ctx->heap, ctx->privateKeyDevId, ctx->privateKeyLabel,
+            ctx->privateKeyId, ctx->altPrivateKeyDevId, ctx->altPrivateKeyLabel,
+            ctx->altPrivateKeyId) != 0;
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    {
+        int ret;
+        ret = wolfssl_priv_der_blind(NULL, ctx->privateKey,
+            (DerBuffer**)&ctx->privateKeyMask);
+        if (ret == 0) {
+            ret = wolfssl_priv_der_blind(NULL, ctx->altPrivateKey,
+                (DerBuffer**)&ctx->altPrivateKeyMask);
+        }
+        if (ret != 0) {
+            res = WOLFSSL_FAILURE;
+        }
+    }
+#endif
+#else
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask);
+#endif
+    res = check_cert_key(ctx->certificate, ctx->privateKey, NULL, ctx->heap,
+            ctx->privateKeyDevId, ctx->privateKeyLabel, ctx->privateKeyId,
+            INVALID_DEVID, 0, 0);
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    {
+        int ret = wolfssl_priv_der_blind(NULL, ctx->privateKey,
+            (DerBuffer**)&ctx->privateKeyMask);
+        if (ret != 0) {
+            res = WOLFSSL_FAILURE;
+        }
+    }
+#endif
+#endif
+
+    /* placing error into error queue for Python port */
+    if (res != WOLFSSL_SUCCESS) {
+        WOLFSSL_ERROR(WC_KEY_MISMATCH_E);
+    }
+
+    return res;
 }
 #endif /* !NO_CHECK_PRIVATE_KEY */
 
@@ -9201,6 +7230,7 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
  */
 WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
 {
+    WOLFSSL_EVP_PKEY* res;
     const unsigned char *key;
     int type;
 
@@ -9215,17 +7245,17 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
     switch (ctx->privateKeyType) {
 #ifndef NO_RSA
         case rsa_sa_algo:
-            type = EVP_PKEY_RSA;
+            type = WC_EVP_PKEY_RSA;
             break;
 #endif
 #ifdef HAVE_ECC
         case ecc_dsa_sa_algo:
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
             break;
 #endif
 #ifdef WOLFSSL_SM2
         case sm2_sa_algo:
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
             break;
 #endif
         default:
@@ -9237,24 +7267,634 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
 
     key = ctx->privateKey->buffer;
 
-    if (ctx->privateKeyPKey != NULL)
-        return ctx->privateKeyPKey;
-    else
-        return wolfSSL_d2i_PrivateKey(type,
+    if (ctx->privateKeyPKey != NULL) {
+        res = ctx->privateKeyPKey;
+    }
+    else {
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask);
+    #endif
+        res = wolfSSL_d2i_PrivateKey(type,
                 (WOLFSSL_EVP_PKEY**)&ctx->privateKeyPKey, &key,
                 (long)ctx->privateKey->length);
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask);
+    #endif
+    }
+
+    return res;
 }
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
+#if !defined(NO_RSA)
+static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    word32 keyIdx = 0;
+    int isRsaKey;
+    int ret = 1;
+#ifndef WOLFSSL_SMALL_STACK
+    RsaKey rsa[1];
+#else
+    RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
+    if (rsa == NULL)
+        return 0;
+#endif
+
+    XMEMSET(rsa, 0, sizeof(RsaKey));
+
+    if (wc_InitRsaKey(rsa, NULL) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
+    #endif
+        return 0;
+    }
+    /* test if RSA key */
+    if (priv) {
+        isRsaKey =
+            (wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0);
+    }
+    else {
+        isRsaKey =
+            (wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0);
+    }
+    wc_FreeRsaKey(rsa);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
+#endif
+
+    if (!isRsaKey) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            WOLFSSL_MSG("RSA wolfSSL_EVP_PKEY_new error");
+            return 0;
+        }
+    }
+
+    pkey->pkey_sz = (int)keyIdx;
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
+            priv ? DYNAMIC_TYPE_PRIVATE_KEY :
+                   DYNAMIC_TYPE_PUBLIC_KEY);
+    if (pkey->pkey.ptr == NULL) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
+        pkey->type = WC_EVP_PKEY_RSA;
+
+        pkey->ownRsa = 1;
+        pkey->rsa = wolfssl_rsa_d2i(NULL, mem, memSz,
+            priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC);
+        if (pkey->rsa == NULL) {
+            ret = 0;
+        }
+    }
+
+    if (ret == 1) {
+        *out = pkey;
+    }
+
+    if ((ret == 0) && (*out == NULL)) {
+        wolfSSL_EVP_PKEY_free(pkey);
+    }
+    return ret;
+}
+#endif /* !NO_RSA */
+
+#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
+static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    word32  keyIdx = 0;
+    int     isEccKey;
+    int     ret = 1;
+#ifndef WOLFSSL_SMALL_STACK
+    ecc_key ecc[1];
+#else
+    ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
+        DYNAMIC_TYPE_ECC);
+    if (ecc == NULL)
+        return 0;
+#endif
+
+    XMEMSET(ecc, 0, sizeof(ecc_key));
+
+    if (wc_ecc_init(ecc) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(ecc, NULL, DYNAMIC_TYPE_ECC);
+    #endif
+        return 0;
+    }
+
+    if (priv) {
+        isEccKey =
+            (wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0);
+    }
+    else {
+        isEccKey =
+            (wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0);
+    }
+    wc_ecc_free(ecc);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(ecc, NULL, DYNAMIC_TYPE_ECC);
+#endif
+
+    if (!isEccKey) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            WOLFSSL_MSG("ECC wolfSSL_EVP_PKEY_new error");
+            return 0;
+        }
+    }
+
+    pkey->pkey_sz = (int)keyIdx;
+    pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL,
+            priv ? DYNAMIC_TYPE_PRIVATE_KEY :
+                   DYNAMIC_TYPE_PUBLIC_KEY);
+    if (pkey->pkey.ptr == NULL) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
+        pkey->type = WC_EVP_PKEY_EC;
+
+        pkey->ownEcc = 1;
+        pkey->ecc = wolfSSL_EC_KEY_new();
+        if (pkey->ecc == NULL) {
+            ret = 0;
+        }
+    }
+    if ((ret == 1) && (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc,
+            (const unsigned char*)pkey->pkey.ptr,
+            pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
+                                : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        *out = pkey;
+    }
+
+    if ((ret == 0) && (*out == NULL)) {
+        wolfSSL_EVP_PKEY_free(pkey);
+    }
+    return ret;
+}
+#endif /* HAVE_ECC && OPENSSL_EXTRA */
+
+#if !defined(NO_DSA)
+static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    word32 keyIdx = 0;
+    int     isDsaKey;
+    int     ret = 1;
+#ifndef WOLFSSL_SMALL_STACK
+    DsaKey dsa[1];
+#else
+    DsaKey *dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
+    if (dsa == NULL)
+        return 0;
+#endif
+
+    XMEMSET(dsa, 0, sizeof(DsaKey));
+
+    if (wc_InitDsaKey(dsa) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
+    #endif
+        return 0;
+    }
+
+    if (priv) {
+        isDsaKey =
+            (wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0);
+    }
+    else {
+        isDsaKey =
+            (wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0);
+    }
+    wc_FreeDsaKey(dsa);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
+#endif
+
+    /* test if DSA key */
+    if (!isDsaKey) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            WOLFSSL_MSG("DSA wolfSSL_EVP_PKEY_new error");
+            return 0;
+        }
+    }
+
+    pkey->pkey_sz = (int)keyIdx;
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
+            priv ? DYNAMIC_TYPE_PRIVATE_KEY :
+                   DYNAMIC_TYPE_PUBLIC_KEY);
+    if (pkey->pkey.ptr == NULL) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
+        pkey->type = WC_EVP_PKEY_DSA;
+
+        pkey->ownDsa = 1;
+        pkey->dsa = wolfSSL_DSA_new();
+        if (pkey->dsa == NULL) {
+            ret = 0;
+        }
+    }
+
+    if ((ret == 1) && (wolfSSL_DSA_LoadDer_ex(pkey->dsa,
+            (const unsigned char*)pkey->pkey.ptr,
+            pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
+                                : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        *out = pkey;
+    }
+
+    if ((ret == 0) && (*out == NULL)) {
+        wolfSSL_EVP_PKEY_free(pkey);
+    }
+    return ret;
+}
+#endif /* NO_DSA */
+
+#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION > 2))
+static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    int isDhKey;
+    word32 keyIdx = 0;
+    int ret = 1;
+#ifndef WOLFSSL_SMALL_STACK
+    DhKey dh[1];
+#else
+    DhKey *dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
+    if (dh == NULL)
+        return 0;
+#endif
+
+    XMEMSET(dh, 0, sizeof(DhKey));
+
+    if (wc_InitDhKey(dh) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(dh, NULL, DYNAMIC_TYPE_DH);
+    #endif
+        return 0;
+    }
+
+    isDhKey = (wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0);
+    wc_FreeDhKey(dh);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(dh, NULL, DYNAMIC_TYPE_DH);
+#endif
+
+    /* test if DH key */
+    if (!isDhKey) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            WOLFSSL_MSG("DH wolfSSL_EVP_PKEY_new error");
+            return 0;
+        }
+    }
+
+    pkey->pkey_sz = (int)memSz;
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
+            priv ? DYNAMIC_TYPE_PRIVATE_KEY :
+                   DYNAMIC_TYPE_PUBLIC_KEY);
+    if (pkey->pkey.ptr == NULL) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz);
+        pkey->type = WC_EVP_PKEY_DH;
+
+        pkey->ownDh = 1;
+        pkey->dh = wolfSSL_DH_new();
+        if (pkey->dh == NULL) {
+            ret = 0;
+        }
+    }
+
+    if ((ret == 1) && (wolfSSL_DH_LoadDer(pkey->dh,
+                (const unsigned char*)pkey->pkey.ptr,
+                pkey->pkey_sz) != WOLFSSL_SUCCESS)) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        *out = pkey;
+    }
+
+    if ((ret == 0) && (*out == NULL)) {
+        wolfSSL_EVP_PKEY_free(pkey);
+    }
+    return ret;
+}
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
+
+#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+        (HAVE_FIPS_VERSION > 2))
+static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    word32  keyIdx = 0;
+    DhKey*  key = NULL;
+    int elements;
+    int ret;
+#ifndef WOLFSSL_SMALL_STACK
+    DhKey  dh[1];
+#else
+    DhKey* dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
+    if (dh == NULL)
+        return 0;
+#endif
+    XMEMSET(dh, 0, sizeof(DhKey));
+
+    /* test if DH-public key */
+    if (wc_InitDhKey(dh) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(dh, NULL, DYNAMIC_TYPE_DH);
+#endif
+        return 0;
+    }
+
+    ret = wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz);
+    wc_FreeDhKey(dh);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(dh, NULL, DYNAMIC_TYPE_DH);
+#endif
+
+    if (ret != 0) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            return 0;
+        }
+    }
+
+    ret = 1;
+    pkey->type     = WC_EVP_PKEY_DH;
+    pkey->pkey_sz  = (int)memSz;
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
+            priv ? DYNAMIC_TYPE_PRIVATE_KEY :
+                   DYNAMIC_TYPE_PUBLIC_KEY);
+    if (pkey->pkey.ptr == NULL) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz);
+        pkey->ownDh = 1;
+        pkey->dh = wolfSSL_DH_new();
+        if (pkey->dh == NULL) {
+            ret = 0;
+        }
+    }
+
+    if (ret == 1) {
+        key = (DhKey*)pkey->dh->internal;
+
+        keyIdx = 0;
+        if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) != 0) {
+            ret = 0;
+        }
+    }
+
+    if (ret == 1) {
+        elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB;
+        if (priv) {
+            elements |= ELEMENT_PRV;
+        }
+        if (SetDhExternal_ex(pkey->dh, elements) != WOLFSSL_SUCCESS ) {
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        *out = pkey;
+    }
+
+    if ((ret == 0) && (*out == NULL)) {
+        wolfSSL_EVP_PKEY_free(pkey);
+    }
+    return ret;
+}
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
+
+#ifdef HAVE_FALCON
+static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    int isFalcon = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    falcon_key falcon[1];
+#else
+    falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(falcon_key), NULL,
+                                              DYNAMIC_TYPE_FALCON);
+    if (falcon == NULL) {
+        return 0;
+    }
+#endif
+
+    if (wc_falcon_init(falcon) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
+    #endif
+        return 0;
+    }
+
+    /* test if Falcon key */
+    if (priv) {
+        /* Try level 1 */
+        isFalcon = ((wc_falcon_set_level(falcon, 1) == 0) &&
+                    (wc_falcon_import_private_only(mem, (word32)memSz,
+                                                   falcon) == 0));
+        if (!isFalcon) {
+            /* Try level 5 */
+            isFalcon = ((wc_falcon_set_level(falcon, 5) == 0) &&
+                        (wc_falcon_import_private_only(mem, (word32)memSz,
+                                                       falcon) == 0));
+        }
+    }
+    else {
+        /* Try level 1 */
+        isFalcon = ((wc_falcon_set_level(falcon, 1) == 0) &&
+                    (wc_falcon_import_public(mem, (word32)memSz, falcon) == 0));
+
+        if (!isFalcon) {
+            /* Try level 5 */
+            isFalcon = ((wc_falcon_set_level(falcon, 5) == 0) &&
+                        (wc_falcon_import_public(mem, (word32)memSz,
+                                                 falcon) == 0));
+        }
+    }
+    wc_falcon_free(falcon);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
+#endif
+
+    if (!isFalcon) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        /* Create a fake Falcon EVP_PKEY. In the future, we might integrate
+         * Falcon into the compatibility layer. */
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            WOLFSSL_MSG("Falcon wolfSSL_EVP_PKEY_new error");
+            return 0;
+        }
+    }
+    pkey->type = WC_EVP_PKEY_FALCON;
+    pkey->pkey.ptr = NULL;
+    pkey->pkey_sz = 0;
+
+    *out = pkey;
+    return 1;
+
+}
+#endif /* HAVE_FALCON */
+
+#ifdef HAVE_DILITHIUM
+static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
+    long memSz, int priv)
+{
+    WOLFSSL_EVP_PKEY* pkey;
+    int isDilithium = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    dilithium_key dilithium[1];
+#else
+    dilithium_key *dilithium = (dilithium_key *)
+        XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM);
+    if (dilithium == NULL) {
+        return 0;
+    }
+#endif
+
+    if (wc_dilithium_init(dilithium) != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        return 0;
+    }
+
+    /* Test if Dilithium key. Try all levels. */
+    if (priv) {
+        isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) &&
+                       (wc_dilithium_import_private(mem,
+                          (word32)memSz, dilithium) == 0));
+        if (!isDilithium) {
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) &&
+                           (wc_dilithium_import_private(mem,
+                              (word32)memSz, dilithium) == 0));
+        }
+        if (!isDilithium) {
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) &&
+                           (wc_dilithium_import_private(mem,
+                              (word32)memSz, dilithium) == 0));
+        }
+    }
+    else {
+        isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) &&
+                       (wc_dilithium_import_public(mem, (word32)memSz,
+                          dilithium) == 0));
+        if (!isDilithium) {
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) &&
+                           (wc_dilithium_import_public(mem, (word32)memSz,
+                              dilithium) == 0));
+        }
+        if (!isDilithium) {
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) &&
+                           (wc_dilithium_import_public(mem, (word32)memSz,
+                              dilithium) == 0));
+        }
+    }
+    wc_dilithium_free(dilithium);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
+#endif
+
+    if (!isDilithium) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*out != NULL) {
+        pkey = *out;
+    }
+    else {
+        /* Create a fake Dilithium EVP_PKEY. In the future, we might
+         * integrate Dilithium into the compatibility layer. */
+        pkey = wolfSSL_EVP_PKEY_new();
+        if (pkey == NULL) {
+            WOLFSSL_MSG("Dilithium wolfSSL_EVP_PKEY_new error");
+            return 0;
+        }
+    }
+    pkey->type = WC_EVP_PKEY_DILITHIUM;
+    pkey->pkey.ptr = NULL;
+    pkey->pkey_sz = 0;
+
+    *out = pkey;
+    return 1;
+}
+#endif /* HAVE_DILITHIUM */
+
 static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
     const unsigned char** in, long inSz, int priv)
 {
-
     WOLFSSL_EVP_PKEY* pkey = NULL;
-    const unsigned char* mem;
-    long memSz = inSz;
 
     WOLFSSL_ENTER("d2iGenericKey");
 
@@ -9262,506 +7902,126 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
         WOLFSSL_MSG("Bad argument");
         return NULL;
     }
-    mem = *in;
 
-    #if !defined(NO_RSA)
-    {
-        word32 keyIdx = 0;
-        int isRsaKey;
-    #ifdef WOLFSSL_SMALL_STACK
-        RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
-        if (rsa == NULL)
-            return NULL;
-    #else
-        RsaKey rsa[1];
-    #endif
-        XMEMSET(rsa, 0, sizeof(RsaKey));
-
-        /* test if RSA key */
-        if (priv)
-            isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 &&
-                wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0;
-        else
-            isRsaKey = wc_InitRsaKey(rsa, NULL) == 0 &&
-                wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0;
-        wc_FreeRsaKey(rsa);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
-    #endif
-
-        if (isRsaKey) {
-            pkey = wolfSSL_EVP_PKEY_new();
-            if (pkey != NULL) {
-                pkey->pkey_sz = keyIdx;
-                pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
-                        priv ? DYNAMIC_TYPE_PRIVATE_KEY :
-                               DYNAMIC_TYPE_PUBLIC_KEY);
-                if (pkey->pkey.ptr == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-                XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-                pkey->type = EVP_PKEY_RSA;
-                if (out != NULL) {
-                    *out = pkey;
-                }
-
-                pkey->ownRsa = 1;
-                pkey->rsa = wolfssl_rsa_d2i(NULL, mem, inSz,
-                    priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC);
-                if (pkey->rsa == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                return pkey;
-            }
-            else {
-                WOLFSSL_MSG("RSA wolfSSL_EVP_PKEY_new error");
-            }
-        }
+    if ((out != NULL) && (*out != NULL)) {
+        pkey = *out;
     }
-    #endif /* NO_RSA */
 
-    #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-    {
-        word32  keyIdx = 0;
-        int     isEccKey;
-    #ifdef WOLFSSL_SMALL_STACK
-        ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
-        if (ecc == NULL)
-            return NULL;
-    #else
-        ecc_key ecc[1];
-    #endif
-        XMEMSET(ecc, 0, sizeof(ecc_key));
-
-        if (priv)
-            isEccKey = wc_ecc_init(ecc) == 0 &&
-                wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0;
-        else
-            isEccKey = wc_ecc_init(ecc) == 0 &&
-                wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0;
-        wc_ecc_free(ecc);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(ecc, NULL, DYNAMIC_TYPE_ECC);
-    #endif
-
-        if (isEccKey) {
-            pkey = wolfSSL_EVP_PKEY_new();
-            if (pkey != NULL) {
-                pkey->pkey_sz = keyIdx;
-                pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL,
-                        priv ? DYNAMIC_TYPE_PRIVATE_KEY :
-                               DYNAMIC_TYPE_PUBLIC_KEY);
-                if (pkey->pkey.ptr == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-                XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-                pkey->type = EVP_PKEY_EC;
-                if (out != NULL) {
-                    *out = pkey;
-                }
-
-                pkey->ownEcc = 1;
-                pkey->ecc = wolfSSL_EC_KEY_new();
-                if (pkey->ecc == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                if (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc,
-                        (const unsigned char*)pkey->pkey.ptr,
-                        pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
-                                            : WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                return pkey;
-            }
-            else {
-                WOLFSSL_MSG("ECC wolfSSL_EVP_PKEY_new error");
-            }
-        }
+#if !defined(NO_RSA)
+    if (d2iTryRsaKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
     }
-    #endif /* HAVE_ECC && OPENSSL_EXTRA */
-
-    #if !defined(NO_DSA)
-    {
-        word32 keyIdx = 0;
-        int     isDsaKey;
-    #ifdef WOLFSSL_SMALL_STACK
-        DsaKey *dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
-        if (dsa == NULL)
-            return NULL;
-    #else
-        DsaKey dsa[1];
-    #endif
-        XMEMSET(dsa, 0, sizeof(DsaKey));
-
-        if (priv)
-            isDsaKey = wc_InitDsaKey(dsa) == 0 &&
-                wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0;
-        else
-            isDsaKey = wc_InitDsaKey(dsa) == 0 &&
-                wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0;
-        wc_FreeDsaKey(dsa);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
-    #endif
-
-        /* test if DSA key */
-        if (isDsaKey) {
-            pkey = wolfSSL_EVP_PKEY_new();
-
-            if (pkey != NULL) {
-                pkey->pkey_sz = keyIdx;
-                pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
-                        priv ? DYNAMIC_TYPE_PRIVATE_KEY :
-                               DYNAMIC_TYPE_PUBLIC_KEY);
-                if (pkey->pkey.ptr == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-                XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-                pkey->type = EVP_PKEY_DSA;
-                if (out != NULL) {
-                    *out = pkey;
-                }
-
-                pkey->ownDsa = 1;
-                pkey->dsa = wolfSSL_DSA_new();
-                if (pkey->dsa == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                if (wolfSSL_DSA_LoadDer_ex(pkey->dsa,
-                        (const unsigned char*)pkey->pkey.ptr,
-                        pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
-                                            : WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                return pkey;
-            }
-            else {
-                WOLFSSL_MSG("DSA wolfSSL_EVP_PKEY_new error");
-            }
-        }
+    else
+#endif /* NO_RSA */
+#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
+    if (d2iTryEccKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
     }
-    #endif /* NO_DSA */
+    else
+#endif /* HAVE_ECC && OPENSSL_EXTRA */
+#if !defined(NO_DSA)
+    if (d2iTryDsaKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
+    }
+    else
+#endif /* NO_DSA */
+#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION > 2))
+    if (d2iTryDhKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
+    }
+    else
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
 
-    #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
-    #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
         (HAVE_FIPS_VERSION > 2))
-    {
-        int isDhKey;
-        word32 keyIdx = 0;
-    #ifdef WOLFSSL_SMALL_STACK
-        DhKey *dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
-        if (dh == NULL)
-            return NULL;
-    #else
-        DhKey dh[1];
-    #endif
-        XMEMSET(dh, 0, sizeof(DhKey));
-
-        isDhKey = wc_InitDhKey(dh) == 0 &&
-                  wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0;
-        wc_FreeDhKey(dh);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(dh, NULL, DYNAMIC_TYPE_DH);
-    #endif
-
-        /* test if DH key */
-        if (isDhKey) {
-            pkey = wolfSSL_EVP_PKEY_new();
-
-            if (pkey != NULL) {
-                pkey->pkey_sz = (int)memSz;
-                pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
-                        priv ? DYNAMIC_TYPE_PRIVATE_KEY :
-                               DYNAMIC_TYPE_PUBLIC_KEY);
-                if (pkey->pkey.ptr == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-                XMEMCPY(pkey->pkey.ptr, mem, memSz);
-                pkey->type = EVP_PKEY_DH;
-                if (out != NULL) {
-                    *out = pkey;
-                }
-
-                pkey->ownDh = 1;
-                pkey->dh = wolfSSL_DH_new();
-                if (pkey->dh == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                if (wolfSSL_DH_LoadDer(pkey->dh,
-                            (const unsigned char*)pkey->pkey.ptr,
-                            pkey->pkey_sz) != WOLFSSL_SUCCESS) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                return pkey;
-            }
-            else {
-                WOLFSSL_MSG("DH wolfSSL_EVP_PKEY_new error");
-            }
-        }
+    if (d2iTryAltDhKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
     }
-    #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-    #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
+    else
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
 
-    #if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
-    #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-            (HAVE_FIPS_VERSION > 2))
-    {
-        word32  keyIdx = 0;
-        DhKey*  key = NULL;
-        int ret;
-    #ifdef WOLFSSL_SMALL_STACK
-        DhKey* dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
-        if (dh == NULL)
-            return NULL;
-    #else
-        DhKey  dh[1];
-    #endif
-        XMEMSET(dh, 0, sizeof(DhKey));
-
-        /* test if DH-public key */
-        if (wc_InitDhKey(dh) != 0)
-            return NULL;
-
-        ret = wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz);
-        wc_FreeDhKey(dh);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(dh, NULL, DYNAMIC_TYPE_DH);
-    #endif
-
-        if (ret == 0) {
-            pkey = wolfSSL_EVP_PKEY_new();
-            if (pkey != NULL) {
-                pkey->type     = EVP_PKEY_DH;
-                pkey->pkey_sz  = (int)memSz;
-                pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
-                        priv ? DYNAMIC_TYPE_PRIVATE_KEY :
-                               DYNAMIC_TYPE_PUBLIC_KEY);
-                if (pkey->pkey.ptr == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-                XMEMCPY(pkey->pkey.ptr, mem, memSz);
-                if (out != NULL) {
-                    *out = pkey;
-                }
-                pkey->ownDh = 1;
-                pkey->dh = wolfSSL_DH_new();
-                if (pkey->dh == NULL) {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-
-                key = (DhKey*)pkey->dh->internal;
-
-                keyIdx = 0;
-                if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0)
-                {
-                    int elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q |
-                                   ELEMENT_PUB;
-                    if (priv)
-                        elements |= ELEMENT_PRV;
-                    if(SetDhExternal_ex(pkey->dh, elements)
-                            == WOLFSSL_SUCCESS ) {
-                        return pkey;
-                    }
-                }
-                else {
-                    wolfSSL_EVP_PKEY_free(pkey);
-                    return NULL;
-                }
-            }
-        }
+#ifdef HAVE_FALCON
+    if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
     }
-    #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-    #endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
-
-    #ifdef HAVE_PQC
-    #ifdef HAVE_FALCON
-    {
-        int isFalcon = 0;
-    #ifdef WOLFSSL_SMALL_STACK
-        falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(falcon_key), NULL,
-                                                  DYNAMIC_TYPE_FALCON);
-        if (falcon == NULL) {
-            return NULL;
-        }
-    #else
-        falcon_key falcon[1];
-    #endif
-
-        if (wc_falcon_init(falcon) == 0) {
-            /* test if Falcon key */
-            if (priv) {
-                /* Try level 1 */
-                isFalcon = wc_falcon_set_level(falcon, 1) == 0 &&
-                           wc_falcon_import_private_only(mem, (word32)memSz,
-                                                         falcon) == 0;
-                if (!isFalcon) {
-                    /* Try level 5 */
-                    isFalcon = wc_falcon_set_level(falcon, 5) == 0 &&
-                               wc_falcon_import_private_only(mem, (word32)memSz,
-                                                             falcon) == 0;
-                }
-            } else {
-                /* Try level 1 */
-                isFalcon = wc_falcon_set_level(falcon, 1) == 0 &&
-                           wc_falcon_import_public(mem, (word32)memSz, falcon)
-                           == 0;
-
-                if (!isFalcon) {
-                    /* Try level 5 */
-                    isFalcon = wc_falcon_set_level(falcon, 5) == 0 &&
-                               wc_falcon_import_public(mem, (word32)memSz,
-                                                       falcon) == 0;
-                }
-            }
-            wc_falcon_free(falcon);
-        }
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
-    #endif
-        if (isFalcon) {
-            /* Create a fake Falcon EVP_PKEY. In the future, we might integrate
-             * Falcon into the compatibility layer. */
-            pkey = wolfSSL_EVP_PKEY_new();
-            if (pkey == NULL) {
-                WOLFSSL_MSG("Falcon wolfSSL_EVP_PKEY_new error");
-                return NULL;
-            }
-            pkey->type = EVP_PKEY_FALCON;
-            pkey->pkey.ptr = NULL;
-            pkey->pkey_sz = 0;
-            return pkey;
-        }
-
+    else
+#endif /* HAVE_FALCON */
+#ifdef HAVE_DILITHIUM
+    if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) {
+        ;
     }
-    #endif /* HAVE_FALCON */
-    #ifdef HAVE_DILITHIUM
+    else
+#endif /* HAVE_DILITHIUM */
     {
-        int isDilithium = 0;
-    #ifdef WOLFSSL_SMALL_STACK
-        dilithium_key *dilithium = (dilithium_key *)
-            XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM);
-        if (dilithium == NULL) {
-            return NULL;
-        }
-    #else
-        dilithium_key dilithium[1];
-    #endif
-
-        if (wc_dilithium_init(dilithium) == 0) {
-            /* Test if Dilithium key. Try all levels. */
-            if (priv) {
-                isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 &&
-                              wc_dilithium_import_private_only(mem,
-                                  (word32)memSz, dilithium) == 0;
-                if (!isDilithium) {
-                    isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 &&
-                                  wc_dilithium_import_private_only(mem,
-                                      (word32)memSz, dilithium) == 0;
-                }
-                if (!isDilithium) {
-                    isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 &&
-                                  wc_dilithium_import_private_only(mem,
-                                      (word32)memSz, dilithium) == 0;
-                }
-            } else {
-                isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 &&
-                              wc_dilithium_import_public(mem, (word32)memSz,
-                                  dilithium) == 0;
-                if (!isDilithium) {
-                    isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 &&
-                                  wc_dilithium_import_public(mem, (word32)memSz,
-                                      dilithium) == 0;
-                }
-                if (!isDilithium) {
-                    isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 &&
-                                  wc_dilithium_import_public(mem, (word32)memSz,
-                                      dilithium) == 0;
-                }
-            }
-            wc_dilithium_free(dilithium);
-        }
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
-    #endif
-        if (isDilithium) {
-            /* Create a fake Dilithium EVP_PKEY. In the future, we might
-             * integrate Dilithium into the compatibility layer. */
-            pkey = wolfSSL_EVP_PKEY_new();
-            if (pkey == NULL) {
-                WOLFSSL_MSG("Dilithium wolfSSL_EVP_PKEY_new error");
-                return NULL;
-            }
-            pkey->type = EVP_PKEY_DILITHIUM;
-            pkey->pkey.ptr = NULL;
-            pkey->pkey_sz = 0;
-            return pkey;
-        }
-
-    }
-    #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
-
-    if (pkey == NULL) {
         WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
     }
 
+    if ((pkey != NULL) && (out != NULL)) {
+        *out = pkey;
+    }
     return pkey;
-
 }
 #endif /* OPENSSL_EXTRA || WPA_SMALL */
 
 #ifdef OPENSSL_EXTRA
 
 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
-    WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen)
+    WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf,
+    long keyLen)
 {
     WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
 #ifdef WOLFSSL_PEM_TO_DER
     int ret;
-    DerBuffer* der = NULL;
+    DerBuffer* pkcs8Der = NULL;
+    DerBuffer rawDer;
+    EncryptedInfo info;
+    int advanceLen = 0;
+
+    XMEMSET(&info, 0, sizeof(info));
+    XMEMSET(&rawDer, 0, sizeof(rawDer));
 
     if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) {
         WOLFSSL_MSG("Bad key PEM/DER args");
         return NULL;
     }
 
-    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL);
+    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info,
+                   NULL);
     if (ret < 0) {
         WOLFSSL_MSG("Not PEM format");
-        ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
+        ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
         if (ret == 0) {
-            XMEMCPY(der->buffer, *keyBuf, keyLen);
+            XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen);
         }
     }
+    else {
+        advanceLen = (int)info.consumed;
+    }
 
     if (ret == 0) {
         /* Verify this is PKCS8 Key */
         word32 inOutIdx = 0;
         word32 algId;
-        ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId);
+        ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx,
+                pkcs8Der->length, &algId);
         if (ret >= 0) {
+            if (advanceLen == 0) /* Set only if not PEM */
+                advanceLen = (int)inOutIdx + ret;
+            if (algId == DHk) {
+                /* Special case for DH as we expect the DER buffer to be always
+                 * be in PKCS8 format */
+                rawDer.buffer = pkcs8Der->buffer;
+                rawDer.length = inOutIdx + (word32)ret;
+            }
+            else {
+                rawDer.buffer = pkcs8Der->buffer + inOutIdx;
+                rawDer.length = (word32)ret;
+            }
             ret = 0; /* good DER */
         }
     }
@@ -9772,21 +8032,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
             ret = MEMORY_E;
     }
     if (ret == 0) {
-        pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL,
+        pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL,
             DYNAMIC_TYPE_PUBLIC_KEY);
         if (pkcs8->pkey.ptr == NULL)
             ret = MEMORY_E;
     }
     if (ret == 0) {
-        XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length);
-        pkcs8->pkey_sz = der->length;
+        XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length);
+        pkcs8->pkey_sz = (int)rawDer.length;
     }
 
-    FreeDer(&der);
+    FreeDer(&pkcs8Der);
     if (ret != 0) {
         wolfSSL_EVP_PKEY_free(pkcs8);
         pkcs8 = NULL;
     }
+    else {
+        *keyBuf += advanceLen;
+    }
     if (pkey != NULL) {
         *pkey = pkcs8;
     }
@@ -9799,6 +8062,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
     return pkcs8;
 }
 
+#ifdef OPENSSL_ALL
+int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp)
+{
+    word32 keySz = 0;
+    unsigned char* out;
+    int len;
+
+    WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY");
+
+    if (key == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        return WOLFSSL_FATAL_ERROR;
+    len = (int)keySz;
+
+    if ((pp == NULL) || (len == 0))
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    if (pkcs8_encode(key, out, &keySz) != len) {
+        if (*pp == NULL)
+            XFREE(out, NULL, DYNAMIC_TYPE_ASN1);
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
+#endif
 
 #ifndef NO_BIO
 /* put SSL type in extra for now, not very common */
@@ -9867,7 +8172,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
         return NULL;
     }
 
-    mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap,
+                                DYNAMIC_TYPE_TMP_BUFFER);
     if (mem == NULL) {
         return NULL;
     }
@@ -9906,7 +8212,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
     !defined(NO_PWDBASED)
 
 /* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */
-static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char** der)
+static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key,
+    unsigned char** der)
 {
     int sz;
     word16 pkcs8HeaderSz;
@@ -9925,15 +8232,16 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char**
         if (*der) {
             /* since this function signature has no size value passed in it is
              * assumed that the user has allocated a large enough buffer */
-            XMEMCPY(*der, pt + pkcs8HeaderSz, sz);
+            XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz);
             *der += sz;
         }
         else {
-            *der = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
+            *der = (unsigned char*)XMALLOC((size_t)sz, NULL,
+                                                DYNAMIC_TYPE_OPENSSL);
             if (*der == NULL) {
                 return WOLFSSL_FATAL_ERROR;
             }
-            XMEMCPY(*der, pt + pkcs8HeaderSz, sz);
+            XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz);
         }
     }
     return sz;
@@ -9953,7 +8261,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
     word32 idx = 0, algId;
     word16 pkcs8HeaderSz = 0;
     WOLFSSL_EVP_PKEY* local;
-    int opt;
+    int opt = 0;
 
     (void)opt;
 
@@ -9970,14 +8278,14 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             WOLFSSL_MSG("Found PKCS8 header");
             pkcs8HeaderSz = (word16)idx;
 
-            if ((type == EVP_PKEY_RSA && algId != RSAk
+            if ((type == WC_EVP_PKEY_RSA && algId != RSAk
             #ifdef WC_RSA_PSS
                  && algId != RSAPSSk
             #endif
                  ) ||
-                (type == EVP_PKEY_EC && algId != ECDSAk) ||
-                (type == EVP_PKEY_DSA && algId != DSAk) ||
-                (type == EVP_PKEY_DH && algId != DHk)) {
+                (type == WC_EVP_PKEY_EC && algId != ECDSAk) ||
+                (type == WC_EVP_PKEY_DSA && algId != DSAk) ||
+                (type == WC_EVP_PKEY_DH && algId != DHk)) {
                 WOLFSSL_MSG("PKCS8 does not match EVP key type");
                 return NULL;
             }
@@ -9985,7 +8293,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             (void)idx; /* not used */
         }
         else {
-            if (ret != ASN_PARSE_E) {
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
                 WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 "
                     "header");
                 return NULL;
@@ -10005,19 +8313,20 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
     local->type     = type;
     local->pkey_sz  = (int)inSz;
     local->pkcs8HeaderSz = pkcs8HeaderSz;
-    local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+    local->pkey.ptr = (char*)XMALLOC((size_t)inSz, NULL,
+                                        DYNAMIC_TYPE_PUBLIC_KEY);
     if (local->pkey.ptr == NULL) {
         wolfSSL_EVP_PKEY_free(local);
         local = NULL;
         return NULL;
     }
     else {
-        XMEMCPY(local->pkey.ptr, *in, inSz);
+        XMEMCPY(local->pkey.ptr, *in, (size_t)inSz);
     }
 
     switch (type) {
 #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC;
             local->ownRsa = 1;
             local->rsa = wolfssl_rsa_d2i(NULL,
@@ -10029,7 +8338,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             break;
 #endif /* NO_RSA */
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             local->ownEcc = 1;
             local->ecc = wolfSSL_EC_KEY_new();
             if (local->ecc == NULL) {
@@ -10049,7 +8358,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 #endif /* HAVE_ECC */
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             local->ownDsa = 1;
             local->dsa = wolfSSL_DSA_new();
             if (local->dsa == NULL) {
@@ -10068,7 +8377,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 #endif /* NO_DSA */
 #ifndef NO_DH
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
             local->ownDh = 1;
             local->dh = wolfSSL_DH_new();
             if (local->dh == NULL) {
@@ -10153,7 +8462,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
 
     switch (type) {
 #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
         {
             RsaKey* key;
             local->ownRsa = 1;
@@ -10172,7 +8481,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
         }
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
         {
             ecc_key* key;
             local->ownEcc = 1;
@@ -10219,88 +8528,58 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
  *         WOLFSSL_FAILURE if mismatched. */
 int wolfSSL_check_private_key(const WOLFSSL* ssl)
 {
+    int res = WOLFSSL_SUCCESS;
+
     if (ssl == NULL) {
         return WOLFSSL_FAILURE;
     }
-    return check_cert_key(ssl->buffers.certificate, ssl->buffers.key, ssl->heap,
-        ssl->buffers.keyDevId, ssl->buffers.keyLabel, ssl->buffers.keyId);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+    wolfssl_priv_der_unblind(ssl->buffers.altKey, ssl->buffers.altKeyMask);
+#endif
+    res = check_cert_key(ssl->buffers.certificate, ssl->buffers.key,
+        ssl->buffers.altKey, ssl->heap, ssl->buffers.keyDevId,
+        ssl->buffers.keyLabel, ssl->buffers.keyId, ssl->buffers.altKeyDevId,
+        ssl->buffers.altKeyLabel, ssl->buffers.altKeyId);
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    if (res == WOLFSSL_SUCCESS) {
+        int ret;
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            (DerBuffer**)&ssl->buffers.keyMask);
+        if (ret == 0) {
+            ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
+                (DerBuffer**)&ssl->buffers.altKeyMask);
+        }
+        if (ret != 0) {
+            res = WOLFSSL_FAILURE;
+        }
+    }
+#endif
+#else
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+#endif
+    res = check_cert_key(ssl->buffers.certificate, ssl->buffers.key, NULL,
+        ssl->heap, ssl->buffers.keyDevId, ssl->buffers.keyLabel,
+        ssl->buffers.keyId, INVALID_DEVID, 0, 0);
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    if (res == WOLFSSL_SUCCESS) {
+        int ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            (DerBuffer**)&ssl->buffers.keyMask);
+        if (ret != 0) {
+            res = WOLFSSL_FAILURE;
+        }
+    }
+#endif
+#endif
+
+    return res;
 }
 #endif /* !NO_CHECK_PRIVATE_KEY */
 
 #endif /* !NO_CERTS */
 
-int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
-{
-    WOLFSSL_ENTER("wolfSSL_use_PrivateKey");
-    if (ssl == NULL || pkey == NULL ) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr,
-                                         pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1);
-}
-
-
-int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, const unsigned char* der,
-                                long derSz)
-{
-    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1");
-    if (ssl == NULL || der == NULL ) {
-        return WOLFSSL_FAILURE;
-    }
-
-    (void)pri; /* type of private key */
-    return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1);
-}
-/******************************************************************************
-* wolfSSL_CTX_use_PrivateKey_ASN1 - loads a private key buffer into the SSL ctx
-*
-* RETURNS:
-* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
-*/
-
-int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
-                                            unsigned char* der, long derSz)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1");
-    if (ctx == NULL || der == NULL ) {
-        return WOLFSSL_FAILURE;
-    }
-
-    (void)pri; /* type of private key */
-    return wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1);
-}
-
-
-#ifndef NO_RSA
-int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
-{
-    WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1");
-    if (ssl == NULL || der == NULL ) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1);
-}
-#endif
-
-int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
-{
-    long idx;
-
-    WOLFSSL_ENTER("wolfSSL_use_certificate");
-    if (x509 != NULL && ssl != NULL && x509->derCert != NULL) {
-        if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
-                          WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
-                          GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
-            return WOLFSSL_SUCCESS;
-        }
-    }
-
-    (void)idx;
-    return WOLFSSL_FAILURE;
-}
-
 #endif /* OPENSSL_EXTRA */
 
 #if defined(HAVE_RPK)
@@ -10342,14 +8621,14 @@ WOLFSSL_API int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx,
         return WOLFSSL_SUCCESS;
     }
 
-    if (!isArrayUnique(buf, bufLen))
+    if (!isArrayUnique(buf, (size_t)bufLen))
         return BAD_FUNC_ARG;
 
     for (i = 0; i < bufLen; i++){
         if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
             return BAD_FUNC_ARG;
 
-        ctx->rpkConfig.preferred_ClientCertTypes[i] = buf[i];
+        ctx->rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i];
     }
     ctx->rpkConfig.preferred_ClientCertTypeCnt = bufLen;
 
@@ -10377,14 +8656,14 @@ WOLFSSL_API int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx,
         return WOLFSSL_SUCCESS;
     }
 
-    if (!isArrayUnique(buf, bufLen))
+    if (!isArrayUnique(buf, (size_t)bufLen))
         return BAD_FUNC_ARG;
 
     for (i = 0; i < bufLen; i++){
         if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
             return BAD_FUNC_ARG;
 
-        ctx->rpkConfig.preferred_ServerCertTypes[i] = buf[i];
+        ctx->rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i];
     }
     ctx->rpkConfig.preferred_ServerCertTypeCnt = bufLen;
 
@@ -10414,14 +8693,14 @@ WOLFSSL_API int wolfSSL_set_client_cert_type(WOLFSSL* ssl,
         return WOLFSSL_SUCCESS;
     }
 
-    if (!isArrayUnique(buf, bufLen))
+    if (!isArrayUnique(buf, (size_t)bufLen))
         return BAD_FUNC_ARG;
 
     for (i = 0; i < bufLen; i++){
         if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
             return BAD_FUNC_ARG;
 
-        ssl->options.rpkConfig.preferred_ClientCertTypes[i] = buf[i];
+        ssl->options.rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i];
     }
     ssl->options.rpkConfig.preferred_ClientCertTypeCnt = bufLen;
 
@@ -10451,14 +8730,14 @@ WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl,
         return WOLFSSL_SUCCESS;
     }
 
-    if (!isArrayUnique(buf, bufLen))
+    if (!isArrayUnique(buf, (size_t)bufLen))
         return BAD_FUNC_ARG;
 
     for (i = 0; i < bufLen; i++){
         if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
             return BAD_FUNC_ARG;
 
-        ssl->options.rpkConfig.preferred_ServerCertTypes[i] = buf[i];
+        ssl->options.rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i];
     }
     ssl->options.rpkConfig.preferred_ServerCertTypeCnt = bufLen;
 
@@ -10529,103 +8808,13 @@ WOLFSSL_API int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp)
 
 #endif /* HAVE_RPK */
 
-int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
-                                 int derSz)
-{
-    long idx;
-
-    WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
-    if (der != NULL && ssl != NULL) {
-        if (ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
-                ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
-            return WOLFSSL_SUCCESS;
-        }
-    }
-
-    (void)idx;
-    return WOLFSSL_FAILURE;
-}
-
-#ifndef NO_FILESYSTEM
-
-WOLFSSL_ABI
-int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
-{
-    WOLFSSL_ENTER("wolfSSL_use_certificate_file");
-
-    if (ssl == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (ProcessFile(ssl->ctx, file, format, CERT_TYPE,
-                ssl, 0, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-
-    return WOLFSSL_FAILURE;
-}
-
-
-WOLFSSL_ABI
-int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
-{
-    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
-
-    if (ssl == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE,
-                ssl, 0, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-
-    return WOLFSSL_FAILURE;
-}
-
-
-WOLFSSL_ABI
-int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
-{
-    /* process up to MAX_CHAIN_DEPTH plus subject cert */
-    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
-
-    if (ssl == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE,
-               ssl, 1, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-
-   return WOLFSSL_FAILURE;
-}
-
-int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file,
-                                              int format)
-{
-    /* process up to MAX_CHAIN_DEPTH plus subject cert */
-    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format");
-
-    if (ssl == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1,
-                    NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
-        return WOLFSSL_SUCCESS;
-    }
-    return WOLFSSL_FAILURE;
-}
-
-#endif /* !NO_FILESYSTEM */
-
 #ifdef HAVE_ECC
 
 /* Set Temp CTX EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */
 int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
 {
+    WOLFSSL_ENTER("wolfSSL_CTX_SetTmpEC_DHE_Sz");
+
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
@@ -10660,6 +8849,8 @@ int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
 /* Set Temp SSL EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */
 int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
 {
+    WOLFSSL_ENTER("wolfSSL_SetTmpEC_DHE_Sz");
+
     if (ssl == NULL)
         return BAD_FUNC_ARG;
 
@@ -10679,78 +8870,6 @@ int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
 #endif /* HAVE_ECC */
 
 
-#ifdef OPENSSL_EXTRA
-
-#ifndef NO_FILESYSTEM
-int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
-                                   int format)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey_file");
-
-    return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
-}
-
-
-int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
-{
-    WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
-
-    return wolfSSL_use_PrivateKey_file(ssl, file, format);
-}
-#endif /* NO_FILESYSTEM */
-
-
-/* Copies the master secret over to out buffer. If outSz is 0 returns the size
- * of master secret.
- *
- * ses : a session from completed TLS/SSL handshake
- * out : buffer to hold copy of master secret
- * outSz : size of out buffer
- * returns : number of bytes copied into out buffer on success
- *           less then or equal to 0 is considered a failure case
- */
-int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
-        unsigned char* out, int outSz)
-{
-    int size;
-
-    ses = ClientSessionToSession(ses);
-
-    if (outSz == 0) {
-        return SECRET_LEN;
-    }
-
-    if (ses == NULL || out == NULL || outSz < 0) {
-        return 0;
-    }
-
-    if (outSz > SECRET_LEN) {
-        size = SECRET_LEN;
-    }
-    else {
-        size = outSz;
-    }
-
-    XMEMCPY(out, ses->masterSecret, size);
-    return size;
-}
-
-
-int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
-{
-    (void)ses;
-    return SECRET_LEN;
-}
-
-#ifdef WOLFSSL_EARLY_DATA
-unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session)
-{
-    return session->maxEarlyDataSz;
-}
-#endif /* WOLFSSL_EARLY_DATA */
-
-#endif /* OPENSSL_EXTRA */
-
 typedef struct {
     byte verifyPeer:1;
     byte verifyNone:1;
@@ -10849,7 +8968,7 @@ void wolfSSL_set_verify_result(WOLFSSL *ssl, long v)
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(OPENSSL_ALL)
-    ssl->peerVerifyRet = v;
+    ssl->peerVerifyRet = (unsigned long)v;
 #else
     (void)v;
     WOLFSSL_STUB("wolfSSL_set_verify_result");
@@ -10892,7 +9011,8 @@ int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val)
     }
     return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
 }
-#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */
+#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 &&
+        * WOLFSSL_POST_HANDSHAKE_AUTH */
 
 /* store user ctx for verify callback */
 void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
@@ -10989,499 +9109,6 @@ int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
 #endif /* !NO_CERTS */
 
 
-#ifndef NO_SESSION_CACHE
-
-WOLFSSL_ABI
-WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
-{
-    WOLFSSL_ENTER("wolfSSL_get_session");
-    if (ssl) {
-#ifdef NO_SESSION_CACHE_REF
-        return ssl->session;
-#else
-        if (ssl->options.side == WOLFSSL_CLIENT_END) {
-            /* On the client side we want to return a persistent reference for
-             * backwards compatibility. */
-#ifndef NO_CLIENT_CACHE
-            if (ssl->clientSession) {
-                return (WOLFSSL_SESSION*)ssl->clientSession;
-            }
-            else {
-                /* Try to add a ClientCache entry to associate with the current
-                 * session. Ignore any session cache options. */
-                int err;
-                const byte* id = ssl->session->sessionID;
-                byte idSz = ssl->session->sessionIDSz;
-                if (ssl->session->haveAltSessionID) {
-                    id = ssl->session->altSessionID;
-                    idSz = ID_LEN;
-                }
-                err = AddSessionToCache(ssl->ctx, ssl->session, id, idSz,
-                        NULL, ssl->session->side,
-                #ifdef HAVE_SESSION_TICKET
-                        ssl->session->ticketLen > 0,
-                #else
-                        0,
-                #endif
-                        &ssl->clientSession);
-                if (err == 0) {
-                    return (WOLFSSL_SESSION*)ssl->clientSession;
-                }
-            }
-#endif
-        }
-        else {
-            return ssl->session;
-        }
-#endif
-    }
-
-    return NULL;
-}
-
-/* The get1 version requires caller to call SSL_SESSION_free */
-WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
-{
-    WOLFSSL_SESSION* sess = NULL;
-    WOLFSSL_ENTER("wolfSSL_get1_session");
-    if (ssl != NULL) {
-        sess = ssl->session;
-        if (sess != NULL) {
-            /* increase reference count if allocated session */
-            if (sess->type == WOLFSSL_SESSION_TYPE_HEAP) {
-                if (wolfSSL_SESSION_up_ref(sess) != WOLFSSL_SUCCESS)
-                    sess = NULL;
-            }
-        }
-    }
-    return sess;
-}
-
-
-/*
- * Sets the session object to use when establishing a TLS/SSL session using
- * the ssl object. Therefore, this function must be called before
- * wolfSSL_connect. The session object to use can be obtained in a previous
- * TLS/SSL connection using wolfSSL_get_session.
- *
- * This function rejects the session if it has been expired when this function
- * is called. Note that this expiration check is wolfSSL specific and differs
- * from OpenSSL return code behavior.
- *
- * By default, wolfSSL_set_session returns WOLFSSL_SUCCESS on successfully
- * setting the session, WOLFSSL_FAILURE on failure due to the session cache
- * being disabled, or the session has expired.
- *
- * To match OpenSSL return code behavior when session is expired, define
- * OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL. This behavior will return
- * WOLFSSL_SUCCESS even when the session is expired and rejected.
- */
-WOLFSSL_ABI
-int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
-{
-    WOLFSSL_ENTER("wolfSSL_set_session");
-    if (session)
-        return wolfSSL_SetSession(ssl, session);
-
-    return WOLFSSL_FAILURE;
-}
-
-
-#ifndef NO_CLIENT_CACHE
-
-/* Associate client session with serverID, find existing or store for saving
-   if newSession flag on, don't reuse existing session
-   WOLFSSL_SUCCESS on ok */
-int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
-{
-    WOLFSSL_SESSION* session = NULL;
-    byte idHash[SERVER_ID_LEN];
-
-    WOLFSSL_ENTER("wolfSSL_SetServerID");
-
-    if (ssl == NULL || id == NULL || len <= 0)
-        return BAD_FUNC_ARG;
-
-    if (len > SERVER_ID_LEN) {
-#if defined(NO_SHA) && !defined(NO_SHA256)
-        if (wc_Sha256Hash(id, len, idHash) != 0)
-            return WOLFSSL_FAILURE;
-#else
-        if (wc_ShaHash(id, len, idHash) != 0)
-            return WOLFSSL_FAILURE;
-#endif
-        id = idHash;
-        len = SERVER_ID_LEN;
-    }
-
-    if (newSession == 0) {
-        session = wolfSSL_GetSessionClient(ssl, id, len);
-        if (session) {
-            if (wolfSSL_SetSession(ssl, session) != WOLFSSL_SUCCESS) {
-            #ifdef HAVE_EXT_CACHE
-                wolfSSL_FreeSession(ssl->ctx, session);
-            #endif
-                WOLFSSL_MSG("wolfSSL_SetSession failed");
-                session = NULL;
-            }
-        }
-    }
-
-    if (session == NULL) {
-        WOLFSSL_MSG("Valid ServerID not cached already");
-
-        ssl->session->idLen = (word16)len;
-        XMEMCPY(ssl->session->serverID, id, len);
-    }
-#ifdef HAVE_EXT_CACHE
-    else {
-        wolfSSL_FreeSession(ssl->ctx, session);
-    }
-#endif
-
-    return WOLFSSL_SUCCESS;
-}
-
-#endif /* !NO_CLIENT_CACHE */
-
-/* TODO: Add SESSION_CACHE_DYNAMIC_MEM support for PERSIST_SESSION_CACHE.
- * Need a count of current sessions to get an accurate memsize (totalCount is
- * not decremented when sessions are removed).
- * Need to determine ideal layout for mem/filesave.
- * Also need mem/filesave checking to ensure not restoring non DYNAMIC_MEM cache.
- */
-#if defined(PERSIST_SESSION_CACHE) && !defined(SESSION_CACHE_DYNAMIC_MEM)
-
-/* for persistence, if changes to layout need to increment and modify
-   save_session_cache() and restore_session_cache and memory versions too */
-#define WOLFSSL_CACHE_VERSION 2
-
-/* Session Cache Header information */
-typedef struct {
-    int version;     /* cache layout version id */
-    int rows;        /* session rows */
-    int columns;     /* session columns */
-    int sessionSz;   /* sizeof WOLFSSL_SESSION */
-} cache_header_t;
-
-/* current persistence layout is:
-
-   1) cache_header_t
-   2) SessionCache
-   3) ClientCache
-
-   update WOLFSSL_CACHE_VERSION if change layout for the following
-   PERSISTENT_SESSION_CACHE functions
-*/
-
-/* get how big the the session cache save buffer needs to be */
-int wolfSSL_get_session_cache_memsize(void)
-{
-    int sz  = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
-#ifndef NO_CLIENT_CACHE
-    sz += (int)(sizeof(ClientCache));
-#endif
-    return sz;
-}
-
-
-/* Persist session cache to memory */
-int wolfSSL_memsave_session_cache(void* mem, int sz)
-{
-    int i;
-    cache_header_t cache_header;
-    SessionRow*    row  = (SessionRow*)((byte*)mem + sizeof(cache_header));
-
-    WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
-
-    if (sz < wolfSSL_get_session_cache_memsize()) {
-        WOLFSSL_MSG("Memory buffer too small");
-        return BUFFER_E;
-    }
-
-    cache_header.version   = WOLFSSL_CACHE_VERSION;
-    cache_header.rows      = SESSION_ROWS;
-    cache_header.columns   = SESSIONS_PER_ROW;
-    cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
-    XMEMCPY(mem, &cache_header, sizeof(cache_header));
-
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    if (SESSION_ROW_RD_LOCK(row) != 0) {
-        WOLFSSL_MSG("Session cache mutex lock failed");
-        return BAD_MUTEX_E;
-    }
-#endif
-    for (i = 0; i < cache_header.rows; ++i) {
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) {
-            WOLFSSL_MSG("Session row cache mutex lock failed");
-            return BAD_MUTEX_E;
-        }
-    #endif
-
-        XMEMCPY(row++, &SessionCache[i], SIZEOF_SESSION_ROW);
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        SESSION_ROW_UNLOCK(&SessionCache[i]);
-    #endif
-    }
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    SESSION_ROW_UNLOCK(row);
-#endif
-
-#ifndef NO_CLIENT_CACHE
-    if (wc_LockMutex(&clisession_mutex) != 0) {
-        WOLFSSL_MSG("Client cache mutex lock failed");
-        return BAD_MUTEX_E;
-    }
-    XMEMCPY(row, ClientCache, sizeof(ClientCache));
-    wc_UnLockMutex(&clisession_mutex);
-#endif
-
-    WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", WOLFSSL_SUCCESS);
-
-    return WOLFSSL_SUCCESS;
-}
-
-
-/* Restore the persistent session cache from memory */
-int wolfSSL_memrestore_session_cache(const void* mem, int sz)
-{
-    int    i;
-    cache_header_t cache_header;
-    SessionRow*    row  = (SessionRow*)((byte*)mem + sizeof(cache_header));
-
-    WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
-
-    if (sz < wolfSSL_get_session_cache_memsize()) {
-        WOLFSSL_MSG("Memory buffer too small");
-        return BUFFER_E;
-    }
-
-    XMEMCPY(&cache_header, mem, sizeof(cache_header));
-    if (cache_header.version   != WOLFSSL_CACHE_VERSION ||
-        cache_header.rows      != SESSION_ROWS ||
-        cache_header.columns   != SESSIONS_PER_ROW ||
-        cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
-
-        WOLFSSL_MSG("Session cache header match failed");
-        return CACHE_MATCH_ERROR;
-    }
-
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) {
-        WOLFSSL_MSG("Session cache mutex lock failed");
-        return BAD_MUTEX_E;
-    }
-#endif
-    for (i = 0; i < cache_header.rows; ++i) {
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
-            WOLFSSL_MSG("Session row cache mutex lock failed");
-            return BAD_MUTEX_E;
-        }
-    #endif
-
-        XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW);
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        SESSION_ROW_UNLOCK(&SessionCache[i]);
-    #endif
-    }
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    SESSION_ROW_UNLOCK(&SessionCache[0]);
-#endif
-
-#ifndef NO_CLIENT_CACHE
-    if (wc_LockMutex(&clisession_mutex) != 0) {
-        WOLFSSL_MSG("Client cache mutex lock failed");
-        return BAD_MUTEX_E;
-    }
-    XMEMCPY(ClientCache, row, sizeof(ClientCache));
-    wc_UnLockMutex(&clisession_mutex);
-#endif
-
-    WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", WOLFSSL_SUCCESS);
-
-    return WOLFSSL_SUCCESS;
-}
-
-#if !defined(NO_FILESYSTEM)
-
-/* Persist session cache to file */
-/* doesn't use memsave because of additional memory use */
-int wolfSSL_save_session_cache(const char *fname)
-{
-    XFILE  file;
-    int    ret;
-    int    rc = WOLFSSL_SUCCESS;
-    int    i;
-    cache_header_t cache_header;
-
-    WOLFSSL_ENTER("wolfSSL_save_session_cache");
-
-    file = XFOPEN(fname, "w+b");
-    if (file == XBADFILE) {
-        WOLFSSL_MSG("Couldn't open session cache save file");
-        return WOLFSSL_BAD_FILE;
-    }
-    cache_header.version   = WOLFSSL_CACHE_VERSION;
-    cache_header.rows      = SESSION_ROWS;
-    cache_header.columns   = SESSIONS_PER_ROW;
-    cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
-
-    /* cache header */
-    ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
-    if (ret != 1) {
-        WOLFSSL_MSG("Session cache header file write failed");
-        XFCLOSE(file);
-        return FWRITE_ERROR;
-    }
-
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    if (SESSION_ROW_RD_LOCK(&SessionCache[0]) != 0) {
-        WOLFSSL_MSG("Session cache mutex lock failed");
-        XFCLOSE(file);
-        return BAD_MUTEX_E;
-    }
-#endif
-    /* session cache */
-    for (i = 0; i < cache_header.rows; ++i) {
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) {
-            WOLFSSL_MSG("Session row cache mutex lock failed");
-            XFCLOSE(file);
-            return BAD_MUTEX_E;
-        }
-    #endif
-
-        ret = (int)XFWRITE(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        SESSION_ROW_UNLOCK(&SessionCache[i]);
-    #endif
-        if (ret != 1) {
-            WOLFSSL_MSG("Session cache member file write failed");
-            rc = FWRITE_ERROR;
-            break;
-        }
-    }
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    SESSION_ROW_UNLOCK(&SessionCache[0]);
-#endif
-
-#ifndef NO_CLIENT_CACHE
-    /* client cache */
-    if (wc_LockMutex(&clisession_mutex) != 0) {
-        WOLFSSL_MSG("Client cache mutex lock failed");
-        XFCLOSE(file);
-        return BAD_MUTEX_E;
-    }
-    ret = (int)XFWRITE(ClientCache, sizeof(ClientCache), 1, file);
-    if (ret != 1) {
-        WOLFSSL_MSG("Client cache member file write failed");
-        rc = FWRITE_ERROR;
-    }
-    wc_UnLockMutex(&clisession_mutex);
-#endif /* !NO_CLIENT_CACHE */
-
-    XFCLOSE(file);
-    WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
-
-    return rc;
-}
-
-
-/* Restore the persistent session cache from file */
-/* doesn't use memstore because of additional memory use */
-int wolfSSL_restore_session_cache(const char *fname)
-{
-    XFILE  file;
-    int    rc = WOLFSSL_SUCCESS;
-    int    ret;
-    int    i;
-    cache_header_t cache_header;
-
-    WOLFSSL_ENTER("wolfSSL_restore_session_cache");
-
-    file = XFOPEN(fname, "rb");
-    if (file == XBADFILE) {
-        WOLFSSL_MSG("Couldn't open session cache save file");
-        return WOLFSSL_BAD_FILE;
-    }
-    /* cache header */
-    ret = (int)XFREAD(&cache_header, sizeof(cache_header), 1, file);
-    if (ret != 1) {
-        WOLFSSL_MSG("Session cache header file read failed");
-        XFCLOSE(file);
-        return FREAD_ERROR;
-    }
-    if (cache_header.version   != WOLFSSL_CACHE_VERSION ||
-        cache_header.rows      != SESSION_ROWS ||
-        cache_header.columns   != SESSIONS_PER_ROW ||
-        cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
-
-        WOLFSSL_MSG("Session cache header match failed");
-        XFCLOSE(file);
-        return CACHE_MATCH_ERROR;
-    }
-
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) {
-        WOLFSSL_MSG("Session cache mutex lock failed");
-        XFCLOSE(file);
-        return BAD_MUTEX_E;
-    }
-#endif
-    /* session cache */
-    for (i = 0; i < cache_header.rows; ++i) {
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
-            WOLFSSL_MSG("Session row cache mutex lock failed");
-            XFCLOSE(file);
-            return BAD_MUTEX_E;
-        }
-    #endif
-
-        ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        SESSION_ROW_UNLOCK(&SessionCache[i]);
-    #endif
-        if (ret != 1) {
-            WOLFSSL_MSG("Session cache member file read failed");
-            XMEMSET(SessionCache, 0, sizeof SessionCache);
-            rc = FREAD_ERROR;
-            break;
-        }
-    }
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    SESSION_ROW_UNLOCK(&SessionCache[0]);
-#endif
-
-#ifndef NO_CLIENT_CACHE
-    /* client cache */
-    if (wc_LockMutex(&clisession_mutex) != 0) {
-        WOLFSSL_MSG("Client cache mutex lock failed");
-        XFCLOSE(file);
-        return BAD_MUTEX_E;
-    }
-    ret = (int)XFREAD(ClientCache, sizeof(ClientCache), 1, file);
-    if (ret != 1) {
-        WOLFSSL_MSG("Client cache member file read failed");
-        XMEMSET(ClientCache, 0, sizeof ClientCache);
-        rc = FREAD_ERROR;
-    }
-    wc_UnLockMutex(&clisession_mutex);
-#endif /* !NO_CLIENT_CACHE */
-
-    XFCLOSE(file);
-    WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
-
-    return rc;
-}
-
-#endif /* !NO_FILESYSTEM */
-#endif /* PERSIST_SESSION_CACHE && !SESSION_CACHE_DYNAMIC_MEM */
-#endif /* NO_SESSION_CACHE */
-
-
 void wolfSSL_load_error_strings(void)
 {
     /* compatibility only */
@@ -11504,7 +9131,7 @@ int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
 {
     WOLFSSL_ENTER("wolfSSL_set_session_secret_cb");
     if (ssl == NULL)
-        return WOLFSSL_FATAL_ERROR;
+        return WOLFSSL_FAILURE;
 
     ssl->sessionSecretCb = cb;
     ssl->sessionSecretCtx = ctx;
@@ -11517,86 +9144,97 @@ int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
     return WOLFSSL_SUCCESS;
 }
 
-#endif
-
-
-#ifndef NO_SESSION_CACHE
-
-/* on by default if built in but allow user to turn off */
-WOLFSSL_ABI
-long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
+int wolfSSL_set_session_ticket_ext_cb(WOLFSSL* ssl, TicketParseCb cb,
+        void *ctx)
 {
-    WOLFSSL_ENTER("wolfSSL_CTX_set_session_cache_mode");
-
-    if (ctx == NULL)
+    WOLFSSL_ENTER("wolfSSL_set_session_ticket_ext_cb");
+    if (ssl == NULL)
         return WOLFSSL_FAILURE;
 
-    if (mode == WOLFSSL_SESS_CACHE_OFF) {
-        ctx->sessionCacheOff = 1;
-#ifdef HAVE_EXT_CACHE
-        ctx->internalCacheOff = 1;
-        ctx->internalCacheLookupOff = 1;
-#endif
-    }
-
-    if ((mode & WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR) != 0)
-        ctx->sessionCacheFlushOff = 1;
-
-#ifdef HAVE_EXT_CACHE
-    /* WOLFSSL_SESS_CACHE_NO_INTERNAL activates both if's */
-    if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
-        ctx->internalCacheOff = 1;
-    if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP) != 0)
-        ctx->internalCacheLookupOff = 1;
-#endif
+    ssl->ticketParseCb = cb;
+    ssl->ticketParseCtx = ctx;
 
     return WOLFSSL_SUCCESS;
 }
 
-#ifdef OPENSSL_EXTRA
-/* Get the session cache mode for CTX
- *
- * ctx  WOLFSSL_CTX struct to get cache mode from
- *
- * Returns a bit mask that has the session cache mode */
-long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
+int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx)
 {
-    long m = 0;
+    WOLFSSL_ENTER("wolfSSL_set_secret_cb");
+    if (ssl == NULL)
+        return WOLFSSL_FATAL_ERROR;
 
-    WOLFSSL_ENTER("wolfSSL_CTX_get_session_cache_mode");
+    ssl->tlsSecretCb = cb;
+    ssl->tlsSecretCtx = ctx;
 
-    if (ctx == NULL) {
-        return m;
+    return WOLFSSL_SUCCESS;
+}
+
+#ifdef SHOW_SECRETS
+int tlsShowSecrets(WOLFSSL* ssl, void* secret, int secretSz,
+        void* ctx)
+{
+    /* Wireshark Pre-Master-Secret Format:
+     *  CLIENT_RANDOM <clientrandom> <mastersecret>
+     */
+    const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
+    int i, pmsPos = 0;
+    char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
+    byte clientRandom[RAN_LEN];
+    int clientRandomSz;
+
+    (void)ctx;
+
+    clientRandomSz = (int)wolfSSL_get_client_random(ssl, clientRandom,
+        sizeof(clientRandom));
+
+    if (clientRandomSz <= 0) {
+        printf("Error getting server random %d\n", clientRandomSz);
+        return BAD_FUNC_ARG;
     }
 
-    if (ctx->sessionCacheOff != 1) {
-        m |= WOLFSSL_SESS_CACHE_SERVER;
+    XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
+        CLIENT_RANDOM_LABEL);
+    pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
+    for (i = 0; i < clientRandomSz; i++) {
+        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
+            clientRandom[i]);
+        pmsPos += 2;
     }
+    XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
+    pmsPos += 1;
+    for (i = 0; i < secretSz; i++) {
+        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
+            ((byte*)secret)[i]);
+        pmsPos += 2;
+    }
+    XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
+    pmsPos += 1;
 
-    if (ctx->sessionCacheFlushOff == 1) {
-        m |= WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR;
-    }
+    /* print master secret */
+    puts(pmsBuf);
 
-#ifdef HAVE_EXT_CACHE
-    if (ctx->internalCacheOff == 1) {
-        m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE;
-    }
-    if (ctx->internalCacheLookupOff == 1) {
-        m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+    #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
+    {
+        FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
+        if (f != XBADFILE) {
+            XFWRITE(pmsBuf, 1, pmsPos, f);
+            XFCLOSE(f);
+        }
     }
+    #endif
+    return 0;
+}
+#endif /* SHOW_SECRETS */
+
 #endif
 
-    return m;
-}
-#endif /* OPENSSL_EXTRA */
-
-#endif /* NO_SESSION_CACHE */
 
 #ifdef OPENSSL_EXTRA
 
 /*
  * check if the list has TLS13 and pre-TLS13 suites
  * @param list cipher suite list that user want to set
+ *         (caller required to check for NULL)
  * @return mixed: 0, only pre-TLS13: 1, only TLS13: 2
  */
 static int CheckcipherList(const char* list)
@@ -11614,11 +9252,22 @@ static int CheckcipherList(const char* list)
         char   name[MAX_SUITE_NAME + 1];
         word32 length = MAX_SUITE_NAME;
         word32 current_length;
+        byte major = INVALID_BYTE;
+        byte minor = INVALID_BYTE;
 
         next   = XSTRSTR(next, ":");
 
-        current_length = (!next) ? (word32)XSTRLEN(current)
-                                 : (word32)(next - current);
+        if (next) {
+            current_length = (word32)(next - current);
+            ++next; /* increment to skip ':' */
+        }
+        else {
+            current_length = (word32)XSTRLEN(current);
+        }
+
+        if (current_length == 0) {
+            break;
+        }
 
         if (current_length < length) {
             length = current_length;
@@ -11626,17 +9275,19 @@ static int CheckcipherList(const char* list)
         XMEMCPY(name, current, length);
         name[length] = 0;
 
-        if (XSTRCMP(name, "ALL") == 0 || XSTRCMP(name, "DEFAULT") == 0 ||
-                XSTRCMP(name, "HIGH") == 0) {
+        if (XSTRCMP(name, "ALL") == 0 ||
+            XSTRCMP(name, "DEFAULT") == 0 ||
+            XSTRCMP(name, "HIGH") == 0)
+        {
             findTLSv13Suites = 1;
             findbeforeSuites = 1;
             break;
         }
 
-        ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0,
-                                                        &cipherSuite1, &flags);
+        ret = GetCipherSuiteFromName(name, &cipherSuite0,
+                &cipherSuite1, &major, &minor, &flags);
         if (ret == 0) {
-            if (cipherSuite0 == TLS13_BYTE) {
+            if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) {
                 /* TLSv13 suite */
                 findTLSv13Suites = 1;
             }
@@ -11655,7 +9306,7 @@ static int CheckcipherList(const char* list)
                 subStrNext = XSTRSTR(subStr, "+");
 
                 if ((XSTRCMP(subStr, "ECDHE") == 0) ||
-                        (XSTRCMP(subStr, "RSA") == 0)) {
+                    (XSTRCMP(subStr, "RSA") == 0)) {
                     return 0;
                 }
 
@@ -11670,8 +9321,7 @@ static int CheckcipherList(const char* list)
             /* list has mixed suites */
             return 0;
         }
-    }
-    while (next++); /* ++ needed to skip ':' */
+    } while (next);
 
     if (findTLSv13Suites == 0 && findbeforeSuites == 1) {
         ret = 1;/* only before TLSv13 suites */
@@ -11689,8 +9339,8 @@ static int CheckcipherList(const char* list)
  *
  * returns WOLFSSL_SUCCESS on success and sets the cipher suite list
  */
-static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
-        const char* list)
+static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+        Suites* suites, const char* list)
 {
     int     ret = 0;
     int     listattribute = 0;
@@ -11715,7 +9365,7 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
        /* list has mixed(pre-TLSv13 and TLSv13) suites
         * update cipher suites the same as before
         */
-        return (SetCipherList(ctx, suites, list)) ? WOLFSSL_SUCCESS :
+        return (SetCipherList_ex(ctx, ssl, suites, list)) ? WOLFSSL_SUCCESS :
         WOLFSSL_FAILURE;
     }
     else if (listattribute == 1) {
@@ -11729,28 +9379,33 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
         * simulate set_ciphersuites() compatibility layer API
         */
         tls13Only = 1;
-        if (!IsAtLeastTLSv1_3(ctx->method->version)) {
+        if ((ctx != NULL && !IsAtLeastTLSv1_3(ctx->method->version)) ||
+                (ssl != NULL && !IsAtLeastTLSv1_3(ssl->version))) {
             /* Silently ignore TLS 1.3 ciphers if we don't support it. */
             return WOLFSSL_SUCCESS;
         }
     }
 
     /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */
-
 #ifdef WOLFSSL_SMALL_STACK
     if (suites->suiteSz > 0) {
         suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL,
                 DYNAMIC_TYPE_TMP_BUFFER);
-        if (suitesCpy == NULL)
+        if (suitesCpy == NULL) {
             return WOLFSSL_FAILURE;
+        }
+
+        XMEMSET(suitesCpy, 0, suites->suiteSz);
     }
+#else
+        XMEMSET(suitesCpy, 0, sizeof(suitesCpy));
 #endif
 
     if (suites->suiteSz > 0)
         XMEMCPY(suitesCpy, suites->suites, suites->suiteSz);
     suitesCpySz = suites->suiteSz;
 
-    ret = SetCipherList(ctx, suites, list);
+    ret = SetCipherList_ex(ctx, ssl, suites, list);
     if (ret != 1) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11758,6 +9413,12 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
         return WOLFSSL_FAILURE;
     }
 
+    /* The idea in this section is that OpenSSL has two API to set ciphersuites.
+     *   - SSL_CTX_set_cipher_list for setting TLS <= 1.2 suites
+     *   - SSL_CTX_set_ciphersuites for setting TLS 1.3 suites
+     * Since we direct both API here we attempt to provide API compatibility. If
+     * we only get suites from <= 1.2 or == 1.3 then we will only update those
+     * suites and keep the suites from the other group. */
     for (i = 0; i < suitesCpySz &&
                 suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) {
         /* Check for duplicates */
@@ -11814,7 +9475,7 @@ int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
         return WOLFSSL_FAILURE;
 
 #ifdef OPENSSL_EXTRA
-    return wolfSSL_parse_cipher_list(ctx, ctx->suites, list);
+    return wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list);
 #else
     return (SetCipherList(ctx, ctx->suites, list)) ?
         WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -11850,9 +9511,9 @@ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
         return WOLFSSL_FAILURE;
 
 #ifdef OPENSSL_EXTRA
-    return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list);
+    return wolfSSL_parse_cipher_list(NULL, ssl, ssl->suites, list);
 #else
-    return (SetCipherList(ssl->ctx, ssl->suites, list)) ?
+    return (SetCipherList_ex(NULL, ssl, ssl->suites, list)) ?
         WOLFSSL_SUCCESS :
         WOLFSSL_FAILURE;
 #endif
@@ -11893,7 +9554,8 @@ static const struct ForbiddenLabels {
     {TLS_PRF_LABEL_CLIENT_FINISHED, XSTR_SIZEOF(TLS_PRF_LABEL_CLIENT_FINISHED)},
     {TLS_PRF_LABEL_SERVER_FINISHED, XSTR_SIZEOF(TLS_PRF_LABEL_SERVER_FINISHED)},
     {TLS_PRF_LABEL_MASTER_SECRET, XSTR_SIZEOF(TLS_PRF_LABEL_MASTER_SECRET)},
-    {TLS_PRF_LABEL_EXT_MASTER_SECRET, XSTR_SIZEOF(TLS_PRF_LABEL_EXT_MASTER_SECRET)},
+    {TLS_PRF_LABEL_EXT_MASTER_SECRET,
+     XSTR_SIZEOF(TLS_PRF_LABEL_EXT_MASTER_SECRET)},
     {TLS_PRF_LABEL_KEY_EXPANSION, XSTR_SIZEOF(TLS_PRF_LABEL_KEY_EXPANSION)},
     {NULL, 0},
 };
@@ -11982,8 +9644,9 @@ int wolfSSL_export_keying_material(WOLFSSL *ssl,
 
     PRIVATE_KEY_UNLOCK();
     if (wc_PRF_TLS(out, (word32)outLen, ssl->arrays->masterSecret, SECRET_LEN,
-            (byte*)label, (word32)labelLen, seed, seedLen, IsAtLeastTLSv1_2(ssl),
-            ssl->specs.mac_algorithm, ssl->heap, ssl->devId) != 0) {
+            (byte*)label, (word32)labelLen, seed, seedLen,
+            IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, ssl->heap,
+            ssl->devId) != 0) {
         WOLFSSL_MSG("wc_PRF_TLS error");
         PRIVATE_KEY_LOCK();
         XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -12095,7 +9758,8 @@ int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl)
 #endif
 
 #ifndef NO_WOLFSSL_STUB
-void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, word32 duration_ms)
+void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl,
+    word32 duration_ms)
 {
     WOLFSSL_STUB("SSL_DTLSv1_set_initial_timeout_duration");
     (void)ssl;
@@ -12110,7 +9774,8 @@ int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout)
         return BAD_FUNC_ARG;
 
     if (timeout > ssl->dtls_timeout_max) {
-        WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
+        WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout "
+                    "max");
         return BAD_FUNC_ARG;
     }
 
@@ -12143,14 +9808,14 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     int result = WOLFSSL_SUCCESS;
     WOLFSSL_ENTER("wolfSSL_dtls_got_timeout");
 
-    if (ssl == NULL)
+    if (ssl == NULL || !ssl->options.dtls)
         return WOLFSSL_FATAL_ERROR;
 
 #ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
+    if (IsAtLeastTLSv1_3(ssl->version)) {
         result = Dtls13RtxTimeout(ssl);
         if (result < 0) {
-            if (result == WANT_WRITE)
+            if (result == WC_NO_ERR_TRACE(WANT_WRITE))
                 ssl->dtls13SendingAckOrRtx = 1;
             ssl->error = result;
             WOLFSSL_ERROR(result);
@@ -12161,7 +9826,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    if ((IsSCR(ssl) || !ssl->options.handShakeDone)) {
+    /* Do we have any 1.2 messages stored? */
+    if (ssl->dtls_tx_msg_list != NULL || ssl->dtls_tx_msg != NULL) {
         if (DtlsMsgPoolTimeout(ssl) < 0){
             ssl->error = SOCKET_ERROR_E;
             WOLFSSL_ERROR(ssl->error);
@@ -12192,7 +9858,13 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl)
         return WOLFSSL_FATAL_ERROR;
 
     if (!ssl->options.handShakeDone) {
-        int result = DtlsMsgPoolSend(ssl, 0);
+        int result;
+#ifdef WOLFSSL_DTLS13
+        if (IsAtLeastTLSv1_3(ssl->version))
+            result = Dtls13DoScheduledWork(ssl);
+        else
+#endif
+            result = DtlsMsgPoolSend(ssl, 0);
         if (result < 0) {
             ssl->error = result;
             WOLFSSL_ERROR(result);
@@ -12200,7 +9872,7 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl)
         }
     }
 
-    return 0;
+    return WOLFSSL_SUCCESS;
 }
 
 #endif /* DTLS */
@@ -12274,7 +9946,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
 
 /* EITHER SIDE METHODS */
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+#if !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE))
     WOLFSSL_METHOD* wolfSSLv23_method(void)
     {
         return wolfSSLv23_method_ex(NULL);
@@ -12297,6 +9969,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         return m;
     }
 
+    #ifndef NO_OLD_TLS
     #ifdef WOLFSSL_ALLOW_SSLV3
     WOLFSSL_METHOD* wolfSSLv3_method(void)
     {
@@ -12318,10 +9991,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         return m;
     }
     #endif
-#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
+    #endif
+#endif /* !NO_TLS && (OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE) */
 
 /* client only parts */
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 
     #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS)
     WOLFSSL_METHOD* wolfSSLv2_client_method(void)
@@ -12362,7 +10036,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         (void)heap;
         WOLFSSL_ENTER("wolfSSLv23_client_method_ex");
         if (method) {
-    #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+    #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || \
+        defined(WOLFSSL_SHA512)
         #if defined(WOLFSSL_TLS13)
             InitSSL_Method(method, MakeTLSv1_3());
         #elif !defined(WOLFSSL_NO_TLS12)
@@ -12386,7 +10061,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     WOLFSSL_ABI
     int wolfSSL_connect(WOLFSSL* ssl)
     {
-    #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13))
+    #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && \
+          defined(WOLFSSL_TLS13))
         int neededState;
         byte advanceState;
     #endif
@@ -12413,20 +10089,24 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
     #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS);
-            ssl->cbmode = SSL_CB_WRITE;
+            ssl->CBIS(ssl, WOLFSSL_ST_CONNECT, WOLFSSL_SUCCESS);
+            ssl->cbmode = WOLFSSL_CB_WRITE;
         }
     #endif
     #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
 
-    #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)
+    #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && \
+        defined(WOLFSSL_TLS13)
         return wolfSSL_connect_TLSv13(ssl);
     #else
         #ifdef WOLFSSL_TLS13
-        if (ssl->options.tls1_3)
+        if (ssl->options.tls1_3) {
+            WOLFSSL_MSG("TLS 1.3");
             return wolfSSL_connect_TLSv13(ssl);
+        }
         #endif
 
+        WOLFSSL_MSG("TLS 1.2 or lower");
         WOLFSSL_ENTER("wolfSSL_connect");
 
         /* make sure this wolfSSL object has arrays and rng setup. Protects
@@ -12482,7 +10162,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* do not send buffered or advance state if last error was an
                 async pending operation */
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             ret = SendBuffered(ssl);
@@ -12490,8 +10170,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                 if (ssl->fragOffset == 0 && !ssl->options.buildingMsg) {
                     if (advanceState) {
                         ssl->options.connectState++;
-                        WOLFSSL_MSG("connect state: "
-                                    "Advanced from last buffered fragment send");
+                        WOLFSSL_MSG("connect state: Advanced from last "
+                                    "buffered fragment send");
                     #ifdef WOLFSSL_ASYNC_IO
                         /* Cleanup async */
                         FreeAsyncCtx(ssl, 0);
@@ -12544,11 +10224,14 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                     neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
             #endif
             /* get response */
+            WOLFSSL_MSG("Server state up to needed state.");
             while (ssl->options.serverState < neededState) {
+                WOLFSSL_MSG("Progressing server state...");
                 #ifdef WOLFSSL_TLS13
                     if (ssl->options.tls1_3)
                         return wolfSSL_connect_TLSv13(ssl);
                 #endif
+                WOLFSSL_MSG("ProcessReply...");
                 if ( (ssl->error = ProcessReply(ssl)) < 0) {
                     WOLFSSL_ERROR(ssl->error);
                     return WOLFSSL_FATAL_ERROR;
@@ -12564,6 +10247,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                             neededState = SERVER_HELLODONE_COMPLETE;
                     }
                 }
+                WOLFSSL_MSG("ProcessReply done.");
 
 #ifdef WOLFSSL_DTLS13
                 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)
@@ -12577,7 +10261,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                      * should just ignore the message */
                     ssl->dtls13Rtx.sendAcks = 0;
                     if ((ssl->error = SendDtls13Ack(ssl)) < 0) {
-                        if (ssl->error == WANT_WRITE)
+                        if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
                             ssl->dtls13SendingAckOrRtx = 1;
                         WOLFSSL_ERROR(ssl->error);
                         return WOLFSSL_FATAL_ERROR;
@@ -12678,8 +10362,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                     ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
                 #endif
 #ifdef WOLFSSL_EXTRA_ALERTS
-                    if (ssl->error == NO_PEER_KEY ||
-                        ssl->error == PSK_KEY_ERROR) {
+                    if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
+                        ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) {
                         SendAlert(ssl, alert_fatal, handshake_failure);
                     }
 #endif
@@ -12788,7 +10472,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION)
             /* This may be necessary in async so that we don't try to
              * renegotiate again */
-            if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
+            if (ssl->secure_renegotiation &&
+                    ssl->secure_renegotiation->startScr) {
                 ssl->secure_renegotiation->startScr = 0;
             }
         #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */
@@ -12810,11 +10495,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */
     }
 
-#endif /* NO_WOLFSSL_CLIENT */
-
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
+/* end client only parts */
 
 /* server only parts */
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
     #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS)
     WOLFSSL_METHOD* wolfSSLv2_server_method(void)
@@ -12857,7 +10542,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         (void)heap;
         WOLFSSL_ENTER("wolfSSLv23_server_method_ex");
         if (method) {
-    #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+    #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || \
+        defined(WOLFSSL_SHA512)
         #ifdef WOLFSSL_TLS13
             InitSSL_Method(method, MakeTLSv1_3());
         #elif !defined(WOLFSSL_NO_TLS12)
@@ -12884,7 +10570,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     WOLFSSL_ABI
     int wolfSSL_accept(WOLFSSL* ssl)
     {
-#if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13))
+#if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && \
+    defined(WOLFSSL_TLS13))
         word16 havePSK = 0;
         word16 haveAnon = 0;
         word16 haveMcast = 0;
@@ -12952,7 +10639,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         (void)havePSK;
 
         #ifdef HAVE_ANON
-            haveAnon = ssl->options.haveAnon;
+            haveAnon = ssl->options.useAnon;
         #endif
         (void)haveAnon;
 
@@ -13026,7 +10713,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* do not send buffered or advance state if last error was an
                 async pending operation */
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             ret = SendBuffered(ssl);
@@ -13045,8 +10732,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                         ssl->options.acceptState == TICKET_SENT ||
                         ssl->options.acceptState == CHANGE_CIPHER_SENT) {
                         ssl->options.acceptState++;
-                        WOLFSSL_MSG("accept state: "
-                                    "Advanced from last buffered fragment send");
+                        WOLFSSL_MSG("accept state: Advanced from last "
+                                    "buffered fragment send");
                     #ifdef WOLFSSL_ASYNC_IO
                         /* Cleanup async */
                         FreeAsyncCtx(ssl, 0);
@@ -13174,7 +10861,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                     if (ssl->options.verifyPeer) {
                         if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
                         #ifdef WOLFSSL_CHECK_ALERT_ON_ERR
-                            ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
+                            /* See if an alert was sent. */
+                            ProcessReplyEx(ssl, 1);
                         #endif
                             WOLFSSL_ERROR(ssl->error);
                             return WOLFSSL_FATAL_ERROR;
@@ -13317,7 +11005,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_SECURE_RENEGOTIATION)
             /* This may be necessary in async so that we don't try to
              * renegotiate again */
-            if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
+            if (ssl->secure_renegotiation &&
+                    ssl->secure_renegotiation->startScr) {
                 ssl->secure_renegotiation->startScr = 0;
             }
 #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */
@@ -13340,16 +11029,88 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS);
             return WOLFSSL_SUCCESS;
 
-        default :
+        default:
             WOLFSSL_MSG("Unknown accept state ERROR");
             return WOLFSSL_FATAL_ERROR;
         }
 #endif /* !WOLFSSL_NO_TLS12 */
     }
 
-#endif /* NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
+/* end server only parts */
+
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+struct chGoodDisableReadCbCtx {
+    ClientHelloGoodCb userCb;
+    void*             userCtx;
+};
+
+static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx)
+{
+    struct chGoodDisableReadCbCtx* cb = (struct chGoodDisableReadCbCtx*)ctx;
+    int ret = 0;
+    if (cb->userCb != NULL)
+        ret = cb->userCb(ssl, cb->userCtx);
+    if (ret >= 0)
+        wolfSSL_SSLDisableRead(ssl);
+    return ret;
+}
+
+/**
+ * Statelessly listen for a connection
+ * @param ssl The ssl object to use for listening to connections
+ * @return WOLFSSL_SUCCESS - ClientHello containing a valid cookie was received
+ *                           The connection can be continued with wolfSSL_accept
+ *         WOLFSSL_FAILURE - The I/O layer returned WANT_READ. This is either
+ *                           because there is no data to read and we are using
+ *                           non-blocking sockets or we sent a cookie request
+ *                           and we are waiting for a reply. The user should
+ *                           call wolfDTLS_accept_stateless again after data
+ *                           becomes available in the I/O layer.
+ *         WOLFSSL_FATAL_ERROR - A fatal error occurred. The ssl object should
+ *                           be free'd and allocated again to continue.
+ */
+int wolfDTLS_accept_stateless(WOLFSSL* ssl)
+{
+    byte disableRead;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+    struct chGoodDisableReadCbCtx cb;
+
+    WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");
+
+    if (ssl == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    /* Save this to restore it later */
+    disableRead = (byte)ssl->options.disableRead;
+    cb.userCb = ssl->chGoodCb;
+    cb.userCtx = ssl->chGoodCtx;
+
+    /* Register our own callback so that we can disable reading */
+    if (wolfDTLS_SetChGoodCb(ssl, chGoodDisableReadCB, &cb) != WOLFSSL_SUCCESS)
+        return WOLFSSL_FATAL_ERROR;
+
+    ret = wolfSSL_accept(ssl);
+    /* restore user options */
+    ssl->options.disableRead = disableRead;
+    (void)wolfDTLS_SetChGoodCb(ssl, cb.userCb, cb.userCtx);
+    if (ret == WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("should not happen. maybe the user called "
+                    "wolfDTLS_accept_stateless instead of wolfSSL_accept");
+    }
+    else if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) {
+        if (ssl->options.dtlsStateful)
+            ret = WOLFSSL_SUCCESS;
+        else
+            ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ret = WOLFSSL_FATAL_ERROR;
+    }
+    return ret;
+}
+
 int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx)
 {
     WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");
@@ -13394,9 +11155,9 @@ int wolfSSL_Cleanup(void)
     WOLFSSL_ENTER("wolfSSL_Cleanup");
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-    if (count_mutex_valid == 1) {
+    if (inits_count_mutex_valid == 1) {
 #endif
-        if (wc_LockMutex(&count_mutex) != 0) {
+        if (wc_LockMutex(&inits_count_mutex) != 0) {
             WOLFSSL_MSG("Bad Lock Mutex count");
             return BAD_MUTEX_E;
         }
@@ -13411,9 +11172,9 @@ int wolfSSL_Cleanup(void)
     }
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-    if (count_mutex_valid == 1) {
+    if (inits_count_mutex_valid == 1) {
 #endif
-        wc_UnLockMutex(&count_mutex);
+        wc_UnLockMutex(&inits_count_mutex);
 #ifndef WOLFSSL_MUTEX_INITIALIZER
     }
 #endif
@@ -13421,6 +11182,10 @@ int wolfSSL_Cleanup(void)
     if (!release)
         return ret;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    wolfSSL_crypto_policy_disable();
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 #ifdef OPENSSL_EXTRA
     wolfSSL_BN_free_one();
 #endif
@@ -13457,6 +11222,7 @@ int wolfSSL_Cleanup(void)
         }
     }
     #ifndef NO_CLIENT_CACHE
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     if ((clisession_mutex_valid == 1) &&
         (wc_FreeMutex(&clisession_mutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
@@ -13464,14 +11230,17 @@ int wolfSSL_Cleanup(void)
     }
     clisession_mutex_valid = 0;
     #endif
+    #endif
 #endif /* !NO_SESSION_CACHE */
 
-#ifndef WOLFSSL_MUTEX_INITIALIZER
-    if ((count_mutex_valid == 1) && (wc_FreeMutex(&count_mutex) != 0)) {
+#if !defined(WOLFSSL_MUTEX_INITIALIZER) && \
+      !WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    if ((inits_count_mutex_valid == 1) &&
+            (wc_FreeMutex(&inits_count_mutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
             ret = BAD_MUTEX_E;
     }
-    count_mutex_valid = 0;
+    inits_count_mutex_valid = 0;
 #endif
 
 #ifdef OPENSSL_EXTRA
@@ -13492,11 +11261,13 @@ int wolfSSL_Cleanup(void)
 #endif
 
 #ifdef HAVE_GLOBAL_RNG
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if ((globalRNGMutex_valid == 1) && (wc_FreeMutex(&globalRNGMutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
             ret = BAD_MUTEX_E;
     }
     globalRNGMutex_valid = 0;
+#endif /* !WOLFSSL_MUTEX_INITIALIZER */
 
     #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG)
     wolfSSL_FIPS_drbg_free(gDrbgDefCtx);
@@ -13504,11 +11275,7 @@ int wolfSSL_Cleanup(void)
     #endif
 #endif
 
-#if defined(HAVE_EX_DATA) && \
-   (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
-    defined(WOLFSSL_WPAS_SMALL)
+#ifdef HAVE_EX_DATA_CRYPTO
     crypto_ex_cb_free(crypto_ex_cb_ctx_session);
     crypto_ex_cb_ctx_session = NULL;
 #endif
@@ -13520,1708 +11287,6 @@ int wolfSSL_Cleanup(void)
     return ret;
 }
 
-void SetupSession(WOLFSSL* ssl)
-{
-    WOLFSSL_SESSION* session = ssl->session;
-
-    WOLFSSL_ENTER("SetupSession");
-
-    if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) {
-        /* Make sure the session ID is available when the user calls any
-         * get_session API */
-        if (!session->haveAltSessionID) {
-            XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
-            session->sessionIDSz = ssl->arrays->sessionIDSz;
-        }
-        else {
-            XMEMCPY(session->sessionID, session->altSessionID, ID_LEN);
-            session->sessionIDSz = ID_LEN;
-        }
-    }
-    session->side = (byte)ssl->options.side;
-    if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
-        XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
-    session->haveEMS = ssl->options.haveEMS;
-#ifdef WOLFSSL_SESSION_ID_CTX
-    /* If using compatibility layer then check for and copy over session context
-     * id. */
-    if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) {
-        XMEMCPY(ssl->session->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz);
-        session->sessionCtxSz = ssl->sessionCtxSz;
-    }
-#endif
-    session->timeout = ssl->timeout;
-#ifndef NO_ASN_TIME
-    session->bornOn  = LowResTimer();
-#endif
-#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
-                               defined(HAVE_SESSION_TICKET))
-    session->version = ssl->version;
-#endif
-#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
-                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-    session->cipherSuite0 = ssl->options.cipherSuite0;
-    session->cipherSuite = ssl->options.cipherSuite;
-#endif
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-    session->peerVerifyRet = (byte)ssl->peerVerifyRet;
-#endif
-    session->isSetup = 1;
-}
-
-#ifndef NO_SESSION_CACHE
-
-WOLFSSL_ABI
-void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
-{
-    /* static table now, no flushing needed */
-    (void)ctx;
-    (void)tm;
-}
-
-void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
-{
-    int i, j;
-    byte id[ID_LEN];
-
-    (void)ctx;
-    XMEMSET(id, 0, ID_LEN);
-    WOLFSSL_ENTER("wolfSSL_flush_sessions");
-    for (i = 0; i < SESSION_ROWS; ++i) {
-        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
-            WOLFSSL_MSG("Session cache mutex lock failed");
-            return;
-        }
-        for (j = 0; j < SESSIONS_PER_ROW; j++) {
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-            WOLFSSL_SESSION* s = SessionCache[i].Sessions[j];
-#else
-            WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j];
-#endif
-            if (
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-                s != NULL &&
-#endif
-                XMEMCMP(s->sessionID, id, ID_LEN) != 0 &&
-                s->bornOn + s->timeout < (word32)tm
-                )
-            {
-                EvictSessionFromCache(s);
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-                XFREE(s, s->heap, DYNAMIC_TYPE_SESSION);
-                SessionCache[i].Sessions[j] = NULL;
-#endif
-            }
-        }
-        SESSION_ROW_UNLOCK(&SessionCache[i]);
-    }
-}
-
-
-/* set ssl session timeout in seconds */
-WOLFSSL_ABI
-int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
-{
-    if (ssl == NULL)
-        return BAD_FUNC_ARG;
-
-    if (to == 0)
-        to = WOLFSSL_SESSION_TIMEOUT;
-    ssl->timeout = to;
-
-    return WOLFSSL_SUCCESS;
-}
-
-
-/**
- * Sets ctx session timeout in seconds.
- * The timeout value set here should be reflected in the
- * "session ticket lifetime hint" if this API works in the openssl compat-layer.
- * Therefore wolfSSL_CTX_set_TicketHint is called internally.
- * Arguments:
- *  - ctx  WOLFSSL_CTX object which the timeout is set to
- *  - to   timeout value in second
- * Returns:
- *  WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure.
- *  When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value
- *  on success, BAD_FUNC_ARG on failure.
- */
-WOLFSSL_ABI
-int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
-{
-    #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
-    word32 prev_timeout = 0;
-    #endif
-
-    int ret = WOLFSSL_SUCCESS;
-    (void)ret;
-
-    if (ctx == NULL)
-        ret = BAD_FUNC_ARG;
-
-    if (ret == WOLFSSL_SUCCESS) {
-    #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
-        prev_timeout = ctx->timeout;
-    #endif
-        if (to == 0) {
-            ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
-        }
-        else {
-            ctx->timeout = to;
-        }
-    }
-#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \
-   !defined(NO_WOLFSSL_SERVER)
-    if (ret == WOLFSSL_SUCCESS) {
-        if (to == 0) {
-            ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT);
-        }
-        else {
-            ret = wolfSSL_CTX_set_TicketHint(ctx, to);
-        }
-    }
-#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
-
-#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
-    if (ret == WOLFSSL_SUCCESS) {
-        return prev_timeout;
-    }
-    else {
-        return ret;
-    }
-#else
-    return ret;
-#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
-}
-
-
-#ifndef NO_CLIENT_CACHE
-
-/* Get Session from Client cache based on id/len, return NULL on failure */
-WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
-{
-    WOLFSSL_SESSION* ret = NULL;
-    word32          row;
-    int             idx;
-    int             count;
-    int             error = 0;
-    ClientSession*  clSess;
-
-    WOLFSSL_ENTER("wolfSSL_GetSessionClient");
-
-    if (ssl->ctx->sessionCacheOff) {
-        WOLFSSL_MSG("Session Cache off");
-        return NULL;
-    }
-
-    if (ssl->options.side == WOLFSSL_SERVER_END)
-        return NULL;
-
-    len = min(SERVER_ID_LEN, (word32)len);
-
-    /* Do not access ssl->ctx->get_sess_cb from here. It is using a different
-     * set of ID's */
-
-    row = HashObject(id, len, &error) % CLIENT_SESSION_ROWS;
-    if (error != 0) {
-        WOLFSSL_MSG("Hash session failed");
-        return NULL;
-    }
-
-    if (wc_LockMutex(&clisession_mutex) != 0) {
-        WOLFSSL_MSG("Client cache mutex lock failed");
-        return NULL;
-    }
-
-    /* start from most recently used */
-    count = min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW);
-    idx = ClientCache[row].nextIdx - 1;
-    if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) {
-        idx = CLIENT_SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
-    }
-    clSess = ClientCache[row].Clients;
-
-    for (; count > 0; --count) {
-        WOLFSSL_SESSION* current;
-        SessionRow* sessRow;
-
-        if (clSess[idx].serverRow >= SESSION_ROWS) {
-            WOLFSSL_MSG("Client cache serverRow invalid");
-            break;
-        }
-
-        /* lock row */
-        sessRow = &SessionCache[clSess[idx].serverRow];
-        if (SESSION_ROW_RD_LOCK(sessRow) != 0) {
-            WOLFSSL_MSG("Session cache row lock failure");
-            break;
-        }
-
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-        current = sessRow->Sessions[clSess[idx].serverIdx];
-#else
-        current = &sessRow->Sessions[clSess[idx].serverIdx];
-#endif
-        if (current && XMEMCMP(current->serverID, id, len) == 0) {
-            WOLFSSL_MSG("Found a serverid match for client");
-            if (LowResTimer() < (current->bornOn + current->timeout)) {
-                WOLFSSL_MSG("Session valid");
-                ret = current;
-                SESSION_ROW_UNLOCK(sessRow);
-                break;
-            } else {
-                WOLFSSL_MSG("Session timed out");  /* could have more for id */
-            }
-        } else {
-            WOLFSSL_MSG("ServerID not a match from client table");
-        }
-        SESSION_ROW_UNLOCK(sessRow);
-
-        idx = idx > 0 ? idx - 1 : CLIENT_SESSIONS_PER_ROW - 1;
-    }
-
-    wc_UnLockMutex(&clisession_mutex);
-
-    return ret;
-}
-
-#endif /* !NO_CLIENT_CACHE */
-
-static int SslSessionCacheOff(const WOLFSSL* ssl, const WOLFSSL_SESSION* session)
-{
-    (void)session;
-    return ssl->options.sessionCacheOff
-    #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET)
-                && session->ticketLen == 0
-    #endif
-                ;
-}
-
-#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
-    defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-/**
- * SessionTicketNoncePrealloc() - prealloc a buffer for ticket nonces
- * @output: [in] pointer to WOLFSSL_SESSION object that will soon be a
- * destination of a session duplication
- * @buf: [out] address of the preallocated buf
- * @len: [out] len of the preallocated buf
- *
- * prealloc a buffer that will likely suffice to contain a ticket nonce. It's
- * used when copying session under lock, when syscalls need to be avoided. If
- * output already has a dynamic buffer, it's reused.
- */
-static int SessionTicketNoncePrealloc(byte** buf, byte* len, void *heap)
-{
-    (void)heap;
-
-    *buf = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_NONCE_LEN, heap,
-        DYNAMIC_TYPE_SESSION_TICK);
-    if (*buf == NULL) {
-        WOLFSSL_MSG("Failed to preallocate ticket nonce buffer");
-        *len = 0;
-        return 1;
-    }
-
-    *len = PREALLOC_SESSION_TICKET_NONCE_LEN;
-    return 0;
-}
-#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */
-
-static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
-    WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf,
-    byte* ticketNonceLen, byte* preallocUsed);
-
-void TlsSessionCacheUnlockRow(word32 row)
-{
-    SessionRow* sessRow;
-
-    sessRow = &SessionCache[row];
-    (void)sessRow;
-    SESSION_ROW_UNLOCK(sessRow);
-}
-
-/* Don't use this function directly. Use TlsSessionCacheGetAndRdLock and
- * TlsSessionCacheGetAndWrLock to fully utilize compiler const support. */
-static int TlsSessionCacheGetAndLock(const byte *id,
-    const WOLFSSL_SESSION **sess, word32 *lockedRow, byte readOnly, byte side)
-{
-    SessionRow *sessRow;
-    const WOLFSSL_SESSION *s;
-    word32 row;
-    int count;
-    int error;
-    int idx;
-
-    *sess = NULL;
-    row = HashObject(id, ID_LEN, &error) % SESSION_ROWS;
-    if (error != 0)
-        return error;
-    sessRow = &SessionCache[row];
-    if (readOnly)
-        error = SESSION_ROW_RD_LOCK(sessRow);
-    else
-        error = SESSION_ROW_WR_LOCK(sessRow);
-    if (error != 0)
-        return FATAL_ERROR;
-
-    /* start from most recently used */
-    count = min((word32)sessRow->totalCount, SESSIONS_PER_ROW);
-    idx = sessRow->nextIdx - 1;
-    if (idx < 0 || idx >= SESSIONS_PER_ROW) {
-        idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
-    }
-    for (; count > 0; --count) {
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-        s = sessRow->Sessions[idx];
-#else
-        s = &sessRow->Sessions[idx];
-#endif
-        if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) {
-            *sess = s;
-            break;
-        }
-        idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1;
-    }
-    if (*sess == NULL) {
-        SESSION_ROW_UNLOCK(sessRow);
-    }
-    else {
-        *lockedRow = row;
-    }
-
-    return 0;
-}
-
-static int CheckSessionMatch(const WOLFSSL* ssl, const WOLFSSL_SESSION* sess)
-{
-    if (ssl == NULL || sess == NULL)
-        return 0;
-#ifdef OPENSSL_EXTRA
-    if (ssl->sessionCtxSz > 0 && (ssl->sessionCtxSz != sess->sessionCtxSz ||
-           XMEMCMP(ssl->sessionCtx, sess->sessionCtx, sess->sessionCtxSz) != 0))
-        return 0;
-#endif
-#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
-    if (IsAtLeastTLSv1_3(ssl->version) != IsAtLeastTLSv1_3(sess->version))
-        return 0;
-#endif
-    return 1;
-}
-
-int TlsSessionCacheGetAndRdLock(const byte *id, const WOLFSSL_SESSION **sess,
-        word32 *lockedRow, byte side)
-{
-    return TlsSessionCacheGetAndLock(id, sess, lockedRow, 1, side);
-}
-
-int TlsSessionCacheGetAndWrLock(const byte *id, WOLFSSL_SESSION **sess,
-        word32 *lockedRow, byte side)
-{
-    return TlsSessionCacheGetAndLock(id, (const WOLFSSL_SESSION**)sess,
-            lockedRow, 0, side);
-}
-
-int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
-{
-    const WOLFSSL_SESSION* sess = NULL;
-    const byte*  id = NULL;
-    word32       row;
-    int          error = 0;
-#ifdef HAVE_SESSION_TICKET
-#ifndef WOLFSSL_SMALL_STACK
-    byte         tmpTicket[PREALLOC_SESSION_TICKET_LEN];
-#else
-    byte*        tmpTicket = NULL;
-#endif
-#ifdef WOLFSSL_TLS13
-    byte *preallocNonce = NULL;
-    byte preallocNonceLen = 0;
-    byte preallocNonceUsed = 0;
-#endif /* WOLFSSL_TLS13 */
-    byte         tmpBufSet = 0;
-#endif
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    WOLFSSL_X509* peer = NULL;
-#endif
-    byte         bogusID[ID_LEN];
-    byte         bogusIDSz = 0;
-
-    WOLFSSL_ENTER("wolfSSL_GetSessionFromCache");
-
-    if (output == NULL) {
-        WOLFSSL_MSG("NULL output");
-        return WOLFSSL_FAILURE;
-    }
-
-    if (SslSessionCacheOff(ssl, ssl->session))
-        return WOLFSSL_FAILURE;
-
-    if (ssl->options.haveSessionId == 0 && !ssl->session->haveAltSessionID)
-        return WOLFSSL_FAILURE;
-
-#ifdef HAVE_SESSION_TICKET
-    if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
-        return WOLFSSL_FAILURE;
-#endif
-
-    XMEMSET(bogusID, 0, sizeof(bogusID));
-    if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL
-            && !ssl->session->haveAltSessionID)
-        id = ssl->arrays->sessionID;
-    else if (ssl->session->haveAltSessionID) {
-        id = ssl->session->altSessionID;
-        /* We want to restore the bogus ID for TLS compatibility */
-        if (output == ssl->session) {
-            XMEMCPY(bogusID, ssl->session->sessionID, ID_LEN);
-            bogusIDSz = ssl->session->sessionIDSz;
-        }
-    }
-    else
-        id = ssl->session->sessionID;
-
-
-#ifdef HAVE_EXT_CACHE
-    if (ssl->ctx->get_sess_cb != NULL) {
-        int copy = 0;
-        int found = 0;
-        WOLFSSL_SESSION* extSess;
-        /* Attempt to retrieve the session from the external cache. */
-        WOLFSSL_MSG("Calling external session cache");
-        extSess = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, &copy);
-        if ((extSess != NULL)
-                && CheckSessionMatch(ssl, extSess)
-            ) {
-            WOLFSSL_MSG("Session found in external cache");
-            found = 1;
-
-            error = wolfSSL_DupSession(extSess, output, 0);
-#ifdef HAVE_EX_DATA
-            extSess->ownExData = 1;
-            output->ownExData = 0;
-#endif
-            /* We want to restore the bogus ID for TLS compatibility */
-            if (ssl->session->haveAltSessionID &&
-                    output == ssl->session) {
-                XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN);
-                ssl->session->sessionIDSz = bogusIDSz;
-            }
-        }
-        /* If copy not set then free immediately */
-        if (extSess != NULL && !copy)
-            wolfSSL_FreeSession(ssl->ctx, extSess);
-        if (found)
-            return error;
-        WOLFSSL_MSG("Session not found in external cache");
-    }
-
-    if (ssl->options.internalCacheLookupOff) {
-        WOLFSSL_MSG("Internal cache lookup turned off");
-        return WOLFSSL_FAILURE;
-    }
-#endif
-
-#ifdef HAVE_SESSION_TICKET
-    if (output->ticket == NULL ||
-            output->ticketLenAlloc < PREALLOC_SESSION_TICKET_LEN) {
-#ifdef WOLFSSL_SMALL_STACK
-        tmpTicket = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_LEN, output->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-        if (tmpTicket == NULL) {
-            WOLFSSL_MSG("tmpTicket malloc failed");
-            return WOLFSSL_FAILURE;
-        }
-#endif
-        if (output->ticketLenAlloc)
-            XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-        output->ticket = tmpTicket; /* cppcheck-suppress autoVariables
-                                     */
-        output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN;
-        output->ticketLen = 0;
-        tmpBufSet = 1;
-    }
-#endif
-
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    if (output->peer != NULL) {
-        wolfSSL_X509_free(output->peer);
-        output->peer = NULL;
-    }
-#endif
-
-#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                  \
-    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    if (output->ticketNonce.data != output->ticketNonce.dataStatic) {
-        XFREE(output->ticketNonce.data, output->heap,
-            DYNAMIC_TYPE_SESSION_TICK);
-        output->ticketNonce.data = output->ticketNonce.dataStatic;
-        output->ticketNonce.len = 0;
-    }
-    error = SessionTicketNoncePrealloc(&preallocNonce, &preallocNonceLen,
-        output->heap);
-    if (error != 0) {
-        if (tmpBufSet) {
-            output->ticket = output->staticTicket;
-            output->ticketLenAlloc = 0;
-        }
-#ifdef WOLFSSL_SMALL_STACK
-        if (tmpTicket != NULL)
-            XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-        return WOLFSSL_FAILURE;
-    }
-#endif /* WOLFSSL_TLS13 && HAVE_SESSION_TICKET*/
-
-    /* init to avoid clang static analyzer false positive */
-    row = 0;
-    error = TlsSessionCacheGetAndRdLock(id, &sess, &row, (byte)ssl->options.side);
-    error = (error == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    if (error != WOLFSSL_SUCCESS || sess == NULL) {
-        WOLFSSL_MSG("Get Session from cache failed");
-        error = WOLFSSL_FAILURE;
-#ifdef HAVE_SESSION_TICKET
-        if (tmpBufSet) {
-            output->ticket = output->staticTicket;
-            output->ticketLenAlloc = 0;
-        }
-#ifdef WOLFSSL_TLS13
-        if (preallocNonce != NULL) {
-            XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-            preallocNonce = NULL;
-        }
-#endif /* WOLFSSL_TLS13 */
-#ifdef WOLFSSL_SMALL_STACK
-        if (tmpTicket != NULL) {
-            XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            tmpTicket = NULL;
-        }
-#endif
-#endif
-    }
-    else {
-        if (!CheckSessionMatch(ssl, sess)) {
-            WOLFSSL_MSG("Invalid session: can't be used in this context");
-            TlsSessionCacheUnlockRow(row);
-            error = WOLFSSL_FAILURE;
-        }
-        else if (LowResTimer() >= (sess->bornOn + sess->timeout)) {
-            WOLFSSL_SESSION* wrSess = NULL;
-            WOLFSSL_MSG("Invalid session: timed out");
-            sess = NULL;
-            TlsSessionCacheUnlockRow(row);
-            /* Attempt to get a write lock */
-            error = TlsSessionCacheGetAndWrLock(id, &wrSess, &row,
-                    (byte)ssl->options.side);
-            if (error == 0 && wrSess != NULL) {
-                EvictSessionFromCache(wrSess);
-                TlsSessionCacheUnlockRow(row);
-            }
-            error = WOLFSSL_FAILURE;
-        }
-    }
-
-    /* mollify confused cppcheck nullPointer warning. */
-    if (sess == NULL)
-        error = WOLFSSL_FAILURE;
-
-    if (error == WOLFSSL_SUCCESS) {
-#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13)
-        error = wolfSSL_DupSessionEx(sess, output, 1,
-            preallocNonce, &preallocNonceLen, &preallocNonceUsed);
-#else
-        error = wolfSSL_DupSession(sess, output, 1);
-#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */
-#ifdef HAVE_EX_DATA
-        output->ownExData = !sess->ownExData; /* Session may own ex_data */
-#endif
-        TlsSessionCacheUnlockRow(row);
-    }
-
-    /* We want to restore the bogus ID for TLS compatibility */
-    if (ssl->session->haveAltSessionID &&
-            output == ssl->session) {
-        XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN);
-        ssl->session->sessionIDSz = bogusIDSz;
-    }
-
-#ifdef HAVE_SESSION_TICKET
-    if (tmpBufSet) {
-        if (error == WOLFSSL_SUCCESS) {
-            if (output->ticketLen > SESSION_TICKET_LEN) {
-                output->ticket = (byte*)XMALLOC(output->ticketLen, output->heap,
-                        DYNAMIC_TYPE_SESSION_TICK);
-                if (output->ticket == NULL) {
-                    error = WOLFSSL_FAILURE;
-                    output->ticket = output->staticTicket;
-                    output->ticketLenAlloc = 0;
-                    output->ticketLen = 0;
-                }
-            }
-            else {
-                output->ticket = output->staticTicket;
-                output->ticketLenAlloc = 0;
-            }
-        }
-        else {
-            output->ticket = output->staticTicket;
-            output->ticketLenAlloc = 0;
-            output->ticketLen = 0;
-        }
-        if (error == WOLFSSL_SUCCESS) {
-            XMEMCPY(output->ticket, tmpTicket, output->ticketLen);
-        }
-    }
-#ifdef WOLFSSL_SMALL_STACK
-    if (tmpTicket != NULL)
-        XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    if (error == WOLFSSL_SUCCESS && preallocNonceUsed) {
-        if (preallocNonceLen < PREALLOC_SESSION_TICKET_NONCE_LEN) {
-            /* buffer bigger than needed */
-#ifndef XREALLOC
-            output->ticketNonce.data = (byte*)XMALLOC(preallocNonceLen,
-                output->heap, DYNAMIC_TYPE_SESSION_TICK);
-            if (output->ticketNonce.data != NULL)
-                XMEMCPY(output->ticketNonce.data, preallocNonce,
-                    preallocNonceLen);
-            XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-            preallocNonce = NULL;
-#else
-            output->ticketNonce.data = XREALLOC(preallocNonce,
-                preallocNonceLen, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-            if (output->ticketNonce.data != NULL) {
-                /* don't free the reallocated pointer */
-                preallocNonce = NULL;
-            }
-#endif /* !XREALLOC */
-            if (output->ticketNonce.data == NULL) {
-                output->ticketNonce.data = output->ticketNonce.dataStatic;
-                output->ticketNonce.len = 0;
-                error = WOLFSSL_FAILURE;
-                /* preallocNonce will be free'd after the if */
-            }
-        }
-        else {
-            output->ticketNonce.data = preallocNonce;
-            output->ticketNonce.len = preallocNonceLen;
-            preallocNonce = NULL;
-        }
-    }
-    if (preallocNonce != NULL)
-        XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
-
-#endif
-
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    if (peer != NULL) {
-        wolfSSL_X509_free(peer);
-    }
-#endif
-
-    return error;
-}
-
-WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret,
-        byte restoreSessionCerts)
-{
-    WOLFSSL_SESSION* ret = NULL;
-
-    (void)restoreSessionCerts; /* Kept for compatibility */
-
-    if (wolfSSL_GetSessionFromCache(ssl, ssl->session) == WOLFSSL_SUCCESS) {
-        ret = ssl->session;
-    }
-    else {
-        WOLFSSL_MSG("wolfSSL_GetSessionFromCache did not return a session");
-    }
-
-    if (ret != NULL && masterSecret != NULL)
-        XMEMCPY(masterSecret, ret->masterSecret, SECRET_LEN);
-
-    return ret;
-}
-
-int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
-{
-    SessionRow* sessRow = NULL;
-    int ret = WOLFSSL_SUCCESS;
-
-    session = ClientSessionToSession(session);
-
-    if (ssl == NULL || session == NULL || !session->isSetup) {
-        WOLFSSL_MSG("ssl or session NULL or not set up");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* We need to lock the session as the first step if its in the cache */
-    if (session->type == WOLFSSL_SESSION_TYPE_CACHE) {
-        if (session->cacheRow < SESSION_ROWS) {
-            sessRow = &SessionCache[session->cacheRow];
-            if (SESSION_ROW_RD_LOCK(sessRow) != 0) {
-                WOLFSSL_MSG("Session row lock failed");
-                return WOLFSSL_FAILURE;
-            }
-        }
-    }
-
-    if (ret == WOLFSSL_SUCCESS && ssl->options.side != WOLFSSL_NEITHER_END &&
-            (byte)ssl->options.side != session->side) {
-        WOLFSSL_MSG("Setting session for wrong role");
-        ret = WOLFSSL_FAILURE;
-    }
-
-    if (ret == WOLFSSL_SUCCESS) {
-        if (ssl->session == session) {
-            WOLFSSL_MSG("ssl->session and session same");
-        }
-        else if (session->type != WOLFSSL_SESSION_TYPE_CACHE) {
-            if (wolfSSL_SESSION_up_ref(session) == WOLFSSL_SUCCESS) {
-                wolfSSL_FreeSession(ssl->ctx, ssl->session);
-                ssl->session = session;
-            }
-            else
-                ret = WOLFSSL_FAILURE;
-        }
-        else {
-            ret = wolfSSL_DupSession(session, ssl->session, 0);
-            if (ret != WOLFSSL_SUCCESS)
-                WOLFSSL_MSG("Session duplicate failed");
-        }
-    }
-
-    /* Let's copy over the altSessionID for local cache purposes */
-    if (ret == WOLFSSL_SUCCESS && session->haveAltSessionID &&
-            ssl->session != session) {
-        ssl->session->haveAltSessionID = 1;
-        XMEMCPY(ssl->session->altSessionID, session->altSessionID, ID_LEN);
-    }
-
-    if (sessRow != NULL) {
-        SESSION_ROW_UNLOCK(sessRow);
-        sessRow = NULL;
-    }
-
-    /* Note: the `session` variable cannot be used below, since the row is
-     * un-locked */
-
-    if (ret != WOLFSSL_SUCCESS)
-        return ret;
-
-#ifdef WOLFSSL_SESSION_ID_CTX
-    /* check for application context id */
-    if (ssl->sessionCtxSz > 0) {
-        if (XMEMCMP(ssl->sessionCtx, ssl->session->sessionCtx, ssl->sessionCtxSz)) {
-            /* context id did not match! */
-            WOLFSSL_MSG("Session context did not match");
-            return WOLFSSL_FAILURE;
-        }
-    }
-#endif /* WOLFSSL_SESSION_ID_CTX */
-
-    if (LowResTimer() >= (ssl->session->bornOn + ssl->session->timeout)) {
-#if !defined(OPENSSL_EXTRA) || !defined(WOLFSSL_ERROR_CODE_OPENSSL)
-        return WOLFSSL_FAILURE;  /* session timed out */
-#else /* defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) */
-        WOLFSSL_MSG("Session is expired but return success for "
-                    "OpenSSL compatibility");
-#endif
-    }
-    ssl->options.resuming = 1;
-    ssl->options.haveEMS = ssl->session->haveEMS;
-
-#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
-                           defined(HAVE_SESSION_TICKET))
-    ssl->version              = ssl->session->version;
-    if (IsAtLeastTLSv1_3(ssl->version))
-        ssl->options.tls1_3 = 1;
-#endif
-#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
-                    (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-    ssl->options.cipherSuite0 = ssl->session->cipherSuite0;
-    ssl->options.cipherSuite  = ssl->session->cipherSuite;
-#endif
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-    ssl->peerVerifyRet = (unsigned long)ssl->session->peerVerifyRet;
-#endif
-
-    return WOLFSSL_SUCCESS;
-}
-
-
-#ifdef WOLFSSL_SESSION_STATS
-static int get_locked_session_stats(word32* active, word32* total,
-                                    word32* peak);
-#endif
-
-#ifndef NO_CLIENT_CACHE
-ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverID,
-                            word16 idLen, const byte* sessionID,
-                            word16 useTicket)
-{
-    int error = -1;
-    word32 clientRow = 0, clientIdx = 0;
-    ClientSession* ret = NULL;
-
-    (void)useTicket;
-    if (side == WOLFSSL_CLIENT_END
-            && row != INVALID_SESSION_ROW
-            && (idLen
-#ifdef HAVE_SESSION_TICKET
-                || useTicket == 1
-#endif
-                || serverID != NULL
-                )) {
-
-        WOLFSSL_MSG("Trying to add client cache entry");
-
-        if (idLen) {
-            clientRow = HashObject(serverID,
-                    idLen, &error) % CLIENT_SESSION_ROWS;
-        }
-        else if (serverID != NULL) {
-            clientRow = HashObject(sessionID,
-                    ID_LEN, &error) % CLIENT_SESSION_ROWS;
-        }
-        else {
-            error = -1;
-        }
-        if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) {
-            clientIdx = ClientCache[clientRow].nextIdx;
-            if (clientIdx < CLIENT_SESSIONS_PER_ROW) {
-                ClientCache[clientRow].Clients[clientIdx].serverRow =
-                                                                (word16)row;
-                ClientCache[clientRow].Clients[clientIdx].serverIdx =
-                                                                (word16)idx;
-                if (sessionID != NULL) {
-                    word32 sessionIDHash = HashObject(sessionID, ID_LEN,
-                                                      &error);
-                    if (error == 0) {
-                        ClientCache[clientRow].Clients[clientIdx].sessionIDHash
-                            = sessionIDHash;
-                    }
-                }
-            }
-            else {
-                error = -1;
-                ClientCache[clientRow].nextIdx = 0; /* reset index as safety */
-                WOLFSSL_MSG("Invalid client cache index! "
-                            "Possible corrupted memory");
-            }
-            if (error == 0) {
-                WOLFSSL_MSG("Adding client cache entry");
-
-                ret = &ClientCache[clientRow].Clients[clientIdx];
-
-                if (ClientCache[clientRow].totalCount < CLIENT_SESSIONS_PER_ROW)
-                    ClientCache[clientRow].totalCount++;
-                ClientCache[clientRow].nextIdx++;
-                ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW;
-            }
-
-            wc_UnLockMutex(&clisession_mutex);
-        }
-        else {
-            WOLFSSL_MSG("Hash session or lock failed");
-        }
-    }
-    else {
-        WOLFSSL_MSG("Skipping client cache");
-    }
-
-    return ret;
-}
-#endif /* !NO_CLIENT_CACHE */
-
-/**
- * For backwards compatibility, this API needs to be used in *ALL* functions
- * that access the WOLFSSL_SESSION members directly.
- *
- * This API checks if the passed in session is actually a ClientSession object
- * and returns the matching session cache object. Otherwise just return the
- * input. ClientSession objects only occur in the ClientCache. They are not
- * allocated anywhere else.
- */
-WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
-{
-    WOLFSSL_ENTER("ClientSessionToSession");
-#ifdef NO_SESSION_CACHE_REF
-    return (WOLFSSL_SESSION*)session;
-#else
-#ifndef NO_CLIENT_CACHE
-    if (session == NULL)
-        return NULL;
-    /* Check if session points into ClientCache */
-    if ((byte*)session >= (byte*)ClientCache &&
-            /* Cast to byte* to make pointer arithmetic work per byte */
-            (byte*)session < ((byte*)ClientCache) + sizeof(ClientCache)) {
-        ClientSession* clientSession = (ClientSession*)session;
-        SessionRow* sessRow = NULL;
-        WOLFSSL_SESSION* cacheSession = NULL;
-        word32 sessionIDHash = 0;
-        int error = 0;
-        session = NULL; /* Default to NULL for failure case */
-        if (wc_LockMutex(&clisession_mutex) != 0) {
-            WOLFSSL_MSG("Client cache mutex lock failed");
-            return NULL;
-        }
-        if (clientSession->serverRow >= SESSION_ROWS ||
-                clientSession->serverIdx >= SESSIONS_PER_ROW) {
-            WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
-            error = -1;
-        }
-        if (error == 0) {
-            /* Lock row */
-            sessRow = &SessionCache[clientSession->serverRow];
-            error = SESSION_ROW_RD_LOCK(sessRow);
-            if (error != 0) {
-                WOLFSSL_MSG("Session cache row lock failure");
-                sessRow = NULL;
-            }
-        }
-        if (error == 0) {
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-            cacheSession = sessRow->Sessions[clientSession->serverIdx];
-#else
-            cacheSession = &sessRow->Sessions[clientSession->serverIdx];
-#endif
-            if (cacheSession && cacheSession->sessionIDSz == 0) {
-                cacheSession = NULL;
-                WOLFSSL_MSG("Session cache entry not set");
-                error = -1;
-            }
-        }
-        if (error == 0) {
-            /* Calculate the hash of the session ID */
-            sessionIDHash = HashObject(cacheSession->sessionID, ID_LEN,
-                    &error);
-        }
-        if (error == 0) {
-            /* Check the session ID hash matches */
-            error = clientSession->sessionIDHash != sessionIDHash;
-            if (error != 0)
-                WOLFSSL_MSG("session ID hash don't match");
-        }
-        if (error == 0) {
-            /* Hashes match */
-            session = cacheSession;
-            WOLFSSL_MSG("Found session cache matching client session object");
-        }
-        if (sessRow != NULL) {
-            SESSION_ROW_UNLOCK(sessRow);
-        }
-        wc_UnLockMutex(&clisession_mutex);
-        return (WOLFSSL_SESSION*)session;
-    }
-    else {
-        /* Plain WOLFSSL_SESSION object */
-        return (WOLFSSL_SESSION*)session;
-    }
-#else
-    return (WOLFSSL_SESSION*)session;
-#endif
-#endif
-}
-
-int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
-        const byte* id, byte idSz, int* sessionIndex, int side,
-        word16 useTicket, ClientSession** clientCacheEntry)
-{
-    WOLFSSL_SESSION* cacheSession = NULL;
-    SessionRow* sessRow = NULL;
-    word32 idx = 0;
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    WOLFSSL_X509* cachePeer = NULL;
-    WOLFSSL_X509* addPeer = NULL;
-#endif
-#ifdef HAVE_SESSION_TICKET
-    byte*  cacheTicBuff = NULL;
-    byte   ticBuffUsed = 0;
-    byte*  ticBuff = NULL;
-    int    ticLen  = 0;
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    byte *preallocNonce = NULL;
-    byte preallocNonceLen = 0;
-    byte preallocNonceUsed = 0;
-    byte *toFree = NULL;
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC */
-#endif /* HAVE_SESSION_TICKET */
-    int ret = 0;
-    int row;
-    int i;
-    int overwrite = 0;
-    (void)ctx;
-    (void)sessionIndex;
-    (void)useTicket;
-    (void)clientCacheEntry;
-
-    WOLFSSL_ENTER("AddSessionToCache");
-
-    if (idSz == 0) {
-        WOLFSSL_MSG("AddSessionToCache idSz == 0");
-        return BAD_FUNC_ARG;
-    }
-
-    addSession = ClientSessionToSession(addSession);
-    if (addSession == NULL) {
-        WOLFSSL_MSG("AddSessionToCache is NULL");
-        return MEMORY_E;
-    }
-
-#ifdef HAVE_SESSION_TICKET
-    ticLen = addSession->ticketLen;
-    /* Alloc Memory here to avoid syscalls during lock */
-    if (ticLen > SESSION_TICKET_LEN) {
-        ticBuff = (byte*)XMALLOC(ticLen, NULL,
-                DYNAMIC_TYPE_SESSION_TICK);
-        if (ticBuff == NULL) {
-            return MEMORY_E;
-        }
-    }
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    if (addSession->ticketNonce.data != addSession->ticketNonce.dataStatic) {
-        /* use the AddSession->heap even if the buffer maybe saved in
-         * CachedSession objects. CachedSession heap and AddSession heap should
-         * be the same */
-        preallocNonce = (byte*)XMALLOC(addSession->ticketNonce.len,
-            addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-        if (preallocNonce == NULL) {
-            if (ticBuff != NULL)
-                XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-            return MEMORY_E;
-        }
-        preallocNonceLen = addSession->ticketNonce.len;
-    }
-#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */
-#endif /* HAVE_SESSION_TICKET */
-
-    /* Find a position for the new session in cache and use that */
-    /* Use the session object in the cache for external cache if required */
-    row = (int)(HashObject(id, ID_LEN, &ret) % SESSION_ROWS);
-    if (ret != 0) {
-        WOLFSSL_MSG("Hash session failed");
-    #ifdef HAVE_SESSION_TICKET
-        XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
-        XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-    #endif
-    #endif
-        return ret;
-    }
-
-    sessRow = &SessionCache[row];
-    if (SESSION_ROW_WR_LOCK(sessRow) != 0) {
-    #ifdef HAVE_SESSION_TICKET
-        XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
-        XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-    #endif
-    #endif
-        WOLFSSL_MSG("Session row lock failed");
-        return BAD_MUTEX_E;
-    }
-
-    for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) {
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-        cacheSession = sessRow->Sessions[i];
-#else
-        cacheSession = &sessRow->Sessions[i];
-#endif
-        if (cacheSession && XMEMCMP(id,
-                cacheSession->sessionID, ID_LEN) == 0 &&
-                cacheSession->side == side) {
-            WOLFSSL_MSG("Session already exists. Overwriting.");
-            overwrite = 1;
-            idx = i;
-            break;
-        }
-    }
-
-    if (!overwrite)
-        idx = sessRow->nextIdx;
-#ifdef SESSION_INDEX
-    if (sessionIndex != NULL)
-        *sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
-#endif
-
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-    cacheSession = sessRow->Sessions[idx];
-    if (cacheSession == NULL) {
-        cacheSession = (WOLFSSL_SESSION*) XMALLOC(sizeof(WOLFSSL_SESSION),
-                                         sessRow->heap, DYNAMIC_TYPE_SESSION);
-        if (cacheSession == NULL) {
-        #ifdef HAVE_SESSION_TICKET
-            XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
-            XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-        #endif
-        #endif
-            SESSION_ROW_UNLOCK(sessRow);
-            return MEMORY_E;
-        }
-        XMEMSET(cacheSession, 0, sizeof(WOLFSSL_SESSION));
-        sessRow->Sessions[idx] = cacheSession;
-    }
-#else
-    cacheSession = &sessRow->Sessions[idx];
-#endif
-
-#ifdef HAVE_EX_DATA
-    if (overwrite) {
-        /* Figure out who owns the ex_data */
-        if (cacheSession->ownExData) {
-            /* Prioritize cacheSession copy */
-            XMEMCPY(&addSession->ex_data, &cacheSession->ex_data,
-                    sizeof(WOLFSSL_CRYPTO_EX_DATA));
-        }
-        /* else will be copied in wolfSSL_DupSession call */
-    }
-    else if (cacheSession->ownExData) {
-        crypto_ex_cb_free_data(cacheSession, crypto_ex_cb_ctx_session,
-                               &cacheSession->ex_data);
-        cacheSession->ownExData = 0;
-    }
-#endif
-
-    if (!overwrite)
-        EvictSessionFromCache(cacheSession);
-
-    cacheSession->type = WOLFSSL_SESSION_TYPE_CACHE;
-    cacheSession->cacheRow = row;
-
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    /* Save the peer field to free after unlocking the row */
-    if (cacheSession->peer != NULL)
-        cachePeer = cacheSession->peer;
-    cacheSession->peer = NULL;
-#endif
-#ifdef HAVE_SESSION_TICKET
-    /* If we can reuse the existing buffer in cacheSession then we won't touch
-     * ticBuff at all making it a very cheap malloc/free. The page on a modern
-     * OS will most likely not even be allocated to the process. */
-    if (ticBuff != NULL && cacheSession->ticketLenAlloc < ticLen) {
-        /* Save pointer only if separately allocated */
-        if (cacheSession->ticket != cacheSession->staticTicket)
-            cacheTicBuff = cacheSession->ticket;
-        ticBuffUsed = 1;
-        cacheSession->ticket = ticBuff;
-        cacheSession->ticketLenAlloc = (word16) ticLen;
-    }
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    /* cache entry never used */
-    if (cacheSession->ticketNonce.data == NULL)
-        cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic;
-
-    if (cacheSession->ticketNonce.data !=
-            cacheSession->ticketNonce.dataStatic) {
-        toFree = cacheSession->ticketNonce.data;
-        cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic;
-        cacheSession->ticketNonce.len = 0;
-    }
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
-#endif
-#ifdef SESSION_CERTS
-    if (overwrite &&
-            addSession->chain.count == 0 &&
-            cacheSession->chain.count > 0) {
-        /* Copy in the certs from the session */
-        addSession->chain.count = cacheSession->chain.count;
-        XMEMCPY(addSession->chain.certs, cacheSession->chain.certs,
-                sizeof(x509_buffer) * cacheSession->chain.count);
-    }
-#endif /* SESSION_CERTS */
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    /* Don't copy the peer cert into cache */
-    addPeer = addSession->peer;
-    addSession->peer = NULL;
-#endif
-    cacheSession->heap = NULL;
-    /* Copy data into the cache object */
-#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
-    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                   \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    ret = wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce,
-        &preallocNonceLen, &preallocNonceUsed) == WOLFSSL_FAILURE;
-#else
-    ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE;
-#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC
-          && FIPS_VERSION_GE(5,3)*/
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    addSession->peer = addPeer;
-#endif
-
-    if (ret == 0) {
-        if (!overwrite) {
-            /* Increment the totalCount and the nextIdx */
-            if (sessRow->totalCount < SESSIONS_PER_ROW)
-                sessRow->totalCount++;
-            sessRow->nextIdx = (sessRow->nextIdx + 1) % SESSIONS_PER_ROW;
-        }
-        if (id != addSession->sessionID) {
-            /* ssl->session->sessionID may contain the bogus ID or we want the
-             * ID from the arrays object */
-            XMEMCPY(cacheSession->sessionID, id, ID_LEN);
-            cacheSession->sessionIDSz = ID_LEN;
-        }
-#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
-        if (ctx->rem_sess_cb != NULL)
-            cacheSession->rem_sess_cb = ctx->rem_sess_cb;
-#endif
-#ifdef HAVE_EX_DATA
-        /* The session in cache now owns the ex_data */
-        addSession->ownExData = 0;
-        cacheSession->ownExData = 1;
-#endif
-#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
-    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        if (preallocNonce != NULL && preallocNonceUsed) {
-            cacheSession->ticketNonce.data = preallocNonce;
-            cacheSession->ticketNonce.len = preallocNonceLen;
-            preallocNonce = NULL;
-            preallocNonceLen = 0;
-        }
-#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC
-        * && FIPS_VERSION_GE(5,3)*/
-    }
-#ifdef HAVE_SESSION_TICKET
-    else if (ticBuffUsed) {
-        /* Error occurred. Need to clean up the ticket buffer. */
-        cacheSession->ticket = cacheSession->staticTicket;
-        cacheSession->ticketLenAlloc = 0;
-        cacheSession->ticketLen = 0;
-    }
-#endif
-    SESSION_ROW_UNLOCK(sessRow);
-    cacheSession = NULL; /* Can't access after unlocked */
-
-#ifndef NO_CLIENT_CACHE
-    if (ret == 0 && clientCacheEntry != NULL) {
-        ClientSession* clientCache = AddSessionToClientCache(side, row, idx,
-                addSession->serverID, addSession->idLen, id, useTicket);
-        if (clientCache != NULL)
-            *clientCacheEntry = clientCache;
-    }
-#endif
-
-#ifdef HAVE_SESSION_TICKET
-    if (ticBuff != NULL && !ticBuffUsed)
-        XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    XFREE(cacheTicBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&         \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-    XFREE(toFree, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
-#endif
-
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    if (cachePeer != NULL) {
-        wolfSSL_X509_free(cachePeer);
-        cachePeer = NULL; /* Make sure not use after this point */
-    }
-#endif
-
-    return ret;
-}
-
-void AddSession(WOLFSSL* ssl)
-{
-    int    error = 0;
-    const byte* id = NULL;
-    byte idSz = 0;
-    WOLFSSL_SESSION* session = ssl->session;
-
-    (void)error;
-
-    WOLFSSL_ENTER("AddSession");
-
-    if (SslSessionCacheOff(ssl, session)) {
-        WOLFSSL_MSG("Cache off");
-        return;
-    }
-
-    if (session->haveAltSessionID) {
-        id = session->altSessionID;
-        idSz = ID_LEN;
-    }
-    else {
-        id = session->sessionID;
-        idSz = session->sessionIDSz;
-    }
-
-    /* Do this only for the client because if the server doesn't have an ID at
-     * this point, it won't on resumption. */
-    if (idSz == 0 && ssl->options.side == WOLFSSL_CLIENT_END) {
-        WC_RNG* rng = NULL;
-        if (ssl->rng != NULL)
-            rng = ssl->rng;
-#if defined(HAVE_GLOBAL_RNG) && defined(OPENSSL_EXTRA)
-        else if (initGlobalRNG == 1 || wolfSSL_RAND_Init() == WOLFSSL_SUCCESS) {
-            rng = &globalRNG;
-        }
-#endif
-        if (wc_RNG_GenerateBlock(rng, ssl->session->altSessionID,
-                ID_LEN) != 0)
-            return;
-        ssl->session->haveAltSessionID = 1;
-        id = ssl->session->altSessionID;
-        idSz = ID_LEN;
-    }
-
-#ifdef HAVE_EXT_CACHE
-    if (!ssl->options.internalCacheOff)
-#endif
-    {
-        /* Try to add the session to internal cache or external cache
-        if a new_sess_cb is set. Its ok if we don't succeed. */
-        (void)AddSessionToCache(ssl->ctx, session, id, idSz,
-#ifdef SESSION_INDEX
-                &ssl->sessionIndex,
-#else
-                NULL,
-#endif
-                ssl->options.side,
-#ifdef HAVE_SESSION_TICKET
-                ssl->options.useTicket,
-#else
-                0,
-#endif
-#ifdef NO_SESSION_CACHE_REF
-                NULL
-#else
-                (ssl->options.side == WOLFSSL_CLIENT_END) ?
-                        &ssl->clientSession : NULL
-#endif
-                        );
-    }
-
-#ifdef HAVE_EXT_CACHE
-    if (error == 0 && ssl->ctx->new_sess_cb != NULL) {
-        int cbRet = 0;
-        wolfSSL_SESSION_up_ref(session);
-        cbRet = ssl->ctx->new_sess_cb(ssl, session);
-        if (cbRet == 0)
-            wolfSSL_FreeSession(ssl->ctx, session);
-    }
-#endif
-
-#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
-    if (error == 0) {
-        word32 active = 0;
-
-        error = get_locked_session_stats(&active, NULL, NULL);
-        if (error == WOLFSSL_SUCCESS) {
-            error = 0;  /* back to this function ok */
-
-            if (PeakSessions < active) {
-                PeakSessions = active;
-            }
-        }
-    }
-#endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */
-    (void)error;
-}
-
-
-#ifdef SESSION_INDEX
-
-int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
-{
-    WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
-    WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
-    return ssl->sessionIndex;
-}
-
-
-int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
-{
-    int row, col, result = WOLFSSL_FAILURE;
-    SessionRow* sessRow;
-    WOLFSSL_SESSION* cacheSession;
-
-    WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
-
-    session = ClientSessionToSession(session);
-
-    row = idx >> SESSIDX_ROW_SHIFT;
-    col = idx & SESSIDX_IDX_MASK;
-
-    if (session == NULL ||
-            row < 0 || row >= SESSION_ROWS || col >= SESSIONS_PER_ROW) {
-        return WOLFSSL_FAILURE;
-    }
-
-    sessRow = &SessionCache[row];
-    if (SESSION_ROW_RD_LOCK(sessRow) != 0) {
-        return BAD_MUTEX_E;
-    }
-
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-    cacheSession = sessRow->Sessions[col];
-#else
-    cacheSession = &sessRow->Sessions[col];
-#endif
-    if (cacheSession) {
-        XMEMCPY(session, cacheSession, sizeof(WOLFSSL_SESSION));
-        result = WOLFSSL_SUCCESS;
-    }
-    else {
-        result = WOLFSSL_FAILURE;
-    }
-
-    SESSION_ROW_UNLOCK(sessRow);
-
-    WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
-    return result;
-}
-
-#endif /* SESSION_INDEX */
-
-#if defined(SESSION_CERTS)
-
-WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
-{
-    WOLFSSL_X509_CHAIN* chain = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
-
-    session = ClientSessionToSession(session);
-
-    if (session)
-        chain = &session->chain;
-
-    WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
-    return chain;
-}
-
-
-#ifdef OPENSSL_EXTRA
-/* gets the peer certificate associated with the session passed in
- * returns null on failure, the caller should not free the returned pointer */
-WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
-
-    session = ClientSessionToSession(session);
-    if (session) {
-        int count;
-
-        count = wolfSSL_get_chain_count(&session->chain);
-        if (count < 1 || count >= MAX_CHAIN_DEPTH) {
-            WOLFSSL_MSG("bad count found");
-            return NULL;
-        }
-
-        if (session->peer == NULL) {
-            session->peer = wolfSSL_get_chain_X509(&session->chain, 0);
-        }
-        return session->peer;
-    }
-    WOLFSSL_MSG("No session passed in");
-
-    return NULL;
-}
-#endif /* OPENSSL_EXTRA */
-#endif /* SESSION_INDEX && SESSION_CERTS */
-
-
-#ifdef WOLFSSL_SESSION_STATS
-
-static int get_locked_session_stats(word32* active, word32* total, word32* peak)
-{
-    int result = WOLFSSL_SUCCESS;
-    int i;
-    int count;
-    int idx;
-    word32 now   = 0;
-    word32 seen  = 0;
-    word32 ticks = LowResTimer();
-
-    WOLFSSL_ENTER("get_locked_session_stats");
-
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    SESSION_ROW_RD_LOCK(&SessionCache[0]);
-#endif
-    for (i = 0; i < SESSION_ROWS; i++) {
-        SessionRow* row = &SessionCache[i];
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        if (SESSION_ROW_RD_LOCK(row) != 0) {
-            WOLFSSL_MSG("Session row cache mutex lock failed");
-            return BAD_MUTEX_E;
-        }
-    #endif
-
-        seen += row->totalCount;
-
-        if (active == NULL) {
-            SESSION_ROW_UNLOCK(row);
-            continue;
-        }
-
-        count = min((word32)row->totalCount, SESSIONS_PER_ROW);
-        idx   = row->nextIdx - 1;
-        if (idx < 0 || idx >= SESSIONS_PER_ROW) {
-            idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
-        }
-
-        for (; count > 0; --count) {
-            /* if not expired then good */
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-            if (row->Sessions[idx] &&
-                ticks < (row->Sessions[idx]->bornOn +
-                            row->Sessions[idx]->timeout) )
-#else
-            if (ticks < (row->Sessions[idx].bornOn +
-                            row->Sessions[idx].timeout) )
-#endif
-            {
-                now++;
-            }
-
-            idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1;
-        }
-
-    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
-        SESSION_ROW_UNLOCK(row);
-    #endif
-    }
-#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
-    SESSION_ROW_UNLOCK(&SessionCache[0]);
-#endif
-
-    if (active) {
-        *active = now;
-    }
-    if (total) {
-        *total = seen;
-    }
-
-#ifdef WOLFSSL_PEAK_SESSIONS
-    if (peak) {
-        *peak = PeakSessions;
-    }
-#else
-    (void)peak;
-#endif
-
-    WOLFSSL_LEAVE("get_locked_session_stats", result);
-
-    return result;
-}
-
-
-/* return WOLFSSL_SUCCESS on ok */
-int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
-                              word32* maxSessions)
-{
-    int result = WOLFSSL_SUCCESS;
-
-    WOLFSSL_ENTER("wolfSSL_get_session_stats");
-
-    if (maxSessions) {
-        *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
-
-        if (active == NULL && total == NULL && peak == NULL)
-            return result;  /* we're done */
-    }
-
-    /* user must provide at least one query value */
-    if (active == NULL && total == NULL && peak == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    result = get_locked_session_stats(active, total, peak);
-
-    WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
-
-    return result;
-}
-
-#endif /* WOLFSSL_SESSION_STATS */
-
-
-    #ifdef PRINT_SESSION_STATS
-
-    /* WOLFSSL_SUCCESS on ok */
-    int wolfSSL_PrintSessionStats(void)
-    {
-        word32 totalSessionsSeen = 0;
-        word32 totalSessionsNow = 0;
-        word32 peak = 0;
-        word32 maxSessions = 0;
-        int    i;
-        int    ret;
-        double E;               /* expected freq */
-        double chiSquare = 0;
-
-        ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
-                                        &peak, &maxSessions);
-        if (ret != WOLFSSL_SUCCESS)
-            return ret;
-        printf("Total Sessions Seen = %u\n", totalSessionsSeen);
-        printf("Total Sessions Now  = %u\n", totalSessionsNow);
-#ifdef WOLFSSL_PEAK_SESSIONS
-        printf("Peak  Sessions      = %u\n", peak);
-#endif
-        printf("Max   Sessions      = %u\n", maxSessions);
-
-        E = (double)totalSessionsSeen / SESSION_ROWS;
-
-        for (i = 0; i < SESSION_ROWS; i++) {
-            double diff = SessionCache[i].totalCount - E;
-            diff *= diff;                /* square    */
-            diff /= E;                   /* normalize */
-
-            chiSquare += diff;
-        }
-        printf("  chi-square = %5.1f, d.f. = %d\n", chiSquare,
-                                                     SESSION_ROWS - 1);
-        #if (SESSION_ROWS == 11)
-            printf(" .05 p value =  18.3, chi-square should be less\n");
-        #elif (SESSION_ROWS == 211)
-            printf(".05 p value  = 244.8, chi-square should be less\n");
-        #elif (SESSION_ROWS == 5981)
-            printf(".05 p value  = 6161.0, chi-square should be less\n");
-        #elif (SESSION_ROWS == 3)
-            printf(".05 p value  =   6.0, chi-square should be less\n");
-        #elif (SESSION_ROWS == 2861)
-            printf(".05 p value  = 2985.5, chi-square should be less\n");
-        #endif
-        printf("\n");
-
-        return ret;
-    }
-
-    #endif /* SESSION_STATS */
-
-#else  /* NO_SESSION_CACHE */
-
-WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
-{
-    return (WOLFSSL_SESSION*)session;
-}
-
-/* No session cache version */
-WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret,
-        byte restoreSessionCerts)
-{
-    (void)ssl;
-    (void)masterSecret;
-    (void)restoreSessionCerts;
-
-    return NULL;
-}
-
-#endif /* NO_SESSION_CACHE */
-
 
 /* call before SSL_connect, if verifying will add name check to
    date check and signature check */
@@ -15254,6 +11319,25 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
     }
 }
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+const char *wolfSSL_get0_peername(WOLFSSL *ssl) {
+    if (ssl == NULL) {
+        return NULL;
+    }
+
+    if (ssl->buffers.domainName.buffer)
+        return (const char *)ssl->buffers.domainName.buffer;
+    else if (ssl->session && ssl->session->peer)
+        return ssl->session->peer->subjectCN;
+    else if (ssl->peerCert.subjectCN[0])
+        return ssl->peerCert.subjectCN;
+    else {
+        ssl->error = NO_PEER_CERT;
+        return NULL;
+    }
+}
+
+#endif /* SESSION_CERTS && OPENSSL_EXTRA */
 
 /* turn on wolfSSL zlib compression
    returns WOLFSSL_SUCCESS for success, else error (not built in)
@@ -15272,7 +11356,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
 #ifndef USE_WINDOWS_API
-    #ifndef NO_WRITEV
+    #if !defined(NO_WRITEV) && !defined(NO_TLS)
 
         /* simulate writev semantics, doesn't actually do block at a time though
            because of SSL_write behavior and because front adds may be small */
@@ -15285,7 +11369,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         #endif
             byte* myBuffer  = staticBuffer;
             int   dynamic   = 0;
-            int   sending   = 0;
+            word32 sending   = 0;
             int   idx       = 0;
             int   i;
             int   ret;
@@ -15293,11 +11377,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             WOLFSSL_ENTER("wolfSSL_writev");
 
             for (i = 0; i < iovcnt; i++)
-                sending += (int)iov[i].iov_len;
+                sending += iov[i].iov_len;
 
-            if (sending > (int)sizeof(staticBuffer)) {
+            if (sending > sizeof(staticBuffer)) {
                 myBuffer = (byte*)XMALLOC(sending, ssl->heap,
-                                                           DYNAMIC_TYPE_WRITEV);
+                                          DYNAMIC_TYPE_WRITEV);
                 if (!myBuffer)
                     return MEMORY_ERROR;
 
@@ -15314,7 +11398,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             */
             PRAGMA_GCC_DIAG_PUSH
             PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
-            ret = wolfSSL_write(ssl, myBuffer, sending);
+            ret = wolfSSL_write_internal(ssl, myBuffer, sending);
             PRAGMA_GCC_DIAG_POP
 
             if (dynamic)
@@ -15371,7 +11455,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
                                  TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
     {
-        int       ret        = WOLFSSL_FATAL_ERROR;
+        int       ret        = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
         int       oldTimerOn = 0;   /* was timer already on */
         WOLFSSL_TIMEVAL startTime;
         WOLFSSL_TIMEVAL endTime;
@@ -15547,8 +11631,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
     }
     #ifdef OPENSSL_EXTRA
     /**
@@ -15604,8 +11687,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
     }
 
     const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@@ -15696,398 +11778,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if (ctx == NULL)
             return WOLFSSL_FAILURE;
 
-        ctx->haveAnon = 1;
+        ctx->useAnon = 1;
 
         return WOLFSSL_SUCCESS;
     }
 
 #endif /* HAVE_ANON */
 
-
 #ifndef NO_CERTS
-/* used to be defined on NO_FILESYSTEM only, but are generally useful */
-
-    int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
-                                         const unsigned char* in,
-                                         long sz, int format, int userChain,
-                                         word32 flags)
-    {
-        int verify;
-        int ret = WOLFSSL_FAILURE;
-
-        WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex");
-
-        verify = GET_VERIFY_SETTING_CTX(ctx);
-        if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
-            verify = VERIFY_SKIP_DATE;
-
-        if (format == WOLFSSL_FILETYPE_PEM)
-            ret = ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL,
-                                      verify);
-        else
-            ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
-                                 userChain, verify);
-#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
-        if (ret == WOLFSSL_SUCCESS)
-            ret = wolfSSL_CTX_trust_peer_buffer(ctx, in, sz, format);
-#endif
-
-        WOLFSSL_LEAVE("wolfSSL_CTX_load_verify_buffer_ex", ret);
-        return ret;
-    }
-
-    /* wolfSSL extension allows DER files to be loaded from buffers as well */
-    int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx,
-                                       const unsigned char* in,
-                                       long sz, int format)
-    {
-        return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 0,
-            WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
-    }
-
-    int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
-                                       const unsigned char* in,
-                                       long sz, int format)
-    {
-        return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 1,
-            WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
-    }
-
-
-#ifdef WOLFSSL_TRUST_PEER_CERT
-    int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
-                                       const unsigned char* in,
-                                       long sz, int format)
-    {
-        int verify;
-        WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer");
-
-        /* sanity check on arguments */
-        if (sz < 0 || in == NULL || ctx == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
-        #if (WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
-            verify = VERIFY_SKIP_DATE;
-        #else
-            verify = GET_VERIFY_SETTING_CTX(ctx);
-        #endif
-
-        if (format == WOLFSSL_FILETYPE_PEM)
-            return ProcessChainBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE,
-                                      NULL, verify);
-        else
-            return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
-                                 NULL, 0, verify);
-    }
-#endif /* WOLFSSL_TRUST_PEER_CERT */
-
-
-    int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
-                                 const unsigned char* in, long sz, int format)
-    {
-        int ret = WOLFSSL_FAILURE;
-
-        WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
-        ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
-                             GET_VERIFY_SETTING_CTX(ctx));
-        WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret);
-        return ret;
-    }
-
-
-    int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
-                                 const unsigned char* in, long sz, int format)
-    {
-        int ret = WOLFSSL_FAILURE;
-
-        WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
-        ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, NULL,
-                             0, GET_VERIFY_SETTING_CTX(ctx));
-        WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_buffer", ret);
-        return ret;
-    }
-
-#ifdef WOLF_PRIVATE_KEY_ID
-    int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
-                                      long sz, int devId, long keySz)
-    {
-        int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
-
-        if (ret == WOLFSSL_SUCCESS)
-            ctx->privateKeySz = (word32)keySz;
-
-        return ret;
-    }
-
-    int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
-                                      long sz, int devId)
-    {
-        int ret = WOLFSSL_FAILURE;
-
-        FreeDer(&ctx->privateKey);
-        if (AllocDer(&ctx->privateKey, (word32)sz, PRIVATEKEY_TYPE,
-                                                              ctx->heap) == 0) {
-            XMEMCPY(ctx->privateKey->buffer, id, sz);
-            ctx->privateKeyId = 1;
-            if (devId != INVALID_DEVID)
-                ctx->privateKeyDevId = devId;
-            else
-                ctx->privateKeyDevId = ctx->devId;
-
-            ret = WOLFSSL_SUCCESS;
-        }
-
-        return ret;
-    }
-
-    int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
-                                         int devId)
-    {
-        int ret = WOLFSSL_FAILURE;
-        word32 sz = (word32)XSTRLEN(label) + 1;
-
-        FreeDer(&ctx->privateKey);
-        if (AllocDer(&ctx->privateKey, (word32)sz, PRIVATEKEY_TYPE,
-                                                              ctx->heap) == 0) {
-            XMEMCPY(ctx->privateKey->buffer, label, sz);
-            ctx->privateKeyLabel = 1;
-            if (devId != INVALID_DEVID)
-                ctx->privateKeyDevId = devId;
-            else
-                ctx->privateKeyDevId = ctx->devId;
-
-            ret = WOLFSSL_SUCCESS;
-        }
-
-        return ret;
-    }
-#endif /* WOLF_PRIVATE_KEY_ID */
-
-    int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
-                                 const unsigned char* in, long sz, int format)
-    {
-        WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
-        return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
-                             GET_VERIFY_SETTING_CTX(ctx));
-    }
-
-    int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
-                                 const unsigned char* in, long sz)
-    {
-        return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
-                                                            WOLFSSL_FILETYPE_PEM);
-    }
-
-
-#ifndef NO_DH
-
-    /* server wrapper for ctx or ssl Diffie-Hellman parameters */
-    static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-                                               const unsigned char* buf,
-                                               long sz, int format)
-    {
-        DerBuffer* der = NULL;
-        int    ret      = 0;
-        word32 pSz = MAX_DH_SIZE;
-        word32 gSz = MAX_DH_SIZE;
-    #ifdef WOLFSSL_SMALL_STACK
-        byte*  p = NULL;
-        byte*  g = NULL;
-    #else
-        byte   p[MAX_DH_SIZE];
-        byte   g[MAX_DH_SIZE];
-    #endif
-
-        if (ctx == NULL || buf == NULL)
-            return BAD_FUNC_ARG;
-
-        ret = AllocDer(&der, 0, DH_PARAM_TYPE, ctx->heap);
-        if (ret != 0) {
-            return ret;
-        }
-        der->buffer = (byte*)buf;
-        der->length = (word32)sz;
-
-    #ifdef WOLFSSL_SMALL_STACK
-        p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-        g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-
-        if (p == NULL || g == NULL) {
-            XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-            XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-            return MEMORY_E;
-        }
-    #endif
-
-        if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM)
-            ret = WOLFSSL_BAD_FILETYPE;
-        else {
-            if (format == WOLFSSL_FILETYPE_PEM) {
-#ifdef WOLFSSL_PEM_TO_DER
-                FreeDer(&der);
-                ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
-                               NULL, NULL);
-                if (ret < 0) {
-                    /* Also try X9.42 format */
-                    ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, ctx->heap,
-                               NULL, NULL);
-                }
-    #ifdef WOLFSSL_WPAS
-        #ifndef NO_DSA
-                if (ret < 0) {
-                    ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap,
-                               NULL, NULL);
-                }
-        #endif
-    #endif /* WOLFSSL_WPAS */
-#else
-                ret = NOT_COMPILED_IN;
-#endif /* WOLFSSL_PEM_TO_DER */
-            }
-
-            if (ret == 0) {
-                if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0)
-                    ret = WOLFSSL_BAD_FILETYPE;
-                else if (ssl)
-                    ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
-                else
-                    ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
-            }
-        }
-
-        FreeDer(&der);
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-        XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-    #endif
-
-        return ret;
-    }
-
-
-    /* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
-    int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
-                               int format)
-    {
-        if (ssl == NULL)
-            return BAD_FUNC_ARG;
-
-        return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
-    }
-
-
-    /* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
-    int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
-                                   long sz, int format)
-    {
-        return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
-    }
-
-#endif /* NO_DH */
-
-
-    int wolfSSL_use_certificate_buffer(WOLFSSL* ssl,
-                                 const unsigned char* in, long sz, int format)
-    {
-        WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
-        if (ssl == NULL)
-            return BAD_FUNC_ARG;
-
-        return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
-                             GET_VERIFY_SETTING_SSL(ssl));
-    }
-
-
-    int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl,
-                                 const unsigned char* in, long sz, int format)
-    {
-        WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
-        if (ssl == NULL)
-            return BAD_FUNC_ARG;
-
-        return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
-                             ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
-    }
-
-#ifdef WOLF_PRIVATE_KEY_ID
-    int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id,
-                                  long sz, int devId, long keySz)
-    {
-        int ret = wolfSSL_use_PrivateKey_Id(ssl, id, sz, devId);
-
-        if (ret == WOLFSSL_SUCCESS)
-            ssl->buffers.keySz = (word32)keySz;
-
-        return ret;
-    }
-
-    int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id,
-                                  long sz, int devId)
-    {
-        int ret = WOLFSSL_FAILURE;
-
-        if (ssl->buffers.weOwnKey)
-            FreeDer(&ssl->buffers.key);
-        if (AllocDer(&ssl->buffers.key, (word32)sz, PRIVATEKEY_TYPE,
-                                                            ssl->heap) == 0) {
-            XMEMCPY(ssl->buffers.key->buffer, id, sz);
-            ssl->buffers.weOwnKey = 1;
-            ssl->buffers.keyId = 1;
-            if (devId != INVALID_DEVID)
-                ssl->buffers.keyDevId = devId;
-            else
-                ssl->buffers.keyDevId = ssl->devId;
-
-            ret = WOLFSSL_SUCCESS;
-        }
-
-        return ret;
-    }
-
-    int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId)
-    {
-        int ret = WOLFSSL_FAILURE;
-        word32 sz = (word32)XSTRLEN(label) + 1;
-
-        if (ssl->buffers.weOwnKey)
-            FreeDer(&ssl->buffers.key);
-        if (AllocDer(&ssl->buffers.key, (word32)sz, PRIVATEKEY_TYPE,
-                                                            ssl->heap) == 0) {
-            XMEMCPY(ssl->buffers.key->buffer, label, sz);
-            ssl->buffers.weOwnKey = 1;
-            ssl->buffers.keyLabel = 1;
-            if (devId != INVALID_DEVID)
-                ssl->buffers.keyDevId = devId;
-            else
-                ssl->buffers.keyDevId = ssl->devId;
-
-            ret = WOLFSSL_SUCCESS;
-        }
-
-        return ret;
-    }
-#endif /* WOLF_PRIVATE_KEY_ID */
-
-    int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
-                                 const unsigned char* in, long sz, int format)
-    {
-        WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
-        if (ssl == NULL)
-            return BAD_FUNC_ARG;
-
-        return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE,
-                             ssl, NULL, 1, GET_VERIFY_SETTING_SSL(ssl));
-    }
-
-    int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
-                                 const unsigned char* in, long sz)
-    {
-        return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
-                                                            WOLFSSL_FILETYPE_PEM);
-    }
-
 
     /* unload any certs or keys that SSL owns, leave CTX as is
        WOLFSSL_SUCCESS on ok */
@@ -16118,9 +11816,24 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             WOLFSSL_MSG("Unloading key");
             ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length);
             FreeDer(&ssl->buffers.key);
+        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+            FreeDer(&ssl->buffers.keyMask);
+        #endif
             ssl->buffers.weOwnKey = 0;
         }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (ssl->buffers.weOwnAltKey) {
+            WOLFSSL_MSG("Unloading alt key");
+            ForceZero(ssl->buffers.altKey->buffer, ssl->buffers.altKey->length);
+            FreeDer(&ssl->buffers.altKey);
+        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+            FreeDer(&ssl->buffers.altKeyMask);
+        #endif
+            ssl->buffers.weOwnAltKey = 0;
+        }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
         return WOLFSSL_SUCCESS;
     }
 
@@ -16135,6 +11848,34 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         return wolfSSL_CertManagerUnloadCAs(ctx->cm);
     }
 
+    int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx)
+    {
+        int ret;
+
+        WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts");
+
+        if (ctx == NULL)
+            return BAD_FUNC_ARG;
+
+        ret = wolfSSL_RefWithMutexLock(&ctx->ref);
+        if (ret < 0)
+            return ret;
+
+        if (ctx->ref.count > 1) {
+            WOLFSSL_MSG("ctx object must have a ref count of 1 before "
+                        "unloading intermediate certs");
+            ret = BAD_STATE_E;
+        }
+        else {
+            ret = wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm);
+        }
+
+        if (wolfSSL_RefWithMutexUnlock(&ctx->ref) != 0)
+            WOLFSSL_MSG("Failed to unlock mutex!");
+
+        return ret;
+    }
+
 
 #ifdef WOLFSSL_TRUST_PEER_CERT
     int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx)
@@ -16179,8 +11920,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     {
         WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf");
 
-        if  (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR)
+        if  (wolfSSL_add_all_algorithms() ==
+             WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR))
+        {
             return WOLFSSL_FATAL_ERROR;
+        }
 
         return  WOLFSSL_SUCCESS;
     }
@@ -16193,26 +11937,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         the use of a wolfssl.cnf type configuration file and is only used for
         OpenSSL compatibility. */
 
-        if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) {
+        if (wolfSSL_add_all_algorithms() ==
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR))
+        {
             return WOLFSSL_FATAL_ERROR;
         }
         return WOLFSSL_SUCCESS;
     }
 
-   /* returns previous set cache size which stays constant */
-    long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
-    {
-        /* cache size fixed at compile time in wolfSSL */
-        (void)ctx;
-        (void)sz;
-        WOLFSSL_MSG("session cache is set at compile time");
-        #ifndef NO_SESSION_CACHE
-            return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
-        #else
-            return 0;
-        #endif
-    }
-
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
@@ -16236,7 +11968,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 #ifdef OPENSSL_EXTRA
 #ifndef NO_BIO
-    void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
+    static void ssl_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags)
     {
         WOLFSSL_ENTER("wolfSSL_set_bio");
 
@@ -16247,8 +11979,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
         /* free any existing WOLFSSL_BIOs in use but don't free those in
          * a chain */
-        if (ssl->biord != NULL) {
-            if (ssl->biord != ssl->biowr) {
+        if ((flags & WOLFSSL_BIO_FLAG_READ) && (ssl->biord != NULL)) {
+            if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biord != ssl->biowr)) {
                 if (ssl->biowr != NULL && ssl->biowr->prev != NULL)
                     wolfSSL_BIO_free(ssl->biowr);
                 ssl->biowr = NULL;
@@ -16257,33 +11989,61 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 wolfSSL_BIO_free(ssl->biord);
             ssl->biord = NULL;
         }
+        else if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biowr != NULL)) {
+            if (ssl->biowr->prev != NULL)
+                wolfSSL_BIO_free(ssl->biowr);
+            ssl->biowr = NULL;
+        }
+
         /* set flag obviously */
         if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ))
             rd->flags |= WOLFSSL_BIO_FLAG_READ;
         if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE))
             wr->flags |= WOLFSSL_BIO_FLAG_WRITE;
 
-        ssl->biord = rd;
-        ssl->biowr = wr;
+        if (flags & WOLFSSL_BIO_FLAG_READ)
+            ssl->biord = rd;
+        if (flags & WOLFSSL_BIO_FLAG_WRITE)
+            ssl->biowr = wr;
 
         /* set SSL to use BIO callbacks instead */
-        if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)) {
-            ssl->CBIORecv = BioReceive;
+        if ((flags & WOLFSSL_BIO_FLAG_READ) &&
+            (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)))
+        {
+            ssl->CBIORecv = SslBioReceive;
         }
-        if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)) {
-            ssl->CBIOSend = BioSend;
+        if ((flags & WOLFSSL_BIO_FLAG_WRITE) &&
+            (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)))
+        {
+            ssl->CBIOSend = SslBioSend;
         }
 
         /* User programs should always retry reading from these BIOs */
         if (rd) {
             /* User writes to rd */
-            BIO_set_retry_write(rd);
+            wolfSSL_BIO_set_retry_write(rd);
         }
         if (wr) {
             /* User reads from wr */
-            BIO_set_retry_read(wr);
+            wolfSSL_BIO_set_retry_read(wr);
         }
     }
+
+    void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
+    {
+        ssl_set_bio(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE);
+    }
+
+    void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd)
+    {
+        ssl_set_bio(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ);
+    }
+
+    void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr)
+    {
+        ssl_set_bio(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE);
+    }
+
 #endif /* !NO_BIO */
 #endif /* OPENSSL_EXTRA */
 
@@ -16360,6 +12120,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         }
         return WOLFSSL_FAILURE;
     }
+
+#ifndef NO_TLS
     WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
             byte second)
     {
@@ -16375,6 +12137,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         info.psk = (byte)CipherRequires(first, second, REQUIRES_PSK);
         return info;
     }
+#endif
 
     /**
      * @param first First byte of the hash and signature algorithm
@@ -16429,13 +12192,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             *sigAlgo = FALCON_LEVEL5k;
             break;
         case dilithium_level2_sa_algo:
-            *sigAlgo = DILITHIUM_LEVEL2k;
+            *sigAlgo = ML_DSA_LEVEL2k;
             break;
         case dilithium_level3_sa_algo:
-            *sigAlgo = DILITHIUM_LEVEL3k;
+            *sigAlgo = ML_DSA_LEVEL3k;
             break;
         case dilithium_level5_sa_algo:
-            *sigAlgo = DILITHIUM_LEVEL5k;
+            *sigAlgo = ML_DSA_LEVEL5k;
             break;
         case sm2_sa_algo:
             *sigAlgo = SM2k;
@@ -16529,7 +12292,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list");
 
         if (ctx == NULL) {
-            WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get_client_CA_list");
+            WOLFSSL_MSG("Bad argument passed to "
+                        "wolfSSL_CTX_get_client_CA_list");
             return NULL;
         }
 
@@ -16577,7 +12341,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return WOLFSSL_FAILURE;
         }
 
-        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
             wolfSSL_X509_NAME_free(nameCopy);
             return WOLFSSL_FAILURE;
@@ -16589,7 +12353,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     #ifndef NO_BIO
         #if !defined(NO_RSA) && !defined(NO_CERTS)
-        WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
+        WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(
+            const char* fname)
         {
             /* The webserver build is using this to load a CA into the server
              * for client authentication as an option. Have this return NULL in
@@ -16600,7 +12365,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             WOLFSSL_BIO* bio = NULL;
             WOLFSSL_X509 *cert = NULL;
             WOLFSSL_X509_NAME *nameCopy = NULL;
-            unsigned long err = WOLFSSL_FAILURE;
+            unsigned long err = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
             WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
 
@@ -16631,8 +12396,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 */
                 nameCopy->x509 = NULL;
 
-                if (wolfSSL_sk_X509_NAME_push(list, nameCopy) !=
-                        WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) {
                     WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
                     /* Do free in loop because nameCopy is now responsibility
                      * of list to free and adding jumps to cleanup after this
@@ -16668,69 +12432,6 @@ cleanup:
 
 #ifdef OPENSSL_EXTRA
 
-    #ifdef WOLFSSL_SYS_CA_CERTS
-    /*
-     * This is an OpenSSL compatibility layer function, but it doesn't mirror
-     * the exact functionality of its OpenSSL counterpart. We don't support the
-     * notion of an "OpenSSL directory". This function will attempt to load the
-     * environment variables SSL_CERT_DIR and SSL_CERT_FILE, if either are found,
-     * they will be loaded. Otherwise, it will act as a wrapper around our
-     * native wolfSSL_CTX_load_system_CA_certs function. This function does
-     * conform to OpenSSL's return value conventions.
-     */
-    int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
-    {
-        int ret;
-#ifdef XGETENV
-        char* certDir;
-        char* certFile;
-        word32 flags;
-#endif
-
-        WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
-
-#ifdef XGETENV
-        certDir = XGETENV("SSL_CERT_DIR");
-        certFile = XGETENV("SSL_CERT_FILE");
-        flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
-
-        if (certDir || certFile) {
-            if (certDir) {
-               /*
-                * We want to keep trying to load more CAs even if one cert in
-                * the directory is bad and can't be used (e.g. if one is expired),
-                * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR.
-                */
-                flags |= WOLFSSL_LOAD_FLAG_IGNORE_ERR;
-            }
-
-            ret = wolfSSL_CTX_load_verify_locations_ex(ctx, certFile, certDir,
-                    flags);
-            if (ret != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG_EX("Failed to load CA certs from SSL_CERT_FILE: %s"
-                                " SSL_CERT_DIR: %s. Error: %d", certFile,
-                                certDir, ret);
-                return WOLFSSL_FAILURE;
-            }
-            return ret;
-        }
-#endif
-
-        ret = wolfSSL_CTX_load_system_CA_certs(ctx);
-        if (ret == WOLFSSL_BAD_PATH) {
-            /*
-             * OpenSSL doesn't treat the lack of a system CA cert directory as a
-             * failure. We do the same here.
-             */
-            ret = WOLFSSL_SUCCESS;
-        }
-
-        WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
-
-        return ret;
-    }
-    #endif /* WOLFSSL_SYS_CA_CERTS */
-
     #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
         && !defined(WC_NO_RNG)
     static const byte srp_N[] = {
@@ -16856,16 +12557,12 @@ cleanup:
                 wc_FreeRng(&rng);
                 return WOLFSSL_FAILURE;
             }
-            if (ctx->srp_password != NULL){
-                XFREE(ctx->srp_password,NULL,
-                      DYNAMIC_TYPE_SRP);
-                ctx->srp_password = NULL;
-            }
+            XFREE(ctx->srp_password, NULL, DYNAMIC_TYPE_SRP);
+            ctx->srp_password = NULL;
             wc_FreeRng(&rng);
         } else {
             /* save password for wolfSSL_set_srp_username */
-            if (ctx->srp_password != NULL)
-                XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP);
+            XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
 
             ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap,
                                                DYNAMIC_TYPE_SRP);
@@ -16919,7 +12616,8 @@ cleanup:
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || \
+    defined(WOLFSSL_WPAS_SMALL)
 
     /* store keys returns WOLFSSL_SUCCESS or -1 on error */
     int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
@@ -16996,13 +12694,14 @@ cleanup:
 #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
     /* return true if connection established */
+    /* this works for TLS and DTLS */
     int wolfSSL_is_init_finished(const WOLFSSL* ssl)
     {
         if (ssl == NULL)
             return 0;
 
-        /* Can't use ssl->options.connectState and ssl->options.acceptState because
-         * they differ in meaning for TLS <=1.2 and 1.3 */
+        /* Can't use ssl->options.connectState and ssl->options.acceptState
+         * because they differ in meaning for TLS <=1.2 and 1.3 */
         if (ssl->options.handShakeState == HANDSHAKE_DONE)
             return 1;
 
@@ -17038,7 +12737,7 @@ cleanup:
         WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
         if(ctx == NULL)
             return BAD_FUNC_ARG;
-        return ctx->mask;
+        return (long)ctx->mask;
     }
 
     /* forward declaration */
@@ -17051,7 +12750,7 @@ cleanup:
         if (ctx == NULL)
             return BAD_FUNC_ARG;
 
-        ctx->mask = wolf_set_options(ctx->mask, opt);
+        ctx->mask = (unsigned long)wolf_set_options((long)ctx->mask, opt);
 #if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \
         || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL))
         if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
@@ -17067,7 +12766,7 @@ cleanup:
         #endif
         */
 #endif
-        return ctx->mask;
+        return (long)ctx->mask;
     }
 
     long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
@@ -17075,8 +12774,8 @@ cleanup:
         WOLFSSL_ENTER("wolfSSL_CTX_clear_options");
         if(ctx == NULL)
             return BAD_FUNC_ARG;
-        ctx->mask &= ~opt;
-        return ctx->mask;
+        ctx->mask &= (unsigned long)~opt;
+        return (long)ctx->mask;
     }
 
 #ifdef OPENSSL_EXTRA
@@ -17110,66 +12809,10 @@ cleanup:
     }
 #endif /* OPENSSL_EXTRA */
 
-#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
+#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
+    defined(WOLFSSL_WPAS_SMALL))
 
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    /**
-     * Implemented in a similar way that ngx_ssl_ocsp_validate does it when
-     * SSL_get0_verified_chain is not available.
-     * @param ssl WOLFSSL object to extract certs from
-     * @return Stack of verified certs
-     */
-    WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl)
-    {
-        WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL;
-        WOLFSSL_X509_STORE_CTX* storeCtx = NULL;
-        WOLFSSL_X509* peerCert = NULL;
-
-        WOLFSSL_ENTER("wolfSSL_get0_verified_chain");
-
-        if (ssl == NULL || ssl->ctx == NULL) {
-            WOLFSSL_MSG("Bad parameter");
-            return NULL;
-        }
-
-        peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl);
-        if (peerCert == NULL) {
-            WOLFSSL_MSG("wolfSSL_get_peer_certificate error");
-            return NULL;
-        }
-        /* wolfSSL_get_peer_certificate returns a copy. We want the internal
-         * member so that we don't have to worry about free'ing it. We call
-         * wolfSSL_get_peer_certificate so that we don't have to worry about
-         * setting up the internal pointer. */
-        wolfSSL_X509_free(peerCert);
-        peerCert = (WOLFSSL_X509*)&ssl->peerCert;
-        chain = wolfSSL_get_peer_cert_chain(ssl);
-        if (chain == NULL) {
-            WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error");
-            return NULL;
-        }
-        storeCtx = wolfSSL_X509_STORE_CTX_new();
-        if (storeCtx == NULL) {
-            WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error");
-            return NULL;
-        }
-        if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl),
-                peerCert, chain) != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error");
-            wolfSSL_X509_STORE_CTX_free(storeCtx);
-            return NULL;
-        }
-        if (wolfSSL_X509_verify_cert(storeCtx) <= 0) {
-            WOLFSSL_MSG("wolfSSL_X509_verify_cert error");
-            wolfSSL_X509_STORE_CTX_free(storeCtx);
-            return NULL;
-        }
-        wolfSSL_X509_STORE_CTX_free(storeCtx);
-        return chain;
-    }
-#endif /* SESSION_CERTS && OPENSSL_EXTRA */
-
-    WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
+    WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx)
     {
         if (ctx == NULL) {
             return NULL;
@@ -17177,7 +12820,7 @@ cleanup:
 
         if (ctx->x509_store_pt != NULL)
             return ctx->x509_store_pt;
-        return &ctx->x509_store;
+        return &((WOLFSSL_CTX*)ctx)->x509_store;
     }
 
     void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
@@ -17208,7 +12851,8 @@ cleanup:
     }
 
 #ifdef OPENSSL_ALL
-    int wolfSSL_CTX_set1_verify_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
+    int wolfSSL_CTX_set1_verify_cert_store(WOLFSSL_CTX* ctx,
+        WOLFSSL_X509_STORE* str)
     {
         WOLFSSL_ENTER("wolfSSL_CTX_set1_verify_cert_store");
 
@@ -17335,7 +12979,7 @@ cleanup:
     {
         WOLFSSL_ENTER("wolfSSL_ERR_get_error");
 #ifdef WOLFSSL_HAVE_ERROR_QUEUE
-        return wc_GetErrorNodeErr();
+        return (unsigned long)wc_GetErrorNodeErr();
 #else
         return (unsigned long)(0 - NOT_COMPILED_IN);
 #endif
@@ -17406,7 +13050,8 @@ cleanup:
         do {
         ret = wc_PeekErrorNode(0, &file, &reason, &line);
         if (ret >= 0) {
-            const char* r = wolfSSL_ERR_reason_error_string(0 - ret);
+            const char* r = wolfSSL_ERR_reason_error_string(
+                (unsigned long)(0 - ret));
             if (XSNPRINTF(buf, sizeof(buf),
                           "error:%d:wolfSSL library:%s:%s:%d\n",
                           ret, r, file, line)
@@ -17492,8 +13137,9 @@ int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey)
         int sz;
 
         PRIVATE_KEY_UNLOCK();
-        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) !=
-                LENGTH_ONLY_E) {
+        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
             WOLFSSL_MSG("get ecc der size failed");
             PRIVATE_KEY_LOCK();
             return WOLFSSL_FAILURE;
@@ -17720,6 +13366,7 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
     if (ctx == NULL) {
         return WOLFSSL_FAILURE;
     }
+
     if (version != 0) {
         proto = version;
         ctx->minProto = 0; /* turn min proto flag off */
@@ -17893,7 +13540,7 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver)
 int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int minProto;
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version");
@@ -18014,7 +13661,7 @@ static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver)
 int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);;
 
     WOLFSSL_ENTER("wolfSSL_set_min_proto_version");
 
@@ -18082,7 +13729,7 @@ static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver)
 int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);;
 
     WOLFSSL_ENTER("wolfSSL_set_max_proto_version");
 
@@ -18220,7 +13867,7 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx)
 
     WOLFSSL_LEAVE("wolfSSL_CTX_get_max_proto_version", ret);
 
-    if (ret == WOLFSSL_FATAL_ERROR) {
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
         WOLFSSL_MSG("Error getting max proto version");
         ret = 0; /* setting ret to 0 to match compat return */
     }
@@ -18272,7 +13919,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
     unsigned long wolfSSLeay(void)
     {
+#ifdef SSLEAY_VERSION_NUMBER
         return SSLEAY_VERSION_NUMBER;
+#else
+        return OPENSSL_VERSION_NUMBER;
+#endif
     }
 
     unsigned long wolfSSL_OpenSSL_version_num(void)
@@ -18394,6 +14045,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         ssl->keys.encryptionOn = 0;
         XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
 
+        FreeCiphers(ssl);
+        InitCiphers(ssl);
+        InitCipherSpecs(&ssl->specs);
+
         if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS)
             return WOLFSSL_FAILURE;
 
@@ -18408,7 +14063,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 #ifdef WOLFSSL_QUIC
         wolfSSL_quic_clear(ssl);
 #endif
-
+#ifdef HAVE_OCSP
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+        ssl->response_idx = 0;
+#endif
+#endif
         return WOLFSSL_SUCCESS;
     }
 
@@ -18421,7 +14080,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_CTX_set_mode");
         switch(mode) {
-            case SSL_MODE_ENABLE_PARTIAL_WRITE:
+            case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE:
                 ctx->partialWrite = 1;
                 break;
             #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -18429,15 +14088,15 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
                 break;
             #endif
-            case SSL_MODE_AUTO_RETRY:
+            case WOLFSSL_MODE_AUTO_RETRY:
                 ctx->autoRetry = 1;
                 break;
             default:
                 WOLFSSL_MSG("Mode Not Implemented");
         }
 
-        /* SSL_MODE_AUTO_RETRY
-         * Should not return -1 with renegotiation on read/write */
+        /* WOLFSSL_MODE_AUTO_RETRY
+         * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return mode;
     }
@@ -18448,7 +14107,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_CTX_clear_mode");
         switch(mode) {
-            case SSL_MODE_ENABLE_PARTIAL_WRITE:
+            case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE:
                 ctx->partialWrite = 0;
                 break;
             #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -18456,73 +14115,20 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
                 break;
             #endif
-            case SSL_MODE_AUTO_RETRY:
+            case WOLFSSL_MODE_AUTO_RETRY:
                 ctx->autoRetry = 0;
                 break;
             default:
                 WOLFSSL_MSG("Mode Not Implemented");
         }
 
-        /* SSL_MODE_AUTO_RETRY
-         * Should not return -1 with renegotiation on read/write */
+        /* WOLFSSL_MODE_AUTO_RETRY
+         * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return 0;
     }
 #endif
 
-#ifdef WOLFSSL_SESSION_ID_CTX
-    /* Storing app session context id, this value is inherited by WOLFSSL
-     * objects created from WOLFSSL_CTX. Any session that is imported with a
-     * different session context id will be rejected.
-     *
-     * ctx         structure to set context in
-     * sid_ctx     value of context to set
-     * sid_ctx_len length of sid_ctx buffer
-     *
-     * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing
-     */
-    int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
-                                           const unsigned char* sid_ctx,
-                                           unsigned int sid_ctx_len)
-    {
-        WOLFSSL_ENTER("wolfSSL_CTX_set_session_id_context");
-
-        /* No application specific context needed for wolfSSL */
-        if (sid_ctx_len > ID_LEN || ctx == NULL || sid_ctx == NULL) {
-            return WOLFSSL_FAILURE;
-        }
-        XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len);
-        ctx->sessionCtxSz = (byte)sid_ctx_len;
-
-        return WOLFSSL_SUCCESS;
-    }
-
-
-
-    /* Storing app session context id. Any session that is imported with a
-     * different session context id will be rejected.
-     *
-     * ssl  structure to set context in
-     * id   value of context to set
-     * len  length of sid_ctx buffer
-     *
-     * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing
-     */
-    int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
-                                   unsigned int len)
-    {
-        WOLFSSL_ENTER("wolfSSL_set_session_id_context");
-
-        if (len > ID_LEN || ssl == NULL || id == NULL) {
-            return WOLFSSL_FAILURE;
-        }
-        XMEMCPY(ssl->sessionCtx, id, len);
-        ssl->sessionCtxSz = (byte)len;
-
-        return WOLFSSL_SUCCESS;
-    }
-#endif
-
 #ifdef OPENSSL_EXTRA
 
     #ifndef NO_WOLFSSL_STUB
@@ -18556,17 +14162,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
     #endif
 
 
-    long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
-    {
-        (void)ctx;
-        #ifndef NO_SESSION_CACHE
-            return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
-        #else
-            return 0;
-        #endif
-    }
-
-
     /* returns the unsigned error value and increments the pointer into the
      * error queue.
      *
@@ -18578,7 +14173,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
     #ifdef WOLFSSL_HAVE_ERROR_QUEUE
         int ret = wc_PullErrorNode(file, NULL, line);
         if (ret < 0) {
-            if (ret == BAD_STATE_E) return 0; /* no errors in queue */
+            if (ret == WC_NO_ERR_TRACE(BAD_STATE_E))
+                return 0; /* no errors in queue */
             WOLFSSL_MSG("Issue getting error node");
             WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line", ret);
             ret = 0 - ret; /* return absolute value of error */
@@ -18672,7 +14268,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
      *
      * file  output pointer to file where error happened
      * line  output to line number of error
-     * data  output data. Is a string if ERR_TXT_STRING flag is used
+     * data  output data. Is a string if WOLFSSL_ERR_TXT_STRING flag is used
      * flags output format of output
      *
      * Returns the error value or 0 if no errors are in the queue
@@ -18686,11 +14282,12 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
 
         if (flags != NULL)
-            *flags = ERR_TXT_STRING; /* Clear the flags */
+            *flags = WOLFSSL_ERR_TXT_STRING; /* Clear the flags */
 
         ret = wc_PullErrorNode(file, data, line);
         if (ret < 0) {
-            if (ret == BAD_STATE_E) return 0; /* no errors in queue */
+            if (ret == WC_NO_ERR_TRACE(BAD_STATE_E))
+                return 0; /* no errors in queue */
             WOLFSSL_MSG("Error with pulling error node!");
             WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
             ret = 0 - ret; /* return absolute value of error */
@@ -18743,8 +14340,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         /* Create a DecodedCert object and copy fields into WOLFSSL_X509 object.
          */
-        InitDecodedCert(cert, (byte*)in, len, NULL);
-        if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) {
+        InitDecodedCert(cert, (byte*)in, (word32)len, NULL);
+        if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) == 0) {
         /* Check if x509 was not previously initialized by wolfSSL_X509_new() */
             if (x509->dynamicMemory != TRUE)
                 InitX509(x509, 0, NULL);
@@ -18787,7 +14384,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
 /* Return stack of peer certs.
- * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl is.
+ * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl
+ * is.
  */
 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
 {
@@ -18798,12 +14396,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
 
     /* Try to populate if NULL or empty */
     if (ssl->peerCertChain == NULL ||
-            wolfSSL_sk_X509_num(ssl->peerCertChain) == 0)
+            wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) {
         wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl);
+    }
     return ssl->peerCertChain;
 }
 
-#ifndef WOLFSSL_QT
+
 static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
         WOLFSSL_X509 *x);
 /**
@@ -18834,7 +14433,7 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
     i--;
     for (; i >= 0; i--) {
         if (push) {
-            if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(sk, issuer[i]) <= 0) {
                 wolfSSL_X509_free(issuer[i]);
                 ret = WOLFSSL_FATAL_ERROR;
                 push = 0; /* Free the rest of the unpushed certs */
@@ -18846,13 +14445,14 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
     }
     return ret;
 }
-#endif /* !WOLFSSL_QT */
+
 
 /* Builds up and creates a stack of peer certificates for ssl->peerCertChain
-    based off of the ssl session chain. Attempts to place CA certificates
-    at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or
-    NULL on failure */
-WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
+    or ssl->verifiedChain based off of the ssl session chain. Attempts to place
+    CA certificates at the bottom of the stack for a verified chain. Returns
+    stack of WOLFSSL_X509 certs or NULL on failure */
+static WOLF_STACK_OF(WOLFSSL_X509)* CreatePeerCertChain(const WOLFSSL* ssl,
+    int verifiedFlag)
 {
     WOLFSSL_STACK* sk;
     WOLFSSL_X509* x509;
@@ -18866,7 +14466,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
     sk = wolfSSL_sk_X509_new_null();
     i = ssl->session->chain.count-1;
     for (; i >= 0; i--) {
-        x509 = wolfSSL_X509_new();
+        x509 = wolfSSL_X509_new_ex(ssl->heap);
         if (x509 == NULL) {
             WOLFSSL_MSG("Error Creating X509");
             wolfSSL_sk_X509_pop_free(sk, NULL);
@@ -18874,19 +14474,17 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
         }
         ret = DecodeToX509(x509, ssl->session->chain.certs[i].buffer,
                              ssl->session->chain.certs[i].length);
-#if !defined(WOLFSSL_QT)
-        if (ret == 0 && i == ssl->session->chain.count-1) {
-            /* On the last element in the chain try to add the CA chain
+        if (ret == 0 && i == ssl->session->chain.count-1 && verifiedFlag) {
+            /* On the last element in the verified chain try to add the CA chain
              * first if we have one for this cert */
             SSL_CM_WARNING(ssl);
             if (PushCAx509Chain(SSL_CM(ssl), x509, sk)
-                    == WOLFSSL_FATAL_ERROR) {
+                    == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
                 ret = WOLFSSL_FATAL_ERROR;
             }
         }
-#endif
 
-        if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+        if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) <= 0) {
             WOLFSSL_MSG("Error decoding cert");
             wolfSSL_X509_free(x509);
             wolfSSL_sk_X509_pop_free(sk, NULL);
@@ -18897,19 +14495,93 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
     if (sk == NULL) {
         WOLFSSL_MSG("Null session chain");
     }
-#if defined(OPENSSL_ALL)
-    else if (ssl->options.side == WOLFSSL_SERVER_END) {
-        /* to be compliant with openssl
-           first element is kept as peer cert on server side.*/
-        wolfSSL_sk_X509_pop(sk);
-    }
-#endif
-    if (ssl->peerCertChain != NULL)
-        wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL);
-    /* This is Free'd when ssl is Free'd */
-    ssl->peerCertChain = sk;
     return sk;
 }
+
+
+/* Builds up and creates a stack of peer certificates for ssl->peerCertChain
+    returns the stack on success and NULL on failure */
+WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
+{
+    WOLFSSL_STACK* sk;
+
+    WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain");
+    if ((ssl == NULL) || (ssl->session->chain.count == 0))
+        return NULL;
+
+    sk = CreatePeerCertChain(ssl, 0);
+
+    if (sk != NULL) {
+        if (ssl->peerCertChain != NULL)
+            wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL);
+
+        /* This is Free'd when ssl is Free'd */
+        ssl->peerCertChain = sk;
+    }
+    return sk;
+}
+
+
+/**
+ * Implemented in a similar way that ngx_ssl_ocsp_validate does it when
+ * SSL_get0_verified_chain is not available.
+ * @param ssl WOLFSSL object to extract certs from
+ * @return Stack of verified certs
+ */
+WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl)
+{
+    WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL;
+    WOLFSSL_X509_STORE_CTX* storeCtx = NULL;
+    WOLFSSL_X509* peerCert = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_get0_verified_chain");
+
+    if (ssl == NULL || ssl->ctx == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return NULL;
+    }
+
+    peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl);
+    if (peerCert == NULL) {
+        WOLFSSL_MSG("wolfSSL_get_peer_certificate error");
+        return NULL;
+    }
+    /* wolfSSL_get_peer_certificate returns a copy. We want the internal
+     * member so that we don't have to worry about free'ing it. We call
+     * wolfSSL_get_peer_certificate so that we don't have to worry about
+     * setting up the internal pointer. */
+    wolfSSL_X509_free(peerCert);
+    peerCert = (WOLFSSL_X509*)&ssl->peerCert;
+    chain = CreatePeerCertChain((WOLFSSL*)ssl, 1);
+    if (chain == NULL) {
+        WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error");
+        return NULL;
+    }
+
+    if (ssl->verifiedChain != NULL) {
+        wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL);
+    }
+    ((WOLFSSL*)ssl)->verifiedChain = chain;
+
+    storeCtx = wolfSSL_X509_STORE_CTX_new();
+    if (storeCtx == NULL) {
+        WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error");
+        return NULL;
+    }
+    if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl),
+            peerCert, chain) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error");
+        wolfSSL_X509_STORE_CTX_free(storeCtx);
+        return NULL;
+    }
+    if (wolfSSL_X509_verify_cert(storeCtx) <= 0) {
+        WOLFSSL_MSG("wolfSSL_X509_verify_cert error");
+        wolfSSL_X509_STORE_CTX_free(storeCtx);
+        return NULL;
+    }
+    wolfSSL_X509_STORE_CTX_free(storeCtx);
+    return chain;
+}
 #endif /* SESSION_CERTS && OPENSSL_EXTRA */
 
 #ifndef NO_CERTS
@@ -18976,71 +14648,85 @@ static WC_INLINE int compare_WOLFSSL_CIPHER(
         (a->bits == b->bits))
         return 0;
     else
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 }
 #endif /* OPENSSL_ALL || WOLFSSL_QT */
 
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
+{
+    WOLFSSL_ENTER("wolfSSL_sk_push");
+
+    return wolfSSL_sk_insert(sk, data, 0);
+}
+
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx)
 {
     WOLFSSL_STACK* node;
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     WOLFSSL_CIPHER ciph;
 #endif
-    WOLFSSL_ENTER("wolfSSL_sk_push");
+    WOLFSSL_ENTER("wolfSSL_sk_insert");
 
-    if (!sk) {
+    if (!sk)
+        return WOLFSSL_FATAL_ERROR;
+    if (!data)
         return WOLFSSL_FAILURE;
-    }
 
-    /* Check if empty data */
-    switch (sk->type) {
-        case STACK_TYPE_CIPHER:
+    if (idx == 0 || sk->num == 0) {
+        /* Check if empty data */
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            /* check if entire struct is zero */
-            XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
-            if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
-                sk->data.cipher = *(WOLFSSL_CIPHER*)data;
-                sk->num = 1;
-                if (sk->hash_fn) {
-                    sk->hash = sk->hash_fn(&sk->data.cipher);
+                /* check if entire struct is zero */
+                XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
+                if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
+                    sk->data.cipher = *(WOLFSSL_CIPHER*)data;
+                    sk->num = 1;
+                    if (sk->hash_fn) {
+                        sk->hash = sk->hash_fn(&sk->data.cipher);
+                    }
+                    return (int)sk->num;
                 }
-                return WOLFSSL_SUCCESS;
-            }
-            break;
+                if (sk->num == 0)
+                    sk->num = 1; /* confirmed at least one element */
+                break;
 #endif
-        case STACK_TYPE_X509:
-        case STACK_TYPE_GEN_NAME:
-        case STACK_TYPE_BIO:
-        case STACK_TYPE_OBJ:
-        case STACK_TYPE_STRING:
-        case STACK_TYPE_ACCESS_DESCRIPTION:
-        case STACK_TYPE_X509_EXT:
-        case STACK_TYPE_X509_REQ_ATTR:
-        case STACK_TYPE_NULL:
-        case STACK_TYPE_X509_NAME:
-        case STACK_TYPE_X509_NAME_ENTRY:
-        case STACK_TYPE_CONF_VALUE:
-        case STACK_TYPE_X509_INFO:
-        case STACK_TYPE_BY_DIR_entry:
-        case STACK_TYPE_BY_DIR_hash:
-        case STACK_TYPE_X509_OBJ:
-        case STACK_TYPE_DIST_POINT:
-        case STACK_TYPE_X509_CRL:
-        default:
-            /* All other types are pointers */
-            if (!sk->data.generic) {
-                sk->data.generic = (void*)data;
-                sk->num = 1;
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                /* All other types are pointers */
+                if (!sk->data.generic) {
+                    sk->data.generic = (void*)data;
+                    sk->num = 1;
 #ifdef OPENSSL_ALL
-                if (sk->hash_fn) {
-                    sk->hash = sk->hash_fn(sk->data.generic);
-                }
+                    if (sk->hash_fn)
+                        sk->hash = sk->hash_fn(sk->data.generic);
 #endif
-                return WOLFSSL_SUCCESS;
-            }
-            break;
+                    return (int)sk->num;
+                }
+                if (sk->num == 0)
+                    sk->num = 1; /* confirmed at least one element */
+                break;
+        }
     }
 
     /* stack already has value(s) create a new node and add more */
@@ -19049,26 +14735,71 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
         WOLFSSL_MSG("Memory error");
         return WOLFSSL_FAILURE;
     }
-
-    /* push new x509 onto head of stack */
-    node->next      = sk->next;
     node->type      = sk->type;
-    sk->next        = node;
     sk->num        += 1;
-
 #ifdef OPENSSL_ALL
     node->hash_fn = sk->hash_fn;
-    node->hash = sk->hash;
-    sk->hash = 0;
 #endif
+
+    if (idx == 0) {
+        /* Special case where we need to change the values in the head element
+         * to avoid changing the initial pointer. */
+        /* push new item onto head of stack */
+        node->next      = sk->next;
+        sk->next        = node;
+#ifdef OPENSSL_ALL
+        node->hash = sk->hash;
+        sk->hash = 0;
+#endif
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+                node->data.cipher = sk->data.cipher;
+                sk->data.cipher = *(WOLFSSL_CIPHER*)data;
+                if (sk->hash_fn) {
+                    sk->hash = sk->hash_fn(&sk->data.cipher);
+                }
+                break;
+#endif
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                /* All other types are pointers */
+                node->data.generic = sk->data.generic;
+                sk->data.generic = (void*)data;
+#ifdef OPENSSL_ALL
+                if (sk->hash_fn)
+                    sk->hash = sk->hash_fn(sk->data.generic);
+#endif
+                break;
+        }
+
+        return (int)sk->num;
+    }
+
+    /* populate node */
     switch (sk->type) {
         case STACK_TYPE_CIPHER:
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            node->data.cipher = sk->data.cipher;
-            sk->data.cipher = *(WOLFSSL_CIPHER*)data;
-            if (sk->hash_fn) {
-                sk->hash = sk->hash_fn(&sk->data.cipher);
-            }
+            node->data.cipher = *(WOLFSSL_CIPHER*)data;
+            if (node->hash_fn)
+                node->hash = node->hash_fn(&node->data.cipher);
             break;
 #endif
         case STACK_TYPE_X509:
@@ -19091,17 +14822,25 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
         case STACK_TYPE_X509_CRL:
         default:
             /* All other types are pointers */
-            node->data.generic = sk->data.generic;
-            sk->data.generic = (void*)data;
+            node->data.generic = (void*)data;
 #ifdef OPENSSL_ALL
-            if (sk->hash_fn) {
-                sk->hash = sk->hash_fn(sk->data.generic);
-            }
+            if (node->hash_fn)
+                node->hash = node->hash_fn(node->data.generic);
 #endif
             break;
     }
+    {
+        /* insert node into stack. not using sk since we return sk->num after */
+        WOLFSSL_STACK* prev_node = sk;
+        while (idx != 0 && prev_node->next != NULL) {
+            prev_node = prev_node->next;
+            idx--;
+        }
+        node->next = prev_node->next;
+        prev_node->next = node;
+    }
 
-    return WOLFSSL_SUCCESS;
+    return (int)sk->num;
 }
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -19234,9 +14973,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                 return NULL;
             }
             #ifndef WOLFSSL_X509_STORE_CERTS
-            ssl->ourCert = wolfSSL_X509_d2i(NULL,
-                                              ssl->buffers.certificate->buffer,
-                                              ssl->buffers.certificate->length);
+            ssl->ourCert = wolfSSL_X509_d2i_ex(NULL,
+                                         ssl->buffers.certificate->buffer,
+                                         (int)ssl->buffers.certificate->length,
+                                         ssl->heap);
             #endif
         }
         return ssl->ourCert;
@@ -19249,9 +14989,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                     return NULL;
                 }
                 #ifndef WOLFSSL_X509_STORE_CERTS
-                ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
-                                               ssl->ctx->certificate->buffer,
-                                               ssl->ctx->certificate->length);
+                ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
+                                          ssl->ctx->certificate->buffer,
+                                          (int)ssl->ctx->certificate->length,
+                                          ssl->heap);
                 #endif
                 ssl->ctx->ownOurCert = 1;
             }
@@ -19271,9 +15012,10 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
                 return NULL;
             }
             #ifndef WOLFSSL_X509_STORE_CERTS
-            ctx->ourCert = wolfSSL_X509_d2i(NULL,
+            ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                            ctx->certificate->buffer,
-                                           ctx->certificate->length);
+                                           (int)ctx->certificate->length,
+                                           ctx->heap);
             #endif
             ctx->ownOurCert = 1;
         }
@@ -19361,527 +15103,6 @@ int wolfSSL_session_reused(WOLFSSL* ssl)
     return resuming;
 }
 
-/* return a new malloc'd session with default settings on success */
-WOLFSSL_SESSION* wolfSSL_NewSession(void* heap)
-{
-    WOLFSSL_SESSION* ret = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_NewSession");
-
-    ret = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), heap,
-            DYNAMIC_TYPE_SESSION);
-    if (ret != NULL) {
-        int err;
-        XMEMSET(ret, 0, sizeof(WOLFSSL_SESSION));
-        wolfSSL_RefInit(&ret->ref, &err);
-    #ifdef WOLFSSL_REFCNT_ERROR_RETURN
-        if (err != 0) {
-            WOLFSSL_MSG("Error setting up session reference mutex");
-            XFREE(ret, ret->heap, DYNAMIC_TYPE_SESSION);
-            return NULL;
-        }
-    #else
-        (void)err;
-    #endif
-#ifndef NO_SESSION_CACHE
-        ret->cacheRow = INVALID_SESSION_ROW; /* not in cache */
-#endif
-        ret->type = WOLFSSL_SESSION_TYPE_HEAP;
-        ret->heap = heap;
-#ifdef WOLFSSL_CHECK_MEM_ZERO
-        wc_MemZero_Add("SESSION master secret", ret->masterSecret, SECRET_LEN);
-        wc_MemZero_Add("SESSION id", ret->sessionID, ID_LEN);
-#endif
-    #ifdef HAVE_SESSION_TICKET
-        ret->ticket = ret->staticTicket;
-        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&  \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret->ticketNonce.data = ret->ticketNonce.dataStatic;
-        #endif
-    #endif
-#ifdef HAVE_EX_DATA
-        ret->ownExData = 1;
-        if (crypto_ex_cb_ctx_session != NULL) {
-            crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session,
-                    &ret->ex_data);
-        }
-#endif
-    }
-    return ret;
-}
-
-
-WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap)
-{
-    return wolfSSL_NewSession(heap);
-}
-
-WOLFSSL_SESSION* wolfSSL_SESSION_new(void)
-{
-    return wolfSSL_SESSION_new_ex(NULL);
-}
-
-/* add one to session reference count
- * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */
-int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session)
-{
-    int ret;
-
-    session = ClientSessionToSession(session);
-
-    if (session == NULL || session->type != WOLFSSL_SESSION_TYPE_HEAP)
-        return WOLFSSL_FAILURE;
-
-    wolfSSL_RefInc(&session->ref, &ret);
-#ifdef WOLFSSL_REFCNT_ERROR_RETURN
-    if (ret != 0) {
-        WOLFSSL_MSG("Failed to lock session mutex");
-        return WOLFSSL_FAILURE;
-    }
-#else
-    (void)ret;
-#endif
-
-    return WOLFSSL_SUCCESS;
-}
-
-/**
- * Deep copy the contents from input to output.
- * @param input         The source of the copy.
- * @param output        The destination of the copy.
- * @param avoidSysCalls If true, then system calls will be avoided or an error
- *                      will be returned if it is not possible to proceed
- *                      without a system call. This is useful for fetching
- *                      sessions from cache. When a cache row is locked, we
- *                      don't want to block other threads with long running
- *                      system calls.
- * @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the
- *                      ticketNonce will happen in this pre allocated buffer
- * @param ticketNonceLen @ticketNonceBuf len as input, used length on output
- * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet
- * @return              WOLFSSL_SUCCESS on success
- *                      WOLFSSL_FAILURE on failure
- */
-static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
-    WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf,
-    byte* ticketNonceLen, byte* preallocUsed)
-{
-#ifdef HAVE_SESSION_TICKET
-    int   ticLenAlloc = 0;
-    byte *ticBuff = NULL;
-#endif
-    const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) + sizeof(input->heap);
-    int ret = WOLFSSL_SUCCESS;
-
-    (void)avoidSysCalls;
-    (void)ticketNonceBuf;
-    (void)ticketNonceLen;
-    (void)preallocUsed;
-
-    input = ClientSessionToSession(input);
-    output = ClientSessionToSession(output);
-
-    if (input == NULL || output == NULL || input == output) {
-        WOLFSSL_MSG("input or output are null or same");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef HAVE_SESSION_TICKET
-    if (output->ticket != output->staticTicket) {
-        ticBuff = output->ticket;
-        ticLenAlloc = output->ticketLenAlloc;
-    }
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        /* free the data, it would be better to reuse the buffer but this
-         * maintain the code simpler. A smart allocator should reuse the free'd
-         * buffer in the next malloc without much performance penalties. */
-    if (output->ticketNonce.data != output->ticketNonce.dataStatic) {
-
-        /*  Callers that avoid syscall should never calls this with
-         * output->tickeNonce.data being a dynamic buffer.*/
-        if (avoidSysCalls) {
-            WOLFSSL_MSG("can't avoid syscalls with dynamic TicketNonce buffer");
-            return WOLFSSL_FAILURE;
-        }
-
-        XFREE(output->ticketNonce.data,
-            output->heap, DYNAMIC_TYPE_SESSION_TICK);
-        output->ticketNonce.data = output->ticketNonce.dataStatic;
-        output->ticketNonce.len = 0;
-    }
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
-#endif /* HAVE_SESSION_TICKET */
-
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    if (output->peer != NULL) {
-        if (avoidSysCalls) {
-            WOLFSSL_MSG("Can't free cert when avoiding syscalls");
-            return WOLFSSL_FAILURE;
-        }
-        wolfSSL_X509_free(output->peer);
-        output->peer = NULL;
-    }
-#endif
-
-    XMEMCPY((byte*)output + copyOffset, (byte*)input + copyOffset,
-            sizeof(WOLFSSL_SESSION) - copyOffset);
-
-#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
-    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    /* fix pointer to static after the copy  */
-    output->ticketNonce.data = output->ticketNonce.dataStatic;
-#endif
-    /* Set sane values for copy */
-#ifndef NO_SESSION_CACHE
-    if (output->type != WOLFSSL_SESSION_TYPE_CACHE)
-        output->cacheRow = INVALID_SESSION_ROW;
-#endif
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    if (input->peer != NULL && input->peer->dynamicMemory) {
-        if (wolfSSL_X509_up_ref(input->peer) != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Can't increase peer cert ref count");
-            output->peer = NULL;
-        }
-    }
-    else if (!avoidSysCalls)
-        output->peer = wolfSSL_X509_dup(input->peer);
-    else
-        /* output->peer is not that important to copy */
-        output->peer = NULL;
-#endif
-#ifdef HAVE_SESSION_TICKET
-    if (input->ticketLen > SESSION_TICKET_LEN) {
-        /* Need dynamic buffer */
-        if (ticBuff == NULL || ticLenAlloc < input->ticketLen) {
-            /* allocate new one */
-            byte* tmp;
-            if (avoidSysCalls) {
-                WOLFSSL_MSG("Failed to allocate memory for ticket when avoiding"
-                        " syscalls");
-                output->ticket = ticBuff;
-                output->ticketLenAlloc = (word16) ticLenAlloc;
-                output->ticketLen = 0;
-                ret = WOLFSSL_FAILURE;
-            }
-            else {
-#ifdef WOLFSSL_NO_REALLOC
-                tmp = (byte*)XMALLOC(input->ticketLen,
-                        output->heap, DYNAMIC_TYPE_SESSION_TICK);
-                XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-                ticBuff = NULL;
-#else
-                tmp = (byte*)XREALLOC(ticBuff, input->ticketLen,
-                        output->heap, DYNAMIC_TYPE_SESSION_TICK);
-#endif /* WOLFSSL_NO_REALLOC */
-                if (tmp == NULL) {
-                    WOLFSSL_MSG("Failed to allocate memory for ticket");
-#ifndef WOLFSSL_NO_REALLOC
-                    XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-                    ticBuff = NULL;
-#endif /* WOLFSSL_NO_REALLOC */
-                    output->ticket = NULL;
-                    output->ticketLen = 0;
-                    output->ticketLenAlloc = 0;
-                    ret = WOLFSSL_FAILURE;
-                }
-                else {
-                    ticBuff = tmp;
-                    ticLenAlloc = input->ticketLen;
-                }
-            }
-        }
-        if (ticBuff != NULL && ret == WOLFSSL_SUCCESS) {
-            XMEMCPY(ticBuff, input->ticket, input->ticketLen);
-            output->ticket = ticBuff;
-            output->ticketLenAlloc = (word16) ticLenAlloc;
-        }
-    }
-    else {
-        /* Default ticket to non dynamic */
-        if (avoidSysCalls) {
-            /* Try to use ticBuf if available. Caller can later move it to
-             * the static buffer. */
-            if (ticBuff != NULL) {
-                if (ticLenAlloc >= input->ticketLen) {
-                    output->ticket = ticBuff;
-                    output->ticketLenAlloc = ticLenAlloc;
-                }
-                else {
-                    WOLFSSL_MSG("ticket dynamic buffer too small but we are "
-                                "avoiding system calls");
-                    ret = WOLFSSL_FAILURE;
-                    output->ticket = ticBuff;
-                    output->ticketLenAlloc = (word16) ticLenAlloc;
-                    output->ticketLen = 0;
-                }
-            }
-            else {
-                output->ticket = output->staticTicket;
-                output->ticketLenAlloc = 0;
-            }
-        }
-        else {
-            if (ticBuff != NULL)
-                XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
-            output->ticket = output->staticTicket;
-            output->ticketLenAlloc = 0;
-        }
-        if (input->ticketLenAlloc > 0 && ret == WOLFSSL_SUCCESS) {
-            /* Shouldn't happen as session should have placed this in
-             * the static buffer */
-            XMEMCPY(output->ticket, input->ticket,
-                    input->ticketLen);
-        }
-    }
-    ticBuff = NULL;
-
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    if (preallocUsed != NULL)
-        *preallocUsed = 0;
-
-    if (input->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ &&
-        ret == WOLFSSL_SUCCESS) {
-        /* TicketNonce does not fit in the static buffer */
-        if (!avoidSysCalls) {
-            output->ticketNonce.data = (byte*)XMALLOC(input->ticketNonce.len,
-                output->heap, DYNAMIC_TYPE_SESSION_TICK);
-
-            if (output->ticketNonce.data == NULL) {
-                WOLFSSL_MSG("Failed to allocate space for ticket nonce");
-                output->ticketNonce.data = output->ticketNonce.dataStatic;
-                output->ticketNonce.len = 0;
-                ret = WOLFSSL_FAILURE;
-            }
-            else {
-                output->ticketNonce.len = input->ticketNonce.len;
-                XMEMCPY(output->ticketNonce.data, input->ticketNonce.data,
-                    input->ticketNonce.len);
-                ret = WOLFSSL_SUCCESS;
-            }
-        }
-        /* we can't do syscalls. Use prealloc buffers if provided from the
-         * caller. */
-        else if (ticketNonceBuf != NULL &&
-                 *ticketNonceLen >= input->ticketNonce.len) {
-            XMEMCPY(ticketNonceBuf, input->ticketNonce.data,
-                input->ticketNonce.len);
-            *ticketNonceLen = input->ticketNonce.len;
-            if (preallocUsed != NULL)
-                *preallocUsed = 1;
-            ret = WOLFSSL_SUCCESS;
-        }
-        else {
-            WOLFSSL_MSG("TicketNonce bigger than static buffer, and we can't "
-                        "do syscalls");
-            ret = WOLFSSL_FAILURE;
-        }
-    }
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
-
-#endif /* HAVE_SESSION_TICKET */
-
-#ifdef HAVE_EX_DATA
-    if (input->type != WOLFSSL_SESSION_TYPE_CACHE &&
-            output->type != WOLFSSL_SESSION_TYPE_CACHE) {
-        /* Not called with cache as that passes ownership of ex_data */
-        ret = crypto_ex_cb_dup_data(&input->ex_data, &output->ex_data,
-                                    crypto_ex_cb_ctx_session);
-    }
-#endif
-
-    return ret;
-}
-
-/**
- * Deep copy the contents from input to output.
- * @param input         The source of the copy.
- * @param output        The destination of the copy.
- * @param avoidSysCalls If true, then system calls will be avoided or an error
- *                      will be returned if it is not possible to proceed
- *                      without a system call. This is useful for fetching
- *                      sessions from cache. When a cache row is locked, we
- *                      don't want to block other threads with long running
- *                      system calls.
- * @return              WOLFSSL_SUCCESS on success
- *                      WOLFSSL_FAILURE on failure
- */
-int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output,
-        int avoidSysCalls)
-{
-    return wolfSSL_DupSessionEx(input, output, avoidSysCalls, NULL, NULL, NULL);
-}
-
-WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
-{
-    WOLFSSL_SESSION* copy;
-
-    WOLFSSL_ENTER("wolfSSL_SESSION_dup");
-
-    session = ClientSessionToSession(session);
-    if (session == NULL)
-        return NULL;
-
-#ifdef HAVE_SESSION_TICKET
-    if (session->ticketLenAlloc > 0 && !session->ticket) {
-        WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null");
-        return NULL;
-    }
-#endif
-
-    copy = wolfSSL_NewSession(session->heap);
-    if (copy != NULL &&
-            wolfSSL_DupSession(session, copy, 0) != WOLFSSL_SUCCESS) {
-        wolfSSL_FreeSession(NULL, copy);
-        copy = NULL;
-    }
-    return copy;
-}
-
-void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
-{
-    session = ClientSessionToSession(session);
-    if (session == NULL)
-        return;
-
-    (void)ctx;
-
-    WOLFSSL_ENTER("wolfSSL_FreeSession");
-
-    if (session->ref.count > 0) {
-        int ret;
-        int isZero;
-        wolfSSL_RefDec(&session->ref, &isZero, &ret);
-        (void)ret;
-        if (!isZero) {
-            return;
-        }
-        wolfSSL_RefFree(&session->ref);
-    }
-
-    WOLFSSL_MSG("wolfSSL_FreeSession full free");
-
-#ifdef HAVE_EX_DATA
-    if (session->ownExData) {
-        crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session,
-                &session->ex_data);
-    }
-#endif
-
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-    wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data);
-#endif
-
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    if (session->peer) {
-        wolfSSL_X509_free(session->peer);
-        session->peer = NULL;
-    }
-#endif
-
-#ifdef HAVE_SESSION_TICKET
-    if (session->ticketLenAlloc > 0) {
-        XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK);
-    }
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    if (session->ticketNonce.data != session->ticketNonce.dataStatic) {
-        XFREE(session->ticketNonce.data, session->heap,
-            DYNAMIC_TYPE_SESSION_TICK);
-    }
-#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
-#endif
-
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-    wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data);
-#endif
-
-    /* Make sure masterSecret is zeroed. */
-    ForceZero(session->masterSecret, SECRET_LEN);
-    /* Session ID is sensitive information too. */
-    ForceZero(session->sessionID, ID_LEN);
-
-    if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {
-        XFREE(session, session->heap, DYNAMIC_TYPE_SESSION);
-    }
-}
-
-/* DO NOT use this API internally. Use wolfSSL_FreeSession directly instead
- * and pass in the ctx parameter if possible (like from ssl->ctx). */
-void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
-{
-    session = ClientSessionToSession(session);
-    wolfSSL_FreeSession(NULL, session);
-}
-
-#ifndef NO_SESSION_CACHE
-int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
-{
-    int    error = 0;
-    const byte* id = NULL;
-    byte idSz = 0;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_add_session");
-
-    session = ClientSessionToSession(session);
-    if (session == NULL)
-        return WOLFSSL_FAILURE;
-
-    /* Session cache is global */
-    (void)ctx;
-
-    if (session->haveAltSessionID) {
-        id = session->altSessionID;
-        idSz = ID_LEN;
-    }
-    else {
-        id = session->sessionID;
-        idSz = session->sessionIDSz;
-    }
-
-    error = AddSessionToCache(ctx, session, id, idSz,
-            NULL, session->side,
-#ifdef HAVE_SESSION_TICKET
-            session->ticketLen > 0,
-#else
-            0,
-#endif
-            NULL);
-
-    return error == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-}
-#endif
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
-
-/**
-* set cipher to WOLFSSL_SESSION from WOLFSSL_CIPHER
-* @param session  a pointer to WOLFSSL_SESSION structure
-* @param cipher   a function pointer to WOLFSSL_CIPHER
-* @return WOLFSSL_SUCCESS on success, otherwise WOLFSSL_FAILURE
-*/
-int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
-                                            const WOLFSSL_CIPHER* cipher)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_set_cipher");
-
-    session = ClientSessionToSession(session);
-    /* sanity check */
-    if (session == NULL || cipher == NULL) {
-        WOLFSSL_MSG("bad argument");
-        return WOLFSSL_FAILURE;
-    }
-    session->cipherSuite0 = cipher->cipherSuite0;
-    session->cipherSuite  = cipher->cipherSuite;
-
-    WOLFSSL_LEAVE("wolfSSL_SESSION_set_cipher", WOLFSSL_SUCCESS);
-    return WOLFSSL_SUCCESS;
-}
-#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
-
-
 /* helper function that takes in a protocol version struct and returns string */
 static const char* wolfSSL_internal_get_version(const ProtocolVersion* version)
 {
@@ -20017,25 +15238,6 @@ const char*  wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher)
     return wolfSSL_get_version(cipher->ssl);
 }
 
-const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session)
-{
-    session = ClientSessionToSession(session);
-    if (session == NULL) {
-        return NULL;
-    }
-
-#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
-                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-    #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS)
-        return GetCipherNameIana(session->cipherSuite0, session->cipherSuite);
-    #else
-        return GetCipherNameInternal(session->cipherSuite0, session->cipherSuite);
-    #endif
-#else
-    return NULL;
-#endif
-}
-
 const char* wolfSSL_get_cipher(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_get_cipher");
@@ -20049,14 +15251,14 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
     return wolfSSL_get_cipher_name_internal(ssl);
 }
 
-const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0,
-    const byte cipherSuite)
+const char* wolfSSL_get_cipher_name_from_suite(byte cipherSuite0,
+    byte cipherSuite)
 {
     return GetCipherNameInternal(cipherSuite0, cipherSuite);
 }
 
-const char* wolfSSL_get_cipher_name_iana_from_suite(const byte cipherSuite0,
-        const byte cipherSuite)
+const char* wolfSSL_get_cipher_name_iana_from_suite(byte cipherSuite0,
+        byte cipherSuite)
 {
     return GetCipherNameIana(cipherSuite0, cipherSuite);
 }
@@ -20068,7 +15270,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0,
         (cipherSuite == NULL) ||
         (flags == NULL))
         return BAD_FUNC_ARG;
-    return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags);
+    return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL,
+                                  flags);
 }
 
 
@@ -20087,7 +15290,7 @@ WOLFSSL_STACK* wolfSSL_sk_new_cipher(void)
     return sk;
 }
 
-/* return 1 on success 0 on fail */
+/* returns the number of elements in stack on success, 0 on fail */
 int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk,
                                                       WOLFSSL_CIPHER* cipher)
 {
@@ -20111,7 +15314,7 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_id");
 
     if (cipher && cipher->ssl) {
-        cipher_id = (cipher->ssl->options.cipherSuite0 << 8) |
+        cipher_id = (word16)(cipher->ssl->options.cipherSuite0 << 8) |
                      cipher->ssl->options.cipherSuite;
     }
 
@@ -20191,12 +15394,111 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
     if (ssl == NULL)
         return NULL;
 
-#if defined(WOLFSSL_TLS13) && defined(HAVE_PQC)
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_KYBER)
     /* Check for post-quantum groups. Return now because we do not want the ECC
      * check to override this result in the case of a hybrid. */
     if (IsAtLeastTLSv1_3(ssl->version)) {
         switch (ssl->namedGroup) {
-#ifdef HAVE_LIBOQS
+#ifndef WOLFSSL_NO_ML_KEM
+#if defined(WOLFSSL_WC_KYBER)
+    #ifndef WOLFSSL_NO_ML_KEM_512
+        case WOLFSSL_ML_KEM_512:
+            return "ML_KEM_512";
+        case WOLFSSL_P256_ML_KEM_512:
+            return "P256_ML_KEM_512";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_ML_KEM_512:
+            return "X25519_ML_KEM_512";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+        case WOLFSSL_ML_KEM_768:
+            return "ML_KEM_768";
+        case WOLFSSL_P384_ML_KEM_768:
+            return "P384_ML_KEM_768";
+        case WOLFSSL_P256_ML_KEM_768:
+            return "P256_ML_KEM_768";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_ML_KEM_768:
+            return "X25519_ML_KEM_768";
+        #endif
+        #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_ML_KEM_768:
+            return "X448_ML_KEM_768";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+        case WOLFSSL_ML_KEM_1024:
+            return "ML_KEM_1024";
+        case WOLFSSL_P521_ML_KEM_1024:
+            return "P521_ML_KEM_1024";
+        case WOLFSSL_P384_ML_KEM_1024:
+            return "P384_ML_KEM_1024";
+    #endif
+#elif defined(HAVE_LIBOQS)
+        case WOLFSSL_ML_KEM_512:
+            return "ML_KEM_512";
+        case WOLFSSL_ML_KEM_768:
+            return "ML_KEM_768";
+        case WOLFSSL_ML_KEM_1024:
+            return "ML_KEM_1024";
+        case WOLFSSL_P256_ML_KEM_512:
+            return "P256_ML_KEM_512";
+        case WOLFSSL_P384_ML_KEM_768:
+            return "P384_ML_KEM_768";
+        case WOLFSSL_P256_ML_KEM_768:
+            return "P256_ML_KEM_768";
+        case WOLFSSL_P521_ML_KEM_1024:
+            return "P521_ML_KEM_1024";
+        case WOLFSSL_P384_ML_KEM_1024:
+            return "P384_ML_KEM_1024";
+    #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_ML_KEM_512:
+            return "X25519_ML_KEM_512";
+        case WOLFSSL_X25519_ML_KEM_768:
+            return "X25519_ML_KEM_768";
+    #endif
+    #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_ML_KEM_768:
+            return "X448_ML_KEM_768";
+    #endif
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
+#if defined(WOLFSSL_WC_KYBER)
+    #ifndef WOLFSSL_NO_KYBER512
+        case WOLFSSL_KYBER_LEVEL1:
+            return "KYBER_LEVEL1";
+        case WOLFSSL_P256_KYBER_LEVEL1:
+            return "P256_KYBER_LEVEL1";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+            return "X25519_KYBER_LEVEL1";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_KYBER768
+        case WOLFSSL_KYBER_LEVEL3:
+            return "KYBER_LEVEL3";
+        case WOLFSSL_P384_KYBER_LEVEL3:
+            return "P384_KYBER_LEVEL3";
+        case WOLFSSL_P256_KYBER_LEVEL3:
+            return "P256_KYBER_LEVEL3";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+            return "X25519_KYBER_LEVEL3";
+        #endif
+        #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_KYBER_LEVEL3:
+            return "X448_KYBER_LEVEL3";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_KYBER1024
+        case WOLFSSL_KYBER_LEVEL5:
+            return "KYBER_LEVEL5";
+        case WOLFSSL_P521_KYBER_LEVEL5:
+            return "P521_KYBER_LEVEL5";
+    #endif
+#elif defined (HAVE_LIBOQS)
         case WOLFSSL_KYBER_LEVEL1:
             return "KYBER_LEVEL1";
         case WOLFSSL_KYBER_LEVEL3:
@@ -20207,29 +15509,26 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
             return "P256_KYBER_LEVEL1";
         case WOLFSSL_P384_KYBER_LEVEL3:
             return "P384_KYBER_LEVEL3";
+        case WOLFSSL_P256_KYBER_LEVEL3:
+            return "P256_KYBER_LEVEL3";
         case WOLFSSL_P521_KYBER_LEVEL5:
             return "P521_KYBER_LEVEL5";
-#elif defined(HAVE_PQM4)
-        case WOLFSSL_KYBER_LEVEL1:
-            return "KYBER_LEVEL1";
-#elif defined(WOLFSSL_WC_KYBER)
-    #ifdef WOLFSSL_KYBER512
-        case WOLFSSL_KYBER_LEVEL1:
-            return "KYBER_LEVEL1";
+    #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+            return "X25519_KYBER_LEVEL1";
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+            return "X25519_KYBER_LEVEL3";
     #endif
-    #ifdef WOLFSSL_KYBER768
-        case WOLFSSL_KYBER_LEVEL3:
-            return "KYBER_LEVEL3";
+    #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_KYBER_LEVEL3:
+            return "X448_KYBER_LEVEL3";
     #endif
-    #ifdef WOLFSSL_KYBER1024
-        case WOLFSSL_KYBER_LEVEL5:
-            return "KYBER_LEVEL5";
-    #endif
-#endif
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_KYBER_ORIGINAL */
         }
     }
+#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_KYBER */
 
-#endif /* WOLFSSL_TLS13 && HAVE_PQC */
 #ifdef HAVE_FFDHE
     if (ssl->namedGroup != 0) {
         cName = wolfssl_ffdhe_name(ssl->namedGroup);
@@ -20263,7 +15562,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
 /* return authentication NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -20271,12 +15570,12 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } authnid_tbl[] = {
-        {"RSA",     NID_auth_rsa},
-        {"PSK",     NID_auth_psk},
-        {"SRP",     NID_auth_srp},
-        {"ECDSA",   NID_auth_ecdsa},
-        {"None",    NID_auth_null},
-        {NULL,      NID_undef}
+        {"RSA",     WC_NID_auth_rsa},
+        {"PSK",     WC_NID_auth_psk},
+        {"SRP",     WC_NID_auth_srp},
+        {"ECDSA",   WC_NID_auth_ecdsa},
+        {"None",    WC_NID_auth_null},
+        {NULL,      WC_NID_undef}
     };
 
     const char* authStr;
@@ -20284,7 +15583,7 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     authStr = GetCipherAuthStr(n);
@@ -20298,11 +15597,11 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return cipher NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -20310,18 +15609,18 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } ciphernid_tbl[] = {
-        {"AESGCM(256)",             NID_aes_256_gcm},
-        {"AESGCM(128)",             NID_aes_128_gcm},
-        {"AESCCM(128)",             NID_aes_128_ccm},
-        {"AES(128)",                NID_aes_128_cbc},
-        {"AES(256)",                NID_aes_256_cbc},
-        {"CAMELLIA(256)",           NID_camellia_256_cbc},
-        {"CAMELLIA(128)",           NID_camellia_128_cbc},
-        {"RC4",                     NID_rc4},
-        {"3DES",                    NID_des_ede3_cbc},
-        {"CHACHA20/POLY1305(256)",  NID_chacha20_poly1305},
-        {"None",                    NID_undef},
-        {NULL,                      NID_undef}
+        {"AESGCM(256)",             WC_NID_aes_256_gcm},
+        {"AESGCM(128)",             WC_NID_aes_128_gcm},
+        {"AESCCM(128)",             WC_NID_aes_128_ccm},
+        {"AES(128)",                WC_NID_aes_128_cbc},
+        {"AES(256)",                WC_NID_aes_256_cbc},
+        {"CAMELLIA(256)",           WC_NID_camellia_256_cbc},
+        {"CAMELLIA(128)",           WC_NID_camellia_128_cbc},
+        {"RC4",                     WC_NID_rc4},
+        {"3DES",                    WC_NID_des_ede3_cbc},
+        {"CHACHA20/POLY1305(256)",  WC_NID_chacha20_poly1305},
+        {"None",                    WC_NID_undef},
+        {NULL,                      WC_NID_undef}
     };
 
     const char* encStr;
@@ -20331,7 +15630,7 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     encStr = GetCipherEncStr(n);
@@ -20345,11 +15644,11 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return digest NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -20357,10 +15656,10 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } macnid_tbl[] = {
-        {"SHA1",    NID_sha1},
-        {"SHA256",  NID_sha256},
-        {"SHA384",  NID_sha384},
-        {NULL,      NID_undef}
+        {"SHA1",    WC_NID_sha1},
+        {"SHA256",  WC_NID_sha256},
+        {"SHA384",  WC_NID_sha384},
+        {NULL,      WC_NID_undef}
     };
 
     const char* name;
@@ -20372,12 +15671,12 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
 
     if ((name = GetCipherSegment(cipher, n)) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
-    /* in MD5 case, NID will be NID_md5 */
+    /* in MD5 case, NID will be WC_NID_md5 */
     if (XSTRSTR(name, "MD5") != NULL) {
-        return NID_md5;
+        return WC_NID_md5;
     }
 
     macStr = GetCipherMacStr(n);
@@ -20391,11 +15690,11 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return key exchange NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -20403,15 +15702,15 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
         const char* name;
         const int  nid;
     } kxnid_table[] = {
-        {"ECDHEPSK",  NID_kx_ecdhe_psk},
-        {"ECDH",      NID_kx_ecdhe},
-        {"DHEPSK",    NID_kx_dhe_psk},
-        {"DH",        NID_kx_dhe},
-        {"RSAPSK",    NID_kx_rsa_psk},
-        {"SRP",       NID_kx_srp},
-        {"EDH",       NID_kx_dhe},
-        {"RSA",       NID_kx_rsa},
-        {NULL,        NID_undef}
+        {"ECDHEPSK",  WC_NID_kx_ecdhe_psk},
+        {"ECDH",      WC_NID_kx_ecdhe},
+        {"DHEPSK",    WC_NID_kx_dhe_psk},
+        {"DH",        WC_NID_kx_dhe},
+        {"RSAPSK",    WC_NID_kx_rsa_psk},
+        {"SRP",       WC_NID_kx_srp},
+        {"EDH",       WC_NID_kx_dhe},
+        {"RSA",       WC_NID_kx_rsa},
+        {NULL,        WC_NID_undef}
     };
 
     const char* keaStr;
@@ -20421,12 +15720,12 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
-    /* in TLS 1.3 case, NID will be NID_kx_any */
+    /* in TLS 1.3 case, NID will be WC_NID_kx_any */
     if (XSTRCMP(n[0], "TLS13") == 0) {
-        return NID_kx_any;
+        return WC_NID_kx_any;
     }
 
     keaStr = GetCipherKeaStr(n);
@@ -20440,7 +15739,7 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* check if cipher suite is AEAD
  * @param cipher a pointer to WOLFSSL_CIPHER
@@ -20454,7 +15753,7 @@ int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     return IsCipherAEAD(n);
@@ -20505,7 +15804,9 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
     authStr = GetCipherAuthStr(n);
     /* encStr */
     encStr = GetCipherEncStr(n);
-    if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) {
+    if ((cipher->bits = SetCipherBits(encStr)) ==
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+    {
        WOLFSSL_MSG("Cipher Bits Not Set.");
     }
     /* macStr */
@@ -20513,42 +15814,42 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
 
 
     /* Build up the string by copying onto the end. */
-    XSTRNCPY(dp, name, len);
+    XSTRNCPY(dp, name, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " ", len);
+    XSTRNCPY(dp, " ", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, protocol, len);
+    XSTRNCPY(dp, protocol, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Kx=", len);
+    XSTRNCPY(dp, " Kx=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, keaStr, len);
+    XSTRNCPY(dp, keaStr, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Au=", len);
+    XSTRNCPY(dp, " Au=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, authStr, len);
+    XSTRNCPY(dp, authStr, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Enc=", len);
+    XSTRNCPY(dp, " Enc=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, encStr, len);
+    XSTRNCPY(dp, encStr, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Mac=", len);
+    XSTRNCPY(dp, " Mac=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
-    len -= strLen; dp += strLen;
-    XSTRNCPY(dp, macStr, len);
+    len -= strLen; dp += (size_t)strLen;
+    XSTRNCPY(dp, macStr, (size_t)len);
     dp[len-1] = '\0';
 
     return WOLFSSL_SUCCESS;
@@ -20761,7 +16062,7 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac)
             macStr = "SHA1";
             break;
 #endif
-#ifdef HAVE_SHA224
+#ifdef WOLFSSL_SHA224
         case sha224_mac:
             macStr = "SHA224";
             break;
@@ -20771,12 +16072,12 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac)
             macStr = "SHA256";
             break;
 #endif
-#ifdef HAVE_SHA384
+#ifdef WOLFSSL_SHA384
         case sha384_mac:
             macStr = "SHA384";
             break;
 #endif
-#ifdef HAVE_SHA512
+#ifdef WOLFSSL_SHA512
         case sha512_mac:
             macStr = "SHA512";
             break;
@@ -20806,7 +16107,7 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
      */
     if (cipher->in_stack == TRUE) {
         wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher);
-        XSTRNCPY(in,cipher->description,len);
+        XSTRNCPY(in,cipher->description,(size_t)len);
         return ret;
     }
 #endif
@@ -20819,71 +16120,111 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
     macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm);
 
     /* Build up the string by copying onto the end. */
-    XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len);
+    XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " ", len);
+    XSTRNCPY(in, " ", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len);
+    XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Kx=", len);
+    XSTRNCPY(in, " Kx=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, keaStr, len);
+    XSTRNCPY(in, keaStr, (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Au=", len);
+    XSTRNCPY(in, " Au=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, authStr, len);
+    XSTRNCPY(in, authStr, (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Enc=", len);
+    XSTRNCPY(in, " Enc=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, encStr, len);
+    XSTRNCPY(in, encStr, (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Mac=", len);
+    XSTRNCPY(in, " Mac=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, macStr, len);
+    XSTRNCPY(in, macStr, (size_t)len);
     in[len-1] = '\0';
 
     return ret;
 }
 
-
-#ifndef NO_WOLFSSL_STUB
-int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
-                   int* ssl)
+int wolfSSL_OCSP_parse_url(const char* url, char** host, char** port,
+        char** path, int* ssl)
 {
-    (void)url;
-    (void)host;
-    (void)port;
-    (void)path;
-    (void)ssl;
-    WOLFSSL_STUB("OCSP_parse_url");
-    return 0;
-}
-#endif
+    const char* u = url;
+    const char* upath; /* path in u */
+    const char* uport; /* port in u */
+    const char* hostEnd;
 
-#ifndef NO_WOLFSSL_STUB
-void wolfSSL_RAND_screen(void)
-{
-    WOLFSSL_STUB("RAND_screen");
-}
-#endif
+    WOLFSSL_ENTER("OCSP_parse_url");
 
+    *host = NULL;
+    *port = NULL;
+    *path = NULL;
+    *ssl = 0;
 
-
-int wolfSSL_RAND_load_file(const char* fname, long len)
-{
-    (void)fname;
-    /* wolfCrypt provides enough entropy internally or will report error */
-    if (len == -1)
-        return 1024;
+    if (*(u++) != 'h') goto err;
+    if (*(u++) != 't') goto err;
+    if (*(u++) != 't') goto err;
+    if (*(u++) != 'p') goto err;
+    if (*u == 's') {
+        *ssl = 1;
+        u++;
+        *port = CopyString("443", -1, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+    else if (*u == ':') {
+        *ssl = 0;
+        *port = CopyString("80", -1, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
     else
-        return (int)len;
-}
+        goto err;
+    if (*port == NULL)
+        goto err;
+    if (*(u++) != ':') goto err;
+    if (*(u++) != '/') goto err;
+    if (*(u++) != '/') goto err;
 
+    /* Look for path */
+    upath = XSTRSTR(u, "/");
+    *path = CopyString(upath == NULL ? "/" : upath, -1, NULL,
+                       DYNAMIC_TYPE_OPENSSL);
+
+    /* Look for port */
+    uport = XSTRSTR(u, ":");
+    if (uport != NULL) {
+        if (*(++uport) == '\0')
+            goto err;
+        /* port must be before path */
+        if (upath != NULL && uport >= upath)
+            goto err;
+        XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
+        *port = CopyString(uport, upath != NULL ? (int)(upath - uport) : -1,
+                           NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*port == NULL)
+            goto err;
+        hostEnd = uport - 1;
+    }
+    else
+        hostEnd = upath;
+
+    *host = CopyString(u, hostEnd != NULL ? (int)(hostEnd - u) : -1, NULL,
+                       DYNAMIC_TYPE_OPENSSL);
+    if (*host == NULL)
+        goto err;
+
+    return WOLFSSL_SUCCESS;
+err:
+    XFREE(*host, NULL, DYNAMIC_TYPE_OPENSSL);
+    *host = NULL;
+    XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
+    *port = NULL;
+    XFREE(*path, NULL, DYNAMIC_TYPE_OPENSSL);
+    *path = NULL;
+    return WOLFSSL_FAILURE;
+}
 
 #ifndef NO_WOLFSSL_STUB
 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
@@ -20891,17 +16232,13 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
     WOLFSSL_STUB("COMP_zlib");
     return 0;
 }
-#endif
 
-#ifndef NO_WOLFSSL_STUB
 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
 {
     WOLFSSL_STUB("COMP_rle");
     return 0;
 }
-#endif
 
-#ifndef NO_WOLFSSL_STUB
 int wolfSSL_COMP_add_compression_method(int method, void* data)
 {
     (void)method;
@@ -20909,6 +16246,25 @@ int wolfSSL_COMP_add_compression_method(int method, void* data)
     WOLFSSL_STUB("COMP_add_compression_method");
     return 0;
 }
+
+const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) {
+    (void)ssl;
+    return NULL;
+}
+
+const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) {
+    (void)ssl;
+    return NULL;
+}
+
+const char* wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp)
+{
+    static const char ret[] = "not supported";
+
+    (void)comp;
+    WOLFSSL_STUB("wolfSSL_COMP_get_name");
+    return ret;
+}
 #endif
 
 /*  wolfSSL_set_dynlock_create_callback
@@ -20982,12 +16338,12 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     key_type = key->type;
-    if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) {
+    if ((key_type != WC_EVP_PKEY_EC) && (key_type != WC_EVP_PKEY_RSA)) {
         return WOLFSSL_FATAL_ERROR;
     }
 
 #ifndef NO_RSA
-    if (key_type == EVP_PKEY_RSA) {
+    if (key_type == WC_EVP_PKEY_RSA) {
         return wolfSSL_i2d_RSAPublicKey(key->rsa, der);
     }
 #endif
@@ -21004,12 +16360,12 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
         /* In this case, there was no buffered DER at all. This could be the
          * case where the key that was passed in was generated. So now we
          * have to create the local DER. */
-        local_derSz = wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der);
+        local_derSz = (word32)wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der);
         if (local_derSz == 0) {
             ret = WOLFSSL_FATAL_ERROR;
         }
     } else {
-        local_derSz = ret;
+        local_derSz = (word32)ret;
         ret = 0;
     }
 
@@ -21034,7 +16390,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     if (ret == 0) {
-        pub_derSz = wc_EccPublicKeyDerSize(eccKey, 0);
+        pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 0);
         if ((int)pub_derSz <= 0) {
             ret = WOLFSSL_FAILURE;
         }
@@ -21050,7 +16406,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     if (ret == 0) {
-        pub_derSz = wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 0);
+        pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 0);
         if ((int)pub_derSz <= 0) {
             ret = WOLFSSL_FATAL_ERROR;
         }
@@ -21087,7 +16443,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
 #endif /* HAVE_ECC */
 
     if (ret == 0) {
-        return pub_derSz;
+        return (int)pub_derSz;
     }
 
     return ret;
@@ -21209,32 +16565,40 @@ unsigned long wolfSSL_ERR_peek_error(void)
     return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL);
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
+
 int wolfSSL_ERR_GET_LIB(unsigned long err)
 {
     unsigned long value;
 
     value = (err & 0xFFFFFFL);
     switch (value) {
-    case -SSL_R_HTTP_REQUEST:
-        return ERR_LIB_SSL;
+    case -PARSE_ERROR:
+        return WOLFSSL_ERR_LIB_SSL;
     case -ASN_NO_PEM_HEADER:
-    case PEM_R_NO_START_LINE:
-    case PEM_R_PROBLEMS_GETTING_PASSWORD:
-    case PEM_R_BAD_PASSWORD_READ:
-    case PEM_R_BAD_DECRYPT:
-        return ERR_LIB_PEM;
-    case EVP_R_BAD_DECRYPT:
-    case EVP_R_BN_DECODE_ERROR:
-    case EVP_R_DECODE_ERROR:
-    case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-        return ERR_LIB_EVP;
-    case ASN1_R_HEADER_TOO_LONG:
-        return ERR_LIB_ASN1;
+    case -WOLFSSL_PEM_R_NO_START_LINE_E:
+    case -WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E:
+    case -WOLFSSL_PEM_R_BAD_PASSWORD_READ_E:
+    case -WOLFSSL_PEM_R_BAD_DECRYPT_E:
+        return WOLFSSL_ERR_LIB_PEM;
+    case -WOLFSSL_EVP_R_BAD_DECRYPT_E:
+    case -WOLFSSL_EVP_R_BN_DECODE_ERROR:
+    case -WOLFSSL_EVP_R_DECODE_ERROR:
+    case -WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
+        return WOLFSSL_ERR_LIB_EVP;
+    case -WOLFSSL_ASN1_R_HEADER_TOO_LONG_E:
+        return WOLFSSL_ERR_LIB_ASN1;
     default:
         return 0;
     }
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#include <wolfssl/debug-trace-error-codes.h>
+#endif
+
 /* This function is to find global error values that are the same through out
  * all library version. With wolfSSL having only one set of error codes the
  * return value is pretty straight forward. The only thing needed is all wolfSSL
@@ -21252,7 +16616,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
     /* Nginx looks for this error to know to stop parsing certificates.
      * Same for HAProxy. */
     if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) ||
-       ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) ||
+       ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) ||
        ((err & 0xFFFL) == PEM_R_NO_START_LINE ))
         return PEM_R_NO_START_LINE;
     if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
@@ -21263,11 +16627,13 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
         return ASN1_R_HEADER_TOO_LONG;
 #endif
 
-    /* check if error value is in range of wolfSSL errors */
+    /* check if error value is in range of wolfCrypt or wolfSSL errors */
     ret = 0 - ret; /* setting as negative value */
-    /* wolfCrypt range is less than MAX (-100)
-       wolfSSL range is MIN (-300) and lower */
-    if (ret < MAX_CODE_E && ret > MIN_CODE_E) {
+
+    if ((ret <= WC_SPAN1_FIRST_E && ret >= WC_SPAN1_LAST_E) ||
+        (ret <= WC_SPAN2_FIRST_E && ret >= WC_SPAN2_LAST_E) ||
+        (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E))
+    {
         return ret;
     }
     else {
@@ -21278,6 +16644,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
     return ret;
 }
 
+#ifndef NO_TLS
 /* returns a string that describes the alert
  *
  * alertID the alert value to look up
@@ -21289,13 +16656,13 @@ const char* wolfSSL_alert_type_string_long(int alertID)
     return AlertTypeToString(alertID);
 }
 
-
 const char* wolfSSL_alert_desc_string_long(int alertID)
 {
     WOLFSSL_ENTER("wolfSSL_alert_desc_string_long");
 
     return AlertTypeToString(alertID);
 }
+#endif /* !NO_TLS */
 
 #define STATE_STRINGS_PROTO(s) \
     {                          \
@@ -21444,10 +16811,10 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 
     /* Get state of callback */
-    if (ssl->cbmode == SSL_CB_MODE_WRITE) {
+    if (ssl->cbmode == WOLFSSL_CB_MODE_WRITE) {
         cbmode =  SS_WRITE;
     }
-    else if (ssl->cbmode == SSL_CB_MODE_READ) {
+    else if (ssl->cbmode == WOLFSSL_CB_MODE_READ) {
         cbmode =  SS_READ;
     }
     else {
@@ -21497,7 +16864,7 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 
     /* accept process */
-    if (ssl->cbmode == SSL_CB_MODE_READ) {
+    if (ssl->cbmode == WOLFSSL_CB_MODE_READ) {
         state = ssl->cbtype;
         switch (state) {
             case hello_request:
@@ -21653,29 +17020,6 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 }
 
-/*
- * Sets default PEM callback password if null is passed into
- * the callback parameter of a PEM_read_bio_* function.
- *
- * Returns callback phrase size on success or WOLFSSL_FAILURE otherwise.
- */
-int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
-{
-    (void)w;
-    WOLFSSL_ENTER("wolfSSL_PEM_def_callback");
-
-    /* We assume that the user passes a default password as userdata */
-    if (key) {
-        int sz = (int)XSTRLEN((const char*)key);
-        sz = (sz > num) ? num : sz;
-        XMEMCPY(name, key, sz);
-        return sz;
-    } else {
-        WOLFSSL_MSG("Error, default password cannot be created.");
-        return WOLFSSL_FAILURE;
-    }
-}
-
 #endif /* OPENSSL_EXTRA */
 
 static long wolf_set_options(long old_op, long op)
@@ -21732,6 +17076,24 @@ static long wolf_set_options(long old_op, long op)
     return old_op | op;
 }
 
+static int FindHashSig(const Suites* suites, byte first, byte second)
+{
+    word16 i;
+
+    if (suites == NULL || suites->hashSigAlgoSz == 0) {
+        WOLFSSL_MSG("Suites pointer error or suiteSz 0");
+        return SUITES_ERROR;
+    }
+
+    for (i = 0; i < suites->hashSigAlgoSz-1; i += 2) {
+        if (suites->hashSigAlgo[i]   == first &&
+            suites->hashSigAlgo[i+1] == second )
+            return i;
+    }
+
+    return MATCH_SUITE_ERROR;
+}
+
 long wolfSSL_set_options(WOLFSSL* ssl, long op)
 {
     word16 haveRSA = 1;
@@ -21744,24 +17106,28 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         return 0;
     }
 
-    ssl->options.mask = wolf_set_options(ssl->options.mask, op);
+    ssl->options.mask = (unsigned long)wolf_set_options((long)ssl->options.mask, op);
 
     if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
+        WOLFSSL_MSG("Disabling TLS 1.3");
         if (ssl->version.minor == TLSv1_3_MINOR)
             ssl->version.minor = TLSv1_2_MINOR;
     }
 
     if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) {
+        WOLFSSL_MSG("Disabling TLS 1.2");
         if (ssl->version.minor == TLSv1_2_MINOR)
             ssl->version.minor = TLSv1_1_MINOR;
     }
 
     if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) {
+        WOLFSSL_MSG("Disabling TLS 1.1");
         if (ssl->version.minor == TLSv1_1_MINOR)
             ssl->version.minor = TLSv1_MINOR;
     }
 
     if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) {
+        WOLFSSL_MSG("Disabling TLS 1.0");
         if (ssl->version.minor == TLSv1_MINOR)
             ssl->version.minor = SSLv3_MINOR;
     }
@@ -21795,14 +17161,57 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
     if (ssl->options.side != WOLFSSL_NEITHER_END) {
         if (AllocateSuites(ssl) != 0)
             return 0;
-        InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
-                   ssl->options.haveDH, ssl->options.haveECDSAsig,
-                   ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.haveAnon, TRUE, ssl->options.side);
+        if (!ssl->suites->setSuites) {
+            InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
+                       havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
+                       ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
+                       ssl->options.useAnon,
+                       TRUE, TRUE, TRUE, TRUE, ssl->options.side);
+        }
+        else {
+            /* Only preserve overlapping suites */
+            Suites tmpSuites;
+            word16 in, out;
+            word16 haveECDSAsig, haveStaticECC;
+#ifdef NO_RSA
+            haveECDSAsig = 1;
+            haveStaticECC = 1;
+#else
+            haveECDSAsig = 0;
+            haveStaticECC = ssl->options.haveStaticECC;
+#endif
+            XMEMSET(&tmpSuites, 0, sizeof(Suites));
+            /* Get all possible ciphers and sigalgs for the version. Following
+             * options limit the allowed ciphers so let's try to get as many as
+             * possible.
+             * - haveStaticECC turns off haveRSA
+             * - haveECDSAsig turns off haveRSAsig */
+            InitSuites(&tmpSuites, ssl->version, 0, 1, 1, 1, haveECDSAsig, 1, 1,
+                    haveStaticECC, 1, 1, 1, 1, 1, ssl->options.side);
+            for (in = 0, out = 0; in < ssl->suites->suiteSz; in += SUITE_LEN) {
+                if (FindSuite(&tmpSuites, ssl->suites->suites[in],
+                        ssl->suites->suites[in+1]) >= 0) {
+                    ssl->suites->suites[out] = ssl->suites->suites[in];
+                    ssl->suites->suites[out+1] = ssl->suites->suites[in+1];
+                    out += SUITE_LEN;
+                }
+            }
+            ssl->suites->suiteSz = out;
+            for (in = 0, out = 0; in < ssl->suites->hashSigAlgoSz; in += 2) {
+                if (FindHashSig(&tmpSuites, ssl->suites->hashSigAlgo[in],
+                    ssl->suites->hashSigAlgo[in+1]) >= 0) {
+                    ssl->suites->hashSigAlgo[out] =
+                            ssl->suites->hashSigAlgo[in];
+                    ssl->suites->hashSigAlgo[out+1] =
+                            ssl->suites->hashSigAlgo[in+1];
+                    out += 2;
+                }
+            }
+            ssl->suites->hashSigAlgoSz = out;
+        }
     }
 
-    return ssl->options.mask;
+    return (long)ssl->options.mask;
 }
 
 
@@ -21811,7 +17220,7 @@ long wolfSSL_get_options(const WOLFSSL* ssl)
     WOLFSSL_ENTER("wolfSSL_get_options");
     if(ssl == NULL)
         return WOLFSSL_FAILURE;
-    return ssl->options.mask;
+    return (long)ssl->options.mask;
 }
 
 #if defined(HAVE_SECURE_RENEGOTIATION) \
@@ -21866,8 +17275,8 @@ long wolfSSL_clear_options(WOLFSSL* ssl, long opt)
     WOLFSSL_ENTER("wolfSSL_clear_options");
     if(ssl == NULL)
         return WOLFSSL_FAILURE;
-    ssl->options.mask &= ~opt;
-    return ssl->options.mask;
+    ssl->options.mask &= (unsigned long)~opt;
+    return (long)ssl->options.mask;
 }
 
 #ifdef HAVE_PK_CALLBACKS
@@ -21882,47 +17291,6 @@ long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
 }
 #endif /* HAVE_PK_CALLBACKS */
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
-const unsigned char *wolfSSL_SESSION_get0_id_context(
-                      const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length)
-{
-    return wolfSSL_SESSION_get_id((WOLFSSL_SESSION *)sess, sid_ctx_length);
-}
-int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s,
-                                 const unsigned char *sid, unsigned int sid_len)
-{
-    if (s == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-    if (sid_len > ID_LEN) {
-        return WOLFSSL_FAILURE;
-    }
-    s->sessionIDSz = sid_len;
-    if (sid != s->sessionID) {
-        XMEMCPY(s->sessionID, sid, sid_len);
-    }
-    return WOLFSSL_SUCCESS;
-}
-
-int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s,
-                         const unsigned char *sid_ctx, unsigned int sid_ctx_len)
-{
-    if (s == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-    if (sid_ctx_len > ID_LEN) {
-        return WOLFSSL_FAILURE;
-    }
-    s->sessionCtxSz = sid_ctx_len;
-    if (sid_ctx != s->sessionCtx) {
-        XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len);
-    }
-
-    return WOLFSSL_SUCCESS;
-}
-
-#endif
-
 /*** TBD ***/
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st)
@@ -21943,9 +17311,9 @@ long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
         return BAD_FUNC_ARG;
     }
 
-    if (type == TLSEXT_STATUSTYPE_ocsp){
-        int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0, s,
-                                                             s->heap, s->devId);
+    if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){
+        int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0,
+            s, s->heap, s->devId);
         return (long)r;
     } else {
         WOLFSSL_MSG(
@@ -21962,7 +17330,7 @@ long wolfSSL_get_tlsext_status_type(WOLFSSL *s)
     if (s == NULL)
         return WOLFSSL_FATAL_ERROR;
     extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST);
-    return extension != NULL ? TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR;
+    return extension != NULL ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR;
 }
 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
 
@@ -22021,20 +17389,20 @@ WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
 
 #ifndef NO_WOLFSSL_STUB
 /*** TBD ***/
-void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
+void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
     WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
 {
     (void)ctx;
     (void)dh;
-    WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback");
+    WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh_callback");
 }
 #endif
 
 #ifndef NO_WOLFSSL_STUB
 /*** TBD ***/
-WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void)
 {
-    WOLFSSL_STUB("SSL_COMP_get_compression_methods");
+    WOLFSSL_STUB("WOLFSSL_COMP_get_compression_methods");
     return NULL;
 }
 #endif
@@ -22056,13 +17424,13 @@ WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i)
 }
 
 #if !defined(NETOS)
-void ERR_load_SSL_strings(void)
+void wolfSSL_ERR_load_SSL_strings(void)
 {
 
 }
 #endif
 
-#ifdef HAVE_OCSP
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
 long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
 {
     if (s == NULL || resp == NULL)
@@ -22078,15 +17446,16 @@ long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp,
     if (s == NULL)
         return WOLFSSL_FAILURE;
 
+    XFREE(s->ocspResp, NULL, 0);
     s->ocspResp   = resp;
     s->ocspRespSz = len;
 
     return WOLFSSL_SUCCESS;
 }
-#endif /* HAVE_OCSP */
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
 
 #ifdef HAVE_MAX_FRAGMENT
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 /**
  * Set max fragment tls extension
  * @param c a pointer to WOLFSSL_CTX object
@@ -22114,7 +17483,7 @@ int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode)
 
     return wolfSSL_UseMaxFragment(s, mode);
 }
-#endif /* NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
 #endif /* HAVE_MAX_FRAGMENT */
 
 #endif /* OPENSSL_EXTRA */
@@ -22173,7 +17542,7 @@ long wolfSSL_get_verify_result(const WOLFSSL *ssl)
         return WOLFSSL_FAILURE;
     }
 
-    return ssl->peerVerifyRet;
+    return (long)ssl->peerVerifyRet;
 }
 #endif
 
@@ -22293,117 +17662,7 @@ long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx)
 }
 #endif
 
-
-/* Return the total number of sessions */
-long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
-{
-    word32 total = 0;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_sess_number");
-    (void)ctx;
-
-#if defined(WOLFSSL_SESSION_STATS) && !defined(NO_SESSION_CACHE)
-    if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != WOLFSSL_SUCCESS) {
-        WOLFSSL_MSG("Error getting session stats");
-    }
-#else
-    WOLFSSL_MSG("Please use macro WOLFSSL_SESSION_STATS for session stats");
-#endif
-
-    return (long)total;
-}
-
-
 #ifndef NO_CERTS
-long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
-{
-    byte* chain = NULL;
-    int   derSz;
-    const byte* der;
-    int   ret;
-    DerBuffer *derBuffer = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert");
-
-    if (ctx == NULL || x509 == NULL) {
-        WOLFSSL_MSG("Bad Argument");
-        return WOLFSSL_FAILURE;
-    }
-
-    der = wolfSSL_X509_get_der(x509, &derSz);
-    if (der == NULL || derSz <= 0) {
-        WOLFSSL_MSG("Error getting X509 DER");
-        return WOLFSSL_FAILURE;
-    }
-
-    if (ctx->certificate == NULL) {
-        WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
-
-        /* Process buffer makes first certificate the leaf. */
-        ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
-                            NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx));
-        if (ret != WOLFSSL_SUCCESS) {
-            WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
-            return WOLFSSL_FAILURE;
-        }
-    }
-    else {
-        long chainSz = 0;
-        int  idx = 0;
-
-        /* TODO: Do this elsewhere. */
-        ret = AllocDer(&derBuffer, derSz, CERT_TYPE, ctx->heap);
-        if (ret != 0) {
-            WOLFSSL_MSG("Memory Error");
-            return WOLFSSL_FAILURE;
-        }
-        XMEMCPY(derBuffer->buffer, der, derSz);
-        ret = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA,
-            GET_VERIFY_SETTING_CTX(ctx));
-        if (ret != WOLFSSL_SUCCESS) {
-            WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
-            return WOLFSSL_FAILURE;
-        }
-
-        /* adding cert to existing chain */
-        if (ctx->certChain != NULL && ctx->certChain->length > 0) {
-            chainSz += ctx->certChain->length;
-        }
-        chainSz += OPAQUE24_LEN + derSz;
-
-        chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_DER);
-        if (chain == NULL) {
-            WOLFSSL_MSG("Memory Error");
-            return WOLFSSL_FAILURE;
-        }
-
-        if (ctx->certChain != NULL && ctx->certChain->length > 0) {
-            XMEMCPY(chain, ctx->certChain->buffer, ctx->certChain->length);
-            idx = ctx->certChain->length;
-        }
-        c32to24(derSz, chain + idx);
-        idx += OPAQUE24_LEN;
-        XMEMCPY(chain + idx, der, derSz);
-        idx += derSz;
-#ifdef WOLFSSL_TLS13
-        ctx->certChainCnt++;
-#endif
-
-        FreeDer(&ctx->certChain);
-        ret = AllocDer(&ctx->certChain, idx, CERT_TYPE, ctx->heap);
-        if (ret == 0) {
-            XMEMCPY(ctx->certChain->buffer, chain, idx);
-        }
-    }
-
-    /* on success WOLFSSL_X509 memory is responsibility of ctx */
-    wolfSSL_X509_free(x509);
-    if (chain != NULL)
-        XFREE(chain, ctx->heap, DYNAMIC_TYPE_DER);
-
-    return WOLFSSL_SUCCESS;
-}
-
 
 long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
 {
@@ -22549,6 +17808,33 @@ static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out)
     *out = *in;
 }
 
+
+#if defined(OPENSSL_ALL)
+static WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_dup(WOLFSSL_X509_OBJECT* obj)
+{
+    WOLFSSL_X509_OBJECT* ret = NULL;
+    if (obj) {
+        ret = wolfSSL_X509_OBJECT_new();
+        if (ret) {
+            ret->type = obj->type;
+            switch (ret->type) {
+                case WOLFSSL_X509_LU_NONE:
+                    break;
+                case WOLFSSL_X509_LU_X509:
+                    ret->data.x509 = wolfSSL_X509_dup(obj->data.x509);
+                    break;
+                case WOLFSSL_X509_LU_CRL:
+            #if defined(HAVE_CRL)
+                    ret->data.crl = wolfSSL_X509_CRL_dup(obj->data.crl);
+            #endif
+                    break;
+            }
+        }
+    }
+    return ret;
+}
+#endif /* OPENSSL_ALL */
+
 WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
 {
 
@@ -22611,6 +17897,17 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
                     goto error;
                 }
                 break;
+            case STACK_TYPE_X509_OBJ:
+            #if defined(OPENSSL_ALL)
+                if (!sk->data.x509_obj)
+                    break;
+                cur->data.x509_obj = wolfSSL_X509_OBJECT_dup(sk->data.x509_obj);
+                if (!cur->data.x509_obj) {
+                    WOLFSSL_MSG("wolfSSL_X509_OBJECT_dup error");
+                    goto error;
+                }
+                break;
+            #endif
             case STACK_TYPE_BIO:
             case STACK_TYPE_STRING:
             case STACK_TYPE_ACCESS_DESCRIPTION:
@@ -22623,7 +17920,6 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
             case STACK_TYPE_X509_INFO:
             case STACK_TYPE_BY_DIR_entry:
             case STACK_TYPE_BY_DIR_hash:
-            case STACK_TYPE_X509_OBJ:
             case STACK_TYPE_DIST_POINT:
             case STACK_TYPE_X509_CRL:
             default:
@@ -22696,7 +17992,7 @@ void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk,
     wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
 }
 
-/* return 1 on success 0 on fail */
+/* returns the number of elements in stack on success, 0 on fail */
 int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic)
 {
     WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push");
@@ -22915,585 +18211,12 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
-        defined(HAVE_EXT_CACHE))
-/* stunnel 4.28 needs
- *
- * Callback that is called if a session tries to resume but could not find
- * the session to resume it.
- */
-void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
-                    WOLFSSL_SESSION*(*f)(WOLFSSL*, const unsigned char*, int, int*))
-{
-    if (ctx == NULL)
-        return;
-
-#ifdef HAVE_EXT_CACHE
-    ctx->get_sess_cb = f;
-#else
-    (void)f;
-#endif
-}
-
-void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
-                             int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
-{
-    if (ctx == NULL)
-        return;
-
-#ifdef HAVE_EXT_CACHE
-    ctx->new_sess_cb = f;
-#else
-    (void)f;
-#endif
-}
-
-void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
-                                                        WOLFSSL_SESSION*))
-{
-    if (ctx == NULL)
-        return;
-
-#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
-    ctx->rem_sess_cb = f;
-#else
-    (void)f;
-#endif
-}
-
-
-/*
- *
- * Note: It is expected that the importing and exporting function have been
- *       built with the same settings. For example if session tickets was
- *       enabled with the wolfSSL library exporting a session then it is
- *       expected to be turned on with the wolfSSL library importing the session.
- */
-int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
-{
-    int size = 0;
-#ifdef HAVE_EXT_CACHE
-    int idx = 0;
-#ifdef SESSION_CERTS
-    int i;
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_i2d_SSL_SESSION");
-
-    sess = ClientSessionToSession(sess);
-    if (sess == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* side | bornOn | timeout | sessionID len | sessionID | masterSecret |
-     * haveEMS  */
-    size += OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN +
-            sess->sessionIDSz + SECRET_LEN + OPAQUE8_LEN;
-    /* altSessionID */
-    size += OPAQUE8_LEN + (sess->haveAltSessionID ? ID_LEN : 0);
-#ifdef SESSION_CERTS
-    /* Peer chain */
-    size += OPAQUE8_LEN;
-    for (i = 0; i < sess->chain.count; i++)
-        size += OPAQUE16_LEN + sess->chain.certs[i].length;
-#endif
-#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
-                               defined(HAVE_SESSION_TICKET))
-    /* Protocol version */
-    size += OPAQUE16_LEN;
-#endif
-#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
-                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-    /* cipher suite */
-    size += OPAQUE16_LEN;
-#endif
-#ifndef NO_CLIENT_CACHE
-    /* ServerID len | ServerID */
-    size += OPAQUE16_LEN + sess->idLen;
-#endif
-#ifdef WOLFSSL_SESSION_ID_CTX
-    /* session context ID len | session context ID */
-    size += OPAQUE8_LEN + sess->sessionCtxSz;
-#endif
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-    /* peerVerifyRet */
-    size += OPAQUE8_LEN;
-#endif
-#ifdef WOLFSSL_TLS13
-    /* namedGroup */
-    size += OPAQUE16_LEN;
-#endif
-#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-#ifdef WOLFSSL_TLS13
-#ifdef WOLFSSL_32BIT_MILLI_TIME
-    /* ticketSeen | ticketAdd */
-    size += OPAQUE32_LEN + OPAQUE32_LEN;
-#else
-    /* ticketSeen Hi 32 bits | ticketSeen Lo 32 bits | ticketAdd */
-    size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE32_LEN;
-#endif
-    /* ticketNonce */
-    size += OPAQUE8_LEN + sess->ticketNonce.len;
-#endif
-#ifdef WOLFSSL_EARLY_DATA
-    size += OPAQUE32_LEN;
-#endif
-#endif
-#ifdef HAVE_SESSION_TICKET
-    /* ticket len | ticket */
-    size += OPAQUE16_LEN + sess->ticketLen;
-#endif
-
-    if (p != NULL) {
-        unsigned char *data;
-
-        if (*p == NULL)
-            *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL);
-        if (*p == NULL)
-            return 0;
-        data = *p;
-
-        data[idx++] = sess->side;
-        c32toa(sess->bornOn, data + idx); idx += OPAQUE32_LEN;
-        c32toa(sess->timeout, data + idx); idx += OPAQUE32_LEN;
-        data[idx++] = sess->sessionIDSz;
-        XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz);
-        idx += sess->sessionIDSz;
-        XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN;
-        data[idx++] = (byte)sess->haveEMS;
-        data[idx++] = sess->haveAltSessionID ? ID_LEN : 0;
-        if (sess->haveAltSessionID) {
-            XMEMCPY(data + idx, sess->altSessionID, ID_LEN);
-            idx += ID_LEN;
-        }
-#ifdef SESSION_CERTS
-        data[idx++] = (byte)sess->chain.count;
-        for (i = 0; i < sess->chain.count; i++) {
-            c16toa((word16)sess->chain.certs[i].length, data + idx);
-            idx += OPAQUE16_LEN;
-            XMEMCPY(data + idx, sess->chain.certs[i].buffer,
-                    sess->chain.certs[i].length);
-            idx += sess->chain.certs[i].length;
-        }
-#endif
-#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
-                               defined(HAVE_SESSION_TICKET))
-        data[idx++] = sess->version.major;
-        data[idx++] = sess->version.minor;
-#endif
-#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
-                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-        data[idx++] = sess->cipherSuite0;
-        data[idx++] = sess->cipherSuite;
-#endif
-#ifndef NO_CLIENT_CACHE
-        c16toa(sess->idLen, data + idx); idx += OPAQUE16_LEN;
-        XMEMCPY(data + idx, sess->serverID, sess->idLen);
-        idx += sess->idLen;
-#endif
-#ifdef WOLFSSL_SESSION_ID_CTX
-        data[idx++] = sess->sessionCtxSz;
-        XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz);
-        idx += sess->sessionCtxSz;
-#endif
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        data[idx++] = sess->peerVerifyRet;
-#endif
-#ifdef WOLFSSL_TLS13
-        c16toa(sess->namedGroup, data + idx);
-        idx += OPAQUE16_LEN;
-#endif
-#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-#ifdef WOLFSSL_TLS13
-#ifdef WOLFSSL_32BIT_MILLI_TIME
-        c32toa(sess->ticketSeen, data + idx);
-        idx += OPAQUE32_LEN;
-#else
-        c32toa((word32)(sess->ticketSeen >> 32), data + idx);
-        idx += OPAQUE32_LEN;
-        c32toa((word32)sess->ticketSeen, data + idx);
-        idx += OPAQUE32_LEN;
-#endif
-        c32toa(sess->ticketAdd, data + idx);
-        idx += OPAQUE32_LEN;
-        data[idx++] = sess->ticketNonce.len;
-        XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len);
-        idx += sess->ticketNonce.len;
-#endif
-#ifdef WOLFSSL_EARLY_DATA
-        c32toa(sess->maxEarlyDataSz, data + idx);
-        idx += OPAQUE32_LEN;
-#endif
-#endif
-#ifdef HAVE_SESSION_TICKET
-        c16toa(sess->ticketLen, data + idx); idx += OPAQUE16_LEN;
-        XMEMCPY(data + idx, sess->ticket, sess->ticketLen);
-        idx += sess->ticketLen;
-#endif
-    }
-#endif
-
-    (void)sess;
-    (void)p;
-#ifdef HAVE_EXT_CACHE
-    (void)idx;
-#endif
-
-    return size;
-}
-
-
-/* TODO: no function to free new session.
- *
- * Note: It is expected that the importing and exporting function have been
- *       built with the same settings. For example if session tickets was
- *       enabled with the wolfSSL library exporting a session then it is
- *       expected to be turned on with the wolfSSL library importing the session.
- */
-WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
-                                const unsigned char** p, long i)
-{
-    WOLFSSL_SESSION* s = NULL;
-    int ret = 0;
-#if defined(HAVE_EXT_CACHE)
-    int idx;
-    byte* data;
-#ifdef SESSION_CERTS
-    int j;
-    word16 length;
-#endif
-#endif /* HAVE_EXT_CACHE */
-
-    (void)p;
-    (void)i;
-    (void)ret;
-    (void)sess;
-
-#ifdef HAVE_EXT_CACHE
-    if (p == NULL || *p == NULL)
-        return NULL;
-
-    s = wolfSSL_SESSION_new();
-    if (s == NULL)
-        return NULL;
-
-    idx = 0;
-    data = (byte*)*p;
-
-    /* side | bornOn | timeout | sessionID len */
-    if (i < OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->side = data[idx++];
-    ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN;
-    ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN;
-    s->sessionIDSz = data[idx++];
-
-    /* sessionID | secret | haveEMS | haveAltSessionID */
-    if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN + OPAQUE8_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    XMEMCPY(s->sessionID, data + idx, s->sessionIDSz);
-    idx  += s->sessionIDSz;
-    XMEMCPY(s->masterSecret, data + idx, SECRET_LEN); idx += SECRET_LEN;
-    s->haveEMS = data[idx++];
-    if (data[idx] != ID_LEN && data[idx] != 0) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->haveAltSessionID = data[idx++] == ID_LEN;
-
-    /* altSessionID */
-    if (s->haveAltSessionID) {
-        if (i - idx < ID_LEN) {
-            ret = BUFFER_ERROR;
-            goto end;
-        }
-        XMEMCPY(s->altSessionID, data + idx, ID_LEN); idx += ID_LEN;
-    }
-
-#ifdef SESSION_CERTS
-    /* Certificate chain */
-    if (i - idx == 0) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->chain.count = data[idx++];
-    for (j = 0; j < s->chain.count; j++) {
-        if (i - idx < OPAQUE16_LEN) {
-            ret = BUFFER_ERROR;
-            goto end;
-        }
-        ato16(data + idx, &length); idx += OPAQUE16_LEN;
-        s->chain.certs[j].length = length;
-        if (i - idx < length) {
-            ret = BUFFER_ERROR;
-            goto end;
-        }
-        XMEMCPY(s->chain.certs[j].buffer, data + idx, length);
-        idx += length;
-    }
-#endif
-#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
-                               defined(HAVE_SESSION_TICKET))
-    /* Protocol Version */
-    if (i - idx < OPAQUE16_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->version.major = data[idx++];
-    s->version.minor = data[idx++];
-#endif
-#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
-                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-    /* Cipher suite */
-    if (i - idx < OPAQUE16_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->cipherSuite0 = data[idx++];
-    s->cipherSuite = data[idx++];
-#endif
-#ifndef NO_CLIENT_CACHE
-    /* ServerID len */
-    if (i - idx < OPAQUE16_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN;
-
-    /* ServerID */
-    if (i - idx < s->idLen) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen;
-#endif
-#ifdef WOLFSSL_SESSION_ID_CTX
-    /* byte for length of session context ID */
-    if (i - idx < OPAQUE8_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->sessionCtxSz = data[idx++];
-
-    /* app session context ID */
-    if (i - idx < s->sessionCtxSz) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    XMEMCPY(s->sessionCtx, data + idx, s->sessionCtxSz); idx += s->sessionCtxSz;
-#endif
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-    /* byte for peerVerifyRet */
-    if (i - idx < OPAQUE8_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->peerVerifyRet = data[idx++];
-#endif
-#ifdef WOLFSSL_TLS13
-    if (i - idx < OPAQUE16_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    ato16(data + idx, &s->namedGroup);
-    idx += OPAQUE16_LEN;
-#endif
-#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-#ifdef WOLFSSL_TLS13
-    if (i - idx < (OPAQUE32_LEN * 2)) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-#ifdef WOLFSSL_32BIT_MILLI_TIME
-    ato32(data + idx, &s->ticketSeen);
-    idx += OPAQUE32_LEN;
-#else
-    {
-        word32 seenHi, seenLo;
-
-        ato32(data + idx, &seenHi);
-        idx += OPAQUE32_LEN;
-        ato32(data + idx, &seenLo);
-        idx += OPAQUE32_LEN;
-        s->ticketSeen = ((sword64)seenHi << 32) + seenLo;
-    }
-#endif
-    ato32(data + idx, &s->ticketAdd);
-    idx += OPAQUE32_LEN;
-    if (i - idx < OPAQUE8_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    s->ticketNonce.len = data[idx++];
-
-    if (i - idx < s->ticketNonce.len) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-#if defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                     \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    ret = SessionTicketNoncePopulate(s, data + idx, s->ticketNonce.len);
-    if (ret != 0)
-        goto end;
-#else
-    if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    XMEMCPY(s->ticketNonce.data, data + idx, s->ticketNonce.len);
-#endif /* defined(WOLFSSL_TICKET_NONCE_MALLOC) && FIPS_VERSION_GE(5,3) */
-
-    idx += s->ticketNonce.len;
-#endif
-#ifdef WOLFSSL_EARLY_DATA
-    if (i - idx < OPAQUE32_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    ato32(data + idx, &s->maxEarlyDataSz);
-    idx += OPAQUE32_LEN;
-#endif
-#endif
-#ifdef HAVE_SESSION_TICKET
-    /* ticket len */
-    if (i - idx < OPAQUE16_LEN) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    ato16(data + idx, &s->ticketLen); idx += OPAQUE16_LEN;
-
-    /* Dispose of ol dynamic ticket and ensure space for new ticket. */
-    if (s->ticketLenAlloc > 0) {
-        XFREE(s->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    }
-    if (s->ticketLen <= SESSION_TICKET_LEN)
-        s->ticket = s->staticTicket;
-    else {
-        s->ticket = (byte*)XMALLOC(s->ticketLen, NULL,
-                                   DYNAMIC_TYPE_SESSION_TICK);
-        if (s->ticket == NULL) {
-            ret = MEMORY_ERROR;
-            goto end;
-        }
-        s->ticketLenAlloc = (word16)s->ticketLen;
-    }
-
-    /* ticket */
-    if (i - idx < s->ticketLen) {
-        ret = BUFFER_ERROR;
-        goto end;
-    }
-    XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen;
-#endif
-    (void)idx;
-
-    if (sess != NULL) {
-        *sess = s;
-    }
-
-    s->isSetup = 1;
-
-    *p += idx;
-
-end:
-    if (ret != 0 && (sess == NULL || *sess != s)) {
-        wolfSSL_FreeSession(NULL, s);
-        s = NULL;
-    }
-#endif /* HAVE_EXT_CACHE */
-    return s;
-}
-
-/* Check if there is a session ticket associated with this WOLFSSL_SESSION.
- *
- * sess - pointer to WOLFSSL_SESSION struct
- *
- * Returns 1 if has session ticket, otherwise 0 */
-int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket");
-#ifdef HAVE_SESSION_TICKET
-    sess = ClientSessionToSession(sess);
-    if (sess) {
-        if ((sess->ticketLen > 0) && (sess->ticket != NULL)) {
-            return WOLFSSL_SUCCESS;
-        }
-    }
-#else
-    (void)sess;
-#endif
-    return WOLFSSL_FAILURE;
-}
-
-unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
-                  const WOLFSSL_SESSION* sess)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_ticket_lifetime_hint");
-    sess = ClientSessionToSession(sess);
-    if (sess) {
-        return sess->timeout;
-    }
-    return 0;
-}
-
-long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
-{
-    long timeout = 0;
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
-    sess = ClientSessionToSession(sess);
-    if (sess)
-        timeout = sess->timeout;
-    return timeout;
-}
-
-long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
-{
-    word32 tmptime;
-
-    ses = ClientSessionToSession(ses);
-    if (ses == NULL || t < 0) {
-        return BAD_FUNC_ARG;
-    }
-
-    tmptime = t & 0xFFFFFFFF;
-    ses->timeout = tmptime;
-
-    return WOLFSSL_SUCCESS;
-}
-
-long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
-{
-    long bornOn = 0;
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
-    sess = ClientSessionToSession(sess);
-    if (sess)
-        bornOn = sess->bornOn;
-    return bornOn;
-}
-
-long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t)
-{
-
-    ses = ClientSessionToSession(ses);
-    if (ses == NULL || t < 0) {
-        return 0;
-    }
-    ses->bornOn = (word32)t;
-    return t;
-}
-
-#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
-
 #ifdef OPENSSL_EXTRA
 
 #if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM)
 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 {
-    int ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
     if (ssl != NULL && fname != NULL)
@@ -23533,13 +18256,13 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 
         if (sz > (long)sizeof(staticBuffer)) {
             WOLFSSL_MSG("Getting dynamic buffer");
-            myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
+            myBuffer = (byte*)XMALLOC((size_t)sz, ctx->heap, DYNAMIC_TYPE_FILE);
             dynamic = 1;
         }
 
         if ((myBuffer != NULL) &&
             (sz > 0) &&
-            (XFREAD(myBuffer, 1, sz, file) == (size_t)sz) &&
+            (XFREAD(myBuffer, 1, (size_t)sz, file) == (size_t)sz) &&
             (PemToDer(myBuffer, (long)sz, CERT_TYPE,
                       &fileDer, ctx->heap, NULL, NULL) == 0) &&
             (fileDer->length != 0) &&
@@ -23562,266 +18285,279 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 }
 #endif
 #endif /* OPENSSL_EXTRA */
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 #ifndef NO_CERTS
     /* oidCertExtType */
-    { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
-                                                "X509v3 Basic Constraints"},
-    { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
-                                         "X509v3 Subject Alternative Name"},
-    { NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType, "crlDistributionPoints",
-                                          "X509v3 CRL Distribution Points"},
-    { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
-                                            "Authority Information Access"},
-    { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
-               "authorityKeyIdentifier", "X509v3 Authority Key Identifier"},
-    { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
-                   "subjectKeyIdentifier", "X509v3 Subject Key Identifier"},
-    { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
-                                                        "X509v3 Key Usage"},
-    { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
-                           "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"},
-    { NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType,
-                           "extendedKeyUsage", "X509v3 Extended Key Usage"},
-    { NID_name_constraints, NAME_CONS_OID, oidCertExtType,
-                              "nameConstraints", "X509v3 Name Constraints"},
-    { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
-                      "certificatePolicies", "X509v3 Certificate Policies"},
+    { WC_NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
+      "X509v3 Basic Constraints"},
+    { WC_NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
+      "X509v3 Subject Alternative Name"},
+    { WC_NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType,
+      "crlDistributionPoints", "X509v3 CRL Distribution Points"},
+    { WC_NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
+      "Authority Information Access"},
+    { WC_NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
+      "authorityKeyIdentifier", "X509v3 Authority Key Identifier"},
+    { WC_NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
+      "subjectKeyIdentifier", "X509v3 Subject Key Identifier"},
+    { WC_NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
+      "X509v3 Key Usage"},
+    { WC_NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
+      "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"},
+    { WC_NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType,
+      "extendedKeyUsage", "X509v3 Extended Key Usage"},
+    { WC_NID_name_constraints, NAME_CONS_OID, oidCertExtType,
+      "nameConstraints", "X509v3 Name Constraints"},
+    { WC_NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
+      "certificatePolicies", "X509v3 Certificate Policies"},
 
     /* oidCertAuthInfoType */
-    { NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP",
-                                            "OCSP"},
-    { NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
-                                                 "caIssuers", "CA Issuers"},
+    { WC_NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP",
+      "OCSP"},
+    { WC_NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
+      "caIssuers", "CA Issuers"},
 
     /* oidCertPolicyType */
-    { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
-                                                       "X509v3 Any Policy"},
+    { WC_NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
+      "X509v3 Any Policy"},
 
     /* oidCertAltNameType */
-    { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
+    { WC_NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
 
     /* oidCertKeyUseType */
-    { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
-                           "anyExtendedKeyUsage", "Any Extended Key Usage"},
+    { WC_NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
+      "anyExtendedKeyUsage", "Any Extended Key Usage"},
     { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType,
-                             "serverAuth", "TLS Web Server Authentication"},
+      "serverAuth", "TLS Web Server Authentication"},
     { EKU_CLIENT_AUTH_OID, EKU_CLIENT_AUTH_OID, oidCertKeyUseType,
-                             "clientAuth", "TLS Web Client Authentication"},
+      "clientAuth", "TLS Web Client Authentication"},
     { EKU_OCSP_SIGN_OID, EKU_OCSP_SIGN_OID, oidCertKeyUseType,
-                                             "OCSPSigning", "OCSP Signing"},
+      "OCSPSigning", "OCSP Signing"},
 
     /* oidCertNameType */
-    { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"},
+    { WC_NID_commonName, WC_NID_commonName, oidCertNameType, "CN", "commonName"},
 #if !defined(WOLFSSL_CERT_REQ)
-    { NID_surname, NID_surname, oidCertNameType, "SN", "surname"},
+    { WC_NID_surname, WC_NID_surname, oidCertNameType, "SN", "surname"},
 #endif
-    { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber",
-                                                            "serialNumber"},
-    { NID_userId, NID_userId, oidCertNameType, "UID", "userid"},
-    { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"},
-    { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"},
-    { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST",
-                                                        "stateOrProvinceName"},
-    { NID_streetAddress, NID_streetAddress, oidCertNameType, "street",
-                                                        "streetAddress"},
-    { NID_organizationName, NID_organizationName, oidCertNameType, "O",
-                                                        "organizationName"},
-    { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType,
-                                                "OU", "organizationalUnitName"},
-    { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress",
-                                                            "emailAddress"},
-    { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC",
-                                                            "domainComponent"},
-    { NID_favouriteDrink, NID_favouriteDrink, oidCertNameType, "favouriteDrink",
-                                                            "favouriteDrink"},
-    { NID_businessCategory, NID_businessCategory, oidCertNameType, "businessCategory",
-                                                            "businessCategory"},
-    { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType, "jurisdictionC",
-                                                            "jurisdictionCountryName"},
-    { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
-            oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
-    { NID_postalCode, NID_postalCode, oidCertNameType, "postalCode", "postalCode"},
-    { NID_userId, NID_userId, oidCertNameType, "UID", "userId"},
+    { WC_NID_serialNumber, WC_NID_serialNumber, oidCertNameType, "serialNumber",
+      "serialNumber"},
+    { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userid"},
+    { WC_NID_countryName, WC_NID_countryName, oidCertNameType, "C", "countryName"},
+    { WC_NID_localityName, WC_NID_localityName, oidCertNameType, "L", "localityName"},
+    { WC_NID_stateOrProvinceName, WC_NID_stateOrProvinceName, oidCertNameType, "ST",
+      "stateOrProvinceName"},
+    { WC_NID_streetAddress, WC_NID_streetAddress, oidCertNameType, "street",
+      "streetAddress"},
+    { WC_NID_organizationName, WC_NID_organizationName, oidCertNameType, "O",
+      "organizationName"},
+    { WC_NID_organizationalUnitName, WC_NID_organizationalUnitName, oidCertNameType,
+      "OU", "organizationalUnitName"},
+    { WC_NID_emailAddress, WC_NID_emailAddress, oidCertNameType, "emailAddress",
+      "emailAddress"},
+    { WC_NID_domainComponent, WC_NID_domainComponent, oidCertNameType, "DC",
+      "domainComponent"},
+    { WC_NID_rfc822Mailbox, WC_NID_rfc822Mailbox, oidCertNameType, "rfc822Mailbox",
+      "rfc822Mailbox"},
+    { WC_NID_favouriteDrink, WC_NID_favouriteDrink, oidCertNameType, "favouriteDrink",
+      "favouriteDrink"},
+    { WC_NID_businessCategory, WC_NID_businessCategory, oidCertNameType,
+      "businessCategory", "businessCategory"},
+    { WC_NID_jurisdictionCountryName, WC_NID_jurisdictionCountryName, oidCertNameType,
+      "jurisdictionC", "jurisdictionCountryName"},
+    { WC_NID_jurisdictionStateOrProvinceName, WC_NID_jurisdictionStateOrProvinceName,
+      oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
+    { WC_NID_postalCode, WC_NID_postalCode, oidCertNameType, "postalCode",
+      "postalCode"},
+    { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userId"},
 
 #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL)
-    { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
+    { WC_NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
             oidCsrAttrType, "challengePassword", "challengePassword"},
-    { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
+    { WC_NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
         oidCsrAttrType, "contentType", "contentType" },
-    { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
+    { WC_NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
         oidCsrAttrType, "unstructuredName", "unstructuredName" },
-    { NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
-    { NID_surname, SURNAME_OID,
+    { WC_NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
+    { WC_NID_surname, SURNAME_OID,
         oidCsrAttrType, "surname", "surname" },
-    { NID_givenName, GIVEN_NAME_OID,
+    { WC_NID_givenName, GIVEN_NAME_OID,
         oidCsrAttrType, "givenName", "givenName" },
-    { NID_initials, INITIALS_OID,
+    { WC_NID_initials, INITIALS_OID,
         oidCsrAttrType, "initials", "initials" },
-    { NID_dnQualifier, DNQUALIFIER_OID,
+    { WC_NID_dnQualifier, DNQUALIFIER_OID,
         oidCsrAttrType, "dnQualifer", "dnQualifier" },
 #endif
 #endif
 #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */
         /* oidHashType */
     #ifdef WOLFSSL_MD2
-        { NID_md2, MD2h, oidHashType, "MD2", "md2"},
+        { WC_NID_md2, MD2h, oidHashType, "MD2", "md2"},
     #endif
-    #ifdef WOLFSSL_MD5
-        { NID_md5, MD5h, oidHashType, "MD5", "md5"},
+    #ifndef NO_MD4
+        { WC_NID_md4, MD4h, oidHashType, "MD4", "md4"},
+    #endif
+    #ifndef NO_MD5
+        { WC_NID_md5, MD5h, oidHashType, "MD5", "md5"},
     #endif
     #ifndef NO_SHA
-        { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
+        { WC_NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
     #endif
     #ifdef WOLFSSL_SHA224
-        { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
+        { WC_NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
     #endif
     #ifndef NO_SHA256
-        { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
+        { WC_NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
     #endif
     #ifdef WOLFSSL_SHA384
-        { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
+        { WC_NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
     #endif
     #ifdef WOLFSSL_SHA512
-        { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
+        { WC_NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
     #endif
     #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
+        { WC_NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
+        { WC_NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
+        { WC_NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
+        { WC_NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
         #endif
     #endif /* WOLFSSL_SHA3 */
     #ifdef WOLFSSL_SM3
-        { NID_sm3, SM3h, oidHashType, "SM3", "sm3"},
+        { WC_NID_sm3, SM3h, oidHashType, "SM3", "sm3"},
     #endif
         /* oidSigType */
     #ifndef NO_DSA
         #ifndef NO_SHA
-        { NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
-        { NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256",
-                                                        "dsa_with_SHA256"},
+        { WC_NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
+        { WC_NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256",
+          "dsa_with_SHA256"},
         #endif
     #endif /* NO_DSA */
     #ifndef NO_RSA
         #ifdef WOLFSSL_MD2
-        { NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2",
-                                                        "md2WithRSAEncryption"},
+        { WC_NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2",
+          "md2WithRSAEncryption"},
         #endif
         #ifndef NO_MD5
-        { NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5",
-                                                        "md5WithRSAEncryption"},
+        { WC_NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5",
+          "md5WithRSAEncryption"},
         #endif
         #ifndef NO_SHA
-        { NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
-                                                       "sha1WithRSAEncryption"},
+        { WC_NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
+          "sha1WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA224
-        { NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
-                                                     "sha224WithRSAEncryption"},
+        { WC_NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
+          "sha224WithRSAEncryption"},
         #endif
         #ifndef NO_SHA256
-        { NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
-                                                     "sha256WithRSAEncryption"},
+        { WC_NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
+          "sha256WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA384
-        { NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
-                                                     "sha384WithRSAEncryption"},
+        { WC_NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
+          "sha384WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA512
-        { NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
-                                                     "sha512WithRSAEncryption"},
+        { WC_NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
+          "sha512WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224",
-                                                     "sha3-224WithRSAEncryption"},
+        { WC_NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224",
+          "sha3-224WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256",
-                                                     "sha3-256WithRSAEncryption"},
+        { WC_NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256",
+          "sha3-256WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384",
-                                                     "sha3-384WithRSAEncryption"},
+        { WC_NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384",
+          "sha3-384WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512",
-                                                     "sha3-512WithRSAEncryption"},
+        { WC_NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512",
+          "sha3-512WithRSAEncryption"},
         #endif
         #endif
         #ifdef WC_RSA_PSS
-        { NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" },
+        { WC_NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" },
         #endif
     #endif /* NO_RSA */
     #ifdef HAVE_ECC
         #ifndef NO_SHA
-        { NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1", "shaWithECDSA"},
+        { WC_NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1",
+          "shaWithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA224
-        { NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType, "ecdsa-with-SHA224","sha224WithECDSA"},
+        { WC_NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType,
+          "ecdsa-with-SHA224","sha224WithECDSA"},
         #endif
         #ifndef NO_SHA256
-        { NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType, "ecdsa-with-SHA256","sha256WithECDSA"},
+        { WC_NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType,
+          "ecdsa-with-SHA256","sha256WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA384
-        { NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType, "ecdsa-with-SHA384","sha384WithECDSA"},
+        { WC_NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType,
+          "ecdsa-with-SHA384","sha384WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA512
-        { NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType, "ecdsa-with-SHA512","sha512WithECDSA"},
+        { WC_NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType,
+          "ecdsa-with-SHA512","sha512WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType, "id-ecdsa-with-SHA3-224",
-                "ecdsa_with_SHA3-224"},
+        { WC_NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType,
+          "id-ecdsa-with-SHA3-224", "ecdsa_with_SHA3-224"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType, "id-ecdsa-with-SHA3-256",
-                "ecdsa_with_SHA3-256"},
+        { WC_NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType,
+          "id-ecdsa-with-SHA3-256", "ecdsa_with_SHA3-256"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType, "id-ecdsa-with-SHA3-384",
-                "ecdsa_with_SHA3-384"},
+        { WC_NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType,
+          "id-ecdsa-with-SHA3-384", "ecdsa_with_SHA3-384"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType, "id-ecdsa-with-SHA3-512",
-                "ecdsa_with_SHA3-512"},
+        { WC_NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType,
+          "id-ecdsa-with-SHA3-512", "ecdsa_with_SHA3-512"},
         #endif
         #endif
     #endif /* HAVE_ECC */
 
         /* oidKeyType */
     #ifndef NO_DSA
-        { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
+        { WC_NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
     #endif /* NO_DSA */
     #ifndef NO_RSA
-        { NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption", "rsaEncryption"},
+        { WC_NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption",
+          "rsaEncryption"},
     #ifdef WC_RSA_PSS
-        { NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"},
+        { WC_NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"},
     #endif
     #endif /* NO_RSA */
     #ifdef HAVE_ECC
-        { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
+        { WC_NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
                                                         "id-ecPublicKey"},
     #endif /* HAVE_ECC */
     #ifndef NO_DH
-        { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement", "dhKeyAgreement"},
+        { WC_NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement",
+          "dhKeyAgreement"},
     #endif
     #ifdef HAVE_ED448
-        { NID_ED448, ED448k,  oidKeyType, "ED448", "ED448"},
+        { WC_NID_ED448, ED448k,  oidKeyType, "ED448", "ED448"},
     #endif
     #ifdef HAVE_ED25519
-        { NID_ED25519, ED25519k,  oidKeyType, "ED25519", "ED25519"},
+        { WC_NID_ED25519, ED25519k,  oidKeyType, "ED25519", "ED25519"},
     #endif
-    #ifdef HAVE_PQC
     #ifdef HAVE_FALCON
         { CTC_FALCON_LEVEL1, FALCON_LEVEL1k,  oidKeyType, "Falcon Level 1",
                                                           "Falcon Level 1"},
@@ -23829,55 +18565,89 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
                                                           "Falcon Level 5"},
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         { CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k,  oidKeyType,
           "Dilithium Level 2", "Dilithium Level 2"},
         { CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k,  oidKeyType,
           "Dilithium Level 3", "Dilithium Level 3"},
         { CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k,  oidKeyType,
           "Dilithium Level 5", "Dilithium Level 5"},
+    #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        { CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k,  oidKeyType,
+          "ML-DSA 44", "ML-DSA 44"},
+        { CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k,  oidKeyType,
+          "ML-DSA 65", "ML-DSA 65"},
+        { CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k,  oidKeyType,
+          "ML-DSA 87", "ML-DSA 87"},
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
 
         /* oidCurveType */
     #ifdef HAVE_ECC
-        { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", "prime192v1"},
-        { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", "prime192v2"},
-        { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", "prime192v3"},
+        { WC_NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1",
+          "prime192v1"},
+        { WC_NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2",
+          "prime192v2"},
+        { WC_NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3",
+          "prime192v3"},
 
-        { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", "prime239v1"},
-        { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", "prime239v2"},
-        { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", "prime239v3"},
+        { WC_NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1",
+          "prime239v1"},
+        { WC_NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2",
+          "prime239v2"},
+        { WC_NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3",
+          "prime239v3"},
 
-        { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", "prime256v1"},
+        { WC_NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1",
+          "prime256v1"},
 
-        { NID_secp112r1, ECC_SECP112R1_OID,  oidCurveType, "secp112r1", "secp112r1"},
-        { NID_secp112r2, ECC_SECP112R2_OID,  oidCurveType, "secp112r2", "secp112r2"},
+        { WC_NID_secp112r1, ECC_SECP112R1_OID,  oidCurveType, "secp112r1",
+          "secp112r1"},
+        { WC_NID_secp112r2, ECC_SECP112R2_OID,  oidCurveType, "secp112r2",
+          "secp112r2"},
 
-        { NID_secp128r1, ECC_SECP128R1_OID,  oidCurveType, "secp128r1", "secp128r1"},
-        { NID_secp128r2, ECC_SECP128R2_OID,  oidCurveType, "secp128r2", "secp128r2"},
+        { WC_NID_secp128r1, ECC_SECP128R1_OID,  oidCurveType, "secp128r1",
+          "secp128r1"},
+        { WC_NID_secp128r2, ECC_SECP128R2_OID,  oidCurveType, "secp128r2",
+          "secp128r2"},
 
-        { NID_secp160r1, ECC_SECP160R1_OID,  oidCurveType, "secp160r1", "secp160r1"},
-        { NID_secp160r2, ECC_SECP160R2_OID,  oidCurveType, "secp160r2", "secp160r2"},
+        { WC_NID_secp160r1, ECC_SECP160R1_OID,  oidCurveType, "secp160r1",
+          "secp160r1"},
+        { WC_NID_secp160r2, ECC_SECP160R2_OID,  oidCurveType, "secp160r2",
+          "secp160r2"},
 
-        { NID_secp224r1, ECC_SECP224R1_OID,  oidCurveType, "secp224r1", "secp224r1"},
-        { NID_secp384r1, ECC_SECP384R1_OID,  oidCurveType, "secp384r1", "secp384r1"},
-        { NID_secp521r1, ECC_SECP521R1_OID,  oidCurveType, "secp521r1", "secp521r1"},
+        { WC_NID_secp224r1, ECC_SECP224R1_OID,  oidCurveType, "secp224r1",
+          "secp224r1"},
+        { WC_NID_secp384r1, ECC_SECP384R1_OID,  oidCurveType, "secp384r1",
+          "secp384r1"},
+        { WC_NID_secp521r1, ECC_SECP521R1_OID,  oidCurveType, "secp521r1",
+          "secp521r1"},
 
-        { NID_secp160k1, ECC_SECP160K1_OID,  oidCurveType, "secp160k1", "secp160k1"},
-        { NID_secp192k1, ECC_SECP192K1_OID,  oidCurveType, "secp192k1", "secp192k1"},
-        { NID_secp224k1, ECC_SECP224K1_OID,  oidCurveType, "secp224k1", "secp224k1"},
-        { NID_secp256k1, ECC_SECP256K1_OID,  oidCurveType, "secp256k1", "secp256k1"},
+        { WC_NID_secp160k1, ECC_SECP160K1_OID,  oidCurveType, "secp160k1",
+          "secp160k1"},
+        { WC_NID_secp192k1, ECC_SECP192K1_OID,  oidCurveType, "secp192k1",
+          "secp192k1"},
+        { WC_NID_secp224k1, ECC_SECP224K1_OID,  oidCurveType, "secp224k1",
+          "secp224k1"},
+        { WC_NID_secp256k1, ECC_SECP256K1_OID,  oidCurveType, "secp256k1",
+          "secp256k1"},
 
-        { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID,  oidCurveType, "brainpoolP160r1", "brainpoolP160r1"},
-        { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID,  oidCurveType, "brainpoolP192r1", "brainpoolP192r1"},
-        { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID,  oidCurveType, "brainpoolP224r1", "brainpoolP224r1"},
-        { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID,  oidCurveType, "brainpoolP256r1", "brainpoolP256r1"},
-        { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID,  oidCurveType, "brainpoolP320r1", "brainpoolP320r1"},
-        { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID,  oidCurveType, "brainpoolP384r1", "brainpoolP384r1"},
-        { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID,  oidCurveType, "brainpoolP512r1", "brainpoolP512r1"},
+        { WC_NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID,  oidCurveType,
+          "brainpoolP160r1", "brainpoolP160r1"},
+        { WC_NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID,  oidCurveType,
+          "brainpoolP192r1", "brainpoolP192r1"},
+        { WC_NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID,  oidCurveType,
+          "brainpoolP224r1", "brainpoolP224r1"},
+        { WC_NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID,  oidCurveType,
+          "brainpoolP256r1", "brainpoolP256r1"},
+        { WC_NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID,  oidCurveType,
+          "brainpoolP320r1", "brainpoolP320r1"},
+        { WC_NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID,  oidCurveType,
+          "brainpoolP384r1", "brainpoolP384r1"},
+        { WC_NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID,  oidCurveType,
+          "brainpoolP512r1", "brainpoolP512r1"},
 
     #ifdef WOLFSSL_SM2
-        { NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"},
+        { WC_NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"},
     #endif
     #endif /* HAVE_ECC */
 
@@ -23892,19 +18662,19 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
         { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"},
     #endif
     #ifndef NO_DES3
-        { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
-        { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
+        { WC_NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
+        { WC_NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
     #endif /* !NO_DES3 */
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        { NID_chacha20_poly1305, NID_chacha20_poly1305, oidBlkType, "ChaCha20-Poly1305", "chacha20-poly1305"},
+        { WC_NID_chacha20_poly1305, WC_NID_chacha20_poly1305, oidBlkType,
+          "ChaCha20-Poly1305", "chacha20-poly1305"},
     #endif
 
         /* oidOcspType */
     #ifdef HAVE_OCSP
-        { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, "basicOCSPResponse",
-                                                         "Basic OCSP Response"},
-        { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce",
-                                                                  "OCSP Nonce"},
+        { WC_NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType,
+          "basicOCSPResponse", "Basic OCSP Response"},
+        { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce", "OCSP Nonce"},
     #endif /* HAVE_OCSP */
 
     #ifndef NO_PWDBASED
@@ -23913,22 +18683,25 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 
         /* oidPBEType */
         { PBE_SHA1_RC4_128, PBE_SHA1_RC4_128, oidPBEType,
-                                 "PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4"},
+          "PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4"},
         { PBE_SHA1_DES, PBE_SHA1_DES, oidPBEType, "PBE-SHA1-DES",
-                                                       "pbeWithSHA1AndDES-CBC"},
+          "pbeWithSHA1AndDES-CBC"},
         { PBE_SHA1_DES3, PBE_SHA1_DES3, oidPBEType, "PBE-SHA1-3DES",
-                                            "pbeWithSHA1And3-KeyTripleDES-CBC"},
+          "pbeWithSHA1And3-KeyTripleDES-CBC"},
     #endif
 
         /* oidKeyWrapType */
     #ifdef WOLFSSL_AES_128
-        { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap", "aes128-wrap"},
+        { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap",
+          "aes128-wrap"},
     #endif
     #ifdef WOLFSSL_AES_192
-        { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap", "aes192-wrap"},
+        { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap",
+          "aes192-wrap"},
     #endif
     #ifdef WOLFSSL_AES_256
-        { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap", "aes256-wrap"},
+        { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap",
+          "aes256-wrap"},
     #endif
 
     #ifndef NO_PKCS7
@@ -23936,41 +18709,46 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
         /* oidCmsKeyAgreeType */
             #ifndef NO_SHA
         { dhSinglePass_stdDH_sha1kdf_scheme, dhSinglePass_stdDH_sha1kdf_scheme,
-                oidCmsKeyAgreeType, "dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme"},
+          oidCmsKeyAgreeType, "dhSinglePass-stdDH-sha1kdf-scheme",
+          "dhSinglePass-stdDH-sha1kdf-scheme"},
             #endif
             #ifdef WOLFSSL_SHA224
         { dhSinglePass_stdDH_sha224kdf_scheme,
-                dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType,
-                "dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme"},
+          dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType,
+          "dhSinglePass-stdDH-sha224kdf-scheme",
+          "dhSinglePass-stdDH-sha224kdf-scheme"},
             #endif
             #ifndef NO_SHA256
         { dhSinglePass_stdDH_sha256kdf_scheme,
-                        dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType,
-                        "dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme"},
+          dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType,
+          "dhSinglePass-stdDH-sha256kdf-scheme",
+          "dhSinglePass-stdDH-sha256kdf-scheme"},
             #endif
             #ifdef WOLFSSL_SHA384
         { dhSinglePass_stdDH_sha384kdf_scheme,
-                        dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType,
-                        "dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme"},
+          dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType,
+          "dhSinglePass-stdDH-sha384kdf-scheme",
+          "dhSinglePass-stdDH-sha384kdf-scheme"},
             #endif
             #ifdef WOLFSSL_SHA512
         { dhSinglePass_stdDH_sha512kdf_scheme,
-                        dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType,
-                        "dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme"},
+          dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType,
+          "dhSinglePass-stdDH-sha512kdf-scheme",
+          "dhSinglePass-stdDH-sha512kdf-scheme"},
             #endif
         #endif
     #endif
     #if defined(WOLFSSL_APACHE_HTTPD)
         /* "1.3.6.1.5.5.7.8.7" */
-        { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType,
+        { WC_NID_id_on_dnsSRV, WC_NID_id_on_dnsSRV, oidCertNameType,
             WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV },
 
         /* "1.3.6.1.4.1.311.20.2.3" */
-        { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
+        { WC_NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
             WOLFSSL_LN_MS_UPN },
 
         /* "1.3.6.1.5.5.7.1.24" */
-        { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
+        { WC_NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
             WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE },
     #endif
 #endif /* OPENSSL_EXTRA */
@@ -23979,7 +18757,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 #define WOLFSSL_OBJECT_INFO_SZ \
                 (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info))
 const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ;
-#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* Free the dynamically allocated data.
@@ -24028,15 +18806,16 @@ unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
             continue;
         }
 
-        srcDigitHigh = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]);
-        srcDigitLow = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]);
+        srcDigitHigh = wolfSSL_OPENSSL_hexchar2int((unsigned char)str[srcIdx++]);
+        srcDigitLow = wolfSSL_OPENSSL_hexchar2int((unsigned char)str[srcIdx++]);
         if (srcDigitHigh < 0 || srcDigitLow < 0) {
             WOLFSSL_MSG("Invalid hex character.");
             XFREE(targetBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             return NULL;
         }
 
-        targetBuf[targetIdx++] = (unsigned char)((srcDigitHigh << 4) | srcDigitLow);
+        targetBuf[targetIdx++] = (unsigned char)((srcDigitHigh << 4) |
+                                                  srcDigitLow       );
     }
 
     if (len != NULL)
@@ -24045,304 +18824,21 @@ unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
     return targetBuf;
 }
 
-int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings)
+int wolfSSL_OPENSSL_init_ssl(word64 opts, const WOLFSSL_INIT_SETTINGS *settings)
 {
     (void)opts;
     (void)settings;
     return wolfSSL_library_init();
 }
 
-int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS* settings)
+int wolfSSL_OPENSSL_init_crypto(word64 opts,
+    const WOLFSSL_INIT_SETTINGS* settings)
 {
     (void)opts;
     (void)settings;
     return wolfSSL_library_init();
 }
 
-#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
-
-int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
-                  unsigned char* passwd, int passwdSz, byte **cipherInfo,
-                  int maxDerSz)
-{
-    int ret, paddingSz;
-    word32 idx, cipherInfoSz;
-#ifdef WOLFSSL_SMALL_STACK
-    EncryptedInfo* info = NULL;
-#else
-    EncryptedInfo  info[1];
-#endif
-
-    WOLFSSL_ENTER("EncryptDerKey");
-
-    if (der == NULL || derSz == NULL || cipher == NULL ||
-        passwd == NULL || cipherInfo == NULL)
-        return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
-    info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                   DYNAMIC_TYPE_ENCRYPTEDINFO);
-    if (info == NULL) {
-        WOLFSSL_MSG("malloc failed");
-        return WOLFSSL_FAILURE;
-    }
-#endif
-
-    XMEMSET(info, 0, sizeof(EncryptedInfo));
-
-    /* set the cipher name on info */
-    XSTRNCPY(info->name, cipher, NAME_SZ-1);
-    info->name[NAME_SZ-1] = '\0'; /* null term */
-
-    ret = wc_EncryptedInfoGet(info, info->name);
-    if (ret != 0) {
-        WOLFSSL_MSG("unsupported cipher");
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-    #endif
-        return WOLFSSL_FAILURE;
-    }
-
-    /* Generate a random salt */
-    if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != WOLFSSL_SUCCESS) {
-        WOLFSSL_MSG("generate iv failed");
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-#endif
-        return WOLFSSL_FAILURE;
-    }
-
-    /* add the padding before encryption */
-    paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz);
-    if (paddingSz == 0)
-        paddingSz = info->ivSz;
-    if (maxDerSz < *derSz + paddingSz) {
-        WOLFSSL_MSG("not enough DER buffer allocated");
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-#endif
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz);
-    (*derSz) += paddingSz;
-
-    /* encrypt buffer */
-    if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz, WC_MD5) != 0) {
-        WOLFSSL_MSG("encrypt key failed");
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-#endif
-        return WOLFSSL_FAILURE;
-    }
-
-    /* create cipher info : 'cipher_name,Salt(hex)' */
-    cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2);
-    *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL,
-                                DYNAMIC_TYPE_STRING);
-    if (*cipherInfo == NULL) {
-        WOLFSSL_MSG("malloc failed");
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-#endif
-        return WOLFSSL_FAILURE;
-    }
-    XSTRLCPY((char*)*cipherInfo, info->name, cipherInfoSz);
-    XSTRLCAT((char*)*cipherInfo, ",", cipherInfoSz);
-
-    idx = (word32)XSTRLEN((char*)*cipherInfo);
-    cipherInfoSz -= idx;
-    ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-#endif
-    if (ret != 0) {
-        WOLFSSL_MSG("Base16_Encode failed");
-        XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING);
-        return WOLFSSL_FAILURE;
-    }
-
-    return WOLFSSL_SUCCESS;
-}
-#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
-
-#if !defined(NO_BIO)
-static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf,
-    int* derSz)
-{
-    byte* buf = NULL;
-    int sz = 0;
-
-    (void)heap;
-
-    if (key == NULL) {
-        WOLFSSL_MSG("Bad parameters");
-        return WOLFSSL_FAILURE;
-    }
-
-    switch (key->type) {
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-        case EVP_PKEY_RSA:
-            if ((sz = wolfSSL_RSA_To_Der(key->rsa, &buf, 1, heap))
-                    < 0) {
-                WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
-                break;
-            }
-            break;
-#endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA */
-#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
-        defined(WOLFSSL_CERT_GEN))
-        case EVP_PKEY_DSA:
-            if (key->dsa == NULL) {
-                WOLFSSL_MSG("key->dsa is null");
-                break;
-            }
-            sz = MAX_DSA_PUBKEY_SZ;
-            buf = (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_TMP_BUFFER);
-            if (buf == NULL) {
-                WOLFSSL_MSG("malloc failed");
-                break;
-            }
-            /* Key to DER */
-            sz = wc_DsaKeyToPublicDer((DsaKey*)key->dsa->internal, buf, sz);
-            if (sz < 0) {
-                WOLFSSL_MSG("wc_DsaKeyToDer failed");
-                break;
-            }
-            break;
-#endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
-        case EVP_PKEY_EC:
-        {
-            if (key->ecc == NULL) {
-                WOLFSSL_MSG("key->ecc is null");
-                break;
-            }
-            if ((sz = wolfssl_ec_key_to_pubkey_der(key->ecc, &buf, heap)) <=
-                    0) {
-                WOLFSSL_MSG("wolfssl_ec_key_to_pubkey_der failed");
-                break;
-            }
-            break;
-        }
-#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
-#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
-        case EVP_PKEY_DH:
-            WOLFSSL_MSG("Writing DH PUBKEY not supported!");
-            break;
-#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
-        default:
-            WOLFSSL_MSG("Unknown Key type!");
-            break;
-    }
-
-    if (buf == NULL || sz <= 0) {
-        if (buf != NULL)
-            XFREE(buf, heap, DYNAMIC_TYPE_DER);
-        return WOLFSSL_FAILURE;
-    }
-
-    *derBuf = buf;
-    *derSz = sz;
-    return WOLFSSL_SUCCESS;
-}
-#endif
-
-#ifndef NO_BIO
-static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
-{
-    int ret;
-    int derSz = 0;
-    byte* derBuf = NULL;
-
-    ret = pem_write_pubkey(key, bio->heap, &derBuf, &derSz);
-    if (ret == WOLFSSL_SUCCESS) {
-        ret = der_write_to_bio_as_pem(derBuf, derSz, bio, PUBLICKEY_TYPE);
-        XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
-    }
-
-    return ret;
-}
-
-/* Takes a public key and writes it out to a WOLFSSL_BIO
- * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
- */
-int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
-{
-    int ret;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY");
-
-    if ((bio == NULL) || (key == NULL)) {
-        ret = WOLFSSL_FAILURE;
-    }
-    else {
-        ret = pem_write_bio_pubkey(bio, key);
-    }
-
-    return ret;
-}
-
-/* Takes a private key and writes it out to a WOLFSSL_BIO
- * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
- */
-int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
-                                     const WOLFSSL_EVP_CIPHER* cipher,
-                                     unsigned char* passwd, int len,
-                                     wc_pem_password_cb* cb, void* arg)
-{
-    byte* keyDer;
-    int type;
-
-    (void)cipher;
-    (void)passwd;
-    (void)len;
-    (void)cb;
-    (void)arg;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey");
-
-    if (bio == NULL || key == NULL) {
-        WOLFSSL_MSG("Bad Function Arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    keyDer = (byte*)key->pkey.ptr;
-
-    switch (key->type) {
-#ifndef NO_RSA
-        case EVP_PKEY_RSA:
-            type = PRIVATEKEY_TYPE;
-            break;
-#endif
-
-#ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            type = DSA_PRIVATEKEY_TYPE;
-            break;
-#endif
-
-#ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            type = ECC_PRIVATEKEY_TYPE;
-            break;
-#endif
-
-#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
-        case EVP_PKEY_DH:
-            type = DH_PRIVATEKEY_TYPE;
-            break;
-#endif
-
-        default:
-            WOLFSSL_MSG("Unknown Key type!");
-            type = PRIVATEKEY_TYPE;
-    }
-
-    return der_write_to_bio_as_pem(keyDer, key->pkey_sz, bio, type);
-}
-#endif /* !NO_BIO */
-
 /* Colon separated list of <public key>+<digest> algorithms.
  * Replaces list in context.
  */
@@ -24379,327 +18875,185 @@ int wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list)
     return SetSuitesHashSigAlgo(ssl->suites, list);
 }
 
-struct WOLFSSL_HashSigInfo {
-    int hashAlgo;
-    int sigAlgo;
-    int nid;
-}  wolfssl_hash_sig_info[] =
+static int HashToNid(byte hashAlgo, int* nid)
 {
-#ifndef NO_RSA
-    #ifndef NO_SHA256
-        { sha256_mac, rsa_sa_algo, CTC_SHA256wRSA },
-    #endif
-    #ifdef WOLFSSL_SHA384
-        { sha384_mac, rsa_sa_algo, CTC_SHA384wRSA },
-    #endif
-    #ifdef WOLFSSL_SHA512
-        { sha512_mac, rsa_sa_algo, CTC_SHA512wRSA },
-    #endif
-    #ifdef WOLFSSL_SHA224
-        { sha224_mac, rsa_sa_algo, CTC_SHA224wRSA },
-    #endif
-    #ifndef NO_SHA
-        { sha_mac,    rsa_sa_algo, CTC_SHAwRSA },
-    #endif
-    #ifdef WC_RSA_PSS
-        #ifndef NO_SHA256
-            { sha256_mac, rsa_pss_sa_algo, CTC_SHA256wRSA },
-        #endif
-        #ifdef WOLFSSL_SHA384
-            { sha384_mac, rsa_pss_sa_algo, CTC_SHA384wRSA },
-        #endif
-        #ifdef WOLFSSL_SHA512
-            { sha512_mac, rsa_pss_sa_algo, CTC_SHA512wRSA },
-        #endif
-        #ifdef WOLFSSL_SHA224
-            { sha224_mac, rsa_pss_sa_algo, CTC_SHA224wRSA },
-        #endif
-    #endif
-#endif
-#ifdef HAVE_ECC
-    #ifndef NO_SHA256
-        { sha256_mac, ecc_dsa_sa_algo, CTC_SHA256wECDSA },
-    #endif
-    #ifdef WOLFSSL_SHA384
-        { sha384_mac, ecc_dsa_sa_algo, CTC_SHA384wECDSA },
-    #endif
-    #ifdef WOLFSSL_SHA512
-        { sha512_mac, ecc_dsa_sa_algo, CTC_SHA512wECDSA },
-    #endif
-    #ifdef WOLFSSL_SHA224
-        { sha224_mac, ecc_dsa_sa_algo, CTC_SHA224wECDSA },
-    #endif
-    #ifndef NO_SHA
-        { sha_mac,    ecc_dsa_sa_algo, CTC_SHAwECDSA },
-    #endif
-#endif
-#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-    { sm3_mac, sm2_sa_algo, CTC_SM3wSM2 },
-#endif
-#ifdef HAVE_ED25519
-    { no_mac, ed25519_sa_algo, CTC_ED25519 },
-#endif
-#ifdef HAVE_ED448
-    { no_mac, ed448_sa_algo, CTC_ED448 },
-#endif
-#ifdef HAVE_PQC
-#ifdef HAVE_FALCON
-    { no_mac, falcon_level1_sa_algo, CTC_FALCON_LEVEL1 },
-    { no_mac, falcon_level5_sa_algo, CTC_FALCON_LEVEL5 },
-#endif /* HAVE_FALCON */
-#ifdef HAVE_DILITHIUM
-    { no_mac, dilithium_level2_sa_algo, CTC_DILITHIUM_LEVEL2 },
-    { no_mac, dilithium_level3_sa_algo, CTC_DILITHIUM_LEVEL3 },
-    { no_mac, dilithium_level5_sa_algo, CTC_DILITHIUM_LEVEL5 },
-#endif /* HAVE_DILITHIUM */
-#endif /* HAVE_PQC */
-#ifndef NO_DSA
-    #ifndef NO_SHA
-        { sha_mac,    dsa_sa_algo, CTC_SHAwDSA },
-    #endif
-#endif
-};
-#define WOLFSSL_HASH_SIG_INFO_SZ \
-    (int)(sizeof(wolfssl_hash_sig_info)/sizeof(*wolfssl_hash_sig_info))
+    int ret = WOLFSSL_SUCCESS;
 
-int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid)
-{
-    int i;
-    int ret = WOLFSSL_FAILURE;
-
-    WOLFSSL_MSG("wolfSSL_get_signature_nid");
-
-    if (ssl == NULL) {
-        WOLFSSL_MSG("Bad function arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    for (i = 0; i < WOLFSSL_HASH_SIG_INFO_SZ; i++) {
-        if (ssl->options.hashAlgo == wolfssl_hash_sig_info[i].hashAlgo &&
-                     ssl->options.sigAlgo == wolfssl_hash_sig_info[i].sigAlgo) {
-            *nid = wolfssl_hash_sig_info[i].nid;
-            ret = WOLFSSL_SUCCESS;
+    /* Cast for compiler to check everything is implemented */
+    switch ((enum wc_MACAlgorithm)hashAlgo) {
+        case no_mac:
+        case rmd_mac:
+            *nid = WC_NID_undef;
+            break;
+        case md5_mac:
+            *nid = WC_NID_md5;
+            break;
+        case sha_mac:
+            *nid = WC_NID_sha1;
+            break;
+        case sha224_mac:
+            *nid = WC_NID_sha224;
+            break;
+        case sha256_mac:
+            *nid = WC_NID_sha256;
+            break;
+        case sha384_mac:
+            *nid = WC_NID_sha384;
+            break;
+        case sha512_mac:
+            *nid = WC_NID_sha512;
+            break;
+        case blake2b_mac:
+            *nid = WC_NID_blake2b512;
+            break;
+        case sm3_mac:
+            *nid = WC_NID_sm3;
+            break;
+        default:
+            ret = WOLFSSL_FAILURE;
             break;
-        }
     }
 
     return ret;
 }
 
+static int SaToNid(byte sa, int* nid)
+{
+    int ret = WOLFSSL_SUCCESS;
+    /* Cast for compiler to check everything is implemented */
+    switch ((enum SignatureAlgorithm)sa) {
+        case anonymous_sa_algo:
+            *nid = WC_NID_undef;
+            break;
+        case rsa_sa_algo:
+            *nid = WC_NID_rsaEncryption;
+            break;
+        case dsa_sa_algo:
+            *nid = WC_NID_dsa;
+            break;
+        case ecc_dsa_sa_algo:
+            *nid = WC_NID_X9_62_id_ecPublicKey;
+            break;
+        case rsa_pss_sa_algo:
+            *nid = WC_NID_rsassaPss;
+            break;
+        case ed25519_sa_algo:
+#ifdef HAVE_ED25519
+            *nid = WC_NID_ED25519;
+#else
+            ret = WOLFSSL_FAILURE;
+#endif
+            break;
+        case rsa_pss_pss_algo:
+            *nid = WC_NID_rsassaPss;
+            break;
+        case ed448_sa_algo:
+#ifdef HAVE_ED448
+            *nid = WC_NID_ED448;
+#else
+            ret = WOLFSSL_FAILURE;
+#endif
+            break;
+        case falcon_level1_sa_algo:
+            *nid = CTC_FALCON_LEVEL1;
+            break;
+        case falcon_level5_sa_algo:
+            *nid = CTC_FALCON_LEVEL5;
+            break;
+        case dilithium_level2_sa_algo:
+            *nid = CTC_ML_DSA_LEVEL2;
+            break;
+        case dilithium_level3_sa_algo:
+            *nid = CTC_ML_DSA_LEVEL3;
+            break;
+        case dilithium_level5_sa_algo:
+            *nid = CTC_ML_DSA_LEVEL5;
+            break;
+        case sm2_sa_algo:
+            *nid = WC_NID_sm2;
+            break;
+        case invalid_sa_algo:
+        default:
+            ret = WOLFSSL_FAILURE;
+            break;
+    }
+    return ret;
+}
+
+/* This API returns the hash selected. */
+int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_signature_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
+    }
+
+    return HashToNid(ssl->options.hashAlgo, nid);
+}
+
+/* This API returns the signature selected. */
+int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_signature_type_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
+    }
+
+    return SaToNid(ssl->options.sigAlgo, nid);
+}
+
+int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_peer_signature_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
+    }
+
+    return HashToNid(ssl->options.peerHashAlgo, nid);
+}
+
+int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl, int* nid)
+{
+    WOLFSSL_MSG("wolfSSL_get_peer_signature_type_nid");
+
+    if (ssl == NULL || nid == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return WOLFSSL_FAILURE;
+    }
+
+    return SaToNid(ssl->options.peerSigAlgo, nid);
+}
+
 #ifdef HAVE_ECC
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
-static int populate_groups(int* groups, int max_count, char *list)
+int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list)
 {
-    char *end;
-    int count = 0;
-    const WOLF_EC_NIST_NAME* nist_name;
-
-    if (!groups || !list) {
-        return -1;
-    }
-
-    for (end = list; ; list = ++end) {
-        int len;
-
-        if (count > max_count) {
-            WOLFSSL_MSG("Too many curves in list");
-            return -1;
-        }
-        while (*end != ':' && *end != '\0') end++;
-        len = (int)(end - list); /* end points to char after end
-                                  * of curve name so no need for -1 */
-        if ((len < kNistCurves_MIN_NAME_LEN) ||
-                (len > kNistCurves_MAX_NAME_LEN)) {
-            WOLFSSL_MSG("Unrecognized curve name in list");
-            return -1;
-        }
-        for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
-            if (len == nist_name->name_len &&
-                    XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
-                break;
-            }
-        }
-        if (!nist_name->name) {
-            WOLFSSL_MSG("Unrecognized curve name in list");
-            return -1;
-        }
-        groups[count++] = nist_name->nid;
-        if (*end == '\0') break;
-    }
-
-    return count;
-}
-
-int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
-{
-    int groups[WOLFSSL_MAX_GROUP_COUNT];
-    int count;
-
     if (!ctx || !list) {
         return WOLFSSL_FAILURE;
     }
 
-    if ((count = populate_groups(groups,
-            WOLFSSL_MAX_GROUP_COUNT, list)) == -1) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return wolfSSL_CTX_set1_groups(ctx, groups, count);
+    return set_curves_list(NULL, ctx, list, 0);
 }
 
-int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list)
+int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list)
 {
-    int groups[WOLFSSL_MAX_GROUP_COUNT];
-    int count;
-
     if (!ssl || !list) {
         return WOLFSSL_FAILURE;
     }
 
-    if ((count = populate_groups(groups,
-            WOLFSSL_MAX_GROUP_COUNT, list)) == -1) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return wolfSSL_set1_groups(ssl, groups, count);
+    return set_curves_list(ssl, NULL, list, 0);
 }
 #endif /* WOLFSSL_TLS13 */
 
 #endif /* HAVE_ECC */
 
-#ifndef NO_BIO
-WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
-                                                  WOLFSSL_EVP_PKEY** key,
-                                                  wc_pem_password_cb* cb,
-                                                  void* pass)
-{
-    WOLFSSL_EVP_PKEY* pkey = NULL;
-    DerBuffer*         der = NULL;
-    int             keyFormat = 0;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey");
-
-    if (bio == NULL)
-        return pkey;
-
-    if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat, &der)
-            >= 0) {
-        const unsigned char* ptr = der->buffer;
-        int                  type = -1;
-
-        if (keyFormat) {
-            /* keyFormat is Key_Sum enum */
-            if (keyFormat == RSAk)
-                type = EVP_PKEY_RSA;
-            else if (keyFormat == ECDSAk)
-                type = EVP_PKEY_EC;
-            else if (keyFormat == DSAk)
-                type = EVP_PKEY_DSA;
-            else if (keyFormat == DHk)
-                type = EVP_PKEY_DH;
-        }
-        else {
-            /* Default to RSA if format is not set */
-            type = EVP_PKEY_RSA;
-        }
-
-        /* handle case where reuse is attempted */
-        if (key != NULL && *key != NULL)
-            pkey = *key;
-
-        wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length);
-        if (pkey == NULL) {
-            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
-        }
-    }
-
-    FreeDer(&der);
-
-    if (key != NULL && pkey != NULL)
-        *key = pkey;
-
-    WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", 0);
-
-    return pkey;
-}
-
-WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
-                                              WOLFSSL_EVP_PKEY **key,
-                                              wc_pem_password_cb *cb,
-                                              void *pass)
-{
-    WOLFSSL_EVP_PKEY* pkey = NULL;
-    DerBuffer*        der = NULL;
-    int               keyFormat = 0;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY");
-
-    if (bio == NULL)
-        return pkey;
-
-    if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der)
-            >= 0) {
-        const unsigned char* ptr = der->buffer;
-
-        /* handle case where reuse is attempted */
-        if (key != NULL && *key != NULL)
-            pkey = *key;
-
-        wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length);
-        if (pkey == NULL) {
-            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
-        }
-    }
-
-    FreeDer(&der);
-
-    if (key != NULL && pkey != NULL)
-        *key = pkey;
-
-    WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0);
-
-    return pkey;
-}
-#endif /* !NO_BIO */
-
-#if !defined(NO_FILESYSTEM)
-WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **key,
-                                          wc_pem_password_cb *cb, void *pass)
-{
-    WOLFSSL_EVP_PKEY* pkey = NULL;
-    DerBuffer*        der = NULL;
-    int               keyFormat = 0;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_read_PUBKEY");
-
-    if ((pem_read_file_key(fp, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der)
-            >= 0) && (der != NULL)) {
-        const unsigned char* ptr = der->buffer;
-
-        /* handle case where reuse is attempted */
-        if ((key != NULL) && (*key != NULL)) {
-            pkey = *key;
-        }
-
-        if ((wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length) == NULL) ||
-                (pkey == NULL)) {
-            WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
-            pkey = NULL;
-        }
-    }
-
-    FreeDer(&der);
-
-    if ((key != NULL) && (pkey != NULL)) {
-        *key = pkey;
-    }
-
-    WOLFSSL_LEAVE("wolfSSL_PEM_read_PUBKEY", 0);
-
-    return pkey;
-}
-#endif /* NO_FILESYSTEM */
 #endif /* OPENSSL_EXTRA */
 
 #ifdef WOLFSSL_ALT_CERT_CHAINS
@@ -24775,7 +19129,7 @@ byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
 /* Get peer's wolfSSL X509 certificate at index (idx) */
 WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
 {
-    int          ret;
+    int          ret = 0;
     WOLFSSL_X509* x509 = NULL;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert* cert = NULL;
@@ -24784,7 +19138,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
 #endif
 
     WOLFSSL_ENTER("wolfSSL_get_chain_X509");
-    if (chain != NULL) {
+    if (chain != NULL && idx < MAX_CHAIN_DEPTH) {
     #ifdef WOLFSSL_SMALL_STACK
         cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
                                                        DYNAMIC_TYPE_DCERT);
@@ -24792,9 +19146,9 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
     #endif
         {
             InitDecodedCert(cert, chain->certs[idx].buffer,
-                                  chain->certs[idx].length, NULL);
+                                  (word32)chain->certs[idx].length, NULL);
 
-            if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) {
+            if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) {
                 WOLFSSL_MSG("Failed to parse cert");
             }
             else {
@@ -24854,11 +19208,12 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
 
     /* Null output buffer return size needed in outLen */
     if(!buf) {
-        if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
-                    NULL, &szNeeded) != LENGTH_ONLY_E)
+        if(Base64_Encode(chain->certs[idx].buffer,
+                    (word32)chain->certs[idx].length,
+                    NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return WOLFSSL_FAILURE;
-        *outLen = szNeeded + headerLen + footerLen;
-        return LENGTH_ONLY_E;
+        *outLen = (int)szNeeded + headerLen + footerLen;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* don't even try if inLen too short */
@@ -24866,7 +19221,7 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
         return BAD_FUNC_ARG;
 
     /* header */
-    if (XMEMCPY(buf, header, headerLen) == NULL)
+    if (XMEMCPY(buf, header, (size_t)headerLen) == NULL)
         return WOLFSSL_FATAL_ERROR;
 
     i = headerLen;
@@ -24874,14 +19229,15 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     /* body */
     *outLen = inLen;  /* input to Base64_Encode */
     if ( (err = Base64_Encode(chain->certs[idx].buffer,
-                       chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
+                       (word32)chain->certs[idx].length, buf + i,
+                       (word32*)outLen)) < 0)
         return err;
     i += *outLen;
 
     /* footer */
     if ( (i + footerLen) > inLen)
         return BAD_FUNC_ARG;
-    if (XMEMCPY(buf + i, footer, footerLen) == NULL)
+    if (XMEMCPY(buf + i, footer, (size_t)footerLen) == NULL)
         return WOLFSSL_FATAL_ERROR;
     *outLen += headerLen + footerLen;
 
@@ -24896,20 +19252,6 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
 }
 
-
-/* get session ID */
-WOLFSSL_ABI
-const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
-{
-    WOLFSSL_ENTER("wolfSSL_get_sessionID");
-    session = ClientSessionToSession(session);
-    if (session)
-        return session->sessionID;
-
-    return NULL;
-}
-
-
 #endif /* SESSION_CERTS */
 
 #ifdef HAVE_FUZZER
@@ -24993,7 +19335,8 @@ void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
     return NULL;
 }
 
-void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, CallbackEccSharedSecret cb)
+void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx,
+    CallbackEccSharedSecret cb)
 {
     if (ctx)
         ctx->EccSharedSecretCb = cb;
@@ -25217,7 +19560,8 @@ void  wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb)
     if (ctx)
         ctx->RsaPssSignCb = cb;
 }
-void  wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb)
+void  wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx,
+    CallbackRsaPssVerify cb)
 {
     if (ctx)
         ctx->RsaPssSignCheckCb = cb;
@@ -25313,7 +19657,8 @@ void* wolfSSL_GetGenPreMasterCtx(WOLFSSL* ssl)
 }
 
 /* callback for master secret generation */
-void  wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx, CallbackGenMasterSecret cb)
+void  wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx,
+    CallbackGenMasterSecret cb)
 {
     if (ctx)
         ctx->GenMasterCb = cb;
@@ -25333,6 +19678,29 @@ void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl)
     return NULL;
 }
 
+/* callback for extended master secret generation */
+void  wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx,
+    CallbackGenExtMasterSecret cb)
+{
+    if (ctx)
+        ctx->GenExtMasterCb = cb;
+}
+/* Set extended master secret generation callback context */
+void  wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx)
+{
+    if (ssl)
+        ssl->GenExtMasterCtx = ctx;
+}
+/* Get extended master secret generation callback context */
+void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl)
+{
+    if (ssl)
+        return ssl->GenExtMasterCtx;
+
+    return NULL;
+}
+
+
 /* callback for session key generation */
 void  wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb)
 {
@@ -25510,427 +19878,6 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
 
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
     !defined(WOLFCRYPT_ONLY)
-#ifndef NO_CERTS
-
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-#if !defined(NO_FILESYSTEM)
-    WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp,
-        WOLFSSL_EVP_PKEY **key, wc_pem_password_cb *cb, void *pass)
-    {
-        WOLFSSL_EVP_PKEY* pkey = NULL;
-        DerBuffer*         der = NULL;
-        int             keyFormat = 0;
-
-        WOLFSSL_ENTER("wolfSSL_PEM_read_PrivateKey");
-
-        if (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE, &keyFormat,
-                                                                   &der) >= 0) {
-            const unsigned char* ptr = der->buffer;
-            int                  type = -1;
-
-            if (keyFormat) {
-                /* keyFormat is Key_Sum enum */
-                if (keyFormat == RSAk)
-                    type = EVP_PKEY_RSA;
-                else if (keyFormat == ECDSAk)
-                    type = EVP_PKEY_EC;
-                else if (keyFormat == DSAk)
-                    type = EVP_PKEY_DSA;
-                else if (keyFormat == DHk)
-                    type = EVP_PKEY_DH;
-            }
-            else {
-                /* Default to RSA if format is not set */
-                type = EVP_PKEY_RSA;
-            }
-
-            /* handle case where reuse is attempted */
-            if (key != NULL && *key != NULL)
-                pkey = *key;
-
-            wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length);
-            if (pkey == NULL) {
-                WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
-            }
-        }
-
-        FreeDer(&der);
-
-        if (key != NULL && pkey != NULL)
-            *key = pkey;
-
-        WOLFSSL_LEAVE("wolfSSL_PEM_read_PrivateKey", 0);
-
-        return pkey;
-    }
-#endif
-#endif
-
-#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL*/
-
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-
-    #define PEM_BEGIN              "-----BEGIN "
-    #define PEM_BEGIN_SZ           11
-    #define PEM_END                "-----END "
-    #define PEM_END_SZ             9
-    #define PEM_HDR_FIN            "-----"
-    #define PEM_HDR_FIN_SZ         5
-    #define PEM_HDR_FIN_EOL_NEWLINE   "-----\n"
-    #define PEM_HDR_FIN_EOL_NULL_TERM "-----\0"
-    #define PEM_HDR_FIN_EOL_SZ     6
-
-#ifndef NO_BIO
-
-    int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header,
-                             unsigned char **data, long *len)
-    {
-        int ret = WOLFSSL_SUCCESS;
-        char pem[256];
-        int pemLen;
-        char* p;
-        char* nameStr = NULL;
-        int nameLen = 0;
-        char* headerStr = NULL;
-        int headerFound = 0;
-        unsigned char* der = NULL;
-        word32 derLen = 0;
-
-        if (bio == NULL || name == NULL || header == NULL || data == NULL ||
-                                                                  len == NULL) {
-            return WOLFSSL_FAILURE;
-        }
-
-        /* Find header line. */
-        pem[sizeof(pem) - 1] = '\0';
-        while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) {
-            if (XSTRNCMP(pem, PEM_BEGIN, PEM_BEGIN_SZ) == 0)
-                break;
-        }
-        if (pemLen <= 0)
-            ret = WOLFSSL_FAILURE;
-        /* Have a header line. */
-        if (ret == WOLFSSL_SUCCESS) {
-            while (pem[pemLen - 1] == '\r' || pem[pemLen - 1] == '\n')
-                pemLen--;
-            pem[pemLen] = '\0';
-            if (XSTRNCMP(pem + pemLen - PEM_HDR_FIN_SZ, PEM_HDR_FIN,
-                                                         PEM_HDR_FIN_SZ) != 0) {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-
-        /* Get out name. */
-        if (ret == WOLFSSL_SUCCESS) {
-            nameLen = pemLen - PEM_BEGIN_SZ - PEM_HDR_FIN_SZ;
-            nameStr = (char*)XMALLOC(nameLen + 1, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-            if (nameStr == NULL)
-                ret = WOLFSSL_FAILURE;
-        }
-        if (ret == WOLFSSL_SUCCESS) {
-            int headerLen;
-
-            XSTRNCPY(nameStr, pem + PEM_BEGIN_SZ, nameLen);
-            nameStr[nameLen] = '\0';
-
-            /* Get header of PEM - encryption header. */
-            headerLen = 0;
-            while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) {
-                while (pemLen > 0 && (pem[pemLen - 1] == '\r' ||
-                                                     pem[pemLen - 1] == '\n')) {
-                    pemLen--;
-                }
-                pem[pemLen++] = '\n';
-                pem[pemLen] = '\0';
-
-                /* Header separator is a blank line. */
-                if (pem[0] == '\n') {
-                    headerFound = 1;
-                    break;
-                }
-
-                /* Didn't find a blank line - no header. */
-                if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) {
-                    der = (unsigned char*)headerStr;
-                    derLen = headerLen;
-                    /* Empty header - empty string. */
-                    headerStr = (char*)XMALLOC(1, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                    if (headerStr == NULL)
-                        ret = WOLFSSL_FAILURE;
-                    else
-                        headerStr[0] = '\0';
-                    break;
-                }
-
-                p = (char*)XREALLOC(headerStr, headerLen + pemLen + 1, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (p == NULL) {
-                    ret = WOLFSSL_FAILURE;
-                    break;
-                }
-
-                headerStr = p;
-                XMEMCPY(headerStr + headerLen, pem, pemLen + 1);
-                headerLen += pemLen;
-            }
-            if (pemLen <= 0)
-                ret = WOLFSSL_FAILURE;
-        }
-
-        /* Get body of PEM - if there was a header */
-        if (ret == WOLFSSL_SUCCESS && headerFound) {
-            derLen = 0;
-            while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) {
-                while (pemLen > 0 && (pem[pemLen - 1] == '\r' ||
-                                                     pem[pemLen - 1] == '\n')) {
-                    pemLen--;
-                }
-                pem[pemLen++] = '\n';
-                pem[pemLen] = '\0';
-
-                if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0)
-                    break;
-
-                p = (char*)XREALLOC(der, derLen + pemLen + 1, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (p == NULL) {
-                    ret = WOLFSSL_FAILURE;
-                    break;
-                }
-
-                der = (unsigned char*)p;
-                XMEMCPY(der + derLen, pem, pemLen + 1);
-                derLen += pemLen;
-            }
-            if (pemLen <= 0)
-                ret = WOLFSSL_FAILURE;
-        }
-
-        /* Check trailer. */
-        if (ret == WOLFSSL_SUCCESS) {
-            if (XSTRNCMP(pem + PEM_END_SZ, nameStr, nameLen) != 0)
-                ret = WOLFSSL_FAILURE;
-        }
-        if (ret == WOLFSSL_SUCCESS) {
-            if (XSTRNCMP(pem + PEM_END_SZ + nameLen,
-                    PEM_HDR_FIN_EOL_NEWLINE,
-                    PEM_HDR_FIN_EOL_SZ) != 0 &&
-                XSTRNCMP(pem + PEM_END_SZ + nameLen,
-                        PEM_HDR_FIN_EOL_NULL_TERM,
-                        PEM_HDR_FIN_EOL_SZ) != 0) {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-
-        /* Base64 decode body. */
-        if (ret == WOLFSSL_SUCCESS) {
-            if (Base64_Decode(der, derLen, der, &derLen) != 0)
-                ret = WOLFSSL_FAILURE;
-        }
-
-        if (ret == WOLFSSL_SUCCESS) {
-            *name = nameStr;
-            *header = headerStr;
-            *data = der;
-            *len = derLen;
-            nameStr = NULL;
-            headerStr = NULL;
-            der = NULL;
-        }
-
-        if (nameStr != NULL)
-            XFREE(nameStr, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (headerStr != NULL)
-            XFREE(headerStr, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (der != NULL)
-            XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-        return ret;
-    }
-
-    int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name,
-                              const char *header, const unsigned char *data,
-                              long len)
-    {
-        int err = 0;
-        int outSz = 0;
-        int nameLen;
-        int headerLen;
-        byte* pem = NULL;
-        word32 pemLen;
-        word32 derLen = (word32)len;
-
-        if (bio == NULL || name == NULL || header == NULL || data == NULL)
-            return 0;
-
-        nameLen = (int)XSTRLEN(name);
-        headerLen = (int)XSTRLEN(header);
-
-        pemLen = (derLen + 2) / 3 * 4;
-        pemLen += (pemLen + 63) / 64;
-
-        pem = (byte*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        err = pem == NULL;
-        if (!err)
-            err = Base64_Encode(data, derLen, pem, &pemLen) != 0;
-
-        if (!err) {
-            err = wolfSSL_BIO_write(bio, PEM_BEGIN, PEM_BEGIN_SZ) !=
-                                                              (int)PEM_BEGIN_SZ;
-        }
-        if (!err)
-            err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen;
-        if (!err) {
-            err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL_NEWLINE,
-                    PEM_HDR_FIN_EOL_SZ) != (int)PEM_HDR_FIN_EOL_SZ;
-        }
-        if (!err && headerLen > 0) {
-            err = wolfSSL_BIO_write(bio, header, headerLen) != headerLen;
-            /* Blank line after a header and before body. */
-            if (!err)
-                err = wolfSSL_BIO_write(bio, "\n", 1) != 1;
-            headerLen++;
-        }
-        if (!err)
-            err = wolfSSL_BIO_write(bio, pem, pemLen) != (int)pemLen;
-        if (!err)
-            err = wolfSSL_BIO_write(bio, PEM_END, PEM_END_SZ) !=
-                                                                (int)PEM_END_SZ;
-        if (!err)
-            err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen;
-        if (!err) {
-            err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL_NEWLINE,
-                    PEM_HDR_FIN_EOL_SZ) != (int)PEM_HDR_FIN_EOL_SZ;
-        }
-
-        if (!err) {
-            outSz = PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ + headerLen +
-                             pemLen + PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ;
-        }
-
-        if (pem != NULL)
-            XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-        return outSz;
-    }
-
-#if !defined(NO_FILESYSTEM)
-    int wolfSSL_PEM_read(XFILE fp, char **name, char **header,
-                         unsigned char **data, long *len)
-    {
-        int ret;
-        WOLFSSL_BIO* bio;
-
-        if (name == NULL || header == NULL || data == NULL || len == NULL)
-            return WOLFSSL_FAILURE;
-
-        bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
-        if (bio == NULL)
-            return 0;
-
-        ret = wolfSSL_PEM_read_bio(bio, name, header, data, len);
-
-        if (bio != NULL)
-            wolfSSL_BIO_free(bio);
-
-        return ret;
-    }
-
-    int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header,
-                          const unsigned char *data, long len)
-    {
-        int ret;
-        WOLFSSL_BIO* bio;
-
-        if (name == NULL || header == NULL || data == NULL)
-            return 0;
-
-        bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
-        if (bio == NULL)
-            return 0;
-
-        ret = wolfSSL_PEM_write_bio(bio, name, header, data, len);
-
-        if (bio != NULL)
-            wolfSSL_BIO_free(bio);
-
-        return ret;
-    }
-#endif
-#endif /* !NO_BIO */
-
-    int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header,
-                                        EncryptedInfo* cipher)
-    {
-        if (header == NULL || cipher == NULL)
-            return WOLFSSL_FAILURE;
-
-        XMEMSET(cipher, 0, sizeof(*cipher));
-
-        if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0)
-            return WOLFSSL_FAILURE;
-
-        return WOLFSSL_SUCCESS;
-    }
-
-    int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data,
-                              long* len, wc_pem_password_cb* callback,
-                              void* ctx)
-    {
-        int ret = WOLFSSL_SUCCESS;
-        char password[NAME_SZ];
-        int passwordSz;
-
-        if (cipher == NULL || data == NULL || len == NULL || callback == NULL)
-            return WOLFSSL_FAILURE;
-
-        passwordSz = callback(password, sizeof(password), PEM_PASS_READ, ctx);
-        if (passwordSz < 0)
-            ret = WOLFSSL_FAILURE;
-
-        if (ret == WOLFSSL_SUCCESS) {
-            if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password,
-                                                     passwordSz, WC_MD5) != 0) {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-
-        if (passwordSz > 0)
-            XMEMSET(password, 0, passwordSz);
-
-        return ret;
-    }
-
-#ifndef NO_BIO
-    /*
-     * bp : bio to read X509 from
-     * x  : x509 to write to
-     * cb : password call back for reading PEM
-     * u  : password
-     * _AUX is for working with a trusted X509 certificate
-     */
-    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp,
-                               WOLFSSL_X509 **x, wc_pem_password_cb *cb,
-                               void *u)
-    {
-        WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
-
-        /* AUX info is; trusted/rejected uses, friendly name, private key id,
-         * and potentially a stack of "other" info. wolfSSL does not store
-         * friendly name or private key id yet in WOLFSSL_X509 for human
-         * readability and does not support extra trusted/rejected uses for
-         * root CA. */
-        return wolfSSL_PEM_read_bio_X509(bp, x, cb, u);
-    }
-#endif /* !NO_BIO */
-
-
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
-#endif /* !NO_CERTS */
 
     /* NID variables are dependent on compatibility header files currently
      *
@@ -25974,14 +19921,14 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             WOLFSSL_MSG("NID not in table");
         #ifdef WOLFSSL_QT
             sName = NULL;
-            type = id;
+            type = (word32)id;
         #else
             return NULL;
         #endif
         }
 
     #ifdef HAVE_ECC
-         if (type == 0 && wc_ecc_get_oid(id, &oid, &oidSz) > 0) {
+         if (type == 0 && wc_ecc_get_oid((word32)id, &oid, &oidSz) > 0) {
              type = oidCurveType;
          }
     #endif /* HAVE_ECC */
@@ -25993,7 +19940,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             }
         }
 
-        oid = OidFromId(id, type, &oidSz);
+        oid = OidFromId((word32)id, type, &oidSz);
 
         /* set object ID to buffer */
         if (obj == NULL){
@@ -26005,7 +19952,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         }
         obj->nid     = nid;
         obj->type    = id;
-        obj->grp     = type;
+        obj->grp     = (int)type;
 
         obj->sName[0] = '\0';
         if (sName != NULL) {
@@ -26030,10 +19977,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                     wolfSSL_ASN1_OBJECT_free(obj);
                     return NULL;
                 }
-                obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ;
+                obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
             }
             else {
-                obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ;
+                obj->dynamic &= (unsigned char)~WOLFSSL_ASN1_DYNAMIC_DATA;
             }
         }
         XMEMCPY((byte*)obj->obj, objBuf, obj->objSz);
@@ -26148,18 +20095,18 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             bufSz = bufLen - 1;
         }
         if (bufSz) {
-            XMEMCPY(buf, name, bufSz);
+            XMEMCPY(buf, name, (size_t)bufSz);
         }
-        else if (a->type == GEN_DNS || a->type == GEN_EMAIL ||
-                 a->type == GEN_URI) {
+        else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL ||
+                 a->type == WOLFSSL_GEN_URI) {
             bufSz = (int)XSTRLEN((const char*)a->obj);
-            XMEMCPY(buf, a->obj, min(bufSz, bufLen));
+            XMEMCPY(buf, a->obj, min((word32)bufSz, (word32)bufLen));
         }
         else if ((bufSz = wolfssl_obj2txt_numeric(buf, bufLen, a)) > 0) {
             if ((desc = oid_translate_num_to_str(buf))) {
                 bufSz = (int)XSTRLEN(desc);
-                bufSz = min(bufSz, bufLen - 1);
-                XMEMCPY(buf, desc, bufSz);
+                bufSz = (int)min((word32)bufSz,(word32) bufLen - 1);
+                XMEMCPY(buf, desc, (size_t)bufSz);
             }
         }
         else {
@@ -26198,223 +20145,6 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
     defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
     defined(WOLFSSL_HAPROXY)
-    char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
-    {
-        int ret;
-
-        WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
-        if (!ctx || !x || !x->derCert) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-        FreeDer(&ctx->certificate); /* Make sure previous is free'd */
-        ret = AllocDer(&ctx->certificate, x->derCert->length, CERT_TYPE,
-                       ctx->heap);
-        if (ret != 0)
-            return WOLFSSL_FAILURE;
-
-        XMEMCPY(ctx->certificate->buffer, x->derCert->buffer,
-                x->derCert->length);
-#ifdef KEEP_OUR_CERT
-        if (ctx->ourCert != NULL && ctx->ownOurCert) {
-            wolfSSL_X509_free(ctx->ourCert);
-        }
-        #ifndef WOLFSSL_X509_STORE_CERTS
-        ctx->ourCert = x;
-        if (wolfSSL_X509_up_ref(x) != 1) {
-            return WOLFSSL_FAILURE;
-        }
-        #else
-        ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length);
-        if(ctx->ourCert == NULL){
-            return WOLFSSL_FAILURE;
-        }
-        #endif
-
-        /* We own the cert because either we up its reference counter
-         * or we create our own copy of the cert object. */
-        ctx->ownOurCert = 1;
-#endif
-
-        /* Update the available options with public keys. */
-        switch (x->pubKeyOID) {
-    #ifndef NO_RSA
-        #ifdef WC_RSA_PSS
-            case RSAPSSk:
-        #endif
-            case RSAk:
-                ctx->haveRSA = 1;
-                break;
-    #endif
-        #ifdef HAVE_ED25519
-            case ED25519k:
-        #endif
-        #ifdef HAVE_ED448
-            case ED448k:
-        #endif
-            case ECDSAk:
-                ctx->haveECC = 1;
-        #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
-                ctx->pkCurveOID = x->pkCurveOID;
-        #endif
-                break;
-        }
-
-        return WOLFSSL_SUCCESS;
-    }
-
-    static int PushCertToDerBuffer(DerBuffer** inOutDer, int weOwn,
-            byte* cert, word32 certSz, void* heap)
-    {
-        int ret;
-        DerBuffer* inChain = NULL;
-        DerBuffer* der = NULL;
-        word32 len = 0;
-        if (inOutDer == NULL)
-            return BAD_FUNC_ARG;
-        inChain = *inOutDer;
-        if (inChain != NULL)
-            len = inChain->length;
-        ret = AllocDer(&der, len + CERT_HEADER_SZ + certSz, CERT_TYPE,
-                heap);
-        if (ret != 0) {
-            WOLFSSL_MSG("AllocDer error");
-            return ret;
-        }
-        if (inChain != NULL)
-            XMEMCPY(der->buffer, inChain->buffer, len);
-        c32to24(certSz, der->buffer + len);
-        XMEMCPY(der->buffer + len + CERT_HEADER_SZ, cert, certSz);
-        if (weOwn)
-            FreeDer(inOutDer);
-        *inOutDer = der;
-        return WOLFSSL_SUCCESS;
-    }
-
-    /**
-     * wolfSSL_CTX_add1_chain_cert makes a copy of the cert so we free it
-     * on success
-     */
-    int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
-    {
-        WOLFSSL_ENTER("wolfSSL_CTX_add0_chain_cert");
-        if (wolfSSL_CTX_add1_chain_cert(ctx, x509) != WOLFSSL_SUCCESS) {
-            return WOLFSSL_FAILURE;
-        }
-        wolfSSL_X509_free(x509);
-        return WOLFSSL_SUCCESS;
-    }
-
-    int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
-    {
-        int ret;
-        WOLFSSL_ENTER("wolfSSL_CTX_add1_chain_cert");
-        if (ctx == NULL || x509 == NULL || x509->derCert == NULL) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (ctx->certificate == NULL)
-            ret = (int)wolfSSL_CTX_use_certificate(ctx, x509);
-        else {
-            if (wolfSSL_X509_up_ref(x509) != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("wolfSSL_X509_up_ref error");
-                return WOLFSSL_FAILURE;
-            }
-            ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer,
-                x509->derCert->length, WOLFSSL_FILETYPE_ASN1);
-            if (ret == WOLFSSL_SUCCESS) {
-                /* push to ctx->certChain */
-                ret = PushCertToDerBuffer(&ctx->certChain, 1,
-                    x509->derCert->buffer, x509->derCert->length, ctx->heap);
-            }
-            /* Store cert to free it later */
-            if (ret == WOLFSSL_SUCCESS && ctx->x509Chain == NULL) {
-                ctx->x509Chain = wolfSSL_sk_X509_new_null();
-                if (ctx->x509Chain == NULL) {
-                    WOLFSSL_MSG("wolfSSL_sk_X509_new_null error");
-                    ret =  WOLFSSL_FAILURE;
-                }
-            }
-            if (ret == WOLFSSL_SUCCESS &&
-                    wolfSSL_sk_X509_push(ctx->x509Chain, x509)
-                        != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("wolfSSL_sk_X509_push error");
-                ret = WOLFSSL_FAILURE;
-            }
-            if (ret != WOLFSSL_SUCCESS)
-                wolfSSL_X509_free(x509); /* Decrease ref counter */
-        }
-
-        return (ret == WOLFSSL_SUCCESS) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    }
-
-#ifdef KEEP_OUR_CERT
-    int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
-    {
-        int ret;
-
-        WOLFSSL_ENTER("wolfSSL_add0_chain_cert");
-
-        if (ssl == NULL || ssl->ctx == NULL || x509 == NULL ||
-                x509->derCert == NULL)
-            return WOLFSSL_FAILURE;
-
-        if (ssl->buffers.certificate == NULL) {
-            ret = wolfSSL_use_certificate(ssl, x509);
-            /* Store cert to free it later */
-            if (ret == WOLFSSL_SUCCESS) {
-                if (ssl->buffers.weOwnCert)
-                    wolfSSL_X509_free(ssl->ourCert);
-                ssl->ourCert = x509;
-                ssl->buffers.weOwnCert = 1;
-            }
-        }
-        else {
-            ret = PushCertToDerBuffer(&ssl->buffers.certChain,
-                    ssl->buffers.weOwnCertChain, x509->derCert->buffer,
-                    x509->derCert->length, ssl->heap);
-            if (ret == WOLFSSL_SUCCESS) {
-                ssl->buffers.weOwnCertChain = 1;
-                /* Store cert to free it later */
-                if (ssl->ourCertChain == NULL) {
-                    ssl->ourCertChain = wolfSSL_sk_X509_new_null();
-                    if (ssl->ourCertChain == NULL) {
-                        WOLFSSL_MSG("wolfSSL_sk_X509_new_null error");
-                        return WOLFSSL_FAILURE;
-                    }
-                }
-                if (wolfSSL_sk_X509_push(ssl->ourCertChain, x509)
-                        != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("wolfSSL_sk_X509_push error");
-                    return WOLFSSL_FAILURE;
-                }
-            }
-        }
-        return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    }
-
-    int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
-    {
-        int ret;
-
-        WOLFSSL_ENTER("wolfSSL_add1_chain_cert");
-        if (ssl == NULL || ssl->ctx == NULL || x509 == NULL ||
-                x509->derCert == NULL)
-            return WOLFSSL_FAILURE;
-
-        if (wolfSSL_X509_up_ref(x509) != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("wolfSSL_X509_up_ref error");
-            return WOLFSSL_FAILURE;
-        }
-        ret = wolfSSL_add0_chain_cert(ssl, x509);
-        /* Decrease ref counter on error */
-        if (ret != WOLFSSL_SUCCESS)
-            wolfSSL_X509_free(x509);
-        return ret;
-    }
-#endif
-
     /* Return the corresponding short name for the nid <n>.
      * or NULL if short name can't be found.
      */
@@ -26423,10 +20153,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         size_t i;
         WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
 
-        if (n == NID_md5) {
-            /* NID_surname == NID_md5 and NID_surname comes before NID_md5 in
+        if (n == WC_NID_md5) {
+            /* WC_NID_surname == WC_NID_md5 and WC_NID_surname comes before WC_NID_md5 in
              * wolfssl_object_info. As a result, the loop below will incorrectly
-             * return "SN" instead of "MD5." NID_surname isn't the true OpenSSL
+             * return "SN" instead of "MD5." WC_NID_surname isn't the true OpenSSL
              * NID, but other functions rely on this table and modifying it to
              * conform with OpenSSL's NIDs isn't trivial. */
              return "MD5";
@@ -26444,7 +20174,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     int wolfSSL_OBJ_sn2nid(const char *sn) {
         WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid");
         if (sn == NULL)
-            return NID_undef;
+            return WC_NID_undef;
         return wc_OBJ_sn2nid(sn);
     }
 #endif
@@ -26468,7 +20198,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             err = 1;
         }
         if (err == 0) {
-            ret = len;
+            ret = (size_t)len;
         }
 
         WOLFSSL_LEAVE("wolfSSL_OBJ_length", (int)ret);
@@ -26519,41 +20249,43 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
 #endif
 
         if (o == NULL) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         #ifdef WOLFSSL_QT
         if (o->grp == oidCertExtType) {
-            /* If nid is an unknown extension, return NID_undef */
+            /* If nid is an unknown extension, return WC_NID_undef */
             if (wolfSSL_OBJ_nid2sn(o->nid) == NULL)
-                return NID_undef;
+                return WC_NID_undef;
         }
         #endif
 
         if (o->nid > 0)
             return o->nid;
-        if ((ret = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) {
-            if (ret == ASN_OBJECT_ID_E) {
+        if ((ret = GetObjectId(o->obj, &idx, &oid,
+                                    (word32)o->grp, o->objSz)) < 0) {
+            if (ret == WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) {
                 /* Put ASN object tag in front and try again */
-                int len = SetObjectId(o->objSz, NULL) + o->objSz;
-                byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                int len = SetObjectId((int)o->objSz, NULL) + (int)o->objSz;
+                byte* buf = (byte*)XMALLOC((size_t)len, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
                 if (!buf) {
                     WOLFSSL_MSG("malloc error");
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
-                idx = SetObjectId(o->objSz, buf);
+                idx = (word32)SetObjectId((int)o->objSz, buf);
                 XMEMCPY(buf + idx, o->obj, o->objSz);
                 idx = 0;
-                ret = GetObjectId(buf, &idx, &oid, o->grp, len);
+                ret = GetObjectId(buf, &idx, &oid, (word32)o->grp, (word32)len);
                 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 if (ret < 0) {
                     WOLFSSL_MSG("Issue getting OID of object");
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
             else {
                 WOLFSSL_MSG("Issue getting OID of object");
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         }
 
@@ -26561,7 +20293,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     }
 
     /* Return the corresponding NID for the long name <ln>
-     * or NID_undef if NID can't be found.
+     * or WC_NID_undef if NID can't be found.
      */
     int wolfSSL_OBJ_ln2nid(const char *ln)
     {
@@ -26588,7 +20320,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 }
             }
         }
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     /* compares two objects, return 0 if equal */
@@ -26640,7 +20372,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     /* Gets the NID value that is related to the OID string passed in. Example
      * string would be "2.5.29.14" for subject key ID.
      *
-     * returns NID value on success and NID_undef on error
+     * returns NID value on success and WC_NID_undef on error
      */
     int wolfSSL_OBJ_txt2nid(const char* s)
     {
@@ -26655,7 +20387,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid");
 
         if (s == NULL) {
-            return NID_undef;
+            return WC_NID_undef;
         }
 
     #ifdef WOLFSSL_CERT_EXT
@@ -26683,18 +20415,18 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             /* try as a short name */
             len = (int)XSTRLEN(s);
             if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len &&
-                XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) {
+                XSTRNCMP(wolfssl_object_info[i].sName, s, (word32)len) == 0) {
                 return wolfssl_object_info[i].nid;
             }
 
             /* try as a long name */
             if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len &&
-                XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) {
+                XSTRNCMP(wolfssl_object_info[i].lName, s, (word32)len) == 0) {
                 return wolfssl_object_info[i].nid;
             }
         }
 
-        return NID_undef;
+        return WC_NID_undef;
     }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
@@ -26713,7 +20445,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name)
     {
         int i, ret;
-        int nid = NID_undef;
+        int nid = WC_NID_undef;
         unsigned int outSz = MAX_OID_SZ;
         unsigned char out[MAX_OID_SZ];
         WOLFSSL_ASN1_OBJECT* obj;
@@ -26741,10 +20473,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 wolfSSL_ASN1_OBJECT_free(obj);
                 return NULL;
             }
-            obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ;
-            i = SetObjectId(outSz, (byte*)obj->obj);
+            obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+            i = SetObjectId((int)outSz, (byte*)obj->obj);
             XMEMCPY((byte*)obj->obj + i, out, outSz);
-            obj->objSz = i + outSz;
+            obj->objSz = (word32)i + outSz;
             return obj;
         }
 
@@ -26760,7 +20492,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             }
         }
 
-        if (nid != NID_undef)
+        if (nid != WC_NID_undef)
             return wolfSSL_OBJ_nid2obj(nid);
 
         return NULL;
@@ -26818,7 +20550,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
         }
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \
         || defined(WOLFSSL_HAPROXY)
-        if (ret == -ASN_NO_PEM_HEADER)
+        if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
             return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
     #endif
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
@@ -26833,60 +20565,9 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
 #endif
 }
 
-
-#ifndef NO_CERTS
-int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
-
-    if (ctx == NULL || pkey == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    switch (pkey->type) {
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA)
-    case EVP_PKEY_RSA:
-        WOLFSSL_MSG("populating RSA key");
-        if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS)
-            return WOLFSSL_FAILURE;
-        break;
-#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
-#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
-        defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
-    case EVP_PKEY_DSA:
-        break;
-#endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && !NO_DSA */
-#ifdef HAVE_ECC
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("populating ECC key");
-        if (ECC_populate_EVP_PKEY(pkey, pkey->ecc)
-                != WOLFSSL_SUCCESS)
-            return WOLFSSL_FAILURE;
-        break;
-#endif
-    default:
-        return WOLFSSL_FAILURE;
-    }
-
-    if (pkey->pkey.ptr != NULL) {
-        /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
-        return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
-                                       (const unsigned char*)pkey->pkey.ptr,
-                                       pkey->pkey_sz, SSL_FILETYPE_ASN1);
-    }
-
-    WOLFSSL_MSG("wolfSSL private key not set");
-    return BAD_FUNC_ARG;
-}
-#endif /* !NO_CERTS */
-
 #endif /* OPENSSL_EXTRA */
 
-#if defined(HAVE_EX_DATA) && \
-   (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
-    defined(WOLFSSL_WPAS_SMALL)
+#ifdef HAVE_EX_DATA_CRYPTO
 CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL;
 
 static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
@@ -26896,7 +20577,7 @@ static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
     CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC(
             sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL);
     if (new_ctx == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     new_ctx->ctx_l = ctx_l;
     new_ctx->ctx_ptr = ctx_ptr;
     new_ctx->new_func = new_func;
@@ -27000,7 +20681,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
         case WOLF_CRYPTO_EX_INDEX_SSL_SESSION:
             if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr,
                     new_func, dup_func, free_func) != 0)
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             idx = ssl_session_idx++;
             break;
 
@@ -27021,26 +20702,12 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
             break;
     }
     if (idx >= MAX_EX_DATA)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return idx;
 }
-#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
-
-#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
-void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
-#ifdef HAVE_EX_DATA
-    if(ctx != NULL) {
-        return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
-    }
-#else
-    (void)ctx;
-    (void)idx;
-#endif
-    return NULL;
-}
+#endif /* HAVE_EX_DATA_CRYPTO */
 
+#ifdef HAVE_EX_DATA_CRYPTO
 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
                                  WOLFSSL_CRYPTO_EX_new* new_func,
                                  WOLFSSL_CRYPTO_EX_dup* dup_func,
@@ -27066,21 +20733,35 @@ int wolfSSL_get_ex_new_index(long argValue, void* arg,
     return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg,
             cb1, cb2, cb3);
 }
+#endif /* HAVE_EX_DATA_CRYPTO */
 
+#ifdef OPENSSL_EXTRA
+void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+#ifdef HAVE_EX_DATA
+    if (ctx != NULL) {
+        return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
+    }
+#else
+    (void)ctx;
+    (void)idx;
+#endif
+    return NULL;
+}
 
 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
-    #ifdef HAVE_EX_DATA
-    if (ctx != NULL)
-    {
+#ifdef HAVE_EX_DATA
+    if (ctx != NULL) {
         return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
     }
-    #else
+#else
     (void)ctx;
     (void)idx;
     (void)data;
-    #endif
+#endif
     return WOLFSSL_FAILURE;
 }
 
@@ -27092,16 +20773,14 @@ int wolfSSL_CTX_set_ex_data_with_cleanup(
     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup");
-    if (ctx != NULL)
-    {
+    if (ctx != NULL) {
         return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
                                                        cleanup_routine);
     }
     return WOLFSSL_FAILURE;
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
-
-#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */
+#endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
@@ -27133,15 +20812,11 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \
-    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
-
 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
 {
     WOLFSSL_ENTER("wolfSSL_set_ex_data");
 #ifdef HAVE_EX_DATA
-    if (ssl != NULL)
-    {
+    if (ssl != NULL) {
         return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data);
     }
 #else
@@ -27185,55 +20860,9 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
     return 0;
 }
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
-
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
     || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
-/* Initialize ctx->dh with dh's params. Return WOLFSSL_SUCCESS on ok */
-long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
-{
-    int pSz, gSz;
-    byte *p, *g;
-    int ret=0;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
-
-    if(!ctx || !dh)
-        return BAD_FUNC_ARG;
-
-    /* Get needed size for p and g */
-    pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
-    gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
-
-    if(pSz <= 0 || gSz <= 0)
-        return WOLFSSL_FATAL_ERROR;
-
-    p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if(!p)
-        return MEMORY_E;
-
-    g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if(!g) {
-        XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        return MEMORY_E;
-    }
-
-    pSz = wolfSSL_BN_bn2bin(dh->p, p);
-    gSz = wolfSSL_BN_bn2bin(dh->g, g);
-
-    if(pSz >= 0 && gSz >= 0) /* Conversion successful */
-        ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
-
-    XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-
-    return pSz > 0 && gSz > 0 ? ret : WOLFSSL_FATAL_ERROR;
-}
-#endif /* OPENSSL_EXTRA && !NO_DH */
-
-
 /* returns the enum value associated with handshake state
  *
  * ssl the WOLFSSL structure to get state of
@@ -27260,23 +20889,48 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
         return;
 
     /* ctx still owns certificate, certChain, key, dh, and cm */
-    if (ssl->buffers.weOwnCert)
+    if (ssl->buffers.weOwnCert) {
         FreeDer(&ssl->buffers.certificate);
+        ssl->buffers.weOwnCert = 0;
+    }
     ssl->buffers.certificate = NULL;
-    if (ssl->buffers.weOwnCertChain)
+    if (ssl->buffers.weOwnCertChain) {
         FreeDer(&ssl->buffers.certChain);
+        ssl->buffers.weOwnCertChain = 0;
+    }
     ssl->buffers.certChain = NULL;
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = 0;
 #endif
-    if (ssl->buffers.weOwnKey)
+    if (ssl->buffers.weOwnKey) {
         FreeDer(&ssl->buffers.key);
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        FreeDer(&ssl->buffers.keyMask);
+    #endif
+        ssl->buffers.weOwnKey = 0;
+    }
     ssl->buffers.key      = NULL;
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    ssl->buffers.keyMask  = NULL;
+#endif
     ssl->buffers.keyType  = 0;
     ssl->buffers.keyId    = 0;
     ssl->buffers.keyLabel = 0;
     ssl->buffers.keySz    = 0;
     ssl->buffers.keyDevId = 0;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (ssl->buffers.weOwnAltKey) {
+        FreeDer(&ssl->buffers.altKey);
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        FreeDer(&ssl->buffers.altKeyMask);
+    #endif
+        ssl->buffers.weOwnAltKey = 0;
+    }
+    ssl->buffers.altKey     = NULL;
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    ssl->buffers.altKeyMask = NULL;
+#endif
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 }
 #endif
 
@@ -27290,7 +20944,8 @@ long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
         return BAD_FUNC_ARG;
 
     switch (cmd) {
-        #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+        #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || \
+            defined(OPENSSL_ALL)
         #ifdef HAVE_SNI
         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
             WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME.");
@@ -27384,10 +21039,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
         if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE)
                      == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) {
             WOLFSSL_MSG("Using Server's Cipher Preference.");
-            ctx->useClientOrder = FALSE;
+            ctx->useClientOrder = 0;
         } else {
             WOLFSSL_MSG("Using Client's Cipher Preference.");
-            ctx->useClientOrder = TRUE;
+            ctx->useClientOrder = 1;
         }
         #endif /* WOLFSSL_QT */
 
@@ -27452,7 +21107,7 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
     return ret;
 }
 
-#ifndef WOLFSSL_NO_STUB
+#ifndef NO_WOLFSSL_STUB
 long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void))
 {
     (void) ctx;
@@ -27462,7 +21117,7 @@ long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void))
     return WOLFSSL_FAILURE;
 
 }
-#endif /* WOLFSSL_NO_STUB */
+#endif /* NO_WOLFSSL_STUB */
 
 #ifndef NO_WOLFSSL_STUB
 long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx)
@@ -27482,65 +21137,6 @@ VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl)
     return NULL;
 }
 
-/* Adds the ASN1 certificate to the user ctx.
-Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/
-int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
-                                                       const unsigned char *der)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1");
-    if (der != NULL && ctx != NULL) {
-        if (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
-                                      WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) {
-            return WOLFSSL_SUCCESS;
-        }
-
-    }
-    return WOLFSSL_FAILURE;
-}
-
-
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-/* Adds the rsa private key to the user ctx.
-Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/
-int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
-{
-    int ret;
-    int derSize;
-    unsigned char *maxDerBuf;
-    unsigned char* key = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey");
-
-    if (ctx == NULL || rsa == NULL) {
-        WOLFSSL_MSG("one or more inputs were NULL");
-        return BAD_FUNC_ARG;
-    }
-    maxDerBuf = (unsigned char*)XMALLOC(4096, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (maxDerBuf == NULL) {
-        WOLFSSL_MSG("Malloc failure");
-        return MEMORY_E;
-    }
-    key = maxDerBuf;
-    /* convert RSA struct to der encoded buffer and get the size */
-    if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) {
-        WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure");
-        XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        return WOLFSSL_FAILURE;
-    }
-    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf,
-                                                    derSize, SSL_FILETYPE_ASN1);
-    if (ret != WOLFSSL_SUCCESS) {
-        WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure");
-        XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        return WOLFSSL_FAILURE;
-    }
-    XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    return ret;
-}
-#endif /* NO_RSA && !HAVE_FAST_RSA */
-
-
 #ifndef NO_BIO
 /* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure.
 Returns pointer to private EVP_PKEY struct upon success, NULL if there
@@ -27566,7 +21162,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
         return NULL;
     }
 
-    mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
     if (mem == NULL) {
         WOLFSSL_MSG("Malloc failure");
         return NULL;
@@ -27577,7 +21174,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
         int derLength;
 
         /* Determines key type and returns the new private EVP_PKEY object */
-        if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) {
+        if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) ==
+                NULL) {
             WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure");
             XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
             return NULL;
@@ -27590,7 +21188,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
             int i;
             int j = 0;
 
-            extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL,
+            extraBioMem = (unsigned char *)XMALLOC((size_t)extraBioMemSz, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
             if (extraBioMem == NULL) {
                 WOLFSSL_MSG("Malloc failure");
@@ -27629,8 +21227,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
 
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
+    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL)
 
 /* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure.
  * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
@@ -27642,13 +21241,15 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
     return d2iGenericKey(out, (const unsigned char**)in, inSz, 1);
 }
 
-#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/
+#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT ||
+        * WOLFSSL_WPAS_SMALL*/
 
 
 /* stunnel compatibility functions*/
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                             defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
+#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
+    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
+     defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
+     defined(WOLFSSL_OPENSSH)))
 void wolfSSL_ERR_remove_thread_state(void* pid)
 {
     (void) pid;
@@ -27666,178 +21267,9 @@ void wolfSSL_print_all_errors_fp(XFILE fp)
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX ||
     HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH */
 
-
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
-    defined(HAVE_EX_DATA)
-
-#if defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
-static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
-        void* data, byte get, void** getRet, int* setRet)
-{
-    int row;
-    int i;
-    int error = 0;
-    SessionRow* sessRow = NULL;
-    const byte* id;
-    byte foundCache = 0;
-
-    if (getRet != NULL)
-        *getRet = NULL;
-    if (setRet != NULL)
-        *setRet = WOLFSSL_FAILURE;
-
-    id = session->sessionID;
-    if (session->haveAltSessionID)
-        id = session->altSessionID;
-
-    row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS);
-    if (error != 0) {
-        WOLFSSL_MSG("Hash session failed");
-        return;
-    }
-
-    sessRow = &SessionCache[row];
-    if (get)
-        error = SESSION_ROW_RD_LOCK(sessRow);
-    else
-        error = SESSION_ROW_WR_LOCK(sessRow);
-    if (error != 0) {
-        WOLFSSL_MSG("Session row lock failed");
-        return;
-    }
-
-    for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) {
-        WOLFSSL_SESSION* cacheSession;
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-        cacheSession = sessRow->Sessions[i];
-#else
-        cacheSession = &sessRow->Sessions[i];
-#endif
-        if (cacheSession &&
-                XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0
-                && session->side == cacheSession->side
-        #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
-                && (IsAtLeastTLSv1_3(session->version) ==
-                    IsAtLeastTLSv1_3(cacheSession->version))
-        #endif
-            ) {
-            if (get) {
-                if (getRet) {
-                    *getRet = wolfSSL_CRYPTO_get_ex_data(
-                        &cacheSession->ex_data, idx);
-                }
-            }
-            else {
-                if (setRet) {
-                    *setRet = wolfSSL_CRYPTO_set_ex_data(
-                        &cacheSession->ex_data, idx, data);
-                }
-            }
-            foundCache = 1;
-            break;
-        }
-    }
-    SESSION_ROW_UNLOCK(sessRow);
-    /* If we don't have a session in cache then clear the ex_data and
-     * own it */
-    if (!foundCache) {
-        XMEMSET(&session->ex_data, 0, sizeof(WOLFSSL_CRYPTO_EX_DATA));
-        session->ownExData = 1;
-        if (!get) {
-            *setRet = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx,
-                    data);
-        }
-    }
-
-}
-#endif
-
-int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
-{
-    int ret = WOLFSSL_FAILURE;
-    WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
-#ifdef HAVE_EX_DATA
-    session = ClientSessionToSession(session);
-    if (session != NULL) {
-#ifndef NO_SESSION_CACHE
-        if (!session->ownExData) {
-            /* Need to update in cache */
-            SESSION_ex_data_cache_update(session, idx, data, 0, NULL, &ret);
-        }
-        else
-#endif
-        {
-            ret = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, data);
-        }
-    }
-#else
-    (void)session;
-    (void)idx;
-    (void)data;
-#endif
-    return ret;
-}
-
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-int wolfSSL_SESSION_set_ex_data_with_cleanup(
-    WOLFSSL_SESSION* session,
-    int idx,
-    void* data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data_with_cleanup");
-    session = ClientSessionToSession(session);
-    if(session != NULL) {
-        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx,
-                                                       data, cleanup_routine);
-    }
-    return WOLFSSL_FAILURE;
-}
-#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
-
-void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
-{
-    void* ret = NULL;
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
-#ifdef HAVE_EX_DATA
-    session = ClientSessionToSession(session);
-    if (session != NULL) {
-#ifndef NO_SESSION_CACHE
-        if (!session->ownExData) {
-            /* Need to retrieve the data from the session cache */
-            SESSION_ex_data_cache_update((WOLFSSL_SESSION*)session, idx, NULL,
-                                         1, &ret, NULL);
-        }
-        else
-#endif
-        {
-            ret = wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx);
-        }
-    }
-#else
-    (void)session;
-    (void)idx;
-#endif
-    return ret;
-}
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */
-
 /* Note: This is a huge section of API's - through
  *       wolfSSL_X509_OBJECT_get0_X509_CRL */
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-    defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
-#ifdef HAVE_EX_DATA
-int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
-        WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
-        WOLFSSL_CRYPTO_EX_free* free_func)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
-    return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l,
-            ctx_ptr, new_func, dup_func, free_func);
-}
-#endif
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 
 #if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_DEBUG_MEMORY) && \
     !defined(WOLFSSL_STATIC_MEMORY)
@@ -27944,7 +21376,7 @@ int wolfSSL_FIPS_mode_set(int r)
 
 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
 
     #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
@@ -28005,17 +21437,20 @@ int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name)
     return ret;
 }
 
-
 #ifndef NO_WOLFSSL_SERVER
+/* May be called by server to get the requested accepted name and by the client
+ * to get the requested name. */
 const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
 {
     void * serverName = NULL;
     if (ssl == NULL)
         return NULL;
-    TLSX_SNI_GetRequest(ssl->extensions, type, &serverName);
+    TLSX_SNI_GetRequest(ssl->extensions, type, &serverName,
+            !wolfSSL_is_server(ssl));
     return (const char *)serverName;
 }
-#endif /* NO_WOLFSSL_SERVER */
+#endif
+
 #endif /* HAVE_SNI */
 
 WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
@@ -28043,7 +21478,14 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     if (ssl->ctx == ctx)
         return ssl->ctx;
 
-    wolfSSL_RefInc(&ctx->ref, &ret);
+    if (ctx->suites == NULL) {
+        /* suites */
+        if (AllocateCtxSuites(ctx) != 0)
+            return NULL;
+        InitSSL_CTX_Suites(ctx);
+    }
+
+    wolfSSL_RefWithMutexInc(&ctx->ref, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     if (ret != 0) {
         /* can only fail on serious stuff, like mutex not working
@@ -28058,13 +21500,85 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->ctx = ctx;
 
 #ifndef NO_CERTS
+#ifdef WOLFSSL_COPY_CERT
+    /* If WOLFSSL_COPY_CERT defined, always make new copy of cert from ctx */
+    if (ctx->certificate != NULL) {
+        if (ssl->buffers.certificate != NULL) {
+            FreeDer(&ssl->buffers.certificate);
+            ssl->buffers.certificate = NULL;
+        }
+        ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
+            ctx->certificate->length, ctx->certificate->type,
+            ctx->certificate->heap);
+        if (ret != 0) {
+            ssl->buffers.weOwnCert = 0;
+            return NULL;
+        }
+
+        ssl->buffers.weOwnCert = 1;
+    }
+    if (ctx->certChain != NULL) {
+        if (ssl->buffers.certChain != NULL) {
+            FreeDer(&ssl->buffers.certChain);
+            ssl->buffers.certChain = NULL;
+        }
+        ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
+            ctx->certChain->length, ctx->certChain->type,
+            ctx->certChain->heap);
+        if (ret != 0) {
+            ssl->buffers.weOwnCertChain = 0;
+            return NULL;
+        }
+
+        ssl->buffers.weOwnCertChain = 1;
+    }
+#else
     /* ctx owns certificate, certChain and key */
     ssl->buffers.certificate = ctx->certificate;
     ssl->buffers.certChain = ctx->certChain;
+#endif
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
+#ifndef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_COPY_KEY
+    if (ctx->privateKey != NULL) {
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+            ssl->buffers.key = NULL;
+        }
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            ssl->buffers.weOwnKey = 0;
+            return NULL;
+        }
+        ssl->buffers.weOwnKey = 1;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
+#else
     ssl->buffers.key      = ctx->privateKey;
+#endif
+#else
+    if (ctx->privateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return NULL;
+        }
+        /* Blind the private key for the SSL with new random mask. */
+        wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            &ssl->buffers.keyMask);
+        if (ret != 0) {
+            return NULL;
+        }
+    }
+#endif
     ssl->buffers.keyType  = ctx->privateKeyType;
     ssl->buffers.keyId    = ctx->privateKeyId;
     ssl->buffers.keyLabel = ctx->privateKeyLabel;
@@ -28078,6 +21592,29 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->options.haveStaticECC    = ctx->haveStaticECC;
     ssl->options.haveFalconSig    = ctx->haveFalconSig;
     ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#ifndef WOLFSSL_BLIND_PRIVATE_KEY
+    ssl->buffers.altKey   = ctx->altPrivateKey;
+#else
+    if (ctx->altPrivateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
+            ctx->altPrivateKey->length, ctx->altPrivateKey->type,
+            ctx->altPrivateKey->heap);
+        if (ret != 0) {
+            return NULL;
+        }
+        /* Blind the private key for the SSL with new random mask. */
+        wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
+            &ssl->buffers.altKeyMask);
+        if (ret != 0) {
+            return NULL;
+        }
+    }
+#endif
+    ssl->buffers.altKeySz   = ctx->altPrivateKeySz;
+    ssl->buffers.altKeyType = ctx->altPrivateKeyType;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif
 
 #ifdef WOLFSSL_SESSION_ID_CTX
@@ -28098,16 +21635,9 @@ VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
     return NULL;
 }
 
-
 #ifdef HAVE_SNI
-
-void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
-    if (ctx)
-        ctx->sniRecvCb = cb;
-}
-
+/* this is a compatibility function, consider using
+ * wolfSSL_CTX_set_servername_callback */
 int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
                                                CallbackSniRecv cb)
 {
@@ -28119,19 +21649,8 @@ int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
     return WOLFSSL_FAILURE;
 }
 
-int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg");
-    if (ctx) {
-        ctx->sniRecvCbArg = arg;
-        return WOLFSSL_SUCCESS;
-    }
-    return WOLFSSL_FAILURE;
-}
-
 #endif /* HAVE_SNI */
 
-
 #ifndef NO_BIO
 void wolfSSL_ERR_load_BIO_strings(void) {
     WOLFSSL_ENTER("wolfSSL_ERR_load_BIO_strings");
@@ -28162,10 +21681,29 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
 }
 #endif
 
-#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX ||
-        * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH ||
-        * HAVE_SBLIM_SFCB)) */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
 
+#ifdef HAVE_SNI
+
+void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
+    if (ctx)
+        ctx->sniRecvCb = cb;
+}
+
+
+int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg");
+    if (ctx) {
+        ctx->sniRecvCbArg = arg;
+        return WOLFSSL_SUCCESS;
+    }
+    return WOLFSSL_FAILURE;
+}
+
+#endif /* HAVE_SNI */
 
 #if defined(OPENSSL_EXTRA)
 
@@ -28188,11 +21726,11 @@ unsigned long wolfSSL_ERR_peek_last_error(void)
             WOLFSSL_MSG("Issue peeking at error node in queue");
             return 0;
         }
-        if (ret == -ASN_NO_PEM_HEADER)
-            return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
+        if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
+            return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E);
     #if defined(WOLFSSL_PYTHON)
         if (ret == ASN1_R_HEADER_TOO_LONG)
-            return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
+            return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
     #endif
         return (unsigned long)ret;
     }
@@ -28237,230 +21775,18 @@ int wolfSSL_version(WOLFSSL* ssl)
     return WOLFSSL_FAILURE;
 }
 
-WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
+WOLFSSL_CTX* wolfSSL_get_SSL_CTX(const WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
     return ssl->ctx;
 }
 
-#if defined(OPENSSL_ALL) || \
-    defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-
-const byte* wolfSSL_SESSION_get_id(const WOLFSSL_SESSION* sess,
-        unsigned int* idLen)
-{
-    WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
-    sess = ClientSessionToSession(sess);
-    if (sess == NULL || idLen == NULL) {
-        WOLFSSL_MSG("Bad func args. Please provide idLen");
-        return NULL;
-    }
-#ifdef HAVE_SESSION_TICKET
-    if (sess->haveAltSessionID) {
-        *idLen = ID_LEN;
-        return sess->altSessionID;
-    }
-#endif
-    *idLen = sess->sessionIDSz;
-    return sess->sessionID;
-}
-
-#if (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
-    !defined(NO_FILESYSTEM)
-
-#ifndef NO_BIO
-
-#if defined(SESSION_CERTS) || \
-   (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
-/* returns a pointer to the protocol used by the session */
-static const char* wolfSSL_SESSION_get_protocol(const WOLFSSL_SESSION* in)
-{
-    in = ClientSessionToSession(in);
-    return wolfSSL_internal_get_version((ProtocolVersion*)&in->version);
-}
-#endif
-
-/* returns true (non 0) if the session has EMS (extended master secret) */
-static int wolfSSL_SESSION_haveEMS(const WOLFSSL_SESSION* in)
-{
-    in = ClientSessionToSession(in);
-    if (in == NULL)
-        return 0;
-    return in->haveEMS;
-}
-
-#if defined(HAVE_SESSION_TICKET)
-/* prints out the ticket to bio passed in
- * return WOLFSSL_SUCCESS on success
- */
-static int wolfSSL_SESSION_print_ticket(WOLFSSL_BIO* bio,
-        const WOLFSSL_SESSION* in, const char* tab)
-{
-    unsigned short i, j, z, sz;
-    short tag = 0;
-    byte* pt;
-
-
-    in = ClientSessionToSession(in);
-    if (in == NULL || bio == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    sz = in->ticketLen;
-    pt = in->ticket;
-
-    if (wolfSSL_BIO_printf(bio, "%s\n", (sz == 0)? " NONE": "") <= 0)
-        return WOLFSSL_FAILURE;
-
-    for (i = 0; i < sz;) {
-        char asc[16];
-
-        if (sz - i < 16) {
-            if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag + (sz - i)) <= 0)
-                return WOLFSSL_FAILURE;
-        }
-        else {
-            if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag) <= 0)
-                return WOLFSSL_FAILURE;
-        }
-        for (j = 0; i < sz && j < 8; j++,i++) {
-            asc[j] =  ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
-            if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0)
-                return WOLFSSL_FAILURE;
-        }
-
-        if (i < sz) {
-            asc[j] =  ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
-            if (wolfSSL_BIO_printf(bio, "-%02X", pt[i]) <= 0)
-                return WOLFSSL_FAILURE;
-            j++;
-            i++;
-        }
-
-        for (; i < sz && j < 16; j++,i++) {
-            asc[j] =  ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
-            if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0)
-                return WOLFSSL_FAILURE;
-        }
-
-        /* pad out spacing */
-        for (z = j; z < 17; z++) {
-            if (wolfSSL_BIO_printf(bio, "   ") <= 0)
-                return WOLFSSL_FAILURE;
-        }
-
-        for (z = 0; z < j; z++) {
-            if (wolfSSL_BIO_printf(bio, "%c", asc[z]) <= 0)
-                return WOLFSSL_FAILURE;
-        }
-        if (wolfSSL_BIO_printf(bio, "\n") <= 0)
-            return WOLFSSL_FAILURE;
-
-        tag += 16;
-    }
-    return WOLFSSL_SUCCESS;
-}
-#endif /* HAVE_SESSION_TICKET */
-
-
-/* prints out the session information in human readable form
- * return WOLFSSL_SUCCESS on success
- */
-int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *session)
-{
-    const unsigned char* pt;
-    unsigned char buf[SECRET_LEN];
-    unsigned int sz = 0, i;
-    int ret;
-
-    session = ClientSessionToSession(session);
-    if (session == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    if (wolfSSL_BIO_printf(bp, "%s\n", "SSL-Session:") <= 0)
-        return WOLFSSL_FAILURE;
-
-#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
-                               defined(HAVE_SESSION_TICKET))
-    if (wolfSSL_BIO_printf(bp, "    Protocol  : %s\n",
-            wolfSSL_SESSION_get_protocol(session)) <= 0)
-        return WOLFSSL_FAILURE;
-#endif
-
-    if (wolfSSL_BIO_printf(bp, "    Cipher    : %s\n",
-            wolfSSL_SESSION_CIPHER_get_name(session)) <= 0)
-        return WOLFSSL_FAILURE;
-
-    pt = wolfSSL_SESSION_get_id(session, &sz);
-    if (wolfSSL_BIO_printf(bp, "    Session-ID: ") <= 0)
-        return WOLFSSL_FAILURE;
-
-    for (i = 0; i < sz; i++) {
-        if (wolfSSL_BIO_printf(bp, "%02X", pt[i]) <= 0)
-            return WOLFSSL_FAILURE;
-    }
-    if (wolfSSL_BIO_printf(bp, "\n") <= 0)
-        return WOLFSSL_FAILURE;
-
-    if (wolfSSL_BIO_printf(bp, "    Session-ID-ctx: \n") <= 0)
-        return WOLFSSL_FAILURE;
-
-    ret = wolfSSL_SESSION_get_master_key(session, buf, sizeof(buf));
-    if (wolfSSL_BIO_printf(bp, "    Master-Key: ") <= 0)
-        return WOLFSSL_FAILURE;
-
-    if (ret > 0) {
-        sz = (unsigned int)ret;
-        for (i = 0; i < sz; i++) {
-            if (wolfSSL_BIO_printf(bp, "%02X", buf[i]) <= 0)
-                return WOLFSSL_FAILURE;
-        }
-    }
-    if (wolfSSL_BIO_printf(bp, "\n") <= 0)
-        return WOLFSSL_FAILURE;
-
-    /* @TODO PSK identity hint and SRP */
-
-    if (wolfSSL_BIO_printf(bp, "    TLS session ticket:") <= 0)
-        return WOLFSSL_FAILURE;
-
-#ifdef HAVE_SESSION_TICKET
-    if (wolfSSL_SESSION_print_ticket(bp, session, "    ") != WOLFSSL_SUCCESS)
-        return WOLFSSL_FAILURE;
-#endif
-
-#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
-        defined(HAVE_EXT_CACHE))
-    if (wolfSSL_BIO_printf(bp, "    Start Time: %ld\n",
-                wolfSSL_SESSION_get_time(session)) <= 0)
-        return WOLFSSL_FAILURE;
-
-    if (wolfSSL_BIO_printf(bp, "    Timeout   : %ld (sec)\n",
-            wolfSSL_SESSION_get_timeout(session)) <= 0)
-        return WOLFSSL_FAILURE;
-#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
-
-    /* @TODO verify return code print */
-
-    if (wolfSSL_BIO_printf(bp, "    Extended master secret: %s\n",
-            (wolfSSL_SESSION_haveEMS(session) == 0)? "no" : "yes") <= 0)
-        return WOLFSSL_FAILURE;
-
-    return WOLFSSL_SUCCESS;
-}
-
-#endif /* !NO_BIO */
-#endif /* (HAVE_SESSION_TICKET || SESSION_CERTS) && !NO_FILESYSTEM */
-
-#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
-
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \
-    || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
 
 /* TODO: Doesn't currently track SSL_VERIFY_CLIENT_ONCE */
-int wolfSSL_get_verify_mode(const WOLFSSL* ssl) {
+int wolfSSL_get_verify_mode(const WOLFSSL* ssl)
+{
     int mode = 0;
     WOLFSSL_ENTER("wolfSSL_get_verify_mode");
 
@@ -28526,709 +21852,6 @@ int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx)
 }
 
 #endif
-#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
-/* return 1 if success, 0 if error
- * output keys are little endian format
- */
-int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
-                                 unsigned char *pub, unsigned int *pubSz)
-{
-#ifndef WOLFSSL_KEY_GEN
-    WOLFSSL_MSG("No Key Gen built in");
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#else /* WOLFSSL_KEY_GEN */
-    int ret = WOLFSSL_FAILURE;
-    int initTmpRng = 0;
-    WC_RNG *rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    WC_RNG *tmpRNG = NULL;
-#else
-    WC_RNG tmpRNG[1];
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
-
-    if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE ||
-        pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-    if (tmpRNG == NULL)
-        return WOLFSSL_FAILURE;
-#endif
-    if (wc_InitRng(tmpRNG) == 0) {
-        rng = tmpRNG;
-        initTmpRng = 1;
-    }
-    else {
-        WOLFSSL_MSG("Bad RNG Init, trying global");
-        if (initGlobalRNG == 0)
-            WOLFSSL_MSG("Global RNG no Init");
-        else
-            rng = &globalRNG;
-    }
-
-    if (rng) {
-        curve25519_key key;
-
-        if (wc_curve25519_init(&key) != MP_OKAY)
-            WOLFSSL_MSG("wc_curve25519_init failed");
-        else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY)
-            WOLFSSL_MSG("wc_curve25519_make_key failed");
-        /* export key pair */
-        else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
-                                                 pubSz, EC25519_LITTLE_ENDIAN)
-                 != MP_OKAY)
-            WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
-        else
-            ret = WOLFSSL_SUCCESS;
-
-        wc_curve25519_free(&key);
-    }
-
-    if (initTmpRng)
-        wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-#endif
-
-    return ret;
-#endif /* WOLFSSL_KEY_GEN */
-}
-
-/* return 1 if success, 0 if error
- * input and output keys are little endian format
- */
-int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
-                               const unsigned char *priv, unsigned int privSz,
-                               const unsigned char *pub, unsigned int pubSz)
-{
-#ifndef WOLFSSL_KEY_GEN
-    WOLFSSL_MSG("No Key Gen built in");
-    (void) shared;
-    (void) sharedSz;
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#else /* WOLFSSL_KEY_GEN */
-    int ret = WOLFSSL_FAILURE;
-    curve25519_key privkey, pubkey;
-
-    WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
-
-    if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE ||
-        priv == NULL || privSz < CURVE25519_KEYSIZE ||
-        pub == NULL || pubSz < CURVE25519_KEYSIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* import private key */
-    if (wc_curve25519_init(&privkey) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve25519_init privkey failed");
-        return ret;
-    }
-    if (wc_curve25519_import_private_ex(priv, privSz, &privkey,
-                                        EC25519_LITTLE_ENDIAN) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
-        wc_curve25519_free(&privkey);
-        return ret;
-    }
-
-    /* import public key */
-    if (wc_curve25519_init(&pubkey) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve25519_init pubkey failed");
-        wc_curve25519_free(&privkey);
-        return ret;
-    }
-    if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
-                                       EC25519_LITTLE_ENDIAN) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
-        wc_curve25519_free(&privkey);
-        wc_curve25519_free(&pubkey);
-        return ret;
-    }
-
-    if (wc_curve25519_shared_secret_ex(&privkey, &pubkey,
-                                       shared, sharedSz,
-                                       EC25519_LITTLE_ENDIAN) != MP_OKAY)
-        WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
-    else
-        ret = WOLFSSL_SUCCESS;
-
-    wc_curve25519_free(&privkey);
-    wc_curve25519_free(&pubkey);
-
-    return ret;
-#endif /* WOLFSSL_KEY_GEN */
-}
-#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
-/* return 1 if success, 0 if error
- * output keys are little endian format
- */
-int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
-                                 unsigned char *pub, unsigned int *pubSz)
-{
-#ifndef WOLFSSL_KEY_GEN
-    WOLFSSL_MSG("No Key Gen built in");
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#elif !defined(HAVE_ED25519_KEY_EXPORT)
-    WOLFSSL_MSG("No ED25519 key export built in");
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#else /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */
-    int ret = WOLFSSL_FAILURE;
-    int initTmpRng = 0;
-    WC_RNG *rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    WC_RNG *tmpRNG = NULL;
-#else
-    WC_RNG tmpRNG[1];
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
-
-    if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE ||
-        pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-    if (tmpRNG == NULL)
-        return WOLFSSL_FATAL_ERROR;
-#endif
-    if (wc_InitRng(tmpRNG) == 0) {
-        rng = tmpRNG;
-        initTmpRng = 1;
-    }
-    else {
-        WOLFSSL_MSG("Bad RNG Init, trying global");
-        if (initGlobalRNG == 0)
-            WOLFSSL_MSG("Global RNG no Init");
-        else
-            rng = &globalRNG;
-    }
-
-    if (rng) {
-        ed25519_key key;
-
-        if (wc_ed25519_init(&key) != MP_OKAY)
-            WOLFSSL_MSG("wc_ed25519_init failed");
-        else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY)
-            WOLFSSL_MSG("wc_ed25519_make_key failed");
-        /* export private key */
-        else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY)
-            WOLFSSL_MSG("wc_ed25519_export_key failed");
-        else
-            ret = WOLFSSL_SUCCESS;
-
-        wc_ed25519_free(&key);
-    }
-
-    if (initTmpRng)
-        wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-#endif
-
-    return ret;
-#endif /* WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_EXPORT */
-}
-
-/* return 1 if success, 0 if error
- * input and output keys are little endian format
- * priv is a buffer containing private and public part of key
- */
-int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
-                         const unsigned char *priv, unsigned int privSz,
-                         unsigned char *sig, unsigned int *sigSz)
-{
-#if !defined(HAVE_ED25519_SIGN) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED25519_KEY_IMPORT)
-#if !defined(HAVE_ED25519_SIGN)
-    WOLFSSL_MSG("No ED25519 sign built in");
-#elif !defined(WOLFSSL_KEY_GEN)
-     WOLFSSL_MSG("No Key Gen built in");
-#elif !defined(HAVE_ED25519_KEY_IMPORT)
-     WOLFSSL_MSG("No ED25519 Key import built in");
-#endif
-    (void) msg;
-    (void) msgSz;
-    (void) priv;
-    (void) privSz;
-    (void) sig;
-    (void) sigSz;
-    return WOLFSSL_FAILURE;
-#else /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */
-    ed25519_key key;
-    int ret = WOLFSSL_FAILURE;
-
-    WOLFSSL_ENTER("wolfSSL_ED25519_sign");
-
-    if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE ||
-        msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* import key */
-    if (wc_ed25519_init(&key) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve25519_init failed");
-        return ret;
-    }
-    if (wc_ed25519_import_private_key(priv, privSz/2,
-                                      priv+(privSz/2), ED25519_PUB_KEY_SIZE,
-                                      &key) != MP_OKAY){
-        WOLFSSL_MSG("wc_ed25519_import_private failed");
-        wc_ed25519_free(&key);
-        return ret;
-    }
-
-    if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
-        WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
-    else
-        ret = WOLFSSL_SUCCESS;
-
-    wc_ed25519_free(&key);
-
-    return ret;
-#endif /* HAVE_ED25519_SIGN && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */
-}
-
-/* return 1 if success, 0 if error
- * input and output keys are little endian format
- * pub is a buffer containing public part of key
- */
-int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
-                           const unsigned char *pub, unsigned int pubSz,
-                           const unsigned char *sig, unsigned int sigSz)
-{
-#if !defined(HAVE_ED25519_VERIFY) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED25519_KEY_IMPORT)
-#if !defined(HAVE_ED25519_VERIFY)
-    WOLFSSL_MSG("No ED25519 verify built in");
-#elif !defined(WOLFSSL_KEY_GEN)
-     WOLFSSL_MSG("No Key Gen built in");
-#elif !defined(HAVE_ED25519_KEY_IMPORT)
-     WOLFSSL_MSG("No ED25519 Key import built in");
-#endif
-    (void) msg;
-    (void) msgSz;
-    (void) pub;
-    (void) pubSz;
-    (void) sig;
-    (void) sigSz;
-    return WOLFSSL_FAILURE;
-#else /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */
-    ed25519_key key;
-    int ret = WOLFSSL_FAILURE, check = 0;
-
-    WOLFSSL_ENTER("wolfSSL_ED25519_verify");
-
-    if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE ||
-        msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* import key */
-    if (wc_ed25519_init(&key) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve25519_init failed");
-        return ret;
-    }
-    if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){
-        WOLFSSL_MSG("wc_ed25519_import_public failed");
-        wc_ed25519_free(&key);
-        return ret;
-    }
-
-    if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz,
-                                     &check, &key)) != MP_OKAY) {
-        WOLFSSL_MSG("wc_ed25519_verify_msg failed");
-    }
-    else if (!check)
-        WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
-    else
-        ret = WOLFSSL_SUCCESS;
-
-    wc_ed25519_free(&key);
-
-    return ret;
-#endif /* HAVE_ED25519_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED25519_KEY_IMPORT */
-}
-
-#endif /* OPENSSL_EXTRA && HAVE_ED25519 */
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448)
-/* return 1 if success, 0 if error
- * output keys are little endian format
- */
-int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz,
-                               unsigned char *pub, unsigned int *pubSz)
-{
-#ifndef WOLFSSL_KEY_GEN
-    WOLFSSL_MSG("No Key Gen built in");
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#else /* WOLFSSL_KEY_GEN */
-    int ret = WOLFSSL_FAILURE;
-    int initTmpRng = 0;
-    WC_RNG *rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    WC_RNG *tmpRNG = NULL;
-#else
-    WC_RNG tmpRNG[1];
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_EC448_generate_key");
-
-    if (priv == NULL || privSz == NULL || *privSz < CURVE448_KEY_SIZE ||
-        pub == NULL || pubSz == NULL || *pubSz < CURVE448_KEY_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-    if (tmpRNG == NULL)
-        return WOLFSSL_FAILURE;
-#endif
-    if (wc_InitRng(tmpRNG) == 0) {
-        rng = tmpRNG;
-        initTmpRng = 1;
-    }
-    else {
-        WOLFSSL_MSG("Bad RNG Init, trying global");
-        if (initGlobalRNG == 0)
-            WOLFSSL_MSG("Global RNG no Init");
-        else
-            rng = &globalRNG;
-    }
-
-    if (rng) {
-        curve448_key key;
-
-        if (wc_curve448_init(&key) != MP_OKAY)
-            WOLFSSL_MSG("wc_curve448_init failed");
-        else if (wc_curve448_make_key(rng, CURVE448_KEY_SIZE, &key)!=MP_OKAY)
-            WOLFSSL_MSG("wc_curve448_make_key failed");
-        /* export key pair */
-        else if (wc_curve448_export_key_raw_ex(&key, priv, privSz, pub, pubSz,
-                                               EC448_LITTLE_ENDIAN)
-                 != MP_OKAY)
-            WOLFSSL_MSG("wc_curve448_export_key_raw_ex failed");
-        else
-            ret = WOLFSSL_SUCCESS;
-
-        wc_curve448_free(&key);
-    }
-
-    if (initTmpRng)
-        wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-#endif
-
-    return ret;
-#endif /* WOLFSSL_KEY_GEN */
-}
-
-/* return 1 if success, 0 if error
- * input and output keys are little endian format
- */
-int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz,
-                             const unsigned char *priv, unsigned int privSz,
-                             const unsigned char *pub, unsigned int pubSz)
-{
-#ifndef WOLFSSL_KEY_GEN
-    WOLFSSL_MSG("No Key Gen built in");
-    (void) shared;
-    (void) sharedSz;
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#else /* WOLFSSL_KEY_GEN */
-    int ret = WOLFSSL_FAILURE;
-    curve448_key privkey, pubkey;
-
-    WOLFSSL_ENTER("wolfSSL_EC448_shared_key");
-
-    if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE448_KEY_SIZE ||
-            priv == NULL || privSz < CURVE448_KEY_SIZE ||
-            pub == NULL || pubSz < CURVE448_KEY_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* import private key */
-    if (wc_curve448_init(&privkey) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve448_init privkey failed");
-        return ret;
-    }
-    if (wc_curve448_import_private_ex(priv, privSz, &privkey,
-                                      EC448_LITTLE_ENDIAN) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve448_import_private_ex failed");
-        wc_curve448_free(&privkey);
-        return ret;
-    }
-
-    /* import public key */
-    if (wc_curve448_init(&pubkey) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve448_init pubkey failed");
-        wc_curve448_free(&privkey);
-        return ret;
-    }
-    if (wc_curve448_import_public_ex(pub, pubSz, &pubkey,
-                                     EC448_LITTLE_ENDIAN) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve448_import_public_ex failed");
-        wc_curve448_free(&privkey);
-        wc_curve448_free(&pubkey);
-        return ret;
-    }
-
-    if (wc_curve448_shared_secret_ex(&privkey, &pubkey, shared, sharedSz,
-                                     EC448_LITTLE_ENDIAN) != MP_OKAY)
-        WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
-    else
-        ret = WOLFSSL_SUCCESS;
-
-    wc_curve448_free(&privkey);
-    wc_curve448_free(&pubkey);
-
-    return ret;
-#endif /* WOLFSSL_KEY_GEN */
-}
-#endif /* OPENSSL_EXTRA && HAVE_CURVE448 */
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448)
-/* return 1 if success, 0 if error
- * output keys are little endian format
- */
-int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz,
-                               unsigned char *pub, unsigned int *pubSz)
-{
-#ifndef WOLFSSL_KEY_GEN
-    WOLFSSL_MSG("No Key Gen built in");
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#elif !defined(HAVE_ED448_KEY_EXPORT)
-    WOLFSSL_MSG("No ED448 key export built in");
-    (void) priv;
-    (void) privSz;
-    (void) pub;
-    (void) pubSz;
-    return WOLFSSL_FAILURE;
-#else /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */
-    int ret = WOLFSSL_FAILURE;
-    int initTmpRng = 0;
-    WC_RNG *rng = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    WC_RNG *tmpRNG = NULL;
-#else
-    WC_RNG tmpRNG[1];
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_ED448_generate_key");
-
-    if (priv == NULL || privSz == NULL || *privSz < ED448_PRV_KEY_SIZE ||
-            pub == NULL || pubSz == NULL || *pubSz < ED448_PUB_KEY_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-    if (tmpRNG == NULL)
-        return WOLFSSL_FATAL_ERROR;
-#endif
-    if (wc_InitRng(tmpRNG) == 0) {
-        rng = tmpRNG;
-        initTmpRng = 1;
-    }
-    else {
-        WOLFSSL_MSG("Bad RNG Init, trying global");
-        if (initGlobalRNG == 0)
-            WOLFSSL_MSG("Global RNG no Init");
-        else
-            rng = &globalRNG;
-    }
-
-    if (rng) {
-        ed448_key key;
-
-        if (wc_ed448_init(&key) != MP_OKAY)
-            WOLFSSL_MSG("wc_ed448_init failed");
-        else if (wc_ed448_make_key(rng, ED448_KEY_SIZE, &key) != MP_OKAY)
-            WOLFSSL_MSG("wc_ed448_make_key failed");
-        /* export private key */
-        else if (wc_ed448_export_key(&key, priv, privSz, pub, pubSz) != MP_OKAY)
-            WOLFSSL_MSG("wc_ed448_export_key failed");
-        else
-            ret = WOLFSSL_SUCCESS;
-
-        wc_ed448_free(&key);
-    }
-
-    if (initTmpRng)
-        wc_FreeRng(tmpRNG);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-#endif
-
-    return ret;
-#endif /* WOLFSSL_KEY_GEN && HAVE_ED448_KEY_EXPORT */
-}
-
-/* return 1 if success, 0 if error
- * input and output keys are little endian format
- * priv is a buffer containing private and public part of key
- */
-int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz,
-                       const unsigned char *priv, unsigned int privSz,
-                       unsigned char *sig, unsigned int *sigSz)
-{
-#if !defined(HAVE_ED448_SIGN) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED448_KEY_IMPORT)
-#if !defined(HAVE_ED448_SIGN)
-    WOLFSSL_MSG("No ED448 sign built in");
-#elif !defined(WOLFSSL_KEY_GEN)
-    WOLFSSL_MSG("No Key Gen built in");
-#elif !defined(HAVE_ED448_KEY_IMPORT)
-    WOLFSSL_MSG("No ED448 Key import built in");
-#endif
-    (void) msg;
-    (void) msgSz;
-    (void) priv;
-    (void) privSz;
-    (void) sig;
-    (void) sigSz;
-    return WOLFSSL_FAILURE;
-#else /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */
-    ed448_key key;
-    int ret = WOLFSSL_FAILURE;
-
-    WOLFSSL_ENTER("wolfSSL_ED448_sign");
-
-    if (priv == NULL || privSz != ED448_PRV_KEY_SIZE || msg == NULL ||
-            sig == NULL || *sigSz < ED448_SIG_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* import key */
-    if (wc_ed448_init(&key) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve448_init failed");
-        return ret;
-    }
-    if (wc_ed448_import_private_key(priv, privSz/2, priv+(privSz/2),
-                                    ED448_PUB_KEY_SIZE, &key) != MP_OKAY){
-        WOLFSSL_MSG("wc_ed448_import_private failed");
-        wc_ed448_free(&key);
-        return ret;
-    }
-
-    if (wc_ed448_sign_msg(msg, msgSz, sig, sigSz, &key, NULL, 0) != MP_OKAY)
-        WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
-    else
-        ret = WOLFSSL_SUCCESS;
-
-    wc_ed448_free(&key);
-
-    return ret;
-#endif /* HAVE_ED448_SIGN && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */
-}
-
-/* return 1 if success, 0 if error
- * input and output keys are little endian format
- * pub is a buffer containing public part of key
- */
-int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz,
-                         const unsigned char *pub, unsigned int pubSz,
-                         const unsigned char *sig, unsigned int sigSz)
-{
-#if !defined(HAVE_ED448_VERIFY) || !defined(WOLFSSL_KEY_GEN) || !defined(HAVE_ED448_KEY_IMPORT)
-#if !defined(HAVE_ED448_VERIFY)
-    WOLFSSL_MSG("No ED448 verify built in");
-#elif !defined(WOLFSSL_KEY_GEN)
-    WOLFSSL_MSG("No Key Gen built in");
-#elif !defined(HAVE_ED448_KEY_IMPORT)
-    WOLFSSL_MSG("No ED448 Key import built in");
-#endif
-    (void) msg;
-    (void) msgSz;
-    (void) pub;
-    (void) pubSz;
-    (void) sig;
-    (void) sigSz;
-    return WOLFSSL_FAILURE;
-#else /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN && HAVE_ED448_KEY_IMPORT */
-    ed448_key key;
-    int ret = WOLFSSL_FAILURE, check = 0;
-
-    WOLFSSL_ENTER("wolfSSL_ED448_verify");
-
-    if (pub == NULL || pubSz != ED448_PUB_KEY_SIZE || msg == NULL ||
-            sig == NULL || sigSz != ED448_SIG_SIZE) {
-        WOLFSSL_MSG("Bad arguments");
-        return WOLFSSL_FAILURE;
-    }
-
-    /* import key */
-    if (wc_ed448_init(&key) != MP_OKAY) {
-        WOLFSSL_MSG("wc_curve448_init failed");
-        return ret;
-    }
-    if (wc_ed448_import_public(pub, pubSz, &key) != MP_OKAY){
-        WOLFSSL_MSG("wc_ed448_import_public failed");
-        wc_ed448_free(&key);
-        return ret;
-    }
-
-    if ((ret = wc_ed448_verify_msg((byte*)sig, sigSz, msg, msgSz, &check,
-                                   &key, NULL, 0)) != MP_OKAY) {
-        WOLFSSL_MSG("wc_ed448_verify_msg failed");
-    }
-    else if (!check)
-        WOLFSSL_MSG("wc_ed448_verify_msg failed (signature invalid)");
-    else
-        ret = WOLFSSL_SUCCESS;
-
-    wc_ed448_free(&key);
-
-    return ret;
-#endif /* HAVE_ED448_VERIFY && WOLFSSL_KEY_GEN */
-}
-
-#endif /* OPENSSL_EXTRA && HAVE_ED448 */
 
 #ifdef WOLFSSL_JNI
 
@@ -29290,12 +21913,12 @@ int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
 static int peek_ignore_err(int err)
 {
   switch(err) {
-    case -WANT_READ:
-    case -WANT_WRITE:
-    case -ZERO_RETURN:
+    case -WC_NO_ERR_TRACE(WANT_READ):
+    case -WC_NO_ERR_TRACE(WANT_WRITE):
+    case -WC_NO_ERR_TRACE(ZERO_RETURN):
     case -WOLFSSL_ERROR_ZERO_RETURN:
-    case -SOCKET_PEER_CLOSED_E:
-    case -SOCKET_ERROR_E:
+    case -WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E):
+    case -WC_NO_ERR_TRACE(SOCKET_ERROR_E):
       return 1;
     default:
       return 0;
@@ -29310,22 +21933,23 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
     WOLFSSL_ENTER("wolfSSL_ERR_peek_error_line_data");
     err = wc_PeekErrorNodeLineData(file, line, data, flags, peek_ignore_err);
 
-    if (err == -ASN_NO_PEM_HEADER)
-        return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
+    if (err == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
+        return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E);
 #ifdef OPENSSL_ALL
     /* PARSE_ERROR is returned if an HTTP request is detected. */
-    else if (err == -SSL_R_HTTP_REQUEST)
-        return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST;
+    else if (err == -WC_NO_ERR_TRACE(PARSE_ERROR))
+        return (WOLFSSL_ERR_LIB_SSL << 24) | -WC_NO_ERR_TRACE(PARSE_ERROR) /* SSL_R_HTTP_REQUEST */;
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
     else if (err == ASN1_R_HEADER_TOO_LONG)
-        return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
+        return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
 #endif
   return err;
 }
 #endif
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
 
 #if !defined(WOLFSSL_USER_IO)
 /* converts an IPv6 or IPv4 address into an octet string for use with rfc3280
@@ -29469,7 +22093,7 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
                             add->data.cipher.cipherSuite0 &&
                             cipher_names[j].cipherSuite ==
                                     add->data.cipher.cipherSuite) {
-                        add->data.cipher.offset = j;
+                        add->data.cipher.offset = (unsigned long)j;
                         break;
                     }
                 }
@@ -29493,10 +22117,86 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
     }
     return ssl->suitesStack;
 }
-#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#ifdef OPENSSL_ALL
+/* returned pointer is to an internal element in WOLFSSL struct and should not
+ * be free'd. It gets free'd when the WOLFSSL struct is free'd. */
+WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
+{
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
+    const CipherSuiteInfo* cipher_names = GetCipherNames();
+    int cipherSz = GetCipherNamesSize();
+    const Suites* suites;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
+    WOLFSSL_ENTER("wolfSSL_get_client_ciphers");
+
+    if (ssl == NULL) {
+        return NULL;
+    }
+
+    /* return NULL if is client side */
+    if (wolfSSL_is_server(ssl) == 0) {
+        return NULL;
+    }
+
+    suites = ssl->clSuites;
+    if (suites == NULL) {
+        WOLFSSL_MSG("No client suites stored");
+    }
+    else if (ssl->clSuitesStack != NULL) {
+        ret = ssl->clSuitesStack;
+    }
+    else { /* generate cipher suites stack if not already done */
+        int i;
+        int j;
+
+        ret = wolfSSL_sk_new_node(ssl->heap);
+        if (ret != NULL) {
+            ret->type = STACK_TYPE_CIPHER;
+
+            /* higher priority of cipher suite will be on top of stack */
+            for (i = suites->suiteSz - 2; i >= 0; i -= 2) {
+                WOLFSSL_CIPHER cipher;
+
+                /* A couple of suites are placeholders for special options,
+                 * skip those. */
+                if (SCSV_Check(suites->suites[i], suites->suites[i+1])
+                        || sslCipherMinMaxCheck(ssl, suites->suites[i],
+                                                suites->suites[i+1])) {
+                    continue;
+                }
+
+                cipher.cipherSuite0 = suites->suites[i];
+                cipher.cipherSuite  = suites->suites[i+1];
+                cipher.ssl          = ssl;
+                for (j = 0; j < cipherSz; j++) {
+                    if (cipher_names[j].cipherSuite0 ==
+                            cipher.cipherSuite0 &&
+                            cipher_names[j].cipherSuite ==
+                                    cipher.cipherSuite) {
+                        cipher.offset = (unsigned long)j;
+                        break;
+                    }
+                }
+
+                /* in_stack is checked in wolfSSL_CIPHER_description */
+                cipher.in_stack     = 1;
+
+                if (wolfSSL_sk_CIPHER_push(ret, &cipher) <= 0) {
+                    WOLFSSL_MSG("Error pushing client cipher onto stack");
+                    wolfSSL_sk_CIPHER_free(ret);
+                    ret = NULL;
+                    break;
+                }
+            }
+        }
+        ssl->clSuitesStack = ret;
+    }
+    return ret;
+}
+#endif /* OPENSSL_ALL */
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
 long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout");
@@ -29530,88 +22230,13 @@ int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh)
     if (ctx == NULL || ecdh == NULL)
         return BAD_FUNC_ARG;
 
-    ctx->ecdhCurveOID = ecdh->group->curve_oid;
+    ctx->ecdhCurveOID = (word32)ecdh->group->curve_oid;
 
     return WOLFSSL_SUCCESS;
 }
 #endif
-#ifndef NO_SESSION_CACHE
-int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s)
-{
-#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
-    int rem_called = FALSE;
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_SSL_CTX_remove_session");
-
-    s = ClientSessionToSession(s);
-    if (ctx == NULL || s == NULL)
-        return BAD_FUNC_ARG;
-
-#ifdef HAVE_EXT_CACHE
-    if (!ctx->internalCacheOff)
-#endif
-    {
-        const byte* id;
-        WOLFSSL_SESSION *sess = NULL;
-        word32 row = 0;
-        int ret;
-
-        id = s->sessionID;
-        if (s->haveAltSessionID)
-            id = s->altSessionID;
-
-        ret = TlsSessionCacheGetAndWrLock(id, &sess, &row, ctx->method->side);
-        if (ret == 0 && sess != NULL) {
-#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
-            if (sess->rem_sess_cb != NULL) {
-                rem_called = TRUE;
-            }
-#endif
-            /* Call this before changing ownExData so that calls to ex_data
-             * don't try to access the SessionCache again. */
-            EvictSessionFromCache(sess);
-#ifdef HAVE_EX_DATA
-            if (sess->ownExData) {
-                /* Most recent version of ex data is in cache. Copy it
-                 * over so the user can free it. */
-                XMEMCPY(&s->ex_data, &sess->ex_data,
-                        sizeof(WOLFSSL_CRYPTO_EX_DATA));
-                s->ownExData = 1;
-                sess->ownExData = 0;
-            }
-#endif
-#ifdef SESSION_CACHE_DYNAMIC_MEM
-            {
-                /* Find and clear entry. Row is locked so we are good to go. */
-                int idx;
-                for (idx = 0; idx < SESSIONS_PER_ROW; idx++) {
-                    if (sess == SessionCache[row].Sessions[idx]) {
-                        XFREE(sess, sess->heap, DYNAMIC_TYPE_SESSION);
-                        SessionCache[row].Sessions[idx] = NULL;
-                        break;
-                    }
-                }
-            }
-#endif
-            TlsSessionCacheUnlockRow(row);
-        }
-    }
-
-#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
-    if (ctx->rem_sess_cb != NULL && !rem_called) {
-        ctx->rem_sess_cb(ctx, s);
-    }
-#endif
-
-    /* s cannot be resumed at this point */
-    s->timeout = 0;
-
-    return 0;
-}
-#endif /* !NO_SESSION_CACHE */
 #ifndef NO_BIO
-BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
+WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_get_rbio");
     /* Nginx sets the buffer size if the read BIO is different to write BIO.
@@ -29622,7 +22247,7 @@ BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
 
     return s->biord;
 }
-BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
+WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_get_wbio");
     (void)s;
@@ -29636,6 +22261,7 @@ BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
 }
 #endif /* !NO_BIO */
 
+#ifndef NO_TLS
 int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_do_handshake_internal");
@@ -29669,6 +22295,7 @@ int wolfSSL_SSL_do_handshake(WOLFSSL *s)
 #endif
     return wolfSSL_SSL_do_handshake_internal(s);
 }
+#endif /* !NO_TLS */
 
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 int wolfSSL_SSL_in_init(const WOLFSSL *ssl)
@@ -29707,17 +22334,6 @@ int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl)
         ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE;
 }
 
-#ifndef NO_SESSION_CACHE
-
-WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl)
-{
-    WOLFSSL_ENTER("wolfSSL_SSL_get0_session");
-
-    return ssl->session;
-}
-
-#endif /* NO_SESSION_CACHE */
-
 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
 /* Expected return values from implementations of OpenSSL ticket key callback.
  */
@@ -29934,8 +22550,9 @@ long wolfSSL_CTX_get_tlsext_ticket_keys(WOLFSSL_CTX *ctx,
  *          correct length.
  */
 long wolfSSL_CTX_set_tlsext_ticket_keys(WOLFSSL_CTX *ctx,
-     unsigned char *keys, int keylen)
+     const void *keys_vp, int keylen)
 {
+    const byte* keys = (const byte*)keys_vp;
     if (ctx == NULL || keys == NULL) {
         return WOLFSSL_FAILURE;
     }
@@ -30001,7 +22618,8 @@ int wolfSSL_get_ocsp_producedDate(
     if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space)
         return BUFFER_E;
 
-    XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate, producedDate_space);
+    XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate,
+        producedDate_space);
     *producedDateFormat = ssl->ocspProducedDateFormat;
 
     return 0;
@@ -30028,7 +22646,8 @@ int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) {
 
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain)
+int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
+    WOLF_STACK_OF(X509)** chain)
 {
     word32         idx;
     word32         length;
@@ -30062,8 +22681,8 @@ int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** ch
         idx += 3;
 
         /* Create a new X509 from DER encoded data. */
-        node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
-            length);
+        node->data.x509 = wolfSSL_X509_d2i_ex(NULL,
+            ctx->certChain->buffer + idx, (int)length, ctx->heap);
         if (node->data.x509 == NULL) {
             XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
             /* Return as much of the chain as we created. */
@@ -30175,8 +22794,7 @@ void wolfSSL_WOLFSSL_STRING_free(WOLFSSL_STRING s)
 {
     WOLFSSL_ENTER("wolfSSL_WOLFSSL_STRING_free");
 
-    if (s != NULL)
-        XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk)
@@ -30196,8 +22814,8 @@ void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk)
     }
 }
 
-WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
-    int idx)
+WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(
+    WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx)
 {
     for (; idx > 0 && strings != NULL; idx--)
         strings = strings->next;
@@ -30239,7 +22857,7 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
     byte lenIn, lenClient;
 
     if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL)
-        return OPENSSL_NPN_UNSUPPORTED;
+        return WOLFSSL_NPN_UNSUPPORTED;
 
     for (i = 0; i < inLen; i += lenIn) {
         lenIn = in[i++];
@@ -30252,14 +22870,14 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
             if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) {
                 *out = (unsigned char *)(in + i);
                 *outLen = lenIn;
-                return OPENSSL_NPN_NEGOTIATED;
+                return WOLFSSL_NPN_NEGOTIATED;
             }
         }
     }
 
     *out = (unsigned char *)clientNames + 1;
     *outLen = clientNames[0];
-    return OPENSSL_NPN_NO_OVERLAP;
+    return WOLFSSL_NPN_NO_OVERLAP;
 }
 
 void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl,
@@ -30317,8 +22935,8 @@ void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
     WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb");
 }
 
-void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
-                                    unsigned *len)
+void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s,
+    const unsigned char **data, unsigned *len)
 {
     (void)s;
     (void)data;
@@ -30332,25 +22950,122 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **
 #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
 int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id)
 {
-    if (curve_id >= WOLFSSL_FFDHE_START) {
-        /* DH parameters are never disabled. */
-        return 0;
+    int ret = 0;
+
+    WOLFSSL_ENTER("wolfSSL_curve_is_disabled");
+    WOLFSSL_MSG_EX("wolfSSL_curve_is_disabled checking for %d", curve_id);
+
+    /* (curve_id >= WOLFSSL_FFDHE_START) - DH parameters are never disabled. */
+    if (curve_id < WOLFSSL_FFDHE_START) {
+        if (curve_id > WOLFSSL_ECC_MAX_AVAIL) {
+            WOLFSSL_MSG("Curve id out of supported range");
+            /* Disabled if not in valid range. */
+            ret = 1;
+        }
+        else if (curve_id >= 32) {
+            /* 0 is for invalid and 1-14 aren't used otherwise. */
+            ret = (ssl->disabledCurves & (1U << (curve_id - 32))) != 0;
+        }
+        else {
+            ret = (ssl->disabledCurves & (1U << curve_id)) != 0;
+        }
     }
-    if (curve_id > WOLFSSL_ECC_MAX_AVAIL) {
-        WOLFSSL_MSG("Curve id out of supported range");
-        /* Disabled if not in valid range. */
-        return 1;
-    }
-    if (curve_id >= 32) {
-        /* 0 is for invalid and 1-14 aren't used otherwise. */
-        return (ssl->disabledCurves & (1U << (curve_id - 32))) != 0;
-    }
-    return (ssl->disabledCurves & (1U << curve_id)) != 0;
+
+    WOLFSSL_LEAVE("wolfSSL_curve_is_disabled", ret);
+    return ret;
 }
 
 #if (defined(HAVE_ECC) || \
     defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
-static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
+#define CURVE_NAME(c) XSTR_SIZEOF((c)), (c)
+
+const WOLF_EC_NIST_NAME kNistCurves[] = {
+#ifdef HAVE_ECC
+    {CURVE_NAME("P-160"),   WC_NID_secp160r1, WOLFSSL_ECC_SECP160R1},
+    {CURVE_NAME("P-160-2"), WC_NID_secp160r2, WOLFSSL_ECC_SECP160R2},
+    {CURVE_NAME("P-192"),   WC_NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1},
+    {CURVE_NAME("P-224"),   WC_NID_secp224r1, WOLFSSL_ECC_SECP224R1},
+    {CURVE_NAME("P-256"),   WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("P-384"),   WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+    {CURVE_NAME("P-521"),   WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+    {CURVE_NAME("K-160"),   WC_NID_secp160k1, WOLFSSL_ECC_SECP160K1},
+    {CURVE_NAME("K-192"),   WC_NID_secp192k1, WOLFSSL_ECC_SECP192K1},
+    {CURVE_NAME("K-224"),   WC_NID_secp224k1, WOLFSSL_ECC_SECP224R1},
+    {CURVE_NAME("K-256"),   WC_NID_secp256k1, WOLFSSL_ECC_SECP256K1},
+    {CURVE_NAME("B-256"),   WC_NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1},
+    {CURVE_NAME("B-384"),   WC_NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1},
+    {CURVE_NAME("B-512"),   WC_NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1},
+#endif
+#ifdef HAVE_CURVE25519
+    {CURVE_NAME("X25519"),  WC_NID_X25519, WOLFSSL_ECC_X25519},
+#endif
+#ifdef HAVE_CURVE448
+    {CURVE_NAME("X448"),    WC_NID_X448, WOLFSSL_ECC_X448},
+#endif
+#ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+    {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512},
+    {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768},
+    {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024},
+#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
+    {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512,
+     WOLFSSL_P256_ML_KEM_512},
+    {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768,
+     WOLFSSL_P384_ML_KEM_768},
+    {CURVE_NAME("P256_ML_KEM_768"), WOLFSSL_P256_ML_KEM_768,
+     WOLFSSL_P256_ML_KEM_768},
+    {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024,
+     WOLFSSL_P521_ML_KEM_1024},
+    {CURVE_NAME("P384_ML_KEM_1024"), WOLFSSL_P384_ML_KEM_1024,
+     WOLFSSL_P384_ML_KEM_1024},
+    {CURVE_NAME("X25519_ML_KEM_512"), WOLFSSL_X25519_ML_KEM_512,
+     WOLFSSL_X25519_ML_KEM_512},
+    {CURVE_NAME("X448_ML_KEM_768"), WOLFSSL_X448_ML_KEM_768,
+     WOLFSSL_X448_ML_KEM_768},
+    {CURVE_NAME("X25519_ML_KEM_768"), WOLFSSL_X25519_ML_KEM_768,
+     WOLFSSL_X25519_ML_KEM_768},
+#endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1},
+    {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3},
+    {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5},
+#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
+    {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1,
+     WOLFSSL_P256_KYBER_LEVEL1},
+    {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3,
+     WOLFSSL_P384_KYBER_LEVEL3},
+    {CURVE_NAME("P256_KYBER_LEVEL3"), WOLFSSL_P256_KYBER_LEVEL3,
+     WOLFSSL_P256_KYBER_LEVEL3},
+    {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5,
+     WOLFSSL_P521_KYBER_LEVEL5},
+    {CURVE_NAME("X25519_KYBER_LEVEL1"), WOLFSSL_X25519_KYBER_LEVEL1,
+     WOLFSSL_X25519_KYBER_LEVEL1},
+    {CURVE_NAME("X448_KYBER_LEVEL3"), WOLFSSL_X448_KYBER_LEVEL3,
+     WOLFSSL_X448_KYBER_LEVEL3},
+    {CURVE_NAME("X25519_KYBER_LEVEL3"), WOLFSSL_X25519_KYBER_LEVEL3,
+     WOLFSSL_X25519_KYBER_LEVEL3},
+#endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
+#endif /* WOLFSSL_HAVE_KYBER */
+#ifdef WOLFSSL_SM2
+    {CURVE_NAME("SM2"),     WC_NID_sm2, WOLFSSL_ECC_SM2P256V1},
+#endif
+#ifdef HAVE_ECC
+    /* Alternative curve names */
+    {CURVE_NAME("prime256v1"), WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("secp256r1"),  WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("secp384r1"),  WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+    {CURVE_NAME("secp521r1"),  WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+#endif
+#ifdef WOLFSSL_SM2
+    {CURVE_NAME("sm2p256v1"),  WC_NID_sm2, WOLFSSL_ECC_SM2P256V1},
+#endif
+    {0, NULL, 0, 0},
+};
+
+int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
+        byte curves_only)
 {
     int idx, start = 0, len, i, ret = WOLFSSL_FAILURE;
     word16 curve;
@@ -30363,6 +23078,7 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
 #else
     int groups[WOLFSSL_MAX_GROUP_COUNT];
 #endif
+    const WOLF_EC_NIST_NAME* nist_name;
 
 #ifdef WOLFSSL_SMALL_STACK
     groups = (int*)XMALLOC(sizeof(int)*WOLFSSL_MAX_GROUP_COUNT,
@@ -30381,47 +23097,20 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
         if (len > MAX_CURVE_NAME_SZ - 1)
             goto leave;
 
-        XMEMCPY(name, names + start, len);
-        name[len++] = 0;
+        XMEMCPY(name, names + start, (size_t)len);
+        name[len] = 0;
+        curve = WOLFSSL_NAMED_GROUP_INVALID;
 
-        /* Use XSTRNCMP to avoid valgrind error. */
-        if ((XSTRNCMP(name, "prime256v1", len) == 0) ||
-            (XSTRNCMP(name, "secp256r1", len) == 0) ||
-            (XSTRNCMP(name, "P-256", len) == 0))
-        {
-            curve = WOLFSSL_ECC_SECP256R1;
+        for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
+            if (len == nist_name->name_len &&
+                    XSTRNCMP(name, nist_name->name, (size_t)len) == 0) {
+                curve = nist_name->curve;
+                break;
+            }
         }
-        else if ((XSTRNCMP(name, "secp384r1", len) == 0) ||
-                 (XSTRNCMP(name, "P-384", len) == 0))
-        {
-            curve = WOLFSSL_ECC_SECP384R1;
-        }
-        else if ((XSTRNCMP(name, "secp521r1", len) == 0) ||
-                 (XSTRNCMP(name, "P-521", len) == 0))
-        {
-            curve = WOLFSSL_ECC_SECP521R1;
-        }
-    #ifdef WOLFSSL_SM2
-        else if ((XSTRNCMP(name, "sm2p256v1", len) == 0) ||
-                 (XSTRNCMP(name, "SM2", len) == 0))
-        {
-            curve = WOLFSSL_ECC_SM2P256V1;
-        }
-    #endif
-    #ifdef HAVE_CURVE25519
-        else if (XSTRNCMP(name, "X25519", len) == 0)
-        {
-            curve = WOLFSSL_ECC_X25519;
-        }
-    #endif
-    #ifdef HAVE_CURVE448
-        else if (XSTRNCMP(name, "X448", len) == 0)
-        {
-            curve = WOLFSSL_ECC_X448;
-        }
-    #endif
-        else {
-        #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+
+        if (curve == WOLFSSL_NAMED_GROUP_INVALID) {
+        #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(HAVE_ECC)
             int   nret;
             const ecc_set_type *eccSet;
 
@@ -30437,14 +23126,15 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
                 goto leave;
             }
 
-            curve = GetCurveByOID(eccSet->oidSum);
+            curve = GetCurveByOID((int)eccSet->oidSum);
         #else
             WOLFSSL_MSG("API not present to search farther using name");
             goto leave;
         #endif
         }
 
-        if (curve >= WOLFSSL_ECC_MAX_AVAIL) {
+        if ((curves_only && curve >= WOLFSSL_ECC_MAX_AVAIL) ||
+                curve == WOLFSSL_NAMED_GROUP_INVALID) {
             WOLFSSL_MSG("curve value is not supported");
             goto leave;
         }
@@ -30472,15 +23162,18 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
     for (i = 0; i < groups_len; ++i) {
         /* Switch the bit to off and therefore is enabled. */
         curve = (word16)groups[i];
-        if (curve >= 32) {
+        if (curve >= 64) {
+            WC_DO_NOTHING;
+        }
+        else if (curve >= 32) {
             /* 0 is for invalid and 1-14 aren't used otherwise. */
             disabled &= ~(1U << (curve - 32));
         }
         else {
             disabled &= ~(1U << curve);
         }
-    #ifdef HAVE_SUPPORTED_CURVES
-    #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_OLD_SET_CURVES_LIST)
+    #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_TLS)
+    #if !defined(WOLFSSL_OLD_SET_CURVES_LIST)
         /* using the wolfSSL API to set the groups, this will populate
          * (ssl|ctx)->groups and reset any TLSX_SUPPORTED_GROUPS.
          * The order in (ssl|ctx)->groups will then be respected
@@ -30502,12 +23195,12 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
             goto leave;
         }
     #endif
-    #endif /* HAVE_SUPPORTED_CURVES */
+    #endif /* HAVE_SUPPORTED_CURVES && !NO_TLS */
     }
 
-    if (ssl)
+    if (ssl != NULL)
         ssl->disabledCurves = disabled;
-    else
+    else if (ctx != NULL)
         ctx->disabledCurves = disabled;
     ret = WOLFSSL_SUCCESS;
 
@@ -30521,24 +23214,27 @@ leave:
 
 int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
 {
+    WOLFSSL_ENTER("wolfSSL_CTX_set1_curves_list");
     if (ctx == NULL || names == NULL) {
         WOLFSSL_MSG("ctx or names was NULL");
         return WOLFSSL_FAILURE;
     }
-    return set_curves_list(NULL, ctx, names);
+    return set_curves_list(NULL, ctx, names, 1);
 }
 
 int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names)
 {
+    WOLFSSL_ENTER("wolfSSL_set1_curves_list");
     if (ssl == NULL || names == NULL) {
         WOLFSSL_MSG("ssl or names was NULL");
         return WOLFSSL_FAILURE;
     }
-    return set_curves_list(ssl, NULL, names);
+    return set_curves_list(ssl, NULL, names, 1);
 }
 #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */
 #endif /* OPENSSL_EXTRA || HAVE_CURL */
 
+
 #ifdef OPENSSL_EXTRA
 /* Sets a callback for when sending and receiving protocol messages.
  * This callback is copied to all WOLFSSL objects created from the ctx.
@@ -30610,7 +23306,8 @@ int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
     return WOLFSSL_SUCCESS;
 }
 
-void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line)
+void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file,
+    int line)
 {
     void *ret;
     (void)file;
@@ -30619,7 +23316,7 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int
     if (data == NULL || siz >= INT_MAX)
         return NULL;
 
-    ret = OPENSSL_malloc(siz);
+    ret = wolfSSL_OPENSSL_malloc(siz);
     if (ret == NULL) {
         return NULL;
     }
@@ -30742,7 +23439,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
     /* clears out all current ALPN extensions set */
     TLSX_Remove(&ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL, ssl->heap);
 
-    if ((sz = wolfSSL_BIO_get_mem_data(bio, &pt)) > 0) {
+    if ((sz = (unsigned int)wolfSSL_BIO_get_mem_data(bio, &pt)) > 0) {
         wolfSSL_UseALPN(ssl, pt, sz, (byte) alpn_opt);
     }
     wolfSSL_BIO_free(bio);
@@ -30774,45 +23471,45 @@ word32 nid2oid(int nid, int grp)
         case oidHashType:
             switch (nid) {
             #ifdef WOLFSSL_MD2
-                case NID_md2:
+                case WC_NID_md2:
                     return MD2h;
             #endif
             #ifndef NO_MD5
-                case NID_md5:
+                case WC_NID_md5:
                     return MD5h;
             #endif
             #ifndef NO_SHA
-                case NID_sha1:
+                case WC_NID_sha1:
                     return SHAh;
             #endif
-                case NID_sha224:
+                case WC_NID_sha224:
                     return SHA224h;
             #ifndef NO_SHA256
-                case NID_sha256:
+                case WC_NID_sha256:
                     return SHA256h;
             #endif
             #ifdef WOLFSSL_SHA384
-                case NID_sha384:
+                case WC_NID_sha384:
                     return SHA384h;
             #endif
             #ifdef WOLFSSL_SHA512
-                case NID_sha512:
+                case WC_NID_sha512:
                     return SHA512h;
             #endif
             #ifndef WOLFSSL_NOSHA3_224
-                case NID_sha3_224:
+                case WC_NID_sha3_224:
                     return SHA3_224h;
             #endif
             #ifndef WOLFSSL_NOSHA3_256
-                case NID_sha3_256:
+                case WC_NID_sha3_256:
                     return SHA3_256h;
             #endif
             #ifndef WOLFSSL_NOSHA3_384
-                case NID_sha3_384:
+                case WC_NID_sha3_384:
                     return SHA3_384h;
             #endif
             #ifndef WOLFSSL_NOSHA3_512
-                case NID_sha3_512:
+                case WC_NID_sha3_512:
                     return SHA3_512h;
             #endif
             }
@@ -30822,56 +23519,56 @@ word32 nid2oid(int nid, int grp)
         case oidSigType:
             switch (nid) {
             #ifndef NO_DSA
-                case NID_dsaWithSHA1:
+                case WC_NID_dsaWithSHA1:
                     return CTC_SHAwDSA;
-                case NID_dsa_with_SHA256:
+                case WC_NID_dsa_with_SHA256:
                     return CTC_SHA256wDSA;
             #endif /* NO_DSA */
             #ifndef NO_RSA
-                case NID_md2WithRSAEncryption:
+                case WC_NID_md2WithRSAEncryption:
                     return CTC_MD2wRSA;
-                case NID_md5WithRSAEncryption:
+                case WC_NID_md5WithRSAEncryption:
                     return CTC_MD5wRSA;
-                case NID_sha1WithRSAEncryption:
+                case WC_NID_sha1WithRSAEncryption:
                     return CTC_SHAwRSA;
-                case NID_sha224WithRSAEncryption:
+                case WC_NID_sha224WithRSAEncryption:
                     return CTC_SHA224wRSA;
-                case NID_sha256WithRSAEncryption:
+                case WC_NID_sha256WithRSAEncryption:
                     return CTC_SHA256wRSA;
-                case NID_sha384WithRSAEncryption:
+                case WC_NID_sha384WithRSAEncryption:
                     return CTC_SHA384wRSA;
-                case NID_sha512WithRSAEncryption:
+                case WC_NID_sha512WithRSAEncryption:
                     return CTC_SHA512wRSA;
                 #ifdef WOLFSSL_SHA3
-                case NID_RSA_SHA3_224:
+                case WC_NID_RSA_SHA3_224:
                     return CTC_SHA3_224wRSA;
-                case NID_RSA_SHA3_256:
+                case WC_NID_RSA_SHA3_256:
                     return CTC_SHA3_256wRSA;
-                case NID_RSA_SHA3_384:
+                case WC_NID_RSA_SHA3_384:
                     return CTC_SHA3_384wRSA;
-                case NID_RSA_SHA3_512:
+                case WC_NID_RSA_SHA3_512:
                     return CTC_SHA3_512wRSA;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
-                case NID_ecdsa_with_SHA1:
+                case WC_NID_ecdsa_with_SHA1:
                     return CTC_SHAwECDSA;
-                case NID_ecdsa_with_SHA224:
+                case WC_NID_ecdsa_with_SHA224:
                     return CTC_SHA224wECDSA;
-                case NID_ecdsa_with_SHA256:
+                case WC_NID_ecdsa_with_SHA256:
                     return CTC_SHA256wECDSA;
-                case NID_ecdsa_with_SHA384:
+                case WC_NID_ecdsa_with_SHA384:
                     return CTC_SHA384wECDSA;
-                case NID_ecdsa_with_SHA512:
+                case WC_NID_ecdsa_with_SHA512:
                     return CTC_SHA512wECDSA;
                 #ifdef WOLFSSL_SHA3
-                case NID_ecdsa_with_SHA3_224:
+                case WC_NID_ecdsa_with_SHA3_224:
                     return CTC_SHA3_224wECDSA;
-                case NID_ecdsa_with_SHA3_256:
+                case WC_NID_ecdsa_with_SHA3_256:
                     return CTC_SHA3_256wECDSA;
-                case NID_ecdsa_with_SHA3_384:
+                case WC_NID_ecdsa_with_SHA3_384:
                     return CTC_SHA3_384wECDSA;
-                case NID_ecdsa_with_SHA3_512:
+                case WC_NID_ecdsa_with_SHA3_512:
                     return CTC_SHA3_512wECDSA;
                 #endif
             #endif /* HAVE_ECC */
@@ -30882,15 +23579,15 @@ word32 nid2oid(int nid, int grp)
         case oidKeyType:
             switch (nid) {
             #ifndef NO_DSA
-                case NID_dsa:
+                case WC_NID_dsa:
                     return DSAk;
             #endif /* NO_DSA */
             #ifndef NO_RSA
-                case NID_rsaEncryption:
+                case WC_NID_rsaEncryption:
                     return RSAk;
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
-                case NID_X9_62_id_ecPublicKey:
+                case WC_NID_X9_62_id_ecPublicKey:
                     return ECDSAk;
             #endif /* HAVE_ECC */
             }
@@ -30900,59 +23597,59 @@ word32 nid2oid(int nid, int grp)
     #ifdef HAVE_ECC
         case oidCurveType:
             switch (nid) {
-            case NID_X9_62_prime192v1:
+            case WC_NID_X9_62_prime192v1:
                 return ECC_SECP192R1_OID;
-            case NID_X9_62_prime192v2:
+            case WC_NID_X9_62_prime192v2:
                 return ECC_PRIME192V2_OID;
-            case NID_X9_62_prime192v3:
+            case WC_NID_X9_62_prime192v3:
                 return ECC_PRIME192V3_OID;
-            case NID_X9_62_prime239v1:
+            case WC_NID_X9_62_prime239v1:
                 return ECC_PRIME239V1_OID;
-            case NID_X9_62_prime239v2:
+            case WC_NID_X9_62_prime239v2:
                 return ECC_PRIME239V2_OID;
-            case NID_X9_62_prime239v3:
+            case WC_NID_X9_62_prime239v3:
                 return ECC_PRIME239V3_OID;
-            case NID_X9_62_prime256v1:
+            case WC_NID_X9_62_prime256v1:
                 return ECC_SECP256R1_OID;
-            case NID_secp112r1:
+            case WC_NID_secp112r1:
                 return ECC_SECP112R1_OID;
-            case NID_secp112r2:
+            case WC_NID_secp112r2:
                 return ECC_SECP112R2_OID;
-            case NID_secp128r1:
+            case WC_NID_secp128r1:
                 return ECC_SECP128R1_OID;
-            case NID_secp128r2:
+            case WC_NID_secp128r2:
                 return ECC_SECP128R2_OID;
-            case NID_secp160r1:
+            case WC_NID_secp160r1:
                 return ECC_SECP160R1_OID;
-            case NID_secp160r2:
+            case WC_NID_secp160r2:
                 return ECC_SECP160R2_OID;
-            case NID_secp224r1:
+            case WC_NID_secp224r1:
                 return ECC_SECP224R1_OID;
-            case NID_secp384r1:
+            case WC_NID_secp384r1:
                 return ECC_SECP384R1_OID;
-            case NID_secp521r1:
+            case WC_NID_secp521r1:
                 return ECC_SECP521R1_OID;
-            case NID_secp160k1:
+            case WC_NID_secp160k1:
                 return ECC_SECP160K1_OID;
-            case NID_secp192k1:
+            case WC_NID_secp192k1:
                 return ECC_SECP192K1_OID;
-            case NID_secp224k1:
+            case WC_NID_secp224k1:
                 return ECC_SECP224K1_OID;
-            case NID_secp256k1:
+            case WC_NID_secp256k1:
                 return ECC_SECP256K1_OID;
-            case NID_brainpoolP160r1:
+            case WC_NID_brainpoolP160r1:
                 return ECC_BRAINPOOLP160R1_OID;
-            case NID_brainpoolP192r1:
+            case WC_NID_brainpoolP192r1:
                 return ECC_BRAINPOOLP192R1_OID;
-            case NID_brainpoolP224r1:
+            case WC_NID_brainpoolP224r1:
                 return ECC_BRAINPOOLP224R1_OID;
-            case NID_brainpoolP256r1:
+            case WC_NID_brainpoolP256r1:
                 return ECC_BRAINPOOLP256R1_OID;
-            case NID_brainpoolP320r1:
+            case WC_NID_brainpoolP320r1:
                 return ECC_BRAINPOOLP320R1_OID;
-            case NID_brainpoolP384r1:
+            case WC_NID_brainpoolP384r1:
                 return ECC_BRAINPOOLP384R1_OID;
-            case NID_brainpoolP512r1:
+            case WC_NID_brainpoolP512r1:
                 return ECC_BRAINPOOLP512R1_OID;
             }
             break;
@@ -30974,9 +23671,9 @@ word32 nid2oid(int nid, int grp)
                     return AES256CBCb;
             #endif
             #ifndef NO_DES3
-                case NID_des:
+                case WC_NID_des:
                     return DESb;
-                case NID_des3:
+                case WC_NID_des3:
                     return DES3b;
             #endif
             }
@@ -30985,7 +23682,7 @@ word32 nid2oid(int nid, int grp)
     #ifdef HAVE_OCSP
         case oidOcspType:
             switch (nid) {
-                case NID_id_pkix_OCSP_basic:
+                case WC_NID_id_pkix_OCSP_basic:
                     return OCSP_BASIC_OID;
                 case OCSP_NONCE_OID:
                     return OCSP_NONCE_OID;
@@ -30996,27 +23693,27 @@ word32 nid2oid(int nid, int grp)
         /* oidCertExtType */
         case oidCertExtType:
             switch (nid) {
-                case NID_basic_constraints:
+                case WC_NID_basic_constraints:
                     return BASIC_CA_OID;
-                case NID_subject_alt_name:
+                case WC_NID_subject_alt_name:
                     return ALT_NAMES_OID;
-                case NID_crl_distribution_points:
+                case WC_NID_crl_distribution_points:
                     return CRL_DIST_OID;
-                case NID_info_access:
+                case WC_NID_info_access:
                     return AUTH_INFO_OID;
-                case NID_authority_key_identifier:
+                case WC_NID_authority_key_identifier:
                     return AUTH_KEY_OID;
-                case NID_subject_key_identifier:
+                case WC_NID_subject_key_identifier:
                     return SUBJ_KEY_OID;
-                case NID_inhibit_any_policy:
+                case WC_NID_inhibit_any_policy:
                     return INHIBIT_ANY_OID;
-                case NID_key_usage:
+                case WC_NID_key_usage:
                     return KEY_USAGE_OID;
-                case NID_name_constraints:
+                case WC_NID_name_constraints:
                     return NAME_CONS_OID;
-                case NID_certificate_policies:
+                case WC_NID_certificate_policies:
                     return CERT_POLICY_OID;
-                case NID_ext_key_usage:
+                case WC_NID_ext_key_usage:
                     return EXT_KEY_USAGE_OID;
             }
             break;
@@ -31024,9 +23721,9 @@ word32 nid2oid(int nid, int grp)
         /* oidCertAuthInfoType */
         case oidCertAuthInfoType:
             switch (nid) {
-                case NID_ad_OCSP:
+                case WC_NID_ad_OCSP:
                     return AIA_OCSP_OID;
-                case NID_ad_ca_issuers:
+                case WC_NID_ad_ca_issuers:
                     return AIA_CA_ISSUER_OID;
             }
             break;
@@ -31034,7 +23731,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertPolicyType */
         case oidCertPolicyType:
             switch (nid) {
-                case NID_any_policy:
+                case WC_NID_any_policy:
                     return CP_ANY_OID;
             }
             break;
@@ -31042,7 +23739,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertAltNameType */
         case oidCertAltNameType:
             switch (nid) {
-                case NID_hw_name_oid:
+                case WC_NID_hw_name_oid:
                     return HW_NAME_OID;
             }
             break;
@@ -31050,7 +23747,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertKeyUseType */
         case oidCertKeyUseType:
             switch (nid) {
-                case NID_anyExtendedKeyUsage:
+                case WC_NID_anyExtendedKeyUsage:
                     return EKU_ANY_OID;
                 case EKU_SERVER_AUTH_OID:
                     return EKU_SERVER_AUTH_OID;
@@ -31129,15 +23826,15 @@ word32 nid2oid(int nid, int grp)
     #ifdef WOLFSSL_CERT_REQ
         case oidCsrAttrType:
             switch (nid) {
-                case NID_pkcs9_contentType:
+                case WC_NID_pkcs9_contentType:
                     return PKCS9_CONTENT_TYPE_OID;
-                case NID_pkcs9_challengePassword:
+                case WC_NID_pkcs9_challengePassword:
                     return CHALLENGE_PASSWORD_OID;
-                case NID_serialNumber:
+                case WC_NID_serialNumber:
                     return SERIAL_NUMBER_OID;
-                case NID_userId:
+                case WC_NID_userId:
                     return USER_ID_OID;
-                case NID_surname:
+                case WC_NID_surname:
                     return SURNAME_OID;
             }
             break;
@@ -31163,29 +23860,29 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifdef WOLFSSL_MD2
                 case MD2h:
-                    return NID_md2;
+                    return WC_NID_md2;
             #endif
             #ifndef NO_MD5
                 case MD5h:
-                    return NID_md5;
+                    return WC_NID_md5;
             #endif
             #ifndef NO_SHA
                 case SHAh:
-                    return NID_sha1;
+                    return WC_NID_sha1;
             #endif
                 case SHA224h:
-                    return NID_sha224;
+                    return WC_NID_sha224;
             #ifndef NO_SHA256
                 case SHA256h:
-                    return NID_sha256;
+                    return WC_NID_sha256;
             #endif
             #ifdef WOLFSSL_SHA384
                 case SHA384h:
-                    return NID_sha384;
+                    return WC_NID_sha384;
             #endif
             #ifdef WOLFSSL_SHA512
                 case SHA512h:
-                    return NID_sha512;
+                    return WC_NID_sha512;
             #endif
             }
             break;
@@ -31195,60 +23892,60 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifndef NO_DSA
                 case CTC_SHAwDSA:
-                    return NID_dsaWithSHA1;
+                    return WC_NID_dsaWithSHA1;
                 case CTC_SHA256wDSA:
-                    return NID_dsa_with_SHA256;
+                    return WC_NID_dsa_with_SHA256;
             #endif /* NO_DSA */
             #ifndef NO_RSA
                 case CTC_MD2wRSA:
-                    return NID_md2WithRSAEncryption;
+                    return WC_NID_md2WithRSAEncryption;
                 case CTC_MD5wRSA:
-                    return NID_md5WithRSAEncryption;
+                    return WC_NID_md5WithRSAEncryption;
                 case CTC_SHAwRSA:
-                    return NID_sha1WithRSAEncryption;
+                    return WC_NID_sha1WithRSAEncryption;
                 case CTC_SHA224wRSA:
-                    return NID_sha224WithRSAEncryption;
+                    return WC_NID_sha224WithRSAEncryption;
                 case CTC_SHA256wRSA:
-                    return NID_sha256WithRSAEncryption;
+                    return WC_NID_sha256WithRSAEncryption;
                 case CTC_SHA384wRSA:
-                    return NID_sha384WithRSAEncryption;
+                    return WC_NID_sha384WithRSAEncryption;
                 case CTC_SHA512wRSA:
-                    return NID_sha512WithRSAEncryption;
+                    return WC_NID_sha512WithRSAEncryption;
                 #ifdef WOLFSSL_SHA3
                 case CTC_SHA3_224wRSA:
-                    return NID_RSA_SHA3_224;
+                    return WC_NID_RSA_SHA3_224;
                 case CTC_SHA3_256wRSA:
-                    return NID_RSA_SHA3_256;
+                    return WC_NID_RSA_SHA3_256;
                 case CTC_SHA3_384wRSA:
-                    return NID_RSA_SHA3_384;
+                    return WC_NID_RSA_SHA3_384;
                 case CTC_SHA3_512wRSA:
-                    return NID_RSA_SHA3_512;
+                    return WC_NID_RSA_SHA3_512;
                 #endif
                 #ifdef WC_RSA_PSS
                 case CTC_RSASSAPSS:
-                    return NID_rsassaPss;
+                    return WC_NID_rsassaPss;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
                 case CTC_SHAwECDSA:
-                    return NID_ecdsa_with_SHA1;
+                    return WC_NID_ecdsa_with_SHA1;
                 case CTC_SHA224wECDSA:
-                    return NID_ecdsa_with_SHA224;
+                    return WC_NID_ecdsa_with_SHA224;
                 case CTC_SHA256wECDSA:
-                    return NID_ecdsa_with_SHA256;
+                    return WC_NID_ecdsa_with_SHA256;
                 case CTC_SHA384wECDSA:
-                    return NID_ecdsa_with_SHA384;
+                    return WC_NID_ecdsa_with_SHA384;
                 case CTC_SHA512wECDSA:
-                    return NID_ecdsa_with_SHA512;
+                    return WC_NID_ecdsa_with_SHA512;
                 #ifdef WOLFSSL_SHA3
                 case CTC_SHA3_224wECDSA:
-                    return NID_ecdsa_with_SHA3_224;
+                    return WC_NID_ecdsa_with_SHA3_224;
                 case CTC_SHA3_256wECDSA:
-                    return NID_ecdsa_with_SHA3_256;
+                    return WC_NID_ecdsa_with_SHA3_256;
                 case CTC_SHA3_384wECDSA:
-                    return NID_ecdsa_with_SHA3_384;
+                    return WC_NID_ecdsa_with_SHA3_384;
                 case CTC_SHA3_512wECDSA:
-                    return NID_ecdsa_with_SHA3_512;
+                    return WC_NID_ecdsa_with_SHA3_512;
                 #endif
             #endif /* HAVE_ECC */
             }
@@ -31259,19 +23956,19 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifndef NO_DSA
                 case DSAk:
-                    return NID_dsa;
+                    return WC_NID_dsa;
             #endif /* NO_DSA */
             #ifndef NO_RSA
                 case RSAk:
-                    return NID_rsaEncryption;
+                    return WC_NID_rsaEncryption;
                 #ifdef WC_RSA_PSS
                 case RSAPSSk:
-                    return NID_rsassaPss;
+                    return WC_NID_rsassaPss;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
                 case ECDSAk:
-                    return NID_X9_62_id_ecPublicKey;
+                    return WC_NID_X9_62_id_ecPublicKey;
             #endif /* HAVE_ECC */
             }
             break;
@@ -31281,59 +23978,59 @@ int oid2nid(word32 oid, int grp)
         case oidCurveType:
             switch (oid) {
             case ECC_SECP192R1_OID:
-                return NID_X9_62_prime192v1;
+                return WC_NID_X9_62_prime192v1;
             case ECC_PRIME192V2_OID:
-                return NID_X9_62_prime192v2;
+                return WC_NID_X9_62_prime192v2;
             case ECC_PRIME192V3_OID:
-                return NID_X9_62_prime192v3;
+                return WC_NID_X9_62_prime192v3;
             case ECC_PRIME239V1_OID:
-                return NID_X9_62_prime239v1;
+                return WC_NID_X9_62_prime239v1;
             case ECC_PRIME239V2_OID:
-                return NID_X9_62_prime239v2;
+                return WC_NID_X9_62_prime239v2;
             case ECC_PRIME239V3_OID:
-                return NID_X9_62_prime239v3;
+                return WC_NID_X9_62_prime239v3;
             case ECC_SECP256R1_OID:
-                return NID_X9_62_prime256v1;
+                return WC_NID_X9_62_prime256v1;
             case ECC_SECP112R1_OID:
-                return NID_secp112r1;
+                return WC_NID_secp112r1;
             case ECC_SECP112R2_OID:
-                return NID_secp112r2;
+                return WC_NID_secp112r2;
             case ECC_SECP128R1_OID:
-                return NID_secp128r1;
+                return WC_NID_secp128r1;
             case ECC_SECP128R2_OID:
-                return NID_secp128r2;
+                return WC_NID_secp128r2;
             case ECC_SECP160R1_OID:
-                return NID_secp160r1;
+                return WC_NID_secp160r1;
             case ECC_SECP160R2_OID:
-                return NID_secp160r2;
+                return WC_NID_secp160r2;
             case ECC_SECP224R1_OID:
-                return NID_secp224r1;
+                return WC_NID_secp224r1;
             case ECC_SECP384R1_OID:
-                return NID_secp384r1;
+                return WC_NID_secp384r1;
             case ECC_SECP521R1_OID:
-                return NID_secp521r1;
+                return WC_NID_secp521r1;
             case ECC_SECP160K1_OID:
-                return NID_secp160k1;
+                return WC_NID_secp160k1;
             case ECC_SECP192K1_OID:
-                return NID_secp192k1;
+                return WC_NID_secp192k1;
             case ECC_SECP224K1_OID:
-                return NID_secp224k1;
+                return WC_NID_secp224k1;
             case ECC_SECP256K1_OID:
-                return NID_secp256k1;
+                return WC_NID_secp256k1;
             case ECC_BRAINPOOLP160R1_OID:
-                return NID_brainpoolP160r1;
+                return WC_NID_brainpoolP160r1;
             case ECC_BRAINPOOLP192R1_OID:
-                return NID_brainpoolP192r1;
+                return WC_NID_brainpoolP192r1;
             case ECC_BRAINPOOLP224R1_OID:
-                return NID_brainpoolP224r1;
+                return WC_NID_brainpoolP224r1;
             case ECC_BRAINPOOLP256R1_OID:
-                return NID_brainpoolP256r1;
+                return WC_NID_brainpoolP256r1;
             case ECC_BRAINPOOLP320R1_OID:
-                return NID_brainpoolP320r1;
+                return WC_NID_brainpoolP320r1;
             case ECC_BRAINPOOLP384R1_OID:
-                return NID_brainpoolP384r1;
+                return WC_NID_brainpoolP384r1;
             case ECC_BRAINPOOLP512R1_OID:
-                return NID_brainpoolP512r1;
+                return WC_NID_brainpoolP512r1;
             }
             break;
     #endif /* HAVE_ECC */
@@ -31355,9 +24052,9 @@ int oid2nid(word32 oid, int grp)
             #endif
             #ifndef NO_DES3
                 case DESb:
-                    return NID_des;
+                    return WC_NID_des;
                 case DES3b:
-                    return NID_des3;
+                    return WC_NID_des3;
             #endif
             }
             break;
@@ -31366,7 +24063,7 @@ int oid2nid(word32 oid, int grp)
         case oidOcspType:
             switch (oid) {
                 case OCSP_BASIC_OID:
-                    return NID_id_pkix_OCSP_basic;
+                    return WC_NID_id_pkix_OCSP_basic;
                 case OCSP_NONCE_OID:
                     return OCSP_NONCE_OID;
             }
@@ -31377,27 +24074,27 @@ int oid2nid(word32 oid, int grp)
         case oidCertExtType:
             switch (oid) {
                 case BASIC_CA_OID:
-                    return NID_basic_constraints;
+                    return WC_NID_basic_constraints;
                 case ALT_NAMES_OID:
-                    return NID_subject_alt_name;
+                    return WC_NID_subject_alt_name;
                 case CRL_DIST_OID:
-                    return NID_crl_distribution_points;
+                    return WC_NID_crl_distribution_points;
                 case AUTH_INFO_OID:
-                    return NID_info_access;
+                    return WC_NID_info_access;
                 case AUTH_KEY_OID:
-                    return NID_authority_key_identifier;
+                    return WC_NID_authority_key_identifier;
                 case SUBJ_KEY_OID:
-                    return NID_subject_key_identifier;
+                    return WC_NID_subject_key_identifier;
                 case INHIBIT_ANY_OID:
-                    return NID_inhibit_any_policy;
+                    return WC_NID_inhibit_any_policy;
                 case KEY_USAGE_OID:
-                    return NID_key_usage;
+                    return WC_NID_key_usage;
                 case NAME_CONS_OID:
-                    return NID_name_constraints;
+                    return WC_NID_name_constraints;
                 case CERT_POLICY_OID:
-                    return NID_certificate_policies;
+                    return WC_NID_certificate_policies;
                 case EXT_KEY_USAGE_OID:
-                    return NID_ext_key_usage;
+                    return WC_NID_ext_key_usage;
             }
             break;
 
@@ -31405,9 +24102,9 @@ int oid2nid(word32 oid, int grp)
         case oidCertAuthInfoType:
             switch (oid) {
                 case AIA_OCSP_OID:
-                    return NID_ad_OCSP;
+                    return WC_NID_ad_OCSP;
                 case AIA_CA_ISSUER_OID:
-                    return NID_ad_ca_issuers;
+                    return WC_NID_ad_ca_issuers;
             }
             break;
 
@@ -31415,7 +24112,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertPolicyType:
             switch (oid) {
                 case CP_ANY_OID:
-                    return NID_any_policy;
+                    return WC_NID_any_policy;
             }
             break;
 
@@ -31423,7 +24120,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertAltNameType:
             switch (oid) {
                 case HW_NAME_OID:
-                    return NID_hw_name_oid;
+                    return WC_NID_hw_name_oid;
             }
             break;
 
@@ -31431,7 +24128,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertKeyUseType:
             switch (oid) {
                 case EKU_ANY_OID:
-                    return NID_anyExtendedKeyUsage;
+                    return WC_NID_anyExtendedKeyUsage;
                 case EKU_SERVER_AUTH_OID:
                     return EKU_SERVER_AUTH_OID;
                 case EKU_CLIENT_AUTH_OID:
@@ -31509,13 +24206,13 @@ int oid2nid(word32 oid, int grp)
         case oidCsrAttrType:
             switch (oid) {
                 case PKCS9_CONTENT_TYPE_OID:
-                    return NID_pkcs9_contentType;
+                    return WC_NID_pkcs9_contentType;
                 case CHALLENGE_PASSWORD_OID:
-                    return NID_pkcs9_challengePassword;
+                    return WC_NID_pkcs9_challengePassword;
                 case SERIAL_NUMBER_OID:
-                    return NID_serialNumber;
+                    return WC_NID_serialNumber;
                 case USER_ID_OID:
-                    return NID_userId;
+                    return WC_NID_userId;
             }
             break;
 #endif
@@ -31530,7 +24227,7 @@ int oid2nid(word32 oid, int grp)
         }
     }
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* frees all nodes in the current threads error queue
@@ -31547,155 +24244,11 @@ void wolfSSL_ERR_remove_state(unsigned long id)
     }
 }
 
-#endif  /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA */
 
 #ifdef OPENSSL_ALL
 
 #if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
-int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
-                                          WOLFSSL_EVP_PKEY* pkey,
-                                          const WOLFSSL_EVP_CIPHER* enc,
-                                          char* passwd, int passwdSz,
-                                          wc_pem_password_cb* cb, void* ctx)
-{
-    int ret = 0;
-    char password[NAME_SZ];
-    byte* key = NULL;
-    word32 keySz;
-    byte* pem = NULL;
-    int pemSz = 0;
-    int type = PKCS8_PRIVATEKEY_TYPE;
-    const byte* curveOid;
-    word32 oidSz;
-
-    if (bio == NULL || pkey == NULL)
-        return -1;
-
-    keySz = pkey->pkey_sz + 128;
-    key = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (key == NULL)
-        ret = MEMORY_E;
-
-    if (ret == 0 && enc != NULL && passwd == NULL) {
-        passwdSz = cb(password, sizeof(password), 1, ctx);
-        if (passwdSz < 0)
-            ret = WOLFSSL_FAILURE;
-        passwd = password;
-    }
-
-    if (ret == 0 && enc != NULL) {
-        WC_RNG rng;
-        ret = wc_InitRng(&rng);
-        if (ret == 0) {
-            int encAlgId = 0;
-        #ifndef NO_DES3
-            if (enc == EVP_DES_CBC)
-                encAlgId = DESb;
-            else if (enc == EVP_DES_EDE3_CBC)
-                encAlgId = DES3b;
-            else
-        #endif
-        #if !defined(NO_AES) && defined(HAVE_AES_CBC)
-            #ifdef WOLFSSL_AES_256
-            if (enc == EVP_AES_256_CBC)
-                encAlgId = AES256CBCb;
-            else
-            #endif
-        #endif
-                ret = -1;
-            if (ret == 0) {
-                ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, key,
-                                       &keySz, passwd, passwdSz, PKCS5, PBES2,
-                                       encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT,
-                                       &rng, NULL);
-                if (ret > 0) {
-                    keySz = ret;
-                    ret = 0;
-                }
-            }
-            wc_FreeRng(&rng);
-        }
-        type = PKCS8_ENC_PRIVATEKEY_TYPE;
-    }
-    if (ret == 0 && enc == NULL) {
-        int algId;
-        type = PKCS8_PRIVATEKEY_TYPE;
-    #ifdef HAVE_ECC
-        if (pkey->type == EVP_PKEY_EC) {
-            algId = ECDSAk;
-            ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid,
-                                                                        &oidSz);
-        }
-        else
-    #endif
-        {
-            algId = RSAk;
-            curveOid = NULL;
-            oidSz = 0;
-        }
-
-    #ifdef HAVE_ECC
-        if (ret >= 0)
-    #endif
-        {
-            ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr,
-                                         pkey->pkey_sz, algId, curveOid, oidSz);
-            keySz = ret;
-        }
-    }
-
-    if (password == passwd)
-        XMEMSET(password, 0, passwdSz);
-
-    if (ret >= 0) {
-        pemSz = 2 * keySz + 2 * 64;
-        pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (pem == NULL)
-            ret = MEMORY_E;
-    }
-
-    if (ret >= 0)
-        ret = wc_DerToPemEx(key, keySz, pem, pemSz, NULL, type);
-
-    if (key != NULL)
-        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (ret >= 0) {
-        if (wolfSSL_BIO_write(bio, pem, ret) != ret)
-            ret = -1;
-    }
-
-    if (pem != NULL)
-        XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    return ret < 0 ? 0 : ret;
-
-}
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-int wolfSSL_PEM_write_PKCS8PrivateKey(XFILE f, WOLFSSL_EVP_PKEY* pkey,
-    const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz,
-    wc_pem_password_cb* cb, void* ctx)
-{
-    int ret = WOLFSSL_SUCCESS;
-    BIO *b;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_write_PKCS8PrivateKey");
-
-    b = wolfSSL_BIO_new_fp(f, BIO_NOCLOSE);
-    if (b == NULL) {
-        ret = WOLFSSL_FAILURE;
-    }
-    if (ret == WOLFSSL_SUCCESS) {
-        ret = wolfSSL_PEM_write_bio_PKCS8PrivateKey(b, pkey, enc, passwd,
-                passwdSz, cb, ctx);
-    }
-
-    wolfSSL_BIO_free(b);
-
-    return ret;
-}
-#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
 static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
 {
@@ -31704,7 +24257,7 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
 
     ret = wolfSSL_BIO_get_len(bio);
     if (ret > 0) {
-        mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
+        mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
         if (mem == NULL) {
             WOLFSSL_MSG("Memory error");
             ret = MEMORY_E;
@@ -31751,13 +24304,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
             passwordSz);
     #endif
 
-        ret = ToTraditionalEnc(der, len, password, passwordSz, &algId);
+        ret = ToTraditionalEnc(der, (word32)len, password, passwordSz, &algId);
         if (ret < 0) {
             XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
             return NULL;
         }
 
-        ForceZero(password, passwordSz);
+        ForceZero(password, (word32)passwordSz);
     #ifdef WOLFSSL_CHECK_MEM_ZERO
         wc_MemZero_Check(password, passwordSz);
     #endif
@@ -31788,7 +24341,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
     /* Take off PKCS#8 wrapper if found. */
     if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) {
         der += idx;
-        keyLen = len;
+        keyLen = (word32)len;
     }
     idx = 0;
     len = 0;
@@ -31797,7 +24350,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
      */
     ret = GetSequence(der, &idx, &len, keyLen);
     if (ret >= 0) {
-        word32 end = idx + len;
+        word32 end = idx + (word32)len;
         while (ret >= 0 && idx < end) {
             /* Skip type */
             idx++;
@@ -31805,10 +24358,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
             len = 0;
             ret = GetLength(der, &idx, &len, keyLen);
             if (ret >= 0) {
-                if (idx + len > end)
+                if (idx + (word32)len > end)
                     ret = ASN_PARSE_E;
                 else {
-                    idx += len;
+                    idx += (word32)len;
                     cnt++;
                 }
             }
@@ -31819,9 +24372,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
         int type;
         /* ECC includes version, private[, curve][, public key] */
         if (cnt >= 2 && cnt <= 4)
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
         else
-            type = EVP_PKEY_RSA;
+            type = WC_EVP_PKEY_RSA;
 
         key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen);
         *pp = der;
@@ -31876,7 +24429,8 @@ int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr)
             if (der != NULL) {
                 ecc_key* key = (ecc_key*)keyPtr;
                 WOLFSSL_MSG("Using static ECDH key");
-                ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, der->length);
+                ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key,
+                    der->length);
             }
             break;
     #endif
@@ -32010,8 +24564,8 @@ static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx,
                 curve25519_key x25519Key;
                 ret = wc_curve25519_init_ex(&x25519Key, heap, INVALID_DEVID);
                 if (ret == 0) {
-                    ret = wc_Curve25519PrivateKeyDecode(keyBuf, &idx, &x25519Key,
-                        keySz);
+                    ret = wc_Curve25519PrivateKeyDecode(keyBuf, &idx,
+                        &x25519Key, keySz);
                     if (ret == 0)
                         keyAlgo = WC_PK_TYPE_CURVE25519;
                     wc_curve25519_free(&x25519Key);
@@ -32244,6 +24798,17 @@ unsigned long wolfSSL_THREADID_hash(const WOLFSSL_CRYPTO_THREADID* id)
     (void)id;
     return 0UL;
 }
+/* wolfSSL_set_ecdh_auto is provided as compatible API with
+ * SSL_set_ecdh_auto to enable auto ecdh curve selection functionality.
+ * Since this functionality is enabled by default in wolfSSL,
+ * this API exists as a stub.
+ */
+int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff)
+{
+    (void)ssl;
+    (void)onoff;
+    return WOLFSSL_SUCCESS;
+}
 /* wolfSSL_CTX_set_ecdh_auto is provided as compatible API with
  * SSL_CTX_set_ecdh_auto to enable auto ecdh curve selection functionality.
  * Since this functionality is enabled by default in wolfSSL,
@@ -32256,9 +24821,25 @@ int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff)
     return WOLFSSL_SUCCESS;
 }
 
+/* wolfSSL_CTX_set_dh_auto is provided as compatible API with
+ * SSL_CTX_set_dh_auto to enable auto dh selection functionality.
+ * Since this functionality is enabled by default in wolfSSL,
+ * this API exists as a stub.
+ */
+int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff)
+{
+    (void)ctx;
+    (void)onoff;
+    return WOLFSSL_SUCCESS;
+}
+
 /**
- * set security level (wolfSSL doesn't support security level)
- * @param ctx  a pointer to WOLFSSL_EVP_PKEY_CTX structure
+ * Set security level (wolfSSL doesn't support setting the security level).
+ *
+ * The security level can only be set through a system wide crypto-policy
+ * with wolfSSL_crypto_policy_enable().
+ *
+ * @param ctx  a pointer to WOLFSSL_CTX structure
  * @param level security level
  */
 void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level)
@@ -32267,39 +24848,20 @@ void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level)
     (void)ctx;
     (void)level;
 }
-/**
- * get security level (wolfSSL doesn't support security level)
- * @param ctx  a pointer to WOLFSSL_EVP_PKEY_CTX structure
- * @return always 0(level 0)
- */
-int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx)
+
+int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX * ctx)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_get_security_level");
+    #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (ctx == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    return ctx->secLevel;
+    #else
     (void)ctx;
     return 0;
-}
-
-
-/**
- * Determine whether a WOLFSSL_SESSION object can be used for resumption
- * @param s  a pointer to WOLFSSL_SESSION structure
- * @return return 1 if session is resumable, otherwise 0.
- */
-int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s)
-{
-    s = ClientSessionToSession(s);
-    if (s == NULL)
-        return 0;
-
-#ifdef HAVE_SESSION_TICKET
-    if (s->ticketLen > 0)
-        return 1;
-#endif
-
-    if (s->sessionIDSz > 0)
-        return 1;
-
-    return 0;
+    #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 }
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
@@ -32308,10 +24870,11 @@ int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s)
  * a KEY LOGFILE. The callback is stored into a CTX and propagated to
  * each SSL object on its creation timing.
  */
-void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx, wolfSSL_CTX_keylog_cb_func cb)
+void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx,
+    wolfSSL_CTX_keylog_cb_func cb)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_keylog_callback");
-  /* stores the callback into WOLFSSL_CTX */
+    /* stores the callback into WOLFSSL_CTX */
     if (ctx != NULL) {
         ctx->keyLogCb = cb;
     }
@@ -32322,13 +24885,91 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback(
     WOLFSSL_ENTER("wolfSSL_CTX_get_keylog_callback");
     if (ctx != NULL)
         return ctx->keyLogCb;
-    else
-        return NULL;
+    return NULL;
 }
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
 
 #endif /* OPENSSL_EXTRA */
 
+#ifdef WOLFSSL_THREADED_CRYPT
+int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx)
+{
+    ThreadCrypt* encrypt;
+
+    if (ssl == NULL) {
+        return 0;
+    }
+
+    encrypt = &ssl->buffers.encrypt[idx];
+    return (encrypt->avail == 0) && (encrypt->done == 0);
+}
+
+int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx)
+{
+    ThreadCrypt* encrypt;
+
+    if (ssl == NULL) {
+        return 1;
+    }
+
+    encrypt = &ssl->buffers.encrypt[idx];
+    return encrypt->stop;
+}
+
+int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx)
+{
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx];
+
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
+        unsigned char* out = encrypt->buffer.buffer + encrypt->offset;
+        unsigned char* input = encrypt->buffer.buffer + encrypt->offset;
+        word32 encSz = encrypt->buffer.length - encrypt->offset;
+
+        ret =
+#if !defined(NO_GCM_ENCRYPT_EXTRA) && \
+    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+              wc_AesGcmEncrypt_ex
+#else
+              wc_AesGcmEncrypt
+#endif
+              (encrypt->encrypt.aes,
+               out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
+               encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
+               encrypt->nonce, AESGCM_NONCE_SZ,
+               out + encSz - ssl->specs.aead_mac_size,
+               ssl->specs.aead_mac_size,
+               encrypt->additional, AEAD_AUTH_DATA_SZ);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+        XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
+#endif
+        encrypt->done = 1;
+    }
+
+    return ret;
+}
+
+int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx,
+    WOLFSSL_THREAD_SIGNAL signal, void* ctx)
+{
+    int ret = 0;
+
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ssl->buffers.encrypt[idx].signal = signal;
+        ssl->buffers.encrypt[idx].signalCtx = ctx;
+    }
+
+    return ret;
+}
+#endif
+
+
 #ifndef NO_CERT
 #define WOLFSSL_X509_INCLUDED
 #include "src/x509.c"
@@ -32337,9 +24978,10 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback(
 /*******************************************************************************
  * START OF standard C library wrapping APIs
  ******************************************************************************/
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                             defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
+#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
+    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
+     defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
+     defined(WOLFSSL_OPENSSH)))
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
                                 void *(*r) (void *, size_t, const char *,
@@ -32393,20 +25035,17 @@ void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line)
 /*******************************************************************************
  * START OF EX_DATA APIs
  ******************************************************************************/
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                             defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
-void wolfSSL_CRYPTO_cleanup_all_ex_data(void){
-    WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data");
-}
-#endif
-
 #ifdef HAVE_EX_DATA
+void wolfSSL_CRYPTO_cleanup_all_ex_data(void)
+{
+    WOLFSSL_ENTER("wolfSSL_CRYPTO_cleanup_all_ex_data");
+}
+
 void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
 {
-    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+    WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data");
 #ifdef MAX_EX_DATA
-    if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
+    if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
         return ex_data->ex_data[idx];
     }
 #else
@@ -32416,13 +25055,16 @@ void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
     return NULL;
 }
 
-int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data)
+int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
+    void *data)
 {
     WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
 #ifdef MAX_EX_DATA
     if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
         if (ex_data->ex_data_cleanup_routines[idx]) {
+            /* call cleanup then remove cleanup callback,
+             * since different value is being set */
             if (ex_data->ex_data[idx])
                 ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
             ex_data->ex_data_cleanup_routines[idx] = NULL;
@@ -32457,7 +25099,9 @@ int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
     return WOLFSSL_FAILURE;
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
+#endif /* HAVE_EX_DATA */
 
+#ifdef HAVE_EX_DATA_CRYPTO
 /**
  * Issues unique index for the class specified by class_index.
  * Other parameter except class_index are ignored.
@@ -32483,7 +25127,7 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
     return wolfssl_get_ex_new_index(class_index, argl, argp, new_func,
             dup_func, free_func);
 }
-#endif /* HAVE_EX_DATA */
+#endif /* HAVE_EX_DATA_CRYPTO */
 
 /*******************************************************************************
  * END OF EX_DATA APIs
@@ -32539,14 +25183,24 @@ int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
     /* expand size, to handle growth */
     mx = (len_int + 3) / 3 * 4;
 
+#ifdef WOLFSSL_NO_REALLOC
+    tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (tmp != NULL && buf->data != NULL) {
+       XMEMCPY(tmp, buf->data, len_int);
+       XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
+       buf->data = NULL;
+    }
+#else
     /* use realloc */
     tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
     if (tmp == NULL) {
         return 0; /* ERR_R_MALLOC_FAILURE; */
     }
     buf->data = tmp;
 
-    buf->max = mx;
+    buf->max = (size_t)mx;
     if (zeroFill)
         XMEMSET(&buf->data[buf->length], 0, len - buf->length);
     buf->length = len;
@@ -32582,13 +25236,24 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)
     mx = ((int)len + 3) / 3 * 4;
 
     /* We want to shrink the internal buffer */
+#ifdef WOLFSSL_NO_REALLOC
+    tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (tmp != NULL && buf->data != NULL)
+    {
+        XMEMCPY(tmp, buf->data, len);
+        XFREE(buf->data,NULL,DYNAMIC_TYPE_OPENSSL);
+        buf->data = NULL;
+    }
+#else
     tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
     if (tmp == NULL)
         return 0;
 
     buf->data = tmp;
     buf->length = len;
-    buf->max = mx;
+    buf->max = (size_t)mx;
 
     return (int)len;
 }
@@ -32596,10 +25261,8 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)
 void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf)
 {
     if (buf) {
-        if (buf->data) {
-            XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
-            buf->data = NULL;
-        }
+        XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
+        buf->data = NULL;
         buf->max = 0;
         buf->length = 0;
         XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -32623,6 +25286,7 @@ void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf)
 #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
 static int wolfSSL_RAND_InitMutex(void)
 {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (gRandMethodsInit == 0) {
         if (wc_InitMutex(&gRandMethodMutex) != 0) {
             WOLFSSL_MSG("Bad Init Mutex rand methods");
@@ -32630,6 +25294,7 @@ static int wolfSSL_RAND_InitMutex(void)
         }
         gRandMethodsInit = 1;
     }
+#endif
     return 0;
 }
 #endif
@@ -32642,7 +25307,7 @@ static int wolfSSL_RAND_InitMutex(void)
  */
 int wolfSSL_RAND_Init(void)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef HAVE_GLOBAL_RNG
     if (wc_LockMutex(&globalRNGMutex) == 0) {
         if (initGlobalRNG == 0) {
@@ -32698,7 +25363,7 @@ int wolfSSL_RAND_seed(const void* seed, int len)
  */
 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 {
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && defined(XGETENV) && !defined(NO_GETENV)
     char* rt;
 
     WOLFSSL_ENTER("wolfSSL_RAND_file_name");
@@ -32708,7 +25373,8 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
     }
 
     XMEMSET(fname, 0, len);
-    /* if access to stdlib.h */
+
+/* // NOLINTBEGIN(concurrency-mt-unsafe) */
     if ((rt = XGETENV("RANDFILE")) != NULL) {
         if (len > XSTRLEN(rt)) {
             XMEMCPY(fname, rt, XSTRLEN(rt));
@@ -32718,34 +25384,46 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
             rt = NULL;
         }
     }
+/* // NOLINTEND(concurrency-mt-unsafe) */
 
     /* $RANDFILE was not set or is too large, check $HOME */
     if (rt == NULL) {
-        char ap[] = "/.rnd";
+        const char ap[] = "/.rnd";
 
         WOLFSSL_MSG("Environment variable RANDFILE not set");
+
+/* // NOLINTBEGIN(concurrency-mt-unsafe) */
         if ((rt = XGETENV("HOME")) == NULL) {
+            #ifdef XALTHOMEVARNAME
+            if ((rt = XGETENV(XALTHOMEVARNAME)) == NULL) {
+                WOLFSSL_MSG("Environment variable HOME and " XALTHOMEVARNAME
+                            " not set");
+                return NULL;
+            }
+            #else
             WOLFSSL_MSG("Environment variable HOME not set");
             return NULL;
+            #endif
         }
+/* // NOLINTEND(concurrency-mt-unsafe) */
 
-        if (len > XSTRLEN(rt) +  XSTRLEN(ap)) {
+        if (len > XSTRLEN(rt) + XSTRLEN(ap)) {
             fname[0] = '\0';
             XSTRNCAT(fname, rt, len);
             XSTRNCAT(fname, ap, len - XSTRLEN(rt));
             return fname;
         }
         else {
-            WOLFSSL_MSG("HOME too large for buffer");
+            WOLFSSL_MSG("Path too large for buffer");
             return NULL;
         }
     }
 
     return fname;
 #else
-    /* no filesystem defined */
     WOLFSSL_ENTER("wolfSSL_RAND_file_name");
-    WOLFSSL_MSG("No filesystem feature enabled, not compiled in");
+    WOLFSSL_MSG("RAND_file_name requires filesystem and getenv support, "
+                "not compiled in");
     (void)fname;
     (void)len;
     return NULL;
@@ -32791,7 +25469,7 @@ int wolfSSL_RAND_write_file(const char* fname)
             return 0;
         }
 
-        if (wc_RNG_GenerateBlock(&globalRNG, buf, bytes) != 0) {
+        if (wc_RNG_GenerateBlock(&globalRNG, buf, (word32)bytes) != 0) {
             WOLFSSL_MSG("Error generating random buffer");
             bytes = 0;
         }
@@ -32808,12 +25486,12 @@ int wolfSSL_RAND_write_file(const char* fname)
                 bytes = 0;
             }
             else {
-                size_t bytes_written = XFWRITE(buf, 1, bytes, f);
+                size_t bytes_written = XFWRITE(buf, 1, (size_t)bytes, f);
                 bytes = (int)bytes_written;
                 XFCLOSE(f);
             }
         }
-        ForceZero(buf, bytes);
+        ForceZero(buf, (word32)bytes);
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #elif defined(WOLFSSL_CHECK_MEM_ZERO)
@@ -32828,8 +25506,9 @@ int wolfSSL_RAND_write_file(const char* fname)
 #ifndef FREERTOS_TCP
 
 /* These constant values are protocol values made by egd */
-#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
-    defined(HAVE_HASHDRBG) && !defined(NETOS) && defined(HAVE_SYS_UN_H)
+#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && \
+    !defined(HAVE_FIPS) && defined(HAVE_HASHDRBG) && !defined(NETOS) && \
+    defined(HAVE_SYS_UN_H)
     #define WOLFSSL_EGD_NBLOCK 0x01
     #include <sys/un.h>
 #endif
@@ -32976,7 +25655,7 @@ int wolfSSL_RAND_egd(const char* nm)
     close(fd);
 
     if (ret == WOLFSSL_SUCCESS) {
-        return bytes;
+        return (int)bytes;
     }
     else {
         return ret;
@@ -33001,8 +25680,10 @@ void wolfSSL_RAND_Cleanup(void)
         wc_UnLockMutex(&gRandMethodMutex);
     }
 
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     if (wc_FreeMutex(&gRandMethodMutex) == 0)
         gRandMethodsInit = 0;
+    #endif
 #endif
 #ifdef HAVE_GLOBAL_RNG
     if (wc_LockMutex(&globalRNGMutex) == 0) {
@@ -33015,7 +25696,8 @@ void wolfSSL_RAND_Cleanup(void)
 #endif
 }
 
-/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */
+/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise
+ * WOLFSSL_FAILURE */
 int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num)
 {
     int ret;
@@ -33065,7 +25747,8 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num)
     return ret;
 }
 
-/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */
+/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise
+ * WOLFSSL_FAILURE */
 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
 {
     int     ret = 0;
@@ -33103,11 +25786,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
             WOLFSSL_MSG("Bad Lock Mutex rng");
             return ret;
         }
-
-        rng = &globalRNG;
-        used_global = 1;
+        /* the above access to initGlobalRNG is racey -- recheck it now that we
+         * have the lock.
+         */
+        if (initGlobalRNG) {
+            rng = &globalRNG;
+            used_global = 1;
+        }
+        else {
+            wc_UnLockMutex(&globalRNGMutex);
+        }
     }
-    else
+
+    if (used_global == 0)
 #endif
     {
     #ifdef WOLFSSL_SMALL_STACK
@@ -33135,7 +25826,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
         }
 
         if (ret == 0 && num)
-            ret = wc_RNG_GenerateBlock(rng, buf, num);
+            ret = wc_RNG_GenerateBlock(rng, buf, (word32)num);
 
         if (ret != 0)
             WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
@@ -33150,8 +25841,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     if (initTmpRng)
         wc_FreeRng(tmpRNG);
 #ifdef WOLFSSL_SMALL_STACK
-    if (tmpRNG)
-        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
 #endif
 
     return ret;
@@ -33187,7 +25877,8 @@ int wolfSSL_RAND_poll(void)
     int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods)
     {
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
-        if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+        if (wolfSSL_RAND_InitMutex() == 0 &&
+                wc_LockMutex(&gRandMethodMutex) == 0) {
             gRandMethods = methods;
             wc_UnLockMutex(&gRandMethodMutex);
             return WOLFSSL_SUCCESS;
@@ -33203,7 +25894,8 @@ int wolfSSL_RAND_poll(void)
     {
         int ret = WOLFSSL_SUCCESS;
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
-        if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+        if (wolfSSL_RAND_InitMutex() == 0 &&
+                wc_LockMutex(&gRandMethodMutex) == 0) {
             if (gRandMethods && gRandMethods->status)
                 ret = gRandMethods->status();
             wc_UnLockMutex(&gRandMethodMutex);
@@ -33220,7 +25912,8 @@ int wolfSSL_RAND_poll(void)
     void wolfSSL_RAND_add(const void* add, int len, double entropy)
     {
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
-        if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+        if (wolfSSL_RAND_InitMutex() == 0 &&
+                wc_LockMutex(&gRandMethodMutex) == 0) {
             if (gRandMethods && gRandMethods->add) {
                 /* callback has return code, but RAND_add does not */
                 (void)gRandMethods->add(add, len, entropy);
@@ -33236,6 +25929,24 @@ int wolfSSL_RAND_poll(void)
     #endif
     }
 
+
+#ifndef NO_WOLFSSL_STUB
+void wolfSSL_RAND_screen(void)
+{
+    WOLFSSL_STUB("RAND_screen");
+}
+#endif
+
+int wolfSSL_RAND_load_file(const char* fname, long len)
+{
+    (void)fname;
+    /* wolfCrypt provides enough entropy internally or will report error */
+    if (len == -1)
+        return 1024;
+    else
+        return (int)len;
+}
+
 #endif /* OPENSSL_EXTRA */
 
 /*******************************************************************************
@@ -33261,150 +25972,150 @@ int wolfSSL_RAND_poll(void)
         switch (ctx->cipherType) {
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AESCCM
-            case AES_128_CCM_TYPE :
-            case AES_192_CCM_TYPE :
-            case AES_256_CCM_TYPE :
+            case WC_AES_128_CCM_TYPE :
+            case WC_AES_192_CCM_TYPE :
+            case WC_AES_256_CCM_TYPE :
                 WOLFSSL_MSG("AES CCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif /* HAVE_AESCCM */
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
-                XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
+                XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, WC_AES_BLOCK_SIZE);
                 break;
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-            case AES_128_CFB1_TYPE:
-            case AES_192_CFB1_TYPE:
-            case AES_256_CFB1_TYPE:
+            case WC_AES_128_CFB1_TYPE:
+            case WC_AES_192_CFB1_TYPE:
+            case WC_AES_256_CFB1_TYPE:
                 WOLFSSL_MSG("AES CFB1");
                 break;
-            case AES_128_CFB8_TYPE:
-            case AES_192_CFB8_TYPE:
-            case AES_256_CFB8_TYPE:
+            case WC_AES_128_CFB8_TYPE:
+            case WC_AES_192_CFB8_TYPE:
+            case WC_AES_256_CFB8_TYPE:
                 WOLFSSL_MSG("AES CFB8");
                 break;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-            case AES_128_CFB128_TYPE:
-            case AES_192_CFB128_TYPE:
-            case AES_256_CFB128_TYPE:
+            case WC_AES_128_CFB128_TYPE:
+            case WC_AES_192_CFB128_TYPE:
+            case WC_AES_256_CFB128_TYPE:
                 WOLFSSL_MSG("AES CFB128");
                 break;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-            case AES_128_OFB_TYPE:
-            case AES_192_OFB_TYPE:
-            case AES_256_OFB_TYPE:
+            case WC_AES_128_OFB_TYPE:
+            case WC_AES_192_OFB_TYPE:
+            case WC_AES_256_OFB_TYPE:
                 WOLFSSL_MSG("AES OFB");
                 break;
 #endif /* WOLFSSL_AES_OFB */
 #ifdef WOLFSSL_AES_XTS
-            case AES_128_XTS_TYPE:
-            case AES_256_XTS_TYPE:
+            case WC_AES_128_XTS_TYPE:
+            case WC_AES_256_XTS_TYPE:
                 WOLFSSL_MSG("AES XTS");
                 break;
 #endif /* WOLFSSL_AES_XTS */
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE);
                 break;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
                 break;
 
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES EDE3 CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 break;
 #endif
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
+            case WC_CHACHA20_POLY1305_TYPE:
                 break;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
+            case WC_CHACHA20_TYPE:
                 break;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
+            case WC_SM4_ECB_TYPE:
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
+            case WC_SM4_CBC_TYPE:
                 WOLFSSL_MSG("SM4 CBC");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
+            case WC_SM4_CTR_TYPE:
                 WOLFSSL_MSG("SM4 CTR");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
                 WOLFSSL_MSG("SM4 GCM");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 WOLFSSL_MSG("SM4 CCM");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL");
                 break;
 
@@ -33431,112 +26142,112 @@ int wolfSSL_RAND_poll(void)
 
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
-                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
+                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
-                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
+                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
-                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
+                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE);
                 break;
 #endif
 
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE);
                 break;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
                 break;
 
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES EDE3 CBC");
                 XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 break;
 #endif
 
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
+            case WC_CHACHA20_POLY1305_TYPE:
                 break;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
+            case WC_CHACHA20_TYPE:
                 break;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
+            case WC_SM4_ECB_TYPE:
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
+            case WC_SM4_CBC_TYPE:
                 WOLFSSL_MSG("SM4 CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
+            case WC_SM4_CTR_TYPE:
                 WOLFSSL_MSG("SM4 CTR");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
                 WOLFSSL_MSG("SM4 GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 WOLFSSL_MSG("SM4 CCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL");
                 break;
 
@@ -33588,7 +26299,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
     if (doset)
        (void)wc_AesSetIV(&ctx->cipher.aes, iv);  /* OpenSSL compat, no ret */
     else
-        XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
+        XMEMCPY(iv, &ctx->cipher.aes.reg, WC_AES_BLOCK_SIZE);
 }
 
 #endif /* NO_AES */
@@ -33604,2082 +26315,8 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
 #define WOLFSSL_X509_STORE_INCLUDED
 #include <src/x509_str.c>
 
-/*******************************************************************************
- * START OF PKCS7 APIs
- ******************************************************************************/
-#ifdef HAVE_PKCS7
-
-#ifdef OPENSSL_ALL
-PKCS7* wolfSSL_PKCS7_new(void)
-{
-    WOLFSSL_PKCS7* pkcs7;
-    int ret = 0;
-
-    pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(WOLFSSL_PKCS7), NULL,
-                                    DYNAMIC_TYPE_PKCS7);
-    if (pkcs7 != NULL) {
-        XMEMSET(pkcs7, 0, sizeof(WOLFSSL_PKCS7));
-        ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID);
-    }
-
-    if (ret != 0 && pkcs7 != NULL) {
-        XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7);
-        pkcs7 = NULL;
-    }
-
-    return (PKCS7*)pkcs7;
-}
-
-/******************************************************************************
-* wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data
-*
-* RETURNS:
-* returns pointer to the PKCS7 structure on success, otherwise returns NULL
-*/
-PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void)
-{
-    byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02};
-    PKCS7* pkcs7 = NULL;
-
-    if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL)
-        return NULL;
-    pkcs7->contentOID = SIGNED_DATA;
-    if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) {
-        if (pkcs7) {
-            wolfSSL_PKCS7_free(pkcs7);
-            return NULL;
-        }
-    }
-    return pkcs7;
-}
-
-void wolfSSL_PKCS7_free(PKCS7* pkcs7)
-{
-    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
-
-    if (p7 != NULL) {
-        if (p7->data != NULL)
-            XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_Free(&p7->pkcs7);
-        if (p7->certs)
-            wolfSSL_sk_pop_free(p7->certs, NULL);
-        XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7);
-    }
-}
-
-void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7)
-{
-    wolfSSL_PKCS7_free(p7);
-    return;
-}
-
-/**
- * Convert DER/ASN.1 encoded signedData structure to internal PKCS7
- * structure. Note, does not support detached content.
- *
- * p7 - pointer to set to address of newly created PKCS7 structure on return
- * in - pointer to pointer of DER/ASN.1 data
- * len - length of input data, bytes
- *
- * Returns newly allocated and populated PKCS7 structure or NULL on error.
- */
-PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
-{
-    return wolfSSL_d2i_PKCS7_ex(p7, in, len, NULL, 0);
-}
-
-/* This internal function is only decoding and setting up the PKCS7 struct. It
-* does not verify the PKCS7 signature.
-*
-* RETURNS:
-* returns pointer to a PKCS7 structure on success, otherwise returns NULL
-*/
-static PKCS7* wolfSSL_d2i_PKCS7_only(PKCS7** p7, const unsigned char** in,
-    int len, byte* content, word32 contentSz)
-{
-    WOLFSSL_PKCS7* pkcs7 = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex");
-
-    if (in == NULL || *in == NULL || len < 0)
-        return NULL;
-
-    if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
-        return NULL;
-
-    pkcs7->len = len;
-    pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
-    if (pkcs7->data == NULL) {
-        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
-        return NULL;
-    }
-    XMEMCPY(pkcs7->data, *in, pkcs7->len);
-
-    if (content != NULL) {
-        pkcs7->pkcs7.content = content;
-        pkcs7->pkcs7.contentSz = contentSz;
-    }
-
-    if (p7 != NULL)
-        *p7 = (PKCS7*)pkcs7;
-    *in += pkcs7->len;
-    return (PKCS7*)pkcs7;
-}
-
-
-/*****************************************************************************
-* wolfSSL_d2i_PKCS7_ex - Converts the given unsigned char buffer of size len
-* into a PKCS7 object.  Optionally, accepts a byte buffer of content which
-* is stored as the PKCS7 object's content, to support detached signatures.
-* @param content The content which is signed, in case the signature is
-*                detached.  Ignored if NULL.
-* @param contentSz The size of the passed in content.
-*
-* RETURNS:
-* returns pointer to a PKCS7 structure on success, otherwise returns NULL
-*/
-PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len,
-        byte* content, word32 contentSz)
-{
-    WOLFSSL_PKCS7* pkcs7 = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex");
-
-    if (in == NULL || *in == NULL || len < 0)
-        return NULL;
-
-    pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_d2i_PKCS7_only(p7, in, len, content,
-            contentSz);
-    if (pkcs7 != NULL) {
-        if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len)
-                                                                         != 0) {
-            WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed");
-            wolfSSL_PKCS7_free((PKCS7*)pkcs7);
-            if (p7 != NULL) {
-                *p7 = NULL;
-            }
-            return NULL;
-        }
-    }
-
-    return (PKCS7*)pkcs7;
-}
-
-
-/**
- * This API was added as a helper function for libest. It
- * extracts a stack of certificates from the pkcs7 object.
- * @param pkcs7 PKCS7 parameter object
- * @return WOLFSSL_STACK_OF(WOLFSSL_X509)*
- */
-WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
-{
-    int i;
-    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
-    WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_PKCS7_to_stack");
-
-    if (!p7) {
-        WOLFSSL_MSG("Bad parameter");
-        return NULL;
-    }
-
-    if (p7->certs)
-        return p7->certs;
-
-    for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
-        WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i],
-            p7->pkcs7.certSz[i]);
-        if (!ret)
-            ret = wolfSSL_sk_X509_new_null();
-        if (x509) {
-            if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) {
-                wolfSSL_X509_free(x509);
-                WOLFSSL_MSG("wolfSSL_sk_X509_push error");
-                goto error;
-            }
-        }
-        else {
-            WOLFSSL_MSG("wolfSSL_X509_d2i error");
-            goto error;
-        }
-    }
-
-    /* Save stack to free later */
-    if (p7->certs)
-        wolfSSL_sk_pop_free(p7->certs, NULL);
-    p7->certs = ret;
-
-    return ret;
-error:
-    if (ret) {
-        wolfSSL_sk_pop_free(ret, NULL);
-    }
-    return NULL;
-}
-
-/**
- * Return stack of signers contained in PKCS7 cert.
- * Notes:
- * - Currently only PKCS#7 messages with a single signer cert is supported.
- * - Returned WOLFSSL_STACK must be freed by caller.
- *
- * pkcs7 - PKCS7 struct to retrieve signer certs from.
- * certs - currently unused
- * flags - flags to control function behavior.
- *
- * Return WOLFSSL_STACK of signers on success, NULL on error.
- */
-WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
-                                          int flags)
-{
-    WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_STACK* signers = NULL;
-    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
-
-    if (p7 == NULL)
-        return NULL;
-
-    /* Only PKCS#7 messages with a single cert that is the verifying certificate
-     * is supported.
-     */
-    if (flags & PKCS7_NOINTERN) {
-        WOLFSSL_MSG("PKCS7_NOINTERN flag not supported");
-        return NULL;
-    }
-
-    signers = wolfSSL_sk_X509_new_null();
-    if (signers == NULL)
-        return NULL;
-
-    if (wolfSSL_d2i_X509(&x509, (const byte**)&p7->pkcs7.singleCert,
-                         p7->pkcs7.singleCertSz) == NULL) {
-        wolfSSL_sk_X509_pop_free(signers, NULL);
-        return NULL;
-    }
-
-    if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) {
-        wolfSSL_sk_X509_pop_free(signers, NULL);
-        return NULL;
-    }
-
-    (void)certs;
-
-    return signers;
-}
-
-#ifndef NO_BIO
-
-PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
-{
-    WOLFSSL_PKCS7* pkcs7;
-    int ret;
-
-    WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_bio");
-
-    if (bio == NULL)
-        return NULL;
-
-    if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
-        return NULL;
-
-    pkcs7->len = wolfSSL_BIO_get_len(bio);
-    pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
-    if (pkcs7->data == NULL) {
-        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
-        return NULL;
-    }
-
-    if ((ret = wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len)) <= 0) {
-        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
-        return NULL;
-    }
-    /* pkcs7->len may change if using b64 for example */
-    pkcs7->len = ret;
-
-    if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len)
-                                                                         != 0) {
-        WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed");
-        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
-        return NULL;
-    }
-
-    if (p7 != NULL)
-        *p7 = (PKCS7*)pkcs7;
-    return (PKCS7*)pkcs7;
-}
-
-int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
-{
-    byte* output = NULL;
-    int localBuf = 0;
-    int len;
-    WC_RNG rng;
-    int ret = WOLFSSL_FAILURE;
-    WOLFSSL_ENTER("wolfSSL_i2d_PKCS7");
-
-    if (!out || !p7) {
-        WOLFSSL_MSG("Bad parameter");
-        return WOLFSSL_FAILURE;
-    }
-
-    if (!p7->rng) {
-        if (wc_InitRng(&rng) != 0) {
-            WOLFSSL_MSG("wc_InitRng error");
-            return WOLFSSL_FAILURE;
-        }
-        p7->rng = &rng; /* cppcheck-suppress autoVariables
-                         */
-    }
-
-    if ((len = wc_PKCS7_EncodeSignedData(p7, NULL, 0)) < 0) {
-        WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
-        goto cleanup;
-    }
-
-    if (*out == NULL) {
-        output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (!output) {
-            WOLFSSL_MSG("malloc error");
-            goto cleanup;
-        }
-        localBuf = 1;
-    }
-    else {
-        output = *out;
-    }
-
-    if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) {
-        WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
-        goto cleanup;
-    }
-
-    ret = len;
-cleanup:
-    if (p7->rng == &rng) {
-        wc_FreeRng(&rng);
-        p7->rng = NULL;
-    }
-    if (ret == WOLFSSL_FAILURE && localBuf && output)
-        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (ret != WOLFSSL_FAILURE)
-        *out = output;
-    return ret;
-}
-
-int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
-{
-    byte* output = NULL;
-    int len;
-    int ret = WOLFSSL_FAILURE;
-    WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
-
-    if (!bio || !p7) {
-        WOLFSSL_MSG("Bad parameter");
-        return WOLFSSL_FAILURE;
-    }
-
-    if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) {
-        WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error");
-        goto cleanup;
-    }
-
-    if (wolfSSL_BIO_write(bio, output, len) <= 0) {
-        WOLFSSL_MSG("wolfSSL_BIO_write error");
-        goto cleanup;
-    }
-
-    ret = WOLFSSL_SUCCESS;
-cleanup:
-    if (output)
-        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    return ret;
-}
-
-/**
- * Creates and returns a PKCS7 signedData structure.
- *
- * Inner content type is set to DATA to match OpenSSL behavior.
- *
- * signer   - certificate to sign bundle with
- * pkey     - private key matching signer
- * certs    - optional additional set of certificates to include
- * in       - input data to be signed
- * flags    - optional set of flags to control sign behavior
- *
- *    PKCS7_BINARY   - Do not translate input data to MIME canonical
- *                     format (\r\n line endings), thus preventing corruption of
- *                     binary content.
- *    PKCS7_TEXT     - Prepend MIME headers for text/plain to content.
- *    PKCS7_DETACHED - Set signature detached, omit content from output bundle.
- *    PKCS7_STREAM   - initialize PKCS7 struct for signing, do not read data.
- *
- * Flags not currently supported:
- *    PKCS7_NOCERTS  - Do not include the signer cert in the output bundle.
- *    PKCS7_PARTIAL  - Allow for PKCS7_sign() to be only partially set up,
- *                     then signers etc to be added separately before
- *                     calling PKCS7_final().
- *
- * Returns valid PKCS7 structure pointer, or NULL if an error occurred.
- */
-PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, WOLFSSL_EVP_PKEY* pkey,
-        WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags)
-{
-    int err = 0;
-    WOLFSSL_PKCS7* p7 = NULL;
-    WOLFSSL_STACK* cert = certs;
-
-    WOLFSSL_ENTER("wolfSSL_PKCS7_sign");
-
-    if (flags & PKCS7_NOCERTS) {
-        WOLFSSL_MSG("PKCS7_NOCERTS flag not yet supported");
-        err = 1;
-    }
-
-    if (flags & PKCS7_PARTIAL) {
-        WOLFSSL_MSG("PKCS7_PARTIAL flag not yet supported");
-        err = 1;
-    }
-
-    if ((err == 0) && (signer == NULL || signer->derCert == NULL ||
-                       signer->derCert->length == 0)) {
-        WOLFSSL_MSG("Bad function arg, signer is NULL or incomplete");
-        err = 1;
-    }
-
-    if ((err == 0) && (pkey == NULL || pkey->pkey.ptr == NULL ||
-                       pkey->pkey_sz <= 0)) {
-        WOLFSSL_MSG("Bad function arg, pkey is NULL or incomplete");
-        err = 1;
-    }
-
-    if ((err == 0) && (in == NULL) && !(flags & PKCS7_STREAM)) {
-        WOLFSSL_MSG("input data required unless PKCS7_STREAM used");
-        err = 1;
-    }
-
-    if ((err == 0) && ((p7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)) {
-        WOLFSSL_MSG("Error allocating new WOLFSSL_PKCS7");
-        err = 1;
-    }
-
-    /* load signer certificate */
-    if (err == 0) {
-        if (wc_PKCS7_InitWithCert(&p7->pkcs7, signer->derCert->buffer,
-                                  signer->derCert->length) != 0) {
-            WOLFSSL_MSG("Failed to load signer certificate");
-            err = 1;
-        }
-    }
-
-    /* set signer private key, data types, defaults */
-    if (err == 0) {
-        p7->pkcs7.privateKey = (byte*)pkey->pkey.ptr;
-        p7->pkcs7.privateKeySz = pkey->pkey_sz;
-        p7->pkcs7.contentOID = DATA;  /* inner content default is DATA */
-        p7->pkcs7.hashOID = SHA256h;  /* default to SHA-256 hash type */
-        p7->type = SIGNED_DATA;       /* PKCS7_final switches on type */
-    }
-
-    /* add additional chain certs if provided */
-    while (cert && (err == 0)) {
-        if (cert->data.x509 != NULL && cert->data.x509->derCert != NULL) {
-            if (wc_PKCS7_AddCertificate(&p7->pkcs7,
-                                cert->data.x509->derCert->buffer,
-                                cert->data.x509->derCert->length) != 0) {
-                WOLFSSL_MSG("Error in wc_PKCS7_AddCertificate");
-                err = 1;
-            }
-        }
-        cert = cert->next;
-    }
-
-    if ((err == 0) && (flags & PKCS7_DETACHED)) {
-        if (wc_PKCS7_SetDetached(&p7->pkcs7, 1) != 0) {
-            WOLFSSL_MSG("Failed to set signature detached");
-            err = 1;
-        }
-    }
-
-    if ((err == 0) && (flags & PKCS7_STREAM)) {
-        /* if streaming, return before finalizing */
-        return (PKCS7*)p7;
-    }
-
-    if ((err == 0) && (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1)) {
-        WOLFSSL_MSG("Error calling wolfSSL_PKCS7_final");
-        err = 1;
-    }
-
-    if ((err != 0) && (p7 != NULL)) {
-        wolfSSL_PKCS7_free((PKCS7*)p7);
-        p7 = NULL;
-    }
-
-    return (PKCS7*)p7;
-}
-
-#ifdef HAVE_SMIME
-
-#ifndef MAX_MIME_LINE_LEN
-    #define MAX_MIME_LINE_LEN 1024
-#endif
-
-/**
- * Copy input BIO to output BIO, but convert all line endings to CRLF (\r\n),
- * used by PKCS7_final().
- *
- * in  - input WOLFSSL_BIO to be converted
- * out - output WOLFSSL_BIO to hold copy of in, with line endings adjusted
- *
- * Return 0 on success, negative on error
- */
-static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
-{
-    int ret = 0;
-    int lineLen = 0;
-    word32 canonLineLen = 0;
-    char* canonLine = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    char* line = NULL;
-#else
-    char line[MAX_MIME_LINE_LEN];
-#endif
-
-    if (in == NULL || out == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    line = (char*)XMALLOC(MAX_MIME_LINE_LEN, in->heap,
-                          DYNAMIC_TYPE_TMP_BUFFER);
-    if (line == NULL) {
-        return MEMORY_E;
-    }
-#endif
-    XMEMSET(line, 0, MAX_MIME_LINE_LEN);
-
-    while ((lineLen = wolfSSL_BIO_gets(in, line, MAX_MIME_LINE_LEN)) > 0) {
-
-        if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') {
-            canonLineLen = (word32)lineLen;
-            if ((canonLine = wc_MIME_single_canonicalize(
-                                line, &canonLineLen)) == NULL) {
-                ret = -1;
-                break;
-            }
-
-            /* remove trailing null */
-            if (canonLineLen >= 1 && canonLine[canonLineLen-1] == '\0') {
-                canonLineLen--;
-            }
-
-            if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) {
-                ret = -1;
-                break;
-            }
-            XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
-            canonLine = NULL;
-        }
-        else {
-            /* no line ending in current line, write direct to out */
-            if (wolfSSL_BIO_write(out, line, lineLen) < 0) {
-                ret = -1;
-                break;
-            }
-        }
-    }
-
-    if (canonLine != NULL) {
-        XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
-    }
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-#endif /* HAVE_SMIME */
-
-/* Used by both PKCS7_final() and PKCS7_verify() */
-static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
-
-/**
- * Finalize PKCS7 structure, currently supports signedData only.
- *
- * Does not generate final bundle (ie: signedData), but finalizes
- * the PKCS7 structure in preparation for a output function to be called next.
- *
- * pkcs7 - initialized PKCS7 structure, populated with signer, etc
- * in    - input data
- * flags - flags to control PKCS7 behavior. Other flags except those noted
- *         below are ignored:
- *
- *    PKCS7_BINARY - Do not translate input data to MIME canonical
- *                   format (\r\n line endings), thus preventing corruption of
- *                   binary content.
- *    PKCS7_TEXT   - Prepend MIME headers for text/plain to content.
- *
- * Returns 1 on success, 0 on error
- */
-int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
-{
-    int ret = 1;
-    int memSz = 0;
-    unsigned char* mem = NULL;
-    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
-    WOLFSSL_BIO* data = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_PKCS7_final");
-
-    if (p7 == NULL || in == NULL) {
-        WOLFSSL_MSG("Bad input args to PKCS7_final");
-        ret = 0;
-    }
-
-    if (ret == 1) {
-        if ((data = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())) == NULL) {
-            WOLFSSL_MSG("Error in wolfSSL_BIO_new");
-            ret = 0;
-        }
-    }
-
-    /* prepend Content-Type header if PKCS7_TEXT */
-    if ((ret == 1) && (flags & PKCS7_TEXT)) {
-        if (wolfSSL_BIO_write(data, contTypeText,
-                              (int)XSTR_SIZEOF(contTypeText)) < 0) {
-            WOLFSSL_MSG("Error prepending Content-Type header");
-            ret = 0;
-        }
-    }
-
-    /* convert line endings to CRLF if !PKCS7_BINARY */
-    if (ret == 1) {
-        if (flags & PKCS7_BINARY) {
-
-            /* no CRLF conversion, direct copy content */
-            if ((memSz = wolfSSL_BIO_get_len(in)) <= 0) {
-                ret = 0;
-            }
-            if (ret == 1) {
-                mem = (unsigned char*)XMALLOC(memSz, in->heap,
-                                              DYNAMIC_TYPE_TMP_BUFFER);
-                if (mem == NULL) {
-                    WOLFSSL_MSG("Failed to allocate memory for input data");
-                    ret = 0;
-                }
-            }
-
-            if (ret == 1) {
-                if (wolfSSL_BIO_read(in, mem, memSz) != memSz) {
-                    WOLFSSL_MSG("Error reading from input BIO");
-                    ret = 0;
-                }
-                else if (wolfSSL_BIO_write(data, mem, memSz) < 0) {
-                    ret = 0;
-                }
-            }
-
-            if (mem != NULL) {
-                XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            }
-        }
-        else {
-    #ifdef HAVE_SMIME
-            /* convert content line endings to CRLF */
-            if (wolfSSL_BIO_to_MIME_crlf(in, data) != 0) {
-                WOLFSSL_MSG("Error converting line endings to CRLF");
-                ret = 0;
-            }
-            else {
-                p7->pkcs7.contentCRLF = 1;
-            }
-    #else
-            WOLFSSL_MSG("Without PKCS7_BINARY requires wolfSSL to be built "
-                        "with HAVE_SMIME");
-            ret = 0;
-    #endif
-        }
-    }
-
-    if ((ret == 1) && ((memSz = wolfSSL_BIO_get_mem_data(data, &mem)) < 0)) {
-        WOLFSSL_MSG("Error in wolfSSL_BIO_get_mem_data");
-        ret = 0;
-    }
-
-    if (ret == 1) {
-        if (p7->data != NULL) {
-            XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
-        }
-        p7->data = (byte*)XMALLOC(memSz, NULL, DYNAMIC_TYPE_PKCS7);
-        if (p7->data == NULL) {
-            ret = 0;
-        }
-        else {
-            XMEMCPY(p7->data, mem, memSz);
-            p7->len = memSz;
-        }
-    }
-
-    if (ret == 1) {
-        p7->pkcs7.content = p7->data;
-        p7->pkcs7.contentSz = p7->len;
-    }
-
-    if (data != NULL) {
-        wolfSSL_BIO_free(data);
-    }
-
-    return ret;
-}
-
-int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
-        WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags)
-{
-    int i, ret = 0;
-    unsigned char* mem = NULL;
-    int memSz = 0;
-    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
-    int contTypeLen;
-    WOLFSSL_X509* signer = NULL;
-    WOLFSSL_STACK* signers = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_PKCS7_verify");
-
-    if (pkcs7 == NULL)
-        return WOLFSSL_FAILURE;
-
-    if (in != NULL) {
-        if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0)
-            return WOLFSSL_FAILURE;
-
-        p7->pkcs7.content = mem;
-        p7->pkcs7.contentSz = memSz;
-    }
-
-    /* certs is the list of certificates to find the cert with issuer/serial. */
-    (void)certs;
-    /* store is the certificate store to use to verify signer certificate
-     * associated with the signers.
-     */
-    (void)store;
-
-    ret = wc_PKCS7_VerifySignedData(&p7->pkcs7, p7->data, p7->len);
-    if (ret != 0)
-        return WOLFSSL_FAILURE;
-
-    if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) {
-        /* Verify signer certificates */
-        if (store == NULL || store->cm == NULL) {
-            WOLFSSL_MSG("No store or store certs, but PKCS7_NOVERIFY not set");
-            return WOLFSSL_FAILURE;
-        }
-
-        signers = wolfSSL_PKCS7_get0_signers(pkcs7, certs, flags);
-        if (signers == NULL) {
-            WOLFSSL_MSG("No signers found to verify");
-            return WOLFSSL_FAILURE;
-        }
-        for (i = 0; i < wolfSSL_sk_X509_num(signers); i++) {
-            signer = wolfSSL_sk_X509_value(signers, i);
-
-            if (wolfSSL_CertManagerVerifyBuffer(store->cm,
-                        signer->derCert->buffer,
-                        signer->derCert->length,
-                        WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Failed to verify signer certificate");
-                wolfSSL_sk_X509_pop_free(signers, NULL);
-                return WOLFSSL_FAILURE;
-            }
-        }
-        wolfSSL_sk_X509_pop_free(signers, NULL);
-    }
-
-    if (flags & PKCS7_TEXT) {
-        /* strip MIME header for text/plain, otherwise error */
-        contTypeLen = XSTR_SIZEOF(contTypeText);
-        if ((p7->pkcs7.contentSz < (word32)contTypeLen) ||
-            (XMEMCMP(p7->pkcs7.content, contTypeText, contTypeLen) != 0)) {
-            WOLFSSL_MSG("Error PKCS7 Content-Type not found with PKCS7_TEXT");
-            return WOLFSSL_FAILURE;
-        }
-        p7->pkcs7.content += contTypeLen;
-        p7->pkcs7.contentSz -= contTypeLen;
-    }
-
-    if (out != NULL) {
-        wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
-    }
-
-    WOLFSSL_LEAVE("wolfSSL_PKCS7_verify", WOLFSSL_SUCCESS);
-
-    return WOLFSSL_SUCCESS;
-}
-
-/**
- * This API was added as a helper function for libest. It
- * encodes a stack of certificates to pkcs7 format.
- * @param pkcs7 PKCS7 parameter object
- * @param certs WOLFSSL_STACK_OF(WOLFSSL_X509)*
- * @param out   Output bio
- * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
- */
-int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
-        WOLFSSL_BIO* out)
-{
-    int ret;
-    WOLFSSL_PKCS7* p7;
-    WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs");
-
-    if (!pkcs7 || !certs || !out) {
-        WOLFSSL_MSG("Bad parameter");
-        return WOLFSSL_FAILURE;
-    }
-
-    p7 = (WOLFSSL_PKCS7*)pkcs7;
-
-    /* take ownership of certs */
-    p7->certs = certs;
-    /* TODO: takes ownership even on failure below but not on above failure. */
-
-    if (pkcs7->certList) {
-        WOLFSSL_MSG("wolfSSL_PKCS7_encode_certs called multiple times on same "
-                    "struct");
-        return WOLFSSL_FAILURE;
-    }
-
-    if (certs) {
-        /* Save some of the values */
-        int hashOID = pkcs7->hashOID;
-        byte version = pkcs7->version;
-
-        if (!certs->data.x509 || !certs->data.x509->derCert) {
-            WOLFSSL_MSG("Missing cert");
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wc_PKCS7_InitWithCert(pkcs7, certs->data.x509->derCert->buffer,
-                                      certs->data.x509->derCert->length) != 0) {
-            WOLFSSL_MSG("wc_PKCS7_InitWithCert error");
-            return WOLFSSL_FAILURE;
-        }
-        certs = certs->next;
-
-        pkcs7->hashOID = hashOID;
-        pkcs7->version = version;
-    }
-
-    /* Add the certs to the PKCS7 struct */
-    while (certs) {
-        if (!certs->data.x509 || !certs->data.x509->derCert) {
-            WOLFSSL_MSG("Missing cert");
-            return WOLFSSL_FAILURE;
-        }
-        if (wc_PKCS7_AddCertificate(pkcs7, certs->data.x509->derCert->buffer,
-                                      certs->data.x509->derCert->length) != 0) {
-            WOLFSSL_MSG("wc_PKCS7_AddCertificate error");
-            return WOLFSSL_FAILURE;
-        }
-        certs = certs->next;
-    }
-
-    if (wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID) != 0) {
-        WOLFSSL_MSG("wc_PKCS7_SetSignerIdentifierType error");
-        return WOLFSSL_FAILURE;
-    }
-
-    ret = wolfSSL_i2d_PKCS7_bio(out, pkcs7);
-
-    return ret;
-}
-
-/******************************************************************************
-* wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO
-*
-* RETURNS:
-* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
-*/
-int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte* outputHead;
-    byte* outputFoot;
-#else
-    byte outputHead[2048];
-    byte outputFoot[2048];
-#endif
-    word32 outputHeadSz = 2048;
-    word32 outputFootSz = 2048;
-    word32 outputSz = 0;
-    byte*  output = NULL;
-    byte*  pem = NULL;
-    int    pemSz = -1;
-    enum wc_HashType hashType;
-    byte hashBuf[WC_MAX_DIGEST_SIZE];
-    word32 hashSz = -1;
-
-    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7");
-
-    if (bio == NULL || p7 == NULL)
-        return WOLFSSL_FAILURE;
-
-#ifdef WOLFSSL_SMALL_STACK
-    outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (outputHead == NULL)
-        return MEMORY_E;
-
-    outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (outputFoot == NULL)
-        goto error;
-
-#endif
-
-    XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE);
-    XMEMSET(outputHead, 0, outputHeadSz);
-    XMEMSET(outputFoot, 0, outputFootSz);
-
-    hashType = wc_OidGetHash(p7->hashOID);
-    hashSz = wc_HashGetDigestSize(hashType);
-    if (hashSz > WC_MAX_DIGEST_SIZE)
-        goto error;
-
-    /* only SIGNED_DATA is supported */
-    switch (p7->contentOID) {
-        case SIGNED_DATA:
-            break;
-        default:
-            WOLFSSL_MSG("Unknown PKCS#7 Type");
-            goto error;
-    };
-
-    if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0)
-        goto error;
-
-    outputSz = outputHeadSz + p7->contentSz + outputFootSz;
-    output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (!output)
-        goto error;
-
-    XMEMSET(output, 0, outputSz);
-    outputSz = 0;
-    XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
-    outputSz += outputHeadSz;
-    XMEMCPY(&output[outputSz], p7->content, p7->contentSz);
-    outputSz += p7->contentSz;
-    XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
-    outputSz += outputFootSz;
-
-    /* get PEM size */
-    pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE);
-    if (pemSz < 0)
-        goto error;
-
-    pemSz++; /* for '\0'*/
-
-    /* create PEM buffer and convert from DER to PEM*/
-    if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER))
-                                                                        == NULL)
-        goto error;
-
-    XMEMSET(pem, 0, pemSz);
-
-    if (wc_DerToPemEx(output, outputSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
-        goto error;
-    }
-    if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
-        XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-        return WOLFSSL_SUCCESS;
-    }
-
-error:
-#ifdef WOLFSSL_SMALL_STACK
-    if (outputHead) {
-        XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (outputFoot) {
-        XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-#endif
-    if (output) {
-        XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (pem) {
-        XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    return WOLFSSL_FAILURE;
-}
-
-#ifdef HAVE_SMIME
-/*****************************************************************************
-* wolfSSL_SMIME_read_PKCS7 - Reads the given S/MIME message and parses it into
-* a PKCS7 object. In case of a multipart message, stores the signed data in
-* bcont.
-*
-* RETURNS:
-* returns pointer to a PKCS7 structure on success, otherwise returns NULL
-*/
-PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
-        WOLFSSL_BIO** bcont)
-{
-    MimeHdr* allHdrs = NULL;
-    MimeHdr* curHdr = NULL;
-    MimeParam* curParam = NULL;
-    int inLen = 0;
-    byte* bcontMem = NULL;
-    int bcontMemSz = 0;
-    int sectionLen = 0;
-    int ret = -1;
-    char* section = NULL;
-    char* canonLine = NULL;
-    char* canonSection = NULL;
-    PKCS7* pkcs7 = NULL;
-    word32 outLen = 0;
-    word32 canonLineLen = 0;
-    byte* out = NULL;
-    byte* outHead = NULL;
-
-    int canonPos = 0;
-    int lineLen = 0;
-    int remainLen = 0;
-    byte isEnd = 0;
-    size_t canonSize = 0;
-    size_t boundLen = 0;
-    char* boundary = NULL;
-
-    static const char kContType[] = "Content-Type";
-    static const char kCTE[] = "Content-Transfer-Encoding";
-    static const char kMultSigned[] = "multipart/signed";
-    static const char kAppPkcsSign[] = "application/pkcs7-signature";
-    static const char kAppXPkcsSign[] = "application/x-pkcs7-signature";
-    static const char kAppPkcs7Mime[] = "application/pkcs7-mime";
-    static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime";
-
-    WOLFSSL_ENTER("wolfSSL_SMIME_read_PKCS7");
-
-    if (in == NULL || bcont == NULL) {
-        goto error;
-    }
-    inLen = wolfSSL_BIO_get_len(in);
-    if (inLen <= 0) {
-        goto error;
-    }
-    remainLen = wolfSSL_BIO_get_len(in);
-    if (remainLen <= 0) {
-        goto error;
-    }
-
-    section = (char*)XMALLOC(remainLen+1, NULL, DYNAMIC_TYPE_PKCS7);
-    if (section == NULL) {
-        goto error;
-    }
-    lineLen = wolfSSL_BIO_gets(in, section, remainLen);
-    if (lineLen <= 0) {
-        goto error;
-    }
-    while (isEnd == 0 && remainLen > 0) {
-        sectionLen += lineLen;
-        remainLen -= lineLen;
-        lineLen = wolfSSL_BIO_gets(in, &section[sectionLen], remainLen);
-        if (lineLen <= 0) {
-            goto error;
-        }
-        /* Line with just newline signals end of headers. */
-        if ((lineLen==2 && !XSTRNCMP(&section[sectionLen],
-                                     "\r\n", 2)) ||
-            (lineLen==1 && (section[sectionLen] == '\r' ||
-                            section[sectionLen] == '\n'))) {
-            isEnd = 1;
-        }
-    }
-    section[sectionLen] = '\0';
-    ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs);
-    if (ret < 0) {
-        WOLFSSL_MSG("Parsing MIME headers failed.");
-        goto error;
-    }
-    isEnd = 0;
-    section[0] = '\0';
-    sectionLen = 0;
-
-    curHdr = wc_MIME_find_header_name(kContType, allHdrs);
-    if (curHdr && !XSTRNCMP(curHdr->body, kMultSigned,
-                            XSTR_SIZEOF(kMultSigned))) {
-        curParam = wc_MIME_find_param_attr("protocol", curHdr->params);
-        if (curParam && (!XSTRNCMP(curParam->value, kAppPkcsSign,
-                                   XSTR_SIZEOF(kAppPkcsSign)) ||
-                         !XSTRNCMP(curParam->value, kAppXPkcsSign,
-                                   XSTR_SIZEOF(kAppXPkcsSign)))) {
-            curParam = wc_MIME_find_param_attr("boundary", curHdr->params);
-            if (curParam == NULL) {
-                goto error;
-            }
-
-            boundLen = XSTRLEN(curParam->value) + 2;
-            boundary = (char*)XMALLOC(boundLen+1, NULL, DYNAMIC_TYPE_PKCS7);
-            if (boundary == NULL) {
-                goto error;
-            }
-            XMEMSET(boundary, 0, (word32)(boundLen+1));
-            boundary[0] = boundary[1] = '-';
-            XSTRNCPY(&boundary[2], curParam->value, boundLen-2);
-
-            /* Parse up to first boundary, ignore everything here. */
-            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
-            if (lineLen <= 0) {
-                goto error;
-            }
-            while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
-                   remainLen > 0) {
-                sectionLen += lineLen;
-                remainLen -= lineLen;
-                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
-                                           remainLen);
-                if (lineLen <= 0) {
-                    goto error;
-                }
-            }
-
-            section[0] = '\0';
-            sectionLen = 0;
-            canonSize = remainLen + 1;
-            canonSection = (char*)XMALLOC(canonSize, NULL,
-                                          DYNAMIC_TYPE_PKCS7);
-            if (canonSection == NULL) {
-                goto error;
-            }
-
-            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
-            if (lineLen < 0) {
-                goto error;
-            }
-            while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
-                            remainLen > 0) {
-                canonLineLen = lineLen;
-                canonLine = wc_MIME_single_canonicalize(&section[sectionLen],
-                                                        &canonLineLen);
-                if (canonLine == NULL) {
-                    goto error;
-                }
-                /* If line endings were added, the initial length may be
-                 * exceeded. */
-                if ((canonPos + canonLineLen) >= canonSize) {
-                    canonSize = canonPos + canonLineLen;
-                    canonSection = (char*)XREALLOC(canonSection, canonSize,
-                                                   NULL, DYNAMIC_TYPE_PKCS7);
-                    if (canonSection == NULL) {
-                        goto error;
-                    }
-                }
-                XMEMCPY(&canonSection[canonPos], canonLine,
-                        (int)canonLineLen - 1);
-                canonPos += canonLineLen - 1;
-                XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
-                canonLine = NULL;
-
-                sectionLen += lineLen;
-                remainLen -= lineLen;
-
-                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
-                                           remainLen);
-                if (lineLen <= 0) {
-                    goto error;
-                }
-            }
-
-            if (canonPos > 0) {
-                canonPos--;
-            }
-
-            /* Strip the final trailing newline.  Support \r, \n or \r\n. */
-            if (canonSection[canonPos] == '\n') {
-                if (canonPos > 0) {
-                    canonPos--;
-                }
-            }
-
-            if (canonSection[canonPos] == '\r') {
-                if (canonPos > 0) {
-                    canonPos--;
-                }
-            }
-
-            canonSection[canonPos+1] = '\0';
-
-            *bcont = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
-            ret = wolfSSL_BIO_write(*bcont, canonSection,
-                                    canonPos + 1);
-            if (ret != (canonPos+1)) {
-                goto error;
-            }
-            if ((bcontMemSz = wolfSSL_BIO_get_mem_data(*bcont, &bcontMem))
-                                                                          < 0) {
-                goto error;
-            }
-            XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
-            canonSection = NULL;
-
-            wc_MIME_free_hdrs(allHdrs);
-            allHdrs = NULL;
-            section[0] = '\0';
-            sectionLen = 0;
-            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
-            if (lineLen <= 0) {
-                goto error;
-            }
-            while (isEnd == 0 && remainLen > 0) {
-                sectionLen += lineLen;
-                remainLen -= lineLen;
-                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
-                                           remainLen);
-                if (lineLen <= 0) {
-                    goto error;
-                }
-                /* Line with just newline signals end of headers. */
-                if ((lineLen==2 && !XSTRNCMP(&section[sectionLen],
-                                             "\r\n", 2)) ||
-                    (lineLen==1 && (section[sectionLen] == '\r' ||
-                                    section[sectionLen] == '\n'))) {
-                    isEnd = 1;
-                }
-            }
-            section[sectionLen] = '\0';
-            ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs);
-            if (ret < 0) {
-                WOLFSSL_MSG("Parsing MIME headers failed.");
-                goto error;
-            }
-            curHdr = wc_MIME_find_header_name(kContType, allHdrs);
-            if (curHdr == NULL || (XSTRNCMP(curHdr->body, kAppPkcsSign,
-                                   XSTR_SIZEOF(kAppPkcsSign)) &&
-                                   XSTRNCMP(curHdr->body, kAppXPkcsSign,
-                                   XSTR_SIZEOF(kAppXPkcsSign)))) {
-                WOLFSSL_MSG("S/MIME headers not found inside "
-                            "multipart message.\n");
-                goto error;
-            }
-
-            section[0] = '\0';
-            sectionLen = 0;
-            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
-            while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
-                   remainLen > 0) {
-                sectionLen += lineLen;
-                remainLen -= lineLen;
-                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
-                                           remainLen);
-                if (lineLen <= 0) {
-                    goto error;
-                }
-            }
-
-            XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7);
-            boundary = NULL;
-        }
-    }
-    else if (curHdr && (!XSTRNCMP(curHdr->body, kAppPkcs7Mime,
-                                  XSTR_SIZEOF(kAppPkcs7Mime)) ||
-                        !XSTRNCMP(curHdr->body, kAppXPkcs7Mime,
-                                  XSTR_SIZEOF(kAppXPkcs7Mime)))) {
-        sectionLen = wolfSSL_BIO_get_len(in);
-        if (sectionLen <= 0) {
-            goto error;
-        }
-        ret = wolfSSL_BIO_read(in, section, sectionLen);
-        if (ret < 0 || ret != sectionLen) {
-            WOLFSSL_MSG("Error reading input BIO.");
-            goto error;
-        }
-    }
-    else {
-        WOLFSSL_MSG("S/MIME headers not found.");
-        goto error;
-    }
-
-    curHdr = wc_MIME_find_header_name(kCTE, allHdrs);
-    if (curHdr == NULL) {
-        WOLFSSL_MSG("Content-Transfer-Encoding header not found, "
-                    "assuming base64 encoding.");
-    }
-    else if (XSTRNCMP(curHdr->body, "base64", XSTRLEN("base64"))) {
-        WOLFSSL_MSG("S/MIME encodings other than base64 are not "
-                    "currently supported.\n");
-        goto error;
-    }
-
-    if (section == NULL || sectionLen <= 0) {
-        goto error;
-    }
-    outLen = ((sectionLen*3+3)/4)+1;
-    out = (byte*)XMALLOC(outLen*sizeof(byte), NULL, DYNAMIC_TYPE_PKCS7);
-    outHead = out;
-    if (outHead == NULL) {
-        goto error;
-    }
-    /* Strip trailing newlines. */
-    while ((sectionLen > 0) &&
-           (section[sectionLen-1] == '\r' || section[sectionLen-1] == '\n')) {
-        sectionLen--;
-    }
-    section[sectionLen] = '\0';
-    ret = Base64_Decode((const byte*)section, sectionLen, out, &outLen);
-    if (ret < 0) {
-        WOLFSSL_MSG("Error base64 decoding S/MIME message.");
-        goto error;
-    }
-    pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, outLen,
-        bcontMem, bcontMemSz);
-
-    wc_MIME_free_hdrs(allHdrs);
-    XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
-    XFREE(section, NULL, DYNAMIC_TYPE_PKCS7);
-
-    return pkcs7;
-
-error:
-    wc_MIME_free_hdrs(allHdrs);
-    XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7);
-    XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
-    XFREE(section, NULL, DYNAMIC_TYPE_PKCS7);
-    if (canonSection != NULL)
-        XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
-    if (canonLine != NULL)
-        XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
-    if (bcont) {
-        wolfSSL_BIO_free(*bcont);
-        *bcont = NULL; /* reset 'bcount' pointer to NULL on failure */
-    }
-
-    return NULL;
-}
-
-/* Convert hash algo OID (from Hash_Sum in asn.h) to SMIME string equivalent.
- * Returns hash algorithm string or "unknown" if not found */
-static const char* wolfSSL_SMIME_HashOIDToString(int hashOID)
-{
-    switch (hashOID) {
-        case MD5h:
-            return "md5";
-        case SHAh:
-            return "sha1";
-        case SHA224h:
-            return "sha-224";
-        case SHA256h:
-            return "sha-256";
-        case SHA384h:
-            return "sha-384";
-        case SHA512h:
-            return "sha-512";
-        case SHA3_224h:
-            return "sha3-224";
-        case SHA3_384h:
-            return "sha3-384";
-        case SHA3_512h:
-            return "sha3-512";
-        default:
-            break;
-    }
-
-    return "unknown";
-}
-
-/* Convert PKCS#7 type (from PKCS7_TYPES in pkcs7.h) to SMIME string.
- * RFC2633 only defines signed-data, enveloped-data, certs-only.
- * Returns string on success, NULL on unknown type. */
-static const char* wolfSSL_SMIME_PKCS7TypeToString(int type)
-{
-    switch (type) {
-        case SIGNED_DATA:
-            return "signed-data";
-        case ENVELOPED_DATA:
-            return "enveloped-data";
-        default:
-            break;
-    }
-
-    return NULL;
-}
-
-/**
- * Convert PKCS7 structure to SMIME format, adding necessary headers.
- *
- * Handles generation of PKCS7 bundle (ie: signedData). PKCS7 structure
- * should be set up beforehand with PKCS7_sign/final/etc. Output is always
- * Base64 encoded.
- *
- * out   - output BIO for SMIME formatted data to be placed
- * pkcs7 - input PKCS7 structure, initialized and set up
- * in    - input content to be encoded into PKCS7
- * flags - flags to control behavior of PKCS7 generation
- *
- * Returns 1 on success, 0 or negative on failure
- */
-int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
-                              int flags)
-{
-    int i;
-    int ret = 1;
-    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
-    byte* p7out = NULL;
-    int len = 0;
-
-    char boundary[33]; /* 32 chars + \0 */
-    byte* sigBase64 = NULL;
-    word32 sigBase64Len = 0;
-    const char* p7TypeString = NULL;
-
-    static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-
-    if (out == NULL || p7 == NULL) {
-        WOLFSSL_MSG("Bad function arguments");
-        return 0;
-    }
-
-    if (in != NULL && (p7->pkcs7.content == NULL || p7->pkcs7.contentSz == 0 ||
-                       p7->pkcs7.contentCRLF == 0)) {
-        /* store and adjust content line endings for CRLF if needed */
-        if (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1) {
-            ret = 0;
-        }
-    }
-
-    if (ret > 0) {
-        /* Generate signedData bundle, DER in output (dynamic) */
-        if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == WOLFSSL_FAILURE) {
-            WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7");
-            ret = 0;
-        }
-    }
-
-    /* Base64 encode signedData bundle */
-    if (ret > 0) {
-        if (Base64_Encode(p7out, len, NULL, &sigBase64Len) != LENGTH_ONLY_E) {
-            ret = 0;
-        }
-        else {
-            sigBase64 = (byte*)XMALLOC(sigBase64Len, NULL,
-                                       DYNAMIC_TYPE_TMP_BUFFER);
-            if (sigBase64 == NULL) {
-                ret = 0;
-            }
-        }
-    }
-
-    if (ret > 0) {
-        XMEMSET(sigBase64, 0, sigBase64Len);
-        if (Base64_Encode(p7out, len, sigBase64, &sigBase64Len) < 0) {
-            WOLFSSL_MSG("Error in Base64_Encode of signature");
-            ret = 0;
-        }
-    }
-
-    /* build up SMIME message */
-    if (ret > 0) {
-        if (flags & PKCS7_DETACHED) {
-
-            /* generate random boundary */
-            if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("No RNG to use");
-                ret = 0;
-            }
-
-            /* no need to generate random byte for null terminator (size-1) */
-            if ((ret > 0) && (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary,
-                                  sizeof(boundary) - 1 ) != 0)) {
-                    WOLFSSL_MSG("Error in wc_RNG_GenerateBlock");
-                    ret = 0;
-            }
-
-            if (ret > 0) {
-                for (i = 0; i < (int)sizeof(boundary) - 1; i++) {
-                    boundary[i] =
-                        alphanum[boundary[i] % XSTR_SIZEOF(alphanum)];
-                }
-                boundary[sizeof(boundary)-1] = 0;
-            }
-
-            if (ret > 0) {
-                /* S/MIME header beginning */
-                ret = wolfSSL_BIO_printf(out,
-                        "MIME-Version: 1.0\n"
-                        "Content-Type: multipart/signed; "
-                        "protocol=\"application/x-pkcs7-signature\"; "
-                        "micalg=\"%s\"; "
-                        "boundary=\"----%s\"\n\n"
-                        "This is an S/MIME signed message\n\n"
-                        "------%s\n",
-                        wolfSSL_SMIME_HashOIDToString(p7->pkcs7.hashOID),
-                        boundary, boundary);
-            }
-
-            if (ret > 0) {
-                /* S/MIME content */
-                ret = wolfSSL_BIO_write(out,
-                        p7->pkcs7.content, p7->pkcs7.contentSz);
-            }
-
-            if (ret > 0) {
-                /* S/SMIME header end boundary */
-                ret = wolfSSL_BIO_printf(out,
-                        "\n------%s\n", boundary);
-            }
-
-            if (ret > 0) {
-                /* Signature and header */
-                ret = wolfSSL_BIO_printf(out,
-                        "Content-Type: application/x-pkcs7-signature; "
-                        "name=\"smime.p7s\"\n"
-                        "Content-Transfer-Encoding: base64\n"
-                        "Content-Disposition: attachment; "
-                        "filename=\"smime.p7s\"\n\n"
-                        "%.*s\n" /* Base64 encoded signature */
-                        "------%s--\n\n",
-                        sigBase64Len, sigBase64,
-                        boundary);
-            }
-        }
-        else {
-            p7TypeString = wolfSSL_SMIME_PKCS7TypeToString(p7->type);
-            if (p7TypeString == NULL) {
-                WOLFSSL_MSG("Unsupported PKCS7 SMIME type");
-                ret = 0;
-            }
-
-            if (ret > 0) {
-                /* not detached */
-                ret = wolfSSL_BIO_printf(out,
-                        "MIME-Version: 1.0\n"
-                        "Content-Disposition: attachment; "
-                        "filename=\"smime.p7m\"\n"
-                        "Content-Type: application/x-pkcs7-mime; "
-                        "smime-type=%s; name=\"smime.p7m\"\n"
-                        "Content-Transfer-Encoding: base64\n\n"
-                        "%.*s\n" /* signature */,
-                        p7TypeString, sigBase64Len, sigBase64);
-            }
-        }
-    }
-
-    if (p7out != NULL) {
-        XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (sigBase64 != NULL) {
-        XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-
-    if (ret > 0) {
-        return WOLFSSL_SUCCESS;
-    }
-
-    return WOLFSSL_FAILURE;
-}
-
-#endif /* HAVE_SMIME */
-#endif /* !NO_BIO */
-#endif /* OPENSSL_ALL */
-
-#endif /* HAVE_PKCS7 */
-/*******************************************************************************
- * END OF PKCS7 APIs
- ******************************************************************************/
-
-/*******************************************************************************
- * START OF PKCS12 APIs
- ******************************************************************************/
-#ifdef OPENSSL_EXTRA
-
-/* no-op function. Was initially used for adding encryption algorithms available
- * for PKCS12 */
-void wolfSSL_PKCS12_PBE_add(void)
-{
-    WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
-}
-
-#if !defined(NO_FILESYSTEM)
-WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp,
-        WOLFSSL_X509_PKCS12 **pkcs12)
-{
-    WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp");
-    return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12,
-        PKCS12_TYPE);
-}
-#endif /* !NO_FILESYSTEM */
-
-#endif /* OPENSSL_EXTRA */
-
-#if defined(HAVE_PKCS12)
-
-#ifdef OPENSSL_EXTRA
-
-#if !defined(NO_ASN) && !defined(NO_PWDBASED)
-
-#ifndef NO_BIO
-WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
-{
-    WC_PKCS12* localPkcs12 = NULL;
-    unsigned char* mem = NULL;
-    long memSz;
-    int ret = -1;
-
-    WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio");
-
-    if (bio == NULL) {
-        WOLFSSL_MSG("Bad Function Argument bio is NULL");
-        return NULL;
-    }
-
-    memSz = wolfSSL_BIO_get_len(bio);
-    if (memSz <= 0) {
-        return NULL;
-    }
-    mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (mem == NULL) {
-        return NULL;
-    }
-
-    if (mem != NULL) {
-        localPkcs12 = wc_PKCS12_new();
-        if (localPkcs12 == NULL) {
-            WOLFSSL_MSG("Memory error");
-        }
-    }
-
-    if (mem != NULL && localPkcs12 != NULL) {
-        if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) {
-            ret = wc_d2i_PKCS12(mem, (word32)memSz, localPkcs12);
-            if (ret < 0) {
-                WOLFSSL_MSG("Failed to get PKCS12 sequence");
-            }
-        }
-        else {
-            WOLFSSL_MSG("Failed to get data from bio struct");
-        }
-    }
-
-    /* cleanup */
-    if (mem != NULL)
-        XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (ret < 0 && localPkcs12 != NULL) {
-        wc_PKCS12_free(localPkcs12);
-        localPkcs12 = NULL;
-    }
-    if (pkcs12 != NULL)
-        *pkcs12 = localPkcs12;
-
-    return localPkcs12;
-}
-
-/* Converts the PKCS12 to DER format and outputs it into bio.
- *
- * bio is the structure to hold output DER
- * pkcs12 structure to create DER from
- *
- * return 1 for success or 0 if an error occurs
- */
-int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
-{
-    int ret = WOLFSSL_FAILURE;
-
-    WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio");
-
-    if ((bio != NULL) && (pkcs12 != NULL)) {
-        word32 certSz = 0;
-        byte *certDer = NULL;
-
-        certSz = wc_i2d_PKCS12(pkcs12, &certDer, NULL);
-        if ((certSz > 0) && (certDer != NULL)) {
-            if (wolfSSL_BIO_write(bio, certDer, certSz) == (int)certSz) {
-                ret = WOLFSSL_SUCCESS;
-            }
-        }
-
-        if (certDer != NULL) {
-            XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS);
-        }
-    }
-
-    return ret;
-}
-#endif /* !NO_BIO */
-
-/* Creates a new WC_PKCS12 structure
- *
- * pass  password to use
- * name  friendlyName to use
- * pkey  private key to go into PKCS12 bundle
- * cert  certificate to go into PKCS12 bundle
- * ca    extra certificates that can be added to bundle. Can be NULL
- * keyNID  type of encryption to use on the key (-1 means no encryption)
- * certNID type of encryption to use on the certificate
- * itt     number of iterations with encryption
- * macItt  number of iterations with mac creation
- * keyType flag for signature and/or encryption key
- *
- * returns a pointer to a new WC_PKCS12 structure on success and NULL on fail
- */
-WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey,
-        WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, int keyNID,
-        int certNID, int itt, int macItt, int keyType)
-{
-    WC_PKCS12* pkcs12;
-    WC_DerCertList* list = NULL;
-    word32 passSz;
-    byte* keyDer = NULL;
-    word32 keyDerSz;
-    byte* certDer;
-    int certDerSz;
-
-    WOLFSSL_ENTER("wolfSSL_PKCS12_create");
-
-    if (pass == NULL || pkey == NULL || cert == NULL) {
-        WOLFSSL_LEAVE("wolfSSL_PKCS12_create", BAD_FUNC_ARG);
-        return NULL;
-    }
-    passSz = (word32)XSTRLEN(pass);
-
-    keyDer = (byte*)pkey->pkey.ptr;
-    keyDerSz = pkey->pkey_sz;
-
-    certDer = (byte*)wolfSSL_X509_get_der(cert, &certDerSz);
-    if (certDer == NULL) {
-        return NULL;
-    }
-
-    if (ca != NULL) {
-        unsigned long numCerts = ca->num;
-        WOLFSSL_STACK* sk = ca;
-
-        while (numCerts > 0 && sk != NULL) {
-            byte* curDer;
-            WC_DerCertList* cur;
-            int   curDerSz = 0;
-
-            cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL,
-                    DYNAMIC_TYPE_PKCS);
-            if (cur == NULL) {
-                wc_FreeCertList(list, NULL);
-                return NULL;
-            }
-
-            curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz);
-            if (curDer == NULL || curDerSz < 0) {
-                XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
-                wc_FreeCertList(list, NULL);
-                return NULL;
-            }
-
-            cur->buffer = (byte*)XMALLOC(curDerSz, NULL, DYNAMIC_TYPE_PKCS);
-            if (cur->buffer == NULL) {
-                XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
-                wc_FreeCertList(list, NULL);
-                return NULL;
-            }
-            XMEMCPY(cur->buffer, curDer, curDerSz);
-            cur->bufferSz = curDerSz;
-            cur->next = list;
-            list = cur;
-
-            sk = sk->next;
-            numCerts--;
-        }
-    }
-
-    pkcs12 = wc_PKCS12_create(pass, passSz, name, keyDer, keyDerSz,
-            certDer, certDerSz, list, keyNID, certNID, itt, macItt,
-            keyType, NULL);
-
-    if (ca != NULL) {
-        wc_FreeCertList(list, NULL);
-    }
-
-    return pkcs12;
-}
-
-
-/* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */
-int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
-          WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
-          WOLF_STACK_OF(WOLFSSL_X509)** ca)
-{
-    void* heap = NULL;
-    int ret;
-    byte* certData = NULL;
-    word32 certDataSz;
-    byte* pk = NULL;
-    word32 pkSz;
-    WC_DerCertList* certList = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    DecodedCert *DeCert;
-#else
-    DecodedCert DeCert[1];
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_PKCS12_parse");
-
-    /* make sure we init return args */
-    if (pkey) *pkey = NULL;
-    if (cert) *cert = NULL;
-    if (ca)   *ca = NULL;
-
-    if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) {
-        WOLFSSL_MSG("Bad argument value");
-        return WOLFSSL_FAILURE;
-    }
-
-    heap  = wc_PKCS12_GetHeap(pkcs12);
-
-    if (ca == NULL) {
-        ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
-            NULL);
-    }
-    else {
-        ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
-            &certList);
-    }
-    if (ret < 0) {
-        WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret);
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    DeCert = (DecodedCert *)XMALLOC(sizeof(*DeCert), heap,
-                                    DYNAMIC_TYPE_DCERT);
-    if (DeCert == NULL) {
-        WOLFSSL_MSG("out of memory");
-        return WOLFSSL_FAILURE;
-    }
-#endif
-
-    /* Decode cert and place in X509 stack struct */
-    if (certList != NULL) {
-        WC_DerCertList* current = certList;
-
-        *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC(
-            sizeof(WOLF_STACK_OF(WOLFSSL_X509)), heap, DYNAMIC_TYPE_X509);
-        if (*ca == NULL) {
-            if (pk != NULL) {
-                XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            }
-            if (certData != NULL) {
-                XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-            }
-            /* Free up WC_DerCertList and move on */
-            while (current != NULL) {
-                WC_DerCertList* next = current->next;
-
-                XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
-                XFREE(current, heap, DYNAMIC_TYPE_PKCS);
-                current = next;
-            }
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-        XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509)));
-
-        /* add list of DER certs as X509's to stack */
-        while (current != NULL) {
-            WC_DerCertList*  toFree = current;
-            WOLFSSL_X509* x509;
-
-            x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
-                DYNAMIC_TYPE_X509);
-            InitX509(x509, 1, heap);
-            InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
-            if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
-                WOLFSSL_MSG("Issue with parsing certificate");
-                FreeDecodedCert(DeCert);
-                wolfSSL_X509_free(x509);
-            }
-            else {
-                if (CopyDecodedToX509(x509, DeCert) != 0) {
-                    WOLFSSL_MSG("Failed to copy decoded cert");
-                    FreeDecodedCert(DeCert);
-                    wolfSSL_X509_free(x509);
-                    wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-                    if (pk != NULL) {
-                        XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-                    }
-                    if (certData != NULL) {
-                        XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-                    }
-                    /* Free up WC_DerCertList */
-                    while (current != NULL) {
-                        WC_DerCertList* next = current->next;
-
-                        XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
-                        XFREE(current, heap, DYNAMIC_TYPE_PKCS);
-                        current = next;
-                    }
-                    ret = WOLFSSL_FAILURE;
-                    goto out;
-                }
-                FreeDecodedCert(DeCert);
-
-                if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
-                    WOLFSSL_MSG("Failed to push x509 onto stack");
-                    wolfSSL_X509_free(x509);
-                    wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-                    if (pk != NULL) {
-                        XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-                    }
-                    if (certData != NULL) {
-                        XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-                    }
-
-                    /* Free up WC_DerCertList */
-                    while (current != NULL) {
-                        WC_DerCertList* next = current->next;
-
-                        XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
-                        XFREE(current, heap, DYNAMIC_TYPE_PKCS);
-                        current = next;
-                    }
-                    ret = WOLFSSL_FAILURE;
-                    goto out;
-                }
-            }
-            current = current->next;
-            XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS);
-            XFREE(toFree, heap, DYNAMIC_TYPE_PKCS);
-        }
-    }
-
-
-    /* Decode cert and place in X509 struct */
-    if (certData != NULL) {
-        *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
-            DYNAMIC_TYPE_X509);
-        if (*cert == NULL) {
-            if (pk != NULL) {
-                XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            }
-            if (ca != NULL) {
-                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-            }
-            XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-        InitX509(*cert, 1, heap);
-        InitDecodedCert(DeCert, certData, certDataSz, heap);
-        if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
-            WOLFSSL_MSG("Issue with parsing certificate");
-        }
-        if (CopyDecodedToX509(*cert, DeCert) != 0) {
-            WOLFSSL_MSG("Failed to copy decoded cert");
-            FreeDecodedCert(DeCert);
-            if (pk != NULL) {
-                XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            }
-            if (ca != NULL) {
-                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-            }
-            wolfSSL_X509_free(*cert); *cert = NULL;
-            XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-        FreeDecodedCert(DeCert);
-        XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
-    }
-
-
-    /* get key type */
-    ret = BAD_STATE_E;
-    if (pk != NULL) { /* decode key if present */
-        *pkey = wolfSSL_EVP_PKEY_new_ex(heap);
-        if (*pkey == NULL) {
-            wolfSSL_X509_free(*cert); *cert = NULL;
-            if (ca != NULL) {
-                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-            }
-            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-    #ifndef NO_RSA
-        {
-            const unsigned char* pt = pk;
-            if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) !=
-                    NULL) {
-                ret = 0;
-            }
-        }
-    #endif /* NO_RSA */
-
-    #ifdef HAVE_ECC
-        if (ret != 0) { /* if is in fail state check if ECC key */
-            const unsigned char* pt = pk;
-            if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) !=
-                    NULL) {
-                ret = 0;
-            }
-        }
-    #endif /* HAVE_ECC */
-        if (pk != NULL)
-            XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
-        if (ret != 0) { /* if is in fail state and no PKEY then fail */
-            wolfSSL_X509_free(*cert); *cert = NULL;
-            if (ca != NULL) {
-                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
-            }
-            wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
-            WOLFSSL_MSG("Bad PKCS12 key format");
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        if (pkey != NULL && *pkey != NULL) {
-            (*pkey)->save_type = 0;
-        }
-    }
-
-    (void)ret;
-    (void)ca;
-
-    ret = WOLFSSL_SUCCESS;
-
-out:
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(DeCert, heap, DYNAMIC_TYPE_DCERT);
-#endif
-
-    return ret;
-}
-
-int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
-        int pswLen)
-{
-    WOLFSSL_ENTER("wolfSSL_PKCS12_verify_mac");
-
-    if (!pkcs12) {
-        return WOLFSSL_FAILURE;
-    }
-
-    return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, pswLen) == 0 ?
-            WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-}
-
-#endif /* !NO_ASN && !NO_PWDBASED */
-
-#endif /* OPENSSL_EXTRA */
-
-#endif /* HAVE_PKCS12 */
-/*******************************************************************************
- * END OF PKCS12 APIs
- ******************************************************************************/
+#define WOLFSSL_SSL_P7P12_INCLUDED
+#include <src/ssl_p7p12.c>
 
 #endif /* !NO_CERTS */
 
@@ -35690,11 +26327,11 @@ int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
 #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
 int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         XMEMSET(ctx, 0, sizeof(WOLFSSL_DRBG_CTX));
         ctx->type = type;
-        ctx->xflags = flags;
+        ctx->xflags = (int)flags;
         ctx->status = DRBG_STATUS_UNINITIALISED;
         ret = WOLFSSL_SUCCESS;
     }
@@ -35702,7 +26339,7 @@ int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags)
 }
 WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_DRBG_CTX* ctx = (WOLFSSL_DRBG_CTX*)XMALLOC(sizeof(WOLFSSL_DRBG_CTX),
         NULL, DYNAMIC_TYPE_OPENSSL);
     ret = wolfSSL_FIPS_drbg_init(ctx, type, flags);
@@ -35719,7 +26356,7 @@ WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags)
 int wolfSSL_FIPS_drbg_instantiate(WOLFSSL_DRBG_CTX* ctx,
     const unsigned char* pers, size_t perslen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng == NULL) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS) && FIPS_VERSION_GE(5,0)))
@@ -35753,7 +26390,7 @@ int wolfSSL_FIPS_drbg_set_callbacks(WOLFSSL_DRBG_CTX* ctx,
     size_t entropy_blocklen,
     drbg_nonce_get none_get, drbg_nonce_clean nonce_clean)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         ctx->entropy_get = entropy_get;
         ctx->entropy_clean = entropy_clean;
@@ -35774,7 +26411,7 @@ void wolfSSL_FIPS_rand_add(const void* buf, int num, double entropy)
 int wolfSSL_FIPS_drbg_reseed(WOLFSSL_DRBG_CTX* ctx, const unsigned char* adin,
     size_t adinlen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng != NULL) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0)))
@@ -35793,7 +26430,7 @@ int wolfSSL_FIPS_drbg_generate(WOLFSSL_DRBG_CTX* ctx, unsigned char* out,
     size_t outlen, int prediction_resistance, const unsigned char* adin,
     size_t adinlen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng != NULL) {
         ret = wc_RNG_GenerateBlock(ctx->rng, out, (word32)outlen);
         if (ret == 0) {
diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index eecf46748..4973235ba 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -1,6 +1,6 @@
 /* ssl_asn1.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,207 +46,197 @@
 
 #ifdef OPENSSL_ALL
 
-/* Create an ASN1 item of the specified type.
- *
- * @param [out] item  Pointer to location to place new ASN1 item.
- * @param [in]  type  Type of ASN1 item to create.
- * @return  0 on success.
- * @return  1 when item type not supported.
- * @return  1 when item type allocation fails.
- */
-static int wolfssl_asn1_item_new(void** item, int type)
+/* Provides access to the member of the obj offset by offset */
+#define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset)))
+#define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset)))
+
+static void* asn1_new_tpl(const WOLFSSL_ASN1_TEMPLATE *mem)
 {
-    int err = 0;
+    if (mem->sequence)
+        return wolfSSL_sk_new_null();
+    else
+        return mem->new_func();
+}
 
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            *(WOLFSSL_X509_ALGOR**)item = wolfSSL_X509_ALGOR_new();
+static void* asn1_item_alloc(const WOLFSSL_ASN1_ITEM* item)
+{
+    void* ret = NULL;
+
+    /* allocation */
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+        case WOLFSSL_ASN1_CHOICE:
+            ret = (void *)XMALLOC(item->size, NULL, DYNAMIC_TYPE_OPENSSL);
+            if (ret != NULL)
+                XMEMSET(ret, 0, item->size);
             break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            *(WOLFSSL_ASN1_BIT_STRING**)item = wolfSSL_ASN1_BIT_STRING_new();
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            if (item->mcount != 1 || item->members->offset) {
+                WOLFSSL_MSG("incorrect member count or offset");
+                return NULL;
+            }
+            ret = asn1_new_tpl(item->members);
             break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-           *(WOLFSSL_ASN1_INTEGER**)item = wolfSSL_ASN1_INTEGER_new();
-           break;
         default:
-            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new");
-            *(void**)item = NULL;
-    }
-    /* Check whether an item was put in. */
-    if (*(void**)item == NULL) {
-        err = 1;
+            WOLFSSL_MSG("ASN1 type not implemented");
+            return NULL;
     }
 
-    return err;
+    return ret;
+}
+
+static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
+    size_t i;
+    int ret = 0;
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+                asn1Mem(obj, mem->offset) = asn1_new_tpl(mem);
+                if (asn1Mem(obj, mem->offset) == NULL) {
+                    ret = WOLFSSL_FATAL_ERROR;
+                    break;
+                }
+            }
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            /* Initialized by new_func. Nothing to do. */
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            asn1Type(obj, item->toffset) = -1;
+            /* We don't know what to initialize. Nothing to do. */
+            break;
+        default:
+            WOLFSSL_MSG("ASN1 type not implemented");
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+
+    return ret;
 }
 
 /* Create a new ASN1 item based on a template.
  *
- * @param [in] tpl  Template of ASN1 items.
+ * @param [in] item  Info about ASN1 items.
  * @return  A new ASN1 item on success.
- * @return  NULL when tpl is NULL, dynamic memory allocation fails or ASN1
+ * @return  NULL when item is NULL, dynamic memory allocation fails or ASN1
  *          item type not supported.
  */
-void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* tpl)
+void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* item)
 {
-    int err = 0;
     void* ret = NULL;
-    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
-    size_t i;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
 
-    if (tpl != NULL) {
-        ret = (void *)XMALLOC(tpl->size, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    if (item == NULL)
+        return NULL;
 
-    if (ret != NULL) {
-        XMEMSET(ret, 0, tpl->size);
-        for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
-            if ((err = wolfssl_asn1_item_new(
-                    (void**)(((byte*)ret) + mem->offset), mem->type))) {
-                break;
-            }
-        }
-    }
+    /* allocation */
+    ret = asn1_item_alloc(item);
+    if (ret == NULL)
+        return NULL;
 
-    if (err) {
-        wolfSSL_ASN1_item_free(ret, tpl);
+    /* initialization */
+    if (asn1_item_init(ret, item) != 0) {
+        wolfSSL_ASN1_item_free(ret, item);
         ret = NULL;
     }
+
     return ret;
 }
 
-/* Dispose of an ASN1 item of the specified type.
- *
- * @param [in, out] item  Pointer to an anonymized ASN1 item to free.
- * @param [in]      type  Type of ASN1 item to free.
- */
-static void wolfssl_asn1_item_free(void** item, int type)
+static void asn1_free_tpl(void *obj, const WOLFSSL_ASN1_TEMPLATE *mem)
 {
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            wolfSSL_X509_ALGOR_free(*(WOLFSSL_X509_ALGOR**)item);
-            break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            wolfSSL_ASN1_BIT_STRING_free(*(WOLFSSL_ASN1_BIT_STRING**)item);
-            break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-            wolfSSL_ASN1_INTEGER_free(*(WOLFSSL_ASN1_INTEGER**)item);
-            break;
-        default:
-            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free");
+    if (obj != NULL) {
+        if (mem->sequence)
+            wolfSSL_sk_pop_free((WOLFSSL_STACK *)obj, mem->free_func);
+        else
+            mem->free_func(obj);
     }
 }
 
 /* Dispose of ASN1 item based on a template.
  *
  * @param [in, out] val  ASN item to free.
- * @param [in,      tpl  Template of ASN1 items.
+ * @param [in,      item Info about ASN1 items.
  */
-void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl)
+void wolfSSL_ASN1_item_free(void *obj, const WOLFSSL_ASN1_ITEM *item)
 {
     const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
     size_t i;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
 
-    if (items != NULL) {
-        for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
-            wolfssl_asn1_item_free((void**)(((byte*)items) + mem->offset),
-                mem->type);
+    if (obj != NULL) {
+        switch (item->type) {
+            case WOLFSSL_ASN1_SEQUENCE:
+                for (mem = item->members, i = 0; i < item->mcount; mem++, i++)
+                    asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
+                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
+                break;
+            case WOLFSSL_ASN1_CHOICE:
+                if (asn1Type(obj, item->toffset) < 0)
+                    break; /* type not set */
+                for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+                    if (asn1Type(obj, item->toffset) == mem->tag) {
+                        asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
+                        break;
+                    }
+                }
+                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
+                break;
+            case WOLFSSL_ASN1_OBJECT_TYPE:
+                asn1_free_tpl(obj, item->members);
+                break;
+            default:
+                WOLFSSL_MSG("ASN1 type not implemented");
+                break;
         }
     }
-    XFREE(items, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
-/* Offset buf if not NULL or NULL. */
-#define bufLenOrNull(buf, len) (((buf) != NULL) ? ((buf) + (len)) : NULL)
-
-/* Encode X509 algorithm as DER.
- *
- * @param [in]      algor  X509 algorithm object.
- * @param [in, out] buf    Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- * @return  0 on failure.
- */
-static int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* algor, byte* buf)
+static int i2d_asn1_items(const void* obj, byte** buf,
+        const WOLFSSL_ASN1_TEMPLATE* mem)
 {
-    int ret;
-    word32 oid = 0;
-    word32 idx = 0;
-
-    if (algor->algorithm == 0) {
-        WOLFSSL_MSG("X509_ALGOR algorithm not set");
-        ret = 0;
-    }
-    else if (GetObjectId(algor->algorithm->obj, &idx, &oid,
-            (word32)algor->algorithm->grp, algor->algorithm->objSz) < 0) {
-        WOLFSSL_MSG("Issue getting OID of object");
-        ret = 0;
+    int len = 0;
+    int ret = 0;
+    if (mem->sequence) {
+        const WOLFSSL_STACK* sk = (WOLFSSL_STACK *)asn1Mem(obj, mem->offset);
+        int ski; /* stack index */
+        int innerLen = 0;
+        /* Figure out the inner length first */
+        for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
+            ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), NULL);
+            if (ret <= 0)
+                break;
+            innerLen += ret;
+        }
+        if (ret <= 0)
+            return 0;
+        if (buf != NULL && *buf != NULL) {
+            /* Now write it out */
+            int writeLen = 0;
+            *buf += SetSequence((word32)innerLen, *buf);
+            for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
+                ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), buf);
+                if (ret <= 0)
+                    break;
+                writeLen += ret;
+            }
+            if (ret <= 0 || writeLen != innerLen)
+                return 0;
+        }
+        len = (int)SetSequence((word32)innerLen, NULL) + innerLen;
     }
     else {
-        ret = (int)SetAlgoID((int)oid, buf, algor->algorithm->grp, 0);
+        ret = mem->i2d_func(asn1Mem(obj, mem->offset),
+                buf != NULL && *buf != NULL ? buf : NULL);
+        if (ret <= 0)
+            return 0;
+        len = ret;
     }
-
-    return ret;
-}
-
-/* Encode ASN.1 BIT_STRING as DER.
- *
- * @param [in]      bit_str  BIT_STRING object.
- * @param [in, out] buf      Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- */
-static int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bit_str,
-    byte* buf)
-{
-    int len;
-
-    len = (int)SetBitString((word32)bit_str->length, 0, buf);
-    if ((buf != NULL) && (bit_str->data != NULL)) {
-        XMEMCPY(buf + len, bit_str->data, (size_t)bit_str->length);
-    }
-
-    return len + bit_str->length;
-}
-
-/* Encode ASN item as DER.
- *
- * @param [in]      item  Pointer to anonymized ASN item.
- * @param [in, out] buf   Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- * @return  0 on failure.
- */
-static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
-{
-    int len;
-
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            len = wolfSSL_i2d_X509_ALGOR(*(const WOLFSSL_X509_ALGOR**)item,
-                buf);
-            break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            len = wolfSSL_i2d_ASN1_BIT_STRING(
-                *(const WOLFSSL_ASN1_BIT_STRING**)item, buf);
-            break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-        {
-            byte *tmp_buf = buf;
-            len = wolfSSL_i2d_ASN1_INTEGER(
-                *(const WOLFSSL_ASN1_INTEGER**)item, &tmp_buf);
-            if ((buf == NULL) && (tmp_buf != NULL)) {
-                XFREE(tmp_buf, NULL, DYNAMIC_TYPE_ASN1);
-                tmp_buf = NULL;
-            }
-        }
-        break;
-        default:
-            WOLFSSL_MSG("Type not support in processMembers");
-            len = 0;
-    }
-
     return len;
 }
 
@@ -259,7 +249,7 @@ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
+static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
     const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount)
 {
     const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
@@ -270,12 +260,36 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
     WOLFSSL_ENTER("wolfssl_i2d_asn1_items");
 
     for (mem = members, i = 0; i < mcount; mem++, i++) {
-        ret = wolfssl_i2d_asn1_item((void**)(((byte*)src) + mem->offset),
-            mem->type, bufLenOrNull(buf, len));
-        if (ret == 0) {
+        byte* tmp = buf;
+        if (mem->ex && mem->tag >= 0) {
+            /* Figure out the inner length */
+            int innerLen = 0;
+            int hdrLen = 0;
+            ret = i2d_asn1_items(obj, NULL, mem);
+            if (ret <= 0) {
+                len = 0;
+                break;
+            }
+            innerLen = ret;
+            hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0);
+            len += hdrLen;
+            if (buf != NULL)
+                buf += hdrLen;
+        }
+
+        ret = i2d_asn1_items(obj, &buf, mem);
+        if (ret <= 0) {
             len = 0;
             break;
         }
+
+        if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) {
+            byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
+            /* Encode the implicit tag; There's other stuff in the upper bits
+             * of the integer tag, so strip out everything else for value. */
+            SetImplicit(tmp[0], (byte)(mem->tag), 0, imp, 0);
+            tmp[0] = imp[0];
+        }
         len += ret;
     }
 
@@ -292,25 +306,55 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
-    const WOLFSSL_ASN1_ITEM* tpl)
+static int i2d_ASN_SEQUENCE(const void* obj, byte* buf,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     word32 seq_len;
     word32 len = 0;
 
-    seq_len = (word32)wolfssl_i2d_asn1_items(src, NULL, tpl->members,
-        tpl->mcount);
+    seq_len = (word32)wolfssl_i2d_asn1_items(obj, NULL, item->members,
+        item->mcount);
     if (seq_len != 0) {
         len = SetSequence(seq_len, buf);
         if (buf != NULL) {
-            wolfssl_i2d_asn1_items(src, buf + len, tpl->members, tpl->mcount);
+            if (wolfssl_i2d_asn1_items(obj, buf + len, item->members,
+                    item->mcount) > 0)
+                len += seq_len; /* success */
+            else
+                len = 0; /* error */
         }
-        len += seq_len;
+        else
+            len += seq_len;
     }
 
     return (int)len;
 }
 
+static int i2d_ASN_CHOICE(const void* obj, byte* buf,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    size_t i;
+
+    if (asn1Type(obj, item->toffset) < 0)
+        return 0; /* type not set */
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        if (asn1Type(obj, item->toffset) == mem->tag) {
+            return wolfssl_i2d_asn1_items(obj, buf, mem, 1);
+        }
+    }
+    return 0;
+}
+
+static int i2d_ASN_OBJECT_TYPE(const void* obj, byte* buf,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    /* To be able to use wolfssl_i2d_asn1_items without any modifications,
+     * pass in a pointer to obj so that asn1Mem uses the correct pointer. */
+    const void ** obj_pp = &obj;
+    return wolfssl_i2d_asn1_items(obj_pp, buf, item->members, item->mcount);
+}
+
 /* Encode ASN1 template item.
  *
  * @param [in]      src  ASN1 items to encode.
@@ -319,14 +363,20 @@ static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int wolfssl_asn1_item_encode(const void* src, byte* buf,
-    const WOLFSSL_ASN1_ITEM* tpl)
+static int wolfssl_asn1_item_encode(const void* obj, byte* buf,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     int len;
 
-    switch (tpl->type) {
-        case ASN_SEQUENCE:
-            len = i2d_ASN_SEQUENCE(src, buf, tpl);
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            len = i2d_ASN_SEQUENCE(obj, buf, item);
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            len = i2d_ASN_OBJECT_TYPE(obj, buf, item);
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            len = i2d_ASN_CHOICE(obj, buf, item);
             break;
         default:
             WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
@@ -342,10 +392,10 @@ static int wolfssl_asn1_item_encode(const void* src, byte* buf,
  * @param [in, out] dest  Pointer to buffer to encode into. May be NULL.
  * @param [in]      tpl   Template of ASN1 items.
  * @return  Length of DER encoding on success.
- * @return  0 on failure.
+ * @return  WOLFSSL_FATAL_ERROR on failure.
  */
-int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
-    const WOLFSSL_ASN1_ITEM* tpl)
+int wolfSSL_ASN1_item_i2d(const void* obj, byte** dest,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     int ret = 1;
     int len = 0;
@@ -354,35 +404,320 @@ int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
     WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
 
     /* Validate parameters. */
-    if ((src == NULL) || (tpl == NULL)) {
+    if ((obj == NULL) || (item == NULL)) {
         ret = 0;
     }
 
-    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(src, NULL, tpl)) == 0)) {
+    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(obj, NULL, item)) == 0))
         ret = 0;
-    }
 
     if ((ret == 1) && (dest != NULL)) {
         if (*dest == NULL) {
             buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
             if (buf == NULL)
                 ret = 0;
-            *dest = buf;
+        }
+        else
+            buf = *dest;
+
+        if (ret == 1) {
+            len = wolfssl_asn1_item_encode(obj, buf, item);
+            if (len <= 0)
+                ret = 0;
         }
 
         if (ret == 1) {
-            len = wolfssl_asn1_item_encode(src, *dest, tpl);
+            if (*dest == NULL)
+                *dest = buf;
+            else
+                *dest += len;
         }
     }
 
     if (ret == 0) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
-        len = 0;
+        if (*dest == NULL)
+            XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+        len = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
     return len;
 }
 
+static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len)
+{
+    void* ret;
+    const byte* tmp = *src;
+    ret = mem->d2i_func(NULL, &tmp, *len);
+    if (ret == NULL) {
+        WOLFSSL_MSG("d2i error");
+        return NULL;
+    }
+    if (tmp <= *src) {
+        WOLFSSL_MSG("ptr not advanced");
+        mem->free_func(ret); /* never a stack so we can call this directly */
+        return NULL;
+    }
+    *len -= (long)(tmp - *src);
+    *src = tmp;
+    return ret;
+}
+
+static void* d2i_generic_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len)
+{
+    void* ret = NULL;
+    if (mem->sequence) {
+        long skl = 0;
+        int slen = 0;
+        WOLFSSL_STACK* sk = NULL;
+        word32 idx = 0;
+        const byte* tmp = *src;
+        if (GetSequence(tmp, &idx, &slen, (word32)*len) < 0)
+            goto error;
+        skl = (long)slen;
+        tmp += idx;
+        ret = sk = wolfSSL_sk_new_null();
+        while (skl > 0) {
+            void* new_obj = d2i_obj(mem, &tmp, &skl);
+            if (new_obj == NULL) {
+                WOLFSSL_MSG("d2i_obj failed");
+                goto error;
+            }
+            if (wolfSSL_sk_insert(sk, new_obj, -1) <= 0) {
+                mem->free_func(new_obj);
+                WOLFSSL_MSG("push failed");
+                goto error;
+            }
+        }
+        if (skl != 0) {
+            WOLFSSL_MSG("l not zero after sequence");
+            goto error;
+        }
+        *len -= (long)slen;
+        *src = tmp;
+    }
+    else {
+        ret = d2i_obj(mem, src, len);
+    }
+    return ret;
+error:
+    asn1_free_tpl(ret, mem);
+    return NULL;
+}
+
+static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len, byte** impBuf, int* asnLen)
+{
+    if (mem->tag >= 0) {
+        byte tag = 0;
+        word32 idx = 0;
+        if (mem->ex) {
+            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
+                    (byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | mem->tag)
+                        != tag ||
+                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
+                WOLFSSL_MSG("asn tag error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            *len -= idx;
+            *src += idx;
+        }
+        else {
+            /* Underlying d2i functions won't be able to handle the implicit
+             * tag so we substitute it for the expected tag. */
+            if (mem->first_byte == 0) {
+                WOLFSSL_MSG("first byte not set");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
+                    (byte)mem->tag != (tag & ASN_TYPE_MASK) ||
+                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
+                WOLFSSL_MSG("asn tag error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            *asnLen += idx; /* total buffer length */
+            *impBuf = (byte*)XMALLOC(*asnLen, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+            if (*impBuf == NULL) {
+                WOLFSSL_MSG("malloc error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            XMEMCPY(*impBuf, *src, *asnLen);
+            (*impBuf)[0] = mem->first_byte;
+        }
+    }
+    return 0;
+}
+
+static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
+        const byte** src, long* len)
+{
+    int asnLen = -1;
+    const byte *tmp = NULL;
+    void* ret = NULL;
+    byte* impBuf = NULL;
+    long l;
+
+    if (*len <= 0) {
+        WOLFSSL_MSG("buffer too short");
+        return NULL;
+    }
+
+    if (d2i_handle_tags(mem, src, len, &impBuf, &asnLen) != 0) {
+        WOLFSSL_MSG("tags error");
+        goto error;
+    }
+
+    if (impBuf != NULL)
+        tmp = impBuf;
+    else
+        tmp = *src;
+    l = (long)(asnLen >= 0 ? asnLen : *len);
+    ret = d2i_generic_obj(mem, &tmp, &l);
+    if (l < 0) {
+        WOLFSSL_MSG("ptr advanced too far");
+        goto error;
+    }
+    if (impBuf != NULL) {
+        tmp = *src + (tmp - impBuf); /* for the next calculation */
+        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        impBuf = NULL;
+    }
+    if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
+        WOLFSSL_MSG("ptr not advanced enough");
+        goto error;
+    }
+    *len -= (long)(tmp - *src);
+    *src = tmp;
+    return ret;
+error:
+    asn1_free_tpl(ret, mem);
+    if (impBuf != NULL)
+        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return NULL;
+}
+
+static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    int err;
+    word32 idx = 0;
+    int slen = 0;
+    size_t i;
+    const byte* s = *src;
+
+    err = GetSequence(s, &idx, &slen, (word32)len);
+    if (err <= 0) {
+        WOLFSSL_MSG("GetSequence error");
+        return WOLFSSL_FATAL_ERROR;
+    }
+    s += idx;
+    len -= idx;
+
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len);
+        if (asn1Mem(obj, mem->offset) == NULL) {
+            WOLFSSL_MSG("d2i error");
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+    *src = s;
+    return 0;
+}
+
+static int d2i_ASN_CHOICE(void* obj, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    size_t i;
+
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        asn1Mem(obj, mem->offset) = d2i_generic(mem, src, &len);
+        if (asn1Mem(obj, mem->offset) != NULL) {
+            asn1Type(obj, item->toffset) = mem->tag;
+            return 0;
+        }
+    }
+    WOLFSSL_MSG("der does not decode with any CHOICE");
+    return WOLFSSL_FATAL_ERROR;
+}
+
+static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    return d2i_generic(item->members, src, &len);
+}
+
+void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    void* obj = NULL;
+    int err = 0;
+    const byte *tmp;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_item_d2i");
+
+    if (src == NULL || *src == NULL || len <= 0 || item == NULL) {
+        WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", 0);
+        return NULL;
+    }
+
+    tmp = *src;
+
+    /* Create an empty object. */
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+        case WOLFSSL_ASN1_CHOICE:
+            obj = asn1_item_alloc(item);
+            if (obj == NULL)
+                return NULL;
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            /* allocated later */
+            break;
+        default:
+            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
+            return NULL;
+    }
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            err = d2i_ASN_SEQUENCE(obj, &tmp, len, item);
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            err = d2i_ASN_CHOICE(obj, &tmp, len, item);
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item);
+            if (obj == NULL)
+                err = WOLFSSL_FATAL_ERROR;
+            break;
+        default:
+            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
+            err = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+
+    if (err == 0)
+        *src = tmp;
+    else {
+        wolfSSL_ASN1_item_free(obj, item);
+        obj = NULL;
+    }
+
+    if (dst != NULL && obj != NULL) {
+        if (*dst != NULL)
+            wolfSSL_ASN1_item_free(*dst, item);
+        *dst = obj;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", obj != NULL);
+    return obj;
+}
+
 #endif /* OPENSSL_ALL */
 
 #endif /* OPENSSL_EXTRA */
@@ -448,9 +783,6 @@ int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr,
 
     return bit;
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
-
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
 
 /* Grow data to require length.
  *
@@ -465,15 +797,25 @@ static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr,
     int ret = 1;
     byte* tmp;
 
+#ifdef WOLFSSL_NO_REALLOC
+    tmp = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (tmp != NULL && bitStr->data != NULL) {
+       XMEMCPY(tmp, bitStr->data, bitStr->length);
+       XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
+       bitStr->data = NULL;
+    }
+#else
     /* Realloc to length required. */
     tmp = (byte*)XREALLOC(bitStr->data, (size_t)len, NULL,
         DYNAMIC_TYPE_OPENSSL);
+#endif
     if (tmp == NULL) {
         ret = 0;
     }
     else {
         /* Clear out new, top bytes. */
-        XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
+        if (len > bitStr->length)
+            XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
         bitStr->data = tmp;
         bitStr->length = len;
     }
@@ -522,7 +864,99 @@ int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx,
     return ret;
 }
 
-#endif /* OPENSSL_ALL && !NO_CERTS */
+/* Serialize object to DER encoding
+ *
+ * @param bstr Object to serialize
+ * @param pp  Output
+ * @return Length on success
+ *         Negative number on failure
+ */
+int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
+        unsigned char** pp)
+{
+    int len;
+    unsigned char* buf;
+
+    if (bstr == NULL || (bstr->data == NULL && bstr->length != 0))
+        return WOLFSSL_FATAL_ERROR;
+
+    len = (int)SetBitString((word32)bstr->length, 0, NULL) + bstr->length;
+    if (pp != NULL) {
+        word32 idx;
+
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
+        }
+
+        idx = SetBitString((word32)bstr->length, 0, buf);
+        if (bstr->length > 0)
+            XMEMCPY(buf + idx, bstr->data, (size_t)bstr->length);
+
+        if (*pp != NULL)
+            *pp += len;
+        else
+            *pp = buf;
+    }
+
+    return len;
+}
+
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
+        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len)
+{
+    WOLFSSL_ASN1_BIT_STRING* ret = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    word32 idx = 0;
+    byte tag = 0;
+    int length = 0;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_BIT_STRING");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
+        return NULL;
+    if (tag != ASN_BIT_STRING)
+        return NULL;
+    if (GetLength(*src, &idx, &length, (word32)len) < 0)
+        return NULL;
+    if (GetASN_BitString(*src, idx, length) != 0)
+        return NULL;
+    idx++; /* step over unused bits */
+    length--;
+
+    ret = wolfSSL_ASN1_BIT_STRING_new();
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfssl_asn1_bit_string_grow(ret, length) != 1) {
+        wolfSSL_ASN1_BIT_STRING_free(ret);
+        return NULL;
+    }
+
+    XMEMCPY(ret->data, *src + idx, length);
+    *src += idx + (word32)length;
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_ASN1_BIT_STRING_free(*out);
+        *out = ret;
+    }
+#else
+    WOLFSSL_MSG("d2i_ASN1_BIT_STRING needs --enable-asn=template");
+    (void)out;
+    (void)src;
+    (void)len;
+#endif
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 /*******************************************************************************
  * ASN1_INTEGER APIs
@@ -596,7 +1030,7 @@ static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a)
     /* No data, not negative. */
     a->negative = 0;
     /* Set type to positive INTEGER. */
-    a->type = V_ASN1_INTEGER;
+    a->type = WOLFSSL_V_ASN1_INTEGER;
 }
 #endif /* OPENSSL_EXTRA */
 
@@ -659,36 +1093,36 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
  */
 WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
 {
-    WOLFSSL_ASN1_INTEGER* dup = NULL;
+    WOLFSSL_ASN1_INTEGER* dst = NULL;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup");
 
     /* Check for object to duplicate. */
     if (src != NULL) {
         /* Create a new ASN.1 INTEGER object to be copied into. */
-        dup = wolfSSL_ASN1_INTEGER_new();
+        dst = wolfSSL_ASN1_INTEGER_new();
     }
     /* Check for object to copy into. */
-    if (dup != NULL) {
+    if (dst != NULL) {
         /* Copy simple fields. */
-        dup->length   = src->length;
-        dup->negative = src->negative;
-        dup->type     = src->type;
+        dst->length   = src->length;
+        dst->negative = src->negative;
+        dst->type     = src->type;
 
         if (!src->isDynamic) {
             /* Copy over data from/to fixed buffer. */
-            XMEMCPY(dup->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
+            XMEMCPY(dst->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
         }
-        else if (wolfssl_asn1_integer_require_len(dup, src->length, 0) == 0) {
-            wolfSSL_ASN1_INTEGER_free(dup);
-            dup = NULL;
+        else if (wolfssl_asn1_integer_require_len(dst, src->length, 0) == 0) {
+            wolfSSL_ASN1_INTEGER_free(dst);
+            dst = NULL;
         }
         else {
-            XMEMCPY(dup->data, src->data, (size_t)src->length);
+            XMEMCPY(dst->data, src->data, (size_t)src->length);
         }
     }
 
-    return dup;
+    return dst;
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
@@ -701,7 +1135,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
  * @return Negative value when a is less than b.
  * @return 0 when a equals b.
  * @return Positive value when a is greater than b.
- * @return -1 when a or b is NULL.
+ * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  */
 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
     const WOLFSSL_ASN1_INTEGER* b)
@@ -713,11 +1147,11 @@ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
     /* Validate parameters. */
     if ((a == NULL) || (b == NULL)) {
         WOLFSSL_MSG("Bad parameter.");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Negative value < Positive value */
     else if (a->negative && !b->negative) {
-        ret = -1;
+        ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */
     }
     /* Positive value > Negative value */
     else if (!a->negative && b->negative) {
@@ -767,7 +1201,7 @@ static void wolfssl_twos_compl(byte* data, int length)
 
 /* Calculate 2's complement of DER encoding.
  *
- * @param [in]  data    Array that is number.
+ * @param [in|out] data Array that is number.
  * @param [in]  length  Number of bytes in array.
  * @param [out] neg     When NULL, 2's complement data.
  *                      When not NULL, check for negative first and return.
@@ -782,7 +1216,7 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
 
     /* Get length from DER header. */
     if (GetLength(data, &idx, &len, (word32)length) < 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         if (neg != NULL) {
@@ -806,60 +1240,48 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
  * @return  -1 when a is NULL or no data, out is NULL, dynamic memory allocation
  *          fails or encoding length fails.
  */
-int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** out)
+int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp)
 {
-    int ret = 0;
-    byte* buf = NULL;
-
     WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER");
 
     /* Validate parameters. */
-    if ((a == NULL) || (a->data == NULL) || (a->length <= 0) || (out == NULL)) {
+    if (a == NULL || a->data == NULL || a->length <= 0) {
         WOLFSSL_MSG("Bad parameter.");
-        ret = -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    if ((ret == 0) && (*out == NULL)) {
-        /* Allocate buffer to hold encoding. */
-        buf = (unsigned char*)XMALLOC((size_t)a->length, NULL,
-            DYNAMIC_TYPE_ASN1);
-        if (buf == NULL) {
-            WOLFSSL_MSG("Failed to allocate output buffer.");
-            ret = -1;
+    if (pp != NULL) {
+        byte* buf;
+
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
         }
-        /* Return any allocated buffer. */
-        *out = buf;
-    }
-    if (ret == 0) {
+
         /* Copy the data (including tag and length) into output buffer. */
-        XMEMCPY(*out, a->data, (size_t)a->length);
+        XMEMCPY(buf, a->data, (size_t)a->length);
         /* Only magnitude of the number stored (i.e. the sign isn't encoded).
          * The "negative" field is 1 if the value must be interpreted as
          * negative and we need to output the 2's complement of the value in
          * the DER output.
          */
-        if (a->negative) {
-            ret = wolfssl_asn1_int_twos_compl(*out, a->length, NULL);
+        if (a->negative &&
+                wolfssl_asn1_int_twos_compl(buf, a->length, NULL) != 0) {
+            if (*pp == NULL)
+                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+            return WOLFSSL_FATAL_ERROR;
         }
-    }
-    if (ret == 0) {
-        ret = a->length;
-        /* Move pointer on passed encoding when buffer passed in. */
-        if (buf == NULL) {
-            *out += a->length;
-        }
-    }
-    /* Dispose of any dynamically allocated data on error. */
-    else if (buf != NULL) {
-        /* Dispose of buffer allocated locally on error. */
-        XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
-        /* Don't return freed buffer. */
-        *out = NULL;
+
+        if (*pp != NULL)
+            *pp += a->length;
+        else
+            *pp = buf;
     }
 
-    WOLFSSL_LEAVE("wolfSSL_i2d_ASN1_INTEGER", ret);
-
-    return ret;
+    return a->length;
 }
 
 /* Decode DER encoding of ASN.1 INTEGER.
@@ -907,7 +1329,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
     }
     if (!err) {
         /* Set type. */
-        ret->type = V_ASN1_INTEGER;
+        ret->type = WOLFSSL_V_ASN1_INTEGER;
 
         /* Copy DER encoding and length. */
         XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len));
@@ -920,7 +1342,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
     }
     if ((!err) && ret->negative) {
         /* Update type if number was negative. */
-        ret->type |= V_ASN1_NEG_INTEGER;
+        ret->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
     }
 
     if (err) {
@@ -974,7 +1396,8 @@ static int wolfssl_a2i_asn1_integer_clear_to_eol(char* str, int len, int* cont)
     nLen = 1;
     for (i = 0; i < len; i++) {
         /* Check if character is a hexadecimal character. */
-        if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) == ASN_INPUT_E)
+        if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) ==
+            WC_NO_ERR_TRACE(ASN_INPUT_E))
         {
             /* Found end of hexadecimal characters, return count. */
             len = i;
@@ -1078,7 +1501,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
  * @return  0 when bp or a is NULL.
  * @return  0 DER header in data is invalid.
  */
-int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
+int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
 {
     int err = 0;
     word32 idx = 1;     /* Skip ASN.1 INTEGER tag byte. */
@@ -1339,10 +1762,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
         int length;
 
         /* Set type and negative. */
-        a->type = V_ASN1_INTEGER;
+        a->type = WOLFSSL_V_ASN1_INTEGER;
         if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
             a->negative = 1;
-            a->type |= V_ASN1_NEG_INTEGER;
+            a->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
         }
 
         /* Get length in bytes of encoded number. */
@@ -1421,7 +1844,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a)
         /* Create a big number from the DER encoding. */
         bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL);
         if (bn == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret > 0) {
@@ -1471,7 +1894,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
         if (v < 0) {
             /* Set negative and 2's complement the value. */
             a->negative = 1;
-            a->type |= V_ASN1_NEG;
+            a->type |= WOLFSSL_V_ASN1_NEG;
             v = -v;
         }
 
@@ -1694,6 +2117,36 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
     return ret;
 }
 
+int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len,
+        int addHdr)
+{
+    word32 idx = 0;
+
+    if (obj == NULL || der == NULL || len == 0)
+        return WOLFSSL_FAILURE;
+
+    if (addHdr)
+        idx = SetHeader(ASN_OBJECT_ID, (word32)len, NULL, 0);
+
+    if (obj->obj != NULL) {
+        XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
+        obj->obj = NULL;
+        obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
+    }
+
+    obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1);
+    if (obj->obj == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (addHdr)
+        SetHeader(ASN_OBJECT_ID, (word32)len, (byte*)obj->obj, 0);
+
+    XMEMCPY((byte*)obj->obj + idx, der, len);
+    obj->objSz = (unsigned int)(idx + len);
+    obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+    return WOLFSSL_SUCCESS;
+}
+
 /* Creates and ASN.1 OBJECT_ID object from DER encoding.
  *
  * @param [out]     a       Pointer to return new ASN.1 OBJECT_ID through.
@@ -1708,38 +2161,43 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
     const unsigned char **der, long length)
 {
     WOLFSSL_ASN1_OBJECT* ret = NULL;
-    int err = 0;
-    const unsigned char *d;
-    long len = 0;
-    int tag = 0;
-    int cls;
+    int len = 0;
+    word32 idx = 0;
 
     WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
 
     /* Validate parameters. */
     if ((der == NULL) || (*der == NULL) || (length <= 0)) {
         WOLFSSL_MSG("Bad parameter");
-        err = 1;
+        return NULL;
     }
-    if (!err) {
-        /* Get pointer to be modified along the way. */
-        d = *der;
 
-        /* Move d to value and get length and tag. */
-        if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) {
-            WOLFSSL_MSG("wolfSSL_ASN1_get_object error");
-            err = 1;
-        }
+    if (GetASNHeader(*der, ASN_OBJECT_ID, &idx, &len, (word32)length) < 0) {
+        WOLFSSL_MSG("error getting tag");
+        return NULL;
     }
-    /* Check it DER encoding is of an OBJECT_ID. */
-    if ((!err) && (tag != ASN_OBJECT_ID)) {
-        WOLFSSL_MSG("Not an ASN object");
-        err = 1;
+
+    if (len <= 0) {
+        WOLFSSL_MSG("zero length");
+        return NULL;
     }
-    /* Create an ASN.1 OBJECT_ID_object from value. TODO: not DER encoding? */
-    if ((!err) && ((ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len)) != NULL)) {
-        /* Update pointer to after decoded bytes. */
-        *der = d;
+
+    ret = wolfSSL_ASN1_OBJECT_new();
+    if (ret == NULL) {
+        WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
+        return NULL;
+    }
+
+    if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) {
+        wolfSSL_ASN1_OBJECT_free(ret);
+        return NULL;
+    }
+
+    *der += idx + len;
+    if (a != NULL) {
+        if (*a != NULL)
+            wolfSSL_ASN1_OBJECT_free(*a);
+        *a = ret;
     }
 
     return ret;
@@ -1815,7 +2273,6 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
 WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
         const unsigned char **pp, long len)
 {
-    int err = 0;
     WOLFSSL_ASN1_OBJECT* ret = NULL;
 
     WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT");
@@ -1823,40 +2280,29 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
     /* Validate parameters. */
     if ((pp == NULL) || (*pp == NULL) || (len <= 0)) {
         WOLFSSL_MSG("Bad parameter");
-        err = 1;
+        return NULL;
     }
 
     /* Create a new ASN.1 OBJECT_ID object. */
-    if ((!err) && ((ret = wolfSSL_ASN1_OBJECT_new()) == NULL)) {
+    ret = wolfSSL_ASN1_OBJECT_new();
+    if (ret == NULL) {
         WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
-        err = 1;
+        return NULL;
     }
 
-    if (!err) {
-        /* Allocate memory for content octets. */
-        ret->obj = (const unsigned char*)XMALLOC((size_t)len, NULL,
-            DYNAMIC_TYPE_ASN1);
-        if (ret->obj == NULL) {
-            WOLFSSL_MSG("error allocating asn data memory");
-            wolfSSL_ASN1_OBJECT_free(ret);
-            ret = NULL;
-            err = 1;
-        }
+    if (wolfssl_asn1_obj_set(ret, *pp, (word32)len, 1) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfssl_asn1_obj_set error");
+        wolfSSL_ASN1_OBJECT_free(ret);
+        return NULL;
     }
 
-    if (!err) {
-        /* Content octets buffer was dynamically allocated. */
-        ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-        /* Copy in content octets and set size. */
-        XMEMCPY((byte*)ret->obj, *pp, (size_t)len);
-        ret->objSz = (unsigned int)len;
-
-        /* Move pointer to after data copied out. */
-        *pp += len;
-        /* Return ASN.1 OBJECT_ID object through a if required. */
-        if (a != NULL) {
-            *a = ret;
-        }
+    /* Move pointer to after data copied out. */
+    *pp += len;
+    /* Return ASN.1 OBJECT_ID object through a if required. */
+    if (a != NULL) {
+        if (*a != NULL)
+            wolfSSL_ASN1_OBJECT_free(*a);
+        *a = ret;
     }
 
     return ret;
@@ -1910,7 +2356,7 @@ int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
         length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str));
     }
     /* Try getting text version and write it out. */
-    else if ((length = i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
+    else if ((length = wolfSSL_i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
         length = wolfSSL_BIO_write(bp, buf, length);
     }
     /* Look for DER header. */
@@ -1986,16 +2432,9 @@ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
 int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
     WOLFSSL_ASN1_OBJECT* obj)
 {
-    int ret = 0;
-
     WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
 
-    /* Push on when we have a stack and object to work with. */
-    if ((sk != NULL) && (obj != NULL)) {
-        ret = wolfSSL_sk_push(sk, obj);
-    }
-
-    return ret;
+    return wolfSSL_sk_push(sk, obj);
 }
 
 /* Pop off a WOLFSSL_ASN1_OBJECT from the stack.
@@ -2157,7 +2596,7 @@ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1)
  * @return Negative value when a is less than b.
  * @return 0 when a equals b.
  * @return Positive value when a is greater than b.
- * @return -1 when a or b is NULL.
+ * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  */
 int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
     const WOLFSSL_ASN1_STRING *b)
@@ -2167,7 +2606,7 @@ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
 
     /* Validate parameters. */
     if ((a == NULL) || (b == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Compare length of data. */
     else if (a->length != b->length) {
@@ -2223,7 +2662,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
     }
 
     /* Check type of ASN.1 STRING. */
-    if ((ret == 1) && (s->type != V_ASN1_UNIVERSALSTRING)) {
+    if ((ret == 1) && (s->type != WOLFSSL_V_ASN1_UNIVERSALSTRING)) {
         WOLFSSL_MSG("Input is not a universal string");
         ret = 0;
     }
@@ -2257,7 +2696,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
         *copy = '\0';
         /* Update length and type. */
         s->length /= 4;
-        s->type = V_ASN1_PRINTABLESTRING;
+        s->type = WOLFSSL_V_ASN1_PRINTABLESTRING;
     }
 
     return ret;
@@ -2290,7 +2729,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
         len = wolfSSL_ASN1_STRING_length(asn1);
         /* Check data and length are usable. */
         if ((data == NULL) || (len < 0)) {
-            len = -1;
+            len = WOLFSSL_FATAL_ERROR;
         }
     }
     if (len != -1) {
@@ -2298,7 +2737,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
         buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL,
             DYNAMIC_TYPE_OPENSSL);
         if (buf == NULL) {
-            len = -1;
+            len = WOLFSSL_FATAL_ERROR;
         }
     }
     if (len != -1) {
@@ -2312,7 +2751,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
 /* Encode ASN.1 STRING data as hex digits separated by colon.
  *
@@ -2391,7 +2830,155 @@ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
 
     return ret;
 }
-#endif /* OPENSSL_EXTRA */
+
+static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp, byte tag)
+{
+    int idx;
+    int len;
+    unsigned char* out;
+
+    if (s == NULL || s->data == NULL || s->length == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    len = SetHeader(tag, s->length, NULL, 0) + s->length;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    idx = (int)SetHeader(tag, s->length, out, 0);
+    XMEMCPY(out + idx, s->data, s->length);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
+
+int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_GENERALSTRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_GENERALSTRING);
+}
+
+int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OCTET_STRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_OCTET_STRING);
+}
+
+int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_UTF8STRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_UTF8STRING);
+}
+
+int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp)
+{
+    unsigned char* out;
+
+    if (s == NULL || s->data == NULL || s->length == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (pp == NULL)
+        return s->length;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    XMEMCPY(out, s->data, s->length);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += s->length;
+
+    return s->length;
+}
+
+static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len, byte expTag)
+{
+    WOLFSSL_ASN1_STRING* ret = NULL;
+    word32 idx = 0;
+    byte tag = 0;
+    int length = 0;
+
+    WOLFSSL_ENTER("d2i_ASN1_STRING");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
+        return NULL;
+    if (tag != expTag)
+        return NULL;
+    if (GetLength(*src, &idx, &length, (word32)len) < 0)
+        return NULL;
+
+    ret = wolfSSL_ASN1_STRING_new();
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfSSL_ASN1_STRING_set(ret, *src + idx, length) != 1) {
+        wolfSSL_ASN1_STRING_free(ret);
+        return NULL;
+    }
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_ASN1_STRING_free(*out);
+        *out = ret;
+    }
+    *src += idx + length;
+
+    return ret;
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_GENERALSTRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_GENERALSTRING);
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OCTET_STRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_OCTET_STRING);
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_UTF8STRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_UTF8STRING);
+}
+
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 #endif /* NO_ASN */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -2464,7 +3051,7 @@ unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
  * @return  String length on success.
  * @return  0 when asn is NULL or no data set.
  */
-int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
+int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn)
 {
     int len = 0;
 
@@ -2631,10 +3218,10 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
 
     if (ret == 1) {
         switch (asn_in->type) {
-            case MBSTRING_UTF8:
-            case V_ASN1_PRINTABLESTRING:
+            case WOLFSSL_MBSTRING_UTF8:
+            case WOLFSSL_V_ASN1_PRINTABLESTRING:
                 /* Set type to UTF8. */
-                asn_out->type = MBSTRING_UTF8;
+                asn_out->type = WOLFSSL_MBSTRING_UTF8;
                 /* Dispose of any dynamic data already in asn_out. */
                 if (asn_out->isDynamic) {
                     XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -2751,8 +3338,8 @@ const char* wolfSSL_ASN1_tag2str(int tag)
     const char* str = "(unknown)";
 
     /* Clear negative flag. */
-    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) {
-        tag &= ~V_ASN1_NEG;
+    if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
+        tag &= ~WOLFSSL_V_ASN1_NEG;
     }
     /* Check for known basic types. */
     if ((tag >= 0) && (tag <= 30)) {
@@ -2814,7 +3401,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
 
     /* Write out hash character to indicate hex string. */
     if (wolfSSL_BIO_write(bio, hash, 1) != 1) {
-        str_len = -1;
+        str_len = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Check if we are to write out DER header. */
@@ -2826,7 +3413,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
             str_len += 4;
             /* Write out tag and length as hex digits. */
             if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
             }
         }
     }
@@ -2844,7 +3431,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
             str_len += 2;
             /* Write out character as hex digites. */
             if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -2899,7 +3486,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
             str_len++;
             /* Write out escaping character. */
             if (wolfSSL_BIO_write(bio,"\\", 1) != 1) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -2907,7 +3494,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
         str_len++;
         /* Write out character. */
         if (wolfSSL_BIO_write(bio, p, 1) != 1) {
-            str_len = -1;
+            str_len = WOLFSSL_FATAL_ERROR;
             break;
         }
     }
@@ -2938,7 +3525,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
         err = 1;
     }
     /* Check if ASN.1 type is to be printed. */
-    if ((!err) && (flags & ASN1_STRFLGS_SHOW_TYPE)) {
+    if ((!err) && (flags & WOLFSSL_ASN1_STRFLGS_SHOW_TYPE)) {
         /* Print type and colon to BIO. */
         type_len = wolfssl_string_print_type(bio, str);
         if (type_len == 0) {
@@ -2947,12 +3534,12 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
     }
 
     if (!err) {
-        if (flags & ASN1_STRFLGS_DUMP_ALL) {
+        if (flags & WOLFSSL_ASN1_STRFLGS_DUMP_ALL) {
             /* Dump hex. */
             str_len = wolfssl_asn1_string_dump_hex(bio, str,
-                flags & ASN1_STRFLGS_DUMP_DER);
+                flags & WOLFSSL_ASN1_STRFLGS_DUMP_DER);
         }
-        else if (flags & ASN1_STRFLGS_ESC_2253) {
+        else if (flags & WOLFSSL_ASN1_STRFLGS_ESC_2253) {
             /* Print out string with escaping. */
             str_len = wolfssl_asn1_string_print_esc_2253(bio, str);
         }
@@ -2996,9 +3583,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
 void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
 {
     WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free");
-    if (asn1Time != NULL) {
-        XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data));
-    }
+    XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 #ifndef NO_BIO
@@ -3047,7 +3632,7 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
         ret = BAD_FUNC_ARG;
     }
     /* Check type is GENERALIZED TIME. */
-    if ((ret == 1) && (asnTime->type != V_ASN1_GENERALIZEDTIME)) {
+    if ((ret == 1) && (asnTime->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
         WOLFSSL_MSG("Error, not GENERALIZED_TIME");
         ret = 0;
     }
@@ -3238,7 +3823,6 @@ static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t,
  * @param [in]  from  ASN.1 TIME object as start time.
  * @param [in]  to    ASN.1 TIME object as end time.
  * @return  1 on success.
- * @return  0 when days or secs is NULL.
  * @return  0 when conversion of time fails.
  */
 int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
@@ -3248,21 +3832,15 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff");
 
-    /* Validate parameters. */
-    if (days == NULL) {
-        WOLFSSL_MSG("days is NULL");
-        ret = 0;
+    if ((from == NULL) && (to == NULL)) {
+        if (days != NULL) {
+            *days = 0;
+        }
+        if (secs != NULL) {
+            *secs = 0;
+        }
     }
-    if ((ret == 1) && (secs == NULL)) {
-        WOLFSSL_MSG("secs is NULL");
-        ret = 0;
-    }
-
-    if ((ret == 1) && ((from == NULL) && (to == NULL))) {
-        *days = 0;
-        *secs = 0;
-    }
-    else if (ret == 1) {
+    else {
         const long long SECS_PER_DAY = 24 * 60 * 60;
         long long fromSecs;
         long long toSecs = 0;
@@ -3273,8 +3851,13 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
         }
         if (ret == 1) {
             long long diffSecs = toSecs - fromSecs;
-            *days = (int) (diffSecs / SECS_PER_DAY);
-            *secs = (int) (diffSecs - ((long long)*days * SECS_PER_DAY));
+            if (days != NULL) {
+                *days = (int) (diffSecs / SECS_PER_DAY);
+            }
+            if (secs != NULL) {
+                *secs = (int) (diffSecs -
+                        ((long long)(diffSecs / SECS_PER_DAY) * SECS_PER_DAY));
+            }
         }
     }
 
@@ -3413,7 +3996,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
  */
 int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
 {
-    int ret = 1;
+    int ret = WOLFSSL_SUCCESS;
     char buf[MAX_TIME_STRING_SZ];
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
@@ -3421,7 +4004,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
     /* If can convert to human readable then format good. */
     if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
             MAX_TIME_STRING_SZ) == NULL) {
-        ret = 0;
+        ret = WOLFSSL_FAILURE;
     }
 
     return ret;
@@ -3439,7 +4022,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
  */
 int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
 {
-    int ret = 1;
+    int ret = WOLFSSL_SUCCESS;
     int slen = 0;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
@@ -3448,27 +4031,42 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
         WOLFSSL_MSG("Bad parameter");
         ret = 0;
     }
-    if (ret == 1) {
+    if (ret == WOLFSSL_SUCCESS) {
         /* Get length of string including NUL terminator. */
         slen = (int)XSTRLEN(str) + 1;
         if (slen > CTC_DATE_SIZE) {
             WOLFSSL_MSG("Date string too long");
-            ret = 0;
+            ret = WOLFSSL_FAILURE;
         }
     }
-    if ((ret == 1) && (t != NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
         /* Copy in string including NUL terminator. */
         XMEMCPY(t->data, str, (size_t)slen);
         /* Do not include NUL terminator in length. */
         t->length = slen - 1;
         /* Set ASN.1 type based on string length. */
-        t->type = ((slen == ASN_UTC_TIME_SIZE) ? V_ASN1_UTCTIME :
-            V_ASN1_GENERALIZEDTIME);
+        t->type = ((slen == ASN_UTC_TIME_SIZE) ? WOLFSSL_V_ASN1_UTCTIME :
+            WOLFSSL_V_ASN1_GENERALIZEDTIME);
     }
 
     return ret;
 }
 
+int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
+
+    if (t == NULL)
+        ret = WOLFSSL_FAILURE;
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_ASN1_TIME_set_string(t, str);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_ASN1_TIME_check(t);
+    return ret;
+}
+
 /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
  *
  * @param [in]      t    ASN.1 TIME object.
@@ -3489,8 +4087,8 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
         WOLFSSL_MSG("Invalid ASN_TIME value");
     }
     /* Ensure ASN.1 type is one that is supported. */
-    else if ((t->type != V_ASN1_UTCTIME) &&
-             (t->type != V_ASN1_GENERALIZEDTIME)) {
+    else if ((t->type != WOLFSSL_V_ASN1_UTCTIME) &&
+             (t->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
         WOLFSSL_MSG("Invalid ASN_TIME type.");
     }
     /* Check for ASN.1 GENERALIZED TIME object being passed in. */
@@ -3508,15 +4106,18 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
 
     if (ret != NULL) {
         /* Set the ASN.1 type and length of string. */
-        ret->type = V_ASN1_GENERALIZEDTIME;
-        ret->length = ASN_GENERALIZED_TIME_SIZE;
+        ret->type = WOLFSSL_V_ASN1_GENERALIZEDTIME;
+
+        if (t->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
+            ret->length = ASN_GENERALIZED_TIME_SIZE;
 
-        if (t->type == V_ASN1_GENERALIZEDTIME) {
             /* Just copy as data already appropriately formatted. */
             XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
         }
         else {
             /* Convert UTC TIME to GENERALIZED TIME. */
+            ret->length = t->length + 2; /* Add two extra year digits */
+
             if (t->data[0] >= '5') {
                 /* >= 50 is 1900s.  */
                 ret->data[0] = '1'; ret->data[1] = '9';
@@ -3526,7 +4127,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
                 ret->data[0] = '2'; ret->data[1] = '0';
             }
             /* Append rest of the data as it is the same. */
-            XMEMCPY(&ret->data[2], t->data, ASN_UTC_TIME_SIZE);
+            XMEMCPY(&ret->data[2], t->data, t->length);
         }
 
         /* Check for pointer to return result through. */
@@ -3538,6 +4139,33 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
     return ret;
 }
 
+#if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
+WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
+{
+    WOLFSSL_ASN1_TIME* ret = s;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_set");
+
+    if (ret == NULL) {
+        ret = wolfSSL_ASN1_TIME_new();
+        if (ret == NULL)
+            return NULL;
+    }
+
+    ret->length = GetFormattedTime(&t, ret->data, sizeof(ret->data));
+    if (ret->length + 1 != ASN_UTC_TIME_SIZE) {
+        /* Either snprintf error or t can't be represented in UTC format */
+        if (ret != s)
+            wolfSSL_ASN1_TIME_free(ret);
+        ret = NULL;
+    }
+    else {
+        ret->type = WOLFSSL_V_ASN1_UTCTIME;
+    }
+
+    return ret;
+}
+#endif /* !USER_TIME && !TIME_OVERRIDES */
 #endif /* OPENSSL_EXTRA */
 
 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
@@ -3692,7 +4320,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
         /* Zero out values in broken-down time. */
         XMEMSET(tm, 0, sizeof(struct tm));
 
-        if (asnTime->type == V_ASN1_UTCTIME) {
+        if (asnTime->type == WOLFSSL_V_ASN1_UTCTIME) {
             /* Get year from UTC TIME string. */
             int tm_year;
             if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen,
@@ -3702,7 +4330,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
                 i = 2;
             }
         }
-        else if (asnTime->type == V_ASN1_GENERALIZEDTIME) {
+        else if (asnTime->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
             /* Get year from GENERALIZED TIME string. */
             int tm_year;
             if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen,
@@ -3903,7 +4531,7 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
         ret = 0;
     }
     /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */
-    if ((ret == 1) && (a->type != V_ASN1_UTCTIME)) {
+    if ((ret == 1) && (a->type != WOLFSSL_V_ASN1_UTCTIME)) {
         WOLFSSL_MSG("Error, not UTC_TIME");
         ret = 0;
     }
@@ -3955,27 +4583,28 @@ WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
 static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
 {
     switch (at->type) {
-        case V_ASN1_NULL:
+        case WOLFSSL_V_ASN1_NULL:
             break;
-        case V_ASN1_OBJECT:
+        case WOLFSSL_V_ASN1_OBJECT:
             wolfSSL_ASN1_OBJECT_free(at->value.object);
             break;
-        case V_ASN1_UTCTIME:
+        case WOLFSSL_V_ASN1_UTCTIME:
         #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
             wolfSSL_ASN1_TIME_free(at->value.utctime);
         #endif
             break;
-        case V_ASN1_GENERALIZEDTIME:
+        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
         #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
             wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
         #endif
             break;
-        case V_ASN1_UTF8STRING:
-        case V_ASN1_PRINTABLESTRING:
-        case V_ASN1_T61STRING:
-        case V_ASN1_IA5STRING:
-        case V_ASN1_UNIVERSALSTRING:
-        case V_ASN1_SEQUENCE:
+        case WOLFSSL_V_ASN1_UTF8STRING:
+        case WOLFSSL_V_ASN1_OCTET_STRING:
+        case WOLFSSL_V_ASN1_PRINTABLESTRING:
+        case WOLFSSL_V_ASN1_T61STRING:
+        case WOLFSSL_V_ASN1_IA5STRING:
+        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+        case WOLFSSL_V_ASN1_SEQUENCE:
             wolfSSL_ASN1_STRING_free(at->value.asn1_string);
             break;
         default:
@@ -3998,6 +4627,41 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
     XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
+int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+
+    if (at == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    switch (at->type) {
+        case WOLFSSL_V_ASN1_NULL:
+            break;
+        case WOLFSSL_V_ASN1_OBJECT:
+            ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp);
+            break;
+        case WOLFSSL_V_ASN1_UTF8STRING:
+            ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp);
+            break;
+        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
+            ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp);
+            break;
+        case WOLFSSL_V_ASN1_SEQUENCE:
+            ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp);
+            break;
+        case WOLFSSL_V_ASN1_UTCTIME:
+        case WOLFSSL_V_ASN1_PRINTABLESTRING:
+        case WOLFSSL_V_ASN1_T61STRING:
+        case WOLFSSL_V_ASN1_IA5STRING:
+        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+        default:
+            WOLFSSL_MSG("asn1 i2d type not supported");
+            break;
+    }
+
+    return ret;
+}
+
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \
@@ -4006,16 +4670,16 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
  * Set ASN.1 TYPE object with a type and value.
  *
  * Type of value for different types:
- *   V_ASN1_NULL            : Value should be NULL.
- *   V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
- *   V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
- *   V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
- *   V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
- *   V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
- *   V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
- *   V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
- *   V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
- *   V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_NULL            : Value should be NULL.
+ *   WOLFSSL_V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
+ *   WOLFSSL_V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
+ *   WOLFSSL_V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
+ *   WOLFSSL_V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
  *
  * @param [in, out] a      ASN.1 TYPE object to set.
  * @param [in]      type   ASN.1 type of value.
@@ -4025,21 +4689,22 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
 {
     if (a != NULL) {
         switch (type) {
-            case V_ASN1_NULL:
+            case WOLFSSL_V_ASN1_NULL:
                 if (value != NULL) {
                     WOLFSSL_MSG("NULL tag meant to be always empty!");
                     /* No way to return error - value will not be used. */
                 }
                 FALL_THROUGH;
-            case V_ASN1_OBJECT:
-            case V_ASN1_UTCTIME:
-            case V_ASN1_GENERALIZEDTIME:
-            case V_ASN1_UTF8STRING:
-            case V_ASN1_PRINTABLESTRING:
-            case V_ASN1_T61STRING:
-            case V_ASN1_IA5STRING:
-            case V_ASN1_UNIVERSALSTRING:
-            case V_ASN1_SEQUENCE:
+            case WOLFSSL_V_ASN1_OBJECT:
+            case WOLFSSL_V_ASN1_UTCTIME:
+            case WOLFSSL_V_ASN1_GENERALIZEDTIME:
+            case WOLFSSL_V_ASN1_UTF8STRING:
+            case WOLFSSL_V_ASN1_OCTET_STRING:
+            case WOLFSSL_V_ASN1_PRINTABLESTRING:
+            case WOLFSSL_V_ASN1_T61STRING:
+            case WOLFSSL_V_ASN1_IA5STRING:
+            case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+            case WOLFSSL_V_ASN1_SEQUENCE:
                 /* Dispose of any value currently set. */
                 wolfssl_asn1_type_free_value(a);
                 /* Assign anonymously typed input to anonymously typed field. */
@@ -4054,6 +4719,14 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
     }
 }
 
+int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
+{
+    if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL
+            || a->value.ptr != NULL))
+        return a->type;
+    return 0;
+}
+
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */
 
 #endif /* !NO_ASN */
diff --git a/src/ssl_bn.c b/src/ssl_bn.c
index 8a054c807..2d0d29d1f 100644
--- a/src/ssl_bn.c
+++ b/src/ssl_bn.c
@@ -1,6 +1,6 @@
 /* ssl_bn.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,7 +25,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
 #ifndef WC_NO_RNG
     #include <wolfssl/wolfcrypt/random.h>
 #endif
@@ -64,7 +64,7 @@ static int wolfssl_bn_set_neg(WOLFSSL_BIGNUM* bn, int neg)
 
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE)
     else if (neg) {
@@ -102,17 +102,17 @@ int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi)
     /* Validate parameters. */
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else if (mpi == NULL) {
         WOLFSSL_MSG("mpi NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Copy the internal representation into MP integer. */
     if ((ret == 1) && mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
         WOLFSSL_MSG("mp_copy error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -145,7 +145,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
     /* Validate parameters. */
     if ((bn == NULL) || (mpi == NULL)) {
         WOLFSSL_MSG("mpi or bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Allocate a new big number if one not passed in. */
@@ -153,7 +153,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
         a = wolfSSL_BN_new();
         if (a == NULL) {
             WOLFSSL_MSG("wolfssl_bn_set_value alloc failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         *bn = a;
     }
@@ -161,12 +161,12 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
     /* Copy MP integer value into internal representation of big number. */
     if ((ret == 1) && (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY)) {
         WOLFSSL_MSG("mp_copy error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Dispose of any allocated big number on error. */
     if ((ret == -1) && (a != NULL)) {
-        BN_free(a);
+        wolfSSL_BN_free(a);
         *bn = NULL;
     }
     return ret;
@@ -455,7 +455,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
     /* Validate parameters. */
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("NULL bn error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get the length of the encoding. */
@@ -464,7 +464,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
         if ((r != NULL) && (mp_to_unsigned_bin((mp_int*)bn->internal, r) !=
                 MP_OKAY)) {
             WOLFSSL_MSG("mp_to_unsigned_bin error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
     WOLFSSL_ENTER("wolfSSL_BN_bin2bn");
 
     /* Validate parameters. */
-    if ((data == NULL) || (len < 0)) {
+    if (len < 0) {
         ret = NULL;
     }
     /* Allocate a new big number when ret is NULL. */
@@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
         if (ret->internal == NULL) {
             ret = NULL;
         }
-        else {
+        else if (data != NULL) {
             /* Decode into big number. */
             if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
                     != 0) {
@@ -516,10 +516,15 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
                 ret = NULL;
             }
             else {
-                /* Don't free bn as we may be returning it. */
+                /* Don't free bn as we are returning it. */
                 bn = NULL;
             }
         }
+        else if (data == NULL) {
+            wolfSSL_BN_zero(ret);
+            /* Don't free bn as we are returning it. */
+            bn = NULL;
+        }
     }
 
     /* Dispose of allocated BN not being returned. */
@@ -1129,8 +1134,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
             ret = 0;
         }
         else {
-            /* NULL less than not NULL. */
-            ret = -1;
+            ret = -1; /* NULL less than not NULL. */
         }
     }
     else if (bIsNull) {
@@ -1147,9 +1151,12 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
         else if (ret == MP_GT) {
             ret = 1;
         }
-        else {
+        else if (ret == MP_LT) {
             ret = -1;
         }
+        else {
+            ret = WOLFSSL_FATAL_ERROR; /* also -1 */
+        }
     }
 
     return ret;
@@ -1266,105 +1273,139 @@ int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
  * Word operation APIs.
  ******************************************************************************/
 
-/* Add/subtract a word to/from a big number.
+enum BN_WORD_OP {
+    BN_WORD_ADD = 0,
+    BN_WORD_SUB = 1,
+    BN_WORD_MUL = 2,
+    BN_WORD_DIV = 3,
+    BN_WORD_MOD = 4
+};
+
+/* Helper function for word operations.
  *
- * Internal function for adding/subtracting an unsigned long from a
- * WOLFSSL_BIGNUM. To add, pass "sub" as 0. To subtract, pass it as 1.
- *
- * @param [in, out] bn   Big number to operate on.
- * @param [in]      w    Word to operate with.
- * @param [in]      sub  Indicates whether operation to perform is a subtract.
+ * @param [in, out] bn  Big number to operate on.
+ * @param [in]      w   Word to operate with.
+ * @param [in]      op  Operation to perform. See BN_WORD_OP for valid values.
+ * @param [out]     mod_res Result of the modulo operation.
  * @return  1 on success.
- * @return  0 in failure.
+ * @return  0 on failure.
  */
-static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
-    int sub)
+static int bn_word_helper(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
+        enum BN_WORD_OP op, WOLFSSL_BN_ULONG* mod_res)
 {
     int ret = 1;
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-#ifdef WOLFSSL_SMALL_STACK
-    mp_int* w_mp = NULL;
-#else
-    mp_int w_mp[1];
-#endif /* WOLFSSL_SMALL_STACK */
-#endif
 
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-#ifdef WOLFSSL_SMALL_STACK
-    /* Allocate temporary MP integer. */
-    w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (w_mp == NULL) {
-        ret = 0;
-    }
-    else
-#endif /* WOLFSSL_SMALL_STACK */
-    {
-        /* Clear out MP integer so it can be freed. */
-        XMEMSET(w_mp, 0, sizeof(*w_mp));
-    }
-#endif
+    WOLFSSL_ENTER("bn_word_helper");
 
     /* Validate parameters. */
-    if (BN_IS_NULL(bn)) {
+    if (ret == 1 && BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
         ret = 0;
     }
 
     if (ret == 1) {
-        int rc = 0;
+        int rc = MP_OKAY;
 #if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
+        /* When input 'w' is greater than what can be stored in one digit */
         if (w > (WOLFSSL_BN_ULONG)MP_MASK) {
-            /* Initialize temporary MP integer. */
-            if (mp_init(w_mp) != MP_OKAY) {
+            DECL_MP_INT_SIZE_DYN(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT,
+                                       sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT);
+            NEW_MP_INT_SIZE(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef MP_INT_SIZE_CHECK_NULL
+            if (w_mp == NULL) {
+                WOLFSSL_MSG("NEW_MP_INT_SIZE error");
                 ret = 0;
             }
-            /* Set value into temporary MP integer. */
-            if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) {
+#endif
+            if (ret == 1 && mp_set_int(w_mp, w) != MP_OKAY) {
+                WOLFSSL_MSG("mp_set_int error");
                 ret = 0;
             }
             if (ret == 1) {
-                if (sub) {
-                    /* Subtract as MP integer. */
-                    rc = mp_sub((mp_int *)bn->internal, w_mp,
-                        (mp_int *)bn->internal);
-                }
-                else {
-                    /* Add as MP integer. */
-                    rc = mp_add((mp_int *)bn->internal, w_mp,
-                        (mp_int *)bn->internal);
-                }
-                if (rc != MP_OKAY) {
-                    WOLFSSL_MSG("mp_add/sub error");
-                    ret = 0;
+                switch (op) {
+                    case BN_WORD_ADD:
+                        rc = mp_add((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal);
+                        break;
+                    case BN_WORD_SUB:
+                        rc = mp_sub((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal);
+                        break;
+                    case BN_WORD_MUL:
+                        rc = mp_mul((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal);
+                        break;
+                    case BN_WORD_DIV:
+                        rc = mp_div((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal, NULL);
+                        break;
+                    case BN_WORD_MOD:
+                        rc = mp_mod((mp_int*) bn->internal, w_mp,
+                                w_mp);
+                        if (rc == MP_OKAY && mod_res != NULL)
+                            *mod_res = wolfssl_bn_get_word_1(w_mp);
+                        break;
+                    default:
+                        rc = WOLFSSL_NOT_IMPLEMENTED;
+                        break;
                 }
             }
+            FREE_MP_INT_SIZE(w_mp, NULL, DYNAMIC_TYPE_RSA);
         }
         else
 #endif
         {
-            if (sub) {
-                /* Subtract word from MP integer. */
-                rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w,
-                    (mp_int*)bn->internal);
-            }
-            else {
-                /* Add word from MP integer. */
-                rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w,
-                    (mp_int*)bn->internal);
-            }
-            if (rc != MP_OKAY) {
-                WOLFSSL_MSG("mp_add/sub_d error");
-                ret = 0;
+            switch (op) {
+                case BN_WORD_ADD:
+                    rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal);
+                    break;
+                case BN_WORD_SUB:
+                    rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal);
+                    break;
+                case BN_WORD_MUL:
+                    rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal);
+                    break;
+                case BN_WORD_DIV:
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+/* copied from sp_int.h */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
+    defined(WC_MP_TO_RADIX)
+                    rc = mp_div_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal, NULL);
+#else
+                    rc = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+#else
+                    rc = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+                    break;
+                case BN_WORD_MOD:
+                    {
+                        mp_digit _mod_res;
+                        rc = mp_mod_d((mp_int*) bn->internal, (mp_digit) w,
+                                &_mod_res);
+                        if (rc == MP_OKAY && mod_res != NULL)
+                            *mod_res = (WOLFSSL_BN_ULONG)_mod_res;
+                    }
+                    break;
+                default:
+                    rc = WOLFSSL_NOT_IMPLEMENTED;
+                    break;
             }
         }
+        if (ret == 1 && rc != MP_OKAY) {
+            WOLFSSL_MSG("mp word operation error or not implemented");
+            ret = 0;
+        }
     }
 
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-    mp_free(w_mp);
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* WOLFSSL_SMALL_STACK */
-#endif
+    WOLFSSL_LEAVE("bn_word_helper", ret);
+
     return ret;
 }
 
@@ -1383,7 +1424,7 @@ int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
 
     WOLFSSL_ENTER("wolfSSL_BN_add_word");
 
-    ret = wolfssl_bn_add_word_int(bn, w, 0);
+    ret = bn_word_helper(bn, w, BN_WORD_ADD, NULL);
 
     WOLFSSL_LEAVE("wolfSSL_BN_add_word", ret);
 
@@ -1405,13 +1446,40 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
 
     WOLFSSL_ENTER("wolfSSL_BN_sub_word");
 
-    ret = wolfssl_bn_add_word_int(bn, w, 1);
+    ret = bn_word_helper(bn, w, BN_WORD_SUB, NULL);
 
     WOLFSSL_LEAVE("wolfSSL_BN_sub_word", ret);
 
     return ret;
 }
 
+int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_BN_mul_word");
+
+    ret = bn_word_helper(bn, w, BN_WORD_MUL, NULL);
+
+    WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret);
+
+    return ret;
+}
+
+
+int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_BN_div_word");
+
+    ret = bn_word_helper(bn, w, BN_WORD_DIV, NULL);
+
+    WOLFSSL_LEAVE("wolfSSL_BN_div_word", ret);
+
+    return ret;
+}
+
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
     !defined(NO_DSA))
 /* Calculate bn modulo word w. bn % w
@@ -1424,70 +1492,16 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
 WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
     WOLFSSL_BN_ULONG w)
 {
-    WOLFSSL_BN_ULONG ret = 0;
+    int ret;
+    WOLFSSL_BN_ULONG res = 0;
 
     WOLFSSL_ENTER("wolfSSL_BN_mod_word");
 
-    /* Validate parameters. */
-    if (BN_IS_NULL(bn)) {
-        WOLFSSL_MSG("bn NULL error");
-        ret = (WOLFSSL_BN_ULONG)-1;
-    }
+    ret = bn_word_helper(bn, w, BN_WORD_MOD, &res);
 
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-    if ((ret == 0) && (w > (WOLFSSL_BN_ULONG)MP_MASK)) {
-        /* TODO: small stack */
-        mp_int w_mp;
-        mp_int r_mp;
+    WOLFSSL_LEAVE("wolfSSL_BN_mod_word", ret);
 
-        /* Memset MP integers to be safe to free. */
-        XMEMSET(&w_mp, 0, sizeof(w_mp));
-        XMEMSET(&r_mp, 0, sizeof(r_mp));
-
-        /* Initialize MP integer to hold word. */
-        if (mp_init(&w_mp) != MP_OKAY) {
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        /* Initialize MP integer to hold result word. */
-        if ((ret == 0) && (mp_init(&r_mp) != MP_OKAY)) {
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        /* Set modulus word into MP integer. */
-        if ((ret == 0) && (mp_set_int(&w_mp, w) != MP_OKAY)) {
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        /* Calculate modulus result. */
-        if ((ret == 0) && (mp_mod((mp_int *)bn->internal, &w_mp, &r_mp) !=
-                MP_OKAY)) {
-            WOLFSSL_MSG("mp_mod error");
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        if (ret == 0) {
-            /* Get modulus result into an unsigned long. */
-            ret = wolfssl_bn_get_word_1(&r_mp);
-        }
-
-        /* Dispose of dynamically allocated data. */
-        mp_free(&r_mp);
-        mp_free(&w_mp);
-    }
-    else
-#endif
-    if (ret == 0) {
-        mp_digit mp_ret;
-
-        /* Calculate modulus result using wolfCrypt. */
-        if (mp_mod_d((mp_int*)bn->internal, (mp_digit)w, &mp_ret) != MP_OKAY) {
-            WOLFSSL_MSG("mp_add_d error");
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        else {
-            /* Return result. */
-            ret = (WOLFSSL_BN_ULONG)mp_ret;
-        }
-    }
-
-    return ret;
+    return ret == 1 ? res : (WOLFSSL_BN_ULONG)-1;
 }
 #endif /* WOLFSSL_KEY_GEN && (!NO_RSA || !NO_DH || !NO_DSA) */
 
@@ -2268,18 +2282,18 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks,
 
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Create a new RNG or use global. */
     if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if ((ret == 1) && (mp_prime_is_prime_ex((mp_int*)bn->internal, checks, &res,
             rng) != MP_OKAY)) {
         WOLFSSL_MSG("mp_prime_is_prime_ex error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (localRng) {
@@ -2303,7 +2317,8 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks,
  * Print APIs
  ******************************************************************************/
 
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+    defined(XFPRINTF)
 /* Print big number to file pointer.
  *
  * Return code compliant with OpenSSL.
@@ -2347,65 +2362,77 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
 }
 #endif /* !NO_FILESYSTEM && XFPRINTF */
 
+#ifndef NO_WOLFSSL_BN_CTX
 /*******************************************************************************
  * BN_CTX APIs
  ******************************************************************************/
 
-/* Allocate and return a new BN context object.
+/* Create a new BN context object.
  *
- * BN context not needed for operations.
- *
- * @return  Pointer to dummy object.
+ * @return  BN context object on success.
+ * @return  NULL on failure.
  */
 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
 {
-    /* wolfcrypt doesn't need BN context. */
-    static int ctx;
+    WOLFSSL_BN_CTX* ctx = NULL;
+
     WOLFSSL_ENTER("wolfSSL_BN_CTX_new");
-    return (WOLFSSL_BN_CTX*)&ctx;
-}
+    ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ctx != NULL) {
+        XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX));
+    }
 
-/* Initialize a BN context object.
- *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
- */
-void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
-{
-    (void)ctx;
-    WOLFSSL_ENTER("wolfSSL_BN_CTX_init");
+    return ctx;
 }
 
-
 /* Free a BN context object.
  *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
+ * @param [in] ctx  BN context object.
  */
 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
 {
-    (void)ctx;
     WOLFSSL_ENTER("wolfSSL_BN_CTX_free");
-    /* Don't do anything since using dummy, static BN context. */
+    if (ctx != NULL) {
+        while (ctx->list != NULL) {
+            struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list;
+            ctx->list = ctx->list->next;
+            wolfSSL_BN_free(tmp->bn);
+            XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
 }
 
-/* Get a big number based on the BN context.
+/* Get a big number from the BN context.
  *
- * @param [in] ctx  BN context. Not used.
+ * @param [in] ctx  BN context object.
  * @return  Big number on success.
  * @return  NULL on failure.
  */
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
 {
-    /* ctx is not used - returning a new big number. */
-    (void)ctx;
+    WOLFSSL_BIGNUM* bn = NULL;
 
     WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+    if (ctx != NULL) {
+        struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC(
+                sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL);
+        if (node != NULL) {
+            XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST));
+            bn = node->bn = wolfSSL_BN_new();
+            if (node->bn != NULL) {
+                node->next = ctx->list;
+                ctx->list = node;
+            }
+            else {
+                XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
+                node = NULL;
+            }
+        }
+    }
 
-    /* Return a new big number. */
-    return wolfSSL_BN_new();
+    return bn;
 }
 
 #ifndef NO_WOLFSSL_STUB
@@ -2425,6 +2452,75 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
 }
 #endif
 
+#endif /* NO_WOLFSSL_BN_CTX */
+
+/*******************************************************************************
+ * BN_MONT_CTX APIs
+ ******************************************************************************/
+
+WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void)
+{
+    /* wolfcrypt doesn't need BN MONT context. */
+    static int mont;
+    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_new");
+    return (WOLFSSL_BN_MONT_CTX*)&mont;
+}
+
+void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont)
+{
+    (void)mont;
+    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_free");
+    /* Don't do anything since using dummy, static BN context. */
+}
+
+int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont,
+        const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx)
+{
+    (void) mont;
+    (void) mod;
+    (void) ctx;
+    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_set");
+    return WOLFSSL_SUCCESS;
+}
+
+/* Calculate r = a ^ p % m.
+ *
+ * @param [out] r    Big number to store the result.
+ * @param [in]  a    Base as an unsigned long.
+ * @param [in]  p    Exponent as a big number.
+ * @param [in]  m    Modulus as a big number.
+ * @param [in]  ctx  BN context object. Unused.
+ * @param [in]  mont Montgomery context object. Unused.
+ *
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r, WOLFSSL_BN_ULONG a,
+        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx,
+        WOLFSSL_BN_MONT_CTX *mont)
+{
+    WOLFSSL_BIGNUM* tmp = NULL;
+    int ret = WOLFSSL_SUCCESS;
+
+    (void)mont;
+    WOLFSSL_ENTER("wolfSSL_BN_mod_exp_mont_word");
+
+    if (ret == WOLFSSL_SUCCESS && (tmp = wolfSSL_BN_new()) == NULL) {
+        WOLFSSL_MSG("wolfSSL_BN_new failed");
+        ret = WOLFSSL_FAILURE;
+    }
+    if (ret == WOLFSSL_SUCCESS && (wolfSSL_BN_set_word(tmp, (unsigned long)a))
+                                   == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+        WOLFSSL_MSG("wolfSSL_BN_set_word failed");
+        ret = WOLFSSL_FAILURE;
+    }
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_BN_mod_exp(r, tmp, p, m, ctx);
+
+    wolfSSL_BN_free(tmp);
+    return ret;
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #endif /* !WOLFSSL_SSL_BN_INCLUDED */
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index 65a6c5599..f1dd6d00b 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1,6 +1,6 @@
 /* ssl_certman.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,7 +25,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
 
 #if !defined(WOLFSSL_SSL_CERTMAN_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -42,33 +42,34 @@
  * @return  A TLS method on success.
  * @return  NULL when no TLS method built into wolfSSL.
  */
-static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
+static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
 {
+    (void)heap;
     #ifndef NO_WOLFSSL_CLIENT
         #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
-            return wolfSSLv3_client_method();
+            return wolfSSLv3_client_method_ex(heap);
         #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
-            return wolfTLSv1_client_method();
+            return wolfTLSv1_client_method_ex(heap);
         #elif !defined(NO_OLD_TLS)
-            return wolfTLSv1_1_client_method();
+            return wolfTLSv1_1_client_method_ex(heap);
         #elif !defined(WOLFSSL_NO_TLS12)
-            return wolfTLSv1_2_client_method();
+            return wolfTLSv1_2_client_method_ex(heap);
         #elif defined(WOLFSSL_TLS13)
-            return wolfTLSv1_3_client_method();
+            return wolfTLSv1_3_client_method_ex(heap);
         #else
             return NULL;
         #endif
     #elif !defined(NO_WOLFSSL_SERVER)
         #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
-            return wolfSSLv3_server_method();
+            return wolfSSLv3_server_method_ex(heap);
         #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
-            return wolfTLSv1_server_method();
+            return wolfTLSv1_server_method_ex(heap);
         #elif !defined(NO_OLD_TLS)
-            return wolfTLSv1_1_server_method();
+            return wolfTLSv1_1_server_method_ex(heap);
         #elif !defined(WOLFSSL_NO_TLS12)
-            return wolfTLSv1_2_server_method();
+            return wolfTLSv1_2_server_method_ex(heap);
         #elif defined(WOLFSSL_TLS13)
-            return wolfTLSv1_3_server_method();
+            return wolfTLSv1_3_server_method_ex(heap);
         #else
             return NULL;
         #endif
@@ -89,11 +90,22 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
     WOLFSSL_CERT_MANAGER* cm;
 
     WOLFSSL_ENTER("wolfSSL_CertManagerNew");
+    if (heap == NULL) {
+         WOLFSSL_MSG("heap param is null");
+    }
+    else {
+        /* Some systems may have heap in unexpected segments. (IRAM vs DRAM) */
+        WOLFSSL_MSG_EX("heap param = %p", heap);
+    }
+    WOLFSSL_MSG_EX("DYNAMIC_TYPE_CERT_MANAGER Allocating = %d bytes",
+                    (word32)sizeof(WOLFSSL_CERT_MANAGER));
 
     /* Allocate memory for certificate manager. */
     cm = (WOLFSSL_CERT_MANAGER*)XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
         DYNAMIC_TYPE_CERT_MANAGER);
     if (cm == NULL) {
+        WOLFSSL_MSG_EX("XMALLOC failed to allocate WOLFSSL_CERT_MANAGER %d "
+                    "bytes.", (int)sizeof(WOLFSSL_CERT_MANAGER));
         err = 1;
     }
     if (!err) {
@@ -130,14 +142,12 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
     #ifdef HAVE_ECC
         cm->minEccKeySz = MIN_ECCKEY_SZ;
     #endif
-    #ifdef HAVE_PQC
     #ifdef HAVE_FALCON
         cm->minFalconKeySz = MIN_FALCONKEY_SZ;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
         cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
     #endif /* HAVE_DILITHIUM */
-    #endif /* HAVE_PQC */
 
         /* Set heap hint to use in certificate manager operations. */
         cm->heap = heap;
@@ -389,7 +399,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
         }
 
         /* Decode certificate. */
-        if ((!err) && (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS)) {
+        if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) {
             wolfSSL_X509_free(x509);
             err = 1;
         }
@@ -446,6 +456,48 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
+static int wolfSSL_CertManagerUnloadIntermediateCertsEx(
+                                WOLFSSL_CERT_MANAGER* cm, byte type)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx");
+
+    /* Validate parameter. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Lock CA table. */
+    if ((ret == WOLFSSL_SUCCESS) && (wc_LockMutex(&cm->caLock) != 0)) {
+        ret = BAD_MUTEX_E;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Dispose of CA table. */
+        FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type,
+                cm->heap);
+
+        /* Unlock CA table. */
+        wc_UnLockMutex(&cm->caLock);
+    }
+
+    return ret;
+}
+
+#if defined(OPENSSL_EXTRA)
+static int wolfSSL_CertManagerUnloadTempIntermediateCerts(
+    WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts");
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA);
+}
+#endif
+
+int wolfSSL_CertManagerUnloadIntermediateCerts(
+    WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA);
+}
 
 #ifdef WOLFSSL_TRUST_PEER_CERT
 /* Unload the trusted peers table.
@@ -513,8 +565,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
         ret = WOLFSSL_FATAL_ERROR;
     }
     /* Allocate a temporary WOLFSSL_CTX to load with. */
-    if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
-            == NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && ((tmp =
+        wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
         WOLFSSL_MSG("CTX new failed");
         ret = WOLFSSL_FATAL_ERROR;
     }
@@ -573,7 +625,19 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
         cm->verifyCallback = vc;
     }
 }
-#endif /* NO_WOLFSSL_CM_VERIFY */
+#endif /* !NO_WOLFSSL_CM_VERIFY */
+
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
+        wc_UnknownExtCallback cb)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetUnknownExtCallback");
+    if (cm != NULL) {
+        cm->unknownExtCallback = cb;
+    }
+
+}
+#endif /* WC_ASN_UNKNOWN_EXT_CB */
 
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 /* Verify the certificate.
@@ -643,9 +707,14 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
         /* Create a decoded certificate with DER buffer. */
         InitDecodedCert(cert, buff, (word32)sz, cm->heap);
 
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+        if (cm->unknownExtCallback != NULL)
+            wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
+#endif
+
         /* Parse DER into decoded certificate fields and verify signature
          * against a known CA. */
-        ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm);
+        ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm, NULL);
      }
 
 #ifdef HAVE_CRL
@@ -876,8 +945,8 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
         ret = WOLFSSL_FATAL_ERROR;
     }
     /* Create temporary WOLFSSL_CTX. */
-    if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method()))
-            == NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && ((tmp =
+        wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) {
         WOLFSSL_MSG("CTX new failed");
         ret = WOLFSSL_FATAL_ERROR;
     }
@@ -1331,9 +1400,7 @@ int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
                 ret = FWRITE_ERROR;
             }
         }
-        if (mem != NULL) {
-            XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
         /* Unlock CA table. */
         wc_UnLockMutex(&cm->caLock);
@@ -1764,7 +1831,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
             InitDecodedCert(cert, der, (word32)sz, NULL);
 
             /* Parse certificate and perform CRL checks. */
-            ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm);
+            ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm, NULL);
             if (ret != 0) {
                 WOLFSSL_MSG("ParseCert failed");
             }
@@ -1809,6 +1876,61 @@ int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
     return ret;
 }
 
+int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, crlErrorCb cb,
+                                      void* ctx)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
+
+    /* Validate parameters. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Store callback. */
+        cm->crlCb = cb;
+        cm->crlCbCtx = ctx;
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_CRL_UPDATE_CB
+int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
+    const byte* buff, long sz, int type)
+{
+    return GetCRLInfo(cm->crl, info, buff, sz, type);
+}
+
+/* Set the callback to be called when a CRL entry has
+ * been updated (new entry had the same issuer hash and
+ * a newer CRL number).
+ *
+ * @param [in] cm  Certificate manager.
+ * @param [in] cb  CRL update callback.
+ * @return  WOLFSSL_SUCCESS on success.
+ * @return  BAD_FUNC_ARG when cm is NULL.
+ */
+int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, CbUpdateCRL cb)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetCRLUpdate_Cb");
+
+    /* Validate parameters. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Store callback. */
+        cm->cbUpdateCRL = cb;
+    }
+
+    return ret;
+}
+#endif
+
 #ifdef HAVE_CRL_IO
 /* Set the CRL I/O callback.
  *
@@ -2236,7 +2358,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
             InitDecodedCert(cert, der, (word32)sz, NULL);
 
             /* Parse certificate and perform CRL checks. */
-            ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm);
+            ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL);
             if (ret != 0) {
                 WOLFSSL_MSG("ParseCert failed");
             }
diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c
index 3c73b88f5..59e4db57f 100644
--- a/src/ssl_crypto.c
+++ b/src/ssl_crypto.c
@@ -1,6 +1,6 @@
 /* ssl_crypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,13 +45,12 @@
 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
 {
     /* Ensure WOLFSSL_MD4_CTX is big enough for wolfCrypt Md4. */
-    typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
-    (void)sizeof(ok);
+    WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, wc_Md4);
 
     WOLFSSL_ENTER("MD4_Init");
 
     /* Initialize wolfCrypt MD4 object. */
-    wc_InitMd4((Md4*)md4);
+    wc_InitMd4((wc_Md4*)md4);
 }
 
 /* Update MD4 hash with data.
@@ -66,7 +65,7 @@ void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
     WOLFSSL_ENTER("MD4_Update");
 
     /* Update wolfCrypt MD4 object with data. */
-    wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
+    wc_Md4Update((wc_Md4*)md4, (const byte*)data, (word32)len);
 }
 
 /* Finalize MD4 hash and return output.
@@ -80,7 +79,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
     WOLFSSL_ENTER("MD4_Final");
 
     /* Finalize wolfCrypt MD4 hash into digest. */
-    wc_Md4Final((Md4*)md4, digest);
+    wc_Md4Final((wc_Md4*)md4, digest);
 }
 
 #endif /* NO_MD4 */
@@ -97,8 +96,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
 int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
 {
     /* Ensure WOLFSSL_MD5_CTX is big enough for wolfCrypt wc_Md5. */
-    typedef char md5_test[sizeof(WOLFSSL_MD5_CTX) >= sizeof(wc_Md5) ? 1 : -1];
-    (void)sizeof(md5_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_MD5_CTX, wc_Md5);
 
     WOLFSSL_ENTER("MD5_Init");
 
@@ -212,8 +210,7 @@ unsigned char* wolfSSL_MD5(const unsigned char* data, size_t len,
 int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
 {
     /* Ensure WOLFSSL_SHA_CTX is big enough for wolfCrypt wc_Sha. */
-    typedef char sha_test[sizeof(WOLFSSL_SHA_CTX) >= sizeof(wc_Sha) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA_CTX, wc_Sha);
 
     WOLFSSL_ENTER("SHA_Init");
 
@@ -296,7 +293,7 @@ int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
 {
     WOLFSSL_ENTER("SHA1_Init");
 
-    return SHA_Init(sha);
+    return wolfSSL_SHA_Init(sha);
 }
 
 
@@ -313,7 +310,7 @@ int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
 {
     WOLFSSL_ENTER("SHA1_Update");
 
-    return SHA_Update(sha, input, sz);
+    return wolfSSL_SHA_Update(sha, input, sz);
 }
 
 /* Finalize SHA-1 hash and return output.
@@ -328,7 +325,7 @@ int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha)
 {
     WOLFSSL_ENTER("SHA1_Final");
 
-    return SHA_Final(output, sha);
+    return wolfSSL_SHA_Final(output, sha);
 }
 
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
@@ -362,8 +359,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data)
 int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224)
 {
     /* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */
-    typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(wc_Sha224) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA224_CTX, wc_Sha224);
 
     WOLFSSL_ENTER("SHA224_Init");
 
@@ -422,8 +418,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224)
 int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
 {
     /* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */
-    typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA256_CTX, wc_Sha256);
 
     WOLFSSL_ENTER("SHA256_Init");
 
@@ -512,8 +507,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
 int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384)
 {
     /* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */
-    typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA384_CTX, wc_Sha384);
 
     WOLFSSL_ENTER("SHA384_Init");
 
@@ -572,8 +566,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384)
 int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512)
 {
     /* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */
-    typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA512_CTX, wc_Sha512);
 
     WOLFSSL_ENTER("SHA512_Init");
 
@@ -809,8 +802,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224)
 {
     /* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_224_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_224_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_224_Init");
 
@@ -869,8 +861,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3)
 int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256)
 {
     /* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_256_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_256_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_256_Init");
 
@@ -929,8 +920,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3)
 int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384)
 {
     /* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_384_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_384_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_384_Init");
 
@@ -989,8 +979,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3)
 int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512)
 {
     /* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_512_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_512_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_512_Init");
 
@@ -1733,7 +1722,7 @@ const WOLFSSL_EVP_MD* wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX* ctx)
  * @return  0 on failure.
  */
 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz,
-    const EVP_MD* type, WOLFSSL_ENGINE* e)
+    const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE* e)
 {
     WOLFSSL_ENTER("wolfSSL_HMAC_Init_ex");
 
@@ -1757,7 +1746,7 @@ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz,
  * @return  0 on failure.
  */
 int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
-    const EVP_MD* type)
+    const WOLFSSL_EVP_MD* type)
 {
     int ret = 1;
     void* heap = NULL;
@@ -1966,7 +1955,7 @@ int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
  * @return  NULL on failure.
  */
 unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
-    int key_len, const unsigned char* data, int len, unsigned char* md,
+    int key_len, const unsigned char* data, size_t len, unsigned char* md,
     unsigned int* md_len)
 {
     unsigned char* ret = NULL;
@@ -2000,7 +1989,7 @@ unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
 #endif
     if (rc == 0)  {
         /* Get the HMAC output length. */
-        hmacLen = wolfssl_mac_len((unsigned char)type);
+        hmacLen = (int)wolfssl_mac_len((unsigned char)type);
         /* 0 indicates the digest is not supported. */
         if (hmacLen == 0) {
             rc = BAD_FUNC_ARG;
@@ -2009,16 +1998,16 @@ unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
     /* Initialize the wolfSSL HMAC object. */
     if ((rc == 0) && (wc_HmacInit(hmac, heap, INVALID_DEVID) == 0)) {
         /* Set the key into the wolfSSL HMAC object. */
-        rc = wc_HmacSetKey(hmac, type, (const byte*)key, key_len);
+        rc = wc_HmacSetKey(hmac, type, (const byte*)key, (word32)key_len);
         if (rc == 0) {
            /* Update the wolfSSL HMAC object with data. */
-            rc = wc_HmacUpdate(hmac, data, len);
+            rc = wc_HmacUpdate(hmac, data, (word32)len);
         }
         /* Finalize the wolfSSL HMAC object. */
         if ((rc == 0) && (wc_HmacFinal(hmac, md) == 0)) {
             /* Return the length of the HMAC output if required. */
             if (md_len != NULL) {
-                *md_len = hmacLen;
+                *md_len = (unsigned int)hmacLen;
             }
             /* Set the buffer to return. */
             ret = md;
@@ -2239,7 +2228,7 @@ int wolfSSL_CMAC_Update(WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len)
  *
  * @param [in, out] ctx  CMAC context object.
  * @param [out]     out  Buffer to place CMAC result into.
- *                       Must be able to hold AES_BLOCK_SIZE bytes.
+ *                       Must be able to hold WC_AES_BLOCK_SIZE bytes.
  * @param [out]     len  Length of CMAC result. May be NULL.
  * @return  1 on success.
  * @return  0 when ctx is NULL.
@@ -2259,7 +2248,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len)
 
     if (ret == 1) {
         /* Get the expected output size. */
-        blockSize = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        blockSize = wolfSSL_EVP_CIPHER_CTX_block_size(ctx->cctx);
         /* Check value is valid. */
         if (blockSize <= 0) {
             ret = 0;
@@ -2269,7 +2258,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len)
             len32 = (word32)blockSize;
             /* Return size if required. */
             if (len != NULL) {
-                *len = blockSize;
+                *len = (size_t)blockSize;
             }
         }
     }
@@ -2442,7 +2431,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* key,
     /* Check key parity is odd. */
     if ((ret == 0) && (!wolfSSL_DES_check_key_parity(key))) {
         WOLFSSL_MSG("Odd parity test fail");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Check whether key is weak. */
     if ((ret == 0) && wolfSSL_DES_is_weak_key(key)) {
@@ -2554,21 +2543,23 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in,
     if ((!err) && (dataSz % DES_BLOCK_SIZE)) {
         /* Allocate a buffer big enough to hold padded input. */
         dataSz += DES_BLOCK_SIZE - (dataSz % DES_BLOCK_SIZE);
-        data = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        data = (unsigned char*)XMALLOC((size_t)dataSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
         if (data == NULL) {
             WOLFSSL_MSG("Issue creating temporary buffer");
             err = 1;
         }
         else {
             /* Copy input and pad with 0s. */
-            XMEMCPY(data, in, length);
-            XMEMSET(data + length, 0, dataSz - length);
+            XMEMCPY(data, in, (size_t)length);
+            XMEMSET(data + length, 0, (size_t)(dataSz - length));
         }
     }
 
     if (!err) {
         /* Allocate buffer to hold encrypted data. */
-        tmp = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmp = (unsigned char*)XMALLOC((size_t)dataSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             WOLFSSL_MSG("Issue creating temporary buffer");
             err = 1;
@@ -2578,7 +2569,7 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in,
     if (!err) {
         /* Encrypt data into temporary. */
         wolfSSL_DES_cbc_encrypt(data, tmp, dataSz, sc, (WOLFSSL_DES_cblock*)iv,
-            DES_ENCRYPT);
+            WC_DES_ENCRYPT);
         /* Copy out last block. */
         XMEMCPY((unsigned char*)out, tmp + (dataSz - DES_BLOCK_SIZE),
             DES_BLOCK_SIZE);
@@ -2625,7 +2616,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
     WOLFSSL_ENTER("wolfSSL_DES_cbc_encrypt");
 
 #ifdef WOLFSSL_SMALL_STACK
-    des = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
+    des = (Des*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
     if (des == NULL) {
         WOLFSSL_MSG("Failed to allocate memory for Des object");
     }
@@ -2642,13 +2633,13 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
         /* Length of data that is a multiple of a block. */
         word32 len   = (word32)(length - lb_sz);
 
-        if (enc == DES_ENCRYPT) {
+        if (enc == WC_DES_ENCRYPT) {
             /* Encrypt full blocks into output. */
             wc_Des_CbcEncrypt(des, output, input, len);
             if (lb_sz != 0) {
                 /* Create a 0 padded block from remaining bytes. */
                 XMEMSET(lastBlock, 0, DES_BLOCK_SIZE);
-                XMEMCPY(lastBlock, input + len, lb_sz);
+                XMEMCPY(lastBlock, input + len, (size_t)lb_sz);
                 /* Encrypt last block into output. */
                 wc_Des_CbcEncrypt(des, output + len, lastBlock,
                     (word32)DES_BLOCK_SIZE);
@@ -2662,7 +2653,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
                 wc_Des_CbcDecrypt(des, lastBlock, input + len,
                     (word32)DES_BLOCK_SIZE);
                 /* Copy out the required amount of the decrypted block. */
-                XMEMCPY(output + len, lastBlock, lb_sz);
+                XMEMCPY(output + len, lastBlock, (size_t)lb_sz);
             }
         }
     }
@@ -2698,7 +2689,7 @@ void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, unsigned char* output,
     offset = (offset + DES_BLOCK_SIZE - 1) / DES_BLOCK_SIZE;
     offset *= DES_BLOCK_SIZE;
     offset -= DES_BLOCK_SIZE;
-    if (enc == DES_ENCRYPT) {
+    if (enc == WC_DES_ENCRYPT) {
         /* Encrypt data. */
         wolfSSL_DES_cbc_encrypt(input, output, length, schedule, ivec, enc);
         /* Use last encrypted block as new IV. */
@@ -2743,7 +2734,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
     WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
 
 #ifdef WOLFSSL_SMALL_STACK
-    des3 = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
+    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
     if (des3 == NULL) {
         WOLFSSL_MSG("Failed to allocate memory for Des3 object");
         sz = 0;
@@ -2772,7 +2763,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
         ret = wc_Des3Init(des3, NULL, INVALID_DEVID);
         (void)ret;
 
-        if (enc == DES_ENCRYPT) {
+        if (enc == WC_DES_ENCRYPT) {
             /* Initialize wolfCrypt DES3 object. */
             if (wc_Des3_SetKey(des3, key, (const byte*)ivec, DES_ENCRYPTION)
                     == 0) {
@@ -2786,7 +2777,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
                 if (lb_sz != 0) {
                     /* Create a 0 padded block from remaining bytes. */
                     XMEMSET(lastBlock, 0, DES_BLOCK_SIZE);
-                    XMEMCPY(lastBlock, input + len, lb_sz);
+                    XMEMCPY(lastBlock, input + len, (size_t)lb_sz);
                     /* Encrypt last block into output. */
                     ret = wc_Des3_CbcEncrypt(des3, output + len, lastBlock,
                         (word32)DES_BLOCK_SIZE);
@@ -2836,7 +2827,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
                     (void)ret;
                 #endif
                     /* Copy out the required amount of the decrypted block. */
-                    XMEMCPY(output + len, lastBlock, lb_sz);
+                    XMEMCPY(output + len, lastBlock, (size_t)lb_sz);
                 }
             }
         }
@@ -2869,22 +2860,24 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out,
 
     /* Validate parameters. */
     if ((in == NULL) || (out == NULL) || (key == NULL) ||
-           ((enc != DES_ENCRYPT) && (enc != DES_DECRYPT))) {
+           ((enc != WC_DES_ENCRYPT) && (enc != WC_DES_DECRYPT))) {
         WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt");
     }
 #ifdef WOLFSSL_SMALL_STACK
-    else if ((des = XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER)) == NULL) {
+    else if ((des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER))
+             == NULL)
+    {
         WOLFSSL_MSG("Failed to allocate memory for Des object");
     }
 #endif
     /* Set key in wolfCrypt DES object for encryption or decryption.
-     * DES_ENCRYPT = 1, wolfSSL DES_ENCRYPTION = 0.
-     * DES_DECRYPT = 0, wolfSSL DES_DECRYPTION = 1.
+     * WC_DES_ENCRYPT = 1, wolfSSL DES_ENCRYPTION = 0.
+     * WC_DES_DECRYPT = 0, wolfSSL DES_DECRYPTION = 1.
      */
     else if (wc_Des_SetKey(des, (const byte*)key, NULL, !enc) != 0) {
         WOLFSSL_MSG("wc_Des_SetKey return error.");
     }
-    else if (enc == DES_ENCRYPT) {
+    else if (enc == WC_DES_ENCRYPT) {
         /* Encrypt a block with wolfCrypt DES object. */
         if (wc_Des_EcbEncrypt(des, (byte*)out, (const byte*)in, DES_KEY_SIZE)
                 != 0) {
@@ -2926,33 +2919,32 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out,
  * @param [in]  key   Key data.
  * @param [in]  bits  Number of bits in key.
  * @param [out] aes   AES key object.
- * @param [in]  enc   Whether to encrypt. AES_ENCRYPT or AES_DECRYPT.
+ * @param [in]  enc   Whether to encrypt. AES_ENCRYPTION or AES_DECRYPTION.
  * @return  0 on success.
  * @return  -1 when key or aes is NULL.
  * @return  -1 when setting key with wolfCrypt fails.
  */
 static int wolfssl_aes_set_key(const unsigned char *key, const int bits,
-    AES_KEY *aes, int enc)
+    WOLFSSL_AES_KEY *aes, int enc)
 {
-    typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
-    (void)sizeof(aes_test);
+    wc_static_assert(sizeof(WOLFSSL_AES_KEY) >= sizeof(Aes));
 
     /* Validate parameters. */
     if ((key == NULL) || (aes == NULL)) {
         WOLFSSL_MSG("Null argument passed in");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    XMEMSET(aes, 0, sizeof(AES_KEY));
+    XMEMSET(aes, 0, sizeof(WOLFSSL_AES_KEY));
 
     if (wc_AesInit((Aes*)aes, NULL, INVALID_DEVID) != 0) {
         WOLFSSL_MSG("Error in initting AES key");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) {
+    if (wc_AesSetKey((Aes*)aes, key, (word32)((bits)/8), NULL, enc) != 0) {
         WOLFSSL_MSG("Error in setting AES key");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return 0;
 }
@@ -2967,11 +2959,11 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits,
  * @return  -1 when setting key with wolfCrypt fails.
  */
 int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
-    AES_KEY *aes)
+    WOLFSSL_AES_KEY *aes)
 {
     WOLFSSL_ENTER("wolfSSL_AES_set_encrypt_key");
 
-    return wolfssl_aes_set_key(key, bits, aes, AES_ENCRYPT);
+    return wolfssl_aes_set_key(key, bits, aes, AES_ENCRYPTION);
 }
 
 /* Sets the key into the AES key object for decryption.
@@ -2984,11 +2976,11 @@ int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
  * @return  -1 when setting key with wolfCrypt fails.
  */
 int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
-    AES_KEY *aes)
+    WOLFSSL_AES_KEY *aes)
 {
     WOLFSSL_ENTER("wolfSSL_AES_set_decrypt_key");
 
-    return wolfssl_aes_set_key(key, bits, aes, AES_DECRYPT);
+    return wolfssl_aes_set_key(key, bits, aes, AES_DECRYPTION);
 }
 
 #ifdef WOLFSSL_AES_DIRECT
@@ -2996,15 +2988,15 @@ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
  *
  * wolfSSL_AES_set_encrypt_key() must have been called.
  *
- * #input must contain AES_BLOCK_SIZE bytes of data.
- * #output must be a buffer at least AES_BLOCK_SIZE bytes in length.
+ * #input must contain WC_AES_BLOCK_SIZE bytes of data.
+ * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length.
  *
  * @param [in]  input   Data to encrypt.
  * @param [out] output  Encrypted data.
  * @param [in]  key     AES key to use for encryption.
  */
 void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
-    AES_KEY *key)
+    WOLFSSL_AES_KEY *key)
 {
     WOLFSSL_ENTER("wolfSSL_AES_encrypt");
 
@@ -3014,7 +3006,8 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
     }
     else
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
+    || defined(WOLFSSL_LINUXKM))
     /* Encrypt a block with wolfCrypt AES. */
     if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) {
         WOLFSSL_MSG("wc_AesEncryptDirect failed");
@@ -3032,15 +3025,15 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
  *
  * wolfSSL_AES_set_decrypt_key() must have been called.
  *
- * #input must contain AES_BLOCK_SIZE bytes of data.
- * #output must be a buffer at least AES_BLOCK_SIZE bytes in length.
+ * #input must contain WC_AES_BLOCK_SIZE bytes of data.
+ * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length.
  *
  * @param [in]  input   Data to decrypt.
  * @param [out] output  Decrypted data.
  * @param [in]  key     AES key to use for encryption.
  */
 void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
-    AES_KEY *key)
+    WOLFSSL_AES_KEY *key)
 {
     WOLFSSL_ENTER("wolfSSL_AES_decrypt");
 
@@ -3050,7 +3043,7 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
     }
     else
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0)))
     /* Decrypt a block with wolfCrypt AES. */
     if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) {
         WOLFSSL_MSG("wc_AesDecryptDirect failed");
@@ -3072,17 +3065,17 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
  * wolfSSL_AES_set_encrypt_key() or wolfSSL_AES_set_decrypt_key ()must have been
  * called.
  *
- * #input must contain AES_BLOCK_SIZE bytes of data.
- * #output must be a buffer at least AES_BLOCK_SIZE bytes in length.
+ * #input must contain WC_AES_BLOCK_SIZE bytes of data.
+ * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length.
  *
  * @param [in]  in   Data to encipher.
  * @param [out] out  Enciphered data.
  * @param [in]  key  AES key to use for encryption/decryption.
  * @param [in]  enc  Whether to encrypt.
- *                   AES_ENCRPT for encryption, AES_DECRYPT for decryption.
+ *                   AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
  */
 void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
-    AES_KEY *key, const int enc)
+    WOLFSSL_AES_KEY *key, const int enc)
 {
     WOLFSSL_ENTER("wolfSSL_AES_ecb_encrypt");
 
@@ -3090,16 +3083,16 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
     if ((key == NULL) || (in == NULL) || (out == NULL)) {
         WOLFSSL_MSG("Error, Null argument passed in");
     }
-    else if (enc == AES_ENCRYPT) {
+    else if (enc == AES_ENCRYPTION) {
         /* Encrypt block. */
-        if (wc_AesEcbEncrypt((Aes*)key, out, in, AES_BLOCK_SIZE) != 0) {
+        if (wc_AesEcbEncrypt((Aes*)key, out, in, WC_AES_BLOCK_SIZE) != 0) {
             WOLFSSL_MSG("Error with AES CBC encrypt");
         }
     }
     else {
     #ifdef HAVE_AES_DECRYPT
         /* Decrypt block. */
-        if (wc_AesEcbDecrypt((Aes*)key, out, in, AES_BLOCK_SIZE) != 0) {
+        if (wc_AesEcbDecrypt((Aes*)key, out, in, WC_AES_BLOCK_SIZE) != 0) {
             WOLFSSL_MSG("Error with AES CBC decrypt");
         }
     #else
@@ -3123,10 +3116,10 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
  *                        On in, used with first block.
  *                        On out, IV for further operations.
  * @param [in]       enc  Whether to encrypt.
- *                   AES_ENCRPT for encryption, AES_DECRYPT for decryption.
+ *                   AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
  */
 void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
-    size_t len, AES_KEY *key, unsigned char* iv, const int enc)
+    size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, const int enc)
 {
     WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt");
 
@@ -3143,7 +3136,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
         if ((ret = wc_AesSetIV(aes, (const byte*)iv)) != 0) {
             WOLFSSL_MSG("Error with setting iv");
         }
-        else if (enc == AES_ENCRYPT) {
+        else if (enc == AES_ENCRYPTION) {
             /* Encrypt with wolfCrypt AES object. */
             if ((ret = wc_AesCbcEncrypt(aes, out, in, (word32)len)) != 0) {
                 WOLFSSL_MSG("Error with AES CBC encrypt");
@@ -3158,7 +3151,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
 
         if (ret == 0) {
             /* Get IV for next operation. */
-            XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
+            XMEMCPY(iv, (byte*)(aes->reg), WC_AES_BLOCK_SIZE);
         }
     }
 }
@@ -3178,10 +3171,10 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
  *                        On out, IV for further operations.
  * @param [out]      num  Number of bytes used from last incomplete block.
  * @param [in]       enc  Whether to encrypt.
- *                   AES_ENCRPT for encryption, AES_DECRYPT for decryption.
+ *                   AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
  */
 void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
-    size_t len, AES_KEY *key, unsigned char* iv, int* num, const int enc)
+    size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc)
 {
 #ifndef WOLFSSL_AES_CFB
     WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB");
@@ -3208,9 +3201,9 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
          * leftover bytes field "left", and this function relies on the leftover
          * bytes being preserved between calls.
          */
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
 
-        if (enc == AES_ENCRYPT) {
+        if (enc == AES_ENCRYPTION) {
             /* Encrypt data with AES-CFB. */
             if ((ret = wc_AesCfbEncrypt(aes, out, in, (word32)len)) != 0) {
                 WOLFSSL_MSG("Error with AES CBC encrypt");
@@ -3225,11 +3218,11 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
 
         if (ret == 0) {
             /* Copy IV out after operation. */
-            XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
+            XMEMCPY(iv, (byte*)(aes->reg), WC_AES_BLOCK_SIZE);
 
             /* Store number of left over bytes to num. */
             if (num != NULL) {
-                *num = (AES_BLOCK_SIZE - aes->left) % AES_BLOCK_SIZE;
+                *num = (WC_AES_BLOCK_SIZE - aes->left) % WC_AES_BLOCK_SIZE;
             }
         }
     }
@@ -3249,7 +3242,7 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
  * @return  0 when key, iv, out or in is NULL.
  * @return  0 when key length is not valid.
  */
-int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+int wolfSSL_AES_wrap_key(WOLFSSL_AES_KEY *key, const unsigned char *iv,
     unsigned char *out, const unsigned char *in, unsigned int inSz)
 {
     int ret = 0;
@@ -3284,7 +3277,7 @@ int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
  * @return  0 when key, iv, out or in is NULL.
  * @return  0 when wrapped key data length is not valid.
  */
-int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+int wolfSSL_AES_unwrap_key(WOLFSSL_AES_KEY *key, const unsigned char *iv,
     unsigned char *out, const unsigned char *in, unsigned int inSz)
 {
     int ret = 0;
@@ -3345,7 +3338,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
         }
 
         /* Encrypt data up to last block */
-        (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPT);
+        (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPTION);
 
         /* Move to last block */
         in += len - lastBlkLen;
@@ -3358,7 +3351,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
         XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
         /* Encrypt last block. */
         (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ,
-                key, iv, AES_ENCRYPT);
+                key, iv, AES_ENCRYPTION);
     }
 
     return len;
@@ -3413,13 +3406,13 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
          * Use 0 buffer as IV to do straight decryption.
          * This places the Cn-1 block at lastBlk */
         XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
-        (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPT);
+        (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPTION);
         /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
          *          to create En. */
         XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
         /* Cn and Cn-1 can now be decrypted */
-        (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT);
-        (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT);
+        (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
+        (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
         XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
     }
 
@@ -3449,8 +3442,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
 void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
     const unsigned char* data)
 {
-    typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1];
-    (void)sizeof(rc4_test);
+    wc_static_assert(sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4));
 
     WOLFSSL_ENTER("wolfSSL_RC4_set_key");
 
diff --git a/src/ssl_load.c b/src/ssl_load.c
new file mode 100644
index 000000000..f9bacaba0
--- /dev/null
+++ b/src/ssl_load.c
@@ -0,0 +1,6038 @@
+/* ssl_load.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+/*
+ * WOLFSSL_SYS_CA_CERTS
+ *     Enables ability to load system CA certs from the OS via
+ *     wolfSSL_CTX_load_system_CA_certs.
+ */
+
+#ifdef WOLFSSL_SYS_CA_CERTS
+
+#ifdef _WIN32
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+    #include <windows.h>
+    #include <wincrypt.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
+
+    /* mingw gcc does not support pragma comment, and the
+     * linking with crypt32 is handled in configure.ac */
+    #if !defined(__MINGW32__) && !defined(__MINGW64__)
+        #pragma comment(lib, "crypt32")
+    #endif
+#endif
+
+#if defined(__APPLE__) && defined(HAVE_SECURITY_SECTRUSTSETTINGS_H)
+#include <Security/SecTrustSettings.h>
+#endif
+
+#endif /* WOLFSSL_SYS_CA_CERTS */
+
+#if !defined(WOLFSSL_SSL_LOAD_INCLUDED)
+    #ifndef WOLFSSL_IGNORE_FILE_WARN
+        #warning ssl_load.c does not need to be compiled separately from ssl.c
+    #endif
+#else
+
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    /* PSK field of context when it exists. */
+    #define CTX_HAVE_PSK(ctx)   (ctx)->havePSK
+    /* PSK field of ssl when it exists. */
+    #define SSL_HAVE_PSK(ssl)   (ssl)->options.havePSK
+#else
+    /* Have PSK value when no field. */
+    #define CTX_HAVE_PSK(ctx)   0
+    /* Have PSK value when no field. */
+    #define SSL_HAVE_PSK(ssl)   0
+#endif
+#ifdef NO_RSA
+    /* Boolean for RSA available. */
+    #define WOLFSSL_HAVE_RSA    0
+#else
+    /* Boolean for RSA available. */
+    #define WOLFSSL_HAVE_RSA    1
+#endif
+#ifndef NO_CERTS
+    /* Private key size from ssl. */
+    #define SSL_KEY_SZ(ssl)     (ssl)->buffers.keySz
+#else
+    /* Private key size not available. */
+    #define SSL_KEY_SZ(ssl)     0
+#endif
+#ifdef HAVE_ANON
+    /* Anonymous ciphersuite allowed field in context. */
+    #define CTX_USE_ANON(ctx)   (ctx)->useAnon
+#else
+    /* Anonymous ciphersuite allowed field not in context. */
+    #define CTX_USE_ANON(ctx)   0
+#endif
+
+#ifdef HAVE_PK_CALLBACKS
+    #define WOLFSSL_IS_PRIV_PK_SET(ctx, ssl)                            \
+        wolfSSL_CTX_IsPrivatePkSet(((ssl) == NULL) ? (ctx) : (ssl)->ctx)
+#else
+    #define WOLFSSL_IS_PRIV_PK_SET(ctx, ssl)    0
+#endif
+
+/* Get the heap from the context or the ssl depending on which is available. */
+#define WOLFSSL_HEAP(ctx, ssl)                                              \
+    (((ctx) != NULL) ? (ctx)->heap : (((ssl) != NULL) ? (ssl)->heap : NULL))
+
+
+#ifndef NO_CERTS
+
+/* Get DER encoding from data in a buffer as a DerBuffer.
+ *
+ * @param [in]      buff    Buffer containing data.
+ * @param [in]      len     Length of data in buffer.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @param [in]      type    Type of data:
+ *                            CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE,
+ *                            PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
+ * @param [in, out] info    Info for encryption.
+ * @param [in]      heap    Dynamic memory allocation hint.
+ * @param [out]     der     Holds DER encoded data.
+ * @param [out]     algId   Algorithm identifier for private keys.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when format is PEM and PEM not supported.
+ * @return  ASN_PARSE_E when format is ASN.1 and invalid DER encoding.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
+    int type, EncryptedInfo* info, void* heap, DerBuffer** der, int* algId)
+{
+    int ret;
+
+    info->consumed = 0;
+
+    /* Data in buffer has PEM format - extract DER data. */
+    if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buff, (long)(len), type, der, heap, info, algId);
+        if (ret != 0) {
+            FreeDer(der);
+        }
+    #else
+        (void)algId;
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+    /* Data in buffer is ASN.1 format - get first SEQ or OCT into der. */
+    else {
+        /* Get length of SEQ including header. */
+        if ((info->consumed = wolfssl_der_length(buff, (int)len)) > 0) {
+            ret = 0;
+        }
+        else {
+            ret = ASN_PARSE_E;
+        }
+
+        if (info->consumed > (int)len) {
+            ret = ASN_PARSE_E;
+        }
+        if (ret == 0) {
+            ret = AllocCopyDer(der, buff, (word32)info->consumed, type, heap);
+        }
+    }
+
+    return ret;
+}
+
+/* Process a user's certificate.
+ *
+ * Puts the 3-byte length before certificate data as required for TLS.
+ * CA certificates are added to the certificate manager.
+ *
+ * @param [in]      cm           Certificate manager.
+ * @param [in, out] pDer         DER encoded data.
+ * @param [in]      type         Type of data. Valid values:
+ *                                 CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE.
+ * @param [in]      verify       How to verify certificate.
+ * @param [out]     chainBuffer  Buffer to hold chain of certificates.
+ * @param [in, out] pIdx         On in, current index into chainBuffer.
+ *                               On out, index after certificate added.
+ * @param [in]      bufferSz     Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E if chain buffer not big enough to hold certificate.
+ */
+static int ProcessUserCert(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer,
+    int type, int verify, byte* chainBuffer, word32* pIdx, word32 bufferSz)
+{
+    int ret = 0;
+    word32 idx = *pIdx;
+    DerBuffer* der = *pDer;
+
+    /* Check there is space for certificate in chainBuffer. */
+    if ((ret == 0) && ((idx + der->length + CERT_HEADER_SZ) > bufferSz)) {
+        WOLFSSL_MSG("   Cert Chain bigger than buffer. "
+                    "Consider increasing MAX_CHAIN_DEPTH");
+        ret = BUFFER_E;
+    }
+    if (ret == 0) {
+        /* 3-byte length. */
+        c32to24(der->length, &chainBuffer[idx]);
+        idx += CERT_HEADER_SZ;
+        /* Add complete DER encoded certificate. */
+        XMEMCPY(&chainBuffer[idx], der->buffer, der->length);
+        idx += der->length;
+
+        if (type == CA_TYPE) {
+            /* Add CA to certificate manager */
+            ret = AddCA(cm, pDer, WOLFSSL_USER_CA, verify);
+            if (ret == 1) {
+                ret = 0;
+            }
+        }
+    }
+
+    /* Update the index into chainBuffer. */
+    *pIdx = idx;
+    return ret;
+}
+
+/* Store the certificate chain buffer aganst WOLFSSL_CTX or WOLFSSL object.
+ *
+ * @param [in, out] ctx          SSL context object.
+ * @param [in, out] ssl          SSL object.
+ * @param [in]      chainBuffer  Buffer containing chain of certificates.
+ * @param [in]      len          Length, in bytes, of data in buffer.
+ * @param [in]      cnt          Number of certificates in chain.
+ * @param [in]      type         Type of data. Valid values:
+ *                                 CERT_TYPE, CA_TYPE or CHAIN_CERT_TYPE.
+ * @param [in]      heap         Dynamic memory allocation hint.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    const byte* chainBuffer, word32 len, int cnt, int type, void* heap)
+{
+    int ret = 0;
+
+    (void)cnt;
+
+    /* Store in SSL object if available. */
+    if (ssl != NULL) {
+        /* Dispose of old chain if not reference to context's. */
+        if (ssl->buffers.weOwnCertChain) {
+            FreeDer(&ssl->buffers.certChain);
+        }
+        /* Allocate and copy the buffer into SSL object. */
+        ret = AllocCopyDer(&ssl->buffers.certChain, chainBuffer, len, type,
+            heap);
+        ssl->buffers.weOwnCertChain = (ret == 0);
+    #ifdef WOLFSSL_TLS13
+        /* Update count of certificates in chain. */
+        ssl->buffers.certChainCnt = cnt;
+    #endif
+    }
+    /* Store in SSL context object if available. */
+    else if (ctx != NULL) {
+        /* Dispose of old chain and allocate and copy in new chain. */
+        FreeDer(&ctx->certChain);
+        /* Allocate and copy the buffer into SSL context object. */
+        ret = AllocCopyDer(&ctx->certChain, chainBuffer, len, type, heap);
+    #ifdef WOLFSSL_TLS13
+        /* Update count of certificates in chain. */
+        ctx->certChainCnt = cnt;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Process user cert chain to pass during the TLS handshake.
+ *
+ * If not a certificate type then data is ignored.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      buff    Buffer holding certificates.
+ * @param [in]      sz      Length of data in buffer.
+ * @param [in]      format  Format of the certificate:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1
+ * @param [in]      type    Type of certificate:
+ *                            CA_TYPE, CERT_TYPE or CHAIN_CERT_TYPE
+ * @param [out]     used    Number of bytes from buff used.
+ * @param [in, out] info    Encryption information.
+ * @param [in]      verify  How to verify certificate.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when type is CA_TYPE and ctx is NULL.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    const unsigned char* buff, long sz, int format, int type, long* used,
+    EncryptedInfo* info, int verify)
+{
+    int ret = 0;
+    void* heap = WOLFSSL_HEAP(ctx, ssl);
+
+    WOLFSSL_ENTER("ProcessUserChain");
+
+    /* Check we haven't consumed all the data. */
+    if (info->consumed >= sz) {
+        WOLFSSL_MSG("Already consumed data");
+    }
+    else {
+    #ifndef WOLFSSL_SMALL_STACK
+        byte stackBuffer[FILE_BUFFER_SIZE];
+    #endif
+        StaticBuffer chain;
+        long   consumed = info->consumed;
+        word32 idx = 0;
+        int    gotOne = 0;
+        int    cnt = 0;
+        /* Calculate max possible size, including max headers */
+        long   maxSz = (sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH);
+
+        /* Setup buffer to hold chain. */
+    #ifdef WOLFSSL_SMALL_STACK
+        static_buffer_init(&chain);
+    #else
+        static_buffer_init(&chain, stackBuffer, FILE_BUFFER_SIZE);
+    #endif
+        /* Make buffer big enough to support maximum size. */
+        ret = static_buffer_set_size(&chain, (word32)maxSz, heap,
+            DYNAMIC_TYPE_FILE);
+
+        WOLFSSL_MSG("Processing Cert Chain");
+        /* Keep parsing certificates will data available. */
+        while ((ret == 0) && (consumed < sz)) {
+            DerBuffer* part = NULL;
+
+            /* Get a certificate as DER. */
+            ret = DataToDerBuffer(buff + consumed, (word32)(sz - consumed),
+                format, type, info, heap, &part, NULL);
+            if (ret == 0) {
+                /* Process the user certificate. */
+                ret = ProcessUserCert(ctx->cm, &part, type, verify,
+                   chain.buffer, &idx, (word32)maxSz);
+            }
+            /* PEM may have trailing data that can be ignored. */
+            if ((ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) && gotOne) {
+                WOLFSSL_MSG("We got one good cert, so stuff at end ok");
+                ret = 0;
+                break;
+            }
+            /* Certificate data handled. */
+            FreeDer(&part);
+
+            if (ret == 0) {
+                /* Update consumed length. */
+                consumed += info->consumed;
+                WOLFSSL_MSG("   Consumed another Cert in Chain");
+                /* Update whether we got a user certificate. */
+                gotOne |= (type != CA_TYPE);
+                /* Update count of certificates added to chain. */
+                cnt++;
+            }
+        }
+        if (used != NULL) {
+            /* Return the total consumed length. */
+            *used = consumed;
+        }
+
+        /* Check whether there is data in the chain buffer. */
+        if ((ret == 0) && (idx > 0)) {
+            /* Put the chain buffer against the SSL or SSL context object. */
+            ret = ProcessUserChainRetain(ctx, ssl, chain.buffer, idx, cnt, type,
+                heap);
+        }
+
+        /* Dispose of chain buffer. */
+        static_buffer_free(&chain, heap, DYNAMIC_TYPE_FILE);
+    }
+
+    WOLFSSL_LEAVE("ProcessUserChain", ret);
+    return ret;
+}
+
+#ifndef NO_RSA
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION > 2))
+/* See if DER data is an RSA private key.
+ *
+ * Checks size meets minimum RSA key size.
+ * This implementation uses less dynamic memory.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not an RSA key and format unknown.
+ * @return  RSA_KEY_SIZE_E when key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, int devId, byte* keyType, int* keySize)
+{
+    int ret;
+    word32 idx;
+    int keySz = 0;
+
+    (void)devId;
+
+    /* Validate we have an RSA private key and get key size. */
+    idx = 0;
+    ret = wc_RsaPrivateKeyValidate(der->buffer, &idx, &keySz, der->length);
+#ifdef WOLF_PRIVATE_KEY_ID
+    /* If that didn't work then maybe a public key if device ID or callback. */
+    if ((ret != 0) && ((devId != INVALID_DEVID) ||
+            WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
+        word32 nSz;
+
+        /* Decode as an RSA public key. */
+        idx = 0;
+        ret = wc_RsaPublicKeyDecode_ex(der->buffer, &idx, der->length, NULL,
+            &nSz, NULL, NULL);
+        if (ret == 0) {
+            keySz = (int)nSz;
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Get the minimum RSA key size from SSL or SSL context object. */
+        int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz;
+
+        /* Format, type and size are known. */
+        *keyFormat = RSAk;
+        *keyType = rsa_sa_algo;
+        *keySize = keySz;
+
+        /* Check that the size of the RSA key is enough. */
+        if (keySz < minRsaSz) {
+            WOLFSSL_MSG("Private Key size too small");
+            ret = RSA_KEY_SIZE_E;
+        }
+         /* No static ECC key possible. */
+        if ((ssl != NULL) && (ssl->options.side == WOLFSSL_SERVER_END)) {
+             ssl->options.haveStaticECC = 0;
+        }
+    }
+    /* Not an RSA key but check whether we know what it is. */
+    else if (*keyFormat == 0) {
+        WOLFSSL_MSG("Not an RSA key");
+        /* Format unknown so keep trying. */
+        ret = 0;
+    }
+
+    return ret;
+}
+#else
+/* See if DER data is an RSA private key.
+ *
+ * Checks size meets minimum RSA key size.
+ * This implementation uses more dynamic memory but supports older FIPS.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not an RSA key and format unknown.
+ * @return  RSA_KEY_SIZE_E when key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
+    int* keySize)
+{
+    int ret;
+    word32 idx;
+    /* make sure RSA key can be used */
+#ifdef WOLFSSL_SMALL_STACK
+    RsaKey* key;
+#else
+    RsaKey  key[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate an RSA key to parse into so we can get size. */
+    key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL)
+        return MEMORY_E;
+#endif
+
+    /* Initialize the RSA key. */
+    ret = wc_InitRsaKey_ex(key, heap, devId);
+    if (ret == 0) {
+        /* Check we have an RSA private key. */
+        idx = 0;
+        ret = wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length);
+    #ifdef WOLF_PRIVATE_KEY_ID
+        /* If that didn't work then maybe a public key if device ID or callback.
+         */
+        if ((ret != 0) && ((devId != INVALID_DEVID) ||
+                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
+            /* If that didn't work then maybe a public key if device ID or
+             * callback. */
+            idx = 0;
+            ret = wc_RsaPublicKeyDecode(der->buffer, &idx, key, der->length);
+        }
+    #endif
+        if (ret == 0) {
+            /* Get the minimum RSA key size from SSL or SSL context object. */
+            int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz;
+            int keySz = wc_RsaEncryptSize((RsaKey*)key);
+
+            /* Format is known. */
+            *keyFormat = RSAk;
+            *keyType = rsa_sa_algo;
+            *keySize = keySz;
+
+            /* Check that the size of the RSA key is enough. */
+            if (keySz < minRsaSz) {
+                WOLFSSL_MSG("Private Key size too small");
+                ret = RSA_KEY_SIZE_E;
+            }
+            /* No static ECC key possible. */
+            if ((ssl != NULL) && (ssl->options.side == WOLFSSL_SERVER_END)) {
+                 ssl->options.haveStaticECC = 0;
+            }
+        }
+        /* Not an RSA key but check whether we know what it is. */
+        else if (*keyFormat == 0) {
+            WOLFSSL_MSG("Not an RSA key");
+            /* Format unknown so keep trying. */
+            ret = 0;
+        }
+
+        /* Free dynamically allocated data in key. */
+        wc_FreeRsaKey(key);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of allocated key. */
+    XFREE(key, heap, DYNAMIC_TYPE_RSA);
+#endif
+
+    return ret;
+}
+#endif
+#endif /* !NO_RSA */
+
+#ifdef HAVE_ECC
+/* See if DER data is an ECC private key.
+ *
+ * Checks size meets minimum ECC key size.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not an ECC key and format unknown.
+ * @return  ECC_KEY_SIZE_E when ECC key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
+    int* keySize)
+{
+    int ret = 0;
+    word32 idx;
+    /* make sure ECC key can be used */
+#ifdef WOLFSSL_SMALL_STACK
+    ecc_key* key;
+#else
+    ecc_key  key[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate an ECC key to parse into. */
+    key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC);
+    if (key == NULL)
+        return MEMORY_E;
+#endif
+
+    /* Initialize ECC key. */
+    if (wc_ecc_init_ex(key, heap, devId) == 0) {
+        /* Decode as an ECC private key. */
+        idx = 0;
+        ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, der->length);
+    #ifdef WOLF_PRIVATE_KEY_ID
+        /* If that didn't work then maybe a public key if device ID or callback.
+         */
+        if ((ret != 0) && ((devId != INVALID_DEVID) ||
+                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
+            /* Decode as an ECC public key. */
+            idx = 0;
+            ret = wc_EccPublicKeyDecode(der->buffer, &idx, key, der->length);
+        }
+    #endif
+    #ifdef WOLFSSL_SM2
+        if (*keyFormat == SM2k) {
+            ret = wc_ecc_set_curve(key, WOLFSSL_SM2_KEY_BITS / 8,
+                ECC_SM2P256V1);
+        }
+    #endif
+        if (ret == 0) {
+            /* Get the minimum ECC key size from SSL or SSL context object. */
+            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
+            int keySz = wc_ecc_size(key);
+
+            /* Format is known. */
+            *keyFormat = ECDSAk;
+        #ifdef WOLFSSL_SM2
+            if (key->dp->id == ECC_SM2P256V1) {
+                *keyType = sm2_sa_algo;
+            }
+            else
+        #endif
+            {
+                *keyType = ecc_dsa_sa_algo;
+            }
+            *keySize = keySz;
+
+            /* Check that the size of the ECC key is enough. */
+            if (keySz < minKeySz) {
+                WOLFSSL_MSG("ECC private key too small");
+                ret = ECC_KEY_SIZE_E;
+            }
+            /* Static ECC key possible. */
+            if (ssl) {
+                ssl->options.haveStaticECC = 1;
+            }
+            else {
+                ctx->haveStaticECC = 1;
+            }
+        }
+        /* Not an ECC key but check whether we know what it is. */
+        else if (*keyFormat == 0) {
+            WOLFSSL_MSG("Not an ECC key");
+            /* Format unknown so keep trying. */
+            ret = 0;
+        }
+
+        /* Free dynamically allocated data in key. */
+        wc_ecc_free(key);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of allocated key. */
+    XFREE(key, heap, DYNAMIC_TYPE_ECC);
+#endif
+    return ret;
+}
+#endif /* HAVE_ECC */
+
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
+/* See if DER data is an Ed25519 private key.
+ *
+ * Checks size meets minimum ECC key size.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not an Ed25519 key and format unknown.
+ * @return  ECC_KEY_SIZE_E when key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
+    int* keySize)
+{
+    int ret;
+    word32 idx;
+    /* make sure Ed25519 key can be used */
+#ifdef WOLFSSL_SMALL_STACK
+    ed25519_key* key;
+#else
+    ed25519_key  key[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate an Ed25519 key to parse into. */
+    key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
+        DYNAMIC_TYPE_ED25519);
+    if (key == NULL)
+        return MEMORY_E;
+#endif
+
+    /* Initialize Ed25519 key. */
+    ret = wc_ed25519_init_ex(key, heap, devId);
+    if (ret == 0) {
+        /* Decode as an Ed25519 private key. */
+        idx = 0;
+        ret = wc_Ed25519PrivateKeyDecode(der->buffer, &idx, key, der->length);
+    #ifdef WOLF_PRIVATE_KEY_ID
+        /* If that didn't work then maybe a public key if device ID or callback.
+         */
+        if ((ret != 0) && ((devId != INVALID_DEVID) ||
+                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
+            /* Decode as an Ed25519 public key. */
+            idx = 0;
+            ret = wc_Ed25519PublicKeyDecode(der->buffer, &idx, key,
+                der->length);
+        }
+    #endif
+        if (ret == 0) {
+            /* Get the minimum ECC key size from SSL or SSL context object. */
+            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
+
+            /* Format is known. */
+            *keyFormat = ED25519k;
+            *keyType = ed25519_sa_algo;
+            *keySize = ED25519_KEY_SIZE;
+
+            /* Check that the size of the ECC key is enough. */
+            if (ED25519_KEY_SIZE < minKeySz) {
+                WOLFSSL_MSG("ED25519 private key too small");
+                ret = ECC_KEY_SIZE_E;
+            }
+            if (ssl != NULL) {
+#if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED25519_CLIENT_AUTH)
+                /* Ed25519 requires caching enabled for tracking message
+                 * hash used in EdDSA_Update for signing */
+                ssl->options.cacheMessages = 1;
+#endif
+            }
+        }
+        /* Not an Ed25519 key but check whether we know what it is. */
+        else if (*keyFormat == 0) {
+            WOLFSSL_MSG("Not an Ed25519 key");
+            /* Format unknown so keep trying. */
+            ret = 0;
+        }
+
+        /* Free dynamically allocated data in key. */
+        wc_ed25519_free(key);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of allocated key. */
+    XFREE(key, heap, DYNAMIC_TYPE_ED25519);
+#endif
+    return ret;
+}
+#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
+
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
+/* See if DER data is an Ed448 private key.
+ *
+ * Checks size meets minimum ECC key size.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not an Ed448 key and format unknown.
+ * @return  ECC_KEY_SIZE_E when key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
+    int* keySize)
+{
+    int ret;
+    word32 idx;
+    /* make sure Ed448 key can be used */
+#ifdef WOLFSSL_SMALL_STACK
+    ed448_key* key = NULL;
+#else
+    ed448_key  key[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate an Ed448 key to parse into. */
+    key = (ed448_key*)XMALLOC(sizeof(ed448_key), heap, DYNAMIC_TYPE_ED448);
+    if (key == NULL)
+        return MEMORY_E;
+#endif
+
+    /* Initialize Ed448 key. */
+    ret = wc_ed448_init_ex(key, heap, devId);
+    if (ret == 0) {
+        /* Decode as an Ed448 private key. */
+        idx = 0;
+        ret = wc_Ed448PrivateKeyDecode(der->buffer, &idx, key, der->length);
+    #ifdef WOLF_PRIVATE_KEY_ID
+        /* If that didn't work then maybe a public key if device ID or callback.
+         */
+        if ((ret != 0) && ((devId != INVALID_DEVID) ||
+                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
+            /* Decode as an Ed448 public key. */
+            idx = 0;
+            ret = wc_Ed448PublicKeyDecode(der->buffer, &idx, key, der->length);
+        }
+    #endif
+        if (ret == 0) {
+            /* Get the minimum ECC key size from SSL or SSL context object. */
+            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
+
+            /* Format is known. */
+            *keyFormat = ED448k;
+            *keyType = ed448_sa_algo;
+            *keySize = ED448_KEY_SIZE;
+
+            /* Check that the size of the ECC key is enough. */
+            if (ED448_KEY_SIZE < minKeySz) {
+                WOLFSSL_MSG("ED448 private key too small");
+                ret = ECC_KEY_SIZE_E;
+            }
+            if (ssl != NULL) {
+                /* Ed448 requires caching enabled for tracking message
+                 * hash used in EdDSA_Update for signing */
+                ssl->options.cacheMessages = 1;
+            }
+        }
+        /* Not an Ed448 key but check whether we know what it is. */
+        else if (*keyFormat == 0) {
+            WOLFSSL_MSG("Not an Ed448 key");
+            /* Format unknown so keep trying. */
+            ret = 0;
+        }
+
+        /* Free dynamically allocated data in key. */
+        wc_ed448_free(key);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of allocated key. */
+    XFREE(key, heap, DYNAMIC_TYPE_ED448);
+#endif
+    return ret;
+}
+#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
+
+#if defined(HAVE_FALCON)
+/* See if DER data is an Falcon private key.
+ *
+ * Checks size meets minimum Falcon key size.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not an Falcon key and format unknown.
+ * @return  FALCON_KEY_SIZE_E when key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
+{
+    int ret;
+    falcon_key* key;
+
+    /* Allocate a Falcon key to parse into. */
+    key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap, DYNAMIC_TYPE_FALCON);
+    if (key == NULL) {
+        return MEMORY_E;
+    }
+
+    /* Initialize Falcon key. */
+    ret = wc_falcon_init(key);
+    if (ret == 0) {
+        /* Set up key to parse the format specified. */
+        if ((*keyFormat == FALCON_LEVEL1k) || ((*keyFormat == 0) &&
+                ((der->length == FALCON_LEVEL1_KEY_SIZE) ||
+                 (der->length == FALCON_LEVEL1_PRV_KEY_SIZE)))) {
+            ret = wc_falcon_set_level(key, 1);
+        }
+        else if ((*keyFormat == FALCON_LEVEL5k) || ((*keyFormat == 0) &&
+                 ((der->length == FALCON_LEVEL5_KEY_SIZE) ||
+                  (der->length == FALCON_LEVEL5_PRV_KEY_SIZE)))) {
+            ret = wc_falcon_set_level(key, 5);
+        }
+        else {
+            wc_falcon_free(key);
+            ret = ALGO_ID_E;
+        }
+    }
+
+    if (ret == 0) {
+        /* Decode as a Falcon private key. */
+        ret = wc_falcon_import_private_only(der->buffer, der->length, key);
+        if (ret == 0) {
+            /* Get the minimum Falcon key size from SSL or SSL context object.
+             */
+            int minKeySz = ssl ? ssl->options.minFalconKeySz :
+                                 ctx->minFalconKeySz;
+
+            /* Format is known. */
+            if (*keyFormat == FALCON_LEVEL1k) {
+                *keyType = falcon_level1_sa_algo;
+                *keySize = FALCON_LEVEL1_KEY_SIZE;
+            }
+            else {
+                *keyType = falcon_level5_sa_algo;
+                *keySize = FALCON_LEVEL5_KEY_SIZE;
+            }
+
+            /* Check that the size of the Falcon key is enough. */
+            if (*keySize < minKeySz) {
+                WOLFSSL_MSG("Falcon private key too small");
+                ret = FALCON_KEY_SIZE_E;
+            }
+        }
+        /* Not a Falcon key but check whether we know what it is. */
+        else if (*keyFormat == 0) {
+            WOLFSSL_MSG("Not a Falcon key");
+            /* Format unknown so keep trying. */
+            ret = 0;
+        }
+
+        /* Free dynamically allocated data in key. */
+        wc_falcon_free(key);
+    }
+    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
+        WOLFSSL_MSG("Not a Falcon key");
+        /* Format unknown so keep trying. */
+        ret = 0;
+    }
+
+    /* Dispose of allocated key. */
+    XFREE(key, heap, DYNAMIC_TYPE_FALCON);
+    return ret;
+}
+#endif
+
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+/* See if DER data is an Dilithium private key.
+ *
+ * Checks size meets minimum Falcon key size.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [in]      devId      Device identifier.
+ * @param [out]     keyType    Type of key.
+ * @param [out]     keySize    Size of key.
+ * @return  0 on success or not a Dilithium key and format unknown.
+ * @return  DILITHIUM_KEY_SIZE_E when key size doesn't meet minimum required.
+ */
+static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
+{
+    int ret;
+    word32 idx;
+    dilithium_key* key;
+
+    /* Allocate a Dilithium key to parse into. */
+    key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
+        DYNAMIC_TYPE_DILITHIUM);
+    if (key == NULL) {
+        return MEMORY_E;
+    }
+
+    /* Initialize Dilithium key. */
+    ret = wc_dilithium_init(key);
+    if (ret == 0) {
+        /* Set up key to parse the format specified. */
+        if ((*keyFormat == ML_DSA_LEVEL2k) || ((*keyFormat == 0) &&
+            ((der->length == ML_DSA_LEVEL2_KEY_SIZE) ||
+             (der->length == ML_DSA_LEVEL2_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_44);
+        }
+        else if ((*keyFormat == ML_DSA_LEVEL3k) || ((*keyFormat == 0) &&
+            ((der->length == ML_DSA_LEVEL3_KEY_SIZE) ||
+             (der->length == ML_DSA_LEVEL3_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_65);
+        }
+        else if ((*keyFormat == ML_DSA_LEVEL5k) || ((*keyFormat == 0) &&
+            ((der->length == ML_DSA_LEVEL5_KEY_SIZE) ||
+             (der->length == ML_DSA_LEVEL5_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_87);
+        }
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
+            ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
+             (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT);
+        }
+        else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
+            ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
+             (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT);
+        }
+        else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
+            ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
+             (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT);
+        }
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        else {
+            wc_dilithium_free(key);
+            ret = ALGO_ID_E;
+        }
+    }
+
+    if (ret == 0) {
+        /* Decode as a Dilithium private key. */
+        idx = 0;
+        ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
+        if (ret == 0) {
+            /* Get the minimum Dilithium key size from SSL or SSL context
+             * object. */
+            int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
+                                 ctx->minDilithiumKeySz;
+
+            /* Format is known. */
+            if (*keyFormat == ML_DSA_LEVEL2k) {
+                *keyType = dilithium_level2_sa_algo;
+                *keySize = ML_DSA_LEVEL2_KEY_SIZE;
+            }
+            else if (*keyFormat == ML_DSA_LEVEL3k) {
+                *keyType = dilithium_level3_sa_algo;
+                *keySize = ML_DSA_LEVEL3_KEY_SIZE;
+            }
+            else if (*keyFormat == ML_DSA_LEVEL5k) {
+                *keyType = dilithium_level5_sa_algo;
+                *keySize = ML_DSA_LEVEL5_KEY_SIZE;
+            }
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            else if (*keyFormat == DILITHIUM_LEVEL2k) {
+                *keyType = dilithium_level2_sa_algo;
+                *keySize = DILITHIUM_LEVEL2_KEY_SIZE;
+            }
+            else if (*keyFormat == DILITHIUM_LEVEL3k) {
+                *keyType = dilithium_level3_sa_algo;
+                *keySize = DILITHIUM_LEVEL3_KEY_SIZE;
+            }
+            else if (*keyFormat == DILITHIUM_LEVEL5k) {
+                *keyType = dilithium_level5_sa_algo;
+                *keySize = DILITHIUM_LEVEL5_KEY_SIZE;
+            }
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+
+            /* Check that the size of the Dilithium key is enough. */
+            if (*keySize < minKeySz) {
+                WOLFSSL_MSG("Dilithium private key too small");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+        }
+        /* Not a Dilithium key but check whether we know what it is. */
+        else if (*keyFormat == 0) {
+            WOLFSSL_MSG("Not a Dilithium key");
+            /* Format unknown so keep trying. */
+            ret = 0;
+        }
+
+        /* Free dynamically allocated data in key. */
+        wc_dilithium_free(key);
+    }
+    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
+        WOLFSSL_MSG("Not a Dilithium key");
+        /* Format unknown so keep trying. */
+        ret = 0;
+    }
+
+    /* Dispose of allocated key. */
+    XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+}
+#endif /* HAVE_DILITHIUM */
+
+/* Try to decode DER data is a known private key.
+ *
+ * Checks size meets minimum for key type.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      der        DER encoding.
+ * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
+ * @param [in]      heap       Dynamic memory allocation hint.
+ * @param [out]     type       Type of key:
+ *                               PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when der or keyFormat is NULL.
+ * @return  BAD_FUNC_ARG when ctx and ssl are NULL.
+ * @return  WOLFSSL_BAD_FILE when unable to identify the key format.
+ */
+static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int* keyFormat, void* heap, int type)
+{
+    int ret = 0;
+    int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
+    byte* keyType = NULL;
+    int* keySz = NULL;
+
+    (void)heap;
+    (void)devId;
+    (void)type;
+
+    /* Validate parameters. */
+    if ((der == NULL) || (keyFormat == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Must have an SSL context or SSL object to use. */
+    if ((ret == 0) && (ctx == NULL) && (ssl == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Determine where to put key type and size in SSL or context object. */
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (type == ALT_PRIVATEKEY_TYPE) {
+            if (ssl != NULL) {
+                keyType = &ssl->buffers.altKeyType;
+                keySz = &ssl->buffers.altKeySz;
+            }
+            else {
+                keyType = &ctx->altPrivateKeyType;
+                keySz = &ctx->altPrivateKeySz;
+            }
+        }
+        else
+    #endif
+        /* Type is PRIVATEKEY_TYPE. */
+        if (ssl != NULL) {
+            keyType = &ssl->buffers.keyType;
+            keySz = &ssl->buffers.keySz;
+        }
+        else {
+            keyType = &ctx->privateKeyType;
+            keySz = &ctx->privateKeySz;
+        }
+    }
+
+#ifndef NO_RSA
+    /* Try RSA if key format is RSA or yet unknown. */
+    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == RSAk))) {
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION > 2))
+        ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, devId,
+            keyType, keySz);
+#else
+        ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, heap, devId,
+            keyType, keySz);
+#endif
+    }
+#endif
+#ifdef HAVE_ECC
+    /* Try ECC if key format is ECDSA or SM2, or yet unknown. */
+    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == ECDSAk)
+    #ifdef WOLFSSL_SM2
+        || (*keyFormat == SM2k)
+    #endif
+        )) {
+        ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keyFormat, heap, devId,
+            keyType, keySz);
+    }
+#endif /* HAVE_ECC */
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
+    /* Try Ed25519 if key format is Ed25519 or yet unknown. */
+    if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED25519k))) {
+        ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keyFormat, heap,
+            devId, keyType, keySz);
+    }
+#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
+    /* Try Ed448 if key format is Ed448 or yet unknown. */
+    if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED448k))) {
+        ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keyFormat, heap, devId,
+            keyType, keySz);
+    }
+#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
+#if defined(HAVE_FALCON)
+    /* Try Falcon if key format is Falcon level 1k or 5k or yet unknown. */
+    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
+            (*keyFormat == FALCON_LEVEL5k))) {
+        ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keyFormat, heap,
+            keyType, keySz);
+    }
+#endif /* HAVE_FALCON */
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+    /* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
+     */
+    if ((ret == 0) &&
+        ((*keyFormat == 0) ||
+        (*keyFormat == ML_DSA_LEVEL2k) ||
+        (*keyFormat == ML_DSA_LEVEL3k) ||
+        (*keyFormat == ML_DSA_LEVEL5k)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (*keyFormat == DILITHIUM_LEVEL2k)
+     || (*keyFormat == DILITHIUM_LEVEL3k)
+     || (*keyFormat == DILITHIUM_LEVEL5k)
+    #endif
+        )) {
+        ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
+            keyType, keySz);
+    }
+#endif /* HAVE_DILITHIUM */
+
+    /* Check we know the format. */
+    if ((ret == 0) && (*keyFormat == 0)) {
+        WOLFSSL_MSG("Not a supported key type");
+        /* Not supported key format. */
+        ret = WOLFSSL_BAD_FILE;
+    }
+
+    return ret;
+}
+
+#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
+/* Decrypt PKCS#8 private key.
+ *
+ * @param [in] info   Encryption information.
+ * @param [in] der    DER encoded data.
+ * @param [in] heap   Dynamic memory allocation hint.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der,
+    void* heap)
+{
+    int ret = 0;
+    word32 algId;
+    int   passwordSz = NAME_SZ;
+#ifndef WOLFSSL_SMALL_STACK
+    char  password[NAME_SZ];
+#else
+    char* password;
+#endif
+
+    (void)heap;
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate memory for password. */
+    password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
+    if (password == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    if (ret == 0) {
+        /* Get password. */
+        ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
+            info->passwd_userdata);
+    }
+    if (ret >= 0) {
+        /* Returned value is password size. */
+        passwordSz = ret;
+    #ifdef WOLFSSL_CHECK_MEM_ZERO
+        wc_MemZero_Add("ProcessBuffer password", password, passwordSz);
+    #endif
+
+        /* Decrypt PKCS#8 private key inline and get algorithm id. */
+        ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz,
+            &algId);
+    }
+    if (ret >= 0) {
+        /* Zero out encrypted data not overwritten. */
+        ForceZero(der->buffer + ret, der->length - (word32)ret);
+        /* Set decrypted data length. */
+        der->length = (word32)ret;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (password != NULL)
+#endif
+    {
+        /* Ensure password is zeroized. */
+        ForceZero(password, (word32)passwordSz);
+    }
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of password memory. */
+    XFREE(password, heap, DYNAMIC_TYPE_STRING);
+#elif defined(WOLFSSL_CHECK_MEM_ZERO)
+    wc_MemZero_Check(password, NAME_SZ);
+#endif
+    return ret;
+}
+#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
+
+/* Put the DER into the SSL or SSL context object.
+ *
+ * Precondition: ctx or ssl is not NULL.
+ * Precondition: Must be a private key type.
+ *
+ * @param [in, out] ctx  SSL context object.
+ * @param [in, out] ssl  SSL object.
+ * @param [in]      der  DER encoding.
+ * @return  0 on success.
+ */
+static int ProcessBufferPrivKeyHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer** der, int type)
+{
+    int ret = 0;
+
+    (void)type;
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (type == ALT_PRIVATEKEY_TYPE) {
+        /* Put in alternate private key fields of objects. */
+        if (ssl != NULL) {
+            /* Dispose of previous key if not context's. */
+            if (ssl->buffers.weOwnAltKey) {
+                FreeDer(&ssl->buffers.altKey);
+            #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+                FreeDer(&ssl->buffers.altKeyMask);
+            #endif
+            }
+            ssl->buffers.altKeyId = 0;
+            ssl->buffers.altKeyLabel = 0;
+            ssl->buffers.altKeyDevId = INVALID_DEVID;
+            /* Store key by reference and own it. */
+            ssl->buffers.altKey = *der;
+        #ifdef WOLFSSL_CHECK_MEM_ZERO
+            wc_MemZero_Add("SSL Buffers key", (*der)->buffer, (*der)->length);
+        #endif
+            ssl->buffers.weOwnAltKey = 1;
+        }
+        else if (ctx != NULL) {
+            /* Dispose of previous key. */
+            FreeDer(&ctx->altPrivateKey);
+            ctx->altPrivateKeyId = 0;
+            ctx->altPrivateKeyLabel = 0;
+            ctx->altPrivateKeyDevId = INVALID_DEVID;
+            /* Store key by reference. */
+            ctx->altPrivateKey = *der;
+        #ifdef WOLFSSL_CHECK_MEM_ZERO
+            wc_MemZero_Add("CTX private key", (*der)->buffer, (*der)->length);
+        #endif
+        }
+    }
+    else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+    if (ssl != NULL) {
+        /* Dispose of previous key if not context's. */
+        if (ssl->buffers.weOwnKey) {
+            FreeDer(&ssl->buffers.key);
+        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+            FreeDer(&ssl->buffers.keyMask);
+        #endif
+        }
+        ssl->buffers.keyId = 0;
+        ssl->buffers.keyLabel = 0;
+        ssl->buffers.keyDevId = INVALID_DEVID;
+        /* Store key by reference and own it. */
+        ssl->buffers.key = *der;
+    #ifdef WOLFSSL_CHECK_MEM_ZERO
+        wc_MemZero_Add("SSL Buffers key", (*der)->buffer, (*der)->length);
+    #endif
+        ssl->buffers.weOwnKey = 1;
+    }
+    else if (ctx != NULL) {
+        /* Dispose of previous key. */
+        FreeDer(&ctx->privateKey);
+        ctx->privateKeyId = 0;
+        ctx->privateKeyLabel = 0;
+        ctx->privateKeyDevId = INVALID_DEVID;
+        /* Store key by reference. */
+        ctx->privateKey = *der;
+    #ifdef WOLFSSL_CHECK_MEM_ZERO
+        wc_MemZero_Add("CTX private key", (*der)->buffer, (*der)->length);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Decode private key.
+ *
+ * Precondition: ctx or ssl is not NULL.
+ * Precondition: Must be a private key type.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      der     DER encoding.
+ * @param [in]      format  Original format of data.
+ * @param [in]      info    Encryption information.
+ * @param [in]      heap    Dynamic memory allocation hint.
+ * @param [in]      type    Type of data:
+ *                            PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
+ * @param [in]      algId   Algorithm id of key.
+ * @return  0 on success.
+ * @return  WOLFSSL_BAD_FILE when not able to decode.
+ */
+static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int format, EncryptedInfo* info, void* heap, int type,
+    int algId)
+{
+    int ret;
+
+    (void)info;
+    (void)format;
+
+    /* Put the data into the SSL or SSL context object. */
+    ret = ProcessBufferPrivKeyHandleDer(ctx, ssl, &der, type);
+    if (ret == 0) {
+        /* Try to decode the DER data. */
+        ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type);
+    }
+
+#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
+    /* If private key type PKCS8 header wasn't already removed (algId == 0). */
+    if (((ret != 0) || (algId == 0)) && (format != WOLFSSL_FILETYPE_PEM) &&
+            (info->passwd_cb != NULL) && (algId == 0)) {
+        /* Try to decrypt DER data as a PKCS#8 private key. */
+        ret = ProcessBufferPrivPkcs8Dec(info, der, heap);
+        if (ret >= 0) {
+            /* Try to decode decrypted data.  */
+            ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type);
+        }
+    }
+#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
+
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (type == ALT_PRIVATEKEY_TYPE) {
+        if (ssl != NULL) {
+            ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
+                &ssl->buffers.altKeyMask);
+        }
+        else {
+            ret = wolfssl_priv_der_blind(NULL, ctx->altPrivateKey,
+                &ctx->altPrivateKeyMask);
+        }
+    }
+    else
+#endif
+    if (ssl != NULL) {
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            &ssl->buffers.keyMask);
+    }
+    else {
+        ret = wolfssl_priv_der_blind(NULL, ctx->privateKey,
+            &ctx->privateKeyMask);
+    }
+#endif
+
+    /* Check if we were able to determine algorithm id. */
+    if ((ret == 0) && (algId == 0)) {
+    #ifdef OPENSSL_EXTRA
+        /* Decryption password is probably wrong. */
+        if (info->passwd_cb) {
+            WOLFSSL_EVPerr(0, -WOLFSSL_EVP_R_BAD_DECRYPT_E);
+        }
+    #endif
+        WOLFSSL_ERROR(WOLFSSL_BAD_FILE);
+        /* Unable to decode DER data. */
+        ret = WOLFSSL_BAD_FILE;
+    }
+
+    return ret;
+}
+
+/* Use the key OID to determine have options.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      keyOID  OID for public/private key.
+ */
+static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    int keyOID)
+{
+    /* Set which private key algorithm available based on key OID. */
+    switch (keyOID) {
+        case ECDSAk:
+    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+        case SM2k:
+    #endif
+    #ifdef HAVE_ED25519
+        case ED25519k:
+    #endif
+    #ifdef HAVE_ED448
+        case ED448k:
+    #endif
+            if (ssl != NULL) {
+                ssl->options.haveECC = 1;
+            }
+            else {
+                ctx->haveECC = 1;
+            }
+            break;
+    #ifndef NO_RSA
+        case RSAk:
+        #ifdef WC_RSA_PSS
+        case RSAPSSk:
+        #endif
+            if (ssl != NULL) {
+                ssl->options.haveRSA = 1;
+            }
+            else {
+                ctx->haveRSA = 1;
+            }
+            break;
+    #endif
+    #ifdef HAVE_FALCON
+        case FALCON_LEVEL1k:
+        case FALCON_LEVEL5k:
+            if (ssl != NULL) {
+                ssl->options.haveFalconSig = 1;
+            }
+            else {
+                ctx->haveFalconSig = 1;
+            }
+            break;
+    #endif /* HAVE_FALCON */
+    #ifdef HAVE_DILITHIUM
+        case ML_DSA_LEVEL2k:
+        case ML_DSA_LEVEL3k:
+        case ML_DSA_LEVEL5k:
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2k:
+        case DILITHIUM_LEVEL3k:
+        case DILITHIUM_LEVEL5k:
+        #endif
+            if (ssl != NULL) {
+                ssl->options.haveDilithiumSig = 1;
+            }
+            else {
+                ctx->haveDilithiumSig = 1;
+            }
+            break;
+    #endif /* HAVE_DILITHIUM */
+        default:
+            WOLFSSL_MSG("Cert key not supported");
+            break;
+        }
+}
+
+/* Set which private key algorithm we have against SSL or SSL context object.
+ *
+ * Precondition: ctx or ssl is not NULL.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      cert    Decode certificate.
+ */
+static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DecodedCert* cert)
+{
+    if (ssl != NULL) {
+        /* Reset signatures we have in SSL. */
+        ssl->options.haveECDSAsig = 0;
+        ssl->options.haveFalconSig = 0;
+        ssl->options.haveDilithiumSig = 0;
+    }
+
+    /* Set which signature we have based on the type in the cert. */
+    switch (cert->signatureOID) {
+        case CTC_SHAwECDSA:
+        case CTC_SHA256wECDSA:
+        case CTC_SHA384wECDSA:
+        case CTC_SHA512wECDSA:
+    #ifdef HAVE_ED25519
+        case CTC_ED25519:
+    #endif
+    #ifdef HAVE_ED448
+        case CTC_ED448:
+    #endif
+    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+        case CTC_SM3wSM2:
+    #endif
+            WOLFSSL_MSG("ECDSA/ED25519/ED448 cert signature");
+            if (ssl) {
+                ssl->options.haveECDSAsig = 1;
+            }
+            else if (ctx) {
+                ctx->haveECDSAsig = 1;
+            }
+            break;
+    #ifdef HAVE_FALCON
+        case CTC_FALCON_LEVEL1:
+        case CTC_FALCON_LEVEL5:
+            WOLFSSL_MSG("Falcon cert signature");
+            if (ssl) {
+                ssl->options.haveFalconSig = 1;
+            }
+            else if (ctx) {
+                ctx->haveFalconSig = 1;
+            }
+            break;
+    #endif
+    #ifdef HAVE_DILITHIUM
+        case CTC_ML_DSA_LEVEL2:
+        case CTC_ML_DSA_LEVEL3:
+        case CTC_ML_DSA_LEVEL5:
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case CTC_DILITHIUM_LEVEL2:
+        case CTC_DILITHIUM_LEVEL3:
+        case CTC_DILITHIUM_LEVEL5:
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            WOLFSSL_MSG("Dilithium cert signature");
+            if (ssl) {
+                ssl->options.haveDilithiumSig = 1;
+            }
+            else if (ctx) {
+                ctx->haveDilithiumSig = 1;
+            }
+            break;
+    #endif
+        default:
+            WOLFSSL_MSG("Cert signature not supported");
+            break;
+    }
+
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
+    defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || !defined(NO_RSA)
+    #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+    /* Set the private key curve OID. */
+    if (ssl != NULL) {
+        ssl->pkCurveOID = cert->pkCurveOID;
+    }
+    else if (ctx) {
+        ctx->pkCurveOID = cert->pkCurveOID;
+    }
+    #endif
+#ifndef WC_STRICT_SIG
+    if ((ctx != NULL) || (ssl != NULL)) {
+        wolfssl_set_have_from_key_oid(ctx, ssl, (int)cert->keyOID);
+    }
+#else
+    /* Set whether ECC is available based on signature available. */
+    if (ssl != NULL) {
+        ssl->options.haveECC = ssl->options.haveECDSAsig;
+    }
+    else if (ctx) {
+        ctx->haveECC = ctx->haveECDSAsig;
+    }
+#endif /* !WC_STRICT_SIG */
+#endif
+}
+
+/* Check key size is valid.
+ *
+ * Precondition: ctx or ssl is not NULL.
+ *
+ * @param [in] min    Minimum key size.
+ * @param [in] max    Maximum key size.
+ * @param [in] keySz  Key size.
+ * @param [in] err    Error value to return when key size is invalid.
+ * @return  0 on success.
+ * @return  err when verifying and min is less than 0 or key size is invalid.
+ */
+#define CHECK_KEY_SZ(min, max, keySz, err)                                     \
+    (((min) < 0) || ((keySz) < (min)) || ((keySz) > (max))) ? (err) : 0
+
+/* Check public key in certificate.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      cert  Certificate object.
+ * @return  0 on success.
+ * @return  Non-zero when an error occurred.
+ */
+static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DecodedCert* cert, int checkKeySz)
+{
+    int ret = 0;
+    byte keyType = 0;
+    int keySz = 0;
+#ifndef NO_RSA
+    word32 idx;
+#endif
+
+    /* Get key size and check unless not verifying. */
+    switch (cert->keyOID) {
+#ifndef NO_RSA
+    #ifdef WC_RSA_PSS
+        case RSAPSSk:
+    #endif
+        case RSAk:
+            keyType = rsa_sa_algo;
+            /* Determine RSA key size by parsing public key */
+            idx = 0;
+            ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx,
+                cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL);
+            if ((ret == 0) && checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz :
+                    ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E);
+            }
+            break;
+#endif /* !NO_RSA */
+    #ifdef HAVE_ECC
+        case ECDSAk:
+            keyType = ecc_dsa_sa_algo;
+            /* Determine ECC key size based on curve */
+        #ifdef WOLFSSL_CUSTOM_CURVES
+            if ((cert->pkCurveOID == 0) && (cert->pkCurveSize != 0)) {
+                keySz = cert->pkCurveSize;
+            }
+            else
+        #endif
+            {
+                keySz = wc_ecc_get_curve_size_from_id(wc_ecc_get_oid(
+                    cert->pkCurveOID, NULL, NULL));
+            }
+
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                     ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
+                     ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ECC */
+    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+        case SM2k:
+            keyType = sm2_sa_algo;
+            /* Determine ECC key size based on curve */
+            keySz = WOLFSSL_SM2_KEY_BITS / 8;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                    ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
+                    ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ED25519 */
+    #ifdef HAVE_ED25519
+        case ED25519k:
+            keyType = ed25519_sa_algo;
+            /* ED25519 is fixed key size */
+            keySz = ED25519_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                    ctx->minEccKeySz, ED25519_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ED25519 */
+    #ifdef HAVE_ED448
+        case ED448k:
+            keyType = ed448_sa_algo;
+            /* ED448 is fixed key size */
+            keySz = ED448_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                    ctx->minEccKeySz, ED448_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ED448 */
+    #if defined(HAVE_FALCON)
+        case FALCON_LEVEL1k:
+            keyType = falcon_level1_sa_algo;
+            /* Falcon is fixed key size */
+            keySz = FALCON_LEVEL1_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
+                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
+                    FALCON_KEY_SIZE_E);
+            }
+            break;
+        case FALCON_LEVEL5k:
+            keyType = falcon_level5_sa_algo;
+            /* Falcon is fixed key size */
+            keySz = FALCON_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
+                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
+                    FALCON_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_FALCON */
+    #if defined(HAVE_DILITHIUM)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2k:
+            keyType = dilithium_level2_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = DILITHIUM_LEVEL2_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case DILITHIUM_LEVEL3k:
+            keyType = dilithium_level3_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = DILITHIUM_LEVEL3_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case DILITHIUM_LEVEL5k:
+            keyType = dilithium_level5_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = DILITHIUM_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        case ML_DSA_LEVEL2k:
+            keyType = dilithium_level2_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL2_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL3k:
+            keyType = dilithium_level3_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL3_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL5k:
+            keyType = dilithium_level5_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_DILITHIUM */
+
+        default:
+            WOLFSSL_MSG("No key size check done on public key in certificate");
+            break;
+    }
+
+    /* Store the type and key size as there may not be a private key set. */
+    if (ssl != NULL) {
+        ssl->buffers.keyType = keyType;
+        ssl->buffers.keySz = keySz;
+    }
+    else {
+        ctx->privateKeyType = keyType;
+        ctx->privateKeySz = keySz;
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DecodedCert* cert, int checkKeySz)
+{
+    int ret = 0;
+    void* heap = WOLFSSL_HEAP(ctx, ssl);
+    byte keyType = 0;
+    int keySz = 0;
+#ifndef NO_RSA
+    word32 idx;
+#endif
+
+    /* Check alternative key size of cert. */
+    switch (cert->sapkiOID) {
+        /* No OID set. */
+        case 0:
+            if (cert->sapkiLen != 0) {
+                /* Have the alternative key data but no OID. */
+                ret = NOT_COMPILED_IN;
+            }
+            break;
+
+#ifndef NO_RSA
+    #ifdef WC_RSA_PSS
+        case RSAPSSk:
+    #endif
+        case RSAk:
+            keyType = rsa_sa_algo;
+            /* Determine RSA key size by parsing public key */
+            idx = 0;
+            ret = wc_RsaPublicKeyDecode_ex(cert->sapkiDer, &idx,
+                cert->sapkiLen, NULL, (word32*)&keySz, NULL, NULL);
+            if ((ret == 0) && checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz :
+                    ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E);
+            }
+            break;
+#endif /* !NO_RSA */
+    #ifdef HAVE_ECC
+        case ECDSAk:
+        {
+        #ifdef WOLFSSL_SMALL_STACK
+            ecc_key* temp_key = NULL;
+        #else
+            ecc_key temp_key[1];
+        #endif
+            keyType = ecc_dsa_sa_algo;
+
+        #ifdef WOLFSSL_SMALL_STACK
+            temp_key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap,
+                DYNAMIC_TYPE_ECC);
+            if (temp_key == NULL) {
+                ret = MEMORY_E;
+            }
+        #endif
+
+            /* Determine ECC key size. We have to decode the sapki for
+             * that. */
+            if (ret == 0) {
+                ret = wc_ecc_init_ex(temp_key, heap, INVALID_DEVID);
+                if (ret == 0) {
+                    idx = 0;
+                    ret = wc_EccPublicKeyDecode(cert->sapkiDer, &idx, temp_key,
+                        cert->sapkiLen);
+                    if (ret == 0) {
+                        keySz = wc_ecc_size(temp_key);
+                    }
+                    wc_ecc_free(temp_key);
+                }
+            }
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(temp_key, heap, DYNAMIC_TYPE_ECC);
+        #endif
+
+            if ((ret == 0) && checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                     ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
+                     ECC_KEY_SIZE_E);
+            }
+            break;
+        }
+    #endif /* HAVE_ECC */
+    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+        case SM2k:
+            keyType = sm2_sa_algo;
+            /* Determine ECC key size based on curve */
+            keySz = WOLFSSL_SM2_KEY_BITS / 8;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                    ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
+                    ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ED25519 */
+    #ifdef HAVE_ED25519
+        case ED25519k:
+            keyType = ed25519_sa_algo;
+            /* ED25519 is fixed key size */
+            keySz = ED25519_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                    ctx->minEccKeySz, ED25519_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ED25519 */
+    #ifdef HAVE_ED448
+        case ED448k:
+            keyType = ed448_sa_algo;
+            /* ED448 is fixed key size */
+            keySz = ED448_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
+                    ctx->minEccKeySz, ED448_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_ED448 */
+    #if defined(HAVE_FALCON)
+        case FALCON_LEVEL1k:
+            keyType = falcon_level1_sa_algo;
+            /* Falcon is fixed key size */
+            keySz = FALCON_LEVEL1_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
+                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
+                    FALCON_KEY_SIZE_E);
+            }
+            break;
+        case FALCON_LEVEL5k:
+            keyType = falcon_level5_sa_algo;
+            /* Falcon is fixed key size */
+            keySz = FALCON_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
+                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
+                    FALCON_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_FALCON */
+    #if defined(HAVE_DILITHIUM)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2k:
+            keyType = dilithium_level2_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = DILITHIUM_LEVEL2_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case DILITHIUM_LEVEL3k:
+            keyType = dilithium_level3_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = DILITHIUM_LEVEL3_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case DILITHIUM_LEVEL5k:
+            keyType = dilithium_level5_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = DILITHIUM_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        case ML_DSA_LEVEL2k:
+            keyType = dilithium_level2_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL2_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL3k:
+            keyType = dilithium_level3_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL3_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL5k:
+            keyType = dilithium_level5_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+    #endif /* HAVE_DILITHIUM */
+
+        default:
+            /* In this case, there was an OID that we didn't recognize.
+             * This is an error. Use not compiled in because likely the
+             * given algorithm was not enabled. */
+            ret = NOT_COMPILED_IN;
+            WOLFSSL_MSG("No alt key size check done on certificate");
+            break;
+    }
+
+    if (ssl != NULL) {
+        ssl->buffers.altKeyType = (byte)keyType;
+        ssl->buffers.altKeySz = keySz;
+    }
+    else if (ctx != NULL) {
+        ctx->altPrivateKeyType = (byte)keyType;
+        ctx->altPrivateKeySz = keySz;
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+/* Parse the certificate and pull out information for TLS handshake.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      der   DER encoded X509 certificate.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  WOLFSSL_BAD_FILE when decoding certificate fails.
+ */
+static int ProcessBufferCert(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der)
+{
+    int ret = 0;
+    void* heap = WOLFSSL_HEAP(ctx, ssl);
+#if defined(HAVE_RPK)
+    RpkState* rpkState = ssl ? &ssl->options.rpkState : &ctx->rpkState;
+#endif
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert* cert;
+#else
+    DecodedCert  cert[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate memory for certificate to be decoded into. */
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_DCERT);
+    if (cert == NULL) {
+        ret = MEMORY_E;
+    }
+
+    if (ret == 0)
+#endif
+    {
+        /* Get device id from SSL context or SSL object. */
+        int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
+
+        WOLFSSL_MSG("Checking cert signature type");
+        /* Initialize certificate object. */
+        InitDecodedCert_ex(cert, der->buffer, der->length, heap, devId);
+
+        /* Decode up to and including public key. */
+        if (DecodeToKey(cert, 0) < 0) {
+            WOLFSSL_MSG("Decode to key failed");
+            ret = WOLFSSL_BAD_FILE;
+        }
+        if (ret == 0) {
+            int checkKeySz = 1;
+
+        #if defined(HAVE_RPK)
+            /* Store whether the crtificate is a raw public key. */
+            rpkState->isRPKLoaded = cert->isRPK;
+        #endif /* HAVE_RPK */
+
+            /* Set which private key algorithm we have. */
+            ProcessBufferCertSetHave(ctx, ssl, cert);
+
+            /* Don't check if verification is disabled for SSL. */
+            if ((ssl != NULL) && ssl->options.verifyNone) {
+                checkKeySz = 0;
+            }
+            /* Don't check if no SSL object verification is disabled for SSL
+             * context. */
+            else if ((ssl == NULL) && ctx->verifyNone) {
+                checkKeySz = 0;
+            }
+
+            /* Check public key size. */
+            ret = ProcessBufferCertPublicKey(ctx, ssl, cert, checkKeySz);
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ret == 0) {
+                ret = ProcessBufferCertAltPublicKey(ctx, ssl, cert, checkKeySz);
+            }
+        #endif
+        }
+    }
+
+    /* Dispose of dynamic memory in certificate object. */
+    FreeDecodedCert(cert);
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of certificate object. */
+    XFREE(cert, heap, DYNAMIC_TYPE_DCERT);
+#endif
+    return ret;
+}
+
+/* Handle storing the DER encoding of the certificate.
+ *
+ * Do not free der outside of this function.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      der     DER encoded certificate.
+ * @param [in]      type    Type of data:
+ *                            CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE.
+ * @param [in]      verify  What verification to do.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when type is CA_TYPE and ctx is NULL.
+ * @return  WOLFSSL_BAD_CERTTYPE when data type is not supported.
+ */
+static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    DerBuffer* der, int type, int verify)
+{
+    int ret = 0;
+
+    /* CA certificate to verify with. */
+    if (type == CA_TYPE) {
+        /* verify CA unless user set to no verify */
+        ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify);
+        if (ret == 1) {
+            ret = 0;
+        }
+    }
+#ifdef WOLFSSL_TRUST_PEER_CERT
+    /* Trusted certificate to verify peer with. */
+    else if (type == TRUSTED_PEER_TYPE) {
+        WOLFSSL_CERT_MANAGER* cm;
+
+        /* Get certificate manager to add certificate to. */
+        if (ctx != NULL) {
+            cm = ctx->cm;
+        }
+        else {
+            SSL_CM_WARNING(ssl);
+            cm = SSL_CM(ssl);
+        }
+        /* Add certificate as a trusted peer. */
+        ret = AddTrustedPeer(cm, &der, verify);
+        if (ret != 1) {
+            WOLFSSL_MSG("Error adding trusted peer");
+        }
+    }
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+    /* Leaf certificate - our certificate. */
+    else if (type == CERT_TYPE) {
+        if (ssl != NULL) {
+            /* Free previous certificate if we own it. */
+            if (ssl->buffers.weOwnCert) {
+                FreeDer(&ssl->buffers.certificate);
+            #ifdef KEEP_OUR_CERT
+                /* Dispose of X509 version of certificate. */
+                wolfSSL_X509_free(ssl->ourCert);
+                ssl->ourCert = NULL;
+            #endif
+            }
+            /* Store certificate as ours. */
+            ssl->buffers.certificate = der;
+        #ifdef KEEP_OUR_CERT
+            ssl->keepCert = 1; /* hold cert for ssl lifetime */
+        #endif
+            /* We have to free the certificate buffer. */
+            ssl->buffers.weOwnCert = 1;
+            /* ourCert is created on demand. */
+        }
+        else if (ctx != NULL) {
+            /* Free previous certificate. */
+            FreeDer(&ctx->certificate); /* Make sure previous is free'd */
+        #ifdef KEEP_OUR_CERT
+            /* Dispose of X509 version of certificate if we own it. */
+            if (ctx->ownOurCert) {
+                wolfSSL_X509_free(ctx->ourCert);
+            }
+            ctx->ourCert = NULL;
+        #endif
+            /* Store certificate as ours. */
+            ctx->certificate = der;
+            /* ourCert is created on demand. */
+        }
+    }
+    else {
+        /* Dispose of DER buffer. */
+        FreeDer(&der);
+        /* Not a certificate type supported. */
+        ret = WOLFSSL_BAD_CERTTYPE;
+    }
+
+    return ret;
+}
+
+/* Process certificate based on type.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      buff    Buffer holding original data.
+ * @param [in]      sz      Size of data in buffer.
+ * @param [in]      der     DER encoding of certificate.
+ * @param [in]      format  Format of data.
+ * @param [in]      type    Type of data:
+ *                            CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE.
+ * @param [in]      verify  What verification to do.
+ * @return  0 on success.
+ * @return  WOLFSSL_FATAL_ERROR on failure.
+ */
+static int ProcessBufferCertTypes(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    const unsigned char* buff, long sz, DerBuffer* der, int format, int type,
+    int verify)
+{
+    int ret;
+
+    (void)buff;
+    (void)sz;
+    (void)format;
+
+    ret = ProcessBufferCertHandleDer(ctx, ssl, der, type, verify);
+    if ((ret == 0) && (type == CERT_TYPE)) {
+        /* Process leaf certificate. */
+        ret = ProcessBufferCert(ctx, ssl, der);
+    }
+#if !defined(NO_WOLFSSL_CM_VERIFY) && (!defined(NO_WOLFSSL_CLIENT) || \
+    !defined(WOLFSSL_NO_CLIENT_AUTH))
+    /* Hand bad CA or user certificate to callback. */
+    if ((ret < 0) && ((type == CA_TYPE) || (type == CERT_TYPE))) {
+        /* Check for verification callback that may override error. */
+        if ((ctx != NULL) && (ctx->cm != NULL) &&
+                (ctx->cm->verifyCallback != NULL)) {
+            /* Verify and use callback. */
+            ret = CM_VerifyBuffer_ex(ctx->cm, buff, sz, format, ret);
+            /* Convert error. */
+            if (ret == 0) {
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+            if (ret == 1) {
+                ret = 0;
+            }
+        }
+    }
+#endif /* NO_WOLFSSL_CM_VERIFY */
+
+    return ret;
+}
+
+/* Reset the cipher suites based on updated private key or certificate.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      type    Type of certificate.
+ * @return  0 on success.
+ * @return  WOLFSSL_FATAL_ERROR when allocation fails.
+ */
+static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
+{
+    int ret = 0;
+
+    /* Reset suites of SSL object. */
+    if (ssl != NULL) {
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            /* Allocate memory for suites. */
+            if (AllocateSuites(ssl) != 0) {
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+            else {
+                /* Determine cipher suites based on what we have. */
+                InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz,
+                    WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH,
+                    ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
+                    ssl->options.haveStaticECC,
+                    ssl->options.useAnon, TRUE,
+                    TRUE, TRUE, TRUE, ssl->options.side);
+            }
+        }
+    }
+    /* Reset suites of SSL context object. */
+    else if ((type == CERT_TYPE) && (ctx->method->side == WOLFSSL_SERVER_END)) {
+        /* Allocate memory for suites. */
+        if (AllocateCtxSuites(ctx) != 0) {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+        else {
+            /* Determine cipher suites based on what we have. */
+            InitSuites(ctx->suites, ctx->method->version, ctx->privateKeySz,
+                WOLFSSL_HAVE_RSA, CTX_HAVE_PSK(ctx), ctx->haveDH,
+                ctx->haveECDSAsig, ctx->haveECC, TRUE, ctx->haveStaticECC,
+                CTX_USE_ANON(ctx),
+                TRUE, TRUE, TRUE, TRUE, ctx->method->side);
+        }
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_DUAL_ALG_CERTS
+    /* Determine whether the type is for a private key. */
+    #define IS_PRIVKEY_TYPE(type) ((type) == PRIVATEKEY_TYPE)
+#else
+    /* Determine whether the type is for a private key. */
+    #define IS_PRIVKEY_TYPE(type) (((type) == PRIVATEKEY_TYPE) ||   \
+                                   ((type) == ALT_PRIVATEKEY_TYPE))
+#endif
+
+/* Process a buffer of data.
+ *
+ * Data type is a private key or a certificate.
+ * The format can be ASN.1 (DER) or PEM.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in]      buff       Buffer holding data.
+ * @param [in]      sz         Size of data in buffer.
+ * @param [in]      format     Format of data:
+ *                               WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @param [in]      type       Type of data:
+ *                               CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE,
+ *                               PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
+ * @param [in, out] ssl        SSL object.
+ * @param [out]     used       Number of bytes consumed.
+ * @param [in[      userChain  Whether this certificate is for user's chain.
+ * @param [in]      verify     How to verify certificate.
+ * @return  1 on success.
+ * @return  Less than 1 on failure.
+ */
+int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
+    int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify)
+{
+    DerBuffer*    der = NULL;
+    int           ret = 0;
+    void*         heap = WOLFSSL_HEAP(ctx, ssl);
+#ifdef WOLFSSL_SMALL_STACK
+    EncryptedInfo* info = NULL;
+#else
+    EncryptedInfo  info[1];
+#endif
+    int           algId = 0;
+
+    WOLFSSL_ENTER("ProcessBuffer");
+
+    /* Check data format is supported. */
+    if ((format != WOLFSSL_FILETYPE_ASN1) && (format != WOLFSSL_FILETYPE_PEM)) {
+        ret = WOLFSSL_BAD_FILETYPE;
+    }
+    /* Need an object to store certificate into. */
+    if ((ret == 0) && (ctx == NULL) && (ssl == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* CA certificates go into the SSL context object. */
+    if ((ret == 0) && (ctx == NULL) && (type == CA_TYPE)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* This API does not handle CHAIN_CERT_TYPE */
+    if ((ret == 0) && (type == CHAIN_CERT_TYPE)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (ret == 0) {
+        /* Allocate memory for encryption information. */
+        info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap,
+            DYNAMIC_TYPE_ENCRYPTEDINFO);
+        if (info == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Initialize encryption information. */
+        XMEMSET(info, 0, sizeof(EncryptedInfo));
+    #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
+        if (ctx != NULL) {
+            info->passwd_cb       = ctx->passwd_cb;
+            info->passwd_userdata = ctx->passwd_userdata;
+        }
+    #endif
+
+        /* Get the DER data for a private key or certificate. */
+        ret = DataToDerBuffer(buff, (word32)sz, format, type, info, heap, &der,
+            &algId);
+        if (used != NULL) {
+            /* Update to amount used/consumed. */
+            *used = info->consumed;
+        }
+    #ifdef WOLFSSL_SMALL_STACK
+        if (ret != 0) {
+             /* Info no longer needed as loading failed. */
+             XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
+        }
+    #endif
+    }
+
+    if ((ret == 0) && IS_PRIVKEY_TYPE(type)) {
+        /* Process the private key. */
+        ret = ProcessBufferPrivateKey(ctx, ssl, der, format, info, heap, type,
+            algId);
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Info no longer needed - keep max memory usage down. */
+        XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
+    #endif
+    }
+    else if (ret == 0) {
+        /* Processing a certificate. */
+        if (userChain) {
+            /* Take original buffer and add to user chain to send in TLS
+             * handshake. */
+            ret = ProcessUserChain(ctx, ssl, buff, sz, format, type, used, info,
+                verify);
+            /* Additional chain is optional */
+            if (ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) {
+                unsigned long pemErr = 0;
+                CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr);
+                ret = 0;
+            }
+        }
+
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Info no longer needed - keep max memory usage down. */
+        XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
+    #endif
+
+        if (ret == 0) {
+            /* Process the different types of certificates. */
+            ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type,
+                verify);
+        }
+        else {
+            FreeDer(&der);
+        }
+    }
+
+    /* Reset suites if this is a private key or user certificate. */
+    if ((ret == 0) && ((type == PRIVATEKEY_TYPE) || (type == CERT_TYPE))) {
+        ret = ProcessBufferResetSuites(ctx, ssl, type);
+    }
+
+    /* Convert return code. */
+    if (ret == 0) {
+        ret = 1;
+    }
+    else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
+        ret = 0;
+    }
+    WOLFSSL_LEAVE("ProcessBuffer", ret);
+    return ret;
+}
+
+#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL)
+/* Try to parse data as a PEM CRL.
+ *
+ * @param [in]  ctx       SSL context object.
+ * @param [in]  buff      Buffer containing potential CRL in PEM format.
+ * @param [in]  sz        Amount of data in buffer remaining.
+ * @param [out] consumed  Number of bytes in buffer was the CRL.
+ * @return  0 on success.
+ */
+static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff,
+    long sz, long* consumed)
+{
+    int           ret;
+    DerBuffer*    der = NULL;
+    EncryptedInfo info;
+
+    WOLFSSL_MSG("Trying a CRL");
+    ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, NULL);
+    if (ret == 0) {
+        WOLFSSL_MSG("   Processed a CRL");
+        wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer, der->length,
+            WOLFSSL_FILETYPE_ASN1);
+        FreeDer(&der);
+        *consumed = info.consumed;
+    }
+
+    return ret;
+}
+#endif
+
+/* Process all chain certificates (and CRLs) in the PEM data.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      buff    Buffer containing PEM data.
+ * @param [in]      sz      Size of data in buffer.
+ * @param [in]      type    Type of data.
+ * @param [in]      verify  How to verify certificate.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    const unsigned char* buff, long sz, int type, int verify)
+{
+    int  ret    = 0;
+    long used   = 0;
+    int  gotOne = 0;
+
+    WOLFSSL_MSG("Processing CA PEM file");
+    /* Keep processing file while no errors and data to parse. */
+    while ((ret >= 0) && (used < sz)) {
+        long consumed = 0;
+
+        /* Process the buffer. */
+        ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM,
+            type, ssl, &consumed, 0, verify);
+        /* Memory allocation failure is fatal. */
+        if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
+            gotOne = 0;
+        }
+        /* Other error parsing. */
+        else if (ret < 0) {
+#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL)
+            /* Try parsing a CRL. */
+            if (ProcessChainBufferCRL(ctx, buff + used, sz - used,
+                    &consumed) == 0) {
+                ret = 0;
+            }
+            else
+#endif
+            /* Check whether we made progress. */
+            if (consumed > 0) {
+                WOLFSSL_ERROR(ret);
+                WOLFSSL_MSG("CA Parse failed, with progress in file.");
+                WOLFSSL_MSG("Search for other certs in file");
+                /* Check if we have more data to parse to recover. */
+                if (used + consumed < sz) {
+                    ret = 0;
+                }
+            }
+            else {
+                /* No progress in parsing being made - stop here. */
+                WOLFSSL_MSG("CA Parse failed, no progress in file.");
+                WOLFSSL_MSG("Do not continue search for other certs in file");
+            }
+        }
+        else {
+            /* Got a certificate out. */
+            WOLFSSL_MSG("   Processed a CA");
+            gotOne = 1;
+        }
+        /* Update used count. */
+        used += consumed;
+    }
+
+    /* May have other unparsable data but did we get a certificate? */
+    if (gotOne) {
+        WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
+        ret = 1;
+    }
+    return ret;
+}
+
+
+/* Get verify settings for AddCA from SSL context. */
+#define GET_VERIFY_SETTING_CTX(ctx) \
+    ((ctx) && (ctx)->verifyNone ? NO_VERIFY : VERIFY)
+/* Get verify settings for AddCA from SSL. */
+#define GET_VERIFY_SETTING_SSL(ssl) \
+    ((ssl)->options.verifyNone ? NO_VERIFY : VERIFY)
+
+#ifndef NO_FILESYSTEM
+
+/* Process data from a file as private keys, CRL or certificates.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in]      fname      Name of file to read.
+ * @param [in]      format     Format of data:
+ *                               WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @param [in]      type       Type of data:
+ *                               CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE,
+ *                               PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
+ * @param [in, out] ssl        SSL object.
+ * @param [in]      userChain  Whether file contains chain of certificates.
+ * @param [in, out] crl        CRL object to load data into.
+ * @param [in]      verify     How to verify certificates.
+ * @return  1 on success.
+ * @return  WOLFSSL_BAD_FILE when reading the file fails.
+ * @return  WOLFSSL_BAD_CERTTYPE when unable to detect certificate type.
+ */
+int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
+    WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify)
+{
+    int    ret = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    byte   stackBuffer[FILE_BUFFER_SIZE];
+#endif
+    StaticBuffer content;
+    long   sz = 0;
+    void*  heap = WOLFSSL_HEAP(ctx, ssl);
+
+    (void)crl;
+    (void)heap;
+
+#ifdef WOLFSSL_SMALL_STACK
+    static_buffer_init(&content);
+#else
+    static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE);
+#endif
+
+    /* Read file into static buffer. */
+    ret = wolfssl_read_file_static(fname, &content, heap, DYNAMIC_TYPE_FILE,
+        &sz);
+    if ((ret == 0) && (type == DETECT_CERT_TYPE) &&
+            (format != WOLFSSL_FILETYPE_PEM)) {
+        WOLFSSL_MSG("Cannot detect certificate type when not PEM");
+        ret = WOLFSSL_BAD_CERTTYPE;
+    }
+    /* Try to detect type by parsing cert header and footer. */
+    if ((ret == 0) && (type == DETECT_CERT_TYPE)) {
+#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
+        const char* header = NULL;
+        const char* footer = NULL;
+
+        /* Look for CA header and footer - same as CERT_TYPE. */
+        if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
+                (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
+            type = CA_TYPE;
+        }
+#ifdef HAVE_CRL
+        /* Look for CRL header and footer. */
+        else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
+                (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
+            type = CRL_TYPE;
+        }
+#endif
+        /* Look for cert header and footer - same as CA_TYPE. */
+        else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
+                (XSTRNSTR((char*)content.buffer, header, (word32)sz) !=
+                    NULL)) {
+            type = CERT_TYPE;
+        }
+        else
+#endif
+        {
+            /* Not a header that we support. */
+            WOLFSSL_MSG("Failed to detect certificate type");
+            ret = WOLFSSL_BAD_CERTTYPE;
+        }
+    }
+    if (ret == 0) {
+        /* When CA or trusted peer and PEM - process as a chain buffer. */
+        if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
+                (format == WOLFSSL_FILETYPE_PEM)) {
+            ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
+                verify);
+        }
+#ifdef HAVE_CRL
+        else if (type == CRL_TYPE) {
+            /* Load the CRL. */
+            ret = BufferLoadCRL(crl, content.buffer, sz, format, verify);
+        }
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        else if (type == PRIVATEKEY_TYPE) {
+            /* When support for dual algorithm certificates is enabled, the
+             * private key file may contain both the primary and the
+             * alternative private key. Hence, we have to parse both of them.
+             */
+            long consumed = 0;
+
+            ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
+                &consumed, userChain, verify);
+            if ((ret == 1) && (consumed < sz)) {
+                ret = ProcessBuffer(ctx, content.buffer + consumed,
+                    sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0,
+                    verify);
+            }
+        }
+#endif
+        else {
+            /* Load all other certificate types. */
+            ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
+                NULL, userChain, verify);
+        }
+    }
+
+    /* Dispose of dynamically allocated data. */
+    static_buffer_free(&content, heap, DYNAMIC_TYPE_FILE);
+    return ret;
+}
+
+#ifndef NO_WOLFSSL_DIR
+/* Load file when filename is in the path.
+ *
+ * @param [in, out] ctx           SSL context object.
+ * @param [in]      name          Name of file.
+ * @param [in]      verify        How to verify a certificate.
+ * @param [in]      flags         Flags representing options for loading.
+ * @param [in, out] failCount     Number of files that failed to load.
+ * @param [in, out] successCount  Number of files successfully loaded.
+ * @return  1 on success.
+ * @return  Not 1 when loading PEM certificate failed.
+ */
+static int wolfssl_ctx_load_path_file(WOLFSSL_CTX* ctx, const char* name,
+    int verify, int flags, int* failCount, int* successCount)
+{
+    int ret;
+
+    /* Attempt to load file as a CA. */
+    ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL,
+        verify);
+    if (ret != 1) {
+        /* When ignoring errors or loading PEM only and no PEM. don't fail. */
+        if ((flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) ||
+                ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) &&
+                 (ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)))) {
+            unsigned long err = 0;
+            CLEAR_ASN_NO_PEM_HEADER_ERROR(err);
+        #if defined(WOLFSSL_QT)
+            ret = 1;
+        #endif
+        }
+        else {
+            WOLFSSL_ERROR(ret);
+            WOLFSSL_MSG("Load CA file failed, continuing");
+            /* Add to fail count. */
+            (*failCount)++;
+        }
+    }
+    else {
+    #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
+        /* Try loading as a trusted peer certificate. */
+        ret = wolfSSL_CTX_trust_peer_cert(ctx, name, WOLFSSL_FILETYPE_PEM);
+        if (ret != 1) {
+            WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error. "
+                        "Ignoring this error.");
+        }
+    #endif
+        /* Add to success count. */
+        (*successCount)++;
+    }
+
+    return ret;
+}
+
+/* Load PEM formatted CA files from a path.
+ *
+ * @param [in, out] ctx           SSL context object.
+ * @param [in]      path          Path to directory to read.
+ * @param [in]      flags         Flags representing options for loading.
+ * @param [in]      verify        How to verify a certificate.
+ * @param [in]      successCount  Number of files successfully loaded.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int wolfssl_ctx_load_path(WOLFSSL_CTX* ctx, const char* path,
+    word32 flags, int verify, int successCount)
+{
+    int ret = 1;
+    char* name = NULL;
+    int fileRet;
+    int failCount = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    ReadDirCtx* readCtx;
+#else
+    ReadDirCtx readCtx[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate memory for directory reading context. */
+    readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
+        DYNAMIC_TYPE_DIRCTX);
+    if (readCtx == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    if (ret == 1) {
+        /* Get name of first file in path. */
+        fileRet = wc_ReadDirFirst(readCtx, path, &name);
+        /* While getting filename doesn't fail and name returned, process file.
+         */
+        while ((fileRet == 0) && (name != NULL)) {
+            WOLFSSL_MSG(name);
+            /* Load file. */
+            ret = wolfssl_ctx_load_path_file(ctx, name, verify, (int)flags,
+                &failCount, &successCount);
+            /* Get next filename. */
+            fileRet = wc_ReadDirNext(readCtx, path, &name);
+        }
+        /* Cleanup directory reading context. */
+        wc_ReadDirClose(readCtx);
+
+        /* When not WOLFSSL_QT, ret is always overwritten. */
+        (void)ret;
+
+        /* Return real directory read failure error codes. */
+        if (fileRet != WC_READDIR_NOFILE) {
+            ret = fileRet;
+        #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
+            /* Ignore bad path error when flag set. */
+            if ((ret == WC_NO_ERR_TRACE(BAD_PATH_ERROR)) &&
+                    (flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) {
+               /* QSslSocket always loads certs in system folder
+                * when it is initialized.
+                * Compliant with OpenSSL when flag set.
+                */
+                ret = 1;
+            }
+            else {
+                /* qssl socket wants to know errors. */
+                WOLFSSL_ERROR(ret);
+            }
+        #endif
+        }
+        /* Report failure if no files successfully loaded or there were
+         * failures. */
+        else if ((successCount == 0) || (failCount > 0)) {
+            /* Use existing error code if exists. */
+        #if defined(WOLFSSL_QT)
+            /* Compliant with OpenSSL when flag set. */
+            if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE))
+        #endif
+            {
+                /* Return 0 when no files loaded. */
+                ret = 0;
+            }
+        }
+        else {
+            /* We loaded something so it is a success. */
+            ret = 1;
+        }
+
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Dispose of dynamically allocated memory. */
+        XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
+    #endif
+    }
+
+    return ret;
+}
+#endif
+
+/* Load a file and/or files in path
+ *
+ * No c_rehash.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      file   Name of file to load. May be NULL.
+ * @param [in]      path   Path to directory containing PEM CA files.
+ *                         May be NULL.
+ * @param [in]      flags  Flags representing options for loading.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  NOT_COMPILED_IN when directory reading not supported and path is
+ *          not NULL.
+ * @return  Other negative on error.
+ */
+int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
+    const char* path, word32 flags)
+{
+    int ret = 1;
+#ifndef NO_WOLFSSL_DIR
+    int successCount = 0;
+#endif
+    int verify = WOLFSSL_VERIFY_DEFAULT;
+
+    WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || ((file == NULL) && (path == NULL))) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        /* Get setting on how to verify certificates. */
+        verify = GET_VERIFY_SETTING_CTX(ctx);
+        /* Overwrite setting when flag set. */
+        if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) {
+            verify = VERIFY_SKIP_DATE;
+        }
+
+        if (file != NULL) {
+            /* Load the PEM formatted CA file */
+            ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
+                NULL, verify);
+    #ifndef NO_WOLFSSL_DIR
+            if (ret == 1) {
+                /* Include success in overall count. */
+                successCount++;
+            }
+    #endif
+    #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
+            /* Load CA as a trusted peer certificate. */
+            ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM);
+            if (ret != 1) {
+                WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error");
+            }
+    #endif
+        }
+    }
+
+    if ((ret == 1) && (path != NULL)) {
+#ifndef NO_WOLFSSL_DIR
+        /* Load CA files form path. */
+        ret = wolfssl_ctx_load_path(ctx, path, flags, verify, successCount);
+#else
+        /* Loading a path not supported. */
+        ret = NOT_COMPILED_IN;
+        (void)flags;
+#endif
+    }
+
+    return ret;
+}
+
+/* Load a file and/or files in path
+ *
+ * No c_rehash.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      file   Name of file to load. May be NULL.
+ * @param [in]      path   Path to directory containing PEM CA files.
+ *                         May be NULL.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+WOLFSSL_ABI
+int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
+                                     const char* path)
+{
+    /* Load using default flags/options. */
+    int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RETURN_CODE(ret, 0);
+}
+
+/* Load a file and/or files in path, with OpenSSL-compatible semantics.
+ *
+ * No c_rehash.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      file   Name of file to load. May be NULL.
+ * @param [in]      path   Path to directory containing PEM CA files.
+ *                         May be NULL.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file,
+                                     const char* path)
+{
+    /* We want to keep trying to load more CA certs even if one cert in the
+     * directory is bad and can't be used (e.g. if one is expired), and we
+     * want to return success if any were successfully loaded (mimicking
+     * OpenSSL SSL_CTX_load_verify_locations() semantics), so we use
+     * WOLFSSL_LOAD_FLAG_IGNORE_ERR.  OpenSSL (as of v3.3.2) actually
+     * returns success even if no certs are loaded (e.g. because the
+     * supplied "path" doesn't exist or access is prohibited), and only
+     * returns failure if the "file" is non-null and fails to load.
+     *
+     * Note that if a file is supplied and can't be successfully loaded, the
+     * overall call fails and the path is never even evaluated.  This is
+     * consistent with OpenSSL behavior.
+     */
+
+    int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS | WOLFSSL_LOAD_FLAG_IGNORE_ERR);
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RETURN_CODE(ret, 0);
+}
+
+#ifdef WOLFSSL_SYS_CA_CERTS
+
+#ifdef USE_WINDOWS_API
+
+/* Load CA certificate from Windows store.
+ *
+ * Assumes loaded is 0.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [out]     loaded  Whether CA certificates were loaded.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded)
+{
+    int ret = 1;
+    word32 i;
+    HANDLE handle = NULL;
+    PCCERT_CONTEXT certCtx = NULL;
+    LPCSTR storeNames[2] = {"ROOT", "CA"};
+    HCRYPTPROV_LEGACY hProv = (HCRYPTPROV_LEGACY)NULL;
+
+    if ((ctx == NULL) || (loaded == NULL)) {
+        ret = 0;
+    }
+
+    for (i = 0; (ret == 1) && (i < sizeof(storeNames)/sizeof(*storeNames));
+         ++i) {
+        handle = CertOpenSystemStoreA(hProv, storeNames[i]);
+        if (handle != NULL) {
+            while ((certCtx = CertEnumCertificatesInStore(handle, certCtx))
+                   != NULL) {
+                if (certCtx->dwCertEncodingType == X509_ASN_ENCODING) {
+                    if (ProcessBuffer(ctx, certCtx->pbCertEncoded,
+                          certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1,
+                          CA_TYPE, NULL, NULL, 0,
+                          GET_VERIFY_SETTING_CTX(ctx)) == 1) {
+                        /*
+                         * Set "loaded" as long as we've loaded one CA
+                         * cert.
+                         */
+                        *loaded = 1;
+                    }
+                }
+            }
+        }
+        else {
+            WOLFSSL_MSG_EX("Failed to open cert store %s.", storeNames[i]);
+        }
+
+        if (handle != NULL && !CertCloseStore(handle, 0)) {
+            WOLFSSL_MSG_EX("Failed to close cert store %s.", storeNames[i]);
+            ret = 0;
+        }
+    }
+
+    return ret;
+}
+
+#elif defined(__APPLE__)
+
+#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \
+  && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
+/* Manually obtains certificates from the system trust store and loads them
+ * directly into wolfSSL "the old way".
+ *
+ * As of MacOS 14.0 we are still able to use this method to access system
+ * certificates. Accessibility of this API is indicated by the presence of the
+ * Security/SecTrustSettings.h header. In the likely event that Apple removes
+ * access to this API on Macs, this function should be removed and the
+ * DoAppleNativeCertValidation() routine should be used for all devices.
+ *
+ * Assumes loaded is 0.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [out]     loaded  Whether CA certificates were loaded.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded)
+{
+    int ret = 1;
+    word32 i;
+    const unsigned int trustDomains[] = {
+        kSecTrustSettingsDomainUser,
+        kSecTrustSettingsDomainAdmin,
+        kSecTrustSettingsDomainSystem
+    };
+    CFArrayRef certs;
+    OSStatus stat;
+    CFIndex numCerts;
+    CFDataRef der;
+    CFIndex j;
+
+    if ((ctx == NULL) || (loaded == NULL)) {
+        ret = 0;
+    }
+
+    for (i = 0; (ret == 1) && (i < sizeof(trustDomains)/sizeof(*trustDomains));
+         ++i) {
+        stat = SecTrustSettingsCopyCertificates(
+            (SecTrustSettingsDomain)trustDomains[i], &certs);
+        if (stat == errSecSuccess) {
+            numCerts = CFArrayGetCount(certs);
+            for (j = 0; j < numCerts; ++j) {
+                der = SecCertificateCopyData((SecCertificateRef)
+                          CFArrayGetValueAtIndex(certs, j));
+                if (der != NULL) {
+                    if (ProcessBuffer(ctx, CFDataGetBytePtr(der),
+                          CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1,
+                          CA_TYPE, NULL, NULL, 0,
+                          GET_VERIFY_SETTING_CTX(ctx)) == 1) {
+                        /*
+                         * Set "loaded" as long as we've loaded one CA
+                         * cert.
+                         */
+                        *loaded = 1;
+                    }
+
+                    CFRelease(der);
+                }
+            }
+
+            CFRelease(certs);
+        }
+        else if (stat == errSecNoTrustSettings) {
+            WOLFSSL_MSG_EX("No trust settings for domain %d, moving to next "
+                "domain.", trustDomains[i]);
+        }
+        else {
+            WOLFSSL_MSG_EX("SecTrustSettingsCopyCertificates failed with"
+                " status %d.", stat);
+            ret = 0;
+            break;
+        }
+    }
+
+    return ret;
+}
+#endif /* defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) */
+
+#else
+
+/* Potential system CA certs directories on Linux/Unix distros. */
+static const char* systemCaDirs[] = {
+#if defined(__ANDROID__) || defined(ANDROID)
+    "/system/etc/security/cacerts"      /* Android */
+#else
+    "/etc/ssl/certs",                   /* Debian, Ubuntu, Gentoo, others */
+    "/etc/pki/ca-trust/source/anchors", /* Fedora, RHEL */
+    "/etc/pki/tls/certs"                /* Older RHEL */
+#endif
+};
+
+/* Get CA directory list.
+ *
+ * @param [out] num  Number of CA directories.
+ * @return  CA directory list.
+ * @return  NULL when num is NULL.
+ */
+const char** wolfSSL_get_system_CA_dirs(word32* num)
+{
+    const char** ret;
+
+    /* Validate parameters. */
+    if (num == NULL) {
+        ret = NULL;
+    }
+    else {
+        ret = systemCaDirs;
+        *num = sizeof(systemCaDirs)/sizeof(*systemCaDirs);
+    }
+
+    return ret;
+}
+
+/* Load CA certificate from default system directories.
+ *
+ * Assumes loaded is 0.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [out]     loaded  Whether CA certificates were loaded.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int LoadSystemCaCertsNix(WOLFSSL_CTX* ctx, byte* loaded) {
+    int ret = 1;
+    word32 i;
+
+    if ((ctx == NULL) || (loaded == NULL)) {
+        ret = 0;
+    }
+
+    for (i = 0; (ret == 1) && (i < sizeof(systemCaDirs)/sizeof(*systemCaDirs));
+         ++i) {
+        WOLFSSL_MSG_EX("Attempting to load system CA certs from %s.",
+            systemCaDirs[i]);
+        /*
+         * We want to keep trying to load more CA certs even if one cert in
+         * the directory is bad and can't be used (e.g. if one is expired),
+         * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR.
+         */
+        if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, systemCaDirs[i],
+                WOLFSSL_LOAD_FLAG_IGNORE_ERR) != 1) {
+            WOLFSSL_MSG_EX("Failed to load CA certs from %s, trying "
+                "next possible location.", systemCaDirs[i]);
+        }
+        else {
+            WOLFSSL_MSG_EX("Loaded CA certs from %s.",
+                systemCaDirs[i]);
+            *loaded = 1;
+            /* Stop searching after we've loaded one directory. */
+            break;
+        }
+    }
+
+    return ret;
+}
+
+#endif
+
+/* Load CA certificates from system defined locations.
+ *
+ * @param [in, out] ctx  SSL context object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  WOLFSSL_BAD_PATH when no error but no certificates loaded.
+ */
+int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx)
+{
+    int ret;
+    byte loaded = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_load_system_CA_certs");
+
+#ifdef USE_WINDOWS_API
+
+    ret = LoadSystemCaCertsWindows(ctx, &loaded);
+
+#elif defined(__APPLE__)
+
+#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \
+  && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
+    /* As of MacOS 14.0 we are still able to access system certificates and
+     * load them manually into wolfSSL "the old way". Accessibility of this API
+     * is indicated by the presence of the Security/SecTrustSettings.h header */
+    ret = LoadSystemCaCertsMac(ctx, &loaded);
+#elif defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
+    /* For other Apple devices, Apple has removed the ability to obtain
+     * certificates from the trust store, so we can't use wolfSSL's built-in
+     * certificate validation mechanisms anymore. We instead must call into the
+     * Security Framework APIs to authenticate peer certificates when received.
+     * (see src/internal.c:DoAppleNativeCertValidation()).
+     * Thus, there is no CA "loading" required, but to keep behavior consistent
+     * with the current API (not using system CA certs unless this function has
+     * been called), we simply set a flag indicating that the new apple trust
+     * verification routine should be used later */
+    ctx->doAppleNativeCertValidationFlag = 1;
+    ret = 1;
+    loaded = 1;
+
+#if FIPS_VERSION_GE(2,0) /* Gate back to cert 3389 FIPS modules */
+#warning "Cryptographic operations may occur outside the FIPS module boundary" \
+         "Please review FIPS claims for cryptography on this Apple device"
+#endif /* FIPS_VERSION_GE(2,0) */
+
+#else
+/* HAVE_SECURITY_SECXXX_H macros are set by autotools or CMake when searching
+ * system for the required SDK headers. If building with user_settings.h, you
+ * will need to manually define WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
+ * and ensure the appropriate Security.framework headers and libraries are
+ * visible to your compiler */
+#error "WOLFSSL_SYS_CA_CERTS on Apple devices requires Security.framework" \
+       " header files to be detected, or a manual override with" \
+       " WOLFSSL_APPLE_NATIVE_CERT_VALIDATION"
+#endif
+
+#else
+
+    ret = LoadSystemCaCertsNix(ctx, &loaded);
+
+#endif
+
+    /* If we didn't fail but didn't load then we error out. */
+    if ((ret == 1) && (!loaded)) {
+        ret = WOLFSSL_BAD_PATH;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_CTX_load_system_CA_certs", ret);
+
+    return ret;
+}
+
+#endif /* WOLFSSL_SYS_CA_CERTS */
+
+#ifdef WOLFSSL_TRUST_PEER_CERT
+/* Load a trusted peer certificate into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of peer certificate file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 when ctx or file is NULL.
+ */
+int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (file == NULL)) {
+        ret = 0;
+    }
+    else {
+        ret = ProcessFile(ctx, file, format, TRUSTED_PEER_TYPE, NULL, 0, NULL,
+            GET_VERIFY_SETTING_CTX(ctx));
+    }
+
+    return ret;
+}
+
+/* Load a trusted peer certificate into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      file    Name of peer certificate file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 when ssl or file is NULL.
+ */
+int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_trust_peer_cert");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (file == NULL)) {
+        ret = 0;
+    }
+    else {
+        ret = ProcessFile(NULL, file, format, TRUSTED_PEER_TYPE, ssl, 0, NULL,
+            GET_VERIFY_SETTING_SSL(ssl));
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+
+
+#ifdef WOLFSSL_DER_LOAD
+
+/* Load a CA certificate into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of peer certificate file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
+    int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (file == NULL)) {
+        ret = 0;
+    }
+    else {
+        ret = ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL,
+            GET_VERIFY_SETTING_CTX(ctx));
+    }
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+#endif /* WOLFSSL_DER_LOAD */
+
+
+/* Load a user certificate into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of user certificate file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+WOLFSSL_ABI
+int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
+    int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
+
+    ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+
+/* Load a private key into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of private key file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+WOLFSSL_ABI
+int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
+    int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
+
+    ret = ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Load an alternative private key into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of private key file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
+    int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file");
+
+    ret = ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+
+/* Load a PEM certificate chain into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of PEM certificate chain file.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+WOLFSSL_ABI
+int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
+{
+    int ret;
+
+    /* process up to MAX_CHAIN_DEPTH plus subject cert */
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
+
+    ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+/* Load certificate chain into SSL context.
+ *
+ * Processes up to MAX_CHAIN_DEPTH plus subject cert.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of private key file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx,
+     const char* file, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format");
+
+    ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+#endif /* NO_FILESYSTEM */
+
+#ifdef OPENSSL_EXTRA
+
+/* Load a private key into SSL.
+ *
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      pkey  EVP private key.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_PrivateKey");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (pkey == NULL)) {
+        ret = 0;
+    }
+    else {
+        /* Get DER encoded key data from EVP private key. */
+        ret = wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr,
+            pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1);
+    }
+
+    return ret;
+}
+
+/* Load a DER encoded private key in a buffer into SSL.
+ *
+ * @param [in]      pri    Indicates type of private key. Ignored.
+ * @param [in, out] ssl    SSL object.
+ * @param [in]      der    Buffer holding DER encoded private key.
+ * @param [in]      derSz  Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, const unsigned char* der,
+    long derSz)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1");
+
+    (void)pri;
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (der == NULL)) {
+        ret = 0;
+    }
+    else {
+        ret = wolfSSL_use_PrivateKey_buffer(ssl, der, derSz,
+            WOLFSSL_FILETYPE_ASN1);
+    }
+
+    return ret;
+}
+
+/* Load a DER encoded private key in a buffer into SSL context.
+ *
+ * @param [in]      pri    Indicates type of private key. Ignored.
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      der    Buffer holding DER encoded private key.
+ * @param [in]      derSz  Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
+    unsigned char* der, long derSz)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1");
+
+    (void)pri;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (der == NULL)) {
+        ret = 0;
+    }
+    else {
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
+            WOLFSSL_FILETYPE_ASN1);
+    }
+
+    return ret;
+}
+
+
+#ifndef NO_RSA
+/* Load a DER encoded RSA private key in a buffer into SSL.
+ *
+ * @param [in, out] ssl    SSL object.
+ * @param [in]      der    Buffer holding DER encoded RSA private key.
+ * @param [in]      derSz  Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (der == NULL)) {
+        ret = 0;
+    }
+    else {
+        ret = wolfSSL_use_PrivateKey_buffer(ssl, der, derSz,
+            WOLFSSL_FILETYPE_ASN1);
+    }
+
+    return ret;
+}
+#endif
+
+/* Load a certificate into SSL.
+ *
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_certificate");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
+        ret = 0;
+    }
+    else {
+        long idx = 0;
+
+        /* Get DER encoded certificate data from X509 object. */
+        ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
+            WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
+            GET_VERIFY_SETTING_SSL(ssl));
+    }
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+#endif /* OPENSSL_EXTRA */
+
+/* Load a DER encoded certificate in a buffer into SSL.
+ *
+ * @param [in, out] ssl    SSL object.
+ * @param [in]      der    Buffer holding DER encoded certificate.
+ * @param [in]      derSz  Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
+    int derSz)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (der == NULL)) {
+        ret = 0;
+    }
+    else {
+        long idx = 0;
+
+        ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
+            ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl));
+    }
+
+    /* Return 1 on success or 0 on failure. */
+    return WS_RC(ret);
+}
+
+#ifndef NO_FILESYSTEM
+
+/* Load a certificate from a file into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      file    Name of file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+WOLFSSL_ABI
+int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_certificate_file");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL,
+            GET_VERIFY_SETTING_SSL(ssl));
+        /* Return 1 on success or 0 on failure. */
+        ret = WS_RC(ret);
+    }
+
+    return ret;
+}
+
+
+/* Load a private key from a file into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      file    Name of file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+WOLFSSL_ABI
+int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL,
+            GET_VERIFY_SETTING_SSL(ssl));
+        /* Return 1 on success or 0 on failure. */
+        ret = WS_RC(ret);
+    }
+
+    return ret;
+}
+
+
+/* Load a PEM encoded certificate chain from a file into SSL.
+ *
+ * Process up to MAX_CHAIN_DEPTH plus subject cert.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      file    Name of file.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+WOLFSSL_ABI
+int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, ssl,
+            1, NULL, GET_VERIFY_SETTING_SSL(ssl));
+        /* Return 1 on success or 0 on failure. */
+        ret = WS_RC(ret);
+    }
+
+   return ret;
+}
+
+/* Load a certificate chain from a file into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      file    Name of file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file,
+    int format)
+{
+    int ret;
+
+    /* process up to MAX_CHAIN_DEPTH plus subject cert */
+    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1, NULL,
+            GET_VERIFY_SETTING_SSL(ssl));
+        /* Return 1 on success or 0 on failure. */
+        ret = WS_RC(ret);
+    }
+
+    return ret;
+}
+
+#endif /* !NO_FILESYSTEM */
+
+#ifdef OPENSSL_EXTRA
+
+#ifndef NO_FILESYSTEM
+/* Load an RSA private key from a file into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      file    Name of file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
+    int format)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey_file");
+
+    return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
+}
+
+/* Load an RSA private key from a file into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      file    Name of file.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
+{
+    WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
+
+    return wolfSSL_use_PrivateKey_file(ssl, file, format);
+}
+#endif /* NO_FILESYSTEM */
+
+#endif /* OPENSSL_EXTRA */
+
+/* Load a buffer of certificate/s into SSL context.
+ *
+ * @param [in, out] ctx        SSL context object.
+ * @param [in]      in         Buffer holding certificate or private key.
+ * @param [in]      sz         Length of data in buffer in bytes.
+ * @param [in]      format     Format of data:
+ *                               WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @param [in]      userChain  Whether file contains chain of certificates.
+ * @param [in]      flags      Flags representing options for loading.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in,
+    long sz, int format, int userChain, word32 flags)
+{
+    int ret;
+    int verify;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex");
+
+    /* Get setting on how to verify certificates. */
+    verify = GET_VERIFY_SETTING_CTX(ctx);
+    /* Overwrite setting when flag set. */
+    if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) {
+        verify = VERIFY_SKIP_DATE;
+    }
+
+    /* When PEM, treat as certificate chain of CA certificates. */
+    if (format == WOLFSSL_FILETYPE_PEM) {
+        ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify);
+    }
+    /* When DER, load the CA certificate. */
+    else {
+        ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
+            userChain, verify);
+    }
+#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
+    if (ret == 1) {
+        /* Load certificate/s as trusted peer certificate. */
+        ret = wolfSSL_CTX_trust_peer_buffer(ctx, in, sz, format);
+    }
+#endif
+
+    WOLFSSL_LEAVE("wolfSSL_CTX_load_verify_buffer_ex", ret);
+    return ret;
+}
+
+/* Load a buffer of certificate/s into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding certificate or private key.
+ * @param [in]      sz      Length of data in buffer in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
+    long sz, int format)
+{
+    return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
+}
+
+/* Load a buffer of certificate chain into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding certificate chain.
+ * @param [in]      sz      Length of data in buffer in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
+    const unsigned char* in, long sz, int format)
+{
+    return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 1,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
+}
+
+
+#ifdef WOLFSSL_TRUST_PEER_CERT
+/* Load a buffer of certificate/s into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding certificate/s.
+ * @param [in]      sz      Length of data in buffer in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ctx or in is NULL, or sz is less than zero.
+ */
+int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
+    long sz, int format)
+{
+    int ret;
+    int verify;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (in == NULL) || (sz < 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+    #if WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY
+        verify = VERIFY_SKIP_DATE;
+    #else
+        verify = GET_VERIFY_SETTING_CTX(ctx);
+    #endif
+
+        /* When PEM, treat as certificate chain of trusted peer certificates. */
+        if (format == WOLFSSL_FILETYPE_PEM) {
+            ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE,
+                verify);
+        }
+        /* When DER, load the trusted peer certificate. */
+        else {
+            ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
+                NULL, 0, verify);
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+
+/* Load a certificate in a buffer into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding certificate.
+ * @param [in]      sz      Size of data in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
+    const unsigned char* in, long sz, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
+    ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
+        GET_VERIFY_SETTING_CTX(ctx));
+    WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret);
+
+    return ret;
+}
+
+/* Load a private key in a buffer into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding private key.
+ * @param [in]      sz      Size of data in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
+    long sz, int format)
+{
+    int ret;
+    long consumed = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
+
+    ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed,
+        0, GET_VERIFY_SETTING_CTX(ctx));
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if ((ret == 1) && (consumed < sz)) {
+        /* When support for dual algorithm certificates is enabled, the
+         * buffer may contain both the primary and the alternative
+         * private key. Hence, we have to parse both of them.
+         */
+        ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format,
+            ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+    }
+#endif
+
+    (void)consumed;
+
+    WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_buffer", ret);
+    return ret;
+}
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
+    const unsigned char* in, long sz, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer");
+    ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL,
+        NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+    WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret);
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+#ifdef WOLF_PRIVATE_KEY_ID
+/* Load the id of a private key into SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      id     Buffer holding id.
+ * @param [in]      sz     Size of data in bytes.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
+    long sz, int devId)
+{
+    int ret = 1;
+
+    /* Dispose of old private key and allocate and copy in id. */
+    FreeDer(&ctx->privateKey);
+    if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE,
+            ctx->heap) != 0) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        /* Private key is an id. */
+        ctx->privateKeyId = 1;
+        ctx->privateKeyLabel = 0;
+        /* Set private key device id to be one passed in or for SSL context. */
+        if (devId != INVALID_DEVID) {
+            ctx->privateKeyDevId = devId;
+        }
+        else {
+            ctx->privateKeyDevId = ctx->devId;
+        }
+
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        /* Set the ID for the alternative key, too. User can still override that
+         * afterwards. */
+        ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Load the id of a private key into SSL context and set key size.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      id     Buffer holding id.
+ * @param [in]      sz     Size of data in bytes.
+ * @param [in]      devId  Device identifier.
+ * @param [in]      keySz  Size of key.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
+    long sz, int devId, long keySz)
+{
+    int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
+    if (ret == 1) {
+        /* Set the key size which normally is calculated during decoding. */
+        ctx->privateKeySz = (int)keySz;
+    }
+
+    return ret;
+}
+
+/* Load the label name of a private key into SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      label  Buffer holding label.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
+    int devId)
+{
+    int ret = 1;
+    word32 sz = (word32)XSTRLEN(label) + 1;
+
+    /* Dispose of old private key and allocate and copy in label. */
+    FreeDer(&ctx->privateKey);
+    if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz,
+            PRIVATEKEY_TYPE, ctx->heap) != 0) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        /* Private key is a label. */
+        ctx->privateKeyId = 0;
+        ctx->privateKeyLabel = 1;
+        /* Set private key device id to be one passed in or for SSL context. */
+        if (devId != INVALID_DEVID) {
+            ctx->privateKeyDevId = devId;
+        }
+        else {
+            ctx->privateKeyDevId = ctx->devId;
+        }
+
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        /* Set the ID for the alternative key, too. User can still override that
+         * afterwards. */
+        ret = wolfSSL_CTX_use_AltPrivateKey_Label(ctx, label, devId);
+    #endif
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
+    long sz, int devId)
+{
+    int ret = 1;
+
+    if ((ctx == NULL) || (id == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        FreeDer(&ctx->altPrivateKey);
+        if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
+                ctx->heap) != 0) {
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        XMEMCPY(ctx->altPrivateKey->buffer, id, sz);
+        ctx->altPrivateKeyId = 1;
+        if (devId != INVALID_DEVID) {
+            ctx->altPrivateKeyDevId = devId;
+        }
+        else {
+            ctx->altPrivateKeyDevId = ctx->devId;
+        }
+    }
+
+    return ret;
+}
+
+int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
+    long sz, int devId, long keySz)
+{
+    int ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
+    if (ret == 1) {
+        ctx->altPrivateKeySz = (word32)keySz;
+    }
+
+    return ret;
+}
+
+int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
+    int devId)
+{
+    int ret = 1;
+    word32 sz;
+
+    if ((ctx == NULL) || (label == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        sz = (word32)XSTRLEN(label) + 1;
+        FreeDer(&ctx->altPrivateKey);
+        if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
+                ctx->heap) != 0) {
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        XMEMCPY(ctx->altPrivateKey->buffer, label, sz);
+        ctx->altPrivateKeyLabel = 1;
+        if (devId != INVALID_DEVID) {
+            ctx->altPrivateKeyDevId = devId;
+        }
+        else {
+            ctx->altPrivateKeyDevId = ctx->devId;
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLF_PRIVATE_KEY_ID */
+
+#if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS)
+
+static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
+    const char *label, const unsigned char *id, int idLen, int devId)
+{
+    int ret;
+    byte *certData = NULL;
+    word32 certDataLen = 0;
+    word32 labelLen = 0;
+    int certFormat = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ex");
+
+    if (label != NULL) {
+        labelLen = (word32)XSTRLEN(label);
+    }
+
+    ret = wc_CryptoCb_GetCert(devId, label, labelLen, id, idLen,
+        &certData, &certDataLen, &certFormat, ctx->heap);
+    if (ret != 0) {
+        ret = WOLFSSL_FAILURE;
+        goto exit;
+    }
+
+    ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
+        CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+
+exit:
+    XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT);
+    return ret;
+}
+
+/* Load the label name of a certificate into the SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      label  Buffer holding label.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx,
+    const char *label, int devId)
+{
+    if ((ctx == NULL) || (label == NULL)) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return wolfSSL_CTX_use_certificate_ex(ctx, label, NULL, 0, devId);
+}
+
+/* Load the id of a certificate into SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      id     Buffer holding id.
+ * @param [in]      idLen  Size of data in bytes.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx,
+    const unsigned char *id, int idLen, int devId)
+{
+    if ((ctx == NULL) || (id == NULL) || (idLen <= 0)) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return wolfSSL_CTX_use_certificate_ex(ctx, NULL, id, idLen, devId);
+}
+
+#endif /* if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS) */
+
+/* Load a certificate chain in a buffer into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding DER encoded certificate chain.
+ * @param [in]      sz      Size of data in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
+    const unsigned char* in, long sz, int format)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
+    return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
+        GET_VERIFY_SETTING_CTX(ctx));
+}
+
+/* Load a PEM encoded certificate chain in a buffer into SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      in      Buffer holding DER encoded certificate chain.
+ * @param [in]      sz      Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
+    const unsigned char* in, long sz)
+{
+    return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
+        WOLFSSL_FILETYPE_PEM);
+}
+
+/* Load a user certificate in a buffer into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      in      Buffer holding user certificate.
+ * @param [in]      sz      Size of data in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
+    long sz, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
+            GET_VERIFY_SETTING_SSL(ssl));
+    }
+
+    return ret;
+}
+
+/* Load a private key in a buffer into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      in      Buffer holding private key.
+ * @param [in]      sz      Size of data in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
+    long sz, int format)
+{
+    int ret;
+    long consumed = 0;
+
+    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl,
+            &consumed, 0, GET_VERIFY_SETTING_SSL(ssl));
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        if ((ret == 1) && (consumed < sz)) {
+            /* When support for dual algorithm certificates is enabled, the
+             * buffer may contain both the primary and the alternative
+             * private key. Hence, we have to parse both of them.
+             */
+            ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format,
+                ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
+        }
+    #endif
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
+    long sz, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer");
+    ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl,
+        NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
+    WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret);
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+#ifdef WOLF_PRIVATE_KEY_ID
+/* Load the id of a private key into SSL.
+ *
+ * @param [in, out] ssl    SSL object.
+ * @param [in]      id     Buffer holding id.
+ * @param [in]      sz     Size of data in bytes.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id,
+                              long sz, int devId)
+{
+    int ret = 1;
+
+    /* Dispose of old private key if owned and allocate and copy in id. */
+    if (ssl->buffers.weOwnKey) {
+        FreeDer(&ssl->buffers.key);
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        FreeDer(&ssl->buffers.keyMask);
+    #endif
+    }
+    if (AllocCopyDer(&ssl->buffers.key, id, (word32)sz, PRIVATEKEY_TYPE,
+            ssl->heap) != 0) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        /* Buffer now ours. */
+        ssl->buffers.weOwnKey = 1;
+        /* Private key is an id. */
+        ssl->buffers.keyId = 1;
+        ssl->buffers.keyLabel = 0;
+        /* Set private key device id to be one passed in or for SSL. */
+        if (devId != INVALID_DEVID) {
+            ssl->buffers.keyDevId = devId;
+        }
+        else {
+            ssl->buffers.keyDevId = ssl->devId;
+        }
+
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        /* Set the ID for the alternative key, too. User can still override that
+         * afterwards. */
+        ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Load the id of a private key into SSL and set key size.
+ *
+ * @param [in, out] ssl    SSL object.
+ * @param [in]      id     Buffer holding id.
+ * @param [in]      sz     Size of data in bytes.
+ * @param [in]      devId  Device identifier.
+ * @param [in]      keySz  Size of key.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id,
+    long sz, int devId, long keySz)
+{
+    int ret = wolfSSL_use_PrivateKey_Id(ssl, id, sz, devId);
+    if (ret == 1) {
+        /* Set the key size which normally is calculated during decoding. */
+        ssl->buffers.keySz = (int)keySz;
+    }
+
+    return ret;
+}
+
+/* Load the label name of a private key into SSL.
+ *
+ * @param [in, out] ssl    SSL object.
+ * @param [in]      label  Buffer holding label.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId)
+{
+    int ret = 1;
+    word32 sz = (word32)XSTRLEN(label) + 1;
+
+    /* Dispose of old private key if owned and allocate and copy in label. */
+    if (ssl->buffers.weOwnKey) {
+        FreeDer(&ssl->buffers.key);
+    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+        FreeDer(&ssl->buffers.keyMask);
+    #endif
+    }
+    if (AllocCopyDer(&ssl->buffers.key, (const byte*)label, (word32)sz,
+            PRIVATEKEY_TYPE, ssl->heap) != 0) {
+        ret = 0;
+    }
+    if (ret == 1) {
+        /* Buffer now ours. */
+        ssl->buffers.weOwnKey = 1;
+        /* Private key is a label. */
+        ssl->buffers.keyId = 0;
+        ssl->buffers.keyLabel = 1;
+        /* Set private key device id to be one passed in or for SSL. */
+        if (devId != INVALID_DEVID) {
+            ssl->buffers.keyDevId = devId;
+        }
+        else {
+            ssl->buffers.keyDevId = ssl->devId;
+        }
+
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        /* Set the label for the alternative key, too. User can still override
+         * that afterwards. */
+        ret = wolfSSL_use_AltPrivateKey_Label(ssl, label, devId);
+    #endif
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_use_AltPrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, long sz,
+    int devId)
+{
+    int ret = 1;
+
+    if ((ssl == NULL) || (id == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        if (ssl->buffers.weOwnAltKey) {
+            FreeDer(&ssl->buffers.altKey);
+        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+            FreeDer(&ssl->buffers.altKeyMask);
+        #endif
+        }
+        if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
+                ssl->heap) == 0) {
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        XMEMCPY(ssl->buffers.altKey->buffer, id, sz);
+        ssl->buffers.weOwnAltKey = 1;
+        ssl->buffers.altKeyId = 1;
+        if (devId != INVALID_DEVID) {
+            ssl->buffers.altKeyDevId = devId;
+        }
+        else {
+            ssl->buffers.altKeyDevId = ssl->devId;
+        }
+    }
+
+    return ret;
+}
+
+int wolfSSL_use_AltPrivateKey_id(WOLFSSL* ssl, const unsigned char* id, long sz,
+    int devId, long keySz)
+{
+    int ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId);
+    if (ret == 1) {
+        ssl->buffers.altKeySz = (word32)keySz;
+    }
+
+    return ret;
+}
+
+int wolfSSL_use_AltPrivateKey_Label(WOLFSSL* ssl, const char* label, int devId)
+{
+    int ret = 1;
+    word32 sz;
+
+    if ((ssl == NULL) || (label == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        sz = (word32)XSTRLEN(label) + 1;
+        if (ssl->buffers.weOwnAltKey) {
+            FreeDer(&ssl->buffers.altKey);
+        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+            FreeDer(&ssl->buffers.altKeyMask);
+        #endif
+        }
+        if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
+                ssl->heap) == 0) {
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        XMEMCPY(ssl->buffers.altKey->buffer, label, sz);
+        ssl->buffers.weOwnAltKey = 1;
+        ssl->buffers.altKeyLabel = 1;
+        if (devId != INVALID_DEVID) {
+            ssl->buffers.altKeyDevId = devId;
+        }
+        else {
+            ssl->buffers.altKeyDevId = ssl->devId;
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLF_PRIVATE_KEY_ID */
+
+/* Load a certificate chain in a buffer into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      in      Buffer holding DER encoded certificate chain.
+ * @param [in]      sz      Size of data in bytes.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ssl is NULL.
+ */
+int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
+    const unsigned char* in, long sz, int format)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
+
+    /* Validate parameters. */
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1,
+            GET_VERIFY_SETTING_SSL(ssl));
+    }
+
+    return ret;
+}
+
+/* Load a PEM encoded certificate chain in a buffer into SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      in      Buffer holding DER encoded certificate chain.
+ * @param [in]      sz      Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  Negative on error.
+ */
+int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in,
+    long sz)
+{
+    return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
+        WOLFSSL_FILETYPE_PEM);
+}
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
+    defined(WOLFSSL_HAPROXY)
+/* Add certificate to chain.
+ *
+ * @param [in, out] chain   Buffer holding encoded certificate for TLS.
+ * @param [in]      weOwn   Indicates we need to free chain if repleced.
+ * @param [in]      cert    Buffer holding DER encoded certificate.
+ * @param [in]      certSz  Size of DER encoded certificate in bytes.
+ * @param [in]      heap    Dynamic memory allocation hint.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert,
+    word32 certSz, void* heap)
+{
+    int res = 1;
+    int ret;
+    DerBuffer* oldChain = *chain;
+    DerBuffer* newChain = NULL;
+    word32 len = 0;
+
+    if (oldChain != NULL) {
+        /* Get length of previous chain. */
+        len = oldChain->length;
+    }
+    /* Allocate DER buffer bug enough to hold old and new certificates. */
+    ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, heap);
+    if (ret != 0) {
+        WOLFSSL_MSG("AllocDer error");
+        res = 0;
+    }
+
+    if (res == 1) {
+        if (oldChain != NULL) {
+            /* Place old chain in new buffer. */
+            XMEMCPY(newChain->buffer, oldChain->buffer, len);
+        }
+        /* Append length and DER encoded certificate. */
+        c32to24(certSz, newChain->buffer + len);
+        XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);
+
+        /* Dispose of old chain if we own it. */
+        if (weOwn) {
+            FreeDer(chain);
+        }
+        /* Replace chain. */
+        *chain = newChain;
+    }
+
+    return res;
+}
+#endif
+
+#ifdef OPENSSL_EXTRA
+
+/* Add a certificate to end of chain sent in TLS handshake.
+ *
+ * @param [in, out] ctx    SSL context.
+ * @param [in]      der    Buffer holding DER encoded certificate.
+ * @param [in]      derSz  Size of data in buffer.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wolfssl_ctx_add_to_chain(WOLFSSL_CTX* ctx, const byte* der,
+    int derSz)
+{
+    int res = 1;
+    int ret;
+    DerBuffer* derBuffer = NULL;
+
+    /* Create a DER buffer from DER encoding. */
+    ret = AllocCopyDer(&derBuffer, der, (word32)derSz, CERT_TYPE, ctx->heap);
+    if (ret != 0) {
+        WOLFSSL_MSG("Memory Error");
+        res = 0;
+    }
+    if (res == 1) {
+        /* Add a user CA certificate to the certificate manager. */
+        res = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA,
+            GET_VERIFY_SETTING_CTX(ctx));
+        if (res != 1) {
+            res = 0;
+        }
+    }
+
+    if (res == 1) {
+         /* Add chain to DER buffer. */
+         res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz, ctx->heap);
+    #ifdef WOLFSSL_TLS13
+        /* Update count of certificates. */
+        ctx->certChainCnt++;
+    #endif
+    }
+
+    return res;
+}
+
+/* Add a certificate to chain sent in TLS handshake.
+ *
+ * @param [in, out] ctx   SSL context.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+{
+    int   ret = 1;
+    int   derSz = 0;
+    const byte* der = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (x509 == NULL)) {
+        WOLFSSL_MSG("Bad Argument");
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        /* Get the DER encoding of the certificate from the X509 object. */
+        der = wolfSSL_X509_get_der(x509, &derSz);
+        /* Validate buffer. */
+        if ((der == NULL) || (derSz <= 0)) {
+            WOLFSSL_MSG("Error getting X509 DER");
+            ret = 0;
+        }
+    }
+
+    if ((ret == 1) && (ctx->certificate == NULL)) {
+        WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
+
+        /* Process buffer makes first certificate the leaf. */
+        ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
+            NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx));
+        if (ret != 1) {
+            ret = 0;
+        }
+    }
+    else if (ret == 1) {
+        /* Add certificate to existing chain. */
+        ret = wolfssl_ctx_add_to_chain(ctx, der, derSz);
+    }
+
+    if (ret == 1) {
+        /* On success WOLFSSL_X509 memory is responsibility of SSL context. */
+        wolfSSL_X509_free(x509);
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA */
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
+    defined(WOLFSSL_HAPROXY)
+/* Load a certificate into SSL context.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
+{
+    int res = 1;
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (x == NULL) || (x->derCert == NULL)) {
+        WOLFSSL_MSG("Bad parameter");
+        res = 0;
+    }
+
+    if (res == 1) {
+        /* Replace certificate buffer with one holding the new certificate. */
+        FreeDer(&ctx->certificate);
+        ret = AllocCopyDer(&ctx->certificate, x->derCert->buffer,
+            x->derCert->length, CERT_TYPE, ctx->heap);
+        if (ret != 0) {
+            res = 0;
+        }
+    }
+
+#ifdef KEEP_OUR_CERT
+    if (res == 1) {
+        /* Dispose of our certificate if it is ours. */
+        if ((ctx->ourCert != NULL) && ctx->ownOurCert) {
+            wolfSSL_X509_free(ctx->ourCert);
+        }
+    #ifndef WOLFSSL_X509_STORE_CERTS
+        /* Keep a reference to the new certificate. */
+        ctx->ourCert = x;
+        if (wolfSSL_X509_up_ref(x) != 1) {
+            res = 0;
+        }
+    #else
+        /* Keep a copy of the new certificate. */
+        ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer,
+            x->derCert->length, ctx->heap);
+        if (ctx->ourCert == NULL) {
+            res = 0;
+        }
+    #endif
+        /* Now own our certificate. */
+        ctx->ownOurCert = 1;
+    }
+#endif
+
+    if (res == 1) {
+        /* Set have options based on public key OID. */
+        wolfssl_set_have_from_key_oid(ctx, NULL, x->pubKeyOID);
+    }
+
+    return res;
+}
+
+/* Add the certificate to the chain in the SSL context and own the X509 object.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_add0_chain_cert");
+
+    /* Add certificate to chain and copy or up reference it. */
+    ret = wolfSSL_CTX_add1_chain_cert(ctx, x509);
+    if (ret == 1) {
+        /* Down reference or free original now as we own certificate. */
+        wolfSSL_X509_free(x509);
+    }
+
+    return ret;
+}
+
+/* Add the certificate to the chain in the SSL context.
+ *
+ * X509 object copied or up referenced.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_add1_chain_cert");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
+        ret = 0;
+    }
+
+    /* Check if we already have set a certificate. */
+    if ((ret == 1) && (ctx->certificate == NULL)) {
+        /* Use the certificate. */
+        ret = wolfSSL_CTX_use_certificate(ctx, x509);
+    }
+    /* Increase reference count as we will store it. */
+    else if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) {
+        /* Load the DER encoding. */
+        ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer,
+            x509->derCert->length, WOLFSSL_FILETYPE_ASN1);
+        if (ret == 1) {
+            /* Add DER encoding to chain. */
+            ret = wolfssl_add_to_chain(&ctx->certChain, 1,
+                x509->derCert->buffer, x509->derCert->length, ctx->heap);
+        }
+        /* Store cert in stack to free it later. */
+        if ((ret == 1) && (ctx->x509Chain == NULL)) {
+            /* Create a stack for certificates. */
+            ctx->x509Chain = wolfSSL_sk_X509_new_null();
+            if (ctx->x509Chain == NULL) {
+                WOLFSSL_MSG("wolfSSL_sk_X509_new_null error");
+                ret = 0;
+            }
+        }
+        if (ret == 1) {
+            /* Push the X509 object onto stack. */
+            ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+        }
+
+        if (ret != 1) {
+            /* Decrease reference count on error as we didn't store it. */
+            wolfSSL_X509_free(x509);
+        }
+    }
+
+    return WS_RC(ret);
+}
+
+#ifdef KEEP_OUR_CERT
+/* Add the certificate to the chain in the SSL and own the X509 object.
+ *
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_add0_chain_cert");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
+        ret = 0;
+    }
+
+    /* Check if we already have set a certificate. */
+    if ((ret == 1) && (ssl->buffers.certificate == NULL)) {
+        /* Use the certificate. */
+        ret = wolfSSL_use_certificate(ssl, x509);
+        if (ret == 1) {
+            /* Dispose of old certificate if we own it. */
+            if (ssl->buffers.weOwnCert) {
+                wolfSSL_X509_free(ssl->ourCert);
+            }
+            /* Store cert to free it later. */
+            ssl->ourCert = x509;
+            ssl->buffers.weOwnCert = 1;
+        }
+    }
+    else if (ret == 1) {
+        /* Add DER encoding to chain. */
+        ret = wolfssl_add_to_chain(&ssl->buffers.certChain,
+            ssl->buffers.weOwnCertChain, x509->derCert->buffer,
+            x509->derCert->length, ssl->heap);
+        if (ret == 1) {
+            /* We now own cert chain. */
+            ssl->buffers.weOwnCertChain = 1;
+            /* Create a stack to put certificate into. */
+            if (ssl->ourCertChain == NULL) {
+                ssl->ourCertChain = wolfSSL_sk_X509_new_null();
+                if (ssl->ourCertChain == NULL) {
+                    WOLFSSL_MSG("wolfSSL_sk_X509_new_null error");
+                    ret = 0;
+                }
+            }
+        }
+        if (ret == 1) {
+            /* Push X509 object onto stack to be freed. */
+            ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+            if (ret != 1) {
+                /* Free it now on error. */
+                wolfSSL_X509_free(x509);
+            }
+        }
+    }
+    return WS_RC(ret);
+}
+
+/* Add the certificate to the chain in the SSL.
+ *
+ * X509 object is up referenced.
+ *
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      x509  X509 certificate object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_add1_chain_cert");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
+        ret = 0;
+    }
+
+    /* Increase reference count on X509 object before adding. */
+    if ((ret == 1) && ((ret == wolfSSL_X509_up_ref(x509)) == 1)) {
+        /* Add this to the chain. */
+        if ((ret = wolfSSL_add0_chain_cert(ssl, x509)) != 1) {
+            /* Decrease reference count on error as not stored. */
+            wolfSSL_X509_free(x509);
+        }
+    }
+
+    return ret;
+}
+#endif /* KEEP_OUR_CERT */
+#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL,
+          WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY */
+
+#ifdef OPENSSL_EXTRA
+
+/* Load a private key into SSL context.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      pkey  EVP private key.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (pkey == NULL) || (pkey->pkey.ptr == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        switch (pkey->type) {
+    #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+        case WC_EVP_PKEY_RSA:
+            WOLFSSL_MSG("populating RSA key");
+            ret = PopulateRSAEvpPkeyDer(pkey);
+            break;
+    #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
+    #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
+            defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
+        case WC_EVP_PKEY_DSA:
+            break;
+    #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) &&
+            * !NO_DSA */
+    #ifdef HAVE_ECC
+        case WC_EVP_PKEY_EC:
+            WOLFSSL_MSG("populating ECC key");
+            ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc);
+            break;
+    #endif
+        default:
+            ret = 0;
+        }
+    }
+
+    if (ret == 1) {
+        /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+            (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz,
+            WOLFSSL_FILETYPE_ASN1);
+    }
+
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA */
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
+    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
+/* Load a DER encoded certificate in a buffer into SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      der    Buffer holding DER encoded certificate.
+ * @param [in]      derSz  Size of data in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
+    const unsigned char *der)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (der == NULL)) {
+        ret = 0;
+    }
+    /* Load DER encoded certificate into SSL context. */
+    if ((ret == 1) && (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
+            WOLFSSL_FILETYPE_ASN1) != 1)) {
+        ret = 0;
+    }
+
+    return ret;
+}
+
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+/* Load an RSA private key into SSL context.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      rsa   RSA private key.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ctx or rsa is NULL.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
+{
+    int ret = 1;
+    int derSize = 0;
+    unsigned char* der = NULL;
+    unsigned char* p;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (rsa == NULL)) {
+        WOLFSSL_MSG("one or more inputs were NULL");
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Get DER encoding size. */
+    if ((ret == 1) && ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, NULL)) <= 0)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        /* Allocate memory to hold DER encoding.. */
+        der = (unsigned char*)XMALLOC((size_t)derSize, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
+        if (der == NULL) {
+            WOLFSSL_MSG("Malloc failure");
+            ret = MEMORY_E;
+        }
+    }
+
+    if (ret == 1) {
+        /* Pointer passed in is modified.. */
+        p = der;
+        /* Encode the RSA key as DER into buffer and get size. */
+        if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &p)) <= 0) {
+            WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure");
+            ret = 0;
+        }
+    }
+
+    if (ret == 1) {
+        /* Load DER encoded certificate into SSL context. */
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSize,
+            SSL_FILETYPE_ASN1);
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure");
+            ret = 0;
+        }
+    }
+
+    /* Dispos of dynamically allocated data. */
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
+
+#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
+
+#endif /* !NO_CERTS */
+
+#ifdef OPENSSL_EXTRA
+
+/* Use the default paths to look for CA certificate.
+ *
+ * This is an OpenSSL compatibility layer function, but it doesn't mirror
+ * the exact functionality of its OpenSSL counterpart. We don't support the
+ * notion of an "OpenSSL directory". This function will attempt to load the
+ * environment variables SSL_CERT_DIR and SSL_CERT_FILE, if either are
+ * found, they will be loaded. Otherwise, it will act as a wrapper around
+ * our native wolfSSL_CTX_load_system_CA_certs function. This function does
+ * conform to OpenSSL's return value conventions.
+ *
+ * @param [in] ctx  SSL context object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  WOLFSSL_FATAL_ERROR when using a filesystem is not supported.
+ */
+int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
+{
+    int ret;
+#if defined(XGETENV) && !defined(NO_GETENV)
+    char* certDir = NULL;
+    char* certFile = NULL;
+    word32 flags = 0;
+#elif !defined(WOLFSSL_SYS_CA_CERTS)
+    (void)ctx;
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
+
+#if defined(XGETENV) && !defined(NO_GETENV)
+    /* // NOLINTBEGIN(concurrency-mt-unsafe) */
+    certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
+    certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
+    flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
+
+    if ((certDir != NULL) || (certFile != NULL)) {
+        if (certDir != NULL) {
+           /* We want to keep trying to load more CA certs even if one cert in
+            * the directory is bad and can't be used (e.g. if one is
+            * expired), so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR.
+            */
+            flags |= WOLFSSL_LOAD_FLAG_IGNORE_ERR;
+        }
+
+        /* Load CA certificates from environment variable locations. */
+        ret = wolfSSL_CTX_load_verify_locations_ex(ctx, certFile, certDir,
+            flags);
+        if (ret != 1) {
+            WOLFSSL_MSG_EX("Failed to load CA certs from SSL_CERT_FILE: %s"
+                            " SSL_CERT_DIR: %s. Error: %d", certFile,
+                            certDir, ret);
+            ret = 0;
+        }
+    }
+    /* // NOLINTEND(concurrency-mt-unsafe) */
+    else
+#endif
+
+    {
+    #ifdef NO_FILESYSTEM
+        WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths not supported"
+                    " with NO_FILESYSTEM enabled");
+        ret = WOLFSSL_FATAL_ERROR;
+    #elif defined(WOLFSSL_SYS_CA_CERTS)
+        /* Load the system CA certificates. */
+        ret = wolfSSL_CTX_load_system_CA_certs(ctx);
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_BAD_PATH)) {
+            /* OpenSSL doesn't treat the lack of a system CA cert directory as a
+             * failure. We do the same here.
+             */
+            ret = 1;
+        }
+    #else
+        /* OpenSSL's implementation of this API does not require loading the
+           system CA cert directory.  Allow skipping this without erroring out. */
+        ret = 1;
+    #endif
+    }
+
+#if defined(XGETENV) && !defined(NO_GETENV)
+    XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
+
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA */
+
+#ifndef NO_DH
+
+/* Set the temporary DH parameters against the SSL.
+ *
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      p     Buffer holding prime.
+ * @param [in]      pSz   Length of prime in bytes.
+ * @param [in]      g     Buffer holding generator.
+ * @param [in]      gSz   Length of generator in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  DH_KEY_SIZE_E when the prime is too short or long.
+ * @return  SIDE_ERROR when the SSL is for a client.
+ */
+static int wolfssl_set_tmp_dh(WOLFSSL* ssl, unsigned char* p, int pSz,
+    unsigned char* g, int gSz)
+{
+    int ret = 1;
+
+    /* Check the size of the prime meets the requirements of the SSL. */
+    if (((word16)pSz < ssl->options.minDhKeySz) ||
+            ((word16)pSz > ssl->options.maxDhKeySz)) {
+        ret = DH_KEY_SIZE_E;
+    }
+    /* Only able to set DH parameters on server. */
+    if ((ret == 1) && (ssl->options.side == WOLFSSL_CLIENT_END)) {
+        ret = SIDE_ERROR;
+    }
+
+    if (ret == 1) {
+    #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+        !defined(HAVE_SELFTEST)
+        /* New DH parameters not tested for validity. */
+        ssl->options.dhKeyTested = 0;
+        /* New DH parameters must be tested for validity before use. */
+        ssl->options.dhDoKeyTest = 1;
+    #endif
+
+        /* Dispose of old DH parameters if we own it. */
+        if (ssl->buffers.weOwnDH) {
+            XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
+                DYNAMIC_TYPE_PUBLIC_KEY);
+            XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
+                DYNAMIC_TYPE_PUBLIC_KEY);
+        }
+
+        /* Assign the buffers and lengths to SSL. */
+        ssl->buffers.serverDH_P.buffer = p;
+        ssl->buffers.serverDH_G.buffer = g;
+        ssl->buffers.serverDH_P.length = (unsigned int)pSz;
+        ssl->buffers.serverDH_G.length = (unsigned int)gSz;
+        /* We own the buffers. */
+        ssl->buffers.weOwnDH = 1;
+        /* We have a DH parameters to use. */
+        ssl->options.haveDH = 1;
+    }
+
+    /* Allocate space for cipher suites. */
+    if ((ret == 1) && (AllocateSuites(ssl) != 0)) {
+        ssl->buffers.serverDH_P.buffer = NULL;
+        ssl->buffers.serverDH_G.buffer = NULL;
+        ret = 0;
+    }
+    if (ret == 1) {
+        /* Reset the cipher suites based on having a DH parameters now. */
+        InitSuites(ssl->suites, ssl->version, SSL_KEY_SZ(ssl),
+            WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH,
+            ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
+            ssl->options.haveStaticECC,
+            ssl->options.useAnon, TRUE,
+            TRUE, TRUE, TRUE, ssl->options.side);
+    }
+
+    return ret;
+}
+
+/* Set the temporary DH parameters against the SSL.
+ *
+ * @param [in, out] ssl   SSL object.
+ * @param [in]      p     Buffer holding prime.
+ * @param [in]      pSz   Length of prime in bytes.
+ * @param [in]      g     Buffer holding generator.
+ * @param [in]      gSz   Length of generator in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  DH_KEY_SIZE_E when the prime is too short or long.
+ * @return  SIDE_ERROR when the SSL is for a client.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
+    const unsigned char* g, int gSz)
+{
+    int ret = 1;
+    byte* pAlloc = NULL;
+    byte* gAlloc = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_SetTmpDH");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (p == NULL) || (g == NULL)) {
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        /* Allocate buffers for p and g to be assigned into SSL. */
+        pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if ((pAlloc == NULL) || (gAlloc == NULL)) {
+            /* Memory will be freed below in the (ret != 1) block */
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 1) {
+        /* Copy p and g into allocated buffers. */
+        XMEMCPY(pAlloc, p, (size_t)pSz);
+        XMEMCPY(gAlloc, g, (size_t)gSz);
+        /* Set the buffers into SSL. */
+        ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz);
+    }
+
+    if (ret != 1 && ssl != NULL) {
+        /* Free the allocated buffers if not assigned into SSL. */
+        XFREE(pAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(gAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_SetTmpDH", ret);
+    return ret;
+}
+
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+/* Check the DH parameters is valid.
+ *
+ * @param [in]      p     Buffer holding prime.
+ * @param [in]      pSz   Length of prime in bytes.
+ * @param [in]      g     Buffer holding generator.
+ * @param [in]      gSz   Length of generator in bytes.
+ * @return  1 on success.
+ * @return  DH_CHECK_PUB_E when p is not a prime.
+ * @return  BAD_FUNC_ARG when p or g is NULL, or pSz or gSz is 0.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g,
+    int gSz)
+{
+    WC_RNG rng;
+    int ret = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    DhKey checkKey[1];
+#else
+    DhKey *checkKey;
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    checkKey = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
+    if (checkKey == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+    /* Initialize a new random number generator. */
+    if ((ret == 0) && ((ret = wc_InitRng(&rng)) == 0)) {
+        /* Initialize a DH object. */
+        if ((ret = wc_InitDhKey(checkKey)) == 0) {
+            /* Check DH parameters. */
+            ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng);
+            /* Dispose of DH object. */
+            wc_FreeDhKey(checkKey);
+        }
+        /* Dispose of random number generator. */
+        wc_FreeRng(&rng);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of dynamically allocated data. */
+    XFREE(checkKey, NULL, DYNAMIC_TYPE_DH);
+#endif
+    /* Convert wolfCrypt return code to 1 on success and ret on failure. */
+    return WC_TO_WS_RC(ret);
+}
+#endif
+
+/* Set the temporary DH parameters against the SSL context.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      p     Buffer holding prime.
+ * @param [in]      pSz   Length of prime in bytes.
+ * @param [in]      g     Buffer holding generator.
+ * @param [in]      gSz   Length of generator in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  DH_KEY_SIZE_E when the prime is too short or long.
+ * @return  SIDE_ERROR when the SSL is for a client.
+ * @return  BAD_FUNC_ARG when ctx, p or g is NULL.
+ * @return  DH_CHECK_PUB_E when p is not a prime.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int wolfssl_ctx_set_tmp_dh(WOLFSSL_CTX* ctx, unsigned char* p, int pSz,
+    unsigned char* g, int gSz)
+{
+    int ret = 1;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
+
+    /* Check the size of the prime meets the requirements of the SSL context. */
+    if (((word16)pSz < ctx->minDhKeySz) || ((word16)pSz > ctx->maxDhKeySz)) {
+        ret = DH_KEY_SIZE_E;
+    }
+
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+    if (ret == 1) {
+        /* Test DH parameters for validity. */
+        ret = wolfssl_check_dh_key(p, pSz, g, gSz);
+        /* Record as whether tested based on result of validity test. */
+        ctx->dhKeyTested = (ret == 1);
+    }
+#endif
+
+    if (ret == 1) {
+        /* Dispose of old DH parameters. */
+        XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        /* Assign the buffers and lengths to SSL context. */
+        ctx->serverDH_P.buffer = p;
+        ctx->serverDH_G.buffer = g;
+        ctx->serverDH_P.length = (unsigned int)pSz;
+        ctx->serverDH_G.length = (unsigned int)gSz;
+        /* We have a DH parameters to use. */
+        ctx->haveDH = 1;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
+    return ret;
+}
+
+/* Set the temporary DH parameters against the SSL context.
+ *
+ * @param [in, out] ctx   SSL context object.
+ * @param [in]      p     Buffer holding prime.
+ * @param [in]      pSz   Length of prime in bytes.
+ * @param [in]      g     Buffer holding generator.
+ * @param [in]      gSz   Length of generator in bytes.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  DH_KEY_SIZE_E when the prime is too short or long.
+ * @return  SIDE_ERROR when the SSL is for a client.
+ * @return  BAD_FUNC_ARG when ctx, p or g is NULL.
+ * @return  DH_CHECK_PUB_E when p is not a prime.
+ */
+int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
+                         const unsigned char* g, int gSz)
+{
+    int ret = 1;
+    byte* pAlloc = NULL;
+    byte* gAlloc = NULL;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (p == NULL) || (g == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 1) {
+        /* Allocate buffers for p and g to be assigned into SSL context. */
+        pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if ((pAlloc == NULL) || (gAlloc == NULL)) {
+            ret = MEMORY_E;
+        }
+    }
+
+    if (ret == 1) {
+        /* Copy p and g into allocated buffers. */
+        XMEMCPY(pAlloc, p, (size_t)pSz);
+        XMEMCPY(gAlloc, g, (size_t)gSz);
+        /* Set the buffers into SSL context. */
+        ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz);
+    }
+
+    if ((ret != 1) && (ctx != NULL)) {
+        /* Free the allocated buffers if not assigned into SSL context. */
+        XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    }
+    return ret;
+}
+
+#ifdef OPENSSL_EXTRA
+/* Set the temporary DH parameters against the SSL.
+ *
+ * @param [in, out] ssl  SSL object.
+ * @param [in]      dh   DH object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  WOLFSSL_FATAL_ERROR on failure.
+ * @return  BAD_FUNC_ARG when ssl or dh is NULL.
+ * @return  DH_KEY_SIZE_E when the prime is too short or long.
+ * @return  SIDE_ERROR when the SSL is for a client.
+ */
+long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
+{
+    int ret = 1;
+    byte* p = NULL;
+    byte* g = NULL;
+    int pSz = 0;
+    int gSz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
+
+    /* Validate parameters. */
+    if ((ssl == NULL) || (dh == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 1) {
+        /* Get sizes of p and g. */
+        pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
+        gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
+        /* Validate p and g size. */
+        if ((pSz <= 0) || (gSz <= 0)) {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+
+    if (ret == 1) {
+        /* Allocate buffers for p and g to be assigned into SSL. */
+        p = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        g = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if ((p == NULL) || (g == NULL)) {
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 1) {
+        /* Encode p and g and get sizes. */
+        pSz = wolfSSL_BN_bn2bin(dh->p, p);
+        gSz = wolfSSL_BN_bn2bin(dh->g, g);
+        /* Check encoding worked. */
+        if ((pSz <= 0) || (gSz <= 0)) {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+    if (ret == 1) {
+        /* Set the buffers into SSL. */
+        ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz);
+    }
+
+    if ((ret != 1) && (ssl != NULL)) {
+        /* Free the allocated buffers if not assigned into SSL. */
+        XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    }
+    return ret;
+}
+
+/* Set the temporary DH parameters object against the SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      dh      DH object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  DH_KEY_SIZE_E when the prime is too short or long.
+ * @return  SIDE_ERROR when the SSL is for a client.
+ * @return  BAD_FUNC_ARG when ctx, p or g is NULL.
+ * @return  DH_CHECK_PUB_E when p is not a prime.
+ */
+long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
+{
+    int ret = 1;
+    int pSz = 0;
+    int gSz = 0;
+    byte* p = NULL;
+    byte* g = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (dh == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 1) {
+        /* Get sizes of p and g. */
+        pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
+        gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
+        /* Validate p and g size. */
+        if ((pSz <= 0) || (gSz <= 0)) {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+
+    if (ret == 1) {
+        /* Allocate buffers for p and g to be assigned into SSL. */
+        p = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        g = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if ((p == NULL) || (g == NULL)) {
+            ret = MEMORY_E;
+        }
+    }
+
+    if (ret == 1) {
+        /* Encode p and g and get sizes. */
+        pSz = wolfSSL_BN_bn2bin(dh->p, p);
+        gSz = wolfSSL_BN_bn2bin(dh->g, g);
+        /* Check encoding worked. */
+        if ((pSz < 0) && (gSz < 0)) {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+    if (ret == 1) {
+        /* Set the buffers into SSL context. */
+        ret = wolfssl_ctx_set_tmp_dh(ctx, p, pSz, g, gSz);
+    }
+
+    if ((ret != 1) && (ctx != NULL)) {
+        /* Free the allocated buffers if not assigned into SSL. */
+        XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    }
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA */
+
+#ifndef NO_CERTS
+
+/* Set the temporary DH parameters against the SSL context or SSL.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      buf     Buffer holding encoded DH parameters.
+ * @param [in]      sz      Size of encoded DH parameters.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  0 on failure.
+ * @return  BAD_FUNC_ARG when ctx and ssl NULL or buf is NULL.
+ * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
+ * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
+ */
+static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    const unsigned char* buf, long sz, int format)
+{
+    DerBuffer* der = NULL;
+    int res = 1;
+    int ret;
+    /* p and g size to allocate set to maximum valid size. */
+    word32 pSz = MAX_DH_SIZE;
+    word32 gSz = MAX_DH_SIZE;
+    byte* p = NULL;
+    byte* g = NULL;
+    void* heap = WOLFSSL_HEAP(ctx, ssl);
+
+    /* Validate parameters. */
+    if (((ctx == NULL) && (ssl == NULL)) || (buf == NULL)) {
+        res = BAD_FUNC_ARG;
+    }
+    /* Check format is supported. */
+    if ((res == 1) && (format != WOLFSSL_FILETYPE_ASN1)) {
+        if (format != WOLFSSL_FILETYPE_PEM) {
+            res = WOLFSSL_BAD_FILETYPE;
+        }
+    #ifndef WOLFSSL_PEM_TO_DER
+        else {
+            res = NOT_COMPILED_IN;
+        }
+    #endif
+    }
+
+    /* PemToDer allocates its own DER buffer. */
+    if ((res == 1) && (format != WOLFSSL_FILETYPE_PEM)) {
+        /* Create an empty DER buffer. */
+        ret = AllocDer(&der, 0, DH_PARAM_TYPE, heap);
+        if (ret == 0) {
+            /* Assign encoded DH parameters to DER buffer. */
+            der->buffer = (byte*)buf;
+            der->length = (word32)sz;
+        }
+        else {
+            res = ret;
+        }
+    }
+
+    if (res == 1) {
+        /* Allocate enough memory to p and g to support valid use cases. */
+        p = (byte*)XMALLOC(pSz, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        g = (byte*)XMALLOC(gSz, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if ((p == NULL) || (g == NULL)) {
+            res = MEMORY_E;
+        }
+    }
+
+#ifdef WOLFSSL_PEM_TO_DER
+    if ((res == 1) && (format == WOLFSSL_FILETYPE_PEM)) {
+        /* Convert from PEM to DER. */
+        /* Try converting DH parameters from PEM to DER. */
+        ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, heap, NULL, NULL);
+        if (ret < 0) {
+            /* Otherwise, try converting X9.43 format DH parameters. */
+            ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, heap, NULL, NULL);
+        }
+    #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+        if (ret < 0) {
+            /* Otherwise, try converting DSA parameters. */
+            ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, heap, NULL, NULL);
+        }
+    #endif /* WOLFSSL_WPAS && !NO_DSA */
+       if (ret < 0) {
+           /* Return error from conversion. */
+           res = ret;
+       }
+    }
+#endif /* WOLFSSL_PEM_TO_DER */
+
+    if (res == 1) {
+        /* Get the p and g from the DER encoded parameters. */
+        if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0) {
+            res = WOLFSSL_BAD_FILETYPE;
+        }
+        else if (ssl != NULL) {
+            /* Set p and g into SSL. */
+            res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, (int)gSz);
+        }
+        else {
+            /* Set p and g into SSL context. */
+            res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, (int)gSz);
+        }
+    }
+
+    /* Dispose of the DER buffer. */
+    FreeDer(&der);
+    if (res != 1) {
+        /* Free the allocated buffers if not assigned into SSL or context. */
+        XFREE(p, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(g, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    }
+    return res;
+}
+
+
+/* Set the temporary DH parameters against the SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      buf     Buffer holding encoded DH parameters.
+ * @param [in]      sz      Size of encoded DH parameters.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  BAD_FUNC_ARG when ssl or buf is NULL.
+ * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
+ * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
+ */
+int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
+    int format)
+{
+    return ws_ctx_ssl_set_tmp_dh(NULL, ssl, buf, sz, format);
+}
+
+
+/* Set the temporary DH parameters against the SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      buf     Buffer holding encoded DH parameters.
+ * @param [in]      sz      Size of encoded DH parameters.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  BAD_FUNC_ARG when ctx or buf is NULL.
+ * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
+ * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
+ */
+int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
+    long sz, int format)
+{
+    return ws_ctx_ssl_set_tmp_dh(ctx, NULL, buf, sz, format);
+}
+
+#ifndef NO_FILESYSTEM
+
+/* Set the temporary DH parameters file against the SSL context or SSL.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      fname   Name of file to load.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  BAD_FUNC_ARG when ctx and ssl NULL or fname is NULL.
+ * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
+ * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
+ */
+static int ws_ctx_ssl_set_tmp_dh_file(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+    const char* fname, int format)
+{
+    int    res = 1;
+    int    ret;
+#ifndef WOLFSSL_SMALL_STACK
+    byte   stackBuffer[FILE_BUFFER_SIZE];
+#endif
+    StaticBuffer dhFile;
+    long   sz = 0;
+    void*  heap = WOLFSSL_HEAP(ctx, ssl);
+
+    /* Setup buffer to hold file contents. */
+#ifdef WOLFSSL_SMALL_STACK
+    static_buffer_init(&dhFile);
+#else
+    static_buffer_init(&dhFile, stackBuffer, FILE_BUFFER_SIZE);
+#endif
+
+    /* Validate parameters. */
+    if (((ctx == NULL) && (ssl == NULL)) || (fname == NULL)) {
+        res = BAD_FUNC_ARG;
+    }
+
+    if (res == 1) {
+        /* Read file into static buffer. */
+        ret = wolfssl_read_file_static(fname, &dhFile, heap, DYNAMIC_TYPE_FILE,
+            &sz);
+        if (ret != 0) {
+            res = ret;
+        }
+    }
+    if (res == 1) {
+        if (ssl != NULL) {
+            /* Set encoded DH parameters into SSL. */
+            res = wolfSSL_SetTmpDH_buffer(ssl, dhFile.buffer, sz, format);
+        }
+        else {
+            /* Set encoded DH parameters into SSL context. */
+            res = wolfSSL_CTX_SetTmpDH_buffer(ctx, dhFile.buffer, sz, format);
+        }
+    }
+
+    /* Dispose of any dynamically allocated data. */
+    static_buffer_free(&dhFile, heap, DYNAMIC_TYPE_FILE);
+    return res;
+}
+
+/* Set the temporary DH parameters file against the SSL.
+ *
+ * @param [in, out] ssl     SSL object.
+ * @param [in]      fname   Name of file to load.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  BAD_FUNC_ARG when ssl or fname is NULL.
+ * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
+ * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
+ */
+int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
+{
+    return ws_ctx_ssl_set_tmp_dh_file(NULL, ssl, fname, format);
+}
+
+
+/* Set the temporary DH parameters file against the SSL context.
+ *
+ * @param [in, out] ctx     SSL context object.
+ * @param [in]      fname   Name of file to load.
+ * @param [in]      format  Format of data:
+ *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
+ * @return  1 on success.
+ * @return  BAD_FUNC_ARG when ctx or fname is NULL.
+ * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
+ * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
+ */
+int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
+{
+    return ws_ctx_ssl_set_tmp_dh_file(ctx, NULL, fname, format);
+}
+
+#endif /* NO_FILESYSTEM */
+
+#endif /* NO_CERTS */
+
+#endif /* !NO_DH */
+
+#endif /* !WOLFSSL_SSL_LOAD_INCLUDED */
+
diff --git a/src/ssl_misc.c b/src/ssl_misc.c
index 9bc42ddd9..0d75639c8 100644
--- a/src/ssl_misc.c
+++ b/src/ssl_misc.c
@@ -1,6 +1,6 @@
 /* ssl_misc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,8 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #if !defined(WOLFSSL_SSL_MISC_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -54,7 +56,7 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
     char* p;
 
     /* Allocate buffer to hold a chunk of data. */
-    mem = (char*)XMALLOC(READ_BIO_FILE_CHUNK, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    mem = (char*)XMALLOC(READ_BIO_FILE_CHUNK, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (mem == NULL) {
         WOLFSSL_ERROR_MSG("Memory allocation error");
         ret = MEMORY_E;
@@ -86,8 +88,8 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
             }
             else {
                 /* No space left for more data to be read - add a chunk. */
-                p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, bio->heap,
-                    DYNAMIC_TYPE_OPENSSL);
+                p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
                 if (p == NULL) {
                     sz = MEMORY_E;
                     break;
@@ -103,7 +105,7 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
         }
         if ((sz < 0) || (ret == 0)) {
             /* Dispose of memory on error or no data read. */
-            XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
+            XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             mem = NULL;
             /* Return error. */
             ret = sz;
@@ -129,14 +131,14 @@ static int wolfssl_read_bio_len(WOLFSSL_BIO* bio, int sz, char** data)
     char* mem;
 
     /* Allocate buffer to hold data. */
-    mem = (char*)XMALLOC((size_t)sz, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    mem = (char*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (mem == NULL) {
         WOLFSSL_ERROR_MSG("Memory allocation error");
         ret = MEMORY_E;
     }
     else if ((ret = wolfSSL_BIO_read(bio, mem, sz)) != sz) {
         /* Pending data not read. */
-        XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
+        XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         mem = NULL;
         ret = MEMORY_E;
     }
@@ -163,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
     if (bio->type == WOLFSSL_BIO_MEMORY) {
         ret = wolfSSL_BIO_get_mem_data(bio, data);
         if (ret > 0) {
-            bio->rdIdx += ret;
+            /* Advance the write index in the memory bio */
+            WOLFSSL_BIO* mem_bio = bio;
+            for (; mem_bio != NULL; mem_bio = mem_bio->next) {
+                if (mem_bio->type == WOLFSSL_BIO_MEMORY)
+                    break;
+            }
+            if (mem_bio == NULL)
+                mem_bio = bio; /* Default to input */
+            mem_bio->rdIdx += ret;
         }
         *memAlloced = 0;
     }
@@ -206,9 +216,7 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
 #endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */
 
 #if (defined(OPENSSL_EXTRA) || defined(PERSIST_CERT_CACHE) || \
-     (!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
-      !defined(WOLFSSL_NO_CLIENT_AUTH)))) && !defined(WOLFCRYPT_ONLY) && \
-    !defined(NO_FILESYSTEM)
+     !defined(NO_CERTS)) && !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM)
 /* Read all the data from a file.
  *
  * @param [in]  fp          File pointer to read with.
@@ -299,5 +307,204 @@ static int wolfssl_read_file(XFILE fp, char** data, int* dataSz)
 }
 #endif /* (OPENSSL_EXTRA || PERSIST_CERT_CACHE) && !WOLFCRYPT_ONLY &&
         * !NO_FILESYSTEM */
+
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
+
+#ifdef WOLFSSL_SMALL_STACK
+
+/* Buffer and size with no stack buffer. */
+typedef struct {
+    /* Dynamically allocated buffer. */
+    byte* buffer;
+    /* Size of buffer in bytes. */
+    word32 sz;
+} StaticBuffer;
+
+/* Initialize static buffer.
+ *
+ * @param [in, out] sb  Static buffer.
+ */
+static void static_buffer_init(StaticBuffer* sb)
+{
+    sb->buffer = NULL;
+    sb->sz = 0;
+}
+
+/* Set the size of the buffer.
+ *
+ * Can only set size once.
+ *
+ * @param [in] sb    Static buffer.
+ * @param [in] len   Length required.
+ * @param [in] heap  Dynamic memory allocation hint.
+ * @param [in] type  Type of dynamic memory.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int static_buffer_set_size(StaticBuffer* sb, word32 len, void* heap,
+    int type)
+{
+    int ret = 0;
+
+    (void)heap;
+    (void)type;
+
+    sb->buffer = (byte*)XMALLOC(len, heap, type);
+    if (sb->buffer == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        sb->sz = len;
+    }
+
+    return ret;
+}
+
+/* Dispose of dynamically allocated buffer.
+ *
+ * @param [in] sb    Static buffer.
+ * @param [in] heap  Dynamic memory allocation hint.
+ * @param [in] type  Type of dynamic memory.
+ */
+static void static_buffer_free(StaticBuffer* sb, void* heap, int type)
+{
+    (void)heap;
+    (void)type;
+    XFREE(sb->buffer, heap, type);
+}
+
+#else
+
+/* Buffer and size with stack buffer set and option to dynamically allocate. */
+typedef struct {
+    /* Stack or heap buffer. */
+    byte* buffer;
+    /* Size of buffer in bytes. */
+    word32 sz;
+    /* Indicates whether the buffer was dynamically allocated. */
+    int dyn;
+} StaticBuffer;
+
+/* Initialize static buffer.
+ *
+ * @param [in, out] sb           Static buffer.
+ * @param [in]      stackBuffer  Buffer allocated on the stack.
+ * @param [in]      len          Length of stack buffer.
+ */
+static void static_buffer_init(StaticBuffer* sb, byte* stackBuffer, word32 len)
+{
+    sb->buffer = stackBuffer;
+    sb->sz = len;
+    sb->dyn = 0;
+}
+
+/* Set the size of the buffer.
+ *
+ * Pre: Buffer on the stack set with its size.
+ * Can only set size once.
+ *
+ * @param [in] sb    Static buffer.
+ * @param [in] len   Length required.
+ * @param [in] heap  Dynamic memory allocation hint.
+ * @param [in] type  Type of dynamic memory.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int static_buffer_set_size(StaticBuffer* sb, word32 len, void* heap,
+    int type)
+{
+    int ret = 0;
+
+    (void)heap;
+    (void)type;
+
+    if (len > sb->sz) {
+        byte* buff = (byte*)XMALLOC(len, heap, type);
+        if (buff == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            sb->buffer = buff;
+            sb->sz = len;
+            sb->dyn = 1;
+        }
+    }
+
+    return ret;
+}
+
+/* Dispose of dynamically allocated buffer.
+ *
+ * @param [in] sb    Static buffer.
+ * @param [in] heap  Dynamic memory allocation hint.
+ * @param [in] type  Type of dynamic memory.
+ */
+static void static_buffer_free(StaticBuffer* sb, void* heap, int type)
+{
+    (void)heap;
+    (void)type;
+
+    if (sb->dyn) {
+        XFREE(sb->buffer, heap, type);
+    }
+}
+
+#endif /* WOLFSSL_SMALL_STACK */
+
+#ifndef NO_FILESYSTEM
+
+/* Read all the data from a file into content.
+ *
+ * @param [in]      fname    File pointer to read with.
+ * @param [in, out] content  Read data in an allocated buffer.
+ * @param [in]      heap     Dynamic memory allocation hint.
+ * @param [in]      type     Type of dynamic memory.
+ * @param [out]     size     Amount of data read in bytes.
+ * @return  0 on success.
+ * @return  WOLFSSL_BAD_FILE when reading fails.
+ * @return  MEMORY_E when memory allocation fails.
+ */
+static int wolfssl_read_file_static(const char* fname, StaticBuffer* content,
+    void* heap, int type, long* size)
+{
+    int ret = 0;
+    XFILE file = XBADFILE;
+    long sz = 0;
+
+    /* Check filename is usable. */
+    if (fname == NULL) {
+        ret = WOLFSSL_BAD_FILE;
+    }
+    /* Open file for reading. */
+    if ((ret == 0) && ((file = XFOPEN(fname, "rb")) == XBADFILE)) {
+        ret = WOLFSSL_BAD_FILE;
+    }
+    if (ret == 0) {
+        /* Get length of file. */
+        ret = wolfssl_file_len(file, &sz);
+    }
+    if (ret == 0) {
+        /* Set the buffer to be big enough to hold all data. */
+        ret = static_buffer_set_size(content, (word32)sz, heap, type);
+    }
+    /* Read data from file. */
+    if ((ret == 0) && ((size_t)XFREAD(content->buffer, 1, (size_t)sz, file) !=
+            (size_t)sz)) {
+        ret = WOLFSSL_BAD_FILE;
+    }
+
+    /* Close file if opened. */
+    if (file != XBADFILE) {
+        XFCLOSE(file);
+    }
+    /* Return size read. */
+    *size = sz;
+    return ret;
+}
+
+#endif /* !NO_FILESYSTEM */
+
+#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
 #endif /* !WOLFSSL_SSL_MISC_INCLUDED */
 
diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c
new file mode 100644
index 000000000..87d18ff0e
--- /dev/null
+++ b/src/ssl_p7p12.c
@@ -0,0 +1,2086 @@
+/* ssl_p7p12.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(OPENSSL_EXTRA) && (defined(HAVE_FIPS) || defined(HAVE_SELFTEST))
+    #include <wolfssl/wolfcrypt/pkcs7.h>
+#endif
+#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
+    #include <wolfssl/openssl/pkcs7.h>
+#endif
+
+#if !defined(WOLFSSL_SSL_P7P12_INCLUDED)
+    #ifndef WOLFSSL_IGNORE_FILE_WARN
+        #warning ssl_p7p12.c does not need to be compiled separately from ssl.c
+    #endif
+#else
+
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
+
+/*******************************************************************************
+ * START OF PKCS7 APIs
+ ******************************************************************************/
+#ifdef HAVE_PKCS7
+
+#ifdef OPENSSL_ALL
+PKCS7* wolfSSL_PKCS7_new(void)
+{
+    WOLFSSL_PKCS7* pkcs7;
+    int ret = 0;
+
+    pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(WOLFSSL_PKCS7), NULL,
+                                    DYNAMIC_TYPE_PKCS7);
+    if (pkcs7 != NULL) {
+        XMEMSET(pkcs7, 0, sizeof(WOLFSSL_PKCS7));
+        ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID);
+    }
+
+    if (ret != 0 && pkcs7 != NULL) {
+        XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7);
+        pkcs7 = NULL;
+    }
+
+    return (PKCS7*)pkcs7;
+}
+
+/******************************************************************************
+* wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data
+*
+* RETURNS:
+* returns pointer to the PKCS7 structure on success, otherwise returns NULL
+*/
+PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void)
+{
+    byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02};
+    PKCS7* pkcs7 = NULL;
+
+    if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL)
+        return NULL;
+    pkcs7->contentOID = SIGNED_DATA;
+    if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) {
+        if (pkcs7) {
+            wolfSSL_PKCS7_free(pkcs7);
+            return NULL;
+        }
+    }
+    return pkcs7;
+}
+
+void wolfSSL_PKCS7_free(PKCS7* pkcs7)
+{
+    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
+
+    if (p7 != NULL) {
+        XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
+        wc_PKCS7_Free(&p7->pkcs7);
+        if (p7->certs)
+            wolfSSL_sk_pop_free(p7->certs, NULL);
+        XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7);
+    }
+}
+
+void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7)
+{
+    wolfSSL_PKCS7_free(p7);
+    return;
+}
+
+/**
+ * Convert DER/ASN.1 encoded signedData structure to internal PKCS7
+ * structure. Note, does not support detached content.
+ *
+ * p7 - pointer to set to address of newly created PKCS7 structure on return
+ * in - pointer to pointer of DER/ASN.1 data
+ * len - length of input data, bytes
+ *
+ * Returns newly allocated and populated PKCS7 structure or NULL on error.
+ */
+PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
+{
+    return wolfSSL_d2i_PKCS7_ex(p7, in, len, NULL, 0);
+}
+
+/* This internal function is only decoding and setting up the PKCS7 struct. It
+* does not verify the PKCS7 signature.
+*
+* RETURNS:
+* returns pointer to a PKCS7 structure on success, otherwise returns NULL
+*/
+static PKCS7* wolfSSL_d2i_PKCS7_only(PKCS7** p7, const unsigned char** in,
+    int len, byte* content, word32 contentSz)
+{
+    WOLFSSL_PKCS7* pkcs7 = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex");
+
+    if (in == NULL || *in == NULL || len < 0)
+        return NULL;
+
+    if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
+        return NULL;
+
+    pkcs7->len = len;
+    pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
+    if (pkcs7->data == NULL) {
+        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
+        return NULL;
+    }
+    XMEMCPY(pkcs7->data, *in, pkcs7->len);
+
+    if (content != NULL) {
+        pkcs7->pkcs7.content = content;
+        pkcs7->pkcs7.contentSz = contentSz;
+    }
+
+    if (p7 != NULL)
+        *p7 = (PKCS7*)pkcs7;
+    *in += pkcs7->len;
+    return (PKCS7*)pkcs7;
+}
+
+
+/*****************************************************************************
+* wolfSSL_d2i_PKCS7_ex - Converts the given unsigned char buffer of size len
+* into a PKCS7 object.  Optionally, accepts a byte buffer of content which
+* is stored as the PKCS7 object's content, to support detached signatures.
+* @param content The content which is signed, in case the signature is
+*                detached.  Ignored if NULL.
+* @param contentSz The size of the passed in content.
+*
+* RETURNS:
+* returns pointer to a PKCS7 structure on success, otherwise returns NULL
+*/
+PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len,
+        byte* content, word32 contentSz)
+{
+    WOLFSSL_PKCS7* pkcs7 = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex");
+
+    if (in == NULL || *in == NULL || len < 0)
+        return NULL;
+
+    pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_d2i_PKCS7_only(p7, in, len, content,
+            contentSz);
+    if (pkcs7 != NULL) {
+        if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len)
+                                                                         != 0) {
+            WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed");
+            wolfSSL_PKCS7_free((PKCS7*)pkcs7);
+            if (p7 != NULL) {
+                *p7 = NULL;
+            }
+            return NULL;
+        }
+    }
+
+    return (PKCS7*)pkcs7;
+}
+
+
+/**
+ * This API was added as a helper function for libest. It
+ * extracts a stack of certificates from the pkcs7 object.
+ * @param pkcs7 PKCS7 parameter object
+ * @return WOLFSSL_STACK_OF(WOLFSSL_X509)*
+ */
+WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
+{
+    int i;
+    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
+    WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_PKCS7_to_stack");
+
+    if (!p7) {
+        WOLFSSL_MSG("Bad parameter");
+        return NULL;
+    }
+
+    if (p7->certs)
+        return p7->certs;
+
+    for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
+        WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i],
+            p7->pkcs7.certSz[i], pkcs7->heap);
+        if (!ret)
+            ret = wolfSSL_sk_X509_new_null();
+        if (x509) {
+            if (wolfSSL_sk_X509_push(ret, x509) <= 0) {
+                wolfSSL_X509_free(x509);
+                WOLFSSL_MSG("wolfSSL_sk_X509_push error");
+                goto error;
+            }
+        }
+        else {
+            WOLFSSL_MSG("wolfSSL_X509_d2i error");
+            goto error;
+        }
+    }
+
+    /* Save stack to free later */
+    if (p7->certs)
+        wolfSSL_sk_pop_free(p7->certs, NULL);
+    p7->certs = ret;
+
+    return ret;
+error:
+    if (ret) {
+        wolfSSL_sk_pop_free(ret, NULL);
+    }
+    return NULL;
+}
+
+/**
+ * Return stack of signers contained in PKCS7 cert.
+ * Notes:
+ * - Currently only PKCS#7 messages with a single signer cert is supported.
+ * - Returned WOLFSSL_STACK must be freed by caller.
+ *
+ * pkcs7 - PKCS7 struct to retrieve signer certs from.
+ * certs - currently unused
+ * flags - flags to control function behavior.
+ *
+ * Return WOLFSSL_STACK of signers on success, NULL on error.
+ */
+WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
+                                          int flags)
+{
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_STACK* signers = NULL;
+    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
+
+    if (p7 == NULL)
+        return NULL;
+
+    /* Only PKCS#7 messages with a single cert that is the verifying certificate
+     * is supported.
+     */
+    if (flags & PKCS7_NOINTERN) {
+        WOLFSSL_MSG("PKCS7_NOINTERN flag not supported");
+        return NULL;
+    }
+
+    signers = wolfSSL_sk_X509_new_null();
+    if (signers == NULL)
+        return NULL;
+
+    if (wolfSSL_d2i_X509(&x509, (const byte**)&p7->pkcs7.singleCert,
+                         p7->pkcs7.singleCertSz) == NULL) {
+        wolfSSL_sk_X509_pop_free(signers, NULL);
+        return NULL;
+    }
+
+    if (wolfSSL_sk_X509_push(signers, x509) <= 0) {
+        wolfSSL_sk_X509_pop_free(signers, NULL);
+        return NULL;
+    }
+
+    (void)certs;
+
+    return signers;
+}
+
+#ifndef NO_BIO
+
+PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
+{
+    WOLFSSL_PKCS7* pkcs7;
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
+        return NULL;
+
+    pkcs7->len = wolfSSL_BIO_get_len(bio);
+    pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
+    if (pkcs7->data == NULL) {
+        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
+        return NULL;
+    }
+
+    if ((ret = wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len)) <= 0) {
+        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
+        return NULL;
+    }
+    /* pkcs7->len may change if using b64 for example */
+    pkcs7->len = ret;
+
+    if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len)
+                                                                         != 0) {
+        WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed");
+        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
+        return NULL;
+    }
+
+    if (p7 != NULL)
+        *p7 = (PKCS7*)pkcs7;
+    return (PKCS7*)pkcs7;
+}
+
+int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
+{
+    byte* output = NULL;
+    int localBuf = 0;
+    int len;
+    WC_RNG rng;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_i2d_PKCS7");
+
+    if (!out || !p7) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (!p7->rng) {
+        if (wc_InitRng(&rng) != 0) {
+            WOLFSSL_MSG("wc_InitRng error");
+            return WOLFSSL_FAILURE;
+        }
+        p7->rng = &rng; /* cppcheck-suppress autoVariables
+                         */
+    }
+
+    if ((len = wc_PKCS7_EncodeSignedData(p7, NULL, 0)) < 0) {
+        WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
+        goto cleanup;
+    }
+
+    if (*out == NULL) {
+        output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (!output) {
+            WOLFSSL_MSG("malloc error");
+            goto cleanup;
+        }
+        localBuf = 1;
+    }
+    else {
+        output = *out;
+    }
+
+    if ((len = wc_PKCS7_EncodeSignedData(p7, output, (word32)len)) < 0) {
+        WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
+        goto cleanup;
+    }
+
+    ret = len;
+cleanup:
+    if (p7->rng == &rng) {
+        wc_FreeRng(&rng);
+        p7->rng = NULL;
+    }
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) && localBuf)
+        XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        *out = output;
+    return ret;
+}
+
+int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
+{
+    byte* output = NULL;
+    int len;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
+
+    if (!bio || !p7) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+
+    if ((len = wolfSSL_i2d_PKCS7(p7, &output)) ==
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+    {
+        WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error");
+        goto cleanup;
+    }
+
+    if (wolfSSL_BIO_write(bio, output, len) <= 0) {
+        WOLFSSL_MSG("wolfSSL_BIO_write error");
+        goto cleanup;
+    }
+
+    ret = WOLFSSL_SUCCESS;
+cleanup:
+    XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+
+/**
+ * Creates and returns a PKCS7 signedData structure.
+ *
+ * Inner content type is set to DATA to match OpenSSL behavior.
+ *
+ * signer   - certificate to sign bundle with
+ * pkey     - private key matching signer
+ * certs    - optional additional set of certificates to include
+ * in       - input data to be signed
+ * flags    - optional set of flags to control sign behavior
+ *
+ *    PKCS7_BINARY   - Do not translate input data to MIME canonical
+ *                     format (\r\n line endings), thus preventing corruption of
+ *                     binary content.
+ *    PKCS7_TEXT     - Prepend MIME headers for text/plain to content.
+ *    PKCS7_DETACHED - Set signature detached, omit content from output bundle.
+ *    PKCS7_STREAM   - initialize PKCS7 struct for signing, do not read data.
+ *
+ * Flags not currently supported:
+ *    PKCS7_NOCERTS  - Do not include the signer cert in the output bundle.
+ *    PKCS7_PARTIAL  - Allow for PKCS7_sign() to be only partially set up,
+ *                     then signers etc to be added separately before
+ *                     calling PKCS7_final().
+ *
+ * Returns valid PKCS7 structure pointer, or NULL if an error occurred.
+ */
+PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, WOLFSSL_EVP_PKEY* pkey,
+        WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags)
+{
+    int err = 0;
+    WOLFSSL_PKCS7* p7 = NULL;
+    WOLFSSL_STACK* cert = certs;
+
+    WOLFSSL_ENTER("wolfSSL_PKCS7_sign");
+
+    if (flags & PKCS7_NOCERTS) {
+        WOLFSSL_MSG("PKCS7_NOCERTS flag not yet supported");
+        err = 1;
+    }
+
+    if (flags & PKCS7_PARTIAL) {
+        WOLFSSL_MSG("PKCS7_PARTIAL flag not yet supported");
+        err = 1;
+    }
+
+    if ((err == 0) && (signer == NULL || signer->derCert == NULL ||
+                       signer->derCert->length == 0)) {
+        WOLFSSL_MSG("Bad function arg, signer is NULL or incomplete");
+        err = 1;
+    }
+
+    if ((err == 0) && (pkey == NULL || pkey->pkey.ptr == NULL ||
+                       pkey->pkey_sz <= 0)) {
+        WOLFSSL_MSG("Bad function arg, pkey is NULL or incomplete");
+        err = 1;
+    }
+
+    if ((err == 0) && (in == NULL) && !(flags & PKCS7_STREAM)) {
+        WOLFSSL_MSG("input data required unless PKCS7_STREAM used");
+        err = 1;
+    }
+
+    if ((err == 0) && ((p7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)) {
+        WOLFSSL_MSG("Error allocating new WOLFSSL_PKCS7");
+        err = 1;
+    }
+
+    /* load signer certificate */
+    if (err == 0) {
+        if (wc_PKCS7_InitWithCert(&p7->pkcs7, signer->derCert->buffer,
+                                  signer->derCert->length) != 0) {
+            WOLFSSL_MSG("Failed to load signer certificate");
+            err = 1;
+        }
+    }
+
+    /* set signer private key, data types, defaults */
+    if (err == 0) {
+        p7->pkcs7.privateKey = (byte*)pkey->pkey.ptr;
+        p7->pkcs7.privateKeySz = (word32)pkey->pkey_sz;
+        p7->pkcs7.contentOID = DATA;  /* inner content default is DATA */
+        p7->pkcs7.hashOID = SHA256h;  /* default to SHA-256 hash type */
+        p7->type = SIGNED_DATA;       /* PKCS7_final switches on type */
+    }
+
+    /* add additional chain certs if provided */
+    while (cert && (err == 0)) {
+        if (cert->data.x509 != NULL && cert->data.x509->derCert != NULL) {
+            if (wc_PKCS7_AddCertificate(&p7->pkcs7,
+                                cert->data.x509->derCert->buffer,
+                                cert->data.x509->derCert->length) != 0) {
+                WOLFSSL_MSG("Error in wc_PKCS7_AddCertificate");
+                err = 1;
+            }
+        }
+        cert = cert->next;
+    }
+
+    if ((err == 0) && (flags & PKCS7_DETACHED)) {
+        if (wc_PKCS7_SetDetached(&p7->pkcs7, 1) != 0) {
+            WOLFSSL_MSG("Failed to set signature detached");
+            err = 1;
+        }
+    }
+
+    if ((err == 0) && (flags & PKCS7_STREAM)) {
+        /* if streaming, return before finalizing */
+        return (PKCS7*)p7;
+    }
+
+    if ((err == 0) && (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1)) {
+        WOLFSSL_MSG("Error calling wolfSSL_PKCS7_final");
+        err = 1;
+    }
+
+    if ((err != 0) && (p7 != NULL)) {
+        wolfSSL_PKCS7_free((PKCS7*)p7);
+        p7 = NULL;
+    }
+
+    return (PKCS7*)p7;
+}
+
+#ifdef HAVE_SMIME
+
+#ifndef MAX_MIME_LINE_LEN
+    #define MAX_MIME_LINE_LEN 1024
+#endif
+
+/**
+ * Copy input BIO to output BIO, but convert all line endings to CRLF (\r\n),
+ * used by PKCS7_final().
+ *
+ * in  - input WOLFSSL_BIO to be converted
+ * out - output WOLFSSL_BIO to hold copy of in, with line endings adjusted
+ *
+ * Return 0 on success, negative on error
+ */
+static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
+{
+    int ret = 0;
+    int lineLen = 0;
+    word32 canonLineLen = 0;
+    char* canonLine = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    char* line = NULL;
+#else
+    char line[MAX_MIME_LINE_LEN];
+#endif
+
+    if (in == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    line = (char*)XMALLOC(MAX_MIME_LINE_LEN, in->heap,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if (line == NULL) {
+        return MEMORY_E;
+    }
+#endif
+    XMEMSET(line, 0, MAX_MIME_LINE_LEN);
+
+    while ((lineLen = wolfSSL_BIO_gets(in, line, MAX_MIME_LINE_LEN)) > 0) {
+
+        if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') {
+            canonLineLen = (word32)lineLen;
+            if ((canonLine = wc_MIME_single_canonicalize(
+                                line, &canonLineLen)) == NULL) {
+                ret = WOLFSSL_FATAL_ERROR;
+                break;
+            }
+
+            /* remove trailing null */
+            if (canonLineLen >= 1 && canonLine[canonLineLen-1] == '\0') {
+                canonLineLen--;
+            }
+
+            if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) {
+                ret = WOLFSSL_FATAL_ERROR;
+                break;
+            }
+            XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
+            canonLine = NULL;
+        }
+        else {
+            /* no line ending in current line, write direct to out */
+            if (wolfSSL_BIO_write(out, line, lineLen) < 0) {
+                ret = WOLFSSL_FATAL_ERROR;
+                break;
+            }
+        }
+    }
+
+    XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#endif /* HAVE_SMIME */
+
+/* Used by both PKCS7_final() and PKCS7_verify() */
+static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
+
+/**
+ * Finalize PKCS7 structure, currently supports signedData only.
+ *
+ * Does not generate final bundle (ie: signedData), but finalizes
+ * the PKCS7 structure in preparation for a output function to be called next.
+ *
+ * pkcs7 - initialized PKCS7 structure, populated with signer, etc
+ * in    - input data
+ * flags - flags to control PKCS7 behavior. Other flags except those noted
+ *         below are ignored:
+ *
+ *    PKCS7_BINARY - Do not translate input data to MIME canonical
+ *                   format (\r\n line endings), thus preventing corruption of
+ *                   binary content.
+ *    PKCS7_TEXT   - Prepend MIME headers for text/plain to content.
+ *
+ * Returns 1 on success, 0 on error
+ */
+int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
+{
+    int ret = 1;
+    int memSz = 0;
+    unsigned char* mem = NULL;
+    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
+    WOLFSSL_BIO* data = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_PKCS7_final");
+
+    if (p7 == NULL || in == NULL) {
+        WOLFSSL_MSG("Bad input args to PKCS7_final");
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        if ((data = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())) == NULL) {
+            WOLFSSL_MSG("Error in wolfSSL_BIO_new");
+            ret = 0;
+        }
+    }
+
+    /* prepend Content-Type header if PKCS7_TEXT */
+    if ((ret == 1) && (flags & PKCS7_TEXT)) {
+        if (wolfSSL_BIO_write(data, contTypeText,
+                              (int)XSTR_SIZEOF(contTypeText)) < 0) {
+            WOLFSSL_MSG("Error prepending Content-Type header");
+            ret = 0;
+        }
+    }
+
+    /* convert line endings to CRLF if !PKCS7_BINARY */
+    if (ret == 1) {
+        if (flags & PKCS7_BINARY) {
+
+            /* no CRLF conversion, direct copy content */
+            if ((memSz = wolfSSL_BIO_get_len(in)) <= 0) {
+                ret = 0;
+            }
+            if (ret == 1) {
+                mem = (unsigned char*)XMALLOC(memSz, in->heap,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                if (mem == NULL) {
+                    WOLFSSL_MSG("Failed to allocate memory for input data");
+                    ret = 0;
+                }
+            }
+
+            if (ret == 1) {
+                if (wolfSSL_BIO_read(in, mem, memSz) != memSz) {
+                    WOLFSSL_MSG("Error reading from input BIO");
+                    ret = 0;
+                }
+                else if (wolfSSL_BIO_write(data, mem, memSz) < 0) {
+                    ret = 0;
+                }
+            }
+
+            XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+        else {
+    #ifdef HAVE_SMIME
+            /* convert content line endings to CRLF */
+            if (wolfSSL_BIO_to_MIME_crlf(in, data) != 0) {
+                WOLFSSL_MSG("Error converting line endings to CRLF");
+                ret = 0;
+            }
+            else {
+                p7->pkcs7.contentCRLF = 1;
+            }
+    #else
+            WOLFSSL_MSG("Without PKCS7_BINARY requires wolfSSL to be built "
+                        "with HAVE_SMIME");
+            ret = 0;
+    #endif
+        }
+    }
+
+    if ((ret == 1) && ((memSz = wolfSSL_BIO_get_mem_data(data, &mem)) < 0)) {
+        WOLFSSL_MSG("Error in wolfSSL_BIO_get_mem_data");
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
+        p7->data = (byte*)XMALLOC(memSz, NULL, DYNAMIC_TYPE_PKCS7);
+        if (p7->data == NULL) {
+            ret = 0;
+        }
+        else {
+            XMEMCPY(p7->data, mem, memSz);
+            p7->len = memSz;
+        }
+    }
+
+    if (ret == 1) {
+        p7->pkcs7.content = p7->data;
+        p7->pkcs7.contentSz = (word32)p7->len;
+    }
+
+    if (data != NULL) {
+        wolfSSL_BIO_free(data);
+    }
+
+    return ret;
+}
+
+int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
+        WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags)
+{
+    int i, ret = 0;
+    unsigned char* mem = NULL;
+    int memSz = 0;
+    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
+    int contTypeLen;
+    WOLFSSL_X509* signer = NULL;
+    WOLFSSL_STACK* signers = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_PKCS7_verify");
+
+    if (pkcs7 == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (in != NULL) {
+        if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0)
+            return WOLFSSL_FAILURE;
+
+        p7->pkcs7.content = mem;
+        p7->pkcs7.contentSz = (word32)memSz;
+    }
+
+    /* certs is the list of certificates to find the cert with issuer/serial. */
+    (void)certs;
+    /* store is the certificate store to use to verify signer certificate
+     * associated with the signers.
+     */
+    (void)store;
+
+    ret = wc_PKCS7_VerifySignedData(&p7->pkcs7, p7->data, p7->len);
+    if (ret != 0)
+        return WOLFSSL_FAILURE;
+
+    if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) {
+        /* Verify signer certificates */
+        if (store == NULL || store->cm == NULL) {
+            WOLFSSL_MSG("No store or store certs, but PKCS7_NOVERIFY not set");
+            return WOLFSSL_FAILURE;
+        }
+
+        signers = wolfSSL_PKCS7_get0_signers(pkcs7, certs, flags);
+        if (signers == NULL) {
+            WOLFSSL_MSG("No signers found to verify");
+            return WOLFSSL_FAILURE;
+        }
+        for (i = 0; i < wolfSSL_sk_X509_num(signers); i++) {
+            signer = wolfSSL_sk_X509_value(signers, i);
+
+            if (wolfSSL_CertManagerVerifyBuffer(store->cm,
+                        signer->derCert->buffer,
+                        signer->derCert->length,
+                        WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Failed to verify signer certificate");
+                wolfSSL_sk_X509_pop_free(signers, NULL);
+                return WOLFSSL_FAILURE;
+            }
+        }
+        wolfSSL_sk_X509_pop_free(signers, NULL);
+    }
+
+    if (flags & PKCS7_TEXT) {
+        /* strip MIME header for text/plain, otherwise error */
+        contTypeLen = XSTR_SIZEOF(contTypeText);
+        if ((p7->pkcs7.contentSz < (word32)contTypeLen) ||
+            (XMEMCMP(p7->pkcs7.content, contTypeText, contTypeLen) != 0)) {
+            WOLFSSL_MSG("Error PKCS7 Content-Type not found with PKCS7_TEXT");
+            return WOLFSSL_FAILURE;
+        }
+        p7->pkcs7.content += contTypeLen;
+        p7->pkcs7.contentSz -= contTypeLen;
+    }
+
+    if (out != NULL) {
+        wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_PKCS7_verify", WOLFSSL_SUCCESS);
+
+    return WOLFSSL_SUCCESS;
+}
+
+/**
+ * This API was added as a helper function for libest. It
+ * encodes a stack of certificates to pkcs7 format.
+ * @param pkcs7 PKCS7 parameter object
+ * @param certs WOLFSSL_STACK_OF(WOLFSSL_X509)*
+ * @param out   Output bio
+ * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
+ */
+int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
+        WOLFSSL_BIO* out)
+{
+    int ret;
+    WOLFSSL_PKCS7* p7;
+    WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs");
+
+    if (!pkcs7 || !certs || !out) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+
+    p7 = (WOLFSSL_PKCS7*)pkcs7;
+
+    /* take ownership of certs */
+    p7->certs = certs;
+    /* TODO: takes ownership even on failure below but not on above failure. */
+
+    if (pkcs7->certList) {
+        WOLFSSL_MSG("wolfSSL_PKCS7_encode_certs called multiple times on same "
+                    "struct");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (certs) {
+        /* Save some of the values */
+        int hashOID = pkcs7->hashOID;
+        byte version = pkcs7->version;
+
+        if (!certs->data.x509 || !certs->data.x509->derCert) {
+            WOLFSSL_MSG("Missing cert");
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wc_PKCS7_InitWithCert(pkcs7, certs->data.x509->derCert->buffer,
+                                      certs->data.x509->derCert->length) != 0) {
+            WOLFSSL_MSG("wc_PKCS7_InitWithCert error");
+            return WOLFSSL_FAILURE;
+        }
+        certs = certs->next;
+
+        pkcs7->hashOID = hashOID;
+        pkcs7->version = version;
+    }
+
+    /* Add the certs to the PKCS7 struct */
+    while (certs) {
+        if (!certs->data.x509 || !certs->data.x509->derCert) {
+            WOLFSSL_MSG("Missing cert");
+            return WOLFSSL_FAILURE;
+        }
+        if (wc_PKCS7_AddCertificate(pkcs7, certs->data.x509->derCert->buffer,
+                                      certs->data.x509->derCert->length) != 0) {
+            WOLFSSL_MSG("wc_PKCS7_AddCertificate error");
+            return WOLFSSL_FAILURE;
+        }
+        certs = certs->next;
+    }
+
+    if (wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID) != 0) {
+        WOLFSSL_MSG("wc_PKCS7_SetSignerIdentifierType error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ret = wolfSSL_i2d_PKCS7_bio(out, pkcs7);
+
+    return ret;
+}
+
+/******************************************************************************
+* wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO
+*
+* RETURNS:
+* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
+*/
+int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    byte* outputHead;
+    byte* outputFoot;
+#else
+    byte outputHead[2048];
+    byte outputFoot[2048];
+#endif
+    word32 outputHeadSz = 2048;
+    word32 outputFootSz = 2048;
+    word32 outputSz = 0;
+    byte*  output = NULL;
+    byte*  pem = NULL;
+    int    pemSz = -1;
+    enum wc_HashType hashType;
+    byte hashBuf[WC_MAX_DIGEST_SIZE];
+    word32 hashSz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7");
+
+    if (bio == NULL || p7 == NULL)
+        return WOLFSSL_FAILURE;
+
+#ifdef WOLFSSL_SMALL_STACK
+    outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (outputHead == NULL)
+        return MEMORY_E;
+
+    outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (outputFoot == NULL)
+        goto error;
+
+#endif
+
+    XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE);
+    XMEMSET(outputHead, 0, outputHeadSz);
+    XMEMSET(outputFoot, 0, outputFootSz);
+
+    hashType = wc_OidGetHash(p7->hashOID);
+    hashSz = (word32)wc_HashGetDigestSize(hashType);
+    if (hashSz > WC_MAX_DIGEST_SIZE)
+        goto error;
+
+    /* only SIGNED_DATA is supported */
+    switch (p7->contentOID) {
+        case SIGNED_DATA:
+            break;
+        default:
+            WOLFSSL_MSG("Unknown PKCS#7 Type");
+            goto error;
+    };
+
+    if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz,
+        outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0)
+        goto error;
+
+    outputSz = outputHeadSz + p7->contentSz + outputFootSz;
+    output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (!output)
+        goto error;
+
+    XMEMSET(output, 0, outputSz);
+    outputSz = 0;
+    XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
+    outputSz += outputHeadSz;
+    XMEMCPY(&output[outputSz], p7->content, p7->contentSz);
+    outputSz += p7->contentSz;
+    XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
+    outputSz += outputFootSz;
+
+    /* get PEM size */
+    pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE);
+    if (pemSz < 0)
+        goto error;
+
+    pemSz++; /* for '\0'*/
+
+    /* create PEM buffer and convert from DER to PEM*/
+    if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER))
+                                                                        == NULL)
+        goto error;
+
+    XMEMSET(pem, 0, pemSz);
+
+    if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL, CERT_TYPE) < 0) {
+        goto error;
+    }
+    if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
+        XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return WOLFSSL_SUCCESS;
+    }
+
+error:
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    return WOLFSSL_FAILURE;
+}
+
+#ifdef HAVE_SMIME
+/*****************************************************************************
+* wolfSSL_SMIME_read_PKCS7 - Reads the given S/MIME message and parses it into
+* a PKCS7 object. In case of a multipart message, stores the signed data in
+* bcont.
+*
+* RETURNS:
+* returns pointer to a PKCS7 structure on success, otherwise returns NULL
+*/
+PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
+        WOLFSSL_BIO** bcont)
+{
+    MimeHdr* allHdrs = NULL;
+    MimeHdr* curHdr = NULL;
+    MimeParam* curParam = NULL;
+    int inLen = 0;
+    byte* bcontMem = NULL;
+    int bcontMemSz = 0;
+    int sectionLen = 0;
+    int ret = -1;
+    char* section = NULL;
+    char* canonLine = NULL;
+    char* canonSection = NULL;
+    PKCS7* pkcs7 = NULL;
+    word32 outLen = 0;
+    word32 canonLineLen = 0;
+    byte* out = NULL;
+    byte* outHead = NULL;
+
+    int canonPos = 0;
+    int lineLen = 0;
+    int remainLen = 0;
+    byte isEnd = 0;
+    size_t canonSize = 0;
+    size_t boundLen = 0;
+    char* boundary = NULL;
+
+    static const char kContType[] = "Content-Type";
+    static const char kCTE[] = "Content-Transfer-Encoding";
+    static const char kMultSigned[] = "multipart/signed";
+    static const char kAppPkcsSign[] = "application/pkcs7-signature";
+    static const char kAppXPkcsSign[] = "application/x-pkcs7-signature";
+    static const char kAppPkcs7Mime[] = "application/pkcs7-mime";
+    static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime";
+
+    WOLFSSL_ENTER("wolfSSL_SMIME_read_PKCS7");
+
+    if (in == NULL || bcont == NULL) {
+        goto error;
+    }
+    inLen = wolfSSL_BIO_get_len(in);
+    if (inLen <= 0) {
+        goto error;
+    }
+    remainLen = wolfSSL_BIO_get_len(in);
+    if (remainLen <= 0) {
+        goto error;
+    }
+
+    section = (char*)XMALLOC(remainLen+1, NULL, DYNAMIC_TYPE_PKCS7);
+    if (section == NULL) {
+        goto error;
+    }
+    lineLen = wolfSSL_BIO_gets(in, section, remainLen);
+    if (lineLen <= 0) {
+        goto error;
+    }
+    while (isEnd == 0 && remainLen > 0) {
+        sectionLen += lineLen;
+        remainLen -= lineLen;
+        lineLen = wolfSSL_BIO_gets(in, &section[sectionLen], remainLen);
+        if (lineLen <= 0) {
+            goto error;
+        }
+        /* Line with just newline signals end of headers. */
+        if ((lineLen==2 && !XSTRNCMP(&section[sectionLen],
+                                     "\r\n", 2)) ||
+            (lineLen==1 && (section[sectionLen] == '\r' ||
+                            section[sectionLen] == '\n'))) {
+            isEnd = 1;
+        }
+    }
+    section[sectionLen] = '\0';
+    ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs);
+    if (ret < 0) {
+        WOLFSSL_MSG("Parsing MIME headers failed.");
+        goto error;
+    }
+    isEnd = 0;
+    section[0] = '\0';
+    sectionLen = 0;
+
+    curHdr = wc_MIME_find_header_name(kContType, allHdrs);
+    if (curHdr && !XSTRNCMP(curHdr->body, kMultSigned,
+                            XSTR_SIZEOF(kMultSigned))) {
+        curParam = wc_MIME_find_param_attr("protocol", curHdr->params);
+        if (curParam && (!XSTRNCMP(curParam->value, kAppPkcsSign,
+                                   XSTR_SIZEOF(kAppPkcsSign)) ||
+                         !XSTRNCMP(curParam->value, kAppXPkcsSign,
+                                   XSTR_SIZEOF(kAppXPkcsSign)))) {
+            curParam = wc_MIME_find_param_attr("boundary", curHdr->params);
+            if (curParam == NULL) {
+                goto error;
+            }
+
+            boundLen = XSTRLEN(curParam->value) + 2;
+            boundary = (char*)XMALLOC(boundLen+1, NULL, DYNAMIC_TYPE_PKCS7);
+            if (boundary == NULL) {
+                goto error;
+            }
+            XMEMSET(boundary, 0, (word32)(boundLen+1));
+            boundary[0] = boundary[1] = '-';
+            /* analyzers have issues with using strncpy and strcpy here */
+            XMEMCPY(&boundary[2], curParam->value, boundLen - 2);
+
+            /* Parse up to first boundary, ignore everything here. */
+            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
+            if (lineLen <= 0) {
+                goto error;
+            }
+            while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
+                   remainLen > 0) {
+                sectionLen += lineLen;
+                remainLen -= lineLen;
+                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
+                                           remainLen);
+                if (lineLen <= 0) {
+                    goto error;
+                }
+            }
+
+            section[0] = '\0';
+            sectionLen = 0;
+            canonSize = (size_t)remainLen + 1;
+            canonSection = (char*)XMALLOC(canonSize, NULL,
+                                          DYNAMIC_TYPE_PKCS7);
+            if (canonSection == NULL) {
+                goto error;
+            }
+
+            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
+            if (lineLen < 0) {
+                goto error;
+            }
+            while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
+                            remainLen > 0) {
+                canonLineLen = (word32)lineLen;
+                canonLine = wc_MIME_single_canonicalize(&section[sectionLen],
+                                                        &canonLineLen);
+                if (canonLine == NULL) {
+                    goto error;
+                }
+                /* If line endings were added, the initial length may be
+                 * exceeded. */
+                if ((canonPos + canonLineLen) >= canonSize) {
+                    canonSize = canonPos + canonLineLen;
+                    canonSection = (char*)XREALLOC(canonSection, canonSize,
+                                                   NULL, DYNAMIC_TYPE_PKCS7);
+                    if (canonSection == NULL) {
+                        goto error;
+                    }
+                }
+                XMEMCPY(&canonSection[canonPos], canonLine,
+                        (int)canonLineLen - 1);
+                canonPos += canonLineLen - 1;
+                XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
+                canonLine = NULL;
+
+                sectionLen += lineLen;
+                remainLen -= lineLen;
+
+                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
+                                           remainLen);
+                if (lineLen <= 0) {
+                    goto error;
+                }
+            }
+
+            if (canonPos > 0) {
+                canonPos--;
+            }
+
+            /* Strip the final trailing newline.  Support \r, \n or \r\n. */
+            if (canonSection[canonPos] == '\n') {
+                if (canonPos > 0) {
+                    canonPos--;
+                }
+            }
+
+            if (canonSection[canonPos] == '\r') {
+                if (canonPos > 0) {
+                    canonPos--;
+                }
+            }
+
+            canonSection[canonPos+1] = '\0';
+
+            *bcont = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
+            ret = wolfSSL_BIO_write(*bcont, canonSection,
+                                    canonPos + 1);
+            if (ret != (canonPos+1)) {
+                goto error;
+            }
+            if ((bcontMemSz = wolfSSL_BIO_get_mem_data(*bcont, &bcontMem))
+                                                                          < 0) {
+                goto error;
+            }
+            XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
+            canonSection = NULL;
+
+            wc_MIME_free_hdrs(allHdrs);
+            allHdrs = NULL;
+            section[0] = '\0';
+            sectionLen = 0;
+            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
+            if (lineLen <= 0) {
+                goto error;
+            }
+            while (isEnd == 0 && remainLen > 0) {
+                sectionLen += lineLen;
+                remainLen -= lineLen;
+                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
+                                           remainLen);
+                if (lineLen <= 0) {
+                    goto error;
+                }
+                /* Line with just newline signals end of headers. */
+                if ((lineLen==2 && !XSTRNCMP(&section[sectionLen],
+                                             "\r\n", 2)) ||
+                    (lineLen==1 && (section[sectionLen] == '\r' ||
+                                    section[sectionLen] == '\n'))) {
+                    isEnd = 1;
+                }
+            }
+            section[sectionLen] = '\0';
+            ret = wc_MIME_parse_headers(section, sectionLen, &allHdrs);
+            if (ret < 0) {
+                WOLFSSL_MSG("Parsing MIME headers failed.");
+                goto error;
+            }
+            curHdr = wc_MIME_find_header_name(kContType, allHdrs);
+            if (curHdr == NULL || (XSTRNCMP(curHdr->body, kAppPkcsSign,
+                                   XSTR_SIZEOF(kAppPkcsSign)) &&
+                                   XSTRNCMP(curHdr->body, kAppXPkcsSign,
+                                   XSTR_SIZEOF(kAppXPkcsSign)))) {
+                WOLFSSL_MSG("S/MIME headers not found inside "
+                            "multipart message.\n");
+                goto error;
+            }
+
+            section[0] = '\0';
+            sectionLen = 0;
+            lineLen = wolfSSL_BIO_gets(in, section, remainLen);
+            while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
+                   remainLen > 0) {
+                sectionLen += lineLen;
+                remainLen -= lineLen;
+                lineLen = wolfSSL_BIO_gets(in, &section[sectionLen],
+                                           remainLen);
+                if (lineLen <= 0) {
+                    goto error;
+                }
+            }
+
+            XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7);
+            boundary = NULL;
+        }
+    }
+    else if (curHdr && (!XSTRNCMP(curHdr->body, kAppPkcs7Mime,
+                                  XSTR_SIZEOF(kAppPkcs7Mime)) ||
+                        !XSTRNCMP(curHdr->body, kAppXPkcs7Mime,
+                                  XSTR_SIZEOF(kAppXPkcs7Mime)))) {
+        sectionLen = wolfSSL_BIO_get_len(in);
+        if (sectionLen <= 0) {
+            goto error;
+        }
+        ret = wolfSSL_BIO_read(in, section, sectionLen);
+        if (ret < 0 || ret != sectionLen) {
+            WOLFSSL_MSG("Error reading input BIO.");
+            goto error;
+        }
+    }
+    else {
+        WOLFSSL_MSG("S/MIME headers not found.");
+        goto error;
+    }
+
+    curHdr = wc_MIME_find_header_name(kCTE, allHdrs);
+    if (curHdr == NULL) {
+        WOLFSSL_MSG("Content-Transfer-Encoding header not found, "
+                    "assuming base64 encoding.");
+    }
+    else if (XSTRNCMP(curHdr->body, "base64", XSTRLEN("base64"))) {
+        WOLFSSL_MSG("S/MIME encodings other than base64 are not "
+                    "currently supported.\n");
+        goto error;
+    }
+
+    if (section == NULL || sectionLen <= 0) {
+        goto error;
+    }
+    outLen = (word32)((sectionLen*3+3)/4)+1;
+    out = (byte*)XMALLOC(outLen*sizeof(byte), NULL, DYNAMIC_TYPE_PKCS7);
+    outHead = out;
+    if (outHead == NULL) {
+        goto error;
+    }
+    /* Strip trailing newlines. */
+    while ((sectionLen > 0) &&
+           (section[sectionLen-1] == '\r' || section[sectionLen-1] == '\n')) {
+        sectionLen--;
+    }
+    section[sectionLen] = '\0';
+    ret = Base64_Decode((const byte*)section, (word32)sectionLen, out, &outLen);
+    if (ret < 0) {
+        WOLFSSL_MSG("Error base64 decoding S/MIME message.");
+        goto error;
+    }
+    pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, (int)outLen,
+        bcontMem, (word32)bcontMemSz);
+
+    wc_MIME_free_hdrs(allHdrs);
+    XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(section, NULL, DYNAMIC_TYPE_PKCS7);
+
+    return pkcs7;
+
+error:
+    wc_MIME_free_hdrs(allHdrs);
+    XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(section, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
+    if (bcont) {
+        wolfSSL_BIO_free(*bcont);
+        *bcont = NULL; /* reset 'bcount' pointer to NULL on failure */
+    }
+
+    return NULL;
+}
+
+/* Convert hash algo OID (from Hash_Sum in asn.h) to SMIME string equivalent.
+ * Returns hash algorithm string or "unknown" if not found */
+static const char* wolfSSL_SMIME_HashOIDToString(int hashOID)
+{
+    switch (hashOID) {
+        case MD5h:
+            return "md5";
+        case SHAh:
+            return "sha1";
+        case SHA224h:
+            return "sha-224";
+        case SHA256h:
+            return "sha-256";
+        case SHA384h:
+            return "sha-384";
+        case SHA512h:
+            return "sha-512";
+        case SHA3_224h:
+            return "sha3-224";
+        case SHA3_384h:
+            return "sha3-384";
+        case SHA3_512h:
+            return "sha3-512";
+        default:
+            break;
+    }
+
+    return "unknown";
+}
+
+/* Convert PKCS#7 type (from PKCS7_TYPES in pkcs7.h) to SMIME string.
+ * RFC2633 only defines signed-data, enveloped-data, certs-only.
+ * Returns string on success, NULL on unknown type. */
+static const char* wolfSSL_SMIME_PKCS7TypeToString(int type)
+{
+    switch (type) {
+        case SIGNED_DATA:
+            return "signed-data";
+        case ENVELOPED_DATA:
+            return "enveloped-data";
+        default:
+            break;
+    }
+
+    return NULL;
+}
+
+/**
+ * Convert PKCS7 structure to SMIME format, adding necessary headers.
+ *
+ * Handles generation of PKCS7 bundle (ie: signedData). PKCS7 structure
+ * should be set up beforehand with PKCS7_sign/final/etc. Output is always
+ * Base64 encoded.
+ *
+ * out   - output BIO for SMIME formatted data to be placed
+ * pkcs7 - input PKCS7 structure, initialized and set up
+ * in    - input content to be encoded into PKCS7
+ * flags - flags to control behavior of PKCS7 generation
+ *
+ * Returns 1 on success, 0 or negative on failure
+ */
+int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
+                              int flags)
+{
+    int i;
+    int ret = 1;
+    WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
+    byte* p7out = NULL;
+    int len = 0;
+
+    char boundary[33]; /* 32 chars + \0 */
+    byte* sigBase64 = NULL;
+    word32 sigBase64Len = 0;
+    const char* p7TypeString = NULL;
+
+    static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+    if (out == NULL || p7 == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return 0;
+    }
+
+    if (in != NULL && (p7->pkcs7.content == NULL || p7->pkcs7.contentSz == 0 ||
+                       p7->pkcs7.contentCRLF == 0)) {
+        /* store and adjust content line endings for CRLF if needed */
+        if (wolfSSL_PKCS7_final((PKCS7*)p7, in, flags) != 1) {
+            ret = 0;
+        }
+    }
+
+    if (ret > 0) {
+        /* Generate signedData bundle, DER in output (dynamic) */
+        if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) ==
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7");
+            ret = 0;
+        }
+    }
+
+    /* Base64 encode signedData bundle */
+    if (ret > 0) {
+        if (Base64_Encode(p7out, (word32)len, NULL, &sigBase64Len) !=
+            WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+            ret = 0;
+        }
+        else {
+            sigBase64 = (byte*)XMALLOC(sigBase64Len, NULL,
+                                       DYNAMIC_TYPE_TMP_BUFFER);
+            if (sigBase64 == NULL) {
+                ret = 0;
+            }
+        }
+    }
+
+    if (ret > 0) {
+        XMEMSET(sigBase64, 0, sigBase64Len);
+        if (Base64_Encode(p7out, (word32)len, sigBase64, &sigBase64Len) < 0) {
+            WOLFSSL_MSG("Error in Base64_Encode of signature");
+            ret = 0;
+        }
+    }
+
+    /* build up SMIME message */
+    if (ret > 0) {
+        if (flags & PKCS7_DETACHED) {
+
+            /* generate random boundary */
+            if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("No RNG to use");
+                ret = 0;
+            }
+
+            /* no need to generate random byte for null terminator (size-1) */
+            if ((ret > 0) && (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary,
+                                  sizeof(boundary) - 1 ) != 0)) {
+                    WOLFSSL_MSG("Error in wc_RNG_GenerateBlock");
+                    ret = 0;
+            }
+
+            if (ret > 0) {
+                for (i = 0; i < (int)sizeof(boundary) - 1; i++) {
+                    boundary[i] =
+                        alphanum[boundary[i] % XSTR_SIZEOF(alphanum)];
+                }
+                boundary[sizeof(boundary)-1] = 0;
+            }
+
+            if (ret > 0) {
+                /* S/MIME header beginning */
+                ret = wolfSSL_BIO_printf(out,
+                        "MIME-Version: 1.0\n"
+                        "Content-Type: multipart/signed; "
+                        "protocol=\"application/x-pkcs7-signature\"; "
+                        "micalg=\"%s\"; "
+                        "boundary=\"----%s\"\n\n"
+                        "This is an S/MIME signed message\n\n"
+                        "------%s\n",
+                        wolfSSL_SMIME_HashOIDToString(p7->pkcs7.hashOID),
+                        boundary, boundary);
+            }
+
+            if (ret > 0) {
+                /* S/MIME content */
+                ret = wolfSSL_BIO_write(out,
+                        p7->pkcs7.content, p7->pkcs7.contentSz);
+            }
+
+            if (ret > 0) {
+                /* S/SMIME header end boundary */
+                ret = wolfSSL_BIO_printf(out,
+                        "\n------%s\n", boundary);
+            }
+
+            if (ret > 0) {
+                /* Signature and header */
+                ret = wolfSSL_BIO_printf(out,
+                        "Content-Type: application/x-pkcs7-signature; "
+                        "name=\"smime.p7s\"\n"
+                        "Content-Transfer-Encoding: base64\n"
+                        "Content-Disposition: attachment; "
+                        "filename=\"smime.p7s\"\n\n"
+                        "%.*s\n" /* Base64 encoded signature */
+                        "------%s--\n\n",
+                        sigBase64Len, sigBase64,
+                        boundary);
+            }
+        }
+        else {
+            p7TypeString = wolfSSL_SMIME_PKCS7TypeToString(p7->type);
+            if (p7TypeString == NULL) {
+                WOLFSSL_MSG("Unsupported PKCS7 SMIME type");
+                ret = 0;
+            }
+
+            if (ret > 0) {
+                /* not detached */
+                ret = wolfSSL_BIO_printf(out,
+                        "MIME-Version: 1.0\n"
+                        "Content-Disposition: attachment; "
+                        "filename=\"smime.p7m\"\n"
+                        "Content-Type: application/x-pkcs7-mime; "
+                        "smime-type=%s; name=\"smime.p7m\"\n"
+                        "Content-Transfer-Encoding: base64\n\n"
+                        "%.*s\n" /* signature */,
+                        p7TypeString, sigBase64Len, sigBase64);
+            }
+        }
+    }
+
+    XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (ret > 0) {
+        return WOLFSSL_SUCCESS;
+    }
+
+    return WOLFSSL_FAILURE;
+}
+
+#endif /* HAVE_SMIME */
+#endif /* !NO_BIO */
+#endif /* OPENSSL_ALL */
+
+#endif /* HAVE_PKCS7 */
+/*******************************************************************************
+ * END OF PKCS7 APIs
+ ******************************************************************************/
+
+/*******************************************************************************
+ * START OF PKCS12 APIs
+ ******************************************************************************/
+#ifdef OPENSSL_EXTRA
+
+/* no-op function. Was initially used for adding encryption algorithms available
+ * for PKCS12 */
+void wolfSSL_PKCS12_PBE_add(void)
+{
+    WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
+}
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp,
+        WOLFSSL_X509_PKCS12 **pkcs12)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp");
+    return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12,
+        PKCS12_TYPE);
+}
+#endif /* !NO_FILESYSTEM */
+
+#endif /* OPENSSL_EXTRA */
+
+#if defined(HAVE_PKCS12)
+
+#ifdef OPENSSL_EXTRA
+
+#if !defined(NO_ASN) && !defined(NO_PWDBASED)
+
+#ifndef NO_BIO
+WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
+{
+    WC_PKCS12* localPkcs12 = NULL;
+    unsigned char* mem = NULL;
+    long memSz;
+    int ret = -1;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio");
+
+    if (bio == NULL) {
+        WOLFSSL_MSG("Bad Function Argument bio is NULL");
+        return NULL;
+    }
+
+    memSz = wolfSSL_BIO_get_len(bio);
+    if (memSz <= 0) {
+        return NULL;
+    }
+    mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (mem == NULL) {
+        return NULL;
+    }
+
+    if (mem != NULL) {
+        localPkcs12 = wc_PKCS12_new_ex(bio->heap);
+        if (localPkcs12 == NULL) {
+            WOLFSSL_MSG("Memory error");
+        }
+    }
+
+    if (mem != NULL && localPkcs12 != NULL) {
+        if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) {
+            ret = wc_d2i_PKCS12(mem, (word32)memSz, localPkcs12);
+            if (ret < 0) {
+                WOLFSSL_MSG("Failed to get PKCS12 sequence");
+            }
+        }
+        else {
+            WOLFSSL_MSG("Failed to get data from bio struct");
+        }
+    }
+
+    /* cleanup */
+    XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (ret < 0 && localPkcs12 != NULL) {
+        wc_PKCS12_free(localPkcs12);
+        localPkcs12 = NULL;
+    }
+    if (pkcs12 != NULL)
+        *pkcs12 = localPkcs12;
+
+    return localPkcs12;
+}
+
+/* Converts the PKCS12 to DER format and outputs it into bio.
+ *
+ * bio is the structure to hold output DER
+ * pkcs12 structure to create DER from
+ *
+ * return 1 for success or 0 if an error occurs
+ */
+int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+
+    WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio");
+
+    if ((bio != NULL) && (pkcs12 != NULL)) {
+        word32 certSz = 0;
+        byte *certDer = NULL;
+
+        certSz = (word32)wc_i2d_PKCS12(pkcs12, &certDer, NULL);
+        if ((certSz > 0) && (certDer != NULL)) {
+            if (wolfSSL_BIO_write(bio, certDer, (int)certSz) == (int)certSz) {
+                ret = WOLFSSL_SUCCESS;
+            }
+        }
+
+        XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS);
+    }
+
+    return ret;
+}
+#endif /* !NO_BIO */
+
+/* Creates a new WC_PKCS12 structure
+ *
+ * pass  password to use
+ * name  friendlyName to use
+ * pkey  private key to go into PKCS12 bundle
+ * cert  certificate to go into PKCS12 bundle
+ * ca    extra certificates that can be added to bundle. Can be NULL
+ * keyNID  type of encryption to use on the key (-1 means no encryption)
+ * certNID type of encryption to use on the certificate
+ * itt     number of iterations with encryption
+ * macItt  number of iterations with mac creation
+ * keyType flag for signature and/or encryption key
+ *
+ * returns a pointer to a new WC_PKCS12 structure on success and NULL on fail
+ */
+WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey,
+        WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, int keyNID,
+        int certNID, int itt, int macItt, int keyType)
+{
+    WC_PKCS12* pkcs12;
+    WC_DerCertList* list = NULL;
+    word32 passSz;
+    byte* keyDer = NULL;
+    word32 keyDerSz;
+    byte* certDer;
+    int certDerSz;
+
+    WOLFSSL_ENTER("wolfSSL_PKCS12_create");
+
+    if (pass == NULL || pkey == NULL || cert == NULL) {
+        WOLFSSL_LEAVE("wolfSSL_PKCS12_create", BAD_FUNC_ARG);
+        return NULL;
+    }
+    passSz = (word32)XSTRLEN(pass);
+
+    keyDer = (byte*)pkey->pkey.ptr;
+    keyDerSz = (word32)pkey->pkey_sz;
+
+    certDer = (byte*)wolfSSL_X509_get_der(cert, &certDerSz);
+    if (certDer == NULL) {
+        return NULL;
+    }
+
+    if (ca != NULL) {
+        unsigned long numCerts = ca->num;
+        WOLFSSL_STACK* sk = ca;
+
+        while (numCerts > 0 && sk != NULL) {
+            byte* curDer;
+            WC_DerCertList* cur;
+            int   curDerSz = 0;
+
+            cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL,
+                    DYNAMIC_TYPE_PKCS);
+            if (cur == NULL) {
+                wc_FreeCertList(list, NULL);
+                return NULL;
+            }
+
+            curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz);
+            if (curDer == NULL || curDerSz < 0) {
+                XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
+                wc_FreeCertList(list, NULL);
+                return NULL;
+            }
+
+            cur->buffer = (byte*)XMALLOC(curDerSz, NULL, DYNAMIC_TYPE_PKCS);
+            if (cur->buffer == NULL) {
+                XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
+                wc_FreeCertList(list, NULL);
+                return NULL;
+            }
+            XMEMCPY(cur->buffer, curDer, curDerSz);
+            cur->bufferSz = (word32)curDerSz;
+            cur->next = list;
+            list = cur;
+
+            sk = sk->next;
+            numCerts--;
+        }
+    }
+
+    pkcs12 = wc_PKCS12_create(pass, passSz, name, keyDer, keyDerSz,
+            certDer, (word32)certDerSz, list, keyNID, certNID, itt, macItt,
+            keyType, NULL);
+
+    if (ca != NULL) {
+        wc_FreeCertList(list, NULL);
+    }
+
+    return pkcs12;
+}
+
+
+/* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */
+int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
+          WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
+          WOLF_STACK_OF(WOLFSSL_X509)** ca)
+{
+    void* heap = NULL;
+    int ret;
+    byte* certData = NULL;
+    word32 certDataSz;
+    byte* pk = NULL;
+    word32 pkSz;
+    WC_DerCertList* certList = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert *DeCert;
+#else
+    DecodedCert DeCert[1];
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_PKCS12_parse");
+
+    /* make sure we init return args */
+    if (pkey) *pkey = NULL;
+    if (cert) *cert = NULL;
+    if (ca)   *ca = NULL;
+
+    if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) {
+        WOLFSSL_MSG("Bad argument value");
+        return WOLFSSL_FAILURE;
+    }
+
+    heap  = wc_PKCS12_GetHeap(pkcs12);
+
+    if (ca == NULL) {
+        ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
+            NULL);
+    }
+    else {
+        ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
+            &certList);
+    }
+    if (ret < 0) {
+        WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret);
+        return WOLFSSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    DeCert = (DecodedCert *)XMALLOC(sizeof(*DeCert), heap,
+                                    DYNAMIC_TYPE_DCERT);
+    if (DeCert == NULL) {
+        WOLFSSL_MSG("out of memory");
+        return WOLFSSL_FAILURE;
+    }
+#endif
+
+    /* Decode cert and place in X509 stack struct */
+    if (certList != NULL) {
+        WC_DerCertList* current = certList;
+
+        *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC(
+            sizeof(WOLF_STACK_OF(WOLFSSL_X509)), heap, DYNAMIC_TYPE_X509);
+        if (*ca == NULL) {
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
+            /* Free up WC_DerCertList and move on */
+            while (current != NULL) {
+                WC_DerCertList* next = current->next;
+
+                XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
+                XFREE(current, heap, DYNAMIC_TYPE_PKCS);
+                current = next;
+            }
+            ret = WOLFSSL_FAILURE;
+            goto out;
+        }
+        XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509)));
+
+        /* add list of DER certs as X509's to stack */
+        while (current != NULL) {
+            WC_DerCertList*  toFree = current;
+            WOLFSSL_X509* x509;
+
+            x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
+                DYNAMIC_TYPE_X509);
+            InitX509(x509, 1, heap);
+            InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
+            if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
+                WOLFSSL_MSG("Issue with parsing certificate");
+                FreeDecodedCert(DeCert);
+                wolfSSL_X509_free(x509);
+            }
+            else {
+                if (CopyDecodedToX509(x509, DeCert) != 0) {
+                    WOLFSSL_MSG("Failed to copy decoded cert");
+                    FreeDecodedCert(DeCert);
+                    wolfSSL_X509_free(x509);
+                    wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
+                    XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+                    XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
+                    /* Free up WC_DerCertList */
+                    while (current != NULL) {
+                        WC_DerCertList* next = current->next;
+
+                        XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
+                        XFREE(current, heap, DYNAMIC_TYPE_PKCS);
+                        current = next;
+                    }
+                    ret = WOLFSSL_FAILURE;
+                    goto out;
+                }
+                FreeDecodedCert(DeCert);
+
+                if (wolfSSL_sk_X509_push(*ca, x509) <= 0) {
+                    WOLFSSL_MSG("Failed to push x509 onto stack");
+                    wolfSSL_X509_free(x509);
+                    wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
+                    XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+                    XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
+
+                    /* Free up WC_DerCertList */
+                    while (current != NULL) {
+                        WC_DerCertList* next = current->next;
+
+                        XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
+                        XFREE(current, heap, DYNAMIC_TYPE_PKCS);
+                        current = next;
+                    }
+                    ret = WOLFSSL_FAILURE;
+                    goto out;
+                }
+            }
+            current = current->next;
+            XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS);
+            XFREE(toFree, heap, DYNAMIC_TYPE_PKCS);
+        }
+    }
+
+
+    /* Decode cert and place in X509 struct */
+    if (certData != NULL) {
+        *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
+            DYNAMIC_TYPE_X509);
+        if (*cert == NULL) {
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            if (ca != NULL) {
+                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
+            }
+            XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
+            ret = WOLFSSL_FAILURE;
+            goto out;
+        }
+        InitX509(*cert, 1, heap);
+        InitDecodedCert(DeCert, certData, certDataSz, heap);
+        if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
+            WOLFSSL_MSG("Issue with parsing certificate");
+        }
+        if (CopyDecodedToX509(*cert, DeCert) != 0) {
+            WOLFSSL_MSG("Failed to copy decoded cert");
+            FreeDecodedCert(DeCert);
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            if (ca != NULL) {
+                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
+            }
+            wolfSSL_X509_free(*cert); *cert = NULL;
+            XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
+            ret = WOLFSSL_FAILURE;
+            goto out;
+        }
+        FreeDecodedCert(DeCert);
+        XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
+    }
+
+
+    /* get key type */
+    ret = BAD_STATE_E;
+    if (pk != NULL) { /* decode key if present */
+        *pkey = wolfSSL_EVP_PKEY_new_ex(heap);
+        if (*pkey == NULL) {
+            wolfSSL_X509_free(*cert); *cert = NULL;
+            if (ca != NULL) {
+                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
+            }
+            XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+            ret = WOLFSSL_FAILURE;
+            goto out;
+        }
+
+    #ifndef NO_RSA
+        {
+            const unsigned char* pt = pk;
+            if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, pkey, &pt, pkSz) !=
+                    NULL) {
+                ret = 0;
+            }
+        }
+    #endif /* NO_RSA */
+
+    #ifdef HAVE_ECC
+        if (ret != 0) { /* if is in fail state check if ECC key */
+            const unsigned char* pt = pk;
+            if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_EC, pkey, &pt, pkSz) !=
+                    NULL) {
+                ret = 0;
+            }
+        }
+    #endif /* HAVE_ECC */
+        XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
+        if (ret != 0) { /* if is in fail state and no PKEY then fail */
+            wolfSSL_X509_free(*cert); *cert = NULL;
+            if (ca != NULL) {
+                wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
+            }
+            wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
+            WOLFSSL_MSG("Bad PKCS12 key format");
+            ret = WOLFSSL_FAILURE;
+            goto out;
+        }
+
+        if (pkey != NULL && *pkey != NULL) {
+            (*pkey)->save_type = 0;
+        }
+    }
+
+    (void)ret;
+    (void)ca;
+
+    ret = WOLFSSL_SUCCESS;
+
+out:
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(DeCert, heap, DYNAMIC_TYPE_DCERT);
+#endif
+
+    return ret;
+}
+
+int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
+        int pswLen)
+{
+    WOLFSSL_ENTER("wolfSSL_PKCS12_verify_mac");
+
+    if (!pkcs12) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, (word32)pswLen) == 0 ?
+            WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+#endif /* !NO_ASN && !NO_PWDBASED */
+
+#endif /* OPENSSL_EXTRA */
+
+#endif /* HAVE_PKCS12 */
+/*******************************************************************************
+ * END OF PKCS12 APIs
+ ******************************************************************************/
+
+#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+#endif /* !WOLFSSL_SSL_P7P12_INCLUDED */
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
new file mode 100644
index 000000000..6101df711
--- /dev/null
+++ b/src/ssl_sess.c
@@ -0,0 +1,4566 @@
+/* ssl_sess.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(WOLFSSL_SSL_SESS_INCLUDED)
+    #ifndef WOLFSSL_IGNORE_FILE_WARN
+        #warning ssl_sess.c does not need to be compiled separately from ssl.c
+    #endif
+#else
+
+#ifndef NO_SESSION_CACHE
+
+    /* basic config gives a cache with 33 sessions, adequate for clients and
+       embedded servers
+
+       TITAN_SESSION_CACHE allows just over 2 million sessions, for servers
+       with titanic amounts of memory with long session ID timeouts and high
+       levels of traffic.
+
+       ENABLE_SESSION_CACHE_ROW_LOCK: Allows row level locking for increased
+       performance with large session caches
+
+       HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
+       allows over 13,000 new sessions per minute or over 200 new sessions per
+       second
+
+       BIG_SESSION_CACHE yields 20,027 sessions
+
+       MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
+       aren't under heavy load, basically allows 200 new sessions per minute
+
+       SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
+       or systems where the default of is too much RAM.
+       SessionCache takes about 2K, ClientCache takes about 3Kbytes
+
+       MICRO_SESSION_CACHE only stores 1 session, good for embedded clients
+       or systems where memory is at a premium.
+       SessionCache takes about 400 bytes, ClientCache takes 576 bytes
+
+       default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
+       SessionCache takes about 13K bytes, ClientCache takes 17K bytes
+    */
+    #if defined(TITAN_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 31
+        #define SESSION_ROWS 64937
+        #ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+            #define ENABLE_SESSION_CACHE_ROW_LOCK
+        #endif
+    #elif defined(HUGE_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 11
+        #define SESSION_ROWS 5981
+    #elif defined(BIG_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 7
+        #define SESSION_ROWS 2861
+    #elif defined(MEDIUM_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 5
+        #define SESSION_ROWS 211
+    #elif defined(SMALL_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 2
+        #define SESSION_ROWS 3
+    #elif defined(MICRO_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 1
+        #define SESSION_ROWS 1
+    #else
+        #define SESSIONS_PER_ROW 3
+        #define SESSION_ROWS 11
+    #endif
+    #define INVALID_SESSION_ROW (-1)
+
+    #ifdef NO_SESSION_CACHE_ROW_LOCK
+        #undef ENABLE_SESSION_CACHE_ROW_LOCK
+    #endif
+
+    typedef struct SessionRow {
+        int nextIdx;                           /* where to place next one   */
+        int totalCount;                        /* sessions ever on this row */
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+        WOLFSSL_SESSION* Sessions[SESSIONS_PER_ROW];
+        void* heap;
+#else
+        WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
+#endif
+
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        /* not included in import/export */
+        wolfSSL_RwLock row_lock;
+        int lock_valid;
+    #endif
+    } SessionRow;
+    #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2))
+
+    static WC_THREADSHARED SessionRow SessionCache[SESSION_ROWS];
+
+    #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
+        static WC_THREADSHARED word32 PeakSessions;
+    #endif
+
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+    #define SESSION_ROW_RD_LOCK(row)   wc_LockRwLock_Rd(&(row)->row_lock)
+    #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&(row)->row_lock)
+    #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&(row)->row_lock);
+    #else
+    static WC_THREADSHARED wolfSSL_RwLock session_lock; /* SessionCache lock */
+    static WC_THREADSHARED int session_lock_valid = 0;
+    #define SESSION_ROW_RD_LOCK(row)   wc_LockRwLock_Rd(&session_lock)
+    #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&session_lock)
+    #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&session_lock);
+    #endif
+
+    #if !defined(NO_SESSION_CACHE_REF) && defined(NO_CLIENT_CACHE)
+    #error ClientCache is required when not using NO_SESSION_CACHE_REF
+    #endif
+
+    #ifndef NO_CLIENT_CACHE
+
+        #ifndef CLIENT_SESSIONS_MULTIPLIER
+            #ifdef NO_SESSION_CACHE_REF
+                #define CLIENT_SESSIONS_MULTIPLIER 1
+            #else
+                /* ClientSession objects are lightweight (compared to
+                 * WOLFSSL_SESSION) so to decrease chance that user will reuse
+                 * the wrong session, increase the ClientCache size. This will
+                 * make the entire ClientCache about the size of one
+                 * WOLFSSL_SESSION object. */
+                #define CLIENT_SESSIONS_MULTIPLIER 8
+            #endif
+        #endif
+        #define CLIENT_SESSIONS_PER_ROW \
+                                (SESSIONS_PER_ROW * CLIENT_SESSIONS_MULTIPLIER)
+        #define CLIENT_SESSION_ROWS (SESSION_ROWS * CLIENT_SESSIONS_MULTIPLIER)
+
+        #if CLIENT_SESSIONS_PER_ROW > 65535
+        #error CLIENT_SESSIONS_PER_ROW too big
+        #endif
+        #if CLIENT_SESSION_ROWS > 65535
+        #error CLIENT_SESSION_ROWS too big
+        #endif
+
+        struct ClientSession {
+            word16 serverRow;            /* SessionCache Row id */
+            word16 serverIdx;            /* SessionCache Idx (column) */
+            word32 sessionIDHash;
+        };
+    #ifndef WOLFSSL_CLIENT_SESSION_DEFINED
+        typedef struct ClientSession ClientSession;
+        #define WOLFSSL_CLIENT_SESSION_DEFINED
+    #endif
+
+        typedef struct ClientRow {
+            int nextIdx;                /* where to place next one   */
+            int totalCount;             /* sessions ever on this row */
+            ClientSession Clients[CLIENT_SESSIONS_PER_ROW];
+        } ClientRow;
+
+        static WC_THREADSHARED ClientRow ClientCache[CLIENT_SESSION_ROWS];
+                                                     /* Client Cache */
+                                                     /* uses session mutex */
+
+        /* ClientCache mutex */
+        static WC_THREADSHARED wolfSSL_Mutex clisession_mutex
+            WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex);
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
+        static WC_THREADSHARED int clisession_mutex_valid = 0;
+        #endif
+    #endif /* !NO_CLIENT_CACHE */
+
+    void EvictSessionFromCache(WOLFSSL_SESSION* session)
+    {
+#ifdef HAVE_EX_DATA
+        byte save_ownExData = session->ownExData;
+        session->ownExData = 1; /* Make sure ex_data access doesn't lead back
+                                 * into the cache. */
+#endif
+#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
+        if (session->rem_sess_cb != NULL) {
+            session->rem_sess_cb(NULL, session);
+            session->rem_sess_cb = NULL;
+        }
+#endif
+        ForceZero(session->masterSecret, SECRET_LEN);
+        XMEMSET(session->sessionID, 0, ID_LEN);
+        session->sessionIDSz = 0;
+#ifdef HAVE_SESSION_TICKET
+        if (session->ticketLenAlloc > 0) {
+            XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
+            session->ticket = session->staticTicket;
+            session->ticketLen = 0;
+            session->ticketLenAlloc = 0;
+        }
+#endif
+#ifdef HAVE_EX_DATA
+        session->ownExData = save_ownExData;
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        if ((session->ticketNonce.data != NULL) &&
+            (session->ticketNonce.data != session->ticketNonce.dataStatic))
+        {
+            XFREE(session->ticketNonce.data, NULL, DYNAMIC_TYPE_SESSION_TICK);
+            session->ticketNonce.data = NULL;
+        }
+#endif
+    }
+
+WOLFSSL_ABI
+WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
+{
+    WOLFSSL_ENTER("wolfSSL_get_session");
+    if (ssl) {
+#ifdef NO_SESSION_CACHE_REF
+        return ssl->session;
+#else
+        if (ssl->options.side == WOLFSSL_CLIENT_END) {
+            /* On the client side we want to return a persistent reference for
+             * backwards compatibility. */
+#ifndef NO_CLIENT_CACHE
+            if (ssl->clientSession) {
+                return (WOLFSSL_SESSION*)ssl->clientSession;
+            }
+            else {
+                /* Try to add a ClientCache entry to associate with the current
+                 * session. Ignore any session cache options. */
+                int err;
+                const byte* id = ssl->session->sessionID;
+                byte idSz = ssl->session->sessionIDSz;
+                if (ssl->session->haveAltSessionID) {
+                    id = ssl->session->altSessionID;
+                    idSz = ID_LEN;
+                }
+                err = AddSessionToCache(ssl->ctx, ssl->session, id, idSz,
+                        NULL, ssl->session->side,
+                #ifdef HAVE_SESSION_TICKET
+                        ssl->session->ticketLen > 0,
+                #else
+                        0,
+                #endif
+                        &ssl->clientSession);
+                if (err == 0) {
+                    return (WOLFSSL_SESSION*)ssl->clientSession;
+                }
+            }
+#endif
+        }
+        else {
+            return ssl->session;
+        }
+#endif
+    }
+
+    return NULL;
+}
+
+/* The get1 version requires caller to call SSL_SESSION_free */
+WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
+{
+    WOLFSSL_SESSION* sess = NULL;
+    WOLFSSL_ENTER("wolfSSL_get1_session");
+    if (ssl != NULL) {
+        sess = ssl->session;
+        if (sess != NULL) {
+            /* increase reference count if allocated session */
+            if (sess->type == WOLFSSL_SESSION_TYPE_HEAP) {
+                if (wolfSSL_SESSION_up_ref(sess) != WOLFSSL_SUCCESS)
+                    sess = NULL;
+            }
+        }
+    }
+    return sess;
+}
+
+/* session is a private struct, return if it is setup or not */
+WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session)
+{
+    if (session != NULL)
+        return session->isSetup;
+    return 0;
+}
+
+/*
+ * Sets the session object to use when establishing a TLS/SSL session using
+ * the ssl object. Therefore, this function must be called before
+ * wolfSSL_connect. The session object to use can be obtained in a previous
+ * TLS/SSL connection using wolfSSL_get_session.
+ *
+ * This function rejects the session if it has been expired when this function
+ * is called. Note that this expiration check is wolfSSL specific and differs
+ * from OpenSSL return code behavior.
+ *
+ * By default, wolfSSL_set_session returns WOLFSSL_SUCCESS on successfully
+ * setting the session, WOLFSSL_FAILURE on failure due to the session cache
+ * being disabled, or the session has expired.
+ *
+ * To match OpenSSL return code behavior when session is expired, define
+ * OPENSSL_EXTRA and WOLFSSL_ERROR_CODE_OPENSSL. This behavior will return
+ * WOLFSSL_SUCCESS even when the session is expired and rejected.
+ */
+WOLFSSL_ABI
+int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
+{
+    WOLFSSL_ENTER("wolfSSL_set_session");
+    if (session)
+        return wolfSSL_SetSession(ssl, session);
+
+    return WOLFSSL_FAILURE;
+}
+
+
+#ifndef NO_CLIENT_CACHE
+
+/* Associate client session with serverID, find existing or store for saving
+   if newSession flag on, don't reuse existing session
+   WOLFSSL_SUCCESS on ok */
+int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
+{
+    WOLFSSL_SESSION* session = NULL;
+    byte idHash[SERVER_ID_LEN];
+
+    WOLFSSL_ENTER("wolfSSL_SetServerID");
+
+    if (ssl == NULL || id == NULL || len <= 0)
+        return BAD_FUNC_ARG;
+
+    if (len > SERVER_ID_LEN) {
+#if defined(NO_SHA) && !defined(NO_SHA256)
+        if (wc_Sha256Hash(id, len, idHash) != 0)
+            return WOLFSSL_FAILURE;
+#else
+        if (wc_ShaHash(id, (word32)len, idHash) != 0)
+            return WOLFSSL_FAILURE;
+#endif
+        id = idHash;
+        len = SERVER_ID_LEN;
+    }
+
+    if (newSession == 0) {
+        session = wolfSSL_GetSessionClient(ssl, id, len);
+        if (session) {
+            if (wolfSSL_SetSession(ssl, session) != WOLFSSL_SUCCESS) {
+            #ifdef HAVE_EXT_CACHE
+                wolfSSL_FreeSession(ssl->ctx, session);
+            #endif
+                WOLFSSL_MSG("wolfSSL_SetSession failed");
+                session = NULL;
+            }
+        }
+    }
+
+    if (session == NULL) {
+        WOLFSSL_MSG("Valid ServerID not cached already");
+
+        ssl->session->idLen = (word16)len;
+        XMEMCPY(ssl->session->serverID, id, (size_t)len);
+    }
+#ifdef HAVE_EXT_CACHE
+    else {
+        wolfSSL_FreeSession(ssl->ctx, session);
+    }
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+
+#endif /* !NO_CLIENT_CACHE */
+
+/* TODO: Add SESSION_CACHE_DYNAMIC_MEM support for PERSIST_SESSION_CACHE.
+ * Need a count of current sessions to get an accurate memsize (totalCount is
+ * not decremented when sessions are removed).
+ * Need to determine ideal layout for mem/filesave.
+ * Also need mem/filesave checking to ensure not restoring non DYNAMIC_MEM
+ * cache.
+ */
+#if defined(PERSIST_SESSION_CACHE) && !defined(SESSION_CACHE_DYNAMIC_MEM)
+
+/* for persistence, if changes to layout need to increment and modify
+   save_session_cache() and restore_session_cache and memory versions too */
+#define WOLFSSL_CACHE_VERSION 2
+
+/* Session Cache Header information */
+typedef struct {
+    int version;     /* cache layout version id */
+    int rows;        /* session rows */
+    int columns;     /* session columns */
+    int sessionSz;   /* sizeof WOLFSSL_SESSION */
+} cache_header_t;
+
+/* current persistence layout is:
+
+   1) cache_header_t
+   2) SessionCache
+   3) ClientCache
+
+   update WOLFSSL_CACHE_VERSION if change layout for the following
+   PERSISTENT_SESSION_CACHE functions
+*/
+
+/* get how big the the session cache save buffer needs to be */
+int wolfSSL_get_session_cache_memsize(void)
+{
+    int sz  = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
+#ifndef NO_CLIENT_CACHE
+    sz += (int)(sizeof(ClientCache));
+#endif
+    return sz;
+}
+
+
+/* Persist session cache to memory */
+int wolfSSL_memsave_session_cache(void* mem, int sz)
+{
+    int i;
+    cache_header_t cache_header;
+    SessionRow*    row  = (SessionRow*)((byte*)mem + sizeof(cache_header));
+
+    WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
+
+    if (sz < wolfSSL_get_session_cache_memsize()) {
+        WOLFSSL_MSG("Memory buffer too small");
+        return BUFFER_E;
+    }
+
+    cache_header.version   = WOLFSSL_CACHE_VERSION;
+    cache_header.rows      = SESSION_ROWS;
+    cache_header.columns   = SESSIONS_PER_ROW;
+    cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
+    XMEMCPY(mem, &cache_header, sizeof(cache_header));
+
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    if (SESSION_ROW_RD_LOCK(row) != 0) {
+        WOLFSSL_MSG("Session cache mutex lock failed");
+        return BAD_MUTEX_E;
+    }
+#endif
+    for (i = 0; i < cache_header.rows; ++i) {
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) {
+            WOLFSSL_MSG("Session row cache mutex lock failed");
+            return BAD_MUTEX_E;
+        }
+    #endif
+
+        XMEMCPY(row++, &SessionCache[i], SIZEOF_SESSION_ROW);
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        SESSION_ROW_UNLOCK(&SessionCache[i]);
+    #endif
+    }
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    SESSION_ROW_UNLOCK(row);
+#endif
+
+#ifndef NO_CLIENT_CACHE
+    if (wc_LockMutex(&clisession_mutex) != 0) {
+        WOLFSSL_MSG("Client cache mutex lock failed");
+        return BAD_MUTEX_E;
+    }
+    XMEMCPY(row, ClientCache, sizeof(ClientCache));
+    wc_UnLockMutex(&clisession_mutex);
+#endif
+
+    WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", WOLFSSL_SUCCESS);
+
+    return WOLFSSL_SUCCESS;
+}
+
+
+/* Restore the persistent session cache from memory */
+int wolfSSL_memrestore_session_cache(const void* mem, int sz)
+{
+    int    i;
+    cache_header_t cache_header;
+    SessionRow*    row  = (SessionRow*)((byte*)mem + sizeof(cache_header));
+
+    WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
+
+    if (sz < wolfSSL_get_session_cache_memsize()) {
+        WOLFSSL_MSG("Memory buffer too small");
+        return BUFFER_E;
+    }
+
+    XMEMCPY(&cache_header, mem, sizeof(cache_header));
+    if (cache_header.version   != WOLFSSL_CACHE_VERSION ||
+        cache_header.rows      != SESSION_ROWS ||
+        cache_header.columns   != SESSIONS_PER_ROW ||
+        cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
+
+        WOLFSSL_MSG("Session cache header match failed");
+        return CACHE_MATCH_ERROR;
+    }
+
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) {
+        WOLFSSL_MSG("Session cache mutex lock failed");
+        return BAD_MUTEX_E;
+    }
+#endif
+    for (i = 0; i < cache_header.rows; ++i) {
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
+            WOLFSSL_MSG("Session row cache mutex lock failed");
+            return BAD_MUTEX_E;
+        }
+    #endif
+
+        XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW);
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        SESSION_ROW_UNLOCK(&SessionCache[i]);
+    #endif
+    }
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    SESSION_ROW_UNLOCK(&SessionCache[0]);
+#endif
+
+#ifndef NO_CLIENT_CACHE
+    if (wc_LockMutex(&clisession_mutex) != 0) {
+        WOLFSSL_MSG("Client cache mutex lock failed");
+        return BAD_MUTEX_E;
+    }
+    XMEMCPY(ClientCache, row, sizeof(ClientCache));
+    wc_UnLockMutex(&clisession_mutex);
+#endif
+
+    WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", WOLFSSL_SUCCESS);
+
+    return WOLFSSL_SUCCESS;
+}
+
+#if !defined(NO_FILESYSTEM)
+
+/* Persist session cache to file */
+/* doesn't use memsave because of additional memory use */
+int wolfSSL_save_session_cache(const char *fname)
+{
+    XFILE  file;
+    int    ret;
+    int    rc = WOLFSSL_SUCCESS;
+    int    i;
+    cache_header_t cache_header;
+
+    WOLFSSL_ENTER("wolfSSL_save_session_cache");
+
+    file = XFOPEN(fname, "w+b");
+    if (file == XBADFILE) {
+        WOLFSSL_MSG("Couldn't open session cache save file");
+        return WOLFSSL_BAD_FILE;
+    }
+    cache_header.version   = WOLFSSL_CACHE_VERSION;
+    cache_header.rows      = SESSION_ROWS;
+    cache_header.columns   = SESSIONS_PER_ROW;
+    cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
+
+    /* cache header */
+    ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
+    if (ret != 1) {
+        WOLFSSL_MSG("Session cache header file write failed");
+        XFCLOSE(file);
+        return FWRITE_ERROR;
+    }
+
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    if (SESSION_ROW_RD_LOCK(&SessionCache[0]) != 0) {
+        WOLFSSL_MSG("Session cache mutex lock failed");
+        XFCLOSE(file);
+        return BAD_MUTEX_E;
+    }
+#endif
+    /* session cache */
+    for (i = 0; i < cache_header.rows; ++i) {
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) {
+            WOLFSSL_MSG("Session row cache mutex lock failed");
+            XFCLOSE(file);
+            return BAD_MUTEX_E;
+        }
+    #endif
+
+        ret = (int)XFWRITE(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        SESSION_ROW_UNLOCK(&SessionCache[i]);
+    #endif
+        if (ret != 1) {
+            WOLFSSL_MSG("Session cache member file write failed");
+            rc = FWRITE_ERROR;
+            break;
+        }
+    }
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    SESSION_ROW_UNLOCK(&SessionCache[0]);
+#endif
+
+#ifndef NO_CLIENT_CACHE
+    /* client cache */
+    if (wc_LockMutex(&clisession_mutex) != 0) {
+        WOLFSSL_MSG("Client cache mutex lock failed");
+        XFCLOSE(file);
+        return BAD_MUTEX_E;
+    }
+    ret = (int)XFWRITE(ClientCache, sizeof(ClientCache), 1, file);
+    if (ret != 1) {
+        WOLFSSL_MSG("Client cache member file write failed");
+        rc = FWRITE_ERROR;
+    }
+    wc_UnLockMutex(&clisession_mutex);
+#endif /* !NO_CLIENT_CACHE */
+
+    XFCLOSE(file);
+    WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
+
+    return rc;
+}
+
+
+/* Restore the persistent session cache from file */
+/* doesn't use memstore because of additional memory use */
+int wolfSSL_restore_session_cache(const char *fname)
+{
+    XFILE  file;
+    int    rc = WOLFSSL_SUCCESS;
+    int    ret;
+    int    i;
+    cache_header_t cache_header;
+
+    WOLFSSL_ENTER("wolfSSL_restore_session_cache");
+
+    file = XFOPEN(fname, "rb");
+    if (file == XBADFILE) {
+        WOLFSSL_MSG("Couldn't open session cache save file");
+        return WOLFSSL_BAD_FILE;
+    }
+    /* cache header */
+    ret = (int)XFREAD(&cache_header, sizeof(cache_header), 1, file);
+    if (ret != 1) {
+        WOLFSSL_MSG("Session cache header file read failed");
+        XFCLOSE(file);
+        return FREAD_ERROR;
+    }
+    if (cache_header.version   != WOLFSSL_CACHE_VERSION ||
+        cache_header.rows      != SESSION_ROWS ||
+        cache_header.columns   != SESSIONS_PER_ROW ||
+        cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
+
+        WOLFSSL_MSG("Session cache header match failed");
+        XFCLOSE(file);
+        return CACHE_MATCH_ERROR;
+    }
+
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) {
+        WOLFSSL_MSG("Session cache mutex lock failed");
+        XFCLOSE(file);
+        return BAD_MUTEX_E;
+    }
+#endif
+    /* session cache */
+    for (i = 0; i < cache_header.rows; ++i) {
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
+            WOLFSSL_MSG("Session row cache mutex lock failed");
+            XFCLOSE(file);
+            return BAD_MUTEX_E;
+        }
+    #endif
+
+        ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        SESSION_ROW_UNLOCK(&SessionCache[i]);
+    #endif
+        if (ret != 1) {
+            WOLFSSL_MSG("Session cache member file read failed");
+            XMEMSET(SessionCache, 0, sizeof SessionCache);
+            rc = FREAD_ERROR;
+            break;
+        }
+    }
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    SESSION_ROW_UNLOCK(&SessionCache[0]);
+#endif
+
+#ifndef NO_CLIENT_CACHE
+    /* client cache */
+    if (wc_LockMutex(&clisession_mutex) != 0) {
+        WOLFSSL_MSG("Client cache mutex lock failed");
+        XFCLOSE(file);
+        return BAD_MUTEX_E;
+    }
+    ret = (int)XFREAD(ClientCache, sizeof(ClientCache), 1, file);
+    if (ret != 1) {
+        WOLFSSL_MSG("Client cache member file read failed");
+        XMEMSET(ClientCache, 0, sizeof ClientCache);
+        rc = FREAD_ERROR;
+    }
+    wc_UnLockMutex(&clisession_mutex);
+#endif /* !NO_CLIENT_CACHE */
+
+    XFCLOSE(file);
+    WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
+
+    return rc;
+}
+
+#endif /* !NO_FILESYSTEM */
+#endif /* PERSIST_SESSION_CACHE && !SESSION_CACHE_DYNAMIC_MEM */
+
+
+/* on by default if built in but allow user to turn off */
+WOLFSSL_ABI
+long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_set_session_cache_mode");
+
+    if (ctx == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (mode == WOLFSSL_SESS_CACHE_OFF) {
+        ctx->sessionCacheOff = 1;
+#ifdef HAVE_EXT_CACHE
+        ctx->internalCacheOff = 1;
+        ctx->internalCacheLookupOff = 1;
+#endif
+    }
+
+    if ((mode & WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR) != 0)
+        ctx->sessionCacheFlushOff = 1;
+
+#ifdef HAVE_EXT_CACHE
+    /* WOLFSSL_SESS_CACHE_NO_INTERNAL activates both if's */
+    if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
+        ctx->internalCacheOff = 1;
+    if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP) != 0)
+        ctx->internalCacheLookupOff = 1;
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+
+#ifdef OPENSSL_EXTRA
+#ifdef HAVE_MAX_FRAGMENT
+/* return the max fragment size set when handshake was negotiated */
+unsigned char wolfSSL_SESSION_get_max_fragment_length(WOLFSSL_SESSION* session)
+{
+    session = ClientSessionToSession(session);
+    if (session == NULL) {
+        return 0;
+    }
+
+    return session->mfl;
+}
+#endif
+
+
+/* Get the session cache mode for CTX
+ *
+ * ctx  WOLFSSL_CTX struct to get cache mode from
+ *
+ * Returns a bit mask that has the session cache mode */
+long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
+{
+    long m = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_get_session_cache_mode");
+
+    if (ctx == NULL) {
+        return m;
+    }
+
+    if (ctx->sessionCacheOff != 1) {
+        m |= WOLFSSL_SESS_CACHE_SERVER;
+    }
+
+    if (ctx->sessionCacheFlushOff == 1) {
+        m |= WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR;
+    }
+
+#ifdef HAVE_EXT_CACHE
+    if (ctx->internalCacheOff == 1) {
+        m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE;
+    }
+    if (ctx->internalCacheLookupOff == 1) {
+        m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
+    }
+#endif
+
+    return m;
+}
+#endif /* OPENSSL_EXTRA */
+
+#endif /* !NO_SESSION_CACHE */
+
+#ifndef NO_SESSION_CACHE
+
+WOLFSSL_ABI
+void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
+{
+    /* static table now, no flushing needed */
+    (void)ctx;
+    (void)tm;
+}
+
+void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
+{
+    int i, j;
+
+    (void)ctx;
+    WOLFSSL_ENTER("wolfSSL_flush_sessions");
+    for (i = 0; i < SESSION_ROWS; ++i) {
+        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
+            WOLFSSL_MSG("Session cache mutex lock failed");
+            return;
+        }
+        for (j = 0; j < SESSIONS_PER_ROW; j++) {
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+            WOLFSSL_SESSION* s = SessionCache[i].Sessions[j];
+#else
+            WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j];
+#endif
+            if (
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+                s != NULL &&
+#endif
+                s->sessionIDSz > 0 &&
+                s->bornOn + s->timeout < (word32)tm
+                )
+            {
+                EvictSessionFromCache(s);
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+                XFREE(s, s->heap, DYNAMIC_TYPE_SESSION);
+                SessionCache[i].Sessions[j] = NULL;
+#endif
+            }
+        }
+        SESSION_ROW_UNLOCK(&SessionCache[i]);
+    }
+}
+
+
+/* set ssl session timeout in seconds */
+WOLFSSL_ABI
+int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    if (to == 0)
+        to = WOLFSSL_SESSION_TIMEOUT;
+    ssl->timeout = to;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#ifndef NO_TLS
+/**
+ * Sets ctx session timeout in seconds.
+ * The timeout value set here should be reflected in the
+ * "session ticket lifetime hint" if this API works in the openssl compat-layer.
+ * Therefore wolfSSL_CTX_set_TicketHint is called internally.
+ * Arguments:
+ *  - ctx  WOLFSSL_CTX object which the timeout is set to
+ *  - to   timeout value in second
+ * Returns:
+ *  WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure.
+ *  When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value
+ *  on success, BAD_FUNC_ARG on failure.
+ */
+WOLFSSL_ABI
+int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
+{
+    #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    word32 prev_timeout = 0;
+    #endif
+
+    int ret = WOLFSSL_SUCCESS;
+    (void)ret;
+
+    if (ctx == NULL)
+        ret = BAD_FUNC_ARG;
+
+    if (ret == WOLFSSL_SUCCESS) {
+    #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+        prev_timeout = ctx->timeout;
+    #endif
+        if (to == 0) {
+            ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
+        }
+        else {
+            ctx->timeout = to;
+        }
+    }
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \
+   !defined(NO_WOLFSSL_SERVER)
+    if (ret == WOLFSSL_SUCCESS) {
+        if (to == 0) {
+            ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT);
+        }
+        else {
+            ret = wolfSSL_CTX_set_TicketHint(ctx, (int)to);
+        }
+    }
+#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
+
+#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    if (ret == WOLFSSL_SUCCESS) {
+        return (int)prev_timeout;
+    }
+    else {
+        return ret;
+    }
+#else
+    return ret;
+#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
+}
+#endif /* !NO_TLS */
+
+#ifndef NO_CLIENT_CACHE
+
+/* Get Session from Client cache based on id/len, return NULL on failure */
+WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
+{
+    WOLFSSL_SESSION* ret = NULL;
+    word32          row;
+    int             idx;
+    int             count;
+    int             error = 0;
+    ClientSession*  clSess;
+
+    WOLFSSL_ENTER("wolfSSL_GetSessionClient");
+
+    if (ssl->ctx->sessionCacheOff) {
+        WOLFSSL_MSG("Session Cache off");
+        return NULL;
+    }
+
+    if (ssl->options.side == WOLFSSL_SERVER_END)
+        return NULL;
+
+    len = (int)min(SERVER_ID_LEN, (word32)len);
+
+    /* Do not access ssl->ctx->get_sess_cb from here. It is using a different
+     * set of ID's */
+
+    row = HashObject(id, (word32)len, &error) % CLIENT_SESSION_ROWS;
+    if (error != 0) {
+        WOLFSSL_MSG("Hash session failed");
+        return NULL;
+    }
+
+    if (wc_LockMutex(&clisession_mutex) != 0) {
+        WOLFSSL_MSG("Client cache mutex lock failed");
+        return NULL;
+    }
+
+    /* start from most recently used */
+    count = (int)min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW);
+    idx = ClientCache[row].nextIdx - 1;
+    if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) {
+        /* if back to front, the previous was end */
+        idx = CLIENT_SESSIONS_PER_ROW - 1;
+    }
+    clSess = ClientCache[row].Clients;
+
+    for (; count > 0; --count) {
+        WOLFSSL_SESSION* current;
+        SessionRow* sessRow;
+
+        if (clSess[idx].serverRow >= SESSION_ROWS) {
+            WOLFSSL_MSG("Client cache serverRow invalid");
+            break;
+        }
+
+        /* lock row */
+        sessRow = &SessionCache[clSess[idx].serverRow];
+        if (SESSION_ROW_RD_LOCK(sessRow) != 0) {
+            WOLFSSL_MSG("Session cache row lock failure");
+            break;
+        }
+
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+        current = sessRow->Sessions[clSess[idx].serverIdx];
+#else
+        current = &sessRow->Sessions[clSess[idx].serverIdx];
+#endif
+        if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) {
+            WOLFSSL_MSG("Found a serverid match for client");
+            if (LowResTimer() < (current->bornOn + current->timeout)) {
+                WOLFSSL_MSG("Session valid");
+                ret = current;
+                SESSION_ROW_UNLOCK(sessRow);
+                break;
+            } else {
+                WOLFSSL_MSG("Session timed out");  /* could have more for id */
+            }
+        } else {
+            WOLFSSL_MSG("ServerID not a match from client table");
+        }
+        SESSION_ROW_UNLOCK(sessRow);
+
+        idx = idx > 0 ? idx - 1 : CLIENT_SESSIONS_PER_ROW - 1;
+    }
+
+    wc_UnLockMutex(&clisession_mutex);
+
+    return ret;
+}
+
+#endif /* !NO_CLIENT_CACHE */
+
+static int SslSessionCacheOff(const WOLFSSL* ssl,
+    const WOLFSSL_SESSION* session)
+{
+    (void)session;
+    return ssl->options.sessionCacheOff
+    #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET)
+                && session->ticketLen == 0
+    #endif
+                ;
+}
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+/**
+ * SessionTicketNoncePrealloc() - prealloc a buffer for ticket nonces
+ * @output: [in] pointer to WOLFSSL_SESSION object that will soon be a
+ * destination of a session duplication
+ * @buf: [out] address of the preallocated buf
+ * @len: [out] len of the preallocated buf
+ *
+ * prealloc a buffer that will likely suffice to contain a ticket nonce. It's
+ * used when copying session under lock, when syscalls need to be avoided. If
+ * output already has a dynamic buffer, it's reused.
+ */
+static int SessionTicketNoncePrealloc(byte** buf, byte* len, void *heap)
+{
+    (void)heap;
+
+    *buf = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_NONCE_LEN, heap,
+        DYNAMIC_TYPE_SESSION_TICK);
+    if (*buf == NULL) {
+        WOLFSSL_MSG("Failed to preallocate ticket nonce buffer");
+        *len = 0;
+        return 1;
+    }
+
+    *len = PREALLOC_SESSION_TICKET_NONCE_LEN;
+    return 0;
+}
+#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */
+
+static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
+    WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf,
+    byte* ticketNonceLen, byte* preallocUsed);
+
+void TlsSessionCacheUnlockRow(word32 row)
+{
+    SessionRow* sessRow;
+
+    sessRow = &SessionCache[row];
+    (void)sessRow;
+    SESSION_ROW_UNLOCK(sessRow);
+}
+
+/* Don't use this function directly. Use TlsSessionCacheGetAndRdLock and
+ * TlsSessionCacheGetAndWrLock to fully utilize compiler const support. */
+static int TlsSessionCacheGetAndLock(const byte *id,
+    const WOLFSSL_SESSION **sess, word32 *lockedRow, byte readOnly, byte side)
+{
+    SessionRow *sessRow;
+    const WOLFSSL_SESSION *s;
+    word32 row;
+    int count;
+    int error;
+    int idx;
+
+    *sess = NULL;
+    row = HashObject(id, ID_LEN, &error) % SESSION_ROWS;
+    if (error != 0)
+        return error;
+    sessRow = &SessionCache[row];
+    if (readOnly)
+        error = SESSION_ROW_RD_LOCK(sessRow);
+    else
+        error = SESSION_ROW_WR_LOCK(sessRow);
+    if (error != 0)
+        return FATAL_ERROR;
+
+    /* start from most recently used */
+    count = (int)min((word32)sessRow->totalCount, SESSIONS_PER_ROW);
+    idx = sessRow->nextIdx - 1;
+    if (idx < 0 || idx >= SESSIONS_PER_ROW) {
+        idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
+    }
+    for (; count > 0; --count) {
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+        s = sessRow->Sessions[idx];
+#else
+        s = &sessRow->Sessions[idx];
+#endif
+        /* match session ID value and length */
+        if (s && s->sessionIDSz == ID_LEN && s->side == side &&
+                XMEMCMP(s->sessionID, id, ID_LEN) == 0) {
+            *sess = s;
+            break;
+        }
+        idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1;
+    }
+    if (*sess == NULL) {
+        SESSION_ROW_UNLOCK(sessRow);
+    }
+    else {
+        *lockedRow = row;
+    }
+
+    return 0;
+}
+
+static int CheckSessionMatch(const WOLFSSL* ssl, const WOLFSSL_SESSION* sess)
+{
+    if (ssl == NULL || sess == NULL)
+        return 0;
+#ifdef OPENSSL_EXTRA
+    if (ssl->sessionCtxSz > 0 && (ssl->sessionCtxSz != sess->sessionCtxSz ||
+           XMEMCMP(ssl->sessionCtx, sess->sessionCtx, sess->sessionCtxSz) != 0))
+        return 0;
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
+    if (IsAtLeastTLSv1_3(ssl->version) != IsAtLeastTLSv1_3(sess->version))
+        return 0;
+#endif
+    return 1;
+}
+
+int TlsSessionCacheGetAndRdLock(const byte *id, const WOLFSSL_SESSION **sess,
+        word32 *lockedRow, byte side)
+{
+    return TlsSessionCacheGetAndLock(id, sess, lockedRow, 1, side);
+}
+
+int TlsSessionCacheGetAndWrLock(const byte *id, WOLFSSL_SESSION **sess,
+        word32 *lockedRow, byte side)
+{
+    return TlsSessionCacheGetAndLock(id, (const WOLFSSL_SESSION**)sess,
+            lockedRow, 0, side);
+}
+
+int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
+{
+    const WOLFSSL_SESSION* sess = NULL;
+    const byte*  id = NULL;
+    word32       row;
+    int          error = 0;
+#ifdef HAVE_SESSION_TICKET
+#ifndef WOLFSSL_SMALL_STACK
+    byte         tmpTicket[PREALLOC_SESSION_TICKET_LEN];
+#else
+    byte*        tmpTicket = NULL;
+#endif
+#ifdef WOLFSSL_TLS13
+    byte *preallocNonce = NULL;
+    byte preallocNonceLen = 0;
+    byte preallocNonceUsed = 0;
+#endif /* WOLFSSL_TLS13 */
+    byte         tmpBufSet = 0;
+#endif
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    WOLFSSL_X509* peer = NULL;
+#endif
+    byte         bogusID[ID_LEN];
+    byte         bogusIDSz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_GetSessionFromCache");
+
+    if (output == NULL) {
+        WOLFSSL_MSG("NULL output");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (SslSessionCacheOff(ssl, ssl->session))
+        return WOLFSSL_FAILURE;
+
+    if (ssl->options.haveSessionId == 0 && !ssl->session->haveAltSessionID)
+        return WOLFSSL_FAILURE;
+
+#ifdef HAVE_SESSION_TICKET
+    if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
+        return WOLFSSL_FAILURE;
+#endif
+
+    XMEMSET(bogusID, 0, sizeof(bogusID));
+    if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL
+            && !ssl->session->haveAltSessionID)
+        id = ssl->arrays->sessionID;
+    else if (ssl->session->haveAltSessionID) {
+        id = ssl->session->altSessionID;
+        /* We want to restore the bogus ID for TLS compatibility */
+        if (output == ssl->session) {
+            XMEMCPY(bogusID, ssl->session->sessionID, ID_LEN);
+            bogusIDSz = ssl->session->sessionIDSz;
+        }
+    }
+    else
+        id = ssl->session->sessionID;
+
+
+#ifdef HAVE_EXT_CACHE
+    if (ssl->ctx->get_sess_cb != NULL) {
+        int copy = 0;
+        int found = 0;
+        WOLFSSL_SESSION* extSess;
+        /* Attempt to retrieve the session from the external cache. */
+        WOLFSSL_MSG("Calling external session cache");
+        extSess = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, &copy);
+        if ((extSess != NULL)
+                && CheckSessionMatch(ssl, extSess)
+            ) {
+            WOLFSSL_MSG("Session found in external cache");
+            found = 1;
+
+            error = wolfSSL_DupSession(extSess, output, 0);
+#ifdef HAVE_EX_DATA
+            extSess->ownExData = 1;
+            output->ownExData = 0;
+#endif
+            /* We want to restore the bogus ID for TLS compatibility */
+            if (ssl->session->haveAltSessionID &&
+                    output == ssl->session) {
+                XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN);
+                ssl->session->sessionIDSz = bogusIDSz;
+            }
+        }
+        /* If copy not set then free immediately */
+        if (extSess != NULL && !copy)
+            wolfSSL_FreeSession(ssl->ctx, extSess);
+        if (found)
+            return error;
+        WOLFSSL_MSG("Session not found in external cache");
+    }
+
+    if (ssl->options.internalCacheLookupOff) {
+        WOLFSSL_MSG("Internal cache lookup turned off");
+        return WOLFSSL_FAILURE;
+    }
+#endif
+
+#ifdef HAVE_SESSION_TICKET
+    if (output->ticket == NULL ||
+            output->ticketLenAlloc < PREALLOC_SESSION_TICKET_LEN) {
+#ifdef WOLFSSL_SMALL_STACK
+        tmpTicket = (byte*)XMALLOC(PREALLOC_SESSION_TICKET_LEN, output->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmpTicket == NULL) {
+            WOLFSSL_MSG("tmpTicket malloc failed");
+            return WOLFSSL_FAILURE;
+        }
+#endif
+        if (output->ticketLenAlloc)
+            XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+        output->ticket = tmpTicket; /* cppcheck-suppress autoVariables
+                                     */
+        output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN;
+        output->ticketLen = 0;
+        tmpBufSet = 1;
+    }
+#endif
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (output->peer != NULL) {
+        wolfSSL_X509_free(output->peer);
+        output->peer = NULL;
+    }
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    if (output->ticketNonce.data != output->ticketNonce.dataStatic) {
+        XFREE(output->ticketNonce.data, output->heap,
+            DYNAMIC_TYPE_SESSION_TICK);
+        output->ticketNonce.data = output->ticketNonce.dataStatic;
+        output->ticketNonce.len = 0;
+    }
+    error = SessionTicketNoncePrealloc(&preallocNonce, &preallocNonceLen,
+        output->heap);
+    if (error != 0) {
+        if (tmpBufSet) {
+            output->ticket = output->staticTicket;
+            output->ticketLenAlloc = 0;
+        }
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return WOLFSSL_FAILURE;
+    }
+#endif /* WOLFSSL_TLS13 && HAVE_SESSION_TICKET*/
+
+    /* init to avoid clang static analyzer false positive */
+    row = 0;
+    error = TlsSessionCacheGetAndRdLock(id, &sess, &row,
+        (byte)ssl->options.side);
+    error = (error == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+    if (error != WOLFSSL_SUCCESS || sess == NULL) {
+        WOLFSSL_MSG("Get Session from cache failed");
+        error = WOLFSSL_FAILURE;
+#ifdef HAVE_SESSION_TICKET
+        if (tmpBufSet) {
+            output->ticket = output->staticTicket;
+            output->ticketLenAlloc = 0;
+        }
+#ifdef WOLFSSL_TLS13
+        XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+        preallocNonce = NULL;
+#endif /* WOLFSSL_TLS13 */
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        tmpTicket = NULL;
+#endif
+#endif
+    }
+    else {
+        if (!CheckSessionMatch(ssl, sess)) {
+            WOLFSSL_MSG("Invalid session: can't be used in this context");
+            TlsSessionCacheUnlockRow(row);
+            error = WOLFSSL_FAILURE;
+        }
+        else if (LowResTimer() >= (sess->bornOn + sess->timeout)) {
+            WOLFSSL_SESSION* wrSess = NULL;
+            WOLFSSL_MSG("Invalid session: timed out");
+            sess = NULL;
+            TlsSessionCacheUnlockRow(row);
+            /* Attempt to get a write lock */
+            error = TlsSessionCacheGetAndWrLock(id, &wrSess, &row,
+                    (byte)ssl->options.side);
+            if (error == 0 && wrSess != NULL) {
+                EvictSessionFromCache(wrSess);
+                TlsSessionCacheUnlockRow(row);
+            }
+            error = WOLFSSL_FAILURE;
+        }
+    }
+
+    /* mollify confused cppcheck nullPointer warning. */
+    if (sess == NULL)
+        error = WOLFSSL_FAILURE;
+
+    if (error == WOLFSSL_SUCCESS) {
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13)
+        error = wolfSSL_DupSessionEx(sess, output, 1,
+            preallocNonce, &preallocNonceLen, &preallocNonceUsed);
+#else
+        error = wolfSSL_DupSession(sess, output, 1);
+#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 */
+#ifdef HAVE_EX_DATA
+        output->ownExData = !sess->ownExData; /* Session may own ex_data */
+#endif
+        TlsSessionCacheUnlockRow(row);
+    }
+
+    /* We want to restore the bogus ID for TLS compatibility */
+    if (ssl->session->haveAltSessionID &&
+            output == ssl->session) {
+        XMEMCPY(ssl->session->sessionID, bogusID, ID_LEN);
+        ssl->session->sessionIDSz = bogusIDSz;
+    }
+
+#ifdef HAVE_SESSION_TICKET
+    if (tmpBufSet) {
+        if (error == WOLFSSL_SUCCESS) {
+            if (output->ticketLen > SESSION_TICKET_LEN) {
+                output->ticket = (byte*)XMALLOC(output->ticketLen, output->heap,
+                        DYNAMIC_TYPE_SESSION_TICK);
+                if (output->ticket == NULL) {
+                    error = WOLFSSL_FAILURE;
+                    output->ticket = output->staticTicket;
+                    output->ticketLenAlloc = 0;
+                    output->ticketLen = 0;
+                }
+            }
+            else {
+                output->ticket = output->staticTicket;
+                output->ticketLenAlloc = 0;
+            }
+        }
+        else {
+            output->ticket = output->staticTicket;
+            output->ticketLenAlloc = 0;
+            output->ticketLen = 0;
+        }
+        if (error == WOLFSSL_SUCCESS) {
+            XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */
+        }
+    }
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    if (error == WOLFSSL_SUCCESS && preallocNonceUsed) {
+        if (preallocNonceLen < PREALLOC_SESSION_TICKET_NONCE_LEN) {
+            /* buffer bigger than needed */
+#ifndef XREALLOC
+            output->ticketNonce.data = (byte*)XMALLOC(preallocNonceLen,
+                output->heap, DYNAMIC_TYPE_SESSION_TICK);
+            if (output->ticketNonce.data != NULL)
+                XMEMCPY(output->ticketNonce.data, preallocNonce,
+                    preallocNonceLen);
+            XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+            preallocNonce = NULL;
+#else
+            output->ticketNonce.data = (byte*)XREALLOC(preallocNonce,
+                preallocNonceLen, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+            if (output->ticketNonce.data != NULL) {
+                /* don't free the reallocated pointer */
+                preallocNonce = NULL;
+            }
+#endif /* !XREALLOC */
+            if (output->ticketNonce.data == NULL) {
+                output->ticketNonce.data = output->ticketNonce.dataStatic;
+                output->ticketNonce.len = 0;
+                error = WOLFSSL_FAILURE;
+                /* preallocNonce will be free'd after the if */
+            }
+        }
+        else {
+            output->ticketNonce.data = preallocNonce;
+            output->ticketNonce.len = preallocNonceLen;
+            preallocNonce = NULL;
+        }
+    }
+    XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+
+#endif
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (peer != NULL) {
+        wolfSSL_X509_free(peer);
+    }
+#endif
+
+    return error;
+}
+
+WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret,
+        byte restoreSessionCerts)
+{
+    WOLFSSL_SESSION* ret = NULL;
+
+    (void)restoreSessionCerts; /* Kept for compatibility */
+
+    if (wolfSSL_GetSessionFromCache(ssl, ssl->session) == WOLFSSL_SUCCESS) {
+        ret = ssl->session;
+    }
+    else {
+        WOLFSSL_MSG("wolfSSL_GetSessionFromCache did not return a session");
+    }
+
+    if (ret != NULL && masterSecret != NULL)
+        XMEMCPY(masterSecret, ret->masterSecret, SECRET_LEN);
+
+    return ret;
+}
+
+int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
+{
+    SessionRow* sessRow = NULL;
+    int ret = WOLFSSL_SUCCESS;
+
+    session = ClientSessionToSession(session);
+
+    if (ssl == NULL || session == NULL || !session->isSetup) {
+        WOLFSSL_MSG("ssl or session NULL or not set up");
+        return WOLFSSL_FAILURE;
+    }
+
+    /* We need to lock the session as the first step if its in the cache */
+    if (session->type == WOLFSSL_SESSION_TYPE_CACHE) {
+        if (session->cacheRow < SESSION_ROWS) {
+            sessRow = &SessionCache[session->cacheRow];
+            if (SESSION_ROW_RD_LOCK(sessRow) != 0) {
+                WOLFSSL_MSG("Session row lock failed");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+
+    if (ret == WOLFSSL_SUCCESS && ssl->options.side != WOLFSSL_NEITHER_END &&
+            (byte)ssl->options.side != session->side) {
+        WOLFSSL_MSG("Setting session for wrong role");
+        ret = WOLFSSL_FAILURE;
+    }
+
+    if (ret == WOLFSSL_SUCCESS) {
+        if (ssl->session == session) {
+            WOLFSSL_MSG("ssl->session and session same");
+        }
+        else if (session->type != WOLFSSL_SESSION_TYPE_CACHE) {
+            if (wolfSSL_SESSION_up_ref(session) == WOLFSSL_SUCCESS) {
+                wolfSSL_FreeSession(ssl->ctx, ssl->session);
+                ssl->session = session;
+            }
+            else
+                ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ret = wolfSSL_DupSession(session, ssl->session, 0);
+            if (ret != WOLFSSL_SUCCESS)
+                WOLFSSL_MSG("Session duplicate failed");
+        }
+    }
+
+    /* Let's copy over the altSessionID for local cache purposes */
+    if (ret == WOLFSSL_SUCCESS && session->haveAltSessionID &&
+            ssl->session != session) {
+        ssl->session->haveAltSessionID = 1;
+        XMEMCPY(ssl->session->altSessionID, session->altSessionID, ID_LEN);
+    }
+
+    if (sessRow != NULL) {
+        SESSION_ROW_UNLOCK(sessRow);
+        sessRow = NULL;
+    }
+
+    /* Note: the `session` variable cannot be used below, since the row is
+     * un-locked */
+
+    if (ret != WOLFSSL_SUCCESS)
+        return ret;
+
+#ifdef WOLFSSL_SESSION_ID_CTX
+    /* check for application context id */
+    if (ssl->sessionCtxSz > 0) {
+        if (XMEMCMP(ssl->sessionCtx, ssl->session->sessionCtx,
+                ssl->sessionCtxSz)) {
+            /* context id did not match! */
+            WOLFSSL_MSG("Session context did not match");
+            return WOLFSSL_FAILURE;
+        }
+    }
+#endif /* WOLFSSL_SESSION_ID_CTX */
+
+    if (LowResTimer() >= (ssl->session->bornOn + ssl->session->timeout)) {
+#if !defined(OPENSSL_EXTRA) || !defined(WOLFSSL_ERROR_CODE_OPENSSL)
+        return WOLFSSL_FAILURE;  /* session timed out */
+#else /* defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) */
+        WOLFSSL_MSG("Session is expired but return success for "
+                    "OpenSSL compatibility");
+#endif
+    }
+    ssl->options.resuming = 1;
+    ssl->options.haveEMS = ssl->session->haveEMS;
+
+#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
+                           defined(HAVE_SESSION_TICKET))
+    ssl->version              = ssl->session->version;
+    if (IsAtLeastTLSv1_3(ssl->version))
+        ssl->options.tls1_3 = 1;
+#endif
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+                    (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+    ssl->options.cipherSuite0 = ssl->session->cipherSuite0;
+    ssl->options.cipherSuite  = ssl->session->cipherSuite;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    ssl->peerVerifyRet = (unsigned long)ssl->session->peerVerifyRet;
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+
+
+#ifdef WOLFSSL_SESSION_STATS
+static int get_locked_session_stats(word32* active, word32* total,
+                                    word32* peak);
+#endif
+
+#ifndef NO_CLIENT_CACHE
+ClientSession* AddSessionToClientCache(int side, int row, int idx,
+    byte* serverID, word16 idLen, const byte* sessionID, word16 useTicket)
+{
+    int error = -1;
+    word32 clientRow = 0, clientIdx = 0;
+    ClientSession* ret = NULL;
+
+    (void)useTicket;
+    if (side == WOLFSSL_CLIENT_END
+            && row != INVALID_SESSION_ROW
+            && (idLen
+#ifdef HAVE_SESSION_TICKET
+                || useTicket == 1
+#endif
+                || serverID != NULL
+                )) {
+
+        WOLFSSL_MSG("Trying to add client cache entry");
+
+        if (idLen) {
+            clientRow = HashObject(serverID,
+                    idLen, &error) % CLIENT_SESSION_ROWS;
+        }
+        else if (serverID != NULL) {
+            clientRow = HashObject(sessionID,
+                    ID_LEN, &error) % CLIENT_SESSION_ROWS;
+        }
+        else {
+            error = WOLFSSL_FATAL_ERROR;
+        }
+        if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) {
+            clientIdx = (word32)ClientCache[clientRow].nextIdx;
+            if (clientIdx < CLIENT_SESSIONS_PER_ROW) {
+                ClientCache[clientRow].Clients[clientIdx].serverRow =
+                                                                (word16)row;
+                ClientCache[clientRow].Clients[clientIdx].serverIdx =
+                                                                (word16)idx;
+                if (sessionID != NULL) {
+                    word32 sessionIDHash = HashObject(sessionID, ID_LEN,
+                                                      &error);
+                    if (error == 0) {
+                        ClientCache[clientRow].Clients[clientIdx].sessionIDHash
+                            = sessionIDHash;
+                    }
+                }
+            }
+            else {
+                error = WOLFSSL_FATAL_ERROR;
+                ClientCache[clientRow].nextIdx = 0; /* reset index as safety */
+                WOLFSSL_MSG("Invalid client cache index! "
+                            "Possible corrupted memory");
+            }
+            if (error == 0) {
+                WOLFSSL_MSG("Adding client cache entry");
+
+                ret = &ClientCache[clientRow].Clients[clientIdx];
+
+                if (ClientCache[clientRow].totalCount < CLIENT_SESSIONS_PER_ROW)
+                    ClientCache[clientRow].totalCount++;
+                ClientCache[clientRow].nextIdx++;
+                ClientCache[clientRow].nextIdx %= CLIENT_SESSIONS_PER_ROW;
+            }
+
+            wc_UnLockMutex(&clisession_mutex);
+        }
+        else {
+            WOLFSSL_MSG("Hash session or lock failed");
+        }
+    }
+    else {
+        WOLFSSL_MSG("Skipping client cache");
+    }
+
+    return ret;
+}
+#endif /* !NO_CLIENT_CACHE */
+
+/**
+ * For backwards compatibility, this API needs to be used in *ALL* functions
+ * that access the WOLFSSL_SESSION members directly.
+ *
+ * This API checks if the passed in session is actually a ClientSession object
+ * and returns the matching session cache object. Otherwise just return the
+ * input. ClientSession objects only occur in the ClientCache. They are not
+ * allocated anywhere else.
+ */
+WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
+{
+    WOLFSSL_ENTER("ClientSessionToSession");
+#ifdef NO_SESSION_CACHE_REF
+    return (WOLFSSL_SESSION*)session;
+#else
+#ifndef NO_CLIENT_CACHE
+    if (session == NULL)
+        return NULL;
+    /* Check if session points into ClientCache */
+    if ((byte*)session >= (byte*)ClientCache &&
+            /* Cast to byte* to make pointer arithmetic work per byte */
+            (byte*)session < ((byte*)ClientCache) + sizeof(ClientCache)) {
+        ClientSession* clientSession = (ClientSession*)session;
+        SessionRow* sessRow = NULL;
+        WOLFSSL_SESSION* cacheSession = NULL;
+        word32 sessionIDHash = 0;
+        int error = 0;
+        session = NULL; /* Default to NULL for failure case */
+        if (wc_LockMutex(&clisession_mutex) != 0) {
+            WOLFSSL_MSG("Client cache mutex lock failed");
+            return NULL;
+        }
+        if (clientSession->serverRow >= SESSION_ROWS ||
+                clientSession->serverIdx >= SESSIONS_PER_ROW) {
+            WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
+            error = WOLFSSL_FATAL_ERROR;
+        }
+        if (error == 0) {
+            /* Lock row */
+            sessRow = &SessionCache[clientSession->serverRow];
+            /* Prevent memory access before clientSession->serverRow and
+             * clientSession->serverIdx are sanitized. */
+            XFENCE();
+            error = SESSION_ROW_RD_LOCK(sessRow);
+            if (error != 0) {
+                WOLFSSL_MSG("Session cache row lock failure");
+                sessRow = NULL;
+            }
+        }
+        if (error == 0) {
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+            cacheSession = sessRow->Sessions[clientSession->serverIdx];
+#else
+            cacheSession = &sessRow->Sessions[clientSession->serverIdx];
+#endif
+            /* Prevent memory access */
+            XFENCE();
+            if (cacheSession && cacheSession->sessionIDSz == 0) {
+                cacheSession = NULL;
+                WOLFSSL_MSG("Session cache entry not set");
+                error = WOLFSSL_FATAL_ERROR;
+            }
+        }
+        if (error == 0) {
+            /* Calculate the hash of the session ID */
+            sessionIDHash = HashObject(cacheSession->sessionID, ID_LEN,
+                    &error);
+        }
+        if (error == 0) {
+            /* Check the session ID hash matches */
+            error = clientSession->sessionIDHash != sessionIDHash;
+            if (error != 0)
+                WOLFSSL_MSG("session ID hashes don't match");
+        }
+        if (error == 0) {
+            /* Hashes match */
+            session = cacheSession;
+            WOLFSSL_MSG("Found session cache matching client session object");
+        }
+        if (sessRow != NULL) {
+            SESSION_ROW_UNLOCK(sessRow);
+        }
+        wc_UnLockMutex(&clisession_mutex);
+        return (WOLFSSL_SESSION*)session;
+    }
+    else {
+        /* Plain WOLFSSL_SESSION object */
+        return (WOLFSSL_SESSION*)session;
+    }
+#else
+    return (WOLFSSL_SESSION*)session;
+#endif
+#endif
+}
+
+int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
+        const byte* id, byte idSz, int* sessionIndex, int side,
+        word16 useTicket, ClientSession** clientCacheEntry)
+{
+    WOLFSSL_SESSION* cacheSession = NULL;
+    SessionRow* sessRow = NULL;
+    word32 idx = 0;
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    WOLFSSL_X509* cachePeer = NULL;
+    WOLFSSL_X509* addPeer = NULL;
+#endif
+#ifdef HAVE_SESSION_TICKET
+    byte*  cacheTicBuff = NULL;
+    byte   ticBuffUsed = 0;
+    byte*  ticBuff = NULL;
+    int    ticLen  = 0;
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    byte *preallocNonce = NULL;
+    byte preallocNonceLen = 0;
+    byte preallocNonceUsed = 0;
+    byte *toFree = NULL;
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC */
+#endif /* HAVE_SESSION_TICKET */
+    int ret = 0;
+    int row;
+    int i;
+    int overwrite = 0;
+    (void)ctx;
+    (void)sessionIndex;
+    (void)useTicket;
+    (void)clientCacheEntry;
+
+    WOLFSSL_ENTER("AddSessionToCache");
+
+    if (idSz == 0) {
+        WOLFSSL_MSG("AddSessionToCache idSz == 0");
+        return BAD_FUNC_ARG;
+    }
+
+    addSession = ClientSessionToSession(addSession);
+    if (addSession == NULL) {
+        WOLFSSL_MSG("AddSessionToCache is NULL");
+        return MEMORY_E;
+    }
+
+#ifdef HAVE_SESSION_TICKET
+    ticLen = addSession->ticketLen;
+    /* Alloc Memory here to avoid syscalls during lock */
+    if (ticLen > SESSION_TICKET_LEN) {
+        ticBuff = (byte*)XMALLOC((size_t)ticLen, NULL,
+                DYNAMIC_TYPE_SESSION_TICK);
+        if (ticBuff == NULL) {
+            return MEMORY_E;
+        }
+    }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    if (addSession->ticketNonce.data != addSession->ticketNonce.dataStatic) {
+        /* use the AddSession->heap even if the buffer maybe saved in
+         * CachedSession objects. CachedSession heap and AddSession heap should
+         * be the same */
+        preallocNonce = (byte*)XMALLOC(addSession->ticketNonce.len,
+            addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+        if (preallocNonce == NULL) {
+            XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+            return MEMORY_E;
+        }
+        preallocNonceLen = addSession->ticketNonce.len;
+    }
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+#endif /* HAVE_SESSION_TICKET */
+
+    /* Find a position for the new session in cache and use that */
+    /* Use the session object in the cache for external cache if required */
+    row = (int)(HashObject(id, ID_LEN, &ret) % SESSION_ROWS);
+    if (ret != 0) {
+        WOLFSSL_MSG("Hash session failed");
+    #ifdef HAVE_SESSION_TICKET
+        XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&      \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+    #endif
+    #endif
+        return ret;
+    }
+
+    sessRow = &SessionCache[row];
+    if (SESSION_ROW_WR_LOCK(sessRow) != 0) {
+    #ifdef HAVE_SESSION_TICKET
+        XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+    #endif
+    #endif
+        WOLFSSL_MSG("Session row lock failed");
+        return BAD_MUTEX_E;
+    }
+
+    for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) {
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+        cacheSession = sessRow->Sessions[i];
+#else
+        cacheSession = &sessRow->Sessions[i];
+#endif
+        if (cacheSession && XMEMCMP(id,
+                cacheSession->sessionID, ID_LEN) == 0 &&
+                cacheSession->side == side) {
+            WOLFSSL_MSG("Session already exists. Overwriting.");
+            overwrite = 1;
+            idx = (word32)i;
+            break;
+        }
+    }
+
+    if (!overwrite)
+        idx = (word32)sessRow->nextIdx;
+#ifdef SESSION_INDEX
+    if (sessionIndex != NULL)
+        *sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
+#endif
+
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+    cacheSession = sessRow->Sessions[idx];
+    if (cacheSession == NULL) {
+        cacheSession = (WOLFSSL_SESSION*) XMALLOC(sizeof(WOLFSSL_SESSION),
+                                         sessRow->heap, DYNAMIC_TYPE_SESSION);
+        if (cacheSession == NULL) {
+        #ifdef HAVE_SESSION_TICKET
+            XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
+        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+        (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+            XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+        #endif
+        #endif
+            SESSION_ROW_UNLOCK(sessRow);
+            return MEMORY_E;
+        }
+        XMEMSET(cacheSession, 0, sizeof(WOLFSSL_SESSION));
+        sessRow->Sessions[idx] = cacheSession;
+    }
+#else
+    cacheSession = &sessRow->Sessions[idx];
+#endif
+
+#ifdef HAVE_EX_DATA_CRYPTO
+    if (overwrite) {
+        /* Figure out who owns the ex_data */
+        if (cacheSession->ownExData) {
+            /* Prioritize cacheSession copy */
+            XMEMCPY(&addSession->ex_data, &cacheSession->ex_data,
+                    sizeof(WOLFSSL_CRYPTO_EX_DATA));
+        }
+        /* else will be copied in wolfSSL_DupSession call */
+    }
+    else if (cacheSession->ownExData) {
+        crypto_ex_cb_free_data(cacheSession, crypto_ex_cb_ctx_session,
+                               &cacheSession->ex_data);
+        cacheSession->ownExData = 0;
+    }
+#endif
+
+    if (!overwrite)
+        EvictSessionFromCache(cacheSession);
+
+    cacheSession->type = WOLFSSL_SESSION_TYPE_CACHE;
+    cacheSession->cacheRow = row;
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    /* Save the peer field to free after unlocking the row */
+    if (cacheSession->peer != NULL)
+        cachePeer = cacheSession->peer;
+    cacheSession->peer = NULL;
+#endif
+#ifdef HAVE_SESSION_TICKET
+    /* If we can reuse the existing buffer in cacheSession then we won't touch
+     * ticBuff at all making it a very cheap malloc/free. The page on a modern
+     * OS will most likely not even be allocated to the process. */
+    if (ticBuff != NULL && cacheSession->ticketLenAlloc < ticLen) {
+        /* Save pointer only if separately allocated */
+        if (cacheSession->ticket != cacheSession->staticTicket)
+            cacheTicBuff = cacheSession->ticket;
+        ticBuffUsed = 1;
+        cacheSession->ticket = ticBuff;
+        cacheSession->ticketLenAlloc = (word16) ticLen;
+    }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    /* cache entry never used */
+    if (cacheSession->ticketNonce.data == NULL)
+        cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic;
+
+    if (cacheSession->ticketNonce.data !=
+            cacheSession->ticketNonce.dataStatic) {
+        toFree = cacheSession->ticketNonce.data;
+        cacheSession->ticketNonce.data = cacheSession->ticketNonce.dataStatic;
+        cacheSession->ticketNonce.len = 0;
+    }
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+#endif
+#ifdef SESSION_CERTS
+    if (overwrite &&
+            addSession->chain.count == 0 &&
+            cacheSession->chain.count > 0) {
+        /* Copy in the certs from the session */
+        addSession->chain.count = cacheSession->chain.count;
+        XMEMCPY(addSession->chain.certs, cacheSession->chain.certs,
+                sizeof(x509_buffer) * (size_t)cacheSession->chain.count);
+    }
+#endif /* SESSION_CERTS */
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    /* Don't copy the peer cert into cache */
+    addPeer = addSession->peer;
+    addSession->peer = NULL;
+#endif
+    cacheSession->heap = NULL;
+    /* Copy data into the cache object */
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                   \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    ret = (wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce,
+                                &preallocNonceLen, &preallocNonceUsed)
+           == WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#else
+    ret = (wolfSSL_DupSession(addSession, cacheSession, 1)
+           == WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC
+          && FIPS_VERSION_GE(5,3)*/
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    addSession->peer = addPeer;
+#endif
+
+    if (ret == 0) {
+        if (!overwrite) {
+            /* Increment the totalCount and the nextIdx */
+            if (sessRow->totalCount < SESSIONS_PER_ROW)
+                sessRow->totalCount++;
+            sessRow->nextIdx = (sessRow->nextIdx + 1) % SESSIONS_PER_ROW;
+        }
+        if (id != addSession->sessionID) {
+            /* ssl->session->sessionID may contain the bogus ID or we want the
+             * ID from the arrays object */
+            XMEMCPY(cacheSession->sessionID, id, ID_LEN);
+            cacheSession->sessionIDSz = ID_LEN;
+        }
+#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
+        if (ctx->rem_sess_cb != NULL)
+            cacheSession->rem_sess_cb = ctx->rem_sess_cb;
+#endif
+#ifdef HAVE_EX_DATA
+        /* The session in cache now owns the ex_data */
+        addSession->ownExData = 0;
+        cacheSession->ownExData = 1;
+#endif
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        if (preallocNonce != NULL && preallocNonceUsed) {
+            cacheSession->ticketNonce.data = preallocNonce;
+            cacheSession->ticketNonce.len = preallocNonceLen;
+            preallocNonce = NULL;
+            preallocNonceLen = 0;
+        }
+#endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC
+        * && FIPS_VERSION_GE(5,3)*/
+    }
+#ifdef HAVE_SESSION_TICKET
+    else if (ticBuffUsed) {
+        /* Error occurred. Need to clean up the ticket buffer. */
+        cacheSession->ticket = cacheSession->staticTicket;
+        cacheSession->ticketLenAlloc = 0;
+        cacheSession->ticketLen = 0;
+    }
+#endif
+    SESSION_ROW_UNLOCK(sessRow);
+    cacheSession = NULL; /* Can't access after unlocked */
+
+#ifndef NO_CLIENT_CACHE
+    if (ret == 0 && clientCacheEntry != NULL) {
+        ClientSession* clientCache = AddSessionToClientCache(side, row, (int)idx,
+                addSession->serverID, addSession->idLen, id, useTicket);
+        if (clientCache != NULL)
+            *clientCacheEntry = clientCache;
+    }
+#endif
+
+#ifdef HAVE_SESSION_TICKET
+    if (ticBuff != NULL && !ticBuffUsed)
+        XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
+    XFREE(cacheTicBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&         \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+    XFREE(toFree, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+#endif
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (cachePeer != NULL) {
+        wolfSSL_X509_free(cachePeer);
+        cachePeer = NULL; /* Make sure not use after this point */
+    }
+#endif
+
+    return ret;
+}
+
+void AddSession(WOLFSSL* ssl)
+{
+    int    error = 0;
+    const byte* id = NULL;
+    byte idSz = 0;
+    WOLFSSL_SESSION* session = ssl->session;
+
+    (void)error;
+
+    WOLFSSL_ENTER("AddSession");
+
+    if (SslSessionCacheOff(ssl, session)) {
+        WOLFSSL_MSG("Cache off");
+        return;
+    }
+
+    if (session->haveAltSessionID) {
+        id = session->altSessionID;
+        idSz = ID_LEN;
+    }
+    else {
+        id = session->sessionID;
+        idSz = session->sessionIDSz;
+    }
+
+    /* Do this only for the client because if the server doesn't have an ID at
+     * this point, it won't on resumption. */
+    if (idSz == 0 && ssl->options.side == WOLFSSL_CLIENT_END) {
+        WC_RNG* rng = NULL;
+        if (ssl->rng != NULL)
+            rng = ssl->rng;
+#if defined(HAVE_GLOBAL_RNG) && defined(OPENSSL_EXTRA)
+        else if (initGlobalRNG == 1 || wolfSSL_RAND_Init() == WOLFSSL_SUCCESS) {
+            rng = &globalRNG;
+        }
+#endif
+        if (wc_RNG_GenerateBlock(rng, ssl->session->altSessionID,
+                ID_LEN) != 0)
+            return;
+        ssl->session->haveAltSessionID = 1;
+        id = ssl->session->altSessionID;
+        idSz = ID_LEN;
+    }
+
+#ifdef HAVE_EXT_CACHE
+    if (!ssl->options.internalCacheOff)
+#endif
+    {
+        /* Try to add the session to internal cache or external cache
+        if a new_sess_cb is set. Its ok if we don't succeed. */
+        (void)AddSessionToCache(ssl->ctx, session, id, idSz,
+#ifdef SESSION_INDEX
+                &ssl->sessionIndex,
+#else
+                NULL,
+#endif
+                ssl->options.side,
+#ifdef HAVE_SESSION_TICKET
+                ssl->options.useTicket,
+#else
+                0,
+#endif
+#ifdef NO_SESSION_CACHE_REF
+                NULL
+#else
+                (ssl->options.side == WOLFSSL_CLIENT_END) ?
+                        &ssl->clientSession : NULL
+#endif
+                        );
+    }
+
+#ifdef HAVE_EXT_CACHE
+    if (error == 0 && ssl->ctx->new_sess_cb != NULL) {
+        int cbRet = 0;
+        wolfSSL_SESSION_up_ref(session);
+        cbRet = ssl->ctx->new_sess_cb(ssl, session);
+        if (cbRet == 0)
+            wolfSSL_FreeSession(ssl->ctx, session);
+    }
+#endif
+
+#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
+    if (error == 0) {
+        word32 active = 0;
+
+        error = get_locked_session_stats(&active, NULL, NULL);
+        if (error == WOLFSSL_SUCCESS) {
+            error = 0;  /* back to this function ok */
+
+            if (PeakSessions < active) {
+                PeakSessions = active;
+            }
+        }
+    }
+#endif /* WOLFSSL_SESSION_STATS && WOLFSSL_PEAK_SESSIONS */
+    (void)error;
+}
+
+
+#ifdef SESSION_INDEX
+
+int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
+{
+    WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
+    WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
+    return ssl->sessionIndex;
+}
+
+
+int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
+{
+    int row, col, result = WOLFSSL_FAILURE;
+    SessionRow* sessRow;
+    WOLFSSL_SESSION* cacheSession;
+
+    WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
+
+    session = ClientSessionToSession(session);
+
+    row = idx >> SESSIDX_ROW_SHIFT;
+    col = idx & SESSIDX_IDX_MASK;
+
+    if (session == NULL ||
+            row < 0 || row >= SESSION_ROWS || col >= SESSIONS_PER_ROW) {
+        return WOLFSSL_FAILURE;
+    }
+
+    sessRow = &SessionCache[row];
+    if (SESSION_ROW_RD_LOCK(sessRow) != 0) {
+        return BAD_MUTEX_E;
+    }
+
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+    cacheSession = sessRow->Sessions[col];
+#else
+    cacheSession = &sessRow->Sessions[col];
+#endif
+    if (cacheSession) {
+        XMEMCPY(session, cacheSession, sizeof(WOLFSSL_SESSION));
+        result = WOLFSSL_SUCCESS;
+    }
+    else {
+        result = WOLFSSL_FAILURE;
+    }
+
+    SESSION_ROW_UNLOCK(sessRow);
+
+    WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
+    return result;
+}
+
+#endif /* SESSION_INDEX */
+
+#if defined(SESSION_CERTS)
+
+WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
+{
+    WOLFSSL_X509_CHAIN* chain = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
+
+    session = ClientSessionToSession(session);
+
+    if (session)
+        chain = &session->chain;
+
+    WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
+    return chain;
+}
+
+
+#ifdef OPENSSL_EXTRA
+/* gets the peer certificate associated with the session passed in
+ * returns null on failure, the caller should not free the returned pointer */
+WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
+
+    session = ClientSessionToSession(session);
+    if (session) {
+        int count;
+
+        count = wolfSSL_get_chain_count(&session->chain);
+        if (count < 1 || count >= MAX_CHAIN_DEPTH) {
+            WOLFSSL_MSG("bad count found");
+            return NULL;
+        }
+
+        if (session->peer == NULL) {
+            session->peer = wolfSSL_get_chain_X509(&session->chain, 0);
+        }
+        return session->peer;
+    }
+    WOLFSSL_MSG("No session passed in");
+
+    return NULL;
+}
+#endif /* OPENSSL_EXTRA */
+#endif /* SESSION_INDEX && SESSION_CERTS */
+
+
+#ifdef WOLFSSL_SESSION_STATS
+
+static int get_locked_session_stats(word32* active, word32* total, word32* peak)
+{
+    int result = WOLFSSL_SUCCESS;
+    int i;
+    int count;
+    int idx;
+    word32 now   = 0;
+    word32 seen  = 0;
+    word32 ticks = LowResTimer();
+
+    WOLFSSL_ENTER("get_locked_session_stats");
+
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    SESSION_ROW_RD_LOCK(&SessionCache[0]);
+#endif
+    for (i = 0; i < SESSION_ROWS; i++) {
+        SessionRow* row = &SessionCache[i];
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        if (SESSION_ROW_RD_LOCK(row) != 0) {
+            WOLFSSL_MSG("Session row cache mutex lock failed");
+            return BAD_MUTEX_E;
+        }
+    #endif
+
+        seen += row->totalCount;
+
+        if (active == NULL) {
+            SESSION_ROW_UNLOCK(row);
+            continue;
+        }
+
+        count = min((word32)row->totalCount, SESSIONS_PER_ROW);
+        idx   = row->nextIdx - 1;
+        if (idx < 0 || idx >= SESSIONS_PER_ROW) {
+            idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
+        }
+
+        for (; count > 0; --count) {
+            /* if not expired then good */
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+            if (row->Sessions[idx] &&
+                ticks < (row->Sessions[idx]->bornOn +
+                            row->Sessions[idx]->timeout) )
+#else
+            if (ticks < (row->Sessions[idx].bornOn +
+                            row->Sessions[idx].timeout) )
+#endif
+            {
+                now++;
+            }
+
+            idx = idx > 0 ? idx - 1 : SESSIONS_PER_ROW - 1;
+        }
+
+    #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
+        SESSION_ROW_UNLOCK(row);
+    #endif
+    }
+#ifndef ENABLE_SESSION_CACHE_ROW_LOCK
+    SESSION_ROW_UNLOCK(&SessionCache[0]);
+#endif
+
+    if (active) {
+        *active = now;
+    }
+    if (total) {
+        *total = seen;
+    }
+
+#ifdef WOLFSSL_PEAK_SESSIONS
+    if (peak) {
+        *peak = PeakSessions;
+    }
+#else
+    (void)peak;
+#endif
+
+    WOLFSSL_LEAVE("get_locked_session_stats", result);
+
+    return result;
+}
+
+
+/* return WOLFSSL_SUCCESS on ok */
+int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
+                              word32* maxSessions)
+{
+    int result = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_get_session_stats");
+
+    if (maxSessions) {
+        *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
+
+        if (active == NULL && total == NULL && peak == NULL)
+            return result;  /* we're done */
+    }
+
+    /* user must provide at least one query value */
+    if (active == NULL && total == NULL && peak == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    result = get_locked_session_stats(active, total, peak);
+
+    WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
+
+    return result;
+}
+
+#endif /* WOLFSSL_SESSION_STATS */
+
+
+    #ifdef PRINT_SESSION_STATS
+
+    /* WOLFSSL_SUCCESS on ok */
+    int wolfSSL_PrintSessionStats(void)
+    {
+        word32 totalSessionsSeen = 0;
+        word32 totalSessionsNow = 0;
+        word32 peak = 0;
+        word32 maxSessions = 0;
+        int    i;
+        int    ret;
+        double E;               /* expected freq */
+        double chiSquare = 0;
+
+        ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
+                                        &peak, &maxSessions);
+        if (ret != WOLFSSL_SUCCESS)
+            return ret;
+        printf("Total Sessions Seen = %u\n", totalSessionsSeen);
+        printf("Total Sessions Now  = %u\n", totalSessionsNow);
+#ifdef WOLFSSL_PEAK_SESSIONS
+        printf("Peak  Sessions      = %u\n", peak);
+#endif
+        printf("Max   Sessions      = %u\n", maxSessions);
+
+        E = (double)totalSessionsSeen / SESSION_ROWS;
+
+        for (i = 0; i < SESSION_ROWS; i++) {
+            double diff = SessionCache[i].totalCount - E;
+            diff *= diff;                /* square    */
+            diff /= E;                   /* normalize */
+
+            chiSquare += diff;
+        }
+        printf("  chi-square = %5.1f, d.f. = %d\n", chiSquare,
+                                                     SESSION_ROWS - 1);
+        #if (SESSION_ROWS == 11)
+            printf(" .05 p value =  18.3, chi-square should be less\n");
+        #elif (SESSION_ROWS == 211)
+            printf(".05 p value  = 244.8, chi-square should be less\n");
+        #elif (SESSION_ROWS == 5981)
+            printf(".05 p value  = 6161.0, chi-square should be less\n");
+        #elif (SESSION_ROWS == 3)
+            printf(".05 p value  =   6.0, chi-square should be less\n");
+        #elif (SESSION_ROWS == 2861)
+            printf(".05 p value  = 2985.5, chi-square should be less\n");
+        #endif
+        printf("\n");
+
+        return ret;
+    }
+
+    #endif /* SESSION_STATS */
+
+#else  /* NO_SESSION_CACHE */
+
+WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
+{
+    return (WOLFSSL_SESSION*)session;
+}
+
+/* No session cache version */
+WOLFSSL_SESSION* wolfSSL_GetSession(WOLFSSL* ssl, byte* masterSecret,
+        byte restoreSessionCerts)
+{
+    (void)ssl;
+    (void)masterSecret;
+    (void)restoreSessionCerts;
+
+    return NULL;
+}
+
+#endif /* NO_SESSION_CACHE */
+
+#ifdef OPENSSL_EXTRA
+
+   /* returns previous set cache size which stays constant */
+    long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
+    {
+        /* cache size fixed at compile time in wolfSSL */
+        (void)ctx;
+        (void)sz;
+        WOLFSSL_MSG("session cache is set at compile time");
+        #ifndef NO_SESSION_CACHE
+            return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
+        #else
+            return 0;
+        #endif
+    }
+
+
+    long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
+    {
+        (void)ctx;
+        #ifndef NO_SESSION_CACHE
+            return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
+        #else
+            return 0;
+        #endif
+    }
+
+#endif
+
+#ifndef NO_SESSION_CACHE
+int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
+{
+    int    error = 0;
+    const byte* id = NULL;
+    byte idSz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_add_session");
+
+    session = ClientSessionToSession(session);
+    if (session == NULL)
+        return WOLFSSL_FAILURE;
+
+    /* Session cache is global */
+    (void)ctx;
+
+    if (session->haveAltSessionID) {
+        id = session->altSessionID;
+        idSz = ID_LEN;
+    }
+    else {
+        id = session->sessionID;
+        idSz = session->sessionIDSz;
+    }
+
+    error = AddSessionToCache(ctx, session, id, idSz,
+            NULL, session->side,
+#ifdef HAVE_SESSION_TICKET
+            session->ticketLen > 0,
+#else
+            0,
+#endif
+            NULL);
+
+    return error == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+#endif
+
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
+/* stunnel 4.28 needs
+ *
+ * Callback that is called if a session tries to resume but could not find
+ * the session to resume it.
+ */
+void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
+    WOLFSSL_SESSION*(*f)(WOLFSSL*, const unsigned char*, int, int*))
+{
+    if (ctx == NULL)
+        return;
+
+#ifdef HAVE_EXT_CACHE
+    ctx->get_sess_cb = f;
+#else
+    (void)f;
+#endif
+}
+
+void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
+                             int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
+{
+    if (ctx == NULL)
+        return;
+
+#ifdef HAVE_EXT_CACHE
+    ctx->new_sess_cb = f;
+#else
+    (void)f;
+#endif
+}
+
+void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
+                                                        WOLFSSL_SESSION*))
+{
+    if (ctx == NULL)
+        return;
+
+#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
+    ctx->rem_sess_cb = f;
+#else
+    (void)f;
+#endif
+}
+
+
+/*
+ *
+ * Note: It is expected that the importing and exporting function have been
+ *       built with the same settings. For example if session tickets was
+ *       enabled with the wolfSSL library exporting a session then it is
+ *       expected to be turned on with the wolfSSL library importing the
+ *       session.
+ */
+int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
+{
+    int size = 0;
+#ifdef HAVE_EXT_CACHE
+    int idx = 0;
+#ifdef SESSION_CERTS
+    int i;
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_i2d_SSL_SESSION");
+
+    sess = ClientSessionToSession(sess);
+    if (sess == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* side | bornOn | timeout | sessionID len | sessionID | masterSecret |
+     * haveEMS  */
+    size += OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN +
+            sess->sessionIDSz + SECRET_LEN + OPAQUE8_LEN;
+    /* altSessionID */
+    size += OPAQUE8_LEN + (sess->haveAltSessionID ? ID_LEN : 0);
+#ifdef SESSION_CERTS
+    /* Peer chain */
+    size += OPAQUE8_LEN;
+    for (i = 0; i < sess->chain.count; i++)
+        size += OPAQUE16_LEN + sess->chain.certs[i].length;
+#endif
+#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
+                               defined(HAVE_SESSION_TICKET))
+    /* Protocol version */
+    size += OPAQUE16_LEN;
+#endif
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+    /* cipher suite */
+    size += OPAQUE16_LEN;
+#endif
+#ifndef NO_CLIENT_CACHE
+    /* ServerID len | ServerID */
+    size += OPAQUE16_LEN + sess->idLen;
+#endif
+#ifdef WOLFSSL_SESSION_ID_CTX
+    /* session context ID len | session context ID */
+    size += OPAQUE8_LEN + sess->sessionCtxSz;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    /* peerVerifyRet */
+    size += OPAQUE8_LEN;
+#endif
+#ifdef WOLFSSL_TLS13
+    /* namedGroup */
+    size += OPAQUE16_LEN;
+#endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+#ifdef WOLFSSL_TLS13
+#ifdef WOLFSSL_32BIT_MILLI_TIME
+    /* ticketSeen | ticketAdd */
+    size += OPAQUE32_LEN + OPAQUE32_LEN;
+#else
+    /* ticketSeen Hi 32 bits | ticketSeen Lo 32 bits | ticketAdd */
+    size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE32_LEN;
+#endif
+    /* ticketNonce */
+    size += OPAQUE8_LEN + sess->ticketNonce.len;
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+    size += OPAQUE32_LEN;
+#endif
+#endif
+#ifdef HAVE_SESSION_TICKET
+    /* ticket len | ticket */
+    size += OPAQUE16_LEN + sess->ticketLen;
+#endif
+
+    if (p != NULL) {
+        unsigned char *data;
+
+        if (*p == NULL)
+            *p = (unsigned char*)XMALLOC((size_t)size, NULL,
+                                                DYNAMIC_TYPE_OPENSSL);
+        if (*p == NULL)
+            return 0;
+        data = *p;
+
+        data[idx++] = sess->side;
+        c32toa(sess->bornOn, data + idx); idx += OPAQUE32_LEN;
+        c32toa(sess->timeout, data + idx); idx += OPAQUE32_LEN;
+        data[idx++] = sess->sessionIDSz;
+        XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz);
+        idx += sess->sessionIDSz;
+        XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN;
+        data[idx++] = (byte)sess->haveEMS;
+        data[idx++] = sess->haveAltSessionID ? ID_LEN : 0;
+        if (sess->haveAltSessionID) {
+            XMEMCPY(data + idx, sess->altSessionID, ID_LEN);
+            idx += ID_LEN;
+        }
+#ifdef SESSION_CERTS
+        data[idx++] = (byte)sess->chain.count;
+        for (i = 0; i < sess->chain.count; i++) {
+            c16toa((word16)sess->chain.certs[i].length, data + idx);
+            idx += OPAQUE16_LEN;
+            XMEMCPY(data + idx, sess->chain.certs[i].buffer,
+                    (size_t)sess->chain.certs[i].length);
+            idx += sess->chain.certs[i].length;
+        }
+#endif
+#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
+                               defined(HAVE_SESSION_TICKET))
+        data[idx++] = sess->version.major;
+        data[idx++] = sess->version.minor;
+#endif
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+        data[idx++] = sess->cipherSuite0;
+        data[idx++] = sess->cipherSuite;
+#endif
+#ifndef NO_CLIENT_CACHE
+        c16toa(sess->idLen, data + idx); idx += OPAQUE16_LEN;
+        XMEMCPY(data + idx, sess->serverID, sess->idLen);
+        idx += sess->idLen;
+#endif
+#ifdef WOLFSSL_SESSION_ID_CTX
+        data[idx++] = sess->sessionCtxSz;
+        XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz);
+        idx += sess->sessionCtxSz;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+        data[idx++] = sess->peerVerifyRet;
+#endif
+#ifdef WOLFSSL_TLS13
+        c16toa(sess->namedGroup, data + idx);
+        idx += OPAQUE16_LEN;
+#endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+#ifdef WOLFSSL_TLS13
+#ifdef WOLFSSL_32BIT_MILLI_TIME
+        c32toa(sess->ticketSeen, data + idx);
+        idx += OPAQUE32_LEN;
+#else
+        c32toa((word32)(sess->ticketSeen >> 32), data + idx);
+        idx += OPAQUE32_LEN;
+        c32toa((word32)sess->ticketSeen, data + idx);
+        idx += OPAQUE32_LEN;
+#endif
+        c32toa(sess->ticketAdd, data + idx);
+        idx += OPAQUE32_LEN;
+        data[idx++] = sess->ticketNonce.len;
+        XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len);
+        idx += sess->ticketNonce.len;
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+        c32toa(sess->maxEarlyDataSz, data + idx);
+        idx += OPAQUE32_LEN;
+#endif
+#endif
+#ifdef HAVE_SESSION_TICKET
+        c16toa(sess->ticketLen, data + idx); idx += OPAQUE16_LEN;
+        XMEMCPY(data + idx, sess->ticket, sess->ticketLen);
+        idx += sess->ticketLen;
+#endif
+    }
+#endif
+
+    (void)sess;
+    (void)p;
+#ifdef HAVE_EXT_CACHE
+    (void)idx;
+#endif
+
+    return size;
+}
+
+
+/* TODO: no function to free new session.
+ *
+ * Note: It is expected that the importing and exporting function have been
+ *       built with the same settings. For example if session tickets was
+ *       enabled with the wolfSSL library exporting a session then it is
+ *       expected to be turned on with the wolfSSL library importing the
+ *       session.
+ */
+WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
+                                const unsigned char** p, long i)
+{
+    WOLFSSL_SESSION* s = NULL;
+    int ret = 0;
+#if defined(HAVE_EXT_CACHE)
+    int idx = 0;
+    byte* data;
+#ifdef SESSION_CERTS
+    int j;
+    word16 length;
+#endif
+#endif /* HAVE_EXT_CACHE */
+
+    (void)p;
+    (void)i;
+    (void)ret;
+    (void)sess;
+
+#ifdef HAVE_EXT_CACHE
+    if (p == NULL || *p == NULL)
+        return NULL;
+
+    s = wolfSSL_SESSION_new();
+    if (s == NULL)
+        return NULL;
+
+    idx = 0;
+    data = (byte*)*p;
+
+    /* side | bornOn | timeout | sessionID len */
+    if (i < OPAQUE8_LEN + OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->side = data[idx++];
+    ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN;
+    ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN;
+    s->sessionIDSz = data[idx++];
+
+    /* sessionID | secret | haveEMS | haveAltSessionID */
+    if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN + OPAQUE8_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    XMEMCPY(s->sessionID, data + idx, s->sessionIDSz);
+    idx  += s->sessionIDSz;
+    XMEMCPY(s->masterSecret, data + idx, SECRET_LEN); idx += SECRET_LEN;
+    s->haveEMS = data[idx++];
+    if (data[idx] != ID_LEN && data[idx] != 0) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->haveAltSessionID = data[idx++] == ID_LEN;
+
+    /* altSessionID */
+    if (s->haveAltSessionID) {
+        if (i - idx < ID_LEN) {
+            ret = BUFFER_ERROR;
+            goto end;
+        }
+        XMEMCPY(s->altSessionID, data + idx, ID_LEN); idx += ID_LEN;
+    }
+
+#ifdef SESSION_CERTS
+    /* Certificate chain */
+    if (i - idx == 0) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->chain.count = data[idx++];
+    for (j = 0; j < s->chain.count; j++) {
+        if (i - idx < OPAQUE16_LEN) {
+            ret = BUFFER_ERROR;
+            goto end;
+        }
+        ato16(data + idx, &length); idx += OPAQUE16_LEN;
+        s->chain.certs[j].length = length;
+        if (i - idx < length) {
+            ret = BUFFER_ERROR;
+            goto end;
+        }
+        XMEMCPY(s->chain.certs[j].buffer, data + idx, length);
+        idx += length;
+    }
+#endif
+#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
+                               defined(HAVE_SESSION_TICKET))
+    /* Protocol Version */
+    if (i - idx < OPAQUE16_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->version.major = data[idx++];
+    s->version.minor = data[idx++];
+#endif
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+    /* Cipher suite */
+    if (i - idx < OPAQUE16_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->cipherSuite0 = data[idx++];
+    s->cipherSuite = data[idx++];
+#endif
+#ifndef NO_CLIENT_CACHE
+    /* ServerID len */
+    if (i - idx < OPAQUE16_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN;
+
+    /* ServerID */
+    if (i - idx < s->idLen) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen;
+#endif
+#ifdef WOLFSSL_SESSION_ID_CTX
+    /* byte for length of session context ID */
+    if (i - idx < OPAQUE8_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->sessionCtxSz = data[idx++];
+
+    /* app session context ID */
+    if (i - idx < s->sessionCtxSz) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    XMEMCPY(s->sessionCtx, data + idx, s->sessionCtxSz); idx += s->sessionCtxSz;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    /* byte for peerVerifyRet */
+    if (i - idx < OPAQUE8_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->peerVerifyRet = data[idx++];
+#endif
+#ifdef WOLFSSL_TLS13
+    if (i - idx < OPAQUE16_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    ato16(data + idx, &s->namedGroup);
+    idx += OPAQUE16_LEN;
+#endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+#ifdef WOLFSSL_TLS13
+    if (i - idx < (OPAQUE32_LEN * 2)) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+#ifdef WOLFSSL_32BIT_MILLI_TIME
+    ato32(data + idx, &s->ticketSeen);
+    idx += OPAQUE32_LEN;
+#else
+    {
+        word32 seenHi, seenLo;
+
+        ato32(data + idx, &seenHi);
+        idx += OPAQUE32_LEN;
+        ato32(data + idx, &seenLo);
+        idx += OPAQUE32_LEN;
+        s->ticketSeen = ((sword64)seenHi << 32) + seenLo;
+    }
+#endif
+    ato32(data + idx, &s->ticketAdd);
+    idx += OPAQUE32_LEN;
+    if (i - idx < OPAQUE8_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    s->ticketNonce.len = data[idx++];
+
+    if (i - idx < s->ticketNonce.len) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+#if defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                     \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    ret = SessionTicketNoncePopulate(s, data + idx, s->ticketNonce.len);
+    if (ret != 0)
+        goto end;
+#else
+    if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    XMEMCPY(s->ticketNonce.data, data + idx, s->ticketNonce.len);
+#endif /* defined(WOLFSSL_TICKET_NONCE_MALLOC) && FIPS_VERSION_GE(5,3) */
+
+    idx += s->ticketNonce.len;
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+    if (i - idx < OPAQUE32_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    ato32(data + idx, &s->maxEarlyDataSz);
+    idx += OPAQUE32_LEN;
+#endif
+#endif
+#ifdef HAVE_SESSION_TICKET
+    /* ticket len */
+    if (i - idx < OPAQUE16_LEN) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    ato16(data + idx, &s->ticketLen); idx += OPAQUE16_LEN;
+
+    /* Dispose of ol dynamic ticket and ensure space for new ticket. */
+    if (s->ticketLenAlloc > 0) {
+        XFREE(s->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
+    }
+    if (s->ticketLen <= SESSION_TICKET_LEN)
+        s->ticket = s->staticTicket;
+    else {
+        s->ticket = (byte*)XMALLOC(s->ticketLen, NULL,
+                                   DYNAMIC_TYPE_SESSION_TICK);
+        if (s->ticket == NULL) {
+            ret = MEMORY_ERROR;
+            goto end;
+        }
+        s->ticketLenAlloc = (word16)s->ticketLen;
+    }
+
+    /* ticket */
+    if (i - idx < s->ticketLen) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
+    XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen;
+#endif
+    (void)idx;
+
+    if (sess != NULL) {
+        *sess = s;
+    }
+
+    s->isSetup = 1;
+
+    *p += idx;
+
+end:
+    if (ret != 0 && (sess == NULL || *sess != s)) {
+        wolfSSL_FreeSession(NULL, s);
+        s = NULL;
+    }
+#endif /* HAVE_EXT_CACHE */
+    return s;
+}
+
+/* Check if there is a session ticket associated with this WOLFSSL_SESSION.
+ *
+ * sess - pointer to WOLFSSL_SESSION struct
+ *
+ * Returns 1 if has session ticket, otherwise 0 */
+int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket");
+#ifdef HAVE_SESSION_TICKET
+    sess = ClientSessionToSession(sess);
+    if (sess) {
+        if ((sess->ticketLen > 0) && (sess->ticket != NULL)) {
+            return WOLFSSL_SUCCESS;
+        }
+    }
+#else
+    (void)sess;
+#endif
+    return WOLFSSL_FAILURE;
+}
+
+unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
+                  const WOLFSSL_SESSION* sess)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ticket_lifetime_hint");
+    sess = ClientSessionToSession(sess);
+    if (sess) {
+        return sess->timeout;
+    }
+    return 0;
+}
+
+long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
+{
+    long timeout = 0;
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
+    sess = ClientSessionToSession(sess);
+    if (sess)
+        timeout = sess->timeout;
+    return timeout;
+}
+
+long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
+{
+    word32 tmptime;
+
+    ses = ClientSessionToSession(ses);
+    if (ses == NULL || t < 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    tmptime = t & 0xFFFFFFFF;
+    ses->timeout = tmptime;
+
+    return WOLFSSL_SUCCESS;
+}
+
+long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
+{
+    long bornOn = 0;
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
+    sess = ClientSessionToSession(sess);
+    if (sess)
+        bornOn = sess->bornOn;
+    return bornOn;
+}
+
+long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t)
+{
+
+    ses = ClientSessionToSession(ses);
+    if (ses == NULL || t < 0) {
+        return 0;
+    }
+    ses->bornOn = (word32)t;
+    return t;
+}
+
+#endif /* !NO_SESSION_CACHE && (OPENSSL_EXTRA || HAVE_EXT_CACHE) */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
+    defined(HAVE_EX_DATA)
+
+#if defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
+static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
+        void* data, byte get, void** getRet, int* setRet)
+{
+    int row;
+    int i;
+    int error = 0;
+    SessionRow* sessRow = NULL;
+    const byte* id;
+    byte foundCache = 0;
+
+    if (getRet != NULL)
+        *getRet = NULL;
+    if (setRet != NULL)
+        *setRet = WOLFSSL_FAILURE;
+
+    id = session->sessionID;
+    if (session->haveAltSessionID)
+        id = session->altSessionID;
+    else if (session->sessionIDSz != ID_LEN) {
+        WOLFSSL_MSG("Incorrect sessionIDSz");
+        return;
+    }
+
+    row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS);
+    if (error != 0) {
+        WOLFSSL_MSG("Hash session failed");
+        return;
+    }
+
+    sessRow = &SessionCache[row];
+    if (get)
+        error = SESSION_ROW_RD_LOCK(sessRow);
+    else
+        error = SESSION_ROW_WR_LOCK(sessRow);
+    if (error != 0) {
+        WOLFSSL_MSG("Session row lock failed");
+        return;
+    }
+
+    for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) {
+        WOLFSSL_SESSION* cacheSession;
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+        cacheSession = sessRow->Sessions[i];
+#else
+        cacheSession = &sessRow->Sessions[i];
+#endif
+        if (cacheSession && cacheSession->sessionIDSz == ID_LEN &&
+                XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0
+                && session->side == cacheSession->side
+        #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
+                && (IsAtLeastTLSv1_3(session->version) ==
+                    IsAtLeastTLSv1_3(cacheSession->version))
+        #endif
+            ) {
+            if (get) {
+                if (getRet) {
+                    *getRet = wolfSSL_CRYPTO_get_ex_data(
+                        &cacheSession->ex_data, idx);
+                }
+            }
+            else {
+                if (setRet) {
+                    *setRet = wolfSSL_CRYPTO_set_ex_data(
+                        &cacheSession->ex_data, idx, data);
+                }
+            }
+            foundCache = 1;
+            break;
+        }
+    }
+    SESSION_ROW_UNLOCK(sessRow);
+    /* If we don't have a session in cache then clear the ex_data and
+     * own it */
+    if (!foundCache) {
+        XMEMSET(&session->ex_data, 0, sizeof(WOLFSSL_CRYPTO_EX_DATA));
+        session->ownExData = 1;
+        if (!get) {
+            *setRet = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx,
+                    data);
+        }
+    }
+
+}
+#endif
+
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
+    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+
+#ifndef NO_SESSION_CACHE
+int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s)
+{
+#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
+    int rem_called = FALSE;
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_SSL_CTX_remove_session");
+
+    s = ClientSessionToSession(s);
+    if (ctx == NULL || s == NULL)
+        return BAD_FUNC_ARG;
+
+#ifdef HAVE_EXT_CACHE
+    if (!ctx->internalCacheOff)
+#endif
+    {
+        const byte* id;
+        WOLFSSL_SESSION *sess = NULL;
+        word32 row = 0;
+        int ret;
+
+        id = s->sessionID;
+        if (s->haveAltSessionID)
+            id = s->altSessionID;
+
+        ret = TlsSessionCacheGetAndWrLock(id, &sess, &row, ctx->method->side);
+        if (ret == 0 && sess != NULL) {
+#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
+            if (sess->rem_sess_cb != NULL) {
+                rem_called = TRUE;
+            }
+#endif
+            /* Call this before changing ownExData so that calls to ex_data
+             * don't try to access the SessionCache again. */
+            EvictSessionFromCache(sess);
+#ifdef HAVE_EX_DATA
+            if (sess->ownExData) {
+                /* Most recent version of ex data is in cache. Copy it
+                 * over so the user can free it. */
+                XMEMCPY(&s->ex_data, &sess->ex_data,
+                        sizeof(WOLFSSL_CRYPTO_EX_DATA));
+                s->ownExData = 1;
+                sess->ownExData = 0;
+            }
+#endif
+#ifdef SESSION_CACHE_DYNAMIC_MEM
+            {
+                /* Find and clear entry. Row is locked so we are good to go. */
+                int idx;
+                for (idx = 0; idx < SESSIONS_PER_ROW; idx++) {
+                    if (sess == SessionCache[row].Sessions[idx]) {
+                        XFREE(sess, sess->heap, DYNAMIC_TYPE_SESSION);
+                        SessionCache[row].Sessions[idx] = NULL;
+                        break;
+                    }
+                }
+            }
+#endif
+            TlsSessionCacheUnlockRow(row);
+        }
+    }
+
+#if defined(HAVE_EXT_CACHE) || defined(HAVE_EX_DATA)
+    if (ctx->rem_sess_cb != NULL && !rem_called) {
+        ctx->rem_sess_cb(ctx, s);
+    }
+#endif
+
+    /* s cannot be resumed at this point */
+    s->timeout = 0;
+
+    return 0;
+}
+
+WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl)
+{
+    WOLFSSL_ENTER("wolfSSL_SSL_get0_session");
+
+    return ssl->session;
+}
+
+#endif /* NO_SESSION_CACHE */
+
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
+    OPENSSL_EXTRA || HAVE_LIGHTY */
+
+#ifdef WOLFSSL_SESSION_EXPORT
+/* Used to import a serialized TLS session.
+ * WARNING: buf contains sensitive information about the state and is best to be
+ *          encrypted before storing if stored.
+ *
+ * @param ssl WOLFSSL structure to import the session into
+ * @param buf serialized session
+ * @param sz  size of buffer 'buf'
+ * @return the number of bytes read from buffer 'buf'
+ */
+int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)
+{
+    if (ssl == NULL || buf == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS);
+}
+
+
+/* Used to export a serialized TLS session.
+ * WARNING: buf contains sensitive information about the state and is best to be
+ *          encrypted before storing if stored.
+ *
+ * @param ssl WOLFSSL structure to export the session from
+ * @param buf output of serialized session
+ * @param sz  size in bytes set in 'buf'
+ * @return the number of bytes written into buffer 'buf'
+ */
+int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
+{
+    if (ssl == NULL || sz == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS);
+}
+
+#ifdef WOLFSSL_DTLS
+int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)
+{
+    WOLFSSL_ENTER("wolfSSL_session_import");
+
+    if (ssl == NULL || buf == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* sanity checks on buffer and protocol are done in internal function */
+    return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS);
+}
+
+
+/* Sets the function to call for serializing the session. This function is
+ * called right after the handshake is completed. */
+int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func)
+{
+
+    WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export");
+
+    /* purposefully allow func to be NULL */
+    if (ctx == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ctx->dtls_export = func;
+
+    return WOLFSSL_SUCCESS;
+}
+
+/* Sets the function in WOLFSSL struct to call for serializing the session. This
+ * function is called right after the handshake is completed. */
+int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func)
+{
+
+    WOLFSSL_ENTER("wolfSSL_dtls_set_export");
+
+    /* purposefully allow func to be NULL */
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ssl->dtls_export = func;
+
+    return WOLFSSL_SUCCESS;
+}
+
+
+/* This function allows for directly serializing a session rather than using
+ * callbacks. It has less overhead by removing a temporary buffer and gives
+ * control over when the session gets serialized. When using callbacks the
+ * session is always serialized immediately after the handshake is finished.
+ *
+ * buf is the argument to contain the serialized session
+ * sz  is the size of the buffer passed in
+ * ssl is the WOLFSSL struct to serialize
+ * returns the size of serialized session on success, 0 on no action, and
+ *         negative value on error */
+int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
+{
+    WOLFSSL_ENTER("wolfSSL_dtls_export");
+
+    if (ssl == NULL || sz == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (buf == NULL) {
+        *sz = MAX_EXPORT_BUFFER;
+        return 0;
+    }
+
+    /* if not DTLS do nothing */
+    if (!ssl->options.dtls) {
+        WOLFSSL_MSG("Currently only DTLS export is supported");
+        return 0;
+    }
+
+    /* copy over keys, options, and dtls state struct */
+    return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS);
+}
+
+
+/* This function is similar to wolfSSL_dtls_export but only exports the portion
+ * of the WOLFSSL structure related to the state of the connection, i.e. peer
+ * sequence number, epoch, AEAD state etc.
+ *
+ * buf is the argument to contain the serialized state, if null then set "sz" to
+ *     buffer size required
+ * sz  is the size of the buffer passed in
+ * ssl is the WOLFSSL struct to serialize
+ * returns the size of serialized session on success, 0 on no action, and
+ *         negative value on error */
+int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf,
+        unsigned int* sz)
+{
+    WOLFSSL_ENTER("wolfSSL_dtls_export_state_only");
+
+    if (ssl == NULL || sz == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (buf == NULL) {
+        *sz = MAX_EXPORT_STATE_BUFFER;
+        return 0;
+    }
+
+    /* if not DTLS do nothing */
+    if (!ssl->options.dtls) {
+        WOLFSSL_MSG("Currently only DTLS export state is supported");
+        return 0;
+    }
+
+    /* copy over keys, options, and dtls state struct */
+    return wolfSSL_dtls_export_state_internal(ssl, buf, *sz);
+}
+
+
+/* returns 0 on success */
+int wolfSSL_send_session(WOLFSSL* ssl)
+{
+    int ret;
+    byte* buf;
+    word32 bufSz = MAX_EXPORT_BUFFER;
+
+    WOLFSSL_ENTER("wolfSSL_send_session");
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf == NULL) {
+        return MEMORY_E;
+    }
+
+    /* if not DTLS do nothing */
+    if (!ssl->options.dtls) {
+        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        WOLFSSL_MSG("Currently only DTLS export is supported");
+        return 0;
+    }
+
+    /* copy over keys, options, and dtls state struct */
+    ret = wolfSSL_session_export_internal(ssl, buf, &bufSz,
+        WOLFSSL_EXPORT_DTLS);
+    if (ret < 0) {
+        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        return ret;
+    }
+
+    /* if no error ret has size of buffer */
+    ret = ssl->dtls_export(ssl, buf, ret, NULL);
+    if (ret != WOLFSSL_SUCCESS) {
+        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        return ret;
+    }
+
+    XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    return 0;
+}
+#endif /* WOLFSSL_DTLS */
+#endif /* WOLFSSL_SESSION_EXPORT */
+
+#ifdef OPENSSL_EXTRA
+
+/* Copies the master secret over to out buffer. If outSz is 0 returns the size
+ * of master secret.
+ *
+ * ses : a session from completed TLS/SSL handshake
+ * out : buffer to hold copy of master secret
+ * outSz : size of out buffer
+ * returns : number of bytes copied into out buffer on success
+ *           less then or equal to 0 is considered a failure case
+ */
+int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
+        unsigned char* out, int outSz)
+{
+    int size;
+
+    ses = ClientSessionToSession(ses);
+
+    if (outSz == 0) {
+        return SECRET_LEN;
+    }
+
+    if (ses == NULL || out == NULL || outSz < 0) {
+        return 0;
+    }
+
+    if (outSz > SECRET_LEN) {
+        size = SECRET_LEN;
+    }
+    else {
+        size = outSz;
+    }
+
+    XMEMCPY(out, ses->masterSecret, (size_t)size);
+    return size;
+}
+
+
+int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
+{
+    (void)ses;
+    return SECRET_LEN;
+}
+
+#ifdef WOLFSSL_EARLY_DATA
+unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session)
+{
+    return session->maxEarlyDataSz;
+}
+#endif /* WOLFSSL_EARLY_DATA */
+
+#endif /* OPENSSL_EXTRA */
+
+void SetupSession(WOLFSSL* ssl)
+{
+    WOLFSSL_SESSION* session = ssl->session;
+
+    WOLFSSL_ENTER("SetupSession");
+
+    if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) {
+        /* Make sure the session ID is available when the user calls any
+         * get_session API */
+        if (!session->haveAltSessionID) {
+            XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
+            session->sessionIDSz = ssl->arrays->sessionIDSz;
+        }
+        else {
+            XMEMCPY(session->sessionID, session->altSessionID, ID_LEN);
+            session->sessionIDSz = ID_LEN;
+        }
+    }
+    session->side = (byte)ssl->options.side;
+    if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
+        XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
+    session->haveEMS = ssl->options.haveEMS;
+#ifdef WOLFSSL_SESSION_ID_CTX
+    /* If using compatibility layer then check for and copy over session context
+     * id. */
+    if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) {
+        XMEMCPY(ssl->session->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz);
+        session->sessionCtxSz = ssl->sessionCtxSz;
+    }
+#endif
+    session->timeout = ssl->timeout;
+#ifndef NO_ASN_TIME
+    session->bornOn  = LowResTimer();
+#endif
+#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
+                               defined(HAVE_SESSION_TICKET))
+    session->version = ssl->version;
+#endif
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+    session->cipherSuite0 = ssl->options.cipherSuite0;
+    session->cipherSuite = ssl->options.cipherSuite;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    session->peerVerifyRet = (byte)ssl->peerVerifyRet;
+#endif
+    session->isSetup = 1;
+}
+
+#ifdef WOLFSSL_SESSION_ID_CTX
+    /* Storing app session context id, this value is inherited by WOLFSSL
+     * objects created from WOLFSSL_CTX. Any session that is imported with a
+     * different session context id will be rejected.
+     *
+     * ctx         structure to set context in
+     * sid_ctx     value of context to set
+     * sid_ctx_len length of sid_ctx buffer
+     *
+     * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing
+     */
+    int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
+                                           const unsigned char* sid_ctx,
+                                           unsigned int sid_ctx_len)
+    {
+        WOLFSSL_ENTER("wolfSSL_CTX_set_session_id_context");
+
+        /* No application specific context needed for wolfSSL */
+        if (sid_ctx_len > ID_LEN || ctx == NULL || sid_ctx == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+        XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len);
+        ctx->sessionCtxSz = (byte)sid_ctx_len;
+
+        return WOLFSSL_SUCCESS;
+    }
+
+
+
+    /* Storing app session context id. Any session that is imported with a
+     * different session context id will be rejected.
+     *
+     * ssl  structure to set context in
+     * id   value of context to set
+     * len  length of sid_ctx buffer
+     *
+     * Returns WOLFSSL_SUCCESS in success case and WOLFSSL_FAILURE when failing
+     */
+    int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
+                                   unsigned int len)
+    {
+        WOLFSSL_ENTER("wolfSSL_set_session_id_context");
+
+        if (len > ID_LEN || ssl == NULL || id == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+        XMEMCPY(ssl->sessionCtx, id, len);
+        ssl->sessionCtxSz = (byte)len;
+
+        return WOLFSSL_SUCCESS;
+    }
+#endif
+
+/* return a new malloc'd session with default settings on success */
+WOLFSSL_SESSION* wolfSSL_NewSession(void* heap)
+{
+    WOLFSSL_SESSION* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_NewSession");
+
+    ret = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), heap,
+            DYNAMIC_TYPE_SESSION);
+    if (ret != NULL) {
+        int err;
+        XMEMSET(ret, 0, sizeof(WOLFSSL_SESSION));
+        wolfSSL_RefInit(&ret->ref, &err);
+    #ifdef WOLFSSL_REFCNT_ERROR_RETURN
+        if (err != 0) {
+            WOLFSSL_MSG("Error setting up session reference mutex");
+            XFREE(ret, ret->heap, DYNAMIC_TYPE_SESSION);
+            return NULL;
+        }
+    #else
+        (void)err;
+    #endif
+#ifndef NO_SESSION_CACHE
+        ret->cacheRow = INVALID_SESSION_ROW; /* not in cache */
+#endif
+        ret->type = WOLFSSL_SESSION_TYPE_HEAP;
+        ret->heap = heap;
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+        wc_MemZero_Add("SESSION master secret", ret->masterSecret, SECRET_LEN);
+        wc_MemZero_Add("SESSION id", ret->sessionID, ID_LEN);
+#endif
+    #ifdef HAVE_SESSION_TICKET
+        ret->ticket = ret->staticTicket;
+        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&  \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret->ticketNonce.data = ret->ticketNonce.dataStatic;
+        #endif
+    #endif
+#ifdef HAVE_EX_DATA
+        ret->ownExData = 1;
+        #ifdef HAVE_EX_DATA_CRYPTO
+        if (crypto_ex_cb_ctx_session != NULL) {
+            crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session,
+                    &ret->ex_data);
+        }
+        #endif
+#endif
+    }
+    return ret;
+}
+
+
+WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap)
+{
+    return wolfSSL_NewSession(heap);
+}
+
+WOLFSSL_SESSION* wolfSSL_SESSION_new(void)
+{
+    return wolfSSL_SESSION_new_ex(NULL);
+}
+
+/* add one to session reference count
+ * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */
+int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session)
+{
+    int ret;
+
+    session = ClientSessionToSession(session);
+
+    if (session == NULL || session->type != WOLFSSL_SESSION_TYPE_HEAP)
+        return WOLFSSL_FAILURE;
+
+    wolfSSL_RefInc(&session->ref, &ret);
+#ifdef WOLFSSL_REFCNT_ERROR_RETURN
+    if (ret != 0) {
+        WOLFSSL_MSG("Failed to lock session mutex");
+        return WOLFSSL_FAILURE;
+    }
+#else
+    (void)ret;
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+
+/**
+ * Deep copy the contents from input to output.
+ * @param input         The source of the copy.
+ * @param output        The destination of the copy.
+ * @param avoidSysCalls If true, then system calls will be avoided or an error
+ *                      will be returned if it is not possible to proceed
+ *                      without a system call. This is useful for fetching
+ *                      sessions from cache. When a cache row is locked, we
+ *                      don't want to block other threads with long running
+ *                      system calls.
+ * @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the
+ *                      ticketNonce will happen in this pre allocated buffer
+ * @param ticketNonceLen @ticketNonceBuf len as input, used length on output
+ * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket nonce
+ * @return              WOLFSSL_SUCCESS on success
+ *                      WOLFSSL_FAILURE on failure
+ */
+static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
+    WOLFSSL_SESSION* output, int avoidSysCalls, byte* ticketNonceBuf,
+    byte* ticketNonceLen, byte* preallocUsed)
+{
+#ifdef HAVE_SESSION_TICKET
+    word16 ticLenAlloc = 0;
+    byte *ticBuff = NULL;
+#endif
+    const size_t copyOffset = WC_OFFSETOF(WOLFSSL_SESSION, heap) +
+        sizeof(input->heap);
+    int ret = WOLFSSL_SUCCESS;
+
+    (void)avoidSysCalls;
+    (void)ticketNonceBuf;
+    (void)ticketNonceLen;
+    (void)preallocUsed;
+
+    input = ClientSessionToSession(input);
+    output = ClientSessionToSession(output);
+
+    if (input == NULL || output == NULL || input == output) {
+        WOLFSSL_MSG("input or output are null or same");
+        return WOLFSSL_FAILURE;
+    }
+
+#ifdef HAVE_SESSION_TICKET
+    if (output->ticket != output->staticTicket) {
+        ticBuff = output->ticket;
+        ticLenAlloc = output->ticketLenAlloc;
+    }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        /* free the data, it would be better to reuse the buffer but this
+         * maintain the code simpler. A smart allocator should reuse the free'd
+         * buffer in the next malloc without much performance penalties. */
+    if (output->ticketNonce.data != output->ticketNonce.dataStatic) {
+
+        /*  Callers that avoid syscall should never calls this with
+         * output->tickeNonce.data being a dynamic buffer.*/
+        if (avoidSysCalls) {
+            WOLFSSL_MSG("can't avoid syscalls with dynamic TicketNonce buffer");
+            return WOLFSSL_FAILURE;
+        }
+
+        XFREE(output->ticketNonce.data,
+            output->heap, DYNAMIC_TYPE_SESSION_TICK);
+        output->ticketNonce.data = output->ticketNonce.dataStatic;
+        output->ticketNonce.len = 0;
+    }
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+#endif /* HAVE_SESSION_TICKET */
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (output->peer != NULL) {
+        if (avoidSysCalls) {
+            WOLFSSL_MSG("Can't free cert when avoiding syscalls");
+            return WOLFSSL_FAILURE;
+        }
+        wolfSSL_X509_free(output->peer);
+        output->peer = NULL;
+    }
+#endif
+
+    XMEMCPY((byte*)output + copyOffset, (byte*)input + copyOffset,
+            sizeof(WOLFSSL_SESSION) - copyOffset);
+
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    /* fix pointer to static after the copy  */
+    output->ticketNonce.data = output->ticketNonce.dataStatic;
+#endif
+    /* Set sane values for copy */
+#ifndef NO_SESSION_CACHE
+    if (output->type != WOLFSSL_SESSION_TYPE_CACHE)
+        output->cacheRow = INVALID_SESSION_ROW;
+#endif
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (input->peer != NULL && input->peer->dynamicMemory) {
+        if (wolfSSL_X509_up_ref(input->peer) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Can't increase peer cert ref count");
+            output->peer = NULL;
+        }
+    }
+    else if (!avoidSysCalls)
+        output->peer = wolfSSL_X509_dup(input->peer);
+    else
+        /* output->peer is not that important to copy */
+        output->peer = NULL;
+#endif
+#ifdef HAVE_SESSION_TICKET
+    if (input->ticketLen > SESSION_TICKET_LEN) {
+        /* Need dynamic buffer */
+        if (ticBuff == NULL || ticLenAlloc < input->ticketLen) {
+            /* allocate new one */
+            byte* tmp;
+            if (avoidSysCalls) {
+                WOLFSSL_MSG("Failed to allocate memory for ticket when avoiding"
+                        " syscalls");
+                output->ticket = ticBuff;
+                output->ticketLenAlloc = (word16) ticLenAlloc;
+                output->ticketLen = 0;
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+#ifdef WOLFSSL_NO_REALLOC
+                tmp = (byte*)XMALLOC(input->ticketLen,
+                        output->heap, DYNAMIC_TYPE_SESSION_TICK);
+                XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+                ticBuff = NULL;
+#else
+                tmp = (byte*)XREALLOC(ticBuff, input->ticketLen,
+                        output->heap, DYNAMIC_TYPE_SESSION_TICK);
+#endif /* WOLFSSL_NO_REALLOC */
+                if (tmp == NULL) {
+                    WOLFSSL_MSG("Failed to allocate memory for ticket");
+#ifndef WOLFSSL_NO_REALLOC
+                    XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+                    ticBuff = NULL;
+#endif /* WOLFSSL_NO_REALLOC */
+                    output->ticket = NULL;
+                    output->ticketLen = 0;
+                    output->ticketLenAlloc = 0;
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    ticBuff = tmp;
+                    ticLenAlloc = input->ticketLen;
+                }
+            }
+        }
+        if (ticBuff != NULL && ret == WOLFSSL_SUCCESS) {
+            XMEMCPY(ticBuff, input->ticket, input->ticketLen);
+            output->ticket = ticBuff;
+            output->ticketLenAlloc = (word16) ticLenAlloc;
+        }
+    }
+    else {
+        /* Default ticket to non dynamic */
+        if (avoidSysCalls) {
+            /* Try to use ticBuf if available. Caller can later move it to
+             * the static buffer. */
+            if (ticBuff != NULL) {
+                if (ticLenAlloc >= input->ticketLen) {
+                    output->ticket = ticBuff;
+                    output->ticketLenAlloc = ticLenAlloc;
+                }
+                else {
+                    WOLFSSL_MSG("ticket dynamic buffer too small but we are "
+                                "avoiding system calls");
+                    ret = WOLFSSL_FAILURE;
+                    output->ticket = ticBuff;
+                    output->ticketLenAlloc = (word16) ticLenAlloc;
+                    output->ticketLen = 0;
+                }
+            }
+            else {
+                output->ticket = output->staticTicket;
+                output->ticketLenAlloc = 0;
+            }
+        }
+        else {
+            XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK);
+            output->ticket = output->staticTicket;
+            output->ticketLenAlloc = 0;
+        }
+        if (input->ticketLenAlloc > 0 && ret == WOLFSSL_SUCCESS) {
+            /* Shouldn't happen as session should have placed this in
+             * the static buffer */
+            XMEMCPY(output->ticket, input->ticket,
+                    input->ticketLen);
+        }
+    }
+    ticBuff = NULL;
+
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    if (preallocUsed != NULL)
+        *preallocUsed = 0;
+
+    if (input->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ &&
+        ret == WOLFSSL_SUCCESS) {
+        /* TicketNonce does not fit in the static buffer */
+        if (!avoidSysCalls) {
+            output->ticketNonce.data = (byte*)XMALLOC(input->ticketNonce.len,
+                output->heap, DYNAMIC_TYPE_SESSION_TICK);
+
+            if (output->ticketNonce.data == NULL) {
+                WOLFSSL_MSG("Failed to allocate space for ticket nonce");
+                output->ticketNonce.data = output->ticketNonce.dataStatic;
+                output->ticketNonce.len = 0;
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                output->ticketNonce.len = input->ticketNonce.len;
+                XMEMCPY(output->ticketNonce.data, input->ticketNonce.data,
+                    input->ticketNonce.len);
+                ret = WOLFSSL_SUCCESS;
+            }
+        }
+        /* we can't do syscalls. Use prealloc buffers if provided from the
+         * caller. */
+        else if (ticketNonceBuf != NULL &&
+                 *ticketNonceLen >= input->ticketNonce.len) {
+            XMEMCPY(ticketNonceBuf, input->ticketNonce.data,
+                input->ticketNonce.len);
+            *ticketNonceLen = input->ticketNonce.len;
+            if (preallocUsed != NULL)
+                *preallocUsed = 1;
+            ret = WOLFSSL_SUCCESS;
+        }
+        else {
+            WOLFSSL_MSG("TicketNonce bigger than static buffer, and we can't "
+                        "do syscalls");
+            ret = WOLFSSL_FAILURE;
+        }
+    }
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+
+#endif /* HAVE_SESSION_TICKET */
+
+#ifdef HAVE_EX_DATA_CRYPTO
+    if (input->type != WOLFSSL_SESSION_TYPE_CACHE &&
+            output->type != WOLFSSL_SESSION_TYPE_CACHE) {
+        /* Not called with cache as that passes ownership of ex_data */
+        ret = crypto_ex_cb_dup_data(&input->ex_data, &output->ex_data,
+                                    crypto_ex_cb_ctx_session);
+    }
+#endif
+
+    return ret;
+}
+
+/**
+ * Deep copy the contents from input to output.
+ * @param input         The source of the copy.
+ * @param output        The destination of the copy.
+ * @param avoidSysCalls If true, then system calls will be avoided or an error
+ *                      will be returned if it is not possible to proceed
+ *                      without a system call. This is useful for fetching
+ *                      sessions from cache. When a cache row is locked, we
+ *                      don't want to block other threads with long running
+ *                      system calls.
+ * @return              WOLFSSL_SUCCESS on success
+ *                      WOLFSSL_FAILURE on failure
+ */
+int wolfSSL_DupSession(const WOLFSSL_SESSION* input, WOLFSSL_SESSION* output,
+        int avoidSysCalls)
+{
+    return wolfSSL_DupSessionEx(input, output, avoidSysCalls, NULL, NULL, NULL);
+}
+
+WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
+{
+    WOLFSSL_SESSION* copy;
+
+    WOLFSSL_ENTER("wolfSSL_SESSION_dup");
+
+    session = ClientSessionToSession(session);
+    if (session == NULL)
+        return NULL;
+
+#ifdef HAVE_SESSION_TICKET
+    if (session->ticketLenAlloc > 0 && !session->ticket) {
+        WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null");
+        return NULL;
+    }
+#endif
+
+    copy = wolfSSL_NewSession(session->heap);
+    if (copy != NULL &&
+            wolfSSL_DupSession(session, copy, 0) != WOLFSSL_SUCCESS) {
+        wolfSSL_FreeSession(NULL, copy);
+        copy = NULL;
+    }
+    return copy;
+}
+
+void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
+{
+    session = ClientSessionToSession(session);
+    if (session == NULL)
+        return;
+
+    (void)ctx;
+
+    WOLFSSL_ENTER("wolfSSL_FreeSession");
+
+    if (session->ref.count > 0) {
+        int ret;
+        int isZero;
+        wolfSSL_RefDec(&session->ref, &isZero, &ret);
+        (void)ret;
+        if (!isZero) {
+            return;
+        }
+        wolfSSL_RefFree(&session->ref);
+    }
+
+    WOLFSSL_MSG("wolfSSL_FreeSession full free");
+
+#ifdef HAVE_EX_DATA_CRYPTO
+    if (session->ownExData) {
+        crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session,
+                &session->ex_data);
+    }
+#endif
+
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+    wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data);
+#endif
+
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (session->peer) {
+        wolfSSL_X509_free(session->peer);
+        session->peer = NULL;
+    }
+#endif
+
+#ifdef HAVE_SESSION_TICKET
+    if (session->ticketLenAlloc > 0) {
+        XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK);
+        session->ticket = session->staticTicket;
+        session->ticketLen = 0;
+        session->ticketLenAlloc = 0;
+    }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    if (session->ticketNonce.data != session->ticketNonce.dataStatic) {
+        XFREE(session->ticketNonce.data, session->heap,
+            DYNAMIC_TYPE_SESSION_TICK);
+        session->ticketNonce.data = session->ticketNonce.dataStatic;
+        session->ticketNonce.len = 0;
+    }
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
+#endif
+
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+    wolfSSL_CRYPTO_cleanup_ex_data(&session->ex_data);
+#endif
+
+    /* Make sure masterSecret is zeroed. */
+    ForceZero(session->masterSecret, SECRET_LEN);
+    /* Session ID is sensitive information too. */
+    ForceZero(session->sessionID, ID_LEN);
+
+    if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {
+        XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */
+    }
+}
+
+/* DO NOT use this API internally. Use wolfSSL_FreeSession directly instead
+ * and pass in the ctx parameter if possible (like from ssl->ctx). */
+void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
+{
+    session = ClientSessionToSession(session);
+    wolfSSL_FreeSession(NULL, session);
+}
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
+
+/**
+* set cipher to WOLFSSL_SESSION from WOLFSSL_CIPHER
+* @param session  a pointer to WOLFSSL_SESSION structure
+* @param cipher   a function pointer to WOLFSSL_CIPHER
+* @return WOLFSSL_SUCCESS on success, otherwise WOLFSSL_FAILURE
+*/
+int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
+                                            const WOLFSSL_CIPHER* cipher)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_set_cipher");
+
+    session = ClientSessionToSession(session);
+    /* sanity check */
+    if (session == NULL || cipher == NULL) {
+        WOLFSSL_MSG("bad argument");
+        return WOLFSSL_FAILURE;
+    }
+    session->cipherSuite0 = cipher->cipherSuite0;
+    session->cipherSuite  = cipher->cipherSuite;
+
+    WOLFSSL_LEAVE("wolfSSL_SESSION_set_cipher", WOLFSSL_SUCCESS);
+    return WOLFSSL_SUCCESS;
+}
+#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
+
+const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session)
+{
+    session = ClientSessionToSession(session);
+    if (session == NULL) {
+        return NULL;
+    }
+
+#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
+                        (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+    #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS)
+        return GetCipherNameIana(session->cipherSuite0, session->cipherSuite);
+    #else
+        return GetCipherNameInternal(session->cipherSuite0,
+            session->cipherSuite);
+    #endif
+#else
+    return NULL;
+#endif
+}
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
+const unsigned char *wolfSSL_SESSION_get0_id_context(
+                      const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length)
+{
+    return wolfSSL_SESSION_get_id((WOLFSSL_SESSION *)sess, sid_ctx_length);
+}
+int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s,
+                                 const unsigned char *sid, unsigned int sid_len)
+{
+    if (s == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+    if (sid_len > ID_LEN) {
+        return WOLFSSL_FAILURE;
+    }
+
+    s->sessionIDSz = (byte)sid_len;
+    if (sid != s->sessionID) {
+        XMEMCPY(s->sessionID, sid, sid_len);
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s,
+                         const unsigned char *sid_ctx, unsigned int sid_ctx_len)
+{
+    if (s == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+    if (sid_ctx_len > ID_LEN) {
+        return WOLFSSL_FAILURE;
+    }
+    s->sessionCtxSz = (byte)sid_ctx_len;
+    if (sid_ctx != s->sessionCtx) {
+        XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len);
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+#endif
+
+#ifdef OPENSSL_EXTRA
+
+/* Return the total number of sessions */
+long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
+{
+    word32 total = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_sess_number");
+    (void)ctx;
+
+#if defined(WOLFSSL_SESSION_STATS) && !defined(NO_SESSION_CACHE)
+    if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) !=
+            WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Error getting session stats");
+    }
+#else
+    WOLFSSL_MSG("Please use macro WOLFSSL_SESSION_STATS for session stats");
+#endif
+
+    return (long)total;
+}
+
+#endif
+
+#ifdef SESSION_CERTS
+
+/* get session ID */
+WOLFSSL_ABI
+const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
+{
+    WOLFSSL_ENTER("wolfSSL_get_sessionID");
+    session = ClientSessionToSession(session);
+    if (session)
+        return session->sessionID;
+
+    return NULL;
+}
+
+#endif
+
+#ifdef HAVE_EX_DATA
+
+int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
+#ifdef HAVE_EX_DATA
+    session = ClientSessionToSession(session);
+    if (session != NULL) {
+#ifndef NO_SESSION_CACHE
+        if (!session->ownExData) {
+            /* Need to update in cache */
+            SESSION_ex_data_cache_update(session, idx, data, 0, NULL, &ret);
+        }
+        else
+#endif
+        {
+            ret = wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, data);
+        }
+    }
+#else
+    (void)session;
+    (void)idx;
+    (void)data;
+#endif
+    return ret;
+}
+
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+int wolfSSL_SESSION_set_ex_data_with_cleanup(
+    WOLFSSL_SESSION* session,
+    int idx,
+    void* data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data_with_cleanup");
+    session = ClientSessionToSession(session);
+    if(session != NULL) {
+        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&session->ex_data, idx,
+                                                       data, cleanup_routine);
+    }
+    return WOLFSSL_FAILURE;
+}
+#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
+
+void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
+{
+    void* ret = NULL;
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
+#ifdef HAVE_EX_DATA
+    session = ClientSessionToSession(session);
+    if (session != NULL) {
+#ifndef NO_SESSION_CACHE
+        if (!session->ownExData) {
+            /* Need to retrieve the data from the session cache */
+            SESSION_ex_data_cache_update((WOLFSSL_SESSION*)session, idx, NULL,
+                                         1, &ret, NULL);
+        }
+        else
+#endif
+        {
+            ret = wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx);
+        }
+    }
+#else
+    (void)session;
+    (void)idx;
+#endif
+    return ret;
+}
+
+#ifdef HAVE_EX_DATA_CRYPTO
+int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
+        WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
+        WOLFSSL_CRYPTO_EX_free* free_func)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
+    return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l,
+            ctx_ptr, new_func, dup_func, free_func);
+}
+#endif /* HAVE_EX_DATA_CRYPTO */
+#endif /* HAVE_EX_DATA */
+
+#if defined(OPENSSL_ALL) || \
+    defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+
+const byte* wolfSSL_SESSION_get_id(const WOLFSSL_SESSION* sess,
+        unsigned int* idLen)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
+    sess = ClientSessionToSession(sess);
+    if (sess == NULL || idLen == NULL) {
+        WOLFSSL_MSG("Bad func args. Please provide idLen");
+        return NULL;
+    }
+#ifdef HAVE_SESSION_TICKET
+    if (sess->haveAltSessionID) {
+        *idLen = ID_LEN;
+        return sess->altSessionID;
+    }
+#endif
+    *idLen = sess->sessionIDSz;
+    return sess->sessionID;
+}
+
+#if (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
+    !defined(NO_FILESYSTEM)
+
+#ifndef NO_BIO
+
+#if defined(SESSION_CERTS) || \
+   (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
+static const char* wolfSSL_internal_get_version(const ProtocolVersion* version);
+
+/* returns a pointer to the protocol used by the session */
+static const char* wolfSSL_SESSION_get_protocol(const WOLFSSL_SESSION* in)
+{
+    in = ClientSessionToSession(in);
+    return wolfSSL_internal_get_version((ProtocolVersion*)&in->version);
+}
+#endif
+
+/* returns true (non 0) if the session has EMS (extended master secret) */
+static int wolfSSL_SESSION_haveEMS(const WOLFSSL_SESSION* in)
+{
+    in = ClientSessionToSession(in);
+    if (in == NULL)
+        return 0;
+    return in->haveEMS;
+}
+
+#if defined(HAVE_SESSION_TICKET)
+/* prints out the ticket to bio passed in
+ * return WOLFSSL_SUCCESS on success
+ */
+static int wolfSSL_SESSION_print_ticket(WOLFSSL_BIO* bio,
+        const WOLFSSL_SESSION* in, const char* tab)
+{
+    unsigned short i, j, z, sz;
+    short tag = 0;
+    byte* pt;
+
+
+    in = ClientSessionToSession(in);
+    if (in == NULL || bio == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    sz = in->ticketLen;
+    pt = in->ticket;
+
+    if (wolfSSL_BIO_printf(bio, "%s\n", (sz == 0)? " NONE": "") <= 0)
+        return WOLFSSL_FAILURE;
+
+    for (i = 0; i < sz;) {
+        char asc[16];
+        XMEMSET(asc, 0, sizeof(asc));
+
+        if (sz - i < 16) {
+            if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag + (sz - i)) <= 0)
+                return WOLFSSL_FAILURE;
+        }
+        else {
+            if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag) <= 0)
+                return WOLFSSL_FAILURE;
+        }
+        for (j = 0; i < sz && j < 8; j++,i++) {
+            asc[j] =  ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
+            if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0)
+                return WOLFSSL_FAILURE;
+        }
+
+        if (i < sz) {
+            asc[j] =  ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
+            if (wolfSSL_BIO_printf(bio, "-%02X", pt[i]) <= 0)
+                return WOLFSSL_FAILURE;
+            j++;
+            i++;
+        }
+
+        for (; i < sz && j < 16; j++,i++) {
+            asc[j] =  ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
+            if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0)
+                return WOLFSSL_FAILURE;
+        }
+
+        /* pad out spacing */
+        for (z = j; z < 17; z++) {
+            if (wolfSSL_BIO_printf(bio, "   ") <= 0)
+                return WOLFSSL_FAILURE;
+        }
+
+        for (z = 0; z < j; z++) {
+            if (wolfSSL_BIO_printf(bio, "%c", asc[z]) <= 0)
+                return WOLFSSL_FAILURE;
+        }
+        if (wolfSSL_BIO_printf(bio, "\n") <= 0)
+            return WOLFSSL_FAILURE;
+
+        tag += 16;
+    }
+    return WOLFSSL_SUCCESS;
+}
+#endif /* HAVE_SESSION_TICKET */
+
+
+/* prints out the session information in human readable form
+ * return WOLFSSL_SUCCESS on success
+ */
+int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *session)
+{
+    const unsigned char* pt;
+    unsigned char buf[SECRET_LEN];
+    unsigned int sz = 0, i;
+    int ret;
+
+    session = ClientSessionToSession(session);
+    if (session == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_printf(bp, "%s\n", "SSL-Session:") <= 0)
+        return WOLFSSL_FAILURE;
+
+#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
+                               defined(HAVE_SESSION_TICKET))
+    if (wolfSSL_BIO_printf(bp, "    Protocol  : %s\n",
+            wolfSSL_SESSION_get_protocol(session)) <= 0)
+        return WOLFSSL_FAILURE;
+#endif
+
+    if (wolfSSL_BIO_printf(bp, "    Cipher    : %s\n",
+            wolfSSL_SESSION_CIPHER_get_name(session)) <= 0)
+        return WOLFSSL_FAILURE;
+
+    pt = wolfSSL_SESSION_get_id(session, &sz);
+    if (wolfSSL_BIO_printf(bp, "    Session-ID: ") <= 0)
+        return WOLFSSL_FAILURE;
+
+    for (i = 0; i < sz; i++) {
+        if (wolfSSL_BIO_printf(bp, "%02X", pt[i]) <= 0)
+            return WOLFSSL_FAILURE;
+    }
+    if (wolfSSL_BIO_printf(bp, "\n") <= 0)
+        return WOLFSSL_FAILURE;
+
+    if (wolfSSL_BIO_printf(bp, "    Session-ID-ctx: \n") <= 0)
+        return WOLFSSL_FAILURE;
+
+    ret = wolfSSL_SESSION_get_master_key(session, buf, sizeof(buf));
+    if (wolfSSL_BIO_printf(bp, "    Master-Key: ") <= 0)
+        return WOLFSSL_FAILURE;
+
+    if (ret > 0) {
+        sz = (unsigned int)ret;
+        for (i = 0; i < sz; i++) {
+            if (wolfSSL_BIO_printf(bp, "%02X", buf[i]) <= 0)
+                return WOLFSSL_FAILURE;
+        }
+    }
+    if (wolfSSL_BIO_printf(bp, "\n") <= 0)
+        return WOLFSSL_FAILURE;
+
+    /* @TODO PSK identity hint and SRP */
+
+    if (wolfSSL_BIO_printf(bp, "    TLS session ticket:") <= 0)
+        return WOLFSSL_FAILURE;
+
+#ifdef HAVE_SESSION_TICKET
+    if (wolfSSL_SESSION_print_ticket(bp, session, "    ") != WOLFSSL_SUCCESS)
+        return WOLFSSL_FAILURE;
+#endif
+
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
+    if (wolfSSL_BIO_printf(bp, "    Start Time: %ld\n",
+                wolfSSL_SESSION_get_time(session)) <= 0)
+        return WOLFSSL_FAILURE;
+
+    if (wolfSSL_BIO_printf(bp, "    Timeout   : %ld (sec)\n",
+            wolfSSL_SESSION_get_timeout(session)) <= 0)
+        return WOLFSSL_FAILURE;
+#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
+
+    /* @TODO verify return code print */
+
+    if (wolfSSL_BIO_printf(bp, "    Extended master secret: %s\n",
+            (wolfSSL_SESSION_haveEMS(session) == 0)? "no" : "yes") <= 0)
+        return WOLFSSL_FAILURE;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#endif /* !NO_BIO */
+#endif /* (HAVE_SESSION_TICKET || SESSION_CERTS) && !NO_FILESYSTEM */
+
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX ||
+        * WOLFSSL_HAPROXY */
+
+#ifdef OPENSSL_EXTRA
+/**
+ * Determine whether a WOLFSSL_SESSION object can be used for resumption
+ * @param s  a pointer to WOLFSSL_SESSION structure
+ * @return return 1 if session is resumable, otherwise 0.
+ */
+int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s)
+{
+    s = ClientSessionToSession(s);
+    if (s == NULL)
+        return 0;
+
+#ifdef HAVE_SESSION_TICKET
+    if (s->ticketLen > 0)
+        return 1;
+#endif
+
+    if (s->sessionIDSz > 0)
+        return 1;
+
+    return 0;
+}
+#endif /* OPENSSL_EXTRA */
+
+#endif /* !WOLFSSL_SSL_SESS_INCLUDED */
+
diff --git a/src/tls.c b/src/tls.c
index a8ee856f7..94eb3f830 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1,6 +1,6 @@
 /* tls.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,11 +48,11 @@
 #ifdef HAVE_CURVE448
     #include <wolfssl/wolfcrypt/curve448.h>
 #endif
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
     #include <wolfssl/wolfcrypt/kyber.h>
 #ifdef WOLFSSL_WC_KYBER
     #include <wolfssl/wolfcrypt/wc_kyber.h>
-#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+#elif defined(HAVE_LIBOQS)
     #include <wolfssl/wolfcrypt/ext_kyber.h>
 #endif
 #endif
@@ -182,10 +182,12 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     byte handshake_hash[HSHASH_SZ];
 #else
     WC_DECLARE_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap);
+    WC_ALLOC_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap);
     if (handshake_hash == NULL)
         return MEMORY_E;
 #endif
 
+    XMEMSET(handshake_hash, 0, HSHASH_SZ);
     ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
     if (ret == 0) {
         if (XSTRNCMP((const char*)sender, (const char*)kTlsClientStr,
@@ -210,7 +212,8 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
             ret = ssl->ctx->TlsFinishedCb(ssl, side, handshake_hash, hashSz,
                                           (byte*)hashes, ctx);
         }
-        if (!ssl->ctx->TlsFinishedCb || ret == PROTOCOLCB_UNAVAILABLE)
+        if (!ssl->ctx->TlsFinishedCb ||
+            ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
         {
             PRIVATE_KEY_UNLOCK();
@@ -298,6 +301,98 @@ ProtocolVersion MakeTLSv1_3(void)
 }
 #endif
 
+#if defined(HAVE_SUPPORTED_CURVES)
+/* Sets the key exchange groups in rank order on a context.
+ *
+ * ctx     SSL/TLS context object.
+ * groups  Array of groups.
+ * count   Number of groups in array.
+ * returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3 or
+ * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
+{
+    int ret, i;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_set_groups");
+    if (ctx == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
+        return BAD_FUNC_ARG;
+    if (!IsTLS_ex(ctx->method->version))
+        return BAD_FUNC_ARG;
+
+    #ifdef WOLFSSL_TLS13
+    ctx->numGroups = 0;
+    #endif
+    #if !defined(NO_TLS)
+    TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
+    #endif /* !NO_TLS */
+    for (i = 0; i < count; i++) {
+        /* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups
+         * are valid */
+        if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i]))
+                != WOLFSSL_SUCCESS) {
+    #if !defined(NO_TLS)
+            TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
+    #endif /* !NO_TLS */
+            return ret;
+        }
+        #ifdef WOLFSSL_TLS13
+        ctx->group[i] = (word16)groups[i];
+        #endif
+    }
+    #ifdef WOLFSSL_TLS13
+    ctx->numGroups = (byte)count;
+    #endif
+
+    return WOLFSSL_SUCCESS;
+}
+
+/* Sets the key exchange groups in rank order.
+ *
+ * ssl     SSL/TLS object.
+ * groups  Array of groups.
+ * count   Number of groups in array.
+ * returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3 or
+ * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
+{
+    int ret, i;
+
+    WOLFSSL_ENTER("wolfSSL_set_groups");
+    if (ssl == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
+        return BAD_FUNC_ARG;
+    if (!IsTLS_ex(ssl->version))
+        return BAD_FUNC_ARG;
+
+    #ifdef WOLFSSL_TLS13
+    ssl->numGroups = 0;
+    #endif
+    #if !defined(NO_TLS)
+    TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
+    #endif /* !NO_TLS */
+    for (i = 0; i < count; i++) {
+        /* Call to wolfSSL_UseSupportedCurve also checks if input groups
+                 * are valid */
+        if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i]))
+                != WOLFSSL_SUCCESS) {
+    #if !defined(NO_TLS)
+            TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
+    #endif /* !NO_TLS */
+            return ret;
+        }
+        #ifdef WOLFSSL_TLS13
+        ssl->group[i] = (word16)groups[i];
+        #endif
+    }
+    #ifdef WOLFSSL_TLS13
+    ssl->numGroups = (byte)count;
+    #endif
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* HAVE_SUPPORTED_CURVES */
+
 #ifndef WOLFSSL_NO_TLS12
 
 #ifdef HAVE_EXTENDED_MASTER
@@ -316,6 +411,7 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
     int ret;
 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
     WC_DECLARE_VAR(seed, byte, SEED_LEN, heap);
+    WC_ALLOC_VAR(seed, byte, SEED_LEN, heap);
     if (seed == NULL)
         return MEMORY_E;
 #else
@@ -393,9 +489,10 @@ int DeriveTlsKeys(WOLFSSL* ssl)
             void* ctx = wolfSSL_GetGenSessionKeyCtx(ssl);
             ret = ssl->ctx->GenSessionKeyCb(ssl, ctx);
         }
-        if (!ssl->ctx->GenSessionKeyCb || ret == PROTOCOLCB_UNAVAILABLE)
+        if (!ssl->ctx->GenSessionKeyCb ||
+            ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
-        ret = _DeriveTlsKeys(key_dig, key_dig_len,
+        ret = _DeriveTlsKeys(key_dig, (word32)key_dig_len,
                          ssl->arrays->masterSecret, SECRET_LEN,
                          ssl->arrays->serverRandom, ssl->arrays->clientRandom,
                          IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
@@ -421,6 +518,7 @@ static int _MakeTlsMasterSecret(byte* ms, word32 msLen,
     byte seed[SEED_LEN];
 #else
     WC_DECLARE_VAR(seed, byte, SEED_LEN, heap);
+    WC_ALLOC_VAR(seed, byte, SEED_LEN, heap);
     if (seed == NULL)
         return MEMORY_E;
 #endif
@@ -544,14 +642,27 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
         byte handshake_hash[HSHASH_SZ];
     #endif
 
+        XMEMSET(handshake_hash, 0, HSHASH_SZ);
         ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
         if (ret == 0) {
-            ret = _MakeTlsExtendedMasterSecret(
-                ssl->arrays->masterSecret, SECRET_LEN,
-                ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
-                handshake_hash, hashSz,
-                IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
-                ssl->heap, ssl->devId);
+        #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS)
+            ret = PROTOCOLCB_UNAVAILABLE;
+            if (ssl->ctx->GenExtMasterCb) {
+                void* ctx = wolfSSL_GetGenExtMasterSecretCtx(ssl);
+                ret = ssl->ctx->GenExtMasterCb(ssl, handshake_hash, hashSz,
+                                                ctx);
+            }
+            if (!ssl->ctx->GenExtMasterCb ||
+                ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
+        #endif /* (HAVE_SECRET_CALLBACK) && (HAVE_EXT_SECRET_CALLBACK) */
+            {
+                ret = _MakeTlsExtendedMasterSecret(
+                    ssl->arrays->masterSecret, SECRET_LEN,
+                    ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
+                    handshake_hash, hashSz,
+                    IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
+                    ssl->heap, ssl->devId);
+            }
             ForceZero(handshake_hash, hashSz);
         }
 
@@ -571,7 +682,8 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
             void* ctx = wolfSSL_GetGenMasterSecretCtx(ssl);
             ret = ssl->ctx->GenMasterCb(ssl, ctx);
         }
-        if (!ssl->ctx->GenMasterCb || ret == PROTOCOLCB_UNAVAILABLE)
+        if (!ssl->ctx->GenMasterCb ||
+            ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
         {
             ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret,
@@ -581,47 +693,13 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
                       ssl->specs.mac_algorithm, ssl->heap, ssl->devId);
         }
     }
+#ifdef HAVE_SECRET_CALLBACK
+    if (ret == 0 && ssl->tlsSecretCb != NULL) {
+        ret = ssl->tlsSecretCb(ssl, ssl->arrays->masterSecret,
+                SECRET_LEN, ssl->tlsSecretCtx);
+    }
+#endif /* HAVE_SECRET_CALLBACK */
     if (ret == 0) {
-    #ifdef SHOW_SECRETS
-        /* Wireshark Pre-Master-Secret Format:
-         *  CLIENT_RANDOM <clientrandom> <mastersecret>
-         */
-        const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
-        int i, pmsPos = 0;
-        char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
-
-        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
-            CLIENT_RANDOM_LABEL);
-        pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
-        for (i = 0; i < RAN_LEN; i++) {
-            XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
-                ssl->arrays->clientRandom[i]);
-            pmsPos += 2;
-        }
-        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
-        pmsPos += 1;
-        for (i = 0; i < SECRET_LEN; i++) {
-            XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
-                ssl->arrays->masterSecret[i]);
-            pmsPos += 2;
-        }
-        XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
-        pmsPos += 1;
-
-        /* print master secret */
-        puts(pmsBuf);
-
-        #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
-        {
-            FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
-            if (f != XBADFILE) {
-                XFWRITE(pmsBuf, 1, pmsPos, f);
-                XFCLOSE(f);
-            }
-        }
-        #endif
-    #endif /* SHOW_SECRETS */
-
         ret = DeriveTlsKeys(ssl);
     }
 
@@ -694,6 +772,15 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
     if (ssl == NULL || inner == NULL)
         return BAD_FUNC_ARG;
 
+    if (content == dtls12_cid
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+       || (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0)
+#endif
+    ) {
+        WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID");
+        return BAD_FUNC_ARG;
+    }
+
     XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
 
     WriteSEQ(ssl, verify, inner);
@@ -719,7 +806,7 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
  */
 static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (hmac->macType) {
     #ifndef NO_SHA
@@ -753,6 +840,7 @@ static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
     #endif /* WOLFSSL_SM3 */
 
         default:
+            ret = BAD_FUNC_ARG;
             break;
     }
 
@@ -767,7 +855,7 @@ static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
  */
 static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (hmac->macType) {
     #ifndef NO_SHA
@@ -801,6 +889,7 @@ static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
     #endif /* WOLFSSL_SM3 */
 
         default:
+            ret = BAD_FUNC_ARG;
             break;
     }
 
@@ -815,7 +904,7 @@ static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
  */
 static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     wc_HashAlg hash;
     enum wc_HashType hashType = (enum wc_HashType)hmac->macType;
     int digestSz = wc_HashGetDigestSize(hashType);
@@ -824,12 +913,16 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
     if ((digestSz >= 0) && (blockSz >= 0)) {
         ret = wc_HashInit(&hash, hashType);
     }
+    else {
+        ret = BAD_FUNC_ARG;
+    }
+
     if (ret == 0) {
         ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->opad,
-            blockSz);
+            (word32)blockSz);
         if (ret == 0)
             ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->innerHash,
-                digestSz);
+                (word32)digestSz);
         if (ret == 0)
             ret = wc_HashFinal(&hash, hashType, mac);
         wc_HashFree(&hash, hashType);
@@ -846,10 +939,11 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
  * in      Message data.
  * sz      Size of the message data.
  * header  Constructed record header with length of handshake data.
+ * headerSz Length of header
  * returns 0 on success, otherwise failure.
  */
 static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
-                               word32 sz, int macLen, byte* header)
+                           word32 sz, int macLen, byte* header, word32 headerSz)
 {
     byte         lenBytes[8];
     int          i, j;
@@ -857,7 +951,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     int          blockBits, blockMask;
     int          lastBlockLen, extraLen, eocIndex;
     int          blocks, safeBlocks, lenBlock, eocBlock;
-    unsigned int maxLen;
+    word32       maxLen;
     int          blockSz, padSz;
     int          ret;
     word32       realLen;
@@ -910,53 +1004,55 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     blockMask = blockSz - 1;
 
     /* Size of data to HMAC if padding length byte is zero. */
-    maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
+    maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - (word32)macLen;
+
     /* Complete data (including padding) has block for EOC and/or length. */
-    extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
+    extraBlock = ctSetLTE(((int)maxLen + padSz) & blockMask, padSz);
     /* Total number of blocks for data including padding. */
-    blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
+    blocks = ((int)(maxLen + (word32)blockSz - 1) >> blockBits) + extraBlock;
     /* Up to last 6 blocks can be hashed safely. */
     safeBlocks = blocks - 6;
 
     /* Length of message data. */
     realLen = maxLen - in[sz - 1];
     /* Number of message bytes in last block. */
-    lastBlockLen = realLen & blockMask;
+    lastBlockLen = (int)realLen & blockMask;
     /* Number of padding bytes in last block. */
     extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
     /* Number of blocks to create for hash. */
-    lenBlock = (realLen + extraLen) >> blockBits;
+    lenBlock = ((int)realLen + extraLen) >> blockBits;
     /* Block containing EOC byte. */
-    eocBlock = realLen >> blockBits;
+    eocBlock = (int)(realLen >> (word32)blockBits);
     /* Index of EOC byte in block. */
-    eocIndex = realLen & blockMask;
+    eocIndex = (int)(realLen & (word32)blockMask);
 
     /* Add length of hmac's ipad to total length. */
-    realLen += blockSz;
+    realLen += (word32)blockSz;
     /* Length as bits - 8 bytes bigendian. */
     c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
     c32toa(realLen << 3, lenBytes + sizeof(word32));
 
-    ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz);
+    ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, (word32)blockSz);
     if (ret != 0)
         return ret;
 
-    XMEMSET(hmac->innerHash, 0, macLen);
+    XMEMSET(hmac->innerHash, 0, (size_t)macLen);
 
     if (safeBlocks > 0) {
-        ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
+        ret = Hmac_HashUpdate(hmac, header, headerSz);
         if (ret != 0)
             return ret;
-        ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
-                                                     WOLFSSL_TLS_HMAC_INNER_SZ);
+        ret = Hmac_HashUpdate(hmac, in, (word32)(safeBlocks * blockSz -
+                                WOLFSSL_TLS_HMAC_INNER_SZ));
+
         if (ret != 0)
             return ret;
     }
     else
         safeBlocks = 0;
 
-    XMEMSET(digest, 0, macLen);
-    k = safeBlocks * blockSz;
+    XMEMSET(digest, 0, (size_t)macLen);
+    k = (unsigned int)(safeBlocks * blockSz);
     for (i = safeBlocks; i < blocks; i++) {
         unsigned char hashBlock[WC_MAX_BLOCK_SIZE];
         unsigned char isEocBlock = ctMaskEq(i, eocBlock);
@@ -967,10 +1063,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
             unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
             unsigned char b = 0;
 
-            if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
+            if (k < headerSz)
                 b = header[k];
             else if (k < maxLen)
-                b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
+                b = in[k - headerSz];
             k++;
 
             b = ctMaskSel(atEoc, 0x80, b);
@@ -984,7 +1080,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
             hashBlock[j] = b;
         }
 
-        ret = Hmac_HashUpdate(hmac, hashBlock, blockSz);
+        ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); /* cppcheck-suppress uninitvar */
         if (ret != 0)
             return ret;
         ret = Hmac_HashFinalRaw(hmac, hashBlock);
@@ -1013,10 +1109,11 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
  * in      Message data.
  * sz      Size of the message data.
  * header  Constructed record header with length of handshake data.
+ * headerSz Length of header
  * returns 0 on success, otherwise failure.
  */
 static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
-                            word32 sz, byte* header)
+                            word32 sz, byte* header, word32 headerSz)
 {
     byte       dummy[WC_MAX_BLOCK_SIZE] = {0};
     int        ret = 0;
@@ -1094,19 +1191,19 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
     maxSz &= ~(0 - (maxSz >> 31));
 
     /* Calculate #blocks processed in HMAC for max and real data. */
-    blocks      = maxSz >> blockBits;
+    blocks      = (int)(maxSz >> blockBits);
     blocks     += ((maxSz + padSz) % blockSz) < padSz;
-    msgBlocks   = realSz >> blockBits;
+    msgBlocks   = (int)(realSz >> blockBits);
     /* #Extra blocks to process. */
     blocks -= msgBlocks + ((((realSz + padSz) % blockSz) < padSz) ? 1 : 0);
     /* Calculate whole blocks. */
     msgBlocks--;
 
-    ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
+    ret = wc_HmacUpdate(hmac, header, headerSz);
     if (ret == 0) {
         /* Fill the rest of the block with any available data. */
-        word32 currSz = ctMaskLT(msgSz, blockSz) & msgSz;
-        currSz |= ctMaskGTE(msgSz, blockSz) & blockSz;
+        word32 currSz = ctMaskLT((int)msgSz, (int)blockSz) & msgSz;
+        currSz |= ctMaskGTE((int)msgSz, (int)blockSz) & blockSz;
         currSz -= WOLFSSL_TLS_HMAC_INNER_SZ;
         currSz &= ~(0 - (currSz >> 31));
         ret = wc_HmacUpdate(hmac, in, currSz);
@@ -1138,11 +1235,66 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
 
 #endif
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_HMAC_CID_SZ(s, v) \
+                ((v) ? DtlsGetCidRxSize((s)) \
+                     : DtlsGetCidTxSize((s)))
+#define TLS_HMAC_CID(s, v, b, c) \
+                ((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
+                     : wolfSSL_dtls_cid_get_tx((s), (b), (c)))
+#endif
+
+static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz,
+        word32 sz, int content, int verify, int epochOrder)
+{
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    unsigned int cidSz = 0;
+    if (ssl->options.dtls && (cidSz = TLS_HMAC_CID_SZ(ssl, verify)) > 0) {
+        word32 idx = 0;
+        if (cidSz > DTLS_CID_MAX_SIZE) {
+            WOLFSSL_MSG("DTLS CID too large");
+            return DTLS_CID_ERROR;
+        }
+
+        XMEMSET(inner + idx, 0xFF, SEQ_SZ);
+        idx += SEQ_SZ;
+        inner[idx++] = dtls12_cid;
+        inner[idx++] = (byte)cidSz;
+        inner[idx++] = dtls12_cid;
+        inner[idx++] = ssl->version.major;
+        inner[idx++] = ssl->version.minor;
+        WriteSEQ(ssl, epochOrder, inner + idx);
+        idx += SEQ_SZ;
+        if (TLS_HMAC_CID(ssl, verify, inner + idx, cidSz) ==
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            WOLFSSL_MSG("DTLS CID write failed");
+            return DTLS_CID_ERROR;
+        }
+        idx += cidSz;
+        c16toa((word16)sz, inner + idx);
+        idx += LENGTH_SZ;
+
+        *innerSz = idx;
+        return 0;
+    }
+#endif
+    *innerSz = WOLFSSL_TLS_HMAC_INNER_SZ;
+    return wolfSSL_SetTlsHmacInner(ssl, inner, sz, content,
+            !ssl->options.dtls ? verify : epochOrder);
+}
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_CID_INNER_SZ
+#else
+#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ
+#endif
+
 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
              int content, int verify, int epochOrder)
 {
     Hmac   hmac;
-    byte   myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+    byte   myInner[TLS_HMAC_INNER_SZ];
+    word32 innerSz = TLS_HMAC_INNER_SZ;
     int    ret = 0;
     const byte* macSecret = NULL;
     word32 hashSz = 0;
@@ -1170,10 +1322,10 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     }
 #endif
 
-    if (!ssl->options.dtls)
-        wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
-    else
-        wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder);
+    ret = TLS_hmac_SetInner(ssl, myInner, &innerSz, sz, content, verify,
+                            epochOrder);
+    if (ret != 0)
+        return ret;
 
     ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
     if (ret != 0)
@@ -1184,10 +1336,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     if (ssl->options.dtls)
         macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder);
     else
-        macSecret = wolfSSL_GetMacSecret(ssl, verify);
-#else
-    macSecret = wolfSSL_GetMacSecret(ssl, verify);
 #endif
+        macSecret = wolfSSL_GetMacSecret(ssl, verify);
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
                                               macSecret,
                                               ssl->specs.hash_size);
@@ -1200,21 +1350,24 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     #ifdef HAVE_BLAKE2
             if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
                 ret = Hmac_UpdateFinal(&hmac, digest, in,
-                                              sz + hashSz + padSz + 1, myInner);
+                        sz + hashSz + (word32)padSz + 1, myInner, innerSz);
             }
             else
     #endif
             {
                 ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
-                                      sz + hashSz + padSz + 1, hashSz, myInner);
+                                      (sz + hashSz + (word32)padSz + 1),
+                                      (int)hashSz, myInner, innerSz);
+
             }
 #else
-            ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
-                                                                       myInner);
+            ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz +
+                                        (word32)(padSz) + 1,
+                                        myInner, innerSz);
 #endif
         }
         else {
-            ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+            ret = wc_HmacUpdate(&hmac, myInner, innerSz);
             if (ret == 0)
                 ret = wc_HmacUpdate(&hmac, in, sz);                /* content */
             if (ret == 0)
@@ -1323,6 +1476,10 @@ static WC_INLINE word16 TLSX_ToSemaphore(word16 type)
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
         case TLSX_ECH: /* 0xfe0d */
             return 65;
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        case TLSX_CKS:
+            return 66;
 #endif
         default:
             if (type > 62) {
@@ -1754,7 +1911,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
                                  byte isRequest)
 {
     word16  size = 0, offset = 0, wlen;
-    int     r = BUFFER_ERROR;
+    int     r = WC_NO_ERR_TRACE(BUFFER_ERROR);
     const byte *s;
 
     if (OPAQUE16_LEN > length)
@@ -2340,12 +2497,13 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
 #ifndef NO_WOLFSSL_SERVER
 
 /** Tells the SNI requested by the client. */
-word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
+word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data,
+        byte ignoreStatus)
 {
     TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
     SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
 
-    if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
+    if (sni && (ignoreStatus || sni->status != WOLFSSL_SNI_NO_MATCH)) {
         switch (sni->type) {
             case WOLFSSL_SNI_HOST_NAME:
                 if (data) {
@@ -2605,8 +2763,7 @@ static void TLSX_TCA_Free(TCA* tca, void* heap)
     (void)heap;
 
     if (tca) {
-        if (tca->id)
-            XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX);
+        XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX);
         XFREE(tca, heap, DYNAMIC_TYPE_TLSX);
     }
 }
@@ -2920,6 +3077,9 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             WOLFSSL_ERROR_VERBOSE(UNKNOWN_MAX_FRAG_LEN_E);
             return UNKNOWN_MAX_FRAG_LEN_E;
     }
+    if (ssl->session != NULL) {
+        ssl->session->mfl = *input;
+    }
 
 #ifndef NO_WOLFSSL_SERVER
     if (isRequest) {
@@ -3037,57 +3197,143 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
 
 static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
 {
+    int i;
+
     switch (csr->status_type) {
         case WOLFSSL_CSR_OCSP:
-            FreeOcspRequest(&csr->request.ocsp);
+            for (i = 0; i <= csr->requests; i++) {
+                FreeOcspRequest(&csr->request.ocsp[i]);
+            }
         break;
     }
-
 #ifdef WOLFSSL_TLS13
-    if (csr->response.buffer != NULL) {
-        XFREE(csr->response.buffer, csr->ssl->heap,
+    for (i = 0; i < MAX_CERT_EXTENSIONS; i++) {
+        if (csr->responses[i].buffer != NULL) {
+            XFREE(csr->responses[i].buffer, heap,
                 DYNAMIC_TYPE_TMP_BUFFER);
+        }
     }
 #endif
     XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
     (void)heap;
 }
 
-static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
+word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
+                                                             int idx)
 {
     word16 size = 0;
 
     /* shut up compiler warnings */
     (void) csr; (void) isRequest;
-
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 size += ENUM_LEN + 2 * OPAQUE16_LEN;
 
-                if (csr->request.ocsp.nonceSz)
+                if (csr->request.ocsp[0].nonceSz)
                     size += OCSP_NONCE_EXT_SZ;
             break;
         }
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
-    if (!isRequest && csr->ssl->options.tls1_3)
-        return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length;
+    if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+        if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
+                idx == 0) {
+            return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspRespSz;
+        }
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+        return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
+                csr->responses[idx].length);
+    }
+#else
+    (void)idx;
 #endif
-
     return size;
 }
 
-static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
-                                                                 byte isRequest)
+#if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) && \
+(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+static int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl)
+{
+    void *ioCtx = NULL;
+    WOLFSSL_OCSP *ocsp;
+    int ret;
+
+    if (ssl == NULL || SSL_CM(ssl) == NULL)
+        return BAD_FUNC_ARG;
+    ocsp = SSL_CM(ssl)->ocsp_stapling;
+    if (ocsp == NULL || ocsp->statusCb == NULL)
+        return BAD_FUNC_ARG;
+    ioCtx = (ssl->ocspIOCtx != NULL) ? ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
+    ret = ocsp->statusCb(ssl, ioCtx);
+    switch (ret) {
+        case SSL_TLSEXT_ERR_OK:
+            if (ssl->ocspRespSz > 0) {
+                /* ack the extension, status cb provided the response in
+                 * ssl->ocspResp */
+                TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
+                ssl->status_request = WOLFSSL_CSR_OCSP;
+            }
+            ret = 0;
+            break;
+        case SSL_TLSEXT_ERR_NOACK:
+            /* suppressing as not critical */
+            ret = 0;
+            break;
+        case SSL_TLSEXT_ERR_ALERT_FATAL:
+        default:
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+    return ret;
+}
+
+static int TLSX_CSR_WriteWithStatusCB(CertificateStatusRequest* csr,
+    byte* output)
+{
+    WOLFSSL *ssl = csr->ssl;
+    WOLFSSL_OCSP *ocsp;
+    word16 offset = 0;
+    byte *response;
+    int respSz;
+
+    if (ssl == NULL || SSL_CM(ssl) == NULL)
+        return BAD_FUNC_ARG;
+    ocsp = SSL_CM(ssl)->ocsp_stapling;
+    if (ocsp == NULL || ocsp->statusCb == NULL)
+        return BAD_FUNC_ARG;
+    response = ssl->ocspResp;
+    respSz = ssl->ocspRespSz;
+    if (response == NULL || respSz == 0)
+        return BAD_FUNC_ARG;
+    output[offset++] = WOLFSSL_CSR_OCSP;
+    c32to24(respSz, output + offset);
+    offset += OPAQUE24_LEN;
+    XMEMCPY(output + offset, response, respSz);
+    return offset + respSz;
+}
+#endif /* (TLS13 && !NO_WOLFSLL_SERVER) && (OPENSSL_ALL || WOLFSSL_NGINX ||
+WOLFSSL_HAPROXY) */
+
+static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
+{
+    return TLSX_CSR_GetSize_ex(csr, isRequest, 0);
+}
+
+int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest, int idx)
 {
     /* shut up compiler warnings */
     (void) csr; (void) output; (void) isRequest;
 
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
+        int ret = 0;
         word16 offset = 0;
         word16 length = 0;
 
@@ -3101,36 +3347,143 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
                 offset += OPAQUE16_LEN;
 
                 /* request extensions */
-                if (csr->request.ocsp.nonceSz)
-                    length = (word16)EncodeOcspRequestExtensions(
-                                                 &csr->request.ocsp,
+                if (csr->request.ocsp[0].nonceSz) {
+                    ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp[0],
                                                  output + offset + OPAQUE16_LEN,
                                                  OCSP_NONCE_EXT_SZ);
 
+                    if (ret > 0) {
+                        length = (word16)ret;
+                    }
+                    else {
+                        return ret;
+                    }
+                }
+
                 c16toa(length, output + offset);
                 offset += OPAQUE16_LEN + length;
 
             break;
         }
 
-        return offset;
+        return (int)offset;
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
-    if (!isRequest && csr->ssl->options.tls1_3) {
+    if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
         word16 offset = 0;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+        if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
+                idx == 0) {
+            return TLSX_CSR_WriteWithStatusCB(csr, output);
+        }
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
         output[offset++] = csr->status_type;
-        c32to24(csr->response.length, output + offset);
+        c32to24(csr->responses[idx].length, output + offset);
         offset += OPAQUE24_LEN;
-        XMEMCPY(output + offset, csr->response.buffer, csr->response.length);
-        offset += csr->response.length;
+        XMEMCPY(output + offset, csr->responses[idx].buffer,
+                                        csr->responses[idx].length);
+        offset += (word16)csr->responses[idx].length;
         return offset;
     }
+#else
+    (void)idx;
 #endif
 
     return 0;
 }
 
+static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest)
+{
+    return TLSX_CSR_Write_ex(csr, output, isRequest, 0);
+}
+
+#if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
+    defined(WOLFSSL_TLS_OCSP_MULTI)
+/* Process OCSP request certificate chain
+ *
+ * ssl       SSL/TLS object.
+ * returns 0 on success, otherwise failure.
+ */
+static int ProcessChainOCSPRequest(WOLFSSL* ssl)
+{
+    DecodedCert* cert;
+    OcspRequest* request;
+    TLSX* extension;
+    CertificateStatusRequest* csr;
+    DerBuffer* chain;
+    word32 pos = 0;
+    buffer der;
+    int i = 1;
+    int ret = 0;
+    byte ctxOwnsRequest = 0;
+
+    /* use certChain if available, otherwise use peer certificate */
+    chain = ssl->buffers.certChain;
+    if (chain == NULL) {
+        chain = ssl->buffers.certificate;
+    }
+
+    extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    csr = extension ?
+                (CertificateStatusRequest*)extension->data : NULL;
+    if (csr == NULL)
+        return MEMORY_ERROR;
+
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
+                                         DYNAMIC_TYPE_DCERT);
+    if (cert == NULL) {
+        return MEMORY_E;
+    }
+
+    if (chain && chain->buffer) {
+        while (ret == 0 && pos + OPAQUE24_LEN < chain->length) {
+            c24to32(chain->buffer + pos, &der.length);
+            pos += OPAQUE24_LEN;
+            der.buffer = chain->buffer + pos;
+            pos += der.length;
+
+            if (pos > chain->length)
+                break;
+            request = &csr->request.ocsp[i];
+            if (ret == 0) {
+                ret = CreateOcspRequest(ssl, request, cert,
+                        der.buffer, der.length, &ctxOwnsRequest);
+                if (ctxOwnsRequest) {
+                    wolfSSL_Mutex* ocspLock =
+                        &SSL_CM(ssl)->ocsp_stapling->ocspLock;
+                    if (wc_LockMutex(ocspLock) == 0) {
+                        /* the request is ours */
+                        ssl->ctx->certOcspRequest = NULL;
+                    }
+                    wc_UnLockMutex(ocspLock);
+                }
+            }
+
+            if (ret == 0) {
+                request->ssl = ssl;
+                ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
+                                 request, &csr->responses[i], ssl->heap);
+                /* Suppressing, not critical */
+                if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) {
+                    ret = 0;
+                }
+                i++;
+                csr->requests++;
+            }
+        }
+    }
+    XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
+
+    return ret;
+}
+#endif
+
 static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                           byte isRequest)
 {
@@ -3185,14 +3538,14 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             switch (csr->status_type) {
                 case WOLFSSL_CSR_OCSP:
                     /* propagate nonce */
-                    if (csr->request.ocsp.nonceSz) {
+                    if (csr->request.ocsp[0].nonceSz) {
                         request =
                             (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
 
                         if (request) {
-                            XMEMCPY(request->nonce, csr->request.ocsp.nonce,
-                                                    csr->request.ocsp.nonceSz);
-                            request->nonceSz = csr->request.ocsp.nonceSz;
+                            XMEMCPY(request->nonce, csr->request.ocsp[0].nonce,
+                                        (size_t)csr->request.ocsp[0].nonceSz);
+                            request->nonceSz = csr->request.ocsp[0].nonceSz;
                         }
                     }
                 break;
@@ -3223,14 +3576,21 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     ret = BUFFER_ERROR;
             }
             if (ret == 0) {
-                csr->response.buffer = (byte*)XMALLOC(resp_length, ssl->heap,
+                if (ssl->response_idx < (1 + MAX_CHAIN_DEPTH))
+                    csr->responses[ssl->response_idx].buffer =
+                    (byte*)XMALLOC(resp_length, ssl->heap,
                         DYNAMIC_TYPE_TMP_BUFFER);
-                if (csr->response.buffer == NULL)
+                else
+                    ret = BAD_FUNC_ARG;
+
+                if (ret == 0 &&
+                        csr->responses[ssl->response_idx].buffer == NULL)
                     ret = MEMORY_ERROR;
             }
             if (ret == 0) {
-                XMEMCPY(csr->response.buffer, input + offset, resp_length);
-                csr->response.length = resp_length;
+                XMEMCPY(csr->responses[ssl->response_idx].buffer,
+                                            input + offset, resp_length);
+                csr->responses[ssl->response_idx].length = resp_length;
             }
 
             return ret;
@@ -3295,6 +3655,13 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
 
     #if defined(WOLFSSL_TLS13)
         if (ssl->options.tls1_3) {
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+            if (ssl != NULL && SSL_CM(ssl) != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
+            return TLSX_CSR_SetResponseWithStatusCB(ssl);
+}
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
             if (ssl->buffers.certificate == NULL) {
                 WOLFSSL_MSG("Certificate buffer not set!");
                 return BUFFER_ERROR;
@@ -3312,7 +3679,8 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
                 /* Let's not error out the connection if we can't verify our
                  * cert */
-                if (ret == ASN_SELF_SIGNED_E || ret == ASN_NO_SIGNER_E)
+                if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) ||
+                    ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E))
                     ret = 0;
                 return ret;
             }
@@ -3324,19 +3692,33 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             }
             FreeDecodedCert(cert);
             XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
-
             extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
             csr = extension ?
                 (CertificateStatusRequest*)extension->data : NULL;
             if (csr == NULL)
                 return MEMORY_ERROR;
 
-            request = &csr->request.ocsp;
-            ret = CreateOcspResponse(ssl, &request, &csr->response);
+            request = &csr->request.ocsp[0];
+            ret = CreateOcspResponse(ssl, &request, &csr->responses[0]);
+            if (request != &csr->request.ocsp[0] &&
+                    ssl->buffers.weOwnCert) {
+                /* request will be allocated in CreateOcspResponse() */
+                FreeOcspRequest(request);
+                XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }
             if (ret != 0)
                 return ret;
-            if (csr->response.buffer)
+
+            if (csr->responses[0].buffer)
                 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
+        #if defined(WOLFSSL_TLS_OCSP_MULTI)
+            /* process OCSP request in certificate chain */
+            if ((ret = ProcessChainOCSPRequest(ssl)) != 0) {
+                WOLFSSL_MSG("Process Cert Chain OCSP request failed");
+                WOLFSSL_ERROR_VERBOSE(ret);
+                return ret;
+            }
+        #endif
         }
         else
     #endif
@@ -3348,9 +3730,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     return 0;
 }
 
-int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
+int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert,
+                                                            void* heap, int idx)
 {
-    TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
+     TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
     CertificateStatusRequest* csr = extension ?
         (CertificateStatusRequest*)extension->data : NULL;
     int ret = 0;
@@ -3359,18 +3742,33 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP: {
                 byte nonce[MAX_OCSP_NONCE_SZ];
-                int  nonceSz = csr->request.ocsp.nonceSz;
+                int  req_cnt = idx == -1 ? csr->requests : idx;
+                int  nonceSz = csr->request.ocsp[0].nonceSz;
+                OcspRequest* request;
 
+                request = &csr->request.ocsp[req_cnt];
+                if (request->serial != NULL) {
+                    /* clear request contents before reuse */
+                    FreeOcspRequest(request);
+                    if (csr->requests > 0)
+                        csr->requests--;
+                }
                 /* preserve nonce */
-                XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
+                XMEMCPY(nonce, csr->request.ocsp->nonce, (size_t)nonceSz);
 
-                if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
-                                                                           != 0)
-                    return ret;
+                if (req_cnt < MAX_CERT_EXTENSIONS) {
+                    if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0)
+                        return ret;
 
-                /* restore nonce */
-                XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
-                csr->request.ocsp.nonceSz = nonceSz;
+                    /* restore nonce */
+                    XMEMCPY(csr->request.ocsp->nonce, nonce, (size_t)nonceSz);
+                    request->nonceSz = nonceSz;
+                    csr->requests++;
+                }
+                else {
+                    WOLFSSL_ERROR_VERBOSE(MAX_CERT_EXTENSIONS_ERR);
+                    return MAX_CERT_EXTENSIONS_ERR;
+                }
             }
             break;
         }
@@ -3379,22 +3777,37 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
     return ret;
 }
 
-void* TLSX_CSR_GetRequest(TLSX* extensions)
+int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
+{
+    return TLSX_CSR_InitRequest_ex(extensions, cert, heap, -1);
+}
+
+void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx)
 {
     TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
     CertificateStatusRequest* csr = extension ?
                               (CertificateStatusRequest*)extension->data : NULL;
 
-    if (csr) {
+    if (csr && csr->ssl) {
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
-                return &csr->request.ocsp;
+                if (IsAtLeastTLSv1_3(csr->ssl->version)) {
+                    return idx < csr->requests ? &csr->request.ocsp[idx] : NULL;
+                }
+                else {
+                    return idx == 0 ? &csr->request.ocsp[0] : NULL;
+                }
         }
     }
 
     return NULL;
 }
 
+void* TLSX_CSR_GetRequest(TLSX* extensions)
+{
+    return TLSX_CSR_GetRequest_ex(extensions, 0);
+}
+
 int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
 {
     TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
@@ -3405,9 +3818,9 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 if (SSL_CM(ssl)->ocspEnabled) {
-                    csr->request.ocsp.ssl = ssl;
+                    csr->request.ocsp[0].ssl = ssl;
                     return CheckOcspRequest(SSL_CM(ssl)->ocsp,
-                                              &csr->request.ocsp, NULL, NULL);
+                                              &csr->request.ocsp[0], NULL, NULL);
                 }
                 else {
                     WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL);
@@ -3435,7 +3848,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
         return MEMORY_E;
 
     ForceZero(csr, sizeof(CertificateStatusRequest));
-
+#if defined(WOLFSSL_TLS13)
+    XMEMSET(csr->responses, 0, sizeof(csr->responses));
+#endif
     csr->status_type = status_type;
     csr->options     = options;
     csr->ssl         = ssl;
@@ -3452,9 +3867,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
                 (void)devId;
             #endif
                 if (ret == 0) {
-                    if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
+                    if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp[0].nonce,
                                                         MAX_OCSP_NONCE_SZ) == 0)
-                        csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
+                        csr->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
 
                     wc_FreeRng(&rng);
                 }
@@ -3490,10 +3905,20 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
 
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
 
+static void TLSX_CSR2_FreePendingSigners(Signer *s, void* heap)
+{
+    Signer* next;
+    while(s) {
+        next = s->next;
+        FreeSigner(s, heap);
+        s = next;
+    }
+}
 static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap)
 {
     CertificateStatusRequestItemV2* next;
 
+    TLSX_CSR2_FreePendingSigners(csr2->pendingSigners, heap);
     for (; csr2; csr2 = next) {
         next = csr2->next;
 
@@ -3541,7 +3966,7 @@ static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
     return size;
 }
 
-static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
+static int TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
                                                    byte* output, byte isRequest)
 {
     /* shut up compiler warnings */
@@ -3549,6 +3974,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
 
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
+        int ret = 0;
         word16 offset;
         word16 length;
 
@@ -3576,12 +4002,20 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
                     /* request extensions */
                     length = 0;
 
-                    if (csr2->request.ocsp[0].nonceSz)
-                        length = (word16)EncodeOcspRequestExtensions(
+                    if (csr2->request.ocsp[0].nonceSz) {
+                        ret = (int)EncodeOcspRequestExtensions(
                                                  &csr2->request.ocsp[0],
                                                  output + offset + OPAQUE16_LEN,
                                                  OCSP_NONCE_EXT_SZ);
 
+                        if (ret > 0) {
+                            length = (word16)ret;
+                        }
+                        else {
+                            return ret;
+                        }
+                    }
+
                     c16toa(length, output + offset);
                     offset += OPAQUE16_LEN + length;
                 break;
@@ -3591,7 +4025,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
         /* list size */
         c16toa(offset - OPAQUE16_LEN, output);
 
-        return offset;
+        return (int)offset;
     }
 #endif
 
@@ -3642,7 +4076,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                             if (request) {
                                 XMEMCPY(request->nonce,
                                         csr2->request.ocsp[0].nonce,
-                                        csr2->request.ocsp[0].nonceSz);
+                                        (size_t)csr2->request.ocsp[0].nonceSz);
 
                                 request->nonceSz =
                                                   csr2->request.ocsp[0].nonceSz;
@@ -3724,6 +4158,14 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     continue;
             }
 
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+            /* OpenSSL status CB supports only CERTIFICATE STATUS REQ V1 */
+            if (ssl != NULL && SSL_CM(ssl) != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
+                    return 0;
+            }
+#endif
             /* if using status_request and already sending it, remove it
              * and prefer to use the v2 version */
             #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
@@ -3755,6 +4197,83 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     return 0;
 }
 
+static CertificateStatusRequestItemV2* TLSX_CSR2_GetMulti(TLSX *extensions)
+{
+    TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
+    CertificateStatusRequestItemV2* csr2 = extension ?
+        (CertificateStatusRequestItemV2*)extension->data : NULL;
+
+    for (; csr2; csr2 = csr2->next) {
+        if (csr2->status_type == WOLFSSL_CSR2_OCSP_MULTI)
+            return csr2;
+    }
+    return NULL;
+}
+
+int TLSX_CSR2_IsMulti(TLSX *extensions)
+{
+    return TLSX_CSR2_GetMulti(extensions) != NULL;
+}
+
+int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s)
+{
+    CertificateStatusRequestItemV2* csr2;
+
+    csr2 = TLSX_CSR2_GetMulti(extensions);
+    if (!csr2)
+        return WOLFSSL_FATAL_ERROR;
+
+    s->next = csr2->pendingSigners;
+    csr2->pendingSigners = s;
+    return 0;
+}
+
+Signer* TLSX_CSR2_GetPendingSigners(TLSX *extensions)
+{
+    CertificateStatusRequestItemV2* csr2;
+
+    csr2 = TLSX_CSR2_GetMulti(extensions);
+    if (!csr2)
+        return NULL;
+
+    return csr2->pendingSigners;
+}
+
+int TLSX_CSR2_ClearPendingCA(WOLFSSL *ssl)
+{
+    CertificateStatusRequestItemV2* csr2;
+
+    csr2 = TLSX_CSR2_GetMulti(ssl->extensions);
+    if (csr2 == NULL)
+        return 0;
+
+    TLSX_CSR2_FreePendingSigners(csr2->pendingSigners, SSL_CM(ssl)->heap);
+    csr2->pendingSigners = NULL;
+    return 0;
+}
+
+int TLSX_CSR2_MergePendingCA(WOLFSSL* ssl)
+{
+    CertificateStatusRequestItemV2* csr2;
+    Signer *s, *next;
+    int r = 0;
+
+    csr2 = TLSX_CSR2_GetMulti(ssl->extensions);
+    if (csr2 == NULL)
+        return 0;
+
+    s = csr2->pendingSigners;
+    while (s != NULL) {
+        next = s->next;
+        r = AddSigner(SSL_CM(ssl), s);
+        if (r != 0)
+            FreeSigner(s, SSL_CM(ssl)->heap);
+        s = next;
+    }
+    csr2->pendingSigners = NULL;
+    return r;
+}
+
 int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
                                                                      void* heap)
 {
@@ -3777,7 +4296,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
                     int  nonceSz = csr2->request.ocsp[0].nonceSz;
 
                     /* preserve nonce, replicating nonce of ocsp[0] */
-                    XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
+                    XMEMCPY(nonce, csr2->request.ocsp[0].nonce,
+                    (size_t)nonceSz);
 
                     if ((ret = InitOcspRequest(
                                       &csr2->request.ocsp[csr2->requests], cert,
@@ -3786,7 +4306,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
 
                     /* restore nonce */
                     XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
-                                                                nonce, nonceSz);
+                                                        nonce, (size_t)nonceSz);
                     csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
                     csr2->requests++;
                 }
@@ -3836,10 +4356,10 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
                 /* followed by */
 
             case WOLFSSL_CSR2_OCSP_MULTI:
-                if (SSL_CM(ssl)->ocspEnabled) {
-                    csr2->request.ocsp[0].ssl = ssl;
+                if (SSL_CM(ssl)->ocspEnabled && csr2->requests >= 1) {
+                    csr2->request.ocsp[csr2->requests-1].ssl = ssl;
                     return CheckOcspRequest(SSL_CM(ssl)->ocsp,
-                                          &csr2->request.ocsp[0], NULL, NULL);
+                                          &csr2->request.ocsp[csr2->requests-1], NULL, NULL);
                 }
                 else {
                     WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL);
@@ -3904,6 +4424,11 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
         CertificateStatusRequestItemV2* last =
                                (CertificateStatusRequestItemV2*)extension->data;
 
+        if (last == NULL) {
+            XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
+            return BAD_FUNC_ARG;
+        }
+
         for (; last->next; last = last->next);
 
         last->next = csr2;
@@ -3937,7 +4462,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
 #ifdef HAVE_SUPPORTED_CURVES
 
 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \
-                       && !defined(HAVE_FFDHE) && !defined(HAVE_PQC)
+                       && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_KYBER)
 #error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \
        Use --enable-ecc and/or --enable-liboqs in the configure script or \
        define HAVE_ECC. Alternatively use FFDHE for DH cipher suites.
@@ -4005,7 +4530,7 @@ static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap)
 static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name,
                                                                      void* heap)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     while (list) {
         if (list->name == name) {
@@ -4026,7 +4551,7 @@ static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name,
 
 static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     while (list) {
         if (list->format == format) {
@@ -4313,7 +4838,7 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
         ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap);
         /* If it is BAD_FUNC_ARG then it is a group we do not support, but
          * that is fine. */
-        if (ret != WOLFSSL_SUCCESS && ret != BAD_FUNC_ARG) {
+        if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
             return ret;
         }
     }
@@ -4397,7 +4922,7 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup,
     const DhParams* params = NULL;
 
     for (; serverGroup != NULL; serverGroup = serverGroup->next) {
-        if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(serverGroup->name))
+        if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(serverGroup->name))
             continue;
 
         for (group = clientGroup; group != NULL; group = group->next) {
@@ -4474,7 +4999,7 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup,
     word32 p_len;
 
     for (; serverGroup != NULL; serverGroup = serverGroup->next) {
-        if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(serverGroup->name))
+        if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(serverGroup->name))
             continue;
 
         for (group = clientGroup; group != NULL; group = group->next) {
@@ -4578,7 +5103,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
         return 0;
     clientGroup = (SupportedCurve*)extension->data;
     for (group = clientGroup; group != NULL; group = group->next) {
-        if (WOLFSSL_NAMED_GROUP_IS_FFHDE(group->name)) {
+        if (WOLFSSL_NAMED_GROUP_IS_FFDHE(group->name)) {
             found = 1;
             break;
         }
@@ -4683,6 +5208,7 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
     int             ephmSuite = 0;
     word16          octets    = 0; /* according to 'ecc_set_type ecc_sets[];' */
     int             key       = 0; /* validate key       */
+    int             foundCurve = 0; /* Found at least one supported curve */
 
     (void)oid;
 
@@ -4844,6 +5370,8 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
             default: continue; /* unsupported curve */
         }
 
+        foundCurve = 1;
+
     #ifdef HAVE_ECC
         /* Set default Oid */
         if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) {
@@ -4988,6 +5516,10 @@ int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, byte second,
         }
     }
 
+    /* Check we found at least one supported curve */
+    if (!foundCurve)
+        return 0;
+
     *ecdhCurveOID = ssl->ecdhCurveOID;
     /* Choose the default if it is at the required strength. */
 #ifdef HAVE_ECC
@@ -5211,7 +5743,7 @@ static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
 static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input,
                                           word16 length, byte isRequest)
 {
-    int ret = SECURE_RENEGOTIATION_E;
+    int ret = WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E);
 
     if (length >= OPAQUE8_LEN) {
         if (isRequest) {
@@ -5221,7 +5753,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input,
                 if (ret == WOLFSSL_SUCCESS)
                     ret = 0;
             }
-            if (ret != 0 && ret != SECURE_RENEGOTIATION_E) {
+            if (ret != 0 && ret != WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E)) {
             }
             else if (ssl->secure_renegotiation == NULL) {
             }
@@ -5291,6 +5823,12 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input,
             }
         #endif
         }
+        else {
+            ret = SECURE_RENEGOTIATION_E;
+        }
+    }
+    else {
+        ret = SECURE_RENEGOTIATION_E;
     }
 
     if (ret != 0) {
@@ -5480,14 +6018,25 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input,
                     /* SERVER: ticket is peer auth. */
                     ssl->options.peerAuthGood = 1;
                 }
-            } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
+            } else if (ret == WOLFSSL_TICKET_RET_REJECT ||
+                    ret == WC_NO_ERR_TRACE(VERSION_ERROR)) {
                 WOLFSSL_MSG("Process client ticket rejected, not using");
-                ssl->options.rejectTicket = 1;
+                if (ret == WC_NO_ERR_TRACE(VERSION_ERROR))
+                    WOLFSSL_MSG("\tbad TLS version");
                 ret = 0;  /* not fatal */
-            } else if (ret == VERSION_ERROR) {
-                WOLFSSL_MSG("Process client ticket rejected, bad TLS version");
+
                 ssl->options.rejectTicket = 1;
-                ret = 0;  /* not fatal */
+                /* If we have session tickets enabled then send a new ticket */
+                if (!TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) {
+                    ret = TLSX_UseSessionTicket(&ssl->extensions, NULL,
+                                                ssl->heap);
+                    if (ret == WOLFSSL_SUCCESS) {
+                        ret = 0;
+                        TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
+                        ssl->options.createTicket = 1;
+                        ssl->options.useTicket    = 1;
+                    }
+                }
             } else if (ret == WOLFSSL_TICKET_RET_FATAL) {
                 WOLFSSL_MSG("Process client ticket fatal error, not using");
             } else if (ret < 0) {
@@ -5777,16 +6326,14 @@ static TlsxSrtp* TLSX_UseSRTP_New(word16 ids, void* heap)
 
 static void TLSX_UseSRTP_Free(TlsxSrtp *srtp, void* heap)
 {
-    if (srtp != NULL) {
-        XFREE(srtp, heap, DYNAMIC_TYPE_TLSX);
-    }
+    XFREE(srtp, heap, DYNAMIC_TYPE_TLSX);
     (void)heap;
 }
 
 static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     byte isRequest)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     word16 profile_len = 0;
     word16 profile_value = 0;
     word16 offset = 0;
@@ -6016,7 +6563,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
         if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13Minor)
         #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
             defined(WOLFSSL_WPAS_SMALL)
-            && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0
+            && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0
         #endif
         ) {
             cnt++;
@@ -6028,7 +6575,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
                     isDtls, ssl->options.minDowngrade, tls12Minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ||                       \
     defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0
 #endif
             ) {
                 cnt++;
@@ -6039,7 +6586,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
                     isDtls, ssl->options.minDowngrade, tls11Minor)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0
             #endif
             ) {
                 cnt++;
@@ -6048,7 +6595,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
             if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0
             #endif
             ) {
                 cnt++;
@@ -6094,8 +6641,12 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls) {
         tls13minor = (byte)DTLSv1_3_MINOR;
+    #ifndef WOLFSSL_NO_TLS12
         tls12minor = (byte)DTLSv1_2_MINOR;
+    #endif
+    #ifndef NO_OLD_TLS
         tls11minor = (byte)DTLS_MINOR;
+    #endif
         isDtls = 1;
     }
 #endif /* WOLFSSL_DTLS13 */
@@ -6109,7 +6660,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
         if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ||                       \
     defined(WOLFSSL_WPAS_SMALL)
-            && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0
+            && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0
 #endif
         ) {
             *cnt += OPAQUE16_LEN;
@@ -6129,7 +6680,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls12minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6142,7 +6693,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls11minor)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6153,7 +6704,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6392,8 +6943,7 @@ static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap)
 {
     (void)heap;
 
-    if (cookie != NULL)
-        XFREE(cookie, heap, DYNAMIC_TYPE_TLSX);
+    XFREE(cookie, heap, DYNAMIC_TYPE_TLSX);
 }
 
 /* Get the size of the encoded Cookie extension.
@@ -6473,7 +7023,7 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         return BUFFER_E;
 
     if (msgType == hello_retry_request)
-        return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0,
+        return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 1,
                                &ssl->extensions);
 
     /* client_hello */
@@ -6546,8 +7096,7 @@ int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, word16 len, byte* mac,
     if (mac != NULL)
         XMEMCPY(cookie->data + len, mac, macSz);
 
-    if (extension->data != NULL)
-        XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX);
+    XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX);
 
     extension->data = (void*)cookie;
     extension->resp = (byte)resp;
@@ -6705,16 +7254,15 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
             InitDecodedCert(cert, input + idx, extLen, ssl->heap);
             didInit = TRUE;
             idx += extLen;
-            ret = GetName(cert, SUBJECT, extLen);
+            ret = GetName(cert, ASN_SUBJECT, extLen);
         }
 
         if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL)
             ret = MEMORY_ERROR;
 
         if (ret == 0) {
-            CopyDecodedName(name, cert, SUBJECT);
-            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
-                    == WOLFSSL_FAILURE)
+            CopyDecodedName(name, cert, ASN_SUBJECT);
+            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) <= 0)
                 ret = MEMORY_ERROR;
         }
 
@@ -6733,15 +7281,16 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
     return 0;
 }
 
-#define CAN_GET_SIZE  TLSX_CA_Names_GetSize
-#define CAN_WRITE     TLSX_CA_Names_Write
-#define CAN_PARSE     TLSX_CA_Names_Parse
+#define CAN_GET_SIZE(data)      TLSX_CA_Names_GetSize(data)
+#define CAN_WRITE(data, output) TLSX_CA_Names_Write(data, output)
+#define CAN_PARSE(ssl, input, length, isRequest) \
+                                TLSX_CA_Names_Parse(ssl, input, length, isRequest)
 
 #else
 
-#define CAN_GET_SIZE(...)  0
-#define CAN_WRITE(...)     0
-#define CAN_PARSE(...)     0
+#define CAN_GET_SIZE(data)                       0
+#define CAN_WRITE(data, output)                  0
+#define CAN_PARSE(ssl, input, length, isRequest) 0
 
 #endif
 
@@ -7155,7 +7704,7 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
                     kse->pubKey, &kse->pubKeyLen /* public */
                 );
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E) {
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     return ret;
                 }
             #endif
@@ -7190,21 +7739,15 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
      * The DhKey will be setup again in TLSX_KeyShare_ProcessDh */
     if (dhKey != NULL)
         wc_FreeDhKey(dhKey);
-    if (kse->key != NULL) {
-        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH);
-        kse->key = NULL;
-    }
+    XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH);
+    kse->key = NULL;
 
     if (ret != 0) {
         /* Cleanup on error, otherwise data owned by key share entry */
-        if (kse->privKey != NULL) {
-            XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->privKey = NULL;
-        }
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->privKey = NULL;
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
     }
 #else
     (void)ssl;
@@ -7245,6 +7788,7 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
         if (ret == 0) {
             /* setting "key" means okay to call wc_curve25519_free */
             key = (curve25519_key*)kse->key;
+            kse->keyLen = CURVE25519_KEYSIZE;
 
         #ifdef WOLFSSL_STATIC_EPHEMERAL
             ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE25519, kse->key);
@@ -7286,16 +7830,12 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
 
     if (ret != 0) {
         /* Data owned by key share entry otherwise. */
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
         if (key != NULL)
             wc_curve25519_free(key);
-        if (kse->key != NULL) {
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->key = NULL;
-        }
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
     }
 #else
     (void)ssl;
@@ -7334,6 +7874,7 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse)
         ret = wc_curve448_init((curve448_key*)kse->key);
         if (ret == 0) {
             key = (curve448_key*)kse->key;
+            kse->keyLen = CURVE448_KEY_SIZE;
 
             #ifdef WOLFSSL_STATIC_EPHEMERAL
             ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE448, kse->key);
@@ -7374,16 +7915,12 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse)
 
     if (ret != 0) {
         /* Data owned by key share entry otherwise. */
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
         if (key != NULL)
             wc_curve448_free(key);
-        if (kse->key != NULL) {
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->key = NULL;
-        }
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
     }
 #else
     (void)ssl;
@@ -7453,7 +7990,9 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
         /* Allocate an ECC key to hold private key. */
         kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
         if (kse->key == NULL) {
-            WOLFSSL_MSG("EccTempKey Memory error");
+            WOLFSSL_MSG_EX("Failed to allocate %d bytes, ssl->heap: %p",
+                           (int)sizeof(ecc_key), (wc_ptr_t)ssl->heap);
+            WOLFSSL_MSG("EccTempKey Memory error!");
             return MEMORY_E;
         }
 
@@ -7466,7 +8005,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
             ret = tsip_Tls13GenEccKeyPair(ssl, kse);
-            if (ret != CRYPTOCB_UNAVAILABLE) {
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
                 return ret;
             }
         #endif
@@ -7475,15 +8014,15 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
         #ifdef WOLFSSL_STATIC_EPHEMERAL
             ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_ECDH, kse->key);
-            if (ret != 0)
+            if (ret != 0 || eccKey->dp->id != curveId)
         #endif
             {
                 /* set curve info for EccMakeKey "peer" info */
-                ret = wc_ecc_set_curve(eccKey, kse->keyLen, curveId);
+                ret = wc_ecc_set_curve(eccKey, (int)kse->keyLen, curveId);
                 if (ret == 0) {
             #ifdef WOLFSSL_ASYNC_CRYPT
                     /* Detect when private key generation is done */
-                    if (ssl->error == WC_PENDING_E &&
+                    if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) &&
                             eccKey->type == ECC_PRIVATEKEY) {
                         ret = 0; /* ECC Key Generation is done */
                     }
@@ -7498,7 +8037,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
                     }
                 }
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (ret == WC_PENDING_E)
+                if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return ret;
             #endif
             }
@@ -7535,16 +8074,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
     if (ret != 0) {
         /* Cleanup on error, otherwise data owned by key share entry */
-        if (kse->pubKey != NULL) {
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            kse->pubKey = NULL;
-        }
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
         if (eccKey != NULL)
             wc_ecc_free(eccKey);
-        if (kse->key != NULL) {
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            kse->key = NULL;
-        }
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
     }
 #else
     (void)ssl;
@@ -7557,12 +8092,30 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
     return ret;
 }
 
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
 static int kyber_id2type(int id, int *type)
 {
     int ret = 0;
 
     switch (id) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifndef WOLFSSL_NO_ML_KEM_512
+        case WOLFSSL_ML_KEM_512:
+            *type = WC_ML_KEM_512;
+            break;
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+        case WOLFSSL_ML_KEM_768:
+            *type = WC_ML_KEM_768;
+            break;
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+        case WOLFSSL_ML_KEM_1024:
+            *type = WC_ML_KEM_1024;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         case WOLFSSL_KYBER_LEVEL1:
             *type = KYBER512;
@@ -7578,6 +8131,7 @@ static int kyber_id2type(int id, int *type)
             *type = KYBER1024;
             break;
     #endif
+#endif
         default:
             ret = NOT_COMPILED_IN;
             break;
@@ -7586,79 +8140,53 @@ static int kyber_id2type(int id, int *type)
     return ret;
 }
 
-typedef struct PqcHybridMapping {
-    int hybrid;
-    int ecc;
-    int pqc;
-} PqcHybridMapping;
+#if defined(WOLFSSL_MLKEM_CACHE_A) && \
+    !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY)
+    /* Store KyberKey object rather than private key bytes in key share entry.
+     * Improves performance at cost of more dynamic memory being used. */
+    #define WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+#endif
+#if defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY) && \
+    defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ)
+    #error "Choose WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY or "
+           "WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"
+#endif
 
-static const PqcHybridMapping pqc_hybrid_mapping[] = {
-    {.hybrid = WOLFSSL_P256_KYBER_LEVEL1,     .ecc = WOLFSSL_ECC_SECP256R1,
-     .pqc = WOLFSSL_KYBER_LEVEL1},
-    {.hybrid = WOLFSSL_P384_KYBER_LEVEL3,     .ecc = WOLFSSL_ECC_SECP384R1,
-     .pqc = WOLFSSL_KYBER_LEVEL3},
-    {.hybrid = WOLFSSL_P521_KYBER_LEVEL5,     .ecc = WOLFSSL_ECC_SECP521R1,
-     .pqc = WOLFSSL_KYBER_LEVEL5},
-    {.hybrid = 0, .ecc = 0, .pqc = 0}
-};
-
-/* This will map an ecc-pqs hybrid group into its ecc group and pqc kem group.
- * If it cannot find a mapping then *pqc is set to group. ecc is optional. */
-static void findEccPqc(int *ecc, int *pqc, int group)
-{
-    int i;
-    if (pqc == NULL) {
-        return;
-    }
-
-    *pqc = 0;
-    if (ecc != NULL) {
-        *ecc = 0;
-    }
-
-    for (i = 0; pqc_hybrid_mapping[i].hybrid != 0; i++) {
-        if (pqc_hybrid_mapping[i].hybrid == group) {
-            *pqc = pqc_hybrid_mapping[i].pqc;
-            if (ecc != NULL) {
-                *ecc = pqc_hybrid_mapping[i].ecc;
-            }
-            break;
-        }
-    }
-
-    if (*pqc == 0) {
-        /* It is not a hybrid, so maybe its simple. */
-        *pqc = group;
-    }
-}
-
-/* Create a key share entry using liboqs parameters group.
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+/* Create a key share entry using pqc parameters group on the client side.
  * Generates a key pair.
  *
  * ssl   The SSL/TLS object.
  * kse   The key share entry object.
  * returns 0 on success, otherwise failure.
  */
-static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
+static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
 {
     int ret = 0;
     int type = 0;
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     KyberKey kem[1];
-    byte* pubKey = NULL;
     byte* privKey = NULL;
-    KeyShareEntry *ecc_kse = NULL;
-    int oqs_group = 0;
-    int ecc_group = 0;
     word32 privSz = 0;
-    word32 pubSz = 0;
+#else
+    KyberKey* kem = NULL;
+#endif
 
-    findEccPqc(&ecc_group, &oqs_group, kse->group);
-    ret = kyber_id2type(oqs_group, &type);
-    if (ret == NOT_COMPILED_IN) {
+    /* This gets called twice. Once during parsing of the key share and once
+     * during the population of the extension. No need to do work the second
+     * time. Just return success if its already been done. */
+    if (kse->pubKey != NULL) {
+        return ret;
+    }
+
+    /* Get the type of key we need from the key share group. */
+    ret = kyber_id2type(kse->group, &type);
+    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
         WOLFSSL_MSG("Invalid Kyber algorithm specified.");
         ret = BAD_FUNC_ARG;
     }
 
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     if (ret == 0) {
         ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
         if (ret != 0) {
@@ -7667,36 +8195,10 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
     }
 
     if (ret == 0) {
-        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
-                   DYNAMIC_TYPE_TLSX);
-        if (ecc_kse == NULL) {
-            WOLFSSL_MSG("ecc_kse memory allocation failure");
-            ret = MEMORY_ERROR;
-        }
-    }
-
-    if (ret == 0) {
-        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
-
         ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
     }
     if (ret == 0) {
-        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
-    }
-
-    if (ret == 0 && ecc_group != 0) {
-        ecc_kse->group = ecc_group;
-        ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
-        /* If fail, no error message,  TLSX_KeyShare_GenEccKey will do it. */
-    }
-
-    if (ret == 0) {
-        pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + pubSz, ssl->heap,
-                                DYNAMIC_TYPE_PUBLIC_KEY);
-        if (pubKey == NULL) {
-            WOLFSSL_MSG("pubkey memory allocation failure");
-            ret = MEMORY_ERROR;
-        }
+        ret = wc_KyberKey_PublicKeySize(kem, &kse->pubKeyLen);
     }
 
     if (ret == 0) {
@@ -7706,6 +8208,35 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
             ret = MEMORY_ERROR;
         }
     }
+#else
+    if (ret == 0) {
+        /* Allocate a Kyber key to hold private key. */
+        kem = (KyberKey*)XMALLOC(sizeof(KyberKey), ssl->heap,
+                                 DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kem == NULL) {
+            WOLFSSL_MSG("KEM memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
+        if (ret != 0) {
+            WOLFSSL_MSG("Failed to initialize Kyber Key.");
+        }
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_PublicKeySize(kem, &kse->pubKeyLen);
+    }
+#endif
+
+    if (ret == 0) {
+        kse->pubKey = (byte*)XMALLOC(kse->pubKeyLen, ssl->heap,
+                                     DYNAMIC_TYPE_PUBLIC_KEY);
+        if (kse->pubKey == NULL) {
+            WOLFSSL_MSG("pubkey memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
 
     if (ret == 0) {
         ret = wc_KyberKey_MakeKey(kem, ssl->rng);
@@ -7714,26 +8245,252 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
         }
     }
     if (ret == 0) {
-        ret = wc_KyberKey_EncodePublicKey(kem, pubKey + ecc_kse->pubKeyLen,
-            pubSz);
+        ret = wc_KyberKey_EncodePublicKey(kem, kse->pubKey,
+                                          kse->pubKeyLen);
     }
+
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     if (ret == 0) {
         ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz);
     }
+#endif
+
+#ifdef WOLFSSL_DEBUG_TLS
+    WOLFSSL_MSG("Public Kyber Key");
+    WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen );
+#endif
+
+    if (ret != 0) {
+        /* Data owned by key share entry otherwise. */
+        wc_KyberKey_Free(kem);
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    #else
+        XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
+    #endif
+    }
+    else {
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        wc_KyberKey_Free(kem);
+        kse->privKey = (byte*)privKey;
+        kse->privKeyLen = privSz;
+    #else
+        kse->key = kem;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Structures and objects needed for hybrid key exchanges using both classic
+ * ECDHE and PQC KEM key material. */
+typedef struct PqcHybridMapping {
+    int hybrid;
+    int ecc;
+    int pqc;
+    int pqc_first;
+} PqcHybridMapping;
+
+static const PqcHybridMapping pqc_hybrid_mapping[] = {
+#ifndef WOLFSSL_NO_ML_KEM
+    {.hybrid = WOLFSSL_P256_ML_KEM_512,     .ecc = WOLFSSL_ECC_SECP256R1,
+     .pqc = WOLFSSL_ML_KEM_512,             .pqc_first = 0},
+    {.hybrid = WOLFSSL_P384_ML_KEM_768,     .ecc = WOLFSSL_ECC_SECP384R1,
+     .pqc = WOLFSSL_ML_KEM_768,             .pqc_first = 0},
+    {.hybrid = WOLFSSL_P256_ML_KEM_768,     .ecc = WOLFSSL_ECC_SECP256R1,
+     .pqc = WOLFSSL_ML_KEM_768,             .pqc_first = 0},
+    {.hybrid = WOLFSSL_P521_ML_KEM_1024,    .ecc = WOLFSSL_ECC_SECP521R1,
+     .pqc = WOLFSSL_ML_KEM_1024,            .pqc_first = 0},
+    {.hybrid = WOLFSSL_P384_ML_KEM_1024,    .ecc = WOLFSSL_ECC_SECP384R1,
+     .pqc = WOLFSSL_ML_KEM_1024,            .pqc_first = 0},
+#ifdef HAVE_CURVE25519
+    {.hybrid = WOLFSSL_X25519_ML_KEM_512,   .ecc = WOLFSSL_ECC_X25519,
+     .pqc = WOLFSSL_ML_KEM_512,             .pqc_first = 1},
+    {.hybrid = WOLFSSL_X25519_ML_KEM_768,   .ecc = WOLFSSL_ECC_X25519,
+     .pqc = WOLFSSL_ML_KEM_768,             .pqc_first = 1},
+#endif
+#ifdef HAVE_CURVE448
+    {.hybrid = WOLFSSL_X448_ML_KEM_768,     .ecc = WOLFSSL_ECC_X448,
+     .pqc = WOLFSSL_ML_KEM_768,             .pqc_first = 1},
+#endif
+#endif /* WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    {.hybrid = WOLFSSL_P256_KYBER_LEVEL1,   .ecc = WOLFSSL_ECC_SECP256R1,
+     .pqc = WOLFSSL_KYBER_LEVEL1,           .pqc_first = 0},
+    {.hybrid = WOLFSSL_P384_KYBER_LEVEL3,   .ecc = WOLFSSL_ECC_SECP384R1,
+     .pqc = WOLFSSL_KYBER_LEVEL3,           .pqc_first = 0},
+    {.hybrid = WOLFSSL_P256_KYBER_LEVEL3,   .ecc = WOLFSSL_ECC_SECP256R1,
+     .pqc = WOLFSSL_KYBER_LEVEL3,           .pqc_first = 0},
+    {.hybrid = WOLFSSL_P521_KYBER_LEVEL5,   .ecc = WOLFSSL_ECC_SECP521R1,
+     .pqc = WOLFSSL_KYBER_LEVEL5,           .pqc_first = 0},
+#ifdef HAVE_CURVE25519
+    {.hybrid = WOLFSSL_X25519_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_X25519,
+     .pqc = WOLFSSL_KYBER_LEVEL1,           .pqc_first = 0},
+    {.hybrid = WOLFSSL_X25519_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_X25519,
+     .pqc = WOLFSSL_KYBER_LEVEL3,           .pqc_first = 0},
+#endif
+#ifdef HAVE_CURVE448
+    {.hybrid = WOLFSSL_X448_KYBER_LEVEL3,   .ecc = WOLFSSL_ECC_X448,
+     .pqc = WOLFSSL_KYBER_LEVEL3,           .pqc_first = 0},
+#endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
+    {.hybrid = 0, .ecc = 0, .pqc = 0, .pqc_first = 0}
+};
+
+/* Map an ecc-pqc hybrid group into its ecc group and pqc kem group. */
+static void findEccPqc(int *ecc, int *pqc, int *pqc_first, int group)
+{
+    int i;
+
+    if (pqc != NULL)
+        *pqc = 0;
+    if (ecc != NULL)
+        *ecc = 0;
+    if (pqc_first != NULL)
+        *pqc_first = 0;
+
+    for (i = 0; pqc_hybrid_mapping[i].hybrid != 0; i++) {
+        if (pqc_hybrid_mapping[i].hybrid == group) {
+            if (pqc != NULL)
+                *pqc = pqc_hybrid_mapping[i].pqc;
+            if (ecc != NULL)
+                *ecc = pqc_hybrid_mapping[i].ecc;
+            if (pqc_first != NULL)
+                *pqc_first = pqc_hybrid_mapping[i].pqc_first;
+            break;
+        }
+    }
+}
+
+/* Create a key share entry using both ecdhe and pqc parameters groups.
+ * Generates two key pairs on the client side.
+ *
+ * ssl   The SSL/TLS object.
+ * kse   The key share entry object.
+ * returns 0 on success, otherwise failure.
+ */
+static int TLSX_KeyShare_GenPqcHybridKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
+{
+    int ret = 0;
+    KeyShareEntry *ecc_kse = NULL;
+    KeyShareEntry *pqc_kse = NULL;
+    int pqc_group = 0;
+    int ecc_group = 0;
+    int pqc_first = 0;
+
+    /* This gets called twice. Once during parsing of the key share and once
+     * during the population of the extension. No need to do work the second
+     * time. Just return success if its already been done. */
+    if (kse->pubKey != NULL) {
+        return ret;
+    }
+
+    /* Determine the ECC and PQC group of the hybrid combination */
+    findEccPqc(&ecc_group, &pqc_group, &pqc_first, kse->group);
+    if (ecc_group == 0 || pqc_group == 0) {
+        WOLFSSL_MSG("Invalid hybrid group");
+        ret = BAD_FUNC_ARG;
+    }
+
     if (ret == 0) {
-        XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
-        kse->pubKey = pubKey;
-        kse->pubKeyLen = ecc_kse->pubKeyLen + pubSz;
-        pubKey = NULL;
+        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (ecc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
+        }
+    }
+    if (ret == 0) {
+        pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (pqc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(pqc_kse, 0, sizeof(*pqc_kse));
+        }
+    }
 
-        /* Note we are saving the OQS private key and ECC private key
-         * separately. That's because the ECC private key is not simply a
-         * buffer. Its is an ecc_key struct.
-         */
-        kse->privKey = privKey;
-        privKey = NULL;
+    /* Generate ECC key share part */
+    if (ret == 0) {
+        ecc_kse->group = ecc_group;
+    #ifdef HAVE_CURVE25519
+        if (ecc_group == WOLFSSL_ECC_X25519) {
+            ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+    #ifdef HAVE_CURVE448
+        if (ecc_group == WOLFSSL_ECC_X448) {
+            ret = TLSX_KeyShare_GenX448Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+        {
+            ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
+        }
+        /* No error message, TLSX_KeyShare_Gen*Key will do it. */
+    }
 
+    /* Generate PQC key share part */
+    if (ret == 0) {
+        pqc_kse->group = pqc_group;
+        ret = TLSX_KeyShare_GenPqcKeyClient(ssl, pqc_kse);
+        /* No error message, TLSX_KeyShare_GenPqcKeyClient will do it. */
+    }
+
+    /* Allocate memory for combined public key */
+    if (ret == 0) {
+        kse->pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + pqc_kse->pubKeyLen,
+                                     ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if (kse->pubKey == NULL) {
+            WOLFSSL_MSG("pubkey memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    /* Create combined public key. The order of classic/pqc key material is
+     * indicated by the pqc_first variable. */
+    if (ret == 0) {
+        if (pqc_first) {
+            XMEMCPY(kse->pubKey, pqc_kse->pubKey, pqc_kse->pubKeyLen);
+            XMEMCPY(kse->pubKey + pqc_kse->pubKeyLen, ecc_kse->pubKey,
+                    ecc_kse->pubKeyLen);
+        }
+        else {
+            XMEMCPY(kse->pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+            XMEMCPY(kse->pubKey + ecc_kse->pubKeyLen, pqc_kse->pubKey,
+                    pqc_kse->pubKeyLen);
+        }
+        kse->pubKeyLen = ecc_kse->pubKeyLen + pqc_kse->pubKeyLen;
+    }
+
+    /* Store the private keys.
+     * Note we are saving the PQC private key and ECC private key
+     * separately. That's because the ECC private key is not simply a
+     * buffer. Its is an ecc_key struct. */
+    if (ret == 0) {
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        /* PQC private key is an encoded byte array */
+        kse->privKey = pqc_kse->privKey;
+        kse->privKeyLen = pqc_kse->privKeyLen;
+        pqc_kse->privKey = NULL;
+    #else
+        /* PQC private key is a pointer to KyberKey object */
+        kse->privKey = (byte*)pqc_kse->key;
+        kse->privKeyLen = 0;
+        pqc_kse->key = NULL;
+    #endif
+        /* ECC private key is a pointer to ecc_key object */
         kse->key = ecc_kse->key;
+        kse->keyLen = ecc_kse->keyLen;
         ecc_kse->key = NULL;
     }
 
@@ -7742,16 +8499,13 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
     WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen );
 #endif
 
-    wc_KyberKey_Free(kem);
     TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
-    if (pubKey != NULL)
-        XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (privKey != NULL)
-        XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
 
     return ret;
 }
-#endif /* HAVE_PQC */
+#endif /* !WOLFSSL_KYBER_NO_MAKE_KEY */
+#endif /* WOLFSSL_HAVE_KYBER */
 
 /* Generate a secret/key using the key share entry.
  *
@@ -7762,15 +8516,17 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
 {
     int ret;
     /* Named FFDHE groups have a bit set to identify them. */
-    if (WOLFSSL_NAMED_GROUP_IS_FFHDE(kse->group))
+    if (WOLFSSL_NAMED_GROUP_IS_FFDHE(kse->group))
         ret = TLSX_KeyShare_GenDhKey(ssl, kse);
     else if (kse->group == WOLFSSL_ECC_X25519)
         ret = TLSX_KeyShare_GenX25519Key(ssl, kse);
     else if (kse->group == WOLFSSL_ECC_X448)
         ret = TLSX_KeyShare_GenX448Key(ssl, kse);
-#ifdef HAVE_PQC
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MAKE_KEY)
     else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group))
-        ret = TLSX_KeyShare_GenPqcKey(ssl, kse);
+        ret = TLSX_KeyShare_GenPqcKeyClient(ssl, kse);
+    else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(kse->group))
+        ret = TLSX_KeyShare_GenPqcHybridKeyClient(ssl, kse);
 #endif
     else
         ret = TLSX_KeyShare_GenEccKey(ssl, kse);
@@ -7791,7 +8547,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
 
     while ((current = list) != NULL) {
         list = current->next;
-        if (WOLFSSL_NAMED_GROUP_IS_FFHDE(current->group)) {
+        if (WOLFSSL_NAMED_GROUP_IS_FFDHE(current->group)) {
 #ifndef NO_DH
             wc_FreeDhKey((DhKey*)current->key);
 #endif
@@ -7806,10 +8562,44 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
             wc_curve448_free((curve448_key*)current->key);
 #endif
         }
-#ifdef HAVE_PQC
-        else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group) &&
-                 current->key != NULL) {
-            ForceZero((byte*)current->key, current->keyLen);
+#ifdef WOLFSSL_HAVE_KYBER
+        else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) {
+            wc_KyberKey_Free((KyberKey*)current->key);
+        #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+            if (current->privKey != NULL) {
+                ForceZero(current->privKey, current->privKeyLen);
+            }
+        #endif
+        }
+        else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(current->group)) {
+            int ecc_group = 0;
+            findEccPqc(&ecc_group, NULL, NULL, current->group);
+
+            /* Free PQC private key */
+        #ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+            wc_KyberKey_Free((KyberKey*)current->privKey);
+        #else
+            if (current->privKey != NULL) {
+                ForceZero(current->privKey, current->privKeyLen);
+            }
+        #endif
+
+            /* Free ECC private key */
+            if (ecc_group == WOLFSSL_ECC_X25519) {
+            #ifdef HAVE_CURVE25519
+                wc_curve25519_free((curve25519_key*)current->key);
+            #endif
+            }
+            else if (ecc_group == WOLFSSL_ECC_X448) {
+            #ifdef HAVE_CURVE448
+                wc_curve448_free((curve448_key*)current->key);
+            #endif
+            }
+            else {
+            #ifdef HAVE_ECC
+                wc_ecc_free((ecc_key*)current->key);
+            #endif
+            }
         }
 #endif
         else {
@@ -7818,7 +8608,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
 #endif
         }
         XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-    #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK))
+    #if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER)
         XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
     #endif
         XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -8003,7 +8793,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
             NULL, 0
         );
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E) {
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             return ret;
         }
     #endif
@@ -8023,18 +8813,12 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     /* done with key share, release resources */
     if (dhKey)
         wc_FreeDhKey(dhKey);
-    if (keyShareEntry->key) {
-        XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH);
-        keyShareEntry->key = NULL;
-    }
-    if (keyShareEntry->privKey != NULL) {
-        XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        keyShareEntry->privKey = NULL;
-    }
-    if (keyShareEntry->pubKey != NULL) {
-        XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        keyShareEntry->pubKey = NULL;
-    }
+    XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH);
+    keyShareEntry->key = NULL;
+    XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->privKey = NULL;
+    XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->pubKey = NULL;
     XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     keyShareEntry->ke = NULL;
 #else
@@ -8050,10 +8834,15 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
-                                       KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessX25519_ex(WOLFSSL* ssl,
+                                          KeyShareEntry* keyShareEntry,
+                                          unsigned char* ssOutput,
+                                          word32* ssOutSz)
 {
     int ret;
 
@@ -8102,23 +8891,27 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
 
     if (ret == 0) {
         ssl->ecdhCurveOID = ECC_X25519_OID;
-
+    #ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_set_rng(key, ssl->rng);
+    }
+    if (ret == 0) {
+    #endif
         ret = wc_curve25519_shared_secret_ex(key, peerX25519Key,
-                                                   ssl->arrays->preMasterSecret,
-                                                   &ssl->arrays->preMasterSz,
-                                                   EC25519_LITTLE_ENDIAN);
+                    ssOutput, ssOutSz, EC25519_LITTLE_ENDIAN);
     }
 
     wc_curve25519_free(peerX25519Key);
     XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
     wc_curve25519_free((curve25519_key*)keyShareEntry->key);
-    if (keyShareEntry->key != NULL) {
-        XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        keyShareEntry->key = NULL;
-    }
+    XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
+    XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->ke = NULL;
 #else
     (void)ssl;
     (void)keyShareEntry;
+    (void)ssOutput;
+    (void)ssOutSz;
 
     ret = PEER_KEY_ERROR;
     WOLFSSL_ERROR_VERBOSE(ret);
@@ -8127,13 +8920,33 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
     return ret;
 }
 
+/* Process the X25519 key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
+                                       KeyShareEntry* keyShareEntry)
+{
+    return TLSX_KeyShare_ProcessX25519_ex(ssl, keyShareEntry,
+                ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
+}
+
 /* Process the X448 key share extension on the client side.
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessX448_ex(WOLFSSL* ssl,
+                                        KeyShareEntry* keyShareEntry,
+                                        unsigned char* ssOutput,
+                                        word32* ssOutSz)
 {
     int ret;
 
@@ -8184,21 +8997,21 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         ssl->ecdhCurveOID = ECC_X448_OID;
 
         ret = wc_curve448_shared_secret_ex(key, peerX448Key,
-                                                   ssl->arrays->preMasterSecret,
-                                                   &ssl->arrays->preMasterSz,
-                                                   EC448_LITTLE_ENDIAN);
+                    ssOutput, ssOutSz, EC448_LITTLE_ENDIAN);
     }
 
     wc_curve448_free(peerX448Key);
     XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX);
     wc_curve448_free((curve448_key*)keyShareEntry->key);
-    if (keyShareEntry->key != NULL) {
-        XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        keyShareEntry->key = NULL;
-    }
+    XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
+    XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->ke = NULL;
 #else
     (void)ssl;
     (void)keyShareEntry;
+    (void)ssOutput;
+    (void)ssOutSz;
 
     ret = PEER_KEY_ERROR;
     WOLFSSL_ERROR_VERBOSE(ret);
@@ -8207,13 +9020,31 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     return ret;
 }
 
-/* Process the ECC key share extension on the client side.
+/* Process the X448 key share extension on the client side.
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+{
+    return TLSX_KeyShare_ProcessX448_ex(ssl, keyShareEntry,
+                ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
+}
+
+/* Process the ECC key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessEcc_ex(WOLFSSL* ssl,
+                                       KeyShareEntry* keyShareEntry,
+                                       unsigned char* ssOutput,
+                                       word32* ssOutSz)
 {
     int ret = 0;
 #ifdef HAVE_ECC
@@ -8275,7 +9106,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         }
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         ret = tsip_Tls13GenSharedSecret(ssl, keyShareEntry);
-        if (ret != CRYPTOCB_UNAVAILABLE) {
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             return ret;
         }
         ret = 0;
@@ -8313,11 +9144,9 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     if (ret == 0) {
         ret = EccSharedSecret(ssl, eccKey, ssl->peerEccKey,
             keyShareEntry->ke, &keyShareEntry->keLen,
-            ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
-            ssl->options.side
-        );
+            ssOutput, ssOutSz, ssl->options.side);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             return ret;
     #endif
     }
@@ -8343,6 +9172,8 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 #else
     (void)ssl;
     (void)keyShareEntry;
+    (void)ssOutput;
+    (void)ssOutSz;
 
     ret = PEER_KEY_ERROR;
     WOLFSSL_ERROR_VERBOSE(ret);
@@ -8351,176 +9182,364 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     return ret;
 }
 
-#ifdef HAVE_PQC
-/* Process the Kyber key share extension on the client side.
+/* Process the ECC key share extension on the client side.
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 {
-    int      ret = 0;
-    int      type;
-    KyberKey kem[1];
-    byte*    sharedSecret = NULL;
-    word32   sharedSecretLen = 0;
-    int      oqs_group = 0;
-    int      ecc_group = 0;
-    ecc_key  eccpubkey;
-    word32   outlen = 0;
-    word32   privSz = 0;
-    word32   ctSz = 0;
-    word32   ssSz = 0;
+    return TLSX_KeyShare_ProcessEcc_ex(ssl, keyShareEntry,
+                ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
+}
 
-    if (keyShareEntry->ke == NULL) {
-        WOLFSSL_MSG("Invalid OQS algorithm specified.");
-        return BAD_FUNC_ARG;
-    }
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+/* Process the Kyber key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessPqcClient_ex(WOLFSSL* ssl,
+                                             KeyShareEntry* keyShareEntry,
+                                             unsigned char* ssOutput,
+                                             word32* ssOutSz)
+{
+    int       ret = 0;
+    KyberKey* kem = (KyberKey*)keyShareEntry->key;
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+    word32    privSz = 0;
+#endif
+    word32    ctSz = 0;
+    word32    ssSz = 0;
 
     if (ssl->options.side == WOLFSSL_SERVER_END) {
         /* I am the server, the shared secret has already been generated and
-         * is in keyShareEntry->ke; copy it to the pre-master secret
-         * pre-allocated buffer. */
-        if (keyShareEntry->keLen > ENCRYPT_LEN) {
-            WOLFSSL_MSG("shared secret is too long.");
-            return LENGTH_ERROR;
-        }
-
-        XMEMCPY(ssl->arrays->preMasterSecret, keyShareEntry->ke,
-                keyShareEntry->keLen);
-        ssl->arrays->preMasterSz = keyShareEntry->keLen;
-        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_SECRET)
-        keyShareEntry->ke = NULL;
-        keyShareEntry->keLen = 0;
+         * is in ssl->arrays->preMasterSecret, so nothing really to do here. */
         return 0;
     }
 
-    /* I am the client, the ciphertext is in keyShareEntry->ke */
-    findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
-
-    ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
-    if (ret != 0) {
-        WOLFSSL_MSG("Memory allocation error.");
-        return MEMORY_E;
-    }
-
-    ret = kyber_id2type(oqs_group, &type);
-    if (ret != 0) {
-        wc_ecc_free(&eccpubkey);
-        WOLFSSL_MSG("Invalid OQS algorithm specified.");
+    if (keyShareEntry->ke == NULL) {
+        WOLFSSL_MSG("Invalid PQC algorithm specified.");
         return BAD_FUNC_ARG;
     }
+    if (ssOutSz == NULL)
+        return BAD_FUNC_ARG;
 
-    ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
-    if (ret != 0) {
-        wc_ecc_free(&eccpubkey);
-        WOLFSSL_MSG("Error creating Kyber KEM");
-        return MEMORY_E;
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+    if (kem == NULL) {
+        int type = 0;
+
+        /* Allocate a Kyber key to hold private key. */
+        kem = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap,
+                                  DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kem == NULL) {
+            WOLFSSL_MSG("GenPqcKey memory error");
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            ret = kyber_id2type(keyShareEntry->group, &type);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid PQC algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
+        }
     }
+#else
+    if (kem == NULL || keyShareEntry->privKeyLen != 0) {
+        WOLFSSL_MSG("Invalid Kyber key.");
+        ret = BAD_FUNC_ARG;
+    }
+#endif
 
     if (ret == 0) {
         ret = wc_KyberKey_SharedSecretSize(kem, &ssSz);
     }
-    if (ret == 0) {
-        sharedSecretLen = ssSz;
-        switch (ecc_group) {
-        case WOLFSSL_ECC_SECP256R1:
-            sharedSecretLen += 32;
-            outlen = 32;
-            break;
-        case WOLFSSL_ECC_SECP384R1:
-            sharedSecretLen += 48;
-            outlen = 48;
-            break;
-        case WOLFSSL_ECC_SECP521R1:
-            sharedSecretLen += 66;
-            outlen = 66;
-            break;
-        default:
-            break;
-        }
-    }
-    if (ret == 0) {
-        sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap,
-                                      DYNAMIC_TYPE_TLSX);
-        if (sharedSecret == NULL) {
-            WOLFSSL_MSG("Memory allocation error.");
-            ret = MEMORY_E;
-        }
-    }
     if (ret == 0) {
         ret = wc_KyberKey_CipherTextSize(kem, &ctSz);
     }
+
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     if (ret == 0) {
         ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
     }
+    if (ret == 0 && privSz != keyShareEntry->privKeyLen) {
+        WOLFSSL_MSG("Invalid private key size.");
+        ret = BAD_FUNC_ARG;
+    }
     if (ret == 0) {
         ret = wc_KyberKey_DecodePrivateKey(kem, keyShareEntry->privKey, privSz);
     }
+#endif
+
     if (ret == 0) {
-        ret = wc_KyberKey_Decapsulate(kem, sharedSecret + outlen,
-            keyShareEntry->ke + keyShareEntry->keLen - ctSz, ctSz);
+        ret = wc_KyberKey_Decapsulate(kem, ssOutput,
+                                      keyShareEntry->ke, ctSz);
         if (ret != 0) {
             WOLFSSL_MSG("wc_KyberKey decapsulation failure.");
             ret = BAD_FUNC_ARG;
         }
     }
-
-    if (ecc_group != 0) {
-        if (ret == 0) {
-            /* Point is validated by import function. */
-            ret = wc_ecc_import_x963(keyShareEntry->ke,
-                                     keyShareEntry->keLen - ctSz,
-                                     &eccpubkey);
-            if (ret != 0) {
-                WOLFSSL_MSG("ECC Public key import error.");
-            }
-        }
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
-        if (ret == 0) {
-            ret = wc_ecc_set_rng(keyShareEntry->key, ssl->rng);
-            if (ret != 0) {
-                WOLFSSL_MSG("Failure to set the ECC private key RNG.");
-            }
-        }
-#endif
-
-        if (ret == 0) {
-            PRIVATE_KEY_UNLOCK();
-            ret = wc_ecc_shared_secret(keyShareEntry->key, &eccpubkey,
-                sharedSecret, &outlen);
-            PRIVATE_KEY_LOCK();
-            if (outlen != sharedSecretLen - ssSz) {
-                WOLFSSL_MSG("ECC shared secret derivation error.");
-                ret = BAD_FUNC_ARG;
-            }
-        }
+    if (ret == 0) {
+        *ssOutSz = ssSz;
     }
-    if ((ret == 0) && (sharedSecretLen > ENCRYPT_LEN)) {
-        WOLFSSL_MSG("shared secret is too long.");
-        ret = LENGTH_ERROR;
+
+    wc_KyberKey_Free(kem);
+
+    XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
+
+    XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->ke = NULL;
+
+    return ret;
+}
+
+/* Process the Kyber key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessPqcClient(WOLFSSL* ssl,
+                                          KeyShareEntry* keyShareEntry)
+{
+    return TLSX_KeyShare_ProcessPqcClient_ex(ssl, keyShareEntry,
+                                             ssl->arrays->preMasterSecret,
+                                             &ssl->arrays->preMasterSz);
+}
+
+/* Process the hybrid key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl,
+                                                KeyShareEntry* keyShareEntry)
+{
+    int      ret = 0;
+    int      pqc_group = 0;
+    int      ecc_group = 0;
+    int      pqc_first = 0;
+    KeyShareEntry* pqc_kse = NULL;
+    KeyShareEntry *ecc_kse = NULL;
+    word32   ctSz = 0;
+    word32   ssSzPqc = 0;
+    word32   ssSzEcc = 0;
+
+    if (ssl->options.side == WOLFSSL_SERVER_END) {
+        /* I am the server, the shared secret has already been generated and
+         * is in ssl->arrays->preMasterSecret, so nothing really to do here. */
+        return 0;
+    }
+
+    if (keyShareEntry->ke == NULL) {
+        WOLFSSL_MSG("Invalid PQC algorithm specified.");
+        return BAD_FUNC_ARG;
+    }
+
+    /* I am the client, both the PQC ciphertext and the ECHD public key are in
+     * keyShareEntry->ke */
+
+    /* Determine the ECC and PQC group of the hybrid combination */
+    findEccPqc(&ecc_group, &pqc_group, &pqc_first, keyShareEntry->group);
+    if (ecc_group == 0 || pqc_group == 0) {
+        WOLFSSL_MSG("Invalid hybrid group");
+        ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-         /* Copy the shared secret to the  pre-master secret pre-allocated
-          * buffer. */
-        XMEMCPY(ssl->arrays->preMasterSecret, sharedSecret, sharedSecretLen);
-        ssl->arrays->preMasterSz = (word32) sharedSecretLen;
+        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (ecc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
+        }
+    }
+    if (ret == 0) {
+        pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (pqc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(pqc_kse, 0, sizeof(*pqc_kse));
+        }
     }
 
-    if (sharedSecret != NULL) {
-        XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+    /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we
+     * decode these sizes to separate the KEM ciphertext from the ECDH public
+     * key. */
+    if (ret == 0) {
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        int type;
+
+        pqc_kse->privKey = keyShareEntry->privKey;
+
+        ret = kyber_id2type(pqc_group, &type);
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid Kyber algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            pqc_kse->key = XMALLOC(sizeof(KyberKey), ssl->heap,
+                                DYNAMIC_TYPE_PRIVATE_KEY);
+            if (pqc_kse->key == NULL) {
+                WOLFSSL_MSG("GenPqcKey memory error");
+                ret = MEMORY_E;
+            }
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key,
+                                   ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
+        }
+    #else
+        pqc_kse->key = keyShareEntry->privKey;
+    #endif
+
+        pqc_kse->group = pqc_group;
+        pqc_kse->privKeyLen = keyShareEntry->privKeyLen;
+
+        if (ret == 0) {
+            ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key,
+                                               &ssSzPqc);
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_CipherTextSize((KyberKey*)pqc_kse->key,
+                                             &ctSz);
+            if (ret == 0 && keyShareEntry->keLen <= ctSz) {
+                WOLFSSL_MSG("Invalid ciphertext size.");
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        if (ret == 0) {
+            pqc_kse->keLen = ctSz;
+            pqc_kse->ke = (byte*)XMALLOC(pqc_kse->keLen, ssl->heap,
+                                         DYNAMIC_TYPE_PUBLIC_KEY);
+            if (pqc_kse->ke == NULL) {
+                WOLFSSL_MSG("pqc_kse memory allocation failure");
+                ret = MEMORY_ERROR;
+            }
+            /* Copy the PQC KEM ciphertext. Depending on the pqc_first flag,
+             * the KEM ciphertext comes before or after the ECDH public key. */
+            if (ret == 0) {
+                int offset = keyShareEntry->keLen - ctSz;
+
+                if (pqc_first)
+                    offset = 0;
+
+                XMEMCPY(pqc_kse->ke, keyShareEntry->ke + offset, ctSz);
+            }
+        }
     }
 
-    wc_ecc_free(&eccpubkey);
-    wc_KyberKey_Free(kem);
+    if (ret == 0) {
+        ecc_kse->group = ecc_group;
+        ecc_kse->keLen = keyShareEntry->keLen - ctSz;
+        ecc_kse->key = keyShareEntry->key;
+        ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap,
+                                        DYNAMIC_TYPE_PUBLIC_KEY);
+        if (ecc_kse->ke == NULL) {
+            WOLFSSL_MSG("ecc_kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        /* Copy the ECDH public key. Depending on the pqc_first flag, the
+         * KEM ciphertext comes before or after the ECDH public key. */
+        if (ret == 0) {
+            int offset = 0;
+
+            if (pqc_first)
+                offset = ctSz;
+
+            XMEMCPY(ecc_kse->ke, keyShareEntry->ke + offset, ecc_kse->keLen);
+        }
+    }
+
+    /* Process ECDH key share part. The generated shared secret is directly
+     * stored in the ssl->arrays->preMasterSecret buffer. Depending on the
+     * pqc_first flag, the ECDH shared secret part goes before or after the
+     * KEM part. */
+    if (ret == 0) {
+        int offset = 0;
+
+        /* Set the ECC size variable to the initial buffer size */
+        ssSzEcc = ssl->arrays->preMasterSz;
+
+        if (pqc_first)
+            offset = ssSzPqc;
+
+    #ifdef HAVE_CURVE25519
+        if (ecc_group == WOLFSSL_ECC_X25519) {
+            ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse,
+                    ssl->arrays->preMasterSecret + offset, &ssSzEcc);
+        }
+        else
+    #endif
+    #ifdef HAVE_CURVE448
+        if (ecc_group == WOLFSSL_ECC_X448) {
+            ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse,
+                    ssl->arrays->preMasterSecret + offset, &ssSzEcc);
+        }
+        else
+    #endif
+        {
+            ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse,
+                    ssl->arrays->preMasterSecret + offset, &ssSzEcc);
+        }
+    }
+
+    if (ret == 0) {
+        keyShareEntry->key = ecc_kse->key;
+
+        if ((ret == 0) && ((ssSzEcc + ssSzPqc) > ENCRYPT_LEN)) {
+            WOLFSSL_MSG("shared secret is too long.");
+            ret = LENGTH_ERROR;
+        }
+    }
+
+    /* Process PQC KEM key share part. Depending on the pqc_first flag, the
+     * KEM shared secret part goes before or after the ECDH part. */
+    if (ret == 0) {
+        int offset = ssSzEcc;
+
+        if (pqc_first)
+            offset = 0;
+
+        ret = TLSX_KeyShare_ProcessPqcClient_ex(ssl, pqc_kse,
+                ssl->arrays->preMasterSecret + offset, &ssSzPqc);
+    }
+
+    if (ret == 0) {
+        keyShareEntry->privKey = (byte*)pqc_kse->key;
+
+        ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc;
+    }
+
+    TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
+    TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
+
     return ret;
 }
-#endif /* HAVE_PQC */
+#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_KYBER_NO_DECAPSULATE */
 
 /* Process the key share extension on the client side.
  *
@@ -8540,15 +9559,17 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         ssl->arrays->preMasterSz = ENCRYPT_LEN;
 
     /* Use Key Share Data from server. */
-    if (WOLFSSL_NAMED_GROUP_IS_FFHDE(keyShareEntry->group))
+    if (WOLFSSL_NAMED_GROUP_IS_FFDHE(keyShareEntry->group))
         ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry);
     else if (keyShareEntry->group == WOLFSSL_ECC_X25519)
         ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
     else if (keyShareEntry->group == WOLFSSL_ECC_X448)
         ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
-#ifdef HAVE_PQC
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
     else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group))
-        ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry);
+        ret = TLSX_KeyShare_ProcessPqcClient(ssl, keyShareEntry);
+    else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(keyShareEntry->group))
+        ret = TLSX_KeyShare_ProcessPqcHybridClient(ssl, keyShareEntry);
 #endif
     else
         ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry);
@@ -8597,11 +9618,18 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
     if (keLen > length - offset)
         return BUFFER_ERROR;
 
-#ifdef HAVE_PQC
-    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
+#ifdef WOLFSSL_HAVE_KYBER
+    if ((WOLFSSL_NAMED_GROUP_IS_PQC(group) ||
+         WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) &&
         ssl->options.side == WOLFSSL_SERVER_END) {
-        /* For KEMs, the public key is not stored. Casting away const because
-         * we know for KEMs, it will be read-only.*/
+        /* When handling a key share containing a KEM public key on the server
+         * end, we have to perform the encapsulation immediately in order to
+         * send the resulting ciphertext back to the client in the ServerHello
+         * message. As the public key is not stored and we do not modify it, we
+         * don't have to create a copy of it.
+         * In case of a hybrid key exchange, the ECDH part is also performed
+         * immediately (to not split the generation of the master secret).
+         * Hence, we also don't have to store this public key either.  */
         ke = (byte *)&input[offset];
     } else
 #endif
@@ -8776,7 +9804,7 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
 
         /* Not in list sent if there isn't a private key. */
         if (keyShareEntry == NULL || (keyShareEntry->key == NULL
-        #if !defined(NO_DH) || defined(HAVE_PQC)
+        #if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER)
             && keyShareEntry->privKey == NULL
         #endif
         )) {
@@ -8798,16 +9826,18 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
 
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* only perform find and clear TLSX if not returning from async */
-        if (ssl->error != WC_PENDING_E)
+        if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
     #endif
         {
-            /* Check the selected group was supported by ClientHello extensions. */
+            /* Check the selected group was supported by ClientHello extensions.
+             */
             if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) {
                 WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
                 return BAD_KEY_SHARE_DATA;
             }
 
-            /* Check if the group was sent. */
+            /* Make sure KeyShare for server requested group was not sent in
+             * ClientHello. */
             if (TLSX_KeyShare_Find(ssl, group)) {
                 WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
                 return BAD_KEY_SHARE_DATA;
@@ -8868,76 +9898,228 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
     return 0;
 }
 
-#ifdef HAVE_PQC
-static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
-    KeyShareEntry* keyShareEntry, byte* data, word16 len)
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
+/* Process the Kyber key share extension on the server side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to be sent to the client.
+ * data           The key share data received from the client.
+ * len            The length of the key share data from the client.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_HandlePqcKeyServer(WOLFSSL* ssl,
+    KeyShareEntry* keyShareEntry, byte* clientData, word16 clientLen,
+    unsigned char* ssOutput, word32* ssOutSz)
 {
-    /* I am the server. The data parameter is the client's public key. I need
-     * to generate the public information (AKA ciphertext) and shared secret
-     * here. Note the "public information" is equivalent to a the public key in
-     * key exchange parlance. That's why it is being assigned to pubKey.
-     */
-    int type;
-    KyberKey kem[1];
-    byte* sharedSecret = NULL;
+    /* We are on the server side. The key share contains a PQC KEM public key
+     * that we are using for an encapsulate operation. The resulting ciphertext
+     * is stored in the server key share. */
+    KyberKey* kemKey = (KyberKey*)keyShareEntry->key;
     byte* ciphertext = NULL;
     int ret = 0;
-    int oqs_group = 0;
-    int ecc_group = 0;
-    KeyShareEntry *ecc_kse = NULL;
-    ecc_key eccpubkey;
-    word32 outlen = 0;
     word32 pubSz = 0;
     word32 ctSz = 0;
     word32 ssSz = 0;
 
-    findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
-    ret = kyber_id2type(oqs_group, &type);
-    if (ret != 0) {
-        WOLFSSL_MSG("Invalid Kyber algorithm specified.");
+    if (clientData == NULL) {
+        WOLFSSL_MSG("No KEM public key from the client.");
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
-    if (ret != 0) {
-        WOLFSSL_MSG("Could not do ECC public key initialization.");
-        return MEMORY_E;
-    }
+    if (kemKey == NULL) {
+        int type = 0;
 
-    ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
-    if (ret != 0) {
-        wc_ecc_free(&eccpubkey);
-        WOLFSSL_MSG("Error creating Kyber KEM");
-        return MEMORY_E;
-    }
-
-    if (ret == 0) {
-        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
-            DYNAMIC_TYPE_TLSX);
-        if (ecc_kse == NULL) {
-            WOLFSSL_MSG("ecc_kse memory allocation failure");
-            ret = MEMORY_ERROR;
+        /* Allocate a Kyber key to hold private key. */
+        kemKey = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap,
+                                     DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kemKey == NULL) {
+            WOLFSSL_MSG("GenPqcKey memory error");
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            ret = kyber_id2type(keyShareEntry->group, &type);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid PQC algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, kemKey, ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
         }
     }
 
     if (ret == 0) {
-        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
+        ret = wc_KyberKey_PublicKeySize(kemKey, &pubSz);
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_CipherTextSize(kemKey, &ctSz);
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_SharedSecretSize(kemKey, &ssSz);
     }
 
+    if (ret == 0 && clientLen != pubSz) {
+        WOLFSSL_MSG("Invalid public key.");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ciphertext = (byte*)XMALLOC(ctSz, ssl->heap, DYNAMIC_TYPE_TLSX);
+
+        if (ciphertext == NULL) {
+            WOLFSSL_MSG("Ciphertext memory allocation failure.");
+            ret = MEMORY_E;
+        }
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_DecodePublicKey(kemKey, clientData, pubSz);
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_Encapsulate(kemKey, ciphertext,
+                                      ssOutput, ssl->rng);
+        if (ret != 0) {
+            WOLFSSL_MSG("wc_KyberKey encapsulation failure.");
+        }
+    }
+
+    if (ret == 0) {
+        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+
+        *ssOutSz = ssSz;
+        keyShareEntry->ke = NULL;
+        keyShareEntry->keLen = 0;
+
+        keyShareEntry->pubKey = ciphertext;
+        keyShareEntry->pubKeyLen = ctSz;
+        ciphertext = NULL;
+
+        /* Set namedGroup so wolfSSL_get_curve_name() can function properly on
+         * the server side. */
+        ssl->namedGroup = keyShareEntry->group;
+    }
+
+    XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
+
+    wc_KyberKey_Free(kemKey);
+    XFREE(kemKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
+    return ret;
+}
+
+static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
+    KeyShareEntry* keyShareEntry, byte* data, word16 len)
+{
+    /* I am the server. The data parameter is the concatenation of the client's
+     * ECDH public key and the KEM public key. I need to generate a matching
+     * public key for ECDH and encapsulate a shared secret using the KEM public
+     * key. We send the ECDH public key and the KEM ciphertext back to the
+     * client. Additionally, we create the ECDH shared secret here already.
+     */
+    int    type;
+    byte*  ciphertext = NULL;
+    int    ret = 0;
+    int    pqc_group = 0;
+    int    ecc_group = 0;
+    int    pqc_first = 0;
+    KeyShareEntry *ecc_kse = NULL;
+    KeyShareEntry *pqc_kse = NULL;
+    word32 pubSz = 0;
+    word32 ctSz = 0;
+    word32 ssSzPqc = 0;
+    word32 ssSzEcc = 0;
+
+    if (data == NULL) {
+        WOLFSSL_MSG("No hybrid key share data from the client.");
+        return BAD_FUNC_ARG;
+    }
+
+    /* Determine the ECC and PQC group of the hybrid combination */
+    findEccPqc(&ecc_group, &pqc_group, &pqc_first, keyShareEntry->group);
+    if (ecc_group == 0 || pqc_group == 0) {
+        WOLFSSL_MSG("Invalid hybrid group");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (ecc_kse == NULL || pqc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we
+     * decode these sizes to properly concatenate the KEM ciphertext with the
+     * ECDH public key. */
+    if (ret == 0) {
+        XMEMSET(pqc_kse, 0, sizeof(*pqc_kse));
+        pqc_kse->group = pqc_group;
+
+        /* Allocate a Kyber key to hold private key. */
+        pqc_kse->key = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap,
+                                           DYNAMIC_TYPE_PRIVATE_KEY);
+        if (pqc_kse->key == NULL) {
+            WOLFSSL_MSG("GenPqcKey memory error");
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            ret = kyber_id2type(pqc_kse->group, &type);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid PQC algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key,
+                                   ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key,
+                                               &ssSzPqc);
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_CipherTextSize((KyberKey*)pqc_kse->key,
+                                             &ctSz);
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_PublicKeySize((KyberKey*)pqc_kse->key,
+                                            &pubSz);
+        }
+    }
+
+    /* Generate the ECDH key share part to be sent to the client */
     if (ret == 0 && ecc_group != 0) {
+        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
         ecc_kse->group = ecc_group;
-        ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
-        /* No message, TLSX_KeyShare_GenEccKey() will do it. */
-    }
-
-    if (ret == 0) {
-        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
-    }
-    if (ret == 0) {
-        ret = wc_KyberKey_CipherTextSize(kem, &ctSz);
-    }
-    if (ret == 0) {
-        ret = wc_KyberKey_SharedSecretSize(kem, &ssSz);
+    #ifdef HAVE_CURVE25519
+        if (ecc_group == WOLFSSL_ECC_X25519) {
+            ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+    #ifdef HAVE_CURVE448
+        if (ecc_group == WOLFSSL_ECC_X448) {
+            ret = TLSX_KeyShare_GenX448Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+        {
+            ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
+        }
+        /* No error message, TLSX_KeyShare_GenKey will do it. */
     }
 
     if (ret == 0 && len != pubSz + ecc_kse->pubKeyLen) {
@@ -8945,73 +10127,113 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
         ret = BAD_FUNC_ARG;
     }
 
+    /* Allocate buffer for the concatenated client key share data
+     * (PQC KEM ciphertext + ECDH public key) */
     if (ret == 0) {
-        sharedSecret = (byte*)XMALLOC(ecc_kse->keyLen + ssSz, ssl->heap,
-            DYNAMIC_TYPE_SECRET);
         ciphertext = (byte*)XMALLOC(ecc_kse->pubKeyLen + ctSz, ssl->heap,
             DYNAMIC_TYPE_TLSX);
 
-        if (sharedSecret == NULL || ciphertext == NULL) {
-            WOLFSSL_MSG("Ciphertext/shared secret memory allocation failure.");
+        if (ciphertext == NULL) {
+            WOLFSSL_MSG("Ciphertext memory allocation failure.");
             ret = MEMORY_E;
         }
     }
 
-    if (ecc_group != 0) {
+    /* Process ECDH key share part. The generated shared secret is directly
+     * stored in the ssl->arrays->preMasterSecret buffer. Depending on the
+     * pqc_first flag, the ECDH shared secret part goes before or after the
+     * KEM part. */
+    if (ret == 0) {
+        ecc_kse->keLen = len - pubSz;
+        ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap,
+                                     DYNAMIC_TYPE_PUBLIC_KEY);
+        if (ecc_kse->ke == NULL) {
+            WOLFSSL_MSG("ecc_kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
         if (ret == 0) {
-            /* Point is validated by import function. */
-            ret = wc_ecc_import_x963(data, len - pubSz, &eccpubkey);
-            if (ret != 0) {
-                WOLFSSL_MSG("Bad ECC public key.");
+            int pubOffset = 0;
+            int ssOffset = 0;
+
+            /* Set the ECC size variable to the initial buffer size */
+            ssSzEcc = ssl->arrays->preMasterSz;
+
+            if (pqc_first) {
+                pubOffset = pubSz;
+                ssOffset = ssSzPqc;
+            }
+
+            XMEMCPY(ecc_kse->ke, data + pubOffset, ecc_kse->keLen);
+
+        #ifdef HAVE_CURVE25519
+            if (ecc_group == WOLFSSL_ECC_X25519) {
+                ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse,
+                        ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc);
+            }
+            else
+        #endif
+        #ifdef HAVE_CURVE448
+            if (ecc_group == WOLFSSL_ECC_X448) {
+                ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse,
+                        ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc);
+            }
+            else
+        #endif
+            {
+                ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse,
+                        ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc);
             }
         }
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
         if (ret == 0) {
-            ret = wc_ecc_set_rng(ecc_kse->key, ssl->rng);
-        }
-#endif
-
-        if (ret == 0) {
-            outlen = ecc_kse->keyLen;
-            PRIVATE_KEY_UNLOCK();
-            ret = wc_ecc_shared_secret(ecc_kse->key, &eccpubkey,
-                                       sharedSecret,
-                                       &outlen);
-            PRIVATE_KEY_LOCK();
-            if (outlen != ecc_kse->keyLen) {
+            if (ssSzEcc != ecc_kse->keyLen) {
                 WOLFSSL_MSG("Data length mismatch.");
                 ret = BAD_FUNC_ARG;
             }
         }
     }
 
-    if (ret == 0) {
-        ret = wc_KyberKey_DecodePublicKey(kem, data + ecc_kse->pubKeyLen,
-            pubSz);
+    if (ret == 0 && ssSzEcc + ssSzPqc > ENCRYPT_LEN) {
+        WOLFSSL_MSG("shared secret is too long.");
+        ret = LENGTH_ERROR;
     }
+
+    /* Process PQC KEM key share part. Depending on the pqc_first flag, the
+     * KEM shared secret part goes before or after the ECDH part. */
     if (ret == 0) {
-        ret = wc_KyberKey_Encapsulate(kem, ciphertext + ecc_kse->pubKeyLen,
-            sharedSecret + outlen, ssl->rng);
-        if (ret != 0) {
-            WOLFSSL_MSG("wc_KyberKey encapsulation failure.");
+        int input_offset = ecc_kse->keLen;
+        int output_offset = ssSzEcc;
+
+        if (pqc_first) {
+            input_offset = 0;
+            output_offset = 0;
         }
+
+        ret = TLSX_KeyShare_HandlePqcKeyServer(ssl, pqc_kse,
+                data + input_offset, pubSz,
+                ssl->arrays->preMasterSecret + output_offset, &ssSzPqc);
     }
 
     if (ret == 0) {
-        if (keyShareEntry->ke != NULL) {
-            XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+
+        ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc;
+        keyShareEntry->ke = NULL;
+        keyShareEntry->keLen = 0;
+
+        /* Concatenate the ECDH public key and the PQC KEM ciphertext. Based on
+         * the pqc_first flag, the ECDH public key goes before or after the KEM
+         * ciphertext. */
+        if (pqc_first) {
+            XMEMCPY(ciphertext, pqc_kse->pubKey, ctSz);
+            XMEMCPY(ciphertext + ctSz, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+        }
+        else {
+            XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+            XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz);
         }
 
-        keyShareEntry->ke = sharedSecret;
-        keyShareEntry->keLen = outlen + ssSz;
-        sharedSecret = NULL;
-
-        XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
         keyShareEntry->pubKey = ciphertext;
-        keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen + ctSz);
+        keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz;
         ciphertext = NULL;
 
         /* Set namedGroup so wolfSSL_get_curve_name() can function properly on
@@ -9020,15 +10242,11 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     }
 
     TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
-    if (sharedSecret != NULL)
-        XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
-    if (ciphertext != NULL)
-        XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
-    wc_ecc_free(&eccpubkey);
-    wc_KyberKey_Free(kem);
+    TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
+    XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
     return ret;
 }
-#endif /* HAVE_PQC */
+#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_KYBER_NO_ENCAPSULATE */
 
 /* Use the data to create a new key share object in the extensions.
  *
@@ -9077,20 +10295,29 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
     }
 
 
-#ifdef HAVE_PQC
-    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
-        ssl->options.side == WOLFSSL_SERVER_END) {
-        ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data,
-                                             len);
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
+    if (ssl->options.side == WOLFSSL_SERVER_END &&
+            WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
+        ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl,
+                                               keyShareEntry,
+                                               data, len,
+                                               ssl->arrays->preMasterSecret,
+                                               &ssl->arrays->preMasterSz);
+        if (ret != 0)
+            return ret;
+    }
+    else if (ssl->options.side == WOLFSSL_SERVER_END &&
+             WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) {
+        ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl,
+                                                     keyShareEntry,
+                                                     data, len);
         if (ret != 0)
             return ret;
     }
     else
 #endif
     if (data != NULL) {
-        if (keyShareEntry->ke != NULL) {
-            XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        }
+        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         keyShareEntry->ke = data;
         keyShareEntry->keLen = len;
     }
@@ -9244,31 +10471,42 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
             break;
         #endif
     #endif
-    #ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
     #ifdef WOLFSSL_WC_KYBER
-        #ifdef WOLFSSL_KYBER512
-            case WOLFSSL_KYBER_LEVEL1:
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            case WOLFSSL_ML_KEM_512:
+            case WOLFSSL_P256_ML_KEM_512:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_ML_KEM_512:
         #endif
-        #ifdef WOLFSSL_KYBER768
-            case WOLFSSL_KYBER_LEVEL3:
         #endif
-        #ifdef WOLFSSL_KYBER1024
-            case WOLFSSL_KYBER_LEVEL5:
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            case WOLFSSL_ML_KEM_768:
+            case WOLFSSL_P384_ML_KEM_768:
+            case WOLFSSL_P256_ML_KEM_768:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_ML_KEM_768:
+        #endif
+        #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+            case WOLFSSL_X448_ML_KEM_768:
+        #endif
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            case WOLFSSL_ML_KEM_1024:
+            case WOLFSSL_P521_ML_KEM_1024:
+            case WOLFSSL_P384_ML_KEM_1024:
         #endif
                 break;
     #elif defined(HAVE_LIBOQS)
-        case WOLFSSL_KYBER_LEVEL1:
-        case WOLFSSL_KYBER_LEVEL3:
-        case WOLFSSL_KYBER_LEVEL5:
-        case WOLFSSL_P256_KYBER_LEVEL1:
-        case WOLFSSL_P384_KYBER_LEVEL3:
-        case WOLFSSL_P521_KYBER_LEVEL5:
+        case WOLFSSL_ML_KEM_512:
+        case WOLFSSL_ML_KEM_768:
+        case WOLFSSL_ML_KEM_1024:
         {
             int ret;
             int id;
-            findEccPqc(NULL, &namedGroup, namedGroup);
             ret = kyber_id2type(namedGroup, &id);
-            if (ret == NOT_COMPILED_IN) {
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
                 return 0;
             }
 
@@ -9277,11 +10515,96 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
             }
             break;
         }
-    #elif defined(HAVE_PQM4)
-        case WOLFSSL_KYBER_LEVEL1:
+        case WOLFSSL_P256_ML_KEM_512:
+        case WOLFSSL_P384_ML_KEM_768:
+        case WOLFSSL_P256_ML_KEM_768:
+        case WOLFSSL_P521_ML_KEM_1024:
+        case WOLFSSL_P384_ML_KEM_1024:
+        case WOLFSSL_X25519_ML_KEM_512:
+        case WOLFSSL_X448_ML_KEM_768:
+        case WOLFSSL_X25519_ML_KEM_768:
+        {
+            int ret;
+            int id;
+            findEccPqc(NULL, &namedGroup, NULL, namedGroup);
+            ret = kyber_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_kyber_enabled(id)) {
+                return 0;
+            }
             break;
+        }
     #endif
-    #endif /* HAVE_PQC */
+#endif /* WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_WC_KYBER
+        #ifdef WOLFSSL_KYBER512
+            case WOLFSSL_KYBER_LEVEL1:
+            case WOLFSSL_P256_KYBER_LEVEL1:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_KYBER_LEVEL1:
+        #endif
+        #endif
+        #ifdef WOLFSSL_KYBER768
+            case WOLFSSL_KYBER_LEVEL3:
+            case WOLFSSL_P384_KYBER_LEVEL3:
+            case WOLFSSL_P256_KYBER_LEVEL3:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_KYBER_LEVEL3:
+        #endif
+        #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+            case WOLFSSL_X448_KYBER_LEVEL3:
+        #endif
+        #endif
+        #ifdef WOLFSSL_KYBER1024
+            case WOLFSSL_KYBER_LEVEL5:
+            case WOLFSSL_P521_KYBER_LEVEL5:
+        #endif
+                break;
+    #elif defined(HAVE_LIBOQS)
+        case WOLFSSL_KYBER_LEVEL1:
+        case WOLFSSL_KYBER_LEVEL3:
+        case WOLFSSL_KYBER_LEVEL5:
+        {
+            int ret;
+            int id;
+            ret = kyber_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_kyber_enabled(id)) {
+                return 0;
+            }
+            break;
+        }
+        case WOLFSSL_P256_KYBER_LEVEL1:
+        case WOLFSSL_P384_KYBER_LEVEL3:
+        case WOLFSSL_P256_KYBER_LEVEL3:
+        case WOLFSSL_P521_KYBER_LEVEL5:
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+        case WOLFSSL_X448_KYBER_LEVEL3:
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+        {
+            int ret;
+            int id;
+            findEccPqc(NULL, &namedGroup, NULL, namedGroup);
+            ret = kyber_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_kyber_enabled(id)) {
+                return 0;
+            }
+            break;
+        }
+    #endif
+#endif
+#endif /* WOLFSSL_HAVE_KYBER */
         default:
             return 0;
     }
@@ -9327,15 +10650,73 @@ static const word16 preferredGroup[] = {
 #if defined(HAVE_FFDHE_8192)
     WOLFSSL_FFDHE_8192,
 #endif
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_KYBER
+    #ifndef WOLFSSL_NO_ML_KEM_512
+    WOLFSSL_ML_KEM_512,
+    WOLFSSL_P256_ML_KEM_512,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_ML_KEM_512,
+    #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+    WOLFSSL_ML_KEM_768,
+    WOLFSSL_P384_ML_KEM_768,
+    WOLFSSL_P256_ML_KEM_768,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_ML_KEM_768,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_ML_KEM_768,
+    #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+    WOLFSSL_ML_KEM_1024,
+    WOLFSSL_P521_ML_KEM_1024,
+    WOLFSSL_P384_ML_KEM_1024,
+    #endif
+#elif defined(HAVE_LIBOQS)
+    /* These require a runtime call to TLSX_KeyShare_IsSupported to use */
+    WOLFSSL_ML_KEM_512,
+    WOLFSSL_ML_KEM_768,
+    WOLFSSL_ML_KEM_1024,
+    WOLFSSL_P256_ML_KEM_512,
+    WOLFSSL_P384_ML_KEM_768,
+    WOLFSSL_P256_ML_KEM_768,
+    WOLFSSL_P521_ML_KEM_1024,
+    WOLFSSL_P384_ML_KEM_1024,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_ML_KEM_512,
+    WOLFSSL_X25519_ML_KEM_768,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_ML_KEM_768,
+    #endif
+#endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_WC_KYBER
     #ifdef WOLFSSL_KYBER512
     WOLFSSL_KYBER_LEVEL1,
+    WOLFSSL_P256_KYBER_LEVEL1,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_KYBER_LEVEL1,
+    #endif
     #endif
     #ifdef WOLFSSL_KYBER768
     WOLFSSL_KYBER_LEVEL3,
+    WOLFSSL_P384_KYBER_LEVEL3,
+    WOLFSSL_P256_KYBER_LEVEL3,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_KYBER_LEVEL3,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_KYBER_LEVEL3,
+    #endif
     #endif
     #ifdef WOLFSSL_KYBER1024
     WOLFSSL_KYBER_LEVEL5,
+    WOLFSSL_P521_KYBER_LEVEL5,
     #endif
 #elif defined(HAVE_LIBOQS)
     /* These require a runtime call to TLSX_KeyShare_IsSupported to use */
@@ -9344,10 +10725,17 @@ static const word16 preferredGroup[] = {
     WOLFSSL_KYBER_LEVEL5,
     WOLFSSL_P256_KYBER_LEVEL1,
     WOLFSSL_P384_KYBER_LEVEL3,
+    WOLFSSL_P256_KYBER_LEVEL3,
     WOLFSSL_P521_KYBER_LEVEL5,
-#elif defined(HAVE_PQM4)
-    WOLFSSL_KYBER_LEVEL1,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_KYBER_LEVEL1,
+    WOLFSSL_X25519_KYBER_LEVEL3,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_KYBER_LEVEL3,
+    #endif
 #endif
+#endif /* WOLFSSL_KYBER_ORIGINAL */
     WOLFSSL_NAMED_GROUP_INVALID
 };
 
@@ -9370,8 +10758,7 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group)
     byte numGroups;
 
     if (ssl->numGroups == 0) {
-        groups = preferredGroup;
-        numGroups = PREFERRED_GROUP_SZ;
+        return 0;
     }
     else {
         groups = ssl->group;
@@ -9380,14 +10767,14 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group)
 
 #ifdef HAVE_LIBOQS
       if (!TLSX_KeyShare_IsSupported(group))
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
 #endif
 
     for (i = 0; i < numGroups; i++)
         if (groups[i] == (word16)group)
             return i;
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* Set a key share that is supported by the client into extensions.
@@ -9439,7 +10826,7 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions)
         kse = (KeyShareEntry*)extension->data;
         /* We should not be computing keys if we are only going to advertise
          * our choice here. */
-        if (kse != NULL && kse->lastRet == WC_PENDING_E) {
+        if (kse != NULL && kse->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
             return BAD_KEY_SHARE_DATA;
         }
@@ -9470,6 +10857,131 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions)
     return ret;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Writes the CKS objects of a list in a buffer. */
+static word16 CKS_WRITE(WOLFSSL* ssl, byte* output)
+{
+    XMEMCPY(output, ssl->sigSpec, ssl->sigSpecSz);
+    return ssl->sigSpecSz;
+}
+
+static int TLSX_UseCKS(TLSX** extensions, WOLFSSL* ssl, void* heap)
+{
+    int ret = 0;
+    TLSX* extension;
+
+    if (extensions == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    extension = TLSX_Find(*extensions, TLSX_CKS);
+    /* If it is already present, do nothing. */
+    if (extension == NULL) {
+        /* The data required is in the ssl struct, so push it in. */
+        ret = TLSX_Push(extensions, TLSX_CKS, (void*)ssl, heap);
+    }
+
+    return ret;
+}
+
+int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions)
+{
+    int ret;
+    TLSX* extension;
+    /* Push new KeyShare extension. This will also free the old one */
+    ret = TLSX_Push(extensions, TLSX_CKS, NULL, ssl->heap);
+    if (ret != 0)
+        return ret;
+    /* Extension got pushed to head */
+    extension = *extensions;
+    /* Need ssl->sigSpecSz during extension length calculation. */
+    extension->data = ssl;
+    /* Set extension to be in response. */
+    extension->resp = 1;
+    return ret;
+}
+
+int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length,
+                   TLSX** extensions)
+{
+    (void) extensions;
+    int ret;
+    int i, j;
+
+    /* Validating the input. */
+    if (length == 0)
+        return BUFFER_ERROR;
+    for (i = 0; i < length; i++) {
+        switch (input[i])
+        {
+            case WOLFSSL_CKS_SIGSPEC_NATIVE:
+            case WOLFSSL_CKS_SIGSPEC_ALTERNATIVE:
+            case WOLFSSL_CKS_SIGSPEC_BOTH:
+                /* These are all valid values; do nothing */
+                break;
+            case WOLFSSL_CKS_SIGSPEC_EXTERNAL:
+            default:
+                /* All other values (including external) are not. */
+                return BAD_FUNC_ARG;
+        }
+    }
+
+    /* This could be a situation where the client tried to start with TLS 1.3
+     * when it sent ClientHello and the server down-graded to TLS 1.2. In that
+     * case, erroring out because it is TLS 1.2 is not a reasonable thing to do.
+     * In the case of TLS 1.2, the CKS values will be ignored. */
+    if (!IsAtLeastTLSv1_3(ssl->version)) {
+        ssl->sigSpec = NULL;
+        ssl->sigSpecSz = 0;
+        return 0;
+    }
+
+    /* Extension data is valid, but if we are the server and we don't have an
+     * alt private key, do not respond with CKS extension. */
+    if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) {
+        ssl->sigSpec = NULL;
+        ssl->sigSpecSz = 0;
+        return 0;
+    }
+
+    /* Copy as the lifetime of input seems to be ephemeral. */
+    ssl->peerSigSpec = (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_TLSX);
+    if (ssl->peerSigSpec == NULL) {
+        return BUFFER_ERROR;
+    }
+    XMEMCPY(ssl->peerSigSpec, input, length);
+    ssl->peerSigSpecSz = length;
+
+    /* If there is no preference set, use theirs... */
+    if (ssl->sigSpec == NULL) {
+        ret = wolfSSL_UseCKS(ssl, ssl->peerSigSpec, 1);
+        if (ret == WOLFSSL_SUCCESS) {
+            ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap);
+            TLSX_SetResponse(ssl, TLSX_CKS);
+        }
+        return ret;
+    }
+
+    /* ...otherwise, prioritize our preference. */
+    for (i = 0; i < ssl->sigSpecSz; i++) {
+        for (j = 0; j < length; j++) {
+            if (ssl->sigSpec[i] == input[j]) {
+                /* Got the match, set to this one. */
+                ret = wolfSSL_UseCKS(ssl, &ssl->sigSpec[i], 1);
+                if (ret == WOLFSSL_SUCCESS) {
+                    ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap);
+                    TLSX_SetResponse(ssl, TLSX_CKS);
+                }
+                return ret;
+            }
+        }
+    }
+
+    /* No match found. Cannot continue. */
+    return MATCH_SUITE_ERROR;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Server side KSE processing */
 int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
     byte cipherSuite0, byte cipherSuite, KeyShareEntry** kse, byte* searched)
@@ -9496,22 +11008,28 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
 
     if (extension && extension->resp == 1) {
         /* Outside of the async case this path should not be taken. */
-        int ret = INCOMPLETE_DATA;
+        int ret = WC_NO_ERR_TRACE(INCOMPLETE_DATA);
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* in async case make sure key generation is finalized */
         KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data;
-        if (serverKSE && serverKSE->lastRet == WC_PENDING_E) {
+        if (serverKSE && serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE)
                 *searched = 1;
             ret = TLSX_KeyShare_GenKey((WOLFSSL*)ssl, serverKSE);
         }
+        else
     #endif
+        {
+            ret = INCOMPLETE_DATA;
+        }
         return ret;
     }
 
     /* Use server's preference order. */
     for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) {
-        if (clientKSE->ke == NULL)
+        if ((clientKSE->ke == NULL) &&
+            (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) &&
+            (!WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)))
             continue;
 
 #ifdef WOLFSSL_SM2
@@ -9531,11 +11049,12 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
         if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group, extensions))
             continue;
 
-        if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(clientKSE->group)) {
+        if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(clientKSE->group)) {
             /* Check max value supported. */
             if (clientKSE->group > WOLFSSL_ECC_MAX) {
-#ifdef HAVE_PQC
-                if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group))
+#ifdef WOLFSSL_HAVE_KYBER
+                if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) &&
+                    !WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group))
 #endif
                     continue;
             }
@@ -9580,7 +11099,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
             serverKSE = (KeyShareEntry*)extension->data;
             if (serverKSE != NULL) {
                 /* in async case make sure key generation is finalized */
-                if (serverKSE->lastRet == WC_PENDING_E)
+                if (serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E))
                     return TLSX_KeyShare_GenKey((WOLFSSL*)ssl, serverKSE);
                 else if (serverKSE->lastRet == 0)
                     return 0;
@@ -9590,7 +11109,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         return BAD_FUNC_ARG;
     }
 
-    /* Generate a new key pair except in the case of OQS KEM because we
+    /* Generate a new key pair except in the case of PQC KEM because we
      * are going to encapsulate and that does not require us to generate a
      * key pair.
      */
@@ -9599,8 +11118,9 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         return ret;
 
     if (clientKSE->key == NULL) {
-#ifdef HAVE_PQC
-        if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) {
+#ifdef WOLFSSL_HAVE_KYBER
+        if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) ||
+            WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)) {
             /* Going to need the public key (AKA ciphertext). */
             serverKSE->pubKey = clientKSE->pubKey;
             clientKSE->pubKey = NULL;
@@ -9616,7 +11136,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         /* for async do setup of serverKSE below, but return WC_PENDING_E */
         if (ret != 0
         #ifdef WOLFSSL_ASYNC_CRYPT
-            && ret != WC_PENDING_E
+            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             TLSX_KeyShare_FreeAll(list, ssl->heap);
@@ -9692,7 +11212,7 @@ int TLSX_KeyShare_DeriveSecret(WOLFSSL *ssl)
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfSSL_AsyncPop(ssl, NULL);
     /* Check for error */
-    if (ret != WC_NO_PENDING_E && ret < 0) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E) && ret < 0) {
         return ret;
     }
 #endif
@@ -11049,8 +12569,10 @@ static int TLSX_ClientCertificateType_GetSize(WOLFSSL* ssl, byte msgType)
         ret = (int)(OPAQUE8_LEN + cnt * OPAQUE8_LEN);
     }
     else if (msgType == server_hello || msgType == encrypted_extensions) {
-        /* sever side */
+        /* server side */
         cnt = ssl->options.rpkState.sending_ClientCertTypeCnt;/* must be one */
+        if (cnt != 1)
+            return SANITY_MSG_E;
         ret = OPAQUE8_LEN;
     }
     else {
@@ -11485,7 +13007,7 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf,
     if (ech->state == ECH_WRITE_RETRY_CONFIGS) {
         /* get size then write */
         ret = GetEchConfigsEx(ech->echConfig, NULL, &configsLen);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return ret;
         ret = GetEchConfigsEx(ech->echConfig, writeBuf, &configsLen);
         if (ret != WOLFSSL_SUCCESS)
@@ -11608,7 +13130,7 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech, byte msgType)
         /* get the size of the raw configs */
         ret = GetEchConfigsEx(ech->echConfig, NULL, &size);
 
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return ret;
     }
     else if (ech->type == ECH_TYPE_INNER)
@@ -11697,7 +13219,7 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig,
         /* get the rawConfigLen */
         if (ret == 0)
             ret = GetEchConfig(echConfig, NULL, &rawConfigLen);
-        if (ret == LENGTH_ONLY_E)
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             ret = 0;
         /* create info */
         if (ret == 0) {
@@ -11733,8 +13255,10 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig,
         XFREE(ech->hpkeContext, heap, DYNAMIC_TYPE_TMP_BUFFER);
         ech->hpkeContext = NULL;
     }
+
     if (info != NULL)
         XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 
@@ -11753,6 +13277,10 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
     WOLFSSL_MSG("TLSX_ECH_Parse");
     if (size == 0)
         return BAD_FUNC_ARG;
+    if (ssl->options.disableECH) {
+        WOLFSSL_MSG("TLSX_ECH_Parse: ECH disabled. Ignoring.");
+        return 0;
+    }
     /* retry configs */
     if (msgType == encrypted_extensions) {
         ret = wolfSSL_SetEchConfigs(ssl, readBuf, size);
@@ -11813,7 +13341,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
         }
         /* read hello inner len */
         ato16(readBuf_p, &ech->innerClientHelloLen);
-        ech->innerClientHelloLen -= AES_BLOCK_SIZE;
+        ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE;
         readBuf_p += 2;
         ech->outerClientPayload = readBuf_p;
         /* make a copy of the aad */
@@ -11824,7 +13352,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
         XMEMCPY(aadCopy, ech->aad, ech->aadLen);
         /* set the ech payload of the copy to zeros */
         XMEMSET(aadCopy + (readBuf_p - ech->aad), 0,
-            ech->innerClientHelloLen + AES_BLOCK_SIZE);
+            ech->innerClientHelloLen + WC_AES_BLOCK_SIZE);
         /* free the old ech in case this is our second client hello */
         if (ech->innerClientHello != NULL)
             XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11884,8 +13412,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
 /* free the ech struct and the dynamic buffer it uses */
 static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap)
 {
-    if (ech->innerClientHello != NULL)
-        XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (ech->ephemeralKey != NULL)
         wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey,
             ech->hpke->heap);
@@ -11983,7 +13510,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
         list = extension->next;
 
         switch (extension->type) {
-
 #if defined(HAVE_RPK)
             case TLSX_CLIENT_CERTIFICATE_TYPE:
                 WOLFSSL_MSG("Client Certificate Type extension free");
@@ -12067,6 +13593,26 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("Encrypt-Then-Mac extension free");
                 break;
 #endif
+
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+            case TLSX_PRE_SHARED_KEY:
+                WOLFSSL_MSG("Pre-Shared Key extension free");
+                PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
+                break;
+
+        #ifdef WOLFSSL_TLS13
+            case TLSX_PSK_KEY_EXCHANGE_MODES:
+                WOLFSSL_MSG("PSK Key Exchange Modes extension free");
+                break;
+        #endif
+    #endif
+
+            case TLSX_KEY_SHARE:
+                WOLFSSL_MSG("Key Share extension free");
+                KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
+                break;
+#endif
 #ifdef WOLFSSL_TLS13
             case TLSX_SUPPORTED_VERSIONS:
                 WOLFSSL_MSG("Supported Versions extension free");
@@ -12079,17 +13625,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 break;
     #endif
 
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-            case TLSX_PRE_SHARED_KEY:
-                WOLFSSL_MSG("Pre-Shared Key extension free");
-                PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
-                break;
-
-            case TLSX_PSK_KEY_EXCHANGE_MODES:
-                WOLFSSL_MSG("PSK Key Exchange Modes extension free");
-                break;
-    #endif
-
     #ifdef WOLFSSL_EARLY_DATA
             case TLSX_EARLY_DATA:
                 WOLFSSL_MSG("Early Data extension free");
@@ -12107,11 +13642,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("Signature Algorithms extension free");
                 break;
     #endif
-
-            case TLSX_KEY_SHARE:
-                WOLFSSL_MSG("Key Share extension free");
-                KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 WOLFSSL_MSG("Certificate Authorities extension free");
@@ -12145,6 +13675,12 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("ECH extension free");
                 ECH_FREE((WOLFSSL_ECH*)extension->data, heap);
                 break;
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                WOLFSSL_MSG("CKS extension free");
+                /* nothing to do */
+                break;
 #endif
             default:
                 break;
@@ -12179,14 +13715,18 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
             continue; /* skip! */
 
         /* ssl level extensions are expected to override ctx level ones. */
-        if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
+        if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type)))
             continue; /* skip! */
 
         /* extension type + extension data length. */
         length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
 
         switch (extension->type) {
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                length += ((WOLFSSL*)extension->data)->sigSpecSz ;
+                break;
+#endif
 #ifdef HAVE_SNI
             case TLSX_SERVER_NAME:
                 /* SNI only sends the name on the request. */
@@ -12252,6 +13792,24 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 ret = ETM_GET_SIZE(msgType, &length);
                 break;
 #endif /* HAVE_ENCRYPT_THEN_MAC */
+
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+            case TLSX_PRE_SHARED_KEY:
+                ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
+                                                                       &length);
+                break;
+        #ifdef WOLFSSL_TLS13
+            case TLSX_PSK_KEY_EXCHANGE_MODES:
+                ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
+                break;
+        #endif
+    #endif
+            case TLSX_KEY_SHARE:
+                length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
+                break;
+#endif
+
 #ifdef WOLFSSL_TLS13
             case TLSX_SUPPORTED_VERSIONS:
                 ret = SV_GET_SIZE(extension->data, msgType, &length);
@@ -12263,17 +13821,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 break;
     #endif
 
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-            case TLSX_PRE_SHARED_KEY:
-                ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
-                                                                       &length);
-                break;
-
-            case TLSX_PSK_KEY_EXCHANGE_MODES:
-                ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
-                break;
-    #endif
-
     #ifdef WOLFSSL_EARLY_DATA
             case TLSX_EARLY_DATA:
                 ret = EDI_GET_SIZE(msgType, &length);
@@ -12292,9 +13839,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 break;
     #endif
 
-            case TLSX_KEY_SHARE:
-                length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 length += CAN_GET_SIZE(extension->data);
@@ -12340,7 +13884,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
 
         /* marks the extension as processed so ctx level */
         /* extensions don't overlap with ssl level ones. */
-        TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
+        TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type));
     }
 
     *pLength += length;
@@ -12367,16 +13911,23 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
             continue; /* skip! */
 
         /* ssl level extensions are expected to override ctx level ones. */
-        if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
+        if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type)))
             continue; /* skip! */
 
         /* writes extension type. */
-        c16toa(extension->type, output + offset);
+        c16toa((word16)extension->type, output + offset);
         offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
         length_offset = offset;
 
         /* extension data should be written internally. */
         switch (extension->type) {
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                WOLFSSL_MSG("CKS extension to write");
+                offset += CKS_WRITE(((WOLFSSL*)extension->data),
+                                    output + offset);
+                break;
+#endif
 #ifdef HAVE_SNI
             case TLSX_SERVER_NAME:
                 if (isRequest) {
@@ -12422,15 +13973,23 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
             case TLSX_STATUS_REQUEST:
                 WOLFSSL_MSG("Certificate Status Request extension to write");
-                offset += CSR_WRITE((CertificateStatusRequest*)extension->data,
+                ret = CSR_WRITE((CertificateStatusRequest*)extension->data,
                         output + offset, isRequest);
+                if (ret > 0) {
+                    offset += (word16)ret;
+                    ret = 0;
+                }
                 break;
 
             case TLSX_STATUS_REQUEST_V2:
                 WOLFSSL_MSG("Certificate Status Request v2 extension to write");
-                offset += CSR2_WRITE(
+                ret = CSR2_WRITE(
                         (CertificateStatusRequestItemV2*)extension->data,
                         output + offset, isRequest);
+                if (ret > 0) {
+                    offset += (word16)ret;
+                    ret = 0;
+                }
                 break;
 
             case TLSX_RENEGOTIATION_INFO:
@@ -12461,20 +14020,8 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 ret = ETM_WRITE(extension->data, output, msgType, &offset);
                 break;
 #endif /* HAVE_ENCRYPT_THEN_MAC */
-#ifdef WOLFSSL_TLS13
-            case TLSX_SUPPORTED_VERSIONS:
-                WOLFSSL_MSG("Supported Versions extension to write");
-                ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
-                break;
-
-    #ifdef WOLFSSL_SEND_HRR_COOKIE
-            case TLSX_COOKIE:
-                WOLFSSL_MSG("Cookie extension to write");
-                ret = CKE_WRITE((Cookie*)extension->data, output + offset,
-                                msgType, &offset);
-                break;
-    #endif
 
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
             case TLSX_PRE_SHARED_KEY:
                 WOLFSSL_MSG("Pre-Shared Key extension to write");
@@ -12482,11 +14029,33 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                                                               msgType, &offset);
                 break;
 
+        #ifdef WOLFSSL_TLS13
             case TLSX_PSK_KEY_EXCHANGE_MODES:
                 WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
                 ret = PKM_WRITE((byte)extension->val, output + offset, msgType,
                                                                        &offset);
                 break;
+        #endif
+    #endif
+            case TLSX_KEY_SHARE:
+                WOLFSSL_MSG("Key Share extension to write");
+                offset += KS_WRITE((KeyShareEntry*)extension->data,
+                                                      output + offset, msgType);
+                break;
+#endif
+#ifdef WOLFSSL_TLS13
+            case TLSX_SUPPORTED_VERSIONS:
+                WOLFSSL_MSG("Supported Versions extension to write");
+                ret = SV_WRITE(extension->data, output + offset, msgType,
+                                                                       &offset);
+                break;
+
+    #ifdef WOLFSSL_SEND_HRR_COOKIE
+            case TLSX_COOKIE:
+                WOLFSSL_MSG("Cookie extension to write");
+                ret = CKE_WRITE((Cookie*)extension->data, output + offset,
+                                msgType, &offset);
+                break;
     #endif
 
     #ifdef WOLFSSL_EARLY_DATA
@@ -12511,11 +14080,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 break;
     #endif
 
-            case TLSX_KEY_SHARE:
-                WOLFSSL_MSG("Key Share extension to write");
-                offset += KS_WRITE((KeyShareEntry*)extension->data,
-                                                      output + offset, msgType);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 WOLFSSL_MSG("Certificate Authorities extension to write");
@@ -12574,7 +14138,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
         /* marks the extension as processed so ctx level */
         /* extensions don't overlap with ssl level ones. */
-        TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
+        TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type));
 
         /* if we encountered an error propagate it */
         if (ret != 0)
@@ -12778,22 +14342,135 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         #endif
 #endif
 
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_KYBER
+#ifndef WOLFSSL_NO_ML_KEM_512
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512,
+                                     ssl->heap);
+    #endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024,
+                                     ssl->heap);
+#endif
+#elif defined(HAVE_LIBOQS)
+    ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+#endif /* HAVE_LIBOQS */
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_WC_KYBER
 #ifdef WOLFSSL_KYBER512
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1,
                                      ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1,
+                                     ssl->heap);
+    #endif
 #endif
 #ifdef WOLFSSL_KYBER768
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3,
                                      ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
 #endif
-#ifdef WOLFSSL_KYBER768
+#ifdef WOLFSSL_KYBER1024
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5,
                                      ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
+                                     ssl->heap);
 #endif
 #elif defined(HAVE_LIBOQS)
     ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
@@ -12809,13 +14486,28 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3,
                                      ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3,
+                                     ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
                                      ssl->heap);
-#elif defined(HAVE_PQM4)
-    ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
 #endif /* HAVE_LIBOQS */
-#endif /* HAVE_PQC */
+#endif /* WOLFSSL_KYBER_ORIGINAL */
+#endif /* WOLFSSL_HAVE_KYBER */
 
     (void)ssl;
     (void)extensions;
@@ -12850,7 +14542,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
             return ret;
 #endif /* HAVE_RPK */
 
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) && \
+    !defined(WOLFSSL_NO_TLS12)
         if (!ssl->options.disallowEncThenMac) {
             ret = TLSX_EncryptThenMac_Use(ssl);
             if (ret != 0)
@@ -12886,6 +14579,14 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                 return ret;
             }
         }
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        if ((IsAtLeastTLSv1_3(ssl->version)) && (ssl->sigSpec != NULL)) {
+            WOLFSSL_MSG("Adding CKS extension");
+            if ((ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap)) != 0) {
+                return ret;
+            }
+        }
 #endif
     } /* is not server */
 
@@ -13015,18 +14716,13 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                 word64 now, milli;
             #endif
 
-                if (sess->ticketLen > MAX_PSK_ID_LEN) {
-                    WOLFSSL_MSG("Session ticket length for PSK ext is too large");
-                    return BUFFER_ERROR;
-                }
-
                 /* Determine the MAC algorithm for the cipher suite used. */
                 ssl->options.cipherSuite0 = sess->cipherSuite0;
                 ssl->options.cipherSuite  = sess->cipherSuite;
                 ret = SetCipherSpecs(ssl);
                 if (ret != 0)
                     return ret;
-                now = TimeNowInMilliseconds();
+                now = (word64)TimeNowInMilliseconds();
                 if (now == 0)
                     return GETTIME_ERROR;
             #ifdef WOLFSSL_32BIT_MILLI_TIME
@@ -13127,7 +14823,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
             else
         #endif
             if (ssl->options.client_psk_cb != NULL ||
-                                     ssl->options.client_psk_tls13_cb != NULL) {
+                ssl->options.client_psk_tls13_cb != NULL) {
                 /* Default cipher suite. */
                 byte cipherSuite0 = TLS13_BYTE;
                 byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
@@ -13140,7 +14836,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         ssl->arrays->client_identity, MAX_PSK_ID_LEN,
                         ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
                     if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                                        &cipherSuite, &cipherSuiteFlags) != 0) {
+                            &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
                         return PSK_KEY_ERROR;
                     }
                 }
@@ -13149,42 +14845,40 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         ssl->arrays->server_hint, ssl->arrays->client_identity,
                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                 }
-        #if defined(OPENSSL_EXTRA)
-                /* OpenSSL treats 0 as a PSK key length of 0
-                 * and meaning no PSK available.
-                 */
-                if (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                    return PSK_KEY_ERROR;
+                if (
+                #ifdef OPENSSL_EXTRA
+                    /* OpenSSL treats a PSK key length of 0
+                     * to indicate no PSK available.
+                     */
+                    ssl->arrays->psk_keySz == 0 ||
+                #endif
+                         (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+                     (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
+                #ifndef OPENSSL_EXTRA
+                    ret = PSK_KEY_ERROR;
+                #endif
                 }
-                if (ssl->arrays->psk_keySz > 0) {
-        #else
-                if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
-                    return PSK_KEY_ERROR;
-                }
-        #endif
-                ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
+                else {
+                    ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
 
-                ssl->options.cipherSuite0 = cipherSuite0;
-                ssl->options.cipherSuite  = cipherSuite;
-                (void)cipherSuiteFlags;
-                ret = SetCipherSpecs(ssl);
+                    ssl->options.cipherSuite0 = cipherSuite0;
+                    ssl->options.cipherSuite  = cipherSuite;
+                    (void)cipherSuiteFlags;
+                    ret = SetCipherSpecs(ssl);
+                    if (ret == 0) {
+                        ret = TLSX_PreSharedKey_Use(
+                            &ssl->extensions,
+                                     (byte*)ssl->arrays->client_identity,
+                            (word16)XSTRLEN(ssl->arrays->client_identity),
+                            0, ssl->specs.mac_algorithm,
+                            cipherSuite0, cipherSuite, 0,
+                            NULL, ssl->heap);
+                    }
+                    if (ret == 0)
+                        usingPSK = 1;
+                }
                 if (ret != 0)
                     return ret;
-
-                ret = TLSX_PreSharedKey_Use(&ssl->extensions,
-                                  (byte*)ssl->arrays->client_identity,
-                                  (word16)XSTRLEN(ssl->arrays->client_identity),
-                                  0, ssl->specs.mac_algorithm,
-                                  cipherSuite0, cipherSuite, 0,
-                                  NULL, ssl->heap);
-                if (ret != 0)
-                    return ret;
-
-                usingPSK = 1;
-        #if defined(OPENSSL_EXTRA)
-                }
-        #endif
             }
     #endif /* !NO_PSK */
         #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -13228,18 +14922,21 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
         #endif
 #if defined(HAVE_ECH)
             /* GREASE ECH */
-            if (ssl->echConfigs == NULL) {
-                ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap, ssl->rng);
-            }
-            else if (ssl->echConfigs != NULL) {
-                ret = ECH_USE(ssl->echConfigs, &(ssl->extensions), ssl->heap,
-                    ssl->rng);
+            if (!ssl->options.disableECH) {
+                if (ssl->echConfigs == NULL) {
+                    ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap,
+                            ssl->rng);
+                }
+                else if (ssl->echConfigs != NULL) {
+                    ret = ECH_USE(ssl->echConfigs, &(ssl->extensions),
+                            ssl->heap, ssl->rng);
+                }
             }
 #endif
         }
 #if defined(HAVE_ECH)
         else if (IsAtLeastTLSv1_3(ssl->version)) {
-            if (ssl->ctx->echConfigs != NULL) {
+            if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
                 ret = SERVER_ECH_USE(&(ssl->extensions), ssl->heap,
                     ssl->ctx->echConfigs);
 
@@ -13358,7 +15055,7 @@ static int TLSX_GetSizeWithEch(WOLFSSL* ssl, byte* semaphore, byte msgType,
 #endif
 
 /** Tells the buffered size of extensions to be sent into the client hello. */
-int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
+int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
 {
     int ret = 0;
     word16 length = 0;
@@ -13429,7 +15126,8 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
     }
     #endif
 #if defined(HAVE_ECH)
-    if (ssl->options.useEch == 1 && msgType == client_hello) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH
+            && msgType == client_hello) {
         ret = TLSX_GetSizeWithEch(ssl, semaphore, msgType, &length);
         if (ret != 0)
             return ret;
@@ -13588,7 +15286,7 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore,
 #endif
 
 /** Writes the extensions to be sent into the client hello. */
-int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
+int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
 {
     int ret = 0;
     word16 offset = 0;
@@ -13630,6 +15328,10 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
             TURN_ON(semaphore,
                     TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
         #endif
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            TURN_ON(semaphore,
+                    TLSX_ToSemaphore(TLSX_CKS));
+        #endif
         }
     #endif
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -13670,7 +15372,8 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
     #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
-    if (ssl->options.useEch == 1 && msgType == client_hello) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH
+            && msgType == client_hello) {
         ret = TLSX_WriteWithEch(ssl, output, semaphore,
                          msgType, &offset);
         if (ret != 0)
@@ -13724,7 +15427,6 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
 
     return ret;
 }
-
 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
 
 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
@@ -13757,9 +15459,6 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
                 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
                 #endif
-                #ifdef WOLFSSL_DTLS_CID
-                    TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
-                #endif
                 }
             #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
                 else {
@@ -13771,6 +15470,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
                 #endif
                 }
             #endif
+            #ifdef WOLFSSL_DTLS_CID
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
+            #endif
         #endif /* WOLFSSL_TLS13 */
             break;
 
@@ -13888,7 +15590,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
 #ifndef NO_WOLFSSL_SERVER
             case server_hello:
                 PF_VALIDATE_RESPONSE(ssl, semaphore);
-    #ifdef WOLFSSL_TLS13
+        #ifdef WOLFSSL_TLS13
                 if (IsAtLeastTLSv1_3(ssl->version)) {
                     XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
                     TURN_OFF(semaphore,
@@ -13905,21 +15607,23 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
             #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
             #endif
-            #ifdef WOLFSSL_DTLS_CID
-                    TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
-            #endif /* WOLFSSL_DTLS_CID */
                 }
+                else
+        #endif /* WOLFSSL_TLS13 */
+                {
         #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
-                else {
             #ifdef HAVE_SUPPORTED_CURVES
                     TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
             #endif
             #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
             #endif
-                }
         #endif
-    #endif
+                    WC_DO_NOTHING; /* avoid empty brackets */
+                }
+        #ifdef WOLFSSL_DTLS_CID
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
+        #endif /* WOLFSSL_DTLS_CID */
                 break;
 
     #ifdef WOLFSSL_TLS13
@@ -14087,6 +15791,143 @@ int TLSX_ParseVersion(WOLFSSL* ssl, const byte* input, word16 length,
     return ret;
 }
 #endif
+/* Jump Table to check minimum size values for client case in TLSX_Parse */
+#ifndef NO_WOLFSSL_SERVER
+static word16 TLSX_GetMinSize_Client(word16* type)
+{
+    switch (*type) {
+        case TLSXT_SERVER_NAME:
+            return WOLFSSL_SNI_MIN_SIZE_CLIENT;
+        case TLSXT_EARLY_DATA:
+            return WOLFSSL_EDI_MIN_SIZE_CLIENT;
+        case TLSXT_MAX_FRAGMENT_LENGTH:
+            return WOLFSSL_MFL_MIN_SIZE_CLIENT;
+        case TLSXT_TRUSTED_CA_KEYS:
+            return WOLFSSL_TCA_MIN_SIZE_CLIENT;
+        case TLSXT_TRUNCATED_HMAC:
+            return WOLFSSL_THM_MIN_SIZE_CLIENT;
+        case TLSXT_STATUS_REQUEST:
+            return WOLFSSL_CSR_MIN_SIZE_CLIENT;
+        case TLSXT_SUPPORTED_GROUPS:
+            return WOLFSSL_EC_MIN_SIZE_CLIENT;
+        case TLSXT_EC_POINT_FORMATS:
+            return WOLFSSL_PF_MIN_SIZE_CLIENT;
+        case TLSXT_SIGNATURE_ALGORITHMS:
+            return WOLFSSL_SA_MIN_SIZE_CLIENT;
+        case TLSXT_USE_SRTP:
+            return WOLFSSL_SRTP_MIN_SIZE_CLIENT;
+        case TLSXT_APPLICATION_LAYER_PROTOCOL:
+            return WOLFSSL_ALPN_MIN_SIZE_CLIENT;
+        case TLSXT_STATUS_REQUEST_V2:
+            return WOLFSSL_CSR2_MIN_SIZE_CLIENT;
+        case TLSXT_CLIENT_CERTIFICATE:
+            return WOLFSSL_CCT_MIN_SIZE_CLIENT;
+        case TLSXT_SERVER_CERTIFICATE:
+            return WOLFSSL_SCT_MIN_SIZE_CLIENT;
+        case TLSXT_ENCRYPT_THEN_MAC:
+            return WOLFSSL_ETM_MIN_SIZE_CLIENT;
+        case TLSXT_SESSION_TICKET:
+            return WOLFSSL_STK_MIN_SIZE_CLIENT;
+        case TLSXT_PRE_SHARED_KEY:
+            return WOLFSSL_PSK_MIN_SIZE_CLIENT;
+        case TLSXT_COOKIE:
+            return WOLFSSL_CKE_MIN_SIZE_CLIENT;
+        case TLSXT_PSK_KEY_EXCHANGE_MODES:
+            return WOLFSSL_PKM_MIN_SIZE_CLIENT;
+        case TLSXT_CERTIFICATE_AUTHORITIES:
+            return WOLFSSL_CAN_MIN_SIZE_CLIENT;
+        case TLSXT_POST_HANDSHAKE_AUTH:
+            return WOLFSSL_PHA_MIN_SIZE_CLIENT;
+        case TLSXT_SIGNATURE_ALGORITHMS_CERT:
+            return WOLFSSL_SA_MIN_SIZE_CLIENT;
+        case TLSXT_KEY_SHARE:
+            return WOLFSSL_KS_MIN_SIZE_CLIENT;
+        case TLSXT_CONNECTION_ID:
+            return WOLFSSL_CID_MIN_SIZE_CLIENT;
+        case TLSXT_RENEGOTIATION_INFO:
+            return WOLFSSL_SCR_MIN_SIZE_CLIENT;
+        case TLSXT_KEY_QUIC_TP_PARAMS_DRAFT:
+            return WOLFSSL_QTP_MIN_SIZE_CLIENT;
+        case TLSXT_ECH:
+            return WOLFSSL_ECH_MIN_SIZE_CLIENT;
+        default:
+            return 0;
+    }
+}
+    #define TLSX_GET_MIN_SIZE_CLIENT(type) TLSX_GetMinSize_Client(type)
+#else
+    #define TLSX_GET_MIN_SIZE_CLIENT(type) 0
+#endif
+
+
+#ifndef NO_WOLFSSL_CLIENT
+/* Jump Table to check minimum size values for server case in TLSX_Parse */
+static word16 TLSX_GetMinSize_Server(const word16 *type)
+{
+    switch (*type) {
+        case TLSXT_SERVER_NAME:
+            return WOLFSSL_SNI_MIN_SIZE_SERVER;
+        case TLSXT_EARLY_DATA:
+            return WOLFSSL_EDI_MIN_SIZE_SERVER;
+        case TLSXT_MAX_FRAGMENT_LENGTH:
+            return WOLFSSL_MFL_MIN_SIZE_SERVER;
+        case TLSXT_TRUSTED_CA_KEYS:
+            return WOLFSSL_TCA_MIN_SIZE_SERVER;
+        case TLSXT_TRUNCATED_HMAC:
+            return WOLFSSL_THM_MIN_SIZE_SERVER;
+        case TLSXT_STATUS_REQUEST:
+            return WOLFSSL_CSR_MIN_SIZE_SERVER;
+        case TLSXT_SUPPORTED_GROUPS:
+            return WOLFSSL_EC_MIN_SIZE_SERVER;
+        case TLSXT_EC_POINT_FORMATS:
+            return WOLFSSL_PF_MIN_SIZE_SERVER;
+        case TLSXT_SIGNATURE_ALGORITHMS:
+            return WOLFSSL_SA_MIN_SIZE_SERVER;
+        case TLSXT_USE_SRTP:
+            return WOLFSSL_SRTP_MIN_SIZE_SERVER;
+        case TLSXT_APPLICATION_LAYER_PROTOCOL:
+            return WOLFSSL_ALPN_MIN_SIZE_SERVER;
+        case TLSXT_STATUS_REQUEST_V2:
+            return WOLFSSL_CSR2_MIN_SIZE_SERVER;
+        case TLSXT_CLIENT_CERTIFICATE:
+            return WOLFSSL_CCT_MIN_SIZE_SERVER;
+        case TLSXT_SERVER_CERTIFICATE:
+            return WOLFSSL_SCT_MIN_SIZE_SERVER;
+        case TLSXT_ENCRYPT_THEN_MAC:
+            return WOLFSSL_ETM_MIN_SIZE_SERVER;
+        case TLSXT_SESSION_TICKET:
+            return WOLFSSL_STK_MIN_SIZE_SERVER;
+        case TLSXT_PRE_SHARED_KEY:
+            return WOLFSSL_PSK_MIN_SIZE_SERVER;
+        case TLSXT_COOKIE:
+            return WOLFSSL_CKE_MIN_SIZE_SERVER;
+        case TLSXT_PSK_KEY_EXCHANGE_MODES:
+            return WOLFSSL_PKM_MIN_SIZE_SERVER;
+        case TLSXT_CERTIFICATE_AUTHORITIES:
+            return WOLFSSL_CAN_MIN_SIZE_SERVER;
+        case TLSXT_POST_HANDSHAKE_AUTH:
+            return WOLFSSL_PHA_MIN_SIZE_SERVER;
+        case TLSXT_SIGNATURE_ALGORITHMS_CERT:
+            return WOLFSSL_SA_MIN_SIZE_SERVER;
+        case TLSXT_KEY_SHARE:
+            return WOLFSSL_KS_MIN_SIZE_SERVER;
+        case TLSXT_CONNECTION_ID:
+            return WOLFSSL_CID_MIN_SIZE_SERVER;
+        case TLSXT_RENEGOTIATION_INFO:
+            return WOLFSSL_SCR_MIN_SIZE_SERVER;
+        case TLSXT_KEY_QUIC_TP_PARAMS_DRAFT:
+            return WOLFSSL_QTP_MIN_SIZE_SERVER;
+        case TLSXT_ECH:
+            return WOLFSSL_ECH_MIN_SIZE_SERVER;
+        default:
+            return 0;
+    }
+}
+    #define TLSX_GET_MIN_SIZE_SERVER(type) TLSX_GetMinSize_Server(type)
+#else
+    #define TLSX_GET_MIN_SIZE_SERVER(type) 0
+#endif
+
 
 /** Parses a buffer of TLS extensions. */
 int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
@@ -14150,6 +15991,29 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         if (length - offset < size)
             return BUFFER_ERROR;
 
+        /* Check minimum size required for TLSX, even if disabled */
+        switch (msgType) {
+            #ifndef NO_WOLFSSL_SERVER
+            case client_hello:
+                if (size < TLSX_GET_MIN_SIZE_CLIENT(&type)){
+                    WOLFSSL_MSG("Minimum TLSX Size Requirement not Satisfied");
+                    return BUFFER_ERROR;
+                }
+            break;
+            #endif
+            #ifndef NO_WOLFSSL_CLIENT
+            case server_hello:
+            case hello_retry_request:
+                if (size < TLSX_GET_MIN_SIZE_SERVER(&type)){
+                    WOLFSSL_MSG("Minimum TLSX Size Requirement not Satisfied");
+                    return BUFFER_ERROR;
+                }
+            break;
+            #endif
+            default:
+            break;
+        }
+
         switch (type) {
 #ifdef HAVE_SNI
             case TLSX_SERVER_NAME:
@@ -14263,7 +16127,18 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
                 ret = EC_PARSE(ssl, input + offset, size, isRequest,
                         &ssl->extensions);
                 break;
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            case TLSX_CKS:
+                WOLFSSL_MSG("CKS extension received");
+                if (msgType != client_hello &&
+                     msgType != encrypted_extensions) {
+                        WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED);
+                        return EXT_NOT_ALLOWED;
+                }
+                ret = TLSX_CKS_Parse(ssl, (byte *)(input + offset), size,
+                                     &ssl->extensions);
+            break;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
             case TLSX_EC_POINT_FORMATS:
                 WOLFSSL_MSG("Point Formats extension received");
             #ifdef WOLFSSL_DEBUG_TLS
@@ -14657,10 +16532,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
 #endif /* WOLFSSL_QUIC */
 #if defined(WOLFSSL_DTLS_CID)
             case TLSX_CONNECTION_ID:
-                /* connection ID not supported in DTLSv1.2 */
-                if (!IsAtLeastTLSv1_3(ssl->version))
-                    break;
-
                 if (msgType != client_hello && msgType != server_hello)
                     return EXT_NOT_ALLOWED;
 
@@ -14695,7 +16566,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
     }
 
 #ifdef HAVE_EXTENDED_MASTER
-    if (IsAtLeastTLSv1_3(ssl->version) && msgType == hello_retry_request) {
+    if (IsAtLeastTLSv1_3(ssl->version) &&
+        (msgType == hello_retry_request || msgType == hello_verify_request)) {
         /* Don't change EMS status until server_hello received.
          * Second ClientHello must have same extensions.
          */
@@ -14703,6 +16575,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
     else if (!isRequest && ssl->options.haveEMS && !pendingEMS)
         ssl->options.haveEMS = 0;
 #endif
+#if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
+    if (IsAtLeastTLSv1_3(ssl->version) && msgType == server_hello &&
+        IS_OFF(seenType, TLSX_ToSemaphore(TLSX_KEY_SHARE))) {
+        ssl->options.noPskDheKe = 1;
+    }
+#endif
 
     if (ret == 0)
         ret = SNI_VERIFY_PARSE(ssl, isRequest);
@@ -14742,7 +16620,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         #elif defined(WOLFSSL_ALLOW_TLSV10)
             InitSSL_Method(method, MakeTLSv1());
         #else
-            #error No TLS version enabled!
+        #error No TLS version enabled! Consider using NO_TLS or WOLFCRYPT_ONLY.
         #endif
 
             method->downgrade = 1;
@@ -15069,6 +16947,26 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         return m;
     }
     #endif /* !WOLFSSL_NO_TLS12 */
+    #ifdef WOLFSSL_DTLS13
+    WOLFSSL_METHOD* wolfDTLSv1_3_method(void)
+    {
+        return wolfDTLSv1_3_method_ex(NULL);
+    }
+    WOLFSSL_METHOD* wolfDTLSv1_3_method_ex(void* heap)
+    {
+        WOLFSSL_METHOD* m;
+        WOLFSSL_ENTER("DTLSv1_3_method");
+    #ifndef NO_WOLFSSL_CLIENT
+        m = wolfDTLSv1_3_client_method_ex(heap);
+    #else
+        m = wolfDTLSv1_3_server_method_ex(heap);
+    #endif
+        if (m != NULL) {
+            m->side = WOLFSSL_NEITHER_END;
+        }
+        return m;
+    }
+    #endif /* WOLFSSL_DTLS13 */
 #endif /* WOLFSSL_DTLS */
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
 
@@ -15097,7 +16995,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         #elif defined(WOLFSSL_ALLOW_TLSV10)
             InitSSL_Method(method, MakeTLSv1());
         #else
-            #error No TLS version enabled!
+        #error No TLS version enabled! Consider using NO_TLS or WOLFCRYPT_ONLY.
         #endif
 
             method->downgrade = 1;
diff --git a/src/tls13.c b/src/tls13.c
index 99f3f0149..f7c758105 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1,6 +1,6 @@
 /* tls13.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -117,6 +117,7 @@
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/dh.h>
 #include <wolfssl/wolfcrypt/kdf.h>
+#include <wolfssl/wolfcrypt/signature.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -135,6 +136,15 @@
     #define FALSE 0
 #endif
 
+#ifndef HAVE_AEAD
+    #ifndef _MSC_VER
+        #error "The build option HAVE_AEAD is required for TLS 1.3"
+    #else
+        #pragma \
+        message("error: The build option HAVE_AEAD is required for TLS 1.3")
+    #endif
+#endif
+
 #ifndef HAVE_HKDF
     #ifndef _MSC_VER
         #error "The build option HAVE_HKDF is required for TLS 1.3"
@@ -182,7 +192,7 @@ static const byte
 
 #ifndef NO_CERTS
 #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
-    defined(HAVE_ED448) || defined(HAVE_PQC)
+    defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
 
 static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash);
 
@@ -198,7 +208,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                 const byte* info, word32 infoLen,
                                 int digest)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #if defined(HAVE_PK_CALLBACKS)
     if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) {
@@ -209,12 +219,12 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                           WOLFSSL_CLIENT_END /* ignored */);
     }
 
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return ret;
 #endif
     (void)ssl;
     PRIVATE_KEY_UNLOCK();
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                      protocol, protocolLen,
                                      label, labelLen,
@@ -250,11 +260,11 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
                                          info, infoLen,
                                          digest, side);
     }
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return ret;
 #endif
 
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                       protocol, protocolLen,
                                       label, labelLen,
@@ -301,14 +311,14 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
     const byte* protocol;
     word32      protocolLen;
     int         digestAlg = -1;
-    int         ret = BAD_FUNC_ARG;
+    int         ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (hashAlgo) {
 #ifndef NO_WOLFSSL_SHA256
         case sha256_mac:
             ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, ssl->devId);
             if (ret == 0) {
-                    ret = wc_Sha256Update(&digest.sha256, msg, msgLen);
+                    ret = wc_Sha256Update(&digest.sha256, msg, (word32)msgLen);
                 if (ret == 0)
                     ret = wc_Sha256Final(&digest.sha256, hash);
                 wc_Sha256Free(&digest.sha256);
@@ -321,7 +331,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
         case sha384_mac:
             ret = wc_InitSha384_ex(&digest.sha384, ssl->heap, ssl->devId);
             if (ret == 0) {
-                ret = wc_Sha384Update(&digest.sha384, msg, msgLen);
+                ret = wc_Sha384Update(&digest.sha384, msg, (word32)msgLen);
                 if (ret == 0)
                     ret = wc_Sha384Final(&digest.sha384, hash);
                 wc_Sha384Free(&digest.sha384);
@@ -334,7 +344,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
         case sha512_mac:
             ret = wc_InitSha512_ex(&digest.sha512, ssl->heap, ssl->devId);
             if (ret == 0) {
-                ret = wc_Sha512Update(&digest.sha512, msg, msgLen);
+                ret = wc_Sha512Update(&digest.sha512, msg, (word32)msgLen);
                 if (ret == 0)
                     ret = wc_Sha512Final(&digest.sha512, hash);
                 wc_Sha512Free(&digest.sha512);
@@ -347,7 +357,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
         case sm3_mac:
             ret = wc_InitSm3(&digest.sm3, ssl->heap, ssl->devId);
             if (ret == 0) {
-                ret = wc_Sm3Update(&digest.sm3, msg, msgLen);
+                ret = wc_Sm3Update(&digest.sm3, msg, (word32)msgLen);
                 if (ret == 0)
                     ret = wc_Sm3Final(&digest.sm3, hash);
                 wc_Sm3Free(&digest.sm3);
@@ -357,6 +367,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
             break;
 #endif
         default:
+            ret = BAD_FUNC_ARG;
             digestAlg = -1;
             break;
     }
@@ -385,9 +396,9 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
             return VERSION_ERROR;
     }
     if (outputLen == -1)
-        outputLen = hashSz;
+        outputLen = (int)hashSz;
 
-    ret = Tls13HKDFExpandLabel(ssl, output, outputLen, secret, hashSz,
+    ret = Tls13HKDFExpandLabel(ssl, output, (word32)outputLen, secret, hashSz,
                                protocol, protocolLen, label, labelLen,
                                hash, hashSz, digestAlg);
     return ret;
@@ -474,7 +485,7 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
 #endif /* WOLFSSL_DTLS13 */
 
     if (outputLen == -1) {
-        outputLen = hashSz;
+        outputLen = (int)hashSz;
     }
     if (includeMsgs) {
         hashOutSz = hashSz;
@@ -489,7 +500,7 @@ int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
     }
 
     PRIVATE_KEY_UNLOCK();
-    ret = Tls13HKDFExpandKeyLabel(ssl, output, outputLen, secret, hashSz,
+    ret = Tls13HKDFExpandKeyLabel(ssl, output, (word32)outputLen, secret, hashSz,
                                   protocol, protocolLen, label, labelLen,
                                   hash, hashOutSz, digestAlg, side);
     PRIVATE_KEY_LOCK();
@@ -966,7 +977,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
 {
     int                 ret;
     enum wc_HashType    hashType = WC_HASH_TYPE_NONE;
-    int                 hashLen = 0;
+    word32              hashLen = 0;
     byte                hashOut[WC_MAX_DIGEST_SIZE];
     const byte*         emptyHash = NULL;
     byte                firstExpand[WC_MAX_DIGEST_SIZE];
@@ -1016,7 +1027,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
     ret = Tls13HKDFExpandLabel(ssl, firstExpand, hashLen,
             ssl->arrays->exporterSecret, hashLen,
             protocol, protocolLen, (byte*)label, (word32)labelLen,
-            emptyHash, hashLen, hashType);
+            emptyHash, hashLen, (int)hashType);
     if (ret != 0)
         return ret;
 
@@ -1027,7 +1038,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
 
     ret = Tls13HKDFExpandLabel(ssl, out, (word32)outLen, firstExpand, hashLen,
             protocol, protocolLen, exporterLabel, EXPORTER_LABEL_SZ,
-            hashOut, hashLen, hashType);
+            hashOut, hashLen, (int)hashType);
 
     return ret;
 }
@@ -1117,14 +1128,20 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
     void *cb_ctx = ssl->HkdfExtractCtx;
     CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb;
     if (cb != NULL) {
-        ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx);
+        ret = cb(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest, cb_ctx);
+    }
+    else
+#endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    if ((int)ssl->arrays->psk_keySz < 0) {
+        ret = PSK_KEY_ERROR;
     }
     else
 #endif
     {
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
-        ret = wc_Tls13_HKDF_Extract_ex(prk, salt, saltLen, ikm, ikmLen, digest,
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
+        ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest,
             ssl->heap, ssl->devId);
     #else
         ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
@@ -1148,13 +1165,13 @@ int DeriveEarlySecret(WOLFSSL* ssl)
     }
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13DeriveEarlySecret(ssl);
-    if (ret != CRYPTOCB_UNAVAILABLE)
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
         return ret;
 #endif
     PRIVATE_KEY_UNLOCK();
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
     ret = Tls13_HKDF_Extract(ssl, ssl->arrays->secret, NULL, 0,
-            ssl->arrays->psk_key, ssl->arrays->psk_keySz,
+            ssl->arrays->psk_key, (int)ssl->arrays->psk_keySz,
             mac2hash(ssl->specs.mac_algorithm));
 #else
     ret = Tls13_HKDF_Extract(ssl, ssl->arrays->secret, NULL, 0,
@@ -1184,7 +1201,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
     }
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13DeriveHandshakeSecret(ssl);
-    if (ret != CRYPTOCB_UNAVAILABLE)
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
         return ret;
 #endif
 
@@ -1197,7 +1214,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
     PRIVATE_KEY_UNLOCK();
     ret = Tls13_HKDF_Extract(ssl, ssl->arrays->preMasterSecret,
             key, ssl->specs.hash_size,
-            ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
+            ssl->arrays->preMasterSecret, (int)ssl->arrays->preMasterSz,
             mac2hash(ssl->specs.mac_algorithm));
     PRIVATE_KEY_LOCK();
 
@@ -1219,7 +1236,7 @@ int DeriveMasterSecret(WOLFSSL* ssl)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13DeriveMasterSecret(ssl);
-    if (ret != CRYPTOCB_UNAVAILABLE)
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
         return ret;
 #endif
 
@@ -1342,7 +1359,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
 #endif
     int  hashType = WC_SHA256;
     int  hashSz = WC_SHA256_DIGEST_SIZE;
-    int  ret = BAD_FUNC_ARG;
+    int  ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (ssl == NULL || key == NULL || hash == NULL) {
         return BAD_FUNC_ARG;
@@ -1379,6 +1396,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
             break;
     #endif /* WOLFSSL_SM3 */
         default:
+            ret = BAD_FUNC_ARG;
             break;
     }
     if (ret != 0)
@@ -1403,7 +1421,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
     if (ret == 0) {
         ret = wc_HmacSetKey(verifyHmac, hashType, key, ssl->specs.hash_size);
         if (ret == 0)
-            ret = wc_HmacUpdate(verifyHmac, hash, hashSz);
+            ret = wc_HmacUpdate(verifyHmac, hash, (word32)hashSz);
         if (ret == 0)
             ret = wc_HmacFinal(verifyHmac, hash);
         wc_HmacFree(verifyHmac);
@@ -1419,7 +1437,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
 #endif
 
     if (pHashSz)
-        *pHashSz = hashSz;
+        *pHashSz = (word32)hashSz;
 
     return ret;
 }
@@ -1453,7 +1471,7 @@ static const byte writeIVLabel[WRITE_IV_LABEL_SZ+1]   = "iv";
  */
 int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
 {
-    int   ret = BAD_FUNC_ARG; /* Assume failure */
+    int   ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Assume failure */
     int   i = 0;
 #ifdef WOLFSSL_SMALL_STACK
     byte* key_dig;
@@ -1464,10 +1482,10 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13DeriveKeys(ssl, secret, side);
-    if (ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         return ret;
     }
-    ret = BAD_FUNC_ARG; /* Assume failure */
+    ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Assume failure */
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -1540,6 +1558,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
             break;
 
         default:
+            ret = BAD_FUNC_ARG;
             break;
     }
 
@@ -1620,7 +1639,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
 #endif /* WOLFSSL_DTLS13 */
 
 end:
-    ForceZero(key_dig, i);
+    ForceZero(key_dig, (word32)i);
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
@@ -1897,10 +1916,12 @@ end:
 #elif defined(WOLFSSL_ZEPHYR)
     word32 TimeNowInMilliseconds(void)
     {
+        int64_t t;
     #if defined(CONFIG_ARCH_POSIX)
         k_cpu_idle();
     #endif
-        return (word32)k_uptime_get() / 1000;
+        t = k_uptime_get(); /* returns current uptime in milliseconds */
+        return (word32)t;
     }
 
 #else
@@ -2188,10 +2209,12 @@ end:
 #elif defined(WOLFSSL_ZEPHYR)
     sword64 TimeNowInMilliseconds(void)
     {
+        int64_t t;
     #if defined(CONFIG_ARCH_POSIX)
         k_cpu_idle();
     #endif
-        return (sword64)k_uptime_get() / 1000;
+        t = k_uptime_get(); /* returns current uptime in milliseconds */
+        return (sword64)t;
     }
 
 #else
@@ -2393,6 +2416,9 @@ static WC_INLINE void WriteSEQTls13(WOLFSSL* ssl, int verifyOrder, byte* out)
         if (seq[1] > ssl->keys.sequence_number_lo)
             ssl->keys.sequence_number_hi++;
     }
+#ifdef WOLFSSL_DEBUG_TLS
+    WOLFSSL_MSG_EX("TLS 1.3 Write Sequence %d %d", seq[0], seq[1]);
+#endif
 
     c32toa(seq[0], out);
     c32toa(seq[1], out + OPAQUE32_LEN);
@@ -2408,14 +2434,11 @@ static WC_INLINE void WriteSEQTls13(WOLFSSL* ssl, int verifyOrder, byte* out)
 static WC_INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv,
                                    int order)
 {
-    int  i;
-
+    int seq_offset = AEAD_NONCE_SZ - SEQ_SZ;
     /* The nonce is the IV with the sequence XORed into the last bytes. */
-    WriteSEQTls13(ssl, order, nonce + AEAD_NONCE_SZ - SEQ_SZ);
-    for (i = 0; i < AEAD_NONCE_SZ - SEQ_SZ; i++)
-        nonce[i] = iv[i];
-    for (; i < AEAD_NONCE_SZ; i++)
-        nonce[i] ^= iv[i];
+    WriteSEQTls13(ssl, order, nonce + seq_offset);
+    XMEMCPY(nonce, iv, seq_offset);
+    xorbuf(nonce + seq_offset, iv + seq_offset, SEQ_SZ);
 }
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
@@ -2514,7 +2537,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output,
     /* Copy the input to output if not the same buffer */
     if (ret == 0 && output != input)
         XMEMCPY(output, input, sz);
-
     return ret;
 }
 #endif
@@ -2554,13 +2576,13 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
     (void)nonceSz;
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ssl->error == WC_PENDING_E) {
+    if (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ssl->error = 0; /* clear async */
     }
 #endif
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13AesEncrypt(ssl, output, input, dataSz);
-    if (ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         if (ret > 0) {
             ret = 0; /* tsip_Tls13AesEncrypt returns output size */
         }
@@ -2633,7 +2655,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
                                   output + dataSz, macSz,
                                   aad, aadSz);
                     }
-                    if (ret == NOT_COMPILED_IN)
+                    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                 #endif
                     {
 
@@ -2675,7 +2697,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
                                   output + dataSz, macSz,
                                   aad, aadSz);
                     }
-                    if (ret == NOT_COMPILED_IN)
+                    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                 #endif
                     {
                 #if ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
@@ -2737,7 +2759,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
             ssl->encrypt.state = CIPHER_STATE_END;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 /* if async is not okay, then block */
                 if (!asyncOkay) {
                     ret = wc_AsyncWait(ret, asyncDev, event_flags);
@@ -2910,7 +2932,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
     /* Copy the input to output if not the same buffer */
     if (ret == 0 && output != input)
         XMEMCPY(output, input, sz);
-
     return ret;
 }
 #endif
@@ -2939,7 +2960,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13AesDecrypt(ssl, output, input, sz);
 
-    if (ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         #ifndef WOLFSSL_EARLY_DATA
         if (ret < 0) {
             ret = VERIFY_MAC_ERROR;
@@ -2952,9 +2973,9 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* check for still pending */
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             return ret;
 
         ssl->error = 0; /* clear async */
@@ -3035,7 +3056,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
                                   (byte *)(input + dataSz), macSz,
                                   aad, aadSz);
                     }
-                    if (ret == NOT_COMPILED_IN)
+                    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                 #endif
                     {
 
@@ -3044,7 +3065,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
                             input + dataSz, macSz, aad, aadSz);
 
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (ret == WC_PENDING_E) {
+                        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             ret = wolfSSL_AsyncPush(ssl,
                                 &ssl->decrypt.aes->asyncDev);
                         }
@@ -3074,14 +3095,14 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
                                   (byte *)(input + dataSz), macSz,
                                   aad, aadSz);
                     }
-                    if (ret == NOT_COMPILED_IN)
+                    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                 #endif
                     {
                         ret = wc_AesCcmDecrypt(ssl->decrypt.aes, output, input,
                             dataSz, ssl->decrypt.nonce, nonceSz,
                             input + dataSz, macSz, aad, aadSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (ret == WC_PENDING_E) {
+                        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             ret = wolfSSL_AsyncPush(ssl,
                                 &ssl->decrypt.aes->asyncDev);
                         }
@@ -3131,7 +3152,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* If pending, leave now */
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 return ret;
             }
         #endif
@@ -3179,6 +3200,7 @@ typedef struct BuildMsg13Args {
     word32 idx;
     word32 headerSz;
     word16 size;
+    word32 paddingSz;
 } BuildMsg13Args;
 
 static void FreeBuildMsg13Args(WOLFSSL* ssl, void* pArgs)
@@ -3229,7 +3251,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         args = (BuildMsg13Args*)ssl->async->args;
 
         ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
-        if (ret != WC_NO_PENDING_E) {
+        if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
             /* Check for error */
             if (ret < 0)
                 goto exit_buildmsg;
@@ -3243,7 +3265,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
     /* Reset state */
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_NO_PENDING_E)
+    if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E))
 #endif
     {
         ret = 0;
@@ -3256,7 +3278,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             args->headerSz = Dtls13GetRlHeaderLength(ssl, 1);
 #endif /* WOLFSSL_DTLS13 */
 
-        args->sz = args->headerSz + inSz;
+        args->sz = args->headerSz + (word32)inSz;
         args->idx  = args->headerSz;
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -3284,9 +3306,16 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             args->sz++;
             /* Authentication data at the end. */
             args->sz += ssl->specs.aead_mac_size;
-
+#ifdef WOLFSSL_DTLS13
+            /* Pad to minimum length */
+            if (ssl->options.dtls &&
+                    args->sz < (word32)Dtls13MinimumRecordLength(ssl)) {
+                args->paddingSz = Dtls13MinimumRecordLength(ssl) - args->sz;
+                args->sz = Dtls13MinimumRecordLength(ssl);
+            }
+#endif
             if (sizeOnly)
-                return args->sz;
+                return (int)args->sz;
 
             if (args->sz > (word32)outSz) {
                 WOLFSSL_MSG("Oops, want to write past output buffer size");
@@ -3311,8 +3340,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
             /* TLS v1.3 can do in place encryption. */
             if (input != output + args->idx)
-                XMEMCPY(output + args->idx, input, inSz);
-            args->idx += inSz;
+                XMEMCPY(output + args->idx, input, (size_t)inSz);
+            args->idx += (word32)inSz;
 
             ssl->options.buildMsgState = BUILD_MSG_HASH;
         }
@@ -3321,13 +3350,16 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         case BUILD_MSG_HASH:
         {
             if (hashOutput) {
-                ret = HashOutput(ssl, output, args->headerSz + inSz, 0);
+                ret = HashOutput(ssl, output, (int)args->headerSz + inSz, 0);
                 if (ret != 0)
                     goto exit_buildmsg;
             }
 
             /* The real record content type goes at the end of the data. */
             output[args->idx++] = (byte)type;
+            /* Double check that any necessary padding is zero'd out */
+            XMEMSET(output + args->idx, 0, args->paddingSz);
+            args->idx += args->paddingSz;
 
             ssl->options.buildMsgState = BUILD_MSG_ENCRYPT;
         }
@@ -3340,8 +3372,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 /* QUIC does not use encryption of the TLS Record Layer.
                  * Return the original length + added headers
                  * and restore it in the record header. */
-                AddTls13RecordHeader(output, inSz, type, ssl);
-                ret = args->headerSz + inSz;
+                AddTls13RecordHeader(output, (word32)inSz, (byte)type, ssl);
+                ret = (int)args->headerSz + inSz;
                 goto exit_buildmsg;
             }
 #endif
@@ -3351,7 +3383,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 byte* mac = output + args->idx;
                 output += args->headerSz;
 
-                ret = ssl->ctx->MacEncryptCb(ssl, mac, output, inSz, type, 0,
+                ret = ssl->ctx->MacEncryptCb(ssl, mac, output, (unsigned int)inSz, (byte)type, 0,
                         output, output, args->size, ssl->MacEncryptCtx);
             }
             else
@@ -3363,7 +3395,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                                    (word16)args->headerSz, asyncOkay);
                 if (ret != 0) {
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (ret != WC_PENDING_E)
+                    if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                 #endif
                     {
                         /* Zeroize plaintext. */
@@ -3373,7 +3405,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #ifdef WOLFSSL_DTLS13
                 if (ret == 0 && ssl->options.dtls) {
                     /* AAD points to the header. Reuse the variable  */
-                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, (word16)args->sz);
+                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad,
+                                                    (word16)args->sz);
                 }
 #endif /* WOLFSSL_DTLS13 */
             }
@@ -3389,7 +3422,7 @@ exit_buildmsg:
     WOLFSSL_LEAVE("BuildTls13Message", ret);
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         return ret;
     }
 #endif
@@ -3399,7 +3432,7 @@ exit_buildmsg:
 
     /* return sz on success */
     if (ret == 0) {
-        ret = args->sz;
+        ret = (int)args->sz;
     }
     else {
         WOLFSSL_ERROR_VERBOSE(ret);
@@ -3548,6 +3581,12 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
         return BAD_FUNC_ARG;
     }
 
+    if (ssl->buffers.tls13CookieSecret.buffer == NULL ||
+            ssl->buffers.tls13CookieSecret.length == 0) {
+        WOLFSSL_MSG("Missing DTLS 1.3 cookie secret");
+        return COOKIE_ERROR;
+    }
+
     /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
     cookie[cookieSz++] = (byte)hashSz;
     XMEMCPY(cookie + cookieSz, hash, hashSz);
@@ -3574,7 +3613,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
     macSz = WC_SHA256_DIGEST_SIZE;
 #endif /* NO_SHA256 */
 
-    ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
+    ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, cookieType,
                             ssl->buffers.tls13CookieSecret.buffer,
@@ -3585,6 +3624,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
 #ifdef WOLFSSL_DTLS13
     /* Tie cookie to peer address */
     if (ret == 0) {
+        /* peerLock not necessary. Still in handshake phase. */
         if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) {
             ret = wc_HmacUpdate(&cookieHmac,
                 (byte*)ssl->buffers.dtlsCtx.peer.sa,
@@ -3914,7 +3954,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
                     MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN,
                     &cipherName);
             if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                                       &cipherSuite, &cipherSuiteFlags) != 0) {
+                            &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
                 WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
                 return PSK_KEY_ERROR;
             }
@@ -3930,7 +3970,8 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
             ssl->options.cipherSuite  = WOLFSSL_DEF_PSK_CIPHER;
         }
         if (ssl->arrays->psk_keySz == 0 ||
-                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
+            (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
             WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
             return PSK_KEY_ERROR;
         }
@@ -3943,7 +3984,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
 #endif /* !WOLFSSL_PSK_ONE_ID */
 
         if (!clientHello && (psk->cipherSuite0 != suite[0] ||
-                                                psk->cipherSuite != suite[1])) {
+                             psk->cipherSuite  != suite[1])) {
             WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
             return PSK_KEY_ERROR;
         }
@@ -3981,6 +4022,10 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
 
     WOLFSSL_ENTER("WritePSKBinders");
 
+    if (idx > WOLFSSL_MAX_16BIT) {
+        return INPUT_SIZE_E;
+    }
+
     ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
     if (ext == NULL)
         return SANITY_MSG_E;
@@ -3996,10 +4041,10 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls)
         ret = Dtls13HashHandshake(ssl, output + Dtls13GetRlHeaderLength(ssl, 0),
-            idx - Dtls13GetRlHeaderLength(ssl, 0));
+                                 (word16)idx - Dtls13GetRlHeaderLength(ssl, 0));
     else
 #endif /* WOLFSSL_DTLS13 */
-        ret = HashOutput(ssl, output, idx, 0);
+        ret = HashOutput(ssl, output, (int)idx, 0);
 
     if (ret != 0)
         return ret;
@@ -4118,7 +4163,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
             return i;
     }
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* returns status after we hash the ech inner */
@@ -4127,7 +4172,12 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
     int ret = 0;
     word32 realSz;
     HS_Hashes* tmpHashes;
+#ifdef WOLFSSL_DTLS13
+    byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
+#else
     byte falseHeader[HANDSHAKE_HEADER_SZ];
+#endif
+
     if (ssl == NULL || ech == NULL)
         return BAD_FUNC_ARG;
     realSz = ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt;
@@ -4231,7 +4281,7 @@ typedef struct Sch13Args {
     byte*  output;
     word32 idx;
     int    sendSz;
-    word16 length;
+    word32 length;
 #if defined(HAVE_ECH)
     int clientRandomOffset;
     int preXLength;
@@ -4309,7 +4359,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
     args = (Sch13Args*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             return ret;
@@ -4405,18 +4455,18 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
     /* find length of outer and inner */
 #if defined(HAVE_ECH)
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH);
         if (echX == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
         args->ech = (WOLFSSL_ECH*)echX->data;
         if (args->ech == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
         /* set the type to inner */
         args->ech->type = ECH_TYPE_INNER;
-        args->preXLength = args->length;
+        args->preXLength = (int)args->length;
 
         /* get size for inner */
         ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
@@ -4427,16 +4477,16 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         args->ech->type = 0;
         /* set innerClientHelloLen to ClientHelloInner + padding + tag */
         args->ech->paddingLen = 31 - ((args->length - 1) % 32);
-        args->ech->innerClientHelloLen = args->length +
-            args->ech->paddingLen + args->ech->hpke->Nt;
+        args->ech->innerClientHelloLen = (word16)(args->length +
+            args->ech->paddingLen + args->ech->hpke->Nt);
         /* set the length back to before we computed ClientHelloInner size */
-        args->length = args->preXLength;
+        args->length = (word32)args->preXLength;
     }
 #endif
 
     {
 #ifdef WOLFSSL_DTLS_CH_FRAG
-        int maxFrag = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
+        word16 maxFrag = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
         word16 lenWithoutExts = args->length;
 #endif
 
@@ -4445,8 +4495,17 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         if (ret != 0)
             return ret;
 
+        /* Total message size. */
+        args->sendSz =
+                (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
+
+#ifdef WOLFSSL_DTLS13
+        if (ssl->options.dtls)
+            args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
+#endif /* WOLFSSL_DTLS13 */
+
 #ifdef WOLFSSL_DTLS_CH_FRAG
-        if (ssl->options.dtls && args->length > maxFrag &&
+        if (ssl->options.dtls && args->sendSz > maxFrag &&
                 TLSX_Find(ssl->extensions, TLSX_COOKIE) == NULL) {
             /* Try again with an empty key share if we would be fragmenting
              * without a cookie */
@@ -4457,7 +4516,9 @@ int SendTls13ClientHello(WOLFSSL* ssl)
             ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
             if (ret != 0)
                 return ret;
-            if (args->length > maxFrag) {
+            args->sendSz = (int)(args->length +
+                    DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ);
+            if (args->sendSz > maxFrag) {
                 WOLFSSL_MSG("Can't fit first CH in one fragment.");
                 return BUFFER_ERROR;
             }
@@ -4466,14 +4527,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 #endif
     }
 
-    /* Total message size. */
-    args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
-
-#ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls)
-        args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
-#endif /* WOLFSSL_DTLS13 */
-
     /* Check buffers are big enough and grow if needed. */
     if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0)
         return ret;
@@ -4507,7 +4560,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         XMEMCPY(args->output + args->idx, ssl->arrays->clientRandom, RAN_LEN);
 
 #if defined(HAVE_ECH)
-    args->clientRandomOffset = args->idx;
+    args->clientRandomOffset = (int)args->idx;
 #endif
 
     args->idx += RAN_LEN;
@@ -4553,7 +4606,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
 #if defined(HAVE_ECH)
     /* write inner then outer */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         /* set the type to inner */
         args->ech->type = ECH_TYPE_INNER;
         /* innerClientHello may already exist from hrr, free if it does */
@@ -4610,10 +4663,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
 #if defined(HAVE_ECH)
     /* encrypt and pack the ech innerClientHello */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         ret = TLSX_FinalizeEch(args->ech,
             args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ,
-            args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ));
+            (word32)(args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ)));
 
         if (ret != 0)
             return ret;
@@ -4640,13 +4693,12 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         {
 #if defined(HAVE_ECH)
             /* compute the inner hash */
-            if (ssl->options.useEch == 1) {
+            if (ssl->options.useEch == 1 && !ssl->options.disableECH)
                 ret = EchHashHelloInner(ssl, args->ech);
-            }
 #endif
             /* compute the outer hash */
             if (ret == 0)
-                ret = HashOutput(ssl, args->output, args->idx, 0);
+                ret = HashOutput(ssl, args->output, (int)args->idx, 0);
         }
     }
     if (ret != 0)
@@ -4673,7 +4725,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    ssl->buffers.outputBuffer.length += args->sendSz;
+    ssl->buffers.outputBuffer.length += (word32)args->sendSz;
 
     /* Advance state and proceed */
     ssl->options.asyncState = TLS_ASYNC_END;
@@ -4708,7 +4760,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 }
 
 #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT)
-static int Dtls13DoDowngrade(WOLFSSL* ssl)
+static int Dtls13ClientDoDowngrade(WOLFSSL* ssl)
 {
     int ret;
     if (ssl->dtls13ClientHello == NULL)
@@ -4740,8 +4792,8 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
     const byte* input, int acceptOffset, int helloSz, byte msgType)
 {
     int ret = 0;
-    int digestType;
-    int digestSize;
+    int digestType = 0;
+    int digestSize = 0;
     HS_Hashes* tmpHashes;
     HS_Hashes* acceptHashes = NULL;
     byte zeros[WC_MAX_DIGEST_SIZE];
@@ -4804,7 +4856,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
                 break;
 #endif /* WOLFSSL_SM3 */
             default:
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
         }
     }
@@ -4812,8 +4864,8 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
-        ret = wc_HKDF_Extract_ex(digestType, zeros, digestSize,
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
+        ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
     #else
@@ -4826,9 +4878,10 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
         ret = Tls13HKDFExpandKeyLabel(ssl, acceptConfirmation,
-            ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, digestSize,
+            ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize,
             tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz,
-            transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END);
+            transcriptEchConf, (word32)digestSize, digestType,
+            WOLFSSL_SERVER_END);
         PRIVATE_KEY_LOCK();
     }
     if (ret == 0) {
@@ -4872,9 +4925,9 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
     byte* output, int acceptOffset, int helloSz, byte msgType)
 {
     int ret = 0;
-    int digestType;
-    int digestSize;
-    HS_Hashes* tmpHashes;
+    int digestType = 0;
+    int digestSize = 0;
+    HS_Hashes* tmpHashes = NULL;
     HS_Hashes* acceptHashes = NULL;
     byte zeros[WC_MAX_DIGEST_SIZE];
     byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
@@ -4933,7 +4986,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
                 break;
 #endif /* WOLFSSL_SM3 */
             default:
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
         }
     }
@@ -4941,8 +4994,8 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
-        ret = wc_HKDF_Extract_ex(digestType, zeros, digestSize,
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
+        ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
     #else
@@ -4955,9 +5008,10 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
         ret = Tls13HKDFExpandKeyLabel(ssl, output + acceptOffset,
-            ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, digestSize,
+            ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize,
             tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz,
-            transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END);
+            transcriptEchConf, (word32)digestSize, digestType,
+            WOLFSSL_SERVER_END);
         PRIVATE_KEY_LOCK();
     }
     if (ret == 0) {
@@ -4995,7 +5049,6 @@ typedef struct Dsh13Args {
     byte            extMsgType;
 #if defined(HAVE_ECH)
     TLSX* echX;
-    HS_Hashes* tmpHashes;
     byte* acceptLabel;
     word32 acceptOffset;
     word16 acceptLabelSz;
@@ -5041,10 +5094,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     args = (Dsh13Args*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0) {
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 /* Mark message as not received so it can process again */
                 ssl->msgsReceived.got_server_hello = 0;
             }
@@ -5107,7 +5160,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             if (ssl->options.dtls) {
                 ssl->chVersion.minor = DTLSv1_2_MINOR;
                 ssl->version.minor = DTLSv1_2_MINOR;
-                ret = Dtls13DoDowngrade(ssl);
+                ret = Dtls13ClientDoDowngrade(ssl);
                 if (ret != 0)
                     return ret;
             }
@@ -5202,7 +5255,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->options.dtls) {
             ssl->chVersion.minor = DTLSv1_2_MINOR;
             ssl->version.minor = DTLSv1_2_MINOR;
-            ret = Dtls13DoDowngrade(ssl);
+            ret = Dtls13ClientDoDowngrade(ssl);
             if (ret != 0)
                 return ret;
         }
@@ -5250,7 +5303,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     defined(WOLFSSL_WPAS_SMALL)
             /* Check if client has disabled TLS 1.2 */
             if (args->pv.minor == TLSv1_2_MINOR &&
-                (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
+                (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2)
+                == WOLFSSL_OP_NO_TLSv1_2)
+            {
                 WOLFSSL_MSG("\tOption set to not allow TLSv1.2");
                 WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
                 return VERSION_ERROR;
@@ -5272,10 +5327,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             }
 
             ssl->version.minor = args->pv.minor;
+            ssl->options.tls1_3 = 0;
 
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls) {
-                ret = Dtls13DoDowngrade(ssl);
+                ret = Dtls13ClientDoDowngrade(ssl);
                 if (ret != 0)
                     return ret;
             }
@@ -5305,14 +5361,15 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     /* restore message type */
     *extMsgType = args->extMsgType;
 
-    if (args->totalExtSz > 0) {
-        /* Parse and handle extensions. */
+    /* Parse and handle extensions, unless lower than TLS1.3. In that case,
+     * extensions will be parsed in DoServerHello. */
+    if (args->totalExtSz > 0 && IsAtLeastTLSv1_3(ssl->version)) {
         ret = TLSX_Parse(ssl, input + args->idx, args->totalExtSz,
             *extMsgType, NULL);
         if (ret != 0) {
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* Handle async operation */
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 /* Mark message as not received so it can process again */
                 ssl->msgsReceived.got_server_hello = 0;
             }
@@ -5325,7 +5382,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ssl->msgsReceived.got_hello_retry_request = 1;
             ssl->msgsReceived.got_server_hello = 0;
         }
+    }
 
+    if (args->totalExtSz > 0) {
         args->idx += args->totalExtSz;
     }
 
@@ -5334,7 +5393,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         DtlsCIDOnExtensionsParsed(ssl);
 #endif /* WOLFSSL_DTLS_CID */
 
-    *inOutIdx = args->idx;
+    if (IsAtLeastTLSv1_3(ssl->version)) {
+        *inOutIdx = args->idx;
+    }
 
     ssl->options.serverState = SERVER_HELLO_COMPLETE;
 
@@ -5373,9 +5434,12 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
 
         /* Force client hello version 1.2 to work for static RSA. */
-        ssl->chVersion.minor = TLSv1_2_MINOR;
+        if (ssl->options.dtls)
+            ssl->chVersion.minor = DTLSv1_2_MINOR;
+        else
+            ssl->chVersion.minor = TLSv1_2_MINOR;
         /* Complete TLS v1.2 processing of ServerHello. */
-        ret = CompleteServerHello(ssl);
+        ret = DoServerHello(ssl, input, inOutIdx, helloSz);
 #else
         WOLFSSL_MSG("Client using higher version, fatal error");
         WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
@@ -5733,7 +5797,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
         #endif
             ) {
         if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo,
-                                               peerSuites.hashSigAlgoSz) != 0) {
+                            peerSuites.hashSigAlgoSz, 0) != 0) {
             WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
             return INVALID_PARAMETER;
         }
@@ -5844,7 +5908,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
          if (*psk_keySz != 0) {
              int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
              *found = (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                 &cipherSuite, &cipherSuiteFlags) == 0);
+                 &cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0);
              (void)cipherSuiteFlags;
          }
     }
@@ -5855,7 +5919,8 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
          *found = (*psk_keySz != 0);
     }
     if (*found) {
-        if (*psk_keySz > MAX_PSK_KEY_LEN) {
+        if (*psk_keySz > MAX_PSK_KEY_LEN &&
+            *((int*)psk_keySz) != WC_NO_ERR_TRACE(USE_HW_PSK)) {
             WOLFSSL_MSG("Key len too long in FindPsk()");
             ret = PSK_KEY_ERROR;
             WOLFSSL_ERROR_VERBOSE(ret);
@@ -5910,29 +5975,27 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
     ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz,
                        suite, &found, foundSuite);
     if (ret == 0 && found) {
-        if ((ret == 0) && found) {
-            /* Default to ciphersuite if cb doesn't specify. */
-            ssl->options.resuming = 0;
-            /* Don't send certificate request when using PSK. */
-            ssl->options.verifyPeer = 0;
+        /* Default to ciphersuite if cb doesn't specify. */
+        ssl->options.resuming = 0;
+        /* Don't send certificate request when using PSK. */
+        ssl->options.verifyPeer = 0;
 
-            /* PSK age is always zero. */
-            if (psk->ticketAge != 0) {
-                ret = PSK_KEY_ERROR;
-                WOLFSSL_ERROR_VERBOSE(ret);
-            }
+        /* PSK age is always zero. */
+        if (psk->ticketAge != 0) {
+            ret = PSK_KEY_ERROR;
+            WOLFSSL_ERROR_VERBOSE(ret);
         }
-        if ((ret == 0) && found) {
+        if (ret == 0) {
             /* Set PSK ciphersuite into SSL. */
             ssl->options.cipherSuite0 = foundSuite[0];
             ssl->options.cipherSuite  = foundSuite[1];
             ret = SetCipherSpecs(ssl);
         }
-        if ((ret == 0) && found) {
+        if (ret == 0) {
             /* Derive the early secret using the PSK. */
             ret = DeriveEarlySecret(ssl);
         }
-        if ((ret == 0) && found) {
+        if (ret == 0) {
             /* PSK negotiation has succeeded */
             ssl->options.isPSK = 1;
             /* SERVER: using PSK for peer authentication. */
@@ -6011,7 +6074,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
         }
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             return ret;
         #endif
 
@@ -6062,7 +6125,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
                 return ret;
 
             /* Hash data up to binders for deriving binders in PSK extension. */
-            ret = HashInput(ssl, input, inputSz);
+            ret = HashInput(ssl, input, (int)inputSz);
             if (ret < 0)
                 return ret;
 
@@ -6078,7 +6141,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
             if (ret != 0)
                 return ret;
 
-            ret = HashInput(ssl, input, inputSz);
+            ret = HashInput(ssl, input, (int)inputSz);
             if (ret < 0)
                 return ret;
 
@@ -6174,7 +6237,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
         if (usingPSK)
             *usingPSK = 0;
         /* Hash data up to binders for deriving binders in PSK extension. */
-        ret = HashInput(ssl, input,  helloSz);
+        ret = HashInput(ssl, input,  (int)helloSz);
         return ret;
     }
 
@@ -6211,7 +6274,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
         if (ret != 0) {
 #ifdef HAVE_SESSION_TICKET
 #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret != WC_PENDING_E)
+            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
 #endif
                 CleanupClientTickets((PreSharedKey*)ext->data);
 #endif
@@ -6241,13 +6304,13 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
     else {
         /* No suitable PSK found, Hash the complete ClientHello,
          * as caller expect it after we return */
-        ret = HashInput(ssl, input,  helloSz);
+        ret = HashInput(ssl, input,  (int)helloSz);
     }
     if (ret != 0)
         return ret;
 
     if (*usingPSK != 0) {
-        word16 modes;
+        word32 modes;
     #ifdef WOLFSSL_EARLY_DATA
         TLSX*  extEarlyData;
 
@@ -6352,6 +6415,12 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
     byte cookieType = 0;
     byte macSz = 0;
 
+    if (ssl->buffers.tls13CookieSecret.buffer == NULL ||
+            ssl->buffers.tls13CookieSecret.length == 0) {
+        WOLFSSL_MSG("Missing DTLS 1.3 cookie secret");
+        return COOKIE_ERROR;
+    }
+
 #if !defined(NO_SHA) && defined(NO_SHA256)
     cookieType = SHA;
     macSz = WC_SHA_DIGEST_SIZE;
@@ -6365,7 +6434,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
         return HRR_COOKIE_ERROR;
     cookieSz -= macSz;
 
-    ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
+    ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, cookieType,
                             ssl->buffers.tls13CookieSecret.buffer,
@@ -6376,6 +6445,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
 #ifdef WOLFSSL_DTLS13
     /* Tie cookie to peer address */
     if (ret == 0) {
+        /* peerLock not necessary. Still in handshake phase. */
         if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) {
             ret = wc_HmacUpdate(&cookieHmac,
                 (byte*)ssl->buffers.dtlsCtx.peer.sa,
@@ -6639,7 +6709,6 @@ static int DoTls13SupportedVersions(WOLFSSL* ssl, const byte* input, word32 i,
 
 typedef struct Dch13Args {
     ProtocolVersion pv;
-    Suites*         clSuites;
     word32          idx;
     word32          begin;
     int             usingPSK;
@@ -6647,17 +6716,17 @@ typedef struct Dch13Args {
 
 static void FreeDch13Args(WOLFSSL* ssl, void* pArgs)
 {
-    Dch13Args* args = (Dch13Args*)pArgs;
-
-    (void)ssl;
-
-    if (args && args->clSuites) {
-        XFREE(args->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
-        args->clSuites = NULL;
+    /* openssl compat builds hang on to the client suites until WOLFSSL object
+     * is destroyed */
+#ifndef OPENSSL_EXTRA
+    if (ssl->clSuites) {
+        XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+        ssl->clSuites = NULL;
     }
-#ifdef OPENSSL_EXTRA
-    ssl->clSuites = NULL;
 #endif
+    (void)ssl;
+    (void)pArgs;
+
 }
 
 int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
@@ -6688,7 +6757,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     args = (Dch13Args*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0) {
             goto exit_dch;
@@ -6726,6 +6795,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
      * wolfSSL_accept_TLSv13 when changing this one. */
     if (IsDtlsNotSctpMode(ssl) && ssl->options.sendCookie &&
             !ssl->options.dtlsStateful) {
+        DtlsSetSeqNumForReply(ssl);
         ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0, NULL);
         if (ret != 0 || !ssl->options.dtlsStateful) {
             *inOutIdx += helloSz;
@@ -6813,7 +6883,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         realMinor = ssl->version.minor;
         ssl->version.minor = args->pv.minor;
-        ret = HashInput(ssl, input + args->begin, helloSz);
+        ret = HashInput(ssl, input + args->begin, (int)helloSz);
         ssl->version.minor = realMinor;
         if (ret == 0) {
             ret = DoClientHello(ssl, input, inOutIdx, helloSz);
@@ -6866,28 +6936,31 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    args->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
+    XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+    ssl->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
         DYNAMIC_TYPE_SUITES);
-    if (args->clSuites == NULL) {
+    if (ssl->clSuites == NULL) {
         ERROR_OUT(MEMORY_E, exit_dch);
     }
 
     /* Cipher suites */
     if ((args->idx - args->begin) + OPAQUE16_LEN > helloSz)
         ERROR_OUT(BUFFER_ERROR, exit_dch);
-    ato16(&input[args->idx], &args->clSuites->suiteSz);
+    ato16(&input[args->idx], &ssl->clSuites->suiteSz);
     args->idx += OPAQUE16_LEN;
-    if ((args->clSuites->suiteSz % 2) != 0) {
+    if ((ssl->clSuites->suiteSz % 2) != 0) {
         ERROR_OUT(INVALID_PARAMETER, exit_dch);
     }
     /* suites and compression length check */
-    if ((args->idx - args->begin) + args->clSuites->suiteSz + OPAQUE8_LEN > helloSz)
+    if ((args->idx - args->begin) + ssl->clSuites->suiteSz + OPAQUE8_LEN >
+            helloSz) {
         ERROR_OUT(BUFFER_ERROR, exit_dch);
-    if (args->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ)
+    }
+    if (ssl->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ)
         ERROR_OUT(BUFFER_ERROR, exit_dch);
-    XMEMCPY(args->clSuites->suites, input + args->idx, args->clSuites->suiteSz);
-    args->idx += args->clSuites->suiteSz;
-    args->clSuites->hashSigAlgoSz = 0;
+    XMEMCPY(ssl->clSuites->suites, input + args->idx, ssl->clSuites->suiteSz);
+    args->idx += ssl->clSuites->suiteSz;
+    ssl->clSuites->hashSigAlgoSz = 0;
 
     /* Compression */
     b = input[args->idx++];
@@ -6919,12 +6992,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         goto exit_dch;
 
 #if defined(HAVE_ECH)
-    if (ssl->ctx->echConfigs != NULL) {
+    if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
         /* save the start of the buffer so we can use it when parsing ech */
         echX = TLSX_Find(ssl->extensions, TLSX_ECH);
 
         if (echX == NULL)
-            return -1;
+            ERROR_OUT(WOLFSSL_FATAL_ERROR, exit_dch);
 
         ((WOLFSSL_ECH*)echX->data)->aad = input + HANDSHAKE_HEADER_SZ;
         ((WOLFSSL_ECH*)echX->data)->aadLen = helloSz;
@@ -6933,7 +7006,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     /* Parse extensions */
     if ((ret = TLSX_Parse(ssl, input + args->idx, totalExtSz, client_hello,
-                                                            args->clSuites))) {
+                                                            ssl->clSuites))) {
         goto exit_dch;
     }
 
@@ -6993,12 +7066,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
                                                     defined(HAVE_TLS_EXTENSIONS)
-    ret = CheckPreSharedKeys(ssl, input + args->begin, helloSz, args->clSuites,
+    ret = CheckPreSharedKeys(ssl, input + args->begin, helloSz, ssl->clSuites,
         &args->usingPSK);
     if (ret != 0)
         goto exit_dch;
 #else
-    if ((ret = HashInput(ssl, input + args->begin, helloSz)) != 0)
+    if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0)
         goto exit_dch;
 #endif
 
@@ -7017,7 +7090,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             WOLFSSL_MSG("Client did not send a KeyShare extension");
             ERROR_OUT(INCOMPLETE_DATA, exit_dch);
         }
-        if (TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS) == NULL) {
+        /* Can't check ssl->extensions here as SigAlgs are unconditionally
+           set by TLSX_PopulateExtensions */
+        if (ssl->clSuites->hashSigAlgoSz == 0) {
             WOLFSSL_MSG("Client did not send a SignatureAlgorithms extension");
             ERROR_OUT(INCOMPLETE_DATA, exit_dch);
         }
@@ -7043,15 +7118,14 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     case TLS_ASYNC_DO:
     {
 #ifdef OPENSSL_EXTRA
-    ssl->clSuites = args->clSuites;
     if ((ret = CertSetupCbWrapper(ssl)) != 0)
         goto exit_dch;
 #endif
 #ifndef NO_CERTS
     if (!args->usingPSK) {
-        if ((ret = MatchSuite(ssl, args->clSuites)) < 0) {
+        if ((ret = MatchSuite(ssl, ssl->clSuites)) < 0) {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret != WC_PENDING_E)
+            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
         #endif
                 WOLFSSL_MSG("Unsupported cipher suite, ClientHello 1.3");
             goto exit_dch;
@@ -7068,7 +7142,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE)
                 ERROR_OUT(INVALID_PARAMETER, exit_dch);
             ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
-            if (ret != WC_PENDING_E)
+            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                 ret = 0; /* for hello_retry return 0 */
         }
         if (ret != 0)
@@ -7090,7 +7164,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     TLSX* extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
     if (extension != NULL && extension->resp == 1) {
         KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data;
-        if (serverKSE != NULL && serverKSE->lastRet == WC_PENDING_E) {
+        if (serverKSE != NULL &&
+            serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = TLSX_KeyShare_GenKey(ssl, serverKSE);
             if (ret != 0)
                 goto exit_dch;
@@ -7141,9 +7216,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ERROR_OUT(MATCH_SUITE_ERROR, exit_dch);
         }
 
-    #ifdef HAVE_SESSION_TICKET
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
         if (ssl->options.resuming) {
             ssl->options.resuming = 0;
+            ssl->arrays->psk_keySz = 0;
             XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size);
         }
     #endif
@@ -7222,7 +7298,7 @@ exit_dch:
     WOLFSSL_LEAVE("DoTls13ClientHello", ret);
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         ssl->msgsReceived.got_client_hello = 0;
         return ret;
     }
@@ -7302,7 +7378,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     ret = TLSX_GetResponseSize(ssl, extMsgType, &length);
     if (ret != 0)
         return ret;
-    sendSz = idx + length;
+    sendSz = (int)(idx + length);
 
     /* Check buffers are big enough and grow if needed. */
     if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
@@ -7392,10 +7468,10 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
 #endif /* WOLFSSL_DTLS13 */
         {
 #if defined(HAVE_ECH)
-            if (ssl->ctx->echConfigs != NULL) {
+            if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
                 echX = TLSX_Find(ssl->extensions, TLSX_ECH);
                 if (echX == NULL)
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 /* use hrr offset */
                 if (extMsgType == hello_retry_request) {
                     acceptOffset =
@@ -7464,7 +7540,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     if (!ssl->options.groupMessages || extMsgType != server_hello)
         ret = SendBuffered(ssl);
@@ -7563,7 +7639,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
     if (ret != 0)
         return ret;
 
-    sendSz = idx + length;
+    sendSz = (int)(idx + length);
     /* Encryption always on. */
     sendSz += MAX_MSG_EXTRA;
 
@@ -7612,11 +7688,12 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
 
     /* This handshake message is always encrypted. */
     sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               idx - RECORD_HEADER_SZ, handshake, 1, 0, 0);
+                               (int)(idx - RECORD_HEADER_SZ),
+                               handshake, 1, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     ssl->options.buildingMsg = 0;
     ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE;
 
@@ -7642,19 +7719,15 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
  * returns 0 on success, otherwise failure.
  */
 static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
-                                       int reqCtxLen)
+                                       word32 reqCtxLen)
 {
     byte*   output;
     int    ret;
     int    sendSz;
     word32 i;
-    word16 reqSz;
+    word32 reqSz;
     word16 hashSigAlgoSz = 0;
     SignatureAlgorithms* sa;
-    int haveSig = SIG_RSA | SIG_ECDSA | SIG_FALCON | SIG_DILITHIUM;
-#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-    haveSig |= SIG_SM2;
-#endif
 
     WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
     WOLFSSL_ENTER("SendTls13CertificateRequest");
@@ -7665,12 +7738,12 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
         return SIDE_ERROR;
 
     /* Get the length of the hashSigAlgo buffer */
-    InitSuitesHashSigAlgo_ex2(NULL, haveSig, 1, ssl->buffers.keySz,
+    InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, ssl->buffers.keySz,
         &hashSigAlgoSz);
     sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap);
     if (sa == NULL)
         return MEMORY_ERROR;
-    InitSuitesHashSigAlgo_ex2(sa->hashSigAlgo, haveSig, 1, ssl->buffers.keySz,
+    InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, ssl->buffers.keySz,
         &hashSigAlgoSz);
     ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap);
     if (ret != 0) {
@@ -7689,7 +7762,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
     if (ret != 0)
         return ret;
 
-    sendSz = i + reqSz;
+    sendSz = (int)(i + reqSz);
     /* Always encrypted and make room for padding. */
     sendSz += MAX_MSG_EXTRA;
 
@@ -7734,7 +7807,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
 
     /* Always encrypted. */
     sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               i - RECORD_HEADER_SZ, handshake, 1, 0, 0);
+                               (int)(i - RECORD_HEADER_SZ), handshake, 1, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
@@ -7749,7 +7822,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     ssl->options.buildingMsg = 0;
     if (!ssl->options.groupMessages)
         ret = SendBuffered(ssl);
@@ -7764,7 +7837,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
 
 #ifndef NO_CERTS
 #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
-    defined(HAVE_ED448) || defined(HAVE_PQC)
+    defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
 /* Encode the signature algorithm into buffer.
  *
  * hashalgo  The hash algorithm.
@@ -7809,8 +7882,7 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
             output[1] = hashAlgo;
             break;
 #endif
-#ifdef HAVE_PQC
-        #ifdef HAVE_FALCON
+#ifdef HAVE_FALCON
         case falcon_level1_sa_algo:
             output[0] = FALCON_LEVEL1_SA_MAJOR;
             output[1] = FALCON_LEVEL1_SA_MINOR;
@@ -7819,8 +7891,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
             output[0] = FALCON_LEVEL5_SA_MAJOR;
             output[1] = FALCON_LEVEL5_SA_MINOR;
             break;
-        #endif
-        #ifdef HAVE_DILITHIUM
+#endif
+#ifdef HAVE_DILITHIUM
         case dilithium_level2_sa_algo:
             output[0] = DILITHIUM_LEVEL2_SA_MAJOR;
             output[1] = DILITHIUM_LEVEL2_SA_MINOR;
@@ -7833,13 +7905,122 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
             output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
             output[1] = DILITHIUM_LEVEL5_SA_MINOR;
             break;
-        #endif
 #endif
         default:
             break;
     }
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* These match up with what the OQS team has defined. */
+#define HYBRID_SA_MAJOR 0xFE
+#define HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR    0xA1
+#define HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR 0xA2
+#define HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR    0xA4
+#define HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR    0xA6
+#define HYBRID_P256_FALCON_LEVEL1_SA_MINOR       0xAF
+#define HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR    0xB0
+#define HYBRID_P521_FALCON_LEVEL5_SA_MINOR       0xB2
+
+/* Custom defined ones for PQC first */
+#define HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR    0xD1
+#define HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR 0xD2
+#define HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR    0xD3
+#define HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR    0xD4
+#define HYBRID_FALCON_LEVEL1_P256_SA_MINOR       0xD5
+#define HYBRID_FALCON_LEVEL1_RSA3072_SA_MINOR    0xD6
+#define HYBRID_FALCON_LEVEL5_P521_SA_MINOR       0xD7
+
+
+static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
+{
+    /* Initialize output to error indicator. */
+    output[0] = 0x0;
+    output[1] = 0x0;
+
+    if (sigAlg == ecc_dsa_sa_algo && altSigAlg == dilithium_level2_sa_algo) {
+        output[1] = HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR;
+    }
+    else if (sigAlg == rsa_pss_sa_algo &&
+             altSigAlg == dilithium_level2_sa_algo) {
+        output[1] = HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo &&
+             altSigAlg == dilithium_level3_sa_algo) {
+        output[1] = HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo &&
+             altSigAlg == dilithium_level5_sa_algo) {
+        output[1] = HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo &&
+             altSigAlg == falcon_level1_sa_algo) {
+        output[1] = HYBRID_P256_FALCON_LEVEL1_SA_MINOR;
+    }
+    else if (sigAlg == rsa_pss_sa_algo &&
+             altSigAlg == falcon_level1_sa_algo) {
+        output[1] = HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR;
+    }
+    else if (sigAlg == ecc_dsa_sa_algo &&
+             altSigAlg == falcon_level5_sa_algo) {
+        output[1] = HYBRID_P521_FALCON_LEVEL5_SA_MINOR;
+    }
+    else if (sigAlg == dilithium_level2_sa_algo &&
+             altSigAlg == ecc_dsa_sa_algo) {
+        output[1] = HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR;
+    }
+    else if (sigAlg == dilithium_level2_sa_algo &&
+             altSigAlg == rsa_pss_sa_algo) {
+        output[1] = HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR;
+    }
+    else if (sigAlg == dilithium_level3_sa_algo &&
+             altSigAlg == ecc_dsa_sa_algo) {
+        output[1] = HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR;
+    }
+    else if (sigAlg == dilithium_level5_sa_algo &&
+             altSigAlg == ecc_dsa_sa_algo) {
+        output[1] = HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR;
+    }
+    else if (sigAlg == falcon_level1_sa_algo &&
+             altSigAlg == ecc_dsa_sa_algo) {
+        output[1] = HYBRID_FALCON_LEVEL1_P256_SA_MINOR;
+    }
+    else if (sigAlg == falcon_level1_sa_algo &&
+             altSigAlg == rsa_pss_sa_algo) {
+        output[1] = HYBRID_FALCON_LEVEL1_RSA3072_SA_MINOR;
+    }
+    else if (sigAlg == falcon_level5_sa_algo &&
+             altSigAlg == ecc_dsa_sa_algo) {
+        output[1] = HYBRID_FALCON_LEVEL5_P521_SA_MINOR;
+    }
+
+    if (output[1] != 0x0) {
+        output[0] = HYBRID_SA_MAJOR;
+    }
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+static enum wc_MACAlgorithm GetNewSAHashAlgo(int typeIn)
+{
+    switch (typeIn) {
+        case RSA_PSS_RSAE_SHA256_MINOR:
+        case RSA_PSS_PSS_SHA256_MINOR:
+            return sha256_mac;
+
+        case RSA_PSS_RSAE_SHA384_MINOR:
+        case RSA_PSS_PSS_SHA384_MINOR:
+            return sha384_mac;
+
+        case RSA_PSS_RSAE_SHA512_MINOR:
+        case RSA_PSS_PSS_SHA512_MINOR:
+        case ED25519_SA_MINOR:
+        case ED448_SA_MINOR:
+            return sha512_mac;
+        default:
+            return no_mac;
+    }
+}
+
 /* Decode the signature algorithm.
  *
  * input     The encoded signature algorithm.
@@ -7864,17 +8045,23 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
             break;
     #endif
         case NEW_SA_MAJOR:
-            /* PSS signatures: 0x080[4-6] */
-            if (input[1] >= sha256_mac && input[1] <= sha512_mac) {
+            *hashAlgo = GetNewSAHashAlgo(input[1]);
+
+            /* PSS encryption: 0x080[4-6] */
+            if (input[1] >= RSA_PSS_RSAE_SHA256_MINOR &&
+                    input[1] <= RSA_PSS_RSAE_SHA512_MINOR) {
+                *hsType   = input[0];
+            }
+            /* PSS signature: 0x080[9-B] */
+            else if (input[1] >= RSA_PSS_PSS_SHA256_MINOR &&
+                    input[1] <= RSA_PSS_PSS_SHA512_MINOR) {
                 *hsType   = input[0];
-                *hashAlgo = input[1];
             }
     #ifdef HAVE_ED25519
             /* ED25519: 0x0807 */
             else if (input[1] == ED25519_SA_MINOR) {
                 *hsType = ed25519_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
-                *hashAlgo = sha512_mac;
             }
     #endif
     #ifdef HAVE_ED448
@@ -7882,15 +8069,13 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
             else if (input[1] == ED448_SA_MINOR) {
                 *hsType = ed448_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
-                *hashAlgo = sha512_mac;
             }
     #endif
             else
                 ret = INVALID_PARAMETER;
             break;
-#ifdef HAVE_PQC
-        case PQC_SA_MAJOR:
 #if defined(HAVE_FALCON)
+        case FALCON_SA_MAJOR:
             if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                 *hsType = falcon_level1_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
@@ -7901,8 +8086,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                 *hashAlgo = sha512_mac;
             }
             else
+                ret = INVALID_PARAMETER;
+            break;
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+        case DILITHIUM_SA_MAJOR:
             if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                 *hsType = dilithium_level2_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
@@ -7917,12 +8105,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                 *hashAlgo = sha512_mac;
             }
             else
-#endif /* HAVE_DILITHIUM */
             {
                 ret = INVALID_PARAMETER;
             }
             break;
-#endif
+#endif /* HAVE_DILITHIUM */
         default:
             *hashAlgo = input[0];
             *hsType   = input[1];
@@ -7932,6 +8119,100 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
     return ret;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Decode the hybrid signature algorithm.
+ *
+ * input     The encoded signature algorithm.
+ * hashalgo  The hash algorithm.
+ * hsType    The signature type.
+ * returns INVALID_PARAMETER if not recognized and 0 otherwise.
+ */
+static WC_INLINE int DecodeTls13HybridSigAlg(byte* input, byte* hashAlg,
+                                             byte *sigAlg, byte *altSigAlg)
+{
+
+    if (input[0] != HYBRID_SA_MAJOR) {
+        return INVALID_PARAMETER;
+    }
+
+    if (input[1] == HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = dilithium_level2_sa_algo;
+    }
+    else if (input[1] == HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR) {
+        *sigAlg = rsa_pss_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = dilithium_level2_sa_algo;
+    }
+    else if (input[1] == HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = sha384_mac;
+        *altSigAlg = dilithium_level3_sa_algo;
+    }
+    else if (input[1] == HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = sha512_mac;
+        *altSigAlg = dilithium_level5_sa_algo;
+    }
+    else if (input[1] == HYBRID_P256_FALCON_LEVEL1_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = falcon_level1_sa_algo;
+    }
+    else if (input[1] == HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR) {
+        *sigAlg = rsa_pss_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = falcon_level1_sa_algo;
+    }
+    else if (input[1] == HYBRID_P521_FALCON_LEVEL5_SA_MINOR) {
+        *sigAlg = ecc_dsa_sa_algo;
+        *hashAlg = sha512_mac;
+        *altSigAlg = falcon_level5_sa_algo;
+    }
+    else if (input[1] == HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR) {
+        *sigAlg = dilithium_level2_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = ecc_dsa_sa_algo;
+    }
+    else if (input[1] == HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR) {
+        *sigAlg = dilithium_level2_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = rsa_pss_sa_algo;
+    }
+    else if (input[1] == HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR) {
+        *sigAlg = dilithium_level3_sa_algo;
+        *hashAlg = sha384_mac;
+        *altSigAlg = ecc_dsa_sa_algo;
+    }
+    else if (input[1] == HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR) {
+        *sigAlg = dilithium_level5_sa_algo;
+        *hashAlg = sha512_mac;
+        *altSigAlg = ecc_dsa_sa_algo;
+    }
+    else if (input[1] == HYBRID_FALCON_LEVEL1_P256_SA_MINOR) {
+        *sigAlg = falcon_level1_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = ecc_dsa_sa_algo;
+    }
+    else if (input[1] == HYBRID_FALCON_LEVEL1_RSA3072_SA_MINOR) {
+        *sigAlg = falcon_level1_sa_algo;
+        *hashAlg = sha256_mac;
+        *altSigAlg = rsa_pss_sa_algo;
+    }
+    else if (input[1] == HYBRID_FALCON_LEVEL5_P521_SA_MINOR) {
+        *sigAlg = falcon_level5_sa_algo;
+        *hashAlg = sha512_mac;
+        *altSigAlg = ecc_dsa_sa_algo;
+    }
+    else {
+        return INVALID_PARAMETER;
+    }
+
+    return 0;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Get the hash of the messages so far.
  *
  * ssl   The SSL/TLS object.
@@ -8037,7 +8318,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
 {
     Digest digest;
     int    hashSz = 0;
-    int    ret = BAD_FUNC_ARG;
+    int    ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     byte*  hash;
 
     (void)sigAlgo;
@@ -8050,7 +8331,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
         case sha256_mac:
             ret = wc_InitSha256(&digest.sha256);
             if (ret == 0) {
-                ret = wc_Sha256Update(&digest.sha256, sigData, sigDataSz);
+                ret = wc_Sha256Update(&digest.sha256, sigData, (word32)sigDataSz);
                 if (ret == 0)
                     ret = wc_Sha256Final(&digest.sha256, hash);
                 wc_Sha256Free(&digest.sha256);
@@ -8062,7 +8343,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
         case sha384_mac:
             ret = wc_InitSha384(&digest.sha384);
             if (ret == 0) {
-                ret = wc_Sha384Update(&digest.sha384, sigData, sigDataSz);
+                ret = wc_Sha384Update(&digest.sha384, sigData, (word32)sigDataSz);
                 if (ret == 0)
                     ret = wc_Sha384Final(&digest.sha384, hash);
                 wc_Sha384Free(&digest.sha384);
@@ -8074,7 +8355,7 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
         case sha512_mac:
             ret = wc_InitSha512(&digest.sha512);
             if (ret == 0) {
-                ret = wc_Sha512Update(&digest.sha512, sigData, sigDataSz);
+                ret = wc_Sha512Update(&digest.sha512, sigData, (word32)sigDataSz);
                 if (ret == 0)
                     ret = wc_Sha512Final(&digest.sha512, hash);
                 wc_Sha512Free(&digest.sha512);
@@ -8082,6 +8363,10 @@ int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
             hashSz = WC_SHA512_DIGEST_SIZE;
             break;
 #endif
+       default:
+            ret = BAD_FUNC_ARG;
+            break;
+
     }
 
     if (ret != 0)
@@ -8103,7 +8388,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
 {
     Digest digest;
     int    hashSz = 0;
-    int    ret = BAD_FUNC_ARG;
+    int    ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Digest the signature data. */
     switch (hashAlgo) {
@@ -8111,7 +8396,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
         case sha256_mac:
             ret = wc_InitSha256(&digest.sha256);
             if (ret == 0) {
-                ret = wc_Sha256Update(&digest.sha256, sigData, sigDataSz);
+                ret = wc_Sha256Update(&digest.sha256, sigData, (word32)sigDataSz);
                 if (ret == 0)
                     ret = wc_Sha256Final(&digest.sha256, sigData);
                 wc_Sha256Free(&digest.sha256);
@@ -8123,7 +8408,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
         case sha384_mac:
             ret = wc_InitSha384(&digest.sha384);
             if (ret == 0) {
-                ret = wc_Sha384Update(&digest.sha384, sigData, sigDataSz);
+                ret = wc_Sha384Update(&digest.sha384, sigData, (word32)sigDataSz);
                 if (ret == 0)
                     ret = wc_Sha384Final(&digest.sha384, sigData);
                 wc_Sha384Free(&digest.sha384);
@@ -8135,7 +8420,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
         case sha512_mac:
             ret = wc_InitSha512(&digest.sha512);
             if (ret == 0) {
-                ret = wc_Sha512Update(&digest.sha512, sigData, sigDataSz);
+                ret = wc_Sha512Update(&digest.sha512, sigData, (word32)sigDataSz);
                 if (ret == 0)
                     ret = wc_Sha512Final(&digest.sha512, sigData);
                 wc_Sha512Free(&digest.sha512);
@@ -8144,6 +8429,7 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
             break;
 #endif
         default:
+            ret = BAD_FUNC_ARG;
             break;
     }
 
@@ -8189,7 +8475,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo,
                                   sigAlgo, hashAlgo);
         if (ret < 0)
             return ret;
-        sigSz = ret;
+        sigSz = (word32)ret;
 
         ret = wc_RsaPSS_CheckPadding(sigData, sigSz, decSig, decSigSz,
                                      hashType);
@@ -8230,6 +8516,75 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
     return len;
 }
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
+/* Write certificate status request into certificate to buffer.
+ *
+ * ssl       SSL/TLS object.
+ * certExts  DerBuffer array. buffers written
+ * extSz     word32 array.
+ *           Length of the certificate status request data for the certificate.
+ * extSz_num number of the CSR written
+ * extIdx    The index number of certificate status request data
+ *           for the certificate.
+ * offset    index offset
+ * returns   Total number of bytes written.
+ */
+static int WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts,
+                                word16* extSz,  word16 extSz_num)
+{
+    int    ret = 0;
+    TLSX* ext;
+    CertificateStatusRequest* csr;
+    word32 ex_offset = HELLO_EXT_TYPE_SZ + OPAQUE16_LEN /* extension type */
+                    + OPAQUE16_LEN /* extension length */;
+    word32 totalSz = 0;
+    word32 tmpSz;
+    word32 extIdx;
+    DerBuffer* der;
+
+    ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    csr = ext ? (CertificateStatusRequest*)ext->data : NULL;
+
+    if (csr) {
+        for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) {
+            tmpSz = TLSX_CSR_GetSize_ex(csr, 0, (int)extIdx);
+
+            if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) &&
+                certExts[extIdx] == NULL) {
+                /* csr extension is not zero */
+                extSz[extIdx] = tmpSz;
+
+                ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset,
+                                                    CERT_TYPE, ssl->heap);
+                if (ret < 0)
+                    return ret;
+                der = certExts[extIdx];
+
+                /* write extension type */
+                c16toa(ext->type, der->buffer
+                                + OPAQUE16_LEN);
+                /* writes extension data length. */
+                c16toa(extSz[extIdx], der->buffer
+                            + HELLO_EXT_TYPE_SZ + OPAQUE16_LEN);
+                /* write extension data */
+                extSz[extIdx] = (word16)TLSX_CSR_Write_ex(csr,
+                        der->buffer + ex_offset, 0, extIdx);
+                /* add extension offset */
+                extSz[extIdx] += (word16)ex_offset;
+                /* extension length */
+                c16toa(extSz[extIdx] - OPAQUE16_LEN,
+                            der->buffer);
+            }
+            totalSz += extSz[extIdx];
+        }
+    }
+    else {
+        /* chain cert empty extension size */
+        totalSz += OPAQUE16_LEN * extSz_num;
+    }
+    return (int)totalSz;
+}
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
 /* Add certificate data and empty extension to output up to the fragment size.
  *
  * ssl     SSL/TLS object.
@@ -8239,10 +8594,11 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
  * idx     The start of the certificate data to write out.
  * fragSz  The maximum size of this fragment.
  * output  The buffer to write to.
+ * extIdx  The index number of the extension data with the certificate
  * returns the number of bytes written.
  */
 static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz,
-                         word32 idx, word32 fragSz, byte* output)
+                         word32 idx, word32 fragSz, byte* output, word16 extIdx)
 {
     word32 i = 0;
     word32 copySz = min(len - idx, fragSz);
@@ -8263,7 +8619,7 @@ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz,
         }
     }
     else {
-        byte* certExts = ssl->buffers.certExts->buffer + idx + i - len;
+        byte* certExts = ssl->buffers.certExts[extIdx]->buffer + idx + i - len;
         /* Put out as much of the extensions' data as will fit in fragment. */
         if (copySz > fragSz - i)
             copySz = fragSz - i;
@@ -8285,13 +8641,16 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 {
     int    ret = 0;
     word32 certSz, certChainSz, headerSz, listSz, payloadSz;
-    word16 extSz = 0;
-    word32 length, maxFragment;
+    word16 extSz[MAX_CERT_EXTENSIONS];
+    word16 extIdx = 0;
+    word32 maxFragment;
+    word32 totalextSz = 0;
     word32 len = 0;
     word32 idx = 0;
     word32 offset = OPAQUE16_LEN;
     byte*  p = NULL;
     byte   certReqCtxLen = 0;
+    sword32 length;
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
     byte*  certReqCtx = NULL;
 #endif
@@ -8304,6 +8663,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
     WOLFSSL_ENTER("SendTls13Certificate");
 
+    XMEMSET(extSz, 0, sizeof(extSz));
+
     ssl->options.buildingMsg = 1;
 
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
@@ -8333,48 +8694,55 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         certSz = 0;
         certChainSz = 0;
         headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ;
-        length = headerSz;
+        length = (sword32)headerSz;
         listSz = 0;
     }
     else {
-        if (!ssl->buffers.certificate) {
+        if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) {
             WOLFSSL_MSG("Send Cert missing certificate buffer");
-            return BUFFER_ERROR;
+            return NO_CERT_ERROR;
         }
         /* Certificate Data */
         certSz = ssl->buffers.certificate->length;
         /* Cert Req Ctx Len | Cert Req Ctx | Cert List Len | Cert Data Len */
         headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ +
                    CERT_HEADER_SZ;
+        /* set empty extension as default */
+        for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++)
+            extSz[extIdx] = OPAQUE16_LEN;
 
-        ret = TLSX_GetResponseSize(ssl, certificate, &extSz);
-        if (ret < 0)
-            return ret;
-
-        /* Create extensions' data if none already present. */
-        if (extSz > OPAQUE16_LEN && ssl->buffers.certExts == NULL) {
-            ret = AllocDer(&ssl->buffers.certExts, extSz, CERT_TYPE, ssl->heap);
-            if (ret < 0)
-                return ret;
-
-            extSz = 0;
-            ret = TLSX_WriteResponse(ssl, ssl->buffers.certExts->buffer,
-                                                           certificate, &extSz);
+    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
+        /* We only send CSR on the server side. On client side, the CSR data
+         * is populated with the server response. We would be sending the server
+         * its own stapling data. */
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0],
+                    1 /* +1 for leaf */ + ssl->buffers.certChainCnt);
             if (ret < 0)
                 return ret;
+            totalextSz += ret;
+            ret = 0; /* Clear to signal no error */
+        }
+        else
+    #endif
+        {
+            /* Leaf cert empty extension size */
+            totalextSz += OPAQUE16_LEN;
+            /* chain cert empty extension size */
+            totalextSz += OPAQUE16_LEN * ssl->buffers.certChainCnt;
         }
 
         /* Length of message data with one certificate and extensions. */
-        length = headerSz + certSz + extSz;
+        length = (sword32)(headerSz + certSz + totalextSz);
         /* Length of list data with one certificate and extensions. */
-        listSz = CERT_HEADER_SZ + certSz + extSz;
+        listSz = CERT_HEADER_SZ + certSz + totalextSz;
 
         /* Send rest of chain if sending cert (chain has leading size/s). */
         if (certSz > 0 && ssl->buffers.certChainCnt > 0) {
             p = ssl->buffers.certChain->buffer;
             /* Chain length including extensions. */
-            certChainSz = ssl->buffers.certChain->length +
-                          OPAQUE16_LEN * ssl->buffers.certChainCnt;
+            certChainSz = ssl->buffers.certChain->length;
+
             length += certChainSz;
             listSz += certChainSz;
         }
@@ -8382,12 +8750,14 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             certChainSz = 0;
     }
 
-    payloadSz = length;
+    payloadSz = (word32)length;
 
     if (ssl->fragOffset != 0)
         length -= (ssl->fragOffset + headerSz);
 
-    maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
+    maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
+
+    extIdx = 0;
 
     while (length > 0 && ret == 0) {
         byte*  output = NULL;
@@ -8403,15 +8773,15 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 */
 
         if (ssl->fragOffset == 0) {
-            if (headerSz + certSz + extSz + certChainSz <=
+            if (headerSz + certSz + totalextSz + certChainSz <=
                                             maxFragment - HANDSHAKE_HEADER_SZ) {
-                fragSz = headerSz + certSz + extSz + certChainSz;
+                fragSz = headerSz + certSz + totalextSz + certChainSz;
             }
 #ifdef WOLFSSL_DTLS13
             else if (ssl->options.dtls){
                 /* short-circuit the fragmentation logic here. DTLS
                    fragmentation will be done in dtls13HandshakeSend() */
-                fragSz = headerSz + certSz + extSz + certChainSz;
+                fragSz = headerSz + certSz + totalextSz + certChainSz;
             }
 #endif /* WOLFSSL_DTLS13 */
             else {
@@ -8428,7 +8798,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 */
         }
         else {
-            fragSz = min(length, maxFragment);
+            fragSz = min((word32)length, maxFragment);
             sendSz += fragSz;
         }
 
@@ -8470,20 +8840,23 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         else
             AddTls13RecordHeader(output, fragSz, handshake, ssl);
 
-        if (certSz > 0 && ssl->fragOffset < certSz + extSz) {
-            /* Put in the leaf certificate with extensions. */
-            word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
-                            certSz, extSz, ssl->fragOffset, fragSz, output + i);
-            i += copySz;
-            ssl->fragOffset += copySz;
-            length -= copySz;
-            fragSz -= copySz;
-            if (ssl->fragOffset == certSz + extSz)
-                FreeDer(&ssl->buffers.certExts);
+        if (extIdx == 0) {
+            if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) {
+                /* Put in the leaf certificate with extensions. */
+                word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
+                                certSz, extSz[0], ssl->fragOffset, fragSz,
+                                output + i, 0);
+                i += copySz;
+                ssl->fragOffset += copySz;
+                length -= copySz;
+                fragSz -= copySz;
+                if (ssl->fragOffset == certSz + extSz[0])
+                    FreeDer(&ssl->buffers.certExts[0]);
+            }
         }
         if (certChainSz > 0 && fragSz > 0) {
-            /* Put in the CA certificates with empty extensions. */
-            while (fragSz > 0) {
+             /* Put in the CA certificates with extensions. */
+             while (fragSz > 0) {
                 word32 l;
 
                 if (offset == len + OPAQUE16_LEN) {
@@ -8492,19 +8865,30 @@ static int SendTls13Certificate(WOLFSSL* ssl)
                     /* Point to the start of current cert in chain buffer. */
                     p = ssl->buffers.certChain->buffer + idx;
                     len = NextCert(ssl->buffers.certChain->buffer,
-                                   ssl->buffers.certChain->length, &idx);
+                            ssl->buffers.certChain->length, &idx);
                     if (len == 0)
                         break;
+                #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+                        !defined(NO_WOLFSSL_SERVER)
+                    if (MAX_CERT_EXTENSIONS > extIdx)
+                        extIdx++;
+                #endif
                 }
-
-                /* Write out certificate and empty extension. */
-                l = AddCertExt(ssl, p, len, OPAQUE16_LEN, offset, fragSz,
-                                                                    output + i);
+                /* Write out certificate and extension. */
+                l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz,
+                                                       output + i, extIdx);
                 i += l;
                 ssl->fragOffset += l;
                 length -= l;
                 fragSz -= l;
                 offset += l;
+
+                if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS &&
+                    ssl->buffers.certExts[extIdx] != NULL &&
+                                offset == len + extSz[extIdx])
+                    FreeDer(&ssl->buffers.certExts[extIdx]);
+                /* for next chain cert */
+                len += extSz[extIdx] - OPAQUE16_LEN;
             }
         }
 
@@ -8526,7 +8910,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         {
             /* This message is always encrypted. */
             sendSz = BuildTls13Message(ssl, output, sendSz,
-                output + RECORD_HEADER_SZ, i - RECORD_HEADER_SZ, handshake, 1,
+                output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ),
+                handshake, 1,
                 0, 0);
             if (sendSz < 0)
                 return sendSz;
@@ -8542,14 +8927,14 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             }
 #endif
 
-            ssl->buffers.outputBuffer.length += sendSz;
+            ssl->buffers.outputBuffer.length += (word32)sendSz;
             ssl->options.buildingMsg = 0;
             if (!ssl->options.groupMessages)
                 ret = SendBuffered(ssl);
         }
     }
 
-    if (ret != WANT_WRITE) {
+    if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) {
         /* Clean up the fragment offset. */
         ssl->options.buildingMsg = 0;
         ssl->fragOffset = 0;
@@ -8572,7 +8957,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 }
 
 #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
-     defined(HAVE_ED448) || defined(HAVE_PQC)) && \
+     defined(HAVE_ED448) || defined(HAVE_FALCON) || \
+     defined(HAVE_DILITHIUM)) && \
     (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
 typedef struct Scv13Args {
     byte*  output; /* not allocated */
@@ -8585,6 +8971,16 @@ typedef struct Scv13Args {
     byte   sigAlgo;
     byte*  sigData;
     word16 sigDataSz;
+#ifndef NO_RSA
+    byte*  toSign; /* not allocated */
+    word32 toSignSz;
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte   altSigAlgo;
+    word32 altSigLen;    /* Only used in the case of both native and alt. */
+    byte*  altSigData;
+    word16 altSigDataSz;
+#endif
 } Scv13Args;
 
 static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
@@ -8597,6 +8993,12 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
         XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
         args->sigData = NULL;
     }
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (args && args->altSigData != NULL) {
+        XFREE(args->altSigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+        args->altSigData = NULL;
+    }
+#endif
 }
 
 /* handle generation TLS v1.3 certificate_verify (15) */
@@ -8612,7 +9014,10 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
 static int SendTls13CertificateVerify(WOLFSSL* ssl)
 {
     int ret = 0;
-    buffer* sig = &ssl->buffers.sig;
+#ifndef NO_RSA
+    /* Use this as a temporary buffer for RSA signature verification. */
+    buffer* rsaSigBuf = &ssl->buffers.sig;
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     Scv13Args* args = NULL;
     WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args);
@@ -8627,11 +9032,15 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND);
     WOLFSSL_ENTER("SendTls13CertificateVerify");
 
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+#endif
+
     ssl->options.buildingMsg = 1;
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13SendCertVerify(ssl);
-    if (ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         goto exit_scv;
     }
     ret = 0;
@@ -8657,7 +9066,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
     args = (Scv13Args*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_scv;
@@ -8679,10 +9088,14 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         case TLS_ASYNC_BEGIN:
         {
             if (ssl->options.sendVerify == SEND_BLANK_CERT) {
+            #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+                wolfssl_priv_der_unblind(ssl->buffers.key,
+                    ssl->buffers.keyMask);
+            #endif
                 return 0;  /* sent blank cert, can't verify */
             }
 
-            args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
+            args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
             /* Always encrypted.  */
             args->sendSz += MAX_MSG_EXTRA;
 
@@ -8701,9 +9114,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
 
         case TLS_ASYNC_BUILD:
         {
-            int rem = ssl->buffers.outputBuffer.bufferSize
+            int rem = (int)(ssl->buffers.outputBuffer.bufferSize
               - ssl->buffers.outputBuffer.length
-              - RECORD_HEADER_SZ - HANDSHAKE_HEADER_SZ;
+              - RECORD_HEADER_SZ - HANDSHAKE_HEADER_SZ);
 
             /* idx is used to track verify pointer offset to output */
             args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@@ -8721,22 +9134,47 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->buffers.key == NULL) {
             #ifdef HAVE_PK_CALLBACKS
                 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
-                    args->length = (word16)GetPrivateKeySigSize(ssl);
+                    args->sigLen = (word16)GetPrivateKeySigSize(ssl);
                 else
             #endif
                     ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
             }
             else {
-                ret = DecodePrivateKey(ssl, &args->length);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
+                    /* In the case of alternative, we swap in the alt. */
+                    if (ssl->buffers.altKey == NULL) {
+                        ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
+                    }
+                    ssl->buffers.keyType = ssl->buffers.altKeyType;
+                    ssl->buffers.keySz = ssl->buffers.altKeySz;
+                    /* If we own it, free key before overriding it. */
+                    if (ssl->buffers.weOwnKey) {
+                        FreeDer(&ssl->buffers.key);
+                    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+                        FreeDer(&ssl->buffers.keyMask);
+                    #endif
+                    }
+
+                    /* Swap keys */
+                    ssl->buffers.key     = ssl->buffers.altKey;
+                #ifdef WOLFSSL_BLIND_PRIVATE_KEY
+                    ssl->buffers.keyMask = ssl->buffers.altKeyMask;
+                #endif
+                    ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey;
+                }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                ret = DecodePrivateKey(ssl, &args->sigLen);
                 if (ret != 0)
                     goto exit_scv;
             }
 
-            if (rem < 0 || args->length > rem) {
+            if (rem < 0 || (int)args->sigLen > rem) {
                 ERROR_OUT(BUFFER_E, exit_scv);
             }
 
-            if (args->length == 0) {
+            if (args->sigLen == 0) {
                 ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
             }
 
@@ -8764,99 +9202,140 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             else if (ssl->hsType == DYNAMIC_TYPE_ED448)
                 args->sigAlgo = ed448_sa_algo;
         #endif
-        #if defined(HAVE_PQC)
-            #if defined(HAVE_FALCON)
+        #if defined(HAVE_FALCON)
             else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
-                falcon_key* fkey = (falcon_key*)ssl->hsKey;
-                byte level = 0;
-                if (wc_falcon_get_level(fkey, &level) != 0) {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
-                if (level == 1) {
-                    args->sigAlgo = falcon_level1_sa_algo;
-                }
-                else if (level == 5) {
-                    args->sigAlgo = falcon_level5_sa_algo;
-                }
-                else {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
+                args->sigAlgo = ssl->buffers.keyType;
             }
-            #endif /* HAVE_FALCON */
-            #if defined(HAVE_DILITHIUM)
+        #endif /* HAVE_FALCON */
+        #if defined(HAVE_DILITHIUM)
             else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
-                dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
-                byte level = 0;
-                if (wc_dilithium_get_level(fkey, &level) != 0) {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
-                if (level == 2) {
-                    args->sigAlgo = dilithium_level2_sa_algo;
-                }
-                else if (level == 3) {
-                    args->sigAlgo = dilithium_level3_sa_algo;
-                }
-                else if (level == 5) {
-                    args->sigAlgo = dilithium_level5_sa_algo;
-                }
-                else {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
+                args->sigAlgo = ssl->buffers.keyType;
             }
-            #endif /* HAVE_DILITHIUM */
-        #endif /* HAVE_PQC */
+        #endif /* HAVE_DILITHIUM */
             else {
                 ERROR_OUT(ALGO_ID_E, exit_scv);
             }
-            EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo, args->verify);
 
-            if (args->sigData == NULL) {
-                if (ssl->hsType == DYNAMIC_TYPE_RSA) {
-                    int sigLen = MAX_SIG_DATA_SZ;
-                    if (args->length > MAX_SIG_DATA_SZ)
-                        sigLen = args->length;
-                    args->sigData = (byte*)XMALLOC(sigLen, ssl->heap,
-                                                            DYNAMIC_TYPE_SIGNATURE);
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->peerSigSpec == NULL) {
+                /* The peer did not respond. We didn't send CKS or they don't
+                 * support it. Either way, we do not need to handle dual
+                 * key/sig case. */
+                ssl->sigSpec = NULL;
+                ssl->sigSpecSz = 0;
+            }
+
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* The native was already decoded. Now we need to do the
+                 * alternative. Note that no swap was done because this case is
+                 * both native and alternative, not just alternative. */
+                if (ssl->ctx->altPrivateKey == NULL) {
+                    ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
+                }
+
+                /* After this call, args->altSigLen has the length we need for
+                 * the alternative signature. */
+                ret = DecodeAltPrivateKey(ssl, &args->altSigLen);
+                if (ret != 0)
+                    goto exit_scv;
+
+                if (ssl->buffers.altKeyType == ecc_dsa_sa_algo ||
+                    ssl->buffers.altKeyType == falcon_level1_sa_algo ||
+                    ssl->buffers.altKeyType == falcon_level5_sa_algo ||
+                    ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
+                    ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
+                    ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
+                    args->altSigAlgo = ssl->buffers.altKeyType;
+                }
+                else if (ssl->buffers.altKeyType == rsa_sa_algo &&
+                         ssl->hsAltType == DYNAMIC_TYPE_RSA) {
+                    args->altSigAlgo = rsa_pss_sa_algo;
                 }
                 else {
-                    args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                            DYNAMIC_TYPE_SIGNATURE);
+                    ERROR_OUT(ALGO_ID_E, exit_scv);
                 }
+
+                EncodeDualSigAlg(args->sigAlgo, args->altSigAlgo, args->verify);
+                if (args->verify[0] == 0) {
+                    ERROR_OUT(ALGO_ID_E, exit_scv);
+                }
+            }
+            else
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+                EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo,
+                             args->verify);
+
+            if (args->sigData == NULL) {
+                word32 sigLen = MAX_SIG_DATA_SZ;
+                if ((ssl->hsType == DYNAMIC_TYPE_RSA) &&
+                    (args->sigLen > MAX_SIG_DATA_SZ)) {
+                    /* We store the RSA signature in the sigData buffer
+                     * temporarily, hence its size must be fitting. */
+                    sigLen = args->sigLen;
+                }
+                args->sigData = (byte*)XMALLOC(sigLen, ssl->heap,
+                                                    DYNAMIC_TYPE_SIGNATURE);
                 if (args->sigData == NULL) {
                     ERROR_OUT(MEMORY_E, exit_scv);
                 }
             }
 
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if ((ssl->sigSpec != NULL) &&
+                (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) &&
+                (args->altSigData == NULL)) {
+                word32 sigLen = MAX_SIG_DATA_SZ;
+                if (ssl->hsAltType == DYNAMIC_TYPE_RSA &&
+                    args->altSigLen > MAX_SIG_DATA_SZ) {
+                    /* We store the RSA signature in the sigData buffer
+                     * temporarily, hence its size must be fitting. */
+                    sigLen = args->altSigLen;
+                }
+                args->altSigData = (byte*)XMALLOC(sigLen, ssl->heap,
+                                                    DYNAMIC_TYPE_SIGNATURE);
+                if (args->altSigData == NULL) {
+                    ERROR_OUT(MEMORY_E, exit_scv);
+                }
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             /* Create the data to be signed. */
             ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 0);
             if (ret != 0)
                 goto exit_scv;
 
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if ((ssl->sigSpec != NULL) &&
+                (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH)) {
+                XMEMCPY(args->altSigData, args->sigData, args->sigDataSz);
+                args->altSigDataSz = args->sigDataSz;
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
         #ifndef NO_RSA
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
                 /* build encoded signature buffer */
-                sig->length = WC_MAX_DIGEST_SIZE;
-                sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (sig->buffer == NULL) {
+                rsaSigBuf->length = WC_MAX_DIGEST_SIZE;
+                rsaSigBuf->buffer = (byte*)XMALLOC(rsaSigBuf->length, ssl->heap,
+                                                   DYNAMIC_TYPE_SIGNATURE);
+                if (rsaSigBuf->buffer == NULL) {
                     ERROR_OUT(MEMORY_E, exit_scv);
                 }
 
-                ret = CreateRSAEncodedSig(sig->buffer, args->sigData,
+                ret = CreateRSAEncodedSig(rsaSigBuf->buffer, args->sigData,
                     args->sigDataSz, args->sigAlgo, ssl->options.hashAlgo);
                 if (ret < 0)
                     goto exit_scv;
-                sig->length = ret;
+                rsaSigBuf->length = (unsigned int)ret;
                 ret = 0;
-
-                /* Maximum size of RSA Signature. */
-                args->sigLen = args->length;
             }
         #endif /* !NO_RSA */
         #ifdef HAVE_ECC
             if (ssl->hsType == DYNAMIC_TYPE_ECC) {
-                sig->length = args->sendSz - args->idx - HASH_SIG_SIZE -
-                              VERIFY_HEADER;
+                args->sigLen = (word32)args->sendSz - args->idx -
+                               HASH_SIG_SIZE -
+                               VERIFY_HEADER;
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                 if (ssl->buffers.keyType != sm2_sa_algo)
             #endif
@@ -8876,7 +9355,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 if (ret < 0) {
                     ERROR_OUT(ret, exit_scv);
                 }
-                sig->length = ED25519_SIG_SIZE;
+                args->sigLen = ED25519_SIG_SIZE;
             }
         #endif /* HAVE_ED25519 */
         #ifdef HAVE_ED448
@@ -8885,21 +9364,57 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 if (ret < 0) {
                     ERROR_OUT(ret, exit_scv);
                 }
-                sig->length = ED448_SIG_SIZE;
+                args->sigLen = ED448_SIG_SIZE;
             }
+
         #endif /* HAVE_ED448 */
-        #if defined(HAVE_PQC)
-            #if defined(HAVE_FALCON)
+        #if defined(HAVE_FALCON)
             if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
-                sig->length = FALCON_MAX_SIG_SIZE;
+                args->sigLen = FALCON_MAX_SIG_SIZE;
             }
-            #endif
-            #if defined(HAVE_DILITHIUM)
+        #endif /* HAVE_FALCON */
+        #if defined(HAVE_DILITHIUM)
             if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
-                sig->length = DILITHIUM_MAX_SIG_SIZE;
+                args->sigLen = DILITHIUM_MAX_SIG_SIZE;
             }
-            #endif
-        #endif /* HAVE_PQC */
+        #endif /* HAVE_DILITHIUM */
+
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+
+            #ifndef NO_RSA
+                if (ssl->hsAltType == DYNAMIC_TYPE_RSA) {
+                    /* build encoded signature buffer */
+                    rsaSigBuf->length = WC_MAX_DIGEST_SIZE;
+                    rsaSigBuf->buffer = (byte*)XMALLOC(rsaSigBuf->length,
+                                                       ssl->heap,
+                                                       DYNAMIC_TYPE_SIGNATURE);
+                    if (rsaSigBuf->buffer == NULL) {
+                        ERROR_OUT(MEMORY_E, exit_scv);
+                    }
+
+                    ret = CreateRSAEncodedSig(rsaSigBuf->buffer,
+                                    args->altSigData, args->altSigDataSz,
+                                    args->altSigAlgo, ssl->options.hashAlgo);
+                    if (ret < 0)
+                        goto exit_scv;
+                    rsaSigBuf->length = ret;
+                    ret = 0;
+                }
+            #endif /* !NO_RSA */
+            #ifdef HAVE_ECC
+                if (ssl->hsAltType == DYNAMIC_TYPE_ECC) {
+                    ret = CreateECCEncodedSig(args->altSigData,
+                            args->altSigDataSz, ssl->options.hashAlgo);
+                    if (ret < 0)
+                        goto exit_scv;
+                    args->altSigDataSz = (word16)ret;
+                    ret = 0;
+                }
+            #endif /* HAVE_ECC */
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_DO;
@@ -8908,21 +9423,30 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
 
         case TLS_ASYNC_DO:
         {
+            byte* sigOut = args->verify + HASH_SIG_SIZE + VERIFY_HEADER;
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* As we have two signatures in the message, we store
+                 * the length of each before the actual signature. This
+                 * is necessary, as we could have two algorithms with
+                 * variable length signatures. */
+                sigOut += OPAQUE16_LEN;
+            }
+        #endif
         #ifdef HAVE_ECC
             if (ssl->hsType == DYNAMIC_TYPE_ECC) {
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                 if (ssl->buffers.keyType == sm2_sa_algo) {
                     ret = Sm2wSm3Sign(ssl, TLS13_SM2_SIG_ID,
                         TLS13_SM2_SIG_ID_SZ, args->sigData, args->sigDataSz,
-                        args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                        (word32*)&sig->length, (ecc_key*)ssl->hsKey, NULL);
+                        sigOut, &args->sigLen, (ecc_key*)ssl->hsKey, NULL);
                 }
                 else
             #endif
                 {
                     ret = EccSign(ssl, args->sigData, args->sigDataSz,
-                        args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                        (word32*)&sig->length, (ecc_key*)ssl->hsKey,
+                        sigOut, &args->sigLen, (ecc_key*)ssl->hsKey,
                 #ifdef HAVE_PK_CALLBACKS
                         ssl->buffers.key
                 #else
@@ -8930,71 +9454,72 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 #endif
                     );
                 }
-                args->length = (word16)sig->length;
+                args->length = (word16)args->sigLen;
             }
         #endif /* HAVE_ECC */
         #ifdef HAVE_ED25519
             if (ssl->hsType == DYNAMIC_TYPE_ED25519) {
                 ret = Ed25519Sign(ssl, args->sigData, args->sigDataSz,
-                    args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                    (word32*)&sig->length, (ed25519_key*)ssl->hsKey,
+                    sigOut, &args->sigLen, (ed25519_key*)ssl->hsKey,
             #ifdef HAVE_PK_CALLBACKS
                     ssl->buffers.key
             #else
                     NULL
             #endif
                 );
-                args->length = (word16)sig->length;
+                args->length = (word16)args->sigLen;
             }
         #endif
         #ifdef HAVE_ED448
             if (ssl->hsType == DYNAMIC_TYPE_ED448) {
                 ret = Ed448Sign(ssl, args->sigData, args->sigDataSz,
-                    args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                    (word32*)&sig->length, (ed448_key*)ssl->hsKey,
+                    sigOut, &args->sigLen, (ed448_key*)ssl->hsKey,
             #ifdef HAVE_PK_CALLBACKS
                     ssl->buffers.key
             #else
                     NULL
             #endif
                 );
-                args->length = (word16)sig->length;
+                args->length = (word16)args->sigLen;
             }
         #endif
-        #if defined(HAVE_PQC)
-            #if defined(HAVE_FALCON)
+        #if defined(HAVE_FALCON)
             if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
                 ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
-                                         args->verify + HASH_SIG_SIZE +
-                                         VERIFY_HEADER, (word32*)&sig->length,
-                                         (falcon_key*)ssl->hsKey);
-                args->length = (word16)sig->length;
+                                         sigOut, &args->sigLen,
+                                         (falcon_key*)ssl->hsKey, ssl->rng);
+                args->length = (word16)args->sigLen;
             }
-            #endif
-            #if defined(HAVE_DILITHIUM)
+        #endif /* HAVE_FALCON */
+        #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
             if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
-                ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
-                                         args->verify + HASH_SIG_SIZE +
-                                         VERIFY_HEADER, (word32*)&sig->length,
-                                         (dilithium_key*)ssl->hsKey);
-                args->length = (word16)sig->length;
+                ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData,
+                                                args->sigDataSz, sigOut,
+                                                &args->sigLen,
+                                                (dilithium_key*)ssl->hsKey,
+                                                ssl->rng);
+                args->length = (word16)args->sigLen;
             }
-            #endif
-        #endif /* HAVE_PQC */
+        #endif /* HAVE_DILITHIUM */
         #ifndef NO_RSA
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
-                ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
-                    args->verify + HASH_SIG_SIZE + VERIFY_HEADER, &args->sigLen,
-                    args->sigAlgo, ssl->options.hashAlgo,
-                    (RsaKey*)ssl->hsKey,
-                    ssl->buffers.key
-                );
+                args->toSign = rsaSigBuf->buffer;
+                args->toSignSz = (word32)rsaSigBuf->length;
+            #if defined(HAVE_PK_CALLBACKS) && \
+                defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH)
+                /* Pass full data to sign (args->sigData), not hash of */
+                if (ssl->ctx->RsaPssSignCb) {
+                    args->toSign = args->sigData;
+                    args->toSignSz = args->sigDataSz;
+                }
+            #endif
+                ret = RsaSign(ssl, (const byte*)args->toSign, args->toSignSz,
+                              sigOut, &args->sigLen, args->sigAlgo,
+                              ssl->options.hashAlgo, (RsaKey*)ssl->hsKey,
+                              ssl->buffers.key);
                 if (ret == 0) {
                     args->length = (word16)args->sigLen;
-
-                    XMEMCPY(args->sigData,
-                        args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                        args->sigLen);
+                    XMEMCPY(args->sigData, sigOut, args->sigLen);
                 }
             }
         #endif /* !NO_RSA */
@@ -9004,6 +9529,85 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 goto exit_scv;
             }
 
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* Add signature length for the first signature. */
+                c16toa((word16)args->sigLen, sigOut - OPAQUE16_LEN);
+                args->length += OPAQUE16_LEN;
+
+                /* Advance our pointer to where we store the alt signature.
+                 * We also add additional space for the length field of the
+                 * second signature. */
+                sigOut += args->sigLen + OPAQUE16_LEN;
+
+                /* Generate the alternative signature */
+            #ifdef HAVE_ECC
+                if (ssl->hsAltType == DYNAMIC_TYPE_ECC) {
+                    ret = EccSign(ssl, args->altSigData, args->altSigDataSz,
+                                  sigOut, &args->altSigLen,
+                                  (ecc_key*)ssl->hsAltKey,
+                    #ifdef HAVE_PK_CALLBACKS
+                                  ssl->buffers.altKey
+                    #else
+                                  NULL
+                    #endif
+                                  );
+                }
+            #endif /* HAVE_ECC */
+            #ifndef NO_RSA
+                if (ssl->hsAltType == DYNAMIC_TYPE_RSA) {
+                    args->toSign = rsaSigBuf->buffer;
+                    args->toSignSz = (word32)rsaSigBuf->length;
+                #if defined(HAVE_PK_CALLBACKS) && \
+                    defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH)
+                    /* Pass full data to sign (args->altSigData), not hash of */
+                    if (ssl->ctx->RsaPssSignCb) {
+                        args->toSign = args->altSigData;
+                        args->toSignSz = (word32)args->altSigDataSz;
+                    }
+                #endif
+                    ret = RsaSign(ssl, (const byte*)args->toSign,
+                                  args->toSignSz, sigOut, &args->altSigLen,
+                                  args->altSigAlgo, ssl->options.hashAlgo,
+                                  (RsaKey*)ssl->hsAltKey,
+                                  ssl->buffers.altKey);
+
+                    if (ret == 0) {
+                        XMEMCPY(args->altSigData, sigOut, args->altSigLen);
+                    }
+                }
+            #endif /* !NO_RSA */
+            #if defined(HAVE_FALCON)
+                if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) {
+                    ret = wc_falcon_sign_msg(args->altSigData,
+                                             args->altSigDataSz, sigOut,
+                                             &args->altSigLen,
+                                             (falcon_key*)ssl->hsAltKey,
+                                             ssl->rng);
+                }
+            #endif /* HAVE_FALCON */
+            #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+                if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
+                    ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData,
+                                args->altSigDataSz, sigOut, &args->altSigLen,
+                                (dilithium_key*)ssl->hsAltKey, ssl->rng);
+                }
+            #endif /* HAVE_DILITHIUM */
+
+                /* Check for error */
+                if (ret != 0) {
+                    goto exit_scv;
+                }
+
+                /* Add signature length for the alternative signature. */
+                c16toa((word16)args->altSigLen, sigOut - OPAQUE16_LEN);
+
+                /* Add length of the alt sig to the total length */
+                args->length += args->altSigLen + OPAQUE16_LEN;
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             /* Add signature length. */
             c16toa(args->length, args->verify + HASH_SIG_SIZE);
 
@@ -9018,38 +9622,78 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
                 /* check for signature faults */
                 ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
-                    sig->buffer, (word32)sig->length, args->sigAlgo,
+                    rsaSigBuf->buffer, (word32)rsaSigBuf->length, args->sigAlgo,
                     ssl->options.hashAlgo, (RsaKey*)ssl->hsKey,
-                    ssl->buffers.key
-                );
+                    ssl->buffers.key);
             }
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH &&
+                ssl->hsAltType == DYNAMIC_TYPE_RSA) {
+                /* check for signature faults */
+                ret = VerifyRsaSign(ssl, args->altSigData, args->altSigLen,
+                        rsaSigBuf->buffer, (word32)rsaSigBuf->length,
+                        args->altSigAlgo, ssl->options.hashAlgo,
+                        (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey);
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
         #endif /* !NO_RSA */
         #if defined(HAVE_ECC) && defined(WOLFSSL_CHECK_SIG_FAULTS)
             if (ssl->hsType == DYNAMIC_TYPE_ECC) {
+                byte* sigOut = args->verify + HASH_SIG_SIZE + VERIFY_HEADER;
+            #ifdef WOLFSSL_DUAL_ALG_CERTS
+                if (ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    /* Add our length offset. */
+                    sigOut += OPAQUE16_LEN;
+                }
+            #endif
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                 if (ssl->buffers.keyType == sm2_sa_algo) {
                     ret = Sm2wSm3Verify(ssl, TLS13_SM2_SIG_ID,
                         TLS13_SM2_SIG_ID_SZ,
-                        args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                        sig->length, args->sigData, args->sigDataSz,
+                        sigOut, args->sigLen, args->sigData, args->sigDataSz,
                         (ecc_key*)ssl->hsKey, NULL);
                 }
                 else
             #endif
                 {
-                    ret = EccVerify(ssl,
-                        args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                        sig->length, args->sigData, args->sigDataSz,
-                        (ecc_key*)ssl->hsKey,
                 #ifdef HAVE_PK_CALLBACKS
-                        ssl->buffers.key
-                #else
-                        NULL
+                    buffer tmp;
+
+                    tmp.length = ssl->buffers.key->length;
+                    tmp.buffer = ssl->buffers.key->buffer;
                 #endif
-                    );
+                    ret = EccVerify(ssl, sigOut, args->sigLen,
+                            args->sigData, args->sigDataSz,
+                            (ecc_key*)ssl->hsKey,
+                #ifdef HAVE_PK_CALLBACKS
+                            &tmp
+                #else
+                            NULL
+                #endif
+                            );
                 }
             }
-        #endif
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH &&
+                ssl->hsAltType == DYNAMIC_TYPE_ECC) {
+                /* check for signature faults */
+                byte* sigOut = args->verify + HASH_SIG_SIZE + VERIFY_HEADER +
+                                args->sigLen + OPAQUE16_LEN + OPAQUE16_LEN;
+                ret = EccVerify(ssl, sigOut, args->altSigLen,
+                        args->altSigData, args->altSigDataSz,
+                        (ecc_key*)ssl->hsAltKey,
+            #ifdef HAVE_PK_CALLBACKS
+                        ssl->buffers.altKey
+            #else
+                        NULL
+            #endif
+                        );
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+        #endif /* HAVE_ECC && WOLFSSL_CHECK_SIG_FAULTS */
 
             /* Check for error */
             if (ret != 0) {
@@ -9068,7 +9712,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                             VERIFY_HEADER, certificate_verify, ssl);
 
             args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
-                                   args->length + HASH_SIG_SIZE + VERIFY_HEADER;
+                                args->length + HASH_SIG_SIZE + VERIFY_HEADER;
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls)
                 args->sendSz += recordLayerHdrExtra + DTLS_HANDSHAKE_EXTRA;
@@ -9085,7 +9729,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->options.dtls) {
                 ssl->options.buildingMsg = 0;
                 ret = Dtls13HandshakeSend(ssl, args->output,
-                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
+                    WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
                     (word16)args->sendSz, certificate_verify, 1);
                 if (ret != 0)
                     goto exit_scv;
@@ -9096,7 +9740,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
 
             /* This message is always encrypted. */
             ret = BuildTls13Message(ssl, args->output,
-                                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
+                                    WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
                                     args->output + RECORD_HEADER_SZ,
                                     args->sendSz - RECORD_HEADER_SZ, handshake,
                                     1, 0, 0);
@@ -9121,7 +9765,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             }
         #endif
 
-            ssl->buffers.outputBuffer.length += args->sendSz;
+            ssl->buffers.outputBuffer.length += (word32)args->sendSz;
             ssl->options.buildingMsg = 0;
             if (!ssl->options.groupMessages)
                 ret = SendBuffered(ssl);
@@ -9132,13 +9776,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
     } /* switch(ssl->options.asyncState) */
 
 exit_scv:
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    if (ret == 0) {
+        ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
+            &ssl->buffers.keyMask);
+    }
+    else {
+        wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask);
+    }
+#endif
 
     WOLFSSL_LEAVE("SendTls13CertificateVerify", ret);
     WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_SEND);
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* Handle async operation */
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         return ret;
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -9222,11 +9875,16 @@ typedef struct Dcv13Args {
     word32 sigSz;
     word32 idx;
     word32 begin;
-    byte   hashAlgo;
-    byte   sigAlgo;
 
     byte*  sigData;
     word16 sigDataSz;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte   altSigAlgo;
+    byte*  altSigData;
+    word32 altSigDataSz;
+    word32 altSignatureSz;
+    byte   altPeerAuthGood;
+#endif
 } Dcv13Args;
 
 static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs)
@@ -9237,10 +9895,130 @@ static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs)
         XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
         args->sigData = NULL;
     }
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (args && args->altSigData != NULL) {
+        XFREE(args->altSigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
+        args->altSigData = NULL;
+    }
+#endif
     (void)ssl;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#ifndef NO_RSA
+/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
+ * RSA public key. Convert it into a usable public key. */
+static int decodeRsaKey(WOLFSSL* ssl)
+{
+    int keyRet;
+    word32 tmpIdx = 0;
+
+    if (ssl->peerRsaKeyPresent)
+        return INVALID_PARAMETER;
+
+    keyRet = AllocKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    ssl->peerRsaKeyPresent = 1;
+    keyRet = wc_RsaPublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
+                                   ssl->peerRsaKey,
+                                   ssl->peerCert.sapkiLen);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    return 0;
+}
+#endif /* !NO_RSA */
+
+#ifdef HAVE_ECC
+/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
+ * ECC public key. Convert it into a usable public key. */
+static int decodeEccKey(WOLFSSL* ssl)
+{
+    int keyRet;
+    word32 tmpIdx = 0;
+
+    if (ssl->peerEccDsaKeyPresent)
+        return INVALID_PARAMETER;
+
+    keyRet = AllocKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    ssl->peerEccDsaKeyPresent = 1;
+    keyRet = wc_EccPublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
+                                   ssl->peerEccDsaKey,
+                                   ssl->peerCert.sapkiLen);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    return 0;
+}
+#endif /* HAVE_ECC */
+
+#ifdef HAVE_DILITHIUM
+/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
+ * dilithium public key. Convert it into a usable public key. */
+static int decodeDilithiumKey(WOLFSSL* ssl, int level)
+{
+    int keyRet;
+    word32 tmpIdx = 0;
+
+    if (ssl->peerDilithiumKeyPresent)
+        return INVALID_PARAMETER;
+
+    keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
+                      (void**)&ssl->peerDilithiumKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    ssl->peerDilithiumKeyPresent = 1;
+    keyRet = wc_dilithium_set_level(ssl->peerDilithiumKey, level);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    keyRet = wc_Dilithium_PublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
+                                          ssl->peerDilithiumKey,
+                                          ssl->peerCert.sapkiLen);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    return 0;
+}
+#endif /* HAVE_DILITHIUM */
+
+#ifdef HAVE_FALCON
+/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
+ * falcon public key. Convert it into a usable public key. */
+static int decodeFalconKey(WOLFSSL* ssl, int level)
+{
+    int keyRet;
+    word32 tmpIdx = 0;
+
+    if (ssl->peerFalconKeyPresent)
+        return INVALID_PARAMETER;
+
+    keyRet = AllocKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    ssl->peerFalconKeyPresent = 1;
+    keyRet = wc_falcon_set_level(ssl->peerFalconKey, level);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    keyRet = wc_Falcon_PublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
+                                       ssl->peerFalconKey,
+                                       ssl->peerCert.sapkiLen);
+    if (keyRet != 0)
+        return PEER_KEY_ERROR;
+
+    return 0;
+}
+#endif /* HAVE_FALCON */
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* handle processing TLS v1.3 certificate_verify (15) */
 /* Parse and handle a TLS v1.3 CertificateVerify message.
  *
@@ -9256,7 +10034,11 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                                     word32* inOutIdx, word32 totalSz)
 {
     int         ret = 0;
-    buffer*     sig = &ssl->buffers.sig;
+    byte*       sig = NULL;
+#ifndef NO_RSA
+    /* Use this as a temporary buffer for RSA signature verification. */
+    buffer*     rsaSigBuf = &ssl->buffers.sig;
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     Dcv13Args* args = NULL;
     WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args);
@@ -9269,7 +10051,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_Tls13CertificateVerify(ssl, input, inOutIdx, totalSz);
-    if (ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         goto exit_dcv;
     }
     ret = 0;
@@ -9286,7 +10068,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
     args = (Dcv13Args*)ssl->async->args;
 
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             goto exit_dcv;
@@ -9298,8 +10080,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         ret = 0;
         ssl->options.asyncState = TLS_ASYNC_BEGIN;
         XMEMSET(args, 0, sizeof(Dcv13Args));
-        args->hashAlgo = sha_mac;
-        args->sigAlgo = anonymous_sa_algo;
+        ssl->options.peerHashAlgo = sha_mac;
+        ssl->options.peerSigAlgo = anonymous_sa_algo;
         args->idx = *inOutIdx;
         args->begin = *inOutIdx;
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -9330,8 +10112,35 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
             if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > totalSz) {
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
-            ret = DecodeTls13SigAlg(input + args->idx, &args->hashAlgo,
-                                                                &args->sigAlgo);
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->peerSigSpec == NULL) {
+                /* The peer did not respond. We didn't send CKS or they don't
+                 * support it. Either way, we do not need to handle dual
+                 * key/sig case. */
+                ssl->sigSpec = NULL;
+                ssl->sigSpecSz = 0;
+            }
+
+            /* If no CKS extension or either native or alternative, then just
+             * get a normal sigalgo.  But if BOTH, then get the native and alt
+             * sig algos. */
+            if (ssl->sigSpec == NULL ||
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_NATIVE ||
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+                ret = DecodeTls13SigAlg(input + args->idx,
+                        &ssl->options.peerHashAlgo, &ssl->options.peerSigAlgo);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            }
+            else {
+                ret = DecodeTls13HybridSigAlg(input + args->idx,
+                                              &ssl->options.peerHashAlgo,
+                                              &ssl->options.peerSigAlgo,
+                                              &args->altSigAlgo);
+            }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             if (ret < 0)
                 goto exit_dcv;
             args->idx += OPAQUE16_LEN;
@@ -9349,70 +10158,163 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if ((ssl->sigSpec != NULL) &&
+                (*ssl->sigSpec != WOLFSSL_CKS_SIGSPEC_NATIVE)) {
+
+                word16 sa;
+                if (args->altSigAlgo == 0)
+                    sa = ssl->options.peerSigAlgo;
+                else
+                    sa = args->altSigAlgo;
+
+                switch(sa) {
+            #ifndef NO_RSA
+                case rsa_pss_sa_algo:
+                    ret = decodeRsaKey(ssl);
+                    break;
+            #endif
+            #ifdef HAVE_ECC
+                case ecc_dsa_sa_algo:
+                    ret = decodeEccKey(ssl);
+                    break;
+            #endif
+            #ifdef HAVE_DILITHIUM
+                case dilithium_level2_sa_algo:
+                    ret = decodeDilithiumKey(ssl, WC_ML_DSA_44);
+                    break;
+                case dilithium_level3_sa_algo:
+                    ret = decodeDilithiumKey(ssl, WC_ML_DSA_65);
+                    break;
+                case dilithium_level5_sa_algo:
+                    ret = decodeDilithiumKey(ssl, WC_ML_DSA_87);
+                    break;
+            #endif
+            #ifdef HAVE_FALCON
+                case falcon_level1_sa_algo:
+                    ret = decodeFalconKey(ssl, 1);
+                    break;
+                case falcon_level5_sa_algo:
+                    ret = decodeFalconKey(ssl, 5);
+                    break;
+            #endif
+                default:
+                    ERROR_OUT(PEER_KEY_ERROR, exit_dcv);
+                }
+
+                if (ret != 0)
+                    ERROR_OUT(ret, exit_dcv);
+
+                if (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
+                    /* Now swap in the alternative by removing the native.
+                     * sa contains the alternative signature type. */
+                #ifndef NO_RSA
+                    if (ssl->peerRsaKeyPresent && sa != rsa_pss_sa_algo) {
+                        FreeKey(ssl, DYNAMIC_TYPE_RSA,
+                                (void**)&ssl->peerRsaKey);
+                        ssl->peerRsaKeyPresent = 0;
+                    }
+                #endif
+                #ifdef HAVE_ECC
+                    else if (ssl->peerEccDsaKeyPresent &&
+                             sa != ecc_dsa_sa_algo) {
+                        FreeKey(ssl, DYNAMIC_TYPE_ECC,
+                                (void**)&ssl->peerEccDsaKey);
+                        ssl->peerEccDsaKeyPresent = 0;
+                    }
+                #endif
+                #ifdef HAVE_DILITHIUM
+                    else if (ssl->peerDilithiumKeyPresent &&
+                             sa != dilithium_level2_sa_algo &&
+                             sa != dilithium_level3_sa_algo &&
+                             sa != dilithium_level5_sa_algo) {
+                        FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
+                                (void**)&ssl->peerDilithiumKey);
+                        ssl->peerDilithiumKeyPresent = 0;
+                    }
+                #endif
+                #ifdef HAVE_FALCON
+                    else if (ssl->peerFalconKeyPresent &&
+                             sa != falcon_level1_sa_algo &&
+                             sa != falcon_level5_sa_algo) {
+                        FreeKey(ssl, DYNAMIC_TYPE_FALCON,
+                                (void**)&ssl->peerFalconKey);
+                        ssl->peerFalconKeyPresent = 0;
+                    }
+                #endif
+                    else {
+                        ERROR_OUT(PEER_KEY_ERROR, exit_dcv);
+                    }
+                }
+            }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             /* Check for public key of required type. */
             /* Assume invalid unless signature algo matches the key provided */
             validSigAlgo = 0;
         #ifdef HAVE_ED25519
-            if (args->sigAlgo == ed25519_sa_algo) {
+            if (ssl->options.peerSigAlgo == ed25519_sa_algo) {
                 WOLFSSL_MSG("Peer sent ED25519 sig");
                 validSigAlgo = (ssl->peerEd25519Key != NULL) &&
                                                      ssl->peerEd25519KeyPresent;
             }
         #endif
         #ifdef HAVE_ED448
-            if (args->sigAlgo == ed448_sa_algo) {
+            if (ssl->options.peerSigAlgo == ed448_sa_algo) {
                 WOLFSSL_MSG("Peer sent ED448 sig");
                 validSigAlgo = (ssl->peerEd448Key != NULL) &&
                                                        ssl->peerEd448KeyPresent;
             }
         #endif
         #ifdef HAVE_ECC
-            if (args->sigAlgo == ecc_dsa_sa_algo) {
+            if (ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
                 WOLFSSL_MSG("Peer sent ECC sig");
                 validSigAlgo = (ssl->peerEccDsaKey != NULL) &&
                                                       ssl->peerEccDsaKeyPresent;
             }
         #endif
         #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-            if (args->sigAlgo == sm2_sa_algo) {
+            if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                 WOLFSSL_MSG("Peer sent SM2 sig");
                 validSigAlgo = (ssl->peerEccDsaKey != NULL) &&
                                                       ssl->peerEccDsaKeyPresent;
             }
         #endif
-        #ifdef HAVE_PQC
-            if (args->sigAlgo == falcon_level1_sa_algo) {
+        #ifdef HAVE_FALCON
+            if (ssl->options.peerSigAlgo == falcon_level1_sa_algo) {
                 WOLFSSL_MSG("Peer sent Falcon Level 1 sig");
                 validSigAlgo = (ssl->peerFalconKey != NULL) &&
                                ssl->peerFalconKeyPresent;
             }
-            if (args->sigAlgo == falcon_level5_sa_algo) {
+            if (ssl->options.peerSigAlgo == falcon_level5_sa_algo) {
                 WOLFSSL_MSG("Peer sent Falcon Level 5 sig");
                 validSigAlgo = (ssl->peerFalconKey != NULL) &&
                                ssl->peerFalconKeyPresent;
             }
-            if (args->sigAlgo == dilithium_level2_sa_algo) {
+        #endif
+        #ifdef HAVE_DILITHIUM
+            if (ssl->options.peerSigAlgo == dilithium_level2_sa_algo) {
                 WOLFSSL_MSG("Peer sent Dilithium Level 2 sig");
                 validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
                                ssl->peerDilithiumKeyPresent;
             }
-            if (args->sigAlgo == dilithium_level3_sa_algo) {
+            if (ssl->options.peerSigAlgo == dilithium_level3_sa_algo) {
                 WOLFSSL_MSG("Peer sent Dilithium Level 3 sig");
                 validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
                                ssl->peerDilithiumKeyPresent;
             }
-            if (args->sigAlgo == dilithium_level5_sa_algo) {
+            if (ssl->options.peerSigAlgo == dilithium_level5_sa_algo) {
                 WOLFSSL_MSG("Peer sent Dilithium Level 5 sig");
                 validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
                                ssl->peerDilithiumKeyPresent;
             }
         #endif
         #ifndef NO_RSA
-            if (args->sigAlgo == rsa_sa_algo) {
+            if (ssl->options.peerSigAlgo == rsa_sa_algo) {
                 WOLFSSL_MSG("Peer sent PKCS#1.5 algo - not valid TLS 1.3");
                 ERROR_OUT(INVALID_PARAMETER, exit_dcv);
             }
-            if (args->sigAlgo == rsa_pss_sa_algo) {
+            if (ssl->options.peerSigAlgo == rsa_pss_sa_algo) {
                 WOLFSSL_MSG("Peer sent RSA sig");
                 validSigAlgo = (ssl->peerRsaKey != NULL) &&
                                                          ssl->peerRsaKeyPresent;
@@ -9423,95 +10325,116 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 ERROR_OUT(SIG_VERIFY_E, exit_dcv);
             }
 
-            sig->buffer = (byte*)XMALLOC(args->sz, ssl->heap,
-                                         DYNAMIC_TYPE_SIGNATURE);
-            if (sig->buffer == NULL) {
-                ERROR_OUT(MEMORY_E, exit_dcv);
+            args->sigSz = args->sz;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* In case we received two signatures, both of them are encoded
+                 * with their size as 16-bit integeter prior in memory. Hence,
+                 * we can decode both lengths here now. */
+                word32 tmpIdx = args->idx;
+                word16 tmpSz = 0;
+                ato16(input + tmpIdx, &tmpSz);
+                args->sigSz = tmpSz;
+
+                tmpIdx += OPAQUE16_LEN + args->sigSz;
+                ato16(input + tmpIdx, &tmpSz);
+                args->altSignatureSz = tmpSz;
+
+                if (args->sz != (args->sigSz + args->altSignatureSz +
+                                    OPAQUE16_LEN + OPAQUE16_LEN)) {
+                    ERROR_OUT(BUFFER_ERROR, exit_dcv);
+                }
             }
-            sig->length = args->sz;
-            XMEMCPY(sig->buffer, input + args->idx, args->sz);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
-        #ifdef HAVE_ECC
-            if (ssl->peerEccDsaKeyPresent) {
-                WOLFSSL_MSG("Doing ECC peer cert verify");
-
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
+        #if !defined(NO_RSA) && defined(WC_RSA_PSS)
+            /* In case we have to verify an RSA signature, we have to store the
+             * signature in the 'rsaSigBuf' structure for further processing.
+             */
+            if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
+                word32 sigSz = args->sigSz;
+                sig = input + args->idx;
+            #ifdef WOLFSSL_DUAL_ALG_CERTS
+                /* Check if our alternative signature was RSA */
+                if (ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                    if (ssl->options.peerSigAlgo != rsa_pss_sa_algo) {
+                        /* We have to skip the first signature (length field
+                         * and signature itself) and the length field of the
+                         * alternative signature. */
+                        sig += OPAQUE16_LEN + OPAQUE16_LEN + args->sigSz;
+                        sigSz = args->altSignatureSz;
+                    }
+                    else {
+                        /* We have to skip the length field */
+                        sig += OPAQUE16_LEN;
+                    }
+                }
+            #endif
+                rsaSigBuf->buffer = (byte*)XMALLOC(sigSz, ssl->heap,
+                                         DYNAMIC_TYPE_SIGNATURE);
+                if (rsaSigBuf->buffer == NULL) {
                     ERROR_OUT(MEMORY_E, exit_dcv);
                 }
+                rsaSigBuf->length = sigSz;
+                XMEMCPY(rsaSigBuf->buffer, sig, rsaSigBuf->length);
+            }
+        #endif /* !NO_RSA && WC_RSA_PSS */
 
-                ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                if (ret != 0)
-                    goto exit_dcv;
+            args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
+                                                    DYNAMIC_TYPE_SIGNATURE);
+            if (args->sigData == NULL) {
+                ERROR_OUT(MEMORY_E, exit_dcv);
+            }
+
+            ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
+            if (ret < 0)
+                goto exit_dcv;
+
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if ((ssl->sigSpec != NULL) &&
+                (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH)) {
+                args->altSigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
+                                                        DYNAMIC_TYPE_SIGNATURE);
+                if (args->altSigData == NULL) {
+                    ERROR_OUT(MEMORY_E, exit_dcv);
+                }
+                XMEMCPY(args->altSigData, args->sigData, args->sigDataSz);
+                args->altSigDataSz = args->sigDataSz;
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+        #ifdef HAVE_ECC
+            if ((ssl->options.peerSigAlgo == ecc_dsa_sa_algo) &&
+                (ssl->peerEccDsaKeyPresent)) {
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                if (args->sigAlgo != sm2_sa_algo)
+                if (ssl->options.peerSigAlgo != sm2_sa_algo)
             #endif
                 {
                     ret = CreateECCEncodedSig(args->sigData,
-                        args->sigDataSz, args->hashAlgo);
+                        args->sigDataSz, ssl->options.peerHashAlgo);
                     if (ret < 0)
                         goto exit_dcv;
                     args->sigDataSz = (word16)ret;
                     ret = 0;
                 }
             }
-        #endif
-        #ifdef HAVE_ED25519
-            if (ssl->peerEd25519KeyPresent) {
-                WOLFSSL_MSG("Doing ED25519 peer cert verify");
 
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
-                    ERROR_OUT(MEMORY_E, exit_dcv);
-                }
-
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if ((ssl->sigSpec != NULL) &&
+                (*ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) &&
+                (args->altSigAlgo == ecc_dsa_sa_algo) &&
+                (ssl->peerEccDsaKeyPresent)) {
+                ret = CreateECCEncodedSig(args->altSigData,
+                        args->altSigDataSz, ssl->options.peerHashAlgo);
+                    if (ret < 0)
+                        goto exit_dcv;
+                    args->altSigDataSz = (word16)ret;
+                    ret = 0;
             }
-        #endif
-        #ifdef HAVE_ED448
-            if (ssl->peerEd448KeyPresent) {
-                WOLFSSL_MSG("Doing ED448 peer cert verify");
-
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
-                    ERROR_OUT(MEMORY_E, exit_dcv);
-                }
-
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
-            }
-       #endif
-       #ifdef HAVE_PQC
-            if (ssl->peerFalconKeyPresent) {
-                WOLFSSL_MSG("Doing Falcon peer cert verify");
-
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
-                    ERROR_OUT(MEMORY_E, exit_dcv);
-                }
-
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
-            }
-
-            if (ssl->peerDilithiumKeyPresent) {
-                WOLFSSL_MSG("Doing Dilithium peer cert verify");
-
-                args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
-                                                        DYNAMIC_TYPE_SIGNATURE);
-                if (args->sigData == NULL) {
-                    ERROR_OUT(MEMORY_E, exit_dcv);
-                }
-
-                CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
-                ret = 0;
-            }
-       #endif
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+        #endif /* HAVE_ECC */
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_DO;
@@ -9520,35 +10443,52 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
 
         case TLS_ASYNC_DO:
         {
+            sig = input + args->idx;
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* As we have two signatures in the message, we stored
+                 * the length of each before the actual signature. This
+                 * is necessary, as we could have two algorithms with
+                 * variable length signatures. */
+                sig += OPAQUE16_LEN;
+            }
+        #endif
         #ifndef NO_RSA
-            if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
-                ret = RsaVerify(ssl, sig->buffer, (word32)sig->length, &args->output,
-                    args->sigAlgo, args->hashAlgo, ssl->peerRsaKey,
+            if ((ssl->options.peerSigAlgo == rsa_pss_sa_algo) &&
+                (ssl->peerRsaKey != NULL) && (ssl->peerRsaKeyPresent != 0)) {
+                WOLFSSL_MSG("Doing RSA peer cert verify");
+                ret = RsaVerify(ssl, rsaSigBuf->buffer,
+                                (word32)rsaSigBuf->length, &args->output,
+                                ssl->options.peerSigAlgo,
+                                ssl->options.peerHashAlgo, ssl->peerRsaKey,
                 #ifdef HAVE_PK_CALLBACKS
-                    &ssl->buffers.peerRsaKey
+                                &ssl->buffers.peerRsaKey
                 #else
-                    NULL
+                                NULL
                 #endif
-                );
+                                );
                 if (ret >= 0) {
-                    args->sendSz = ret;
+                    args->sendSz = (word32)ret;
                     ret = 0;
                 }
             }
         #endif /* !NO_RSA */
         #ifdef HAVE_ECC
-            if (ssl->peerEccDsaKeyPresent) {
+            if ((ssl->options.peerSigAlgo == ecc_dsa_sa_algo) &&
+                (ssl->peerEccDsaKeyPresent)) {
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                if (args->sigAlgo == sm2_sa_algo) {
+                if (ssl->options.peerSigAlgo == sm2_sa_algo) {
                     ret = Sm2wSm3Verify(ssl, TLS13_SM2_SIG_ID,
-                        TLS13_SM2_SIG_ID_SZ, input + args->idx, args->sz,
+                        TLS13_SM2_SIG_ID_SZ, sig, args->sigSz,
                         args->sigData, args->sigDataSz,
                         ssl->peerEccDsaKey, NULL);
                 }
                 else
             #endif
                 {
-                    ret = EccVerify(ssl, input + args->idx, args->sz,
+                    WOLFSSL_MSG("Doing ECC peer cert verify");
+                    ret = EccVerify(ssl, sig, args->sigSz,
                         args->sigData, args->sigDataSz,
                         ssl->peerEccDsaKey,
                     #ifdef HAVE_PK_CALLBACKS
@@ -9556,21 +10496,24 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                     #else
                         NULL
                     #endif
-                    );
+                        );
                 }
 
                 if (ret >= 0) {
                     /* CLIENT/SERVER: data verified with public key from
                      * certificate. */
                     ssl->options.peerAuthGood = 1;
+
                     FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
                     ssl->peerEccDsaKeyPresent = 0;
                 }
             }
         #endif /* HAVE_ECC */
         #ifdef HAVE_ED25519
-            if (ssl->peerEd25519KeyPresent) {
-                ret = Ed25519Verify(ssl, input + args->idx, args->sz,
+            if ((ssl->options.peerSigAlgo == ed25519_sa_algo) &&
+                (ssl->peerEd25519KeyPresent)) {
+                WOLFSSL_MSG("Doing ED25519 peer cert verify");
+                ret = Ed25519Verify(ssl, sig, args->sigSz,
                     args->sigData, args->sigDataSz,
                     ssl->peerEd25519Key,
                 #ifdef HAVE_PK_CALLBACKS
@@ -9578,7 +10521,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 #else
                     NULL
                 #endif
-                );
+                    );
 
                 if (ret >= 0) {
                     /* CLIENT/SERVER: data verified with public key from
@@ -9591,8 +10534,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
             }
         #endif
         #ifdef HAVE_ED448
-            if (ssl->peerEd448KeyPresent) {
-                ret = Ed448Verify(ssl, input + args->idx, args->sz,
+            if ((ssl->options.peerSigAlgo == ed448_sa_algo) &&
+                (ssl->peerEd448KeyPresent)) {
+                WOLFSSL_MSG("Doing ED448 peer cert verify");
+                ret = Ed448Verify(ssl, sig, args->sigSz,
                     args->sigData, args->sigDataSz,
                     ssl->peerEd448Key,
                 #ifdef HAVE_PK_CALLBACKS
@@ -9612,48 +10557,176 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 }
             }
         #endif
-        #if defined(HAVE_PQC) && defined(HAVE_FALCON)
-            if (ssl->peerFalconKeyPresent) {
+        #if defined(HAVE_FALCON)
+            if (((ssl->options.peerSigAlgo == falcon_level1_sa_algo) ||
+                 (ssl->options.peerSigAlgo == falcon_level5_sa_algo)) &&
+                (ssl->peerFalconKeyPresent)) {
                 int res = 0;
                 WOLFSSL_MSG("Doing Falcon peer cert verify");
-                ret = wc_falcon_verify_msg(input + args->idx, args->sz,
-                                    args->sigData, args->sigDataSz,
-                                    &res, ssl->peerFalconKey);
+                ret = wc_falcon_verify_msg(sig, args->sigSz,
+                                           args->sigData, args->sigDataSz,
+                                           &res, ssl->peerFalconKey);
 
                 if ((ret >= 0) && (res == 1)) {
                     /* CLIENT/SERVER: data verified with public key from
                      * certificate. */
                     ssl->options.peerAuthGood = 1;
+
                     FreeKey(ssl, DYNAMIC_TYPE_FALCON,
                                                    (void**)&ssl->peerFalconKey);
                     ssl->peerFalconKeyPresent = 0;
                 }
+                else if ((ret >= 0) && (res == 0)) {
+                    WOLFSSL_MSG("Falcon signature verification failed");
+                    ret = SIG_VERIFY_E;
+                }
             }
-        #endif /* HAVE_PQC && HAVE_FALCON */
-        #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
-            if (ssl->peerDilithiumKeyPresent) {
+        #endif /* HAVE_FALCON */
+        #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+            if (((ssl->options.peerSigAlgo == dilithium_level2_sa_algo) ||
+                 (ssl->options.peerSigAlgo == dilithium_level3_sa_algo) ||
+                 (ssl->options.peerSigAlgo == dilithium_level5_sa_algo)) &&
+                (ssl->peerDilithiumKeyPresent)) {
                 int res = 0;
                 WOLFSSL_MSG("Doing Dilithium peer cert verify");
-                ret = wc_dilithium_verify_msg(input + args->idx, args->sz,
-                                              args->sigData, args->sigDataSz,
-                                              &res, ssl->peerDilithiumKey);
+                ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0,
+                                                  args->sigData, args->sigDataSz,
+                                                  &res, ssl->peerDilithiumKey);
 
                 if ((ret >= 0) && (res == 1)) {
                     /* CLIENT/SERVER: data verified with public key from
                      * certificate. */
                     ssl->options.peerAuthGood = 1;
+
                     FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
                             (void**)&ssl->peerDilithiumKey);
                     ssl->peerDilithiumKeyPresent = 0;
                 }
+                else if ((ret >= 0) && (res == 0)) {
+                    WOLFSSL_MSG("Dilithium signature verification failed");
+                    ret = SIG_VERIFY_E;
+                }
             }
-        #endif /* HAVE_PQC && HAVE_DILITHIUM */
+        #endif /* HAVE_DILITHIUM */
 
             /* Check for error */
             if (ret != 0) {
                 goto exit_dcv;
             }
 
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                /* Move forward to the alternative signature. */
+                sig += args->sigSz + OPAQUE16_LEN;
+
+                /* Verify the alternative signature */
+            #ifndef NO_RSA
+                if ((args->altSigAlgo == rsa_pss_sa_algo) &&
+                    (ssl->peerRsaKey != NULL) &&
+                    (ssl->peerRsaKeyPresent != 0)) {
+                    WOLFSSL_MSG("Doing RSA peer cert alt verify");
+                    ret = RsaVerify(ssl, rsaSigBuf->buffer,
+                                    (word32)rsaSigBuf->length,
+                                    &args->output, args->altSigAlgo,
+                                    ssl->options.peerHashAlgo, ssl->peerRsaKey,
+                    #ifdef HAVE_PK_CALLBACKS
+                                    &ssl->buffers.peerRsaKey
+                    #else
+                                    NULL
+                    #endif
+                                    );
+                    if (ret >= 0) {
+                        args->sendSz = ret;
+                        ret = 0;
+                    }
+                }
+            #endif /* !NO_RSA */
+            #ifdef HAVE_ECC
+                if ((args->altSigAlgo == ecc_dsa_sa_algo) &&
+                    (ssl->peerEccDsaKeyPresent)) {
+                    WOLFSSL_MSG("Doing ECC peer cert alt verify");
+                    ret = EccVerify(ssl, sig, args->altSignatureSz,
+                                args->altSigData, args->altSigDataSz,
+                                ssl->peerEccDsaKey,
+                    #ifdef HAVE_PK_CALLBACKS
+                                &ssl->buffers.peerEccDsaKey
+                    #else
+                                NULL
+                    #endif
+                                );
+
+                    if (ret >= 0) {
+                        /* CLIENT/SERVER: data verified with public key from
+                        * certificate. */
+                        args->altPeerAuthGood = 1;
+
+                        FreeKey(ssl, DYNAMIC_TYPE_ECC,
+                                                (void**)&ssl->peerEccDsaKey);
+                        ssl->peerEccDsaKeyPresent = 0;
+                    }
+                }
+            #endif /* HAVE_ECC */
+            #if defined(HAVE_FALCON)
+                if (((args->altSigAlgo == falcon_level1_sa_algo) ||
+                     (args->altSigAlgo == falcon_level5_sa_algo)) &&
+                    (ssl->peerFalconKeyPresent)) {
+                    int res = 0;
+                    WOLFSSL_MSG("Doing Falcon peer cert alt verify");
+                    ret = wc_falcon_verify_msg(sig, args->altSignatureSz,
+                                        args->altSigData, args->altSigDataSz,
+                                        &res, ssl->peerFalconKey);
+
+                    if ((ret >= 0) && (res == 1)) {
+                        /* CLIENT/SERVER: data verified with public key from
+                        * certificate. */
+                        args->altPeerAuthGood = 1;
+
+                        FreeKey(ssl, DYNAMIC_TYPE_FALCON,
+                                                (void**)&ssl->peerFalconKey);
+                        ssl->peerFalconKeyPresent = 0;
+                    }
+                    else if ((ret >= 0) && (res == 0)) {
+                        WOLFSSL_MSG("Falcon signature verification failed");
+                        ret = SIG_VERIFY_E;
+                    }
+                }
+            #endif /* HAVE_FALCON */
+            #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+                if (((args->altSigAlgo == dilithium_level2_sa_algo) ||
+                     (args->altSigAlgo == dilithium_level3_sa_algo) ||
+                     (args->altSigAlgo == dilithium_level5_sa_algo)) &&
+                    (ssl->peerDilithiumKeyPresent)) {
+                    int res = 0;
+                    WOLFSSL_MSG("Doing Dilithium peer cert alt verify");
+                    ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz,
+                                        NULL, 0, args->altSigData,
+                                        args->altSigDataSz, &res,
+                                        ssl->peerDilithiumKey);
+
+                    if ((ret >= 0) && (res == 1)) {
+                        /* CLIENT/SERVER: data verified with public key from
+                        * certificate. */
+                        args->altPeerAuthGood = 1;
+
+                        FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
+                                            (void**)&ssl->peerDilithiumKey);
+                        ssl->peerDilithiumKeyPresent = 0;
+                    }
+                    else if ((ret >= 0) && (res == 0)) {
+                        WOLFSSL_MSG("Dilithium signature verification failed");
+                        ret = SIG_VERIFY_E;
+                    }
+                }
+            #endif /* HAVE_DILITHIUM */
+
+                /* Check for error */
+                if (ret != 0) {
+                    goto exit_dcv;
+                }
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_VERIFY;
         } /* case TLS_ASYNC_DO */
@@ -9663,8 +10736,17 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         {
         #if !defined(NO_RSA) && defined(WC_RSA_PSS)
             if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
-                ret = CheckRSASignature(ssl, args->sigAlgo, args->hashAlgo,
-                                        args->output, args->sendSz);
+                int sigAlgo = ssl->options.peerSigAlgo;
+            #ifdef WOLFSSL_DUAL_ALG_CERTS
+                /* Check if our alternative signature was RSA */
+                if (ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH &&
+                    ssl->options.peerSigAlgo != rsa_pss_sa_algo) {
+                    sigAlgo = args->altSigAlgo;
+                }
+            #endif
+                ret = CheckRSASignature(ssl, sigAlgo,
+                        ssl->options.peerHashAlgo, args->output, args->sendSz);
                 if (ret != 0)
                     goto exit_dcv;
 
@@ -9672,7 +10754,16 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                  * certificate. */
                 ssl->peerRsaKeyPresent = 0;
                 FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
-                ssl->options.peerAuthGood = 1;
+            #ifdef WOLFSSL_DUAL_ALG_CERTS
+                /* Check if our alternative signature was RSA */
+                if (ssl->sigSpec != NULL &&
+                    *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH &&
+                    ssl->options.peerSigAlgo != rsa_pss_sa_algo) {
+                    args->altPeerAuthGood = 1;
+                }
+                else
+            #endif
+                    ssl->options.peerAuthGood = 1;
             }
         #endif /* !NO_RSA && WC_RSA_PSS */
 
@@ -9683,6 +10774,13 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
 
         case TLS_ASYNC_FINALIZE:
         {
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            if (ssl->options.peerAuthGood &&
+                ssl->sigSpec != NULL &&
+                *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
+                ssl->options.peerAuthGood = args->altPeerAuthGood;
+            }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
             ssl->options.havePeerVerify = 1;
 
             /* Set final index */
@@ -9718,7 +10816,7 @@ exit_dcv:
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* Handle async operation */
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         /* Mark message as not received so it can process again */
         ssl->msgsReceived.got_certificate_verify = 0;
 
@@ -9729,7 +10827,7 @@ exit_dcv:
     if (ret != 0) {
         WOLFSSL_ERROR_VERBOSE(ret);
 
-        if (ret != INVALID_PARAMETER) {
+        if (ret != WC_NO_ERR_TRACE(INVALID_PARAMETER)) {
             SendAlert(ssl, alert_fatal, decrypt_error);
         }
     }
@@ -9803,11 +10901,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
         return ret;
     }
-    if (ret == VERIFY_FINISHED_ERROR) {
+    if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) {
         SendAlert(ssl, alert_fatal, decrypt_error);
         return ret;
     }
-    if (ret != CRYPTOCB_UNAVAILABLE) {
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         /* other errors */
         return ret;
     }
@@ -9846,15 +10944,19 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 
     if (sniff == NO_SNIFF) {
+
         ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
     #ifdef WOLFSSL_HAVE_TLS_UNIQUE
+        if (finishedSz > TLS_FINISHED_SZ_MAX) {
+            return BUFFER_ERROR;
+        }
         if (ssl->options.side == WOLFSSL_CLIENT_END) {
             XMEMCPY(ssl->serverFinished, mac, finishedSz);
-            ssl->serverFinished_len = finishedSz;
+            ssl->serverFinished_len = (byte)finishedSz;
         }
         else {
             XMEMCPY(ssl->clientFinished, mac, finishedSz);
-            ssl->clientFinished_len = finishedSz;
+            ssl->clientFinished_len = (byte)finishedSz;
         }
     #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
         if (ret != 0)
@@ -9870,7 +10972,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     if (sniff == NO_SNIFF) {
         /* Actually check verify data. */
-        if (XMEMCMP(input + *inOutIdx, mac, size) != 0){
+        if (size > WC_MAX_DIGEST_SIZE ||
+                XMEMCMP(input + *inOutIdx, mac, size) != 0){
             WOLFSSL_MSG("Verify finished error on hashes");
             SendAlert(ssl, alert_fatal, decrypt_error);
             WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
@@ -9881,6 +10984,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     /* Force input exhaustion at ProcessReply by consuming padSz. */
     *inOutIdx += size + ssl->keys.padSz;
 
+#ifndef NO_WOLFSSL_SERVER
     if (ssl->options.side == WOLFSSL_SERVER_END &&
                                                   !ssl->options.handShakeDone) {
 #ifdef WOLFSSL_EARLY_DATA
@@ -9893,6 +10997,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
             return ret;
     }
+#endif
 
 #ifndef NO_WOLFSSL_CLIENT
     if (ssl->options.side == WOLFSSL_CLIENT_END)
@@ -9935,7 +11040,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  */
 static int SendTls13Finished(WOLFSSL* ssl)
 {
-    int   finishedSz = ssl->specs.hash_size;
+    byte  finishedSz = ssl->specs.hash_size;
     byte* input;
     byte* output;
     int   ret;
@@ -9974,12 +11079,13 @@ static int SendTls13Finished(WOLFSSL* ssl)
         input = output + Dtls13GetRlHeaderLength(ssl, 1);
 #endif /* WOLFSSL_DTLS13 */
 
-    AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
+    AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz,
+            finished, ssl);
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
         ret = tsip_Tls13SendFinished(ssl, output, outputSz, input, 1);
-        if (ret != CRYPTOCB_UNAVAILABLE) {
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             return ret;
         }
         ret = 0;
@@ -10035,7 +11141,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
         dtlsRet = Dtls13HandshakeSend(ssl, output, (word16)outputSz,
             (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished,
             1);
-        if (dtlsRet != 0 && dtlsRet != WANT_WRITE)
+        if (dtlsRet != 0 && dtlsRet != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
 
     } else
@@ -10059,7 +11165,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
             }
         #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
         ssl->options.buildingMsg = 0;
     }
 
@@ -10124,14 +11230,14 @@ static int SendTls13Finished(WOLFSSL* ssl)
                                                   !ssl->options.handShakeDone) {
 #ifdef WOLFSSL_EARLY_DATA
         if (ssl->earlyData != no_early_data) {
-            if ((ret = DeriveTls13Keys(ssl, no_key, ENCRYPT_AND_DECRYPT_SIDE,
+            if ((ret = DeriveTls13Keys(ssl, no_key, ENCRYPT_SIDE_ONLY,
                                                                      1)) != 0) {
                     return ret;
             }
         }
 #endif
         /* Setup keys for application data messages. */
-        if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
+        if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
             return ret;
 
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -10199,7 +11305,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
  * ssl  The SSL/TLS object.
  * returns 0 on success, otherwise failure.
  */
-static int SendTls13KeyUpdate(WOLFSSL* ssl)
+int SendTls13KeyUpdate(WOLFSSL* ssl)
 {
     byte*  input;
     byte*  output;
@@ -10268,12 +11374,12 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl)
             }
         #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
 
-        if (ret != 0 && ret != WANT_WRITE)
+        if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
     }
 
@@ -10376,7 +11482,12 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
 #endif /* WOLFSSL_DTLS13 */
 
+#ifndef WOLFSSL_RW_THREADED
         return SendTls13KeyUpdate(ssl);
+#else
+        ssl->options.sendKeyUpdate = 1;
+        return 0;
+#endif
     }
 
     WOLFSSL_LEAVE("DoTls13KeyUpdate", ret);
@@ -10406,7 +11517,7 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl)
     WOLFSSL_ENTER("SendTls13EndOfEarlyData");
 
     length = 0;
-    sendSz = idx + length + MAX_MSG_EXTRA;
+    sendSz = (int)(idx + length + MAX_MSG_EXTRA);
     ssl->options.buildingMsg = 1;
 
     /* Check buffers are big enough and grow if needed. */
@@ -10434,6 +11545,8 @@ static int SendTls13EndOfEarlyData(WOLFSSL* ssl)
     if (!ssl->options.groupMessages)
         ret = SendBuffered(ssl);
 
+    ssl->earlyData = done_early_data;
+
     WOLFSSL_LEAVE("SendTls13EndOfEarlyData", ret);
     WOLFSSL_END(WC_FUNC_END_OF_EARLY_DATA_SEND);
 
@@ -10787,9 +11900,9 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
 {
     byte*  output;
     int    ret;
+    word32 length;
     int    sendSz;
     word16 extSz;
-    word32 length;
     word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
 
     WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_SEND);
@@ -10814,7 +11927,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
     }
     else
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ssl->error != WC_PENDING_E)
+        if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
     #endif
     {
             ssl->session->ticketNonce.data[0]++;
@@ -10860,7 +11973,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
     /* Nonce */
     length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ;
 
-    sendSz = idx + length + MAX_MSG_EXTRA;
+    sendSz = (word16)(idx + length + MAX_MSG_EXTRA);
 
     /* Check buffers are big enough and grow if needed. */
     if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
@@ -10916,6 +12029,10 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
     idx += EXTS_SZ;
 #endif
 
+    if (idx > WOLFSSL_MAX_16BIT) {
+        return BAD_LENGTH_E;
+    }
+
     ssl->options.haveSessionId = 1;
 
     SetupSession(ssl);
@@ -10928,12 +12045,15 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
 
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls)
-        return Dtls13HandshakeSend(ssl, output, sendSz, idx, session_ticket, 0);
+        return Dtls13HandshakeSend(ssl, output, (word16)sendSz,
+                                   (word16)idx, session_ticket, 0);
 #endif /* WOLFSSL_DTLS13 */
 
     /* This message is always encrypted. */
-    sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               idx - RECORD_HEADER_SZ, handshake, 0, 0, 0);
+    sendSz = BuildTls13Message(ssl, output, sendSz,
+                               output + RECORD_HEADER_SZ,
+                               (word16)idx - RECORD_HEADER_SZ,
+                               handshake, 0, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
@@ -11477,7 +12597,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 {
     int ret = 0, tmp;
     word32 inIdx = *inOutIdx;
-    int alertType = invalid_alert;
+    int alertType;
 #if defined(HAVE_ECH)
     TLSX* echX = NULL;
     word32 echInOutIdx;
@@ -11494,7 +12614,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     /* sanity check msg received */
     if ((ret = SanityCheckTls13MsgReceived(ssl, type)) != 0) {
         WOLFSSL_MSG("Sanity Check on handshake message type received failed");
-        if (ret == VERSION_ERROR)
+        if (ret == WC_NO_ERR_TRACE(VERSION_ERROR))
             SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);
         else
             SendAlert(ssl, alert_fatal, unexpected_message);
@@ -11602,7 +12722,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         #endif
                ) {
         #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-            if (ret != WC_PENDING_E && ret != OCSP_WANT_READ)
+            if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) &&
+                ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))
         #endif
             {
                 ssl->options.cacheMessages = 0;
@@ -11658,7 +12779,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #endif
 
 #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
-    defined(HAVE_ED448) || defined(HAVE_PQC)
+    defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
     case certificate_verify:
         WOLFSSL_MSG("processing certificate verify");
         ret = DoTls13CertificateVerify(ssl, input, inOutIdx, size);
@@ -11690,7 +12811,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO)
     /* if async, offset index so this msg will be processed again */
     /* NOTE: check this now before other calls can overwrite ret */
-    if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
+    if ((ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+         ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) && *inOutIdx > 0) {
         /* DTLS always stores a message in a buffer when async is enable, so we
          * don't need to adjust for the extra bytes here (*inOutIdx is always
          * == 0) */
@@ -11698,13 +12820,15 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     }
 
     /* make sure async error is cleared */
-    if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) {
+    if (ret == 0 &&
+        (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+         ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
         ssl->error = 0;
     }
 #endif
     if (ret == 0 && type != client_hello && type != session_ticket &&
                                                            type != key_update) {
-        ret = HashInput(ssl, input + inIdx, size);
+        ret = HashInput(ssl, input + inIdx, (int)size);
     }
 
     alertType = TranslateErrorToAlert(ret);
@@ -11717,7 +12841,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         tmp = SendAlert(ssl, alert_fatal, alertType);
         /* propagate socket error instead of tls error to be sure the error is
          * not ignored by DTLS code */
-        if (tmp == SOCKET_ERROR_E)
+        if (tmp == WC_NO_ERR_TRACE(SOCKET_ERROR_E))
             ret = SOCKET_ERROR_E;
     }
 
@@ -11776,7 +12900,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         #ifdef WOLFSSL_QUIC
                 if (WOLFSSL_IS_QUIC(ssl) && ssl->earlyData != no_early_data) {
                     /* QUIC never sends/receives EndOfEarlyData, but having
-                     * early data means the last encrpytion keys had not been
+                     * early data means the last encryption keys had not been
                      * set yet. */
                     if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
                         return ret;
@@ -11787,12 +12911,21 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                     ssl->earlyData == no_early_data)) != 0) {
                     return ret;
                 }
+                if (ssl->earlyData != no_early_data) {
+                    if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY,
+                                                                  1)) != 0) {
+                            return ret;
+                    }
+                }
         #else
                 if ((ret = DeriveTls13Keys(ssl, traffic_key,
                                         ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
                     return ret;
                 }
         #endif
+                /* Setup keys for application data messages. */
+                if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
+                    return ret;
             }
         #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
             if (type == certificate_request &&
@@ -11814,7 +12947,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
                 if (wolfSSL_connect_TLSv13(ssl) != WOLFSSL_SUCCESS) {
                     ret = ssl->error;
-                    if (ret != WC_PENDING_E)
+                    if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
                         ret = POST_HAND_AUTH_ERROR;
                 }
             }
@@ -11959,7 +13092,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 ssl->arrays->pendingMsgSz - HANDSHAKE_HEADER_SZ,
                                 ssl->arrays->pendingMsgSz);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 /* setup to process fragment again */
                 ssl->arrays->pendingMsgOffset -= inputLength;
                 *inOutIdx -= inputLength + ssl->keys.padSz;
@@ -12012,7 +13145,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
     }
 
     /* make sure this wolfSSL object has arrays and rng setup. Protects
-     * case where the WOLFSSL object is re-used via wolfSSL_clear() */
+     * case where the WOLFSSL object is reused via wolfSSL_clear() */
     if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) {
         return ret;
     }
@@ -12057,7 +13190,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* do not send buffered or advance state if last error was an
             async pending operation */
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         if ((ret = SendBuffered(ssl)) == 0) {
@@ -12132,7 +13265,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
             }
 
             ssl->options.connectState = CLIENT_HELLO_SENT;
-            WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
+            WOLFSSL_MSG("TLSv13 connect state: CLIENT_HELLO_SENT");
     #ifdef WOLFSSL_EARLY_DATA
             if (ssl->earlyData != no_early_data) {
         #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
@@ -12211,6 +13344,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
         case HELLO_AGAIN_REPLY:
             /* Get the response/s from the server. */
             while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) {
+#ifdef WOLFSSL_DTLS13
+                if (!IsAtLeastTLSv1_3(ssl->version)) {
+        #ifndef WOLFSSL_NO_TLS12
+                    if (ssl->options.downgrade)
+                        return wolfSSL_connect(ssl);
+        #endif
+                }
+#endif /* WOLFSSL_DTLS13 */
                 if ((ssl->error = ProcessReply(ssl)) < 0) {
                         WOLFSSL_ERROR(ssl->error);
                         return WOLFSSL_FATAL_ERROR;
@@ -12292,8 +13433,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
         case FIRST_REPLY_THIRD:
         #if (!defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
              defined(HAVE_ED25519) || defined(HAVE_ED448) || \
-             defined(HAVE_PQC))) && (!defined(NO_WOLFSSL_SERVER) || \
-             !defined(WOLFSSL_NO_CLIENT_AUTH))
+             defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))) && \
+             (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
             if (!ssl->options.resuming && ssl->options.sendVerify) {
                 ssl->error = SendTls13CertificateVerify(ssl);
                 if (ssl->error != 0) {
@@ -12504,15 +13645,16 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfSSL_AsyncPop(ssl, NULL);
-    if (ret != WC_NO_PENDING_E) {
+    if (ret != WC_NO_ERR_TRACE(WC_NO_PENDING_E)) {
         /* Check for error */
         if (ret < 0)
             return ret;
     }
 #endif
 
-#ifdef HAVE_PQC
-    if (WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
+#if defined(WOLFSSL_HAVE_KYBER)
+    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) ||
+        WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) {
 
         if (ssl->ctx != NULL && ssl->ctx->method != NULL &&
             !IsAtLeastTLSv1_3(ssl->version)) {
@@ -12520,10 +13662,11 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
         }
 
         if (ssl->options.side == WOLFSSL_SERVER_END) {
-            /* If I am the server of a KEM connection, do not do keygen because I'm
-             * going to encapsulate with the client's public key. Note that I might
-             * be the client and ssl->option.side has not been properly set yet. In
-             * that case the KeyGen operation will be deferred to connection time. */
+            /* If I am the server of a KEM connection, do not do keygen because
+             * I'm going to encapsulate with the client's public key. Note that
+             * I might be the client and ssl->option.side has not been properly
+             * set yet. In that case the KeyGen operation will be deferred to
+             * connection time. */
             return WOLFSSL_SUCCESS;
         }
     }
@@ -12563,6 +13706,30 @@ int wolfSSL_NoKeyShares(WOLFSSL* ssl)
 }
 #endif
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+int wolfSSL_UseCKS(WOLFSSL* ssl, byte *sigSpec, word16 sigSpecSz)
+{
+    if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->ctx->method->version) ||
+        sigSpec == NULL || sigSpecSz == 0)
+        return BAD_FUNC_ARG;
+
+    ssl->sigSpec = sigSpec;
+    ssl->sigSpecSz = sigSpecSz;
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_CTX_UseCKS(WOLFSSL_CTX* ctx, byte *sigSpec, word16 sigSpecSz)
+{
+    if (ctx == NULL || !IsAtLeastTLSv1_3(ctx->method->version) ||
+        sigSpec == NULL || sigSpecSz == 0)
+        return BAD_FUNC_ARG;
+
+    ctx->sigSpec = sigSpec;
+    ctx->sigSpecSz = sigSpecSz;
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Do not send a ticket after TLS v1.3 handshake for resumption.
  *
  * ctx  The SSL/TLS CTX object.
@@ -12706,7 +13873,7 @@ int wolfSSL_update_keys(WOLFSSL* ssl)
 {
     int ret;
     ret = Tls13UpdateKeys(ssl);
-    if (ret == WANT_WRITE)
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE))
         ret = WOLFSSL_ERROR_WANT_WRITE;
     else if (ret == 0)
         ret = WOLFSSL_SUCCESS;
@@ -12807,7 +13974,7 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
     ssl->msgsReceived.got_finished = 0;
 
     ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len);
-    if (ret == WANT_WRITE)
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE))
         ret = WOLFSSL_ERROR_WANT_WRITE;
     else if (ret == 0)
         ret = WOLFSSL_SUCCESS;
@@ -12849,86 +14016,6 @@ int wolfSSL_preferred_group(WOLFSSL* ssl)
 }
 #endif
 
-#if defined(HAVE_SUPPORTED_CURVES)
-/* Sets the key exchange groups in rank order on a context.
- *
- * ctx     SSL/TLS context object.
- * groups  Array of groups.
- * count   Number of groups in array.
- * returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3 or
- * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
- */
-int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
-{
-    int ret, i;
-
-    WOLFSSL_ENTER("wolfSSL_CTX_set_groups");
-    if (ctx == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
-        return BAD_FUNC_ARG;
-    if (!IsAtLeastTLSv1_3(ctx->method->version))
-        return BAD_FUNC_ARG;
-
-    ctx->numGroups = 0;
-    #if !defined(NO_TLS)
-    TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
-    #endif /* !NO_TLS */
-    for (i = 0; i < count; i++) {
-        /* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups
-         * are valid */
-        if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i]))
-                != WOLFSSL_SUCCESS) {
-    #if !defined(NO_TLS)
-            TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
-    #endif /* !NO_TLS */
-            return ret;
-        }
-        ctx->group[i] = (word16)groups[i];
-    }
-    ctx->numGroups = (byte)count;
-
-    return WOLFSSL_SUCCESS;
-}
-
-/* Sets the key exchange groups in rank order.
- *
- * ssl     SSL/TLS object.
- * groups  Array of groups.
- * count   Number of groups in array.
- * returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3 or
- * count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
- */
-int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
-{
-    int ret, i;
-
-    WOLFSSL_ENTER("wolfSSL_set_groups");
-    if (ssl == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
-        return BAD_FUNC_ARG;
-    if (!IsAtLeastTLSv1_3(ssl->version))
-        return BAD_FUNC_ARG;
-
-    ssl->numGroups = 0;
-    #if !defined(NO_TLS)
-    TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
-    #endif /* !NO_TLS */
-    for (i = 0; i < count; i++) {
-        /* Call to wolfSSL_UseSupportedCurve also checks if input groups
-                 * are valid */
-        if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i]))
-                != WOLFSSL_SUCCESS) {
-    #if !defined(NO_TLS)
-            TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
-    #endif /* !NO_TLS */
-            return ret;
-        }
-        ssl->group[i] = (word16)groups[i];
-    }
-    ssl->numGroups = (byte)count;
-
-    return WOLFSSL_SUCCESS;
-}
-#endif /* HAVE_SUPPORTED_CURVES */
-
 #ifndef NO_PSK
 /* Set the PSK callback, that is passed the cipher suite, for a client to use
  * against context object.
@@ -12979,8 +14066,7 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
 }
 
 /* Set the PSK callback that returns the cipher suite for a client to use
@@ -13032,8 +14118,7 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
 }
 
 /* Set the PSK callback that returns the cipher suite for a server to use
@@ -13082,8 +14167,7 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.haveAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
 }
 
 /* Get name of first supported cipher suite that uses the hash indicated.
@@ -13160,7 +14244,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
     }
 
     /* make sure this wolfSSL object has arrays and rng setup. Protects
-     * case where the WOLFSSL object is re-used via wolfSSL_clear() */
+     * case where the WOLFSSL object is reused via wolfSSL_clear() */
     if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) {
         return ret;
     }
@@ -13242,7 +14326,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* do not send buffered or advance state if last error was an
             async pending operation */
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
 
@@ -13490,7 +14574,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
 
         case TLS13_CERT_SENT :
 #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
-     defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_PQC))
+     defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \
+     defined(HAVE_DILITHIUM))
             if (!ssl->options.resuming && ssl->options.sendVerify) {
                 if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
                     WOLFSSL_ERROR(ssl->error);
@@ -13619,7 +14704,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
             WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS);
             return WOLFSSL_SUCCESS;
 
-        default :
+        default:
             WOLFSSL_MSG("Unknown accept state ERROR");
             return WOLFSSL_FATAL_ERROR;
     }
@@ -13774,7 +14859,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
         return SIDE_ERROR;
 
     if (ssl->options.handShakeState == NULL_STATE) {
-        if (ssl->error != WC_PENDING_E)
+        if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
             ssl->earlyData = expecting_early_data;
         ret = wolfSSL_connect_TLSv13(ssl);
         if (ret != WOLFSSL_SUCCESS)
@@ -13832,12 +14917,13 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
     if (!IsAtLeastTLSv1_3(ssl->version))
         return BAD_FUNC_ARG;
 
+    *outSz = 0;
 #ifndef NO_WOLFSSL_SERVER
     if (ssl->options.side == WOLFSSL_CLIENT_END)
         return SIDE_ERROR;
 
     if (ssl->options.handShakeState == NULL_STATE) {
-        if (ssl->error != WC_PENDING_E)
+        if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
             ssl->earlyData = expecting_early_data;
         /* this used to be: ret = wolfSSL_accept_TLSv13(ssl);
          * However, wolfSSL_accept_TLSv13() expects a certificate to
@@ -13849,10 +14935,10 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
             return WOLFSSL_FATAL_ERROR;
     }
     if (ssl->options.handShakeState == SERVER_FINISHED_COMPLETE) {
-        ret = ReceiveData(ssl, (byte*)data, sz, FALSE);
+        ret = ReceiveData(ssl, (byte*)data, (size_t)sz, FALSE);
         if (ret > 0)
             *outSz = ret;
-        if (ssl->error == ZERO_RETURN) {
+        if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
             ssl->error = WOLFSSL_ERROR_NONE;
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls) {
@@ -13933,6 +15019,7 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret,
 
     if (clientRandomSz <= 0) {
         printf("Error getting server random %d\n", clientRandomSz);
+        return BAD_FUNC_ARG;
     }
 
 #if 0
diff --git a/src/wolfio.c b/src/wolfio.c
index 4fee95835..e63595a55 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -1,6 +1,6 @@
 /* wolfio.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,15 +32,80 @@
 
 #ifndef WOLFCRYPT_ONLY
 
-#ifdef _WIN32_WCE
-    /* On WinCE winsock2.h must be included before windows.h for socket stuff */
-    #include <winsock2.h>
+#if defined(HAVE_ERRNO_H) && defined(WOLFSSL_NO_SOCK) && \
+    (defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT))
+    /* error codes are needed for TranslateIoReturnCode() and
+     * wolfIO_TcpConnect() even if defined(WOLFSSL_NO_SOCK), which inhibits
+     * inclusion of errno.h by wolfio.h.
+     */
+    #include <errno.h>
 #endif
 
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfio.h>
 
+#ifdef NUCLEUS_PLUS_2_3
+/* Holds last Nucleus networking error number */
+int Nucleus_Net_Errno;
+#endif
+
+#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
+    #ifdef USE_WINDOWS_API
+        #include <winsock2.h>
+    #else
+        #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
+        #elif defined(ARDUINO)
+        #elif defined(FREESCALE_MQX)
+        #elif defined(FREESCALE_KSDK_MQX)
+        #elif (defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET))
+        #elif defined(WOLFSSL_CMSIS_RTOS)
+        #elif defined(WOLFSSL_CMSIS_RTOSv2)
+        #elif defined(WOLFSSL_TIRTOS)
+        #elif defined(FREERTOS_TCP)
+        #elif defined(WOLFSSL_IAR_ARM)
+        #elif defined(HAVE_NETX_BSD)
+        #elif defined(WOLFSSL_VXWORKS)
+        #elif defined(WOLFSSL_NUCLEUS_1_2)
+        #elif defined(WOLFSSL_LINUXKM)
+            /* the requisite linux/net.h is included in wc_port.h, with incompatible warnings masked out. */
+        #elif defined(WOLFSSL_ATMEL)
+        #elif defined(INTIME_RTOS)
+            #include <netdb.h>
+        #elif defined(WOLFSSL_PRCONNECT_PRO)
+            #include <netdb.h>
+            #include <sys/ioctl.h>
+        #elif defined(WOLFSSL_SGX)
+        #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
+        #elif defined(WOLFSSL_DEOS)
+        #elif defined(WOLFSSL_ZEPHYR)
+        #elif defined(MICROCHIP_PIC32)
+        #elif defined(HAVE_NETX)
+        #elif defined(FUSION_RTOS)
+        #elif !defined(WOLFSSL_NO_SOCK)
+            #if defined(HAVE_RTP_SYS)
+            #elif defined(EBSNET)
+            #elif defined(NETOS)
+            #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
+                    && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
+                    && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
+                #ifdef HAVE_NETDB_H
+                    #include <netdb.h>
+                #endif
+                #ifdef __PPU
+                    #include <netex/errno.h>
+                #else
+                    #ifdef HAVE_SYS_IOCTL_H
+                        #include <sys/ioctl.h>
+                    #endif
+                #endif
+            #endif
+        #endif
+
+    #endif /* USE_WINDOWS_API */
+#endif /* defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) */
+
+
 #if defined(HAVE_HTTP_CLIENT)
     #include <stdlib.h>   /* strtol() */
 #endif
@@ -57,7 +122,7 @@ Possible IO enable options:
  *
  * DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER: This flag has effect only if
  * ASN_NO_TIME is enabled. If enabled invalid peers messages are ignored
- * indefinetely. If not enabled EmbedReceiveFrom will return timeout after
+ * indefinitely. If not enabled EmbedReceiveFrom will return timeout after
  * DTLS_RECEIVEFROM_MAX_INVALID_PEER number of packets from invalid peers. When
  * enabled, without a timer, EmbedReceivefrom can't check if the timeout is
  * expired and it may never return under a continuous flow of invalid packets.
@@ -77,63 +142,65 @@ Possible IO enable options:
 
 #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
 
-/* Translates return codes returned from
- * send() and recv() if need be.
- */
-static WC_INLINE int TranslateReturnCode(int old, int sd)
+static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd)
 {
     (void)sd;
 
-#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    if (old == 0) {
-        errno = SOCKET_EWOULDBLOCK;
-        return -1;  /* convert to BSD style wouldblock as error */
-    }
-
-    if (old < 0) {
-        errno = RTCS_geterror(sd);
-        if (errno == RTCSERR_TCP_CONN_CLOSING)
-            return 0;   /* convert to BSD style closing */
-        if (errno == RTCSERR_TCP_CONN_RLSD)
-            errno = SOCKET_ECONNRESET;
-        if (errno == RTCSERR_TCP_TIMED_OUT)
-            errno = SOCKET_EAGAIN;
-    }
-#endif
-
-    return old;
-}
-
-static WC_INLINE int wolfSSL_LastError(int err)
-{
-    (void)err; /* Suppress unused arg */
+    if (err > 0)
+        return 0;
 
 #ifdef USE_WINDOWS_API
     return WSAGetLastError();
 #elif defined(EBSNET)
     return xn_getlasterror();
-#elif defined(WOLFSSL_LINUXKM)
-    return err; /* Return provided error value */
+#elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET)
+    return -err; /* Return provided error value with corrected sign. */
 #elif defined(FUSION_RTOS)
     #include <fclerrno.h>
     return FCL_GET_ERRNO;
+#elif defined(NUCLEUS_PLUS_2_3)
+    return Nucleus_Net_Errno;
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+    if ((err == 0) || (err == -SOCKET_EWOULDBLOCK)) {
+        return SOCKET_EWOULDBLOCK; /* convert to BSD style wouldblock */
+    } else {
+        err = RTCS_geterror(sd);
+        if ((err == RTCSERR_TCP_CONN_CLOSING) ||
+            (err == RTCSERR_TCP_CONN_RLSD))
+        {
+            err = SOCKET_ECONNRESET;
+        }
+        return err;
+    }
+#elif defined(WOLFSSL_EMNET)
+    /* Get the real socket error */
+    IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &err, (int)sizeof(old));
+    return err;
 #else
     return errno;
 #endif
 }
 
-static int TranslateIoError(int err)
+/* Translates return codes returned from
+ * send(), recv(), and other network I/O calls.
+ */
+static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
 {
 #ifdef  _WIN32
     size_t errstr_offset;
     char errstr[WOLFSSL_STRERROR_BUFFER_SIZE];
 #endif /* _WIN32 */
 
-
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     if (err > 0)
         return err;
+#else
+    if (err >= 0)
+        return err;
+#endif
+
+    err = wolfSSL_LastError(err, sd);
 
-    err = wolfSSL_LastError(err);
 #if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN
     if ((err == SOCKET_EWOULDBLOCK) || (err == SOCKET_EAGAIN))
 #else
@@ -141,8 +208,26 @@ static int TranslateIoError(int err)
 #endif
     {
         WOLFSSL_MSG("\tWould block");
-        return WOLFSSL_CBIO_ERR_WANT_READ;
+        if (direction == SOCKET_SENDING)
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
+        else if (direction == SOCKET_RECEIVING)
+            return WOLFSSL_CBIO_ERR_WANT_READ;
+        else
+            return WOLFSSL_CBIO_ERR_GENERAL;
     }
+
+#ifdef SOCKET_ETIMEDOUT
+    else if (err == SOCKET_ETIMEDOUT) {
+        WOLFSSL_MSG("\tTimed out");
+        if (direction == SOCKET_SENDING)
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
+        else if (direction == SOCKET_RECEIVING)
+            return WOLFSSL_CBIO_ERR_WANT_READ;
+        else
+            return WOLFSSL_CBIO_ERR_TIMEOUT;
+    }
+#endif /* SOCKET_ETIMEDOUT */
+
     else if (err == SOCKET_ECONNRESET) {
         WOLFSSL_MSG("\tConnection reset");
         return WOLFSSL_CBIO_ERR_CONN_RST;
@@ -160,7 +245,7 @@ static int TranslateIoError(int err)
         return WOLFSSL_CBIO_ERR_CONN_CLOSE;
     }
 
-#if defined(_WIN32)
+#if defined(_WIN32) && !defined(__WATCOMC__)
     strcpy_s(errstr, sizeof(errstr), "\tGeneral error: ");
     errstr_offset = strlen(errstr);
     FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
@@ -172,7 +257,7 @@ static int TranslateIoError(int err)
         NULL);
     WOLFSSL_MSG(errstr);
 #else
-    WOLFSSL_MSG("\tGeneral error");
+    WOLFSSL_MSG_EX("\tGeneral error: %d", err);
 #endif
     return WOLFSSL_CBIO_ERR_GENERAL;
 }
@@ -180,6 +265,68 @@ static int TranslateIoError(int err)
 
 #ifdef OPENSSL_EXTRA
 #ifndef NO_BIO
+
+int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+    return SslBioSend(ssl, buf, sz, ctx);
+}
+
+int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    return SslBioReceive(ssl, buf, sz, ctx);
+}
+
+int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, char* buf,
+                       int sz)
+{
+    int recvd = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL);
+
+    WOLFSSL_ENTER("SslBioReceive");
+
+    if (biord == NULL) {
+        WOLFSSL_MSG("WOLFSSL biord not set");
+        return WOLFSSL_CBIO_ERR_GENERAL;
+    }
+
+    recvd = wolfSSL_BIO_read(biord, buf, sz);
+    if (recvd <= 0) {
+        if (/* ssl->biowr->wrIdx is checked for Bind9 */
+            wolfSSL_BIO_method_type(biowr) == WOLFSSL_BIO_BIO &&
+            wolfSSL_BIO_wpending(biowr) != 0 &&
+            /* Not sure this pending check is necessary but let's double
+             * check that the read BIO is empty before we signal a write
+             * need */
+            wolfSSL_BIO_supports_pending(biord) &&
+            wolfSSL_BIO_ctrl_pending(biord) == 0) {
+            /* Let's signal to the app layer that we have
+             * data pending that needs to be sent. */
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
+        }
+        else if (biord->type == WOLFSSL_BIO_SOCKET) {
+            if (recvd == 0) {
+                WOLFSSL_MSG("SslBioReceive connection closed");
+                return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+            }
+        #ifdef USE_WOLFSSL_IO
+            recvd = TranslateIoReturnCode(recvd, biord->num.fd,
+                                          SOCKET_RECEIVING);
+        #endif
+            return recvd;
+        }
+
+        /* If retry and read flags are set, return WANT_READ */
+        if ((biord->flags & WOLFSSL_BIO_FLAG_READ) &&
+            (biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
+            return WOLFSSL_CBIO_ERR_WANT_READ;
+        }
+
+        WOLFSSL_MSG("BIO general error");
+        return WOLFSSL_CBIO_ERR_GENERAL;
+    }
+
+    return recvd;
+}
+
 /* Use the WOLFSSL read BIO for receiving data. This is set by the function
  * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv.
  *
@@ -191,54 +338,11 @@ static int TranslateIoError(int err)
  *
  * returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values.
  */
-int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
-    int recvd = WOLFSSL_CBIO_ERR_GENERAL;
-
-    WOLFSSL_ENTER("BioReceive");
-
-    if (ssl->biord == NULL) {
-        WOLFSSL_MSG("WOLFSSL biord not set");
-        return WOLFSSL_CBIO_ERR_GENERAL;
-    }
-
-    recvd = wolfSSL_BIO_read(ssl->biord, buf, sz);
-    if (recvd <= 0) {
-        if (/* ssl->biowr->wrIdx is checked for Bind9 */
-            wolfSSL_BIO_method_type(ssl->biowr) == WOLFSSL_BIO_BIO &&
-            wolfSSL_BIO_wpending(ssl->biowr) != 0 &&
-            /* Not sure this pending check is necessary but let's double
-             * check that the read BIO is empty before we signal a write
-             * need */
-            wolfSSL_BIO_supports_pending(ssl->biord) &&
-            wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) {
-            /* Let's signal to the app layer that we have
-             * data pending that needs to be sent. */
-            return WOLFSSL_CBIO_ERR_WANT_WRITE;
-        }
-        else if (ssl->biord->type == WOLFSSL_BIO_SOCKET) {
-            if (recvd == 0) {
-                WOLFSSL_MSG("BioReceive connection closed");
-                return WOLFSSL_CBIO_ERR_CONN_CLOSE;
-            }
-        #ifdef USE_WOLFSSL_IO
-            recvd = TranslateIoError(recvd);
-        #endif
-            return recvd;
-        }
-
-        /* If retry and read flags are set, return WANT_READ */
-        if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) &&
-            (ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
-            return WOLFSSL_CBIO_ERR_WANT_READ;
-        }
-
-        WOLFSSL_MSG("BIO general error");
-        return WOLFSSL_CBIO_ERR_GENERAL;
-    }
-
+    WOLFSSL_ENTER("SslBioReceive");
     (void)ctx;
-    return recvd;
+    return BioReceiveInternal(ssl->biord, ssl->biowr, buf, sz);
 }
 
 
@@ -252,11 +356,11 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  *
  * returns the amount of data sent or want send. See WOLFSSL_CBIO_ERR_* values.
  */
-int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 {
-    int sent = WOLFSSL_CBIO_ERR_GENERAL;
+    int sent = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL);
 
-    WOLFSSL_ENTER("BioSend");
+    WOLFSSL_ENTER("SslBioSend");
 
     if (ssl->biowr == NULL) {
         WOLFSSL_MSG("WOLFSSL biowr not set");
@@ -267,7 +371,8 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     if (sent <= 0) {
         if (ssl->biowr->type == WOLFSSL_BIO_SOCKET) {
         #ifdef USE_WOLFSSL_IO
-            sent = TranslateIoError(sent);
+            sent = TranslateIoReturnCode(sent, ssl->biowr->num.fd,
+                                         SOCKET_SENDING);
         #endif
             return sent;
         }
@@ -311,7 +416,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
     recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags);
     if (recvd < 0) {
         WOLFSSL_MSG("Embed Receive error");
-        return TranslateIoError(recvd);
     }
     else if (recvd == 0) {
         WOLFSSL_MSG("Embed receive connection closed");
@@ -341,7 +445,6 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     sent = wolfIO_Send(sd, buf, sz, ssl->wflags);
     if (sent < 0) {
         WOLFSSL_MSG("Embed Send error");
-        return TranslateIoError(sent);
     }
 
     return sent;
@@ -352,6 +455,110 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 
 #include <wolfssl/wolfcrypt/sha.h>
 
+#if defined(NUCLEUS_PLUS_2_3)
+STATIC INT32 nucyassl_recv(INT sd, CHAR *buf, UINT16 sz, INT16 flags)
+{
+    int recvd;
+
+    /* Read data from socket */
+    recvd = NU_Recv(sd, buf, sz, flags);
+    if (recvd < 0) {
+        if (recvd == NU_NOT_CONNECTED) {
+            recvd = 0;
+        } else {
+            Nucleus_Net_Errno = recvd;
+            recvd = WOLFSSL_FATAL_ERROR;
+        }
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return (recvd);
+}
+
+
+STATIC int nucyassl_send(INT sd, CHAR *buf, UINT16 sz, INT16 flags)
+{
+    int sent;
+
+    /* Write data to socket */
+    sent = NU_Send(sd, buf, sz, flags);
+
+    if (sent < 0) {
+        Nucleus_Net_Errno = sent;
+        sent = WOLFSSL_FATAL_ERROR;
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return sent;
+}
+
+#define SELECT_FUNCTION     nucyassl_select
+
+int nucyassl_select(INT sd, UINT32 timeout)
+{
+    FD_SET readfs;
+    STATUS status;
+
+    /* Init fs data for socket */
+    NU_FD_Init(&readfs);
+    NU_FD_Set(sd, &readfs);
+
+    /* Wait for data to arrive */
+    status = NU_Select((sd + 1), &readfs, NU_NULL, NU_NULL,
+                            (timeout * NU_TICKS_PER_SECOND));
+
+    if (status < 0) {
+        Nucleus_Net_Errno = status;
+        status = WOLFSSL_FATAL_ERROR;
+    }
+
+    return status;
+}
+
+#define sockaddr_storage    addr_struct
+#define sockaddr            addr_struct
+
+STATIC INT32 nucyassl_recvfrom(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
+                              SOCKADDR *peer, XSOCKLENT *peersz)
+{
+    int recvd;
+
+    memset(peer, 0, sizeof(struct addr_struct));
+
+    recvd = NU_Recv_From(sd, buf, sz, flags, (struct addr_struct *) peer,
+                            (INT16*) peersz);
+    if (recvd < 0) {
+        Nucleus_Net_Errno = recvd;
+        recvd = WOLFSSL_FATAL_ERROR;
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return recvd;
+
+}
+
+STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
+                          const SOCKADDR *peer, INT16 peersz)
+{
+    int sent;
+
+    sent = NU_Send_To(sd, buf, sz, flags, (const struct addr_struct *) peer,
+                            peersz);
+
+    if (sent < 0) {
+        Nucleus_Net_Errno = sent;
+        sent = WOLFSSL_FATAL_ERROR;
+    } else {
+        Nucleus_Net_Errno = 0;
+    }
+
+    return sent;
+}
+#endif /* NUCLEUS_PLUS_2_3 */
+
 #ifndef DTLS_SENDTO_FUNCTION
     #define DTLS_SENDTO_FUNCTION sendto
 #endif
@@ -359,7 +566,7 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     #define DTLS_RECVFROM_FUNCTION recvfrom
 #endif
 
-static int sockAddrEqual(
+int sockAddrEqual(
     SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen)
 {
     if (aLen != bLen)
@@ -449,8 +656,18 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 #elif !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER)
     word32 invalidPeerPackets = 0;
 #endif
+    int newPeer = 0;
+    int ret = 0;
 
     WOLFSSL_ENTER("EmbedReceiveFrom");
+    (void)ret; /* possibly unused */
+
+    XMEMSET(&lclPeer, 0, sizeof(lclPeer));
+
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
 
     if (dtlsCtx->connected) {
         peer = NULL;
@@ -459,37 +676,49 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 #ifndef WOLFSSL_IPV6
         if (PeerIsIpv6((SOCKADDR_S*)dtlsCtx->peer.sa, dtlsCtx->peer.sz)) {
             WOLFSSL_MSG("ipv6 dtls peer set but no ipv6 support compiled");
-            return NOT_COMPILED_IN;
+            ret = WOLFSSL_CBIO_ERR_GENERAL;
         }
 #endif
         peer = &lclPeer;
-        XMEMSET(&lclPeer, 0, sizeof(lclPeer));
         peerSz = sizeof(lclPeer);
     }
     else {
         /* Store the peer address. It is used to calculate the DTLS cookie. */
-        if (dtlsCtx->peer.sa == NULL) {
-            dtlsCtx->peer.sa = (void*)XMALLOC(sizeof(SOCKADDR_S),
-                    ssl->heap, DYNAMIC_TYPE_SOCKADDR);
-            dtlsCtx->peer.sz = 0;
-            if (dtlsCtx->peer.sa != NULL)
-                dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S);
-            else
-                dtlsCtx->peer.bufSz = 0;
+        newPeer = dtlsCtx->peer.sa == NULL || !ssl->options.dtlsStateful;
+        peer = &lclPeer;
+        if (dtlsCtx->peer.sa != NULL) {
+            XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, MIN(sizeof(lclPeer),
+                    dtlsCtx->peer.sz));
         }
-        peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
-        peerSz = dtlsCtx->peer.bufSz;
+        peerSz = sizeof(lclPeer);
     }
 
+#ifdef WOLFSSL_RW_THREADED
+    /* We make a copy above to avoid holding the lock for the entire function */
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
+
+    if (ret != 0)
+        return ret;
+
     /* Don't use ssl->options.handShakeDone since it is true even if
      * we are in the process of renegotiation */
     doDtlsTimeout = ssl->options.handShakeState != HANDSHAKE_DONE;
 
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
-        doDtlsTimeout =
-            doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL ||
+        doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL;
+#ifdef WOLFSSL_RW_THREADED
+        ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+        if (ret != 0)
+            return ret;
+#endif
+        doDtlsTimeout = doDtlsTimeout ||
             (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL);
+#ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
     }
 #endif /* WOLFSSL_DTLS13 */
 
@@ -504,7 +733,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
                 start = LowResTimer();
             }
             else {
-                dtls_timeout -= LowResTimer() - start;
+                dtls_timeout -= (int) (LowResTimer() - start);
                 start = LowResTimer();
                 if (dtls_timeout < 0 || dtls_timeout > DTLS_TIMEOUT_MAX)
                     return WOLFSSL_CBIO_ERR_TIMEOUT;
@@ -534,7 +763,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             else
             #endif /* WOLFSSL_DTLS13 */
                 timeout.tv_sec = dtls_timeout;
-        #endif
+        #endif /* USE_WINDOWS_API */
             if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
                     sizeof(timeout)) != 0) {
                 WOLFSSL_MSG("setsockopt rcvtimeo failed");
@@ -554,34 +783,23 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
         }
 #endif /* !NO_ASN_TIME */
 
-        recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
-            (SOCKADDR*)peer, peer != NULL ? &peerSz : NULL);
-
-        /* From the RECV(2) man page
-         * The returned address is truncated if the buffer provided is too
-         * small; in this case, addrlen will return a value greater than was
-         * supplied to the call.
-         */
-        if (dtlsCtx->connected) {
-            /* No need to sanitize the value of peerSz */
-        }
-        else if (dtlsCtx->userSet) {
-            /* Truncate peer size */
-            if (peerSz > (XSOCKLENT)sizeof(lclPeer))
-                peerSz = (XSOCKLENT)sizeof(lclPeer);
-        }
-        else {
-            /* Truncate peer size */
-            if (peerSz > (XSOCKLENT)dtlsCtx->peer.bufSz)
-                peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz;
+        {
+            XSOCKLENT inPeerSz = peerSz;
+            recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz,
+                 ssl->rflags, (SOCKADDR*)peer, peer != NULL ? &inPeerSz : NULL);
+            /* Truncate peerSz. From the RECV(2) man page
+             * The returned address is truncated if the buffer provided is too
+             * small; in this case, addrlen will return a value greater than was
+             * supplied to the call.
+             */
+            peerSz = MIN(peerSz, inPeerSz);
         }
 
-        recvd = TranslateReturnCode(recvd, sd);
+        recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
         if (recvd < 0) {
             WOLFSSL_MSG("Embed Receive From error");
-            recvd = TranslateIoError(recvd);
-            if (recvd == WOLFSSL_CBIO_ERR_WANT_READ &&
+            if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) &&
                 !wolfSSL_dtls_get_using_nonblock(ssl)) {
                 recvd = WOLFSSL_CBIO_ERR_TIMEOUT;
             }
@@ -603,11 +821,23 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
         }
         else if (dtlsCtx->userSet) {
             /* Check we received the packet from the correct peer */
+            int ignore = 0;
+#ifdef WOLFSSL_RW_THREADED
+            if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
             if (dtlsCtx->peer.sz > 0 &&
                 (peerSz != (XSOCKLENT)dtlsCtx->peer.sz ||
                     !sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
                         dtlsCtx->peer.sz))) {
                 WOLFSSL_MSG("    Ignored packet from invalid peer");
+                ignore = 1;
+            }
+#ifdef WOLFSSL_RW_THREADED
+            if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
+            if (ignore) {
 #if defined(NO_ASN_TIME) &&                                                    \
     !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER)
                 if (doDtlsTimeout) {
@@ -622,8 +852,30 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             }
         }
         else {
-            /* Store size of saved address */
-            dtlsCtx->peer.sz = peerSz;
+            if (newPeer) {
+                /* Store size of saved address. Locking handled internally. */
+                if (wolfSSL_dtls_set_peer(ssl, peer, peerSz) != WOLFSSL_SUCCESS)
+                    return WOLFSSL_CBIO_ERR_GENERAL;
+            }
+#ifndef WOLFSSL_PEER_ADDRESS_CHANGES
+            else {
+                ret = 0;
+    #ifdef WOLFSSL_RW_THREADED
+                if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                    return WOLFSSL_CBIO_ERR_GENERAL;
+    #endif /* WOLFSSL_RW_THREADED */
+                if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
+                                    dtlsCtx->peer.sz)) {
+                    ret = WOLFSSL_CBIO_ERR_GENERAL;
+                }
+    #ifdef WOLFSSL_RW_THREADED
+                if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                    return WOLFSSL_CBIO_ERR_GENERAL;
+    #endif /* WOLFSSL_RW_THREADED */
+                if (ret != 0)
+                    return ret;
+            }
+#endif /* !WOLFSSL_PEER_ADDRESS_CHANGES */
         }
 #ifndef NO_ASN_TIME
         ssl->dtls_start_timeout = 0;
@@ -662,14 +914,13 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 #endif
     }
 
-    sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, sz, ssl->wflags,
+    sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, ssl->wflags,
             (const SOCKADDR*)peer, peerSz);
 
-    sent = TranslateReturnCode(sent, sd);
+    sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING);
 
     if (sent < 0) {
         WOLFSSL_MSG("Embed Send To error");
-        return TranslateIoError(sent);
     }
 
     return sent;
@@ -689,18 +940,16 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 
     WOLFSSL_ENTER("EmbedReceiveFromMcast");
 
-    recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags, NULL, NULL);
+    recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, NULL, NULL);
 
-    recvd = TranslateReturnCode(recvd, sd);
+    recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
     if (recvd < 0) {
         WOLFSSL_MSG("Embed Receive From error");
-        recvd = TranslateIoError(recvd);
-        if (recvd == WOLFSSL_CBIO_ERR_WANT_READ &&
+        if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) &&
             !wolfSSL_dtls_get_using_nonblock(ssl)) {
             recvd = WOLFSSL_CBIO_ERR_TIMEOUT;
         }
-        return recvd;
     }
 
     return recvd;
@@ -733,7 +982,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
 
     if (sz > WC_SHA256_DIGEST_SIZE)
         sz = WC_SHA256_DIGEST_SIZE;
-    XMEMCPY(buf, digest, sz);
+    XMEMCPY(buf, digest, (size_t)sz);
 
     return sz;
 }
@@ -810,7 +1059,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
                 }
                 ((SOCKADDR_IN*)&addr)->sin_port = XHTONS(port);
 
-                /* peer sa is free'd in SSL_ResourceFree */
+                /* peer sa is free'd in wolfSSL_ResourceFree */
                 if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN*)&addr,
                                           sizeof(SOCKADDR_IN)))!= WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Import DTLS peer info error");
@@ -827,7 +1076,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
                 }
                 ((SOCKADDR_IN6*)&addr)->sin6_port = XHTONS(port);
 
-                /* peer sa is free'd in SSL_ResourceFree */
+                /* peer sa is free'd in wolfSSL_ResourceFree */
                 if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN6*)&addr,
                                          sizeof(SOCKADDR_IN6)))!= WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Import DTLS peer info error");
@@ -843,7 +1092,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
 
         return WOLFSSL_SUCCESS;
     }
-#endif
+#endif /* WOLFSSL_DTLS */
 
     /* get the peer information in human readable form (ip, port, family)
      * default function assumes BSD sockets
@@ -927,8 +1176,8 @@ int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags)
 {
     int recvd;
 
-    recvd = (int)RECV_FUNCTION(sd, buf, sz, rdFlags);
-    recvd = TranslateReturnCode(recvd, (int)sd);
+    recvd = (int)RECV_FUNCTION(sd, buf, (size_t)sz, rdFlags);
+    recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
     return recvd;
 }
@@ -937,12 +1186,42 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
 {
     int sent;
 
-    sent = (int)SEND_FUNCTION(sd, buf, sz, wrFlags);
-    sent = TranslateReturnCode(sent, (int)sd);
+    sent = (int)SEND_FUNCTION(sd, buf, (size_t)sz, wrFlags);
+    sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING);
 
     return sent;
 }
 
+#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA)
+
+int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags)
+{
+    int recvd;
+    socklen_t addr_len = (socklen_t)sizeof(*addr);
+
+    recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags,
+                                            addr ? &addr->sa : NULL,
+                                            addr ? &addr_len : 0);
+    recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
+
+    return recvd;
+}
+
+int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags)
+{
+    int sent;
+    socklen_t addr_len = addr ? wolfSSL_BIO_ADDR_size(addr) : 0;
+
+    sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags,
+                                         addr ? &addr->sa : NULL,
+                                         addr_len);
+    sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING);
+
+    return sent;
+}
+
+#endif /* WOLFSSL_HAVE_BIO_ADDR && WOLFSSL_DTLS && OPENSSL_EXTRA */
+
 #endif /* USE_WOLFSSL_IO */
 
 
@@ -971,7 +1250,10 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
         unsigned long blocking = non_blocking;
         ret = ioctlsocket(sockfd, FIONBIO, &blocking);
         if (ret == SOCKET_ERROR)
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
+    #elif defined(__WATCOMC__) && defined(__OS2__)
+        if (ioctl(sockfd, FIONBIO, &non_blocking) == -1)
+            ret = WOLFSSL_FATAL_ERROR;
     #else
         ret = fcntl(sockfd, F_GETFL, 0);
         if (ret >= 0) {
@@ -1001,7 +1283,7 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
 
         if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) {
             WOLFSSL_MSG("socket fd out of FDSET range");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #endif
 
@@ -1011,9 +1293,9 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
 
         ret = select(nfds, &rfds, &wfds, NULL, &timeout);
         if (ret == 0) {
-        #ifdef DEBUG_HTTP
+    #ifdef DEBUG_HTTP
             fprintf(stderr, "Timeout: %d\n", ret);
-        #endif
+    #endif
             return HTTP_TIMEOUT;
         }
         else if (ret > 0) {
@@ -1029,9 +1311,9 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
     }
 #endif /* HAVE_IO_TIMEOUT */
 
-static int wolfIO_Word16ToString(char* d, word16 number)
+static word32 wolfIO_Word16ToString(char* d, word16 number)
 {
-    int i = 0;
+    word32 i = 0;
     word16 order = 10000;
     word16 digit;
 
@@ -1046,7 +1328,7 @@ static int wolfIO_Word16ToString(char* d, word16 number)
             if (i > 0 || digit != 0)
                 d[i++] = (char)digit + '0';
             if (digit != 0)
-                number %= digit * order;
+                number = (word16) (number % (digit * order));
 
             order = (order > 1) ? order / 10 : 0;
         }
@@ -1061,7 +1343,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #ifdef HAVE_SOCKADDR
     int ret = 0;
     SOCKADDR_S addr;
-    int sockaddr_len;
+    socklen_t sockaddr_len;
 #if defined(HAVE_GETADDRINFO)
     /* use getaddrinfo */
     ADDRINFO hints;
@@ -1078,16 +1360,16 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #else
     HOSTENT *entry;
 #endif
-#endif
+#endif /* !WOLFSSL_USE_POPEN_HOST */
 #ifdef WOLFSSL_IPV6
     SOCKADDR_IN6 *sin;
 #else
     SOCKADDR_IN *sin;
-#endif
-#endif /* HAVE_SOCKADDR */
+#endif /* WOLFSSL_IPV6 */
+#endif /* HAVE_GETADDRINFO */
 
     if (sockfd == NULL || ip == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #if !defined(HAVE_GETADDRINFO)
@@ -1095,8 +1377,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     sockaddr_len = sizeof(SOCKADDR_IN6);
 #else
     sockaddr_len = sizeof(SOCKADDR_IN);
-#endif
-#endif
+#endif /* WOLFSSL_IPV6 */
+#endif /* !HAVE_GETADDRINFO */
     XMEMSET(&addr, 0, sizeof(addr));
 
 #ifdef WOLFIO_DEBUG
@@ -1116,16 +1398,16 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 
     if (wolfIO_Word16ToString(strPort, port) == 0) {
         WOLFSSL_MSG("invalid port number for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
         WOLFSSL_MSG("no addr info for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sockaddr_len = answer->ai_addrlen;
-    XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
+    XMEMCPY(&addr, answer->ai_addr, (size_t)sockaddr_len);
     freeaddrinfo(answer);
 #elif defined(WOLFSSL_USE_POPEN_HOST) && !defined(WOLFSSL_IPV6)
     {
@@ -1185,7 +1467,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
         }
         else {
             WOLFSSL_MSG("no addr info for responder");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #else
@@ -1214,7 +1496,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
         sin = (SOCKADDR_IN *)&addr;
         sin->sin_family = AF_INET;
         sin->sin_port = XHTONS(port);
-        XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], entry->h_length);
+        XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
+                (size_t)entry->h_length);
     #endif
     }
 
@@ -1225,7 +1508,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 
     if (entry == NULL) {
         WOLFSSL_MSG("no addr info for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -1238,7 +1521,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     {
         WOLFSSL_MSG("bad socket fd, out of fds?");
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef HAVE_IO_TIMEOUT
@@ -1248,13 +1531,14 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     }
 #else
     (void)to_sec;
-#endif
+#endif /* HAVE_IO_TIMEOUT */
 
     ret = connect(*sockfd, (SOCKADDR *)&addr, sockaddr_len);
 #ifdef HAVE_IO_TIMEOUT
     if ((ret != 0) && (to_sec > 0)) {
 #ifdef USE_WINDOWS_API
-        if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret) == WSAEWOULDBLOCK))
+        if ((ret == SOCKET_ERROR) &&
+            (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK))
 #else
         if (errno == EINPROGRESS)
 #endif
@@ -1266,12 +1550,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
             wolfIO_SetBlockingMode(*sockfd, 0);
         }
     }
-#endif
+#endif /* HAVE_IO_TIMEOUT */
     if (ret != 0) {
         WOLFSSL_MSG("Responder tcp connect failed");
         CloseSocket(*sockfd);
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return ret;
 #else
@@ -1279,7 +1563,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     (void)ip;
     (void)port;
     (void)to_sec;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 #endif /* HAVE_SOCKADDR */
 }
 
@@ -1288,11 +1572,11 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
 #ifdef HAVE_SOCKADDR
     int ret = 0;
     SOCKADDR_S addr;
-    int sockaddr_len = sizeof(SOCKADDR_IN);
+    socklen_t sockaddr_len = sizeof(SOCKADDR_IN);
     SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr;
 
     if (sockfd == NULL || port < 1) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMSET(&addr, 0, sizeof(addr));
@@ -1310,7 +1594,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
     {
         WOLFSSL_MSG("socket failed");
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
@@ -1331,14 +1615,14 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
         WOLFSSL_MSG("wolfIO_TcpBind failed");
         CloseSocket(*sockfd);
         *sockfd = SOCKET_INVALID;
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
 #else
     (void)sockfd;
     (void)port;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 #endif /* HAVE_SOCKADDR */
 }
 
@@ -1409,14 +1693,17 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
             word32 bigPort = 0;
             i = 0;
             cur++;
+
+            XMEMSET(port, 0, sizeof(port));
+
             while (i < 6 && cur < urlSz && url[cur] != 0 && url[cur] != '/') {
                 port[i] = url[cur];
                 i++; cur++;
             }
 
             for (j = 0; j < i; j++) {
-                if (port[j] < '0' || port[j] > '9') return -1;
-                bigPort = (bigPort * 10) + (port[j] - '0');
+                if (port[j] < '0' || port[j] > '9') return WOLFSSL_FATAL_ERROR;
+                bigPort = (bigPort * 10) + (word32)(port[j] - '0');
             }
             if (outPort)
                 *outPort = (word16)bigPort;
@@ -1446,8 +1733,9 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
     return result;
 }
 
-static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
-    int* recvBufSz, int chunkSz, char* start, int len, int dynType, void* heap)
+static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb,
+    void* ioCbCtx, byte **recvBuf, int* recvBufSz, int chunkSz, char* start,
+    int len, int dynType, void* heap)
 {
     byte* newRecvBuf = NULL;
     int newRecvSz = *recvBufSz + chunkSz;
@@ -1471,7 +1759,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
         return MEMORY_E;
     }
 
-    newRecvBuf = (byte*)XMALLOC(newRecvSz, heap, dynType);
+    newRecvBuf = (byte*)XMALLOC((size_t)newRecvSz, heap, dynType);
     if (newRecvBuf == NULL) {
         WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf malloc failed");
         return MEMORY_E;
@@ -1479,7 +1767,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
 
     /* if buffer already exists, then we are growing it */
     if (*recvBuf) {
-        XMEMCPY(&newRecvBuf[pos], *recvBuf, *recvBufSz);
+        XMEMCPY(&newRecvBuf[pos], *recvBuf, (size_t) *recvBufSz);
         XFREE(*recvBuf, heap, dynType);
         pos += *recvBufSz;
         *recvBuf = NULL;
@@ -1488,19 +1776,19 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
     /* copy the remainder of the httpBuf into the respBuf */
     if (len != 0) {
         if (pos + len <= newRecvSz) {
-            XMEMCPY(&newRecvBuf[pos], start, len);
+            XMEMCPY(&newRecvBuf[pos], start, (size_t)len);
             pos += len;
         }
         else {
             WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf bad size");
             XFREE(newRecvBuf, heap, dynType);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
     /* receive the remainder of chunk */
     while (len < chunkSz) {
-        int rxSz = wolfIO_Recv(sfd, (char*)&newRecvBuf[pos], chunkSz-len, 0);
+        int rxSz = ioCb((char*)&newRecvBuf[pos], chunkSz-len, ioCbCtx);
         if (rxSz > 0) {
             len += rxSz;
             pos += rxSz;
@@ -1508,7 +1796,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
         else {
             WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf recv failed");
             XFREE(newRecvBuf, heap, dynType);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1518,8 +1806,9 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
     return 0;
 }
 
-int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
-    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
+int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb,
+    void* ioCbCtx, const char** appStrList, unsigned char** respBuf,
+    unsigned char* httpBuf, int httpBufSz, int dynType, void* heap)
 {
     static const char HTTP_PROTO[] = "HTTP/1.";
     static const char HTTP_STATUS_200[] = "200";
@@ -1540,8 +1829,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
     do {
         if (state == phr_get_chunk_data) {
             /* get chunk of data */
-            result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz,
-                chunkSz, start, len, dynType, heap);
+            result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
+                &respBufSz, chunkSz, start, len, dynType, heap);
 
             state = (result != 0) ? phr_http_end : phr_get_chunk_len;
             end = NULL;
@@ -1550,16 +1839,19 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
 
         /* read data if no \r\n or first time */
         if ((start == NULL) || (end == NULL)) {
-            result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
+            if (httpBufSz < len + 1) {
+                return BUFFER_ERROR; /* can't happen, but Coverity thinks it
+                                      * can.
+                                      */
+            }
+            result = ioCb((char*)httpBuf+len, httpBufSz-len-1, ioCbCtx);
             if (result > 0) {
                 len += result;
                 start = (char*)httpBuf;
                 start[len] = 0;
             }
             else {
-                result = TranslateReturnCode(result, sfd);
-                result = wolfSSL_LastError(result);
-                if (result == SOCKET_EWOULDBLOCK || result == SOCKET_EAGAIN) {
+                if (result == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                     return OCSP_WANT_READ;
                 }
 
@@ -1572,7 +1864,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
         /* handle incomplete rx */
         if (end == NULL) {
             if (len != 0)
-                XMEMMOVE(httpBuf, start, len);
+                XMEMMOVE(httpBuf, start, (size_t)len);
             start = end = NULL;
         }
         /* when start is "\r\n" */
@@ -1678,8 +1970,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
     } while (state != phr_http_end);
 
     if (!isChunked) {
-        result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, chunkSz,
-                                                    start, len, dynType, heap);
+        result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
+                &respBufSz, chunkSz, start, len, dynType, heap);
     }
 
     if (result >= 0) {
@@ -1691,6 +1983,22 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
 
     return result;
 }
+
+static int httpResponseIoCb(char* buf, int sz, void* ctx)
+{
+    /* Double cast to silence the compiler int/pointer width msg */
+    return wolfIO_Recv((SOCKET_T)(uintptr_t)ctx, buf, sz, 0);
+}
+
+int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
+    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
+{
+    return wolfIO_HttpProcessResponseGenericIO(httpResponseIoCb,
+            /* Double cast to silence the compiler int/pointer width msg */
+            (void*)(uintptr_t)sfd, appStrList, respBuf, httpBuf, httpBufSz,
+            dynType, heap);
+}
+
 int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
                                const char *path, int pathLen, int reqSz, const char *contentType,
                                byte *buf, int bufSize)
@@ -1698,7 +2006,7 @@ int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
     return wolfIO_HttpBuildRequest_ex(reqType, domainName, path, pathLen, reqSz, contentType, "", buf, bufSize);
 }
 
-    int wolfIO_HttpBuildRequest_ex(const char *reqType, const char *domainName,
+int wolfIO_HttpBuildRequest_ex(const char *reqType, const char *domainName,
                                 const char *path, int pathLen, int reqSz, const char *contentType,
                                 const char *exHdrs, byte *buf, int bufSize)
     {
@@ -1740,7 +2048,7 @@ int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
     maxLen =
         reqTypeLen +
         blankStrLen +
-        pathLen +
+        (word32)pathLen +
         http11StrLen +
         hostStrLen +
         domainNameLen +
@@ -1751,46 +2059,46 @@ int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
         singleCrLfStrLen +
         exHdrsLen +
         doubleCrLfStrLen +
-        1 /* null term */;
+        (word32)1 /* null term */;
     if (maxLen > (word32)bufSize)
         return 0;
 
-    XSTRNCPY((char*)buf, reqType, bufSize);
-    buf += reqTypeLen; bufSize -= reqTypeLen;
-    XSTRNCPY((char*)buf, blankStr, bufSize);
-    buf += blankStrLen; bufSize -= blankStrLen;
-    XSTRNCPY((char*)buf, path, bufSize);
-    buf += pathLen; bufSize -= pathLen;
-    XSTRNCPY((char*)buf, http11Str, bufSize);
-    buf += http11StrLen; bufSize -= http11StrLen;
+    XSTRNCPY((char*)buf, reqType, (size_t)bufSize);
+    buf += reqTypeLen; bufSize -= (int)reqTypeLen;
+    XSTRNCPY((char*)buf, blankStr, (size_t)bufSize);
+    buf += blankStrLen; bufSize -= (int)blankStrLen;
+    XSTRNCPY((char*)buf, path, (size_t)bufSize);
+    buf += pathLen; bufSize -= (int)pathLen;
+    XSTRNCPY((char*)buf, http11Str, (size_t)bufSize);
+    buf += http11StrLen; bufSize -= (int)http11StrLen;
     if (domainNameLen > 0) {
-        XSTRNCPY((char*)buf, hostStr, bufSize);
-        buf += hostStrLen; bufSize -= hostStrLen;
-        XSTRNCPY((char*)buf, domainName, bufSize);
-        buf += domainNameLen; bufSize -= domainNameLen;
+        XSTRNCPY((char*)buf, hostStr, (size_t)bufSize);
+        buf += hostStrLen; bufSize -= (int)hostStrLen;
+        XSTRNCPY((char*)buf, domainName, (size_t)bufSize);
+        buf += domainNameLen; bufSize -= (int)domainNameLen;
     }
     if (reqSz > 0 && reqSzStrLen > 0) {
-        XSTRNCPY((char*)buf, contentLenStr, bufSize);
-        buf += contentLenStrLen; bufSize -= contentLenStrLen;
-        XSTRNCPY((char*)buf, reqSzStr, bufSize);
-        buf += reqSzStrLen; bufSize -= reqSzStrLen;
+        XSTRNCPY((char*)buf, contentLenStr, (size_t)bufSize);
+        buf += contentLenStrLen; bufSize -= (int)contentLenStrLen;
+        XSTRNCPY((char*)buf, reqSzStr, (size_t)bufSize);
+        buf += reqSzStrLen; bufSize -= (int)reqSzStrLen;
     }
     if (contentTypeLen > 0) {
-        XSTRNCPY((char*)buf, contentTypeStr, bufSize);
-        buf += contentTypeStrLen; bufSize -= contentTypeStrLen;
-        XSTRNCPY((char*)buf, contentType, bufSize);
-        buf += contentTypeLen; bufSize -= contentTypeLen;
+        XSTRNCPY((char*)buf, contentTypeStr, (size_t)bufSize);
+        buf += contentTypeStrLen; bufSize -= (int)contentTypeStrLen;
+        XSTRNCPY((char*)buf, contentType, (size_t)bufSize);
+        buf += contentTypeLen; bufSize -= (int)contentTypeLen;
     }
     if (exHdrsLen > 0)
     {
-        XSTRNCPY((char *)buf, singleCrLfStr, bufSize);
+        XSTRNCPY((char *)buf, singleCrLfStr, (size_t)bufSize);
         buf += singleCrLfStrLen;
-        bufSize -= singleCrLfStrLen;
-        XSTRNCPY((char *)buf, exHdrs, bufSize);
+        bufSize -= (int)singleCrLfStrLen;
+        XSTRNCPY((char *)buf, exHdrs, (size_t)bufSize);
         buf += exHdrsLen;
-        bufSize -= exHdrsLen;
+        bufSize -= (int)exHdrsLen;
     }
-    XSTRNCPY((char*)buf, doubleCrLfStr, bufSize);
+    XSTRNCPY((char*)buf, doubleCrLfStr, (size_t)bufSize);
     buf += doubleCrLfStrLen;
 
 #ifdef WOLFIO_DEBUG
@@ -1812,17 +2120,25 @@ int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
         ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize);
 }
 
+static const char* ocspAppStrList[] = {
+    "application/ocsp-response",
+    NULL
+};
+
+WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+    WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
+    unsigned char* httpBuf, int httpBufSz, void* heap)
+{
+    return wolfIO_HttpProcessResponseGenericIO(ioCb, ioCbCtx,
+          ocspAppStrList, respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
+}
+
 /* return: >0 OCSP Response Size
  *         -1 error */
 int wolfIO_HttpProcessResponseOcsp(int sfd, byte** respBuf,
                                        byte* httpBuf, int httpBufSz, void* heap)
 {
-    const char* appStrList[] = {
-        "application/ocsp-response",
-        NULL
-    };
-
-    return wolfIO_HttpProcessResponse(sfd, appStrList,
+    return wolfIO_HttpProcessResponse(sfd, ocspAppStrList,
         respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
 }
 
@@ -1867,7 +2183,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
         /* Note, the library uses the EmbedOcspRespFree() callback to
          * free this buffer. */
         int   httpBufSz = HTTP_SCRATCH_BUFFER_SIZE;
-        byte* httpBuf   = (byte*)XMALLOC(httpBufSz, ctx, DYNAMIC_TYPE_OCSP);
+        byte* httpBuf   = (byte*)XMALLOC((size_t)httpBufSz, ctx, DYNAMIC_TYPE_OCSP);
 
         if (httpBuf == NULL) {
             WOLFSSL_MSG("Unable to create OCSP response buffer");
@@ -1909,8 +2225,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
 /* in default callback ctx is heap hint */
 void EmbedOcspRespFree(void* ctx, byte *resp)
 {
-    if (resp)
-        XFREE(resp, ctx, DYNAMIC_TYPE_OCSP);
+    XFREE(resp, ctx, DYNAMIC_TYPE_OCSP);
 
     (void)ctx;
 }
@@ -1974,7 +2289,7 @@ int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz)
     }
     else {
         int   httpBufSz = HTTP_SCRATCH_BUFFER_SIZE;
-        byte* httpBuf   = (byte*)XMALLOC(httpBufSz, crl->heap,
+        byte* httpBuf   = (byte*)XMALLOC((size_t)httpBufSz, crl->heap,
                                                               DYNAMIC_TYPE_CRL);
         if (httpBuf == NULL) {
             WOLFSSL_MSG("Unable to create CRL response buffer");
@@ -2058,6 +2373,20 @@ void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend)
     }
 }
 
+void wolfSSL_SSLDisableRead(WOLFSSL *ssl)
+{
+    if (ssl) {
+        ssl->options.disableRead = 1;
+    }
+}
+
+void wolfSSL_SSLEnableRead(WOLFSSL *ssl)
+{
+    if (ssl) {
+        ssl->options.disableRead = 0;
+    }
+}
+
 
 void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx)
 {
@@ -2343,7 +2672,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             }
         }
     }
-    #endif
+    #endif /* WOLFSSL_DTLS */
 
     ret = NetSock_RxData(sd, buf, sz, ssl->rflags, &err);
     if (ret < 0) {
@@ -2795,7 +3124,7 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
 {
     uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx;
     if (!ctx || !ctx->ssl_rx_databuf)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     (void)ssl;
     if (ctx->ssl_rb_len > 0) {
         if (sz > ctx->ssl_rb_len - ctx->ssl_rb_off)
@@ -2947,7 +3276,7 @@ int LwIPNativeSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 
     ret = tcp_write(nlwip->pcb, buf, sz, TCP_WRITE_FLAG_COPY);
     if (ret != ERR_OK) {
-        sz = -1;
+        sz = WOLFSSL_FATAL_ERROR;
     }
 
     return sz;
@@ -3095,7 +3424,7 @@ int wolfSSL_SetIO_LwIP(WOLFSSL* ssl, void* pcb,
 
     return ERR_OK;
 }
-#endif
+#endif /* WOLFSSL_LWIP_NATIVE */
 
 #ifdef WOLFSSL_ISOTP
 static int isotp_send_single_frame(struct isotp_wolfssl_ctx *ctx, char *buf,
@@ -3480,5 +3809,5 @@ int wolfSSL_SetIO_ISOTP(WOLFSSL *ssl, isotp_wolfssl_ctx *ctx,
     }
     return 0;
 }
-#endif
+#endif /* WOLFSSL_ISOTP */
 #endif /* WOLFCRYPT_ONLY */
diff --git a/src/x509.c b/src/x509.c
index a1c4fc4db..fec65d621 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -1,6 +1,6 @@
 /* x509.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,10 +49,10 @@ unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509)
 
     if (x509 != NULL) {
         if (x509->keyUsageSet) {
-            flags |= EXFLAG_KUSAGE;
+            flags |= WOLFSSL_EXFLAG_KUSAGE;
         }
         if (x509->extKeyUsageSrc != NULL) {
-            flags |= EXFLAG_XKUSAGE;
+            flags |= WOLFSSL_EXFLAG_XKUSAGE;
         }
     }
 
@@ -92,19 +92,19 @@ unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509)
 
     if (x509 != NULL) {
         if (x509->extKeyUsage & EXTKEYUSE_OCSP_SIGN)
-            ret |= XKU_OCSP_SIGN;
+            ret |= WOLFSSL_XKU_OCSP_SIGN;
         if (x509->extKeyUsage & EXTKEYUSE_TIMESTAMP)
-            ret |= XKU_TIMESTAMP;
+            ret |= WOLFSSL_XKU_TIMESTAMP;
         if (x509->extKeyUsage & EXTKEYUSE_EMAILPROT)
-            ret |= XKU_SMIME;
+            ret |= WOLFSSL_XKU_SMIME;
         if (x509->extKeyUsage & EXTKEYUSE_CODESIGN)
-            ret |= XKU_CODE_SIGN;
+            ret |= WOLFSSL_XKU_CODE_SIGN;
         if (x509->extKeyUsage & EXTKEYUSE_CLIENT_AUTH)
-            ret |= XKU_SSL_CLIENT;
+            ret |= WOLFSSL_XKU_SSL_CLIENT;
         if (x509->extKeyUsage & EXTKEYUSE_SERVER_AUTH)
-            ret |= XKU_SSL_SERVER;
+            ret |= WOLFSSL_XKU_SSL_SERVER;
         if (x509->extKeyUsage & EXTKEYUSE_ANY)
-            ret |= XKU_ANYEKU;
+            ret |= WOLFSSL_XKU_ANYEKU;
     }
 
     WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret);
@@ -177,19 +177,19 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
             goto out;
         }
 
-        if (GetLength(input, &idx, &length, sz) < 0) {
+        if (GetLength(input, &idx, &length, (word32)sz) < 0) {
             WOLFSSL_MSG("\tfail: invalid length");
             goto out;
         }
     }
 
-    if (GetSequence(input, &idx, &length, sz) < 0) {
+    if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
         goto out;
     }
 
     while (idx < (word32)sz) {
-        if (GetSequence(input, &idx, &length, sz) < 0) {
+        if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
             WOLFSSL_MSG("\tfail: should be a SEQUENCE");
             FreeDecodedCert(cert);
             return WOLFSSL_FAILURE;
@@ -314,7 +314,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_create_by_OBJ(
         if (ret == NULL) {
             err = 1;
         }
-    } else {
+    }
+    else {
         /* Prevent potential memory leaks and dangling pointers. */
         wolfSSL_ASN1_OBJECT_free(ret->obj);
         ret->obj = NULL;
@@ -360,73 +361,12 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void)
 /* This function does NOT return 1 on success. It returns 0 on fail, and the
  * number of items in the stack upon success. This is for compatibility with
  * OpenSSL. */
-int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext)
+int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
+    WOLFSSL_X509_EXTENSION* ext)
 {
-    WOLFSSL_STACK* node;
-
     WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push");
 
-    if (sk == NULL || ext == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    /* no previous values in stack */
-    if (sk->data.ext == NULL) {
-        sk->data.ext = ext;
-        sk->num += 1;
-        return (int)sk->num;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-                                                             DYNAMIC_TYPE_X509);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->data.ext  = sk->data.ext;
-    node->next      = sk->next;
-    node->type      = sk->type;
-    sk->next        = node;
-    sk->data.ext    = ext;
-    sk->num        += 1;
-
-    return (int)sk->num;
-}
-
-/* Free the structure for X509_EXTENSION stack
- *
- * sk  stack to free nodes in
- */
-void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
-{
-    WOLFSSL_STACK* node;
-
-    WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");
-
-    if (sk == NULL) {
-        return;
-    }
-
-    /* parse through stack freeing each node */
-    node = sk->next;
-    while ((node != NULL) && (sk->num > 1)) {
-        WOLFSSL_STACK* tmp = node;
-        node = node->next;
-
-        wolfSSL_X509_EXTENSION_free(tmp->data.ext);
-        XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
-        sk->num -= 1;
-    }
-
-    /* free head of stack */
-    if (sk->num == 1) {
-        wolfSSL_X509_EXTENSION_free(sk->data.ext);
-    }
-    XFREE(sk, NULL, DYNAMIC_TYPE_X509);
+    return wolfSSL_sk_push(sk, ext);
 }
 
 static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x)
@@ -523,22 +463,40 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
 
     if (!x || !obj) {
         WOLFSSL_MSG("Bad parameter");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sk = wolfSSL_X509_get0_extensions(x);
     if (!sk) {
         WOLFSSL_MSG("No extensions");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
     for (; lastpos < wolfSSL_sk_num(sk); lastpos++)
-        if (wolfSSL_OBJ_cmp((WOLFSSL_ASN1_OBJECT*)wolfSSL_sk_value(sk,
-                        lastpos), obj) == 0)
+        if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk,
+                        lastpos)->obj, obj) == 0)
             return lastpos;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
+}
+
+
+int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a, WOLFSSL_X509 *obj)
+{
+    WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509");
+    (void)a;
+    (void)obj;
+    return 0;
+}
+
+int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a,
+    WOLFSSL_X509_CRL *obj)
+{
+    WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509_CRL");
+    (void)a;
+    (void)obj;
+    return 0;
 }
 
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA */
@@ -556,10 +514,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
     WOLFSSL_GENERAL_NAME* gn)
 {
     int ret = 0;
-    WOLFSSL_ASN1_OBJECT* obj;
-    WOLFSSL_ASN1_TYPE* type;
-    WOLFSSL_ASN1_STRING* str;
-    byte tag;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_TYPE* type = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+    byte tag = 0;
     unsigned char* p = (unsigned char *)dns->name;
     long len = dns->len;
 
@@ -594,7 +552,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
             goto err;
         }
 
-        tag = ASN_UTF8STRING;
+        tag = WOLFSSL_V_ASN1_UTF8STRING;
     }
     else
 #endif
@@ -604,54 +562,34 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
         /* Create an object id for general name from DER encoding. */
         obj = wolfSSL_d2i_ASN1_OBJECT(NULL, (const unsigned char**)&p, len);
-        if (obj == NULL) {
+        if (obj == NULL)
             goto err;
-        }
         /* Pointer moved on and now update length of remaining data. */
         len -= (long)((size_t)p - (size_t)dns->name);
 
-        /* Next is: [0]. Check tag and length. */
-        if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
+        /* Next is "value      [0] EXPLICIT ANY DEFINED BY type-id" */
+        if (GetASNHeader(p, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0,
+                &idx, &nameLen, (word32)len) < 0)
             goto err;
-        }
-        if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-        if (GetLength(p, &idx, &nameLen, (word32)len) <= 1) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-
-        /* Next is a string of some type. */
-        if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-        if (GetLength(p, &idx, &nameLen, (word32)len) <= 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
         p += idx;
         len -= idx;
+
+        /* Set the tag to object so that it gets output in raw form */
+        tag = WOLFSSL_V_ASN1_SEQUENCE;
     }
 
+
     /* Create a WOLFSSL_ASN1_STRING from the DER. */
     str = wolfSSL_ASN1_STRING_type_new(tag);
     if (str == NULL) {
-        wolfSSL_ASN1_OBJECT_free(obj);
         goto err;
     }
-    wolfSSL_ASN1_STRING_set(str, p, (word32)len);
+    wolfSSL_ASN1_STRING_set(str, p, (int)len);
 
     /* Wrap string in a WOLFSSL_ASN1_TYPE. */
     type = wolfSSL_ASN1_TYPE_new();
-    if (type == NULL) {
-        wolfSSL_ASN1_OBJECT_free(obj);
-        wolfSSL_ASN1_STRING_free(str);
+    if (type == NULL)
         goto err;
-    }
     wolfSSL_ASN1_TYPE_set(type, tag, str);
 
     /* Store the object and string in general name. */
@@ -660,11 +598,85 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
     ret = 1;
 err:
+    if (ret != 1) {
+        wolfSSL_ASN1_OBJECT_free(obj);
+        wolfSSL_ASN1_STRING_free(str);
+    }
     return ret;
 }
 #endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns)
+{
+    gn->type = dns->type;
+    switch (gn->type) {
+        case WOLFSSL_GEN_OTHERNAME:
+                if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
+                    WOLFSSL_MSG("OTHERNAME set failed");
+                    return WOLFSSL_FAILURE;
+                }
+            break;
+
+        case WOLFSSL_GEN_EMAIL:
+        case WOLFSSL_GEN_DNS:
+        case WOLFSSL_GEN_URI:
+        case WOLFSSL_GEN_IPADD:
+        case WOLFSSL_GEN_IA5:
+                gn->d.ia5->length = dns->len;
+                if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
+                        gn->d.ia5->length) != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("ASN1_STRING_set failed");
+                    return WOLFSSL_FAILURE;
+                }
+                break;
+
+
+        case WOLFSSL_GEN_DIRNAME:
+            /* wolfSSL_GENERAL_NAME_new() mallocs this by default */
+            wolfSSL_ASN1_STRING_free(gn->d.ia5);
+            gn->d.ia5 = NULL;
+
+            gn->d.dirn = wolfSSL_X509_NAME_new();;
+            /* @TODO extract dir name info from DNS_entry */
+            break;
+
+#ifdef WOLFSSL_RID_ALT_NAME
+        case WOLFSSL_GEN_RID:
+            /* wolfSSL_GENERAL_NAME_new() mallocs this by default */
+            wolfSSL_ASN1_STRING_free(gn->d.ia5);
+            gn->d.ia5 = NULL;
+
+            gn->d.registeredID = wolfSSL_ASN1_OBJECT_new();
+            if (gn->d.registeredID == NULL) {
+                return WOLFSSL_FAILURE;
+            }
+            gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len,
+                gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1);
+            if (gn->d.registeredID->obj == NULL) {
+                /* registeredID gets free'd up by caller after failure */
+                return WOLFSSL_FAILURE;
+            }
+            gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+            XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len);
+            gn->d.registeredID->objSz = dns->len;
+            gn->d.registeredID->grp = oidCertExtType;
+            gn->d.registeredID->nid = WC_NID_registeredAddress;
+            break;
+#endif
+
+        case WOLFSSL_GEN_X400:
+            /* Unsupported: fall through */
+        case WOLFSSL_GEN_EDIPARTY:
+            /* Unsupported: fall through */
+        default:
+            WOLFSSL_MSG("Unsupported type conversion");
+            return WOLFSSL_FAILURE;
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+
 static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
     WOLFSSL_X509_EXTENSION* ext)
 {
@@ -702,27 +714,13 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
                 goto err;
             }
 
-            gn->type = dns->type;
-            if (gn->type == GEN_OTHERNAME) {
-                if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
-                    WOLFSSL_MSG("OTHERNAME set failed");
-                    wolfSSL_GENERAL_NAME_free(gn);
-                    wolfSSL_sk_pop_free(sk, NULL);
-                    goto err;
-                }
-            }
-            else {
-                gn->d.ia5->length = dns->len;
-                if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
-                        gn->d.ia5->length) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set failed");
-                    wolfSSL_GENERAL_NAME_free(gn);
-                    wolfSSL_sk_pop_free(sk, NULL);
-                    goto err;
-                }
+            if (DNS_to_GENERAL_NAME(gn, dns) != WOLFSSL_SUCCESS) {
+                wolfSSL_GENERAL_NAME_free(gn);
+                wolfSSL_sk_pop_free(sk, NULL);
+                goto err;
             }
 
-            if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
                 WOLFSSL_MSG("Error pushing onto stack");
                 wolfSSL_GENERAL_NAME_free(gn);
                 wolfSSL_sk_pop_free(sk, NULL);
@@ -763,12 +761,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
     WOLFSSL_ENTER("wolfSSL_X509_set_ext");
 
-    if(x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("\tNot passed a certificate");
         return NULL;
     }
 
-    if(loc <0 || (loc > wolfSSL_X509_get_ext_count(x509))){
+    if (loc < 0 || (loc > wolfSSL_X509_get_ext_count(x509))) {
         WOLFSSL_MSG("\tBad location argument");
         return NULL;
     }
@@ -839,7 +837,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
             return NULL;
         }
 
-        if (GetLength(input, &idx, &length, sz) < 0) {
+        if (GetLength(input, &idx, &length, (word32)sz) < 0) {
             WOLFSSL_MSG("\tfail: invalid length");
             wolfSSL_X509_EXTENSION_free(ext);
             FreeDecodedCert(cert);
@@ -850,7 +848,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
         }
     }
 
-    if (GetSequence(input, &idx, &length, sz) < 0) {
+    if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
         wolfSSL_X509_EXTENSION_free(ext);
         FreeDecodedCert(cert);
@@ -863,7 +861,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
     while (idx < (word32)sz) {
         oid = 0;
 
-        if (GetSequence(input, &idx, &length, sz) < 0) {
+        if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
             WOLFSSL_MSG("\tfail: should be a SEQUENCE");
             wolfSSL_X509_EXTENSION_free(ext);
             FreeDecodedCert(cert);
@@ -874,7 +872,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
         }
 
         tmpIdx = idx;
-        ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz);
+        ret = GetObjectId(input, &idx, &oid, oidCertExtType, (word32)sz);
         if (ret < 0) {
             WOLFSSL_MSG("\tfail: OBJECT ID");
             wolfSSL_X509_EXTENSION_free(ext);
@@ -895,11 +893,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
         }
         /* extCount == loc. Now get the extension. */
         /* Check if extension has been set */
-        isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, nid);
+        isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, (int)nid);
 
-        if (wolfSSL_OBJ_nid2ln(nid) != NULL) {
+        if (wolfSSL_OBJ_nid2ln((int)nid) != NULL) {
             /* This is NOT an unknown OID. */
-            ext->obj = wolfSSL_OBJ_nid2obj(nid);
+            ext->obj = wolfSSL_OBJ_nid2obj((int)nid);
             if (ext->obj == NULL) {
                 WOLFSSL_MSG("\tfail: Invalid OBJECT");
                 wolfSSL_X509_EXTENSION_free(ext);
@@ -912,16 +910,42 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
         }
 
         if (ext->obj) {
-            ext->obj->nid = nid;
+            ext->obj->nid = (int)nid;
         }
 
         switch (oid) {
             case BASIC_CA_OID:
+            {
+                word32 dataIdx = idx;
+                word32 dummyOid;
+                int dataLen = 0;
+
                 if (!isSet)
                     break;
                 /* Set pathlength */
                 a = wolfSSL_ASN1_INTEGER_new();
-                if (a == NULL) {
+
+                /* Set the data */
+                ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType,
+                        (word32)sz) == 0;
+                if (ret && dataIdx < (word32)sz) {
+                    /* Skip the critical information */
+                    if (input[dataIdx] == ASN_BOOLEAN) {
+                        dataIdx++;
+                        ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0;
+                        dataIdx += dataLen;
+                    }
+                }
+                if (ret) {
+                    ret = GetOctetString(input, &dataIdx, &dataLen,
+                            (word32)sz) > 0;
+                }
+                if (ret) {
+                    ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx,
+                            dataLen) == 1;
+                }
+
+                if (a == NULL || !ret) {
                     wolfSSL_X509_EXTENSION_free(ext);
                     FreeDecodedCert(cert);
                 #ifdef WOLFSSL_SMALL_STACK
@@ -929,7 +953,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 #endif
                     return NULL;
                 }
-                a->length = x509->pathLength;
+                a->length = (int)x509->pathLength;
 
                 /* Save ASN1_INTEGER in x509 extension */
                 ext->obj->pathlen = a;
@@ -937,7 +961,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 ext->obj->ca = x509->isCa;
                 ext->crit = x509->basicConstCrit;
                 break;
-
+            }
             case AUTH_INFO_OID:
                 if (!isSet)
                     break;
@@ -972,11 +996,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                         return NULL;
                     }
                     obj->obj = (byte*)x509->authInfoCaIssuer;
-                    obj->objSz = x509->authInfoCaIssuerSz;
+                    obj->objSz = (unsigned int)x509->authInfoCaIssuerSz;
                     obj->grp = oidCertAuthInfoType;
-                    obj->nid = NID_ad_ca_issuers;
+                    obj->nid = WC_NID_ad_ca_issuers;
 
-                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
+                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
+                            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     if (ret != WOLFSSL_SUCCESS) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
@@ -1007,11 +1032,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                         return NULL;
                     }
                     obj->obj = x509->authInfo;
-                    obj->objSz = x509->authInfoSz;
+                    obj->objSz = (unsigned int)x509->authInfoSz;
                     obj->grp = oidCertAuthInfoType;
-                    obj->nid = NID_ad_OCSP;
+                    obj->nid = WC_NID_ad_OCSP;
 
-                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
+                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
+                            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     if (ret != WOLFSSL_SUCCESS) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
@@ -1067,7 +1093,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
             case CERT_POLICY_OID:
                 if (!isSet)
                     break;
+            #ifdef WOLFSSL_SEP
                 ext->crit = x509->certPolicyCrit;
+            #endif
                 break;
 
             case KEY_USAGE_OID:
@@ -1132,7 +1160,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                  *  parsed oid for access in later function calls */
 
                 /* Get OID from input */
-                if (GetASNObjectId(input, &idx, &length, sz) != 0) {
+                if (GetASNObjectId(input, &idx, &length, (word32)sz) != 0) {
                     WOLFSSL_MSG("Failed to Get ASN Object Id");
                     wolfSSL_X509_EXTENSION_free(ext);
                     FreeDecodedCert(cert);
@@ -1171,12 +1199,24 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     }
                 }
 
-                ext->obj->objSz = objSz;
-                if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
-                   (ext->obj->obj == NULL)) {
-                        ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj,
-                                             ext->obj->objSz,
-                                             NULL,DYNAMIC_TYPE_ASN1);
+                if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
+                    (ext->obj->obj == NULL)) {
+                #ifdef WOLFSSL_NO_REALLOC
+                    byte* tmp = NULL;
+
+                    tmp = (byte*)XMALLOC(objSz, NULL, DYNAMIC_TYPE_ASN1);
+                    if (tmp != NULL && ext->obj->obj != NULL) {
+                        XMEMCPY(tmp, ext->obj->obj, ext->obj->objSz);
+                        XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1);
+                    }
+                    else if (tmp == NULL) {
+                        ext->obj->obj = tmp;
+                    }
+                    ext->obj->obj = tmp;
+                #else
+                    ext->obj->obj = (byte*)XREALLOC((byte*)ext->obj->obj, objSz,
+                                           NULL, DYNAMIC_TYPE_ASN1);
+                #endif
                     if (ext->obj->obj == NULL) {
                         wolfSSL_X509_EXTENSION_free(ext);
                         FreeDecodedCert(cert);
@@ -1187,9 +1227,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                         return NULL;
                     }
                     ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-                } else {
+                }
+                else {
                     ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
                 }
+                ext->obj->objSz = (unsigned int)objSz;
+
                 /* Get OID from input and copy to ASN1_OBJECT buffer */
                 XMEMCPY(oidBuf+2, input+idx, length);
                 XMEMCPY((byte*)ext->obj->obj, oidBuf, ext->obj->objSz);
@@ -1215,7 +1258,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
                 tmpIdx++;
 
-                if (GetLength(input, &tmpIdx, &length, sz) <= 0) {
+                if (GetLength(input, &tmpIdx, &length, (word32)sz) <= 0) {
                     WOLFSSL_MSG("Error: Invalid Input Length.");
                     wolfSSL_ASN1_OBJECT_free(ext->obj);
                     wolfSSL_X509_EXTENSION_free(ext);
@@ -1225,7 +1268,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 #endif
                     return NULL;
                 }
-                ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1);
+                ext->value.data = (char*)XMALLOC(length, NULL,
+                    DYNAMIC_TYPE_ASN1);
                 ext->value.isDynamic = 1;
                 if (ext->value.data == NULL) {
                     WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
@@ -1249,7 +1293,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
      */
     if (x509->ext_sk == NULL)
         x509->ext_sk = wolfSSL_sk_new_x509_ext();
-    if (wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext) == WOLFSSL_FAILURE) {
+    if (wolfSSL_sk_insert(x509->ext_sk, ext, -1) <= 0) {
         wolfSSL_X509_EXTENSION_free(ext);
         ext = NULL;
     }
@@ -1269,21 +1313,18 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
  * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error
  */
 static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
-        word32* len, void* heap) {
-    if (!str || !buf || !len) {
-        return WOLFSSL_FAILURE;
-    }
+        word32* len, void* heap)
+{
     if (str->data && str->length > 0) {
         if (*buf)
             XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT);
         *len = 0;
-        *buf = (byte*)XMALLOC(str->length, heap,
-                DYNAMIC_TYPE_X509_EXT);
+        *buf = (byte*)XMALLOC(str->length, heap, DYNAMIC_TYPE_X509_EXT);
         if (!*buf) {
             WOLFSSL_MSG("malloc error");
             return WOLFSSL_FAILURE;
         }
-        *len = str->length;
+        *len = (word32)str->length;
         XMEMCPY(*buf, str->data, str->length);
     }
 
@@ -1291,7 +1332,8 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
     return WOLFSSL_SUCCESS;
 }
 
-int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
+int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
+    int loc)
 {
     int nid;
 
@@ -1304,7 +1346,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
     nid = (ext->obj != NULL) ? ext->obj->type : ext->value.nid;
 
     switch (nid) {
-    case NID_authority_key_identifier:
+    case WC_NID_authority_key_identifier:
         if (x509->authKeyIdSrc != NULL) {
             /* If authKeyId points into authKeyIdSrc then free it and
              * revert to old functionality */
@@ -1319,7 +1361,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
         x509->authKeyIdCrit = (byte)ext->crit;
         break;
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId,
                 &x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("asn1_string_copy_to_buffer error");
@@ -1327,7 +1369,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
         x509->subjKeyIdCrit = (byte)ext->crit;
         break;
-    case NID_subject_alt_name:
+    case WC_NID_subject_alt_name:
     {
         WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
         while (gns) {
@@ -1338,7 +1380,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
                 word32 len = 0;
 
                 len = SetOthername(gn->d.otherName, NULL);
-                if (len == WOLFSSL_FAILURE) {
+                if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                     return WOLFSSL_FAILURE;
                 }
 
@@ -1354,7 +1396,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
                 ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
                                                   ASN_OTHER_TYPE);
                 XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
-                if (ret == WOLFSSL_FAILURE) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                      WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
                      return WOLFSSL_FAILURE;
                 }
@@ -1371,11 +1413,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         x509->subjAltNameCrit = (byte)ext->crit;
         break;
     }
-    case NID_key_usage:
+    case WC_NID_key_usage:
         if (ext && ext->value.data) {
             if (ext->value.length == sizeof(word16)) {
                 /* if ext->value is already word16, set directly */
                 x509->keyUsage = *(word16*)ext->value.data;
+#ifdef BIG_ENDIAN_ORDER
+                x509->keyUsage = rotlFixed16(x509->keyUsage, 8U);
+#endif
                 x509->keyUsageCrit = (byte)ext->crit;
                 x509->keyUsageSet = 1;
             }
@@ -1393,10 +1438,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             }
         }
         break;
-    case NID_ext_key_usage:
+    case WC_NID_ext_key_usage:
         if (ext && ext->value.data) {
             if (ext->value.length == sizeof(byte)) {
-                /* if ext->value is already word16, set directly */
+                /* if ext->value is already 1 byte, set directly */
                 x509->extKeyUsage = *(byte*)ext->value.data;
                 x509->extKeyUsageCrit = (byte)ext->crit;
             }
@@ -1413,17 +1458,24 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             }
         }
         break;
-    case NID_basic_constraints:
+    case WC_NID_basic_constraints:
         if (ext->obj) {
             x509->isCa = (byte)ext->obj->ca;
             x509->basicConstCrit = (byte)ext->crit;
-            if (ext->obj->pathlen)
-                x509->pathLength = ext->obj->pathlen->length;
+            if (ext->obj->pathlen) {
+                x509->pathLength = (word32)ext->obj->pathlen->length;
+                x509->basicConstPlSet = 1;
+            }
             x509->basicConstSet = 1;
         }
         break;
     default:
 #ifdef WOLFSSL_CUSTOM_OID
+    {
+        char *oid = NULL;
+        byte *val = NULL;
+        int err = 0;
+
         if ((ext->obj == NULL) || (ext->value.length == 0)) {
             WOLFSSL_MSG("Extension has insufficient information.");
             return WOLFSSL_FAILURE;
@@ -1436,12 +1488,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
 
         /* This is a viable custom extension. */
-        char *oid = XMALLOC(MAX_OID_STRING_SZ, x509->heap,
-                            DYNAMIC_TYPE_X509_EXT);
-        byte *val = XMALLOC(ext->value.length, x509->heap,
-                            DYNAMIC_TYPE_X509_EXT);
-        int err = 0;
-
+        oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap,
+            DYNAMIC_TYPE_X509_EXT);
+        val = (byte*)XMALLOC(ext->value.length, x509->heap,
+            DYNAMIC_TYPE_X509_EXT);
         if ((oid == NULL) || (val == NULL)) {
             WOLFSSL_MSG("Memory allocation failure.\n");
             err = 1;
@@ -1460,18 +1510,26 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             return WOLFSSL_FAILURE;
         }
 
+        /* ext->crit is WOLFSSL_ASN1_BOOLEAN */
+        if (ext->crit != 0 && ext->crit != -1) {
+            XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
+            XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
+            return WOLFSSL_FAILURE;
+        }
+
         /* x509->custom_exts now owns the buffers and they must be managed. */
         x509->custom_exts[x509->customExtCount].oid = oid;
-        x509->custom_exts[x509->customExtCount].crit = ext->crit;
+        x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit;
         x509->custom_exts[x509->customExtCount].val = val;
         x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
         x509->customExtCount++;
+        break;
+    }
 #else
         WOLFSSL_MSG("Unsupported extension to add");
         return WOLFSSL_FAILURE;
 #endif /* WOLFSSL_CUSTOM_OID */
-        break;
-    }
+    } /* switch (nid) */
 
     return WOLFSSL_SUCCESS;
 }
@@ -1482,10 +1540,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
 int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
         unsigned long flag, int indent)
 {
-    ASN1_OBJECT* obj;
-    ASN1_STRING* str;
+    WOLFSSL_ASN1_OBJECT* obj;
+    WOLFSSL_ASN1_STRING* str;
     int nid;
-    int rc = WOLFSSL_FAILURE;
+    int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     char tmp[CTC_NAME_SIZE*2 + 1];
     const int tmpSz = sizeof(tmp);
     int tmpLen = 0;
@@ -1545,22 +1603,10 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
                         WOLFSSL_MSG("Memory error");
                         return rc;
                     }
-                    if (sk->next) {
-                        if ((valLen = XSNPRINTF(val, len, "%*s%s,",
-                                      indent, "", str->strData))
-                            >= len) {
-                            XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                            return rc;
-                        }
-                    } else {
-                        if ((valLen = XSNPRINTF(val, len, "%*s%s",
-                                      indent, "", str->strData))
-                            >= len) {
-                            XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                            return rc;
-                        }
-                    }
-                    if ((tmpLen + valLen) >= tmpSz) {
+                    valLen = XSNPRINTF(val, (size_t)len, "%*s%s", indent, "",
+                            str->strData);
+                    if ((valLen < 0) || (valLen >= len)
+                            || ((tmpLen + valLen) >= tmpSz)) {
                         XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         return rc;
                     }
@@ -1646,13 +1692,13 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit)
  * not NULL, get the NID of the extension object and populate the
  * extension type-specific X509V3_EXT_* function(s) in v3_ext_method.
  *
- * Returns NULL on error or pointer to the v3_ext_method populated with extension
- * type-specific X509V3_EXT_* function(s).
+ * Returns NULL on error or pointer to the v3_ext_method populated with
+ * extension type-specific X509V3_EXT_* function(s).
  *
- * NOTE: NID_subject_key_identifier is currently the only extension implementing
- * the X509V3_EXT_* functions, as it is the only type called directly by QT. The
- * other extension types return a pointer to a v3_ext_method struct that contains
- * only the NID.
+ * NOTE: WC_NID_subject_key_identifier is currently the only extension
+ * implementing the X509V3_EXT_* functions, as it is the only type called
+ * directly by QT. The other extension types return a pointer to a
+ * v3_ext_method struct that contains only the NID.
  */
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
@@ -1676,32 +1722,32 @@ WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
         WOLFSSL_MSG("Failed to get nid from passed extension object");
         return NULL;
     }
-    XMEMSET(&method, 0, sizeof(WOLFSSL_v3_ext_method));
     switch (nid) {
-        case NID_basic_constraints:
+        case WC_NID_basic_constraints:
             break;
-        case NID_subject_key_identifier:
-            method.i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
+        case WC_NID_subject_key_identifier:
+            method.i2s = (WOLFSSL_X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
             break;
-        case NID_subject_alt_name:
-            WOLFSSL_MSG("i2v function not yet implemented for Subject Alternative Name");
+        case WC_NID_subject_alt_name:
+            WOLFSSL_MSG("i2v function not yet implemented for Subject "
+                        "Alternative Name");
             break;
-        case NID_key_usage:
+        case WC_NID_key_usage:
             WOLFSSL_MSG("i2v function not yet implemented for Key Usage");
             break;
-        case NID_authority_key_identifier:
+        case WC_NID_authority_key_identifier:
             WOLFSSL_MSG("i2v function not yet implemented for Auth Key Id");
             break;
-        case NID_info_access:
+        case WC_NID_info_access:
             WOLFSSL_MSG("i2v function not yet implemented for Info Access");
             break;
-        case NID_ext_key_usage:
+        case WC_NID_ext_key_usage:
             WOLFSSL_MSG("i2v function not yet implemented for Ext Key Usage");
             break;
-        case NID_certificate_policies:
+        case WC_NID_certificate_policies:
             WOLFSSL_MSG("r2i function not yet implemented for Cert Policies");
             break;
-        case NID_crl_distribution_points:
+        case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("r2i function not yet implemented for CRL Dist Points");
             break;
         default:
@@ -1804,7 +1850,7 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
         }
 
         /* Set the type of general name to URI (only type supported). */
-        ret = wolfSSL_GENERAL_NAME_set_type(ad->location, GEN_URI);
+        ret = wolfSSL_GENERAL_NAME_set_type(ad->location, WOLFSSL_GEN_URI);
         if (ret != WOLFSSL_SUCCESS) {
             err = 1;
             break;
@@ -1819,7 +1865,8 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
             break;
         }
         /* Push onto AUTHORITY_INFO_ACCESS stack. */
-        ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad);
+        ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad) > 0
+                ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Error pushing ASN1 AD onto stack");
             err = 1;
@@ -1867,27 +1914,27 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_d2i");
 
-    if(ext == NULL) {
+    if (ext == NULL) {
         WOLFSSL_MSG("Bad function Argument");
         return NULL;
     }
 
+    object = wolfSSL_X509_EXTENSION_get_object(ext);
+    if (object == NULL) {
+        WOLFSSL_MSG("X509_EXTENSION_get_object failed");
+        return NULL;
+    }
     /* extract extension info */
     method = wolfSSL_X509V3_EXT_get(ext);
     if (method == NULL) {
         WOLFSSL_MSG("wolfSSL_X509V3_EXT_get error");
         return NULL;
     }
-    object = wolfSSL_X509_EXTENSION_get_object(ext);
-    if (object == NULL) {
-        WOLFSSL_MSG("X509_EXTENSION_get_object failed");
-        return NULL;
-    }
 
     /* Return pointer to proper internal structure based on NID */
     switch (object->type) {
         /* basicConstraints */
-        case (NID_basic_constraints):
+        case WC_NID_basic_constraints:
             WOLFSSL_MSG("basicConstraints");
             /* Allocate new BASIC_CONSTRAINTS structure */
             bc = wolfSSL_BASIC_CONSTRAINTS_new();
@@ -1897,7 +1944,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             }
             /* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
             bc->ca = object->ca;
-            if (object->pathlen->length > 0) {
+            if (object->pathlen != NULL && object->pathlen->length > 0) {
                 bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
                 if (bc->pathlen == NULL) {
                     WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
@@ -1910,7 +1957,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return bc;
 
         /* subjectKeyIdentifier */
-        case (NID_subject_key_identifier):
+        case WC_NID_subject_key_identifier:
             WOLFSSL_MSG("subjectKeyIdentifier");
             asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
             if (asn1String == NULL) {
@@ -1933,7 +1980,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return newString;
 
         /* authorityKeyIdentifier */
-        case (NID_authority_key_identifier):
+        case WC_NID_authority_key_identifier:
             WOLFSSL_MSG("AuthorityKeyIdentifier");
 
             akey = (WOLFSSL_AUTHORITY_KEYID*)
@@ -1976,7 +2023,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return akey;
 
         /* keyUsage */
-        case (NID_key_usage):
+        case WC_NID_key_usage:
             WOLFSSL_MSG("keyUsage");
             /* This may need to be updated for future use. The i2v method for
                 keyUsage is not currently set. For now, return the ASN1_STRING
@@ -2002,21 +2049,21 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return newString;
 
         /* extKeyUsage */
-        case (NID_ext_key_usage):
+        case WC_NID_ext_key_usage:
             WOLFSSL_MSG("extKeyUsage not supported yet");
             return NULL;
 
         /* certificatePolicies */
-        case (NID_certificate_policies):
+        case WC_NID_certificate_policies:
             WOLFSSL_MSG("certificatePolicies not supported yet");
             return NULL;
 
         /* cRLDistributionPoints */
-        case (NID_crl_distribution_points):
+        case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("cRLDistributionPoints not supported yet");
             return NULL;
 
-        case NID_subject_alt_name:
+        case WC_NID_subject_alt_name:
             if (ext->ext_sk == NULL) {
                 WOLFSSL_MSG("Subject alt name stack NULL");
                 return NULL;
@@ -2029,7 +2076,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return sk;
 
         /* authorityInfoAccess */
-        case NID_info_access:
+        case WC_NID_info_access:
             WOLFSSL_MSG("AuthorityInfoAccess");
             return wolfssl_x509v3_ext_aia_d2i(ext);
 
@@ -2047,7 +2094,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
  * lastPos : Start search from extension after lastPos.
  *           Set to -1 to search from index 0.
  * return >= 0 If successful the extension index is returned.
- * return -1 If extension is not found or error is encountered.
+ * return WOLFSSL_FATAL_ERROR If extension is not found or error is encountered.
  */
 int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 {
@@ -2064,12 +2111,12 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_ext_by_NID");
 
-    if(x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("\tNot passed a certificate");
         return WOLFSSL_FATAL_ERROR;
     }
 
-    if(lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))){
+    if (lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))) {
         WOLFSSL_MSG("\tBad location argument");
         return WOLFSSL_FATAL_ERROR;
     }
@@ -2120,13 +2167,13 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
             goto out;
         }
 
-        if (GetLength(input, &idx, &length, sz) < 0) {
+        if (GetLength(input, &idx, &length, (word32)sz) < 0) {
             WOLFSSL_MSG("\tfail: invalid length");
             goto out;
         }
     }
 
-    if (GetSequence(input, &idx, &length, sz) < 0) {
+    if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
         goto out;
     }
@@ -2134,13 +2181,13 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
     while (idx < (word32)sz) {
         oid = 0;
 
-        if (GetSequence(input, &idx, &length, sz) < 0) {
+        if (GetSequence(input, &idx, &length, (word32)sz) < 0) {
             WOLFSSL_MSG("\tfail: should be a SEQUENCE");
             goto out;
         }
 
         tmpIdx = idx;
-        ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz);
+        ret = GetObjectId(input, &idx, &oid, oidCertExtType, (word32)sz);
         if (ret < 0) {
             WOLFSSL_MSG("\tfail: OBJECT ID");
             goto out;
@@ -2150,8 +2197,8 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
         if (extCount >= loc) {
             /* extCount >= loc. Now check if extension has been set */
-            isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, foundNID);
-
+            isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509,
+                (int)foundNID);
             if (isSet && ((word32)nid == foundNID)) {
                 found = 1;
                 break;
@@ -2230,7 +2277,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     wolfSSL_BASIC_CONSTRAINTS_free(bc);
                     return NULL;
                 }
-                a->length = x509->pathLength;
+                a->length = (int)x509->pathLength;
 
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
         defined(WOLFSSL_APACHE_HTTPD)
@@ -2313,12 +2360,11 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                                 WOLFSSL_MSG("ASN1_STRING_set failed");
                                 goto err;
                             }
-                            gn->d.dNSName->type = V_ASN1_IA5STRING;
+                            gn->d.dNSName->type = WOLFSSL_V_ASN1_IA5STRING;
                     }
 
                     dns = dns->next;
-                    if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
-                                                      WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         goto err;
                     }
@@ -2352,7 +2398,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     goto err;
                 }
 
-                if (wolfSSL_GENERAL_NAME_set_type(gn, GEN_URI) !=
+                if (wolfSSL_GENERAL_NAME_set_type(gn, WOLFSSL_GEN_URI) !=
                         WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Error setting GENERAL_NAME type");
                     goto err;
@@ -2373,13 +2419,13 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
 
                 /* push GENERAL_NAME onto fullname stack */
                 if (wolfSSL_sk_GENERAL_NAME_push(dp->distpoint->name.fullname,
-                                                 gn) != WOLFSSL_SUCCESS) {
+                                                 gn) <= 0) {
                     WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
                     goto err;
                 }
 
                 /* push DIST_POINT onto stack */
-                if (wolfSSL_sk_DIST_POINT_push(sk, dp) != WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) {
                     WOLFSSL_MSG("Error pushing DIST_POINT onto stack");
                     goto err;
                 }
@@ -2407,7 +2453,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 obj->type  = AUTH_INFO_OID;
                 obj->grp   = oidCertExtType;
                 obj->obj   = x509->authInfo;
-                obj->objSz = x509->authInfoSz;
+                obj->objSz = (unsigned int)x509->authInfoSz;
             }
             else {
                 WOLFSSL_MSG("No Auth Info set");
@@ -2418,7 +2464,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
             if (x509->authKeyIdSet) {
                 WOLFSSL_AUTHORITY_KEYID* akey = wolfSSL_AUTHORITY_KEYID_new();
                 if (!akey) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct");
+                    WOLFSSL_MSG(
+                        "Issue creating WOLFSSL_AUTHORITY_KEYID struct");
                     return NULL;
                 }
 
@@ -2486,7 +2533,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 for (i = 0; i < x509->certPoliciesNb - 1; i++) {
                     obj = wolfSSL_ASN1_OBJECT_new();
                     if (obj == NULL) {
-                        WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
+                        WOLFSSL_MSG(
+                            "Issue creating WOLFSSL_ASN1_OBJECT struct");
                         wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
                         return NULL;
                     }
@@ -2494,14 +2542,14 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     obj->grp   = oidCertExtType;
                     obj->obj   = (byte*)(x509->certPolicies[i]);
                     obj->objSz = MAX_CERTPOL_SZ;
-                    if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
-                                                           != WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
                         wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
                         sk = NULL;
                     }
                 }
+
                 obj = wolfSSL_ASN1_OBJECT_new();
                 if (obj == NULL) {
                     WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
@@ -2512,11 +2560,21 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 obj->grp   = oidCertExtType;
                 obj->obj   = (byte*)(x509->certPolicies[i]);
                 obj->objSz = MAX_CERTPOL_SZ;
+
+                if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
+                    WOLFSSL_MSG("Error pushing ASN1 object onto stack");
+                    wolfSSL_ASN1_OBJECT_free(obj);
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    sk = NULL;
+                }
+
+                obj = NULL;
             }
             else {
                 WOLFSSL_MSG("No Cert Policy set");
             }
-        #elif defined(WOLFSSL_SEP)
+        #endif /* WOLFSSL_CERT_EXT */
+        #ifdef WOLFSSL_SEP
             if (x509->certPolicySet) {
                 if (c != NULL) {
                     *c = x509->certPolicyCrit;
@@ -2532,8 +2590,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
             else {
                 WOLFSSL_MSG("No Cert Policy set");
             }
-        #else
-            WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT");
         #endif
             break;
         }
@@ -2572,6 +2628,44 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
 
         case EXT_KEY_USAGE_OID:
             if (x509->extKeyUsageSrc != NULL) {
+                const byte* ekuSrc = x509->extKeyUsageSrc;
+                word32 i;
+
+                sk = wolfSSL_sk_new_asn1_obj();
+                if (sk == NULL) {
+                    WOLFSSL_MSG("Issue creating stack");
+                    return NULL;
+                }
+
+                for (i = 0; i < x509->extKeyUsageCount; i++) {
+                    long ekuSrcLen = (long)(x509->extKeyUsageSz -
+                            (word32)(ekuSrc - x509->extKeyUsageSrc));
+                    WOLFSSL_ASN1_OBJECT* ekuObj = wolfSSL_d2i_ASN1_OBJECT(NULL,
+                            &ekuSrc, ekuSrcLen);
+                    if (ekuObj == NULL) {
+                        wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                        WOLFSSL_MSG("d2i obj error");
+                        return NULL;
+                    }
+                    ekuObj->type  = EXT_KEY_USAGE_OID;
+                    ekuObj->grp   = oidCertExtType;
+                    /* Push to end to maintain order */
+                    if (wolfSSL_sk_insert(sk, ekuObj, -1) <= 0) {
+                        wolfSSL_ASN1_OBJECT_free(ekuObj);
+                        wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                        WOLFSSL_MSG("d2i obj error");
+                        return NULL;
+                    }
+                }
+
+                if ((word32)(ekuSrc - x509->extKeyUsageSrc)
+                        != x509->extKeyUsageSz ||
+                        i != x509->extKeyUsageCount) {
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    WOLFSSL_MSG("incorrect eku count or buffer not exhausted");
+                    return NULL;
+                }
+
                 if (c != NULL) {
                     if (x509->extKeyUsageCount > 1) {
                         *c = -2;
@@ -2580,15 +2674,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                         *c = x509->extKeyUsageCrit;
                     }
                 }
-                obj = wolfSSL_ASN1_OBJECT_new();
-                if (obj == NULL) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
-                    return NULL;
-                }
-                obj->type  = EXT_KEY_USAGE_OID;
-                obj->grp   = oidCertExtType;
-                obj->obj   = x509->extKeyUsageSrc;
-                obj->objSz = x509->extKeyUsageSz;
             }
             else {
                 WOLFSSL_MSG("No Extended Key Usage set");
@@ -2635,7 +2720,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
         }
     }
     if (obj) {
-        if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
             WOLFSSL_MSG("Error pushing ASN1_OBJECT object onto "
                         "stack.");
             goto err;
@@ -2696,7 +2781,7 @@ int wolfSSL_X509_add_altname_ex(WOLFSSL_X509* x509, const char* name,
 
     newAltName->next = x509->altNames;
     newAltName->type = type;
-    newAltName->len = nameSz;
+    newAltName->len = (int)nameSz;
     newAltName->name = nameCopy;
     x509->altNames = newAltName;
 
@@ -2762,9 +2847,6 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
 {
     WOLFSSL_X509_EXTENSION* ext;
 
-    if (value == NULL)
-        return NULL;
-
     ext = wolfSSL_X509_EXTENSION_new();
     if (ext == NULL) {
         WOLFSSL_MSG("memory error");
@@ -2773,8 +2855,8 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
     ext->value.nid = nid;
 
     switch (nid) {
-        case NID_subject_key_identifier:
-        case NID_authority_key_identifier:
+        case WC_NID_subject_key_identifier:
+        case WC_NID_authority_key_identifier:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2782,7 +2864,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             }
             ext->value.type = CTC_UTF8;
             break;
-        case NID_subject_alt_name:
+        case WC_NID_subject_alt_name:
         {
             WOLFSSL_GENERAL_NAMES* gns;
             WOLFSSL_GENERAL_NAME* gn;
@@ -2808,7 +2890,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
                 WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error");
                 goto err_cleanup;
             }
-            if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) <= 0) {
                 WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
                 wolfSSL_GENERAL_NAME_free(gn);
                 goto err_cleanup;
@@ -2821,7 +2903,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             gn->type = ASN_DNS_TYPE;
             break;
         }
-        case NID_key_usage:
+        case WC_NID_key_usage:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2829,7 +2911,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             }
             ext->value.type = KEY_USAGE_OID;
             break;
-        case NID_ext_key_usage:
+        case WC_NID_ext_key_usage:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2920,22 +3002,22 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_METHOD_populate");
     switch (nid) {
-    case NID_subject_key_identifier:
-        method->i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
+    case WC_NID_subject_key_identifier:
+        method->i2s = (WOLFSSL_X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
         FALL_THROUGH;
-    case NID_authority_key_identifier:
-    case NID_key_usage:
-    case NID_certificate_policies:
-    case NID_policy_mappings:
-    case NID_subject_alt_name:
-    case NID_issuer_alt_name:
-    case NID_basic_constraints:
-    case NID_name_constraints:
-    case NID_policy_constraints:
-    case NID_ext_key_usage:
-    case NID_crl_distribution_points:
-    case NID_inhibit_any_policy:
-    case NID_info_access:
+    case WC_NID_authority_key_identifier:
+    case WC_NID_key_usage:
+    case WC_NID_certificate_policies:
+    case WC_NID_policy_mappings:
+    case WC_NID_subject_alt_name:
+    case WC_NID_issuer_alt_name:
+    case WC_NID_basic_constraints:
+    case WC_NID_name_constraints:
+    case WC_NID_policy_constraints:
+    case WC_NID_ext_key_usage:
+    case WC_NID_crl_distribution_points:
+    case WC_NID_inhibit_any_policy:
+    case WC_NID_info_access:
         WOLFSSL_MSG("Nothing to populate for current NID");
         break;
     default:
@@ -2947,7 +3029,7 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
 }
 
 /**
- * @param nid One of the NID_* constants defined in asn.h
+ * @param nid One of the WC_NID_* constants defined in asn.h
  * @param crit
  * @param data This data is copied to the returned extension.
  * @return
@@ -2971,9 +3053,9 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
     wolfSSL_X509V3_EXT_METHOD_populate(&ext->ext_method, nid);
 
     switch (nid) {
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         /* WOLFSSL_ASN1_STRING */
-    case NID_key_usage:
+    case WC_NID_key_usage:
         /* WOLFSSL_ASN1_STRING */
     {
         asn1str = (WOLFSSL_ASN1_STRING*)data;
@@ -3000,13 +3082,13 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
 
         break;
     }
-    case NID_subject_alt_name:
+    case WC_NID_subject_alt_name:
         /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */
-    case NID_issuer_alt_name:
+    case WC_NID_issuer_alt_name:
         /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */
-    case NID_ext_key_usage:
+    case WC_NID_ext_key_usage:
         /* typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE */
-    case NID_info_access:
+    case WC_NID_info_access:
         /* typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS */
     {
         WOLFSSL_STACK* sk = (WOLFSSL_STACK*)data;
@@ -3027,7 +3109,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
 
         break;
     }
-    case NID_basic_constraints:
+    case WC_NID_basic_constraints:
     {
         /* WOLFSSL_BASIC_CONSTRAINTS */
         WOLFSSL_BASIC_CONSTRAINTS* bc = (WOLFSSL_BASIC_CONSTRAINTS*)data;
@@ -3047,7 +3129,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
         }
         break;
     }
-    case NID_authority_key_identifier:
+    case WC_NID_authority_key_identifier:
     {
         /* AUTHORITY_KEYID */
         WOLFSSL_AUTHORITY_KEYID* akey = (WOLFSSL_AUTHORITY_KEYID*)data;
@@ -3074,22 +3156,22 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
             }
         }
         else {
-            WOLFSSL_MSG("NID_authority_key_identifier empty data");
+            WOLFSSL_MSG("WC_NID_authority_key_identifier empty data");
             goto err_cleanup;
         }
         break;
     }
-    case NID_inhibit_any_policy:
+    case WC_NID_inhibit_any_policy:
         /* ASN1_INTEGER */
-    case NID_certificate_policies:
+    case WC_NID_certificate_policies:
         /* STACK_OF(POLICYINFO) */
-    case NID_policy_mappings:
+    case WC_NID_policy_mappings:
         /* STACK_OF(POLICY_MAPPING) */
-    case NID_name_constraints:
+    case WC_NID_name_constraints:
         /* NAME_CONSTRAINTS */
-    case NID_policy_constraints:
+    case WC_NID_policy_constraints:
         /* POLICY_CONSTRAINTS */
-    case NID_crl_distribution_points:
+    case WC_NID_crl_distribution_points:
         /* typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS */
     default:
         WOLFSSL_MSG("Unknown or unsupported NID");
@@ -3107,11 +3189,11 @@ err_cleanup:
 }
 
 /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */
-WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
-    (WOLFSSL_X509_EXTENSION* ext)
+WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_object");
-    if(ext == NULL)
+    if (ext == NULL)
         return NULL;
     return ext->obj;
 }
@@ -3140,7 +3222,8 @@ int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext,
 #endif /* OPENSSL_ALL */
 
 /* Returns pointer to ASN1_STRING in X509_EXTENSION object */
-WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext)
+WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data");
     if (ext == NULL)
@@ -3250,6 +3333,7 @@ int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
 #endif /* OPENSSL_EXTRA */
 
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(KEEP_OUR_CERT) || \
     defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* user externally called free X509, if dynamic go ahead with free, otherwise
@@ -3272,16 +3356,14 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
             if (ret != 0) {
                 WOLFSSL_MSG("Couldn't lock x509 mutex");
             }
-        #endif /* OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA */
-
-        #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
             if (doFree)
         #endif /* OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA */
             {
                 FreeX509(x509);
                 XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
             }
-        } else {
+        }
+        else {
             WOLFSSL_MSG("free called on non dynamic object, not freeing");
         }
     }
@@ -3291,10 +3373,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
 WOLFSSL_ABI
 void wolfSSL_X509_free(WOLFSSL_X509* x509)
 {
-    WOLFSSL_ENTER("wolfSSL_FreeX509");
+    WOLFSSL_ENTER("wolfSSL_X509_free");
     ExternalFreeX509(x509);
 }
+#endif
 
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* copy name into in buffer, at most sz bytes, if buffer is null will
    malloc buffer, call responsible for freeing                     */
@@ -3303,15 +3388,15 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
 {
     int copySz;
 
+    WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
+
     if (name == NULL) {
         WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL");
         return NULL;
     }
 
-    copySz = min(sz, name->sz);
-
-    WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
-    if (!name->sz) return in;
+    if (name->sz == 0)
+        return in;
 
     if (!in) {
     #ifdef WOLFSSL_STATIC_MEMORY
@@ -3319,13 +3404,16 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
         return NULL;
     #else
         in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
-        if (!in ) return in;
+        if (!in)
+            return in;
         copySz = name->sz;
     #endif
     }
-
-    if (copySz <= 0)
-        return in;
+    else {
+        copySz = (int)min((word32)sz, (word32)name->sz);
+        if (copySz <= 0)
+            return in;
+    }
 
     XMEMCPY(in, name->name, copySz - 1);
     in[copySz - 1] = 0;
@@ -3365,7 +3453,7 @@ static unsigned long X509NameHash(WOLFSSL_X509_NAME* name,
         return 0;
     }
 
-    rc = wc_Hash(hashType, (const byte*)canonName,(word32)size, digest,
+    rc = wc_Hash(hashType, (const byte*)canonName, (word32)size, digest,
         sizeof(digest));
 
     if (rc == 0) {
@@ -3374,7 +3462,7 @@ static unsigned long X509NameHash(WOLFSSL_X509_NAME* name,
                 ((unsigned long)digest[1] <<  8) |
                 ((unsigned long)digest[0]));
     }
-    else if (rc == HASH_TYPE_E) {
+    else if (rc == WC_NO_ERR_TRACE(HASH_TYPE_E)) {
         WOLFSSL_ERROR_MSG("Hash function not compiled in");
     }
     else {
@@ -3512,7 +3600,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
                 WOLFSSL_MSG("Memory error");
                 return NULL;
             }
-            if ((strLen = XSNPRINTF(str, strSz, "%s=%s, ", sn, buf))
+            if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s, ", sn, buf))
                 >= strSz)
             {
                 WOLFSSL_MSG("buffer overrun");
@@ -3530,7 +3618,8 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
                 WOLFSSL_MSG("Memory error");
                 return NULL;
             }
-            if ((strLen = XSNPRINTF(str, strSz, "%s=%s", sn, buf)) >= strSz) {
+            if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn,
+                    buf)) >= strSz) {
                 WOLFSSL_MSG("buffer overrun");
                 XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return NULL;
@@ -3562,7 +3651,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
         }
     }
 
-    XMEMCPY(in, tmpBuf, totalLen);
+    XMEMCPY(in, tmpBuf, totalLen); /* cppcheck-suppress uninitvar */
     in[totalLen] = '\0';
 
     return in;
@@ -3593,7 +3682,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
 }
 
 static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
-                                        const byte* in, int len, int req)
+                                  const byte* in, int len, int req, void* heap)
 {
     WOLFSSL_X509 *newX509 = NULL;
     int type = req ? CERTREQ_TYPE : CERT_TYPE;
@@ -3620,12 +3709,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
             return NULL;
     #endif
 
-        InitDecodedCert(cert, (byte*)in, len, NULL);
+        InitDecodedCert(cert, (byte*)in, (word32)len, heap);
     #ifdef WOLFSSL_CERT_REQ
         cert->isCSR = (byte)req;
     #endif
-        if (ParseCertRelative(cert, type, 0, NULL) == 0) {
-            newX509 = wolfSSL_X509_new();
+        if (ParseCertRelative(cert, type, 0, NULL, NULL) == 0) {
+            newX509 = wolfSSL_X509_new_ex(heap);
             if (newX509 != NULL) {
                 if (CopyDecodedToX509(newX509, cert) != 0) {
                     wolfSSL_X509_free(newX509);
@@ -3659,16 +3748,40 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
     return isCA;
 }
 
+WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len,
+    void* heap)
+{
+    return d2i_X509orX509REQ(x509, in, len, 0, heap);
+}
+
 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
 {
-    return d2i_X509orX509REQ(x509, in, len, 0);
+    return wolfSSL_X509_d2i_ex(x509, in, len, NULL);
 }
 
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
         const unsigned char* in, int len)
 {
-    return d2i_X509orX509REQ(x509, in, len, 1);
+    return d2i_X509orX509REQ(x509, in, len, 1, NULL);
+}
+
+WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+        const unsigned char** in, int len)
+{
+    WOLFSSL_X509* ret = NULL;
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO");
+
+    if (in == NULL) {
+        WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509");
+        return NULL;
+    }
+
+    ret = wolfSSL_X509_REQ_d2i(req, *in, len);
+    if (ret != NULL) {
+        *in += ret->derCert->length;
+    }
+    return ret;
 }
 #endif
 
@@ -3692,7 +3805,7 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(OPENSSL_EXTRA) || \
-    defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
+    defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT)
 
 /* return the next, if any, altname from the peer cert */
 WOLFSSL_ABI
@@ -3717,7 +3830,7 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
     }
 
     ret = cert->altNamesNext->name;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     /* return the IP address as a string */
     if (cert->altNamesNext->type == ASN_IP_TYPE) {
         ret = cert->altNamesNext->ipString;
@@ -3738,7 +3851,7 @@ int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
 
     if (buf != NULL)
         XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
-    *bufSz = x509->sig.length;
+    *bufSz = (int)x509->sig.length;
 
     return WOLFSSL_SUCCESS;
 }
@@ -3786,7 +3899,7 @@ int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509,
 
     der = wolfSSL_X509_get_der(x509, &derSz);
     if (der != NULL) {
-        InitDecodedCert(cert, der, derSz, NULL);
+        InitDecodedCert(cert, der, (word32)derSz, NULL);
         ret = wc_GetPubX509(cert, 0, &badDate);
         if (ret >= 0) {
             word32 idx = cert->srcIdx;
@@ -3869,7 +3982,8 @@ const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
     return x509->derCert->buffer;
 }
 
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT ||
+        * KEEP_PEER_CERT || SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \
@@ -3887,7 +4001,8 @@ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
     XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData));
     x509->notBeforeData[0] = (byte)x509->notBefore.type;
     x509->notBeforeData[1] = (byte)x509->notBefore.length;
-    XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
+    XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data,
+        x509->notBefore.length);
 
     return x509->notBeforeData;
 }
@@ -3944,12 +4059,12 @@ const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz)
         return NULL;
     }
 
-    if (GetSequence(der, &idx, &len, sz) < 0) {
+    if (GetSequence(der, &idx, &len, (word32)sz) < 0) {
         return NULL;
     }
     tbs = der + idx;
     tmpIdx = idx;
-    if (GetSequence(der, &idx, &len, sz) < 0) {
+    if (GetSequence(der, &idx, &len, (word32)sz) < 0) {
         return NULL;
     }
     *outSz = len + (idx - tmpIdx);
@@ -3966,6 +4081,7 @@ byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->deviceTypeSz) return in;
 
@@ -3994,6 +4110,7 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->hwTypeSz) return in;
 
@@ -4023,6 +4140,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->hwTypeSz) return in;
 
@@ -4073,8 +4191,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509)
 }
 
 
-/* return 1 on success 0 on fail */
-int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
+    WOLFSSL_X509* x509)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_push");
 
@@ -4109,7 +4228,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
     }
 
     if (sk->num > 0) {
-        sk->num -= 1;
+        sk->num--;
     }
 
     return x509;
@@ -4123,7 +4242,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
  * returns a pointer to a WOLFSSL_X509 structure on success and NULL on
  *         fail
  */
-WOLFSSL_X509* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
+WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_value");
 
@@ -4182,7 +4301,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk)
  * sk  stack to free nodes in
  * f   X509 free function
  */
-void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk,
+void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk,
     void (*f) (WOLFSSL_X509*))
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
@@ -4217,8 +4336,9 @@ void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk)
     wolfSSL_sk_X509_CRL_pop_free(sk, NULL);
 }
 
-/* return 1 on success 0 on fail */
-int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl)
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
+    WOLFSSL_X509_CRL* crl)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push");
 
@@ -4250,7 +4370,7 @@ int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk)
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
                                               WOLFSSL_ACCESS_DESCRIPTION* a)
 {
@@ -4333,7 +4453,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
         wolfSSL_GENERAL_NAME_free(gn);
         return NULL;
     }
-    gn->type = GEN_IA5;
+    gn->type = WOLFSSL_GEN_IA5;
     return gn;
 }
 
@@ -4357,33 +4477,33 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
     dupl->d.ia5 = NULL;
     switch (gn->type) {
     /* WOLFSSL_ASN1_STRING types */
-    case GEN_DNS:
+    case WOLFSSL_GEN_DNS:
         if (!(dupl->d.dNSName = wolfSSL_ASN1_STRING_dup(gn->d.dNSName))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_IPADD:
+    case WOLFSSL_GEN_IPADD:
         if (!(dupl->d.iPAddress = wolfSSL_ASN1_STRING_dup(gn->d.iPAddress))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_EMAIL:
+    case WOLFSSL_GEN_EMAIL:
         if (!(dupl->d.rfc822Name = wolfSSL_ASN1_STRING_dup(gn->d.rfc822Name))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_URI:
+    case WOLFSSL_GEN_URI:
         if (!(dupl->d.uniformResourceIdentifier =
                 wolfSSL_ASN1_STRING_dup(gn->d.uniformResourceIdentifier))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_OTHERNAME:
-        if (gn->d.otherName->value->type != V_ASN1_UTF8STRING) {
+    case WOLFSSL_GEN_OTHERNAME:
+        if (gn->d.otherName->value->type != WOLFSSL_V_ASN1_UTF8STRING) {
             WOLFSSL_MSG("Unsupported othername value type");
             goto error;
         }
@@ -4414,10 +4534,10 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
             goto error;
         }
         break;
-    case GEN_X400:
-    case GEN_DIRNAME:
-    case GEN_EDIPARTY:
-    case GEN_RID:
+    case WOLFSSL_GEN_X400:
+    case WOLFSSL_GEN_DIRNAME:
+    case WOLFSSL_GEN_EDIPARTY:
+    case WOLFSSL_GEN_RID:
     default:
         WOLFSSL_MSG("Unrecognized or unsupported GENERAL_NAME type");
         goto error;
@@ -4426,9 +4546,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
 
     return dupl;
 error:
-    if (dupl) {
-        wolfSSL_GENERAL_NAME_free(dupl);
-    }
+    wolfSSL_GENERAL_NAME_free(dupl);
     return NULL;
 }
 
@@ -4441,7 +4559,8 @@ error:
  *          WOLFSSL_SUCCESS otherwise.
  */
 int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
-                                        ASN1_OBJECT* oid, ASN1_TYPE* value)
+                                        WOLFSSL_ASN1_OBJECT* oid,
+                                        WOLFSSL_ASN1_TYPE* value)
 {
     WOLFSSL_ASN1_OBJECT *x = NULL;
 
@@ -4455,49 +4574,19 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
         return WOLFSSL_FAILURE;
     }
 
-    gen->type = GEN_OTHERNAME;
+    gen->type = WOLFSSL_GEN_OTHERNAME;
     gen->d.otherName->type_id = x;
     gen->d.otherName->value = value;
     return WOLFSSL_SUCCESS;
 }
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
                                  WOLFSSL_GENERAL_NAME* gn)
 {
-    WOLFSSL_STACK* node;
     WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_push");
 
-    if (sk == NULL || gn == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    /* no previous values in stack */
-    if (sk->data.gn == NULL) {
-        sk->data.gn = gn;
-        sk->num += 1;
-
-        return WOLFSSL_SUCCESS;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-                                                             DYNAMIC_TYPE_ASN1);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->type    = STACK_TYPE_GEN_NAME;
-    node->data.gn = sk->data.gn;
-    node->next    = sk->next;
-    sk->next      = node;
-    sk->data.gn   = gn;
-    sk->num      += 1;
-
-    return WOLFSSL_SUCCESS;
+    return wolfSSL_sk_push(sk, gn);
 }
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -4537,7 +4626,7 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
     WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num");
 
     if (sk == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return (int)sk->num;
@@ -4669,7 +4758,7 @@ void wolfSSL_DIST_POINTS_free(WOLFSSL_DIST_POINTS *dps)
     wolfSSL_sk_free(dps);
 }
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_DIST_POINT_push(WOLFSSL_DIST_POINTS* sk, WOLFSSL_DIST_POINT* dp)
 {
     WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_push");
@@ -4708,7 +4797,7 @@ int wolfSSL_sk_DIST_POINT_num(WOLFSSL_STACK* sk)
     WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_num");
 
     if (sk == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return wolfSSL_sk_num(sk);
@@ -4767,35 +4856,35 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name)
 {
     if (name != NULL) {
         switch (name->type) {
-        case GEN_IA5:
+        case WOLFSSL_GEN_IA5:
             wolfSSL_ASN1_STRING_free(name->d.ia5);
             name->d.ia5 = NULL;
             break;
-        case GEN_EMAIL:
+        case WOLFSSL_GEN_EMAIL:
             wolfSSL_ASN1_STRING_free(name->d.rfc822Name);
             name->d.rfc822Name = NULL;
             break;
-        case GEN_DNS:
+        case WOLFSSL_GEN_DNS:
             wolfSSL_ASN1_STRING_free(name->d.dNSName);
             name->d.dNSName = NULL;
             break;
-        case GEN_DIRNAME:
+        case WOLFSSL_GEN_DIRNAME:
             wolfSSL_X509_NAME_free(name->d.dirn);
             name->d.dirn = NULL;
             break;
-        case GEN_URI:
+        case WOLFSSL_GEN_URI:
             wolfSSL_ASN1_STRING_free(name->d.uniformResourceIdentifier);
             name->d.uniformResourceIdentifier = NULL;
             break;
-        case GEN_IPADD:
+        case WOLFSSL_GEN_IPADD:
             wolfSSL_ASN1_STRING_free(name->d.iPAddress);
             name->d.iPAddress = NULL;
             break;
-        case GEN_RID:
+        case WOLFSSL_GEN_RID:
             wolfSSL_ASN1_OBJECT_free(name->d.registeredID);
             name->d.registeredID = NULL;
             break;
-        case GEN_OTHERNAME:
+        case WOLFSSL_GEN_OTHERNAME:
             if (name->d.otherName != NULL) {
                 wolfSSL_ASN1_OBJECT_free(name->d.otherName->type_id);
                 wolfSSL_ASN1_TYPE_free(name->d.otherName->value);
@@ -4803,9 +4892,9 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name)
                 name->d.otherName = NULL;
             }
             break;
-        case GEN_X400:
+        case WOLFSSL_GEN_X400:
             /* Unsupported: fall through */
-        case GEN_EDIPARTY:
+        case WOLFSSL_GEN_EDIPARTY:
             /* Unsupported: fall through */
         default:
             WOLFSSL_MSG("wolfSSL_GENERAL_NAME_type_free: possible leak");
@@ -4826,13 +4915,13 @@ int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, int typ)
         name->type = typ;
 
         switch (typ) {
-            case GEN_URI:
+            case WOLFSSL_GEN_URI:
                 name->d.uniformResourceIdentifier = wolfSSL_ASN1_STRING_new();
                 if (name->d.uniformResourceIdentifier == NULL)
                     ret = MEMORY_E;
                 break;
             default:
-                name->type = GEN_IA5;
+                name->type = WOLFSSL_GEN_IA5;
                 name->d.ia5 = wolfSSL_ASN1_STRING_new();
                 if (name->d.ia5 == NULL)
                     ret = MEMORY_E;
@@ -4867,16 +4956,15 @@ void wolfSSL_GENERAL_NAME_set0_value(WOLFSSL_GENERAL_NAME *a, int type,
         return;
     }
 
-    if (type != GEN_DNS) {
-        WOLFSSL_MSG("Only GEN_DNS is supported");
+    if (type != WOLFSSL_GEN_DNS) {
+        WOLFSSL_MSG("Only WOLFSSL_GEN_DNS is supported");
         return;
     }
 
     wolfSSL_GENERAL_NAME_type_free(a);
     a->type = type;
-    if (type == GEN_DNS) {
-        a->d.dNSName = val;
-    }
+    /* Only when WOLFSSL_GEN_DNS. */
+    a->d.dNSName = val;
 }
 
 /* Frees GENERAL_NAME objects.
@@ -5036,6 +5124,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
 
     case GEN_RID:
         ret = wolfSSL_BIO_printf(out, "Registered ID:");
+        ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         if (ret == WOLFSSL_SUCCESS) {
             ret = wolfSSL_i2a_ASN1_OBJECT(out, gen->d.registeredID);
         }
@@ -5046,7 +5135,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
         break;
     }
 
-    if (ret == WOLFSSL_FAILURE)
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         return WOLFSSL_FAILURE;
     else
         return WOLFSSL_SUCCESS;
@@ -5075,19 +5164,9 @@ int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
 
 /* returns null on failure and pointer to internal value on success */
 WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
-        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
+        const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
 {
-    WOLFSSL_STACK* ret;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    ret = wolfSSL_sk_get_node(sk, idx);
-    if (ret != NULL) {
-        return ret->data.ext;
-    }
-    return NULL;
+    return (WOLFSSL_X509_EXTENSION*)wolfSSL_sk_value(sk, idx);
 }
 
 /* frees all of the nodes and the values in stack */
@@ -5098,9 +5177,15 @@ void wolfSSL_sk_X509_EXTENSION_pop_free(
     wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
 }
 
+void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
+{
+    wolfSSL_sk_pop_free(sk, NULL);
+}
+
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM)
 
 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
 {
@@ -5125,7 +5210,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
 
         fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
         if (fileBuffer != NULL) {
-            int ret = (int)XFREAD(fileBuffer, 1, sz, file);
+            int ret = (int)XFREAD(fileBuffer, 1, (size_t)sz, file);
             if (ret == sz) {
                 newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
             }
@@ -5170,12 +5255,12 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
     if (file == XBADFILE)
         return NULL;
 
-    if (XFSEEK(file, 0, XSEEK_END) != 0){
+    if (XFSEEK(file, 0, XSEEK_END) != 0) {
         XFCLOSE(file);
         return NULL;
     }
     sz = XFTELL(file);
-    if (XFSEEK(file, 0, XSEEK_SET) != 0){
+    if (XFSEEK(file, 0, XSEEK_SET) != 0) {
         XFCLOSE(file);
         return NULL;
     }
@@ -5195,7 +5280,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
         dynamic = 1;
     }
 
-    ret = (int)XFREAD(fileBuffer, 1, sz, file);
+    ret = (int)XFREAD(fileBuffer, 1, (size_t)sz, file);
     if (ret != sz) {
         XFCLOSE(file);
         if (dynamic)
@@ -5215,7 +5300,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
 #endif /* !NO_FILESYSTEM */
 
 static WOLFSSL_X509* loadX509orX509REQFromBuffer(
-    const unsigned char* buf, int sz, int format, int type)
+    const unsigned char* buf, int sz, int format, int type,
+    wc_pem_password_cb *cb, void *u)
 {
 
     int ret = 0;
@@ -5225,8 +5311,15 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
     WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
 
     if (format == WOLFSSL_FILETYPE_PEM) {
+        EncryptedInfo info;
+        XMEMSET(&info, 0, sizeof(EncryptedInfo));
+    #ifdef WOLFSSL_ENCRYPTED_KEYS
+        info.passwd_cb       = cb;
+        info.passwd_userdata = u;
+    #endif
+
     #ifdef WOLFSSL_PEM_TO_DER
-        ret = PemToDer(buf, sz, type, &der, NULL, NULL, NULL);
+        ret = PemToDer(buf, sz, type, &der, NULL, &info, NULL);
         if (ret != 0) {
             FreeDer(&der);
         }
@@ -5260,7 +5353,7 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
     #endif
         {
             InitDecodedCert(cert, der->buffer, der->length, NULL);
-            ret = ParseCertRelative(cert, type, 0, NULL);
+            ret = ParseCertRelative(cert, type, 0, NULL, NULL);
             if (ret == 0) {
                 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
                                                              DYNAMIC_TYPE_X509);
@@ -5290,6 +5383,9 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
         WOLFSSL_ERROR(ret);
     }
 
+    /* unused parameter when built without WOLFSSL_ENCRYPTED_KEYS */
+    (void)cb;
+    (void)u;
     return x509;
 }
 
@@ -5297,7 +5393,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
     const unsigned char* buf, int sz, int format)
 {
     return loadX509orX509REQFromBuffer(buf, sz,
-            format, CERT_TYPE);
+            format, CERT_TYPE, NULL, NULL);
 }
 
 #ifdef WOLFSSL_CERT_REQ
@@ -5305,11 +5401,12 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
     const unsigned char* buf, int sz, int format)
 {
     return loadX509orX509REQFromBuffer(buf, sz,
-            format, CERTREQ_TYPE);
+            format, CERTREQ_TYPE, NULL, NULL);
 }
 #endif
 
-#endif /* KEEP_PEER_CERT || SESSION_CERTS */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || \
+          SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(KEEP_PEER_CERT) || \
     defined(SESSION_CERTS)
@@ -5319,19 +5416,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
 /* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
  * fail
  */
-WOLFSSL_X509* wolfSSL_X509_new(void)
+WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap)
 {
     WOLFSSL_X509* x509;
 
-    x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
+    x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
             DYNAMIC_TYPE_X509);
     if (x509 != NULL) {
-        InitX509(x509, 1, NULL);
+        InitX509(x509, 1, heap);
     }
 
     return x509;
 }
 
+WOLFSSL_X509* wolfSSL_X509_new(void)
+{
+    return wolfSSL_X509_new_ex(NULL);
+}
+
 WOLFSSL_ABI
 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
 {
@@ -5369,7 +5471,7 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
 {
     WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
     if (!name)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return name->sz;
 }
 
@@ -5383,11 +5485,6 @@ static WOLFSSL_X509_NAME_ENTRY* GetEntryByNID(WOLFSSL_X509_NAME* name, int nid,
     int i;
     WOLFSSL_X509_NAME_ENTRY* ret = NULL;
 
-    /* and index of less than 0 is assumed to be starting from 0 */
-    if (*idx < 0) {
-        *idx = 0;
-    }
-
     for (i = *idx; i < MAX_NAME_ENTRIES; i++) {
         if (name->entry[i].nid == nid) {
             ret = &name->entry[i];
@@ -5449,14 +5546,15 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
         WOLFSSL_MSG("Buffer is NULL, returning buffer size only");
         return textSz;
     }
+    if (len <= 0) {
+        return 0;
+    }
 
-    /* buf is not NULL from above */
-    if (text != NULL) {
-        textSz = min(textSz + 1, len); /* + 1 to account for null char */
-        if (textSz > 0) {
-            XMEMCPY(buf, text, textSz - 1);
-            buf[textSz - 1] = '\0';
-        }
+    /* + 1 to account for null char */
+    textSz = (int)min((word32)textSz + 1, (word32)len);
+    if (textSz > 0) {
+        XMEMCPY(buf, text, textSz - 1);
+        buf[textSz - 1] = '\0';
     }
 
     WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
@@ -5479,13 +5577,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
         key = wolfSSL_EVP_PKEY_new_ex(x509->heap);
         if (key != NULL) {
             if (x509->pubKeyOID == RSAk) {
-                key->type = EVP_PKEY_RSA;
+                key->type = WC_EVP_PKEY_RSA;
             }
             else if (x509->pubKeyOID == DSAk) {
-                key->type = EVP_PKEY_DSA;
+                key->type = WC_EVP_PKEY_DSA;
             }
             else {
-                key->type = EVP_PKEY_EC;
+                key->type = WC_EVP_PKEY_EC;
             }
             key->save_type = 0;
             key->pkey.ptr = (char*)XMALLOC(
@@ -5496,7 +5594,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
                 return NULL;
             }
             XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length);
-            key->pkey_sz = x509->pubKey.length;
+            key->pkey_sz = (int)x509->pubKey.length;
 
             #ifdef HAVE_ECC
                 key->pkey_curve = (int)x509->pkCurveOID;
@@ -5504,7 +5602,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
 
             /* decode RSA key */
             #ifndef NO_RSA
-            if (key->type == EVP_PKEY_RSA) {
+            if (key->type == WC_EVP_PKEY_RSA) {
                 key->ownRsa = 1;
                 key->rsa = wolfSSL_RSA_new();
                 if (key->rsa == NULL) {
@@ -5523,7 +5621,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
 
             /* decode ECC key */
             #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-            if (key->type == EVP_PKEY_EC) {
+            if (key->type == WC_EVP_PKEY_EC) {
                 word32 idx = 0;
 
                 key->ownEcc = 1;
@@ -5556,7 +5654,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
             #endif /* HAVE_ECC && OPENSSL_EXTRA */
 
             #ifndef NO_DSA
-            if (key->type == EVP_PKEY_DSA) {
+            if (key->type == WC_EVP_PKEY_DSA) {
                 key->ownDsa = 1;
                 key->dsa = wolfSSL_DSA_new();
                 if (key->dsa == NULL) {
@@ -5584,7 +5682,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
  * size of this subset and its memory usage */
 #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */
 
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 /*
  * Converts a and b to DER and then does an XMEMCMP to check if they match.
  * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't.
@@ -5596,17 +5694,17 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
         int outSzA = 0;
         int outSzB = 0;
 
-        if (a == NULL || b == NULL){
+        if (a == NULL || b == NULL) {
             return BAD_FUNC_ARG;
         }
 
         derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA);
-        if (derA == NULL){
+        if (derA == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed");
             return WOLFSSL_FATAL_ERROR;
         }
         derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB);
-        if (derB == NULL){
+        if (derB == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -5631,18 +5729,26 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             switch (nid) {
-                case NID_basic_constraints: isSet = x509->basicConstSet; break;
-                case NID_subject_alt_name: isSet = x509->subjAltNameSet; break;
-                case NID_authority_key_identifier: isSet = x509->authKeyIdSet; break;
-                case NID_subject_key_identifier: isSet = x509->subjKeyIdSet; break;
-                case NID_key_usage: isSet = x509->keyUsageSet; break;
-                case NID_crl_distribution_points: isSet = x509->CRLdistSet; break;
-                case NID_ext_key_usage: isSet = ((x509->extKeyUsageSrc) ? 1 : 0);
-                    break;
-                case NID_info_access: isSet = x509->authInfoSet; break;
-                #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-                    case NID_certificate_policies: isSet = x509->certPolicySet; break;
-                #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+                case WC_NID_basic_constraints:
+                    isSet = x509->basicConstSet; break;
+                case WC_NID_subject_alt_name:
+                    isSet = x509->subjAltNameSet; break;
+                case WC_NID_authority_key_identifier:
+                    isSet = x509->authKeyIdSet; break;
+                case WC_NID_subject_key_identifier:
+                    isSet = x509->subjKeyIdSet; break;
+                case WC_NID_key_usage:
+                    isSet = x509->keyUsageSet; break;
+                case WC_NID_crl_distribution_points:
+                    isSet = x509->CRLdistSet; break;
+                case WC_NID_ext_key_usage:
+                    isSet = ((x509->extKeyUsageSrc) ? 1 : 0); break;
+                case WC_NID_info_access:
+                    isSet = x509->authInfoSet; break;
+            #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+                case WC_NID_certificate_policies:
+                    isSet = x509->certPolicySet; break;
+            #endif /* WOLFSSL_SEP || WOLFSSL_QT */
                 default:
                     WOLFSSL_MSG("NID not in table");
             }
@@ -5662,16 +5768,24 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             switch (nid) {
-                case NID_basic_constraints: crit = x509->basicConstCrit; break;
-                case NID_subject_alt_name: crit = x509->subjAltNameCrit; break;
-                case NID_authority_key_identifier: crit = x509->authKeyIdCrit; break;
-                case NID_subject_key_identifier: crit = x509->subjKeyIdCrit; break;
-                case NID_key_usage: crit = x509->keyUsageCrit; break;
-                case NID_crl_distribution_points: crit= x509->CRLdistCrit; break;
-                case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break;
-                #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-                    case NID_certificate_policies: crit = x509->certPolicyCrit; break;
-                #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+                case WC_NID_basic_constraints:
+                    crit = x509->basicConstCrit; break;
+                case WC_NID_subject_alt_name:
+                    crit = x509->subjAltNameCrit; break;
+                case WC_NID_authority_key_identifier:
+                    crit = x509->authKeyIdCrit; break;
+                case WC_NID_subject_key_identifier:
+                    crit = x509->subjKeyIdCrit; break;
+                case WC_NID_key_usage:
+                    crit = x509->keyUsageCrit; break;
+                case WC_NID_crl_distribution_points:
+                    crit= x509->CRLdistCrit; break;
+                case WC_NID_ext_key_usage:
+                    crit= x509->extKeyUsageCrit; break;
+            #ifdef WOLFSSL_SEP
+                case WC_NID_certificate_policies:
+                    crit = x509->certPolicyCrit; break;
+            #endif /* WOLFSSL_SEP */
             }
         }
 
@@ -5736,8 +5850,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             if (x509->authKeyIdSet) {
-                copySz = min(dstLen != NULL ? *dstLen : 0,
-                             (int)x509->authKeyIdSz);
+                copySz = (int)min(dstLen != NULL ? (word32)*dstLen : 0,
+                                  x509->authKeyIdSz);
                 id = x509->authKeyId;
             }
 
@@ -5763,8 +5877,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             if (x509->subjKeyIdSet) {
-                copySz = min(dstLen != NULL ? *dstLen : 0,
-                                                        (int)x509->subjKeyIdSz);
+                copySz = (int)min(dstLen != NULL ? (word32) *dstLen : 0,
+                                  x509->subjKeyIdSz);
                 id = x509->subjKeyId;
             }
 
@@ -5779,6 +5893,34 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         return id;
     }
+
+    const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
+            WOLFSSL_X509 *x509)
+    {
+        WOLFSSL_ASN1_STRING* ret = NULL;
+
+        WOLFSSL_ENTER("wolfSSL_X509_get0_subject_key_id");
+
+        if (x509 != NULL && x509->subjKeyIdSet) {
+            if (x509->subjKeyIdStr == NULL) {
+                x509->subjKeyIdStr = wolfSSL_ASN1_STRING_new();
+                if (x509->subjKeyIdStr != NULL) {
+                    if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr,
+                            x509->subjKeyId, x509->subjKeyIdSz) == 1) {
+                    }
+                    else {
+                        wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
+                        x509->subjKeyIdStr = NULL;
+                    }
+                }
+            }
+            ret = x509->subjKeyIdStr;
+        }
+
+        WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL);
+
+        return ret;
+    }
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
@@ -5831,6 +5973,229 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
     #define MAX_WIDTH 80
 #endif
 
+#if defined(WOLFSSL_ACERT)
+#define ACERT_NUM_DIR_TAGS 4
+
+/* Convenience struct and function for printing the Holder sub fields
+ * of an X509 Attribute struct. */
+struct acert_dir_print_t {
+    const char * pfx;
+    const byte   tag[3];
+};
+
+static struct acert_dir_print_t acert_dir_print[ACERT_NUM_DIR_TAGS] =
+{
+    { "C=", {0x55, 0x04, ASN_COUNTRY_NAME} },
+    { "O=", {0x55, 0x04, ASN_ORG_NAME} },
+    { "OU=", {0x55, 0x04, ASN_ORGUNIT_NAME} },
+    { "CN=", {0x55, 0x04, ASN_COMMON_NAME} },
+};
+
+/* Print an entry of ASN_DIR_TYPE into dst of length max_len.
+ *
+ * Returns total_len of str on success.
+ * Returns < 0 on failure.
+ * */
+static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry)
+{
+    word32       k = 0;
+    word32       i = 0;
+    const char * src = entry->name;
+    word32       src_len = (word32)XSTRLEN(src);
+    int          total_len = 0;
+    int          bytes_left = max_len;
+    int          fld_len = 0;
+    int          match_found = 0;
+
+    XMEMSET(dst, 0, max_len);
+
+    /* loop over printable DIR tags. */
+    for (k = 0; k < ACERT_NUM_DIR_TAGS; ++k) {
+        const char * pfx = acert_dir_print[k].pfx;
+        const byte * tag = acert_dir_print[k].tag;
+        byte         asn_tag;
+
+        /* walk through entry looking for matches. */
+        for (i = 0; i < src_len - 5; ++i) {
+            if (XMEMCMP(tag, &src[i], 3) == 0) {
+                if (bytes_left < 5) {
+                    /* Not enough space left for name oid + tag + len. */
+                    break;
+                }
+
+                if (match_found) {
+                    /* append a {',', ' '} before doing anything else. */
+                    *dst++ = ',';
+                    *dst++ = ' ';
+                    total_len += 2;
+                    bytes_left -= 2;
+                }
+
+                i += 3;
+
+                /* Get the ASN Tag. */
+                if (GetASNTag((const byte *)src, &i, &asn_tag, src_len) < 0) {
+                    WOLFSSL_MSG("error: GetASNTag failed");
+                    break;
+                }
+
+                /* Check it is printable. */
+                if ((asn_tag != ASN_PRINTABLE_STRING) &&
+                    (asn_tag != ASN_IA5_STRING) &&
+                    (asn_tag != ASN_UTF8STRING)) {
+                    /* Don't know what this is but we can't print it. */
+                    WOLFSSL_MSG("error: asn tag not printable string");
+                    break;
+                }
+
+                /* Now get the length of the printable string. */
+                if (GetLength((const byte *)src, &i, &fld_len, src_len) < 0) {
+                    break;
+                }
+
+                /* Make sure we have space to fit it. */
+                if ((int) XSTRLEN(pfx) > bytes_left) {
+                    /* Not enough space left. */
+                    break;
+                }
+
+                /* Copy it in, decrement available space. */
+                XSTRNCPY(dst, pfx, bytes_left);
+                dst += XSTRLEN(pfx);
+                total_len += (int)XSTRLEN(pfx);
+                bytes_left -= (int)XSTRLEN(pfx);
+
+                if (fld_len > bytes_left) {
+                    /* Not enough space left. */
+                    break;
+                }
+
+                XMEMCPY(dst, &src[i], fld_len);
+                i += fld_len;
+                dst += fld_len;
+                total_len += fld_len;
+                bytes_left -= fld_len;
+
+                match_found = 1;
+            }
+        }
+    }
+
+    return total_len;
+}
+
+static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
+                                       const DNS_entry* entry, int indent)
+{
+    int  ret = WOLFSSL_SUCCESS;
+    int  nameCount = 0;
+    char scratch[MAX_WIDTH];
+    int  len;
+
+    if (bio == NULL || entry == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, "");
+    if (len >= MAX_WIDTH) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    while (entry != NULL) {
+        ++nameCount;
+        if (nameCount > 1) {
+            if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+
+        if (entry->type == ASN_DNS_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+        else if (entry->type == ASN_IP_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
+                    entry->ipString);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+        else if (entry->type == ASN_RFC822_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
+                    entry->name);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else if (entry->type == ASN_DIR_TYPE) {
+            len = X509PrintDirType(scratch, MAX_WIDTH, entry);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else if (entry->type == ASN_URI_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
+                entry->name);
+             if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #if defined(OPENSSL_ALL)
+        else if (entry->type == ASN_RID_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
+                entry->ridString);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #endif
+        else if (entry->type == ASN_OTHER_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH,
+                "othername <unsupported>");
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else {
+            WOLFSSL_MSG("Bad alt name type.");
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
+
+        if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch))
+                <= 0) {
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
+
+        entry = entry->next;
+    }
+
+    if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) {
+        ret = WOLFSSL_FAILURE;
+    }
+
+    return ret;
+}
+
+#endif /* if WOLFSSL_ACERT*/
+
 static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
         int indent)
 {
@@ -5874,7 +6239,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
                         break;
                     }
                 }
-            #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+            #ifdef WOLFSSL_IP_ALT_NAME
                 else if (entry->type == ASN_IP_TYPE) {
                     len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
                             entry->ipString);
@@ -6159,6 +6524,70 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
     return WOLFSSL_SUCCESS;
 }
 
+#ifndef NO_ASN_TIME
+static int X509PrintValidity(WOLFSSL_BIO* bio, WOLFSSL_ASN1_TIME * notBefore,
+                             WOLFSSL_ASN1_TIME * notAfter, int indent)
+{
+    char tmp[80];
+    (void) indent;
+
+    if (wolfSSL_BIO_write(bio, "        Validity\n",
+                  (int)XSTRLEN("        Validity\n")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "            Not Before: ",
+                  (int)XSTRLEN("            Not Before: ")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+    if (notBefore->length > 0) {
+        if (GetTimeString(notBefore->data, ASN_UTC_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+            if (GetTimeString(notBefore->data, ASN_GENERALIZED_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Error getting not before date");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+    else {
+        XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+    }
+    tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
+    if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "\n            Not After : ",
+                  (int)XSTRLEN("\n            Not After : ")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+    if (notAfter->length > 0) {
+        if (GetTimeString(notAfter->data, ASN_UTC_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+            if (GetTimeString(notAfter->data, ASN_GENERALIZED_TIME,
+                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Error getting not after date");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+    else {
+        XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+    }
+    tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
+    if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* ifndef NO_ASN_TIME */
+
 /* iterate through certificate extensions printing them out in human readable
  * form
  * return WOLFSSL_SUCCESS on success
@@ -6201,7 +6630,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
         return WOLFSSL_FAILURE;
     }
 
-    for (i = 0; (i < count) && (ret != WOLFSSL_FAILURE); i++) {
+    for (i = 0; (i < count) && (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); i++) {
         WOLFSSL_X509_EXTENSION* ext;
 
         ext = wolfSSL_X509_get_ext(x509, i);
@@ -6218,7 +6647,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 break;
             }
             if (wolfSSL_OBJ_obj2txt(buf, MAX_WIDTH, obj, 0)
-                == WOLFSSL_FAILURE)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             {
                 ret = WOLFSSL_FAILURE;
                 break;
@@ -6241,11 +6670,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
             }
             nid = wolfSSL_OBJ_obj2nid(obj);
             switch (nid) {
-            case NID_subject_alt_name:
+            case WC_NID_subject_alt_name:
                 ret = X509PrintSubjAltName(bio, x509, indent + 8);
                 break;
 
-            case NID_subject_key_identifier:
+            case WC_NID_subject_key_identifier:
                 if (!x509->subjKeyIdSet || x509->subjKeyId == NULL ||
                     x509->subjKeyIdSz == 0)
                 {
@@ -6281,7 +6710,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                     XMEMCPY(scratch + scratchLen, val, valLen);
                     scratchLen += valLen;
                 }
-                if (ret == WOLFSSL_FAILURE)
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
                     break;
                 if (wolfSSL_BIO_write(bio, scratch,
                                       scratchLen) <= 0) {
@@ -6290,7 +6719,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_authority_key_identifier:
+            case WC_NID_authority_key_identifier:
                 if (!x509->authKeyIdSet || x509->authKeyId == NULL ||
                     x509->authKeyIdSz == 0) {
                     ret = WOLFSSL_FAILURE;
@@ -6330,7 +6759,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                     XMEMCPY(scratch + scratchLen, val, valLen);
                     scratchLen += valLen;
                 }
-                if (ret == WOLFSSL_FAILURE)
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
                     break;
                 if (wolfSSL_BIO_write(bio, scratch,
                                       scratchLen) <= 0) {
@@ -6339,7 +6768,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_basic_constraints:
+            case WC_NID_basic_constraints:
                 if (!x509->basicConstSet) {
                     ret = WOLFSSL_FAILURE;
                     break;
@@ -6360,11 +6789,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_key_usage:
+            case WC_NID_key_usage:
                 ret = X509PrintKeyUsage(bio, x509, indent + 8);
                 break;
 
-            case NID_ext_key_usage:
+            case WC_NID_ext_key_usage:
                 ret = X509PrintExtendedKeyUsage(bio, x509, indent + 8);
                 break;
 
@@ -6387,9 +6816,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
         }
     }
 
-    if (buf != NULL) {
-        XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -6430,7 +6857,7 @@ static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig,
     }
     if (ret == WOLFSSL_SUCCESS) {
         if (wolfSSL_OBJ_obj2txt(scratch, MAX_WIDTH, obj, 0)
-            == WOLFSSL_FAILURE)
+            == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         {
             ret = WOLFSSL_FAILURE;
         }
@@ -6569,9 +6996,7 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
             return WOLFSSL_FAILURE;
         }
 
-        if (sig != NULL) {
-            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     }
 
@@ -6593,7 +7018,8 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
     if (bio == NULL || x509 == NULL)
         return BAD_FUNC_ARG;
 
-    len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent, "");
+    len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent,
+        "");
     if (len >= MAX_WIDTH)
         return WOLFSSL_FAILURE;
     if (wolfSSL_BIO_write(bio, scratch, len) <= 0)
@@ -6727,7 +7153,7 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
             const byte* data;
 
             if (wolfSSL_OBJ_obj2txt(lName, lNameSz, attr->object, 0)
-                == WOLFSSL_FAILURE)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             {
                 return WOLFSSL_FAILURE;
             }
@@ -6778,8 +7204,10 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
             return WOLFSSL_FAILURE;
     }
 
-    /* print version of cert */
-    if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8)
+    /* print version of cert.  Note that we increment by 1 because for REQs,
+     * the value stored in x509->version is the actual value of the field; not
+     * the version. */
+    if (X509PrintVersion(bio, (int)wolfSSL_X509_REQ_get_version(x509) + 1, 8)
             != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -6879,65 +7307,13 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
         return WOLFSSL_FAILURE;
     }
 
-#ifndef NO_ASN_TIME
+    #ifndef NO_ASN_TIME
     /* print validity */
-    {
-        char tmp[80];
-
-        if (wolfSSL_BIO_write(bio, "        Validity\n",
-                      (int)XSTRLEN("        Validity\n")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wolfSSL_BIO_write(bio, "            Not Before: ",
-                      (int)XSTRLEN("            Not Before: ")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-        if (x509->notBefore.length > 0) {
-            if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("Error getting not before date");
-                    return WOLFSSL_FAILURE;
-                }
-            }
-        }
-        else {
-            XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
-        }
-        tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
-        if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wolfSSL_BIO_write(bio, "\n            Not After : ",
-                      (int)XSTRLEN("\n            Not After : ")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-        if (x509->notAfter.length > 0) {
-            if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME,
-                    tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("Error getting not after date");
-                    return WOLFSSL_FAILURE;
-                }
-            }
-        }
-        else {
-            XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
-        }
-        tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
-        if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
+    if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8)
+        != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
     }
-    #endif
+    #endif /* NO_ASN_TIME */
 
     /* print subject */
     if (X509PrintName(bio, wolfSSL_X509_get_subject_name(x509), subjType, 8)
@@ -6972,6 +7348,202 @@ int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
     return wolfSSL_X509_print_ex(bio, x509, 0, 0);
 }
 
+#if defined(WOLFSSL_ACERT)
+/* Retrieve sig NID from an ACERT.
+ *
+ * returns  NID on success
+ * returns  0 on failure
+ */
+int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return oid2nid((word32)x509->sigOID, oidSigType);
+}
+
+static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
+                                   int algOnly, int indent)
+{
+    int sigSz = 0;
+    if (wolfSSL_X509_ACERT_get_signature(x509, NULL, &sigSz) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (sigSz > 0) {
+        unsigned char* sig;
+        int sigNid;
+
+        sigNid = wolfSSL_X509_ACERT_get_signature_nid(x509);
+        if (sigNid <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (sig == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wolfSSL_X509_ACERT_get_signature(x509, sig, &sigSz) <= 0) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent)
+                != WOLFSSL_SUCCESS) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
+        }
+
+        if (sig != NULL) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
+                                int indent)
+{
+    unsigned char serial[32];
+    int  sz = sizeof(serial);
+
+    XMEMSET(serial, 0, sz);
+    if (wolfSSL_X509_ACERT_get_serial_number(x509, serial, &sz)
+        == WOLFSSL_SUCCESS) {
+        X509PrintSerial_ex(bio, serial, sz, 1, indent);
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509)
+{
+    const char * hdr =                "Attribute Certificate:\n";
+    const char * data_hdr =           "    Data:\n";
+    const char * holder_hdr =         "        Holder:\n";
+    const char * holder_issuer_hdr =  "            Issuer:";
+    const char * holder_name_hdr =    "            Name:";
+    const char * attcert_issuer_hdr = "        Issuer:";
+
+    if (bio == NULL || x509 == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print acert header */
+    if (wolfSSL_BIO_write(bio, hdr, (int)XSTRLEN(hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print data header */
+    if (wolfSSL_BIO_write(bio, data_hdr, (int)XSTRLEN(data_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print version of cert */
+    if (X509PrintVersion(bio, wolfSSL_X509_ACERT_version(x509), 8)
+            != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print serial number out */
+    if (X509AcertPrintSerial(bio, x509, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print holder field */
+    if (wolfSSL_BIO_write(bio, holder_hdr, (int)XSTRLEN(holder_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->holderEntityName != NULL) {
+        /* print issuer header */
+        if (wolfSSL_BIO_write(bio, holder_name_hdr,
+            (int)XSTRLEN(holder_name_hdr)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509_ACERT_print_name_entry(bio, x509->holderEntityName, 1)
+                != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    if (x509->holderIssuerName != NULL) {
+        /* print issuer header */
+        if (wolfSSL_BIO_write(bio, holder_issuer_hdr,
+            (int)XSTRLEN(holder_issuer_hdr)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509_ACERT_print_name_entry(bio, x509->holderIssuerName, 1)
+            != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    if (x509->holderSerialSz > 0) {
+        X509PrintSerial_ex(bio, x509->holderSerial, x509->holderSerialSz,
+                           1, 12);
+    }
+
+    /* print issuer header */
+    if (wolfSSL_BIO_write(bio, attcert_issuer_hdr,
+        (int)XSTRLEN(attcert_issuer_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->AttCertIssuerName != NULL) {
+        if (X509_ACERT_print_name_entry(bio, x509->AttCertIssuerName, 1)
+                != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        const char * msg = " Issuer type not supported.\n";
+        if (wolfSSL_BIO_write(bio, msg, (int)XSTRLEN(msg)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    #ifndef NO_ASN_TIME
+    /* print validity */
+    if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8)
+        != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+    #endif /* NO_ASN_TIME */
+
+    /* print raw attributes */
+    if (x509->rawAttr && x509->rawAttrLen > 0) {
+        char attr_hdr[128]; /* buffer for XSNPRINTF */
+
+        if (XSNPRINTF(attr_hdr, 128, "%*s%s: %d bytes\n", 8, "",
+                    "Attributes", x509->rawAttrLen) >= 128) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wolfSSL_BIO_write(bio, attr_hdr, (int)XSTRLEN(attr_hdr)) <= 0) {
+                return WOLFSSL_FAILURE;
+        }
+    }
+
+    /* print out sig algo and signature */
+    if (X509AcertPrintSignature(bio, x509, 0, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* done with print out */
+    if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_ACERT */
+
 #ifndef NO_FILESYSTEM
 int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
 {
@@ -6990,7 +7562,7 @@ int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
         return WOLFSSL_FAILURE;
     }
 
-    if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
         wolfSSL_BIO_free(bio);
         return WOLFSSL_FAILURE;
@@ -7041,7 +7613,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
 
     for (i = 0; i < length; ++i) {
         char hex_digits[4];
-#ifdef XSNPRINTF
         if (XSNPRINTF(hex_digits, sizeof(hex_digits), "%c%02X", i>0 ? ':' : ' ',
                   (unsigned int)sigalg->algorithm->obj[idx+i])
             >= (int)sizeof(hex_digits))
@@ -7049,10 +7620,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
             WOLFSSL_MSG("buffer overrun");
             return WOLFSSL_FAILURE;
         }
-#else
-        XSPRINTF(hex_digits, "%c%02X", i>0 ? ':' : ' ',
-                 (unsigned int)sigalg->algorithm->obj[idx+i]);
-#endif
         if (wolfSSL_BIO_puts(bp, hex_digits) <= 0)
             return WOLFSSL_FAILURE;
     }
@@ -7080,7 +7647,7 @@ void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig,
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 const char* wolfSSL_X509_verify_cert_error_string(long err)
 {
-    return wolfSSL_ERR_reason_error_string(err);
+    return wolfSSL_ERR_reason_error_string((unsigned long)err);
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
@@ -7102,13 +7669,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
 {
 #if !defined(NO_FILESYSTEM) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     XFILE         fp;
     long          sz;
     byte*         pem = NULL;
     byte*         curr = NULL;
     byte*         prev = NULL;
-    WOLFSSL_X509* x509;
     const char* header = NULL;
     const char* footer = NULL;
 
@@ -7119,12 +7685,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
     if (fp == XBADFILE)
         return WS_RETURN_CODE(BAD_FUNC_ARG, (int)WOLFSSL_FAILURE);
 
-    if(XFSEEK(fp, 0, XSEEK_END) != 0) {
+    if (XFSEEK(fp, 0, XSEEK_END) != 0) {
         XFCLOSE(fp);
         return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE);
     }
     sz = XFTELL(fp);
-    if(XFSEEK(fp, 0, XSEEK_SET) != 0) {
+    if (XFSEEK(fp, 0, XSEEK_SET) != 0) {
         XFCLOSE(fp);
         return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE);
     }
@@ -7169,12 +7735,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
         }
         else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
                 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) {
-            x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz,
-                                                        WOLFSSL_FILETYPE_PEM);
-            if (x509 == NULL)
-                 goto end;
-            ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509);
-            wolfSSL_X509_free(x509);
+            ret = X509StoreLoadCertBuffer(lookup->store, curr,
+                                        (word32)sz, WOLFSSL_FILETYPE_PEM);
             if (ret != WOLFSSL_SUCCESS)
                 goto end;
             curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz);
@@ -7192,8 +7754,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
     while (ret == WOLFSSL_SUCCESS);
 
 end:
-    if (pem != NULL)
-        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+    XFREE(pem, 0, DYNAMIC_TYPE_PEM);
     XFCLOSE(fp);
     return WS_RETURN_CODE(ret, (int)WOLFSSL_FAILURE);
 #else
@@ -7311,8 +7872,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
                 XSTRNCPY(entry->dir_name, buf, pathLen);
                 entry->dir_name[pathLen] = '\0';
 
-                if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
-                                                    != WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) <= 0) {
                     wolfSSL_BY_DIR_entry_free(entry);
                     #ifdef WOLFSSL_SMALL_STACK
                         XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
@@ -7358,7 +7918,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
 int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
         const char *argc, long argl, char **ret)
 {
-    int lret = WOLFSSL_FAILURE;
+    int lret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl");
 #if !defined(NO_FILESYSTEM)
@@ -7415,9 +7975,10 @@ static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
  *
  * returns WOLFSSL_SUCCESS on success
  */
-static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int req)
+static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
+    int req)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     /* Get large buffer to hold cert der */
     int derSz = X509_BUFFER_SZ;
 #ifdef WOLFSSL_SMALL_STACK
@@ -7523,6 +8084,61 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
     return derSz;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Generate a der preTBS from a decoded cert, and write
+ * to buffer.
+ *
+ * @param [in]  cert  The decoded cert to parse.
+ * @param [out] der   The der buffer to write in.
+ * @param [in]  derSz The der buffer size.
+ *
+ * @return  preTBS der size on success.
+ * */
+int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) {
+    int ret = 0;
+    WOLFSSL_X509 *x = NULL;
+    byte certIsCSR = 0;
+
+    WOLFSSL_ENTER("wc_GeneratePreTBS");
+
+    if ((cert == NULL) || (der == NULL) || (derSz <= 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_CERT_REQ
+    certIsCSR = cert->isCSR;
+#endif
+
+    x = wolfSSL_X509_new();
+    if (x == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = CopyDecodedToX509(x, cert);
+    }
+
+    if (ret == 0) {
+        /* Remove the altsigval extension. */
+        XFREE(x->altSigValDer, x->heap, DYNAMIC_TYPE_X509_EXT);
+        x->altSigValDer = NULL;
+        x->altSigValLen = 0;
+        /* Remove sigOID so it won't be encoded. */
+        x->sigOID = 0;
+        /* We now have a PreTBS. Encode it. */
+        ret = wolfssl_x509_make_der(x, certIsCSR, der, &derSz, 0);
+        if (ret == WOLFSSL_SUCCESS) {
+            ret = derSz;
+        }
+    }
+
+    if (x != NULL) {
+        wolfSSL_X509_free(x);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 #ifndef NO_BIO
 /**
  * Converts the DER from bio and creates a WOLFSSL_X509 structure from it.
@@ -7548,7 +8164,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
     size = wolfSSL_BIO_get_len(bio);
     if (size <= 0) {
         WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data.");
-        WOLFSSL_ERROR(ASN1_R_HEADER_TOO_LONG);
+        WOLFSSL_ERROR(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
         return NULL;
     }
 
@@ -7571,7 +8187,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
 #endif
     }
     else {
-        localX509 = wolfSSL_X509_d2i(NULL, mem, size);
+        localX509 = wolfSSL_X509_d2i_ex(NULL, mem, size, bio->heap);
     }
     if (localX509 == NULL) {
         WOLFSSL_MSG("wolfSSL_X509_d2i error");
@@ -7606,7 +8222,8 @@ WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
 /* Use the public key to verify the signature. Note: this only verifies
  * the certificate signature.
  * returns WOLFSSL_SUCCESS on successful signature verification */
-static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int req)
+static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+    int req)
 {
     int ret;
     const byte* der;
@@ -7626,15 +8243,15 @@ static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int r
     }
 
     switch (pkey->type) {
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             type = RSAk;
             break;
 
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             type = ECDSAk;
             break;
 
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             type = DSAk;
             break;
 
@@ -7645,11 +8262,11 @@ static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int r
 
 #ifdef WOLFSSL_CERT_REQ
     if (req)
-        ret = CheckCSRSignaturePubKey(der, derSz, x509->heap,
+        ret = CheckCSRSignaturePubKey(der, (word32)derSz, x509->heap,
                 (unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, type);
     else
 #endif
-        ret = CheckCertSignaturePubKey(der, derSz, x509->heap,
+        ret = CheckCertSignaturePubKey(der, (word32)derSz, x509->heap,
                 (unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, type);
     if (ret == 0) {
         return WOLFSSL_SUCCESS;
@@ -7701,7 +8318,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
 
     fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
     if (fileBuffer != NULL) {
-        if ((long)XFREAD(fileBuffer, 1, sz, file) != sz) {
+        if ((long)XFREAD(fileBuffer, 1, (size_t)sz, file) != sz) {
             WOLFSSL_MSG("File read failed");
             goto err_exit;
         }
@@ -7723,7 +8340,8 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
             if ((newx509 = wc_PKCS12_new()) == NULL) {
                 goto err_exit;
             }
-            if (wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) {
+            if (wc_d2i_PKCS12(fileBuffer, (word32)sz,
+                                                     (WC_PKCS12*)newx509) < 0) {
                 goto err_exit;
             }
         }
@@ -7750,8 +8368,7 @@ err_exit:
     }
 #endif
 _exit:
-    if (fileBuffer != NULL)
-        XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
+    XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
 
     return newx509;
 }
@@ -7796,16 +8413,19 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             if (wolfSSL_X509_STORE_add_cert(ctx->store, x509)
                                     == WOLFSSL_SUCCESS) {
                 cnt++;
-            } else {
+            }
+            else {
                 WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error");
             }
             wolfSSL_X509_free(x509);
             x509 = NULL;
-        } else {
+        }
+        else {
             WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error");
         }
 
-    } else {
+    }
+    else {
 #if defined(OPENSSL_ALL)
     #if !defined(NO_BIO)
         STACK_OF(WOLFSSL_X509_INFO) *info;
@@ -7813,7 +8433,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         int i;
         int num = 0;
         WOLFSSL_BIO *bio = wolfSSL_BIO_new_file(file, "rb");
-        if(!bio) {
+        if (!bio) {
             WOLFSSL_MSG("wolfSSL_BIO_new error");
             return cnt;
         }
@@ -7831,19 +8451,21 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             info_tmp = wolfSSL_sk_X509_INFO_value(info, i);
 
             if (info_tmp->x509) {
-                if(wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
+                if (wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
                     WOLFSSL_SUCCESS) {
                     cnt ++;
-                } else {
+                }
+                else {
                     WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert failed");
                 }
             }
 #ifdef HAVE_CRL
             if (info_tmp->crl) {
-                if(wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
+                if (wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
                     WOLFSSL_SUCCESS) {
                     cnt ++;
-                } else {
+                }
+                else {
                     WOLFSSL_MSG("wolfSSL_X509_STORE_add_crl failed");
                 }
             }
@@ -7926,19 +8548,18 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
         }
     }
 
-    if (der != NULL) {
-        XFREE(der, 0, DYNAMIC_TYPE_DER);
-    }
+    XFREE(der, 0, DYNAMIC_TYPE_DER);
 
     return crl;
 }
 #endif
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
 {
     WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
-    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
+    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl,
+        CRL_TYPE);
 }
 
 /* Read CRL file, and add it to store and corresponding cert manager     */
@@ -7950,7 +8571,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                              const char *file, int type)
 {
 #ifndef NO_BIO
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int count = 0;
     WOLFSSL_BIO *bio = NULL;
     WOLFSSL_X509_CRL *crl = NULL;
@@ -7984,7 +8605,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             }
 
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
                 break;
             }
@@ -7999,15 +8620,18 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL);
         if (crl == NULL) {
             WOLFSSL_MSG("Load crl failed");
-        } else {
+        }
+        else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
-            } else {
+            }
+            else {
                 ret = 1;/* handled a file */
             }
         }
-    } else {
+    }
+    else {
         WOLFSSL_MSG("Invalid file type");
     }
 
@@ -8017,7 +8641,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
     WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret);
     return ret;
 #else
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int count = 0;
     XFILE fp;
     WOLFSSL_X509_CRL *crl = NULL;
@@ -8041,7 +8665,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             }
 
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
                 break;
             }
@@ -8060,7 +8684,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         }
         else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
             }
             else {
@@ -8092,21 +8716,25 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
 
     if (in == NULL) {
         WOLFSSL_MSG("Bad argument value");
-    } else {
+    }
+    else {
         newcrl =(WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL,
                 DYNAMIC_TYPE_CRL);
-        if (newcrl == NULL){
+        if (newcrl == NULL) {
             WOLFSSL_MSG("New CRL allocation failed");
-        } else {
+        }
+        else {
             ret = InitCRL(newcrl, NULL);
             if (ret < 0) {
                 WOLFSSL_MSG("Init tmp CRL failed");
-            } else {
+            }
+            else {
                 ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1,
                     NO_VERIFY);
                 if (ret != WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Buffer Load CRL failed");
-                } else {
+                }
+                else {
                     if (crl) {
                         *crl = newcrl;
                     }
@@ -8115,7 +8743,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
         }
     }
 
-    if((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
+    if ((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
         wolfSSL_X509_CRL_free(newcrl);
         newcrl = NULL;
     }
@@ -8179,11 +8807,19 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
 {
     WOLFSSL_ENTER("wolfSSL_X509_CRL_get_signature");
 
-    if (crl == NULL || crl->crlList == NULL || bufSz == NULL)
+    if (crl == NULL || crl->crlList == NULL ||
+        crl->crlList->signature == NULL || bufSz == NULL)
         return BAD_FUNC_ARG;
 
-    if (buf != NULL)
-        XMEMCPY(buf, crl->crlList->signature, *bufSz);
+    if (buf != NULL) {
+        if (*bufSz < (int)crl->crlList->signatureSz) {
+            WOLFSSL_MSG("Signature buffer too small");
+            return BUFFER_E;
+        }
+        else {
+            XMEMCPY(buf, crl->crlList->signature, crl->crlList->signatureSz);
+        }
+    }
     *bufSz = (int)crl->crlList->signatureSz;
 
     return WOLFSSL_SUCCESS;
@@ -8288,9 +8924,7 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
             return WOLFSSL_FAILURE;
         }
 
-        if (sig != NULL) {
-            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     }
 
@@ -8370,8 +9004,8 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
                 }
                 tmp[0] = '\0';
             }
-            if (XSNPRINTF(val, valSz, ":%02X", crl->crlList->extAuthKeyId[i])
-                >= valSz)
+            if (XSNPRINTF(val, (size_t)valSz, ":%02X",
+                    crl->crlList->extAuthKeyId[i]) >= valSz)
             {
                 WOLFSSL_MSG("buffer overrun");
                 return WOLFSSL_FAILURE;
@@ -8666,8 +9300,7 @@ WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void)
 
 void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param)
 {
-    if (param != NULL)
-        XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 
@@ -8675,7 +9308,7 @@ void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param)
 int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param,
         unsigned long flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         param->flags |= flags;
@@ -8701,7 +9334,7 @@ int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param)
 int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
         unsigned long flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         param->flags &= ~flags;
@@ -8711,6 +9344,47 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
     return ret;
 }
 
+/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or
+ * auth_level.
+ */
+static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = {
+    {
+     "ssl_client",              /* name */
+     0,                         /* check_time */
+     0,                         /* inherit_flags */
+     0,                         /* flags */
+     "",                        /* hostname */
+     0,                         /* hostFlags */
+     ""                         /* ipasc */
+    },
+    {
+     "ssl_server",              /* name */
+     0,                         /* check_time */
+     0,                         /* inherit_flags */
+     0,                         /* flags */
+     "",                        /* hostname */
+     0,                         /* hostFlags */
+     ""                         /* ipasc */
+    }
+};
+
+const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
+    const char *name)
+{
+    const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0],
+        *param_end = &x509_verify_param_builtins[
+                                         XELEM_CNT(x509_verify_param_builtins)];
+
+    if (name == NULL) {
+        return NULL;
+    }
+    while (param < param_end) {
+        if (XSTRCMP(name, param->name) == 0)
+            return param;
+        ++param;
+    }
+    return NULL;
+}
 
 /* inherits properties of param "to" to param "from"
 *
@@ -8721,10 +9395,10 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
 * WOLFSSL_VPARAM_LOCKED           don't copy any values
 * WOLFSSL_VPARAM_ONCE             the current inherit_flags is zerroed
 */
-static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
+int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
                                          const WOLFSSL_X509_VERIFY_PARAM *from)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WOLFSSL_SUCCESS;
     int isOverWrite = 0;
     int isDefault = 0;
     unsigned int flags;
@@ -8756,7 +9430,7 @@ static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
     if (isOverWrite ||
         (from->hostName[0] != 0 && (to->hostName[0] == 0 || isDefault))) {
             if (!(ret = wolfSSL_X509_VERIFY_PARAM_set1_host(to, from->hostName,
-                (int)XSTRLEN(from->hostName))))
+                (unsigned int)XSTRLEN(from->hostName))))
                 return ret;
         to->hostFlags = from->hostFlags;
     }
@@ -8826,7 +9500,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
 int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM *to,
                                    const WOLFSSL_X509_VERIFY_PARAM *from)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     unsigned int _inherit_flags;
 
     if (!to) {
@@ -8868,7 +9542,7 @@ void wolfSSL_X509_VERIFY_PARAM_set_hostflags(WOLFSSL_X509_VERIFY_PARAM* param,
 int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
         const char *ipasc)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         if (ipasc == NULL) {
@@ -8893,7 +9567,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
 int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
     const unsigned char* ip, size_t iplen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifndef NO_FILESYSTEM
     char* buf = NULL;
     char* p = NULL;
@@ -8908,18 +9582,21 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         WOLFSSL_MSG("bad function arg");
         return ret;
     }
+    if (ip == NULL && iplen != 0) {
+        WOLFSSL_MSG("bad function arg");
+        return ret;
+    }
 #ifndef NO_FILESYSTEM
     if (iplen == 4) {
         /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */
         buf = (char*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
         if (!buf) {
             WOLFSSL_MSG("failed malloc");
             return ret;
         }
 
-        XSPRINTF(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
-        buf[15] = '\0';
+        (void)XSNPRINTF(buf, 16, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+        buf[15] = '\0'; /* null terminate */
     }
     else if (iplen == 16) {
         /* ipv6 normal address scheme
@@ -8948,47 +9625,46 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         *   to re-construct IP address in ascii.
         */
         buf = (char*)XMALLOC(max_ipv6_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
         if (!buf) {
             WOLFSSL_MSG("failed malloc");
             return ret;
         }
         p = buf;
         for (i = 0; i < 16; i += 2) {
-           val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF;
-           if (val == 0){
-               if (!write_zero) {
+            val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF;
+            if (val == 0) {
+                if (!write_zero) {
                     *p = ':';
-               }
-               p++;
-               *p = '\0';
-               write_zero = 1;
-           }
-           else {
-               if (i != 0)
-                *p++ = ':';
-               XSPRINTF(p, "%x", val);
-           }
-           /* sanity check */
-           if (XSTRLEN(buf) > max_ipv6_len) {
-               WOLFSSL_MSG("The target ip address exceeds buffer length(40)");
-               XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-               buf = NULL;
-               break;
-           }
-           /* move the pointer to the last */
-           /* XSTRLEN includes NULL because of XSPRINTF use */
-           p = buf + (XSTRLEN(buf));
+                }
+                p++;
+                *p = '\0';
+                write_zero = 1;
+            }
+            else {
+                if (i != 0) {
+                    *p++ = ':';
+                }
+                (void)XSNPRINTF(p, max_ipv6_len - (size_t)(p - buf), "%x", val);
+            }
+            /* sanity check */
+            if (XSTRLEN(buf) > max_ipv6_len) {
+                WOLFSSL_MSG("The target ip address exceeds buffer length(40)");
+                XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                buf = NULL;
+                break;
+            }
+            /* move the pointer to the last */
+            /* XSTRLEN includes NULL because of XSPRINTF use */
+            p = buf + (XSTRLEN(buf));
         }
         /* termination */
-        if(i == 16 && buf) {
+        if (i == 16 && buf) {
             p--;
             if ((*p) == ':') {
-            /* when the last character is :, the following segments are zero
-             * Therefore, adding : and null termination
-             */
-                 p++;
-                 *p++ = ':';
+                /* when the last character is :, the following segments are zero
+                 * Therefore, adding : and null termination */
+                p++;
+                *p++ = ':';
                 *p = '\0';
             }
         }
@@ -8999,7 +9675,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
     }
 
     if (buf) {
-         /* set address to ip asc */
+        /* set address to ip asc */
         ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, buf);
         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
@@ -9026,12 +9702,13 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
     return wolfSSL_X509_cmp_time(asnTime, NULL);
 }
 
-/* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise
+/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime,
+ * and 1 otherwise
  * return 0 on error
  */
 int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     time_t tmpTime, *pTime = &tmpTime;
     struct tm ts, *tmpTs, *ct;
 #if defined(NEED_TMP_TIME)
@@ -9111,7 +9788,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
 {
     (void)crl;
     WOLFSSL_STUB("X509_CRL_get_REVOKED");
-    return 0;
+    return NULL;
 }
 #endif
 
@@ -9122,7 +9799,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
     (void)revoked;
     (void)value;
     WOLFSSL_STUB("sk_X509_REVOKED_value");
-    return 0;
+    return NULL;
 }
 #endif
 
@@ -9158,9 +9835,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
             wolfSSL_ASN1_INTEGER_free(a);
             return NULL;
         }
-        a->dataMax   = x509->serialSz + 2;
+        a->dataMax   = (unsigned int)x509->serialSz + 2;
         a->isDynamic = 1;
-    } else {
+    }
+    else {
         /* Use array instead of dynamic memory */
         a->data    = a->intData;
         a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
@@ -9240,8 +9918,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
             *pptype = algor->parameter->type;
         }
         else {
-            /* Default to V_ASN1_OBJECT */
-            *pptype = V_ASN1_OBJECT;
+            /* Default to WOLFSSL_V_ASN1_OBJECT */
+            *pptype = WOLFSSL_V_ASN1_OBJECT;
         }
     }
 }
@@ -9256,8 +9934,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
  * @return WOLFSSL_SUCCESS on success
  *         WOLFSSL_FAILURE on missing parameters or bad malloc
  */
-int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj,
-                            int ptype, void *pval)
+int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor,
+                            WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval)
 {
     if (!algor) {
         return WOLFSSL_FAILURE;
@@ -9278,6 +9956,110 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj
     return WOLFSSL_SUCCESS;
 }
 
+/**
+ * Serialize object to DER encoding
+ *
+ * @param alg Object to serialize
+ * @param pp  Output
+ * @return Length on success
+ *         Negative number on failure
+ */
+int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
+        unsigned char** pp)
+{
+    int len;
+    word32 oid = 0;
+    word32 idx = 0;
+    unsigned char* buf = NULL;
+
+    if (alg == NULL || alg->algorithm == 0) {
+        WOLFSSL_MSG("alg is NULL or algorithm not set");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (GetObjectId(alg->algorithm->obj, &idx, &oid,
+            (word32)alg->algorithm->grp, alg->algorithm->objSz) < 0) {
+        WOLFSSL_MSG("Issue getting OID of object");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    len = (int)SetAlgoID((int)oid, NULL, alg->algorithm->grp, 0);
+    if (len == 0) {
+        WOLFSSL_MSG("SetAlgoID error");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (pp != NULL) {
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
+        }
+
+        len = (int)SetAlgoID((int)oid, buf, alg->algorithm->grp, 0);
+        if (len == 0) {
+            WOLFSSL_MSG("SetAlgoID error");
+            if (*pp == NULL)
+                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+            return WOLFSSL_FATAL_ERROR;
+        }
+
+        if (*pp != NULL)
+            *pp += len;
+        else
+            *pp = buf;
+    }
+
+    return len;
+}
+
+WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
+        const byte** src, long len)
+{
+    WOLFSSL_X509_ALGOR* ret = NULL;
+    word32 idx = 0;
+    word32 oid = 0;
+    int grp;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_ALGOR");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetAlgoId(*src, &idx, &oid, oidIgnoreType, (word32)len) != 0)
+        return NULL;
+
+    /* Try to guess the type */
+    for (grp = 0; grp < oidIgnoreType; grp++) {
+        word32 oidSz;
+        if (OidFromId(oid, (word32)grp, &oidSz) != NULL)
+            break;
+    }
+    if (grp == oidIgnoreType)
+        return NULL;
+
+    ret = wolfSSL_X509_ALGOR_new();
+    if (ret == NULL)
+        return NULL;
+
+    ret->algorithm = wolfSSL_OBJ_nid2obj(oid2nid(oid, grp));
+    if (ret->algorithm == NULL) {
+        wolfSSL_X509_ALGOR_free(ret);
+        return NULL;
+    }
+    *src += idx;
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_X509_ALGOR_free(*out);
+        *out = ret;
+    }
+
+    return ret;
+}
+
 /**
  * Allocate a new WOLFSSL_X509_PUBKEY object.
  *
@@ -9409,14 +10191,14 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
     switch (key->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         pval = NULL;
-        ptype = V_ASN1_NULL;
+        ptype = WOLFSSL_V_ASN1_NULL;
         pk->pubKeyOID = RSAk;
         break;
 #endif
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (!key->dsa->p || !key->dsa->q || !key->dsa->g)
             goto error;
 
@@ -9433,12 +10215,12 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
         str->isDynamic = 1;
 
         pval = str;
-        ptype = V_ASN1_SEQUENCE;
+        ptype = WOLFSSL_V_ASN1_SEQUENCE;
         pk->pubKeyOID = DSAk;
         break;
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         group = wolfSSL_EC_KEY_get0_group(key->ecc);
         if (!group)
             goto error;
@@ -9454,7 +10236,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
         if (!pval)
             goto error;
 
-        ptype = V_ASN1_OBJECT;
+        ptype = WOLFSSL_V_ASN1_OBJECT;
         pk->pubKeyOID = ECDSAk;
         break;
 #endif
@@ -9465,7 +10247,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
     keyTypeObj = wolfSSL_OBJ_nid2obj(key->type);
     if (keyTypeObj == NULL) {
-        if (ptype == V_ASN1_OBJECT)
+        if (ptype == WOLFSSL_V_ASN1_OBJECT)
             ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
             ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
@@ -9474,7 +10256,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
     if (!wolfSSL_X509_ALGOR_set0(pk->algor, keyTypeObj, ptype, pval)) {
         WOLFSSL_MSG("Failed to create algorithm object");
         ASN1_OBJECT_free(keyTypeObj);
-        if (ptype == V_ASN1_OBJECT)
+        if (ptype == WOLFSSL_V_ASN1_OBJECT)
             ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
             ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
@@ -9497,7 +10279,20 @@ error:
     return WOLFSSL_FAILURE;
 }
 
-#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */
+#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY ||
+        * WOLFSSL_WPAS */
+
+#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED)
+
+int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
+    unsigned char** der)
+{
+    if (x509_PubKey == NULL)
+        return WOLFSSL_FATAL_ERROR;
+    return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der);
+}
+
+#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */
 
 #endif /* OPENSSL_EXTRA */
 
@@ -9546,7 +10341,7 @@ WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void)
 void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id)
 {
     WOLFSSL_ENTER("wolfSSL_AUTHORITY_KEYID_free");
-    if(id == NULL) {
+    if (id == NULL) {
         WOLFSSL_MSG("Argument is NULL");
         return;
     }
@@ -9602,6 +10397,19 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 }
 #endif
 
+#if defined(OPENSSL_EXTRA)
+
+WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_sk_X509_OBJECT_deep_copy(
+    const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+    WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*),
+    void (*f)(WOLFSSL_X509_OBJECT*))
+{
+    (void)f; /* free function */
+    (void)c; /* copy function */
+    return wolfSSL_sk_dup((WOLFSSL_STACK*)sk);
+}
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name)
     {
@@ -9664,7 +10472,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
 #ifdef WOLFSSL_CERT_GEN
 
-#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
+    defined(OPENSSL_EXTRA)
     /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to
     * a Cert structure.
     *
@@ -9673,7 +10482,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     static int CopyX509NameToCert(WOLFSSL_X509_NAME* n, byte* out)
     {
         unsigned char* der = NULL;
-        int length = BAD_FUNC_ARG, ret;
+        int length = WC_NO_ERR_TRACE(BAD_FUNC_ARG), ret;
         word32 idx = 0;
 
         ret = wolfSSL_i2d_X509_NAME(n, &der);
@@ -9684,15 +10493,14 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
         if (ret > 0) {
             /* strip off sequence, this gets added on certificate creation */
-            ret = GetSequence(der, &idx, &length, ret);
+            ret = GetSequence(der, &idx, &length, (word32)ret);
         }
 
         if (ret > 0) {
             XMEMCPY(out, der + idx, length);
         }
 
-        if (der != NULL)
-            XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
+        XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
 
         return length;
     }
@@ -9727,7 +10535,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     #ifdef WOLFSSL_CERT_EXT
             if (req->subjKeyIdSz != 0) {
                 XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz);
-                cert->skidSz = req->subjKeyIdSz;
+                cert->skidSz = (int)req->subjKeyIdSz;
             }
             if (req->keyUsageSet)
                 cert->keyUsage = req->keyUsage;
@@ -9740,8 +10548,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
         #if defined(OPENSSL_ALL)
             idx = wolfSSL_X509_REQ_get_attr_by_NID(req,
-                    NID_pkcs9_unstructuredName, -1);
-            if (idx != WOLFSSL_FATAL_ERROR) {
+                    WC_NID_pkcs9_unstructuredName, -1);
+            if (idx != WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
                 WOLFSSL_X509_ATTRIBUTE *attr;
                 attr = wolfSSL_X509_REQ_get_attr(req, idx);
                 if (attr != NULL) {
@@ -9798,211 +10606,221 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     }
 #endif /* WOLFSSL_CERT_REQ */
 
-    /* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
-     * success */
-    static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t)
-    {
-        int sz, i;
+/* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
+ * success */
+static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t)
+{
+    int sz, i;
 
-        if (t->length + 1 >= outSz) {
-            return BUFFER_E;
-        }
-
-        out[0] = (byte) t->type;
-        sz = SetLength(t->length, out + 1) + 1;  /* gen tag */
-        for (i = 0; i < t->length; i++) {
-            out[sz + i] = t->data[i];
-        }
-        return t->length + sz;
+    if (t->length + 1 >= outSz) {
+        return BUFFER_E;
     }
 
-    /* convert a WOLFSSL_X509 to a Cert structure for writing out */
-    static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
-    {
-        int ret;
-        #ifdef WOLFSSL_CERT_EXT
-        int i;
-        #endif
+    out[0] = (byte) t->type;
+    sz = (int)SetLength((word32)t->length, out + 1) + 1;  /* gen tag */
+    for (i = 0; i < t->length; i++) {
+        out[sz + i] = t->data[i];
+    }
+    return t->length + sz;
+}
 
-        WOLFSSL_ENTER("wolfSSL_X509_to_Cert");
+/* convert a WOLFSSL_X509 to a Cert structure for writing out */
+static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
+{
+    int ret;
+#ifdef WOLFSSL_CERT_EXT
+    int i;
+#endif
 
-        if (x509 == NULL || cert == NULL) {
-            return BAD_FUNC_ARG;
+    WOLFSSL_ENTER("wolfSSL_X509_to_Cert");
+
+    if (x509 == NULL || cert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    wc_InitCert(cert);
+
+    cert->version = (int)wolfSSL_X509_get_version(x509);
+
+    if (x509->notBefore.length > 0) {
+        cert->beforeDateSz = CertDateFromX509(cert->beforeDate,
+                    CTC_DATE_SIZE, &x509->notBefore);
+        if (cert->beforeDateSz <= 0) {
+            WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date");
+            return WOLFSSL_FAILURE;
         }
+    }
+    else {
+        cert->beforeDateSz = 0;
+    }
 
-        wc_InitCert(cert);
+    if (x509->notAfter.length > 0) {
+        cert->afterDateSz = CertDateFromX509(cert->afterDate,
+                    CTC_DATE_SIZE, &x509->notAfter);
+        if (cert->afterDateSz <= 0) {
+            WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        cert->afterDateSz = 0;
+    }
 
-        cert->version = (int)wolfSSL_X509_get_version(x509);
+#ifdef WOLFSSL_ALT_NAMES
+    cert->altNamesSz = FlattenAltNames(cert->altNames,
+            sizeof(cert->altNames), x509->altNames);
+#endif /* WOLFSSL_ALT_NAMES */
 
-        if (x509->notBefore.length > 0) {
-            cert->beforeDateSz = CertDateFromX509(cert->beforeDate,
-                        CTC_DATE_SIZE, &x509->notBefore);
-            if (cert->beforeDateSz <= 0){
-                WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date");
-                return WOLFSSL_FAILURE;
-            }
+    cert->sigType = wolfSSL_X509_get_signature_type(x509);
+    cert->keyType = x509->pubKeyOID;
+    cert->isCA    = wolfSSL_X509_get_isCA(x509);
+    cert->basicConstSet = x509->basicConstSet;
+
+#ifdef WOLFSSL_CERT_EXT
+    if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
+        if (x509->subjKeyId) {
+            XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
+        }
+        cert->skidSz = (int)x509->subjKeyIdSz;
+    }
+    else {
+        WOLFSSL_MSG("Subject Key ID too large");
+        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->authKeyIdSz < sizeof(cert->akid)) {
+    #ifdef WOLFSSL_AKID_NAME
+        cert->rawAkid = 0;
+        if (x509->authKeyIdSrc) {
+            XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
+            cert->akidSz = (int)x509->authKeyIdSrcSz;
+            cert->rawAkid = 1;
+        }
+        else
+    #endif
+        if (x509->authKeyId) {
+            XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
+            cert->akidSz = (int)x509->authKeyIdSz;
+        }
+    }
+    else {
+        WOLFSSL_MSG("Auth Key ID too large");
+        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+        return WOLFSSL_FAILURE;
+    }
+
+    for (i = 0; i < x509->certPoliciesNb; i++) {
+        /* copy the smaller of MAX macros, by default they are currently equal*/
+        if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
+            XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
+                    CTC_MAX_CERTPOL_SZ);
         }
         else {
-            cert->beforeDateSz = 0;
+            XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
+                    MAX_CERTPOL_SZ);
         }
+    }
+    cert->certPoliciesNb = (word16)x509->certPoliciesNb;
 
-        if (x509->notAfter.length > 0) {
-            cert->afterDateSz = CertDateFromX509(cert->afterDate,
-                        CTC_DATE_SIZE, &x509->notAfter);
-            if (cert->afterDateSz <= 0){
-                WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date");
-                return WOLFSSL_FAILURE;
-            }
-        }
-        else {
-            cert->afterDateSz = 0;
-        }
+    cert->keyUsage = x509->keyUsage;
+    cert->extKeyUsage = x509->extKeyUsage;
+    cert->nsCertType = x509->nsCertType;
 
-    #ifdef WOLFSSL_ALT_NAMES
-        cert->altNamesSz = FlattenAltNames(cert->altNames,
-                sizeof(cert->altNames), x509->altNames);
-    #endif /* WOLFSSL_ALT_NAMES */
-
-        cert->sigType = wolfSSL_X509_get_signature_type(x509);
-        cert->keyType = x509->pubKeyOID;
-        cert->isCA    = wolfSSL_X509_get_isCA(x509);
-        cert->basicConstSet = x509->basicConstSet;
-
-    #ifdef WOLFSSL_CERT_EXT
-        if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
-            if (x509->subjKeyId) {
-                XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
-            }
-            cert->skidSz = (int)x509->subjKeyIdSz;
-        }
-        else {
-            WOLFSSL_MSG("Subject Key ID too large");
+    if (x509->rawCRLInfo != NULL) {
+        if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
+            WOLFSSL_MSG("CRL Info too large");
             WOLFSSL_ERROR_VERBOSE(BUFFER_E);
             return WOLFSSL_FAILURE;
         }
+        XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
+        cert->crlInfoSz = x509->rawCRLInfoSz;
+    }
 
-        if (x509->authKeyIdSz < sizeof(cert->akid)) {
-        #ifdef WOLFSSL_AKID_NAME
-            cert->rawAkid = 0;
-            if (x509->authKeyIdSrc) {
-                XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
-                cert->akidSz = (int)x509->authKeyIdSrcSz;
-                cert->rawAkid = 1;
-            }
-            else
-        #endif
-            if (x509->authKeyId) {
-                XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
-                cert->akidSz = (int)x509->authKeyIdSz;
-            }
-        }
-        else {
-            WOLFSSL_MSG("Auth Key ID too large");
-            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* We point to instance in x509 so DON'T need to be free'd. */
+    cert->sapkiDer = x509->sapkiDer;
+    cert->sapkiLen = x509->sapkiLen;
+    cert->altSigAlgDer = x509->altSigAlgDer;
+    cert->altSigAlgLen = x509->altSigAlgLen;
+    cert->altSigValDer = x509->altSigValDer;
+    cert->altSigValLen = x509->altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLFSSL_CERT_EXT */
+
+#ifdef WOLFSSL_CERT_REQ
+    /* copy over challenge password for REQ certs */
+    XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
+#endif
+
+    /* Only makes sense to do this for OPENSSL_EXTRA because without
+     * this define the function will error out below */
+    #ifdef OPENSSL_EXTRA
+    if (x509->serialSz == 0 && x509->serialNumber != NULL &&
+            /* Check if the buffer contains more than just the
+             * ASN tag and length */
+            x509->serialNumber->length > 2) {
+        if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
+                != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Failed to set serial number");
             return WOLFSSL_FAILURE;
         }
-
-        for (i = 0; i < x509->certPoliciesNb; i++) {
-            /* copy the smaller of MAX macros, by default they are currently equal*/
-            if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
-                XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
-                        CTC_MAX_CERTPOL_SZ);
-            }
-            else {
-                XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
-                        MAX_CERTPOL_SZ);
-            }
-        }
-        cert->certPoliciesNb = (word16)x509->certPoliciesNb;
-
-        cert->keyUsage = x509->keyUsage;
-        cert->extKeyUsage = x509->extKeyUsage;
-        cert->nsCertType = x509->nsCertType;
-
-        if (x509->rawCRLInfo != NULL) {
-            if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
-                WOLFSSL_MSG("CRL Info too large");
-                WOLFSSL_ERROR_VERBOSE(BUFFER_E);
-                return WOLFSSL_FAILURE;
-            }
-            XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
-            cert->crlInfoSz = x509->rawCRLInfoSz;
-        }
-    #endif /* WOLFSSL_CERT_EXT */
-
-    #ifdef WOLFSSL_CERT_REQ
-        /* copy over challenge password for REQ certs */
-        XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
+    }
     #endif
 
-        /* Only makes sense to do this for OPENSSL_EXTRA because without
-         * this define the function will error out below */
-        #ifdef OPENSSL_EXTRA
-        if (x509->serialSz == 0 && x509->serialNumber != NULL &&
-                /* Check if the buffer contains more than just the
-                 * ASN tag and length */
-                x509->serialNumber->length > 2) {
-            if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
-                    != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Failed to set serial number");
-                return WOLFSSL_FAILURE;
-            }
-        }
-        #endif
+    /* set serial number */
+    if (x509->serialSz > 0) {
+    #if defined(OPENSSL_EXTRA)
+        byte serial[EXTERNAL_SERIAL_SIZE];
+        int  serialSz = EXTERNAL_SERIAL_SIZE;
 
-        /* set serial number */
-        if (x509->serialSz > 0) {
-        #if defined(OPENSSL_EXTRA)
-            byte serial[EXTERNAL_SERIAL_SIZE];
-            int  serialSz = EXTERNAL_SERIAL_SIZE;
-
-            ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz);
-            if (ret != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Serial size error");
-                return WOLFSSL_FAILURE;
-            }
-
-            if (serialSz > EXTERNAL_SERIAL_SIZE ||
-                    serialSz > CTC_SERIAL_SIZE) {
-                WOLFSSL_MSG("Serial size too large error");
-                WOLFSSL_ERROR_VERBOSE(BUFFER_E);
-                return WOLFSSL_FAILURE;
-            }
-            XMEMCPY(cert->serial, serial, serialSz);
-            cert->serialSz = serialSz;
-        #else
-            WOLFSSL_MSG("Getting X509 serial number not supported");
+        ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz);
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Serial size error");
             return WOLFSSL_FAILURE;
-        #endif
         }
 
-        /* copy over Name structures */
-        if (x509->issuerSet)
-            cert->selfSigned = 0;
+        if (serialSz > EXTERNAL_SERIAL_SIZE ||
+                serialSz > CTC_SERIAL_SIZE) {
+            WOLFSSL_MSG("Serial size too large error");
+            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+            return WOLFSSL_FAILURE;
+        }
+        XMEMCPY(cert->serial, serial, serialSz);
+        cert->serialSz = serialSz;
+    #else
+        WOLFSSL_MSG("Getting X509 serial number not supported");
+        return WOLFSSL_FAILURE;
+    #endif
+    }
 
-    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
-        ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
+    /* copy over Name structures */
+    if (x509->issuerSet)
+        cert->selfSigned = 0;
+
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
+    ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
+    if (ret < 0) {
+        WOLFSSL_MSG("Subject conversion error");
+        return MEMORY_E;
+    }
+    if (cert->selfSigned) {
+        XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
+    }
+    else {
+        ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
         if (ret < 0) {
-            WOLFSSL_MSG("Subject conversion error");
+            WOLFSSL_MSG("Issuer conversion error");
             return MEMORY_E;
         }
-        if (cert->selfSigned) {
-            XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
-        }
-        else {
-            ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
-            if (ret < 0) {
-                WOLFSSL_MSG("Issuer conversion error");
-                return MEMORY_E;
-            }
-        }
-    #endif
-
-        cert->heap = x509->heap;
-
-        (void)ret;
-        return WOLFSSL_SUCCESS;
     }
+#endif
+
+    cert->heap = x509->heap;
+
+    (void)ret;
+    return WOLFSSL_SUCCESS;
+}
 
 
     /* returns the sig type to use on success i.e CTC_SHAwRSA and WOLFSSL_FALURE
@@ -10015,11 +10833,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         int sigType = WOLFSSL_FAILURE;
 
         /* Convert key type and hash algorithm to a signature algorithm */
-        if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) {
+        if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL)
+            == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WOLFSSL_FAILURE;
         }
 
-        if (pkey->type == EVP_PKEY_RSA) {
+        if (pkey->type == WC_EVP_PKEY_RSA) {
             switch (hashType) {
                 case WC_HASH_TYPE_SHA:
                     sigType = CTC_SHAwRSA;
@@ -10054,7 +10874,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
                     return WOLFSSL_FAILURE;
             }
         }
-        else if (pkey->type == EVP_PKEY_EC) {
+        else if (pkey->type == WC_EVP_PKEY_EC) {
             switch (hashType) {
                 case WC_HASH_TYPE_SHA:
                     sigType = CTC_SHAwECDSA;
@@ -10110,7 +10930,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
             unsigned char* der, int* derSz, int includeSig)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         int totalLen;
         Cert* cert = NULL;
         void* key = NULL;
@@ -10123,6 +10943,15 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     #endif
     #ifndef NO_DSA
         DsaKey* dsa = NULL;
+    #endif
+    #if defined(HAVE_FALCON)
+        falcon_key* falcon = NULL;
+    #endif
+    #if defined(HAVE_DILITHIUM)
+        dilithium_key* dilithium = NULL;
+    #endif
+    #if defined(HAVE_SPHINCS)
+        sphincs_key* sphincs = NULL;
     #endif
         WC_RNG rng;
         word32 idx = 0;
@@ -10249,6 +11078,168 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
             }
             key = (void*)dsa;
         }
+    #endif
+    #if defined(HAVE_FALCON)
+        if ((x509->pubKeyOID == FALCON_LEVEL1k) ||
+            (x509->pubKeyOID == FALCON_LEVEL5k)) {
+            falcon = (falcon_key*)XMALLOC(sizeof(falcon_key), NULL,
+                                          DYNAMIC_TYPE_FALCON);
+            if (falcon == NULL) {
+                WOLFSSL_MSG("Failed to allocate memory for falcon_key");
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return WOLFSSL_FAILURE;
+            }
+
+            ret = wc_falcon_init(falcon);
+            if (ret != 0) {
+                XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return ret;
+            }
+
+            if (x509->pubKeyOID == FALCON_LEVEL1k) {
+                type = FALCON_LEVEL1_TYPE;
+                wc_falcon_set_level(falcon, 1);
+            }
+            else if (x509->pubKeyOID == FALCON_LEVEL5k) {
+                type = FALCON_LEVEL5_TYPE;
+                wc_falcon_set_level(falcon, 5);
+            }
+
+            ret = wc_Falcon_PublicKeyDecode(x509->pubKey.buffer, &idx, falcon,
+                                            x509->pubKey.length);
+            if (ret != 0) {
+                WOLFSSL_ERROR_VERBOSE(ret);
+                wc_falcon_free(falcon);
+                XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return ret;
+            }
+            key = (void*)falcon;
+        }
+    #endif
+    #if defined(HAVE_DILITHIUM)
+        if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL3k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL5k)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (x509->pubKeyOID == DILITHIUM_LEVEL2k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL3k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL5k)
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
+            dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
+                                          DYNAMIC_TYPE_DILITHIUM);
+            if (dilithium == NULL) {
+                WOLFSSL_MSG("Failed to allocate memory for dilithium_key");
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return WOLFSSL_FAILURE;
+            }
+
+            ret = wc_dilithium_init(dilithium);
+            if (ret != 0) {
+                XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return ret;
+            }
+
+            if (x509->pubKeyOID == ML_DSA_LEVEL2k) {
+                type = ML_DSA_LEVEL2_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_44);
+            }
+            else if (x509->pubKeyOID == ML_DSA_LEVEL3k) {
+                type = ML_DSA_LEVEL3_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_65);
+            }
+            else if (x509->pubKeyOID == ML_DSA_LEVEL5k) {
+                type = ML_DSA_LEVEL5_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_87);
+            }
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            else if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
+                type = DILITHIUM_LEVEL2_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_44_DRAFT);
+            }
+            else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) {
+                type = DILITHIUM_LEVEL3_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_65_DRAFT);
+            }
+            else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) {
+                type = DILITHIUM_LEVEL5_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_87_DRAFT);
+            }
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+
+            ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx,
+                                    dilithium, x509->pubKey.length);
+            if (ret != 0) {
+                WOLFSSL_ERROR_VERBOSE(ret);
+                wc_dilithium_free(dilithium);
+                XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return ret;
+            }
+            key = (void*)dilithium;
+        }
+    #endif
+    #if defined(HAVE_SPHINCS)
+        if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) ||
+            (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) ||
+            (x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) ||
+            (x509->pubKeyOID == SPHINCS_SMALL_LEVEL1k) ||
+            (x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) ||
+            (x509->pubKeyOID == SPHINCS_SMALL_LEVEL5k)) {
+            sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), NULL,
+                                          DYNAMIC_TYPE_SPHINCS);
+            if (sphincs == NULL) {
+                WOLFSSL_MSG("Failed to allocate memory for sphincs_key");
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return WOLFSSL_FAILURE;
+            }
+
+            ret = wc_sphincs_init(sphincs);
+            if (ret != 0) {
+                XFREE(sphincs, NULL, DYNAMIC_TYPE_SPHINCS);
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return ret;
+            }
+
+            if (x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) {
+                type = SPHINCS_FAST_LEVEL1_TYPE;
+                wc_sphincs_set_level_and_optim(sphincs, 1, FAST_VARIANT);
+            }
+            else if (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) {
+                type = SPHINCS_FAST_LEVEL3_TYPE;
+                wc_sphincs_set_level_and_optim(sphincs, 3, FAST_VARIANT);
+            }
+            else if (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) {
+                type = SPHINCS_FAST_LEVEL5_TYPE;
+                wc_sphincs_set_level_and_optim(sphincs, 5, FAST_VARIANT);
+            }
+            else if (x509->pubKeyOID == SPHINCS_SMALL_LEVEL1k) {
+                type = SPHINCS_SMALL_LEVEL1_TYPE;
+                wc_sphincs_set_level_and_optim(sphincs, 1, SMALL_VARIANT);
+            }
+            else if (x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) {
+                type = SPHINCS_SMALL_LEVEL3_TYPE;
+                wc_sphincs_set_level_and_optim(sphincs, 3, SMALL_VARIANT);
+            }
+            else if (x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) {
+                type = SPHINCS_SMALL_LEVEL5_TYPE;
+                wc_sphincs_set_level_and_optim(sphincs, 5, SMALL_VARIANT);
+            }
+
+            ret = wc_Sphincs_PublicKeyDecode(x509->pubKey.buffer, &idx, sphincs,
+                                             x509->pubKey.length);
+            if (ret != 0) {
+                WOLFSSL_ERROR_VERBOSE(ret);
+                wc_sphincs_free(sphincs);
+                XFREE(sphincs, NULL, DYNAMIC_TYPE_SPHINCS);
+                XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+                return ret;
+            }
+            key = (void*)sphincs;
+        }
     #endif
         if (key == NULL) {
             WOLFSSL_MSG("No public key found for certificate");
@@ -10349,6 +11340,38 @@ cleanup:
             wc_FreeDsaKey(dsa);
             XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
         }
+    #endif
+    #if defined(HAVE_FALCON)
+        if ((x509->pubKeyOID == FALCON_LEVEL1k) ||
+            (x509->pubKeyOID == FALCON_LEVEL5k)) {
+            wc_falcon_free(falcon);
+            XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
+        }
+    #endif
+    #if defined(HAVE_DILITHIUM)
+        if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL3k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL5k)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (x509->pubKeyOID == DILITHIUM_LEVEL2k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL3k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL5k)
+        #endif
+        ) {
+            wc_dilithium_free(dilithium);
+            XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
+        }
+    #endif
+    #if defined(HAVE_SPHINCS)
+        if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) ||
+            (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) ||
+            (x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) ||
+            (x509->pubKeyOID == SPHINCS_SMALL_LEVEL1k) ||
+            (x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) ||
+            (x509->pubKeyOID == SPHINCS_SMALL_LEVEL5k)) {
+            wc_sphincs_free(sphincs);
+            XFREE(sphincs, NULL, DYNAMIC_TYPE_SPHINCS);
+        }
     #endif
         XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
 
@@ -10377,7 +11400,7 @@ cleanup:
         WOLFSSL_ENTER("wolfSSL_X509_resign_cert");
 
         sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
-        if (sigType == WOLFSSL_FAILURE) {
+        if (sigType == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
             WOLFSSL_MSG("Error getting signature type from pkey");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -10385,13 +11408,13 @@ cleanup:
 
         /* Get the private key object and type from pkey. */
     #ifndef NO_RSA
-        if (pkey->type == EVP_PKEY_RSA) {
+        if (pkey->type == WC_EVP_PKEY_RSA) {
             type = RSA_TYPE;
             key = pkey->rsa->internal;
         }
     #endif
     #ifdef HAVE_ECC
-        if (pkey->type == EVP_PKEY_EC) {
+        if (pkey->type == WC_EVP_PKEY_EC) {
             type = ECC_TYPE;
             key = pkey->ecc->internal;
         }
@@ -10401,7 +11424,8 @@ cleanup:
         ret = wc_InitRng(&rng);
         if (ret != 0)
             return ret;
-        ret = wc_SignCert_ex(certBodySz, sigType, der, derSz, type, key, &rng);
+        ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key,
+            &rng);
         wc_FreeRng(&rng);
         if (ret < 0) {
             WOLFSSL_LEAVE("wolfSSL_X509_resign_cert", ret);
@@ -10415,20 +11439,20 @@ cleanup:
             int    len = 0;
 
             /* Read top level sequence */
-            if (GetSequence(der, &idx, &len, derSz) < 0) {
+            if (GetSequence(der, &idx, &len, (word32)derSz) < 0) {
                 WOLFSSL_MSG("GetSequence error");
                 return WOLFSSL_FATAL_ERROR;
             }
             /* Move idx to signature */
             idx += certBodySz;
             /* Read signature algo sequence */
-            if (GetSequence(der, &idx, &len, derSz) < 0) {
+            if (GetSequence(der, &idx, &len, (word32)derSz) < 0) {
                 WOLFSSL_MSG("GetSequence error");
                 return WOLFSSL_FATAL_ERROR;
             }
             idx += len;
             /* Read signature bit string */
-            if (CheckBitString(der, &idx, &len, derSz, 0, NULL) != 0) {
+            if (CheckBitString(der, &idx, &len, (word32)derSz, 0, NULL) != 0) {
                 WOLFSSL_MSG("CheckBitString error");
                 return WOLFSSL_FATAL_ERROR;
             }
@@ -10447,7 +11471,7 @@ cleanup:
                 return WOLFSSL_FATAL_ERROR;
             }
             XMEMCPY(x509->sig.buffer, der + idx, len);
-            x509->sig.length = len;
+            x509->sig.length = (unsigned int)len;
         }
 
         /* Put in the new certificate encoding into the x509 object. */
@@ -10458,80 +11482,80 @@ cleanup:
             type = CERTREQ_TYPE;
         }
     #endif
-        if (AllocDer(&x509->derCert, derSz, type, NULL) != 0)
+        if (AllocDer(&x509->derCert, (word32)derSz, type, NULL) != 0)
             return WOLFSSL_FATAL_ERROR;
         XMEMCPY(x509->derCert->buffer, der, derSz);
-        x509->derCert->length = derSz;
+        x509->derCert->length = (word32)derSz;
 
         return ret;
     }
 
 
-    #ifndef WC_MAX_X509_GEN
-        /* able to override max size until dynamic buffer created */
-        #define WC_MAX_X509_GEN 4096
-    #endif
+#ifndef WC_MAX_X509_GEN
+    /* able to override max size until dynamic buffer created */
+    #define WC_MAX_X509_GEN 4096
+#endif
 
-    /* returns the size of signature on success */
-    int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
-            const WOLFSSL_EVP_MD* md)
-    {
-        int  ret;
-        /* @TODO dynamic set based on expected cert size */
-        byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        int  derSz = WC_MAX_X509_GEN;
+/* returns the size of signature on success */
+int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+        const WOLFSSL_EVP_MD* md)
+{
+    int  ret;
+    /* @TODO dynamic set based on expected cert size */
+    byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    int  derSz = WC_MAX_X509_GEN;
 
-        WOLFSSL_ENTER("wolfSSL_X509_sign");
+    WOLFSSL_ENTER("wolfSSL_X509_sign");
 
-        if (x509 == NULL || pkey == NULL || md == NULL) {
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
-        if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) !=
-                WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Unable to make DER for X509");
-            WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
-            (void)ret;
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz,
-                (WOLFSSL_EVP_MD*)md, pkey);
-        if (ret <= 0) {
-            WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-    out:
-        if (der)
-            XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-        return ret;
+    if (x509 == NULL || pkey == NULL || md == NULL) {
+        ret = WOLFSSL_FAILURE;
+        goto out;
     }
 
+    x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
+    if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) !=
+            WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Unable to make DER for X509");
+        WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
+        (void)ret;
+        ret = WOLFSSL_FAILURE;
+        goto out;
+    }
+
+    ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz,
+            (WOLFSSL_EVP_MD*)md, pkey);
+    if (ret <= 0) {
+        WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
+        ret = WOLFSSL_FAILURE;
+        goto out;
+    }
+
+out:
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return ret;
+}
+
 #if defined(OPENSSL_EXTRA)
-    int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_sign_ctx");
+int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_sign_ctx");
 
-        if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-        return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx));
+    if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
     }
+
+    return wolfSSL_X509_sign(x509, ctx->pctx->pkey,
+        wolfSSL_EVP_MD_CTX_md(ctx));
+}
 #endif /* OPENSSL_EXTRA */
 #endif /* WOLFSSL_CERT_GEN */
 
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
-/* Converts from NID_* value to wolfSSL value if needed.
+/* Converts from WC_NID_* value to wolfSSL value if needed.
  *
  * @param [in] nid  Numeric Id of a domain name component.
  * @return  Domain name tag values - wolfSSL internal values.
@@ -10540,37 +11564,39 @@ cleanup:
 static int ConvertNIDToWolfSSL(int nid)
 {
     switch (nid) {
-        case NID_commonName : return ASN_COMMON_NAME;
+        case WC_NID_commonName : return ASN_COMMON_NAME;
     #ifdef WOLFSSL_CERT_NAME_ALL
-        case NID_name :       return ASN_NAME;
-        case NID_givenName:   return ASN_GIVEN_NAME;
-        case NID_dnQualifier :   return ASN_DNQUALIFIER;
-        case NID_initials:   return ASN_INITIALS;
+        case WC_NID_name :       return ASN_NAME;
+        case WC_NID_givenName:   return ASN_GIVEN_NAME;
+        case WC_NID_dnQualifier :   return ASN_DNQUALIFIER;
+        case WC_NID_initials:   return ASN_INITIALS;
     #endif /* WOLFSSL_CERT_NAME_ALL */
-        case NID_surname :    return ASN_SUR_NAME;
-        case NID_countryName: return ASN_COUNTRY_NAME;
-        case NID_localityName: return ASN_LOCALITY_NAME;
-        case NID_stateOrProvinceName: return ASN_STATE_NAME;
-        case NID_streetAddress: return ASN_STREET_ADDR;
-        case NID_organizationName: return ASN_ORG_NAME;
-        case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
-        case NID_emailAddress: return ASN_EMAIL_NAME;
-        case NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
-        case NID_serialNumber: return ASN_SERIAL_NUMBER;
-        case NID_userId: return ASN_USER_ID;
-        case NID_businessCategory: return ASN_BUS_CAT;
-        case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
-        case NID_postalCode: return ASN_POSTAL_CODE;
-        case NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
+        case WC_NID_surname :    return ASN_SUR_NAME;
+        case WC_NID_countryName: return ASN_COUNTRY_NAME;
+        case WC_NID_localityName: return ASN_LOCALITY_NAME;
+        case WC_NID_stateOrProvinceName: return ASN_STATE_NAME;
+        case WC_NID_streetAddress: return ASN_STREET_ADDR;
+        case WC_NID_organizationName: return ASN_ORG_NAME;
+        case WC_NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
+        case WC_NID_emailAddress: return ASN_EMAIL_NAME;
+        case WC_NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
+        case WC_NID_serialNumber: return ASN_SERIAL_NUMBER;
+        case WC_NID_userId: return ASN_USER_ID;
+        case WC_NID_businessCategory: return ASN_BUS_CAT;
+        case WC_NID_domainComponent: return ASN_DOMAIN_COMPONENT;
+        case WC_NID_postalCode: return ASN_POSTAL_CODE;
+        case WC_NID_rfc822Mailbox: return ASN_RFC822_MAILBOX;
+        case WC_NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
         default:
             WOLFSSL_MSG("Attribute NID not found");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 }
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA ||
           OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL*/
 
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)
 /* This is to convert the x509 name structure into canonical DER format     */
 /*  , which has the following rules:                                        */
 /*   convert to UTF8                                                        */
@@ -10760,15 +11786,16 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
             type    = wolfSSL_ASN1_STRING_type(data);
 
             switch (type) {
-                case MBSTRING_UTF8:
+                case WOLFSSL_MBSTRING_UTF8:
                     type = CTC_UTF8;
                     break;
-                case MBSTRING_ASC:
-                case V_ASN1_PRINTABLESTRING:
+                case WOLFSSL_MBSTRING_ASC:
+                case WOLFSSL_V_ASN1_PRINTABLESTRING:
                     type = CTC_PRINTABLE;
                     break;
                 default:
-                    WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default");
+                    WOLFSSL_MSG(
+                        "Unknown encoding type conversion UTF8 by default");
                     type = CTC_UTF8;
             }
             ret = wc_EncodeName(&names[i], nameStr, (char)type,
@@ -10785,7 +11812,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
     }
 
     /* header */
-    idx = SetSequence(totalBytes, temp);
+    idx = (int)SetSequence((word32)totalBytes, temp);
     if (totalBytes + idx > ASN_NAME_MAX) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10813,7 +11840,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
     }
     output = *out;
 
-    idx = SetSequence(totalBytes, output);
+    idx = (int)SetSequence((word32)totalBytes, output);
     totalBytes += idx;
     for (i = 0; i < MAX_NAME_ENTRIES; i++) {
         if (names[i].used) {
@@ -10868,7 +11895,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
         InitDecodedCert(cert, *in, (word32)length, NULL);
 
         /* Parse the X509 subject name */
-        if (GetName(cert, SUBJECT, (int)length) != 0) {
+        if (GetName(cert, ASN_SUBJECT, (int)length) != 0) {
             WOLFSSL_MSG("WOLFSSL_X509_NAME parse error");
             goto cleanup;
         }
@@ -10934,86 +11961,142 @@ cleanup:
         _x = (x->name && *x->name) ? x->name : x->staticName;
         _y = (y->name && *y->name) ? y->name : y->staticName;
 
-        return XSTRNCMP(_x, _y, x->sz); /* y sz is the same */
+        return XSTRNCASECMP(_x, _y, x->sz); /* y sz is the same */
     }
 
 #ifndef NO_BIO
 
-    static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp,
-            WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type)
-    {
-        WOLFSSL_X509* x509 = NULL;
+static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp,
+        WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type)
+{
+    WOLFSSL_X509* x509 = NULL;
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
-        unsigned char* pem = NULL;
-        int pemSz;
-        long  i = 0, l, footerSz;
-        const char* footer = NULL;
+    unsigned char* pem = NULL;
+    int pemSz;
+    long  i = 0, l, footerSz;
+    const char* footer = NULL;
 
-        WOLFSSL_ENTER("loadX509orX509REQFromPemBio");
+    WOLFSSL_ENTER("loadX509orX509REQFromPemBio");
 
-        if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
+    if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
+        return NULL;
+    }
 
-        if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
-            /* No certificate in buffer */
+    if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
+        /* No certificate in buffer */
 #if defined (WOLFSSL_HAPROXY)
-            WOLFSSL_ERROR(PEM_R_NO_START_LINE);
+        WOLFSSL_ERROR(PEM_R_NO_START_LINE);
 #else
-            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+        WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
 #endif
+        return NULL;
+    }
+
+    pemSz = (int)l;
+    pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
+    if (pem == NULL)
+        return NULL;
+    XMEMSET(pem, 0, pemSz);
+
+    i = 0;
+    if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        return NULL;
+    }
+    footerSz = (long)XSTRLEN(footer);
+
+    /* TODO: Inefficient
+     * reading in one byte at a time until see the footer
+     */
+    while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
+        i++;
+        if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer,
+                footerSz) == 0) {
+            if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) {
+                /* attempt to read newline following footer */
+                i++;
+                if (pem[i-1] == '\r') {
+                    /* found \r , Windows line ending is \r\n so try to read one
+                     * more byte for \n, ignoring return value */
+                    (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
+                }
+            }
+            break;
+        }
+    }
+    if (l == 0)
+        WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+    if (i > pemSz) {
+        WOLFSSL_MSG("Error parsing PEM");
+    }
+    else {
+        pemSz = (int)i;
+    #ifdef WOLFSSL_CERT_REQ
+        if (type == CERTREQ_TYPE)
+            x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM,
+                CERTREQ_TYPE, cb, u);
+        else
+    #endif
+            x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM,
+                CERT_TYPE, cb, u);
+    }
+
+    if (x != NULL) {
+        *x = x509;
+    }
+
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
+    (void)bp;
+    (void)x;
+    (void)cb;
+    (void)u;
+
+    return x509;
+}
+
+
+#if defined(WOLFSSL_ACERT)
+    WOLFSSL_X509_ACERT *wolfSSL_PEM_read_bio_X509_ACERT(WOLFSSL_BIO *bp,
+                                                        WOLFSSL_X509_ACERT **x,
+                                                        wc_pem_password_cb *cb,
+                                                        void *u)
+    {
+        WOLFSSL_X509_ACERT* x509 = NULL;
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
+        unsigned char * pem = NULL;
+        int             pemSz;
+
+        WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_ACERT");
+
+        if (bp == NULL) {
+            WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509_ACERT", BAD_FUNC_ARG);
             return NULL;
         }
 
-        pemSz = (int)l;
-        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
-        if (pem == NULL)
+        if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) {
+            /* No certificate in buffer */
+            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
             return NULL;
+        }
+
+        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
+
+        if (pem == NULL) {
+            return NULL;
+        }
+
         XMEMSET(pem, 0, pemSz);
 
-        i = 0;
-        if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) {
+            XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
             return NULL;
         }
-        footerSz = (long)XSTRLEN(footer);
 
-        /* TODO: Inefficient
-         * reading in one byte at a time until see the footer
-         */
-        while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
-            i++;
-            if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer,
-                    footerSz) == 0) {
-                if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) {
-                    /* attempt to read newline following footer */
-                    i++;
-                    if (pem[i-1] == '\r') {
-                        /* found \r , Windows line ending is \r\n so try to read one
-                         * more byte for \n, ignoring return value */
-                        (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
-                    }
-                }
-                break;
-            }
-        }
-        if (l == 0)
-            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
-        if (i > pemSz) {
-            WOLFSSL_MSG("Error parsing PEM");
-        }
-        else {
-            pemSz = (int)i;
-        #ifdef WOLFSSL_CERT_REQ
-            if (type == CERTREQ_TYPE)
-                x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
+        x509 = wolfSSL_X509_ACERT_load_certificate_buffer(pem, pemSz,
                                                           WOLFSSL_FILETYPE_PEM);
-            else
-        #endif
-                x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
-                                                          WOLFSSL_FILETYPE_PEM);
-        }
 
         if (x != NULL) {
             *x = x509;
@@ -11028,8 +12111,9 @@ cleanup:
         (void)u;
 
         return x509;
-    }
 
+    }
+#endif /* WOLFSSL_ACERT */
 
     WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
                                             wc_pem_password_cb *cb, void *u)
@@ -11037,13 +12121,34 @@ cleanup:
         return loadX509orX509REQFromPemBio(bp, x, cb, u, CERT_TYPE);
     }
 
-#ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
-                                                wc_pem_password_cb *cb, void *u)
+    /*
+     * bp : bio to read X509 from
+     * x  : x509 to write to
+     * cb : password call back for reading PEM
+     * u  : password
+     * _AUX is for working with a trusted X509 certificate
+     */
+    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp,
+                               WOLFSSL_X509 **x, wc_pem_password_cb *cb,
+                               void *u)
     {
-        return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
+        WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
+
+        /* AUX info is; trusted/rejected uses, friendly name, private key id,
+         * and potentially a stack of "other" info. wolfSSL does not store
+         * friendly name or private key id yet in WOLFSSL_X509 for human
+         * readability and does not support extra trusted/rejected uses for
+         * root CA. */
+        return wolfSSL_PEM_read_bio_X509(bp, x, cb, u);
     }
 
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
+                                                wc_pem_password_cb *cb, void *u)
+{
+    return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
+}
+
 #ifndef NO_FILESYSTEM
     WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x,
                                             wc_pem_password_cb* cb, void* u)
@@ -11066,7 +12171,7 @@ cleanup:
                 err = 1;
             }
         }
-        if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE)
+        if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE)
                 != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set BIO file pointer.");
             err = 1;
@@ -11075,9 +12180,7 @@ cleanup:
             ret = wolfSSL_PEM_read_bio_X509_REQ(bio, x, cb, u);
         }
 
-        if (bio != NULL) {
-            wolfSSL_BIO_free(bio);
-        }
+        wolfSSL_BIO_free(bio);
 
         return ret;
     }
@@ -11107,19 +12210,17 @@ cleanup:
             goto err;
         }
 
-        if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
+        if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
             goto err;
         }
-        derSz = der->length;
-        if((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
+        derSz = (int)der->length;
+        if ((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
             goto err;
         }
 
 err:
-        if(pem != NULL) {
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
-        }
-        if(der != NULL) {
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        if (der != NULL) {
             FreeDer(&der);
         }
 
@@ -11140,107 +12241,107 @@ err:
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM)
-    static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
-        wc_pem_password_cb *cb, void *u, int type)
-    {
-        unsigned char* pem = NULL;
-        int pemSz;
-        long i = 0, l;
-        void *newx509;
-        int derSz;
-        DerBuffer* der = NULL;
+static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
+    wc_pem_password_cb *cb, void *u, int type)
+{
+    unsigned char* pem = NULL;
+    int pemSz;
+    long i = 0, l;
+    void *newx509;
+    int derSz;
+    DerBuffer* der = NULL;
 
-        WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
-
-        if (fp == XBADFILE) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
-        /* Read cert from file */
-        i = XFTELL(fp);
-        if (i < 0) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
-
-        if (XFSEEK(fp, 0, XSEEK_END) != 0)
-            return NULL;
-        l = XFTELL(fp);
-        if (l < 0)
-            return NULL;
-        if (XFSEEK(fp, i, SEEK_SET) != 0)
-            return NULL;
-        pemSz = (int)(l - i);
-
-        /* check calculated length */
-        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz < 0) {
-            WOLFSSL_MSG("PEM_read_X509_ex file size error");
-            return NULL;
-        }
-
-        /* allocate pem buffer */
-        pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
-        if (pem == NULL)
-            return NULL;
-
-        if ((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz)
-            goto err_exit;
-
-        switch (type) {
-            case CERT_TYPE:
-                newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
-                    pemSz, WOLFSSL_FILETYPE_PEM);
-                break;
-
-        #ifdef HAVE_CRL
-            case CRL_TYPE:
-                if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
-                    goto err_exit;
-                derSz = der->length;
-                newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
-                    (const unsigned char *)der->buffer, derSz);
-                if (newx509 == NULL)
-                    goto err_exit;
-                FreeDer(&der);
-                break;
-        #endif
-
-            default:
-                goto err_exit;
-        }
-        if (x != NULL) {
-            *x = newx509;
-        }
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
-        return newx509;
-
-    err_exit:
-        if (pem != NULL)
-            XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
-        if (der != NULL)
-            FreeDer(&der);
-
-        /* unused */
-        (void)cb;
-        (void)u;
-        (void)derSz;
+    WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
 
+    if (fp == XBADFILE) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
+        return NULL;
+    }
+    /* Read cert from file */
+    i = XFTELL(fp);
+    if (i < 0) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
         return NULL;
     }
 
-    WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
-                                                    wc_pem_password_cb *cb,
-                                                    void *u)
-    {
-        return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, CERT_TYPE);
+    if (XFSEEK(fp, 0, XSEEK_END) != 0)
+        return NULL;
+    l = XFTELL(fp);
+    if (l < 0)
+        return NULL;
+    if (XFSEEK(fp, i, SEEK_SET) != 0)
+        return NULL;
+    pemSz = (int)(l - i);
+
+    /* check calculated length */
+    if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
+        WOLFSSL_MSG("PEM_read_X509_ex file size error");
+        return NULL;
     }
 
-#if defined(HAVE_CRL)
-    WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl,
-                                                    wc_pem_password_cb *cb, void *u)
-    {
-        return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE);
+    /* allocate pem buffer */
+    pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
+    if (pem == NULL)
+        return NULL;
+
+    if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz)
+        goto err_exit;
+
+    switch (type) {
+        case CERT_TYPE:
+            newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
+                pemSz, WOLFSSL_FILETYPE_PEM);
+            break;
+
+    #ifdef HAVE_CRL
+        case CRL_TYPE:
+            if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
+                goto err_exit;
+            derSz = (int)der->length;
+            newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
+                (const unsigned char *)der->buffer, derSz);
+            if (newx509 == NULL)
+                goto err_exit;
+            FreeDer(&der);
+            break;
+    #endif
+
+        default:
+            goto err_exit;
     }
+    if (x != NULL) {
+        *x = newx509;
+    }
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    return newx509;
+
+err_exit:
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    if (der != NULL)
+        FreeDer(&der);
+
+    /* unused */
+    (void)cb;
+    (void)u;
+    (void)derSz;
+
+    return NULL;
+}
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
+                                                wc_pem_password_cb *cb, void *u)
+{
+    return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u,
+         CERT_TYPE);
+}
+
+#if defined(HAVE_CRL)
+WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
+                        WOLFSSL_X509_CRL **crl, wc_pem_password_cb *cb, void *u)
+{
+    return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u,
+         CRL_TYPE);
+}
 #endif
 
 #ifdef WOLFSSL_CERT_GEN
@@ -11250,14 +12351,14 @@ err:
         int ret;
         WOLFSSL_BIO* bio;
 
-        if (x == NULL)
+        if (x == NULL || fp == XBADFILE)
             return 0;
 
         bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
         if (bio == NULL)
             return 0;
 
-        if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
             wolfSSL_BIO_free(bio);
             bio = NULL;
         }
@@ -11432,8 +12533,9 @@ err:
                         "-----BEGIN X509 CRL-----")) {
                 /* We have a crl */
                 WOLFSSL_MSG("Parsing crl");
-                if((PemToDer((const unsigned char*) header, footerEnd - header,
-                        CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
+                if ((PemToDer((const unsigned char*) header,
+                        (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL,
+                        NULL)) < 0) {
                     WOLFSSL_MSG("PemToDer error");
                     goto err;
                 }
@@ -11480,8 +12582,7 @@ err:
     #endif
         return WOLFSSL_SUCCESS;
 err:
-        if (pem)
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
     #ifdef HAVE_CRL
         if (der)
             FreeDer(&der);
@@ -11503,7 +12604,7 @@ err:
             XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
             pem_password_cb* cb, void* u)
     {
-        WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
+        WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, WOLFSSL_BIO_NOCLOSE);
         WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
 
         WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read");
@@ -11571,8 +12672,7 @@ err:
                         ret = MEMORY_E;
                         break;
                     }
-                    if (wolfSSL_sk_X509_INFO_push(localSk, current) !=
-                            WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_X509_INFO_push(localSk, current) <= 0) {
                         wolfSSL_X509_INFO_free(current);
                         current = NULL;
                         ret = WOLFSSL_FAILURE;
@@ -11664,19 +12764,16 @@ err:
         return ne;
     }
 
+
     static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne,
         int nid, int type, const unsigned char *data, int dataSz)
     {
-        WOLFSSL_ASN1_OBJECT* object;
-
         ne->nid = nid;
         /* Reuse the object if already available. */
-        object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
-        if (object != NULL) {
-            /* Set the object when no error. */
-            ne->object = object;
+        ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
+        if (ne->value == NULL) {
+            ne->value = wolfSSL_ASN1_STRING_type_new(type);
         }
-        ne->value = wolfSSL_ASN1_STRING_type_new(type);
         if (ne->value != NULL) {
             if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
                                             dataSz) == WOLFSSL_SUCCESS) {
@@ -11710,7 +12807,7 @@ err:
         }
 
         nid = wolfSSL_OBJ_txt2nid(txt);
-        if (nid == NID_undef) {
+        if (nid == WC_NID_undef) {
             WOLFSSL_MSG("Unable to find text");
             ne = NULL;
         }
@@ -11847,7 +12944,6 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
     static int RebuildFullName(WOLFSSL_X509_NAME* name)
     {
         int totalLen = 0, i, idx, entryCount = 0;
-        char* fullName;
 
         if (name == NULL)
             return BAD_FUNC_ARG;
@@ -11867,23 +12963,26 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
             }
         }
 
-        fullName = (char*)XMALLOC(totalLen + 1, name->heap, DYNAMIC_TYPE_X509);
-        if (fullName == NULL)
-            return MEMORY_E;
-
-        idx = 0;
-        entryCount = AddAllEntry(name, fullName, totalLen, &idx);
-        if (entryCount < 0) {
-            XFREE(fullName, name->heap, DYNAMIC_TYPE_X509);
-            return entryCount;
-        }
-
         if (name->dynamicName) {
             XFREE(name->name, name->heap, DYNAMIC_TYPE_X509);
+            name->name = name->staticName;
+            name->dynamicName = 0;
         }
-        fullName[idx] = '\0';
-        name->name = fullName;
-        name->dynamicName = 1;
+
+        if (totalLen >= ASN_NAME_MAX) {
+            name->name = (char*)XMALLOC(totalLen + 1, name->heap,
+                    DYNAMIC_TYPE_X509);
+            if (name->name == NULL)
+                return MEMORY_E;
+            name->dynamicName = 1;
+        }
+
+        idx = 0;
+        entryCount = AddAllEntry(name, name->name, totalLen, &idx);
+        if (entryCount < 0)
+            return entryCount;
+
+        name->name[idx] = '\0';
         name->sz = idx + 1; /* size includes null terminator */
         name->entrySz = entryCount;
 
@@ -11947,8 +13046,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
             if (name->entries == NULL) {
                 name->entries = wolfSSL_sk_X509_NAME_new(NULL);
             }
-            if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current
-                                                         ) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current) <= 0) {
                 ret = WOLFSSL_FAILURE;
             }
         #endif
@@ -11976,7 +13074,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                                            const unsigned char *bytes, int len,
                                            int loc, int set)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         int nid;
         WOLFSSL_X509_NAME_ENTRY* entry;
 
@@ -11986,7 +13084,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
         if (name == NULL || field == NULL)
             return WOLFSSL_FAILURE;
 
-        if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef) {
+        if ((nid = wolfSSL_OBJ_txt2nid(field)) == WC_NID_undef) {
             WOLFSSL_MSG("Unable convert text to NID");
             return WOLFSSL_FAILURE;
         }
@@ -12046,7 +13144,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                                            int idx) {
         if (!name || idx >= MAX_NAME_ENTRIES ||
                 !obj || !obj->obj) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         if (idx < 0) {
@@ -12056,20 +13154,32 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
         for (idx++; idx < MAX_NAME_ENTRIES; idx++) {
             /* Find index of desired name */
             if (name->entry[idx].set) {
-                if (XSTRLEN(obj->sName) == XSTRLEN(name->entry[idx].object->sName) &&
+                if (XSTRLEN(obj->sName) ==
+                        XSTRLEN(name->entry[idx].object->sName) &&
                     XSTRNCMP((const char*) obj->sName,
                         name->entry[idx].object->sName, obj->objSz - 1) == 0) {
                     return idx;
                 }
             }
         }
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
     defined(OPENSSL_EXTRA_X509_SMALL)
 
+#ifdef OPENSSL_EXTRA
+    int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne)
+    {
+        if (ne != NULL) {
+            return ne->set;
+        }
+        return 0;
+    }
+#endif
+
+
     /* returns a pointer to the internal entry at location 'loc' on success,
      * a null pointer is returned in fail cases */
     WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
@@ -12107,26 +13217,26 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
 
 #ifdef OPENSSL_EXTRA
 
-    int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
 
-        if (!x509 || !key) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-    #ifndef NO_CHECK_PRIVATE_KEY
-        return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
-                x509->pubKey.buffer, x509->pubKey.length,
-                (enum Key_Sum)x509->pubKeyOID) == 1 ?
-                        WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    #else
-        /* not compiled in */
-        return WOLFSSL_SUCCESS;
-    #endif
+    if (!x509 || !key) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
     }
 
+#ifndef NO_CHECK_PRIVATE_KEY
+    return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
+            x509->pubKey.buffer, x509->pubKey.length,
+            (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ?
+                    WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+#else
+    /* not compiled in */
+    return WOLFSSL_SUCCESS;
+#endif
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
@@ -12160,7 +13270,7 @@ int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
     }
 
     /* get PEM size */
-    pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERTREQ_TYPE);
+    pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, NULL, CERTREQ_TYPE);
     if (pemSz < 0) {
         return WOLFSSL_FAILURE;
     }
@@ -12170,7 +13280,7 @@ int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
     if (pem == NULL) {
         return WOLFSSL_FAILURE;
     }
-    if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) {
+    if (wc_DerToPemEx(der, (word32)derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) {
         XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return WOLFSSL_FAILURE;
     }
@@ -12210,7 +13320,7 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
     }
 
     /* get PEM size */
-    pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE);
+    pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, NULL, CERT_TYPE);
     if (pemSz < 0) {
         return WOLFSSL_FAILURE;
     }
@@ -12220,7 +13330,7 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
     if (pem == NULL) {
         return WOLFSSL_FAILURE;
     }
-    if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
+    if (wc_DerToPemEx(der, (word32)derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
         XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return WOLFSSL_FAILURE;
     }
@@ -12258,7 +13368,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
     }
 
     /* get PEM size */
-    pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE);
+    pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, NULL, CERT_TYPE);
     if (pemSz < 0) {
         goto error;
     }
@@ -12268,7 +13378,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
     if (pem == NULL) {
         goto error;
     }
-    if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
+    if (wc_DerToPemEx(der, (word32)derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
         goto error;
     }
 
@@ -12280,8 +13390,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
     return WOLFSSL_SUCCESS;
 
 error:
-    if (pem)
-        XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return WOLFSSL_FAILURE;
 }
 #endif /* WOLFSSL_CERT_GEN */
@@ -12289,9 +13398,10 @@ error:
 #endif /* !NO_BIO */
 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
 
-#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-        defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-        defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)
+#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+        defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
+        defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) || \
+        defined(HAVE_SBLIM_SFCB)
 
 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
         WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb))
@@ -12327,14 +13437,15 @@ int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
  * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on
  *         fail
  */
-WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk,
-    int i)
+WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(
+    const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
     return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i);
 }
 
-WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
+WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
 {
     WOLFSSL_STACK* node;
     WOLFSSL_X509_NAME* name;
@@ -12400,7 +13511,7 @@ int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk,
             return i;
         }
     }
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* Name Entry */
@@ -12427,7 +13538,8 @@ WOLFSSL_X509_NAME_ENTRY* wolfSSL_sk_X509_NAME_ENTRY_value(
     return (WOLFSSL_X509_NAME_ENTRY*)wolfSSL_sk_value(sk, i);
 }
 
-int wolfSSL_sk_X509_NAME_ENTRY_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk)
+int wolfSSL_sk_X509_NAME_ENTRY_num(
+    const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk)
 {
     if (sk == NULL)
         return BAD_FUNC_ARG;
@@ -12552,7 +13664,7 @@ void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
 /* Adds the WOLFSSL_X509_INFO to the stack "sk". "sk" takes control of "in" and
  * tries to free it when the stack is free'd.
  *
- * return 1 on success 0 on fail
+ * return number of elements on success 0 on fail
  */
 int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
                                                       WOLFSSL_X509_INFO* in)
@@ -12580,9 +13692,10 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
 
     for (i = 0; i < num; i++) {
         name = wolfSSL_X509_NAME_dup(wolfSSL_sk_X509_NAME_value(sk, i));
-        if (name == NULL || WOLFSSL_SUCCESS != wolfSSL_sk_X509_NAME_push(copy, name)) {
+        if (name == NULL || wolfSSL_sk_X509_NAME_push(copy, name) <= 0) {
             WOLFSSL_MSG("Memory error");
             wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free);
+            wolfSSL_X509_NAME_free(name);
             return NULL;
         }
     }
@@ -12590,7 +13703,8 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
     return copy;
 }
 
-void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i)
+void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+    int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_value");
     for (; sk != NULL && i > 0; i--)
@@ -12606,7 +13720,8 @@ int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s)
     WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_num");
     if (s) {
         return (int)s->num;
-    } else {
+    }
+    else {
         return 0;
     }
 }
@@ -12636,74 +13751,86 @@ static int get_dn_attr_by_nid(int n, const char** buf)
 
     switch(n)
     {
-        case NID_commonName :
+        case WC_NID_commonName :
             str = "CN";
             len = 2;
             break;
-        case NID_countryName:
+        case WC_NID_countryName:
             str = "C";
             len = 1;
             break;
-        case NID_localityName:
+        case WC_NID_localityName:
             str = "L";
             len = 1;
             break;
-        case NID_stateOrProvinceName:
+        case WC_NID_stateOrProvinceName:
             str = "ST";
             len = 2;
             break;
-        case NID_streetAddress:
+        case WC_NID_streetAddress:
             str = "street";
             len = 6;
             break;
-        case NID_organizationName:
+        case WC_NID_organizationName:
             str = "O";
             len = 1;
             break;
-        case NID_organizationalUnitName:
+        case WC_NID_organizationalUnitName:
             str = "OU";
             len = 2;
             break;
-        case NID_postalCode:
+        case WC_NID_postalCode:
             str = "postalCode";
             len = 10;
             break;
-        case NID_emailAddress:
+        case WC_NID_emailAddress:
             str = "emailAddress";
             len = 12;
             break;
-        case NID_surname:
+        case WC_NID_surname:
             str = "SN";
             len = 2;
             break;
-        case NID_givenName:
+        case WC_NID_givenName:
             str = "GN";
             len = 2;
             break;
-        case NID_dnQualifier:
+        case WC_NID_dnQualifier:
             str = "dnQualifier";
             len = 11;
             break;
-        case NID_name:
+        case WC_NID_name:
             str = "name";
             len = 4;
             break;
-        case NID_initials:
+        case WC_NID_initials:
             str = "initials";
             len = 8;
             break;
-        case NID_domainComponent:
+        case WC_NID_domainComponent:
             str = "DC";
             len = 2;
             break;
-        case NID_pkcs9_contentType:
+        case WC_NID_pkcs9_contentType:
             str = "contentType";
             len = 11;
             break;
-        case NID_userId:
+        case WC_NID_userId:
             str = "UID";
             len = 3;
             break;
+        case WC_NID_serialNumber:
+            str = "serialNumber";
+            len = 12;
+            break;
+        case WC_NID_title:
+            str = "title";
+            len = 5;
+            break;
+        case WC_NID_rfc822Mailbox:
+            str = "mail";
+            len = 4;
+            break;
         default:
             WOLFSSL_MSG("Attribute type not found");
             str = NULL;
@@ -12768,7 +13895,7 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz,
     }
     out[outIdx] = '\0';
 
-    return outIdx;
+    return (int)outIdx;
 }
 
 /*
@@ -12783,6 +13910,7 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz,
  *                                RFC22523 currently implemented.
  *              XN_FLAG_DN_REV  - print name reversed. Automatically done by
  *                                XN_FLAG_RFC2253.
+ *              XN_FLAG_SPC_EQ  - spaces before and after '=' character
  *
  * Returns WOLFSSL_SUCCESS (1) on success, WOLFSSL_FAILURE (0) on failure.
  */
@@ -12790,6 +13918,8 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
                 int indent, unsigned long flags)
 {
     int i, count = 0, nameStrSz = 0, escapeSz = 0;
+    int eqSpace  = 0;
+    char eqStr[4];
     char* tmp = NULL;
     char* nameStr = NULL;
     const char *buf = NULL;
@@ -12802,6 +13932,15 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
     if ((name == NULL) || (name->sz == 0) || (bio == NULL))
         return WOLFSSL_FAILURE;
 
+    XMEMSET(eqStr, 0, sizeof(eqStr));
+    if (flags & WOLFSSL_XN_FLAG_SPC_EQ) {
+        eqSpace = 2;
+        XSTRNCPY(eqStr, " = ", 4);
+    }
+    else {
+        XSTRNCPY(eqStr, "=", 4);
+    }
+
     for (i = 0; i < indent; i++) {
         if (wolfSSL_BIO_write(bio, " ", 1) != 1)
             return WOLFSSL_FAILURE;
@@ -12814,9 +13953,11 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         int tmpSz;
 
         /* reverse name order for RFC2253 and DN_REV */
-        if ((flags & XN_FLAG_RFC2253) || (flags & XN_FLAG_DN_REV)) {
+        if ((flags & WOLFSSL_XN_FLAG_RFC2253) ||
+            (flags & WOLFSSL_XN_FLAG_DN_REV)) {
             ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1);
-        } else {
+        }
+        else {
             ne = wolfSSL_X509_NAME_get_entry(name, i);
         }
         if (ne == NULL)
@@ -12826,7 +13967,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         if (str == NULL)
             return WOLFSSL_FAILURE;
 
-        if (flags & XN_FLAG_RFC2253) {
+        if (flags & WOLFSSL_XN_FLAG_RFC2253) {
             /* escape string for RFC 2253, ret sz not counting null term */
             escapeSz = wolfSSL_EscapeString_RFC2253(str->data,
                             str->length, escaped, sizeof(escaped));
@@ -12846,14 +13987,15 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         if (len == 0 || buf == NULL)
             return WOLFSSL_FAILURE;
 
-        tmpSz = nameStrSz + len + 4; /* + 4 for '=', comma space and '\0'*/
+        /* + 4 for '=', comma space and '\0'*/
+        tmpSz = nameStrSz + len + 4 + eqSpace;
         tmp = (char*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             return WOLFSSL_FAILURE;
         }
 
         if (i < count - 1) {
-            if (XSNPRINTF(tmp, tmpSz, "%s=%s, ", buf, nameStr)
+            if (XSNPRINTF(tmp, (size_t)tmpSz, "%s%s%s, ", buf, eqStr, nameStr)
                 >= tmpSz)
             {
                 WOLFSSL_MSG("buffer overrun");
@@ -12861,21 +14003,23 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
                 return WOLFSSL_FAILURE;
             }
 
-            tmpSz = len + nameStrSz + 3; /* 3 for '=', comma space */
+            tmpSz = len + nameStrSz + 3 + eqSpace; /* 3 for '=', comma space */
         }
         else {
-            if (XSNPRINTF(tmp, tmpSz, "%s=%s", buf, nameStr)
+            if (XSNPRINTF(tmp, (size_t)tmpSz, "%s%s%s", buf, eqStr, nameStr)
                 >= tmpSz)
             {
                 WOLFSSL_MSG("buffer overrun");
                 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return WOLFSSL_FAILURE;
             }
-            tmpSz = len + nameStrSz + 1; /* 1 for '=' */
-            if (bio->type != WOLFSSL_BIO_FILE && bio->type != WOLFSSL_BIO_MEMORY)
+            tmpSz = len + nameStrSz + 1 + eqSpace; /* 1 for '=' */
+            if (bio->type != WOLFSSL_BIO_FILE &&
+                                              bio->type != WOLFSSL_BIO_MEMORY) {
                 ++tmpSz; /* include the terminating null when not writing to a
                           * file.
                           */
+            }
         }
 
         if (wolfSSL_BIO_write(bio, tmp, tmpSz) != tmpSz) {
@@ -12898,7 +14042,7 @@ int wolfSSL_X509_NAME_print_ex_fp(XFILE file, WOLFSSL_X509_NAME* name,
 
     WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex_fp");
 
-    if (!(bio = wolfSSL_BIO_new_fp(file, BIO_NOCLOSE))) {
+    if (!(bio = wolfSSL_BIO_new_fp(file, WOLFSSL_BIO_NOCLOSE))) {
         WOLFSSL_MSG("wolfSSL_BIO_new_fp error");
         return WOLFSSL_FAILURE;
     }
@@ -12948,6 +14092,11 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
         if (obj->type == WOLFSSL_X509_LU_X509) {
             wolfSSL_X509_free(obj->data.x509);
         }
+    #ifdef HAVE_CRL
+        else if (obj->type == WOLFSSL_X509_LU_CRL) {
+            wolfSSL_X509_CRL_free(obj->data.crl);
+        }
+    #endif
         else {
             /* We don't free as this will point to
              * store->cm->crl which we don't own */
@@ -12956,6 +14105,29 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
         XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
+
+WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
+        WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
+        WOLFSSL_X509_LOOKUP_TYPE type,
+        WOLFSSL_X509_NAME *name)
+{
+    int i;
+
+    WOLFSSL_ENTER("wolfSSL_X509_OBJECT_retrieve_by_subject");
+
+    if (sk == NULL || name == NULL)
+        return NULL;
+
+    for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) {
+        WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)
+            wolfSSL_sk_X509_OBJECT_value(sk, i);
+        if (obj != NULL && obj->type == type &&
+            wolfSSL_X509_NAME_cmp(
+                wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0)
+            return obj;
+    }
+    return NULL;
+}
 #endif /* OPENSSL_ALL */
 
 #ifndef NO_WOLFSSL_STUB
@@ -12996,16 +14168,13 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
     WOLFSSL_ENTER("wolfSSL_sk_X509_num");
 
     if (s == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)s->num;
 }
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(HAVE_EX_DATA) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \
-     || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)                   \
-     || defined(HAVE_LIGHTY))
-
+#ifdef HAVE_EX_DATA_CRYPTO
 int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
                                   WOLFSSL_CRYPTO_EX_new* new_func,
                                   WOLFSSL_CRYPTO_EX_dup* dup_func,
@@ -13013,14 +14182,13 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_ex_new_index");
 
-    return wolfssl_get_ex_new_index(CRYPTO_EX_INDEX_X509, idx, arg,
+    return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, idx, arg,
                                     new_func, dup_func, free_func);
 }
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(WOLFSSL_WPAS_SMALL)
-void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx)
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
 #ifdef HAVE_EX_DATA
@@ -13034,12 +14202,11 @@ void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
     return NULL;
 }
 
-int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
+int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data)
 {
     WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
 #ifdef HAVE_EX_DATA
-    if (x509 != NULL)
-    {
+    if (x509 != NULL) {
         return wolfSSL_CRYPTO_set_ex_data(&x509->ex_data, idx, data);
     }
 #else
@@ -13052,7 +14219,7 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
 
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 int wolfSSL_X509_set_ex_data_with_cleanup(
-    X509 *x509,
+    WOLFSSL_X509 *x509,
     int idx,
     void *data,
     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
@@ -13066,8 +14233,7 @@ int wolfSSL_X509_set_ex_data_with_cleanup(
     return WOLFSSL_FAILURE;
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
-
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 
 #ifndef NO_ASN
@@ -13075,6 +14241,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
                     unsigned int flags, char **peername)
 {
     int         ret;
+    size_t      i;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *dCert;
 #else
@@ -13084,7 +14251,6 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
     WOLFSSL_ENTER("wolfSSL_X509_check_host");
 
     /* flags and peername not needed for Nginx. */
-    (void)flags;
     (void)peername;
 
     if ((x == NULL) || (chk == NULL)) {
@@ -13092,11 +14258,15 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
         return WOLFSSL_FAILURE;
     }
 
-    if (flags == WOLFSSL_NO_WILDCARDS) {
+    if (flags & WOLFSSL_NO_WILDCARDS) {
         WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
         return WOLFSSL_FAILURE;
     }
-    if (flags == WOLFSSL_NO_PARTIAL_WILDCARDS) {
+    if (flags & WOLFSSL_NO_PARTIAL_WILDCARDS) {
+        WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented");
+        return WOLFSSL_FAILURE;
+    }
+    if (flags & WOLFSSL_MULTI_LABEL_WILDCARDS) {
         WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented");
         return WOLFSSL_FAILURE;
     }
@@ -13111,12 +14281,28 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
 #endif
 
     InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL);
-    ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL);
+    ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL);
     if (ret != 0) {
         goto out;
     }
 
-    ret = CheckHostName(dCert, (char *)chk, chklen);
+    /* Replicate openssl behavior for checklen */
+    if (chklen == 0) {
+        chklen = (size_t)(XSTRLEN(chk));
+    }
+    else {
+        for (i = 0; i < (chklen > 1 ? chklen - 1 : chklen); i++) {
+            if (chk[i] == '\0') {
+                ret = WOLFSSL_FATAL_ERROR;
+                goto out;
+            }
+        }
+    }
+    if (chklen > 1 && (chk[chklen - 1] == '\0')) {
+        chklen--;
+    }
+
+    ret = CheckHostName(dCert, (char *)chk, chklen, flags);
 
 out:
 
@@ -13134,7 +14320,7 @@ out:
 int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
         unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *dCert = NULL;
 #else
@@ -13166,7 +14352,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
 
     if (ret == WOLFSSL_SUCCESS) {
         InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL);
-        ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL);
+        ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL);
         if (ret != 0) {
             ret = WOLFSSL_FAILURE;
         }
@@ -13183,8 +14369,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (dCert != NULL)
+    if (x != NULL) {
         XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    }
 #endif
 
     return ret;
@@ -13213,7 +14400,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
         return WOLFSSL_FAILURE;
 
     /* Call with NULL buffer to get required length. */
-    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
+    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress,
                                                  NULL, 0);
     if (emailLen < 0)
         return WOLFSSL_FAILURE;
@@ -13224,7 +14411,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
     if (emailBuf == NULL)
         return WOLFSSL_FAILURE;
 
-    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
+    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress,
                                                  emailBuf, emailLen);
     if (emailLen < 0) {
         XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL);
@@ -13272,76 +14459,6 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
 
-/**
- * Find the issuing cert of the input cert. On a self-signed cert this
- * function will return an error.
- * @param issuer The issuer x509 struct is returned here
- * @param cm     The cert manager that is queried for the issuer
- * @param x      This cert's issuer will be queried in cm
- * @return       WOLFSSL_SUCCESS on success
- *               WOLFSSL_FAILURE on error
- */
-static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
-        WOLFSSL_X509 *x)
-{
-    Signer* ca = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    DecodedCert* cert = NULL;
-#else
-    DecodedCert  cert[1];
-#endif
-
-    if (cm == NULL || x == NULL || x->derCert == NULL) {
-        WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining "
-                    "WOLFSSL_SIGNER_DER_CERT could solve the issue");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
-        return WOLFSSL_FAILURE;
-#endif
-
-    /* Use existing CA retrieval APIs that use DecodedCert. */
-    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
-    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
-            && !cert->selfSigned) {
-    #ifndef NO_SKID
-        if (cert->extAuthKeyIdSet)
-            ca = GetCA(cm, cert->extAuthKeyId);
-        if (ca == NULL)
-            ca = GetCAByName(cm, cert->issuerHash);
-    #else /* NO_SKID */
-        ca = GetCA(cm, cert->issuerHash);
-    #endif /* NO SKID */
-    }
-    FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-#endif
-
-    if (ca == NULL)
-        return WOLFSSL_FAILURE;
-
-#ifdef WOLFSSL_SIGNER_DER_CERT
-    /* populate issuer with Signer DER */
-    if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
-            ca->derCert->length) == NULL)
-        return WOLFSSL_FAILURE;
-#else
-    /* Create an empty certificate as CA doesn't have a certificate. */
-    *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
-        DYNAMIC_TYPE_OPENSSL);
-    if (*issuer == NULL)
-        return WOLFSSL_FAILURE;
-
-    InitX509((*issuer), 1, NULL);
-#endif
-
-    return WOLFSSL_SUCCESS;
-}
-
 void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
 {
     WOLFSSL_STACK *curr;
@@ -13407,7 +14524,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
 #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
-    defined(KEEP_PEER_CERT)
+    defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
 WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
 {
     WOLFSSL_ENTER("wolfSSL_X509_dup");
@@ -13422,9 +14539,11 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
         return NULL;
     }
 
-    return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
+    return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
+        x->heap);
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || \
+          SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA)
 int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509)
@@ -13449,7 +14568,7 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_version");
 
-    if (x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("invalid parameter");
         return 0L;
     }
@@ -13467,7 +14586,7 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x)
     if (x == NULL)
         return 0;
 
-    return oid2nid(x->sigOID, oidSigType);
+    return oid2nid((word32)x->sigOID, oidSigType);
 }
 #endif  /* OPENSSL_EXTRA */
 
@@ -13651,6 +14770,16 @@ int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t)
     return WOLFSSL_SUCCESS;
 }
 
+int wolfSSL_X509_set1_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME *t)
+{
+    return wolfSSL_X509_set_notAfter(x509, t);
+}
+
+int wolfSSL_X509_set1_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME *t)
+{
+    return wolfSSL_X509_set_notBefore(x509, t);
+}
+
 int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
 {
     WOLFSSL_ENTER("wolfSSL_X509_set_serialNumber");
@@ -13683,7 +14812,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
     /* Regenerate since pkey->pkey.ptr may contain private key */
     switch (pkey->type) {
 #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         {
             RsaKey* rsa;
 
@@ -13699,7 +14828,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
             if (p == NULL)
                 return WOLFSSL_FAILURE;
 
-            if ((derSz = wc_RsaKeyToPublicDer(rsa, p, derSz)) <= 0) {
+            if ((derSz = wc_RsaKeyToPublicDer(rsa, p, (word32)derSz)) <= 0) {
                 XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
                 return WOLFSSL_FAILURE;
             }
@@ -13709,7 +14838,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
 #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
 #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
         defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         {
             DsaKey* dsa;
 
@@ -13723,16 +14852,16 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
             if (p == NULL)
                 return WOLFSSL_FAILURE;
 
-            if ((derSz = wc_DsaKeyToPublicDer(dsa, p, derSz)) <= 0) {
+            if ((derSz = wc_DsaKeyToPublicDer(dsa, p, (word32)derSz)) <= 0) {
                 XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
                 return WOLFSSL_FAILURE;
             }
-            cert->pubKeyOID = RSAk;
+            cert->pubKeyOID = DSAk;
         }
         break;
 #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && !NO_DSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         {
             ecc_key* ecc;
 
@@ -13748,7 +14877,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
             if (p == NULL)
                 return WOLFSSL_FAILURE;
 
-            if ((derSz = wc_EccPublicKeyToDer(ecc, p, derSz, 1)) <= 0) {
+            if ((derSz = wc_EccPublicKeyToDer(ecc, p, (word32)derSz, 1)) <= 0) {
                 XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
                 return WOLFSSL_FAILURE;
             }
@@ -13759,8 +14888,9 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
     default:
         return WOLFSSL_FAILURE;
     }
+    XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     cert->pubKey.buffer = p;
-    cert->pubKey.length = derSz;
+    cert->pubKey.length = (unsigned int)derSz;
 
     return WOLFSSL_SUCCESS;
 }
@@ -13778,7 +14908,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v)
 
 #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */
 
-#if defined(OPENSSL_ALL) && \
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) &&           \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
 
 void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
@@ -13787,35 +14917,50 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 {
     int ret = WOLFSSL_SUCCESS;
     WOLFSSL_ENTER("wolfSSL_X509V3_set_ctx");
-    if (!ctx)
-        return;
+    if (!ctx) {
+        ret = WOLFSSL_FAILURE;
+        WOLFSSL_MSG("wolfSSL_X509V3_set_ctx() called with null ctx.");
+    }
 
-    /* not checking ctx->x509 for null first since app won't have initialized
-     * this X509V3_CTX before this function call */
-    ctx->x509 = wolfSSL_X509_new();
-    if (!ctx->x509)
-        return;
+    if (ret == WOLFSSL_SUCCESS && (ctx->x509 != NULL)) {
+        ret = WOLFSSL_FAILURE;
+        WOLFSSL_MSG("wolfSSL_X509V3_set_ctx() called "
+                    "with ctx->x509 already allocated.");
+    }
+
+    if (ret == WOLFSSL_SUCCESS) {
+        ctx->x509 = wolfSSL_X509_new_ex(
+            (issuer && issuer->heap) ? issuer->heap :
+            (subject && subject->heap) ? subject->heap :
+            (req && req->heap) ? req->heap :
+            NULL);
+        if (!ctx->x509) {
+            ret = WOLFSSL_FAILURE;
+            WOLFSSL_MSG("wolfSSL_X509_new_ex() failed "
+                        "in wolfSSL_X509V3_set_ctx().");
+        }
+    }
 
     /* Set parameters in ctx as long as ret == WOLFSSL_SUCCESS */
-    if (issuer)
-        ret = wolfSSL_X509_set_issuer_name(ctx->x509,&issuer->issuer);
+    if (ret == WOLFSSL_SUCCESS && issuer)
+        ret = wolfSSL_X509_set_issuer_name(ctx->x509, &issuer->issuer);
 
-    if (subject && ret == WOLFSSL_SUCCESS)
-        ret = wolfSSL_X509_set_subject_name(ctx->x509,&subject->subject);
+    if (ret == WOLFSSL_SUCCESS && subject)
+        ret = wolfSSL_X509_set_subject_name(ctx->x509, &subject->subject);
 
-    if (req && ret == WOLFSSL_SUCCESS) {
+    if (ret == WOLFSSL_SUCCESS && req) {
         WOLFSSL_MSG("req not implemented.");
     }
 
-    if (crl && ret == WOLFSSL_SUCCESS) {
+    if (ret == WOLFSSL_SUCCESS && crl) {
         WOLFSSL_MSG("crl not implemented.");
     }
 
-    if (flag && ret == WOLFSSL_SUCCESS) {
+    if (ret == WOLFSSL_SUCCESS && flag) {
         WOLFSSL_MSG("flag not implemented.");
     }
 
-    if (!ret) {
+    if (ret != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("Error setting WOLFSSL_X509V3_CTX parameters.");
     }
 }
@@ -13824,7 +14969,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out)
 {
     int derSz = 0;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_BIO* bio = NULL;
     WOLFSSL_ENTER("wolfSSL_i2d_X509_REQ");
 
@@ -13875,6 +15020,25 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
     wolfSSL_X509_free(req);
 }
 
+int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_REQ_set_version");
+    if ((x == NULL) || (version < 0) || (version >= INT_MAX)) {
+        return WOLFSSL_FAILURE;
+    }
+    x->version = (int)version;
+    return WOLFSSL_SUCCESS;
+}
+
+long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_REQ_get_version");
+    if (req == NULL) {
+        return 0; /* invalid arg */
+    }
+    return (long)req->version;
+}
+
 int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                           const WOLFSSL_EVP_MD *md)
 {
@@ -13936,21 +15100,23 @@ int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
 static int regenX509REQDerBuffer(WOLFSSL_X509* x509)
 {
     int derSz = X509_BUFFER_SZ;
-    int ret = WOLFSSL_FAILURE;
-#ifdef WOLFSSL_SMALL_STACK
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+#ifndef WOLFSSL_SMALL_STACK
+    byte der[X509_BUFFER_SZ];
+#else
     byte* der;
+
     der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!der) {
         WOLFSSL_MSG("malloc failed");
         return WOLFSSL_FAILURE;
     }
-#else
-    byte der[X509_BUFFER_SZ];
 #endif
 
     if (wolfssl_x509_make_der(x509, 1, der, &derSz, 0) == WOLFSSL_SUCCESS) {
         FreeDer(&x509->derCert);
-        if (AllocDer(&x509->derCert, derSz, CERT_TYPE, x509->heap) == 0) {
+        if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE,
+                                                             x509->heap) == 0) {
             XMEMCPY(x509->derCert->buffer, der, derSz);
             ret = WOLFSSL_SUCCESS;
         }
@@ -14076,13 +15242,13 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
 
     WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID");
 
-    if (!req || !bytes || type != MBSTRING_ASC) {
+    if (!req || !bytes || type != WOLFSSL_MBSTRING_ASC) {
         WOLFSSL_MSG("Bad parameter");
         return WOLFSSL_FAILURE;
     }
 
     switch (nid) {
-    case NID_pkcs9_challengePassword:
+    case WC_NID_pkcs9_challengePassword:
         if (len < 0)
             len = (int)XSTRLEN((char*)bytes);
         if (len < CTC_NAME_SIZE) {
@@ -14095,7 +15261,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
             return WOLFSSL_FAILURE;
         }
         break;
-    case NID_serialNumber:
+    case WC_NID_serialNumber:
         if (len < 0)
             len = (int)XSTRLEN((char*)bytes);
         if (len + 1 > EXTERNAL_SERIAL_SIZE) {
@@ -14107,12 +15273,12 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
         req->serialSz = len;
         break;
 
-    case NID_pkcs9_unstructuredName:
-    case NID_pkcs9_contentType:
-    case NID_surname:
-    case NID_initials:
-    case NID_givenName:
-    case NID_dnQualifier:
+    case WC_NID_pkcs9_unstructuredName:
+    case WC_NID_pkcs9_contentType:
+    case WC_NID_surname:
+    case WC_NID_initials:
+    case WC_NID_givenName:
+    case WC_NID_dnQualifier:
         break;
 
     default:
@@ -14122,7 +15288,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
 
     attr = wolfSSL_X509_ATTRIBUTE_new();
     ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len,
-            V_ASN1_PRINTABLESTRING, nid);
+            WOLFSSL_V_ASN1_PRINTABLESTRING, nid);
     if (ret != WOLFSSL_SUCCESS) {
         wolfSSL_X509_ATTRIBUTE_free(attr);
     }
@@ -14133,11 +15299,16 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
                 req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
             }
         }
-        ret = wolfSSL_sk_push(req->reqAttributes, attr);
-        if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) {
-            /* CIPHER type makes a copy */
-            wolfSSL_X509_ATTRIBUTE_free(attr);
+        if ((req->reqAttributes != NULL) &&
+                (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) {
+            ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         }
+        else {
+            ret = WOLFSSL_FAILURE;
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            wolfSSL_X509_ATTRIBUTE_free(attr);
     }
 
     return ret;
@@ -14287,9 +15458,441 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr)
         XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
-#endif
+#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) &&
+          (WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ) */
 
-#endif /* !NO_CERT */
+#if defined(WOLFSSL_ACERT) && \
+   (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+
+/* Allocate and return a new WOLFSSL_X509_ACERT struct pointer.
+ *
+ * @param [in]      heap        heap hint
+ *
+ * @return  pointer  on success
+ * @return  NULL     on error
+ * */
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap)
+{
+    WOLFSSL_X509_ACERT * x509 = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_new");
+
+    x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap,
+                                         DYNAMIC_TYPE_X509_ACERT);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_init(x509, 1, heap);
+    }
+
+    return x509;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void)
+{
+    return wolfSSL_X509_ACERT_new_ex(NULL);
+}
+
+/* Initialize a WOLFSSL_X509_ACERT struct.
+ *
+ * If dynamic == 1, then the x509 pointer will be freed
+ * in wolfSSL_X509_ACERT_free.
+ *
+ * @param [in]      x509        x509 acert pointer
+ * @param [in]      dynamic     dynamic mem flag
+ * @param [in]      heap        heap hint
+ *
+ * @return  void
+ * */
+void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_init");
+
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: InitX509Acert: null parameter");
+        return;
+    }
+
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    x509->heap = heap;
+    x509->dynamic = dynamic;
+}
+
+/* Free a WOLFSSL_X509_ACERT struct and its sub-fields.
+ *
+ * If this ACERT was initialized with dynamic == 1, then
+ * the x509 pointer itself will be freed as well.
+ *
+ * @param [in]      x509        x509 acert pointer
+ *
+ * @return  void
+ * */
+void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509)
+{
+    int    dynamic = 0;
+    void * heap = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_free");
+
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter");
+        return;
+    }
+
+    dynamic = x509->dynamic;
+    heap = x509->heap;
+
+    /* Free holder and att cert issuer structures. */
+    if (x509->holderIssuerName) {
+        FreeAltNames(x509->holderIssuerName, heap);
+        x509->holderIssuerName = NULL;
+    }
+
+    if (x509->holderEntityName) {
+        FreeAltNames(x509->holderEntityName, heap);
+        x509->holderEntityName = NULL;
+    }
+
+    if (x509->AttCertIssuerName) {
+        FreeAltNames(x509->AttCertIssuerName, heap);
+        x509->AttCertIssuerName = NULL;
+    }
+
+    if (x509->rawAttr != NULL) {
+        XFREE(x509->rawAttr, heap, DYNAMIC_TYPE_X509_EXT);
+        x509->rawAttr = NULL;
+        x509->rawAttrLen = 0;
+    }
+
+    /* Free derCert source and signature buffer. */
+    FreeDer(&x509->derCert);
+
+    if (x509->sig.buffer != NULL) {
+        XFREE(x509->sig.buffer, heap, DYNAMIC_TYPE_SIGNATURE);
+        x509->sig.buffer = NULL;
+    }
+
+    /* Finally memset and free x509 acert structure. */
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    if (dynamic == 1) {
+        XFREE(x509, heap, DYNAMIC_TYPE_X509_ACERT);
+    }
+
+    return;
+}
+
+#if defined(OPENSSL_EXTRA)
+long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509)
+{
+    int version = 0;
+
+    if (x509 == NULL) {
+        return 0L;
+    }
+
+    version = x509->version;
+
+    return version != 0 ? (long)version - 1L : 0L;
+}
+#endif /* OPENSSL_EXTRA */
+
+int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return x509->version;
+}
+
+/* Retrieve the serial number from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the serial number buffer pointer
+ * @param [in, out]  bufSz   the serial number buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                         byte* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number");
+
+    if (x509 == NULL || bufSz == NULL) {
+        WOLFSSL_MSG("error: null argument passed in");
+        return BAD_FUNC_ARG;
+    }
+
+    if (buf != NULL) {
+        if (*bufSz < x509->serialSz) {
+            WOLFSSL_MSG("error: serial buffer too small");
+            return BUFFER_E;
+        }
+
+        XMEMCPY(buf, x509->serial, x509->serialSz);
+    }
+
+    *bufSz = x509->serialSz;
+
+    return WOLFSSL_SUCCESS;
+}
+
+/* Sets buf pointer and len to raw Attribute buffer and buffer len
+ * in X509 struct.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns BAD_FUNC_ARG if input pointers are null.
+ * */
+WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                const byte ** rawAttr,
+                                                word32 * rawAttrLen)
+{
+    if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    *rawAttr = x509->rawAttr;
+    *rawAttrLen = x509->rawAttrLen;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md)
+{
+    WOLFSSL_STUB("X509_ACERT_sign");
+    (void) x509;
+    (void) pkey;
+    (void) md;
+    return WOLFSSL_NOT_IMPLEMENTED;
+}
+#endif /* NO_WOLFSSL_STUB */
+
+/* Helper function for ACERT_verify.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  outSz   the x509 der length
+ *
+ * @return  der buffer on success
+ * @return  NULL on error
+ * */
+static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz)
+{
+    if (x509 == NULL || x509->derCert == NULL || outSz == NULL) {
+        return NULL;
+    }
+
+    *outSz = (int)x509->derCert->length;
+    return x509->derCert->buffer;
+}
+
+/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature.
+ *
+ * @param [in]    x509    the x509 attribute certificate
+ * @param [in]    pkey    the evp_pkey
+ *
+ * @return  WOLFSSL_SUCCESS on verify success
+ * @return  < 0 on error
+ * */
+int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey)
+{
+    int          ret = 0;
+    const byte * der = NULL;
+    int          derSz = 0;
+    int          pkey_type;
+
+    if (x509 == NULL || pkey == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify");
+
+    der = acert_get_der(x509, &derSz);
+
+    if (der == NULL || derSz <= 0) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    switch (pkey->type) {
+    case WC_EVP_PKEY_RSA:
+        pkey_type = RSAk;
+        break;
+
+    case WC_EVP_PKEY_EC:
+        pkey_type = ECDSAk;
+        break;
+
+    case WC_EVP_PKEY_DSA:
+        pkey_type = DSAk;
+        break;
+
+    default:
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+
+    ret = VerifyX509Acert(der, (word32)derSz,
+                          (const byte *)pkey->pkey.ptr, pkey->pkey_sz,
+                          pkey_type, x509->heap);
+
+    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+/* Loads an x509 attribute certificate from buffer, and returns
+ * pointer to new WOLFSSL_X509_ACERT struct on success.
+ *
+ * @param [in]  buf    The acert buffer to load.
+ * @param [in]  sz     The size of the buffer.
+ * @param [in]  format The format of the buffer data.
+ * @param [in]  heap   Dynamic memory allocation hint.
+ *
+ * @return  pointer to WOLFSSL_X509_ACERT on success.
+ * @return  NULL on error.
+ * */
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex(
+    const unsigned char* buf, int sz, int format, void * heap)
+{
+    int                  ret = 0;
+    WOLFSSL_X509_ACERT * x509 = NULL;
+    DerBuffer *          der = NULL;
+    #ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert *       acert = NULL;
+    #else
+    DecodedAcert         acert[1];
+    #endif
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer");
+
+    if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buf, sz, ACERT_TYPE, &der, heap, NULL, NULL);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+
+            if (der != NULL) {
+                FreeDer(&der);
+            }
+
+            return NULL;
+        }
+    #else
+        WOLFSSL_ERROR(NOT_COMPILED_IN);
+        return NULL;
+    #endif
+    }
+    else {
+        ret = AllocDer(&der, (word32)sz, ACERT_TYPE, heap);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+            return NULL;
+        }
+
+        XMEMCPY(der->buffer, buf, sz);
+    }
+
+    #ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), heap,
+                                   DYNAMIC_TYPE_DCERT);
+    if (acert == NULL) {
+        WOLFSSL_ERROR(MEMORY_ERROR);
+        FreeDer(&der);
+        return NULL;
+    }
+    #endif
+
+    InitDecodedAcert(acert, der->buffer, der->length, heap);
+
+    ret = ParseX509Acert(acert, VERIFY_SKIP_DATE);
+
+    if (ret == 0) {
+        x509 = wolfSSL_X509_ACERT_new_ex(heap);
+
+        if (x509 != NULL) {
+            ret = CopyDecodedAcertToX509(x509, acert);
+
+            if (ret != 0) {
+                wolfSSL_X509_ACERT_free(x509);
+                x509 = NULL;
+            }
+        }
+        else {
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    FreeDecodedAcert(acert);
+
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(acert, heap, DYNAMIC_TYPE_DCERT);
+    #endif
+
+    FreeDer(&der);
+
+    if (ret != 0) {
+        WOLFSSL_ERROR(ret);
+    }
+
+    return x509;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format)
+{
+    return wolfSSL_X509_ACERT_load_certificate_buffer_ex(buf, sz, format, NULL);
+}
+
+/* Retrieve the signature from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the signature buffer pointer
+ * @param [in, out]  bufSz   the signature buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                     unsigned char* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature");
+
+    if (x509 == NULL || bufSz == NULL) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    /* If buf array is provided, it must be long enough. */
+    if (buf != NULL && *bufSz < (int)x509->sig.length) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (buf != NULL) {
+        /* Copy in buffer if provided. */
+        XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
+    }
+
+    *bufSz = (int)x509->sig.length;
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
+
+#endif /* !NO_CERTS */
 
 #endif /* !WOLFCRYPT_ONLY */
 
diff --git a/src/x509_str.c b/src/x509_str.c
index b0b365bc4..0e7c655e4 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1,6 +1,6 @@
 /* x509_str.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,37 +36,167 @@
 
 #ifndef NO_CERTS
 
-/*******************************************************************************
- * START OF X509_STORE_CTX APIs
- ******************************************************************************/
-
 #ifdef OPENSSL_EXTRA
+static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
+                            WOLFSSL_STACK *certs, WOLFSSL_X509 *x);
+static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                          WOLFSSL_X509* x509, int type);
+#endif
 
-WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
+/* Based on OpenSSL default max depth */
+#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH
+#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100
+#endif
+
+/******************************************************************************
+ * START OF X509_STORE_CTX APIs
+ *****************************************************************************/
+
+/* This API is necessary outside of OPENSSL_EXTRA because it is used in
+ * SetupStoreCtxCallback */
+WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap)
 {
     WOLFSSL_X509_STORE_CTX* ctx;
-    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new");
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new_ex");
 
-    ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX), NULL,
+    ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX), heap,
                                     DYNAMIC_TYPE_X509_CTX);
     if (ctx != NULL) {
-        ctx->param = NULL;
-        if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
-                WOLFSSL_SUCCESS) {
-            XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
+        XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX));
+        ctx->heap = heap;
+#ifdef OPENSSL_EXTRA
+        if ((ctx->owned = wolfSSL_sk_X509_new_null()) == NULL) {
+            XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX);
             ctx = NULL;
         }
+        if (ctx != NULL &&
+            wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
+                WOLFSSL_SUCCESS) {
+            wolfSSL_X509_STORE_CTX_free(ctx);
+            ctx = NULL;
+        }
+#endif
     }
 
     return ctx;
 }
 
+/* This API is necessary outside of OPENSSL_EXTRA because it is used in
+ * SetupStoreCtxCallback */
+/* free's extra data */
+void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_free");
+    if (ctx != NULL) {
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+        wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
+#endif
+
+#ifdef OPENSSL_EXTRA
+        XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
+
+        if (ctx->chain != NULL) {
+            wolfSSL_sk_X509_free(ctx->chain);
+        }
+        if (ctx->owned != NULL) {
+            wolfSSL_sk_X509_pop_free(ctx->owned, NULL);
+        }
+
+        if (ctx->current_issuer != NULL) {
+            wolfSSL_X509_free(ctx->current_issuer);
+        }
+#endif
+
+        XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX);
+    }
+}
+
+#ifdef OPENSSL_EXTRA
+
+#if defined(SESSION_CERTS) || defined(WOLFSSL_SIGNER_DER_CERT)
+
+/**
+ * Find the issuing cert of the input cert. On a self-signed cert this
+ * function will return an error.
+ * @param issuer The issuer x509 struct is returned here
+ * @param cm     The cert manager that is queried for the issuer
+ * @param x      This cert's issuer will be queried in cm
+ * @return       WOLFSSL_SUCCESS on success
+ *               WOLFSSL_FAILURE on error
+ */
+static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
+        WOLFSSL_X509 *x)
+{
+    Signer* ca = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert* cert = NULL;
+#else
+    DecodedCert  cert[1];
+#endif
+
+    if (cm == NULL || x == NULL || x->derCert == NULL) {
+        WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining "
+                    "WOLFSSL_SIGNER_DER_CERT could solve the issue");
+        return WOLFSSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+    if (cert == NULL)
+        return WOLFSSL_FAILURE;
+#endif
+
+    /* Use existing CA retrieval APIs that use DecodedCert. */
+    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
+    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
+            && !cert->selfSigned) {
+    #ifndef NO_SKID
+        if (cert->extAuthKeyIdSet)
+            ca = GetCA(cm, cert->extAuthKeyId);
+        if (ca == NULL)
+            ca = GetCAByName(cm, cert->issuerHash);
+    #else /* NO_SKID */
+        ca = GetCA(cm, cert->issuerHash);
+    #endif /* NO SKID */
+    }
+    FreeDecodedCert(cert);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+#endif
+
+    if (ca == NULL)
+        return WOLFSSL_FAILURE;
+
+#ifdef WOLFSSL_SIGNER_DER_CERT
+    /* populate issuer with Signer DER */
+    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
+            ca->derCert->length, cm->heap) == NULL)
+        return WOLFSSL_FAILURE;
+#else
+    /* Create an empty certificate as CA doesn't have a certificate. */
+    *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
+        DYNAMIC_TYPE_OPENSSL);
+    if (*issuer == NULL)
+        return WOLFSSL_FAILURE;
+
+    InitX509((*issuer), 1, NULL);
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* SESSION_CERTS || WOLFSSL_SIGNER_DER_CERT */
+
+WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new");
+    return wolfSSL_X509_STORE_CTX_new_ex(NULL);
+}
 
 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
-     WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
+     WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
+     WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
-    int ret = 0;
-    (void)sk;
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
 
     if (ctx != NULL) {
@@ -75,52 +205,24 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
         ctx->current_cert = x509;
         #else
         if(x509 != NULL){
-            ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,
-                    x509->derCert->length);
+            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL,
+                    x509->derCert->buffer,
+                    x509->derCert->length,
+                    x509->heap);
             if(ctx->current_cert == NULL)
                 return WOLFSSL_FAILURE;
         } else
             ctx->current_cert = NULL;
         #endif
 
-        ctx->chain  = sk;
-        /* Add intermediate certs, that verify to a loaded CA, to the store */
-        if (sk != NULL) {
-            byte addedAtLeastOne = 1;
-            WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk);
-            if (head == NULL)
-                return WOLFSSL_FAILURE;
-            while (addedAtLeastOne) {
-                WOLF_STACK_OF(WOLFSSL_X509)* cur = head;
-                WOLF_STACK_OF(WOLFSSL_X509)** prev = &head;
-                addedAtLeastOne = 0;
-                while (cur) {
-                    WOLFSSL_X509* cert = cur->data.x509;
-                    if (cert != NULL && cert->derCert != NULL &&
-                            wolfSSL_CertManagerVerifyBuffer(store->cm,
-                                    cert->derCert->buffer,
-                                    cert->derCert->length,
-                                    WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) {
-                        ret = wolfSSL_X509_STORE_add_cert(store, cert);
-                        if (ret < 0) {
-                            wolfSSL_sk_free(head);
-                            return WOLFSSL_FAILURE;
-                        }
-                        addedAtLeastOne = 1;
-                        *prev = cur->next;
-                        wolfSSL_sk_free_node(cur);
-                        cur = *prev;
-                    }
-                    else {
-                        prev = &cur->next;
-                        cur = cur->next;
-                    }
-                }
-            }
-            wolfSSL_sk_free(head);
+        ctx->ctxIntermediates = sk;
+        if (ctx->chain != NULL) {
+            wolfSSL_sk_X509_free(ctx->chain);
+            ctx->chain = NULL;
         }
-
+#ifdef SESSION_CERTS
         ctx->sesChain = NULL;
+#endif
         ctx->domain = NULL;
 #ifdef HAVE_EX_DATA
         XMEMSET(&ctx->ex_data, 0, sizeof(ctx->ex_data));
@@ -133,11 +235,12 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
         if (ctx->param == NULL) {
             ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
                            sizeof(WOLFSSL_X509_VERIFY_PARAM),
-                           NULL, DYNAMIC_TYPE_OPENSSL);
+                           ctx->heap, DYNAMIC_TYPE_OPENSSL);
             if (ctx->param == NULL){
                 WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed");
                 return WOLFSSL_FAILURE;
             }
+            XMEMSET(ctx->param, 0, sizeof(*ctx->param));
         }
 
         return WOLFSSL_SUCCESS;
@@ -145,25 +248,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
     return WOLFSSL_FAILURE;
 }
 
-
-/* free's extra data */
-void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
-{
-    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_free");
-    if (ctx != NULL) {
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-        wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
-#endif
-
-        if (ctx->param != NULL) {
-            XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->param = NULL;
-        }
-
-        XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
-    }
-}
-
 /* Its recommended to use a full free -> init cycle of all the objects
  * because wolfSSL_X509_STORE_CTX_init may modify the store too which doesn't
  * get reset here. */
@@ -171,20 +255,19 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
 {
     if (ctx != NULL) {
 
-        if (ctx->param != NULL) {
-            XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->param = NULL;
-        }
+        XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
 
         wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
     }
 }
 
 
-void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk)
+void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
+                                          WOLF_STACK_OF(WOLFSSL_X509) *sk)
 {
     if (ctx != NULL) {
-        ctx->chain = sk;
+        ctx->setTrustedSk = sk;
     }
 }
 
@@ -193,24 +276,31 @@ void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STAC
 int GetX509Error(int e)
 {
     switch (e) {
-        case ASN_BEFORE_DATE_E:
+        case WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E):
             return WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID;
-        case ASN_AFTER_DATE_E:
+        case WC_NO_ERR_TRACE(ASN_AFTER_DATE_E):
             return WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED;
-        case ASN_NO_SIGNER_E: /* get issuer error if no CA found locally */
+        case WC_NO_ERR_TRACE(ASN_NO_SIGNER_E):
+            /* get issuer error if no CA found locally */
             return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-        case ASN_SELF_SIGNED_E:
+        case WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E):
             return WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-        case ASN_PATHLEN_INV_E:
-        case ASN_PATHLEN_SIZE_E:
+        case WC_NO_ERR_TRACE(ASN_PATHLEN_INV_E):
+        case WC_NO_ERR_TRACE(ASN_PATHLEN_SIZE_E):
             return WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED;
-        case ASN_SIG_OID_E:
-        case ASN_SIG_CONFIRM_E:
-        case ASN_SIG_HASH_E:
-        case ASN_SIG_KEY_E:
+        case WC_NO_ERR_TRACE(ASN_SIG_OID_E):
+        case WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E):
+        case WC_NO_ERR_TRACE(ASN_SIG_HASH_E):
+        case WC_NO_ERR_TRACE(ASN_SIG_KEY_E):
             return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE;
-        case CRL_CERT_REVOKED:
+        /* We can't disambiguate if its the before or after date that caused
+         * the error. Assume expired. */
+        case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR):
+            return WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED;
+        case WC_NO_ERR_TRACE(CRL_CERT_REVOKED):
             return WOLFSSL_X509_V_ERR_CERT_REVOKED;
+        case WC_NO_ERR_TRACE(CRL_MISSING):
+            return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL;
         case 0:
         case 1:
             return 0;
@@ -224,17 +314,98 @@ int GetX509Error(int e)
     }
 }
 
+static void SetupStoreCtxError_ex(WOLFSSL_X509_STORE_CTX* ctx, int ret,
+                                                                    int depth)
+{
+    int error = GetX509Error(ret);
+
+    wolfSSL_X509_STORE_CTX_set_error(ctx, error);
+    wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
+}
+
 static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret)
 {
     int depth = 0;
-    int error = GetX509Error(ret);
 
     /* Set error depth */
     if (ctx->chain)
         depth = (int)ctx->chain->num;
 
-    wolfSSL_X509_STORE_CTX_set_error(ctx, error);
-    wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
+    SetupStoreCtxError_ex(ctx, ret, depth);
+}
+
+static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("X509StoreVerifyCert");
+
+    if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
+        ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
+                    ctx->current_cert->derCert->buffer,
+                    ctx->current_cert->derCert->length,
+                    WOLFSSL_FILETYPE_ASN1);
+        SetupStoreCtxError(ctx, ret);
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+        if (ctx->store->verify_cb)
+            ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ?
+                                                        WOLFSSL_SUCCESS : ret;
+    #endif
+
+    #ifndef NO_ASN_TIME
+        if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
+            ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
+            /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
+             * ASN_BEFORE_DATE_E if there are no additional errors found in the
+             * cert. Therefore, check if the cert is expired or not yet valid
+             * in order to return the correct expected error. */
+            byte *afterDate = ctx->current_cert->notAfter.data;
+            byte *beforeDate = ctx->current_cert->notBefore.data;
+
+            if (XVALIDATE_DATE(afterDate,
+                    (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) {
+                ret = ASN_AFTER_DATE_E;
+            }
+            else if (XVALIDATE_DATE(beforeDate,
+                    (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) {
+                ret = ASN_BEFORE_DATE_E;
+            }
+            SetupStoreCtxError(ctx, ret);
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            if (ctx->store->verify_cb)
+                ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
+                                            ctx) == 1 ? WOLFSSL_SUCCESS : -1;
+        #endif
+        }
+    #endif
+    }
+
+    return ret;
+}
+
+static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to,
+                               WOLF_STACK_OF(WOLFSSL_X509)*from, int *numAdded)
+{
+    int ret = WOLFSSL_SUCCESS;
+    int i = 0;
+    int cnt = 0;
+    WOLFSSL_X509 *x = NULL;
+
+    for (i = 0; i < wolfSSL_sk_X509_num(from); i++) {
+        x = wolfSSL_sk_X509_value(from, i);
+        if (wolfSSL_X509_NAME_cmp(&x->issuer, &x->subject) != 0) {
+            if (wolfSSL_sk_X509_push(to, x) <= 0) {
+                ret = WOLFSSL_FAILURE;
+                goto exit;
+            }
+            cnt++;
+        }
+    }
+
+exit:
+    if (numAdded != NULL) {
+        *numAdded = cnt;
+    }
+    return ret;
 }
 
 /* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
@@ -242,52 +413,177 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret)
  */
 int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
 {
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    int done = 0;
+    int added = 0;
+    int i = 0;
+    int numInterAdd = 0;
+    int depth = 0;
+    WOLFSSL_X509 *issuer = NULL;
+    WOLFSSL_X509 *orig = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL;
     WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
 
-    if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
-         && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
-        int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
-                ctx->current_cert->derCert->buffer,
-                ctx->current_cert->derCert->length,
-                WOLFSSL_FILETYPE_ASN1);
-        SetupStoreCtxError(ctx, ret);
-
-    #ifndef NO_ASN_TIME
-        if (ret != ASN_BEFORE_DATE_E && ret != ASN_AFTER_DATE_E) {
-            /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
-             ASN_BEFORE_DATE_E if there are no additional errors found in the
-             cert. Therefore, check if the cert is expired or not yet valid
-             in order to return the correct expected error. */
-            byte *afterDate = ctx->current_cert->notAfter.data;
-            byte *beforeDate = ctx->current_cert->notBefore.data;
-
-            if (XVALIDATE_DATE(afterDate,
-                        (byte)ctx->current_cert->notAfter.type, AFTER) < 1) {
-                ret = ASN_AFTER_DATE_E;
-            }
-            else if (XVALIDATE_DATE(beforeDate,
-                        (byte)ctx->current_cert->notBefore.type, BEFORE) < 1) {
-                ret = ASN_BEFORE_DATE_E;
-            }
-            SetupStoreCtxError(ctx, ret);
-        }
-    #endif
-
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-        if (ctx->store && ctx->store->verify_cb)
-            ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1;
-    #endif
-
-        return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+    if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL
+         || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) {
+        return WOLFSSL_FATAL_ERROR;
     }
-    return WOLFSSL_FATAL_ERROR;
+
+    certs = ctx->store->certs;
+    if (ctx->setTrustedSk != NULL) {
+        certs = ctx->setTrustedSk;
+    }
+
+    if (certs == NULL &&
+        wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) {
+        certsToUse = wolfSSL_sk_X509_new_null();
+        ret = addAllButSelfSigned(certsToUse, ctx->ctxIntermediates, NULL);
+    }
+    else {
+        /* Add the intermediates provided on init to the list of untrusted
+         * intermediates to be used */
+        ret = addAllButSelfSigned(certs, ctx->ctxIntermediates, &numInterAdd);
+    }
+    if (ret != WOLFSSL_SUCCESS) {
+        goto exit;
+    }
+
+    if (ctx->chain != NULL) {
+        wolfSSL_sk_X509_free(ctx->chain);
+    }
+    ctx->chain = wolfSSL_sk_X509_new_null();
+
+    if (ctx->depth > 0) {
+        depth = ctx->depth + 1;
+    }
+    else {
+        depth = WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH + 1;
+    }
+
+    orig = ctx->current_cert;
+    while(done == 0 && depth > 0) {
+        issuer = NULL;
+
+        /* Try to find an untrusted issuer first */
+        ret = X509StoreGetIssuerEx(&issuer, certs,
+                                               ctx->current_cert);
+        if (ret == WOLFSSL_SUCCESS) {
+            if (ctx->current_cert == issuer) {
+                wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                break;
+            }
+
+            /* We found our issuer in the non-trusted cert list, add it
+             * to the CM and verify the current cert against it */
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            /* OpenSSL doesn't allow the cert as CA if it is not CA:TRUE for
+             * intermediate certs.
+             */
+            if (!issuer->isCa) {
+                /* error depth is current depth + 1 */
+                SetupStoreCtxError_ex(ctx, X509_V_ERR_INVALID_CA,
+                                (ctx->chain) ? (int)(ctx->chain->num + 1) : 1);
+                if (ctx->store->verify_cb) {
+                    ret = ctx->store->verify_cb(0, ctx);
+                    if (ret != WOLFSSL_SUCCESS) {
+                        goto exit;
+                    }
+                }
+            } else {
+        #endif
+            ret = X509StoreAddCa(ctx->store, issuer,
+                                            WOLFSSL_TEMP_CA);
+            if (ret != WOLFSSL_SUCCESS) {
+                goto exit;
+            }
+            added = 1;
+            ret = X509StoreVerifyCert(ctx);
+            if (ret != WOLFSSL_SUCCESS) {
+                goto exit;
+            }
+            /* Add it to the current chain and look at the issuer cert next */
+            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            }
+        #endif
+            ctx->current_cert = issuer;
+        }
+        else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            /* Could not find in untrusted list, only place left is
+             * a trusted CA in the CM */
+            ret = X509StoreVerifyCert(ctx);
+            if (ret != WOLFSSL_SUCCESS) {
+                if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) ||
+                     (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) &&
+                    (added == 1)) {
+                    wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                    ret = WOLFSSL_SUCCESS;
+                }
+                goto exit;
+            }
+
+            /* Cert verified, finish building the chain */
+            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+            issuer = NULL;
+    #ifdef WOLFSSL_SIGNER_DER_CERT
+            x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert);
+            if (issuer != NULL && ctx->owned != NULL) {
+                wolfSSL_sk_X509_push(ctx->owned, issuer);
+            }
+    #else
+            if (ctx->setTrustedSk == NULL) {
+                X509StoreGetIssuerEx(&issuer,
+                    ctx->store->trusted, ctx->current_cert);
+            }
+            else {
+                X509StoreGetIssuerEx(&issuer,
+                    ctx->setTrustedSk, ctx->current_cert);
+            }
+    #endif
+            if (issuer != NULL) {
+                wolfSSL_sk_X509_push(ctx->chain, issuer);
+            }
+
+            done = 1;
+        }
+        else {
+            goto exit;
+        }
+
+        depth--;
+    }
+
+exit:
+    /* Remove additional intermediates from init from the store */
+    if (ctx != NULL && numInterAdd > 0) {
+        for (i = 0; i < numInterAdd; i++) {
+            wolfSSL_sk_X509_pop(ctx->store->certs);
+        }
+    }
+    /* Remove intermediates that were added to CM */
+    if (ctx != NULL) {
+        if (ctx->store != NULL) {
+            if (added == 1) {
+                wolfSSL_CertManagerUnloadTempIntermediateCerts(ctx->store->cm);
+            }
+        }
+        if (orig != NULL) {
+            ctx->current_cert = orig;
+        }
+    }
+    if (certsToUse != NULL) {
+        wolfSSL_sk_X509_free(certsToUse);
+    }
+
+    return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
 }
 
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
     WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
-                                                    WOLFSSL_X509_STORE_CTX* ctx)
+                                                WOLFSSL_X509_STORE_CTX* ctx)
     {
         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
         if (ctx)
@@ -385,14 +681,6 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx,
     WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)");
     return 0;
 }
-
-void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
-        unsigned long flags)
-{
-    (void)ctx;
-    (void)flags;
-    WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)");
-}
 #endif /* !NO_WOLFSSL_STUB */
 
 #endif /* WOLFSSL_QT || OPENSSL_ALL */
@@ -400,6 +688,14 @@ void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
 
 #ifdef OPENSSL_EXTRA
 
+void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
+        unsigned long flags)
+{
+    if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){
+        ctx->flags |= WOLFSSL_PARTIAL_CHAIN;
+    }
+}
+
 /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
  * on success, WOLFSSL_FAILURE on error. */
 int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
@@ -431,8 +727,8 @@ int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup");
     if (ctx != NULL)
     {
-        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
-                                                       cleanup_routine);
+        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx,
+                                                        data, cleanup_routine);
     }
     return WOLFSSL_FAILURE;
 }
@@ -447,22 +743,24 @@ void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
 }
 #endif
 
-
 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
         WOLFSSL_X509_STORE_CTX* ctx)
 {
-    int ret;
-    WOLFSSL_X509* issuer;
-
+    WOLFSSL_STACK* node;
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer");
 
-    if (ctx == NULL) {
+    if (ctx == NULL)
         return NULL;
-    }
 
-    ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert);
-    if (ret == WOLFSSL_SUCCESS) {
-        return issuer;
+    /* get0 only checks currently built chain */
+    if (ctx->chain != NULL) {
+        for (node = ctx->chain; node != NULL; node = node->next) {
+            if (wolfSSL_X509_check_issued(node->data.x509,
+                                          ctx->current_cert) ==
+                                                WOLFSSL_X509_V_OK) {
+                return node->data.x509;
+            }
+        }
     }
 
     return NULL;
@@ -482,7 +780,7 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er)
 
 /* Set the error depth in the X509 STORE CTX */
 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
-                                                                      int depth)
+                                                                    int depth)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth");
 
@@ -503,64 +801,69 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
     /* if chain is null but sesChain is available then populate stack */
     if (ctx->chain == NULL && ctx->sesChain != NULL) {
         int i;
+        int error = 0;
         WOLFSSL_X509_CHAIN* c = ctx->sesChain;
-        WOLFSSL_STACK*     sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK),
-                                    NULL, DYNAMIC_TYPE_X509);
+        WOLFSSL_STACK*     sk = wolfSSL_sk_new_node(ctx->heap);
 
-        if (sk == NULL) {
+        if (sk == NULL)
             return NULL;
-        }
 
-        XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
-
-        for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) {
-            WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
-
-            if (x509 == NULL) {
-                WOLFSSL_MSG("Unable to get x509 from chain");
-                wolfSSL_sk_X509_pop_free(sk, NULL);
-                return NULL;
-            }
-
-            if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Unable to load x509 into stack");
-                wolfSSL_sk_X509_pop_free(sk, NULL);
-                wolfSSL_X509_free(x509);
-                return NULL;
-            }
-        }
-
-#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+    defined(OPENSSL_EXTRA)
         /* add CA used to verify top of chain to the list */
         if (c->count > 0) {
             WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1);
+            WOLFSSL_X509* issuer = NULL;
             if (x509 != NULL) {
-                WOLFSSL_X509* issuer = NULL;
                 if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509)
                         == WOLFSSL_SUCCESS) {
                     /* check that the certificate being looked up is not self
                      * signed and that a issuer was found */
                     if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
                                 &x509->subject) != 0) {
-                        if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) {
+                        if (wolfSSL_sk_X509_push(sk, issuer) <= 0) {
                             WOLFSSL_MSG("Unable to load CA x509 into stack");
-                            wolfSSL_sk_X509_pop_free(sk, NULL);
-                            wolfSSL_X509_free(issuer);
-                            return NULL;
+                            error = 1;
                         }
                     }
                     else {
                         WOLFSSL_MSG("Certificate is self signed");
-                        if (issuer != NULL)
-                            wolfSSL_X509_free(issuer);
+                        wolfSSL_X509_free(issuer);
                     }
                 }
                 else {
                     WOLFSSL_MSG("Could not find CA for certificate");
                 }
             }
+            wolfSSL_X509_free(x509);
+            if (error) {
+                wolfSSL_sk_X509_pop_free(sk, NULL);
+                wolfSSL_X509_free(issuer);
+                return NULL;
+            }
         }
 #endif
+
+        for (i = c->count - 1; i >= 0; i--) {
+            WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
+
+            if (x509 == NULL) {
+                WOLFSSL_MSG("Unable to get x509 from chain");
+                error = 1;
+                break;
+            }
+
+            if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
+                WOLFSSL_MSG("Unable to load x509 into stack");
+                wolfSSL_X509_free(x509);
+                error = 1;
+                break;
+            }
+        }
+        if (error) {
+            wolfSSL_sk_X509_pop_free(sk, NULL);
+            return NULL;
+        }
         ctx->chain = sk;
     }
 #endif /* SESSION_CERTS */
@@ -609,6 +912,14 @@ int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
 }
 #endif
 
+WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param(
+        WOLFSSL_X509_STORE_CTX *ctx)
+{
+    if (ctx == NULL)
+        return NULL;
+
+    return ctx->param;
+}
 
 #endif /* OPENSSL_EXTRA */
 
@@ -661,13 +972,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
             if (certToFilterName != NULL) {
                 if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) {
                     filteredCert = wolfSSL_X509_dup(certToFilter->data.x509);
-                    if (filteredCert == NULL) {
+                    if (filteredCert == NULL ||
+                            wolfSSL_sk_X509_push(filteredCerts, filteredCert)
+                                <= 0) {
                         err = 1;
+                        wolfSSL_X509_free(filteredCert);
                         break;
                     }
-                    else {
-                        wolfSSL_sk_X509_push(filteredCerts, filteredCert);
-                    }
                 }
             }
             certToFilter = certToFilter->next;
@@ -699,34 +1010,63 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
 int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
     WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
 {
-    WOLFSSL_STACK* node;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer");
 
     if (issuer == NULL || ctx == NULL || x == NULL)
         return WOLFSSL_FATAL_ERROR;
 
-    if (ctx->chain != NULL) {
-        for (node = ctx->chain; node != NULL; node = node->next) {
-            if (wolfSSL_X509_check_issued(node->data.x509, x) ==
-                                                            WOLFSSL_X509_V_OK) {
-                *issuer = x;
+    ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x);
+    if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
+        return wolfSSL_X509_up_ref(*issuer);
+    }
+
+#ifdef WOLFSSL_SIGNER_DER_CERT
+    ret = x509GetIssuerFromCM(issuer, ctx->store->cm, x);
+#else
+    ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x);
+    if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
+        return wolfSSL_X509_up_ref(*issuer);
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
+
+#ifdef OPENSSL_EXTRA
+
+static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
+                            WOLFSSL_STACK * certs, WOLFSSL_X509 *x)
+{
+    int i;
+
+    if (issuer == NULL || x == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (certs != NULL) {
+        for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) {
+            if (wolfSSL_X509_check_issued(
+                    wolfSSL_sk_X509_value(certs, i), x) ==
+                    WOLFSSL_X509_V_OK) {
+                *issuer = wolfSSL_sk_X509_value(certs, i);
                 return WOLFSSL_SUCCESS;
             }
         }
     }
 
-    /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
-
-    return x509GetIssuerFromCM(issuer, ctx->store->cm, x);
+    return WOLFSSL_FAILURE;
 }
-#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
 
-/*******************************************************************************
+#endif
+
+/******************************************************************************
  * END OF X509_STORE_CTX APIs
- ******************************************************************************/
+ *****************************************************************************/
 
-/*******************************************************************************
+/******************************************************************************
  * START OF X509_STORE APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
     defined(WOLFSSL_WPAS_SMALL)
@@ -754,10 +1094,23 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
     if ((store->cm = wolfSSL_CertManagerNew()) == NULL)
         goto err_exit;
 
+#ifdef OPENSSL_EXTRA
+    if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+
+    if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+
+    if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+#endif
+
 #ifdef HAVE_CRL
     store->crl = store->cm->crl;
 #endif
 
+    store->numAdded = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
     /* Link store's new Certificate Manager to self by default */
@@ -792,6 +1145,33 @@ err_exit:
     return NULL;
 }
 
+#ifdef OPENSSL_ALL
+static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store,
+                  WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs)
+{
+    int i;
+    WOLFSSL_X509_OBJECT *obj = NULL;
+    int cnt = store->numAdded;
+
+    /* -1 here because it is later used as an index value into the object stack.
+     * With there being the chance that the only object in the stack is one from
+     * the numAdded to the store >= is used when comparing to 0. */
+    i = wolfSSL_sk_X509_OBJECT_num(objs) - 1;
+    while (cnt > 0 && i >= 0) {
+        /* The inner X509 is owned by somebody else, NULL out the reference */
+        obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i);
+        if (obj != NULL) {
+            obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0;
+            obj->data.ptr = NULL;
+        }
+        cnt--;
+        i--;
+    }
+
+    wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL);
+}
+#endif
+
 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
 {
     int doFree = 0;
@@ -814,21 +1194,34 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
                 wolfSSL_CertManagerFree(store->cm);
                 store->cm = NULL;
             }
+#if defined(OPENSSL_EXTRA)
+            if (store->certs != NULL) {
+                wolfSSL_sk_X509_pop_free(store->certs, NULL);
+                store->certs = NULL;
+            }
+            if (store->owned != NULL) {
+                wolfSSL_sk_X509_pop_free(store->owned, NULL);
+                store->owned = NULL;
+            }
+            if (store->trusted != NULL) {
+                wolfSSL_sk_X509_pop_free(store->trusted, NULL);
+                store->trusted = NULL;
+            }
+#endif
 #ifdef OPENSSL_ALL
             if (store->objs != NULL) {
-                wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
+                X509StoreFreeObjList(store, store->objs);
             }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
-            if (store->param != NULL) {
-                XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
-                store->param = NULL;
-            }
+            XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
+            store->param = NULL;
 
             if (store->lookup.dirs != NULL) {
 #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
                 if (store->lookup.dirs->dir_entry) {
-                    wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry);
+                    wolfSSL_sk_BY_DIR_entry_free(
+                        store->lookup.dirs->dir_entry);
                 }
 #endif
                 wc_FreeMutex(&store->lookup.dirs->lock);
@@ -836,6 +1229,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
                 store->lookup.dirs = NULL;
             }
 #endif
+            wolfSSL_RefFree(&store->ref);
             XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
         }
     }
@@ -889,7 +1283,7 @@ int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store)
  * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
  */
 int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
-                                                                     void *data)
+                                                                void *data)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data");
 #ifdef HAVE_EX_DATA
@@ -933,14 +1327,33 @@ int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
 #ifdef OPENSSL_EXTRA
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
-    void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
-                                 WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_STORE_set_verify_cb");
-        if (st != NULL) {
-            st->verify_cb = verify_cb;
-        }
+void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
+        WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_set_verify_cb");
+    if (st != NULL) {
+        st->verify_cb = verify_cb;
     }
+}
+
+void wolfSSL_X509_STORE_set_get_crl(WOLFSSL_X509_STORE *st,
+        WOLFSSL_X509_STORE_CTX_get_crl_cb get_cb)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_set_get_crl");
+    if (st != NULL) {
+        st->get_crl_cb = get_cb;
+    }
+}
+
+#ifndef NO_WOLFSSL_STUB
+void wolfSSL_X509_STORE_set_check_crl(WOLFSSL_X509_STORE *st,
+        WOLFSSL_X509_STORE_CTX_check_crl_cb check_crl)
+{
+    (void)st;
+    (void)check_crl;
+    WOLFSSL_STUB("wolfSSL_X509_STORE_set_check_crl (not implemented)");
+}
+#endif
 #endif /* WOLFSSL_QT || OPENSSL_ALL */
 
 WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
@@ -957,22 +1370,74 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
     return &store->lookup;
 }
 
-int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
+static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                          WOLFSSL_X509* x509, int type)
 {
-    int result = WOLFSSL_FATAL_ERROR;
-
-    WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
-    if (store != NULL && store->cm != NULL && x509 != NULL
-                                                && x509->derCert != NULL) {
-        DerBuffer* derCert = NULL;
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+    DerBuffer* derCert = NULL;
 
+    WOLFSSL_ENTER("X509StoreAddCa");
+    if (store != NULL && x509 != NULL && x509->derCert != NULL) {
         result = AllocDer(&derCert, x509->derCert->length,
             x509->derCert->type, NULL);
         if (result == 0) {
             /* AddCA() frees the buffer. */
             XMEMCPY(derCert->buffer,
                             x509->derCert->buffer, x509->derCert->length);
-            result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY);
+            result = AddCA(store->cm, &derCert, type, VERIFY);
+        }
+    }
+
+    return result;
+}
+
+
+int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
+{
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
+    if (store != NULL && store->cm != NULL && x509 != NULL
+                                                && x509->derCert != NULL) {
+        /* Mimic the openssl behavior, must be self signed to be considered
+         * trusted, addCA() internals will do additional checks for
+         * CA=TRUE */
+        if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) {
+            result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA);
+            if (result == WOLFSSL_SUCCESS && store->trusted != NULL) {
+                result = wolfSSL_X509_up_ref(x509);
+                if (result == WOLFSSL_SUCCESS) {
+                    result = wolfSSL_sk_X509_push(store->trusted, x509);
+                    if (result > 0) {
+                        result = WOLFSSL_SUCCESS;
+                    }
+                    else {
+                        result = WOLFSSL_FATAL_ERROR;
+                        wolfSSL_X509_free(x509);
+                    }
+                }
+            }
+        }
+        else {
+            if (store->certs != NULL) {
+                result = wolfSSL_X509_up_ref(x509);
+                if (result == WOLFSSL_SUCCESS) {
+                    result = wolfSSL_sk_X509_push(store->certs, x509);
+                    if (result > 0) {
+                        result = WOLFSSL_SUCCESS;
+                    }
+                    else {
+                        result = WOLFSSL_FATAL_ERROR;
+                        wolfSSL_X509_free(x509);
+                    }
+                }
+            }
+            else {
+                /* If store->certs is NULL, this is an X509_STORE managed by an
+                 * SSL_CTX, preserve behavior and always add as USER_CA */
+                result = X509StoreAddCa(
+                            store, x509, WOLFSSL_USER_CA);
+            }
         }
     }
 
@@ -1002,23 +1467,124 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
         ret = wolfSSL_CertManagerDisableCRL(store->cm);
     }
 #endif
+    if (flag & WOLFSSL_PARTIAL_CHAIN) {
+        store->param->flags |= WOLFSSL_PARTIAL_CHAIN;
+    }
     return ret;
 }
 
-
-int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
+int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
+                                        byte *buf, word32 bufLen, int type)
 {
-    (void)store;
-    return WOLFSSL_SUCCESS;
+    int ret = WOLFSSL_SUCCESS;
+    WOLFSSL_X509 *x509 = NULL;
+
+    if (str == NULL || buf == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */
+    x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type);
+    if (x509 != NULL) {
+        ret = wolfSSL_X509_STORE_add_cert(str, x509);
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Failed to load file");
+            ret = WOLFSSL_FAILURE;
+        }
+        if (ret == WOLFSSL_SUCCESS && str->owned != NULL) {
+            if (wolfSSL_sk_X509_push(str->owned, x509) <= 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                x509 = NULL;
+            }
+        }
+        wolfSSL_X509_free(x509);
+
+    }
+    else {
+        ret = WOLFSSL_FAILURE;
+    }
+
+    return ret;
 }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+
+static int X509StoreReadFile(const char *fname,
+                StaticBuffer *content, word32 *bytesRead, int *type)
+{
+    int ret = -1;
+    long sz = 0;
+#ifdef HAVE_CRL
+    const char* header = NULL;
+    const char* footer = NULL;
+#endif
+
+    ret = wolfssl_read_file_static(fname, content, NULL, DYNAMIC_TYPE_FILE,
+        &sz);
+    if (ret == 0) {
+        *type = CERT_TYPE;
+        *bytesRead = (word32)sz;
+#ifdef HAVE_CRL
+        /* Look for CRL header and footer. */
+        if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
+                (XSTRNSTR((char*)content->buffer, header, (word32)sz) !=
+                    NULL)) {
+            *type = CRL_TYPE;
+        }
+#endif
+    }
+
+    return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);
+}
+
+static int X509StoreLoadFile(WOLFSSL_X509_STORE *str,
+                                        const char *fname)
+{
+    int ret = WOLFSSL_SUCCESS;
+    int type = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    byte   stackBuffer[FILE_BUFFER_SIZE];
+#endif
+    StaticBuffer content;
+    word32 contentLen = 0;
+
+#ifdef WOLFSSL_SMALL_STACK
+    static_buffer_init(&content);
+#else
+    static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE);
+#endif
+
+    WOLFSSL_MSG_EX("X509StoreLoadFile: Loading file: %s", fname);
+
+    ret = X509StoreReadFile(fname, &content, &contentLen, &type);
+    if (ret != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Failed to load file");
+        ret = WOLFSSL_FAILURE;
+    }
+
+    if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) {
+        ret = X509StoreLoadCertBuffer(str, content.buffer,
+                                        contentLen, WOLFSSL_FILETYPE_PEM);
+    }
+#ifdef HAVE_CRL
+    else if ((ret == WOLFSSL_SUCCESS) && (type == CRL_TYPE)) {
+        ret = BufferLoadCRL(str->cm->crl, content.buffer, contentLen,
+                                        WOLFSSL_FILETYPE_PEM, 0);
+    }
+#endif
+
+    static_buffer_free(&content, NULL, DYNAMIC_TYPE_FILE);
+    return ret;
+}
+
 /* Loads certificate(s) files in pem format into X509_STORE struct from either
  * a file or directory.
  * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs.
  */
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
-                                              const char *file, const char *dir)
+                                            const char *file, const char *dir)
 {
     WOLFSSL_CTX* ctx;
     char *name = NULL;
@@ -1035,7 +1601,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
         return WOLFSSL_FAILURE;
 
     /* tmp ctx for setting our cert manager */
-    ctx = wolfSSL_CTX_new(cm_pick_method());
+    ctx = wolfSSL_CTX_new_ex(cm_pick_method(str->cm->heap), str->cm->heap);
     if (ctx == NULL)
         return WOLFSSL_FAILURE;
 
@@ -1058,10 +1624,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
     /* Load individual file */
     if (file) {
-        /* Try to process file with type DETECT_CERT_TYPE to parse the
-           correct certificate header and footer type */
-        ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
-                                                      NULL, 0, str->cm->crl, 0);
+        ret = X509StoreLoadFile(str, file);
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to load file");
             ret = WOLFSSL_FAILURE;
@@ -1074,7 +1637,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
         #ifdef WOLFSSL_SMALL_STACK
             readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                                    DYNAMIC_TYPE_TMP_BUFFER);
             if (readCtx == NULL) {
                 WOLFSSL_MSG("Memory error");
                 wolfSSL_CTX_free(ctx);
@@ -1086,10 +1649,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
         ret = wc_ReadDirFirst(readCtx, dir, &name);
         while (ret == 0 && name) {
             WOLFSSL_MSG(name);
-            /* Try to process file with type DETECT_CERT_TYPE to parse the
-               correct certificate header and footer type */
-            ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
-                                                      NULL, 0, str->cm->crl, 0);
+
+            ret = X509StoreLoadFile(str, name);
             /* Not failing on load errors */
             if (ret != WOLFSSL_SUCCESS)
                 WOLFSSL_MSG("Failed to load file in path, continuing");
@@ -1118,6 +1679,27 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
     return ret;
 }
+
+#if defined(XGETENV) && !defined(NO_GETENV)
+int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE *str)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    char* certDir = NULL;
+    char* certFile = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_set_default_paths");
+
+    certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
+    certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
+
+    ret = wolfSSL_X509_STORE_load_locations(str, certFile, certDir);
+
+    XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+#endif /* XGETENV && !NO_GETENV */
+
 #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
 
 int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
@@ -1132,17 +1714,23 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
     }
 
     table = store->cm->caTable;
-    if (table){
+    if (table || (store->certs != NULL)){
         if (wc_LockMutex(&store->cm->caLock) == 0){
-            int i = 0;
-            for (i = 0; i < CA_TABLE_SIZE; i++) {
-                Signer* signer = table[i];
-                while (signer) {
-                    Signer* next = signer->next;
-                    cnt_ret++;
-                    signer = next;
+            if (table) {
+                int i = 0;
+                for (i = 0; i < CA_TABLE_SIZE; i++) {
+                    Signer* signer = table[i];
+                    while (signer) {
+                        Signer* next = signer->next;
+                        cnt_ret++;
+                        signer = next;
+                    }
                 }
             }
+
+            if (store->certs != NULL) {
+                cnt_ret += wolfSSL_sk_X509_num(store->certs);
+            }
             wc_UnLockMutex(&store->cm->caLock);
         }
     }
@@ -1151,7 +1739,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
 }
 
 /******************************************************************************
-* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
+* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate
+*                               store ctx
 *
 * This API can be used in SSL verify callback function to view cert chain
 * See examples/client/client.c and myVerify() function in test.h
@@ -1182,7 +1771,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
         /* get certificate buffer */
         cert = &s->certs[certIdx];
 
-        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
+                                                DYNAMIC_TYPE_DCERT);
 
         if (dCert == NULL) {
             goto error;
@@ -1204,7 +1794,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
 
         if (CopyDecodedToX509(x509, dCert) == 0) {
 
-            if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
                 WOLFSSL_MSG("Unable to load x509 into stack");
                 wolfSSL_X509_free(x509);
                 goto error;
@@ -1245,7 +1835,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
 {
     WOLFSSL_STACK* ret = NULL;
     WOLFSSL_STACK* cert_stack = NULL;
+#if ((defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)) || \
+     (defined(HAVE_CRL)))
+    WOLFSSL_X509_OBJECT* obj = NULL;
+#endif
+#if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
     WOLFSSL_X509* x509 = NULL;
+    int i = 0;
+#endif
     WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects");
 
     if (store == NULL || store->cm == NULL) {
@@ -1256,7 +1853,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
     if (store->objs != NULL) {
 #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
         /* want to update objs stack by cm stack again before returning it*/
-        wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
+        X509StoreFreeObjList(store, store->objs);
         store->objs = NULL;
 #else
         if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) {
@@ -1276,37 +1873,62 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
 
 #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
     cert_stack = wolfSSL_CertManagerGetCerts(store->cm);
-    /* wolfSSL_sk_X509_pop checks for NULL */
-    while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) {
-        WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
+    store->numAdded = 0;
+    if (cert_stack == NULL && wolfSSL_sk_X509_num(store->certs) > 0) {
+        cert_stack = wolfSSL_sk_X509_new_null();
+        if (cert_stack == NULL) {
+            WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_new error");
+            goto err_cleanup;
+        }
+    }
+    for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) {
+        if (wolfSSL_sk_X509_push(cert_stack,
+                             wolfSSL_sk_X509_value(store->certs, i)) > 0) {
+            store->numAdded++;
+        }
+    }
+    /* Do not modify stack until after we guarantee success to
+     * simplify cleanup logic handling cert merging above */
+    for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) {
+        x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i);
+        obj  = wolfSSL_X509_OBJECT_new();
         if (obj == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
         }
-        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
             wolfSSL_X509_OBJECT_free(obj);
             goto err_cleanup;
         }
         obj->type = WOLFSSL_X509_LU_X509;
         obj->data.x509 = x509;
-        x509 = NULL;
+    }
+
+    while (wolfSSL_sk_X509_num(cert_stack) > 0) {
+        wolfSSL_sk_X509_pop(cert_stack);
     }
 #endif
 
 #ifdef HAVE_CRL
     if (store->cm->crl != NULL) {
-        WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
+        int res;
+        obj = wolfSSL_X509_OBJECT_new();
         if (obj == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
         }
-        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
             wolfSSL_X509_OBJECT_free(obj);
             goto err_cleanup;
         }
         obj->type = WOLFSSL_X509_LU_CRL;
+        wolfSSL_RefInc(&store->cm->crl->ref, &res);
+        if (res != 0) {
+            WOLFSSL_MSG("Failed to lock crl mutex");
+            goto err_cleanup;
+        }
         obj->data.crl = store->cm->crl;
     }
 #endif
@@ -1317,18 +1939,42 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
     return ret;
 err_cleanup:
     if (ret != NULL)
-        wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL);
-    if (cert_stack != NULL)
+        X509StoreFreeObjList(store, ret);
+    if (cert_stack != NULL) {
+        while (store->numAdded > 0) {
+            wolfSSL_sk_X509_pop(cert_stack);
+            store->numAdded--;
+        }
         wolfSSL_sk_X509_pop_free(cert_stack, NULL);
-    if (x509 != NULL)
-        wolfSSL_X509_free(x509);
+    }
     return NULL;
 }
 #endif /* OPENSSL_ALL */
 
-/*******************************************************************************
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
+    defined(WOLFSSL_WPAS_SMALL)
+WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
+        const WOLFSSL_X509_STORE *ctx)
+{
+    if (ctx == NULL)
+        return NULL;
+    return ctx->param;
+}
+
+#ifdef OPENSSL_EXTRA
+int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
+        WOLFSSL_X509_VERIFY_PARAM *param)
+{
+    if (ctx == NULL)
+        return WOLFSSL_FAILURE;
+    return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+#endif
+#endif
+
+/******************************************************************************
  * END OF X509_STORE APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 #endif /* NO_CERTS */
 
diff --git a/sslSniffer/README.md b/sslSniffer/README.md
index 27a6f5278..dbf68955e 100644
--- a/sslSniffer/README.md
+++ b/sslSniffer/README.md
@@ -197,7 +197,7 @@ Frees all resources consumed by the wolfSSL sniffer and should be called when us
 int ssl_Trace(const char* traceFile, char* error);
 ```
 
-Enables Tracing when a file is passed in.  Disables Tracing if previously on and a NULL value is passed in for the file.
+Enables Tracing when a file is passed in. When `traceFile` is "-", then the trace will be printed to STDOUT. Disables Tracing if previously on and a NULL value is passed in for the file.
 
 Returns Values:
 
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 7395cac1f..88bbc963f 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}</ProjectGuid>
@@ -36,6 +44,12 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -46,6 +60,11 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -55,12 +74,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -75,6 +100,11 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -85,6 +115,11 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -123,6 +158,24 @@
       <SubSystem>Windows</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -166,6 +219,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\src\sniffer.c" />
   </ItemGroup>
diff --git a/sslSniffer/sslSnifferTest/README_WIN.md b/sslSniffer/sslSnifferTest/README_WIN.md
index 4215ff7e7..a58bf96e2 100644
--- a/sslSniffer/sslSnifferTest/README_WIN.md
+++ b/sslSniffer/sslSnifferTest/README_WIN.md
@@ -27,4 +27,4 @@
 
 
 
-For details on usage, see [sniffer README.md](../README.md#command-line-options) for more details. 
+For details on usage, see [sniffer README.md](../README.md#command-line-options) for more details.
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 64053ec9e..8eb25affa 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -1,6 +1,6 @@
 /* snifftest.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,9 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/logging.h>
@@ -145,7 +148,7 @@ enum {
 #endif
 
 #define DEFAULT_SERVER_IP   "127.0.0.1"
-#define DEFAULT_SERVER_PORT (443)
+#define DEFAULT_SERVER_PORT (11111)
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 static const byte rsaHash[] = {
@@ -166,6 +169,7 @@ static const byte eccHash[] = {
 static pcap_t* pcap = NULL;
 static pcap_if_t* alldevs = NULL;
 static struct bpf_program pcap_fp;
+static const char *traceFile = "./tracefile.txt";
 
 static void FreeAll(void)
 {
@@ -377,7 +381,6 @@ static int load_key(const char* name, const char* server, int port,
 
         if (loadCount == 0) {
             printf("Failed loading private key %s: ret %d\n", keyFile, ret);
-            printf("Please run directly from wolfSSL root dir\n");
             ret = -1;
         }
         else {
@@ -677,10 +680,8 @@ static void ssl_Free_SnifferWorker(SnifferWorker* worker)
 {
     wm_SemFree(&worker->sem);
 
-    if (worker->head) {
-        XFREE(worker->head, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        worker->head = NULL;
-    }
+    XFREE(worker->head, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    worker->head = NULL;
 }
 
 static int SnifferWorkerPacketAdd(SnifferWorker* worker, int lastRet,
@@ -845,7 +846,7 @@ static void* snifferWorker(void* arg)
     char err[PCAP_ERRBUF_SIZE];
 
     ssl_InitSniffer_ex2(worker->id);
-    ssl_Trace("./tracefile.txt", err);
+    ssl_Trace(traceFile, err);
     ssl_EnableRecovery(1, -1, err);
 #ifdef WOLFSSL_SNIFFER_WATCH
     ssl_SetWatchKeyCallback(myWatchCb, err);
@@ -953,39 +954,90 @@ int main(int argc, char** argv)
     int          i = 0, defDev = 0;
     int          packetNumber = 0;
     int          frame = ETHER_IF_FRAME_LEN;
+    char         cmdLineArg[128];
+    char        *pcapFile = NULL;
+    char        *deviceName = NULL;
     char         err[PCAP_ERRBUF_SIZE];
-    char         filter[32];
+    char         filter[128];
     const char  *keyFilesSrc = NULL;
 #ifdef WOLFSSL_SNIFFER_KEYLOGFILE
     const char  *sslKeyLogFile = NULL;
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
     char         keyFilesBuf[MAX_FILENAME_SZ];
     char         keyFilesUser[MAX_FILENAME_SZ];
-    const char  *server = DEFAULT_SERVER_IP;
-    int          port   = DEFAULT_SERVER_PORT;
+    const char  *server = NULL;
+    int          port   = -1;
     const char  *sniName = NULL;
     const char  *passwd = NULL;
     pcap_if_t   *d;
     pcap_addr_t *a;
 #ifdef THREADED_SNIFFTEST
     int workerThreadCount;
-#ifdef HAVE_SESSION_TICKET
-    /* Multiple threads on resume not yet supported */
-    workerThreadCount = 1;
-#else
-    workerThreadCount = 5;
 #endif
+
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
 #endif
 
     show_appinfo();
 
     signal(SIGINT, sig_handler);
 
+    for (i = 1; i < argc; i++) {
+        if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) {
+            pcapFile = argv[++i];
+        }
+        else if (strcmp(argv[i], "-deviceName") == 0 && i + 1 < argc) {
+            deviceName = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) {
+            keyFilesSrc = argv[++i];
+        }
+        else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) {
+            server = argv[++i];
+        }
+        else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) {
+            port = XATOI(argv[++i]);
+        }
+        else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) {
+            passwd = argv[++i];
+        }
+        else if (strcmp(argv[i], "-tracefile") == 0 && i + 1 < argc) {
+            traceFile = argv[++i];
+        }
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+        else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) {
+            sslKeyLogFile = argv[++i];
+        }
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+#if defined(THREADED_SNIFFTEST)
+        else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) {
+            workerThreadCount = XATOI(argv[++i]);
+        }
+#endif /* THREADED_SNIFFTEST */
+        else {
+            fprintf(stderr, "Error parsing: %s\n", argv[i]);
+            fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg"
+                    " [-deviceName deviceName_arg]"
+                    " [-password password_arg] [-server server_arg]"
+                    " [-port port_arg]"
+                    " [-tracefile tracefile_arg]"
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+                    " [-keylogfile keylogfile_arg]"
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+#if defined(THREADED_SNIFFTEST)
+                    " [-threads threads_arg]"
+#endif /* THREADED_SNIFFTEST */
+                    "\n", argv[0]);
+            exit(EXIT_FAILURE);
+        }
+    }
+
 #ifndef THREADED_SNIFFTEST
     #ifndef _WIN32
     ssl_InitSniffer();   /* dll load on Windows */
     #endif
-    ssl_Trace("./tracefile.txt", err);
+    ssl_Trace(traceFile, err);
     ssl_EnableRecovery(1, -1, err);
     #ifdef WOLFSSL_SNIFFER_WATCH
     ssl_SetWatchKeyCallback(myWatchCb, err);
@@ -993,101 +1045,175 @@ int main(int argc, char** argv)
     #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
     ssl_SetStoreDataCallback(myStoreDataCb);
     #endif
+#else
+#ifdef HAVE_SESSION_TICKET
+    /* Multiple threads on resume not yet supported */
+    workerThreadCount = 1;
+#else
+    workerThreadCount = 5;
 #endif
+#endif
+    SNPRINTF(filter, sizeof(filter), "(ip6 or ip) and tcp");
 
-    if (argc == 1) {
-        char cmdLineArg[128];
+
+    if (pcapFile == NULL) {
         /* normal case, user chooses device and port */
 
         if (pcap_findalldevs(&alldevs, err) == -1)
             err_sys("Error in pcap_findalldevs");
 
-        for (d = alldevs; d; d=d->next) {
-            printf("%d. %s", ++i, d->name);
-            if (strcmp(d->name, "lo0") == 0) {
-                defDev = i;
+        if (deviceName == NULL) {
+            for (d = alldevs, i = 0; d; d=d->next) {
+                printf("%d. %s", ++i, d->name);
+                if (strcmp(d->name, "lo0") == 0) {
+                    defDev = i;
+                }
+                if (d->description)
+                    printf(" (%s)\n", d->description);
+                else
+                    printf(" (No description available)\n");
+            }
+
+            if (i == 0)
+                err_sys("No interfaces found! Make sure pcap or WinPcap is"
+                        " installed correctly and you have sufficient permissions");
+
+            printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev);
+            XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
+            if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin))
+                inum = XATOI(cmdLineArg);
+            if (inum == 0)
+                inum = defDev;
+            else if (inum < 1 || inum > i)
+                err_sys("Interface number out of range");
+
+            /* Jump to the selected adapter */
+            for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
+        } else {
+            int deviceNameSz = (int)XSTRLEN(deviceName);
+            for (d = alldevs; d; d = d->next) {
+                if (XSTRNCMP(d->name,deviceName,deviceNameSz) == 0) {
+                    fprintf(stderr, "%s == %s\n", d->name, deviceName);
+                    break;
+                }
+            }
+            if (d == NULL) {
+                err_sys("Can't find the device you're looking for");
             }
-            if (d->description)
-                printf(" (%s)\n", d->description);
-            else
-                printf(" (No description available)\n");
         }
 
-        if (i == 0)
-            err_sys("No interfaces found! Make sure pcap or WinPcap is"
-                    " installed correctly and you have sufficient permissions");
-
-        printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev);
-        XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
-        if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin))
-            inum = XATOI(cmdLineArg);
-        if (inum == 0)
-            inum = defDev;
-        else if (inum < 1 || inum > i)
-            err_sys("Interface number out of range");
-
-        /* Jump to the selected adapter */
-        for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
-
+        printf("Selected %s\n", d->name);
         pcap = pcap_create(d->name, err);
+        if (pcap == NULL) fprintf(stderr, "pcap_create failed %s\n", err);
 
-        if (pcap == NULL) printf("pcap_create failed %s\n", err);
-
-        /* print out addresses for selected interface */
-        for (a = d->addresses; a; a = a->next) {
-            if (a->addr->sa_family == AF_INET) {
-                server =
-                    iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
-                printf("server = %s\n", server);
-            }
-            else if (a->addr->sa_family == AF_INET6) {
-                server =
-                    ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
-                printf("server = %s\n", server);
+        if (server == NULL) {
+            /* print out addresses for selected interface */
+            for (a = d->addresses; a; a = a->next) {
+                if (a->addr->sa_family == AF_INET) {
+                    server =
+                        iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
+                    printf("server = %s\n", server);
+                }
+                else if (a->addr->sa_family == AF_INET6) {
+                    server =
+                        ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
+                    printf("server = %s\n", server);
+                }
             }
         }
-        if (server == NULL)
-            err_sys("Unable to get device IPv4 or IPv6 address");
 
         ret = pcap_set_snaplen(pcap, 65536);
-        if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_timeout(pcap, 1000);
-        if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_set_timeout failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_buffer_size(pcap, 1000000);
         if (ret != 0)
-            printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
+            fprintf(stderr, "pcap_set_buffer_size failed %s\n",
+                    pcap_geterr(pcap));
 
         ret = pcap_set_promisc(pcap, 1);
-        if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr,"pcap_set_promisc failed %s\n", pcap_geterr(pcap));
 
 
         ret = pcap_activate(pcap);
-        if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_activate failed %s\n", pcap_geterr(pcap));
 
-        printf("Enter the port to scan [default: 11111]: ");
+    }
+    else {
+        saveFile = 1;
+        pcap = pcap_open_offline(pcapFile , err);
+        if (pcap == NULL) {
+            fprintf(stderr, "pcap_open_offline failed %s\n", err);
+            err_sys(err);
+        }
+    }
+
+    if (server == NULL) {
+        server = DEFAULT_SERVER_IP;
+    }
+
+    if (port < 0) {
+        printf("Enter the port to scan [default: %d, '0' for all]: ",
+                DEFAULT_SERVER_PORT);
         XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
         if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
             port = XATOI(cmdLineArg);
         }
-        if (port <= 0)
-            port = 11111;
+        if ((port < 0) || (cmdLineArg[0] == '\n'))
+            port = DEFAULT_SERVER_PORT;
 
-        SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
+    }
+    if (port > 0) {
+        SNPRINTF(cmdLineArg, sizeof(filter), " and port %d", port);
+        XSTRLCAT(filter, cmdLineArg, sizeof(filter));
+    }
 
-        ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0);
-        if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+    /* If we offer keylog support, then user must provide EITHER a pubkey
+     * OR a keylog file but NOT both */
+    if (keyFilesSrc && sslKeyLogFile) {
+        fprintf(stderr,
+                "Error: either -key OR -keylogfile option but NOT both.\n");
+        exit(EXIT_FAILURE);
+    }
 
-        ret = pcap_setfilter(pcap, &pcap_fp);
-        if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+    if (sslKeyLogFile != NULL) {
+        ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err);
+        if (ret != 0) {
+            fprintf(stderr,
+                    "ERROR=%d, unable to load secrets from keylog file\n",ret);
+            err_sys(err);
+        }
 
+        ret = ssl_CreateKeyLogSnifferServer(server, port, err);
+        if (ret != 0) {
+            fprintf(stderr,
+                    "ERROR=%d, unable to create keylog sniffer server\n",ret);
+            err_sys(err);
+        }
+    }
+    else
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+    if (keyFilesSrc) {
+        ret = load_key(NULL, server, port, keyFilesSrc, passwd, err);
+        if (ret != 0) {
+            fprintf(stderr, "Failed to load key\n");
+            err_sys(err);
+        }
+    }
+    else {
         /* optionally enter the private key to use */
-    #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY)
+#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY)
         keyFilesSrc = DEFAULT_SERVER_EPH_KEY;
-    #else
+#else
         keyFilesSrc = DEFAULT_SERVER_KEY;
-    #endif
+#endif
         printf("Enter the server key [default: %s]: ", keyFilesSrc);
         XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
         XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
@@ -1111,137 +1237,24 @@ int main(int argc, char** argv)
         }
     #endif /* !WOLFSSL_SNIFFER_WATCH && HAVE_SNI */
 
-        /* get IPv4 or IPv6 addresses for selected interface */
-        for (a = d->addresses; a; a = a->next) {
-            server = NULL;
-            if (a->addr->sa_family == AF_INET) {
-                server =
-                    iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
-            }
-            else if (a->addr->sa_family == AF_INET6) {
-                server =
-                    ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
-            }
-
-            if (server) {
-                XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));
-                ret = load_key(sniName, server, port, keyFilesBuf, NULL, err);
-                if (ret != 0) {
-                    exit(EXIT_FAILURE);
-                }
-            }
+        ret = load_key(sniName, server, port, keyFilesBuf, NULL, err);
+        if (ret != 0) {
+            exit(EXIT_FAILURE);
         }
     }
-    else {
-        char *pcapFile = NULL;
 
-        for (i = 1; i < argc; i++) {
-            if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) {
-                pcapFile = argv[++i];
-            }
-            else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) {
-                keyFilesSrc = argv[++i];
-            }
-            else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) {
-                server = argv[++i];
-            }
-            else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) {
-                port = XATOI(argv[++i]);
-            }
-            else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) {
-                passwd = argv[++i];
-            }
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-            else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) {
-                sslKeyLogFile = argv[++i];
-            }
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-#if defined(THREADED_SNIFFTEST)
-            else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) {
-                workerThreadCount = XATOI(argv[++i]);
-            }
-#endif /* THREADED_SNIFFTEST */
-            else {
-                fprintf(stderr, "Invalid option or missing argument: %s\n", argv[i]);
-                fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg"
-                        " [-password password_arg] [-server server_arg] [-port port_arg]"
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-                        " [-keylogfile keylogfile_arg]"
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-#if defined(THREADED_SNIFFTEST)
-                        " [-threads threads_arg]"
-#endif /* THREADED_SNIFFTEST */
-                        "\n", argv[0]);
-                exit(EXIT_FAILURE);
-            }
-        }
+    /* Only let through TCP/IP packets */
+    printf("Using packet filter: %s\n", filter);
+    ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0);
+    if (ret != 0) {
+        fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap));
+        exit(EXIT_FAILURE);
+    }
 
-        if (!pcapFile) {
-            fprintf(stderr, "Error: -pcap option is required.\n");
-            exit(EXIT_FAILURE);
-        }
-
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-        /* If we offer keylog support, then user must provide EITHER a pubkey
-         * OR a keylog file but NOT both */
-        if ((!keyFilesSrc && !sslKeyLogFile) || (keyFilesSrc && sslKeyLogFile)) {
-            fprintf(stderr, "Error: either -key OR -keylogfile option required but NOT both.\n");
-            exit(EXIT_FAILURE);
-        }
-#else
-        if (!keyFilesSrc) {
-            fprintf(stderr, "Error: -key option is required.\n");
-            exit(EXIT_FAILURE);
-        }
-#endif
-
-        saveFile = 1;
-        pcap = pcap_open_offline(pcapFile , err);
-        if (pcap == NULL) {
-            fprintf(stderr, "pcap_open_offline failed %s\n", err);
-            err_sys(err);
-        }
-        else {
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-            if (sslKeyLogFile != NULL) {
-                ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err);
-                if (ret != 0) {
-                    fprintf(stderr, "ERROR=%d, unable to load secrets from keylog file\n",ret);
-                    err_sys(err);
-                }
-
-                ret = ssl_CreateKeyLogSnifferServer(server, port, err);
-                if (ret != 0) {
-                    fprintf(stderr, "ERROR=%d, unable to create keylog sniffer server\n",ret);
-                    err_sys(err);
-                }
-            }
-            else
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-            {
-                ret = load_key(NULL, server, port, keyFilesSrc, passwd, err);
-                if (ret != 0) {
-                    fprintf(stderr, "Failed to load key\n");
-                    err_sys(err);
-                }
-            }
-
-
-            /* Only let through TCP/IP packets */
-            ret = pcap_compile(pcap, &pcap_fp, "(ip6 or ip) and tcp", 0, 0);
-            if (ret != 0) {
-                fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap));
-                exit(EXIT_FAILURE);
-            }
-
-            ret = pcap_setfilter(pcap, &pcap_fp);
-            if (ret != 0) {
-                fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap));
-                exit(EXIT_FAILURE);
-            }
-
-
-        }
+    ret = pcap_setfilter(pcap, &pcap_fp);
+    if (ret != 0) {
+        fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap));
+        exit(EXIT_FAILURE);
     }
 
     if (ret != 0)
@@ -1265,7 +1278,7 @@ int main(int argc, char** argv)
 #endif
 
     while (1) {
-        struct pcap_pkthdr header;
+        struct pcap_pkthdr *header;
         const unsigned char* packet = NULL;
         byte* data = NULL; /* pointer to decrypted data */
 #ifdef THREADED_SNIFFTEST
@@ -1292,22 +1305,28 @@ int main(int argc, char** argv)
         if (data == NULL) {
         /* grab next pcap packet */
             packetNumber++;
-            packet = pcap_next(pcap, &header);
+            if(pcap_next_ex(pcap, &header, &packet) < 0) {
+                break;
+            }
         }
 
         if (packet) {
-            if (header.caplen > 40)  { /* min ip(20) + min tcp(20) */
+            if (header->caplen > 40)  { /* min ip(20) + min tcp(20) */
                 packet        += frame;
-                header.caplen -= frame;
+                header->caplen -= frame;
             }
             else {
                 /* packet doesn't contain minimum ip/tcp header */
                 continue;
             }
+            if (pcap_datalink(pcap) == DLT_LINUX_SLL) {
+                packet += 2;
+                header->caplen -= 2;
+            }
 #ifdef THREADED_SNIFFTEST
             XMEMSET(&info, 0, sizeof(SnifferStreamInfo));
 
-            ret = ssl_DecodePacket_GetStream(&info, packet, header.caplen, err);
+            ret = ssl_DecodePacket_GetStream(&info, packet, header->caplen, err);
 
             /* calculate SnifferStreamInfo checksum */
             infoSum = 0;
@@ -1330,7 +1349,7 @@ int main(int argc, char** argv)
 
             /* add the packet to the worker's linked list */
             if (SnifferWorkerPacketAdd(&workers[threadNum], ret, (byte*)packet,
-                                   header.caplen, packetNumber)) {
+                                   header->caplen, packetNumber)) {
                 printf("Unable to add packet %d to worker", packetNumber);
                 break;
             }
@@ -1339,7 +1358,7 @@ int main(int argc, char** argv)
 #else
             /* Decode Packet, ret value will indicate whether a
              * bad packet was encountered */
-            hadBadPacket = DecodePacket((byte*)packet, header.caplen,
+            hadBadPacket = DecodePacket((byte*)packet, header->caplen,
                                         packetNumber,err);
 #endif
         }
diff --git a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
index 72770eba5..8d4cb32ac 100644
--- a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
+++ b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}</ProjectGuid>
@@ -37,6 +45,12 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v141</PlatformToolset>
@@ -47,6 +61,11 @@
     <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -56,12 +75,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>15.0.28307.799</_ProjectFileVersion>
@@ -78,6 +103,12 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <TargetName>snifftest</TargetName>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>snifftest</TargetName>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -90,6 +121,12 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <TargetName>snifftest</TargetName>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>snifftest</TargetName>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -129,6 +166,25 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -173,6 +229,28 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="snifftest.c" />
   </ItemGroup>
diff --git a/support/gen-debug-trace-error-codes.sh b/support/gen-debug-trace-error-codes.sh
new file mode 100755
index 000000000..540a95273
--- /dev/null
+++ b/support/gen-debug-trace-error-codes.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+awk '
+BEGIN {
+    print("/* automatically generated, do not edit */") > "wolfssl/debug-trace-error-codes.h";
+    print("#ifndef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-trace-error-codes.h";
+    print("#define WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-trace-error-codes.h";
+    print("") >> "wolfssl/debug-trace-error-codes.h";
+
+    print("/* automatically generated, do not edit */") > "wolfssl/debug-untrace-error-codes.h";
+    print("#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h";
+    print("#undef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h";
+}
+{
+    if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)([,[:space:]]|$)")) {
+
+        # for mawkward compatibility -- gawk allows errcode_a as the 3rd arg to match().
+        gsub("^[[:space:]]+", "", $0);
+        split($0, errcode_a, "[[:space:]=,]+");
+
+        if ((errcode_a[1] == "MIN_CODE_E") ||
+            (errcode_a[1] == "MAX_CODE_E") ||
+            (errcode_a[1] ~ "WC.*MIN_CODE_E") ||
+            (errcode_a[1] ~ "WC.*MAX_CODE_E") ||
+            (errcode_a[1] ~ "WC.*_FIRST_E") ||
+            (errcode_a[1] ~ "WC.*_LAST_E") ||
+            (errcode_a[1] ~ "WOLFSSL.*_FIRST_E") ||
+            (errcode_a[1] ~ "WOLFSSL.*_LAST_E"))
+        {
+            next;
+        }
+        printf("#define %s WC_ERR_TRACE(%s)\n#define CONST_NUM_ERR_%s (%s)\n", errcode_a[1], errcode_a[1], errcode_a[1], errcode_a[2]) >> "wolfssl/debug-trace-error-codes.h";
+        printf("#undef %s\n#undef CONST_NUM_ERR_%s\n", errcode_a[1], errcode_a[1]) >> "wolfssl/debug-untrace-error-codes.h";
+    }
+}
+END {
+    print("") >> "wolfssl/debug-trace-error-codes.h";
+    print("#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES_H */") >> "wolfssl/debug-trace-error-codes.h";
+
+    print("") >> "wolfssl/debug-untrace-error-codes.h";
+    print("#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES_H */") >> "wolfssl/debug-untrace-error-codes.h";
+}' wolfssl/wolfcrypt/error-crypt.h wolfssl/error-ssl.h
diff --git a/support/include.am b/support/include.am
index 113eee022..cb0d5ced8 100644
--- a/support/include.am
+++ b/support/include.am
@@ -2,7 +2,8 @@
 # All paths should be given relative to the root
 #
 
-EXTRA_DIST += support/wolfssl.pc
+EXTRA_DIST += support/wolfssl.pc \
+              support/gen-debug-trace-error-codes.sh
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = support/wolfssl.pc
diff --git a/support/wolfssl.pc.in b/support/wolfssl.pc.in
index e8cb694fd..19aa4431c 100644
--- a/support/wolfssl.pc.in
+++ b/support/wolfssl.pc.in
@@ -7,4 +7,5 @@ Name: wolfssl
 Description: wolfssl C library.
 Version: @VERSION@
 Libs: -L${libdir} -lwolfssl
+Libs.private: @LIBM@
 Cflags: -I${includedir}
diff --git a/tests/api.c b/tests/api.c
index cd72b346a..1383537be 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -1,6 +1,6 @@
 /* api.c API unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,28 +29,321 @@
  | Includes
  *----------------------------------------------------------------------------*/
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <tests/unit.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/hash.h>
 
-#ifndef FOURK_BUF
-    #define FOURK_BUF 4096
-#endif
-#ifndef TWOK_BUF
-    #define TWOK_BUF 2048
-#endif
-#ifndef ONEK_BUF
-    #define ONEK_BUF 1024
-#endif
 #if defined(WOLFSSL_STATIC_MEMORY)
     #include <wolfssl/wolfcrypt/memory.h>
+#endif
+#ifdef WOLFSSL_ASNC_CRYPT
+    #include <wolfssl/wolfcrypt/async.h>
+#endif
+#ifdef HAVE_ECC
+    #include <wolfssl/wolfcrypt/ecc.h>   /* wc_ecc_fp_free */
+    #ifdef WOLFSSL_SM2
+        #include <wolfssl/wolfcrypt/sm2.h>
+    #endif
+#endif
+#ifndef NO_ASN
+    #include <wolfssl/wolfcrypt/asn_public.h>
+#endif
+
+#include <stdlib.h>
+#include <wolfssl/ssl.h>  /* compatibility layer */
+#include <wolfssl/error-ssl.h>
+
+#include <wolfssl/test.h>
+#include <tests/utils.h>
+#include <testsuite/utils.h>
+
+/* for testing compatibility layer callbacks */
+#include "examples/server/server.h"
+
+#ifndef NO_MD5
+    #include <wolfssl/wolfcrypt/md5.h>
+#endif
+#ifndef NO_SHA
+    #include <wolfssl/wolfcrypt/sha.h>
+#endif
+#ifndef NO_SHA256
+    #include <wolfssl/wolfcrypt/sha256.h>
+#endif
+#ifdef WOLFSSL_SHA512
+    #include <wolfssl/wolfcrypt/sha512.h>
+#endif
+#ifdef WOLFSSL_SHA384
+    #include <wolfssl/wolfcrypt/sha512.h>
+#endif
+#ifdef WOLFSSL_SHA3
+    #include <wolfssl/wolfcrypt/sha3.h>
+#endif
+#ifdef WOLFSSL_SM3
+    #include <wolfssl/wolfcrypt/sm3.h>
+#endif
+#ifndef NO_AES
+    #include <wolfssl/wolfcrypt/aes.h>
+    #ifdef HAVE_AES_DECRYPT
+        #include <wolfssl/wolfcrypt/wc_encrypt.h>
+    #endif
+#endif
+#ifdef WOLFSSL_SM4
+    #include <wolfssl/wolfcrypt/sm4.h>
+#endif
+#ifdef WOLFSSL_RIPEMD
+    #include <wolfssl/wolfcrypt/ripemd.h>
+#endif
+#ifndef NO_DES3
+    #include <wolfssl/wolfcrypt/des3.h>
+    #include <wolfssl/wolfcrypt/wc_encrypt.h>
+#endif
+#ifdef WC_RC2
+    #include <wolfssl/wolfcrypt/rc2.h>
+#endif
+
+#ifndef NO_HMAC
+    #include <wolfssl/wolfcrypt/hmac.h>
+#endif
+
+#ifdef HAVE_CHACHA
+    #include <wolfssl/wolfcrypt/chacha.h>
+#endif
+
+#ifdef HAVE_POLY1305
+    #include <wolfssl/wolfcrypt/poly1305.h>
+#endif
+
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+#endif
+
+#ifdef HAVE_CAMELLIA
+    #include <wolfssl/wolfcrypt/camellia.h>
+#endif
+
+#ifndef NO_RC4
+    #include <wolfssl/wolfcrypt/arc4.h>
+#endif
+
+#ifdef HAVE_BLAKE2
+    #include <wolfssl/wolfcrypt/blake2.h>
+#endif
+
+#ifndef NO_RSA
+    #include <wolfssl/wolfcrypt/rsa.h>
+#endif
+
+#ifndef NO_SIG_WRAPPER
+    #include <wolfssl/wolfcrypt/signature.h>
+#endif
+
+#ifdef HAVE_AESCCM
+    #include <wolfssl/wolfcrypt/aes.h>
+#endif
+
+#ifdef HAVE_PKCS7
+    #include <wolfssl/wolfcrypt/pkcs7.h>
+    #include <wolfssl/wolfcrypt/asn.h>
+    #ifdef HAVE_LIBZ
+        #include <wolfssl/wolfcrypt/compress.h>
+    #endif
+#endif
+
+#ifdef WOLFSSL_SMALL_CERT_VERIFY
+    #include <wolfssl/wolfcrypt/asn.h>
+#endif
+
+#ifndef NO_DSA
+    #include <wolfssl/wolfcrypt/dsa.h>
+#endif
+
+#ifdef WOLFSSL_CMAC
+    #include <wolfssl/wolfcrypt/cmac.h>
+#endif
+
+#ifdef HAVE_ED25519
+    #include <wolfssl/wolfcrypt/ed25519.h>
+#endif
+#ifdef HAVE_CURVE25519
+    #include <wolfssl/wolfcrypt/curve25519.h>
+#endif
+#ifdef HAVE_ED448
+    #include <wolfssl/wolfcrypt/ed448.h>
+#endif
+#ifdef HAVE_CURVE448
+    #include <wolfssl/wolfcrypt/curve448.h>
+#endif
+
+#ifdef WOLFSSL_HAVE_KYBER
+    #include <wolfssl/wolfcrypt/kyber.h>
+#ifdef WOLFSSL_WC_KYBER
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#endif
+#ifdef HAVE_DILITHIUM
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
+
+#ifdef HAVE_PKCS12
+    #include <wolfssl/wolfcrypt/pkcs12.h>
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(OPENSSL_ALL)
+    #include <wolfssl/openssl/ssl.h>
+    #ifndef NO_ASN
+        /* for ASN_COMMON_NAME DN_tags enum */
+        #include <wolfssl/wolfcrypt/asn.h>
+    #endif
+    #ifdef HAVE_OCSP
+        #include <wolfssl/openssl/ocsp.h>
+    #endif
+#endif
+#ifdef OPENSSL_EXTRA
+    #include <wolfssl/openssl/cmac.h>
+    #include <wolfssl/openssl/x509v3.h>
+    #include <wolfssl/openssl/asn1.h>
+    #include <wolfssl/openssl/crypto.h>
+    #include <wolfssl/openssl/pkcs12.h>
+    #include <wolfssl/openssl/evp.h>
+    #include <wolfssl/openssl/dh.h>
+    #include <wolfssl/openssl/bn.h>
+    #include <wolfssl/openssl/buffer.h>
+    #include <wolfssl/openssl/pem.h>
+    #include <wolfssl/openssl/ec.h>
+    #include <wolfssl/openssl/ecdh.h>
+    #include <wolfssl/openssl/engine.h>
+    #include <wolfssl/openssl/hmac.h>
+    #include <wolfssl/openssl/objects.h>
+    #include <wolfssl/openssl/rand.h>
+    #include <wolfssl/openssl/modes.h>
+    #include <wolfssl/openssl/fips_rand.h>
+    #include <wolfssl/openssl/kdf.h>
+    #include <wolfssl/openssl/x509_vfy.h>
+#ifdef OPENSSL_ALL
+    #include <wolfssl/openssl/txt_db.h>
+    #include <wolfssl/openssl/lhash.h>
+#endif
+#ifndef NO_AES
+    #include <wolfssl/openssl/aes.h>
+#endif
+#ifndef NO_DES3
+    #include <wolfssl/openssl/des.h>
+#endif
+#ifndef NO_RC4
+    #include <wolfssl/openssl/rc4.h>
+#endif
+#ifdef HAVE_ECC
+    #include <wolfssl/openssl/ecdsa.h>
+#endif
+#ifdef HAVE_PKCS7
+    #include <wolfssl/openssl/pkcs7.h>
+#endif
+#ifdef HAVE_CURVE25519
+    #include <wolfssl/openssl/ec25519.h>
+#endif
+#ifdef HAVE_ED25519
+    #include <wolfssl/openssl/ed25519.h>
+#endif
+#ifdef HAVE_CURVE448
+    #include <wolfssl/openssl/ec448.h>
+#endif
+#ifdef HAVE_ED448
+    #include <wolfssl/openssl/ed448.h>
+#endif
+#endif /* OPENSSL_EXTRA */
+
+#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
+    !defined(NO_SHA256) && !defined(RC_NO_RNG)
+        #include <wolfssl/wolfcrypt/srp.h>
+#endif
+
+#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
+    defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
+    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \
+    defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \
+    defined(HAVE_ECH) || defined(HAVE_EX_DATA) || !defined(NO_SESSION_CACHE) \
+    || !defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)
+    /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
+     * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence
+     * number tracking */
+    #include "wolfssl/internal.h"
+#endif
+
+/* force enable test buffers */
+#ifndef USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_2048
+#endif
+#ifndef USE_CERT_BUFFERS_256
+    #define USE_CERT_BUFFERS_256
+#endif
+#include <wolfssl/certs_test.h>
+
+/* include misc.c here regardless of NO_INLINE, because misc.c implementations
+ * have default (hidden) visibility, and in the absence of visibility, it's
+ * benign to mask out the library implementation.
+ */
+#define WOLFSSL_MISC_INCLUDED
+#include <wolfcrypt/src/misc.c>
+
+#include <tests/api/api.h>
+
+/* Gather test declarations to include them in the testCases array */
+#include <tests/api/test_md5.h>
+#include <tests/api/test_sha.h>
+#include <tests/api/test_sha256.h>
+#include <tests/api/test_sha512.h>
+#include <tests/api/test_sha3.h>
+#include <tests/api/test_blake2.h>
+#include <tests/api/test_sm3.h>
+#include <tests/api/test_ripemd.h>
+#include <tests/api/test_hash.h>
+#include <tests/api/test_hmac.h>
+#include <tests/api/test_cmac.h>
+#include <tests/api/test_des3.h>
+#include <tests/api/test_chacha.h>
+#include <tests/api/test_poly1305.h>
+#include <tests/api/test_chacha20_poly1305.h>
+#include <tests/api/test_camellia.h>
+#include <tests/api/test_arc4.h>
+#include <tests/api/test_rc2.h>
+#include <tests/api/test_aes.h>
+#include <tests/api/test_ascon.h>
+#include <tests/api/test_sm4.h>
+#include <tests/api/test_wc_encrypt.h>
+#include <tests/api/test_mlkem.h>
+#include <tests/api/test_dtls.h>
+#include <tests/api/test_ocsp.h>
+#include <tests/api/test_evp.h>
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
+    #define HAVE_IO_TESTS_DEPENDENCIES
+#endif
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(WOLFSSL_TIRTOS)
+    #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+#endif
+
+#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_CERTS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
+    #define HAVE_CERT_CHAIN_VALIDATION
+#endif
+
+#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
+    /* FIPS build has replaced ecc.h. */
+    #define wc_ecc_key_get_priv(key) (&((key)->k))
+    #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
+#endif
 
 #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
-    #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
-         defined(SESSION_CERTS)
+    #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS)
         #ifdef OPENSSL_EXTRA
             #define TEST_TLS_STATIC_MEMSZ (400000)
         #else
@@ -61,15 +354,7 @@
     #endif
 #endif
 
-#endif /* WOLFSSL_STATIC_MEMORY */
-#ifndef HEAP_HINT
-    #define HEAP_HINT NULL
-#endif /* WOLFSSL_STAIC_MEMORY */
-#ifdef WOLFSSL_ASNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
 #ifdef HAVE_ECC
-    #include <wolfssl/wolfcrypt/ecc.h>   /* wc_ecc_fp_free */
     #ifndef ECC_ASN963_MAX_BUF_SZ
         #define ECC_ASN963_MAX_BUF_SZ 133
     #endif
@@ -137,141 +422,9 @@
     #if !defined(DER_SZ)
         #define DER_SZ(ks) ((ks) * 2 + 1)
     #endif
-    #ifdef WOLFSSL_SM2
-        #include <wolfssl/wolfcrypt/sm2.h>
-    #endif
-#endif
-#ifndef NO_ASN
-    #include <wolfssl/wolfcrypt/asn_public.h>
-#endif
-#include <wolfssl/error-ssl.h>
-
-#include <stdlib.h>
-#include <wolfssl/ssl.h>  /* compatibility layer */
-#include <wolfssl/test.h>
-#include <tests/unit.h>
-#include "examples/server/server.h"
-     /* for testing compatibility layer callbacks */
-
-#ifndef NO_MD5
-    #include <wolfssl/wolfcrypt/md5.h>
-#endif
-#ifndef NO_SHA
-    #include <wolfssl/wolfcrypt/sha.h>
-#endif
-#ifndef NO_SHA256
-    #include <wolfssl/wolfcrypt/sha256.h>
-#endif
-#ifdef WOLFSSL_SHA512
-    #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-#ifdef WOLFSSL_SHA384
-    #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-
-#ifdef WOLFSSL_SHA3
-    #include <wolfssl/wolfcrypt/sha3.h>
-    #ifndef HEAP_HINT
-        #define HEAP_HINT   NULL
-    #endif
-#endif
-
-#ifdef WOLFSSL_SM3
-    #include <wolfssl/wolfcrypt/sm3.h>
-#endif
-
-#ifndef NO_AES
-    #include <wolfssl/wolfcrypt/aes.h>
-    #ifdef HAVE_AES_DECRYPT
-        #include <wolfssl/wolfcrypt/wc_encrypt.h>
-    #endif
-#endif
-#ifdef WOLFSSL_SM4
-    #include <wolfssl/wolfcrypt/sm4.h>
-#endif
-#ifdef WOLFSSL_RIPEMD
-    #include <wolfssl/wolfcrypt/ripemd.h>
-#endif
-#ifndef NO_DES3
-    #include <wolfssl/wolfcrypt/des3.h>
-    #include <wolfssl/wolfcrypt/wc_encrypt.h>
-#endif
-#ifdef WC_RC2
-    #include <wolfssl/wolfcrypt/rc2.h>
-#endif
-
-#ifndef NO_HMAC
-    #include <wolfssl/wolfcrypt/hmac.h>
-#endif
-
-#ifdef HAVE_CHACHA
-    #include <wolfssl/wolfcrypt/chacha.h>
-#endif
-
-#ifdef HAVE_POLY1305
-    #include <wolfssl/wolfcrypt/poly1305.h>
-#endif
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-#endif
-
-#ifdef HAVE_CAMELLIA
-    #include <wolfssl/wolfcrypt/camellia.h>
-#endif
-
-#ifndef NO_RC4
-    #include <wolfssl/wolfcrypt/arc4.h>
-#endif
-
-#ifdef HAVE_BLAKE2
-    #include <wolfssl/wolfcrypt/blake2.h>
-#endif
-
-#include <wolfssl/wolfcrypt/hash.h>
-#ifndef NO_RSA
-    #include <wolfssl/wolfcrypt/rsa.h>
-
-    #define FOURK_BUF 4096
-    #define GEN_BUF  294
-
-    #ifndef USER_CRYPTO_ERROR
-        #define USER_CRYPTO_ERROR (-101) /* error returned by IPP lib. */
-    #endif
-#endif
-
-#ifndef NO_SIG_WRAPPER
-    #include <wolfssl/wolfcrypt/signature.h>
-#endif
-
-
-#ifdef HAVE_AESCCM
-    #include <wolfssl/wolfcrypt/aes.h>
-#endif
-
-#ifdef HAVE_PKCS7
-    #include <wolfssl/wolfcrypt/pkcs7.h>
-    #include <wolfssl/wolfcrypt/asn.h>
-    #ifdef HAVE_LIBZ
-    #include <wolfssl/wolfcrypt/compress.h>
-    #endif
-#endif
-
-#ifdef WOLFSSL_SMALL_CERT_VERIFY
-    #include <wolfssl/wolfcrypt/asn.h>
-#endif
+#endif /* HAVE_ECC */
 
 #ifndef NO_DSA
-    #include <wolfssl/wolfcrypt/dsa.h>
-    #ifndef ONEK_BUF
-        #define ONEK_BUF 1024
-    #endif
-    #ifndef TWOK_BUF
-        #define TWOK_BUF 2048
-    #endif
-    #ifndef FOURK_BUF
-        #define FOURK_BUF 4096
-    #endif
     #ifndef DSA_SIG_SIZE
         #define DSA_SIG_SIZE 40
     #endif
@@ -280,134 +433,20 @@
     #endif
 #endif
 
-#ifdef WOLFSSL_CMAC
-    #include <wolfssl/wolfcrypt/cmac.h>
+#ifndef NO_RSA
+    #define GEN_BUF  294
 #endif
 
-#ifdef HAVE_ED25519
-    #include <wolfssl/wolfcrypt/ed25519.h>
+#ifndef ONEK_BUF
+    #define ONEK_BUF 1024
 #endif
-#ifdef HAVE_CURVE25519
-    #include <wolfssl/wolfcrypt/curve25519.h>
+#ifndef TWOK_BUF
+    #define TWOK_BUF 2048
 #endif
-#ifdef HAVE_ED448
-    #include <wolfssl/wolfcrypt/ed448.h>
-#endif
-#ifdef HAVE_CURVE448
-    #include <wolfssl/wolfcrypt/curve448.h>
+#ifndef FOURK_BUF
+    #define FOURK_BUF 4096
 #endif
 
-#ifdef HAVE_PKCS12
-    #include <wolfssl/wolfcrypt/pkcs12.h>
-#endif
-
-#include <wolfssl/wolfcrypt/logging.h>
-
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
-    #include <wolfssl/openssl/ssl.h>
-    #ifndef NO_ASN
-        /* for ASN_COMMON_NAME DN_tags enum */
-        #include <wolfssl/wolfcrypt/asn.h>
-    #endif
-    #ifdef HAVE_OCSP
-        #include <wolfssl/openssl/ocsp.h>
-    #endif
-#endif
-#ifdef OPENSSL_EXTRA
-    #include <wolfssl/openssl/cmac.h>
-    #include <wolfssl/openssl/x509v3.h>
-    #include <wolfssl/openssl/asn1.h>
-    #include <wolfssl/openssl/crypto.h>
-    #include <wolfssl/openssl/pkcs12.h>
-    #include <wolfssl/openssl/evp.h>
-    #include <wolfssl/openssl/dh.h>
-    #include <wolfssl/openssl/bn.h>
-    #include <wolfssl/openssl/buffer.h>
-    #include <wolfssl/openssl/pem.h>
-    #include <wolfssl/openssl/ec.h>
-    #include <wolfssl/openssl/ecdh.h>
-    #include <wolfssl/openssl/engine.h>
-    #include <wolfssl/openssl/hmac.h>
-    #include <wolfssl/openssl/objects.h>
-    #include <wolfssl/openssl/rand.h>
-    #include <wolfssl/openssl/modes.h>
-    #include <wolfssl/openssl/fips_rand.h>
-    #include <wolfssl/openssl/kdf.h>
-#ifdef OPENSSL_ALL
-    #include <wolfssl/openssl/txt_db.h>
-    #include <wolfssl/openssl/lhash.h>
-#endif
-#ifndef NO_AES
-    #include <wolfssl/openssl/aes.h>
-#endif
-#ifndef NO_DES3
-    #include <wolfssl/openssl/des.h>
-#endif
-#ifndef NO_RC4
-    #include <wolfssl/openssl/rc4.h>
-#endif
-#ifdef HAVE_ECC
-    #include <wolfssl/openssl/ecdsa.h>
-#endif
-#ifdef HAVE_PKCS7
-    #include <wolfssl/openssl/pkcs7.h>
-#endif
-#ifdef HAVE_ED25519
-    #include <wolfssl/openssl/ed25519.h>
-#endif
-#ifdef HAVE_ED448
-    #include <wolfssl/openssl/ed448.h>
-#endif
-#endif /* OPENSSL_EXTRA */
-
-#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-    && !defined(NO_SHA256) && !defined(RC_NO_RNG)
-        #include <wolfssl/wolfcrypt/srp.h>
-#endif
-
-#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
-    defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
-    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \
-    defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \
-    defined(HAVE_ECH) || defined(HAVE_EX_DATA) || !defined(NO_SESSION_CACHE) \
-    || !defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)
-    /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
-     * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence
-     * number tracking */
-#include "wolfssl/internal.h"
-#endif
-
-/* force enable test buffers */
-#ifndef USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_2048
-#endif
-#ifndef USE_CERT_BUFFERS_256
-    #define USE_CERT_BUFFERS_256
-#endif
-#include <wolfssl/certs_test.h>
-
-#include "tests/utils.h"
-
-/* include misc.c here regardless of NO_INLINE, because misc.c implementations
- * have default (hidden) visibility, and in the absence of visibility, it's
- * benign to mask out the library implementation.
- */
-#define WOLFSSL_MISC_INCLUDED
-#include <wolfcrypt/src/misc.c>
-
-#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
-    /* FIPS build has replaced ecc.h. */
-    #define wc_ecc_key_get_priv(key) (&((key)->k))
-    #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
-#endif
-
-typedef struct testVector {
-    const char* input;
-    const char* output;
-    size_t inLen;
-    size_t outLen;
-
-} testVector;
 
 #if defined(HAVE_PKCS7)
     typedef struct {
@@ -435,64 +474,6 @@ typedef struct testVector {
     #endif
 #endif /* HAVE_PKCS7 */
 
-typedef int (*ctx_cb)(WOLFSSL_CTX* ctx);
-typedef int (*ssl_cb)(WOLFSSL* ssl);
-typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
-typedef int (*hs_cb)(WOLFSSL_CTX **ctx, WOLFSSL **ssl);
-
-typedef struct test_ssl_cbf {
-    method_provider method;
-    ctx_cb ctx_ready;
-    ssl_cb ssl_ready;
-    ssl_cb on_result;
-    ssl_cb on_cleanup;
-    hs_cb  on_handshake;
-    WOLFSSL_CTX* ctx;
-    const char* caPemFile;
-    const char* certPemFile;
-    const char* keyPemFile;
-    const char* crlPemFile;
-#ifdef WOLFSSL_STATIC_MEMORY
-    byte*               mem;
-    word32              memSz;
-    wolfSSL_method_func method_ex;
-#endif
-    int devId;
-    int return_code;
-    int last_err;
-    unsigned char isSharedCtx:1;
-    unsigned char loadToSSL:1;
-    unsigned char ticNoInit:1;
-    unsigned char doUdp:1;
-} test_ssl_cbf;
-
-#define TEST_SSL_MEMIO_BUF_SZ   (64 * 1024)
-typedef struct test_ssl_memio_ctx {
-    WOLFSSL_CTX* s_ctx;
-    WOLFSSL_CTX* c_ctx;
-    WOLFSSL* s_ssl;
-    WOLFSSL* c_ssl;
-
-    const char* c_ciphers;
-    const char* s_ciphers;
-
-    char* c_msg;
-    int c_msglen;
-    char* s_msg;
-    int s_msglen;
-
-    test_ssl_cbf s_cb;
-    test_ssl_cbf c_cb;
-
-    byte c_buff[TEST_SSL_MEMIO_BUF_SZ];
-    int c_len;
-    byte s_buff[TEST_SSL_MEMIO_BUF_SZ];
-    int s_len;
-} test_ssl_memio_ctx;
-
-int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
-    test_ssl_cbf* server_cb, test_cbType client_on_handshake);
-
 #ifdef WOLFSSL_DUMP_MEMIO_STREAM
 const char* currentTestName;
 char tmpDirName[16];
@@ -503,48 +484,18 @@ int tmpDirNameSet = 0;
  | Constants
  *----------------------------------------------------------------------------*/
 
-/* Test result constants and macros. */
-
-/* Test succeeded. */
-#define TEST_SUCCESS    (1)
-/* Test failed. */
-#define TEST_FAIL       (0)
-/* Test skipped - not run. */
-#define TEST_SKIPPED    (-7777)
-
-/* Returns the result based on whether check is true.
- *
- * @param [in] check  Condition for success.
- * @return  When condition is true: TEST_SUCCESS.
- * @return  When condition is false: TEST_FAIL.
- */
-#ifdef DEBUG_WOLFSSL_VERBOSE
-#define XSTRINGIFY(s) STRINGIFY(s)
-#define STRINGIFY(s)  #s
-#define TEST_RES_CHECK(check) ({ \
-    int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \
-    if (_ret == TEST_FAIL) { \
-        fprintf(stderr, " check \"%s\" at %d ", \
-            XSTRINGIFY(check), __LINE__); \
-    } \
-    _ret; })
-#else
-#define TEST_RES_CHECK(check) \
-    ((check) ? TEST_SUCCESS : TEST_FAIL)
-#endif /* DEBUG_WOLFSSL_VERBOSE */
-
-#define TEST_STRING    "Everyone gets Friday off."
-#define TEST_STRING_SZ 25
-
+#ifndef NO_RSA
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
 #define TEST_RSA_BITS 1024
 #else
 #define TEST_RSA_BITS 2048
 #endif
 #define TEST_RSA_BYTES (TEST_RSA_BITS/8)
+#endif /* !NO_RSA */
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
     static const char* bogusFile  =
     #ifdef _WIN32
@@ -562,20 +513,9 @@ enum {
 
 #ifdef WOLFSSL_QNX_CAAM
 #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
-static int testDevId = WOLFSSL_CAAM_DEVID;
+int testDevId = WOLFSSL_CAAM_DEVID;
 #else
-static int testDevId = INVALID_DEVID;
-#endif
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
-    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-#define HAVE_IO_TESTS_DEPENDENCIES
-#endif
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-#define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+int testDevId = INVALID_DEVID;
 #endif
 
 /*----------------------------------------------------------------------------*
@@ -587,14 +527,14 @@ static int testDevId = INVALID_DEVID;
 static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data,
     int len)
 {
-    if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) {
+    if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) {
         len = 0;
     }
     else {
         if (bio->wrSz - bio->wrIdx < len) {
             len = bio->wrSz - bio->wrIdx;
         }
-        XMEMCPY((char*)bio->ptr + bio->wrIdx, data, len);
+        XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, (size_t)len);
         bio->wrIdx += len;
     }
 
@@ -603,14 +543,14 @@ static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data,
 
 static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len)
 {
-    if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) {
+    if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) {
         len = 0;
     }
     else {
         if (bio->wrSz - bio->rdIdx < len) {
             len = bio->wrSz - bio->rdIdx;
         }
-        XMEMCPY(data, (char*)bio->ptr + bio->rdIdx, len);
+        XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, (size_t)len);
         bio->rdIdx += len;
     }
 
@@ -669,6 +609,153 @@ static int test_wolfCrypt_Cleanup(void)
     return EXPECT_RESULT();
 }
 
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    #define TEST_LSM_STATIC_SIZE 440000
+    /* Create new bucket list, using the default list, adding
+     * one dang large buffer size. */
+    #define TEST_LSM_DEF_BUCKETS (WOLFMEM_DEF_BUCKETS+1)
+    #define TEST_LSM_BUCKETS WOLFMEM_BUCKETS,(LARGEST_MEM_BUCKET*2)
+    #define TEST_LSM_DIST WOLFMEM_DIST,1
+#endif
+
+static int test_wc_LoadStaticMemory_ex(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_STATIC_MEMORY
+    byte staticMemory[TEST_LSM_STATIC_SIZE];
+    word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS };
+    word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST };
+    WOLFSSL_HEAP_HINT* heap;
+
+    /* For this test, the size and dist lists will be the ones configured
+     * for the build, or default. The value of WOLFMEM_DEF_BUCKETS is 9,
+     * so these lists are 10 long. For most tests, the value of
+     * WOLFMEM_DEF_BUCKETS is used. There's a test case where one is added
+     * to that, to make sure the list size is larger than
+     * WOLFMEM_MAX_BUCKETS. */
+
+    /* Pass in zero everything. */
+    ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, 0, NULL, NULL, NULL, 0, 0, 0),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Set the heap pointer to NULL. */
+    ExpectIntEQ(wc_LoadStaticMemory_ex(NULL,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory, (word32)sizeof(staticMemory),
+                0, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Set other pointer values to NULL one at a time. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, NULL, distList,
+                staticMemory, (word32)sizeof(staticMemory),
+                0, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, NULL,
+                staticMemory, (word32)sizeof(staticMemory),
+                0, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                NULL, (word32)sizeof(staticMemory),
+                0, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Set the size of the static buffer to 0. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory, 0,
+                0, 1),
+            WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* Set the size of the static buffer to one less than minimum allowed. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory,
+                (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) - 1,
+                0, 1),
+            WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* Set the size of the static buffer to exactly the minimum size. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory,
+                (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)),
+                0, 1),
+            0);
+    wc_UnloadStaticMemory(heap);
+
+    /* Use more buckets than able. Success case. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS*2, sizeList, distList,
+                staticMemory, (word32)sizeof(staticMemory),
+                0, 1),
+            0);
+    wc_UnloadStaticMemory(heap);
+
+    /* Success case. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory, (word32)sizeof(staticMemory),
+                0, 1),
+            0);
+    wc_UnloadStaticMemory(heap);
+#endif /* WOLFSSL_STATIC_MEMORY */
+    return EXPECT_RESULT();
+}
+
+
+static int test_wc_LoadStaticMemory_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(NO_WOLFSSL_CLIENT)
+    byte staticMemory[TEST_LSM_STATIC_SIZE];
+    word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS };
+    word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST };
+    WOLFSSL_HEAP_HINT* heap;
+    WOLFSSL_CTX *ctx1 = NULL, *ctx2 = NULL;
+
+
+    /* Set the size of the static buffer to exactly the minimum size. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory, sizeof(staticMemory), 0, 1),
+            0);
+
+    /* Creating two WOLFSSL_CTX objects from the same heap hint and free'ing
+     * them should not cause issues. */
+    ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx1);
+    ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx2);
+
+    /* two CTX's at once */
+    ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx1);
+    wolfSSL_CTX_free(ctx2);
+
+    wc_UnloadStaticMemory(heap);
+#endif /* WOLFSSL_STATIC_MEMORY */
+    return EXPECT_RESULT();
+}
+
+
 /*----------------------------------------------------------------------------*
  | Platform dependent function test
  *----------------------------------------------------------------------------*/
@@ -731,6 +818,7 @@ static int test_wolfSSL_Method_Allocators(void)
     #define TEST_INVALID_METHOD_ALLOCATOR(a) \
             TEST_METHOD_ALLOCATOR(a, ExpectNull)
 
+#ifndef NO_TLS
 #ifndef NO_OLD_TLS
     #ifdef WOLFSSL_ALLOW_SSLV3
         #ifndef NO_WOLFSSL_SERVER
@@ -833,9 +921,538 @@ static int test_wolfSSL_Method_Allocators(void)
         #ifndef WOLFSSL_NO_TLS12
             TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
         #endif /* !WOLFSSL_NO_TLS12 */
+        #ifdef WOLFSSL_DTLS13
+            TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_3_method);
+        #endif /* WOLFSSL_DTLS13 */
     #endif /* WOLFSSL_DTLS */
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
+#endif /* !NO_TLS */
+    return EXPECT_RESULT();
+}
 
+#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(NO_FILESYSTEM)
+/*----------------------------------------------------------------------------*
+ | Dual algorithm Certificate Tests
+ *----------------------------------------------------------------------------*/
+#define LARGE_TEMP_SZ 4096
+
+/* To better understand this, please see the X9.146 example in wolfssl-examples
+ * repo. */
+static int do_dual_alg_root_certgen(byte **out, char *caKeyFile,
+                                    char *sapkiFile, char *altPrivFile)
+{
+    EXPECT_DECLS;
+    FILE* file = NULL;
+    Cert newCert;
+    DecodedCert preTBS;
+
+    byte caKeyBuf[LARGE_TEMP_SZ];
+    word32 caKeySz = LARGE_TEMP_SZ;
+    byte sapkiBuf[LARGE_TEMP_SZ];
+    word32 sapkiSz = LARGE_TEMP_SZ;
+    byte altPrivBuf[LARGE_TEMP_SZ];
+    word32 altPrivSz = LARGE_TEMP_SZ;
+    byte altSigAlgBuf[LARGE_TEMP_SZ];
+    word32 altSigAlgSz = LARGE_TEMP_SZ;
+    byte scratchBuf[LARGE_TEMP_SZ];
+    word32 scratchSz = LARGE_TEMP_SZ;
+    byte preTbsBuf[LARGE_TEMP_SZ];
+    word32 preTbsSz = LARGE_TEMP_SZ;
+    byte altSigValBuf[LARGE_TEMP_SZ];
+    word32 altSigValSz = LARGE_TEMP_SZ;
+    byte *outBuf = NULL;
+    word32 outSz = LARGE_TEMP_SZ;
+    WC_RNG rng;
+    RsaKey caKey;
+    ecc_key altCaKey;
+    word32 idx = 0;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&caKey, 0, sizeof(RsaKey));
+    XMEMSET(&altCaKey, 0, sizeof(ecc_key));
+
+    ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
+                  DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    XMEMSET(caKeyBuf, 0, caKeySz);
+    ExpectNotNull(file = fopen(caKeyFile, "rb"));
+    ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz),
+                0);
+    XMEMSET(sapkiBuf, 0, sapkiSz);
+    ExpectNotNull(file = fopen(sapkiFile, "rb"));
+    ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    XMEMSET(altPrivBuf, 0, altPrivSz);
+    ExpectNotNull(file = fopen(altPrivFile, "rb"));
+    ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    wc_ecc_init(&altCaKey);
+    idx = 0;
+    ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
+                                       (word32)altPrivSz), 0);
+    XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
+    ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
+                                         oidSigType, 0), 0);
+    wc_InitCert(&newCert);
+    strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
+    strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z",
+        CTC_DATE_SIZE);
+    newCert.beforeDateSz = 17;
+    strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z",
+        CTC_DATE_SIZE);
+    newCert.afterDateSz = 17;
+    newCert.sigType = CTC_SHA256wRSA;
+    newCert.isCA    = 1;
+
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
+                (const byte *)"This is NOT a critical extension", 32), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
+                sapkiSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
+                                altSigAlgSz), 0);
+
+    XMEMSET(scratchBuf, 0, scratchSz);
+    ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz,
+                &caKey, &rng), 0);
+    wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
+    ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
+
+    XMEMSET(preTbsBuf, 0, preTbsSz);
+    ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
+    XMEMSET(altSigValBuf, 0, altSigValSz);
+    ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
+                CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
+                &rng), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74", altSigValBuf,
+                altSigValSz), 0);
+
+    /* Finally, generate the new certificate. */
+    if (outBuf != NULL) {
+        XMEMSET(outBuf, 0, outSz);
+    }
+    ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, &rng),
+                0);
+    *out = outBuf;
+
+    wc_FreeRsaKey(&caKey);
+    wc_FreeRng(&rng);
+    wc_FreeDecodedCert(&preTBS);
+    return outSz;
+}
+
+static int do_dual_alg_server_certgen(byte **out, char *caKeyFile,
+                                      char *sapkiFile, char *altPrivFile,
+                                      char *serverKeyFile,
+                                      byte *caCertBuf, int caCertSz)
+{
+    EXPECT_DECLS;
+    FILE* file = NULL;
+    Cert newCert;
+    DecodedCert preTBS;
+
+    byte serverKeyBuf[LARGE_TEMP_SZ];
+    word32 serverKeySz = LARGE_TEMP_SZ;
+    byte caKeyBuf[LARGE_TEMP_SZ];
+    word32 caKeySz = LARGE_TEMP_SZ;
+    byte sapkiBuf[LARGE_TEMP_SZ];
+    word32 sapkiSz = LARGE_TEMP_SZ;
+    byte altPrivBuf[LARGE_TEMP_SZ];
+    word32 altPrivSz = LARGE_TEMP_SZ;
+    byte altSigAlgBuf[LARGE_TEMP_SZ];
+    word32 altSigAlgSz = LARGE_TEMP_SZ;
+    byte scratchBuf[LARGE_TEMP_SZ];
+    word32 scratchSz = LARGE_TEMP_SZ;
+    byte preTbsBuf[LARGE_TEMP_SZ];
+    word32 preTbsSz = LARGE_TEMP_SZ;
+    byte altSigValBuf[LARGE_TEMP_SZ];
+    word32 altSigValSz = LARGE_TEMP_SZ;
+    byte *outBuf = NULL;
+    word32 outSz = LARGE_TEMP_SZ;
+    WC_RNG rng;
+    RsaKey caKey;
+    RsaKey serverKey;
+    ecc_key altCaKey;
+    word32 idx = 0;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&caKey, 0, sizeof(RsaKey));
+    XMEMSET(&serverKey, 0, sizeof(RsaKey));
+    XMEMSET(&altCaKey, 0, sizeof(ecc_key));
+
+    ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
+                  DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    XMEMSET(serverKeyBuf, 0, serverKeySz);
+    ExpectNotNull(file = fopen(serverKeyFile, "rb"));
+    ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file),
+                0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey,
+                (word32)serverKeySz), 0);
+    XMEMSET(caKeyBuf, 0, caKeySz);
+    ExpectNotNull(file = fopen(caKeyFile, "rb"));
+    ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey,
+                (word32)caKeySz), 0);
+    XMEMSET(sapkiBuf, 0, sapkiSz);
+    ExpectNotNull(file = fopen(sapkiFile, "rb"));
+    ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    XMEMSET(altPrivBuf, 0, altPrivSz);
+    ExpectNotNull(file = fopen(altPrivFile, "rb"));
+    ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    wc_ecc_init(&altCaKey);
+    idx = 0;
+    ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
+                (word32)altPrivSz), 0);
+    XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
+    ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
+                oidSigType, 0), 0);
+    wc_InitCert(&newCert);
+    strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE);
+    strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z",
+        CTC_DATE_SIZE);
+    newCert.beforeDateSz = 17;
+    strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z",
+        CTC_DATE_SIZE);
+    newCert.afterDateSz = 17;
+
+    newCert.sigType = CTC_SHA256wRSA;
+    newCert.isCA    = 0;
+    ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
+                sapkiSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
+                altSigAlgSz), 0);
+    XMEMSET(scratchBuf, 0, scratchSz);
+    ExpectIntGT(wc_MakeCert(&newCert, scratchBuf, scratchSz, &serverKey, NULL,
+                &rng), 0);
+    ExpectIntGT(scratchSz = wc_SignCert(newCert.bodySz, newCert.sigType,
+                scratchBuf, scratchSz, &caKey, NULL, &rng), 0);
+    wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
+    ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
+    XMEMSET(preTbsBuf, 0, preTbsSz);
+    ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
+    XMEMSET(altSigValBuf, 0, altSigValSz);
+    ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
+                CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
+                &rng), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74",
+                 altSigValBuf, altSigValSz), 0);
+    /* Finally, generate the new certificate. */
+    if (outBuf != NULL) {
+        XMEMSET(outBuf, 0, outSz);
+    }
+    ExpectIntGT(wc_MakeCert(&newCert, outBuf, outSz, &serverKey, NULL, &rng),
+                0);
+    ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, outBuf,
+                outSz, &caKey, NULL, &rng), 0);
+    *out = outBuf;
+    wc_FreeRsaKey(&caKey);
+    wc_FreeRsaKey(&serverKey);
+    wc_FreeRng(&rng);
+    wc_FreeDecodedCert(&preTBS);
+    return outSz;
+}
+
+static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz,
+                                        byte *serverCert, word32 serverCertSz,
+                                        byte *serverKey, word32 serverKeySz,
+                                        int negative_test)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup_ex(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+                caCert, caCertSz, serverCert, serverCertSz,
+                serverKey, serverKeySz), 0);
+    if (negative_test) {
+        ExpectTrue(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0);
+    }
+    else {
+        ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    }
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+    return EXPECT_RESULT();
+}
+
+static int test_dual_alg_support(void)
+{
+    EXPECT_DECLS;
+    /* Root CA and server keys will be the same. This is only appropriate for
+     * testing. */
+    char keyFile[] = "./certs/ca-key.der";
+    char sapkiFile[] = "./certs/ecc-keyPub.der";
+    char altPrivFile[] = "./certs/ecc-key.der";
+    char wrongPrivFile[] = "./certs/ecc-client-key.der";
+    byte *serverKey = NULL;
+    size_t serverKeySz = 0;
+    byte *root = NULL;
+    int rootSz = 0;
+    byte *server = NULL;
+    int serverSz = 0;
+
+    ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0);
+
+    /* Base normal case. */
+    if (EXPECT_SUCCESS()) {
+        rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile,
+            altPrivFile);
+    }
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    if (EXPECT_SUCCESS()) {
+        serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile,
+            altPrivFile, keyFile, root, rootSz);
+    }
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+    ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
+                server, serverSz, serverKey, (word32)serverKeySz, 0),
+                TEST_SUCCESS);
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    root = NULL;
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    server = NULL;
+
+    /* Now we try a negative case. Note that we use wrongPrivFile to generate
+     * the alternative signature and then set negative_test to true for the
+     * call to do_dual_alg_tls13_connection(). Its expecting a failed connection
+     * because the signature won't verify. The exception is if
+     * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verification happens
+     * and this is no longer a negative test. */
+    if (EXPECT_SUCCESS()) {
+        rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile,
+            wrongPrivFile);
+    }
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    if (EXPECT_SUCCESS()) {
+        serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile,
+            wrongPrivFile, keyFile, root, rootSz);
+    }
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+#ifdef WOLFSSL_TRUST_PEER_CERT
+    ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
+                server, serverSz, serverKey, (word32)serverKeySz, 0),
+                TEST_SUCCESS);
+#else
+    ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
+                server, serverSz, serverKey, (word32)serverKeySz, 1),
+                TEST_SUCCESS);
+#endif
+
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    free(serverKey);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_dual_alg_support(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS && !NO_FILESYSTEM */
+
+/**
+ * Test dual-alg ECDSA + ML-DSA:
+ *  - keygen + certgen + cert manager load
+ * */
+static int test_dual_alg_ecdsa_mldsa(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(HAVE_DILITHIUM) && \
+    defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
+    defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
+    WOLFSSL_CERT_MANAGER * cm = NULL;
+    MlDsaKey    alt_ca_key;
+    ecc_key     ca_key;
+    WC_RNG      rng;
+    int         ret = 0;
+    DecodedCert d_cert;
+    Cert        new_cert;
+    /* various tmp buffs.  */
+    byte        alt_pub_der[LARGE_TEMP_SZ];
+    word32      alt_pub_sz = LARGE_TEMP_SZ;
+    byte        alt_sig_alg[LARGE_TEMP_SZ];
+    word32      alt_sig_alg_sz = LARGE_TEMP_SZ;
+    byte        tbs_der[LARGE_TEMP_SZ];
+    word32      tbs_der_sz = LARGE_TEMP_SZ;
+    byte        alt_sig[LARGE_TEMP_SZ];
+    word32      alt_sig_sz = LARGE_TEMP_SZ;
+    /* Intermediate der. */
+    byte        der[LARGE_TEMP_SZ];
+    word32      der_sz = LARGE_TEMP_SZ;
+    /* The final der will be large because of ML-DSA signature. */
+    byte        final_der[2 * LARGE_TEMP_SZ];
+    word32      final_der_sz = 2 * LARGE_TEMP_SZ;
+
+    XMEMSET(alt_pub_der, 0, alt_pub_sz);
+    XMEMSET(alt_sig_alg, 0, alt_sig_alg_sz);
+    XMEMSET(tbs_der, 0, tbs_der_sz);
+    XMEMSET(alt_sig, 0, alt_sig_sz);
+    XMEMSET(der, 0, der_sz);
+    XMEMSET(final_der, 0, final_der_sz);
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    /**
+     * ML-DSA key gen.
+     * */
+    ret = wc_MlDsaKey_Init(&alt_ca_key, NULL, INVALID_DEVID);
+    ExpectIntEQ(ret, 0);
+    ret = wc_MlDsaKey_SetParams(&alt_ca_key, WC_ML_DSA_44);
+    ExpectIntEQ(ret, 0);
+    ret = wc_MlDsaKey_MakeKey(&alt_ca_key, &rng);
+    ExpectIntEQ(ret, 0);
+    alt_pub_sz = wc_MlDsaKey_PublicKeyToDer(&alt_ca_key, alt_pub_der,
+                                            alt_pub_sz, 1);
+    ExpectIntGT(alt_pub_sz, 0);
+
+    alt_sig_alg_sz = SetAlgoID(CTC_SHA256wECDSA, alt_sig_alg, oidSigType, 0);
+    ExpectIntGT(alt_sig_alg_sz, 0);
+
+    /**
+     * ECC key gen.
+     * */
+    ret = wc_ecc_init(&ca_key);
+    ExpectIntEQ(ret, 0);
+    ret = wc_ecc_make_key(&rng, KEY32, &ca_key);
+    ExpectIntEQ(ret, 0);
+
+    /**
+     * Cert gen.
+     * */
+    wc_InitCert(&new_cert);
+    strncpy(new_cert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
+    new_cert.sigType = CTC_SHA256wECDSA;
+    new_cert.isCA    = 1;
+
+    ret = wc_SetCustomExtension(&new_cert, 0, "1.2.3.4.5",
+                         (const byte *)"This is NOT a critical extension", 32);
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_SetCustomExtension(&new_cert, 0, "2.5.29.72", alt_pub_der,
+                alt_pub_sz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&new_cert, 0, "2.5.29.73", alt_sig_alg,
+                alt_sig_alg_sz), 0);
+
+    ret = wc_MakeCert_ex(&new_cert, der, der_sz, ECC_TYPE, &ca_key, &rng);
+    ExpectIntGT(ret, 0);
+
+    der_sz = wc_SignCert_ex(new_cert.bodySz, new_cert.sigType, der, der_sz,
+                            ECC_TYPE, &ca_key, &rng);
+    ExpectIntGT(der_sz, 0);
+
+    wc_InitDecodedCert(&d_cert, der, der_sz, 0);
+    ret = wc_ParseCert(&d_cert, CERT_TYPE, NO_VERIFY, NULL);
+    ExpectIntEQ(ret, 0);
+
+    tbs_der_sz = wc_GeneratePreTBS(&d_cert, tbs_der, tbs_der_sz);
+    ExpectIntGT(tbs_der_sz, 0);
+
+    alt_sig_sz = wc_MakeSigWithBitStr(alt_sig, alt_sig_sz,
+                                      CTC_ML_DSA_LEVEL2, tbs_der, tbs_der_sz,
+                                      ML_DSA_LEVEL2_TYPE, &alt_ca_key, &rng);
+    ExpectIntGT(alt_sig_sz, 0);
+
+    ret = wc_SetCustomExtension(&new_cert, 0, "2.5.29.74", alt_sig, alt_sig_sz);
+    ExpectIntEQ(ret, 0);
+
+    /* Finally generate the new certificate. */
+    ret = wc_MakeCert_ex(&new_cert, final_der, final_der_sz, ECC_TYPE, &ca_key,
+                         &rng);
+    ExpectIntGT(ret, 0);
+
+    final_der_sz = wc_SignCert_ex(new_cert.bodySz, new_cert.sigType, final_der,
+                                  final_der_sz, ECC_TYPE, &ca_key, &rng);
+    ExpectIntGT(final_der_sz, 0);
+
+    cm = wolfSSL_CertManagerNew();
+    ExpectNotNull(cm);
+
+    /* Load the certificate into CertManager. */
+    if (cm != NULL && final_der_sz > 0) {
+        ret = wolfSSL_CertManagerLoadCABuffer(cm, final_der, final_der_sz,
+                                              WOLFSSL_FILETYPE_ASN1);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    }
+
+    if (cm != NULL) {
+        wolfSSL_CertManagerFree(cm);
+        cm = NULL;
+    }
+
+    wc_FreeDecodedCert(&d_cert);
+    wc_ecc_free(&ca_key);
+    wc_MlDsaKey_Free(&alt_ca_key);
+    wc_FreeRng(&rng);
+
+#endif /* WOLFSSL_DUAL_ALG_CERTS && DILITHIUM and more */
     return EXPECT_RESULT();
 }
 
@@ -843,16 +1460,17 @@ static int test_wolfSSL_Method_Allocators(void)
 /*----------------------------------------------------------------------------*
  | Context
  *----------------------------------------------------------------------------*/
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 static int test_wolfSSL_CTX_new(void)
 {
     EXPECT_DECLS;
     WOLFSSL_CTX *ctx;
-    WOLFSSL_METHOD* method;
+    WOLFSSL_METHOD* method = NULL;
 
     ExpectNull(ctx = wolfSSL_CTX_new(NULL));
     ExpectNotNull(method = wolfSSLv23_server_method());
-    ExpectNotNull(ctx = wolfSSL_CTX_new(method));
+    if (method != NULL)
+        ExpectNotNull(ctx = wolfSSL_CTX_new(method));
 
     wolfSSL_CTX_free(ctx);
 
@@ -861,6 +1479,7 @@ static int test_wolfSSL_CTX_new(void)
 #endif
 
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_TLS) && \
     (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
 static int test_for_double_Free(void)
 {
@@ -1022,7 +1641,8 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
-    (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
+    (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_TLS)
     const char* testCertFile;
     const char* testKeyFile;
     WOLFSSL_CTX* ctx = NULL;
@@ -1030,24 +1650,24 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
 
     const byte cipherList[] =
     {
-        /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16,
-        /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA  */ 0xC0, 0x39,
-        /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA  */ 0xC0, 0x33,
-        /* TLS_DH_anon_WITH_AES_128_CBC_SHA  */ 0xC0, 0x34,
-        /* TLS_RSA_WITH_AES_256_CBC_SHA      */ 0xC0, 0x35,
-        /* TLS_RSA_WITH_AES_128_CBC_SHA      */ 0xC0, 0x2F,
-        /* TLS_RSA_WITH_NULL_MD5             */ 0xC0, 0x01,
-        /* TLS_RSA_WITH_NULL_SHA             */ 0xC0, 0x02,
-        /* TLS_PSK_WITH_AES_256_CBC_SHA      */ 0xC0, 0x8d,
-        /* TLS_PSK_WITH_AES_128_CBC_SHA256   */ 0xC0, 0xae,
-        /* TLS_PSK_WITH_AES_256_CBC_SHA384   */ 0xC0, 0xaf,
-        /* TLS_PSK_WITH_AES_128_CBC_SHA      */ 0xC0, 0x8c,
-        /* TLS_PSK_WITH_NULL_SHA256          */ 0xC0, 0xb0,
-        /* TLS_PSK_WITH_NULL_SHA384          */ 0xC0, 0xb1,
-        /* TLS_PSK_WITH_NULL_SHA             */ 0xC0, 0x2c,
-        /* SSL_RSA_WITH_RC4_128_SHA          */ 0xC0, 0x05,
-        /* SSL_RSA_WITH_RC4_128_MD5          */ 0xC0, 0x04,
-        /* SSL_RSA_WITH_3DES_EDE_CBC_SHA     */ 0xC0, 0x0A,
+        /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x16,
+        /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA  */ 0x00, 0x39,
+        /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA  */ 0x00, 0x33,
+        /* TLS_DH_anon_WITH_AES_128_CBC_SHA  */ 0x00, 0x34,
+        /* TLS_RSA_WITH_AES_256_CBC_SHA      */ 0x00, 0x35,
+        /* TLS_RSA_WITH_AES_128_CBC_SHA      */ 0x00, 0x2F,
+        /* TLS_RSA_WITH_NULL_MD5             */ 0x00, 0x01,
+        /* TLS_RSA_WITH_NULL_SHA             */ 0x00, 0x02,
+        /* TLS_PSK_WITH_AES_256_CBC_SHA      */ 0x00, 0x8d,
+        /* TLS_PSK_WITH_AES_128_CBC_SHA256   */ 0x00, 0xae,
+        /* TLS_PSK_WITH_AES_256_CBC_SHA384   */ 0x00, 0xaf,
+        /* TLS_PSK_WITH_AES_128_CBC_SHA      */ 0x00, 0x8c,
+        /* TLS_PSK_WITH_NULL_SHA256          */ 0x00, 0xb0,
+        /* TLS_PSK_WITH_NULL_SHA384          */ 0x00, 0xb1,
+        /* TLS_PSK_WITH_NULL_SHA             */ 0x00, 0x2c,
+        /* SSL_RSA_WITH_RC4_128_SHA          */ 0x00, 0x05,
+        /* SSL_RSA_WITH_RC4_128_MD5          */ 0x00, 0x04,
+        /* SSL_RSA_WITH_3DES_EDE_CBC_SHA     */ 0x00, 0x0A,
 
         /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
         /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     */ 0xC0, 0x14,
@@ -1215,10 +1835,45 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
 }
 
 
+static int test_wolfSSL_CTX_use_certificate(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
+    defined(WOLFSSL_HAPROXY)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    WOLFSSL_CTX* ctx = NULL;
+    X509* x509 = NULL;
+
+#ifndef NO_WOLFSSL_SERVER
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#endif
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    /* Negative tests. */
+    ExpectIntEQ(SSL_CTX_use_certificate(NULL, NULL), 0);
+    ExpectIntEQ(SSL_CTX_use_certificate(ctx, NULL), 0);
+    ExpectIntEQ(SSL_CTX_use_certificate(NULL, x509), 0);
+    /* Empty certificate */
+    ExpectIntEQ(SSL_CTX_use_certificate(ctx, x509), 0);
+
+    wolfSSL_X509_free(x509);
+    wolfSSL_CTX_free(ctx);
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_use_certificate_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX *ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
@@ -1252,11 +1907,22 @@ static int test_wolfSSL_CTX_use_certificate_file(void)
 static int test_wolfSSL_CTX_use_certificate_ASN1(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
+#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
+    /* Failure cases. */
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, NULL                ),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, NULL                ),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, server_cert_der_2048),
+       WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, server_cert_der_2048),
+       WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
         server_cert_der_2048), WOLFSSL_SUCCESS);
 
@@ -1274,14 +1940,23 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void)
 static int test_wolfSSL_CTX_use_certificate_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
-        !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
     WOLFSSL_CTX* ctx = NULL;
-    int          ret;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
-    ExpectIntEQ(ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, server_cert_der_2048,
+        0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx,
         server_cert_der_2048, sizeof_server_cert_der_2048,
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
@@ -1291,10 +1966,42 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void)
 
 } /* END test_wolfSSL_CTX_use_certificate_buffer */
 
+static int test_wolfSSL_use_certificate_buffer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && \
+    defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, NULL, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, client_cert_der_2048, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, 0,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl,
+        client_cert_der_2048, sizeof_client_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX *ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
@@ -1321,17 +2028,169 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 
     wolfSSL_CTX_free(ctx);
 #endif
-
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA)
+    WOLFSSL_CTX *ctx = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+
+    /* invalid context */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(NULL, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* invalid key file */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, bogusFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* invalid key type */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, 9999),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* success */
+#ifdef NO_RSA
+    /* rsa needed */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#else
+    /* success */
+    ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif
+
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_use_RSAPrivateKey_file(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(OPENSSL_EXTRA)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = SSL_new(ctx));
+
+    /* invalid context */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(NULL, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* invalid key file */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, bogusFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* invalid key type */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, 9999),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* success */
+#ifdef NO_RSA
+    /* rsa needed */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#else
+    /* success */
+    ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_CTX_use_PrivateKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA)
+    WOLFSSL_CTX *ctx = NULL;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    const unsigned char* p;
+
+    (void)p;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* No data. */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+#if defined(USE_CERT_BUFFERS_2048)
+#if !defined(NO_RSA)
+    p = client_key_der_2048;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
+        sizeof_client_key_der_2048));
+#if defined(WOLFSSL_KEY_GEN)
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
+#else
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
+#ifndef NO_DSA
+    p = dsa_key_der_2048;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p,
+        sizeof_dsa_key_der_2048));
+#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
+    defined(WOLFSSL_CERT_GEN))
+    /* Not supported in ProcessBuffer. */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
+#else
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */
+#if !defined(NO_DH) && defined(OPENSSL_ALL) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
+    p = dh_ffdhe_statickey_der_2048;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &p,
+        sizeof_dh_ffdhe_statickey_der_2048));
+    /* Not supported. */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+#endif /* USE_CERT_BUFFERS_2048 */
+#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
+    p = ecc_clikey_der_256;
+    ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p,
+        sizeof_ecc_clikey_der_256));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+        (unsigned char*)"01234567012345670123456701234567", 32));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
 
 /* test both file and buffer versions along with unloading trusted peer certs */
 static int test_wolfSSL_CTX_trust_peer_cert(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
-    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL* ssl = NULL;
 
@@ -1404,7 +2263,8 @@ static int test_wolfSSL_CTX_trust_peer_cert(void)
 static int test_wolfSSL_CTX_load_verify_locations(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX *ctx = NULL;
 #ifndef NO_RSA
     WOLFSSL_CERT_MANAGER* cm = NULL;
@@ -1430,13 +2290,14 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 
     /* invalid arguments */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* invalid ca file */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
-        WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE),
+                       WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 
 
 #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
@@ -1444,7 +2305,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
   !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
     /* invalid path */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
-        WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(BAD_PATH_ERROR),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 #endif
 #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
     /* test ignoring the invalid path */
@@ -1455,7 +2316,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* load ca cert */
 #ifdef NO_RSA
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
-        WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 #else /* Skip the following test without RSA certs. */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
         WOLFSSL_SUCCESS);
@@ -1464,51 +2325,51 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* Get cert cache size */
     ExpectIntGT(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), 0);
 
-    ExpectNotNull(cache = (byte*)XMALLOC(cacheSz, NULL,
+    ExpectNotNull(cache = (byte*)XMALLOC((size_t)cacheSz, NULL,
                             DYNAMIC_TYPE_TMP_BUFFER));
 
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, cacheSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, cacheSz, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, cacheSz, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, -1, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz - 10, &used),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, &used), 1);
     ExpectIntEQ(cacheSz, used);
 
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Smaller than header. */
-    ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), BUFFER_E);
+    ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), WC_NO_ERR_TRACE(BUFFER_E));
     for (i = 1; i < cacheSz; i++) {
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz - i),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
     }
     if (EXPECT_SUCCESS()) {
         /* Modify header for bad results! */
@@ -1516,22 +2377,22 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
         /* version */
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t; p++;
         /* rows */
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t; p++;
         /* columns[0] */
         t = p[0]; p[0] = -1;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            PARSE_ERROR);
+            WC_NO_ERR_TRACE(PARSE_ERROR));
         p[0] = t; p += CA_TABLE_SIZE;
         /* signerSz*/
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t;
     }
 
@@ -1539,20 +2400,20 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     ExpectIntEQ(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), used);
 
 #ifndef NO_FILESYSTEM
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, cacheFile), 1);
 
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "no-file"),
-        WOLFSSL_BAD_FILE);
+        WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, cacheFile), 1);
     /* File contents is not a cache. */
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "./certs/ca-cert.pem"),
-        CACHE_MATCH_ERROR);
+        WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
 #endif
 
     XFREE(cache, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1594,7 +2455,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 
     /* Test loading path with no files */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL,
-        load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
+        load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Test loading expired CA certificates */
     #ifdef NO_RSA
@@ -1612,7 +2474,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* Test loading CA certificates and ignoring all errors */
     #ifdef NO_RSA
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
-        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
+        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #else
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
         WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
@@ -1629,7 +2491,7 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
 {
     int res = TEST_SKIPPED;
 #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
-    (!defined(NO_RSA) || defined(HAVE_ECC))
+    !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC))
     WOLFSSL_CTX* ctx;
     byte dirValid = 0;
     int ret = 0;
@@ -1640,7 +2502,8 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
         ret = -1;
     }
     if (ret == 0) {
-    #if defined(USE_WINDOWS_API) || defined(__APPLE__)
+    #if defined(USE_WINDOWS_API) || defined(__APPLE__) || \
+        defined(NO_WOLFSSL_DIR)
         dirValid = 1;
     #else
         word32 numDirs;
@@ -1691,7 +2554,7 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
     return res;
 }
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
 static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz,
     int file_type)
 {
@@ -1704,7 +2567,7 @@ static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz,
         return -1;
     }
 
-    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
+    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, file_type);
 
     wolfSSL_CertManagerFree(cm);
 
@@ -1743,7 +2606,8 @@ static int test_cm_load_ca_file(const char* ca_cert_file)
     #if defined(WOLFSSL_PEM_TO_DER)
         if (ret == WOLFSSL_SUCCESS) {
             /* test loading DER */
-            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
+            ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer,
+                    NULL, NULL, NULL);
             if (ret == 0 && pDer != NULL) {
                 ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
                     WOLFSSL_FILETYPE_ASN1);
@@ -1771,7 +2635,7 @@ static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz,
         return -1;
     }
 
-    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type,
+    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, file_type,
                                              0, flags);
 
     wolfSSL_CertManagerFree(cm);
@@ -1812,7 +2676,8 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
     #if defined(WOLFSSL_PEM_TO_DER)
         if (ret == WOLFSSL_SUCCESS) {
             /* test loading DER */
-            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
+            ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer,
+                              NULL, NULL, NULL);
             if (ret == 0 && pDer != NULL) {
                 ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length,
                     WOLFSSL_FILETYPE_ASN1, flags);
@@ -1841,31 +2706,31 @@ static int test_wolfSSL_CertManagerAPI(void)
 
     wolfSSL_CertManagerFree(NULL);
     ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0);
-    ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_TRUST_PEER_CERT
-    ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1,
-        WOLFSSL_FILETYPE_ASN1, 0, 0), WOLFSSL_FATAL_ERROR);
+        WOLFSSL_FILETYPE_ASN1, 0, 0), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1),
-        WOLFSSL_BAD_FILETYPE);
+        WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
 #endif
 
 #if !defined(NO_FILESYSTEM)
@@ -1878,37 +2743,37 @@ static int test_wolfSSL_CertManagerAPI(void)
 
     #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
         ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert,
-            WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1),
-            WOLFSSL_BAD_FILETYPE);
+            WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file",
-            WOLFSSL_FILETYPE_ASN1), WOLFSSL_BAD_FILE);
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der,
-            WOLFSSL_FILETYPE_PEM), ASN_NO_PEM_HEADER);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
     #endif
 
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     }
 #endif
 
 #ifdef OPENSSL_COMPATIBLE_DEFAULTS
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1);
 #elif !defined(HAVE_CRL)
-    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), NOT_COMPILED_IN);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
-    ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1);
 #ifdef HAVE_CRL
     /* Test APIs when CRL is disabled. */
@@ -1921,43 +2786,43 @@ static int test_wolfSSL_CertManagerAPI(void)
 #endif
 
     /* OCSP */
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
     !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), NOT_COMPILED_IN);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), NOT_COMPILED_IN);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), NOT_COMPILED_IN);
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
 #ifdef HAVE_OCSP
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1);
@@ -1969,7 +2834,9 @@ static int test_wolfSSL_CertManagerAPI(void)
 #endif
 
     ExpectIntEQ(wolfSSL_CertManager_up_ref(cm), 1);
-    wolfSSL_CertManagerFree(cm);
+    if (EXPECT_SUCCESS()) {
+        wolfSSL_CertManagerFree(cm);
+    }
     wolfSSL_CertManagerFree(cm);
     cm = NULL;
 
@@ -2003,28 +2870,28 @@ static int test_wolfSSL_CertManagerAPI(void)
 static int test_wolfSSL_CertManagerLoadCABuffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
     int ret;
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
       !defined(NO_ASN_TIME)
-    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2035,7 +2902,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
 static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
     int ret;
@@ -2043,9 +2910,9 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE),
         1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2053,13 +2920,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert,
         WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
       !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \
       defined(OPENSSL_COMPATIBLE_DEFAULTS)
-    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2086,7 +2953,7 @@ static int test_wolfSSL_CertManagerGetCerts(void)
 #endif
     int i = 0;
     int ret = 0;
-    const byte* der;
+    const byte* der = NULL;
     int derSz = 0;
 
     ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb"));
@@ -2105,10 +2972,10 @@ static int test_wolfSSL_CertManagerGetCerts(void)
     /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
      * and full OpenSSL compatibility */
     ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-        WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
 #else
     ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-        WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 #endif
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
@@ -2142,7 +3009,7 @@ static int test_wolfSSL_CertManagerGetCerts(void)
 static int test_wolfSSL_CertManagerSetVerify(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
     WOLFSSL_CERT_MANAGER* cm = NULL;
@@ -2176,7 +3043,7 @@ static int test_wolfSSL_CertManagerSetVerify(void)
         myVerifyAction = VERIFY_FORCE_FAIL;
 
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert,
-            WOLFSSL_FILETYPE_ASN1), VERIFY_CERT_ERROR);
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(VERIFY_CERT_ERROR));
     }
 #endif
 
@@ -2252,7 +3119,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
                 WOLFSSL_FILETYPE_ASN1));
     ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
     if (EXPECT_SUCCESS() && (der != NULL)) {
-        XMEMCPY(der, pt, derSz);
+        XMEMCPY(der, pt, (size_t)derSz);
 
         /* find the name constraint extension and alter it */
         pt = der;
@@ -2281,7 +3148,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
     wolfSSL_CertManagerFree(cm);
 
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2359,7 +3226,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -2437,6 +3304,15 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
+    /* Test no name case. */
+    ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, NULL, 0, ASN_DIR_TYPE),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_altname(x509, "", ASN_DIR_TYPE),
+        WOLFSSL_SUCCESS);
+    /* IP not supported. */
+    ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE),
+        WOLFSSL_FAILURE);
+
     /* add in matching DIR alt name and resign */
     wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
@@ -2469,7 +3345,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -2495,7 +3371,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -2520,7 +3396,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -2555,7 +3431,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -2684,7 +3560,7 @@ static int test_wolfSSL_CertManagerNameConstraint3(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -2832,7 +3708,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -2857,7 +3733,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -2951,7 +3827,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -2977,7 +3853,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3003,7 +3879,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3044,79 +3920,84 @@ static int test_wolfSSL_CertManagerCRL(void)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* crl1     = "./certs/crl/crl.pem";
     const char* crl2     = "./certs/crl/crl2.pem";
+#ifdef WC_RSA_PSS
+    const char* crl_rsapss = "./certs/crl/crl_rsapss.pem";
+    const char* ca_rsapss  = "./certs/rsapss/ca-rsapss.pem";
+#endif
+    /* ./certs/crl/crl.der */
     const unsigned char crl_buff[] = {
-        0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xed, 0x02,
-        0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-        0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09,
+        0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xED, 0x02,
+        0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+        0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
+        0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
-        0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
-        0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
-        0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06,
-        0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
-        0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30,
-        0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08,
-        0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68,
+        0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F,
+        0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30,
+        0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08,
+        0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
         0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
-        0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-        0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
-        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
-        0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66,
-        0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31,
-        0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-        0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
-        0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
-        0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
-        0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36,
-        0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x17,
-        0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32,
-        0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, 0x14,
-        0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0d, 0x32,
-        0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31,
-        0x37, 0x35, 0x30, 0x5a, 0xa0, 0x0e, 0x30, 0x0c,
-        0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04,
-        0x03, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
-        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-        0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-        0x39, 0x44, 0xff, 0x39, 0xf4, 0x04, 0x45, 0x79,
-        0x7e, 0x73, 0xe2, 0x42, 0x48, 0xdb, 0x85, 0x66,
-        0xfd, 0x99, 0x76, 0x94, 0x7c, 0xb5, 0x79, 0x5d,
-        0x15, 0x71, 0x36, 0xa9, 0x87, 0xf0, 0x73, 0x05,
-        0x50, 0x08, 0x6b, 0x1c, 0x6e, 0xde, 0x96, 0x45,
-        0x31, 0xc3, 0xc0, 0xba, 0xba, 0xf5, 0x08, 0x1d,
-        0x05, 0x4a, 0x52, 0x39, 0xe9, 0x03, 0xef, 0x59,
-        0xc8, 0x1d, 0x4a, 0xf2, 0x86, 0x05, 0x99, 0x7b,
-        0x4b, 0x74, 0xf6, 0xd3, 0x75, 0x8d, 0xb2, 0x57,
-        0xba, 0xac, 0xa7, 0x11, 0x14, 0xd6, 0x6c, 0x71,
-        0xc4, 0x4c, 0x1c, 0x68, 0xbc, 0x49, 0x78, 0xf0,
-        0xc9, 0x52, 0x8a, 0xe7, 0x8b, 0x54, 0xe6, 0x20,
-        0x58, 0x20, 0x60, 0x66, 0xf5, 0x14, 0xd8, 0xcb,
-        0xff, 0xe0, 0xa0, 0x45, 0xbc, 0xb4, 0x81, 0xad,
-        0x1d, 0xbc, 0xcf, 0xf8, 0x8e, 0xa8, 0x87, 0x24,
-        0x55, 0x99, 0xd9, 0xce, 0x47, 0xf7, 0x5b, 0x4a,
-        0x33, 0x6d, 0xdb, 0xbf, 0x93, 0x64, 0x1a, 0xa6,
-        0x46, 0x5f, 0x27, 0xdc, 0xd8, 0xd4, 0xf9, 0xc2,
-        0x42, 0x2a, 0x7e, 0xb2, 0x7c, 0xdd, 0x98, 0x77,
-        0xf5, 0x88, 0x7d, 0x15, 0x25, 0x08, 0xbc, 0xe0,
-        0xd0, 0x8d, 0xf4, 0xc3, 0xc3, 0x04, 0x41, 0xa4,
-        0xd1, 0xb1, 0x39, 0x4a, 0x6b, 0x2c, 0xb5, 0x2e,
-        0x9a, 0x65, 0x43, 0x0d, 0x0e, 0x73, 0xf4, 0x06,
-        0xe1, 0xb3, 0x49, 0x34, 0x94, 0xb0, 0xb7, 0xff,
-        0xc0, 0x27, 0xc1, 0xb5, 0xea, 0x06, 0xf7, 0x71,
-        0x71, 0x97, 0xbb, 0xbc, 0xc7, 0x1a, 0x9f, 0xeb,
-        0xf6, 0x3d, 0xa5, 0x7b, 0x55, 0xa7, 0xbf, 0xdd,
-        0xd7, 0xee, 0x97, 0xb8, 0x9d, 0xdc, 0xcd, 0xe3,
-        0x06, 0xdb, 0x9a, 0x2c, 0x60, 0xbf, 0x70, 0x84,
-        0xfa, 0x6b, 0x8d, 0x70, 0x7d, 0xde, 0xe8, 0xb7,
-        0xab, 0xb0, 0x38, 0x68, 0x6c, 0xc0, 0xb1, 0xe1,
-        0xba, 0x45, 0xe0, 0xd7, 0x12, 0x3d, 0x71, 0x5b
+        0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75,
+        0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+        0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x17, 0x0D, 0x32, 0x34, 0x30, 0x31, 0x30, 0x39,
+        0x30, 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x36, 0x31, 0x30, 0x30, 0x35, 0x30,
+        0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x30, 0x14,
+        0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0D, 0x32,
+        0x34, 0x30, 0x31, 0x30, 0x39, 0x30, 0x30, 0x33,
+        0x34, 0x33, 0x30, 0x5A, 0xA0, 0x0E, 0x30, 0x0C,
+        0x30, 0x0A, 0x06, 0x03, 0x55, 0x1D, 0x14, 0x04,
+        0x03, 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09,
+        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
+        0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
+        0xB3, 0x6F, 0xED, 0x72, 0xD2, 0x73, 0x6A, 0x77,
+        0xBF, 0x3A, 0x55, 0xBC, 0x54, 0x18, 0x6A, 0x71,
+        0xBC, 0x6A, 0xCC, 0xCD, 0x5D, 0x90, 0xF5, 0x64,
+        0x8D, 0x1B, 0xF0, 0xE0, 0x48, 0x7B, 0xF2, 0x7B,
+        0x06, 0x86, 0x53, 0x63, 0x9B, 0xD8, 0x24, 0x15,
+        0x10, 0xB1, 0x19, 0x96, 0x9B, 0xD2, 0x75, 0xA8,
+        0x25, 0xA2, 0x35, 0xA9, 0x14, 0xD6, 0xD5, 0x5E,
+        0x53, 0xE3, 0x34, 0x9D, 0xF2, 0x8B, 0x07, 0x19,
+        0x9B, 0x1F, 0xF1, 0x02, 0x0F, 0x04, 0x46, 0xE8,
+        0xB8, 0xB6, 0xF2, 0x8D, 0xC7, 0xC0, 0x15, 0x3E,
+        0x3E, 0x8E, 0x96, 0x73, 0x15, 0x1E, 0x62, 0xF6,
+        0x4E, 0x2A, 0xF7, 0xAA, 0xA0, 0x91, 0x80, 0x12,
+        0x7F, 0x81, 0x0C, 0x65, 0xCC, 0x38, 0xBE, 0x58,
+        0x6C, 0x14, 0xA5, 0x21, 0xA1, 0x8D, 0xF7, 0x8A,
+        0xB9, 0x24, 0xF4, 0x2D, 0xCA, 0xC0, 0x67, 0x43,
+        0x0B, 0xC8, 0x1C, 0xB4, 0x7D, 0x12, 0x7F, 0xA2,
+        0x1B, 0x19, 0x0E, 0x94, 0xCF, 0x7B, 0x9F, 0x75,
+        0xA0, 0x08, 0x9A, 0x67, 0x3F, 0x87, 0x89, 0x3E,
+        0xF8, 0x58, 0xA5, 0x8A, 0x1B, 0x2D, 0xDA, 0x9B,
+        0xD0, 0x1B, 0x18, 0x92, 0xC3, 0xD2, 0x6A, 0xD7,
+        0x1C, 0xFC, 0x45, 0x69, 0x77, 0xC3, 0x57, 0x65,
+        0x75, 0x99, 0x9E, 0x47, 0x2A, 0x20, 0x25, 0xEF,
+        0x90, 0xF2, 0x5F, 0x3B, 0x7D, 0x9C, 0x7D, 0x00,
+        0xEA, 0x92, 0x54, 0xEB, 0x0B, 0xE7, 0x17, 0xAF,
+        0x24, 0x1A, 0xF9, 0x7C, 0x83, 0x50, 0x68, 0x1D,
+        0xDC, 0x5B, 0x60, 0x12, 0xA7, 0x52, 0x78, 0xD9,
+        0xA9, 0xB0, 0x1F, 0x59, 0x48, 0x36, 0xC7, 0xA6,
+        0x97, 0x34, 0xC7, 0x87, 0x3F, 0xAE, 0xFD, 0xA9,
+        0x56, 0x5D, 0x48, 0xCC, 0x89, 0x7A, 0x79, 0x60,
+        0x8F, 0x9B, 0x2B, 0x63, 0x3C, 0xB3, 0x04, 0x1D,
+        0x5F, 0xF7, 0x20, 0xD2, 0xFD, 0xF2, 0x51, 0xB1,
+        0x96, 0x93, 0x13, 0x5B, 0xAB, 0x74, 0x82, 0x8B
     };
 
     WOLFSSL_CERT_MANAGER* cm = NULL;
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
 
-    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm,
@@ -3124,59 +4005,59 @@ static int test_wolfSSL_CertManagerCRL(void)
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
 
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048), ASN_NO_SIGNER_E);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 
-    ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1);
 #ifdef HAVE_CRL_IO
-    ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1);
 #endif
 
 #ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* -1 seen as !WOLFSSL_FILETYPE_PEM */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* -1 seen as !WOLFSSL_FILETYPE_PEM */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
 #endif
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1);
 
     ExpectIntEQ(WOLFSSL_SUCCESS,
@@ -3187,18 +4068,32 @@ static int test_wolfSSL_CertManagerCRL(void)
         wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
     wolfSSL_CertManagerFreeCRL(cm);
 
+#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048), CRL_MISSING);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_MISSING));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), CRL_MISSING);
+        sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(CRL_MISSING));
+#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff),
         WOLFSSL_FILETYPE_ASN1), 1);
 
+#if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS)
+    /* loading should fail without the CA set */
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
+
+    /* now successfully load the RSA-PSS crl once loading in it's CA */
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+        wolfSSL_CertManagerLoadCA(cm, ca_rsapss, NULL));
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
+        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif
+
     wolfSSL_CertManagerFree(cm);
 #endif
 
@@ -3258,8 +4153,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */
         0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
         0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */
-        0x32, 0x30, 0x32, 0x33, 0x31, 0x31, 0x30, 0x38, /* 20231108 */
-        0x30, 0x30, 0x32, 0x36, 0x33, 0x37, 0x5a, 0x30, /* 002637Z0 */
+        0x32, 0x30, 0x32, 0x34, 0x31, 0x32, 0x32, 0x30, /* 20241220 */
+        0x31, 0x37, 0x30, 0x37, 0x30, 0x34, 0x5a, 0x30, /* 170704Z0 */
         0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */
         0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */
         0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */
@@ -3268,50 +4163,50 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */
         0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */
         0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */
-        0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x33, 0x31, /* ...20231 */
-        0x31, 0x30, 0x38, 0x30, 0x30, 0x32, 0x36, 0x33, /* 10800263 */
-        0x37, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 7Z....20 */
-        0x35, 0x31, 0x30, 0x33, 0x32, 0x35, 0x30, 0x30, /* 51032500 */
-        0x32, 0x36, 0x33, 0x37, 0x5a, 0xa1, 0x23, 0x30, /* 2637Z.#0 */
+        0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x31, /* ...20241 */
+        0x32, 0x32, 0x30, 0x31, 0x37, 0x30, 0x37, 0x30, /* 22017070 */
+        0x34, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 4Z....20 */
+        0x35, 0x32, 0x30, 0x35, 0x30, 0x36, 0x31, 0x37, /* 52050617 */
+        0x30, 0x37, 0x30, 0x34, 0x5a, 0xa1, 0x23, 0x30, /* 0704Z.#0 */
         0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */
         0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */
-        0x04, 0x10, 0xdb, 0xbc, 0x2a, 0x76, 0xa0, 0xb4, /* ....*v.. */
-        0x1e, 0x5d, 0xf6, 0x2b, 0x8e, 0x38, 0x62, 0xdb, /* .].+.8b. */
-        0x90, 0xed, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* ..0...*. */
+        0x04, 0x10, 0x12, 0x7c, 0x27, 0xbd, 0x22, 0x28, /* ...|'."( */
+        0x5e, 0x62, 0x81, 0xed, 0x6d, 0x2c, 0x2d, 0x59, /* ^b..m,-Y */
+        0x42, 0xd7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* B.0...*. */
         0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */
-        0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x87, 0xde, /* ........ */
-        0xfb, 0xf9, 0x3a, 0x90, 0x1f, 0x90, 0xde, 0xcf, /* ..:..... */
-        0xfe, 0xad, 0x64, 0x19, 0x34, 0x17, 0xf8, 0x15, /* ..d.4... */
-        0x01, 0x22, 0x5f, 0x67, 0x41, 0xa4, 0x18, 0xf7, /* ."_gA... */
-        0x16, 0xb7, 0xc9, 0xf3, 0xe1, 0x9f, 0xcd, 0x40, /* .......@ */
-        0x56, 0x77, 0x6e, 0x6a, 0xfb, 0x92, 0x6a, 0x6f, /* Vwnj..jo */
-        0x28, 0x3e, 0x22, 0x48, 0xa1, 0xc2, 0xd8, 0x1d, /* (>"H.... */
-        0xc7, 0xe6, 0x78, 0x7f, 0xb6, 0x09, 0xfe, 0x2c, /* ..x...., */
-        0xb5, 0xef, 0x29, 0x7c, 0xc5, 0x51, 0x16, 0x7b, /* ..)|.Q.{ */
-        0x8f, 0xfb, 0x44, 0xa8, 0xcd, 0xf5, 0x5c, 0x0f, /* ..D...\. */
-        0x46, 0x0e, 0xb1, 0xa4, 0xeb, 0x5b, 0xf5, 0x86, /* F....[.. */
-        0x11, 0x0f, 0xcd, 0xe2, 0xe5, 0x3c, 0x91, 0x72, /* .....<.r */
-        0x0d, 0x6a, 0xcb, 0x95, 0x99, 0x39, 0x91, 0x48, /* .j...9.H */
-        0x65, 0x97, 0xb9, 0x78, 0xb5, 0x88, 0x7f, 0x76, /* e..x...v */
-        0xa1, 0x43, 0x2f, 0xf6, 0x1f, 0x49, 0xb7, 0x08, /* .C/..I.. */
-        0x36, 0xe4, 0x2e, 0x34, 0x25, 0xda, 0x16, 0x74, /* 6..4%..t */
-        0x47, 0x62, 0x56, 0xff, 0x2f, 0x02, 0x03, 0x44, /* GbV./..D */
-        0x89, 0x04, 0xe7, 0xb8, 0xde, 0x0a, 0x35, 0x43, /* ......5C */
-        0xae, 0xd7, 0x54, 0xbe, 0xc3, 0x7c, 0x95, 0xa5, /* ..T..|.. */
-        0xc8, 0xe0, 0x2e, 0x52, 0xb6, 0xea, 0x99, 0x45, /* ...R...E */
-        0xfd, 0xda, 0x4b, 0xd5, 0x79, 0x07, 0x64, 0xca, /* ..K.y.d. */
-        0x64, 0xba, 0x52, 0x12, 0x62, 0x8c, 0x08, 0x9a, /* d.R.b... */
-        0x32, 0xeb, 0x85, 0x65, 0x05, 0x39, 0x07, 0x5d, /* 2..e.9.] */
-        0x39, 0x4a, 0xcf, 0xa5, 0x30, 0xf6, 0xd1, 0xf7, /* 9J..0... */
-        0x29, 0xaa, 0x23, 0x42, 0xc6, 0x85, 0x16, 0x7f, /* ).#B.... */
-        0x64, 0x16, 0xb1, 0xb0, 0x5d, 0xcd, 0x88, 0x2d, /* d...]..- */
-        0x06, 0xb0, 0xa9, 0xdf, 0xa3, 0x9f, 0x25, 0x41, /* ......%A */
-        0x89, 0x9a, 0x19, 0xe1, 0xaa, 0xcd, 0xdf, 0x51, /* .......Q */
-        0xcb, 0xa9, 0xc3, 0x7e, 0x27, 0xbc, 0x7d, 0x9b, /* ...~'.}. */
-        0x6f, 0x4d, 0x79, 0x87, 0x09, 0x3f, 0xac, 0xd2, /* oMy..?.. */
-        0x4a, 0x3b, 0xbe, 0xf8, 0x7a, 0xa4, 0x93, 0x45, /* J;..z..E */
-        0x11, 0x64, 0x40, 0xc5, 0x03, 0xc9, 0x24, 0x5b, /* .d@...$[ */
-        0xe9, 0x6d, 0xfc, 0x94, 0x08, 0xbe, 0xa0, 0x82, /* .m...... */
+        0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0xce, /* ......l. */
+        0xa8, 0xe8, 0xfe, 0xaf, 0x33, 0xe2, 0xce, 0x4e, /* ....3..N */
+        0x63, 0x8d, 0x61, 0x16, 0x0f, 0x70, 0xb2, 0x0c, /* c.a..p.. */
+        0x9a, 0xe3, 0x01, 0xd5, 0xca, 0xe5, 0x9b, 0x70, /* .......p */
+        0x81, 0x6f, 0x94, 0x09, 0xe8, 0x88, 0x98, 0x1a, /* .o...... */
+        0x67, 0xa0, 0xc2, 0xe7, 0x8f, 0x9b, 0x5f, 0x13, /* g....._. */
+        0x17, 0x8d, 0x93, 0x8c, 0x31, 0x61, 0x7d, 0x72, /* ....1a}r */
+        0x34, 0xbd, 0x21, 0x48, 0xca, 0xb2, 0xc9, 0xae, /* 4.!H.... */
+        0x28, 0x5f, 0x97, 0x19, 0xcb, 0xdf, 0xed, 0xd4, /* (_...... */
+        0x6e, 0x89, 0x30, 0x89, 0x11, 0xd1, 0x05, 0x08, /* n.0..... */
+        0x81, 0xe9, 0xa7, 0xba, 0xf7, 0x16, 0x0c, 0xbe, /* ........ */
+        0x48, 0x2e, 0xc0, 0x05, 0xac, 0x90, 0xc2, 0x35, /* H......5 */
+        0xce, 0x6c, 0x94, 0x5d, 0x2b, 0xad, 0x4f, 0x19, /* .l.]+.O. */
+        0xea, 0x7b, 0xd9, 0x4f, 0x49, 0x20, 0x8d, 0x98, /* .{.OI .. */
+        0xa9, 0xe4, 0x53, 0x6d, 0xca, 0x34, 0xdb, 0x4a, /* ..Sm.4.J */
+        0x28, 0xb3, 0x33, 0xfb, 0xfd, 0xcc, 0x4b, 0xfa, /* (.3...K. */
+        0xdb, 0x70, 0xe1, 0x96, 0xc8, 0xd4, 0xf1, 0x85, /* .p...... */
+        0x99, 0xaf, 0x06, 0xeb, 0xfd, 0x96, 0x21, 0x86, /* ......!. */
+        0x81, 0xee, 0xcf, 0xd2, 0xf4, 0x83, 0xc9, 0x1d, /* ........ */
+        0x8f, 0x42, 0xd1, 0xc1, 0xbc, 0x50, 0x0a, 0xfb, /* .B...P.. */
+        0x95, 0x39, 0x4c, 0x36, 0xa8, 0xfe, 0x2b, 0x8e, /* .9L6..+. */
+        0xc5, 0xb5, 0xe0, 0xab, 0xdb, 0xc0, 0xbf, 0x1d, /* ........ */
+        0x35, 0x4d, 0xc0, 0x52, 0xfb, 0x08, 0x04, 0x4c, /* 5M.R...L */
+        0x98, 0xf0, 0xb5, 0x5b, 0xff, 0x99, 0x74, 0xce, /* ...[..t. */
+        0xb7, 0xc9, 0xe3, 0xe5, 0x70, 0x2e, 0xd3, 0x1d, /* ....p... */
+        0x46, 0x38, 0xf9, 0x51, 0x17, 0x73, 0xd1, 0x08, /* F8.Q.s.. */
+        0x8d, 0x3d, 0x12, 0x47, 0xd0, 0x66, 0x77, 0xaf, /* .=.G.fw. */
+        0xfd, 0x4c, 0x75, 0x1f, 0xe9, 0x6c, 0xf4, 0x5a, /* .Lu..l.Z */
+        0xde, 0xec, 0x37, 0xc7, 0xc4, 0x0a, 0xbe, 0x91, /* ..7..... */
+        0xbc, 0x05, 0x08, 0x86, 0x47, 0x30, 0x2a, 0xc6, /* ....G0*. */
+        0x85, 0x4b, 0x55, 0x6c, 0xef, 0xdf, 0x2d, 0x5a, /* .KUl..-Z */
+        0xf7, 0x5b, 0xb5, 0xba, 0xed, 0x38, 0xb0, 0xcb, /* .[...8.. */
+        0xeb, 0x7e, 0x84, 0x3a, 0x69, 0x2c, 0xa0, 0x82, /* .~.:i,.. */
         0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */
         0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */
         0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */
@@ -3336,10 +4231,10 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */
         0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */
         0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */
-        0x1e, 0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, /* ...22121 */
-        0x36, 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, /* 6211750Z */
-        0x17, 0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, /* ..250911 */
-        0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, /* 211750Z0 */
+        0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, /* ...24121 */
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, /* 8212531Z */
+        0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, /* ..270914 */
+        0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, /* 212531Z0 */
         0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */
         0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */
         0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */
@@ -3433,38 +4328,38 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */
         0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */
         0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */
-        0x2f, 0xb7, 0x6b, 0xec, 0xb7, 0x12, 0x63, 0xb9, /* /.k...c. */
-        0x57, 0xdc, 0x04, 0x4d, 0x9c, 0x67, 0x74, 0x98, /* W..M.gt. */
-        0x06, 0x28, 0x68, 0x37, 0x34, 0xc2, 0x50, 0xe9, /* .(h74.P. */
-        0x2a, 0xd4, 0x1a, 0xb2, 0x32, 0x1a, 0x9d, 0x2b, /* *...2..+ */
-        0x4f, 0x23, 0x50, 0xea, 0xb4, 0x95, 0x86, 0xc3, /* O#P..... */
-        0xb9, 0x5f, 0x34, 0x3e, 0x99, 0x91, 0xa7, 0x80, /* ._4>.... */
-        0x5f, 0x6e, 0x1b, 0x6e, 0xdb, 0xe9, 0x02, 0x38, /* _n.n...8 */
-        0x6f, 0xdf, 0xc5, 0x9b, 0x0d, 0xa3, 0x1c, 0xa9, /* o....... */
-        0x15, 0x76, 0x16, 0x66, 0xa8, 0x4e, 0xfb, 0xd3, /* .v.f.N.. */
-        0x43, 0x76, 0xf1, 0x72, 0xb7, 0xd1, 0xfa, 0xee, /* Cv.r.... */
-        0x39, 0xa6, 0x96, 0xc1, 0xa2, 0x93, 0xa4, 0x9b, /* 9....... */
-        0x1e, 0x9f, 0xba, 0x71, 0x8f, 0xba, 0xbd, 0x67, /* ...q...g */
-        0x6a, 0xf2, 0x15, 0x5f, 0xf1, 0x64, 0xe7, 0xcf, /* j.._.d.. */
-        0x26, 0xb8, 0x4c, 0xc0, 0xeb, 0x85, 0x04, 0x58, /* &.L....X */
-        0xd9, 0x4a, 0x6b, 0xd9, 0x86, 0xf5, 0x80, 0x21, /* .Jk....! */
-        0xbf, 0x91, 0xc8, 0x4b, 0x9f, 0x04, 0xed, 0x57, /* ...K...W */
-        0x7a, 0xd2, 0x58, 0xac, 0x5b, 0x47, 0xaf, 0x4d, /* z.X.[G.M */
-        0x7f, 0x5b, 0x1d, 0x6d, 0x68, 0x9b, 0x84, 0x98, /* .[.mh... */
-        0x2a, 0x31, 0x02, 0x2c, 0xe9, 0x1b, 0xaf, 0x11, /* *1.,.... */
-        0x0b, 0x78, 0x49, 0xbe, 0x68, 0x68, 0xcb, 0x9c, /* .xI.hh.. */
-        0x41, 0x56, 0xe8, 0xb5, 0x59, 0xda, 0xff, 0xca, /* AV..Y... */
-        0x59, 0x99, 0x17, 0x3e, 0x11, 0x0a, 0x8f, 0x49, /* Y..>...I */
-        0x24, 0x0b, 0x81, 0x42, 0x63, 0xcd, 0x4f, 0xf6, /* $..Bc.O. */
-        0x2b, 0x9d, 0xd1, 0x79, 0x75, 0xd7, 0x4a, 0xcc, /* +..yu.J. */
-        0x4c, 0xb7, 0x2b, 0xd7, 0xe8, 0xe7, 0xd4, 0x48, /* L.+....H */
-        0x3c, 0x14, 0x3b, 0x1c, 0x28, 0xe8, 0x46, 0x7a, /* <.;.(.Fz */
-        0xdc, 0x11, 0x9d, 0x7f, 0x1c, 0xab, 0x10, 0x95, /* ........ */
-        0x17, 0xb2, 0xc7, 0x7a, 0xbb, 0x17, 0x44, 0x59, /* ...z..DY */
-        0x69, 0x8e, 0x16, 0x05, 0x94, 0x8c, 0x88, 0xd9, /* i....... */
-        0xdc, 0x9a, 0xfd, 0xf2, 0x93, 0xbe, 0x68, 0xba, /* ......h. */
-        0x3c, 0xd6, 0x2b, 0x61, 0x3a, 0x8b, 0xf7, 0x66, /* <.+a:..f */
-        0xcb, 0x54, 0xe8, 0xe4, 0xdb, 0x9f, 0xcc, 0x9e  /* .T...... */
+        0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, /* M..U.+.. */
+        0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, /* e..5.`.. */
+        0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, /* k....XW7 */
+        0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, /* ..(n.V*5 */
+        0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, /* ..>.=G!. */
+        0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, /* ......>. */
+        0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, /* ...#.V.s */
+        0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, /* .....Ki. */
+        0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, /* .:.....Y */
+        0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, /* .....L., */
+        0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, /* .W..:.2. */
+        0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, /* J.r...&i */
+        0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, /* .jLLx.<. */
+        0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, /* ....#.[' */
+        0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, /* ..\+.Mx. */
+        0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, /* k%./.... */
+        0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, /* ..D!F.4k */
+        0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, /* [...\`.. */
+        0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, /* .f..cVP} */
+        0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, /* .,/{G..X */
+        0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, /* w..' .r. */
+        0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, /* L~O.._.. */
+        0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, /* .Yz..Sw" */
+        0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, /* A....... */
+        0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, /* e..q<... */
+        0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, /* ........ */
+        0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, /* ....+.[. */
+        0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, /* (..1s\+. */
+        0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, /* `..6.... */
+        0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, /* .u.)B..A */
+        0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, /* U.p..... */
+        0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57  /* A.%..j.W */
     };
     OcspEntry entry[1];
     CertStatus status[1];
@@ -3510,7 +4405,7 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 
 #ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
-        sizeof(server_cert_der_2048)), ASN_NO_SIGNER_E);
+        sizeof(server_cert_der_2048)), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
@@ -3528,8 +4423,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 static int test_wolfSSL_CheckOCSPResponse(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
-       defined(OPENSSL_ALL)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \
+    !defined(NO_RSA) && !defined(NO_SHA)
     const char* responseFile = "./certs/ocsp/test-response.der";
     const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
     const char* responseNoInternFile =
@@ -3675,7 +4570,11 @@ static int test_wolfSSL_CheckOCSPResponse(void)
         wolfSSL_CertManagerFree(cm);
     }
 
-#if defined(WC_RSA_PSS)
+/* FIPS v2 and below don't support long salts. */
+#if defined(WC_RSA_PSS) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+     (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
+     (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
     {
         const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der";
 
@@ -3725,15 +4624,15 @@ static int test_wolfSSL_FPKI(void)
     if (f != XBADFILE)
         XFCLOSE(f);
 
-    wc_InitDecodedCert(&cert, buf, bytes, NULL);
+    wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
     ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
-    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ;
+    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL,
         DYNAMIC_TYPE_TMP_BUFFER));
     ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
     XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
     ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
     XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3760,7 +4659,7 @@ static int test_wolfSSL_OtherName(void)
     if (f != XBADFILE)
         XFCLOSE(f);
 
-    wc_InitDecodedCert(&cert, buf, bytes, NULL);
+    wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
     ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
     wc_FreeDecodedCert(&cert);
 #endif
@@ -3768,6 +4667,7 @@ static int test_wolfSSL_OtherName(void)
     return EXPECT_RESULT();
 }
 
+#ifdef HAVE_CERT_CHAIN_VALIDATION
 static int test_wolfSSL_CertRsaPss(void)
 {
     EXPECT_DECLS;
@@ -3805,7 +4705,7 @@ static int test_wolfSSL_CertRsaPss(void)
         XFCLOSE(f);
         f = XBADFILE;
     }
-    wc_InitDecodedCert(&cert, buf, bytes, NULL);
+    wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
     ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
     wc_FreeDecodedCert(&cert);
 
@@ -3815,7 +4715,7 @@ static int test_wolfSSL_CertRsaPss(void)
     ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
     if (f != XBADFILE)
         XFCLOSE(f);
-    wc_InitDecodedCert(&cert, buf, bytes, NULL);
+    wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
     ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
     wc_FreeDecodedCert(&cert);
 #endif
@@ -3825,12 +4725,13 @@ static int test_wolfSSL_CertRsaPss(void)
 
     return EXPECT_RESULT();
 }
+#endif
 
 static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     WOLFSSL_CTX* ctx = NULL;
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
@@ -3862,9 +4763,9 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    defined(USE_CERT_BUFFERS_2048)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx;
     const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
     byte ca_expired_cert[TWOK_BUF];
@@ -3878,11 +4779,13 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 #endif
     ExpectNotNull(ctx);
 
+#if defined(USE_CERT_BUFFERS_2048)
     /* test good CA */
     ExpectTrue(WOLFSSL_SUCCESS ==
         wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
             sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
             WOLFSSL_LOAD_FLAG_NONE));
+#endif
 
     /* load expired CA */
     XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
@@ -3909,8 +4812,17 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
             sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
             WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
 
+    /* Fail when ctx is NULL. */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(NULL, ca_expired_cert,
+            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
+            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Load as modified cert - bad initial length. */
+    ca_expired_cert[2] = 0x7f;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
+            sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 1,
+            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
 
     return EXPECT_RESULT();
@@ -3920,7 +4832,8 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
-    defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \
+    defined(USE_CERT_BUFFERS_2048) && (WOLFSSL_MIN_RSA_BITS <= 1024) && \
+    !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
 
@@ -3930,9 +4843,10 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
   #endif
 
-    ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format(
-        ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der,
-        WOLFSSL_FILETYPE_ASN1));
+    /* Public key 140 bytes??? */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
+        ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1),
+        WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
 #endif
@@ -3944,7 +4858,8 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
-    defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+    defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX*        ctx;
     WOLFSSL*            ssl = NULL;
     const char *certChain[] = {
@@ -3961,9 +4876,29 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0);
+    ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, x509), 0);
+    ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 0);
+    ExpectIntEQ(SSL_add0_chain_cert(ssl, x509), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) {
         ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert,
             WOLFSSL_FILETYPE_PEM));
+
+        /* Do negative tests once */
+        if (cert == certChain) {
+            /* Negative tests. */
+            ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, x509), 0);
+            ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, NULL), 0);
+            ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, x509), 0);
+        }
+
         ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
         X509_free(x509);
         x509 = NULL;
@@ -3971,6 +4906,18 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
     for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) {
         ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert,
             WOLFSSL_FILETYPE_PEM));
+
+        /* Do negative tests once */
+        if (cert == certChain) {
+            /* Negative tests. */
+            ExpectIntEQ(SSL_add1_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_add1_chain_cert(ssl, NULL), 0);
+            ExpectIntEQ(SSL_add1_chain_cert(NULL, x509), 0);
+            ExpectIntEQ(SSL_add0_chain_cert(NULL, NULL), 0);
+            ExpectIntEQ(SSL_add0_chain_cert(ssl, NULL), 0);
+            ExpectIntEQ(SSL_add0_chain_cert(NULL, x509), 0);
+        }
+
         ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
         X509_free(x509);
         x509 = NULL;
@@ -3987,25 +4934,99 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) && \
+    (!defined(NO_FILESYSTEM) || defined(USE_CERT_BUFFERS_2048))
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+#ifndef NO_FILESYSTEM
+    const char* cert = "./certs/server-cert.pem";
+    unsigned char* buf = NULL;
+    size_t len = 0;
+
+    ExpectIntEQ(load_file(cert, &buf, &len), 0);
+#endif
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Invalid parameters. */
+#ifndef NO_FILESYSTEM
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL,
+        NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
+        NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf,
+        (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf,
+        (sword32)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len),
+        WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (sword32)len),
+        WOLFSSL_SUCCESS);
+#endif /* !NO_FILESYSTEM */
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#ifndef NO_FILESYSTEM
+    if (buf != NULL) {
+        free(buf);
+    }
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     const char* server_chain_der = "./certs/server-cert-chain.der";
     const char* client_single_pem = "./certs/client-cert.pem";
-    WOLFSSL_CTX* ctx;
+    WOLFSSL_CTX* ctx = NULL;
 
     (void)server_chain_der;
     (void)client_single_pem;
     (void)ctx;
 
   #ifndef NO_WOLFSSL_CLIENT
-    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
   #else
-    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
   #endif
-    ExpectNotNull(ctx);
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
         server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -4017,12 +5038,60 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_use_certificate_chain_file(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
+    const char* server_chain_der = "./certs/server-cert-chain.der";
+    const char* client_single_pem = "./certs/client-cert.pem";
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+    (void)server_chain_der;
+    (void)client_single_pem;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Invalid parameters. */
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, NULL,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, NULL,
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL,
+       server_chain_der, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
+        server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
+        client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem),
+        WOLFSSL_SUCCESS);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_SetTmpDH_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    const char* dsaParamFile = "./certs/dsaparams.pem";
+#endif
 
     (void)ctx;
 
@@ -4046,6 +5115,10 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
                 WOLFSSL_FILETYPE_PEM));
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
+                WOLFSSL_FILETYPE_PEM));
+#endif
 
     wolfSSL_CTX_free(ctx);
 #endif
@@ -4055,7 +5128,7 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
 static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && \
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
 
@@ -4073,11 +5146,17 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
     /* invalid dhParamFile file */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
                 0, WOLFSSL_FILETYPE_ASN1));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, NULL,
+                0, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dsa_key_der_2048, sizeof_dsa_key_der_2048,
                 WOLFSSL_FILETYPE_ASN1));
 
+    /* invalid file format */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
+                dh_key_der_2048, sizeof_dh_key_der_2048, -1));
+
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dh_key_der_2048, sizeof_dh_key_der_2048,
@@ -4091,7 +5170,7 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
 static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && \
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx;
 
@@ -4106,7 +5185,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
@@ -4117,7 +5196,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dh_key_der_2048, sizeof_dh_key_der_2048,
                 WOLFSSL_FILETYPE_ASN1));
 
@@ -4136,6 +5215,7 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \
+    !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
     const char* derCert = "./certs/server-cert.der";
@@ -4145,7 +5225,7 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 
     /* der load Case 1 ctx NULL */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
   #ifndef NO_WOLFSSL_CLIENT
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -4155,16 +5235,16 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 
     /* Case 2 filePath NULL */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 3 invalid format */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
-                WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 4 filePath not valid */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 5 filePath empty */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_RSA
     /* Case 6 success case */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
@@ -4180,31 +5260,31 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 static int test_wolfSSL_CTX_enable_disable(void)
 {
     EXPECT_DECLS;
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
 
   #ifdef HAVE_CRL
-    ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #ifdef HAVE_OCSP
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
       defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #ifndef NO_WOLFSSL_CLIENT
 
     #ifdef HAVE_EXTENDED_MASTER
-    ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 
@@ -4242,7 +5322,7 @@ static int test_wolfSSL_CTX_enable_disable(void)
     #endif
         wolfSSL_CTX_free(ctx);
   #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* NO_CERTS */
+#endif /* !NO_CERTS && !NO_CERTS */
 
     return EXPECT_RESULT();
 }
@@ -4250,7 +5330,8 @@ static int test_wolfSSL_CTX_enable_disable(void)
 static int test_wolfSSL_CTX_ticket_API(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     void *userCtx = (void*)"this is my ctx";
 
@@ -4263,14 +5344,14 @@ static int test_wolfSSL_CTX_ticket_API(void)
 
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
     ExpectNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
-#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
+#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER && !NO_TLS */
     return EXPECT_RESULT();
 }
 
 static int test_wolfSSL_set_minmax_proto_version(void)
 {
     EXPECT_DECLS;
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) && !defined(NO_TLS)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
 
@@ -4280,14 +5361,14 @@ static int test_wolfSSL_set_minmax_proto_version(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
 
     wolfSSL_free(ssl);
@@ -4297,8 +5378,8 @@ static int test_wolfSSL_set_minmax_proto_version(void)
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
-    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
 
@@ -4365,8 +5446,9 @@ static int test_wolfSSL_CTX_set_max_proto_version(void)
 static int test_server_wolfSSL_new(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-        !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_RSA)
+
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_CTX *ctx_nocert = NULL;
     WOLFSSL *ssl = NULL;
@@ -4401,8 +5483,9 @@ static int test_server_wolfSSL_new(void)
 static int test_client_wolfSSL_new(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-        !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
+
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_CTX *ctx_nocert = NULL;
     WOLFSSL *ssl = NULL;
@@ -4434,10 +5517,15 @@ static int test_client_wolfSSL_new(void)
 static int test_wolfSSL_SetTmpDH_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
-        !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_DH)
+
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
+    const char* dhX942ParamFile = "./certs/x942dh2048.pem";
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    const char* dsaParamFile = "./certs/dsaparams.pem";
+#endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #ifndef NO_RSA
@@ -4476,6 +5564,12 @@ static int test_wolfSSL_SetTmpDH_file(void)
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
                 WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile,
+                WOLFSSL_FILETYPE_PEM));
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
+                WOLFSSL_FILETYPE_PEM));
+#endif
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
@@ -4487,7 +5581,8 @@ static int test_wolfSSL_SetTmpDH_file(void)
 static int test_wolfSSL_SetTmpDH_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_DH)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
 
@@ -4505,6 +5600,8 @@ static int test_wolfSSL_SetTmpDH_buffer(void)
     /* invalid dhParamFile file */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
                 0, WOLFSSL_FILETYPE_ASN1));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, NULL, 0,
+                WOLFSSL_FILETYPE_ASN1));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
                 sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
@@ -4522,7 +5619,8 @@ static int test_wolfSSL_SetTmpDH_buffer(void)
 static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_DH)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_CTX *ctx2 = NULL;
     WOLFSSL *ssl = NULL;
@@ -4543,7 +5641,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
     ExpectNotNull(ssl2 = wolfSSL_new(ctx2));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
@@ -4551,7 +5649,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
@@ -4562,7 +5660,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     wolfSSL_free(ssl2);
@@ -4581,7 +5679,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
 static int test_wolfSSL_SetMinVersion(void)
 {
     int                 res = TEST_SKIPPED;
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     int                 failFlag = WOLFSSL_SUCCESS;
     WOLFSSL_CTX*        ctx = NULL;
     WOLFSSL*            ssl = NULL;
@@ -4620,6 +5718,90 @@ static int test_wolfSSL_SetMinVersion(void)
 
 
 #ifdef OPENSSL_EXTRA
+static int test_EC25519(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519) && defined(WOLFSSL_KEY_GEN)
+    byte         priv[CURVE25519_KEYSIZE];
+    unsigned int privSz = CURVE25519_KEYSIZE;
+    byte         pub[CURVE25519_KEYSIZE];
+    unsigned int pubSz = CURVE25519_KEYSIZE;
+    byte         priv2[CURVE25519_KEYSIZE];
+    unsigned int priv2Sz = CURVE25519_KEYSIZE;
+    byte         pub2[CURVE25519_KEYSIZE];
+    unsigned int pub2Sz = CURVE25519_KEYSIZE;
+    byte         shared[CURVE25519_KEYSIZE];
+    unsigned int sharedSz = CURVE25519_KEYSIZE;
+    byte         shared2[CURVE25519_KEYSIZE];
+    unsigned int shared2Sz = CURVE25519_KEYSIZE;
+
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = CURVE25519_KEYSIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = CURVE25519_KEYSIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 1);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv2, &priv2Sz, pub2, &pub2Sz),
+        1);
+    ExpectIntEQ(privSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pubSz, CURVE25519_KEYSIZE);
+
+    /* Bad parameter testing of shared key. */
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL,      NULL, NULL, privSz,
+        NULL,  pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, NULL, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared,      NULL, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    /*   Bad length. */
+    sharedSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    sharedSz = CURVE25519_KEYSIZE;
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    privSz = CURVE25519_KEYSIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    pubSz = CURVE25519_KEYSIZE;
+
+    /* Good case of shared key. */
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+        pub2, pub2Sz), 1);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared2, &shared2Sz, priv2, priv2Sz,
+        pub, pubSz), 1);
+    ExpectIntEQ(sharedSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(shared2Sz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0);
+#endif /* HAVE_CURVE25519 && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+}
+
 static int test_ED25519(void)
 {
     EXPECT_DECLS;
@@ -4636,25 +5818,189 @@ static int test_ED25519(void)
     unsigned int sigSz = (unsigned int)sizeof(sig);
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
 
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL,  pub,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = ED25519_PRV_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = ED25519_PUB_KEY_SIZE;
+
+    /* Good case of generating key. */
     ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
-        WOLFSSL_SUCCESS);
+        1);
     ExpectIntEQ(privSz, ED25519_PRV_KEY_SIZE);
     ExpectIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
 
 #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
+    /* Bad parameter testing of signing. */
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, priv, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, sig,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, priv, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz,  NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz,  sig,
+          NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
     ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), WOLFSSL_SUCCESS);
+        &sigSz), 0);
+    privSz = ED25519_PRV_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 0);
+    sigSz = ED25519_SIG_SIZE;
+
+    /* Good case of signing. */
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 1);
     ExpectIntEQ(sigSz, ED25519_SIG_SIZE);
 
 #ifdef HAVE_ED25519_VERIFY
+    /* Bad parameter testing of verification. */
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen,  pub, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    /*   Bad length. */
+    pubSz = 1;
     ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), WOLFSSL_SUCCESS);
+        sigSz), 0);
+    pubSz = ED25519_PUB_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+    sigSz = ED25519_SIG_SIZE;
+
+    /* Good case of verification. */
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 1);
+    /* Bad signature. */
+    if (EXPECT_SUCCESS()) {
+        sig[1] ^= 0x80;
+    }
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
 #endif /* HAVE_ED25519_VERIFY */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
 #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
     return EXPECT_RESULT();
 }
 
+static int test_EC448(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448) && defined(WOLFSSL_KEY_GEN)
+    byte         priv[CURVE448_KEY_SIZE];
+    unsigned int privSz = CURVE448_KEY_SIZE;
+    byte         pub[CURVE448_KEY_SIZE];
+    unsigned int pubSz = CURVE448_KEY_SIZE;
+    byte         priv2[CURVE448_KEY_SIZE];
+    unsigned int priv2Sz = CURVE448_KEY_SIZE;
+    byte         pub2[CURVE448_KEY_SIZE];
+    unsigned int pub2Sz = CURVE448_KEY_SIZE;
+    byte         shared[CURVE448_KEY_SIZE];
+    unsigned int sharedSz = CURVE448_KEY_SIZE;
+    byte         shared2[CURVE448_KEY_SIZE];
+    unsigned int shared2Sz = CURVE448_KEY_SIZE;
+
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = CURVE448_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = CURVE448_KEY_SIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 1);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), 1);
+    ExpectIntEQ(privSz, CURVE448_KEY_SIZE);
+    ExpectIntEQ(pubSz, CURVE448_KEY_SIZE);
+
+    /* Bad parameter testing of shared key. */
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL,      NULL, NULL, privSz,
+        NULL,  pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, NULL, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared,      NULL, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    /*   Bad length. */
+    sharedSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    sharedSz = CURVE448_KEY_SIZE;
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    privSz = CURVE448_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    pubSz = CURVE448_KEY_SIZE;
+
+    /* Good case of shared key. */
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+        pub2, pub2Sz), 1);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared2, &shared2Sz, priv2, priv2Sz,
+        pub, pubSz), 1);
+    ExpectIntEQ(sharedSz, CURVE448_KEY_SIZE);
+    ExpectIntEQ(shared2Sz, CURVE448_KEY_SIZE);
+    ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0);
+#endif /* HAVE_CURVE448 && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+}
+
 static int test_ED448(void)
 {
     EXPECT_DECLS;
@@ -4671,19 +6017,99 @@ static int test_ED448(void)
     unsigned int sigSz = (unsigned int)sizeof(sig);
 #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
 
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
-        WOLFSSL_SUCCESS);
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL,  pub,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = ED448_PRV_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = ED448_PUB_KEY_SIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 1);
     ExpectIntEQ(privSz, ED448_PRV_KEY_SIZE);
     ExpectIntEQ(pubSz, ED448_PUB_KEY_SIZE);
 
 #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
+    /* Bad parameter testing of signing. */
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, priv, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, sig,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, priv, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz,  NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz,  sig,
+          NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
     ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), WOLFSSL_SUCCESS);
+        &sigSz), 0);
+    privSz = ED448_PRV_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 0);
+    sigSz = ED448_SIG_SIZE;
+
+    /* Good case of signing. */
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 1);
     ExpectIntEQ(sigSz, ED448_SIG_SIZE);
 
 #ifdef HAVE_ED448_VERIFY
+   /* Bad parameter testing of verification. */
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen,  pub, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    /*   Bad length. */
+    pubSz = 1;
     ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), WOLFSSL_SUCCESS);
+        sigSz), 0);
+    pubSz = ED448_PUB_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+    sigSz = ED448_SIG_SIZE;
+
+    /* Good case of verification. */
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 1);
+    /* Bad signature. */
+    if (EXPECT_SUCCESS()) {
+        sig[1] ^= 0x80;
+    }
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
 #endif /* HAVE_ED448_VERIFY */
 #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
 #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
@@ -4705,7 +6131,7 @@ static int test_wolfSSL_EVP_PKEY_print_public(void)
     WOLFSSL_EVP_PKEY* pkey = NULL;
     char line[256] = { 0 };
     char line1[256] = { 0 };
-    int i;
+    int i = 0;
 
     /* test error cases */
     ExpectIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);
@@ -5616,7 +7042,7 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
     ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
 
     ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     EVP_CIPHER_CTX_free(ctx);
     /* test EVP_CIPHER_CTX_cleanup with NULL */
@@ -5633,15 +7059,10 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
 #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
-    #ifdef WC_SHA512_DIGEST_SIZE
-        #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
-    #else
-        #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
-    #endif
-    byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
-    byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
-    byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
-    byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
+    byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */
+    byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */
+    byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */
+    byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */
 #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
 
 /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
@@ -5792,15 +7213,17 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
     return read_sz;
 }
 
-static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
+int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 {
-    EXPECT_DECLS;
+    EXPECT_DECLS_NO_MSGS(-2000);
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     int c_sharedCtx = 0;
     int s_sharedCtx = 0;
 #endif
-    const char* certFile = svrCertFile;
-    const char* keyFile = svrKeyFile;
+    const char* clientCertFile = cliCertFile;
+    const char* clientKeyFile = cliKeyFile;
+    const char* serverCertFile = svrCertFile;
+    const char* serverKeyFile = svrKeyFile;
 
     /********************************
      * Create WOLFSSL_CTX for client.
@@ -5832,13 +7255,19 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     else
         ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->c_ctx,
                 caCertFile, 0), WOLFSSL_SUCCESS);
+    if (ctx->c_cb.certPemFile != NULL) {
+        clientCertFile = ctx->c_cb.certPemFile;
+    }
+    if (ctx->c_cb.keyPemFile != NULL) {
+        clientKeyFile = ctx->c_cb.keyPemFile;
+    }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!c_sharedCtx)
 #endif
     {
         ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx,
-            cliCertFile), WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, cliKeyFile,
+            clientCertFile), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, clientKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
 #ifdef HAVE_CRL
@@ -5905,23 +7334,23 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     wolfSSL_CTX_set_default_passwd_cb(ctx->s_ctx, PasswordCallBack);
 #endif
     if (ctx->s_cb.certPemFile != NULL) {
-        certFile = ctx->s_cb.certPemFile;
+        serverCertFile = ctx->s_cb.certPemFile;
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!s_sharedCtx)
 #endif
     {
         ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->s_ctx,
-            certFile), WOLFSSL_SUCCESS);
+            serverCertFile), WOLFSSL_SUCCESS);
     }
     if (ctx->s_cb.keyPemFile != NULL) {
-        keyFile = ctx->s_cb.keyPemFile;
+        serverKeyFile = ctx->s_cb.keyPemFile;
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!s_sharedCtx)
 #endif
     {
-        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, keyFile,
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, serverKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
     if (ctx->s_ciphers != NULL) {
@@ -5945,9 +7374,9 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
         )
     {
-        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl, cliCertFile),
-            WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, cliKeyFile,
+        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl,
+                clientCertFile), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, clientKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
     if (ctx->c_cb.ssl_ready != NULL) {
@@ -5966,9 +7395,9 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
         )
     {
-        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl, certFile),
-            WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, keyFile,
+        ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl,
+                serverCertFile), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, serverKeyFile,
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     }
 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
@@ -5984,7 +7413,7 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     return EXPECT_RESULT();
 }
 
-static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
+int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
     int* rounds)
 {
     int handshake_complete = 0;
@@ -6010,6 +7439,9 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                 err = wolfSSL_get_error(ctx->c_ssl, ret);
                 if (err != WOLFSSL_ERROR_WANT_READ &&
                     err != WOLFSSL_ERROR_WANT_WRITE) {
+                    char buff[WOLFSSL_MAX_ERROR_SZ];
+                    fprintf(stderr, "error = %d, %s\n", err,
+                        wolfSSL_ERR_error_string((word32)err, buff));
                     failing_c = 1;
                     hs_c = 1;
                     if (failing_c && failing_s) {
@@ -6029,6 +7461,9 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                 err = wolfSSL_get_error(ctx->s_ssl, ret);
                 if (err != WOLFSSL_ERROR_WANT_READ &&
                     err != WOLFSSL_ERROR_WANT_WRITE) {
+                    char buff[WOLFSSL_MAX_ERROR_SZ];
+                    fprintf(stderr, "error = %d, %s\n", err,
+                        wolfSSL_ERR_error_string((word32)err, buff));
                     failing_s = 1;
                     hs_s = 1;
                     if (failing_c && failing_s) {
@@ -6044,7 +7479,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
         }
     }
 
-    if (!handshake_complete) {
+    if (!handshake_complete || failing_c || failing_s) {
         return TEST_FAIL;
     }
 
@@ -6053,7 +7488,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
 
 static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
 {
-    EXPECT_DECLS;
+    EXPECT_DECLS_NO_MSGS(-3000);
     char input[1024];
     int idx = 0;
     const char* msg_c = "hello wolfssl!";
@@ -6098,7 +7533,7 @@ static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
     return EXPECT_RESULT();
 }
 
-static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
+void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
 {
     ctx->c_cb.last_err = wolfSSL_get_error(ctx->c_ssl, 0);
     ctx->s_cb.last_err = wolfSSL_get_error(ctx->s_ssl, 0);
@@ -6112,14 +7547,20 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
     wolfSSL_shutdown(ctx->c_ssl);
     wolfSSL_free(ctx->s_ssl);
     wolfSSL_free(ctx->c_ssl);
-    if (!ctx->s_cb.isSharedCtx) {
-        wolfSSL_CTX_free(ctx->s_ctx);
-        ctx->s_ctx = NULL;
+    if (ctx->c_cb.on_ctx_cleanup != NULL) {
+        ctx->c_cb.on_ctx_cleanup(ctx->c_ctx);
     }
     if (!ctx->c_cb.isSharedCtx) {
         wolfSSL_CTX_free(ctx->c_ctx);
         ctx->c_ctx = NULL;
     }
+    if (ctx->s_cb.on_ctx_cleanup != NULL) {
+        ctx->s_cb.on_ctx_cleanup(ctx->s_ctx);
+    }
+    if (!ctx->s_cb.isSharedCtx) {
+        wolfSSL_CTX_free(ctx->s_ctx);
+        ctx->s_ctx = NULL;
+    }
 
     if (!ctx->s_cb.ticNoInit) {
 #if defined(HAVE_SESSION_TICKET) && \
@@ -6136,7 +7577,14 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
 int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
     test_ssl_cbf* server_cb, cbType client_on_handshake)
 {
-    EXPECT_DECLS;
+    /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used
+     * for numerous but varied expected-to-fail scenarios that should not emit
+     * error messages on the expected failures.  Instead, we return a distinct
+     * code for each failure point, allowing the caller to assert on a
+     * particular mode of expected failure.  On success, the usual TEST_SUCCESS
+     * is returned.
+     */
+    EXPECT_DECLS_NO_MSGS(-1000);
     struct test_ssl_memio_ctx test_ctx;
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
     size_t msg_len;
@@ -6148,8 +7596,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
 
     test_ctx.c_ctx = client_cb->ctx;
     test_ctx.s_ctx = server_cb->ctx;
-    test_ctx.c_cb.return_code = TEST_FAIL;
-    test_ctx.s_cb.return_code = TEST_FAIL;
+    test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
+    test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
 
     ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
     ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
@@ -6167,14 +7615,14 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
             TEST_SUCCESS);
     }
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
-    XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
+    XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE);
     msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2,
-        MD_MAX_SIZE);
+        WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
 
-    XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
+    XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE);
     msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1,
-        MD_MAX_SIZE);
+        WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
 #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
 
@@ -6234,7 +7682,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
@@ -6252,7 +7700,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -6521,29 +7969,29 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_negotiate(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_accept failed");*/
         goto done;
     }
 
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
-    XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
+    XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, WC_MAX_DIGEST_SIZE);
     AssertIntGE(msg_len, 0);
 
-    XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
+    XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_finished(ssl, server_side_msg1, WC_MAX_DIGEST_SIZE);
     AssertIntGE(msg_len, 0);
 #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
 
@@ -6612,8 +8060,8 @@ done:
     !defined(WOLFSSL_NO_TLS12)
 static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
 {
-    SOCKET_T sockfd = 0;
-    SOCKET_T clientfd = 0;
+    SOCKET_T sockfd;
+    SOCKET_T clientfd = -1;
     word16 port;
 
     callback_functions* cbf;
@@ -6746,14 +8194,14 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_accept(ssl);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             char buff[WOLFSSL_MAX_ERROR_SZ];
             fprintf(stderr, "error = %d, %s\n", err,
@@ -6776,6 +8224,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         wolfSSL_shutdown(ssl);
         wolfSSL_free(ssl); ssl = NULL;
         CloseSocket(clientfd);
+        clientfd = -1;
 
         count++;
     }
@@ -6793,7 +8242,8 @@ done:
     if (!sharedCtx)
         wolfSSL_CTX_free(ctx);
 
-    CloseSocket(clientfd);
+    if (clientfd != SOCKET_INVALID)
+        CloseSocket(clientfd);
 
 #ifdef WOLFSSL_TIRTOS
     fdCloseSession(Task_self());
@@ -6898,6 +8348,13 @@ static int test_client_nofail(void* args, cbType cb)
         goto done;
     }
 
+#ifdef WOLFSSL_SRTP
+    /* make sure that NULL (error condition) returns 1 */
+    if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, NULL) != 1) {
+         goto done;
+    }
+#endif
+
 #ifdef HAVE_CRL
     if (cbf != NULL && cbf->crlPemFile != NULL) {
         if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS)
@@ -6940,6 +8397,13 @@ static int test_client_nofail(void* args, cbType cb)
         goto done;
     }
 
+#ifdef WOLFSSL_SRTP
+    /* make sure that NULL (error condition) returns 1 */
+    if (wolfSSL_set_tlsext_use_srtp(ssl, NULL) != 1) {
+         goto done;
+    }
+#endif
+
     if (!doUdp) {
         if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
             /*err_sys("SSL_set_fd failed");*/
@@ -6967,18 +8431,18 @@ static int test_client_nofail(void* args, cbType cb)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_negotiate(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_connect failed");*/
         goto done;
     }
@@ -6988,7 +8452,7 @@ static int test_client_nofail(void* args, cbType cb)
     cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
     cipherName1 = wolfSSL_get_cipher_name(ssl);
     cipherName2 = wolfSSL_get_cipher_name_from_suite(
-        (cipherSuite >> 8), cipherSuite & 0xFF);
+        (byte)(cipherSuite >> 8), cipherSuite & 0xFF);
     AssertStrEQ(cipherName1, cipherName2);
 
     /* IANA Cipher Suites Names */
@@ -7001,7 +8465,7 @@ static int test_client_nofail(void* args, cbType cb)
 #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
     !defined(WOLFSSL_QT)
     cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
-            (cipherSuite >> 8), cipherSuite & 0xFF);
+            (byte)(cipherSuite >> 8), cipherSuite & 0xFF);
     AssertStrEQ(cipherName1, cipherName2);
 #endif
 
@@ -7184,7 +8648,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     if (ssl == NULL) {
         goto done;
     }
-    /* keep handshake resources for re-using WOLFSSL obj */
+    /* keep handshake resources for reusing WOLFSSL obj */
     wolfSSL_KeepArrays(ssl);
     if (wolfSSL_KeepHandshakeResources(ssl)) {
         /* err_sys("SSL_KeepHandshakeResources failed"); */
@@ -7218,14 +8682,14 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -7248,7 +8712,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
         fprintf(stderr, "Server response: %s\n", reply);
     }
 
-    /* Session Resumption by re-using WOLFSSL object */
+    /* Session Resumption by reusing WOLFSSL object */
     wolfSSL_set_quiet_shutdown(ssl, 1);
     if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
         /* err_sys ("SSL shutdown failed"); */
@@ -7282,14 +8746,14 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -7537,18 +9001,18 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_accept(ssl);
         err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "accept error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_accept failed");*/
     }
     else {
@@ -7557,14 +9021,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             idx = wolfSSL_read(ssl, input, sizeof(input)-1);
             err = wolfSSL_get_error(ssl, idx);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (idx > 0) {
             input[idx] = 0;
             fprintf(stderr, "Client message: %s\n", input);
@@ -7575,14 +9039,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_write(ssl, msg, len);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (len != ret) {
             goto cleanup;
         }
@@ -7755,18 +9219,18 @@ static void run_wolfssl_client(void* args)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_connect failed");*/
     }
     else {
@@ -7775,14 +9239,14 @@ static void run_wolfssl_client(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_write(ssl, msg, len);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (len != ret)
             goto cleanup;
 
@@ -7791,14 +9255,14 @@ static void run_wolfssl_client(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_read(ssl, input, sizeof(input)-1);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret > 0) {
             input[ret] = '\0'; /* null term */
             fprintf(stderr, "Server response: %s\n", input);
@@ -7883,12 +9347,51 @@ static int test_wolfSSL_read_write(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_read_write_ex(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char *test_str = "test";
+    int test_str_size;
+    size_t count;
+    byte buf[255];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfSSLv23_client_method, wolfSSLv23_server_method), 0);
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    test_str_size = XSTRLEN("test") + 1;
+    ExpectIntEQ(wolfSSL_write_ex(ssl_c, test_str, test_str_size, &count),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(count, test_str_size);
+    count = 0;
+    ExpectIntEQ(wolfSSL_read_ex(ssl_s, buf, sizeof(buf), &count), WOLFSSL_SUCCESS);
+    ExpectIntEQ(count, test_str_size);
+    ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0);
+
+
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+    return TEST_SUCCESS;
+}
+
 static int test_wolfSSL_reuse_WOLFSSLobj(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
     !defined(WOLFSSL_NO_TLS12)
-    /* The unit test for session resumption by re-using WOLFSSL object.
+    /* The unit test for session resumption by reusing WOLFSSL object.
      * WOLFSSL object is not cleared after first session. It reuse the object
      * for second connection.
     */
@@ -7943,13 +9446,12 @@ static int test_wolfSSL_reuse_WOLFSSLobj(void)
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
-    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
 static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     wolfSSL_CTX_set_verify_depth(ctx, 2);
     return TEST_SUCCESS;
 }
@@ -7958,8 +9460,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready(
 static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
-    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
     test_ssl_cbf client_cbf;
     test_ssl_cbf server_cbf;
 
@@ -7978,14 +9479,12 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void)
 
     ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
-#endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
-        * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
+#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
-    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
 static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
@@ -7999,8 +9498,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready(
 static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
-    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
     test_ssl_cbf client_cbf;
     test_ssl_cbf server_cbf;
 
@@ -8023,19 +9521,17 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void)
 
     ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
-#endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
-        * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
+#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
-    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
 static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     wolfSSL_CTX_set_verify_depth(ctx, 0);
     return TEST_SUCCESS;
 }
@@ -8044,8 +9540,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready(
 static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
-    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
     test_ssl_cbf client_cbf;
     test_ssl_cbf server_cbf;
 
@@ -8064,21 +9559,20 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
      * therefore, handshake becomes failure.
      */
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-        &server_cbf, NULL), TEST_FAIL);
+        &server_cbf, NULL), -1001);
 
-    ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
-    ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
-    ExpectIntEQ(client_cbf.last_err, MAX_CHAIN_ERROR);
-    ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
-#endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
-        * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
+    ExpectIntEQ(client_cbf.return_code, -1000);
+    ExpectIntEQ(server_cbf.return_code, -1000);
+    ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR));
+    ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
+#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
     return EXPECT_RESULT();
 }
 
 #if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
-    !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
-    && !defined(NO_SHA256) && defined(HAVE_ECC)
+    !defined(WOLFSSL_NO_TLS12) && \
+    defined(HAVE_ECC) && !defined(NO_AES) && !defined(NO_SHA256)
 static int test_wolfSSL_CTX_set_cipher_list_server_ctx_ready(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
@@ -8098,8 +9592,9 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
-    !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
-    && !defined(NO_SHA256) && defined(HAVE_ECC)
+    defined(HAVE_ECC) && !defined(NO_AES) && !defined(NO_SHA256)
+
+    #if !defined(WOLFSSL_NO_TLS12)
     WOLFSSL_CTX* ctxClient = NULL;
     WOLFSSL*     sslClient = NULL;
     test_ssl_cbf client_cbf;
@@ -8121,7 +9616,8 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
 
     /* check with cipher string that has '+' */
     ExpectNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
-    ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
+    /* Use trailing : with nothing to test for ASAN */
+    ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM:"));
     ExpectNotNull((sslClient = wolfSSL_new(ctxClient)));
 
     /* check for the existence of an ECDHE ECDSA cipher suite */
@@ -8149,6 +9645,8 @@ static int test_wolfSSL_CTX_set_cipher_list(void)
 
     wolfSSL_free(sslClient);
     wolfSSL_CTX_free(ctxClient);
+
+    #endif /* !WOLFSSL_NO_TLS12 */
 #endif
     return EXPECT_RESULT();
 }
@@ -8165,12 +9663,12 @@ static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx,
 
     /* get_finished test */
     /* 1. get own sent message */
-    XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
+    XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_finished(ssl, client_side_msg1, WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
     /* 2. get peer message */
-    XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
+    XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
 
     return EXPECT_RESULT();
@@ -8193,8 +9691,8 @@ static int test_wolfSSL_get_finished(void)
         TEST_SUCCESS);
 
     /* test received msg vs sent msg */
-    ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
-    ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
+    ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, WC_MAX_DIGEST_SIZE));
+    ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, WC_MAX_DIGEST_SIZE));
 #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */
 
     return EXPECT_RESULT();
@@ -8226,6 +9724,11 @@ static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
 static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
 {
     WOLFSSL_SESSION** sess;
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    static wolfSSL_Mutex m = WOLFSSL_MUTEX_INITIALIZER(m);
+
+    (void)wc_LockMutex(&m);
+#endif
     if (wolfSSL_is_server(ssl))
         sess = &test_wolfSSL_CTX_add_session_server_sess;
     else
@@ -8259,6 +9762,10 @@ static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
          * resuming on that session */
         AssertIntEQ(wolfSSL_session_reused(ssl), 1);
     }
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    wc_UnLockMutex(&m);
+#endif
+
     /* Save CTX to be able to decrypt tickets */
     if (wolfSSL_is_server(ssl) &&
             test_wolfSSL_CTX_add_session_server_ctx == NULL) {
@@ -9236,9 +10743,9 @@ static int test_wolfSSL_dtls_export(void)
         ExpectIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
 
         /* test importing bad length and bad version */
-        version_3[2] += 1;
+        version_3[2]++;
         ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
-        version_3[2] -= 1; version_3[1] = 0XA0;
+        version_3[2]--; version_3[1] = 0XA0;
         ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
         wolfSSL_free(ssl);
         wolfSSL_CTX_free(ctx);
@@ -9840,8 +11347,8 @@ static int test_wolfSSL_UseSNI_params(void)
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    NULL, 0, "ssl", 3));
     /* invalid type */
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, -1, "ssl", 3));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, (byte)-1, "ctx", 3));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, (byte)-1, "ssl", 3));
     /* invalid data */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, NULL,  3));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, NULL,  3));
@@ -9912,12 +11419,13 @@ static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
 
 static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
 {
-    AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_SNI_HOST_NAME_E),
+                wolfSSL_get_error(ssl, 0));
 }
 
 static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
 {
-    AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(SNI_ABSENT_ERROR), wolfSSL_get_error(ssl, 0));
 }
 
 static void verify_SNI_no_matching(WOLFSSL* ssl)
@@ -9955,7 +11463,7 @@ static void verify_SNI_fake_matching(WOLFSSL* ssl)
 
 static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
-    AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(FATAL_ERROR), wolfSSL_get_error(ssl, 0));
 }
 /* END of connection tests callbacks */
 
@@ -10170,19 +11678,19 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
     ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
                                                            1, result, &length));
 
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                            0, result, &length));
     buff[0] = 0x16;
 
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                            0, result, &length));
     buff[1] = 0x03;
 
-    ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
+    ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff,
                                            sizeof(buff), 0, result, &length));
     buff[2] = 0x03;
 
-    ExpectIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
+    ExpectIntEQ(WC_NO_ERR_TRACE(INCOMPLETE_DATA), wolfSSL_SNI_GetFromBuffer(buff,
                                            sizeof(buff), 0, result, &length));
     buff[4] = 0x64;
 
@@ -10201,19 +11709,19 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
     ExpectStrEQ("api.textmate.org", (const char*) result);
 
     /* SSL v2.0 tests */
-    ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[2] = 0x02;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[2] = 0x01; buff5[6] = 0x08;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[6] = 0x09; buff5[8] = 0x01;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     return EXPECT_RESULT();
@@ -10336,7 +11844,8 @@ static int test_wolfSSL_UseTrustedCA(void)
     EXPECT_DECLS;
 #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
     && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL     *ssl = NULL;
     byte        id[20];
@@ -10378,7 +11887,7 @@ static int test_wolfSSL_UseTrustedCA(void)
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif /* HAVE_TRUSTED_CA */
     return EXPECT_RESULT();
 }
@@ -10389,7 +11898,8 @@ static int test_wolfSSL_UseMaxFragment(void)
 #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
   #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
   #else
@@ -10397,8 +11907,8 @@ static int test_wolfSSL_UseMaxFragment(void)
   #endif
     WOLFSSL     *ssl = NULL;
   #ifdef OPENSSL_EXTRA
-    int (*UseMaxFragment)(SSL *s, uint8_t mode);
-    int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode);
+    int (*UseMaxFragment)(SSL *s, unsigned char mode);
+    int (*CTX_UseMaxFragment)(SSL_CTX *c, unsigned char mode);
   #else
     int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode);
     int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode);
@@ -10431,7 +11941,7 @@ static int test_wolfSSL_UseMaxFragment(void)
 
     /* success case */
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
   #endif
@@ -10440,9 +11950,9 @@ static int test_wolfSSL_UseMaxFragment(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_11));
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_12));
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
 
-    ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_13));
 
@@ -10454,14 +11964,42 @@ static int test_wolfSSL_UseMaxFragment(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_12));
 
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
   #endif
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_MAX_FRAGMENT) && \
+    defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+    /* check negotiated max fragment size */
+    {
+        WOLFSSL *ssl_c = NULL;
+        WOLFSSL *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+        WOLFSSL_CTX *ctx_c = NULL;
+        WOLFSSL_CTX *ctx_s = NULL;
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
+        ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c, WOLFSSL_MFL_2_8),
+            WOLFSSL_SUCCESS);
+        ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+#ifndef NO_SESSION_CACHE
+        ExpectIntEQ(SSL_SESSION_get_max_fragment_length(
+            wolfSSL_get_session(ssl_c)), WOLFSSL_MFL_2_8);
+#endif
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_CTX_free(ctx_s);
+    }
+#endif
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -10469,7 +12007,7 @@ static int test_wolfSSL_UseMaxFragment(void)
 static int test_wolfSSL_UseTruncatedHMAC(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
+#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
   #ifndef NO_WOLFSSL_SERVER
@@ -10540,7 +12078,7 @@ static int test_wolfSSL_UseSupportedCurve(void)
 
 static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
-    AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_ALPN_PROTOCOL_NAME_E), wolfSSL_get_error(ssl, 0));
 }
 
 static void use_ALPN_all(WOLFSSL* ssl)
@@ -10614,7 +12152,7 @@ static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
     char *proto = NULL;
     word16 protoSz = 0;
 
-    AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
+    AssertIntEQ(WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND),
                 wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
 
     /* check value */
@@ -10990,7 +12528,8 @@ static int test_wolfSSL_set_alpn_protos(void)
 static int test_wolfSSL_DisableExtendedMasterSecret(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
     WOLFSSL     *ssl = wolfSSL_new(ctx);
 
@@ -11014,7 +12553,8 @@ static int test_wolfSSL_DisableExtendedMasterSecret(void)
 static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
     WOLFSSL     *ssl = wolfSSL_new(ctx);
 
@@ -11060,11 +12600,11 @@ static int test_wolfSSL_SCR_Reconnect(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s));
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
     /* WOLFSSL_FATAL_ERROR since it will block */
-    ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
                 WOLFSSL_ERROR_WANT_READ);
-    ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
                 WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
     wolfSSL_free(ssl_c);
@@ -11085,8 +12625,8 @@ static int test_wolfSSL_SCR_Reconnect(void)
     return EXPECT_RESULT();
 }
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
-    (!defined(NO_RSA) || defined(HAVE_ECC))
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
 /* Called when writing. */
 static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
@@ -11113,7 +12653,7 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
     XMEMCPY(buf, msg->buffer, len);
     /* Move over returned data. */
     msg->buffer += len;
-    msg->length -= len;
+    msg->length -= (word32)len;
 
     /* Amount actually copied. */
     return len;
@@ -11126,8 +12666,8 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 static int test_tls_ext_duplicate(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
-    !defined(NO_FILESYSTEM)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
     const unsigned char clientHelloDupTlsExt[] = {
         0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00,
         0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
@@ -11184,8 +12724,8 @@ static int test_tls_ext_duplicate(void)
     ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
     /* can return duplicate ext error or socket error if the peer closed down
      * while sending alert */
-    if (wolfSSL_get_error(ssl, 0) != SOCKET_ERROR_E) {
-        ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E);
+    if (wolfSSL_get_error(ssl, 0) != WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
+        ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(DUPLICATE_TLS_EXT_E));
     }
 
     wolfSSL_free(ssl);
@@ -11205,14 +12745,14 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
         (defined(OPENSSL_EXTRA) && \
             (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
     /* use openssl like name to test mapping */
-    X509_NAME_ENTRY* ne;
-    X509_NAME* name;
+    X509_NAME_ENTRY* ne = NULL;
+    X509_NAME* name = NULL;
     X509* x509 = NULL;
 #ifndef NO_FILESYSTEM
-    ASN1_STRING* asn;
+    ASN1_STRING* asn = NULL;
     char* subCN = NULL;
 #endif
-    int idx;
+    int idx = 0;
     ASN1_OBJECT *object = NULL;
 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
     defined(WOLFSSL_NGINX)
@@ -11227,6 +12767,7 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(name = X509_get_subject_name(x509));
     ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
     ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
+    ExpectNull(X509_NAME_ENTRY_get_data(NULL));
     ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne));
     ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn));
     wolfSSL_FreeX509(x509);
@@ -11244,6 +12785,8 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(X509_NAME_print_ex(bio, name, 4,
                     (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4,
+                    (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4,
                     (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
     BIO_free(bio);
@@ -11269,6 +12812,7 @@ static int test_wolfSSL_PKCS12(void)
                    * Password Key
                    */
 #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \
     !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
     !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO)
     byte buf[6000];
@@ -11285,7 +12829,7 @@ static int test_wolfSSL_PKCS12(void)
     WOLFSSL_X509      *x509 = NULL;
 #endif
     XFILE f = XBADFILE;
-    int  bytes, ret, goodPswLen, badPswLen;
+    int  bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0;
     WOLFSSL_BIO      *bio = NULL;
     WOLFSSL_EVP_PKEY *pkey = NULL;
     WC_PKCS12        *pkcs12 = NULL;
@@ -11527,6 +13071,16 @@ static int test_wolfSSL_PKCS12(void)
     ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
             (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
 
+    /* modify case and compare subject from certificate in ca to expected.
+     * The first bit of the name is:
+     * /C=US/ST=Washington
+     * So we'll change subject->name[1] to 'c' (lower case) */
+    if (subject != NULL) {
+        subject->name[1] = 'c';
+        ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
+            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
+    }
+
     EVP_PKEY_free(pkey);
     pkey = NULL;
     X509_free(x509);
@@ -11657,8 +13211,8 @@ static int test_wolfSSL_PKCS12(void)
     #define TEST_PKCS8_ENC
 #endif
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
-    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_TLS)
 
 /* used to keep track if FailTestCallback was called */
 static int failTestCallbackCalled = 0;
@@ -11680,8 +13234,8 @@ static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userda
 static int test_wolfSSL_no_password_cb(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
-    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     byte buff[FOURK_BUF];
     const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
@@ -11722,7 +13276,7 @@ static int test_wolfSSL_no_password_cb(void)
     return EXPECT_RESULT();
 }
 
-#ifdef TEST_PKCS8_ENC
+#if defined(TEST_PKCS8_ENC) && !defined(NO_TLS)
 /* for PKCS8 test case */
 static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
 {
@@ -11744,14 +13298,15 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
             return BAD_FUNC_ARG;
     }
 }
-#endif /* TEST_PKCS8_ENC */
+#endif /* TEST_PKCS8_ENC && !NO_TLS */
 
 /* Testing functions dealing with PKCS8 */
 static int test_wolfSSL_PKCS8(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
-    !defined(WOLFCRYPT_ONLY)
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && \
+    (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     byte buff[FOURK_BUF];
     byte der[FOURK_BUF];
@@ -11766,7 +13321,7 @@ static int test_wolfSSL_PKCS8(void)
     XFILE f = XBADFILE;
     int bytes = 0;
     WOLFSSL_CTX* ctx = NULL;
-#if defined(HAVE_ECC) && !defined(NO_CODING)
+#if defined(HAVE_ECC) && !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
     int ret;
     ecc_key key;
     word32 x = 0;
@@ -11926,13 +13481,13 @@ static int test_wolfSSL_PKCS8(void)
     ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                 WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
-#ifndef NO_CODING
+#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
     /* decrypt PKCS8 PEM to key in DER format */
     ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
         (word32)sizeof(der), NULL)), 0);
     ret = wc_ecc_init(&key);
     if (ret == 0) {
-        ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
+        ret = wc_EccPrivateKeyDecode(der, &x, &key, (word32)bytes);
         wc_ecc_free(&key);
     }
     ExpectIntEQ(ret, 0);
@@ -11950,7 +13505,7 @@ static int test_wolfSSL_PKCS8(void)
 #else
     /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
     ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
-        (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
+        (word32)sizeof(der), NULL)), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 #endif /* HAVE_ECC */
 
     wolfSSL_CTX_free(ctx);
@@ -11974,13 +13529,17 @@ static int test_wolfSSL_PKCS8_ED25519(void)
     "-----END ENCRYPTED PRIVATE KEY-----\n";
     const char password[] = "abcdefghijklmnopqrstuvwxyz";
     byte der[FOURK_BUF];
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
+#endif
     int bytes;
 
     XMEMSET(der, 0, sizeof(der));
     ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
         (word32)sizeof(der), password)), 0);
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #else
@@ -11990,7 +13549,7 @@ static int test_wolfSSL_PKCS8_ED25519(void)
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -12010,13 +13569,17 @@ static int test_wolfSSL_PKCS8_ED448(void)
     "-----END ENCRYPTED PRIVATE KEY-----\n";
     const char password[] = "abcdefghijklmnopqrstuvwxyz";
     byte der[FOURK_BUF];
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
+#endif
     int bytes;
 
     XMEMSET(der, 0, sizeof(der));
     ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
         (word32)sizeof(der), password)), 0);
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #else
@@ -12026,7 +13589,7 @@ static int test_wolfSSL_PKCS8_ED448(void)
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -12107,6 +13670,11 @@ static int test_wolfSSL_TBS(void)
     const unsigned char* tbs;
     int tbsSz;
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile,
         WOLFSSL_FILETYPE_PEM));
 
@@ -12130,21 +13698,26 @@ static int test_wolfSSL_X509_verify(void)
     WOLFSSL_EVP_PKEY* pkey = NULL;
     unsigned char buf[2048];
     const unsigned char* pt = NULL;
-    int bufSz;
+    int bufSz = 0;
 
     ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
         WOLFSSL_FILETYPE_PEM));
 
+    ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL),
+        WOLFSSL_SUCCESS);
     ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(bufSz, 294);
 
+    bufSz--;
+    ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
+        WOLFSSL_SUCCESS);
     bufSz = 2048;
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
         WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
 
 
@@ -12167,10 +13740,16 @@ static int test_wolfSSL_X509_verify(void)
         WOLFSSL_SUCCESS);
     pt = buf;
     ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
-    ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL));
+    ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv));
+#endif
 
-    ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
     wolfSSL_EVP_PKEY_free(pkey);
 
     wolfSSL_FreeX509(ca);
@@ -12179,6 +13758,507 @@ static int test_wolfSSL_X509_verify(void)
     return EXPECT_RESULT();
 }
 
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+/* Given acert file and its pubkey file, read them and then
+ * attempt to verify signed acert.
+ *
+ * If expect_pass is true, then verification should pass.
+ * If expect_pass is false, then verification should fail.
+ * */
+static int do_acert_verify_test(const char * acert_file,
+                                const char * pkey_file,
+                                size_t       expect_pass)
+{
+    X509_ACERT * x509 = NULL;
+    EVP_PKEY *   pkey = NULL;
+    BIO *        bp = NULL;
+    int          verify_rc = 0;
+
+    /* First read the attribute certificate. */
+    bp = BIO_new_file(acert_file, "r");
+    if (bp == NULL) {
+        return -1;
+    }
+
+    x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL);
+    BIO_free(bp);
+    bp = NULL;
+
+    if (x509 == NULL) {
+        return -1;
+    }
+
+    /* Next read the associated pub key. */
+    bp = BIO_new_file(pkey_file, "r");
+
+    if (bp == NULL) {
+        X509_ACERT_free(x509);
+        x509 = NULL;
+        return -1;
+    }
+
+    pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL);
+    BIO_free(bp);
+    bp = NULL;
+
+    if (pkey == NULL) {
+        X509_ACERT_free(x509);
+        x509 = NULL;
+        return -1;
+    }
+
+    /* Finally, do verification. */
+    verify_rc = X509_ACERT_verify(x509, pkey);
+
+    X509_ACERT_free(x509);
+    x509 = NULL;
+
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    if (expect_pass && verify_rc != 1) {
+        return -1;
+    }
+
+    if (!expect_pass && verify_rc == 1) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
+
+static int test_wolfSSL_X509_ACERT_verify(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    /* Walk over list of signed ACERTs and their pubkeys.
+     * All should load and pass verification. */
+    const char * acerts[4] = {"certs/acert/acert.pem",
+                              "certs/acert/acert_ietf.pem",
+                              "certs/acert/rsa_pss/acert.pem",
+                              "certs/acert/rsa_pss/acert_ietf.pem"};
+    const char * pkeys[4] =  {"certs/acert/acert_pubkey.pem",
+                              "certs/acert/acert_ietf_pubkey.pem",
+                              "certs/acert/rsa_pss/acert_pubkey.pem",
+                              "certs/acert/rsa_pss/acert_ietf_pubkey.pem"};
+    int    rc = 0;
+    size_t i = 0;
+    size_t j = 0;
+
+    for (i = 0; i < 4; ++i) {
+        for (j = i; j < 4; ++j) {
+            rc = do_acert_verify_test(acerts[i], pkeys[j], i == j);
+
+            if (rc) {
+                fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n",
+                        "do_acert_verify_test", i, j, rc);
+                break;
+            }
+        }
+
+        if (rc) { break; }
+    }
+
+    ExpectIntEQ(rc, 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_ACERT_misc_api(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    const char * acerts[4] = {"certs/acert/acert.pem",
+                              "certs/acert/acert_ietf.pem",
+                              "certs/acert/rsa_pss/acert.pem",
+                              "certs/acert/rsa_pss/acert_ietf.pem"};
+    int          rc = 0;
+    X509_ACERT * x509 = NULL;
+    BIO *        bp = NULL;
+    long         ver_long = 0;
+    int          ver = 0;
+    int          nid = 0;
+    const byte * raw_attr = NULL;
+    word32       attr_len = 0;
+    size_t       i = 0;
+    int          buf_len = 0;
+    byte         ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                  0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                  0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                  0x80, 0x1b, 0x5f, 0x57, 0xc2};
+
+    for (i = 0; i < 4; ++i) {
+        const char * acert_file = acerts[i];
+        int          is_rsa_pss = 0;
+        int          is_ietf_acert = 0;
+        byte         serial[64];
+        int          serial_len = sizeof(serial);
+
+        XMEMSET(serial, 0, sizeof(serial));
+
+        is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0;
+        is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0;
+
+        /* First read the attribute certificate. */
+        bp = BIO_new_file(acert_file, "r");
+        ExpectNotNull(bp);
+
+        x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL);
+        ExpectNotNull(x509);
+
+        /* We're done with the bio for now. */
+        if (bp != NULL) {
+            BIO_free(bp);
+            bp = NULL;
+        }
+
+        /* Check version and signature NID. */
+        ver_long = X509_ACERT_get_version(x509);
+        ExpectIntEQ(ver_long, 1);
+
+        ver = wolfSSL_X509_ACERT_version(x509);
+        ExpectIntEQ(ver, 2);
+
+        nid = X509_ACERT_get_signature_nid(x509);
+
+        if (is_rsa_pss) {
+            ExpectIntEQ(nid, NID_rsassaPss);
+        }
+        else {
+            ExpectIntEQ(nid, NID_sha256WithRSAEncryption);
+        }
+
+        /* Get the serial number buffer.
+         * The ietf acert example has a 20 byte serial number. */
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            ExpectIntEQ(serial_len, 20);
+            ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0);
+        }
+        else {
+            ExpectIntEQ(serial_len, 1);
+            ExpectTrue(serial[0] == 0x01);
+        }
+
+        /* Repeat the same but with null serial buffer. This is ok. */
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            ExpectIntEQ(serial_len, 20);
+        }
+        else {
+            ExpectIntEQ(serial_len, 1);
+            ExpectTrue(serial[0] == 0x01);
+        }
+
+        /* Get the attributes buffer. */
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            /* This cert has a 65 byte attributes field. */
+            ExpectNotNull(raw_attr);
+            ExpectIntEQ(attr_len, 65);
+        }
+        else {
+            /* This cert has a 237 byte attributes field. */
+            ExpectNotNull(raw_attr);
+            ExpectIntEQ(attr_len, 237);
+        }
+
+        /* Test printing acert to memory bio. */
+        ExpectNotNull(bp = BIO_new(BIO_s_mem()));
+        rc = X509_ACERT_print(bp, x509);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        /* Now do a bunch of invalid stuff with partially valid inputs. */
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        ver_long = X509_ACERT_get_version(NULL);
+        ExpectIntEQ(ver_long, 0);
+
+        ver = wolfSSL_X509_ACERT_version(NULL);
+        ExpectIntEQ(ver, 0);
+
+        rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL);
+        ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR);
+
+        rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+        ExpectIntEQ(buf_len, 256);
+
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = X509_ACERT_print(bp, NULL);
+        ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+        rc = X509_ACERT_print(NULL, x509);
+        ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+        /* Finally free the acert and bio, we're done with them. */
+        if (x509 != NULL) {
+            X509_ACERT_free(x509);
+            x509 = NULL;
+        }
+
+        if (bp != NULL) {
+            BIO_free(bp);
+            bp = NULL;
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_ACERT_buffer(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(WC_RSA_PSS) && \
+    (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+    const byte acert_ietf[] = \
+    "-----BEGIN ATTRIBUTE CERTIFICATE-----\n"
+    "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n"
+    "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n"
+    "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n"
+    "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n"
+    "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n"
+    "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n"
+    "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n"
+    "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n"
+    "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n"
+    "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n"
+    "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n"
+    "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n"
+    "Bw==\n"
+    "-----END ATTRIBUTE CERTIFICATE-----\n";
+    X509_ACERT * x509 = NULL;
+    int          rc = 0;
+    byte         ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                  0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                  0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                  0x80, 0x1b, 0x5f, 0x57, 0xc2};
+    byte         serial[64];
+    int          serial_len = sizeof(serial);
+    const byte * raw_attr = NULL;
+    word32       attr_len = 0;
+
+    x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf,
+                                                         sizeof(acert_ietf),
+                                                         WOLFSSL_FILETYPE_PEM,
+                                                         HEAP_HINT);
+
+    rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+    ExpectIntEQ(rc, SSL_SUCCESS);
+
+    ExpectIntEQ(serial_len, 20);
+    ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0);
+
+    /* Get the attributes buffer. */
+    rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
+    ExpectIntEQ(rc, SSL_SUCCESS);
+
+    /* This cert has a 65 byte attributes field. */
+    ExpectNotNull(raw_attr);
+    ExpectIntEQ(attr_len, 65);
+
+    ExpectNotNull(x509);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+/* note: when ACERT generation and signing are implemented,
+ * this test will be filled out appropriately.
+ * */
+static int test_wolfSSL_X509_ACERT_new_and_sign(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(WC_RSA_PSS) && \
+    (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+    X509_ACERT * x509 = NULL;
+    int          rc = 0;
+
+    x509 = X509_ACERT_new();
+    ExpectNotNull(x509);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+
+    /* Same but with static memory hint. */
+    x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT);
+    ExpectNotNull(x509);
+
+    #ifndef NO_WOLFSSL_STUB
+    /* ACERT sign not implemented yet. */
+    if (x509 != NULL) {
+        rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL);
+        ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED);
+    }
+    #else
+    (void) rc;
+    #endif /* NO_WOLFSSL_STUB */
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Test ACERT support, but with ASN functions only.
+ *
+ * This example acert_ietf has both Holder IssuerSerial
+ * and Holder entityName fields.
+ * */
+static int test_wolfSSL_X509_ACERT_asn(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS)
+    const byte     acert_ietf[] = \
+    "-----BEGIN ATTRIBUTE CERTIFICATE-----\n"
+    "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n"
+    "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n"
+    "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n"
+    "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n"
+    "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n"
+    "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n"
+    "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n"
+    "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n"
+    "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n"
+    "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n"
+    "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n"
+    "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n"
+    "Bw==\n"
+    "-----END ATTRIBUTE CERTIFICATE-----\n";
+    int            rc = 0;
+    int            n_diff = 0;
+    byte           ietf_serial[] =      {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                         0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                         0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                         0x80, 0x1b, 0x5f, 0x57, 0xc2};
+    byte           holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06,
+                                         0x03, 0x55, 0x04, 0x03, 0x0c,
+                                         0x02, 0x43, 0x41};
+    byte           holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06,
+                                         0x03, 0x55, 0x04, 0x03, 0x0c,
+                                         0x0e, 0x73, 0x65, 0x72, 0x76,
+                                         0x65, 0x72, 0x2e, 0x65, 0x78,
+                                         0x61, 0x6d, 0x70, 0x6c, 0x65};
+    DerBuffer *    der = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert * acert = NULL;
+#else
+    DecodedAcert   acert[1];
+#endif
+
+    rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der,
+                     HEAP_HINT, NULL, NULL);
+
+    ExpectIntEQ(rc, 0);
+    ExpectNotNull(der);
+
+    if (der != NULL) {
+        ExpectNotNull(der->buffer);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT,
+                                   DYNAMIC_TYPE_DCERT);
+    ExpectNotNull(acert);
+#else
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+#endif
+
+    if (der != NULL && der->buffer != NULL
+#ifdef WOLFSSL_SMALL_STACK
+        && acert != NULL
+#endif
+    ) {
+        wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT);
+        rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE);
+        ExpectIntEQ(rc, 0);
+
+        ExpectIntEQ(acert->serialSz, 20);
+        ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)),
+                    0);
+
+        /* This cert has a 65 byte attributes field. */
+        ExpectNotNull(acert->rawAttr);
+        ExpectIntEQ(acert->rawAttrLen, 65);
+
+        ExpectNotNull(acert->holderIssuerName);
+        ExpectNotNull(acert->holderEntityName);
+
+        if ((acert->holderIssuerName != NULL) &&
+            (acert->holderEntityName != NULL)) {
+            ExpectNotNull(acert->holderEntityName->name);
+            ExpectNotNull(acert->holderIssuerName->name);
+        }
+
+        if ((acert->holderIssuerName != NULL) &&
+            (acert->holderEntityName != NULL) &&
+            (acert->holderIssuerName->name != NULL) &&
+            (acert->holderEntityName->name != NULL)) {
+            ExpectIntEQ(acert->holderIssuerName->len,
+                        sizeof(holderIssuerName));
+            ExpectIntEQ(acert->holderEntityName->len,
+                        sizeof(holderEntityName));
+
+            ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE);
+            ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE);
+
+            n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName,
+                             sizeof(holderIssuerName));
+            ExpectIntEQ(n_diff, 0);
+
+            n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName,
+                             sizeof(holderEntityName));
+            ExpectIntEQ(n_diff, 0);
+        }
+
+        wc_FreeDecodedAcert(acert);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (acert != NULL) {
+        XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT);
+        acert = NULL;
+    }
+#endif
+
+    if (der != NULL) {
+        wc_FreeDer(&der);
+        der = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
 
 #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
          defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
@@ -12253,7 +14333,7 @@ static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
 {
     EXPECT_DECLS;
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
-    ExpectIntEQ(store->error, ASN_VERSION_E);
+    ExpectIntEQ(store->error, WC_NO_ERR_TRACE(ASN_VERSION_E));
 #else
     ExpectIntEQ(store->error, 0);
 #endif
@@ -12300,7 +14380,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void)
 
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-        &func_cb_server, NULL), TEST_FAIL);
+        &func_cb_server, NULL), -1001);
 #else
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
         &func_cb_server, NULL), TEST_SUCCESS);
@@ -12350,7 +14430,7 @@ static int test_wolfSSL_X509_TLS_version_test_2(void)
 static int test_wolfSSL_CTX_SetMinVersion(void)
 {
     int                     res = TEST_SKIPPED;
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     int                     failFlag = WOLFSSL_SUCCESS;
     WOLFSSL_CTX*            ctx;
     int                     itr;
@@ -12402,7 +14482,7 @@ static int test_wolfSSL_UseOCSPStapling(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
-        !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX*    ctx = NULL;
     WOLFSSL*        ssl = NULL;
 
@@ -12422,13 +14502,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
         WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
 #else
     ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wolfSSL_free(ssl);
@@ -12447,7 +14527,7 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
-        !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX*        ctx = NULL;
     WOLFSSL*            ssl = NULL;
 
@@ -12467,13 +14547,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
         WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
 #else
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wolfSSL_free(ssl);
@@ -12528,6149 +14608,6 @@ static int test_wolfSSL_mcast(void)
  |  Wolfcrypt
  *----------------------------------------------------------------------------*/
 
-/*
- * Unit test for the wc_InitBlake2b()
- */
-static int test_wc_InitBlake2b(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_BLAKE2
-    Blake2b blake;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitBlake2b(&blake, 64), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitBlake2b(NULL, 64), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(NULL, 128), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(&blake, 128), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(&blake, 0), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-}     /* END test_wc_InitBlake2b*/
-
-/*
- * Unit test for the wc_InitBlake2b_WithKey()
- */
-static int test_wc_InitBlake2b_WithKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_BLAKE2
-    Blake2b     blake;
-    word32      digestSz = BLAKE2B_KEYBYTES;
-    byte        key[BLAKE2B_KEYBYTES];
-    word32      keylen = BLAKE2B_KEYBYTES;
-
-    XMEMSET(key, 0, sizeof(key));
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
-#endif
-    return EXPECT_RESULT();
-}     /* END wc_InitBlake2b_WithKey*/
-
-/*
- * Unit test for the wc_InitBlake2s_WithKey()
- */
-static int test_wc_InitBlake2s_WithKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_BLAKE2S
-    Blake2s     blake;
-    word32      digestSz = BLAKE2S_KEYBYTES;
-    byte        *key = (byte*)"01234567890123456789012345678901";
-    word32      keylen = BLAKE2S_KEYBYTES;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
-#endif
-    return EXPECT_RESULT();
-}     /* END wc_InitBlake2s_WithKey*/
-
-/*
- * Unit test for the wc_InitMd5()
- */
-static int test_wc_InitMd5(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_MD5
-    wc_Md5 md5;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitMd5(&md5), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitMd5(NULL), BAD_FUNC_ARG);
-
-    wc_Md5Free(&md5);
-#endif
-    return EXPECT_RESULT();
-}     /* END test_wc_InitMd5 */
-
-
-/*
- * Testing wc_UpdateMd5()
- */
-static int test_wc_Md5Update(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_MD5
-    wc_Md5 md5;
-    byte hash[WC_MD5_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitMd5(&md5), 0);
-
-    /* Input */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Md5Final(&md5, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
-               "\x72";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen), 0);
-    ExpectIntEQ(wc_Md5Final(&md5, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_MD5_DIGEST_SIZE;
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Md5Free(&md5);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5Update()  */
-
-
-/*
- *  Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
- */
-static int test_wc_Md5Final(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_MD5
-    /* Instantiate */
-    wc_Md5 md5;
-    byte* hash_test[3];
-    byte hash1[WC_MD5_DIGEST_SIZE];
-    byte hash2[2*WC_MD5_DIGEST_SIZE];
-    byte hash3[5*WC_MD5_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitMd5(&md5), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test)/sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Md5Final(&md5, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Md5Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Final(&md5, NULL), BAD_FUNC_ARG);
-
-    wc_Md5Free(&md5);
-#endif
-    return EXPECT_RESULT();
-}
-
-/*
- * Unit test for the wc_InitSha()
- */
-static int test_wc_InitSha(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA
-    wc_Sha sha;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha(NULL), BAD_FUNC_ARG);
-
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha */
-
-/*
- *  Tesing wc_ShaUpdate()
- */
-static int test_wc_ShaUpdate(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA
-    wc_Sha sha;
-    byte hash[WC_SHA_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-
-    ExpectIntEQ(wc_ShaUpdate(&sha, NULL, 0), 0);
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
-               "\x6C\x9C\xD0\xD8\x9D";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
-
-    /* Try passing in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA_DIGEST_SIZE;
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaUpdate() */
-
-
-/*
- * Unit test on wc_ShaFinal
- */
-static int test_wc_ShaFinal(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA
-    wc_Sha sha;
-    byte* hash_test[3];
-    byte hash1[WC_SHA_DIGEST_SIZE];
-    byte hash2[2*WC_SHA_DIGEST_SIZE];
-    byte hash3[5*WC_SHA_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize*/
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test)/sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_ShaFinal(&sha, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ShaFinal(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaFinal(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaFinal(&sha, NULL), BAD_FUNC_ARG);
-
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaFinal */
-
-
-/*
- * Unit test for wc_InitSha256()
- */
-static int test_wc_InitSha256(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha256(NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha256 */
-
-
-/*
- * Unit test for wc_Sha256Update()
- */
-static int test_wc_Sha256Update(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    byte hash[WC_SHA256_DIGEST_SIZE];
-    byte hash_unaligned[WC_SHA256_DIGEST_SIZE+1];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    /*  Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha256Update(&sha256, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
-               "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
-               "\x15\xAD";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
-
-    /* Unaligned check. */
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input+1, (word32)a.inLen-1),
-        0);
-    ExpectIntEQ(wc_Sha256Final(&sha256, hash_unaligned + 1), 0);
-
-    /* Try passing in bad values */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA256_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Update */
-
-
-/*
- * Unit test function for wc_Sha256Final()
- */
-static int test_wc_Sha256Final(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    byte* hash_test[3];
-    byte hash1[WC_SHA256_DIGEST_SIZE];
-    byte hash2[2*WC_SHA256_DIGEST_SIZE];
-    byte hash3[5*WC_SHA256_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sha256Final(&sha256, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha256Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Final(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Final */
-/*
- * Unit test function for wc_Sha256FinalRaw()
- */
-static int test_wc_Sha256FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sha256 sha256;
-    byte* hash_test[3];
-    byte hash1[WC_SHA256_DIGEST_SIZE];
-    byte hash2[2*WC_SHA256_DIGEST_SIZE];
-    byte hash3[5*WC_SHA256_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sha256FinalRaw(&sha256, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha256FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256FinalRaw(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha256FinalRaw */
-/*
- * Unit test function for wc_Sha256GetFlags()
- */
-static int test_wc_Sha256GetFlags(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha256 sha256;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    ExpectIntEQ(wc_Sha256GetFlags(&sha256, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha256GetFlags */
-/*
- * Unit test function for wc_Sha256Free()
- */
-static int test_wc_Sha256Free(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Free */
-/*
- * Unit test function for wc_Sha256GetHash()
- */
-static int test_wc_Sha256GetHash(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    byte hash1[WC_SHA256_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    ExpectIntEQ(wc_Sha256GetHash(&sha256, hash1), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha256GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256GetHash(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256GetHash */
-/*
- * Unit test function for wc_Sha256Copy()
- */
-static int test_wc_Sha256Copy(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    wc_Sha256 temp;
-
-    XMEMSET(&sha256, 0, sizeof(sha256));
-    XMEMSET(&temp, 0, sizeof(temp));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-    ExpectIntEQ(wc_InitSha256(&temp), 0);
-
-    ExpectIntEQ(wc_Sha256Copy(&sha256, &temp), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha256Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Copy(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-    wc_Sha256Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Copy */
-/*
- * Testing wc_InitSha512()
- */
-static int test_wc_InitSha512(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512(NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha512 */
-
-
-/*
- *  wc_Sha512Update() test.
- */
-static int test_wc_Sha512Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    byte hash[WC_SHA512_DIGEST_SIZE];
-    byte hash_unaligned[WC_SHA512_DIGEST_SIZE + 1];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha512Update(&sha512, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha512Update(&sha512,(byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha512Final(&sha512, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
-               "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
-               "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
-               "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
-               "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen), 0);
-    ExpectIntEQ(wc_Sha512Final(&sha512, hash), 0);
-
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE), 0);
-
-    /* Unaligned check. */
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input+1, (word32)a.inLen-1),
-        0);
-    ExpectIntEQ(wc_Sha512Final(&sha512, hash_unaligned+1), 0);
-
-    /* Try passing in bad values */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA512_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha512Update  */
-
-#ifdef WOLFSSL_SHA512
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-        (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
-/* Performs test for
- * - wc_Sha512Final/wc_Sha512FinalRaw
- * - wc_Sha512_224Final/wc_Sha512_224Final
- * - wc_Sha512_256Final/wc_Sha512_256Final
- * parameter:
- * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
- *          WC_HASH_TYPE_SHA512_256
- * - isRaw: if is non-zero, xxxFinalRaw function will be tested
- *return 0 on success
- */
-static int test_Sha512_Family_Final(int type, int isRaw)
-{
-    EXPECT_DECLS;
-    wc_Sha512 sha512;
-    byte* hash_test[3];
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-    byte hash2[2*WC_SHA512_DIGEST_SIZE];
-    byte hash3[5*WC_SHA512_DIGEST_SIZE];
-    int times, i;
-
-    int(*initFp)(wc_Sha512*);
-    int(*finalFp)(wc_Sha512*, byte*);
-    void(*freeFp)(wc_Sha512*);
-
-    if (type == WC_HASH_TYPE_SHA512) {
-        initFp  = wc_InitSha512;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-        finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
-#else
-        finalFp = (isRaw)? NULL : wc_Sha512Final;
-#endif
-        freeFp  = wc_Sha512Free;
-    }
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if !defined(WOLFSSL_NOSHA512_224)
-    else if (type == WC_HASH_TYPE_SHA512_224) {
-        initFp  = wc_InitSha512_224;
-    #if !defined(WOLFSSL_NO_HASH_RAW)
-        finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
-    #else
-        finalFp = (isRaw)? NULL : wc_Sha512_224Final;
-    #endif
-        freeFp  = wc_Sha512_224Free;
-    }
-#endif
-#if !defined(WOLFSSL_NOSHA512_256)
-    else if (type == WC_HASH_TYPE_SHA512_256) {
-        initFp  = wc_InitSha512_256;
-    #if !defined(WOLFSSL_NO_HASH_RAW)
-        finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
-    #else
-        finalFp = (isRaw)? NULL : wc_Sha512_256Final;
-    #endif
-        freeFp  = wc_Sha512_256Free;
-    }
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    else
-        return TEST_FAIL;
-
-    /* Initialize  */
-    ExpectIntEQ(initFp(&sha512), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte *);
-
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
-    }
-    /* Test bad args. */
-    ExpectIntEQ(finalFp(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(finalFp(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(finalFp(&sha512, NULL), BAD_FUNC_ARG);
-
-    freeFp(&sha512);
-
-    return EXPECT_RESULT();
-}
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
-                        (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
-#endif /* WOLFSSL_SHA512 */
-/*
- * Unit test function for wc_Sha512Final()
- */
-static int test_wc_Sha512Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    byte* hash_test[3];
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-    byte hash2[2*WC_SHA512_DIGEST_SIZE];
-    byte hash3[5*WC_SHA512_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize  */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte *);
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha512Final(&sha512, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha512Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Final(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512Final */
-/*
- * Unit test function for wc_Sha512GetFlags()
- */
-static int test_wc_Sha512GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha512 sha512;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    ExpectIntEQ(wc_Sha512GetFlags(&sha512, &flags), 0);
-    ExpectIntEQ((flags & WC_HASH_FLAG_ISCOPY), 0);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512GetFlags */
-/*
- * Unit test function for wc_Sha512FinalRaw()
- */
-static int test_wc_Sha512FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sha512 sha512;
-    byte* hash_test[3];
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-    byte hash2[2*WC_SHA512_DIGEST_SIZE];
-    byte hash3[5*WC_SHA512_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha512FinalRaw(&sha512, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha512FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512FinalRaw(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512FinalRaw */
-
-/*
- * Unit test function for wc_Sha512Free()
- */
-static int test_wc_Sha512Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512Free */
-#ifdef WOLFSSL_SHA512
-
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-        (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
-static int test_Sha512_Family_GetHash(int type )
-{
-    EXPECT_DECLS;
-    int(*initFp)(wc_Sha512*);
-    int(*ghashFp)(wc_Sha512*, byte*);
-    wc_Sha512 sha512;
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-
-    if (type == WC_HASH_TYPE_SHA512) {
-        initFp  = wc_InitSha512;
-        ghashFp = wc_Sha512GetHash;
-    }
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if !defined(WOLFSSL_NOSHA512_224)
-    else if (type == WC_HASH_TYPE_SHA512_224) {
-        initFp  = wc_InitSha512_224;
-        ghashFp = wc_Sha512_224GetHash;
-    }
-#endif
-#if !defined(WOLFSSL_NOSHA512_256)
-    else if (type == WC_HASH_TYPE_SHA512_256) {
-        initFp  = wc_InitSha512_256;
-        ghashFp = wc_Sha512_256GetHash;
-    }
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    else {
-        initFp  = NULL;
-        ghashFp = NULL;
-    }
-
-    if (initFp == NULL || ghashFp == NULL)
-        return TEST_FAIL;
-
-    ExpectIntEQ(initFp(&sha512), 0);
-    ExpectIntEQ(ghashFp(&sha512, hash1), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(ghashFp(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(ghashFp(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(ghashFp(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-    return EXPECT_RESULT();
-}
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
-                        (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
-#endif /* WOLFSSL_SHA512 */
-/*
- * Unit test function for wc_Sha512GetHash()
- */
-static int test_wc_Sha512GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    ExpectIntEQ(wc_Sha512GetHash(&sha512, hash1), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512GetHash(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512GetHash */
-
-/*
- * Unit test function for wc_Sha512Copy()
- */
-static int test_wc_Sha512Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    wc_Sha512 temp;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&temp, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512(&temp), 0);
-
-    ExpectIntEQ(wc_Sha512Copy(&sha512, &temp), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Copy(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-    wc_Sha512Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512Copy */
-
-static int test_wc_InitSha512_224(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512 sha512;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512_224(NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_224Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224Update(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512 sha512;
-    byte hash[WC_SHA512_DIGEST_SIZE];
-    testVector a, c;
-
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512,(byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_224Final(&sha512, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
-               "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_224Final(&sha512, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE), 0);
-
-    c.input = NULL;
-    c.inLen = WC_SHA512_224_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha512_224Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224Final(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0),
-        TEST_SUCCESS);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224GetFlags(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha512 sha512;
-    wc_Sha512 copy;
-    word32 flags = 0;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&copy, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_224(&copy), 0);
-
-    ExpectIntEQ(wc_Sha512_224GetFlags(&sha512, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, &copy), 0);
-    ExpectIntEQ(wc_Sha512_224GetFlags(&copy, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == WC_HASH_FLAG_ISCOPY);
-
-    wc_Sha512_224Free(&copy);
-    wc_Sha512_224Free(&sha512);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-    defined(WOLFSSL_SHA512) &&  !defined(WOLFSSL_NOSHA512_224) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1),
-        TEST_SUCCESS);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224Free(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512_224Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224GetHash(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    ExpectIntEQ(test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224),
-        TEST_SUCCESS);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-static int test_wc_Sha512_224Copy(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512 sha512;
-    wc_Sha512 temp;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&temp, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_224(&temp), 0);
-
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512_224Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_224Free(&sha512);
-    wc_Sha512_224Free(&temp);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_InitSha512_256(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512 sha512;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512_256(NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_256Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256Update(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512 sha512;
-    byte hash[WC_SHA512_DIGEST_SIZE];
-    testVector a, c;
-
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512,(byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_256Final(&sha512, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
-               "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
-               "\x07\xe7\xaf\x23";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_256Final(&sha512, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE), 0);
-
-    c.input = NULL;
-    c.inLen = WC_SHA512_256_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha512_256Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256Final(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0),
-        TEST_SUCCESS);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256GetFlags(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha512 sha512, copy;
-    word32 flags = 0;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&copy, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_256(&copy), 0);
-
-    ExpectIntEQ(wc_Sha512_256GetFlags(&sha512, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, &copy), 0);
-    ExpectIntEQ(wc_Sha512_256GetFlags(&copy, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == WC_HASH_FLAG_ISCOPY);
-
-    wc_Sha512_256Free(&sha512);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-    defined(WOLFSSL_SHA512) &&  !defined(WOLFSSL_NOSHA512_256) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1),
-        TEST_SUCCESS);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256Free(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512_256Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256GetHash(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    ExpectIntEQ(test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256),
-        TEST_SUCCESS);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-
-}
-static int test_wc_Sha512_256Copy(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512 sha512;
-    wc_Sha512 temp;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&temp, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_256(&temp), 0);
-
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512_256Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_256Free(&sha512);
-    wc_Sha512_256Free(&temp);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-
-
-/*
- * Testing wc_InitSha384()
- */
-static int test_wc_InitSha384(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha384(NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha384 */
-
-
-/*
- * test wc_Sha384Update()
- */
-static int test_wc_Sha384Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    byte hash[WC_SHA384_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    /* Input */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha384Update(&sha384, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha384Final(&sha384, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
-               "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
-               "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
-               "\xc8\x25\xa7";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha384Final(&sha384, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA384_DIGEST_SIZE;
-    ExpectIntEQ( wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384Update */
-
-/*
- * Unit test function for wc_Sha384Final();
- */
-static int test_wc_Sha384Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    byte* hash_test[3];
-    byte hash1[WC_SHA384_DIGEST_SIZE];
-    byte hash2[2*WC_SHA384_DIGEST_SIZE];
-    byte hash3[5*WC_SHA384_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha384Final(&sha384, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha384Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Final(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384Final */
-/*
- * Unit test function for wc_Sha384GetFlags()
- */
-static int test_wc_Sha384GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha384 sha384;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-    ExpectIntEQ(wc_Sha384GetFlags(&sha384, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha384GetFlags */
-/*
- * Unit test function for wc_Sha384FinalRaw()
- */
-static int test_wc_Sha384FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sha384 sha384;
-    byte* hash_test[3];
-    byte hash1[WC_SHA384_DIGEST_SIZE];
-    byte hash2[2*WC_SHA384_DIGEST_SIZE];
-    byte hash3[5*WC_SHA384_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha384FinalRaw(&sha384, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha384FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384FinalRaw(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384FinalRaw */
-/*
- * Unit test function for wc_Sha384Free()
- */
-static int test_wc_Sha384Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha384Free */
-/*
- * Unit test function for wc_Sha384GetHash()
- */
-static int test_wc_Sha384GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    byte hash1[WC_SHA384_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    ExpectIntEQ(wc_Sha384GetHash(&sha384, hash1), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha384GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384GetHash(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384GetHash */
-/*
- * Unit test function for wc_Sha384Copy()
- */
-static int test_wc_Sha384Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    wc_Sha384 temp;
-
-    XMEMSET(&sha384, 0, sizeof(wc_Sha384));
-    XMEMSET(&temp, 0, sizeof(wc_Sha384));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-    ExpectIntEQ(wc_InitSha384(&temp), 0);
-
-    ExpectIntEQ(wc_Sha384Copy(&sha384, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha384Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Copy(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-    wc_Sha384Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384Copy */
-
-/*
- * Testing wc_InitSha224();
- */
-static int test_wc_InitSha224(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha224(NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha224 */
-
-/*
- * Unit test on wc_Sha224Update
- */
-static int test_wc_Sha224Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    byte hash[WC_SHA224_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha224Update(&sha224, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha224Final(&sha224, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
-               "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha224Final(&sha224, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA224_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen),
-       BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224Update */
-
-/*
- * Unit test for wc_Sha224Final();
- */
-static int test_wc_Sha224Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    byte* hash_test[3];
-    byte hash1[WC_SHA224_DIGEST_SIZE];
-    byte hash2[2*WC_SHA224_DIGEST_SIZE];
-    byte hash3[5*WC_SHA224_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    /* Testing oversized buffers. */
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sha224Final(&sha224, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha224Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Final(&sha224, NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224Final */
-
-/*
- * Unit test function for wc_Sha224SetFlags()
- */
-static int test_wc_Sha224SetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha224 sha224;
-    word32 flags = WC_HASH_FLAG_WILLCOPY;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    ExpectIntEQ(wc_Sha224SetFlags(&sha224, flags), 0);
-    flags = 0;
-    ExpectIntEQ(wc_Sha224GetFlags(&sha224, &flags), 0);
-    ExpectTrue(flags == WC_HASH_FLAG_WILLCOPY);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224SetFlags */
-
-/*
- * Unit test function for wc_Sha224GetFlags()
- */
-static int test_wc_Sha224GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha224 sha224;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    ExpectIntEQ(wc_Sha224GetFlags(&sha224, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224GetFlags */
-/*
- * Unit test function for wc_Sha224Free()
- */
-static int test_wc_Sha224Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha224Free */
-
-/*
- * Unit test function for wc_Sha224GetHash()
- */
-static int test_wc_Sha224GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    byte hash1[WC_SHA224_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    ExpectIntEQ(wc_Sha224GetHash(&sha224, hash1), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha224GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224GetHash(&sha224, NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224GetHash */
-
-/*
- * Unit test function for wc_Sha224Copy()
- */
-static int test_wc_Sha224Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    wc_Sha224 temp;
-
-    XMEMSET(&sha224, 0, sizeof(wc_Sha224));
-    XMEMSET(&temp, 0, sizeof(wc_Sha224));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-    ExpectIntEQ(wc_InitSha224(&temp), 0);
-
-    ExpectIntEQ(wc_Sha224Copy(&sha224, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha224Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Copy(&sha224, NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-    wc_Sha224Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224Copy */
-
-
-/*
- * Testing wc_InitRipeMd()
- */
-static int test_wc_InitRipeMd(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_RIPEMD
-    RipeMd ripemd;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitRipeMd(NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_InitRipeMd */
-
-/*
- * Testing wc_RipeMdUpdate()
- */
-static int test_wc_RipeMdUpdate(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_RIPEMD
-    RipeMd ripemd;
-    byte hash[RIPEMD_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
-
-    /* Input */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
-               "\xb0\x87\xf1\x5a\x0b\xfc";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = RIPEMD_DIGEST_SIZE;
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_RipeMdUdpate */
-
-/*
- * Unit test function for wc_RipeMdFinal()
- */
-static int test_wc_RipeMdFinal(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_RIPEMD
-    RipeMd ripemd;
-    byte* hash_test[3];
-    byte hash1[RIPEMD_DIGEST_SIZE];
-    byte hash2[2*RIPEMD_DIGEST_SIZE];
-    byte hash3[5*RIPEMD_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Testing oversized buffers. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdFinal(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_RipeMdFinal */
-
-
-/*
- * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
- * wc_InitSha3_512
- */
-static int test_wc_InitSha3(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3)
-    wc_Sha3 sha3;
-
-    (void)sha3;
-
-#if !defined(WOLFSSL_NOSHA3_224)
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_224(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-    wc_Sha3_224_Free(&sha3);
-#endif /* NOSHA3_224 */
-#if !defined(WOLFSSL_NOSHA3_256)
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-    wc_Sha3_256_Free(&sha3);
-#endif /* NOSHA3_256 */
-#if !defined(WOLFSSL_NOSHA3_384)
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_384(NULL, HEAP_HINT, testDevId),  BAD_FUNC_ARG);
-    wc_Sha3_384_Free(&sha3);
-#endif /* NOSHA3_384 */
-#if !defined(WOLFSSL_NOSHA3_512)
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_512(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-    wc_Sha3_512_Free(&sha3);
-#endif /* NOSHA3_512 */
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha3 */
-
-
-/*
- * Testing wc_Sha3_Update()
- */
-static int testing_wc_Sha3_Update(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
-   !defined(WOLFSSL_AFALG_XILINX)
-    wc_Sha3 sha3;
-    byte    msg[] = "Everybody's working for the weekend.";
-    byte    msg2[] = "Everybody gets Friday off.";
-    byte    msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
-                    "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
-                    "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
-                    "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
-                    "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
-    word32  msglen = sizeof(msg) - 1;
-    word32  msg2len = sizeof(msg2);
-    word32  msgCmplen = sizeof(msgCmp);
-
-    #if !defined(WOLFSSL_NOSHA3_224)
-        ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_224_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_224_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_224_Free(&sha3);
-    #endif /* SHA3_224 */
-
-    #if !defined(WOLFSSL_NOSHA3_256)
-        ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_256_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_256_Free(&sha3);
-    #endif /* SHA3_256 */
-
-    #if !defined(WOLFSSL_NOSHA3_384)
-        ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_384_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_384_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_384_Free(&sha3);
-    #endif /* SHA3_384 */
-
-    #if !defined(WOLFSSL_NOSHA3_512)
-        ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_512_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_512_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_512_Free(&sha3);
-    #endif /* SHA3_512 */
-#endif /* WOLFSSL_SHA3 */
-    return EXPECT_RESULT();
-} /* END testing_wc_Sha3_Update */
-
-/*
- *  Testing wc_Sha3_224_Final()
- */
-static int test_wc_Sha3_224_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-    wc_Sha3     sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
-                         "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
-                         "\x64\xea\xd0\xfc\xce\x33";
-    byte        hash[WC_SHA3_224_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_224_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_224_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_224_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_224_Final */
-
-
-/*
- *  Testing wc_Sha3_256_Final()
- */
-static int test_wc_Sha3_256_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-    wc_Sha3     sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
-                        "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
-                        "\xdd\x97\x49\x6d\x33\x76";
-    byte        hash[WC_SHA3_256_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_256_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_256_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_256_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_256_Final */
-
-
-/*
- *  Testing wc_Sha3_384_Final()
- */
-static int test_wc_Sha3_384_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-    wc_Sha3        sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
-                         "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
-                         "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
-                         "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
-    byte        hash[WC_SHA3_384_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_384_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_384_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_384_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_384_Final */
-
-
-
-/*
- *  Testing wc_Sha3_512_Final()
- */
-static int test_wc_Sha3_512_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
-   !defined(WOLFSSL_NOSHA3_384)
-    wc_Sha3     sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
-                         "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
-                         "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
-                         "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
-                         "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
-    byte        hash[WC_SHA3_512_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_512_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_512_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_512_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_512_Final */
-
-
-/*
- *  Testing wc_Sha3_224_Copy()
- */
-static int test_wc_Sha3_224_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_224_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_224_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_224(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_224_Free(&sha3);
-    wc_Sha3_224_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_224_Copy */
-
-
-
-/*
- *  Testing wc_Sha3_256_Copy()
- */
-static int test_wc_Sha3_256_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_256_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_256_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_256(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_256_Free(&sha3);
-    wc_Sha3_256_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_256_Copy */
-
-
-
-/*
- *  Testing wc_Sha3_384_Copy()
- */
-static int test_wc_Sha3_384_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_384_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_384_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_384(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_384_Free(&sha3);
-    wc_Sha3_384_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_384_Copy */
-
-
-/*
- *  Testing wc_Sha3_512_Copy()
- */
-static int test_wc_Sha3_512_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_512_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_512_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_512(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_512_Free(&sha3);
-    wc_Sha3_512_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_512_Copy */
-/*
- * Unit test function for wc_Sha3_GetFlags()
- */
-static int test_wc_Sha3_GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha3 sha3;
-    word32  flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_GetFlags(&sha3, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-    wc_Sha3_224_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_GetFlags */
-
-
-static int test_wc_InitShake256(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake shake;
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitShake256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-
-    wc_Shake256_Free(&shake);
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int testing_wc_Shake256_Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake shake;
-    byte     msg[] = "Everybody's working for the weekend.";
-    byte     msg2[] = "Everybody gets Friday off.";
-    byte     msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
-                        "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
-                        "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
-                        "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
-                        "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
-    word32   msglen = sizeof(msg) - 1;
-    word32   msg2len = sizeof(msg2);
-    word32   msgCmplen = sizeof(msgCmp);
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, msg, msglen), 0);
-    ExpectIntEQ(XMEMCMP(msg, shake.t, msglen), 0);
-    ExpectTrue(shake.i == msglen);
-
-    ExpectIntEQ(wc_Shake256_Update(&shake, msg2, msg2len), 0);
-    ExpectIntEQ(XMEMCMP(shake.t, msgCmp, msgCmplen), 0);
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_Shake256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 5), BAD_FUNC_ARG);
-    wc_Shake256_Free(&shake);
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 0), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, msg2, msg2len), 0);
-    ExpectIntEQ(XMEMCMP(msg2, shake.t, msg2len), 0);
-    wc_Shake256_Free(&shake);
-#endif /* WOLFSSL_SHAKE256 */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Shake256_Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake    shake;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
-                         "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
-                         "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
-                         "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
-                         "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
-                         "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
-                         "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
-                         "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
-                         "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
-    byte        hash[114];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg)),
-        0);
-    ExpectIntEQ(wc_Shake256_Final(&shake, hash, (word32)sizeof(hash)), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, (word32)sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Shake256_Final(NULL, hash, (word32)sizeof(hash)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash)),
-        BAD_FUNC_ARG);
-
-    wc_Shake256_Free(&shake);
-#endif
-    return EXPECT_RESULT();
-}
-/*
- *  Testing wc_Shake256_Copy()
- */
-static int test_wc_Shake256_Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake    shake, shakeCpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[144];
-    byte        hashCpy[144];
-    word32      hashLen = sizeof(hash);
-    word32      hashLenCpy = sizeof(hashCpy);
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitShake256(&shakeCpy, HEAP_HINT, testDevId), 0);
-
-    ExpectIntEQ(wc_Shake256_Update(&shake, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, &shake), 0);
-    ExpectIntEQ(wc_Shake256_Final(&shake, hash, hashLen), 0);
-    ExpectIntEQ(wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Shake256_Copy(NULL, &shake), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, NULL), BAD_FUNC_ARG);
-
-    wc_Shake256_Free(&shake);
-    wc_Shake256_Free(&shakeCpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Shake256_Copy */
-/*
- * Unit test function for wc_Shake256Hash()
- */
-static int test_wc_Shake256Hash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    const byte data[] = { /* Hello World */
-        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
-        0x72,0x6c,0x64
-    };
-    word32     len = sizeof(data);
-    byte       hash[144];
-    word32     hashLen = sizeof(hash);
-
-    ExpectIntEQ(wc_Shake256Hash(data, len, hash, hashLen), 0);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Shake256Hash */
-
-
-/*
- *  Testing wc_InitSm3(), wc_Sm3Free()
- */
-static int test_wc_InitSm3Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_InitSm3(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-
-    wc_Sm3Free(NULL);
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_InitSm3 */
-
-/*
- *  Testing wc_Sm3Update(), wc_Sm3Final()
- */
-static int test_wc_Sm3UpdateFinal(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-    byte data[WC_SM3_BLOCK_SIZE * 4];
-    byte hash[WC_SM3_DIGEST_SIZE];
-    byte calcHash[WC_SM3_DIGEST_SIZE];
-    byte expHash[WC_SM3_DIGEST_SIZE] = {
-        0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27,
-        0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1,
-        0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b,
-        0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6
-    };
-    word32 chunk;
-    word32 i;
-
-    XMEMSET(data, 0, sizeof(data));
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Update(NULL, data, 1), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE - 2), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE * 2), 0);
-    /* Ensure too many bytes for lengths. */
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_PAD_SIZE), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Final(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Final(NULL, hash), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
-    ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE);
-
-    /* Chunk tests. */
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, sizeof(data)), 0);
-    ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
-    for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) {
-        for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) {
-            ExpectIntEQ(wc_Sm3Update(&sm3, data + i, chunk), 0);
-        }
-        if (i < (word32)sizeof(data)) {
-            ExpectIntEQ(wc_Sm3Update(&sm3, data + i, (word32)sizeof(data) - i),
-                0);
-        }
-        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
-        ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
-    }
-
-    /* Not testing when the low 32-bit length overflows. */
-
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Update */
-
-/*
- *  Testing wc_Sm3GetHash()
- */
-static int test_wc_Sm3GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-    byte hash[WC_SM3_DIGEST_SIZE];
-    byte calcHash[WC_SM3_DIGEST_SIZE];
-    byte data[WC_SM3_BLOCK_SIZE];
-
-    XMEMSET(data, 0, sizeof(data));
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3GetHash(NULL, hash), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
-    ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
-
-    /* With update. */
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, sizeof(data)), 0);
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
-    ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
-    ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
-
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Update */
-
-/*
- *  Testing wc_Sm3Copy()
- */
-static int test_wc_Sm3Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sm3 sm3;
-    wc_Sm3 sm3Copy;
-    byte hash[WC_SM3_DIGEST_SIZE];
-    byte hashCopy[WC_SM3_DIGEST_SIZE];
-    byte data[WC_SM3_BLOCK_SIZE + 1];
-    int i;
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Copy(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Copy(NULL, &sm3Copy), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
-
-    /* Ensure all parts of data updated during hashing are copied. */
-    for (i = 0; i < WC_SM3_BLOCK_SIZE + 1; i++) {
-        ExpectIntEQ(wc_Sm3Update(&sm3, data, i), 0);
-        ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
-        ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
-        ExpectIntEQ(wc_Sm3Update(&sm3Copy, data, 1), 0);
-        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
-        ExpectIntEQ(wc_Sm3Final(&sm3Copy, hashCopy), 0);
-        ExpectBufEQ(hash, hashCopy, WC_SM3_DIGEST_SIZE);
-    }
-
-    wc_Sm3Free(&sm3Copy);
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Copy */
-
-/*
- * Testing wc_Sm3FinalRaw()
- */
-static int test_wc_Sm3FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && !defined(HAVE_SELFTEST) && \
-    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sm3 sm3;
-    byte hash1[WC_SM3_DIGEST_SIZE];
-    byte hash2[WC_SM3_DIGEST_SIZE];
-    byte hash3[WC_SM3_DIGEST_SIZE];
-    byte* hash_test[3] = { hash1, hash2, hash3 };
-    int times;
-    int i;
-
-    XMEMSET(&sm3, 0, sizeof(sm3));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-
-    times = sizeof(hash_test) / sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sm3FinalRaw(&sm3, hash_test[i]), 0);
-    }
-
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sm3FinalRaw */
-/*
- *  Testing wc_Sm3GetFlags, wc_Sm3SetFlags()
- */
-static int test_wc_Sm3GetSetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sm3 sm3;
-    wc_Sm3 sm3Copy;
-    word32 flags = 0;
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
-    ExpectIntEQ(flags, 0);
-    ExpectIntEQ(wc_Sm3SetFlags(NULL, WC_HASH_FLAG_WILLCOPY), 0);
-    ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
-    ExpectIntEQ(flags, 0);
-    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
-    ExpectIntEQ(flags, 0);
-    ExpectIntEQ(wc_Sm3SetFlags(&sm3, WC_HASH_FLAG_WILLCOPY), 0);
-    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
-    ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);
-
-    ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
-    ExpectIntEQ(wc_Sm3GetFlags(&sm3Copy, &flags), 0);
-    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY | WC_HASH_FLAG_WILLCOPY);
-
-    wc_Sm3Free(&sm3Copy);
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Update */
-
-/*
- *  Testing wc_Sm3Hash()
- */
-static int test_wc_Sm3Hash(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
-    byte data[WC_SM3_BLOCK_SIZE];
-    byte hash[WC_SM3_DIGEST_SIZE];
-
-    /* Invalid parameters. */
-    ExpectIntEQ(wc_Sm3Hash(NULL, sizeof(data), hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), NULL), BAD_FUNC_ARG);
-
-    /* Valid parameters. */
-    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), hash), 0);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Hash */
-
-/*
- * Test function for wc_HmacSetKey
- */
-static int test_wc_Md5HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_MD5)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr]));
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-        wc_HmacFree(&hmac);
-        ExpectIntEQ(ret, BAD_FUNC_ARG);
-#else
-        ExpectIntEQ(ret, 0);
-#endif
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-    ExpectIntEQ(ret, BAD_FUNC_ARG);
-#elif defined(HAVE_FIPS)
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5HmacSetKey */
-
-
-/*
- * testing wc_HmacSetKey() on wc_Sha hash.
- */
-static int test_wc_ShaHmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-
-    ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaHmacSetKey() */
-
-/*
- * testing wc_HmacSetKey() on Sha224 hash.
- */
-static int test_wc_Sha224HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224HmacSetKey() */
-
- /*
-  * testing wc_HmacSetKey() on Sha256 hash
-  */
-static int test_wc_Sha256HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256HmacSetKey() */
-
-
-/*
- * testing wc_HmacSetKey on Sha384 hash.
- */
-static int test_wc_Sha384HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384HmacSetKey() */
-
-
-/*
- * testing wc_HmacUpdate on wc_Md5 hash.
- */
-static int test_wc_Md5HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5HmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA hash.
- */
-static int test_wc_ShaHmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaHmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA224 hash.
- */
-static int test_wc_Sha224HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224HmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA256 hash.
- */
-static int test_wc_Sha256HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256HmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA384  hash.
- */
-static int test_wc_Sha384HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384HmacUpdate */
-
-/*
- * Testing wc_HmacFinal() with MD5
- */
-
-static int test_wc_Md5HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
-    Hmac hmac;
-    byte hash[WC_MD5_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
-               "\x9d";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)),
-        0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5HmacFinal */
-
-/*
- * Testing wc_HmacFinal() with SHA
- */
-static int test_wc_ShaHmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-    Hmac hmac;
-    byte hash[WC_SHA_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
-               "\x8e\xf1\x46\xbe\x00";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)),
-        0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaHmacFinal */
-
-
-/*
- * Testing wc_HmacFinal() with SHA224
- */
-static int test_wc_Sha224HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-    Hmac hmac;
-    byte hash[WC_SHA224_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
-               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key,
-        (word32)XSTRLEN(key)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224HmacFinal */
-
-/*
- * Testing wc_HmacFinal() with SHA256
- */
-static int test_wc_Sha256HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-    Hmac hmac;
-    byte hash[WC_SHA256_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
-               "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
-               "\xcf\xf7";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key,
-        (word32)XSTRLEN(key)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256HmacFinal */
-
-/*
- * Testing wc_HmacFinal() with SHA384
- */
-static int test_wc_Sha384HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-    Hmac hmac;
-    byte hash[WC_SHA384_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
-               "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
-               "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
-               "\xfa\x9c\xb6";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key,
-        (word32)XSTRLEN(key)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384HmacFinal */
-
-
-
-/*
- * Testing wc_InitCmac()
- */
-static int test_wc_InitCmac(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
-    Cmac        cmac1;
-    Cmac        cmac2;
-    Cmac        cmac3;
-    /* AES 128 key. */
-    byte        key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x10\x11\x12\x13\x14\x15\x16";
-    /* AES 192 key. */
-    byte        key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x01\x11\x12\x13\x14\x15\x16"
-                         "\x01\x02\x03\x04\x05\x06\x07\x08";
-    /* AES 256 key. */
-    byte        key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x01\x11\x12\x13\x14\x15\x16"
-                         "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x01\x11\x12\x13\x14\x15\x16";
-    word32      key1Sz = (word32)sizeof(key1) - 1;
-    word32      key2Sz = (word32)sizeof(key2) - 1;
-    word32      key3Sz = (word32)sizeof(key3) - 1;
-    int         type   = WC_CMAC_AES;
-
-    (void)key1;
-    (void)key1Sz;
-    (void)key2;
-    (void)key2Sz;
-
-    XMEMSET(&cmac1, 0, sizeof(Cmac));
-    XMEMSET(&cmac2, 0, sizeof(Cmac));
-    XMEMSET(&cmac3, 0, sizeof(Cmac));
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    wc_AesFree(&cmac1.aes);
-    ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    wc_AesFree(&cmac2.aes);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0);
-#endif
-
-    wc_AesFree(&cmac3.aes);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitCmac */
-
-
-/*
- * Testing wc_CmacUpdate()
- */
-static int test_wc_CmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    Cmac        cmac;
-    byte        key[] = {
-        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
-        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
-    };
-    byte        in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
-                       "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
-                       "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
-                       "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
-                       "\xf4";
-    word32      inSz  = (word32)sizeof(in) - 1;
-    word32      keySz = (word32)sizeof(key);
-    int         type  = WC_CMAC_AES;
-
-    XMEMSET(&cmac, 0, sizeof(Cmac));
-
-    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), BAD_FUNC_ARG);
-    wc_AesFree(&cmac.aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CmacUpdate */
-
-
-/*
- * Testing wc_CmacFinal()
- */
-static int test_wc_CmacFinal(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    Cmac        cmac;
-    byte        key[] = {
-        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
-        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
-    };
-    byte        msg[] = {
-        0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
-        0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
-        0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
-        0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
-        0xf4
-    };
-    /* Test vectors from CMACGenAES128.rsp from
-     * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
-     * Per RFC4493 truncation of lsb is possible.
-     */
-    byte        expMac[] = {
-        0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
-        0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
-    };
-    byte        mac[AES_BLOCK_SIZE];
-    word32      msgSz    = (word32)sizeof(msg);
-    word32      keySz    = (word32)sizeof(key);
-    word32      macSz    = sizeof(mac);
-    word32      badMacSz = 17;
-    int         expMacSz = sizeof(expMac);
-    int         type     = WC_CMAC_AES;
-
-    XMEMSET(&cmac, 0, sizeof(Cmac));
-    XMEMSET(mac, 0, macSz);
-
-    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0);
-
-#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), BUFFER_E);
-
-    /* For the last call, use the API with implicit wc_CmacFree(). */
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
-    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
-#else /* !HAVE_FIPS || FIPS>=5.3 */
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
-    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), BUFFER_E);
-#endif /* !HAVE_FIPS || FIPS>=5.3 */
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CmacFinal */
-
-
-/*
- * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
- */
-static int test_wc_AesCmacGenerate(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    byte        key[] = {
-        0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
-        0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
-    };
-    byte        msg[]    = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
-                           "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
-    byte        expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
-                           "\x3d\x32\x65\x4c\x66\x23\xc5";
-    byte        mac[AES_BLOCK_SIZE];
-    word32      keySz    = sizeof(key);
-    word32      macSz    = sizeof(mac);
-    word32      msgSz    = sizeof(msg) - 1;
-    word32      expMacSz = sizeof(expMac) - 1;
-
-    XMEMSET(mac, 0, macSz);
-
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0);
-    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_AesCmacGenerate */
-
-
-/*
- * Testing streaming AES-GCM API.
- */
-static int test_wc_AesGcmStream(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
-    defined(WOLFSSL_AESGCM_STREAM)
-    int i;
-    WC_RNG rng[1];
-    Aes aesEnc[1];
-    Aes aesDec[1];
-    byte tag[AES_BLOCK_SIZE];
-    byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
-    byte out[AES_BLOCK_SIZE * 3 + 2];
-    byte plain[AES_BLOCK_SIZE * 3 + 2];
-    byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
-    byte key[AES_128_KEY_SIZE] = { 0, };
-    byte iv[AES_IV_SIZE] = { 1, };
-    byte ivOut[AES_IV_SIZE];
-    static const byte expTagAAD1[AES_BLOCK_SIZE] = {
-        0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
-        0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
-    };
-    static const byte expTagPlain1[AES_BLOCK_SIZE] = {
-        0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
-        0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
-    };
-    static const byte expTag[AES_BLOCK_SIZE] = {
-        0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
-        0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
-    };
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(&aesEnc, 0, sizeof(Aes));
-    XMEMSET(&aesDec, 0, sizeof(Aes));
-
-    /* Create a random for generating IV/nonce. */
-    ExpectIntEQ(wc_InitRng(rng), 0);
-
-    /* Initialize data structures. */
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-
-    /* BadParameters to streaming init. */
-    ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
-        BAD_FUNC_ARG);
-
-    /* Bad parameters to encrypt update. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
-        BAD_FUNC_ARG);
-    /* Bad parameters to decrypt update. */
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
-        BAD_FUNC_ARG);
-
-    /* Bad parameters to encrypt final. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
-        BAD_FUNC_ARG);
-    /* Bad parameters to decrypt final. */
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
-        BAD_FUNC_ARG);
-
-    /* Check calling final before setting key fails. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
-    /* Check calling update before setting key else fails. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
-        MISSING_KEY);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
-        MISSING_KEY);
-
-    /* Set key but not IV. */
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
-    /* Check calling final before setting IV fails. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
-    /* Check calling update before setting IV else fails. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
-        MISSING_IV);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
-        MISSING_IV);
-
-    /* Set IV using fixed part IV and external IV APIs. */
-    ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
-        rng), 0);
-    ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
-        GCM_NONCE_MID_SZ), 0);
-    ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
-    /* Encrypt and decrypt data. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* Encrypt/decrypt one block and AAD of one block. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
-        AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
-        AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* No data to encrypt/decrypt one byte of AAD. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* Encrypt/decrypt one byte and no AAD. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* Encryption AES is one byte at a time */
-    for (i = 0; i < (int)sizeof(aad); i++) {
-        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
-            0);
-    }
-    for (i = 0; i < (int)sizeof(in); i++) {
-        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
-            0);
-    }
-    /* Decryption AES is two bytes at a time */
-    for (i = 0; i < (int)sizeof(aad); i += 2) {
-        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
-            0);
-    }
-    for (i = 0; i < (int)sizeof(aad); i += 2) {
-        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
-            0), 0);
-    }
-    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Check streaming encryption can be decrypted with one shot. */
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
-    ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
-        AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
-
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    wc_FreeRng(rng);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesGcmStream */
-
-
-/*
- * Testing streaming SM4 API.
- */
-static int test_wc_Sm4(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
-    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
-    unsigned char key[SM4_KEY_SIZE];
-#endif
-#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
-    unsigned char iv[SM4_IV_SIZE];
-#endif
-
-    /* Invalid parameters - wc_Sm4Init */
-    ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4Init */
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-
-#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
-    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
-    XMEMSET(key, 0, sizeof(key));
-
-    /* Invalid parameters - wc_Sm4SetKey. */
-    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4SetKey. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-#endif
-
-#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
-    XMEMSET(iv, 0, sizeof(iv));
-
-    /* Invalid parameters - wc_Sm4SetIV. */
-    ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetIV(NULL, iv), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4SetIV. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-#endif
-
-    /* Valid cases - wc_Sm4Free */
-    wc_Sm4Free(NULL);
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4 */
-
-/*
- * Testing block based SM4-ECB API.
- */
-static int test_wc_Sm4Ecb(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_ECB
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE];
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(in, 0, sizeof(in));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), MISSING_KEY);
-
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-
-    /* Invalid parameters - wc_Sm4EcbEncrypt. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4EcbEncrypt. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Invalid parameters - wc_Sm4EcbDecrypt. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4EcbDecrypt. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Ecb */
-
-/*
- * Testing block based SM4-CBC API.
- */
-static int test_wc_Sm4Cbc(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_CBC
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char iv[SM4_IV_SIZE];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE];
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(iv, 0, sizeof(iv));
-    XMEMSET(in, 0, sizeof(in));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_KEY);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_IV);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_IV);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-
-    /* Invalid parameters - wc_Sm4CbcEncrypt. */
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4CbcEncrypt. */
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Invalid parameters - wc_Sm4CbcDecrypt. */
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    /* Valid cases - wc_Sm4CbcDecrypt. */
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Cbc */
-
-/*
- * Testing streaming SM4-CTR API.
- */
-static int test_wc_Sm4Ctr(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_CTR
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char iv[SM4_IV_SIZE];
-    unsigned char in[SM4_BLOCK_SIZE * 4];
-    unsigned char out[SM4_BLOCK_SIZE * 4];
-    unsigned char out2[SM4_BLOCK_SIZE * 4];
-    word32 chunk;
-    word32 i;
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(iv, 0, sizeof(iv));
-    XMEMSET(in, 0, sizeof(in));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_IV);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-
-    /* Invalid parameters - wc_Sm4CtrEncrypt. */
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4CtrEncrypt. */
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, 1), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(out2, out, 2), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. Also check encrypt of cipher text produces
-     *   plaintext.
-     */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Chunking tests. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0);
-    for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
-        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-        for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) {
-             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0);
-        }
-        if (i < (word32)sizeof(in)) {
-             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i,
-                 (word32)sizeof(in) - i), 0);
-        }
-        ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0);
-    }
-
-    for (i = 0; i < (word32)sizeof(iv); i++) {
-        iv[i] = 0xff;
-        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0);
-        ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0);
-    }
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Ctr */
-
-/*
- * Testing stream SM4-GCM API.
- */
-static int test_wc_Sm4Gcm(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_GCM
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char nonce[GCM_NONCE_MAX_SZ];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char in2[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE * 2];
-    unsigned char dec[SM4_BLOCK_SIZE * 2];
-    unsigned char tag[SM4_BLOCK_SIZE];
-    unsigned char aad[SM4_BLOCK_SIZE * 2];
-    word32 i;
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(nonce, 0, sizeof(nonce));
-    XMEMSET(in, 0, sizeof(in));
-    XMEMSET(in2, 0, sizeof(in2));
-    XMEMSET(aad, 0, sizeof(aad));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-
-    /* Invalid parameters - wc_Sm4GcmSetKey. */
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
-
-    /* Valid parameters - wc_Sm4GcmSetKey. */
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0);
-
-    /* Invalid parameters - wc_Sm4GcmEncrypt. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Invalid parameters - wc_Sm4GcmDecrypt. */
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
-        SM4_GCM_AUTH_E);
-
-    /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
-    for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) {
-        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
-    }
-
-    /* Check different in/out sizes. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
-        XMEMCPY(out2, out, i - 1);
-        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
-        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
-    }
-
-    /* Force the counter to roll over in first byte. */
-    {
-        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
-        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
-
-        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
-            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
-            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
-    }
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Gcm */
-
-/*
- * Testing stream SM4-CCM API.
- */
-static int test_wc_Sm4Ccm(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_CCM
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char nonce[CCM_NONCE_MAX_SZ];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char in2[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE * 2];
-    unsigned char dec[SM4_BLOCK_SIZE * 2];
-    unsigned char tag[SM4_BLOCK_SIZE];
-    unsigned char aad[SM4_BLOCK_SIZE * 2];
-    word32 i;
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(nonce, 0, sizeof(nonce));
-    XMEMSET(in, 0, sizeof(in));
-    XMEMSET(in2, 0, sizeof(in2));
-    XMEMSET(aad, 0, sizeof(aad));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-
-    /* Invalid parameters - wc_Sm4CcmEncrypt. */
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Invalid parameters - wc_Sm4CcmDecrypt. */
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
-    for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    }
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
-        SM4_CCM_AUTH_E);
-
-    /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
-    for (i = 0; i < 4; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    }
-    /*   Odd values in range 4..SM4_BLOCK_SIZE. */
-    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    }
-    /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt.
-     * Even values in range 4..SM4_BLOCK_SIZE.
-     */
-    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
-    }
-
-    /* Check different in/out sizes. */
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
-        XMEMCPY(out2, out, i - 1);
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
-    }
-
-    /* Force the counter to roll over in first byte. */
-    {
-        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
-        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
-
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
-            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
-            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
-    }
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Ccm */
-
-
-/*
- * unit test for wc_Des3_SetIV()
- */
-static int test_wc_Des3_SetIV(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    Des3 des;
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-
-    /* DES_ENCRYPTION or DES_DECRYPTION */
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
-
-#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
-    /* Test explicitly wc_Des3_SetIV()  */
-    ExpectIntEQ(wc_Des3_SetIV(NULL, iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0);
-#endif
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Des3_SetIV */
-
-/*
- * unit test for wc_Des3_SetKey()
- */
-static int test_wc_Des3_SetKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    Des3 des;
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-
-    /* DES_ENCRYPTION or DES_DECRYPTION */
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), BAD_FUNC_ARG);
-    /* Default case. Should return 0. */
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0);
-
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Des3_SetKey */
-
-
-/*
- * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
- */
-static int test_wc_Des3_CbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    Des3 des;
-    byte cipher[24];
-    byte plain[24];
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0);
-    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), BAD_FUNC_ARG);
-
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-
-} /* END wc_Des3_CbcEncrypt */
-
-/*
- *  Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
- */
-static int test_wc_Des3_CbcEncryptDecryptWithKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    word32 vectorSz, cipherSz;
-    byte cipher[24];
-    byte plain[24];
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-
-    vectorSz = sizeof(byte) * 24;
-    cipherSz = sizeof(byte) * 24;
-
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv),
-        0);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0);
-    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
-
-    /* pass in bad args. */
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL),
-        0);
-
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL),
-        0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
-/*
- *  Unit test for wc_Des3_EcbEncrypt
- */
-static int test_wc_Des3_EcbEncrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
-    Des3    des;
-    byte    cipher[24];
-    word32  cipherSz = sizeof(cipher);
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0);
-
-    /* Good Cases */
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0);
-
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Des3_EcbEncrypt */
-
-/*
- * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
- */
-static int test_wc_Chacha_SetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CHACHA
-    ChaCha     ctx;
-    const byte key[] = {
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
-    };
-    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
-    byte       cipher[128];
-
-    XMEMSET(cipher, 0, sizeof(cipher));
-    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Chacha_SetKey */
-
-/*
- * unit test for wc_Poly1305SetKey()
- */
-static int test_wc_Poly1305SetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_POLY1305
-    Poly1305    ctx;
-    const byte  key[] =
-    {
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
-    };
-    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
-
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Poly1305_SetKey() */
-
-/*
- * Testing wc_Chacha_Process()
- */
-static int test_wc_Chacha_Process(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CHACHA
-    ChaCha      enc, dec;
-    byte        cipher[128];
-    byte        plain[128];
-    const byte  key[] =
-    {
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
-    };
-    const char* input = "Everybody gets Friday off.";
-    word32      keySz = sizeof(key)/sizeof(byte);
-    unsigned long int inlen = XSTRLEN(input);
-
-    /* Initialize stack variables. */
-    XMEMSET(cipher, 0, 128);
-    XMEMSET(plain, 0, 128);
-
-    ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0);
-    ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0);
-    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
-    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
-
-    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen),
-        0);
-    ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0);
-    ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
-
-#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
-    /* test checking and using leftovers, currently just in C code */
-    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
-    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
-
-    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input,
-        (word32)inlen - 2), 0);
-    ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2),
-        (byte*)input + (inlen - 2), 2), 0);
-    ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher,
-        (word32)inlen - 2), 0);
-    ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2),
-        (byte*)input + (inlen - 2), 2), 0);
-    ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
-
-    /* check edge cases with counter increment */
-    {
-        /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
-        const byte expected[] = {
-            0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
-            0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
-            0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
-            0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
-            0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
-            0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
-            0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
-            0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
-            0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
-            0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
-            0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
-            0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
-            0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
-            0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
-            0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
-            0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
-            0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
-            0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
-            0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
-            0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
-            0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
-            0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
-            0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
-            0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
-            0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
-            0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
-            0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
-            0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
-            0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
-            0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
-            0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
-            0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
-        };
-        const byte iv2[] = {
-            0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
-            0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
-        };
-        byte input2[256];
-        int i;
-
-        for (i = 0; i < 256; i++)
-            input2[i] = i;
-
-        ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0);
-
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0);
-        ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0);
-
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0);
-        ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
-
-        /* partial */
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0);
-        ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
-
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0);
-        ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
-    }
-#endif
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Chacha_Process */
-
-/*
- * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
- */
-static int test_wc_ChaCha20Poly1305_aead(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    const byte  key[] = {
-        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
-    };
-    const byte  plaintext[] = {
-        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
-        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
-        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
-        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
-        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
-        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
-        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
-        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
-        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
-        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
-        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
-        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
-        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
-        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
-        0x74, 0x2e
-    };
-    const byte  iv[] = {
-        0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
-        0x44, 0x45, 0x46, 0x47
-    };
-    const byte  aad[] = { /* additional data */
-        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
-        0xc4, 0xc5, 0xc6, 0xc7
-    };
-    const byte  cipher[] = { /* expected output from operation */
-        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
-        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
-        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
-        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
-        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
-        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
-        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
-        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
-        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
-        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
-        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
-        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
-        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
-        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
-        0x61, 0x16
-    };
-    const byte  authTag[] = { /* expected output from operation */
-        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
-        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
-    };
-    byte        generatedCiphertext[272];
-    byte        generatedPlaintext[272];
-    byte        generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-
-    /* Initialize stack variables. */
-    XMEMSET(generatedCiphertext, 0, 272);
-    XMEMSET(generatedPlaintext, 0, 272);
-
-    /* Test Encrypt */
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        0);
-    ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher,
-        sizeof(cipher)/sizeof(byte)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), NULL, generatedAuthTag), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, generatedPlaintext), 0);
-    ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext,
-        sizeof(plaintext)/sizeof(byte)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, generatedPlaintext),  BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
-        cipher, sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), NULL, generatedPlaintext), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ChaCha20Poly1305_aead */
-
-
-/*
- * Testing function for wc_Rc2SetKey().
- */
-static int test_wc_Rc2SetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2  rc2;
-    byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
-    byte iv[]    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
-
-    /* valid key and IV */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), 0);
-    /* valid key, no IV */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
-        NULL, 40), 0);
-
-    /* bad arguments  */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), BAD_FUNC_ARG);
-    /* null key */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), BAD_FUNC_ARG);
-    /* key size == 0 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), WC_KEY_SIZE_E);
-    /* key size > 128 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), WC_KEY_SIZE_E);
-    /* effective bits == 0 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
-        iv, 0), WC_KEY_SIZE_E);
-    /* effective bits > 1024 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
-        iv, 1025), WC_KEY_SIZE_E);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2SetKey */
-
-/*
- * Testing function for wc_Rc2SetIV().
- */
-static int test_wc_Rc2SetIV(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2  rc2;
-    byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
-
-    /* valid IV */
-    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
-    /* valid NULL IV */
-    ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0);
-
-    /* bad arguments */
-    ExpectIntEQ(wc_Rc2SetIV(NULL, iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2SetIV */
-
-/*
- * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt().
- */
-static int test_wc_Rc2EcbEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2 rc2;
-    int effectiveKeyBits = 63;
-    byte cipher[RC2_BLOCK_SIZE];
-    byte plain[RC2_BLOCK_SIZE];
-    byte key[]    = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-    byte input[]  = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-    byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
-
-    XMEMSET(cipher, 0, sizeof(cipher));
-    XMEMSET(plain, 0, sizeof(plain));
-
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
-        NULL, effectiveKeyBits), 0);
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0);
-
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0);
-
-    /* Rc2EcbEncrypt bad arguments */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* output buffer sz != RC2_BLOCK_SIZE (8) */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), BUFFER_E);
-
-    /* Rc2EcbDecrypt bad arguments */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* output buffer sz != RC2_BLOCK_SIZE (8) */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), BUFFER_E);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2EcbEncryptDecrypt */
-
-/*
- * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt().
- */
-static int test_wc_Rc2CbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2 rc2;
-    int effectiveKeyBits = 63;
-    byte cipher[RC2_BLOCK_SIZE*2];
-    byte plain[RC2_BLOCK_SIZE*2];
-    /* vector taken from test.c */
-    byte key[] = {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    };
-    byte iv[] = {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    };
-    byte input[] = {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    };
-    byte output[] = {
-        0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
-        0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
-    };
-
-    XMEMSET(cipher, 0, sizeof(cipher));
-    XMEMSET(plain, 0, sizeof(plain));
-
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
-        iv, effectiveKeyBits), 0);
-    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0);
-    ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0);
-
-    /* reset IV for decrypt */
-    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0);
-    ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0);
-
-    /* Rc2CbcEncrypt bad arguments */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)),
-        BAD_FUNC_ARG);
-
-    /* Rc2CbcDecrypt bad arguments */
-    /* in size is 0 */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0);
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2CbcEncryptDecrypt */
-
-
-/*
- * Testing function for wc_AesSetIV
- */
-static int test_wc_AesSetIV(void)
-{
-    int res = TEST_SKIPPED;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    Aes     aes;
-    int     ret = 0;
-    byte    key16[] =
-    {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte    iv1[]    = "1234567890abcdef";
-    byte    iv2[]    = "0987654321fedcba";
-
-    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return ret;
-
-    ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
-                                                     iv1, AES_ENCRYPTION);
-    if (ret == 0) {
-        ret = wc_AesSetIV(&aes, iv2);
-    }
-    /* Test bad args. */
-    if (ret == 0) {
-        ret = wc_AesSetIV(NULL, iv1);
-        if (ret == BAD_FUNC_ARG) {
-            /* NULL iv should return 0. */
-            ret = wc_AesSetIV(&aes, NULL);
-        }
-        else {
-            ret = WOLFSSL_FATAL_ERROR;
-        }
-    }
-
-    wc_AesFree(&aes);
-
-    res = TEST_RES_CHECK(ret == 0);
-#endif
-    return res;
-} /* test_wc_AesSetIV */
-
-
-/*
- * Testing function for wc_AesSetKey().
- */
-static int test_wc_AesSetKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_AES
-    Aes  aes;
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-    byte iv[] = "1234567890abcdef";
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte),
-        iv, AES_ENCRYPTION), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte),
-        iv, AES_ENCRYPTION), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte),
-        iv, AES_ENCRYPTION), 0);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte),
-        iv, AES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesSetKey(&aes, badKey16,
-        (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesSetKey */
-
-
-
-/*
- * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
- * and wc_AesCbcDecryptWithKey()
- */
-static int test_wc_AesCbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
-    defined(WOLFSSL_AES_256)
-    Aes  aes;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all good men w/o trailing 0 */
-        0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
-        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
-        0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20,
-        0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e
-    };
-    byte    iv[]   = "1234567890abcdef";
-    byte    enc[sizeof(vector)];
-    byte    dec[sizeof(vector)];
-    byte    dec2[sizeof(vector)];
-
-    /* Init stack variables. */
-    XMEMSET(&aes, 0, sizeof(Aes));
-    XMEMSET(enc, 0, sizeof(enc));
-    XMEMSET(dec, 0, sizeof(vector));
-    XMEMSET(dec2, 0, sizeof(vector));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_ENCRYPTION), 0);
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0);
-
-    /* Re init for decrypt and set flag. */
-    ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_DECRYPTION), 0);
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32,
-        sizeof(key32)/sizeof(byte), iv), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec2, AES_BLOCK_SIZE), 0);
-
-    /* Pass in bad args */
-    ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)),
-        BAD_FUNC_ARG);
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1),
-        BAD_LENGTH_E);
-#endif
-#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
-    fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS "
-                    "mode (v2), skip test");
-#else
-    /* Test passing in size of 0  */
-    XMEMSET(enc, 0, sizeof(enc));
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0);
-    /* Check enc was not modified */
-    {
-        int i;
-        for (i = 0; i < (int)sizeof(enc); i++)
-            ExpectIntEQ(enc[i], 0);
-    }
-#endif
-
-    ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
-        BAD_LENGTH_E);
-#else
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
-        BAD_FUNC_ARG);
-#endif
-
-    /* Test passing in size of 0  */
-    XMEMSET(dec, 0, sizeof(dec));
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0);
-    /* Check dec was not modified */
-    {
-        int i;
-        for (i = 0; i < (int)sizeof(dec); i++)
-            ExpectIntEQ(dec[i], 0);
-    }
-
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
-        NULL, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), NULL), BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesCbcEncryptDecrypt */
-
-/*
- * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
- */
-static int test_wc_AesCtrEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
-    Aes aesEnc;
-    Aes aesDec;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    byte iv[] = "1234567890abcdef";
-    byte enc[AES_BLOCK_SIZE * 2];
-    byte dec[AES_BLOCK_SIZE * 2];
-
-    /* Init stack variables. */
-    XMEMSET(&aesEnc, 0, sizeof(Aes));
-    XMEMSET(&aesDec, 0, sizeof(Aes));
-    XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
-    XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
-
-    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_ENCRYPTION), 0);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector,
-        sizeof(vector)/sizeof(byte)), 0);
-    /* Decrypt with wc_AesCtrEncrypt() */
-    ExpectIntEQ(wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_ENCRYPTION), 0);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)),
-        0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&aesEnc);
-    wc_AesFree(&aesDec);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesCtrEncryptDecrypt */
-
-/*
- * test function for wc_AesGcmSetKey()
- */
-static int test_wc_AesGcmSetKey(void)
-{
-    EXPECT_DECLS;
-#if  !defined(NO_AES) && defined(HAVE_AESGCM)
-    Aes aes;
-#ifdef WOLFSSL_AES_128
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-    byte badKey24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
-    };
-    byte badKey32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesGcmSetKey */
-
-/*
- * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
- */
-static int test_wc_AesGcmEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-    /* WOLFSSL_AFALG requires 12 byte IV */
-#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
-    !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
-    Aes  aes;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    const byte a[] = {
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xab, 0xad, 0xda, 0xd2
-    };
-    byte iv[] = "1234567890a";
-    byte longIV[] = "1234567890abcdefghij";
-    byte enc[sizeof(vector)];
-    byte resultT[AES_BLOCK_SIZE];
-    byte dec[sizeof(vector)];
-
-    /* Init stack variables. */
-    XMEMSET(&aes, 0, sizeof(Aes));
-    XMEMSET(enc, 0, sizeof(vector));
-    XMEMSET(dec, 0, sizeof(vector));
-    XMEMSET(resultT, 0, AES_BLOCK_SIZE);
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-
-    /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
-    ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)),
-        BAD_FUNC_ARG);
-
-#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-        (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
-        defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
-        /* FIPS does not check the lower bound of ivSz */
-#else
-        ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0,
-            resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
-#endif
-
-    /* This case is now considered good. Long IVs are now allowed.
-     * Except for the original FIPS release, it still has an upper
-     * bound on the IV length. */
-#if (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
-    !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
-        sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        0);
-#else
-    (void)longIV;
-#endif /* Old FIPS */
-    /* END wc_AesGcmEncrypt */
-
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        BAD_FUNC_ARG);
-    #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-            (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
-            !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
-            /* FIPS does not check the lower bound of ivSz */
-    #else
-        ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
-            iv, 0, resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
-    #endif
-#endif /* HAVE_AES_DECRYPT */
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_AesGcmEncryptDecrypt */
-
-/*
- * test function for mixed (one-shot encrpytion + stream decryption) AES GCM
- * using a long IV (older FIPS does NOT support long IVs).  Relates to zd15423
- */
-static int test_wc_AesGcmMixedEncDecLongIV(void)
-{
-    EXPECT_DECLS;
-#if  (!defined(HAVE_FIPS) || \
-      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
-     !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
-    const byte key[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    const byte in[] = {
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    const byte aad[] = {
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xab, 0xad, 0xda, 0xd2
-    };
-    Aes aesEnc;
-    Aes aesDec;
-    byte iv[] = "1234567890abcdefghij";
-    byte out[sizeof(in)];
-    byte plain[sizeof(in)];
-    byte tag[AES_BLOCK_SIZE];
-
-    XMEMSET(&aesEnc, 0, sizeof(Aes));
-    XMEMSET(&aesDec, 0, sizeof(Aes));
-    XMEMSET(out, 0, sizeof(out));
-    XMEMSET(plain, 0, sizeof(plain));
-    XMEMSET(tag, 0, sizeof(tag));
-
-    /* Perform one-shot encryption using long IV */
-    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv),
-        tag, sizeof(tag), aad, sizeof(aad)), 0);
-
-    /* Perform streaming decryption using long IV */
-    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad,
-        sizeof(aad)), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
-
-    /* Free resources */
-    wc_AesFree(&aesEnc);
-    wc_AesFree(&aesDec);
-#endif
-    return EXPECT_RESULT();
-
-} /* END wc_AesGcmMixedEncDecLongIV */
-
-/*
- * unit test for wc_GmacSetKey()
- */
-static int test_wc_GmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
-    Gmac gmac;
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
-    };
-    byte badKey24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-    byte badKey32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-
-    XMEMSET(&gmac, 0, sizeof(Gmac));
-
-    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&gmac.aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_GmacSetKey */
-
-/*
- * unit test for wc_GmacUpdate
- */
-static int test_wc_GmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
-    Gmac gmac;
-#ifdef WOLFSSL_AES_128
-    const byte key16[] = {
-        0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
-        0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
-        0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
-        0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-   byte key32[] = {
-        0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
-        0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
-        0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
-        0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
-    };
-#endif
-#ifdef WOLFSSL_AES_128
-    const byte authIn[] = {
-        0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
-        0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    const byte authIn2[] = {
-       0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
-       0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
-    };
-#endif
-    const byte authIn3[] = {
-        0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
-        0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
-    };
-#ifdef WOLFSSL_AES_128
-    const byte tag1[] = { /* Known. */
-        0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
-        0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    const byte tag2[] = { /* Known */
-        0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
-        0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
-    };
-#endif
-    const byte tag3[] = { /* Known */
-        0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
-        0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
-    };
-#ifdef WOLFSSL_AES_128
-    const byte iv[] = {
-        0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
-        0xe2, 0x8c, 0x8f, 0x16
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    const byte iv2[] = {
-        0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
-        0x7e, 0x1a, 0x6f, 0xbc
-    };
-#endif
-    const byte iv3[] = {
-        0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
-        0xc3, 0xfb, 0x6c, 0x8a
-    };
-    byte tagOut[16];
-    byte tagOut2[24];
-    byte tagOut3[32];
-
-    /* Init stack variables. */
-    XMEMSET(&gmac, 0, sizeof(Gmac));
-    XMEMSET(tagOut, 0, sizeof(tagOut));
-    XMEMSET(tagOut2, 0, sizeof(tagOut2));
-    XMEMSET(tagOut3, 0, sizeof(tagOut3));
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
-        tagOut, sizeof(tag1)), 0);
-    ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0);
-    wc_AesFree(&gmac.aes);
-#endif
-
-#ifdef WOLFSSL_AES_192
-    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
-    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2),
-        tagOut2, sizeof(tag2)), 0);
-    ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0);
-    wc_AesFree(&gmac.aes);
-#endif
-
-#ifdef WOLFSSL_AES_256
-    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
-    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3)), 0);
-    ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0);
-    wc_AesFree(&gmac.aes);
-#endif
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3) - 5), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3) + 1),  BAD_FUNC_ARG);
-    wc_AesFree(&gmac.aes);
-
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_GmacUpdate */
-
-
-/*
- * testing wc_CamelliaSetKey
- */
-static int test_wc_CamelliaSetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia camellia;
-    /*128-bit key*/
-    static const byte key16[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
-    };
-    /* 192-bit key */
-    static const byte key24[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
-    };
-    /* 256-bit key */
-    static const byte key32[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-    };
-    static const byte iv[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-    };
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32),
-        NULL), 0);
-
-    /* Bad args. */
-    ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CammeliaSetKey */
-
-/*
- * Testing wc_CamelliaSetIV()
- */
-static int test_wc_CamelliaSetIV(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia    camellia;
-    static const byte iv[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-    };
-
-    ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0);
-    ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0);
-
-    /* Bad args. */
-    ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CamelliaSetIV*/
-
-/*
- * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
- */
-static int test_wc_CamelliaEncryptDecryptDirect(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia camellia;
-    static const byte key24[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
-    };
-    static const byte iv[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-    };
-    static const byte plainT[] = {
-        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
-    };
-    byte    enc[sizeof(plainT)];
-    byte    dec[sizeof(enc)];
-
-    /* Init stack variables.*/
-    XMEMSET(enc, 0, 16);
-    XMEMSET(enc, 0, 16);
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0);
-    ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test-wc_CamelliaEncryptDecryptDirect */
-
-/*
- * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
- */
-static int test_wc_CamelliaCbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia camellia;
-    static const byte key24[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
-    };
-    static const byte plainT[] = {
-        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
-    };
-    byte    enc[CAMELLIA_BLOCK_SIZE];
-    byte    dec[CAMELLIA_BLOCK_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
-    XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT,
-        CAMELLIA_BLOCK_SIZE), 0);
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE),
-        0);
-    ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CamelliaCbcEncryptDecrypt */
-
-
-/*
- * Testing wc_Arc4SetKey()
- */
-static int test_wc_Arc4SetKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_RC4
-    Arc4 arc;
-    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
-    int keyLen = 8;
-
-    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, keyLen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4SetKey(&arc, NULL      , keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0     ), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Arc4SetKey */
-
-/*
- * Testing wc_Arc4Process for ENC/DEC.
- */
-static int test_wc_Arc4Process(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_RC4
-    Arc4 enc;
-    Arc4 dec;
-    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
-    int keyLen = 8;
-    const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
-    byte cipher[8];
-    byte plain[8];
-
-    /* Init stack variables */
-    XMEMSET(&enc, 0, sizeof(Arc4));
-    XMEMSET(&dec, 0, sizeof(Arc4));
-    XMEMSET(cipher, 0, sizeof(cipher));
-    XMEMSET(plain, 0, sizeof(plain));
-
-    /* Use for async. */
-    ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, keyLen), 0);
-    ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, keyLen), 0);
-
-    ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, keyLen), 0);
-    ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, keyLen), 0);
-    ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0);
-
-    /* Bad args. */
-    ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, keyLen), BAD_FUNC_ARG);
-
-    wc_Arc4Free(&enc);
-    wc_Arc4Free(&dec);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Arc4Process */
-
-
 /*
  * Testing wc_Init RsaKey()
  */
@@ -18685,11 +14622,7 @@ static int test_wc_InitRsaKey(void)
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
 
     /* Test bad args. */
-#ifndef HAVE_USER_RSA
-    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), USER_CRYPTO_ERROR);
-#endif
+    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -18726,23 +14659,14 @@ static int test_wc_RsaPrivateKeyDecode(void)
     }
 
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0);
-#ifndef HAVE_USER_RSA
+
     /* Test bad args. */
     ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        BAD_FUNC_ARG);
-#else
-    /* Test bad args. User RSA. */
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        USER_CRYPTO_ERROR);
-#endif
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -18789,23 +14713,14 @@ static int test_wc_RsaPublicKeyDecode(void)
     }
 
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        BAD_FUNC_ARG);
-#else
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        USER_CRYPTO_ERROR);
-#endif
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
 
@@ -18823,14 +14738,14 @@ static int test_wc_RsaPublicKeyDecode(void)
         f = XBADFILE;
     }
     idx = 0;
-    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
+    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, NULL,
         NULL), 0);
     ExpectTrue((f = XFOPEN(rsaPssPubKeyNoParams, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
     if (f != XBADFILE)
         XFCLOSE(f);
     idx = 0;
-    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
+    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, NULL,
         NULL), 0);
 #endif
 
@@ -18849,28 +14764,20 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
     RsaKey     key;
     const byte n = 0x23;
     const byte e = 0x03;
-    int        nSz = sizeof(n);
-    int        eSz = sizeof(e);
+    word32     nSz = sizeof(n);
+    word32     eSz = sizeof(e);
 
     ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
-       BAD_FUNC_ARG);
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
-       BAD_FUNC_ARG);
-#else
-    /* Pass in bad args. User RSA. */
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
-       USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
-       USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
-       USER_CRYPTO_ERROR);
-#endif
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
 #endif
@@ -18879,7 +14786,105 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 } /* END test_wc_RsaPublicKeyDecodeRaw */
 
 
-#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
+/*
+ * Testing wc_RsaPrivateKeyDecodeRaw()
+ */
+static int test_wc_RsaPrivateKeyDecodeRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) \
+    && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    RsaKey key;
+    const byte n = 33;
+    const byte e = 3;
+    const byte d = 7;
+    const byte u = 2;
+    const byte p = 3;
+    const byte q = 11;
+    const byte dp = 1;
+    const byte dq = 7;
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), NULL, 0,
+                NULL, 0, &key), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                NULL, 0, &key), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), NULL, 0,
+                &dq, sizeof(dq), &key), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(NULL, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, 0,
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                NULL, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, 0, &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), NULL, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, 0, &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                NULL, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, 0, &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), NULL, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, 0, &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, 0,
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), NULL, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, 0,
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END  test_wc_RsaPrivateKeyDecodeRaw */
+
+
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
      * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
      * trying until it gets a probable prime. */
@@ -18890,7 +14895,7 @@ static int test_wc_RsaPublicKeyDecodeRaw(void)
 
             for (;;) {
                 ret = wc_MakeRsaKey(key, size, e, rng);
-                if (ret != PRIME_GEN_E) break;
+                if (ret != WC_NO_ERR_TRACE(PRIME_GEN_E)) break;
                 fprintf(stderr, "MakeRsaKey couldn't find prime; "
                                 "trying again.\n");
             }
@@ -18915,7 +14920,8 @@ static int test_wc_MakeRsaKey(void)
     RsaKey genKey;
     WC_RNG rng;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int bits = 1024;
 #else
     int bits = 2048;
@@ -18929,26 +14935,14 @@ static int test_wc_MakeRsaKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
 
-#ifndef HAVE_USER_RSA
     /* Test bad args. */
-    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* e < 3 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* e & 1 == 0 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), BAD_FUNC_ARG);
-#else
-    /* Test bad args. */
-    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
-        USER_CRYPTO_ERROR);
-    /* e < 3 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), USER_CRYPTO_ERROR);
-    /* e & 1 == 0 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), USER_CRYPTO_ERROR);
-#endif /* HAVE_USER_RSA */
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
@@ -18973,7 +14967,7 @@ static int test_RsaDecryptBoundsCheck(void)
     WC_RNG rng;
     RsaKey key;
     byte flatC[256];
-    word32 flatCSz;
+    word32 flatCSz = 0;
     byte out[256];
     word32 outSz = sizeof(out);
 
@@ -19006,14 +15000,14 @@ static int test_RsaDecryptBoundsCheck(void)
         flatC[flatCSz-1] = 1;
 
         ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
-            RSA_PRIVATE_DECRYPT, &rng), RSA_OUT_OF_RANGE_E);
+            RSA_PRIVATE_DECRYPT, &rng), WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E));
         if (EXPECT_SUCCESS()) {
             mp_int c;
             ExpectIntEQ(mp_init_copy(&c, &key.n), 0);
             ExpectIntEQ(mp_sub_d(&c, 1, &c), 0);
             ExpectIntEQ(mp_to_unsigned_bin(&c, flatC), 0);
             ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
-                RSA_PRIVATE_DECRYPT, NULL), RSA_OUT_OF_RANGE_E);
+                RSA_PRIVATE_DECRYPT, NULL), WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E));
             mp_clear(&c);
         }
     }
@@ -19042,12 +15036,12 @@ static int test_wc_SetKeyUsage(void)
     ExpectIntEQ(wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), KEYUSAGE_E);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), KEYUSAGE_E);
+    ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), WC_NO_ERR_TRACE(KEYUSAGE_E));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), WC_NO_ERR_TRACE(KEYUSAGE_E));
     ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"),
-        KEYUSAGE_E);
+        WC_NO_ERR_TRACE(KEYUSAGE_E));
 #endif
     return EXPECT_RESULT();
 } /* END  test_wc_SetKeyUsage */
@@ -19093,19 +15087,19 @@ static int test_wc_CheckProbablePrime(void)
 
     /* Bad cases */
     ExpectIntEQ(wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
     ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime),
@@ -19147,17 +15141,17 @@ static int test_wc_RsaPSS_Verify(void)
         WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
 
     /* Bad cases */
-    ExpectIntEQ(wc_RsaPSS_Verify(NULL, sz, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaPSS_Verify(NULL, (word32)sz, pt, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_Verify(pSignature, (word32)sz, NULL, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
-    ExpectIntGT(wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
+    ExpectIntGT(wc_RsaPSS_Verify(pSignature, (word32)sz, pt, outLen,
         WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19194,25 +15188,25 @@ static int test_wc_RsaPSS_VerifyCheck(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
     ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
     ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
-    ExpectTrue((digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
-    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz),
+    ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
+    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, digestSz),
         0);
 
     ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
         WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
 
     /* Bad cases */
-    ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, (word32)sz, pt, outLen, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, NULL, outLen, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
-    ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen, digest,
+    ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, pt, outLen, digest,
         digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
 
     ExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19247,25 +15241,25 @@ static int test_wc_RsaPSS_VerifyCheckInline(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
     ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
     ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
-    ExpectTrue((digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
-    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz),
+    ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
+    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, digestSz),
         0);
 
     ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature,
         sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, (word32)sz, &pt, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
+        digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Good case */
-    ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest,
+    ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
         digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19296,7 +15290,7 @@ static int test_wc_LockMutex_ex(void)
     int line = 0;
 
     /* without SetMutexCb */
-    ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), BAD_STATE_E);
+    ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), WC_NO_ERR_TRACE(BAD_STATE_E));
     /* with SetMutexCb */
     ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0);
     ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), 0);
@@ -19328,7 +15322,8 @@ static int test_wc_RsaKeyToDer(void)
     WC_RNG rng;
     byte*  der = NULL;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int     bits = 1024;
     word32  derSz = 611;
     /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
@@ -19351,31 +15346,18 @@ static int test_wc_RsaKeyToDer(void)
     ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Get just the output length */
     ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
     /* Try Public Key. */
     genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #ifdef WOLFSSL_CHECK_MEM_ZERO
         /* Put back to Private Key */
         genKey.type = 1;
     #endif
-#else
-    /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), USER_CRYPTO_ERROR);
-    /* Get just the output length */
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
-    /* Try Public Key. */
-    genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), USER_CRYPTO_ERROR);
-    #ifdef WOLFSSL_CHECK_MEM_ZERO
-        /* Put back to Private Key */
-        genKey.type = 1;
-    #endif
-#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
@@ -19395,16 +15377,15 @@ static int test_wc_RsaKeyToPublicDer(void)
     WC_RNG rng;
     byte*  der = NULL;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    bits = 1024;
     word32 derLen = 162;
 #else
     int    bits = 2048;
     word32 derLen = 294;
 #endif
-#ifndef HAVE_USER_RSA
-    int    ret;
-#endif
+    int    ret = 0;
 
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(&key, 0, sizeof(key));
@@ -19422,16 +15403,10 @@ static int test_wc_RsaKeyToPublicDer(void)
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0);
     ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
 
-#ifndef HAVE_USER_RSA
     /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
-    ExpectTrue((ret == BUFFER_E) || (ret == BAD_FUNC_ARG));
-#else
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaKeyToPublicDer(&key, der, -1), USER_CRYPTO_ERROR);
-#endif
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BUFFER_E)) || (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
@@ -19460,6 +15435,10 @@ static int test_wc_RsaPublicEncryptDecrypt(void)
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
     WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     ExpectNotNull(in);
     ExpectNotNull(plain);
@@ -19476,7 +15455,7 @@ static int test_wc_RsaPublicEncryptDecrypt(void)
     ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
 
     /* Encrypt. */
-    ExpectIntGT(cipherLenResult = wc_RsaPublicEncrypt(in, inLen, cipher,
+    ExpectIntGT(cipherLenResult = (word32)wc_RsaPublicEncrypt(in, inLen, cipher,
         cipherLen, &key, &rng), 0);
     /* Pass bad args - tested in another testing function.*/
 
@@ -19507,8 +15486,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
-        && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
-        && !defined(NO_SHA256)
+        && !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256)
     RsaKey  key;
     WC_RNG  rng;
     const char inStr[] = TEST_STRING;
@@ -19523,6 +15501,10 @@ static int test_wc_RsaPublicEncryptDecrypt_ex(void)
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
     WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     ExpectNotNull(in);
     ExpectNotNull(plain);
@@ -19588,6 +15570,10 @@ static int test_wc_RsaSSL_SignVerify(void)
     WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(out, byte, TEST_RSA_BYTES, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     ExpectNotNull(in);
     ExpectNotNull(out);
@@ -19605,51 +15591,29 @@ static int test_wc_RsaSSL_SignVerify(void)
     /* Sign. */
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz);
     idx = (int)outSz;
-#ifndef HAVE_USER_RSA
+
     /* Test bad args. */
     ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
-        BAD_FUNC_ARG);
-#else
-    /* Test bad args. */
-    ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
-        USER_CRYPTO_ERROR);
-#endif
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Verify. */
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
-#ifndef HAVE_USER_RSA
+
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
-        BAD_FUNC_ARG);
-#else
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
-        USER_CRYPTO_ERROR);
-#endif
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     WC_FREE_VAR(in, NULL);
     WC_FREE_VAR(out, NULL);
@@ -19678,7 +15642,8 @@ static int test_wc_RsaEncryptSize(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
@@ -19689,11 +15654,7 @@ static int test_wc_RsaEncryptSize(void)
     ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
 
     /* Pass in bad arg. */
-#ifndef HAVE_USER_RSA
-    ExpectIntEQ(wc_RsaEncryptSize(NULL), BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(wc_RsaEncryptSize(NULL), 0);
-#endif
+    ExpectIntEQ(wc_RsaEncryptSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -19716,7 +15677,8 @@ static int test_wc_RsaFlattenPublicKey(void)
     word32 eSz = sizeof(e);
     word32 nSz = sizeof(n);
     #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+        (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    bits = 1024;
     #else
     int    bits = 2048;
@@ -19730,31 +15692,18 @@ static int test_wc_RsaFlattenPublicKey(void)
     ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
 
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0);
-#ifndef HAVE_USER_RSA
+
     /* Pass bad args. */
     ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
-        BAD_FUNC_ARG);
-#else
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
-        USER_CRYPTO_ERROR);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
-        USER_CRYPTO_ERROR);
-#endif
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -19764,1642 +15713,6 @@ static int test_wc_RsaFlattenPublicKey(void)
 } /* END test_wc_RsaFlattenPublicKey */
 
 
-
-/*
- * unit test for wc_AesCcmSetKey
- */
-static int test_wc_AesCcmSetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_AESCCM
-    Aes aes;
-    const byte key16[] = {
-        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
-    };
-    const byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-    const byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0);
-#endif
-
-    /* Test bad args. */
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), BAD_FUNC_ARG);
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), BAD_FUNC_ARG);
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_AesCcmSetKey */
-
-/*
- * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
- */
-static int test_wc_AesCcmEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
-    Aes aes;
-    const byte key16[] = {
-        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
-    };
-    /* plaintext */
-    const byte plainT[] = {
-        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
-    };
-    /* nonce */
-    const byte iv[] = {
-        0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
-        0xa1, 0xa2, 0xa3, 0xa4, 0xa5
-    };
-    const byte c[] = { /* cipher text. */
-        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
-        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
-        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
-    };
-    const byte t[] = { /* Auth tag */
-        0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
-    };
-    const byte authIn[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
-    };
-    byte cipherOut[sizeof(plainT)];
-    byte authTag[sizeof(t)];
-#ifdef HAVE_AES_DECRYPT
-    byte plainOut[sizeof(cipherOut)];
-#endif
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
-
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0);
-    ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0);
-    ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0);
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0);
-    ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0);
-#endif
-
-    /* Pass in bad args. Encrypt*/
-    ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-
-#ifdef HAVE_AES_DECRYPT
-    /* Pass in bad args. Decrypt*/
-    ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    #endif
-
-    wc_AesFree(&aes);
-#endif  /* HAVE_AESCCM */
-    return EXPECT_RESULT();
-} /* END test_wc_AesCcmEncryptDecrypt */
-
-
-#if defined(WOLFSSL_AES_EAX) && \
-    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
-
-/*
- * Testing test_wc_AesEaxVectors()
- */
-static int test_wc_AesEaxVectors(void)
-{
-    EXPECT_DECLS;
-
-    typedef struct {
-        byte key[AES_256_KEY_SIZE];
-        int key_length;
-        byte iv[AES_BLOCK_SIZE];
-        int iv_length;
-        byte aad[AES_BLOCK_SIZE * 2];
-        int aad_length;
-        byte msg[AES_BLOCK_SIZE * 5];
-        int msg_length;
-        byte ct[AES_BLOCK_SIZE * 5];
-        int ct_length;
-        byte tag[AES_BLOCK_SIZE];
-        int tag_length;
-        int valid;
-    } AadVector;
-
-    /*  Test vectors obtained from Google wycheproof project
-     *  https://github.com/google/wycheproof
-     *  from testvectors/aes_eax_test.json
-     */
-    const AadVector vectors[] = {
-        {
-            /* key, key length  */
-            {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
-             0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
-            /* iv, iv length  */
-            {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
-             0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
-            /* aad, aad length  */
-            {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
-            /* msg, msg length  */
-            {0x00}, 0,
-            /* ct, ct length  */
-            {0x00}, 0,
-            /* tag, tag length  */
-            {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
-             0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
-             0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16,
-            /* iv, iv length  */
-            {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
-             0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16,
-            /* aad, aad length  */
-            {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8,
-            /* msg, msg length  */
-            {0xf7, 0xfb}, 2,
-            /* ct, ct length  */
-            {0x19, 0xdd}, 2,
-            /* tag, tag length  */
-            {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
-             0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
-             0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16,
-            /* iv, iv length  */
-            {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
-             0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16,
-            /* aad, aad length  */
-            {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8,
-            /* msg, msg length  */
-            {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5,
-            /* ct, ct length  */
-            {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5,
-            /* tag, tag length  */
-            {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
-             0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd,
-             0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16,
-            /* iv, iv length  */
-            {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12,
-             0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16,
-            /* aad, aad length  */
-            {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8,
-            /* msg, msg length  */
-            {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5,
-            /* ct, ct length  */
-            {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5,
-            /* tag, tag length  */
-            {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f,
-             0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1,
-             0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16,
-            /* iv, iv length  */
-            {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c,
-             0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16,
-            /* aad, aad length  */
-            {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8,
-            /* msg, msg length  */
-            {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6,
-            /* ct, ct length  */
-            {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6,
-            /* tag, tag length  */
-            {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe,
-             0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2,
-             0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16,
-            /* iv, iv length  */
-            {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85,
-             0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16,
-            /* aad, aad length  */
-            {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8,
-            /* msg, msg length  */
-            {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24,
-             0x5b, 0xd1, 0xfb, 0x7d}, 12,
-            /* ct, ct length  */
-            {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35,
-             0x0e, 0x72, 0x84, 0x14}, 12,
-            /* tag, tag length  */
-            {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69,
-             0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac,
-             0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16,
-            /* iv, iv length  */
-            {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39,
-             0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16,
-            /* aad, aad length  */
-            {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8,
-            /* msg, msg length  */
-            {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed,
-             0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16,
-             0x36}, 17,
-            /* ct, ct length  */
-            {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48,
-             0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda,
-             0x30}, 17,
-            /* tag, tag length  */
-            {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa,
-             0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca,
-             0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16,
-            /* iv, iv length  */
-            {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d,
-             0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16,
-            /* aad, aad length  */
-            {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8,
-            /* msg, msg length  */
-            {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba,
-             0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd,
-             0x2d, 0x56}, 18,
-            /* ct, ct length  */
-            {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89,
-             0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae,
-             0x8c, 0xc3}, 18,
-            /* tag, tag length  */
-            {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9,
-             0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5,
-             0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16,
-            /* iv, iv length  */
-            {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8,
-             0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16,
-            /* aad, aad length  */
-            {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8,
-            /* msg, msg length  */
-            {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13,
-             0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5,
-             0xef, 0x11}, 18,
-            /* ct, ct length  */
-            {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a,
-             0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38,
-             0xb1, 0xe8}, 18,
-            /* tag, tag length  */
-            {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f,
-             0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6,
-             0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16,
-            /* iv, iv length  */
-            {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93,
-             0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16,
-            /* aad, aad length  */
-            {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8,
-            /* msg, msg length  */
-            {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa,
-             0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f,
-             0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21,
-            /* ct, ct length  */
-            {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf,
-             0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97,
-             0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21,
-            /* tag, tag length  */
-            {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52,
-             0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
-             0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
-             0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
-             0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
-             0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
-            /* tag, tag length  */
-            {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
-             0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9,
-             0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91,
-             0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20,
-             0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3,
-             0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32,
-            /* tag, tag length  */
-            {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed,
-             0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d,
-             0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5,
-             0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0,
-             0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd,
-             0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32,
-            /* tag, tag length  */
-            {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a,
-             0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2,
-             0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e,
-             0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8,
-             0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2,
-             0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32,
-            /* tag, tag length  */
-            {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac,
-             0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83,
-             0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e,
-             0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac,
-             0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0,
-             0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32,
-            /* tag, tag length  */
-            {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e,
-             0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47,
-             0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8,
-             0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e,
-             0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22,
-             0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32,
-            /* tag, tag length  */
-            {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4,
-             0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a,
-             0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64,
-            /* ct, ct length  */
-            {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6,
-             0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3,
-             0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37,
-             0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66,
-             0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3,
-             0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40,
-             0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4,
-             0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64,
-            /* tag, tag length  */
-            {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd,
-             0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55,
-             0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80,
-            /* ct, ct length  */
-            {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3,
-             0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f,
-             0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46,
-             0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb,
-             0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f,
-             0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36,
-             0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb,
-             0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d,
-             0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77,
-             0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80,
-            /* tag, tag length  */
-            {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a,
-             0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37,
-             0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16,
-            /* iv, iv length  */
-            {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc,
-             0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00}, 0,
-            /* ct, ct length  */
-            {0x00}, 0,
-            /* tag, tag length  */
-            {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69,
-             0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10,
-             0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16,
-            /* iv, iv length  */
-            {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1,
-             0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x01}, 1,
-            /* ct, ct length  */
-            {0x1d}, 1,
-            /* tag, tag length  */
-            {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02,
-             0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32,
-             0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16,
-            /* iv, iv length  */
-            {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97,
-             0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60,
-             0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15,
-            /* ct, ct length  */
-            {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98,
-             0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15,
-            /* tag, tag length  */
-            {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e,
-             0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5,
-             0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16,
-            /* iv, iv length  */
-            {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51,
-             0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32,
-             0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea,
-             0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22,
-            /* ct, ct length  */
-            {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d,
-             0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd,
-             0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22,
-            /* tag, tag length  */
-            {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74,
-             0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d,
-             0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16,
-            /* iv, iv length  */
-            {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee,
-             0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16,
-            /* aad, aad length  */
-            {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8,
-            /* msg, msg length  */
-            {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c,
-             0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16,
-            /* ct, ct length  */
-            {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd,
-             0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16,
-            /* tag, tag length  */
-            {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad,
-             0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41,
-             0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16,
-            /* iv, iv length  */
-            {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a,
-             0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16,
-            /* aad, aad length  */
-            {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52,
-             0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15,
-            /* msg, msg length  */
-            {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73,
-             0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16,
-            /* ct, ct length  */
-            {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38,
-             0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16,
-            /* tag, tag length  */
-            {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2,
-             0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e,
-             0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16,
-            /* iv, iv length  */
-            {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a,
-             0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16,
-            /* aad, aad length  */
-            {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1,
-             0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16,
-            /* msg, msg length  */
-            {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0,
-             0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16,
-            /* ct, ct length  */
-            {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61,
-             0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16,
-            /* tag, tag length  */
-            {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a,
-             0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4,
-             0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16,
-            /* iv, iv length  */
-            {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf,
-             0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16,
-            /* aad, aad length  */
-            {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a,
-             0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8,
-             0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24,
-            /* msg, msg length  */
-            {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d,
-             0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16,
-            /* ct, ct length  */
-            {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c,
-             0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16,
-            /* tag, tag length  */
-            {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36,
-             0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d,
-             0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-             0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72,
-             0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3,
-             0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16,
-            /* valid */
-            0,
-        },
-    };
-
-    byte ciphertext[sizeof(vectors[0].ct)];
-    byte authtag[sizeof(vectors[0].tag)];
-    int i;
-    int len;
-    int ret;
-
-
-    for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
-
-        XMEMSET(ciphertext, 0, sizeof(ciphertext));
-
-        len = sizeof(authtag);
-        ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
-                                         ciphertext,
-                                         vectors[i].msg, vectors[i].msg_length,
-                                         vectors[i].iv, vectors[i].iv_length,
-                                         authtag, len,
-                                         vectors[i].aad, vectors[i].aad_length),
-                                         0);
-
-        /* check ciphertext matches vector */
-        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length),
-                    0);
-
-        /* check that computed tag matches vector only for vectors marked as valid */
-        ret = XMEMCMP(authtag, vectors[i].tag, len);
-        if (vectors[i].valid) {
-            ExpectIntEQ(ret, 0);
-        }
-        else {
-            ExpectIntNE(ret, 0);
-        }
-
-        XMEMSET(ciphertext, 0, sizeof(ciphertext));
-
-        /* Decrypt, checking that the computed auth tags match */
-        ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
-                                         ciphertext,
-                                         vectors[i].ct, vectors[i].ct_length,
-                                         vectors[i].iv, vectors[i].iv_length,
-                                         authtag, len,
-                                         vectors[i].aad, vectors[i].aad_length),
-                                         0);
-
-        /* check decrypted ciphertext matches vector plaintext */
-        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length),
-                    0);
-    }
-    return EXPECT_RESULT();
-} /* END test_wc_AesEaxVectors */
-
-
-/*
- * Testing test_wc_AesEaxEncryptAuth()
- */
-static int test_wc_AesEaxEncryptAuth(void)
-{
-    EXPECT_DECLS;
-
-    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
-    const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04};
-
-    byte ciphertext[sizeof(msg)];
-    byte authtag[AES_BLOCK_SIZE];
-    int i;
-    int len;
-
-    len = sizeof(authtag);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, len,
-                                     aad, sizeof(aad)),
-                                     0);
-
-    /* Test null checking */
-    ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     NULL,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     NULL, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     NULL, sizeof(iv),
-                                     authtag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     NULL, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, len,
-                                     NULL, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    /* Test bad key lengths */
-    for (i = 0; i <= 32; i++) {
-        int exp_ret;
-        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
-                                  || i == AES_256_KEY_SIZE) {
-            exp_ret = 0;
-        }
-        else {
-            exp_ret = BAD_FUNC_ARG;
-        }
-
-        ExpectIntEQ(wc_AesEaxEncryptAuth(key, i,
-                                         ciphertext,
-                                         msg, sizeof(msg),
-                                         iv, sizeof(iv),
-                                         authtag, len,
-                                         aad, sizeof(aad)),
-                                         exp_ret);
-    }
-
-
-    /* Test auth tag size out of range */
-    len = AES_BLOCK_SIZE + 1;
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    return EXPECT_RESULT();
-} /* END test_wc_AesEaxEncryptAuth() */
-
-
-/*
- * Testing test_wc_AesEaxDecryptAuth()
- */
-static int test_wc_AesEaxDecryptAuth(void)
-{
-    EXPECT_DECLS;
-
-    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
-    const byte ct[] =  {0x00, 0x01, 0x02, 0x03, 0x04};
-    /* Garbage tag that should always fail for above aad */
-    const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE,
-                        0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF};
-
-    byte plaintext[sizeof(ct)];
-    int i;
-    int len;
-
-    len = sizeof(tag);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, len,
-                                     aad, sizeof(aad)),
-                                     AES_EAX_AUTH_E);
-
-    /* Test null checking */
-    ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     NULL,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     NULL, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     NULL, sizeof(iv),
-                                     tag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     NULL, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, len,
-                                     NULL, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    /* Test bad key lengths */
-    for (i = 0; i <= 32; i++) {
-        int exp_ret;
-        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
-                                  || i == AES_256_KEY_SIZE) {
-            exp_ret = AES_EAX_AUTH_E;
-        }
-        else {
-            exp_ret = BAD_FUNC_ARG;
-        }
-
-        ExpectIntEQ(wc_AesEaxDecryptAuth(key, i,
-                                         plaintext,
-                                         ct, sizeof(ct),
-                                         iv, sizeof(iv),
-                                         tag, len,
-                                         aad, sizeof(aad)),
-                                         exp_ret);
-    }
-
-
-    /* Test auth tag size out of range */
-    len = AES_BLOCK_SIZE + 1;
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    return EXPECT_RESULT();
-} /* END test_wc_AesEaxDecryptAuth() */
-
-#endif /* WOLFSSL_AES_EAX &&
-        * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
-        */
-
 /*
  * Testing wc_InitDsaKey()
  */
@@ -21414,7 +15727,7 @@ static int test_wc_InitDsaKey(void)
     ExpectIntEQ(wc_InitDsaKey(&key), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_InitDsaKey(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_InitDsaKey(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -21436,7 +15749,7 @@ static int test_wc_DsaSignVerify(void)
     byte   hash[WC_SHA_DIGEST_SIZE];
     word32 idx = 0;
     word32 bytes;
-    int    answer;
+    int    answer = 0;
 #ifdef USE_CERT_BUFFERS_1024
     byte   tmp[ONEK_BUF];
 
@@ -21470,28 +15783,28 @@ static int test_wc_DsaSignVerify(void)
     /* Sign. */
     ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Verify. */
     ExpectIntEQ(wc_DsaVerify(hash, signature, &key, &answer), 0);
     ExpectIntEQ(answer, 1);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
     /* hard set q to 0 and test fail case */
     mp_free(&key.q);
     mp_init(&key.q);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     mp_set(&key.q, 1);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     DoExpectIntEQ(wc_FreeRng(&rng),0);
@@ -21510,9 +15823,9 @@ static int test_wc_DsaPublicPrivateKeyDecode(void)
     EXPECT_DECLS;
 #if !defined(NO_DSA)
     DsaKey key;
-    word32 bytes;
+    word32 bytes = 0;
     word32 idx  = 0;
-    int    ret;
+    int    ret = 0;
 #ifdef USE_CERT_BUFFERS_1024
     byte   tmp[ONEK_BUF];
 
@@ -21537,22 +15850,22 @@ static int test_wc_DsaPublicPrivateKeyDecode(void)
     ExpectIntEQ(wc_InitDsaKey(&key), 0);
     ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntLT(ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E)));
     wc_FreeDsaKey(&key);
 
     ExpectIntEQ(wc_InitDsaKey(&key), 0);
     idx = 0; /* Reset */
     ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntLT(ret = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E)));
     wc_FreeDsaKey(&key);
 #endif /* !NO_DSA */
     return EXPECT_RESULT();
@@ -21578,15 +15891,15 @@ static int test_wc_MakeDsaKey(void)
 
     ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_MakeDsaKey(&rng, &genKey), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_FreeDsaKey(&genKey);
@@ -21641,8 +15954,8 @@ static int test_wc_DsaKeyToDer(void)
     ExpectIntEQ(XMEMCMP(der, tmp, bytes), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif /* !NO_DSA && WOLFSSL_KEY_GEN */
@@ -21675,21 +15988,21 @@ static int test_wc_DsaKeyToPublicDer(void)
     ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &key), 0);
     ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
 
-    ExpectIntGE(sz = wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0);
+    ExpectIntGE(sz = (word32)wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0);
     wc_FreeDsaKey(&key);
 
     idx = 0;
     ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
 
     /* Test without the SubjectPublicKeyInfo header */
-    ExpectIntGE(sz = wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0);
+    ExpectIntGE(sz = (word32)wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0);
     wc_FreeDsaKey(&key);
     idx = 0;
     ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_FreeDsaKey(&key);
@@ -21733,13 +16046,13 @@ static int test_wc_DsaImportParamsRaw(void)
 
     /* test bad args */
     /* null key struct */
-    ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null param pointers */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal p length */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal q length */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -21780,16 +16093,16 @@ static int test_wc_DsaImportParamsRawCheck(void)
     /* test bad args */
     /* null key struct */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null param pointers */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal p length */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* illegal q length */
     ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -21867,27 +16180,27 @@ static int test_wc_DsaExportParamsRaw(void)
     /* test bad args */
     /* null key struct */
     ExpectIntEQ(wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BAD_FUNC_ARG);
+        &gOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null output pointers */
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL,
-        &gOutSz), LENGTH_ONLY_E);
+        &gOutSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     /* null output size pointers */
     ExpectIntEQ( wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* p output buffer size too small */
     pOutSz = 1;
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
     pOutSz = sizeof(pOut);
     /* q output buffer size too small */
     qOutSz = 1;
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
     qOutSz = sizeof(qOut);
     /* g output buffer size too small */
     gOutSz = 1;
     ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
 
     wc_FreeDsaKey(&key);
 #endif
@@ -21923,22 +16236,22 @@ static int test_wc_DsaExportKeyRaw(void)
     /* test bad args */
     /* null key struct */
     ExpectIntEQ(wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* null output pointers */
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     /* null output size pointers */
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* x output buffer size too small */
     xOutSz = 1;
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     xOutSz = sizeof(xOut);
     /* y output buffer size too small */
     yOutSz = 1;
     ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_FreeDsaKey(&key);
@@ -21965,21 +16278,21 @@ static int test_wc_ed25519_make_key(void)
     ExpectIntEQ(wc_ed25519_init(&key), 0);
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
-    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, pubkey_sz),
-        ECC_PRIV_KEY_E);
-    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, pubkey_sz),
-        ECC_PRIV_KEY_E);
+    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, (word32)pubkey_sz),
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
+    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, (word32)pubkey_sz),
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -22000,7 +16313,7 @@ static int test_wc_ed25519_init(void)
 
     ExpectIntEQ(wc_ed25519_init(&key), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ed25519_free(&key);
 #endif
@@ -22042,17 +16355,17 @@ static int test_wc_ed25519_sign_msg(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(badSigLen, ED25519_SIG_SIZE);
-    badSigLen -= 1;
+    badSigLen--;
 
 #ifdef HAVE_ED25519_VERIFY
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
@@ -22061,19 +16374,19 @@ static int test_wc_ed25519_sign_msg(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen,
-        &verify_ok, &key), BAD_FUNC_ARG);
+        &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen,
-        &verify_ok, &key), BAD_FUNC_ARG);
+        &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* Verify. */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -22108,9 +16421,9 @@ static int test_wc_ed25519_import_public(void)
     ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&pubKey);
@@ -22151,7 +16464,9 @@ static int test_wc_ed25519_import_private_key(void)
     ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
 
 #ifdef HAVE_ED25519_KEY_EXPORT
+    PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed25519_export_private(&key, bothKeys, &bothKeysSz), 0);
+    PRIVATE_KEY_LOCK();
     ExpectIntEQ(wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
         &key, 1), 0);
     ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
@@ -22160,17 +16475,17 @@ static int test_wc_ed25519_import_private_key(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL,
-        pubKeySz, &key), BAD_FUNC_ARG);
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz, NULL), BAD_FUNC_ARG);
+        pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
-        pubKeySz, &key), BAD_FUNC_ARG);
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz - 1, &key), BAD_FUNC_ARG);
+        pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -22218,24 +16533,26 @@ static int test_wc_ed25519_export(void)
         pubKey, sizeof(pubKey), &key, 1), 0);
 #endif
 
+    PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed25519_export_public(&key, pub, &pubSz), 0);
     ExpectIntEQ(pubSz, ED25519_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), 0);
     ExpectIntEQ(privSz, ED25519_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_export_private_only(NULL, priv, &privSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_private_only(&key, NULL, &privSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -22281,19 +16598,19 @@ static int test_wc_ed25519_size(void)
 
     ExpectIntEQ(wc_ed25519_size(&key), ED25519_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_sig_size(&key), ED25519_SIG_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_sig_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_pub_size(&key), ED25519_PUB_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_pub_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_priv_size(&key), ED25519_PRV_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_priv_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed25519_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed25519_free(&key);
@@ -22343,26 +16660,28 @@ static int test_wc_ed25519_exportKey(void)
         pubKey, sizeof(pubKey), &key, 1), 0);
 #endif
 
+    PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_private(&key, NULL, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
 
     /* Cross check output. */
     ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
@@ -22387,9 +16706,9 @@ static int test_wc_Ed25519PublicKeyToDer(void)
     XMEMSET(&key, 0, sizeof(ed25519_key));
 
     /* Test bad args */
-    ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
+    ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), WC_NO_ERR_TRACE(BUFFER_E));
     wc_ed25519_free(&key);
 
     /*  Test good args */
@@ -22401,7 +16720,11 @@ static int test_wc_Ed25519PublicKeyToDer(void)
         ExpectIntEQ(wc_ed25519_init(&key), 0);
         ExpectIntEQ(wc_InitRng(&rng), 0);
         ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1), 0);
+        /* length only */
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0);
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0);
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf,
+                    (word32)sizeof(derBuf), 1), 0);
 
         DoExpectIntEQ(wc_FreeRng(&rng), 0);
         wc_ed25519_free(&key);
@@ -22421,7 +16744,7 @@ static int test_wc_curve25519_init(void)
 
     ExpectIntEQ(wc_curve25519_init(&key), 0);
     /* Test bad args for wc_curve25519_init */
-    ExpectIntEQ(wc_curve25519_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_curve25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test good args for wc_curve_25519_free */
     wc_curve25519_free(&key);
@@ -22479,23 +16802,23 @@ static int test_wc_curve25519_export_key_raw(void)
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(NULL, privateKey, &prvkSz,
-        publicKey, &pubkSz), BAD_FUNC_ARG);
+        publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, NULL, &prvkSz, publicKey,
-        &pubkSz), BAD_FUNC_ARG);
+        &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, NULL,
-        publicKey, &pubkSz), BAD_FUNC_ARG);
+        publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* prvkSz = CURVE25519_KEYSIZE; */
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        NULL, &pubkSz), BAD_FUNC_ARG);
+        NULL, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        publicKey, NULL), BAD_FUNC_ARG);
+        publicKey, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* cross-testing */
     prksz = CURVE25519_KEYSIZE;
@@ -22547,49 +16870,49 @@ static int test_wc_curve25519_export_key_raw_ex(void)
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
-        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
-        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* prvkSz = CURVE25519_KEYSIZE; */
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     /* pubkSz = CURVE25519_KEYSIZE; */
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
-        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
-        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* prvkSz = CURVE25519_KEYSIZE; */
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     prvkSz = CURVE25519_KEYSIZE;
     pubkSz = CURVE25519_KEYSIZE;
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
+        &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* illegal value for endian */
     prvkSz = CURVE25519_KEYSIZE;
     /* pubkSz = CURVE25519_KEYSIZE; */
     ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
-        publicKey, NULL, EC25519_BIG_ENDIAN + 10), BAD_FUNC_ARG);
+        publicKey, NULL, EC25519_BIG_ENDIAN + 10), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* cross-testing */
     prksz = CURVE25519_KEYSIZE;
@@ -22634,7 +16957,7 @@ static int test_wc_curve25519_make_key(void)
 #if defined(HAVE_CURVE25519)
     curve25519_key key;
     WC_RNG         rng;
-    int            keysize;
+    int            keysize = 0;
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
 
@@ -22645,10 +16968,10 @@ static int test_wc_curve25519_make_key(void)
     ExpectIntEQ(keysize = wc_curve25519_size(&key), CURVE25519_KEYSIZE);
     ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, &key), 0);
     /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve25519_free(&key);
@@ -22671,6 +16994,9 @@ static int test_wc_curve25519_shared_secret_ex(void)
     int            endian = EC25519_BIG_ENDIAN;
 
     ExpectIntEQ(wc_curve25519_init(&private_key), 0);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    ExpectIntEQ(wc_curve25519_set_rng(&private_key, &rng), 0);
+#endif
     ExpectIntEQ(wc_curve25519_init(&public_key), 0);
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
@@ -22684,25 +17010,25 @@ static int test_wc_curve25519_shared_secret_ex(void)
 
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* curve25519.c is checking for public_key size less than or equal to 0x7f,
      * increasing to 0x8f checks for error being returned*/
     public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), ECC_BAD_ARG_E);
+        &outLen, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve25519_free(&private_key);
@@ -22732,17 +17058,17 @@ static int test_wc_curve25519_make_pub(void)
         (int)sizeof(key.k), key.k), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k,
-        (int)sizeof out, out), ECC_BAD_ARG_E);
+        (int)sizeof out, out), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        NULL), ECC_BAD_ARG_E);
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out - 1, out,
-        (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
+        (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, NULL,
-        (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
+        (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     /* verify clamping test */
     key.k[0] |= ~248;
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        key.k), ECC_BAD_ARG_E);
+        key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     key.k[0] &= 248;
     /* repeat the expected-to-succeed test. */
     ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
@@ -22777,16 +17103,16 @@ static int test_wc_curve25519_export_public_ex(void)
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_export_public_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_public_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve25519_free(&key);
@@ -22821,17 +17147,17 @@ static int test_wc_curve25519_import_private_raw_ex(void)
         &key, endian), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
         &key, EC25519_LITTLE_ENDIAN), 0);
 
@@ -22886,18 +17212,18 @@ static int test_wc_curve25519_export_private_raw_ex(void)
         0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, NULL, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen,
         EC25519_LITTLE_ENDIAN), 0);
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_curve25519_free(&key);
 #endif
@@ -22922,15 +17248,15 @@ static int test_wc_ed448_make_key(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
     ExpectIntEQ(wc_ed448_make_public(&key, pubkey, sizeof(pubkey)),
-        ECC_PRIV_KEY_E);
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -22952,7 +17278,7 @@ static int test_wc_ed448_init(void)
 
     ExpectIntEQ(wc_ed448_init(&key), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ed448_free(&key);
 #endif
@@ -22991,17 +17317,17 @@ static int test_wc_ed448_sign_msg(void)
     ExpectIntEQ(siglen, ED448_SIG_SIZE);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(badSigLen, ED448_SIG_SIZE);
-    badSigLen -= 1;
+    badSigLen--;
 
 #ifdef HAVE_ED448_VERIFY
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key,
@@ -23009,19 +17335,19 @@ static int test_wc_ed448_sign_msg(void)
     ExpectIntEQ(verify_ok, 1);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
-        NULL, NULL, 0), BAD_FUNC_ARG);
+        NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* Verify. */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -23053,9 +17379,9 @@ static int test_wc_ed448_import_public(void)
     ExpectIntEQ(wc_ed448_import_public_ex(in, inlen, &pubKey, 1), 0);
     ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&pubKey);
@@ -23096,7 +17422,9 @@ static int test_wc_ed448_import_private_key(void)
     ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
 
 #ifdef HAVE_ED448_KEY_EXPORT
+    PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed448_export_private(&key, bothKeys, &bothKeysSz), 0);
+    PRIVATE_KEY_LOCK();
     ExpectIntEQ(wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
         &key, 1), 0);
     ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
@@ -23105,17 +17433,17 @@ static int test_wc_ed448_import_private_key(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz,
-        &key), BAD_FUNC_ARG);
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz, NULL), BAD_FUNC_ARG);
+        pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
-        pubKeySz, &key), BAD_FUNC_ARG);
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz - 1, &key), BAD_FUNC_ARG);
+        pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -23148,19 +17476,21 @@ static int test_wc_ed448_export(void)
     ExpectIntEQ(pubSz, ED448_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
+    PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0);
     ExpectIntEQ(privSz, ED448_KEY_SIZE);
     ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_export_private_only(NULL, priv, &privSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -23187,19 +17517,19 @@ static int test_wc_ed448_size(void)
 
     ExpectIntEQ(wc_ed448_size(&key), ED448_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_sig_size(&key), ED448_SIG_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_sig_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_pub_size(&key), ED448_PUB_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_pub_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_priv_size(&key), ED448_PRV_KEY_SIZE);
     /* Test bad args. */
-    ExpectIntEQ(wc_ed448_priv_size(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ed448_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ed448_free(&key);
@@ -23230,25 +17560,27 @@ static int test_wc_ed448_exportKey(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
     ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
 
+    PRIVATE_KEY_UNLOCK();
     ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, priv, NULL, pub, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
 
     /* Cross check output. */
     ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
@@ -23273,10 +17605,10 @@ static int test_wc_Ed448PublicKeyToDer(void)
     XMEMSET(&key, 0, sizeof(ed448_key));
 
     /* Test bad args */
-    ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
+    ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), WC_NO_ERR_TRACE(BUFFER_E));
     wc_ed448_free(&key);
 
     /*  Test good args */
@@ -23288,8 +17620,11 @@ static int test_wc_Ed448PublicKeyToDer(void)
         ExpectIntEQ(wc_ed448_init(&key), 0);
         ExpectIntEQ(wc_InitRng(&rng), 0);
         ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1), 0);
+        /* length only */
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0);
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0);
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf,
+                    (word32)sizeof(derBuf), 1), 0);
 
         DoExpectIntEQ(wc_FreeRng(&rng), 0);
         wc_ed448_free(&key);
@@ -23310,7 +17645,7 @@ static int test_wc_curve448_init(void)
     /* Test bad args for wc_curve448_init */
     ExpectIntEQ(wc_curve448_init(&key), 0);
     /* Test bad args for wc_curve448_init */
-    ExpectIntEQ(wc_curve448_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_curve448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test good args for wc_curve_448_free */
     wc_curve448_free(&key);
@@ -23329,7 +17664,7 @@ static int test_wc_curve448_make_key(void)
 #if defined(HAVE_CURVE448)
     curve448_key key;
     WC_RNG       rng;
-    int          keysize;
+    int          keysize = 0;
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
 
@@ -23341,10 +17676,10 @@ static int test_wc_curve448_make_key(void)
     ExpectIntEQ(wc_curve448_make_key(&rng, keysize, &key), 0);
 
     /* test bad cases */
-    ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve448_free(&key);
@@ -23378,18 +17713,18 @@ static int test_wc_curve448_shared_secret_ex(void)
 
     /* test bad cases */
     ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen,
-        endian), BAD_FUNC_ARG);
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), BAD_FUNC_ARG);
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve448_free(&private_key);
@@ -23421,16 +17756,16 @@ static int test_wc_curve448_export_public_ex(void)
     ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), 0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve448_export_public_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_public_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_public_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_public_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_curve448_free(&key);
@@ -23455,18 +17790,18 @@ static int test_wc_curve448_export_private_raw_ex(void)
         0);
     /* test bad cases*/
     ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen,
         EC448_LITTLE_ENDIAN), 0);
     outLen = outLen - 2;
     ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_curve448_free(&key);
 #endif
@@ -23500,17 +17835,17 @@ static int test_wc_curve448_import_private_raw_ex(void)
         &key, endian), 0);
     /* test bad cases */
     ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
-        &key, endian), BAD_FUNC_ARG);
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
-        NULL, endian), BAD_FUNC_ARG);
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
-        &key, endian), ECC_BAD_ARG_E);
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
         &key, EC448_LITTLE_ENDIAN), 0);
 
@@ -23620,8 +17955,8 @@ static int test_wc_ecc_make_key(void)
     ExpectIntEQ(ret, 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -23647,7 +17982,7 @@ static int test_wc_ecc_init(void)
 
     ExpectIntEQ(wc_ecc_init(&key), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_init(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_free(&key);
 #endif
@@ -23679,7 +18014,7 @@ static int test_wc_ecc_check_key(void)
     ExpectIntEQ(wc_ecc_check_key(&key), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_check_key(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -23759,11 +18094,11 @@ static int test_wc_ecc_params(void)
     /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
         It was added after certifications */
 #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    const ecc_set_type* ecc_set;
+    const ecc_set_type* ecc_set = NULL;
 #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
     /* Test for SECP256R1 curve */
     int curve_id = ECC_SECP256R1;
-    int curve_idx;
+    int curve_idx = 0;
 
     ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID);
     ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx));
@@ -23815,15 +18150,15 @@ static int test_wc_ecc_signVerify_hash(void)
 
     /* Check bad args. */
     ExpectIntEQ(wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
 #ifdef HAVE_ECC_VERIFY
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
@@ -23845,13 +18180,13 @@ static int test_wc_ecc_signVerify_hash(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify,
-        &key), ECC_BAD_ARG_E);
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
-        NULL), ECC_BAD_ARG_E);
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif /* HAVE_ECC_VERIFY */
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -23941,17 +18276,17 @@ static int test_wc_ecc_shared_secret(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_shared_secret(NULL, &pubKey, out, &outlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret(&key, NULL, out, &outlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Invalid length */
     outlen = 1;
     ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&pubKey);
@@ -23997,11 +18332,11 @@ static int test_wc_ecc_export_x963(void)
     ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), LENGTH_ONLY_E);
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24036,6 +18371,7 @@ static int test_wc_ecc_export_x963_ex(void)
     XMEMSET(&key, 0, sizeof(ecc_key));
     XMEMSET(&rng, 0, sizeof(WC_RNG));
     XMEMSET(out, 0, outlen);
+    PRIVATE_KEY_UNLOCK();
 
     ExpectIntEQ(wc_ecc_init(&key), 0);
     ExpectIntEQ(wc_InitRng(&rng), 0);
@@ -24053,29 +18389,30 @@ static int test_wc_ecc_export_x963_ex(void)
 
     /* Test bad args. */
 #ifdef HAVE_COMP_KEY
-    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3))
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), BUFFER_E);
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), WC_NO_ERR_TRACE(BUFFER_E));
 #else
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
 #endif
     key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #else
     ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP),
-        LENGTH_ONLY_E);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     key.idx = -4;
     ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif
+    PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24111,10 +18448,15 @@ static int test_wc_ecc_import_x963(void)
     ExpectIntEQ(wc_ecc_init(&pubKey), 0);
     ExpectIntEQ(wc_ecc_init(&key), 0);
     ExpectIntEQ(wc_InitRng(&rng), 0);
+#if FIPS_VERSION3_GE(6,0,0)
+    ret = wc_ecc_make_key(&rng, KEY32, &key);
+#else
     ret = wc_ecc_make_key(&rng, KEY24, &key);
+#endif
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
+
     ExpectIntEQ(ret, 0);
 
     PRIVATE_KEY_UNLOCK();
@@ -24124,9 +18466,9 @@ static int test_wc_ecc_import_x963(void)
     ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, &pubKey), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24162,6 +18504,7 @@ static int test_wc_ecc_import_private_key(void)
     XMEMSET(&rng, 0, sizeof(WC_RNG));
     XMEMSET(privKey, 0, privKeySz);
     XMEMSET(x963Key, 0, x963KeySz);
+    PRIVATE_KEY_UNLOCK();
 
     ExpectIntEQ(wc_ecc_init(&key), 0);
     ExpectIntEQ(wc_ecc_init(&keyImp), 0);
@@ -24181,9 +18524,10 @@ static int test_wc_ecc_import_private_key(void)
         x963KeySz, &keyImp), 0);
     /* Pass in bad args. */
     ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
-        x963KeySz, NULL), BAD_FUNC_ARG);
+        x963KeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz,
-        &keyImp), BAD_FUNC_ARG);
+        &keyImp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&keyImp);
@@ -24214,6 +18558,7 @@ static int test_wc_ecc_export_private_only(void)
     XMEMSET(&key, 0, sizeof(ecc_key));
     XMEMSET(&rng, 0, sizeof(WC_RNG));
     XMEMSET(out, 0, outlen);
+    PRIVATE_KEY_UNLOCK();
 
     ExpectIntEQ(wc_ecc_init(&key), 0);
     ExpectIntEQ(wc_InitRng(&rng), 0);
@@ -24225,9 +18570,10 @@ static int test_wc_ecc_export_private_only(void)
 
     ExpectIntEQ(wc_ecc_export_private_only(&key, out, &outlen), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24259,6 +18605,9 @@ static int test_wc_ecc_rs_to_sig(void)
     byte        s[KEY24];
     word32      rlen = (word32)sizeof(r);
     word32      slen = (word32)sizeof(s);
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    word32      zeroLen = 0;
+#endif
 
     /* Init stack variables. */
     XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
@@ -24268,22 +18617,28 @@ static int test_wc_ecc_rs_to_sig(void)
     ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, &siglen), 0);
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), MP_ZERO_E);
+    ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#endif
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_ecc_rs_to_sig */
@@ -24313,17 +18668,17 @@ static int test_wc_ecc_import_raw(void)
     ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
         wc_ecc_free(&key);
     #endif
     ExpectIntLT(ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr,
         curveName), 0);
-    ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) || (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
 #endif
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
     #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
@@ -24331,7 +18686,7 @@ static int test_wc_ecc_import_raw(void)
     #endif
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     ExpectIntLT(ret = wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
-    ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) || (ret == WC_NO_ERR_TRACE(MP_VAL)));
 #else
     ExpectIntEQ(wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
 #endif
@@ -24340,14 +18695,14 @@ static int test_wc_ecc_import_raw(void)
     #endif
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     ExpectIntLT(ret = wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
-    ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) || (ret == WC_NO_ERR_TRACE(MP_VAL)));
 #else
     ExpectIntEQ(wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
 #endif
     #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
         wc_ecc_free(&key);
     #endif
-    ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), ECC_INF_E);
+    ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), WC_NO_ERR_TRACE(ECC_INF_E));
 #endif
 
     wc_ecc_free(&key);
@@ -24394,17 +18749,17 @@ static int test_wc_ecc_import_unsigned(void)
         curveId), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
-        curveId), BAD_FUNC_ARG);
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
-        curveId), BAD_FUNC_ARG);
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
-        curveId), BAD_FUNC_ARG);
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
-        ECC_CURVE_INVALID), BAD_FUNC_ARG);
+        ECC_CURVE_INVALID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     ExpectIntLT(ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
         (byte*)nullBytes, (byte*)nullBytes, curveId), 0);
-    ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) || (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
 #endif
 
     wc_ecc_free(&key);
@@ -24494,8 +18849,8 @@ static int test_wc_ecc_ctx_reset(void)
     ExpectIntEQ(wc_ecc_ctx_reset(ctx, &rng), 0);
 
     /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_ctx_free(ctx);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -24530,8 +18885,8 @@ static int test_wc_ecc_ctx_set_peer_salt(void)
 
     ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, servSalt), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_ctx_free(cliCtx);
     wc_ecc_ctx_free(servCtx);
@@ -24562,10 +18917,10 @@ static int test_wc_ecc_ctx_set_info(void)
     ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_ecc_ctx_free(ctx);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -24638,15 +18993,15 @@ static int test_wc_ecc_encryptDecrypt(void)
         &outSz, NULL), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
-        &outSz, NULL), BAD_FUNC_ARG);
+        &outSz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifdef WOLFSSL_ECIES_OLD
     tmpKey.dp = cliKey.dp;
@@ -24656,19 +19011,19 @@ static int test_wc_ecc_encryptDecrypt(void)
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz,
          NULL), 0);
     ExpectIntEQ(wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz,
-         NULL), BAD_FUNC_ARG);
+         NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_ECIES_OLD
     /* NULL parameter allowed in new implementations - public key comes from
      * the message. */
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(XMEMCMP(msg, plain, msgSz), 0);
 
@@ -24735,46 +19090,46 @@ static int test_wc_ecc_pointFns(void)
 
     /* Export */
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL,
-        &derlenChk), LENGTH_ONLY_E);
+        &derlenChk), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     /* Check length value. */
     ExpectIntEQ(derSz, derlenChk);
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
         &derSz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
-        NULL), ECC_BAD_ARG_E);
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     /* Import */
     ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, point), 0);
     ExpectIntEQ(wc_ecc_cmp_point(&key.pubkey, point), 0);
     /* Test bad args. */
     ExpectIntEQ( wc_ecc_import_point_der(NULL, derSz, idx, point),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_import_point_der(der, derSz + 1, idx, point),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     /* Copy */
     ExpectIntEQ(wc_ecc_copy_point(point, cpypt), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_copy_point(point, NULL), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_copy_point(point, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     /* Compare point */
     ExpectIntEQ(wc_ecc_cmp_point(point, cpypt), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_cmp_point(point, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_cmp_point(point, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* At infinity if return == 1, otherwise return == 0. */
     ExpectIntEQ(wc_ecc_point_is_at_infinity(point), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
@@ -24782,8 +19137,8 @@ static int test_wc_ecc_pointFns(void)
     /* On curve if ret == 0 */
     ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0);
     /* Test bad args. */
-    ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), ECC_BAD_ARG_E);
+    ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #endif /* USE_ECC_B_PARAM */
 #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
 
@@ -24798,28 +19153,34 @@ static int test_wc_ecc_pointFns(void)
 
 
 /*
- * Testing wc_ecc_sahred_secret_ssh()
+ * Testing wc_ecc_shared_secret_ssh()
  */
 static int test_wc_ecc_shared_secret_ssh(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-    !defined(WOLFSSL_ATECC608A)
+    !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
+    !defined(WOLFSSL_CRYPTOCELL)
     ecc_key key;
     ecc_key key2;
     WC_RNG  rng;
     int     ret;
     int     keySz = KEY32;
+#if FIPS_VERSION3_GE(6,0,0)
+    int     key2Sz = KEY28;
+#else
     int     key2Sz = KEY24;
+#endif
     byte    secret[KEY32];
-    word32  secretLen = keySz;
+    word32  secretLen = (word32)keySz;
 
     /* Init stack variables. */
     XMEMSET(&key, 0, sizeof(ecc_key));
     XMEMSET(&key2, 0, sizeof(ecc_key));
     XMEMSET(&rng, 0, sizeof(WC_RNG));
     XMEMSET(secret, 0, secretLen);
+    PRIVATE_KEY_UNLOCK();
 
     /* Make keys */
     ExpectIntEQ(wc_ecc_init(&key), 0);
@@ -24849,16 +19210,17 @@ static int test_wc_ecc_shared_secret_ssh(void)
         &secretLen), 0);
     /* Pass in bad args. */
     ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret,
-        &secretLen), BAD_FUNC_ARG);
+        &secretLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     key.type = ECC_PUBLICKEY;
     ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
-        &secretLen), ECC_BAD_ARG_E);
+        &secretLen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    PRIVATE_KEY_LOCK();
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -24930,32 +19292,32 @@ static int test_wc_ecc_verify_hash_ex(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     /* Test bad args. */
     ExpectIntEQ(wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen,
-        &verify_ok, &key), ECC_BAD_ARG_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
-        &verify_ok, &key), ECC_BAD_ARG_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
-        &key), ECC_BAD_ARG_E);
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL,
-        &key), ECC_BAD_ARG_E);
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
-        &verify_ok, NULL), ECC_BAD_ARG_E);
+        &verify_ok, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_ecc_free(&key);
     mp_free(&r);
@@ -25009,15 +19371,15 @@ static int test_wc_ecc_mulmod(void)
     /* Test bad args. */
     ExpectIntEQ(ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey,
         wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey,
         wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL,
         wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
-        &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), ECC_BAD_ARG_E);
+        &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 
     wc_ecc_free(&key1);
     wc_ecc_free(&key2);
@@ -25081,7 +19443,7 @@ static int test_wc_ecc_get_curve_id_from_oid(void)
     word32 len = sizeof(oid);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, 0), ECC_CURVE_INVALID);
     /* Good Case */
     ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, len), ECC_SECP256R1);
@@ -25110,9 +19472,17 @@ static int test_wc_ecc_sig_size_calc(void)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
+#if FIPS_VERSION3_GE(6,0,0)
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
     ExpectIntEQ(ret, 0);
+#endif
+#if FIPS_VERSION3_LT(6,0,0)
     sz = key.dp->size;
     ExpectIntGT(wc_ecc_sig_size_calc(sz), 0);
+#else
+    (void) sz;
+#endif
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
     wc_ecc_free(&key);
@@ -25139,11 +19509,11 @@ static int test_wc_ecc_sm2_make_key(void)
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_make_key(NULL, NULL, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, NULL, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_make_key(NULL, key, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test valid parameters. */
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
@@ -25192,19 +19562,19 @@ static int test_wc_ecc_sm2_shared_secret(void)
 #endif
 
     /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, &outALen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, outA, &outALen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, outA, &outALen),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, NULL, &outALen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test valid parameters. */
     ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, &outALen), 0);
@@ -25283,36 +19653,38 @@ static int test_wc_ecc_sm2_create_digest(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
+        hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
+        hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad hash type. */
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        -1, hash, 0, key), BAD_FUNC_ARG);
+        -1, hash, 0, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
     /* Bad hash size. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, 0, key), BUFFER_E);
+        hashType, hash, 0, key), WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Test valid parameters. */
     ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
@@ -25387,38 +19759,38 @@ static int test_wc_ecc_sm2_verify_hash_ex(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, hash, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, NULL, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
     /* Test valid parameters. */
@@ -25498,34 +19870,34 @@ static int test_wc_ecc_sm2_verify_hash(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
     /* Test valid parameters. */
@@ -25579,38 +19951,38 @@ static int test_wc_ecc_sm2_sign_hash_ex(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, key, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, r,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
-        s), BAD_FUNC_ARG);
+        s), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, NULL, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, NULL, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
 #ifdef WOLFSSL_SP_MATH_ALL
@@ -25673,38 +20045,38 @@ static int test_wc_ecc_sm2_sign_hash(void)
 
     /* Test with no curve set. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
 
     /* Test invalid parameters. */
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, &sigSz, NULL,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, rng,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, &sigSz, rng,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, &sigSz, rng,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, NULL, rng,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, NULL,
-        key), BAD_FUNC_ARG);
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng,
-        NULL), BAD_FUNC_ARG);
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Make key not on the SM2 curve. */
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
     ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
 
     /* Test valid parameters. */
@@ -25739,7 +20111,7 @@ static int test_ToTraditional(void)
      defined(OPENSSL_EXTRA_X509_SMALL)) && !defined(NO_FILESYSTEM)
     XFILE  f = XBADFILE;
     byte   input[TWOK_BUF];
-    word32 sz;
+    word32 sz = 0;
 
     ExpectTrue((f = XFOPEN("./certs/server-keyPkcs8.der", "rb")) != XBADFILE);
     ExpectTrue((sz = (word32)XFREAD(input, 1, sizeof(input), f)) > 0);
@@ -25749,12 +20121,12 @@ static int test_ToTraditional(void)
     /* Good case */
     ExpectIntGT(ToTraditional(input, sz), 0);
     /* Bad cases */
-    ExpectIntEQ(ToTraditional(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(ToTraditional(NULL, sz), BAD_FUNC_ARG);
+    ExpectIntEQ(ToTraditional(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(ToTraditional(NULL, sz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_ASN_TEMPLATE
-    ExpectIntEQ(ToTraditional(input, 0), BUFFER_E);
+    ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(BUFFER_E));
 #else
-    ExpectIntEQ(ToTraditional(input, 0), ASN_PARSE_E);
+    ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(ASN_PARSE_E));
 #endif
 #endif
     return EXPECT_RESULT();
@@ -25770,12 +20142,13 @@ static int test_wc_EccPrivateKeyToDer(void)
     byte    output[ONEK_BUF];
     ecc_key eccKey;
     WC_RNG  rng;
-    word32  inLen;
+    word32  inLen = 0;
     word32  outLen = 0;
     int     ret;
 
     XMEMSET(&eccKey, 0, sizeof(ecc_key));
     XMEMSET(&rng, 0, sizeof(WC_RNG));
+    PRIVATE_KEY_UNLOCK();
 
     ExpectIntEQ(wc_InitRng(&rng), 0);
     ExpectIntEQ(wc_ecc_init(&eccKey), 0);
@@ -25785,14 +20158,15 @@ static int test_wc_EccPrivateKeyToDer(void)
 #endif
     ExpectIntEQ(ret, 0);
 
-    inLen = (word32)sizeof(output);
     /* Bad Cases */
-    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), LENGTH_ONLY_E);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0);
+    ExpectIntGT(inLen, 0);
+    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
     /* Good Case */
-    ExpectIntGT(outLen = wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
+    ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
 
     wc_ecc_free(&eccKey);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25816,6 +20190,7 @@ static int test_wc_EccPrivateKeyToDer(void)
         EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */
     }
 #endif
+    PRIVATE_KEY_LOCK();
 #endif
     return EXPECT_RESULT();
 } /* End test_wc_EccPrivateKeyToDer*/
@@ -25835,17 +20210,17 @@ static int test_wc_DhPublicKeyDecode(void)
 
     ExpectIntEQ(wc_InitDhKey(&key), 0);
 
-    ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     inOutIdx = 0;
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     inOutIdx = 0;
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     inOutIdx = 0;
     ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
         sizeof_dh_pub_key_der_2048), 0);
@@ -25883,11 +20258,12 @@ static int test_wc_Ed25519KeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), WC_NO_ERR_TRACE(BUFFER_E));
     /* Good Cases */
     /* length only */
+    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0);
     ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0);
     ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0);
 
@@ -25920,13 +20296,13 @@ static int test_wc_Ed25519PrivateKeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Good Cases */
     /* length only */
-    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0);
     ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0);
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25957,12 +20333,12 @@ static int test_wc_Ed448KeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), WC_NO_ERR_TRACE(BUFFER_E));
     /* Good Cases */
     /* length only */
-    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0);
     ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0);
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -25994,13 +20370,13 @@ static int test_wc_Ed448PrivateKeyToDer(void)
     inLen = (word32)sizeof(output);
 
     /* Bad Cases */
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BUFFER_E));
     /* Good cases */
     /* length only */
-    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0);
     ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0);
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -26009,6 +20385,16679 @@ static int test_wc_Ed448PrivateKeyToDer(void)
     return EXPECT_RESULT();
 } /* End test_wc_Ed448PrivateKeyToDer*/
 
+/*
+ * Testing wc_Curve448PrivateKeyToDer
+ */
+static int test_wc_Curve448PrivateKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    byte      output[ONEK_BUF];
+    curve448_key curve448PrivKey;
+    WC_RNG    rng;
+    word32    inLen;
+
+    XMEMSET(&curve448PrivKey, 0, sizeof(curve448PrivKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&curve448PrivKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &curve448PrivKey),
+        0);
+    inLen = (word32)sizeof(output);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good cases */
+    /* length only */
+    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0);
+    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 1),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good cases */
+    /* length only */
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&curve448PrivKey);
+#endif
+    return EXPECT_RESULT();
+} /* End wc_Curve448PrivateKeyToDer*/
+
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44)
+static const byte ml_dsa_44_pub_key[] = {
+    0x7c, 0x33, 0x31, 0x41, 0x15, 0xa7, 0x2d, 0x6b,
+    0x17, 0x7c, 0x10, 0xab, 0x75, 0xf7, 0x83, 0xb3,
+    0x30, 0x75, 0x6f, 0xa9, 0x42, 0xb0, 0x9b, 0x59,
+    0x59, 0x99, 0x2b, 0x5d, 0x7d, 0x6e, 0xeb, 0xdd,
+    0xd9, 0x99, 0x8f, 0x7b, 0xad, 0xe5, 0x90, 0x0f,
+    0xa4, 0x80, 0xd8, 0xa2, 0x0d, 0x95, 0xea, 0x63,
+    0x2b, 0xcf, 0xb4, 0x5b, 0x3c, 0xd1, 0x5a, 0xc4,
+    0xc4, 0xd1, 0x71, 0x28, 0x4b, 0x0b, 0x28, 0x32,
+    0x73, 0xb5, 0x0d, 0xd6, 0x8f, 0x6b, 0x01, 0x26,
+    0x04, 0x45, 0xa3, 0x80, 0xc0, 0x21, 0x12, 0xee,
+    0x52, 0x0f, 0x35, 0xe4, 0x8e, 0xca, 0xf8, 0x91,
+    0xf4, 0x99, 0x51, 0xe2, 0x80, 0x76, 0xa7, 0x2d,
+    0x09, 0xf5, 0x04, 0xcc, 0xa6, 0x6b, 0x20, 0xc4,
+    0xac, 0xcd, 0x6c, 0x9c, 0x09, 0xe7, 0x51, 0xa2,
+    0x29, 0x60, 0xfd, 0xf2, 0xbd, 0x7e, 0x4c, 0x9d,
+    0xc0, 0xba, 0x62, 0x2f, 0x53, 0xb2, 0x47, 0x03,
+    0xf2, 0x6f, 0x70, 0x51, 0xa8, 0xe1, 0xb7, 0x9f,
+    0x37, 0x15, 0xfa, 0xd1, 0x6c, 0x74, 0x1a, 0x2b,
+    0x4f, 0x39, 0x4f, 0x43, 0x49, 0x71, 0x6a, 0xf8,
+    0x7c, 0x65, 0x1a, 0xdd, 0x1a, 0x25, 0xf8, 0x79,
+    0xfa, 0x8c, 0x02, 0xf2, 0xf7, 0xf7, 0x7b, 0x9f,
+    0xe4, 0xaf, 0x9e, 0x1a, 0x0b, 0x5b, 0x2e, 0x41,
+    0xbb, 0xa9, 0x4f, 0xd0, 0xdb, 0xad, 0xe5, 0x25,
+    0xff, 0x36, 0x3b, 0x9a, 0xc3, 0xdf, 0xb6, 0x27,
+    0xd3, 0xba, 0xb0, 0xd4, 0xb2, 0x07, 0xc3, 0xd8,
+    0xab, 0x10, 0x3d, 0xcd, 0x23, 0x52, 0x46, 0xe6,
+    0x96, 0x57, 0x85, 0xc7, 0x60, 0xe2, 0x8c, 0x46,
+    0x65, 0x7d, 0x76, 0x1c, 0x45, 0x20, 0x5d, 0x51,
+    0xd6, 0x13, 0xde, 0xe5, 0x3d, 0xc2, 0x8c, 0x36,
+    0xdb, 0x7f, 0x83, 0x6f, 0x6a, 0xc2, 0xa3, 0xf2,
+    0xdc, 0x63, 0x69, 0x7f, 0xbd, 0xd0, 0xc1, 0x90,
+    0xfb, 0x62, 0x42, 0xa1, 0xf6, 0xf7, 0xdd, 0xc2,
+    0x4a, 0x38, 0x62, 0x9b, 0xef, 0x67, 0xf9, 0x5c,
+    0xd8, 0xff, 0xf4, 0xf2, 0x67, 0x90, 0x42, 0x85,
+    0xaf, 0xe2, 0x92, 0x6e, 0xc4, 0x9b, 0x63, 0xc3,
+    0x91, 0xa5, 0x11, 0x66, 0x13, 0x83, 0xbc, 0xbb,
+    0xc7, 0x34, 0x3b, 0x30, 0x40, 0x53, 0x91, 0xdf,
+    0x7c, 0x3d, 0x17, 0xdd, 0xa1, 0xa6, 0x80, 0xfd,
+    0x26, 0x9d, 0x60, 0x7b, 0xcd, 0xb4, 0x2b, 0xba,
+    0x61, 0x0f, 0x43, 0x7c, 0x51, 0x3c, 0xb9, 0xfa,
+    0xdb, 0x48, 0x35, 0x9f, 0x0d, 0x0c, 0x04, 0xe8,
+    0xf9, 0x6e, 0x07, 0x65, 0x7d, 0x46, 0x1b, 0xd2,
+    0x51, 0xdb, 0x55, 0x27, 0xd7, 0x3d, 0x1e, 0x36,
+    0x07, 0x59, 0x18, 0xec, 0x04, 0x4b, 0x87, 0xbb,
+    0xfb, 0x27, 0xac, 0xeb, 0x8f, 0x43, 0x46, 0xd0,
+    0x39, 0x00, 0x90, 0x54, 0x70, 0xb1, 0x71, 0xf2,
+    0xe7, 0x3d, 0x02, 0x1a, 0xcf, 0x87, 0x16, 0x67,
+    0xa2, 0x3c, 0x31, 0x48, 0xe8, 0xbd, 0x4f, 0xb3,
+    0xc2, 0xfd, 0x3d, 0xa1, 0x9c, 0x87, 0x54, 0x60,
+    0x30, 0x21, 0x52, 0x57, 0xcd, 0x03, 0x96, 0x9e,
+    0xa7, 0x8d, 0xe5, 0x02, 0x04, 0x78, 0x43, 0x72,
+    0xda, 0xb2, 0x22, 0xf1, 0xee, 0x8f, 0x27, 0x0b,
+    0x8f, 0x7b, 0xf8, 0xbc, 0x16, 0xa1, 0xef, 0x0b,
+    0x35, 0xda, 0xfc, 0x29, 0x1b, 0xf8, 0xa1, 0x35,
+    0x40, 0xe7, 0xed, 0x4c, 0x02, 0x4a, 0x83, 0xb7,
+    0x49, 0x75, 0x34, 0x3f, 0x2b, 0xb3, 0x61, 0xf5,
+    0xa3, 0x9b, 0x23, 0xca, 0xfb, 0x58, 0x16, 0x4f,
+    0x3c, 0x50, 0xbf, 0x81, 0xab, 0x54, 0x50, 0x1a,
+    0x39, 0x57, 0x5f, 0x9a, 0x72, 0x22, 0xba, 0xa4,
+    0xf6, 0xbf, 0xac, 0x31, 0x5c, 0xc5, 0x96, 0xd7,
+    0xa9, 0xe4, 0x3b, 0x0c, 0xd0, 0x7f, 0x79, 0x68,
+    0x4d, 0x41, 0x04, 0x81, 0x73, 0xcf, 0x47, 0x4a,
+    0x7b, 0x37, 0xac, 0x8e, 0x47, 0x0d, 0x72, 0x65,
+    0x0f, 0x9d, 0x44, 0xd7, 0x08, 0x21, 0x5b, 0x3f,
+    0xc8, 0x9d, 0xea, 0xa2, 0x64, 0x7b, 0x0d, 0x98,
+    0xc1, 0x61, 0xcd, 0xa4, 0xf7, 0x8c, 0x4a, 0xa3,
+    0x3b, 0xdd, 0x92, 0xce, 0x61, 0x97, 0x0e, 0x98,
+    0xa4, 0x10, 0xb5, 0x1f, 0xc5, 0xfb, 0xee, 0x49,
+    0x36, 0x8f, 0xe3, 0x2d, 0x46, 0x9c, 0xa9, 0xff,
+    0xdd, 0x1a, 0x48, 0x1b, 0x5a, 0x99, 0x84, 0x0a,
+    0x3d, 0x5c, 0xd7, 0x67, 0x32, 0x88, 0x87, 0x2a,
+    0x34, 0x50, 0x04, 0xad, 0xe6, 0xbb, 0x3c, 0xb5,
+    0xee, 0x80, 0x99, 0x70, 0xaa, 0x9d, 0x5a, 0x63,
+    0xec, 0xd5, 0x9a, 0x6a, 0x3a, 0xe8, 0xaa, 0x3d,
+    0x3f, 0xe8, 0x15, 0x2c, 0x16, 0x3e, 0x86, 0x46,
+    0x21, 0xf2, 0xd2, 0x6e, 0x74, 0x3d, 0x53, 0x94,
+    0x7c, 0x41, 0xec, 0x5b, 0xf5, 0xa4, 0xc8, 0x1f,
+    0x75, 0x22, 0x50, 0x58, 0x31, 0xf5, 0x29, 0x9a,
+    0xc2, 0x2c, 0x67, 0xd9, 0xf6, 0x2e, 0xa1, 0xa9,
+    0x0a, 0x69, 0x90, 0x7a, 0xd8, 0xed, 0x5c, 0x09,
+    0x3d, 0x14, 0xa3, 0x2b, 0xc0, 0x47, 0x88, 0xb7,
+    0xea, 0x14, 0x8a, 0xec, 0xaf, 0x0c, 0xb7, 0xc6,
+    0x7c, 0x32, 0x0f, 0x57, 0xea, 0x9f, 0xd4, 0x99,
+    0x8d, 0xab, 0xd6, 0xc9, 0x31, 0x07, 0x81, 0x37,
+    0x3d, 0xf5, 0x07, 0xb3, 0x93, 0xb7, 0x04, 0x20,
+    0xdf, 0x91, 0xef, 0xfb, 0xa6, 0x7d, 0x4b, 0x5d,
+    0xd4, 0x24, 0xd2, 0x0b, 0xc5, 0x34, 0xf6, 0x7a,
+    0xf9, 0x4a, 0x48, 0xc7, 0xab, 0xaf, 0xa8, 0xd2,
+    0xfc, 0x41, 0xc9, 0x8b, 0xa8, 0xc4, 0x2f, 0x94,
+    0x4e, 0xb0, 0xab, 0xd3, 0xd9, 0x09, 0x4b, 0x1f,
+    0x35, 0xb7, 0xb4, 0x4c, 0x2d, 0x6b, 0xe6, 0xb4,
+    0x2e, 0x8a, 0x09, 0xd3, 0x9d, 0x54, 0x3f, 0x53,
+    0xcc, 0x8e, 0x16, 0x18, 0x4e, 0x9a, 0xe8, 0x52,
+    0x84, 0x3a, 0x3e, 0xdb, 0xab, 0x65, 0xc4, 0xa1,
+    0x3c, 0xd0, 0xf6, 0x57, 0x3c, 0x0e, 0x10, 0xed,
+    0xb2, 0xa9, 0x7d, 0x70, 0x3f, 0x18, 0x1a, 0xba,
+    0x31, 0x33, 0xcb, 0x2a, 0xfd, 0x13, 0xf5, 0x23,
+    0xd7, 0x71, 0xfa, 0xb6, 0xe8, 0xda, 0x63, 0xca,
+    0x55, 0x3c, 0x5b, 0x87, 0x27, 0x96, 0x3d, 0xd0,
+    0x43, 0x9d, 0x76, 0x9f, 0x28, 0x5a, 0xb6, 0xc8,
+    0x81, 0xe4, 0x7c, 0x2a, 0x7a, 0x84, 0x0f, 0x2d,
+    0x1b, 0xd0, 0xe4, 0x0e, 0x1b, 0x47, 0x32, 0xc8,
+    0x02, 0x2d, 0x39, 0x0e, 0x7d, 0xb1, 0x12, 0x56,
+    0x50, 0x00, 0xae, 0xcc, 0x45, 0x0a, 0xd5, 0x30,
+    0x16, 0xe7, 0x3a, 0x53, 0x02, 0xbc, 0xd5, 0xef,
+    0xca, 0x00, 0xea, 0x5f, 0xbe, 0x15, 0x0d, 0x08,
+    0x76, 0xc1, 0x03, 0x93, 0x96, 0x4a, 0x88, 0xda,
+    0x9d, 0x0b, 0x51, 0x39, 0x9a, 0xef, 0xd2, 0xde,
+    0x8a, 0x2c, 0xe6, 0xf3, 0xa5, 0x70, 0x15, 0x3a,
+    0x17, 0x43, 0x31, 0xfc, 0x47, 0x9d, 0xec, 0x3b,
+    0x28, 0x6f, 0xdf, 0x45, 0x6f, 0x9e, 0x10, 0xbb,
+    0x8e, 0x43, 0xc5, 0x59, 0xe5, 0x61, 0x9b, 0xa7,
+    0xa1, 0xb8, 0x7a, 0x1c, 0xd4, 0x25, 0x26, 0xca,
+    0xe9, 0x2b, 0x0b, 0x3d, 0x06, 0xeb, 0x44, 0x44,
+    0xab, 0x4a, 0x5e, 0x68, 0x5c, 0x93, 0xf1, 0x3f,
+    0x39, 0x01, 0xb9, 0xf1, 0x01, 0xb7, 0xb6, 0x14,
+    0x44, 0x1d, 0x6d, 0x6b, 0x03, 0x45, 0x0d, 0xf3,
+    0xbf, 0x71, 0x4e, 0xf3, 0x84, 0x3d, 0xef, 0xea,
+    0x60, 0x2e, 0x2e, 0xf7, 0x33, 0xa6, 0xbe, 0x53,
+    0x49, 0x26, 0xed, 0xb4, 0xbf, 0x7f, 0xb0, 0x1d,
+    0x39, 0xb2, 0xc2, 0x88, 0xc2, 0xa2, 0xd4, 0x7f,
+    0x0e, 0x1c, 0x44, 0xa3, 0x38, 0x76, 0xa7, 0xa6,
+    0x19, 0x7e, 0x4c, 0x84, 0x25, 0x01, 0xb2, 0x78,
+    0xb4, 0x56, 0xc5, 0xc1, 0x50, 0x3f, 0xf2, 0xb6,
+    0x76, 0x09, 0x55, 0x57, 0x1c, 0xd1, 0x55, 0x23,
+    0x16, 0x2a, 0x51, 0x16, 0xaa, 0x13, 0x4f, 0x35,
+    0x69, 0xaf, 0xea, 0x01, 0x5f, 0x22, 0xc9, 0x2e,
+    0xe9, 0x8c, 0x6c, 0xa2, 0x17, 0x92, 0xdc, 0x3d,
+    0xd6, 0xf0, 0xfa, 0x5a, 0x53, 0xe0, 0xcd, 0x55,
+    0xa2, 0x91, 0x62, 0xba, 0xae, 0x67, 0x40, 0x1c,
+    0xda, 0xb4, 0xcc, 0xfc, 0x67, 0x1f, 0x44, 0xa0,
+    0x50, 0xa5, 0xde, 0xc5, 0xde, 0x5e, 0xa0, 0x3b,
+    0x05, 0x84, 0x1c, 0x2a, 0xc4, 0x96, 0x47, 0xd6,
+    0x97, 0x56, 0x40, 0x33, 0x99, 0x7c, 0x8b, 0x56,
+    0xb4, 0xfb, 0xf4, 0x23, 0xcb, 0x48, 0x81, 0x6c,
+    0xa4, 0x53, 0x41, 0x8c, 0x28, 0x61, 0xd7, 0x8c,
+    0xde, 0xde, 0xeb, 0xd4, 0xe7, 0x8a, 0x2a, 0x40,
+    0x83, 0x1c, 0xa4, 0x19, 0x0f, 0x6c, 0x73, 0xa5,
+    0x0e, 0xb6, 0x5c, 0x14, 0x36, 0xff, 0xc9, 0x99,
+    0x56, 0x53, 0x8c, 0x4e, 0x4f, 0x4a, 0x82, 0xc8,
+    0x76, 0x83, 0x81, 0xf1, 0x17, 0x82, 0x98, 0x3e,
+    0x9c, 0x99, 0x3a, 0x7c, 0x08, 0x77, 0x3e, 0xe2,
+    0x10, 0x98, 0xb0, 0xf6, 0x1d, 0xd3, 0x24, 0xe8,
+    0x98, 0xcf, 0xd8, 0x9a, 0xb8, 0xd7, 0xbe, 0x56,
+    0xa2, 0xb6, 0xf8, 0x2e, 0xfe, 0xeb, 0x96, 0xfa,
+    0xd0, 0xba, 0x79, 0x9e, 0xde, 0x72, 0x0d, 0x53,
+    0x5f, 0xdd, 0x0d, 0xb2, 0x0a, 0x8f, 0x14, 0x94,
+    0x87, 0x25, 0x5e, 0xcd, 0xd4, 0x4b, 0xaa, 0xc9,
+    0x7e, 0x41, 0x9f, 0x33, 0x77, 0xbe, 0x6d, 0x57,
+    0x68, 0xef, 0xee, 0x1a, 0xc4, 0x5c, 0x7b, 0xca,
+    0x7e, 0x33, 0x93, 0x3d, 0x88, 0x91, 0xd1, 0x34,
+    0x6a, 0x39, 0x98, 0x92, 0x50, 0x1a, 0x02, 0xcf,
+    0x89, 0x34, 0x33, 0x10, 0x65, 0x23, 0x4d, 0xb7,
+    0x00, 0xcc, 0xc1, 0x60, 0xdd, 0x7d, 0x8e, 0xd1,
+    0x16, 0xa7, 0x71, 0x7b, 0x20, 0xcb, 0xe4, 0xe8,
+    0xcc, 0xfc, 0xb8, 0x5f, 0xe4, 0xe2, 0xd6, 0x8c,
+    0x43, 0x9c, 0x06, 0xf4, 0x8d, 0xbc, 0x56, 0xd0,
+    0x0c, 0xd6, 0x0b, 0x6c, 0x33, 0x0e, 0x08, 0x77,
+    0x66, 0x52, 0x1f, 0x48, 0x0c, 0x50, 0x4a, 0xc2,
+    0x99, 0x0a, 0x15, 0x86, 0xc3, 0x9b, 0x7a, 0x5f,
+    0xfb, 0x58, 0xbd, 0x63, 0x0c, 0xbe, 0x83, 0x40,
+    0x8f, 0xba, 0x39, 0xfb, 0x45, 0xb9, 0xf7, 0x96,
+    0x62, 0xec, 0x7e, 0x77, 0xa4, 0xfb, 0xe1, 0x86,
+    0x5c, 0x0a, 0xae, 0x32, 0xbd, 0x79, 0x76, 0x8b
+};
+static const byte ml_dsa_44_good_sig[] = {
+    0x09, 0xf0, 0xae, 0xbb, 0x25, 0xc7, 0xfc, 0xdd,
+    0x93, 0x25, 0x9c, 0x50, 0xd9, 0x2e, 0x72, 0x5d,
+    0x53, 0xf5, 0x29, 0xd7, 0x4c, 0xc2, 0xd6, 0x81,
+    0x5c, 0xf3, 0x3f, 0x9a, 0x8a, 0xa9, 0x00, 0x21,
+    0x6c, 0xc6, 0xb9, 0x72, 0xb7, 0x0e, 0x00, 0x55,
+    0x9f, 0xd7, 0xae, 0x92, 0xc3, 0xbc, 0x8f, 0x2d,
+    0x4f, 0x54, 0x87, 0x56, 0x52, 0xd3, 0xdd, 0xaf,
+    0xe0, 0xff, 0xda, 0x80, 0x1b, 0xf3, 0x56, 0x90,
+    0xdd, 0x07, 0x86, 0xad, 0xf7, 0xf3, 0x8e, 0xcf,
+    0x3a, 0x57, 0x30, 0x52, 0xaa, 0xd2, 0xb1, 0xf0,
+    0x66, 0xea, 0x67, 0xab, 0x94, 0x1d, 0x96, 0x04,
+    0xaa, 0xcf, 0x0e, 0xb0, 0xbc, 0x7d, 0x8a, 0x4c,
+    0x62, 0x21, 0x82, 0x81, 0x98, 0x63, 0x22, 0x91,
+    0xb9, 0xfe, 0x53, 0x63, 0x8d, 0xdf, 0xe6, 0x19,
+    0xc1, 0x54, 0x3b, 0xf0, 0xf5, 0xe4, 0xc4, 0x36,
+    0x66, 0x2f, 0xcc, 0x4f, 0xed, 0xc6, 0x62, 0x7d,
+    0x8b, 0x7b, 0x89, 0xac, 0x23, 0x0b, 0x40, 0x4e,
+    0x2d, 0xdc, 0xe5, 0xa2, 0xbc, 0x8b, 0xac, 0xe7,
+    0x0b, 0xaa, 0x15, 0xa0, 0x79, 0x4a, 0x97, 0x8a,
+    0xc8, 0xb1, 0x31, 0xea, 0x29, 0x99, 0x14, 0x5d,
+    0x5b, 0x8c, 0xc2, 0xd0, 0xc2, 0x29, 0xd0, 0x85,
+    0xb9, 0x25, 0x16, 0x08, 0xe8, 0x41, 0xa7, 0x77,
+    0x1a, 0xbf, 0x5a, 0x48, 0x5a, 0x7f, 0x97, 0x44,
+    0x62, 0xb4, 0x68, 0x2e, 0x05, 0x48, 0xde, 0x0f,
+    0x69, 0xcc, 0x05, 0x3c, 0xa4, 0x85, 0x20, 0x60,
+    0xfd, 0x45, 0x6a, 0x14, 0xb9, 0x76, 0x8d, 0x48,
+    0xe7, 0x71, 0xd0, 0xd7, 0xbe, 0xe3, 0x36, 0xd6,
+    0x94, 0x5c, 0x22, 0x6e, 0x28, 0xc6, 0x34, 0x93,
+    0xf4, 0x6c, 0xf2, 0x62, 0xbf, 0x8f, 0x6d, 0x07,
+    0xff, 0x38, 0x92, 0x23, 0x19, 0x55, 0xd0, 0x66,
+    0x72, 0x76, 0xc1, 0x43, 0xbc, 0x60, 0x5d, 0xaa,
+    0x61, 0x10, 0xdb, 0x0c, 0x49, 0x7b, 0x99, 0xce,
+    0x14, 0xe3, 0x0b, 0x80, 0xdc, 0x8a, 0x3d, 0xa5,
+    0x3a, 0x0e, 0x29, 0x88, 0x09, 0x1f, 0x9c, 0x03,
+    0x32, 0x13, 0xc2, 0xe1, 0x49, 0x26, 0xc7, 0x11,
+    0xfa, 0x7f, 0x2d, 0x64, 0xfc, 0xf9, 0xaf, 0xd0,
+    0x4d, 0xcf, 0x3a, 0x23, 0x49, 0xde, 0xf2, 0x5d,
+    0xad, 0xf3, 0xde, 0xe0, 0x9a, 0xa2, 0x96, 0x0a,
+    0x9d, 0x97, 0x39, 0x88, 0x60, 0x75, 0xec, 0x29,
+    0x9b, 0x93, 0xfc, 0x80, 0xb3, 0xeb, 0xb0, 0xc6,
+    0xa8, 0xea, 0x75, 0x67, 0xed, 0xbd, 0x42, 0x2a,
+    0xed, 0x22, 0x27, 0xdb, 0x41, 0x3a, 0x94, 0x86,
+    0xd7, 0x4a, 0xf1, 0x8f, 0xa5, 0x47, 0x38, 0xa3,
+    0x3c, 0xe7, 0x17, 0x5d, 0xce, 0xdc, 0x32, 0x7c,
+    0xe4, 0x05, 0x58, 0x98, 0x67, 0xc8, 0xaf, 0x35,
+    0x5d, 0xf9, 0xc0, 0x10, 0x6d, 0x9d, 0xd3, 0x27,
+    0x79, 0x3c, 0x1d, 0xdd, 0xfb, 0x53, 0x3c, 0x03,
+    0x4c, 0xb3, 0x1b, 0x0b, 0x3a, 0x60, 0x80, 0xcd,
+    0x9b, 0x1e, 0x5f, 0x3f, 0x29, 0xfa, 0xb1, 0x09,
+    0x9a, 0x88, 0x58, 0x4a, 0xf5, 0xed, 0xe9, 0x7c,
+    0x9d, 0x70, 0xbe, 0x57, 0xfb, 0x92, 0x12, 0xc9,
+    0x8c, 0x6b, 0x77, 0xe2, 0x44, 0xc6, 0x82, 0x2a,
+    0x29, 0xb3, 0x9c, 0xb0, 0x60, 0xda, 0x3d, 0xcd,
+    0x4e, 0x49, 0x96, 0x8c, 0xd7, 0x2b, 0x29, 0x28,
+    0x7b, 0xec, 0xf1, 0x46, 0x40, 0xf0, 0xe1, 0xd7,
+    0x48, 0x9e, 0xdf, 0xfd, 0xa6, 0xd0, 0xaa, 0x35,
+    0x94, 0x7a, 0x94, 0x57, 0xf3, 0xd4, 0x15, 0x19,
+    0xd3, 0xc5, 0x35, 0x73, 0xc4, 0xf5, 0x86, 0x0d,
+    0x2a, 0x5b, 0x67, 0x0d, 0x8d, 0xaa, 0x18, 0x3e,
+    0xea, 0x9d, 0x80, 0xe7, 0xf8, 0xbb, 0x23, 0xea,
+    0x5d, 0x1c, 0x4d, 0xb2, 0x58, 0x7e, 0xe5, 0xef,
+    0x80, 0xc1, 0x63, 0x44, 0xaf, 0x1d, 0xed, 0xf6,
+    0x92, 0x05, 0x0c, 0xda, 0xcc, 0x58, 0x39, 0x27,
+    0xdd, 0x24, 0xac, 0x63, 0x23, 0x34, 0xaa, 0x2d,
+    0xd0, 0x5b, 0xd7, 0x7f, 0x6d, 0xcb, 0x64, 0xed,
+    0xb3, 0x9b, 0x05, 0x90, 0x79, 0xc2, 0x25, 0x68,
+    0xed, 0xf6, 0xa8, 0x7e, 0x30, 0x4a, 0x46, 0x44,
+    0xad, 0xc8, 0x12, 0x8d, 0x04, 0xc3, 0x11, 0x83,
+    0x7e, 0x77, 0xef, 0x9c, 0xa2, 0xf9, 0x3b, 0x06,
+    0x84, 0x7f, 0x72, 0xd9, 0x2f, 0x22, 0x95, 0xb7,
+    0x7b, 0x4e, 0x35, 0x6a, 0xfa, 0x73, 0x7d, 0x88,
+    0x5b, 0xac, 0x7b, 0xc5, 0x53, 0xc1, 0xfe, 0x6b,
+    0x7c, 0x05, 0xc3, 0xe4, 0xae, 0x48, 0x1a, 0xea,
+    0x6e, 0x51, 0x46, 0x1e, 0x82, 0x80, 0xde, 0x31,
+    0xe1, 0x41, 0x71, 0x88, 0x41, 0xa7, 0xb2, 0xcd,
+    0x3d, 0xf7, 0x5c, 0x4f, 0x4c, 0xfd, 0x3f, 0x6f,
+    0x6c, 0x82, 0xc1, 0xba, 0xe0, 0xf0, 0xb4, 0x8c,
+    0xd5, 0xb5, 0x32, 0xbf, 0x91, 0x49, 0x7e, 0x39,
+    0x5e, 0x0a, 0xdf, 0x4b, 0xd6, 0x07, 0x72, 0xff,
+    0x58, 0x65, 0x1b, 0x1f, 0xc6, 0x56, 0xd2, 0x00,
+    0xec, 0x60, 0xd1, 0x22, 0xc9, 0x1a, 0xa4, 0xcc,
+    0x26, 0xb4, 0xd1, 0x93, 0xbc, 0xfc, 0x52, 0xdf,
+    0xa1, 0x23, 0x37, 0x9b, 0xa2, 0xa8, 0x8f, 0xf3,
+    0x39, 0x03, 0xa5, 0x4c, 0xf0, 0x68, 0xe5, 0x95,
+    0x62, 0xfb, 0xd8, 0x88, 0x39, 0xf6, 0x02, 0x0a,
+    0x4e, 0x7c, 0xf0, 0xbf, 0x71, 0x99, 0x0f, 0x19,
+    0x61, 0xd9, 0x39, 0xe8, 0x3f, 0x59, 0x22, 0x4a,
+    0xaa, 0xdd, 0x03, 0xf8, 0x09, 0xb8, 0xaf, 0xd9,
+    0xb9, 0x9c, 0x3f, 0xf1, 0xfe, 0x49, 0xae, 0x99,
+    0x2f, 0xa2, 0x22, 0x5a, 0x3c, 0xe9, 0xe9, 0xf7,
+    0xba, 0x2d, 0xeb, 0x1f, 0x6c, 0xa7, 0xe1, 0x87,
+    0x2f, 0xa5, 0xff, 0xcf, 0x1c, 0x22, 0x8d, 0xf2,
+    0x5f, 0x63, 0xf5, 0xbb, 0x36, 0x66, 0xcc, 0x62,
+    0x89, 0x8e, 0xf7, 0x78, 0xc5, 0x97, 0x95, 0xde,
+    0xec, 0x43, 0x39, 0x6e, 0x0d, 0xe0, 0x8e, 0xbd,
+    0x2b, 0x3b, 0xe6, 0xff, 0xf5, 0x8f, 0x90, 0xd2,
+    0xd2, 0xce, 0x3b, 0x6f, 0x78, 0xf5, 0xd3, 0x42,
+    0xf3, 0x0f, 0x27, 0x4b, 0x2b, 0xe4, 0xd8, 0x0d,
+    0x31, 0xfa, 0xba, 0xdc, 0x54, 0x21, 0x9a, 0xbf,
+    0x1e, 0x1d, 0x06, 0x8e, 0xd9, 0x58, 0xce, 0x9a,
+    0x71, 0x79, 0x4d, 0xcb, 0xfb, 0x99, 0x4b, 0x66,
+    0xed, 0xef, 0x75, 0x20, 0x4d, 0x47, 0x9b, 0x40,
+    0xd5, 0xcf, 0xd9, 0x00, 0xfe, 0x32, 0x45, 0xae,
+    0x4b, 0x7e, 0x8e, 0x7b, 0xf9, 0xd4, 0xd4, 0x2e,
+    0x1a, 0x2a, 0xac, 0x73, 0xdb, 0x79, 0xb7, 0x02,
+    0x6a, 0x3d, 0xa2, 0xfe, 0x52, 0x27, 0x25, 0x43,
+    0xd1, 0xb5, 0x48, 0x0e, 0xef, 0xf1, 0x0f, 0xe7,
+    0x27, 0xc2, 0x59, 0x4e, 0x47, 0xe2, 0x12, 0xaa,
+    0x1e, 0xae, 0xbc, 0x86, 0x22, 0x70, 0x33, 0xa5,
+    0x50, 0x3f, 0xed, 0x3c, 0x98, 0xbb, 0xd5, 0xb3,
+    0x3e, 0x43, 0x21, 0x8e, 0x3e, 0x8c, 0xcc, 0x0c,
+    0xcf, 0x50, 0xcd, 0xeb, 0x1b, 0x9d, 0x0c, 0xc9,
+    0xe3, 0x2f, 0xbb, 0x4b, 0x43, 0xfc, 0x37, 0x27,
+    0xcb, 0xc9, 0x5a, 0xe9, 0x45, 0x92, 0x9d, 0xe9,
+    0x60, 0x8f, 0x93, 0x1b, 0xd8, 0x6a, 0x68, 0x86,
+    0xc2, 0x1d, 0x49, 0x92, 0x11, 0x29, 0x62, 0x14,
+    0x15, 0x4c, 0xe9, 0x33, 0xe3, 0x70, 0x2d, 0x6b,
+    0x8b, 0xb5, 0x22, 0x44, 0x82, 0xbe, 0x43, 0xe2,
+    0x80, 0xfb, 0xb5, 0xfa, 0x6a, 0x30, 0x04, 0x20,
+    0xb6, 0x58, 0xe1, 0xf4, 0x8c, 0xe6, 0x4c, 0x7c,
+    0x8d, 0x38, 0xf6, 0xdd, 0x59, 0xfc, 0x5a, 0xd7,
+    0x9f, 0x34, 0x92, 0xcc, 0xde, 0x65, 0x89, 0xa7,
+    0xd9, 0x57, 0xf7, 0xf2, 0x71, 0x39, 0xaf, 0xb6,
+    0x88, 0x02, 0x40, 0x24, 0x8b, 0x4f, 0xc5, 0xfc,
+    0xdc, 0x5c, 0xc0, 0x1d, 0xa6, 0x68, 0x87, 0xe0,
+    0x8f, 0xdc, 0xf0, 0xac, 0xd8, 0x5f, 0x1c, 0xb3,
+    0x07, 0xac, 0x58, 0x97, 0x3f, 0x3e, 0x72, 0x19,
+    0x18, 0x64, 0x55, 0x73, 0x11, 0x71, 0xd1, 0xa4,
+    0xa6, 0x57, 0xb0, 0x27, 0xaf, 0xad, 0x8a, 0xf7,
+    0xdf, 0xde, 0x1e, 0xdb, 0x31, 0xc9, 0x32, 0x85,
+    0x90, 0x40, 0x3d, 0xfe, 0x64, 0x5d, 0xe3, 0x94,
+    0x74, 0x98, 0xa7, 0xed, 0x84, 0x44, 0x13, 0x76,
+    0xba, 0xe9, 0x09, 0x9a, 0x17, 0xe0, 0x38, 0x03,
+    0x3b, 0x7a, 0xa7, 0x0e, 0x74, 0xbd, 0x93, 0xb1,
+    0x85, 0x64, 0xc9, 0xc4, 0x22, 0xb9, 0xdf, 0x80,
+    0xac, 0xa1, 0x17, 0xdb, 0x11, 0xdb, 0xfa, 0xeb,
+    0x90, 0x3c, 0x28, 0xfb, 0xa2, 0x36, 0x76, 0x61,
+    0x20, 0x00, 0x88, 0x15, 0xc0, 0x79, 0x9f, 0x7d,
+    0x9f, 0x90, 0xdb, 0x79, 0xbf, 0x1c, 0xdf, 0x86,
+    0xc9, 0x60, 0x8c, 0xea, 0xa6, 0x24, 0x81, 0xd6,
+    0x6d, 0xd8, 0x8d, 0x17, 0x5f, 0x5c, 0x6d, 0x93,
+    0xbc, 0xed, 0xe5, 0x41, 0x05, 0xbe, 0xc6, 0x0f,
+    0x66, 0x50, 0xc3, 0xce, 0x7e, 0x6c, 0x80, 0x88,
+    0xf5, 0x52, 0x61, 0xaf, 0xdb, 0xc0, 0x80, 0xbe,
+    0x78, 0x49, 0x64, 0x39, 0x54, 0x26, 0xeb, 0xab,
+    0x07, 0x4d, 0x38, 0x66, 0x06, 0x98, 0x58, 0xaa,
+    0x40, 0xc4, 0x89, 0xb2, 0x08, 0x85, 0xf3, 0x14,
+    0x58, 0x5d, 0x36, 0xf7, 0xf0, 0x6b, 0x72, 0x79,
+    0x6d, 0xbe, 0x5e, 0x24, 0x68, 0xf1, 0x3c, 0xa2,
+    0x82, 0x22, 0x6e, 0xc4, 0x46, 0x94, 0x8e, 0x00,
+    0xcb, 0xc0, 0x07, 0x69, 0xa5, 0x6d, 0x57, 0x04,
+    0x79, 0xeb, 0x06, 0x7a, 0x42, 0x20, 0x6e, 0xdc,
+    0xb5, 0xa4, 0xdd, 0x74, 0xb3, 0x92, 0x16, 0x71,
+    0x7d, 0x99, 0xfa, 0x26, 0x35, 0x57, 0xe2, 0x83,
+    0xc2, 0xb6, 0xfb, 0x0a, 0xae, 0x22, 0xed, 0xe3,
+    0x98, 0x65, 0x18, 0x32, 0xf8, 0xe5, 0xed, 0xa9,
+    0xf9, 0x7d, 0xb8, 0xea, 0x21, 0x51, 0x6c, 0x70,
+    0x4c, 0xfa, 0xec, 0x6d, 0x4c, 0xf4, 0xcb, 0x1c,
+    0x43, 0xfb, 0xfc, 0xbb, 0xa9, 0xcb, 0xc5, 0x21,
+    0xb3, 0x89, 0xd6, 0x4c, 0xc4, 0x42, 0xd1, 0x55,
+    0x3d, 0x43, 0x74, 0xbf, 0xb7, 0x47, 0xb3, 0x5b,
+    0x14, 0xc3, 0x8f, 0x42, 0x30, 0x57, 0xb0, 0x22,
+    0x56, 0xbe, 0x8d, 0x88, 0x7e, 0x7d, 0x63, 0xc8,
+    0xec, 0x01, 0x41, 0xd5, 0x9d, 0xb6, 0x7a, 0x3b,
+    0xfe, 0x8b, 0x95, 0x94, 0xdb, 0xca, 0xf1, 0xb4,
+    0x56, 0xd7, 0x83, 0xf4, 0x11, 0x05, 0x65, 0xde,
+    0x7a, 0xa3, 0x5a, 0x7a, 0x70, 0xe4, 0xd2, 0xad,
+    0xc0, 0xff, 0x3f, 0x66, 0x2e, 0x1a, 0x65, 0x38,
+    0xda, 0x1f, 0x3f, 0xac, 0x04, 0x2f, 0x0f, 0xde,
+    0x7e, 0x55, 0x05, 0x12, 0xe9, 0xe7, 0x69, 0xf9,
+    0x34, 0x2c, 0x84, 0x97, 0xa8, 0x86, 0x0c, 0x24,
+    0x32, 0x87, 0xfd, 0xbe, 0x67, 0xd1, 0x02, 0x21,
+    0x3b, 0x33, 0xfd, 0x11, 0xb1, 0xca, 0x4f, 0xeb,
+    0x40, 0x38, 0xf6, 0x19, 0x83, 0x9d, 0x73, 0x44,
+    0x37, 0xd6, 0x69, 0x6d, 0x85, 0xda, 0xf7, 0x69,
+    0xfb, 0x88, 0x2b, 0xe7, 0xe7, 0x3c, 0x18, 0xa8,
+    0x13, 0xb7, 0xee, 0x5c, 0x50, 0x5b, 0xa3, 0x09,
+    0x1c, 0xef, 0x8d, 0x37, 0x89, 0x75, 0x0f, 0x8b,
+    0xea, 0x17, 0x02, 0x47, 0x21, 0xcb, 0xa8, 0x73,
+    0x71, 0x23, 0x4c, 0xf7, 0x50, 0xdd, 0x21, 0xe5,
+    0xdb, 0x40, 0x3a, 0x87, 0x40, 0x8d, 0x60, 0x89,
+    0x9e, 0x20, 0x00, 0x58, 0xeb, 0xbb, 0x24, 0x9b,
+    0x0a, 0x17, 0x8f, 0xf6, 0x56, 0x07, 0x11, 0x5b,
+    0xa7, 0xcd, 0x93, 0x0a, 0x31, 0x3d, 0x1f, 0x45,
+    0xa0, 0x08, 0x8f, 0x88, 0x34, 0xa5, 0x01, 0x3b,
+    0xea, 0x07, 0xa3, 0x7b, 0x66, 0x3e, 0x96, 0xe8,
+    0xf7, 0x4d, 0x63, 0x04, 0x55, 0x89, 0xf1, 0x02,
+    0x1e, 0x4a, 0x21, 0xb1, 0x2b, 0x8c, 0x7f, 0x2e,
+    0x0c, 0x64, 0x26, 0x36, 0xd8, 0x63, 0xab, 0xf5,
+    0x22, 0xaf, 0xa9, 0xfa, 0xfa, 0x21, 0x4b, 0x7e,
+    0x6f, 0x8c, 0xce, 0x98, 0xf2, 0x85, 0x3f, 0x2c,
+    0x07, 0x90, 0xc3, 0x2c, 0x06, 0xc5, 0xde, 0xc8,
+    0xc2, 0x7c, 0xd7, 0x9b, 0x64, 0x25, 0x8a, 0x9b,
+    0x77, 0x07, 0xc7, 0x4c, 0xd7, 0x67, 0xff, 0xe6,
+    0xdb, 0x17, 0xf5, 0xc4, 0x2a, 0x14, 0x44, 0x1a,
+    0xff, 0xda, 0xe0, 0xa7, 0x09, 0x1c, 0xe9, 0x03,
+    0xde, 0x4a, 0x59, 0xe4, 0xdf, 0xa3, 0x0d, 0x3a,
+    0x43, 0xdf, 0x80, 0x82, 0x87, 0xfa, 0x75, 0xf5,
+    0xe8, 0xef, 0x6f, 0xd0, 0x89, 0xdd, 0xa1, 0x75,
+    0x17, 0x5b, 0x71, 0x47, 0xe8, 0x8d, 0xae, 0xf6,
+    0x18, 0x7f, 0xb9, 0x24, 0x68, 0x3f, 0x17, 0x6b,
+    0xa8, 0x30, 0x67, 0x7e, 0x02, 0x9b, 0xf6, 0x4d,
+    0x03, 0xa8, 0xfb, 0x33, 0x2f, 0xb4, 0x65, 0x72,
+    0x2a, 0x30, 0xa6, 0x93, 0x94, 0x7a, 0x41, 0x0f,
+    0xd3, 0x67, 0x0b, 0xba, 0xa4, 0x49, 0x7c, 0xcf,
+    0x1f, 0x59, 0x1e, 0x2e, 0x45, 0xd4, 0xa8, 0xb1,
+    0x98, 0x2b, 0xd7, 0x6f, 0x55, 0xb8, 0xf2, 0x65,
+    0x7b, 0x96, 0x18, 0xf7, 0x2e, 0xde, 0x9c, 0x39,
+    0x7a, 0x08, 0x2e, 0xe7, 0x3c, 0x9e, 0x4a, 0xfe,
+    0xba, 0x49, 0xce, 0xba, 0x65, 0x18, 0xae, 0xae,
+    0x9b, 0xd5, 0xf5, 0xeb, 0xd3, 0xdc, 0xd7, 0x2c,
+    0x92, 0x3c, 0xe2, 0x93, 0xb9, 0x69, 0xf2, 0x20,
+    0xea, 0xbd, 0xa9, 0x01, 0x2b, 0x72, 0x7c, 0x93,
+    0x6c, 0x1f, 0x80, 0x3a, 0xd2, 0x2d, 0xf6, 0xc1,
+    0x31, 0x63, 0xd2, 0x2f, 0x6c, 0x1a, 0x54, 0x1f,
+    0x74, 0xe6, 0xa0, 0xac, 0xb1, 0x04, 0x03, 0xb3,
+    0x22, 0x19, 0x48, 0x0a, 0xa7, 0x55, 0x25, 0xc1,
+    0x77, 0x28, 0xb9, 0xbe, 0xef, 0xa8, 0xc6, 0x2b,
+    0xd5, 0x6c, 0x5d, 0x7b, 0x85, 0xcd, 0x10, 0x2d,
+    0x9e, 0xfd, 0xb8, 0xa5, 0x10, 0x65, 0xf7, 0x29,
+    0xa7, 0x41, 0x18, 0xc8, 0xc2, 0x23, 0xe5, 0xcb,
+    0x96, 0x91, 0x8a, 0x7e, 0x45, 0x30, 0x6b, 0x91,
+    0xf1, 0x88, 0xb3, 0x2e, 0x92, 0x96, 0x0a, 0x42,
+    0x4a, 0x16, 0x9d, 0x0c, 0xa8, 0xa7, 0xe5, 0x64,
+    0x38, 0x8a, 0x53, 0x41, 0x28, 0xbf, 0xd7, 0xa4,
+    0x14, 0x05, 0x59, 0x11, 0x2e, 0x0f, 0xc8, 0x5c,
+    0x97, 0x8d, 0xd3, 0x92, 0xbf, 0xb9, 0x05, 0xfa,
+    0xff, 0x38, 0xbf, 0xd6, 0xc5, 0x22, 0xf8, 0xa4,
+    0x75, 0x30, 0x45, 0x93, 0x14, 0xda, 0xc0, 0x7f,
+    0xea, 0x24, 0xe0, 0x33, 0x68, 0xf2, 0x6d, 0xe1,
+    0xb1, 0x0c, 0x7d, 0x40, 0xaa, 0x16, 0x53, 0xa1,
+    0xf6, 0x26, 0xb1, 0x25, 0xe8, 0x83, 0xe9, 0xea,
+    0xea, 0xd2, 0x5a, 0x24, 0xda, 0xe2, 0x6e, 0xd1,
+    0x2a, 0x87, 0x64, 0x48, 0x13, 0x55, 0xb1, 0x2c,
+    0x1a, 0x58, 0x43, 0x5b, 0x63, 0x14, 0x3e, 0x02,
+    0xf0, 0xcf, 0x61, 0x7d, 0x83, 0x81, 0xb9, 0x65,
+    0x4b, 0x72, 0xee, 0xff, 0xfb, 0x6a, 0xbe, 0x71,
+    0x26, 0x56, 0x28, 0x13, 0x9f, 0x31, 0xda, 0x8c,
+    0x2f, 0xdb, 0x21, 0xbe, 0x4b, 0x66, 0xbb, 0xad,
+    0x7a, 0x13, 0x55, 0x92, 0x7c, 0xb5, 0x6e, 0x5f,
+    0x45, 0x1b, 0x64, 0x2d, 0xad, 0x6d, 0x32, 0x07,
+    0xe4, 0x91, 0xdc, 0x0c, 0x1b, 0x5f, 0xcd, 0x86,
+    0xe2, 0x99, 0x2b, 0xb9, 0x7e, 0x60, 0xbd, 0xad,
+    0xa1, 0x5c, 0xab, 0x7f, 0x76, 0xf3, 0x77, 0xba,
+    0x73, 0x7f, 0x6a, 0x88, 0x4e, 0xff, 0x40, 0x72,
+    0x7a, 0x4d, 0x9b, 0x20, 0x2d, 0xc9, 0x2a, 0x30,
+    0x0f, 0x8f, 0x0f, 0xc9, 0x79, 0xc8, 0xc3, 0x8a,
+    0x83, 0x52, 0xff, 0x66, 0x7a, 0x42, 0x04, 0x08,
+    0x6e, 0x5b, 0x13, 0xda, 0xb9, 0xb6, 0x2d, 0x45,
+    0x77, 0x9a, 0xa0, 0x2b, 0xc1, 0x87, 0xc2, 0xa6,
+    0x35, 0x7f, 0x39, 0x34, 0x2e, 0x95, 0x1e, 0x8c,
+    0xbf, 0x89, 0x6d, 0xcf, 0x82, 0xb8, 0x9f, 0x9b,
+    0xd1, 0xbc, 0xa2, 0x55, 0x83, 0xf4, 0xca, 0x21,
+    0x11, 0x8f, 0x28, 0xa9, 0x5e, 0x28, 0x23, 0xb4,
+    0x43, 0x60, 0xb6, 0x11, 0x1a, 0x6f, 0xb4, 0xd1,
+    0x96, 0xc8, 0x79, 0xf2, 0x39, 0x8b, 0x82, 0xae,
+    0xe0, 0xc2, 0xe4, 0xf9, 0xfb, 0xf8, 0x85, 0x64,
+    0x28, 0xad, 0xb5, 0xfd, 0x37, 0xc5, 0x21, 0x38,
+    0x31, 0x94, 0x0d, 0xbe, 0xd8, 0xaf, 0x9b, 0x8a,
+    0x7d, 0xfb, 0x56, 0xd8, 0x23, 0xf7, 0x55, 0x55,
+    0xe7, 0xd9, 0x63, 0x65, 0xfd, 0x64, 0x2e, 0x8a,
+    0x1d, 0x1b, 0xac, 0x4e, 0x2f, 0xef, 0x1b, 0x77,
+    0xca, 0x01, 0xd6, 0xfc, 0xb0, 0x11, 0xda, 0x6b,
+    0xef, 0x9f, 0x76, 0x81, 0x3e, 0x3f, 0x26, 0x4b,
+    0x3b, 0x97, 0xa0, 0x7d, 0xd6, 0xcf, 0x51, 0x0d,
+    0x06, 0xf7, 0xf5, 0x88, 0x64, 0x34, 0x7a, 0xe3,
+    0xb9, 0x16, 0xc3, 0x06, 0x04, 0xf3, 0xe9, 0x55,
+    0xd2, 0xff, 0x49, 0xec, 0x57, 0x84, 0x1f, 0x39,
+    0x28, 0x71, 0x57, 0x87, 0x40, 0xf2, 0x7a, 0x30,
+    0xa0, 0x88, 0xba, 0x6c, 0xb1, 0x09, 0x30, 0x3a,
+    0x11, 0x75, 0xcf, 0xbe, 0x4c, 0xf7, 0xf7, 0xca,
+    0x44, 0x52, 0x91, 0xd0, 0x4c, 0x12, 0x3e, 0x3a,
+    0x4b, 0x31, 0x20, 0xfe, 0x27, 0xd2, 0x08, 0x5b,
+    0x83, 0x7b, 0x82, 0xd3, 0xa3, 0x72, 0xba, 0x2f,
+    0x5f, 0xa3, 0x71, 0xcd, 0x8d, 0x3f, 0x94, 0xce,
+    0x86, 0xa8, 0x6b, 0x43, 0xb7, 0x06, 0x80, 0x70,
+    0x64, 0x06, 0xab, 0x54, 0xce, 0xb5, 0x29, 0xaf,
+    0x73, 0xf7, 0x0f, 0x65, 0x70, 0xa7, 0x84, 0x1a,
+    0x0b, 0xdb, 0x0c, 0xa9, 0x20, 0xea, 0x06, 0x7a,
+    0xba, 0x80, 0xc6, 0xae, 0x3e, 0x0a, 0x7b, 0xd6,
+    0x21, 0x99, 0xe0, 0xae, 0x6e, 0x8f, 0x80, 0xa9,
+    0x97, 0x27, 0x3d, 0x7e, 0xb2, 0xd8, 0x06, 0x10,
+    0x36, 0x07, 0x64, 0x12, 0xd0, 0xc7, 0x91, 0xd2,
+    0x81, 0x74, 0x22, 0x8b, 0x8f, 0xe0, 0x48, 0xc4,
+    0xe1, 0x9b, 0x05, 0xc8, 0xc5, 0xc3, 0x9a, 0x7b,
+    0x9d, 0xee, 0x23, 0xe0, 0x98, 0xc0, 0xd0, 0x05,
+    0x21, 0x89, 0x9a, 0xf4, 0x45, 0xd1, 0x1d, 0x80,
+    0x79, 0xb7, 0xfe, 0x3c, 0xff, 0x84, 0x86, 0xf0,
+    0x2a, 0x69, 0x8b, 0x2d, 0x3b, 0x82, 0xa0, 0xab,
+    0xee, 0xe6, 0xf4, 0x64, 0x84, 0x2b, 0x7a, 0x42,
+    0x12, 0x8d, 0x10, 0xa6, 0xae, 0x10, 0x6d, 0x03,
+    0xb5, 0x72, 0x09, 0xf8, 0x3f, 0xe4, 0x1c, 0x0a,
+    0x08, 0x0d, 0x1a, 0x45, 0x5b, 0x70, 0x7b, 0x95,
+    0xa1, 0xa7, 0xb4, 0xb6, 0xbf, 0xcc, 0xfc, 0x09,
+    0x1a, 0x30, 0x40, 0x44, 0x5e, 0x69, 0x73, 0x7a,
+    0x81, 0xa5, 0xb9, 0xd7, 0xdd, 0xe3, 0xee, 0xfb,
+    0x16, 0x1a, 0x1d, 0x40, 0x41, 0x4e, 0x8d, 0x90,
+    0x92, 0x9d, 0xaf, 0xb0, 0xbb, 0xc2, 0xe0, 0xfc,
+    0x06, 0x0b, 0x20, 0x37, 0x47, 0x50, 0x53, 0x65,
+    0x87, 0x89, 0x99, 0xa4, 0xb7, 0xdb, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0f, 0x20, 0x30, 0x3e
+};
+#endif
+
+static int test_wc_dilithium(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM)
+    dilithium_key* key;
+    byte level;
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    WC_RNG rng;
+#endif
+    byte* privKey = NULL;
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE;
+#endif
+    byte* pubKey = NULL;
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(privKey);
+    pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(pubKey);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#endif
+
+    ExpectIntEQ(wc_dilithium_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    wc_dilithium_free(NULL);
+
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    wc_dilithium_free(key);
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    ExpectIntEQ(wc_dilithium_set_level(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 4), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(NULL, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
+    ExpectIntEQ(level, WC_ML_DSA_87);
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL5_KEY_SIZE);
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL5_PRV_KEY_SIZE);
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL5_SIG_SIZE);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
+    ExpectIntEQ(level, WC_ML_DSA_65);
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL3_KEY_SIZE);
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL3_PRV_KEY_SIZE);
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL3_SIG_SIZE);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
+    ExpectIntEQ(level, WC_ML_DSA_44);
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL2_KEY_SIZE);
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL2_PRV_KEY_SIZE);
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL2_SIG_SIZE);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_dilithium_free(key);
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    wc_FreeRng(&rng);
+#endif
+    XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    dilithium_key* key;
+    WC_RNG rng;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), WC_NO_ERR_TRACE(BAD_STATE_E));
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+    ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_sign(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    dilithium_key* key;
+    dilithium_key* importKey = NULL;
+    WC_RNG rng;
+    byte* privKey = NULL;
+    word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE;
+    word32 badKeyLen;
+    byte msg[32];
+    byte* sig = NULL;
+    word32 sigLen = DILITHIUM_MAX_SIG_SIZE;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(importKey);
+    privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(privKey);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    if (importKey != NULL) {
+        XMEMSET(importKey, 0, sizeof(*importKey));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0x55, sizeof(msg));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level2_key,
+        sizeof_bench_dilithium_level2_key, key), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level3_key,
+        sizeof_bench_dilithium_level3_key, key), 0);
+#else
+    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level5_key,
+        sizeof_bench_dilithium_level5_key, key), 0);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+#endif
+
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, &sigLen, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, key, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, &sigLen, key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, &sigLen, key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, NULL, key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, NULL, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
+
+    ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(key, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(key, NULL, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    badKeyLen = 0;
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &badKeyLen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_KEY_SIZE);
+#else
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_KEY_SIZE);
+#endif
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
+        0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL3_KEY_SIZE);
+#else
+    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL5_KEY_SIZE);
+#endif
+
+    ExpectIntEQ(wc_dilithium_init(importKey), 0);
+    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_dilithium_import_private(NULL, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(NULL, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
+        0);
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
+#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
+    ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
+#endif
+    wc_dilithium_free(importKey);
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_verify(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+    (!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_DILITHIUM_NO_SIGN))
+    dilithium_key* key;
+    dilithium_key* importKey = NULL;
+    WC_RNG rng;
+    byte* pubKey = NULL;
+    word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+    word32 badKeyLen;
+    byte msg[32];
+    byte* sig = NULL;
+    word32 sigLen = DILITHIUM_MAX_SIG_SIZE;
+    int res;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    byte b;
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(importKey);
+    pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(pubKey);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    if (importKey != NULL) {
+        XMEMSET(importKey, 0, sizeof(*importKey));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0x55, sizeof(msg));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_44)
+    ExpectIntEQ(wc_dilithium_import_public(ml_dsa_44_pub_key,
+        (word32)sizeof(ml_dsa_44_pub_key), key), 0);
+    if (sig != NULL) {
+        XMEMCPY(sig, ml_dsa_44_good_sig, sizeof(ml_dsa_44_good_sig));
+    }
+    sigLen = (word32)sizeof(ml_dsa_44_good_sig);
+#else
+#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level3_pub_key,
+        sizeof_bench_dilithium_level3_pub_key, key), 0);
+#else
+    ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level5_pub_key,
+        sizeof_bench_dilithium_level5_pub_key, key), 0);
+#endif /* !WOLFSSL_NO_ML_DSA_65 */
+#else
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+
+    ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(key, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(key, NULL, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    badKeyLen = 0;
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &badKeyLen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+#else
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+#endif
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+#else
+    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+#endif
+
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, NULL, 32, NULL, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, msg, 32, NULL, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, &res, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, sigLen, msg, 32, &res, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, msg, 32, &res, key),
+       WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, NULL, 32, &res, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, NULL, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    res = 0;
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    ExpectIntEQ(wc_dilithium_init(importKey), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_dilithium_import_public(NULL, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(NULL, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), 0);
+    res = 0;
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, importKey),
+        0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
+    ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    wc_dilithium_free(importKey);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (sig != NULL) {
+        if (sig[sigLen - 5] == 0) {
+            /* Unused hints meant to be 0. */
+            sig[sigLen - 5] = 0xff;
+            res = 1;
+            ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
+                key), WC_NO_ERR_TRACE(SIG_VERIFY_E));
+            ExpectIntEQ(res, 0);
+            sig[sigLen - 5] = 0x00;
+        }
+
+        /* Last count of hints must be less than PARAMS_ML_DSA_44_OMEGA == 80 */
+        b = sig[sigLen - 1];
+        sig[sigLen - 1] = 0xff;
+        res = 1;
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            WC_NO_ERR_TRACE(SIG_VERIFY_E));
+        ExpectIntEQ(res, 0);
+        sig[sigLen - 1] = b;
+
+        if (sig[sigLen - 4] > 1) {
+            /* Index must be less than previous. */
+            b = sig[sigLen - 84];
+            sig[sigLen - 84] = 0xff;
+            res = 1;
+            ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
+                key), WC_NO_ERR_TRACE(SIG_VERIFY_E));
+            ExpectIntEQ(res, 0);
+            sig[sigLen - 84] = b;
+        }
+
+        /* Mess up commit hash. */
+        sig[0] ^= 0x80;
+        res = 1;
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            0);
+        ExpectIntEQ(res, 0);
+        sig[0] ^= 0x80;
+
+        /* Mess up z. */
+        sig[100] ^= 0x80;
+        res = 1;
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            0);
+        ExpectIntEQ(res, 0);
+        sig[100] ^= 0x80;
+
+        /* Set all indices to 0. */
+        XMEMSET(sig + sigLen - 4, 0, 4);
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            WC_NO_ERR_TRACE(SIG_VERIFY_E));
+        ExpectIntEQ(res, 0);
+    }
+#endif
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_sign_vfy(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    dilithium_key* key;
+    WC_RNG rng;
+    byte msg[64];
+    byte* sig = NULL;
+    word32 sigLen;
+    byte ctx[10];
+    int res;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0xAA, sizeof(msg));
+    XMEMSET(ctx, 0x01, sizeof(ctx));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+
+    wc_FreeRng(&rng);
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_check_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    dilithium_key* checkKey;
+    WC_RNG rng;
+    byte* privCheckKey = NULL;
+    word32 privCheckKeyLen = DILITHIUM_MAX_KEY_SIZE;
+    byte* pubCheckKey = NULL;
+    word32 pubCheckKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+
+    checkKey = (dilithium_key*)XMALLOC(sizeof(*checkKey), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(checkKey);
+    privCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(privCheckKey);
+    pubCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(pubCheckKey);
+
+    if (checkKey != NULL) {
+        XMEMSET(checkKey, 0, sizeof(*checkKey));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_dilithium_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_dilithium_init(checkKey), 0);
+
+    ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_dilithium_make_key(checkKey, &rng), 0);
+
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, &privCheckKeyLen, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, pubCheckKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL,
+        &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL     , privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL        ,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        NULL            , pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, NULL       , &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, NULL           ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), 0);
+
+    /* Modify hash. */
+    if ((pubCheckKey != NULL) && EXPECT_SUCCESS()) {
+        pubCheckKey[0] ^= 0x80;
+        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey, 0, NULL, 0, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, pubCheckKey, 0, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(NULL        ,
+            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            0              , pubCheckKey, pubCheckKeyLen, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, NULL       , pubCheckKeyLen, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, pubCheckKey, 0             , checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL     ),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), 0);
+        ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
+        pubCheckKey[0] ^= 0x80;
+
+        /* Modify encoded t1. */
+        pubCheckKey[48] ^= 0x80;
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen,pubCheckKey, pubCheckKeyLen, checkKey), 0);
+        ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
+        pubCheckKey[48] ^= 0x80;
+    }
+
+    wc_dilithium_free(checkKey);
+    wc_FreeRng(&rng);
+
+    XFREE(pubCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(privCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(checkKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+static const unsigned char ml_dsa_public_der[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+        0x30, 0x82, 0x05, 0x32, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x11, 0x03, 0x82, 0x05, 0x21, 0x00,
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5,
+        0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC,
+        0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14,
+        0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA,
+        0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA,
+        0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A,
+        0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7,
+        0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6,
+        0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7,
+        0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F,
+        0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA,
+        0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40,
+        0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37,
+        0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A,
+        0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F,
+        0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15,
+        0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89,
+        0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0,
+        0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC,
+        0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76,
+        0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76,
+        0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D,
+        0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00,
+        0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8,
+        0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F,
+        0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC,
+        0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54,
+        0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80,
+        0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4,
+        0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4,
+        0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB,
+        0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F,
+        0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6,
+        0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9,
+        0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA,
+        0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00,
+        0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29,
+        0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79,
+        0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F,
+        0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80,
+        0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64,
+        0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7,
+        0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61,
+        0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61,
+        0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50,
+        0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD,
+        0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21,
+        0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38,
+        0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45,
+        0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14,
+        0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD,
+        0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9,
+        0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65,
+        0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3,
+        0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9,
+        0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38,
+        0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F,
+        0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5,
+        0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0,
+        0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04,
+        0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC,
+        0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27,
+        0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76,
+        0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35,
+        0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC,
+        0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6,
+        0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F,
+        0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED,
+        0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C,
+        0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55,
+        0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3,
+        0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F,
+        0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA,
+        0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA,
+        0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D,
+        0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35,
+        0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13,
+        0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4,
+        0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C,
+        0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A,
+        0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95,
+        0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B,
+        0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42,
+        0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB,
+        0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF,
+        0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6,
+        0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19,
+        0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B,
+        0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1,
+        0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE,
+        0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79,
+        0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51,
+        0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5,
+        0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63,
+        0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96,
+        0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA,
+        0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92,
+        0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F,
+        0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18,
+        0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24,
+        0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF,
+        0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4,
+        0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3,
+        0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD,
+        0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF,
+        0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61,
+        0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F,
+        0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13,
+        0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70,
+        0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42,
+        0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A,
+        0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D,
+        0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86,
+        0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39,
+        0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99,
+        0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85,
+        0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7,
+        0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3,
+        0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29,
+        0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA,
+        0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6,
+        0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F,
+        0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC,
+        0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03,
+        0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09,
+        0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF,
+        0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD,
+        0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1,
+        0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8,
+        0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60,
+        0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF,
+        0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F,
+        0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60,
+        0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA,
+        0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC,
+        0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34,
+        0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99,
+        0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF,
+        0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D,
+        0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D,
+        0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55,
+        0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE,
+        0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54,
+        0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68,
+        0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B,
+        0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15,
+        0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF,
+        0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED,
+        0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2,
+        0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98,
+        0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2,
+        0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F,
+        0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02,
+        0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51,
+        0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3,
+        0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A,
+        0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E,
+        0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4,
+        0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F,
+        0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+        0x30, 0x82, 0x07, 0xb2, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x12, 0x03, 0x82, 0x07, 0xa1, 0x00,
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC,
+        0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A,
+        0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8,
+        0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D,
+        0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1,
+        0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D,
+        0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89,
+        0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49,
+        0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95,
+        0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F,
+        0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3,
+        0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C,
+        0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51,
+        0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56,
+        0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06,
+        0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F,
+        0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06,
+        0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6,
+        0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18,
+        0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB,
+        0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19,
+        0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65,
+        0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A,
+        0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1,
+        0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8,
+        0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A,
+        0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8,
+        0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B,
+        0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13,
+        0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28,
+        0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81,
+        0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00,
+        0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1,
+        0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18,
+        0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80,
+        0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47,
+        0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09,
+        0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD,
+        0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C,
+        0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD,
+        0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5,
+        0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2,
+        0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F,
+        0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09,
+        0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F,
+        0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC,
+        0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC,
+        0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20,
+        0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91,
+        0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D,
+        0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29,
+        0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47,
+        0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92,
+        0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7,
+        0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2,
+        0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24,
+        0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7,
+        0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35,
+        0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7,
+        0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD,
+        0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE,
+        0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25,
+        0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1,
+        0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45,
+        0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E,
+        0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE,
+        0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45,
+        0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E,
+        0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54,
+        0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04,
+        0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E,
+        0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48,
+        0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D,
+        0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C,
+        0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC,
+        0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73,
+        0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B,
+        0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA,
+        0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88,
+        0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE,
+        0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB,
+        0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45,
+        0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01,
+        0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D,
+        0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79,
+        0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44,
+        0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1,
+        0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04,
+        0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E,
+        0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23,
+        0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38,
+        0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02,
+        0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49,
+        0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD,
+        0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF,
+        0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6,
+        0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB,
+        0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7,
+        0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49,
+        0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62,
+        0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA,
+        0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28,
+        0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3,
+        0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12,
+        0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3,
+        0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB,
+        0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97,
+        0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B,
+        0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C,
+        0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B,
+        0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C,
+        0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80,
+        0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64,
+        0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B,
+        0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3,
+        0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73,
+        0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2,
+        0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C,
+        0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5,
+        0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A,
+        0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02,
+        0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8,
+        0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76,
+        0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25,
+        0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C,
+        0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE,
+        0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69,
+        0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB,
+        0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33,
+        0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99,
+        0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1,
+        0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04,
+        0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA,
+        0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74,
+        0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13,
+        0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B,
+        0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31,
+        0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE,
+        0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9,
+        0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E,
+        0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47,
+        0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9,
+        0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B,
+        0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB,
+        0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45,
+        0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC,
+        0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8,
+        0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A,
+        0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14,
+        0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60,
+        0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B,
+        0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71,
+        0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39,
+        0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5,
+        0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0,
+        0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C,
+        0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02,
+        0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66,
+        0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2,
+        0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7,
+        0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44,
+        0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13,
+        0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A,
+        0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF,
+        0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46,
+        0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2,
+        0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE,
+        0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27,
+        0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D,
+        0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75,
+        0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09,
+        0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D,
+        0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C,
+        0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5,
+        0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78,
+        0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6,
+        0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7,
+        0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5,
+        0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A,
+        0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3,
+        0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39,
+        0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14,
+        0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7,
+        0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1,
+        0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C,
+        0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB,
+        0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F,
+        0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B,
+        0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32,
+        0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45,
+        0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69,
+        0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87,
+        0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D,
+        0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7,
+        0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A,
+        0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5,
+        0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6,
+        0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA,
+        0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41,
+        0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66,
+        0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31,
+        0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82,
+        0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72,
+        0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA,
+        0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D,
+        0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9,
+        0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3,
+        0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1,
+        0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36,
+        0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D,
+        0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F,
+        0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4,
+        0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C,
+        0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A,
+        0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF,
+        0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0,
+        0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A,
+        0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B,
+        0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76,
+        0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8,
+        0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA,
+        0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3,
+        0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F,
+        0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4,
+        0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50,
+        0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E,
+        0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72,
+        0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47,
+        0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52,
+        0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0,
+        0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A,
+        0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A,
+        0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD,
+        0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF,
+        0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B,
+        0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8,
+        0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66,
+        0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55,
+        0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE,
+        0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED
+#else
+        0x30, 0x82, 0x0a, 0x32, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x13, 0x03, 0x82, 0x0a, 0x21, 0x00,
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5,
+        0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19,
+        0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41,
+        0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF,
+        0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A,
+        0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B,
+        0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96,
+        0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18,
+        0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4,
+        0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39,
+        0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E,
+        0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76,
+        0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D,
+        0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24,
+        0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08,
+        0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9,
+        0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E,
+        0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28,
+        0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5,
+        0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06,
+        0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B,
+        0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92,
+        0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D,
+        0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20,
+        0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87,
+        0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17,
+        0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C,
+        0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5,
+        0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2,
+        0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34,
+        0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B,
+        0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9,
+        0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8,
+        0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E,
+        0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35,
+        0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7,
+        0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C,
+        0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74,
+        0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7,
+        0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1,
+        0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9,
+        0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97,
+        0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2,
+        0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB,
+        0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D,
+        0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1,
+        0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4,
+        0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE,
+        0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32,
+        0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61,
+        0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26,
+        0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3,
+        0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43,
+        0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2,
+        0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA,
+        0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F,
+        0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4,
+        0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45,
+        0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F,
+        0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A,
+        0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95,
+        0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B,
+        0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07,
+        0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92,
+        0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C,
+        0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60,
+        0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F,
+        0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2,
+        0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9,
+        0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85,
+        0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55,
+        0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71,
+        0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00,
+        0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD,
+        0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D,
+        0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20,
+        0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF,
+        0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55,
+        0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5,
+        0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6,
+        0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B,
+        0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2,
+        0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A,
+        0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82,
+        0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B,
+        0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00,
+        0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B,
+        0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7,
+        0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1,
+        0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C,
+        0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67,
+        0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8,
+        0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95,
+        0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC,
+        0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A,
+        0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D,
+        0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF,
+        0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE,
+        0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79,
+        0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35,
+        0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E,
+        0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC,
+        0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD,
+        0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9,
+        0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3,
+        0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA,
+        0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A,
+        0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88,
+        0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85,
+        0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE,
+        0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F,
+        0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B,
+        0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33,
+        0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71,
+        0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1,
+        0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08,
+        0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00,
+        0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F,
+        0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43,
+        0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82,
+        0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8,
+        0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25,
+        0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8,
+        0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26,
+        0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B,
+        0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0,
+        0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E,
+        0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11,
+        0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F,
+        0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16,
+        0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17,
+        0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50,
+        0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E,
+        0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF,
+        0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E,
+        0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80,
+        0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8,
+        0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10,
+        0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95,
+        0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1,
+        0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60,
+        0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2,
+        0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE,
+        0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C,
+        0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA,
+        0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E,
+        0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61,
+        0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E,
+        0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87,
+        0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8,
+        0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82,
+        0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A,
+        0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41,
+        0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87,
+        0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59,
+        0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63,
+        0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94,
+        0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78,
+        0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B,
+        0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89,
+        0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63,
+        0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24,
+        0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F,
+        0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36,
+        0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F,
+        0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8,
+        0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6,
+        0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1,
+        0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED,
+        0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC,
+        0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA,
+        0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC,
+        0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31,
+        0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB,
+        0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40,
+        0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A,
+        0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47,
+        0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C,
+        0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90,
+        0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1,
+        0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5,
+        0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42,
+        0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61,
+        0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79,
+        0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75,
+        0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A,
+        0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A,
+        0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07,
+        0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51,
+        0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0,
+        0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5,
+        0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA,
+        0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C,
+        0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87,
+        0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6,
+        0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8,
+        0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB,
+        0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD,
+        0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49,
+        0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0,
+        0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8,
+        0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB,
+        0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6,
+        0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0,
+        0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62,
+        0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B,
+        0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87,
+        0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F,
+        0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE,
+        0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B,
+        0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1,
+        0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93,
+        0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD,
+        0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F,
+        0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F,
+        0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78,
+        0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09,
+        0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE,
+        0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4,
+        0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC,
+        0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D,
+        0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22,
+        0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C,
+        0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4,
+        0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98,
+        0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22,
+        0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2,
+        0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71,
+        0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7,
+        0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04,
+        0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E,
+        0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B,
+        0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D,
+        0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF,
+        0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6,
+        0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB,
+        0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5,
+        0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3,
+        0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46,
+        0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D,
+        0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2,
+        0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C,
+        0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C,
+        0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C,
+        0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C,
+        0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA,
+        0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16,
+        0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53,
+        0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31,
+        0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2,
+        0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C,
+        0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86,
+        0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85,
+        0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24,
+        0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44,
+        0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68,
+        0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06,
+        0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93,
+        0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2,
+        0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0,
+        0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7,
+        0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04,
+        0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17,
+        0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14,
+        0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A,
+        0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C,
+        0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A,
+        0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2,
+        0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46,
+        0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D,
+        0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C,
+        0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32,
+        0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA,
+        0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B,
+        0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C,
+        0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E,
+        0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00,
+        0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55,
+        0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A,
+        0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E,
+        0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29,
+        0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33,
+        0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B,
+        0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D,
+        0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61,
+        0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42,
+        0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4,
+        0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF,
+        0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87,
+        0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2,
+        0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2,
+        0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5,
+        0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42,
+        0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8,
+        0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C,
+        0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68,
+        0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB,
+        0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1,
+        0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5,
+        0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE,
+        0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4,
+        0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77,
+        0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98,
+        0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A,
+        0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D,
+        0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97,
+        0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79,
+        0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA,
+        0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97,
+        0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33,
+        0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58,
+        0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61,
+        0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C,
+        0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6,
+        0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B,
+        0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55,
+        0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55,
+        0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65,
+        0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53,
+        0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9
+#endif
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+static const unsigned char dilithium_public_der[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+    0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00,
+    0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2,
+    0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09,
+    0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb,
+    0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f,
+    0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a,
+    0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1,
+    0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75,
+    0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c,
+    0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9,
+    0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a,
+    0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb,
+    0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea,
+    0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5,
+    0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a,
+    0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a,
+    0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b,
+    0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33,
+    0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1,
+    0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f,
+    0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2,
+    0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb,
+    0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70,
+    0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9,
+    0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4,
+    0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6,
+    0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b,
+    0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52,
+    0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6,
+    0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0,
+    0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66,
+    0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1,
+    0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4,
+    0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5,
+    0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b,
+    0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a,
+    0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f,
+    0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20,
+    0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37,
+    0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21,
+    0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72,
+    0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3,
+    0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34,
+    0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29,
+    0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d,
+    0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88,
+    0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27,
+    0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd,
+    0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b,
+    0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f,
+    0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39,
+    0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63,
+    0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56,
+    0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4,
+    0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed,
+    0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49,
+    0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34,
+    0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc,
+    0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7,
+    0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3,
+    0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8,
+    0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94,
+    0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2,
+    0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd,
+    0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02,
+    0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec,
+    0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22,
+    0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f,
+    0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9,
+    0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92,
+    0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84,
+    0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a,
+    0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12,
+    0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b,
+    0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0,
+    0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a,
+    0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda,
+    0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf,
+    0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e,
+    0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98,
+    0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3,
+    0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50,
+    0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0,
+    0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83,
+    0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70,
+    0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed,
+    0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce,
+    0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6,
+    0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86,
+    0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0,
+    0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb,
+    0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8,
+    0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb,
+    0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09,
+    0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7,
+    0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9,
+    0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84,
+    0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2,
+    0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a,
+    0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32,
+    0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84,
+    0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92,
+    0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde,
+    0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c,
+    0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94,
+    0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f,
+    0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85,
+    0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7,
+    0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56,
+    0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57,
+    0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94,
+    0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac,
+    0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1,
+    0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d,
+    0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f,
+    0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5,
+    0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b,
+    0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55,
+    0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b,
+    0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d,
+    0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16,
+    0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0,
+    0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda,
+    0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71,
+    0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f,
+    0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24,
+    0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4,
+    0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2,
+    0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70,
+    0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6,
+    0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0,
+    0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb,
+    0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a,
+    0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce,
+    0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4,
+    0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46,
+    0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45,
+    0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea,
+    0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6,
+    0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e,
+    0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d,
+    0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29,
+    0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11,
+    0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32,
+    0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17,
+    0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab,
+    0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba,
+    0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21,
+    0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8,
+    0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84,
+    0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc,
+    0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82,
+    0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47,
+    0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74,
+    0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42,
+    0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff,
+    0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18,
+    0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a,
+    0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb,
+    0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06,
+    0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b,
+    0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36,
+    0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef,
+    0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e,
+    0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00,
+    0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4,
+    0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9,
+    0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d,
+    0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f,
+    0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a,
+    0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08,
+    0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98,
+    0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b,
+    0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78,
+    0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7,
+    0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e,
+    0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03,
+    0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59,
+    0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11,
+    0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89,
+    0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2,
+    0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9,
+    0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b,
+    0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b,
+    0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6,
+    0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc,
+    0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5,
+    0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35,
+    0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d,
+    0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa,
+    0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6,
+    0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c,
+    0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82,
+    0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce,
+    0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf,
+    0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c,
+    0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76,
+    0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52,
+    0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22,
+    0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba,
+    0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6,
+    0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68,
+    0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8,
+    0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c,
+    0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28,
+    0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72,
+    0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb,
+    0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e,
+    0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f,
+    0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a,
+    0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47,
+    0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32,
+    0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a,
+    0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39,
+    0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc,
+    0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5,
+    0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2,
+    0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84,
+    0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6,
+    0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0,
+    0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe,
+    0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4,
+    0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e,
+    0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67,
+    0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00,
+    0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71,
+    0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2,
+    0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b,
+    0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75,
+    0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00,
+    0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7,
+    0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed,
+    0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4,
+    0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba,
+    0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3,
+    0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa,
+    0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a,
+    0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c,
+    0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b,
+    0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72,
+    0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6,
+    0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33,
+    0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa,
+    0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9,
+    0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5,
+    0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14,
+    0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8,
+    0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6,
+    0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18,
+    0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83,
+    0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2,
+    0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d,
+    0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17,
+    0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42,
+    0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8,
+    0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2,
+    0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d,
+    0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92,
+    0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46,
+    0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2,
+    0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73,
+    0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18,
+    0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd,
+    0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1,
+    0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f,
+    0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81,
+    0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93,
+    0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde,
+    0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf,
+    0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77,
+    0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4,
+    0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36,
+    0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9,
+    0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf,
+    0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c,
+    0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a,
+    0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78,
+    0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf,
+    0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94,
+    0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d,
+    0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7,
+    0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0,
+    0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a,
+    0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98,
+    0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b,
+    0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1,
+    0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d,
+    0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78,
+    0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54,
+    0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79,
+    0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1,
+    0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68,
+    0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25,
+    0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f,
+    0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36,
+    0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70,
+    0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29,
+    0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c,
+    0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08,
+    0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69,
+    0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75,
+    0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89,
+    0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e,
+    0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d,
+    0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e,
+    0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9,
+    0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf,
+    0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf,
+    0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e,
+    0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e,
+    0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2,
+    0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20,
+    0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14,
+    0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91,
+    0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1,
+    0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68,
+    0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86,
+    0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41,
+    0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7,
+    0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89,
+    0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0,
+    0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5,
+    0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73,
+    0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb,
+    0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d,
+    0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29,
+    0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97,
+    0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a,
+    0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d,
+    0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90,
+    0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48,
+    0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5,
+    0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec,
+    0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c,
+    0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01,
+    0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc,
+    0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0,
+    0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e,
+    0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27,
+    0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca,
+    0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29,
+    0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e,
+    0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48,
+    0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83,
+    0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae,
+    0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd,
+    0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8,
+    0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71,
+    0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c,
+    0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41,
+    0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41,
+    0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2,
+    0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb,
+    0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1,
+    0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf,
+    0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d,
+    0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e,
+    0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e,
+    0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4,
+    0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b,
+    0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e,
+    0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14,
+    0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76,
+    0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95,
+    0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e,
+    0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01,
+    0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b,
+    0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba,
+    0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08,
+    0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb,
+    0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed,
+    0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda,
+    0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec,
+    0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48,
+    0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe,
+    0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02,
+    0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5,
+    0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa,
+    0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc,
+    0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34,
+    0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44,
+    0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71,
+    0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d,
+    0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9,
+    0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f,
+    0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81,
+    0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e,
+    0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff,
+    0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24,
+    0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58,
+    0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e,
+    0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35,
+    0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a,
+    0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e,
+    0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d,
+    0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00,
+    0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9,
+    0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10,
+    0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74,
+    0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f,
+    0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f,
+    0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59,
+    0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53,
+    0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f,
+    0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2,
+    0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9,
+    0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c,
+    0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e,
+    0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd
+#else
+    0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00,
+    0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec,
+    0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf,
+    0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c,
+    0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64,
+    0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1,
+    0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66,
+    0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26,
+    0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31,
+    0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d,
+    0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce,
+    0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02,
+    0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02,
+    0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95,
+    0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8,
+    0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15,
+    0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8,
+    0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe,
+    0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04,
+    0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4,
+    0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac,
+    0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7,
+    0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1,
+    0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86,
+    0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39,
+    0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4,
+    0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4,
+    0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27,
+    0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76,
+    0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5,
+    0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36,
+    0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36,
+    0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2,
+    0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b,
+    0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e,
+    0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab,
+    0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac,
+    0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76,
+    0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff,
+    0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09,
+    0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b,
+    0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e,
+    0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53,
+    0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17,
+    0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41,
+    0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73,
+    0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d,
+    0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c,
+    0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0,
+    0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51,
+    0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d,
+    0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea,
+    0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02,
+    0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c,
+    0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00,
+    0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e,
+    0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5,
+    0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9,
+    0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42,
+    0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36,
+    0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45,
+    0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc,
+    0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d,
+    0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6,
+    0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0,
+    0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65,
+    0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63,
+    0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2,
+    0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9,
+    0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b,
+    0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23,
+    0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57,
+    0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97,
+    0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb,
+    0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd,
+    0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf,
+    0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd,
+    0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc,
+    0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24,
+    0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae,
+    0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c,
+    0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85,
+    0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0,
+    0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60,
+    0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0,
+    0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f,
+    0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07,
+    0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff,
+    0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c,
+    0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44,
+    0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50,
+    0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f,
+    0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c,
+    0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2,
+    0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0,
+    0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83,
+    0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96,
+    0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28,
+    0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa,
+    0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78,
+    0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c,
+    0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0,
+    0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d,
+    0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1,
+    0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9,
+    0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42,
+    0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00,
+    0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb,
+    0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3,
+    0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57,
+    0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49,
+    0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d,
+    0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d,
+    0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f,
+    0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28,
+    0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03,
+    0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe,
+    0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a,
+    0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9,
+    0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c,
+    0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b,
+    0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07,
+    0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6,
+    0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33,
+    0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03,
+    0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a,
+    0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e,
+    0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda,
+    0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40,
+    0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9,
+    0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e,
+    0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6,
+    0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02,
+    0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03,
+    0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39,
+    0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4,
+    0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc,
+    0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f,
+    0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6,
+    0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2,
+    0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76,
+    0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24,
+    0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f,
+    0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36,
+    0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16,
+    0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85,
+    0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94,
+    0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69,
+    0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e,
+    0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d,
+    0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1,
+    0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d,
+    0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2,
+    0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce,
+    0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99,
+    0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86,
+    0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca,
+    0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c,
+    0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60,
+    0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0,
+    0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06,
+    0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc,
+    0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90,
+    0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf,
+    0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9,
+    0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6,
+    0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a,
+    0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2,
+    0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd,
+    0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76,
+    0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e,
+    0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0,
+    0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4,
+    0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8,
+    0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12,
+    0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c,
+    0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49,
+    0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed,
+    0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15,
+    0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7,
+    0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20,
+    0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31,
+    0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c,
+    0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c,
+    0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd,
+    0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36,
+    0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee,
+    0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a,
+    0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef,
+    0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22,
+    0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0,
+    0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2,
+    0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa,
+    0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9,
+    0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f,
+    0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad,
+    0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4,
+    0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec,
+    0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43,
+    0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed,
+    0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9,
+    0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84,
+    0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7,
+    0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73,
+    0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda,
+    0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02,
+    0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a,
+    0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16,
+    0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37,
+    0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1,
+    0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87,
+    0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46,
+    0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16,
+    0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5,
+    0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39,
+    0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10,
+    0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e,
+    0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2,
+    0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed,
+    0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4,
+    0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a,
+    0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2,
+    0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b,
+    0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd,
+    0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e,
+    0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27,
+    0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77,
+    0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9,
+    0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6,
+    0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6,
+    0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96,
+    0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c,
+    0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15,
+    0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb,
+    0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b,
+    0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe,
+    0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4,
+    0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50,
+    0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4,
+    0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85,
+    0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d,
+    0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3,
+    0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98,
+    0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78,
+    0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52,
+    0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82,
+    0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f,
+    0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b,
+    0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26,
+    0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9,
+    0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99,
+    0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb,
+    0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1,
+    0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c,
+    0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59,
+    0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c,
+    0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66,
+    0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f,
+    0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46,
+    0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9,
+    0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3,
+    0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8,
+    0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00,
+    0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2,
+    0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b,
+    0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70,
+    0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08,
+    0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e,
+    0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab,
+    0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25,
+    0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31,
+    0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5,
+    0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5,
+    0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5,
+    0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1,
+    0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d,
+    0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46,
+    0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90,
+    0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27,
+    0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff,
+    0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7,
+    0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e,
+    0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9,
+    0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33,
+    0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b,
+    0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a,
+    0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1,
+    0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d,
+    0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc,
+    0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1,
+    0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd,
+    0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8,
+    0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62,
+    0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1,
+    0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc,
+    0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81,
+    0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b,
+    0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32,
+    0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c,
+    0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab,
+    0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4,
+    0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58,
+    0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97,
+    0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62,
+    0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f,
+    0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72,
+    0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9,
+    0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9,
+    0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30,
+    0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99,
+    0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5,
+    0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb,
+    0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0,
+    0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99,
+    0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd,
+    0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4,
+    0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2,
+    0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a,
+    0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b,
+    0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b,
+    0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90,
+    0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6,
+    0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad,
+    0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c,
+    0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49
+#endif
+};
+#endif
+#endif
+
+static int test_wc_dilithium_public_der_decode(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+    dilithium_key* key;
+    word32 idx = 0;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(ml_dsa_public_der, &idx, key,
+        (word32)sizeof(ml_dsa_public_der)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    idx = 0;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+#endif
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key,
+        (word32)sizeof(dilithium_public_der)), 0);
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_der(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+#define DILITHIUM_MAX_DER_SIZE    8192
+    dilithium_key* key;
+    WC_RNG rng;
+    byte* der = NULL;
+    int len;
+    int pubLen;
+    int pubDerLen;
+    int privDerLen;
+    int keyDerLen;
+    word32 idx = 0;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+    pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 32;
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+    pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 32;
+#else
+    pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+    pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 32;
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    der = (byte*)XMALLOC(DILITHIUM_MAX_DER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(der);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    if (der != NULL) {
+        XMEMSET(der, 0, sizeof(*der));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* When security level is not set, we attempt to parse it from DER. Since
+     * the supplied DER is invalid, this should fail with ASN parsing error */
+    idx = 0;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
+                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
+                WC_NO_ERR_TRACE(ASN_PARSE_E));
+#endif
+    idx = 0;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
+                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
+                WC_NO_ERR_TRACE(ASN_PARSE_E));
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, 0                     ,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , 0                     ,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0                     ,
+        0), WC_NO_ERR_TRACE(BUFFER_E));
+    /* Get length only. */
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
+        0), pubLen);
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE,
+        0), pubLen);
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
+        1), pubDerLen);
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE,
+        1), pubDerLen);
+
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
+        0                     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL,
+        0                     ), 0);
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
+        0                     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
+        DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
+        DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der ,
+        0                     ), WC_NO_ERR_TRACE(BUFFER_E));
+    /* Get length only. */
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL,
+        DILITHIUM_MAX_DER_SIZE), privDerLen);
+
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0                     ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0                     ),
+        0           );
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0                     ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0                     ),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Get length only. */
+    ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE),
+        keyDerLen);
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, NULL, 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, NULL, 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, key , 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, key , pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, key , pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, NULL, pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, key , 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, NULL, 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, NULL, 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, key , 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, key , privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, key , privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, NULL, privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, key , 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
+        DILITHIUM_MAX_DER_SIZE, 0), pubLen);
+    ExpectIntEQ(wc_dilithium_import_public(der, len, key), 0);
+
+    ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
+        DILITHIUM_MAX_DER_SIZE, 1), pubDerLen);
+    idx = 0;
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0);
+
+    ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der,
+        DILITHIUM_MAX_DER_SIZE), privDerLen);
+    idx = 0;
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0);
+
+    ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
+        keyDerLen);
+    idx = 0;
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0);
+
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_make_key_from_seed(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    dilithium_key* key;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte seed_44[] = {
+        0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99,
+        0x9D, 0x14, 0x2A, 0xBE, 0x02, 0x95, 0x48, 0x23,
+        0x70, 0xD3, 0xF4, 0x3B, 0xDB, 0x25, 0x4A, 0x78,
+        0xE2, 0xB0, 0xD5, 0x16, 0x8E, 0xCA, 0x06, 0x5F
+    };
+    static const byte pk_44[] = {
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5,
+        0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC,
+        0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14,
+        0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA,
+        0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA,
+        0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A,
+        0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7,
+        0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6,
+        0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7,
+        0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F,
+        0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA,
+        0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40,
+        0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37,
+        0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A,
+        0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F,
+        0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15,
+        0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89,
+        0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0,
+        0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC,
+        0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76,
+        0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76,
+        0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D,
+        0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00,
+        0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8,
+        0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F,
+        0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC,
+        0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54,
+        0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80,
+        0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4,
+        0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4,
+        0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB,
+        0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F,
+        0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6,
+        0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9,
+        0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA,
+        0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00,
+        0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29,
+        0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79,
+        0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F,
+        0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80,
+        0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64,
+        0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7,
+        0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61,
+        0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61,
+        0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50,
+        0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD,
+        0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21,
+        0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38,
+        0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45,
+        0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14,
+        0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD,
+        0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9,
+        0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65,
+        0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3,
+        0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9,
+        0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38,
+        0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F,
+        0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5,
+        0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0,
+        0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04,
+        0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC,
+        0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27,
+        0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76,
+        0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35,
+        0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC,
+        0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6,
+        0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F,
+        0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED,
+        0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C,
+        0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55,
+        0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3,
+        0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F,
+        0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA,
+        0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA,
+        0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D,
+        0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35,
+        0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13,
+        0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4,
+        0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C,
+        0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A,
+        0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95,
+        0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B,
+        0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42,
+        0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB,
+        0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF,
+        0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6,
+        0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19,
+        0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B,
+        0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1,
+        0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE,
+        0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79,
+        0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51,
+        0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5,
+        0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63,
+        0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96,
+        0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA,
+        0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92,
+        0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F,
+        0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18,
+        0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24,
+        0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF,
+        0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4,
+        0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3,
+        0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD,
+        0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF,
+        0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61,
+        0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F,
+        0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13,
+        0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70,
+        0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42,
+        0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A,
+        0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D,
+        0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86,
+        0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39,
+        0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99,
+        0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85,
+        0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7,
+        0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3,
+        0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29,
+        0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA,
+        0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6,
+        0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F,
+        0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC,
+        0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03,
+        0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09,
+        0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF,
+        0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD,
+        0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1,
+        0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8,
+        0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60,
+        0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF,
+        0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F,
+        0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60,
+        0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA,
+        0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC,
+        0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34,
+        0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99,
+        0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF,
+        0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D,
+        0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D,
+        0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55,
+        0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE,
+        0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54,
+        0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68,
+        0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B,
+        0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15,
+        0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF,
+        0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED,
+        0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2,
+        0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98,
+        0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2,
+        0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F,
+        0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02,
+        0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51,
+        0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3,
+        0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A,
+        0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E,
+        0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4,
+        0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F,
+        0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34
+    };
+    static const byte sk_44[] = {
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0xBA, 0x2B, 0x57, 0xC4, 0x46, 0x55, 0x6E, 0xE2,
+        0xB7, 0x2C, 0x78, 0xB9, 0x6B, 0xB7, 0xA8, 0x50,
+        0x3D, 0xE4, 0x0A, 0xFB, 0x54, 0x18, 0x4E, 0x3B,
+        0x54, 0x63, 0xC2, 0x1A, 0xF7, 0x48, 0x53, 0x23,
+        0xDF, 0x98, 0xF0, 0x16, 0x0A, 0xE5, 0xD1, 0x37,
+        0x51, 0x27, 0x25, 0xF8, 0x9D, 0x56, 0x3B, 0xC9,
+        0xA1, 0x89, 0xD3, 0x1D, 0x20, 0xB3, 0xB3, 0xC8,
+        0xFF, 0xAA, 0xF5, 0xE4, 0x86, 0xE7, 0x90, 0x51,
+        0xF6, 0xF3, 0x60, 0x5C, 0xCA, 0x25, 0x69, 0xFD,
+        0xB4, 0x6B, 0x33, 0x18, 0xD2, 0x38, 0x42, 0xCE,
+        0x40, 0xD6, 0x43, 0x86, 0x13, 0xF6, 0x8B, 0x45,
+        0x5B, 0x0D, 0x3B, 0xCA, 0x0E, 0x05, 0x0D, 0x4D,
+        0x11, 0x99, 0x88, 0xA2, 0xC4, 0x80, 0x1B, 0x90,
+        0x84, 0xE0, 0xB0, 0x48, 0xC9, 0x28, 0x09, 0x22,
+        0x30, 0x90, 0x24, 0x06, 0x49, 0x98, 0x40, 0x65,
+        0x5A, 0x26, 0x8A, 0xDA, 0x32, 0x90, 0xDA, 0x48,
+        0x08, 0x22, 0x81, 0x90, 0xC8, 0x14, 0x61, 0xDC,
+        0x16, 0x6A, 0x21, 0x47, 0x8E, 0x08, 0xB2, 0x21,
+        0xE3, 0x08, 0x68, 0x1A, 0x02, 0x44, 0x14, 0xC6,
+        0x65, 0xE1, 0x98, 0x71, 0x90, 0xC6, 0x69, 0x0C,
+        0x15, 0x44, 0xC9, 0xA0, 0x11, 0xCC, 0x34, 0x71,
+        0x83, 0x40, 0x45, 0x00, 0x12, 0x4D, 0x91, 0x08,
+        0x00, 0x83, 0x36, 0x84, 0x12, 0x85, 0x4C, 0xCC,
+        0x00, 0x41, 0x09, 0x90, 0x70, 0x18, 0x95, 0x00,
+        0xA2, 0xB2, 0x85, 0x94, 0x26, 0x41, 0x0B, 0x00,
+        0x41, 0x0A, 0xB9, 0x80, 0xC0, 0xC6, 0x10, 0x0C,
+        0x33, 0x29, 0xA3, 0xA6, 0x28, 0x1C, 0x26, 0x10,
+        0x1A, 0x37, 0x49, 0x13, 0x35, 0x8A, 0x0B, 0x29,
+        0x2E, 0x82, 0xA2, 0x70, 0x8B, 0x38, 0x49, 0x94,
+        0x04, 0x80, 0x9B, 0x26, 0x10, 0xA4, 0x80, 0x30,
+        0x04, 0x37, 0x0C, 0x48, 0xB2, 0x60, 0x04, 0x17,
+        0x2E, 0x19, 0x49, 0x64, 0xC8, 0xC4, 0x64, 0x1A,
+        0x96, 0x60, 0x10, 0x83, 0x6D, 0x20, 0x38, 0x22,
+        0x49, 0x06, 0x08, 0x1B, 0xB7, 0x20, 0x01, 0x48,
+        0x4D, 0xE1, 0x10, 0x49, 0x08, 0x38, 0x44, 0x4C,
+        0x16, 0x8E, 0x04, 0xB2, 0x2C, 0x09, 0x91, 0x50,
+        0x83, 0x36, 0x06, 0x5C, 0x02, 0x8C, 0x8A, 0x38,
+        0x05, 0x1A, 0xB5, 0x81, 0x82, 0xC0, 0x09, 0x51,
+        0x12, 0x72, 0x22, 0x10, 0x0D, 0x04, 0x08, 0x2A,
+        0xA4, 0x84, 0x10, 0x58, 0x08, 0x52, 0x08, 0x26,
+        0x0A, 0x02, 0xB6, 0x2D, 0x8A, 0x12, 0x0E, 0x14,
+        0x22, 0x10, 0x48, 0x44, 0x0A, 0x14, 0x23, 0x91,
+        0x50, 0x40, 0x90, 0x0A, 0x27, 0x92, 0xA4, 0xB0,
+        0x60, 0x08, 0x84, 0x11, 0xC4, 0x40, 0x22, 0x63,
+        0x46, 0x2A, 0xDA, 0xA6, 0x90, 0xC1, 0xB2, 0x30,
+        0x50, 0x10, 0x00, 0xA0, 0xB4, 0x6C, 0x53, 0xB4,
+        0x50, 0x13, 0x05, 0x8D, 0x02, 0x31, 0x0E, 0x08,
+        0x20, 0x10, 0x91, 0xC8, 0x4C, 0x22, 0xA7, 0x50,
+        0xC2, 0xA6, 0x70, 0x92, 0x46, 0x41, 0x63, 0x16,
+        0x8C, 0x84, 0x00, 0x11, 0x0B, 0x81, 0x90, 0x13,
+        0x83, 0x71, 0x21, 0x85, 0x30, 0x1B, 0x18, 0x46,
+        0xA3, 0x10, 0x84, 0x14, 0x43, 0x40, 0x80, 0x98,
+        0x25, 0x0C, 0x27, 0x2C, 0x94, 0x42, 0x41, 0xA2,
+        0x88, 0x45, 0x02, 0x13, 0x05, 0x44, 0xB6, 0x44,
+        0x52, 0x22, 0x92, 0xD0, 0x80, 0x50, 0x4B, 0xA6,
+        0x04, 0x84, 0x36, 0x70, 0x09, 0xB2, 0x4D, 0x19,
+        0xA8, 0x84, 0x24, 0x93, 0x49, 0x94, 0xA2, 0x80,
+        0x49, 0xB4, 0x48, 0x91, 0x28, 0x64, 0xA1, 0xC8,
+        0x65, 0x4B, 0x82, 0x85, 0x93, 0x30, 0x06, 0x63,
+        0x12, 0x66, 0x10, 0x37, 0x01, 0x4A, 0x40, 0x80,
+        0x18, 0x18, 0x90, 0x44, 0xC4, 0x0D, 0x4B, 0x28,
+        0x81, 0xA2, 0x06, 0x40, 0xD4, 0x30, 0x2C, 0x1B,
+        0x96, 0x4C, 0xE1, 0xB2, 0x60, 0x44, 0x28, 0x41,
+        0xD8, 0x30, 0x65, 0x24, 0x09, 0x04, 0x64, 0x00,
+        0x89, 0x63, 0xC2, 0x24, 0xC0, 0x00, 0x49, 0x92,
+        0x16, 0x52, 0x23, 0xC1, 0x29, 0x42, 0x26, 0x91,
+        0xD0, 0x38, 0x31, 0x83, 0x28, 0x28, 0x4C, 0x28,
+        0x61, 0x1A, 0xB2, 0x88, 0x80, 0x26, 0x2D, 0x0C,
+        0x19, 0x52, 0x5B, 0x22, 0x60, 0x8A, 0x92, 0x28,
+        0xA2, 0x18, 0x90, 0xD9, 0x42, 0x52, 0xCB, 0x40,
+        0x8E, 0x9B, 0x16, 0x06, 0x4B, 0xC8, 0x05, 0xE0,
+        0x06, 0x6C, 0x49, 0xC2, 0x25, 0xD4, 0x22, 0x69,
+        0x14, 0x11, 0x69, 0x1C, 0x34, 0x90, 0x0C, 0x85,
+        0x8D, 0x1C, 0x84, 0x49, 0x63, 0x10, 0x85, 0x08,
+        0x34, 0x89, 0x58, 0x16, 0x66, 0xA0, 0x38, 0x68,
+        0x0B, 0xA2, 0x50, 0xE0, 0x84, 0x61, 0xC1, 0x26,
+        0x6E, 0xC9, 0x14, 0x6A, 0xC0, 0xC0, 0x31, 0x84,
+        0x18, 0x2E, 0xDC, 0x16, 0x52, 0x14, 0x18, 0x91,
+        0x0A, 0x39, 0x2C, 0x83, 0xA6, 0x8D, 0x12, 0x29,
+        0x62, 0x92, 0xA6, 0x60, 0x08, 0xA5, 0x10, 0xD9,
+        0xC8, 0x4D, 0x24, 0x48, 0x24, 0x83, 0x98, 0x24,
+        0x1A, 0x44, 0x42, 0x08, 0x08, 0x48, 0xC8, 0x96,
+        0x2D, 0xA1, 0x10, 0x20, 0x60, 0x24, 0x51, 0x9C,
+        0x30, 0x11, 0xDB, 0xC8, 0x04, 0x11, 0x22, 0x51,
+        0x18, 0x04, 0x68, 0xE2, 0x24, 0x4E, 0x10, 0xC4,
+        0x0D, 0x18, 0x37, 0x29, 0x11, 0xB7, 0x84, 0x43,
+        0x84, 0x8D, 0x54, 0x40, 0x70, 0x64, 0x80, 0x70,
+        0x21, 0xB0, 0x4D, 0x00, 0x26, 0x62, 0x00, 0x45,
+        0x25, 0x1B, 0x83, 0x84, 0x84, 0x80, 0x70, 0x19,
+        0xB0, 0x04, 0x0A, 0xC9, 0x28, 0xCA, 0x80, 0x05,
+        0x1B, 0x21, 0x4E, 0xD4, 0xB0, 0x49, 0x8C, 0x96,
+        0x6C, 0xD0, 0x96, 0x25, 0x48, 0x32, 0x72, 0x54,
+        0x12, 0x05, 0x09, 0x98, 0x8C, 0x8A, 0x32, 0x6D,
+        0xC0, 0x04, 0x31, 0x63, 0xC8, 0x61, 0xC8, 0xC2,
+        0x68, 0x9B, 0xB4, 0x8C, 0x5B, 0xC0, 0x2D, 0xC3,
+        0xA8, 0x8D, 0x1B, 0x16, 0x6C, 0xD8, 0x96, 0x41,
+        0x98, 0x34, 0x02, 0x44, 0x14, 0x2C, 0xD3, 0x86,
+        0x44, 0x0A, 0x18, 0x8A, 0x1A, 0x46, 0x92, 0x1A,
+        0xB7, 0x08, 0x4C, 0x34, 0x24, 0x21, 0x91, 0x0D,
+        0x9A, 0x96, 0x2D, 0xCB, 0x24, 0x22, 0x92, 0x86,
+        0x08, 0x98, 0xA0, 0x50, 0xDA, 0x44, 0x6A, 0x19,
+        0xB1, 0x05, 0x8B, 0x20, 0x6E, 0x24, 0xC4, 0x81,
+        0xC9, 0x98, 0x40, 0x22, 0x19, 0x32, 0x11, 0x05,
+        0x69, 0xD3, 0x94, 0x91, 0x08, 0xA7, 0x71, 0xDB,
+        0xC0, 0x70, 0x02, 0xB8, 0x28, 0x83, 0xB4, 0x49,
+        0xA0, 0x44, 0x8A, 0x0B, 0xB4, 0x10, 0x61, 0x02,
+        0x48, 0x1C, 0xA6, 0x11, 0xE3, 0x20, 0x66, 0x40,
+        0xB4, 0x70, 0x03, 0xB6, 0x04, 0x60, 0x48, 0x21,
+        0x5B, 0x21, 0x83, 0x39, 0x88, 0xDB, 0x67, 0x4A,
+        0x61, 0xE7, 0xC2, 0x08, 0xDE, 0xBE, 0x8D, 0xAE,
+        0x41, 0x19, 0xAF, 0xB0, 0x26, 0x61, 0xA6, 0x9A,
+        0xBC, 0x8B, 0xDD, 0x24, 0x5B, 0x5D, 0x0F, 0xB1,
+        0xA2, 0x67, 0x01, 0xC9, 0xB9, 0xC9, 0xA8, 0xF7,
+        0xD9, 0xFC, 0xD4, 0xC2, 0x87, 0xFF, 0x3D, 0x60,
+        0x8C, 0xF2, 0x58, 0x28, 0x2A, 0x1E, 0xB2, 0x9F,
+        0x93, 0x04, 0xE8, 0x9C, 0x14, 0xF3, 0xE1, 0xCE,
+        0x56, 0x12, 0x89, 0x1C, 0x60, 0x29, 0x34, 0x52,
+        0x60, 0x06, 0xC9, 0x9B, 0x4A, 0xA2, 0x39, 0x9B,
+        0xF4, 0x94, 0xBC, 0xF8, 0xDF, 0x61, 0xD6, 0xDF,
+        0x4C, 0x69, 0xBC, 0x93, 0xE0, 0x2D, 0x49, 0x95,
+        0xE2, 0xF7, 0x6E, 0x9F, 0xDA, 0x4E, 0xF6, 0x7E,
+        0xB7, 0x25, 0x6C, 0xA8, 0x9A, 0x3F, 0x38, 0xFE,
+        0xB2, 0xE9, 0xDF, 0x6A, 0x01, 0x0D, 0xC1, 0xC1,
+        0x50, 0x02, 0xFB, 0xD4, 0x56, 0xFA, 0xE8, 0x84,
+        0x82, 0x1A, 0x34, 0x16, 0x6B, 0x06, 0x58, 0xA2,
+        0x41, 0x25, 0x95, 0x71, 0x8E, 0x14, 0x9B, 0xBC,
+        0x6E, 0x22, 0x0A, 0xEE, 0x26, 0x8D, 0x4D, 0x82,
+        0x18, 0xC2, 0x5F, 0x6A, 0x95, 0x7D, 0xE5, 0xB2,
+        0x6C, 0xEA, 0x7B, 0x14, 0xCB, 0x32, 0x0D, 0x89,
+        0xE1, 0x69, 0x9A, 0xD9, 0xF2, 0xB3, 0x89, 0xC6,
+        0x7E, 0xF9, 0x33, 0x86, 0xA2, 0xC6, 0x5F, 0x2C,
+        0x32, 0x23, 0x33, 0x67, 0xD7, 0x6A, 0xE4, 0xAB,
+        0x2A, 0xBB, 0xD4, 0x22, 0xE9, 0x8E, 0x49, 0x3D,
+        0xCC, 0x3C, 0xC5, 0xDA, 0xF6, 0x89, 0xB6, 0x5C,
+        0xC4, 0xBC, 0x3F, 0xA5, 0x1C, 0x9C, 0x59, 0xEE,
+        0xAF, 0x07, 0x55, 0x17, 0x0C, 0x24, 0x95, 0x80,
+        0x4D, 0x02, 0xA6, 0x07, 0xC5, 0xBF, 0x88, 0x7C,
+        0xD8, 0x6A, 0x03, 0x89, 0xF2, 0x8F, 0xC9, 0x72,
+        0x5E, 0xF4, 0x60, 0x03, 0xF1, 0x3B, 0x01, 0x87,
+        0x68, 0x4B, 0xEA, 0xB1, 0xF2, 0x4A, 0x29, 0xF5,
+        0x31, 0x96, 0x01, 0xF3, 0x09, 0xC9, 0x1D, 0x2A,
+        0x33, 0x3D, 0x1B, 0x88, 0xDF, 0x20, 0x5A, 0x51,
+        0x20, 0xC4, 0xCF, 0xDC, 0x22, 0x38, 0x12, 0x4E,
+        0x4E, 0x2B, 0x47, 0xD0, 0xB5, 0xE6, 0x6A, 0x65,
+        0x4F, 0xE4, 0xCC, 0xCB, 0x07, 0x8F, 0x07, 0xCB,
+        0xD4, 0x55, 0xD1, 0x5D, 0x3E, 0xEC, 0x7D, 0xA2,
+        0x74, 0xD2, 0x4A, 0x2E, 0x57, 0x18, 0x84, 0xDE,
+        0x41, 0xC3, 0xA9, 0xA4, 0xFD, 0xB3, 0xF6, 0x09,
+        0x8A, 0x17, 0x2C, 0x30, 0x96, 0x80, 0x39, 0xBD,
+        0x0E, 0x4E, 0xB3, 0xE2, 0xFB, 0x6D, 0x6E, 0xEE,
+        0xD3, 0x9E, 0x0B, 0x63, 0x62, 0xD5, 0x4E, 0x7B,
+        0x88, 0x95, 0x98, 0x69, 0xDD, 0xD5, 0xD8, 0x73,
+        0xD9, 0x65, 0x24, 0x01, 0xA2, 0x9F, 0x27, 0xA2,
+        0x8E, 0xA6, 0x6D, 0x32, 0xCC, 0xB0, 0xEF, 0x3B,
+        0xF4, 0x60, 0x0F, 0x75, 0x57, 0xEE, 0x8D, 0x54,
+        0xBF, 0x1D, 0xAD, 0x18, 0xF4, 0x5D, 0xDC, 0xD4,
+        0xC9, 0xED, 0x57, 0xB1, 0x3E, 0x44, 0x5B, 0xF1,
+        0x22, 0xA4, 0x3F, 0x53, 0x94, 0x03, 0x89, 0xBF,
+        0x87, 0x14, 0xFF, 0xAC, 0x72, 0x1E, 0x59, 0x31,
+        0x7E, 0x4B, 0x70, 0x50, 0x0A, 0xD0, 0xD1, 0xB9,
+        0xA6, 0x27, 0x05, 0x4D, 0x31, 0x93, 0x20, 0x8C,
+        0x77, 0x4E, 0x0B, 0x20, 0xED, 0x04, 0x1A, 0x8C,
+        0x05, 0x5E, 0x75, 0xEE, 0xCD, 0x37, 0x38, 0xF0,
+        0x07, 0x15, 0x8F, 0xAD, 0xDF, 0xCA, 0x5F, 0x43,
+        0x56, 0x2D, 0x63, 0x6A, 0x5A, 0xCF, 0x3A, 0x39,
+        0x83, 0xD3, 0xCF, 0xEB, 0xCA, 0x10, 0xB8, 0x13,
+        0xF9, 0xF6, 0x52, 0x65, 0x19, 0x19, 0x9A, 0x03,
+        0x13, 0xCD, 0x1D, 0xE1, 0x3F, 0x06, 0xAD, 0x53,
+        0x86, 0xE1, 0xE1, 0x20, 0x79, 0x5F, 0xD2, 0x67,
+        0xB7, 0xF4, 0x20, 0x19, 0xD8, 0x4D, 0xF6, 0xCD,
+        0x1B, 0xF9, 0x19, 0x30, 0xFC, 0xA7, 0xAF, 0xD5,
+        0x2E, 0x80, 0x70, 0x0F, 0x4C, 0xF5, 0xCD, 0xC3,
+        0x8A, 0x5F, 0x7A, 0x57, 0x49, 0x79, 0x1C, 0x2F,
+        0xDF, 0xFC, 0x4A, 0x10, 0x75, 0x3C, 0x24, 0xDB,
+        0x19, 0xE8, 0xEB, 0x65, 0x1C, 0x5B, 0x36, 0x32,
+        0x00, 0xF0, 0xB5, 0xD1, 0x69, 0x94, 0x70, 0x26,
+        0xE9, 0xF7, 0x4F, 0x01, 0x2D, 0xC7, 0xC5, 0xB3,
+        0x39, 0xDD, 0x49, 0xD2, 0x61, 0xCA, 0x1D, 0x37,
+        0xF8, 0xF2, 0x83, 0x46, 0xE6, 0x19, 0x78, 0x05,
+        0x4F, 0x45, 0xAE, 0xE4, 0x36, 0xDC, 0xCB, 0xE7,
+        0xBF, 0xAF, 0xE0, 0x7C, 0xE9, 0xA8, 0xB8, 0x3C,
+        0x90, 0xA2, 0x68, 0x6F, 0xA9, 0x54, 0x02, 0x85,
+        0x09, 0x25, 0xC8, 0x58, 0x2B, 0xC9, 0xB7, 0x34,
+        0xE4, 0xEC, 0xA1, 0xF7, 0xB2, 0x0B, 0x08, 0x6F,
+        0x12, 0x9F, 0x27, 0x7A, 0x5C, 0xBD, 0xAA, 0x96,
+        0x3C, 0x92, 0x71, 0x7E, 0xF7, 0x0E, 0xC1, 0x9B,
+        0xF3, 0xDB, 0xC6, 0xDA, 0x20, 0x3A, 0xD9, 0x0F,
+        0x3B, 0x13, 0xBB, 0xC2, 0x2F, 0xBD, 0x98, 0x0B,
+        0xB1, 0xB9, 0xD3, 0xA3, 0x44, 0x52, 0xB3, 0x35,
+        0x70, 0x21, 0xCE, 0x36, 0x13, 0x58, 0x4E, 0x09,
+        0x36, 0xBF, 0x1D, 0x09, 0x42, 0x09, 0x37, 0x81,
+        0x5E, 0x11, 0xCC, 0x5D, 0x5D, 0xDB, 0x4B, 0xF1,
+        0xD8, 0x30, 0xC4, 0xF8, 0x3F, 0x30, 0xE5, 0x15,
+        0x92, 0x1C, 0x78, 0x4D, 0x87, 0xBB, 0x20, 0xC0,
+        0x9E, 0x3C, 0x64, 0xBD, 0xCE, 0x9A, 0xB1, 0xC6,
+        0x9F, 0xD3, 0x07, 0xEF, 0xE3, 0x59, 0xC7, 0xF9,
+        0x38, 0x56, 0x6C, 0x9F, 0x25, 0x17, 0xB0, 0x63,
+        0x38, 0x51, 0x67, 0xE2, 0x47, 0xF3, 0x10, 0x81,
+        0x11, 0x9B, 0xAC, 0x6B, 0x55, 0xA0, 0xBD, 0xD7,
+        0x14, 0x25, 0x51, 0x0F, 0xFA, 0x2A, 0xBD, 0xFA,
+        0x88, 0x83, 0x76, 0xA3, 0x7F, 0x20, 0xC2, 0x48,
+        0x01, 0x52, 0xBB, 0x36, 0x16, 0x34, 0x52, 0x00,
+        0x07, 0xC5, 0xB3, 0x4B, 0xF2, 0x28, 0x17, 0xCB,
+        0x2E, 0x67, 0xAC, 0x1A, 0x82, 0x67, 0x0B, 0x71,
+        0xF1, 0x96, 0xC8, 0x9F, 0x23, 0xBA, 0x31, 0x4B,
+        0x16, 0xA9, 0x48, 0x49, 0x93, 0x04, 0xEF, 0x5C,
+        0x03, 0xDC, 0xF5, 0x8E, 0x52, 0xBE, 0x31, 0x48,
+        0x63, 0xE7, 0x23, 0xC5, 0x6D, 0x3A, 0xEB, 0x34,
+        0x0B, 0xFF, 0x18, 0xAB, 0xFA, 0x20, 0xDC, 0x03,
+        0x44, 0x20, 0x30, 0x23, 0x05, 0x33, 0xD9, 0x12,
+        0x9B, 0x83, 0xED, 0x22, 0xC3, 0x51, 0xF2, 0x32,
+        0x81, 0x72, 0xE3, 0x63, 0x44, 0x74, 0x44, 0xAE,
+        0x5C, 0x69, 0x02, 0xB7, 0x92, 0x79, 0x9F, 0x54,
+        0x44, 0x50, 0x78, 0x71, 0x19, 0x61, 0x2E, 0x9B,
+        0xB4, 0x13, 0x0A, 0x33, 0xA2, 0xA5, 0x96, 0x2A,
+        0xC0, 0x9D, 0x57, 0x7D, 0x6D, 0xDC, 0x88, 0x1F,
+        0xE6, 0x61, 0x61, 0x26, 0xD8, 0xA0, 0xA7, 0xDF,
+        0x2B, 0x22, 0x53, 0xBC, 0x8E, 0xC4, 0xE3, 0x53,
+        0x86, 0xEA, 0x55, 0x11, 0xF0, 0xF1, 0x58, 0x87,
+        0x14, 0x5B, 0x6C, 0x23, 0xAB, 0x3D, 0x40, 0x33,
+        0x39, 0xE4, 0x04, 0x07, 0x3E, 0xD9, 0xC6, 0xA8,
+        0x96, 0xA2, 0xF9, 0xEC, 0x70, 0xC4, 0x4B, 0xD2,
+        0xAE, 0xC1, 0x0F, 0xC4, 0x36, 0x0E, 0x87, 0x63,
+        0x6B, 0xE1, 0x55, 0xB6, 0xA6, 0x7B, 0x7E, 0xDF,
+        0x38, 0xCF, 0x73, 0x00, 0x48, 0x13, 0xC9, 0xE7,
+        0xD2, 0xC6, 0x54, 0xC2, 0x53, 0x0A, 0x71, 0xE5,
+        0xF8, 0xC1, 0x09, 0x42, 0xFB, 0x6D, 0x88, 0x41,
+        0x53, 0x5A, 0xB1, 0xDA, 0x43, 0xE8, 0xCB, 0x0B,
+        0xB8, 0x9E, 0x78, 0xEC, 0x91, 0xF8, 0xDE, 0x15,
+        0x31, 0xA0, 0x36, 0x65, 0xCC, 0xD5, 0xA7, 0x5B,
+        0xDA, 0x0E, 0xD0, 0xE5, 0x98, 0x64, 0xEE, 0xEF,
+        0x51, 0xA8, 0x3F, 0xA5, 0x53, 0xAF, 0x66, 0x2A,
+        0xEE, 0x00, 0xD1, 0xF8, 0x36, 0x7B, 0x4D, 0x5D,
+        0xDD, 0xC3, 0x45, 0x54, 0x4C, 0x6B, 0xD5, 0x14,
+        0xF8, 0x88, 0xE6, 0x03, 0x3C, 0x25, 0x5D, 0xB6,
+        0x50, 0xDA, 0x73, 0x4A, 0xD3, 0x3A, 0x3C, 0xF8,
+        0x4B, 0xD3, 0xF0, 0x6F, 0xA1, 0xA7, 0xCA, 0x02,
+        0xE4, 0xB8, 0xE9, 0x93, 0xAE, 0x7A, 0xE6, 0x34,
+        0x20, 0xA4, 0x6B, 0xA8, 0xA3, 0x81, 0x3D, 0x1E,
+        0x9D, 0x29, 0x66, 0xBB, 0x85, 0x60, 0xD7, 0x1C,
+        0x62, 0xA0, 0x44, 0xEA, 0x94, 0x17, 0x9F, 0x4E,
+        0xB1, 0xB6, 0xED, 0x60, 0x71, 0x9D, 0x51, 0xE0,
+        0xEE, 0xF6, 0xCD, 0x07, 0x91, 0x52, 0xF6, 0xBE,
+        0x48, 0x8E, 0xC9, 0x19, 0x11, 0xC6, 0xD3, 0xF1,
+        0xD1, 0x17, 0x3C, 0x54, 0x1F, 0x9D, 0x25, 0xBF,
+        0x34, 0x2F, 0xCA, 0xA3, 0xFF, 0x46, 0xC1, 0x8F,
+        0x2A, 0x04, 0x41, 0xD8, 0x3B, 0xDE, 0x35, 0x46,
+        0xA9, 0x82, 0x6C, 0x34, 0x96, 0xE0, 0x6F, 0x2F,
+        0x2B, 0x0E, 0xEB, 0x9D, 0x5B, 0xE8, 0x73, 0x9F,
+        0x83, 0xA4, 0x2D, 0x3B, 0x30, 0x0E, 0x70, 0xEE,
+        0x84, 0xDF, 0xFF, 0xB2, 0x07, 0x64, 0xA0, 0x60,
+        0x21, 0x2F, 0x05, 0x8C, 0x8A, 0x5F, 0xFA, 0x9A,
+        0x34, 0xE9, 0x28, 0xD6, 0xA7, 0xE0, 0x77, 0x08,
+        0xFE, 0x53, 0x93, 0xE3, 0x01, 0x7C, 0xE4, 0x70,
+        0xEB, 0x96, 0x58, 0xA7, 0x4E, 0x49, 0x51, 0xE6,
+        0xFA, 0x48, 0x54, 0xC9, 0xE9, 0xC2, 0x89, 0x88,
+        0x81, 0x2E, 0x44, 0x18, 0xA2, 0xE8, 0x32, 0x58,
+        0x0B, 0x4A, 0x27, 0x03, 0x72, 0xBC, 0x69, 0x67,
+        0x68, 0x89, 0xD0, 0xCC, 0x43, 0x24, 0x0E, 0xDA,
+        0xBC, 0x1D, 0x31, 0x14, 0xD8, 0xF3, 0x5A, 0xB2,
+        0xE9, 0xEA, 0x95, 0x30, 0x82, 0xE9, 0x53, 0x62,
+        0x79, 0xAC, 0xB3, 0xBE, 0x16, 0xD3, 0xA2, 0x05,
+        0xF4, 0x6C, 0xB6, 0x7B, 0x22, 0x14, 0x96, 0x93,
+        0x5A, 0xC0, 0x42, 0x92, 0xBB, 0xFB, 0x9A, 0x61,
+        0xC0, 0xA0, 0x3E, 0xF4, 0xC9, 0xB6, 0x82, 0x04,
+        0x95, 0xF3, 0xD8, 0x0E, 0x4A, 0x6F, 0xB7, 0xE1,
+        0xC6, 0x99, 0x03, 0xFA, 0x22, 0x6E, 0x02, 0x3E,
+        0x95, 0xBA, 0x41, 0x6D, 0xF2, 0xE5, 0xE4, 0x54,
+        0x1E, 0x15, 0xDC, 0xC0, 0x00, 0xB5, 0xE6, 0x5C,
+        0x97, 0x20, 0xDA, 0xF6, 0x96, 0x01, 0x2F, 0xA2,
+        0xA6, 0xCF, 0x75, 0x8E, 0xD6, 0xD2, 0x25, 0xA3,
+        0xE4, 0xFE, 0xE4, 0x5A, 0xC5, 0xFB, 0x48, 0x70,
+        0x7F, 0xAE, 0x13, 0x3D, 0x59, 0x2C, 0xFD, 0x2E,
+        0x8C, 0x43, 0xC2, 0x12, 0x6F, 0x65, 0x2B, 0xEE,
+        0x9B, 0xAB, 0x43, 0xA1, 0xA1, 0x0B, 0xE2, 0x41,
+        0x1A, 0x67, 0x94, 0xB2, 0x6C, 0xB5, 0x5C, 0xC2,
+        0x17, 0xEB, 0x7B, 0x0B, 0x14, 0x6D, 0x23, 0xF7,
+        0x92, 0x2D, 0x32, 0x22, 0xAE, 0x5E, 0xE8, 0xC6,
+        0xD3, 0x8E, 0x83, 0x99, 0xBA, 0x51, 0xC6, 0x81,
+        0xB8, 0x38, 0x16, 0xFC, 0xF7, 0x44, 0x38, 0x82,
+        0x59, 0x20, 0xF9, 0xCE, 0x8A, 0x20, 0x2A, 0x8F,
+        0x6D, 0x94, 0x2D, 0xA8, 0x62, 0x38, 0xFB, 0x4C,
+        0x9F, 0x21, 0x98, 0xEA, 0x8D, 0xFF, 0x81, 0xC1,
+        0x72, 0x86, 0xE0, 0x18, 0xDF, 0x4B, 0x7F, 0xE3,
+        0x88, 0x4D, 0x17, 0x59, 0xE4, 0xC5, 0x9B, 0xB5,
+        0x26, 0x17, 0xAE, 0xD4, 0xE7, 0x8E, 0x4E, 0x7C,
+        0x4E, 0x9A, 0x36, 0xE4, 0xE9, 0x96, 0xD3, 0x23,
+        0x91, 0xA3, 0x4A, 0x0D, 0xAA, 0xAB, 0x6B, 0x54,
+        0x08, 0x15, 0xA3, 0x4D, 0x20, 0x40, 0x7A, 0xEF,
+        0x81, 0x94, 0x9B, 0xE6, 0x7B, 0x90, 0x69, 0x50,
+        0xD8, 0x9B, 0xE9, 0xF0, 0x85, 0xE9, 0x9E, 0xB5,
+        0x87, 0x26, 0x95, 0x17, 0x3B, 0x3E, 0xFA, 0xCA,
+        0xE9, 0x45, 0x5D, 0x2B, 0x2C, 0xD4, 0xF7, 0x10,
+        0xB8, 0x72, 0xCF, 0x66, 0x2B, 0x73, 0x62, 0x16,
+        0xB1, 0xBB, 0xFB, 0x1F, 0x5F, 0x3D, 0x48, 0x6C,
+        0x7B, 0x4B, 0x87, 0x56, 0x12, 0x33, 0x3F, 0x8E,
+        0x4B, 0xA9, 0x33, 0xDC, 0x79, 0xF0, 0xED, 0xFD,
+        0x7B, 0xAA, 0xDE, 0x2C, 0x16, 0xF2, 0x14, 0x6A,
+        0x49, 0x6F, 0x79, 0xC4, 0x2A, 0x4D, 0x6B, 0x52,
+        0x39, 0xA3, 0x0D, 0xD3, 0xC4, 0x8B, 0xEB, 0x09,
+        0x2C, 0xA0, 0x75, 0x00, 0x10, 0xF6, 0x9E, 0xD4,
+        0xB9, 0x23, 0x20, 0x14, 0x7D, 0xBB, 0xE2, 0x08,
+        0xF6, 0xE8, 0xEB, 0x1C, 0xF2, 0x47, 0xD2, 0x1A,
+        0x3A, 0x3B, 0x01, 0xDF, 0x58, 0xC0, 0xAA, 0x62,
+        0x94, 0x4D, 0xA0, 0xEF, 0x04, 0x50, 0xE8, 0xCE,
+        0x48, 0xAA, 0x13, 0x7E, 0x7E, 0x15, 0x16, 0xC1,
+        0xD5, 0xC8, 0x6E, 0xEA, 0x17, 0xFD, 0xFA, 0xC1,
+        0x69, 0x07, 0x46, 0xE7, 0x26, 0x70, 0x45, 0xA3,
+        0xE9, 0x05, 0x96, 0xBD, 0xB7, 0x5D, 0x50, 0xB6,
+        0xDD, 0x5C, 0x34, 0xE5, 0xC8, 0xD8, 0x9D, 0xC6,
+        0xF2, 0xF1, 0xD2, 0x44, 0x40, 0xE5, 0x7B, 0x47,
+        0x59, 0xB8, 0x62, 0x5F, 0x72, 0xBC, 0x4A, 0x7B,
+        0x10, 0xD5, 0x19, 0xD3, 0x31, 0xF9, 0xC4, 0x00,
+        0xAA, 0xE1, 0xE5, 0x0D, 0x48, 0x0C, 0xAA, 0xE5,
+        0xA1, 0xC0, 0xFA, 0x99, 0xD7, 0x79, 0x24, 0xCF,
+        0x8D, 0xFE, 0x56, 0xCD, 0x70, 0x92, 0xE7, 0xB9
+    };
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte seed_65[] = {
+        0x70, 0xCE, 0xFB, 0x9A, 0xED, 0x5B, 0x68, 0xE0,
+        0x18, 0xB0, 0x79, 0xDA, 0x82, 0x84, 0xB9, 0xD5,
+        0xCA, 0xD5, 0x49, 0x9E, 0xD9, 0xC2, 0x65, 0xFF,
+        0x73, 0x58, 0x80, 0x05, 0xD8, 0x5C, 0x22, 0x5C
+    };
+    static const byte pk_65[] = {
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC,
+        0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A,
+        0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8,
+        0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D,
+        0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1,
+        0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D,
+        0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89,
+        0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49,
+        0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95,
+        0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F,
+        0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3,
+        0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C,
+        0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51,
+        0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56,
+        0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06,
+        0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F,
+        0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06,
+        0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6,
+        0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18,
+        0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB,
+        0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19,
+        0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65,
+        0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A,
+        0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1,
+        0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8,
+        0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A,
+        0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8,
+        0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B,
+        0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13,
+        0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28,
+        0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81,
+        0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00,
+        0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1,
+        0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18,
+        0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80,
+        0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47,
+        0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09,
+        0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD,
+        0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C,
+        0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD,
+        0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5,
+        0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2,
+        0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F,
+        0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09,
+        0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F,
+        0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC,
+        0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC,
+        0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20,
+        0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91,
+        0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D,
+        0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29,
+        0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47,
+        0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92,
+        0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7,
+        0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2,
+        0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24,
+        0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7,
+        0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35,
+        0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7,
+        0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD,
+        0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE,
+        0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25,
+        0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1,
+        0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45,
+        0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E,
+        0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE,
+        0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45,
+        0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E,
+        0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54,
+        0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04,
+        0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E,
+        0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48,
+        0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D,
+        0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C,
+        0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC,
+        0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73,
+        0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B,
+        0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA,
+        0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88,
+        0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE,
+        0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB,
+        0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45,
+        0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01,
+        0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D,
+        0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79,
+        0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44,
+        0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1,
+        0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04,
+        0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E,
+        0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23,
+        0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38,
+        0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02,
+        0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49,
+        0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD,
+        0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF,
+        0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6,
+        0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB,
+        0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7,
+        0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49,
+        0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62,
+        0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA,
+        0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28,
+        0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3,
+        0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12,
+        0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3,
+        0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB,
+        0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97,
+        0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B,
+        0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C,
+        0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B,
+        0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C,
+        0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80,
+        0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64,
+        0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B,
+        0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3,
+        0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73,
+        0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2,
+        0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C,
+        0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5,
+        0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A,
+        0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02,
+        0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8,
+        0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76,
+        0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25,
+        0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C,
+        0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE,
+        0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69,
+        0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB,
+        0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33,
+        0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99,
+        0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1,
+        0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04,
+        0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA,
+        0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74,
+        0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13,
+        0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B,
+        0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31,
+        0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE,
+        0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9,
+        0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E,
+        0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47,
+        0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9,
+        0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B,
+        0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB,
+        0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45,
+        0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC,
+        0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8,
+        0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A,
+        0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14,
+        0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60,
+        0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B,
+        0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71,
+        0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39,
+        0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5,
+        0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0,
+        0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C,
+        0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02,
+        0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66,
+        0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2,
+        0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7,
+        0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44,
+        0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13,
+        0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A,
+        0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF,
+        0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46,
+        0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2,
+        0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE,
+        0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27,
+        0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D,
+        0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75,
+        0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09,
+        0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D,
+        0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C,
+        0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5,
+        0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78,
+        0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6,
+        0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7,
+        0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5,
+        0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A,
+        0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3,
+        0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39,
+        0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14,
+        0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7,
+        0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1,
+        0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C,
+        0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB,
+        0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F,
+        0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B,
+        0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32,
+        0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45,
+        0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69,
+        0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87,
+        0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D,
+        0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7,
+        0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A,
+        0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5,
+        0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6,
+        0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA,
+        0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41,
+        0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66,
+        0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31,
+        0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82,
+        0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72,
+        0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA,
+        0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D,
+        0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9,
+        0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3,
+        0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1,
+        0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36,
+        0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D,
+        0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F,
+        0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4,
+        0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C,
+        0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A,
+        0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF,
+        0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0,
+        0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A,
+        0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B,
+        0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76,
+        0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8,
+        0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA,
+        0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3,
+        0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F,
+        0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4,
+        0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50,
+        0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E,
+        0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72,
+        0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47,
+        0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52,
+        0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0,
+        0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A,
+        0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A,
+        0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD,
+        0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF,
+        0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B,
+        0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8,
+        0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66,
+        0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55,
+        0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE,
+        0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED
+    };
+    static const byte sk_65[] = {
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xE3, 0x8D, 0x1C, 0x14, 0xF6, 0x46, 0x7C, 0x35,
+        0xA9, 0xF3, 0x80, 0xD2, 0x7D, 0xE6, 0x1F, 0x7C,
+        0x75, 0x03, 0x15, 0x69, 0xEA, 0x2E, 0xC8, 0x26,
+        0x0E, 0xEE, 0x91, 0x05, 0x26, 0x1B, 0x7F, 0xE1,
+        0x60, 0xC9, 0x13, 0x44, 0xB0, 0xC6, 0x76, 0x4C,
+        0x20, 0x4E, 0x5B, 0x8D, 0x42, 0x46, 0x50, 0xBE,
+        0xC0, 0x6B, 0x9E, 0x2E, 0x62, 0x5A, 0xF0, 0x7E,
+        0x23, 0xF4, 0x95, 0x0C, 0xA2, 0x4F, 0xB4, 0xD6,
+        0xEC, 0x2C, 0x8B, 0x3A, 0x71, 0x7C, 0x93, 0x11,
+        0xEB, 0x87, 0x27, 0x9F, 0xE2, 0x5E, 0x31, 0x1F,
+        0x48, 0xB8, 0x25, 0x65, 0x01, 0xF6, 0x46, 0x34,
+        0x12, 0xB5, 0x0D, 0xBC, 0x89, 0xA8, 0x69, 0xBA,
+        0x22, 0x41, 0x11, 0x26, 0x48, 0x40, 0x07, 0x38,
+        0x73, 0x02, 0x12, 0x44, 0x25, 0x44, 0x57, 0x54,
+        0x83, 0x72, 0x50, 0x33, 0x35, 0x62, 0x58, 0x42,
+        0x32, 0x01, 0x62, 0x11, 0x83, 0x61, 0x02, 0x45,
+        0x66, 0x56, 0x48, 0x35, 0x61, 0x20, 0x84, 0x52,
+        0x60, 0x68, 0x50, 0x45, 0x65, 0x55, 0x12, 0x72,
+        0x47, 0x47, 0x21, 0x21, 0x25, 0x40, 0x22, 0x21,
+        0x42, 0x81, 0x17, 0x65, 0x03, 0x06, 0x42, 0x61,
+        0x52, 0x13, 0x43, 0x25, 0x24, 0x33, 0x82, 0x12,
+        0x11, 0x35, 0x62, 0x33, 0x32, 0x07, 0x47, 0x86,
+        0x22, 0x31, 0x50, 0x83, 0x70, 0x84, 0x26, 0x43,
+        0x45, 0x64, 0x51, 0x48, 0x31, 0x14, 0x86, 0x24,
+        0x66, 0x86, 0x74, 0x33, 0x71, 0x36, 0x67, 0x26,
+        0x01, 0x47, 0x07, 0x72, 0x11, 0x61, 0x58, 0x85,
+        0x58, 0x38, 0x71, 0x83, 0x80, 0x67, 0x01, 0x65,
+        0x78, 0x70, 0x64, 0x77, 0x85, 0x60, 0x02, 0x88,
+        0x53, 0x48, 0x46, 0x62, 0x25, 0x83, 0x54, 0x88,
+        0x04, 0x74, 0x40, 0x12, 0x57, 0x43, 0x71, 0x07,
+        0x75, 0x44, 0x38, 0x71, 0x21, 0x14, 0x22, 0x08,
+        0x88, 0x72, 0x23, 0x58, 0x87, 0x46, 0x14, 0x85,
+        0x53, 0x71, 0x67, 0x73, 0x82, 0x28, 0x22, 0x74,
+        0x14, 0x03, 0x57, 0x73, 0x28, 0x71, 0x83, 0x80,
+        0x78, 0x14, 0x34, 0x87, 0x52, 0x07, 0x64, 0x74,
+        0x01, 0x60, 0x75, 0x61, 0x06, 0x08, 0x61, 0x32,
+        0x21, 0x46, 0x15, 0x65, 0x42, 0x67, 0x08, 0x20,
+        0x84, 0x10, 0x73, 0x13, 0x03, 0x61, 0x02, 0x86,
+        0x50, 0x45, 0x26, 0x12, 0x16, 0x68, 0x33, 0x55,
+        0x25, 0x84, 0x73, 0x53, 0x54, 0x52, 0x65, 0x17,
+        0x10, 0x60, 0x00, 0x38, 0x57, 0x77, 0x81, 0x24,
+        0x26, 0x80, 0x41, 0x46, 0x43, 0x26, 0x67, 0x41,
+        0x06, 0x03, 0x55, 0x41, 0x28, 0x33, 0x37, 0x25,
+        0x23, 0x06, 0x77, 0x82, 0x15, 0x16, 0x31, 0x73,
+        0x00, 0x08, 0x75, 0x26, 0x58, 0x46, 0x34, 0x63,
+        0x88, 0x08, 0x84, 0x64, 0x51, 0x11, 0x24, 0x05,
+        0x32, 0x10, 0x11, 0x18, 0x18, 0x64, 0x78, 0x22,
+        0x41, 0x00, 0x38, 0x55, 0x75, 0x42, 0x10, 0x46,
+        0x83, 0x43, 0x73, 0x38, 0x80, 0x07, 0x83, 0x43,
+        0x78, 0x74, 0x13, 0x57, 0x62, 0x32, 0x68, 0x80,
+        0x65, 0x86, 0x48, 0x53, 0x48, 0x35, 0x51, 0x58,
+        0x50, 0x74, 0x46, 0x05, 0x88, 0x70, 0x07, 0x72,
+        0x01, 0x31, 0x00, 0x87, 0x54, 0x88, 0x14, 0x20,
+        0x84, 0x16, 0x61, 0x15, 0x60, 0x56, 0x85, 0x11,
+        0x58, 0x08, 0x05, 0x88, 0x63, 0x01, 0x82, 0x86,
+        0x13, 0x14, 0x17, 0x22, 0x01, 0x68, 0x17, 0x17,
+        0x86, 0x58, 0x53, 0x10, 0x62, 0x28, 0x52, 0x82,
+        0x26, 0x15, 0x04, 0x31, 0x42, 0x88, 0x54, 0x31,
+        0x78, 0x05, 0x80, 0x11, 0x50, 0x45, 0x68, 0x82,
+        0x33, 0x66, 0x36, 0x36, 0x40, 0x65, 0x15, 0x24,
+        0x47, 0x67, 0x06, 0x45, 0x36, 0x42, 0x26, 0x86,
+        0x75, 0x06, 0x35, 0x41, 0x33, 0x47, 0x85, 0x12,
+        0x17, 0x80, 0x83, 0x87, 0x65, 0x51, 0x42, 0x31,
+        0x38, 0x87, 0x56, 0x62, 0x05, 0x17, 0x40, 0x85,
+        0x28, 0x14, 0x17, 0x21, 0x38, 0x12, 0x60, 0x81,
+        0x24, 0x41, 0x45, 0x75, 0x01, 0x82, 0x87, 0x10,
+        0x10, 0x02, 0x13, 0x25, 0x57, 0x04, 0x21, 0x72,
+        0x42, 0x78, 0x61, 0x11, 0x70, 0x05, 0x30, 0x47,
+        0x72, 0x13, 0x20, 0x30, 0x21, 0x67, 0x44, 0x31,
+        0x57, 0x71, 0x45, 0x57, 0x10, 0x54, 0x16, 0x65,
+        0x74, 0x15, 0x24, 0x02, 0x43, 0x71, 0x51, 0x20,
+        0x55, 0x11, 0x67, 0x83, 0x67, 0x82, 0x52, 0x53,
+        0x35, 0x66, 0x42, 0x46, 0x13, 0x70, 0x22, 0x32,
+        0x74, 0x00, 0x07, 0x06, 0x81, 0x87, 0x17, 0x57,
+        0x80, 0x28, 0x68, 0x01, 0x72, 0x10, 0x04, 0x27,
+        0x55, 0x22, 0x86, 0x42, 0x53, 0x15, 0x81, 0x76,
+        0x30, 0x86, 0x40, 0x83, 0x11, 0x43, 0x30, 0x53,
+        0x82, 0x73, 0x53, 0x03, 0x72, 0x35, 0x68, 0x70,
+        0x45, 0x41, 0x15, 0x73, 0x14, 0x12, 0x31, 0x64,
+        0x32, 0x66, 0x63, 0x56, 0x21, 0x51, 0x50, 0x82,
+        0x10, 0x30, 0x23, 0x38, 0x17, 0x21, 0x27, 0x10,
+        0x23, 0x14, 0x22, 0x75, 0x77, 0x28, 0x37, 0x71,
+        0x62, 0x75, 0x06, 0x88, 0x72, 0x14, 0x18, 0x73,
+        0x13, 0x03, 0x01, 0x50, 0x71, 0x58, 0x62, 0x86,
+        0x62, 0x88, 0x86, 0x86, 0x03, 0x27, 0x01, 0x46,
+        0x17, 0x22, 0x71, 0x38, 0x53, 0x81, 0x70, 0x33,
+        0x88, 0x68, 0x13, 0x78, 0x81, 0x04, 0x86, 0x57,
+        0x30, 0x16, 0x52, 0x31, 0x40, 0x83, 0x07, 0x56,
+        0x82, 0x10, 0x32, 0x31, 0x28, 0x50, 0x06, 0x50,
+        0x81, 0x63, 0x06, 0x75, 0x76, 0x65, 0x11, 0x60,
+        0x14, 0x17, 0x12, 0x12, 0x55, 0x56, 0x48, 0x11,
+        0x41, 0x13, 0x28, 0x82, 0x62, 0x07, 0x47, 0x64,
+        0x24, 0x48, 0x23, 0x24, 0x77, 0x53, 0x26, 0x08,
+        0x17, 0x58, 0x11, 0x56, 0x37, 0x48, 0x35, 0x51,
+        0x47, 0x86, 0x85, 0x66, 0x66, 0x81, 0x73, 0x20,
+        0x21, 0x36, 0x75, 0x22, 0x74, 0x66, 0x83, 0x44,
+        0x57, 0x00, 0x66, 0x64, 0x77, 0x20, 0x47, 0x22,
+        0x28, 0x56, 0x87, 0x12, 0x47, 0x02, 0x48, 0x07,
+        0x02, 0x54, 0x23, 0x01, 0x25, 0x71, 0x37, 0x36,
+        0x75, 0x36, 0x00, 0x52, 0x68, 0x15, 0x33, 0x35,
+        0x82, 0x06, 0x13, 0x73, 0x24, 0x08, 0x71, 0x76,
+        0x15, 0x22, 0x42, 0x60, 0x18, 0x53, 0x43, 0x11,
+        0x64, 0x57, 0x76, 0x17, 0x61, 0x56, 0x68, 0x76,
+        0x60, 0x65, 0x54, 0x78, 0x10, 0x33, 0x63, 0x14,
+        0x21, 0x83, 0x21, 0x60, 0x15, 0x55, 0x80, 0x42,
+        0x38, 0x42, 0x03, 0x13, 0x12, 0x34, 0x36, 0x25,
+        0x27, 0x30, 0x82, 0x81, 0x25, 0x47, 0x51, 0x35,
+        0x44, 0x12, 0x67, 0x35, 0x00, 0x10, 0x01, 0x83,
+        0x85, 0x74, 0x42, 0x40, 0x13, 0x03, 0x61, 0x27,
+        0x81, 0x26, 0x26, 0x81, 0x18, 0x87, 0x43, 0x51,
+        0x20, 0x62, 0x71, 0x27, 0x51, 0x56, 0x10, 0x22,
+        0x22, 0x81, 0x11, 0x81, 0x41, 0x66, 0x66, 0x38,
+        0x20, 0x86, 0x75, 0x56, 0x12, 0x40, 0x06, 0x54,
+        0x61, 0x12, 0x74, 0x40, 0x34, 0x58, 0x58, 0x78,
+        0x10, 0x07, 0x85, 0x25, 0x72, 0x88, 0x57, 0x22,
+        0x22, 0x25, 0x50, 0x84, 0x00, 0x41, 0x26, 0x08,
+        0x36, 0x46, 0x28, 0x78, 0x46, 0x78, 0x05, 0x02,
+        0x28, 0x20, 0x77, 0x13, 0x60, 0x75, 0x14, 0x43,
+        0x68, 0x78, 0x64, 0x31, 0x38, 0x77, 0x73, 0x73,
+        0x55, 0x41, 0x27, 0x00, 0x54, 0x07, 0x08, 0x28,
+        0x68, 0x80, 0x04, 0x53, 0x83, 0x43, 0x22, 0x81,
+        0x00, 0x64, 0x35, 0x48, 0x67, 0x66, 0x50, 0x17,
+        0x75, 0x76, 0x12, 0x75, 0x43, 0x81, 0x62, 0x40,
+        0x33, 0x43, 0x45, 0x38, 0x87, 0x21, 0x66, 0x14,
+        0x70, 0x48, 0x41, 0x43, 0x14, 0x66, 0x58, 0x78,
+        0x45, 0x82, 0x02, 0x25, 0x45, 0x73, 0x15, 0x21,
+        0x32, 0x03, 0x02, 0x48, 0x80, 0x80, 0x13, 0x71,
+        0x25, 0x54, 0x32, 0x72, 0x05, 0x68, 0x65, 0x24,
+        0x68, 0x04, 0x06, 0x16, 0x83, 0x50, 0x54, 0x53,
+        0x37, 0x37, 0x27, 0x22, 0x20, 0x68, 0x08, 0x25,
+        0x50, 0x84, 0x72, 0x86, 0x74, 0x22, 0x36, 0x16,
+        0x80, 0x07, 0x55, 0x18, 0x12, 0x17, 0x84, 0x44,
+        0x81, 0x15, 0x64, 0x50, 0x71, 0x10, 0x58, 0x15,
+        0x51, 0x10, 0x10, 0x47, 0x16, 0x21, 0x07, 0x58,
+        0x61, 0x18, 0x78, 0x00, 0x52, 0x72, 0x64, 0x52,
+        0x17, 0x43, 0x23, 0x40, 0x76, 0x48, 0x67, 0x30,
+        0x77, 0x63, 0x64, 0x87, 0x51, 0x31, 0x63, 0x84,
+        0x68, 0x74, 0x53, 0x63, 0x84, 0x23, 0x54, 0x66,
+        0x10, 0x48, 0x36, 0x33, 0x85, 0x21, 0x48, 0x42,
+        0x03, 0x82, 0x51, 0x10, 0x33, 0x57, 0x46, 0x80,
+        0x16, 0x43, 0x34, 0x02, 0x07, 0x03, 0x53, 0x22,
+        0x12, 0x75, 0x73, 0x34, 0x65, 0x83, 0x33, 0x87,
+        0x43, 0x85, 0x17, 0x50, 0x36, 0x60, 0x88, 0x02,
+        0x58, 0x75, 0x80, 0x88, 0x31, 0x63, 0x60, 0x18,
+        0x21, 0x32, 0x26, 0x15, 0x68, 0x74, 0x11, 0x10,
+        0x33, 0x14, 0x13, 0x05, 0x34, 0x16, 0x72, 0x65,
+        0x35, 0x50, 0x13, 0x34, 0x80, 0x87, 0x10, 0x26,
+        0x48, 0x68, 0x84, 0x52, 0x71, 0x44, 0x23, 0x58,
+        0x80, 0x35, 0x57, 0x70, 0x54, 0x84, 0x28, 0x70,
+        0x55, 0x88, 0x86, 0x83, 0x86, 0x25, 0x21, 0x82,
+        0x72, 0x61, 0x17, 0x78, 0x85, 0x17, 0x67, 0x73,
+        0x00, 0x57, 0x71, 0x11, 0x78, 0x51, 0x10, 0x65,
+        0x63, 0x57, 0x02, 0x87, 0x40, 0x13, 0x40, 0x01,
+        0x26, 0x53, 0x45, 0x12, 0x05, 0x46, 0x75, 0x18,
+        0x80, 0x70, 0x33, 0x35, 0x66, 0x22, 0x62, 0x00,
+        0x70, 0x23, 0x26, 0x87, 0x72, 0x63, 0x11, 0x13,
+        0x33, 0x33, 0x81, 0x41, 0x70, 0x62, 0x28, 0x61,
+        0x51, 0x47, 0x31, 0x30, 0x25, 0x46, 0x51, 0x17,
+        0x61, 0x58, 0x07, 0x41, 0x61, 0x37, 0x37, 0x06,
+        0x14, 0x00, 0x54, 0x88, 0x77, 0x75, 0x67, 0x77,
+        0x66, 0x53, 0x16, 0x72, 0x66, 0x66, 0x88, 0x76,
+        0x43, 0x58, 0x31, 0x04, 0x87, 0x57, 0x06, 0x76,
+        0x47, 0x00, 0x43, 0x63, 0x58, 0x60, 0x52, 0x03,
+        0x44, 0x27, 0x36, 0x48, 0x61, 0x23, 0x72, 0x16,
+        0x10, 0x62, 0x42, 0x08, 0x60, 0x83, 0x23, 0x54,
+        0x03, 0x55, 0x55, 0x73, 0x00, 0x61, 0x03, 0x65,
+        0x34, 0x27, 0x14, 0x15, 0x86, 0x62, 0x55, 0x80,
+        0x16, 0x53, 0x10, 0x18, 0x26, 0x11, 0x35, 0x46,
+        0x82, 0x46, 0x13, 0x25, 0x83, 0x47, 0x70, 0x50,
+        0x06, 0x01, 0x56, 0x02, 0x11, 0x68, 0x54, 0x53,
+        0x03, 0x68, 0x73, 0x36, 0x41, 0x88, 0x86, 0x33,
+        0x42, 0x52, 0x01, 0x58, 0x33, 0x42, 0x32, 0x88,
+        0x56, 0x81, 0x77, 0x55, 0x51, 0x48, 0x48, 0x12,
+        0x01, 0x58, 0x13, 0x85, 0x04, 0x14, 0x71, 0x83,
+        0x57, 0x07, 0x54, 0x55, 0x54, 0x55, 0x28, 0x27,
+        0x31, 0x36, 0x02, 0x12, 0x32, 0x68, 0x32, 0x13,
+        0x82, 0x58, 0x70, 0x28, 0x58, 0x53, 0x44, 0x86,
+        0x72, 0x73, 0x42, 0x84, 0x18, 0x22, 0x08, 0x83,
+        0x61, 0x02, 0x14, 0x16, 0x17, 0x12, 0x41, 0x57,
+        0x48, 0x85, 0x25, 0x10, 0x26, 0x07, 0x36, 0x76,
+        0x12, 0x66, 0x17, 0x21, 0x32, 0x36, 0x03, 0x25,
+        0x41, 0x10, 0x11, 0x22, 0x66, 0x60, 0x16, 0x16,
+        0x32, 0x64, 0x26, 0x05, 0x18, 0x63, 0x51, 0x58,
+        0x51, 0x31, 0x42, 0x53, 0x84, 0x56, 0x66, 0x27,
+        0x83, 0x33, 0x54, 0x50, 0x76, 0x46, 0x50, 0x80,
+        0x25, 0x43, 0x41, 0x57, 0x35, 0x78, 0x25, 0x43,
+        0x02, 0x82, 0x38, 0x47, 0x45, 0x70, 0x15, 0x67,
+        0x51, 0x77, 0x47, 0x80, 0x31, 0x52, 0x75, 0x00,
+        0x00, 0x94, 0x7B, 0xCA, 0x93, 0xC2, 0x7D, 0x58,
+        0x4E, 0x2C, 0x66, 0xEA, 0xC9, 0xC7, 0x64, 0x0C,
+        0x1C, 0xA2, 0x17, 0xEE, 0xF6, 0x6D, 0xAB, 0xBC,
+        0xB2, 0x60, 0xB4, 0xC3, 0x43, 0x00, 0xFA, 0x05,
+        0x13, 0x57, 0x82, 0x0F, 0x57, 0x39, 0x25, 0x44,
+        0x98, 0x2F, 0xD1, 0x10, 0x57, 0xDE, 0x23, 0x3E,
+        0x6D, 0x2D, 0xD8, 0x49, 0x72, 0xA7, 0xE4, 0x7D,
+        0x4D, 0xBA, 0x99, 0xBC, 0x30, 0xCF, 0x8F, 0x2A,
+        0xD5, 0xA2, 0xC0, 0x24, 0x31, 0x95, 0xED, 0x27,
+        0x30, 0xFF, 0xA9, 0x2D, 0x22, 0x7D, 0x15, 0x30,
+        0x95, 0x97, 0x2D, 0x4B, 0x34, 0x47, 0xFF, 0xAC,
+        0x45, 0xA2, 0x3E, 0xB4, 0x1C, 0xBC, 0x87, 0xCD,
+        0xD1, 0x25, 0x0A, 0x8A, 0x47, 0x8B, 0x0F, 0x7A,
+        0x1D, 0x5B, 0x39, 0xAA, 0x22, 0x06, 0xE4, 0x86,
+        0x45, 0x58, 0x4F, 0xE7, 0xBF, 0x7A, 0x13, 0x16,
+        0x8F, 0x48, 0x27, 0x65, 0xE5, 0x7B, 0xB9, 0x24,
+        0xAC, 0x6D, 0x9A, 0x11, 0x36, 0x9F, 0x4A, 0x6A,
+        0xFF, 0xCD, 0x16, 0x9B, 0x7D, 0x75, 0x12, 0x9B,
+        0x35, 0xD5, 0x13, 0x4A, 0x31, 0x76, 0x1B, 0xB8,
+        0x35, 0x5A, 0xEE, 0xED, 0x27, 0xE2, 0x01, 0xA0,
+        0x63, 0x13, 0x01, 0x3E, 0x30, 0x7A, 0x01, 0xA7,
+        0x3A, 0xEA, 0x79, 0x55, 0xC0, 0x57, 0x8C, 0x8C,
+        0x5E, 0x5A, 0x1A, 0x2D, 0x2F, 0xA4, 0x59, 0x3F,
+        0xAC, 0xD9, 0x04, 0xC6, 0x20, 0x40, 0xBD, 0xB9,
+        0xF3, 0x29, 0x93, 0x35, 0x36, 0xBF, 0x8D, 0x81,
+        0xC4, 0x25, 0x6B, 0xAA, 0xE8, 0x72, 0x3F, 0xD4,
+        0xDC, 0x66, 0xBB, 0x5E, 0x7F, 0x9C, 0xA4, 0x90,
+        0x31, 0xA1, 0x93, 0xEC, 0xEC, 0xBB, 0x5D, 0xC3,
+        0x90, 0xEC, 0x6D, 0x55, 0x13, 0xC7, 0x9A, 0x05,
+        0x2B, 0x3F, 0xD4, 0x36, 0x12, 0xFB, 0x73, 0x75,
+        0x31, 0x5D, 0x80, 0x91, 0xF7, 0x9B, 0xAB, 0x13,
+        0x18, 0xF1, 0x78, 0x54, 0x56, 0x1B, 0xC9, 0x3A,
+        0xE0, 0xE5, 0xCD, 0x6D, 0x13, 0x1E, 0x56, 0x2C,
+        0x81, 0x14, 0x81, 0x0C, 0x93, 0x9A, 0xE5, 0x63,
+        0xAA, 0x10, 0xB4, 0x7C, 0xE4, 0x48, 0x43, 0x17,
+        0xF3, 0x4A, 0xBD, 0x02, 0xD0, 0xCC, 0xAD, 0x58,
+        0xDD, 0x29, 0xBC, 0xF6, 0x57, 0xBB, 0xD9, 0x25,
+        0x4B, 0x01, 0xCA, 0x97, 0x26, 0x09, 0x19, 0x38,
+        0xED, 0x32, 0x05, 0x4B, 0x37, 0xDD, 0x61, 0x72,
+        0x40, 0xF4, 0x43, 0x4C, 0x1A, 0x4A, 0x87, 0x11,
+        0xAA, 0x3A, 0x39, 0x9A, 0x8A, 0x53, 0x88, 0x33,
+        0x0B, 0x70, 0x59, 0xEC, 0xCB, 0xB6, 0xB1, 0xB9,
+        0xCF, 0x71, 0x87, 0xAD, 0xF1, 0x0B, 0x0C, 0x91,
+        0x71, 0xD3, 0xC0, 0xF6, 0xE2, 0xD4, 0x60, 0xA4,
+        0x19, 0x24, 0x76, 0x72, 0xE3, 0xB9, 0xFE, 0xA2,
+        0xC9, 0x59, 0x10, 0xBF, 0x2F, 0xB6, 0xA5, 0xD6,
+        0x1F, 0x25, 0x74, 0x53, 0xB0, 0x7A, 0xFB, 0x64,
+        0xB0, 0xBA, 0x27, 0x58, 0xBC, 0xD7, 0x35, 0x75,
+        0x1F, 0x2D, 0x53, 0x51, 0x5E, 0x23, 0x6F, 0xE8,
+        0xA5, 0xB4, 0x39, 0x3B, 0x80, 0xBF, 0x06, 0xDF,
+        0x97, 0xBD, 0xC6, 0x38, 0x00, 0x87, 0xE6, 0xAA,
+        0x8D, 0xDE, 0x6E, 0x09, 0x81, 0x11, 0xA7, 0x34,
+        0x3F, 0xCD, 0xD1, 0xE9, 0x03, 0x70, 0x8E, 0x63,
+        0x7E, 0xBF, 0x28, 0x32, 0x3C, 0xDA, 0x6B, 0x94,
+        0x05, 0x81, 0x0E, 0xDC, 0xFB, 0x36, 0x91, 0x14,
+        0x9E, 0xCF, 0x22, 0x4C, 0x50, 0xF8, 0xDF, 0x92,
+        0xA9, 0x4A, 0xA4, 0x77, 0x0A, 0x0E, 0x91, 0x46,
+        0x61, 0x94, 0xBB, 0x0E, 0x27, 0xBF, 0x1C, 0xAB,
+        0xF1, 0x6A, 0xDF, 0xD3, 0x51, 0x22, 0x00, 0x33,
+        0xF7, 0x6F, 0x59, 0x25, 0x55, 0x7B, 0xCF, 0x96,
+        0x34, 0xE9, 0x46, 0x13, 0x59, 0x62, 0x1D, 0x80,
+        0xB4, 0xBB, 0xAD, 0x7E, 0x2A, 0x6E, 0x43, 0x2D,
+        0xC4, 0x3B, 0x12, 0x6C, 0xA4, 0x2A, 0xB8, 0x8A,
+        0xA8, 0x8F, 0x0A, 0x84, 0xAF, 0x58, 0x02, 0x9C,
+        0x99, 0xA0, 0x24, 0x8F, 0x0C, 0x45, 0x40, 0x71,
+        0xF3, 0x5B, 0x83, 0x1F, 0xED, 0x12, 0x54, 0xD6,
+        0xF4, 0xE2, 0x72, 0x04, 0x85, 0x78, 0x62, 0x15,
+        0xF7, 0xC7, 0xF0, 0xC4, 0xED, 0x15, 0xFA, 0x85,
+        0x3C, 0xD3, 0xAA, 0x07, 0x25, 0x9B, 0x39, 0x24,
+        0x0A, 0x82, 0x13, 0x5C, 0x29, 0x23, 0xA7, 0x2B,
+        0x87, 0x6F, 0xAB, 0xB3, 0xF0, 0xF2, 0xC0, 0x96,
+        0x13, 0xDE, 0x39, 0xD4, 0x59, 0xA0, 0x7C, 0x14,
+        0xE7, 0xBA, 0x43, 0x7D, 0x80, 0x41, 0x49, 0x1F,
+        0xCE, 0xC1, 0x43, 0x34, 0x04, 0xBA, 0xD1, 0xDA,
+        0x9E, 0xE9, 0x47, 0x1E, 0x17, 0xCB, 0x69, 0x1B,
+        0x2A, 0x35, 0x37, 0x10, 0xC9, 0xFF, 0xA4, 0xE5,
+        0x17, 0x81, 0x12, 0x02, 0x77, 0x64, 0xEB, 0x7D,
+        0xE8, 0x09, 0xC3, 0xE1, 0xF1, 0xFA, 0x41, 0x78,
+        0xA5, 0xD4, 0xDC, 0x9E, 0xE2, 0x78, 0x57, 0xEF,
+        0xF2, 0x6B, 0x91, 0x71, 0x1F, 0xC1, 0x44, 0xD5,
+        0xA7, 0x75, 0xB8, 0xB5, 0x0D, 0x5D, 0xB9, 0x39,
+        0xBA, 0x32, 0x07, 0x68, 0x0C, 0x24, 0x2F, 0xC8,
+        0x21, 0x94, 0x7F, 0x93, 0x4C, 0x8D, 0xAE, 0xE2,
+        0x03, 0x56, 0x3D, 0x28, 0x60, 0x6B, 0xE6, 0x24,
+        0xA3, 0x29, 0x01, 0x93, 0x2D, 0xAE, 0x85, 0x71,
+        0x2A, 0xF6, 0xC8, 0x01, 0x60, 0x26, 0x92, 0x7E,
+        0x9B, 0x81, 0x29, 0x57, 0x4B, 0xE3, 0xCB, 0x1E,
+        0x95, 0x33, 0x2B, 0x05, 0x27, 0x07, 0xAC, 0x8A,
+        0xA8, 0xF4, 0x35, 0xE8, 0x8B, 0x7E, 0x56, 0x8D,
+        0x49, 0x87, 0xC6, 0xAC, 0x0E, 0x90, 0x2B, 0x06,
+        0x09, 0xA0, 0x2D, 0x91, 0xB3, 0xF5, 0xFD, 0x3F,
+        0xD9, 0x01, 0xDD, 0xD0, 0xDB, 0x98, 0x73, 0xBD,
+        0x7C, 0x71, 0xED, 0x92, 0x1D, 0x45, 0x77, 0xA7,
+        0x8C, 0x4F, 0xCC, 0x9B, 0xF0, 0x75, 0x20, 0x3D,
+        0x38, 0xF5, 0xE7, 0x6E, 0x74, 0xF2, 0x77, 0x48,
+        0x4E, 0x05, 0x7B, 0x61, 0x89, 0x00, 0x41, 0x31,
+        0xB0, 0xC9, 0xB1, 0xA1, 0x55, 0x29, 0x4D, 0x1C,
+        0xD3, 0xD5, 0x20, 0x8E, 0x26, 0x69, 0x01, 0xD7,
+        0xD3, 0x14, 0xFA, 0xCC, 0xE7, 0xE2, 0xAA, 0x58,
+        0x45, 0x83, 0xA1, 0x1E, 0x4D, 0x7C, 0x21, 0xB9,
+        0x4A, 0x32, 0xE5, 0x08, 0xED, 0xDB, 0xBD, 0x7A,
+        0x65, 0xAA, 0x86, 0xB4, 0xFD, 0xFA, 0x6B, 0xC2,
+        0x85, 0xD4, 0xCF, 0xF5, 0x39, 0x26, 0xC7, 0x17,
+        0x3F, 0xBE, 0x1F, 0x89, 0xCC, 0x30, 0x32, 0x34,
+        0xB8, 0x78, 0xC6, 0xB8, 0x10, 0x1F, 0x58, 0xAC,
+        0x8D, 0x3E, 0x5E, 0x1B, 0xF5, 0xAB, 0x6B, 0x26,
+        0x29, 0x7C, 0xC9, 0x7B, 0x95, 0x95, 0x4A, 0xAB,
+        0xDB, 0x25, 0xBE, 0x00, 0x8A, 0x3F, 0x47, 0xE5,
+        0x64, 0x87, 0xB0, 0x0D, 0x3D, 0xED, 0xA8, 0x90,
+        0xD9, 0x2C, 0x83, 0x95, 0x7F, 0xEA, 0xC6, 0xB8,
+        0x29, 0x1A, 0xF6, 0x59, 0x59, 0xE1, 0xD1, 0xFC,
+        0xA3, 0xBD, 0x19, 0x6E, 0x9F, 0xC9, 0xE6, 0x7E,
+        0x06, 0x07, 0x09, 0x48, 0x22, 0xE5, 0xB4, 0x19,
+        0x1D, 0xB9, 0x68, 0x24, 0xB9, 0xF0, 0x3F, 0x2E,
+        0xF5, 0x7F, 0x52, 0x38, 0xBA, 0x7E, 0x1E, 0x84,
+        0xED, 0x55, 0xB7, 0xDF, 0xF3, 0xD6, 0xC2, 0xC1,
+        0x27, 0x36, 0x92, 0xA9, 0xA1, 0x92, 0x72, 0x16,
+        0x61, 0x30, 0xDB, 0x89, 0xFC, 0x67, 0xDC, 0x94,
+        0xDB, 0x61, 0x4E, 0x3E, 0x82, 0xBA, 0x3A, 0x35,
+        0x12, 0xB0, 0x12, 0xD5, 0x1F, 0xB4, 0x86, 0xB5,
+        0xA3, 0x15, 0x0B, 0x78, 0xE7, 0x24, 0xE2, 0xA1,
+        0x2D, 0xE0, 0x7D, 0x86, 0x71, 0xFB, 0xA2, 0xDA,
+        0x7F, 0xD5, 0xD1, 0x47, 0x20, 0x8F, 0xC3, 0xAF,
+        0x65, 0x3E, 0x65, 0x20, 0xFC, 0x40, 0x87, 0x1A,
+        0xF2, 0x17, 0x7E, 0x65, 0xCB, 0xD0, 0xEA, 0xF3,
+        0x04, 0x21, 0x7B, 0x36, 0x7A, 0x66, 0x5F, 0x22,
+        0x4C, 0xAE, 0xDF, 0xE9, 0x30, 0x06, 0xAC, 0x1E,
+        0x14, 0xBC, 0xD6, 0x7A, 0x88, 0xD1, 0x71, 0xF3,
+        0xD8, 0xF3, 0xE3, 0x58, 0xA7, 0x19, 0x26, 0xBA,
+        0x3E, 0x5C, 0x23, 0x9A, 0x53, 0x12, 0x63, 0xEC,
+        0x94, 0x37, 0xBF, 0x2A, 0x03, 0x3B, 0x8B, 0x55,
+        0xB2, 0xC0, 0xCB, 0x6E, 0x7E, 0x97, 0x31, 0x6E,
+        0x22, 0xDF, 0x77, 0xCA, 0xD9, 0x10, 0xD2, 0x0E,
+        0xEC, 0xE1, 0xC5, 0x09, 0x10, 0xA5, 0xCC, 0x32,
+        0xAD, 0xAB, 0x09, 0x37, 0x75, 0x50, 0xF9, 0x2D,
+        0x5B, 0xB1, 0xF4, 0xC0, 0x7F, 0x4A, 0x28, 0x22,
+        0x33, 0x8E, 0x2C, 0xFF, 0x53, 0x48, 0xDF, 0x77,
+        0xCF, 0x8E, 0xF8, 0xE6, 0x65, 0x7D, 0xED, 0x1E,
+        0x0C, 0xE0, 0x58, 0xE3, 0xCC, 0xFB, 0xF3, 0x9B,
+        0x3F, 0x16, 0x6E, 0x30, 0x3D, 0x33, 0xC3, 0x55,
+        0x6C, 0x9A, 0xC8, 0xEC, 0xB3, 0xDF, 0x7C, 0x74,
+        0xAB, 0x36, 0xD0, 0xF2, 0x79, 0x44, 0x41, 0xBA,
+        0x98, 0x08, 0x82, 0x7B, 0x57, 0x8F, 0xB5, 0xC2,
+        0x9E, 0x49, 0x4E, 0x21, 0x53, 0x9A, 0xD3, 0xAB,
+        0x2B, 0x41, 0xBF, 0x16, 0x1D, 0x7F, 0x69, 0x58,
+        0x9D, 0x45, 0x24, 0xC5, 0x4C, 0x89, 0xB4, 0x86,
+        0xF7, 0x5D, 0x25, 0x2F, 0x54, 0x1C, 0xC6, 0x3B,
+        0x9E, 0x70, 0x6D, 0x64, 0xA1, 0x28, 0x9A, 0x23,
+        0x06, 0xC5, 0x95, 0x36, 0x3C, 0xB6, 0xFB, 0xEF,
+        0x0A, 0x1B, 0x5B, 0x17, 0xAB, 0x5B, 0x17, 0x94,
+        0xBF, 0x27, 0x03, 0x6F, 0x64, 0xEA, 0xF0, 0xBD,
+        0x43, 0x0D, 0xD5, 0x8D, 0x80, 0x01, 0x0C, 0xCD,
+        0xAD, 0xA4, 0xA5, 0xA3, 0xA1, 0xE4, 0x1A, 0x6F,
+        0xBF, 0x12, 0x9D, 0x73, 0x77, 0x9A, 0x37, 0xAE,
+        0x5C, 0x8D, 0x68, 0x41, 0xA9, 0x99, 0x3C, 0x51,
+        0xE3, 0x64, 0xE0, 0x4F, 0xAC, 0x8E, 0x25, 0xA4,
+        0xE6, 0x87, 0x2F, 0x6C, 0x86, 0x0F, 0xA2, 0x65,
+        0xC1, 0xC4, 0x42, 0x6A, 0xD9, 0xC2, 0x1D, 0x26,
+        0xDA, 0x8C, 0x27, 0x85, 0x46, 0xAD, 0xCD, 0x83,
+        0x1F, 0x2B, 0x8B, 0x26, 0xD4, 0xE1, 0xF6, 0x70,
+        0x62, 0x3D, 0x95, 0xC8, 0x36, 0x2D, 0xA6, 0x62,
+        0xD1, 0xFF, 0x0A, 0xB6, 0x87, 0x50, 0x3F, 0x32,
+        0x8D, 0xE0, 0x95, 0x81, 0x0E, 0xDE, 0x12, 0xB4,
+        0x9E, 0xAD, 0x15, 0x33, 0x51, 0x95, 0x58, 0xC1,
+        0xE9, 0x40, 0xB4, 0x6E, 0x4E, 0xDB, 0x02, 0x7B,
+        0xE9, 0xDA, 0x20, 0x39, 0xB2, 0x5D, 0xCF, 0x73,
+        0x57, 0xE1, 0x9E, 0x54, 0x16, 0xAE, 0x26, 0x8C,
+        0x14, 0xFB, 0x3A, 0x8B, 0xAB, 0xCB, 0x3D, 0x23,
+        0xF7, 0x0C, 0xC9, 0xD5, 0x96, 0x81, 0xC5, 0xD8,
+        0x33, 0xAC, 0x22, 0xE6, 0x53, 0xD8, 0x6E, 0x22,
+        0xCE, 0x82, 0x25, 0x40, 0x75, 0x5D, 0x8D, 0x24,
+        0x3C, 0x15, 0x21, 0x3D, 0x07, 0x6C, 0x6B, 0x26,
+        0x43, 0x6D, 0xDC, 0x07, 0xC7, 0xE0, 0x01, 0x34,
+        0x7B, 0x0C, 0xB8, 0x78, 0x3D, 0xFE, 0xFE, 0xDF,
+        0x27, 0x5F, 0xEC, 0x47, 0x92, 0x68, 0x67, 0x34,
+        0x00, 0x7F, 0x0F, 0xF8, 0x54, 0x08, 0x11, 0xC2,
+        0xAF, 0xE6, 0xCA, 0x15, 0x14, 0x20, 0x53, 0x2F,
+        0xA5, 0x52, 0x6A, 0x10, 0x74, 0xC3, 0xD7, 0x89,
+        0xF2, 0x93, 0x2D, 0xE4, 0x2E, 0x3A, 0xCF, 0xBF,
+        0x94, 0x76, 0x0F, 0x42, 0x6D, 0x96, 0xCF, 0x03,
+        0x3F, 0xA4, 0x9E, 0x2F, 0x45, 0x8F, 0x9A, 0x9C,
+        0x2E, 0x71, 0xDA, 0xCF, 0xE0, 0x09, 0xDD, 0x9C,
+        0x3F, 0x3C, 0x8A, 0xB3, 0x28, 0x2D, 0x6F, 0x38,
+        0x3B, 0x98, 0x1C, 0x82, 0xD6, 0x36, 0x4F, 0x0E,
+        0x4B, 0xDB, 0x2A, 0xF6, 0xA9, 0x5B, 0xA6, 0x1F,
+        0x47, 0x41, 0x50, 0xCA, 0xD7, 0x23, 0x3F, 0x89,
+        0x03, 0xDF, 0x97, 0x2D, 0xBB, 0x03, 0x28, 0xC0,
+        0xCB, 0x9D, 0x0C, 0xCB, 0xEF, 0x88, 0x3D, 0x2E,
+        0x6A, 0xDD, 0x18, 0x0E, 0xCA, 0x1B, 0x66, 0x2F,
+        0xC1, 0xD2, 0xDB, 0xBD, 0xDB, 0x36, 0x34, 0x21,
+        0x9E, 0x1E, 0xFF, 0x38, 0xB1, 0xE5, 0x28, 0x75,
+        0x35, 0x6C, 0x03, 0xEA, 0xDE, 0x94, 0x20, 0x55,
+        0xF4, 0x83, 0x50, 0x4B, 0xBB, 0xCB, 0x43, 0x02,
+        0xA4, 0x17, 0xCF, 0x6D, 0x32, 0x8E, 0xD7, 0x93,
+        0xB1, 0xA3, 0xC0, 0x96, 0x9B, 0x7B, 0x34, 0x18,
+        0xF5, 0x0A, 0xB3, 0x9F, 0x83, 0xC5, 0x66, 0x6C,
+        0x90, 0xE3, 0x83, 0x56, 0xF7, 0xF9, 0xD4, 0x94,
+        0xA6, 0xDC, 0xB6, 0x3D, 0x67, 0xC3, 0x4E, 0x3D,
+        0x14, 0xA4, 0xE1, 0x55, 0x96, 0x49, 0x79, 0x26,
+        0xC8, 0x56, 0x8D, 0x8E, 0xC3, 0xDB, 0xD9, 0xC2,
+        0xE8, 0x2C, 0x38, 0x5B, 0xCF, 0xB8, 0xD9, 0x67,
+        0x48, 0x63, 0xBD, 0x4F, 0xBF, 0x17, 0x57, 0xDB,
+        0x44, 0x7B, 0xF8, 0x04, 0xAE, 0x95, 0x01, 0x47,
+        0xC9, 0x1F, 0xBF, 0x9A, 0xA1, 0x78, 0x91, 0x04,
+        0x4C, 0xCA, 0xA7, 0x3B, 0x45, 0x52, 0x85, 0x97,
+        0x46, 0x2C, 0xED, 0x75, 0x1D, 0x01, 0x5E, 0xBB,
+        0xA9, 0xE2, 0xB7, 0xCD, 0xCB, 0xE6, 0xDC, 0x05,
+        0xAA, 0x9E, 0xAE, 0x0C, 0x86, 0x84, 0x8A, 0x34,
+        0x75, 0xBB, 0x1C, 0x57, 0x44, 0xF5, 0x90, 0x3E,
+        0xE4, 0xA8, 0x42, 0xA4, 0x69, 0xCC, 0x18, 0x12,
+        0x71, 0xF2, 0x45, 0xAD, 0x70, 0xD0, 0x2A, 0x48,
+        0x37, 0x86, 0x3B, 0x29, 0x6B, 0x4A, 0xDB, 0x4E,
+        0x8D, 0x03, 0xD8, 0x2B, 0x64, 0xAA, 0x11, 0xDD,
+        0x31, 0xCD, 0xF2, 0x1E, 0xDF, 0x1D, 0xFE, 0x32,
+        0x76, 0xC4, 0xDB, 0xC8, 0x77, 0xE3, 0x5B, 0x15,
+        0xFB, 0x28, 0x35, 0xEC, 0x3A, 0x1C, 0x45, 0x31,
+        0x68, 0xA3, 0x8C, 0xA8, 0xE5, 0x63, 0xCF, 0x3E,
+        0x9A, 0x00, 0x73, 0x6C, 0xD5, 0xCF, 0xBD, 0x28,
+        0x41, 0xD1, 0x0F, 0x94, 0xAD, 0x55, 0x79, 0x9C,
+        0x29, 0x27, 0xE5, 0x46, 0x1B, 0x28, 0xBA, 0xC5,
+        0x17, 0x4D, 0x0C, 0xE3, 0xF8, 0xF7, 0xCD, 0x76,
+        0x09, 0xFB, 0xC8, 0xDA, 0x0C, 0x38, 0xCC, 0x21,
+        0x69, 0x5C, 0xED, 0xAD, 0x12, 0xF8, 0xD2, 0xE6,
+        0x49, 0x51, 0xA8, 0x99, 0x6E, 0x51, 0x0D, 0x6D,
+        0x52, 0x79, 0x7C, 0x5B, 0xA0, 0xEB, 0x4A, 0xFA,
+        0x6B, 0xF2, 0xCC, 0x43, 0xDA, 0x09, 0xDE, 0x31,
+        0x79, 0xE8, 0x99, 0xBD, 0x71, 0x88, 0xB3, 0x2A,
+        0x98, 0xA4, 0x99, 0xD3, 0x72, 0xF3, 0x70, 0x7C,
+        0xED, 0x47, 0x9B, 0x09, 0x81, 0xCB, 0x50, 0xC0,
+        0xC0, 0x53, 0x9C, 0xF7, 0xE3, 0x10, 0x0B, 0x72,
+        0x0E, 0x46, 0x66, 0x52, 0xA4, 0xF4, 0x99, 0xC2,
+        0xBA, 0x3A, 0x17, 0xF5, 0x23, 0x22, 0x68, 0x73,
+        0x0B, 0x96, 0x2B, 0xC5, 0x72, 0xC0, 0xDE, 0x96,
+        0xE8, 0xC9, 0xE2, 0x8F, 0x7E, 0x35, 0x32, 0xC2,
+        0x22, 0x41, 0x96, 0xAA, 0x9E, 0x27, 0x68, 0x8D,
+        0xD0, 0x50, 0xD7, 0xCB, 0x78, 0x54, 0xFB, 0x3C,
+        0x35, 0xF9, 0xC6, 0x2E, 0xFB, 0x10, 0xDA, 0x84,
+        0x83, 0x3F, 0x29, 0xBB, 0x1B, 0xE5, 0xEF, 0x3B,
+        0x53, 0x36, 0x38, 0xEE, 0xF7, 0x43, 0xD8, 0x11,
+        0x9D, 0xDC, 0x29, 0x0B, 0xDF, 0x08, 0xB6, 0xF0,
+        0xF9, 0xE4, 0xE1, 0xE1, 0x34, 0x46, 0xC5, 0x3E,
+        0xD6, 0x98, 0x05, 0xDA, 0x26, 0x90, 0x8A, 0x15,
+        0xDF, 0x1C, 0x48, 0xE0, 0x09, 0xEC, 0x12, 0x53,
+        0xBD, 0x5A, 0x58, 0x98, 0xEB, 0xB5, 0x12, 0x1C,
+        0xC2, 0x49, 0x04, 0xC8, 0xB1, 0x0E, 0x24, 0xE6,
+        0x80, 0xE5, 0x65, 0x98, 0x50, 0x76, 0xFD, 0xA1,
+        0x1D, 0x13, 0xFF, 0xDF, 0xA4, 0xDB, 0x28, 0xAC,
+        0x9F, 0x0A, 0xEA, 0x2F, 0x81, 0xFD, 0x7E, 0xD4,
+        0xDC, 0xA8, 0xD3, 0xB2, 0xE3, 0x84, 0x8B, 0x4D,
+        0x60, 0x46, 0xF6, 0xE0, 0xDE, 0x3A, 0x4F, 0x68,
+        0x3F, 0x25, 0xE0, 0x60, 0x5E, 0x84, 0xB3, 0x6F,
+        0x48, 0x3C, 0x40, 0x4E, 0xF8, 0x99, 0xCB, 0x3F,
+        0xCC, 0xBE, 0x8C, 0xB2, 0xA6, 0xF0, 0xA7, 0xE1,
+        0x0B, 0x19, 0x48, 0xCD, 0x4F, 0x93, 0xF1, 0x81,
+        0x55, 0x5F, 0x66, 0x1D, 0x31, 0xD4, 0x26, 0x80,
+        0x8B, 0xBF, 0x9F, 0x66, 0xFD, 0x60, 0xD6, 0x49,
+        0x26, 0x9C, 0xA3, 0xFE, 0x99, 0x1B, 0x22, 0x42,
+        0x8C, 0x37, 0xAD, 0x2A, 0x08, 0x68, 0x0F, 0x74,
+        0x7C, 0xC0, 0x36, 0x0C, 0xCD, 0x37, 0x3D, 0xC6,
+        0xA9, 0xF4, 0x3A, 0x66, 0x47, 0x0E, 0x01, 0x4E,
+        0x72, 0xB3, 0xD8, 0xC3, 0x8E, 0x02, 0x04, 0x42,
+        0xD8, 0xAA, 0xB9, 0x74, 0xE6, 0x04, 0x93, 0x74,
+        0x14, 0x5B, 0x04, 0xCB, 0x7F, 0x30, 0x44, 0xAA,
+        0xC1, 0xEF, 0xDA, 0xB2, 0xA1, 0x8B, 0xB4, 0x64,
+        0xD4, 0xF2, 0xF2, 0xD8, 0x14, 0x39, 0x74, 0xC9,
+        0x5E, 0xEE, 0x85, 0x6D, 0x59, 0xEC, 0x00, 0x28,
+        0x8E, 0xD4, 0x3F, 0xF5, 0xCC, 0x88, 0x03, 0x00,
+        0x6C, 0x99, 0x55, 0x14, 0xA2, 0xCC, 0x9C, 0xA6,
+        0x22, 0xB6, 0x1B, 0xCD, 0x75, 0xEC, 0x51, 0xC2,
+        0x02, 0xA9, 0x17, 0x10, 0x5B, 0x4A, 0x4B, 0xED,
+        0x1B, 0x80, 0x14, 0x68, 0x31, 0xDC, 0xED, 0x07,
+        0xEF, 0xD2, 0xED, 0x25, 0x73, 0x9F, 0x54, 0x09,
+        0x69, 0x11, 0xB1, 0x50, 0xD3, 0x07, 0x7C, 0xCD,
+        0x73, 0x1A, 0x03, 0x61, 0x68, 0x27, 0x25, 0xD5,
+        0x38, 0x03, 0xF8, 0xFC, 0xEA, 0xA8, 0x39, 0x19,
+        0x29, 0x1E, 0xDB, 0x44, 0x93, 0xEC, 0x84, 0xCC,
+        0xE1, 0xD0, 0xF8, 0x2A, 0x67, 0x92, 0x36, 0xEA,
+        0xD1, 0x00, 0x2A, 0xE8, 0x01, 0x8C, 0xAC, 0x9F,
+        0xDB, 0xD2, 0x46, 0xFF, 0x09, 0x3D, 0x80, 0x3C,
+        0x0D, 0xE3, 0x32, 0x6A, 0x57, 0x90, 0x7B, 0x0D,
+        0xD6, 0xB0, 0x1D, 0x08, 0x14, 0x58, 0xC7, 0x57,
+        0x28, 0xC6, 0x00, 0x82, 0x99, 0x28, 0x89, 0x0A,
+        0x56, 0xAA, 0xAF, 0xEF, 0xCF, 0x74, 0x23, 0xB7,
+        0x0A, 0x6D, 0x86, 0xB4, 0x15, 0xB8, 0x35, 0x8D,
+        0xD0, 0x44, 0xAB, 0xEE, 0x00, 0xB9, 0xC9, 0x79,
+        0x5F, 0xC8, 0xF6, 0x1A, 0x64, 0x68, 0x6D, 0xF5,
+        0xF8, 0x76, 0xA8, 0xF3, 0x30, 0x61, 0x59, 0x9A,
+        0xE8, 0x30, 0xF7, 0xEB, 0x4C, 0x4B, 0xFF, 0x87,
+        0x5F, 0x4A, 0x93, 0x6C, 0x40, 0x3C, 0x5D, 0x16,
+        0x0D, 0xE5, 0xD3, 0x3C, 0xAE, 0xE4, 0x0F, 0xB7,
+        0x18, 0xDD, 0xA4, 0x47, 0x8A, 0xC6, 0xF5, 0x1C,
+        0x59, 0xC2, 0x15, 0x52, 0x54, 0xBD, 0x77, 0x67,
+        0x11, 0x18, 0x41, 0x1E, 0x26, 0x09, 0xD0, 0x00,
+        0x30, 0x6F, 0xC9, 0x50, 0x70, 0x04, 0xA3, 0x1E,
+        0x89, 0x57, 0xEA, 0x40, 0xC2, 0x56, 0x4B, 0x83,
+        0xC3, 0xAB, 0xB7, 0x1A, 0x87, 0xC1, 0x1B, 0xD1,
+        0x8D, 0x78, 0x91, 0xC4, 0x49, 0xDB, 0xBE, 0x79,
+        0xB4, 0xA4, 0xFB, 0x04, 0x83, 0x07, 0xCE, 0x0E,
+        0x81, 0x2B, 0x2C, 0x68, 0xEC, 0xAB, 0x77, 0xFD,
+        0x11, 0x11, 0x52, 0x6A, 0xB0, 0x81, 0x73, 0x06,
+        0xCE, 0xBC, 0xB0, 0x49, 0x7C, 0x55, 0x24, 0x31,
+        0xCE, 0x15, 0xE4, 0xAB, 0x52, 0x28, 0x3F, 0x67,
+        0x94, 0x80, 0xD6, 0x9D, 0xDD, 0xE1, 0xF2, 0x57,
+        0x9C, 0xFD, 0xBE, 0x0B, 0xCA, 0x95, 0xFC, 0x5B,
+        0x2D, 0xB0, 0xC5, 0xCC, 0x76, 0xA3, 0x19, 0x50,
+        0xF5, 0x11, 0x6A, 0xAE, 0x5F, 0x02, 0xD4, 0x67,
+        0x10, 0xE4, 0x25, 0x7A, 0x75, 0xFD, 0xED, 0xF2,
+        0xF4, 0x7C, 0xE3, 0x7C, 0x20, 0x3E, 0x7F, 0x24,
+        0xD3, 0xC9, 0x17, 0x97, 0x13, 0xC5, 0xD8, 0x07,
+        0xC2, 0x96, 0x14, 0x9A, 0x75, 0xCC, 0xB4, 0x44,
+        0xF0, 0xC6, 0xF6, 0xAB, 0xDD, 0x2D, 0xBB, 0x29,
+        0x85, 0xFE, 0x26, 0x74, 0x82, 0x85, 0x8A, 0x1E
+    };
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte seed_87[] = {
+        0x38, 0x35, 0x9F, 0xBC, 0xD7, 0x95, 0x82, 0xCF,
+        0xFE, 0x60, 0x9E, 0x13, 0x7E, 0xE2, 0xEF, 0xE8,
+        0xA8, 0xDB, 0xCB, 0xAD, 0x18, 0xBA, 0x92, 0xBB,
+        0x43, 0x3A, 0xB4, 0xF0, 0x9B, 0x49, 0x29, 0x9D
+    };
+    static const byte pk_87[] = {
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5,
+        0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19,
+        0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41,
+        0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF,
+        0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A,
+        0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B,
+        0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96,
+        0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18,
+        0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4,
+        0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39,
+        0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E,
+        0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76,
+        0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D,
+        0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24,
+        0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08,
+        0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9,
+        0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E,
+        0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28,
+        0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5,
+        0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06,
+        0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B,
+        0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92,
+        0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D,
+        0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20,
+        0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87,
+        0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17,
+        0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C,
+        0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5,
+        0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2,
+        0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34,
+        0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B,
+        0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9,
+        0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8,
+        0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E,
+        0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35,
+        0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7,
+        0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C,
+        0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74,
+        0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7,
+        0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1,
+        0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9,
+        0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97,
+        0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2,
+        0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB,
+        0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D,
+        0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1,
+        0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4,
+        0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE,
+        0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32,
+        0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61,
+        0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26,
+        0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3,
+        0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43,
+        0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2,
+        0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA,
+        0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F,
+        0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4,
+        0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45,
+        0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F,
+        0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A,
+        0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95,
+        0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B,
+        0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07,
+        0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92,
+        0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C,
+        0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60,
+        0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F,
+        0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2,
+        0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9,
+        0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85,
+        0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55,
+        0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71,
+        0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00,
+        0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD,
+        0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D,
+        0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20,
+        0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF,
+        0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55,
+        0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5,
+        0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6,
+        0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B,
+        0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2,
+        0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A,
+        0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82,
+        0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B,
+        0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00,
+        0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B,
+        0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7,
+        0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1,
+        0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C,
+        0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67,
+        0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8,
+        0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95,
+        0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC,
+        0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A,
+        0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D,
+        0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF,
+        0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE,
+        0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79,
+        0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35,
+        0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E,
+        0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC,
+        0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD,
+        0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9,
+        0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3,
+        0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA,
+        0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A,
+        0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88,
+        0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85,
+        0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE,
+        0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F,
+        0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B,
+        0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33,
+        0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71,
+        0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1,
+        0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08,
+        0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00,
+        0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F,
+        0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43,
+        0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82,
+        0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8,
+        0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25,
+        0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8,
+        0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26,
+        0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B,
+        0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0,
+        0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E,
+        0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11,
+        0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F,
+        0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16,
+        0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17,
+        0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50,
+        0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E,
+        0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF,
+        0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E,
+        0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80,
+        0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8,
+        0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10,
+        0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95,
+        0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1,
+        0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60,
+        0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2,
+        0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE,
+        0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C,
+        0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA,
+        0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E,
+        0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61,
+        0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E,
+        0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87,
+        0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8,
+        0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82,
+        0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A,
+        0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41,
+        0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87,
+        0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59,
+        0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63,
+        0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94,
+        0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78,
+        0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B,
+        0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89,
+        0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63,
+        0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24,
+        0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F,
+        0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36,
+        0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F,
+        0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8,
+        0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6,
+        0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1,
+        0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED,
+        0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC,
+        0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA,
+        0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC,
+        0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31,
+        0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB,
+        0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40,
+        0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A,
+        0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47,
+        0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C,
+        0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90,
+        0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1,
+        0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5,
+        0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42,
+        0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61,
+        0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79,
+        0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75,
+        0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A,
+        0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A,
+        0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07,
+        0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51,
+        0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0,
+        0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5,
+        0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA,
+        0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C,
+        0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87,
+        0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6,
+        0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8,
+        0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB,
+        0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD,
+        0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49,
+        0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0,
+        0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8,
+        0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB,
+        0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6,
+        0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0,
+        0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62,
+        0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B,
+        0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87,
+        0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F,
+        0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE,
+        0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B,
+        0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1,
+        0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93,
+        0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD,
+        0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F,
+        0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F,
+        0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78,
+        0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09,
+        0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE,
+        0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4,
+        0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC,
+        0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D,
+        0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22,
+        0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C,
+        0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4,
+        0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98,
+        0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22,
+        0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2,
+        0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71,
+        0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7,
+        0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04,
+        0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E,
+        0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B,
+        0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D,
+        0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF,
+        0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6,
+        0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB,
+        0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5,
+        0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3,
+        0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46,
+        0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D,
+        0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2,
+        0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C,
+        0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C,
+        0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C,
+        0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C,
+        0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA,
+        0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16,
+        0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53,
+        0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31,
+        0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2,
+        0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C,
+        0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86,
+        0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85,
+        0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24,
+        0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44,
+        0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68,
+        0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06,
+        0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93,
+        0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2,
+        0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0,
+        0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7,
+        0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04,
+        0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17,
+        0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14,
+        0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A,
+        0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C,
+        0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A,
+        0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2,
+        0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46,
+        0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D,
+        0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C,
+        0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32,
+        0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA,
+        0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B,
+        0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C,
+        0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E,
+        0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00,
+        0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55,
+        0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A,
+        0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E,
+        0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29,
+        0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33,
+        0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B,
+        0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D,
+        0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61,
+        0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42,
+        0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4,
+        0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF,
+        0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87,
+        0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2,
+        0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2,
+        0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5,
+        0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42,
+        0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8,
+        0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C,
+        0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68,
+        0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB,
+        0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1,
+        0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5,
+        0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE,
+        0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4,
+        0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77,
+        0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98,
+        0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A,
+        0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D,
+        0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97,
+        0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79,
+        0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA,
+        0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97,
+        0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33,
+        0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58,
+        0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61,
+        0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C,
+        0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6,
+        0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B,
+        0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55,
+        0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55,
+        0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65,
+        0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53,
+        0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9
+    };
+    static const byte sk_87[] = {
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x3B, 0x9A, 0xC2, 0xC1, 0x42, 0x2A, 0x1A, 0xE8,
+        0x02, 0xDD, 0xD7, 0x46, 0x4D, 0x3F, 0x32, 0x72,
+        0x9A, 0x3C, 0x7D, 0xE8, 0x94, 0xD5, 0x06, 0xAC,
+        0xAD, 0x25, 0xCE, 0xB3, 0x72, 0xEA, 0x31, 0x49,
+        0xC9, 0x87, 0x80, 0xDC, 0xD1, 0x31, 0x4B, 0xAA,
+        0x29, 0xB9, 0xB8, 0x07, 0x75, 0x4C, 0x47, 0xDE,
+        0x5D, 0xCA, 0x95, 0x40, 0x64, 0xF2, 0x85, 0x28,
+        0xB8, 0x15, 0xFE, 0x27, 0xB7, 0x9A, 0xC5, 0x06,
+        0xB3, 0xAD, 0x76, 0x29, 0xD2, 0xC9, 0x71, 0xAB,
+        0x8F, 0x28, 0x2E, 0x0C, 0x6E, 0x7E, 0x55, 0x48,
+        0xEE, 0x0E, 0x11, 0x32, 0x42, 0xB7, 0xA0, 0xE0,
+        0x64, 0xA6, 0xDB, 0xCE, 0x30, 0xC5, 0x61, 0x9B,
+        0x19, 0x80, 0x08, 0x89, 0xA0, 0x44, 0x04, 0xB5,
+        0x00, 0x13, 0xC0, 0x88, 0xC1, 0x30, 0x29, 0x62,
+        0x12, 0x4C, 0xD3, 0xB4, 0x91, 0x0A, 0x35, 0x2C,
+        0x43, 0x12, 0x31, 0x19, 0x99, 0x65, 0x22, 0x18,
+        0x52, 0x02, 0xC3, 0x85, 0x23, 0x44, 0x0D, 0x90,
+        0x24, 0x4A, 0x1A, 0x30, 0x22, 0x44, 0x28, 0x61,
+        0x81, 0x06, 0x29, 0x18, 0x97, 0x68, 0x0A, 0x20,
+        0x09, 0x08, 0x32, 0x6A, 0x44, 0xA4, 0x4C, 0x44,
+        0x90, 0x21, 0x8A, 0x16, 0x68, 0x9A, 0xA8, 0x51,
+        0x1A, 0xA5, 0x2C, 0x62, 0x46, 0x8D, 0x04, 0xC3,
+        0x40, 0xD3, 0x86, 0x28, 0x60, 0xA4, 0x60, 0x13,
+        0x18, 0x70, 0x84, 0x94, 0x8C, 0x63, 0xC0, 0x44,
+        0x04, 0xA9, 0x28, 0x20, 0x08, 0x20, 0x43, 0x16,
+        0x2A, 0x23, 0x29, 0x2D, 0x1A, 0xB1, 0x29, 0x48,
+        0xB6, 0x09, 0x21, 0x88, 0x31, 0x00, 0xC5, 0x30,
+        0x00, 0xC4, 0x8C, 0xD9, 0x82, 0x68, 0xE1, 0x30,
+        0x4C, 0x63, 0x32, 0x45, 0x0C, 0x32, 0x86, 0x18,
+        0x08, 0x31, 0x91, 0x98, 0x0D, 0x10, 0xB8, 0x70,
+        0x9B, 0x30, 0x22, 0x64, 0x04, 0x08, 0x93, 0xA4,
+        0x8C, 0x21, 0xC9, 0x70, 0x0C, 0x35, 0x71, 0x5B,
+        0x00, 0x0D, 0x14, 0x31, 0x22, 0xCC, 0x98, 0x10,
+        0x21, 0x04, 0x80, 0x9B, 0x28, 0x64, 0x1C, 0x30,
+        0x80, 0x21, 0x30, 0x71, 0x18, 0x33, 0x50, 0x24,
+        0x25, 0x44, 0x08, 0x17, 0x8C, 0xC0, 0x08, 0x48,
+        0x84, 0x44, 0x90, 0x48, 0x98, 0x30, 0xCA, 0x44,
+        0x00, 0x09, 0x19, 0x51, 0x19, 0x23, 0x0C, 0x52,
+        0x20, 0x0E, 0x49, 0x06, 0x32, 0x1C, 0x15, 0x4E,
+        0x19, 0x48, 0x85, 0x13, 0x25, 0x49, 0xA3, 0x00,
+        0x04, 0x08, 0x15, 0x6D, 0x20, 0x41, 0x0C, 0xDA,
+        0x42, 0x52, 0xC1, 0x34, 0x8C, 0x00, 0x31, 0x69,
+        0x43, 0x82, 0x24, 0x64, 0x94, 0x6D, 0x1C, 0x81,
+        0x11, 0x01, 0x96, 0x21, 0x4B, 0x02, 0x00, 0xCA,
+        0x28, 0x84, 0xCC, 0x46, 0x64, 0x51, 0x18, 0x6A,
+        0x18, 0x10, 0x00, 0xA4, 0x98, 0x21, 0x60, 0xB0,
+        0x68, 0x03, 0x94, 0x6C, 0x94, 0x48, 0x51, 0x80,
+        0x40, 0x46, 0x92, 0x22, 0x2C, 0x23, 0x44, 0x69,
+        0x98, 0x26, 0x4D, 0x1C, 0x01, 0x08, 0x52, 0x02,
+        0x20, 0x8A, 0xA6, 0x08, 0x0A, 0x31, 0x61, 0x93,
+        0x40, 0x0E, 0x9C, 0xC8, 0x11, 0x81, 0x32, 0x2E,
+        0x21, 0x15, 0x84, 0x84, 0xC2, 0x41, 0x00, 0x22,
+        0x72, 0x54, 0x22, 0x62, 0x58, 0x06, 0x92, 0x48,
+        0x48, 0x44, 0x11, 0x27, 0x04, 0x04, 0xC0, 0x11,
+        0x92, 0x82, 0x45, 0xA1, 0xC6, 0x8C, 0xE3, 0x32,
+        0x66, 0xC1, 0x38, 0x72, 0x5A, 0x86, 0x01, 0x0C,
+        0xC9, 0x90, 0x84, 0x34, 0x08, 0x58, 0xA8, 0x60,
+        0x80, 0xC0, 0x70, 0xD0, 0x26, 0x62, 0x9B, 0x30,
+        0x2A, 0x04, 0x29, 0x69, 0x04, 0x10, 0x8D, 0x0B,
+        0xB9, 0x04, 0x50, 0x46, 0x28, 0x50, 0x48, 0x24,
+        0xD0, 0x48, 0x05, 0xA2, 0x48, 0x02, 0xC3, 0x20,
+        0x8C, 0xA0, 0x14, 0x00, 0x41, 0x38, 0x21, 0x4B,
+        0x24, 0x01, 0x04, 0xB5, 0x49, 0x42, 0x00, 0x00,
+        0x0C, 0x24, 0x28, 0x12, 0x40, 0x84, 0xA2, 0x20,
+        0x44, 0x9B, 0x06, 0x90, 0x63, 0xC0, 0x88, 0x8C,
+        0x14, 0x21, 0x49, 0x12, 0x10, 0x54, 0x16, 0x24,
+        0x20, 0x87, 0x44, 0x50, 0x10, 0x85, 0x0C, 0xB5,
+        0x64, 0xDB, 0x24, 0x41, 0xD0, 0x42, 0x29, 0x9A,
+        0x16, 0x8A, 0x21, 0xB4, 0x4C, 0x13, 0xB7, 0x70,
+        0x10, 0xC0, 0x85, 0x19, 0x02, 0x69, 0xCC, 0x40,
+        0x61, 0x1C, 0x48, 0x46, 0x98, 0x06, 0x25, 0x60,
+        0x14, 0x46, 0xE4, 0x22, 0x62, 0x24, 0x27, 0x22,
+        0x62, 0x24, 0x29, 0x44, 0xC6, 0x2D, 0x08, 0x31,
+        0x84, 0x20, 0x32, 0x21, 0x04, 0xB4, 0x61, 0x0A,
+        0x38, 0x12, 0xD9, 0x28, 0x44, 0xA4, 0x08, 0x20,
+        0xCC, 0xA8, 0x29, 0x0B, 0x21, 0x31, 0x0A, 0x34,
+        0x29, 0x03, 0x21, 0x40, 0xC1, 0xA2, 0x6C, 0x8A,
+        0x16, 0x12, 0x52, 0xA6, 0x64, 0xA3, 0xB2, 0x51,
+        0x04, 0x29, 0x51, 0xC4, 0x04, 0x91, 0x63, 0xB0,
+        0x2D, 0x14, 0x44, 0x30, 0x8C, 0x40, 0x66, 0x0C,
+        0x40, 0x0C, 0x01, 0xA5, 0x2C, 0x09, 0x94, 0x2D,
+        0x62, 0xC6, 0x11, 0x03, 0x98, 0x50, 0x19, 0x10,
+        0x4D, 0x19, 0xA8, 0x28, 0xD3, 0x86, 0x40, 0xC0,
+        0x30, 0x65, 0x54, 0xA6, 0x71, 0xE0, 0xB4, 0x85,
+        0x9B, 0x86, 0x10, 0x04, 0x36, 0x69, 0xD0, 0x46,
+        0x29, 0x18, 0xA3, 0x71, 0x40, 0x22, 0x49, 0x00,
+        0x43, 0x85, 0xCB, 0x40, 0x28, 0x89, 0x36, 0x66,
+        0x41, 0x22, 0x69, 0xA4, 0x28, 0x51, 0xD9, 0x80,
+        0x29, 0x14, 0x07, 0x21, 0xDA, 0x80, 0x91, 0x1B,
+        0x26, 0x50, 0x5B, 0xA0, 0x60, 0x99, 0x42, 0x71,
+        0x50, 0x88, 0x49, 0x10, 0x23, 0x09, 0x5A, 0x90,
+        0x21, 0x22, 0x27, 0x8E, 0x43, 0xB2, 0x70, 0x0C,
+        0xC9, 0x4C, 0xA4, 0x02, 0x70, 0x92, 0x40, 0x10,
+        0x0A, 0x39, 0x70, 0x02, 0x36, 0x0E, 0x11, 0x30,
+        0x41, 0xD8, 0x40, 0x2D, 0x1B, 0x24, 0x6D, 0xC3,
+        0x92, 0x61, 0x4C, 0x86, 0x8D, 0x21, 0xB8, 0x00,
+        0xD3, 0x24, 0x22, 0x12, 0xC8, 0x21, 0x12, 0x99,
+        0x85, 0x09, 0x16, 0x0C, 0x5A, 0xA2, 0x24, 0x09,
+        0x34, 0x42, 0x10, 0xA2, 0x24, 0x03, 0x42, 0x8C,
+        0xC0, 0xB2, 0x8D, 0x12, 0xB6, 0x69, 0x63, 0x34,
+        0x0D, 0xCC, 0xB0, 0x65, 0xA1, 0x12, 0x11, 0x4A,
+        0x38, 0x69, 0xCC, 0x14, 0x81, 0x58, 0x44, 0x09,
+        0x54, 0xA6, 0x80, 0x0C, 0xA8, 0x05, 0xC4, 0x38,
+        0x8A, 0x84, 0x06, 0x01, 0x9B, 0x32, 0x2D, 0x83,
+        0x12, 0x90, 0x09, 0x02, 0x60, 0xA1, 0x28, 0x88,
+        0x58, 0x10, 0x41, 0x24, 0x40, 0x02, 0x19, 0x34,
+        0x48, 0x18, 0xA0, 0x4D, 0x00, 0x10, 0x62, 0x13,
+        0x22, 0x50, 0xE3, 0x38, 0x21, 0x9A, 0x96, 0x21,
+        0x53, 0x08, 0x80, 0x51, 0x26, 0x01, 0x99, 0xC4,
+        0x28, 0x1B, 0xB9, 0x71, 0x04, 0x97, 0x84, 0x04,
+        0x05, 0x2C, 0xA0, 0xC2, 0x10, 0xD3, 0x42, 0x81,
+        0x81, 0x42, 0x4D, 0x61, 0x84, 0x6C, 0x5A, 0x30,
+        0x49, 0x1B, 0xC2, 0x24, 0xC0, 0x20, 0x28, 0xCA,
+        0x92, 0x2D, 0x4A, 0x90, 0x10, 0x04, 0x27, 0x86,
+        0x4C, 0x96, 0x21, 0x09, 0x19, 0x45, 0x14, 0x82,
+        0x2C, 0x11, 0xA6, 0x91, 0x13, 0xB8, 0x04, 0x03,
+        0x18, 0x70, 0x01, 0xA2, 0x51, 0x52, 0x14, 0x49,
+        0x5A, 0x02, 0x30, 0xCB, 0x30, 0x2C, 0x94, 0x10,
+        0x2C, 0x00, 0x49, 0x86, 0x09, 0xA0, 0x25, 0xC2,
+        0x12, 0x4C, 0x1B, 0x02, 0x69, 0x40, 0xA4, 0x44,
+        0x41, 0x16, 0x62, 0x02, 0x25, 0x28, 0xDC, 0xA2,
+        0x2D, 0x00, 0x16, 0x42, 0x58, 0x30, 0x66, 0x5B,
+        0x86, 0x24, 0xD4, 0x24, 0x48, 0xDB, 0x26, 0x0C,
+        0x4C, 0x08, 0x85, 0x01, 0x90, 0x49, 0x21, 0x24,
+        0x41, 0x54, 0x06, 0x84, 0x02, 0x43, 0x4A, 0x24,
+        0x42, 0x05, 0x40, 0x14, 0x48, 0xCA, 0x44, 0x84,
+        0xC0, 0x42, 0x0C, 0x98, 0x26, 0x04, 0x9C, 0xA2,
+        0x05, 0xD1, 0xC2, 0x51, 0x13, 0x01, 0x86, 0x1C,
+        0xA1, 0x50, 0xD9, 0x02, 0x50, 0x0C, 0x39, 0x86,
+        0x8C, 0x00, 0x31, 0x22, 0x05, 0x48, 0xD3, 0x10,
+        0x81, 0x12, 0x48, 0x05, 0xD1, 0x08, 0x69, 0x62,
+        0x38, 0x2C, 0x0A, 0x23, 0x70, 0x9B, 0x44, 0x72,
+        0xE3, 0x48, 0x6E, 0x22, 0x96, 0x70, 0x14, 0x33,
+        0x6C, 0xD8, 0x90, 0x29, 0x03, 0x00, 0x49, 0x63,
+        0x20, 0x8A, 0x03, 0x91, 0x25, 0x08, 0x89, 0x21,
+        0xC0, 0x82, 0x0C, 0x99, 0x40, 0x32, 0xC2, 0x34,
+        0x4E, 0x4B, 0x98, 0x69, 0x09, 0x80, 0x44, 0xE4,
+        0x04, 0x69, 0x94, 0x20, 0x09, 0x99, 0x24, 0x6D,
+        0x09, 0xA9, 0x60, 0x01, 0x29, 0x2D, 0xC8, 0x42,
+        0x28, 0x8A, 0x34, 0x02, 0xE4, 0x08, 0x70, 0x0C,
+        0x23, 0x6E, 0x0A, 0x05, 0x49, 0x64, 0x44, 0x2A,
+        0x82, 0xC8, 0x00, 0x02, 0x48, 0x31, 0xCB, 0x90,
+        0x50, 0x1C, 0x05, 0x68, 0x12, 0x12, 0x2C, 0xD0,
+        0x80, 0x0C, 0x59, 0x48, 0x61, 0xCB, 0xA6, 0x09,
+        0x9C, 0xC0, 0x81, 0x42, 0xB8, 0x00, 0x24, 0x41,
+        0x8A, 0x94, 0x20, 0x40, 0x42, 0x14, 0x4D, 0x19,
+        0x46, 0x62, 0x18, 0x05, 0x09, 0x24, 0x33, 0x6A,
+        0xD4, 0x00, 0x61, 0x12, 0x48, 0x32, 0x8A, 0x04,
+        0x72, 0x93, 0xB4, 0x69, 0x62, 0xC2, 0x71, 0x41,
+        0xA6, 0x89, 0x44, 0x96, 0x31, 0x62, 0x30, 0x46,
+        0x83, 0x42, 0x6C, 0x00, 0x19, 0x22, 0x09, 0x46,
+        0x4D, 0x8B, 0x06, 0x49, 0xE1, 0xB0, 0x70, 0x42,
+        0x44, 0x31, 0xC1, 0x80, 0x65, 0x9C, 0x00, 0x24,
+        0x11, 0xA8, 0x31, 0x13, 0x21, 0x2C, 0x4B, 0x46,
+        0x28, 0x1B, 0x18, 0x0D, 0x88, 0x42, 0x70, 0xD1,
+        0xB0, 0x0D, 0x90, 0xC8, 0x45, 0xDA, 0xC2, 0x48,
+        0x59, 0x14, 0x26, 0x22, 0x44, 0x00, 0xC2, 0x94,
+        0x41, 0x50, 0xC8, 0x04, 0x18, 0x00, 0x00, 0xCB,
+        0xA6, 0x24, 0x19, 0x02, 0x10, 0x10, 0x89, 0x0C,
+        0x18, 0x22, 0x21, 0x62, 0xA8, 0x81, 0xC8, 0x92,
+        0x48, 0xD3, 0x94, 0x20, 0x82, 0x06, 0x72, 0x09,
+        0xA8, 0x90, 0x0C, 0x49, 0x8A, 0x41, 0x86, 0x28,
+        0x19, 0xC5, 0x80, 0x9A, 0x18, 0x4D, 0x14, 0x10,
+        0x2E, 0x22, 0x12, 0x52, 0x00, 0x08, 0x12, 0x0C,
+        0x33, 0x45, 0x63, 0xC6, 0x30, 0x10, 0x93, 0x4C,
+        0x60, 0xC6, 0x31, 0xDC, 0x40, 0x0E, 0x98, 0x82,
+        0x50, 0x60, 0x02, 0x2A, 0xD2, 0x22, 0x40, 0xE4,
+        0x06, 0x2D, 0xDB, 0x32, 0x0E, 0xCA, 0x32, 0x4E,
+        0xD4, 0x18, 0x24, 0x08, 0xC3, 0x28, 0x4A, 0xC2,
+        0x68, 0xE2, 0x80, 0x40, 0xA1, 0xC8, 0x64, 0x51,
+        0xC2, 0x65, 0xCB, 0x16, 0x60, 0x23, 0x09, 0x4C,
+        0x82, 0x04, 0x68, 0xD9, 0x22, 0x2E, 0x1C, 0x49,
+        0x92, 0x42, 0x24, 0x21, 0x00, 0x37, 0x0E, 0xC8,
+        0x12, 0x72, 0x64, 0x08, 0x25, 0x0A, 0x20, 0x2A,
+        0x58, 0x24, 0x04, 0x59, 0x16, 0x4C, 0x08, 0x17,
+        0x30, 0x00, 0x46, 0x05, 0x12, 0x90, 0x40, 0x03,
+        0x07, 0x21, 0x52, 0xC0, 0x64, 0x1C, 0x83, 0x6D,
+        0x9C, 0x32, 0x2E, 0x11, 0x15, 0x8A, 0x10, 0x35,
+        0x88, 0x5A, 0xA0, 0x8D, 0xD9, 0x80, 0x48, 0x03,
+        0xB6, 0x4C, 0x01, 0x10, 0x65, 0x10, 0x86, 0x40,
+        0x11, 0x01, 0x42, 0x0A, 0xC1, 0x64, 0xDB, 0x22,
+        0x4D, 0x64, 0xB2, 0x51, 0x02, 0x36, 0x0D, 0x93,
+        0x46, 0x31, 0x14, 0xB6, 0x68, 0x63, 0x84, 0x29,
+        0xC8, 0x10, 0x24, 0x94, 0x30, 0x08, 0x19, 0x37,
+        0x02, 0x14, 0x82, 0x45, 0x88, 0x28, 0x40, 0x54,
+        0xA8, 0x29, 0x90, 0x14, 0x12, 0x61, 0x36, 0x12,
+        0x0B, 0x09, 0x8C, 0xA4, 0x98, 0x28, 0xC2, 0x92,
+        0x45, 0x4C, 0x00, 0x60, 0x63, 0xC4, 0x81, 0xC0,
+        0x36, 0x25, 0xCA, 0x88, 0x2D, 0x24, 0x40, 0x30,
+        0xD3, 0xA8, 0x2D, 0xC9, 0xC8, 0x25, 0xD2, 0x84,
+        0x48, 0x00, 0x32, 0x92, 0x50, 0xA2, 0x71, 0xD3,
+        0x44, 0x0D, 0x22, 0x34, 0x60, 0x12, 0x13, 0x12,
+        0x86, 0x8C, 0x5F, 0x86, 0x20, 0x79, 0x4A, 0x05,
+        0x0E, 0x20, 0xD0, 0xE1, 0x01, 0x17, 0x86, 0x24,
+        0x0E, 0xA6, 0x64, 0xF2, 0xF6, 0x9B, 0xB1, 0xB7,
+        0xE3, 0x0E, 0xC6, 0x6B, 0x1A, 0x4A, 0x0B, 0xE5,
+        0x9B, 0x79, 0xF2, 0x19, 0x8A, 0xD9, 0x80, 0x44,
+        0x83, 0xE4, 0x75, 0xE5, 0x3B, 0x3C, 0x49, 0xCB,
+        0x0C, 0xE5, 0xEF, 0x92, 0x91, 0x2A, 0xF4, 0x40,
+        0xF2, 0x3B, 0x99, 0x58, 0x13, 0xD1, 0x1B, 0x59,
+        0xF7, 0x98, 0xE9, 0x3C, 0x9D, 0x13, 0x53, 0x98,
+        0x17, 0xC7, 0xAC, 0x68, 0xCA, 0xD1, 0xAA, 0x1A,
+        0xC2, 0x76, 0x56, 0xBD, 0x0C, 0x47, 0x97, 0xE9,
+        0xC8, 0xEC, 0x17, 0x78, 0x4C, 0x1A, 0x32, 0x7A,
+        0x9D, 0xFE, 0xAF, 0x4D, 0x61, 0x91, 0xEE, 0xCD,
+        0xAF, 0xE0, 0x49, 0xB7, 0x33, 0xFE, 0x39, 0xD5,
+        0xEB, 0x40, 0x00, 0x93, 0x6F, 0xEE, 0xFC, 0xF8,
+        0x29, 0x28, 0xE9, 0xF9, 0x4C, 0xFD, 0x5C, 0xF4,
+        0xC1, 0xE3, 0xDE, 0xB1, 0x43, 0x3A, 0x47, 0xF6,
+        0xD3, 0x28, 0xB5, 0xE8, 0x3D, 0xD1, 0x56, 0xD0,
+        0x18, 0x2D, 0xC6, 0x92, 0x34, 0x75, 0x91, 0xAA,
+        0x6F, 0x73, 0x2C, 0xFB, 0xE9, 0x82, 0x93, 0x5F,
+        0xD1, 0x84, 0x6C, 0xAC, 0xF4, 0xCB, 0x85, 0x15,
+        0xC5, 0x5A, 0xB8, 0x5E, 0xE5, 0xAD, 0x44, 0xCB,
+        0x09, 0xD3, 0x26, 0x9E, 0x2E, 0x6D, 0x11, 0x78,
+        0x09, 0x61, 0xFD, 0x13, 0x1D, 0x5E, 0x6F, 0xBF,
+        0x89, 0x84, 0x9F, 0x47, 0xF2, 0xB7, 0x1D, 0x82,
+        0x83, 0xFF, 0x25, 0x38, 0x5E, 0x52, 0xB0, 0x7D,
+        0xBB, 0x26, 0x6C, 0x67, 0x4C, 0xEE, 0x3D, 0x0B,
+        0x5D, 0xF5, 0xA5, 0x6D, 0x8B, 0xDC, 0xDC, 0xFA,
+        0xAE, 0xE6, 0xA2, 0x48, 0xE7, 0x1D, 0xB1, 0x34,
+        0x5A, 0xFC, 0x59, 0x7C, 0xA8, 0x30, 0xA1, 0xA3,
+        0x5B, 0x43, 0x96, 0xEF, 0x4C, 0x1A, 0xDF, 0x9E,
+        0xD0, 0x1B, 0xCE, 0x9B, 0x6E, 0xB6, 0x37, 0xFA,
+        0x24, 0xAA, 0x16, 0x0B, 0x90, 0x76, 0xBA, 0xE3,
+        0x05, 0x59, 0xF8, 0xB2, 0x9D, 0xED, 0xB3, 0xD2,
+        0x5B, 0x79, 0x06, 0x4A, 0xB0, 0xCF, 0x8B, 0x8D,
+        0x70, 0xAD, 0xDD, 0xEB, 0x8B, 0x17, 0x42, 0x48,
+        0xD5, 0xAE, 0xA4, 0xD1, 0x8D, 0xE4, 0x3B, 0x89,
+        0x38, 0xCD, 0xD2, 0xAC, 0xBA, 0x54, 0x77, 0xBD,
+        0x4A, 0xAC, 0xC3, 0xCE, 0x59, 0x5E, 0x5D, 0x26,
+        0x9F, 0xE6, 0x75, 0x21, 0x0D, 0x23, 0x15, 0x2B,
+        0x04, 0x71, 0x0F, 0x36, 0x84, 0x28, 0x79, 0x4A,
+        0x75, 0xF4, 0x9B, 0x68, 0x3E, 0xD2, 0x0D, 0xD6,
+        0x47, 0x51, 0x57, 0x77, 0x95, 0x5A, 0x8C, 0xB3,
+        0x8A, 0x36, 0xAF, 0xCD, 0x2C, 0xE0, 0xAC, 0xEC,
+        0x4F, 0x0D, 0xFE, 0x80, 0x77, 0x02, 0xD1, 0xEB,
+        0x3B, 0xDE, 0x72, 0xE9, 0xE0, 0x85, 0xAA, 0x4E,
+        0x09, 0xEB, 0x1B, 0x09, 0x47, 0x41, 0x38, 0x52,
+        0xEC, 0x3C, 0x0A, 0xC5, 0x2F, 0x06, 0xCB, 0x95,
+        0x9C, 0x85, 0x39, 0x4E, 0xB3, 0x74, 0x81, 0x19,
+        0xED, 0xBE, 0x6C, 0x80, 0xD2, 0xD8, 0xF7, 0x92,
+        0xCE, 0x0D, 0x91, 0x5E, 0x4F, 0x4B, 0x15, 0x1E,
+        0xFB, 0x13, 0x5E, 0x7F, 0x4D, 0xC9, 0x7D, 0x85,
+        0x81, 0x41, 0xC5, 0x7F, 0x70, 0x41, 0x7B, 0x43,
+        0xA6, 0xA1, 0x26, 0x95, 0x69, 0x78, 0xD7, 0x8E,
+        0xFB, 0x9F, 0x03, 0x72, 0x43, 0xB4, 0xCB, 0x41,
+        0xDF, 0x96, 0x8B, 0x7E, 0xE5, 0xB5, 0x20, 0x87,
+        0xF0, 0x5A, 0xA9, 0xFE, 0x48, 0x7B, 0xD1, 0x6C,
+        0x03, 0x47, 0xCF, 0x13, 0x35, 0x76, 0x0B, 0xD2,
+        0x39, 0x8A, 0xD5, 0x4D, 0xDA, 0x00, 0xA5, 0xAA,
+        0xC4, 0x46, 0xD8, 0x0B, 0x1C, 0x79, 0x98, 0xC6,
+        0x02, 0x19, 0x2A, 0xDA, 0xFC, 0xB8, 0x09, 0xD1,
+        0x4E, 0xE3, 0x28, 0x64, 0x1B, 0xA3, 0xAA, 0x00,
+        0xF8, 0xD2, 0x9C, 0x3A, 0x84, 0x8A, 0xCB, 0xDC,
+        0x19, 0x46, 0xBC, 0x0D, 0x35, 0xE0, 0xBE, 0x0F,
+        0x8F, 0x7E, 0x3D, 0xA3, 0xF6, 0x8D, 0x9F, 0xA9,
+        0x76, 0x8F, 0x5C, 0xF2, 0x75, 0x53, 0x4A, 0x0E,
+        0xCA, 0x9E, 0x60, 0xFC, 0xEA, 0x38, 0xF1, 0xE0,
+        0x42, 0xC3, 0x16, 0x14, 0x3A, 0x76, 0x7B, 0x33,
+        0xAC, 0xCA, 0xD8, 0xC8, 0xD6, 0x6C, 0x70, 0xC7,
+        0x5F, 0xD1, 0xF0, 0xB2, 0x58, 0x6B, 0x65, 0x3A,
+        0xD4, 0xAF, 0x54, 0xE5, 0x6E, 0xF0, 0x69, 0x33,
+        0xEA, 0xD3, 0x1D, 0xE3, 0x65, 0xD1, 0x10, 0xB9,
+        0xC4, 0xA2, 0xA9, 0x8B, 0xCB, 0xA1, 0x65, 0xCA,
+        0xFE, 0x38, 0x6F, 0x88, 0x7C, 0x72, 0x15, 0x6E,
+        0xB1, 0x4F, 0xF0, 0xDA, 0xD6, 0x65, 0x61, 0x6C,
+        0xE3, 0xCE, 0x65, 0xC1, 0x90, 0x4F, 0x2C, 0x17,
+        0x47, 0xB2, 0xEC, 0x2B, 0x5C, 0x9D, 0x67, 0x76,
+        0xBC, 0xD7, 0x9E, 0x5A, 0xC6, 0x4B, 0x79, 0x33,
+        0xBD, 0xDE, 0xDE, 0xDD, 0xBB, 0xC7, 0x25, 0xBF,
+        0xDB, 0xCC, 0xDE, 0x2F, 0xB3, 0x75, 0xAE, 0x2B,
+        0xE3, 0x53, 0x7B, 0xDF, 0x89, 0xBF, 0x4C, 0x25,
+        0xF8, 0x3A, 0x49, 0xD6, 0xA6, 0xA8, 0xD0, 0x76,
+        0x1C, 0xF3, 0x9D, 0x62, 0x0C, 0x53, 0xED, 0x83,
+        0x7D, 0x19, 0x82, 0x55, 0xCF, 0x5B, 0x91, 0x0A,
+        0x6D, 0xB5, 0x78, 0x77, 0xDF, 0x92, 0xD8, 0xBB,
+        0x6E, 0x9C, 0x52, 0x6B, 0x8C, 0x4E, 0xC9, 0x31,
+        0x00, 0xDE, 0xE0, 0x50, 0x0A, 0x21, 0x0C, 0x98,
+        0x45, 0x83, 0xE1, 0x53, 0x81, 0x60, 0xED, 0xAC,
+        0x2C, 0x6F, 0x86, 0x6E, 0x7F, 0x5D, 0x99, 0xD7,
+        0xB1, 0xB8, 0x15, 0x82, 0xF5, 0xD0, 0xEB, 0xBF,
+        0x27, 0x86, 0xE3, 0xF5, 0x56, 0x01, 0x3B, 0xA9,
+        0xB6, 0xF6, 0x56, 0xEB, 0x79, 0x88, 0x38, 0xEA,
+        0x05, 0x79, 0x20, 0x1A, 0x95, 0xD5, 0x6B, 0xBC,
+        0x3B, 0xCD, 0xB9, 0x51, 0x1A, 0xFB, 0xD4, 0xD8,
+        0x12, 0x88, 0x89, 0x6F, 0x87, 0x10, 0x8C, 0x07,
+        0x7F, 0x1A, 0x81, 0xA3, 0xBD, 0x29, 0x7B, 0xB1,
+        0x24, 0xA8, 0x00, 0x86, 0x89, 0x02, 0x42, 0x99,
+        0x5E, 0x03, 0xCF, 0x42, 0xA0, 0xC2, 0x1E, 0x27,
+        0x2A, 0x9A, 0xFA, 0x1D, 0xC1, 0x03, 0x46, 0x3D,
+        0x2A, 0xB4, 0x94, 0xF7, 0xD0, 0x17, 0x68, 0x6D,
+        0x31, 0x89, 0x4D, 0xD2, 0xF6, 0xEB, 0xB0, 0xC3,
+        0xCB, 0x62, 0x23, 0xEC, 0x79, 0xC6, 0x5D, 0x45,
+        0xC1, 0xB0, 0xD4, 0xEF, 0x19, 0x61, 0xF1, 0x6D,
+        0x65, 0x3F, 0xCF, 0x25, 0x97, 0x7B, 0x65, 0x1E,
+        0xC5, 0x1A, 0x13, 0xAE, 0x8D, 0x4A, 0x34, 0x72,
+        0xEE, 0x71, 0x96, 0x9A, 0x7A, 0x93, 0x6F, 0x5D,
+        0xBB, 0xB9, 0x39, 0x6A, 0x46, 0xD9, 0x76, 0x42,
+        0x35, 0x8C, 0xAF, 0x48, 0x94, 0xC9, 0xA6, 0xDF,
+        0x84, 0xA5, 0x9C, 0x59, 0x62, 0xA6, 0x99, 0x0A,
+        0x76, 0xF0, 0x61, 0x48, 0x90, 0x16, 0x9F, 0x00,
+        0x18, 0x70, 0xD4, 0x9C, 0xF2, 0xE7, 0x50, 0x08,
+        0xCC, 0x4A, 0x5D, 0x85, 0xE7, 0x2D, 0xE2, 0xD6,
+        0xCF, 0x3F, 0xA7, 0x18, 0x52, 0x25, 0x35, 0x22,
+        0xFE, 0x8B, 0x0E, 0x42, 0x3C, 0xB4, 0x17, 0xA3,
+        0x8E, 0xB7, 0x8C, 0x87, 0x63, 0xC3, 0x72, 0x0C,
+        0x04, 0xE6, 0x7F, 0xF8, 0x89, 0x79, 0xEB, 0xA0,
+        0x9E, 0x34, 0x53, 0x8B, 0xB5, 0x23, 0xB9, 0x9B,
+        0x8E, 0x34, 0x16, 0x74, 0x12, 0xF7, 0x7A, 0xEA,
+        0x89, 0x4D, 0x83, 0xAC, 0xF9, 0x46, 0xFC, 0x05,
+        0x4D, 0x0A, 0xF4, 0x72, 0x95, 0xE5, 0x1E, 0xD8,
+        0x3F, 0x74, 0x86, 0x94, 0x0A, 0x4D, 0x41, 0xC0,
+        0x4A, 0xD7, 0xEB, 0xEE, 0x61, 0x0B, 0xF1, 0xD0,
+        0x3F, 0xA5, 0x40, 0x71, 0xD5, 0x1A, 0x15, 0x09,
+        0xE4, 0xF4, 0x91, 0x63, 0xA2, 0x50, 0x81, 0xBE,
+        0x87, 0x90, 0xD0, 0x87, 0xF5, 0xF4, 0xF0, 0x5C,
+        0x88, 0x55, 0x0F, 0xCA, 0x9B, 0xF9, 0x9C, 0x9B,
+        0xE5, 0x95, 0x3D, 0x51, 0xDD, 0x08, 0x45, 0xC9,
+        0x3E, 0x41, 0xEE, 0xEF, 0x62, 0xE0, 0x79, 0x4B,
+        0x29, 0x27, 0xC4, 0xF5, 0xED, 0x9B, 0xD3, 0xE3,
+        0x4E, 0xA9, 0x20, 0x0A, 0x79, 0xDD, 0xEB, 0x4B,
+        0x2D, 0x8F, 0x30, 0x5F, 0xE0, 0x5F, 0x82, 0x7C,
+        0x7E, 0x2E, 0xD1, 0x86, 0x34, 0x1C, 0xB5, 0xD1,
+        0x15, 0x2F, 0xC8, 0x01, 0x04, 0xE0, 0xE1, 0x36,
+        0x83, 0xD9, 0x41, 0x29, 0x4C, 0x77, 0x84, 0x17,
+        0x16, 0x4B, 0x68, 0x4A, 0x97, 0x6E, 0x56, 0xE7,
+        0x8D, 0xA4, 0xD1, 0x7C, 0x3C, 0x73, 0x22, 0x93,
+        0x14, 0x87, 0x0B, 0x85, 0xC4, 0x55, 0xC2, 0x3B,
+        0x83, 0x0B, 0x9A, 0x28, 0xA3, 0xD8, 0xC0, 0xB5,
+        0x66, 0x42, 0x6D, 0xC1, 0x69, 0xF3, 0x26, 0xAB,
+        0xCE, 0x2E, 0xFF, 0xF3, 0x9E, 0x9B, 0x19, 0x9A,
+        0xE5, 0xC1, 0x29, 0x2B, 0x6F, 0x2E, 0xF3, 0x7A,
+        0xF1, 0xDE, 0xA9, 0x27, 0x2C, 0x8D, 0x54, 0x23,
+        0xDF, 0x8A, 0x56, 0x32, 0xF9, 0x91, 0xE1, 0x4D,
+        0xCA, 0x25, 0x14, 0x78, 0x8B, 0x62, 0xBE, 0x16,
+        0x48, 0x28, 0xE9, 0xAC, 0xB8, 0x93, 0xDD, 0xA6,
+        0x02, 0xA5, 0xE2, 0xFB, 0x9E, 0xFC, 0xBE, 0xFD,
+        0x95, 0xAB, 0xFB, 0x82, 0xD2, 0xB0, 0x2D, 0x49,
+        0xCC, 0x53, 0x08, 0x4A, 0x49, 0xAB, 0x1B, 0xEC,
+        0x23, 0xE5, 0xB4, 0xC8, 0xE7, 0x14, 0xCB, 0x03,
+        0x40, 0x5F, 0x1B, 0xCF, 0x7E, 0x11, 0xBB, 0x59,
+        0x72, 0x9D, 0xDC, 0x0B, 0x7B, 0xEF, 0xB2, 0x91,
+        0x27, 0x6D, 0xCE, 0xDA, 0xCA, 0xAD, 0x39, 0xA2,
+        0xF0, 0x1C, 0x7D, 0xC9, 0x8B, 0x9E, 0x06, 0x5E,
+        0xAF, 0xED, 0x1C, 0xC8, 0xCE, 0x3E, 0x84, 0x80,
+        0x80, 0xA2, 0xFC, 0x5B, 0x98, 0xC9, 0xF6, 0xBF,
+        0x50, 0x40, 0x27, 0x33, 0x42, 0xF0, 0x31, 0x2F,
+        0x8B, 0x98, 0x44, 0x59, 0x4A, 0x50, 0x3D, 0xD3,
+        0xE6, 0xAF, 0x1C, 0x9E, 0x35, 0xC1, 0x03, 0x2A,
+        0x4A, 0x8A, 0x5E, 0x7B, 0xF3, 0x3A, 0x82, 0xF3,
+        0x5E, 0x16, 0xED, 0xF8, 0xC6, 0x0C, 0x90, 0x02,
+        0x1D, 0x8C, 0x0B, 0xA4, 0xC3, 0x86, 0x24, 0x5D,
+        0xFE, 0xF0, 0x94, 0x48, 0x43, 0x1D, 0x8C, 0x00,
+        0xD1, 0xE2, 0x6E, 0xE4, 0xD8, 0xC7, 0x7D, 0xAA,
+        0x1A, 0x70, 0x5E, 0xD4, 0x79, 0x2A, 0xCB, 0x4E,
+        0xA2, 0x7C, 0x15, 0x66, 0xFB, 0x56, 0x68, 0x3C,
+        0x43, 0xBF, 0x67, 0x84, 0x2E, 0x67, 0x53, 0x4C,
+        0xB3, 0xF9, 0x67, 0x7C, 0x8A, 0xB9, 0xD0, 0xEE,
+        0xE7, 0x82, 0x7C, 0xDE, 0xFC, 0x22, 0x3A, 0xC9,
+        0x48, 0xB8, 0x80, 0xB5, 0xF1, 0xCE, 0x95, 0x37,
+        0x27, 0x29, 0x32, 0x00, 0x2C, 0x1A, 0x4D, 0xD2,
+        0x18, 0xF5, 0x27, 0x16, 0x6E, 0xBF, 0xB2, 0xB2,
+        0xFA, 0x2B, 0xF3, 0x72, 0x46, 0xEC, 0xDF, 0xDF,
+        0xA7, 0x2B, 0x6D, 0xA1, 0x1C, 0x30, 0xD1, 0xC7,
+        0xD2, 0x48, 0xAD, 0x64, 0x81, 0x8F, 0x69, 0x1D,
+        0x59, 0xB7, 0x55, 0xDA, 0xF7, 0x1B, 0xED, 0x9A,
+        0xB5, 0xFB, 0x52, 0xE0, 0x36, 0x22, 0xA9, 0x00,
+        0xD6, 0x6B, 0x4C, 0x63, 0x84, 0x16, 0x9B, 0xDF,
+        0x9E, 0xB6, 0x1C, 0x02, 0xDF, 0x45, 0xFB, 0x76,
+        0xB1, 0xA2, 0x6F, 0x34, 0xE9, 0x38, 0xB1, 0x90,
+        0x86, 0x17, 0x45, 0xC0, 0x21, 0xFA, 0x87, 0x62,
+        0x00, 0xC7, 0xFC, 0x8E, 0x22, 0x2D, 0xDB, 0xFA,
+        0xD8, 0xBE, 0x78, 0x1B, 0x18, 0x54, 0x24, 0xAA,
+        0xAF, 0xC6, 0x58, 0x62, 0xDB, 0x13, 0x2B, 0xEC,
+        0x6D, 0x18, 0x83, 0x7A, 0x1F, 0x58, 0xA8, 0x76,
+        0xC9, 0x9E, 0x63, 0xF5, 0x14, 0x20, 0xB8, 0x3F,
+        0x45, 0x96, 0x75, 0x61, 0x2F, 0x7A, 0xCF, 0x80,
+        0xB4, 0xEB, 0x1D, 0xD0, 0x72, 0x1C, 0xAA, 0x1B,
+        0x49, 0x70, 0xDA, 0x60, 0x86, 0x79, 0xC6, 0x38,
+        0x3E, 0x81, 0x7F, 0xE1, 0x6B, 0x66, 0xB1, 0x91,
+        0x81, 0xED, 0xFC, 0x39, 0x27, 0x0C, 0x7E, 0x91,
+        0x7B, 0x1F, 0x10, 0xEB, 0x7A, 0x01, 0x19, 0x97,
+        0xE9, 0x67, 0x85, 0x3B, 0x78, 0xE0, 0x0C, 0xFD,
+        0x58, 0xD2, 0x24, 0xD9, 0x33, 0xCC, 0x5A, 0x99,
+        0x55, 0x32, 0xDC, 0xD4, 0xE5, 0x32, 0xE4, 0x03,
+        0x05, 0x15, 0xF4, 0xA0, 0x5B, 0x33, 0x1D, 0x57,
+        0x5D, 0xDA, 0xC2, 0x9B, 0xAB, 0x06, 0x9F, 0x09,
+        0xAF, 0x0D, 0x17, 0x33, 0x73, 0xDB, 0x1E, 0xC2,
+        0xB6, 0x36, 0x6B, 0xB3, 0x71, 0x00, 0x8A, 0x23,
+        0x86, 0xFD, 0x88, 0xBE, 0x77, 0xF5, 0xED, 0x5E,
+        0x19, 0x8C, 0xBE, 0x88, 0xDF, 0x24, 0xBC, 0x6E,
+        0x39, 0x3F, 0xEB, 0xC1, 0x0C, 0x47, 0x0A, 0x72,
+        0xD4, 0x7C, 0x0F, 0x83, 0x46, 0x53, 0xC9, 0xAE,
+        0x80, 0x0E, 0x89, 0x3C, 0x6B, 0xA6, 0x8E, 0xA2,
+        0x8A, 0x83, 0x8F, 0xCB, 0xB6, 0x9C, 0x3E, 0x96,
+        0x4A, 0x5F, 0xAF, 0xC2, 0x06, 0x7D, 0xD4, 0x06,
+        0xB2, 0x57, 0xC9, 0x8D, 0xD3, 0x97, 0x9E, 0xC7,
+        0xC7, 0xEC, 0xBE, 0x96, 0xA3, 0x3D, 0x85, 0x51,
+        0x5D, 0xA2, 0xCB, 0x6A, 0xA5, 0xE1, 0xFF, 0xF2,
+        0x04, 0xAF, 0x62, 0xDD, 0x41, 0x19, 0xA0, 0xE4,
+        0x8C, 0x04, 0xA3, 0xF2, 0xB3, 0x86, 0x60, 0xF5,
+        0x29, 0x64, 0xD8, 0xD4, 0xAE, 0xE1, 0x46, 0xA9,
+        0xC5, 0x3C, 0x31, 0x90, 0x6D, 0xAD, 0x0F, 0xD9,
+        0x0B, 0x5D, 0x83, 0xB3, 0xE3, 0x1B, 0x69, 0x0A,
+        0x4C, 0x49, 0x35, 0x24, 0x99, 0x81, 0xBE, 0x1F,
+        0x1A, 0x85, 0xEC, 0x6E, 0x0F, 0xEE, 0x4C, 0x88,
+        0xF2, 0xD8, 0x9E, 0x29, 0x69, 0xAB, 0x8C, 0xBB,
+        0xEB, 0x50, 0x19, 0x16, 0x55, 0x8D, 0x29, 0xEA,
+        0x7C, 0x3E, 0xCF, 0x1C, 0x9E, 0xF1, 0xA0, 0x43,
+        0x50, 0x63, 0x3B, 0x4C, 0xDA, 0x73, 0x7D, 0xFB,
+        0x15, 0x1C, 0xB5, 0xE7, 0x36, 0x11, 0x73, 0xF3,
+        0xAE, 0xDD, 0xDF, 0x52, 0x7D, 0x73, 0xF2, 0xF9,
+        0xD5, 0xB6, 0x21, 0x3A, 0xA6, 0x8F, 0x88, 0x3E,
+        0x9A, 0x26, 0x33, 0x78, 0x5E, 0xC6, 0xBE, 0x64,
+        0x2A, 0x9F, 0xD0, 0xF2, 0x1A, 0x42, 0xF6, 0xB9,
+        0xDA, 0xAB, 0xDC, 0xD1, 0xE6, 0xAD, 0xBE, 0xF6,
+        0x48, 0x41, 0xB5, 0x96, 0x86, 0xEA, 0xE3, 0xEC,
+        0x88, 0xEE, 0xF0, 0xA9, 0xCB, 0xC1, 0x2B, 0xC0,
+        0x12, 0x62, 0x2D, 0xF2, 0xDD, 0x93, 0xA8, 0x62,
+        0x29, 0x04, 0x4A, 0xF2, 0xF2, 0x60, 0xD2, 0x18,
+        0x3F, 0x51, 0xE8, 0x33, 0xEE, 0x92, 0xD9, 0x8F,
+        0x02, 0x51, 0xE3, 0xF8, 0x5F, 0xAB, 0x74, 0xCE,
+        0x36, 0x7B, 0x8B, 0x7A, 0xA6, 0x3D, 0x3C, 0xF8,
+        0xC8, 0xBF, 0x4D, 0x78, 0x35, 0x8B, 0xAE, 0x0A,
+        0x02, 0x41, 0xE2, 0x10, 0xAC, 0x69, 0x35, 0x30,
+        0x87, 0xCC, 0x73, 0x31, 0x35, 0x7E, 0xB4, 0x45,
+        0x0F, 0x95, 0x09, 0xCF, 0xE5, 0x95, 0xF5, 0x40,
+        0x32, 0xEE, 0x05, 0x77, 0x54, 0xA8, 0xED, 0xD7,
+        0x46, 0xCB, 0x92, 0x82, 0xE7, 0x68, 0xDC, 0x6B,
+        0x83, 0x0C, 0x5B, 0x4A, 0x21, 0x93, 0x43, 0xAD,
+        0x12, 0x4E, 0xDB, 0x3B, 0xBC, 0x42, 0x50, 0x55,
+        0x66, 0xA7, 0x03, 0x8C, 0x95, 0x9B, 0xC3, 0x55,
+        0x85, 0xB6, 0x05, 0x5F, 0x19, 0x68, 0xDA, 0x24,
+        0x3F, 0x77, 0x8F, 0x4E, 0x46, 0xDB, 0x46, 0x2A,
+        0xBE, 0xB9, 0x3B, 0x81, 0x24, 0x3C, 0x31, 0xEB,
+        0x59, 0x62, 0x2E, 0xDF, 0x81, 0xF0, 0x6C, 0xCC,
+        0x61, 0xD2, 0xA6, 0xEA, 0x73, 0xE1, 0x09, 0xC3,
+        0x87, 0x91, 0x5F, 0x27, 0x7B, 0xCF, 0x1F, 0xC1,
+        0x11, 0x05, 0xBB, 0xA7, 0x02, 0x93, 0xC0, 0xFA,
+        0xB5, 0xC0, 0x65, 0xF2, 0x3B, 0xAA, 0x19, 0x29,
+        0x0A, 0x30, 0x2F, 0x08, 0x09, 0x11, 0x07, 0xA4,
+        0xB1, 0xD5, 0x68, 0x85, 0x26, 0x22, 0x09, 0x83,
+        0x83, 0x42, 0x77, 0x60, 0xEF, 0x8F, 0x29, 0x28,
+        0x62, 0x5B, 0xDD, 0xA5, 0xF5, 0x14, 0xC5, 0xAD,
+        0xE9, 0x59, 0x89, 0x1E, 0xF2, 0x95, 0x9F, 0x24,
+        0x8A, 0x35, 0x32, 0xBF, 0x9D, 0x30, 0xE7, 0x14,
+        0x05, 0x9E, 0xBD, 0xEC, 0x95, 0x87, 0x08, 0xF8,
+        0xA8, 0x3C, 0x26, 0x8B, 0xEF, 0x26, 0x82, 0xD6,
+        0x03, 0xCA, 0x88, 0x63, 0x47, 0xE1, 0x98, 0xFD,
+        0x68, 0x23, 0x39, 0x99, 0xC7, 0x7D, 0x30, 0xD7,
+        0x45, 0x5D, 0xE6, 0xBC, 0xFD, 0x01, 0x44, 0x27,
+        0x70, 0x62, 0xB3, 0x04, 0xBE, 0xF0, 0xE3, 0x4C,
+        0x5A, 0x9D, 0x8D, 0x78, 0x0D, 0x29, 0xEC, 0x23,
+        0x21, 0xE0, 0x73, 0x40, 0x77, 0x1C, 0x46, 0x36,
+        0x04, 0x83, 0xAD, 0xCA, 0xF1, 0x2D, 0x5B, 0x79,
+        0xFD, 0xBF, 0xE2, 0x85, 0x6A, 0xCE, 0x88, 0x59,
+        0xF6, 0xB1, 0x24, 0x14, 0xB3, 0xF7, 0xE8, 0xBB,
+        0x58, 0x13, 0x49, 0x89, 0x60, 0xF3, 0x4F, 0xDC,
+        0x64, 0xFC, 0x84, 0x85, 0x79, 0xCA, 0xF9, 0xDC,
+        0xCF, 0x19, 0xB4, 0xFB, 0x82, 0x5E, 0xD5, 0x71,
+        0x6D, 0xCC, 0xCD, 0x68, 0x72, 0xCB, 0xDE, 0x38,
+        0x31, 0xD6, 0x73, 0x84, 0x94, 0x2C, 0xD8, 0xA9,
+        0xEC, 0x4B, 0xBF, 0xEF, 0x57, 0x06, 0xB8, 0xF9,
+        0xF0, 0x5F, 0xE1, 0xE8, 0xFE, 0x69, 0xD3, 0xEA,
+        0x6A, 0x86, 0x21, 0xC2, 0x21, 0x44, 0x17, 0x7B,
+        0x1C, 0x12, 0x59, 0xE1, 0xA7, 0x9D, 0xFD, 0xF8,
+        0x97, 0x28, 0x88, 0x7B, 0xEF, 0x1A, 0x70, 0x48,
+        0x25, 0x56, 0x83, 0x1B, 0x67, 0x24, 0x40, 0xE1,
+        0x3F, 0xE3, 0xE3, 0xFC, 0x82, 0x04, 0xA0, 0x2E,
+        0xA1, 0xEF, 0xF1, 0x9D, 0x95, 0x25, 0x38, 0x87,
+        0x28, 0x5B, 0xFB, 0xEA, 0x16, 0xA0, 0xF2, 0x19,
+        0xEF, 0xBC, 0xEC, 0x30, 0xA8, 0xAE, 0x86, 0x58,
+        0x9A, 0x57, 0x03, 0x10, 0x3A, 0x8A, 0x39, 0x3F,
+        0xA6, 0xF6, 0xB6, 0x57, 0x70, 0x4A, 0xC6, 0x77,
+        0xC1, 0x4C, 0xD1, 0x0D, 0x3D, 0x62, 0xD1, 0x3F,
+        0xBD, 0x37, 0x8C, 0x2D, 0xDA, 0x32, 0x5B, 0x61,
+        0xB8, 0x59, 0x52, 0xD5, 0x12, 0x93, 0x87, 0x1E,
+        0x1F, 0xCD, 0xC9, 0x48, 0xC7, 0x7B, 0xEA, 0xE9,
+        0xA6, 0xF0, 0xE8, 0x7C, 0xE1, 0xA8, 0x05, 0x1C,
+        0x8F, 0x80, 0x87, 0x68, 0x5C, 0x12, 0x62, 0x4B,
+        0xDF, 0x58, 0x38, 0x0E, 0xD6, 0x6F, 0x55, 0xB4,
+        0x3D, 0xDD, 0x6D, 0x36, 0x21, 0x73, 0xA5, 0xBD,
+        0x38, 0x98, 0x59, 0xC1, 0x7D, 0x95, 0xEC, 0xE3,
+        0xAB, 0x73, 0x26, 0x39, 0xFF, 0xE4, 0x51, 0xCD,
+        0x10, 0x3E, 0xE4, 0x85, 0x4D, 0xB2, 0xF3, 0x96,
+        0x14, 0xF6, 0x58, 0xBA, 0xA3, 0x84, 0xBC, 0x99,
+        0x48, 0xD0, 0x71, 0x4E, 0xB4, 0x8A, 0x88, 0x71,
+        0x43, 0xE7, 0xA1, 0xFA, 0x4B, 0x69, 0x0C, 0x22,
+        0xB4, 0x92, 0xA7, 0x0C, 0x61, 0x2B, 0x59, 0xFF,
+        0xD2, 0xD6, 0xB3, 0xB5, 0xE9, 0x9C, 0x20, 0x03,
+        0xE2, 0xC3, 0x59, 0xB1, 0xE6, 0x2D, 0xCB, 0x62,
+        0x0C, 0x7A, 0x24, 0x6A, 0x7B, 0x9B, 0x32, 0x46,
+        0x13, 0x15, 0x56, 0xF2, 0xF3, 0xD5, 0x13, 0xA2,
+        0x3C, 0x6A, 0x9F, 0xD2, 0x28, 0x0E, 0xD6, 0x86,
+        0xD7, 0x67, 0xCC, 0xD0, 0x17, 0x54, 0xEB, 0x4C,
+        0x99, 0x69, 0x2F, 0x2B, 0x38, 0x0C, 0x36, 0x08,
+        0x13, 0x44, 0xC1, 0xD3, 0x5E, 0xE1, 0x94, 0x97,
+        0x36, 0xB6, 0x97, 0x6F, 0x48, 0x52, 0xCF, 0xBE,
+        0x64, 0xFA, 0xBC, 0xF1, 0x1B, 0x9A, 0xFB, 0x82,
+        0x85, 0x76, 0xB4, 0xF9, 0x78, 0x7A, 0xA7, 0xD0,
+        0x3E, 0x84, 0x59, 0x8A, 0x71, 0x43, 0xEF, 0x73,
+        0x11, 0xFA, 0xF2, 0x97, 0x0E, 0x23, 0xED, 0x4C,
+        0x17, 0x3F, 0x98, 0x5D, 0x64, 0x50, 0x16, 0x5A,
+        0xE3, 0xE2, 0x41, 0xA1, 0x82, 0x34, 0xE7, 0x4F,
+        0xF3, 0xDD, 0xB9, 0x21, 0xA5, 0x30, 0x0B, 0x1C,
+        0x4F, 0xB6, 0xE4, 0x32, 0xE6, 0x98, 0xF5, 0x3F,
+        0x66, 0xE3, 0x8C, 0x07, 0xBC, 0xD6, 0xE7, 0x76,
+        0x05, 0xDF, 0x46, 0x24, 0xD5, 0x79, 0x07, 0x62,
+        0x92, 0xDE, 0x1C, 0xE6, 0xFC, 0x6F, 0x00, 0x81,
+        0xA3, 0x8B, 0xD9, 0x2D, 0x39, 0xB2, 0x4B, 0x73,
+        0xBA, 0xC1, 0xC5, 0x2B, 0xD6, 0x8E, 0x91, 0x81,
+        0xD3, 0xDC, 0xD0, 0xAC, 0x75, 0x34, 0xDB, 0x48,
+        0x90, 0x1E, 0x59, 0x84, 0xF9, 0x90, 0x25, 0x57,
+        0xBF, 0xA2, 0x31, 0xB2, 0xEA, 0x28, 0xC3, 0x18,
+        0x32, 0x62, 0xA1, 0xB2, 0x22, 0x1F, 0x74, 0x26,
+        0xEA, 0x88, 0xA5, 0x81, 0x60, 0x93, 0xA5, 0xCA,
+        0xE2, 0xCD, 0x5D, 0x59, 0xA9, 0x39, 0x0F, 0xC9,
+        0x3A, 0x29, 0x56, 0x94, 0x4B, 0x06, 0x4C, 0xF0,
+        0x13, 0xBC, 0xDB, 0x67, 0xFB, 0x42, 0x3D, 0x13,
+        0x28, 0xD2, 0xC6, 0xD7, 0xBA, 0x32, 0x90, 0x13,
+        0xFA, 0x2D, 0x30, 0xEF, 0xD6, 0x9F, 0xDC, 0xA1,
+        0xA9, 0x5E, 0xA6, 0xD0, 0x6C, 0x73, 0x63, 0x53,
+        0x4B, 0x2F, 0x3F, 0x7D, 0xAA, 0xFA, 0x29, 0x6E,
+        0xAA, 0x09, 0xB3, 0x66, 0x8E, 0x9C, 0xF8, 0x2D,
+        0x9B, 0xA9, 0x59, 0xB3, 0x2F, 0x3C, 0xAD, 0x3C,
+        0x10, 0xC6, 0xEA, 0x48, 0x61, 0x15, 0x54, 0x53,
+        0x9C, 0x37, 0xDF, 0x6B, 0xCA, 0x33, 0x85, 0xEA,
+        0xD3, 0xFC, 0xFF, 0x96, 0xD3, 0x72, 0xB4, 0x23,
+        0x93, 0xB7, 0x3C, 0x8D, 0xAA, 0xAA, 0x31, 0x50,
+        0x6E, 0xE0, 0x52, 0x7B, 0x7F, 0xB3, 0xE5, 0x93,
+        0xDC, 0xCC, 0xA5, 0x7C, 0x8F, 0xBB, 0xD4, 0xA3,
+        0xC7, 0xF8, 0xA5, 0x38, 0x99, 0x86, 0x91, 0x32,
+        0xFB, 0xC3, 0xE4, 0x05, 0x06, 0x07, 0xBB, 0xFE,
+        0x29, 0xC6, 0x75, 0xE3, 0x94, 0x5E, 0x74, 0xA3,
+        0x1C, 0xD5, 0x31, 0xBA, 0x7A, 0xEB, 0x2E, 0x2F,
+        0x0C, 0xD9, 0x90, 0xB8, 0xF9, 0x83, 0xA9, 0x0D,
+        0xFE, 0xA0, 0x56, 0x8F, 0x06, 0x77, 0xEA, 0x95,
+        0x63, 0xF7, 0xC4, 0x79, 0xDE, 0x96, 0x89, 0x40,
+        0xCF, 0x24, 0x29, 0x92, 0x69, 0x28, 0x65, 0xCF,
+        0xDA, 0x89, 0xFA, 0x07, 0x8B, 0xBE, 0xF4, 0x9C,
+        0xE4, 0x57, 0x5B, 0xDF, 0xB3, 0x80, 0x36, 0x60,
+        0x11, 0xC8, 0x43, 0x5F, 0x12, 0xB4, 0x2D, 0x9A,
+        0xB9, 0x9A, 0xB6, 0xA3, 0x19, 0x12, 0xC4, 0x35,
+        0x41, 0x49, 0xD7, 0x23, 0x10, 0x1D, 0x13, 0x65,
+        0xA6, 0x5E, 0x7C, 0xC6, 0x8D, 0x82, 0xE3, 0x05,
+        0x17, 0x77, 0x39, 0x02, 0xFB, 0x38, 0xDD, 0xA2,
+        0xB3, 0x24, 0xE7, 0x20, 0x8E, 0x98, 0x7E, 0xD2,
+        0x87, 0xD0, 0x92, 0xE7, 0x66, 0x2A, 0x43, 0x02,
+        0x41, 0xBF, 0xCA, 0x55, 0x2D, 0x31, 0x41, 0x27,
+        0xE3, 0x8C, 0x85, 0x97, 0xA8, 0x95, 0x19, 0xD4,
+        0xF1, 0xE6, 0x2A, 0x79, 0x46, 0x5A, 0xD5, 0xF4,
+        0xEA, 0xA3, 0xFA, 0x77, 0xCD, 0x98, 0x32, 0x6D,
+        0x2F, 0x92, 0xCE, 0x98, 0x52, 0x05, 0x5C, 0xEC,
+        0xCF, 0x62, 0xD6, 0x3C, 0xB9, 0xD7, 0xF1, 0x98,
+        0xAE, 0x08, 0x5E, 0x4D, 0x45, 0xC8, 0xE4, 0x8F,
+        0xCF, 0xFE, 0x59, 0x3A, 0xD6, 0x52, 0xD9, 0x15,
+        0x41, 0x67, 0xBF, 0x3E, 0x61, 0x95, 0x81, 0x0A,
+        0x44, 0x5A, 0xE1, 0x58, 0xF1, 0xF9, 0xA6, 0x79,
+        0x33, 0x63, 0xAF, 0xC1, 0xF2, 0x2C, 0xA8, 0x82,
+        0xFE, 0xED, 0x3A, 0x5F, 0x57, 0x27, 0xCA, 0x76,
+        0x47, 0x7C, 0x5F, 0x23, 0xF0, 0xFC, 0x87, 0x00,
+        0xCD, 0xC6, 0xA5, 0xBC, 0xB2, 0xB2, 0x0B, 0x4F,
+        0x92, 0x66, 0x35, 0x1D, 0x30, 0x4A, 0x96, 0xA8,
+        0x2B, 0xF5, 0xF3, 0x14, 0xAF, 0x68, 0x5C, 0x1C,
+        0x70, 0x7C, 0x92, 0xE3, 0xE8, 0x47, 0xB7, 0x04,
+        0x7D, 0x68, 0x9C, 0x70, 0xB2, 0x5E, 0x55, 0x01,
+        0xCA, 0xEC, 0x99, 0x19, 0x62, 0x6F, 0x4A, 0x0F,
+        0xC8, 0x15, 0x86, 0xAF, 0x1E, 0xC8, 0x88, 0x89,
+        0xB4, 0x23, 0x38, 0x7D, 0x5D, 0x95, 0x48, 0x26,
+        0x18, 0xA6, 0x50, 0xE8, 0x0B, 0x53, 0xB0, 0x7C,
+        0xAC, 0xE3, 0x22, 0x89, 0x40, 0x60, 0x2E, 0x3D,
+        0xB4, 0x74, 0x66, 0xCE, 0x9B, 0xCC, 0xB6, 0xE4,
+        0xD8, 0xAA, 0x61, 0xC8, 0x91, 0x25, 0x83, 0xE8,
+        0x10, 0xB3, 0xB2, 0xE7, 0xE9, 0xCB, 0x48, 0xBD,
+        0x40, 0x3E, 0xCF, 0x08, 0xD2, 0x8C, 0x70, 0xAE,
+        0x0B, 0x62, 0x08, 0x59, 0xC1, 0xF0, 0x9B, 0x61,
+        0x13, 0x14, 0x04, 0xC3, 0xD5, 0xBF, 0xFC, 0xD8,
+        0x60, 0xE0, 0xF4, 0x2A, 0xB2, 0x99, 0x00, 0x62,
+        0x30, 0xB2, 0x87, 0x6D, 0x77, 0xDD, 0xA9, 0x1C,
+        0x8C, 0x62, 0xBD, 0x93, 0xA8, 0x44, 0xE4, 0xB3,
+        0x44, 0xE3, 0x25, 0x5E, 0xEA, 0x53, 0x1C, 0x6C,
+        0x45, 0x8D, 0x04, 0xAB, 0xDB, 0x0F, 0xAE, 0xF2,
+        0xD1, 0xC0, 0xB4, 0xC5, 0x5F, 0x57, 0x0A, 0x5A,
+        0x51, 0x02, 0x3F, 0x4D, 0x4E, 0xFF, 0xF5, 0x9F,
+        0x9A, 0xBE, 0x17, 0x92, 0x2F, 0xE7, 0x32, 0xCA,
+        0x71, 0xBC, 0xD4, 0x34, 0xAD, 0x77, 0x10, 0xB8,
+        0x4C, 0xD4, 0xAC, 0x9F, 0x25, 0x07, 0xA0, 0x68,
+        0x26, 0x56, 0x2A, 0xD7, 0xF6, 0x47, 0x82, 0x6F,
+        0x9D, 0xBB, 0xE4, 0xED, 0xD2, 0x3F, 0x12, 0x43,
+        0x69, 0xDB, 0x85, 0x26, 0xFC, 0x2B, 0x4D, 0x52,
+        0xF0, 0x74, 0x14, 0x15, 0xF9, 0x72, 0xBE, 0xF6,
+        0xA9, 0x35, 0xBD, 0x81, 0x2A, 0x56, 0xC8, 0x22,
+        0x1B, 0x7D, 0xEF, 0x0F, 0x51, 0x06, 0xBC, 0x01,
+        0xE9, 0x13, 0xE3, 0xD4, 0x3D, 0xB8, 0x6C, 0x2B,
+        0xB4, 0xC7, 0xE0, 0x76, 0x26, 0x63, 0xC6, 0xDE,
+        0x78, 0x87, 0x21, 0xC2, 0xAA, 0x07, 0xF8, 0x95,
+        0x48, 0x87, 0xE2, 0x14, 0x2F, 0x2E, 0x91, 0x4A,
+        0x09, 0x9E, 0xFC, 0x0A, 0xEE, 0x13, 0x39, 0x21,
+        0x0D, 0x3E, 0x53, 0xDA, 0x3E, 0xCF, 0x88, 0x62,
+        0x4B, 0x11, 0x19, 0xBE, 0x34, 0x01, 0x0B, 0x88,
+        0x6C, 0x80, 0xF5, 0x1D, 0x18, 0x50, 0x83, 0x8F,
+        0x21, 0x50, 0xE7, 0x2B, 0x04, 0x2A, 0xF3, 0x28,
+        0x99, 0xC0, 0xD3, 0xD7, 0xB0, 0x2A, 0x57, 0xF8,
+        0xCF, 0x26, 0x3A, 0x36, 0x95, 0x62, 0xE4, 0xE9,
+        0x45, 0xA3, 0x12, 0x82, 0xA5, 0x02, 0xA9, 0x5E,
+        0xE9, 0xBB, 0x03, 0x16, 0xC6, 0x86, 0x10, 0x06,
+        0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7
+    };
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte seed_44_draft[] = {
+        0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47,
+        0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35,
+        0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24,
+        0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69
+    };
+    static const byte pk_44_draft[] = {
+        0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
+        0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
+        0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
+        0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61,
+        0xED, 0x7E, 0xA9, 0xED, 0x2D, 0xED, 0x5A, 0x71,
+        0xDD, 0xAE, 0x4A, 0x06, 0xE0, 0x2A, 0x5A, 0xAF,
+        0x99, 0x69, 0x89, 0xC6, 0xAF, 0xE3, 0x2A, 0xFE,
+        0x3D, 0x6E, 0x0A, 0x46, 0x71, 0x48, 0xD7, 0x17,
+        0x99, 0x20, 0x01, 0x78, 0xD5, 0x8B, 0x40, 0xCB,
+        0x81, 0xA0, 0x33, 0x38, 0xAE, 0x2B, 0x83, 0x4A,
+        0xFD, 0x5F, 0xE0, 0xB7, 0xEE, 0xA0, 0xC4, 0x3D,
+        0xB6, 0xA4, 0xD5, 0x59, 0x4B, 0xDD, 0x87, 0x1A,
+        0xFC, 0x03, 0x30, 0xA0, 0xB3, 0xAD, 0x75, 0x3C,
+        0xD4, 0x47, 0x72, 0x59, 0xCE, 0xB7, 0x80, 0xFD,
+        0x34, 0x35, 0x5E, 0x96, 0xC8, 0x42, 0xD9, 0xDD,
+        0x6C, 0xF1, 0xAB, 0xEF, 0x48, 0xD1, 0xA8, 0x02,
+        0x02, 0x0F, 0x5B, 0x71, 0x4D, 0x36, 0x1E, 0x0D,
+        0xC2, 0x09, 0x46, 0x7B, 0xF9, 0xEA, 0x24, 0x8F,
+        0x7C, 0xCF, 0xB8, 0x9C, 0xF7, 0x49, 0x15, 0x8E,
+        0x16, 0x49, 0x7E, 0xC5, 0x54, 0xF5, 0x03, 0x1D,
+        0x16, 0x12, 0x02, 0x72, 0x1B, 0x38, 0x2D, 0x58,
+        0x53, 0x15, 0x5E, 0xB6, 0x72, 0xCC, 0xA1, 0x09,
+        0xB0, 0x2F, 0x10, 0xFA, 0x21, 0x45, 0x46, 0x37,
+        0xD4, 0xFA, 0x7F, 0xFB, 0xB0, 0xD9, 0x20, 0xE2,
+        0xCB, 0x56, 0xB3, 0x1E, 0xDF, 0x82, 0x67, 0x25,
+        0x09, 0xD1, 0x8F, 0xFF, 0xE0, 0x43, 0xBD, 0x37,
+        0x2B, 0x73, 0x0E, 0x13, 0x08, 0xC9, 0x49, 0x88,
+        0x69, 0x69, 0xD9, 0x8C, 0x86, 0xE4, 0x7E, 0x63,
+        0x35, 0xC5, 0xE1, 0xD0, 0x14, 0x9A, 0x89, 0x27,
+        0x28, 0x17, 0xB0, 0x5B, 0x7A, 0x8F, 0xDD, 0x72,
+        0x8B, 0x0A, 0x0D, 0x49, 0x58, 0x59, 0x2F, 0x0D,
+        0x8F, 0x3D, 0x16, 0xCE, 0x7B, 0x11, 0xC7, 0x06,
+        0x5D, 0xD5, 0x6D, 0x7B, 0x96, 0xED, 0x1E, 0x1A,
+        0xF4, 0x10, 0x85, 0xDA, 0xDE, 0x84, 0x2F, 0x2B,
+        0xBA, 0xFB, 0xA2, 0x5F, 0x33, 0x7D, 0x7C, 0x18,
+        0x6B, 0xDF, 0x43, 0x3C, 0xE9, 0xEB, 0xB4, 0xC5,
+        0x8E, 0x52, 0xF5, 0x7E, 0x4C, 0x3E, 0x6A, 0x33,
+        0x41, 0x4C, 0x14, 0x05, 0x8E, 0x2C, 0x19, 0x0E,
+        0x86, 0x91, 0x66, 0xDE, 0xF6, 0x4B, 0x35, 0xC2,
+        0xDF, 0x3D, 0x4C, 0x7B, 0xC5, 0x58, 0x5E, 0x86,
+        0x89, 0x6A, 0xFC, 0x86, 0x48, 0x75, 0xD1, 0x18,
+        0xD1, 0xCB, 0x41, 0xC0, 0xF6, 0xD8, 0x87, 0x79,
+        0xD9, 0xA2, 0x56, 0x2E, 0x83, 0x26, 0x11, 0xC1,
+        0x4B, 0x53, 0x37, 0x85, 0x62, 0xFF, 0x6A, 0x67,
+        0xFD, 0x18, 0x79, 0xD7, 0x55, 0x9B, 0xF7, 0x64,
+        0xA9, 0x21, 0xB6, 0x1B, 0xF6, 0x11, 0x85, 0xF8,
+        0xC0, 0x68, 0xDE, 0x61, 0x0C, 0x61, 0x7E, 0x8E,
+        0xED, 0x9E, 0x58, 0x84, 0x16, 0x1A, 0x28, 0xC5,
+        0x41, 0x63, 0xB3, 0xF0, 0x82, 0xAA, 0xE8, 0x36,
+        0x81, 0x5C, 0xD3, 0xB7, 0xFB, 0x92, 0xF4, 0x7A,
+        0x1E, 0x85, 0xA2, 0xB7, 0x21, 0xD5, 0xFA, 0xC8,
+        0xE8, 0x02, 0x43, 0x5B, 0x56, 0x42, 0x03, 0x17,
+        0x67, 0xEE, 0x3E, 0x31, 0x23, 0x63, 0xC7, 0x33,
+        0x95, 0xDE, 0x07, 0xF6, 0x11, 0x3A, 0x2C, 0x3F,
+        0x7B, 0xBB, 0x2D, 0x5C, 0x23, 0xF9, 0x2F, 0x9C,
+        0x51, 0x19, 0x9F, 0x35, 0xC3, 0x18, 0x9F, 0x83,
+        0x6E, 0xA8, 0x03, 0xF1, 0x79, 0x1F, 0xB0, 0xC8,
+        0x2F, 0xF4, 0x2E, 0x9A, 0x26, 0xF3, 0x44, 0x02,
+        0x8F, 0x45, 0x8B, 0xB0, 0x25, 0x1D, 0xF2, 0xD4,
+        0x55, 0xB7, 0x65, 0xEF, 0xDB, 0x3D, 0x8E, 0x92,
+        0xC8, 0xA0, 0x63, 0x4C, 0x38, 0xA3, 0x54, 0xD3,
+        0xC2, 0x5A, 0x2A, 0x6A, 0x15, 0x27, 0x2A, 0xE2,
+        0xFC, 0x25, 0xB6, 0xC8, 0x68, 0xEB, 0xED, 0x2D,
+        0x23, 0xE8, 0x6D, 0x5C, 0xDD, 0x3F, 0x18, 0xB4,
+        0x6E, 0x79, 0x36, 0xC9, 0x1C, 0xB4, 0x92, 0x41,
+        0xAD, 0x35, 0xD4, 0x15, 0xE4, 0x64, 0x1C, 0x51,
+        0xCB, 0x0C, 0x41, 0xB7, 0xFD, 0xC1, 0x09, 0x3E,
+        0xD2, 0x4D, 0x38, 0x88, 0x77, 0x1C, 0x71, 0x91,
+        0x74, 0xD3, 0x28, 0xE0, 0xCE, 0x9A, 0x11, 0x8D,
+        0xBF, 0x4D, 0x8D, 0xF0, 0x44, 0xF6, 0x79, 0xFC,
+        0x4C, 0xAD, 0x17, 0x88, 0xC0, 0x8C, 0x0B, 0x7A,
+        0x90, 0x01, 0x53, 0x6C, 0x6B, 0x44, 0xF6, 0xE5,
+        0x2E, 0xEC, 0x44, 0x4F, 0xB8, 0x9B, 0x10, 0xBE,
+        0xCF, 0x55, 0x55, 0x29, 0x83, 0xB8, 0xD0, 0x25,
+        0x5B, 0xCE, 0x8F, 0xA5, 0xB7, 0x6C, 0xA7, 0x47,
+        0x65, 0xA9, 0xE9, 0x9B, 0xA5, 0xBC, 0x28, 0x1D,
+        0x9F, 0x1F, 0x5E, 0x97, 0x42, 0x10, 0x84, 0x92,
+        0xFB, 0x38, 0x0B, 0x2E, 0xAC, 0x79, 0x0A, 0x7D,
+        0x00, 0x2C, 0x35, 0xD0, 0x54, 0x0D, 0x28, 0xE7,
+        0xAB, 0x06, 0x02, 0xDA, 0x89, 0xA3, 0x06, 0x8E,
+        0x13, 0x9A, 0xA7, 0xCA, 0x48, 0x09, 0xB0, 0x48,
+        0x37, 0x08, 0xA7, 0x7D, 0xDA, 0xEB, 0x58, 0x64,
+        0x39, 0xB3, 0xF3, 0xB2, 0x4C, 0x00, 0x4B, 0xCB,
+        0x94, 0x36, 0xD4, 0x7C, 0x73, 0x45, 0xC8, 0x93,
+        0xE5, 0x2A, 0x11, 0xF0, 0xEF, 0x0C, 0xED, 0x5F,
+        0x8B, 0x0C, 0x86, 0xAD, 0x3A, 0x01, 0x07, 0x1A,
+        0xC0, 0x34, 0xE8, 0x74, 0x21, 0x27, 0x73, 0x56,
+        0x93, 0x76, 0x5D, 0x80, 0x59, 0xB4, 0xA4, 0xDC,
+        0x80, 0xE7, 0xCE, 0x70, 0x0E, 0x0F, 0xEC, 0x56,
+        0x42, 0x6E, 0x9C, 0x76, 0x3D, 0xF6, 0xB4, 0x41,
+        0xE2, 0x3E, 0xAC, 0x25, 0xE7, 0x86, 0xA7, 0xA7,
+        0x0A, 0x0D, 0x5D, 0x04, 0x1F, 0x45, 0xD4, 0x5B,
+        0x42, 0x38, 0x4C, 0x60, 0xE7, 0xB7, 0x0D, 0xC7,
+        0x28, 0x4F, 0xA5, 0x4E, 0x0C, 0x1B, 0xC4, 0xDA,
+        0x50, 0x1A, 0xA0, 0x93, 0xAE, 0x10, 0x9A, 0x1A,
+        0xC8, 0xC6, 0x56, 0xFC, 0x0A, 0xEA, 0x89, 0x3A,
+        0x28, 0x21, 0xE9, 0x52, 0x9D, 0xEB, 0x07, 0x68,
+        0xC1, 0x57, 0x32, 0x25, 0x1F, 0x93, 0x5D, 0x35,
+        0xB2, 0x4B, 0x58, 0x30, 0xAF, 0x51, 0xC6, 0x7D,
+        0x47, 0xD1, 0xA2, 0xAD, 0xDE, 0x75, 0x48, 0x84,
+        0x74, 0x19, 0x74, 0x18, 0xA0, 0x2C, 0xD8, 0xB2,
+        0xFE, 0x44, 0x78, 0x95, 0x6A, 0xBF, 0x56, 0x4D,
+        0x20, 0x79, 0xE7, 0xE2, 0xE3, 0x56, 0x69, 0xB3,
+        0xFA, 0xE1, 0xEB, 0xE6, 0x11, 0xAC, 0x18, 0xB3,
+        0x98, 0xC1, 0x04, 0x20, 0x96, 0x4B, 0xAD, 0xDE,
+        0x5B, 0x18, 0xEB, 0x7B, 0xBC, 0x15, 0x11, 0x57,
+        0x29, 0x10, 0xE5, 0x80, 0x78, 0x4A, 0xF0, 0x87,
+        0xF6, 0xD1, 0x3C, 0x23, 0xC5, 0xF4, 0x2D, 0xD7,
+        0xAB, 0xA4, 0xD7, 0xB8, 0x45, 0x8E, 0x04, 0x1B,
+        0x78, 0x59, 0x9F, 0x81, 0xE6, 0x04, 0xDF, 0x70,
+        0x2B, 0x14, 0x74, 0x16, 0x49, 0xDA, 0xF0, 0xE1,
+        0xC8, 0x29, 0xCC, 0x87, 0x8C, 0x2F, 0xFB, 0x18,
+        0x3B, 0x47, 0xFC, 0x79, 0x04, 0x84, 0xCB, 0x0A,
+        0xD2, 0x64, 0xBF, 0x86, 0xEA, 0x01, 0xAC, 0xE0,
+        0xBD, 0xEC, 0x3B, 0xE1, 0xA7, 0x6C, 0xDE, 0x1D,
+        0x58, 0x76, 0xCC, 0x53, 0x9E, 0xF6, 0xC6, 0xD4,
+        0x2C, 0x87, 0x92, 0xA2, 0x89, 0x27, 0x31, 0x33,
+        0x01, 0xA5, 0xA2, 0xE8, 0x8F, 0x13, 0x19, 0x0F,
+        0xFD, 0x73, 0xB9, 0x91, 0xBD, 0xB8, 0x80, 0x9A,
+        0xA3, 0xB1, 0x21, 0x6C, 0x91, 0x13, 0x8A, 0xAE,
+        0xC7, 0xCB, 0x67, 0x14, 0xD1, 0xC0, 0x28, 0x89,
+        0x04, 0x8C, 0x9F, 0xDE, 0xA0, 0x9A, 0x99, 0xA8,
+        0x61, 0xE6, 0x8F, 0x8E, 0x39, 0xEF, 0x6B, 0x5E,
+        0x84, 0x5F, 0x5D, 0x24, 0x37, 0x73, 0x9D, 0x75,
+        0xC4, 0xEF, 0xE2, 0xA1, 0xF2, 0xBC, 0x0D, 0xE1,
+        0x0D, 0xEC, 0xFA, 0xEE, 0xC1, 0x63, 0xC8, 0x2E,
+        0x7D, 0x85, 0x65, 0xC3, 0xF2, 0x0D, 0x8B, 0x73,
+        0xF9, 0x3B, 0x0B, 0x3D, 0x49, 0x8B, 0xFB, 0x16,
+        0x5B, 0x75, 0x48, 0x9B, 0x56, 0x0A, 0x83, 0x4C,
+        0x0D, 0x13, 0xB2, 0xB4, 0x25, 0xC7, 0x2C, 0xCB,
+        0xA7, 0x9E, 0xCA, 0x41, 0x44, 0x14, 0x9A, 0x03,
+        0xD3, 0x01, 0x8C, 0xB0, 0xD5, 0xA9, 0x36, 0xA4,
+        0x16, 0x21, 0x49, 0x0A, 0x99, 0xA1, 0x89, 0xA5,
+        0x91, 0x10, 0xA2, 0x1B, 0x3F, 0x98, 0x1E, 0x1C,
+        0x43, 0xAA, 0x9C, 0x16, 0x5A, 0xF0, 0x18, 0x64,
+        0x0F, 0x6A, 0xE3, 0x97, 0x83, 0x31, 0x4E, 0x84,
+        0xC9, 0xEA, 0xD8, 0x9F, 0xEA, 0x9E, 0xD6, 0xF2,
+        0x0E, 0x15, 0xA5, 0x48, 0x15, 0x8B, 0x10, 0x1D,
+        0x77, 0x78, 0x1B, 0x54, 0x03, 0xC1, 0x2C, 0xB1,
+        0xC8, 0x22, 0x11, 0x9D, 0xB8, 0x82, 0x94, 0x26,
+        0xA0, 0xED, 0x6C, 0xAD, 0xA8, 0x03, 0xC2, 0xED,
+        0x02, 0x74, 0x3E, 0x54, 0xBD, 0x77, 0xA6, 0x0B,
+        0x37, 0xFE, 0x04, 0xCD, 0x25, 0x10, 0x2D, 0x52,
+        0xC2, 0xD4, 0x5B, 0x9B, 0xAE, 0xFE, 0x35, 0x73,
+        0x16, 0x61, 0x84, 0x25, 0x1D, 0xBE, 0x95, 0x34,
+        0xA4, 0xF6, 0xB9, 0xA4, 0xF9, 0xAA, 0x5D, 0x1E,
+        0x49, 0xBB, 0x19, 0xD9, 0x64, 0xD7, 0x48, 0x1A,
+        0x0A, 0x93, 0xC3, 0x69, 0x13, 0x12, 0x68, 0xBB,
+        0x97, 0x97, 0xBD, 0x99, 0x69, 0xCE, 0xE6, 0xF5,
+        0x84, 0x7B, 0xCC, 0xE4, 0x7D, 0xD3, 0xCD, 0x8A,
+        0x7A, 0x4B, 0x98, 0xF4, 0x09, 0x9D, 0xEA, 0x5D,
+        0x4E, 0x1F, 0xE1, 0x1E, 0x6C, 0x48, 0xD3, 0x5E,
+        0x67, 0xD9, 0xFF, 0x64, 0x4D, 0xA7, 0x64, 0x7A,
+        0x01, 0xB2, 0xE9, 0x63, 0x14, 0x10, 0xB7, 0x08,
+        0x0C, 0xF9, 0x4D, 0x66, 0x48, 0x46, 0xE3, 0xC2,
+        0x48, 0x6B, 0x47, 0xCE, 0x00, 0x98, 0x92, 0x83,
+        0xF7, 0xE0, 0x1F, 0x96, 0xFA, 0x53, 0xD5, 0x49,
+        0x1C, 0xC7, 0x89, 0xB4, 0xA5, 0x4B, 0x63, 0xBF,
+        0xD2, 0x00, 0x79, 0xDD, 0xC1, 0x60, 0xAA, 0xF2,
+        0x0F, 0x47, 0xB9, 0x4F, 0x8A, 0x66, 0x05, 0x3D,
+        0x96, 0x36, 0x64, 0x48, 0x5F, 0x7E, 0x56, 0x2B,
+        0xB3, 0x47, 0xE2, 0x76, 0x64, 0x21, 0x65, 0x34,
+        0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04,
+        0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17
+    };
+    static const byte sk_44_draft[] = {
+        0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
+        0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
+        0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
+        0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61,
+        0x73, 0x61, 0x49, 0x01, 0x0F, 0x94, 0x08, 0x30,
+        0x26, 0x02, 0x12, 0x63, 0x64, 0x15, 0x7A, 0x4D,
+        0xBA, 0xF5, 0x25, 0xA7, 0xAA, 0x0B, 0x7C, 0x3D,
+        0xCE, 0x05, 0x91, 0x95, 0xEF, 0x17, 0x2F, 0xE2,
+        0x5A, 0x03, 0x5E, 0x2E, 0x4D, 0xFA, 0xE7, 0x5F,
+        0xCD, 0x61, 0x34, 0xFB, 0x3D, 0x3C, 0x5C, 0x60,
+        0x1A, 0x6F, 0x09, 0xB5, 0x9D, 0xDD, 0x90, 0x53,
+        0xF6, 0x89, 0x50, 0xC2, 0xE1, 0xED, 0x0A, 0x61,
+        0x8F, 0xFA, 0xDC, 0x2D, 0xB2, 0x8B, 0xA1, 0x56,
+        0xAC, 0x5E, 0x0E, 0xF1, 0x3B, 0x1E, 0x22, 0x9F,
+        0xAA, 0x05, 0x96, 0xA3, 0x5E, 0x44, 0x86, 0xA8,
+        0xBA, 0x15, 0xD1, 0x11, 0x7D, 0xAA, 0xD0, 0xAA,
+        0x01, 0x27, 0x25, 0x04, 0x82, 0x89, 0xA4, 0x22,
+        0x2E, 0xDB, 0x80, 0x45, 0xD2, 0x30, 0x45, 0x59,
+        0x16, 0x64, 0xE2, 0x08, 0x86, 0x50, 0x00, 0x8E,
+        0xCA, 0x08, 0x51, 0x5A, 0x06, 0x01, 0x54, 0x82,
+        0x20, 0xC4, 0x92, 0x30, 0x02, 0x21, 0x4E, 0x0A,
+        0x93, 0x89, 0x84, 0xB8, 0x70, 0x24, 0x40, 0x51,
+        0x24, 0xB3, 0x44, 0xDB, 0x08, 0x40, 0x1B, 0x37,
+        0x44, 0x21, 0x22, 0x8E, 0x8C, 0x16, 0x42, 0x10,
+        0x22, 0x0E, 0xA1, 0xB2, 0x8D, 0x18, 0x49, 0x30,
+        0xC1, 0x32, 0x69, 0x21, 0x03, 0x8E, 0x49, 0x44,
+        0x08, 0xD3, 0x16, 0x89, 0x10, 0xA4, 0x25, 0x5C,
+        0x22, 0x8A, 0xC0, 0xC8, 0x08, 0xC1, 0x04, 0x6A,
+        0xD2, 0xA0, 0x50, 0x8A, 0x02, 0x52, 0x92, 0x16,
+        0x44, 0x54, 0x30, 0x4A, 0x92, 0x32, 0x0C, 0x4C,
+        0x44, 0x2D, 0x04, 0x15, 0x2A, 0x99, 0x24, 0x42,
+        0x52, 0xA8, 0x30, 0x53, 0x24, 0x85, 0x9A, 0xB8,
+        0x01, 0xE2, 0x08, 0x09, 0x23, 0x28, 0x08, 0xC4,
+        0x98, 0x85, 0x0B, 0xB9, 0x40, 0x60, 0x26, 0x28,
+        0x0A, 0x45, 0x12, 0x0C, 0x43, 0x84, 0x82, 0x16,
+        0x89, 0xC4, 0x48, 0x28, 0x58, 0x18, 0x2A, 0x20,
+        0x07, 0x02, 0xD3, 0x82, 0x45, 0x50, 0xB0, 0x50,
+        0x64, 0x36, 0x91, 0x52, 0x02, 0x45, 0x5A, 0x42,
+        0x26, 0x01, 0x28, 0x71, 0xD4, 0x86, 0x10, 0x19,
+        0xC4, 0x68, 0xC4, 0x30, 0x66, 0xE0, 0x02, 0x49,
+        0x18, 0x34, 0x05, 0x04, 0x02, 0x04, 0x90, 0x94,
+        0x4C, 0x01, 0xA7, 0x80, 0x12, 0x97, 0x08, 0x19,
+        0xC5, 0x41, 0x24, 0xC1, 0x61, 0x08, 0xB0, 0x0C,
+        0x21, 0xC1, 0x49, 0x9B, 0x42, 0x51, 0x62, 0x18,
+        0x22, 0x54, 0x06, 0x06, 0x93, 0x26, 0x70, 0x49,
+        0x86, 0x91, 0x00, 0x28, 0x6C, 0x02, 0xC9, 0x60,
+        0x13, 0xC3, 0x09, 0xCB, 0x14, 0x66, 0x09, 0x17,
+        0x25, 0x1C, 0x16, 0x89, 0x01, 0xB6, 0x01, 0x60,
+        0x86, 0x71, 0x58, 0x96, 0x04, 0x82, 0x38, 0x61,
+        0x43, 0x40, 0x72, 0xCC, 0x46, 0x71, 0x81, 0x20,
+        0x2C, 0x18, 0x20, 0x6E, 0x03, 0x91, 0x11, 0x9A,
+        0x08, 0x89, 0x43, 0x06, 0x48, 0x64, 0x02, 0x6C,
+        0x21, 0x33, 0x8D, 0x48, 0x16, 0x66, 0x9B, 0xA4,
+        0x2D, 0x01, 0x10, 0x66, 0xDC, 0xB0, 0x25, 0x40,
+        0xA0, 0x24, 0xA2, 0xB4, 0x44, 0xC8, 0x26, 0x61,
+        0x0A, 0x10, 0x4E, 0xD0, 0x04, 0x11, 0x4A, 0x82,
+        0x51, 0x03, 0x04, 0x6C, 0x18, 0x88, 0x6C, 0xE0,
+        0x98, 0x41, 0x11, 0x29, 0x06, 0x62, 0x12, 0x8E,
+        0xDA, 0x42, 0x91, 0x09, 0x48, 0x60, 0xD1, 0xB4,
+        0x80, 0x10, 0x30, 0x30, 0x80, 0x38, 0x82, 0xD0,
+        0x84, 0x0D, 0x08, 0x14, 0x92, 0x24, 0x41, 0x40,
+        0x0C, 0x10, 0x89, 0xCC, 0x38, 0x8A, 0x13, 0xB6,
+        0x89, 0x1A, 0xA7, 0x24, 0x5C, 0x10, 0x12, 0x1B,
+        0x21, 0x50, 0x91, 0xB4, 0x29, 0x99, 0xB6, 0x51,
+        0x04, 0xB1, 0x91, 0x59, 0xA6, 0x05, 0x19, 0x08,
+        0x4A, 0x4A, 0x84, 0x6C, 0x1C, 0x49, 0x02, 0x44,
+        0x20, 0x85, 0x14, 0xB1, 0x89, 0x09, 0x44, 0x2C,
+        0x10, 0x02, 0x22, 0xE1, 0xB4, 0x25, 0x01, 0x21,
+        0x71, 0x53, 0xC2, 0x85, 0x82, 0x88, 0x28, 0xC0,
+        0x02, 0x52, 0x19, 0xC5, 0x51, 0x19, 0xA5, 0x09,
+        0xC0, 0x82, 0x91, 0x21, 0x47, 0x0D, 0x1C, 0x30,
+        0x69, 0xDC, 0xB8, 0x6C, 0x04, 0x41, 0x6A, 0x91,
+        0x16, 0x40, 0xA0, 0xC8, 0x24, 0x1A, 0x10, 0x01,
+        0x04, 0x39, 0x25, 0x80, 0x16, 0x02, 0x63, 0x36,
+        0x71, 0x90, 0xB0, 0x8D, 0x44, 0x16, 0x8E, 0xDA,
+        0x16, 0x2E, 0xCB, 0x44, 0x20, 0x54, 0x38, 0x06,
+        0x54, 0xC4, 0x01, 0x51, 0x40, 0x86, 0x52, 0x44,
+        0x0E, 0x82, 0x02, 0x32, 0x21, 0x38, 0x89, 0x19,
+        0x04, 0x40, 0xD8, 0x12, 0x68, 0x21, 0x98, 0x11,
+        0x03, 0x33, 0x8A, 0x18, 0x00, 0x45, 0xCB, 0x22,
+        0x32, 0xC3, 0x04, 0x46, 0x09, 0x18, 0x51, 0x22,
+        0x44, 0x89, 0x13, 0x16, 0x6E, 0xDA, 0x46, 0x45,
+        0x09, 0x19, 0x41, 0x81, 0x10, 0x01, 0xDC, 0x18,
+        0x8E, 0xC8, 0x44, 0x4C, 0x00, 0x17, 0x82, 0x9C,
+        0xA6, 0x4D, 0xC8, 0x08, 0x10, 0x24, 0x42, 0x6D,
+        0x91, 0x38, 0x89, 0x8C, 0x40, 0x6E, 0x00, 0x35,
+        0x11, 0xD3, 0x24, 0x09, 0x1A, 0x01, 0x65, 0x88,
+        0x48, 0x45, 0x09, 0x01, 0x71, 0x43, 0xB8, 0x80,
+        0x11, 0x82, 0x2C, 0x84, 0xB8, 0x49, 0x58, 0x14,
+        0x28, 0x92, 0x20, 0x32, 0x09, 0x12, 0x05, 0x20,
+        0x81, 0x2D, 0x5B, 0x86, 0x11, 0x04, 0x90, 0x45,
+        0x49, 0x80, 0x40, 0xD1, 0xC8, 0x24, 0x98, 0xC2,
+        0x2C, 0x99, 0xA2, 0x30, 0x04, 0x98, 0x8C, 0x53,
+        0x24, 0x02, 0x8A, 0x04, 0x01, 0x4C, 0x28, 0x71,
+        0xC3, 0x86, 0x6C, 0x24, 0x49, 0x81, 0x04, 0x02,
+        0x28, 0x62, 0x44, 0x32, 0x61, 0x20, 0x28, 0x01,
+        0x04, 0x11, 0x0C, 0x09, 0x08, 0x90, 0x98, 0x84,
+        0x63, 0xB2, 0x45, 0x63, 0x38, 0x2E, 0x04, 0xA4,
+        0x0C, 0x18, 0x05, 0x4E, 0xCC, 0x86, 0x90, 0x43,
+        0x40, 0x91, 0x54, 0x02, 0x21, 0x43, 0x28, 0x42,
+        0x23, 0x94, 0x29, 0xC8, 0xA6, 0x91, 0x02, 0x09,
+        0x80, 0xE3, 0x82, 0x00, 0xC1, 0x34, 0x08, 0xD1,
+        0x34, 0x84, 0x12, 0x45, 0x8C, 0x02, 0xC6, 0x81,
+        0x41, 0xC6, 0x6C, 0x1B, 0x12, 0x24, 0x04, 0x08,
+        0x0D, 0x02, 0x00, 0x0C, 0x9C, 0xA2, 0x05, 0x49,
+        0x34, 0x65, 0x00, 0x06, 0x89, 0x88, 0x34, 0x00,
+        0xD8, 0x82, 0x29, 0x92, 0x12, 0x91, 0xE3, 0x36,
+        0x86, 0xD1, 0x80, 0x71, 0x98, 0xB0, 0x50, 0x48,
+        0xC6, 0x11, 0x14, 0x80, 0x0D, 0xA0, 0x12, 0x4D,
+        0x9B, 0xB2, 0x40, 0x21, 0x41, 0x50, 0x4B, 0x36,
+        0x05, 0x52, 0x10, 0x26, 0x19, 0xB2, 0x60, 0x92,
+        0xA2, 0x24, 0xCB, 0x08, 0x00, 0x14, 0x22, 0x49,
+        0x5A, 0xD0, 0x55, 0xBD, 0x2B, 0x45, 0xE4, 0x31,
+        0x41, 0xA8, 0xC3, 0xA3, 0xAD, 0xBD, 0xB6, 0x37,
+        0x92, 0x06, 0x95, 0x6B, 0x3D, 0xD8, 0xE5, 0x33,
+        0x71, 0xB6, 0x62, 0xB7, 0x67, 0x6C, 0x77, 0x84,
+        0x63, 0x2F, 0x41, 0x1D, 0xBA, 0x51, 0x27, 0xE1,
+        0x24, 0x5D, 0xC2, 0x38, 0x71, 0x65, 0x9E, 0x8E,
+        0xE4, 0xEB, 0xBB, 0x1D, 0x89, 0xEB, 0x18, 0xCA,
+        0x0C, 0xA6, 0x86, 0xA3, 0x4D, 0x7C, 0x7A, 0x02,
+        0xAC, 0xDD, 0x34, 0xCE, 0x05, 0x3B, 0x1B, 0x49,
+        0xF4, 0x6D, 0x12, 0x33, 0xBC, 0x52, 0x70, 0x59,
+        0xDF, 0xBC, 0x5D, 0x49, 0x42, 0x6A, 0xED, 0xC7,
+        0xF1, 0x8C, 0xF5, 0x6D, 0x1F, 0xBC, 0xE4, 0xBD,
+        0x45, 0x5D, 0x59, 0xF8, 0xCE, 0x9A, 0x39, 0xB5,
+        0x96, 0x32, 0xFD, 0x93, 0x65, 0x8E, 0x92, 0xF1,
+        0x8F, 0xB0, 0x99, 0xF3, 0x80, 0x0F, 0x66, 0x14,
+        0xFE, 0xEB, 0x23, 0x17, 0x2D, 0x4C, 0x8F, 0x41,
+        0x9A, 0x9B, 0xD1, 0x5B, 0x5B, 0xC0, 0x3D, 0xA6,
+        0x0E, 0xF3, 0xE0, 0xA1, 0x04, 0xDC, 0x24, 0x18,
+        0x9D, 0x90, 0xC6, 0x89, 0x5A, 0x7F, 0x10, 0x1E,
+        0x4B, 0x21, 0xEC, 0x91, 0xD8, 0x5D, 0x65, 0xDB,
+        0xCF, 0x90, 0x62, 0x85, 0xE9, 0x58, 0xA3, 0x47,
+        0x92, 0x1C, 0xD0, 0x0C, 0xA3, 0xF3, 0x3E, 0x36,
+        0xDB, 0x24, 0xA6, 0x98, 0xAB, 0xA7, 0x89, 0x2B,
+        0x71, 0x6C, 0x4D, 0x00, 0xB0, 0xD5, 0xA0, 0xCA,
+        0x1A, 0x76, 0x8E, 0x80, 0xB7, 0xAE, 0x83, 0x89,
+        0x50, 0xF8, 0xA7, 0x52, 0x8B, 0x94, 0xD2, 0x2B,
+        0x9F, 0x49, 0x92, 0x3D, 0x54, 0x0D, 0xB8, 0xD1,
+        0x19, 0x49, 0xAC, 0x91, 0xAF, 0xDB, 0xE9, 0x24,
+        0x4D, 0xD8, 0xE1, 0xD5, 0x16, 0x0E, 0xB1, 0x39,
+        0x40, 0x7D, 0x5F, 0xF5, 0x92, 0xB4, 0xAF, 0xC3,
+        0x76, 0x2B, 0xDB, 0x7D, 0x52, 0x97, 0x62, 0x9F,
+        0xCF, 0x32, 0x19, 0x5F, 0xE6, 0x32, 0xFB, 0x8E,
+        0x39, 0x24, 0xB4, 0xEB, 0xE9, 0x17, 0x9E, 0x47,
+        0x69, 0x4D, 0x92, 0x82, 0x96, 0x88, 0x38, 0x11,
+        0xCE, 0xD6, 0xBF, 0x18, 0xE3, 0x51, 0x40, 0x81,
+        0x11, 0xA0, 0x74, 0xDA, 0x0D, 0x5E, 0xEC, 0xD8,
+        0x5D, 0x33, 0x22, 0x1E, 0xB9, 0x5D, 0xBF, 0x79,
+        0xB0, 0xA1, 0xEF, 0xD1, 0x2D, 0xA0, 0x5F, 0xA1,
+        0xC7, 0x6E, 0xD5, 0x08, 0xB8, 0xD0, 0xC1, 0x95,
+        0x51, 0x9B, 0x07, 0xC3, 0x4A, 0x0A, 0xB5, 0xA1,
+        0x28, 0xFE, 0x95, 0x95, 0x0A, 0xCF, 0x83, 0xA8,
+        0xEB, 0x8F, 0xFB, 0x18, 0xD5, 0xBD, 0x69, 0x50,
+        0xF1, 0xDF, 0x06, 0xFA, 0x9A, 0x65, 0x47, 0xBB,
+        0x56, 0xE9, 0xCB, 0x8F, 0x69, 0x5F, 0xE0, 0xAD,
+        0x19, 0x3A, 0x70, 0xE5, 0x66, 0x42, 0xD7, 0x1C,
+        0x0C, 0xB4, 0x03, 0x89, 0x7D, 0x47, 0x4D, 0x29,
+        0x67, 0x8C, 0x41, 0x73, 0xAB, 0x7D, 0xFD, 0x69,
+        0x15, 0xAD, 0xE3, 0xB7, 0xF8, 0x98, 0x3B, 0xCA,
+        0x8F, 0x27, 0x37, 0x7B, 0x72, 0x2C, 0x5F, 0x23,
+        0x73, 0x15, 0xE2, 0xB6, 0xBD, 0xDE, 0x84, 0xF8,
+        0x7E, 0x22, 0xB9, 0xFD, 0xD3, 0x4D, 0x62, 0x80,
+        0xBA, 0xC5, 0x57, 0x29, 0x30, 0x1B, 0x06, 0x4D,
+        0x20, 0xB1, 0x53, 0x86, 0xCB, 0x6A, 0x4A, 0xE3,
+        0xC1, 0xA9, 0x88, 0xCF, 0xEB, 0x15, 0x2F, 0xA8,
+        0xA8, 0x6F, 0xFC, 0x2A, 0xA8, 0x0E, 0xD9, 0xFA,
+        0xEA, 0xD7, 0x3B, 0xCE, 0xF8, 0x5B, 0xD8, 0x92,
+        0x22, 0x6A, 0x1A, 0x8E, 0x5E, 0x91, 0x37, 0x2C,
+        0x21, 0x05, 0xC4, 0xAC, 0xF7, 0x62, 0x83, 0xBA,
+        0x55, 0xD5, 0x2C, 0xCE, 0xA1, 0x19, 0x93, 0x0E,
+        0xDE, 0xB6, 0xB8, 0x78, 0x0F, 0xBF, 0x4C, 0xA4,
+        0x66, 0xAD, 0x97, 0x2F, 0xEE, 0x34, 0xE9, 0xA2,
+        0xB6, 0x1D, 0x3C, 0x60, 0xFB, 0xB8, 0x7F, 0xF8,
+        0xFD, 0x34, 0x8C, 0xC5, 0xC7, 0x38, 0x72, 0x74,
+        0x19, 0xA9, 0xCF, 0x54, 0x49, 0x5B, 0xBA, 0x70,
+        0x12, 0xC1, 0x61, 0xDC, 0x32, 0x61, 0x49, 0x66,
+        0xF3, 0x57, 0xAA, 0x0F, 0xE6, 0x44, 0x9E, 0x8A,
+        0x19, 0x9C, 0x6B, 0x63, 0x2C, 0x14, 0x1E, 0xDD,
+        0x00, 0x27, 0xE3, 0x95, 0xE3, 0xE7, 0xD9, 0xFF,
+        0x30, 0x2D, 0x14, 0x19, 0x4F, 0x49, 0x20, 0x0B,
+        0x58, 0x2A, 0x23, 0x1C, 0xE2, 0xAD, 0x6B, 0x9C,
+        0x7B, 0xB6, 0x20, 0x63, 0x08, 0x24, 0x55, 0x04,
+        0x58, 0x1F, 0x0E, 0xBE, 0x2A, 0x6F, 0x79, 0x90,
+        0x9E, 0x15, 0x8F, 0x4B, 0xDB, 0xE2, 0xBE, 0xBC,
+        0x28, 0xB1, 0xC8, 0xFE, 0x00, 0x6D, 0x71, 0xCC,
+        0x91, 0x6A, 0xCC, 0xF8, 0x12, 0x8B, 0xEC, 0xF3,
+        0x46, 0x53, 0xB1, 0x7F, 0xB3, 0x79, 0xF0, 0xC7,
+        0xD7, 0xA5, 0xCF, 0x2C, 0xC3, 0x09, 0x66, 0x82,
+        0x53, 0x43, 0xFD, 0xAC, 0xDE, 0xD5, 0x85, 0xB3,
+        0x79, 0x74, 0x55, 0xE8, 0xF6, 0xE5, 0xFB, 0xF0,
+        0x63, 0x0C, 0x36, 0x63, 0x65, 0x10, 0x43, 0xC9,
+        0x60, 0x99, 0xD6, 0x0C, 0xB9, 0x66, 0x1C, 0xA9,
+        0x97, 0x4D, 0xDB, 0xA8, 0x13, 0x9E, 0xAE, 0xCA,
+        0x7A, 0x5F, 0xE3, 0x24, 0xA0, 0xEE, 0x8A, 0x9D,
+        0x7F, 0x03, 0x53, 0x21, 0x6B, 0xAF, 0x3D, 0xF9,
+        0x38, 0xF3, 0x7A, 0x1D, 0xDA, 0xE2, 0xEF, 0xBA,
+        0x86, 0x21, 0x85, 0x1F, 0x36, 0x08, 0x0B, 0xDA,
+        0x37, 0x5A, 0x0A, 0xD7, 0x55, 0x41, 0xD5, 0x84,
+        0x1B, 0x36, 0xA2, 0x50, 0x65, 0xD7, 0xF3, 0xA3,
+        0xEB, 0xE1, 0xDE, 0x0F, 0x85, 0xAA, 0xF6, 0x2F,
+        0xAB, 0xBB, 0xC8, 0xF1, 0x2A, 0xD1, 0x0A, 0x9B,
+        0xE4, 0x7B, 0xBC, 0x4D, 0x42, 0xD8, 0xA3, 0x4C,
+        0x07, 0x6A, 0x60, 0x3E, 0xE2, 0xDA, 0xE7, 0x00,
+        0xDF, 0x27, 0x94, 0xEF, 0x90, 0x99, 0x88, 0x2C,
+        0xCF, 0xAA, 0xE1, 0x71, 0x2D, 0xFD, 0x00, 0x9C,
+        0x55, 0xBF, 0xC4, 0x7A, 0x55, 0xE9, 0xE0, 0xB4,
+        0x7F, 0x3D, 0xE9, 0xB0, 0x01, 0xA7, 0x27, 0x23,
+        0x27, 0x58, 0x31, 0x0E, 0x8E, 0x80, 0xD8, 0xEB,
+        0x64, 0xA0, 0xC3, 0xC9, 0xEA, 0x69, 0x9C, 0x74,
+        0x5E, 0xAF, 0xD5, 0xEF, 0x5C, 0x4E, 0x40, 0x71,
+        0xD6, 0x57, 0x77, 0xE2, 0xAF, 0x0E, 0x1D, 0xB8,
+        0x5A, 0x91, 0x20, 0x4C, 0x33, 0x4D, 0xD8, 0x4F,
+        0x98, 0xE0, 0x86, 0x1D, 0x02, 0xA0, 0xDA, 0x06,
+        0x17, 0xC4, 0x5D, 0x2E, 0x49, 0x31, 0xE6, 0xE4,
+        0xDC, 0x18, 0x23, 0x26, 0xF3, 0x61, 0xF5, 0x8D,
+        0x26, 0x2C, 0x18, 0x4C, 0xDF, 0x71, 0x90, 0x24,
+        0x96, 0xD3, 0xD4, 0x1A, 0x6F, 0x08, 0xAB, 0x29,
+        0x7D, 0xFF, 0x4E, 0x27, 0x6D, 0x39, 0x83, 0x17,
+        0x90, 0xA4, 0x07, 0x8A, 0xDE, 0x79, 0x53, 0xF6,
+        0x99, 0x2E, 0xA6, 0x39, 0x47, 0xC3, 0xBE, 0x12,
+        0xC7, 0xA5, 0x7E, 0xA2, 0x19, 0x57, 0x04, 0x45,
+        0xBE, 0x44, 0x62, 0x92, 0xCA, 0x56, 0xE1, 0xF0,
+        0x45, 0x3B, 0xA4, 0xF8, 0xF5, 0xCD, 0xC7, 0xD2,
+        0xB2, 0x46, 0x57, 0x51, 0x0B, 0x06, 0xDA, 0x54,
+        0x03, 0x9E, 0x52, 0xA2, 0x78, 0x69, 0x25, 0x2E,
+        0x75, 0x83, 0x25, 0x3F, 0xA3, 0x62, 0x27, 0xB9,
+        0xA6, 0x59, 0x7A, 0xB1, 0xB6, 0xE9, 0xC1, 0xDD,
+        0x2F, 0x22, 0x2D, 0x3B, 0xA3, 0x22, 0xD6, 0x11,
+        0x7B, 0x08, 0x27, 0x92, 0x83, 0x7A, 0x5D, 0x0D,
+        0x6B, 0x9D, 0x5B, 0xEB, 0xE9, 0xC0, 0x88, 0xDE,
+        0x44, 0x55, 0xBA, 0x69, 0xC1, 0x7A, 0x4D, 0xE6,
+        0x35, 0x67, 0x6F, 0x99, 0x9B, 0x07, 0xD8, 0x04,
+        0xAA, 0xEA, 0x7D, 0xFF, 0x8E, 0xB8, 0xAA, 0x4C,
+        0x79, 0xE2, 0x88, 0xA8, 0x1D, 0xE8, 0xA6, 0x77,
+        0xCA, 0x06, 0xC0, 0xDF, 0x0E, 0x2B, 0xCB, 0xFF,
+        0x9F, 0x64, 0x67, 0x11, 0xF1, 0xB9, 0x38, 0x83,
+        0x19, 0x05, 0x30, 0x9B, 0x01, 0x11, 0x55, 0x03,
+        0xAD, 0x44, 0x7D, 0x3C, 0x07, 0xEF, 0x88, 0x19,
+        0x92, 0xC0, 0xFE, 0xE1, 0xAB, 0xDB, 0x24, 0x18,
+        0x17, 0xD0, 0x03, 0x5C, 0x91, 0xD4, 0xA6, 0x2A,
+        0xF1, 0xE9, 0x72, 0x62, 0x58, 0x22, 0x7D, 0x55,
+        0x15, 0xE2, 0xA1, 0x70, 0x14, 0x5E, 0x34, 0xB9,
+        0x5A, 0xB7, 0x5D, 0x3F, 0xB8, 0xB5, 0x45, 0x44,
+        0xD2, 0x50, 0xD1, 0xC6, 0x7E, 0xE7, 0x3D, 0xF4,
+        0xD3, 0xEC, 0xFB, 0x97, 0x32, 0x11, 0x72, 0x51,
+        0xB7, 0x4A, 0xC8, 0x38, 0x96, 0xFC, 0x6F, 0x69,
+        0xC2, 0xD5, 0xD3, 0x28, 0xE9, 0x63, 0x14, 0x14,
+        0xFE, 0xB1, 0xA4, 0x02, 0x80, 0x65, 0x73, 0xD3,
+        0x57, 0x07, 0x95, 0x21, 0x40, 0x00, 0x77, 0xA7,
+        0x6D, 0x44, 0x2B, 0x0D, 0x77, 0x07, 0x92, 0x64,
+        0xD4, 0x3A, 0xE2, 0x7F, 0xF2, 0x1C, 0x14, 0x08,
+        0x60, 0x74, 0x8F, 0xFC, 0x0B, 0xE8, 0xEC, 0xA9,
+        0xB7, 0x97, 0xA7, 0x85, 0x8A, 0xEF, 0xD7, 0x7E,
+        0xD5, 0x15, 0xF7, 0x45, 0x8D, 0x9C, 0xBF, 0x23,
+        0xEB, 0x8C, 0x4D, 0xD2, 0x28, 0x7E, 0x0A, 0x61,
+        0x2E, 0xBA, 0xBE, 0x89, 0x1D, 0x64, 0x45, 0x22,
+        0x70, 0x9D, 0x48, 0xEB, 0x2F, 0x96, 0xF1, 0xA7,
+        0xDE, 0xD3, 0x28, 0x4C, 0xC9, 0xFB, 0xF2, 0x9C,
+        0x5B, 0xFC, 0xBE, 0xBE, 0xF4, 0x38, 0xC9, 0x43,
+        0xC3, 0x66, 0x53, 0xA9, 0x06, 0xE5, 0x71, 0x16,
+        0xA4, 0xBB, 0x3B, 0x50, 0x53, 0xCF, 0xF4, 0x1F,
+        0xD6, 0x00, 0x07, 0x46, 0xFB, 0x97, 0x0B, 0xF9,
+        0x3D, 0xF4, 0xC6, 0x60, 0xD0, 0x37, 0x70, 0xC0,
+        0x2D, 0xD1, 0x9F, 0xA5, 0x78, 0xF3, 0x1F, 0x03,
+        0x81, 0xB1, 0x93, 0xBA, 0xE5, 0x82, 0xE6, 0xD1,
+        0x66, 0x93, 0x83, 0x5B, 0xB9, 0xAD, 0xD9, 0x01,
+        0xA5, 0xB6, 0x5C, 0x69, 0x82, 0xD7, 0x2F, 0x35,
+        0x35, 0x98, 0xEE, 0xE9, 0xA0, 0x74, 0xC1, 0x91,
+        0x44, 0x0A, 0x04, 0xCD, 0x97, 0xBE, 0x6B, 0x60,
+        0x90, 0x9A, 0x48, 0x7B, 0x83, 0xA2, 0x28, 0x97,
+        0xB5, 0xBA, 0xB1, 0x4D, 0x35, 0x8B, 0x34, 0x0A,
+        0xA1, 0xCB, 0xA5, 0xC2, 0xA4, 0x6A, 0x36, 0xB3,
+        0x12, 0x46, 0x59, 0xDB, 0x63, 0xE5, 0xF9, 0xF1,
+        0x7F, 0xAD, 0x42, 0xF4, 0x24, 0xF0, 0x02, 0x3D,
+        0x1E, 0x6C, 0xD5, 0xB3, 0x06, 0x8F, 0x1F, 0x59,
+        0x79, 0xCC, 0xF9, 0x5B, 0x4F, 0x8B, 0xD6, 0x03,
+        0xC7, 0x53, 0xE6, 0xCE, 0xBB, 0xD8, 0x52, 0x89,
+        0x70, 0x5D, 0x98, 0x86, 0xA5, 0x9E, 0x44, 0xA9,
+        0xC8, 0x17, 0xA2, 0x6F, 0x43, 0x2D, 0x8D, 0xA7,
+        0xDE, 0x3E, 0xFA, 0xE7, 0x98, 0x7B, 0xB5, 0xBE,
+        0x7B, 0x10, 0xB8, 0xB8, 0xA5, 0x3D, 0x3E, 0xCD,
+        0x94, 0x19, 0x5E, 0x06, 0x51, 0xB8, 0x58, 0x1E,
+        0x0E, 0xCF, 0xFE, 0xE5, 0xED, 0x84, 0xB5, 0xF5,
+        0x0F, 0x34, 0x32, 0xAC, 0x0A, 0x7F, 0x03, 0xF0,
+        0xF8, 0xFC, 0x69, 0xA0, 0x26, 0x0D, 0x2E, 0xFA,
+        0x62, 0x49, 0x5C, 0xC4, 0xE5, 0xF6, 0x8B, 0xC5,
+        0x26, 0x21, 0x23, 0x3B, 0xBD, 0x9A, 0x23, 0x95,
+        0x69, 0xA7, 0x48, 0x94, 0x30, 0x1E, 0xC3, 0x82,
+        0xB6, 0x75, 0x30, 0xA6, 0xF3, 0x1E, 0xBB, 0xBC,
+        0xF7, 0x21, 0x27, 0x12, 0x2C, 0x51, 0x50, 0x55,
+        0x87, 0x0D, 0xF1, 0xCC, 0x6C, 0xFF, 0xEA, 0x7E,
+        0x2C, 0xDA, 0x8B, 0x9B, 0x20, 0xF4, 0x75, 0xFB,
+        0xC2, 0x3F, 0xBE, 0x09, 0xA6, 0xC9, 0x26, 0xE7,
+        0xB5, 0xC7, 0xE6, 0xB9, 0x35, 0x8C, 0xAF, 0xFA,
+        0xC0, 0x8D, 0x43, 0x33, 0x25, 0xBA, 0xAA, 0xDC,
+        0xCF, 0xBC, 0xE4, 0xC4, 0xC6, 0x26, 0x4A, 0x0D,
+        0x9D, 0xCC, 0x2A, 0xE0, 0x5B, 0x1E, 0xC9, 0x78,
+        0xF8, 0xA2, 0xB5, 0x46, 0xE5, 0x49, 0xB8, 0x4C,
+        0xC2, 0x22, 0x40, 0xCE, 0x97, 0x9A, 0x95, 0x40,
+        0xF7, 0xD6, 0x52, 0x54, 0x3B, 0xBB, 0x42, 0xC5,
+        0x6F, 0x00, 0x7F, 0x83, 0xDD, 0x88, 0x71, 0xF7,
+        0xD4, 0x1B, 0x3D, 0x81, 0xC4, 0xB1, 0x49, 0x9B,
+        0xF3, 0x68, 0x15, 0xC5, 0x15, 0x97, 0x0F, 0xC5,
+        0x43, 0xDD, 0x07, 0xBE, 0x98, 0x43, 0x2C, 0xB3,
+        0xEF, 0x08, 0xCA, 0xDC, 0x9C, 0x27, 0x58, 0xFE,
+        0x49, 0xE9, 0x77, 0xD9, 0x1C, 0x62, 0xA4, 0xA2,
+        0xF9, 0x78, 0xCC, 0xB3, 0x21, 0x06, 0x10, 0xDE,
+        0x5A, 0x52, 0xA3, 0x67, 0xBD, 0x5E, 0xBC, 0x9B,
+        0x4E, 0x40, 0x87, 0x93, 0xCF, 0x0E, 0x27, 0x0E,
+        0xE3, 0x11, 0x4B, 0xB3, 0xE0, 0xCE, 0x24, 0xB6,
+        0x0A, 0x53, 0x03, 0xF8, 0x01, 0x6A, 0x7E, 0xFE,
+        0xC8, 0x66, 0x9F, 0x29, 0xF3, 0x45, 0x94, 0xD6,
+        0x0E, 0x30, 0xB5, 0x61, 0xA9, 0xEC, 0x8F, 0x71,
+        0xF7, 0x36, 0xD6, 0x43, 0x4B, 0x0C, 0xCD, 0x45,
+        0xBB, 0xA4, 0xBD, 0xE9, 0xA9, 0xC3, 0xC1, 0x95,
+        0x1E, 0xF9, 0x42, 0x07, 0x18, 0xEA, 0xF5, 0x0B,
+        0x27, 0xB6, 0xDE, 0xEF, 0x67, 0x33, 0x83, 0x0D,
+        0xD9, 0x5E, 0x3A, 0x93, 0xD2, 0xD0, 0xDB, 0xB9,
+        0x98, 0xF0, 0x25, 0x21, 0xF3, 0xDF, 0x0B, 0x1E
+    };
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte seed_65_draft[] = {
+        0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F,
+        0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7,
+        0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE,
+        0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B
+    };
+    static const byte pk_65_draft[] = {
+        0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
+        0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
+        0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
+        0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41,
+        0x39, 0x5D, 0xF9, 0x20, 0x6C, 0x36, 0x0D, 0x4F,
+        0x83, 0x43, 0xBE, 0x86, 0xEF, 0x6C, 0x43, 0xD0,
+        0x3E, 0xD0, 0x63, 0x0A, 0x5B, 0x92, 0x8D, 0x31,
+        0x19, 0x1D, 0xA9, 0x51, 0x61, 0x48, 0xE6, 0x26,
+        0x50, 0x07, 0x54, 0x9B, 0xB0, 0xB7, 0x62, 0x54,
+        0xDB, 0x80, 0x4E, 0x48, 0x7F, 0x48, 0xC5, 0x11,
+        0x91, 0xFC, 0xA9, 0x26, 0x25, 0x08, 0xA5, 0x99,
+        0xA0, 0x3C, 0xB9, 0x0C, 0xCF, 0x6C, 0xCD, 0x83,
+        0x9A, 0x38, 0x6D, 0x22, 0xDE, 0x0A, 0xC3, 0x8F,
+        0xF7, 0xD0, 0x57, 0x40, 0x53, 0xE9, 0xE9, 0x4E,
+        0x73, 0xFA, 0x58, 0x40, 0x9F, 0x6D, 0x8A, 0xD3,
+        0x6F, 0x86, 0x84, 0x4D, 0x18, 0xD7, 0x4C, 0x76,
+        0x39, 0x57, 0x9E, 0xC0, 0xC7, 0xE4, 0xEE, 0x54,
+        0xF4, 0xAD, 0x10, 0xC5, 0x69, 0x59, 0xE0, 0xBC,
+        0x9B, 0xF4, 0x20, 0x8F, 0xBA, 0x0A, 0x94, 0x10,
+        0x55, 0x07, 0x7E, 0xD1, 0xF9, 0x20, 0xCC, 0x2F,
+        0xA9, 0xAE, 0x9D, 0xF5, 0xE4, 0x29, 0x40, 0x7E,
+        0x44, 0xA4, 0xDF, 0xB2, 0xE9, 0x25, 0xE0, 0xBA,
+        0x8D, 0x6C, 0x33, 0x88, 0x9C, 0xEE, 0x27, 0xDB,
+        0xC7, 0x0A, 0x6E, 0x5A, 0x08, 0x92, 0x9B, 0x53,
+        0xF8, 0xFD, 0xF9, 0x5B, 0xEB, 0x03, 0x8E, 0x45,
+        0xCB, 0x91, 0x19, 0x4E, 0x6B, 0x1E, 0xA0, 0xA4,
+        0xF0, 0x43, 0xC9, 0x8F, 0xDF, 0x93, 0x5E, 0x86,
+        0xB0, 0x09, 0xD3, 0x47, 0x38, 0x7C, 0x8E, 0x78,
+        0x85, 0x71, 0x3D, 0x07, 0x2E, 0x2E, 0x12, 0x6F,
+        0x06, 0x97, 0x0E, 0x54, 0xAD, 0x71, 0x09, 0xEF,
+        0xA5, 0x55, 0x0A, 0x39, 0x86, 0xE6, 0x17, 0x17,
+        0x70, 0x9A, 0xA7, 0xA7, 0x1B, 0xCE, 0x78, 0x06,
+        0x2C, 0x61, 0x1A, 0xB9, 0x48, 0x22, 0x41, 0x45,
+        0x15, 0xEB, 0x10, 0x3C, 0x6E, 0x24, 0x37, 0xA4,
+        0xB5, 0xE8, 0x82, 0x4D, 0x6D, 0xCC, 0x44, 0xC6,
+        0xB0, 0x5D, 0xBE, 0x46, 0xDA, 0x5F, 0x00, 0x36,
+        0x5B, 0xBD, 0x87, 0x65, 0x3A, 0x96, 0x21, 0x58,
+        0x45, 0x65, 0xDB, 0xD8, 0x77, 0x76, 0x7B, 0x25,
+        0xC3, 0x78, 0x6E, 0xD9, 0x14, 0xA7, 0x19, 0x69,
+        0x4F, 0xBB, 0x1B, 0xDB, 0x37, 0xCE, 0xAF, 0x8C,
+        0x88, 0x2E, 0x9E, 0x30, 0xF6, 0xAE, 0x43, 0xCC,
+        0x59, 0x0F, 0x67, 0x8A, 0xCB, 0x4F, 0x08, 0x20,
+        0x6D, 0x99, 0xD7, 0xA9, 0xDE, 0xE5, 0xE5, 0xB3,
+        0xFF, 0xAA, 0x45, 0x3C, 0xF1, 0xE3, 0x02, 0x7D,
+        0x2F, 0xEE, 0x69, 0x04, 0x81, 0x73, 0x01, 0x37,
+        0x51, 0x68, 0xC8, 0x0B, 0x51, 0xFD, 0x05, 0xB4,
+        0x05, 0xBB, 0xA1, 0xDB, 0x1D, 0xF6, 0x5F, 0x70,
+        0xD3, 0x0A, 0x37, 0x4B, 0x9C, 0xC4, 0x45, 0x30,
+        0x11, 0x36, 0xE2, 0x48, 0x9F, 0xC4, 0x2E, 0x4E,
+        0x0C, 0x0C, 0xA1, 0x04, 0x41, 0x75, 0x95, 0xAA,
+        0xED, 0xAC, 0xD4, 0xB2, 0xE7, 0x85, 0x7E, 0xE1,
+        0xA6, 0xFE, 0x2A, 0x09, 0x19, 0x09, 0x3D, 0x7C,
+        0x20, 0x1E, 0x98, 0x3D, 0x6E, 0x02, 0xC1, 0xCA,
+        0xBB, 0x24, 0x82, 0x9F, 0x45, 0x1D, 0x26, 0x99,
+        0xAE, 0x02, 0x82, 0xF9, 0x86, 0x3B, 0x67, 0x8C,
+        0xBD, 0xFE, 0xF1, 0xD0, 0xB6, 0xB8, 0xAB, 0x00,
+        0x0F, 0xEC, 0x30, 0xDC, 0x27, 0x58, 0xE2, 0x29,
+        0x18, 0x05, 0x5A, 0x66, 0xA5, 0x88, 0x39, 0x8E,
+        0x49, 0x5B, 0xB9, 0x52, 0x43, 0x84, 0xDC, 0xA9,
+        0x50, 0x2B, 0x83, 0x3C, 0x84, 0x81, 0x37, 0x52,
+        0x30, 0x79, 0xBD, 0x04, 0xB8, 0xDD, 0x47, 0xC1,
+        0x02, 0x2E, 0xEC, 0x24, 0xD0, 0x56, 0x23, 0xE1,
+        0x92, 0xD0, 0x65, 0x7F, 0xC7, 0xC2, 0xF7, 0x60,
+        0x73, 0xB8, 0xAF, 0x0A, 0xF4, 0xEF, 0xFC, 0x1B,
+        0xC2, 0xB9, 0x76, 0x87, 0x8A, 0xA6, 0xC2, 0x3F,
+        0xD3, 0x9F, 0x1F, 0x2D, 0x94, 0xBC, 0x89, 0x4E,
+        0x31, 0x8D, 0x28, 0xD0, 0x90, 0xB5, 0x5B, 0x60,
+        0x30, 0xC6, 0x0B, 0x37, 0x63, 0x5D, 0xDC, 0xC6,
+        0xE0, 0x1A, 0xBA, 0x6B, 0x23, 0xCD, 0x2E, 0x09,
+        0x2D, 0x6A, 0x7E, 0x0C, 0xD9, 0x4F, 0xB1, 0xE2,
+        0x89, 0x67, 0xE7, 0xB1, 0x54, 0x08, 0xB2, 0xFA,
+        0x83, 0x43, 0x7C, 0x77, 0x06, 0xED, 0xE2, 0x29,
+        0x53, 0xB7, 0x09, 0xC4, 0x1B, 0x81, 0x55, 0x12,
+        0x41, 0x8E, 0x8B, 0x03, 0x36, 0xEE, 0x45, 0x70,
+        0x57, 0xA8, 0x73, 0xEF, 0x70, 0x7B, 0x1F, 0x63,
+        0xB0, 0xE8, 0x00, 0xBD, 0x1E, 0xE6, 0xA9, 0x93,
+        0x9D, 0x03, 0x19, 0x22, 0xDF, 0xE1, 0x01, 0xF2,
+        0xA9, 0x6B, 0x90, 0x5C, 0xD2, 0xC1, 0xAC, 0x9F,
+        0xB2, 0x21, 0x1C, 0x2D, 0xC6, 0x80, 0x9A, 0xB5,
+        0x1E, 0x46, 0x95, 0x6C, 0xCE, 0x47, 0x3E, 0x67,
+        0xCD, 0xD6, 0xC9, 0xB9, 0x81, 0x74, 0x7F, 0x17,
+        0xA3, 0xF7, 0x48, 0x99, 0xF3, 0x36, 0x84, 0xF3,
+        0x16, 0x41, 0x55, 0x5F, 0xA7, 0xBF, 0x4B, 0x69,
+        0x8D, 0xA3, 0x3D, 0x1E, 0xEA, 0xF5, 0x1E, 0xC6,
+        0xB8, 0x1C, 0xD6, 0x89, 0x45, 0x68, 0xFA, 0xE7,
+        0xCA, 0x86, 0xE4, 0xB1, 0xC9, 0x9C, 0xB2, 0xAB,
+        0x89, 0x03, 0xE7, 0x19, 0x7B, 0xA9, 0xF2, 0x6B,
+        0x4A, 0x43, 0x1D, 0x90, 0xAF, 0xA4, 0xE3, 0xBC,
+        0xEF, 0xD4, 0x37, 0xC5, 0x55, 0x5C, 0x9E, 0x14,
+        0xC6, 0x18, 0xDD, 0x45, 0x3F, 0x80, 0x49, 0x1C,
+        0x93, 0xFF, 0xBD, 0xDD, 0x75, 0x54, 0x0B, 0xD1,
+        0xA9, 0xF6, 0xBC, 0x89, 0x98, 0x7D, 0x6F, 0x03,
+        0x7B, 0x06, 0xD5, 0x40, 0x7D, 0x85, 0x48, 0x2E,
+        0x11, 0x3E, 0xF0, 0x47, 0x77, 0xD0, 0xBA, 0x03,
+        0x33, 0x58, 0xC4, 0x8F, 0x76, 0xF8, 0x72, 0x47,
+        0x04, 0x21, 0x5E, 0x85, 0x5A, 0x0F, 0x35, 0x77,
+        0xFB, 0x96, 0x29, 0x81, 0x2D, 0x55, 0x6E, 0x53,
+        0xC6, 0x13, 0x1E, 0xFA, 0x4D, 0xCE, 0xA9, 0x36,
+        0x1D, 0x8F, 0xAB, 0xAC, 0x13, 0x19, 0x94, 0xFC,
+        0x4B, 0xCD, 0x36, 0x4C, 0x6E, 0x21, 0xAE, 0xF1,
+        0x13, 0xA4, 0xF7, 0x64, 0x8E, 0xE1, 0xAF, 0x50,
+        0x6A, 0x63, 0x0E, 0xCA, 0x2F, 0xE9, 0x0C, 0x8A,
+        0xE7, 0xF2, 0xE3, 0x68, 0x03, 0xE0, 0x40, 0x1C,
+        0x64, 0xAB, 0xC3, 0xEC, 0xC0, 0x92, 0xE9, 0x57,
+        0x3E, 0x66, 0x72, 0x36, 0x39, 0x22, 0x4E, 0xCD,
+        0x13, 0x08, 0xBA, 0xF8, 0x2B, 0xA1, 0xF2, 0x69,
+        0x44, 0x7E, 0x90, 0x5C, 0xC8, 0xEC, 0xB6, 0xBE,
+        0x8C, 0x30, 0xE0, 0x69, 0xB7, 0x97, 0xA1, 0x1C,
+        0x18, 0xE5, 0x54, 0x62, 0xC3, 0x29, 0x99, 0x21,
+        0x16, 0xD9, 0x78, 0x1C, 0x4C, 0x9C, 0x88, 0x4C,
+        0xA5, 0xE1, 0x11, 0x66, 0x5B, 0x6E, 0x71, 0xE7,
+        0xE2, 0xE7, 0xE4, 0x02, 0xDD, 0x1A, 0x8D, 0x0C,
+        0xF5, 0x32, 0xFD, 0x41, 0x28, 0x35, 0x75, 0xD0,
+        0x0C, 0x5F, 0x06, 0x6A, 0x5A, 0x61, 0x49, 0x59,
+        0xC1, 0x0C, 0xD4, 0x9E, 0xD6, 0x29, 0xE2, 0x37,
+        0xDF, 0x2B, 0x3D, 0xE8, 0x98, 0xB9, 0xDF, 0x8E,
+        0xA0, 0xC4, 0xE2, 0xFC, 0x45, 0x70, 0xE8, 0x1B,
+        0xF4, 0xFA, 0xC5, 0xE6, 0xA7, 0xCF, 0x4F, 0xA2,
+        0xDA, 0x3D, 0x90, 0x49, 0x24, 0x8F, 0x61, 0x54,
+        0xD5, 0x50, 0x8E, 0xE8, 0x0C, 0x14, 0xAD, 0x6F,
+        0x65, 0x88, 0x3A, 0xF6, 0x92, 0xDB, 0x35, 0x5D,
+        0xFF, 0x21, 0x20, 0xAC, 0x01, 0x16, 0x0B, 0xEC,
+        0x84, 0x15, 0x3B, 0xA9, 0x93, 0x92, 0x75, 0xB3,
+        0x73, 0xF1, 0x23, 0x69, 0x94, 0x10, 0xF5, 0xFE,
+        0x20, 0xA8, 0xAF, 0x05, 0x87, 0x49, 0x4E, 0x9C,
+        0xEB, 0x21, 0x0A, 0xCF, 0x0B, 0xA1, 0x65, 0x38,
+        0xA6, 0x18, 0x4D, 0xF7, 0xD8, 0xC1, 0x2C, 0x14,
+        0x4C, 0xD9, 0x40, 0xC2, 0xF7, 0xBF, 0xE3, 0x07,
+        0x79, 0x55, 0xAE, 0xB9, 0xB6, 0x50, 0x06, 0x92,
+        0x94, 0x8C, 0x6A, 0x0E, 0x22, 0x14, 0xE2, 0xCC,
+        0x65, 0xBA, 0x0C, 0x4D, 0xB6, 0x5C, 0x4A, 0xE9,
+        0x0A, 0x08, 0x0C, 0xF9, 0x26, 0xA2, 0x51, 0x85,
+        0x36, 0xE2, 0xC1, 0xF1, 0x0A, 0x66, 0x51, 0x66,
+        0x7A, 0x98, 0x9B, 0x2C, 0x30, 0x1A, 0x0D, 0x49,
+        0x3C, 0x1E, 0xEC, 0x63, 0x53, 0x5E, 0xD9, 0xDD,
+        0x84, 0x69, 0xCD, 0x7E, 0x79, 0x58, 0x3D, 0x6E,
+        0xD9, 0x98, 0x58, 0xD8, 0x0A, 0x48, 0xB5, 0x13,
+        0x3F, 0x72, 0x4C, 0x11, 0x90, 0x15, 0x12, 0x74,
+        0xFF, 0x5C, 0x0D, 0xC6, 0x20, 0x8C, 0xC1, 0x99,
+        0xCA, 0x8E, 0xFC, 0xA2, 0xE8, 0xB8, 0xEE, 0xAA,
+        0x27, 0xC2, 0x97, 0x8D, 0xFA, 0xBE, 0xE0, 0x43,
+        0x99, 0xB6, 0x90, 0x60, 0x00, 0x7C, 0x33, 0xD4,
+        0x87, 0x71, 0x7B, 0x56, 0x6C, 0xAA, 0xE0, 0xAC,
+        0x9D, 0x7E, 0x7E, 0xA3, 0xCF, 0xBB, 0xB3, 0xA0,
+        0x5F, 0xD4, 0xC4, 0x3A, 0xA7, 0xB9, 0x0C, 0xCE,
+        0xF3, 0x05, 0x09, 0x91, 0xA7, 0xE9, 0x11, 0x55,
+        0x32, 0x45, 0xA6, 0x08, 0x0E, 0x10, 0x37, 0x91,
+        0xF3, 0xBF, 0xED, 0x64, 0x26, 0xEB, 0x39, 0xC2,
+        0x57, 0xAE, 0x64, 0x79, 0x33, 0x7C, 0x51, 0xB2,
+        0xC8, 0x85, 0xE0, 0xF9, 0x6D, 0x10, 0x52, 0x9F,
+        0x72, 0xF4, 0xD1, 0x5B, 0x54, 0x5B, 0x93, 0x28,
+        0x36, 0xA8, 0xCD, 0xB3, 0x30, 0x5B, 0x7A, 0xB0,
+        0xB6, 0xF0, 0xD8, 0xA0, 0xBA, 0x24, 0x59, 0x5F,
+        0x43, 0x02, 0x01, 0x57, 0x91, 0x7B, 0x94, 0x07,
+        0x63, 0x23, 0x12, 0x94, 0xFB, 0x9F, 0xF2, 0xC1,
+        0xD6, 0x80, 0x8F, 0x4E, 0xA7, 0x9E, 0x11, 0xD8,
+        0xB3, 0x08, 0xB6, 0x3B, 0x3B, 0xF2, 0xEE, 0x14,
+        0xA5, 0xDB, 0xB0, 0xBB, 0x17, 0xA5, 0x96, 0x3C,
+        0x2F, 0xB9, 0xE7, 0x4A, 0xD7, 0x52, 0x34, 0x98,
+        0xCB, 0x0C, 0xEB, 0x42, 0x5B, 0x2D, 0x2D, 0x2B,
+        0x0D, 0x94, 0x66, 0xD3, 0xAD, 0x08, 0x0A, 0x28,
+        0xF6, 0x0E, 0xDA, 0xD4, 0x54, 0xFD, 0xC6, 0x48,
+        0x08, 0xA1, 0x8D, 0xB0, 0x30, 0xFD, 0x18, 0xB1,
+        0x50, 0xB1, 0xFD, 0xE0, 0x6E, 0x33, 0x25, 0x0D,
+        0x90, 0xB1, 0xC1, 0xE7, 0x88, 0x74, 0x87, 0x05,
+        0xE7, 0xBE, 0xBD, 0xAA, 0x8C, 0x6D, 0xC2, 0x3D,
+        0x6F, 0x95, 0x84, 0xFA, 0x03, 0x74, 0x85, 0xE1,
+        0xED, 0xE5, 0xF4, 0xE8, 0x26, 0x4A, 0x0B, 0x20,
+        0x87, 0xB6, 0xE1, 0x10, 0x75, 0x6D, 0x9F, 0x95,
+        0x39, 0x4C, 0x0F, 0x50, 0x1B, 0xA8, 0x69, 0x82,
+        0xBB, 0xE2, 0xD6, 0x11, 0xD7, 0xBE, 0xFB, 0x4F,
+        0x60, 0xD3, 0x16, 0xC6, 0x04, 0x3A, 0x5A, 0xF5,
+        0x78, 0x9B, 0x0B, 0x21, 0xA1, 0x00, 0x96, 0xCD,
+        0x63, 0x78, 0x1D, 0x2D, 0x4F, 0x6E, 0x50, 0xEE,
+        0x62, 0x2D, 0x88, 0x62, 0x01, 0xF6, 0xB4, 0x17,
+        0x4F, 0x8C, 0xAD, 0xCB, 0x4B, 0xF9, 0xF6, 0x9D,
+        0xC7, 0xD8, 0xCC, 0xBF, 0x96, 0x1B, 0x1B, 0x79,
+        0xF3, 0x25, 0x85, 0x23, 0x10, 0x63, 0x30, 0x8D,
+        0xA8, 0x3A, 0x4B, 0x92, 0x1B, 0x88, 0x53, 0x24,
+        0x2D, 0x29, 0xA5, 0x2E, 0x7A, 0xD5, 0x58, 0xEB,
+        0x1B, 0x1C, 0xE6, 0xB8, 0x94, 0x0C, 0x58, 0x96,
+        0x5B, 0xA0, 0x2C, 0xBF, 0xE2, 0x99, 0xA0, 0x1F,
+        0x0C, 0xCC, 0xBD, 0x83, 0x72, 0x56, 0xBB, 0x13,
+        0x61, 0x5A, 0xC2, 0x04, 0x27, 0x29, 0x1F, 0xD4,
+        0xE4, 0x3D, 0x8A, 0x87, 0xE3, 0x81, 0x91, 0x07,
+        0xD3, 0x9B, 0xBC, 0xA9, 0xB3, 0xBA, 0xF5, 0x8B,
+        0x6A, 0xAD, 0xDE, 0xB0, 0x54, 0x3E, 0xFE, 0xCC,
+        0xD3, 0xCB, 0x2C, 0x69, 0xF0, 0x58, 0xD7, 0xEF,
+        0xA9, 0xC0, 0x15, 0x9B, 0x5A, 0xDF, 0x71, 0x25,
+        0x38, 0x44, 0xEC, 0xA9, 0x18, 0x47, 0x41, 0xCE,
+        0x3D, 0x53, 0x10, 0x12, 0xC3, 0x1B, 0x59, 0x9A,
+        0x93, 0xA1, 0xEA, 0xBE, 0x3E, 0xBA, 0x74, 0xF6,
+        0x2D, 0x40, 0x9D, 0xCB, 0x9E, 0xA1, 0xA5, 0x85,
+        0xFF, 0xDC, 0xC5, 0x60, 0x6F, 0x61, 0xE8, 0x17,
+        0x6C, 0x36, 0x9F, 0x7A, 0x48, 0x47, 0xDD, 0xF1,
+        0xF4, 0x43, 0x21, 0xCB, 0xB3, 0x55, 0x86, 0xD0,
+        0xE9, 0x46, 0x7D, 0xB5, 0x3D, 0x90, 0x34, 0x1E,
+        0xBB, 0x40, 0xD3, 0x2A, 0xEB, 0xE6, 0x4C, 0x46,
+        0x42, 0xA2, 0x8A, 0xBF, 0x90, 0xE7, 0x4B, 0x6D,
+        0x5C, 0x94, 0x97, 0xD2, 0xF0, 0x97, 0x74, 0x4C,
+        0x76, 0x03, 0xAC, 0x3D, 0xDE, 0x15, 0x96, 0x0C,
+        0xEF, 0x18, 0x9D, 0xBD, 0x1A, 0x20, 0x35, 0x7E,
+        0x2A, 0x70, 0x9D, 0xEA, 0x2E, 0x11, 0xDF, 0xF3,
+        0x2F, 0xFE, 0x23, 0xA9, 0xB6, 0xCF, 0xB7, 0xB9,
+        0x3F, 0x4F, 0x30, 0x6B, 0x3B, 0x0D, 0x3B, 0xED,
+        0xCD, 0x77, 0xD4, 0xBF, 0xEE, 0xDD, 0xB6, 0x56,
+        0x24, 0xD4, 0x29, 0x83, 0xDE, 0xDB, 0xC1, 0xFB,
+        0x6A, 0xCE, 0x7F, 0x47, 0xD2, 0xC5, 0xF1, 0x78,
+        0x5C, 0x2C, 0x5A, 0x28, 0x3E, 0x05, 0x50, 0x2E,
+        0xD9, 0xAE, 0x9B, 0x95, 0x64, 0xC7, 0xD2, 0x7B,
+        0xCB, 0xC5, 0x91, 0x80, 0xEB, 0x79, 0xC7, 0xCC,
+        0xA8, 0x06, 0xC8, 0xF9, 0xDF, 0x2A, 0x49, 0x4A,
+        0xF8, 0xFE, 0xBA, 0xA5, 0x85, 0x67, 0x1B, 0xDA,
+        0x51, 0x3B, 0xC2, 0x04, 0xA6, 0xA3, 0xFF, 0x99,
+        0x21, 0xE8, 0x17, 0x91, 0x33, 0x9B, 0x83, 0x75,
+        0x20, 0x5E, 0x95, 0xBE, 0x49, 0xDF, 0x53, 0xFC,
+        0x05, 0xA2, 0x3C, 0xAA, 0x5A, 0x22, 0x15, 0xA5,
+        0x56, 0xE0, 0x51, 0x30, 0x4E, 0x32, 0x14, 0xF2,
+        0x9F, 0x03, 0x51, 0x8E, 0xDD, 0x8B, 0x39, 0x19,
+        0x1E, 0x39, 0xC5, 0xA7, 0x1C, 0xC6, 0xA4, 0xE1,
+        0x77, 0xCA, 0x8C, 0x9D, 0x27, 0xBC, 0xCC, 0x16,
+        0xD6, 0xFC, 0x59, 0x10, 0x23, 0xFF, 0x64, 0x90,
+        0x9C, 0x23, 0x5A, 0xFF, 0x7E, 0x27, 0x1B, 0xC7,
+        0x7F, 0x21, 0x3B, 0x41, 0xDB, 0xBC, 0x96, 0x60,
+        0x0B, 0x35, 0xA1, 0xF3, 0xF8, 0x51, 0x0A, 0x65,
+        0xCF, 0xDF, 0x7A, 0xB8, 0x04, 0x56, 0x49, 0xD7,
+        0xD3, 0xC5, 0x0B, 0x4A, 0x1F, 0x60, 0xE1, 0x86,
+        0x36, 0x53, 0x8E, 0x6C, 0x3E, 0xAF, 0x5B, 0xC1,
+        0xCA, 0xCB, 0x22, 0x1A, 0x07, 0xDA, 0x54, 0xEC,
+        0xAA, 0x06, 0x72, 0x17, 0xCF, 0x80, 0xC4, 0x89,
+        0x56, 0x24, 0x1B, 0xD4, 0xFF, 0x50, 0x6B, 0x51,
+        0x55, 0x4D, 0x6E, 0x79, 0x7E, 0xEC, 0x61, 0xC6,
+        0xE4, 0x21, 0xC8, 0x0E, 0x10, 0x3F, 0x8C, 0x85,
+        0x3A, 0x27, 0xEA, 0x91, 0x07, 0xCB, 0x37, 0x18,
+        0x14, 0xB5, 0x63, 0x6E, 0x00, 0xBC, 0x0F, 0x36,
+        0xF9, 0x54, 0x75, 0xE7, 0x0B, 0xDC, 0xE7, 0xA0,
+        0x59, 0xF0, 0x64, 0xFB, 0x73, 0x07, 0x0E, 0xFE,
+        0x57, 0x7F, 0x0D, 0x12, 0xBC, 0xB0, 0xBF, 0xA2,
+        0x3A, 0x18, 0x08, 0x7E, 0xD5, 0x6C, 0xF0, 0x6F,
+        0xF8, 0x98, 0xFB, 0xA5, 0x10, 0x7B, 0x10, 0x5F,
+        0x6B, 0xC8, 0x6D, 0xDE, 0x2F, 0x1F, 0xE0, 0xC8,
+        0x19, 0xEE, 0xC2, 0x03, 0x39, 0x49, 0x70, 0x3E,
+        0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34,
+        0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18
+    };
+    static const byte sk_65_draft[] = {
+        0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
+        0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
+        0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
+        0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41,
+        0x52, 0x8D, 0xA0, 0xC7, 0xD2, 0x80, 0xDD, 0x49,
+        0x0D, 0x5E, 0xB7, 0x65, 0xDB, 0x32, 0x33, 0x15,
+        0x0F, 0x9E, 0xC8, 0xEB, 0xC9, 0x6E, 0xE8, 0xE8,
+        0x5C, 0xBD, 0x18, 0x4F, 0xDC, 0xF8, 0xA8, 0xD9,
+        0xC5, 0x33, 0x84, 0x79, 0x5A, 0x5E, 0xB7, 0x3C,
+        0x6D, 0x82, 0xCA, 0xB9, 0xBA, 0x94, 0xB6, 0x46,
+        0xAE, 0x3A, 0xD9, 0x19, 0x6C, 0xB4, 0xDA, 0xE2,
+        0xF1, 0x4B, 0xB6, 0x43, 0xF0, 0x24, 0x08, 0xE5,
+        0xF7, 0x9A, 0x41, 0xF1, 0x15, 0x9C, 0xA8, 0x08,
+        0x79, 0x9F, 0xB8, 0x26, 0xD4, 0x08, 0x32, 0x47,
+        0xC8, 0xF0, 0xD5, 0x31, 0xA1, 0xC1, 0x19, 0x04,
+        0x02, 0x06, 0x2B, 0x4D, 0x46, 0xAE, 0x43, 0x6A,
+        0x25, 0x82, 0x75, 0x41, 0x70, 0x36, 0x42, 0x48,
+        0x78, 0x06, 0x36, 0x50, 0x23, 0x84, 0x68, 0x10,
+        0x87, 0x08, 0x62, 0x00, 0x08, 0x34, 0x20, 0x73,
+        0x32, 0x13, 0x36, 0x61, 0x87, 0x61, 0x43, 0x50,
+        0x30, 0x02, 0x26, 0x07, 0x65, 0x45, 0x32, 0x00,
+        0x25, 0x75, 0x01, 0x04, 0x88, 0x81, 0x58, 0x64,
+        0x52, 0x40, 0x84, 0x22, 0x88, 0x42, 0x82, 0x56,
+        0x47, 0x50, 0x05, 0x21, 0x88, 0x25, 0x32, 0x25,
+        0x12, 0x85, 0x14, 0x52, 0x87, 0x77, 0x67, 0x18,
+        0x46, 0x54, 0x63, 0x07, 0x88, 0x67, 0x37, 0x26,
+        0x72, 0x62, 0x41, 0x02, 0x00, 0x01, 0x17, 0x84,
+        0x33, 0x64, 0x32, 0x57, 0x06, 0x20, 0x05, 0x44,
+        0x88, 0x57, 0x33, 0x45, 0x70, 0x55, 0x14, 0x43,
+        0x12, 0x54, 0x04, 0x38, 0x37, 0x08, 0x42, 0x57,
+        0x36, 0x05, 0x30, 0x03, 0x86, 0x53, 0x02, 0x53,
+        0x75, 0x22, 0x62, 0x13, 0x38, 0x82, 0x48, 0x30,
+        0x83, 0x83, 0x64, 0x83, 0x13, 0x74, 0x57, 0x32,
+        0x46, 0x70, 0x06, 0x05, 0x82, 0x52, 0x73, 0x55,
+        0x25, 0x77, 0x21, 0x78, 0x57, 0x83, 0x66, 0x20,
+        0x38, 0x53, 0x21, 0x41, 0x77, 0x56, 0x77, 0x46,
+        0x34, 0x42, 0x58, 0x31, 0x08, 0x06, 0x03, 0x62,
+        0x20, 0x35, 0x11, 0x42, 0x35, 0x38, 0x63, 0x86,
+        0x64, 0x13, 0x13, 0x75, 0x40, 0x01, 0x53, 0x74,
+        0x41, 0x31, 0x56, 0x64, 0x38, 0x17, 0x14, 0x16,
+        0x62, 0x33, 0x22, 0x12, 0x64, 0x40, 0x67, 0x11,
+        0x62, 0x42, 0x25, 0x60, 0x38, 0x05, 0x83, 0x13,
+        0x51, 0x00, 0x28, 0x36, 0x62, 0x56, 0x41, 0x43,
+        0x58, 0x37, 0x51, 0x22, 0x70, 0x25, 0x82, 0x82,
+        0x35, 0x24, 0x06, 0x83, 0x48, 0x58, 0x81, 0x78,
+        0x07, 0x86, 0x23, 0x15, 0x75, 0x32, 0x46, 0x75,
+        0x35, 0x40, 0x08, 0x43, 0x10, 0x66, 0x74, 0x05,
+        0x13, 0x72, 0x74, 0x08, 0x83, 0x41, 0x81, 0x08,
+        0x75, 0x87, 0x83, 0x28, 0x56, 0x66, 0x20, 0x01,
+        0x18, 0x83, 0x57, 0x22, 0x14, 0x64, 0x18, 0x05,
+        0x27, 0x75, 0x22, 0x84, 0x12, 0x38, 0x87, 0x52,
+        0x32, 0x25, 0x28, 0x08, 0x14, 0x41, 0x81, 0x14,
+        0x03, 0x24, 0x54, 0x23, 0x04, 0x81, 0x40, 0x36,
+        0x38, 0x38, 0x64, 0x42, 0x46, 0x36, 0x68, 0x11,
+        0x55, 0x00, 0x11, 0x25, 0x76, 0x16, 0x43, 0x07,
+        0x23, 0x03, 0x34, 0x10, 0x46, 0x41, 0x14, 0x02,
+        0x26, 0x10, 0x74, 0x38, 0x38, 0x72, 0x07, 0x87,
+        0x54, 0x11, 0x12, 0x83, 0x75, 0x05, 0x82, 0x17,
+        0x45, 0x20, 0x38, 0x41, 0x37, 0x20, 0x00, 0x08,
+        0x32, 0x18, 0x16, 0x25, 0x58, 0x85, 0x16, 0x88,
+        0x71, 0x82, 0x45, 0x60, 0x33, 0x11, 0x13, 0x42,
+        0x43, 0x37, 0x68, 0x11, 0x16, 0x54, 0x04, 0x08,
+        0x52, 0x78, 0x13, 0x56, 0x83, 0x52, 0x15, 0x24,
+        0x03, 0x61, 0x78, 0x44, 0x13, 0x70, 0x67, 0x36,
+        0x74, 0x86, 0x52, 0x50, 0x15, 0x41, 0x88, 0x74,
+        0x53, 0x00, 0x05, 0x18, 0x65, 0x62, 0x14, 0x84,
+        0x12, 0x32, 0x01, 0x88, 0x40, 0x42, 0x34, 0x05,
+        0x32, 0x80, 0x72, 0x55, 0x20, 0x68, 0x16, 0x43,
+        0x14, 0x15, 0x15, 0x38, 0x43, 0x85, 0x27, 0x60,
+        0x70, 0x18, 0x27, 0x35, 0x53, 0x01, 0x28, 0x73,
+        0x27, 0x84, 0x10, 0x53, 0x67, 0x10, 0x45, 0x40,
+        0x81, 0x52, 0x86, 0x06, 0x11, 0x18, 0x04, 0x31,
+        0x57, 0x25, 0x22, 0x44, 0x47, 0x81, 0x45, 0x44,
+        0x55, 0x04, 0x72, 0x57, 0x06, 0x46, 0x76, 0x23,
+        0x38, 0x85, 0x65, 0x30, 0x08, 0x48, 0x20, 0x13,
+        0x22, 0x77, 0x44, 0x60, 0x43, 0x14, 0x15, 0x27,
+        0x86, 0x22, 0x37, 0x37, 0x27, 0x04, 0x27, 0x50,
+        0x74, 0x31, 0x10, 0x82, 0x00, 0x75, 0x80, 0x44,
+        0x38, 0x10, 0x58, 0x40, 0x86, 0x60, 0x63, 0x13,
+        0x65, 0x18, 0x33, 0x70, 0x57, 0x68, 0x05, 0x10,
+        0x81, 0x03, 0x42, 0x05, 0x25, 0x65, 0x33, 0x57,
+        0x38, 0x05, 0x65, 0x34, 0x46, 0x53, 0x68, 0x11,
+        0x75, 0x10, 0x04, 0x54, 0x18, 0x47, 0x52, 0x24,
+        0x63, 0x23, 0x74, 0x45, 0x11, 0x34, 0x68, 0x32,
+        0x35, 0x38, 0x52, 0x85, 0x28, 0x08, 0x71, 0x78,
+        0x37, 0x38, 0x27, 0x10, 0x80, 0x54, 0x26, 0x33,
+        0x31, 0x82, 0x44, 0x88, 0x33, 0x24, 0x62, 0x86,
+        0x32, 0x82, 0x73, 0x31, 0x28, 0x14, 0x73, 0x87,
+        0x06, 0x35, 0x80, 0x36, 0x67, 0x02, 0x33, 0x75,
+        0x27, 0x36, 0x38, 0x16, 0x35, 0x70, 0x52, 0x16,
+        0x87, 0x58, 0x85, 0x17, 0x22, 0x13, 0x54, 0x85,
+        0x07, 0x53, 0x31, 0x26, 0x78, 0x01, 0x85, 0x18,
+        0x08, 0x68, 0x38, 0x52, 0x11, 0x73, 0x32, 0x25,
+        0x58, 0x82, 0x70, 0x70, 0x36, 0x30, 0x50, 0x38,
+        0x65, 0x12, 0x78, 0x31, 0x77, 0x72, 0x18, 0x41,
+        0x05, 0x42, 0x32, 0x26, 0x26, 0x50, 0x52, 0x86,
+        0x15, 0x76, 0x28, 0x66, 0x88, 0x03, 0x78, 0x28,
+        0x70, 0x33, 0x36, 0x27, 0x16, 0x61, 0x43, 0x56,
+        0x62, 0x81, 0x85, 0x75, 0x47, 0x60, 0x63, 0x38,
+        0x66, 0x81, 0x51, 0x78, 0x03, 0x42, 0x60, 0x38,
+        0x01, 0x24, 0x73, 0x63, 0x81, 0x12, 0x01, 0x27,
+        0x63, 0x13, 0x11, 0x78, 0x36, 0x37, 0x15, 0x03,
+        0x84, 0x58, 0x17, 0x25, 0x67, 0x87, 0x57, 0x83,
+        0x71, 0x85, 0x37, 0x53, 0x86, 0x22, 0x33, 0x28,
+        0x77, 0x30, 0x18, 0x15, 0x01, 0x37, 0x85, 0x40,
+        0x15, 0x38, 0x51, 0x33, 0x17, 0x42, 0x64, 0x04,
+        0x56, 0x27, 0x50, 0x45, 0x11, 0x27, 0x20, 0x17,
+        0x76, 0x55, 0x33, 0x37, 0x58, 0x88, 0x88, 0x45,
+        0x16, 0x55, 0x08, 0x53, 0x52, 0x48, 0x72, 0x85,
+        0x30, 0x15, 0x23, 0x44, 0x22, 0x02, 0x43, 0x45,
+        0x41, 0x10, 0x00, 0x52, 0x32, 0x73, 0x05, 0x75,
+        0x72, 0x16, 0x08, 0x11, 0x51, 0x36, 0x20, 0x04,
+        0x76, 0x48, 0x78, 0x56, 0x60, 0x88, 0x07, 0x47,
+        0x70, 0x20, 0x46, 0x40, 0x43, 0x26, 0x04, 0x37,
+        0x17, 0x51, 0x58, 0x46, 0x72, 0x44, 0x50, 0x23,
+        0x67, 0x63, 0x60, 0x84, 0x30, 0x51, 0x52, 0x53,
+        0x21, 0x74, 0x85, 0x45, 0x74, 0x43, 0x11, 0x72,
+        0x52, 0x65, 0x76, 0x08, 0x78, 0x63, 0x14, 0x27,
+        0x41, 0x34, 0x67, 0x07, 0x45, 0x15, 0x10, 0x83,
+        0x24, 0x02, 0x80, 0x53, 0x07, 0x21, 0x58, 0x10,
+        0x34, 0x20, 0x54, 0x12, 0x58, 0x44, 0x25, 0x53,
+        0x33, 0x46, 0x02, 0x38, 0x60, 0x17, 0x70, 0x64,
+        0x18, 0x52, 0x62, 0x26, 0x65, 0x61, 0x42, 0x31,
+        0x22, 0x57, 0x34, 0x57, 0x02, 0x34, 0x62, 0x76,
+        0x74, 0x38, 0x73, 0x21, 0x68, 0x71, 0x07, 0x21,
+        0x61, 0x05, 0x20, 0x20, 0x86, 0x83, 0x30, 0x25,
+        0x50, 0x50, 0x83, 0x30, 0x31, 0x56, 0x30, 0x31,
+        0x76, 0x04, 0x54, 0x80, 0x75, 0x18, 0x82, 0x23,
+        0x61, 0x87, 0x58, 0x25, 0x13, 0x63, 0x21, 0x51,
+        0x48, 0x02, 0x67, 0x37, 0x12, 0x88, 0x70, 0x60,
+        0x07, 0x36, 0x18, 0x15, 0x87, 0x74, 0x55, 0x60,
+        0x00, 0x54, 0x37, 0x11, 0x01, 0x37, 0x14, 0x17,
+        0x11, 0x72, 0x14, 0x55, 0x31, 0x75, 0x77, 0x48,
+        0x10, 0x23, 0x83, 0x20, 0x00, 0x04, 0x32, 0x64,
+        0x66, 0x61, 0x71, 0x31, 0x03, 0x15, 0x44, 0x32,
+        0x57, 0x25, 0x64, 0x31, 0x28, 0x15, 0x33, 0x67,
+        0x86, 0x87, 0x37, 0x03, 0x12, 0x78, 0x86, 0x13,
+        0x47, 0x80, 0x61, 0x42, 0x50, 0x40, 0x23, 0x37,
+        0x01, 0x01, 0x66, 0x24, 0x06, 0x57, 0x82, 0x02,
+        0x22, 0x42, 0x41, 0x02, 0x26, 0x06, 0x41, 0x35,
+        0x64, 0x16, 0x44, 0x42, 0x38, 0x30, 0x86, 0x88,
+        0x47, 0x71, 0x62, 0x33, 0x24, 0x02, 0x12, 0x37,
+        0x42, 0x33, 0x20, 0x81, 0x80, 0x53, 0x07, 0x65,
+        0x71, 0x27, 0x13, 0x53, 0x15, 0x43, 0x76, 0x38,
+        0x71, 0x30, 0x07, 0x87, 0x25, 0x63, 0x03, 0x33,
+        0x70, 0x56, 0x18, 0x13, 0x83, 0x51, 0x44, 0x40,
+        0x04, 0x80, 0x62, 0x24, 0x20, 0x64, 0x54, 0x40,
+        0x20, 0x73, 0x61, 0x45, 0x01, 0x24, 0x47, 0x78,
+        0x23, 0x34, 0x56, 0x10, 0x25, 0x32, 0x02, 0x70,
+        0x08, 0x02, 0x23, 0x24, 0x80, 0x43, 0x04, 0x02,
+        0x81, 0x11, 0x23, 0x82, 0x03, 0x61, 0x30, 0x33,
+        0x15, 0x36, 0x25, 0x32, 0x14, 0x73, 0x22, 0x46,
+        0x81, 0x25, 0x16, 0x13, 0x52, 0x58, 0x71, 0x61,
+        0x67, 0x08, 0x38, 0x76, 0x71, 0x15, 0x88, 0x47,
+        0x31, 0x25, 0x27, 0x18, 0x31, 0x50, 0x40, 0x71,
+        0x06, 0x87, 0x37, 0x30, 0x85, 0x64, 0x62, 0x78,
+        0x32, 0x74, 0x18, 0x83, 0x67, 0x40, 0x37, 0x44,
+        0x56, 0x02, 0x72, 0x61, 0x27, 0x28, 0x38, 0x38,
+        0x67, 0x17, 0x58, 0x04, 0x61, 0x28, 0x67, 0x37,
+        0x46, 0x50, 0x38, 0x15, 0x45, 0x12, 0x71, 0x44,
+        0x22, 0x02, 0x34, 0x83, 0x40, 0x70, 0x55, 0x75,
+        0x54, 0x26, 0x88, 0x07, 0x25, 0x58, 0x73, 0x60,
+        0x58, 0x61, 0x45, 0x63, 0x35, 0x05, 0x48, 0x63,
+        0x48, 0x57, 0x03, 0x31, 0x28, 0x14, 0x05, 0x01,
+        0x57, 0x34, 0x64, 0x50, 0x23, 0x86, 0x75, 0x85,
+        0x18, 0x75, 0x56, 0x88, 0x08, 0x26, 0x01, 0x34,
+        0x01, 0x57, 0x05, 0x28, 0x35, 0x48, 0x17, 0x57,
+        0x71, 0x81, 0x41, 0x33, 0x77, 0x86, 0x07, 0x77,
+        0x02, 0x25, 0x71, 0x74, 0x37, 0x31, 0x20, 0x14,
+        0x32, 0x54, 0x20, 0x35, 0x54, 0x76, 0x83, 0x15,
+        0x80, 0x73, 0x27, 0x23, 0x00, 0x58, 0x22, 0x84,
+        0x64, 0x56, 0x14, 0x84, 0x38, 0x34, 0x16, 0x21,
+        0x77, 0x07, 0x34, 0x81, 0x66, 0x87, 0x40, 0x11,
+        0x62, 0x46, 0x45, 0x01, 0x20, 0x53, 0x21, 0x73,
+        0x07, 0x76, 0x44, 0x15, 0x61, 0x50, 0x83, 0x48,
+        0x58, 0x58, 0x45, 0x33, 0x25, 0x36, 0x07, 0x42,
+        0x70, 0x24, 0x07, 0x41, 0x08, 0x35, 0x00, 0x78,
+        0x41, 0x47, 0x02, 0x56, 0x07, 0x14, 0x68, 0x33,
+        0x55, 0x77, 0x32, 0x40, 0x55, 0x24, 0x50, 0x26,
+        0x47, 0x12, 0x65, 0x58, 0x43, 0x05, 0x52, 0x55,
+        0x75, 0x50, 0x18, 0x46, 0x65, 0x48, 0x03, 0x32,
+        0x85, 0x31, 0x16, 0x52, 0x71, 0x57, 0x87, 0x46,
+        0x76, 0x14, 0x42, 0x81, 0x28, 0x74, 0x60, 0x34,
+        0x35, 0x55, 0x52, 0x16, 0x58, 0x48, 0x61, 0x75,
+        0x80, 0x88, 0x15, 0x32, 0x72, 0x26, 0x31, 0x03,
+        0x05, 0x03, 0x16, 0x04, 0x07, 0x37, 0x37, 0x73,
+        0x43, 0x81, 0x57, 0x31, 0x88, 0x04, 0x72, 0x76,
+        0x01, 0x61, 0x81, 0x17, 0x37, 0x65, 0x44, 0x38,
+        0x61, 0x23, 0x16, 0x26, 0x52, 0x45, 0x00, 0x73,
+        0x83, 0x63, 0x64, 0x62, 0x26, 0x74, 0x60, 0x11,
+        0x81, 0x08, 0x06, 0x30, 0x36, 0x05, 0x10, 0x48,
+        0x47, 0x35, 0x10, 0x85, 0x30, 0x86, 0x71, 0x38,
+        0x16, 0x37, 0x6F, 0x3B, 0x1C, 0x18, 0xB1, 0xE3,
+        0xE8, 0xEE, 0x83, 0x3E, 0x8D, 0x38, 0x43, 0x9E,
+        0x78, 0x1C, 0xA3, 0xB8, 0x94, 0x06, 0x54, 0xEF,
+        0x44, 0x6C, 0x9A, 0xAC, 0xC3, 0xF1, 0xD3, 0x0E,
+        0xE0, 0x10, 0x5B, 0x8F, 0x63, 0xEB, 0x89, 0x74,
+        0x6E, 0xF4, 0xBE, 0xB5, 0x4C, 0xFC, 0xE8, 0x81,
+        0x2C, 0xF9, 0x47, 0xCF, 0x54, 0x54, 0xFB, 0x1C,
+        0xA5, 0x5F, 0x25, 0xA0, 0xFE, 0x57, 0xF5, 0xFC,
+        0xFD, 0x73, 0xB0, 0xDA, 0x04, 0xB0, 0xBF, 0x28,
+        0x92, 0x92, 0xAF, 0x39, 0x74, 0x72, 0x56, 0x69,
+        0xC3, 0x00, 0x03, 0xE0, 0x50, 0x9F, 0xED, 0xC8,
+        0x0F, 0x6C, 0x89, 0x4B, 0xB0, 0x47, 0xC2, 0xE2,
+        0xAF, 0x48, 0x5C, 0xAD, 0x68, 0xC2, 0x1D, 0x80,
+        0xEF, 0x33, 0xB0, 0xC4, 0xFD, 0xA6, 0x7B, 0x85,
+        0x31, 0xA1, 0x58, 0x87, 0x67, 0x54, 0x71, 0x3F,
+        0xF8, 0xA8, 0xA6, 0x8D, 0x9A, 0xBD, 0xC4, 0x81,
+        0x6B, 0x24, 0xB4, 0xA3, 0x6A, 0x8A, 0x2B, 0xB1,
+        0xFD, 0x1C, 0x2C, 0x25, 0xC3, 0x72, 0xC4, 0xB7,
+        0x75, 0xF8, 0xCC, 0x17, 0x39, 0xCF, 0x2C, 0xE9,
+        0xA4, 0x54, 0x58, 0xE4, 0x1A, 0xAE, 0xC6, 0x4A,
+        0xEE, 0xDE, 0x75, 0x7C, 0xE7, 0x38, 0xBC, 0xDF,
+        0x4D, 0xA0, 0xEE, 0x2B, 0xDD, 0x5F, 0x80, 0x5C,
+        0xCF, 0xF7, 0x2A, 0x5F, 0x73, 0x8B, 0xAC, 0x12,
+        0x34, 0x2E, 0xE3, 0xF1, 0x4C, 0xB7, 0x22, 0x68,
+        0xC2, 0xD6, 0x36, 0x7D, 0xF1, 0x7F, 0x20, 0x46,
+        0xA2, 0x4B, 0x47, 0x4B, 0x32, 0x58, 0xF7, 0xB0,
+        0x88, 0x54, 0x6C, 0x99, 0x3B, 0x0D, 0xA1, 0xE2,
+        0x92, 0x92, 0xEB, 0x72, 0x1E, 0xE7, 0xE5, 0xA1,
+        0xF8, 0x6E, 0x14, 0xA5, 0x39, 0xB0, 0x63, 0x6F,
+        0x78, 0x82, 0xA1, 0x9C, 0x8D, 0x79, 0x02, 0x85,
+        0xA6, 0xDF, 0x7D, 0xEE, 0xCE, 0x17, 0x4D, 0x63,
+        0xCF, 0xF3, 0xB2, 0xFF, 0x85, 0x68, 0x81, 0xCB,
+        0x38, 0x6B, 0x1B, 0x38, 0xA2, 0xE0, 0xF2, 0x4C,
+        0x31, 0xE0, 0x91, 0x93, 0xDD, 0xF3, 0x71, 0x47,
+        0xF2, 0x69, 0xD9, 0x4C, 0xDE, 0xF9, 0x90, 0x61,
+        0x34, 0x62, 0x07, 0x71, 0x79, 0xD0, 0xDD, 0x09,
+        0x32, 0x64, 0x39, 0x49, 0x93, 0x1A, 0x02, 0xBA,
+        0xFA, 0x80, 0x17, 0x6E, 0xDF, 0x97, 0xB6, 0xA2,
+        0x31, 0x34, 0x71, 0xF0, 0xB1, 0x9B, 0x3B, 0x59,
+        0xF4, 0x3B, 0xD2, 0x2A, 0x05, 0x49, 0x3E, 0xFB,
+        0x0C, 0xF8, 0xB5, 0xD7, 0xB6, 0x25, 0x2B, 0x09,
+        0x8B, 0x4B, 0xFA, 0x39, 0x5B, 0xF9, 0xA2, 0x09,
+        0xE9, 0xBB, 0x46, 0x01, 0x30, 0x00, 0x90, 0x32,
+        0x58, 0xA6, 0x9B, 0x67, 0xF5, 0x94, 0x11, 0xC8,
+        0x35, 0x95, 0xFA, 0x6E, 0x67, 0x42, 0x8D, 0x96,
+        0x6D, 0x20, 0xFC, 0xD3, 0x09, 0x61, 0x11, 0x86,
+        0x77, 0xC0, 0x86, 0xA3, 0x54, 0xAE, 0x6D, 0x41,
+        0xEE, 0x17, 0xDC, 0xA1, 0xB0, 0xB7, 0x50, 0x43,
+        0xD6, 0xCE, 0x23, 0xBD, 0xB0, 0x1E, 0x02, 0xE5,
+        0x9E, 0xCF, 0xC6, 0x2E, 0x8C, 0x39, 0x71, 0xB1,
+        0x45, 0x02, 0x75, 0xBA, 0x7F, 0x60, 0xB0, 0x8B,
+        0x1C, 0x33, 0xBA, 0x0C, 0xFF, 0x54, 0x63, 0xE3,
+        0x47, 0x5B, 0x07, 0x77, 0x77, 0xC5, 0x72, 0x24,
+        0x60, 0xFA, 0xDB, 0x0B, 0xF6, 0x41, 0x82, 0x69,
+        0x3C, 0x68, 0x37, 0xF5, 0xFD, 0x45, 0x4A, 0x66,
+        0x6C, 0xD7, 0x01, 0x10, 0x78, 0x4A, 0xED, 0x09,
+        0xAE, 0x49, 0x0A, 0x60, 0xC7, 0x78, 0x56, 0x51,
+        0x15, 0xE3, 0x4A, 0xB5, 0xAE, 0xAD, 0x09, 0xD1,
+        0x71, 0xA8, 0xCA, 0x3C, 0x8A, 0xE6, 0xCA, 0x39,
+        0x43, 0x60, 0x56, 0x83, 0x3C, 0x58, 0x04, 0xD4,
+        0xB4, 0x62, 0xDD, 0x53, 0x05, 0xC8, 0x51, 0xAF,
+        0x59, 0xF6, 0x4F, 0x04, 0xC3, 0x1E, 0x69, 0xFF,
+        0x82, 0xBF, 0xD7, 0x89, 0xD2, 0x30, 0x9F, 0xF2,
+        0xE6, 0x38, 0x05, 0x9C, 0xD5, 0x08, 0xB8, 0x25,
+        0xF3, 0x3B, 0x99, 0x85, 0x4E, 0x40, 0xF8, 0x40,
+        0xF2, 0x4B, 0x5C, 0x3A, 0xA8, 0x64, 0x41, 0x92,
+        0xEA, 0xCA, 0x9A, 0x7B, 0xCF, 0xBA, 0x1F, 0xDE,
+        0xE0, 0x9D, 0xCA, 0xAD, 0xB4, 0x0C, 0x90, 0xFF,
+        0xE1, 0x6C, 0xEC, 0xDD, 0x32, 0x38, 0x2A, 0xF7,
+        0x19, 0x20, 0x39, 0xCB, 0x29, 0x67, 0x2F, 0x70,
+        0x71, 0x12, 0x10, 0xB6, 0xB8, 0x3E, 0x8D, 0xFD,
+        0xB5, 0xFB, 0xBD, 0xBF, 0xA8, 0xCA, 0x19, 0xC4,
+        0xC6, 0xAC, 0x37, 0x31, 0xFC, 0x33, 0xC2, 0x7F,
+        0xA2, 0xA2, 0x6D, 0xEB, 0x15, 0x2E, 0xA1, 0x90,
+        0xF8, 0x29, 0xC6, 0x34, 0xD1, 0x39, 0x30, 0x24,
+        0x1C, 0xB9, 0x26, 0xAC, 0xDD, 0xE5, 0x24, 0x9C,
+        0xDD, 0x35, 0x60, 0x7E, 0x38, 0x0C, 0xC1, 0x2A,
+        0x7D, 0x1E, 0xA9, 0xBA, 0xA5, 0x58, 0x4C, 0xDD,
+        0x26, 0x86, 0x09, 0xDC, 0xC3, 0xB0, 0x1F, 0xCD,
+        0xC9, 0xAD, 0xCB, 0x4A, 0x7E, 0x51, 0x67, 0xE5,
+        0xED, 0x5A, 0xD2, 0x21, 0xDB, 0x2E, 0xAB, 0xD9,
+        0x0A, 0xEC, 0xAE, 0x71, 0xFA, 0x23, 0x7A, 0xEF,
+        0x98, 0xDF, 0x53, 0x89, 0x93, 0xE8, 0x71, 0xD7,
+        0x35, 0xDA, 0x6B, 0x88, 0x31, 0xAF, 0x67, 0xF2,
+        0x97, 0x29, 0x1C, 0x39, 0x67, 0xEB, 0xAF, 0x60,
+        0xD9, 0x53, 0xC4, 0x0F, 0x7A, 0x46, 0x4E, 0xF3,
+        0x2F, 0x8E, 0xAE, 0xFA, 0x64, 0x2E, 0x37, 0xDE,
+        0xA9, 0x74, 0x73, 0x5D, 0xDD, 0xBB, 0x83, 0x54,
+        0x27, 0xB9, 0x7A, 0x63, 0x2B, 0x19, 0x8B, 0x26,
+        0x22, 0x28, 0x84, 0xA0, 0x58, 0x00, 0x2D, 0x55,
+        0xEA, 0x2A, 0x80, 0x0D, 0x6C, 0x97, 0x0E, 0x8B,
+        0xF7, 0x67, 0xB2, 0x8B, 0x2D, 0xDE, 0x8F, 0x58,
+        0xFE, 0x97, 0x81, 0xE7, 0xE2, 0x58, 0x8D, 0x7E,
+        0x1B, 0xAB, 0xE5, 0x15, 0x9D, 0x54, 0xF4, 0x00,
+        0x34, 0x1D, 0x12, 0x1B, 0x03, 0x23, 0x2B, 0x06,
+        0x2E, 0x8C, 0xD0, 0x0A, 0xDC, 0x19, 0xA1, 0x69,
+        0x1D, 0x72, 0x91, 0xB4, 0xED, 0x0E, 0x81, 0xF7,
+        0x05, 0x99, 0x84, 0xFC, 0x74, 0x0F, 0x7D, 0xF8,
+        0x9B, 0x3E, 0x7F, 0x63, 0x7C, 0x73, 0xEB, 0xF5,
+        0x36, 0xB3, 0x24, 0x22, 0xAA, 0x33, 0x0C, 0x30,
+        0x42, 0xC3, 0xE2, 0x04, 0x6B, 0x3F, 0x2A, 0x0D,
+        0xAB, 0xE8, 0x5A, 0x9A, 0x09, 0xD7, 0xB6, 0xAA,
+        0x9C, 0x3E, 0xD0, 0x9E, 0xB5, 0x9B, 0x52, 0x7B,
+        0xAF, 0x2D, 0x6B, 0xE0, 0x40, 0x12, 0x34, 0xBE,
+        0x49, 0xAB, 0xD2, 0xC8, 0xB5, 0x89, 0x1B, 0x79,
+        0xEC, 0xAE, 0x88, 0x89, 0x3C, 0x05, 0xC7, 0x75,
+        0xC5, 0x84, 0xF7, 0x10, 0x49, 0x48, 0x92, 0x69,
+        0x9E, 0xD5, 0x56, 0xB2, 0x1E, 0x81, 0x18, 0x78,
+        0xCB, 0x93, 0x5D, 0x70, 0x3A, 0xB2, 0x67, 0xD1,
+        0xCC, 0x8F, 0x83, 0x03, 0xB9, 0x64, 0x46, 0x22,
+        0x78, 0x0D, 0x55, 0x67, 0x22, 0x58, 0x0E, 0x22,
+        0x6B, 0xBA, 0x01, 0xD4, 0x77, 0x05, 0xA7, 0xAC,
+        0xB7, 0xE5, 0xFC, 0xE6, 0x11, 0xCC, 0x92, 0x5A,
+        0x8C, 0xC0, 0x08, 0x24, 0xAF, 0xCC, 0x4D, 0xBD,
+        0x79, 0xD3, 0x5C, 0x52, 0x2C, 0xFF, 0x1A, 0x48,
+        0xBB, 0x91, 0x59, 0x6A, 0x80, 0x32, 0x8C, 0x75,
+        0x7C, 0xD2, 0xC1, 0x94, 0x94, 0xA8, 0x55, 0x4B,
+        0xF2, 0x96, 0xF7, 0x86, 0xF7, 0x53, 0x4F, 0x54,
+        0x74, 0x05, 0x5C, 0xEF, 0x02, 0xA0, 0x8A, 0xD1,
+        0x88, 0x72, 0xEB, 0x1B, 0x82, 0xF9, 0xFB, 0xDA,
+        0xBC, 0xB9, 0x90, 0x98, 0xF2, 0x4B, 0x9A, 0xA6,
+        0x89, 0xD5, 0xB3, 0xD8, 0x7B, 0x94, 0xE3, 0x1F,
+        0x17, 0x4F, 0xEB, 0x24, 0x06, 0x2B, 0xAB, 0x5F,
+        0x27, 0x9B, 0xCD, 0xCE, 0x50, 0x06, 0x40, 0xDD,
+        0x7A, 0x8C, 0x67, 0xF0, 0x8E, 0x07, 0xB4, 0x1C,
+        0x3C, 0x13, 0xB2, 0x07, 0x6A, 0x38, 0x59, 0x94,
+        0x2C, 0xB1, 0x72, 0xA8, 0x77, 0x5B, 0x15, 0x8F,
+        0x88, 0xC4, 0x5C, 0xDC, 0x92, 0xCA, 0xC0, 0xED,
+        0x02, 0xFF, 0x1D, 0x57, 0x25, 0xBE, 0x67, 0x3E,
+        0x4C, 0xE8, 0x95, 0x2A, 0x80, 0xB2, 0x5D, 0xBC,
+        0xFA, 0x17, 0xA9, 0x35, 0x0A, 0x6B, 0x07, 0xC8,
+        0x8F, 0x88, 0x8D, 0xBC, 0x97, 0x84, 0xE2, 0x07,
+        0x57, 0x92, 0x99, 0x4B, 0xE8, 0xDD, 0xD7, 0xA4,
+        0x58, 0xCB, 0x61, 0xCE, 0x16, 0xFC, 0x22, 0xCD,
+        0x4B, 0x1A, 0x08, 0xC9, 0xAD, 0x3D, 0xB1, 0xF2,
+        0xA9, 0x1B, 0x8E, 0xD0, 0xC7, 0xBC, 0xCE, 0xF9,
+        0x0A, 0x7A, 0x4D, 0xBE, 0x82, 0x0A, 0xBD, 0x6C,
+        0x42, 0x99, 0xBF, 0x86, 0x65, 0x53, 0xAA, 0x04,
+        0x79, 0xD6, 0x6D, 0x7E, 0x0F, 0x40, 0xFA, 0xEE,
+        0xCE, 0x38, 0x3B, 0x1C, 0x2F, 0xA4, 0x45, 0xA3,
+        0x78, 0x2B, 0xA0, 0x29, 0xC5, 0xAA, 0xA9, 0x09,
+        0x29, 0x51, 0xDC, 0x5B, 0xB5, 0x95, 0xE4, 0xCE,
+        0xC8, 0x50, 0x71, 0x2D, 0xE9, 0x32, 0x12, 0xA0,
+        0x7C, 0x88, 0x6B, 0xED, 0xE4, 0x38, 0xB7, 0x92,
+        0xCA, 0xE4, 0xDC, 0xD4, 0x05, 0x3B, 0x2B, 0x84,
+        0x95, 0x07, 0xFF, 0xF4, 0x79, 0xFF, 0x1E, 0x73,
+        0x1B, 0x8E, 0xDF, 0xA3, 0x15, 0xBD, 0x56, 0xAC,
+        0xDA, 0xAD, 0x73, 0x95, 0xC2, 0xD3, 0x72, 0xA8,
+        0xF0, 0x8E, 0x6C, 0xE3, 0x7D, 0xBE, 0x4C, 0x87,
+        0xFC, 0x0F, 0xA6, 0x3B, 0xED, 0xA4, 0x0F, 0x4F,
+        0xF1, 0x5D, 0xF2, 0x56, 0x54, 0xD1, 0xCE, 0x6C,
+        0xCA, 0x1C, 0xCB, 0xC2, 0x45, 0x7F, 0x90, 0x61,
+        0x0E, 0x3D, 0xCE, 0xBB, 0x5E, 0x41, 0x38, 0x2B,
+        0xD4, 0x41, 0x7C, 0x67, 0x7C, 0x71, 0x95, 0x34,
+        0xD7, 0xED, 0x4D, 0xAC, 0x6E, 0xF1, 0x46, 0xEA,
+        0x7D, 0xA4, 0x4C, 0x69, 0x0B, 0x9C, 0x2F, 0xAA,
+        0xF1, 0x17, 0x90, 0x1B, 0xF4, 0x4C, 0x03, 0xBE,
+        0x9D, 0x56, 0xCE, 0x0C, 0xCF, 0xE0, 0x87, 0x44,
+        0xBE, 0x2C, 0x52, 0xD3, 0xBC, 0xAE, 0x02, 0x30,
+        0xC7, 0x26, 0x06, 0x88, 0xA6, 0xAA, 0x9D, 0x50,
+        0xF1, 0x94, 0x58, 0xC7, 0x60, 0xF3, 0xA0, 0x6F,
+        0x53, 0x66, 0x53, 0xCD, 0x1D, 0xBE, 0xD1, 0xF2,
+        0x39, 0xBA, 0x1F, 0xE8, 0x40, 0x84, 0xCD, 0x1C,
+        0x8F, 0x3D, 0xB7, 0xD1, 0x51, 0x00, 0xDE, 0xB8,
+        0x11, 0xD9, 0x66, 0xAD, 0xD5, 0xE9, 0x33, 0x09,
+        0xE1, 0xA8, 0x00, 0x58, 0x65, 0xF1, 0xC1, 0x67,
+        0xB4, 0x3A, 0xA7, 0x98, 0x90, 0x6A, 0xDB, 0x91,
+        0xDB, 0x4A, 0x16, 0x35, 0xDC, 0x3D, 0x69, 0xEB,
+        0x7B, 0xDE, 0xCC, 0x91, 0x1B, 0x8D, 0xE6, 0x46,
+        0x61, 0x8E, 0x3F, 0x4C, 0x88, 0x81, 0x85, 0x4A,
+        0x73, 0x08, 0x56, 0x52, 0xAE, 0xE6, 0x4A, 0x60,
+        0x4A, 0x2E, 0x0C, 0x9A, 0x93, 0x76, 0x35, 0xC9,
+        0x36, 0x28, 0x0C, 0x72, 0x19, 0xAD, 0x33, 0xCF,
+        0x2B, 0xFB, 0xCE, 0x1A, 0x7D, 0xAC, 0xAA, 0x75,
+        0x15, 0x76, 0x81, 0x52, 0x55, 0xCC, 0xB9, 0x39,
+        0x07, 0xA3, 0x39, 0x12, 0x8D, 0x6F, 0x53, 0xAF,
+        0xC7, 0x14, 0x7F, 0xC7, 0x96, 0x5A, 0x49, 0x3C,
+        0x5C, 0xB0, 0x26, 0x47, 0xF4, 0x9D, 0xCA, 0x23,
+        0xA6, 0x7D, 0xA6, 0x61, 0xC4, 0xA3, 0x26, 0x40,
+        0x0F, 0xA7, 0x27, 0x09, 0xBC, 0x39, 0xFD, 0xA7,
+        0x75, 0x38, 0x74, 0xD0, 0x9D, 0x29, 0x15, 0x97,
+        0xDE, 0x25, 0x60, 0x4D, 0x19, 0x36, 0x04, 0xFB,
+        0xA5, 0x2C, 0xB0, 0xC8, 0xB5, 0xFE, 0xE5, 0x94,
+        0x7C, 0xE2, 0x1F, 0x84, 0xBB, 0xFB, 0x78, 0x9E,
+        0xA5, 0x7C, 0x5D, 0x4A, 0xB2, 0x48, 0x6F, 0x6E,
+        0x67, 0x95, 0x16, 0x5F, 0x01, 0x2A, 0xF8, 0x70,
+        0x95, 0xCB, 0x06, 0x93, 0x26, 0x6E, 0x7A, 0x75,
+        0xB5, 0xE5, 0x4E, 0x27, 0x1D, 0x8B, 0x30, 0xA6,
+        0x67, 0x67, 0xD6, 0xE2, 0xD6, 0xD1, 0x99, 0xA4,
+        0x55, 0x73, 0x19, 0x32, 0xF6, 0x0B, 0x6B, 0x4A,
+        0xEE, 0x23, 0x33, 0x38, 0x30, 0x68, 0x6F, 0x8E,
+        0x60, 0xA9, 0x60, 0x97, 0x3E, 0xEA, 0x5D, 0xE1,
+        0x40, 0x6F, 0x0C, 0x76, 0x84, 0xCF, 0xAF, 0x86,
+        0x8D, 0x36, 0xE5, 0x7D, 0xAE, 0x9A, 0x13, 0x70,
+        0x22, 0x2A, 0x31, 0xFE, 0xC2, 0xFB, 0xE1, 0x58,
+        0xA5, 0x4E, 0xEF, 0x10, 0x5B, 0x5E, 0xD4, 0x39,
+        0xFC, 0xF9, 0x15, 0x64, 0x78, 0x43, 0x7D, 0x03,
+        0x9F, 0x5B, 0xCB, 0x86, 0xD2, 0xEF, 0x28, 0xBD,
+        0x14, 0xCB, 0x8A, 0x04, 0x1D, 0x59, 0x23, 0x53,
+        0x4D, 0x13, 0xF9, 0x93, 0xFE, 0x19, 0x9C, 0xC3,
+        0x3F, 0xD9, 0xC1, 0x12, 0x94, 0x84, 0x13, 0x95,
+        0x8F, 0xD9, 0x10, 0xAB, 0x37, 0x69, 0x08, 0x04,
+        0x4A, 0x97, 0x82, 0x28, 0x75, 0xBB, 0xC9, 0xF4,
+        0x3F, 0x19, 0x6B, 0x00, 0x4C, 0x56, 0x16, 0x1F,
+        0x50, 0x82, 0xD1, 0x45, 0xFF, 0x0C, 0x37, 0x28,
+        0x04, 0xBB, 0x6C, 0x00, 0x97, 0x3A, 0x79, 0x2D,
+        0x9A, 0xB9, 0xA5, 0x16, 0x52, 0x02, 0xA3, 0x86,
+        0x81, 0xAA, 0x3A, 0x31, 0xE5, 0xB5, 0x44, 0x2D,
+        0x34, 0xE2, 0x7A, 0xD8, 0xFE, 0xA1, 0x36, 0xC0,
+        0x36, 0x65, 0x73, 0x12, 0x9F, 0x61, 0x3F, 0x59,
+        0xC9, 0x68, 0xB6, 0x34, 0x41, 0x40, 0x25, 0xD6,
+        0xE7, 0xAD, 0x25, 0x7D, 0xCB, 0xF1, 0x2A, 0xD8,
+        0x53, 0x48, 0x9D, 0xBF, 0xB5, 0xD5, 0x61, 0x18,
+        0x0E, 0x2A, 0x21, 0x3E, 0x61, 0x18, 0x07, 0x8E,
+        0x6F, 0x9A, 0x96, 0xA8, 0x61, 0xFE, 0x8D, 0x66,
+        0x1A, 0x21, 0x99, 0xD9, 0x60, 0x8B, 0xAC, 0x85,
+        0x84, 0x3D, 0x41, 0xF9, 0x93, 0x35, 0x24, 0x32,
+        0xFF, 0xC0, 0x8A, 0xFA, 0xBC, 0xA7, 0x85, 0x57,
+        0x3C, 0x16, 0x83, 0xAE, 0x90, 0xDE, 0x40, 0x12,
+        0xE4, 0x2B, 0xA2, 0x47, 0xA4, 0x92, 0x73, 0x54,
+        0x6C, 0xA5, 0xB7, 0xEE, 0x62, 0xEA, 0x62, 0x37,
+        0xD9, 0xD7, 0x73, 0x58, 0x43, 0xDB, 0x20, 0x60,
+        0x8C, 0x4F, 0x87, 0x58, 0xB2, 0x2B, 0xC3, 0x40,
+        0xB0, 0xC1, 0xB6, 0xB6, 0xA9, 0xCD, 0xCC, 0x05,
+        0x4F, 0x38, 0x5F, 0x08, 0xB3, 0x3B, 0x08, 0x4D,
+        0x78, 0x6B, 0x0D, 0x40, 0x46, 0xB9, 0x20, 0xDE,
+        0x29, 0x6F, 0x23, 0x96, 0xDA, 0x02, 0xF5, 0x1C,
+        0x1A, 0x1A, 0x36, 0xA3, 0x3A, 0xFA, 0x1D, 0x80,
+        0x36, 0x3C, 0xF6, 0xB4, 0xDC, 0x2C, 0x88, 0x54,
+        0xF7, 0x86, 0xC6, 0xF2, 0x15, 0xF8, 0x85, 0x33,
+        0xFB, 0x21, 0x20, 0x59, 0xCE, 0x60, 0x4B, 0xE8,
+        0xF1, 0xB7, 0x54, 0x17, 0x1E, 0x83, 0xCD, 0x82,
+        0x39, 0x40, 0x14, 0x31, 0xEC, 0x89, 0xC8, 0xE2,
+        0x6A, 0xAE, 0x3F, 0x49, 0x5B, 0x38, 0xE7, 0xCD,
+        0xE2, 0xF6, 0xEF, 0x90, 0x51, 0x10, 0x83, 0x79,
+        0x27, 0x80, 0x2F, 0x45, 0x78, 0x67, 0xAF, 0xF4,
+        0x65, 0x95, 0x2D, 0xFE, 0x00, 0xF3, 0x2A, 0x60,
+        0x00, 0xF7, 0x26, 0xFA, 0x3C, 0xAD, 0xA9, 0xAF,
+        0xCA, 0xF6, 0x69, 0x48, 0x03, 0xBE, 0x18, 0x73,
+        0x54, 0x06, 0x06, 0x3E, 0x4E, 0xAD, 0xFC, 0x8B,
+        0xC3, 0x43, 0x24, 0x5D, 0xE9, 0xDE, 0x78, 0xDC,
+        0xD0, 0xA7, 0x04, 0x77, 0xF0, 0x0D, 0xA3, 0x37,
+        0x8C, 0x5F, 0x8B, 0xDF, 0xBE, 0x90, 0x1F, 0xA6,
+        0xB3, 0x17, 0x9D, 0x68, 0x36, 0x45, 0x11, 0x60,
+        0xFF, 0xF9, 0xBA, 0xDA, 0x80, 0xAA, 0x37, 0x57,
+        0xDD, 0x34, 0x30, 0x42, 0x7A, 0x9C, 0x86, 0xB4,
+        0x91, 0x30, 0xB8, 0xC0, 0xC4, 0x29, 0x15, 0x31,
+        0xF3, 0x9A, 0xB0, 0xCD, 0xAC, 0x8C, 0x7C, 0x8C,
+        0x4A, 0xDC, 0x76, 0xB6, 0x31, 0x30, 0xDE, 0x2D,
+        0x81, 0x04, 0xC7, 0x48, 0x73, 0x69, 0x02, 0x40,
+        0x30, 0x19, 0x66, 0x94, 0x21, 0x65, 0x13, 0x18,
+        0xC2, 0x09, 0x14, 0x5F, 0xC4, 0x2F, 0xC4, 0xD6,
+        0xA6, 0x05, 0x37, 0xAF, 0x72, 0x0C, 0x47, 0x02,
+        0x29, 0x95, 0x08, 0x9D, 0xC9, 0x07, 0x31, 0x38,
+        0xA9, 0xB5, 0xDA, 0x21, 0x76, 0x1D, 0x84, 0xD0,
+        0x15, 0xAF, 0x2A, 0xA3, 0x69, 0x0A, 0xE9, 0x4F,
+        0x75, 0x8A, 0x50, 0xA5, 0x11, 0xD4, 0x5F, 0xAF,
+        0x70, 0x43, 0xCB, 0xD7, 0x03, 0x9E, 0xB0, 0xBD,
+        0x19, 0x47, 0x94, 0x58, 0x22, 0x86, 0xC6, 0xE3,
+        0x62, 0xD8, 0x63, 0x05, 0xD9, 0xE2, 0xE5, 0x4A,
+        0x04, 0x54, 0x5A, 0x55, 0x25, 0xAD, 0x15, 0x5C,
+        0x4B, 0x71, 0x25, 0xE1, 0x50, 0xE3, 0x62, 0x1B,
+        0xD2, 0x43, 0x28, 0xD2, 0x84, 0xE4, 0xE2, 0x05,
+        0xE3, 0x01, 0x4C, 0x8F, 0x38, 0x17, 0x49, 0xFD,
+        0x3B, 0x52, 0x1A, 0x55, 0xB3, 0x1D, 0x69, 0x83,
+        0xAB, 0x9E, 0xC4, 0x73, 0xEE, 0x64, 0x7A, 0x73,
+        0x19, 0xEF, 0xCD, 0x7D, 0xB7, 0xF4, 0x2E, 0xCB,
+        0x55, 0x2A, 0x8A, 0xCC, 0x8F, 0xF8, 0x4E, 0xFB,
+        0xD2, 0x63, 0x8F, 0xF1, 0x10, 0x89, 0x02, 0x93,
+        0x3E, 0xAC, 0xA4, 0xB4, 0x89, 0xC7, 0xF7, 0x8B,
+        0x3E, 0xE1, 0xE8, 0x93, 0xB9, 0x8E, 0x36, 0x25,
+        0xC1, 0xC0, 0xD9, 0x44, 0x81, 0xC0, 0x99, 0x3C,
+        0x2B, 0x89, 0xF7, 0xDF, 0xDB, 0xD8, 0xCC, 0x84,
+        0xE6, 0xFF, 0xFE, 0xAC, 0x21, 0x16, 0xF1, 0xE2,
+        0xEF, 0x0A, 0x32, 0xA7, 0xDE, 0x87, 0x51, 0xEC,
+        0xB1, 0x0C, 0x0B, 0xC7, 0x07, 0xD9, 0x9A, 0xF8,
+        0xE8, 0xB0, 0xFE, 0xA5, 0x67, 0xAF, 0x53, 0x9F,
+        0xEF, 0x23, 0xEF, 0x7D, 0xFF, 0xA8, 0x8E, 0xDE,
+        0x97, 0x93, 0x32, 0xA6, 0x7C, 0xCF, 0x49, 0xBC,
+        0x36, 0x0D, 0x88, 0x90, 0x89, 0x39, 0x76, 0xA8,
+        0x82, 0x19, 0x02, 0xB6, 0x02, 0x82, 0xFE, 0xED,
+        0x9C, 0x28, 0x8D, 0xB0, 0x1E, 0x2B, 0x2A, 0xCF,
+        0xF3, 0x94, 0xFF, 0x66, 0x33, 0x93, 0x31, 0xD6,
+        0xFC, 0xAF, 0xE7, 0xC5, 0x98, 0x01, 0x46, 0xCD,
+        0xCB, 0xC4, 0x41, 0x13, 0x6D, 0x42, 0xF5, 0x13,
+        0xDF, 0xF9, 0x97, 0x65, 0xD4, 0x7B, 0x6E, 0x10,
+        0x79, 0x5D, 0x5A, 0x82, 0xA2, 0x49, 0x53, 0xA7,
+        0x6D, 0x9C, 0xDD, 0x0A, 0x80, 0x98, 0x58, 0x07,
+        0x30, 0xBF, 0x0B, 0x30, 0xAC, 0x24, 0x9E, 0xA0,
+        0xE8, 0xE4, 0x7A, 0x0D, 0xD0, 0x50, 0x82, 0xAE,
+        0xBB, 0xEC, 0x15, 0x30, 0x2A, 0xF2, 0xA7, 0xA6,
+        0x6A, 0xC8, 0xAE, 0x1E, 0x14, 0x80, 0x7C, 0x18,
+        0xE7, 0x2B, 0x88, 0x65, 0xB7, 0x93, 0x12, 0xB3,
+        0xC1, 0x2A, 0x20, 0xAD, 0x3B, 0x2E, 0x84, 0xC4,
+        0x0D, 0xA7, 0x62, 0x5C, 0x79, 0x52, 0x5D, 0x59,
+        0xA4, 0x69, 0x5C, 0x26, 0xFD, 0x4F, 0x80, 0xCC,
+        0xFE, 0x8E, 0x70, 0x72, 0xB1, 0x41, 0xE1, 0x75,
+        0x53, 0x51, 0xCF, 0x4C, 0x0B, 0x57, 0xF2, 0xB8,
+        0x59, 0x76, 0xE6, 0xEF, 0x6D, 0x74, 0xA6, 0x73,
+        0x69, 0x7F, 0x7C, 0xB2, 0x35, 0xFE, 0x8A, 0x02,
+        0x2F, 0xBE, 0x7C, 0x4D, 0x02, 0xBE, 0x8F, 0xFB,
+        0x7A, 0x58, 0x45, 0xEC, 0xBA, 0x1B, 0xC6, 0xB9,
+        0x8D, 0xF5, 0xB0, 0x82, 0xD1, 0xB4, 0x97, 0x86,
+        0x9B, 0x33, 0x54, 0x49, 0x5B, 0x88, 0xD9, 0xB5,
+        0xD0, 0x93, 0x8A, 0x00, 0x5D, 0x0F, 0x37, 0x88,
+        0x57, 0xE3, 0xFA, 0x7E, 0x7B, 0xFA, 0x43, 0x74,
+        0x8D, 0x64, 0x07, 0xD7, 0x07, 0x85, 0x4D, 0x49,
+        0xBC, 0x83, 0xF5, 0xD4, 0x95, 0x3E, 0x3E, 0x09,
+        0x65, 0xF3, 0xFC, 0x88, 0xA7, 0xF0, 0x46, 0x61,
+        0x44, 0x7D, 0x76, 0xED, 0xC9, 0x8D, 0x0F, 0x8D,
+        0xDA, 0x0D, 0x01, 0xC8, 0xB1, 0xA8, 0x9B, 0x4A,
+        0xF0, 0xA3, 0x88, 0x54, 0xC1, 0xD6, 0x52, 0x97
+    };
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte seed_87_draft[] = {
+        0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C,
+        0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B,
+        0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F,
+        0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8
+    };
+    static const byte pk_87_draft[] = {
+        0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
+        0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
+        0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
+        0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB,
+        0x24, 0xBF, 0x9E, 0x97, 0x9C, 0xD2, 0x3E, 0xDA,
+        0x8A, 0x1B, 0xB6, 0x76, 0xDA, 0x7D, 0x7F, 0x44,
+        0xAD, 0x6B, 0xB9, 0xB0, 0x70, 0xD3, 0xD6, 0x44,
+        0x7F, 0xBE, 0x6C, 0x0C, 0x71, 0x37, 0xC6, 0xFB,
+        0x7B, 0x39, 0x83, 0x63, 0x9C, 0x41, 0x5C, 0xF2,
+        0xC9, 0x15, 0xFF, 0xD4, 0x18, 0xEA, 0xA1, 0x4D,
+        0xA9, 0xD1, 0xAD, 0x3C, 0x09, 0x8E, 0xA9, 0x05,
+        0x34, 0x6C, 0xAA, 0x75, 0x78, 0xF8, 0x6B, 0x6E,
+        0x52, 0xE6, 0x57, 0x55, 0x16, 0xF4, 0x92, 0x3E,
+        0x74, 0x3F, 0x96, 0xA3, 0x2A, 0xD0, 0x0E, 0xEE,
+        0xA1, 0xCE, 0x8A, 0x33, 0xF4, 0x87, 0xB9, 0xF3,
+        0x22, 0x5D, 0x2D, 0x84, 0xCD, 0x27, 0x57, 0xCC,
+        0xCF, 0xE6, 0xA3, 0x66, 0x24, 0x53, 0x0E, 0x52,
+        0x8A, 0x2F, 0x64, 0xFC, 0xE7, 0x04, 0xE7, 0xA7,
+        0x6C, 0x2E, 0x6A, 0xDC, 0x00, 0xEF, 0x9B, 0xEC,
+        0x91, 0x07, 0xB9, 0x69, 0x8F, 0x11, 0x59, 0xFC,
+        0x52, 0xEF, 0x4C, 0x36, 0x5A, 0xFD, 0xB1, 0x50,
+        0xED, 0xC3, 0x43, 0x5E, 0x03, 0xBB, 0x70, 0x26,
+        0x00, 0x6E, 0x5A, 0x55, 0x13, 0x51, 0xA4, 0xB1,
+        0x5F, 0xB8, 0x9F, 0xD2, 0xE9, 0x98, 0x38, 0xE8,
+        0xCF, 0x41, 0x73, 0xFD, 0x0D, 0xF1, 0xF6, 0x80,
+        0x89, 0xE1, 0x51, 0x8D, 0xD4, 0xB5, 0x79, 0x27,
+        0x76, 0xBD, 0xD9, 0x2F, 0xC7, 0xC7, 0x9B, 0xC7,
+        0x99, 0x7F, 0x78, 0x84, 0xD2, 0xB8, 0x80, 0xC5,
+        0xD2, 0xB7, 0xEE, 0xC8, 0x0A, 0xFE, 0x35, 0x59,
+        0x84, 0x5D, 0x39, 0x08, 0x39, 0xBE, 0x5E, 0xBF,
+        0x95, 0x93, 0xA7, 0x3E, 0xD0, 0x1E, 0xF6, 0x7D,
+        0x50, 0x3F, 0xFB, 0x74, 0x47, 0x04, 0xA2, 0xDC,
+        0x49, 0x48, 0x76, 0x2B, 0xC8, 0x43, 0x45, 0x75,
+        0x72, 0x84, 0x4D, 0x15, 0x74, 0xE3, 0xEB, 0x37,
+        0x83, 0x0A, 0x3B, 0x7C, 0xD4, 0x02, 0xC7, 0x6E,
+        0xD5, 0xB4, 0xFC, 0x15, 0xF0, 0x5E, 0x76, 0x03,
+        0x4C, 0xBB, 0x6A, 0x29, 0xDE, 0xBC, 0x7E, 0x2B,
+        0x34, 0xB2, 0x14, 0x2A, 0x57, 0xCF, 0x1B, 0x39,
+        0x73, 0xE5, 0x8B, 0xFF, 0x47, 0x50, 0x42, 0xDC,
+        0x22, 0x6C, 0x7E, 0x13, 0x71, 0xF3, 0x37, 0x51,
+        0x40, 0xF2, 0x90, 0x57, 0xAC, 0xB4, 0x64, 0x7C,
+        0x5F, 0x92, 0x6D, 0x3F, 0xDC, 0xCC, 0xC8, 0xD2,
+        0xE1, 0x6B, 0x81, 0xA9, 0xED, 0xCD, 0x0C, 0x8B,
+        0x5B, 0x2E, 0x11, 0x89, 0x87, 0x42, 0x4B, 0xEC,
+        0xAD, 0x40, 0xA5, 0xE5, 0xB4, 0x6D, 0x1C, 0xB4,
+        0x01, 0x0A, 0x8E, 0x9F, 0x6F, 0x25, 0x92, 0x5D,
+        0xFE, 0x6B, 0x6F, 0x24, 0x64, 0x5F, 0x9C, 0x88,
+        0x86, 0x96, 0xE8, 0x79, 0x64, 0x5B, 0x6A, 0x3A,
+        0x76, 0x21, 0x90, 0xCC, 0xB7, 0xD6, 0x26, 0x9D,
+        0x35, 0x54, 0x79, 0xDF, 0x71, 0x90, 0x55, 0x2A,
+        0x38, 0x52, 0xD1, 0xE9, 0x56, 0x73, 0xE7, 0x19,
+        0x44, 0x6A, 0xD3, 0x10, 0x24, 0xB9, 0x4B, 0xF8,
+        0xBB, 0xC9, 0x7B, 0x04, 0x66, 0x39, 0xCE, 0x12,
+        0x3F, 0xDE, 0xC3, 0x75, 0xAF, 0x9F, 0x8D, 0x4C,
+        0xF7, 0x16, 0x9B, 0xEB, 0x5F, 0xE5, 0x1B, 0xBF,
+        0x82, 0x2C, 0x53, 0xBA, 0x2D, 0x98, 0xA4, 0xA0,
+        0x14, 0xA2, 0xDE, 0x69, 0x7F, 0x03, 0x3C, 0x9E,
+        0x4A, 0x57, 0xC6, 0xED, 0xF6, 0x10, 0x6A, 0x76,
+        0x2A, 0x81, 0x92, 0x9F, 0x3E, 0xF0, 0xFD, 0xE9,
+        0xB7, 0xB3, 0x8A, 0xF6, 0x1A, 0x19, 0x9A, 0x16,
+        0x0F, 0x09, 0x45, 0xBD, 0xBB, 0x96, 0x7C, 0x72,
+        0x40, 0xFE, 0x94, 0xBD, 0xE1, 0x60, 0x50, 0x53,
+        0x13, 0xC9, 0x2B, 0xFA, 0x52, 0x40, 0xA2, 0xA7,
+        0xF0, 0x8C, 0x85, 0x78, 0xDB, 0xD6, 0x7F, 0x21,
+        0x39, 0xB5, 0x06, 0x72, 0xEE, 0x99, 0xA1, 0xBD,
+        0x78, 0x1F, 0xA4, 0xE9, 0x54, 0xF4, 0xFA, 0xDF,
+        0xA7, 0x9E, 0xDD, 0x8E, 0xB1, 0xCF, 0xA8, 0x48,
+        0x84, 0x5D, 0x70, 0xCB, 0x2D, 0xA9, 0x66, 0x09,
+        0x0B, 0x75, 0x75, 0xA2, 0x32, 0xFE, 0xDF, 0x96,
+        0x33, 0x84, 0xA7, 0x84, 0x48, 0x1A, 0xFA, 0x82,
+        0x79, 0x0A, 0x87, 0xE1, 0x1F, 0x11, 0x74, 0xD4,
+        0x3C, 0xC0, 0x8D, 0x4F, 0xD2, 0x5D, 0xBB, 0x40,
+        0x10, 0xB2, 0x6F, 0x23, 0xD2, 0xD6, 0xF4, 0xA5,
+        0x87, 0xEF, 0x7D, 0xE8, 0xC6, 0xF7, 0xC6, 0x0F,
+        0xF9, 0x6F, 0xF8, 0x4C, 0x39, 0xE4, 0x82, 0x1E,
+        0x1E, 0x6A, 0x80, 0x2F, 0xEC, 0x22, 0xD6, 0xA0,
+        0xAA, 0xB6, 0x2C, 0xCB, 0x16, 0x43, 0x68, 0xC2,
+        0x27, 0xF6, 0xA2, 0x31, 0x62, 0x66, 0xEC, 0x2F,
+        0xFF, 0x8D, 0xB4, 0x19, 0x51, 0x19, 0xA0, 0x8C,
+        0x67, 0xE2, 0x04, 0x04, 0xB9, 0x1F, 0x08, 0x70,
+        0x9E, 0xAA, 0xC2, 0xDE, 0xCB, 0x96, 0x19, 0x8F,
+        0x02, 0x74, 0x10, 0xCC, 0x1B, 0x82, 0x5D, 0x9C,
+        0x07, 0x00, 0xE5, 0xD7, 0x04, 0x51, 0xBA, 0x7F,
+        0x67, 0xF9, 0x64, 0x0C, 0xA3, 0x6B, 0xF3, 0x12,
+        0x21, 0x80, 0x68, 0xD6, 0xA2, 0xCA, 0xFF, 0x59,
+        0x33, 0x43, 0x7D, 0x67, 0xBF, 0xD4, 0x88, 0x4A,
+        0x6E, 0x92, 0xBA, 0x41, 0xE1, 0x28, 0xDA, 0xEB,
+        0xE1, 0xEA, 0x25, 0x60, 0xE1, 0x2F, 0xED, 0x2C,
+        0xD4, 0x4B, 0xC9, 0x4E, 0x9E, 0x9D, 0xFA, 0xBB,
+        0xF9, 0x61, 0x41, 0x4C, 0x24, 0x24, 0xFC, 0x9B,
+        0x62, 0xFE, 0x73, 0x74, 0xF6, 0xB8, 0x9B, 0xA9,
+        0x02, 0x96, 0xF4, 0x90, 0x18, 0xA7, 0xF5, 0x49,
+        0xC1, 0xA3, 0x94, 0xB8, 0xED, 0xBD, 0x0B, 0xF3,
+        0xDB, 0xF3, 0xBC, 0x10, 0x6A, 0x6B, 0x3F, 0x79,
+        0x07, 0xF2, 0x11, 0x09, 0xD5, 0x42, 0x8F, 0xA9,
+        0x09, 0x94, 0xBE, 0xF2, 0x0D, 0x3A, 0x91, 0x33,
+        0x01, 0x31, 0x34, 0xBF, 0x0A, 0xCA, 0xF1, 0x3E,
+        0x66, 0x18, 0xA6, 0x69, 0xEC, 0xEA, 0xC5, 0xE9,
+        0x8B, 0x80, 0xFE, 0x4D, 0x93, 0x7B, 0xD4, 0xE5,
+        0x74, 0x90, 0xFA, 0xFD, 0xCE, 0x45, 0xE8, 0xD7,
+        0xD8, 0x8F, 0x08, 0x8B, 0x3A, 0xA8, 0x01, 0xA2,
+        0xB4, 0xE5, 0xF2, 0x29, 0x41, 0x02, 0xBD, 0xCB,
+        0xF9, 0x4A, 0x62, 0x54, 0x99, 0x94, 0x61, 0xB7,
+        0x8F, 0xA5, 0x8A, 0x7F, 0xDC, 0xAD, 0xD2, 0xF2,
+        0x28, 0x1E, 0xF3, 0x18, 0xAE, 0x21, 0x81, 0xF7,
+        0xE9, 0xE5, 0xBF, 0x2B, 0xC2, 0x98, 0x24, 0xB1,
+        0x45, 0x56, 0x57, 0x31, 0xA1, 0x48, 0xAB, 0x39,
+        0xC2, 0x04, 0x29, 0x1B, 0x5B, 0xD3, 0x23, 0x35,
+        0xCC, 0x5A, 0x58, 0x10, 0x11, 0x5B, 0xD5, 0x88,
+        0xC2, 0x60, 0x37, 0x3D, 0x1C, 0x1C, 0x7B, 0x09,
+        0x95, 0xB5, 0x05, 0x12, 0xD8, 0x52, 0x8D, 0xF5,
+        0xBD, 0x4A, 0xA5, 0x45, 0x6F, 0x3D, 0x55, 0x9D,
+        0x90, 0xAD, 0xD7, 0xA9, 0xD0, 0x25, 0x0B, 0xD7,
+        0x55, 0x11, 0x5C, 0x60, 0xBF, 0xBD, 0xFB, 0x9D,
+        0x2A, 0xCE, 0x4F, 0xE6, 0xB8, 0x36, 0x3A, 0x4D,
+        0xE7, 0xB6, 0xFF, 0x6B, 0xD8, 0xBA, 0xD4, 0xEE,
+        0x95, 0x9A, 0x0A, 0x47, 0xD4, 0x76, 0xE0, 0xF7,
+        0xAC, 0x02, 0xB6, 0xA8, 0x10, 0x1E, 0xA5, 0x98,
+        0xC0, 0xF4, 0x68, 0x5E, 0x55, 0xC1, 0x67, 0xCD,
+        0x16, 0x31, 0xBD, 0xA2, 0x86, 0xF3, 0xF8, 0xC0,
+        0xED, 0x4A, 0xFF, 0xE8, 0xF5, 0x2C, 0xFA, 0xD2,
+        0x06, 0x78, 0x6D, 0x34, 0xBE, 0xF9, 0x15, 0x84,
+        0x6D, 0xE5, 0x5F, 0xA4, 0xAC, 0x84, 0x3B, 0x3A,
+        0xA6, 0x2D, 0xC2, 0x01, 0xE0, 0x63, 0x92, 0xC7,
+        0x77, 0xB5, 0x4E, 0x2C, 0x40, 0x90, 0x48, 0xAF,
+        0x8B, 0xE9, 0x6C, 0x1E, 0xEE, 0x16, 0x8F, 0x4E,
+        0x4F, 0xFF, 0x35, 0x15, 0xE5, 0x51, 0xF4, 0xB2,
+        0x23, 0x1C, 0x6A, 0xCE, 0x05, 0xDC, 0xDC, 0xAD,
+        0x7F, 0x9D, 0xDA, 0xB3, 0x0C, 0xAD, 0x9C, 0x62,
+        0x68, 0xD6, 0x84, 0x00, 0x76, 0xFF, 0xD3, 0x01,
+        0x18, 0xB0, 0xC4, 0xE5, 0xE5, 0x0D, 0x87, 0x8E,
+        0xAF, 0x77, 0xEE, 0xCB, 0x56, 0x88, 0x7F, 0xED,
+        0xC5, 0x7C, 0x54, 0xD6, 0x28, 0x46, 0xE0, 0x8C,
+        0xE6, 0x87, 0xF2, 0x4D, 0x0D, 0x2F, 0x12, 0x62,
+        0x06, 0xDF, 0xB2, 0x4E, 0x03, 0x04, 0x78, 0x0B,
+        0x03, 0x4C, 0xCE, 0x86, 0xD1, 0xCD, 0x53, 0x00,
+        0xED, 0xC6, 0xF8, 0x9A, 0xCB, 0x59, 0x14, 0xA6,
+        0x0C, 0x87, 0x35, 0x92, 0x66, 0x0D, 0x02, 0xA9,
+        0xEF, 0x0D, 0x7D, 0xC6, 0x45, 0xF3, 0x11, 0xEF,
+        0x1F, 0x55, 0x72, 0x1F, 0x1B, 0x45, 0xD2, 0xE4,
+        0x8F, 0x3F, 0x9F, 0xEB, 0x27, 0x02, 0xD8, 0x2C,
+        0xEF, 0xAD, 0x7E, 0x7E, 0x10, 0xDD, 0x91, 0x5E,
+        0x39, 0x06, 0x7C, 0x39, 0xEA, 0x61, 0xB9, 0xCC,
+        0xF1, 0x45, 0x56, 0x81, 0x53, 0x55, 0x42, 0xD4,
+        0x37, 0x0F, 0x53, 0xF0, 0x7F, 0xA0, 0xC6, 0x50,
+        0x9B, 0x1D, 0xC6, 0x7E, 0x9F, 0x1D, 0x89, 0x3B,
+        0xEB, 0x85, 0x59, 0x6D, 0x9C, 0x12, 0xEE, 0xAC,
+        0xFC, 0xAE, 0xC0, 0xAE, 0x5F, 0xD4, 0x9C, 0x62,
+        0xE7, 0x09, 0x8C, 0xFA, 0x80, 0x1A, 0x19, 0x09,
+        0x0F, 0x8D, 0x68, 0x9E, 0x45, 0x33, 0xE2, 0x58,
+        0x7B, 0xEF, 0xC7, 0x6A, 0xDC, 0x38, 0x33, 0x3E,
+        0x5C, 0x53, 0xB5, 0x99, 0xDB, 0x04, 0xA7, 0xEA,
+        0xFB, 0x07, 0x9B, 0x25, 0x47, 0xED, 0xAC, 0x5A,
+        0xAA, 0x1E, 0xE5, 0x23, 0xDE, 0x64, 0xE5, 0x87,
+        0x46, 0x8C, 0x41, 0x52, 0xC9, 0x4F, 0x90, 0x48,
+        0x1C, 0xAA, 0xA6, 0xB0, 0x3A, 0x1E, 0xC9, 0x08,
+        0xF7, 0x82, 0x71, 0x13, 0x76, 0x6B, 0x9E, 0x52,
+        0x22, 0x32, 0xE0, 0xC6, 0xF7, 0xD7, 0x4C, 0xBD,
+        0xC3, 0x1C, 0x18, 0xAF, 0xA0, 0x12, 0xD3, 0x22,
+        0x6A, 0xFC, 0x71, 0x8A, 0x64, 0x24, 0xAC, 0x19,
+        0x4E, 0x85, 0x3C, 0x51, 0xE6, 0xA3, 0xAD, 0xA9,
+        0x59, 0x94, 0xD2, 0x7F, 0xC4, 0x9D, 0x93, 0x5B,
+        0x51, 0xD7, 0xF3, 0x03, 0xE7, 0x7D, 0x5B, 0x13,
+        0x0E, 0xCD, 0x7D, 0x0F, 0x77, 0x3E, 0x84, 0xD7,
+        0x4E, 0x69, 0x57, 0x1B, 0x73, 0x99, 0xC9, 0x4D,
+        0xC0, 0x19, 0x6B, 0x9D, 0x5F, 0xBA, 0x69, 0xEE,
+        0x11, 0xBD, 0x7C, 0x45, 0xD9, 0xA9, 0x65, 0x88,
+        0xA7, 0x0E, 0x16, 0xBF, 0xB3, 0x82, 0x5E, 0x5E,
+        0x56, 0x13, 0x02, 0x7D, 0xB1, 0xDC, 0xF5, 0x4A,
+        0x82, 0x73, 0x72, 0x35, 0x9B, 0x91, 0xAC, 0x04,
+        0x69, 0xE9, 0xEA, 0x19, 0xC9, 0xD8, 0x59, 0xEB,
+        0x8F, 0x22, 0x5F, 0x43, 0x11, 0x0C, 0xCF, 0xB4,
+        0x16, 0x6C, 0x7D, 0x60, 0xCE, 0x14, 0x24, 0xAD,
+        0xD7, 0x07, 0xC2, 0x4E, 0x98, 0xA0, 0xDE, 0x9E,
+        0xE6, 0x31, 0xED, 0xF8, 0x5B, 0x9C, 0xAF, 0xF7,
+        0x57, 0x59, 0x10, 0xA9, 0x92, 0xDC, 0x4F, 0x0C,
+        0x2B, 0x88, 0x75, 0x19, 0x1D, 0xB3, 0xBF, 0x70,
+        0x23, 0x17, 0xD5, 0x1A, 0x50, 0x30, 0x18, 0x14,
+        0x1A, 0x14, 0xE6, 0x1D, 0x4F, 0x8A, 0x96, 0x3E,
+        0xD8, 0x6E, 0xD9, 0xBF, 0x94, 0x4E, 0xDE, 0xB8,
+        0xFF, 0xE1, 0x6F, 0xFD, 0x31, 0xE8, 0xFE, 0x43,
+        0xC2, 0x40, 0x82, 0x45, 0x50, 0xFE, 0x1B, 0xBC,
+        0x77, 0x4B, 0xB4, 0x30, 0xA7, 0xD4, 0x46, 0x32,
+        0x6A, 0xF7, 0xC5, 0x92, 0xDA, 0x70, 0xB1, 0xB7,
+        0xA1, 0x5A, 0x5D, 0x17, 0x3B, 0xDB, 0x2F, 0x28,
+        0x8A, 0x6E, 0xEC, 0xDA, 0xC4, 0xF7, 0x2E, 0xCB,
+        0xEB, 0x96, 0x60, 0x92, 0x1B, 0xDD, 0xD6, 0x13,
+        0x7C, 0x85, 0x9F, 0x8A, 0x9A, 0xE9, 0x5F, 0xC4,
+        0x24, 0xFD, 0x33, 0xDF, 0xB3, 0x98, 0x66, 0xF7,
+        0xA1, 0x5A, 0xDC, 0x01, 0xC9, 0xFA, 0x37, 0xF1,
+        0x7B, 0xD0, 0xF6, 0x66, 0x8A, 0x26, 0x7C, 0xC2,
+        0x1B, 0xFF, 0x62, 0xBC, 0xFD, 0xCD, 0x47, 0xDA,
+        0xEE, 0x75, 0xF2, 0xAC, 0x60, 0x69, 0x87, 0x26,
+        0xCC, 0x92, 0x10, 0x1C, 0x92, 0xC1, 0x43, 0x09,
+        0xE9, 0xCE, 0x7D, 0x05, 0x5C, 0x64, 0x55, 0xCB,
+        0xBB, 0x7A, 0xAE, 0x05, 0xDB, 0x38, 0xD3, 0xD5,
+        0xBB, 0xD9, 0x9F, 0xCB, 0xCF, 0xB7, 0x9C, 0xEF,
+        0x7E, 0x7B, 0x2A, 0x6F, 0x84, 0x4E, 0x6A, 0x7F,
+        0xD3, 0x5F, 0xF3, 0xB3, 0xC1, 0xF0, 0x02, 0x9C,
+        0xA2, 0x4C, 0x86, 0x0E, 0x6B, 0xE2, 0x2B, 0x1D,
+        0x1D, 0xB4, 0x55, 0x7F, 0x85, 0x54, 0x2D, 0x85,
+        0x64, 0x89, 0x92, 0x19, 0x65, 0x44, 0xD7, 0x95,
+        0x48, 0x2C, 0x46, 0x8D, 0x0E, 0xBA, 0xFB, 0x13,
+        0x63, 0x52, 0x2E, 0x22, 0x19, 0x3F, 0x7F, 0xFB,
+        0x54, 0x4D, 0x73, 0xA1, 0x3C, 0x22, 0xD6, 0x5D,
+        0x2B, 0x4A, 0xBD, 0xD7, 0xBB, 0x72, 0x55, 0x80,
+        0xD4, 0x57, 0x4E, 0xDC, 0xF2, 0x8B, 0xB3, 0x09,
+        0x6A, 0xF9, 0x1A, 0xD3, 0x41, 0x0E, 0x72, 0x95,
+        0x49, 0xE7, 0xD1, 0xDC, 0x05, 0x22, 0xC3, 0x3E,
+        0x26, 0x95, 0x00, 0x01, 0x8C, 0xE1, 0x54, 0x47,
+        0x84, 0x10, 0xA7, 0x67, 0x45, 0xBB, 0xB9, 0x7B,
+        0x0B, 0xB4, 0x74, 0x82, 0xED, 0x6C, 0x26, 0x6E,
+        0xF2, 0x56, 0xCA, 0x1A, 0xD1, 0x10, 0x68, 0x40,
+        0x28, 0x23, 0xD5, 0x98, 0xB3, 0x6B, 0x75, 0x16,
+        0x13, 0x87, 0xE1, 0xF2, 0x3F, 0xAB, 0xC0, 0x2A,
+        0xF0, 0x16, 0x59, 0x85, 0x1A, 0x5B, 0x41, 0xB7,
+        0x52, 0xB1, 0x79, 0x46, 0x20, 0xDF, 0x59, 0xFB,
+        0x33, 0xB3, 0x05, 0xF1, 0x12, 0x8B, 0xDB, 0x7C,
+        0x51, 0x90, 0xC9, 0x8A, 0xC9, 0x48, 0x10, 0x54,
+        0xF4, 0x0F, 0x88, 0x1D, 0xDB, 0x40, 0x1B, 0x3A,
+        0xD7, 0x62, 0xD1, 0x75, 0x73, 0xD6, 0xCA, 0x23,
+        0x26, 0xB2, 0xBF, 0x4C, 0xCA, 0x22, 0xDD, 0xF6,
+        0xAF, 0x22, 0xB8, 0x4F, 0xC2, 0xC3, 0xB3, 0xD3,
+        0xED, 0xFA, 0xBA, 0x2E, 0x38, 0x28, 0x6A, 0xAE,
+        0x60, 0xE9, 0x2D, 0x11, 0x33, 0xED, 0x7E, 0xE9,
+        0x29, 0x8E, 0x01, 0xB0, 0x0F, 0x13, 0x83, 0x44,
+        0x17, 0xFA, 0xB6, 0x54, 0x7C, 0xAC, 0x1F, 0xED,
+        0xC9, 0x22, 0xF2, 0x4F, 0x69, 0x24, 0x04, 0xFE,
+        0xC2, 0x6A, 0xEB, 0xB0, 0xE4, 0xF5, 0x03, 0xCB,
+        0xB3, 0x99, 0x50, 0x66, 0x1F, 0x6B, 0xF3, 0xFE,
+        0xB7, 0xBF, 0x8D, 0xBA, 0x59, 0x75, 0x75, 0x51,
+        0xB0, 0xA5, 0xB9, 0x66, 0xC8, 0xDD, 0x35, 0xAE,
+        0x20, 0x66, 0x21, 0x9B, 0x04, 0x3F, 0xC6, 0x90,
+        0x6F, 0x2B, 0x5C, 0x78, 0x49, 0x3C, 0x40, 0xE6,
+        0xF9, 0x6B, 0x1A, 0xEF, 0xCE, 0x5A, 0xC1, 0x68,
+        0xD3, 0x34, 0x05, 0xD0, 0x21, 0x6C, 0xF8, 0xA8,
+        0x55, 0xE4, 0x6E, 0x80, 0x9B, 0xAD, 0xA5, 0xC3,
+        0x55, 0x0B, 0x28, 0xBB, 0x54, 0x02, 0xD4, 0xF6,
+        0x82, 0x73, 0xAB, 0x56, 0x0B, 0xB1, 0x5F, 0x94,
+        0xC3, 0xDA, 0x24, 0x1E, 0x7F, 0x62, 0x6B, 0x98,
+        0x6B, 0x2A, 0xF3, 0x92, 0x37, 0x3A, 0xB9, 0xE6,
+        0x27, 0xC4, 0xBB, 0xAB, 0xE4, 0x9A, 0x60, 0xD2,
+        0xAE, 0xCE, 0xFD, 0x44, 0xEB, 0x1C, 0xCF, 0x74,
+        0x54, 0xFC, 0xEC, 0x4F, 0xC2, 0xBA, 0xF4, 0x3B,
+        0xAC, 0x03, 0xC7, 0x2E, 0xE6, 0x62, 0x44, 0x61,
+        0x42, 0xC8, 0xAE, 0xF1, 0xB2, 0xA9, 0xAC, 0xE0,
+        0xCE, 0x23, 0xAF, 0xCC, 0x86, 0x61, 0xFE, 0xC5,
+        0xCB, 0xAC, 0x4A, 0x1B, 0x5C, 0xC7, 0x2B, 0xFF,
+        0x8A, 0x20, 0x62, 0x0E, 0xB9, 0x1D, 0xDD, 0x93,
+        0x19, 0x29, 0xE4, 0xD9, 0x13, 0x1D, 0x28, 0x32,
+        0x03, 0x5A, 0xA6, 0x8E, 0x20, 0xC7, 0xD6, 0xC6,
+        0x4D, 0x19, 0x17, 0xCC, 0x65, 0xB8, 0x84, 0x0C,
+        0x38, 0xB4, 0xA9, 0x45, 0x2B, 0x91, 0x61, 0x79,
+        0x87, 0x08, 0xA6, 0xBD, 0x28, 0x9A, 0x58, 0x48,
+        0xD5, 0x58, 0xC6, 0xCE, 0xC2, 0xC5, 0x72, 0x16,
+        0xD9, 0xF4, 0xED, 0x66, 0xAC, 0xFA, 0x93, 0xE8,
+        0x26, 0x10, 0x3B, 0x3D, 0x8F, 0xEA, 0x51, 0xCC,
+        0x82, 0xC0, 0xDB, 0xDF, 0xA7, 0x13, 0xFB, 0x1B,
+        0x77, 0x7E, 0x6F, 0x9E, 0x3C, 0xC5, 0x86, 0x35,
+        0x92, 0x5B, 0x6F, 0x76, 0xA1, 0x71, 0x0D, 0x8C,
+        0xDC, 0x95, 0x9F, 0xAC, 0x2C, 0x8E, 0x21, 0x01,
+        0x37, 0x06, 0x28, 0x64, 0x4C, 0x23, 0xE2, 0x75,
+        0x0B, 0xA7, 0xA4, 0xF5, 0x90, 0x87, 0xD2, 0x43,
+        0x71, 0x59, 0x7C, 0x8C, 0xCA, 0x77, 0x3B, 0xC5,
+        0x36, 0x46, 0xF7, 0x2F, 0xD3, 0x47, 0x18, 0xD7,
+        0xC9, 0x4E, 0x56, 0x2D, 0x49, 0x82, 0xAC, 0x7D,
+        0xD7, 0x3D, 0xF1, 0xDD, 0x73, 0x8B, 0xE4, 0xA1,
+        0x10, 0x85, 0xB6, 0x94, 0xBE, 0x6A, 0x5E, 0xEE,
+        0xBD, 0x60, 0xEB, 0x95, 0x76, 0xA8, 0x52, 0xE1,
+        0x47, 0x57, 0xA1, 0x9C, 0xEC, 0x44, 0xE5, 0x6F,
+        0x68, 0x34, 0x7E, 0x19, 0xBE, 0xCE, 0x56, 0xC9,
+        0xBE, 0xCE, 0xFC, 0xB8, 0x32, 0x6D, 0xCB, 0x84,
+        0x59, 0xBF, 0x4D, 0xF6, 0xE1, 0x53, 0x41, 0x61,
+        0x5C, 0xFB, 0xD2, 0x48, 0xA6, 0x7F, 0x05, 0xB2,
+        0xFC, 0xE8, 0xB2, 0x8A, 0x55, 0x7D, 0x19, 0xC0,
+        0x69, 0x3B, 0x91, 0x5D, 0x71, 0xE7, 0xBB, 0x72,
+        0x7D, 0xB9, 0x64, 0x6E, 0x8B, 0x5B, 0x70, 0x51,
+        0xB5, 0x69, 0x8C, 0xC0, 0xFC, 0x95, 0xB2, 0x43,
+        0x08, 0xF8, 0x70, 0xE4, 0x6F, 0x87, 0xA7, 0xDF,
+        0x23, 0x84, 0xEE, 0xCF, 0x73, 0x38, 0xDE, 0x99,
+        0x4C, 0xF8, 0xF1, 0x2D, 0xA2, 0x68, 0x99, 0xE3,
+        0x9B, 0xB8, 0xF6, 0xC1, 0x5C, 0x83, 0x07, 0xE9,
+        0xB9, 0xE2, 0x51, 0x62, 0xC8, 0x53, 0xF1, 0xC2,
+        0xF7, 0x57, 0x8A, 0xA0, 0x42, 0x3C, 0x18, 0x36,
+        0xF3, 0x99, 0xFD, 0x34, 0xB2, 0xF0, 0x1D, 0xBA,
+        0x43, 0xEA, 0x72, 0x1C, 0x0B, 0x37, 0x47, 0xBC,
+        0xAF, 0xDA, 0x22, 0x1F, 0x1C, 0x08, 0x16, 0x13,
+        0xBD, 0xAA, 0x07, 0xFD, 0x7E, 0xCA, 0x70, 0x57,
+        0x74, 0xDF, 0x68, 0x6B, 0x9F, 0x2D, 0x56, 0xBD,
+        0x21, 0x89, 0xFA, 0x09, 0x04, 0xCA, 0x09, 0xBD,
+        0x4F, 0xE6, 0x15, 0xF5, 0x89, 0xAB, 0xAC, 0xB2,
+        0xC9, 0xBF, 0xC8, 0xBB, 0x87, 0x83, 0xB4, 0xD3,
+        0xDC, 0xB1, 0x25, 0x9B, 0xAE, 0xC5, 0x75, 0x0C,
+        0x9E, 0x6A, 0x83, 0x41, 0x85, 0x9D, 0x4B, 0xBF,
+        0x62, 0x0C, 0x7D, 0x77, 0xC9, 0x89, 0xA6, 0xE1,
+        0x28, 0xBD, 0x13, 0x5D, 0x41, 0x26, 0x80, 0x75,
+        0x23, 0x57, 0xE7, 0x4F, 0x4D, 0x02, 0x8E, 0x0F,
+        0x43, 0x67, 0xF6, 0xA6, 0xE6, 0xB6, 0x84, 0x8D,
+        0xF5, 0x7B, 0x6A, 0x95, 0x73, 0x27, 0x86, 0x02,
+        0x72, 0xCB, 0xDF, 0x77, 0x1C, 0x6C, 0x5E, 0xD3,
+        0xF0, 0x1C, 0x82, 0x7A, 0x0D, 0xBB, 0x70, 0xA3,
+        0x98, 0x8B, 0x7B, 0x4A, 0xFE, 0x2D, 0xB1, 0x5C,
+        0x61, 0x89, 0x34, 0x4C, 0x81, 0x4B, 0x52, 0x17,
+        0x03, 0x81, 0x54, 0x4F, 0x9E, 0x9E, 0x07, 0x16,
+        0xF3, 0xD9, 0x18, 0x01, 0x11, 0xFD, 0x67, 0x18,
+        0xA2, 0x64, 0x35, 0x42, 0x81, 0x80, 0x4A, 0xBA,
+        0xCB, 0xD5, 0xF5, 0x4A, 0x10, 0x7F, 0xE2, 0xCF,
+        0xA5, 0x1E, 0xCB, 0x0C, 0xAB, 0x3E, 0x03, 0x98,
+        0x73, 0x89, 0xA4, 0x10, 0x75, 0xD5, 0xAC, 0x3D,
+        0xCF, 0x56, 0x75, 0xD8, 0x86, 0xC2, 0x21, 0x42,
+        0x99, 0x8D, 0x1B, 0x49, 0x09, 0xFE, 0x86, 0x41,
+        0xC9, 0xDC, 0x87, 0x8D, 0x5A, 0xF0, 0xF5, 0xBE,
+        0xF5, 0x49, 0x64, 0x5A, 0x7A, 0xC3, 0x5D, 0xE4,
+        0xD6, 0xB7, 0x30, 0x92, 0x2A, 0x15, 0x86, 0x02,
+        0xBE, 0xBA, 0x6E, 0xF6, 0x3D, 0x2D, 0x70, 0x89,
+        0xFB, 0xB5, 0x1E, 0xBA, 0xDA, 0x20, 0x12, 0x49,
+        0x22, 0xA0, 0xD8, 0x33, 0x9E, 0x4C, 0xC0, 0x27,
+        0x0F, 0x9C, 0x1F, 0xD2, 0xA9, 0xF4, 0xD2, 0xA9,
+        0x6D, 0xC5, 0x32, 0x16, 0x35, 0x9F, 0x19, 0x88,
+        0xC1, 0xAA, 0xA4, 0x66, 0x33, 0xE6, 0x2C, 0x6A,
+        0x6E, 0xA2, 0x1B, 0x33, 0xCB, 0xC3, 0x7E, 0xC5,
+        0x31, 0x4D, 0x5C, 0x17, 0x4C, 0x33, 0x7F, 0x09,
+        0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E,
+        0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39
+    };
+    static const byte sk_87_draft[] = {
+        0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
+        0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
+        0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
+        0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB,
+        0x9A, 0xFE, 0xF5, 0x92, 0x58, 0xBB, 0x3C, 0xEB,
+        0x4C, 0x5E, 0x83, 0xF9, 0xFF, 0xBC, 0x3B, 0x49,
+        0xAE, 0xE1, 0xFC, 0x4B, 0x94, 0x4B, 0x8C, 0x75,
+        0xD4, 0x67, 0x75, 0x66, 0x7D, 0x6B, 0xA4, 0xF2,
+        0xDA, 0xC2, 0xB7, 0xC4, 0xD8, 0x50, 0x25, 0xCB,
+        0x5A, 0xDB, 0xA4, 0xAD, 0xBB, 0x44, 0x20, 0x24,
+        0x90, 0xEA, 0xA5, 0x2C, 0xAE, 0x80, 0x22, 0xC9,
+        0x59, 0x02, 0xB7, 0x10, 0xB0, 0x5E, 0x1E, 0x5F,
+        0x52, 0x7D, 0x88, 0xDA, 0xE2, 0x04, 0xBF, 0x45,
+        0xA7, 0xA8, 0x49, 0x97, 0x7D, 0xAD, 0x7C, 0x7C,
+        0x9E, 0x9C, 0x4A, 0xCC, 0x36, 0x33, 0x0F, 0x30,
+        0xFA, 0xDE, 0x52, 0xE9, 0xAE, 0x23, 0x29, 0x13,
+        0x10, 0x17, 0x8A, 0xD0, 0x08, 0x8E, 0xE1, 0x10,
+        0x30, 0xD0, 0x84, 0x65, 0x92, 0x12, 0x2A, 0x81,
+        0x26, 0x2E, 0x11, 0x14, 0x30, 0x61, 0x38, 0x61,
+        0x64, 0x42, 0x05, 0x08, 0x91, 0x90, 0x4C, 0x06,
+        0x82, 0xCC, 0x90, 0x45, 0x10, 0x39, 0x90, 0x22,
+        0x40, 0x2A, 0x9B, 0x16, 0x26, 0x9A, 0xA8, 0x50,
+        0x91, 0x12, 0x70, 0x91, 0x20, 0x4D, 0xC0, 0x34,
+        0x90, 0x18, 0x28, 0x31, 0x10, 0x02, 0x11, 0x22,
+        0xB3, 0x6C, 0x8B, 0xB8, 0x2C, 0x22, 0xB0, 0x69,
+        0x53, 0x36, 0x31, 0x61, 0x42, 0x6C, 0xD9, 0x06,
+        0x6A, 0xD9, 0x04, 0x45, 0xDB, 0x18, 0x05, 0x12,
+        0x37, 0x4A, 0xD4, 0x06, 0x64, 0xD3, 0xA2, 0x85,
+        0xA0, 0x38, 0x8A, 0x14, 0xA5, 0x85, 0x50, 0x20,
+        0x85, 0xE4, 0xA8, 0x24, 0xC3, 0xC6, 0x31, 0xC9,
+        0x34, 0x4E, 0xD2, 0x14, 0x68, 0x82, 0x90, 0x85,
+        0xC4, 0x02, 0x61, 0x24, 0x38, 0x05, 0x01, 0xA3,
+        0x50, 0x48, 0x08, 0x62, 0x20, 0xB0, 0x25, 0x5B,
+        0xA6, 0x4D, 0x98, 0x92, 0x11, 0xC2, 0x06, 0x00,
+        0xD1, 0xB0, 0x4D, 0x21, 0xA4, 0x8C, 0x01, 0x16,
+        0x72, 0x11, 0xA6, 0x20, 0xD0, 0x16, 0x45, 0x10,
+        0x31, 0x8E, 0xCB, 0xC2, 0x69, 0x02, 0x08, 0x91,
+        0xD4, 0x30, 0x89, 0x03, 0x41, 0x05, 0x93, 0x16,
+        0x8E, 0x5A, 0x18, 0x04, 0x41, 0x10, 0x6D, 0x18,
+        0x42, 0x70, 0x53, 0x16, 0x31, 0x52, 0x30, 0x8E,
+        0x0C, 0x49, 0x66, 0x0C, 0x90, 0x0C, 0xA4, 0x08,
+        0x2E, 0x41, 0x92, 0x05, 0x24, 0x07, 0x30, 0x12,
+        0x46, 0x72, 0x13, 0x99, 0x20, 0xE0, 0xA2, 0x4C,
+        0x1B, 0x14, 0x52, 0x5A, 0x90, 0x05, 0x08, 0x82,
+        0x31, 0x53, 0xC2, 0x90, 0xCC, 0x42, 0x68, 0x18,
+        0xB0, 0x2C, 0x00, 0x80, 0x65, 0x58, 0x12, 0x84,
+        0x19, 0x90, 0x08, 0x44, 0x26, 0x4A, 0x10, 0xA9,
+        0x0C, 0x12, 0x25, 0x0C, 0x9C, 0x10, 0x25, 0x0C,
+        0x28, 0x25, 0xD8, 0x46, 0x84, 0x1A, 0x22, 0x71,
+        0x5B, 0x28, 0x6E, 0x98, 0x02, 0x51, 0x61, 0xB4,
+        0x51, 0x01, 0xA1, 0x21, 0x24, 0x39, 0x12, 0xC8,
+        0x08, 0x85, 0xD1, 0x34, 0x64, 0xA4, 0xA8, 0x04,
+        0xA2, 0xC0, 0x09, 0x44, 0x48, 0x48, 0x03, 0x37,
+        0x00, 0x20, 0x05, 0x4D, 0x20, 0xA4, 0x05, 0x11,
+        0x18, 0x82, 0x42, 0x94, 0x4D, 0x24, 0x16, 0x01,
+        0x02, 0x93, 0x4C, 0x00, 0x16, 0x06, 0xC1, 0xC0,
+        0x0C, 0x8B, 0xC0, 0x41, 0x41, 0x06, 0x42, 0xA3,
+        0xC6, 0x64, 0x1A, 0x85, 0x91, 0x41, 0x06, 0x49,
+        0x04, 0xA7, 0x44, 0x82, 0x22, 0x6A, 0x50, 0x08,
+        0x0E, 0x14, 0x18, 0x20, 0x4B, 0x88, 0x91, 0x01,
+        0xA0, 0x49, 0x1A, 0x85, 0x4D, 0x94, 0x18, 0x10,
+        0x0A, 0x05, 0x44, 0x94, 0x38, 0x05, 0x93, 0x40,
+        0x68, 0x23, 0x07, 0x85, 0xE2, 0x12, 0x22, 0x9B,
+        0xB8, 0x08, 0xD2, 0x10, 0x2A, 0x08, 0xA8, 0x10,
+        0x92, 0x40, 0x2D, 0xD8, 0x44, 0x4C, 0xCC, 0x94,
+        0x05, 0x24, 0x43, 0x4C, 0xD3, 0xC2, 0x48, 0x10,
+        0x21, 0x2D, 0xC9, 0xB6, 0x08, 0xC9, 0x06, 0x4D,
+        0xE1, 0x90, 0x20, 0x14, 0x24, 0x70, 0x5C, 0x84,
+        0x28, 0xC0, 0xC2, 0x81, 0x22, 0x13, 0x50, 0x44,
+        0x84, 0x91, 0xCA, 0xA2, 0x48, 0x12, 0x91, 0x05,
+        0x5B, 0x92, 0x8D, 0x92, 0x92, 0x24, 0x82, 0x42,
+        0x48, 0x03, 0x37, 0x46, 0xD8, 0x44, 0x86, 0x44,
+        0x20, 0x89, 0xE4, 0xC2, 0x84, 0xC2, 0x04, 0x65,
+        0x49, 0xA8, 0x4D, 0xA4, 0x38, 0x28, 0xDB, 0xA4,
+        0x64, 0x24, 0x00, 0x51, 0xC8, 0x12, 0x6D, 0x19,
+        0x82, 0x24, 0xCB, 0x00, 0x44, 0x4B, 0x20, 0x20,
+        0x9B, 0x82, 0x4C, 0x5C, 0xA8, 0x08, 0xD2, 0xB6,
+        0x8C, 0x08, 0x35, 0x20, 0xC0, 0x92, 0x45, 0xE3,
+        0xB4, 0x2C, 0x50, 0x32, 0x0E, 0xD1, 0x82, 0x11,
+        0x4A, 0x96, 0x08, 0x1C, 0x86, 0x29, 0x02, 0x19,
+        0x71, 0x12, 0x03, 0x6E, 0x94, 0x08, 0x50, 0x12,
+        0x27, 0x20, 0x0B, 0x10, 0x12, 0xA1, 0x18, 0x06,
+        0x5A, 0x36, 0x4C, 0x93, 0xB4, 0x68, 0x21, 0xA7,
+        0x28, 0x09, 0x34, 0x91, 0x18, 0x93, 0x49, 0x4A,
+        0x32, 0x60, 0x00, 0x29, 0x2D, 0x94, 0x48, 0x44,
+        0x09, 0x94, 0x2C, 0x21, 0x07, 0x6C, 0x41, 0x38,
+        0x60, 0x8C, 0x10, 0x46, 0x11, 0x19, 0x65, 0x01,
+        0x46, 0x60, 0x1A, 0x29, 0x42, 0x23, 0x30, 0x29,
+        0x40, 0x96, 0x85, 0x81, 0xC6, 0x6C, 0x09, 0xA2,
+        0x31, 0x23, 0xC9, 0x84, 0x18, 0x27, 0x61, 0x02,
+        0xA6, 0x05, 0x1B, 0x11, 0x32, 0xD1, 0x80, 0x24,
+        0x59, 0x22, 0x52, 0x21, 0x34, 0x64, 0x0A, 0x21,
+        0x52, 0x10, 0xC2, 0x80, 0x5C, 0x98, 0x0D, 0x81,
+        0xA0, 0x84, 0x14, 0x97, 0x04, 0xCC, 0xC2, 0x04,
+        0x1A, 0x81, 0x45, 0x23, 0x44, 0x6C, 0x13, 0xC0,
+        0x44, 0x59, 0xC2, 0x68, 0x64, 0x08, 0x52, 0x51,
+        0x30, 0x71, 0x12, 0x49, 0x70, 0x12, 0x94, 0x84,
+        0x80, 0x12, 0x12, 0x1B, 0x00, 0x50, 0x84, 0x10,
+        0x45, 0x4A, 0x30, 0x10, 0x22, 0x95, 0x49, 0xC9,
+        0x82, 0x24, 0x03, 0x35, 0x21, 0x18, 0x16, 0x72,
+        0x09, 0x89, 0x65, 0x88, 0xB2, 0x89, 0x41, 0xB4,
+        0x90, 0x92, 0x38, 0x8C, 0x08, 0x23, 0x26, 0x0B,
+        0x80, 0x61, 0x84, 0x28, 0x6A, 0x4C, 0x98, 0x44,
+        0x10, 0xB9, 0x30, 0x93, 0x02, 0x49, 0x22, 0x13,
+        0x80, 0x1C, 0xC3, 0x48, 0x50, 0xA8, 0x20, 0x1C,
+        0x05, 0x00, 0x5B, 0x02, 0x41, 0xD2, 0x84, 0x61,
+        0x4B, 0x40, 0x46, 0x20, 0x21, 0x44, 0xD9, 0xC4,
+        0x21, 0xD3, 0xA4, 0x4D, 0xC0, 0xC0, 0x09, 0x5B,
+        0x28, 0x91, 0x18, 0x15, 0x41, 0x18, 0xC5, 0x4C,
+        0x14, 0xB7, 0x61, 0xDB, 0x34, 0x25, 0x02, 0x06,
+        0x41, 0x14, 0xA9, 0x65, 0x0B, 0x10, 0x04, 0x23,
+        0xC7, 0x49, 0x13, 0x47, 0x0A, 0xD0, 0x30, 0x80,
+        0x99, 0x32, 0x68, 0x50, 0x18, 0x06, 0xA2, 0x28,
+        0x65, 0x13, 0x35, 0x82, 0xD3, 0x06, 0x81, 0x22,
+        0x49, 0x4D, 0x48, 0x44, 0x30, 0xCA, 0x96, 0x2C,
+        0x12, 0xC8, 0x08, 0xA1, 0x24, 0x2C, 0x52, 0xA8,
+        0x28, 0x23, 0x14, 0x0A, 0xD4, 0x20, 0x4D, 0x18,
+        0x12, 0x72, 0xD4, 0x80, 0x44, 0xDC, 0x26, 0x2C,
+        0x88, 0x10, 0x0A, 0x04, 0x14, 0x51, 0xC1, 0x96,
+        0x00, 0xA3, 0x40, 0x30, 0x99, 0x48, 0x92, 0x9B,
+        0x08, 0x86, 0x81, 0x04, 0x20, 0x4C, 0xB2, 0x29,
+        0x18, 0x31, 0x08, 0x09, 0x23, 0x8C, 0x4C, 0x02,
+        0x6A, 0xCA, 0x00, 0x62, 0x09, 0x22, 0x2D, 0x21,
+        0x00, 0x02, 0x0A, 0x39, 0x41, 0x04, 0xA3, 0x50,
+        0x90, 0x80, 0x2D, 0x59, 0xB4, 0x71, 0x13, 0x16,
+        0x31, 0x11, 0x90, 0x4C, 0xC3, 0x14, 0x20, 0x60,
+        0xB2, 0x30, 0x0A, 0xB6, 0x24, 0x21, 0xA9, 0x10,
+        0x89, 0x80, 0x88, 0x44, 0x06, 0x8A, 0x91, 0x22,
+        0x8E, 0xD9, 0x36, 0x86, 0x10, 0x46, 0x0A, 0xE1,
+        0x16, 0x85, 0x42, 0x40, 0x6C, 0x09, 0x49, 0x11,
+        0xE0, 0x88, 0x68, 0x12, 0x08, 0x68, 0x5C, 0x26,
+        0x24, 0x04, 0xA8, 0x70, 0xC8, 0x08, 0x05, 0x13,
+        0x87, 0x41, 0x23, 0x29, 0x72, 0xC9, 0xB8, 0x88,
+        0x1B, 0x22, 0x66, 0x11, 0xA5, 0x2D, 0x11, 0x29,
+        0x12, 0x50, 0x12, 0x70, 0x03, 0x09, 0x6A, 0x4B,
+        0x88, 0x4C, 0xD2, 0xC8, 0x31, 0x40, 0x26, 0x40,
+        0x4C, 0x04, 0x50, 0x58, 0x16, 0x71, 0x90, 0xC2,
+        0x00, 0x0A, 0x30, 0x8A, 0xDC, 0x24, 0x85, 0x19,
+        0xB0, 0x65, 0x1A, 0xA3, 0x64, 0x13, 0xA3, 0x45,
+        0xC8, 0x48, 0x91, 0x91, 0x12, 0x20, 0xDC, 0x42,
+        0x40, 0x24, 0xC0, 0x4D, 0xA3, 0x98, 0x10, 0x40,
+        0x26, 0x25, 0xDC, 0xB4, 0x68, 0x4B, 0xC2, 0x45,
+        0x13, 0x06, 0x91, 0xC8, 0x92, 0x24, 0x82, 0xA8,
+        0x20, 0x4C, 0x30, 0x48, 0x52, 0x06, 0x01, 0x0B,
+        0x24, 0x51, 0x41, 0x36, 0x40, 0x93, 0xC4, 0x70,
+        0x44, 0x40, 0x2C, 0x24, 0x28, 0x22, 0x81, 0xA4,
+        0x4C, 0x43, 0x84, 0x60, 0x20, 0x23, 0x90, 0x01,
+        0x94, 0x6C, 0xDB, 0x28, 0x21, 0x93, 0x30, 0x80,
+        0x93, 0xC0, 0x25, 0xC8, 0xA6, 0x50, 0xCA, 0x24,
+        0x26, 0xD1, 0x40, 0x31, 0x04, 0xC4, 0x8D, 0xE2,
+        0xC0, 0x04, 0x08, 0x33, 0x8C, 0x18, 0x87, 0x91,
+        0xC8, 0xC8, 0x71, 0x40, 0x46, 0x06, 0x00, 0x44,
+        0x20, 0x22, 0x49, 0x70, 0x11, 0x45, 0x90, 0x02,
+        0xC3, 0x61, 0x60, 0xB4, 0x25, 0x80, 0x16, 0x21,
+        0x11, 0x09, 0x04, 0x88, 0x04, 0x05, 0xCC, 0x36,
+        0x20, 0x01, 0xB1, 0x2C, 0x64, 0xB6, 0x50, 0x54,
+        0x32, 0x42, 0x0B, 0x08, 0x8D, 0x12, 0x39, 0x0D,
+        0x10, 0x29, 0x52, 0x88, 0xB0, 0x04, 0x11, 0x38,
+        0x44, 0xD2, 0xA6, 0x71, 0x0B, 0x45, 0x48, 0x9C,
+        0x34, 0x72, 0xA0, 0x28, 0x49, 0x82, 0x16, 0x86,
+        0x12, 0x18, 0x61, 0x04, 0x41, 0x0D, 0x8A, 0xA6,
+        0x41, 0x80, 0xA8, 0x61, 0xDA, 0x30, 0x65, 0x82,
+        0x84, 0x30, 0x08, 0xA3, 0x29, 0x04, 0x33, 0x8E,
+        0x02, 0x24, 0x0D, 0x9C, 0x44, 0x10, 0xC9, 0x02,
+        0x81, 0x53, 0x06, 0x66, 0x8B, 0x06, 0x90, 0x03,
+        0x87, 0x69, 0x21, 0xC9, 0x69, 0x83, 0x46, 0x4E,
+        0x14, 0x24, 0x89, 0x8C, 0xA0, 0x6C, 0x99, 0xA2,
+        0x2C, 0x11, 0x37, 0x66, 0x0C, 0xA6, 0x4D, 0xD3,
+        0xC8, 0x70, 0x03, 0x02, 0x61, 0xC3, 0xB6, 0x65,
+        0x23, 0xC1, 0x6C, 0x10, 0x34, 0x8D, 0x1A, 0xC1,
+        0x31, 0x43, 0x40, 0x44, 0xD4, 0x08, 0x02, 0x0A,
+        0x36, 0x20, 0xE3, 0x26, 0x42, 0x0A, 0x48, 0x26,
+        0x1A, 0x13, 0x44, 0x0C, 0x18, 0x61, 0x91, 0x96,
+        0x84, 0x02, 0x17, 0x46, 0x9C, 0x20, 0x40, 0x41,
+        0xC6, 0x2D, 0x1B, 0x16, 0x0C, 0x98, 0xB2, 0x90,
+        0x1A, 0x20, 0x84, 0xE2, 0x34, 0x2D, 0xCB, 0x14,
+        0x44, 0x93, 0xC6, 0x8D, 0x58, 0xB2, 0x69, 0x22,
+        0xB2, 0x88, 0xC0, 0xB8, 0x2D, 0xA2, 0xC2, 0x31,
+        0x20, 0xA3, 0x24, 0x11, 0x46, 0x48, 0x4A, 0xA6,
+        0x50, 0x24, 0x09, 0x21, 0x1A, 0x01, 0x0D, 0x20,
+        0x36, 0x01, 0xC4, 0x34, 0x70, 0xDA, 0x16, 0x68,
+        0x84, 0x22, 0x4C, 0x11, 0x14, 0x09, 0x13, 0xC4,
+        0x68, 0x11, 0x41, 0x2D, 0x1C, 0x10, 0x31, 0xDC,
+        0xB2, 0x64, 0x42, 0x36, 0x08, 0x5C, 0x10, 0x88,
+        0x04, 0x91, 0x25, 0xE1, 0xA0, 0x20, 0x14, 0x18,
+        0x12, 0x14, 0x94, 0x91, 0x4C, 0xC2, 0x24, 0xD4,
+        0x06, 0x71, 0x21, 0x02, 0x8D, 0xD4, 0x88, 0x30,
+        0xC9, 0x36, 0x0E, 0xE4, 0x82, 0x81, 0xC0, 0x04,
+        0x6D, 0x24, 0x23, 0x09, 0x21, 0x45, 0x45, 0x20,
+        0x06, 0x65, 0xC2, 0x30, 0x2A, 0x18, 0x30, 0x8E,
+        0x24, 0x83, 0x89, 0x93, 0x32, 0x66, 0xC1, 0x48,
+        0x45, 0x62, 0x48, 0x0A, 0x52, 0xB8, 0x80, 0x11,
+        0x86, 0x21, 0x04, 0x34, 0x11, 0x24, 0xB5, 0x6C,
+        0x50, 0x36, 0x0A, 0x19, 0xA7, 0x8C, 0x14, 0x90,
+        0x0D, 0x1A, 0xA5, 0x68, 0x0B, 0xB1, 0x11, 0x50,
+        0x40, 0x08, 0x48, 0xB6, 0x31, 0x14, 0x28, 0x8D,
+        0xE3, 0x47, 0xB4, 0xA1, 0x44, 0x94, 0xCC, 0x9F,
+        0x0B, 0x94, 0x9F, 0x25, 0x49, 0xD9, 0xB3, 0x8F,
+        0x71, 0xF4, 0x17, 0xA4, 0xA6, 0xAC, 0x24, 0x58,
+        0x14, 0x25, 0x03, 0xC8, 0x63, 0x3E, 0x10, 0xA8,
+        0xD4, 0x10, 0xD7, 0x90, 0x4A, 0x28, 0x37, 0x90,
+        0x70, 0x27, 0xE3, 0x56, 0x5F, 0x04, 0x67, 0x76,
+        0xC3, 0x67, 0x3F, 0xF5, 0xA5, 0x11, 0xA2, 0x2C,
+        0x11, 0x01, 0x5D, 0x63, 0x71, 0x1A, 0xE6, 0x70,
+        0x86, 0x46, 0xAB, 0xCE, 0x03, 0xB6, 0x82, 0xAF,
+        0x51, 0xBA, 0x81, 0x94, 0x9C, 0x82, 0x36, 0xA9,
+        0x49, 0xA5, 0xA3, 0x11, 0x08, 0x8C, 0x4B, 0x13,
+        0x41, 0xF0, 0x08, 0xFD, 0xB2, 0x99, 0xED, 0xA8,
+        0x07, 0x61, 0x3C, 0x2E, 0xBC, 0x49, 0x7B, 0x1C,
+        0xBC, 0x87, 0xBC, 0xAE, 0x5F, 0x5E, 0x8F, 0x5D,
+        0xE7, 0xB9, 0x0C, 0x70, 0x36, 0x25, 0x61, 0xFD,
+        0x95, 0x9F, 0xAE, 0x0F, 0x8D, 0xF3, 0xA2, 0x45,
+        0x24, 0xA7, 0xDE, 0x60, 0xD1, 0x4E, 0x6D, 0xAC,
+        0xC7, 0x6A, 0x32, 0x42, 0xC0, 0x73, 0xEB, 0x78,
+        0x50, 0xF4, 0x49, 0x52, 0x5E, 0x6F, 0x81, 0x42,
+        0x54, 0xF8, 0x82, 0x05, 0xC9, 0x64, 0x74, 0x6A,
+        0x60, 0x5E, 0x36, 0x59, 0x40, 0x50, 0xA3, 0xFE,
+        0xDA, 0xE2, 0x6D, 0x8D, 0x6E, 0xE4, 0x5A, 0x27,
+        0x73, 0x89, 0xDB, 0x0C, 0x5B, 0x14, 0xD9, 0xED,
+        0xB2, 0xC7, 0x1D, 0x71, 0x93, 0x91, 0x0A, 0x72,
+        0x32, 0xBE, 0xA3, 0xD8, 0x95, 0x8C, 0x94, 0x7E,
+        0x63, 0xEB, 0xCE, 0x8B, 0xFC, 0xB0, 0x3F, 0x77,
+        0x5C, 0x43, 0x48, 0x18, 0x83, 0xFE, 0xC8, 0xDA,
+        0x89, 0xF2, 0x3B, 0x54, 0x82, 0x44, 0xC6, 0x9C,
+        0xCC, 0x77, 0x0A, 0xC1, 0x6F, 0xB9, 0x98, 0x10,
+        0xD5, 0xF2, 0x60, 0xFF, 0x38, 0xD2, 0x0D, 0xD6,
+        0x8C, 0x38, 0x54, 0x5B, 0xD8, 0x38, 0x84, 0x50,
+        0x36, 0xF4, 0x02, 0xC1, 0x06, 0x0F, 0x15, 0x1B,
+        0xC8, 0x90, 0x9B, 0x6E, 0x36, 0xC8, 0x3F, 0xE9,
+        0x8B, 0x62, 0x15, 0x6F, 0xF0, 0xC2, 0x86, 0x7F,
+        0xD1, 0xB5, 0x97, 0x53, 0xAE, 0x41, 0xAE, 0x21,
+        0x84, 0xAC, 0x57, 0xA5, 0x1F, 0xA7, 0xC7, 0x24,
+        0xDF, 0xDE, 0x2F, 0x3C, 0xCD, 0xA2, 0x7E, 0x1D,
+        0x97, 0xE1, 0x96, 0xC5, 0xB4, 0x7D, 0xF9, 0x5F,
+        0x7E, 0xEF, 0x09, 0xC4, 0xF3, 0x57, 0xF0, 0x51,
+        0x73, 0xAB, 0x0E, 0x6A, 0xCA, 0x64, 0xE4, 0x99,
+        0x0F, 0xD2, 0x20, 0xAC, 0x72, 0xF1, 0xA8, 0x23,
+        0x8F, 0x94, 0x63, 0xDC, 0xB3, 0xBB, 0x62, 0x2C,
+        0xEA, 0xA6, 0x27, 0x5A, 0x93, 0xC6, 0xCD, 0xCE,
+        0x1E, 0x09, 0xAF, 0x89, 0xEC, 0x22, 0xE4, 0x30,
+        0x2D, 0xB9, 0xCD, 0x08, 0x2E, 0x12, 0x76, 0x79,
+        0x99, 0xBC, 0xA0, 0x34, 0x0B, 0xDA, 0x89, 0x08,
+        0x14, 0x60, 0x7B, 0x98, 0xE6, 0xAF, 0xD2, 0xE1,
+        0x87, 0xC8, 0xDA, 0x50, 0xF7, 0x10, 0x2C, 0x72,
+        0x74, 0x50, 0xD0, 0x3C, 0x98, 0x06, 0xFE, 0xEB,
+        0xC6, 0xC5, 0x69, 0x31, 0x06, 0xE2, 0x2E, 0x7E,
+        0x7D, 0x3D, 0x2B, 0x1F, 0x48, 0x43, 0xC5, 0x95,
+        0xDA, 0x84, 0x08, 0x1E, 0x2B, 0x50, 0x6D, 0x91,
+        0xA6, 0x2B, 0xCD, 0x08, 0x43, 0x7B, 0xA2, 0xD8,
+        0x60, 0x6E, 0xF7, 0x80, 0x08, 0xC3, 0x3F, 0x35,
+        0xF3, 0x70, 0xA5, 0xC7, 0x56, 0xFC, 0xBD, 0x34,
+        0x46, 0x7B, 0xBF, 0x63, 0x19, 0xAC, 0xB6, 0xC3,
+        0x1B, 0x81, 0x84, 0x9F, 0xBB, 0x54, 0x05, 0x99,
+        0xAE, 0x43, 0xE2, 0xA5, 0x20, 0xFD, 0x5C, 0xC7,
+        0x25, 0x47, 0xB1, 0xFD, 0x80, 0xB5, 0x78, 0xC2,
+        0x00, 0x98, 0x02, 0xB9, 0x61, 0x2A, 0xBA, 0x39,
+        0xC7, 0x20, 0xB8, 0x7D, 0x7A, 0x03, 0x68, 0xE5,
+        0x37, 0x71, 0x1F, 0x72, 0xAA, 0x41, 0x61, 0xB4,
+        0xC0, 0xC2, 0xD3, 0x7A, 0xCD, 0xD2, 0xED, 0xC2,
+        0xC5, 0x99, 0x8C, 0x62, 0xA3, 0x7D, 0xC8, 0x9C,
+        0xD2, 0x50, 0x02, 0x0D, 0xCB, 0x68, 0x15, 0xB0,
+        0xD6, 0x19, 0x03, 0xC8, 0x01, 0x12, 0x72, 0xA1,
+        0x3A, 0xC2, 0xA6, 0x63, 0x51, 0x26, 0x03, 0x5D,
+        0x3F, 0x1D, 0x3B, 0x0E, 0x30, 0x6B, 0xB7, 0xEC,
+        0xB6, 0x8E, 0x2D, 0x76, 0xC8, 0xD7, 0xAE, 0x59,
+        0x81, 0xFC, 0x5F, 0x57, 0x5E, 0xAD, 0xA0, 0x20,
+        0xC8, 0xB4, 0x91, 0x2D, 0xEC, 0x03, 0xC4, 0xC6,
+        0x55, 0x05, 0x87, 0xA4, 0xA2, 0x21, 0x09, 0x25,
+        0x97, 0x21, 0xA4, 0x46, 0x45, 0x46, 0x40, 0x3B,
+        0xDC, 0x6F, 0xCD, 0xFB, 0xFB, 0xD9, 0xF4, 0x2C,
+        0xEC, 0xF1, 0xC4, 0x73, 0x41, 0x30, 0x60, 0x63,
+        0x9A, 0xF2, 0xA5, 0x26, 0x78, 0x9A, 0x5E, 0x70,
+        0x98, 0xDE, 0x35, 0x10, 0xA0, 0x5D, 0x45, 0xD5,
+        0x95, 0xF7, 0x11, 0xBC, 0x99, 0xD3, 0x00, 0x67,
+        0x9A, 0x30, 0x85, 0x36, 0x50, 0xDB, 0x18, 0xEA,
+        0x6D, 0xB2, 0xF3, 0x14, 0xDA, 0x23, 0xE2, 0x8A,
+        0x44, 0x21, 0x25, 0xD4, 0xA3, 0x28, 0x43, 0xA0,
+        0xC6, 0x5C, 0x99, 0xB0, 0x72, 0x6B, 0xC2, 0x1A,
+        0x30, 0xBE, 0x6B, 0x7B, 0xE0, 0x31, 0x54, 0x8C,
+        0x29, 0xE5, 0xC6, 0x69, 0x53, 0xDE, 0x05, 0x1E,
+        0x43, 0xCC, 0x7E, 0x9A, 0x82, 0x4A, 0xC4, 0x0A,
+        0x50, 0x65, 0xDC, 0xD8, 0xF9, 0x01, 0x32, 0x65,
+        0x1E, 0xF9, 0xA4, 0xCC, 0x07, 0xB9, 0x55, 0x97,
+        0x45, 0xA9, 0x61, 0xF8, 0xBE, 0x99, 0x00, 0x12,
+        0xD8, 0x17, 0x62, 0xFB, 0x89, 0xE7, 0x05, 0x5E,
+        0x1B, 0xCD, 0x2B, 0x09, 0x6C, 0x5A, 0x5C, 0xA3,
+        0x66, 0x4D, 0x02, 0x78, 0x0C, 0xC3, 0x63, 0x30,
+        0xD0, 0xFA, 0x7B, 0x11, 0x00, 0x40, 0xDD, 0xF0,
+        0x8C, 0x7C, 0xBA, 0x4C, 0x63, 0x78, 0xDA, 0xBB,
+        0xDF, 0xF9, 0xC9, 0xA4, 0x40, 0x25, 0x86, 0xD1,
+        0xBA, 0x22, 0xD7, 0x69, 0x98, 0x4E, 0x9D, 0x15,
+        0x21, 0xA8, 0x56, 0xC0, 0xFF, 0x52, 0xE4, 0xB4,
+        0x0F, 0xB2, 0x53, 0xE7, 0xA1, 0x34, 0x18, 0xEA,
+        0x5B, 0x25, 0x42, 0x13, 0xE3, 0x13, 0xE7, 0xDF,
+        0x54, 0x2B, 0x8D, 0x70, 0x51, 0xC7, 0x60, 0xB1,
+        0x1E, 0x4D, 0x3A, 0x46, 0x04, 0xA1, 0x11, 0x43,
+        0xAD, 0x24, 0x29, 0x90, 0xC9, 0x04, 0x15, 0xC5,
+        0x07, 0xE5, 0x46, 0xB8, 0x50, 0x16, 0x6B, 0x66,
+        0xFE, 0x1C, 0x8B, 0xFC, 0x20, 0x9C, 0xC4, 0x88,
+        0x10, 0x36, 0x5E, 0x56, 0xE8, 0x45, 0x75, 0x89,
+        0xFB, 0xD6, 0xD0, 0x8D, 0x9D, 0x53, 0xAE, 0x89,
+        0x19, 0x54, 0xCF, 0xE1, 0xFF, 0x12, 0x13, 0xF2,
+        0xC7, 0xBE, 0x4C, 0x1E, 0xB0, 0x70, 0x6E, 0xDC,
+        0x0A, 0x64, 0x3B, 0x60, 0x3A, 0xEA, 0x0D, 0x41,
+        0xDD, 0x8E, 0x09, 0xB9, 0x96, 0x8F, 0x6A, 0x49,
+        0x50, 0xEF, 0xDF, 0xD7, 0x73, 0x8D, 0x16, 0x32,
+        0xA8, 0x5C, 0x0A, 0x90, 0x18, 0xA1, 0xEB, 0x19,
+        0xCC, 0x50, 0xD5, 0x59, 0xD7, 0x35, 0x3F, 0xBA,
+        0x38, 0x1B, 0x5F, 0x71, 0x56, 0x70, 0xB3, 0x20,
+        0x4D, 0x9E, 0x16, 0xA8, 0xF7, 0x35, 0x19, 0xD2,
+        0x09, 0x0A, 0x22, 0x28, 0x81, 0x61, 0x26, 0x5B,
+        0x9C, 0xEC, 0x9D, 0x4A, 0x61, 0xCF, 0x0D, 0x3C,
+        0x88, 0xEA, 0x0B, 0x7A, 0xA7, 0xC6, 0xAE, 0x31,
+        0xBE, 0xC2, 0xBA, 0x48, 0xBB, 0x9D, 0x06, 0xE1,
+        0x32, 0x6D, 0x80, 0xCE, 0x27, 0x5C, 0x6F, 0x13,
+        0x79, 0x35, 0x9F, 0x9C, 0x11, 0xEA, 0xDB, 0xF5,
+        0x49, 0x15, 0xB6, 0x51, 0x86, 0xFC, 0x62, 0x34,
+        0x3D, 0x58, 0x6B, 0x0E, 0xF8, 0x3B, 0xBB, 0x42,
+        0xF6, 0x2D, 0x5C, 0xE2, 0xF3, 0xAA, 0x9F, 0x03,
+        0x43, 0xE9, 0x9E, 0x90, 0xB9, 0xFF, 0x55, 0x93,
+        0x60, 0xF8, 0x10, 0x2F, 0xFC, 0xBD, 0x40, 0x23,
+        0xB8, 0x4F, 0x4C, 0x7A, 0x74, 0x9F, 0xDC, 0x55,
+        0xDF, 0x5E, 0xCD, 0x23, 0xEB, 0xAC, 0x47, 0x4E,
+        0x0D, 0x0F, 0xBE, 0xDE, 0x02, 0x64, 0x61, 0x7E,
+        0x73, 0x78, 0x8E, 0x25, 0xE9, 0x7D, 0x66, 0xE5,
+        0x82, 0xBF, 0x98, 0x5B, 0x36, 0xCE, 0x17, 0x72,
+        0x56, 0x9C, 0xDA, 0x63, 0x77, 0x55, 0x8B, 0xA9,
+        0x75, 0xF5, 0x28, 0xC3, 0x78, 0x6D, 0x8F, 0xC2,
+        0x75, 0x5F, 0x28, 0x9E, 0x3F, 0xFB, 0xF1, 0xFD,
+        0xB7, 0xDE, 0x05, 0x3C, 0xD3, 0xE8, 0xD7, 0x7A,
+        0x7D, 0xC9, 0xF7, 0x9D, 0x58, 0xB4, 0xA6, 0x21,
+        0x25, 0xFC, 0x52, 0x84, 0x21, 0xF6, 0x0B, 0x6D,
+        0xA6, 0x62, 0x51, 0x97, 0xCD, 0xA9, 0xA1, 0x0C,
+        0x88, 0x21, 0x67, 0xA5, 0xFB, 0x8C, 0x8A, 0x50,
+        0xC5, 0x21, 0x91, 0x3A, 0xAB, 0x95, 0x96, 0xF3,
+        0x30, 0x6D, 0x08, 0x42, 0x07, 0x4B, 0x78, 0x1F,
+        0xC1, 0xD3, 0x41, 0x15, 0x68, 0xED, 0x93, 0x09,
+        0xC7, 0x8B, 0xF9, 0x77, 0x25, 0xD3, 0xCE, 0x2B,
+        0xA2, 0x0D, 0xB4, 0xC6, 0x84, 0x7F, 0x8E, 0xE5,
+        0x24, 0x46, 0x59, 0x8D, 0x6F, 0x0F, 0x0C, 0xA8,
+        0xFC, 0x04, 0x9B, 0x4D, 0x2B, 0xA7, 0x70, 0x1F,
+        0x46, 0x7E, 0x76, 0x03, 0xC6, 0x7E, 0xA5, 0x3D,
+        0x79, 0xE2, 0xF1, 0xAC, 0xBC, 0xDD, 0xF6, 0x91,
+        0x69, 0x4C, 0x44, 0x1F, 0xC3, 0xBF, 0x9F, 0xFC,
+        0x4E, 0xB0, 0x79, 0x30, 0x68, 0x89, 0xAC, 0xF2,
+        0xD7, 0xC6, 0xE1, 0x6C, 0x37, 0xFB, 0xB3, 0x38,
+        0x44, 0x2C, 0x97, 0xAB, 0xDA, 0x2C, 0x88, 0xC7,
+        0xF2, 0x80, 0x08, 0x00, 0x4E, 0x44, 0xED, 0xBE,
+        0xA4, 0x28, 0x3D, 0xC1, 0xCF, 0x9E, 0x83, 0xE7,
+        0x2E, 0x7F, 0xF5, 0x08, 0x47, 0x26, 0xE0, 0xBD,
+        0x1A, 0x17, 0xDB, 0x2F, 0xED, 0x19, 0x2E, 0x65,
+        0x1B, 0x62, 0x5F, 0x08, 0x82, 0x10, 0x61, 0xCB,
+        0xAA, 0xA7, 0xF8, 0x59, 0x4B, 0x46, 0xCB, 0xA2,
+        0xCB, 0x41, 0x34, 0x30, 0x51, 0x58, 0x2A, 0xEE,
+        0xE1, 0x5E, 0xAC, 0xCA, 0xBF, 0x37, 0x45, 0x98,
+        0xBD, 0x93, 0x1B, 0x5A, 0x5E, 0x92, 0x14, 0x05,
+        0x75, 0x2D, 0xFB, 0x8F, 0xBD, 0x24, 0x9B, 0x81,
+        0xCD, 0xDD, 0xF5, 0xBE, 0x05, 0x0D, 0xBD, 0x4B,
+        0x2B, 0x8C, 0x0A, 0xF0, 0x3A, 0x85, 0xD6, 0x74,
+        0x65, 0x7F, 0x98, 0xF8, 0x57, 0xA2, 0x36, 0xA2,
+        0xFE, 0xE4, 0xB4, 0xA4, 0x0D, 0xEA, 0x9A, 0xBE,
+        0x41, 0x79, 0x68, 0x63, 0x70, 0x3F, 0x3E, 0x38,
+        0x60, 0xC3, 0x40, 0x81, 0x72, 0xDD, 0x25, 0x34,
+        0xB4, 0xFE, 0xAC, 0x41, 0x6E, 0x4A, 0xE7, 0xBF,
+        0xE3, 0x87, 0xFA, 0x20, 0x8B, 0xBD, 0x68, 0x9E,
+        0x06, 0xA9, 0x15, 0x23, 0x07, 0x04, 0x4B, 0xFA,
+        0x45, 0x45, 0xB7, 0x75, 0xD3, 0x3E, 0x16, 0x70,
+        0xF6, 0x26, 0xF2, 0x3A, 0x9D, 0xFB, 0xEA, 0xEB,
+        0x47, 0xCE, 0x99, 0x6B, 0x0E, 0xB2, 0xE8, 0x2B,
+        0x18, 0x15, 0x14, 0x2E, 0xF2, 0x14, 0x0D, 0x44,
+        0x47, 0x1E, 0x63, 0x84, 0x5B, 0x3F, 0xA8, 0xEF,
+        0x5F, 0xEB, 0xA0, 0x41, 0x77, 0xC1, 0xF4, 0x4F,
+        0x8E, 0x2E, 0x29, 0xCD, 0xDB, 0xF2, 0x75, 0x24,
+        0x24, 0x46, 0x73, 0xC3, 0x46, 0xB5, 0xCA, 0x13,
+        0x35, 0x12, 0x0A, 0x8D, 0x88, 0x89, 0x17, 0x99,
+        0x13, 0xCA, 0x66, 0x07, 0x67, 0x6B, 0x7B, 0x3B,
+        0x20, 0xD3, 0x5F, 0x78, 0x1C, 0xC0, 0x99, 0x59,
+        0x0A, 0xBA, 0x8F, 0xA0, 0xDB, 0xDF, 0xCC, 0x03,
+        0xC4, 0xA6, 0xC7, 0x08, 0xB9, 0xFD, 0x95, 0xC2,
+        0x45, 0xF9, 0xF3, 0x11, 0x62, 0xF7, 0x14, 0xB9,
+        0xEB, 0x09, 0xB3, 0x7C, 0xF8, 0xF6, 0x67, 0xCC,
+        0x03, 0xB3, 0x06, 0x6F, 0x60, 0xAC, 0x72, 0xF2,
+        0xD3, 0x71, 0x6C, 0x4D, 0xAD, 0x3A, 0x99, 0x75,
+        0x5C, 0x52, 0x2D, 0x87, 0x69, 0x3E, 0xD6, 0x7E,
+        0x12, 0x96, 0xD3, 0x88, 0x8D, 0x11, 0x85, 0xAA,
+        0x0A, 0xA5, 0x32, 0x90, 0x51, 0xC5, 0x65, 0x64,
+        0xE0, 0xA9, 0x73, 0xA4, 0xF3, 0x8A, 0x32, 0x83,
+        0xE5, 0x08, 0x09, 0x39, 0x6A, 0x90, 0x2C, 0xC3,
+        0xFC, 0x92, 0x29, 0x7A, 0x45, 0xBE, 0x02, 0x79,
+        0x15, 0x1B, 0xBB, 0x60, 0xBB, 0xD9, 0x42, 0xF1,
+        0xE5, 0x14, 0xB4, 0xA5, 0xFF, 0x12, 0x42, 0x30,
+        0xB0, 0xCB, 0xD0, 0x1D, 0xB4, 0x62, 0x49, 0xC5,
+        0xB7, 0xDA, 0x37, 0x47, 0x2C, 0x8B, 0x16, 0xCA,
+        0xD2, 0x2C, 0xA1, 0x24, 0xE6, 0x57, 0xFA, 0xEB,
+        0x2C, 0x62, 0x2E, 0x12, 0x74, 0x37, 0x2B, 0x3F,
+        0x56, 0x23, 0x9C, 0xED, 0x90, 0xDE, 0x0D, 0x6E,
+        0x9E, 0x11, 0x78, 0xA4, 0x9C, 0xB3, 0xA1, 0x37,
+        0xF7, 0x4B, 0x09, 0x61, 0xD8, 0x33, 0x1D, 0x80,
+        0x68, 0x5C, 0xDD, 0xBD, 0x3E, 0xAE, 0x9D, 0xB8,
+        0xBA, 0x42, 0x41, 0xDC, 0xC9, 0x93, 0xF1, 0x92,
+        0x2F, 0x7A, 0xF9, 0xFE, 0x67, 0x13, 0x87, 0xBD,
+        0x7D, 0x04, 0x17, 0x91, 0xB6, 0x03, 0x5E, 0xA0,
+        0x5B, 0x23, 0xEA, 0x0C, 0xFA, 0x45, 0xCB, 0x1A,
+        0xC5, 0x7F, 0x63, 0xD6, 0x3D, 0x3C, 0x66, 0x4A,
+        0x83, 0x4E, 0x4E, 0x90, 0xA6, 0x63, 0xB0, 0x8A,
+        0xD7, 0x0D, 0xB4, 0xB7, 0xA9, 0x0F, 0xC6, 0xC7,
+        0x3B, 0xAD, 0x07, 0xA6, 0x94, 0x47, 0xDB, 0x63,
+        0x26, 0x00, 0x18, 0x5E, 0x27, 0xB5, 0xE2, 0xE3,
+        0xED, 0x8D, 0x97, 0x95, 0x38, 0x20, 0x24, 0x9F,
+        0x40, 0x84, 0x44, 0x7E, 0x8C, 0x05, 0xAB, 0xB1,
+        0x89, 0x26, 0x7D, 0x46, 0x2C, 0x9F, 0xE5, 0xC1,
+        0x27, 0xCE, 0x1D, 0x5A, 0x9F, 0xF1, 0xF8, 0x57,
+        0x8F, 0xCF, 0xB7, 0x4E, 0x07, 0xF3, 0xBA, 0x56,
+        0xCF, 0xE9, 0x87, 0x21, 0x61, 0xD6, 0x97, 0x7B,
+        0x26, 0x97, 0x07, 0xB4, 0x87, 0xFE, 0x25, 0x9C,
+        0xA9, 0x8E, 0x06, 0x90, 0x17, 0x2C, 0x98, 0x26,
+        0x23, 0xEE, 0xBB, 0x91, 0x8A, 0x15, 0x38, 0xA1,
+        0x38, 0xCB, 0x8B, 0xA0, 0xF3, 0x4A, 0xF2, 0x12,
+        0xA7, 0xB7, 0x05, 0xB6, 0x09, 0xD0, 0xEC, 0xDD,
+        0x21, 0xB6, 0xFA, 0x29, 0x95, 0xB4, 0x08, 0xD5,
+        0x95, 0xB7, 0xB8, 0x2E, 0x23, 0xAA, 0x89, 0x81,
+        0xE2, 0xD0, 0xFD, 0x9C, 0x8D, 0xF0, 0xCA, 0x61,
+        0xE3, 0x1E, 0x73, 0x9E, 0xD1, 0x72, 0x5C, 0x63,
+        0xB8, 0x74, 0x0E, 0x2C, 0x27, 0x3A, 0x71, 0xF9,
+        0xFE, 0x66, 0x33, 0xE9, 0x41, 0x27, 0x61, 0xA3,
+        0xFA, 0xD8, 0x66, 0x2A, 0x52, 0x6D, 0xAB, 0xBF,
+        0x32, 0xC2, 0x8E, 0x8F, 0xB0, 0x60, 0x52, 0xE1,
+        0x96, 0xC8, 0x1E, 0x9A, 0x3E, 0x07, 0xFA, 0x34,
+        0xFA, 0x9C, 0x4C, 0x0D, 0x29, 0x0F, 0x68, 0xA6,
+        0x59, 0x28, 0x22, 0xB1, 0x99, 0x56, 0x2C, 0x01,
+        0x04, 0x2F, 0x34, 0x65, 0xFD, 0xD4, 0xD0, 0xD5,
+        0x17, 0x7C, 0x14, 0x92, 0x73, 0x6C, 0x31, 0xCE,
+        0xD4, 0xB3, 0x59, 0x83, 0x6B, 0x34, 0x7C, 0x76,
+        0x8C, 0xED, 0xD5, 0xE2, 0x4F, 0x39, 0x44, 0xBF,
+        0x90, 0x53, 0x9A, 0xC7, 0xD4, 0x6A, 0x86, 0xA3,
+        0xE2, 0x15, 0x59, 0xD0, 0x0F, 0x32, 0x92, 0xC2,
+        0x9B, 0x9E, 0xE3, 0xF6, 0x94, 0x96, 0xFD, 0x0B,
+        0xB6, 0x06, 0x8F, 0x0D, 0x1F, 0x38, 0xFC, 0x6F,
+        0xA2, 0x78, 0xAC, 0xC5, 0xB5, 0x6A, 0x6B, 0xEC,
+        0x78, 0x8A, 0x6F, 0xD8, 0x21, 0xB7, 0xCF, 0x66,
+        0x73, 0x03, 0xCA, 0x2E, 0x3C, 0x7F, 0x2F, 0x29,
+        0x41, 0xC9, 0x88, 0xFD, 0x0E, 0xA0, 0x43, 0xD6,
+        0x9E, 0xB1, 0xE7, 0x13, 0x9C, 0xF0, 0x9C, 0xCF,
+        0x33, 0x22, 0x57, 0xEF, 0xE5, 0xCE, 0xD9, 0xAC,
+        0x7D, 0x34, 0x75, 0xBD, 0xAE, 0x84, 0xEE, 0xE8,
+        0x5D, 0x8C, 0x55, 0x86, 0xBA, 0x19, 0xE5, 0x9D,
+        0x35, 0x6D, 0xD8, 0x70, 0xC5, 0xE0, 0xEA, 0x77,
+        0x3A, 0xE5, 0xB5, 0x2C, 0xD2, 0x28, 0xB5, 0xE8,
+        0xAF, 0xB1, 0xD2, 0xC4, 0xE5, 0x59, 0x06, 0xB8,
+        0x2E, 0xA6, 0x8F, 0xC4, 0x9B, 0x30, 0xF9, 0x37,
+        0xDB, 0x29, 0xA1, 0x44, 0x0B, 0xB7, 0xB5, 0xB4,
+        0x12, 0xD3, 0x4E, 0xB3, 0xB7, 0xD8, 0x2F, 0x19,
+        0xDE, 0x3B, 0xC3, 0x53, 0xCE, 0x1C, 0x34, 0x4C,
+        0xA4, 0x6A, 0xE2, 0xD0, 0x04, 0xDF, 0x3C, 0x53,
+        0x8B, 0x06, 0x8F, 0x36, 0xE5, 0x77, 0xB2, 0x7A,
+        0x1A, 0xC0, 0x0C, 0xBD, 0xA3, 0xA0, 0xEE, 0xB6,
+        0x40, 0xAD, 0x5C, 0x04, 0xAE, 0xCF, 0x64, 0x2B,
+        0x8A, 0x18, 0x58, 0x86, 0xDE, 0xC9, 0x3D, 0x7D,
+        0x15, 0xBC, 0xEE, 0x4C, 0x22, 0xF4, 0x98, 0xD9,
+        0x37, 0xEE, 0xE2, 0x40, 0x43, 0xFF, 0xB2, 0x6F,
+        0x05, 0xC0, 0x0E, 0x30, 0xDE, 0xD8, 0x0C, 0x0B,
+        0xAD, 0xED, 0xCC, 0xBC, 0x29, 0x95, 0x07, 0x40,
+        0x10, 0x99, 0xA0, 0xD1, 0x08, 0xF7, 0xD5, 0xF1,
+        0xAD, 0xC9, 0xDD, 0xC8, 0x6A, 0x1E, 0x9E, 0x06,
+        0xDF, 0x12, 0xFF, 0x66, 0x33, 0x5E, 0x21, 0x47,
+        0xC3, 0xDE, 0x36, 0x98, 0x5B, 0xBF, 0x42, 0x9E,
+        0x30, 0xA0, 0x81, 0x5C, 0x28, 0x34, 0x1B, 0x3A,
+        0x32, 0xBC, 0xDE, 0x52, 0x53, 0x25, 0x1E, 0xF6,
+        0xE2, 0x99, 0x12, 0x92, 0x07, 0x1D, 0xEB, 0x08,
+        0x36, 0xA7, 0xD5, 0x18, 0x1F, 0xDB, 0x44, 0xA7,
+        0xE1, 0x13, 0x06, 0xB0, 0xDF, 0x63, 0x82, 0x68,
+        0xEF, 0xF5, 0x2B, 0x04, 0x0B, 0x93, 0xE8, 0xB0,
+        0x92, 0x7B, 0xDE, 0x1F, 0xC9, 0x39, 0x8F, 0x42,
+        0x9D, 0x06, 0x22, 0x13, 0xC9, 0x97, 0x2F, 0x43,
+        0x8A, 0xBA, 0xAF, 0xF9, 0x71, 0xE3, 0x55, 0x5D,
+        0x06, 0x77, 0x38, 0x39, 0xA3, 0xED, 0x41, 0x63,
+        0xFE, 0x2A, 0xB3, 0x23, 0x43, 0x0C, 0xF3, 0x17,
+        0x3B, 0x69, 0xED, 0x32, 0x0A, 0x54, 0xF3, 0x8D,
+        0x76, 0xC6, 0x09, 0xDD, 0x88, 0x5B, 0x23, 0x57,
+        0x72, 0xC4, 0x87, 0xB8, 0x9D, 0xF7, 0xCA, 0xFB,
+        0x7C, 0x61, 0x67, 0x5C, 0x65, 0xF8, 0xD6, 0xD7,
+        0x1E, 0x95, 0xB9, 0x73, 0x4D, 0x2E, 0x1F, 0x43,
+        0x3E, 0x2B, 0x58, 0x92, 0x15, 0x2E, 0xAA, 0x51,
+        0xF0, 0xD4, 0xF2, 0xA6, 0xCD, 0x12, 0x21, 0xD6,
+        0xCA, 0x46, 0x2A, 0xFF, 0xCB, 0x1B, 0x6B, 0xB4,
+        0x09, 0x17, 0x3B, 0xA2, 0x94, 0xDF, 0x1D, 0x68,
+        0x8B, 0x75, 0xEA, 0x11, 0xD6, 0x99, 0x04, 0xD1,
+        0x00, 0xDB, 0x61, 0xBC, 0xF2, 0x3B, 0x88, 0x4B,
+        0x33, 0xDF, 0x0F, 0xD4, 0xFB, 0x14, 0x0C, 0x6A,
+        0x53, 0x61, 0x1F, 0xBD, 0x28, 0xB2, 0x11, 0x19,
+        0x38, 0x71, 0x17, 0x76, 0x4D, 0xEE, 0x01, 0xC4,
+        0x77, 0x53, 0x2A, 0xAF, 0xD3, 0x78, 0xFF, 0x45,
+        0x7F, 0x97, 0x9D, 0x26, 0x92, 0x0E, 0xD9, 0x4E,
+        0x34, 0x1D, 0xE8, 0xDD, 0xBF, 0x5F, 0x87, 0xE6,
+        0x35, 0x9A, 0x39, 0x71, 0x59, 0x20, 0x01, 0xFB,
+        0x53, 0x2C, 0x61, 0x38, 0x0C, 0x8C, 0x02, 0xD3,
+        0xA0, 0x53, 0x95, 0x02, 0xED, 0x5C, 0xFE, 0x9B,
+        0xD3, 0x6A, 0xF3, 0x3F, 0x92, 0x6F, 0x33, 0x37,
+        0x19, 0x97, 0x81, 0x3A, 0x50, 0xE1, 0xD9, 0x27,
+        0x7E, 0x64, 0xF8, 0x01, 0x52, 0x26, 0x51, 0xD1,
+        0x06, 0xAF, 0x20, 0xA0, 0x28, 0x0F, 0x3F, 0xCB,
+        0x21, 0xB7, 0x55, 0x1A, 0x76, 0xB8, 0x9B, 0x4D,
+        0xED, 0x2A, 0x05, 0x0E, 0x6E, 0xAF, 0xCC, 0xA1,
+        0x08, 0x9C, 0xBE, 0x3F, 0x98, 0xE6, 0xB4, 0xB9,
+        0x83, 0xC9, 0x08, 0x41, 0x96, 0xDD, 0xD9, 0x0D,
+        0x52, 0x66, 0x94, 0xA4, 0xEA, 0xFC, 0xE5, 0x48,
+        0x04, 0x73, 0x64, 0x79, 0x68, 0xC9, 0x4A, 0x81,
+        0xA8, 0x07, 0xF8, 0xD9, 0x4E, 0x07, 0x1E, 0xC1,
+        0x8F, 0x62, 0xAB, 0xA6, 0xD7, 0x68, 0xFC, 0x57,
+        0x5E, 0x75, 0x1B, 0xBF, 0x3D, 0xA6, 0x91, 0xC5,
+        0x08, 0x14, 0x5E, 0xF2, 0x4C, 0x22, 0x8B, 0x4E,
+        0x29, 0x2D, 0xC0, 0x46, 0x3A, 0x9C, 0x9D, 0x86,
+        0xCF, 0x51, 0x85, 0x9D, 0x93, 0x23, 0xA1, 0xA1,
+        0xF3, 0x76, 0xB1, 0x56, 0xB0, 0xF4, 0x1F, 0x39,
+        0xDA, 0xDB, 0x13, 0x70, 0x29, 0x89, 0x95, 0xD2,
+        0xC5, 0xF3, 0x76, 0xFE, 0xEE, 0x99, 0xCF, 0xA0,
+        0x84, 0xEC, 0x70, 0xF0, 0xD3, 0xFA, 0x42, 0xDB,
+        0xFD, 0x99, 0x65, 0x2F, 0x84, 0x11, 0x99, 0xCD,
+        0x38, 0xB3, 0x1B, 0xAB, 0x8C, 0x2D, 0x33, 0x04,
+        0xCA, 0xE1, 0xB3, 0x05, 0x9A, 0x20, 0x80, 0xDB,
+        0xED, 0x59, 0x42, 0x30, 0x48, 0x37, 0xB3, 0x85,
+        0x5C, 0xEE, 0x54, 0x06, 0x92, 0x97, 0x4E, 0xFC,
+        0xFA, 0xF7, 0x25, 0xE0, 0x4E, 0x57, 0xC4, 0x72,
+        0x38, 0x59, 0xCA, 0x3C, 0x4A, 0x3F, 0x09, 0xD6,
+        0x09, 0x15, 0x83, 0xEF, 0x24, 0x21, 0xDD, 0xFD,
+        0x66, 0x9E, 0xBF, 0xEE, 0xCC, 0xBF, 0x86, 0x20,
+        0x29, 0x40, 0x5E, 0x42, 0xD2, 0xC0, 0x24, 0x2D,
+        0x76, 0xE6, 0x64, 0xF9, 0x5D, 0xC2, 0x85, 0xB6,
+        0x09, 0x41, 0x04, 0x62, 0x17, 0xDC, 0xF8, 0xFA,
+        0x2A, 0x4C, 0xD1, 0x82, 0x31, 0x57, 0xB7, 0x2B,
+        0x49, 0xE8, 0x40, 0x13, 0x2A, 0xA1, 0x86, 0xD2,
+        0x9A, 0xB8, 0xA9, 0xBE, 0x39, 0xBE, 0xE9, 0xA5,
+        0x35, 0x12, 0x08, 0xF1, 0xA9, 0x9E, 0x57, 0x46,
+        0x3A, 0x55, 0x16, 0xA7, 0x41, 0xD9, 0x25, 0xB8,
+        0x2F, 0xAF, 0xA8, 0x81, 0x5F, 0x5F, 0x46, 0xA4,
+        0x3B, 0xB3, 0xE9, 0x1B, 0x74, 0xEF, 0x5D, 0x57,
+        0x48, 0x4A, 0x72, 0x08, 0xDA, 0xFE, 0x1D, 0x55,
+        0x6B, 0xAB, 0x8B, 0x13, 0x18, 0xBF, 0xDD, 0xF4,
+        0x4E, 0x01, 0x5F, 0x4B, 0xF6, 0x80, 0xD4, 0x16,
+        0x4B, 0x2F, 0x03, 0x4B, 0xF8, 0x93, 0x20, 0x21,
+        0x55, 0x52, 0x49, 0x4A, 0x6C, 0x1F, 0x7D, 0xAD,
+        0x04, 0xEF, 0xB3, 0x74, 0xEE, 0xC5, 0xB6, 0xBC,
+        0x33, 0x7A, 0xCF, 0x64, 0xB9, 0xF9, 0x41, 0x70,
+        0xAF, 0xE9, 0xC7, 0xD6, 0x25, 0x18, 0x17, 0xAB,
+        0xBA, 0xC9, 0x05, 0xEF, 0x40, 0x89, 0xD5, 0x69,
+        0x76, 0xAA, 0xA0, 0x3E, 0x4D, 0x1C, 0xE7, 0x9D,
+        0x9E, 0x74, 0xF4, 0xF2, 0x7B, 0x40, 0xF6, 0x57,
+        0x78, 0x66, 0xFC, 0xDA, 0xE3, 0x6B, 0xD2, 0x6E,
+        0xC7, 0x9D, 0x65, 0x84, 0xAF, 0x7A, 0x1F, 0xE4,
+        0x34, 0xD4, 0x1A, 0x17, 0xA2, 0x72, 0xB0, 0xEE,
+        0x5A, 0x0C, 0xF4, 0x02, 0xAC, 0x1D, 0x6F, 0x4A,
+        0xD0, 0xB2, 0x02, 0x3A, 0x7D, 0x2C, 0xF1, 0x43,
+        0x0E, 0x1E, 0x96, 0xEB, 0x42, 0xF8, 0x3A, 0xF5,
+        0x0B, 0x5D, 0xA9, 0x23, 0x02, 0x28, 0xE5, 0x26,
+        0x5E, 0x69, 0x38, 0x2F, 0x85, 0x34, 0x32, 0x5E,
+        0x5E, 0x29, 0x33, 0x94, 0x05, 0xBD, 0x58, 0xF8,
+        0xE8, 0x9C, 0xBF, 0xB1, 0x5A, 0x05, 0xC6, 0x23,
+        0x9B, 0xBB, 0x57, 0x69, 0x8C, 0xE6, 0x41, 0x97,
+        0x48, 0x01, 0x95, 0xAF, 0xE9, 0x62, 0x8C, 0x6F,
+        0x09, 0x43, 0xF3, 0x64, 0x50, 0x90, 0x2F, 0x14,
+        0xF7, 0x30, 0x07, 0xE0, 0x4B, 0xA8, 0x39, 0xAC,
+        0x21, 0xC4, 0x07, 0x45, 0x5F, 0xD9, 0x87, 0xB1,
+        0x57, 0x47, 0x07, 0x66, 0xFF, 0xC7, 0xAB, 0xEE,
+        0x1F, 0x55, 0x71, 0x50, 0x63, 0xCF, 0x58, 0x3B,
+        0xC8, 0x1B, 0xEA, 0xA5, 0xE2, 0xF1, 0x57, 0xB3,
+        0x77, 0x65, 0xA9, 0xBD, 0x23, 0xC8, 0x30, 0x86,
+        0xC3, 0x5F, 0xBF, 0x16, 0x3F, 0x42, 0x28, 0x0A,
+        0xC6, 0x5A, 0x57, 0x15, 0x2F, 0xA1, 0x96, 0xA9,
+        0x25, 0xC5, 0x8E, 0x32, 0x11, 0x62, 0xB3, 0x54,
+        0x18, 0x00, 0xA4, 0xA6, 0xD4, 0x0F, 0x68, 0x27,
+        0x8F, 0x21, 0x78, 0x02, 0x37, 0x98, 0xBD, 0xCE,
+        0x3F, 0xBC, 0xF2, 0x9C, 0x66, 0x8E, 0x79, 0xA1,
+        0x54, 0x12, 0x55, 0x2E, 0xC0, 0x59, 0xC7, 0x18,
+        0x18, 0x22, 0x4D, 0x27, 0x8B, 0x8D, 0xF3, 0x08,
+        0x99, 0xE6, 0x35, 0x14, 0xB1, 0xE3, 0xB8, 0x7A,
+        0x40, 0x7B, 0x68, 0x7B, 0xFF, 0xDC, 0x54, 0x41,
+        0x06, 0xCA, 0x91, 0xFE, 0xDB, 0x2B, 0xDA, 0x9E,
+        0xC5, 0x20, 0xD8, 0xBF, 0x42, 0xBC, 0xE6, 0x39,
+        0xC4, 0x26, 0x9E, 0xF3, 0x82, 0xD9, 0xF1, 0xA0,
+        0x04, 0xAF, 0xFB, 0x77, 0x13, 0x36, 0xAF, 0xD7,
+        0x91, 0x9B, 0x3A, 0x57, 0x98, 0xFE, 0xAD, 0xCD,
+        0x46, 0xF8, 0xF8, 0xF1, 0x87, 0x53, 0xBD, 0x57,
+        0x3F, 0x99, 0xBC, 0xA6, 0xBD, 0x9B, 0x6E, 0xF4,
+        0x17, 0x7A, 0x78, 0x30, 0x70, 0xA3, 0x43, 0xFF,
+        0x92, 0xCD, 0x99, 0x73, 0xAE, 0x65, 0x6A, 0x10,
+        0xFF, 0x70, 0x47, 0x0F, 0x16, 0x4C, 0x4A, 0x90,
+        0xF4, 0x52, 0x05, 0x79, 0x33, 0x63, 0xDE, 0x14,
+        0x65, 0xAF, 0x8A, 0x5E, 0x67, 0x20, 0x03, 0x9F,
+        0xE6, 0x70, 0x13, 0x6B, 0xE0, 0xF3, 0x6A, 0x4C,
+        0x6B, 0x5B, 0xCB, 0xE1, 0x7C, 0x5D, 0x7D, 0xE3,
+        0x23, 0xFD, 0xB8, 0x6A, 0xDA, 0x56, 0x1E, 0xA8,
+        0x36, 0xC4, 0x29, 0x2D, 0x70, 0x41, 0x03, 0x18,
+        0x31, 0x40, 0x79, 0x2E, 0xC8, 0x22, 0x98, 0x5E,
+        0x11, 0xED, 0xA6, 0xDD, 0xB9, 0xAF, 0x8C, 0x27,
+        0x5C, 0x1B, 0x2E, 0xEA, 0xB8, 0xC6, 0x2F, 0xA0,
+        0x40, 0xB2, 0x64, 0x61, 0xFC, 0x0A, 0x3A, 0x10,
+        0x88, 0xC2, 0x58, 0xEC, 0xA5, 0x8D, 0x14, 0xE9,
+        0x9D, 0x21, 0xAF, 0x64, 0xD6, 0xC2, 0x5D, 0xAA,
+        0x0B, 0x8A, 0x57, 0x0F, 0x84, 0x3E, 0x60, 0x8D,
+        0xED, 0x05, 0x1D, 0x98, 0xED, 0xAE, 0x11, 0xD9,
+        0x27, 0x03, 0x55, 0xED, 0xF5, 0x34, 0x92, 0x52,
+        0xF2, 0x6F, 0x30, 0x3E, 0x69, 0xA5, 0x54, 0xA7,
+        0x2E, 0x1B, 0x85, 0xAB, 0xA2, 0x3B, 0xEC, 0xC8,
+        0x9D, 0xA9, 0xA3, 0xE4, 0xEF, 0x58, 0xB5, 0x33,
+        0x88, 0x55, 0x16, 0x5E, 0x7D, 0x7E, 0x69, 0xFC,
+        0xCA, 0xBD, 0x9C, 0x65, 0xFA, 0x0B, 0xBD, 0x7B,
+        0x16, 0xC4, 0xE2, 0x9C, 0xB4, 0xF1, 0x6A, 0x25,
+        0x70, 0x30, 0x32, 0xED, 0xEA, 0xD3, 0x1D, 0xDB,
+        0x6F, 0x29, 0x2E, 0x42, 0x14, 0xBE, 0x03, 0x29,
+        0x0A, 0x8A, 0x98, 0x9A, 0xD7, 0xB7, 0x0C, 0xF8,
+        0xB9, 0xCF, 0x37, 0xC6, 0xAC, 0xAC, 0x6D, 0xCC,
+        0x03, 0x23, 0x9F, 0x66, 0x85, 0x4B, 0x70, 0x45
+    };
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_44_draft, sizeof(pk_44_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_44_draft, sizeof(sk_44_draft)), 0);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_65_draft, sizeof(pk_65_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_65_draft, sizeof(sk_65_draft)), 0);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_87_draft, sizeof(pk_87_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_87_draft, sizeof(sk_87_draft)), 0);
+#endif
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_sig_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    dilithium_key* key;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte sk_44[] = {
+        0x5D, 0xFB, 0x07, 0xA2, 0x04, 0x4B, 0x93, 0x16,
+        0x75, 0xC7, 0x89, 0x43, 0xEA, 0xC3, 0xC4, 0xC5,
+        0x7B, 0x07, 0x77, 0x8A, 0xD9, 0xAF, 0x2E, 0x87,
+        0xC4, 0x70, 0xB9, 0xCC, 0x2C, 0x8D, 0xA1, 0xE3,
+        0x75, 0xBC, 0xB3, 0xBC, 0xD1, 0x9E, 0x7B, 0xB9,
+        0x83, 0xC9, 0x63, 0x66, 0xCC, 0xEA, 0x14, 0x1E,
+        0xAE, 0x22, 0x07, 0x75, 0x52, 0x24, 0xC8, 0xC6,
+        0xC6, 0x1F, 0x90, 0x89, 0x89, 0xCF, 0xF2, 0xF6,
+        0x27, 0x98, 0xA6, 0x86, 0x45, 0x77, 0x95, 0x15,
+        0xD4, 0x74, 0xDD, 0xA6, 0x1F, 0x33, 0x41, 0x42,
+        0x4E, 0xDA, 0x24, 0x79, 0x60, 0x27, 0x34, 0x4E,
+        0x36, 0x94, 0x14, 0x74, 0x81, 0x9A, 0x58, 0x44,
+        0x2B, 0x74, 0xBF, 0x50, 0x60, 0xB8, 0x40, 0x94,
+        0x4A, 0xEF, 0xDE, 0xA7, 0xA4, 0xCF, 0xFC, 0xB3,
+        0x9D, 0xE2, 0x07, 0xFD, 0x9E, 0x6A, 0xC6, 0x2E,
+        0x6D, 0x0D, 0xB2, 0xB4, 0x51, 0x2E, 0x20, 0x26,
+        0x00, 0xB5, 0x30, 0x01, 0xA9, 0x2D, 0xE2, 0x42,
+        0x02, 0x42, 0x12, 0x71, 0x24, 0xB7, 0x28, 0x94,
+        0x30, 0x86, 0xDA, 0x22, 0x30, 0x00, 0x87, 0x65,
+        0xCC, 0x22, 0x91, 0x1B, 0x05, 0x82, 0x03, 0x46,
+        0x8A, 0xA0, 0x32, 0x26, 0x40, 0xB4, 0x84, 0xC3,
+        0x14, 0x2D, 0x88, 0x14, 0x8C, 0x94, 0x92, 0x49,
+        0x23, 0x15, 0x0E, 0xCA, 0x88, 0x09, 0x18, 0x94,
+        0x68, 0x82, 0x38, 0x00, 0x21, 0x41, 0x28, 0x8C,
+        0xB8, 0x80, 0x02, 0x09, 0x49, 0x5A, 0xB4, 0x11,
+        0x9B, 0x28, 0x05, 0xE4, 0x42, 0x30, 0xCA, 0x24,
+        0x80, 0xA4, 0x06, 0x2A, 0xD3, 0x92, 0x05, 0x1C,
+        0x03, 0x6A, 0x22, 0x36, 0x4A, 0x92, 0x44, 0x52,
+        0xE2, 0x48, 0x28, 0x19, 0x83, 0x68, 0x88, 0xC6,
+        0x31, 0x41, 0x90, 0x50, 0x00, 0x43, 0x8E, 0x23,
+        0x87, 0x60, 0x19, 0x43, 0x81, 0x50, 0x32, 0x69,
+        0x81, 0xC0, 0x51, 0x12, 0x06, 0x08, 0x02, 0x08,
+        0x82, 0xC4, 0xA6, 0x81, 0x03, 0xA5, 0x90, 0x8C,
+        0xB6, 0x00, 0x90, 0x14, 0x66, 0x01, 0xB1, 0x08,
+        0x12, 0x25, 0x48, 0x1A, 0x88, 0x11, 0x43, 0x38,
+        0x60, 0x23, 0x26, 0x2E, 0x14, 0x45, 0x0D, 0x9C,
+        0x92, 0x8C, 0xA2, 0x46, 0x12, 0x94, 0xA6, 0x05,
+        0x88, 0xB0, 0x11, 0x0A, 0xB0, 0x28, 0xA4, 0x42,
+        0x09, 0x9C, 0x82, 0x80, 0x1A, 0x80, 0x61, 0x59,
+        0xB0, 0x8D, 0x40, 0xA6, 0x6D, 0x12, 0xC9, 0x0C,
+        0xD9, 0x18, 0x68, 0xA3, 0x84, 0x2C, 0x02, 0xB6,
+        0x25, 0x01, 0x40, 0x2C, 0xD8, 0x20, 0x4D, 0x1B,
+        0x35, 0x30, 0x11, 0x10, 0x49, 0x63, 0x44, 0x31,
+        0x8A, 0xB2, 0x70, 0x4B, 0x24, 0x28, 0xA0, 0x46,
+        0x08, 0xC9, 0x06, 0x81, 0x08, 0xC5, 0x04, 0x4A,
+        0xB2, 0x30, 0x08, 0x15, 0x04, 0x24, 0xA2, 0x65,
+        0x9B, 0x88, 0x41, 0x19, 0x36, 0x2E, 0xE2, 0xB8,
+        0x29, 0xD9, 0x12, 0x64, 0x41, 0xA6, 0x30, 0x22,
+        0xB7, 0x8C, 0x93, 0x38, 0x69, 0x93, 0x30, 0x0A,
+        0xC8, 0xB6, 0x85, 0x23, 0xB1, 0x8D, 0x01, 0x38,
+        0x0A, 0x59, 0xA0, 0x09, 0x64, 0x12, 0x6E, 0x88,
+        0x08, 0x22, 0xDB, 0x00, 0x08, 0x0C, 0x08, 0x12,
+        0x99, 0x42, 0x44, 0x1B, 0x00, 0x68, 0x08, 0x13,
+        0x26, 0x53, 0xA2, 0x40, 0x5A, 0x34, 0x25, 0x98,
+        0x90, 0x8C, 0x00, 0x34, 0x2D, 0x93, 0x94, 0x48,
+        0xC8, 0x22, 0x4C, 0xE2, 0x44, 0x29, 0xE2, 0x00,
+        0x28, 0x14, 0x22, 0x40, 0x48, 0x28, 0x24, 0x22,
+        0x49, 0x06, 0xCA, 0xC8, 0x0C, 0x4C, 0x12, 0x80,
+        0x1B, 0xA5, 0x41, 0x11, 0x06, 0x48, 0x1B, 0x27,
+        0x72, 0x20, 0x07, 0x31, 0x24, 0x10, 0x8E, 0x9C,
+        0x94, 0x91, 0x1B, 0x37, 0x82, 0x51, 0x28, 0x2E,
+        0x11, 0x06, 0x42, 0x01, 0x34, 0x6E, 0x8C, 0x22,
+        0x25, 0x24, 0x34, 0x6A, 0x19, 0x47, 0x21, 0x23,
+        0xB6, 0x09, 0x51, 0xB2, 0x31, 0x18, 0x34, 0x45,
+        0x8C, 0xB8, 0x20, 0x1C, 0x19, 0x0A, 0x19, 0xB7,
+        0x6D, 0x18, 0x97, 0x48, 0x09, 0x82, 0x04, 0x9C,
+        0x12, 0x8A, 0x41, 0x08, 0x46, 0x24, 0x13, 0x31,
+        0xD0, 0x42, 0x46, 0xC3, 0x16, 0x80, 0x51, 0x10,
+        0x2E, 0x51, 0x48, 0x04, 0x5C, 0xC2, 0x64, 0x1A,
+        0x10, 0x8E, 0xD9, 0x86, 0x64, 0x90, 0x24, 0x68,
+        0x93, 0xB4, 0x45, 0x94, 0x30, 0x4A, 0xE3, 0x12,
+        0x0C, 0x54, 0x04, 0x90, 0x03, 0x31, 0x40, 0x62,
+        0x92, 0x4D, 0x5C, 0xC8, 0x10, 0x8A, 0xB8, 0x61,
+        0x5C, 0x04, 0x6A, 0xC8, 0xB0, 0x85, 0x93, 0x00,
+        0x05, 0xC3, 0x06, 0x69, 0x1B, 0x34, 0x8E, 0x03,
+        0x84, 0x0C, 0x50, 0x00, 0x2C, 0x8C, 0x96, 0x90,
+        0x08, 0x32, 0x68, 0x0B, 0x90, 0x8C, 0x02, 0x86,
+        0x2D, 0x18, 0x38, 0x09, 0x1C, 0xB2, 0x21, 0x1B,
+        0x48, 0x04, 0x5C, 0x10, 0x86, 0xD8, 0x34, 0x51,
+        0x43, 0x84, 0x88, 0x43, 0xB2, 0x65, 0x12, 0xB6,
+        0x8D, 0x03, 0x01, 0x45, 0x19, 0xB8, 0x8D, 0x92,
+        0x26, 0x4E, 0x12, 0x12, 0x88, 0x52, 0xB2, 0x64,
+        0x21, 0x09, 0x26, 0x49, 0x38, 0x05, 0x24, 0x11,
+        0x0A, 0x22, 0x38, 0x32, 0x23, 0x31, 0x20, 0x4A,
+        0x24, 0x42, 0xC4, 0xA2, 0x44, 0x20, 0x10, 0x0D,
+        0xA1, 0xA8, 0x51, 0x23, 0x86, 0x84, 0x81, 0x38,
+        0x8E, 0x02, 0x00, 0x4A, 0x1C, 0xB7, 0x24, 0x4C,
+        0x06, 0x0A, 0x1C, 0x26, 0x4E, 0xCC, 0x22, 0x48,
+        0x4C, 0x92, 0x2D, 0xC0, 0x20, 0x2D, 0xA1, 0x16,
+        0x89, 0xC3, 0x44, 0x82, 0x19, 0xA7, 0x6D, 0xC4,
+        0x90, 0x10, 0x01, 0x82, 0x89, 0xD8, 0x44, 0x22,
+        0xD9, 0x98, 0x20, 0xC0, 0x88, 0x45, 0x88, 0x22,
+        0x0C, 0x90, 0x36, 0x90, 0x90, 0xA4, 0x05, 0xD3,
+        0x82, 0x21, 0xD0, 0xA6, 0x28, 0x00, 0x33, 0x25,
+        0xA2, 0xC2, 0x6C, 0xD8, 0x10, 0x71, 0xD1, 0x96,
+        0x50, 0xC3, 0x34, 0x08, 0x8B, 0x94, 0x2D, 0x61,
+        0x88, 0x04, 0x1B, 0xC8, 0x2D, 0xE2, 0x30, 0x64,
+        0x20, 0x28, 0x24, 0x1A, 0x34, 0x50, 0x10, 0x25,
+        0x6A, 0x64, 0x36, 0x81, 0x09, 0xC1, 0x45, 0xE3,
+        0x30, 0x80, 0xC3, 0xA6, 0x8C, 0xE0, 0xB6, 0x10,
+        0xC3, 0x34, 0x8D, 0xD1, 0x06, 0x11, 0x88, 0x20,
+        0x0A, 0x0A, 0xC8, 0x21, 0x20, 0x81, 0x30, 0x9C,
+        0x14, 0x61, 0x9B, 0xC2, 0x50, 0x22, 0x15, 0x8D,
+        0x80, 0xA0, 0x41, 0x89, 0x24, 0x41, 0x20, 0x93,
+        0x40, 0x01, 0xA6, 0x09, 0x08, 0x25, 0x2E, 0xC1,
+        0xC6, 0x85, 0x00, 0x17, 0x62, 0x41, 0x30, 0x32,
+        0xDC, 0x06, 0x6D, 0x48, 0x88, 0x08, 0x84, 0xC8,
+        0x30, 0x5B, 0x96, 0x8D, 0x42, 0xB4, 0x4C, 0xD0,
+        0x34, 0x88, 0xD0, 0x04, 0x02, 0x18, 0x15, 0x52,
+        0x52, 0x26, 0x30, 0x8C, 0x46, 0x28, 0x20, 0x94,
+        0x4C, 0x21, 0x18, 0x00, 0xD0, 0xB2, 0x48, 0x1B,
+        0x17, 0x0A, 0x09, 0x30, 0x4C, 0x44, 0xC2, 0x04,
+        0x47, 0x5E, 0xF2, 0x33, 0x31, 0xFF, 0x66, 0x73,
+        0xE2, 0x6E, 0x6A, 0x32, 0xF2, 0x94, 0xBE, 0xFB,
+        0xD5, 0x96, 0x4F, 0xED, 0x98, 0x7A, 0x42, 0xA2,
+        0x35, 0xFC, 0x5B, 0x16, 0x08, 0x61, 0x45, 0xC0,
+        0xB8, 0xA8, 0x23, 0xFB, 0xC1, 0x4F, 0x1C, 0x8C,
+        0xD0, 0x3F, 0xD6, 0xEE, 0xC4, 0x95, 0x28, 0x3E,
+        0x03, 0x5C, 0x0D, 0xCA, 0xE5, 0x2E, 0x68, 0xF3,
+        0x29, 0xDE, 0x7A, 0xDF, 0xD6, 0x4F, 0xEE, 0x0B,
+        0x11, 0x6D, 0x4A, 0x14, 0xE1, 0x53, 0x94, 0xB3,
+        0x1D, 0xF8, 0x8B, 0xCA, 0x10, 0xD1, 0xC9, 0x06,
+        0xAA, 0x82, 0x28, 0x7C, 0x11, 0x74, 0x99, 0xE9,
+        0xD8, 0xC7, 0x7D, 0x17, 0xA9, 0x5C, 0xCC, 0x14,
+        0xAF, 0xF9, 0xC2, 0x05, 0xD2, 0x64, 0x80, 0xA5,
+        0x70, 0xB5, 0x77, 0x0B, 0x04, 0x81, 0x99, 0xCF,
+        0x3F, 0x0E, 0x1B, 0x91, 0xAB, 0x39, 0x4B, 0x1F,
+        0x65, 0xD4, 0x7F, 0x92, 0x98, 0xD0, 0x96, 0xCA,
+        0x25, 0xC0, 0x99, 0xBC, 0x67, 0xF4, 0x33, 0x42,
+        0x63, 0xE3, 0x6B, 0xD9, 0xE6, 0x6B, 0x99, 0x8A,
+        0x07, 0xDC, 0x1E, 0x18, 0x1E, 0x05, 0x38, 0x6E,
+        0x96, 0x8F, 0x1C, 0xB0, 0xAB, 0x1E, 0x9A, 0x67,
+        0xD5, 0xD3, 0x30, 0x11, 0x20, 0x37, 0x82, 0x24,
+        0x88, 0x1F, 0x65, 0x17, 0x59, 0xEC, 0x7D, 0xBF,
+        0x45, 0x78, 0x1E, 0xF8, 0xA8, 0x4D, 0xAD, 0xAF,
+        0xE6, 0x13, 0xD6, 0x01, 0x69, 0x66, 0xBD, 0x88,
+        0x44, 0xB6, 0xA6, 0x17, 0xAC, 0xA1, 0xEE, 0xF6,
+        0x73, 0xB7, 0x74, 0xCC, 0x80, 0x7B, 0x36, 0xDD,
+        0x02, 0xDD, 0x45, 0x21, 0x66, 0x86, 0x03, 0x7F,
+        0x9A, 0xC0, 0xB1, 0x2F, 0x57, 0x26, 0xF2, 0x51,
+        0xC5, 0x72, 0x43, 0xE2, 0xC1, 0x88, 0xF5, 0xEC,
+        0xC0, 0x97, 0xE0, 0xB9, 0x89, 0xB5, 0x8A, 0x5D,
+        0x80, 0x4A, 0xBF, 0xD7, 0x20, 0x25, 0x55, 0x77,
+        0x66, 0x8E, 0xE3, 0x04, 0xD0, 0x1C, 0x50, 0xFE,
+        0x8B, 0x6D, 0x90, 0x68, 0x53, 0xCF, 0x7A, 0x49,
+        0x4F, 0xB4, 0x79, 0x91, 0xF1, 0x81, 0xB7, 0x42,
+        0x0E, 0x74, 0x19, 0x9C, 0x82, 0xE7, 0x1A, 0x82,
+        0x4B, 0xF8, 0xC6, 0x13, 0x1D, 0xF4, 0xD1, 0x85,
+        0x6F, 0x11, 0xE7, 0x04, 0x07, 0x70, 0x72, 0x4D,
+        0xE7, 0x2C, 0x81, 0x5A, 0xC0, 0x44, 0x3F, 0x2E,
+        0x77, 0xEC, 0x22, 0xA1, 0x28, 0xDB, 0x18, 0xE1,
+        0x18, 0x3E, 0xE7, 0x96, 0x82, 0xC4, 0x30, 0x24,
+        0xC9, 0x07, 0x46, 0x6C, 0x35, 0x4B, 0x1C, 0x7B,
+        0x0E, 0x0E, 0xF0, 0x9F, 0x16, 0x48, 0x7B, 0xD8,
+        0xA9, 0x9C, 0x3A, 0x0A, 0x9E, 0xDB, 0xF0, 0x0F,
+        0x15, 0xA5, 0xEB, 0x1C, 0x50, 0xD4, 0x27, 0x36,
+        0xDB, 0x07, 0x63, 0xBD, 0x56, 0xBD, 0xFA, 0x81,
+        0x09, 0x9A, 0xDE, 0xCE, 0xE8, 0x4A, 0xEA, 0x06,
+        0x9C, 0x06, 0x5B, 0x67, 0x03, 0x14, 0xB9, 0xE4,
+        0x8C, 0x66, 0x75, 0xA3, 0xCC, 0x69, 0x39, 0x57,
+        0xDA, 0x1D, 0x21, 0xBA, 0xCE, 0xD8, 0x70, 0x02,
+        0xFF, 0xF5, 0x6F, 0x25, 0x3A, 0x3D, 0xFC, 0x79,
+        0xA3, 0xF0, 0x3A, 0x3F, 0x2B, 0x10, 0x51, 0x9A,
+        0xCB, 0xC9, 0x1A, 0xF5, 0xF1, 0x98, 0x5B, 0x5C,
+        0x87, 0x96, 0x4E, 0xC8, 0x00, 0x8A, 0x3A, 0x6E,
+        0x85, 0x02, 0xA5, 0xF1, 0x69, 0x32, 0x6E, 0xC1,
+        0x95, 0x68, 0xCF, 0xA8, 0xE8, 0x85, 0x55, 0x4D,
+        0x6A, 0x68, 0x1F, 0x00, 0xDD, 0x26, 0xB3, 0x24,
+        0xF4, 0x9D, 0xD2, 0x4D, 0x81, 0x06, 0xDA, 0xE6,
+        0x4D, 0x11, 0x73, 0xDF, 0xFE, 0x4F, 0xA6, 0x22,
+        0x5E, 0x6C, 0x6D, 0x5E, 0xE3, 0x59, 0xCF, 0xF4,
+        0x35, 0xA0, 0x80, 0x86, 0x89, 0x49, 0xB2, 0xED,
+        0x0C, 0xC7, 0x3B, 0x42, 0x06, 0x68, 0x8D, 0x90,
+        0x04, 0x1A, 0xBD, 0x51, 0xF6, 0xB9, 0x29, 0x2E,
+        0xB6, 0xF0, 0x79, 0x40, 0x1E, 0x6E, 0x59, 0x94,
+        0xFB, 0xF5, 0x6B, 0x72, 0x82, 0x4C, 0xB6, 0xC7,
+        0x2B, 0x12, 0x71, 0x77, 0xDD, 0x89, 0xCC, 0x2F,
+        0x98, 0xB0, 0x93, 0x1C, 0x98, 0xCE, 0x5E, 0x89,
+        0x0D, 0x95, 0x7B, 0x98, 0xE1, 0xEA, 0xDC, 0xB7,
+        0xFF, 0x22, 0xC5, 0x31, 0x40, 0x9E, 0x1C, 0x80,
+        0x59, 0x47, 0x01, 0x49, 0xEC, 0x81, 0xEF, 0x16,
+        0x32, 0x6B, 0xB0, 0x4E, 0xE2, 0x3B, 0xA3, 0xC1,
+        0x03, 0x12, 0x0D, 0xA6, 0x65, 0xDE, 0x8D, 0xB0,
+        0xA0, 0xBB, 0x75, 0xEF, 0x5C, 0xDA, 0xF4, 0xEE,
+        0x47, 0x6E, 0x55, 0x02, 0x38, 0xCD, 0xC1, 0xAC,
+        0xDD, 0x71, 0xA6, 0x34, 0xAB, 0xCE, 0xA5, 0x5C,
+        0x90, 0xFF, 0xF8, 0xE0, 0xA7, 0x87, 0xBD, 0x21,
+        0x36, 0x91, 0x4F, 0x23, 0xD8, 0x75, 0x58, 0xC5,
+        0xF6, 0xBA, 0xAC, 0x54, 0x6C, 0x24, 0xB1, 0x41,
+        0x02, 0x02, 0xB9, 0x44, 0x31, 0x0E, 0xC4, 0xC9,
+        0xC6, 0x87, 0x85, 0x36, 0x05, 0xC8, 0xAE, 0xC9,
+        0xF1, 0xEF, 0x6B, 0x67, 0x52, 0xD3, 0x9A, 0x15,
+        0xBF, 0xA2, 0x47, 0xEF, 0x89, 0xFC, 0x06, 0x99,
+        0xA1, 0x1A, 0xE4, 0x5A, 0x75, 0xE5, 0x09, 0xD4,
+        0x54, 0xE9, 0x89, 0xF2, 0x60, 0x6E, 0xAB, 0x10,
+        0xF8, 0x42, 0xE4, 0xAD, 0x57, 0xC6, 0xE3, 0x65,
+        0x48, 0x94, 0x14, 0x05, 0x4F, 0x62, 0x20, 0x0F,
+        0x3A, 0x1E, 0xC7, 0x62, 0xDC, 0x5C, 0x8E, 0xFA,
+        0x19, 0x88, 0x47, 0x5D, 0xE8, 0xC3, 0xD5, 0x8C,
+        0x2B, 0x71, 0xBA, 0x11, 0x98, 0x7C, 0x0A, 0xC6,
+        0x42, 0x08, 0x3B, 0xAC, 0x76, 0xFB, 0x50, 0x78,
+        0x8C, 0x26, 0x8F, 0xEE, 0x7B, 0xE2, 0x59, 0x9B,
+        0x34, 0x58, 0x09, 0x2A, 0x8B, 0xCB, 0x1F, 0x31,
+        0x94, 0x8F, 0xE4, 0x82, 0xDF, 0x9A, 0x54, 0x5B,
+        0x63, 0x85, 0x94, 0xD6, 0x7A, 0x44, 0x06, 0x91,
+        0x5C, 0xCD, 0xC7, 0x55, 0x57, 0x47, 0xC0, 0x4E,
+        0x72, 0xA5, 0x48, 0xAB, 0x8F, 0xEE, 0x87, 0x6B,
+        0x25, 0x82, 0x61, 0x3C, 0xCA, 0xBD, 0xA9, 0x6C,
+        0xF1, 0x4A, 0xAA, 0xF6, 0x71, 0x6B, 0x79, 0x0B,
+        0xFE, 0x4D, 0x92, 0x32, 0xD9, 0x03, 0x70, 0xD6,
+        0x0B, 0xBC, 0x18, 0x4B, 0xA3, 0x3B, 0xCF, 0x77,
+        0x83, 0x16, 0xE3, 0x4B, 0x11, 0x83, 0x8D, 0x8F,
+        0x71, 0xFE, 0xEA, 0xC0, 0x42, 0xF0, 0x35, 0xB0,
+        0x76, 0xEA, 0xC1, 0xC2, 0x62, 0xFA, 0x9C, 0x32,
+        0xBC, 0x8D, 0x69, 0xB1, 0x38, 0xB3, 0x51, 0x31,
+        0x8E, 0xD1, 0xF3, 0x44, 0x95, 0x95, 0x11, 0x52,
+        0x36, 0xF4, 0xCA, 0x7C, 0xBA, 0x2B, 0xA9, 0xE1,
+        0x03, 0xF0, 0xF5, 0x09, 0xAB, 0x91, 0x6E, 0x48,
+        0xB8, 0xAF, 0x03, 0x9B, 0xDC, 0xD5, 0x1C, 0xAB,
+        0xFA, 0xCA, 0xDC, 0xEE, 0x8E, 0x49, 0x84, 0xF5,
+        0x61, 0xF9, 0x7D, 0x17, 0xCB, 0xF1, 0xDE, 0x9A,
+        0x7A, 0x7B, 0xDA, 0xF3, 0x26, 0xE6, 0xD8, 0xAD,
+        0x90, 0xE9, 0x5B, 0xAF, 0x15, 0x45, 0xD3, 0xE2,
+        0x46, 0x69, 0xD1, 0xC5, 0xF4, 0x28, 0xE0, 0x7E,
+        0x2C, 0x71, 0x10, 0xFF, 0x43, 0x59, 0x80, 0x93,
+        0xE6, 0xF9, 0x28, 0xA0, 0x34, 0xC6, 0x86, 0xBA,
+        0xE7, 0x5A, 0x56, 0x7A, 0xE4, 0xF5, 0x20, 0xB4,
+        0x4D, 0xAC, 0xB4, 0x95, 0xE5, 0xB2, 0xC6, 0x43,
+        0x9E, 0x2E, 0x67, 0x8E, 0x7C, 0x05, 0x4F, 0xF7,
+        0x60, 0x14, 0x88, 0xC6, 0xAE, 0x4A, 0x05, 0x36,
+        0x99, 0x73, 0x55, 0x10, 0xF9, 0xDB, 0xC3, 0x4C,
+        0xD7, 0x6A, 0x19, 0x94, 0xC0, 0xFE, 0x74, 0x12,
+        0xC0, 0xCE, 0x95, 0x15, 0xBF, 0x60, 0x3A, 0x8E,
+        0xB5, 0xFC, 0x8A, 0xBC, 0xAC, 0x9F, 0x15, 0x10,
+        0x44, 0x73, 0x58, 0x60, 0x5D, 0xA1, 0x33, 0xFD,
+        0xDE, 0xBD, 0xF2, 0x22, 0x69, 0xEE, 0x1D, 0x46,
+        0x8E, 0x2E, 0xE8, 0x21, 0x62, 0x1D, 0x27, 0x84,
+        0xC4, 0x6D, 0xA8, 0x30, 0x02, 0xA6, 0x26, 0x94,
+        0xFA, 0xB1, 0xEF, 0xEC, 0x3B, 0x8D, 0x6F, 0x1B,
+        0x2C, 0xCE, 0x2A, 0x4E, 0xC4, 0x28, 0x35, 0x4E,
+        0x39, 0xA4, 0xF4, 0x5C, 0x96, 0x65, 0xC1, 0xB8,
+        0x55, 0xA5, 0x09, 0x15, 0xBC, 0x4D, 0x3B, 0xD0,
+        0x1F, 0x7F, 0xBA, 0x90, 0x20, 0xCD, 0xBD, 0xC2,
+        0xC8, 0xE5, 0xC6, 0xB0, 0x6F, 0x14, 0x4E, 0x6B,
+        0xEA, 0x8A, 0x24, 0x44, 0xE1, 0x0A, 0xCD, 0xB2,
+        0x05, 0xF3, 0x15, 0x71, 0x7C, 0x86, 0xFC, 0xF1,
+        0xFD, 0x6B, 0xA6, 0xE3, 0xFC, 0x86, 0xE3, 0xBA,
+        0x56, 0x6B, 0x8F, 0xBE, 0x02, 0x9A, 0x03, 0x0C,
+        0x8C, 0x69, 0xE5, 0x7C, 0x15, 0xAE, 0x13, 0x12,
+        0x25, 0x2B, 0x36, 0xFB, 0x51, 0xA1, 0x61, 0x5E,
+        0x37, 0x46, 0x92, 0x0C, 0x0B, 0x71, 0x5C, 0x1D,
+        0xA4, 0xDB, 0x04, 0xC1, 0x08, 0xED, 0x5C, 0x44,
+        0x80, 0x70, 0xC1, 0x0E, 0x63, 0x6D, 0x92, 0xC2,
+        0x1E, 0x18, 0x8E, 0x71, 0x0E, 0x7C, 0x10, 0x21,
+        0x1E, 0xC2, 0xCF, 0xD6, 0x38, 0x7A, 0x9B, 0x5C,
+        0x9E, 0xE8, 0x82, 0x3D, 0xDD, 0x40, 0x0C, 0x96,
+        0x17, 0xEF, 0xB1, 0x25, 0xBA, 0x84, 0x45, 0x4F,
+        0x64, 0xA6, 0x8E, 0x2B, 0xBA, 0xF1, 0xED, 0xB3,
+        0x4F, 0x92, 0x5F, 0x1A, 0x73, 0x2A, 0x2A, 0x22,
+        0x68, 0x19, 0x4C, 0x8A, 0x87, 0x51, 0x75, 0x78,
+        0xCF, 0x3C, 0xC5, 0x97, 0xFD, 0x77, 0x43, 0xCB,
+        0xAE, 0x3D, 0x9C, 0xB6, 0x45, 0x54, 0x45, 0xF4,
+        0x1B, 0x92, 0xEE, 0xF4, 0x9D, 0xC4, 0x32, 0x10,
+        0x6A, 0x48, 0xAB, 0xE9, 0x47, 0xBF, 0x2B, 0x92,
+        0x49, 0x84, 0x23, 0x52, 0x05, 0xA1, 0x92, 0x3B,
+        0xD7, 0x78, 0x2D, 0x9A, 0x15, 0xB4, 0xD9, 0xD3,
+        0x45, 0xD0, 0x69, 0xF1, 0x38, 0x4D, 0x39, 0xEA,
+        0x49, 0x7E, 0xC0, 0xE7, 0x7A, 0x07, 0x88, 0x1D,
+        0x1F, 0xA3, 0xAC, 0xE9, 0xC3, 0xFD, 0x6B, 0x5D,
+        0xF6, 0xB2, 0xB9, 0xAA, 0x9A, 0xBE, 0xF4, 0x06,
+        0xD9, 0x5E, 0x81, 0xE5, 0x68, 0xDF, 0xEA, 0x20,
+        0x4C, 0xEE, 0xED, 0x42, 0xA4, 0xD3, 0x7B, 0xA8,
+        0x82, 0x98, 0x0D, 0xB4, 0xC8, 0xC3, 0x43, 0x28,
+        0x13, 0xE9, 0x6B, 0x11, 0x0E, 0x54, 0xE6, 0xCD,
+        0x11, 0x0A, 0x01, 0x36, 0x41, 0x78, 0xC5, 0x7D,
+        0x00, 0xC6, 0x8D, 0xE7, 0x7B, 0x4C, 0xE6, 0x35,
+        0x57, 0x8F, 0x56, 0xA9, 0x73, 0x5A, 0xEF, 0x93,
+        0xF0, 0xD8, 0x16, 0xE3, 0x44, 0x8A, 0xA0, 0xA9,
+        0xF1, 0x9C, 0x2E, 0x02, 0xD1, 0x3C, 0x66, 0xDD,
+        0xE5, 0x35, 0xFE, 0x81, 0x77, 0x8D, 0xC2, 0x46,
+        0x64, 0x03, 0x23, 0xCC, 0x37, 0x22, 0x60, 0x68,
+        0xCC, 0x7F, 0x79, 0xE8, 0x6B, 0xD0, 0xEE, 0x1C,
+        0x6A, 0xC3, 0x3C, 0xEB, 0x51, 0x95, 0xFA, 0xE4,
+        0x28, 0x17, 0x94, 0x49, 0x22, 0x69, 0x64, 0x98,
+        0x82, 0x8B, 0x68, 0x9F, 0x69, 0x35, 0xF9, 0xBF,
+        0x33, 0x22, 0xA4, 0x32, 0x0F, 0x4C, 0x26, 0xE4,
+        0x8D, 0xDF, 0xAE, 0xBD, 0xF4, 0x4D, 0x01, 0xAF,
+        0xA1, 0xFA, 0x3E, 0xCE, 0xD3, 0xB0, 0x5D, 0x02,
+        0xDB, 0x3B, 0xB4, 0x23, 0xB8, 0x55, 0x97, 0xB5,
+        0x1F, 0x25, 0x64, 0xA7, 0x5D, 0x4A, 0x8C, 0x90,
+        0xD4, 0xB6, 0x85, 0x20, 0x32, 0x09, 0x37, 0x26,
+        0x00, 0xD5, 0x4D, 0x98, 0x5A, 0xCF, 0x29, 0x3B,
+        0x0E, 0xAF, 0x69, 0x88, 0x78, 0x18, 0xAD, 0xD1,
+        0xE1, 0xB7, 0xC5, 0xD7, 0xB7, 0x5F, 0xFE, 0xB5,
+        0x64, 0xE0, 0x68, 0x0B, 0x4F, 0x46, 0x7B, 0xDE,
+        0x0B, 0x11, 0x7A, 0x42, 0x10, 0x86, 0x09, 0x60,
+        0xB5, 0xE0, 0x22, 0x17, 0x28, 0x68, 0x7A, 0xE9,
+        0xEB, 0xBC, 0x6B, 0xD5, 0x95, 0x4C, 0xE0, 0xAE,
+        0x57, 0xB1, 0x45, 0xFF, 0xC2, 0x7E, 0xB6, 0xA0,
+        0xD3, 0x8E, 0x46, 0x16, 0xCE, 0xBE, 0x76, 0xCE,
+        0x59, 0x5B, 0xA4, 0x96, 0x1E, 0x9F, 0x80, 0xF0,
+        0x06, 0x7E, 0xCD, 0x6E, 0x27, 0xB8, 0x7D, 0x26,
+        0xB6, 0x60, 0xA3, 0xAB, 0x52, 0xC1, 0x37, 0x9A,
+        0xDD, 0x46, 0xF5, 0xB9, 0x39, 0x75, 0xAA, 0x19,
+        0xF3, 0xE4, 0xA8, 0x95, 0x4B, 0x25, 0x3F, 0x0B,
+        0x44, 0x13, 0xF5, 0x82, 0x10, 0x68, 0x03, 0xD5,
+        0x0F, 0x99, 0xB5, 0xB2, 0x8B, 0x85, 0x77, 0x2E,
+        0x78, 0x3E, 0xEE, 0x21, 0x6E, 0xAD, 0x2D, 0xCF,
+        0x95, 0x62, 0x94, 0x1C, 0x50, 0xAB, 0xC5, 0xFA,
+        0x8E, 0x24, 0xB6, 0x14, 0x86, 0x46, 0x8A, 0xAA,
+        0x20, 0xDF, 0x15, 0xD1, 0x72, 0xF6, 0xAC, 0x03,
+        0xAF, 0xDF, 0xCD, 0x53, 0x81, 0xBA, 0xDB, 0x07,
+        0x8B, 0x8E, 0xBB, 0x70, 0x91, 0x57, 0x04, 0xB9,
+        0x88, 0xE5, 0x8F, 0x45, 0xD3, 0xD6, 0x31, 0x12,
+        0xA5, 0xC1, 0x28, 0xC6, 0x49, 0x90, 0x0F, 0x1D,
+        0x69, 0x66, 0xE3, 0x98, 0x56, 0x7D, 0xE3, 0x48,
+        0xAC, 0xC0, 0xDE, 0xE4, 0x2B, 0x88, 0x01, 0x19,
+        0x4E, 0x99, 0xBB, 0x1A, 0xAF, 0x02, 0x5A, 0x91,
+        0xE3, 0x2C, 0xE6, 0x56, 0x4D, 0x05, 0x10, 0xB9,
+        0x10, 0xF2, 0x2A, 0x27, 0xDE, 0xCF, 0x9D, 0x2E
+    };
+    static const byte msg_44[] = {
+        0xB1, 0x34, 0x49, 0x15, 0xCC, 0xD6, 0x93, 0x41,
+        0x6B, 0x37, 0xFE, 0xBD, 0x8D, 0xC7, 0xC7, 0xDB,
+        0x9F, 0x25, 0x3E, 0x9D, 0xF5, 0x3C, 0xEC, 0x51,
+        0x49, 0x23, 0xAA, 0xA2, 0x67, 0x6F, 0xBF, 0xA4,
+        0xCC, 0x04, 0xFC, 0x68, 0xF9, 0xE3, 0x2F, 0x9E,
+        0x86, 0x4C, 0x68, 0x95, 0xDB, 0x37, 0xE9, 0xFF,
+        0xEB, 0x80, 0xF0, 0xF6, 0xB8, 0x6C, 0xB6, 0xAD,
+        0x9C, 0x42, 0xF8, 0xFC, 0x75, 0x19, 0x8D, 0xD3,
+        0xCC, 0xDA, 0xF5, 0x77, 0xC7, 0xB3, 0x5B, 0x8F,
+        0x1B, 0xF6, 0x0A, 0xAB, 0xEA, 0x89, 0x94, 0x42,
+        0x20, 0x1F, 0xBB, 0xF4, 0x42, 0x8C, 0x7E, 0xC1,
+        0x7B, 0xC3, 0x1B, 0x54, 0x72, 0x4B, 0x95, 0x90,
+        0xF7, 0x53, 0x1E, 0x6F, 0x79, 0x0A, 0x1F, 0xA7,
+        0x74, 0x32, 0x83, 0x37, 0x2D, 0x31, 0x71, 0xB8,
+        0x96, 0x6B, 0x47, 0x0A, 0xAA, 0x85, 0x26, 0xEB,
+        0x4A, 0x6E, 0x81, 0xE6, 0x5A, 0xD0, 0xC2, 0x9F,
+        0x2D, 0x37, 0xDD, 0x5B, 0x41, 0x2B, 0xAE, 0x68,
+        0x2A, 0x66, 0x79, 0x68, 0x77, 0xC8, 0x2F, 0xFD,
+        0xA9, 0x76, 0x24, 0x34, 0xEA, 0xC2, 0xC7, 0xD4,
+        0xAF, 0x60, 0x9B, 0x27, 0x72, 0x49, 0x0D, 0xEE,
+        0x9B, 0xFB, 0x00, 0x5D, 0x2F, 0x1A, 0x2E, 0xBB,
+        0xA0, 0x32, 0xCD, 0x71, 0x59, 0xD5, 0x4B, 0xE5,
+        0x96, 0xF3, 0x30, 0x68, 0xBE, 0x5D, 0x9A, 0x2D,
+        0x94, 0x0C, 0x76, 0x70, 0xE6, 0x4E, 0x9A, 0xF7,
+        0xD7, 0xD3, 0x3E, 0xC3, 0xAE, 0xC6, 0xF1, 0xD9,
+        0xDE, 0xE3, 0x92, 0x84, 0xF0, 0x5C, 0xE0, 0x25,
+        0xD1, 0x81, 0x76, 0x0D, 0x40, 0xE5, 0xC2, 0xD9,
+        0xBE, 0xAE, 0x24, 0x20, 0xF4, 0x0D, 0x9F, 0x32,
+        0xB7, 0xBD, 0xCD, 0x3A, 0xFB, 0x1C, 0x66, 0x0D,
+        0x01, 0x71, 0x4D, 0x81, 0x37, 0x58, 0xDB, 0xB8,
+        0x2C, 0x6B, 0x7E, 0x85, 0x80, 0x52, 0xB5, 0xA5,
+        0x0E, 0x39, 0xE0, 0x15, 0xD3, 0xF2, 0x4A, 0x2C,
+        0x64, 0xC9, 0xDD, 0xCC, 0x15, 0x0D, 0x90, 0x4F,
+        0x07, 0xF6, 0x5F, 0xF6, 0x8A, 0xD0, 0x12, 0x9E,
+        0xC3, 0xF8, 0x12, 0x3F, 0x3A, 0x03, 0xFC, 0x95,
+        0x8A, 0xE2, 0x47, 0x8C, 0x6C, 0x6E, 0x03, 0x61,
+        0x67, 0xD8, 0x51, 0x49, 0xF7, 0x9F, 0xB0, 0x3F,
+        0xAA, 0xB9, 0x89, 0x7C, 0xE7, 0x3F, 0x88, 0x55,
+        0xC5, 0x4C, 0x83, 0xD7, 0x53, 0xB1, 0x04, 0xB5,
+        0x13, 0xD5, 0x6B, 0xC6, 0x4C, 0x3B, 0x08, 0x91,
+        0x73, 0x47, 0x35, 0x13, 0x26, 0xD8, 0xEB, 0x47,
+        0xCF, 0x66, 0xF1, 0x3F, 0xB9, 0x0F, 0x6A, 0xF5,
+        0xA8, 0x94, 0xC7, 0x75, 0x00, 0x77, 0xA8, 0x9C,
+        0xEB, 0x77, 0x22, 0xE2, 0xE6, 0x80, 0xA5, 0x9B,
+        0xF8, 0x43, 0x8C, 0x52, 0x35, 0x31, 0xEA, 0x8C,
+        0xC2, 0x83, 0x4F, 0xFC, 0x4E, 0xF0, 0x2D, 0x35,
+        0xB8, 0x51, 0x46, 0xF2, 0xD6, 0x01, 0xD5, 0x00,
+        0x99, 0x6A, 0x44, 0x10, 0x64, 0xAD, 0xCA, 0x1F,
+        0x62, 0x3F, 0x2F, 0xE7, 0x45, 0x22, 0x47, 0xEF,
+        0x86, 0x9D, 0x76, 0xD5, 0x78, 0x42, 0x07, 0x30,
+        0x88, 0x86, 0x90, 0xB1, 0xA0, 0x08, 0xDA, 0x28,
+        0x2A, 0xD1, 0x75, 0x7D, 0x21, 0x71, 0x29, 0x38,
+        0x59, 0xC7, 0x3F, 0x55, 0x20, 0xB5, 0xBB, 0x48,
+        0x03, 0xE7, 0xFA, 0xB0, 0x29, 0x00, 0xD2, 0x0F,
+        0xE7, 0x65, 0x81, 0x8E, 0xE6, 0x24, 0xE7, 0xA1,
+        0x94, 0x50, 0x9D, 0x01, 0x6B, 0x4B, 0xD7, 0x81,
+        0x4E, 0xA0, 0xD5, 0x4A, 0x51, 0xEE, 0x95, 0x0A,
+        0x14, 0x76, 0xD5, 0x87, 0xAA, 0x6F, 0x78, 0xC8,
+        0xD2, 0xE0, 0xC8, 0xF8, 0xF2, 0x78, 0xD8, 0x2E,
+        0x11, 0x90, 0x44, 0xB6, 0xBF, 0xD0, 0xBE, 0xD8,
+        0x6F, 0xA4, 0x20, 0xA2, 0xC8, 0xA4, 0xEF, 0xB0,
+        0x5D, 0x73, 0x06, 0xBE, 0x52, 0xF9, 0x32, 0xD8,
+        0x06, 0x5D, 0xD1, 0x29, 0x23, 0x46, 0x25, 0x6E,
+        0x42, 0x9D, 0xEE, 0x41, 0x9E, 0xF3, 0x7D, 0x1B,
+        0x35, 0x28, 0x81, 0xDC, 0x47, 0x7F, 0x25, 0xA4,
+        0x0A, 0xEB, 0x3E, 0x17, 0xE6, 0x1B, 0xCC, 0x00,
+        0xD2, 0xE2, 0xA9, 0x3D, 0xEC, 0xF3, 0x00, 0xF0,
+        0x81, 0x68, 0x21, 0xED, 0x49, 0xF9, 0x9B, 0x9B,
+        0x8B, 0xED, 0xD9, 0x1E, 0xFA, 0x04, 0xBB, 0xB0,
+        0x9A, 0xBD, 0x1D, 0x24, 0x36, 0xA7, 0xD6, 0x64,
+        0x8A, 0x38, 0x3A, 0x3A, 0x8F, 0x09, 0x08, 0x0E,
+        0x46, 0x7B, 0xE1, 0x03, 0x30, 0xBF, 0x62, 0x27,
+        0x10, 0x74, 0xBE, 0xBD, 0x7F, 0x56, 0x39, 0x0D,
+        0x1D, 0x39, 0x47, 0xF4, 0x02, 0x47, 0x6B, 0x62,
+        0x6B, 0x52, 0xAC, 0xAB, 0x21, 0xAC, 0x10, 0x4A,
+        0xAB, 0x59, 0x75, 0x33, 0x11, 0xD9, 0xE9, 0xE2,
+        0xB2, 0x20, 0x6B, 0xA1, 0x09, 0x42, 0xB6, 0x37,
+        0xE4, 0x5C, 0xE6, 0x9F, 0x54, 0xB4, 0x67, 0xBC,
+        0xAE, 0xF3, 0xDC, 0x1A, 0xA2, 0x15, 0x47, 0x7B,
+        0x15, 0xC8, 0x00, 0x35, 0x8E, 0x1D, 0x69, 0x04,
+        0xD8, 0x9C, 0xA9, 0x6A, 0x03, 0x1A, 0x55, 0x48,
+        0x6C, 0x4F, 0xC1, 0x68, 0x27, 0x26, 0x13, 0xAB,
+        0x8E, 0x03, 0x50, 0x7B, 0xDD, 0xC2, 0x7E, 0x5C,
+        0x8A, 0x6F, 0xBB, 0x5F, 0x8B, 0x22, 0x86, 0xA5,
+        0xC5, 0x0E, 0xC5, 0x68, 0x60, 0xF6, 0xBF, 0xFF,
+        0x6E, 0xBA, 0xDC, 0x21, 0x71, 0xD2, 0xEB, 0xD1,
+        0x27, 0x8C, 0x58, 0x14, 0xC3, 0x2E, 0x13, 0x9E,
+        0x04, 0x09, 0x61, 0xC3, 0x19, 0xC3, 0x03, 0x48,
+        0x70, 0x33, 0x3B, 0x12, 0xF7, 0x3B, 0x38, 0xE7,
+        0x18, 0x14, 0xA9, 0xF1, 0x60, 0x83, 0x65, 0xEB,
+        0x32, 0xD5, 0x23, 0x8F, 0x6B, 0xF7, 0xD8, 0x00,
+        0x21, 0xBD, 0xA3, 0x98, 0xDE, 0xD7, 0x13, 0x17,
+        0xAB, 0x3C, 0xA4, 0xD7, 0xBE, 0x1D, 0xA7, 0x4A,
+        0x1B, 0xC4, 0x0C, 0x9B, 0x2E, 0x34, 0x5B, 0xA7,
+        0xA2, 0x3F, 0x9B, 0x2D, 0xDB, 0xAF, 0x85, 0x14,
+        0x0A, 0xF9, 0x30, 0x9E, 0x86, 0x53, 0xAC, 0x24,
+        0xAF, 0xD8, 0x25, 0xBC, 0x2A, 0x07, 0x2B, 0xCD,
+        0x02, 0xFE, 0x3E, 0xF0, 0x0B, 0xE3, 0xF9, 0x51,
+        0x5C, 0x29, 0xEB, 0x8A, 0xFB, 0xC3, 0xEF, 0xD1,
+        0xF9, 0xCF, 0xDF, 0xE9, 0xEB, 0xA9, 0x49, 0x59,
+        0xB5, 0x17, 0x7E, 0x28, 0x86, 0xB8, 0xD1, 0x8D,
+        0xCA, 0x97, 0xF0, 0xCB, 0x80, 0x7E, 0xE3, 0xEA,
+        0xE3, 0x1B, 0x48, 0xCF, 0xAC, 0x61, 0x3C, 0x2E,
+        0x00, 0xAB, 0x74, 0xFB, 0x95, 0xF6, 0x64, 0xF3,
+        0xCA, 0xBF, 0x6E, 0xEF, 0xCD, 0xDD, 0x6D, 0xA5,
+        0xF8, 0x98, 0xEC, 0x38, 0xF2, 0xF0, 0x7D, 0x6D,
+        0xCB, 0x75, 0xE0, 0x50, 0x9D, 0x13, 0x19, 0x24,
+        0x07, 0x4C, 0x05, 0xF4, 0x5D, 0xCA, 0x25, 0xB7,
+        0xCF, 0xE2, 0xBC, 0xFE, 0xEC, 0xAF, 0x5F, 0xC3,
+        0x6C, 0xE6, 0xE3, 0xC5, 0x85, 0x43, 0x7B, 0x06,
+        0x9F, 0xD2, 0xC6, 0xBB, 0xAD, 0x33, 0xD6, 0x86,
+        0xBD, 0x5B, 0x9E, 0x2C, 0xA0, 0xD9, 0x8B, 0xDC,
+        0x5E, 0x71, 0x7B, 0x6D, 0xF7, 0x1D, 0x40, 0x91,
+        0x30, 0x8E, 0x84, 0x73, 0x9A, 0xD6, 0x7F, 0xA6,
+        0x79, 0xA6, 0xCE, 0xE9, 0xA6, 0x83, 0x28, 0x4B,
+        0x4F, 0xB3, 0x1B, 0x2C, 0x40, 0x8F, 0x52, 0xF0,
+        0x59, 0x7D, 0x9C, 0x04, 0xEA, 0xF4, 0xAC, 0x6D,
+        0xBB, 0x6C, 0x3F, 0xD6, 0x7F, 0x25, 0x39, 0xD8,
+        0x87, 0xDF, 0xBC, 0xF3, 0xCA, 0xE4, 0x59, 0xFA,
+        0x76, 0x66, 0x61, 0xA4, 0x8B, 0xFC, 0xFD, 0x6F,
+        0x64, 0x03, 0x99, 0xD3, 0xAF, 0x07, 0x86, 0x35,
+        0x99, 0x98, 0xCE, 0xFF, 0x7E, 0x9E, 0xB1, 0xB0,
+        0x57, 0xA6, 0x29, 0x3D, 0xFF, 0xB7, 0xF3, 0xF2,
+        0x51, 0x4B, 0x0B, 0x70, 0x29, 0x46, 0x06, 0x8A,
+        0x6B, 0xBD, 0x75, 0x30, 0xD6, 0x91, 0x7F, 0xB1,
+        0x1D, 0xBB, 0xAA, 0xBE, 0xD7, 0xAA, 0x46, 0x81,
+        0xD7, 0x8A, 0xEA, 0x91, 0x86, 0x69, 0x2D, 0xDA,
+        0x34, 0x70, 0x65, 0x2E, 0xB8, 0xA3, 0xF1, 0x44,
+        0x56, 0xA5, 0xAA, 0xC4, 0x20, 0x88, 0x3B, 0x42,
+        0x37, 0xB0, 0xA7, 0x2D, 0x91, 0x27, 0x63, 0xB6,
+        0x7A, 0xC4, 0x13, 0x1A, 0x8A, 0x5D, 0x2F, 0x16,
+        0x82, 0x96, 0xB9, 0x12, 0xD3, 0xB6, 0x61, 0xC4,
+        0xE8, 0x3C, 0xE6, 0x3A, 0x61, 0xC0, 0x45, 0xEB,
+        0xA5, 0x75, 0xEE, 0xB6, 0x7F, 0xB0, 0x70, 0xED,
+        0x82, 0x39, 0xE5, 0x1A, 0x67, 0xD9, 0x80, 0x3C,
+        0xE0, 0x0B, 0x85, 0x66, 0x74, 0xE0, 0xB7, 0x26,
+        0x66, 0x26, 0xDD, 0x02, 0x15, 0xE5, 0xEF, 0x5F,
+        0xDE, 0x7B, 0xF4, 0x0B, 0x99, 0x10, 0x21, 0x08,
+        0xFC, 0x2D, 0xF2, 0x8B, 0xDC, 0xC8, 0xEA, 0xC6,
+        0x3E, 0xFB, 0x20, 0x50, 0x1F, 0x24, 0x66, 0x99,
+        0x80, 0x88, 0xC7, 0xA0, 0xB9, 0x6D, 0x1B, 0x75,
+        0xC4, 0xC2, 0xE2, 0x52, 0xA0, 0xBF, 0x38, 0x01,
+        0x5C, 0xA5, 0x8A, 0xDA, 0x79, 0x38, 0xAE, 0x2E,
+        0xC7, 0x96, 0x6F, 0x30, 0x5B, 0xB4, 0x21, 0xC0,
+        0xCD, 0x95, 0xCA, 0xD2, 0x12, 0x7D, 0xAD, 0x87,
+        0x08, 0x6C, 0xC3, 0x8B, 0xF6, 0xB1, 0x5D, 0xAD,
+        0x2C, 0x7C, 0x04, 0x41, 0xE5, 0x34, 0x2E, 0x4B,
+        0x5A, 0xD9, 0x1E, 0x66, 0xF4, 0x23, 0xE2, 0x88,
+        0x4D, 0xD9, 0x03, 0xFE, 0x6C, 0x64, 0x7D, 0x61,
+        0xE6, 0x70, 0x0E, 0xA8, 0x83, 0x08, 0x07, 0xE6,
+        0xFD, 0x64, 0x54, 0x3E, 0x3C, 0x6E, 0x9A, 0xD1,
+        0x93, 0x37, 0x36, 0x90, 0xDE, 0x94, 0xF7, 0x16,
+        0x15, 0x47, 0x94, 0xFE, 0x97, 0x5B, 0x11, 0x80,
+        0xBA, 0x40, 0xAF, 0x7F, 0x05, 0xC1, 0x82, 0x91,
+        0x69, 0xFD, 0xFB, 0xEC, 0x3A, 0xF7, 0xCF, 0xE1,
+        0xD7, 0x9B, 0x59, 0x7E, 0xE4, 0x38, 0xA2, 0x96,
+        0xEF, 0x14, 0x6A, 0x05, 0x99, 0x71, 0xE3, 0xF9,
+        0x50, 0x8E, 0x35, 0x0B, 0x50, 0x71, 0x6D, 0xEC,
+        0xB5, 0x1B, 0xC8, 0x80, 0x2A, 0xE6, 0x2A, 0x7F,
+        0x4C, 0x2E, 0x6F, 0x7B, 0x54, 0x62, 0x0E, 0xF0,
+        0x4C, 0x00, 0xF0, 0x72, 0xAE, 0x37, 0xAC, 0x32,
+        0x7E, 0x26, 0xD3, 0x65, 0x76, 0x1C, 0x10, 0x46,
+        0x17, 0xAE, 0xE0, 0xF3, 0x28, 0xEE, 0x97, 0xE0,
+        0x86, 0x18, 0x3D, 0x46, 0xA3, 0x62, 0x1F, 0x23,
+        0xF3, 0xAC, 0x27, 0x60, 0xB8, 0x85, 0x9A, 0x96,
+        0x0E, 0xF1, 0x6F, 0xC1, 0xC6, 0xB1, 0x97, 0x8A,
+        0x74, 0x12, 0xDD, 0x73, 0x85, 0x02, 0x9C, 0x73,
+        0x61, 0xA8, 0xF7, 0x49, 0xCE, 0xBA, 0x23, 0xED,
+        0xE7, 0x9A, 0x17, 0x0E, 0xA6, 0x84, 0x59, 0xF5,
+        0x21, 0x66, 0xF5, 0xC5, 0x61, 0xF8, 0x88, 0x7E,
+        0x62, 0x0C, 0x00, 0xC6, 0x4F, 0x06, 0xBD, 0x0A,
+        0xBB, 0xCD, 0xE5, 0x11, 0x7A, 0xBC, 0xFD, 0x03,
+        0xB6, 0xD1, 0xBA, 0x4F, 0x30, 0xFA, 0x96, 0x75,
+        0xD8, 0x2D, 0x7A, 0x43, 0x0D, 0x58, 0x41, 0x46,
+        0xBA, 0x72, 0x06, 0xCB, 0xBD, 0xD9, 0xBE, 0xA1,
+        0xEA, 0x47, 0x08, 0x3D, 0xF9, 0x32, 0x23, 0x9C,
+        0xAA, 0x02, 0x1D, 0xA3, 0x3E, 0x43, 0xF1, 0x68,
+        0xD8, 0xBE, 0x9F, 0x0E, 0xA8, 0xA8, 0x52, 0xC4,
+        0x0A, 0xDE, 0x43, 0x9D, 0x58, 0xA8, 0x05, 0xD4,
+        0x74, 0xF8, 0x93, 0x21, 0x62, 0x6E, 0x33, 0x78,
+        0x3C, 0x23, 0xEB, 0x60, 0x1C, 0x4C, 0x25, 0xFE,
+        0x0F, 0x5E, 0x73, 0xC3, 0xAD, 0x33, 0x9A, 0x7D,
+        0x69, 0x6B, 0xAB, 0x2C, 0xAA, 0x5F, 0xBF, 0x96,
+        0x62, 0x3A, 0xF0, 0x63, 0x41, 0x00, 0xC7, 0x4C,
+        0x81, 0x4D, 0x42, 0x43, 0x25, 0xBC, 0x30, 0xB6,
+        0x0B, 0xEE, 0xFC, 0x18, 0x3E, 0x68, 0x0E, 0x64,
+        0x5C, 0xD4, 0x22, 0x2A, 0xBA, 0xB5, 0xC6, 0x7E,
+        0x67, 0x11, 0x1C, 0x4C, 0x03, 0x30, 0xEC, 0x0C,
+        0x77, 0xB2, 0x2B, 0xBC, 0x98, 0xF7, 0x52, 0x8C,
+        0x95, 0x66, 0xE1, 0x71, 0xDD, 0x26, 0xA7, 0x7F,
+        0x87, 0xF3, 0x94, 0x2E, 0x0D, 0x3E, 0xFE, 0xAD,
+        0x0A, 0xDA, 0x3B, 0x77, 0x49, 0xC5, 0x1D, 0xED,
+        0x5F, 0xDA, 0x3F, 0xE6, 0xE7, 0x96, 0x58, 0xF1,
+        0x02, 0x30, 0x68, 0xB9, 0x62, 0xD0, 0x58, 0xA2,
+        0x89, 0x65, 0x12, 0x20, 0x1E, 0x4C, 0xE7, 0xB6,
+        0x98, 0x12, 0x52, 0xF0, 0xE8, 0x55, 0xBC, 0xFE,
+        0x1F, 0x44, 0x42, 0x36, 0xC9, 0x30, 0xE4, 0x9A,
+        0x13, 0xB3, 0x7A, 0xF4, 0xF5, 0x97, 0xC0, 0x5D,
+        0xCA, 0x23, 0xCC, 0x05, 0xC4, 0x3C, 0x32, 0xA2,
+        0x11, 0x08, 0x17, 0xCB, 0x30, 0x6B, 0xA4, 0x7D,
+        0x24, 0x5E, 0x50, 0x22, 0x2E, 0x23, 0xC6, 0x55,
+        0x6B, 0xD7, 0x5D, 0x50, 0xEE, 0xF8, 0xBE, 0xB0,
+        0xDE, 0x83, 0x5C, 0x8D, 0xD2, 0xE1, 0x5C, 0x70,
+        0x66, 0x70, 0x59, 0x8F, 0x86, 0x50, 0x71, 0x71,
+        0x04, 0x69, 0xEC, 0xB3, 0x47, 0x9E, 0xE0, 0x26,
+        0xB1, 0x9F, 0xE6, 0x21, 0xAC, 0x99, 0x12, 0x6B,
+        0x97, 0x9E, 0x1B, 0xA1, 0xDD, 0xA8, 0xE6, 0x11,
+        0x12, 0x97, 0xC1, 0x0E, 0x4A, 0x77, 0xF5, 0x52,
+        0xF8, 0x09, 0xE9, 0x01, 0x63, 0x56, 0x4E, 0xFA,
+        0x24, 0x39, 0x36, 0xB9, 0xF2, 0x6E, 0x07, 0x28,
+        0x7F, 0xA4, 0x07, 0x7C, 0xA2, 0x69, 0x7B, 0xED,
+        0x6A, 0x4F, 0x0A, 0x95, 0x99, 0x05, 0x60, 0xE7,
+        0x58, 0xD9, 0x90, 0xB4, 0xC1, 0x92, 0x0F, 0x9E,
+        0x1A, 0xBE, 0x0B, 0x58, 0x96, 0x50, 0x61, 0x1C,
+        0x2D, 0x5A, 0x13, 0xAA, 0x5F, 0x4E, 0x2B, 0x88,
+        0xBE, 0xAB, 0x93, 0x72, 0xF4, 0x68, 0xB8, 0x30,
+        0x91, 0xCD, 0x0A, 0x53, 0x8A, 0x35, 0x82, 0x93,
+        0x4F, 0x66, 0xCA, 0xCD, 0xF2, 0x39, 0x98, 0xFE,
+        0xC2, 0xFE, 0xFE, 0x51, 0x35, 0xF1, 0xB5, 0x62,
+        0x2D, 0x1A, 0xE9, 0x43, 0x25, 0x5E, 0x05, 0xE4,
+        0x8B, 0xFE, 0x91, 0x2F, 0x4F, 0x24, 0x1B, 0x2B,
+        0xAC, 0x49, 0x9C, 0x14, 0xB0, 0x58, 0xA3, 0xA8,
+        0xEE, 0xB9, 0xD1, 0xFA, 0x4D, 0x44, 0x2E, 0x23,
+        0xFC, 0x59, 0x77, 0xA5, 0x60, 0x2E, 0xDC, 0xEB,
+        0x7B, 0x7B, 0x26, 0x95, 0xE1, 0x87, 0xB7, 0x94,
+        0xF8, 0x4B, 0x96, 0x63, 0x15, 0xB1, 0xBB, 0xA5,
+        0xC0, 0x4A, 0x72, 0x02, 0x4A, 0x80, 0x5F, 0xB1,
+        0x94, 0x73, 0xB7, 0x06, 0xB8, 0x13, 0x76, 0x42,
+        0xAD, 0xB1, 0xC6, 0x6C, 0xFD, 0x64, 0xF2, 0x60,
+        0xBB, 0x1B, 0x7A, 0xAD, 0xF6, 0xC2, 0x96, 0xB3,
+        0x5F, 0x30, 0xB9, 0xD7, 0x70, 0x8A, 0x9D, 0x41,
+        0xE7, 0x23, 0xFA, 0xD4, 0xE8, 0x72, 0xAF, 0x73,
+        0xF8, 0x8C, 0x26, 0xAB, 0x65, 0x1B, 0xD5, 0x7A,
+        0x21, 0xE2, 0x8C, 0xE8, 0xC2, 0x47, 0xD5, 0x8E,
+        0x47, 0x9F, 0x79, 0x68, 0x87, 0x6F, 0xCE, 0xD3,
+        0x5D, 0x2B, 0x87, 0xD2, 0xDF, 0x14, 0x43, 0x47,
+        0x03, 0x3D, 0xF4, 0xCB, 0x50, 0xDE, 0x52, 0xD8,
+        0x98, 0x41, 0x46, 0x3F, 0x5D, 0xFB, 0x6D, 0x6F,
+        0xF6, 0xD9, 0xE8, 0x2B, 0xBA, 0xB3, 0xB1, 0xEC,
+        0x58, 0x77, 0x8A, 0xB8, 0xF3, 0x6D, 0xBC, 0x68,
+        0x22, 0xEA, 0xE3, 0x2F, 0xB6, 0xCB, 0x67, 0x30,
+        0xCB, 0x33, 0x1C, 0x39, 0x5C, 0x27, 0x4A, 0xE7,
+        0xE3, 0x7B, 0x40, 0x9B, 0x7C, 0x66, 0x32, 0xE7,
+        0x6D, 0xAA, 0x97, 0xB8, 0x0F, 0x1E, 0x0C, 0xB4,
+        0x7A, 0xA3, 0x66, 0xA8, 0xE3, 0x50, 0xEA, 0x36,
+        0x74, 0x65, 0x92, 0xEC, 0x9B, 0x1E, 0x97, 0xF0,
+        0x2F, 0x99, 0xD6, 0x00, 0x21, 0x37, 0x0B, 0x89,
+        0x93, 0xC6, 0x80, 0xA1, 0x02, 0xDC, 0x96, 0x5D,
+        0x20, 0xB7, 0x57, 0xF4, 0x17, 0x7A, 0x81, 0xBA,
+        0x7B, 0x61, 0xD2, 0x88, 0xEF, 0xC5, 0xAD, 0xED,
+        0x4C, 0x9A, 0x94, 0xA5, 0x7B, 0x2C, 0x6B, 0xD2,
+        0x97, 0x7E, 0x23, 0x64, 0x0A, 0x66, 0x98, 0x47,
+        0xEE, 0x81, 0xB1, 0x49, 0x0B, 0xE3, 0x8A, 0xC4,
+        0x3E, 0x52, 0x2C, 0x8D, 0x09, 0xA2, 0x07, 0xB6,
+        0x2A, 0x8B, 0x07, 0x9A, 0x24, 0x84, 0xDE, 0xD1,
+        0x00, 0x63, 0xD7, 0xA1, 0x3F, 0xBF, 0x0C, 0xA8,
+        0xEE, 0xDC, 0x2B, 0xF6, 0x7B, 0xD8, 0x78, 0x53,
+        0x35, 0xB8, 0x29, 0x5A, 0xFE, 0x6B, 0x35, 0x6E,
+        0x20, 0x62, 0x24, 0x17, 0x0E, 0x87, 0x23, 0x1A,
+        0x77, 0x2D, 0x21, 0x84, 0x37, 0xBF, 0x7D, 0x68,
+        0xAC, 0x2A, 0xF9, 0x3F, 0x11, 0x27, 0x18, 0x4F,
+        0xA2, 0x15, 0x21, 0x47, 0x9E, 0x56, 0xFF, 0x22,
+        0xE8, 0x0F, 0x61, 0xBC, 0x28, 0xB8, 0xD2, 0xE7,
+        0x1B, 0x3D, 0x1D, 0x94, 0x28, 0x1B, 0x69, 0x56,
+        0x00, 0xC8, 0xB0, 0xFD, 0x8E, 0x1D, 0x7E, 0x81,
+        0x1F, 0x4C, 0xCF, 0xE1, 0x6E, 0x3F, 0x57, 0x95,
+        0xC2, 0x4A, 0xA0, 0xA0, 0x16, 0x7E, 0x30, 0x5C,
+        0x28, 0x87, 0x5C, 0x8F, 0xA9, 0x38, 0x9B, 0x72,
+        0xF7, 0x90, 0x86, 0xF6, 0xEC, 0xC1, 0x6C, 0x88,
+        0xB0, 0x78, 0x3A, 0x58, 0x15, 0xFB, 0x6F, 0x77,
+        0xCD, 0xC7, 0xCC, 0xC3, 0x8D, 0x60, 0xE7, 0x87,
+        0xBE, 0x9C, 0xBF, 0xFA, 0xA6, 0x2E, 0xF9, 0x59,
+        0xA5, 0xE5, 0xDC, 0xDE, 0xB6, 0x25, 0x5C, 0x8E,
+        0x0D, 0x2E, 0x01, 0xFE, 0x05, 0xEF, 0xF9, 0xE7,
+        0x81, 0x02, 0xBE, 0xA2, 0x91, 0x40, 0x57, 0xD3,
+        0x6E, 0x3D, 0x1B, 0x48, 0x50, 0x7A, 0xB6, 0xB1,
+        0x76, 0x40, 0x47, 0x0F, 0xE3, 0xF1, 0x7A, 0x8B,
+        0x6A, 0x5E, 0x04, 0xE5, 0x34, 0x56, 0xC5, 0xD9,
+        0xE5, 0x0F, 0x74, 0x5D, 0xE0, 0x6F, 0x9A, 0xED,
+        0xF4, 0xBF, 0xCF, 0x31, 0xB0, 0xC6, 0xED, 0x12,
+        0x13, 0x36, 0x54, 0xCB, 0xC8, 0xDE, 0xF7, 0xF6,
+        0x60, 0x9E, 0x12, 0x2C, 0x2E, 0x4C, 0x93, 0x3E,
+        0x6F, 0xCB, 0x0F, 0x3D, 0x8C, 0xCA, 0xE8, 0xCA,
+        0x0B, 0x10, 0xED, 0xDA, 0xE8, 0xDB, 0x29, 0x7C,
+        0x8B, 0x32, 0x31, 0xC8, 0x94, 0x34, 0xA5, 0xF5,
+        0x4D, 0x01, 0x28, 0xC8, 0x3A, 0xA6, 0xFD, 0xE2,
+        0x9A, 0xB7, 0x0C, 0xDA, 0x43, 0x78, 0x45, 0x45,
+        0xFE, 0xE9, 0xFF, 0x6E, 0xD4, 0x44, 0xF8, 0x88,
+        0x66, 0x4D, 0xD2, 0x2B, 0x2E, 0x2D, 0xF5, 0x7C,
+        0xA6, 0x53, 0xB6, 0xD2, 0x10, 0xE6, 0xB4, 0x0B,
+        0x7F, 0xC2, 0x1F, 0xE0, 0x63, 0x90, 0xCA, 0x5D,
+        0x5E, 0x60, 0xF5, 0x8A, 0xB1, 0x4C, 0x49, 0x03,
+        0xD4, 0x38, 0xAE, 0xEF, 0xB1, 0x7C, 0xA4, 0xB9,
+        0x98, 0x70, 0x6A, 0x0E, 0xD6, 0xA4, 0xA6, 0xF4,
+        0x74, 0xB1, 0xBA, 0x1D, 0x48, 0xCC, 0xC1, 0x14,
+        0x3C, 0x84, 0xA8, 0xD2, 0xE7, 0x8D, 0xEC, 0x11,
+        0x61, 0x8C, 0x76, 0xB6, 0xDA, 0x28, 0xBC, 0x39,
+        0xDF, 0x68, 0xAD, 0x24, 0xA4, 0x07, 0xE1, 0x07,
+        0x33, 0xDD, 0x18, 0x9D, 0x5D, 0xAA, 0x90, 0x4B,
+        0xEF, 0x88, 0x18, 0x6E, 0xB6, 0x83, 0x21, 0x45,
+        0x94, 0x0F, 0x15, 0xB8, 0xAC, 0xD9, 0xD1, 0x8D,
+        0x4F, 0x17, 0xC8, 0xD9, 0x17, 0xB0, 0x9D, 0x54,
+        0xF2, 0x5F, 0x56, 0x09, 0xD3, 0x80, 0x20, 0x77,
+        0x44, 0x23, 0x90, 0xAB, 0xB6, 0x0B, 0x51, 0xA7,
+        0x41, 0xC5, 0xD4, 0x42, 0x5B, 0xD4, 0x67, 0x89,
+        0xE6, 0xEC, 0x1E, 0x7D, 0x22, 0xD5, 0x6E, 0x7F,
+        0x34, 0xCE, 0x7A, 0x07, 0x2B, 0x63, 0x0A, 0x69,
+        0x51, 0x71, 0x8C, 0x13, 0x63, 0xB8, 0x79, 0x6D,
+        0x94, 0xEA, 0xAF, 0x86, 0x30, 0xD2, 0x22, 0x6C,
+        0x67, 0x82, 0x6C, 0xDE, 0xEA, 0x71, 0xE8, 0xD1,
+        0x36, 0xF3, 0x64, 0x2F, 0x79, 0xE6, 0x92, 0xF0,
+        0x4B, 0x05, 0x14, 0x7E, 0x40, 0xCE, 0x0C, 0x53,
+        0xCA, 0x08, 0xEF, 0x0A, 0xA6, 0xA5, 0x73, 0x99,
+        0xFD, 0xF3, 0xED, 0xBD, 0x54, 0x56, 0x6E, 0x66,
+        0xEF, 0xCC, 0xE1, 0x6F, 0x0C, 0x44, 0x76, 0x84,
+        0xF5, 0x55, 0x2B, 0xA3, 0x6B, 0x20, 0x60, 0x54,
+        0x3F, 0xC1, 0x35, 0x58, 0xD8, 0xD8, 0x9E, 0x18,
+        0x63, 0x70, 0x73, 0xEF, 0x6A, 0x87, 0x46, 0x77,
+        0xA9, 0x7F, 0x9F, 0xA0, 0x23, 0x4B, 0x14, 0x00,
+        0x61, 0xC7, 0xE3, 0x44, 0xBE, 0xD6, 0x09, 0x71,
+        0xE3, 0x58, 0x44, 0x9A, 0xCD, 0x17, 0xE5, 0x8E,
+        0x6D, 0x05, 0xBB, 0x21, 0x44, 0xD7, 0x4B, 0xD8,
+        0x9A, 0xE9, 0x7A, 0x75, 0x91, 0x43, 0xAD, 0x84,
+        0x5B, 0x02, 0x70, 0xBE, 0x67, 0x0B, 0x1E, 0x1E,
+        0x92, 0xB8, 0xC7, 0xB6, 0x5F, 0xE1, 0x60, 0x23,
+        0xF5, 0x30, 0xE4, 0xD0, 0xCF, 0x70, 0x03, 0xD1,
+        0x85, 0x4A, 0x50, 0xDC, 0xF4, 0x9C, 0x29, 0xAB,
+        0x0E, 0xA4, 0x7B, 0x2E, 0x3B, 0xDB, 0xBF, 0x52,
+        0xD5, 0x8A, 0x91, 0x47, 0xA9, 0xD1, 0x23, 0xEB,
+        0xC5, 0x6F, 0x11, 0xBB, 0xEE, 0xBB, 0x29, 0xD7,
+        0x31, 0xAB, 0x99, 0x27, 0x5E, 0xF3, 0xA9, 0x23,
+        0xFF, 0x70, 0x87, 0x83, 0xCC, 0x26, 0x92, 0x06,
+        0xEC, 0xD3, 0x8C, 0xF9, 0x47, 0x34, 0x7D, 0x1E,
+        0x71, 0xAF, 0xCF, 0x9D, 0xBF, 0x29, 0x1B, 0x95,
+        0x27, 0x48, 0x55, 0xCE, 0xE2, 0xAC, 0x25, 0x61,
+        0x83, 0xD9, 0x7B, 0x26, 0xEF, 0x94, 0x9A, 0x95,
+        0x0C, 0xD1, 0xE4, 0x0A, 0x51, 0x50, 0x1F, 0x86,
+        0x7A, 0x7B, 0xD3, 0x83, 0x55, 0x2D, 0xFC, 0x7B,
+        0x97, 0x77, 0x17, 0x67, 0xBB, 0x9F, 0xD7, 0xD1,
+        0xDD, 0xDD, 0x49, 0x67, 0xBB, 0xF7, 0x9A, 0x45,
+        0x33, 0x24, 0xCA, 0xBC, 0xA5, 0xB2, 0x0D, 0x3F,
+        0xB0, 0x10, 0x6D, 0xB9, 0x7D, 0x03, 0x3F, 0xCD,
+        0x40, 0x37, 0x1E, 0x8A, 0xDA, 0xCD, 0xBA, 0xD7,
+        0x8D, 0x89, 0xBD, 0x5E, 0x90, 0xCF, 0x97, 0xE8,
+        0x35, 0x51, 0x87, 0x94, 0xFA, 0x3D, 0xB2, 0xB5,
+        0x01, 0xF2, 0x35, 0x75, 0x77, 0x65, 0x5B, 0x9A,
+        0x3C, 0xDA, 0x36, 0x52, 0xDF, 0xCF, 0x96, 0xBA,
+        0xB9, 0xC5, 0xF9, 0x57, 0x67, 0x0E, 0x32, 0xE5,
+        0x86, 0xE5, 0x1F, 0xD8, 0x9D, 0x7B, 0xA8, 0x76,
+        0x89, 0xFD, 0x59, 0x70, 0x88, 0x73, 0x9D, 0x87,
+        0xE1, 0x24, 0x6D, 0xC2, 0xB5, 0x1E, 0xCD, 0x54,
+        0x29, 0x25, 0x10, 0xA3, 0xB4, 0x3C, 0xB2, 0x5A,
+        0x62, 0xBD, 0xE9, 0x14, 0xEC, 0x3C, 0xBF, 0xA9,
+        0x9D, 0xEC, 0x70, 0xAC, 0x23, 0xC0, 0xDF, 0xC9,
+        0x69, 0xAD, 0x94, 0x1A, 0x69, 0x94, 0xA3, 0x70,
+        0xF9, 0x0B, 0x15, 0x5D, 0x25, 0x45, 0x63, 0xFA,
+        0xAA, 0x7D, 0x30, 0x67, 0x3C, 0x06, 0x34, 0x75,
+        0x3F, 0xD6, 0x57, 0x58, 0x8E, 0xC6, 0x60, 0x3F,
+        0x82, 0x35, 0xE9, 0x17, 0x36, 0x5D, 0xD8, 0x93,
+        0x25, 0x25, 0x1B, 0x21, 0xB2, 0xFF, 0x80, 0xF5,
+        0x44, 0xFE, 0x73, 0x84, 0xFF, 0x62, 0xFE, 0x52,
+        0xC4, 0xCA, 0x77, 0x41, 0x28, 0xC8, 0x95, 0x15,
+        0x2C, 0xC7, 0x5C, 0xA6, 0x3B, 0xA8, 0xF8, 0x1E,
+        0x01, 0x30, 0xC9, 0x3B, 0x59, 0xF9, 0x40, 0xB7,
+        0x18, 0x80, 0x21, 0x24, 0xDB, 0x8D, 0x07, 0xDF,
+        0xDC, 0x24, 0xBF, 0x2F, 0x7B, 0xD9, 0xC4, 0xEF,
+        0x61, 0x74, 0x1A, 0xF2, 0xB6, 0x98, 0x75, 0x66,
+        0x22, 0x4F, 0x11, 0x06, 0x41, 0xDB, 0x77, 0x83,
+        0xFA, 0xF3, 0x1B, 0xEC, 0xB8, 0xF7, 0x89, 0x47,
+        0xBA, 0x12, 0x3F, 0xB0, 0x0E, 0x1B, 0x6D, 0x13,
+        0x36, 0x0B, 0x16, 0xD0, 0x7C, 0x3A, 0xAA, 0x33,
+        0x6D, 0xDA, 0x1B, 0x65, 0xD4, 0xC2, 0xF2, 0x1B,
+        0xD5, 0xCD, 0x4B, 0xE9, 0xED, 0xFA, 0xFA, 0x78,
+        0x45, 0x97, 0x2D, 0x60, 0xCC, 0xE3, 0x40, 0x3E,
+        0xB5, 0xE5, 0xC8, 0x33, 0xF6, 0x4C, 0x51, 0x45,
+        0xDC, 0x08, 0xE7, 0xB3, 0x6F, 0xCF, 0xDE, 0xE8,
+        0x73, 0x0B, 0x94, 0x4F, 0x5A, 0x23, 0xF9, 0xFF,
+        0x3F, 0x0D, 0x1D, 0xCE, 0x80, 0x86, 0x3B, 0x55,
+        0x8D, 0x8A, 0x35, 0xB2, 0xAA, 0x65, 0x27, 0x69,
+        0x1D, 0xA5, 0x0C, 0xE6, 0xFA, 0x39, 0x85, 0x62,
+        0x65, 0xAD, 0xE6, 0x08, 0x38, 0xCE, 0xC9, 0xEA,
+        0x98, 0x73, 0x99, 0x1D, 0xB5, 0x6F, 0xEA, 0xE8,
+        0xEE, 0xE2, 0xEC, 0xF4, 0x32, 0x44, 0x96, 0x5A,
+        0x13, 0xCC, 0x1D, 0x23, 0x0E, 0x91, 0x72, 0xD8,
+        0x2A, 0xD2, 0x3D, 0x6A, 0x6E, 0x2A, 0x37, 0x7A,
+        0x7F, 0x67, 0xF6, 0x40, 0xBF, 0x3A, 0x36, 0x3B,
+        0xC8, 0x1A, 0x78, 0x6D, 0x12, 0xB0, 0x35, 0xA3,
+        0x18, 0x55, 0x33, 0x70, 0x48, 0x48, 0x52, 0x8F,
+        0xB4, 0x59, 0x58, 0xEB, 0xAA, 0xB3, 0x03, 0x67,
+        0x4F, 0xFF, 0xA5, 0x68, 0xE7, 0xAE, 0xAF, 0x46,
+        0x3D, 0x66, 0x6B, 0x60, 0x21, 0x26, 0x31, 0x83,
+        0xBE, 0xE8, 0x1E, 0x72, 0x92, 0x87, 0x79, 0x24,
+        0xCF, 0xDE, 0xEF, 0x6F, 0x81, 0x73, 0xA1, 0x34,
+        0x7B, 0x99, 0x94, 0x43, 0x33, 0xF4, 0x8B, 0x36,
+        0xC8, 0xC5, 0xF8, 0xC1, 0x6D, 0x22, 0x6D, 0xA3,
+        0xC9, 0xDA, 0x5F, 0x4C, 0xE7, 0x7F, 0x00, 0xE4,
+        0x42, 0xD8, 0x5C, 0x73, 0xE5, 0x78, 0x0C, 0x36,
+        0x28, 0xD9, 0x83, 0x8F, 0xCA, 0xFA, 0x5D, 0x1D,
+        0x34, 0x05, 0xF1, 0x93, 0x6C, 0xBC, 0xFD, 0x2C,
+        0x52, 0xD4, 0xE8, 0x8D, 0xA9, 0xC9, 0x0D, 0xFF,
+        0x28, 0x5E, 0x3E, 0x91, 0x12, 0xC0, 0x3C, 0xBA,
+        0x58, 0x64, 0x7E, 0x6B, 0x4E, 0xC0, 0x77, 0xB1,
+        0x67, 0x08, 0x16, 0xF5, 0x7E, 0x29, 0x42, 0x81,
+        0x6A, 0x6F, 0x34, 0x21, 0x32, 0x64, 0x9A, 0xA6,
+        0x44, 0xD1, 0x4F, 0x41, 0xAB, 0xC5, 0x26, 0x4A,
+        0xFA, 0x70, 0xBC, 0xAE, 0x3D, 0x67, 0x9B, 0x86,
+        0xF5, 0x1A, 0xF2, 0x44, 0x70, 0x52, 0xD0, 0x78,
+        0xA0, 0xEA, 0x56, 0x39, 0x0B, 0x37, 0x2A, 0x15,
+        0x13, 0xBC, 0xD2, 0xEA, 0x46, 0x6D, 0xCB, 0x5A,
+        0x4D, 0x86, 0x47, 0x4F, 0xA1, 0xE2, 0x6B, 0xC0,
+        0xA8, 0x3F, 0x58, 0x5C, 0x79, 0xAD, 0x62, 0x17,
+        0xBC, 0x96, 0xAF, 0x77, 0x1F, 0x74, 0xD1, 0x42,
+        0xBF, 0x5E, 0x91, 0xA9, 0x28, 0x44, 0xC5, 0x4E,
+        0x76, 0x6B, 0xF2, 0xD3, 0x69, 0x8C, 0x0E, 0x4F,
+        0x61, 0x76, 0xAD, 0xDC, 0x79, 0xE9, 0x74, 0xA4,
+        0x66, 0xFB, 0x2E, 0x0C, 0xBB, 0x42, 0xC5, 0x3F,
+        0x59, 0xB0, 0xDC, 0xB0, 0x32, 0xCD, 0x37, 0x56,
+        0x1B, 0xD2, 0x46, 0xED, 0x52, 0xC8, 0x12, 0xEA,
+        0xA3, 0x6B, 0xB9, 0xE5, 0xB3, 0x2A, 0xF3, 0x9B,
+        0x0F, 0xC3, 0x77, 0x5F, 0x9A, 0xE1, 0x20, 0xBC,
+        0x59, 0x44, 0x9B, 0x7B, 0x77, 0xB1, 0xBA, 0x1A,
+        0x5B, 0x60, 0x06, 0x6C, 0x85, 0x83, 0x68, 0xDD,
+        0x5A, 0xC8, 0xEE, 0xDC, 0xFE, 0x1F, 0x83, 0xF5,
+        0x2C, 0x53, 0x62, 0xED, 0xE8, 0x93, 0xB7, 0x22,
+        0x3E, 0xCB, 0x70, 0xBA, 0xA6, 0x6D, 0xB2, 0x91,
+        0x47, 0xB8, 0x04, 0x37, 0x20, 0x1F, 0xEF, 0x71,
+        0xB0, 0x5F, 0xF2, 0x51, 0x03, 0x5F, 0x88, 0xCA,
+        0xFF, 0x42, 0xE8, 0x2A, 0x43, 0x02, 0xD3, 0x60,
+        0x98, 0x26, 0x8B, 0x74, 0xF4, 0x18, 0x3D, 0x4D,
+        0x19, 0xF1, 0x3B, 0x87, 0xE9, 0x83, 0x37, 0x15,
+        0x7D, 0xA5, 0xEF, 0xBB, 0xF3, 0x4F, 0x48, 0xCA,
+        0x40, 0x65, 0xD3, 0xE3, 0xBA, 0xCC, 0x83, 0x83,
+        0x3F, 0xEE, 0xBA, 0x57, 0x34, 0x6D, 0x16, 0x9F,
+        0x1B, 0xE6, 0xA0, 0x4C, 0x29, 0xC8, 0x2F, 0xD2,
+        0x25, 0xA3, 0xF7, 0xC6, 0x85, 0x12, 0x4F, 0x53,
+        0x7E, 0xC0, 0xE1, 0x0A, 0xB8, 0x58, 0x34, 0xBA,
+        0x3E, 0x65, 0x4F, 0x19, 0x55, 0x5C, 0xB9, 0x74,
+        0x6B, 0x74, 0xCE, 0x43, 0xA2, 0xC7, 0x8B, 0x21,
+        0x70, 0x8C, 0x3B, 0xEF, 0x87, 0xC1, 0xE8, 0x8F,
+        0x08, 0x10, 0xB4, 0xED, 0xE1, 0x81, 0x14, 0xE9,
+        0x2A, 0x43, 0x13, 0xB4, 0xEA, 0xA0, 0x5F, 0x60,
+        0x93, 0x7E, 0x87, 0x6D, 0xA2, 0x57, 0x63, 0x32,
+        0xAE, 0xC3, 0x8C, 0xCD, 0x42, 0x5E, 0xFD, 0x51,
+        0x1A, 0x39, 0xB9, 0xB4, 0xBD, 0x4C, 0xF3, 0xF2,
+        0xE2, 0x70, 0x9A, 0x05, 0xF9, 0x39, 0xE5, 0xFC,
+        0x59, 0x7D, 0x4E, 0x85, 0x12, 0x02, 0xC9, 0xC2,
+        0xC5, 0x71, 0x3A, 0xD5, 0x73, 0xF7, 0x5A, 0xC5,
+        0x49, 0x0D, 0xEE, 0xCF, 0x9D, 0xB8, 0xDE, 0xE2,
+        0x03, 0x99, 0x70, 0x6B, 0x19, 0x29, 0xA4, 0xE8,
+        0x99, 0x00, 0xC4, 0x9C, 0x24, 0x46, 0x5E, 0x08,
+        0x09, 0x56, 0x6D, 0x9C, 0x2E, 0xF7, 0x8C, 0x52,
+        0xDB, 0xB4, 0x2F, 0x9E, 0x22, 0x7E, 0xFD, 0x1E,
+        0x1A, 0x72, 0xCB, 0x71, 0x0B, 0xD2, 0x19, 0x33,
+        0x0E, 0x69, 0xCC, 0x00, 0x49, 0x36, 0x79, 0x78,
+        0xAB, 0x11, 0x4D, 0x9A, 0xD7, 0xF9, 0x55, 0xCF,
+        0x0B, 0x7B, 0x3D, 0x32, 0x5C, 0xB3, 0x51, 0x65,
+        0x00, 0x0E, 0xD2, 0x9D, 0xBE, 0x0A, 0x19, 0x56,
+        0xF1, 0x45, 0x95, 0x83, 0xC6, 0x97, 0xCD, 0x19,
+        0xE7, 0x8B, 0x51, 0x74, 0xE4, 0xFD, 0x2C, 0xEC,
+        0x10, 0x8A, 0x7C, 0x24, 0x28, 0x0A, 0x78, 0xA3,
+        0xEC, 0x93, 0x97, 0x16, 0x4F, 0x60, 0x03, 0xFD,
+        0x85, 0x31, 0x98, 0x04, 0xE5, 0x65, 0x5A, 0x87,
+        0x9F, 0x66, 0x3D, 0xD4, 0x56, 0x3E, 0xF9, 0x98,
+        0x25, 0x21, 0xFE, 0xC2, 0x07, 0x9E, 0x88, 0x89,
+        0x49, 0x7B, 0xE9, 0x20, 0x1F, 0x6D, 0x7F, 0x24,
+        0x60, 0xA8, 0xB2, 0xDD, 0x96, 0x51, 0x0E, 0x0E,
+        0x4C, 0x83, 0xC3, 0xB1, 0x93, 0xC1, 0x1F, 0xD6,
+        0xB4, 0xB6, 0x84, 0xCE, 0x85, 0x63, 0xA5, 0x38,
+        0x0F, 0x2E, 0x55, 0xF4, 0x74, 0xA6, 0x0B, 0x63,
+        0x17, 0xD0, 0x96, 0x76, 0x15, 0xAD, 0x4F, 0xA9,
+        0xF0, 0x83, 0x25, 0xAD, 0xD7, 0x97, 0xB7, 0x9E,
+        0x6F, 0x5D, 0xC7, 0x2A, 0xD1, 0x97, 0xF5, 0xF6,
+        0x1E, 0xC8, 0x8B, 0xE5, 0xFB, 0xFF, 0x92, 0x72,
+        0x31, 0x9A, 0x49, 0x4B, 0x60, 0x8F, 0x34, 0x7C,
+        0xE1, 0x55, 0x66, 0x7A, 0x59, 0xC3, 0x00, 0x9A,
+        0x14, 0x50, 0xF3, 0x06, 0x19, 0x3C, 0xFE, 0x61,
+        0x1C, 0xF7, 0x05, 0x49, 0x2A, 0x30, 0xFF, 0x56,
+        0xFE, 0x7F, 0x71, 0xD7, 0x32, 0xCC, 0xEF, 0x63,
+        0x64, 0xE1, 0x66, 0xCF, 0xF8, 0x12, 0xED, 0x23,
+        0x11, 0xB5, 0x16, 0xFA, 0x56, 0x90, 0xF2, 0xA2,
+        0x72, 0x7B, 0x18, 0x50, 0xF2, 0x98, 0x5D, 0x48,
+        0x25, 0x5E, 0x8C, 0x47, 0xE7, 0x11, 0x50, 0x2A,
+        0x4B, 0x4A, 0x97, 0x0B, 0xDF, 0x70, 0xDC, 0x34,
+        0x47, 0xF8, 0xE2, 0x88, 0x78, 0x24, 0xB5, 0x8A,
+        0xC7, 0x58, 0xE8, 0x83, 0xF7, 0x3B, 0xAD, 0xFC,
+        0xED, 0x46, 0x40, 0xD5, 0x46, 0x35, 0x1B, 0xF3,
+        0x3E, 0x8F, 0x1E, 0x0B, 0x1B, 0xB9, 0xFB, 0x5A,
+        0xFF, 0x0F, 0x8B, 0xA0, 0x95, 0x4A, 0x8E, 0x65,
+        0x33, 0xD3, 0x7C, 0x03, 0x04, 0x8E, 0xBA, 0x6A,
+        0x55, 0xB3, 0xC5, 0xDA, 0xCB, 0xDC, 0x44, 0xD3,
+        0x98, 0x77, 0xD3, 0x07, 0x8A, 0xE9, 0x5E, 0x44,
+        0x5B, 0xED, 0x12, 0xB1, 0xA5, 0x03, 0xAF, 0xB2,
+        0x20, 0x0C, 0xB1, 0x8B, 0x08, 0xB4, 0x6A, 0x11,
+        0x96, 0xA9, 0xF5, 0x7A, 0xFD, 0x56, 0x48, 0x11,
+        0xC0, 0x30, 0xA4, 0x45, 0xFC, 0xAE, 0x72, 0xE5,
+        0x5E, 0x85, 0xB7, 0x6F, 0xA0, 0x50, 0x13, 0x4B,
+        0x2E, 0xC2, 0x31, 0x13, 0xED, 0x04, 0x04, 0x3D,
+        0xBC, 0xD0, 0xB6, 0xFC, 0xCE, 0xBD, 0xC9, 0x13,
+        0x5C, 0xB2, 0x02, 0xB8, 0x4F, 0xDD, 0x74, 0x51,
+        0x1F, 0x9E, 0x8F, 0x0C, 0xF2, 0x26, 0xE1, 0x4C,
+        0xA5, 0xC4, 0x38, 0xC7, 0x6A, 0xA5, 0xC3, 0xC2,
+        0xE9, 0xF3, 0x22, 0x71, 0x00, 0x91, 0x83, 0xEE,
+        0x92, 0xA9, 0x95, 0x81, 0x9D, 0xB9, 0x0F, 0x66,
+        0x89, 0x9B, 0xB9, 0xB0, 0xC7, 0xED, 0x31, 0xDF,
+        0x41, 0xB6, 0x8E, 0x52, 0xAC, 0x5B, 0xBD, 0xF2,
+        0x33, 0x9F, 0x71, 0x5E, 0x43, 0xFE, 0xED, 0xD9,
+        0x4F, 0x57, 0xF9, 0x23, 0x05, 0x23, 0x03, 0x34,
+        0x17, 0xE4, 0x22, 0x27, 0x97, 0xF7, 0x62, 0x5B,
+        0x52, 0x66, 0x70, 0xEE, 0x6B, 0xD3, 0x46, 0x8C,
+        0xCD, 0x9B, 0xA4, 0xA1, 0xED, 0x26, 0x4A, 0xAC,
+        0xC2, 0x50, 0xA8, 0x2A, 0x48, 0x83, 0x46, 0xB2,
+        0xA5, 0xF9, 0x26, 0xF2, 0xE7, 0x8A, 0x8E, 0xD8,
+        0x40, 0x5F, 0x85, 0x8E, 0xAB, 0xB0, 0x29, 0xF7,
+        0x81, 0x42, 0xA7, 0x4B, 0xD5, 0xA8, 0x2D, 0x3D,
+        0xD7, 0x0A, 0xB1, 0x26, 0xCF, 0xA3, 0xBA, 0xD7,
+        0xF5, 0x1B, 0x9E, 0x95, 0xCB, 0xC8, 0xCE, 0x75,
+        0xE7, 0x7A, 0x4A, 0x1B, 0x63, 0x21, 0xB7, 0x74,
+        0x77, 0x78, 0xCD, 0x03, 0x5B, 0x3B, 0xCD, 0x44,
+        0x8E, 0xF1, 0xBB, 0xB6, 0xFF, 0x75, 0x52, 0x8A,
+        0x7A, 0xE9, 0xAF, 0x62, 0x24, 0xA1, 0x6F, 0x4F,
+        0x45, 0x03, 0x87, 0xA3, 0xED, 0xBC, 0x2E, 0x92,
+        0xC0, 0xB1, 0x9C, 0x22, 0x2E, 0x35, 0xC1, 0xA5,
+        0x7E, 0xC3, 0x36, 0x3B, 0x18, 0x14, 0x78, 0x6E,
+        0x1D, 0x37, 0xD7, 0x92, 0xB3, 0x78, 0x26, 0x13,
+        0x9A, 0xFB, 0x38, 0x1D, 0xE0, 0x4C, 0x07, 0xC4,
+        0x2C, 0xD3, 0xCA, 0x78, 0xE4, 0x70, 0xC2, 0x52,
+        0x7C, 0x63, 0xDB, 0x4B, 0xB4, 0x0A, 0x4B, 0x7D,
+        0x20, 0x67, 0xF0, 0xF4, 0x80, 0x5B, 0x65, 0x8B,
+        0x29, 0x80, 0x92, 0xF0, 0x87, 0x3D, 0x09, 0x5A,
+        0x0E, 0xEA, 0x45, 0x63, 0x92, 0x99, 0xD6, 0x0D,
+        0x2B, 0x58, 0xEE, 0x19, 0x03, 0x4F, 0x94, 0x2D,
+        0xEC, 0xBF, 0x5A, 0xE9, 0xA6, 0x16, 0xAF, 0x72,
+        0x37, 0x5C, 0x12, 0xBB, 0x7D, 0xED, 0xAA, 0x6A,
+        0x7D, 0xDF, 0x9A, 0x48, 0x37, 0x37, 0x3D, 0x7B,
+        0x51, 0x96, 0x0B, 0x30, 0xCE, 0x9C, 0xE7, 0x3B,
+        0x3C, 0x10, 0xDE, 0x32, 0xA7, 0x86, 0x39, 0xA9,
+        0x33, 0x7D, 0x9B, 0xCF, 0x15, 0x27, 0xA4, 0x36,
+        0x88, 0xBD, 0xB6, 0xEB, 0x8B, 0xD0, 0x3D, 0xCA,
+        0xF1, 0x02, 0x70, 0xDF, 0xC0, 0xE2, 0xF0, 0xD2,
+        0x2C, 0x27, 0xE3, 0x22, 0x24, 0x33, 0x27, 0x34,
+        0xCA, 0x26, 0x19, 0x74, 0x02, 0x2F, 0x7E, 0xC1,
+        0x76, 0xCB, 0x12, 0xBE, 0x6F, 0x13, 0x62, 0x1F,
+        0x32, 0x03, 0x65, 0xCF, 0xBB, 0x03, 0xD0, 0x4C,
+        0xF2, 0x9E, 0xFE, 0x93, 0xE9, 0x1B, 0x02, 0x9B,
+        0x7B, 0x26, 0xFF, 0xEE, 0xF0, 0x6F, 0xCE, 0x57,
+        0xD1, 0x2B, 0xE3, 0x90, 0x2E, 0xE2, 0x71, 0x2A,
+        0xBA, 0xCC, 0x3D, 0x27, 0xCE, 0xA3, 0x5A, 0xCA,
+        0x15, 0x09, 0xE4, 0xD0, 0x86, 0x4F, 0xEC, 0x5A,
+        0x5B, 0x41, 0xA0, 0xE0, 0x3E, 0x1D, 0xEC, 0x6F,
+        0x2A, 0x33, 0x72, 0x15, 0xCD, 0xE5, 0x55, 0xD6,
+        0x6F, 0x84, 0xE3, 0xD6, 0x75, 0x5D, 0xDC, 0x1C,
+        0x07, 0x3D, 0x0C, 0xDC, 0xDE, 0xF8, 0x8A, 0x44,
+        0x40, 0xB1, 0x76, 0x84, 0xB8, 0xE0, 0xAF, 0x9D,
+        0xA2, 0xB2, 0x84, 0xAA, 0xBF, 0x61, 0x08, 0x21,
+        0xE5, 0xC2, 0xC9, 0x11, 0x94, 0x2D, 0x0B, 0xD1,
+        0xC6, 0x59, 0xC1, 0xEE, 0xBA, 0x8E, 0x21, 0xAF,
+        0xDE, 0x32, 0x77, 0xD5, 0x07, 0x3B, 0x98, 0x39,
+        0x95, 0x77, 0x03, 0x80, 0x2F, 0xA2, 0x76, 0xC8,
+        0x2C, 0xC6, 0x6A, 0x00, 0xA8, 0x69, 0x77, 0xB8,
+        0x87, 0x7D, 0xC0, 0x51, 0x19, 0x45, 0x14, 0xA6,
+        0x33, 0xB3, 0x4D, 0x36, 0x29, 0x34, 0xE8, 0x50,
+        0xC2, 0x71, 0x7A, 0x0B, 0xE5, 0x92, 0x4E, 0x86,
+        0xAA, 0xDA, 0x33, 0xCF, 0x34, 0x54, 0x63, 0x2C,
+        0x68, 0xA1, 0x0A, 0xEF, 0x8B, 0x5B, 0xAA, 0x10,
+        0x83, 0xE9, 0x13, 0x7D, 0x29, 0x20, 0xA2, 0x5F,
+        0x96, 0x9F, 0x54, 0x0B, 0x95, 0xDF, 0x59, 0x91,
+        0x6C, 0x4C, 0xAC, 0xC4, 0x55, 0x98, 0x8F, 0x46,
+        0x31, 0x77, 0x56, 0xCC, 0x93, 0x7E, 0xF0, 0x17,
+        0x7C, 0x0F, 0xEB, 0x3F, 0x23, 0xBB, 0xD3, 0x56,
+        0x9E, 0x89, 0x67, 0xC4, 0x9B, 0x95, 0xA3, 0xBF,
+        0x6D, 0x9D, 0x6D, 0x7C, 0x72, 0x27, 0x20, 0x6E,
+        0x28, 0x37, 0x39, 0xFC, 0x77, 0x41, 0xE9, 0xFE,
+        0x64, 0xEF, 0xA0, 0x38, 0x9F, 0xC7, 0x2F, 0xDA,
+        0xC8, 0x1F, 0xEB, 0x75, 0x07, 0xB8, 0x7E, 0x6B,
+        0x73, 0xCE, 0x0E, 0x7C, 0x7C, 0x54, 0x06, 0x1D,
+        0x48, 0x8A, 0x06, 0x53, 0x95, 0x9B, 0x75, 0x8A,
+        0xFF, 0x6F, 0x7D, 0x19, 0x00, 0x17, 0x8D, 0x7C,
+        0x1A, 0xEA, 0xD0, 0x79, 0x45, 0x68, 0xF9, 0x2F,
+        0x8A, 0xCE, 0x98, 0xED, 0xCC, 0xE8, 0x6D, 0xE1,
+        0x08, 0xA0, 0x50, 0x2C, 0x43, 0x49, 0xC4, 0x99,
+        0x98, 0x31, 0xDE, 0x00, 0xE8, 0x08, 0x39, 0x0B,
+        0xBB, 0xDB, 0x65, 0xEA, 0x36, 0x0F, 0xBE, 0x98,
+        0xB7, 0x4A, 0x9C, 0x59, 0x34, 0x0E, 0xBB, 0xDD,
+        0x6F, 0x65, 0x21, 0x39, 0x23, 0x48, 0x57, 0x7F,
+        0xD4, 0x07, 0x89, 0x03, 0x01, 0xB0, 0x79, 0x27,
+        0x28, 0xCC, 0xFB, 0x88, 0xC5, 0xDD, 0x47, 0x2A,
+        0xDA, 0x73, 0x75, 0x9B, 0xC9, 0x99, 0xA0, 0x21,
+        0x34, 0xDF, 0xB1, 0x62, 0x2F, 0x61, 0xD8, 0xB7,
+        0x63, 0x2A, 0xC7, 0x7E, 0x3A, 0x98, 0x0B, 0x2C,
+        0xE5, 0x66, 0xF3, 0xD5, 0x30, 0xF0, 0xBC, 0x21,
+        0xC7, 0x51, 0x9B, 0xFB, 0x00, 0xBB, 0xAA, 0x9C,
+        0x85, 0xC3, 0x9B, 0x0C, 0xDC, 0x5F, 0x8D, 0x1B,
+        0xA1, 0x2B, 0x78, 0x82, 0xFE, 0x0F, 0x7C, 0x75,
+        0x6E, 0x75, 0x56, 0x74, 0x35, 0x25, 0xE5, 0xD0,
+        0xEC, 0x8E, 0xC1, 0xBD, 0x7D, 0x7A, 0xE3, 0xDC,
+        0xAD, 0xC6, 0x8D, 0xB6, 0x0D, 0x7A, 0xA1, 0x3C,
+        0xDB, 0x29, 0xFA, 0x15, 0xC0, 0xA9, 0xAF, 0x89,
+        0x0F, 0x18, 0x75, 0xE3, 0x97, 0x58, 0x62, 0x12,
+        0x79, 0xA9, 0x87, 0x7D, 0x9C, 0x69, 0x44, 0x9C,
+        0x41, 0x39, 0x2C, 0xAD, 0x98, 0x8B, 0x8D, 0xE4,
+        0x58, 0xEE, 0xCD, 0x98, 0x38, 0x5F, 0x79, 0x73,
+        0x0B, 0x5E, 0x26, 0xC1, 0x16, 0x24, 0x15, 0xD9,
+        0x73, 0x26, 0x41, 0x9B, 0x5F, 0xF9, 0x2A, 0xA8,
+        0xC1, 0x33, 0x74, 0x39, 0x1D, 0xBB, 0xE7, 0x36,
+        0xD9, 0x8C, 0x07, 0xAD, 0x32, 0xD6, 0x38, 0xBB,
+        0x44, 0xE6, 0x77, 0xC7, 0x11, 0x05, 0xCF, 0xB5,
+        0x72, 0x49, 0x68, 0x80, 0xC1, 0x67, 0x71, 0x5F,
+        0x9B, 0xFF, 0x6E, 0x71, 0x1A, 0xBE, 0x5A, 0x83,
+        0x25, 0x38, 0xC7, 0xE6, 0xDA, 0x88, 0x22, 0xDC,
+        0xA6, 0x03, 0x02, 0xD1, 0x59, 0xC6, 0xA8, 0x2F,
+        0xA4, 0x8F, 0xF8, 0x77, 0x3E, 0x0C, 0x6F, 0xA1,
+        0x73, 0xE1, 0x35, 0x55, 0xB2, 0xDF, 0xBF, 0x47,
+        0xB7, 0xD0, 0x8D, 0xBA, 0x35, 0x74, 0x44, 0x6B,
+        0xC0, 0xA7, 0x8D, 0x30, 0x08, 0xE4, 0x41, 0xD1,
+        0x55, 0x21, 0x50, 0xD9, 0x06, 0x12, 0x54, 0xB2,
+        0xF3, 0xFC, 0x5A, 0x1E, 0xF3, 0xE3, 0x84, 0x33,
+        0x34, 0x0B, 0xB5, 0x9A, 0x97, 0xFD, 0x51, 0xF4,
+        0x68, 0xFE, 0x8A, 0x92, 0xBF, 0x62, 0x9D, 0xCD,
+        0x00, 0x29, 0x39, 0x37, 0x12, 0xF3, 0x53, 0x6D,
+        0x6B, 0x24, 0xB8, 0x86, 0x68, 0xAD, 0x6A, 0x4B,
+        0x3A, 0x4C, 0x93, 0xA6, 0xB1, 0x41, 0xFA, 0x8E,
+        0x58, 0x63, 0xCD, 0x59, 0x80, 0xBF, 0xD7, 0xAB,
+        0x83, 0xC3, 0xCC, 0x5D, 0x2F, 0xBE, 0x80, 0xC7,
+        0xB1, 0x67, 0xDC, 0x92, 0x8C, 0xA9, 0x57, 0x36,
+        0x58, 0x0A, 0x52, 0x96, 0x0E, 0x20, 0x90, 0xCD,
+        0x87, 0x68, 0xF5, 0x93, 0xBB, 0x04, 0xD4, 0x48,
+        0xB6, 0x45, 0x30, 0xC0, 0xE3, 0xC2, 0x56, 0x8C,
+        0xE3, 0xA2, 0xC6, 0x42, 0x0F, 0x81, 0xF7, 0x4D,
+        0xF6, 0x88, 0x5D, 0x55, 0x07, 0x8E, 0xF1, 0xB3,
+        0x83, 0xB0, 0x20, 0x85, 0x4A, 0x63, 0x6A, 0x78,
+        0xA9, 0xEC, 0x13, 0x84, 0xF7, 0x4E, 0xBE, 0xB6,
+        0x5F, 0x5A, 0x25, 0xFF, 0xD4, 0x14, 0x7D, 0xA7,
+        0xEE, 0x40, 0xF6, 0x25, 0x7C, 0x7E, 0x34, 0xCA,
+        0xC9, 0x27, 0x0E, 0xA2, 0x78, 0xB6, 0xE6, 0x08,
+        0xA1, 0x9B, 0x56, 0x8D, 0x29, 0xE5, 0x8D, 0xEC,
+        0xAD, 0xDA, 0xD3, 0x3C, 0x59, 0xBA, 0xDB, 0x92,
+        0x52, 0x99, 0x3B, 0x31, 0x6B, 0x0B, 0x13, 0x00,
+        0x79, 0x3D, 0x69, 0x85, 0x3A, 0x6B, 0x90, 0x33,
+        0x96
+    };
+    static const byte rnd_44[] = {
+        0x08, 0x34, 0x57, 0xD4, 0x0E, 0x25, 0x04, 0x88,
+        0xA6, 0x0E, 0x76, 0x34, 0xA0, 0x1D, 0x43, 0x0A,
+        0x60, 0xE8, 0x57, 0x2B, 0xA8, 0x8A, 0xED, 0xC5,
+        0x54, 0x49, 0x18, 0x81, 0x37, 0x13, 0xA0, 0xB1
+    };
+    static const byte sig_44[] = {
+        0x63, 0xA8, 0x23, 0x20, 0xD4, 0xCE, 0x09, 0xC4,
+        0x7A, 0xD1, 0x27, 0xC5, 0xBB, 0x7F, 0x6C, 0x2D,
+        0xFF, 0x15, 0x29, 0xCD, 0xAF, 0x9F, 0x74, 0x56,
+        0xFF, 0xC2, 0xC6, 0xED, 0x90, 0x51, 0x17, 0xDC,
+        0xAD, 0x8C, 0x08, 0x7A, 0xC0, 0xD8, 0x9E, 0x0C,
+        0xE9, 0x61, 0xC0, 0x94, 0xFA, 0x9C, 0x2E, 0xDE,
+        0x27, 0x9C, 0x65, 0xE6, 0x99, 0xD1, 0xD1, 0x7E,
+        0xA6, 0x95, 0x98, 0x8F, 0xA1, 0xC4, 0x98, 0x3F,
+        0x7E, 0x1F, 0x18, 0x86, 0x2A, 0xFE, 0xB2, 0xEC,
+        0x9D, 0x0F, 0x5B, 0x0C, 0x11, 0xB2, 0xAA, 0x0B,
+        0xDE, 0x95, 0x7C, 0x40, 0xA1, 0x5B, 0xFF, 0x97,
+        0xD7, 0xCB, 0xCF, 0x4E, 0x59, 0xDA, 0xE9, 0xD5,
+        0xA3, 0xC9, 0xF8, 0x7D, 0xDD, 0xA5, 0xB9, 0x06,
+        0x9D, 0x82, 0xCC, 0x18, 0x10, 0x20, 0x80, 0x92,
+        0xBC, 0xBA, 0x1C, 0x43, 0x73, 0xF2, 0xA8, 0x3E,
+        0x19, 0x15, 0x80, 0x9E, 0x81, 0xD8, 0xD2, 0x06,
+        0xEA, 0x78, 0x10, 0x3F, 0x68, 0x66, 0x3D, 0xBE,
+        0xB1, 0x79, 0xB0, 0x28, 0x83, 0xCD, 0xD3, 0x33,
+        0xEE, 0xFE, 0x6D, 0x02, 0x39, 0x17, 0xC6, 0xF2,
+        0xA4, 0x6E, 0x5A, 0x5C, 0x45, 0x14, 0xF5, 0x7D,
+        0xCA, 0x7B, 0x62, 0x4A, 0xF4, 0xE7, 0x71, 0x7B,
+        0xD7, 0x1B, 0x51, 0x26, 0xE6, 0xDE, 0x2D, 0xC9,
+        0x65, 0x24, 0x30, 0x2C, 0x08, 0x04, 0xD7, 0xBE,
+        0x3A, 0xDA, 0x64, 0xAF, 0x11, 0x6F, 0xC6, 0xE7,
+        0x38, 0xEF, 0xA6, 0xE6, 0x5E, 0x87, 0x90, 0xB4,
+        0x0E, 0xB1, 0xB4, 0x83, 0x64, 0xD2, 0x15, 0xEF,
+        0xD6, 0x1F, 0x7A, 0x44, 0x75, 0x3A, 0x95, 0x50,
+        0x6E, 0x52, 0xC9, 0x9C, 0xE9, 0xB4, 0x56, 0xDC,
+        0x93, 0x85, 0x92, 0xF1, 0x35, 0xEC, 0x50, 0x1B,
+        0x3B, 0xCF, 0x82, 0xDA, 0x69, 0xA1, 0xDD, 0x44,
+        0xE8, 0xB3, 0xC1, 0xCB, 0x8D, 0xD5, 0x13, 0xD0,
+        0xF3, 0x14, 0x2C, 0x80, 0x82, 0x2C, 0x31, 0xBF,
+        0x75, 0x20, 0x14, 0x39, 0x9F, 0x81, 0x79, 0x76,
+        0x0F, 0xB6, 0x7D, 0xB6, 0x58, 0x1C, 0xF3, 0xE6,
+        0x93, 0x5A, 0x9B, 0xE1, 0x8B, 0x92, 0xC2, 0xDB,
+        0xF1, 0x89, 0xAA, 0x46, 0x67, 0xFA, 0x80, 0x45,
+        0x72, 0xAA, 0xB4, 0xE2, 0x5E, 0xE9, 0xD1, 0xA7,
+        0xA0, 0xD7, 0x05, 0x5C, 0xC6, 0xC7, 0x6D, 0x1D,
+        0x66, 0x3D, 0x35, 0x0C, 0xB7, 0x1A, 0xFA, 0xB1,
+        0xDB, 0xD0, 0xCB, 0x3A, 0x8B, 0xB7, 0x1B, 0x03,
+        0x60, 0xA0, 0xA4, 0xDA, 0xD0, 0xE2, 0x3A, 0x1E,
+        0xB5, 0xE4, 0x59, 0x68, 0x6A, 0x02, 0x94, 0x66,
+        0x05, 0x60, 0x08, 0x64, 0xB4, 0xEE, 0x0F, 0x3A,
+        0xCE, 0xFD, 0x40, 0x7B, 0x6F, 0xF5, 0x8D, 0x1E,
+        0xFF, 0x0C, 0x75, 0xAF, 0xC1, 0x41, 0xC6, 0x24,
+        0x1D, 0xF3, 0x76, 0x02, 0x48, 0x6B, 0xBA, 0x58,
+        0xBC, 0xBB, 0xFE, 0xD3, 0x51, 0xC2, 0x68, 0x21,
+        0x4B, 0x20, 0x4E, 0xAF, 0x8A, 0x0C, 0x74, 0x7F,
+        0x5F, 0xB7, 0xAA, 0x43, 0xFC, 0x5A, 0x77, 0xA1,
+        0x81, 0xCD, 0xBA, 0xE1, 0x31, 0x87, 0x1F, 0xA8,
+        0x1F, 0x76, 0x30, 0x6C, 0xE0, 0x84, 0xCD, 0x14,
+        0x4A, 0xDB, 0x67, 0xFD, 0x65, 0x8C, 0x35, 0xC0,
+        0x91, 0x6C, 0x2B, 0xCF, 0x5B, 0x89, 0x29, 0x58,
+        0x42, 0x9B, 0x65, 0xDB, 0x34, 0x7D, 0xD8, 0x31,
+        0xC9, 0xB8, 0x0D, 0x07, 0xD1, 0x94, 0x60, 0x63,
+        0x65, 0xDC, 0xB3, 0x70, 0x48, 0x46, 0x37, 0x18,
+        0x4D, 0x5D, 0xE0, 0xAC, 0x77, 0xD0, 0x9E, 0xE1,
+        0xD9, 0xB2, 0x2D, 0x09, 0xD6, 0xF8, 0x94, 0x96,
+        0x7B, 0x43, 0xD9, 0x76, 0x36, 0xE6, 0x24, 0xA4,
+        0x4A, 0xFF, 0x12, 0xFE, 0x30, 0x95, 0xD7, 0xCB,
+        0xA9, 0xA0, 0x3A, 0xCA, 0xFC, 0x52, 0x57, 0xB8,
+        0x20, 0x80, 0xF2, 0xD8, 0xAE, 0x3E, 0x18, 0xFC,
+        0x0D, 0xE0, 0x9D, 0x01, 0x7B, 0x03, 0xAD, 0x6B,
+        0xEE, 0xA4, 0xEC, 0x38, 0x40, 0xAC, 0x85, 0x42,
+        0xF8, 0xCF, 0x93, 0x10, 0x8F, 0x8C, 0xFE, 0xF8,
+        0x22, 0x64, 0xFC, 0xDD, 0x2C, 0xDD, 0x86, 0x97,
+        0x5B, 0x3F, 0x8F, 0xDF, 0x1F, 0x58, 0x22, 0x08,
+        0x26, 0x8A, 0x76, 0xE6, 0xC9, 0xFE, 0xDF, 0x42,
+        0x90, 0x8D, 0x52, 0x78, 0xA2, 0xBF, 0xBD, 0x3F,
+        0xD5, 0xD5, 0xDB, 0xAF, 0xDD, 0x5E, 0x2C, 0x2B,
+        0x9F, 0x2E, 0xDC, 0xC1, 0xC4, 0x52, 0x96, 0x38,
+        0x49, 0xCB, 0x34, 0xEC, 0x51, 0x00, 0x8D, 0x1B,
+        0xF6, 0xDA, 0x50, 0xA0, 0xD1, 0x9D, 0x82, 0x34,
+        0x5B, 0x78, 0x8C, 0x05, 0x40, 0xE1, 0x7B, 0x25,
+        0xFF, 0xDC, 0xE8, 0xD4, 0x45, 0x3B, 0xBE, 0x75,
+        0x1E, 0xDA, 0x96, 0xA4, 0x4C, 0x75, 0xFD, 0xD9,
+        0x00, 0x81, 0x85, 0x7D, 0xC0, 0xF8, 0x26, 0x2A,
+        0x30, 0x7B, 0x34, 0xCB, 0xEC, 0xD1, 0x56, 0x58,
+        0x69, 0xA3, 0x14, 0xD6, 0x4C, 0x09, 0xDC, 0x9D,
+        0x4A, 0x80, 0x26, 0x52, 0x2F, 0xDF, 0xE4, 0xCB,
+        0x5B, 0x8B, 0x11, 0x05, 0xDA, 0xE0, 0xDB, 0x66,
+        0xC8, 0x5B, 0xB4, 0x32, 0x1D, 0xBE, 0x76, 0x84,
+        0xEB, 0x6B, 0x6F, 0x85, 0x87, 0xD8, 0x32, 0x0C,
+        0x6D, 0xB3, 0x8D, 0xED, 0xD6, 0x18, 0x96, 0xED,
+        0x51, 0xAB, 0x0C, 0x7F, 0x42, 0x8F, 0x19, 0xD2,
+        0x55, 0xC6, 0xB0, 0xFD, 0xF5, 0x89, 0x51, 0xE5,
+        0xCD, 0xB1, 0x96, 0x9C, 0xD9, 0xA7, 0x93, 0x4E,
+        0xFD, 0xB9, 0xC8, 0x2E, 0x1E, 0x8D, 0x2A, 0x59,
+        0xC9, 0xF7, 0x9D, 0xF1, 0xAA, 0x93, 0xE5, 0x07,
+        0x1E, 0x3F, 0xAC, 0x73, 0x19, 0xFF, 0x68, 0x87,
+        0x8C, 0xF2, 0x49, 0xDC, 0xBD, 0xCD, 0x10, 0x46,
+        0x16, 0xCC, 0xC1, 0xC1, 0xFB, 0xD7, 0x85, 0x56,
+        0x9F, 0x55, 0x87, 0x10, 0x44, 0x1B, 0x31, 0xCA,
+        0xE3, 0x16, 0x7A, 0x4C, 0xD7, 0xDD, 0xD1, 0x86,
+        0x26, 0xC5, 0x43, 0x62, 0x96, 0x20, 0x32, 0xE6,
+        0xB7, 0xA2, 0x76, 0x05, 0x61, 0x96, 0xFC, 0x22,
+        0x96, 0x7E, 0x90, 0x7C, 0x32, 0x0A, 0x7A, 0xF5,
+        0x8C, 0xE3, 0xF5, 0x01, 0xC4, 0xCD, 0x31, 0x8A,
+        0x70, 0x75, 0x04, 0xF1, 0xC2, 0x59, 0xE5, 0x07,
+        0xA0, 0xD4, 0x7D, 0x25, 0x8E, 0x2F, 0x38, 0xE2,
+        0x6A, 0x53, 0x41, 0x34, 0x7A, 0x06, 0xB5, 0x8B,
+        0xB0, 0xBF, 0x21, 0xDE, 0xE6, 0x5F, 0x55, 0x6A,
+        0xD4, 0x88, 0xA7, 0x36, 0xD4, 0xC6, 0x5C, 0x82,
+        0xC6, 0x73, 0xC0, 0x60, 0xD7, 0xA6, 0xA0, 0x77,
+        0x5C, 0xF8, 0xC3, 0x9A, 0xA1, 0x31, 0xFD, 0x64,
+        0xDB, 0xB1, 0x7B, 0x72, 0x70, 0x4B, 0x7D, 0x1D,
+        0x24, 0xBC, 0x5F, 0x84, 0x08, 0x3B, 0xF8, 0xA6,
+        0x47, 0xEB, 0xED, 0xCF, 0xDD, 0xA0, 0x91, 0x14,
+        0x26, 0x7D, 0x77, 0xCF, 0xBF, 0x39, 0x9B, 0xD9,
+        0x2F, 0x3B, 0x2A, 0xA7, 0x2B, 0xBC, 0xF7, 0xDE,
+        0x9D, 0x69, 0xBF, 0x90, 0xA4, 0xDE, 0x2C, 0xF8,
+        0x24, 0x92, 0x7D, 0xE2, 0xB8, 0xBD, 0xF4, 0x6B,
+        0x10, 0x9E, 0xD6, 0x08, 0x51, 0xC5, 0x9C, 0x44,
+        0x8E, 0xCB, 0x44, 0x3F, 0x00, 0x26, 0x3C, 0x9C,
+        0x25, 0xF4, 0x62, 0x74, 0xD1, 0x7C, 0x29, 0x4C,
+        0xEB, 0xF2, 0x53, 0x7D, 0x8F, 0xEA, 0xBD, 0x78,
+        0xEE, 0xBC, 0xBA, 0x72, 0x64, 0xA5, 0xB9, 0x45,
+        0x08, 0xE0, 0xBF, 0x62, 0xEF, 0xC2, 0x1E, 0x06,
+        0xE1, 0xE2, 0xFB, 0x14, 0x44, 0xC5, 0xAB, 0x6F,
+        0x84, 0x7F, 0x52, 0x2F, 0x8A, 0xBE, 0xED, 0x04,
+        0x6D, 0x6D, 0xDC, 0xFF, 0xBC, 0xB8, 0xC8, 0x1F,
+        0xD0, 0x5D, 0x4D, 0x7F, 0x2E, 0x1B, 0xC9, 0x9B,
+        0xEA, 0xF8, 0xC1, 0xAF, 0xE3, 0xE0, 0x5B, 0x36,
+        0x90, 0xFE, 0xE4, 0xAA, 0x37, 0x5A, 0x3D, 0xCB,
+        0x77, 0x57, 0x7C, 0xCC, 0x6E, 0x3E, 0xBE, 0x8A,
+        0x98, 0x7C, 0x6D, 0x7E, 0x89, 0x60, 0x73, 0xC0,
+        0xCC, 0x0C, 0x48, 0x25, 0x46, 0xB5, 0x39, 0xB4,
+        0xFD, 0xF0, 0x4E, 0xED, 0x8E, 0x87, 0xF8, 0x5B,
+        0x00, 0xBE, 0x43, 0xA6, 0x0B, 0x21, 0x7E, 0x96,
+        0x88, 0x3B, 0x91, 0xD7, 0x88, 0x1A, 0xA0, 0xDD,
+        0x3E, 0xBF, 0x5B, 0x0D, 0x08, 0xD0, 0x85, 0x4E,
+        0xD4, 0x27, 0x8F, 0xC9, 0x02, 0xE0, 0x60, 0xEA,
+        0x16, 0xFB, 0xC2, 0x54, 0xA5, 0x08, 0xC8, 0x6F,
+        0x7A, 0xE7, 0x54, 0x93, 0xB8, 0xDD, 0xA0, 0x86,
+        0xE9, 0xC1, 0xB2, 0x17, 0xF5, 0xC9, 0x11, 0x97,
+        0x83, 0x66, 0x88, 0xCD, 0x2D, 0x0B, 0xB8, 0xE5,
+        0x52, 0xD1, 0x13, 0x7A, 0xA7, 0xEB, 0xD5, 0xD5,
+        0x60, 0x53, 0x8E, 0x9B, 0xB6, 0xB4, 0x1D, 0x06,
+        0x90, 0xB0, 0x6C, 0x66, 0xD1, 0x57, 0x5B, 0x86,
+        0x1C, 0x8A, 0x7D, 0x3A, 0x88, 0x4C, 0xC9, 0x88,
+        0x1A, 0xC3, 0x00, 0x1F, 0x30, 0x0D, 0xF3, 0x47,
+        0x62, 0x79, 0x85, 0x89, 0xF9, 0xEE, 0x5C, 0x92,
+        0x43, 0x61, 0x53, 0xD8, 0xC7, 0x32, 0x55, 0x9B,
+        0x33, 0x3D, 0x69, 0x8F, 0x3E, 0xC5, 0x82, 0x0E,
+        0x8A, 0xA5, 0xF2, 0xE5, 0xA7, 0x69, 0xC2, 0xB4,
+        0x7A, 0xFA, 0x27, 0x5F, 0xE4, 0x74, 0xAF, 0x81,
+        0x37, 0xC7, 0x01, 0x9A, 0xF2, 0xE6, 0x0C, 0xA7,
+        0x5E, 0xDB, 0xE4, 0x8F, 0x81, 0xA6, 0x51, 0xCE,
+        0x6B, 0xAB, 0xD3, 0x37, 0x4C, 0x07, 0x72, 0xA8,
+        0xAC, 0x36, 0x77, 0xB1, 0x0F, 0x54, 0x77, 0x17,
+        0xC9, 0x67, 0x50, 0xDA, 0x44, 0x8B, 0xD9, 0xC7,
+        0x93, 0x8C, 0x66, 0xCD, 0x6F, 0xB7, 0x5D, 0x73,
+        0x2D, 0xAC, 0x83, 0x1A, 0xDC, 0xE9, 0x17, 0x6D,
+        0x94, 0x85, 0x6E, 0x1B, 0xF6, 0x08, 0x38, 0xD0,
+        0x9E, 0x63, 0x23, 0xA2, 0x7B, 0x16, 0x09, 0xF9,
+        0xC1, 0x21, 0xF4, 0x98, 0xD2, 0xBB, 0x68, 0x58,
+        0x18, 0xA0, 0x0D, 0xE7, 0xBA, 0x6B, 0x28, 0x47,
+        0xC5, 0x16, 0x14, 0x9F, 0x35, 0x6E, 0xCE, 0xF0,
+        0x4F, 0x34, 0xEA, 0x48, 0x35, 0x46, 0xFE, 0xEB,
+        0x12, 0xEA, 0x40, 0x77, 0x62, 0x04, 0x30, 0xC3,
+        0x9D, 0xBF, 0x47, 0xC0, 0x5E, 0xED, 0x5E, 0xD5,
+        0x87, 0xFF, 0xF5, 0x92, 0x21, 0x7C, 0xA9, 0x5A,
+        0x2C, 0x3D, 0x1E, 0x6F, 0x6F, 0xF9, 0xFF, 0x20,
+        0x9F, 0x8B, 0x30, 0xA9, 0x9D, 0x56, 0xA3, 0x97,
+        0x7A, 0x33, 0x17, 0x49, 0x0B, 0x2B, 0x00, 0x1F,
+        0x43, 0xCD, 0x8D, 0xDD, 0x1D, 0x8F, 0xC1, 0x6A,
+        0x3F, 0xA9, 0xB4, 0x31, 0x54, 0x62, 0x84, 0x5B,
+        0x99, 0x5D, 0x2A, 0xB7, 0x6E, 0xA5, 0x39, 0xC7,
+        0xF0, 0x4C, 0x31, 0x6C, 0x71, 0xD6, 0x00, 0xE1,
+        0xAC, 0x4F, 0xD5, 0xC8, 0xC6, 0x34, 0x3B, 0xC8,
+        0x05, 0x5F, 0x17, 0x00, 0xB4, 0x0E, 0xA2, 0xF1,
+        0xAB, 0xE9, 0x4B, 0xE0, 0x06, 0x01, 0x3A, 0xA2,
+        0x61, 0xF0, 0x72, 0x0A, 0xB7, 0x99, 0xD0, 0xFC,
+        0x6D, 0xB5, 0xE9, 0xA4, 0xC3, 0xC5, 0xA7, 0xF8,
+        0x2D, 0x70, 0xD2, 0x8E, 0x41, 0x0D, 0xD1, 0x64,
+        0xE3, 0xE4, 0x61, 0xA4, 0x6E, 0x81, 0xFB, 0xDC,
+        0xB8, 0x10, 0x84, 0x8B, 0xCE, 0xE0, 0x6F, 0x88,
+        0x33, 0x25, 0x64, 0x6E, 0x1E, 0x2A, 0x69, 0x3F,
+        0xA5, 0xDA, 0x7C, 0x25, 0xEB, 0x21, 0xC4, 0xEA,
+        0xB8, 0x7D, 0xC7, 0x87, 0xA2, 0x67, 0x7C, 0xEB,
+        0x6A, 0x26, 0xE1, 0x06, 0xFE, 0x78, 0xE1, 0x18,
+        0xFF, 0x54, 0x71, 0x3E, 0x00, 0x59, 0x7B, 0xFA,
+        0x52, 0x8C, 0x2A, 0xED, 0x06, 0x9A, 0x12, 0x6D,
+        0xE3, 0x74, 0x6F, 0x06, 0x65, 0xE1, 0x75, 0x80,
+        0x63, 0x0F, 0x70, 0x2F, 0xAB, 0xC0, 0xF1, 0xCD,
+        0x7F, 0x57, 0xAA, 0x71, 0xF6, 0x38, 0xD8, 0xAF,
+        0x37, 0xD3, 0xD9, 0xE0, 0xA7, 0xE9, 0x05, 0x5D,
+        0xA3, 0xDF, 0x86, 0x48, 0x3F, 0x25, 0xDE, 0xBA,
+        0x18, 0xCE, 0xF6, 0x99, 0xEB, 0x87, 0x70, 0xC7,
+        0x85, 0x84, 0x79, 0x8A, 0xD8, 0x02, 0x8B, 0xAD,
+        0xC5, 0x9D, 0x2A, 0xF9, 0xAE, 0xAE, 0x37, 0xEC,
+        0x93, 0x91, 0x16, 0x10, 0x5F, 0x9F, 0x64, 0xEF,
+        0x82, 0x78, 0xC6, 0x4D, 0xED, 0x3F, 0xD4, 0x33,
+        0xA7, 0xB8, 0x82, 0x09, 0x16, 0xBE, 0xDC, 0x6B,
+        0x7A, 0x75, 0x69, 0x8A, 0xDE, 0xD3, 0xFD, 0xE8,
+        0x86, 0x75, 0x42, 0x83, 0x03, 0x57, 0x30, 0x70,
+        0xA5, 0xA3, 0x85, 0x1F, 0x9F, 0x21, 0xEA, 0xC7,
+        0x80, 0xFA, 0x8A, 0xA4, 0x02, 0x3E, 0x39, 0x11,
+        0x48, 0x7D, 0x85, 0x2A, 0x53, 0x77, 0x43, 0x5A,
+        0x5F, 0xFF, 0x9C, 0x60, 0x4B, 0x5D, 0x95, 0xB0,
+        0x96, 0x8A, 0xE0, 0xEC, 0xF4, 0x43, 0x1B, 0x10,
+        0x3F, 0xA6, 0xBA, 0x71, 0xC4, 0xDC, 0x81, 0x73,
+        0xA2, 0xDE, 0x1F, 0x79, 0xDD, 0xB6, 0x0D, 0x2D,
+        0x0C, 0x8E, 0x56, 0x55, 0xD0, 0x94, 0x44, 0x29,
+        0x16, 0x92, 0x99, 0x2D, 0x99, 0xFC, 0x48, 0xF2,
+        0x16, 0x0E, 0xC0, 0xAC, 0xE4, 0xC4, 0x92, 0x07,
+        0xBB, 0xB7, 0x6D, 0x7F, 0x2A, 0x85, 0xE1, 0x81,
+        0x02, 0xB9, 0x5A, 0x51, 0x45, 0x88, 0xF5, 0x9F,
+        0x16, 0x2D, 0x33, 0xCE, 0xD6, 0x18, 0x07, 0x03,
+        0xED, 0xC3, 0x6C, 0x8B, 0x33, 0x94, 0x88, 0x81,
+        0x0D, 0x2E, 0xAE, 0x96, 0x25, 0xCE, 0xE3, 0x83,
+        0x27, 0x1C, 0x71, 0x72, 0xEE, 0xD6, 0xB5, 0x48,
+        0x69, 0x60, 0xE8, 0x99, 0x18, 0x74, 0xB0, 0x13,
+        0x53, 0x59, 0x3D, 0x70, 0x70, 0xBD, 0xEB, 0x7A,
+        0x9F, 0x92, 0x29, 0xAB, 0x77, 0x0E, 0xEB, 0x46,
+        0x37, 0x8D, 0x57, 0xD9, 0x56, 0xDF, 0x7A, 0x86,
+        0x40, 0x04, 0x02, 0x98, 0xF7, 0x00, 0xF4, 0x41,
+        0x5B, 0xDD, 0x3A, 0x96, 0x15, 0xA4, 0x65, 0xDB,
+        0x01, 0x28, 0x22, 0x12, 0xCF, 0x1A, 0xEC, 0x4B,
+        0x0B, 0x8C, 0xB3, 0xB1, 0x7E, 0x5E, 0xFA, 0x28,
+        0x6C, 0x6C, 0x04, 0x5B, 0x43, 0x9C, 0x74, 0x9F,
+        0xE1, 0xD4, 0x50, 0x75, 0xD8, 0xE7, 0xA0, 0x0F,
+        0xBE, 0x84, 0x48, 0xFC, 0xAC, 0xAA, 0x15, 0x3D,
+        0x69, 0x70, 0x9D, 0x9F, 0xF2, 0xB9, 0x7C, 0xDB,
+        0x26, 0xC0, 0xC3, 0x79, 0x28, 0x7C, 0xE6, 0x48,
+        0x61, 0xAD, 0xD7, 0x89, 0xD0, 0xC8, 0x93, 0x9A,
+        0x14, 0x21, 0xB0, 0x85, 0xD6, 0x23, 0x4C, 0xE1,
+        0xA7, 0x49, 0xDE, 0x3D, 0xCB, 0xE8, 0xE0, 0x61,
+        0x5C, 0xB3, 0xBC, 0xDC, 0x6A, 0x81, 0xA5, 0xC4,
+        0x9D, 0x92, 0x85, 0x74, 0x5F, 0x1C, 0xA8, 0xA0,
+        0x64, 0x1E, 0x32, 0x68, 0x83, 0x41, 0x93, 0x34,
+        0x82, 0x18, 0x3E, 0x24, 0x5C, 0x1F, 0x9C, 0xD2,
+        0x80, 0x28, 0xC3, 0x8A, 0x23, 0x18, 0x1A, 0x44,
+        0x5A, 0xA6, 0xEA, 0xCC, 0xE2, 0x06, 0x06, 0xE6,
+        0xF7, 0xF1, 0xDF, 0x70, 0x68, 0x83, 0xCD, 0xA5,
+        0x2F, 0x3F, 0x2B, 0x68, 0xDE, 0x26, 0xDD, 0x37,
+        0x71, 0xE9, 0x50, 0x03, 0x2C, 0xC7, 0x20, 0x0C,
+        0x20, 0x23, 0xC8, 0x24, 0x96, 0x50, 0x82, 0x82,
+        0xCD, 0x3B, 0xC4, 0x7F, 0xEC, 0xE5, 0xD9, 0x7C,
+        0xA1, 0xCE, 0x35, 0x74, 0x4D, 0x03, 0xD7, 0xA4,
+        0x28, 0xB7, 0xAF, 0x12, 0xB0, 0xCB, 0x8E, 0x65,
+        0x7C, 0x01, 0x30, 0xF8, 0xA3, 0xA2, 0x54, 0x97,
+        0x6E, 0xC8, 0xF7, 0xDC, 0xCF, 0x3A, 0xBF, 0x31,
+        0xF4, 0xB0, 0xB3, 0xF7, 0x12, 0x6F, 0xFC, 0x48,
+        0x77, 0xF3, 0xD1, 0xA0, 0x66, 0xD2, 0x6A, 0x23,
+        0x2F, 0xA9, 0x99, 0x21, 0x61, 0x22, 0x54, 0x11,
+        0xED, 0x7D, 0xDB, 0x93, 0xC3, 0x5C, 0x6A, 0x37,
+        0x7F, 0x30, 0xCF, 0x22, 0xAA, 0x39, 0x2D, 0x5C,
+        0x4F, 0xEE, 0x4F, 0x73, 0xC9, 0xEF, 0x6E, 0xD3,
+        0xA0, 0x27, 0x97, 0x14, 0x52, 0x3B, 0x19, 0x18,
+        0x65, 0x1E, 0x9B, 0x0F, 0xFA, 0x55, 0x0F, 0x16,
+        0x10, 0x53, 0xEE, 0x78, 0x01, 0x39, 0x7B, 0x4C,
+        0x18, 0x49, 0x98, 0x7C, 0x17, 0x9E, 0x76, 0x3E,
+        0xCC, 0x60, 0xA4, 0xE4, 0xC5, 0x36, 0xB7, 0xE2,
+        0x66, 0x3E, 0x4C, 0x72, 0x67, 0x14, 0xB0, 0x2E,
+        0xC3, 0x16, 0x9E, 0x84, 0x07, 0xBA, 0x59, 0x2B,
+        0x0E, 0xB8, 0x46, 0xF3, 0x69, 0x2D, 0xD4, 0x46,
+        0x51, 0xEE, 0x08, 0x47, 0x21, 0xCA, 0xC0, 0xFE,
+        0x1C, 0xCC, 0x30, 0x27, 0x07, 0xEF, 0xE2, 0x46,
+        0x64, 0xE0, 0x5B, 0xDC, 0x69, 0xC8, 0x39, 0x04,
+        0xAC, 0xB8, 0xCF, 0x97, 0x12, 0x1C, 0x7E, 0x5C,
+        0x6D, 0xB2, 0x7E, 0xA2, 0x8E, 0x77, 0xBC, 0xDA,
+        0x55, 0xD2, 0xBC, 0xC1, 0xC5, 0xFC, 0xC5, 0x52,
+        0xAB, 0x83, 0xBC, 0xE4, 0x23, 0x8C, 0xA1, 0x80,
+        0x62, 0xC2, 0xD2, 0x3A, 0x8B, 0x80, 0x0C, 0x82,
+        0x09, 0xC3, 0xA4, 0xCD, 0xDA, 0xF1, 0x16, 0x16,
+        0x57, 0x8A, 0x84, 0x55, 0x66, 0xFC, 0x28, 0x9A,
+        0x8E, 0x3C, 0x88, 0xF5, 0x54, 0xC4, 0x92, 0x60,
+        0x71, 0xDA, 0x89, 0x32, 0x6B, 0xEB, 0x25, 0x9A,
+        0x0E, 0x1F, 0x6D, 0x84, 0x4E, 0xBF, 0x7B, 0x28,
+        0x1F, 0x9F, 0xC3, 0x74, 0x3A, 0x65, 0x49, 0x9E,
+        0x73, 0x94, 0x63, 0x48, 0x18, 0xE1, 0x33, 0xFA,
+        0xC6, 0x64, 0xFA, 0x0C, 0x88, 0xF1, 0x01, 0xCE,
+        0xC3, 0xFE, 0xD8, 0x79, 0x29, 0x50, 0xBF, 0x6E,
+        0x49, 0x74, 0x84, 0x9E, 0x1E, 0xBD, 0x27, 0x69,
+        0x1B, 0xF5, 0x51, 0x9B, 0x70, 0x2E, 0x1A, 0xA4,
+        0xB3, 0xDB, 0xAD, 0xAB, 0x5D, 0xFA, 0x34, 0xFB,
+        0x0E, 0xD9, 0xD4, 0xA9, 0xDF, 0x4B, 0x6B, 0x63,
+        0xCA, 0x71, 0x65, 0xE2, 0xA9, 0x08, 0x27, 0x40,
+        0x8C, 0x48, 0x2D, 0x9D, 0xBC, 0x97, 0x24, 0x68,
+        0x58, 0x4F, 0x42, 0x37, 0x60, 0x04, 0xE7, 0x8B,
+        0xE0, 0x67, 0x00, 0x9E, 0x43, 0x30, 0x4B, 0xED,
+        0xC1, 0x07, 0xA4, 0xE2, 0xA8, 0x9C, 0xAF, 0x18,
+        0x5C, 0x9B, 0xB7, 0xE9, 0xFD, 0x2C, 0xB9, 0x2A,
+        0xEF, 0x36, 0x3B, 0xD7, 0x96, 0xF3, 0x60, 0x4E,
+        0xDC, 0x08, 0xA7, 0xC5, 0x45, 0xB8, 0x37, 0x02,
+        0xD3, 0xCF, 0x80, 0x88, 0x52, 0x10, 0x3E, 0x01,
+        0x3B, 0xFE, 0xA1, 0x61, 0xAF, 0x25, 0x0B, 0xCC,
+        0x72, 0x77, 0x1D, 0x0C, 0x48, 0x4D, 0xD5, 0x55,
+        0x41, 0x72, 0x3A, 0x21, 0x0D, 0x68, 0x3B, 0x99,
+        0x8C, 0xDB, 0xAF, 0x3D, 0x9A, 0x5E, 0x71, 0x78,
+        0x6F, 0x1C, 0xF4, 0x7B, 0x86, 0x22, 0x51, 0xB5,
+        0x16, 0x33, 0x60, 0x87, 0x9A, 0xC0, 0x20, 0x2D,
+        0x33, 0x49, 0x51, 0x54, 0x5C, 0x5F, 0x71, 0x76,
+        0x7C, 0x8F, 0x96, 0xA9, 0xD6, 0xE4, 0xF2, 0x1F,
+        0x28, 0x43, 0x4D, 0x7E, 0x96, 0xBB, 0xC5, 0xE3,
+        0xEF, 0xF3, 0xFD, 0x02, 0x0C, 0x17, 0x23, 0x3E,
+        0x7F, 0x99, 0xB0, 0xE3, 0xE8, 0xF5, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x06, 0x17, 0x23, 0x2E
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte sk_65[] = {
+        0xF2, 0x6B, 0xFE, 0x12, 0x68, 0x86, 0xF4, 0x82,
+        0x22, 0x94, 0x4D, 0x02, 0x18, 0xFA, 0xC1, 0x7C,
+        0xD8, 0xA9, 0xCC, 0x6D, 0x67, 0xA0, 0x23, 0xFD,
+        0xC0, 0x7A, 0xFF, 0xC2, 0xD0, 0x25, 0xF7, 0x70,
+        0x63, 0x85, 0x0D, 0x88, 0x0E, 0x98, 0xFE, 0xE5,
+        0x02, 0xE0, 0x17, 0x32, 0x70, 0x00, 0xCC, 0xAF,
+        0x61, 0x45, 0x73, 0xB3, 0x5A, 0xDE, 0xFE, 0xBC,
+        0xAC, 0xEE, 0xA4, 0xB2, 0xC4, 0xD0, 0x45, 0xE5,
+        0xBB, 0xFD, 0x3E, 0x5A, 0x72, 0xE3, 0x71, 0xAD,
+        0x83, 0xB9, 0x94, 0x98, 0x77, 0xD8, 0xE6, 0x56,
+        0xD4, 0x6B, 0x47, 0x75, 0x0F, 0x73, 0x0F, 0x96,
+        0xDB, 0x43, 0x0B, 0x18, 0x60, 0x88, 0x67, 0x5D,
+        0x9A, 0x9B, 0xD7, 0x8E, 0x47, 0xB8, 0x9D, 0x04,
+        0xA8, 0x51, 0x7E, 0xD2, 0x22, 0x06, 0x95, 0x33,
+        0x9F, 0x99, 0xA9, 0x7F, 0x35, 0x3C, 0xE4, 0x20,
+        0x47, 0x77, 0x20, 0x9F, 0x5F, 0x3C, 0x9E, 0x9A,
+        0x36, 0x14, 0x54, 0x01, 0x57, 0x48, 0x60, 0x50,
+        0x75, 0x28, 0x64, 0x61, 0x72, 0x60, 0x54, 0x20,
+        0x75, 0x48, 0x60, 0x32, 0x73, 0x85, 0x34, 0x24,
+        0x68, 0x63, 0x71, 0x73, 0x81, 0x26, 0x71, 0x68,
+        0x32, 0x61, 0x24, 0x71, 0x14, 0x18, 0x26, 0x15,
+        0x05, 0x77, 0x36, 0x27, 0x50, 0x35, 0x21, 0x82,
+        0x50, 0x15, 0x31, 0x47, 0x48, 0x24, 0x43, 0x76,
+        0x18, 0x85, 0x66, 0x18, 0x05, 0x64, 0x27, 0x01,
+        0x06, 0x06, 0x01, 0x45, 0x42, 0x60, 0x80, 0x68,
+        0x25, 0x08, 0x08, 0x36, 0x13, 0x05, 0x04, 0x32,
+        0x34, 0x87, 0x00, 0x70, 0x71, 0x70, 0x02, 0x51,
+        0x37, 0x15, 0x08, 0x28, 0x25, 0x72, 0x61, 0x67,
+        0x08, 0x52, 0x63, 0x44, 0x07, 0x88, 0x60, 0x42,
+        0x03, 0x17, 0x24, 0x64, 0x80, 0x08, 0x70, 0x23,
+        0x56, 0x41, 0x46, 0x17, 0x46, 0x01, 0x57, 0x74,
+        0x02, 0x76, 0x31, 0x64, 0x73, 0x83, 0x50, 0x62,
+        0x72, 0x61, 0x62, 0x75, 0x45, 0x73, 0x46, 0x33,
+        0x65, 0x14, 0x36, 0x46, 0x12, 0x26, 0x04, 0x34,
+        0x02, 0x81, 0x20, 0x34, 0x41, 0x88, 0x26, 0x77,
+        0x33, 0x40, 0x18, 0x58, 0x03, 0x41, 0x16, 0x58,
+        0x88, 0x04, 0x88, 0x32, 0x71, 0x05, 0x85, 0x83,
+        0x42, 0x55, 0x34, 0x20, 0x18, 0x46, 0x12, 0x54,
+        0x28, 0x03, 0x67, 0x10, 0x84, 0x31, 0x76, 0x00,
+        0x40, 0x85, 0x46, 0x71, 0x71, 0x56, 0x00, 0x50,
+        0x15, 0x33, 0x43, 0x13, 0x37, 0x57, 0x13, 0x86,
+        0x43, 0x77, 0x85, 0x57, 0x54, 0x81, 0x75, 0x60,
+        0x37, 0x31, 0x28, 0x52, 0x20, 0x78, 0x65, 0x53,
+        0x76, 0x10, 0x84, 0x87, 0x57, 0x13, 0x66, 0x03,
+        0x56, 0x81, 0x36, 0x66, 0x68, 0x41, 0x55, 0x64,
+        0x63, 0x70, 0x26, 0x21, 0x02, 0x30, 0x28, 0x35,
+        0x02, 0x45, 0x88, 0x80, 0x02, 0x06, 0x44, 0x58,
+        0x24, 0x13, 0x88, 0x83, 0x22, 0x34, 0x22, 0x50,
+        0x47, 0x11, 0x01, 0x86, 0x45, 0x60, 0x67, 0x36,
+        0x82, 0x22, 0x18, 0x74, 0x11, 0x60, 0x58, 0x60,
+        0x87, 0x26, 0x31, 0x85, 0x12, 0x70, 0x84, 0x83,
+        0x88, 0x68, 0x88, 0x51, 0x00, 0x55, 0x02, 0x57,
+        0x77, 0x42, 0x13, 0x23, 0x14, 0x04, 0x76, 0x80,
+        0x72, 0x25, 0x51, 0x56, 0x10, 0x63, 0x12, 0x21,
+        0x03, 0x86, 0x27, 0x30, 0x28, 0x12, 0x01, 0x37,
+        0x48, 0x32, 0x53, 0x86, 0x15, 0x46, 0x50, 0x05,
+        0x34, 0x87, 0x61, 0x04, 0x88, 0x18, 0x35, 0x85,
+        0x44, 0x46, 0x24, 0x67, 0x43, 0x83, 0x02, 0x26,
+        0x56, 0x41, 0x41, 0x77, 0x86, 0x56, 0x41, 0x75,
+        0x25, 0x61, 0x36, 0x05, 0x47, 0x65, 0x00, 0x14,
+        0x32, 0x38, 0x16, 0x81, 0x06, 0x30, 0x61, 0x25,
+        0x16, 0x30, 0x50, 0x44, 0x13, 0x08, 0x75, 0x00,
+        0x50, 0x20, 0x68, 0x21, 0x55, 0x74, 0x61, 0x18,
+        0x62, 0x05, 0x15, 0x51, 0x08, 0x24, 0x01, 0x13,
+        0x81, 0x33, 0x64, 0x83, 0x23, 0x00, 0x55, 0x73,
+        0x62, 0x40, 0x61, 0x75, 0x15, 0x78, 0x21, 0x14,
+        0x13, 0x64, 0x21, 0x47, 0x07, 0x76, 0x80, 0x76,
+        0x76, 0x17, 0x75, 0x50, 0x61, 0x14, 0x40, 0x82,
+        0x87, 0x83, 0x50, 0x87, 0x30, 0x86, 0x35, 0x30,
+        0x28, 0x20, 0x10, 0x01, 0x48, 0x18, 0x34, 0x65,
+        0x23, 0x10, 0x25, 0x42, 0x40, 0x22, 0x54, 0x34,
+        0x35, 0x33, 0x71, 0x70, 0x20, 0x61, 0x55, 0x74,
+        0x33, 0x01, 0x02, 0x60, 0x58, 0x24, 0x80, 0x12,
+        0x46, 0x41, 0x38, 0x10, 0x76, 0x67, 0x34, 0x63,
+        0x48, 0x85, 0x06, 0x48, 0x04, 0x23, 0x22, 0x66,
+        0x57, 0x71, 0x68, 0x18, 0x04, 0x32, 0x01, 0x31,
+        0x01, 0x55, 0x22, 0x27, 0x55, 0x72, 0x10, 0x00,
+        0x43, 0x88, 0x76, 0x62, 0x84, 0x77, 0x07, 0x77,
+        0x14, 0x07, 0x20, 0x53, 0x74, 0x17, 0x51, 0x17,
+        0x66, 0x84, 0x47, 0x83, 0x61, 0x03, 0x52, 0x10,
+        0x05, 0x40, 0x46, 0x55, 0x61, 0x47, 0x26, 0x70,
+        0x40, 0x22, 0x10, 0x34, 0x41, 0x01, 0x03, 0x48,
+        0x33, 0x05, 0x72, 0x32, 0x75, 0x82, 0x45, 0x85,
+        0x20, 0x70, 0x80, 0x82, 0x20, 0x23, 0x62, 0x81,
+        0x15, 0x47, 0x80, 0x23, 0x67, 0x23, 0x73, 0x34,
+        0x44, 0x33, 0x85, 0x10, 0x05, 0x50, 0x30, 0x03,
+        0x48, 0x13, 0x01, 0x36, 0x45, 0x11, 0x06, 0x33,
+        0x82, 0x22, 0x78, 0x75, 0x42, 0x02, 0x40, 0x45,
+        0x04, 0x47, 0x43, 0x05, 0x30, 0x44, 0x42, 0x02,
+        0x28, 0x26, 0x64, 0x24, 0x74, 0x75, 0x86, 0x11,
+        0x85, 0x43, 0x25, 0x46, 0x10, 0x62, 0x82, 0x71,
+        0x08, 0x27, 0x45, 0x13, 0x73, 0x18, 0x84, 0x73,
+        0x51, 0x51, 0x67, 0x14, 0x70, 0x11, 0x07, 0x08,
+        0x62, 0x16, 0x25, 0x27, 0x36, 0x68, 0x44, 0x01,
+        0x18, 0x63, 0x74, 0x50, 0x31, 0x13, 0x43, 0x65,
+        0x80, 0x11, 0x16, 0x52, 0x86, 0x42, 0x51, 0x81,
+        0x51, 0x17, 0x05, 0x68, 0x05, 0x73, 0x60, 0x37,
+        0x63, 0x85, 0x86, 0x11, 0x23, 0x23, 0x38, 0x13,
+        0x87, 0x48, 0x82, 0x74, 0x71, 0x81, 0x87, 0x65,
+        0x58, 0x26, 0x60, 0x34, 0x76, 0x16, 0x15, 0x24,
+        0x06, 0x78, 0x16, 0x40, 0x03, 0x45, 0x72, 0x31,
+        0x63, 0x73, 0x31, 0x85, 0x02, 0x66, 0x44, 0x36,
+        0x24, 0x82, 0x56, 0x38, 0x86, 0x10, 0x40, 0x54,
+        0x72, 0x70, 0x24, 0x22, 0x72, 0x78, 0x47, 0x07,
+        0x86, 0x30, 0x48, 0x72, 0x84, 0x57, 0x06, 0x34,
+        0x78, 0x37, 0x63, 0x25, 0x56, 0x64, 0x81, 0x30,
+        0x62, 0x77, 0x22, 0x84, 0x20, 0x10, 0x74, 0x25,
+        0x04, 0x21, 0x76, 0x47, 0x72, 0x35, 0x05, 0x06,
+        0x22, 0x50, 0x34, 0x11, 0x26, 0x67, 0x03, 0x05,
+        0x42, 0x04, 0x16, 0x01, 0x27, 0x17, 0x86, 0x67,
+        0x70, 0x51, 0x53, 0x13, 0x12, 0x62, 0x03, 0x25,
+        0x05, 0x38, 0x37, 0x44, 0x02, 0x66, 0x84, 0x74,
+        0x14, 0x40, 0x35, 0x20, 0x40, 0x30, 0x44, 0x64,
+        0x27, 0x50, 0x77, 0x47, 0x06, 0x15, 0x84, 0x48,
+        0x13, 0x14, 0x32, 0x48, 0x11, 0x74, 0x80, 0x68,
+        0x85, 0x81, 0x17, 0x67, 0x38, 0x22, 0x76, 0x16,
+        0x18, 0x44, 0x55, 0x47, 0x85, 0x36, 0x44, 0x11,
+        0x52, 0x01, 0x81, 0x50, 0x41, 0x00, 0x00, 0x25,
+        0x83, 0x41, 0x62, 0x22, 0x12, 0x54, 0x88, 0x77,
+        0x70, 0x48, 0x84, 0x25, 0x77, 0x75, 0x40, 0x16,
+        0x46, 0x24, 0x88, 0x81, 0x65, 0x70, 0x02, 0x66,
+        0x28, 0x64, 0x12, 0x40, 0x30, 0x60, 0x53, 0x06,
+        0x44, 0x02, 0x48, 0x78, 0x75, 0x68, 0x21, 0x23,
+        0x30, 0x05, 0x81, 0x17, 0x72, 0x66, 0x88, 0x71,
+        0x50, 0x25, 0x03, 0x51, 0x42, 0x27, 0x20, 0x81,
+        0x03, 0x52, 0x73, 0x53, 0x63, 0x57, 0x13, 0x60,
+        0x41, 0x20, 0x47, 0x12, 0x55, 0x57, 0x58, 0x16,
+        0x38, 0x63, 0x21, 0x34, 0x51, 0x76, 0x33, 0x26,
+        0x70, 0x41, 0x18, 0x11, 0x07, 0x37, 0x16, 0x12,
+        0x01, 0x14, 0x28, 0x56, 0x78, 0x10, 0x86, 0x24,
+        0x24, 0x32, 0x01, 0x13, 0x57, 0x53, 0x46, 0x46,
+        0x24, 0x05, 0x20, 0x16, 0x56, 0x83, 0x30, 0x30,
+        0x61, 0x20, 0x75, 0x07, 0x05, 0x74, 0x14, 0x17,
+        0x43, 0x72, 0x23, 0x04, 0x18, 0x61, 0x50, 0x13,
+        0x67, 0x31, 0x75, 0x36, 0x71, 0x02, 0x38, 0x74,
+        0x21, 0x80, 0x20, 0x48, 0x66, 0x23, 0x52, 0x54,
+        0x77, 0x27, 0x45, 0x73, 0x23, 0x88, 0x60, 0x50,
+        0x88, 0x82, 0x70, 0x23, 0x72, 0x08, 0x44, 0x66,
+        0x44, 0x36, 0x12, 0x57, 0x66, 0x14, 0x25, 0x12,
+        0x17, 0x34, 0x64, 0x82, 0x01, 0x54, 0x61, 0x57,
+        0x50, 0x31, 0x65, 0x64, 0x75, 0x44, 0x76, 0x48,
+        0x16, 0x44, 0x46, 0x55, 0x80, 0x64, 0x26, 0x53,
+        0x27, 0x22, 0x10, 0x87, 0x84, 0x03, 0x15, 0x35,
+        0x15, 0x20, 0x86, 0x14, 0x04, 0x03, 0x26, 0x43,
+        0x31, 0x43, 0x31, 0x45, 0x46, 0x34, 0x36, 0x87,
+        0x44, 0x41, 0x21, 0x77, 0x61, 0x20, 0x85, 0x06,
+        0x28, 0x51, 0x15, 0x62, 0x77, 0x20, 0x38, 0x58,
+        0x78, 0x27, 0x12, 0x22, 0x46, 0x71, 0x51, 0x38,
+        0x11, 0x15, 0x40, 0x03, 0x78, 0x36, 0x15, 0x57,
+        0x34, 0x28, 0x53, 0x21, 0x37, 0x35, 0x04, 0x76,
+        0x00, 0x56, 0x72, 0x48, 0x46, 0x01, 0x56, 0x67,
+        0x62, 0x36, 0x14, 0x51, 0x23, 0x54, 0x32, 0x35,
+        0x82, 0x83, 0x21, 0x60, 0x38, 0x62, 0x21, 0x03,
+        0x62, 0x76, 0x40, 0x34, 0x66, 0x88, 0x50, 0x73,
+        0x00, 0x53, 0x87, 0x31, 0x37, 0x50, 0x11, 0x32,
+        0x86, 0x52, 0x18, 0x64, 0x16, 0x63, 0x48, 0x71,
+        0x70, 0x47, 0x24, 0x85, 0x31, 0x86, 0x60, 0x86,
+        0x33, 0x52, 0x85, 0x82, 0x68, 0x17, 0x70, 0x88,
+        0x84, 0x56, 0x52, 0x77, 0x04, 0x48, 0x22, 0x22,
+        0x54, 0x57, 0x20, 0x31, 0x76, 0x47, 0x26, 0x25,
+        0x04, 0x35, 0x38, 0x44, 0x55, 0x21, 0x14, 0x02,
+        0x13, 0x64, 0x74, 0x87, 0x68, 0x68, 0x73, 0x05,
+        0x22, 0x45, 0x54, 0x45, 0x83, 0x46, 0x64, 0x54,
+        0x80, 0x07, 0x32, 0x87, 0x52, 0x43, 0x54, 0x54,
+        0x14, 0x73, 0x24, 0x87, 0x36, 0x41, 0x74, 0x84,
+        0x06, 0x35, 0x13, 0x40, 0x61, 0x54, 0x21, 0x31,
+        0x48, 0x63, 0x05, 0x74, 0x24, 0x84, 0x74, 0x76,
+        0x11, 0x10, 0x16, 0x63, 0x77, 0x12, 0x26, 0x61,
+        0x31, 0x28, 0x70, 0x34, 0x25, 0x01, 0x30, 0x76,
+        0x76, 0x06, 0x21, 0x58, 0x42, 0x87, 0x31, 0x72,
+        0x76, 0x03, 0x76, 0x26, 0x78, 0x05, 0x88, 0x25,
+        0x25, 0x86, 0x17, 0x02, 0x85, 0x88, 0x76, 0x20,
+        0x36, 0x57, 0x30, 0x81, 0x83, 0x61, 0x05, 0x80,
+        0x21, 0x45, 0x74, 0x01, 0x12, 0x74, 0x51, 0x28,
+        0x77, 0x26, 0x30, 0x14, 0x54, 0x84, 0x13, 0x78,
+        0x06, 0x00, 0x12, 0x64, 0x00, 0x37, 0x44, 0x68,
+        0x40, 0x57, 0x05, 0x27, 0x07, 0x41, 0x56, 0x22,
+        0x31, 0x40, 0x23, 0x26, 0x55, 0x42, 0x55, 0x16,
+        0x02, 0x65, 0x32, 0x16, 0x33, 0x44, 0x46, 0x48,
+        0x04, 0x52, 0x06, 0x53, 0x44, 0x40, 0x11, 0x28,
+        0x46, 0x67, 0x56, 0x81, 0x72, 0x75, 0x51, 0x38,
+        0x21, 0x86, 0x46, 0x03, 0x22, 0x87, 0x21, 0x70,
+        0x68, 0x50, 0x75, 0x13, 0x11, 0x44, 0x35, 0x12,
+        0x60, 0x02, 0x13, 0x47, 0x18, 0x38, 0x78, 0x86,
+        0x38, 0x58, 0x45, 0x57, 0x23, 0x03, 0x88, 0x66,
+        0x56, 0x82, 0x18, 0x31, 0x20, 0x08, 0x61, 0x47,
+        0x78, 0x08, 0x68, 0x37, 0x21, 0x04, 0x65, 0x47,
+        0x58, 0x70, 0x34, 0x58, 0x73, 0x24, 0x22, 0x30,
+        0x66, 0x05, 0x01, 0x28, 0x87, 0x85, 0x77, 0x74,
+        0x23, 0x86, 0x65, 0x84, 0x85, 0x57, 0x85, 0x63,
+        0x06, 0x55, 0x61, 0x75, 0x46, 0x22, 0x87, 0x00,
+        0x18, 0x53, 0x08, 0x03, 0x07, 0x50, 0x42, 0x70,
+        0xFC, 0xB8, 0x7B, 0x22, 0x3D, 0x24, 0xAE, 0x5D,
+        0xB1, 0x89, 0x04, 0x21, 0xC3, 0xFF, 0x1D, 0x59,
+        0xB8, 0x4B, 0x19, 0xE2, 0x4D, 0x14, 0x36, 0x99,
+        0x19, 0x1C, 0x7E, 0x9A, 0x46, 0x48, 0x42, 0x20,
+        0x6B, 0xBA, 0x24, 0x7E, 0x8C, 0x6B, 0x27, 0xBA,
+        0x26, 0xE6, 0x8A, 0xD5, 0xA7, 0x1D, 0x03, 0x61,
+        0xCD, 0x5C, 0x74, 0xCE, 0x50, 0xC2, 0xCE, 0xF1,
+        0x91, 0x31, 0xEF, 0x54, 0x66, 0x23, 0x7F, 0xFE,
+        0xF7, 0xFE, 0x6B, 0x5F, 0xD1, 0x98, 0x23, 0x8E,
+        0x1C, 0xA0, 0xB1, 0x01, 0x30, 0xC6, 0x29, 0xCC,
+        0x91, 0x91, 0xF5, 0x78, 0x6F, 0x5C, 0xD6, 0x28,
+        0xA4, 0x22, 0x56, 0xCB, 0x6F, 0xC7, 0xD7, 0x09,
+        0x56, 0x88, 0xAF, 0x1B, 0xC8, 0x43, 0x51, 0xA4,
+        0x7B, 0x4B, 0x38, 0x2E, 0xF6, 0x1F, 0xD6, 0x5C,
+        0x9E, 0xC2, 0x26, 0xF4, 0x2B, 0x0A, 0x19, 0x7C,
+        0x6A, 0xD8, 0xF0, 0xB0, 0x15, 0xD0, 0xB1, 0xC7,
+        0xE0, 0x14, 0x28, 0x95, 0x6A, 0x9B, 0xB2, 0xDE,
+        0x9A, 0x97, 0xE5, 0x75, 0x66, 0xF8, 0xF5, 0x66,
+        0x86, 0xA1, 0xF4, 0x68, 0x0C, 0xEC, 0xEA, 0x87,
+        0x3B, 0x69, 0x1C, 0xF8, 0xBD, 0x63, 0xAB, 0x73,
+        0x73, 0xBA, 0xE8, 0x09, 0x5B, 0xA7, 0x76, 0x3E,
+        0x50, 0xD6, 0x83, 0x9D, 0x00, 0x35, 0xBB, 0xFB,
+        0x91, 0xBA, 0x60, 0x72, 0x17, 0x98, 0xFB, 0x2C,
+        0x80, 0x2C, 0x60, 0x3A, 0x08, 0xA1, 0x24, 0x05,
+        0xE0, 0xB5, 0x20, 0xEA, 0x41, 0x43, 0x8F, 0xEA,
+        0xEF, 0xA5, 0x62, 0xDC, 0x78, 0x92, 0xF4, 0x58,
+        0x9F, 0x8D, 0x2B, 0x96, 0x5E, 0xE5, 0x49, 0x73,
+        0xA7, 0x2C, 0x8D, 0x33, 0x5C, 0x62, 0x61, 0x98,
+        0x80, 0x64, 0x13, 0x31, 0x03, 0x10, 0xE3, 0x2E,
+        0xFE, 0x6B, 0x39, 0xB5, 0xCF, 0xB1, 0xD1, 0x33,
+        0xAD, 0xE0, 0x1B, 0xCE, 0x94, 0x21, 0x6C, 0xF4,
+        0xCD, 0x8F, 0x86, 0x43, 0x03, 0x1D, 0xB8, 0xC2,
+        0x47, 0xB5, 0x73, 0x21, 0xCA, 0x1E, 0xFB, 0xB8,
+        0x53, 0x63, 0x7D, 0x0C, 0x57, 0x52, 0x14, 0xFC,
+        0x77, 0xA5, 0xA6, 0x84, 0xD5, 0x0A, 0xBF, 0xE4,
+        0xE9, 0x71, 0x99, 0x8E, 0x06, 0x6E, 0x50, 0x24,
+        0xDA, 0x02, 0x76, 0x8A, 0xED, 0xE1, 0x3E, 0x83,
+        0xF0, 0x51, 0x54, 0xA9, 0x99, 0x29, 0x48, 0x42,
+        0x7A, 0xA9, 0x8C, 0x87, 0x42, 0x51, 0xAF, 0x56,
+        0x94, 0x23, 0x53, 0x89, 0x44, 0xFA, 0xD8, 0x93,
+        0xFC, 0x65, 0x6E, 0x9C, 0xED, 0x80, 0x6A, 0x85,
+        0xD9, 0xC3, 0x36, 0x71, 0x02, 0x25, 0x29, 0x36,
+        0x8E, 0x7E, 0xC7, 0x0C, 0x9E, 0xE9, 0x74, 0x30,
+        0x1C, 0x08, 0xCB, 0xE6, 0xAC, 0x5E, 0x88, 0xE6,
+        0x37, 0x79, 0x5C, 0xB2, 0xA2, 0x15, 0xFF, 0xAA,
+        0x08, 0xED, 0xDE, 0x40, 0xAC, 0xFA, 0xEE, 0x2A,
+        0x40, 0xD5, 0x05, 0xCF, 0x58, 0xA6, 0x69, 0x66,
+        0x31, 0x5A, 0x68, 0x98, 0x24, 0x03, 0xD8, 0x1B,
+        0xFA, 0x89, 0xE3, 0x7C, 0x9E, 0x42, 0x1D, 0xA5,
+        0x88, 0xBA, 0x7E, 0x42, 0x2A, 0xC7, 0x44, 0x6A,
+        0x1E, 0x61, 0xC8, 0x22, 0x29, 0x9D, 0xFC, 0x34,
+        0xEC, 0xFA, 0xBE, 0x5C, 0xB6, 0x26, 0xB9, 0x6C,
+        0x8E, 0xA6, 0xC9, 0x3B, 0xDB, 0xD2, 0xD5, 0xBD,
+        0x70, 0xC5, 0xF8, 0x26, 0x7A, 0x84, 0xE0, 0x07,
+        0xA7, 0x11, 0x5E, 0x5B, 0xE5, 0xF1, 0x20, 0x32,
+        0xA3, 0x7C, 0xAB, 0x05, 0xD5, 0x41, 0xE3, 0xDE,
+        0xA5, 0x1A, 0x83, 0x2E, 0xDE, 0x8D, 0x34, 0x9A,
+        0xFD, 0xD5, 0xE6, 0xFC, 0xFC, 0x83, 0x46, 0xE3,
+        0xD4, 0x7C, 0xF1, 0x7F, 0xEA, 0x87, 0x5E, 0x38,
+        0x5D, 0xB9, 0x8A, 0xC2, 0xDB, 0xE8, 0xB4, 0xF8,
+        0x05, 0x37, 0x31, 0x0D, 0xD9, 0x4C, 0xD0, 0xB6,
+        0x25, 0xE9, 0x97, 0x85, 0xDB, 0x04, 0x9A, 0x01,
+        0xF5, 0x4B, 0xA1, 0xF4, 0x2A, 0xDF, 0xEC, 0xAE,
+        0x24, 0x11, 0xD3, 0x2B, 0x2F, 0x84, 0x6C, 0x88,
+        0xA3, 0x0C, 0x76, 0xEA, 0x0A, 0x38, 0xB2, 0x71,
+        0xB6, 0xAC, 0xA8, 0x23, 0x6E, 0x61, 0xEB, 0xB8,
+        0x4A, 0x9D, 0xC4, 0x9E, 0x5C, 0x5B, 0xEE, 0x7E,
+        0x7D, 0x8D, 0xA2, 0xC1, 0xA1, 0xA0, 0xA3, 0x14,
+        0x50, 0xE0, 0x8F, 0xAB, 0xBB, 0x1B, 0x1F, 0x05,
+        0xAA, 0xE3, 0x00, 0xD8, 0xCD, 0xE7, 0x35, 0xB4,
+        0x7B, 0xBD, 0xB0, 0x5C, 0xCC, 0x0C, 0x05, 0x33,
+        0x6B, 0xE4, 0x51, 0x73, 0x1B, 0x6B, 0x77, 0x7B,
+        0xE5, 0xCB, 0xAF, 0x98, 0x53, 0x5F, 0x7E, 0x08,
+        0xFF, 0xCD, 0x8A, 0x44, 0x9E, 0x1D, 0x43, 0x6A,
+        0x4F, 0x05, 0x99, 0x01, 0xF5, 0x6F, 0x01, 0x30,
+        0xBD, 0x15, 0xD7, 0x51, 0x16, 0x45, 0x40, 0x6B,
+        0xF3, 0x13, 0xCA, 0x1F, 0x22, 0x02, 0xA4, 0xA8,
+        0x6A, 0x1D, 0x04, 0x7F, 0xD5, 0x8A, 0x3E, 0x87,
+        0x7F, 0x1D, 0x5A, 0x79, 0x75, 0xD1, 0x6D, 0x67,
+        0xB3, 0x23, 0xC6, 0x28, 0x7B, 0x9C, 0xCE, 0xEE,
+        0x98, 0x9E, 0xE8, 0x44, 0xA9, 0x3E, 0x7E, 0xFD,
+        0x3B, 0xD9, 0xD8, 0x31, 0x6D, 0xA3, 0x77, 0xDF,
+        0x0B, 0xB9, 0xE2, 0x61, 0xA2, 0x71, 0xD5, 0x0C,
+        0xB7, 0x01, 0x67, 0xC3, 0x0D, 0x19, 0x2D, 0xAA,
+        0xDE, 0x96, 0x0E, 0xEA, 0x33, 0x5E, 0xEC, 0x52,
+        0xE5, 0x2D, 0x95, 0x39, 0xE1, 0xF9, 0x5D, 0x9E,
+        0xB6, 0x5E, 0x54, 0x8F, 0x16, 0x60, 0x99, 0xED,
+        0x88, 0x2C, 0x30, 0x72, 0x53, 0x6A, 0x6C, 0xAA,
+        0x05, 0x21, 0xA5, 0xAA, 0x7C, 0x64, 0x72, 0xA0,
+        0xC0, 0x4F, 0x80, 0xDA, 0x20, 0x5D, 0x52, 0x18,
+        0x77, 0x07, 0xDF, 0x5C, 0x2F, 0x2E, 0xA2, 0x5F,
+        0xEF, 0x00, 0xCA, 0x7B, 0xF0, 0xD3, 0xB7, 0xF8,
+        0x1E, 0x31, 0x9E, 0x61, 0xCA, 0x2C, 0xC5, 0xA5,
+        0x25, 0xA2, 0x7B, 0x56, 0xAA, 0xBA, 0xE4, 0xD5,
+        0x35, 0xE5, 0xEC, 0x24, 0x2D, 0x81, 0x1A, 0x24,
+        0xD7, 0x45, 0x76, 0xBF, 0x4B, 0x8A, 0x72, 0xFA,
+        0x5F, 0xAE, 0xC1, 0xA2, 0x83, 0xB6, 0x1D, 0x60,
+        0x28, 0x7E, 0x1E, 0x2E, 0xC8, 0xC6, 0xAB, 0x04,
+        0x56, 0x5F, 0xD5, 0xCD, 0x64, 0x26, 0x34, 0x94,
+        0xE8, 0x03, 0x41, 0x63, 0x35, 0x5B, 0x45, 0x84,
+        0xCE, 0xFA, 0x0B, 0x66, 0x40, 0x85, 0x1A, 0xE1,
+        0x23, 0xE9, 0x8F, 0xBD, 0xA9, 0x23, 0xFC, 0xA3,
+        0x8E, 0x38, 0xB3, 0x84, 0xE2, 0xB9, 0x54, 0x41,
+        0x4B, 0x36, 0x4F, 0xB8, 0xB0, 0x87, 0x56, 0x04,
+        0x8B, 0x75, 0xC7, 0x85, 0x31, 0xD4, 0xA5, 0x12,
+        0x99, 0xC4, 0x9D, 0xEA, 0x4B, 0x36, 0x8C, 0x19,
+        0x82, 0xFE, 0xAD, 0x4A, 0xB1, 0xAA, 0x52, 0x35,
+        0xA4, 0xA1, 0x7F, 0xB0, 0x64, 0x6F, 0x04, 0x04,
+        0x7B, 0xF0, 0x80, 0x48, 0xA1, 0x1C, 0xF8, 0x95,
+        0x8B, 0x68, 0x34, 0xB7, 0xFD, 0x00, 0x31, 0x30,
+        0x6A, 0x39, 0xC8, 0xAE, 0x68, 0xC3, 0x53, 0x65,
+        0x19, 0x7C, 0x1E, 0x57, 0x97, 0xFC, 0x47, 0x3E,
+        0xB1, 0x94, 0x54, 0x48, 0x6F, 0xEB, 0xAA, 0xEC,
+        0x5C, 0x2E, 0xE9, 0x2C, 0xCC, 0x3A, 0xF3, 0xC7,
+        0x43, 0x08, 0x7D, 0x2D, 0x56, 0x4B, 0x7D, 0xE9,
+        0xE5, 0x96, 0xF3, 0x12, 0x4B, 0xE9, 0x08, 0xF3,
+        0x04, 0x5A, 0x75, 0x1A, 0x7D, 0x7E, 0x37, 0xE6,
+        0xC8, 0xC1, 0xFE, 0xF3, 0x32, 0x63, 0x2D, 0x0B,
+        0xBE, 0x05, 0x13, 0x6A, 0x44, 0x58, 0x7F, 0x54,
+        0x5F, 0x5F, 0xF5, 0x2F, 0xB8, 0x0B, 0xF2, 0xBF,
+        0x0B, 0xF4, 0x30, 0x2F, 0xCF, 0xEC, 0xFE, 0x08,
+        0xEC, 0x51, 0xF2, 0x29, 0xD7, 0xAC, 0x28, 0xE1,
+        0x75, 0x42, 0x61, 0xBC, 0xE7, 0xB1, 0x53, 0x4F,
+        0x7D, 0x3B, 0xB0, 0x8D, 0x01, 0x15, 0x1E, 0xBE,
+        0xEC, 0xD9, 0x54, 0xC2, 0x4E, 0x70, 0x3E, 0xEA,
+        0x39, 0x14, 0x26, 0xB7, 0x01, 0x79, 0x5D, 0x06,
+        0x93, 0x85, 0x99, 0xAA, 0x7D, 0xDC, 0xF9, 0x2E,
+        0x44, 0x56, 0x9B, 0xFA, 0x9D, 0x91, 0x2A, 0x8E,
+        0x89, 0x48, 0x51, 0xE3, 0xD0, 0x53, 0xB3, 0xAD,
+        0x43, 0x29, 0xB7, 0x6A, 0x50, 0xC0, 0x78, 0x4D,
+        0x42, 0xF3, 0x7C, 0x5F, 0x90, 0x06, 0xAC, 0x2A,
+        0x9D, 0x5D, 0xE5, 0x18, 0x3F, 0xA3, 0xC6, 0x5E,
+        0xCD, 0xB6, 0xCF, 0x31, 0x67, 0xA4, 0x7A, 0x8F,
+        0x5C, 0x59, 0xBD, 0xD7, 0x9B, 0x7C, 0x24, 0x06,
+        0x97, 0xE1, 0x59, 0x72, 0x85, 0x02, 0x74, 0xFE,
+        0x41, 0xAD, 0x84, 0xD9, 0x0D, 0xCB, 0x34, 0x16,
+        0x11, 0xE7, 0x66, 0xD2, 0x12, 0xDC, 0x76, 0x3C,
+        0xF9, 0x4C, 0x8C, 0x41, 0x94, 0xCC, 0xA9, 0x1B,
+        0x21, 0x03, 0x28, 0xE4, 0xA3, 0x37, 0x4E, 0x29,
+        0xD2, 0x48, 0x11, 0x2B, 0xB6, 0x68, 0xA3, 0x92,
+        0xC2, 0x0D, 0x87, 0x91, 0x03, 0x76, 0xB5, 0x00,
+        0x1F, 0x3F, 0xFB, 0xBE, 0xC3, 0xE0, 0x08, 0xBF,
+        0x2F, 0x46, 0xF7, 0x40, 0x73, 0x83, 0xA8, 0x0D,
+        0xDA, 0x08, 0x2B, 0xDB, 0x8F, 0xE9, 0x25, 0xE4,
+        0xF1, 0x2B, 0x37, 0x92, 0x27, 0x0E, 0x5A, 0x46,
+        0xB8, 0xC5, 0x7B, 0x6E, 0x5A, 0x4B, 0x95, 0x58,
+        0x4E, 0xF3, 0x80, 0xED, 0x49, 0x93, 0xEC, 0x52,
+        0x9F, 0xF2, 0xAA, 0x39, 0xDD, 0x6D, 0xFE, 0x88,
+        0xFD, 0xEB, 0x6E, 0xDA, 0x0E, 0x8D, 0xA7, 0x95,
+        0x66, 0xB0, 0x7D, 0x37, 0xAE, 0xCC, 0x64, 0x37,
+        0x25, 0x95, 0x18, 0xF9, 0x7E, 0x6C, 0x86, 0x12,
+        0xB3, 0xC3, 0x57, 0x03, 0xBF, 0xF9, 0x92, 0x15,
+        0x3E, 0x66, 0x0E, 0x2E, 0x20, 0x77, 0xA0, 0x5F,
+        0x26, 0x5F, 0xB5, 0x12, 0x1D, 0xD7, 0x9F, 0x0A,
+        0x33, 0xBC, 0x38, 0xEC, 0x83, 0x08, 0xE2, 0xA9,
+        0x84, 0xCD, 0x3D, 0x8A, 0xC6, 0x09, 0x30, 0x6F,
+        0x77, 0x93, 0xD7, 0xDE, 0x08, 0xD8, 0x45, 0xA4,
+        0x21, 0x28, 0x26, 0x4E, 0x5C, 0x17, 0x77, 0x74,
+        0xE3, 0x5D, 0x58, 0x7C, 0x96, 0xB2, 0x47, 0x05,
+        0x42, 0x21, 0x78, 0x5D, 0xB3, 0x8D, 0xDC, 0x6F,
+        0xDB, 0xF7, 0xBF, 0x6F, 0x66, 0x4B, 0xD6, 0x30,
+        0x14, 0xC0, 0xBF, 0x94, 0x2A, 0x83, 0x91, 0x6C,
+        0xBF, 0x2C, 0x42, 0x85, 0x41, 0xED, 0xA2, 0xBB,
+        0xCB, 0xFC, 0xF9, 0x35, 0xDE, 0xFC, 0xB3, 0x63,
+        0xE1, 0x64, 0xAA, 0x51, 0x2D, 0xD5, 0xFA, 0x79,
+        0x53, 0x31, 0x40, 0x0B, 0x9B, 0xD0, 0x3C, 0xE3,
+        0xD7, 0x2D, 0x91, 0x05, 0x62, 0xC3, 0x81, 0xFE,
+        0x93, 0x1E, 0x8C, 0x37, 0x9E, 0x30, 0x23, 0x73,
+        0x3A, 0xB9, 0x18, 0x6E, 0x5D, 0xEF, 0x31, 0xE9,
+        0xF6, 0x25, 0x7F, 0xB8, 0x47, 0x74, 0xCE, 0x28,
+        0x23, 0xD4, 0x4F, 0xC1, 0x42, 0xCB, 0xEB, 0x59,
+        0x8A, 0x68, 0xFD, 0x39, 0x48, 0x37, 0x1A, 0x5D,
+        0x0C, 0x09, 0x64, 0xC6, 0xE1, 0x21, 0x5D, 0x89,
+        0xF6, 0x58, 0xE5, 0x50, 0x4A, 0xD0, 0x93, 0xBC,
+        0x86, 0x02, 0xBA, 0xD2, 0x36, 0x24, 0x9D, 0x7E,
+        0xAF, 0xB6, 0xA1, 0xA0, 0x7C, 0xA7, 0xC7, 0x4D,
+        0xAC, 0x30, 0x7A, 0x70, 0x0F, 0x2F, 0x81, 0x40,
+        0xC1, 0x08, 0x6B, 0x21, 0xF2, 0xE1, 0x51, 0x9C,
+        0x1D, 0x46, 0x94, 0x93, 0x2A, 0x1C, 0x18, 0xCB,
+        0xED, 0x0D, 0x0E, 0x29, 0xDE, 0xFC, 0x52, 0x52,
+        0x97, 0x93, 0x70, 0x85, 0xE2, 0x63, 0x0D, 0xC6,
+        0x2C, 0x0C, 0x05, 0x0C, 0x4F, 0xF2, 0x70, 0x87,
+        0x2B, 0xE7, 0xBB, 0x52, 0x2D, 0xD6, 0x99, 0x1B,
+        0x59, 0x6F, 0xC2, 0x92, 0x11, 0x72, 0x5D, 0x99,
+        0x60, 0xB1, 0x6A, 0x52, 0xEA, 0x91, 0x78, 0x19,
+        0x23, 0xC0, 0x3B, 0x71, 0x9D, 0x09, 0xD6, 0xE7,
+        0x10, 0x6D, 0xC5, 0x70, 0x55, 0xC1, 0x9E, 0xF8,
+        0x76, 0xE5, 0xEC, 0x23, 0x17, 0xE7, 0xE4, 0x23,
+        0xC9, 0x71, 0x45, 0x40, 0x72, 0x01, 0x9E, 0x28,
+        0xE6, 0x5C, 0x81, 0xED, 0x52, 0x7A, 0xF1, 0x89,
+        0xBD, 0xFC, 0xF5, 0x21, 0xC9, 0x23, 0x40, 0x75,
+        0x54, 0xAC, 0xBF, 0x69, 0x45, 0xD1, 0x85, 0x44,
+        0x3D, 0xAC, 0x1A, 0x1A, 0x08, 0x8A, 0x68, 0xB5,
+        0x17, 0xD5, 0xD9, 0x90, 0xE1, 0x10, 0x30, 0xDE,
+        0x4F, 0x75, 0x09, 0xE8, 0x7A, 0x77, 0xB3, 0x7C,
+        0xF2, 0x0A, 0x78, 0xE2, 0xCD, 0x48, 0x94, 0x17,
+        0x3C, 0x32, 0xA3, 0x27, 0x35, 0x51, 0x16, 0xB7,
+        0x18, 0x51, 0x44, 0x42, 0x65, 0x60, 0x6A, 0x0A,
+        0x9A, 0x6D, 0x94, 0x61, 0xCC, 0x5D, 0xD8, 0x3B,
+        0x52, 0x7E, 0x4D, 0xBD, 0x6A, 0xEE, 0x03, 0x3D,
+        0x66, 0x1C, 0x3D, 0xE8, 0xC1, 0x82, 0x97, 0xE5,
+        0xD1, 0x31, 0xDB, 0xC8, 0xF6, 0x96, 0xE9, 0x47,
+        0xC9, 0x5C, 0x71, 0x77, 0x2B, 0x62, 0x44, 0x74,
+        0x4D, 0x06, 0x1E, 0x14, 0x45, 0x3B, 0x9F, 0xB1,
+        0x17, 0x34, 0x80, 0x2D, 0xBA, 0x6F, 0x81, 0x79,
+        0xB8, 0x0D, 0xAC, 0xFE, 0xB6, 0xBA, 0xDF, 0xD1,
+        0x4E, 0x05, 0x76, 0x73, 0x6F, 0x80, 0x10, 0xC5,
+        0x32, 0x87, 0xA3, 0xD3, 0x93, 0x18, 0x79, 0xEF,
+        0x27, 0x3B, 0xBF, 0xCD, 0xB5, 0xDE, 0x5B, 0x88,
+        0xAF, 0x51, 0xFD, 0x8A, 0x8C, 0x8F, 0x0A, 0x58,
+        0x94, 0xE2, 0x25, 0xDF, 0xE8, 0x73, 0xFC, 0xC0,
+        0x3C, 0xB1, 0xC9, 0xB5, 0x78, 0x25, 0xF1, 0x11,
+        0x75, 0xC8, 0x7D, 0x08, 0x78, 0xB9, 0xE6, 0x15,
+        0x6B, 0x40, 0x1B, 0x2F, 0xBE, 0x30, 0x03, 0x6B,
+        0xFC, 0x7D, 0xB1, 0x00, 0x02, 0x71, 0xB7, 0xFF,
+        0x5D, 0x63, 0xA8, 0x09, 0x50, 0x75, 0xEF, 0xBD,
+        0x34, 0xEE, 0x73, 0xDE, 0x60, 0x14, 0x95, 0x2D,
+        0x15, 0xBC, 0x30, 0x23, 0x07, 0x02, 0xD8, 0x7C,
+        0x9A, 0x96, 0xD5, 0xE9, 0xF1, 0xF0, 0xF9, 0x26,
+        0x25, 0x96, 0xAA, 0x58, 0xB7, 0xE4, 0x1A, 0xD9,
+        0xA0, 0x9E, 0xAD, 0xB9, 0x44, 0xB6, 0x3F, 0xD9,
+        0x8B, 0x34, 0x7D, 0x11, 0xBD, 0x52, 0x97, 0xC3,
+        0xBE, 0x28, 0x23, 0x85, 0x9F, 0x2F, 0x35, 0xA4,
+        0xE5, 0x4E, 0x13, 0x68, 0x89, 0x09, 0xC3, 0x1A,
+        0x83, 0xE7, 0xDE, 0xCE, 0x4B, 0xDF, 0x31, 0x03,
+        0x9C, 0x72, 0xBA, 0x54, 0xA1, 0x20, 0x2D, 0x17,
+        0x2A, 0x6B, 0x8A, 0x2C, 0xE9, 0x6D, 0xED, 0xCA,
+        0x5B, 0x24, 0xF7, 0xB9, 0x42, 0xC1, 0x4E, 0x13,
+        0x3D, 0xAA, 0x8A, 0xB8, 0xCB, 0xD2, 0x4C, 0x1F,
+        0x0B, 0xBE, 0xB1, 0x27, 0x97, 0x67, 0x26, 0x72,
+        0xE2, 0x2C, 0xE6, 0xC2, 0x12, 0x37, 0xB2, 0x79,
+        0x7D, 0x8E, 0x54, 0xCC, 0x8F, 0xC7, 0x6C, 0x43,
+        0xB4, 0x75, 0x29, 0x66, 0xA3, 0xA4, 0x09, 0x44,
+        0xE7, 0x2D, 0x37, 0x3F, 0x0D, 0x3E, 0x84, 0xF9,
+        0xA3, 0x30, 0x1E, 0xAE, 0x9E, 0xDA, 0x35, 0x44,
+        0x4B, 0x1E, 0x49, 0xE6, 0x61, 0x18, 0x20, 0x6A,
+        0x56, 0xEB, 0x46, 0xD4, 0x8D, 0x20, 0x95, 0x4A,
+        0x77, 0x9A, 0x1E, 0x74, 0xE3, 0xE3, 0xB2, 0xBD,
+        0x40, 0x3D, 0x46, 0xB3, 0x35, 0x10, 0x11, 0xCB,
+        0x6F, 0x8A, 0x86, 0x72, 0xB2, 0xF3, 0xD9, 0x90,
+        0x31, 0x47, 0x55, 0x77, 0x6C, 0xE3, 0x23, 0x7F,
+        0x0A, 0x50, 0xE7, 0x71, 0x20, 0x53, 0x09, 0xC0,
+        0x5D, 0x9A, 0x78, 0xD3, 0x68, 0x88, 0xA8, 0x3B,
+        0xAD, 0x78, 0xE8, 0x6E, 0xDF, 0x36, 0xA8, 0x8D,
+        0xC7, 0x1C, 0x5F, 0x11, 0x56, 0x83, 0x90, 0xD0,
+        0xB5, 0x92, 0x02, 0xE2, 0x9E, 0xE1, 0x1E, 0xCB,
+        0x9F, 0x56, 0x89, 0x63, 0xE8, 0x17, 0x70, 0x83,
+        0x9F, 0xF2, 0x39, 0xAD, 0x03, 0x15, 0x6C, 0xC0,
+        0x71, 0xE8, 0xB7, 0x40, 0x15, 0x95, 0xEC, 0xEE,
+        0x62, 0x34, 0xAC, 0x34, 0xB7, 0x11, 0x70, 0x3D,
+        0x68, 0xC6, 0x7A, 0x28, 0x83, 0xBE, 0x9C, 0x18,
+        0xAB, 0x7F, 0x1A, 0x1B, 0x2E, 0x5C, 0x90, 0xA2,
+        0x32, 0x3C, 0xDF, 0x1E, 0xD4, 0x98, 0x50, 0xB8,
+        0x39, 0x38, 0x19, 0x2F, 0x62, 0x8C, 0x9E, 0xF6,
+        0x5B, 0x77, 0x93, 0x95, 0xEE, 0x37, 0x34, 0xC7,
+        0xA9, 0x01, 0xF7, 0x47, 0x38, 0x86, 0xD7, 0x12,
+        0xD2, 0x15, 0x41, 0x68, 0x16, 0xC3, 0x01, 0x6C,
+        0xC2, 0x83, 0x83, 0xD4, 0x78, 0x7B, 0x46, 0xF6,
+        0x89, 0xDC, 0xE1, 0x11, 0xDA, 0x4D, 0xB8, 0xAC,
+        0x10, 0xE8, 0x4F, 0x66, 0xA5, 0xC2, 0xBD, 0xA1,
+        0xB3, 0xFC, 0x97, 0x7F, 0x6A, 0x0F, 0x73, 0x2E,
+        0xDA, 0x4F, 0x69, 0xB9, 0x75, 0x51, 0xA4, 0xB8,
+        0xB2, 0x61, 0xD6, 0x88, 0x71, 0x94, 0xD3, 0xAF,
+        0xE7, 0xF4, 0xB8, 0x7F, 0xB3, 0xD4, 0x1A, 0xC6,
+        0xDC, 0xDB, 0x8F, 0xD3, 0x9B, 0xE5, 0x0F, 0x2F,
+        0x38, 0x2B, 0xAA, 0x4D, 0x19, 0xC7, 0x45, 0x0A,
+        0xB3, 0xA1, 0xAC, 0x4C, 0x63, 0xCF, 0x93, 0x0A,
+        0xAA, 0x51, 0x7A, 0x15, 0xD5, 0xC0, 0xD5, 0x49,
+        0xFE, 0x03, 0x22, 0x00, 0x71, 0xD3, 0x69, 0x22,
+        0x3E, 0x51, 0x29, 0x6E, 0xCB, 0xF8, 0x0D, 0xCD,
+        0x79, 0xFB, 0xDF, 0xB8, 0xDF, 0x62, 0x90, 0x4D,
+        0x5A, 0x36, 0x20, 0x0F, 0x29, 0xCC, 0x47, 0xE8,
+        0x0C, 0x86, 0x15, 0xEF, 0x1B, 0x78, 0xDB, 0xB2,
+        0x6A, 0x1A, 0xA7, 0xA6, 0x6E, 0x4D, 0x9A, 0x51,
+        0xC9, 0x72, 0xAC, 0x9C, 0x94, 0xEA, 0xB9, 0x95,
+        0x14, 0xB5, 0xAD, 0xAE, 0x62, 0x51, 0xE8, 0xAA,
+        0x30, 0xA5, 0xE5, 0x87, 0x42, 0x4E, 0x3B, 0x7B,
+        0xCC, 0x42, 0xEB, 0xE7, 0x33, 0x3D, 0x92, 0x10,
+        0x97, 0x26, 0x53, 0xF8, 0x11, 0x8B, 0x83, 0xAB,
+        0xE1, 0xBF, 0x7E, 0x9E, 0xE9, 0xCD, 0xAC, 0x28,
+        0x99, 0x7D, 0x14, 0x4C, 0x34, 0xDE, 0xA6, 0x5B,
+        0x59, 0x51, 0x2C, 0x73, 0x29, 0x27, 0xDB, 0xA8,
+        0x20, 0x7D, 0x56, 0x91, 0x98, 0x47, 0x21, 0xB7,
+        0x27, 0x9A, 0xFC, 0xDD, 0xE0, 0x6A, 0x6B, 0xD2,
+        0x68, 0x0E, 0xBB, 0x9B, 0x2E, 0x3C, 0xFE, 0xE9,
+        0xA6, 0x6D, 0x73, 0xD0, 0xC0, 0xDE, 0xD6, 0x53,
+        0x70, 0x8B, 0x09, 0x0B, 0x82, 0x30, 0x65, 0xF9,
+        0x70, 0x78, 0x49, 0xE3, 0xB3, 0x7D, 0x41, 0x25,
+        0xCA, 0x69, 0x3E, 0x74, 0x2E, 0x02, 0x3F, 0x05,
+        0x8A, 0xDC, 0x95, 0x07, 0x9B, 0xB0, 0x0C, 0x56,
+        0xBE, 0x0D, 0x2F, 0x07, 0x81, 0x82, 0xEF, 0xAB,
+        0x30, 0x72, 0xB0, 0xFD, 0x09, 0x76, 0x7B, 0x8A,
+        0x13, 0xC2, 0x80, 0x5A, 0x75, 0x91, 0xB5, 0xB2,
+        0xE1, 0x24, 0x75, 0xB5, 0xC8, 0x24, 0xDB, 0xEB,
+        0x15, 0x79, 0x30, 0xAB, 0x38, 0x9F, 0x91, 0x5F,
+        0xCC, 0xEC, 0x8F, 0x48, 0x64, 0x7E, 0xE4, 0xB6,
+        0x6A, 0xB6, 0xB5, 0x36, 0xC2, 0x2D, 0xE3, 0xE5,
+        0xEE, 0x4A, 0xBB, 0x42, 0xF8, 0xE0, 0x00, 0x9A,
+        0xF0, 0x45, 0x54, 0xF1, 0x28, 0xAC, 0xA3, 0xCC,
+        0xE4, 0x03, 0xBB, 0x01, 0xFD, 0xB7, 0xB5, 0xE2,
+        0xA7, 0x2B, 0x82, 0x91, 0x1C, 0x1F, 0xD0, 0x65,
+        0x23, 0xFF, 0x90, 0x19, 0x21, 0x41, 0xC6, 0x89,
+        0xEC, 0xCB, 0x0B, 0xE6, 0x1B, 0x4C, 0x6D, 0x77,
+        0x06, 0x29, 0x59, 0x02, 0x18, 0xA4, 0x01, 0x1A,
+        0x68, 0xB8, 0x6F, 0xF5, 0x0D, 0x23, 0x03, 0x9C,
+        0x9B, 0xCD, 0x43, 0x61, 0xF6, 0x98, 0x0A, 0x60,
+        0xEF, 0x88, 0xD1, 0x44, 0x0D, 0x30, 0x4C, 0x5B,
+        0x4B, 0x52, 0xD6, 0xED, 0xC2, 0x91, 0x12, 0xDC,
+        0x3A, 0x8A, 0xF2, 0x85, 0x89, 0xE8, 0xF6, 0x29,
+        0x48, 0xED, 0xB6, 0xBE, 0x76, 0x64, 0x6D, 0x59,
+        0x66, 0x06, 0xB9, 0xE7, 0x05, 0xFE, 0xE3, 0xF1,
+        0x44, 0xA0, 0x7B, 0xC9, 0xED, 0x1D, 0x40, 0x0C
+    };
+    static const byte msg_65[] = {
+        0x88, 0x5A, 0x0B, 0xDD, 0x8D, 0xE7, 0x4B, 0xC7,
+        0x11, 0x69, 0x0A, 0xA6, 0x14, 0xDD, 0xA5, 0x32,
+        0xF4, 0xD8, 0xC7, 0xEA, 0x2C, 0x27, 0x85, 0x5A,
+        0x57, 0x8E, 0x63, 0x61, 0xCA, 0xAE, 0x2C, 0x0B,
+        0xF7, 0xE7, 0x73, 0xB4, 0x90, 0x0A, 0x32, 0x93,
+        0x12, 0x1A, 0x6E, 0x0D, 0xD6, 0x10, 0x10, 0x7A,
+        0x7A, 0x65, 0xBD, 0x6E, 0x11, 0xF6, 0x19, 0xFC,
+        0x0E, 0x9C, 0xE7, 0xBF, 0x7B, 0x5D, 0xE1, 0x80,
+        0x76, 0xE1, 0xB7, 0x25, 0x57, 0x20, 0x97, 0xB2,
+        0x47, 0xD8, 0xE0, 0x46, 0x24, 0x94, 0xF6, 0x3F,
+        0x4E, 0xDF, 0xBE, 0xAC, 0x2F, 0xA2, 0xEC, 0xAE,
+        0x0C, 0xCA, 0xD4, 0x28, 0xBD, 0x79, 0x6C, 0xF2,
+        0x60, 0x92, 0xA1, 0xCD, 0x50, 0x5F, 0x59, 0x39,
+        0x11, 0xED, 0x10, 0xFD, 0xA4, 0x26, 0xC7, 0xE3,
+        0xC5, 0xA4, 0x39, 0xE8, 0x50, 0x42, 0x13, 0x18,
+        0xAE, 0x07, 0x85, 0xB0, 0x5A, 0xA9, 0x9F, 0x58,
+        0xD6, 0x85, 0x6D, 0xEB, 0x78, 0xBB, 0xE4, 0x88,
+        0xC7, 0x0E, 0xEE, 0x42, 0xBB, 0x9A, 0xB5, 0x92,
+        0x7B, 0x2E, 0xD2, 0x5C, 0xD1, 0x43, 0x77, 0xCD,
+        0x7E, 0x1A, 0x88, 0x34, 0xE8, 0x21, 0x48, 0x00,
+        0x2F, 0xCB, 0x98, 0x5A, 0xB9, 0x43, 0x12, 0x97,
+        0x01, 0x0B, 0x2B, 0xC7, 0x0F, 0x91, 0x32, 0x37,
+        0x3C, 0x6D, 0xD2, 0xA2, 0xA9, 0xCF, 0x24, 0x6F,
+        0xE0, 0x26, 0x2E, 0x8B, 0x53, 0xE6, 0x93, 0xF3,
+        0xD6, 0xFE, 0xD3, 0xED, 0xD1, 0xF2, 0x00, 0x4E,
+        0xD1, 0x7C, 0x2C, 0xF5, 0xB2, 0x57, 0xF4, 0xAD,
+        0xA5, 0xDC, 0x1A, 0x7C, 0x15, 0x1F, 0xFE, 0x03,
+        0xB9, 0x6A, 0x4D, 0xB9, 0x91, 0xE4, 0x13, 0x2D,
+        0x01, 0xDE, 0x1F, 0x03, 0x3E, 0xD8, 0x13, 0x57,
+        0xEA, 0xE7, 0xC1, 0xA8, 0xD2, 0xDD, 0xD9, 0x2D,
+        0xDF, 0xC0, 0x6F, 0x67, 0x13, 0x94, 0xD2, 0xF6,
+        0x02, 0x12, 0xC6, 0xE4, 0x49, 0xEA, 0x35, 0x93,
+        0x24, 0xFE, 0xD3, 0x8C, 0x84, 0xD3, 0x6D, 0x15,
+        0x43, 0x2E, 0x11, 0xE7, 0x15, 0x00, 0x15, 0x80,
+        0x4F, 0x97, 0xA3, 0xC6, 0x77, 0x38, 0x2C, 0xD4,
+        0x6A, 0xA4, 0xD7, 0xAC, 0xEE, 0x56, 0x86, 0xFB,
+        0xCE, 0xD7, 0xA9, 0xE8, 0x5D, 0x29, 0xC4, 0x83,
+        0x86, 0xE6, 0x9F, 0x40, 0x69, 0x3D, 0x9A, 0xDA,
+        0xBE, 0xB4, 0x3B, 0xD0, 0xE5, 0x03, 0x6A, 0xCD,
+        0xE6, 0x31, 0xB5, 0x49, 0x57, 0xF4, 0xFC, 0xE2,
+        0x6F, 0x7A, 0x24, 0xB0, 0xDA, 0xD4, 0x34, 0x8A,
+        0x67, 0x89, 0xCA, 0xE1, 0x06, 0x13, 0x06, 0x20,
+        0xED, 0x2F, 0xA0, 0xEA, 0x38, 0xF5, 0x75, 0xF2,
+        0x87, 0x83, 0xBC, 0x92, 0xB3, 0x2B, 0x0C, 0x51,
+        0xC8, 0xA6, 0x54, 0x6F, 0x5D, 0x88, 0x09, 0x5F,
+        0x9F, 0x73, 0xC6, 0x5B, 0xF6, 0xF2, 0x51, 0xA2,
+        0xC4, 0x69, 0x74, 0x64, 0x45, 0xC5, 0x88, 0xC3,
+        0xEA, 0x81, 0x39, 0xE4, 0x33, 0xD4, 0xFE, 0x2D,
+        0xE4, 0xC0, 0xD3, 0x58, 0xB6, 0xCA, 0x8A, 0x62,
+        0x94, 0xE6, 0xAF, 0xC1, 0xB9, 0x60, 0x74, 0xC0,
+        0x68, 0xEF, 0x67, 0xB1, 0x58, 0xF1, 0x12, 0x9C,
+        0xFE, 0x0A, 0x3A, 0xE7, 0xEB, 0x9D, 0x45, 0x4F,
+        0x35, 0x7F, 0xBB, 0x6A, 0xB3, 0xB9, 0x92, 0x2B,
+        0x1B, 0xCD, 0x55, 0x58, 0x61, 0x87, 0xCD, 0x24,
+        0x69, 0x24, 0x82, 0x78, 0x23, 0x34, 0xAC, 0x9F,
+        0x2B, 0x86, 0x12, 0x48, 0xF6, 0xA5, 0x30, 0xE9,
+        0x3E, 0x11, 0x48, 0x87, 0x84, 0xDD, 0xE5, 0xEA,
+        0x67, 0x8A, 0xE5, 0x05, 0x90, 0x3E, 0x23, 0x10,
+        0x53, 0x30, 0x8C, 0x1B, 0x87, 0x84, 0x60, 0x7E,
+        0x06, 0x3F, 0x48, 0x98, 0xA4, 0xFA, 0xB6, 0x01,
+        0xD3, 0xE6, 0x96, 0x85, 0x97, 0x21, 0x55, 0xF6,
+        0x3F, 0x09, 0xFD, 0x84, 0xB2, 0xB3, 0xDF, 0x74,
+        0x1F, 0xB6, 0x42, 0xAC, 0xA6, 0x03, 0xD0, 0xD5,
+        0x96, 0xE0, 0xA8, 0xDA, 0xD4, 0x24, 0xF4, 0x64,
+        0x0F, 0x98, 0xB9, 0x6F, 0xB2, 0x42, 0xC6, 0x95,
+        0xDC, 0x33, 0x1F, 0x57, 0x59, 0xF7, 0x5E, 0xAF,
+        0x19, 0x1C, 0xBD, 0x98, 0x5E, 0xC5, 0x99, 0x8D,
+        0x56, 0x48, 0xC8, 0x5E, 0xB6, 0x31, 0x29, 0x5F,
+        0x61, 0x56, 0x7C, 0x11, 0x63, 0xF9, 0x90, 0xDC,
+        0x4F, 0xA1, 0x71, 0x40, 0x91, 0x26, 0x1E, 0x5F,
+        0x3E, 0x5F, 0x0B, 0xFE, 0x84, 0x55, 0xBB, 0x8B,
+        0xAA, 0x1D, 0x69, 0x42, 0x1F, 0x15, 0x37, 0x4E,
+        0x73, 0xB0, 0x7E, 0x78, 0x57, 0x9D, 0x0E, 0x25,
+        0x1A, 0x41, 0xEE, 0x1A, 0x50, 0x43, 0xAA, 0xBF,
+        0x8B, 0xE7, 0x73, 0xEE, 0x7F, 0x9D, 0x0F, 0xDF,
+        0xCF, 0xD3, 0xAE, 0x71, 0x1F, 0xAB, 0x1D, 0x3D,
+        0xBC, 0xC2, 0x84, 0x3B, 0xE5, 0xA9, 0x46, 0xB2,
+        0x4D, 0x8B, 0x9B, 0x94, 0x35, 0x8B, 0x5F, 0x59,
+        0x8E, 0x88, 0xED, 0x3D, 0x53, 0xF3, 0x10, 0xF8,
+        0xEC, 0x63, 0x22, 0x9D, 0x4F, 0x5B, 0xB1, 0xB6,
+        0xD5, 0x24, 0xA5, 0xAF, 0x9C, 0x39, 0x47, 0x79,
+        0x25, 0xC7, 0xE2, 0x90, 0x95, 0xFC, 0x43, 0xF1,
+        0x71, 0xFE, 0xCD, 0xD0, 0x61, 0xF3, 0x62, 0x62,
+        0x71, 0x21, 0x75, 0x2C, 0x23, 0x6B, 0x79, 0x2F,
+        0x1B, 0x31, 0x90, 0x79, 0x7C, 0xD0, 0x57, 0x5C,
+        0x58, 0x4F, 0x30, 0xB5, 0x56, 0x81, 0x19, 0x61,
+        0x90, 0x45, 0x09, 0xC9, 0x8B, 0xCD, 0xE8, 0x65,
+        0x9D, 0x22, 0x80, 0xF4, 0x95, 0xA0, 0xC9, 0x55,
+        0x7D, 0x38, 0x11, 0xAF, 0x5E, 0xD4, 0x37, 0x7B,
+        0xC7, 0x59, 0x9E, 0x49, 0x59, 0xFF, 0x85, 0xF2,
+        0x15, 0x0A, 0xCD, 0xEC, 0xC1, 0xF7, 0x67, 0x2D,
+        0xE1, 0xEE, 0x4D, 0xB4, 0x4C, 0x1F, 0xB5, 0xF7,
+        0x99, 0x8A, 0xB5, 0xDB, 0x74, 0x2F, 0x6C, 0x5D,
+        0x32, 0xCB, 0xC0, 0xF2, 0xFB, 0xC9, 0x54, 0xEA,
+        0xD6, 0xCC, 0x13, 0x4B, 0x97, 0x62, 0xDF, 0x33,
+        0x13, 0x86, 0xDE, 0xCA, 0x31, 0x69, 0x47, 0x88,
+        0x4B, 0x9A, 0x13, 0xAD, 0xEA, 0x5C, 0xBE, 0x29,
+        0x56, 0x64, 0x4F, 0xA1, 0x2A, 0x7B, 0xB3, 0xBF,
+        0xB9, 0x7E, 0x1D, 0x93, 0xA7, 0x01, 0x91, 0xAC,
+        0x38, 0xA0, 0x37, 0x32, 0x58, 0xC2, 0xC2, 0x81,
+        0x6D, 0xEA, 0x6E, 0xAF, 0x88, 0x0D, 0x69, 0xF4,
+        0x5F, 0xBA, 0x4C, 0x29, 0x0F, 0x18, 0xD3, 0x4B,
+        0xB8, 0x36, 0x8C, 0xF4, 0xEB, 0xB4, 0x72, 0xBA,
+        0x49, 0x9C, 0xBB, 0x54, 0x50, 0x1E, 0xE3, 0xA2,
+        0x8E, 0x5F, 0xB9, 0xFD, 0xC6, 0x6C, 0xF6, 0x45,
+        0x72, 0x09, 0x47, 0x19, 0xBB, 0xDB, 0x48, 0xF3,
+        0xF4, 0x88, 0x51, 0x3B, 0x65, 0x50, 0xE1, 0x27,
+        0xE8, 0x34, 0x1C, 0x7E, 0x53, 0xDC, 0xFD, 0xA7,
+        0xD4, 0x08, 0x05, 0x58, 0x0B, 0xC7, 0xD3, 0x0A,
+        0x72, 0xF2, 0x44, 0xCC, 0xDB, 0x5A, 0xEF, 0x66,
+        0x1B, 0x0F, 0x30, 0x4E, 0xC5, 0xB7, 0xAB, 0x93,
+        0xB8, 0xC5, 0xC4, 0x9A, 0x77, 0x68, 0x38, 0xB7,
+        0xD5, 0x23, 0x74, 0xAA, 0x41, 0x63, 0x02, 0x24,
+        0xD6, 0x16, 0xF3, 0x10, 0xE4, 0x99, 0xEC, 0xAD,
+        0xCE, 0x93, 0xE7, 0x8B, 0x94, 0xD3, 0xCA, 0x48,
+        0xB3, 0x47, 0xBC, 0x0E, 0xEC, 0xAA, 0x20, 0x66,
+        0x02, 0x29, 0x65, 0xC8, 0x07, 0xBE, 0xF9, 0x02,
+        0x9B, 0xC5, 0x22, 0x8F, 0x00, 0x5E, 0xDB, 0x74,
+        0xD4, 0xB1, 0x44, 0x98, 0xCE, 0x3A, 0xE1, 0x3B,
+        0xEB, 0x7C, 0x69, 0x3B, 0x66, 0x9E, 0xE9, 0xF9,
+        0xA6, 0xF4, 0x6F, 0xC0, 0x0E, 0xC0, 0x5E, 0x13,
+        0x2B, 0xB6, 0xC6, 0x76, 0x0F, 0xB5, 0xC5, 0x1C,
+        0x83, 0x23, 0xAC, 0xD6, 0xA3, 0xC7, 0x5A, 0x72,
+        0xE9, 0x73, 0x89, 0x66, 0xD1, 0x25, 0xB9, 0x61,
+        0x3B, 0x31, 0x45, 0xC6, 0x7B, 0x5E, 0x98, 0x81,
+        0x87, 0xE8, 0x5F, 0x29, 0xAD, 0xCB, 0xAF, 0x74,
+        0xE3, 0x3A, 0x61, 0x1F, 0xFF, 0x25, 0x2A, 0xEB,
+        0xBA, 0xEB, 0x1E, 0xA6, 0x41, 0xE6, 0xFC, 0x8B,
+        0xDF, 0x73, 0x41, 0xBE, 0x2A, 0xA8, 0x57, 0xE4,
+        0x43, 0xAC, 0xFB, 0xCE, 0xB2, 0x15, 0x5D, 0x08,
+        0x1A, 0xCB, 0x4C, 0xCD, 0xB0, 0x98, 0xD5, 0x7C,
+        0xEF, 0x6F, 0x6F, 0xD3, 0x42, 0xDB, 0x2D, 0x83,
+        0xB6, 0x12, 0x3E, 0x0A, 0xD3, 0xC9, 0x3F, 0x30,
+        0x08, 0x11, 0xB8, 0xD5, 0xA1, 0x1A, 0x5A, 0x29,
+        0xBE, 0x60, 0x81, 0x6F, 0x69, 0xB2, 0x9D, 0x1D,
+        0x7E, 0x15, 0x88, 0x69, 0xD8, 0x60, 0xF6, 0xFB,
+        0x82, 0x9D, 0xE8, 0x0D, 0x3E, 0x1B, 0x69, 0x9C,
+        0x3A, 0xB6, 0x80, 0x4E, 0xB6, 0x54, 0x91, 0x78,
+        0xD9, 0x47, 0x33, 0x38, 0xD6, 0xAF, 0x20, 0x9E,
+        0x1F, 0x7D, 0x26, 0x3C, 0x66, 0x7A, 0xE6, 0x89,
+        0x5F, 0x6E, 0x29, 0x33, 0x92, 0x34, 0x71, 0xF1,
+        0x99, 0x58, 0x1F, 0x8A, 0x51, 0xBD, 0x9A, 0xA4,
+        0x52, 0xEE, 0xE4, 0xBF, 0xE9, 0x56, 0x69, 0xAC,
+        0xD0, 0x7B, 0x41, 0xB0, 0x0C, 0x03, 0xF5, 0x5A,
+        0x40, 0xD1, 0x0B, 0x50, 0xF8, 0xE4, 0x67, 0xBD,
+        0x07, 0x1C, 0x8F, 0x40, 0x5C, 0xF1, 0x19, 0x61,
+        0x2D, 0x32, 0x40, 0x5B, 0xD5, 0x27, 0x5A, 0x6B,
+        0xBF, 0x22, 0x17, 0xF9, 0xF1, 0x79, 0x0D, 0x29,
+        0x99, 0x7B, 0x7B, 0x6B, 0x1E, 0xC8, 0xD7, 0x92,
+        0x4A, 0xB9, 0xE6, 0x44, 0xC1, 0x29, 0xCE, 0xE8,
+        0x74, 0x33, 0x29, 0x1A, 0x2C, 0x8E, 0xD6, 0xBC,
+        0x3C, 0x2A, 0x19, 0xD0, 0x76, 0xB1, 0x77, 0xEE,
+        0x60, 0x50, 0x69, 0x2A, 0xDA, 0x8E, 0x95, 0x57,
+        0x4D, 0x6C, 0xE9, 0xAB, 0xE4, 0x97, 0x95, 0xD8,
+        0xF2, 0x8E, 0xAB, 0x69, 0x67, 0x6E, 0x79, 0x03,
+        0xA6, 0x56, 0xFA, 0xB3, 0x20, 0x25, 0xFE, 0x34,
+        0x65, 0xCB, 0xDB, 0x57, 0x01, 0xC1, 0x77, 0x20,
+        0x9D, 0x91, 0x89, 0xA5, 0x91, 0x7C, 0x13, 0x37,
+        0xDE, 0x39, 0xF5, 0x75, 0xE5, 0xDD, 0xB9, 0x3C,
+        0xA7, 0x6B, 0xEB, 0x52, 0xAF, 0x32, 0xE8, 0xD7,
+        0x12, 0x7B, 0x28, 0xF7, 0xCE, 0x73, 0x12, 0xE8,
+        0x03, 0x90, 0x47, 0x21, 0xAB, 0x21, 0x6E, 0x92,
+        0xA8, 0xA9, 0xE6, 0x09, 0xFC, 0x10, 0xAF, 0x8D,
+        0xC2, 0xAA, 0xCA, 0x14, 0xA9, 0x7B, 0xB0, 0xE4,
+        0xB2, 0x34, 0xC7, 0x00, 0x0E, 0xBB, 0xE0, 0xC4,
+        0x42, 0xF1, 0x85, 0x94, 0x6B, 0x7C, 0xE7, 0x72,
+        0x80, 0x95, 0xCD, 0x60, 0x16, 0x9B, 0x0B, 0xD9,
+        0x7B, 0x36, 0xB3, 0xAE, 0x38, 0x55, 0xD9, 0x89,
+        0x25, 0xB2, 0x9D, 0x92, 0x94, 0xEF, 0x27, 0x75,
+        0x09, 0xFC, 0xA4, 0x07, 0xEA, 0x2B, 0xC4, 0x76,
+        0x59, 0x02, 0x6A, 0x82, 0x04, 0xD6, 0x96, 0x4F,
+        0xC6, 0x5B, 0xEF, 0x35, 0x31, 0xE9, 0xC1, 0xE6,
+        0xF9, 0x70, 0xBF, 0x2F, 0xF2, 0x40, 0x75, 0xEA,
+        0x17, 0xD1, 0x36, 0xAD, 0xEA, 0xD2, 0x35, 0x6B,
+        0x6C, 0xE4, 0x98, 0xF9, 0x3C, 0xD2, 0xF9, 0xE5,
+        0xE1, 0x90, 0xD2, 0x09, 0xD9, 0x3E, 0x47, 0x3F,
+        0xAA, 0x8E, 0xD9, 0x20, 0x96, 0x31, 0x5B, 0xF1,
+        0xFC, 0xA6, 0x55, 0xFE, 0xBC, 0x78, 0xE0, 0x99,
+        0x65, 0xC9, 0x74, 0x78, 0x29, 0x6B, 0x75, 0xD3,
+        0x90, 0x56, 0x60, 0x4D, 0x32, 0x71, 0x91, 0x6D,
+        0xCF, 0xF2, 0x25, 0xCB, 0x6B, 0x9A, 0x34, 0xE1,
+        0x5D, 0xC1, 0x64, 0xB2, 0xA6, 0x8A, 0x3B, 0x42,
+        0xDE, 0x05, 0x7A, 0x6B, 0xAC, 0x17, 0x32, 0xCF,
+        0x59, 0x45, 0xBB, 0xCA, 0x12, 0xB8, 0xB3, 0x61,
+        0x59, 0xFB, 0x89, 0xF7, 0xBB, 0xBE, 0x9F, 0xE0,
+        0x34, 0x21, 0x8F, 0x5B, 0x3B, 0xCF, 0x18, 0x4C,
+        0x20, 0x73, 0x06, 0xE6, 0xD2, 0xEA, 0x69, 0x59,
+        0xEA, 0xE0, 0x89, 0x0A, 0x7B, 0x68, 0x02, 0xEC,
+        0x1D, 0xA0, 0x82, 0xBE, 0xD6, 0x5B, 0xB6, 0xE4,
+        0xEB, 0x4D, 0x56, 0x15, 0x70, 0x1C, 0xB0, 0xE3,
+        0x50, 0x36, 0x33, 0x14, 0xA4, 0xD1, 0x01, 0xDB,
+        0xBA, 0x60, 0x53, 0x71, 0xA3, 0x8B, 0x2D, 0x8A,
+        0x37, 0xFF, 0x78, 0xEB, 0xB3, 0x69, 0x82, 0x53,
+        0x88, 0xAA, 0xB7, 0xD3, 0xC6, 0x23, 0xB9, 0x3E,
+        0x51, 0x2D, 0x96, 0xA9, 0xF3, 0x39, 0xEC, 0x96,
+        0x8B, 0x35, 0x27, 0x59, 0xAF, 0x3E, 0x8F, 0xA3,
+        0x21, 0x1C, 0x39, 0x29, 0x5B, 0x01, 0x10, 0xE6,
+        0xDF, 0x26, 0x4E, 0x90, 0x67, 0x8C, 0x11, 0xE2,
+        0xB9, 0x03, 0xAF, 0x32, 0x2E, 0x4F, 0xA7, 0x70,
+        0x28, 0xD3, 0xEC, 0xC4, 0x4F, 0x62, 0x79, 0xD6,
+        0x3B, 0x1E, 0x60, 0xD8, 0x06, 0x72, 0x41, 0x01,
+        0x5F, 0xC4, 0xF8, 0x9B, 0xAA, 0x15, 0x6A, 0x78,
+        0xFA, 0x77, 0xBB, 0x29, 0x14, 0xCA, 0xC2, 0x81,
+        0xF4, 0x40, 0x9C, 0x9C, 0x03, 0x70, 0xAB, 0xD7,
+        0xC1, 0xF8, 0xA5, 0xD1, 0x04, 0x0B, 0x59, 0x75,
+        0x2C, 0xC4, 0xFD, 0xF0, 0xD1, 0x9C, 0xB0, 0xC5,
+        0x6F, 0xEF, 0x34, 0xFA, 0x3A, 0x3B, 0xCE, 0xE1,
+        0xF0, 0x64, 0xE3, 0x60, 0xE8, 0x6D, 0xC5, 0x5D,
+        0xB5, 0xC9, 0x37, 0x5B, 0xDA, 0xDA, 0x67, 0x2E,
+        0x72, 0xF6, 0x64, 0xE3, 0xAC, 0xB2, 0xE6, 0xD8,
+        0xA0, 0x84, 0x09, 0xC8, 0xCD, 0x60, 0xA1, 0xF9,
+        0x53, 0x80, 0xAB, 0x6C, 0x3A, 0xCB, 0x6B, 0x91,
+        0xA8, 0xA9, 0xA3, 0xB7, 0x75, 0x50, 0x49, 0x79,
+        0xB8, 0x02, 0x5A, 0xDB, 0x34, 0x22, 0x61, 0x9B,
+        0xD1, 0x1E, 0x2B, 0x54, 0xFE, 0x6D, 0x07, 0x58,
+        0x81, 0xAC, 0xAC, 0x24, 0x53, 0x20, 0x31, 0xCC,
+        0xD2, 0x99, 0x06, 0x0E, 0x4E, 0xB7, 0xF7, 0xCB,
+        0xD8, 0x08, 0x36, 0xD4, 0xB8, 0x23, 0xA5, 0xFF,
+        0xA4, 0xFE, 0x8C, 0x6B, 0x98, 0x3D, 0x2A, 0xAE,
+        0xB8, 0xF1, 0x6F, 0x6C, 0x1C, 0x22, 0x81, 0xEF,
+        0xD7, 0x13, 0xFF, 0xDA, 0x22, 0x06, 0x9A, 0x5D,
+        0x8A, 0xC4, 0x91, 0x29, 0x1C, 0xBF, 0x49, 0xF1,
+        0x18, 0xC9, 0x46, 0xD5, 0x0F, 0x08, 0xE0, 0xD1,
+        0x73, 0x28, 0x14, 0xE8, 0x15, 0x81, 0x90, 0x6A,
+        0x31, 0x53, 0x94, 0x01, 0x14, 0xBE, 0xC8, 0xEB,
+        0xD4, 0x9C, 0x73, 0x79, 0x0F, 0x9E, 0xD7, 0xCC,
+        0xD9, 0x85, 0xED, 0xAD, 0x8D, 0xB3, 0x42, 0x6B,
+        0x15, 0x13, 0x98, 0xEB, 0xF1, 0x6E, 0xFA, 0xFE,
+        0x3D, 0xA0, 0xC7, 0xF3, 0x8B, 0x22, 0x76, 0x05,
+        0x76, 0xD4, 0x88, 0x52, 0x73, 0xF5, 0xE4, 0x0B,
+        0x14, 0x05, 0x57, 0x10, 0x7F, 0xCE, 0x0B, 0xF8,
+        0x46, 0x1F, 0x24, 0x8B, 0xC4, 0x3F, 0xBF, 0x5C,
+        0xEE, 0xE7, 0x6E, 0xF3, 0xA9, 0xEB, 0xD2, 0x30,
+        0x95, 0x6C, 0x7B, 0x98, 0xAC, 0x89, 0x8A, 0x39,
+        0x9E, 0x5C, 0x2A, 0xB0, 0xCB, 0xE9, 0xE5, 0xAB,
+        0x94, 0x71, 0xDF, 0x5E, 0x53, 0x0C, 0x72, 0xF2,
+        0x6C, 0x34, 0xDB, 0xFE, 0x2F, 0x83, 0x68, 0x3E,
+        0xB6, 0x22, 0xF9, 0x64, 0x7A, 0xA0, 0x6A, 0x26,
+        0x7D, 0x78, 0x97, 0x36, 0x31, 0x2C, 0x90, 0xC9,
+        0xE5, 0x9D, 0x77, 0x12, 0x2A, 0x88, 0x53, 0x8F,
+        0xD0, 0xF5, 0x39, 0x16, 0xAF, 0x08, 0xB2, 0x36,
+        0x93, 0x5C, 0xDC, 0x5B, 0xB3, 0xCB, 0x49, 0x0C,
+        0x83, 0x09, 0xE6, 0xA7, 0x9B, 0x43, 0xE7, 0xA5,
+        0x4A, 0x8A, 0x07, 0xE1, 0xBA, 0xFB, 0x9B, 0x93,
+        0x7E, 0xAC, 0x2F, 0xC3, 0xAC, 0xED, 0x30, 0x64,
+        0x1F, 0x33, 0x79, 0x19, 0xD2, 0xDB, 0x54, 0xEC,
+        0x7F, 0x32, 0x0E, 0xC5, 0x1C, 0xD1, 0x3C, 0x00,
+        0xB9, 0xE6, 0x03, 0xDF, 0x6D, 0xD2, 0x69, 0x0C,
+        0x75, 0xAF, 0x37, 0x07, 0xB7, 0xC9, 0x3E, 0x91,
+        0xCF, 0x02, 0x78, 0xD7, 0x43, 0xA1, 0x8B, 0x4E,
+        0x69, 0x74, 0xB4, 0x24, 0x08, 0x10, 0x42, 0xB5,
+        0xB4, 0xE7, 0x8C, 0xEB, 0x7F, 0xFF, 0x67, 0x98,
+        0x0B, 0xBC, 0xBA, 0x5E, 0x29, 0xBE, 0x61, 0x33,
+        0x56, 0x16, 0xD6, 0x5E, 0x86, 0xF0, 0xE7, 0x46,
+        0xD1, 0x83, 0xDF, 0xD4, 0x6B, 0x75, 0xC9, 0x30,
+        0x0D, 0x60, 0xC5, 0x19, 0xFD, 0x95, 0xA8, 0xA6,
+        0x61, 0xFF, 0xC8, 0x2A, 0xE7, 0x5D, 0xD1, 0x49,
+        0x49, 0x1F, 0x99, 0xD1, 0x41, 0x4F, 0x15, 0x79,
+        0x00, 0x8A, 0x80, 0x27, 0xA6, 0xC9, 0x98, 0xD3,
+        0xE7, 0xA2, 0xBB, 0xFA, 0x07, 0xAB, 0x53, 0xEF,
+        0xE8, 0x17, 0xAE, 0x9C, 0x6A, 0xE8, 0xD0, 0x52,
+        0xAA, 0x85, 0x9D, 0x03, 0x48, 0xB0, 0xD2, 0xC8,
+        0x5B, 0xCC, 0xC4, 0x50, 0x84, 0x90, 0xBE, 0x0F,
+        0x9B, 0x32, 0x13, 0xB8, 0xAF, 0x7C, 0xCE, 0xE7,
+        0x22, 0xE2, 0x82, 0x13, 0x18, 0x71, 0x46, 0xC5,
+        0xDA, 0x05, 0xB7, 0x65, 0xD8, 0x33, 0x06, 0xFA,
+        0x5A, 0x6B, 0x76, 0xD6, 0x92, 0x76, 0xD1, 0x6A,
+        0x2B, 0xC6, 0x0D, 0xB1, 0xAD, 0xAB, 0x57, 0x62,
+        0xEA, 0x76, 0x37, 0x4E, 0xAB, 0x2D, 0x34, 0xD2,
+        0xA3, 0x57, 0xC7, 0x56, 0xFB, 0xEA, 0xD6, 0xA9,
+        0xE3, 0xC1, 0x63, 0x07, 0xDE, 0xB9, 0x5E, 0x5A,
+        0x30, 0x2E, 0x41, 0x4D, 0x43, 0xE9, 0x1C, 0xA1,
+        0x5B, 0xB2, 0x4F, 0xAF, 0xDC, 0xE9, 0xBB, 0xBE,
+        0x73, 0x55, 0x90, 0xF0, 0xD0, 0x02, 0x98, 0x6D,
+        0x13, 0x50, 0x9A, 0xCA, 0x4C, 0xB3, 0x15, 0x3A,
+        0x26, 0x14, 0x38, 0x67, 0xEB, 0xA7, 0x27, 0x33,
+        0x48, 0x97, 0x58, 0x94, 0x57, 0xEA, 0xF9, 0x7E,
+        0x8B, 0xB0, 0xBB, 0xF3, 0xF4, 0x84, 0x6E, 0x69,
+        0x95, 0x2C, 0xF4, 0x6B, 0x1C, 0x65, 0x39, 0xB4,
+        0x46, 0xA7, 0x99, 0xD6, 0x68, 0x47, 0x6E, 0x2E,
+        0x49, 0x84, 0x75, 0x3E, 0x6C, 0x2E, 0x9A, 0x08,
+        0xBC, 0xB7, 0x2F, 0x86, 0x68, 0x5C, 0xE1, 0xBF,
+        0xEA, 0xA1, 0xAF, 0x59, 0xD6, 0x71, 0xB7, 0xBD,
+        0xD6, 0xC5, 0xC2, 0xF2, 0xF3, 0xB5, 0x36, 0xBB,
+        0x36, 0x23, 0x4F, 0xD6, 0x44, 0x59, 0x0A, 0x44,
+        0x86, 0xCA, 0xDC, 0xD4, 0x22, 0x0F, 0x79, 0x09,
+        0x99, 0x8C, 0x8C, 0x9E, 0x03, 0xA4, 0x51, 0x99,
+        0x5A, 0xB9, 0x97, 0x76, 0x73, 0x20, 0xD3, 0x98,
+        0x8C, 0x52, 0x96, 0xE1, 0x65, 0x7B, 0x4C, 0x77,
+        0x40, 0xB2, 0xFE, 0x27, 0x0A, 0x11, 0x76, 0x6E,
+        0x3B, 0x35, 0x12, 0xC6, 0x4E, 0xC2, 0x0E, 0xCC,
+        0x04, 0xB5, 0x51, 0x91, 0xD0, 0x4A, 0xF7, 0x84,
+        0xF2, 0xE7, 0xE5, 0x99, 0x7E, 0xB5, 0x3E, 0xAC,
+        0x53, 0xDB, 0x61, 0x11, 0x71, 0x56, 0x4E, 0xAB,
+        0x4A, 0x68, 0xC1, 0x6A, 0xA5, 0xC5, 0x7F, 0x72,
+        0xEB, 0x14, 0x97, 0xA4, 0x27, 0xA0, 0x53, 0xA1,
+        0xC4, 0x70, 0x7D, 0x58, 0xBD, 0xC1, 0xD7, 0xFD,
+        0x9F, 0xB8, 0x8C, 0xCE, 0x34, 0xF9, 0xE1, 0x9C,
+        0x59, 0x79, 0x31, 0x24, 0xEC, 0xBB, 0xF5, 0x6F,
+        0x3F, 0xA3, 0x5A, 0x55, 0xB3, 0xDE, 0x64, 0xDF,
+        0xA9, 0x95, 0x0B, 0x53, 0xF2, 0xA7, 0x25, 0x7B,
+        0x8C, 0xAD, 0x25, 0x9A, 0x35, 0xBF, 0x15, 0x46,
+        0x69, 0x4A, 0x83, 0x8C, 0x80, 0xFC, 0x37, 0xD0,
+        0xC3, 0x6F, 0x00, 0xE2, 0x3C, 0x63, 0xAB, 0xC5,
+        0x53, 0xC1, 0x8D, 0x4A, 0x40, 0x4B, 0xE6, 0xDC,
+        0x05, 0xB1, 0x20, 0x23, 0x8B, 0xB8, 0xDF, 0x40,
+        0x86, 0x97, 0xB9, 0x5E, 0xA4, 0xB7, 0xA1, 0x37,
+        0xE0, 0x4B, 0x9E, 0xD9, 0x84, 0x2B, 0x2D, 0xAD,
+        0xD1, 0xB1, 0x52, 0x15, 0x00, 0x9B, 0xDD, 0x23,
+        0xA9, 0x27, 0x44, 0x21, 0x33, 0x17, 0x1C, 0x61,
+        0x49, 0x84, 0x0D, 0x6A, 0x11, 0x7C, 0x77, 0xA5,
+        0xD6, 0x8E, 0xE6, 0x1D, 0x6E, 0x90, 0x04, 0x4A,
+        0xD3, 0x54, 0x3A, 0xA7, 0x1A, 0x28, 0xC5, 0x94,
+        0x01, 0xCA, 0xDB, 0x1B, 0x5D, 0x78, 0xC5, 0xC6,
+        0x69, 0x0D, 0x69, 0x88, 0x75, 0x00, 0x02, 0x0B,
+        0x59, 0x6C, 0x3E, 0xC5, 0x30, 0xDF, 0xEE, 0x85,
+        0x43, 0xA2, 0x9A, 0xF9, 0xDD, 0x85, 0x6E, 0xB3,
+        0x0D, 0x83, 0x6A, 0x13, 0x88, 0xD0, 0x12, 0x15,
+        0x53, 0x16, 0xFC, 0x5C, 0x15, 0x47, 0xEC, 0x6D,
+        0x4D, 0x18, 0x2D, 0x88, 0xDB, 0xD2, 0x17, 0x6C,
+        0xDE, 0x64, 0xEC, 0x70, 0x8D, 0x19, 0xDC, 0x66,
+        0x69, 0x7F, 0xCF, 0x61, 0x6E, 0x4F, 0x23, 0x86,
+        0xF5, 0x1A, 0x98, 0x47, 0x4B, 0xCC, 0xE9, 0x2F,
+        0x12, 0x28, 0x12, 0xB9, 0xEB, 0xD8, 0x32, 0xDC,
+        0xE4, 0xD8, 0x63, 0xAC, 0x56, 0x08, 0x2F, 0xEC,
+        0x5E, 0x47, 0x29, 0xFF, 0x76, 0xFE, 0x95, 0x60,
+        0xD2, 0x19, 0x61, 0x0E, 0xAF, 0xFC, 0x44, 0x42,
+        0x11, 0x42, 0x79, 0xBC, 0x06, 0x3A, 0xAD, 0x93,
+        0x7E, 0x46, 0x60, 0x03, 0xB0, 0xF5, 0x9F, 0x57,
+        0x28, 0x48, 0x44, 0x8F, 0x0E, 0xFA, 0x72, 0x8C,
+        0xE4, 0x18, 0xF4, 0x99, 0x6B, 0xB1, 0x23, 0x45,
+        0xDC, 0x13, 0xA2, 0xF6, 0x5F, 0x57, 0x35, 0xA2,
+        0xD7, 0x38, 0xF9, 0xE9, 0x8A, 0x7A, 0x79, 0xC6,
+        0xB2, 0xCD, 0xBF, 0xD3, 0x41, 0x21, 0x56, 0xB3,
+        0x39, 0xD9, 0x14, 0x3B, 0xDD, 0x85, 0xCB, 0x78,
+        0x2F, 0xEB, 0x7E, 0x29, 0xBC, 0x52, 0x24, 0xE7,
+        0x1B, 0x85, 0xB1, 0x65, 0xAE, 0xAB, 0x65, 0xF9,
+        0x54, 0xD2, 0x1F, 0x37, 0x29, 0x52, 0x30, 0x5B,
+        0x3D, 0x5F, 0x48, 0x84, 0x3F, 0x51, 0x27, 0x88,
+        0x9D, 0xA7, 0x94, 0xF0, 0x73, 0xCD, 0x98, 0xD2,
+        0x05, 0xE8, 0x25, 0x71, 0x7C, 0x93, 0x13, 0x82,
+        0x5D, 0x53, 0x8D, 0x05, 0x0E, 0x69, 0x20, 0xC4,
+        0xDB, 0xF2, 0xF6, 0x55, 0x24, 0x29, 0xD0, 0x41,
+        0xF6, 0x2D, 0xF8, 0xC1, 0x2E, 0xC2, 0x4D, 0xE1,
+        0xD7, 0x2D, 0xA0, 0x49, 0x16, 0x0B, 0x4D, 0x34,
+        0xB5, 0x6D, 0xAE, 0x10, 0x93, 0x1E, 0xB6, 0x95,
+        0x69, 0xC2, 0xB3, 0xC0, 0xAF, 0x6F, 0xFF, 0xA5,
+        0x32, 0x3C, 0x7D, 0xC9, 0xC7, 0xC8, 0xEF, 0x0C,
+        0x64, 0x20, 0x23, 0xC4, 0xFE, 0x89, 0x87, 0x8E,
+        0xB3, 0xA6, 0xC5, 0x24, 0xCF, 0x03, 0x7E, 0x74,
+        0xF7, 0xBF, 0x89, 0x1E, 0xCF, 0xB1, 0x02, 0xFA,
+        0xF2, 0x9F, 0xD3, 0x9D, 0x99, 0x00, 0xDA, 0x7A,
+        0x92, 0x7D, 0x13, 0x11, 0x92, 0xAD, 0x55, 0xF2,
+        0xE1, 0x82, 0x72, 0xB1, 0x6A, 0xF1, 0x45, 0x05,
+        0xDA, 0x17, 0xC9, 0xA1, 0x42, 0x82, 0x89, 0x77,
+        0x31, 0xB6, 0x72, 0x54, 0x7C, 0x68, 0x10, 0x25,
+        0x57, 0x30, 0x16, 0x15, 0x08, 0x58, 0x8B, 0xC1,
+        0x61, 0xCB, 0xA0, 0x58, 0x29, 0x33, 0xB1, 0x64,
+        0xF4, 0x4F, 0x06, 0xAA, 0x25, 0x31, 0xAA, 0xA8,
+        0x92, 0x1C, 0x69, 0x1E, 0x6E, 0xB6, 0xBE, 0x81,
+        0xDA, 0x9B, 0xE5, 0x1C, 0x56, 0x39, 0x55, 0xE0,
+        0xC1, 0xEF, 0xD3, 0xED, 0x2A, 0x1C, 0x94, 0x9B,
+        0xD4, 0xE0, 0x0B, 0x3A, 0xE9, 0xEB, 0xC1, 0x3C,
+        0x4C, 0x6C, 0x4E, 0x5E, 0x39, 0x4C, 0xB0, 0x34,
+        0xB9, 0xCB, 0x75, 0xBE, 0xCE, 0x86, 0x44, 0xFF,
+        0x89, 0xEF, 0x95, 0xE7, 0x6E, 0xF7, 0x15, 0xE1,
+        0x7A, 0xA2, 0x6B, 0x1F, 0xEB, 0x77, 0x4C, 0x50,
+        0x59, 0xB3, 0xA3, 0x9A, 0x38, 0xDF, 0xD0, 0x57,
+        0xD6, 0x41, 0xE4, 0x3F, 0xFE, 0x0F, 0x3E, 0x40,
+        0xFF, 0xF6, 0xB2, 0x36, 0x3C, 0x1B, 0xF0, 0xEF,
+        0x07, 0x87, 0x3D, 0x09, 0xA4, 0x87, 0x76, 0x9D,
+        0x0A, 0x73, 0xCD, 0x0C, 0xC6, 0x44, 0xF5, 0x3C,
+        0x25, 0xD2, 0x02, 0x5E, 0xE7, 0x1C, 0x69, 0xB7,
+        0xAC, 0x0F, 0xA6, 0x61, 0x15, 0x57, 0xC4, 0x27,
+        0xC0, 0x69, 0xDF, 0x2E, 0x1B, 0xF6, 0x29, 0xD9,
+        0xA0, 0xCB, 0x5C, 0x67, 0xC7, 0xEA, 0x4F, 0xA6,
+        0x58, 0xC7, 0x8D, 0x00, 0x42, 0xB0, 0x59, 0xE6,
+        0xB6, 0x58, 0xFF, 0xCE, 0x60, 0x16, 0x69, 0x67,
+        0xDB, 0x94, 0xF7, 0x16, 0xEB, 0x4D, 0x04, 0xB3,
+        0xD2, 0x45, 0x0F, 0x40, 0x03, 0x1F, 0x10, 0xAC,
+        0xDD, 0x07, 0x77, 0x7F, 0xBE, 0x9F, 0xBB, 0xB7,
+        0x7F, 0xCB, 0x7C, 0x1F, 0xA9, 0xFC, 0x1E, 0xAF,
+        0x0C, 0x5F, 0x86, 0xD7, 0x96, 0x2D, 0xAE, 0xD0,
+        0x47, 0x4B, 0xA0, 0xFE, 0x68, 0xD9, 0xB2, 0x32,
+        0x77, 0xA9, 0xCA, 0x7F, 0xC6, 0x76, 0xC6, 0x61,
+        0x6B, 0x8E, 0x43, 0x9A, 0x1D, 0x4B, 0xFF, 0x72,
+        0x43, 0x78, 0x19, 0xB5, 0x51, 0x87, 0x56, 0xA7,
+        0x87, 0x3E, 0xF5, 0x84, 0x01, 0x26, 0x46, 0xC3,
+        0x65, 0x9A, 0x6B, 0xA8, 0x6E, 0x62, 0x27, 0x26,
+        0x14, 0xD8, 0x5E, 0xEC, 0xD5, 0x35, 0x0E, 0x3C,
+        0xD0, 0xA1, 0x25, 0xAE, 0x9C, 0x17, 0xCC, 0xE2,
+        0x52, 0x39, 0xE1, 0xEE, 0x9C, 0xDB, 0x39, 0xCA,
+        0x7B, 0x18, 0xCF, 0x2C, 0x88, 0xCF, 0x14, 0x68,
+        0x26, 0xB6, 0xCC, 0x1E, 0x6A, 0xA8, 0xE1, 0x69,
+        0x2C, 0x91, 0x5F, 0x3B, 0xF1, 0xC1, 0xDB, 0x34,
+        0xC6, 0xF3, 0x78, 0x83, 0xCB, 0x4E, 0xDC, 0xE0,
+        0xF7, 0xC9, 0x95, 0xB6, 0x9E, 0x3A, 0xCE, 0x30,
+        0xDC, 0x16, 0x6F, 0x78, 0x4C, 0x93, 0xD6, 0xCB,
+        0xBC, 0xAC, 0x3C, 0x79, 0xBC, 0x31, 0x93, 0x10,
+        0xCE, 0x6E, 0x66, 0x57, 0x00, 0xF1, 0x7F, 0x96,
+        0x2F, 0x18, 0xB2, 0x40, 0x73, 0x9D, 0x15, 0x69,
+        0x0B, 0x1B, 0x6C, 0x85, 0xD1, 0xAA, 0xA3, 0x2D,
+        0x4A, 0x79, 0x74, 0x4A, 0xE5, 0x0C, 0xF9, 0xA9,
+        0x0A, 0x09, 0x54, 0xB4, 0xA4, 0xD9, 0x4C, 0x49,
+        0x9B, 0x41, 0x23, 0xEF, 0xC0, 0x20, 0x44, 0x31,
+        0xF7, 0x22, 0x85, 0xB5, 0xDA, 0x9E, 0x19, 0x22,
+        0x23, 0x0A, 0x30, 0x4D, 0x3A, 0x1B, 0xD8, 0x52,
+        0x08, 0x72, 0x61, 0xB7, 0xCF, 0x0D, 0x8B, 0x90,
+        0xD1, 0x46, 0x23, 0xEB, 0xCD, 0xC6, 0x38, 0x7B,
+        0xC6, 0xAF, 0x65, 0xBE, 0x5F, 0x01, 0x1B, 0x6B,
+        0xC1, 0x23, 0xC1, 0x30, 0x6A, 0x1E, 0x8F, 0xBF,
+        0x2D, 0xF0, 0xB6, 0xF8, 0x9B, 0x0A, 0xE0, 0x5D,
+        0xE0, 0xE4, 0xB7, 0xF5, 0x0A, 0xDA, 0x46, 0xE5,
+        0x3A, 0x9B, 0x6B, 0xCA, 0xDA, 0x06, 0x43, 0xBE,
+        0x6B, 0xFD, 0xC2, 0xB0, 0x6A, 0x6C, 0x75, 0x88,
+        0x3C, 0x2D, 0xC6, 0x13, 0xAC, 0x72, 0x16, 0x31,
+        0x7A, 0x40, 0xC4, 0xA2, 0xC0, 0x86, 0x69, 0x83,
+        0xD3, 0x2C, 0x9C, 0xE0, 0xA6, 0xCC, 0xED, 0xF4,
+        0x03, 0x62, 0x6B, 0xB2, 0x3B, 0x5B, 0x9D, 0xA5,
+        0x86, 0x77, 0x7C, 0x73, 0x5E, 0x19, 0x11, 0xD7,
+        0x7B, 0x11, 0x96, 0xC8, 0xFA, 0x47, 0x21, 0xD6,
+        0xB0, 0xFE, 0x0B, 0x08, 0x11, 0xFC, 0x00, 0xB9,
+        0xA1, 0x24, 0x2C, 0xBD, 0x4A, 0x92, 0x43, 0x10,
+        0x08, 0xBE, 0xE9, 0xE1, 0x5D, 0x19, 0x82, 0xDE,
+        0x34, 0xAE, 0xDC, 0xA6, 0x85, 0x8F, 0x19, 0x30,
+        0x20, 0xB6, 0x44, 0x7F, 0x6B, 0xA6, 0x63, 0x70,
+        0x59, 0xDA, 0x8D, 0xE0, 0xF8, 0x46, 0x86, 0x57,
+        0xB8, 0x1C, 0x57, 0x13, 0x78, 0x41, 0x8C, 0xF5,
+        0x7D, 0x77, 0xAE, 0x75, 0x6C, 0x59, 0x93, 0x2E,
+        0x05, 0x25, 0x03, 0xD1, 0xEA, 0xFB, 0x2D, 0x60,
+        0xD2, 0x61, 0x23, 0xEA, 0x0E, 0xFF, 0x55, 0xE3,
+        0x24, 0x49, 0x00, 0x19, 0xBD, 0x1E, 0x56, 0x24,
+        0x87, 0x2F, 0x7B, 0x98, 0x07, 0x36, 0xD2, 0x7C,
+        0xC5, 0x9B, 0xE0, 0x4E, 0x29, 0xAB, 0xA1, 0xB8,
+        0x35, 0x15, 0x31, 0xCE, 0x65, 0x14, 0x24, 0xF8,
+        0x10, 0xB5, 0xAB, 0x3E, 0xD5, 0x58, 0xCA, 0xE5,
+        0x73, 0x2D, 0x7C, 0x8B, 0xB4, 0x62, 0x75, 0x03,
+        0x30, 0x89, 0xFE, 0x32, 0xF8, 0x65, 0x99, 0xD0,
+        0x88, 0xD5, 0x72, 0x88, 0x03, 0xC9, 0x51, 0x03,
+        0xBA, 0x2F, 0xFB, 0x7C, 0x39, 0x02, 0x05, 0xC4,
+        0xCE, 0xD8, 0xB3, 0xC2, 0x7B, 0x29, 0x8E, 0xA7,
+        0x9D, 0x35, 0x97, 0xB7, 0x17, 0xDE, 0x28, 0x0B,
+        0x32, 0xE5, 0x41, 0xDA, 0x1D, 0x98, 0xBD, 0x27,
+        0xEF, 0xF7, 0xB4, 0x43, 0x09, 0x13, 0x39, 0xC7,
+        0x40, 0x16, 0x11, 0x20, 0x71, 0xCB, 0xB6, 0xC9,
+        0xB0, 0x8F, 0x20, 0xC1, 0xF0, 0x40, 0xFB, 0x6E,
+        0x73, 0x04, 0x8F, 0x73, 0xCA, 0x45, 0xDB, 0xE0,
+        0xF9, 0x25, 0x8D, 0x32, 0xF2, 0x3E, 0x36, 0xBE,
+        0xF7, 0x88, 0xF8, 0x13, 0x4D, 0x9B, 0x10, 0xC2,
+        0x58, 0x0B, 0x20, 0xF8, 0x78, 0xB6, 0x4C, 0x7D,
+        0x2A, 0xA6, 0x81, 0x40, 0xD1, 0x30, 0x50, 0x38,
+        0x2A, 0x5F, 0xBC, 0x81, 0x8E, 0x0F, 0xD4, 0xD0,
+        0x87, 0x99, 0x78, 0x3D, 0xBE, 0x25, 0x15, 0xF4,
+        0x45, 0x61, 0xA3, 0x1A, 0x7D, 0x05, 0x3F, 0xB5,
+        0xA6, 0x1C, 0x41, 0xC6, 0x0E, 0xBE, 0x57, 0x6F,
+        0xC5, 0xB6, 0x38, 0x63, 0x90, 0x55, 0x23, 0xFC,
+        0x26, 0x9E, 0xFD, 0xB8, 0x6C, 0xF2, 0x99, 0x6B,
+        0x6D, 0x90, 0xFE, 0x28, 0xA0, 0x16, 0xEE, 0x63,
+        0xC2, 0x4C, 0xD6, 0xB2, 0x0C, 0xFA, 0x6E, 0x85,
+        0x51, 0xE4, 0x2F, 0x57, 0x91, 0x82, 0x84, 0x43,
+        0x8A, 0x44, 0x31, 0x6C, 0x68, 0x02, 0x01, 0x7C,
+        0xCE, 0x4D, 0xC0, 0x7C, 0x43, 0xA9, 0x54, 0xF5,
+        0x0E, 0xCA, 0xE6, 0x15, 0x98, 0xAE, 0x41, 0x57,
+        0x0A, 0x66, 0xBA, 0x6D, 0x6E, 0x68, 0xB9, 0x2E,
+        0x0D, 0x42, 0xD2, 0xF5, 0x0B, 0xFC, 0x2D, 0xA8,
+        0x61, 0x6E, 0x60, 0x4E, 0x51, 0x78, 0xEB, 0x0C,
+        0x52, 0x9E, 0xC0, 0x4A, 0xB0, 0x92, 0x85, 0x5C,
+        0x3A, 0x3D, 0x69, 0x95, 0xAB, 0x62, 0xEB, 0x2F,
+        0x9B, 0x12, 0xF5, 0x2E, 0xB5, 0xA6, 0x93, 0xCE,
+        0x14, 0x97, 0xA7, 0x1E, 0x0A, 0x7B, 0x94, 0x74,
+        0xFB, 0x65, 0xD0, 0x5A, 0x97, 0x55, 0x40, 0x02,
+        0x71, 0x87, 0x9C, 0x9F, 0xCB, 0x41, 0x3F, 0x08,
+        0x8D, 0x6A, 0xCA, 0xE6, 0xEC, 0xE6, 0x71, 0x22,
+        0xF8, 0x58, 0x9F, 0xF1, 0x94, 0xF6, 0xE4, 0xD6,
+        0xDC, 0x35, 0xD7, 0xEB, 0x6B, 0x78, 0x99, 0x66,
+        0xF9, 0xE2, 0x15, 0x27, 0xC9, 0x8C, 0x27, 0xB4,
+        0x89, 0x3C, 0x15, 0xEE, 0x52, 0x71, 0xA9, 0xD2,
+        0x50, 0x3C, 0xD2, 0x31, 0xBB, 0x3A, 0xE5, 0x87,
+        0xAF, 0x65, 0x2B, 0xF2, 0xF5, 0xC9, 0x44, 0xA2,
+        0x59, 0x1C, 0x57, 0x96, 0xB9, 0xC2, 0x5E, 0xCB,
+        0x8A, 0x5B, 0x2B, 0x7A, 0x7E, 0x93, 0x3C, 0x08,
+        0x27, 0xCD, 0xB4, 0xB0, 0x1B, 0xF3, 0x82, 0x50,
+        0x78, 0xCF, 0xEA, 0x28, 0x57, 0xB1, 0x0F, 0xB4,
+        0xB6, 0x93, 0x82, 0x8E, 0x7A, 0xD1, 0x9F, 0x04,
+        0xEC, 0xEE, 0x24, 0x3D, 0x8A, 0x5E, 0x56, 0x99,
+        0x8D, 0x83, 0xA4, 0x05, 0x7D, 0xFB, 0x36, 0xDB,
+        0xAB, 0xD1, 0x67, 0x59, 0xC7, 0x4A, 0xB9, 0xAF,
+        0x99, 0xB6, 0xD8, 0xD4, 0x2C, 0xCA, 0x8C, 0xCC,
+        0xD2, 0x32, 0xAB, 0x51, 0xCE, 0x2D, 0x22, 0xE0,
+        0x29, 0xB1, 0x73, 0x10, 0x60, 0xA8, 0x6B, 0x8F,
+        0x68, 0xAF, 0x58, 0x06, 0x9D, 0x72, 0x36, 0x98,
+        0x3F, 0xF3, 0x6B, 0xAD, 0x3E, 0x7F, 0x4A, 0x00,
+        0x94, 0x04, 0xAE, 0xE9, 0x8A, 0x9E, 0x8A, 0x03,
+        0xD8, 0x04, 0xCC, 0xFE, 0xE3, 0xF8, 0xA2, 0x04,
+        0x64, 0x17, 0x54, 0x77, 0xCA, 0x20, 0xD0, 0x80,
+        0x1B, 0x36, 0xEF, 0x59, 0x31, 0xFA, 0xE4, 0xF5,
+        0xAF, 0x56, 0x09, 0x02, 0xAD, 0xCF, 0xA6, 0xBC,
+        0x26, 0x23, 0x27, 0x6D, 0xF3, 0x52, 0xCE, 0x2F,
+        0x4C, 0x9C, 0xA8, 0x23, 0x75, 0xFA, 0x56, 0x9E,
+        0x07, 0x5B, 0xB9, 0x30, 0x5A, 0xB1, 0x27, 0xFF,
+        0x72, 0xBF, 0x50, 0xB1, 0x27, 0xEF, 0xA1, 0x0C,
+        0x3A, 0xC9, 0x72, 0x21, 0xBE, 0xD8, 0xDC, 0xD5,
+        0x66, 0x4A, 0x0A, 0x58, 0xFA, 0x57, 0xB4, 0x00,
+        0x07, 0x31, 0xF2, 0x4E, 0xDC, 0xE0, 0x86, 0x99,
+        0x45, 0xE5, 0x45, 0xCF, 0x27, 0x35, 0x79, 0x57,
+        0xF5, 0xA2, 0x7A, 0x29, 0xFA, 0x5E, 0xCF, 0xF9,
+        0xA9, 0x96, 0x11, 0xE1, 0x4A, 0x6C, 0xE5, 0xB8,
+        0x8E, 0x78, 0xE6, 0xA1, 0x46, 0x97, 0xAE, 0xB4,
+        0xF3, 0x6D, 0x7F, 0x8E, 0xD1, 0x86, 0x6B, 0x78,
+        0x2B, 0x55, 0xC5, 0xDF, 0x0F, 0x43, 0x78, 0xED,
+        0xD2, 0x38, 0xE5, 0x8B, 0x94, 0x7A, 0x06, 0xC5,
+        0x73, 0x17, 0x55, 0x93, 0xAD, 0xA5, 0xAC, 0xBA,
+        0x81, 0x8A, 0x6D, 0x73, 0x4B, 0xA1, 0x32, 0x8F,
+        0x21, 0xA6, 0x5B, 0x51, 0x31, 0x58, 0xD0, 0xE4,
+        0x0B, 0x93, 0x46, 0xF2, 0x51, 0x30, 0x3E, 0x60,
+        0xE1, 0xCB, 0x30, 0x04, 0x15, 0x8D, 0x1E, 0x87,
+        0xA6, 0xF6, 0x38, 0xE0, 0x27, 0x84, 0x81, 0x18,
+        0x2B, 0x37, 0xBB, 0xD3, 0xDB, 0xE7, 0x91, 0xA3,
+        0x1B, 0x6B, 0x20, 0xCB, 0x2C, 0x52, 0xB1, 0xB9,
+        0x6A, 0x94, 0xF8, 0xCD, 0xBA, 0x5D, 0xC7, 0xDD,
+        0x79, 0x36, 0x38, 0xC2, 0xFC, 0xEC, 0x4F, 0x2B,
+        0x5F, 0x73, 0x44, 0x03, 0xE9, 0xA9, 0xF5, 0xD9,
+        0x99, 0xEA, 0x61, 0xDC, 0x6A, 0x98, 0xBE, 0xDE,
+        0xB9, 0x34, 0xCC, 0x76, 0xB0, 0xE1, 0x8C, 0x70,
+        0x3A, 0xA5, 0x7C, 0xD1, 0xC0, 0x2A, 0x8E, 0x7D,
+        0x47, 0x8A, 0x63, 0xEA, 0x30, 0x6B, 0xEE, 0x36,
+        0x0B, 0xA8, 0xAE, 0x46, 0xCD, 0x01, 0x83, 0xF6,
+        0x07, 0xF9, 0xED, 0x8B, 0x69, 0x97, 0xB6, 0xC3,
+        0x5D, 0x75, 0x6E, 0xD8, 0xDF, 0x01, 0x82, 0x48,
+        0x31, 0x2F, 0xDE, 0xED, 0x8E, 0xC5, 0xD8, 0xA6,
+        0xC0, 0x36, 0x0E, 0x66, 0xA4, 0xE9, 0xE5, 0xA9,
+        0x7D, 0x5C, 0xD2, 0x43, 0x72, 0xC0, 0xAD, 0x26,
+        0x78, 0xF2, 0xB0, 0x08, 0x12, 0xAE, 0x6C, 0x1A,
+        0x0F, 0x53, 0x30, 0xB3, 0xAB, 0x01, 0x53, 0xDA,
+        0x3C, 0x5F, 0x4C, 0x17, 0xBD, 0x2F, 0xB6, 0x0E,
+        0x7E, 0x80, 0x87, 0x4C, 0x1B, 0x92, 0x9B, 0x62,
+        0xE3, 0x89, 0xEE, 0xE2, 0xA0, 0x14, 0x06, 0x0D,
+        0x4D, 0xCC, 0x96, 0x5A, 0xF8, 0x64, 0x2A, 0x05,
+        0xA9, 0xEE, 0xD5, 0x0D, 0x23, 0x90, 0xB0, 0x67,
+        0xD5, 0x51, 0x1D, 0x18, 0xBC, 0xBA, 0xE6, 0xA5,
+        0xAD, 0x29, 0x18, 0xD5, 0x06, 0xFC, 0xC9, 0x12,
+        0x6D, 0x70, 0xA8, 0x6E, 0x96, 0x8B, 0x5F, 0x9C,
+        0x99, 0x43, 0x07, 0x02, 0x37, 0x48, 0x8C, 0xFB,
+        0x5F, 0xF5, 0xDE, 0x69, 0x26, 0x73, 0x7D, 0xF6,
+        0x3A, 0x2C, 0xE5, 0x58, 0x01, 0xC3, 0x48, 0xB0,
+        0xF0, 0x0D, 0x56, 0xAF, 0x8C, 0x0F, 0x5C, 0xB3,
+        0xBA, 0x44, 0x8C, 0x39, 0xB0, 0x20, 0xD2, 0x93,
+        0x81, 0x19, 0x99, 0x4E, 0xAC, 0xB9, 0x1F, 0xC3,
+        0x1F, 0x34, 0x7D, 0xF3, 0x3E, 0x1A, 0xE1, 0x26,
+        0x7C, 0xB7, 0x22, 0x0A, 0xDC, 0x0D, 0x14, 0xF8,
+        0x43, 0x8A, 0x23, 0x46, 0x37, 0x9C, 0x2A, 0xB8,
+        0x1F, 0x24, 0x72, 0xE2, 0xEA, 0xC4, 0x67, 0x13,
+        0x17, 0x33, 0xBD, 0xA0, 0x07, 0xA0, 0x3E, 0xDE,
+        0x8B, 0xC4, 0xD6, 0xDB, 0xD9, 0xF1, 0xB8, 0xF4,
+        0xFB, 0x83, 0x13, 0x14, 0xCD, 0x36, 0xF6, 0xDC,
+        0xD5, 0x85, 0x93, 0x7C, 0xF9, 0x6C, 0xEA, 0x52,
+        0x92, 0xFB, 0xFC, 0x95, 0x02, 0x10, 0x7B, 0x57,
+        0x9F, 0xF0, 0x7C, 0x2E, 0x79, 0x00, 0x3D, 0xB2,
+        0xA1, 0x6C, 0x4E, 0xD4, 0x17, 0xFA, 0x0F, 0x13,
+        0xC8, 0xBF, 0xB1, 0x82, 0xF7, 0xDD, 0xCF, 0x08,
+        0xF2, 0x50, 0xDB, 0x16, 0xA4, 0x5A, 0x60, 0x4A,
+        0x57, 0x2B, 0x0E, 0xDC, 0x4A, 0xBF, 0x9C, 0x86,
+        0x08, 0x8A, 0x5A, 0xC8, 0x74, 0xDD, 0xA2, 0x6E,
+        0x12, 0xA0, 0xEF, 0x63, 0x5A, 0xD2, 0x82, 0xAD,
+        0xCD, 0xC7, 0xED, 0x16, 0x86, 0x45, 0x3D, 0xFB,
+        0x35, 0xC3, 0xB1, 0xBA, 0x68, 0x21, 0xB4, 0xB7,
+        0x22, 0x0B, 0x55, 0x79, 0x8B, 0x9C, 0xCF, 0xE0,
+        0x66, 0x61, 0x5C, 0xE2, 0x55, 0x96, 0x0D, 0x09,
+        0xE6, 0x77, 0xFE, 0xFE, 0x76, 0xBE, 0x91, 0x5E,
+        0x04, 0xE5, 0x65, 0x44, 0xBD, 0x09, 0xD0, 0x6F,
+        0x83, 0x44, 0xF9, 0x68, 0xDC, 0x68, 0x25, 0xCB,
+        0xC6, 0x64, 0xD5, 0x18, 0xA4, 0x41, 0xE1, 0x9B,
+        0x07, 0x6F, 0xC3, 0x38, 0x91, 0x37, 0xFC, 0x1B,
+        0x73, 0x32, 0xE2, 0xB0, 0x68, 0x95, 0x44, 0x3B,
+        0x7A, 0x00, 0x23, 0x36, 0x31, 0x15, 0x79, 0xA9,
+        0xB0, 0x8F, 0x36, 0x73, 0xDA, 0x05, 0x90, 0xE6,
+        0x96, 0xCE, 0xD9, 0x01, 0x44, 0x4A, 0x70, 0xA6,
+        0x7B, 0x2A, 0x7D, 0x55, 0x12, 0xD6, 0x5B, 0xFC,
+        0xD7, 0xAF, 0x1E, 0x34, 0x27, 0x77, 0x69, 0xE1,
+        0x71, 0x08, 0x83, 0x01, 0xDE, 0x78, 0x46, 0xF0,
+        0x88, 0xF4, 0x87, 0xC4, 0x92, 0x1B, 0xEB, 0x98,
+        0x35, 0x4B, 0xAE, 0x9A, 0xF6, 0xEA, 0xB2, 0x34,
+        0x91, 0x14, 0xEB, 0x21, 0xF6, 0x18, 0xDB, 0x1D,
+        0x92, 0x6C, 0x1D, 0x2F, 0xE3, 0xA5, 0xF2, 0x29,
+        0xC5, 0x73, 0x40, 0xC4, 0x0A, 0xEC, 0x11, 0xC2,
+        0xD0, 0x14, 0x4D, 0x03, 0x94, 0xFC, 0x4D, 0x8E,
+        0x38, 0x66, 0xA7, 0xD0, 0xA1, 0x0B, 0x64, 0xC8,
+        0xB9, 0x92, 0xB0, 0xA4, 0xDD, 0xBC, 0xAD, 0x82,
+        0x4E, 0x43, 0x97, 0x43, 0x78, 0xEA, 0x9A, 0x38,
+        0xE5, 0x8C, 0x2C, 0x5A, 0xE1, 0x94, 0xAF, 0x43,
+        0x10, 0xFB, 0xEC, 0x90, 0x28, 0x41, 0x6C, 0x5C,
+        0xB7, 0xB8, 0xAF, 0xA5, 0x24, 0xF7, 0x4F, 0xFD,
+        0x6F, 0x2E, 0x98, 0x44, 0x3F, 0x5E, 0x89, 0x24,
+        0xF6, 0xCF, 0x11, 0x0E, 0x67, 0x1B, 0x81, 0x68,
+        0x37, 0xD5, 0x9B, 0x2D, 0xB9, 0x1C, 0xB1, 0xE6,
+        0x87, 0xD6, 0xA2, 0x02, 0x0F, 0x91, 0x08, 0xF6,
+        0x9B, 0x94, 0x76, 0x62, 0xFD, 0xE7, 0x18, 0xAC,
+        0x28, 0xA6, 0xAC, 0xDA, 0x27, 0xF4, 0x33, 0x59,
+        0xBB, 0xBE, 0x36, 0x2C, 0xEE, 0xEA, 0x91, 0xE6,
+        0x91, 0x95, 0x2C, 0x58, 0x0A, 0xB2, 0xCA, 0xA3,
+        0xAA, 0x39, 0x03, 0x9A, 0x75, 0x3C, 0x27, 0x6E,
+        0x02, 0x89, 0x17, 0x4B, 0x02, 0x42, 0x7C, 0xB4,
+        0x2E, 0xAD, 0xB4, 0xD9, 0x35, 0xB2, 0x30, 0x9E,
+        0x2F, 0xEC, 0x9F, 0x25, 0x56, 0x1A, 0x35, 0x40,
+        0xF1, 0xAF, 0x1D, 0xA4, 0xA8, 0x62, 0x07, 0x70,
+        0x98, 0x6C, 0xDE, 0x1E, 0x89, 0xC1, 0xD3, 0x30,
+        0xBB, 0x82, 0x72, 0x40, 0xF2, 0xBC, 0x53, 0xC7,
+        0xDE, 0xAB, 0xFC, 0x7D, 0xAD, 0xBF, 0xDA, 0xE0,
+        0xA7, 0xA1, 0x0C, 0xD6, 0x73, 0x37, 0x36, 0xA1,
+        0xEE, 0xA6, 0x96, 0x88, 0x79, 0x0E, 0x4A, 0x2C,
+        0x69, 0x4C, 0xE5, 0x30, 0xFB, 0xDD, 0xE1, 0xFE,
+        0x86, 0x90, 0xDC, 0xDF, 0x03, 0xF5, 0x17, 0x2F,
+        0xF4, 0x58, 0x2D, 0xD3, 0xED, 0x3D, 0x7D, 0xA0,
+        0xB3, 0x6E, 0x1E, 0xD3, 0xBB, 0xD9, 0x57, 0xBA,
+        0x8B, 0x00, 0x72, 0xC4, 0xEE, 0xCF, 0x39, 0xD5,
+        0x74, 0xFA, 0x13, 0xF0, 0xD7, 0xE9, 0x10, 0x0C,
+        0x7A, 0x52, 0x62, 0xD0, 0xC9, 0xD5, 0x2D, 0xDC,
+        0x11, 0xD4, 0xFF, 0x34, 0xB2, 0x55, 0xF9, 0x99,
+        0x81, 0xB4, 0xC9, 0x14, 0x02, 0x91, 0x81, 0x56,
+        0x29, 0xF6, 0xA9, 0x1A, 0x19, 0x8E, 0x74, 0xB3,
+        0xA3, 0xD1, 0x28, 0xB5, 0x72, 0xD8, 0x6F, 0x54,
+        0x15, 0x74, 0x55, 0x70, 0x26, 0x62, 0xCB, 0x1D,
+        0x15, 0x2C, 0x7F, 0x4C, 0x9C, 0xB4, 0xDE, 0xA2,
+        0x07, 0xD5, 0xA9, 0x38, 0x29, 0x42, 0x51, 0x67,
+        0x44, 0x26, 0x97, 0x7E, 0x73, 0x0E, 0xC6, 0x01,
+        0x00, 0x65, 0xC8, 0xE0, 0x34, 0x88, 0x2B, 0xD3,
+        0x2F, 0xD3, 0x5C, 0x6A, 0xF6, 0xB8, 0xD9, 0x3A,
+        0x50, 0x9C, 0xC3, 0x39, 0xD9, 0x6F, 0xB9, 0xDD,
+        0x55, 0x8A, 0xF9, 0x52, 0x35, 0xFB, 0xF1, 0x71,
+        0x97, 0x76, 0x04, 0x75, 0xEE, 0x2E, 0x3F, 0xCA,
+        0x0E, 0x83, 0xA8, 0xE3, 0x1F, 0xA7, 0xF1, 0x3D,
+        0x78, 0xCC, 0x79, 0x64, 0x80, 0x5E, 0x77, 0x05,
+        0xDB, 0xB7, 0x0F, 0x73, 0x53, 0x3A, 0x56, 0xD8,
+        0xB7, 0x7C, 0x12, 0xE8, 0xF6, 0x51, 0x07, 0xC9,
+        0x01, 0x43, 0x97, 0x51, 0x75, 0x95, 0x94, 0x65,
+        0xFD, 0x4D, 0x8C, 0x8C, 0xD3, 0xA8, 0xEE, 0xA9,
+        0x5E, 0xFB, 0xC7, 0xF6, 0xF8, 0x40, 0x0E, 0xA5,
+        0xD5, 0x1E, 0x79, 0xB4, 0x0C, 0xEF, 0x8B, 0x04,
+        0x59, 0x4D, 0x0C, 0x6F, 0x08, 0xD5, 0x00, 0xA2,
+        0xAD, 0x08, 0xB4, 0x62, 0xE0, 0x2C, 0xF6, 0x30,
+        0x31, 0x1E, 0xD7, 0x81, 0x56, 0x61, 0x17, 0x0D,
+        0xB3, 0x9F, 0x27, 0x75, 0x38, 0x42, 0x6E, 0xB2,
+        0xB0, 0x6C, 0xB8, 0xC9, 0xD8, 0x20, 0xC8, 0x36,
+        0x7D, 0x1D, 0x57, 0x10, 0x4E, 0xC1, 0x45, 0xFC,
+        0x93, 0xB1, 0xF7, 0x7B, 0xA1, 0x3B, 0x71, 0x12,
+        0x16, 0xE5, 0x8F, 0xD0, 0x0C, 0x7D, 0xC0, 0x05,
+        0x18, 0x02, 0x24, 0x25, 0x28, 0x8A, 0xE1, 0x29,
+        0x9A, 0x79, 0xBD, 0xC7, 0x73, 0x2D, 0xF3, 0x42,
+        0x70, 0x33, 0xF3, 0xF8, 0x48, 0x87, 0xB4, 0xD4,
+        0x91, 0xE1, 0x53, 0xBA, 0x4A, 0x63, 0xAF, 0x3A,
+        0xE5, 0xCB, 0x3D, 0x41, 0x04, 0xB5, 0x30, 0x87,
+        0xAA, 0x40, 0x03, 0x56, 0x10, 0x02, 0xF3, 0x6A,
+        0x9F, 0xDA, 0x33, 0xBC, 0xB8, 0xA5, 0xD0, 0x56,
+        0x43, 0x29, 0xDA, 0x58, 0x12, 0x8B, 0x6A, 0x9D,
+        0xCF, 0xCD, 0xCA, 0x66, 0x98, 0x92, 0x1D, 0xA4,
+        0xEF, 0xAC, 0x9E, 0x19, 0xDE, 0xF7, 0xFE, 0x6C,
+        0x3A, 0x66, 0x46, 0xB4, 0x00, 0x7F, 0x08, 0xAF,
+        0x31, 0xD6, 0xD3, 0x22, 0x59, 0x1F, 0x34, 0x48,
+        0x5A, 0xE1, 0x4E, 0x0F, 0x6F, 0x2D, 0xD0, 0xE5,
+        0x8E, 0x34, 0x3B, 0xC0, 0x55, 0x02, 0x2D, 0x17,
+        0x4B, 0x34, 0x78, 0x46, 0xD4, 0xC4, 0x7F, 0x1D,
+        0xDC, 0x39, 0x94, 0x69, 0x78, 0xAB, 0xD8, 0x2B,
+        0x6D, 0xF3, 0x1C, 0x0B, 0x0F, 0x4A, 0xA0, 0xB2,
+        0xAC, 0x1A, 0x79, 0x7F, 0x9D, 0xE5, 0xE8, 0xC6,
+        0x40, 0x4B, 0xCE, 0x32, 0x4B, 0xA1, 0x3C, 0x77,
+        0xED, 0x5D, 0x59, 0x0F, 0xE0, 0x7D, 0x00, 0x07,
+        0xB4, 0xD8, 0xA6, 0x3E, 0xC9, 0x6D, 0x62, 0x19,
+        0x66, 0xC3, 0xE7, 0x10, 0x3B, 0x6C, 0x7A, 0x36,
+        0x49, 0x75, 0xE6, 0x78, 0xB3, 0x8D, 0x04, 0x13,
+        0x31, 0xE6, 0x79, 0x72, 0x64, 0x07, 0x76, 0x94,
+        0x2B, 0xB4, 0xEC, 0x18, 0x1C, 0x32, 0x3C, 0x26,
+        0xC4, 0x81, 0xBF, 0x4F, 0xB5, 0x6E, 0x5D, 0x67,
+        0xCF, 0xBE, 0x17, 0x57, 0x11, 0x2B, 0xBC, 0xA0,
+        0xF0, 0xC2, 0x70, 0x06, 0x94, 0x26, 0x9B, 0x26,
+        0x12, 0x9C, 0x7F, 0x99, 0xD4, 0x4A, 0xF5, 0x60,
+        0xCD, 0xF7, 0xA4, 0x70, 0x2E, 0xF5, 0xD6, 0xA2,
+        0xEC, 0x0E, 0x99, 0x00, 0x2E, 0x89, 0x30, 0xAA,
+        0x4E, 0xC0, 0x62, 0x11, 0x93, 0x0A, 0x1E, 0x68,
+        0xF2, 0xED, 0x44, 0x8B, 0x10, 0x4A, 0x75, 0x68,
+        0xBF, 0x46, 0xE1, 0x41, 0xD6, 0x0B, 0x61, 0x53,
+        0xD4, 0x03, 0x10, 0xB3, 0x8F, 0x8E, 0x14, 0x57,
+        0x27, 0x8F, 0xE3, 0x49, 0xB2, 0xB4, 0xA7, 0xAE,
+        0x39, 0x7A, 0x7B, 0x8F, 0x48, 0xAA, 0xA5, 0xFD,
+        0xC1, 0x28, 0x8E, 0x43, 0xE0, 0x58, 0x39, 0x32,
+        0x0A, 0x14, 0xC6, 0x3A, 0xB8, 0x58, 0xE2, 0x6E,
+        0x7D, 0x8C, 0x35, 0xB6, 0x47, 0x37, 0x90, 0x4D,
+        0x89, 0xC1, 0x9A, 0x10, 0x3D, 0x6B, 0x68, 0x9A,
+        0x3D, 0xC9, 0x0C, 0x72, 0xFC, 0x92, 0xE3, 0x5D,
+        0x45, 0x2B, 0x81, 0x43, 0x02, 0x30, 0x70, 0xD4,
+        0x8B, 0xB9, 0xFB, 0xB0, 0x45, 0xE3, 0xC6, 0xCE,
+        0x9A, 0x8B, 0xD5, 0xC4, 0xB6, 0x7F, 0x5D, 0x8B,
+        0x58, 0xC9, 0x6A, 0x28, 0x2D, 0x6E, 0x27, 0x78,
+        0x3D, 0x7B, 0x99, 0x0E, 0x05, 0x2B, 0xD9, 0x5E,
+        0x86, 0x50, 0x8F, 0x9B, 0xF7, 0xC0, 0x64, 0xA8,
+        0xF2, 0x39, 0xE0, 0x24, 0x0A, 0x20, 0xD8, 0xDF,
+        0x3A, 0x87, 0x6E, 0xDC, 0x8F, 0xF6, 0x24, 0x1B,
+        0x54, 0xF2, 0x70, 0xA9, 0x8C, 0xB8, 0x07, 0x7A,
+        0xAF, 0xE0, 0xE5, 0x8E, 0x5E, 0x98, 0x13, 0xC6,
+        0xA5, 0xF9, 0x1F, 0x52, 0x89, 0x7B, 0x6A, 0xAD,
+        0x24, 0x26, 0xC6, 0x0D, 0xA5, 0x88, 0x3E, 0x6B,
+        0xDF, 0xEE, 0x33, 0x0A, 0x86, 0x09, 0xA2, 0x11,
+        0x8B, 0x69, 0x9F, 0x75, 0xCE, 0xFD, 0x05, 0x01,
+        0x95, 0x14, 0x64, 0xCD, 0x62, 0x04, 0x09, 0x87,
+        0xFC, 0xF6, 0xB2, 0x2E, 0xCA, 0x92, 0xE4, 0x4F,
+        0x55, 0xB3, 0x8C, 0x64, 0x99, 0xA8, 0xDA, 0x0A,
+        0xC7, 0x82, 0x56, 0x93, 0x03, 0x67, 0xA4, 0xD7,
+        0x54, 0x91, 0xA0, 0x89, 0xD8, 0x94, 0x1F, 0x6C,
+        0x53, 0xCC, 0xB2, 0x60, 0x13, 0x6A, 0x93, 0xE1,
+        0xFC, 0xA3, 0xDD, 0x72, 0xD5, 0x5A, 0x92, 0x35,
+        0x9E, 0x3D, 0x62, 0x82, 0x70, 0x5D, 0x54, 0xAF,
+        0x57, 0xC6, 0x98, 0x5E, 0x74, 0xE0, 0xF2, 0x33,
+        0x26, 0x61, 0xBF, 0x2B, 0xDD, 0x78, 0x47, 0x29,
+        0x04, 0xC7, 0xF0, 0x58, 0x17, 0xFC, 0x9D, 0xED,
+        0xEF, 0x15, 0x6A, 0xCA, 0xC7, 0x46, 0xCE, 0x12,
+        0xF8, 0x90, 0xD8, 0x5A, 0x93, 0x98, 0xA9, 0xED,
+        0xFB, 0xF4, 0x6E, 0x73, 0x48, 0x81, 0x4A, 0x08,
+        0x07, 0x29, 0xC8, 0x3E, 0x70, 0x4C, 0x40, 0x30,
+        0x20, 0x2C, 0xF6, 0x1E, 0xCD, 0xEE, 0x27, 0x95,
+        0xD5, 0x07, 0xAC, 0x28, 0x81, 0x4F, 0x53, 0xCD,
+        0x06, 0x60, 0xA5, 0x57, 0x2C, 0xBE, 0x1A, 0xE5,
+        0x33, 0x38, 0xB8, 0xEF, 0xDC, 0xA3, 0x1A, 0xA5,
+        0xB9, 0x5A, 0xA9, 0xE7, 0x65, 0xAF, 0x4D, 0xA0,
+        0x4C, 0x9B, 0x31, 0x62, 0x67, 0x7E, 0x41, 0xC0,
+        0x18, 0xA5, 0xE1, 0x8A, 0xF2, 0xF9, 0x8A, 0xCA,
+        0x14, 0x5C, 0xCD, 0x1B, 0x8F, 0x74, 0x31, 0x07,
+        0x6A, 0x14, 0xA7, 0xC2, 0x0F, 0x6C, 0x72, 0xE8,
+        0xEB, 0x97, 0x51, 0xB7, 0x89, 0x2E, 0x41, 0x01,
+        0x54, 0x47, 0x63, 0x0E, 0xAA, 0x84, 0xB9, 0x60,
+        0x1C, 0xB9, 0x54, 0xD8, 0x97, 0x39, 0x38, 0x9D,
+        0x52, 0xBB, 0x91, 0xA9, 0x7F, 0x96, 0x08, 0x7C,
+        0xB3, 0x8B, 0x0E, 0xAB, 0x59, 0xA7, 0x84, 0x68,
+        0x34, 0x65, 0x55, 0xC7, 0x12, 0x84, 0xC2, 0xFB,
+        0xBD, 0x27, 0x58, 0x18, 0xE9, 0x26, 0x73, 0xFA,
+        0x42, 0xAB, 0x5E, 0x0D, 0x97, 0x76, 0x67, 0xA9,
+        0x0F, 0x75, 0x92, 0x6C, 0x80, 0x76, 0x87, 0x75,
+        0xD2, 0x3D, 0xFE, 0x0B, 0x33, 0x7B, 0x48, 0xB0,
+        0xC8, 0x28, 0x1F, 0xE6, 0x3F, 0x18, 0xF2, 0x45,
+        0xF8, 0x8F, 0x21, 0xE1, 0x1C, 0x56, 0xA5, 0x33,
+        0x71, 0x88, 0x42, 0x5A, 0x34, 0x8B, 0x24, 0xDD,
+        0x0E, 0x98, 0x30, 0xDB, 0x6B, 0x6C, 0x89, 0x64,
+        0x8C, 0x7A, 0x63, 0x3C, 0xA9, 0xD8, 0x32, 0x51,
+        0xD0, 0xC6, 0xF7, 0xA4, 0x53, 0x95, 0x0D, 0x02,
+        0x19, 0x6A, 0x77, 0xBC, 0xDF, 0xD5, 0x2B, 0x2C,
+        0x65, 0xC9, 0xBF, 0x72, 0x69, 0xC3, 0x0C, 0xEF,
+        0x34, 0x75, 0x76, 0x29, 0x59, 0xBE, 0x9D, 0xE9,
+        0x44, 0x21, 0x2F, 0x5F, 0xB7, 0x89, 0xA6, 0xCD,
+        0x0A, 0x9A, 0x9E, 0x77, 0x5B, 0xBD, 0xDA, 0x03,
+        0xA4, 0xBC, 0xFB, 0x47, 0xC1, 0x77, 0x73, 0x00,
+        0x26, 0xAE, 0x2E, 0xFA, 0x62, 0x18, 0x9D, 0xB8,
+        0xE2, 0xD3, 0x7A, 0xB9, 0xD8, 0xCF, 0xE9, 0x61,
+        0x11, 0x80, 0xE9, 0xDC, 0xC3, 0x32, 0x9E, 0x63,
+        0x6F, 0xD9, 0x42, 0xF6, 0x76, 0x7F, 0xBC, 0xBF,
+        0xDB, 0x08, 0x2F, 0xA0, 0xEB, 0xB8, 0x4D, 0xF3,
+        0x76, 0x62, 0xAA, 0xFA, 0x20, 0x4A, 0xDD, 0xE6,
+        0xB3, 0x72, 0xC7, 0x7D, 0x36, 0x4F, 0x08, 0x56,
+        0x4F, 0x19, 0xB2, 0xB0, 0x0C, 0x13, 0x1A, 0x8C,
+        0xCE, 0x9A, 0x04, 0xB5, 0xB6, 0x9C, 0xD3, 0xD8,
+        0xFE, 0x1F, 0x2C, 0xCC, 0x89, 0xEE, 0x7D, 0x22,
+        0x8A, 0x4E, 0x0A, 0x91, 0x0C, 0x8B, 0x5A, 0xE0,
+        0xBD, 0xE5, 0x3D, 0xBE, 0x90, 0x4B, 0x13, 0xA3,
+        0x2F, 0x33, 0xE9, 0x9D, 0x6C, 0x67, 0x35, 0xBD,
+        0x03, 0xD4, 0x09, 0x90, 0x2F, 0xC6, 0x3C, 0x8D,
+        0xD8, 0x43, 0xFC, 0x1F, 0xB7, 0x49, 0xC0, 0xB7,
+        0x38, 0x70, 0x1D, 0xEB, 0x5A, 0xD7, 0xAC, 0x07,
+        0xAF, 0x5B, 0x93, 0xC5, 0x7B, 0x55, 0x65, 0x86,
+        0x6E, 0xC1, 0xDB, 0xCD, 0x42, 0x92, 0x50, 0xDB,
+        0xD1, 0x97, 0x95, 0x3D, 0x53, 0xC3, 0xFE, 0xC2,
+        0xF9, 0x65, 0xF3, 0xD2, 0xEE, 0xA4, 0x7E, 0xDE,
+        0xA1, 0x4B, 0x23, 0x7F, 0xA1, 0x0D, 0x25, 0x6E,
+        0x80, 0x4F, 0xE3, 0xB5, 0x0C, 0xBA, 0x1C, 0x2B,
+        0x42, 0x0B, 0x8F, 0xD9, 0xB6, 0x4E, 0x52, 0xD2,
+        0xDB, 0x35, 0xD2, 0xA1, 0xC4, 0xE6, 0xD6, 0x51,
+        0x76, 0xE7, 0x87, 0x5E, 0xBE, 0x93, 0xE6, 0x61,
+        0x71, 0x4C, 0x8B, 0xA6, 0x96, 0xDA, 0xF7, 0xCB,
+        0x06, 0xB7, 0xB8, 0xC4, 0xF6, 0xF5, 0xC6, 0x29,
+        0xAA, 0xE1, 0x13, 0x87, 0x6F, 0x96, 0xBA, 0x0C,
+        0xF6, 0x79, 0x8F, 0x03, 0x86, 0x22, 0xE3, 0xFB,
+        0xCF, 0x86, 0xCF, 0x7C, 0x77, 0xFD, 0xB4, 0xEE,
+        0xBD, 0x42, 0x38, 0x7F, 0xF2, 0xCC, 0xCB, 0x06,
+        0xEA, 0x0D, 0x81, 0xA1, 0x8E, 0xB5, 0xE7, 0x40,
+        0xC8, 0x03, 0xA3, 0x4B, 0xC8, 0xB4, 0x0E, 0x3E,
+        0x36, 0xAB, 0x90, 0xC1, 0xFC, 0xB0, 0x37, 0x2B,
+        0x83, 0xA1, 0x3D, 0x56, 0xD6, 0x83, 0x0F, 0x99,
+        0xC4, 0x58, 0xB8, 0x94, 0x61, 0x19, 0xA6, 0x60,
+        0x47, 0xCB, 0x2D, 0xAF, 0x29, 0x38, 0x90, 0xFA,
+        0x99, 0x0F, 0x02, 0x02, 0x65, 0x90, 0x5F, 0xA2,
+        0xA2, 0xE3, 0xBB, 0x34, 0x15, 0x2F, 0x0B, 0xF5,
+        0xB2, 0xCC, 0x83, 0x59, 0xAF, 0xA7, 0x4D, 0x38,
+        0xAD, 0xF6, 0x52, 0x5C, 0x53, 0xD9, 0x0E, 0x3F,
+        0xD6, 0x53, 0x86, 0xE2, 0x79, 0xC2, 0x65, 0x48,
+        0xB2, 0x67, 0x3B, 0xAF, 0x52, 0x53, 0x57, 0x9A,
+        0x27, 0x80, 0x88, 0x37, 0x77, 0x67, 0x4E, 0x1F,
+        0xF1, 0x7B, 0xC5, 0xCB, 0xD8, 0x11, 0x0A, 0xDD,
+        0x92, 0x0E, 0x88, 0x6C, 0xCA, 0x33, 0x76, 0x3B,
+        0x04, 0xFA, 0xC0, 0xFD, 0xC6, 0x3F, 0xB4, 0x72,
+        0xC2, 0x2B, 0x6D, 0x5E, 0xB6, 0xA1, 0x4E, 0x5F,
+        0xC0, 0x50, 0x16, 0xEF, 0xFE, 0x6A, 0x42, 0x72,
+        0x65, 0x02, 0xEE, 0x07, 0xC6, 0x19, 0xC6, 0x95,
+        0xDE, 0x3F, 0xD9, 0xC5, 0xC6, 0x0E, 0x70, 0x07,
+        0x6A, 0xC3, 0x36, 0x1B, 0x84, 0x6F, 0xDF, 0x80,
+        0x16, 0x4E, 0x86, 0x90, 0xC8, 0x55, 0x7B, 0xDD,
+        0xC0, 0x86, 0x0C, 0x37, 0x47, 0x1F, 0x35, 0xF8,
+        0x47, 0xF2, 0xCD, 0x96, 0x21, 0x64, 0xAD, 0x46,
+        0xE1, 0xDF, 0x44, 0x79, 0x48, 0x02, 0xF9, 0x71,
+        0x39, 0x35, 0x26, 0xFC, 0x12, 0x0D, 0x88, 0xAC,
+        0xD6, 0xFA, 0x29, 0x74, 0x55, 0x51, 0xE7, 0xAF,
+        0x3D, 0x7E, 0x1E, 0x7E, 0xE0, 0x18, 0xB6, 0x3C,
+        0x4B, 0x99, 0x9D, 0x51, 0x02, 0x51, 0xD8, 0xE9,
+        0xFA, 0x61, 0x88, 0x2E, 0xCF, 0x73, 0x77, 0x65,
+        0x71, 0xAE, 0xAE, 0xD7, 0xA1, 0xF9, 0xE0, 0x7F,
+        0x30, 0x46, 0xCB, 0x20, 0xEC, 0xF4, 0xD2, 0xC1,
+        0x63, 0xF5, 0x6F, 0x8A, 0x72, 0xF9, 0x5B, 0x85,
+        0xD2, 0xCA, 0x6D, 0x35, 0xD1, 0x17, 0xF6, 0x08,
+        0x9E, 0x0A, 0x73, 0xB3, 0xDA, 0x1A, 0x32, 0xBA,
+        0x23, 0x10, 0x4A, 0x5D, 0xD7, 0xAA, 0xB4, 0x68,
+        0x97, 0x59, 0x45, 0xC5, 0x7C, 0x16, 0x6F, 0xE4,
+        0x62, 0x89, 0xF1, 0xD3, 0xB4, 0x03, 0x90, 0x7B,
+        0xA4, 0xA2, 0xCA, 0xA0, 0x5D, 0x69, 0x1B, 0xA9,
+        0xBB, 0xEB, 0xA0, 0xE2, 0xDE, 0xBE, 0x0E, 0xC4,
+        0x9E, 0x21, 0x38, 0x61, 0x92, 0x9B, 0xAB, 0x69,
+        0xAA, 0xD0, 0x1D, 0xF6, 0xC3, 0xEE, 0xA6, 0xC3,
+        0xF3, 0x29, 0x1B, 0xE5, 0x6E, 0x52, 0x89, 0xD0,
+        0xBA, 0xD8, 0x60, 0x27, 0x80, 0x1A, 0xB5, 0x7F,
+        0x7F, 0xB5, 0xC2, 0x5A, 0xC6, 0x83, 0xA4, 0xC0,
+        0x88, 0x39, 0xF3, 0xE7, 0x39, 0xD6, 0x81, 0x1C,
+        0x13, 0x20, 0xFD, 0x93, 0x3D, 0x8E, 0x79, 0x60,
+        0x7C, 0xFF, 0xE4, 0x37, 0x5B, 0x33, 0xA3, 0x9D,
+        0xB7, 0x57, 0xCD, 0x45, 0x0A, 0xB9, 0xE4, 0xF1,
+        0xBC, 0x59, 0x74, 0xE8, 0xB3, 0x06, 0xD0, 0x9F,
+        0x0F, 0xBC, 0x5B, 0x23, 0xB8, 0x6C, 0xD6, 0x4D,
+        0xFA, 0xCC, 0x14, 0xAB, 0x74, 0x61, 0x1A, 0xFC,
+        0x22, 0xA6, 0xED, 0x09, 0x76, 0x91, 0xD8, 0x6E,
+        0x44, 0xB6, 0x00, 0x14, 0xDC, 0x74, 0x2D, 0x90,
+        0xAA, 0x59, 0x98, 0x76, 0x30, 0xC5, 0x44, 0xA4,
+        0x61, 0x43, 0xD6, 0xE2, 0x28, 0x28, 0xA7, 0xBD,
+        0x6E, 0x50, 0x5C, 0xE1, 0x96, 0x7A, 0xF8, 0xA8,
+        0x32, 0x8C, 0xE9, 0xFD, 0x11, 0x37, 0x91, 0xD1,
+        0xAF, 0x3C, 0xD3, 0x1C, 0x1E, 0x88, 0x4D, 0x7E,
+        0x87, 0x84, 0x84, 0x6F, 0x39, 0x0B, 0xFB, 0x2D,
+        0xB3, 0x12, 0x4C, 0x6D, 0x45, 0xDD, 0xCD, 0x7D,
+        0x75, 0xB7, 0xFE, 0x7E, 0x44, 0xCC, 0x29, 0xE5,
+        0xB3, 0x10, 0xEE, 0x23, 0x55, 0x5B, 0xCF, 0xBA,
+        0xBD, 0xA1, 0xBE, 0x64, 0xF8, 0x6E, 0x60, 0x31,
+        0x0A, 0x2D, 0xC9, 0x3B, 0x1D, 0x44, 0xE1, 0x9D,
+        0x60, 0x28, 0x77, 0xEE
+    };
+    static const byte rnd_65[] = {
+        0x4E, 0x7A, 0x01, 0x7C, 0x15, 0x03, 0x9D, 0xC2,
+        0x00, 0x51, 0xD2, 0x96, 0x0E, 0x5E, 0x15, 0x59,
+        0xCC, 0x27, 0xED, 0x46, 0x87, 0x7C, 0xB9, 0x81,
+        0x16, 0x19, 0x9A, 0x0F, 0x41, 0x05, 0xFE, 0x32
+    };
+    static const byte sig_65[] = {
+        0xB8, 0x65, 0xB0, 0x0B, 0x21, 0x18, 0xDB, 0xB0,
+        0x0B, 0x70, 0x1C, 0x66, 0x45, 0x65, 0x5E, 0x8A,
+        0xCF, 0xA8, 0x4E, 0xA7, 0x92, 0xB4, 0x48, 0x64,
+        0x2E, 0x18, 0x32, 0xC3, 0x70, 0x7C, 0x87, 0xCF,
+        0x09, 0xFB, 0xE7, 0x72, 0xF1, 0xD4, 0x38, 0x5B,
+        0xFB, 0xE5, 0xE6, 0xCF, 0xBB, 0xE2, 0x6C, 0x10,
+        0xED, 0x6E, 0xB8, 0x65, 0xC8, 0x87, 0xF8, 0x69,
+        0x39, 0x43, 0x9A, 0x9B, 0xF7, 0x68, 0xBF, 0x03,
+        0x9D, 0x73, 0xE3, 0xEA, 0x83, 0xBD, 0xF1, 0x85,
+        0x03, 0xB5, 0xD1, 0xB3, 0x91, 0x79, 0xA8, 0x27,
+        0xB0, 0xD7, 0x80, 0x5F, 0x98, 0x42, 0x8B, 0xD8,
+        0x7C, 0xEA, 0x6B, 0x06, 0x96, 0x0C, 0x78, 0xB4,
+        0xB5, 0x86, 0xFB, 0x0D, 0x5E, 0xDA, 0x9F, 0xAA,
+        0xC0, 0x25, 0x6E, 0x38, 0x82, 0x35, 0x62, 0xA3,
+        0x07, 0x96, 0x61, 0x17, 0x00, 0x5A, 0xA4, 0x2F,
+        0x1B, 0x65, 0x54, 0xA0, 0x48, 0x75, 0xF8, 0x5C,
+        0x2E, 0x3F, 0xAF, 0xA6, 0x52, 0x47, 0x1D, 0x4E,
+        0x98, 0x06, 0x54, 0x82, 0xFC, 0x7D, 0xF4, 0x9B,
+        0x2C, 0x40, 0xD0, 0xE7, 0xB9, 0x82, 0x38, 0xDF,
+        0xBE, 0x85, 0x3D, 0x16, 0xBF, 0x99, 0x92, 0xBB,
+        0x08, 0xC1, 0x92, 0x59, 0xF9, 0xB5, 0x75, 0xEA,
+        0x7A, 0x4A, 0x80, 0x09, 0x3A, 0x64, 0xA9, 0x26,
+        0x71, 0x85, 0x7A, 0x50, 0x89, 0x20, 0xD6, 0x0F,
+        0xF6, 0xFB, 0xF3, 0x83, 0x41, 0xC5, 0x59, 0x01,
+        0x05, 0x63, 0x3A, 0x42, 0x6D, 0x60, 0x2D, 0xAC,
+        0x06, 0x4D, 0xD7, 0xA7, 0xF1, 0x1A, 0x60, 0x21,
+        0x5C, 0x35, 0xB7, 0xB9, 0xC0, 0x0E, 0x9D, 0x84,
+        0x63, 0x98, 0x8C, 0xF4, 0x72, 0xCD, 0x6A, 0xCF,
+        0xB7, 0xF7, 0x22, 0xB8, 0xC4, 0xC6, 0x27, 0x02,
+        0x60, 0x7A, 0x67, 0x48, 0x80, 0xAC, 0xB3, 0xD6,
+        0xC6, 0x25, 0x3E, 0x71, 0x17, 0x5A, 0x05, 0xB3,
+        0x92, 0xCA, 0xB4, 0xBB, 0x14, 0xCE, 0x86, 0xA5,
+        0x98, 0xAB, 0xC7, 0x88, 0xD0, 0xFF, 0x4D, 0x82,
+        0x77, 0x5E, 0x4E, 0xA0, 0xFC, 0x36, 0x36, 0x3C,
+        0xD0, 0xE9, 0x7B, 0x78, 0xA6, 0xAE, 0x4D, 0xA8,
+        0xE9, 0x8C, 0xA6, 0x12, 0x77, 0x2D, 0x56, 0xB5,
+        0x82, 0xF8, 0x2C, 0x07, 0x09, 0xBE, 0xAE, 0x46,
+        0x67, 0x3B, 0xDD, 0x80, 0x42, 0x86, 0x5C, 0xFA,
+        0x95, 0xBF, 0x53, 0x38, 0xCF, 0xEA, 0x60, 0x6A,
+        0x6E, 0xF3, 0x16, 0x38, 0x46, 0xAE, 0x83, 0xB2,
+        0x5E, 0x5F, 0x5B, 0xD3, 0x1C, 0x83, 0xF1, 0x36,
+        0x72, 0x9A, 0x8E, 0xA6, 0x27, 0x4F, 0x99, 0x4F,
+        0xA9, 0x04, 0x5F, 0xA8, 0xA9, 0x0F, 0xF8, 0x54,
+        0xB8, 0x71, 0xCF, 0x82, 0xE2, 0xB7, 0x01, 0xE8,
+        0xF4, 0xAC, 0x04, 0xFE, 0x9E, 0x28, 0x49, 0x1B,
+        0x9A, 0x25, 0xFF, 0x26, 0x3E, 0x2C, 0xF7, 0x54,
+        0x99, 0xE0, 0x09, 0xFD, 0x02, 0x29, 0xFB, 0xF7,
+        0xE5, 0xE4, 0x60, 0x44, 0x34, 0x4B, 0x07, 0xD7,
+        0x22, 0x14, 0xA9, 0xAC, 0xB4, 0xFF, 0x61, 0x02,
+        0xAB, 0xC1, 0x26, 0x2B, 0xC2, 0xE1, 0xCD, 0x24,
+        0x91, 0x60, 0x7A, 0xE7, 0xAA, 0xEC, 0xF4, 0xC3,
+        0x51, 0x75, 0xCF, 0xA4, 0x38, 0x3A, 0xA8, 0x6A,
+        0xF1, 0xE6, 0x2E, 0xD0, 0x63, 0x87, 0xCC, 0x59,
+        0x48, 0x36, 0x46, 0x7F, 0x41, 0xDF, 0xCA, 0x8F,
+        0xA0, 0xCA, 0x71, 0x28, 0x0B, 0xFB, 0x1C, 0x25,
+        0x60, 0xC8, 0x99, 0x55, 0x36, 0xF8, 0x42, 0x74,
+        0x70, 0x45, 0x59, 0x14, 0x53, 0x74, 0x5F, 0x26,
+        0x03, 0x82, 0xE3, 0xDA, 0x50, 0x79, 0x3F, 0xD7,
+        0xCA, 0x76, 0x27, 0x18, 0x5D, 0xBD, 0xCE, 0xDD,
+        0xF6, 0x9B, 0x2D, 0x3E, 0x15, 0x1C, 0x7F, 0x97,
+        0x28, 0x8A, 0x38, 0x2A, 0x92, 0xB0, 0x50, 0xF7,
+        0x91, 0xF9, 0x58, 0x7D, 0x77, 0xC6, 0x4D, 0x8B,
+        0x5D, 0x40, 0xAA, 0x19, 0x9D, 0x49, 0x66, 0xBE,
+        0x2D, 0x52, 0x4F, 0x96, 0x10, 0xF2, 0xFA, 0x02,
+        0xED, 0x23, 0x17, 0x63, 0x69, 0xDB, 0x93, 0x93,
+        0x50, 0xDA, 0x60, 0x1E, 0xA6, 0x67, 0x70, 0x95,
+        0x2E, 0x0F, 0x23, 0xED, 0xA6, 0x8A, 0x73, 0x75,
+        0x6E, 0xFF, 0x61, 0x0E, 0x8D, 0x6A, 0x9F, 0x49,
+        0x34, 0x56, 0x58, 0x54, 0x42, 0x82, 0x45, 0x3B,
+        0x5E, 0x73, 0xA3, 0x22, 0xA0, 0x32, 0x67, 0xC9,
+        0x69, 0xB5, 0x07, 0x34, 0xF2, 0xEC, 0xD4, 0xEC,
+        0x90, 0x55, 0x76, 0x0D, 0x92, 0x86, 0x10, 0xE9,
+        0x4E, 0x0B, 0x16, 0x28, 0xD6, 0xAF, 0x1B, 0x27,
+        0xAB, 0x13, 0x82, 0x9F, 0x7F, 0x8E, 0xF5, 0x0D,
+        0x9E, 0x29, 0x96, 0xFC, 0x64, 0xB0, 0x6A, 0xC8,
+        0x94, 0x61, 0x14, 0x76, 0x6D, 0xAD, 0x8D, 0xFF,
+        0xE6, 0x34, 0xF4, 0x7E, 0x9D, 0x85, 0x69, 0x96,
+        0x6C, 0x6F, 0x69, 0x68, 0x21, 0x8C, 0x5B, 0x86,
+        0x33, 0x61, 0x1B, 0xF4, 0x2B, 0x4F, 0xC0, 0xE7,
+        0x8D, 0x0C, 0x02, 0x9E, 0xAB, 0x85, 0xF2, 0x2F,
+        0x16, 0x17, 0x19, 0x80, 0xCC, 0x65, 0xF2, 0x84,
+        0x45, 0xA1, 0x1A, 0x08, 0x3A, 0xA0, 0x29, 0x77,
+        0xC2, 0xE8, 0x88, 0x6E, 0xD2, 0x70, 0x67, 0x2E,
+        0x51, 0x2A, 0xE8, 0x9C, 0x6A, 0x26, 0xFC, 0xAD,
+        0x1E, 0xC7, 0x2B, 0x9E, 0xCF, 0xA5, 0xA5, 0xEF,
+        0xC7, 0x0F, 0xF0, 0xBA, 0xB2, 0x8F, 0x11, 0x4F,
+        0x4D, 0xA8, 0x17, 0x0F, 0xE8, 0xB6, 0x3C, 0x2E,
+        0x11, 0xBE, 0x7A, 0x35, 0x46, 0x6E, 0x97, 0x9A,
+        0x12, 0x7E, 0xC0, 0xD2, 0x03, 0x23, 0xD5, 0x02,
+        0x73, 0x0A, 0xBC, 0xE6, 0x40, 0xA2, 0x44, 0x1C,
+        0xDD, 0xAB, 0xA3, 0x26, 0xD6, 0x78, 0x3D, 0x01,
+        0x92, 0xDB, 0xA9, 0xE9, 0x3F, 0xE5, 0x07, 0xC6,
+        0xA7, 0x37, 0x67, 0xBE, 0x56, 0xE2, 0x77, 0x65,
+        0x76, 0xEF, 0xEF, 0xF1, 0xCA, 0x17, 0x9D, 0x83,
+        0x34, 0x3E, 0x38, 0xC6, 0xA9, 0xC2, 0xFE, 0x72,
+        0x5D, 0xDE, 0x80, 0x7D, 0x21, 0x72, 0x5E, 0x73,
+        0x08, 0x72, 0xE2, 0xAB, 0x3D, 0x90, 0x11, 0x61,
+        0xF4, 0x55, 0xBC, 0xAD, 0x23, 0xA8, 0x43, 0x3A,
+        0x41, 0x31, 0x51, 0xFD, 0x22, 0x17, 0x14, 0x31,
+        0x0E, 0x4D, 0x0B, 0x6A, 0x1E, 0x1B, 0x2C, 0xAC,
+        0xA4, 0x99, 0xEE, 0xE8, 0x05, 0xA1, 0x64, 0xF2,
+        0x91, 0xD5, 0x07, 0x5E, 0x6B, 0x65, 0xA7, 0x9C,
+        0x2B, 0xCA, 0xD9, 0x17, 0xB1, 0x22, 0xFE, 0x1A,
+        0xC4, 0xFB, 0xB4, 0x10, 0x21, 0x1B, 0xA0, 0xA1,
+        0x99, 0x7A, 0x31, 0x30, 0x7C, 0x01, 0xF0, 0xFE,
+        0xD3, 0xB3, 0x14, 0x3D, 0x28, 0x34, 0x0F, 0xAC,
+        0xF0, 0x93, 0x37, 0xC4, 0xEF, 0x04, 0x74, 0x80,
+        0xA2, 0x90, 0xAE, 0x02, 0xB2, 0xF7, 0xD8, 0x7B,
+        0x8C, 0x29, 0xA0, 0xAE, 0xAE, 0x2E, 0x92, 0xC9,
+        0xC5, 0x44, 0x7D, 0x66, 0xC5, 0x5C, 0x1D, 0x1E,
+        0x25, 0x88, 0x5D, 0x10, 0x37, 0xFB, 0x5F, 0xCC,
+        0x80, 0x15, 0x4F, 0x1D, 0x23, 0xB4, 0xF2, 0x7B,
+        0x5B, 0xAC, 0x89, 0xBE, 0x1C, 0x36, 0x3C, 0xFF,
+        0x8E, 0xA7, 0x58, 0x73, 0xAC, 0x3F, 0x63, 0x33,
+        0xE8, 0x6C, 0x53, 0xEC, 0xA5, 0x5D, 0xBE, 0xD5,
+        0xE1, 0xF1, 0x12, 0x6B, 0x12, 0x78, 0xC7, 0x29,
+        0xC9, 0xA8, 0x4C, 0x4A, 0x1B, 0x7F, 0x15, 0x11,
+        0x93, 0x01, 0xC8, 0x0B, 0xE2, 0x2F, 0xE9, 0xBE,
+        0xBA, 0x17, 0x59, 0x45, 0xB2, 0x61, 0x2B, 0x66,
+        0xDD, 0xCE, 0xDF, 0x9A, 0x2A, 0x4D, 0x5F, 0x24,
+        0xF9, 0x02, 0xBB, 0xA6, 0x8D, 0xA7, 0x5D, 0x95,
+        0x97, 0x2E, 0x28, 0xD6, 0xCB, 0x70, 0x17, 0xCA,
+        0x51, 0xED, 0x58, 0x73, 0xAB, 0x03, 0xDD, 0x2E,
+        0x92, 0x6C, 0x15, 0x64, 0x2C, 0x9D, 0x6E, 0x64,
+        0x27, 0xFC, 0xE8, 0x0F, 0xC3, 0x8B, 0x34, 0xFE,
+        0xB3, 0xC1, 0x55, 0x13, 0xA6, 0x87, 0xC3, 0x5B,
+        0x94, 0xEB, 0x83, 0xE4, 0xAB, 0x3E, 0x18, 0x76,
+        0x67, 0x92, 0x70, 0xF5, 0xA9, 0x8F, 0x18, 0xA6,
+        0x5F, 0x57, 0x41, 0x76, 0x55, 0xFD, 0xA9, 0x99,
+        0x4E, 0x8F, 0xCC, 0x61, 0x6C, 0x6C, 0x60, 0x06,
+        0x10, 0x40, 0x26, 0xD6, 0xCD, 0x7A, 0xA0, 0x56,
+        0x3D, 0x51, 0x07, 0x25, 0x76, 0x00, 0x05, 0xF5,
+        0xFD, 0x39, 0xE7, 0x59, 0x24, 0x90, 0x29, 0xF0,
+        0x3D, 0x9F, 0x00, 0x67, 0x10, 0x3F, 0xA0, 0x45,
+        0x21, 0x14, 0xDF, 0x24, 0x40, 0xE8, 0xC6, 0xDB,
+        0x65, 0xE2, 0x39, 0x56, 0xEB, 0x1B, 0xEE, 0xB2,
+        0xC3, 0x4E, 0x5B, 0x20, 0xAC, 0x31, 0x6A, 0x03,
+        0xA9, 0x54, 0x36, 0x66, 0x62, 0x68, 0xC3, 0xD8,
+        0x22, 0x8F, 0x62, 0xEB, 0x56, 0x67, 0xB3, 0xB6,
+        0xBB, 0x85, 0x7D, 0xD0, 0x73, 0x7B, 0x69, 0x05,
+        0x1E, 0x9F, 0x26, 0xEE, 0x02, 0x36, 0x71, 0xCE,
+        0xAD, 0xFA, 0xCA, 0xF9, 0x49, 0x7F, 0x1A, 0xDE,
+        0x58, 0x7A, 0x69, 0x3E, 0xEF, 0xFB, 0xFC, 0xD5,
+        0x50, 0xEC, 0x20, 0x8C, 0x23, 0x56, 0x91, 0xE8,
+        0xE3, 0x66, 0xD9, 0x65, 0xB6, 0x2B, 0xEC, 0x16,
+        0xA6, 0x61, 0xCD, 0x5D, 0xE2, 0x87, 0x93, 0x22,
+        0x0D, 0x66, 0xF2, 0x64, 0x55, 0x05, 0xB8, 0x52,
+        0x41, 0x2F, 0xAE, 0x7B, 0x9D, 0x98, 0x29, 0xBF,
+        0x61, 0x5F, 0x7C, 0xBD, 0x59, 0xA7, 0xBC, 0x1D,
+        0x03, 0x4E, 0x6A, 0x25, 0x52, 0x9C, 0xFB, 0x48,
+        0x6A, 0xF2, 0x01, 0xDE, 0xB7, 0xEA, 0x95, 0xBA,
+        0x70, 0x8A, 0x31, 0x59, 0x17, 0x16, 0x74, 0x34,
+        0x53, 0x09, 0xDB, 0x81, 0x50, 0xE6, 0x7E, 0xBB,
+        0x30, 0xA7, 0xFF, 0x80, 0xCA, 0xC9, 0xAB, 0x13,
+        0x92, 0x50, 0x0A, 0x83, 0xE6, 0x3B, 0xBF, 0x7C,
+        0x42, 0xEB, 0x94, 0x53, 0xC2, 0xC9, 0xAC, 0xDA,
+        0x02, 0xBE, 0x53, 0x82, 0x34, 0xAA, 0xA7, 0xDB,
+        0x5A, 0x7F, 0x58, 0x8F, 0xC9, 0x1B, 0x90, 0xEE,
+        0x24, 0x77, 0xF2, 0xB6, 0x1C, 0xD1, 0x06, 0x2A,
+        0x7E, 0xF1, 0xE6, 0xE4, 0xDC, 0x54, 0xB3, 0x6D,
+        0x0E, 0x19, 0x93, 0x3E, 0x98, 0x1C, 0xB7, 0x63,
+        0xA9, 0xE1, 0x07, 0xE0, 0x1D, 0xA9, 0x42, 0x0F,
+        0x82, 0xCA, 0x79, 0x35, 0x92, 0xA4, 0x7C, 0x4B,
+        0x97, 0x7F, 0xF2, 0xC8, 0x84, 0x98, 0xDA, 0x95,
+        0xC4, 0x3D, 0x23, 0x2F, 0x42, 0xAF, 0x99, 0x48,
+        0x0B, 0xF0, 0xA4, 0xF8, 0xB7, 0xC4, 0x94, 0x9D,
+        0x1A, 0xE1, 0xD4, 0xFA, 0x8E, 0x1D, 0x1A, 0x8C,
+        0xD0, 0xF9, 0xED, 0x00, 0xDA, 0x59, 0x5E, 0xFD,
+        0x2B, 0x76, 0x6F, 0x0B, 0x79, 0xD4, 0x49, 0x0D,
+        0xB9, 0x28, 0xEC, 0x44, 0xB5, 0x03, 0x0A, 0x74,
+        0xCA, 0x42, 0x81, 0x1A, 0x5B, 0x5A, 0xE5, 0x22,
+        0xC7, 0x76, 0x4D, 0xDF, 0xD9, 0xFD, 0x92, 0xF0,
+        0x06, 0xE9, 0x4B, 0x35, 0xA7, 0xEF, 0x01, 0x42,
+        0xDA, 0x71, 0x78, 0xC2, 0xF5, 0x30, 0x74, 0xD0,
+        0x74, 0x51, 0xB1, 0x55, 0x65, 0xA9, 0xE0, 0xC5,
+        0x7E, 0xA1, 0xB9, 0x4C, 0x88, 0xEA, 0xE7, 0x41,
+        0xB1, 0xF5, 0x01, 0xC4, 0xD3, 0x70, 0x72, 0x7D,
+        0xAD, 0x27, 0x65, 0xF7, 0x95, 0xAD, 0x41, 0x46,
+        0x35, 0x80, 0x0E, 0xC1, 0x94, 0x9D, 0x03, 0x71,
+        0x39, 0xDE, 0x26, 0xAF, 0xCF, 0x93, 0x3D, 0x9A,
+        0x09, 0xC1, 0x27, 0xFC, 0x6B, 0x36, 0xE5, 0x18,
+        0xC6, 0xDE, 0x94, 0x92, 0xBA, 0x70, 0x82, 0x7B,
+        0x68, 0x1C, 0x2D, 0x18, 0xA4, 0x01, 0x23, 0xB6,
+        0xC5, 0xF6, 0x17, 0x37, 0xCB, 0x9D, 0xC6, 0xAA,
+        0x9C, 0xE1, 0x7D, 0x16, 0x8E, 0xBB, 0xDD, 0xD6,
+        0x3C, 0x07, 0x60, 0x19, 0x3C, 0x97, 0x49, 0x33,
+        0xDB, 0x47, 0x4A, 0xA8, 0x9A, 0xF3, 0x0E, 0x16,
+        0x29, 0x38, 0xF6, 0xDB, 0x78, 0x65, 0xDE, 0x23,
+        0x1F, 0x86, 0x16, 0x9C, 0x9E, 0x2A, 0x30, 0x2F,
+        0xC4, 0x1F, 0x1B, 0xE5, 0xF3, 0x6C, 0x55, 0x83,
+        0xFC, 0xD9, 0x1E, 0x21, 0xCB, 0x8A, 0x67, 0x57,
+        0xD3, 0x0A, 0x4B, 0xAC, 0xDB, 0x67, 0xE7, 0xA6,
+        0x1B, 0x0C, 0x8E, 0x21, 0x7E, 0x0C, 0xCB, 0xF5,
+        0x0E, 0xA6, 0x42, 0xCD, 0xE3, 0xFC, 0x74, 0xC7,
+        0xF9, 0xFF, 0xBD, 0xA9, 0xA1, 0xE6, 0x84, 0xBB,
+        0xC9, 0xA8, 0xF7, 0xCD, 0x3F, 0x1B, 0xD0, 0xDB,
+        0x63, 0xDD, 0xDF, 0x4E, 0xA4, 0x79, 0xC2, 0x35,
+        0x65, 0x2C, 0x5D, 0xCB, 0xCA, 0x7B, 0xDD, 0x4E,
+        0x2F, 0x33, 0xE8, 0x71, 0x72, 0xC1, 0x8B, 0x5F,
+        0xF3, 0x90, 0x99, 0x40, 0x8D, 0x27, 0x2F, 0xD0,
+        0xFB, 0x0D, 0x6A, 0x23, 0xB1, 0x43, 0x00, 0xDF,
+        0xC6, 0x4C, 0x02, 0x74, 0x3E, 0x52, 0x36, 0x08,
+        0xE9, 0x73, 0x61, 0x3D, 0xCA, 0xAC, 0x9D, 0x1D,
+        0x14, 0xB3, 0xA6, 0x24, 0x0E, 0xC2, 0xF2, 0x29,
+        0x39, 0x91, 0xF6, 0x90, 0x6A, 0xE3, 0x6C, 0x04,
+        0x69, 0xF3, 0x09, 0x11, 0x34, 0x8E, 0xC1, 0x2D,
+        0xDB, 0xA6, 0xC3, 0xCA, 0x19, 0xBC, 0x69, 0x5F,
+        0xCD, 0x16, 0xE5, 0xAE, 0xF2, 0xAD, 0x7C, 0x73,
+        0x25, 0x15, 0x70, 0xB5, 0xD0, 0x49, 0xA6, 0xC3,
+        0xA5, 0x2F, 0xA3, 0xFC, 0x9E, 0xD5, 0x4E, 0x54,
+        0x97, 0x3A, 0xE7, 0x89, 0xB0, 0xBF, 0xD6, 0xF8,
+        0xCC, 0x26, 0x44, 0xA9, 0xF8, 0x5A, 0xCE, 0x06,
+        0x78, 0xD8, 0x9E, 0xFC, 0x12, 0xB6, 0x11, 0xC3,
+        0xDF, 0xAE, 0x3F, 0x94, 0x50, 0x34, 0xB8, 0x99,
+        0xBE, 0x99, 0xA7, 0x32, 0x88, 0x9F, 0x17, 0xD2,
+        0x08, 0xDC, 0xD7, 0xEE, 0x95, 0x9D, 0x1A, 0xC7,
+        0x61, 0xDB, 0xA4, 0x86, 0x4C, 0x14, 0xB0, 0xA3,
+        0x5E, 0x4C, 0x7B, 0xBD, 0xA0, 0x96, 0xFB, 0x8A,
+        0xB3, 0x22, 0x69, 0x26, 0xC8, 0x9E, 0x7C, 0xDA,
+        0x92, 0x9E, 0xF1, 0x30, 0xC6, 0x92, 0xC9, 0x26,
+        0x59, 0xE6, 0xF4, 0x65, 0x2B, 0xF2, 0x15, 0x63,
+        0x61, 0xC7, 0x7D, 0xBE, 0xEF, 0x5A, 0x06, 0x23,
+        0xA0, 0x67, 0x04, 0x99, 0x0E, 0x19, 0x8A, 0x13,
+        0x67, 0x30, 0x54, 0x32, 0x4B, 0xBB, 0xAA, 0x64,
+        0x36, 0x92, 0xF2, 0x43, 0xD6, 0x7C, 0x1B, 0x4F,
+        0x95, 0xB9, 0x28, 0xAC, 0xF1, 0x68, 0x6F, 0x60,
+        0xC1, 0x44, 0x87, 0xD6, 0xDD, 0x7F, 0x88, 0x01,
+        0xEF, 0x20, 0x93, 0x9E, 0x03, 0xA1, 0xCA, 0x7D,
+        0x74, 0x32, 0xDC, 0xF5, 0x95, 0xF1, 0xE9, 0xED,
+        0xF2, 0xB2, 0x93, 0x57, 0xA1, 0xD4, 0xC7, 0xDA,
+        0x33, 0x51, 0x2C, 0x45, 0x1A, 0x7C, 0x66, 0x04,
+        0x38, 0x2D, 0x90, 0xC3, 0x30, 0x79, 0xD9, 0x57,
+        0x38, 0xE4, 0x71, 0x89, 0xD8, 0x54, 0x9E, 0x43,
+        0xD2, 0x94, 0xE7, 0x3D, 0x1C, 0xA7, 0x48, 0x7B,
+        0x50, 0xD0, 0xED, 0x7C, 0xC6, 0xF9, 0x6B, 0xEE,
+        0xA7, 0x6C, 0xCE, 0xB9, 0x6D, 0x37, 0x92, 0x00,
+        0x4E, 0xB3, 0xE5, 0x49, 0x16, 0x35, 0xA6, 0x7F,
+        0x6F, 0xFA, 0x1F, 0x1D, 0xF6, 0xA1, 0xF2, 0xFD,
+        0xEE, 0x77, 0x84, 0x17, 0x80, 0xAE, 0x08, 0x09,
+        0xD2, 0x92, 0xED, 0x7B, 0x00, 0xF4, 0x2D, 0x80,
+        0x91, 0x19, 0x09, 0xB5, 0x1C, 0x9A, 0x3A, 0xE5,
+        0x4B, 0x7A, 0x6D, 0x7D, 0x29, 0xD2, 0x00, 0x05,
+        0x22, 0xD4, 0xF8, 0x76, 0xE2, 0x5C, 0x0D, 0x6A,
+        0x15, 0x77, 0x22, 0x18, 0x85, 0xFD, 0x30, 0x74,
+        0xF3, 0x3B, 0xDC, 0xD9, 0x6C, 0xDE, 0x80, 0x40,
+        0x4A, 0x37, 0xE1, 0x60, 0x9F, 0x26, 0xCF, 0xBE,
+        0x24, 0xA1, 0xFB, 0xF9, 0x76, 0x2A, 0x1A, 0x23,
+        0x32, 0xE7, 0xA2, 0xD8, 0x2D, 0xF9, 0xD2, 0x0F,
+        0x08, 0x3A, 0xDB, 0x35, 0x35, 0x33, 0x59, 0x0B,
+        0xB1, 0xF9, 0x54, 0x33, 0x49, 0x36, 0x9E, 0x21,
+        0xEC, 0xF5, 0x94, 0xE2, 0x78, 0x07, 0xA5, 0x63,
+        0x50, 0xD6, 0x23, 0x84, 0xDE, 0xAD, 0xA7, 0x89,
+        0xBE, 0x92, 0xF0, 0x12, 0xC1, 0xF8, 0xA7, 0x2D,
+        0x8B, 0xE0, 0x79, 0xF8, 0xD7, 0xBD, 0x04, 0x0B,
+        0xC5, 0xF2, 0x23, 0x36, 0x11, 0x6D, 0x6F, 0x37,
+        0xDB, 0xFB, 0xD2, 0xC7, 0x44, 0xC3, 0xAE, 0x78,
+        0xEC, 0xB4, 0xE0, 0x5A, 0x55, 0xB3, 0xFC, 0xC3,
+        0x1B, 0x8C, 0xA6, 0xDB, 0xE8, 0x95, 0x72, 0x44,
+        0x90, 0x8F, 0x4E, 0xD1, 0xD3, 0x46, 0x6C, 0x9E,
+        0x00, 0xC6, 0xCC, 0xAE, 0xFC, 0x95, 0x4D, 0x85,
+        0x7C, 0x65, 0x5F, 0x74, 0x71, 0xE3, 0x80, 0x88,
+        0xCF, 0x1E, 0xB8, 0xBE, 0xED, 0x8D, 0xC4, 0xFB,
+        0x3E, 0x36, 0xF3, 0xB8, 0x42, 0x1F, 0x37, 0x31,
+        0x8D, 0xA2, 0x35, 0x36, 0x9E, 0x92, 0x3D, 0xD8,
+        0xEA, 0xA7, 0xA2, 0x29, 0x0E, 0x14, 0xBF, 0x59,
+        0x1E, 0x1D, 0x98, 0x27, 0x30, 0x3B, 0xF3, 0x57,
+        0x69, 0x75, 0xCC, 0x3A, 0xB3, 0x49, 0x99, 0x70,
+        0x19, 0x50, 0xAB, 0xF6, 0x7F, 0xF6, 0x55, 0x1A,
+        0xCA, 0x2D, 0xA0, 0x73, 0x50, 0xE0, 0x9C, 0xEE,
+        0x07, 0xEC, 0x37, 0x26, 0x6B, 0xAA, 0xA5, 0x34,
+        0xFD, 0x7B, 0x1A, 0x92, 0x4E, 0xE7, 0x36, 0x1A,
+        0xEB, 0x35, 0xCC, 0x5A, 0x5C, 0x06, 0x7F, 0x77,
+        0xCE, 0x52, 0x33, 0x57, 0x73, 0x9D, 0xEC, 0x2D,
+        0x28, 0x0C, 0xC9, 0xBF, 0x06, 0x9E, 0xA7, 0x7C,
+        0x36, 0xF9, 0x0B, 0xC6, 0x7F, 0x0F, 0x66, 0x24,
+        0x65, 0x2D, 0x30, 0x2B, 0xD7, 0x7F, 0x07, 0xD3,
+        0x57, 0xC8, 0x4B, 0xC3, 0x0C, 0xA3, 0x5B, 0xAA,
+        0xAF, 0xEA, 0xF3, 0xA3, 0x9E, 0x9E, 0xD4, 0x63,
+        0xCD, 0x82, 0x8B, 0xBC, 0x5D, 0xEF, 0xE6, 0x2A,
+        0x4D, 0x5B, 0x95, 0x13, 0x17, 0x98, 0xD3, 0x67,
+        0x66, 0x04, 0x9E, 0x71, 0x71, 0xE6, 0xBD, 0x44,
+        0x15, 0x6B, 0x29, 0x76, 0xE4, 0x62, 0x01, 0x99,
+        0xEB, 0xF4, 0x2E, 0x14, 0x29, 0x0D, 0xBF, 0x8A,
+        0x02, 0x30, 0x4A, 0xE7, 0x0D, 0x25, 0x42, 0x9E,
+        0xD7, 0x0C, 0xAD, 0x30, 0xC6, 0xA3, 0x49, 0xF9,
+        0x90, 0x0C, 0x46, 0x5B, 0x77, 0x67, 0x5F, 0x0B,
+        0xE9, 0xA9, 0xFE, 0xFA, 0xC8, 0x5F, 0x19, 0xF7,
+        0x35, 0x09, 0xF7, 0xB5, 0x6D, 0x51, 0x32, 0x17,
+        0xBE, 0xE6, 0xC3, 0xBE, 0x4A, 0x9A, 0x33, 0xDA,
+        0xC6, 0x90, 0xB7, 0xA7, 0x6F, 0x97, 0x9E, 0xD5,
+        0x80, 0xE5, 0x02, 0x9E, 0x58, 0xD6, 0x45, 0x34,
+        0x4D, 0x61, 0x71, 0x19, 0x07, 0x69, 0x1F, 0xAF,
+        0xFF, 0x9F, 0xDE, 0x97, 0x13, 0xA1, 0xDF, 0x47,
+        0x0E, 0x8B, 0xD6, 0xD0, 0x75, 0x40, 0x08, 0x59,
+        0x7D, 0xFB, 0x74, 0x74, 0xF2, 0x48, 0xF4, 0x23,
+        0x1B, 0x5E, 0x18, 0x4E, 0x2D, 0x2D, 0xC5, 0x40,
+        0xD0, 0x90, 0x4F, 0x95, 0x69, 0xC4, 0xDA, 0xFB,
+        0x39, 0x4B, 0x12, 0x7D, 0x22, 0x1E, 0x9A, 0x68,
+        0x5B, 0x68, 0x2E, 0x47, 0x23, 0xB9, 0x6A, 0xBF,
+        0xF7, 0xE2, 0x56, 0x79, 0xDD, 0x7A, 0x72, 0xF9,
+        0x5F, 0x20, 0x6B, 0x29, 0x56, 0xEE, 0x04, 0x11,
+        0x4C, 0x16, 0x34, 0x04, 0x14, 0x54, 0xB5, 0x21,
+        0xAA, 0x6A, 0x46, 0x40, 0xE4, 0xF1, 0x78, 0x7C,
+        0x50, 0xF3, 0x4D, 0xBC, 0x57, 0x34, 0x7C, 0x6A,
+        0xBD, 0x9B, 0xEF, 0x03, 0x80, 0x7D, 0xAB, 0x20,
+        0x0F, 0x77, 0x87, 0x6F, 0x93, 0xFB, 0x24, 0x20,
+        0x82, 0xC7, 0x7E, 0xFB, 0x43, 0x2D, 0xC6, 0xD4,
+        0xE9, 0x27, 0x8C, 0x66, 0xA8, 0x5A, 0x58, 0xC8,
+        0xD8, 0x9A, 0xA8, 0x50, 0x5F, 0x3A, 0x3D, 0x0B,
+        0xC3, 0x4F, 0xCE, 0x94, 0xE0, 0x0D, 0x16, 0xCB,
+        0x20, 0xE0, 0xF5, 0x1A, 0x13, 0x6E, 0x28, 0xA6,
+        0x42, 0xB2, 0xB1, 0x30, 0x1D, 0x56, 0x28, 0xCD,
+        0xF3, 0x4E, 0xA7, 0x3E, 0x74, 0x04, 0x7D, 0xA5,
+        0x86, 0xD9, 0x1A, 0xDF, 0x07, 0xBC, 0x2C, 0x59,
+        0xB1, 0x91, 0x6D, 0x9B, 0xA2, 0xD0, 0x72, 0xE7,
+        0xA5, 0x56, 0x4A, 0x27, 0x56, 0x1F, 0x65, 0xCD,
+        0x90, 0x7B, 0xB7, 0x5A, 0x51, 0x25, 0x75, 0x1B,
+        0xD9, 0xD4, 0xC7, 0x19, 0x8A, 0xB0, 0x3D, 0x38,
+        0x22, 0x61, 0xCF, 0xD9, 0x66, 0xED, 0xF5, 0xB8,
+        0xF5, 0x86, 0xFF, 0x98, 0x1A, 0xB7, 0xFB, 0x67,
+        0xED, 0x25, 0x52, 0xD9, 0x2F, 0x84, 0xDC, 0x96,
+        0x89, 0x2C, 0x52, 0xCF, 0x5F, 0xA0, 0xEA, 0xD0,
+        0xB3, 0x38, 0x98, 0xFC, 0xD7, 0x50, 0x84, 0xCF,
+        0xA5, 0xE9, 0x53, 0x8B, 0x44, 0x38, 0xB5, 0x7D,
+        0xD8, 0xAD, 0x0A, 0xE5, 0x35, 0x78, 0x29, 0xBF,
+        0x9F, 0x6B, 0x2C, 0xBB, 0x97, 0x9D, 0xD3, 0x64,
+        0x23, 0x2B, 0xA8, 0xA4, 0x71, 0xE3, 0xF1, 0x2F,
+        0x61, 0xC9, 0x68, 0xD2, 0x06, 0xD0, 0x4E, 0x87,
+        0x03, 0x99, 0xCC, 0xB1, 0x83, 0xB6, 0x94, 0x61,
+        0x3C, 0xE9, 0xE0, 0x7D, 0x13, 0xAF, 0xCF, 0xE4,
+        0xA6, 0x42, 0x7F, 0x62, 0x8F, 0xFC, 0x10, 0xF1,
+        0x08, 0x4D, 0x1D, 0xFC, 0x0F, 0x37, 0x11, 0xBE,
+        0xD7, 0xF1, 0x80, 0x46, 0xAF, 0xFA, 0x13, 0x65,
+        0x99, 0xAE, 0xF9, 0xD0, 0x13, 0xA7, 0xC7, 0x3A,
+        0xD2, 0xC1, 0x9B, 0x5A, 0xB8, 0xC3, 0x08, 0x13,
+        0x49, 0x40, 0x33, 0x0D, 0x1F, 0x93, 0x5D, 0x10,
+        0x49, 0x3E, 0x4F, 0x90, 0x34, 0xC5, 0xEA, 0xF7,
+        0x24, 0xFF, 0xF3, 0xC5, 0x95, 0xF7, 0x1F, 0x13,
+        0x9A, 0xE0, 0x0C, 0xCD, 0x61, 0x93, 0x39, 0xE6,
+        0xAF, 0xD5, 0x3E, 0xA9, 0xD8, 0xC4, 0x8F, 0x64,
+        0x05, 0x09, 0x45, 0x2A, 0xEB, 0x12, 0xC5, 0x51,
+        0x58, 0x1C, 0x55, 0x20, 0xE9, 0x29, 0x74, 0xC7,
+        0x10, 0x01, 0xF3, 0xA4, 0x56, 0xB4, 0x14, 0xFE,
+        0x9C, 0x10, 0x2F, 0xF8, 0xBF, 0xB5, 0x9C, 0x6E,
+        0xBB, 0xE6, 0x52, 0xE7, 0xAC, 0xA7, 0xCE, 0x41,
+        0x6E, 0x00, 0x66, 0x0A, 0x2F, 0x46, 0x71, 0xB8,
+        0x8F, 0x45, 0x89, 0x26, 0x68, 0xCD, 0x49, 0xDF,
+        0xCB, 0xCD, 0xD6, 0x66, 0xC6, 0xA7, 0x8E, 0xB3,
+        0xE4, 0x72, 0xEF, 0xBA, 0xA6, 0x6D, 0x7A, 0xB7,
+        0xE9, 0xD9, 0xB2, 0x60, 0xB5, 0x82, 0x77, 0x20,
+        0x2A, 0xFA, 0xE3, 0xCB, 0xF5, 0x30, 0x50, 0x30,
+        0xC6, 0x19, 0x67, 0xA8, 0xB8, 0xFA, 0xFE, 0xB6,
+        0xDA, 0xB6, 0xB6, 0xBF, 0x07, 0x90, 0x40, 0xD8,
+        0x5B, 0x15, 0x48, 0x39, 0xCD, 0x99, 0x0F, 0x3A,
+        0x28, 0xD2, 0x2E, 0xBA, 0xAC, 0x6D, 0xA3, 0xF8,
+        0x53, 0x88, 0xF0, 0x86, 0x87, 0x70, 0xF5, 0x07,
+        0xD2, 0x99, 0xC4, 0xCA, 0xDD, 0xD8, 0x8C, 0xEB,
+        0x00, 0x96, 0xB4, 0x62, 0xA3, 0x7B, 0x79, 0x31,
+        0xB2, 0x85, 0xB0, 0x61, 0x39, 0xF2, 0xBC, 0x1D,
+        0x31, 0xC3, 0x0C, 0x7F, 0x70, 0x9A, 0x63, 0x74,
+        0xC6, 0xCB, 0xD3, 0x93, 0x0D, 0x43, 0x7F, 0x80,
+        0x85, 0x87, 0x72, 0x98, 0xE1, 0x6E, 0x9A, 0x59,
+        0x2E, 0x6C, 0xA8, 0x9E, 0xC2, 0xC0, 0x72, 0xFE,
+        0x26, 0xE8, 0xAF, 0x89, 0x61, 0xCA, 0x0D, 0x15,
+        0xCC, 0xB0, 0xBA, 0x10, 0xB8, 0x9D, 0x77, 0x2C,
+        0x6C, 0x28, 0xCC, 0x70, 0x5B, 0x1F, 0x5D, 0x68,
+        0xD4, 0xC8, 0x1F, 0x0F, 0x67, 0xF5, 0x3E, 0x5C,
+        0x70, 0x50, 0x4B, 0x32, 0x12, 0xE6, 0x1A, 0xCE,
+        0xB8, 0x32, 0x5F, 0x1D, 0xC5, 0xFB, 0x07, 0x77,
+        0xAD, 0x85, 0x45, 0x95, 0x04, 0x0D, 0x94, 0x7A,
+        0x1F, 0xDD, 0x05, 0x74, 0x14, 0xA5, 0x9A, 0x66,
+        0xF4, 0x93, 0xBE, 0xF2, 0xA9, 0x5B, 0xCD, 0xAB,
+        0xC7, 0x82, 0xF7, 0xE7, 0x4A, 0x1C, 0x90, 0x6B,
+        0x9A, 0xBD, 0x93, 0xDD, 0x41, 0x56, 0xDA, 0xA5,
+        0x0F, 0x5D, 0x57, 0x2C, 0xBA, 0x07, 0x07, 0x4B,
+        0x91, 0x33, 0xE6, 0x1B, 0x0E, 0x25, 0x9E, 0x36,
+        0xBF, 0xCA, 0x21, 0xCE, 0xC6, 0x82, 0x33, 0x4D,
+        0x42, 0x4F, 0x2E, 0x71, 0xC2, 0xE7, 0x6F, 0x16,
+        0xF6, 0xB7, 0x30, 0x1C, 0xA1, 0xA8, 0xE3, 0xE7,
+        0xB1, 0x71, 0xDD, 0x9F, 0x90, 0x1F, 0x01, 0x1D,
+        0x0A, 0xBD, 0x2C, 0x4A, 0x22, 0x84, 0x5C, 0xBF,
+        0x61, 0x07, 0x24, 0xC4, 0x0D, 0x23, 0xDB, 0xC6,
+        0x28, 0xB1, 0x27, 0xCB, 0x7E, 0x06, 0xF8, 0x3C,
+        0x42, 0xF9, 0x51, 0x2F, 0x21, 0xC5, 0x80, 0x98,
+        0x08, 0x2F, 0x56, 0x58, 0xD7, 0xE0, 0xDA, 0xC4,
+        0x24, 0x0C, 0xE8, 0xFA, 0x94, 0x23, 0x57, 0xA6,
+        0xD8, 0xE2, 0xC5, 0xCC, 0x16, 0x70, 0x55, 0x57,
+        0xC4, 0x52, 0x2D, 0x94, 0xCE, 0x5B, 0x22, 0x8E,
+        0x6C, 0x3D, 0x8E, 0x74, 0x9D, 0xFD, 0x47, 0xC7,
+        0x42, 0x11, 0x41, 0x9F, 0x6A, 0x0A, 0xF6, 0x16,
+        0x97, 0xB1, 0x24, 0xC4, 0x6C, 0x98, 0xF8, 0x62,
+        0x51, 0xE9, 0x67, 0x6D, 0x39, 0x2B, 0x76, 0x19,
+        0x5F, 0x41, 0xF4, 0x82, 0x51, 0x87, 0xFF, 0xAA,
+        0x87, 0xE3, 0x46, 0x87, 0xC0, 0xC9, 0xBB, 0xB5,
+        0xAC, 0xA0, 0xD1, 0x56, 0x54, 0xC2, 0x2C, 0x59,
+        0x9E, 0x78, 0xF9, 0xA6, 0xBA, 0xCB, 0xE2, 0x45,
+        0x8A, 0xC1, 0xE5, 0xDF, 0xC3, 0x81, 0x91, 0xDB,
+        0xDB, 0x9E, 0xE2, 0x9C, 0xB9, 0x44, 0x5F, 0x5D,
+        0x6D, 0x83, 0x8D, 0x2D, 0x3E, 0x72, 0x2F, 0x98,
+        0xFC, 0xFA, 0x5F, 0xC0, 0xF0, 0x03, 0x4A, 0x42,
+        0x19, 0x67, 0x48, 0x24, 0x70, 0x35, 0xAE, 0x37,
+        0x34, 0x27, 0xAB, 0xD6, 0x92, 0xB8, 0xB4, 0x52,
+        0xC9, 0xD1, 0xF0, 0x5C, 0xAC, 0xFA, 0xB9, 0x2D,
+        0xCE, 0xF2, 0x24, 0xE3, 0x53, 0xF4, 0x2D, 0x65,
+        0x8D, 0xBF, 0x27, 0x3F, 0xAF, 0x62, 0xE0, 0x27,
+        0xBE, 0x12, 0xCB, 0x40, 0xA4, 0x99, 0xAF, 0x47,
+        0x19, 0x5F, 0x68, 0x69, 0x7F, 0x8C, 0xD2, 0x1E,
+        0x4A, 0xA1, 0xA4, 0x3D, 0x5A, 0x62, 0x6F, 0x78,
+        0x87, 0x8E, 0xA0, 0xC0, 0xF3, 0x2C, 0x60, 0xC3,
+        0xCE, 0xDD, 0xED, 0x7C, 0xAF, 0xE0, 0x0B, 0x72,
+        0x9D, 0xBA, 0xC6, 0xEE, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        0x0B, 0x15, 0x1B, 0x1E, 0x24
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte sk_87[] = {
+        0xF1, 0x79, 0x16, 0xD9, 0x5C, 0x51, 0x2F, 0xEC,
+        0x0C, 0xEF, 0xA6, 0xA1, 0x5C, 0x9F, 0xB3, 0xBF,
+        0x84, 0xFF, 0x8D, 0x7F, 0xA3, 0x55, 0x22, 0xEB,
+        0x1C, 0x91, 0x5C, 0x4D, 0x25, 0x4E, 0x89, 0x35,
+        0x24, 0x8E, 0x3C, 0x08, 0x58, 0x2B, 0x74, 0x5E,
+        0xB2, 0xFD, 0x13, 0x15, 0x2B, 0x5D, 0xAE, 0xEA,
+        0xB0, 0x72, 0x80, 0x42, 0xB0, 0x08, 0x85, 0xBB,
+        0x92, 0xF8, 0x44, 0xA8, 0x6B, 0x42, 0x62, 0x03,
+        0x5C, 0x9F, 0x44, 0x8A, 0x2B, 0x78, 0xEF, 0x5D,
+        0xB3, 0x47, 0xE0, 0x25, 0x04, 0x15, 0xE1, 0x01,
+        0x5F, 0xBB, 0x34, 0x31, 0x91, 0x24, 0x07, 0xC8,
+        0x5A, 0x2F, 0x36, 0x2A, 0x85, 0xA9, 0xAE, 0x42,
+        0x77, 0x23, 0xBF, 0x62, 0x69, 0x7B, 0x77, 0x99,
+        0x1B, 0x3E, 0x93, 0xA3, 0x81, 0x13, 0x3F, 0x95,
+        0x0D, 0x40, 0xE7, 0xC1, 0xAC, 0xBC, 0x17, 0xE4,
+        0xF1, 0xD1, 0x0C, 0xD1, 0x27, 0x4C, 0x8D, 0x3C,
+        0x84, 0x02, 0x02, 0x0A, 0xC5, 0x10, 0x1C, 0xC3,
+        0x4D, 0xD0, 0x94, 0x70, 0x24, 0xC0, 0x89, 0x94,
+        0x08, 0x4D, 0xC2, 0x30, 0x20, 0x63, 0xC0, 0x24,
+        0xE1, 0x80, 0x40, 0xD0, 0x26, 0x68, 0x10, 0x97,
+        0x01, 0x83, 0xC2, 0x91, 0x5A, 0x90, 0x2D, 0x44,
+        0x94, 0x6D, 0x10, 0x09, 0x50, 0x11, 0xA7, 0x0D,
+        0xE4, 0x04, 0x89, 0x9B, 0x80, 0x8D, 0x40, 0xB8,
+        0x45, 0x4B, 0x86, 0x0D, 0xC8, 0xB6, 0x05, 0xC0,
+        0xC0, 0x71, 0x02, 0x09, 0x06, 0xA2, 0x00, 0x2D,
+        0x0B, 0x24, 0x86, 0xA0, 0x90, 0x11, 0x20, 0x16,
+        0x82, 0x1B, 0x24, 0x42, 0xCB, 0xB6, 0x70, 0x43,
+        0x36, 0x05, 0xDA, 0x16, 0x25, 0x9A, 0x34, 0x6C,
+        0xCB, 0xB4, 0x08, 0xC4, 0x16, 0x90, 0x24, 0x29,
+        0x6C, 0x42, 0x90, 0x04, 0x24, 0x06, 0x46, 0x84,
+        0x12, 0x6D, 0xC2, 0x26, 0x00, 0x88, 0x40, 0x02,
+        0x51, 0xC8, 0x40, 0x9C, 0x16, 0x24, 0x82, 0x18,
+        0x26, 0x21, 0x06, 0x0C, 0x12, 0xC2, 0x71, 0x50,
+        0x98, 0x91, 0x4A, 0x40, 0x28, 0x48, 0x48, 0x21,
+        0x5A, 0x18, 0x49, 0x1B, 0xB7, 0x01, 0x5A, 0xC6,
+        0x48, 0xA1, 0x90, 0x2C, 0x14, 0x18, 0x2D, 0xD2,
+        0x20, 0x62, 0xDC, 0xB6, 0x49, 0x00, 0x09, 0x6D,
+        0x40, 0xA8, 0x4D, 0x24, 0xC8, 0x24, 0x4C, 0x06,
+        0x08, 0x80, 0x40, 0x4E, 0xD3, 0x18, 0x88, 0x12,
+        0x09, 0x91, 0x8B, 0x12, 0x31, 0xC9, 0x16, 0x04,
+        0x64, 0x10, 0x72, 0xDA, 0x84, 0x91, 0x92, 0xC6,
+        0x65, 0x22, 0x10, 0x48, 0x18, 0xC9, 0x00, 0x14,
+        0x44, 0x62, 0x24, 0xC1, 0x60, 0x40, 0xC6, 0x10,
+        0x4A, 0x48, 0x28, 0x9B, 0x44, 0x66, 0x91, 0x10,
+        0x52, 0xD3, 0x26, 0x52, 0xD8, 0xA6, 0x0C, 0x0A,
+        0xA8, 0x44, 0xD8, 0x26, 0x0C, 0x64, 0x86, 0x45,
+        0x44, 0x20, 0x00, 0xD2, 0x48, 0x85, 0xDC, 0x46,
+        0x32, 0xC8, 0x22, 0x45, 0x5B, 0x00, 0x8D, 0x20,
+        0xA5, 0x45, 0x01, 0xC1, 0x91, 0xA2, 0x12, 0x84,
+        0x20, 0x47, 0x0E, 0x98, 0xA8, 0x25, 0xD9, 0xA0,
+        0x4D, 0xA4, 0x06, 0x2D, 0x5B, 0xB0, 0x08, 0x21,
+        0xB0, 0x80, 0x4C, 0x10, 0x2C, 0xC4, 0x98, 0x71,
+        0x99, 0x24, 0x24, 0xA4, 0x36, 0x71, 0x4B, 0xB6,
+        0x49, 0xE1, 0x92, 0x00, 0x09, 0x92, 0x4C, 0x89,
+        0x12, 0x49, 0x1A, 0x39, 0x2A, 0xE0, 0x22, 0x69,
+        0x61, 0xB2, 0x50, 0x40, 0x26, 0x8E, 0xC9, 0xA2,
+        0x08, 0x0A, 0x90, 0x24, 0x13, 0x35, 0x06, 0x21,
+        0x24, 0x62, 0x60, 0xB0, 0x01, 0xE3, 0xC6, 0x29,
+        0x5B, 0x28, 0x89, 0x20, 0x90, 0x70, 0xC4, 0xA4,
+        0x31, 0x08, 0x42, 0x11, 0x10, 0xC0, 0x71, 0x98,
+        0x98, 0x20, 0xC4, 0xA8, 0x29, 0x1A, 0x15, 0x32,
+        0xC4, 0x86, 0x6C, 0x18, 0x14, 0x6A, 0x02, 0x46,
+        0x46, 0xDC, 0xC2, 0x4C, 0x81, 0x02, 0x6D, 0x49,
+        0x16, 0x48, 0x10, 0x94, 0x6C, 0x0A, 0x85, 0x90,
+        0x9C, 0x34, 0x84, 0x54, 0x24, 0x25, 0x49, 0xA8,
+        0x21, 0x04, 0xA6, 0x2C, 0x61, 0x00, 0x01, 0x61,
+        0x46, 0x92, 0xE0, 0xA6, 0x44, 0xE2, 0x00, 0x90,
+        0xC8, 0x06, 0x06, 0x90, 0xB8, 0x2D, 0x0B, 0x85,
+        0x85, 0x20, 0x23, 0x0D, 0x83, 0x94, 0x04, 0x54,
+        0x26, 0x50, 0x41, 0x92, 0x29, 0x09, 0x16, 0x20,
+        0x54, 0xC6, 0x2D, 0x81, 0xC8, 0x8C, 0x09, 0x44,
+        0x44, 0xE2, 0x06, 0x30, 0x13, 0x92, 0x49, 0x0B,
+        0x17, 0x48, 0x93, 0x28, 0x86, 0xD8, 0xA4, 0x50,
+        0xD1, 0x32, 0x91, 0x08, 0xB8, 0x05, 0xA4, 0x02,
+        0x62, 0x01, 0x15, 0x82, 0xE3, 0x18, 0x42, 0x83,
+        0xC6, 0x44, 0x43, 0x02, 0x81, 0x53, 0x88, 0x04,
+        0x04, 0x98, 0x31, 0x19, 0x18, 0x46, 0xDB, 0x02,
+        0x89, 0x10, 0x23, 0x81, 0x03, 0x90, 0x71, 0x83,
+        0x26, 0x89, 0x1A, 0x01, 0x05, 0xCA, 0xB0, 0x01,
+        0x4C, 0x84, 0x09, 0x10, 0x11, 0x84, 0x13, 0xB1,
+        0x20, 0x61, 0xB8, 0x41, 0x1B, 0x02, 0x8C, 0x09,
+        0x98, 0x61, 0x83, 0x18, 0x61, 0x08, 0xC1, 0x6D,
+        0x44, 0x86, 0x09, 0xCB, 0x88, 0x8D, 0x93, 0xB4,
+        0x41, 0x58, 0x90, 0x81, 0x04, 0x31, 0x08, 0xD1,
+        0xC4, 0x04, 0x19, 0xB4, 0x4C, 0x1C, 0x88, 0x20,
+        0xCA, 0x30, 0x72, 0x1C, 0xB5, 0x85, 0x13, 0x27,
+        0x32, 0x84, 0xB4, 0x44, 0x04, 0x42, 0x20, 0x61,
+        0x18, 0x52, 0x50, 0x96, 0x44, 0x03, 0x38, 0x86,
+        0xE3, 0x48, 0x31, 0x02, 0x82, 0x68, 0x98, 0x06,
+        0x90, 0x23, 0x28, 0x04, 0x10, 0x18, 0x0D, 0x10,
+        0x28, 0x45, 0x4C, 0x84, 0x6C, 0x09, 0x36, 0x71,
+        0x82, 0x26, 0x64, 0x18, 0xC6, 0x21, 0x90, 0x18,
+        0x22, 0x0A, 0x37, 0x08, 0xC4, 0x94, 0x28, 0xE2,
+        0x30, 0x2C, 0x92, 0xB4, 0x24, 0x63, 0x46, 0x70,
+        0x52, 0x96, 0x0C, 0x8B, 0xA4, 0x05, 0xD3, 0x02,
+        0x85, 0x09, 0x32, 0x92, 0x49, 0x12, 0x21, 0x18,
+        0x43, 0x28, 0x01, 0x32, 0x45, 0x0B, 0xA5, 0x50,
+        0x14, 0x16, 0x65, 0x91, 0x80, 0x65, 0x0A, 0x44,
+        0x66, 0x13, 0xB6, 0x4C, 0x01, 0x38, 0x71, 0x11,
+        0x49, 0x28, 0x22, 0x43, 0x02, 0x0B, 0x34, 0x04,
+        0x01, 0x16, 0x91, 0x80, 0x14, 0x0E, 0x12, 0x93,
+        0x01, 0x00, 0x11, 0x80, 0xDC, 0x28, 0x51, 0x11,
+        0x87, 0x85, 0xC1, 0x34, 0x28, 0x02, 0xA2, 0x11,
+        0x02, 0x38, 0x44, 0x52, 0x14, 0x64, 0xC2, 0xA0,
+        0x01, 0x1B, 0x42, 0x8C, 0xC2, 0xB2, 0x71, 0xCB,
+        0x16, 0x00, 0xCC, 0x10, 0x21, 0x04, 0x12, 0x52,
+        0x84, 0x24, 0x2A, 0xD3, 0x48, 0x12, 0x08, 0x44,
+        0x08, 0x81, 0x88, 0x44, 0x01, 0x23, 0x50, 0xC0,
+        0xA2, 0x09, 0x81, 0x94, 0x50, 0x02, 0x89, 0x61,
+        0x01, 0x31, 0x88, 0x1B, 0xA2, 0x61, 0x90, 0x94,
+        0x84, 0x91, 0x24, 0x09, 0x03, 0x18, 0x22, 0xA3,
+        0x46, 0x60, 0x10, 0x16, 0x4D, 0x48, 0x84, 0x89,
+        0x11, 0x00, 0x2E, 0xCC, 0xC0, 0x40, 0x8C, 0xC0,
+        0x51, 0xE4, 0x42, 0x62, 0xDA, 0x24, 0x11, 0x13,
+        0x19, 0x46, 0x93, 0x34, 0x4C, 0x42, 0x42, 0x24,
+        0xC4, 0x48, 0x90, 0x00, 0x35, 0x80, 0x1B, 0x98,
+        0x51, 0x0B, 0x41, 0x60, 0x0C, 0x25, 0x46, 0x9A,
+        0xA8, 0x89, 0x12, 0x86, 0x4C, 0xE3, 0x16, 0x09,
+        0x14, 0x27, 0x24, 0x51, 0x26, 0x4D, 0x1B, 0x02,
+        0x10, 0x00, 0x17, 0x28, 0xD4, 0xA8, 0x45, 0x48,
+        0x88, 0x48, 0x01, 0xC7, 0x0D, 0x93, 0xC8, 0x40,
+        0x5B, 0x02, 0x49, 0x51, 0x02, 0x4A, 0x01, 0x42,
+        0x10, 0xE1, 0x08, 0x90, 0x03, 0x85, 0x48, 0x11,
+        0xA8, 0x68, 0x8B, 0x90, 0x08, 0x5A, 0x02, 0x0C,
+        0x5A, 0x18, 0x50, 0x11, 0x87, 0x51, 0x9C, 0x38,
+        0x92, 0xD0, 0x44, 0x82, 0x10, 0x33, 0x21, 0x88,
+        0x44, 0x2D, 0x24, 0x28, 0x0D, 0x22, 0xA3, 0x30,
+        0x49, 0x88, 0x25, 0xA1, 0xB2, 0x01, 0x5C, 0x40,
+        0x20, 0x1C, 0x03, 0x72, 0xCC, 0x96, 0x8C, 0x51,
+        0xA6, 0x88, 0xE3, 0x92, 0x08, 0x13, 0xB0, 0x08,
+        0x5C, 0x38, 0x44, 0x03, 0x47, 0x8E, 0x93, 0x12,
+        0x4A, 0x88, 0x20, 0x48, 0xE0, 0x42, 0x20, 0x81,
+        0x90, 0x09, 0x4B, 0x06, 0x6D, 0xD2, 0x90, 0x10,
+        0x01, 0x82, 0x49, 0x19, 0x28, 0x91, 0xDA, 0x20,
+        0x2A, 0x20, 0x85, 0x40, 0x0A, 0x16, 0x8A, 0x1C,
+        0x83, 0x60, 0xCA, 0x48, 0x4A, 0xA2, 0xC8, 0x50,
+        0xE4, 0x02, 0x31, 0x88, 0x86, 0x88, 0x53, 0x00,
+        0x89, 0x60, 0x08, 0x8A, 0xA2, 0x02, 0x0A, 0x0A,
+        0x34, 0x45, 0x03, 0x04, 0x42, 0x1B, 0x40, 0x09,
+        0x89, 0xA0, 0x69, 0x42, 0x18, 0x49, 0x4A, 0xA8,
+        0x8C, 0x99, 0x90, 0x30, 0xCA, 0x38, 0x91, 0x09,
+        0x31, 0x72, 0x8B, 0x44, 0x29, 0x52, 0xA2, 0x8D,
+        0x08, 0x14, 0x6E, 0xA1, 0x84, 0x50, 0x1C, 0x31,
+        0x46, 0x19, 0xB7, 0x01, 0xCC, 0x06, 0x29, 0x11,
+        0x09, 0x20, 0x4B, 0x40, 0x66, 0x40, 0xC4, 0x49,
+        0x00, 0x13, 0x24, 0xD0, 0xA2, 0x84, 0xCA, 0x16,
+        0x29, 0xD0, 0xC0, 0x84, 0xC8, 0x88, 0x44, 0xE1,
+        0x20, 0x29, 0x1A, 0x97, 0x05, 0x90, 0x42, 0x90,
+        0x04, 0x40, 0x71, 0x9C, 0x32, 0x4E, 0x64, 0x26,
+        0x22, 0x93, 0x36, 0x66, 0xD3, 0x06, 0x49, 0xA3,
+        0x26, 0x51, 0x4C, 0xA6, 0x89, 0x84, 0x36, 0x84,
+        0x93, 0x46, 0x6D, 0x14, 0x07, 0x8D, 0x18, 0x29,
+        0x42, 0x52, 0x34, 0x72, 0x44, 0x10, 0x90, 0x12,
+        0x37, 0x81, 0xD4, 0x10, 0x64, 0x04, 0xA5, 0x08,
+        0x84, 0x24, 0x09, 0x1C, 0x08, 0x8D, 0x02, 0x99,
+        0x6C, 0x1B, 0x30, 0x50, 0x09, 0x89, 0x81, 0x19,
+        0x30, 0x48, 0x5B, 0x14, 0x4D, 0xD9, 0x20, 0x20,
+        0x0C, 0x01, 0x2A, 0x00, 0x90, 0x4D, 0xA1, 0x02,
+        0x64, 0x1C, 0x03, 0x01, 0xC2, 0x26, 0x8C, 0x14,
+        0x08, 0x45, 0xE3, 0x12, 0x48, 0x09, 0x20, 0x09,
+        0x41, 0x40, 0x61, 0x90, 0x44, 0x21, 0x49, 0x06,
+        0x91, 0x4B, 0xC0, 0x84, 0x22, 0x95, 0x51, 0x23,
+        0x38, 0x0E, 0x5C, 0x28, 0x70, 0xC2, 0x40, 0x2C,
+        0x94, 0x18, 0x62, 0x9A, 0x30, 0x4A, 0xE2, 0x86,
+        0x4C, 0x5C, 0x10, 0x8D, 0xC2, 0x12, 0x21, 0x9C,
+        0xC4, 0x4D, 0xD9, 0x96, 0x88, 0x0C, 0x29, 0x45,
+        0x1B, 0x45, 0x6A, 0x1A, 0x00, 0x60, 0x91, 0x30,
+        0x0C, 0x12, 0x00, 0x69, 0xA2, 0xA0, 0x04, 0x81,
+        0x00, 0x65, 0x5C, 0x38, 0x8A, 0x18, 0x05, 0x89,
+        0x48, 0x32, 0x24, 0x81, 0xC6, 0x4D, 0x60, 0x90,
+        0x31, 0x83, 0x22, 0x12, 0xE1, 0xC2, 0x6C, 0x89,
+        0x00, 0x90, 0x14, 0xB4, 0x40, 0xD3, 0xB8, 0x45,
+        0x89, 0x24, 0x70, 0x09, 0x26, 0x6C, 0xD9, 0x32,
+        0x8A, 0x83, 0x44, 0x0E, 0x21, 0x44, 0x61, 0x99,
+        0xA4, 0x20, 0x44, 0x16, 0x2E, 0x1A, 0xC2, 0x08,
+        0x09, 0x98, 0x6C, 0x8C, 0x18, 0x8C, 0x0C, 0x30,
+        0x62, 0x8B, 0x46, 0x45, 0x80, 0x10, 0x21, 0x20,
+        0x33, 0x32, 0x5A, 0x38, 0x4C, 0x98, 0x06, 0x45,
+        0x1A, 0x33, 0x09, 0x82, 0x34, 0x44, 0x02, 0x20,
+        0x09, 0x59, 0x00, 0x41, 0x08, 0x13, 0x08, 0xDC,
+        0x18, 0x68, 0x12, 0x47, 0x86, 0x43, 0xB8, 0x21,
+        0x62, 0x02, 0x8D, 0x5C, 0x10, 0x0D, 0x60, 0x96,
+        0x65, 0xA2, 0x22, 0x4C, 0x83, 0x18, 0x09, 0x41,
+        0x08, 0x41, 0x63, 0xC2, 0x80, 0x13, 0x81, 0x65,
+        0x22, 0x03, 0x92, 0x04, 0xA9, 0x4D, 0x1C, 0xB0,
+        0x44, 0x80, 0xC6, 0x24, 0x00, 0x01, 0x44, 0x22,
+        0x11, 0x80, 0x21, 0x95, 0x64, 0x09, 0x99, 0x8C,
+        0xD3, 0x14, 0x4A, 0xD1, 0x98, 0x2D, 0x19, 0x31,
+        0x4C, 0x0A, 0x92, 0x40, 0x13, 0x98, 0x48, 0x14,
+        0x89, 0x20, 0x23, 0xB3, 0x0D, 0x14, 0x98, 0x6D,
+        0x12, 0x98, 0x05, 0x9B, 0x14, 0x06, 0x5B, 0x26,
+        0x91, 0x0A, 0x38, 0x09, 0x08, 0x98, 0x2C, 0x19,
+        0xA0, 0x45, 0x44, 0x26, 0x00, 0x0A, 0x05, 0x21,
+        0xDB, 0xA0, 0x69, 0x51, 0x42, 0x92, 0x0B, 0x43,
+        0x00, 0xD1, 0x42, 0x0D, 0x81, 0x30, 0x28, 0x13,
+        0xC2, 0x20, 0x03, 0x27, 0x60, 0x10, 0x83, 0x91,
+        0x0A, 0x53, 0x7E, 0xA1, 0x4F, 0x11, 0x54, 0x5E,
+        0x25, 0x4F, 0xCF, 0x28, 0x03, 0x95, 0x2A, 0x58,
+        0x0A, 0x4B, 0x6C, 0x9B, 0x29, 0x10, 0x3D, 0x97,
+        0x43, 0x6C, 0x00, 0x3E, 0x2E, 0xCE, 0xAE, 0x20,
+        0x28, 0x01, 0x7F, 0xF1, 0xD5, 0x18, 0xB0, 0xB5,
+        0xD5, 0xE6, 0x24, 0x26, 0x64, 0xED, 0x33, 0x7C,
+        0xCA, 0x45, 0x26, 0xED, 0x5D, 0xB5, 0xEA, 0xD8,
+        0xBB, 0x31, 0x16, 0x94, 0x1C, 0xD0, 0xC8, 0xF0,
+        0xA7, 0xED, 0x5A, 0x1A, 0x5A, 0x00, 0xB9, 0x8C,
+        0x33, 0x6A, 0x9B, 0xC8, 0xEB, 0x6B, 0x3A, 0x30,
+        0x83, 0x16, 0xF1, 0x17, 0xEA, 0xA8, 0x0D, 0x4B,
+        0x77, 0x56, 0xDD, 0x4A, 0x91, 0xDA, 0xA5, 0x8E,
+        0x80, 0xD7, 0xB5, 0x77, 0x55, 0x83, 0x97, 0xAF,
+        0x90, 0x5B, 0x67, 0xC5, 0x9F, 0x14, 0xE1, 0x2C,
+        0x15, 0x8D, 0x29, 0x2C, 0xA6, 0xB6, 0x41, 0xED,
+        0x0C, 0x75, 0xE3, 0x9A, 0x91, 0x4F, 0xFA, 0x1A,
+        0x9F, 0x24, 0xCA, 0x28, 0xF2, 0x00, 0xC7, 0x48,
+        0xDE, 0x70, 0x9D, 0x15, 0xD7, 0x22, 0xE7, 0xED,
+        0x2C, 0x91, 0x8D, 0xEF, 0x08, 0xCF, 0xAF, 0x9B,
+        0x7E, 0x24, 0xDE, 0xF2, 0xD5, 0x1A, 0x4D, 0x42,
+        0x0E, 0x7E, 0x89, 0x06, 0xFA, 0xCD, 0x9A, 0x5A,
+        0x98, 0xB0, 0xD1, 0xD5, 0x34, 0x5C, 0x8B, 0x9A,
+        0xC0, 0xBB, 0xF4, 0xB1, 0x5E, 0xF0, 0xB4, 0x6A,
+        0x8E, 0x3B, 0x6B, 0xAE, 0x0C, 0x6E, 0x9F, 0x09,
+        0x2E, 0xB3, 0xEF, 0x1D, 0x49, 0x62, 0x0B, 0x65,
+        0xE7, 0xDE, 0xDB, 0xEF, 0x68, 0x7E, 0xBD, 0x0E,
+        0xA0, 0x95, 0x97, 0x2A, 0x56, 0xA0, 0xEA, 0xFB,
+        0x2D, 0x75, 0xF4, 0x32, 0x1B, 0x80, 0xAC, 0xBC,
+        0xA3, 0x2B, 0x1B, 0x11, 0xAA, 0x57, 0x6F, 0xE4,
+        0xE0, 0xCC, 0xCC, 0x20, 0x52, 0x12, 0x65, 0x42,
+        0x96, 0xF0, 0x60, 0x8F, 0xF3, 0x83, 0x69, 0xAF,
+        0x19, 0x80, 0x75, 0x68, 0xDB, 0xE1, 0x71, 0xDB,
+        0x79, 0xEB, 0x8C, 0x1C, 0xB7, 0x6A, 0x8E, 0xB9,
+        0x5B, 0x28, 0x8C, 0x9D, 0xCC, 0x62, 0x0B, 0xEF,
+        0xCE, 0x96, 0x06, 0x0F, 0x45, 0xA6, 0xA2, 0xDA,
+        0xC2, 0x2F, 0x55, 0xE4, 0x7D, 0xC7, 0xBA, 0xB4,
+        0xA7, 0x93, 0xD9, 0x65, 0x8F, 0xE2, 0x7C, 0x66,
+        0x2C, 0xA6, 0x37, 0x00, 0x81, 0x30, 0xF1, 0x00,
+        0xD9, 0x65, 0xB4, 0x78, 0x17, 0x7A, 0xC6, 0xDC,
+        0x35, 0x93, 0x1A, 0x5E, 0xCC, 0x5F, 0x93, 0x31,
+        0x22, 0x40, 0x2C, 0x17, 0x0E, 0xB8, 0xE0, 0xA4,
+        0x1C, 0xB6, 0x3F, 0xE5, 0x60, 0x2F, 0x7B, 0x18,
+        0xE1, 0xDB, 0xB6, 0xDB, 0x30, 0xA7, 0x61, 0x55,
+        0xC6, 0xCF, 0x03, 0x0F, 0x73, 0x8D, 0xC0, 0x91,
+        0x6D, 0xB1, 0x80, 0xF8, 0x3F, 0x02, 0x90, 0x93,
+        0x11, 0xCB, 0x6B, 0x3B, 0x9E, 0x55, 0x3F, 0xAC,
+        0xA0, 0x52, 0x23, 0xB3, 0x3C, 0x69, 0x60, 0x2D,
+        0x0F, 0x05, 0xA0, 0x8B, 0xEB, 0x84, 0x80, 0x96,
+        0x51, 0x99, 0x9A, 0x55, 0x26, 0xE7, 0x76, 0xF3,
+        0xDE, 0x39, 0x30, 0x4A, 0x5F, 0xEF, 0x00, 0x95,
+        0x0A, 0x9A, 0x81, 0x0D, 0x12, 0xE0, 0x1D, 0x15,
+        0xD8, 0x86, 0xDB, 0x26, 0x75, 0xF6, 0x54, 0xCA,
+        0x17, 0xFA, 0xAE, 0xEB, 0xD1, 0xF5, 0x61, 0xF9,
+        0xD1, 0xA9, 0x5E, 0x0B, 0xAD, 0xF7, 0xC3, 0x31,
+        0x5A, 0xFA, 0xBA, 0x8D, 0x4B, 0xEC, 0x1F, 0x05,
+        0x42, 0xA8, 0xF1, 0x0A, 0xC6, 0x66, 0xFD, 0x8D,
+        0x0C, 0x5A, 0xF1, 0xD6, 0x86, 0x7A, 0x9D, 0x82,
+        0x6B, 0xFB, 0x6B, 0x03, 0x0B, 0x58, 0xEC, 0xEF,
+        0x67, 0x78, 0xD2, 0xC5, 0x2B, 0xF6, 0x2C, 0xB3,
+        0x4B, 0x81, 0xFF, 0x93, 0x6D, 0xA3, 0x3E, 0xDA,
+        0xB3, 0x1D, 0xB3, 0x9A, 0xB7, 0x63, 0x66, 0xD0,
+        0x94, 0x36, 0x2F, 0x04, 0x6D, 0x50, 0x78, 0xB4,
+        0x22, 0x35, 0x04, 0xA1, 0x2B, 0xA0, 0xC7, 0xB8,
+        0xE8, 0x83, 0x72, 0x77, 0x18, 0x50, 0x9B, 0xD4,
+        0x7A, 0x69, 0x6E, 0xE9, 0x88, 0x0C, 0xAF, 0xF6,
+        0x63, 0x61, 0x2B, 0x95, 0x86, 0x30, 0x3D, 0x6D,
+        0xE0, 0xD2, 0x1F, 0x9A, 0x21, 0x96, 0x22, 0x78,
+        0xEB, 0xCE, 0x60, 0xA6, 0xD4, 0x68, 0x44, 0x09,
+        0x5C, 0x5F, 0x89, 0x2D, 0xAC, 0xA4, 0x8D, 0x78,
+        0x28, 0x22, 0x45, 0x38, 0x34, 0xB4, 0xE4, 0x2C,
+        0xD3, 0xA1, 0xFE, 0x39, 0x87, 0x35, 0x6E, 0xAB,
+        0x11, 0xEF, 0xB8, 0xEE, 0xCD, 0x8E, 0x9C, 0xC8,
+        0xF3, 0x9A, 0x0F, 0xF1, 0xFF, 0xB8, 0x06, 0x9A,
+        0x44, 0x1F, 0x85, 0x1E, 0xB4, 0x38, 0xE9, 0xC0,
+        0xB5, 0x7E, 0x88, 0x18, 0xA3, 0x22, 0x65, 0x1E,
+        0x60, 0xF4, 0xB6, 0x78, 0x90, 0xE5, 0xED, 0x7A,
+        0x0F, 0xBF, 0x75, 0x36, 0xC3, 0xFD, 0x50, 0xD0,
+        0xB0, 0x65, 0x8D, 0x7C, 0xCF, 0x27, 0x5E, 0x8A,
+        0x9E, 0x9F, 0xBB, 0x99, 0xBE, 0x2E, 0x5F, 0x5E,
+        0x16, 0x7B, 0xE2, 0x90, 0xB7, 0xE9, 0x67, 0x32,
+        0xF8, 0x9E, 0x40, 0xD7, 0x85, 0xAF, 0x25, 0xC1,
+        0xBA, 0x61, 0xA7, 0x78, 0x6D, 0x3E, 0xF2, 0xD0,
+        0xC1, 0x14, 0xD1, 0x04, 0x8E, 0x76, 0x46, 0xDF,
+        0xA3, 0x03, 0x2B, 0xFB, 0x7A, 0x51, 0xA6, 0x36,
+        0x05, 0xDC, 0xE3, 0xE1, 0xD8, 0x98, 0x95, 0x00,
+        0xD6, 0xE5, 0x8E, 0x96, 0x05, 0x19, 0x93, 0x1D,
+        0xAC, 0x9F, 0x14, 0xDD, 0xA4, 0x28, 0xF5, 0xA2,
+        0xC9, 0xC7, 0x4D, 0x91, 0x6D, 0x90, 0x77, 0x07,
+        0xB5, 0x3E, 0xB5, 0x2C, 0x44, 0xAD, 0x71, 0xD7,
+        0x27, 0x82, 0x6E, 0xB2, 0xCA, 0x68, 0x07, 0x0A,
+        0x6F, 0x0E, 0x47, 0xFA, 0x16, 0xE5, 0x2E, 0x96,
+        0x29, 0xB7, 0xAA, 0x82, 0x41, 0xDA, 0xAB, 0xB1,
+        0x94, 0x97, 0xA5, 0x82, 0x4E, 0x58, 0xD7, 0x26,
+        0x75, 0xC3, 0xA6, 0x7E, 0x10, 0xA1, 0x19, 0xB2,
+        0x74, 0xB8, 0x4D, 0x9B, 0xEE, 0x28, 0x71, 0x72,
+        0x8E, 0xD2, 0xF9, 0x4F, 0x85, 0x59, 0xB9, 0x7F,
+        0x97, 0x9A, 0xE8, 0x82, 0xEA, 0x54, 0x99, 0x28,
+        0xD6, 0xB1, 0xA9, 0xA4, 0xE4, 0xA2, 0x29, 0xF6,
+        0xEB, 0x3F, 0xB1, 0xA4, 0x34, 0xA0, 0xFA, 0xED,
+        0xAD, 0x62, 0xB7, 0x03, 0x30, 0xCF, 0xCB, 0x24,
+        0xCB, 0x34, 0x98, 0x80, 0x2A, 0x67, 0x9F, 0x8F,
+        0x54, 0xBF, 0x83, 0xEF, 0x34, 0x47, 0x22, 0x96,
+        0x91, 0x98, 0x31, 0xCA, 0xAD, 0x59, 0xEB, 0xE8,
+        0x30, 0x82, 0xEA, 0xB6, 0x7D, 0x4A, 0xBD, 0x90,
+        0x22, 0x9A, 0x5E, 0x93, 0xA0, 0xB5, 0x80, 0x97,
+        0x7F, 0x08, 0x13, 0xCC, 0xB1, 0x5E, 0xCD, 0x74,
+        0xFF, 0x71, 0x5F, 0xE8, 0xDB, 0x5B, 0x05, 0xCE,
+        0xF3, 0x7D, 0x34, 0x93, 0xBE, 0xDA, 0x27, 0x05,
+        0x84, 0x94, 0x4C, 0x02, 0x09, 0x86, 0x34, 0x51,
+        0x4D, 0xAA, 0xCE, 0x70, 0x47, 0xE4, 0x74, 0x32,
+        0xF9, 0x2A, 0xDC, 0xA4, 0x91, 0xA3, 0xE0, 0x96,
+        0x1A, 0x5D, 0x9F, 0x01, 0x44, 0x85, 0x2E, 0x46,
+        0x32, 0x63, 0x35, 0xE2, 0x15, 0x24, 0x3D, 0xAA,
+        0xE8, 0x37, 0x92, 0x7F, 0xBF, 0xDC, 0xE6, 0x91,
+        0xF4, 0x98, 0x59, 0x26, 0x6E, 0x90, 0x08, 0x16,
+        0x8C, 0x6A, 0x5E, 0x2F, 0x60, 0x9C, 0x80, 0xC6,
+        0x8E, 0x08, 0x20, 0xE7, 0x27, 0x19, 0xE9, 0xB5,
+        0x87, 0x3F, 0xA1, 0x99, 0xE1, 0x97, 0xF9, 0xC4,
+        0x94, 0xAA, 0x8A, 0x3A, 0x65, 0x26, 0x9E, 0x95,
+        0xB7, 0x61, 0xB6, 0x7B, 0xEC, 0x61, 0x13, 0xC1,
+        0x44, 0xA5, 0x69, 0x89, 0xC5, 0x75, 0x0D, 0x45,
+        0x05, 0x42, 0xCC, 0xF8, 0x1B, 0x24, 0x62, 0x09,
+        0x2F, 0x70, 0x71, 0x5D, 0x49, 0x14, 0xEB, 0x2C,
+        0xAA, 0x31, 0x74, 0xBC, 0x9E, 0xEB, 0x20, 0xAA,
+        0xB6, 0xC6, 0x40, 0xF8, 0xB5, 0xD9, 0xC6, 0xA0,
+        0xDC, 0xC6, 0xF0, 0xAE, 0xC9, 0x7B, 0x3A, 0xF6,
+        0x47, 0xEB, 0xF8, 0x00, 0x34, 0xA4, 0x3B, 0xF3,
+        0x19, 0xBF, 0x40, 0xAD, 0xF7, 0x9A, 0xFE, 0xAB,
+        0x58, 0x90, 0xD2, 0x02, 0x3B, 0xAE, 0x02, 0xC9,
+        0xFD, 0x02, 0xC5, 0xBB, 0x65, 0x87, 0x9C, 0x1B,
+        0x5E, 0xA4, 0x06, 0x02, 0x9A, 0xE7, 0x78, 0x45,
+        0xCB, 0x99, 0x4D, 0xB8, 0xC3, 0x52, 0x11, 0xCA,
+        0x1D, 0xC8, 0x81, 0xF7, 0xF2, 0x0A, 0x47, 0x06,
+        0x50, 0x5F, 0x29, 0xD9, 0xCD, 0x19, 0x89, 0xAD,
+        0x42, 0xB0, 0x7E, 0xF5, 0x2D, 0x96, 0x54, 0xE2,
+        0x8E, 0x3D, 0xCB, 0x83, 0x00, 0x08, 0xA1, 0xBE,
+        0x31, 0x99, 0x38, 0x7E, 0x06, 0x6B, 0x28, 0xB3,
+        0x15, 0xCA, 0x19, 0x02, 0xF4, 0xBB, 0x0E, 0xE6,
+        0x3F, 0xDC, 0x4C, 0x93, 0xE1, 0xAB, 0x88, 0x6F,
+        0xD7, 0x42, 0x52, 0x61, 0xC3, 0x7A, 0xC5, 0x87,
+        0x62, 0xD0, 0x3D, 0xB6, 0x07, 0x06, 0x88, 0x7E,
+        0x72, 0xCF, 0x74, 0x5A, 0x44, 0x6D, 0xF6, 0xC6,
+        0x66, 0x2F, 0x53, 0xDD, 0x61, 0x24, 0x71, 0xA4,
+        0x34, 0xAC, 0x56, 0xC4, 0xBE, 0xDB, 0x3C, 0x9F,
+        0x36, 0x47, 0xE6, 0x03, 0x2B, 0x3C, 0xC0, 0x99,
+        0x0A, 0x3A, 0x2E, 0x87, 0x05, 0x2B, 0x36, 0xD4,
+        0xA1, 0x62, 0x42, 0x4E, 0x2D, 0x39, 0x9E, 0x1B,
+        0xC2, 0x37, 0x92, 0x8D, 0x0B, 0xD7, 0x71, 0x58,
+        0x07, 0x9C, 0xCB, 0x20, 0x8B, 0x71, 0x95, 0x07,
+        0x96, 0x55, 0xBD, 0xB7, 0x6C, 0xBA, 0xFF, 0x44,
+        0x7C, 0x34, 0xC5, 0x82, 0x9F, 0xAC, 0x19, 0x9B,
+        0xB0, 0x27, 0xA0, 0x80, 0x06, 0x50, 0x8D, 0x56,
+        0xC8, 0x1D, 0x18, 0x70, 0x90, 0xE7, 0x10, 0x24,
+        0xDB, 0x7F, 0xBF, 0x3A, 0x7D, 0x64, 0xD8, 0xFA,
+        0x48, 0x74, 0xA8, 0xF4, 0x70, 0x37, 0x7B, 0x15,
+        0x38, 0x00, 0x96, 0x82, 0x2F, 0xFE, 0x46, 0x55,
+        0x71, 0xB5, 0x0C, 0x54, 0x05, 0x58, 0xBA, 0x50,
+        0xE9, 0x0E, 0xB8, 0x14, 0x52, 0xF4, 0x12, 0x75,
+        0xC2, 0x51, 0x5B, 0xAE, 0x05, 0x92, 0xD5, 0x3F,
+        0x6A, 0x6A, 0x34, 0xD2, 0xA3, 0x4D, 0x8E, 0xAC,
+        0x6E, 0x7A, 0x03, 0xFB, 0xDB, 0x52, 0x49, 0x4F,
+        0x4B, 0x98, 0x1B, 0x56, 0xC0, 0x96, 0x26, 0x08,
+        0x48, 0x50, 0xC7, 0xCF, 0x96, 0x2F, 0x93, 0x10,
+        0x72, 0x25, 0x15, 0xA6, 0x2A, 0xC0, 0x85, 0xA6,
+        0x18, 0x9A, 0xDD, 0xEA, 0x38, 0x12, 0x91, 0x13,
+        0x57, 0x31, 0xB2, 0xEE, 0x83, 0xA4, 0xF1, 0xEB,
+        0xFA, 0x09, 0xAF, 0x80, 0xA9, 0x12, 0x68, 0xA8,
+        0x76, 0x23, 0xCB, 0x55, 0x7C, 0x9F, 0x66, 0xDE,
+        0xB4, 0x54, 0xFB, 0x2F, 0x4F, 0xC2, 0x64, 0x8F,
+        0x44, 0x41, 0x5A, 0x7B, 0xEF, 0x29, 0x96, 0x2D,
+        0x5F, 0x7C, 0x16, 0xE7, 0x85, 0x79, 0xF5, 0x26,
+        0xDD, 0x20, 0xE9, 0x20, 0x9B, 0x6C, 0xA6, 0xDF,
+        0xD1, 0x30, 0xF9, 0x2E, 0xF7, 0x24, 0x64, 0x5B,
+        0x5B, 0x84, 0xD8, 0x72, 0x4F, 0x3C, 0xF6, 0xF3,
+        0xA3, 0xB2, 0xA9, 0xCF, 0x61, 0x24, 0x7A, 0x54,
+        0xBA, 0x92, 0x8F, 0x53, 0xEA, 0xCB, 0xA7, 0xE6,
+        0xD6, 0xB8, 0x12, 0xC4, 0xCE, 0x21, 0xA1, 0x8B,
+        0xA8, 0xD1, 0x14, 0x50, 0xE7, 0x04, 0x89, 0xBA,
+        0x57, 0x2E, 0x5E, 0xB9, 0xA7, 0x72, 0x2D, 0x9D,
+        0xC6, 0xAA, 0xE4, 0xF9, 0x57, 0x93, 0x60, 0x09,
+        0xE2, 0x6E, 0xB3, 0xE7, 0x4D, 0x9F, 0x99, 0x33,
+        0xF3, 0xDB, 0x4D, 0xA0, 0xA1, 0xF5, 0x44, 0x93,
+        0x99, 0xB5, 0xE1, 0x01, 0x03, 0x11, 0xF8, 0x7D,
+        0x92, 0xC1, 0x87, 0xAD, 0x2E, 0xFA, 0xBB, 0x0A,
+        0x2C, 0x86, 0xB7, 0xD7, 0xF9, 0xA0, 0x72, 0xAB,
+        0xC0, 0xC6, 0x60, 0x6D, 0xBC, 0xD9, 0x20, 0x17,
+        0x7A, 0x22, 0x57, 0x20, 0xA7, 0x05, 0x76, 0xB8,
+        0xE8, 0x2D, 0x7D, 0x53, 0xC1, 0xDF, 0xA4, 0x8E,
+        0xA7, 0x31, 0x81, 0xAF, 0x0A, 0xF0, 0x86, 0xB6,
+        0xAA, 0xF8, 0x0A, 0xB2, 0x49, 0x81, 0xF2, 0x75,
+        0xD6, 0x6D, 0x4F, 0xBD, 0xE2, 0xC5, 0x1A, 0xE8,
+        0xE8, 0xD4, 0x58, 0x33, 0x72, 0x9F, 0x45, 0x03,
+        0x01, 0x30, 0xBC, 0x85, 0xB2, 0xBD, 0x9A, 0x14,
+        0xC8, 0x13, 0xA3, 0x7F, 0x1F, 0xA1, 0x47, 0xF8,
+        0x15, 0x48, 0x8D, 0x7A, 0x17, 0xC0, 0xC0, 0x39,
+        0xEA, 0xF8, 0x66, 0xCE, 0xA7, 0x5F, 0x5B, 0x2E,
+        0xBE, 0x05, 0xEF, 0x31, 0x09, 0x47, 0x2B, 0xA5,
+        0xF7, 0xCF, 0xCE, 0x4C, 0x35, 0x8B, 0x60, 0x80,
+        0x40, 0x0C, 0x5C, 0xC0, 0x85, 0x15, 0x14, 0x92,
+        0xD1, 0x3A, 0x5B, 0x00, 0x96, 0xA0, 0x63, 0x1F,
+        0xAA, 0x30, 0xCB, 0x48, 0xF2, 0xDA, 0x87, 0x3B,
+        0x85, 0x7D, 0xFD, 0xB3, 0x86, 0xD9, 0x33, 0x98,
+        0x18, 0x07, 0x34, 0x92, 0x55, 0x9A, 0x0E, 0xC2,
+        0xDA, 0xF3, 0x73, 0x8E, 0x15, 0x88, 0xB0, 0x98,
+        0x75, 0x1F, 0xF0, 0xFA, 0x1C, 0x87, 0x1B, 0x22,
+        0x23, 0x7E, 0x5C, 0xD1, 0x5B, 0x0E, 0x17, 0x28,
+        0xEA, 0x26, 0x71, 0x66, 0xC3, 0x8A, 0x71, 0x97,
+        0xB6, 0xCC, 0x7D, 0xAD, 0x39, 0x11, 0x6B, 0xE6,
+        0x1D, 0xF4, 0x33, 0x3C, 0xD7, 0xC2, 0xA4, 0x13,
+        0xDB, 0x30, 0x63, 0xD7, 0xF0, 0x22, 0x8C, 0x61,
+        0xFA, 0xDA, 0xC3, 0xF8, 0xC3, 0x31, 0xF4, 0x45,
+        0x09, 0xB4, 0xD6, 0x08, 0x53, 0x1F, 0x99, 0x5D,
+        0x15, 0xFA, 0xB1, 0x19, 0xD8, 0x47, 0xE6, 0xD8,
+        0x54, 0x95, 0x75, 0xB7, 0xD8, 0x50, 0xB2, 0x60,
+        0x0E, 0x4D, 0x13, 0x64, 0x6C, 0xF9, 0x6B, 0x6B,
+        0x9D, 0xA6, 0xC6, 0x2F, 0x2A, 0x80, 0xAE, 0x02,
+        0x58, 0xA8, 0xCD, 0x6E, 0xF4, 0xC5, 0x5E, 0xEA,
+        0x7E, 0x78, 0xD2, 0x0A, 0x46, 0x4A, 0x19, 0x4C,
+        0xEC, 0xBB, 0x01, 0xE7, 0x3F, 0x32, 0x76, 0xD6,
+        0x6E, 0x12, 0xAD, 0x37, 0x74, 0x51, 0xBB, 0xB9,
+        0x4E, 0x5C, 0x94, 0x88, 0x32, 0x59, 0x5F, 0x6B,
+        0x6E, 0x38, 0x2A, 0xD1, 0x42, 0xD9, 0xF1, 0xB8,
+        0x68, 0x97, 0x95, 0xE9, 0xEB, 0xC3, 0x2A, 0x5A,
+        0x10, 0x1E, 0x69, 0x6C, 0xA3, 0x4A, 0xBA, 0x00,
+        0x5B, 0x4C, 0xED, 0xA2, 0x7D, 0x12, 0x00, 0xFE,
+        0x48, 0xFD, 0x82, 0xC1, 0x72, 0x17, 0xE5, 0x08,
+        0xA8, 0x48, 0x4F, 0x03, 0x88, 0x34, 0x5C, 0x9D,
+        0xED, 0xE2, 0xA1, 0x39, 0x28, 0xFA, 0xC3, 0x29,
+        0x21, 0x84, 0x2F, 0x6E, 0x6A, 0xA5, 0xCF, 0xBF,
+        0x57, 0xFA, 0xA2, 0x8F, 0x43, 0xE0, 0x5E, 0x9A,
+        0x45, 0x23, 0x12, 0x50, 0x29, 0x11, 0xEF, 0x9C,
+        0x33, 0xC8, 0x11, 0xEB, 0xE7, 0xCA, 0xD7, 0x30,
+        0x62, 0x3D, 0xB7, 0x04, 0x8E, 0xC2, 0x18, 0xC7,
+        0xEA, 0x9D, 0xFC, 0x6E, 0x19, 0x65, 0xA9, 0x85,
+        0x7E, 0x92, 0x94, 0xC4, 0xE4, 0x7F, 0x4D, 0x96,
+        0x23, 0xCB, 0x74, 0xB6, 0x5F, 0x7B, 0xB5, 0x86,
+        0x22, 0x83, 0x8D, 0xC4, 0x4E, 0x16, 0xD9, 0x15,
+        0xD9, 0x59, 0x65, 0x55, 0xCA, 0x3D, 0x26, 0x1C,
+        0x9C, 0x2A, 0xFC, 0xCB, 0xAF, 0x5A, 0xC0, 0x3D,
+        0xE0, 0x91, 0xF0, 0xDB, 0xEA, 0xE1, 0xB4, 0xA7,
+        0xE3, 0xDE, 0xC4, 0x39, 0x09, 0x89, 0x67, 0x65,
+        0x77, 0xA0, 0x53, 0x68, 0x4F, 0x57, 0x86, 0x8D,
+        0x91, 0xFE, 0x6A, 0x5B, 0x7D, 0x3D, 0x7C, 0x79,
+        0x50, 0x78, 0x9E, 0x89, 0xD8, 0x38, 0x83, 0xBC,
+        0x3D, 0xAE, 0x55, 0xCA, 0x30, 0x78, 0xB0, 0x8D,
+        0x99, 0x18, 0x31, 0xBA, 0x91, 0x50, 0x2A, 0x5A,
+        0x33, 0x54, 0xB8, 0x8E, 0x15, 0x9B, 0x0A, 0xFF,
+        0xD2, 0x5B, 0x0D, 0xBB, 0x72, 0xBC, 0xD6, 0xF4,
+        0x04, 0x65, 0xDD, 0xFC, 0x00, 0xFF, 0x8B, 0x63,
+        0x39, 0xC0, 0x67, 0x09, 0x5D, 0x6C, 0x7C, 0xB0,
+        0x6F, 0x3B, 0xE7, 0x59, 0xC5, 0x27, 0x40, 0x39,
+        0x5D, 0xD1, 0x08, 0x29, 0x6F, 0x2B, 0xBC, 0x2E,
+        0x7A, 0x5D, 0xDD, 0xE3, 0xD1, 0xC3, 0x5D, 0x18,
+        0xBF, 0xBE, 0x39, 0x68, 0xEC, 0x59, 0xAB, 0xF8,
+        0x5C, 0x1B, 0xD2, 0x92, 0x8A, 0xB2, 0xAA, 0x67,
+        0x8A, 0x78, 0x91, 0x74, 0x6E, 0x88, 0xF4, 0x39,
+        0xF8, 0xB4, 0x38, 0x40, 0x31, 0xC3, 0xED, 0xB7,
+        0x31, 0x97, 0xE5, 0x2A, 0x4E, 0x77, 0x3D, 0x2D,
+        0x8B, 0x7B, 0xAD, 0xDC, 0x5D, 0xD0, 0xA7, 0xE4,
+        0x4C, 0x80, 0x8D, 0x73, 0xB8, 0x18, 0x1D, 0x19,
+        0x1C, 0x3C, 0x89, 0xFE, 0x15, 0xEA, 0x90, 0xD7,
+        0x56, 0x7E, 0x89, 0x16, 0xA3, 0x37, 0x83, 0x03,
+        0x05, 0x04, 0x1B, 0x1E, 0x94, 0xB3, 0xB4, 0x06,
+        0xDA, 0x4C, 0x36, 0xBE, 0xF0, 0x5D, 0x91, 0x00,
+        0xAB, 0x99, 0x2A, 0x4D, 0x56, 0x25, 0x33, 0x73,
+        0x0E, 0x0D, 0x8C, 0x05, 0x2B, 0x3A, 0x62, 0xD3,
+        0xF6, 0x9A, 0x83, 0xA0, 0xC9, 0xB2, 0x12, 0x4F,
+        0x12, 0xAE, 0x7D, 0xAC, 0xC9, 0x78, 0xC4, 0xA0,
+        0xAD, 0xCC, 0x2E, 0xBA, 0x2D, 0x80, 0xF4, 0x94,
+        0xAA, 0x16, 0xEC, 0x1E, 0x8E, 0x71, 0xC7, 0x9B,
+        0x02, 0xF3, 0x26, 0x1B, 0x6F, 0x98, 0x68, 0xB8,
+        0xD5, 0x7E, 0x9D, 0x16, 0xF4, 0x2B, 0x7C, 0xC6,
+        0x64, 0x06, 0x54, 0x9A, 0x27, 0x6D, 0x37, 0x14,
+        0x37, 0xDE, 0x88, 0xB7, 0xF3, 0x9E, 0x74, 0x08,
+        0x7C, 0xBB, 0xC5, 0x61, 0x16, 0x80, 0x31, 0x2D,
+        0xE8, 0xF0, 0xC3, 0x68, 0x14, 0xE1, 0x74, 0xF9,
+        0x1E, 0xB6, 0x00, 0xCC, 0x96, 0xE3, 0xCF, 0x51,
+        0xBB, 0x20, 0x25, 0x88, 0x77, 0xA2, 0xAA, 0xEB,
+        0x82, 0x7F, 0x7F, 0x5A, 0xDA, 0x80, 0x78, 0x6B,
+        0x50, 0x84, 0xC8, 0x02, 0xE6, 0x06, 0xDE, 0xF3,
+        0x88, 0xA3, 0x9C, 0xE4, 0xF0, 0xD5, 0xBC, 0x19,
+        0x39, 0x4C, 0xE8, 0x41, 0xE2, 0xD2, 0xAA, 0x74,
+        0x25, 0x23, 0x05, 0x80, 0xFA, 0x66, 0x75, 0xC5,
+        0x17, 0x41, 0xD1, 0x75, 0x87, 0x9B, 0x4D, 0x03,
+        0xC3, 0x90, 0xF6, 0x52, 0xA5, 0x03, 0xA7, 0x51,
+        0x6A, 0x1F, 0x07, 0x5E, 0x30, 0x82, 0xD5, 0x2C,
+        0x60, 0xB8, 0x64, 0x2A, 0x82, 0x40, 0xEE, 0x94,
+        0x4D, 0x5F, 0xB4, 0x27, 0x37, 0x6B, 0x40, 0xB0,
+        0xB2, 0x82, 0xE1, 0x9A, 0xB9, 0x08, 0xCC, 0xF2,
+        0x0C, 0xA9, 0x26, 0x11, 0x64, 0x90, 0xAF, 0xED,
+        0x57, 0xEA, 0xD0, 0xDC, 0x0C, 0x8E, 0x29, 0x6C,
+        0x79, 0xA4, 0x8D, 0x08, 0x8E, 0x83, 0x7A, 0xF0,
+        0x67, 0xDC, 0x02, 0x9E, 0xC6, 0x31, 0xF9, 0x93,
+        0x3E, 0xE4, 0xD2, 0x07, 0x46, 0xE6, 0x4E, 0x5F,
+        0x21, 0x67, 0x55, 0xA1, 0x38, 0x97, 0x4D, 0x30,
+        0x82, 0x93, 0x73, 0x6D, 0xC1, 0x86, 0x04, 0x27,
+        0x6C, 0xC4, 0x18, 0xBA, 0x69, 0xF8, 0x72, 0xB5,
+        0x8E, 0x7F, 0x6E, 0x3A, 0x8B, 0x84, 0x6E, 0xBA,
+        0xAE, 0xB3, 0x83, 0xE7, 0xF8, 0x90, 0xF5, 0x4E,
+        0x77, 0xF5, 0xD7, 0xF5, 0xD4, 0xA5, 0x8D, 0xB7,
+        0x83, 0xEC, 0xA0, 0x49, 0xF1, 0x86, 0x17, 0x12,
+        0x82, 0xBA, 0xC2, 0x60, 0x7D, 0x51, 0xB2, 0x98,
+        0xB1, 0x49, 0x38, 0xEF, 0xB1, 0x92, 0x8F, 0xC8,
+        0xD0, 0x78, 0x06, 0xE8, 0xC3, 0xE7, 0x3B, 0x46,
+        0x46, 0xBC, 0xF1, 0x68, 0x90, 0xCC, 0x13, 0x80,
+        0xE7, 0xB6, 0x33, 0x50, 0x2B, 0x3E, 0xAD, 0xA4,
+        0x47, 0x75, 0x02, 0xE2, 0x46, 0x7C, 0xFD, 0xB9,
+        0xAC, 0xBD, 0x1C, 0x72, 0xBC, 0x6A, 0xEB, 0x4F,
+        0x41, 0xE1, 0xC2, 0x3C, 0x63, 0x68, 0x39, 0xE3,
+        0x57, 0x13, 0x5F, 0x76, 0xBC, 0x39, 0xC4, 0xF9,
+        0xAC, 0x1C, 0xE8, 0xF1, 0xBE, 0xEF, 0xEB, 0xFF,
+        0x87, 0x59, 0xE8, 0xF7, 0x19, 0x65, 0xD4, 0x85,
+        0x4B, 0xEA, 0xAD, 0x0A, 0xFE, 0xDC, 0xA9, 0xD4,
+        0xD6, 0xBD, 0x1E, 0x63, 0xD3, 0x48, 0xA4, 0x2C,
+        0xEE, 0xFF, 0xC1, 0x70, 0xD0, 0xEE, 0x9F, 0x13,
+        0x6F, 0x5B, 0xE9, 0x90, 0x14, 0x66, 0x92, 0x61,
+        0x22, 0xF9, 0x48, 0xBD, 0xDE, 0x2A, 0x91, 0x07,
+        0xD2, 0xA9, 0x8B, 0xA2, 0xDE, 0xA6, 0xD6, 0xF2,
+        0xDA, 0x17, 0x72, 0x47, 0x02, 0xEC, 0x51, 0x8C,
+        0x03, 0x75, 0x3D, 0x51, 0xEA, 0x83, 0x1E, 0x95,
+        0xCB, 0x87, 0x08, 0xD5, 0xDE, 0xC8, 0x22, 0xDB,
+        0x73, 0x7E, 0x44, 0x14, 0x3C, 0x86, 0xF4, 0x71,
+        0x77, 0xD8, 0x5C, 0xD0, 0x98, 0xC2, 0x1B, 0x9B,
+        0xC8, 0x00, 0xDF, 0xA9, 0xDC, 0x26, 0xFD, 0xC2,
+        0x61, 0xE9, 0x21, 0xDE, 0x00, 0x2D, 0x81, 0xC1,
+        0x59, 0xF8, 0xEB, 0x1F, 0xEE, 0x67, 0x67, 0x9D,
+        0x62, 0x1E, 0xCE, 0x6B, 0x36, 0xD0, 0x1C, 0x77,
+        0x5A, 0x16, 0x45, 0xD5, 0x22, 0x92, 0xB4, 0xB2,
+        0xB8, 0x22, 0x73, 0x18, 0x77, 0x2A, 0x80, 0x91,
+        0xE9, 0xEC, 0x01, 0x70, 0x13, 0xB1, 0x95, 0xEB,
+        0xF4, 0xEF, 0x20, 0x1F, 0x4E, 0x88, 0x1C, 0x49,
+        0x36, 0x33, 0xC0, 0x7F, 0x27, 0xC9, 0x79, 0x0D,
+        0xD8, 0xAE, 0xCC, 0x94, 0x49, 0xCF, 0x63, 0xBC,
+        0xB1, 0x19, 0x46, 0x16, 0x9A, 0xCF, 0xF3, 0x95,
+        0x42, 0x26, 0x6B, 0x0C, 0x66, 0x85, 0xBB, 0xB0,
+        0x80, 0xB5, 0x9F, 0x11, 0x7E, 0xEB, 0x2A, 0x73,
+        0x38, 0x2B, 0x3D, 0x18, 0x7C, 0x06, 0x80, 0xC5,
+        0xAE, 0x70, 0x90, 0x70, 0xDF, 0x03, 0xA0, 0x08,
+        0xA7, 0xAD, 0x13, 0x22, 0x6F, 0x3C, 0x37, 0x15,
+        0x39, 0x20, 0x52, 0xF2, 0x44, 0x1B, 0x4A, 0x17,
+        0x8D, 0x7C, 0xF7, 0x05, 0x18, 0x33, 0x9C, 0xFF,
+        0xBB, 0x54, 0xA6, 0xD9, 0xB9, 0xCD, 0xE3, 0xB0,
+        0xB5, 0x7D, 0xBC, 0x79, 0xF4, 0xE4, 0x7A, 0xD6,
+        0x27, 0x4C, 0xE2, 0x18, 0x0C, 0x92, 0xAC, 0x64,
+        0x10, 0xE5, 0x0D, 0x05, 0xF6, 0x66, 0x5A, 0x57,
+        0xD4, 0xD4, 0x47, 0x6C, 0x2C, 0x0E, 0x6E, 0xE0,
+        0x75, 0x7A, 0x3A, 0xFE, 0xA2, 0xB1, 0xBF, 0x86,
+        0xA5, 0x51, 0xEF, 0x98, 0xAA, 0x1D, 0xFC, 0xBA,
+        0x96, 0x31, 0x59, 0x59, 0x45, 0x2B, 0x2B, 0x3A,
+        0x2F, 0xCB, 0xBB, 0x95, 0x5C, 0xB3, 0xFA, 0x1E,
+        0xEB, 0xBB, 0x83, 0xBD, 0x17, 0x87, 0x67, 0xC0,
+        0x2E, 0xFB, 0xBE, 0xFF, 0x6C, 0x7E, 0xEF, 0x94,
+        0xB5, 0x5D, 0xF8, 0x83, 0x1D, 0xDF, 0xB7, 0xB2,
+        0x02, 0xCE, 0x7D, 0xE0, 0x55, 0xEA, 0xF9, 0x92,
+        0x8A, 0xDA, 0xF6, 0xED, 0x0E, 0x31, 0x59, 0xCA,
+        0x56, 0xC4, 0x83, 0xFA, 0x3B, 0xA3, 0xD2, 0x47,
+        0x8C, 0xA3, 0x94, 0x82, 0x4C, 0xEE, 0x6A, 0xBD,
+        0x59, 0x67, 0x09, 0x53, 0xEE, 0x80, 0xD3, 0x83,
+        0xAA, 0xA6, 0x08, 0xE1, 0x58, 0x51, 0x13, 0x5C,
+        0x1C, 0xDE, 0xEE, 0xB5, 0xF6, 0xA8, 0x89, 0x7C,
+        0x3C, 0x9E, 0x06, 0x6A, 0xB4, 0x73, 0x4F, 0xDD,
+        0xFA, 0xBC, 0x3B, 0xC3, 0xBA, 0x12, 0x06, 0xBA,
+        0x54, 0x34, 0xDC, 0xDE, 0xDB, 0x9D, 0x8B, 0x3A,
+        0x81, 0xA2, 0xE6, 0x38, 0x14, 0x6D, 0x83, 0xF1,
+        0x4F, 0x06, 0xE5, 0x60, 0x99, 0xC0, 0xC8, 0xA0,
+        0xFC, 0xCD, 0xB9, 0xEC, 0xF0, 0xF3, 0xD8, 0x8D,
+        0xE3, 0x79, 0x2F, 0x2D, 0x0B, 0x65, 0x1B, 0x61,
+        0x9C, 0x57, 0x1B, 0x69, 0xF4, 0xBF, 0x8E, 0x7C,
+        0xD1, 0x91, 0x0F, 0x26, 0x6A, 0x4D, 0xAD, 0xF8,
+        0xC2, 0xAB, 0xB4, 0xAC, 0x05, 0xBD, 0x1F, 0xBA,
+        0x05, 0x8C, 0x03, 0x94, 0xC0, 0x16, 0xDE, 0xE6,
+        0x0C, 0x66, 0x40, 0x1A, 0x17, 0xD1, 0x34, 0x59,
+        0x54, 0x79, 0x33, 0x38, 0x9A, 0x35, 0x65, 0x69,
+        0xAD, 0xA5, 0x32, 0xC9, 0xF4, 0x87, 0x69, 0x88,
+        0x55, 0xA4, 0xD7, 0xBC, 0xCD, 0x0E, 0xF6, 0x95,
+        0x31, 0x09, 0x4D, 0xA4, 0x08, 0x6F, 0x52, 0xBF,
+        0x98, 0xCD, 0xC9, 0xA4, 0xB0, 0xBC, 0x88, 0x8D,
+        0xC3, 0x89, 0x1A, 0x76, 0x09, 0x6C, 0x7C, 0x48,
+        0x34, 0x90, 0xE9, 0x52, 0x32, 0x6A, 0xE4, 0x02,
+        0xD8, 0xDF, 0xD2, 0xF3, 0xDC, 0xCF, 0x1A, 0xA5,
+        0xD7, 0xBD, 0x69, 0x8E, 0x2A, 0xA8, 0x8D, 0x29,
+        0x48, 0x13, 0xA8, 0x8F, 0xD3, 0x18, 0x66, 0xBC,
+        0xA1, 0x1B, 0x3B, 0x91, 0xC0, 0x09, 0xEE, 0xB6,
+        0x67, 0x60, 0x1C, 0xEE, 0xAF, 0xAF, 0xE9, 0x7C,
+        0x56, 0xFA, 0x33, 0xF9, 0x38, 0x1F, 0x3E, 0x43,
+        0x29, 0x90, 0x1A, 0xC3, 0xB7, 0xEA, 0x70, 0x32,
+        0xC0, 0x19, 0xE5, 0xC8, 0xA8, 0xEF, 0xD7, 0x04,
+        0x4C, 0x97, 0x36, 0x44, 0xAF, 0x2B, 0xE4, 0x20,
+        0xA0, 0x33, 0xC6, 0xC2, 0xC7, 0xCE, 0x0C, 0xEA,
+        0x39, 0x34, 0xDC, 0x18, 0xB4, 0x2A, 0xDF, 0xD7,
+        0xA8, 0x46, 0xF4, 0x2D, 0xD4, 0x06, 0x86, 0x6A,
+        0x39, 0x09, 0x29, 0x02, 0x6A, 0xDE, 0x5C, 0x79,
+        0x1B, 0x5F, 0x61, 0xF9, 0x42, 0xB1, 0x55, 0x07,
+        0x7D, 0x82, 0xF2, 0xAF, 0xCC, 0xFF, 0xF8, 0x5B,
+        0x04, 0x06, 0x64, 0x7A, 0x96, 0x27, 0xE3, 0x69,
+        0x5D, 0x4B, 0xEA, 0x3D, 0x58, 0xA6, 0x3E, 0x17,
+        0x18, 0xD1, 0x84, 0xE4, 0x6B, 0x5F, 0x4B, 0xC8,
+        0x41, 0x03, 0x34, 0xA4, 0x09, 0x5D, 0x0F, 0xAF,
+        0x30, 0x6F, 0xB9, 0xDC, 0x10, 0x94, 0x25, 0xC3,
+        0x16, 0x52, 0xD0, 0x6F, 0xF0, 0x51, 0xA1, 0x62,
+        0xEE, 0x2B, 0x7B, 0x1C, 0x54, 0xD6, 0xC7, 0xDE,
+        0xD6, 0xE3, 0x95, 0xAA, 0xD1, 0xA8, 0x6D, 0x03,
+        0xB1, 0xB6, 0xC8, 0x00, 0x76, 0x7E, 0xC1, 0x44,
+        0x12, 0xEE, 0xCE, 0x13, 0x46, 0x20, 0xA6, 0x1D,
+        0x36, 0x9A, 0xF4, 0x9E, 0x21, 0xB0, 0xD1, 0x4B,
+        0xC4, 0x23, 0x06, 0x49, 0xCD, 0xD3, 0xE9, 0xFD,
+        0x84, 0x7A, 0xE5, 0x0B, 0xE9, 0x62, 0xEF, 0xC8,
+        0xCB, 0x0F, 0x33, 0x9F, 0x9E, 0x6D, 0x32, 0x47,
+        0x53, 0x3B, 0xDE, 0xD8, 0x71, 0x1D, 0x46, 0x1D,
+        0x4A, 0xF2, 0xAE, 0x3F, 0xDD, 0x1D, 0x7D, 0x2A,
+        0x28, 0x9C, 0x78, 0xCB, 0x19, 0xF3, 0xCD, 0xC2,
+        0x14, 0x2B, 0xF5, 0x2B, 0x23, 0xE6, 0xA2, 0x7B,
+        0x39, 0xD6, 0x99, 0x54, 0x3C, 0x3D, 0x63, 0x9B,
+        0x9C, 0x72, 0xCA, 0x80, 0xB3, 0x7E, 0xA2, 0x77,
+        0x5B, 0x5E, 0x26, 0x81, 0xF0, 0xDD, 0x01, 0xDF,
+        0xF0, 0xC0, 0x55, 0x13, 0x36, 0x90, 0x62, 0xFE
+    };
+    static const byte msg_87[] = {
+        0x9E, 0xFF, 0x34, 0x15, 0x06, 0xD1, 0x8B, 0xCB,
+        0x27, 0xA7, 0xFC, 0x4E, 0xAA, 0xBF, 0x5A, 0x7C,
+        0x4A, 0x59, 0x37, 0x77, 0x19, 0x6F, 0x66, 0x4B,
+        0xCE, 0x31, 0x6C, 0x95, 0x5B, 0x83, 0x5A, 0xD4,
+        0xC9, 0xF5, 0xDE, 0x9A, 0x2B, 0xF8, 0x96, 0x15,
+        0xDA, 0xCB, 0x9C, 0x1E, 0x61, 0x8C, 0x78, 0xE7,
+        0x11, 0x44, 0xCD, 0x4B, 0x70, 0x46, 0xF4, 0x7D,
+        0x9A, 0x60, 0x0E, 0x9C, 0xE6, 0x65, 0x96, 0xC4,
+        0xC5, 0x5E, 0xDA, 0x23, 0xA6, 0x6C, 0xC1, 0x18,
+        0xA4, 0xA7, 0xBD, 0x0D, 0xED, 0x00, 0xAB, 0xDD,
+        0xCE, 0x53, 0xFB, 0xF2, 0x48, 0x20, 0x33, 0xA4,
+        0x18, 0x85, 0x06, 0xEC, 0x11, 0x3B, 0xBD, 0x98,
+        0xD9, 0x89, 0x1F, 0x0D, 0x69, 0x46, 0x3A, 0x0D,
+        0x36, 0x15, 0x6B, 0xA3, 0xEA, 0x0D, 0x02, 0xA1,
+        0x4C, 0x1F, 0xD7, 0xA3, 0xFE, 0x70, 0x4E, 0xE5,
+        0x6B, 0x44, 0x6A, 0xE1, 0x79, 0xF7, 0x2E, 0x10,
+        0x4A, 0xA8, 0x1A, 0xF0, 0xA2, 0xF8, 0xFC, 0xA6,
+        0xF6, 0xF9, 0x62, 0x96, 0x05, 0x9E, 0xE8, 0x82,
+        0x66, 0x80, 0xE4, 0x3F, 0x4B, 0x07, 0x40, 0xF4,
+        0x7A, 0xC1, 0x05, 0x66, 0xED, 0x31, 0x07, 0x99,
+        0xAC, 0x71, 0x41, 0xD3, 0x8F, 0x69, 0x21, 0x31,
+        0x5F, 0x23, 0xAB, 0x3E, 0x64, 0xC8, 0xA7, 0x70,
+        0xAA, 0x57, 0x12, 0x80, 0x90, 0xDB, 0x82, 0x8C,
+        0x7B, 0xAA, 0x59, 0xC3, 0x29, 0x5C, 0xCA, 0xA2,
+        0x38, 0xC7, 0x5F, 0xAC, 0x0F, 0x93, 0xDA, 0x79,
+        0x00, 0x74, 0x1B, 0xCD, 0x94, 0xBB, 0x9F, 0xD3,
+        0x85, 0x2E, 0xC2, 0xB7, 0xD3, 0x3F, 0x60, 0x0B,
+        0x1D, 0x51, 0x66, 0x6A, 0xE2, 0x22, 0xA5, 0x7A,
+        0xF1, 0x40, 0xFA, 0x04, 0x9C, 0x2C, 0x9F, 0x6D,
+        0x0F, 0xE6, 0xC0, 0xF1, 0xE7, 0xA0, 0xDD, 0xE1,
+        0x14, 0x3B, 0xE5, 0xCE, 0xD7, 0xBB, 0xE2, 0x32,
+        0xCB, 0xFB, 0xD8, 0xAE, 0x00, 0xEA, 0x5F, 0xC1,
+        0x65, 0x02, 0x6D, 0x72, 0x9D, 0xB3, 0x0F, 0x6A,
+        0xFD, 0x99, 0x73, 0xB6, 0x72, 0x2C, 0x07, 0xF6,
+        0x00, 0x66, 0x54, 0x41, 0xE3, 0x0B, 0x7C, 0x5F,
+        0xB2, 0x97, 0xB8, 0xAB, 0x96, 0x9C, 0x06, 0x83,
+        0x9D, 0x33, 0x1D, 0xEE, 0x96, 0xDE, 0x48, 0x68,
+        0x7D, 0xC9, 0xDA, 0x53, 0x1A, 0x95, 0xCA, 0x83,
+        0xA7, 0x6F, 0x4B, 0x07, 0x6D, 0xFC, 0xF4, 0x83,
+        0xF0, 0x04, 0x50, 0xE5, 0x1C, 0x8D, 0x34, 0xD8,
+        0xED, 0x8E, 0x4B, 0x3D, 0xAF, 0xAE, 0x66, 0x4B,
+        0x6D, 0xC1, 0x3E, 0xD8, 0x8E, 0x6D, 0x63, 0x02,
+        0x7D, 0xD4, 0x38, 0xCB, 0x74, 0xF4, 0x12, 0xE8,
+        0x70, 0xCC, 0x9D, 0xFD, 0x29, 0xB5, 0x2A, 0xBC,
+        0xA1, 0x69, 0xC1, 0x7E, 0x97, 0x47, 0x58, 0xE0,
+        0x3A, 0xC0, 0xFB, 0x7F, 0xE5, 0x64, 0x50, 0x8E,
+        0x01, 0x7A, 0x9B, 0x47, 0x49, 0xD6, 0x41, 0xAF,
+        0x0D, 0xE3, 0x84, 0x08, 0x8F, 0xA0, 0x0C, 0x69,
+        0x40, 0x23, 0x3D, 0xDE, 0xFB, 0x65, 0x7C, 0x18,
+        0x1C, 0x82, 0xA1, 0xB6, 0xA3, 0x1F, 0xCC, 0xF4,
+        0xD5, 0x2C, 0x9D, 0x35, 0x1E, 0x6B, 0xDF, 0xDF,
+        0x48, 0xBC, 0xE4, 0x14, 0x60, 0x74, 0x62, 0xDB,
+        0x76, 0x9F, 0x9E, 0xB1, 0x59, 0x25, 0xBA, 0x9F,
+        0xAF, 0xBA, 0xB2, 0x29, 0xB5, 0x89, 0x6B, 0xF1,
+        0xF8, 0xE4, 0x7D, 0xF1, 0x7C, 0x82, 0x08, 0xDF,
+        0xD5, 0x96, 0x04, 0xB6, 0x05, 0x2C, 0xD2, 0xCE,
+        0xAB, 0x56, 0x40, 0x0F, 0x11, 0xC4, 0xD9, 0x52,
+        0x1E, 0x1A, 0xB8, 0x27, 0x4A, 0xB5, 0x76, 0x4C,
+        0x73, 0xE9, 0x41, 0x32, 0x42, 0x0E, 0x32, 0xB6,
+        0xAE, 0xB0, 0x76, 0x33, 0x78, 0xD9, 0xBA, 0x68,
+        0xE1, 0xFC, 0xDE, 0x2B, 0xD6, 0xDE, 0xDA, 0x39,
+        0x17, 0xC0, 0x00, 0xAF, 0x39, 0xB7, 0x8F, 0x4C,
+        0xCA, 0x7C, 0x8F, 0xBF, 0x94, 0xB4, 0xCB, 0x8A,
+        0x81, 0x16, 0xEE, 0xEC, 0xFE, 0xF0, 0x13, 0x1E,
+        0xC9, 0xF2, 0xDE, 0xDA, 0x01, 0x40, 0xC9, 0x02,
+        0xA8, 0xD6, 0xE6, 0x0E, 0x98, 0xB3, 0xCD, 0x9D,
+        0x9C, 0x75, 0x24, 0x8B, 0xF8, 0x84, 0x5A, 0xC0,
+        0xD7, 0xE0, 0x6B, 0xA0, 0xE1, 0x83, 0x10, 0xFE,
+        0xCE, 0x98, 0x62, 0x07, 0x54, 0x2C, 0xC1, 0xEE,
+        0x08, 0x88, 0x43, 0xEF, 0x74, 0xA2, 0x6A, 0xEC,
+        0xB6, 0xD0, 0x6F, 0x0F, 0xEF, 0xE1, 0xB7, 0x2C,
+        0xF9, 0x33, 0x06, 0xC3, 0x2E, 0xD2, 0x8A, 0xEC,
+        0xC5, 0x5B, 0xB1, 0x03, 0xA0, 0x84, 0x6D, 0x0C,
+        0x84, 0x13, 0x6D, 0xB0, 0xB0, 0x54, 0xF3, 0xDE,
+        0xA3, 0x9A, 0x72, 0x6C, 0x6F, 0xD6, 0x59, 0x7F,
+        0x9B, 0x03, 0x8C, 0xC2, 0x38, 0x46, 0x01, 0x76,
+        0x38, 0xF4, 0x43, 0x68, 0x81, 0x0D, 0x86, 0x29,
+        0x3D, 0xDF, 0xE5, 0x48, 0x61, 0x53, 0x2F, 0x85,
+        0xF5, 0x3F, 0x09, 0x30, 0x48, 0xC3, 0xE0, 0x09,
+        0xC4, 0x32, 0x11, 0x27, 0xAD, 0xAA, 0xEC, 0x6A,
+        0x5C, 0xCE, 0x03, 0xE0, 0xD9, 0xE9, 0x1D, 0xAC,
+        0xCA, 0xBB, 0x2F, 0x50, 0xE0, 0x1E, 0xB2, 0xAC,
+        0x2B, 0x39, 0x6D, 0x24, 0xB0, 0x5D, 0x45, 0x3B,
+        0xD5, 0x1D, 0x52, 0x9F, 0xBA, 0x51, 0xE4, 0x6D,
+        0x30, 0xC5, 0x66, 0x13, 0x00, 0x5A, 0xBF, 0x62,
+        0x63, 0xB9, 0x8D, 0x8D, 0xFE, 0xB5, 0x26, 0x16,
+        0xD1, 0xCB, 0x78, 0x92, 0x18, 0x1C, 0x2F, 0xC2,
+        0xE2, 0x04, 0x3B, 0x99, 0x4C, 0x81, 0x66, 0x58,
+        0x48, 0x2E, 0x06, 0x06, 0x34, 0x83, 0x78, 0xA3,
+        0xCC, 0x85, 0x40, 0xE0, 0x20, 0x27, 0x3F, 0x10,
+        0xB6, 0x9E, 0x20, 0x21, 0xA9, 0x2D, 0x9C, 0x36,
+        0xCC, 0x9B, 0x97, 0x79, 0xFE, 0x8C, 0xE7, 0xA4,
+        0x99, 0xAE, 0xB5, 0x3E, 0xC6, 0xDD, 0xB4, 0xF2,
+        0xEC, 0x22, 0xBF, 0xB4, 0x52, 0xFC, 0x5E, 0x79,
+        0x7D, 0x3A, 0x25, 0x33, 0x26, 0x00, 0x06, 0xFE,
+        0x6D, 0xCC, 0xE4, 0xE9, 0x76, 0x65, 0xC6, 0x8C,
+        0x39, 0x93, 0xDC, 0x7E, 0xA0, 0xBD, 0x4B, 0xDC,
+        0xD2, 0x47, 0x21, 0xB0, 0x2B, 0x09, 0x02, 0xB1,
+        0x84, 0x0D, 0xDE, 0xC5, 0x18, 0x20, 0x38, 0x76,
+        0x2D, 0x55, 0xFC, 0x11, 0xB9, 0x87, 0x3A, 0x0D,
+        0xD2, 0xEB, 0xBD, 0x55, 0xAD, 0xE3, 0x86, 0x5C,
+        0xFF, 0x3D, 0x54, 0x5F, 0x76, 0x33, 0x53, 0x69,
+        0xDD, 0x9E, 0x70, 0xB0, 0x73, 0x99, 0x77, 0xF6,
+        0xE9, 0x8A, 0x61, 0x27, 0x19, 0x4A, 0x19, 0x26,
+        0xA6, 0x97, 0xE4, 0x7F, 0x73, 0xE0, 0x4F, 0xF5,
+        0xBD, 0x52, 0x5E, 0x8F, 0x17, 0x22, 0x00, 0x8F,
+        0x7C, 0x15, 0x5C, 0xD3, 0xAD, 0xE0, 0xA5, 0xB6,
+        0x6A, 0x31, 0x36, 0xFD, 0xD8, 0x44, 0xAE, 0x5E,
+        0xCD, 0x6C, 0x82, 0x77, 0xC3, 0xD0, 0x7F, 0x39,
+        0x72, 0x1E, 0x91, 0x19, 0x50, 0xE1, 0x28, 0x20,
+        0x88, 0x3A, 0x6B, 0xC8, 0xA9, 0xE7, 0x93, 0x28,
+        0x0F, 0xA7, 0x4F, 0xF2, 0x1A, 0xC2, 0x13, 0x4E,
+        0x6B, 0xAE, 0x71, 0x3F, 0x43, 0x89, 0xC9, 0xE7,
+        0xDD, 0x05, 0xBB, 0x41, 0x09, 0xB5, 0x5E, 0xB9,
+        0x23, 0x51, 0xC0, 0xEB, 0x92, 0x1A, 0x0C, 0x3F,
+        0xAC, 0xC5, 0x00, 0x8C, 0xB8, 0x5C, 0x3F, 0x2D,
+        0x5F, 0x9A, 0xCE, 0xAE, 0x9B, 0x4B, 0x71, 0x48,
+        0x25, 0xFD, 0xE2, 0xB6, 0x26, 0x3F, 0xEE, 0x10,
+        0x33, 0x07, 0x4F, 0x59, 0xF0, 0x73, 0xE9, 0x39,
+        0x5C, 0x0D, 0x8B, 0xB5, 0xD1, 0xEF, 0xE5, 0xBF,
+        0xBB, 0xE1, 0x80, 0xF7, 0xC5, 0x91, 0xC1, 0x72,
+        0xAA, 0xB0, 0x5E, 0x7C, 0x53, 0x69, 0x4C, 0x37,
+        0x7A, 0xD2, 0x7B, 0x9D, 0x1C, 0xFA, 0x0F, 0xE0,
+        0x92, 0x93, 0x40, 0x5D, 0xBE, 0x1C, 0xF8, 0x84,
+        0x7A, 0x35, 0x1F, 0x72, 0x77, 0x68, 0xE2, 0xAF,
+        0xA5, 0x6B, 0x54, 0xFF, 0x53, 0x7C, 0xCD, 0x9D,
+        0x6A, 0x49, 0xD1, 0xCA, 0x74, 0x5F, 0xF5, 0xDB,
+        0x54, 0xF8, 0x60, 0xA7, 0x41, 0x66, 0xDE, 0xFF,
+        0xB0, 0xB2, 0xF9, 0x21, 0x06, 0xB7, 0x81, 0x4C,
+        0x9C, 0xEF, 0xFD, 0x11, 0xD5, 0x63, 0xD8, 0xF3,
+        0x3A, 0x81, 0xC4, 0x9D, 0x1B, 0xA8, 0x37, 0x73,
+        0x57, 0x26, 0x29, 0xF8, 0xB4, 0x7F, 0x9F, 0xA2,
+        0x7D, 0x2A, 0x63, 0x2C, 0x70, 0x08, 0x1E, 0x2E,
+        0xE7, 0xED, 0x73, 0xAB, 0xD2, 0x4C, 0x02, 0x7E,
+        0xF1, 0x15, 0x26, 0xE1, 0x09, 0x5C, 0x29, 0x13,
+        0xDF, 0x69, 0x29, 0x25, 0xE5, 0x68, 0x39, 0x10,
+        0x9B, 0xD0, 0x5E, 0xD8, 0xE2, 0xC9, 0x08, 0x61,
+        0x63, 0xCD, 0xF9, 0x45, 0xBC, 0x16, 0xDC, 0x80,
+        0x4C, 0x0F, 0x61, 0xEE, 0x8F, 0x3B, 0x72, 0xDB,
+        0x02, 0x45, 0xF6, 0x78, 0x69, 0x81, 0xFC, 0xE0,
+        0x32, 0x2F, 0xC2, 0xAF, 0xCD, 0x4E, 0x8E, 0x52,
+        0x03, 0xB5, 0x1C, 0x7C, 0x37, 0x2C, 0x58, 0xD5,
+        0xE2, 0x92, 0xA7, 0xE2, 0x49, 0x6C, 0x3F, 0x5D,
+        0x7F, 0x2B, 0x26, 0x70, 0x1C, 0x0C, 0x16, 0x7F,
+        0x49, 0x30, 0x71, 0x14, 0xEB, 0xBE, 0x13, 0xF4,
+        0xF1, 0xAA, 0x5A, 0xCF, 0x98, 0xF2, 0x07, 0x29,
+        0xB5, 0x12, 0x84, 0x80, 0x01, 0x46, 0x11, 0xA4,
+        0x44, 0xAE, 0x6D, 0xE0, 0x43, 0x7F, 0xFD, 0x5D,
+        0x84, 0xB5, 0x6E, 0x3E, 0x55, 0x0D, 0xE8, 0x66,
+        0x13, 0xA9, 0x28, 0x5A, 0x10, 0x84, 0x0B, 0xED,
+        0x0B, 0x69, 0xF0, 0x19, 0x69, 0x9B, 0x34, 0xB8,
+        0x6F, 0xC6, 0x22, 0xD3, 0x25, 0x26, 0x9D, 0x1A,
+        0x04, 0x6B, 0x53, 0xA4, 0xDF, 0x12, 0x93, 0xA5,
+        0x2C, 0xEE, 0x1C, 0x35, 0xFE, 0x81, 0x6B, 0x67,
+        0x81, 0x92, 0x07, 0xE0, 0x9A, 0x02, 0xC9, 0xD8,
+        0x59, 0x4D, 0x51, 0xE8, 0xB3, 0x14, 0x55, 0x2F,
+        0xDE, 0x26, 0xDB, 0x7C, 0xEB, 0x8D, 0x80, 0x12,
+        0x4A, 0x8A, 0x1C, 0x33, 0x74, 0x8E, 0x05, 0xC1,
+        0xAF, 0xD6, 0xE8, 0x7B, 0x56, 0x7C, 0x41, 0xE0,
+        0xE7, 0x3F, 0x32, 0x5F, 0x25, 0xDD, 0x2F, 0x48,
+        0x21, 0x90, 0xC4, 0x04, 0x42, 0x1A, 0x3D, 0x6A,
+        0x0E, 0x5D, 0x5C, 0xDB, 0xE2, 0xB0, 0x18, 0x8B,
+        0xAC, 0x77, 0xC6, 0xE3, 0x5D, 0x77, 0xC0, 0xA3,
+        0x2B, 0x1D, 0x96, 0x29, 0xF8, 0x8E, 0x70, 0xA7,
+        0x65, 0xFE, 0xE3, 0x8C, 0x1A, 0xB2, 0x39, 0x75,
+        0xB9, 0x45, 0xF2, 0x16, 0x1F, 0x6C, 0xFE, 0x7E,
+        0x68, 0x2A, 0xED, 0x96, 0x84, 0x95, 0x47, 0x05,
+        0x1D, 0xDE, 0xB7, 0x7B, 0x90, 0xF6, 0xAF, 0x00,
+        0x74, 0x7C, 0x47, 0xE0, 0x2E, 0x80, 0xB6, 0x9A,
+        0x0D, 0x4B, 0x78, 0xA4, 0x7D, 0xDD, 0x81, 0xE2,
+        0x99, 0x27, 0x1F, 0xA7, 0x8F, 0xE4, 0x23, 0xAD,
+        0xDF, 0x12, 0x0D, 0xD0, 0x4D, 0x46, 0xC1, 0x32,
+        0xE9, 0x70, 0xF4, 0xA0, 0x4E, 0x97, 0xA5, 0x88,
+        0xD2, 0x7C, 0x7B, 0xA8, 0x43, 0x26, 0x18, 0x2A,
+        0xAE, 0x04, 0xC2, 0x51, 0x28, 0x99, 0x71, 0x69,
+        0x1D, 0x96, 0x78, 0xD4, 0x09, 0x88, 0x16, 0x88,
+        0xF3, 0xBC, 0xCB, 0x95, 0x08, 0x30, 0xE6, 0x5B,
+        0x78, 0x48, 0x41, 0x00, 0x4E, 0x40, 0x44, 0x58,
+        0xE6, 0x16, 0x59, 0x63, 0xCF, 0xB4, 0xEE, 0xB5,
+        0x05, 0xFD, 0xD1, 0x35, 0xF3, 0x1E, 0xD0, 0x14,
+        0x7C, 0xC9, 0xE9, 0x87, 0x7F, 0xFF, 0x41, 0x07,
+        0x68, 0x91, 0x06, 0x17, 0x4E, 0x76, 0x66, 0xEE,
+        0xCB, 0x6C, 0xF2, 0xDA, 0x9C, 0x93, 0x51, 0xDC,
+        0x43, 0x4A, 0x94, 0x49, 0x38, 0x4E, 0xED, 0x7F,
+        0x5F, 0x90, 0x77, 0xB4, 0x2F, 0x0F, 0xC5, 0xD9,
+        0xF0, 0xF5, 0xF7, 0x21, 0x91, 0x32, 0xFF, 0x9A,
+        0x47, 0x09, 0x83, 0xE1, 0x9D, 0x30, 0xA4, 0xF3,
+        0x7D, 0x18, 0x97, 0x44, 0xD8, 0x32, 0xFD, 0x5F,
+        0xB3, 0x97, 0x49, 0x4E, 0x11, 0xAD, 0xF7, 0x4F,
+        0x4E, 0x90, 0x0A, 0x41, 0x87, 0xCF, 0xF5, 0xDA,
+        0x8F, 0x6D, 0x7B, 0x35, 0xAE, 0xA0, 0x16, 0xA8,
+        0xDE, 0x88, 0x62, 0x26, 0x5F, 0x13, 0x69, 0xFB,
+        0x36, 0x7E, 0xF1, 0x86, 0x0C, 0x8E, 0x07, 0xC3,
+        0x3F, 0x32, 0x82, 0xB4, 0xD9, 0x83, 0x7C, 0xDF,
+        0x3E, 0xF6, 0x58, 0x42, 0x2D, 0x34, 0xDE, 0xA4,
+        0x1E, 0x56, 0xDD, 0x18, 0x70, 0x36, 0x81, 0xD0,
+        0x44, 0xE3, 0xC4, 0x03, 0xAF, 0x33, 0xD1, 0xE7,
+        0xAF, 0xA9, 0x6A, 0x8C, 0x44, 0x35, 0xFE, 0xBB,
+        0xA0, 0xD2, 0x5D, 0xE0, 0xE4, 0xAE, 0xDF, 0xFB,
+        0x82, 0xA0, 0xBA, 0xDE, 0x76, 0xB6, 0x6C, 0xA9,
+        0xBE, 0xC7, 0xE9, 0xD7, 0x3F, 0x1C, 0xB2, 0x9C,
+        0xD7, 0x3C, 0xF0, 0x0C, 0x2F, 0x60, 0x44, 0xD8,
+        0x34, 0x53, 0xCE, 0xDD, 0xE0, 0x3F, 0x97, 0x2E,
+        0xBB, 0x03, 0x20, 0x62, 0xD0, 0xA8, 0x23, 0x9F,
+        0xB6, 0x99, 0xEC, 0x89, 0x0D, 0x32, 0x0F, 0x6F,
+        0xAF, 0x3D, 0x20, 0x7B, 0xDC, 0x9A, 0xFE, 0xA2,
+        0x02, 0x8B, 0x86, 0x99, 0x56, 0x23, 0x43, 0xAA,
+        0x50, 0xF7, 0x0A, 0x4E, 0x8C, 0x62, 0xDA, 0xF8,
+        0xB8, 0xCC, 0xA7, 0x2D, 0x02, 0x47, 0x63, 0xBA,
+        0xEC, 0x25, 0x00, 0x23, 0xEA, 0xE8, 0x25, 0xC6,
+        0x51, 0xAC, 0xC4, 0xAA, 0xA0, 0xDB, 0x6C, 0x5E,
+        0xC7, 0xEF, 0xD0, 0x71, 0xED, 0xFB, 0x95, 0xAF,
+        0x61, 0x0B, 0x64, 0x01, 0x61, 0x4F, 0x4F, 0xC6,
+        0x36, 0x27, 0x75, 0xC3, 0x81, 0x0A, 0x9A, 0x21,
+        0x69, 0xF8, 0x4A, 0x21, 0x12, 0x3B, 0x03, 0x1C,
+        0xCE, 0x08, 0x7D, 0x52, 0x0E, 0x99, 0xE2, 0x62,
+        0xE8, 0x81, 0x2E, 0x84, 0x09, 0x8E, 0xBE, 0x9B,
+        0xCE, 0xD6, 0xE6, 0xA4, 0xF7, 0x3B, 0x67, 0x45,
+        0x41, 0xDE, 0x0B, 0xCF, 0x5E, 0x7E, 0x31, 0x8F,
+        0x90, 0x6D, 0x90, 0x1F, 0xEB, 0x1D, 0x9D, 0x1C,
+        0xCB, 0x6C, 0xFF, 0xE8, 0x50, 0xDB, 0xFF, 0x75,
+        0xC8, 0xA8, 0x9F, 0x43, 0xCB, 0x94, 0x89, 0x5F,
+        0x28, 0x69, 0x6F, 0xAB, 0xB6, 0xAD, 0xCE, 0xE7,
+        0x69, 0x7E, 0x60, 0x09, 0x03, 0x87, 0x43, 0x6E,
+        0x19, 0xB1, 0x38, 0x81, 0x9B, 0x90, 0xAE, 0xB1,
+        0x8A, 0xC2, 0x7D, 0x2C, 0x65, 0x9B, 0x0D, 0xF1,
+        0x77, 0x94, 0xA7, 0x2F, 0x8B, 0xB7, 0xCE, 0x03,
+        0xEE, 0x9A, 0x78, 0xFE, 0x8C, 0x8A, 0x37, 0x45,
+        0xD5, 0x05, 0xDE, 0xD8, 0x85, 0x00, 0xF4, 0xCF,
+        0x98, 0xFB, 0x62, 0x85, 0xB0, 0xBD, 0x82, 0xE2,
+        0x7D, 0xED, 0x93, 0x3B, 0xCC, 0x18, 0x73, 0xF8,
+        0x8A, 0xBD, 0x82, 0x8F, 0x60, 0x47, 0xAC, 0xEC,
+        0x47, 0x2D, 0xEA, 0xE8, 0x7D, 0x8A, 0xDE, 0x0A,
+        0xD0, 0x73, 0x48, 0xFF, 0xAF, 0x59, 0xC1, 0x70,
+        0x29, 0xD8, 0x45, 0x38, 0x77, 0x7F, 0x73, 0xBF,
+        0xED, 0x5C, 0x63, 0x63, 0x0B, 0xC4, 0x43, 0xE0,
+        0xFA, 0x12, 0xDE, 0x72, 0x2D, 0xAB, 0xBB, 0xC2,
+        0x25, 0x0A, 0xBA, 0x3F, 0xD8, 0x61, 0x54, 0xEE,
+        0x20, 0x8D, 0x53, 0xA3, 0x27, 0xA7, 0xFF, 0x26,
+        0xA0, 0x17, 0x93, 0x39, 0x4D, 0x04, 0x15, 0x8B,
+        0xB3, 0x20, 0x60, 0x04, 0x47, 0xE2, 0xFD, 0x7D,
+        0x7C, 0x6D, 0xE0, 0x76, 0xA5, 0x13, 0xD6, 0x81,
+        0x95, 0xB0, 0x67, 0x20, 0x4F, 0xF6, 0x00, 0x5B,
+        0x16, 0x25, 0x54, 0x2B, 0x28, 0x37, 0x2F, 0x06,
+        0x80, 0x60, 0x53, 0xAE, 0xE2, 0xEA, 0x9F, 0x88,
+        0xAE, 0xA2, 0x9A, 0x27, 0x02, 0x15, 0x4B, 0xF4,
+        0x43, 0xBC, 0x70, 0x7D, 0x0A, 0x96, 0xEB, 0x06,
+        0xCE, 0x43, 0xEF, 0xE6, 0x6A, 0xAC, 0x1F, 0x16,
+        0x95, 0xE2, 0x8C, 0xF1, 0x07, 0x19, 0x3D, 0x06,
+        0x2E, 0x71, 0xB6, 0x3A, 0xFD, 0xCF, 0x9E, 0x05,
+        0x0B, 0xBE, 0xD7, 0x48, 0x4E, 0xC5, 0xE8, 0x0C,
+        0x51, 0x5A, 0xC8, 0x20, 0xF0, 0xCD, 0xF9, 0x65,
+        0xDD, 0x97, 0xF7, 0xA1, 0x1B, 0x57, 0xB2, 0x1A,
+        0x04, 0xBF, 0x42, 0xF2, 0xA3, 0x3D, 0x61, 0x97,
+        0x64, 0xDF, 0xB3, 0x63, 0x11, 0xFD, 0xAD, 0x8C,
+        0x83, 0xA7, 0x48, 0xBA, 0x34, 0x42, 0xC5, 0x70,
+        0x64, 0x5A, 0x78, 0x5E, 0x67, 0x03, 0xE5, 0xBF,
+        0x22, 0xE8, 0x46, 0xFC, 0x51, 0x6C, 0xB4, 0x99,
+        0x15, 0xFD, 0x63, 0xB6, 0x3E, 0x5D, 0xBF, 0x56,
+        0xF5, 0x5E, 0xA4, 0x01, 0x16, 0xD5, 0x03, 0x4B,
+        0xBB, 0x94, 0x5F, 0x58, 0xD6, 0x76, 0x95, 0xC7,
+        0x96, 0xF1, 0xC1, 0xD0, 0x53, 0xA3, 0xEB, 0x28,
+        0xA9, 0x5E, 0x8F, 0x38, 0x8E, 0x80, 0x04, 0xC3,
+        0xB2, 0x4F, 0xD5, 0xFC, 0xCA, 0x7B, 0xB1, 0xE3,
+        0xB9, 0x9A, 0x9F, 0x3C, 0x94, 0x5E, 0xF8, 0xA5,
+        0x35, 0xF1, 0x37, 0x43, 0x20, 0x71, 0xA5, 0xCA,
+        0x5B, 0x6F, 0x7D, 0xC7, 0xB8, 0xBC, 0xE5, 0x5A,
+        0xD0, 0xF3, 0xB6, 0xCF, 0x1B, 0xCB, 0xB9, 0xCD,
+        0x35, 0xE2, 0x41, 0xF8, 0x6E, 0x46, 0x97, 0x27,
+        0x26, 0x48, 0xF4, 0x73, 0xDB, 0xD5, 0xB7, 0x68,
+        0x1E, 0xF0, 0xC7, 0x84, 0x49, 0xE6, 0xC5, 0xFA,
+        0x93, 0x0D, 0x83, 0x2C, 0x85, 0x1E, 0xED, 0x2A,
+        0x65, 0x12, 0x19, 0xD7, 0xD9, 0xC3, 0xBB, 0x23,
+        0xF3, 0xC6, 0xAD, 0x7E, 0xB7, 0x78, 0x68, 0x54,
+        0x1F, 0x3C, 0xEE, 0x09, 0xF5, 0x1E, 0xE0, 0x4E,
+        0xBA, 0x1B, 0xBC, 0x29, 0x69, 0x8A, 0xED, 0xD3,
+        0xC7, 0xAC, 0xEC, 0x44, 0x29, 0xD7, 0xA4, 0x0C,
+        0xFA, 0xBD, 0xA2, 0x29, 0x34, 0x80, 0x16, 0x4F,
+        0x37, 0xEC, 0xB6, 0x73, 0xF2, 0xB5, 0xD7, 0x51,
+        0x57, 0x43, 0xAF, 0x7E, 0xD0, 0xB6, 0xE0, 0x96,
+        0xF0, 0xE2, 0xFE, 0xCE, 0xC8, 0x9F, 0x40, 0xD6,
+        0xAF, 0xE0, 0xBF, 0xCD, 0x70, 0x37, 0x91, 0x69,
+        0x99, 0x8C, 0xDF, 0x4A, 0x20, 0xDE, 0xB6, 0xC6,
+        0x7A, 0xB4, 0xE3, 0x6A, 0xAD, 0x53, 0xED, 0xB9,
+        0x8A, 0x13, 0x61, 0xC5, 0xE9, 0xB0, 0xDC, 0x16,
+        0x36, 0xD7, 0x51, 0xA8, 0x7B, 0x52, 0x05, 0x3B,
+        0xAD, 0x5C, 0xD2, 0xBD, 0x6F, 0x6B, 0xA9, 0x51,
+        0xA7, 0xE8, 0x7E, 0xA4, 0xB6, 0x77, 0xAE, 0x00,
+        0x89, 0x3A, 0x1F, 0x76, 0x72, 0x3F, 0xC5, 0x6C,
+        0x49, 0x4F, 0xB5, 0xCA, 0x2F, 0x5D, 0xAE, 0xF8,
+        0x58, 0x9A, 0xE2, 0x5B, 0x54, 0x76, 0xF4, 0xAA,
+        0x89, 0xD4, 0x04, 0xAF, 0x1C, 0x26, 0x65, 0xEC,
+        0xA1, 0x81, 0x06, 0x2A, 0x4B, 0x5E, 0xD5, 0x90,
+        0xB8, 0x26, 0x33, 0x64, 0x15, 0x33, 0x25, 0xAC,
+        0x97, 0x9A, 0xCA, 0x1B, 0x64, 0x50, 0x82, 0x8F,
+        0x65, 0x6A, 0xD4, 0x47, 0xCF, 0x7E, 0x93, 0x7D,
+        0xB3, 0xCB, 0xFE, 0x55, 0x0A, 0x46, 0x93, 0x22,
+        0xB5, 0x46, 0xAB, 0xD6, 0x05, 0x59, 0x14, 0x5E,
+        0x1B, 0xD4, 0x2D, 0xAF, 0xA3, 0x18, 0xB7, 0xA0,
+        0xD7, 0x11, 0x70, 0xDE, 0x81, 0x8B, 0xD6, 0x64,
+        0xFD, 0x38, 0xBD, 0x29, 0x92, 0x41, 0x80, 0xC4,
+        0x4A, 0x6D, 0x34, 0x1B, 0xF0, 0x59, 0xA0, 0xD6,
+        0x48, 0x55, 0xD2, 0xA5, 0xE2, 0x91, 0xB6, 0x71,
+        0xF4, 0x90, 0x97, 0x8B, 0x0A, 0xDD, 0x90, 0xEA,
+        0x61, 0x9B, 0x30, 0xA6, 0x2F, 0x5D, 0xB4, 0xEE,
+        0x7A, 0x10, 0x40, 0x59, 0x89, 0xAC, 0x30, 0x6E,
+        0x9C, 0x7B, 0xBC, 0x11, 0x75, 0x38, 0x00, 0x2E,
+        0xDF, 0xED, 0x87, 0x47, 0x30, 0xFB, 0xD4, 0x8A,
+        0xC6, 0xBE, 0xC7, 0x20, 0xC8, 0x3D, 0x51, 0x05,
+        0x67, 0x48, 0xDE, 0xE2, 0xBF, 0x95, 0x5E, 0x7B,
+        0xD7, 0xC7, 0x86, 0xDF, 0x68, 0x57, 0xA9, 0x29,
+        0xBC, 0xF8, 0xE3, 0x81, 0x62, 0x1B, 0x37, 0x58,
+        0xF2, 0xFF, 0xEE, 0xE8, 0x28, 0x08, 0x36, 0x23,
+        0x5B, 0x24, 0x68, 0x1E, 0x62, 0xBD, 0x27, 0xC2,
+        0x6F, 0xE9, 0x63, 0x67, 0x53, 0xC7, 0x8A, 0xB5,
+        0xA7, 0xEF, 0x29, 0xFE, 0x60, 0xAC, 0x29, 0xCF,
+        0x67, 0x40, 0x9F, 0xE6, 0x57, 0xCE, 0x65, 0x3A,
+        0x2F, 0xDA, 0xA7, 0xF2, 0x0C, 0x50, 0x19, 0xE6,
+        0xF7, 0x43, 0x2E, 0x8C, 0xEB, 0x9E, 0x99, 0x92,
+        0xE6, 0x46, 0xB7, 0x8D, 0x43, 0x65, 0xFD, 0x02,
+        0x17, 0x74, 0x6F, 0x7B, 0xA3, 0x1E, 0x06, 0x9D,
+        0x75, 0x4E, 0x05, 0xED, 0x5A, 0x71, 0xFC, 0x5E,
+        0x7D, 0x6D, 0x64, 0x5E, 0xAF, 0x41, 0x44, 0xD6,
+        0xBC, 0x43, 0x05, 0x5E, 0x6C, 0xDB, 0x89, 0x34,
+        0xC7, 0x02, 0x64, 0x08, 0xAE, 0x96, 0x53, 0x5B,
+        0xA2, 0xDE, 0xCD, 0x2F, 0x74, 0x56, 0xD6, 0xEC,
+        0xA4, 0x23, 0x68, 0xCD, 0x9A, 0xC5, 0x05, 0x7B,
+        0x7D, 0x1E, 0x12, 0xF7, 0x7A, 0xA8, 0x7C, 0x43,
+        0x7E, 0x7A, 0x43, 0x31, 0x5D, 0xA0, 0x81, 0xE5,
+        0x3A, 0xFE, 0x23, 0xB5, 0xBC, 0xC2, 0xF4, 0xCE,
+        0x3A, 0x80, 0x06, 0xE8, 0x1E, 0x08, 0xAF, 0x0A,
+        0x33, 0xC1, 0xA9, 0x30, 0x7C, 0x8D, 0x5A, 0xC5,
+        0x93, 0x89, 0xF2, 0x69, 0x24, 0x11, 0x6C, 0xAB,
+        0x0B, 0x87, 0xD5, 0x49, 0xD0, 0x38, 0x3C, 0x27,
+        0x4E, 0x8E, 0x85, 0xD4, 0x6E, 0x0F, 0xCD, 0x70,
+        0xE3, 0x68, 0x42, 0xCA, 0x4C, 0x8D, 0x6D, 0x0F,
+        0x48, 0xF3, 0xED, 0xF9, 0xE9, 0x43, 0x5D, 0xBF,
+        0x55, 0x75, 0xF8, 0xEB, 0x78, 0x93, 0x72, 0x75,
+        0x8B, 0xF5, 0xBD, 0xE9, 0x9D, 0xA2, 0xB9, 0x81,
+        0x83, 0xDB, 0xAC, 0x82, 0xD1, 0xC1, 0x20, 0x03,
+        0x72, 0x4D, 0xDC, 0x42, 0xAE, 0xC8, 0x1C, 0x0C,
+        0x78, 0x22, 0x77, 0x27, 0x91, 0x50, 0x4C, 0x90,
+        0xEA, 0x13, 0x8B, 0x6C, 0x91, 0xDF, 0x5D, 0x25,
+        0x36, 0x9C, 0xC2, 0x06, 0x4F, 0xD5, 0xE2, 0xCC,
+        0x9D, 0x89, 0x3B, 0xC4, 0x23, 0x5D, 0x88, 0x17,
+        0x62, 0x4E, 0xC9, 0xFA, 0xC8, 0xEF, 0x1D, 0x45,
+        0xE1, 0xFB, 0x58, 0xB3, 0x8E, 0xBD, 0x8D, 0xAE,
+        0x12, 0xFF, 0xA0, 0x37, 0xE0, 0x7F, 0x5B, 0x41,
+        0x1D, 0x40, 0x17, 0xAF, 0x95, 0x2D, 0x8C, 0x42,
+        0xC6, 0x1A, 0x2A, 0x1E, 0x8E, 0x70, 0x25, 0xD6,
+        0xD3, 0xA2, 0x85, 0xAA, 0x17, 0xFF, 0x0D, 0xB4,
+        0x39, 0xD0, 0xF2, 0xAF, 0xA0, 0x4F, 0x31, 0x8D,
+        0x6D, 0x57, 0x6A, 0xED, 0xC6, 0xF1, 0xE7, 0x67,
+        0xA6, 0x6F, 0xB3, 0x9B, 0x72, 0xC6, 0x7F, 0x05,
+        0xAF, 0x40, 0x87, 0x12, 0x0D, 0xC8, 0x98, 0x88,
+        0x2D, 0xDE, 0xA1, 0x7C, 0x95, 0x32, 0xB2, 0x7A,
+        0xB5, 0x9D, 0xE4, 0x0D, 0x75, 0xD4, 0x17, 0x5B,
+        0xB4, 0x92, 0x73, 0xAF, 0x87, 0x3A, 0x92, 0xDA,
+        0x4D, 0x87, 0xE2, 0x53, 0xCA, 0xE7, 0x2A, 0x52,
+        0x64, 0xE0, 0xC1, 0xDE, 0x4C, 0x9C, 0xF9, 0x1A,
+        0x1F, 0x3A, 0xD6, 0x05, 0xA0, 0xCC, 0x8D, 0x91,
+        0x93, 0x51, 0xF9, 0x37, 0x1A, 0xFC, 0x68, 0xEF,
+        0xBC, 0xED, 0x19, 0x8E, 0x4C, 0xD1, 0xB5, 0x8C,
+        0xA2, 0x85, 0xDA, 0x02, 0x65, 0xAB, 0xAC, 0xAE,
+        0xCA, 0x8E, 0xAC, 0xF0, 0x2A, 0x4F, 0xC7, 0x67,
+        0x16, 0x2E, 0x24, 0x7F, 0x73, 0xCD, 0xD7, 0x3E,
+        0xE3, 0x27, 0x8A, 0xF9, 0x4A, 0xC4, 0xA8, 0xCB,
+        0x2B, 0x01, 0x55, 0x68, 0x34, 0xA3, 0xC0, 0xB8,
+        0xD0, 0x6D, 0x05, 0xF2, 0x3B, 0x4C, 0x17, 0x47,
+        0xE7, 0x64, 0x53, 0xF4, 0x9D, 0xE0, 0x8D, 0xF8,
+        0xEE, 0x0E, 0xA6, 0x25, 0x64, 0x7D, 0x1B, 0xD0,
+        0x80, 0xE7, 0x3C, 0x41, 0x97, 0xAE, 0xCB, 0x6A,
+        0x23, 0xC2, 0x5F, 0x00, 0xC6, 0xC5, 0x4C, 0x8A,
+        0x4C, 0xEF, 0x76, 0x65, 0x95, 0x28, 0xB3, 0x67,
+        0x42, 0xEC, 0x17, 0xFF, 0x0E, 0xE3, 0x7B, 0x30,
+        0x6D, 0xCC, 0xB8, 0x87, 0xD6, 0x63, 0x36, 0x5D,
+        0xC9, 0xE8, 0x1D, 0x51, 0x47, 0xCF, 0xE5, 0x05,
+        0x0D, 0xB4, 0x09, 0xDF, 0xAD, 0x88, 0x9C, 0x38,
+        0x6F, 0x12, 0xA5, 0xCD, 0x0C, 0x95, 0x53, 0x41,
+        0x13, 0xA6, 0xD0, 0xAB, 0xCB, 0x5A, 0x3F, 0x56,
+        0xCE, 0x23, 0xEE, 0x32, 0x61, 0x22, 0x79, 0xE8,
+        0xBA, 0x23, 0x94, 0x61, 0x25, 0x8E, 0xD6, 0x3E,
+        0x78, 0x83, 0xE1, 0x15, 0xBA, 0x05, 0x81, 0xB8,
+        0x1A, 0x7F, 0x73, 0xC1, 0xB7, 0x9F, 0x29, 0xA1,
+        0x16, 0x2E, 0x6E, 0x84, 0xC7, 0x15, 0xBC, 0x50,
+        0x28, 0x5F, 0xD3, 0x8D, 0x4D, 0x6D, 0xC0, 0x87,
+        0x68, 0x88, 0x4B, 0xF4, 0xFB, 0x55, 0x85, 0x3D,
+        0xA7, 0xB5, 0x47, 0x1E, 0x73, 0xA1, 0x47, 0x8D,
+        0xB1, 0xE1, 0xCF, 0xE6, 0x15, 0x3E, 0xC6, 0xC3,
+        0x78, 0xDD, 0x6A, 0x3F, 0x42, 0x29, 0x6E, 0x61,
+        0x9D, 0xE7, 0x63, 0xFF, 0x2D, 0xDB, 0x83, 0xE5,
+        0x15, 0x84, 0xC2, 0x8D, 0xD8, 0x34, 0x2E, 0x92,
+        0x9E, 0x15, 0xB7, 0xBB, 0xCF, 0x5D, 0x6E, 0xCB,
+        0x87, 0x79, 0xCF, 0x7F, 0x3A, 0x9A, 0xC1, 0x6A,
+        0x43, 0x1F, 0x52, 0xA2, 0x34, 0xE6, 0xA3, 0x69,
+        0x9D, 0x9E, 0x44, 0x84, 0x0A, 0x4D, 0x3D, 0x48,
+        0x5D, 0xA5, 0xD9, 0x03, 0x94, 0xB1, 0x81, 0xEF,
+        0x89, 0x98, 0xE6, 0xD1, 0x44, 0x21, 0x83, 0x59,
+        0x09, 0xCD, 0xDB, 0x16, 0x7C, 0x8C, 0x38, 0x78,
+        0x19, 0x4B, 0x6D, 0x51, 0x4D, 0xF8, 0x63, 0x6D,
+        0x4A, 0x14, 0xA1, 0xBE, 0xF3, 0xCA, 0x38, 0x1E,
+        0x36, 0xCF, 0x2E, 0x6D, 0x5F, 0xBC, 0xB4, 0x0A,
+        0xF0, 0x91, 0x7D, 0x6D, 0xBB, 0x87, 0x5C, 0xFF,
+        0x64, 0xCD, 0xCE, 0xCC, 0xCF, 0xB8, 0xBF, 0xB8,
+        0x05, 0x45, 0x8D, 0xF8, 0x2C, 0x74, 0xEB, 0x86,
+        0x3A, 0x96, 0x9E, 0xD9, 0x8B, 0x9C, 0x46, 0xE7,
+        0x17, 0x3C, 0x09, 0x0D, 0xB0, 0x68, 0xB2, 0xD8,
+        0x0C, 0xCE, 0x32, 0xDE, 0x51, 0x72, 0xB5, 0xD4,
+        0xA8, 0xB9, 0x09, 0xA5, 0xA4, 0xCC, 0x47, 0xFA,
+        0x9F, 0x2E, 0xD6, 0x6E, 0x60, 0x69, 0xCD, 0x96,
+        0xAB, 0x1F, 0x3E, 0x84, 0x8C, 0x68, 0x72, 0x0F,
+        0xEA, 0x32, 0xC5, 0x73, 0x6E, 0x8A, 0xB5, 0x10,
+        0x05, 0xFE, 0x42, 0x58, 0x33, 0xF2, 0x07, 0x56,
+        0xC1, 0x96, 0x76, 0x23, 0x77, 0x9D, 0x0A, 0xD2,
+        0x42, 0xA1, 0x69, 0x06, 0x83, 0xBA, 0xD2, 0xEB,
+        0x12, 0x3D, 0x97, 0xAB, 0x23, 0x08, 0x90, 0x15,
+        0x51, 0x4D, 0x0C, 0x6A, 0x3B, 0x0F, 0x37, 0x15,
+        0x25, 0xC2, 0x3E, 0x5F, 0x53, 0x84, 0x4C, 0x81,
+        0xDD, 0xE8, 0x7C, 0xFE, 0x9F, 0x06, 0x5E, 0x11,
+        0x68, 0x7D, 0x68, 0x6B, 0x07, 0x2C, 0x19, 0x00,
+        0xF5, 0xC9, 0xA7, 0xC3, 0x1F, 0xE8, 0xBA, 0xBE,
+        0x9F, 0x09, 0x0C, 0xE2, 0xCB, 0x3B, 0x68, 0x7B,
+        0xA8, 0x9E, 0xD8, 0x3C, 0x08, 0x85, 0xDF, 0xF9,
+        0x11, 0x2B, 0x52, 0xF6, 0xCE, 0xD7, 0x1E, 0x32,
+        0xA4, 0x0A, 0x9A, 0xBC, 0xFF, 0xF4, 0x20, 0xB6,
+        0x24, 0x85, 0x84, 0x7F, 0xFF, 0x70, 0x3C, 0xBB,
+        0x74, 0x36, 0x42, 0x25, 0x5F, 0xBD, 0x0A, 0x90,
+        0x86, 0xA7, 0xB8, 0x3F, 0x9E, 0xDF, 0x43, 0x24,
+        0x88, 0x0C, 0x52, 0x08, 0xF7, 0xDC, 0xB1, 0xEA,
+        0xC3, 0x38, 0xF9, 0x13, 0x16, 0x65, 0xA0, 0xCA,
+        0x6B, 0xF0, 0xD6, 0x12, 0xFB, 0xA6, 0x3F, 0xF7,
+        0x13, 0x91, 0x99, 0xB1, 0xDE, 0xE4, 0xEE, 0x1E,
+        0x98, 0x9B, 0xE4, 0xA0, 0x3A, 0xA8, 0xAC, 0x4A,
+        0x48, 0x3E, 0xCB, 0x9E, 0xB4, 0x1D, 0x22, 0x1F,
+        0x59, 0x97, 0x24, 0x8C, 0xFE, 0xDC, 0xBF, 0x6C,
+        0xAD, 0x8D, 0xB0, 0xA3, 0x27, 0xFA, 0x28, 0x8F,
+        0xD6, 0xAE, 0x31, 0x39, 0x84, 0xFA, 0x61, 0x8F,
+        0x7D, 0xD4, 0xEE, 0xBB, 0x13, 0xED, 0x85, 0xC4,
+        0x35, 0xC0, 0xAB, 0x07, 0x73, 0xC5, 0xCD, 0xCA,
+        0xD4, 0x69, 0x9B, 0x9C, 0x38, 0x2A, 0x1F, 0x37,
+        0xF9, 0xDF, 0x8C, 0x3A, 0xE1, 0x57, 0xDF, 0x05,
+        0x9F, 0x97, 0x51, 0xCC, 0xA6, 0x93, 0xD5, 0x49,
+        0x2A, 0xE9, 0xCD, 0x46, 0x31, 0x22, 0x6E, 0x62,
+        0xE8, 0x13, 0x90, 0x64, 0xFF, 0x00, 0x27, 0xCF,
+        0xA1, 0x95, 0x4E, 0xE9, 0x36, 0xAF, 0xAD, 0x02,
+        0x06, 0xDD, 0x2A, 0xE2, 0x28, 0xB6, 0xDD, 0x65,
+        0xCD, 0x9A, 0x9D, 0x5F, 0xF9, 0xC0, 0xCC, 0x48,
+        0xC8, 0xC2, 0xE9, 0x8F, 0x5A, 0xE6, 0xE2, 0xC9,
+        0x79, 0x7A, 0x83, 0x84, 0xF8, 0xA3, 0xE3, 0xC7,
+        0x48, 0xC7, 0x06, 0xFE, 0x6A, 0x36, 0x25, 0xD2,
+        0xA2, 0xEB, 0x4A, 0xE2, 0xCA, 0xA0, 0x49, 0x24,
+        0x1A, 0x47, 0x8C, 0x1A, 0x77, 0xF5, 0xC9, 0x0D,
+        0xDC, 0x94, 0x18, 0x4D, 0x89, 0x80, 0x50, 0x18,
+        0x7D, 0x67, 0x00, 0x43, 0xE4, 0xE7, 0x8F, 0x54,
+        0xDC, 0x60, 0x84, 0x24, 0xF3, 0xBF, 0x5E, 0x92,
+        0xC7, 0x0C, 0x05, 0x49, 0xBB, 0x61, 0x2F, 0x48,
+        0x0A, 0xEB, 0xE5, 0xFA, 0x8B, 0x01, 0x33, 0x27,
+        0x10, 0x3E, 0xA1, 0x28, 0x33, 0x11, 0x30, 0x1F,
+        0x91, 0x47, 0x7B, 0xA6, 0x3E, 0xD4, 0xF9, 0xC2,
+        0x8F, 0xA3, 0x4E, 0xBC, 0xA7, 0x61, 0x56, 0x1F,
+        0x90, 0x33, 0x54, 0x15, 0x06, 0x21, 0x9C, 0x57,
+        0x07, 0xC2, 0xF8, 0xED, 0x81, 0xED, 0x36, 0x15,
+        0xC8, 0xAC, 0xAB, 0x12, 0x80, 0xBF, 0x7C, 0x5E,
+        0x00, 0xEC, 0x1B, 0x27, 0x58, 0x3A, 0xE9, 0x09,
+        0x2B, 0x23, 0x16, 0x69, 0x26, 0xF9, 0xCC, 0x3C,
+        0x5A, 0xFB, 0x66, 0xBA, 0x32, 0xF9, 0xAF, 0xAB,
+        0xCB, 0xA7, 0xF7, 0x91, 0x6A, 0x82, 0x42, 0xA7,
+        0x9D, 0x7B, 0x0E, 0xD3, 0x5D, 0xF6, 0x52, 0x6D,
+        0x7D, 0x2B, 0xE6, 0x30, 0x99, 0x01, 0xBD, 0xC0,
+        0x3D, 0x15, 0x95, 0xC2, 0x67, 0x19, 0xD9, 0x0F,
+        0xC0, 0x79, 0x1E, 0xAB, 0xA7, 0x67, 0x35, 0x12,
+        0x53, 0xB0, 0x6A, 0xE4, 0xB9, 0x0A, 0x52, 0xEF,
+        0xBD, 0xCD, 0xD4, 0x0C, 0x09, 0x6F, 0x24, 0xE9,
+        0x52, 0x9F, 0xF8, 0x9F, 0x95, 0x95, 0x57, 0x07,
+        0x5F, 0xC8, 0xDD, 0xAF, 0xE6, 0x10, 0x3A, 0x51,
+        0x38, 0xF0, 0x9F, 0xBD, 0xEB, 0x0F, 0x5F, 0x36,
+        0xB5, 0x2A, 0x57, 0xBE, 0x21, 0x39, 0xD8, 0x9D,
+        0x29, 0x04, 0xBC, 0xE2, 0xB8, 0x6D, 0x03, 0xF2,
+        0x6D, 0x56, 0xF4, 0x18, 0x40, 0x07, 0x1A, 0x15,
+        0x8B, 0xF5, 0x46, 0xE1, 0x0C, 0x4D, 0xED, 0x0E,
+        0x81, 0xB0, 0x0D, 0x98, 0x88, 0xC5, 0x5D, 0x53,
+        0xE1, 0x1D, 0xB7, 0x00, 0x26, 0xC6, 0x46, 0x7E,
+        0xD2, 0xAB, 0x0B, 0xD9, 0x1E, 0xE0, 0xE7, 0xC3,
+        0xC3, 0xE0, 0x83, 0x7F, 0x8C, 0xB9, 0xBA, 0xE0,
+        0x04, 0xE2, 0xA8, 0xFF, 0xEC, 0xD5, 0x9E, 0x79,
+        0x2F, 0x13, 0xF9, 0x27, 0xCA, 0xDD, 0xF5, 0x0F,
+        0x74, 0xD2, 0x9B, 0xC6, 0x2E, 0xF2, 0xF0, 0x2A,
+        0xB0, 0xF9, 0x6E, 0x27, 0x3E, 0x8D, 0x66, 0xDB,
+        0x44, 0x82, 0xDD, 0x1B, 0xD5, 0xBB, 0x51, 0x6E,
+        0x72, 0x3A, 0xCB, 0x0F, 0x0B, 0x97, 0xBC, 0x32,
+        0x07, 0xC1, 0x0C, 0xF3, 0x94, 0xFF, 0x62, 0xE2,
+        0xFD, 0x7D, 0xBB, 0x3D, 0x43, 0x11, 0xB3, 0xFA,
+        0x22, 0x05, 0xBF, 0x87, 0x0F, 0xFD, 0xD1, 0x81,
+        0xC6, 0x30, 0xC6, 0x91, 0xD4, 0xEE, 0xA8, 0x6B,
+        0x37, 0xB2, 0x38, 0xF1, 0x87, 0x89, 0xE0, 0x04,
+        0x09, 0xED, 0x18, 0xA6, 0x3C, 0x18, 0x9E, 0x38,
+        0xCB, 0x9F, 0xFE, 0xB3, 0x03, 0xF4, 0xE4, 0x3F,
+        0xB3, 0x94, 0x7C, 0x74, 0x03, 0x6C, 0xCF, 0x16,
+        0x24, 0xF8, 0x56, 0xE2, 0x4A, 0x7E, 0x9A, 0x21,
+        0xB8, 0xC2, 0x7C, 0xF4, 0x3D, 0x85, 0x15, 0x43,
+        0xA5, 0xCA, 0xFD, 0xA3, 0x05, 0xCC, 0x63, 0x8D,
+        0x94, 0x82, 0x70
+    };
+    static const byte rnd_87[] = {
+        0x16, 0xB8, 0x2B, 0x9B, 0x0A, 0x90, 0x5B, 0xB3,
+        0xD8, 0x7B, 0x4A, 0x1E, 0x40, 0xAE, 0xAD, 0x3C,
+        0xDE, 0x63, 0xB2, 0x2C, 0xB7, 0x16, 0xBD, 0x46,
+        0x7A, 0x7B, 0xE8, 0x4A, 0xF1, 0x9B, 0x7C, 0xFE
+    };
+    static const byte sig_87[] = {
+        0xE5, 0x5D, 0x62, 0x56, 0x92, 0x73, 0x72, 0x13,
+        0xDD, 0x3D, 0x7F, 0x51, 0x42, 0xF3, 0xAA, 0x33,
+        0x87, 0x12, 0x2F, 0x20, 0xC9, 0x50, 0x93, 0x0A,
+        0x7E, 0x7C, 0xCC, 0x0C, 0x6D, 0x21, 0xB9, 0x5D,
+        0x62, 0x47, 0xD5, 0xFB, 0x3A, 0xCC, 0xBC, 0xB8,
+        0xA1, 0x5A, 0xDF, 0x97, 0x58, 0xBA, 0x7E, 0x40,
+        0x9A, 0x76, 0xD0, 0x1C, 0xBF, 0x0F, 0x14, 0xC3,
+        0x23, 0x3B, 0x21, 0xB0, 0x5D, 0x11, 0x3B, 0x1F,
+        0x70, 0xCB, 0x21, 0x78, 0x51, 0x68, 0xE2, 0x3A,
+        0x29, 0x4A, 0x0D, 0xD0, 0x32, 0x50, 0xDC, 0xBB,
+        0xD1, 0xCF, 0x80, 0x19, 0x7A, 0xC7, 0xFC, 0x37,
+        0x2D, 0x5A, 0x5A, 0xDF, 0x3E, 0x7E, 0x89, 0x2D,
+        0xC6, 0x0E, 0x75, 0x9A, 0xBB, 0xDF, 0x69, 0x82,
+        0x28, 0xB6, 0xD0, 0xF3, 0xF4, 0xCB, 0x4F, 0xD5,
+        0xDC, 0x5D, 0xFE, 0x8D, 0x01, 0xB4, 0x93, 0x9F,
+        0x89, 0x53, 0x18, 0x74, 0x29, 0x20, 0x36, 0xBF,
+        0x34, 0xCA, 0x71, 0x2B, 0x01, 0x14, 0xFB, 0x66,
+        0x94, 0x28, 0x81, 0xF1, 0xF1, 0x7E, 0x80, 0xB6,
+        0x4E, 0x0E, 0x9E, 0x9E, 0x60, 0xD7, 0x6A, 0xFB,
+        0x59, 0xC7, 0x96, 0x9F, 0xB4, 0x9C, 0x98, 0x72,
+        0x06, 0xC1, 0x6C, 0xAA, 0x8E, 0xC7, 0x48, 0xE6,
+        0xC3, 0xAD, 0x8B, 0x4E, 0xF7, 0x81, 0x92, 0x74,
+        0xC0, 0x5A, 0x2B, 0x54, 0x8D, 0x47, 0x15, 0xAC,
+        0xED, 0x45, 0x69, 0xD0, 0x7C, 0x28, 0x80, 0x18,
+        0xA3, 0x9F, 0xB7, 0x14, 0xC6, 0x51, 0xF9, 0x02,
+        0x70, 0x98, 0xD9, 0xC1, 0x09, 0xC0, 0xD7, 0xCE,
+        0x8B, 0x81, 0x7B, 0x30, 0x99, 0x4C, 0x85, 0x1C,
+        0xFA, 0xAE, 0xBF, 0x05, 0x95, 0xBB, 0x6E, 0x01,
+        0xE4, 0xFC, 0xE7, 0x11, 0x16, 0x90, 0x28, 0xC3,
+        0xC4, 0x36, 0x9F, 0x11, 0xCD, 0xEB, 0xEB, 0x71,
+        0x15, 0x08, 0x1D, 0x43, 0x2B, 0x12, 0xA6, 0x4E,
+        0xB6, 0xF9, 0x35, 0xE4, 0x37, 0x0D, 0xF7, 0x49,
+        0xDF, 0x73, 0x4D, 0xE3, 0x57, 0x33, 0x96, 0x7B,
+        0x72, 0x45, 0x2F, 0x92, 0x70, 0xBB, 0x6F, 0xCD,
+        0x90, 0x82, 0x67, 0xBB, 0x31, 0x9D, 0x9E, 0x38,
+        0x75, 0xCD, 0x5B, 0x55, 0x10, 0x6B, 0xFC, 0x00,
+        0x15, 0xC8, 0xCB, 0xFC, 0xE1, 0x18, 0x41, 0xE8,
+        0x6E, 0x92, 0xEC, 0x1A, 0x26, 0x88, 0x6C, 0xF6,
+        0x2A, 0x5C, 0x05, 0x94, 0xD7, 0xB8, 0xD0, 0x78,
+        0x52, 0x68, 0x8D, 0xC5, 0xBD, 0xD6, 0x29, 0xF8,
+        0x21, 0xDF, 0xB3, 0x28, 0x43, 0x74, 0xC7, 0x0E,
+        0x99, 0xD3, 0x0C, 0xDE, 0xE9, 0x06, 0x44, 0xCD,
+        0x77, 0x13, 0x34, 0x82, 0xBA, 0x36, 0x20, 0x71,
+        0x02, 0xB1, 0x6E, 0xBA, 0xCF, 0x9F, 0x15, 0x36,
+        0xC8, 0xF1, 0x4E, 0x36, 0x30, 0x34, 0x2D, 0x23,
+        0x6C, 0x77, 0xEC, 0xCA, 0xBA, 0x7C, 0x17, 0x4F,
+        0x3F, 0x22, 0x4A, 0x34, 0xA1, 0x5C, 0xB3, 0x8F,
+        0xD8, 0x48, 0xD5, 0x8A, 0x2C, 0x8B, 0x1B, 0xFB,
+        0x87, 0xDA, 0xBC, 0xB6, 0xD9, 0x59, 0xD6, 0x9B,
+        0xF0, 0x6E, 0x8D, 0xB1, 0x52, 0xE1, 0x8A, 0x36,
+        0x31, 0xA7, 0x83, 0xCE, 0xDF, 0x36, 0xEB, 0xBE,
+        0xEA, 0xC3, 0xC6, 0xA6, 0x52, 0x2D, 0x89, 0x0B,
+        0xF9, 0x5B, 0x1D, 0x14, 0xA9, 0xBF, 0x37, 0x31,
+        0xE0, 0x1C, 0xF5, 0x29, 0x95, 0xF0, 0xC0, 0x08,
+        0xE8, 0x97, 0xEE, 0x53, 0x27, 0x85, 0x81, 0x7D,
+        0x47, 0xE5, 0xAC, 0xC5, 0x1B, 0x48, 0xA5, 0x36,
+        0x1E, 0x8A, 0xD7, 0xF5, 0xC9, 0x93, 0x74, 0xCE,
+        0x06, 0xEA, 0xC3, 0x26, 0x45, 0xFF, 0xED, 0x39,
+        0xC1, 0x0B, 0x7A, 0x59, 0x3C, 0x0F, 0xEE, 0x89,
+        0xEF, 0xA4, 0xEC, 0xD0, 0x72, 0x34, 0x95, 0xC9,
+        0xC4, 0x78, 0x47, 0xB6, 0xB7, 0xCE, 0xA4, 0xD9,
+        0xA1, 0xB6, 0x37, 0xC1, 0xF1, 0xFB, 0x4E, 0x4C,
+        0x38, 0xB0, 0x4A, 0xE5, 0x13, 0x63, 0xDC, 0x44,
+        0xC4, 0x7E, 0x86, 0x9C, 0xAD, 0x69, 0x29, 0xFD,
+        0xA1, 0xFE, 0xAD, 0x3B, 0x59, 0x24, 0x2F, 0x70,
+        0xAE, 0x5F, 0x2C, 0x00, 0xFE, 0x01, 0x09, 0xA3,
+        0x10, 0x87, 0xF0, 0xAD, 0xFA, 0x9B, 0x83, 0x8F,
+        0x48, 0x96, 0x8B, 0x9A, 0x35, 0xE7, 0x4D, 0xAA,
+        0xEC, 0xA4, 0xCD, 0x26, 0x7C, 0x3E, 0xAC, 0x93,
+        0x26, 0x9D, 0x6B, 0x83, 0x34, 0xC4, 0x71, 0xE1,
+        0xC8, 0x93, 0x88, 0x09, 0xAF, 0x00, 0xB5, 0x7F,
+        0xD9, 0x5A, 0x8E, 0x36, 0xC1, 0x2E, 0x7E, 0xF1,
+        0x0C, 0xC5, 0x2A, 0xB3, 0xE4, 0x48, 0xDF, 0xFB,
+        0xFF, 0x99, 0xC9, 0x66, 0xD2, 0x28, 0x46, 0x7C,
+        0x43, 0x39, 0x96, 0x69, 0x95, 0x42, 0xAC, 0xE0,
+        0xC2, 0x0C, 0x65, 0x99, 0xC8, 0xB0, 0xAE, 0x76,
+        0xE8, 0x18, 0x3E, 0xA9, 0x1D, 0x44, 0x81, 0x14,
+        0x65, 0xF7, 0xDF, 0xD1, 0xD1, 0x7B, 0x7C, 0x28,
+        0xE0, 0x77, 0x9D, 0x79, 0x9C, 0xE4, 0x1A, 0xF1,
+        0xD0, 0xFF, 0x8E, 0xEA, 0x58, 0x84, 0xB3, 0x47,
+        0xBC, 0xA1, 0x47, 0x48, 0xB7, 0xC3, 0xD5, 0xD1,
+        0xF3, 0xDD, 0xA6, 0x3B, 0x15, 0x4C, 0xB3, 0xB5,
+        0xFD, 0x52, 0x9D, 0x7E, 0xF0, 0xC7, 0x40, 0x2C,
+        0x34, 0xBC, 0xCF, 0x1C, 0x67, 0x30, 0xC0, 0x4D,
+        0xA1, 0xC7, 0x5E, 0xAD, 0xAF, 0xCD, 0xFA, 0x21,
+        0xE4, 0xB5, 0x33, 0x8B, 0x37, 0x2D, 0xCF, 0x4D,
+        0x07, 0x48, 0x61, 0xB0, 0xB6, 0x8B, 0x27, 0x05,
+        0xA0, 0x8C, 0x71, 0x95, 0x84, 0x02, 0xB2, 0x1E,
+        0x59, 0xBC, 0xB6, 0xE2, 0x2C, 0x3C, 0x20, 0x4C,
+        0xDE, 0x1E, 0x35, 0x24, 0xC1, 0x5B, 0x3C, 0xB4,
+        0x2A, 0x8C, 0xA7, 0x2D, 0xE3, 0xDC, 0x45, 0x26,
+        0x6E, 0x29, 0x52, 0x5D, 0x24, 0x8A, 0xC2, 0x16,
+        0x73, 0xDB, 0x80, 0xF2, 0x91, 0xEC, 0x05, 0x3E,
+        0x2E, 0x9E, 0x39, 0x12, 0x5E, 0x11, 0x80, 0x24,
+        0xF5, 0xFC, 0x86, 0x4C, 0xD9, 0xF9, 0x70, 0x59,
+        0xC8, 0xC8, 0x57, 0x5D, 0x0F, 0x68, 0x75, 0x3C,
+        0x7A, 0x3D, 0x1B, 0xF7, 0xD0, 0xDF, 0xE2, 0xF9,
+        0xBD, 0x44, 0xFD, 0x21, 0x75, 0x86, 0x77, 0x25,
+        0xAF, 0xD3, 0x28, 0x55, 0x2A, 0x60, 0x7D, 0x79,
+        0x9C, 0x72, 0x2F, 0x6E, 0xAB, 0x2F, 0x26, 0x44,
+        0x0C, 0xFF, 0x52, 0xBD, 0xA1, 0xA9, 0x07, 0xBD,
+        0x9D, 0x2A, 0x64, 0x2E, 0x0B, 0xA1, 0xB8, 0x78,
+        0xD3, 0xC4, 0x84, 0x9A, 0xE1, 0xDB, 0xB4, 0x4A,
+        0x4C, 0x45, 0x7A, 0x8E, 0xD5, 0xA3, 0x6B, 0x09,
+        0x8D, 0x72, 0x8E, 0x6D, 0x17, 0x34, 0xFF, 0xD6,
+        0xED, 0x24, 0x19, 0x7D, 0xC6, 0x2D, 0x5B, 0x82,
+        0x68, 0xAE, 0x25, 0x33, 0xBB, 0xCB, 0x7D, 0xFD,
+        0x00, 0x15, 0x83, 0xEA, 0xBB, 0xE7, 0x40, 0x3D,
+        0x80, 0xD5, 0x9E, 0x6C, 0xE0, 0x3C, 0x7E, 0x3E,
+        0x12, 0xC7, 0x36, 0x7E, 0x41, 0x84, 0xE8, 0xB4,
+        0x16, 0xCA, 0x4A, 0xB7, 0xEB, 0x16, 0xEC, 0xAB,
+        0x5A, 0x69, 0x24, 0x7F, 0x5E, 0x81, 0x86, 0x7D,
+        0x30, 0x61, 0x4E, 0x0F, 0x75, 0x39, 0xEE, 0xF2,
+        0xF4, 0xDC, 0x5E, 0x23, 0x40, 0xE8, 0x3C, 0xC0,
+        0x10, 0xAD, 0x5E, 0xE6, 0x06, 0x8E, 0x5F, 0x55,
+        0xC5, 0x69, 0x65, 0x5F, 0xA3, 0x6E, 0x73, 0x86,
+        0x82, 0x32, 0x5F, 0x36, 0xA7, 0x6B, 0x2C, 0x26,
+        0xCD, 0x64, 0xC8, 0x57, 0x1F, 0x06, 0x7A, 0xAB,
+        0x8B, 0xA7, 0xDB, 0x53, 0x48, 0x1A, 0x06, 0x8D,
+        0x36, 0xF1, 0x77, 0x74, 0xE6, 0xF5, 0x18, 0x62,
+        0x8E, 0x8A, 0xBF, 0xB7, 0x7F, 0x72, 0x44, 0xAC,
+        0xC8, 0x9A, 0x0E, 0x60, 0x4B, 0xAB, 0xB2, 0x9E,
+        0x95, 0xDF, 0x95, 0x28, 0x98, 0x78, 0xBB, 0xA9,
+        0x5D, 0x8E, 0xEE, 0xB4, 0x84, 0xF5, 0x81, 0x7E,
+        0xA1, 0x53, 0x3E, 0xBB, 0x43, 0xF6, 0xD4, 0xB7,
+        0x60, 0xFD, 0xF4, 0xF8, 0x68, 0xB6, 0x1D, 0x9A,
+        0xF7, 0xDA, 0x77, 0xFA, 0xBB, 0x74, 0x44, 0xDE,
+        0x7C, 0x32, 0x2D, 0x5C, 0x24, 0xD8, 0x4D, 0xBF,
+        0xE0, 0x5C, 0x70, 0x12, 0x3C, 0x43, 0xCC, 0x5F,
+        0x00, 0xD5, 0x1F, 0xEA, 0x5D, 0xC9, 0x3A, 0x5C,
+        0x32, 0xED, 0xE0, 0xF1, 0x59, 0xA0, 0xB7, 0x71,
+        0xDC, 0x65, 0xD2, 0x88, 0x20, 0x20, 0xD8, 0x59,
+        0x53, 0x2D, 0x30, 0x2D, 0xFC, 0xA9, 0xEA, 0x45,
+        0xB0, 0xF3, 0x1E, 0x66, 0x9F, 0xF6, 0xF1, 0x5E,
+        0x9B, 0x67, 0x1D, 0xBF, 0x5E, 0x19, 0xB3, 0x2A,
+        0xE8, 0xCE, 0xE5, 0x90, 0xFE, 0x82, 0x5C, 0x19,
+        0x7B, 0x84, 0x3E, 0x45, 0xFF, 0x5D, 0xC2, 0x2E,
+        0x49, 0x6A, 0xB1, 0x2D, 0x50, 0x2D, 0x21, 0xF7,
+        0x2A, 0xA2, 0x39, 0x47, 0x8D, 0xB5, 0x17, 0x64,
+        0x3E, 0x96, 0x13, 0x90, 0x53, 0xEA, 0x57, 0x4C,
+        0xDB, 0x3D, 0x43, 0xC3, 0xE7, 0xD6, 0x5C, 0x54,
+        0x89, 0xDF, 0x6E, 0xF9, 0xE4, 0xC6, 0x64, 0xF0,
+        0x88, 0x1C, 0xD0, 0xF6, 0x9D, 0x9E, 0xD7, 0xCD,
+        0x2C, 0xFB, 0xCC, 0x54, 0x0E, 0x96, 0xD7, 0x4E,
+        0x05, 0xD2, 0xB3, 0x88, 0x85, 0xD8, 0x60, 0xA4,
+        0xF2, 0xE4, 0xD7, 0xFF, 0xAF, 0x12, 0x2E, 0xBA,
+        0xC4, 0x5A, 0x3A, 0x3E, 0xC5, 0xD7, 0xF3, 0x60,
+        0x4F, 0x27, 0xEF, 0xE0, 0x35, 0xAC, 0x4A, 0x8B,
+        0x14, 0x7D, 0xC4, 0xEF, 0x61, 0x9A, 0x69, 0x2E,
+        0x49, 0x80, 0x04, 0x0C, 0x18, 0xB9, 0x42, 0xC6,
+        0x8C, 0x8A, 0x99, 0x43, 0xA6, 0x5A, 0xCD, 0x72,
+        0x20, 0xAD, 0xFD, 0x9C, 0xC4, 0xAA, 0xDF, 0x6C,
+        0x6C, 0x03, 0xEF, 0x48, 0x3E, 0xFB, 0x4A, 0xBC,
+        0xAA, 0x44, 0xEE, 0xC4, 0x25, 0x8F, 0xF9, 0x8A,
+        0xC2, 0x24, 0x73, 0x15, 0xFA, 0x0E, 0xCB, 0x00,
+        0xEE, 0x9B, 0x39, 0x3F, 0x60, 0x1F, 0x00, 0x95,
+        0xCA, 0xFE, 0xC2, 0x2C, 0x35, 0x5F, 0xD9, 0xD1,
+        0x29, 0xB5, 0x4D, 0xC1, 0x66, 0x51, 0x8F, 0x17,
+        0x3B, 0xF4, 0xF1, 0x49, 0x42, 0x36, 0x0C, 0x5B,
+        0x58, 0xF2, 0x9B, 0x59, 0x01, 0xFB, 0x15, 0x7F,
+        0x21, 0x90, 0x1F, 0x56, 0x69, 0x8B, 0xE2, 0xA5,
+        0x44, 0xCB, 0x84, 0x98, 0x4B, 0x75, 0xA8, 0xCB,
+        0x83, 0x0D, 0xE8, 0x1C, 0x91, 0x7F, 0xE4, 0x57,
+        0x81, 0x16, 0x34, 0x2F, 0xCE, 0x01, 0xAA, 0x62,
+        0x54, 0x44, 0xB7, 0xD6, 0xC7, 0xF1, 0x68, 0x9A,
+        0x00, 0x3B, 0x71, 0x16, 0xF9, 0x96, 0x6A, 0x90,
+        0x6C, 0x2C, 0x4E, 0x58, 0xBC, 0xDD, 0xE9, 0x3B,
+        0x60, 0xB7, 0xA0, 0x97, 0xEE, 0xD6, 0x34, 0xDD,
+        0x49, 0x4A, 0xD9, 0x85, 0xD1, 0xB7, 0x95, 0x14,
+        0xEC, 0x6A, 0x40, 0xE8, 0x31, 0x80, 0xF1, 0xD8,
+        0x5F, 0x75, 0xF6, 0x92, 0x3A, 0x4F, 0xCD, 0x0A,
+        0x6E, 0xBF, 0xA1, 0x27, 0x48, 0x79, 0x27, 0x04,
+        0x76, 0x2C, 0xAB, 0x25, 0x06, 0xEB, 0x43, 0xDD,
+        0x1B, 0x4B, 0x24, 0xFC, 0x93, 0x51, 0x1C, 0x45,
+        0xF6, 0xAE, 0x77, 0xCF, 0xC9, 0xE6, 0x20, 0xE4,
+        0xA5, 0x2B, 0x3D, 0x7D, 0xF0, 0xEB, 0x51, 0x7C,
+        0xCA, 0xFE, 0x58, 0xBA, 0xC4, 0x07, 0x95, 0x75,
+        0x62, 0x0C, 0x50, 0x68, 0x88, 0x1A, 0x8A, 0x0D,
+        0x1B, 0x5C, 0x53, 0x1A, 0x9C, 0xA8, 0x4E, 0xFE,
+        0x63, 0x9B, 0xDB, 0x05, 0x70, 0x01, 0x75, 0xA1,
+        0x3A, 0x08, 0xFA, 0x51, 0xD5, 0xF6, 0x81, 0xDE,
+        0x69, 0xE5, 0x40, 0xB3, 0xF8, 0x7C, 0x46, 0x97,
+        0xA6, 0x4E, 0xA8, 0x51, 0x47, 0x9C, 0xB9, 0x25,
+        0xCD, 0x4E, 0xED, 0xFC, 0xEE, 0x03, 0x6A, 0xCD,
+        0x93, 0x65, 0xB3, 0x68, 0x09, 0x6F, 0xE8, 0x00,
+        0x6A, 0x3F, 0xBF, 0xE8, 0x6F, 0x09, 0xE9, 0xF2,
+        0x6F, 0x44, 0x2E, 0xB1, 0x81, 0x76, 0x04, 0xDD,
+        0x6E, 0xF4, 0x93, 0x61, 0xE5, 0x78, 0xD4, 0xDA,
+        0xBF, 0x05, 0xA1, 0xF4, 0x9D, 0xFD, 0x57, 0x06,
+        0x9C, 0x13, 0x45, 0x97, 0xF2, 0x48, 0xE6, 0x1A,
+        0xB5, 0xAD, 0x09, 0x11, 0x04, 0xBB, 0xA0, 0xA8,
+        0xA3, 0xA3, 0x33, 0xCD, 0x42, 0x2C, 0x66, 0xC2,
+        0x94, 0x80, 0x15, 0x9D, 0x56, 0x74, 0x02, 0xEE,
+        0xA7, 0xE4, 0x90, 0xDD, 0xFB, 0x0B, 0x3B, 0xF0,
+        0x7A, 0x02, 0x44, 0xE8, 0x11, 0xC4, 0x3A, 0xFE,
+        0x73, 0x2A, 0x4C, 0x92, 0x3C, 0x23, 0x37, 0x8B,
+        0x4F, 0x28, 0x8E, 0x1C, 0x4E, 0x7D, 0x0D, 0x6B,
+        0xFD, 0x20, 0xB5, 0x93, 0xB3, 0x75, 0x30, 0x28,
+        0xC7, 0x7E, 0x67, 0xC4, 0xDE, 0xDA, 0x27, 0xA9,
+        0xE3, 0xF2, 0xF5, 0x25, 0x98, 0x5F, 0x6B, 0xBE,
+        0x11, 0x80, 0x23, 0x49, 0x30, 0xC8, 0x8A, 0x63,
+        0xF9, 0xC4, 0x14, 0x77, 0x2A, 0xE2, 0x21, 0x42,
+        0x28, 0x1C, 0xEB, 0x9F, 0x7B, 0x70, 0xA8, 0x2B,
+        0xFB, 0x25, 0x36, 0xA6, 0xAC, 0xFE, 0x8E, 0xFF,
+        0xB6, 0x86, 0x09, 0x15, 0x7E, 0xD9, 0x26, 0x8F,
+        0xDB, 0xF2, 0x2D, 0xC2, 0xFA, 0xAE, 0xDA, 0x50,
+        0xF6, 0x24, 0x53, 0xDB, 0xBF, 0x92, 0x9D, 0x7E,
+        0x48, 0xCC, 0x75, 0xAC, 0xD0, 0xD3, 0x45, 0x09,
+        0x2F, 0x01, 0x60, 0xBB, 0xAE, 0xCB, 0xE6, 0xB3,
+        0x30, 0xDA, 0xD9, 0xB6, 0x12, 0xCD, 0xF5, 0x11,
+        0xCF, 0x2B, 0x2A, 0xC6, 0x61, 0x9A, 0x05, 0x59,
+        0x08, 0x58, 0x64, 0xEC, 0xDB, 0x77, 0xCF, 0x64,
+        0xE2, 0x4B, 0x6E, 0xF4, 0x07, 0x68, 0x5E, 0xE9,
+        0x31, 0xB1, 0x38, 0x67, 0xF9, 0x29, 0x2E, 0x7A,
+        0xD2, 0x03, 0xA6, 0x29, 0x3F, 0x22, 0x58, 0x66,
+        0x6A, 0x07, 0xD8, 0xFD, 0xC5, 0x03, 0xEE, 0x66,
+        0xD4, 0x66, 0x70, 0x6D, 0xA4, 0xC4, 0xA1, 0xEE,
+        0xCD, 0x4D, 0xFA, 0x3C, 0x34, 0x36, 0xC2, 0xC5,
+        0x1E, 0x86, 0xB8, 0x7B, 0x7C, 0xBC, 0x67, 0x16,
+        0xF3, 0x6E, 0xF2, 0xB7, 0xEA, 0x96, 0x1B, 0x0D,
+        0xA2, 0xC8, 0x42, 0xBF, 0x30, 0x09, 0x2A, 0x6D,
+        0x9D, 0x35, 0xB3, 0x92, 0xBA, 0x3E, 0xE2, 0xE9,
+        0xE2, 0xAA, 0x90, 0x70, 0xCE, 0x0F, 0x07, 0xFA,
+        0x7C, 0x3B, 0xF7, 0x66, 0x7F, 0x5C, 0xFE, 0xD9,
+        0x72, 0x1C, 0x4E, 0xFE, 0x7E, 0x86, 0x8E, 0x7F,
+        0x62, 0x8D, 0x41, 0x46, 0x7B, 0x43, 0x17, 0xB9,
+        0x44, 0xED, 0x39, 0x1B, 0x3E, 0xF9, 0x2D, 0xC7,
+        0x5C, 0x9D, 0xAC, 0x05, 0x00, 0xC6, 0x85, 0x4E,
+        0xB8, 0xBC, 0x29, 0xDF, 0x6D, 0x6A, 0xCC, 0xEB,
+        0xD6, 0x44, 0x86, 0xAA, 0xC9, 0x55, 0x49, 0xA1,
+        0x3F, 0x59, 0x5E, 0xAF, 0xD5, 0xC9, 0x96, 0x19,
+        0x84, 0xC0, 0x4D, 0x1B, 0xE5, 0x2C, 0x42, 0x8D,
+        0x2C, 0xC8, 0x83, 0x00, 0x26, 0xBF, 0x46, 0x9F,
+        0x20, 0x97, 0xEC, 0x2C, 0xA9, 0x2C, 0xF0, 0xA7,
+        0x11, 0xED, 0xE2, 0xA2, 0x57, 0x83, 0x40, 0x92,
+        0xF3, 0x58, 0xB7, 0x4E, 0xD6, 0x3A, 0x9D, 0xF0,
+        0xDD, 0xD4, 0x5F, 0x82, 0x58, 0xD3, 0x72, 0x05,
+        0x69, 0xFF, 0x1E, 0xBC, 0x74, 0x90, 0x87, 0xB5,
+        0x7A, 0xEE, 0xF8, 0xCE, 0x3F, 0x59, 0xE1, 0xC0,
+        0x46, 0x24, 0xF8, 0x9D, 0x93, 0x51, 0x4A, 0x44,
+        0xFB, 0xEA, 0x58, 0xA6, 0xAC, 0x9A, 0x7C, 0xA3,
+        0x11, 0xA3, 0x47, 0x44, 0x24, 0x11, 0xF5, 0x56,
+        0x1A, 0x3B, 0xCF, 0xEC, 0xD9, 0x2B, 0x6C, 0xBA,
+        0xA6, 0xA2, 0x67, 0xB9, 0xE0, 0xCB, 0x3F, 0x8D,
+        0xA8, 0xC4, 0x8A, 0x45, 0xAB, 0xE2, 0x10, 0x19,
+        0x10, 0xC9, 0xDB, 0x01, 0x64, 0xC0, 0x0B, 0x6F,
+        0x3B, 0xA1, 0xE9, 0xEB, 0x74, 0x9A, 0x63, 0x93,
+        0xE5, 0x74, 0x3F, 0xD3, 0x7B, 0xEA, 0x8C, 0xD6,
+        0x7D, 0x66, 0xDD, 0x90, 0x6C, 0x69, 0x67, 0x05,
+        0xAD, 0x70, 0xF1, 0xFA, 0x52, 0xBB, 0xD5, 0x3D,
+        0x0E, 0x7E, 0x87, 0xE0, 0x98, 0xAF, 0xA6, 0xE6,
+        0x0E, 0x25, 0x91, 0x70, 0xCA, 0x36, 0xE4, 0xF8,
+        0xF7, 0x95, 0x1C, 0x48, 0xF6, 0x62, 0x9A, 0x4D,
+        0xE4, 0xE7, 0x3A, 0x92, 0xC6, 0x2E, 0xAB, 0x8A,
+        0x75, 0x7C, 0x45, 0xDA, 0x54, 0xB1, 0x6D, 0x2E,
+        0xCC, 0x13, 0x46, 0x67, 0x8F, 0xFF, 0xDA, 0x18,
+        0xE1, 0x4C, 0xE4, 0x6A, 0xB6, 0xAC, 0x65, 0x32,
+        0x0C, 0x63, 0xD5, 0x43, 0xB5, 0x8B, 0xB1, 0x52,
+        0xEE, 0x0C, 0xBB, 0x62, 0x34, 0x30, 0xDB, 0xF7,
+        0x08, 0xC6, 0xE8, 0x5B, 0x07, 0x66, 0x6D, 0x4B,
+        0x39, 0xC6, 0x94, 0x2B, 0x22, 0x9E, 0x3E, 0x45,
+        0x62, 0x3D, 0x05, 0x03, 0x2B, 0x16, 0x71, 0xBB,
+        0x85, 0x1B, 0x6E, 0x84, 0xD3, 0x48, 0x4D, 0x63,
+        0x26, 0x60, 0x97, 0x45, 0xB8, 0xEA, 0x43, 0x96,
+        0x00, 0xFE, 0x0B, 0x85, 0xBD, 0x22, 0x40, 0xA4,
+        0xA7, 0x2F, 0xC1, 0xEB, 0xFD, 0xB5, 0x22, 0xD5,
+        0x1F, 0xB3, 0xEA, 0x7C, 0x6D, 0x20, 0xFB, 0x98,
+        0xA5, 0xF2, 0x84, 0x70, 0xF7, 0xB9, 0x2A, 0x12,
+        0x63, 0x0C, 0x2D, 0x97, 0x6C, 0xC2, 0x76, 0xAC,
+        0x32, 0xE2, 0xB1, 0x3A, 0xB3, 0xAB, 0x9E, 0xBB,
+        0x61, 0xB4, 0x6A, 0x5F, 0x2D, 0x4D, 0xCE, 0x0D,
+        0xFB, 0x97, 0x80, 0x89, 0x4A, 0x81, 0xFB, 0xB2,
+        0x72, 0x37, 0x66, 0xB9, 0x08, 0xBF, 0xCD, 0x9F,
+        0x63, 0xB2, 0xBA, 0x54, 0xF1, 0x9E, 0xEC, 0x11,
+        0x67, 0x26, 0xC7, 0x98, 0xDD, 0xA3, 0xC5, 0x50,
+        0x86, 0x17, 0xD5, 0xCF, 0x51, 0x97, 0x22, 0x65,
+        0x2B, 0x71, 0xF7, 0x34, 0x84, 0x55, 0xC9, 0xD1,
+        0xFE, 0x75, 0x42, 0x0A, 0x5A, 0x31, 0x59, 0xE8,
+        0x8A, 0x0D, 0xE5, 0x77, 0x1C, 0xF5, 0xFD, 0x27,
+        0x05, 0x05, 0xF7, 0x28, 0xDA, 0x54, 0xAB, 0xBD,
+        0xDC, 0x50, 0xB8, 0xDB, 0x2E, 0xB4, 0x28, 0x41,
+        0x30, 0x04, 0x40, 0xD5, 0xF0, 0x12, 0xD7, 0x16,
+        0x3D, 0x8F, 0x41, 0xE7, 0x70, 0x76, 0x82, 0xB9,
+        0xC4, 0xB2, 0x1F, 0x57, 0x10, 0xB6, 0xC4, 0x84,
+        0x0D, 0xB1, 0xB8, 0x21, 0xB2, 0x77, 0x09, 0xF6,
+        0xD5, 0x9C, 0xE4, 0xA2, 0xFA, 0x83, 0x13, 0x56,
+        0x94, 0x3F, 0x37, 0x6D, 0x0D, 0x7C, 0x7E, 0xA0,
+        0xE5, 0xC8, 0xD9, 0x42, 0x0F, 0x35, 0xB1, 0xDC,
+        0xB9, 0x49, 0xD5, 0xED, 0xA8, 0x90, 0x09, 0x14,
+        0xAE, 0x63, 0xB5, 0xEA, 0x62, 0x0D, 0x9E, 0x6D,
+        0x93, 0xBD, 0x3A, 0xEA, 0x24, 0xB5, 0xAC, 0xC9,
+        0xD1, 0x7B, 0xBC, 0xC6, 0xC4, 0xBA, 0x68, 0xB1,
+        0x65, 0xFE, 0xAB, 0x30, 0xD4, 0x92, 0xD9, 0xC1,
+        0x94, 0x84, 0xE1, 0x20, 0x4E, 0x28, 0x7C, 0x3A,
+        0x3E, 0x8B, 0x44, 0x79, 0xC7, 0xB5, 0xA5, 0x95,
+        0xC2, 0xC9, 0xA8, 0x3F, 0x92, 0x67, 0x06, 0x9A,
+        0x12, 0xD3, 0xAE, 0x78, 0x87, 0x0E, 0x31, 0x54,
+        0x26, 0xDF, 0x97, 0xEB, 0x6C, 0xF3, 0xC9, 0x53,
+        0x39, 0xED, 0x50, 0x5A, 0xF9, 0x6A, 0x03, 0x27,
+        0x8E, 0xC6, 0x79, 0x5B, 0xD4, 0xD3, 0x57, 0x97,
+        0xFD, 0xF5, 0xCB, 0x14, 0xDB, 0xBE, 0x39, 0xB9,
+        0x64, 0x8A, 0x75, 0xAA, 0xE3, 0x4A, 0x19, 0x59,
+        0x69, 0x7D, 0xF8, 0x7D, 0x8C, 0xB8, 0x2F, 0x32,
+        0x57, 0xBF, 0x84, 0x9E, 0x45, 0x4E, 0xC4, 0xA0,
+        0x65, 0xA4, 0x0B, 0x73, 0x36, 0xC5, 0xD1, 0x07,
+        0xF8, 0x1C, 0x91, 0x07, 0xB8, 0x0B, 0x4B, 0xE5,
+        0x4F, 0xE6, 0xA1, 0xDF, 0x29, 0x03, 0xE7, 0x68,
+        0xA4, 0x32, 0x8E, 0x21, 0x8F, 0x15, 0x51, 0x57,
+        0x65, 0x16, 0xF0, 0x55, 0x71, 0x8C, 0x28, 0xD8,
+        0x82, 0xDC, 0x8A, 0xC1, 0xE7, 0x5C, 0xF2, 0xD5,
+        0xB8, 0x18, 0x16, 0x9F, 0x63, 0x89, 0x21, 0xF1,
+        0xA6, 0xED, 0x21, 0xDA, 0xC8, 0x0A, 0x10, 0x21,
+        0x18, 0x98, 0xD0, 0xF2, 0x9E, 0xDE, 0x5A, 0xA1,
+        0x51, 0xC9, 0x18, 0x3B, 0x68, 0x79, 0x75, 0xE7,
+        0xF4, 0xF9, 0xBF, 0x5F, 0xBE, 0x61, 0x35, 0xA9,
+        0x02, 0x56, 0x2D, 0x99, 0xD8, 0x95, 0xFA, 0x78,
+        0x8A, 0x67, 0x24, 0x1D, 0xDF, 0x13, 0x14, 0xD0,
+        0xB4, 0xB6, 0x21, 0x11, 0xB7, 0xA4, 0x06, 0x8D,
+        0x1D, 0xF6, 0xD5, 0x50, 0x2A, 0x0A, 0x42, 0x3C,
+        0x7C, 0xF1, 0x1F, 0x15, 0x1C, 0x81, 0x69, 0xDA,
+        0xCC, 0xAC, 0x8F, 0xB9, 0x08, 0x4E, 0xF8, 0x4E,
+        0x3E, 0x77, 0x26, 0x4A, 0x1F, 0x72, 0x89, 0xCA,
+        0x91, 0x77, 0x99, 0xBF, 0x28, 0xD2, 0x31, 0x65,
+        0x30, 0x37, 0x84, 0x66, 0x8A, 0x1C, 0xC6, 0x59,
+        0x7D, 0x48, 0x9B, 0x4D, 0xDC, 0x87, 0x4F, 0xD2,
+        0x04, 0xA0, 0x8B, 0x8B, 0x37, 0x3B, 0x1A, 0xDB,
+        0xCF, 0x63, 0x39, 0x07, 0xF3, 0x37, 0xCF, 0x0E,
+        0x2F, 0xEB, 0xE6, 0x2A, 0xA1, 0x4C, 0xE0, 0x75,
+        0x3F, 0xAB, 0xF7, 0xDE, 0x48, 0x83, 0x79, 0x89,
+        0x30, 0xA7, 0x1B, 0xE8, 0x73, 0x8E, 0x9D, 0x1D,
+        0xF6, 0x5C, 0x91, 0x4F, 0x44, 0x7C, 0x04, 0xA7,
+        0x07, 0xC8, 0xCC, 0x4A, 0x5C, 0x81, 0xAD, 0x48,
+        0x7C, 0xE5, 0x19, 0x5A, 0xC4, 0x29, 0x80, 0x14,
+        0xFA, 0xC2, 0x26, 0x1C, 0x50, 0x28, 0xB9, 0xF6,
+        0x7F, 0x8D, 0x51, 0x9A, 0xDA, 0xBB, 0x8E, 0x90,
+        0xBA, 0x3B, 0xD9, 0x4D, 0x61, 0xBE, 0xFD, 0x33,
+        0xC0, 0xCA, 0x7B, 0x09, 0xFF, 0x36, 0x84, 0x70,
+        0x11, 0xB4, 0xBE, 0x81, 0xFE, 0x71, 0xEE, 0x81,
+        0xD7, 0x61, 0xBB, 0x83, 0xA6, 0xA0, 0xDC, 0x20,
+        0x04, 0x02, 0x4C, 0x1B, 0x4D, 0xED, 0x8A, 0xC1,
+        0x38, 0x70, 0xC3, 0x69, 0xC9, 0x50, 0xC2, 0x17,
+        0x64, 0xAD, 0x9D, 0x44, 0x63, 0x44, 0xE5, 0x32,
+        0x7B, 0x90, 0xE3, 0xEF, 0x45, 0x28, 0xA6, 0x23,
+        0x92, 0xCB, 0xA1, 0xFC, 0xA8, 0xB4, 0x39, 0xF1,
+        0xB1, 0x00, 0x1F, 0x06, 0xD4, 0x91, 0x5D, 0xDB,
+        0xAC, 0x7D, 0x87, 0xD4, 0xEE, 0xCD, 0x4A, 0x06,
+        0x3E, 0xB4, 0x84, 0x65, 0xAA, 0x47, 0x05, 0x41,
+        0x7C, 0x95, 0x47, 0x3A, 0x49, 0x80, 0xC5, 0xAC,
+        0x32, 0x41, 0x6A, 0x3A, 0x2B, 0xB9, 0xD9, 0x21,
+        0x80, 0xC7, 0xC1, 0xD0, 0xC9, 0x95, 0x4B, 0xC3,
+        0xEA, 0x0D, 0x3F, 0x0E, 0xE4, 0x5A, 0xD8, 0xBD,
+        0x11, 0xD0, 0x76, 0x6D, 0x3C, 0xA7, 0x64, 0xD8,
+        0xCA, 0x4C, 0x8F, 0x58, 0x2C, 0xDD, 0x95, 0x1F,
+        0xBB, 0x76, 0x8D, 0x10, 0xFD, 0xAD, 0x45, 0xCE,
+        0x71, 0x6E, 0x27, 0x92, 0xC4, 0xA6, 0x17, 0x46,
+        0x95, 0xDB, 0xD8, 0xEA, 0x9A, 0x5F, 0x0E, 0xE0,
+        0x0A, 0xA2, 0xF5, 0x79, 0xC3, 0x74, 0xA7, 0x70,
+        0x99, 0x3B, 0x23, 0xD7, 0x3E, 0xA4, 0x96, 0xB5,
+        0x54, 0x77, 0x71, 0x8D, 0x78, 0x2E, 0xCC, 0x0A,
+        0x4E, 0xF8, 0xA9, 0x96, 0xEE, 0xB4, 0x4B, 0x5B,
+        0xDC, 0x52, 0x6D, 0xE1, 0x61, 0x36, 0xE1, 0x32,
+        0xD6, 0xA2, 0x7B, 0x2E, 0xCC, 0x78, 0x92, 0xA1,
+        0x81, 0x59, 0xB8, 0xC7, 0x04, 0x11, 0x3D, 0xF0,
+        0xF9, 0xF9, 0x3E, 0x47, 0x3C, 0xEA, 0xD5, 0x30,
+        0x2D, 0xAE, 0xC0, 0x47, 0xC8, 0x61, 0xCC, 0x9C,
+        0x2E, 0xC0, 0x40, 0x16, 0x11, 0x73, 0x13, 0xF3,
+        0x19, 0xAE, 0x72, 0x44, 0x72, 0xC5, 0x59, 0x51,
+        0x2E, 0x9F, 0xE3, 0x07, 0xB0, 0xCA, 0x6B, 0xB0,
+        0x15, 0x20, 0xB4, 0x25, 0x00, 0xED, 0xFD, 0xAC,
+        0xD6, 0x34, 0x8B, 0xCA, 0xE8, 0xC6, 0x3B, 0xFD,
+        0x02, 0x22, 0xE6, 0x91, 0x2B, 0x4B, 0x61, 0xDF,
+        0x63, 0x5C, 0x2B, 0x5F, 0x82, 0x07, 0x23, 0x59,
+        0x82, 0x5E, 0x0E, 0x21, 0xF7, 0x9C, 0x37, 0x1C,
+        0x7E, 0x6F, 0xD4, 0xFA, 0x91, 0x40, 0x8B, 0x98,
+        0x68, 0xBD, 0x60, 0x2F, 0x0A, 0xC8, 0xC8, 0x99,
+        0xA1, 0xC6, 0x10, 0xF1, 0x27, 0x53, 0xD3, 0xFB,
+        0x23, 0x02, 0xE7, 0x8E, 0x95, 0xB1, 0xF0, 0x21,
+        0xCB, 0x90, 0xEE, 0x8D, 0xE0, 0x27, 0x57, 0xDE,
+        0x40, 0xA3, 0xE7, 0x8F, 0x61, 0xC1, 0x8F, 0xC5,
+        0x0C, 0x0F, 0xBA, 0x05, 0xA0, 0x58, 0x8E, 0x86,
+        0x8A, 0xF5, 0x72, 0xE1, 0x34, 0xB4, 0xF6, 0x8E,
+        0x6E, 0xA4, 0x21, 0x75, 0x43, 0x73, 0xE7, 0x32,
+        0x72, 0x80, 0x9B, 0xE7, 0x1D, 0x78, 0x8F, 0x0D,
+        0x06, 0x47, 0x9E, 0x4D, 0xB4, 0xAC, 0x3E, 0x0D,
+        0xB8, 0x11, 0x23, 0xFF, 0xAD, 0xB9, 0x23, 0xE0,
+        0xA4, 0x37, 0xA6, 0x3D, 0xC2, 0x15, 0xF4, 0x64,
+        0x03, 0x1F, 0x0A, 0x68, 0xED, 0x37, 0x37, 0xE8,
+        0x3E, 0x5B, 0x49, 0x78, 0xFC, 0xFC, 0x12, 0x06,
+        0xE8, 0xC7, 0xCD, 0x3A, 0xAF, 0xD4, 0x54, 0xA7,
+        0x04, 0x7B, 0xFC, 0x66, 0xA6, 0xA8, 0x1C, 0x38,
+        0x0C, 0x26, 0x08, 0xE6, 0xEE, 0x47, 0x25, 0x80,
+        0x59, 0xA5, 0x39, 0x81, 0x20, 0xEE, 0x5F, 0x49,
+        0x9A, 0x01, 0x37, 0xE9, 0x96, 0x18, 0xD0, 0x05,
+        0x2D, 0xE3, 0x73, 0xD5, 0x08, 0x3B, 0x18, 0x46,
+        0xFE, 0x9E, 0x67, 0x5B, 0x9E, 0xF8, 0x53, 0x05,
+        0x2F, 0x96, 0x18, 0x9C, 0x09, 0x0D, 0xA6, 0x05,
+        0xB3, 0x9E, 0x2F, 0x0B, 0x5A, 0xF3, 0x93, 0xFF,
+        0x29, 0xF3, 0x4F, 0x62, 0xD5, 0x9A, 0xCE, 0x74,
+        0x64, 0xD0, 0xBC, 0xB3, 0x08, 0xF1, 0xD3, 0x22,
+        0xA5, 0xBE, 0x64, 0x0A, 0xEB, 0xA5, 0xF5, 0x1B,
+        0x7E, 0x0A, 0x44, 0x3B, 0x1D, 0xA9, 0x48, 0x9A,
+        0x2F, 0xED, 0x05, 0x0F, 0x44, 0xB3, 0x6D, 0xAD,
+        0x39, 0x2C, 0xBA, 0x8E, 0x2B, 0xDE, 0x17, 0x38,
+        0xD1, 0x69, 0xEA, 0xAE, 0x4E, 0x97, 0xCD, 0x61,
+        0xBA, 0x75, 0x39, 0xF2, 0x81, 0xBB, 0xA9, 0x0F,
+        0x6F, 0x82, 0xD4, 0xCB, 0xE4, 0x93, 0x82, 0x11,
+        0x72, 0x9A, 0xE9, 0x87, 0xEC, 0xCC, 0x6D, 0xA1,
+        0x7D, 0x47, 0x60, 0x20, 0xB6, 0xEE, 0xC6, 0xAA,
+        0xC0, 0x3C, 0x95, 0x08, 0xA0, 0x8B, 0xFA, 0x04,
+        0xF6, 0x6F, 0x65, 0x48, 0xCA, 0xA7, 0xA3, 0xA8,
+        0xBB, 0x3B, 0x80, 0x91, 0xB6, 0x6D, 0x2F, 0x9D,
+        0x97, 0xBB, 0x52, 0xE6, 0xC4, 0x24, 0x99, 0x97,
+        0x63, 0xAD, 0xD2, 0xFD, 0xB3, 0x94, 0x6D, 0xC1,
+        0xFB, 0xFA, 0x89, 0x45, 0x78, 0x80, 0x3C, 0xAA,
+        0x3F, 0xC0, 0x7E, 0x8D, 0x37, 0x00, 0xA7, 0x70,
+        0xD6, 0x57, 0x2A, 0xD3, 0x17, 0xB1, 0x9E, 0xDF,
+        0x96, 0x98, 0x40, 0xB8, 0x1C, 0xCC, 0xC6, 0xCD,
+        0xCD, 0xB0, 0xF3, 0x23, 0x53, 0xB6, 0x45, 0x78,
+        0xA6, 0xA0, 0x88, 0x61, 0x06, 0x04, 0x8E, 0x1B,
+        0xCD, 0x12, 0x29, 0x50, 0x0F, 0xD2, 0x8C, 0x89,
+        0x51, 0xD1, 0x74, 0x0B, 0xE3, 0xA7, 0x75, 0x8A,
+        0x60, 0x95, 0xEF, 0x6A, 0x98, 0xC7, 0x35, 0xA5,
+        0xC0, 0xFB, 0x4C, 0x88, 0xA1, 0xDA, 0xCE, 0x79,
+        0x3D, 0x4E, 0x4F, 0x91, 0x75, 0x88, 0xE0, 0x5F,
+        0x17, 0xF5, 0xEF, 0xF8, 0x49, 0xFE, 0xB1, 0xDB,
+        0x0D, 0xE8, 0xB2, 0xF7, 0xD4, 0x90, 0xBD, 0xB0,
+        0x6B, 0x3A, 0x1B, 0xB5, 0xC6, 0xFB, 0x93, 0xEF,
+        0xF3, 0xDD, 0x60, 0xEA, 0x67, 0x11, 0xFE, 0x6A,
+        0xCC, 0x2C, 0x64, 0x2A, 0x85, 0x2E, 0x24, 0x39,
+        0x34, 0x6B, 0xBC, 0xF8, 0x89, 0xB3, 0x49, 0x82,
+        0x9C, 0xC0, 0x04, 0x29, 0x6D, 0x25, 0xCB, 0x19,
+        0xE1, 0x53, 0xC6, 0x10, 0x7D, 0x62, 0x07, 0xD2,
+        0x83, 0x8B, 0x89, 0x04, 0x70, 0x06, 0x60, 0x4F,
+        0xB6, 0x10, 0x2B, 0xA0, 0x92, 0xF4, 0x1A, 0x7A,
+        0xD6, 0x4F, 0xDC, 0x6C, 0x6C, 0x27, 0xE5, 0xEC,
+        0x68, 0x1B, 0x95, 0x7C, 0x1C, 0x95, 0x2C, 0xB7,
+        0x0A, 0x8D, 0xC7, 0x57, 0x92, 0x00, 0x4D, 0xC0,
+        0x5F, 0xD4, 0xF4, 0x88, 0x3F, 0x8D, 0x43, 0x12,
+        0x05, 0xE2, 0x14, 0x0E, 0xDD, 0x2C, 0xEC, 0xD5,
+        0x2F, 0x1A, 0xE6, 0x97, 0xDC, 0xFE, 0x96, 0x80,
+        0x67, 0x3B, 0xD4, 0x63, 0x73, 0xFA, 0xC8, 0x4F,
+        0x4C, 0x4F, 0x2D, 0x68, 0x76, 0x44, 0x8E, 0xC2,
+        0x19, 0x99, 0x44, 0xEA, 0xF2, 0x33, 0x23, 0x83,
+        0xC8, 0xB1, 0x7C, 0x27, 0x43, 0x9B, 0x67, 0xF9,
+        0xDE, 0xE1, 0xAE, 0x03, 0xA5, 0xA5, 0x2B, 0x96,
+        0xB2, 0xEC, 0x4A, 0x43, 0xA7, 0x6D, 0xF4, 0xDB,
+        0x32, 0x5B, 0x54, 0xD6, 0x63, 0xEA, 0x65, 0xC2,
+        0xA8, 0x4B, 0x80, 0xCC, 0x65, 0x2D, 0xCE, 0x6F,
+        0x61, 0x2F, 0x58, 0xD1, 0xE5, 0x64, 0x8A, 0x42,
+        0x8D, 0xBA, 0xFA, 0x35, 0x5C, 0x9E, 0xD5, 0x80,
+        0x2D, 0x5C, 0xC3, 0x47, 0xFB, 0x0D, 0x43, 0x20,
+        0x7A, 0xA4, 0x37, 0xB2, 0x2F, 0x0B, 0x43, 0xB9,
+        0x94, 0xD3, 0xD9, 0xC2, 0xD7, 0x02, 0x5D, 0x6A,
+        0x12, 0x99, 0xE7, 0x32, 0x6C, 0xF0, 0x0C, 0x73,
+        0x51, 0x33, 0x84, 0xA9, 0x0C, 0x66, 0xC9, 0x19,
+        0x88, 0x9A, 0xF1, 0xB6, 0xF8, 0x41, 0xB1, 0xDC,
+        0x60, 0xA4, 0x80, 0x73, 0x0B, 0x21, 0xF9, 0xB8,
+        0x01, 0x7E, 0x66, 0x0D, 0xB4, 0x2B, 0x53, 0x8D,
+        0x7D, 0x0B, 0xE1, 0xA3, 0x0C, 0x27, 0xF6, 0x2F,
+        0x27, 0x34, 0x53, 0x75, 0x54, 0xF7, 0x5E, 0x05,
+        0x1C, 0x5A, 0x94, 0x08, 0x14, 0xDE, 0xAA, 0x98,
+        0xD9, 0xA5, 0xA0, 0xBE, 0x80, 0xC1, 0xEB, 0x3C,
+        0xCF, 0x78, 0x88, 0xA4, 0xA2, 0x03, 0xF8, 0x79,
+        0x1F, 0x84, 0x84, 0xA7, 0x0E, 0x95, 0x1A, 0x85,
+        0xEF, 0x4C, 0xBE, 0xA2, 0x99, 0xAB, 0x10, 0xDD,
+        0x85, 0x3F, 0x10, 0x6A, 0x9C, 0xD5, 0xDD, 0x7A,
+        0xFB, 0xF5, 0xD9, 0xD9, 0xAA, 0xDF, 0x03, 0x78,
+        0xAF, 0x1D, 0xEC, 0x18, 0xEB, 0x00, 0xB6, 0x64,
+        0xB5, 0x75, 0xA5, 0x00, 0xDC, 0x36, 0x45, 0xBD,
+        0x0C, 0x66, 0xCE, 0xA9, 0xBB, 0xD1, 0xF7, 0xE4,
+        0x6A, 0xDA, 0x0E, 0x81, 0x0F, 0x6A, 0x71, 0x60,
+        0x5C, 0x41, 0xD2, 0x12, 0x45, 0x14, 0xEF, 0x6F,
+        0xEC, 0x22, 0x73, 0x4C, 0xA7, 0x94, 0xDD, 0x1A,
+        0x42, 0x22, 0x58, 0x14, 0x0C, 0x4E, 0x6D, 0x77,
+        0x7F, 0xF5, 0xC9, 0x69, 0x81, 0xA3, 0xB8, 0x6D,
+        0x1C, 0x39, 0x47, 0xA5, 0xC4, 0x61, 0x1C, 0x91,
+        0x2F, 0x67, 0xC3, 0x5E, 0x87, 0x1A, 0x85, 0x81,
+        0x7D, 0x76, 0xF2, 0xE0, 0xB9, 0xD0, 0x43, 0x33,
+        0xF1, 0xC1, 0xBA, 0x48, 0x6F, 0x48, 0xD5, 0xAE,
+        0xB6, 0xDC, 0xAA, 0xCA, 0xEB, 0x0B, 0x6B, 0xFE,
+        0xF4, 0xF1, 0x6E, 0x5D, 0xE4, 0x90, 0x53, 0xCF,
+        0x9E, 0x13, 0x80, 0xCE, 0xE5, 0xDD, 0xA4, 0x01,
+        0xBC, 0x16, 0x50, 0xD0, 0x78, 0x96, 0x3F, 0x2B,
+        0x7A, 0x71, 0x8E, 0x86, 0xFD, 0x14, 0x21, 0xDF,
+        0x4D, 0xD7, 0xDD, 0x42, 0x59, 0xB3, 0xED, 0x81,
+        0xE3, 0xAF, 0x71, 0x57, 0xE7, 0x04, 0xD2, 0x26,
+        0xA8, 0x83, 0xFC, 0x03, 0x90, 0x8C, 0x88, 0xC4,
+        0xBF, 0x74, 0x54, 0x59, 0xD8, 0x66, 0x9F, 0xE2,
+        0x7A, 0xCE, 0x5B, 0x9C, 0xC4, 0x37, 0xFA, 0xDB,
+        0x40, 0x9A, 0xDD, 0x73, 0x9C, 0x06, 0x5A, 0x21,
+        0x43, 0xFB, 0xFA, 0x1B, 0x41, 0x31, 0x9F, 0xF4,
+        0x24, 0x09, 0x05, 0xFE, 0x56, 0x17, 0x52, 0x9C,
+        0xC7, 0xE2, 0xCA, 0xC9, 0x1F, 0xBE, 0xE2, 0xEB,
+        0x92, 0xEE, 0xD4, 0x76, 0x44, 0x9A, 0xFA, 0xFB,
+        0x07, 0x62, 0x98, 0xEC, 0xA0, 0xCF, 0xBF, 0xFA,
+        0x5E, 0x1B, 0x8B, 0xCD, 0x33, 0xFB, 0x1A, 0x97,
+        0xFE, 0x50, 0x65, 0x22, 0x08, 0x9E, 0xC3, 0x87,
+        0x88, 0xCA, 0xDD, 0x11, 0x5E, 0xA7, 0xCF, 0xF3,
+        0x07, 0x0A, 0x34, 0x0E, 0x30, 0x1B, 0xC5, 0xCE,
+        0xF7, 0xA6, 0xA4, 0x31, 0xB5, 0x40, 0xB8, 0x81,
+        0xAC, 0xAA, 0x07, 0xE0, 0x7D, 0x5E, 0x6A, 0x25,
+        0x85, 0x8D, 0x1D, 0x82, 0x45, 0x82, 0x76, 0xB2,
+        0x65, 0x69, 0x3E, 0x88, 0xFE, 0x21, 0xFE, 0x6A,
+        0x6B, 0x97, 0xD6, 0x70, 0x70, 0x00, 0x83, 0x18,
+        0x39, 0xA6, 0x91, 0x3F, 0xB1, 0xB7, 0xED, 0x11,
+        0xD3, 0xF9, 0x74, 0x31, 0xEC, 0x21, 0xA2, 0xEE,
+        0x69, 0x04, 0xC0, 0xEA, 0x4A, 0x17, 0x1A, 0xF8,
+        0xDA, 0xF1, 0x52, 0xB2, 0x78, 0x69, 0x4F, 0xDF,
+        0xE6, 0xB9, 0xF3, 0xE7, 0x48, 0x8B, 0x09, 0x5F,
+        0x4A, 0x7A, 0x05, 0x8E, 0xA8, 0xF6, 0x69, 0x3D,
+        0x91, 0x7A, 0x6F, 0x6C, 0xAD, 0x03, 0x16, 0xEA,
+        0xE0, 0x04, 0xFE, 0x54, 0x71, 0x50, 0x6D, 0x31,
+        0xE4, 0x37, 0x76, 0xD6, 0x1B, 0xA9, 0xEE, 0x56,
+        0x7A, 0x39, 0x34, 0x24, 0x00, 0x58, 0xE3, 0x2F,
+        0xD4, 0x97, 0x57, 0x6F, 0xD8, 0x0E, 0x8B, 0xD3,
+        0x88, 0x7F, 0xE8, 0x74, 0x72, 0xF7, 0xBA, 0x26,
+        0x25, 0xE4, 0xD5, 0x86, 0xCD, 0xA8, 0x1E, 0x8D,
+        0x49, 0xCF, 0x04, 0x92, 0x5B, 0x50, 0xD0, 0x73,
+        0x3C, 0xC9, 0x17, 0xC3, 0x0E, 0x67, 0x02, 0xC5,
+        0xDE, 0x48, 0x88, 0x0D, 0x2C, 0x0D, 0x68, 0x04,
+        0xD5, 0x51, 0xDF, 0x4F, 0x23, 0x89, 0x7A, 0x29,
+        0x41, 0xB2, 0x7A, 0xCA, 0x86, 0xA5, 0xCC, 0xC4,
+        0xF5, 0xD3, 0xE1, 0xEF, 0xB8, 0xCD, 0x84, 0xB5,
+        0x6D, 0xB6, 0x51, 0x1B, 0x81, 0x26, 0x97, 0xAC,
+        0x00, 0xFC, 0x76, 0x8D, 0x99, 0xD9, 0x35, 0x8E,
+        0x4D, 0x3E, 0xC0, 0xC1, 0x0E, 0x8D, 0x9B, 0xE5,
+        0x79, 0xF3, 0xC7, 0xA0, 0xA4, 0xA6, 0xA2, 0xE9,
+        0x8B, 0xCD, 0x36, 0x79, 0x76, 0xF1, 0x6A, 0xEE,
+        0xCF, 0x91, 0x8D, 0x91, 0xB1, 0xAF, 0xF2, 0xF5,
+        0x43, 0xF6, 0xB2, 0x3A, 0x39, 0x9F, 0xBF, 0xDE,
+        0x16, 0x03, 0x52, 0x18, 0x62, 0x93, 0xB5, 0x09,
+        0xC4, 0xEE, 0x27, 0x9C, 0x56, 0x6F, 0x0C, 0x1C,
+        0x12, 0x42, 0xF0, 0x34, 0xBD, 0x44, 0x52, 0x4C,
+        0x32, 0x7E, 0x64, 0xDF, 0x78, 0x16, 0xD9, 0x9E,
+        0xD7, 0x8A, 0x11, 0x33, 0x65, 0x42, 0xEC, 0x36,
+        0x07, 0xEE, 0x3F, 0x19, 0x97, 0x9B, 0x92, 0x9D,
+        0x3A, 0xE4, 0x98, 0x83, 0xDB, 0x0C, 0x85, 0x39,
+        0xFA, 0x8D, 0x73, 0xF5, 0xBF, 0xE0, 0x75, 0x40,
+        0x50, 0x9B, 0xF2, 0xE6, 0xB6, 0xA5, 0x33, 0xD0,
+        0xC4, 0xD6, 0xAB, 0xFF, 0x16, 0xDE, 0x30, 0x9C,
+        0x68, 0x90, 0xE0, 0x5E, 0xD3, 0xD5, 0xA9, 0xB0,
+        0xD9, 0x6B, 0x0A, 0x43, 0x45, 0x9A, 0x3D, 0xE8,
+        0xB6, 0x66, 0xE4, 0x57, 0x05, 0x8E, 0x5B, 0x72,
+        0xFE, 0x50, 0x44, 0x8C, 0xE4, 0x68, 0x43, 0x51,
+        0x0D, 0x9A, 0xD3, 0x36, 0xA9, 0xC7, 0xF6, 0xCF,
+        0x6D, 0x2C, 0x95, 0x46, 0x98, 0x6D, 0x9E, 0x78,
+        0x90, 0x87, 0x19, 0x64, 0xD5, 0xDE, 0x1D, 0x9B,
+        0x37, 0x4E, 0x52, 0xF5, 0x14, 0xAA, 0xEE, 0x31,
+        0x83, 0x55, 0x7C, 0x38, 0x0F, 0xB3, 0xF6, 0xF2,
+        0x1C, 0x60, 0x71, 0x68, 0x1F, 0x06, 0xBD, 0x99,
+        0xFD, 0x42, 0x12, 0x54, 0x3E, 0xBA, 0x4B, 0x60,
+        0xFB, 0xFB, 0x51, 0x4D, 0x02, 0xCE, 0xE5, 0x9E,
+        0x59, 0xB2, 0xE6, 0x98, 0x67, 0xBB, 0xAB, 0xC8,
+        0x08, 0xE4, 0x08, 0x0D, 0xF5, 0x3B, 0x47, 0x78,
+        0x39, 0x24, 0x56, 0x80, 0xF0, 0x6A, 0x1D, 0x33,
+        0x05, 0x5F, 0xF2, 0xA2, 0x38, 0xAD, 0xDF, 0x5C,
+        0xC5, 0xEA, 0x9C, 0xC7, 0x0A, 0x1B, 0x5B, 0x43,
+        0xE9, 0x59, 0x3D, 0x68, 0x00, 0x23, 0x32, 0x5D,
+        0x25, 0xFD, 0xA7, 0xCA, 0xDA, 0xA1, 0xFD, 0x22,
+        0x4E, 0x34, 0x96, 0xE7, 0x0D, 0xFF, 0x89, 0x3B,
+        0xA6, 0x56, 0x0D, 0x11, 0x13, 0xA6, 0x9D, 0x3B,
+        0xBC, 0x12, 0x97, 0x9A, 0x2B, 0xAA, 0xE9, 0xE2,
+        0xCF, 0xD2, 0xD3, 0xEF, 0x95, 0xFC, 0x40, 0x80,
+        0x94, 0x48, 0x80, 0x5A, 0x3F, 0x4A, 0xD2, 0xB5,
+        0x7D, 0x61, 0xA2, 0x26, 0x7B, 0xDC, 0x32, 0xCB,
+        0x84, 0x2E, 0x9B, 0x29, 0x63, 0x45, 0x74, 0x0D,
+        0x85, 0x54, 0xB2, 0x16, 0x77, 0x9B, 0x47, 0x51,
+        0x63, 0x33, 0xE9, 0x1A, 0x52, 0x9D, 0xEB, 0x26,
+        0x06, 0x7F, 0x97, 0xA0, 0xA1, 0xAA, 0x07, 0x0F,
+        0x1E, 0x23, 0xAB, 0xCC, 0xD5, 0x0F, 0x3E, 0x88,
+        0xAA, 0xC3, 0xED, 0x06, 0x25, 0x3A, 0x4A, 0x62,
+        0x85, 0x9F, 0xA7, 0xD3, 0xF5, 0x1C, 0x9A, 0xCC,
+        0x52, 0x87, 0x9F, 0xB8, 0xC7, 0xDD, 0xF1, 0x50,
+        0x66, 0x70, 0xAC, 0xC6, 0x2C, 0x2E, 0x8C, 0xC9,
+        0xD9, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x06, 0x0D, 0x13, 0x1D, 0x20,
+        0x27, 0x2C, 0x32
+    };
+#endif
+    byte sig[DILITHIUM_MAX_SIG_SIZE];
+    word32 sigLen;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_44, (word32)sizeof(sk_44), key),
+        0);
+    sigLen = PARAMS_ML_DSA_44_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_44, (word32)sizeof(msg_44),
+        sig, &sigLen, key, rnd_44), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_44_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_44, sizeof(sig_44)), 0);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_65, (word32)sizeof(sk_65), key),
+        0);
+    sigLen = PARAMS_ML_DSA_65_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_65, (word32)sizeof(msg_65),
+        sig, &sigLen, key, rnd_65), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_65_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_65, sizeof(sig_65)), 0);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_87, (word32)sizeof(sk_87), key),
+        0);
+    sigLen = PARAMS_ML_DSA_87_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_87, (word32)sizeof(msg_87),
+        sig, &sigLen, key, rnd_87), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_87_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_87, sizeof(sig_87)), 0);
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_dilithium_verify_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    dilithium_key* key;
+    int res;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte pk_44[] = {
+        0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37,
+        0x9C, 0xC5, 0x9B, 0x61, 0x62, 0xC1, 0xE8, 0xBF,
+        0x05, 0x60, 0xBF, 0x44, 0xD6, 0x18, 0x09, 0x17,
+        0x0E, 0x6E, 0x28, 0xF7, 0x06, 0x69, 0xA3, 0xE9,
+        0x49, 0x64, 0x38, 0xE8, 0x91, 0x57, 0x35, 0xAD,
+        0xAE, 0xB4, 0x45, 0xCF, 0xDB, 0x7D, 0x89, 0xB3,
+        0x8C, 0x04, 0x8F, 0x4C, 0x3E, 0x00, 0x58, 0x15,
+        0x14, 0xC5, 0xFD, 0x19, 0x8B, 0x2D, 0x17, 0x39,
+        0xE8, 0x83, 0xB8, 0x78, 0xD5, 0x6B, 0xB4, 0x12,
+        0x64, 0xBE, 0x41, 0xD3, 0xD5, 0x15, 0x65, 0xE2,
+        0xE9, 0xCA, 0xE3, 0x31, 0x84, 0xA8, 0x99, 0xF6,
+        0x2D, 0xD5, 0x7D, 0x07, 0x40, 0x0E, 0x98, 0xE5,
+        0x86, 0x87, 0xA9, 0xB2, 0x2F, 0xA3, 0x17, 0xEE,
+        0xD1, 0x34, 0xCA, 0x72, 0x14, 0xBF, 0xF0, 0x21,
+        0xDD, 0x21, 0x62, 0xB1, 0x83, 0x09, 0x1D, 0x15,
+        0xF2, 0x63, 0xB7, 0x29, 0x82, 0x14, 0x42, 0x3C,
+        0x6B, 0xB6, 0x96, 0xD7, 0x5C, 0x20, 0xD9, 0xEA,
+        0xCD, 0x0A, 0x03, 0xE4, 0x26, 0x2C, 0x4B, 0x08,
+        0xBE, 0x39, 0xFA, 0x21, 0x54, 0xBD, 0x6E, 0x50,
+        0x25, 0xFF, 0x79, 0x1E, 0x88, 0x5F, 0x22, 0x26,
+        0xE3, 0xCF, 0x48, 0xF7, 0xB5, 0xEB, 0x04, 0xFB,
+        0xE9, 0xEC, 0xF7, 0x5B, 0x19, 0xE1, 0xD1, 0x5C,
+        0x30, 0x5E, 0x92, 0x26, 0x0A, 0xB0, 0xD6, 0xAE,
+        0x7D, 0xBA, 0x7B, 0xBE, 0x73, 0xB6, 0xBC, 0x18,
+        0x1C, 0xF9, 0x33, 0x84, 0x0C, 0xC1, 0x0A, 0x00,
+        0x05, 0x02, 0x28, 0xFA, 0x46, 0xA2, 0x63, 0x6D,
+        0xD9, 0xA9, 0x09, 0x47, 0xE9, 0xF1, 0x3A, 0x93,
+        0xEF, 0x4C, 0x62, 0xBE, 0x37, 0x4D, 0x76, 0xD1,
+        0xFD, 0xBB, 0xC5, 0xD8, 0xB5, 0x5E, 0x72, 0x9F,
+        0xA5, 0x86, 0x65, 0xAA, 0x07, 0xB9, 0x0C, 0x8C,
+        0xDD, 0xD6, 0x1C, 0x56, 0x6B, 0x0D, 0x7E, 0xD6,
+        0x57, 0x70, 0x49, 0x2E, 0xA0, 0x71, 0x3E, 0x1E,
+        0xD4, 0x6A, 0xC7, 0xAD, 0x15, 0x03, 0xC5, 0x6D,
+        0x90, 0x52, 0xD2, 0xC9, 0x4D, 0x49, 0xE4, 0x41,
+        0x6A, 0xC9, 0x2B, 0x70, 0x39, 0x6F, 0x76, 0xF6,
+        0xFB, 0x48, 0x10, 0x45, 0x68, 0x17, 0x25, 0xA6,
+        0x8C, 0xB3, 0x56, 0x37, 0x7F, 0xB2, 0x31, 0xAB,
+        0x8F, 0x3E, 0xB9, 0xA4, 0x98, 0x2F, 0xFF, 0x18,
+        0x36, 0x47, 0x3B, 0xCB, 0xDA, 0xB6, 0x87, 0x2D,
+        0x22, 0x94, 0x67, 0xEF, 0xB9, 0x36, 0x62, 0x61,
+        0xFE, 0xB1, 0x48, 0xBA, 0x9B, 0x7D, 0xB9, 0xC4,
+        0xFE, 0x0B, 0xB8, 0x86, 0x12, 0xAB, 0xB8, 0xFD,
+        0x61, 0x09, 0x6F, 0x18, 0x19, 0x60, 0x4D, 0x55,
+        0xDF, 0x60, 0x20, 0x46, 0x4D, 0x3F, 0x09, 0x2C,
+        0xFC, 0xA5, 0x98, 0x12, 0x08, 0x22, 0x18, 0x56,
+        0x68, 0x99, 0xA5, 0x6A, 0x3C, 0x63, 0x3C, 0xC8,
+        0x1F, 0x88, 0xAD, 0xB2, 0xE1, 0x41, 0x4E, 0xF3,
+        0x85, 0x0D, 0x10, 0xBF, 0x5A, 0x77, 0xAC, 0xE7,
+        0x24, 0xD6, 0xC1, 0xF3, 0x88, 0x92, 0x87, 0x44,
+        0xB3, 0xE5, 0x42, 0xAE, 0x49, 0x1C, 0xD5, 0x6A,
+        0x64, 0x21, 0x3F, 0x1D, 0x3C, 0xC9, 0x0B, 0x29,
+        0x10, 0x5F, 0x43, 0xD2, 0x37, 0xC8, 0x3D, 0x5F,
+        0xB8, 0x29, 0x32, 0x5C, 0x83, 0xE6, 0x54, 0x57,
+        0x77, 0x76, 0x39, 0x2F, 0x85, 0x36, 0xAA, 0x9D,
+        0xAE, 0x87, 0x24, 0x07, 0xAB, 0xAA, 0xA9, 0xAC,
+        0xC2, 0x2A, 0x68, 0x12, 0xCE, 0xA7, 0x4C, 0x0B,
+        0xA6, 0x7E, 0xAF, 0x4A, 0x41, 0x01, 0x52, 0x97,
+        0x5E, 0x9A, 0x83, 0xEE, 0x44, 0x69, 0x29, 0x53,
+        0x17, 0xBE, 0xD1, 0x05, 0x51, 0xBA, 0x32, 0xE6,
+        0x5A, 0xFC, 0x8C, 0x8E, 0x68, 0xDD, 0x55, 0x42,
+        0x0C, 0x50, 0x2D, 0x93, 0x7D, 0xAD, 0xD2, 0xEF,
+        0xA2, 0xCB, 0xFD, 0x1F, 0x73, 0x9F, 0xC0, 0xAB,
+        0x2B, 0x26, 0x54, 0xFA, 0xE0, 0x8C, 0x0C, 0x7F,
+        0x8E, 0xDD, 0x43, 0xCF, 0x9F, 0xF0, 0xB0, 0x1D,
+        0x98, 0x4D, 0x49, 0x18, 0x52, 0xA3, 0x72, 0xE9,
+        0xFE, 0xFD, 0xCC, 0x1B, 0xC1, 0x6C, 0xDB, 0x52,
+        0x39, 0xAE, 0x10, 0x01, 0x15, 0x5F, 0x89, 0x56,
+        0x30, 0x51, 0xCE, 0x47, 0x99, 0x6C, 0x5A, 0xEE,
+        0xB2, 0x19, 0x0E, 0xA1, 0x8F, 0x7F, 0x73, 0x40,
+        0x42, 0xDE, 0x68, 0xE9, 0x88, 0x36, 0x7D, 0x89,
+        0x35, 0x5D, 0x9D, 0x83, 0x77, 0xBA, 0xF9, 0x64,
+        0x79, 0x78, 0xEB, 0x2E, 0x49, 0x2A, 0xD0, 0x21,
+        0xC5, 0x69, 0xAE, 0x8B, 0xA6, 0x9B, 0x15, 0xF1,
+        0xFC, 0xF7, 0x03, 0x9A, 0x7E, 0x64, 0xAF, 0x10,
+        0xAB, 0xF3, 0xEA, 0x45, 0xB7, 0x22, 0x2F, 0x96,
+        0x59, 0xE3, 0x33, 0x73, 0x37, 0x2E, 0x1D, 0xB1,
+        0x86, 0xD2, 0xC2, 0xA0, 0xD7, 0x54, 0x51, 0xC4,
+        0x78, 0xAE, 0xF3, 0x3E, 0x59, 0x49, 0xF2, 0x40,
+        0x04, 0x0C, 0x2A, 0xFC, 0x44, 0xB1, 0xD3, 0xA0,
+        0x2A, 0x6D, 0x2F, 0x87, 0x90, 0x2A, 0x28, 0x0E,
+        0x27, 0xA2, 0x0D, 0x4E, 0x57, 0xF8, 0x89, 0x66,
+        0x27, 0x00, 0xDB, 0x8A, 0x9D, 0x24, 0x99, 0x57,
+        0xA7, 0xDB, 0x43, 0x7C, 0xD4, 0x80, 0xDD, 0xC0,
+        0x58, 0x84, 0xFB, 0x23, 0xF8, 0x68, 0x26, 0x8E,
+        0xAC, 0xE3, 0x4E, 0xED, 0x27, 0x4A, 0x92, 0x7D,
+        0x9D, 0x84, 0xF1, 0xEA, 0x57, 0xEA, 0xB1, 0xA8,
+        0x13, 0xB5, 0xE6, 0xAA, 0xBE, 0x9E, 0xD2, 0x61,
+        0x0B, 0xC6, 0xF7, 0x2E, 0x32, 0x0C, 0xDE, 0xC4,
+        0xF9, 0x95, 0x23, 0xF9, 0x3F, 0xA4, 0x48, 0xDC,
+        0x1F, 0xBB, 0xDD, 0x25, 0x9B, 0x10, 0x2F, 0x5D,
+        0xC9, 0x95, 0x5A, 0xFA, 0x0C, 0x41, 0x60, 0x4D,
+        0x83, 0xDD, 0x1C, 0x2D, 0x22, 0x95, 0xEF, 0x44,
+        0x61, 0x45, 0x6B, 0xAE, 0x86, 0x90, 0x5C, 0x4C,
+        0x30, 0xD8, 0xA9, 0xFA, 0x48, 0xC9, 0x0F, 0x37,
+        0xA1, 0x9C, 0x41, 0xA2, 0xD5, 0x98, 0x8F, 0x13,
+        0xD5, 0x13, 0x44, 0xEC, 0x30, 0xA4, 0xA4, 0x62,
+        0x19, 0xFE, 0x84, 0x11, 0x37, 0xD5, 0xAA, 0x1F,
+        0x51, 0xE6, 0xC4, 0x44, 0x16, 0x8A, 0xF3, 0x98,
+        0x90, 0xB6, 0xFA, 0x40, 0x0D, 0x67, 0xF4, 0x80,
+        0x6F, 0x5B, 0xBD, 0x44, 0x47, 0x03, 0x07, 0x4A,
+        0x7A, 0x11, 0x39, 0xC7, 0x17, 0x46, 0xD7, 0xC4,
+        0xCE, 0xB3, 0xC9, 0x11, 0xF5, 0x25, 0x7E, 0x3E,
+        0x53, 0xEB, 0xFA, 0x5A, 0xA8, 0xF2, 0x27, 0x80,
+        0x9D, 0x44, 0xEE, 0x7D, 0xE1, 0x3C, 0x02, 0x79,
+        0x24, 0xDD, 0x60, 0x15, 0x3B, 0x30, 0xAA, 0x76,
+        0xDD, 0x96, 0xA7, 0xC5, 0xAC, 0xC5, 0x9B, 0x62,
+        0x79, 0x19, 0x50, 0x7B, 0xF1, 0x42, 0x57, 0xAE,
+        0x7A, 0x26, 0x24, 0x3C, 0x16, 0x83, 0xB2, 0x8D,
+        0x1B, 0x14, 0xB5, 0x01, 0xAD, 0x05, 0x9B, 0x4D,
+        0x52, 0x2A, 0x57, 0x99, 0x1E, 0x55, 0x39, 0xCE,
+        0xF1, 0x8C, 0xEB, 0x5C, 0x26, 0xD6, 0x60, 0xB8,
+        0x82, 0x24, 0x54, 0xC9, 0xC4, 0x2A, 0x95, 0xE6,
+        0xF7, 0x2B, 0x84, 0xF7, 0x8A, 0xB9, 0x9F, 0x51,
+        0xEC, 0x49, 0x78, 0x9F, 0x9D, 0xB4, 0xC1, 0x28,
+        0xB0, 0x31, 0x8F, 0xFF, 0xC8, 0x2D, 0x95, 0xCA,
+        0xD2, 0x77, 0xF1, 0x1E, 0x14, 0xF1, 0xEF, 0x87,
+        0x14, 0x14, 0x88, 0x11, 0x22, 0xA9, 0xB1, 0x1B,
+        0xDF, 0xAE, 0x4A, 0x7A, 0xBC, 0x8E, 0x75, 0x75,
+        0x5A, 0xB1, 0x37, 0x41, 0xDF, 0xAC, 0xD6, 0x64,
+        0x29, 0x3D, 0x1A, 0x32, 0x6B, 0xF5, 0xED, 0x5A,
+        0xBB, 0xB1, 0x53, 0xEB, 0xE6, 0x99, 0x6D, 0xD6,
+        0x22, 0xF0, 0xA8, 0xCB, 0x47, 0x39, 0x69, 0xA5,
+        0x03, 0x66, 0xBD, 0x0B, 0x01, 0xC5, 0xC7, 0x3A,
+        0x89, 0x2B, 0x8E, 0x26, 0xCE, 0x08, 0xF7, 0x5F,
+        0xF8, 0x01, 0xB6, 0xDE, 0xF0, 0x41, 0xE1, 0x71,
+        0x3B, 0xE6, 0xDF, 0x0E, 0xFB, 0x51, 0x58, 0x7B,
+        0xE5, 0xFB, 0xEA, 0x72, 0x7E, 0x00, 0xD7, 0x17,
+        0x64, 0x7D, 0xD5, 0x39, 0x07, 0x9D, 0xE1, 0x8A,
+        0xE7, 0xBE, 0xD1, 0x2B, 0x91, 0xAF, 0x8D, 0xBB,
+        0x1B, 0x8B, 0x32, 0xD2, 0x86, 0x0B, 0xAF, 0x40,
+        0xAF, 0x8A, 0x0B, 0xBF, 0xE0, 0x28, 0x87, 0xEB,
+        0x5D, 0xBE, 0x7A, 0xB1, 0xAF, 0xC4, 0x1D, 0xA7,
+        0x9B, 0x01, 0x6A, 0xA1, 0x6E, 0xDA, 0x28, 0x13,
+        0x21, 0xCA, 0xA5, 0xDA, 0x64, 0x4F, 0xD8, 0x65,
+        0x8A, 0x7B, 0x70, 0x21, 0x81, 0x00, 0x14, 0x31,
+        0x56, 0x0D, 0xD6, 0x3C, 0xB2, 0x1E, 0x5F, 0xF7,
+        0x5C, 0x3F, 0x72, 0x50, 0x45, 0x6B, 0xE0, 0x8C,
+        0x0D, 0x5E, 0x34, 0xC3, 0xBD, 0xE2, 0xF6, 0x06,
+        0xA2, 0xBF, 0x34, 0x17, 0x76, 0x8D, 0x24, 0xB2,
+        0x37, 0x39, 0xEA, 0x86, 0xCB, 0xEF, 0xDD, 0xA3,
+        0x43, 0x88, 0xBC, 0x1F, 0x91, 0x8F, 0x95, 0x1E,
+        0x15, 0xE4, 0x3B, 0x13, 0x85, 0xA7, 0xBC, 0xC5,
+        0x59, 0xF9, 0x49, 0x2C, 0x72, 0x13, 0xA1, 0x42,
+        0x27, 0xE0, 0x93, 0xE9, 0x29, 0xF3, 0x2D, 0x1E,
+        0xFB, 0xE7, 0xF1, 0xEE, 0x57, 0xC4, 0x9C, 0x90,
+        0x55, 0x62, 0x3E, 0xA4, 0x2E, 0xC6, 0xC7, 0x9D,
+        0x7F, 0xCE, 0x71, 0xFA, 0x74, 0x76, 0x07, 0x56,
+        0x6D, 0xDA, 0x69, 0xF6, 0x9D, 0xAF, 0x68, 0x11,
+        0x59, 0x19, 0xC6, 0x32, 0x2E, 0xBB, 0x42, 0xC8,
+        0xC0, 0x89, 0x33, 0x8C, 0x9E, 0x0C, 0x53, 0x56,
+        0x5B, 0xCB, 0xE7, 0x2F, 0xBE, 0x47, 0x26, 0x68,
+        0x7B, 0x07, 0x87, 0x07, 0x18, 0x06, 0xC5, 0xA6,
+        0xC1, 0x49, 0xC8, 0x2B, 0x66, 0x8A, 0xA6, 0x4A,
+        0x7B, 0xA0, 0xCC, 0xC1, 0xCC, 0x49, 0xA1, 0xEE,
+        0xE9, 0x45, 0x3D, 0x04, 0x33, 0x6E, 0x5D, 0xC8,
+        0x11, 0xE0, 0x38, 0x92, 0xF7, 0xF4, 0x66, 0x88,
+        0xEC, 0xEF, 0xD0, 0x4F, 0x18, 0x76, 0xF7, 0x11,
+        0x17, 0x12, 0xB5, 0x95, 0xED, 0x62, 0xDA, 0x00,
+        0x67, 0x8F, 0x9E, 0x37, 0x86, 0xB5, 0xC1, 0xA5,
+        0x09, 0x5B, 0xE8, 0x71, 0x0D, 0xCF, 0xA4, 0x16,
+        0x52, 0x56, 0x50, 0x9E, 0x00, 0x14, 0x3A, 0x6F,
+        0x11, 0x72, 0xFA, 0xBE, 0x8B, 0xF2, 0x1E, 0x5F,
+        0xCE, 0x7C, 0x79, 0xC1, 0xA4, 0x4B, 0x4B, 0x15,
+        0x25, 0xA0, 0x76, 0xFF, 0xB8, 0xDD, 0x90, 0x66
+    };
+    static const byte msg_44[] = {
+        0x3A, 0xFD, 0x7F, 0xF8, 0xCA, 0xD3, 0xAC, 0xBD,
+        0xF9, 0x77, 0x31, 0x26, 0x1C, 0x7A, 0x1C, 0x96,
+        0x9D, 0x50, 0x16, 0xF1, 0x7D, 0x3E, 0x7F, 0x83,
+        0xD2, 0x44, 0x1A, 0xF9, 0x01, 0x4B, 0x63, 0x47,
+        0x7B, 0x14, 0xA6, 0x41, 0x31, 0x50, 0xFA, 0xD7,
+        0xC8, 0x44, 0x39, 0xBC, 0x88, 0x66, 0x2C, 0x5E,
+        0x93, 0x1F, 0x06, 0xB9, 0x51, 0x41, 0x90, 0xE1,
+        0x3F, 0xB0, 0x49, 0xC4, 0xAB, 0x74, 0x01, 0x32,
+        0x33, 0xB9, 0x8D, 0x48, 0xD9, 0xAF, 0xB6, 0xA3,
+        0x0A, 0x67, 0x33, 0x0E, 0x1F, 0xBE, 0x33, 0x1B,
+        0x09, 0xC5, 0x6D, 0x03, 0x7E, 0x97, 0x01, 0x08,
+        0x5D, 0x80, 0xF1, 0xE7, 0xF4, 0x04, 0x3E, 0xFB,
+        0x53, 0x58, 0x7A, 0xBB, 0x82, 0x36, 0x24, 0x01,
+        0x23, 0x84, 0x51, 0x52, 0x49, 0xEE, 0x61, 0x30,
+        0x97, 0x3D, 0xC9, 0xEA, 0x6F, 0x55, 0x8B, 0xAE,
+        0x75, 0x10, 0x7E, 0xFD, 0xB1, 0xD9, 0x28, 0x5B
+    };
+    static const byte sig_44[] = {
+        0x4A, 0x2B, 0x16, 0xCD, 0xB5, 0x52, 0xF9, 0x29,
+        0x7F, 0x8E, 0x39, 0x1A, 0xD8, 0xF5, 0xAD, 0xC8,
+        0xCC, 0x5D, 0x2C, 0x56, 0xC4, 0x6B, 0x80, 0x0F,
+        0x9B, 0x3E, 0xE4, 0xBB, 0xD2, 0xF2, 0xE8, 0xA8,
+        0x9D, 0x59, 0x9D, 0x7B, 0x5C, 0xC2, 0xD8, 0x8C,
+        0x80, 0xF2, 0x71, 0x85, 0x9B, 0xBC, 0x83, 0x04,
+        0x3E, 0xC4, 0xE5, 0x48, 0x12, 0xF5, 0x93, 0x6B,
+        0x44, 0x6C, 0x95, 0x13, 0xC8, 0x55, 0x28, 0x9C,
+        0x94, 0xB1, 0x15, 0x51, 0xA0, 0xC7, 0x65, 0x3E,
+        0x7B, 0xA7, 0x4F, 0xFB, 0x6F, 0x72, 0xD4, 0x65,
+        0x2C, 0x91, 0xD3, 0x8D, 0xD1, 0xF9, 0x0D, 0xFE,
+        0x44, 0x39, 0xBC, 0x21, 0xCA, 0x53, 0xE0, 0xCC,
+        0x7A, 0x7A, 0xA5, 0xB8, 0x75, 0xA5, 0xB9, 0xBA,
+        0x42, 0x36, 0x6E, 0xB8, 0xEC, 0xBA, 0x24, 0x36,
+        0xDA, 0xF0, 0x8A, 0x91, 0x97, 0x8D, 0xD0, 0x93,
+        0xF2, 0x0F, 0x1E, 0xFB, 0x6B, 0x0B, 0xCB, 0x90,
+        0xDA, 0x99, 0xCC, 0xA0, 0x5E, 0x8F, 0x6F, 0x82,
+        0xB8, 0x6D, 0x3C, 0x6E, 0xE2, 0x4B, 0xA5, 0xD5,
+        0x0A, 0xEA, 0x10, 0xB2, 0x30, 0x7F, 0x57, 0xF8,
+        0x9E, 0xD7, 0x8D, 0xB4, 0xA7, 0x4F, 0xBB, 0xF6,
+        0xEB, 0x33, 0x2A, 0xFB, 0x08, 0xD0, 0x74, 0xAC,
+        0xF0, 0xDE, 0x5C, 0xD7, 0xFE, 0xC1, 0x2F, 0x76,
+        0xF3, 0xAB, 0x61, 0x9C, 0x81, 0x5B, 0x9E, 0xDD,
+        0x28, 0x7E, 0xAD, 0x67, 0xF0, 0x4F, 0x14, 0x79,
+        0x7F, 0x8D, 0xCF, 0x2C, 0xDE, 0x9A, 0x87, 0x53,
+        0xB5, 0xAD, 0x0A, 0xFA, 0x12, 0x87, 0x41, 0x97,
+        0xD1, 0x74, 0x40, 0x92, 0x87, 0x25, 0x21, 0xE8,
+        0x68, 0xAF, 0x9E, 0x64, 0x45, 0x23, 0x73, 0xFE,
+        0xB6, 0xFE, 0x25, 0xD5, 0x27, 0x3D, 0x63, 0xC0,
+        0xEB, 0xD6, 0xD3, 0xB1, 0x02, 0x8C, 0x1C, 0xD0,
+        0x6A, 0xF3, 0x2C, 0xEC, 0xA2, 0x62, 0x13, 0x10,
+        0x83, 0x7C, 0x72, 0x78, 0x8C, 0x8A, 0xDA, 0xB5,
+        0xA0, 0xF0, 0x38, 0x17, 0x12, 0x8E, 0xB7, 0xB7,
+        0x66, 0xFA, 0x81, 0x2C, 0x69, 0x6C, 0xF8, 0x86,
+        0xF0, 0x0A, 0x10, 0x44, 0xCD, 0xD0, 0x6B, 0xB2,
+        0x8C, 0xB2, 0xE5, 0x78, 0x0C, 0x8D, 0x8C, 0xC7,
+        0xE6, 0x0A, 0xB6, 0x99, 0xDD, 0x78, 0x66, 0x8B,
+        0xE4, 0xFF, 0x9F, 0x46, 0x90, 0xC6, 0xFC, 0x98,
+        0xAA, 0xC9, 0xC0, 0x2B, 0x66, 0xB9, 0xB9, 0x82,
+        0x6A, 0x30, 0x61, 0xFD, 0x32, 0x22, 0xDA, 0x84,
+        0x82, 0x66, 0x79, 0x60, 0xA3, 0x16, 0x52, 0xEE,
+        0x88, 0xEB, 0x32, 0xB0, 0x46, 0x9A, 0xB7, 0x1C,
+        0xAA, 0x25, 0x19, 0xF2, 0x3D, 0x1A, 0x24, 0x42,
+        0xD5, 0xB1, 0x31, 0x62, 0x62, 0x13, 0x1D, 0xCE,
+        0xC5, 0xF2, 0x87, 0xE3, 0x2F, 0xD3, 0x43, 0xFE,
+        0xB4, 0x42, 0x9E, 0x54, 0x25, 0x8D, 0x69, 0x0D,
+        0x9D, 0x20, 0xA1, 0x0A, 0xBD, 0x75, 0xA5, 0x36,
+        0xDF, 0xF8, 0xCF, 0x1D, 0x6D, 0xDF, 0x19, 0x29,
+        0x1E, 0x27, 0x49, 0xA7, 0xD1, 0x6E, 0xB9, 0x0A,
+        0xB5, 0x09, 0x3B, 0xAD, 0x38, 0xE1, 0x16, 0xA8,
+        0x6B, 0x73, 0x0E, 0x65, 0x57, 0x4C, 0x06, 0x8C,
+        0x38, 0xBA, 0x94, 0x57, 0xC9, 0xD6, 0xD9, 0x13,
+        0xEA, 0xFF, 0x57, 0xFE, 0x23, 0xBF, 0x3D, 0xD2,
+        0x4D, 0x8C, 0xA5, 0x11, 0xEF, 0xA3, 0x76, 0xA5,
+        0xDF, 0x08, 0x46, 0x70, 0x25, 0xFF, 0x51, 0xBE,
+        0xAD, 0x3E, 0xDE, 0x0A, 0x84, 0xED, 0xC5, 0x32,
+        0x16, 0x20, 0x99, 0x80, 0x61, 0xE8, 0xA1, 0xA7,
+        0x3D, 0x67, 0xB7, 0x02, 0x1B, 0x81, 0x0C, 0x78,
+        0x67, 0xFF, 0x39, 0x18, 0x7B, 0x59, 0xD4, 0x03,
+        0xBF, 0x7C, 0x75, 0x06, 0x30, 0x0C, 0x73, 0x45,
+        0xB1, 0xFE, 0x07, 0xC1, 0x12, 0x78, 0xB0, 0xAB,
+        0xA6, 0x1D, 0xBB, 0x4F, 0x2B, 0x8C, 0x43, 0xE7,
+        0x4F, 0xEF, 0xA5, 0x5E, 0xD5, 0x2C, 0x10, 0xA8,
+        0xC4, 0x90, 0x88, 0x2B, 0xBF, 0xE3, 0xE3, 0xB3,
+        0xCE, 0x57, 0x9E, 0x81, 0x16, 0xA9, 0xB6, 0x68,
+        0x6C, 0x1A, 0x10, 0x0A, 0xA1, 0xF6, 0x59, 0x1F,
+        0x19, 0x1F, 0x77, 0x2B, 0x5A, 0x5A, 0x50, 0xDD,
+        0x6C, 0xC1, 0x55, 0xCB, 0x5A, 0x1B, 0xE5, 0xBA,
+        0x12, 0x2E, 0x91, 0xF0, 0x44, 0x42, 0x01, 0x56,
+        0xCD, 0x63, 0x08, 0x0F, 0x0A, 0x45, 0xD6, 0x62,
+        0xE7, 0x6D, 0xD5, 0x7B, 0xD0, 0xF6, 0x89, 0xD0,
+        0xB2, 0x99, 0x04, 0x2B, 0xFF, 0x48, 0x5E, 0x8A,
+        0x38, 0x2D, 0x86, 0x5C, 0x26, 0xCD, 0x46, 0xB4,
+        0xA5, 0x47, 0x28, 0xBD, 0x48, 0x45, 0x83, 0x62,
+        0xD7, 0x9A, 0xC3, 0xEB, 0x75, 0x6F, 0xC6, 0xC5,
+        0x18, 0xC9, 0xE2, 0xF0, 0xE7, 0xD5, 0xA3, 0x03,
+        0xAF, 0x11, 0x59, 0xEE, 0x6D, 0xBE, 0x7D, 0xD5,
+        0x6B, 0xA0, 0x71, 0x28, 0x57, 0xA6, 0x88, 0x36,
+        0xC3, 0xC7, 0x8C, 0x6C, 0x9F, 0x74, 0x88, 0x57,
+        0x28, 0x13, 0xC0, 0xF6, 0xA8, 0x14, 0x70, 0x9D,
+        0x2B, 0xC1, 0x42, 0xFE, 0xF0, 0x25, 0x27, 0xCA,
+        0xE7, 0x71, 0x23, 0x58, 0x37, 0x1C, 0x54, 0x26,
+        0x52, 0x2C, 0xCC, 0x64, 0x30, 0x0C, 0x2C, 0xD9,
+        0xFB, 0xE2, 0x0C, 0x65, 0x62, 0xE3, 0x48, 0x35,
+        0x20, 0x5F, 0xCD, 0xD5, 0xA8, 0x98, 0x2C, 0x92,
+        0x0B, 0xB4, 0x77, 0xFB, 0x88, 0x17, 0x02, 0x82,
+        0x7B, 0x49, 0x11, 0x87, 0x13, 0x94, 0xC0, 0x6B,
+        0x5F, 0xEC, 0xD0, 0xC7, 0x40, 0xAF, 0x7B, 0x27,
+        0x63, 0x7B, 0xAC, 0x1A, 0x0C, 0xBC, 0xA5, 0x37,
+        0xE4, 0x43, 0x3E, 0xA8, 0x47, 0x45, 0x4C, 0x69,
+        0x38, 0x97, 0xA3, 0x2E, 0x4D, 0x18, 0x44, 0x19,
+        0x54, 0x26, 0xA0, 0xC6, 0xAE, 0xD6, 0x74, 0x72,
+        0xBD, 0x2C, 0x4E, 0xEE, 0x17, 0x9F, 0x3F, 0x60,
+        0x84, 0xA3, 0x6A, 0x76, 0x89, 0xF4, 0xCB, 0x1F,
+        0x8E, 0x5D, 0xB2, 0xDD, 0xE5, 0x4A, 0xCC, 0x06,
+        0x66, 0xBA, 0x98, 0x41, 0x54, 0x31, 0xA4, 0xB2,
+        0x02, 0xF4, 0x02, 0xFB, 0x1F, 0x1B, 0xCC, 0xDC,
+        0x23, 0xBF, 0xF1, 0x31, 0x48, 0xC7, 0xB8, 0xF6,
+        0x1F, 0xBF, 0x62, 0x43, 0xB2, 0x96, 0xA7, 0x8E,
+        0xB6, 0x98, 0x18, 0x9D, 0xA9, 0x5B, 0xDA, 0x85,
+        0xDB, 0xC1, 0x1D, 0x15, 0xFF, 0xDC, 0x6B, 0xF4,
+        0x6C, 0x53, 0xF6, 0xE4, 0x72, 0xA8, 0x71, 0x40,
+        0x1E, 0x9A, 0x9A, 0xB7, 0xF9, 0xFB, 0x46, 0x7E,
+        0xB4, 0xEC, 0xB1, 0xF0, 0xDA, 0x7E, 0x63, 0xEE,
+        0x86, 0x19, 0xCB, 0xC4, 0x86, 0xEB, 0xB0, 0xF2,
+        0x12, 0x0A, 0x78, 0x11, 0xBF, 0xB0, 0x55, 0x7D,
+        0x13, 0x93, 0x05, 0x74, 0x29, 0x7C, 0x94, 0x64,
+        0xFC, 0x59, 0x5B, 0x27, 0x56, 0x9A, 0xDF, 0x5F,
+        0x4A, 0x8D, 0xF6, 0x69, 0xC9, 0xEE, 0xA0, 0xA2,
+        0x50, 0xF4, 0xD2, 0x2C, 0x2E, 0x8C, 0x64, 0x1B,
+        0xA3, 0x90, 0x2B, 0xA8, 0x08, 0x00, 0x48, 0x99,
+        0x65, 0xF1, 0x1A, 0xF1, 0xE1, 0xA8, 0x57, 0x17,
+        0xC6, 0x24, 0xE7, 0x42, 0xF1, 0x61, 0x55, 0x08,
+        0x19, 0xD1, 0xF0, 0x37, 0x2C, 0x5C, 0xAE, 0x8B,
+        0xC6, 0x2B, 0x54, 0x9E, 0xFE, 0x87, 0x44, 0x61,
+        0x08, 0x0D, 0x06, 0x34, 0x6E, 0x1F, 0xA6, 0xF0,
+        0x15, 0x14, 0xFB, 0xEC, 0xCB, 0x06, 0xE3, 0x4E,
+        0xE2, 0x71, 0xA0, 0xF0, 0x03, 0x17, 0x90, 0xBD,
+        0xAB, 0xE0, 0xF0, 0x2B, 0xBA, 0x4A, 0xEA, 0x4B,
+        0x73, 0x97, 0xFE, 0x33, 0x33, 0xEB, 0x81, 0x21,
+        0x82, 0x07, 0x57, 0x28, 0x1F, 0x96, 0xA5, 0x83,
+        0x1F, 0x9E, 0x49, 0x03, 0x66, 0x54, 0x9D, 0x16,
+        0x76, 0x3F, 0xF1, 0x9F, 0xF7, 0x73, 0x58, 0x0E,
+        0xD5, 0xE3, 0xE1, 0xE2, 0xAA, 0x3E, 0x38, 0xF8,
+        0x84, 0x74, 0xDE, 0x6D, 0x9B, 0xA6, 0x99, 0x4F,
+        0x8E, 0x62, 0x91, 0x60, 0x48, 0x8C, 0xB4, 0xCD,
+        0x5B, 0x87, 0x8C, 0xDA, 0x37, 0xAA, 0xEC, 0x9B,
+        0x56, 0x36, 0x9A, 0x7E, 0x73, 0xF7, 0x3B, 0x42,
+        0x86, 0x39, 0xA0, 0x5C, 0x13, 0x78, 0x44, 0x8A,
+        0xDB, 0x7F, 0x07, 0x4D, 0xC8, 0x15, 0x4D, 0x92,
+        0xE1, 0x3C, 0x63, 0x56, 0xB5, 0xF4, 0x66, 0xD6,
+        0x64, 0x77, 0x15, 0x9B, 0x2A, 0x94, 0x37, 0x99,
+        0xAD, 0x61, 0x9A, 0x02, 0x9F, 0x30, 0x10, 0xD0,
+        0x37, 0x67, 0x2D, 0xBB, 0x68, 0x20, 0xE5, 0x13,
+        0x23, 0xAD, 0xA9, 0x88, 0x81, 0xC6, 0xDE, 0x85,
+        0x9D, 0xF8, 0x75, 0xAB, 0xAF, 0x11, 0xDA, 0x5D,
+        0xDC, 0xA5, 0xA7, 0x77, 0x62, 0x2B, 0xDA, 0xE8,
+        0xFA, 0xCE, 0x2E, 0x0C, 0xED, 0x3B, 0x6A, 0x77,
+        0xB8, 0x8A, 0x87, 0x29, 0xFB, 0x7C, 0x50, 0x93,
+        0x3D, 0xA6, 0xC5, 0x2E, 0x3F, 0x4D, 0x94, 0x8F,
+        0x9D, 0xC1, 0x53, 0xB5, 0xB1, 0x29, 0x9C, 0xD8,
+        0x62, 0x1D, 0xDF, 0xBA, 0x48, 0xAF, 0x44, 0xE4,
+        0xB6, 0xF6, 0x10, 0x6E, 0xE7, 0x77, 0x95, 0x01,
+        0xDD, 0x5F, 0xB3, 0xC5, 0x78, 0xEA, 0x4D, 0x32,
+        0xC5, 0xC2, 0xF0, 0x36, 0xA7, 0x35, 0x27, 0x03,
+        0xAD, 0xD1, 0x35, 0xAB, 0x84, 0x46, 0x01, 0x62,
+        0x41, 0x7E, 0x50, 0xBF, 0x91, 0xE6, 0x07, 0x97,
+        0xD5, 0x9B, 0x9E, 0x18, 0xD3, 0x24, 0xDA, 0x97,
+        0x1F, 0x4F, 0xF4, 0x28, 0xAE, 0xAF, 0x23, 0xAC,
+        0x0B, 0xA4, 0xE2, 0xE2, 0xFC, 0x7A, 0xBA, 0xA6,
+        0xC8, 0x98, 0x4F, 0xE9, 0xE2, 0xD8, 0x5B, 0x8A,
+        0xDA, 0x40, 0x86, 0xB3, 0xC1, 0x3A, 0xBD, 0x43,
+        0xCF, 0xD1, 0xC7, 0x11, 0xD8, 0x32, 0x6B, 0x18,
+        0xAD, 0xC3, 0x4C, 0xC1, 0x4C, 0xF8, 0x95, 0x7E,
+        0xC3, 0x95, 0x94, 0x98, 0xFC, 0x2A, 0x7B, 0xE0,
+        0x6B, 0xD1, 0x84, 0x0D, 0xE1, 0x70, 0x36, 0x65,
+        0x66, 0xE5, 0x07, 0x41, 0x95, 0x77, 0x63, 0xC2,
+        0xDD, 0x27, 0xAC, 0xF8, 0xC3, 0xF1, 0x02, 0x6F,
+        0xAE, 0xE1, 0xD2, 0x56, 0x2F, 0xA1, 0x05, 0x2E,
+        0x69, 0xAF, 0xDD, 0x42, 0xF4, 0x46, 0xF0, 0x59,
+        0x88, 0x66, 0xD5, 0xD3, 0x06, 0xBF, 0x1B, 0x77,
+        0x50, 0x42, 0xB0, 0x35, 0x92, 0x73, 0x72, 0x82,
+        0x7F, 0x43, 0x86, 0x31, 0x65, 0x34, 0xFA, 0x1B,
+        0x7E, 0xE6, 0x33, 0xBA, 0x95, 0x8C, 0xED, 0x8F,
+        0x0D, 0x24, 0x1D, 0x46, 0x88, 0xE3, 0xC7, 0x91,
+        0x8E, 0x2A, 0x75, 0x62, 0x63, 0x77, 0xC3, 0x42,
+        0xA5, 0x90, 0x69, 0x2B, 0xBF, 0xB8, 0x27, 0xBF,
+        0x90, 0x51, 0x41, 0x82, 0xD4, 0x09, 0x0D, 0xF8,
+        0xD7, 0x32, 0x35, 0x19, 0xA1, 0xAB, 0x6C, 0xD0,
+        0x22, 0x73, 0x67, 0x41, 0x0D, 0xD1, 0x4D, 0x37,
+        0x86, 0xA2, 0x6D, 0xDF, 0x91, 0x72, 0x4F, 0xC8,
+        0x2D, 0x06, 0xA2, 0x5D, 0x5F, 0x56, 0x68, 0x39,
+        0x53, 0xE8, 0xE0, 0xF2, 0x0E, 0x3C, 0x17, 0x71,
+        0xDA, 0xF4, 0x2E, 0x52, 0x02, 0x4C, 0x11, 0x6E,
+        0xD8, 0xA4, 0xC0, 0xA6, 0x11, 0x68, 0x0F, 0x5F,
+        0xE0, 0x0E, 0xD9, 0xB1, 0x48, 0xD1, 0x5F, 0x12,
+        0xAA, 0x95, 0xB9, 0xBD, 0x5A, 0x9F, 0xD8, 0x10,
+        0x16, 0x42, 0xB3, 0x69, 0x11, 0xF3, 0x10, 0xB0,
+        0xDE, 0x18, 0x17, 0x1D, 0x62, 0x37, 0xD9, 0xBE,
+        0x17, 0x25, 0xDC, 0x29, 0x9A, 0x1A, 0x3A, 0xAA,
+        0xE9, 0x85, 0x40, 0xCE, 0xED, 0x26, 0x95, 0x3D,
+        0x10, 0xCE, 0x85, 0x47, 0xF1, 0xC3, 0xE4, 0x6A,
+        0x86, 0x2B, 0xED, 0x42, 0x8D, 0x1E, 0x10, 0x60,
+        0x1B, 0xF3, 0x28, 0xC7, 0x27, 0xFD, 0x95, 0x34,
+        0x3E, 0x2D, 0xB4, 0xD9, 0xAC, 0xD5, 0xD1, 0xCB,
+        0x47, 0x15, 0xF6, 0x00, 0x40, 0x96, 0xED, 0xA0,
+        0x93, 0xD1, 0xB0, 0xA3, 0x3B, 0x1E, 0x56, 0xF1,
+        0x6D, 0x73, 0xAD, 0xB8, 0x73, 0x2C, 0xB4, 0xA3,
+        0x11, 0x60, 0xA4, 0x49, 0x1F, 0xAA, 0x0C, 0x86,
+        0xE6, 0x80, 0xE3, 0xD7, 0xC0, 0x2C, 0xCE, 0xA8,
+        0xFE, 0x92, 0xF1, 0xE0, 0x01, 0x01, 0x6D, 0x22,
+        0x02, 0x21, 0xDD, 0x10, 0xED, 0x62, 0x60, 0x17,
+        0x96, 0x6C, 0x34, 0x50, 0xAD, 0x12, 0x13, 0x65,
+        0x91, 0x8C, 0x93, 0x09, 0x1F, 0x14, 0x71, 0x2B,
+        0xA4, 0x77, 0xCF, 0x2E, 0x26, 0x32, 0x96, 0xC7,
+        0x78, 0xA2, 0xBA, 0xEE, 0xF5, 0x84, 0x94, 0x55,
+        0xFA, 0x35, 0xCB, 0x61, 0x72, 0x51, 0xE0, 0x2A,
+        0x22, 0xDA, 0xF5, 0xC3, 0x3E, 0x5A, 0xAA, 0x9F,
+        0x00, 0xE8, 0xAC, 0xDC, 0x50, 0xEC, 0xF4, 0x7C,
+        0x52, 0x15, 0x03, 0xC5, 0x2F, 0x27, 0xD6, 0xB5,
+        0x7C, 0x8F, 0x2B, 0x3D, 0x8F, 0x12, 0x22, 0x41,
+        0x3E, 0x7F, 0xA4, 0xEC, 0x59, 0x29, 0x63, 0x38,
+        0x09, 0x8C, 0x9A, 0xB5, 0xA1, 0xD8, 0xA5, 0x78,
+        0x84, 0xBD, 0x86, 0x00, 0x41, 0x40, 0x6D, 0x96,
+        0x55, 0xD1, 0x73, 0x82, 0x94, 0x9A, 0x03, 0xD5,
+        0x0F, 0x11, 0x08, 0xD0, 0x5B, 0xDB, 0x31, 0xCA,
+        0x08, 0xE6, 0x6F, 0x2D, 0x8D, 0xE4, 0x80, 0xC6,
+        0x79, 0x35, 0x18, 0xD4, 0x9A, 0x60, 0xD4, 0x76,
+        0x2A, 0x9E, 0xDD, 0xC0, 0x24, 0x9B, 0x42, 0x2E,
+        0x84, 0x02, 0x0E, 0xD5, 0x39, 0xA1, 0x4E, 0x24,
+        0x78, 0xF6, 0x8B, 0xAB, 0x1F, 0x2B, 0x00, 0xE2,
+        0x2A, 0x5C, 0xBB, 0x62, 0x97, 0x9A, 0xC7, 0x44,
+        0xE0, 0x8B, 0x57, 0xD5, 0xB5, 0x78, 0xC4, 0x01,
+        0xA8, 0xD2, 0x6D, 0x9A, 0xDD, 0x15, 0x05, 0x23,
+        0x60, 0x82, 0x86, 0x36, 0x72, 0xD9, 0x11, 0xCF,
+        0x3A, 0x09, 0x66, 0xD3, 0x03, 0xF8, 0x91, 0x70,
+        0x93, 0xBF, 0x97, 0xAF, 0x90, 0xA7, 0xE1, 0xF9,
+        0xD5, 0x9B, 0x09, 0x20, 0x6B, 0x9C, 0xAC, 0x35,
+        0x11, 0x0F, 0xA3, 0x8D, 0x58, 0x90, 0xED, 0x21,
+        0x16, 0x83, 0x5C, 0xE3, 0x73, 0x84, 0xF5, 0x63,
+        0x0F, 0x1C, 0x42, 0x8E, 0x21, 0x36, 0x05, 0x87,
+        0x2E, 0xCF, 0x91, 0x1B, 0x01, 0x4B, 0x91, 0xC2,
+        0xC6, 0x00, 0xE8, 0xA4, 0x07, 0x29, 0xD0, 0x7B,
+        0xF9, 0x18, 0x79, 0x07, 0x42, 0xC9, 0x27, 0x9F,
+        0x31, 0x14, 0xF6, 0x8C, 0xDF, 0x65, 0x94, 0xCD,
+        0xA3, 0xCA, 0x66, 0x94, 0x22, 0x3A, 0x82, 0xF6,
+        0x6C, 0x2B, 0x4B, 0xDF, 0x3E, 0x51, 0xC6, 0xFF,
+        0xDC, 0x55, 0xE0, 0xFF, 0x51, 0xEF, 0xD6, 0xC9,
+        0x34, 0x36, 0x2B, 0xE7, 0xD6, 0xFA, 0xBC, 0x11,
+        0xB8, 0xB0, 0xDA, 0xDD, 0xD5, 0x21, 0x08, 0xFA,
+        0x5F, 0xB5, 0xCA, 0x75, 0x8A, 0x64, 0x37, 0x7D,
+        0x38, 0x6D, 0x45, 0xCE, 0x70, 0x60, 0x5B, 0x46,
+        0x0E, 0x81, 0x57, 0x03, 0x7B, 0x5B, 0x1B, 0x2E,
+        0x0A, 0xED, 0xD1, 0x2A, 0x63, 0x31, 0x15, 0xD6,
+        0xC4, 0x3B, 0xC6, 0xC7, 0xC8, 0x36, 0xFF, 0xF3,
+        0x3E, 0x7D, 0x03, 0x3F, 0x2E, 0x58, 0x00, 0x52,
+        0x71, 0x64, 0xC0, 0xC4, 0x78, 0x1C, 0x37, 0xDF,
+        0x50, 0xB6, 0x6B, 0xBA, 0x5C, 0x81, 0x94, 0x73,
+        0xA1, 0xC5, 0x30, 0x20, 0x83, 0xA1, 0x6F, 0x01,
+        0x43, 0x72, 0x79, 0xD2, 0xF2, 0xDF, 0x14, 0xC8,
+        0x78, 0x26, 0x9A, 0x2F, 0x3F, 0xA4, 0x0C, 0x1C,
+        0x76, 0x1E, 0xD6, 0x15, 0x01, 0xAC, 0x9E, 0xF1,
+        0x41, 0x02, 0x90, 0x38, 0xC8, 0x19, 0x95, 0x40,
+        0x89, 0xB7, 0x38, 0x09, 0x87, 0x08, 0x17, 0x43,
+        0x93, 0xFE, 0xAE, 0xA7, 0xB0, 0x2A, 0xE5, 0xCE,
+        0xF6, 0x7B, 0x3C, 0x8C, 0xE6, 0xA9, 0x70, 0x67,
+        0x5C, 0xA1, 0xB8, 0xC8, 0x56, 0xDC, 0xF5, 0x97,
+        0x25, 0x08, 0xC7, 0xC6, 0xB2, 0x5E, 0xE4, 0xD1,
+        0x2D, 0x82, 0x12, 0xB9, 0x89, 0x40, 0xB4, 0x88,
+        0xEC, 0x40, 0x2A, 0xC7, 0xAE, 0x3C, 0x70, 0xDF,
+        0x93, 0x8D, 0x12, 0x88, 0xCD, 0xA7, 0xA3, 0x19,
+        0xE0, 0x85, 0xBC, 0x73, 0xA4, 0x69, 0xB2, 0xD2,
+        0xA3, 0x30, 0x3B, 0x11, 0xA6, 0x83, 0x10, 0x0A,
+        0xF6, 0xDB, 0x86, 0x93, 0x7B, 0xA1, 0x18, 0x29,
+        0x03, 0x61, 0x6E, 0x3F, 0x03, 0x47, 0xBD, 0x68,
+        0x59, 0x1B, 0x47, 0xBA, 0x65, 0x15, 0x6B, 0x93,
+        0xF2, 0x60, 0xDE, 0x59, 0xB3, 0xAE, 0xB2, 0x89,
+        0xE2, 0xA7, 0x3A, 0x3B, 0xFF, 0x38, 0xC2, 0xF3,
+        0xAD, 0xED, 0xA2, 0x9C, 0x7E, 0x90, 0x28, 0x3A,
+        0xC7, 0xB8, 0x6D, 0x03, 0x6B, 0x47, 0xD5, 0xBA,
+        0x1A, 0x03, 0xEC, 0x78, 0x3D, 0x25, 0x0B, 0xAC,
+        0xAE, 0x58, 0x47, 0xE4, 0x1F, 0x82, 0x9C, 0xB3,
+        0x3D, 0xE0, 0x8D, 0xF8, 0xF7, 0xD6, 0x9C, 0x9A,
+        0xA4, 0xED, 0xE8, 0xD7, 0xAB, 0x96, 0x84, 0x07,
+        0xEE, 0xD3, 0x1A, 0x05, 0x6B, 0xA0, 0xEF, 0x88,
+        0x16, 0xE1, 0x27, 0xAA, 0x90, 0x06, 0x5A, 0x67,
+        0x9E, 0x1C, 0xA9, 0x55, 0x0D, 0xEE, 0xF2, 0x5A,
+        0xC5, 0xB7, 0xA3, 0x4F, 0x70, 0xDC, 0xF2, 0xB1,
+        0x16, 0xCF, 0x35, 0x1F, 0x3B, 0xAD, 0xA9, 0x9F,
+        0x83, 0x6C, 0x73, 0x0D, 0xCC, 0x1A, 0xE0, 0x3F,
+        0x49, 0x6C, 0xF3, 0xF0, 0x38, 0x7A, 0x0C, 0x2C,
+        0x70, 0x2E, 0x2C, 0x13, 0xBD, 0xD9, 0xCF, 0x45,
+        0xA1, 0xCD, 0x53, 0xAB, 0x58, 0x73, 0x11, 0x88,
+        0xB1, 0x8E, 0xA8, 0xBE, 0x48, 0xD5, 0x10, 0xC5,
+        0x81, 0x2E, 0x90, 0xBC, 0xEC, 0xBC, 0x6E, 0x19,
+        0x8E, 0x70, 0x8B, 0x1C, 0x08, 0xC8, 0xF8, 0x64,
+        0xB1, 0x24, 0xBB, 0x4C, 0xC0, 0xBD, 0xBB, 0xDF,
+        0x2C, 0x2F, 0x4E, 0x38, 0x8F, 0xC1, 0x96, 0x60,
+        0xD6, 0x9C, 0xC2, 0xC0, 0xEB, 0xF9, 0x10, 0x08,
+        0xC8, 0x24, 0x3D, 0xB4, 0x2D, 0xDA, 0xF5, 0x7C,
+        0x02, 0x42, 0x51, 0xC4, 0x23, 0x1D, 0xF5, 0x37,
+        0x90, 0xCE, 0x57, 0x56, 0x13, 0xEE, 0x8E, 0x1C,
+        0x7A, 0x33, 0xC1, 0x56, 0x1F, 0x35, 0x04, 0xDE,
+        0xAA, 0xED, 0x1E, 0x84, 0x08, 0x50, 0x06, 0x23,
+        0xEC, 0xA5, 0xAE, 0x5A, 0x28, 0x45, 0x41, 0x17,
+        0x49, 0x93, 0x0D, 0x8E, 0x42, 0x07, 0x8C, 0x03,
+        0x23, 0x49, 0x95, 0x7F, 0xC3, 0x9A, 0x1D, 0xA0,
+        0xEA, 0xF9, 0xE8, 0x7C, 0x31, 0xFF, 0xBF, 0x6A,
+        0xC0, 0xC1, 0x81, 0x1E, 0xB2, 0x8A, 0x41, 0xB1,
+        0xD8, 0x6B, 0xD7, 0xD4, 0x9A, 0xD1, 0xC4, 0x68,
+        0xA4, 0x95, 0x94, 0x95, 0x65, 0x25, 0xA2, 0x0A,
+        0x31, 0x70, 0x0F, 0x12, 0x2F, 0x4C, 0x4B, 0xB2,
+        0x25, 0x2A, 0x2F, 0x3D, 0x5C, 0x5D, 0x68, 0x73,
+        0x83, 0x8C, 0x90, 0x95, 0x97, 0xBB, 0xCA, 0xD8,
+        0xE1, 0x33, 0x3D, 0x5D, 0x61, 0x7C, 0x87, 0xC8,
+        0xEE, 0x0F, 0x1B, 0x22, 0x38, 0x3B, 0x42, 0x4B,
+        0x4C, 0x5C, 0x62, 0x72, 0x98, 0xA3, 0xBE, 0xCC,
+        0x1B, 0x32, 0x47, 0x5C, 0x9D, 0xB6, 0xB9, 0xBD,
+        0xC6, 0xD6, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x11, 0x19, 0x28, 0x34
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte pk_65[] = {
+        0x6C, 0x9E, 0x7A, 0x1E, 0xE3, 0x66, 0x25, 0x76,
+        0x0E, 0x5D, 0x2F, 0x33, 0xDF, 0x29, 0x29, 0xDA,
+        0x56, 0x20, 0x32, 0x34, 0x06, 0x91, 0x60, 0xE5,
+        0xF2, 0xBF, 0x03, 0x9C, 0x11, 0x06, 0x22, 0x73,
+        0x07, 0x3C, 0x23, 0x75, 0x66, 0xCE, 0x05, 0x5D,
+        0x87, 0x1F, 0x38, 0xAC, 0xD1, 0xA9, 0x85, 0x9A,
+        0x82, 0x44, 0x67, 0xF1, 0x9B, 0xE6, 0x8E, 0x4F,
+        0x00, 0x64, 0x5D, 0x22, 0x5C, 0x42, 0xC8, 0x5A,
+        0x55, 0x7D, 0x2C, 0x5E, 0xCB, 0x44, 0x2B, 0x0F,
+        0x02, 0x8A, 0x65, 0x28, 0x89, 0x8E, 0xE2, 0xB6,
+        0x73, 0xD8, 0x63, 0xF3, 0x2E, 0xB9, 0xEC, 0x81,
+        0x64, 0x12, 0x75, 0x41, 0xF3, 0x25, 0x19, 0xBB,
+        0x88, 0xE0, 0x34, 0xA0, 0x3F, 0x46, 0xF7, 0xD1,
+        0x93, 0xCD, 0x3D, 0xFB, 0xAD, 0xF6, 0x35, 0x57,
+        0x92, 0x6C, 0x5C, 0x8F, 0x5B, 0x76, 0x6A, 0x7F,
+        0xC5, 0xEC, 0x8B, 0x3F, 0x94, 0x8B, 0xF7, 0xA8,
+        0x21, 0xB5, 0x4C, 0x94, 0x41, 0xAB, 0x0B, 0xD8,
+        0x33, 0xFD, 0x63, 0x54, 0xCE, 0xC7, 0x06, 0xFA,
+        0xA5, 0x00, 0xAB, 0xB5, 0x28, 0x9B, 0x90, 0xB1,
+        0xBF, 0x91, 0x76, 0x77, 0xA2, 0x9D, 0x11, 0x5F,
+        0x00, 0x94, 0xBD, 0xB4, 0x8D, 0xC7, 0x2E, 0x26,
+        0x1D, 0xBA, 0x12, 0x0B, 0xA6, 0xFF, 0x5E, 0x52,
+        0xA0, 0x1B, 0x17, 0x89, 0x81, 0xDD, 0x82, 0x96,
+        0x44, 0x46, 0x56, 0xD9, 0x44, 0x2D, 0xF9, 0xCB,
+        0xB6, 0xBF, 0xDA, 0xE5, 0x6A, 0x23, 0x0F, 0x6F,
+        0x29, 0xF9, 0x4C, 0xDC, 0xC2, 0x65, 0x57, 0x6A,
+        0xA8, 0x75, 0x2A, 0xCE, 0xD0, 0x7E, 0x99, 0x89,
+        0x5C, 0xAE, 0xF0, 0x16, 0x8B, 0xF8, 0x3D, 0x23,
+        0xFD, 0xAD, 0xFB, 0xB9, 0x28, 0xCB, 0xCD, 0xAB,
+        0xA2, 0x5F, 0xE2, 0xCD, 0x26, 0xAD, 0xDF, 0xB0,
+        0xDA, 0xCD, 0x74, 0x94, 0x0F, 0x35, 0x14, 0x26,
+        0x94, 0x2F, 0x17, 0x6F, 0xFB, 0xC5, 0xF3, 0x45,
+        0x6D, 0xB7, 0xC9, 0x12, 0xAA, 0x16, 0xB8, 0x6D,
+        0x07, 0x45, 0xF8, 0x7C, 0x9F, 0x45, 0x37, 0x0A,
+        0x84, 0x56, 0xA1, 0xAD, 0xB5, 0x1D, 0xB4, 0x05,
+        0x2B, 0x5C, 0x9E, 0xAF, 0x60, 0xAD, 0x7B, 0x80,
+        0xA4, 0x2E, 0xA4, 0xBF, 0x92, 0xC8, 0x41, 0x27,
+        0x3A, 0xD7, 0x61, 0xDE, 0xDB, 0x0D, 0x34, 0xBF,
+        0x57, 0x96, 0x00, 0xB1, 0x49, 0xFC, 0xCD, 0x42,
+        0xAB, 0x15, 0x49, 0xBA, 0x0A, 0xBE, 0xDA, 0x57,
+        0xEF, 0x71, 0xD1, 0xFC, 0xA5, 0x70, 0x2A, 0xAD,
+        0x08, 0x32, 0x99, 0xBB, 0x98, 0x30, 0x01, 0x89,
+        0xC2, 0x5F, 0x3B, 0x27, 0x0A, 0x87, 0x65, 0x8D,
+        0x0B, 0x2E, 0xA5, 0x65, 0x24, 0x14, 0x7F, 0x73,
+        0x9E, 0xB6, 0xC6, 0x76, 0xD7, 0xBE, 0x73, 0xDD,
+        0x3B, 0x95, 0xB1, 0x0C, 0x55, 0xAB, 0x46, 0xFD,
+        0x01, 0x54, 0x9C, 0x51, 0x68, 0xBF, 0x7D, 0xA1,
+        0x3A, 0x49, 0x97, 0x85, 0xF3, 0x5A, 0x1E, 0x3B,
+        0x56, 0xF4, 0xC5, 0x67, 0xF5, 0x4E, 0xA9, 0xAA,
+        0x28, 0x17, 0xA3, 0x36, 0x38, 0x36, 0x43, 0xFA,
+        0x2E, 0xA3, 0x1F, 0xB1, 0xB7, 0x3E, 0x10, 0x24,
+        0x8D, 0xFC, 0xA0, 0x5C, 0x04, 0x13, 0x12, 0x66,
+        0x49, 0x8E, 0x1C, 0x94, 0x91, 0x13, 0x5A, 0x50,
+        0xE6, 0x3D, 0x02, 0xFA, 0xDF, 0x41, 0x65, 0xFC,
+        0x9E, 0x15, 0xE3, 0xE1, 0xB3, 0x2F, 0xAB, 0x83,
+        0x37, 0x68, 0x4C, 0x49, 0x19, 0x3E, 0x1B, 0xC4,
+        0xED, 0xEA, 0xE3, 0x73, 0xA2, 0x67, 0xA7, 0x14,
+        0xAC, 0x1F, 0x90, 0x9C, 0xC6, 0x57, 0xCD, 0x80,
+        0x66, 0x64, 0x63, 0x27, 0xE0, 0xEE, 0xA0, 0x41,
+        0xAC, 0x9F, 0x2A, 0xEF, 0xFC, 0x80, 0x69, 0x1B,
+        0xF6, 0x0D, 0x3C, 0x94, 0xC6, 0x42, 0x55, 0x7E,
+        0x42, 0x99, 0xD3, 0x95, 0x92, 0x22, 0x16, 0xC6,
+        0x5E, 0x75, 0xB7, 0xE1, 0xA5, 0x02, 0x89, 0x60,
+        0x38, 0x4B, 0xF8, 0x16, 0xC9, 0xF7, 0x05, 0x48,
+        0x29, 0xE7, 0x98, 0x5B, 0x58, 0x41, 0xA7, 0x33,
+        0xF3, 0x3F, 0xCE, 0x24, 0x55, 0xEF, 0xC8, 0x9B,
+        0xAE, 0x84, 0xB4, 0x79, 0x90, 0xE8, 0xD0, 0xAF,
+        0xC6, 0x19, 0x3E, 0x4A, 0xF9, 0xBC, 0x68, 0x0A,
+        0xE2, 0x4F, 0xE5, 0x91, 0xE8, 0x8B, 0xA6, 0xA2,
+        0xAE, 0x12, 0xDA, 0x38, 0x58, 0xD2, 0x1F, 0x49,
+        0x2D, 0x24, 0xAB, 0xC4, 0xFE, 0x4F, 0xD5, 0x2D,
+        0x5A, 0xBF, 0x24, 0xBD, 0x25, 0x46, 0x87, 0xB9,
+        0x18, 0x79, 0x2F, 0x0A, 0x00, 0x3A, 0x52, 0x22,
+        0xDF, 0x45, 0x03, 0x86, 0x85, 0xC7, 0x25, 0xCE,
+        0x75, 0x79, 0xE0, 0x2C, 0xB1, 0x68, 0xBB, 0xC6,
+        0x66, 0xAB, 0xF6, 0x69, 0x85, 0x6E, 0x10, 0x53,
+        0x7C, 0x92, 0x91, 0x69, 0x2C, 0x0C, 0xB0, 0xCF,
+        0xA9, 0x06, 0x27, 0x0A, 0xC2, 0xC7, 0xB7, 0xDC,
+        0x31, 0xD4, 0xF9, 0x28, 0x3C, 0xB2, 0xDB, 0x8A,
+        0x46, 0x2A, 0xEC, 0x0B, 0x98, 0x07, 0xBB, 0xF4,
+        0xAB, 0x45, 0x76, 0xFE, 0xC6, 0x22, 0x6B, 0x41,
+        0x79, 0x32, 0x2B, 0x67, 0xAE, 0xA5, 0x3B, 0xDD,
+        0xF9, 0xC9, 0xBE, 0x5E, 0x0D, 0xBC, 0x43, 0xF7,
+        0x87, 0x43, 0x06, 0x8A, 0xB5, 0xBE, 0x49, 0xF0,
+        0xE6, 0x2F, 0x8E, 0x2E, 0xB1, 0xB6, 0xC6, 0x73,
+        0x6C, 0x05, 0xC9, 0x41, 0x3D, 0x06, 0x5C, 0xE0,
+        0xCC, 0xB7, 0x90, 0x54, 0x80, 0x41, 0xD7, 0xE8,
+        0x32, 0x88, 0x1A, 0x83, 0x9B, 0x57, 0x29, 0xAF,
+        0x94, 0xAB, 0x79, 0xFD, 0x8A, 0x16, 0xDF, 0xFF,
+        0x78, 0xCA, 0xAA, 0x14, 0x1D, 0x97, 0xCC, 0x06,
+        0x50, 0xF8, 0x62, 0x62, 0xF2, 0x61, 0x59, 0xBE,
+        0x8B, 0x36, 0x1A, 0x4A, 0x04, 0x1E, 0x9A, 0x0B,
+        0x65, 0x11, 0xBB, 0xE3, 0x35, 0x5A, 0x4B, 0xF5,
+        0x7A, 0xC0, 0x98, 0x48, 0x84, 0x7E, 0xE0, 0x24,
+        0x3C, 0x3B, 0xA7, 0x74, 0x77, 0x6F, 0x7E, 0x9A,
+        0x22, 0x72, 0x75, 0xD7, 0x4E, 0x6E, 0x31, 0x01,
+        0xD3, 0x82, 0x81, 0x87, 0x63, 0xED, 0x1E, 0x13,
+        0x53, 0xAB, 0x9E, 0xEC, 0xCD, 0x92, 0x0C, 0xD2,
+        0x89, 0x22, 0xD5, 0x59, 0xA4, 0x04, 0x8F, 0x40,
+        0xF0, 0x62, 0x16, 0x4C, 0xB6, 0x61, 0xC4, 0xF4,
+        0xAF, 0xA8, 0x1A, 0x3D, 0x55, 0x93, 0x3C, 0x47,
+        0x91, 0xED, 0xDA, 0xA3, 0x93, 0x9E, 0x5A, 0xC3,
+        0x42, 0xB0, 0xAD, 0x1F, 0x43, 0x8A, 0x53, 0x2C,
+        0x6C, 0xE7, 0x86, 0x68, 0x1A, 0x87, 0x0D, 0x94,
+        0xEC, 0x88, 0xA3, 0x34, 0xCC, 0xEF, 0xC6, 0xAC,
+        0xE7, 0xD9, 0x88, 0xA1, 0xA8, 0x2B, 0xC0, 0xAC,
+        0xCE, 0x78, 0x5F, 0x12, 0x3B, 0xE2, 0x3A, 0x7C,
+        0x92, 0xAF, 0x10, 0x8E, 0x5E, 0xD4, 0xF0, 0x86,
+        0x9E, 0x22, 0xDA, 0xE2, 0x73, 0x55, 0x6D, 0x1D,
+        0xE3, 0x86, 0x62, 0x3A, 0x6C, 0x3F, 0x11, 0x5B,
+        0xBD, 0x11, 0x92, 0x71, 0xD3, 0xFB, 0xA7, 0x96,
+        0xF6, 0x18, 0xB5, 0x39, 0x59, 0xFB, 0x98, 0x01,
+        0x2E, 0x7D, 0x5B, 0x9A, 0xC6, 0x88, 0x94, 0x0B,
+        0x87, 0xE2, 0xC9, 0xC0, 0x65, 0x52, 0x4A, 0x00,
+        0xD3, 0xA4, 0xF4, 0xDB, 0xF5, 0x2F, 0x4B, 0x1A,
+        0x63, 0xEF, 0x5C, 0x46, 0x19, 0x3B, 0xAD, 0xF7,
+        0xAD, 0x7F, 0x98, 0x8D, 0x44, 0x64, 0x34, 0x5B,
+        0x2C, 0x3E, 0x54, 0x96, 0x84, 0xF2, 0xF9, 0x05,
+        0xF6, 0xF8, 0x9D, 0xD6, 0x41, 0x47, 0x3E, 0xC0,
+        0x51, 0x08, 0xA5, 0x2D, 0x8D, 0xBB, 0x91, 0x76,
+        0x8C, 0x54, 0x1D, 0xE5, 0x20, 0xB1, 0x76, 0x66,
+        0x97, 0x0A, 0xAE, 0xB5, 0x06, 0xE7, 0x5D, 0x8E,
+        0xE9, 0xF4, 0xB4, 0x45, 0x5B, 0x71, 0xE0, 0x08,
+        0x8A, 0xB2, 0x56, 0x55, 0x21, 0x3B, 0x75, 0x85,
+        0x9D, 0x25, 0xF5, 0x59, 0xD3, 0xC3, 0x24, 0xD2,
+        0x83, 0xD3, 0x97, 0xAB, 0xE6, 0xF0, 0xAA, 0xA3,
+        0x86, 0x81, 0x57, 0x68, 0xD0, 0x33, 0x57, 0xD7,
+        0x75, 0x96, 0x49, 0x02, 0x41, 0x31, 0x53, 0xE3,
+        0x56, 0x0C, 0xCE, 0xF1, 0xFD, 0x44, 0xB6, 0x5F,
+        0xF1, 0xB2, 0x87, 0xA9, 0x2A, 0x96, 0x93, 0xF0,
+        0x34, 0xB7, 0xEE, 0x66, 0x89, 0x34, 0x70, 0x2D,
+        0x75, 0x01, 0xCA, 0xF6, 0xDA, 0x4E, 0xE9, 0x8A,
+        0xF4, 0xE8, 0xE6, 0x4B, 0x03, 0x40, 0xE0, 0xBB,
+        0x8B, 0xDC, 0x53, 0x3B, 0x0E, 0xFE, 0xE1, 0x91,
+        0x5A, 0x4B, 0x68, 0xB9, 0x3C, 0x5E, 0x95, 0x32,
+        0x1E, 0xED, 0xC2, 0x34, 0xAE, 0xFE, 0x71, 0xAE,
+        0x2E, 0x5D, 0xAC, 0xEC, 0x2F, 0x52, 0xF8, 0x37,
+        0x23, 0xA2, 0x39, 0x2A, 0x7F, 0x8E, 0x13, 0xBC,
+        0x03, 0x01, 0xCD, 0x10, 0x4D, 0x85, 0x2E, 0x62,
+        0xA7, 0xF8, 0x28, 0xAD, 0x32, 0x9B, 0x3D, 0x95,
+        0x96, 0xC5, 0x8E, 0x13, 0xFC, 0xC0, 0xED, 0x96,
+        0xC1, 0xC4, 0x8D, 0x82, 0xA2, 0xC0, 0xF4, 0xD9,
+        0xD2, 0x4D, 0xD8, 0x42, 0x1F, 0xDC, 0xCE, 0xFD,
+        0x49, 0x7A, 0x9B, 0x05, 0xFF, 0xC5, 0x09, 0x04,
+        0x77, 0x04, 0x01, 0x37, 0x3F, 0xEE, 0x7D, 0xC7,
+        0x37, 0x73, 0x41, 0x8A, 0xEB, 0x4A, 0x1F, 0x59,
+        0x9A, 0x4B, 0xB3, 0x8E, 0xDE, 0x8D, 0x10, 0xA3,
+        0xCC, 0x83, 0xA1, 0xC7, 0x2D, 0xE9, 0x21, 0x96,
+        0x9E, 0x3C, 0xE3, 0xE8, 0xEF, 0x2F, 0x7D, 0xA8,
+        0x9D, 0x34, 0x4C, 0x80, 0xD6, 0x1C, 0xF9, 0xC5,
+        0xA4, 0x23, 0xB1, 0xA4, 0xF3, 0x56, 0x7D, 0x96,
+        0xDB, 0x2D, 0xA3, 0xDB, 0x9B, 0x5B, 0x5F, 0xA6,
+        0x81, 0x56, 0xBE, 0x74, 0x52, 0xC8, 0xA0, 0x18,
+        0x1B, 0xB9, 0xF0, 0xDC, 0x75, 0xCD, 0x97, 0x50,
+        0x88, 0x3D, 0x0D, 0xDA, 0xE5, 0x3F, 0xC1, 0x56,
+        0xD6, 0x7A, 0x74, 0x20, 0x08, 0x69, 0x04, 0x6B,
+        0x41, 0xDF, 0x4B, 0xC4, 0x39, 0x69, 0x93, 0xC0,
+        0x8A, 0xA4, 0x89, 0x7A, 0x0B, 0xDD, 0xEF, 0xB5,
+        0x5F, 0x69, 0xCC, 0x1C, 0x4D, 0x7B, 0x5F, 0xB1,
+        0x50, 0x40, 0x84, 0x27, 0xB4, 0x16, 0xF7, 0x31,
+        0x83, 0xF2, 0xB3, 0xCC, 0x16, 0xE3, 0xB7, 0xDA,
+        0x63, 0xCE, 0xE1, 0x14, 0x3A, 0xDA, 0x1A, 0x05,
+        0x66, 0x26, 0xA0, 0x77, 0xB6, 0xD2, 0x1C, 0x3D,
+        0xD9, 0x74, 0xED, 0x90, 0x7C, 0x5A, 0x09, 0x40,
+        0x19, 0x22, 0x57, 0x37, 0xEF, 0xB9, 0x33, 0x19,
+        0xAD, 0x3B, 0x40, 0xA4, 0xF4, 0x34, 0xAE, 0x49,
+        0xD2, 0x83, 0x91, 0xC1, 0x7A, 0x99, 0x9C, 0x74,
+        0x4A, 0x68, 0xC5, 0x5A, 0x91, 0xB8, 0x62, 0x72,
+        0x95, 0x83, 0xD3, 0xDA, 0x46, 0xEE, 0x70, 0xC5,
+        0xCC, 0x46, 0x16, 0x94, 0x16, 0x7D, 0x32, 0xD2,
+        0x1D, 0xE7, 0x53, 0x27, 0x73, 0x2C, 0x63, 0xBB,
+        0xFB, 0xD7, 0xB3, 0x0D, 0xBF, 0x20, 0x57, 0xA0,
+        0xD6, 0x81, 0x51, 0x9F, 0x6E, 0x4A, 0xF6, 0x08,
+        0xD4, 0xBC, 0xD0, 0xB4, 0x75, 0x07, 0x26, 0x77,
+        0x0E, 0x15, 0x6A, 0xED, 0xE8, 0x54, 0x17, 0xBD,
+        0x75, 0x9D, 0x5F, 0xFE, 0x40, 0x1C, 0xB2, 0x99,
+        0x6F, 0x34, 0x43, 0x4D, 0xB4, 0x28, 0xD9, 0xA4,
+        0x17, 0x03, 0x72, 0x01, 0xFC, 0xD2, 0x60, 0xFA,
+        0xA9, 0x80, 0x84, 0x50, 0x2E, 0xED, 0x5C, 0x27,
+        0xA8, 0x91, 0x6E, 0x44, 0xF5, 0x92, 0x98, 0x19,
+        0xD2, 0x1A, 0x69, 0xCE, 0x16, 0xBC, 0xDC, 0x3C,
+        0xC8, 0x14, 0x1E, 0x28, 0x5E, 0xF8, 0x97, 0xB1,
+        0x40, 0x2C, 0x15, 0xC9, 0x52, 0x59, 0x01, 0x19,
+        0x05, 0x1E, 0x36, 0x9A, 0x1B, 0x7B, 0xE4, 0x43,
+        0xFE, 0xAE, 0x6E, 0x32, 0xBC, 0x8F, 0x3D, 0x64,
+        0x7F, 0xC5, 0x31, 0x5A, 0x52, 0x00, 0xCD, 0x52,
+        0x38, 0xDC, 0x66, 0x77, 0x46, 0x6E, 0xA8, 0x6E,
+        0xF8, 0xD1, 0x8E, 0x5A, 0x79, 0xF2, 0x62, 0x48,
+        0x3E, 0x89, 0x6B, 0x82, 0x77, 0xC7, 0x41, 0xF5,
+        0x16, 0xFC, 0x04, 0x0C, 0x10, 0x90, 0xF2, 0x49,
+        0x5B, 0xF1, 0x65, 0x0B, 0x02, 0xAF, 0x30, 0x45,
+        0x67, 0x33, 0xA0, 0x71, 0xAF, 0x47, 0xD7, 0xA1,
+        0x5B, 0xD8, 0xE3, 0x2A, 0x49, 0x80, 0x64, 0x55,
+        0xD3, 0xBE, 0xA7, 0x4A, 0xEF, 0x5D, 0x00, 0x90,
+        0x6A, 0xD2, 0xF0, 0xC0, 0x45, 0x35, 0x4E, 0xFD,
+        0xE7, 0xC9, 0xA2, 0x76, 0xE7, 0x3D, 0x9E, 0xDD,
+        0x11, 0xD1, 0xCA, 0x5C, 0x29, 0x7B, 0x9A, 0x68,
+        0x51, 0xE7, 0xF6, 0x7E, 0x21, 0xEB, 0x06, 0x1B,
+        0xB5, 0x5D, 0x9E, 0x67, 0x3C, 0x4A, 0x75, 0xFE,
+        0xB8, 0x4D, 0x52, 0x62, 0x9E, 0xEC, 0xC5, 0x3C,
+        0x24, 0xBE, 0xA9, 0x51, 0x53, 0x05, 0x1A, 0xC2,
+        0x06, 0xC8, 0x7D, 0xF5, 0x54, 0x10, 0xCA, 0x1F,
+        0xE6, 0xCF, 0xC3, 0xF4, 0x03, 0xA6, 0xD9, 0xD4,
+        0x3E, 0xA8, 0x4C, 0x60, 0xC9, 0x45, 0xE6, 0x42,
+        0xB2, 0x83, 0x63, 0x38, 0xB5, 0xAF, 0x9F, 0x69,
+        0xE5, 0x27, 0x08, 0xB2, 0xE2, 0x25, 0x93, 0x3D,
+        0xB3, 0x20, 0xBB, 0x3F, 0x79, 0x0D, 0x39, 0x7F,
+        0x22, 0xD7, 0xB6, 0xF8, 0xA4, 0x33, 0xCD, 0xAC,
+        0xE9, 0x81, 0x0A, 0xA0, 0xE2, 0x7C, 0x69, 0x95,
+        0x55, 0x53, 0x0C, 0x56, 0x2D, 0xBF, 0x75, 0x17,
+        0xA4, 0x16, 0x26, 0x28, 0xBF, 0x10, 0xD1, 0xB6,
+        0xDB, 0xAC, 0xEF, 0x5C, 0x9E, 0xD5, 0x1E, 0x55,
+        0xD9, 0xA8, 0x9D, 0x60, 0xE0, 0xFC, 0x37, 0x8C,
+        0x47, 0xA2, 0x1D, 0x5E, 0x0F, 0x2D, 0xC3, 0xBC,
+        0xEF, 0x5E, 0x05, 0xC6, 0xE0, 0x26, 0x15, 0x30,
+        0xFB, 0x02, 0x7E, 0x50, 0x32, 0x55, 0x8C, 0xA2,
+        0xB4, 0x70, 0x05, 0xBD, 0xDE, 0x99, 0x90, 0x99,
+        0x30, 0x39, 0x1E, 0xAD, 0x7F, 0x3F, 0x0A, 0x96,
+        0xB3, 0xDE, 0xDA, 0x54, 0xA1, 0x11, 0x45, 0xF5,
+        0x30, 0xE5, 0x1D, 0xEF, 0x89, 0x2E, 0x5A, 0xB0,
+        0x20, 0x4D, 0x61, 0x4E, 0x6E, 0x38, 0xAF, 0xE7,
+        0x9C, 0xA9, 0x2C, 0x28, 0x15, 0x8D, 0x57, 0x01,
+        0x20, 0x35, 0x3B, 0x7A, 0x4D, 0xE0, 0x88, 0x98,
+        0x46, 0xD8, 0x35, 0x29, 0x49, 0x39, 0x55, 0x7E,
+        0xD0, 0xAE, 0xDA, 0x27, 0x0D, 0x4D, 0x73, 0xED,
+        0x84, 0xD3, 0xD4, 0x9F, 0x9F, 0x03, 0x2D, 0x43,
+        0x45, 0x7B, 0xF5, 0x9B, 0xB7, 0xD6, 0x63, 0x59,
+        0xDC, 0x53, 0xF9, 0xB4, 0x69, 0x63, 0xB2, 0x17,
+        0x84, 0xB0, 0x6C, 0xBC, 0xF0, 0x4B, 0xEC, 0x1E,
+        0x33, 0xA3, 0x33, 0x71, 0x53, 0x27, 0x16, 0xC9,
+        0xED, 0xB3, 0xFB, 0xED, 0xB8, 0x19, 0x99, 0xB4,
+        0x37, 0x2D, 0x09, 0x45, 0xC1, 0x0A, 0xE8, 0x26,
+        0xC6, 0x0F, 0xFE, 0x93, 0x17, 0x0B, 0x6D, 0x29,
+        0x4B, 0x38, 0x91, 0xB0, 0xD2, 0xA7, 0xB3, 0x5B,
+        0x28, 0xA8, 0x97, 0x18, 0x45, 0xDC, 0x2F, 0xEC,
+        0xE2, 0x37, 0xB8, 0x0F, 0x20, 0xB3, 0x79, 0xCC,
+        0x4D, 0x13, 0x6D, 0xAB, 0x3F, 0xBB, 0x37, 0x92,
+        0xC6, 0x3E, 0xC6, 0x1F, 0x5C, 0x75, 0x5B, 0xC9,
+        0xDB, 0x35, 0x08, 0x6F, 0xBF, 0x46, 0xD2, 0xB7,
+        0x97, 0x0D, 0xCA, 0x2A, 0x85, 0x23, 0xFD, 0xB4,
+        0xC7, 0xA0, 0xB8, 0xE4, 0x2F, 0x8A, 0xF9, 0xAC,
+        0xAD, 0x2A, 0x0E, 0xFC, 0x11, 0x36, 0x02, 0xA4,
+        0xEA, 0x62, 0xE4, 0xEB, 0xB7, 0xD2, 0x69, 0xC3,
+        0xA4, 0x0B, 0xA2, 0xC4, 0x4E, 0xDD, 0x29, 0x56
+    };
+    static const byte msg_65[] = {
+       0xC4, 0xF5, 0x9F, 0xA2, 0xDE, 0x30, 0xC8, 0x42,
+        0x0A, 0x7E, 0x7F, 0x09, 0x6B, 0xAF, 0x6A, 0xD6,
+        0x9B, 0x1C, 0x15, 0xA5, 0xC6, 0xE6, 0x1C, 0x9D,
+        0x82, 0xAF, 0xCF, 0xDB, 0x6E, 0xB8, 0xF2, 0x75,
+        0xBF, 0x57, 0x87, 0x18, 0x6A, 0xAE, 0x78, 0x1F,
+        0x48, 0x7F, 0x9F, 0x88, 0x75, 0x8C, 0x9C, 0x61,
+        0xF3, 0x5D, 0x50, 0x83, 0xEE, 0x70, 0x42, 0x4B,
+        0x0D, 0x0A, 0x51, 0x57, 0x50, 0x10, 0xC2, 0xA9,
+        0x07, 0xF4, 0x96, 0x08, 0x11, 0x5D, 0x33, 0xEB,
+        0xA0, 0x03, 0x15, 0x09, 0x32, 0x2A, 0xA7, 0xD3,
+        0x06, 0x1F, 0xEC, 0x31, 0x62, 0xF9, 0x6A, 0x56,
+        0x5F, 0x98, 0x76, 0x9E, 0x9A, 0x19, 0x23, 0x5D,
+        0x89, 0xD1, 0xB2, 0x1D, 0x60, 0xA3, 0x81, 0xDF,
+        0x8E, 0xB3, 0x7D, 0x58, 0xC6, 0xA2, 0xE4, 0x83,
+        0xA8, 0xEB, 0x70, 0x73, 0x6E, 0x4B, 0x7B, 0xB9,
+        0x11, 0xF7, 0xAB, 0x92, 0x3D, 0xC2, 0x9F, 0x1E
+    };
+    static const byte sig_65[] = {
+        0xE8, 0x95, 0xDB, 0x64, 0xC5, 0x7B, 0xC3, 0xC2,
+        0xA9, 0x7F, 0x0E, 0xC9, 0x33, 0x41, 0x0E, 0x98,
+        0xF6, 0x21, 0x61, 0x03, 0xE3, 0x42, 0x3C, 0xAF,
+        0x06, 0xA6, 0x71, 0x96, 0x4C, 0x51, 0x4A, 0x69,
+        0x4E, 0xB6, 0xF6, 0x5C, 0xBD, 0x11, 0x37, 0xCC,
+        0xCF, 0x88, 0x81, 0xFA, 0x40, 0x3C, 0x5F, 0xA0,
+        0xE0, 0xB2, 0xF3, 0x6B, 0x9F, 0x40, 0x09, 0xC3,
+        0x78, 0x21, 0x0D, 0x29, 0xE5, 0x4A, 0x7A, 0x5A,
+        0x9B, 0x79, 0x31, 0x97, 0xCD, 0x6D, 0x2F, 0x38,
+        0xD7, 0xE1, 0xF3, 0xAC, 0xA6, 0x9D, 0x48, 0x88,
+        0x13, 0x89, 0x38, 0x1C, 0x89, 0xFA, 0x67, 0x6D,
+        0xE4, 0x26, 0xD6, 0x34, 0xF9, 0xA1, 0x57, 0x05,
+        0x5F, 0x17, 0x28, 0x3E, 0xCE, 0x82, 0x48, 0xCA,
+        0xF1, 0x4D, 0xCF, 0x11, 0xE2, 0xD5, 0x63, 0x55,
+        0xB0, 0x47, 0xDF, 0x63, 0x2A, 0x18, 0x48, 0x2E,
+        0x79, 0xCB, 0x2D, 0x5A, 0x74, 0x39, 0x66, 0xBA,
+        0xA8, 0xA7, 0x61, 0x21, 0xBB, 0x69, 0xC2, 0xE6,
+        0x81, 0x55, 0xAC, 0xCB, 0x0A, 0x31, 0xDA, 0x6E,
+        0xDC, 0x73, 0xCB, 0x09, 0xA9, 0xE6, 0x60, 0xFE,
+        0xB2, 0x0F, 0x66, 0xC7, 0xBD, 0x96, 0x7A, 0xDE,
+        0x32, 0x14, 0x9C, 0x55, 0x52, 0xEA, 0xEB, 0x2E,
+        0xA1, 0x75, 0xB5, 0x62, 0x33, 0xF3, 0xB3, 0x70,
+        0xED, 0xD8, 0x67, 0x92, 0x69, 0xCE, 0x0D, 0x2B,
+        0x43, 0xF6, 0xB2, 0xF6, 0x5F, 0xE9, 0x57, 0xE7,
+        0xAB, 0x37, 0xB9, 0x82, 0x04, 0x37, 0x54, 0xEA,
+        0xC8, 0xA3, 0x0B, 0x36, 0xC1, 0x00, 0x04, 0xEF,
+        0x13, 0xC6, 0x92, 0xE2, 0x19, 0xAA, 0x7A, 0xF0,
+        0xA4, 0xC5, 0x28, 0x69, 0x10, 0xC7, 0x10, 0x0D,
+        0xA4, 0x1E, 0x17, 0xBB, 0xEF, 0x2D, 0xA2, 0xAB,
+        0x03, 0xAD, 0xF3, 0x07, 0x4B, 0xA1, 0xDA, 0x15,
+        0xBC, 0xC8, 0x48, 0x05, 0xB8, 0x9B, 0x9D, 0xA8,
+        0x8E, 0x9B, 0x40, 0x0A, 0xFB, 0x7E, 0x3B, 0xC8,
+        0x33, 0x8D, 0x35, 0x4D, 0xA9, 0x53, 0xAC, 0x0B,
+        0xAD, 0x82, 0x27, 0x56, 0xCA, 0x92, 0xE5, 0xDD,
+        0x95, 0x07, 0xF4, 0x2B, 0xFE, 0xFC, 0xCB, 0x32,
+        0xB4, 0xB9, 0x1A, 0x2B, 0xE5, 0xEF, 0x34, 0xC2,
+        0xCF, 0x11, 0x77, 0xEA, 0xAF, 0xB2, 0x50, 0xAC,
+        0x9A, 0xDE, 0xC4, 0xBE, 0x71, 0x80, 0x75, 0x89,
+        0xF1, 0x00, 0x32, 0x27, 0xF9, 0xB7, 0x6B, 0x74,
+        0xE0, 0x7B, 0xA6, 0x7A, 0xC6, 0x08, 0x19, 0xB2,
+        0xAF, 0x76, 0x6A, 0x47, 0xFF, 0xFC, 0x7B, 0x76,
+        0xD3, 0xA7, 0xC0, 0x77, 0xF5, 0xEC, 0x69, 0xAE,
+        0xEA, 0x3E, 0x96, 0x38, 0x59, 0xB8, 0x2C, 0x2A,
+        0xDE, 0x58, 0xBE, 0xC2, 0x15, 0x2E, 0xC8, 0x20,
+        0x51, 0x10, 0x97, 0x5D, 0x37, 0xC6, 0x50, 0x5E,
+        0x0D, 0xC7, 0x76, 0xFD, 0xE0, 0x71, 0x09, 0x7E,
+        0x93, 0x01, 0x3D, 0x10, 0x04, 0xF4, 0xE1, 0xA2,
+        0xFD, 0x79, 0xB8, 0x77, 0xED, 0x50, 0x25, 0xF5,
+        0x27, 0xF3, 0xBF, 0xF1, 0x37, 0xF0, 0x41, 0xBB,
+        0x9B, 0xD0, 0x01, 0xE9, 0x49, 0xF0, 0x8B, 0x4C,
+        0xF8, 0x8D, 0xFD, 0x32, 0xFC, 0x7C, 0xDB, 0xCE,
+        0xCC, 0xFD, 0xB0, 0xFA, 0x2D, 0xE7, 0x82, 0x3E,
+        0x11, 0x0B, 0xCF, 0xF5, 0x8A, 0x41, 0x2C, 0xEA,
+        0x27, 0x95, 0x75, 0x3E, 0x9C, 0x89, 0x67, 0x8C,
+        0x3A, 0xE2, 0x42, 0x68, 0xF7, 0x48, 0x9F, 0x72,
+        0x97, 0x4B, 0x69, 0x55, 0xED, 0xD0, 0x4E, 0x19,
+        0x0D, 0x99, 0xBB, 0x0D, 0x7A, 0x25, 0x2F, 0xAD,
+        0x5B, 0xBA, 0x60, 0x6C, 0x1A, 0x1F, 0x3A, 0xCA,
+        0x73, 0x3B, 0xFA, 0xE3, 0x30, 0x9E, 0xA0, 0xA6,
+        0xEB, 0x7D, 0x07, 0xE3, 0x6D, 0x8C, 0xA3, 0x36,
+        0xD2, 0x64, 0x4F, 0xCE, 0x1A, 0x41, 0x89, 0x5D,
+        0x01, 0x4D, 0x1A, 0x60, 0xCB, 0x10, 0x6F, 0x3F,
+        0x80, 0x75, 0xF9, 0x37, 0x84, 0x61, 0x73, 0x8D,
+        0x63, 0xD1, 0x15, 0xD0, 0x0B, 0x02, 0x4C, 0x67,
+        0x78, 0x01, 0x05, 0x0A, 0x1B, 0x0B, 0x50, 0xDE,
+        0x05, 0x7F, 0x85, 0xDB, 0x6A, 0xEB, 0x2C, 0x9D,
+        0x6B, 0xB7, 0x40, 0x2A, 0x66, 0xE3, 0xAB, 0x4D,
+        0xB0, 0x5C, 0x58, 0xBB, 0xDA, 0x12, 0xF6, 0x95,
+        0x95, 0x8B, 0x8A, 0xC7, 0xB4, 0xE4, 0x5E, 0xC6,
+        0xC9, 0x52, 0xF6, 0x79, 0xC1, 0xEE, 0xBD, 0xF8,
+        0x60, 0xE3, 0x48, 0x98, 0x27, 0x79, 0xAA, 0x69,
+        0x88, 0xEF, 0xC2, 0xAD, 0x1D, 0xC1, 0xEA, 0xE2,
+        0x2A, 0x27, 0xA5, 0xB2, 0xC6, 0x1C, 0x97, 0xB3,
+        0xB2, 0x49, 0x3C, 0xB6, 0xC1, 0x3C, 0x5F, 0x6E,
+        0x20, 0xA6, 0x7B, 0x88, 0xD3, 0xC3, 0xAC, 0xCF,
+        0xAF, 0x0A, 0x42, 0x57, 0x42, 0xDF, 0x24, 0x06,
+        0x34, 0xD1, 0xEE, 0x59, 0x38, 0x28, 0xFE, 0x62,
+        0x97, 0x44, 0x6C, 0x07, 0x6F, 0x97, 0x90, 0x55,
+        0x98, 0x8A, 0xB8, 0x34, 0xB2, 0xBD, 0x82, 0xE1,
+        0x4D, 0xC0, 0x86, 0x40, 0x0E, 0x1C, 0x95, 0x6C,
+        0xC0, 0xC3, 0x0C, 0xE7, 0xBF, 0xD9, 0x62, 0x22,
+        0x3D, 0x23, 0xFE, 0x94, 0x94, 0x96, 0x4A, 0x81,
+        0x1B, 0x93, 0xE8, 0xD7, 0xB8, 0xF3, 0x4C, 0x89,
+        0xAA, 0xD4, 0x5D, 0xD4, 0x11, 0x3F, 0x2A, 0xE7,
+        0xBD, 0x94, 0xB5, 0x3F, 0xC8, 0x6E, 0x8B, 0x2A,
+        0xE8, 0x2E, 0x51, 0xEC, 0x6F, 0x3E, 0xA4, 0xC3,
+        0x0D, 0x60, 0xB8, 0x60, 0x72, 0x74, 0x86, 0x12,
+        0xD1, 0x60, 0x70, 0x56, 0xB5, 0xFF, 0x6A, 0x45,
+        0x00, 0xEE, 0xE7, 0x8A, 0x5A, 0x63, 0x9C, 0x7B,
+        0x74, 0x16, 0x97, 0x77, 0x62, 0x68, 0x64, 0xDD,
+        0x9E, 0xAE, 0xF0, 0xE3, 0xAD, 0x84, 0x93, 0xD8,
+        0x31, 0xF7, 0x1D, 0xEA, 0x95, 0xBB, 0xFC, 0xF8,
+        0x14, 0x23, 0xA2, 0x66, 0xDE, 0x56, 0xF3, 0xA8,
+        0xFE, 0x8E, 0x6C, 0x3C, 0x0D, 0x61, 0x2F, 0xB6,
+        0x2B, 0xD6, 0x42, 0x18, 0x8C, 0xA7, 0x1C, 0xB8,
+        0x98, 0x34, 0xF3, 0x0B, 0xCC, 0x28, 0xBD, 0x17,
+        0x88, 0x45, 0xF1, 0xF6, 0xF4, 0x6C, 0x03, 0xD3,
+        0x06, 0xF7, 0xED, 0x4E, 0x68, 0x75, 0x94, 0x27,
+        0xAE, 0xC2, 0x70, 0x11, 0x98, 0xC3, 0xC0, 0x5D,
+        0x38, 0x5D, 0xFA, 0xFD, 0x52, 0x8C, 0xCE, 0x84,
+        0x25, 0xBC, 0x55, 0x14, 0x69, 0xA0, 0xED, 0x68,
+        0x1B, 0xEE, 0x4D, 0x12, 0xA8, 0x43, 0xE3, 0x33,
+        0xB5, 0xA8, 0xE0, 0x51, 0x7F, 0xC6, 0x19, 0x06,
+        0xF9, 0xC4, 0xE7, 0x80, 0x9B, 0xAE, 0xD4, 0xD3,
+        0xD1, 0x6E, 0xB2, 0x2F, 0x1F, 0xA9, 0xAB, 0x40,
+        0x2D, 0x98, 0x8E, 0xD5, 0x9F, 0x9F, 0xED, 0x04,
+        0x55, 0xE9, 0x26, 0x0F, 0xD6, 0x27, 0xA2, 0x4A,
+        0x17, 0xFE, 0x7C, 0xB6, 0x3E, 0x53, 0x0B, 0x48,
+        0xF5, 0xFB, 0x66, 0x87, 0xA2, 0xE8, 0xC4, 0x9D,
+        0xA7, 0x9F, 0xBD, 0x69, 0xA3, 0x40, 0x00, 0x56,
+        0x66, 0x5D, 0xD1, 0x1D, 0x19, 0xA2, 0xBC, 0x4D,
+        0xB1, 0xD3, 0x74, 0xAB, 0x6A, 0x6E, 0x42, 0x47,
+        0x2A, 0x27, 0xAC, 0x6B, 0x98, 0xF6, 0x76, 0xE8,
+        0xED, 0xAA, 0xDD, 0x51, 0x4F, 0x6D, 0x44, 0xDE,
+        0xEC, 0xDA, 0xB5, 0xA6, 0xDF, 0xA0, 0xF8, 0x4F,
+        0x13, 0x9A, 0x80, 0x3A, 0x25, 0x24, 0xBF, 0x33,
+        0x5D, 0xC5, 0x2E, 0xA5, 0x8F, 0xA5, 0x0D, 0x98,
+        0xFB, 0x5C, 0xD5, 0x5D, 0x5D, 0x50, 0xA6, 0x63,
+        0xCF, 0x64, 0x7E, 0xEE, 0x56, 0xFE, 0x8E, 0x66,
+        0x4B, 0x3B, 0xCA, 0xF9, 0xE3, 0x33, 0x97, 0x8A,
+        0x79, 0x46, 0x97, 0x3F, 0xD1, 0x13, 0xE4, 0xFD,
+        0x39, 0x24, 0xE6, 0xC0, 0x9E, 0x60, 0x38, 0x64,
+        0x44, 0x21, 0x4D, 0xFA, 0x7A, 0x4D, 0x67, 0x1F,
+        0xC2, 0x38, 0x90, 0x63, 0x7E, 0xB8, 0x59, 0x13,
+        0x4D, 0x79, 0xE2, 0x65, 0xC5, 0x9C, 0xA3, 0xEC,
+        0xCD, 0xDF, 0xA0, 0x18, 0x22, 0x3C, 0x9B, 0xAE,
+        0x1C, 0xCA, 0x10, 0x39, 0x62, 0x07, 0x8B, 0xC5,
+        0xF0, 0xDD, 0x02, 0x24, 0x6F, 0xA2, 0x83, 0x24,
+        0xF7, 0xCB, 0x2F, 0xCF, 0xAD, 0x07, 0xC2, 0x5B,
+        0x4B, 0xC2, 0xD8, 0x88, 0x06, 0x9B, 0x0C, 0xF5,
+        0xF2, 0x3C, 0x76, 0x1C, 0x0E, 0x47, 0x10, 0x98,
+        0x81, 0xCD, 0x31, 0x45, 0x6A, 0x64, 0xB9, 0x40,
+        0xB4, 0xBB, 0x9B, 0x4C, 0x2C, 0x3B, 0x8E, 0x6B,
+        0xA8, 0x34, 0xAA, 0xAE, 0x69, 0xFD, 0xFC, 0x47,
+        0xD4, 0x4B, 0x3C, 0x96, 0x88, 0x7A, 0xBE, 0xD3,
+        0x60, 0x15, 0xE7, 0xB6, 0x4E, 0x85, 0x42, 0x92,
+        0x8F, 0x27, 0x7C, 0xBD, 0x2D, 0x3C, 0x51, 0x2C,
+        0x24, 0xDE, 0xEF, 0xE5, 0x90, 0xE8, 0x1C, 0x68,
+        0x4E, 0x06, 0x3E, 0x7A, 0xAD, 0xCF, 0x11, 0x7B,
+        0x48, 0x94, 0x3D, 0xB7, 0x71, 0xFC, 0x22, 0x07,
+        0xF5, 0x7A, 0x74, 0x53, 0x57, 0x55, 0x5D, 0x41,
+        0x9C, 0x9C, 0xDC, 0xA3, 0x5C, 0xC1, 0xA7, 0x10,
+        0x0A, 0x69, 0x13, 0xA3, 0xB6, 0xAA, 0xCF, 0x79,
+        0x6F, 0xE3, 0xF9, 0x4D, 0xD2, 0xF8, 0x18, 0x98,
+        0x27, 0x16, 0xCE, 0x03, 0x16, 0x54, 0x2A, 0x1B,
+        0x95, 0x7E, 0x12, 0xDA, 0x43, 0xE2, 0x31, 0x54,
+        0x2C, 0xC1, 0x4F, 0xCC, 0x66, 0xD7, 0x28, 0xA6,
+        0x83, 0x26, 0xB2, 0xBC, 0x31, 0x12, 0x48, 0x33,
+        0x0F, 0x3E, 0x98, 0xF8, 0x1E, 0xA3, 0x8C, 0xA9,
+        0x24, 0xA8, 0xE4, 0xDA, 0x97, 0xCF, 0x67, 0x38,
+        0x42, 0xC7, 0x59, 0xF9, 0x35, 0xBE, 0x88, 0x16,
+        0x3C, 0xE9, 0x7F, 0xE4, 0xD9, 0x45, 0x71, 0x76,
+        0xF5, 0xB8, 0x90, 0x8A, 0xF9, 0x48, 0xF7, 0x4D,
+        0x5D, 0x1D, 0xDB, 0xC5, 0x21, 0x82, 0x5D, 0x93,
+        0x1C, 0x63, 0xCA, 0x8A, 0x8E, 0x12, 0x24, 0x26,
+        0x26, 0x30, 0x5A, 0xB6, 0xA2, 0xE0, 0x62, 0x45,
+        0x64, 0xEE, 0x04, 0x19, 0x83, 0xC1, 0x8C, 0x29,
+        0x52, 0xEC, 0x3D, 0x9D, 0x15, 0x9B, 0xDE, 0x39,
+        0x85, 0xCF, 0x77, 0x89, 0x7E, 0xE2, 0xDC, 0x88,
+        0x81, 0x12, 0x72, 0x1D, 0x48, 0x54, 0xE9, 0x14,
+        0xA5, 0x39, 0x7E, 0x08, 0xB5, 0x4F, 0x4A, 0x54,
+        0x32, 0x3F, 0xF8, 0x20, 0x82, 0x1B, 0xE0, 0x26,
+        0xEA, 0x09, 0x1E, 0xCA, 0x6B, 0x7D, 0x80, 0xD9,
+        0x1E, 0x3D, 0xCA, 0x2E, 0xF7, 0x84, 0x8B, 0x86,
+        0xFC, 0xA6, 0xBB, 0x40, 0xCE, 0x48, 0x27, 0x1E,
+        0x10, 0x08, 0x36, 0x8E, 0x3E, 0xBB, 0x5E, 0x39,
+        0x5E, 0x1C, 0xCD, 0x0D, 0x17, 0x8F, 0x1A, 0x62,
+        0x57, 0xD2, 0x6B, 0x6B, 0xA4, 0xB7, 0xCE, 0x53,
+        0x2C, 0xAA, 0x1E, 0x76, 0xCE, 0x28, 0xFA, 0x4C,
+        0xF9, 0xE0, 0x29, 0xE2, 0x48, 0x2B, 0x94, 0xD3,
+        0xAC, 0xF9, 0x7A, 0x32, 0x6D, 0x23, 0x5D, 0x1B,
+        0xDC, 0x89, 0xF7, 0x00, 0x02, 0x19, 0x84, 0x51,
+        0xD9, 0xF1, 0xF1, 0x2C, 0xCD, 0x5B, 0xCA, 0xEC,
+        0xDD, 0xE9, 0xE1, 0x4A, 0xC8, 0x07, 0x42, 0xEB,
+        0x31, 0xE6, 0x46, 0x4C, 0x83, 0x21, 0x0A, 0x39,
+        0xF3, 0x50, 0x98, 0xBE, 0x03, 0x78, 0xD0, 0x74,
+        0xCE, 0x1C, 0xCD, 0x1E, 0xBC, 0x1C, 0x77, 0x70,
+        0xF7, 0x78, 0xD6, 0x05, 0xF2, 0xBE, 0x59, 0xDB,
+        0x7E, 0xA0, 0x7D, 0x80, 0xCC, 0xDF, 0x55, 0xF1,
+        0x6E, 0x98, 0x5B, 0x14, 0x2F, 0xB7, 0xBD, 0xA0,
+        0x7A, 0xA7, 0xDC, 0xA5, 0xB2, 0x01, 0xE1, 0x95,
+        0x0C, 0xF9, 0xA7, 0x28, 0xF2, 0x1E, 0x9A, 0x9D,
+        0x8A, 0xC4, 0xD1, 0x32, 0x7E, 0x3B, 0xC0, 0xFF,
+        0x33, 0x9A, 0x25, 0x05, 0x22, 0xF6, 0x31, 0xDF,
+        0x2E, 0x75, 0x95, 0x51, 0x54, 0x89, 0x3E, 0x4A,
+        0x1A, 0xAF, 0x98, 0x66, 0xFE, 0xE1, 0x63, 0x7E,
+        0xE1, 0xAA, 0x51, 0x06, 0xD2, 0x44, 0xE9, 0x9E,
+        0x6F, 0x31, 0xFC, 0x56, 0x01, 0xBB, 0x7B, 0x79,
+        0xBA, 0xD8, 0x28, 0x60, 0xB1, 0xD6, 0x05, 0x9D,
+        0x9B, 0x13, 0x2E, 0x02, 0x64, 0x18, 0x02, 0x0D,
+        0xB0, 0x6E, 0xB8, 0x39, 0x1F, 0xA1, 0x5B, 0x7A,
+        0x0F, 0x29, 0xE3, 0x6D, 0x96, 0x6A, 0xBD, 0x3D,
+        0x2A, 0x2F, 0xF3, 0xF2, 0xAA, 0xC3, 0x4C, 0x8B,
+        0x45, 0xC7, 0xD2, 0x35, 0x5E, 0xDB, 0xB8, 0x0B,
+        0x22, 0x4B, 0xC1, 0x06, 0xEB, 0xC6, 0x75, 0x0E,
+        0x55, 0x07, 0x0F, 0x85, 0xA7, 0xCB, 0x60, 0x03,
+        0x39, 0x4E, 0x51, 0x61, 0xAE, 0x26, 0xF5, 0xAB,
+        0xF8, 0x3F, 0x0D, 0xCC, 0xCF, 0x69, 0xB8, 0x61,
+        0x39, 0xAF, 0x86, 0x94, 0xFE, 0x1D, 0xC0, 0x07,
+        0x81, 0xEA, 0xE0, 0x9C, 0xDB, 0x42, 0x18, 0x14,
+        0x87, 0x80, 0x43, 0xDC, 0x9B, 0x05, 0x30, 0xE5,
+        0x54, 0x5A, 0x16, 0x5E, 0x39, 0xA9, 0xB7, 0xDE,
+        0x88, 0xB4, 0xAD, 0x2A, 0xEB, 0x90, 0xD3, 0xC3,
+        0x29, 0x41, 0x2E, 0xD2, 0xFE, 0x1D, 0x97, 0xB7,
+        0x32, 0xC8, 0x43, 0x9D, 0xF4, 0xF8, 0x3D, 0x22,
+        0x88, 0x35, 0xB5, 0x38, 0xDC, 0x27, 0x8F, 0xF0,
+        0xA2, 0xDC, 0x42, 0xF4, 0x1B, 0x00, 0xCE, 0x3A,
+        0xCA, 0x06, 0xB0, 0x5C, 0x48, 0x39, 0xB8, 0x96,
+        0x93, 0x15, 0x15, 0xD7, 0x8E, 0xA3, 0x67, 0x3A,
+        0x37, 0x82, 0x79, 0xF4, 0xE8, 0x9C, 0xE0, 0x8E,
+        0x34, 0x53, 0xFF, 0x2F, 0xB4, 0x53, 0xBE, 0x03,
+        0x1C, 0x63, 0x18, 0x62, 0x8A, 0x73, 0x1D, 0x02,
+        0x9F, 0xC7, 0xBE, 0xA2, 0xBA, 0x5E, 0xAC, 0x49,
+        0x16, 0x27, 0x8B, 0x93, 0x8A, 0x6A, 0x6A, 0xCE,
+        0xF5, 0xBF, 0xE2, 0x15, 0x8F, 0x2A, 0xF4, 0x3D,
+        0x8E, 0x56, 0xA0, 0x64, 0x9D, 0xF2, 0x8A, 0x25,
+        0x0D, 0x2F, 0x25, 0x36, 0xAB, 0xDE, 0x1E, 0x00,
+        0x8E, 0xB6, 0x31, 0xF4, 0xBD, 0x0E, 0xB5, 0x55,
+        0x73, 0xA4, 0x05, 0x39, 0xA6, 0x00, 0x41, 0x81,
+        0xA9, 0xD2, 0xBF, 0x7A, 0x1E, 0x53, 0x50, 0x4F,
+        0x11, 0xE0, 0x14, 0x84, 0x07, 0x33, 0x84, 0x41,
+        0x31, 0xAC, 0x66, 0x89, 0x46, 0xE5, 0xB8, 0x27,
+        0x28, 0x9A, 0xB6, 0xB2, 0x13, 0x66, 0xC5, 0xD0,
+        0xE2, 0x64, 0x92, 0x19, 0xB9, 0x2C, 0x47, 0x60,
+        0xDF, 0xB7, 0x05, 0xF7, 0xF6, 0x1A, 0x96, 0x56,
+        0x4C, 0x9E, 0x84, 0x0D, 0x14, 0xB0, 0xBB, 0x0D,
+        0xA8, 0x2D, 0xA5, 0x0F, 0x8B, 0x8E, 0x75, 0x2B,
+        0xBF, 0xEA, 0x3B, 0x0A, 0x33, 0x7B, 0xE1, 0x24,
+        0xF7, 0x2D, 0x8F, 0x82, 0x49, 0x19, 0x5B, 0xC1,
+        0x9C, 0x3E, 0x0B, 0x62, 0xEA, 0xE4, 0x96, 0xD3,
+        0x8C, 0xF7, 0x50, 0x0B, 0x4F, 0x10, 0x66, 0x5F,
+        0xC2, 0xD2, 0x8B, 0x9E, 0xA9, 0x35, 0xF7, 0xE3,
+        0x16, 0x47, 0x2F, 0x4F, 0xF4, 0x01, 0x26, 0x75,
+        0x41, 0xBD, 0xB6, 0x23, 0x01, 0x55, 0x4B, 0x20,
+        0x09, 0x92, 0x8C, 0x64, 0x45, 0xBB, 0xD0, 0xEF,
+        0x21, 0xD0, 0x99, 0x72, 0xF3, 0x50, 0x81, 0xAB,
+        0xA9, 0x09, 0x1A, 0x6C, 0x23, 0xFE, 0xD2, 0x9F,
+        0x5C, 0xF9, 0xE0, 0x77, 0x9F, 0x7E, 0xFB, 0xAD,
+        0x88, 0xE6, 0x2A, 0x45, 0x44, 0x42, 0xB3, 0x00,
+        0x79, 0xBE, 0x0A, 0xC9, 0xC6, 0x48, 0x26, 0xB9,
+        0x8C, 0x1E, 0x10, 0x01, 0xCB, 0x0F, 0xB0, 0xF0,
+        0xA9, 0x5F, 0x79, 0x65, 0xFE, 0x93, 0x12, 0xBF,
+        0xDA, 0xEC, 0x33, 0xF9, 0x50, 0x65, 0xC8, 0xE5,
+        0x9D, 0x39, 0x50, 0xF8, 0x0A, 0xDC, 0x7F, 0xB3,
+        0x34, 0xF2, 0x02, 0xD3, 0xE5, 0xF8, 0xDA, 0x48,
+        0x1C, 0x9B, 0x54, 0xA7, 0x59, 0x83, 0x93, 0x0F,
+        0xD1, 0xE5, 0xAC, 0xD1, 0x62, 0x84, 0xF0, 0x71,
+        0x93, 0xFB, 0xCB, 0x50, 0xD0, 0xDC, 0x00, 0xEF,
+        0xF8, 0x20, 0x31, 0x44, 0xC1, 0x1E, 0xC6, 0x14,
+        0x20, 0xFC, 0x32, 0xD7, 0x98, 0x2C, 0xE8, 0x96,
+        0x40, 0x6B, 0xE7, 0x69, 0xA7, 0x5D, 0xD8, 0xD3,
+        0xCA, 0xC7, 0x53, 0xAB, 0xE5, 0xA2, 0x78, 0x65,
+        0x5B, 0xF5, 0x4B, 0xE3, 0x3A, 0x1B, 0x83, 0x74,
+        0xEB, 0xEE, 0xFF, 0x21, 0x2C, 0x39, 0xCE, 0x51,
+        0x46, 0x68, 0xF1, 0xC4, 0x56, 0xEA, 0xA2, 0x53,
+        0x28, 0x28, 0xC8, 0x42, 0x93, 0xF1, 0xA5, 0xBC,
+        0x9E, 0xB5, 0xDE, 0xDF, 0x55, 0x8A, 0x9B, 0x4C,
+        0x12, 0x39, 0xF7, 0x72, 0x72, 0xC6, 0x7E, 0x1A,
+        0xB2, 0x8E, 0x1E, 0xFE, 0xC5, 0x89, 0x3E, 0x09,
+        0xC1, 0x06, 0x62, 0xB5, 0x3C, 0x8B, 0x82, 0x55,
+        0xB1, 0xC8, 0xDC, 0x8F, 0x8E, 0x51, 0x20, 0xA2,
+        0x5C, 0x75, 0xEE, 0xFE, 0x79, 0xC4, 0x3F, 0x7A,
+        0x8B, 0x37, 0xDF, 0x9D, 0x1E, 0x4F, 0x32, 0x48,
+        0x69, 0x33, 0xDA, 0x1C, 0xB0, 0x66, 0x4C, 0x5D,
+        0xB3, 0x9E, 0x21, 0xBC, 0x22, 0x7B, 0x0C, 0xDF,
+        0xE7, 0xA5, 0x50, 0x7F, 0x07, 0xF2, 0x18, 0xA7,
+        0xA4, 0x7D, 0xEB, 0xCD, 0x9D, 0xAD, 0x72, 0x47,
+        0xB4, 0xD0, 0x45, 0xA1, 0x3A, 0xD4, 0xF7, 0x5E,
+        0xAD, 0x2D, 0x45, 0xC3, 0x39, 0xD0, 0xDF, 0x04,
+        0x57, 0x7F, 0x2E, 0x0F, 0xDC, 0x78, 0x03, 0x92,
+        0x55, 0x30, 0x33, 0xC7, 0x38, 0x85, 0x2B, 0x1B,
+        0xE4, 0xE6, 0x3E, 0xA3, 0x89, 0x7D, 0x6C, 0x9C,
+        0x4B, 0x11, 0xAD, 0x6B, 0x58, 0xD3, 0xE2, 0xD3,
+        0x42, 0xD3, 0x28, 0x40, 0xF6, 0x49, 0xDD, 0x83,
+        0xE7, 0x59, 0x86, 0x6B, 0x73, 0x81, 0xA8, 0x4C,
+        0x8A, 0xDD, 0xDF, 0x41, 0x3F, 0xAE, 0x18, 0xE6,
+        0x43, 0x1B, 0x1E, 0xEA, 0x73, 0xA5, 0x6C, 0xD8,
+        0x89, 0xB7, 0x6B, 0xC9, 0x78, 0x6B, 0xED, 0xED,
+        0xCA, 0x25, 0x41, 0xE4, 0xC9, 0xB2, 0x4E, 0x28,
+        0xF5, 0x8A, 0xD3, 0x74, 0xC1, 0xD9, 0x3D, 0xF2,
+        0xD3, 0xF2, 0xC3, 0x7E, 0xC5, 0x94, 0xA0, 0x49,
+        0x8C, 0x57, 0x45, 0x79, 0xA7, 0x33, 0x2F, 0x72,
+        0xC0, 0xF9, 0x75, 0x08, 0x77, 0xFA, 0xD5, 0xB9,
+        0x0B, 0x96, 0x8D, 0x88, 0xF1, 0x16, 0x82, 0xC4,
+        0x07, 0x1E, 0x4E, 0xA3, 0x8B, 0x81, 0x6A, 0xEA,
+        0xD6, 0xBE, 0x54, 0xD2, 0xF3, 0x71, 0x32, 0x4F,
+        0x24, 0x75, 0xB8, 0x62, 0xC7, 0x54, 0x24, 0xEC,
+        0xF9, 0x85, 0x8A, 0xA4, 0xE2, 0x00, 0xCF, 0xBA,
+        0x41, 0x2D, 0x7E, 0x3E, 0x6C, 0x30, 0x8D, 0x8D,
+        0xE1, 0x1D, 0xD1, 0x85, 0x33, 0x1A, 0xF9, 0xD4,
+        0x1A, 0xFE, 0x88, 0x79, 0x96, 0x5D, 0x67, 0x46,
+        0xEF, 0x21, 0xFD, 0x98, 0xD3, 0xED, 0x38, 0x06,
+        0xFB, 0x5C, 0x46, 0x19, 0xC9, 0x8E, 0x34, 0x7D,
+        0x76, 0xB8, 0xB8, 0x98, 0x49, 0x39, 0x55, 0x61,
+        0xEE, 0x28, 0x6D, 0xFD, 0xFC, 0x6A, 0x04, 0xE1,
+        0xD4, 0x7E, 0x9F, 0x5B, 0x5B, 0x49, 0x25, 0x77,
+        0x84, 0xC3, 0x93, 0x64, 0xDF, 0xA8, 0x8A, 0xD6,
+        0x30, 0xDF, 0xA5, 0x9C, 0xCA, 0x32, 0x37, 0xF4,
+        0xA2, 0xB1, 0x41, 0xA8, 0x13, 0xD2, 0x2C, 0x6F,
+        0xFE, 0x73, 0xC2, 0xD9, 0x9A, 0xDC, 0x82, 0x4D,
+        0x93, 0xE0, 0x6A, 0x54, 0xB6, 0xDE, 0x62, 0xC3,
+        0x12, 0x5D, 0x94, 0xB4, 0x9E, 0x95, 0x0D, 0xEC,
+        0x36, 0x1F, 0x96, 0x1F, 0x56, 0xD3, 0x67, 0x1C,
+        0x99, 0x25, 0x37, 0x7F, 0x6E, 0x67, 0x06, 0x65,
+        0x32, 0x2B, 0x84, 0x89, 0xE8, 0x33, 0xD3, 0x83,
+        0x0E, 0xCC, 0xDD, 0x0F, 0x53, 0xF4, 0xA4, 0xF9,
+        0xD6, 0x8F, 0x14, 0x45, 0xF3, 0xAE, 0xD5, 0xC9,
+        0xD7, 0x66, 0x40, 0x9B, 0x59, 0xBA, 0xE7, 0xA7,
+        0x29, 0x12, 0xE9, 0x8B, 0x3B, 0xB5, 0x73, 0x42,
+        0xD2, 0x9B, 0x6A, 0xCF, 0xD1, 0x43, 0x36, 0xB7,
+        0xB8, 0xB6, 0xB7, 0x54, 0x9A, 0xF8, 0xCC, 0x88,
+        0x45, 0xE1, 0x0C, 0x28, 0x11, 0x28, 0x72, 0x81,
+        0x98, 0x5D, 0x5D, 0x47, 0x68, 0x5F, 0xC5, 0x89,
+        0xF2, 0x67, 0x8E, 0xD8, 0x93, 0xF5, 0x7B, 0x85,
+        0xAC, 0xED, 0x75, 0x63, 0x2E, 0x50, 0xDE, 0x5E,
+        0x07, 0x4E, 0x6C, 0xED, 0xCF, 0x1A, 0xD4, 0x99,
+        0xBC, 0xE6, 0x7A, 0x7F, 0x49, 0x85, 0x64, 0xDE,
+        0xEC, 0x67, 0x7C, 0x70, 0x83, 0x88, 0xDE, 0x8F,
+        0xD7, 0xB0, 0x99, 0xCF, 0xC1, 0x16, 0x09, 0x6C,
+        0x45, 0xFE, 0x28, 0x89, 0x0B, 0x5E, 0xAF, 0x06,
+        0x16, 0x99, 0x39, 0xFD, 0xA3, 0x5E, 0x12, 0x15,
+        0xF2, 0x38, 0xE8, 0xCD, 0xED, 0xFE, 0x67, 0x00,
+        0x65, 0xF5, 0xDE, 0x32, 0x72, 0xA2, 0x32, 0xFD,
+        0x53, 0xC2, 0x50, 0xF5, 0xD7, 0x79, 0xB3, 0x16,
+        0x94, 0xFB, 0xA9, 0x1B, 0x55, 0x48, 0x03, 0x67,
+        0x6E, 0x4D, 0xEA, 0x28, 0x84, 0x63, 0xFE, 0x10,
+        0x63, 0x00, 0x9E, 0x9C, 0xB7, 0x6C, 0x31, 0x7D,
+        0xB4, 0x00, 0xAC, 0xF4, 0xD2, 0xD2, 0xB6, 0xD1,
+        0x6E, 0xDE, 0xBA, 0x41, 0x08, 0x91, 0x3F, 0x60,
+        0xAE, 0xB2, 0x52, 0xCD, 0xE4, 0x13, 0x69, 0x0C,
+        0xEE, 0xFD, 0xCF, 0xA6, 0x38, 0x96, 0x3D, 0xBD,
+        0x04, 0xF4, 0xCF, 0x21, 0xAD, 0x74, 0xDD, 0xE6,
+        0x5F, 0x0F, 0x1E, 0x7C, 0xE7, 0x0A, 0xF1, 0x01,
+        0xA6, 0xDE, 0x9A, 0x59, 0xDB, 0x21, 0xD3, 0x80,
+        0x27, 0xDB, 0xBF, 0x76, 0x16, 0x78, 0x27, 0x95,
+        0x0B, 0x69, 0x41, 0x82, 0x66, 0xAF, 0xA4, 0x44,
+        0xC7, 0x28, 0xDE, 0x36, 0x24, 0xA1, 0xC8, 0x1E,
+        0x5B, 0x16, 0x41, 0xDB, 0xE8, 0x79, 0xCD, 0x82,
+        0x2F, 0xB2, 0x30, 0x3C, 0xC3, 0xA9, 0xFC, 0xEE,
+        0xFE, 0x3D, 0xDF, 0x7D, 0xBD, 0x0B, 0x70, 0x57,
+        0x24, 0x8A, 0x28, 0xD6, 0x06, 0x2D, 0x76, 0xEB,
+        0x13, 0xB9, 0x2C, 0x9C, 0x9D, 0x00, 0x3B, 0x69,
+        0xE1, 0x84, 0x2A, 0x54, 0xC0, 0x9C, 0xF6, 0xB4,
+        0x84, 0x52, 0x08, 0x15, 0xE2, 0xBB, 0x23, 0x72,
+        0x88, 0xC6, 0x4F, 0xC6, 0x96, 0xFD, 0x3B, 0xC4,
+        0x5D, 0xB3, 0x0C, 0xB8, 0x64, 0x65, 0xDF, 0x11,
+        0x88, 0xBF, 0x47, 0x95, 0x6E, 0x5B, 0x91, 0x6A,
+        0x80, 0x09, 0x71, 0x5C, 0xC9, 0xA9, 0xA6, 0xDC,
+        0xE4, 0x4C, 0x54, 0xF9, 0x28, 0x81, 0x6B, 0x41,
+        0xD0, 0x18, 0xC5, 0xFE, 0x65, 0x2F, 0xFE, 0x4E,
+        0x33, 0xF3, 0x52, 0xD3, 0x83, 0xA9, 0xC1, 0x36,
+        0x5F, 0x02, 0xAB, 0xFD, 0x64, 0x7B, 0xD6, 0xB4,
+        0x2A, 0xD1, 0x63, 0x73, 0x0F, 0x8B, 0xFD, 0xA1,
+        0xE2, 0xBE, 0x5F, 0x61, 0x4D, 0x79, 0x59, 0x78,
+        0x25, 0xBA, 0x09, 0xF4, 0x57, 0xD3, 0xCB, 0xE7,
+        0x56, 0x1E, 0x7E, 0x89, 0xEA, 0xF0, 0x59, 0xE9,
+        0x77, 0xD1, 0xEE, 0x88, 0x84, 0x8B, 0x78, 0x1F,
+        0x21, 0xF7, 0x23, 0x89, 0x0F, 0xF1, 0xF9, 0x87,
+        0x39, 0x28, 0x41, 0x2C, 0x8F, 0x11, 0xEE, 0xDD,
+        0x2C, 0x0C, 0x39, 0xC9, 0x51, 0x27, 0x90, 0x98,
+        0x6A, 0x19, 0xE1, 0x7B, 0x2B, 0x70, 0xA4, 0xD7,
+        0xCF, 0x49, 0xD9, 0xD1, 0x8C, 0xAA, 0x0C, 0x20,
+        0x23, 0x13, 0x4C, 0xAC, 0xD1, 0x69, 0x20, 0x0D,
+        0x88, 0x17, 0xFA, 0x32, 0x1F, 0x04, 0xAC, 0xC9,
+        0x10, 0x61, 0x3D, 0xFF, 0x25, 0x0E, 0xB3, 0x25,
+        0xDB, 0xEF, 0x29, 0xEB, 0x56, 0x11, 0xB2, 0xAD,
+        0x2A, 0x23, 0xED, 0xD5, 0x38, 0x04, 0x9B, 0x3F,
+        0x43, 0xEF, 0xEB, 0x4D, 0x60, 0x98, 0x37, 0x92,
+        0xB4, 0xBF, 0x05, 0x56, 0x79, 0x44, 0xAA, 0xDB,
+        0x7A, 0xC4, 0xD3, 0xA5, 0xD8, 0x0A, 0x1B, 0x9D,
+        0x84, 0x48, 0xB4, 0xC0, 0xC1, 0x15, 0xC3, 0xB5,
+        0xAD, 0x38, 0x85, 0x35, 0x3F, 0x47, 0xD5, 0xFC,
+        0xB9, 0xB7, 0xD6, 0x44, 0x6F, 0x1A, 0x72, 0x10,
+        0xBB, 0xC6, 0x67, 0xFC, 0x41, 0x14, 0x15, 0xF2,
+        0x3C, 0xD4, 0x0A, 0x2A, 0x3D, 0x64, 0x06, 0x1D,
+        0x71, 0xC6, 0x71, 0x91, 0x57, 0x1A, 0x97, 0xD0,
+        0x10, 0x88, 0xA2, 0x4B, 0x67, 0x11, 0x56, 0x7F,
+        0xC8, 0x91, 0x06, 0x73, 0x2D, 0x88, 0x92, 0xFF,
+        0x98, 0x5B, 0x8E, 0x6C, 0xF7, 0x01, 0x63, 0x82,
+        0x9C, 0xC0, 0x85, 0xBE, 0x4E, 0x40, 0x83, 0x15,
+        0x36, 0x1B, 0xB1, 0xB2, 0x00, 0x3D, 0x64, 0x13,
+        0x22, 0x0B, 0x13, 0x45, 0x06, 0xD3, 0xC3, 0x04,
+        0xC0, 0xBB, 0xBA, 0x9C, 0x9C, 0x45, 0xD3, 0x65,
+        0x1E, 0x05, 0x71, 0xB6, 0xB1, 0x15, 0x17, 0x72,
+        0x13, 0xD8, 0x59, 0x5E, 0x14, 0x3D, 0xB9, 0x0B,
+        0xD7, 0x2F, 0x7E, 0xB9, 0x74, 0xD8, 0xD0, 0xA0,
+        0x31, 0x74, 0x09, 0xD6, 0x4D, 0x58, 0x37, 0xEA,
+        0xEC, 0x9B, 0x8D, 0x44, 0xDD, 0x7E, 0xCF, 0xF6,
+        0xCD, 0xA9, 0xF7, 0x29, 0x38, 0x2A, 0x43, 0xB3,
+        0x79, 0xCB, 0xDD, 0x43, 0xFF, 0xB1, 0x8A, 0xEA,
+        0x35, 0xC1, 0xA9, 0x96, 0xCE, 0xF1, 0x48, 0x8D,
+        0x3B, 0x7A, 0x81, 0xEE, 0x7C, 0xFC, 0x0B, 0x96,
+        0x23, 0x41, 0x8A, 0xB3, 0x91, 0x9A, 0x6E, 0xDD,
+        0xB9, 0x9F, 0x22, 0x2F, 0x0D, 0xDD, 0xB2, 0xF3,
+        0x2A, 0x20, 0xC8, 0xF8, 0x4F, 0xBF, 0x4C, 0x49,
+        0xB4, 0xCB, 0x3E, 0xB5, 0x0D, 0x9C, 0x4C, 0xD2,
+        0x5A, 0x6F, 0x71, 0x75, 0x46, 0x70, 0x66, 0xD2,
+        0x5E, 0x64, 0x37, 0xB6, 0x7F, 0x2D, 0xBC, 0x70,
+        0xC2, 0xE6, 0xEB, 0x0B, 0xDE, 0x23, 0x86, 0xD0,
+        0x30, 0x14, 0xA7, 0x89, 0xFB, 0x6D, 0xC0, 0x8E,
+        0xE3, 0x3C, 0x0C, 0x67, 0x95, 0x1D, 0xA9, 0xD7,
+        0x4B, 0x9C, 0x94, 0x84, 0x5D, 0x2A, 0x99, 0x03,
+        0x7E, 0x09, 0x5F, 0xEF, 0x79, 0x19, 0x92, 0x0F,
+        0xE5, 0x26, 0xEB, 0x5D, 0xD0, 0xBA, 0x1F, 0x97,
+        0xDF, 0xBD, 0x2D, 0xDC, 0x31, 0x60, 0x9C, 0x1B,
+        0x7B, 0x45, 0xEC, 0x3A, 0xDB, 0x58, 0x6F, 0xE3,
+        0x03, 0x0A, 0x0C, 0x7A, 0x9D, 0xD0, 0x34, 0xA3,
+        0xC2, 0xE6, 0xF9, 0x84, 0x90, 0x93, 0xCE, 0xE1,
+        0x0A, 0x18, 0x19, 0x53, 0x54, 0x7F, 0x8B, 0xE3,
+        0x28, 0x72, 0x0A, 0x4A, 0x5A, 0x82, 0x90, 0xB5,
+        0xEE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
+        0x0B, 0x10, 0x18, 0x1A, 0x21
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte pk_87[] = {
+        0x59, 0xB2, 0x37, 0x1F, 0xE7, 0xBA, 0xCC, 0x20,
+        0x7F, 0xE1, 0xFE, 0xE8, 0x8A, 0x8B, 0x38, 0x05,
+        0xA7, 0x05, 0x28, 0x65, 0x69, 0x17, 0x89, 0xBB,
+        0x90, 0x54, 0x2F, 0xA4, 0x7F, 0x7E, 0xF2, 0xB7,
+        0x5F, 0xCA, 0x13, 0xDB, 0xA5, 0x88, 0x8B, 0xEC,
+        0x32, 0x05, 0x14, 0xDC, 0xB0, 0x5F, 0xD2, 0x6E,
+        0xB5, 0x54, 0x1F, 0x6E, 0x57, 0x2E, 0xCE, 0xA6,
+        0xC4, 0xF1, 0xD3, 0x8A, 0xA7, 0x02, 0x59, 0x09,
+        0x4A, 0xA9, 0x45, 0xF1, 0x9F, 0xED, 0x0D, 0x98,
+        0x0E, 0x65, 0xDB, 0xF6, 0x5D, 0xB8, 0x0F, 0x56,
+        0x4F, 0xE2, 0x9D, 0x83, 0x6C, 0x54, 0x79, 0x28,
+        0x8B, 0x55, 0xCF, 0x07, 0xF4, 0xE0, 0x01, 0x59,
+        0xB6, 0x95, 0x5D, 0xAB, 0xDE, 0xCC, 0x8C, 0x4D,
+        0x66, 0xAE, 0x68, 0x87, 0x28, 0xBA, 0x6D, 0x5C,
+        0x04, 0x42, 0xF3, 0xC1, 0x23, 0x2C, 0x78, 0x2C,
+        0x46, 0x5B, 0x9B, 0x7C, 0x50, 0x14, 0xB1, 0x46,
+        0x40, 0x65, 0xCC, 0xD8, 0xA5, 0x6D, 0x6B, 0x1C,
+        0x16, 0x51, 0x08, 0x69, 0xE0, 0x14, 0xE6, 0x93,
+        0x39, 0x98, 0xEF, 0x72, 0x55, 0x20, 0xB4, 0x00,
+        0x91, 0x3D, 0x93, 0xB0, 0xEC, 0x75, 0xE2, 0xFB,
+        0x72, 0x5D, 0xC1, 0xAE, 0xC0, 0xC0, 0xCC, 0x73,
+        0x43, 0xB9, 0xE5, 0x44, 0xBA, 0xA4, 0xD6, 0x79,
+        0x86, 0x0E, 0x34, 0x7B, 0x2E, 0x94, 0x7D, 0x8D,
+        0x24, 0x36, 0xF0, 0x92, 0x98, 0xA7, 0xBB, 0x83,
+        0x36, 0xB9, 0xDE, 0x9C, 0xFD, 0x5C, 0xDB, 0xCD,
+        0x91, 0xC7, 0x24, 0x92, 0x68, 0xCA, 0x03, 0xEF,
+        0xAC, 0x27, 0x3A, 0xF5, 0x29, 0x68, 0xD5, 0x01,
+        0x40, 0x6C, 0xD9, 0xC9, 0x61, 0x59, 0xD7, 0xC1,
+        0x5A, 0xA2, 0x90, 0x03, 0x30, 0xC1, 0x18, 0x9C,
+        0xFC, 0x2C, 0xD8, 0xB9, 0x12, 0xC4, 0x80, 0xE4,
+        0x58, 0x29, 0x7E, 0xF1, 0x4D, 0xB6, 0x94, 0xA3,
+        0xF1, 0xE7, 0x2C, 0x1D, 0xFA, 0x3A, 0x3D, 0x2A,
+        0x8A, 0x69, 0xE0, 0x11, 0x60, 0x2B, 0x93, 0x02,
+        0x0B, 0xAC, 0xD1, 0xC2, 0xF3, 0xAD, 0x06, 0xC9,
+        0x5A, 0x7F, 0x36, 0xEB, 0xF5, 0x26, 0x1F, 0x6E,
+        0xC1, 0x06, 0x81, 0x6B, 0xB3, 0x30, 0x3C, 0xC0,
+        0x0B, 0xF4, 0xE8, 0x68, 0x8D, 0x2E, 0x85, 0x48,
+        0xF1, 0x04, 0x90, 0xD9, 0xEB, 0x23, 0xC5, 0x67,
+        0x93, 0xB3, 0x4B, 0x84, 0x06, 0xCB, 0xE4, 0x43,
+        0xD8, 0x35, 0x6B, 0xCD, 0x0F, 0x4F, 0x61, 0xD0,
+        0xD0, 0x17, 0xD5, 0x48, 0x31, 0xB9, 0xBA, 0x32,
+        0x9F, 0x89, 0x48, 0xF2, 0x5C, 0x31, 0x22, 0xF9,
+        0xDE, 0xDE, 0x8C, 0xEC, 0xBA, 0x51, 0x56, 0x9E,
+        0xDF, 0xFF, 0x89, 0x5F, 0xA0, 0x20, 0x86, 0x2C,
+        0x5D, 0xF7, 0x9F, 0x86, 0x40, 0x78, 0x48, 0x6B,
+        0x5F, 0xB2, 0x28, 0xFD, 0x78, 0x9C, 0x35, 0xFD,
+        0xE1, 0xC5, 0x4B, 0xFF, 0xBF, 0x4A, 0x02, 0x5A,
+        0x7F, 0xE7, 0xD8, 0xC3, 0x49, 0x0A, 0x5D, 0x4E,
+        0x62, 0xD0, 0x4F, 0x79, 0xF4, 0x18, 0x3C, 0xA6,
+        0x83, 0x79, 0xF4, 0x64, 0x8B, 0xD5, 0xB2, 0x41,
+        0x6D, 0xBE, 0x5B, 0x84, 0x5C, 0x9F, 0x4B, 0x7A,
+        0x7E, 0x23, 0x39, 0xC0, 0x50, 0x6D, 0x58, 0x53,
+        0x9E, 0xAE, 0xA9, 0x45, 0x1C, 0x9B, 0x2F, 0xE2,
+        0xA1, 0x8C, 0x84, 0x9D, 0xCA, 0x7E, 0xED, 0x9D,
+        0xAC, 0xC0, 0x58, 0xD0, 0x05, 0xFB, 0x73, 0x75,
+        0xC4, 0xEF, 0x45, 0xB0, 0x01, 0x54, 0x3F, 0xC6,
+        0x8E, 0x47, 0xDD, 0xB6, 0xD1, 0x4F, 0xF9, 0x37,
+        0xD1, 0xAA, 0x0D, 0x4D, 0x74, 0x89, 0xDF, 0xFA,
+        0x62, 0x10, 0x67, 0x9C, 0xCC, 0xEC, 0xF9, 0xB8,
+        0x55, 0x1D, 0xCF, 0x68, 0x2D, 0x2A, 0xF1, 0xE5,
+        0xBD, 0x86, 0x9F, 0x3E, 0x8D, 0x40, 0x0D, 0x5C,
+        0x86, 0x1A, 0xE5, 0x1F, 0xE7, 0xEB, 0xBB, 0x54,
+        0x57, 0xF2, 0xEA, 0xAF, 0xD0, 0x93, 0xA9, 0x59,
+        0x8E, 0xC7, 0x21, 0xC6, 0x93, 0x27, 0xC5, 0x19,
+        0x30, 0xF4, 0xB9, 0xFF, 0xB2, 0xAA, 0x7F, 0x1A,
+        0x28, 0x43, 0x6B, 0x6D, 0x80, 0x8D, 0x75, 0x39,
+        0x2B, 0xC4, 0x3C, 0x1B, 0x5B, 0x85, 0x9C, 0x66,
+        0xC5, 0x4F, 0xA5, 0x15, 0xC7, 0xA6, 0x15, 0xA6,
+        0x9E, 0x60, 0x92, 0x14, 0x34, 0xAA, 0x9C, 0xF9,
+        0xF9, 0xE0, 0x3C, 0x3C, 0xA3, 0x5B, 0x5E, 0xBC,
+        0x6A, 0x40, 0x9E, 0x82, 0x2F, 0xE7, 0x6E, 0x09,
+        0x24, 0xC6, 0xC0, 0x62, 0xF1, 0x72, 0x4C, 0x38,
+        0x2F, 0xF3, 0xC8, 0xAC, 0xB5, 0xC1, 0x66, 0x6C,
+        0x2E, 0xC2, 0x6B, 0x76, 0x28, 0xE3, 0xD7, 0xC1,
+        0x3D, 0xA8, 0xD7, 0x58, 0x89, 0x0E, 0x6C, 0xC0,
+        0x17, 0xB7, 0x89, 0x25, 0x82, 0xE9, 0x5E, 0xDD,
+        0x04, 0xBA, 0x93, 0x45, 0xDF, 0x70, 0xFA, 0xD5,
+        0x6E, 0xA6, 0x8B, 0xF8, 0x87, 0x5B, 0x93, 0x2C,
+        0x28, 0xB3, 0x28, 0x07, 0xC8, 0x63, 0x71, 0xE1,
+        0x7D, 0xCC, 0x04, 0x72, 0x5C, 0xB5, 0x97, 0xB5,
+        0x24, 0x46, 0x79, 0x63, 0xE1, 0xD4, 0xA6, 0x1B,
+        0x5F, 0xBF, 0x9E, 0xC5, 0x04, 0xD5, 0xDD, 0xB6,
+        0x17, 0x93, 0xDD, 0x4E, 0x34, 0xAE, 0x08, 0x2A,
+        0x59, 0x90, 0xEF, 0xCE, 0x80, 0x1E, 0x93, 0x8C,
+        0xCA, 0xE7, 0x38, 0xE0, 0x2E, 0x90, 0x59, 0x9D,
+        0x97, 0x1C, 0x2D, 0x7C, 0x64, 0xE5, 0xB6, 0xF8,
+        0x63, 0x9F, 0x75, 0x8E, 0xD6, 0x21, 0xC1, 0xF2,
+        0x10, 0x73, 0xC0, 0x3E, 0xDB, 0x78, 0x2C, 0x7A,
+        0x0F, 0x5D, 0x7C, 0x66, 0xF5, 0xCE, 0x16, 0x1D,
+        0xED, 0x55, 0xB3, 0xE9, 0x2D, 0xC2, 0x71, 0x83,
+        0xAB, 0x08, 0x3D, 0xBC, 0x1F, 0x39, 0x30, 0xAE,
+        0x56, 0xED, 0xB8, 0xC5, 0x3E, 0x9A, 0x7E, 0x02,
+        0x0F, 0xFF, 0x0C, 0x40, 0x42, 0xF5, 0x18, 0xB2,
+        0x6F, 0x39, 0x0C, 0x96, 0xC8, 0x18, 0x3B, 0x79,
+        0xB5, 0x3C, 0x7C, 0x7B, 0xC5, 0x15, 0x18, 0x7B,
+        0x3D, 0xE8, 0xCA, 0xB0, 0x87, 0x69, 0xC5, 0xDD,
+        0x6F, 0xF5, 0x49, 0x21, 0x12, 0xE8, 0xB0, 0xF2,
+        0x8D, 0x09, 0xF4, 0x06, 0x7A, 0xDB, 0x04, 0x19,
+        0x4F, 0x60, 0x25, 0x0E, 0x75, 0xAD, 0xE3, 0x31,
+        0xA5, 0xC2, 0x55, 0x93, 0xBC, 0xD9, 0x2A, 0x6D,
+        0x13, 0x50, 0x43, 0x95, 0x85, 0x86, 0x0B, 0xB6,
+        0xFE, 0xED, 0xBD, 0x2F, 0x83, 0x9F, 0x31, 0x7A,
+        0x01, 0x35, 0x88, 0x76, 0xC8, 0x8E, 0x89, 0x8A,
+        0xC0, 0xC8, 0x53, 0x78, 0xF5, 0x72, 0xF2, 0x3C,
+        0xDE, 0x93, 0x1D, 0x47, 0xDE, 0x71, 0xD3, 0x35,
+        0x3D, 0xAB, 0x1F, 0x81, 0x0A, 0x61, 0xB1, 0x8D,
+        0x24, 0xCD, 0x83, 0xDD, 0xAB, 0x8D, 0x53, 0xBA,
+        0x9C, 0x7B, 0x82, 0x74, 0xB0, 0xFE, 0x82, 0xAF,
+        0xF3, 0x0C, 0x57, 0x07, 0x2F, 0x64, 0x37, 0x87,
+        0xCA, 0x1D, 0xF0, 0x3B, 0x99, 0xEB, 0x57, 0xDB,
+        0xDA, 0x8C, 0x8E, 0xE8, 0xEB, 0x20, 0x1F, 0x28,
+        0x47, 0xCB, 0xC9, 0xD3, 0x4F, 0xD8, 0x0C, 0xE6,
+        0xBC, 0x5E, 0x1E, 0x32, 0x8E, 0xB6, 0xEF, 0xC8,
+        0x3C, 0x4B, 0xD9, 0xD5, 0x2F, 0x32, 0x4E, 0x30,
+        0xEE, 0x4B, 0x5E, 0x86, 0x35, 0x1E, 0x5C, 0x8C,
+        0x4C, 0x54, 0x56, 0x83, 0x6D, 0x5A, 0x45, 0x22,
+        0x03, 0xB3, 0xC3, 0x72, 0xC7, 0x87, 0xAE, 0x33,
+        0x32, 0xC8, 0xA5, 0xE9, 0xDC, 0x21, 0x97, 0xD9,
+        0xC3, 0x41, 0xB9, 0x75, 0x6B, 0xB1, 0xE6, 0x3C,
+        0x75, 0xBB, 0xD5, 0xCF, 0x3E, 0x5C, 0xD4, 0xBF,
+        0x47, 0xBD, 0x1F, 0xEB, 0xC3, 0xE3, 0x71, 0x09,
+        0x12, 0xD6, 0x30, 0x32, 0xF6, 0xB9, 0x7D, 0xC1,
+        0x9C, 0x4D, 0xE1, 0x96, 0xAC, 0xD9, 0x15, 0x77,
+        0x15, 0xE2, 0xC1, 0x4E, 0x05, 0x4A, 0x93, 0x17,
+        0xBF, 0x96, 0xA6, 0x84, 0xBB, 0x96, 0xCE, 0xFB,
+        0x7D, 0x8F, 0xDC, 0xA8, 0xAA, 0x47, 0x7A, 0x2A,
+        0xF6, 0xF7, 0x26, 0xD2, 0xCA, 0xC1, 0xA6, 0x03,
+        0xCF, 0x13, 0x60, 0xEC, 0x11, 0xCA, 0x89, 0x7E,
+        0x5B, 0xC7, 0x35, 0xAB, 0x69, 0xB8, 0x64, 0x7F,
+        0x30, 0xCE, 0xD4, 0x94, 0x7B, 0xA9, 0xF6, 0x35,
+        0xD9, 0xCB, 0x2D, 0x82, 0xA6, 0x62, 0xFF, 0x17,
+        0xA0, 0xE1, 0x2D, 0x4D, 0x06, 0xD6, 0x41, 0xEE,
+        0x76, 0xEB, 0x8B, 0x45, 0xC7, 0x1E, 0xDE, 0x38,
+        0xC9, 0x05, 0xC5, 0x2B, 0xE7, 0x6C, 0x61, 0x09,
+        0xF2, 0x61, 0x2F, 0xEE, 0x6C, 0x31, 0x94, 0x46,
+        0x5C, 0x19, 0xBA, 0x5D, 0x3E, 0xBC, 0xF1, 0xF0,
+        0xB5, 0xE5, 0x34, 0xE0, 0xF0, 0xF1, 0xD3, 0x1C,
+        0xB1, 0xE7, 0xA3, 0x6C, 0x43, 0x03, 0xF2, 0x83,
+        0xDB, 0xA8, 0x59, 0x1C, 0xC6, 0x09, 0x31, 0x1A,
+        0x80, 0x9E, 0x44, 0x4E, 0x33, 0xA8, 0x93, 0x88,
+        0x0C, 0xDB, 0xAE, 0x29, 0x11, 0x91, 0x46, 0xA3,
+        0x68, 0xE4, 0xD2, 0xED, 0xD9, 0x1F, 0xE4, 0x71,
+        0x64, 0x7F, 0xFE, 0x82, 0x1A, 0xA6, 0xD3, 0x1C,
+        0x9F, 0xA4, 0x96, 0x95, 0xEB, 0x99, 0x41, 0xB0,
+        0x8F, 0x7B, 0xE3, 0xF0, 0x6C, 0xDD, 0xF2, 0x73,
+        0x9B, 0x8C, 0xAD, 0x2A, 0xB0, 0xDA, 0x4F, 0x5A,
+        0x3C, 0x0A, 0x26, 0xDF, 0x6A, 0x17, 0xB1, 0x37,
+        0xCA, 0xAB, 0x3B, 0x91, 0x9A, 0xB6, 0x36, 0xD6,
+        0xC8, 0x9B, 0xED, 0xA3, 0x05, 0x88, 0x98, 0x62,
+        0x87, 0x21, 0xF2, 0x77, 0x03, 0x15, 0xFE, 0xEE,
+        0x88, 0x15, 0x95, 0xE2, 0x4C, 0xF4, 0x8B, 0x44,
+        0x16, 0x60, 0xD0, 0xB2, 0xE9, 0xD5, 0xB9, 0x09,
+        0x28, 0xC3, 0x81, 0xF2, 0xB0, 0xFA, 0x26, 0x34,
+        0x2E, 0x4C, 0x9B, 0x88, 0xC0, 0x88, 0x7A, 0x46,
+        0x87, 0x12, 0x4C, 0x01, 0x2D, 0x96, 0x9E, 0x1A,
+        0xFD, 0x85, 0x32, 0x75, 0x4B, 0xA1, 0x21, 0x25,
+        0xE9, 0x43, 0x3D, 0xCF, 0x6D, 0x7B, 0xC1, 0xA3,
+        0x6A, 0x83, 0xE6, 0xA1, 0x0B, 0xA1, 0xCB, 0x76,
+        0x52, 0xA8, 0x13, 0x50, 0x89, 0x9C, 0x2D, 0xFC,
+        0x6E, 0x4F, 0xED, 0x38, 0xD0, 0x09, 0xE6, 0xD0,
+        0xF1, 0xD4, 0x4C, 0xCC, 0xB9, 0x5E, 0x55, 0x1B,
+        0x3A, 0xD5, 0x4B, 0x3A, 0xC8, 0x1E, 0x8B, 0xA4,
+        0x66, 0x5E, 0xA4, 0x28, 0xB3, 0xC8, 0x61, 0xE8,
+        0x67, 0x78, 0x90, 0xCF, 0x5F, 0x62, 0x5C, 0x19,
+        0xA7, 0xC5, 0x94, 0x3A, 0x94, 0x01, 0xCB, 0x78,
+        0xE7, 0x02, 0x6B, 0xAE, 0x92, 0xB6, 0x0A, 0x8B,
+        0x68, 0x07, 0xC1, 0x77, 0x45, 0x41, 0x5C, 0xD8,
+        0xE0, 0x30, 0xC6, 0x4C, 0x56, 0xE8, 0x22, 0x13,
+        0x9A, 0x35, 0xDA, 0x42, 0x3F, 0x26, 0x43, 0x36,
+        0xE0, 0xAF, 0xDF, 0x16, 0x74, 0x30, 0xDD, 0x36,
+        0xE0, 0x06, 0x4B, 0x2F, 0x6E, 0x8D, 0x8B, 0xB6,
+        0xBE, 0x99, 0xC5, 0xA9, 0xFB, 0x55, 0x1C, 0xC6,
+        0x3E, 0x50, 0x8D, 0xB6, 0x36, 0x66, 0x7D, 0xDA,
+        0x53, 0xF6, 0x11, 0xF0, 0x2F, 0xCD, 0x1F, 0x99,
+        0x41, 0x0F, 0x1A, 0x7A, 0x82, 0x88, 0x2F, 0x96,
+        0x23, 0xAD, 0xDC, 0x50, 0xEB, 0x01, 0xE1, 0xF3,
+        0x99, 0x78, 0xBF, 0x68, 0x50, 0x6C, 0x71, 0xDB,
+        0xBE, 0xE4, 0x2E, 0x4A, 0x80, 0x06, 0x9B, 0x0E,
+        0x4C, 0x7F, 0xC4, 0xCC, 0x14, 0x71, 0xF4, 0xF1,
+        0x02, 0x8D, 0xB2, 0x5C, 0x46, 0x87, 0xB6, 0x0D,
+        0xF4, 0x25, 0x5D, 0xEC, 0x91, 0x48, 0x19, 0x7A,
+        0x74, 0x79, 0x6E, 0xC7, 0x60, 0xA6, 0x6A, 0xFC,
+        0x78, 0x84, 0x03, 0x86, 0x51, 0x92, 0x09, 0x73,
+        0xA6, 0x9C, 0x20, 0x35, 0x16, 0x22, 0x26, 0x32,
+        0xEC, 0x58, 0x75, 0xEA, 0x6D, 0x83, 0x80, 0x96,
+        0xE7, 0xFE, 0x9B, 0x5B, 0x4F, 0xB6, 0x9C, 0x5E,
+        0x94, 0x07, 0xE7, 0x0D, 0x27, 0xFA, 0x34, 0xB0,
+        0xCD, 0xBD, 0x6E, 0x11, 0x9D, 0x87, 0xCE, 0x38,
+        0x58, 0x1D, 0xF1, 0xD3, 0xE0, 0xDF, 0x3A, 0xE0,
+        0x29, 0x04, 0x2A, 0x3B, 0x20, 0xE9, 0x23, 0xEB,
+        0xCE, 0x19, 0xA4, 0x95, 0x87, 0x55, 0xEE, 0x2F,
+        0x98, 0xFD, 0x23, 0x4C, 0x44, 0x13, 0xE2, 0xDB,
+        0xC9, 0x35, 0x59, 0xA4, 0x28, 0xDC, 0x37, 0xF2,
+        0xD1, 0x23, 0x5B, 0xD4, 0x41, 0x9B, 0x09, 0x9E,
+        0x0F, 0x0D, 0xE5, 0x42, 0xC4, 0x69, 0x35, 0x99,
+        0x1B, 0xE0, 0x69, 0x2A, 0x6D, 0x80, 0xB8, 0xFD,
+        0x98, 0x86, 0xE0, 0xFA, 0x17, 0x69, 0xB4, 0x9E,
+        0x8A, 0xE6, 0x30, 0x7C, 0xB0, 0xBC, 0x1B, 0x49,
+        0x73, 0x2D, 0x26, 0xE2, 0x5C, 0xA1, 0xCD, 0x9D,
+        0x40, 0x7E, 0x0D, 0x88, 0x64, 0x04, 0x09, 0x41,
+        0x61, 0x1F, 0x93, 0x33, 0xB6, 0x36, 0x7E, 0x83,
+        0x00, 0xFD, 0x64, 0x6A, 0xC5, 0xA7, 0x1A, 0xD9,
+        0x13, 0xEE, 0xFD, 0x80, 0x8D, 0x5C, 0xAF, 0xBF,
+        0x15, 0x21, 0xA3, 0x06, 0x2E, 0xC1, 0x84, 0xE5,
+        0x21, 0x65, 0x50, 0x1E, 0x00, 0x55, 0x56, 0xDE,
+        0x4D, 0xEE, 0x46, 0xF9, 0xE5, 0x3D, 0x7D, 0xEF,
+        0x99, 0x09, 0xF3, 0xD5, 0xD9, 0x8C, 0xA8, 0x0D,
+        0x87, 0x70, 0x7F, 0x7B, 0xC0, 0xFF, 0x8D, 0x87,
+        0x9D, 0x65, 0xD4, 0xD7, 0x83, 0xD1, 0x96, 0xF2,
+        0x46, 0x06, 0x93, 0x81, 0x1C, 0xDF, 0x33, 0x35,
+        0x8E, 0x08, 0x2D, 0x81, 0xF4, 0xDB, 0x8F, 0x6C,
+        0x20, 0x48, 0x61, 0x83, 0xA3, 0x6D, 0x4F, 0xBC,
+        0xC8, 0xA1, 0xC6, 0xDA, 0x21, 0xAA, 0x4D, 0xD1,
+        0x36, 0xE1, 0x9F, 0xEF, 0x2E, 0xA9, 0x93, 0x97,
+        0x2B, 0xB9, 0x98, 0x9A, 0xC1, 0xC3, 0x8A, 0x79,
+        0xF3, 0x18, 0x52, 0x17, 0x80, 0x04, 0x12, 0x3C,
+        0x46, 0x27, 0x7D, 0x38, 0xA8, 0x8F, 0xC1, 0x58,
+        0x9F, 0x25, 0x73, 0x32, 0x28, 0x4C, 0xD8, 0xA8,
+        0x73, 0xC2, 0x5A, 0x1A, 0x6D, 0x40, 0x26, 0x5B,
+        0x28, 0x5D, 0xF0, 0x93, 0x70, 0xE8, 0x8F, 0x72,
+        0xFF, 0x70, 0xE4, 0x34, 0xE8, 0xF6, 0x60, 0x84,
+        0xCC, 0xFE, 0xBD, 0xBB, 0xC4, 0xB9, 0x9E, 0xDF,
+        0xBC, 0x75, 0x0C, 0xC5, 0xDE, 0xA6, 0x36, 0x17,
+        0xF6, 0x47, 0xF5, 0xF0, 0x21, 0xD5, 0x7D, 0x64,
+        0xD5, 0xEF, 0xF0, 0x48, 0x63, 0x4D, 0xB2, 0x20,
+        0x9D, 0x7C, 0x8B, 0x82, 0xFB, 0x63, 0xB8, 0x82,
+        0x3E, 0x4C, 0xA0, 0x57, 0x16, 0x8B, 0xAE, 0x88,
+        0xD9, 0x71, 0x52, 0x91, 0x24, 0x0B, 0x37, 0x58,
+        0xD7, 0x68, 0x45, 0x01, 0xF8, 0x61, 0x86, 0x7B,
+        0x7A, 0x24, 0x1C, 0x06, 0x3B, 0x05, 0xD5, 0xE8,
+        0xCA, 0x6B, 0x4C, 0x79, 0xCB, 0x24, 0x35, 0xD7,
+        0xF9, 0x94, 0xCB, 0x76, 0x91, 0x5B, 0x4A, 0x54,
+        0x87, 0x08, 0xB1, 0x1B, 0x29, 0x44, 0x96, 0x85,
+        0x94, 0x1D, 0x43, 0xE6, 0x0A, 0x89, 0x76, 0xF9,
+        0xA9, 0x60, 0x72, 0xF9, 0x10, 0x41, 0xF4, 0xC3,
+        0xDF, 0x7C, 0x73, 0x96, 0x90, 0x12, 0xAE, 0x1B,
+        0x30, 0xE4, 0xB9, 0xC4, 0xE1, 0x33, 0x55, 0x8D,
+        0xAB, 0xC4, 0x6C, 0x10, 0x3C, 0x0C, 0xB1, 0xDF,
+        0xB9, 0x9B, 0x58, 0x53, 0x74, 0xA5, 0x4F, 0x9B,
+        0xA5, 0x6B, 0x72, 0x48, 0xB8, 0xC3, 0xF6, 0x6F,
+        0x1D, 0x55, 0x76, 0x0D, 0x6A, 0xBB, 0x43, 0x03,
+        0x75, 0x77, 0x4D, 0xFB, 0xA2, 0x05, 0x9C, 0x5D,
+        0xDD, 0xB6, 0x59, 0xFD, 0x2E, 0x1D, 0xA9, 0xC3,
+        0xF0, 0xB8, 0x08, 0x68, 0xC9, 0x2B, 0xCA, 0xC1,
+        0x04, 0x03, 0xDC, 0xD1, 0x40, 0xD6, 0xA3, 0xD3,
+        0xF3, 0x5F, 0x8E, 0xF1, 0xA2, 0xDD, 0x98, 0xDE,
+        0x1A, 0x43, 0x34, 0x23, 0x85, 0x99, 0xED, 0xAD,
+        0x92, 0x0D, 0xC0, 0xAA, 0x69, 0x8E, 0x9F, 0xE6,
+        0x10, 0x6A, 0x07, 0x80, 0xC9, 0xC2, 0x45, 0xF2,
+        0xC6, 0x5A, 0x0C, 0x3E, 0x5C, 0xD5, 0x36, 0x61,
+        0x10, 0xB1, 0x76, 0x0F, 0xCD, 0x41, 0x4D, 0x45,
+        0x0D, 0xB9, 0xD7, 0x6A, 0x22, 0xA9, 0xEA, 0xEA,
+        0x0C, 0x9F, 0xB7, 0x2E, 0xD5, 0x43, 0xCE, 0x9F,
+        0xA3, 0x31, 0x4B, 0xAB, 0x17, 0x68, 0x7E, 0x9D,
+        0xE5, 0xAD, 0xAD, 0x75, 0x61, 0xF1, 0xA5, 0xBE,
+        0xC1, 0x63, 0x39, 0x26, 0x9A, 0x87, 0xE0, 0x9A,
+        0xCB, 0x29, 0xE4, 0xC4, 0x39, 0x60, 0x5E, 0x95,
+        0x72, 0xAA, 0x9B, 0x7D, 0x0E, 0x83, 0x71, 0xA3,
+        0x0E, 0x41, 0xA0, 0xA7, 0xBD, 0xC0, 0x2D, 0xA3,
+        0xA6, 0x12, 0x1B, 0xF2, 0x61, 0xEA, 0xA0, 0x16,
+        0xA2, 0x07, 0x4E, 0x44, 0x32, 0xCF, 0x63, 0xAF,
+        0x96, 0xBE, 0x81, 0xCE, 0xB6, 0xE0, 0xC2, 0x67,
+        0x6A, 0x85, 0x45, 0xC6, 0x6D, 0x2F, 0x30, 0xC9,
+        0x8B, 0x54, 0x24, 0xF0, 0xFE, 0xF0, 0x4B, 0x3C,
+        0x6C, 0x70, 0x64, 0xE2, 0xD2, 0xE1, 0x1C, 0xBE,
+        0x60, 0xF8, 0x57, 0x23, 0xFF, 0xC0, 0xB7, 0x70,
+        0xD6, 0x86, 0x6F, 0xFA, 0x58, 0x9E, 0x3F, 0x9B,
+        0x2A, 0xBF, 0x75, 0x10, 0x40, 0x19, 0xAA, 0x69,
+        0xCB, 0x58, 0x89, 0x5B, 0x47, 0x4A, 0x0A, 0xDE,
+        0x2B, 0x60, 0xA4, 0xAB, 0x07, 0x7C, 0x3A, 0x6D,
+        0xF6, 0x15, 0x33, 0x4E, 0xBB, 0xE7, 0x32, 0xE9,
+        0x52, 0x20, 0x21, 0x39, 0x94, 0xD3, 0xBD, 0xC4,
+        0x43, 0xC8, 0xEF, 0x94, 0xAD, 0x51, 0x5F, 0x45,
+        0x41, 0x83, 0x55, 0x18, 0x33, 0x14, 0x48, 0x58,
+        0x57, 0xAC, 0x12, 0xBA, 0x1D, 0x62, 0xCF, 0x4F,
+        0xD4, 0xF4, 0xDE, 0x2A, 0x7F, 0xFF, 0x1E, 0xCF,
+        0x0D, 0x29, 0x0C, 0x4C, 0xDF, 0xFA, 0x88, 0xD8,
+        0xF4, 0x8C, 0x5B, 0x83, 0x7D, 0x3A, 0x94, 0xCD,
+        0x17, 0xB3, 0xD1, 0x69, 0x96, 0x6E, 0xB0, 0x38,
+        0xFE, 0x5A, 0x6E, 0x85, 0xDF, 0xC6, 0x0A, 0x00,
+        0x23, 0x3F, 0x10, 0x73, 0x19, 0x73, 0xDC, 0x47,
+        0x5D, 0x53, 0xBC, 0x7B, 0x9E, 0x60, 0x32, 0x0B,
+        0xA7, 0x90, 0x5D, 0x88, 0x51, 0x9F, 0xA3, 0x25,
+        0xDF, 0x5A, 0xB0, 0x2B, 0x40, 0xF2, 0xAB, 0xBD,
+        0xB3, 0x7D, 0x22, 0x61, 0xCB, 0x81, 0x48, 0x27,
+        0x7B, 0x87, 0xAE, 0x32, 0x97, 0x97, 0x6C, 0x80,
+        0xC3, 0x51, 0x34, 0xE5, 0xF7, 0x86, 0x90, 0x45,
+        0x64, 0xC1, 0x46, 0x99, 0x47, 0xF6, 0x20, 0xFE,
+        0x09, 0xFD, 0xF3, 0x86, 0x2C, 0x40, 0x57, 0xA3,
+        0xBC, 0xEF, 0x70, 0x75, 0x0C, 0xB7, 0x27, 0xF0,
+        0x31, 0x28, 0x3A, 0x18, 0x26, 0xF1, 0x38, 0x1B,
+        0x33, 0x48, 0xE3, 0xEA, 0x46, 0x88, 0x60, 0x9E,
+        0xCB, 0x19, 0x3A, 0xFA, 0xAE, 0xE1, 0xCD, 0x97,
+        0xE4, 0xDD, 0xAA, 0x02, 0xC0, 0xC3, 0x0E, 0x49,
+        0xF1, 0x37, 0xD0, 0x82, 0x85, 0x94, 0x15, 0x28,
+        0x10, 0x17, 0x59, 0xA7, 0x42, 0x2A, 0xA4, 0x99,
+        0xC9, 0x00, 0xA3, 0x79, 0xDD, 0x73, 0xB3, 0x07,
+        0x28, 0x4C, 0xCD, 0xDA, 0xF1, 0xFA, 0x1B, 0x0C,
+        0x4B, 0x28, 0x0E, 0x3F, 0x9F, 0x1D, 0xB6, 0xD3,
+        0x8E, 0xCF, 0x8A, 0x84, 0x1F, 0x9D, 0x4E, 0x40,
+        0xEC, 0xA8, 0x62, 0x47, 0xD6, 0xCD, 0x9B, 0x31,
+        0xEA, 0xCD, 0x6A, 0x46, 0xF0, 0xE3, 0x33, 0xB9,
+        0xE8, 0x3D, 0x69, 0x0D, 0x7E, 0x13, 0x46, 0x76,
+        0x19, 0xB4, 0x6A, 0xF9, 0xAF, 0xCF, 0xDC, 0x4A,
+        0xA9, 0xA0, 0x49, 0xB1, 0x80, 0x26, 0x0D, 0x70,
+        0xD9, 0xEE, 0xDB, 0x8A, 0x53, 0x30, 0x51, 0xAB,
+        0x83, 0x51, 0x7A, 0xAD, 0xC2, 0xCD, 0x90, 0x0B,
+        0x3E, 0xA5, 0x12, 0x60, 0xF4, 0x64, 0xAF, 0xC5,
+        0xD2, 0xDC, 0x41, 0x10, 0x29, 0x77, 0x9B, 0x21,
+        0xCE, 0x2C, 0xBD, 0x16, 0x02, 0x18, 0xDF, 0x41,
+        0xF6, 0x61, 0xDA, 0x1A, 0xD9, 0x5A, 0xD4, 0x0B,
+        0x8C, 0x35, 0x3C, 0x7F, 0x10, 0xFC, 0x23, 0xF8,
+        0x30, 0xD1, 0x17, 0xBC, 0xAE, 0xF8, 0xCE, 0xCE,
+        0xBC, 0xBF, 0xA4, 0x9D, 0x79, 0xD8, 0xD9, 0x39,
+        0x1E, 0x8D, 0x08, 0x28, 0x1F, 0x00, 0x0A, 0x55,
+        0xE9, 0x2D, 0xB3, 0x31, 0xBD, 0xEC, 0xD7, 0x31,
+        0x83, 0xE0, 0x58, 0xFF, 0x3F, 0xE5, 0x83, 0x9A,
+        0xF5, 0x0D, 0x8C, 0x55, 0xF2, 0x2F, 0x6A, 0xFF,
+        0x5A, 0x33, 0xDA, 0x77, 0x4B, 0xA1, 0xB3, 0xE6,
+        0x43, 0xF5, 0x87, 0x7C, 0xF5, 0x49, 0xC4, 0xF9,
+        0x08, 0xEA, 0x64, 0xA3, 0x7D, 0xF3, 0xBF, 0xA4,
+        0xCD, 0x5F, 0x70, 0xF8, 0xCD, 0x15, 0x44, 0x76,
+        0xD3, 0x4B, 0xC8, 0x53, 0xC9, 0xE8, 0xF7, 0x97,
+        0x9E, 0x5F, 0x4E, 0xBB, 0x88, 0x8A, 0xF7, 0x61
+    };
+    static const byte msg_87[] = {
+        0x4A, 0xC4, 0x67, 0x5C, 0x96, 0xD9, 0x11, 0x7D,
+        0x1E, 0xDE, 0xB8, 0x0D, 0x7C, 0xD2, 0x84, 0xA3,
+        0xE1, 0xE1, 0xFE, 0x03, 0x8E, 0x30, 0x12, 0x05,
+        0xB4, 0xC4, 0x08, 0xEB, 0x96, 0x52, 0x35, 0xAD,
+        0x1C, 0x85, 0xF8, 0xBE, 0x3F, 0x77, 0xCA, 0x48,
+        0x6F, 0xD2, 0x07, 0xF7, 0xC7, 0x5F, 0x41, 0x21,
+        0xCD, 0x3C, 0xA2, 0xB2, 0x3D, 0x6B, 0xCE, 0x43,
+        0x82, 0xA6, 0xD3, 0x61, 0x21, 0x81, 0x50, 0x25,
+        0xD5, 0x80, 0x6C, 0xBE, 0xF4, 0x52, 0xE0, 0x83,
+        0x93, 0x3C, 0x6E, 0x5C, 0x73, 0x94, 0xAC, 0x88,
+        0x26, 0x2A, 0x6D, 0xE7, 0x77, 0x0B, 0x2D, 0x88,
+        0x43, 0xEC, 0x10, 0x1F, 0xFB, 0x5E, 0x84, 0xDE,
+        0x2F, 0x7A, 0x8B, 0x74, 0xE7, 0x67, 0x4B, 0x3B,
+        0x23, 0x19, 0xBD, 0x6B, 0xF4, 0x11, 0x2F, 0x92,
+        0xC5, 0xCF, 0xC0, 0xA5, 0x5F, 0x7F, 0xA0, 0x61,
+        0xF4, 0x53, 0x25, 0x40, 0x8D, 0x03, 0x9D, 0x51
+    };
+    static const byte sig_87[] = {
+        0x4B, 0x3F, 0x52, 0xF0, 0x81, 0xB3, 0xD9, 0x14,
+        0xBC, 0x7C, 0x6C, 0x07, 0x3B, 0x18, 0x2B, 0x26,
+        0x8A, 0xDF, 0x51, 0x89, 0xE2, 0x98, 0xA8, 0x69,
+        0xBF, 0xB9, 0x91, 0xB1, 0x99, 0x99, 0x3C, 0x10,
+        0x42, 0xDE, 0xF5, 0xB5, 0x92, 0x70, 0xB6, 0xCD,
+        0x3F, 0xF8, 0xF9, 0x07, 0xA1, 0xCB, 0x0D, 0x3B,
+        0x6F, 0xED, 0xCA, 0x14, 0x38, 0x38, 0xF8, 0xF8,
+        0x1E, 0x0C, 0x37, 0x0F, 0xFE, 0xEE, 0x6B, 0x25,
+        0xCD, 0x07, 0x03, 0x56, 0x41, 0xA0, 0x51, 0x94,
+        0x4E, 0xAB, 0x51, 0x6C, 0xFB, 0xB8, 0x01, 0x53,
+        0x6B, 0x4F, 0x26, 0x2B, 0x16, 0x19, 0x8E, 0x7D,
+        0xDB, 0x1D, 0x61, 0xC3, 0x5A, 0x64, 0xD9, 0x0D,
+        0x39, 0x48, 0xCE, 0xAA, 0xC8, 0xEE, 0x58, 0x0D,
+        0xCE, 0xF5, 0x40, 0xED, 0x99, 0xD9, 0x12, 0xBB,
+        0xA2, 0xBC, 0x4F, 0x51, 0x45, 0xBB, 0x94, 0x9C,
+        0x73, 0xCC, 0xBD, 0x58, 0x26, 0x13, 0xB1, 0x0E,
+        0xAA, 0xE8, 0x63, 0xAC, 0xA3, 0x46, 0x83, 0xEB,
+        0x92, 0x2B, 0x3D, 0xAD, 0xFC, 0x74, 0xF7, 0x6F,
+        0x47, 0xE4, 0x97, 0x86, 0x02, 0x59, 0x24, 0x02,
+        0xD9, 0x15, 0x43, 0x94, 0xEB, 0x09, 0xFB, 0xC2,
+        0xEB, 0xCC, 0xC5, 0x94, 0x73, 0x2F, 0x2D, 0x8B,
+        0xC3, 0x83, 0x50, 0xE5, 0x53, 0x5A, 0x44, 0x12,
+        0xA7, 0x7A, 0xDD, 0x79, 0x16, 0x60, 0x45, 0x76,
+        0xFD, 0x6A, 0x36, 0x31, 0xE5, 0x15, 0xBA, 0xF2,
+        0x6A, 0x6F, 0x9C, 0xA4, 0x06, 0x1E, 0xBB, 0xDD,
+        0x3B, 0xEC, 0x71, 0x79, 0xAD, 0x58, 0x55, 0x2A,
+        0x5B, 0x50, 0x8F, 0x31, 0x34, 0x8A, 0x56, 0xAD,
+        0x1A, 0xDA, 0x7A, 0x05, 0x35, 0x2C, 0x72, 0xC0,
+        0x04, 0xB9, 0x4C, 0x47, 0xE7, 0x04, 0x9A, 0x10,
+        0xB3, 0xA5, 0x9B, 0xF2, 0x38, 0xA8, 0xDF, 0xC6,
+        0xC7, 0x01, 0x9A, 0x17, 0xF0, 0x5D, 0x5B, 0xFC,
+        0xB9, 0xD9, 0x3D, 0x9D, 0x1C, 0xCB, 0xCB, 0x47,
+        0xF8, 0xC4, 0x38, 0x09, 0x8F, 0xDB, 0xDF, 0xE2,
+        0x3F, 0x9F, 0x78, 0xBC, 0x28, 0x06, 0x99, 0x08,
+        0xC6, 0xB9, 0x89, 0x8B, 0x43, 0x4C, 0xBF, 0x37,
+        0x78, 0x7E, 0x1A, 0xF6, 0xA6, 0xB8, 0x27, 0xE8,
+        0x30, 0xE9, 0xF7, 0x62, 0x9C, 0xD8, 0xF5, 0x10,
+        0x70, 0xC4, 0xC8, 0xA8, 0xDE, 0xB2, 0x60, 0xD0,
+        0x7C, 0x3E, 0x41, 0xD8, 0x49, 0x04, 0x84, 0x87,
+        0x74, 0x91, 0xB3, 0x9A, 0xA6, 0xD9, 0xE1, 0x0D,
+        0x91, 0x74, 0x8B, 0x64, 0xE3, 0x31, 0x60, 0x62,
+        0x9D, 0x8A, 0xE4, 0x3E, 0xFD, 0x5F, 0x85, 0x78,
+        0x1E, 0x69, 0xF7, 0x6B, 0x68, 0x95, 0xC1, 0x41,
+        0xEB, 0xCD, 0xDF, 0xEE, 0xB4, 0x85, 0xA0, 0x0B,
+        0xDB, 0xA4, 0xF7, 0xC9, 0x91, 0xF5, 0x3F, 0x2F,
+        0x84, 0x93, 0x39, 0x26, 0xAF, 0x39, 0xE6, 0x96,
+        0x4A, 0xBF, 0x2D, 0xFE, 0xBB, 0xC1, 0x9A, 0x7E,
+        0x31, 0xC5, 0x07, 0x97, 0xB8, 0xDA, 0x29, 0x31,
+        0xE1, 0x0F, 0x3D, 0xAC, 0x49, 0x3F, 0x19, 0x8D,
+        0xFD, 0x78, 0x5D, 0x21, 0xAD, 0xB2, 0xC0, 0x62,
+        0xB0, 0x97, 0xE8, 0x89, 0xA2, 0x07, 0x37, 0xF1,
+        0x86, 0x00, 0x8F, 0x29, 0x28, 0xF6, 0xB8, 0x4D,
+        0x6E, 0x09, 0xE9, 0x75, 0xA8, 0xF2, 0xAA, 0xAD,
+        0xC7, 0x85, 0x23, 0x42, 0x34, 0xFD, 0xA0, 0x37,
+        0x03, 0xA7, 0xC2, 0x1F, 0x81, 0x2D, 0x65, 0x0B,
+        0xD2, 0x51, 0x0B, 0x30, 0xF0, 0x55, 0x00, 0x81,
+        0x04, 0x7A, 0x15, 0x5C, 0x84, 0x85, 0x86, 0xA9,
+        0x6F, 0x10, 0x0D, 0x77, 0x4F, 0x3E, 0x39, 0xE0,
+        0x29, 0xB0, 0x77, 0x7C, 0xD3, 0x3E, 0x68, 0x31,
+        0x8A, 0x11, 0xC1, 0x98, 0x02, 0x93, 0xFA, 0xD3,
+        0xE7, 0x87, 0xD2, 0x0D, 0xFE, 0x7E, 0xEE, 0x70,
+        0x53, 0xC0, 0x5E, 0xEB, 0x6A, 0x15, 0x9B, 0xAA,
+        0xD4, 0x02, 0x0B, 0x9E, 0xC3, 0xF5, 0x37, 0xDA,
+        0x4D, 0xAD, 0xAF, 0xB3, 0xB1, 0xBB, 0x1D, 0xBE,
+        0xB2, 0xD5, 0xB8, 0xF9, 0xD0, 0x5A, 0x01, 0x97,
+        0x98, 0xEA, 0xE0, 0xED, 0x09, 0x9D, 0xB0, 0x66,
+        0xD7, 0x3E, 0xE8, 0xE9, 0xA5, 0x6D, 0xE3, 0x68,
+        0xE8, 0x78, 0xA7, 0xFF, 0x39, 0x14, 0x0D, 0x80,
+        0x21, 0xD5, 0x00, 0x85, 0xE6, 0x25, 0x29, 0x41,
+        0xAB, 0x31, 0x53, 0x09, 0xCB, 0x53, 0xAA, 0xA4,
+        0x9E, 0x86, 0x34, 0x7F, 0xBA, 0xD5, 0x4A, 0x1F,
+        0x87, 0x3E, 0x0C, 0xB4, 0xB8, 0x6A, 0x8D, 0x5B,
+        0x1B, 0x2A, 0x95, 0xD4, 0x85, 0xF3, 0x7A, 0x9F,
+        0xB6, 0x10, 0x5D, 0xF8, 0x44, 0x0F, 0xDB, 0x85,
+        0x78, 0xF2, 0x62, 0x4C, 0x07, 0x93, 0x29, 0x56,
+        0x9A, 0x75, 0xF3, 0x6F, 0x2C, 0x55, 0xD8, 0xD0,
+        0x30, 0xFB, 0xFE, 0xAA, 0x88, 0x89, 0xAD, 0x74,
+        0x6C, 0x32, 0x3B, 0x1A, 0xC4, 0xEC, 0x8C, 0x40,
+        0x3E, 0x77, 0x5A, 0x6F, 0xBE, 0x59, 0x6E, 0x7E,
+        0x6A, 0x5A, 0x28, 0x63, 0x57, 0x66, 0x25, 0x14,
+        0x99, 0x40, 0x97, 0x6F, 0x7C, 0xC9, 0x36, 0x17,
+        0xB4, 0x3F, 0xB1, 0x34, 0x89, 0x07, 0x4E, 0xCA,
+        0xC5, 0xBE, 0xB1, 0xA4, 0xDF, 0xE5, 0x8B, 0x9A,
+        0xD2, 0xE0, 0xC6, 0xA1, 0x5B, 0x76, 0xA7, 0xC2,
+        0xD2, 0x08, 0x72, 0x5A, 0x31, 0x23, 0xCA, 0x4E,
+        0x6F, 0x2C, 0x58, 0x47, 0xEE, 0x5F, 0xA8, 0x38,
+        0x49, 0x19, 0xEF, 0x89, 0x01, 0x1D, 0x21, 0x9B,
+        0x25, 0x7B, 0x3E, 0x4D, 0xC4, 0xF2, 0x09, 0x51,
+        0x60, 0x84, 0x4C, 0xAE, 0xEA, 0xFC, 0xF8, 0x57,
+        0x26, 0x0F, 0x1C, 0x63, 0xD3, 0xB0, 0x5A, 0x67,
+        0xD3, 0xD0, 0xF2, 0xB0, 0xEC, 0x9D, 0xCC, 0x27,
+        0x23, 0xF1, 0x37, 0x55, 0x75, 0x0B, 0xAE, 0x62,
+        0xFC, 0xC3, 0x61, 0xCF, 0xB5, 0x84, 0xF7, 0x74,
+        0xC0, 0x9A, 0xDF, 0x9A, 0x04, 0x31, 0xB2, 0x3E,
+        0x48, 0x8C, 0x35, 0x9C, 0x0A, 0xEF, 0x5B, 0x1C,
+        0x97, 0x87, 0xBD, 0x8F, 0x52, 0xB0, 0x83, 0xBC,
+        0x9D, 0xBC, 0xC9, 0xB3, 0x03, 0x9F, 0x77, 0x7C,
+        0x7E, 0x8E, 0xAB, 0xC8, 0x00, 0x78, 0x05, 0x0C,
+        0xE6, 0xD4, 0x9C, 0x3B, 0xB7, 0x01, 0x68, 0xFA,
+        0x21, 0x77, 0x29, 0x8F, 0xB0, 0xA8, 0xF7, 0x2C,
+        0x1C, 0xD2, 0x8D, 0x66, 0x2A, 0x07, 0xDA, 0xE6,
+        0xC7, 0xAC, 0xB7, 0xFB, 0x8E, 0x7F, 0xDD, 0x01,
+        0xDF, 0xB2, 0x7C, 0x62, 0xEE, 0x68, 0x3F, 0x4E,
+        0x5F, 0x88, 0xC7, 0xC1, 0xDD, 0xDD, 0x5E, 0xEC,
+        0xC1, 0xC3, 0xAF, 0x85, 0x3F, 0x1F, 0xF6, 0xB1,
+        0xD9, 0xDE, 0x67, 0x2F, 0x1B, 0xF6, 0x47, 0x3A,
+        0xF0, 0x02, 0x1D, 0x8A, 0x3D, 0x4D, 0xD0, 0x4A,
+        0x2F, 0xCA, 0x23, 0x25, 0xC7, 0x21, 0xCF, 0x1C,
+        0x82, 0x16, 0x76, 0xD0, 0xA0, 0xD5, 0x74, 0x18,
+        0x66, 0x25, 0xDE, 0x83, 0x1C, 0x84, 0x11, 0xF6,
+        0x41, 0x79, 0xF9, 0x16, 0x7F, 0x78, 0xBC, 0xB2,
+        0x2F, 0xB4, 0x1C, 0x2C, 0xDB, 0x63, 0xC4, 0xDB,
+        0x5E, 0x13, 0x87, 0x66, 0xD3, 0x80, 0x35, 0x89,
+        0x59, 0x8F, 0x11, 0x4F, 0x41, 0xBA, 0x42, 0xCD,
+        0xB1, 0x34, 0x10, 0x20, 0x44, 0x9B, 0xA9, 0x96,
+        0x56, 0x11, 0x39, 0x90, 0xB4, 0xE0, 0x22, 0xD8,
+        0xDA, 0x20, 0xD7, 0x44, 0x49, 0x1C, 0x6E, 0xEA,
+        0xB6, 0x7B, 0x91, 0x8E, 0x80, 0xFF, 0xF3, 0x43,
+        0xCC, 0x5B, 0x4C, 0x8E, 0x58, 0xC3, 0x48, 0x4B,
+        0x01, 0x25, 0xA6, 0x0C, 0x36, 0xAE, 0xF7, 0x63,
+        0x89, 0x4D, 0x35, 0x14, 0x8B, 0x57, 0x8F, 0x41,
+        0x7C, 0x3A, 0x98, 0xA1, 0x43, 0xED, 0xFE, 0x9F,
+        0x8C, 0x95, 0xBC, 0xC3, 0x46, 0xC6, 0xF5, 0xEA,
+        0xF9, 0x7A, 0xAD, 0x11, 0xDA, 0xE0, 0x1C, 0x47,
+        0x7C, 0x22, 0x7A, 0x88, 0xD1, 0x0E, 0xCF, 0xDC,
+        0xF4, 0x50, 0xB3, 0x7F, 0x88, 0x19, 0x68, 0x02,
+        0x78, 0x49, 0xD9, 0xB4, 0x3E, 0x2B, 0xFF, 0x90,
+        0xC6, 0xA3, 0x4A, 0xE4, 0x1B, 0x8B, 0xBD, 0x74,
+        0x30, 0x83, 0xD3, 0xC5, 0x87, 0x86, 0xB0, 0x36,
+        0x67, 0x1C, 0xD6, 0xEE, 0xD9, 0x4D, 0xAE, 0x51,
+        0xF7, 0x61, 0x32, 0x47, 0xEF, 0x86, 0x07, 0xAC,
+        0xF7, 0x4A, 0x3C, 0xCE, 0x93, 0x2F, 0x1C, 0x38,
+        0x69, 0xBD, 0xB3, 0x5C, 0xA1, 0x7F, 0xC6, 0xBA,
+        0x9F, 0x9C, 0x95, 0x6F, 0xF1, 0xD4, 0xD8, 0x80,
+        0x94, 0x32, 0x5C, 0xAB, 0xCE, 0x41, 0x23, 0x3F,
+        0xB1, 0xD8, 0x08, 0xEF, 0x41, 0x01, 0x03, 0x96,
+        0xDE, 0xB0, 0xEC, 0xF5, 0x07, 0x34, 0xD8, 0x18,
+        0xDD, 0xAB, 0x70, 0x01, 0x5A, 0x0A, 0xBD, 0xD1,
+        0x92, 0x6D, 0xFA, 0x49, 0x1F, 0x71, 0x1A, 0xA8,
+        0x5D, 0xA2, 0xA8, 0xEC, 0x60, 0xE3, 0x25, 0x5C,
+        0xCF, 0x97, 0x5C, 0x23, 0xCC, 0x4E, 0x8D, 0xAF,
+        0xDD, 0xED, 0x9F, 0xEC, 0x60, 0xA6, 0x46, 0x7C,
+        0x45, 0xB0, 0x3C, 0xA4, 0x76, 0x49, 0x9A, 0xA3,
+        0x31, 0xB0, 0xE3, 0x99, 0x95, 0x76, 0xCE, 0xC3,
+        0x19, 0x1A, 0x9A, 0x62, 0xBC, 0x1B, 0xEA, 0xC1,
+        0xEA, 0xF2, 0x0E, 0x18, 0xCF, 0xC3, 0x21, 0x61,
+        0x27, 0xDE, 0x4A, 0xAE, 0x2E, 0x75, 0x20, 0x1F,
+        0x9E, 0x42, 0x7E, 0x39, 0xBF, 0x92, 0x11, 0x50,
+        0xEA, 0xB9, 0x49, 0x55, 0x9C, 0x02, 0x2D, 0x87,
+        0x6F, 0xA2, 0x42, 0xC2, 0xA8, 0x45, 0xBC, 0xA7,
+        0x23, 0x5F, 0x72, 0x1B, 0x00, 0x56, 0x78, 0x8A,
+        0x44, 0xEC, 0xC3, 0xEB, 0x98, 0xF0, 0xF5, 0x02,
+        0xB8, 0x9F, 0x8E, 0x74, 0x10, 0xEA, 0x56, 0x79,
+        0xAE, 0x7C, 0x04, 0x34, 0xF1, 0x3A, 0xD8, 0x16,
+        0x42, 0x1D, 0x2F, 0xEE, 0x30, 0xCB, 0xCB, 0x2D,
+        0xAA, 0x6B, 0x85, 0x1C, 0xD1, 0xB6, 0xE9, 0x96,
+        0xDA, 0x7A, 0x75, 0x7E, 0x4C, 0x4D, 0x85, 0x72,
+        0xC8, 0xB6, 0x00, 0xDE, 0x85, 0xDD, 0xB6, 0x53,
+        0x20, 0xD1, 0xCB, 0x71, 0xD9, 0x37, 0x83, 0x49,
+        0xC0, 0xC4, 0x01, 0xAD, 0x4F, 0x9E, 0x91, 0x27,
+        0x21, 0x39, 0x22, 0x8A, 0x8D, 0xA2, 0xF4, 0xFD,
+        0x2F, 0x48, 0x89, 0x1A, 0x4D, 0xCB, 0x06, 0x6D,
+        0x50, 0x1D, 0x44, 0x74, 0x83, 0xB6, 0x11, 0xBB,
+        0x3C, 0x80, 0x55, 0x0A, 0x90, 0xEA, 0x0B, 0x73,
+        0x2D, 0x63, 0x9D, 0x8B, 0x39, 0x26, 0xB6, 0xE7,
+        0xC3, 0x54, 0x53, 0xED, 0x3C, 0xC1, 0x10, 0xBA,
+        0xF5, 0x56, 0xCF, 0x46, 0xD8, 0xFC, 0x21, 0x77,
+        0xE7, 0x6F, 0xB2, 0x66, 0x3B, 0x8B, 0xDD, 0x17,
+        0x1E, 0x94, 0xC0, 0xAC, 0xAF, 0x25, 0xB9, 0x15,
+        0x3B, 0x22, 0xBC, 0xA7, 0x49, 0x91, 0x67, 0x56,
+        0xFB, 0x3E, 0xD3, 0x01, 0x8E, 0x09, 0x44, 0xB6,
+        0xC3, 0xB9, 0xB6, 0xBF, 0xA1, 0x5B, 0x9B, 0xE8,
+        0x03, 0xAC, 0x79, 0x33, 0x3C, 0xD2, 0xC3, 0xA2,
+        0x7A, 0x26, 0xBC, 0x17, 0xCD, 0xA2, 0x57, 0x79,
+        0x8A, 0xE1, 0x6B, 0x28, 0xB4, 0x63, 0xB6, 0xDF,
+        0x3F, 0xA8, 0x7C, 0x2D, 0x74, 0x2D, 0x0F, 0x68,
+        0x85, 0xBE, 0xE0, 0xBE, 0xC6, 0xE2, 0x0D, 0x01,
+        0xE5, 0xDA, 0xDC, 0x86, 0x82, 0x3E, 0x92, 0xD6,
+        0x0F, 0xEC, 0x79, 0xB0, 0xD2, 0x40, 0x24, 0x87,
+        0x53, 0xE4, 0x20, 0x48, 0x38, 0x4C, 0x80, 0x42,
+        0x89, 0x60, 0x48, 0x21, 0xA5, 0x7F, 0x4F, 0x9F,
+        0x50, 0xAE, 0x0C, 0x38, 0x52, 0x7F, 0xE5, 0xA3,
+        0x49, 0x38, 0xDD, 0xBC, 0xDC, 0xD9, 0xA1, 0xD0,
+        0x20, 0x83, 0x9B, 0xEB, 0xB6, 0x2F, 0x9F, 0x41,
+        0xFB, 0xA0, 0x80, 0x52, 0xAB, 0xB8, 0x2F, 0xAD,
+        0xA8, 0x84, 0xCB, 0xE5, 0x63, 0x79, 0x11, 0x03,
+        0xAA, 0x58, 0x55, 0x46, 0xEB, 0xFE, 0xB1, 0x12,
+        0x72, 0xCC, 0x2E, 0x87, 0xA3, 0xB7, 0x5B, 0x3C,
+        0x6B, 0xB1, 0x85, 0x3A, 0xE7, 0xF9, 0xCF, 0x55,
+        0x85, 0xB2, 0x65, 0x3C, 0xF5, 0xEE, 0xA2, 0x44,
+        0xD2, 0x04, 0xEB, 0x26, 0x9C, 0x56, 0xA2, 0x09,
+        0x85, 0x16, 0x06, 0x59, 0xCB, 0x07, 0x25, 0xEE,
+        0x13, 0xCE, 0x35, 0xD5, 0x5E, 0xB0, 0x95, 0xA5,
+        0x34, 0x14, 0xF2, 0x32, 0xDF, 0x81, 0x08, 0xB1,
+        0x80, 0x24, 0xEB, 0x0D, 0xBF, 0x34, 0x5E, 0xB5,
+        0xCD, 0xAD, 0x0B, 0xCE, 0x72, 0x63, 0x50, 0x9A,
+        0x34, 0x1D, 0x54, 0xA7, 0xD5, 0x34, 0xE5, 0x53,
+        0xEA, 0xEF, 0xFE, 0x4E, 0x24, 0x2E, 0xA2, 0x3B,
+        0xCF, 0xE5, 0x9A, 0x58, 0xA6, 0x04, 0x25, 0x88,
+        0x2C, 0xB7, 0xE3, 0xB0, 0xC9, 0xE4, 0xAF, 0xE8,
+        0x69, 0x8E, 0x3D, 0xF5, 0x6A, 0xFD, 0x6D, 0x61,
+        0x1E, 0x91, 0x68, 0x74, 0x7D, 0x87, 0x35, 0xCF,
+        0x92, 0x46, 0xD9, 0x4F, 0x21, 0x26, 0xBE, 0x72,
+        0x7F, 0xB4, 0x2B, 0x22, 0x41, 0xA8, 0x3B, 0x34,
+        0xF0, 0xB9, 0xEB, 0x47, 0x93, 0x8D, 0x72, 0x65,
+        0x02, 0xC5, 0x4E, 0x45, 0x72, 0x76, 0x63, 0x31,
+        0x62, 0x8F, 0xA5, 0xCD, 0xA8, 0x93, 0xC3, 0x53,
+        0x76, 0xAB, 0x45, 0x38, 0xFF, 0x87, 0x17, 0xC2,
+        0x79, 0x5B, 0x0F, 0x51, 0xF0, 0x8E, 0x11, 0x37,
+        0x61, 0x2B, 0x89, 0xB0, 0xC1, 0xE2, 0xCD, 0x1F,
+        0x09, 0x9E, 0x88, 0x55, 0x69, 0x23, 0xAE, 0x57,
+        0xA1, 0xDA, 0xD2, 0xAF, 0xB1, 0x23, 0x0B, 0x50,
+        0x94, 0xA1, 0xB2, 0x1B, 0xAD, 0x7D, 0xBB, 0xC3,
+        0x33, 0xA9, 0x7F, 0x17, 0x93, 0x04, 0x71, 0x8F,
+        0x32, 0x89, 0xB6, 0xDE, 0x31, 0x31, 0x5B, 0x74,
+        0xC1, 0xA7, 0x3A, 0xC7, 0x75, 0x6F, 0xAA, 0x4D,
+        0x7E, 0xB5, 0x68, 0xBB, 0xC6, 0xF7, 0xE7, 0x88,
+        0xCD, 0x08, 0x9B, 0x39, 0x55, 0x64, 0xD2, 0x17,
+        0x6B, 0x00, 0x56, 0xDF, 0xFE, 0x95, 0x2C, 0x77,
+        0x48, 0xB0, 0x48, 0x30, 0x67, 0x20, 0xF6, 0x02,
+        0xB6, 0x7E, 0x8F, 0x6A, 0xDC, 0xC9, 0x1F, 0x8E,
+        0x3A, 0xA4, 0xB8, 0xC4, 0xD7, 0xFA, 0xC2, 0x33,
+        0xAA, 0xF9, 0x36, 0x53, 0xAD, 0x22, 0x09, 0xE2,
+        0xFF, 0x92, 0xDA, 0x30, 0xC2, 0xD5, 0x3F, 0xDE,
+        0xF6, 0xF4, 0xC9, 0x0E, 0xAA, 0x0D, 0xE6, 0x0D,
+        0x59, 0x4A, 0xDA, 0x39, 0x15, 0xDB, 0x24, 0x27,
+        0x9D, 0x86, 0x74, 0x76, 0xEA, 0xD7, 0x57, 0xB4,
+        0xC0, 0x26, 0x4A, 0x1D, 0xB8, 0xA1, 0xF5, 0x7A,
+        0x1B, 0x5D, 0x71, 0x73, 0xBB, 0x1A, 0x96, 0x0C,
+        0xE0, 0x2F, 0xDE, 0xFE, 0xF1, 0x60, 0xD5, 0x12,
+        0x66, 0x7D, 0x65, 0x52, 0x68, 0xFC, 0xC3, 0xA1,
+        0x53, 0xA4, 0x31, 0x47, 0x82, 0xA0, 0xEB, 0xFF,
+        0x84, 0xF6, 0x5F, 0x14, 0xA0, 0xE3, 0xE1, 0x2A,
+        0x13, 0x25, 0x0C, 0x07, 0xD0, 0x8C, 0x22, 0x5B,
+        0x11, 0xA6, 0x83, 0x1B, 0xC2, 0x5C, 0x40, 0x46,
+        0x7B, 0x76, 0x80, 0x04, 0xDD, 0xE0, 0xE8, 0x74,
+        0xA5, 0x11, 0x44, 0xC1, 0x89, 0x20, 0xBD, 0xF2,
+        0x86, 0x09, 0x0B, 0x59, 0xF5, 0x15, 0x64, 0xEA,
+        0x40, 0x70, 0xFB, 0xBF, 0x61, 0xE3, 0x69, 0x64,
+        0x35, 0xF2, 0x8F, 0x63, 0x33, 0x2B, 0x64, 0x49,
+        0x6D, 0xF3, 0xEC, 0x8B, 0x65, 0xD5, 0x4E, 0x1C,
+        0xF4, 0x78, 0x9D, 0xDA, 0xB1, 0x22, 0xDA, 0x6B,
+        0x26, 0x4D, 0x31, 0x2A, 0x71, 0x1C, 0x12, 0x9E,
+        0x3B, 0x07, 0xF4, 0xC6, 0xDA, 0x25, 0xA5, 0x61,
+        0x73, 0xAF, 0x58, 0xB9, 0x0A, 0x71, 0xB7, 0xAC,
+        0xFA, 0x31, 0x61, 0xA8, 0x1F, 0x59, 0xD1, 0x79,
+        0x14, 0xC9, 0x9B, 0xBA, 0xC4, 0xF9, 0xA3, 0x14,
+        0x97, 0x7A, 0x89, 0xCE, 0xF7, 0x69, 0x69, 0x43,
+        0x60, 0x9B, 0xB4, 0x82, 0x79, 0x64, 0xFB, 0x29,
+        0x76, 0x40, 0x3B, 0xD4, 0x99, 0x6F, 0x1E, 0x84,
+        0x2B, 0xF5, 0xAA, 0xAE, 0x1E, 0xCC, 0xA1, 0x12,
+        0x55, 0xB9, 0xE6, 0x00, 0x1C, 0x20, 0xF7, 0x2F,
+        0x1F, 0xD5, 0xE3, 0x2C, 0xDA, 0x32, 0xD8, 0xA7,
+        0xAC, 0x5F, 0x62, 0xB0, 0x9A, 0x0E, 0x61, 0x58,
+        0x47, 0xCA, 0x74, 0x6F, 0x48, 0x95, 0x15, 0xCF,
+        0x8F, 0x18, 0x31, 0x62, 0x85, 0x9F, 0x53, 0xB9,
+        0x7E, 0x9E, 0x5C, 0xA8, 0x00, 0xEE, 0x62, 0x4F,
+        0x72, 0x98, 0x43, 0xA0, 0x00, 0x91, 0x64, 0xA4,
+        0xA9, 0xFF, 0x76, 0xEB, 0x34, 0xE4, 0x70, 0x41,
+        0x84, 0x84, 0x8A, 0x13, 0x9A, 0xD9, 0x7D, 0x90,
+        0x9F, 0x7A, 0x7E, 0xD1, 0x14, 0xF0, 0x87, 0xA4,
+        0xB2, 0xE1, 0xB4, 0xA3, 0x03, 0x23, 0x91, 0x16,
+        0x0B, 0x6F, 0x3A, 0x36, 0x49, 0xFF, 0x15, 0xAE,
+        0xA2, 0xB7, 0x10, 0x7A, 0xF8, 0xA3, 0xB5, 0xFC,
+        0xAD, 0x61, 0xD4, 0x3D, 0x60, 0x2E, 0x62, 0x86,
+        0xA9, 0x00, 0x87, 0x0C, 0xC8, 0xCE, 0x24, 0xE3,
+        0x9E, 0x78, 0xF0, 0x39, 0x7A, 0x0D, 0x7E, 0x27,
+        0xE8, 0xE2, 0xD4, 0x77, 0x6A, 0x44, 0xCB, 0xA2,
+        0x18, 0xEB, 0xCD, 0x88, 0xB3, 0xC2, 0x8C, 0x18,
+        0x2A, 0x7C, 0x9F, 0x4D, 0xBB, 0x2D, 0xBB, 0x5E,
+        0x98, 0x15, 0x63, 0xD6, 0x6C, 0xEE, 0xB7, 0x7E,
+        0x7F, 0x90, 0x34, 0xBD, 0x42, 0x9D, 0x27, 0x63,
+        0x7C, 0xF7, 0x97, 0xDE, 0x82, 0xE0, 0x1F, 0xEB,
+        0xBC, 0xE2, 0x17, 0x1E, 0xFD, 0x01, 0x6E, 0x40,
+        0x2A, 0x42, 0xD7, 0x8E, 0xA1, 0xAC, 0xE2, 0xCB,
+        0x37, 0x0E, 0x75, 0xC9, 0x0A, 0xDF, 0xA1, 0xA7,
+        0x93, 0xB2, 0x16, 0x9C, 0xC2, 0x65, 0x22, 0xDB,
+        0x2F, 0x54, 0x6A, 0xC1, 0xDE, 0x34, 0xC9, 0x08,
+        0x71, 0x20, 0xC4, 0x2A, 0x9F, 0x10, 0xC0, 0x0D,
+        0x49, 0x3C, 0x25, 0x73, 0x01, 0x66, 0xF9, 0xD2,
+        0x19, 0xFB, 0xDA, 0xD2, 0x22, 0xC8, 0xB2, 0x81,
+        0x15, 0x54, 0x33, 0x13, 0x21, 0x08, 0x48, 0xFB,
+        0x2F, 0x04, 0xBF, 0xDC, 0xE1, 0x5D, 0x32, 0x0C,
+        0x36, 0x34, 0xA8, 0xE4, 0xD6, 0x37, 0x55, 0x51,
+        0x59, 0x00, 0xC7, 0x5B, 0xFD, 0x09, 0x0A, 0xD7,
+        0x8D, 0xD5, 0x88, 0x65, 0x9F, 0xBF, 0x97, 0xC9,
+        0x6E, 0x0D, 0x0A, 0xCC, 0x8E, 0x81, 0x5E, 0x60,
+        0x8F, 0x9E, 0x86, 0x1D, 0x79, 0xAF, 0x30, 0x51,
+        0xB9, 0x42, 0xB5, 0x25, 0x70, 0xB6, 0x29, 0x2B,
+        0xF4, 0x8C, 0x2B, 0xFA, 0xA9, 0x07, 0x7D, 0xC7,
+        0x6F, 0xE9, 0x02, 0x68, 0x32, 0x17, 0xB8, 0xBF,
+        0x80, 0x9E, 0xD7, 0xA0, 0x05, 0x0A, 0xDD, 0xBB,
+        0x65, 0xFD, 0xDF, 0xBD, 0x24, 0x01, 0x9C, 0x91,
+        0x81, 0xB5, 0xAC, 0x81, 0x56, 0x61, 0x13, 0xD6,
+        0x69, 0x4E, 0xA6, 0x29, 0x1D, 0x7F, 0x4A, 0x7F,
+        0x56, 0xA4, 0x1E, 0xB9, 0x1F, 0x76, 0x36, 0x8D,
+        0xF8, 0x2B, 0x16, 0x4B, 0x48, 0x59, 0x25, 0x9D,
+        0x71, 0x89, 0x24, 0x0F, 0x1D, 0x88, 0x03, 0xF8,
+        0x10, 0x72, 0x96, 0xD3, 0x78, 0xBA, 0xB4, 0xD2,
+        0x4F, 0xE6, 0xD1, 0x0E, 0xF7, 0x88, 0x36, 0x7B,
+        0xCE, 0x16, 0xC5, 0xAB, 0x77, 0xFB, 0xC1, 0x68,
+        0xB8, 0x57, 0xF7, 0xBA, 0x5C, 0xDC, 0xBE, 0x50,
+        0x67, 0xC8, 0x64, 0xF8, 0x79, 0x80, 0x9F, 0xE5,
+        0x21, 0x7D, 0xEF, 0x02, 0x94, 0xBF, 0xAF, 0xDF,
+        0x80, 0x9A, 0xBC, 0xE9, 0x53, 0x2D, 0xD9, 0xDA,
+        0xB3, 0x44, 0x8F, 0x4D, 0xA6, 0x8E, 0xCA, 0x51,
+        0x60, 0x94, 0x76, 0x27, 0x8E, 0xB8, 0xC4, 0xF6,
+        0x9E, 0xA2, 0x96, 0x73, 0xF6, 0x94, 0x18, 0x04,
+        0x1D, 0x26, 0x85, 0x7E, 0xBC, 0x24, 0xA4, 0x87,
+        0xBB, 0x4B, 0x0B, 0xA6, 0x3A, 0xF8, 0x48, 0x54,
+        0x5E, 0xE9, 0xBE, 0x89, 0xF1, 0x39, 0xD5, 0x02,
+        0x09, 0x9B, 0x9D, 0x35, 0xDB, 0x38, 0x07, 0xB9,
+        0x25, 0xCB, 0xA5, 0x76, 0xE2, 0x71, 0x70, 0xEA,
+        0xEC, 0x48, 0xCC, 0x2C, 0xC1, 0x5B, 0x04, 0x36,
+        0x77, 0x82, 0x5D, 0x0E, 0xE8, 0x1E, 0xB2, 0xCE,
+        0xE3, 0xA8, 0xED, 0x14, 0xA7, 0x98, 0xB8, 0x79,
+        0x53, 0x02, 0x20, 0xE5, 0x0C, 0xE8, 0xC0, 0x03,
+        0xA3, 0x05, 0x38, 0x2A, 0x24, 0xD2, 0x3C, 0x27,
+        0x7B, 0x99, 0xD1, 0xF4, 0xC5, 0x4F, 0x9A, 0x8D,
+        0x33, 0xFA, 0x3D, 0x1E, 0x33, 0x7E, 0x18, 0xD7,
+        0xCB, 0xBA, 0x5E, 0x5A, 0x47, 0xF2, 0xD5, 0xE0,
+        0x96, 0xCF, 0x45, 0x51, 0xB2, 0x3B, 0x1B, 0x86,
+        0x43, 0x6E, 0x81, 0xB4, 0xA0, 0x9D, 0x1E, 0x3D,
+        0x38, 0x49, 0x2E, 0xC8, 0xB2, 0xA0, 0x09, 0x67,
+        0x01, 0x6A, 0xB7, 0x6B, 0x9A, 0x9B, 0x18, 0x64,
+        0x67, 0x14, 0x21, 0xDA, 0x56, 0xF5, 0x7D, 0x00,
+        0x8D, 0x5C, 0xE1, 0xB8, 0x92, 0xA7, 0xE9, 0xC1,
+        0xF6, 0x9F, 0x6C, 0x72, 0x2C, 0xF1, 0x09, 0xDB,
+        0x50, 0x0E, 0x53, 0xF6, 0xBC, 0x07, 0x83, 0x7A,
+        0xD1, 0xCD, 0x4C, 0xF4, 0xA6, 0x4D, 0xA7, 0x63,
+        0xB4, 0xA9, 0xC4, 0x92, 0x9B, 0x0D, 0xCD, 0xDF,
+        0x7C, 0x7E, 0x11, 0x86, 0xBE, 0x3F, 0xF0, 0xC3,
+        0x21, 0x15, 0x84, 0x37, 0x82, 0x0C, 0x81, 0xE7,
+        0x4F, 0xF3, 0x16, 0xAE, 0x32, 0x54, 0xE9, 0x72,
+        0xFC, 0x19, 0x7A, 0x7F, 0x0E, 0x62, 0x02, 0x42,
+        0xAC, 0x05, 0xA4, 0xE4, 0x3E, 0x98, 0x7C, 0x2A,
+        0x83, 0x55, 0xB0, 0x35, 0x77, 0x45, 0xCA, 0x79,
+        0xE6, 0xAE, 0x48, 0xAB, 0x29, 0xED, 0x4F, 0xA6,
+        0x3D, 0x3A, 0x1F, 0x19, 0xB9, 0x99, 0xDE, 0x25,
+        0x1F, 0xDE, 0x06, 0x40, 0xDD, 0x87, 0x87, 0x6D,
+        0x55, 0x76, 0x28, 0x78, 0xAD, 0x1D, 0xB1, 0x2D,
+        0x65, 0xBA, 0xFD, 0x14, 0xB6, 0xA9, 0xA7, 0x08,
+        0x1B, 0xF2, 0x3F, 0x9F, 0x06, 0xD9, 0x0C, 0xE2,
+        0x73, 0xC5, 0xA2, 0x6E, 0x01, 0x2C, 0xA9, 0x4D,
+        0xD4, 0x81, 0xD3, 0x2E, 0x10, 0x93, 0x8C, 0x16,
+        0x51, 0x63, 0xE8, 0x9B, 0xE8, 0xA9, 0x3A, 0x63,
+        0x03, 0x4D, 0x34, 0x5B, 0x74, 0xE2, 0xA9, 0x4E,
+        0xF6, 0x43, 0xD0, 0x6A, 0xF9, 0xE1, 0xF5, 0xC9,
+        0xF1, 0x04, 0x93, 0x0D, 0xA0, 0x0E, 0x61, 0xE0,
+        0x61, 0xEE, 0x8C, 0x3B, 0xB1, 0x7C, 0x11, 0xE0,
+        0x5D, 0x45, 0xC1, 0x68, 0x2E, 0x4D, 0x59, 0x3C,
+        0x91, 0x98, 0x23, 0x8D, 0x2B, 0xA2, 0x89, 0x77,
+        0x9E, 0x7D, 0x0F, 0x22, 0x7B, 0xCB, 0x0B, 0x09,
+        0x97, 0x2B, 0x19, 0x77, 0x0F, 0xF0, 0x11, 0xBF,
+        0x6C, 0x60, 0xD9, 0xD1, 0x93, 0xCF, 0xAB, 0x32,
+        0x74, 0x7A, 0x00, 0x95, 0xE1, 0xA4, 0xAD, 0x32,
+        0x51, 0x4C, 0x78, 0x2E, 0xF3, 0xDE, 0x7A, 0x26,
+        0xEA, 0x77, 0x1F, 0x55, 0x30, 0xD9, 0xDE, 0x97,
+        0x36, 0xD0, 0xF6, 0xAE, 0x1A, 0xFB, 0x78, 0xEC,
+        0x7C, 0xE4, 0x88, 0x4A, 0x1B, 0xB4, 0x36, 0xCF,
+        0xCE, 0x45, 0x9C, 0xD9, 0x93, 0x58, 0x26, 0x09,
+        0x06, 0xAA, 0xC9, 0x97, 0x16, 0xA5, 0x36, 0xCC,
+        0x76, 0x87, 0xA0, 0x37, 0x5F, 0xDA, 0x11, 0x00,
+        0x76, 0x18, 0xE5, 0x53, 0x53, 0x4E, 0x54, 0xD5,
+        0xB2, 0x14, 0xF7, 0xAA, 0x6F, 0xC7, 0xDB, 0xE3,
+        0x7C, 0x2B, 0xD2, 0xB6, 0x48, 0x50, 0xAE, 0x46,
+        0x9A, 0x98, 0x58, 0x98, 0x7F, 0x3F, 0xA4, 0xB1,
+        0xFD, 0x26, 0xD9, 0x54, 0xBF, 0xEC, 0x36, 0x5D,
+        0xBE, 0x06, 0xDD, 0xCD, 0x61, 0x5E, 0x1F, 0xED,
+        0x58, 0xA8, 0x86, 0x76, 0x40, 0x2D, 0x1D, 0x6B,
+        0x58, 0x14, 0x85, 0x49, 0x8B, 0x5A, 0xDF, 0xFF,
+        0xC4, 0x2D, 0x47, 0xD6, 0x1D, 0xF9, 0x93, 0x84,
+        0xE2, 0x2C, 0x51, 0x57, 0xF0, 0x17, 0x8A, 0x6F,
+        0xDA, 0xF8, 0xF4, 0xA9, 0x49, 0x1D, 0xAF, 0x29,
+        0x8B, 0x2C, 0x3E, 0xC8, 0x80, 0x85, 0x02, 0x2C,
+        0x0A, 0x7C, 0xF2, 0x45, 0xED, 0x0F, 0xB5, 0xA3,
+        0x8C, 0xD1, 0x6F, 0x30, 0xD3, 0x7D, 0xA5, 0xC4,
+        0x95, 0x9A, 0x55, 0x50, 0x1D, 0xAD, 0x50, 0xF1,
+        0xB4, 0x8B, 0xBB, 0xDD, 0x86, 0xAB, 0x8B, 0xB5,
+        0x22, 0xA9, 0x36, 0xDD, 0xF0, 0x00, 0x3B, 0x81,
+        0xBE, 0x16, 0x23, 0x1A, 0x04, 0xE7, 0xA5, 0x89,
+        0xC5, 0x6F, 0xFF, 0xB5, 0x1B, 0x07, 0x92, 0x7B,
+        0x4A, 0xFA, 0x1D, 0xB7, 0xD4, 0x8B, 0xC6, 0xFB,
+        0xC3, 0xF3, 0x67, 0x56, 0x37, 0x18, 0x4B, 0x7A,
+        0xDB, 0x9B, 0xAD, 0xF4, 0xDE, 0x7C, 0x08, 0x5B,
+        0xCA, 0x1D, 0x42, 0x8D, 0xC9, 0xFC, 0x82, 0x77,
+        0xCB, 0xD8, 0x58, 0x84, 0xA5, 0x92, 0x1B, 0x52,
+        0xBB, 0x05, 0xB7, 0x10, 0x61, 0x55, 0x08, 0x26,
+        0x1B, 0xB4, 0x54, 0x6B, 0xD6, 0xE1, 0xFC, 0x73,
+        0x0D, 0x16, 0xB0, 0x49, 0xEA, 0x12, 0x79, 0x8C,
+        0xE2, 0xE6, 0xDF, 0x43, 0xF5, 0xB8, 0xF3, 0xEF,
+        0x9A, 0xC8, 0xFB, 0xAE, 0x31, 0xB0, 0x11, 0xE1,
+        0x0C, 0x4F, 0xC6, 0x2F, 0xFD, 0x7F, 0x39, 0xD1,
+        0x6E, 0xC3, 0x2C, 0xA8, 0x21, 0x0E, 0xD1, 0x6E,
+        0x04, 0x1D, 0xA4, 0x3D, 0x92, 0x74, 0x22, 0x95,
+        0x14, 0x05, 0x4A, 0x0F, 0x82, 0xD4, 0x62, 0xFE,
+        0x08, 0x0C, 0x6F, 0xFD, 0x7B, 0xBD, 0xBF, 0xBF,
+        0x0B, 0xFF, 0xC6, 0xD5, 0xEC, 0xC4, 0x32, 0xA3,
+        0x25, 0x6C, 0x0B, 0xE0, 0xDD, 0xFD, 0x5D, 0x90,
+        0x80, 0xC6, 0x76, 0xC7, 0x95, 0x5D, 0x66, 0xE4,
+        0x4D, 0x1C, 0xE5, 0x1F, 0xCC, 0x23, 0x82, 0xF8,
+        0x68, 0xD7, 0x32, 0xE8, 0x58, 0x51, 0x72, 0x1B,
+        0x48, 0xA0, 0x1D, 0x08, 0xC6, 0x39, 0x62, 0x6E,
+        0xE0, 0x50, 0x9C, 0xB5, 0x81, 0xEF, 0xF5, 0x62,
+        0x8F, 0xA6, 0xCC, 0xD1, 0x08, 0x9A, 0xC0, 0xE1,
+        0x2D, 0xEB, 0xE0, 0x85, 0x17, 0x82, 0xE6, 0x4C,
+        0x50, 0x49, 0xCB, 0xD6, 0x50, 0x10, 0x13, 0x96,
+        0x5C, 0xC0, 0xCA, 0x25, 0xAC, 0xAB, 0x17, 0x6E,
+        0xF7, 0xCA, 0xB9, 0x29, 0x40, 0x98, 0x5D, 0xDB,
+        0x49, 0x02, 0x1D, 0xF6, 0xC6, 0x0D, 0x6C, 0x4A,
+        0x48, 0x91, 0x16, 0x31, 0x1E, 0x86, 0xBA, 0x19,
+        0xED, 0xF0, 0x0D, 0x74, 0x79, 0x73, 0x58, 0x20,
+        0x7C, 0xDE, 0x50, 0x50, 0x6D, 0x00, 0x7F, 0xE0,
+        0x3C, 0x88, 0x04, 0xC6, 0x64, 0x51, 0xF0, 0x2A,
+        0x01, 0x82, 0xD3, 0x87, 0xB7, 0x59, 0x89, 0x40,
+        0x96, 0xF6, 0x52, 0x32, 0x95, 0x2D, 0x18, 0x3D,
+        0xBA, 0xAA, 0xBB, 0x6B, 0xC0, 0xE1, 0x91, 0xDC,
+        0x2C, 0x3F, 0x75, 0xFC, 0x72, 0xBD, 0x61, 0xBA,
+        0xB2, 0xEF, 0x19, 0xB6, 0x53, 0x2B, 0x23, 0x1C,
+        0x4A, 0xFB, 0x1A, 0x9C, 0x2C, 0xB2, 0xF3, 0xD6,
+        0xC4, 0x51, 0xE8, 0x44, 0x0D, 0x6A, 0x92, 0x3C,
+        0xF7, 0x2A, 0x63, 0xE2, 0xED, 0x85, 0x54, 0x77,
+        0x38, 0x87, 0x91, 0x0C, 0xA5, 0xC6, 0x71, 0xAD,
+        0x4F, 0xD5, 0x92, 0x3C, 0xB9, 0x5E, 0xC7, 0x3F,
+        0xFD, 0xFB, 0xDA, 0x4B, 0x66, 0x55, 0xF5, 0x5D,
+        0xBF, 0xD1, 0x31, 0x7D, 0x02, 0x44, 0x22, 0x30,
+        0x1E, 0xD6, 0x6A, 0x6E, 0x4C, 0x67, 0x20, 0x85,
+        0xCE, 0xD1, 0xF4, 0xC7, 0xB0, 0x50, 0x30, 0xA1,
+        0x00, 0xC4, 0x78, 0x8F, 0xEF, 0x4C, 0xD3, 0xE4,
+        0x94, 0xA8, 0x53, 0xBD, 0xE6, 0x3E, 0x9D, 0x44,
+        0x9A, 0xE3, 0xBB, 0x6B, 0xA1, 0x08, 0x32, 0x38,
+        0xDA, 0x3F, 0x40, 0x90, 0x51, 0x5D, 0x14, 0x3C,
+        0x67, 0xDB, 0xE5, 0x3D, 0x8D, 0x50, 0x7A, 0x52,
+        0x29, 0xFF, 0xEB, 0x20, 0x72, 0xD0, 0xBD, 0x09,
+        0x2F, 0xC9, 0xAE, 0x52, 0xDE, 0xAA, 0xAC, 0xD1,
+        0xF0, 0xF1, 0x4B, 0x5A, 0xC8, 0x47, 0x52, 0xBF,
+        0xD0, 0x02, 0x5E, 0x5F, 0x55, 0xB8, 0x69, 0x35,
+        0x0F, 0x4B, 0x27, 0x19, 0xC5, 0xC0, 0x5A, 0xC1,
+        0x66, 0x9B, 0xB0, 0xFD, 0x3C, 0x61, 0x4A, 0xCE,
+        0x02, 0xA2, 0x70, 0x61, 0x3F, 0xD3, 0x30, 0x97,
+        0x06, 0xDD, 0xCD, 0x5B, 0x1A, 0x6A, 0xD2, 0x6F,
+        0x35, 0x9A, 0xDA, 0x80, 0xB3, 0x0E, 0x50, 0xA7,
+        0xE5, 0x0B, 0xBD, 0x3A, 0xA4, 0x5D, 0x06, 0x54,
+        0xDD, 0x7D, 0x05, 0x8B, 0x0B, 0xBF, 0x4D, 0x0D,
+        0x92, 0x13, 0x51, 0x42, 0x21, 0x4E, 0xE7, 0x05,
+        0x11, 0xF3, 0x67, 0x6A, 0xE6, 0x43, 0xB5, 0xF2,
+        0x45, 0x06, 0x3B, 0x94, 0x19, 0xCF, 0x6B, 0x49,
+        0xFD, 0x64, 0x7F, 0x27, 0xD7, 0xC4, 0x1C, 0x86,
+        0x6E, 0x6C, 0xAD, 0x9D, 0x5E, 0x2E, 0x3E, 0x33,
+        0x1B, 0xF6, 0xB9, 0xF7, 0x2A, 0xCA, 0x32, 0x9B,
+        0xB6, 0x42, 0x59, 0xC3, 0xE7, 0x97, 0x83, 0xA2,
+        0x66, 0x74, 0xB7, 0xD3, 0x8E, 0xBD, 0xE8, 0x31,
+        0x84, 0x11, 0xF4, 0x76, 0x4E, 0xBD, 0xC4, 0xC7,
+        0xE4, 0x1A, 0xCF, 0xF8, 0x5B, 0xBB, 0x30, 0x31,
+        0x8D, 0x59, 0xC4, 0x2C, 0x92, 0x03, 0xAB, 0xD6,
+        0x63, 0x6B, 0xA3, 0xF7, 0x72, 0xB6, 0x72, 0x51,
+        0x21, 0xC0, 0x52, 0xDE, 0x99, 0x91, 0x0D, 0x55,
+        0x15, 0x8C, 0x6F, 0x3E, 0xF8, 0xBB, 0x7F, 0xED,
+        0xE2, 0xF8, 0x1E, 0x58, 0xA7, 0xAE, 0xB2, 0x5E,
+        0x2E, 0x46, 0xFD, 0x72, 0x32, 0x30, 0x2F, 0xAF,
+        0xA8, 0xFC, 0x37, 0xFC, 0x8B, 0x55, 0xD5, 0x94,
+        0xB7, 0x6E, 0xC4, 0xA5, 0x3E, 0xB1, 0x1E, 0xB3,
+        0xFD, 0x63, 0x44, 0x28, 0xAA, 0xA5, 0xD8, 0x6F,
+        0x83, 0x9D, 0x08, 0x9A, 0xBE, 0x2F, 0xEF, 0xE2,
+        0xAE, 0x52, 0x62, 0xFE, 0xFC, 0x73, 0x48, 0xD8,
+        0x36, 0x69, 0x2E, 0xDB, 0x21, 0x5D, 0x6F, 0x8F,
+        0x54, 0x8B, 0x88, 0x52, 0x90, 0xC2, 0x40, 0x3C,
+        0x51, 0xC3, 0xE2, 0x69, 0xD4, 0x93, 0xFB, 0xD3,
+        0x39, 0xB5, 0xDF, 0xB0, 0xA3, 0x8E, 0xED, 0xA7,
+        0x75, 0x4D, 0xAF, 0xFA, 0x16, 0xE5, 0xBC, 0xA5,
+        0xA9, 0xBB, 0xDE, 0x04, 0xB0, 0x14, 0xB7, 0xAE,
+        0xA8, 0x98, 0x8F, 0x37, 0x49, 0xD5, 0x2D, 0x2F,
+        0xC1, 0xC9, 0xF7, 0xC7, 0xB2, 0xC2, 0xD6, 0x92,
+        0xE7, 0x89, 0x6E, 0x4C, 0x34, 0xF5, 0x7C, 0x55,
+        0x8C, 0xFE, 0x83, 0x17, 0xA8, 0x37, 0x44, 0x09,
+        0xD5, 0x66, 0x87, 0x9A, 0x08, 0x62, 0x8F, 0x64,
+        0x4F, 0xB4, 0x5B, 0x81, 0x84, 0x55, 0xBC, 0xA6,
+        0x04, 0x2B, 0x4E, 0x61, 0x87, 0xC1, 0xDD, 0x17,
+        0x7E, 0x9E, 0x51, 0x46, 0x31, 0x99, 0x04, 0xB1,
+        0x50, 0x5F, 0x3E, 0xE0, 0x0C, 0xD7, 0xFE, 0xAF,
+        0x0E, 0x83, 0xC3, 0x02, 0x49, 0x56, 0xF7, 0x76,
+        0x59, 0xAC, 0xC5, 0x6D, 0x8D, 0x91, 0x7A, 0x37,
+        0xE8, 0xFF, 0x7E, 0xB8, 0x87, 0x13, 0xCC, 0xA3,
+        0x34, 0xEA, 0x04, 0xB8, 0xE2, 0x58, 0xC9, 0x34,
+        0x5D, 0xA9, 0xDE, 0x26, 0xA0, 0xA3, 0x66, 0x51,
+        0x94, 0x51, 0xE1, 0x01, 0x2D, 0xE6, 0xAA, 0xBF,
+        0x46, 0x97, 0xC9, 0xDE, 0x82, 0x1D, 0x70, 0x02,
+        0x1C, 0x32, 0x50, 0xA1, 0x06, 0xCF, 0x4C, 0x23,
+        0xA1, 0xB1, 0x78, 0x5F, 0x54, 0x9D, 0x3C, 0x8C,
+        0xD7, 0x1B, 0x05, 0xFE, 0xA7, 0x53, 0xE0, 0x04,
+        0x6A, 0x3A, 0xE0, 0xA9, 0xB1, 0xF4, 0x02, 0x77,
+        0xCF, 0x45, 0x3A, 0x2B, 0xA1, 0x4C, 0xBA, 0x92,
+        0x3C, 0xC6, 0x26, 0x97, 0x06, 0xDF, 0xFF, 0xD5,
+        0x17, 0xC1, 0xE5, 0x93, 0x00, 0x79, 0x91, 0x2E,
+        0x05, 0xA5, 0x57, 0x18, 0x97, 0xA0, 0x68, 0x65,
+        0x51, 0x6C, 0x86, 0x69, 0x9F, 0x70, 0x7E, 0x00,
+        0xCB, 0x38, 0xCE, 0x19, 0x34, 0x90, 0xAE, 0xE3,
+        0x0B, 0xA4, 0x7D, 0xDD, 0xF3, 0xA5, 0xB4, 0xFB,
+        0xCE, 0xBA, 0x73, 0xDC, 0x13, 0xD0, 0xA1, 0x60,
+        0xEA, 0x64, 0x2D, 0x30, 0xD6, 0x3A, 0x02, 0x96,
+        0x4E, 0xDF, 0xDB, 0x2F, 0x29, 0xDC, 0xD3, 0x2C,
+        0xA9, 0x97, 0x4F, 0x89, 0xC3, 0x2D, 0x1F, 0xA9,
+        0xA8, 0x3C, 0x94, 0xA2, 0x77, 0x0F, 0xCF, 0xCF,
+        0x86, 0xE6, 0x46, 0x46, 0x88, 0x2B, 0xD5, 0x50,
+        0xDD, 0xD6, 0x5B, 0x4E, 0x2D, 0x28, 0x7A, 0xF6,
+        0xC1, 0x96, 0xF4, 0x2D, 0xBD, 0x39, 0xB0, 0x20,
+        0xD7, 0xCD, 0xFB, 0xB6, 0xE6, 0xE7, 0x5F, 0xFA,
+        0xAB, 0x26, 0x09, 0x9E, 0xC1, 0xD2, 0x5E, 0x32,
+        0x34, 0xF7, 0x0D, 0xD9, 0x72, 0x28, 0x6A, 0xEA,
+        0x0C, 0x34, 0x36, 0x59, 0x5F, 0xE4, 0x9F, 0xCA,
+        0x89, 0x8B, 0xFA, 0x42, 0x16, 0x04, 0xC8, 0x2D,
+        0x3E, 0x94, 0x85, 0x6D, 0x18, 0x69, 0x05, 0x07,
+        0x6D, 0x18, 0x6C, 0x68, 0x41, 0x74, 0xBF, 0x42,
+        0x90, 0xDF, 0x31, 0x76, 0x9E, 0xDC, 0x97, 0xA1,
+        0xDF, 0x2D, 0xFE, 0xD0, 0x3C, 0xF4, 0x5C, 0xE6,
+        0x78, 0xC8, 0xA1, 0x42, 0x9E, 0xB9, 0x78, 0xD0,
+        0x2A, 0x79, 0xD4, 0xF8, 0xCF, 0x01, 0x68, 0xDA,
+        0xAB, 0x48, 0x2C, 0x6C, 0x61, 0x2F, 0x04, 0xB1,
+        0xC9, 0x36, 0x37, 0xFE, 0x77, 0xB3, 0x02, 0xCE,
+        0xFA, 0x78, 0x8C, 0x11, 0x35, 0x6C, 0x52, 0xC5,
+        0x4F, 0x37, 0xA9, 0xDC, 0xFD, 0xA5, 0x59, 0x27,
+        0xA8, 0xEF, 0x0A, 0x0C, 0xEA, 0x7C, 0xC4, 0xAD,
+        0xCE, 0xE4, 0x59, 0xEB, 0x64, 0xDF, 0x08, 0xED,
+        0x0F, 0xC2, 0x9F, 0xDC, 0x3C, 0x7B, 0x76, 0x2B,
+        0x39, 0x93, 0x32, 0x06, 0x33, 0x40, 0xD4, 0x73,
+        0x96, 0x62, 0x19, 0xBF, 0xC8, 0x7B, 0x4A, 0x3C,
+        0x91, 0xC8, 0x0F, 0x0E, 0x4B, 0xA8, 0x6A, 0xA1,
+        0x87, 0x9C, 0x76, 0x62, 0x5C, 0x86, 0x80, 0xA2,
+        0x27, 0xAB, 0x22, 0x78, 0x06, 0x59, 0xD4, 0xB5,
+        0xD3, 0x0E, 0x0E, 0x9A, 0x0D, 0xCE, 0x09, 0x4D,
+        0xAF, 0x53, 0x76, 0x79, 0x27, 0x3A, 0x9B, 0x27,
+        0x7E, 0xD2, 0xA2, 0xE2, 0x50, 0xEE, 0xA0, 0x93,
+        0x82, 0x04, 0xC9, 0xE9, 0x63, 0xD3, 0x38, 0x52,
+        0x2A, 0x3D, 0x1A, 0x44, 0x40, 0xE2, 0xA1, 0x23,
+        0x97, 0xA5, 0xB9, 0x7D, 0x35, 0x65, 0x73, 0x07,
+        0xBE, 0xC9, 0x4C, 0xC0, 0xC7, 0x2C, 0x5C, 0x6B,
+        0x09, 0xDA, 0xF2, 0xBA, 0xF0, 0x02, 0x0B, 0x7D,
+        0x8C, 0xA5, 0x60, 0xBF, 0x65, 0x96, 0x92, 0x9A,
+        0xC8, 0xD4, 0xE5, 0x46, 0x0F, 0x78, 0x37, 0xB4,
+        0x1B, 0x4A, 0xE6, 0xFF, 0x12, 0x33, 0x9D, 0xB8,
+        0xEB, 0xD7, 0x02, 0x8A, 0xAC, 0xFE, 0x0B, 0x42,
+        0xE0, 0x2C, 0xDE, 0x90, 0x67, 0x83, 0xAB, 0xFF,
+        0x69, 0x4E, 0x7C, 0xBE, 0x08, 0x97, 0xED, 0x6E,
+        0xD4, 0x38, 0xAC, 0xDB, 0x00, 0xA4, 0x70, 0x9C,
+        0xFE, 0xF7, 0x15, 0x0E, 0xBE, 0xB0, 0x8C, 0x8F,
+        0xF6, 0xC1, 0x54, 0x38, 0x15, 0xF4, 0xB8, 0x95,
+        0x1C, 0x3C, 0xAC, 0xE4, 0x99, 0x58, 0x64, 0x58,
+        0xA7, 0x3C, 0x85, 0x72, 0x38, 0x9A, 0xFC, 0x97,
+        0x03, 0xA7, 0xFE, 0xAF, 0x67, 0x34, 0x45, 0xFB,
+        0x4B, 0x0C, 0xCA, 0xA5, 0x11, 0xD4, 0xA2, 0xCF,
+        0x46, 0x3F, 0x57, 0xE3, 0xA6, 0xD7, 0x2D, 0xA0,
+        0x4B, 0x25, 0x66, 0x99, 0xA3, 0x02, 0x12, 0xE7,
+        0xC5, 0x76, 0x8E, 0xFC, 0x15, 0x1B, 0x71, 0x74,
+        0x41, 0x56, 0x57, 0x5A, 0x2E, 0x94, 0x43, 0x31,
+        0x92, 0x32, 0xD1, 0x59, 0xC6, 0xCC, 0x00, 0x6F,
+        0xDB, 0x57, 0xC5, 0x81, 0x73, 0xAD, 0x8D, 0x2C,
+        0x86, 0x6C, 0x88, 0x87, 0x43, 0x7C, 0x22, 0x38,
+        0x88, 0xE2, 0x1E, 0xF6, 0x7E, 0x1A, 0x33, 0x2C,
+        0x1F, 0xDF, 0xCC, 0x15, 0xEF, 0x17, 0x47, 0x6F,
+        0xE0, 0xFB, 0x57, 0xD4, 0x22, 0x98, 0x94, 0x72,
+        0x5E, 0x14, 0x74, 0xC1, 0xBA, 0x12, 0x16, 0x56,
+        0x28, 0x17, 0xF1, 0x6C, 0x53, 0xEC, 0xE0, 0x1C,
+        0x7F, 0x9E, 0x36, 0x64, 0xEE, 0xDB, 0xBA, 0x94,
+        0x95, 0x29, 0x87, 0x43, 0x1A, 0xA2, 0xA5, 0x7D,
+        0x33, 0x0E, 0xB1, 0x1B, 0x28, 0xE6, 0xBF, 0x77,
+        0x0E, 0x34, 0x9E, 0xCE, 0x35, 0x0C, 0x83, 0xE9,
+        0x0D, 0xA6, 0xFE, 0x0D, 0x0A, 0x4A, 0xB9, 0x71,
+        0x5D, 0xB2, 0x8B, 0xDD, 0x39, 0x7F, 0xAF, 0xA1,
+        0x42, 0x83, 0x02, 0x15, 0x1E, 0x1F, 0x22, 0x2B,
+        0x44, 0x69, 0x87, 0x9E, 0xB5, 0xD0, 0xF0, 0x18,
+        0x60, 0x6A, 0x75, 0x94, 0xBF, 0xC8, 0x2C, 0x39,
+        0x4E, 0x91, 0xB9, 0x26, 0x44, 0x95, 0xC9, 0x06,
+        0x3D, 0x50, 0x52, 0x62, 0x79, 0x9B, 0x9F, 0xCB,
+        0xE6, 0x31, 0x6B, 0xBC, 0xC8, 0xD8, 0x09, 0x30,
+        0x53, 0x63, 0x6A, 0x74, 0xD4, 0xFA, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x02, 0x0F, 0x16, 0x1B, 0x1F,
+        0x29, 0x2E, 0x36
+    };
+#endif
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte pk_44_draft[] = {
+        0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96,
+        0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9,
+        0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C,
+        0x08, 0xF0, 0x45, 0xA9, 0xDD, 0x5A, 0xB8, 0x8C,
+        0x0A, 0x51, 0xA9, 0xBA, 0x89, 0x0F, 0x4C, 0xCB,
+        0x9D, 0x0A, 0x41, 0x3F, 0x9C, 0xF4, 0x13, 0x36,
+        0x79, 0x49, 0x00, 0x90, 0xBB, 0x57, 0x3B, 0xBD,
+        0x2E, 0x18, 0xB3, 0xD0, 0xA5, 0x0E, 0x6B, 0x67,
+        0xFF, 0x98, 0x8C, 0xDD, 0x07, 0xE8, 0xA7, 0xA1,
+        0x3F, 0xAE, 0xFB, 0xD6, 0xC0, 0xF8, 0xF3, 0x34,
+        0xA5, 0x17, 0xC2, 0x34, 0x88, 0x92, 0x65, 0xA6,
+        0xE8, 0x66, 0x57, 0xFE, 0x86, 0x08, 0xF7, 0xDF,
+        0xA0, 0x5B, 0x70, 0x3E, 0x91, 0x6C, 0x63, 0xA0,
+        0xA3, 0x75, 0x55, 0xF8, 0xB6, 0xAA, 0xD4, 0x1B,
+        0x78, 0x5E, 0x42, 0x9F, 0x96, 0xE4, 0xA0, 0x50,
+        0xB6, 0x94, 0x2D, 0xC3, 0xE3, 0x36, 0x2B, 0x9D,
+        0x6B, 0x7A, 0xEF, 0xF5, 0x68, 0xF2, 0x11, 0xDF,
+        0x87, 0xA0, 0x9A, 0xC4, 0x61, 0xFB, 0xA4, 0x1C,
+        0x98, 0x3F, 0xC9, 0x52, 0x59, 0x3B, 0x47, 0x4D,
+        0xF5, 0x24, 0xA3, 0xD8, 0x63, 0xE1, 0xED, 0xDC,
+        0xFD, 0xEB, 0x96, 0xFB, 0xF3, 0xE7, 0x50, 0x9C,
+        0x72, 0x61, 0xC7, 0x3C, 0xCE, 0xF2, 0xEB, 0x22,
+        0x55, 0x6B, 0x9F, 0x25, 0xE4, 0x45, 0xE1, 0xFB,
+        0x3E, 0x2E, 0x4E, 0x92, 0x4F, 0x8A, 0x85, 0xEB,
+        0x63, 0x2C, 0x05, 0x0F, 0x9A, 0xEC, 0x0E, 0x9D,
+        0x05, 0x81, 0x46, 0x82, 0xEA, 0x74, 0x91, 0xD5,
+        0x2A, 0xBC, 0xCC, 0xBB, 0xD6, 0x7F, 0x5F, 0x9A,
+        0xD3, 0xBD, 0xEB, 0x14, 0xBA, 0x84, 0x27, 0x13,
+        0x32, 0xB5, 0xF3, 0x71, 0xAC, 0x47, 0x19, 0x6B,
+        0x5E, 0x43, 0x50, 0xC2, 0xA8, 0x82, 0xF5, 0x97,
+        0x9B, 0x27, 0x62, 0xFB, 0xB7, 0xFF, 0x6B, 0xC8,
+        0x52, 0x1E, 0xFB, 0x97, 0x39, 0x1E, 0x7F, 0x01,
+        0xF8, 0x34, 0x47, 0xAA, 0xB2, 0x64, 0xB5, 0x9E,
+        0x28, 0x18, 0xCB, 0x4A, 0x94, 0xBE, 0x6A, 0x43,
+        0x5B, 0xAE, 0x21, 0xA4, 0x63, 0x64, 0x46, 0x0C,
+        0x6B, 0x36, 0x1C, 0x2A, 0x3B, 0x64, 0xFA, 0xA0,
+        0xAB, 0xE3, 0x3B, 0x7D, 0xB0, 0x23, 0x99, 0x21,
+        0x55, 0x59, 0xBF, 0xD6, 0xDB, 0xB8, 0xDB, 0x09,
+        0x5E, 0xBC, 0x32, 0x3C, 0xAC, 0xAB, 0x1A, 0x63,
+        0x32, 0x21, 0x10, 0xD5, 0x8D, 0x7A, 0x5F, 0xCE,
+        0x72, 0x8D, 0x2A, 0xED, 0x1D, 0x30, 0x38, 0x5D,
+        0x3E, 0x62, 0xC2, 0x8E, 0xC9, 0x9F, 0x8C, 0x50,
+        0x3F, 0xC6, 0xCE, 0x86, 0x4D, 0x67, 0x3D, 0x09,
+        0xB6, 0x27, 0x14, 0x57, 0x14, 0xED, 0xC9, 0x8F,
+        0xAC, 0x9E, 0xAC, 0x6F, 0xB5, 0xB2, 0xE6, 0x8D,
+        0x9D, 0x5E, 0xE6, 0x78, 0x77, 0x09, 0x94, 0x35,
+        0x5E, 0x3B, 0x64, 0x04, 0x38, 0xD4, 0x5B, 0x04,
+        0xB8, 0x6C, 0x33, 0x97, 0xE1, 0x58, 0x54, 0x32,
+        0xB3, 0x0F, 0x37, 0x69, 0x39, 0xCE, 0x57, 0x31,
+        0x5C, 0x75, 0xA8, 0x94, 0xD0, 0x39, 0x2D, 0xB4,
+        0x73, 0xA7, 0xA4, 0x7C, 0xBE, 0x34, 0x03, 0x2D,
+        0x99, 0x1D, 0xDF, 0x32, 0x26, 0xB7, 0x45, 0x1B,
+        0x03, 0xCD, 0xEE, 0x9D, 0x58, 0xA8, 0xA7, 0x76,
+        0x1B, 0x17, 0x42, 0xD9, 0x69, 0x0F, 0x26, 0x3A,
+        0x9D, 0x70, 0x9B, 0x4E, 0x81, 0xEB, 0x96, 0x02,
+        0xB5, 0xB3, 0x92, 0x31, 0xFE, 0xBC, 0x38, 0x11,
+        0x5A, 0x47, 0xED, 0x0A, 0x2A, 0xE2, 0xB8, 0x47,
+        0x13, 0x5E, 0x43, 0x97, 0xD5, 0xFA, 0x31, 0x02,
+        0x58, 0xE9, 0x9E, 0xB5, 0x3F, 0x85, 0x92, 0x0E,
+        0xB9, 0xDB, 0xE0, 0xEE, 0x56, 0x76, 0x64, 0x8F,
+        0xF2, 0xE2, 0x47, 0x81, 0xD4, 0xA4, 0x82, 0x43,
+        0x69, 0xAE, 0x8E, 0x48, 0x50, 0x84, 0x93, 0x3B,
+        0x9C, 0x65, 0xD3, 0x6F, 0xCD, 0x90, 0xA0, 0xD8,
+        0xA0, 0xE1, 0x79, 0xCC, 0xD5, 0x1F, 0x71, 0x73,
+        0x93, 0xE7, 0xB2, 0xB0, 0x78, 0x17, 0xD7, 0x79,
+        0xDE, 0xCC, 0x83, 0x7D, 0x5A, 0xF2, 0x0E, 0xA6,
+        0xB1, 0x76, 0x61, 0x15, 0x88, 0x8E, 0xD7, 0xA6,
+        0x51, 0xBF, 0x9C, 0xD1, 0x0A, 0xFC, 0xDA, 0x65,
+        0xA5, 0x65, 0xFE, 0xB2, 0xED, 0x07, 0x74, 0x42,
+        0x4C, 0xF5, 0x42, 0x3D, 0xAF, 0x5F, 0x4D, 0x72,
+        0x51, 0xE6, 0x3F, 0x68, 0xCC, 0xC5, 0x2D, 0x89,
+        0x01, 0xD8, 0x80, 0xB4, 0xFC, 0xEB, 0x3B, 0xBE,
+        0x7C, 0xFA, 0x24, 0x27, 0xE1, 0x05, 0x94, 0x67,
+        0xAD, 0xB3, 0x47, 0x7D, 0x28, 0x18, 0xC1, 0xC9,
+        0xB8, 0xA1, 0x2A, 0x95, 0xBB, 0x5D, 0xC9, 0x42,
+        0x4F, 0x64, 0x94, 0x07, 0x5F, 0x65, 0xD3, 0xA5,
+        0x65, 0xEE, 0x67, 0x2C, 0x10, 0x65, 0x81, 0x4D,
+        0x7F, 0xAF, 0x2E, 0x97, 0x9E, 0x11, 0xA3, 0xF5,
+        0x3E, 0xDE, 0xB1, 0x1D, 0x44, 0x72, 0x90, 0x74,
+        0xFD, 0x47, 0x82, 0xA6, 0x04, 0x3E, 0x28, 0x3C,
+        0x15, 0xDF, 0xC4, 0x7A, 0x7C, 0xF5, 0x5A, 0xC6,
+        0xFB, 0xE4, 0xC2, 0xE0, 0x6E, 0x4C, 0x09, 0x2E,
+        0xE3, 0xE6, 0x3A, 0xEF, 0xF6, 0x54, 0xDC, 0x92,
+        0xBE, 0x8F, 0x24, 0x8E, 0x70, 0x53, 0x90, 0x3D,
+        0x06, 0xA5, 0x0A, 0x72, 0xA0, 0x7B, 0x22, 0x14,
+        0x80, 0x43, 0xAD, 0xDC, 0x11, 0xFC, 0xFF, 0xCF,
+        0x5E, 0xA4, 0x69, 0x1C, 0x09, 0x09, 0xC3, 0x3D,
+        0xF5, 0xE7, 0x05, 0x6F, 0x16, 0x33, 0x75, 0xB4,
+        0x9B, 0x7B, 0x26, 0xDB, 0xE7, 0x27, 0x56, 0xD3,
+        0x91, 0x82, 0x9D, 0xEB, 0x96, 0x3E, 0xE8, 0x40,
+        0xAB, 0x5D, 0x6C, 0xB7, 0xA6, 0x36, 0x07, 0xD4,
+        0xE7, 0x7C, 0xD4, 0x5C, 0x36, 0xE4, 0xFC, 0x7C,
+        0x8A, 0x36, 0x8D, 0x53, 0x43, 0xD4, 0xAC, 0x0B,
+        0x1B, 0xBA, 0x32, 0x88, 0xFA, 0xCE, 0xC1, 0xB9,
+        0x34, 0x3C, 0xAC, 0xA0, 0xF4, 0xF2, 0x83, 0xA8,
+        0xBB, 0x6F, 0x12, 0xC6, 0xB5, 0x3C, 0xDE, 0xA8,
+        0x49, 0x66, 0x97, 0xD7, 0x7E, 0x37, 0xF7, 0xCE,
+        0x7C, 0xF8, 0xC8, 0xBB, 0x8C, 0xB5, 0x3B, 0x3F,
+        0xB9, 0x51, 0x68, 0x00, 0xD7, 0x2E, 0x1C, 0x10,
+        0xAF, 0x9F, 0x3C, 0xD2, 0xAC, 0xE5, 0xBE, 0x94,
+        0xB9, 0x60, 0xF5, 0xB2, 0x70, 0x24, 0xE8, 0x8A,
+        0x2C, 0xD8, 0x95, 0xAF, 0xAA, 0xA9, 0xA5, 0x2B,
+        0xCA, 0xE0, 0x58, 0x44, 0x02, 0x3F, 0xF8, 0x21,
+        0x0C, 0x29, 0xB7, 0xD5, 0x08, 0x9E, 0x69, 0x81,
+        0xD4, 0x6C, 0xC5, 0x0B, 0xF6, 0xEF, 0xAB, 0x01,
+        0xEA, 0xDF, 0x36, 0x2C, 0x5C, 0xFB, 0xEB, 0xC8,
+        0x4F, 0x71, 0x80, 0xD7, 0x00, 0xC9, 0x32, 0x5D,
+        0x02, 0x4F, 0x96, 0x94, 0x71, 0xCD, 0x98, 0xC4,
+        0x25, 0x7A, 0x92, 0xF1, 0x9B, 0xA0, 0x34, 0x30,
+        0x6C, 0x41, 0x59, 0xD5, 0x01, 0x5D, 0xD6, 0x56,
+        0xEA, 0x05, 0xF2, 0xFC, 0xF8, 0x58, 0xFA, 0x12,
+        0x9C, 0x5A, 0x5C, 0xD5, 0x3D, 0xC7, 0x5D, 0x1B,
+        0x99, 0x2A, 0x6A, 0x4C, 0xF9, 0xEA, 0x9D, 0x70,
+        0x53, 0xBC, 0xBE, 0xAD, 0x61, 0xC7, 0x2D, 0x77,
+        0xEF, 0x61, 0xC7, 0xBE, 0x9C, 0x73, 0xC1, 0xD5,
+        0xD4, 0x5C, 0x5F, 0x21, 0x6A, 0x5C, 0xEE, 0x78,
+        0xAA, 0xC6, 0x6C, 0x56, 0xDB, 0x38, 0x5A, 0x94,
+        0x12, 0xB8, 0x73, 0x7C, 0xDF, 0x9A, 0x27, 0xCD,
+        0xC5, 0xD1, 0xD3, 0xCA, 0x0E, 0x37, 0x0A, 0xC1,
+        0x6F, 0xAD, 0xE3, 0x32, 0x94, 0x6C, 0x20, 0xB5,
+        0xED, 0xE6, 0x2D, 0x34, 0x39, 0x58, 0xD2, 0x1E,
+        0x63, 0x8D, 0xFA, 0xFF, 0xB5, 0xE8, 0x40, 0xC8,
+        0x42, 0x38, 0x7A, 0x01, 0x80, 0xFF, 0x52, 0x3F,
+        0xE9, 0x89, 0x63, 0xAD, 0x91, 0x5F, 0xCE, 0x0A,
+        0x47, 0x87, 0xF9, 0x6D, 0xD7, 0x79, 0xEF, 0xCE,
+        0x10, 0x7B, 0x73, 0x43, 0xBE, 0x51, 0xA0, 0xDF,
+        0xE5, 0xEC, 0xA9, 0x63, 0xF6, 0x5E, 0x72, 0x36,
+        0x22, 0x86, 0xEE, 0x4E, 0x4A, 0x76, 0xFD, 0x86,
+        0xBA, 0xE6, 0xD6, 0xC4, 0xD2, 0xE6, 0xFF, 0xB2,
+        0x5B, 0x39, 0xF9, 0xC3, 0x29, 0xA8, 0x61, 0x3A,
+        0x33, 0x34, 0x89, 0xC9, 0x83, 0xF9, 0xB2, 0x70,
+        0x21, 0x54, 0x44, 0x94, 0x70, 0xAD, 0x70, 0x18,
+        0x84, 0x38, 0x91, 0xFB, 0xDE, 0x5E, 0x3D, 0xE3,
+        0xB2, 0xA7, 0x3C, 0x1D, 0x49, 0xA6, 0x66, 0x7C,
+        0x4B, 0xEB, 0xB0, 0xA7, 0x7C, 0xC5, 0xAE, 0x45,
+        0x1F, 0xBE, 0x0E, 0x2F, 0x11, 0xDC, 0x92, 0x08,
+        0xAA, 0x18, 0x38, 0xFE, 0x61, 0xBE, 0x9D, 0xC3,
+        0x3A, 0x1F, 0x2F, 0xB6, 0x6E, 0xB6, 0x54, 0x97,
+        0x74, 0x06, 0xBC, 0x12, 0x2D, 0x64, 0x18, 0x14,
+        0x25, 0x5A, 0xCB, 0x7B, 0xD7, 0x9D, 0xC3, 0x2C,
+        0xC2, 0x0B, 0x19, 0x10, 0xD2, 0x57, 0xF0, 0xDF,
+        0xA4, 0x95, 0xA4, 0x5A, 0xA0, 0x2D, 0x0F, 0xA0,
+        0xBC, 0xF7, 0x60, 0x7F, 0x38, 0xE1, 0x17, 0x0D,
+        0x36, 0x08, 0xF5, 0xF9, 0x75, 0x28, 0x75, 0xAC,
+        0xA9, 0x2B, 0x75, 0xC4, 0x41, 0xE0, 0x0D, 0x5C,
+        0xBC, 0x5F, 0x49, 0x16, 0x25, 0x38, 0x16, 0xE1,
+        0x0C, 0x2C, 0x9C, 0x63, 0xA8, 0x5F, 0x70, 0xF4,
+        0x64, 0xC7, 0x10, 0x19, 0x52, 0x19, 0x6E, 0x9B,
+        0x5C, 0x09, 0x4F, 0xEE, 0xB6, 0x7C, 0x85, 0xC9,
+        0x6E, 0xCB, 0x33, 0x32, 0x42, 0x9D, 0x57, 0x18,
+        0xE6, 0x55, 0x94, 0x74, 0x02, 0xEE, 0xEB, 0xAA,
+        0xF7, 0xD3, 0x45, 0x7A, 0x49, 0x6F, 0x83, 0x89,
+        0x00, 0xE4, 0xAA, 0x20, 0x87, 0x10, 0xAD, 0xC0,
+        0x0E, 0xF5, 0x93, 0x57, 0xE5, 0x45, 0x7A, 0xBD,
+        0x82, 0x87, 0x50, 0x0F, 0xE1, 0x2C, 0x0C, 0x6D,
+        0xEE, 0xC8, 0x94, 0xB8, 0x39, 0xF3, 0x3C, 0xFE,
+        0x7E, 0xC1, 0x0F, 0xB4, 0x67, 0xA2, 0xDF, 0xC6,
+        0x9D, 0xB5, 0x9D, 0xB8, 0x72, 0x50, 0xBD, 0xB3,
+        0xDB, 0xF6, 0x87, 0x5E, 0x26, 0x93, 0xF0, 0xD4,
+        0x0D, 0x68, 0xA4, 0x8B, 0xBD, 0x2C, 0x6E, 0xD8,
+        0x4F, 0x81, 0x5D, 0x0D, 0xAC, 0x72, 0x65, 0xEC,
+        0x4E, 0xF2, 0x4E, 0x5F, 0x67, 0x04, 0xF3, 0x08,
+        0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9,
+        0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4
+    };
+    static const byte msg_44_draft[] = {
+        0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B,
+        0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA,
+        0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A,
+        0xA8, 0x23, 0x2B, 0x13, 0x9B, 0xBD, 0x46, 0x37,
+        0x30, 0x60, 0xA7, 0x5B, 0xC4, 0x48, 0x63, 0x5F,
+        0x41, 0x35, 0x38, 0x69, 0xF9, 0x6F, 0xB5, 0x65,
+        0x26, 0xDB, 0xAE, 0xB7, 0x5C, 0xFE, 0x2C, 0x03,
+        0xCB, 0x43, 0x08, 0x58, 0x5E, 0x27, 0xD1, 0x42,
+        0x14, 0xF2, 0x4B, 0xD7, 0x13, 0xE4, 0x96, 0x74,
+        0x6A, 0xC1, 0x36, 0xC7, 0x9D, 0x0F, 0x7D, 0xB0,
+        0x7B, 0x8A, 0x3A, 0x6D, 0x00, 0x5B, 0x29, 0x7B,
+        0x37, 0xBA, 0x3F, 0x5B, 0xBD, 0xCE, 0x21, 0x77,
+        0xFD, 0xD6, 0x78, 0x77, 0x20, 0x31, 0xF0, 0x60,
+        0x49, 0xAE, 0x12, 0x86, 0x7A, 0x64, 0xBD, 0x0B,
+        0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D,
+        0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D
+    };
+    static const byte sig_44_draft[] = {
+        0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1,
+        0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17,
+        0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5,
+        0xC2, 0x45, 0x29, 0xB9, 0xEC, 0x6F, 0x3B, 0xF2,
+        0xDC, 0x2F, 0xC7, 0x34, 0x5A, 0x1E, 0xFE, 0x0C,
+        0xCA, 0xB9, 0x6A, 0xD8, 0xDA, 0xBA, 0xAA, 0x80,
+        0x90, 0xDC, 0x8C, 0x6C, 0x22, 0xFF, 0xC4, 0x90,
+        0x9E, 0xE9, 0xA5, 0x45, 0xFC, 0xE8, 0x64, 0x53,
+        0x9E, 0xC4, 0x17, 0xE1, 0xB2, 0x1A, 0x31, 0x40,
+        0x26, 0x9D, 0x5E, 0x03, 0x6A, 0xC6, 0x09, 0x19,
+        0xDD, 0xB3, 0x63, 0xE0, 0x35, 0xCD, 0xB4, 0x2E,
+        0x25, 0x38, 0x6E, 0x6C, 0x76, 0xA9, 0x19, 0x75,
+        0x68, 0x6E, 0xB7, 0xAB, 0xAD, 0x8F, 0x63, 0x64,
+        0x97, 0x4E, 0x56, 0x82, 0x30, 0x45, 0x86, 0x22,
+        0x64, 0xDA, 0xD2, 0xAE, 0x54, 0x70, 0x5C, 0xF1,
+        0xEB, 0xD1, 0x84, 0x8D, 0xFF, 0x86, 0x15, 0xE6,
+        0x20, 0xCE, 0x14, 0x89, 0xEF, 0xFA, 0x2E, 0xF8,
+        0x60, 0xCA, 0x53, 0x52, 0xE4, 0xD5, 0xC8, 0x2E,
+        0x50, 0xD5, 0x9D, 0x90, 0xA6, 0x12, 0xC7, 0xF1,
+        0x70, 0x0D, 0xE2, 0x89, 0x5B, 0x31, 0x6A, 0x21,
+        0x79, 0x9C, 0xBE, 0x77, 0x6E, 0xA6, 0xBF, 0x51,
+        0x05, 0x2A, 0x83, 0x50, 0x7E, 0x86, 0x14, 0xD1,
+        0x50, 0x53, 0x1F, 0x1C, 0x5E, 0x50, 0x24, 0x69,
+        0x6C, 0x91, 0x55, 0x35, 0x19, 0x6F, 0xE0, 0xDC,
+        0xB5, 0xD6, 0x48, 0x7E, 0x78, 0x61, 0x59, 0x2C,
+        0xD0, 0x1B, 0x42, 0x58, 0xAF, 0x7A, 0x39, 0xCA,
+        0x02, 0x1C, 0x50, 0xEF, 0xE9, 0xE1, 0xDE, 0x31,
+        0x8D, 0x09, 0x51, 0xC9, 0xDB, 0x16, 0xF9, 0xB9,
+        0x45, 0x54, 0x81, 0x16, 0xD7, 0x14, 0xD8, 0xBE,
+        0x9C, 0xCA, 0x53, 0xFE, 0x8F, 0x24, 0x99, 0x0D,
+        0xBA, 0x7F, 0x99, 0x42, 0x11, 0x9B, 0x32, 0xDD,
+        0x93, 0x5C, 0xBA, 0x2D, 0xD3, 0xB3, 0xF2, 0x48,
+        0x13, 0x9C, 0x80, 0xBB, 0x8D, 0xF4, 0xC7, 0xAA,
+        0xEB, 0xC6, 0xFD, 0xB8, 0x35, 0x95, 0x87, 0x2B,
+        0x9E, 0xCF, 0x48, 0xF3, 0x2D, 0xFF, 0x70, 0xF4,
+        0xCE, 0x35, 0x68, 0x7E, 0x9D, 0xDF, 0xD5, 0x0C,
+        0xCD, 0xE3, 0x51, 0xB0, 0x90, 0x86, 0xE5, 0xD1,
+        0xF1, 0x3B, 0x72, 0x42, 0x73, 0x07, 0x03, 0xE2,
+        0xFB, 0x40, 0x3F, 0xD4, 0xC8, 0x30, 0xB6, 0x86,
+        0x49, 0x8A, 0x17, 0xDB, 0x8F, 0x46, 0x6C, 0x3A,
+        0xC3, 0x49, 0xCD, 0x59, 0x68, 0x81, 0x66, 0x03,
+        0xD7, 0x24, 0xAF, 0x1F, 0x77, 0xC7, 0xFB, 0xF7,
+        0x83, 0xCD, 0xA2, 0x6D, 0x35, 0x0C, 0x8B, 0xBC,
+        0x29, 0x3A, 0x7F, 0xAC, 0xB9, 0xF9, 0x78, 0x50,
+        0x6A, 0x67, 0xFC, 0xDC, 0x6F, 0x01, 0x65, 0x06,
+        0x82, 0x81, 0xB0, 0x7D, 0x25, 0x5D, 0x74, 0x0B,
+        0x68, 0x5F, 0x51, 0x2C, 0x82, 0xF3, 0x1D, 0x92,
+        0xF6, 0xA9, 0xA9, 0x6A, 0x77, 0x57, 0x58, 0xAA,
+        0x7C, 0xBE, 0x35, 0xF4, 0x56, 0xDE, 0x42, 0x01,
+        0x2D, 0xB8, 0x28, 0x83, 0x7B, 0xA0, 0xA9, 0x7D,
+        0xC3, 0x30, 0x13, 0x52, 0xD0, 0xA1, 0xC8, 0xA1,
+        0x2C, 0x51, 0x49, 0xAE, 0xA8, 0x04, 0xCB, 0xA8,
+        0x66, 0x01, 0x26, 0xDF, 0x2D, 0x1C, 0x21, 0xA2,
+        0x4E, 0xBD, 0xA5, 0x48, 0x2A, 0x2D, 0x56, 0x60,
+        0x20, 0x98, 0x4D, 0x15, 0x7D, 0x02, 0xB6, 0x3A,
+        0xE4, 0x11, 0xAE, 0xF7, 0x3E, 0x5D, 0x56, 0x4F,
+        0x6A, 0xA3, 0x0A, 0xEA, 0xCC, 0x35, 0x8A, 0xB7,
+        0xC4, 0x8F, 0x25, 0x3E, 0x42, 0x41, 0x2B, 0xA5,
+        0x1F, 0xA7, 0x3B, 0x87, 0x22, 0x86, 0x79, 0xD5,
+        0xE5, 0x2A, 0xA2, 0xCD, 0x68, 0xCE, 0xB8, 0x18,
+        0x6D, 0xEF, 0x1C, 0x36, 0x7F, 0x75, 0x50, 0x36,
+        0x1B, 0x58, 0xEB, 0x32, 0xA1, 0xC8, 0xAF, 0x47,
+        0xE1, 0x26, 0x73, 0x1F, 0x5D, 0x73, 0x30, 0x13,
+        0x2F, 0xC7, 0x8B, 0xA3, 0x03, 0xB4, 0xA8, 0x86,
+        0x25, 0x29, 0xD1, 0x75, 0x10, 0xEE, 0x7F, 0x56,
+        0xBC, 0x0D, 0x59, 0xB4, 0xAE, 0xC9, 0x44, 0x0A,
+        0xF7, 0x0D, 0xBF, 0x17, 0x6A, 0x22, 0x9C, 0x75,
+        0x2B, 0x3E, 0x22, 0xB8, 0x2F, 0x4B, 0x68, 0xF1,
+        0x07, 0xE3, 0x47, 0x47, 0x21, 0x9C, 0xA3, 0x5B,
+        0x31, 0x0A, 0x14, 0xD9, 0x7C, 0xA8, 0xC0, 0xC6,
+        0x5C, 0xAD, 0x05, 0xD6, 0x15, 0xD3, 0xEC, 0xEC,
+        0x32, 0xC2, 0xFF, 0xF4, 0x96, 0x9C, 0xC8, 0x65,
+        0xA0, 0xB2, 0xD6, 0xF4, 0x98, 0xBB, 0xB1, 0x4E,
+        0xA5, 0x11, 0x3B, 0x4E, 0xA8, 0xEB, 0x90, 0xAB,
+        0xD8, 0x25, 0x10, 0xE3, 0x66, 0xB5, 0xA5, 0x11,
+        0x60, 0xA0, 0xCB, 0xDF, 0x77, 0x8A, 0x80, 0x4C,
+        0x07, 0x9B, 0x1B, 0x45, 0x95, 0x29, 0x1D, 0x88,
+        0x85, 0xAC, 0x32, 0x94, 0x26, 0x87, 0x12, 0x0A,
+        0x2F, 0x9E, 0xAE, 0x69, 0x79, 0x25, 0x5A, 0x50,
+        0xF4, 0xDB, 0x15, 0x20, 0x9F, 0x7A, 0x7A, 0xF2,
+        0xE5, 0x8A, 0x63, 0x6A, 0xDD, 0xBD, 0x06, 0xCB,
+        0x42, 0xF0, 0x20, 0xA9, 0x3B, 0x52, 0xD8, 0x68,
+        0x37, 0x71, 0x07, 0xB8, 0x5B, 0xFE, 0xA0, 0xEC,
+        0xBD, 0x75, 0xFF, 0x9C, 0x89, 0xDF, 0x01, 0xE7,
+        0x17, 0x7D, 0xA7, 0xE8, 0x27, 0x9E, 0xA2, 0x41,
+        0x66, 0xE6, 0xDB, 0x8B, 0x5A, 0x3F, 0x6C, 0xC9,
+        0xE3, 0x4F, 0x0D, 0xD0, 0x92, 0x1E, 0x27, 0x41,
+        0xF2, 0xB3, 0x08, 0x32, 0x03, 0x6D, 0x2C, 0x4F,
+        0x78, 0xEC, 0x99, 0xB3, 0x94, 0x6C, 0xC1, 0x89,
+        0xD9, 0x34, 0x0F, 0xEF, 0x10, 0xF0, 0xDA, 0xCE,
+        0x09, 0x69, 0x7A, 0x93, 0xC6, 0xFF, 0x19, 0x4F,
+        0xBD, 0xDE, 0xA6, 0x54, 0x8A, 0xE5, 0x81, 0x3F,
+        0x96, 0xD3, 0xA0, 0x77, 0x7C, 0xF2, 0x4B, 0xF1,
+        0x68, 0xA2, 0x23, 0x3D, 0xD4, 0x16, 0xC1, 0x66,
+        0xDA, 0x13, 0x53, 0xE1, 0x9F, 0x9A, 0x36, 0x09,
+        0x4D, 0x72, 0x08, 0x09, 0xEB, 0x87, 0x74, 0x9A,
+        0xB2, 0x8C, 0x60, 0x7F, 0xFB, 0x70, 0x17, 0x51,
+        0xB1, 0xAC, 0x18, 0xDF, 0xCB, 0x43, 0x2A, 0xD3,
+        0x89, 0xDA, 0x78, 0xAE, 0xDC, 0xEA, 0xB2, 0x22,
+        0xCA, 0x2F, 0xF1, 0xE4, 0xA7, 0xCC, 0xAF, 0xB1,
+        0x63, 0x1B, 0x5D, 0xDD, 0xD1, 0x49, 0xB8, 0x90,
+        0x2E, 0xC9, 0xC0, 0x83, 0x0D, 0xAB, 0x88, 0x88,
+        0x4C, 0x74, 0x72, 0x00, 0x7D, 0xFE, 0xF2, 0x46,
+        0x73, 0xFD, 0x99, 0xEC, 0x89, 0x8B, 0x3B, 0x0F,
+        0xCE, 0x35, 0x5A, 0xEA, 0x13, 0x4F, 0x67, 0x67,
+        0xFD, 0x0D, 0x87, 0xFC, 0xB1, 0x36, 0x48, 0x07,
+        0x33, 0x0B, 0xCA, 0xD4, 0xD7, 0xD0, 0xCC, 0xA1,
+        0x8F, 0xF0, 0x3F, 0x01, 0x8B, 0x6B, 0x74, 0x44,
+        0x2F, 0x1B, 0xE0, 0x65, 0x31, 0x1B, 0x4E, 0xDB,
+        0x67, 0x65, 0xA9, 0x34, 0xE8, 0x4D, 0x0C, 0xF3,
+        0x29, 0xED, 0x53, 0xAB, 0x8A, 0x98, 0x07, 0x2B,
+        0xE0, 0xCD, 0xC0, 0x08, 0x82, 0x4A, 0x72, 0x28,
+        0x72, 0xA2, 0xAC, 0xFE, 0xF7, 0xBF, 0x6E, 0x8E,
+        0xF8, 0x3E, 0x04, 0x58, 0xA4, 0x36, 0x46, 0x33,
+        0xAB, 0xDD, 0x0E, 0xBF, 0x01, 0xD2, 0xEF, 0x19,
+        0x5B, 0x78, 0x2B, 0x30, 0x51, 0x25, 0x50, 0xD0,
+        0xB5, 0x82, 0xC7, 0x20, 0x0D, 0xA1, 0x2C, 0x38,
+        0xAF, 0x44, 0xFC, 0xBD, 0x49, 0xB8, 0x7F, 0x89,
+        0xEF, 0xBE, 0x37, 0x5C, 0xCB, 0xA2, 0x11, 0x75,
+        0x7D, 0xDA, 0xA8, 0x7B, 0x3A, 0x3C, 0x10, 0x11,
+        0x4D, 0x9F, 0x99, 0xAB, 0x4B, 0xA2, 0x20, 0x7A,
+        0x5F, 0x96, 0xEF, 0x1C, 0x00, 0xD7, 0x27, 0x17,
+        0x77, 0x7C, 0x51, 0x58, 0x4B, 0x13, 0x97, 0x53,
+        0x2A, 0xC6, 0x86, 0x4D, 0x3B, 0x8E, 0xBB, 0x4F,
+        0xB8, 0xA0, 0x84, 0x87, 0xF6, 0xEF, 0x55, 0x12,
+        0x2B, 0xCF, 0x9E, 0x5C, 0xD0, 0x0E, 0xBC, 0x1E,
+        0x79, 0x53, 0xE7, 0x8C, 0x4D, 0x8B, 0xCB, 0x20,
+        0xF6, 0xEA, 0x72, 0x0A, 0x63, 0x2F, 0x0C, 0xCF,
+        0x57, 0x27, 0x26, 0xF4, 0x3A, 0x95, 0xCA, 0xBE,
+        0xB5, 0x7C, 0x47, 0x60, 0x10, 0xCD, 0x28, 0x9E,
+        0x02, 0x64, 0xC9, 0x8D, 0x82, 0x49, 0xD0, 0xD6,
+        0x60, 0xF8, 0xDC, 0xC8, 0x4B, 0x7D, 0xB5, 0xEF,
+        0x11, 0x17, 0xC7, 0x94, 0x5F, 0x0D, 0x99, 0xBE,
+        0x75, 0x48, 0x49, 0xC6, 0x58, 0x43, 0x64, 0x99,
+        0x1A, 0x5A, 0x41, 0xBA, 0xC2, 0x31, 0xB3, 0xE0,
+        0x45, 0x1B, 0x81, 0xD2, 0x12, 0xBE, 0x90, 0xDB,
+        0xFF, 0xBC, 0xCB, 0x99, 0xA3, 0xF0, 0x74, 0xE8,
+        0x2C, 0x48, 0x58, 0xB3, 0x17, 0xA4, 0x9A, 0xD2,
+        0x22, 0x46, 0xFB, 0xF5, 0x85, 0x8D, 0x07, 0xDF,
+        0xDB, 0x78, 0x07, 0xF4, 0x99, 0xA8, 0x6C, 0xEE,
+        0x6E, 0x96, 0x20, 0xB8, 0xC2, 0xA9, 0xFA, 0x8B,
+        0x6E, 0xA6, 0x79, 0x6D, 0xF9, 0xC3, 0x0C, 0x77,
+        0x74, 0xAE, 0xB0, 0x40, 0xA9, 0xE5, 0xA7, 0x0B,
+        0x30, 0x40, 0x4B, 0x4F, 0xB1, 0x0A, 0x0B, 0x7B,
+        0xEE, 0x1F, 0x69, 0xFA, 0xD0, 0xF0, 0x2D, 0x5D,
+        0x00, 0xB5, 0x4D, 0xEB, 0x32, 0x84, 0xB2, 0xB7,
+        0x60, 0xAA, 0x6C, 0xF9, 0x98, 0x18, 0xB3, 0xD9,
+        0xC1, 0x54, 0x8D, 0xAC, 0x12, 0xB0, 0x3A, 0x26,
+        0xB2, 0x23, 0x2D, 0x9B, 0xF8, 0x20, 0xEE, 0x90,
+        0xE0, 0x6D, 0x31, 0xDE, 0xF5, 0xCA, 0xBA, 0x6A,
+        0x53, 0x40, 0x29, 0x6C, 0x18, 0x62, 0xA5, 0x8A,
+        0xB8, 0x17, 0xA0, 0xAB, 0xCB, 0xDC, 0xE1, 0x3B,
+        0xD6, 0xC6, 0x29, 0xA3, 0x1C, 0x5F, 0x8D, 0x6E,
+        0x73, 0xF6, 0x98, 0x10, 0x0F, 0x9F, 0x7E, 0xCA,
+        0x4C, 0xD8, 0xEB, 0xE4, 0xB8, 0xDF, 0x72, 0x78,
+        0x65, 0xAF, 0x4A, 0x20, 0xFE, 0x7C, 0xB4, 0xCA,
+        0x07, 0x81, 0xFD, 0xC5, 0xC5, 0xFD, 0x33, 0x4D,
+        0xB8, 0x37, 0x37, 0xC4, 0x21, 0x81, 0x66, 0x45,
+        0xAE, 0x81, 0x34, 0x13, 0xA6, 0x40, 0x81, 0x39,
+        0x55, 0x90, 0xE6, 0xF1, 0x42, 0x56, 0x74, 0xFF,
+        0x06, 0x9B, 0x50, 0x1F, 0x0F, 0xDA, 0x6B, 0x31,
+        0xC6, 0x4B, 0xC5, 0xC2, 0x14, 0xE7, 0x01, 0x5E,
+        0xA9, 0xDA, 0x12, 0x2D, 0x6C, 0xE0, 0x8C, 0xEB,
+        0x2D, 0xF6, 0x2C, 0x45, 0xBC, 0x01, 0x73, 0x34,
+        0x6D, 0xAB, 0xBC, 0x15, 0x4C, 0x16, 0x03, 0x35,
+        0x9D, 0xD4, 0xF0, 0xAC, 0x49, 0x84, 0x4A, 0xEE,
+        0x46, 0x47, 0x64, 0x93, 0xF2, 0x49, 0x59, 0x86,
+        0x26, 0xFB, 0x24, 0x6B, 0x99, 0xB3, 0x9A, 0xCB,
+        0xB4, 0x2B, 0x28, 0x4E, 0x0C, 0x2D, 0x3F, 0x9E,
+        0xCE, 0x32, 0x71, 0xC4, 0xD5, 0xE0, 0x6C, 0x48,
+        0x25, 0xEA, 0x1A, 0x8F, 0x08, 0x57, 0x23, 0x85,
+        0x89, 0xCD, 0xC5, 0x48, 0x37, 0x19, 0x8E, 0xD4,
+        0x23, 0x4D, 0xD0, 0x31, 0x73, 0xA8, 0x8E, 0x43,
+        0xEE, 0x95, 0x67, 0xF5, 0x7A, 0x93, 0x27, 0xD3,
+        0x90, 0x36, 0x30, 0x4C, 0xA1, 0xCD, 0xB5, 0xF8,
+        0x65, 0xC5, 0x89, 0x54, 0x57, 0x2C, 0xAE, 0xF8,
+        0x75, 0xF1, 0x2E, 0x14, 0x14, 0x14, 0x0D, 0x97,
+        0x5B, 0x24, 0x52, 0x46, 0x7A, 0x57, 0x6D, 0x9C,
+        0x4C, 0x79, 0xDB, 0x0A, 0xE0, 0x23, 0x69, 0x52,
+        0x9B, 0xF8, 0x1B, 0x54, 0x40, 0x18, 0xDF, 0xE0,
+        0x1E, 0xF0, 0x61, 0xE4, 0x79, 0x81, 0xF9, 0x98,
+        0x9A, 0x8C, 0x48, 0xFF, 0x86, 0x93, 0x0B, 0x68,
+        0x96, 0x78, 0x2F, 0xF1, 0x2D, 0xDC, 0x60, 0x1F,
+        0x8B, 0x1C, 0x04, 0x43, 0x4E, 0x60, 0x96, 0x5B,
+        0x8A, 0xF6, 0x89, 0xCC, 0xC8, 0xB2, 0x9B, 0xBF,
+        0x87, 0x16, 0x2E, 0xA8, 0x6F, 0x9B, 0x4B, 0xFD,
+        0x74, 0x4E, 0x8F, 0x36, 0x33, 0x23, 0xDE, 0x94,
+        0xD2, 0xA1, 0x72, 0x4F, 0xB2, 0xE6, 0x75, 0x3D,
+        0x6E, 0x47, 0x9B, 0xDB, 0x58, 0xE5, 0x4A, 0x0C,
+        0x09, 0x8F, 0x9C, 0x83, 0x63, 0x98, 0x8B, 0xA4,
+        0xF7, 0x3D, 0x01, 0xA6, 0x8B, 0x93, 0x97, 0x48,
+        0x84, 0x75, 0x32, 0xC7, 0xD7, 0x03, 0xDF, 0x7E,
+        0x94, 0x8C, 0x8A, 0xA6, 0x78, 0x1A, 0xAE, 0xDE,
+        0x36, 0x8A, 0xAD, 0x13, 0x7E, 0xF0, 0x16, 0xC2,
+        0x3B, 0xAF, 0xF9, 0xD8, 0x66, 0x12, 0x30, 0x72,
+        0x76, 0x6D, 0x21, 0x4C, 0xF3, 0xEF, 0x0D, 0x8C,
+        0x11, 0xA4, 0x12, 0xBE, 0xF5, 0x7E, 0x8E, 0x6A,
+        0x11, 0x13, 0x48, 0x8D, 0xC2, 0x62, 0xCF, 0x45,
+        0x7C, 0xE3, 0x91, 0x88, 0x59, 0xFF, 0xB0, 0xF1,
+        0xC3, 0xBC, 0x1D, 0x2A, 0x3E, 0x9B, 0x78, 0xF3,
+        0xB1, 0x2E, 0xB0, 0x27, 0xD8, 0x16, 0xF8, 0x9B,
+        0x2A, 0xAF, 0xF1, 0xAB, 0xB0, 0xF1, 0x8C, 0x7F,
+        0x94, 0x31, 0x97, 0x85, 0xDA, 0xF0, 0xF4, 0x27,
+        0x51, 0x3E, 0x5A, 0xE1, 0xDD, 0x6D, 0x9E, 0x98,
+        0x39, 0xBB, 0xDF, 0xA2, 0xBA, 0x2C, 0x08, 0xAD,
+        0x1D, 0x3F, 0x86, 0xF6, 0xC2, 0x1A, 0x8C, 0xAD,
+        0xE0, 0xDC, 0xDD, 0x02, 0x47, 0x4C, 0x7E, 0x2D,
+        0xDA, 0x1D, 0x70, 0x92, 0x39, 0xAA, 0x4E, 0xBA,
+        0x14, 0xC7, 0xEC, 0x26, 0xBD, 0x9D, 0x1F, 0x6D,
+        0x91, 0x58, 0x3C, 0xB5, 0xEF, 0x37, 0xB9, 0x66,
+        0x4E, 0x04, 0x7C, 0x29, 0xCF, 0xD7, 0x8E, 0x47,
+        0x84, 0xF3, 0xD2, 0x21, 0x84, 0xC5, 0xF8, 0xDC,
+        0xC9, 0xF2, 0x52, 0xD5, 0x6A, 0xBF, 0xF1, 0xF1,
+        0xDE, 0x9E, 0x7A, 0xF1, 0xD5, 0x5A, 0xF6, 0xEF,
+        0x94, 0x66, 0xF9, 0x25, 0x44, 0x7F, 0x8D, 0x92,
+        0xA2, 0x25, 0x1C, 0x72, 0x92, 0x30, 0x2A, 0xB7,
+        0xEF, 0x18, 0xF3, 0x8C, 0xEF, 0x69, 0xA5, 0x5C,
+        0x19, 0x3E, 0xC5, 0xBD, 0xEE, 0x2C, 0x2D, 0x71,
+        0xDB, 0x89, 0xD4, 0x11, 0xA6, 0x27, 0x80, 0x8F,
+        0x5A, 0x39, 0x9A, 0x04, 0x28, 0x4F, 0x9F, 0x00,
+        0xBE, 0xF9, 0xF7, 0x9B, 0x46, 0x69, 0xD6, 0xAC,
+        0x12, 0xE9, 0xA7, 0xC2, 0xD1, 0xC8, 0xAD, 0x5D,
+        0xF7, 0xCB, 0x0C, 0x98, 0x78, 0x2D, 0x04, 0x4D,
+        0x2D, 0x41, 0xAB, 0xC6, 0x3F, 0x81, 0x1D, 0xB9,
+        0x2C, 0x1F, 0x3F, 0x59, 0x11, 0xF4, 0x80, 0x4F,
+        0x0B, 0xCA, 0x9F, 0x81, 0x6E, 0x9C, 0xD1, 0xB4,
+        0x74, 0x06, 0x48, 0x0A, 0x87, 0x2C, 0xFD, 0x4D,
+        0x85, 0xD4, 0x21, 0x65, 0x7C, 0x96, 0x69, 0x53,
+        0x51, 0xC0, 0xC4, 0xB0, 0xEB, 0x20, 0xDB, 0xE0,
+        0x41, 0x09, 0xA7, 0x62, 0xB2, 0xF3, 0xC7, 0x6A,
+        0x1D, 0x53, 0xA0, 0x39, 0xBA, 0xCF, 0x78, 0x9E,
+        0xBF, 0x1D, 0xA5, 0x98, 0x09, 0x8E, 0xA7, 0x1A,
+        0xE7, 0x95, 0xFF, 0x10, 0x38, 0xCC, 0x8F, 0x44,
+        0xCB, 0xE7, 0xF6, 0xD6, 0x2C, 0xFF, 0xA8, 0x1C,
+        0xFF, 0xA3, 0x65, 0xE8, 0x4E, 0xAE, 0xC7, 0xEF,
+        0x61, 0xE1, 0x16, 0x4B, 0x8C, 0xA8, 0xC8, 0xFB,
+        0xA5, 0x2C, 0xD1, 0x0A, 0x39, 0xAB, 0x4A, 0xF9,
+        0xEE, 0x0B, 0x9B, 0xB4, 0x33, 0x5E, 0x25, 0x15,
+        0xD0, 0xAA, 0x93, 0xC4, 0x53, 0x42, 0x91, 0xC5,
+        0x98, 0x15, 0x34, 0x9A, 0x22, 0x1D, 0x9A, 0xE7,
+        0x0E, 0x81, 0xF6, 0x99, 0x55, 0xB3, 0xD6, 0x49,
+        0x1B, 0xB8, 0xA8, 0xBE, 0xDF, 0x54, 0xF0, 0x78,
+        0xF7, 0x02, 0x97, 0x74, 0x84, 0x67, 0x6B, 0xAE,
+        0x2F, 0xEC, 0x6E, 0x59, 0x20, 0x68, 0xD8, 0xE3,
+        0x5A, 0x07, 0x48, 0xE1, 0x99, 0x90, 0xEE, 0xCD,
+        0x17, 0x2B, 0xB6, 0xD6, 0xAA, 0x1A, 0xF8, 0x97,
+        0x4E, 0xE0, 0x67, 0x9E, 0x4C, 0x35, 0xFE, 0x68,
+        0x71, 0x54, 0x43, 0x5D, 0x43, 0x59, 0x19, 0xEB,
+        0x58, 0x8E, 0x9A, 0xF6, 0xBD, 0x88, 0x71, 0xEE,
+        0x89, 0xC6, 0xF2, 0x10, 0x04, 0x33, 0x13, 0x88,
+        0xCD, 0x08, 0xB5, 0xE3, 0x5D, 0xA8, 0xBC, 0x43,
+        0xB3, 0x84, 0x5F, 0x70, 0x94, 0xD9, 0xAC, 0xAE,
+        0x74, 0x70, 0x13, 0x1E, 0x21, 0xFB, 0xD5, 0x7F,
+        0xEC, 0x66, 0x2F, 0xA0, 0xB1, 0x1D, 0xE3, 0xF8,
+        0xB9, 0x36, 0x48, 0x25, 0x3D, 0xBA, 0x7D, 0x44,
+        0x08, 0xC5, 0x71, 0x74, 0xDA, 0xD3, 0x4F, 0x97,
+        0x86, 0xF1, 0x16, 0x38, 0xD8, 0xC9, 0xE3, 0x3A,
+        0xA7, 0x2E, 0x06, 0x4D, 0x9D, 0xE8, 0xFC, 0x38,
+        0x58, 0x2A, 0x8D, 0x2D, 0x07, 0x99, 0xEA, 0xDF,
+        0xF3, 0x00, 0x3B, 0xBC, 0x5F, 0x67, 0x1E, 0x4B,
+        0x6C, 0xF1, 0x4A, 0x47, 0xB0, 0x71, 0x90, 0x5A,
+        0x3B, 0x75, 0x93, 0x75, 0x56, 0x50, 0x4C, 0x70,
+        0xF3, 0xC7, 0x95, 0xD5, 0xEA, 0xCB, 0x4C, 0x92,
+        0x4F, 0x22, 0x4F, 0xD9, 0x34, 0x46, 0x76, 0xFB,
+        0x79, 0xD6, 0xBD, 0x4E, 0x84, 0xEE, 0xE7, 0x78,
+        0x7C, 0xB8, 0x92, 0x9F, 0xAD, 0xF2, 0x17, 0x5D,
+        0x38, 0xB1, 0x88, 0x2E, 0xE9, 0x65, 0xAC, 0x4C,
+        0x24, 0x27, 0x1D, 0x7B, 0xA3, 0x69, 0x96, 0x55,
+        0x5C, 0x26, 0x40, 0xAF, 0x04, 0xB1, 0xCE, 0xA8,
+        0x5D, 0x1E, 0x1F, 0xE5, 0x5A, 0xC3, 0xAE, 0xF9,
+        0x14, 0x03, 0x58, 0x10, 0x1C, 0x8B, 0x1F, 0xDB,
+        0x6C, 0x71, 0x68, 0x60, 0x13, 0x32, 0xF1, 0xA9,
+        0x69, 0x45, 0x28, 0x69, 0x7C, 0xE3, 0xC9, 0x56,
+        0xAF, 0xF3, 0xBD, 0x4B, 0x9E, 0x0A, 0x06, 0x6A,
+        0x62, 0x20, 0x40, 0x65, 0xBD, 0xBC, 0xBF, 0xC7,
+        0x0A, 0x2A, 0xCF, 0x56, 0x7C, 0x0E, 0x64, 0xBB,
+        0x64, 0x71, 0x2D, 0x90, 0xBB, 0x32, 0x00, 0x0A,
+        0x4A, 0x45, 0x44, 0x08, 0x75, 0x2C, 0x86, 0x13,
+        0x86, 0x52, 0x8D, 0x3D, 0xFC, 0xF3, 0x5E, 0x5B,
+        0x3F, 0x7A, 0xAA, 0x98, 0x84, 0xCF, 0x92, 0xF9,
+        0x0B, 0x40, 0x8F, 0xC0, 0xA3, 0x71, 0x84, 0xAD,
+        0xEE, 0xDF, 0xC4, 0x91, 0x7E, 0x87, 0x7D, 0x06,
+        0xCA, 0x65, 0x8C, 0xE4, 0x8E, 0x03, 0xF0, 0x59,
+        0x3E, 0xB4, 0x90, 0x4C, 0xEE, 0x88, 0x29, 0xE4,
+        0x26, 0x7D, 0xA6, 0x54, 0x82, 0x49, 0xC1, 0x9D,
+        0x80, 0xAB, 0x6B, 0xD7, 0xBE, 0x7D, 0x09, 0x80,
+        0x5E, 0xB6, 0xD1, 0x1E, 0xD1, 0x1B, 0xE9, 0x8D,
+        0xFC, 0x6E, 0x9C, 0x14, 0x0C, 0x15, 0x02, 0x87,
+        0xF3, 0x9D, 0x21, 0xF8, 0xCB, 0xC8, 0xB9, 0xBD,
+        0xE1, 0x70, 0xEA, 0xE4, 0x86, 0x4C, 0x97, 0xC1,
+        0xEE, 0x4C, 0x18, 0x95, 0xEC, 0xD2, 0x4D, 0x35,
+        0x9F, 0xC6, 0x56, 0x10, 0x3E, 0xC0, 0xB9, 0x7B,
+        0x13, 0x1A, 0x37, 0x3D, 0x40, 0x4C, 0x88, 0x8B,
+        0x9A, 0xA5, 0xB2, 0xB8, 0xB9, 0xC3, 0xEC, 0xF1,
+        0x14, 0x33, 0x63, 0x67, 0x84, 0x98, 0xC8, 0xF4,
+        0x06, 0x0C, 0x0E, 0x0F, 0x10, 0x12, 0x15, 0x16,
+        0x45, 0x4E, 0x55, 0x5A, 0x5F, 0x8A, 0x94, 0x97,
+        0xA8, 0xAF, 0xB2, 0xCC, 0xD4, 0xDC, 0xE7, 0xF1,
+        0xFE, 0xFF, 0x11, 0x24, 0x53, 0x62, 0x94, 0xB7,
+        0xB9, 0xD3, 0xD9, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x10, 0x18, 0x32, 0x3B
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte pk_65_draft[] = {
+        0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52,
+        0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83,
+        0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72,
+        0xA9, 0x56, 0xDC, 0xF1, 0x01, 0x16, 0xDA, 0x9E,
+        0x2D, 0x79, 0x77, 0x01, 0x86, 0xFC, 0x74, 0xD9,
+        0x42, 0xC0, 0xF4, 0xA3, 0xB5, 0x95, 0xFF, 0x6C,
+        0x19, 0x80, 0x4B, 0x49, 0x90, 0x1C, 0x6A, 0xD5,
+        0xFA, 0xF7, 0x16, 0x01, 0xC2, 0xB6, 0x00, 0x31,
+        0x5E, 0x1F, 0x40, 0xC2, 0x05, 0x47, 0x67, 0xB0,
+        0x09, 0x25, 0xDF, 0x3A, 0xA4, 0x90, 0xE8, 0xC7,
+        0x6F, 0x05, 0xFB, 0xFB, 0x74, 0x91, 0x10, 0x75,
+        0xE6, 0x51, 0x8C, 0x5F, 0x1D, 0x91, 0xB8, 0xA0,
+        0xE5, 0xB5, 0x98, 0x30, 0xD3, 0xDF, 0x39, 0x94,
+        0x76, 0x04, 0x11, 0xEB, 0xB9, 0x11, 0xED, 0x4C,
+        0xC2, 0xC1, 0x60, 0xE3, 0x84, 0x9A, 0x93, 0x76,
+        0x2D, 0xFC, 0xA7, 0xB9, 0x81, 0x2B, 0xC7, 0xAE,
+        0xB2, 0xDD, 0xB2, 0x76, 0x7B, 0xEF, 0x36, 0x50,
+        0x56, 0x05, 0xAE, 0x06, 0x92, 0x60, 0xBC, 0xC8,
+        0xDC, 0x47, 0x87, 0xC4, 0x28, 0xCB, 0x3C, 0x07,
+        0x6E, 0xF2, 0xA6, 0xB9, 0x35, 0x61, 0xD8, 0x94,
+        0x3F, 0x45, 0xCA, 0xBE, 0x8F, 0x05, 0x53, 0xFF,
+        0x2E, 0xA1, 0xAC, 0x95, 0xC1, 0xCE, 0x21, 0x59,
+        0x3A, 0x17, 0x54, 0x59, 0xD7, 0xDF, 0x12, 0xC4,
+        0x07, 0x0A, 0xDB, 0x0E, 0xEE, 0x55, 0xB4, 0xAB,
+        0xAE, 0x59, 0xBE, 0x69, 0xC3, 0xFF, 0x0D, 0xE5,
+        0xA9, 0xB0, 0x27, 0xFC, 0x7D, 0x8E, 0x6E, 0x05,
+        0x7B, 0x71, 0x52, 0xEE, 0x6A, 0xB4, 0x80, 0xD1,
+        0x05, 0xD3, 0x0B, 0x0F, 0x50, 0x51, 0xB6, 0x0C,
+        0x79, 0x01, 0xC5, 0x25, 0xC4, 0x63, 0x5F, 0xE6,
+        0x68, 0xCC, 0x00, 0xE9, 0xD3, 0x09, 0x7D, 0xB9,
+        0x9D, 0x66, 0x32, 0x37, 0x15, 0xCE, 0x4F, 0x0B,
+        0x79, 0xB4, 0x26, 0xB4, 0x54, 0x5E, 0x09, 0xF4,
+        0xDE, 0x39, 0x32, 0x3D, 0xD1, 0x4C, 0xCB, 0x0D,
+        0x17, 0x10, 0x8C, 0xD4, 0x6D, 0xEC, 0x61, 0x38,
+        0xCD, 0xFA, 0x28, 0x72, 0xC1, 0xC4, 0xC8, 0xAE,
+        0xAD, 0x5C, 0x8C, 0xE0, 0x41, 0x57, 0xE5, 0x53,
+        0xA3, 0x75, 0x58, 0xC2, 0x34, 0x6A, 0x06, 0x19,
+        0x4C, 0xB5, 0x0B, 0x49, 0x81, 0xBF, 0x4D, 0x09,
+        0x0C, 0xE4, 0xE8, 0x60, 0x12, 0x6A, 0x82, 0x54,
+        0xA4, 0xD4, 0xC0, 0x84, 0xC3, 0xE2, 0x02, 0x0B,
+        0xC0, 0x75, 0x35, 0x21, 0x04, 0x9B, 0x0F, 0xD8,
+        0x89, 0x97, 0xE0, 0x27, 0xAC, 0x51, 0xE7, 0x5C,
+        0xF1, 0x35, 0x0C, 0x3F, 0x30, 0x3A, 0x0E, 0xCE,
+        0x42, 0x64, 0x87, 0x15, 0x3D, 0xAF, 0x1F, 0xAA,
+        0xD6, 0x80, 0x8B, 0x9D, 0x99, 0x07, 0xDA, 0x9F,
+        0x35, 0x18, 0x5B, 0xD3, 0xBE, 0x8D, 0x9C, 0xEB,
+        0xE9, 0x16, 0xCE, 0xD1, 0xFA, 0x29, 0x28, 0xD8,
+        0x85, 0xA9, 0xCB, 0xA8, 0x81, 0x49, 0x70, 0x3F,
+        0x5E, 0x47, 0x72, 0xE4, 0x85, 0x23, 0x12, 0x5D,
+        0xDD, 0x02, 0x6E, 0x71, 0x4C, 0x49, 0xF4, 0xFB,
+        0x4E, 0x54, 0x4B, 0xBF, 0x61, 0x7A, 0x40, 0xB0,
+        0x0B, 0x68, 0xDF, 0x8F, 0x15, 0x5F, 0x58, 0x80,
+        0xD4, 0x11, 0x87, 0x7E, 0x25, 0xB4, 0x2B, 0x24,
+        0x48, 0xB3, 0x6B, 0xEC, 0x2F, 0x1F, 0x8F, 0x9A,
+        0x77, 0x0C, 0x54, 0x51, 0x50, 0xA0, 0x27, 0x8E,
+        0x9B, 0x72, 0x45, 0x00, 0xAE, 0xAA, 0xEA, 0x47,
+        0x1C, 0x11, 0xCF, 0xF0, 0x4E, 0x30, 0xEA, 0xB2,
+        0xF4, 0x73, 0xBC, 0x04, 0x8E, 0x32, 0xCD, 0x31,
+        0xAE, 0xF2, 0x15, 0x79, 0xB6, 0x99, 0x22, 0x5B,
+        0xF9, 0xE1, 0xB6, 0x70, 0x0C, 0x57, 0xE5, 0x09,
+        0xFC, 0xA1, 0xF2, 0x36, 0x29, 0x4A, 0x59, 0x74,
+        0xDA, 0xA1, 0x5F, 0xBC, 0xAD, 0x62, 0xD4, 0xBD,
+        0xDC, 0x45, 0x32, 0xB2, 0x61, 0x41, 0x44, 0xDB,
+        0xE2, 0x88, 0x07, 0x36, 0x8C, 0x28, 0x1A, 0x77,
+        0x0E, 0xA2, 0x2B, 0x1E, 0x5A, 0x3F, 0xA5, 0xBA,
+        0x14, 0x92, 0x6D, 0xC5, 0x5A, 0x54, 0xF8, 0x4A,
+        0x2A, 0x77, 0xC5, 0xA7, 0x08, 0x41, 0xF0, 0x7B,
+        0xC1, 0xDE, 0xEF, 0x74, 0x03, 0xB2, 0x47, 0xAB,
+        0x42, 0xB8, 0x4A, 0xDF, 0x14, 0x1E, 0x03, 0x0C,
+        0x98, 0x46, 0x84, 0x24, 0xDA, 0xAE, 0xB9, 0x9D,
+        0x25, 0x77, 0xF9, 0x50, 0xC2, 0x37, 0x3C, 0xCA,
+        0x1E, 0x2D, 0xC2, 0x76, 0x1B, 0x8E, 0xDD, 0x6D,
+        0x08, 0xFF, 0x79, 0xE5, 0x28, 0x88, 0x0F, 0xFB,
+        0x51, 0xC3, 0x6E, 0xD4, 0x20, 0xAC, 0x5D, 0x50,
+        0xF2, 0x58, 0x2A, 0xA6, 0x64, 0xE5, 0x4E, 0xA5,
+        0xF4, 0x18, 0x9E, 0xA0, 0x17, 0x6D, 0xAA, 0x61,
+        0x22, 0xF6, 0x23, 0x5A, 0x70, 0xB1, 0x5C, 0xEB,
+        0x4D, 0xDD, 0x65, 0xD3, 0xBE, 0x6E, 0xBF, 0x3D,
+        0xC4, 0x31, 0x89, 0xEE, 0x0A, 0x2E, 0x31, 0x05,
+        0x63, 0x8F, 0x23, 0x87, 0x36, 0x95, 0x28, 0x0F,
+        0x1B, 0x74, 0x27, 0x43, 0x52, 0xD6, 0x0A, 0x48,
+        0xE5, 0xD3, 0xDD, 0x02, 0xFB, 0x7A, 0x5E, 0xD8,
+        0x3F, 0xE2, 0x7A, 0x69, 0x82, 0x51, 0x42, 0x1C,
+        0x8E, 0x9C, 0x98, 0x80, 0x61, 0x02, 0x39, 0x6E,
+        0x53, 0x73, 0x90, 0xAC, 0xFD, 0x8C, 0x1D, 0x0B,
+        0x4F, 0x99, 0xB7, 0x02, 0xA9, 0xEA, 0x65, 0x98,
+        0x78, 0x58, 0x3D, 0x92, 0x75, 0x89, 0x41, 0xB3,
+        0x0E, 0xCE, 0x50, 0x7C, 0x10, 0x4B, 0x2C, 0xE4,
+        0x87, 0x67, 0x9E, 0xCF, 0x68, 0xB4, 0xD8, 0xB9,
+        0x80, 0x69, 0x8A, 0xCF, 0x6A, 0xA6, 0xA5, 0x7E,
+        0x8E, 0xD6, 0xAF, 0x3F, 0xF1, 0x8D, 0x26, 0x68,
+        0x95, 0x04, 0x28, 0xB5, 0x7D, 0x18, 0x2F, 0x73,
+        0xBB, 0x49, 0xB9, 0xB0, 0x38, 0xCC, 0xC8, 0x2D,
+        0x56, 0x12, 0x78, 0xA3, 0x86, 0xD5, 0x66, 0x45,
+        0xEC, 0x3F, 0xAF, 0xFB, 0x41, 0x25, 0xE0, 0xE7,
+        0xF3, 0x6B, 0x48, 0xB1, 0x4B, 0x45, 0x25, 0x47,
+        0xA0, 0xB4, 0x81, 0xAA, 0x6B, 0x33, 0x42, 0x29,
+        0x24, 0x91, 0x53, 0xE4, 0x2E, 0xDF, 0x7E, 0x49,
+        0xDD, 0x6E, 0x76, 0x36, 0xBF, 0xC6, 0x15, 0xA2,
+        0x3A, 0x40, 0x1E, 0xFD, 0x40, 0x34, 0xC8, 0x1B,
+        0x4D, 0xCE, 0xF0, 0x27, 0xD3, 0x44, 0xDD, 0xCC,
+        0xE0, 0xA7, 0x16, 0x18, 0xEB, 0x59, 0x10, 0xCE,
+        0xC6, 0x22, 0x28, 0x81, 0x93, 0x85, 0x03, 0x3E,
+        0x8D, 0x0A, 0xBD, 0x49, 0x3D, 0x98, 0x3E, 0x4F,
+        0xC0, 0x87, 0xD7, 0x2B, 0x45, 0x5E, 0x4D, 0xB6,
+        0x3A, 0x2F, 0x82, 0xCE, 0xFF, 0x65, 0xC1, 0xE6,
+        0x28, 0xEA, 0xE6, 0x30, 0x59, 0x6D, 0xEC, 0x27,
+        0xFB, 0x98, 0xB8, 0x4D, 0xBF, 0xDC, 0xDF, 0xAB,
+        0x40, 0xE4, 0x72, 0x24, 0x49, 0x14, 0xAF, 0xF1,
+        0x79, 0x32, 0x6D, 0x54, 0x2D, 0x40, 0x1A, 0x3C,
+        0xBB, 0x86, 0xE5, 0xFF, 0x83, 0x51, 0xEF, 0xE5,
+        0x3A, 0x73, 0xC5, 0x1A, 0xBB, 0x63, 0xFF, 0x55,
+        0x3E, 0x7D, 0x79, 0x57, 0xEF, 0x89, 0x13, 0x5E,
+        0x0F, 0x5B, 0xB1, 0xBD, 0x0C, 0x24, 0xF9, 0xE4,
+        0x5E, 0x32, 0x36, 0x41, 0x3C, 0x60, 0xE1, 0x39,
+        0x6A, 0x47, 0x56, 0x7C, 0x94, 0x39, 0x51, 0x0F,
+        0x00, 0xD4, 0xA4, 0x3C, 0x14, 0x9A, 0x5C, 0xCC,
+        0x04, 0xF3, 0xD4, 0x7E, 0x67, 0xA8, 0xE2, 0x94,
+        0xA4, 0x61, 0xA5, 0xF6, 0x93, 0xDB, 0x0C, 0xAE,
+        0x22, 0xCF, 0xAC, 0x61, 0xE8, 0x53, 0x47, 0x7D,
+        0x33, 0x9A, 0x4E, 0x45, 0xF7, 0xB1, 0x7C, 0x3C,
+        0x11, 0x6D, 0x56, 0xF3, 0xA0, 0x68, 0xFC, 0x5A,
+        0xDF, 0xEF, 0x38, 0xFF, 0x85, 0x33, 0x2B, 0xD5,
+        0x15, 0x3C, 0x4D, 0x8F, 0xB8, 0xF1, 0x48, 0xF1,
+        0x17, 0x65, 0x9C, 0x2E, 0xA9, 0x4D, 0xB4, 0x2A,
+        0xA0, 0xB0, 0xBE, 0xBB, 0x47, 0x5A, 0x11, 0x04,
+        0x12, 0xF3, 0xCD, 0x33, 0x49, 0xFC, 0x1A, 0xD0,
+        0x41, 0xB7, 0xD5, 0x30, 0x4A, 0x85, 0x93, 0x14,
+        0x4E, 0xFA, 0x3A, 0x36, 0x1D, 0x1B, 0x0C, 0x76,
+        0x13, 0xB8, 0x2C, 0x08, 0x6E, 0xA7, 0x12, 0x6E,
+        0x43, 0xC6, 0x16, 0xCE, 0xE8, 0xF1, 0x44, 0x4E,
+        0x99, 0x56, 0xE8, 0x7F, 0x5C, 0xAB, 0x95, 0xC7,
+        0xC7, 0xFB, 0x17, 0x58, 0xEC, 0x7D, 0x97, 0x01,
+        0x9E, 0x5B, 0xA9, 0x35, 0x43, 0xEF, 0x3B, 0xAC,
+        0x1A, 0x17, 0x42, 0x99, 0xCA, 0x48, 0xBF, 0x78,
+        0x59, 0xDB, 0xFB, 0xDF, 0xF2, 0x43, 0xB1, 0x14,
+        0xF6, 0xBF, 0x42, 0x3C, 0xE9, 0x8B, 0x4D, 0x4D,
+        0x09, 0x1D, 0xA4, 0x4F, 0x32, 0x74, 0xD5, 0x73,
+        0xFD, 0xC9, 0x04, 0xBD, 0x88, 0x5E, 0x35, 0xC9,
+        0x15, 0x2A, 0x65, 0x35, 0x48, 0x88, 0xF1, 0x1E,
+        0xD4, 0xF3, 0xD6, 0x3F, 0x26, 0xA7, 0xBE, 0x2F,
+        0x57, 0x26, 0xEA, 0xDA, 0xF4, 0x85, 0x86, 0x59,
+        0x2B, 0xBD, 0xF6, 0xCE, 0xE2, 0x46, 0x76, 0x9E,
+        0x0E, 0xDA, 0x2A, 0x80, 0x77, 0x1F, 0xED, 0x34,
+        0x7D, 0x67, 0xAF, 0xEE, 0xC6, 0x8B, 0x89, 0x46,
+        0x3F, 0xA0, 0x49, 0x6D, 0xBC, 0x15, 0xC8, 0x9E,
+        0x8D, 0x56, 0x99, 0x83, 0xD1, 0xD6, 0x74, 0x73,
+        0x3F, 0x2B, 0xF9, 0xDF, 0x4A, 0x98, 0x0E, 0xA8,
+        0xC5, 0xE3, 0xAF, 0x15, 0x56, 0x0A, 0x0E, 0x28,
+        0xD6, 0x72, 0xB5, 0x80, 0xAB, 0x65, 0x52, 0xED,
+        0x76, 0xAA, 0xCB, 0x5F, 0x80, 0x26, 0x0B, 0x97,
+        0x03, 0x76, 0x9D, 0x33, 0xF4, 0x13, 0x8A, 0xBC,
+        0x10, 0xBF, 0x5B, 0x05, 0x82, 0xDC, 0xC6, 0x2D,
+        0xBE, 0x58, 0xC8, 0x90, 0xF5, 0x1B, 0x41, 0x00,
+        0x12, 0x77, 0x34, 0xFB, 0x7D, 0xB7, 0x44, 0x7A,
+        0x72, 0x0A, 0xAE, 0x00, 0x9D, 0x00, 0xBE, 0x8C,
+        0x61, 0x07, 0x92, 0xC6, 0x4F, 0x13, 0x1F, 0x2D,
+        0x72, 0x11, 0x5C, 0x7E, 0x05, 0x8E, 0x48, 0xB9,
+        0xDE, 0x64, 0xF5, 0x5B, 0x4D, 0x61, 0x0C, 0x36,
+        0xD1, 0x12, 0x71, 0x6A, 0x31, 0xA3, 0xDF, 0xE2,
+        0x66, 0x99, 0xE9, 0xC2, 0xAB, 0xA0, 0x56, 0x58,
+        0xCE, 0xF1, 0xB2, 0xB0, 0x86, 0x7C, 0xF8, 0xD5,
+        0x23, 0x3D, 0xB7, 0x4F, 0xA8, 0xDC, 0x3A, 0xD1,
+        0x45, 0xF5, 0xD2, 0x85, 0x74, 0x36, 0x0A, 0x85,
+        0xE3, 0xB0, 0xB1, 0x0A, 0xC0, 0xA6, 0x46, 0x7A,
+        0x7B, 0x05, 0x98, 0x46, 0x28, 0xEC, 0xA1, 0x04,
+        0x63, 0xF3, 0x48, 0xA3, 0x11, 0x1E, 0x00, 0x57,
+        0x8D, 0x3C, 0xE5, 0x48, 0x0F, 0x53, 0x75, 0xA1,
+        0xEE, 0x23, 0xEE, 0x82, 0x08, 0x7B, 0xAC, 0x41,
+        0x23, 0x3A, 0x14, 0xAA, 0xA7, 0x24, 0x73, 0x4B,
+        0x18, 0x74, 0xA4, 0xAC, 0xE1, 0x13, 0x37, 0x06,
+        0x25, 0x8F, 0x5F, 0xEA, 0x3A, 0x0C, 0x16, 0x09,
+        0xE3, 0x0C, 0x7F, 0xD2, 0x10, 0xDA, 0x0C, 0x4F,
+        0xDE, 0x91, 0x62, 0xDF, 0x66, 0xFB, 0xAF, 0x79,
+        0x2F, 0xA2, 0xAE, 0xAA, 0x51, 0x2F, 0x0F, 0xF7,
+        0x83, 0x7B, 0x9C, 0xC0, 0x2E, 0xE9, 0xBD, 0x95,
+        0x53, 0x9F, 0x00, 0x1B, 0xBD, 0x60, 0xDD, 0x8B,
+        0x42, 0xD6, 0x16, 0xB2, 0xCA, 0x95, 0xF3, 0x83,
+        0x5F, 0x5E, 0x47, 0xD4, 0x3B, 0x14, 0x34, 0xC4,
+        0x56, 0x3F, 0xD8, 0x1C, 0x15, 0xBE, 0xFA, 0x20,
+        0x2C, 0xF3, 0xD9, 0x54, 0x08, 0x73, 0xF6, 0x84,
+        0xAF, 0xE1, 0x9A, 0xB5, 0xC0, 0x1F, 0xA9, 0x2E,
+        0x95, 0xA8, 0xCD, 0x6F, 0x36, 0x07, 0x30, 0x85,
+        0x6E, 0x59, 0xC9, 0xC6, 0xAB, 0x77, 0x0D, 0x65,
+        0x75, 0x96, 0x2A, 0xF7, 0x58, 0x78, 0x57, 0x2A,
+        0x2A, 0x26, 0x41, 0x3D, 0x01, 0xAB, 0x31, 0x8C,
+        0x10, 0x0D, 0xFC, 0x34, 0xDC, 0x1D, 0xEF, 0xA5,
+        0x92, 0x7C, 0x4B, 0x45, 0x99, 0x25, 0xD7, 0x3E,
+        0x1E, 0xB9, 0x14, 0x70, 0xE3, 0x7A, 0x58, 0x45,
+        0x5C, 0x22, 0xA9, 0x61, 0xFD, 0x53, 0xF7, 0xD9,
+        0x90, 0x26, 0xFF, 0x88, 0x4B, 0xF4, 0xA2, 0x57,
+        0x9F, 0x70, 0x63, 0x35, 0xEF, 0xB6, 0xFB, 0x22,
+        0x50, 0xD5, 0x2A, 0xE5, 0x61, 0x89, 0x8B, 0xA1,
+        0x60, 0x6E, 0x51, 0xE9, 0x6D, 0x37, 0xC9, 0xED,
+        0x3E, 0xC6, 0xCF, 0xCB, 0x33, 0xBF, 0xBE, 0x9C,
+        0x31, 0x43, 0xFD, 0x3B, 0x6B, 0x33, 0x4D, 0x5F,
+        0x61, 0x92, 0x2B, 0x36, 0x9A, 0xFB, 0xB3, 0x1C,
+        0x3E, 0x6E, 0x9B, 0x5F, 0x3A, 0xEB, 0xF9, 0x5C,
+        0xB7, 0x08, 0x34, 0x6F, 0xEC, 0xF7, 0x15, 0x9C,
+        0xAD, 0x94, 0xA9, 0x3D, 0x8C, 0xD4, 0xB8, 0xC4,
+        0x89, 0x41, 0x92, 0xDF, 0xE5, 0x3E, 0xA4, 0x36,
+        0xFB, 0xF3, 0xAF, 0x4E, 0x86, 0x4E, 0x8C, 0x39,
+        0x91, 0xEA, 0x02, 0x0A, 0x81, 0x1F, 0x0A, 0xF5,
+        0x0B, 0x42, 0x57, 0x43, 0x6A, 0x3F, 0xF5, 0x22,
+        0xBE, 0x73, 0x67, 0x39, 0x1D, 0x0F, 0x95, 0x0B,
+        0xA6, 0x45, 0x2F, 0xBF, 0xD8, 0xFD, 0x87, 0x28,
+        0xF4, 0x0B, 0xD2, 0xFC, 0xB8, 0x94, 0x52, 0x99,
+        0x85, 0xB4, 0x32, 0xDF, 0xEF, 0x62, 0x30, 0xEB,
+        0x4D, 0xEE, 0x73, 0x7A, 0x8D, 0x10, 0xA3, 0xBC,
+        0xDF, 0xB7, 0x63, 0xE0, 0x86, 0x9B, 0x22, 0x5C,
+        0x1A, 0x8D, 0x0E, 0x1F, 0xBF, 0x2D, 0x16, 0x1C,
+        0x2C, 0x65, 0xD6, 0xDF, 0xB9, 0x58, 0xE9, 0x82,
+        0xD1, 0x17, 0x77, 0xAC, 0xBE, 0xAD, 0x8D, 0xFB,
+        0x6B, 0x1F, 0x5E, 0xB2, 0x1E, 0xA9, 0x42, 0xF7,
+        0xC4, 0x0D, 0xC2, 0x0D, 0x2E, 0x4E, 0xB3, 0xE7,
+        0x29, 0xB4, 0xE2, 0x9F, 0x75, 0x01, 0xDA, 0x34,
+        0x23, 0x45, 0x61, 0xF6, 0x28, 0x88, 0x12, 0xD6,
+        0x12, 0xD4, 0x1D, 0xFA, 0x83, 0xC5, 0xB8, 0xD9,
+        0x0F, 0xF3, 0x8B, 0xA5, 0x48, 0x20, 0x1B, 0x57,
+        0x5B, 0x52, 0x93, 0xAD, 0x78, 0x12, 0x0D, 0x91,
+        0xCE, 0xC0, 0x59, 0xCA, 0xE2, 0xE7, 0x6A, 0x9A,
+        0xB4, 0x3E, 0xF1, 0x28, 0x1E, 0x2B, 0xEF, 0x3E,
+        0x34, 0x8D, 0x28, 0xF2, 0x19, 0x47, 0xC8, 0x88,
+        0x48, 0x96, 0x04, 0x59, 0x48, 0x97, 0x75, 0x17,
+        0x6F, 0x8E, 0x40, 0xEE, 0x06, 0x42, 0x79, 0x53,
+        0x68, 0x7F, 0xB6, 0x3E, 0x47, 0x0F, 0x7D, 0x59,
+        0xFB, 0x60, 0xDF, 0x56, 0x9F, 0x8A, 0x11, 0xE2,
+        0x8E, 0x09, 0x37, 0x16, 0x2C, 0x46, 0xAF, 0xC7,
+        0xD2, 0x21, 0x0A, 0x88, 0x5F, 0xFA, 0x21, 0xB3,
+        0xDB, 0xF5, 0x35, 0x4B, 0x29, 0x41, 0xF4, 0xED,
+        0x5D, 0x50, 0x79, 0x08, 0x90, 0x84, 0x0C, 0xC3,
+        0xB9, 0x73, 0xD2, 0xC3, 0xD0, 0x26, 0x02, 0xB2,
+        0x9B, 0xAC, 0xCB, 0x6C, 0xE1, 0x7C, 0xED, 0xB9,
+        0x7B, 0x08, 0x5A, 0x2A, 0xB3, 0x10, 0x57, 0x2B,
+        0xA7, 0x37, 0x1D, 0x1F, 0x81, 0x20, 0xFF, 0xE3,
+        0x7D, 0x0B, 0x0F, 0xCA, 0x35, 0xAF, 0xC5, 0xB5,
+        0x62, 0xAA, 0x84, 0x99, 0x71, 0x5A, 0x29, 0x9C,
+        0xE0, 0x59, 0xCC, 0xE3, 0xB0, 0xD1, 0x1C, 0xEF,
+        0x0D, 0x92, 0x38, 0x96, 0x1A, 0xD4, 0xBE, 0x11,
+        0xE9, 0xA6, 0xD1, 0xA4, 0x69, 0x21, 0x77, 0xC8,
+        0xB0, 0xC5, 0x3F, 0x11, 0xA8, 0xED, 0x26, 0x50,
+        0x21, 0x2E, 0x7A, 0x2F, 0x80, 0xEB, 0xFF, 0x6D,
+        0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34,
+        0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6
+    };
+    static const byte msg_65_draft[] = {
+        0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F,
+        0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37,
+        0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44,
+        0xF7, 0x17, 0xCE, 0x6F, 0x69, 0x58, 0x9E, 0x61,
+        0x77, 0x2C, 0xFE, 0xFA, 0x7F, 0x97, 0x58, 0x65,
+        0x34, 0x09, 0xD4, 0xEE, 0x5A, 0x26, 0x4B, 0x83,
+        0x4E, 0x60, 0xD6, 0xBB, 0x96, 0x49, 0x9E, 0xBE,
+        0xB2, 0xB0, 0x6B, 0x0B, 0xA8, 0x74, 0xBF, 0x31,
+        0xE6, 0x41, 0x39, 0x4C, 0xFA, 0xA6, 0xA2, 0xD3,
+        0x0D, 0xDB, 0x8F, 0x04, 0x58, 0x76, 0x20, 0x8D,
+        0x2F, 0x51, 0xDE, 0x15, 0xE2, 0x05, 0xE8, 0xC9,
+        0x1B, 0x87, 0xEC, 0xEB, 0x05, 0xFF, 0x31, 0x83,
+        0x27, 0x1B, 0x26, 0x49, 0x66, 0x5D, 0xD3, 0xCC,
+        0x49, 0xBF, 0xDB, 0x99, 0x8D, 0x53, 0x9D, 0xA8,
+        0x09, 0x30, 0x55, 0x16, 0xBB, 0xBE, 0x9C, 0x90,
+        0x60, 0x21, 0x19, 0x1C, 0x52, 0x23, 0xE5, 0x25,
+        0xA8, 0xFC, 0x36, 0x16, 0xA1, 0x76, 0x5E, 0xC3,
+        0xF9, 0xC5, 0xDB, 0x53, 0xCC, 0x33, 0x7E, 0x03,
+        0x9F, 0x18, 0x6A, 0xCF, 0xEA, 0x91, 0x14, 0x8E,
+        0xE2, 0xA7, 0x9C, 0xCA, 0x36, 0x89, 0xED, 0xB6,
+        0x2A, 0xAF, 0x28, 0xB5, 0xD7, 0x52, 0xFD, 0xE2,
+        0x65, 0xEE, 0x52, 0x80, 0xB5, 0x19, 0x72, 0x6C,
+        0x1C, 0xA9, 0x80, 0x32, 0x95, 0xC6, 0x74, 0xB7,
+        0xEF, 0xAF, 0xA4, 0xD6, 0x1B, 0x30, 0x6A, 0x79,
+        0xE3, 0xF6, 0xE7, 0xA8, 0x87, 0xC2, 0xFB, 0x53,
+        0x5B, 0x3B, 0x0F, 0xB3, 0xD9, 0xEB, 0xC8, 0x76,
+        0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2,
+        0x8E, 0x99, 0xBB
+    };
+    static const byte sig_65_draft[] = {
+        0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30,
+        0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96,
+        0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90,
+        0x21, 0x4F, 0x10, 0x9F, 0x56, 0x48, 0x4F, 0x98,
+        0xC3, 0xAD, 0x1A, 0x53, 0xA5, 0x44, 0x1C, 0x2C,
+        0xA7, 0x2A, 0x3B, 0x31, 0x91, 0xBC, 0x04, 0x6F,
+        0x46, 0x37, 0x30, 0x45, 0xB9, 0xE5, 0x40, 0xC7,
+        0x3D, 0xFE, 0x91, 0xB6, 0x1F, 0x05, 0x88, 0xD6,
+        0x13, 0x59, 0x3F, 0xCE, 0x1B, 0x00, 0xEE, 0xF1,
+        0xB2, 0x27, 0x03, 0x4C, 0x6F, 0xD3, 0xB1, 0x8B,
+        0x3F, 0x22, 0x11, 0x10, 0xFB, 0x34, 0x5A, 0xA7,
+        0x86, 0x31, 0xB8, 0xB5, 0x9F, 0xBD, 0xFD, 0xCC,
+        0xDA, 0xE6, 0xA2, 0x4D, 0x25, 0x9D, 0x34, 0xAA,
+        0xBA, 0xD2, 0x18, 0xB3, 0xAE, 0x4E, 0x77, 0x18,
+        0x66, 0x53, 0xB8, 0x56, 0x3A, 0xA6, 0x12, 0x0A,
+        0x0A, 0x53, 0x1A, 0x4E, 0x91, 0x37, 0x30, 0xDC,
+        0x91, 0x4F, 0xE5, 0xE0, 0x08, 0xBE, 0xCE, 0x68,
+        0x69, 0xB0, 0x2B, 0x07, 0xFD, 0xC1, 0x62, 0x14,
+        0x54, 0x0D, 0x31, 0x6C, 0x43, 0xFA, 0x0C, 0x21,
+        0x1B, 0x41, 0xAC, 0x7E, 0x52, 0x65, 0x67, 0x29,
+        0xC7, 0x73, 0xE4, 0xC4, 0xB8, 0x8E, 0xD3, 0x11,
+        0x88, 0x6D, 0xD4, 0xD2, 0x75, 0x41, 0x7D, 0x70,
+        0x19, 0x66, 0x44, 0xEE, 0xD1, 0x5F, 0xA3, 0x15,
+        0x06, 0x60, 0x03, 0xE3, 0x09, 0xF8, 0x32, 0xAF,
+        0x91, 0x26, 0x2C, 0x94, 0x90, 0x11, 0xFC, 0xB0,
+        0xAD, 0x2C, 0xCE, 0x65, 0xDD, 0x9E, 0xFF, 0x56,
+        0x7E, 0xE2, 0x9C, 0xC4, 0x0A, 0x6F, 0xE0, 0x66,
+        0x4E, 0x7D, 0x9F, 0x23, 0x65, 0x68, 0xFC, 0x94,
+        0x29, 0x5D, 0xBB, 0x34, 0x28, 0x82, 0x33, 0xE8,
+        0xC5, 0x11, 0xD2, 0x88, 0x15, 0xEC, 0x72, 0x10,
+        0x32, 0x29, 0x6E, 0x1E, 0xDE, 0xCA, 0x7F, 0x72,
+        0x6A, 0x6E, 0xB0, 0xF7, 0x6C, 0xC5, 0x82, 0x80,
+        0x11, 0xC0, 0xE4, 0x01, 0x3C, 0xC7, 0xEE, 0x43,
+        0x29, 0xB8, 0x1E, 0xCC, 0x0D, 0x52, 0xED, 0x1E,
+        0x49, 0x1D, 0xD6, 0xD5, 0x5C, 0x52, 0x65, 0x66,
+        0x5E, 0xD8, 0xAD, 0x21, 0x9B, 0x89, 0x4F, 0x31,
+        0xC6, 0x8C, 0x61, 0x9A, 0xFC, 0xDB, 0x73, 0x58,
+        0xE5, 0x55, 0x4C, 0x49, 0x5B, 0x8B, 0x6E, 0x33,
+        0x25, 0x68, 0x8F, 0xB8, 0xC1, 0xA2, 0x53, 0x31,
+        0xD5, 0x7B, 0xD3, 0x48, 0xA2, 0x7D, 0x39, 0x09,
+        0x29, 0xBC, 0x46, 0xA1, 0x49, 0x6A, 0xB3, 0x5B,
+        0x46, 0xBA, 0x61, 0xB6, 0xB9, 0xD2, 0x3C, 0xD0,
+        0x63, 0x15, 0xFB, 0x72, 0xC2, 0x47, 0x76, 0x01,
+        0x61, 0x30, 0xAD, 0xB1, 0xCF, 0x2D, 0xC7, 0x29,
+        0x59, 0xEA, 0x9C, 0xAD, 0x96, 0xAF, 0x5D, 0xA9,
+        0x96, 0x12, 0x6C, 0xDD, 0x85, 0xB1, 0x34, 0xCC,
+        0x92, 0x7A, 0x51, 0xFD, 0x23, 0xF8, 0x47, 0x91,
+        0xA3, 0xFC, 0xDA, 0x07, 0x7E, 0x15, 0x99, 0x17,
+        0x48, 0xA0, 0x39, 0x4F, 0x33, 0x4E, 0xB8, 0xBC,
+        0x48, 0xA9, 0x9A, 0xB9, 0xDF, 0xBB, 0x0F, 0x2A,
+        0xAD, 0x6F, 0xBE, 0x48, 0x49, 0x61, 0xD3, 0xA4,
+        0xE8, 0xF8, 0xB2, 0x1A, 0x6A, 0xC0, 0x92, 0xB2,
+        0x26, 0xD6, 0xE1, 0x19, 0xFA, 0xD4, 0x4D, 0x8E,
+        0x57, 0x6F, 0xE9, 0x6C, 0x6C, 0xDB, 0x68, 0x40,
+        0xEA, 0x61, 0x4B, 0xAF, 0xC7, 0x07, 0x86, 0xC5,
+        0x19, 0xE1, 0xD5, 0xDC, 0x0F, 0x98, 0x44, 0x43,
+        0xC8, 0xB1, 0xE5, 0x4F, 0x8E, 0xE1, 0x76, 0xD9,
+        0x8B, 0x2C, 0x70, 0x27, 0xF5, 0x7D, 0x7E, 0x3D,
+        0xE9, 0xB2, 0xA0, 0xA3, 0x69, 0x11, 0xB8, 0xE4,
+        0x71, 0x21, 0xDE, 0x0C, 0x07, 0xEB, 0xBA, 0x5D,
+        0x7B, 0x59, 0x4E, 0xF2, 0x44, 0xC6, 0x83, 0x27,
+        0xEC, 0x6C, 0x6D, 0x1D, 0xD5, 0x01, 0xF4, 0x83,
+        0xFE, 0x9B, 0x95, 0x70, 0x59, 0x7E, 0x70, 0xDF,
+        0x41, 0x3E, 0x7A, 0xF0, 0x38, 0x47, 0xF4, 0x09,
+        0xED, 0x61, 0xE2, 0x84, 0x6E, 0x6C, 0x64, 0x1E,
+        0x6A, 0x7F, 0xFA, 0x79, 0xDE, 0x6B, 0xFA, 0x37,
+        0x3A, 0x06, 0x44, 0xB0, 0x0B, 0xF4, 0x1A, 0x03,
+        0x49, 0x92, 0xA7, 0x94, 0xDA, 0x17, 0xC8, 0x88,
+        0x85, 0x23, 0x90, 0x32, 0xC8, 0x51, 0x76, 0x4E,
+        0x3E, 0x4D, 0xBD, 0xE7, 0xF1, 0x2A, 0x16, 0xC5,
+        0xA2, 0x63, 0xE9, 0x64, 0xC1, 0xE7, 0xFD, 0xD3,
+        0xCC, 0xE5, 0x76, 0xDD, 0x6D, 0x56, 0xB1, 0x81,
+        0x82, 0x84, 0x8B, 0x75, 0x63, 0x64, 0x5D, 0x4E,
+        0x42, 0xFF, 0x22, 0x74, 0x2A, 0x99, 0x67, 0x85,
+        0x16, 0x9D, 0x7F, 0x50, 0x3B, 0x48, 0xA7, 0x15,
+        0x8B, 0x3C, 0xBD, 0x29, 0x93, 0x5E, 0xD3, 0x20,
+        0x49, 0xBE, 0xA1, 0xAD, 0x95, 0x3E, 0xF7, 0x07,
+        0x32, 0x7B, 0x77, 0x8B, 0xFD, 0xDD, 0xFC, 0x60,
+        0x51, 0x1D, 0xA1, 0x13, 0xA3, 0x4F, 0x65, 0x57,
+        0x12, 0xE4, 0xE5, 0x9D, 0x6C, 0xCE, 0x40, 0x4E,
+        0x94, 0xAB, 0xA6, 0x1E, 0x81, 0x35, 0x38, 0x8F,
+        0xC2, 0x1C, 0x8E, 0x41, 0x34, 0x4F, 0x32, 0x4B,
+        0x01, 0xAC, 0x8C, 0x06, 0x9F, 0x92, 0x57, 0x5D,
+        0x34, 0xF8, 0x8B, 0xCA, 0x22, 0xCB, 0x30, 0x7E,
+        0x37, 0x07, 0x00, 0x63, 0x32, 0x02, 0x56, 0xB8,
+        0xBA, 0xD6, 0xEB, 0x7A, 0x81, 0xAF, 0xE9, 0xA2,
+        0x54, 0x01, 0x6E, 0x1C, 0x8A, 0x12, 0x50, 0x89,
+        0xAA, 0xA3, 0xED, 0xE8, 0x4E, 0x5B, 0x6C, 0x2E,
+        0xCF, 0xAE, 0xFA, 0xA5, 0x2B, 0x9F, 0x57, 0x09,
+        0x60, 0x2C, 0x06, 0xAE, 0xA4, 0xA0, 0x38, 0x4E,
+        0x9B, 0x09, 0xE5, 0xB8, 0x81, 0x64, 0xB2, 0x74,
+        0xEA, 0x32, 0x65, 0xFB, 0x51, 0x52, 0x39, 0x7D,
+        0xFF, 0x5A, 0x3A, 0x08, 0x61, 0xE2, 0xBC, 0x12,
+        0xD2, 0x10, 0x92, 0x89, 0x72, 0x97, 0x47, 0xE8,
+        0x3F, 0xDF, 0x24, 0x3A, 0x1D, 0x17, 0xB9, 0x83,
+        0x48, 0x37, 0x98, 0x45, 0xA9, 0xE9, 0x55, 0xE2,
+        0xD6, 0xF9, 0x38, 0xDA, 0xA5, 0x91, 0x8E, 0x2A,
+        0x14, 0xF9, 0x7B, 0xA2, 0xBE, 0x50, 0x1C, 0xCC,
+        0xAF, 0xD6, 0x81, 0x91, 0x0F, 0x4A, 0x4F, 0x06,
+        0x71, 0x5C, 0xE8, 0x40, 0x96, 0xF3, 0x7A, 0x91,
+        0xDC, 0xCA, 0x2A, 0x8A, 0x4B, 0xE8, 0xDA, 0x79,
+        0x21, 0xDB, 0xF8, 0xD3, 0xF4, 0xEF, 0xB9, 0x8C,
+        0x6B, 0x4F, 0x94, 0x0E, 0xCE, 0xF8, 0x32, 0xB5,
+        0x49, 0xD0, 0x68, 0x94, 0x7C, 0x3D, 0xFB, 0x58,
+        0x09, 0xCB, 0x7B, 0x06, 0x0A, 0x3A, 0x0E, 0xF3,
+        0xB2, 0x1C, 0x01, 0x64, 0x50, 0x1D, 0xDE, 0xA7,
+        0xC9, 0xE5, 0xE7, 0x89, 0x7C, 0x6B, 0x1C, 0x46,
+        0x34, 0x8B, 0x2C, 0x3E, 0x80, 0x5F, 0x6F, 0x22,
+        0x87, 0xBA, 0x15, 0x8C, 0xF9, 0x25, 0xA7, 0xBA,
+        0x7F, 0x08, 0x25, 0x49, 0x89, 0xC8, 0x7D, 0x24,
+        0x97, 0x9A, 0xD9, 0x86, 0xAA, 0x97, 0xC5, 0x1B,
+        0x01, 0xF4, 0x5D, 0x4A, 0x1F, 0x24, 0x75, 0x29,
+        0x91, 0xF0, 0x42, 0x05, 0xEB, 0x55, 0x1F, 0xD0,
+        0x2D, 0x41, 0x5F, 0x2D, 0xD1, 0xEF, 0xF1, 0x42,
+        0xB0, 0xD7, 0x04, 0x16, 0xC6, 0xD8, 0x15, 0xEB,
+        0x91, 0x73, 0x2B, 0x26, 0x8F, 0xB2, 0x0D, 0x08,
+        0x67, 0x44, 0x2D, 0x71, 0xDE, 0xC0, 0x57, 0xB2,
+        0x86, 0xCD, 0x93, 0x81, 0x1F, 0xF3, 0xF6, 0x46,
+        0xEB, 0xD5, 0x65, 0xD5, 0x1D, 0x09, 0xA4, 0x2D,
+        0x3A, 0xBA, 0xAC, 0x0F, 0x34, 0xCC, 0x81, 0x7B,
+        0x18, 0x93, 0x8E, 0xCC, 0xBB, 0x1F, 0xEF, 0x05,
+        0xBD, 0x3C, 0x2B, 0x49, 0x4F, 0xA5, 0x29, 0xED,
+        0x4C, 0x63, 0x4C, 0x93, 0x25, 0xA4, 0x81, 0x73,
+        0xF2, 0x0F, 0xFA, 0xC3, 0x2D, 0xC1, 0x01, 0xE6,
+        0xEE, 0x03, 0xB2, 0xFC, 0xBE, 0xC2, 0x46, 0x8D,
+        0xBC, 0x8F, 0x76, 0x75, 0x8C, 0x32, 0x15, 0x47,
+        0x4F, 0x7E, 0xF2, 0x40, 0x65, 0xF7, 0x90, 0x60,
+        0xAC, 0xA3, 0xC8, 0xD5, 0xD7, 0x4A, 0xF7, 0x0F,
+        0x48, 0x30, 0x1D, 0xDB, 0x30, 0xC0, 0x5D, 0xB3,
+        0xEF, 0xA7, 0x26, 0xCF, 0x88, 0x55, 0x59, 0x01,
+        0x84, 0x12, 0x82, 0xAA, 0x08, 0xF6, 0x66, 0xA6,
+        0x53, 0x51, 0xA6, 0xA2, 0x4E, 0xED, 0x6B, 0xE2,
+        0x11, 0x77, 0x31, 0x07, 0xE1, 0x85, 0xE1, 0xB4,
+        0x88, 0xA2, 0xE4, 0x91, 0xB6, 0xC1, 0x41, 0x52,
+        0x84, 0x62, 0xA8, 0x64, 0x94, 0xB5, 0x4F, 0xDC,
+        0xCE, 0xCC, 0xB6, 0xAA, 0x21, 0x25, 0x36, 0x86,
+        0x69, 0x3A, 0xE7, 0x98, 0xC9, 0xCE, 0x9E, 0x0B,
+        0xDD, 0xC6, 0xAE, 0x53, 0xD9, 0xB7, 0x06, 0xDC,
+        0x4F, 0x4D, 0x81, 0xB9, 0xC7, 0x3C, 0x46, 0x1E,
+        0xCD, 0x70, 0x35, 0xC5, 0x17, 0x2E, 0xFA, 0xE5,
+        0x60, 0x2C, 0xAF, 0x88, 0xC6, 0x4E, 0x79, 0xE5,
+        0x32, 0x40, 0x30, 0x55, 0x5D, 0xE2, 0x11, 0xF8,
+        0x9F, 0xD4, 0x24, 0xC3, 0x38, 0xC3, 0x88, 0x3C,
+        0x83, 0xCA, 0x94, 0x05, 0xC2, 0xB5, 0xD1, 0x44,
+        0x5F, 0x7C, 0x98, 0xC4, 0x3E, 0xD3, 0xD2, 0xBE,
+        0xCB, 0xE2, 0x5F, 0x5F, 0x3F, 0x54, 0x4C, 0xCC,
+        0x5B, 0x5A, 0xEA, 0xE4, 0x7D, 0xDF, 0x3F, 0xB5,
+        0x64, 0x9F, 0xF5, 0xD6, 0x1E, 0xAA, 0x02, 0xED,
+        0xEB, 0xC7, 0x5C, 0xE4, 0x78, 0xBA, 0x00, 0x42,
+        0x6C, 0xAF, 0x47, 0x4F, 0xA7, 0x9E, 0x5B, 0x08,
+        0x9E, 0xB1, 0xA8, 0x82, 0xF1, 0x53, 0x54, 0x59,
+        0x26, 0x95, 0x95, 0x2B, 0xA0, 0xA8, 0xEE, 0x91,
+        0xE6, 0x49, 0xE3, 0xF2, 0xC3, 0x82, 0x26, 0x4D,
+        0xAA, 0x30, 0xF6, 0xA6, 0xD2, 0x17, 0xF6, 0x12,
+        0x9C, 0x19, 0x39, 0xB6, 0xDC, 0xAC, 0xCD, 0xA5,
+        0xB6, 0x37, 0x32, 0x6E, 0x8A, 0x83, 0x61, 0xC3,
+        0xB5, 0x6F, 0xCF, 0xFC, 0x48, 0x50, 0x36, 0x86,
+        0x58, 0x22, 0xB9, 0xBB, 0x87, 0xB4, 0x35, 0x10,
+        0xBC, 0xDD, 0x55, 0xBC, 0x35, 0x0D, 0xE7, 0xB2,
+        0xAE, 0x90, 0xA2, 0x1E, 0x9E, 0x19, 0x97, 0x8E,
+        0xDA, 0x10, 0xDF, 0x66, 0x76, 0x14, 0xA4, 0x4F,
+        0xE2, 0xA8, 0x4D, 0x16, 0xBE, 0x04, 0x3E, 0xA8,
+        0x77, 0x36, 0x33, 0xEA, 0x6B, 0xAD, 0xF6, 0x57,
+        0x10, 0x05, 0x2F, 0x34, 0x1F, 0x65, 0xCB, 0xE9,
+        0x28, 0xD3, 0x96, 0x2A, 0x5A, 0x2F, 0xE6, 0x4E,
+        0x46, 0xD6, 0xBF, 0xB8, 0xFD, 0x0D, 0x99, 0x78,
+        0xF0, 0x42, 0x3C, 0xBD, 0x19, 0x5F, 0x72, 0xF3,
+        0xCB, 0x19, 0xD7, 0xEF, 0xD9, 0xEB, 0xE3, 0x3C,
+        0xD2, 0xF5, 0x70, 0x9A, 0x57, 0x80, 0x7D, 0xF9,
+        0x44, 0xEC, 0xE5, 0x68, 0xAA, 0xCA, 0x43, 0x36,
+        0x42, 0x20, 0x83, 0xB0, 0x69, 0x7B, 0x6A, 0xA0,
+        0x05, 0x86, 0xE4, 0xBF, 0x7D, 0xD6, 0x73, 0xA3,
+        0xD5, 0x96, 0xB8, 0x61, 0x8A, 0xC3, 0xB4, 0x06,
+        0x17, 0x50, 0xC6, 0xBE, 0x97, 0xCB, 0x53, 0x75,
+        0x3D, 0x02, 0x39, 0x55, 0x56, 0x07, 0x5A, 0x26,
+        0xF1, 0x40, 0xB9, 0x3F, 0x57, 0x7D, 0xAD, 0x50,
+        0x5E, 0x1C, 0xF2, 0xB5, 0x51, 0xA0, 0x4C, 0x98,
+        0xC7, 0xF0, 0x90, 0x18, 0x31, 0xB3, 0xCA, 0x61,
+        0xD7, 0x5D, 0xA7, 0x93, 0xAC, 0x72, 0xA4, 0x4C,
+        0x7A, 0x07, 0xF7, 0xDB, 0xBA, 0xD6, 0x0A, 0x55,
+        0xF4, 0x9C, 0xBD, 0x79, 0xDE, 0xE4, 0x73, 0x9F,
+        0xFD, 0x36, 0x77, 0x8E, 0xBD, 0x08, 0xEB, 0xDB,
+        0x79, 0xEC, 0x07, 0xA1, 0x62, 0x39, 0xC5, 0xB9,
+        0x21, 0x59, 0x9F, 0xEB, 0xFE, 0xA4, 0x6D, 0xDF,
+        0x96, 0x6A, 0xA4, 0xA0, 0x15, 0x12, 0xE6, 0x10,
+        0x94, 0x3F, 0x5D, 0xC5, 0x4B, 0x4C, 0x76, 0xB7,
+        0x64, 0xB3, 0x80, 0xBF, 0x2F, 0x84, 0xED, 0xE3,
+        0x21, 0x24, 0x91, 0x2F, 0x54, 0xF7, 0xB6, 0xE2,
+        0x07, 0xB7, 0x38, 0x1F, 0x67, 0x0F, 0x7A, 0xA0,
+        0xF3, 0xC3, 0xED, 0x10, 0x15, 0x74, 0x03, 0x84,
+        0xDD, 0x61, 0xA9, 0x76, 0x5E, 0xE4, 0x69, 0x6E,
+        0xAC, 0xF8, 0x2E, 0xA4, 0x10, 0x69, 0x18, 0x05,
+        0xCB, 0x68, 0x89, 0x03, 0x53, 0x5D, 0x70, 0x46,
+        0x10, 0x0D, 0xCC, 0x2B, 0xA7, 0xD8, 0x30, 0x2A,
+        0xCB, 0x04, 0x30, 0xD5, 0x06, 0xCC, 0xC1, 0xC0,
+        0xDD, 0xEA, 0x71, 0x11, 0xA7, 0x6F, 0x45, 0xB4,
+        0x54, 0xE2, 0x5C, 0xDD, 0xFB, 0x63, 0x9B, 0x3D,
+        0x66, 0x4C, 0x36, 0xD8, 0x84, 0x35, 0x13, 0xA3,
+        0xFC, 0xAF, 0x9E, 0x60, 0x57, 0xE9, 0xBC, 0x06,
+        0x82, 0x37, 0xFE, 0x24, 0x19, 0xA2, 0xD2, 0xD9,
+        0x0B, 0x4A, 0x1F, 0xC2, 0xA7, 0x1A, 0x14, 0x6D,
+        0x2B, 0xD0, 0x43, 0x64, 0xC7, 0x9B, 0x8E, 0xBA,
+        0x8E, 0x3E, 0x88, 0xCE, 0x11, 0xE9, 0x16, 0xE4,
+        0xA7, 0x52, 0x84, 0x21, 0x32, 0x8C, 0xF5, 0x4F,
+        0xAA, 0xB2, 0xB1, 0x9F, 0x44, 0x46, 0x87, 0x81,
+        0xF8, 0xAB, 0x84, 0xB7, 0xDD, 0x97, 0x2F, 0xF5,
+        0x61, 0x50, 0x71, 0x43, 0x0A, 0x43, 0x74, 0xDA,
+        0xFC, 0xAE, 0x1E, 0x60, 0x44, 0xAA, 0x98, 0xE9,
+        0x85, 0x94, 0x1B, 0xA6, 0xB9, 0xDB, 0x8C, 0x02,
+        0xF5, 0x89, 0x60, 0x3E, 0xEB, 0x8B, 0xE9, 0x0A,
+        0x70, 0xEF, 0xC0, 0x88, 0xD7, 0x95, 0xE6, 0xDA,
+        0x1F, 0x1F, 0x2E, 0x6E, 0xCE, 0xDD, 0x03, 0x1D,
+        0x81, 0x99, 0xE6, 0x59, 0x12, 0xD4, 0x34, 0xD0,
+        0x9B, 0xFB, 0xE5, 0x94, 0x40, 0x6D, 0xC1, 0x15,
+        0x0E, 0x99, 0x35, 0x8C, 0xEA, 0x7F, 0xAD, 0x2E,
+        0x7C, 0x44, 0xC3, 0x8B, 0x6E, 0x0C, 0xEE, 0xAB,
+        0x9B, 0xDE, 0x0D, 0xB9, 0x7B, 0xCF, 0x5A, 0xC9,
+        0x94, 0x10, 0xC9, 0x47, 0x0E, 0x26, 0x6B, 0x8B,
+        0xE4, 0x5F, 0x66, 0x90, 0x83, 0x1F, 0x41, 0x45,
+        0xE2, 0x63, 0x79, 0xDB, 0x80, 0x7C, 0x26, 0xDD,
+        0xF9, 0x1E, 0x30, 0x9D, 0x4F, 0x4A, 0x3E, 0x7E,
+        0xCA, 0xB7, 0x36, 0x2F, 0x15, 0xD2, 0x0E, 0xA4,
+        0x33, 0xB7, 0xE7, 0x0A, 0x7D, 0xDE, 0x74, 0x16,
+        0xCE, 0xA8, 0x71, 0x49, 0x8B, 0x2C, 0xE3, 0xF5,
+        0x8D, 0x29, 0xD8, 0x62, 0x8C, 0x53, 0x18, 0x40,
+        0xF0, 0x22, 0xDD, 0x3B, 0xD2, 0xF3, 0x80, 0x9B,
+        0x11, 0x68, 0xD3, 0x8E, 0x63, 0xC7, 0xF6, 0x93,
+        0x08, 0xA3, 0x1A, 0x2D, 0x4D, 0x5E, 0xEB, 0x97,
+        0x42, 0x39, 0xB3, 0x4A, 0x62, 0xBC, 0x85, 0xE4,
+        0xEC, 0xF9, 0x0C, 0x33, 0x6A, 0x0C, 0x37, 0xBD,
+        0x9E, 0x0E, 0xF4, 0x26, 0x6B, 0x83, 0x5A, 0xC8,
+        0x90, 0x6A, 0x83, 0xCF, 0x0B, 0x35, 0x13, 0x8A,
+        0x65, 0xE5, 0xD9, 0xA6, 0x1F, 0xCC, 0x9B, 0x2D,
+        0x5A, 0x33, 0x7B, 0x8A, 0xBE, 0xF8, 0x8A, 0x7F,
+        0xB3, 0xC0, 0x94, 0x5D, 0x7C, 0xAF, 0x35, 0x61,
+        0x1A, 0xE0, 0xE4, 0x46, 0x93, 0xA5, 0xBC, 0xE0,
+        0xA6, 0xE2, 0xFE, 0xCA, 0xE9, 0xBD, 0xF4, 0xE3,
+        0x56, 0xD6, 0x53, 0x6B, 0x58, 0x1A, 0x18, 0xF0,
+        0x3A, 0x59, 0x16, 0x4E, 0xD5, 0x44, 0x7C, 0x7E,
+        0xC8, 0xBD, 0x99, 0x7B, 0xE9, 0x53, 0xDE, 0xD9,
+        0x32, 0x53, 0x5B, 0x5F, 0x43, 0x8A, 0x04, 0x31,
+        0x9F, 0x5E, 0x0D, 0x8B, 0x0F, 0xEB, 0xC8, 0xDE,
+        0x81, 0x46, 0x65, 0x8E, 0x52, 0xB9, 0x75, 0x9C,
+        0x73, 0x93, 0x5B, 0x12, 0x0D, 0xC9, 0xB8, 0x54,
+        0xF3, 0xC8, 0xF9, 0x4E, 0xC9, 0x33, 0x90, 0x57,
+        0xD7, 0xD7, 0xCD, 0x91, 0xF7, 0xE0, 0xB9, 0x8D,
+        0x84, 0xEC, 0x7B, 0x2F, 0x92, 0x32, 0x8D, 0x73,
+        0x60, 0x18, 0xB0, 0x31, 0x65, 0xA8, 0x74, 0x5F,
+        0x8E, 0x77, 0xEB, 0x80, 0x29, 0xF9, 0x78, 0x26,
+        0x70, 0xCB, 0xD8, 0x6B, 0x43, 0x16, 0xC7, 0xBE,
+        0x4A, 0x88, 0x03, 0x38, 0xBA, 0xCF, 0xB0, 0x15,
+        0x69, 0x9B, 0xF3, 0x0D, 0x3A, 0x4B, 0x05, 0x32,
+        0x54, 0x35, 0xBA, 0x5F, 0xA3, 0xB9, 0xD2, 0xB2,
+        0xFE, 0x0B, 0x51, 0x9C, 0x2C, 0xB2, 0x46, 0xE5,
+        0x3D, 0x1A, 0x34, 0x3D, 0x66, 0x1A, 0x66, 0x14,
+        0x3C, 0x6F, 0x46, 0x8C, 0x55, 0x38, 0x64, 0x5C,
+        0xC2, 0x6D, 0x4E, 0x2A, 0x87, 0x03, 0xEC, 0x9B,
+        0x10, 0xFC, 0x89, 0xBE, 0x6F, 0x85, 0x99, 0x97,
+        0x70, 0x8F, 0x31, 0x19, 0x4F, 0x0D, 0xFE, 0xE9,
+        0x29, 0x98, 0xB2, 0x5E, 0x93, 0xB9, 0x70, 0x70,
+        0xDE, 0x14, 0x40, 0x9D, 0x5B, 0xA4, 0x3D, 0xF8,
+        0x8D, 0x15, 0xC2, 0xFB, 0xA9, 0x7B, 0xDD, 0xE6,
+        0x18, 0xCC, 0x3F, 0xC0, 0x42, 0xF7, 0x74, 0x81,
+        0x84, 0xBA, 0x9E, 0xC9, 0xCB, 0xA1, 0xB2, 0x00,
+        0x68, 0x81, 0xD0, 0x51, 0x42, 0x64, 0x19, 0x8F,
+        0xB6, 0x91, 0xC5, 0xC0, 0x38, 0xE0, 0x49, 0x50,
+        0xCF, 0x69, 0x09, 0x93, 0x77, 0xFE, 0x66, 0xBA,
+        0x64, 0xE2, 0x19, 0x52, 0xA4, 0x45, 0x81, 0x71,
+        0x96, 0x64, 0xF5, 0xD9, 0x23, 0x97, 0xD2, 0x2A,
+        0xA7, 0x03, 0x2B, 0xF5, 0x89, 0xAF, 0x8A, 0xCA,
+        0x48, 0xDF, 0x6D, 0x14, 0xEB, 0x43, 0xCE, 0xF0,
+        0xA9, 0xC8, 0xA8, 0xF9, 0xAD, 0x32, 0x95, 0x25,
+        0xEF, 0x0A, 0xAA, 0x4F, 0x9E, 0x09, 0xC3, 0x51,
+        0x3C, 0xF0, 0x29, 0xF3, 0xDE, 0xFC, 0xBB, 0x41,
+        0x14, 0xFA, 0x0F, 0x66, 0x8D, 0xB4, 0x72, 0x2F,
+        0xCC, 0xD9, 0xC2, 0x07, 0xB6, 0x6F, 0x10, 0x9E,
+        0xD9, 0x5B, 0x45, 0x4B, 0xB6, 0x19, 0x5D, 0x59,
+        0xC4, 0xA6, 0x78, 0xBA, 0x6F, 0x5A, 0x9B, 0x23,
+        0x41, 0x21, 0xAD, 0x05, 0x16, 0xA1, 0xD4, 0x12,
+        0x3D, 0x38, 0x26, 0xD9, 0x2A, 0x61, 0xB3, 0x5D,
+        0xEB, 0x29, 0x5B, 0xAA, 0x2F, 0xE1, 0xB5, 0xEE,
+        0x25, 0x02, 0x1D, 0xAE, 0xF8, 0x57, 0xB5, 0xDF,
+        0x19, 0x2E, 0x17, 0x5E, 0x3A, 0x2A, 0x0D, 0x3F,
+        0x08, 0x2F, 0x21, 0x1C, 0xB5, 0xBD, 0xC2, 0x36,
+        0x27, 0x4F, 0x86, 0xC5, 0xDC, 0x74, 0xC3, 0x9B,
+        0xE9, 0x7C, 0xCF, 0x5F, 0x57, 0x94, 0xEB, 0x64,
+        0xEC, 0x64, 0x55, 0x45, 0x21, 0x0F, 0xC6, 0x67,
+        0xD1, 0xE0, 0x74, 0x0E, 0x66, 0xCB, 0xED, 0xC2,
+        0x06, 0x48, 0xCA, 0x1F, 0xA7, 0x34, 0x14, 0x59,
+        0x6B, 0xA0, 0x89, 0x17, 0xA1, 0x9A, 0x46, 0x3A,
+        0xD3, 0x02, 0x7C, 0x81, 0x83, 0x6B, 0x8F, 0x4F,
+        0x02, 0xB9, 0x9F, 0xC5, 0x08, 0x3F, 0x06, 0xF3,
+        0x4B, 0xD2, 0x30, 0x9C, 0x23, 0x42, 0xAD, 0x88,
+        0xA8, 0x4F, 0xA9, 0x6E, 0x20, 0x7C, 0x01, 0x08,
+        0xF6, 0x82, 0x54, 0x14, 0x94, 0x4F, 0x26, 0x4E,
+        0xD6, 0xC4, 0x66, 0x7C, 0x78, 0x8D, 0x61, 0xA6,
+        0xBC, 0x2C, 0x45, 0x6A, 0xF6, 0x6C, 0x2F, 0x76,
+        0x9E, 0x16, 0x90, 0x17, 0x06, 0x91, 0x2C, 0xC9,
+        0x0D, 0x4B, 0x6C, 0x90, 0xDC, 0xA1, 0x6C, 0xAC,
+        0x8F, 0xFE, 0xD8, 0x39, 0x70, 0x20, 0xE2, 0x97,
+        0x5E, 0x24, 0xFF, 0x4C, 0x80, 0x7C, 0x8A, 0xB7,
+        0x31, 0xC8, 0x1D, 0x36, 0xCA, 0x84, 0xC9, 0x12,
+        0x1A, 0x85, 0x13, 0xE0, 0xC9, 0xD0, 0xF4, 0x1B,
+        0xC6, 0x8F, 0x88, 0xEA, 0xCA, 0xA3, 0x55, 0x99,
+        0xFA, 0xE3, 0xBB, 0xA6, 0xFC, 0xC6, 0x52, 0x8D,
+        0x47, 0xE4, 0x0C, 0x07, 0x64, 0xCF, 0x9C, 0x83,
+        0x83, 0xB3, 0xA4, 0x45, 0x15, 0xE6, 0x1D, 0x92,
+        0xCD, 0xAE, 0xC9, 0xCB, 0x90, 0x82, 0xB5, 0xA0,
+        0xC0, 0x37, 0x94, 0x60, 0xD9, 0x17, 0x9A, 0x7D,
+        0x9D, 0xF2, 0x9E, 0x0B, 0x4B, 0x6A, 0x41, 0x18,
+        0x28, 0x52, 0x15, 0xE8, 0x7B, 0x6F, 0x11, 0x8E,
+        0x97, 0x31, 0xE4, 0x66, 0xFB, 0x3F, 0xEB, 0xD1,
+        0x95, 0xE1, 0x44, 0xFD, 0x20, 0x37, 0xD1, 0x16,
+        0x62, 0x75, 0x79, 0xAC, 0x55, 0xFE, 0xD5, 0xE3,
+        0x25, 0x85, 0xEC, 0x66, 0x38, 0xA0, 0xDF, 0xBE,
+        0x6E, 0xD6, 0xC5, 0x87, 0x6C, 0xF8, 0x11, 0x4C,
+        0x90, 0x2A, 0xEF, 0xA3, 0x63, 0xF4, 0xC9, 0xB7,
+        0x2E, 0x7D, 0x5C, 0x85, 0x2D, 0xCC, 0x1A, 0xF2,
+        0xB8, 0x85, 0x2A, 0x9D, 0x0F, 0x99, 0x59, 0x38,
+        0x86, 0x50, 0x84, 0xCE, 0x52, 0x13, 0xB3, 0x08,
+        0xA9, 0xCB, 0x37, 0xF6, 0x81, 0x96, 0x0D, 0x84,
+        0xEF, 0xE1, 0xDF, 0x51, 0x34, 0xA5, 0x91, 0x5A,
+        0xE5, 0x87, 0x8B, 0x10, 0xDA, 0x0F, 0xD4, 0xD9,
+        0xAC, 0x2A, 0xEF, 0x0C, 0x7E, 0x01, 0xC2, 0xE9,
+        0xE7, 0xC0, 0x17, 0xE7, 0xBA, 0x74, 0x0C, 0xEE,
+        0x1A, 0x89, 0x94, 0x59, 0xBB, 0x75, 0x03, 0x3E,
+        0xEA, 0xF3, 0x19, 0x0D, 0x67, 0x79, 0xED, 0x9E,
+        0xDD, 0x84, 0x6A, 0x74, 0xE3, 0x21, 0x52, 0x8C,
+        0x03, 0x08, 0x4A, 0x5D, 0x30, 0x87, 0x48, 0x39,
+        0x71, 0x8A, 0x53, 0x54, 0x9B, 0x2E, 0xC6, 0xB2,
+        0xB7, 0x30, 0xAA, 0x93, 0x5C, 0xA6, 0xE1, 0xC4,
+        0xFD, 0x8B, 0xE0, 0x35, 0x7D, 0x93, 0xF6, 0x21,
+        0x74, 0xEE, 0xED, 0xF8, 0xDA, 0xB7, 0x75, 0x5B,
+        0x46, 0x65, 0x7E, 0x59, 0xD7, 0xAA, 0x00, 0xB9,
+        0xF2, 0xF8, 0x5E, 0x4C, 0x0F, 0x77, 0xFA, 0x11,
+        0xA5, 0xD6, 0x9A, 0x23, 0xB1, 0xEF, 0x3A, 0x09,
+        0xF2, 0x19, 0xD8, 0x3B, 0x1F, 0x39, 0x1F, 0x84,
+        0x13, 0x18, 0xEE, 0xF3, 0x5A, 0x32, 0x63, 0x67,
+        0xBF, 0xA2, 0xB1, 0x5F, 0xD7, 0x14, 0x03, 0x20,
+        0x92, 0xB9, 0xD0, 0x2B, 0xF6, 0x13, 0xAF, 0xF7,
+        0x69, 0x6F, 0xAD, 0xF1, 0xDE, 0x2C, 0x81, 0x70,
+        0x77, 0xCB, 0x7C, 0x99, 0x67, 0x76, 0xD6, 0x9E,
+        0xC2, 0x41, 0xA2, 0x42, 0x54, 0xDA, 0x2D, 0x13,
+        0x98, 0x76, 0x91, 0xEA, 0xC7, 0xEB, 0xA8, 0xCD,
+        0x8D, 0xCF, 0xB3, 0x94, 0x7B, 0x1D, 0x99, 0xED,
+        0xF9, 0x62, 0xD2, 0x15, 0xB3, 0x18, 0xBB, 0x5F,
+        0x9A, 0xA0, 0x4D, 0x1C, 0x82, 0x62, 0x6A, 0x41,
+        0x73, 0xD0, 0x2D, 0x41, 0x0C, 0x58, 0x6B, 0xCA,
+        0x4E, 0x51, 0xCA, 0x4F, 0x3E, 0x15, 0x1B, 0x54,
+        0xF1, 0x7A, 0x6B, 0xC9, 0x67, 0x76, 0x09, 0xBB,
+        0xAF, 0x6C, 0x30, 0x38, 0xA6, 0x7C, 0xAD, 0xA6,
+        0x6B, 0x4F, 0xDF, 0xB5, 0x10, 0x29, 0xE0, 0x78,
+        0x07, 0xD7, 0x05, 0x96, 0x9D, 0x96, 0xC9, 0xAB,
+        0xFB, 0x71, 0x62, 0xE4, 0x58, 0x10, 0xA1, 0xDC,
+        0x4B, 0x56, 0xDA, 0x14, 0x77, 0xED, 0x90, 0x0A,
+        0x89, 0xCC, 0xAC, 0x29, 0x8E, 0x17, 0x88, 0x42,
+        0x69, 0xC3, 0x9E, 0x8D, 0x7A, 0xB9, 0x66, 0xF3,
+        0x3D, 0xDA, 0xDB, 0xE5, 0x6A, 0x38, 0x4C, 0xA2,
+        0x0A, 0x7B, 0x18, 0x99, 0xEC, 0x18, 0xE2, 0xAE,
+        0x54, 0x70, 0x00, 0xB9, 0x04, 0xE3, 0x4E, 0x46,
+        0x80, 0x1D, 0x85, 0x74, 0xDB, 0x00, 0x84, 0x17,
+        0xBC, 0xFD, 0xD1, 0xA7, 0x4D, 0xC0, 0x18, 0xE5,
+        0x07, 0xB7, 0x6B, 0x0F, 0xA0, 0x86, 0x26, 0x23,
+        0x5B, 0x1C, 0xE2, 0x4B, 0xCF, 0xC3, 0x20, 0xFA,
+        0xE3, 0x55, 0x1C, 0x1C, 0x92, 0x9B, 0x94, 0xC7,
+        0xC4, 0x96, 0x53, 0x41, 0x82, 0x9D, 0x8A, 0x13,
+        0x47, 0xD6, 0xA7, 0x38, 0x58, 0x03, 0xB0, 0x8B,
+        0xCD, 0xA8, 0x4A, 0x27, 0xEA, 0x5E, 0x49, 0xCA,
+        0x1E, 0x60, 0x06, 0xEA, 0x23, 0x2A, 0x53, 0xEE,
+        0x41, 0x7E, 0xC8, 0x81, 0xD3, 0x32, 0x8A, 0x15,
+        0x63, 0x82, 0xA6, 0xB2, 0x93, 0x89, 0x4D, 0xDF,
+        0x9B, 0x36, 0x9C, 0xDE, 0x6B, 0x2F, 0xF5, 0x9C,
+        0xB6, 0xA5, 0x64, 0xE2, 0x1C, 0x92, 0x79, 0xEC,
+        0xA0, 0x31, 0x1F, 0x5D, 0x80, 0xCE, 0x39, 0xB9,
+        0x8B, 0xF9, 0x0D, 0xB3, 0x27, 0xF7, 0x4D, 0x3F,
+        0x76, 0x2D, 0x11, 0x7D, 0xF5, 0xF9, 0x13, 0x20,
+        0x84, 0xFF, 0xB5, 0x55, 0xA5, 0xD1, 0x47, 0x22,
+        0x1A, 0xF8, 0x63, 0xAB, 0xF7, 0x87, 0x15, 0xB7,
+        0x21, 0x94, 0x52, 0x9A, 0x0E, 0x33, 0x4D, 0x4A,
+        0x19, 0x1D, 0x42, 0xA9, 0x9B, 0xEA, 0x52, 0xAD,
+        0xA2, 0xC7, 0xCC, 0x4A, 0x97, 0x74, 0xD5, 0xCB,
+        0x28, 0xD4, 0xED, 0x82, 0xB6, 0x1F, 0x94, 0xE8,
+        0x9F, 0x60, 0xF0, 0xC8, 0xEA, 0x52, 0xDC, 0x07,
+        0x9D, 0x46, 0x58, 0xBF, 0x8C, 0x85, 0x6D, 0x61,
+        0x52, 0xD9, 0x22, 0x51, 0x94, 0x8B, 0x3B, 0xA0,
+        0x14, 0xD8, 0xBA, 0xF3, 0xDC, 0xD3, 0x6B, 0xC7,
+        0x1F, 0x8E, 0x5B, 0x2C, 0xE6, 0xF5, 0x35, 0xB7,
+        0xB9, 0xAE, 0x13, 0xDA, 0x4A, 0x1E, 0xAF, 0xFC,
+        0x25, 0x3B, 0xE4, 0x3A, 0x9F, 0x60, 0x8E, 0xAC,
+        0xE7, 0x33, 0xCF, 0xCE, 0x52, 0xEA, 0x5C, 0xDA,
+        0x83, 0x59, 0xDB, 0x53, 0xFF, 0x3A, 0xF2, 0xCE,
+        0xFE, 0x87, 0x79, 0xBC, 0xC5, 0x3C, 0x24, 0xA4,
+        0xB1, 0x8D, 0x5E, 0x0D, 0x78, 0x1B, 0xEC, 0xF7,
+        0x5B, 0x54, 0x77, 0x47, 0x3A, 0x20, 0x24, 0xAD,
+        0x56, 0xC5, 0x4A, 0x7F, 0x99, 0x0E, 0xF6, 0xB1,
+        0xDF, 0xAC, 0x50, 0x10, 0x88, 0x50, 0x9D, 0x3A,
+        0x37, 0xF1, 0xC8, 0xD5, 0xC2, 0x64, 0x87, 0xE4,
+        0x20, 0xB7, 0xF4, 0x35, 0x8E, 0x92, 0x69, 0x76,
+        0x1F, 0xF1, 0xFA, 0x3A, 0xFC, 0xBE, 0xCA, 0xEB,
+        0x68, 0xF5, 0xDD, 0xDE, 0x3A, 0xA8, 0xFD, 0x07,
+        0x8C, 0xC4, 0x22, 0x4C, 0xEA, 0x67, 0x13, 0x2D,
+        0x7E, 0xBF, 0x5D, 0x23, 0x2E, 0x43, 0xBA, 0xDD,
+        0x21, 0x8C, 0x0B, 0x4D, 0xBE, 0x1E, 0x16, 0x52,
+        0x98, 0x66, 0xB9, 0xAB, 0x93, 0x58, 0x85, 0xAC,
+        0xB4, 0x15, 0xFB, 0xB1, 0xEE, 0xE6, 0x94, 0x08,
+        0xA5, 0x21, 0xB4, 0x62, 0xEC, 0x59, 0xCD, 0x0D,
+        0x3C, 0x54, 0x96, 0xD9, 0x85, 0xAE, 0xB0, 0xCE,
+        0x37, 0x4F, 0x67, 0x72, 0xA4, 0xE6, 0x39, 0x3A,
+        0x4E, 0xF0, 0x07, 0x43, 0x80, 0x90, 0xA8, 0xA9,
+        0xE5, 0x2D, 0x2F, 0x55, 0x66, 0x6D, 0x70, 0xF0,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
+        0x08, 0x0E, 0x12, 0x19, 0x20
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte pk_87_draft[] = {
+        0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1,
+        0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D,
+        0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21,
+        0x0F, 0x45, 0x62, 0xA3, 0xBF, 0x67, 0x0C, 0xB1,
+        0x5C, 0xE9, 0x25, 0xFD, 0x22, 0xF2, 0x62, 0x42,
+        0xBA, 0xE3, 0x10, 0xB3, 0xAA, 0x41, 0x3B, 0x6E,
+        0x78, 0xD4, 0x42, 0xD9, 0x35, 0xD1, 0x72, 0x8A,
+        0x32, 0x48, 0xCC, 0x20, 0x5C, 0xCD, 0x8D, 0x3F,
+        0xD8, 0x34, 0x95, 0x55, 0x20, 0xCD, 0xFB, 0x2C,
+        0x73, 0xE9, 0x0E, 0x60, 0x8B, 0x2C, 0x3F, 0xA8,
+        0xB7, 0xD1, 0x79, 0xFD, 0xDC, 0xC8, 0x81, 0x11,
+        0xC9, 0xE8, 0x41, 0x71, 0xE9, 0x70, 0x9B, 0x53,
+        0x59, 0x33, 0xE4, 0x92, 0xB6, 0x81, 0x9C, 0x6A,
+        0x92, 0xED, 0xA2, 0x5A, 0xC4, 0x07, 0x77, 0x1A,
+        0x8F, 0xED, 0xB4, 0xE7, 0x11, 0xFB, 0x89, 0xEB,
+        0x7B, 0xDF, 0xCC, 0xEA, 0xC5, 0x3B, 0x4E, 0xF4,
+        0x6B, 0x6F, 0xBE, 0xE1, 0x32, 0xA9, 0xD7, 0xAD,
+        0xB4, 0x36, 0xE7, 0x4A, 0x6D, 0x67, 0x11, 0x83,
+        0xAF, 0x31, 0x1A, 0x7A, 0x31, 0x42, 0x9B, 0x01,
+        0x21, 0x17, 0x52, 0x75, 0x85, 0xF7, 0x92, 0x0F,
+        0x34, 0x8A, 0x69, 0x11, 0x88, 0x5A, 0x02, 0x08,
+        0xB6, 0x6D, 0xE3, 0x07, 0x93, 0xB1, 0x3F, 0xE1,
+        0xD5, 0x7B, 0xD9, 0x51, 0xF7, 0xAA, 0xC0, 0x34,
+        0x9A, 0x78, 0x5D, 0x26, 0xDB, 0xF1, 0xF0, 0xA9,
+        0x1E, 0x5C, 0x9F, 0x4F, 0xA7, 0x43, 0x5C, 0x44,
+        0xA9, 0x43, 0xF1, 0x38, 0x11, 0x45, 0xED, 0xEB,
+        0x1C, 0x8A, 0x05, 0xEE, 0xFF, 0xAB, 0x20, 0x2C,
+        0xF6, 0x2C, 0xEE, 0x77, 0x42, 0x36, 0x3E, 0xE6,
+        0x9D, 0x8E, 0x45, 0x0F, 0xF6, 0x7C, 0x39, 0x62,
+        0xD6, 0xFF, 0x97, 0xBC, 0x3D, 0x02, 0xD6, 0xDF,
+        0x4A, 0x35, 0xDA, 0x3F, 0x89, 0xA4, 0x88, 0x33,
+        0xCD, 0xF2, 0x90, 0xF0, 0xE9, 0x37, 0x2F, 0x65,
+        0xA5, 0x88, 0x65, 0xFD, 0x40, 0x44, 0xAD, 0x09,
+        0x09, 0x92, 0xAA, 0x15, 0x9E, 0xEE, 0xF7, 0x2B,
+        0x0D, 0xA7, 0xCB, 0x3A, 0x5E, 0x0A, 0xED, 0xD6,
+        0x7D, 0x82, 0x8B, 0xBA, 0xCF, 0xE5, 0x9E, 0xE4,
+        0x62, 0xAB, 0x69, 0x6B, 0xBA, 0xD0, 0xE5, 0xA9,
+        0xBB, 0x1F, 0x5A, 0x51, 0xE0, 0xFA, 0x5D, 0xD4,
+        0x4D, 0x8E, 0xC0, 0xDC, 0x43, 0x06, 0xDF, 0x23,
+        0x67, 0xB2, 0x4A, 0xA2, 0xFB, 0x75, 0x2F, 0x82,
+        0xD8, 0x44, 0xE4, 0xC0, 0xCE, 0x15, 0x9E, 0x3F,
+        0xD6, 0xB4, 0x70, 0x5F, 0x3B, 0xD0, 0x56, 0x3E,
+        0x0A, 0x7A, 0x4B, 0x94, 0xBF, 0xBA, 0x01, 0x2B,
+        0x9C, 0x8B, 0x91, 0x35, 0xF2, 0xDB, 0x4C, 0x8C,
+        0x8D, 0xD6, 0xEE, 0xC8, 0x65, 0x8D, 0xF3, 0x05,
+        0x59, 0xBE, 0x3A, 0x17, 0xA7, 0x72, 0x10, 0x56,
+        0x14, 0xEF, 0xB8, 0xC1, 0xBE, 0x18, 0x11, 0x0B,
+        0xE6, 0x70, 0xF8, 0x39, 0xA5, 0x72, 0x7D, 0xF9,
+        0x47, 0xFB, 0xAC, 0xFD, 0x1F, 0xC3, 0x71, 0x33,
+        0x58, 0x44, 0x15, 0xD3, 0x7C, 0x93, 0x2E, 0x70,
+        0x92, 0xFA, 0xBB, 0xF2, 0xD0, 0x9D, 0x25, 0xC4,
+        0xCF, 0x4A, 0xB8, 0xEC, 0xBE, 0x5D, 0x8B, 0x7F,
+        0xA4, 0x7C, 0xAB, 0xAD, 0xE7, 0x1E, 0x93, 0x83,
+        0x92, 0x86, 0x1E, 0x8D, 0x15, 0xA4, 0x1C, 0x5B,
+        0x42, 0x25, 0xDA, 0x3D, 0x16, 0xD3, 0x93, 0xF2,
+        0x85, 0x50, 0x86, 0x0A, 0x86, 0x35, 0x6B, 0x14,
+        0xAB, 0x5F, 0x22, 0xD0, 0xCF, 0x03, 0x7C, 0xEB,
+        0xB4, 0x0E, 0xAC, 0x87, 0xA2, 0x41, 0x42, 0xA0,
+        0x21, 0x93, 0x00, 0xB6, 0x47, 0x6F, 0x96, 0xD0,
+        0x41, 0xD1, 0xC3, 0x0E, 0x3C, 0x52, 0xD2, 0x45,
+        0xAB, 0x6A, 0xE7, 0xA1, 0xE5, 0xFD, 0x73, 0xC5,
+        0x82, 0x9D, 0x60, 0x62, 0x8B, 0x6D, 0x87, 0xFC,
+        0x88, 0x9C, 0x3E, 0xEF, 0xAE, 0xAA, 0xB6, 0x1C,
+        0x18, 0xEE, 0xD7, 0x51, 0x1A, 0x96, 0xC4, 0x93,
+        0x25, 0x05, 0xD3, 0x83, 0x3D, 0xD8, 0x33, 0x16,
+        0x14, 0x44, 0x88, 0xE2, 0xAF, 0xC4, 0xEC, 0x59,
+        0x18, 0x12, 0xB9, 0x99, 0xC1, 0xC9, 0x5F, 0x31,
+        0x79, 0x00, 0x03, 0xF6, 0xC9, 0x55, 0x14, 0xAA,
+        0x29, 0x08, 0x78, 0x24, 0xAF, 0x1D, 0x99, 0x12,
+        0x36, 0xD9, 0x4A, 0xD9, 0x50, 0xEF, 0x66, 0xFC,
+        0x7F, 0xF4, 0xBC, 0x3B, 0xA0, 0xF6, 0xFD, 0xF2,
+        0x62, 0xCA, 0xA5, 0x9D, 0x2B, 0x55, 0xB8, 0x33,
+        0xBC, 0xA6, 0x7A, 0xA5, 0x1E, 0xE1, 0x14, 0x5F,
+        0x94, 0xE2, 0xDC, 0xF0, 0x5B, 0xBD, 0x43, 0x07,
+        0xD8, 0xB1, 0xE0, 0x81, 0x3F, 0x84, 0x54, 0x90,
+        0xBF, 0x23, 0x59, 0x92, 0x3C, 0xA5, 0x98, 0xAB,
+        0x7D, 0x99, 0xD2, 0xF0, 0xED, 0x8E, 0x0B, 0xC9,
+        0x9F, 0xAF, 0xB0, 0x13, 0xED, 0xC7, 0xDD, 0xB8,
+        0x61, 0x72, 0x07, 0x3D, 0xCC, 0x35, 0x73, 0xA0,
+        0xCF, 0x0C, 0xD9, 0x7E, 0x93, 0xDC, 0x63, 0xB8,
+        0x82, 0xEC, 0xF4, 0x30, 0xCE, 0x43, 0x92, 0xEA,
+        0x5E, 0xD8, 0xC8, 0xA1, 0xEC, 0x79, 0xDC, 0xAE,
+        0x64, 0xD4, 0x33, 0xEB, 0x53, 0x8C, 0xFC, 0x49,
+        0x79, 0xBF, 0x7A, 0x28, 0x65, 0x1E, 0x8C, 0xD5,
+        0x21, 0xB0, 0x8E, 0xCA, 0xAD, 0xF8, 0x96, 0x9A,
+        0x98, 0x10, 0x00, 0x35, 0x6D, 0x58, 0x9A, 0xEF,
+        0x84, 0x84, 0x86, 0x72, 0xBA, 0xCD, 0x38, 0x66,
+        0x96, 0x9B, 0xC2, 0x83, 0xB0, 0x65, 0xC1, 0xAB,
+        0xCF, 0x63, 0x8C, 0x2D, 0xC3, 0x42, 0xB2, 0x7D,
+        0xF6, 0xB8, 0xF0, 0x3D, 0x26, 0x21, 0x8F, 0xAE,
+        0x4E, 0x96, 0xF2, 0x55, 0x66, 0xBC, 0x6F, 0xED,
+        0xE7, 0x19, 0xD3, 0x8D, 0xC0, 0xCD, 0x55, 0x20,
+        0x5F, 0x10, 0xCA, 0xDA, 0x09, 0xED, 0x91, 0x4A,
+        0x43, 0x33, 0xD3, 0x82, 0x11, 0x5C, 0x2F, 0x5D,
+        0xEC, 0xCD, 0x54, 0xF9, 0x6C, 0xE4, 0xE5, 0xF2,
+        0x68, 0xBC, 0xE9, 0x27, 0xB2, 0x1D, 0xCA, 0xB5,
+        0xCD, 0x04, 0x01, 0x1E, 0x92, 0xF5, 0xF6, 0x01,
+        0x86, 0x2B, 0x20, 0x20, 0x9B, 0xB0, 0xF9, 0x56,
+        0xD9, 0x33, 0xD5, 0x0A, 0xEC, 0x1B, 0xF4, 0xCE,
+        0xD2, 0xB2, 0xC2, 0xD4, 0x3F, 0x9A, 0x25, 0x76,
+        0x8E, 0x29, 0x87, 0x52, 0x64, 0x86, 0x4A, 0xA5,
+        0x7B, 0x5A, 0x91, 0x72, 0x6E, 0xBE, 0x6D, 0x73,
+        0x0A, 0x8D, 0x89, 0x53, 0x82, 0x33, 0x70, 0x44,
+        0x20, 0xBE, 0xE0, 0xB0, 0x1B, 0x76, 0x30, 0x43,
+        0xA5, 0x5B, 0x8F, 0xAB, 0x7E, 0xB8, 0x61, 0x5F,
+        0x43, 0x70, 0x1B, 0x1A, 0x71, 0x61, 0x56, 0xF9,
+        0x13, 0x31, 0x2A, 0x64, 0x33, 0x14, 0x00, 0x98,
+        0x72, 0xEC, 0x32, 0x88, 0x09, 0xFB, 0x64, 0x46,
+        0x3D, 0x56, 0x02, 0xD9, 0x76, 0xD3, 0xAA, 0x90,
+        0x0F, 0xBD, 0xF0, 0xF9, 0x96, 0x43, 0x7B, 0x62,
+        0x19, 0x26, 0x22, 0x6A, 0x93, 0x91, 0xEC, 0x07,
+        0x34, 0xF5, 0x22, 0x32, 0xB3, 0x65, 0x66, 0xE0,
+        0x6B, 0x11, 0x7F, 0x97, 0x9F, 0x1A, 0x89, 0x46,
+        0xCE, 0x8F, 0xBD, 0xFD, 0x2F, 0xCC, 0x3D, 0xBF,
+        0xF2, 0x83, 0xA4, 0x30, 0xE1, 0x02, 0x72, 0xF8,
+        0x74, 0xE6, 0x21, 0x96, 0x77, 0xE1, 0x57, 0x8A,
+        0xF7, 0x9E, 0xB3, 0x31, 0xAF, 0xD8, 0xC5, 0xD7,
+        0x20, 0xDC, 0xFD, 0xCF, 0x79, 0x06, 0x0F, 0x1F,
+        0xE5, 0x84, 0x3D, 0x0B, 0x9C, 0xB3, 0xC7, 0xAB,
+        0xB8, 0xF1, 0xC0, 0xD0, 0xB5, 0xC7, 0x01, 0xE2,
+        0x0E, 0x3B, 0xAF, 0x7E, 0xAC, 0x44, 0x5A, 0x75,
+        0x50, 0x0A, 0x76, 0x1C, 0x13, 0xDB, 0x25, 0xD4,
+        0x0D, 0x19, 0x75, 0x4C, 0x02, 0xD9, 0xF3, 0xDF,
+        0x6D, 0xBB, 0xCF, 0x47, 0xA6, 0xAE, 0xF6, 0xD1,
+        0xFB, 0xF4, 0xB4, 0x55, 0xD3, 0xA5, 0x87, 0xA1,
+        0x55, 0xFB, 0xBF, 0xCD, 0xF6, 0xA1, 0x64, 0x57,
+        0x12, 0x75, 0x9A, 0x11, 0xA3, 0xCE, 0x42, 0x70,
+        0x84, 0x54, 0x93, 0x12, 0xE1, 0x3A, 0x0F, 0xFA,
+        0xCA, 0xF2, 0x25, 0x91, 0xF1, 0x4D, 0x8F, 0x84,
+        0xB1, 0xB5, 0x35, 0xAC, 0xE9, 0x81, 0x77, 0x34,
+        0x4D, 0x6F, 0x5D, 0x14, 0x9D, 0xB9, 0xE1, 0xF0,
+        0x3F, 0x3C, 0xE7, 0xAD, 0x48, 0xE6, 0x8C, 0x51,
+        0x86, 0xF4, 0x4A, 0xB4, 0xD0, 0x98, 0xEC, 0x3A,
+        0x4E, 0xAB, 0x58, 0x2F, 0x08, 0x9E, 0x5A, 0x9D,
+        0x45, 0x30, 0xB0, 0x85, 0xDF, 0x4A, 0xE7, 0x92,
+        0xC6, 0xC8, 0x18, 0x93, 0x08, 0xCE, 0x9A, 0x8C,
+        0xE2, 0x91, 0x8D, 0x91, 0x57, 0x7B, 0x37, 0xC8,
+        0x80, 0xA2, 0x31, 0x10, 0x0D, 0x4E, 0xEF, 0x51,
+        0x07, 0x94, 0x8E, 0xF8, 0x3C, 0x3C, 0x2E, 0xD5,
+        0x03, 0x26, 0xB8, 0x72, 0x7F, 0xB9, 0xBC, 0xD7,
+        0x95, 0xC4, 0x31, 0x08, 0xEC, 0x6F, 0xEE, 0x11,
+        0xAF, 0xC0, 0xA2, 0xEC, 0xD7, 0xC8, 0x0B, 0xBE,
+        0x15, 0xAE, 0xC9, 0x17, 0xBE, 0x37, 0xE2, 0x40,
+        0x83, 0x65, 0xDE, 0xB3, 0x4E, 0xB4, 0x15, 0xB3,
+        0x5C, 0x14, 0xF6, 0x5F, 0xA9, 0x1F, 0x70, 0xB5,
+        0x23, 0x93, 0x78, 0xB9, 0x47, 0xF9, 0x1D, 0x2B,
+        0x1E, 0x8D, 0xB1, 0x25, 0x7E, 0xE5, 0x85, 0x3C,
+        0x16, 0x9F, 0xD0, 0xC2, 0x67, 0x8B, 0x0D, 0xD2,
+        0x72, 0x4E, 0x74, 0x30, 0xE1, 0xAF, 0xB8, 0x66,
+        0xCB, 0x53, 0xDF, 0xC4, 0xFB, 0xA5, 0x6D, 0x03,
+        0xF2, 0xAE, 0xEE, 0x90, 0xFE, 0xD7, 0x30, 0xAF,
+        0x33, 0x98, 0x09, 0xEB, 0x75, 0xC7, 0x3E, 0xC8,
+        0x2F, 0xE7, 0x22, 0x5F, 0x2F, 0x0A, 0xBD, 0xA4,
+        0x22, 0x88, 0x28, 0x19, 0x35, 0x83, 0x12, 0x86,
+        0xEE, 0x72, 0xB4, 0x26, 0x89, 0x2F, 0xC7, 0x11,
+        0x6E, 0xDD, 0x14, 0x98, 0x22, 0xE7, 0x73, 0x3E,
+        0xFA, 0x46, 0x75, 0xF9, 0x40, 0xC1, 0x84, 0x22,
+        0xBC, 0x75, 0x36, 0xC7, 0x82, 0xD3, 0xAE, 0x6E,
+        0x0D, 0xBF, 0x6F, 0xC3, 0x4B, 0x67, 0x49, 0x19,
+        0xF3, 0x4B, 0x12, 0xF2, 0x83, 0xFD, 0x39, 0x56,
+        0x44, 0x05, 0x3A, 0x24, 0x6A, 0x35, 0x69, 0x12,
+        0xCF, 0xE4, 0x93, 0xFE, 0x26, 0xCC, 0xD6, 0x01,
+        0xA0, 0x4A, 0x84, 0xA8, 0x1D, 0x85, 0xE6, 0x83,
+        0x0F, 0x3C, 0xE6, 0x6D, 0xD2, 0xCB, 0xB1, 0x14,
+        0x8C, 0xEC, 0x10, 0xB3, 0x63, 0x4B, 0x9C, 0xF5,
+        0x11, 0xE0, 0xF9, 0x86, 0x6F, 0xA7, 0xC0, 0x3B,
+        0x9D, 0x25, 0xD7, 0x54, 0xCA, 0x40, 0x4D, 0x26,
+        0xBA, 0x71, 0x8E, 0x25, 0xF5, 0xA7, 0xE3, 0x9B,
+        0x25, 0x20, 0x7F, 0x29, 0x05, 0xB6, 0x27, 0x14,
+        0x17, 0x67, 0x26, 0x10, 0xAD, 0xA3, 0x06, 0x03,
+        0xFE, 0x82, 0x85, 0x5D, 0x01, 0x04, 0x4D, 0xE0,
+        0x64, 0x38, 0x38, 0x5E, 0x83, 0x1E, 0x21, 0x9A,
+        0x39, 0x02, 0xF8, 0xF9, 0x69, 0x85, 0x52, 0xE5,
+        0xEC, 0x6A, 0xAC, 0x96, 0x86, 0xA7, 0x88, 0x69,
+        0xB5, 0xB5, 0x7E, 0x03, 0x1D, 0xA9, 0x68, 0xCA,
+        0x45, 0x0F, 0xF9, 0x14, 0xD6, 0x7B, 0xCF, 0x9C,
+        0x03, 0x6F, 0xD1, 0xD9, 0x6F, 0x01, 0x3D, 0xF8,
+        0xF3, 0x11, 0xF3, 0x29, 0x17, 0x90, 0xE8, 0x9B,
+        0xED, 0x58, 0x9B, 0xF0, 0xBC, 0xC7, 0xBA, 0xF4,
+        0x60, 0xC8, 0xAA, 0x30, 0xB4, 0x2F, 0x22, 0x8F,
+        0xD3, 0xAC, 0x18, 0xC2, 0xB7, 0xC4, 0x7B, 0x31,
+        0x9E, 0x0F, 0x7E, 0x9D, 0xBF, 0xD4, 0x63, 0xC2,
+        0x8B, 0x1B, 0x58, 0x50, 0x33, 0x53, 0x6D, 0x79,
+        0xBB, 0xF8, 0x0D, 0x91, 0x33, 0xD9, 0x07, 0xE7,
+        0xB0, 0x81, 0xD4, 0xB4, 0x47, 0x61, 0x93, 0xF0,
+        0xFB, 0x68, 0xBC, 0x1B, 0x41, 0xC2, 0xF5, 0x43,
+        0x30, 0x7E, 0x76, 0xF9, 0xB1, 0xA3, 0xD6, 0xD4,
+        0x26, 0xEA, 0x77, 0x75, 0x12, 0x7A, 0xC8, 0x30,
+        0x9B, 0xCF, 0x45, 0xBE, 0x74, 0x7D, 0x8A, 0x8B,
+        0xEC, 0xED, 0x11, 0xE6, 0xA1, 0xD1, 0xB8, 0xF1,
+        0x90, 0xAD, 0x6D, 0x6A, 0xC6, 0x54, 0xE9, 0xDB,
+        0xAD, 0x4C, 0x97, 0x39, 0xC8, 0xD8, 0x44, 0xA9,
+        0x1A, 0x37, 0x16, 0x7E, 0x68, 0x45, 0x0C, 0xBB,
+        0x10, 0xF4, 0xAE, 0x8E, 0x2B, 0x69, 0xFA, 0x95,
+        0x3E, 0xA5, 0xC9, 0x91, 0xD3, 0xF1, 0xA3, 0x89,
+        0x3F, 0x90, 0x86, 0x93, 0x1B, 0xF1, 0xA0, 0x89,
+        0xC7, 0xF2, 0x23, 0x57, 0xD4, 0x8E, 0x2F, 0xD5,
+        0x71, 0xCD, 0x36, 0xF1, 0x90, 0xB3, 0x98, 0x3E,
+        0x19, 0xEA, 0xC8, 0x0F, 0x12, 0x9D, 0xBF, 0x58,
+        0xED, 0xDC, 0x6B, 0x9A, 0x79, 0x84, 0xFC, 0xF0,
+        0x4C, 0xC3, 0xB4, 0x0D, 0xB8, 0x7A, 0x8D, 0xAD,
+        0x75, 0x40, 0xD5, 0xD5, 0xDE, 0xC8, 0xCA, 0x39,
+        0x3E, 0x45, 0xE4, 0xBC, 0xF4, 0x33, 0xEA, 0x64,
+        0xE1, 0x5E, 0x94, 0x42, 0x91, 0xAB, 0xBC, 0x42,
+        0x2A, 0xB3, 0xD0, 0x60, 0x23, 0xCE, 0x57, 0x8E,
+        0xFF, 0xAD, 0xA2, 0x2B, 0x64, 0xD9, 0x94, 0xA0,
+        0x80, 0x0F, 0x8E, 0x50, 0x17, 0x08, 0x1D, 0x16,
+        0xCF, 0x51, 0xD0, 0xB9, 0x28, 0xB6, 0x59, 0xEF,
+        0x78, 0xCC, 0xC9, 0x96, 0xF9, 0xCA, 0x87, 0x7A,
+        0xEE, 0xD9, 0x15, 0x5E, 0xDF, 0x5D, 0xBC, 0xC2,
+        0x58, 0xE6, 0x04, 0xEE, 0x17, 0xDC, 0xB3, 0xF9,
+        0x90, 0xF9, 0x88, 0x32, 0x9E, 0xA1, 0xDB, 0x1C,
+        0x38, 0x56, 0x53, 0x90, 0x30, 0x69, 0x2E, 0x52,
+        0x00, 0x2C, 0xF3, 0x0F, 0xD5, 0x80, 0x2E, 0x02,
+        0x5B, 0x99, 0xBF, 0xCD, 0x11, 0x12, 0x64, 0x5B,
+        0x56, 0xC6, 0x0A, 0xE6, 0x38, 0xE7, 0x4D, 0x21,
+        0xE5, 0x98, 0x78, 0x9D, 0xE6, 0xCB, 0x60, 0xB4,
+        0x2E, 0xE4, 0x98, 0x56, 0xCB, 0xAD, 0xE6, 0xDD,
+        0x53, 0xF4, 0xC5, 0x67, 0xA2, 0x9F, 0xA0, 0x5C,
+        0x7C, 0xFB, 0x24, 0x5A, 0xA7, 0x72, 0xD0, 0xE7,
+        0x63, 0xF2, 0x5D, 0xBF, 0xD8, 0xE9, 0xF1, 0x6B,
+        0xB4, 0x29, 0xA6, 0x28, 0xE6, 0x93, 0xD3, 0x87,
+        0xB6, 0xD9, 0x3C, 0x39, 0x8D, 0xEA, 0x28, 0xC0,
+        0x96, 0x3D, 0xF5, 0xC2, 0x3C, 0x29, 0xF2, 0x80,
+        0x21, 0x8A, 0x03, 0x9D, 0x64, 0xF8, 0xBA, 0x81,
+        0xC1, 0xDD, 0xA2, 0x88, 0x2A, 0x84, 0x2E, 0x3C,
+        0xB5, 0x03, 0x95, 0xED, 0xAA, 0x6E, 0xE2, 0x6F,
+        0x5E, 0x99, 0x3C, 0x63, 0xEE, 0xB8, 0x4F, 0x66,
+        0x32, 0x77, 0x42, 0x23, 0x36, 0x29, 0x89, 0xB0,
+        0xED, 0x5F, 0xF2, 0x5A, 0x65, 0x66, 0x3F, 0xD2,
+        0x8B, 0x48, 0x68, 0x65, 0xDC, 0xE0, 0xB0, 0xC2,
+        0x72, 0x73, 0xF1, 0xA4, 0xC6, 0x56, 0x2C, 0x5D,
+        0xD8, 0xC6, 0x5C, 0x41, 0xCE, 0x30, 0x89, 0x59,
+        0xA9, 0xD6, 0x45, 0x96, 0xD0, 0x8E, 0x7B, 0x25,
+        0xE0, 0x13, 0xFB, 0xFE, 0x7C, 0xEA, 0xF3, 0x67,
+        0x0D, 0xB2, 0x9A, 0x21, 0x3C, 0xCE, 0x99, 0x75,
+        0xA9, 0x13, 0xCE, 0xF4, 0x23, 0x6E, 0x64, 0x00,
+        0x30, 0x87, 0x70, 0x9C, 0xAD, 0x61, 0x81, 0x71,
+        0x0E, 0x95, 0x19, 0x26, 0xCA, 0x55, 0x29, 0x71,
+        0x99, 0xA6, 0x08, 0xAE, 0x54, 0x58, 0x75, 0xCD,
+        0xC3, 0x8F, 0xE3, 0x83, 0xC1, 0x45, 0x62, 0xB4,
+        0x8D, 0xCA, 0x66, 0x02, 0xEA, 0x34, 0x05, 0x5D,
+        0x98, 0x3F, 0x38, 0xE6, 0x1C, 0xCE, 0x53, 0x1A,
+        0xD9, 0x3F, 0x58, 0xEC, 0x16, 0x28, 0x45, 0xF5,
+        0x38, 0xCE, 0x48, 0x43, 0x87, 0x1D, 0x3C, 0x4A,
+        0xDF, 0x05, 0xF3, 0x5E, 0x29, 0x7E, 0xA6, 0x2E,
+        0xFC, 0xDD, 0x5E, 0xF9, 0x40, 0x1B, 0xA0, 0x42,
+        0xA2, 0x35, 0x15, 0x0A, 0x09, 0xD9, 0x47, 0x4A,
+        0x3F, 0xB0, 0x3A, 0xAA, 0x19, 0xE7, 0xE3, 0x7A,
+        0x22, 0x8D, 0x5F, 0x5B, 0x07, 0x41, 0x4C, 0x3D,
+        0xA2, 0xAD, 0x2E, 0x5C, 0x75, 0xEC, 0xF0, 0x4C,
+        0x11, 0x2B, 0x90, 0x76, 0x9E, 0x19, 0x96, 0x0E,
+        0x97, 0x5E, 0x8D, 0x19, 0x17, 0xB3, 0xBF, 0xDA,
+        0x84, 0xFD, 0xC6, 0xD2, 0x32, 0x6F, 0xB8, 0xA3,
+        0xB0, 0x0F, 0x95, 0xD9, 0xC5, 0x26, 0x50, 0x11,
+        0x15, 0x72, 0xBE, 0xC2, 0x1B, 0x12, 0x12, 0x7C,
+        0xA5, 0x70, 0xD8, 0xA9, 0x8A, 0xB9, 0x77, 0xEB,
+        0xD8, 0xD7, 0x9A, 0x59, 0x37, 0x5E, 0xE1, 0x4F,
+        0x64, 0xB5, 0xB0, 0x4F, 0xD9, 0x69, 0xFE, 0xB0,
+        0x3D, 0x0A, 0xF7, 0x34, 0x89, 0xE3, 0xBA, 0xEF,
+        0xE7, 0xC7, 0xBC, 0x8D, 0xC7, 0xE8, 0x54, 0x83,
+        0xEE, 0x62, 0xF0, 0x23, 0x98, 0x58, 0x0F, 0x83,
+        0xB9, 0x6D, 0xD8, 0x44, 0x77, 0xB9, 0xC4, 0x8F,
+        0x0B, 0xB3, 0x9F, 0x54, 0x06, 0xA3, 0x70, 0x36,
+        0xD6, 0xF3, 0x6E, 0x2B, 0x1B, 0x6B, 0x53, 0xFE,
+        0x6F, 0xF6, 0x1C, 0x32, 0x7B, 0x29, 0xD4, 0xE0,
+        0x5D, 0xD2, 0xB8, 0x11, 0x74, 0xC6, 0x0B, 0x59,
+        0xC7, 0x9C, 0xB1, 0x97, 0x6B, 0xC0, 0x6E, 0x7A,
+        0xC3, 0x4D, 0xF3, 0xE3, 0x8F, 0x7D, 0x2C, 0x1C,
+        0x0E, 0x31, 0x51, 0xB7, 0x14, 0x7A, 0xB8, 0x31,
+        0x77, 0x47, 0x70, 0x14, 0x3B, 0x92, 0x7B, 0x5F,
+        0xEC, 0x5D, 0xF7, 0x76, 0xC1, 0xD7, 0x2D, 0xB6,
+        0xBC, 0x99, 0x81, 0xD6, 0x58, 0x67, 0x71, 0x3C,
+        0xF2, 0x97, 0xC8, 0xB0, 0xF1, 0xE9, 0x8D, 0x0E,
+        0x16, 0xF0, 0xCC, 0x22, 0x7A, 0x39, 0xE4, 0x7E,
+        0x50, 0xBA, 0x01, 0x16, 0x15, 0x6D, 0x5B, 0x54,
+        0x67, 0x53, 0x66, 0x04, 0xBE, 0x05, 0xCC, 0x2E,
+        0xF4, 0x0A, 0xBC, 0xE8, 0x52, 0xF1, 0x5D, 0xFA,
+        0x2C, 0xAC, 0xF8, 0x6A, 0x78, 0x9E, 0x5B, 0x7B,
+        0x0E, 0x5B, 0xB4, 0xB7, 0x77, 0xCD, 0x7C, 0xC9,
+        0xF6, 0x54, 0x77, 0x9B, 0x10, 0x2F, 0x78, 0xB5,
+        0xAA, 0x4B, 0x94, 0xC3, 0xB4, 0xFD, 0xE5, 0x5F,
+        0xA7, 0xF7, 0xBF, 0x54, 0xAC, 0x22, 0x5E, 0x1F,
+        0x26, 0x16, 0x5B, 0x65, 0xF1, 0x6D, 0x03, 0x21,
+        0x66, 0x9F, 0xD9, 0xF6, 0xE4, 0x7F, 0xCA, 0x1D,
+        0xD3, 0x47, 0x09, 0x6D, 0xF5, 0xDD, 0xA8, 0x64,
+        0x66, 0xA5, 0x7C, 0x5B, 0x06, 0x8D, 0x9C, 0x67,
+        0xB7, 0x32, 0x03, 0x66, 0xEA, 0x19, 0xC8, 0x99,
+        0x3F, 0xF9, 0x0B, 0xD8, 0xFB, 0x06, 0x93, 0xFB,
+        0xA3, 0x70, 0xE6, 0x6D, 0x2B, 0x20, 0x3B, 0x99,
+        0x70, 0x11, 0xB0, 0xD1, 0x5B, 0x94, 0xE2, 0x8B,
+        0xAA, 0x2E, 0xBF, 0x01, 0x77, 0x4F, 0x7A, 0xE7,
+        0x8F, 0x84, 0xED, 0xBD, 0xAD, 0x9F, 0x65, 0xA4,
+        0x50, 0x42, 0x7A, 0x47, 0x74, 0xC6, 0x0C, 0xC8,
+        0x9A, 0x02, 0x0B, 0x37, 0xDA, 0x21, 0xC7, 0x91,
+        0xDA, 0xC8, 0xF7, 0xA7, 0x45, 0x7E, 0x30, 0xD0,
+        0x8B, 0x01, 0x37, 0x51, 0x60, 0x03, 0x9C, 0x30,
+        0x1B, 0x60, 0x51, 0xA9, 0x65, 0xE8, 0xA7, 0xCC,
+        0xA2, 0xAE, 0xF9, 0x3B, 0xD5, 0x2F, 0x82, 0xC0,
+        0x20, 0xBE, 0xCE, 0x90, 0xA1, 0x29, 0x02, 0x4E,
+        0xFE, 0xA4, 0xB2, 0xFA, 0x21, 0x27, 0x0F, 0x8E,
+        0xB5, 0xED, 0x6A, 0xAA, 0xE5, 0x59, 0x29, 0xAA,
+        0xC5, 0x99, 0xA5, 0x77, 0x97, 0x29, 0x57, 0x66,
+        0x0C, 0xC4, 0x7A, 0xC4, 0xE3, 0xCE, 0x77, 0x2B,
+        0xBF, 0x10, 0x05, 0x2D, 0xE7, 0xED, 0xB1, 0xB8,
+        0xA4, 0x49, 0x41, 0xF8, 0x84, 0xC9, 0xF8, 0xBE,
+        0x13, 0x17, 0x46, 0x69, 0x94, 0x56, 0x29, 0xF4,
+        0x6D, 0xE2, 0x46, 0x74, 0x44, 0xF3, 0x10, 0x6A,
+        0x73, 0xFA, 0x27, 0x9C, 0xF0, 0x2A, 0x80, 0x0A,
+        0x04, 0x7E, 0x20, 0xBD, 0x4D, 0x82, 0x0B, 0x38,
+        0x9C, 0x3B, 0xB6, 0xA8, 0x68, 0xA5, 0x38, 0x4C,
+        0xF5, 0x72, 0x4C, 0x20, 0x4C, 0xEF, 0xB1, 0xA6,
+        0xA1, 0xBE, 0xB9, 0x72, 0x3E, 0x36, 0xDD, 0xDD,
+        0xD9, 0xC7, 0x07, 0xC8, 0xF6, 0x3E, 0x8B, 0xC2,
+        0x66, 0x83, 0xCC, 0x8B, 0x43, 0xC7, 0xDF, 0xDA,
+        0xA4, 0x08, 0xAC, 0x4D, 0xD2, 0xBA, 0x9A, 0xEC,
+        0xBC, 0x3B, 0x6D, 0xDA, 0xED, 0xCE, 0x09, 0x4A,
+        0xAB, 0x58, 0xFF, 0x73, 0x2B, 0x19, 0x66, 0x38,
+        0xD8, 0xB8, 0xEF, 0xC4, 0x28, 0xBB, 0xA9, 0x61,
+        0x57, 0x93, 0xC4, 0xDD, 0x9F, 0x00, 0xF9, 0x0D,
+        0x62, 0xC6, 0x76, 0xD1, 0x27, 0xA0, 0xE1, 0x8C,
+        0x14, 0xC6, 0xEE, 0x9C, 0x99, 0x05, 0x10, 0xB0,
+        0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12,
+        0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12
+    };
+    static const byte msg_87_draft[] = {
+        0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77,
+        0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89,
+        0xC4, 0xC3, 0xED, 0x36
+    };
+    static const byte sig_87_draft[] = {
+        0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA,
+        0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06,
+        0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB,
+        0xE1, 0x44, 0x4A, 0xDD, 0x46, 0x45, 0x16, 0x0D,
+        0x22, 0x57, 0x82, 0x87, 0x10, 0xD1, 0xEE, 0x10,
+        0x60, 0x21, 0xB5, 0x64, 0x1E, 0x78, 0x81, 0x55,
+        0x75, 0xD4, 0xF0, 0x95, 0xD0, 0x15, 0xD8, 0x46,
+        0x5C, 0x92, 0xD2, 0xDD, 0xF4, 0xAB, 0xDF, 0xBE,
+        0xB1, 0x1E, 0xE5, 0xE0, 0x70, 0xE6, 0xDA, 0x52,
+        0xE5, 0x48, 0xDC, 0x04, 0xFD, 0xEF, 0x54, 0x72,
+        0xE7, 0xE5, 0xF1, 0x82, 0x10, 0xAA, 0xCB, 0xA0,
+        0x4F, 0x4F, 0x18, 0xAE, 0x66, 0x86, 0xB9, 0xAF,
+        0x96, 0x57, 0xE3, 0x8E, 0x3B, 0x9B, 0xDD, 0xB4,
+        0xAA, 0x84, 0xE6, 0x7B, 0x4D, 0x81, 0x92, 0xD0,
+        0x03, 0x87, 0x3D, 0xD3, 0xEE, 0xE7, 0x47, 0x00,
+        0xFB, 0xD8, 0x1E, 0x38, 0x1C, 0x21, 0x98, 0xB7,
+        0xCC, 0xC1, 0x37, 0xC1, 0x71, 0xB2, 0x2F, 0x93,
+        0x53, 0x41, 0x9C, 0x48, 0xC1, 0x4B, 0x8D, 0x63,
+        0x0F, 0x99, 0x63, 0x40, 0x27, 0x5F, 0x6E, 0x60,
+        0x4B, 0x95, 0xC4, 0x35, 0x20, 0x8A, 0xED, 0x2B,
+        0xCA, 0x1B, 0x41, 0x9F, 0x83, 0x63, 0xF0, 0x95,
+        0x0E, 0x24, 0x0D, 0x6F, 0x9E, 0xAB, 0x11, 0x8E,
+        0x4B, 0xD3, 0xDA, 0x0E, 0xC3, 0xA2, 0xBE, 0x26,
+        0xA8, 0xA0, 0x98, 0x57, 0x71, 0x3C, 0x36, 0xDD,
+        0x69, 0xC3, 0x4E, 0xDD, 0x2C, 0x61, 0x9E, 0x88,
+        0x26, 0x70, 0x71, 0xCF, 0x9E, 0xE5, 0xA6, 0x0C,
+        0xA3, 0x14, 0x2D, 0xF1, 0x63, 0xF0, 0x1D, 0x8D,
+        0x79, 0x6A, 0xC8, 0x50, 0xCF, 0xF3, 0x66, 0x60,
+        0x78, 0xB3, 0x18, 0xFB, 0x5B, 0xD1, 0x73, 0x60,
+        0xC8, 0x76, 0xC9, 0xC9, 0x0D, 0x8A, 0x7F, 0x41,
+        0x2C, 0x8A, 0x31, 0x61, 0x6B, 0xE7, 0xA3, 0x74,
+        0x58, 0x71, 0x54, 0x84, 0x86, 0x71, 0x5C, 0x94,
+        0x26, 0x3A, 0x17, 0xB3, 0x6C, 0xA4, 0x99, 0x25,
+        0x45, 0x0C, 0x57, 0x8A, 0xD9, 0xD4, 0xB1, 0xC2,
+        0x00, 0x43, 0xF4, 0x5E, 0x84, 0x31, 0x99, 0x4F,
+        0xA6, 0xD2, 0x6A, 0x14, 0x1B, 0xAD, 0x9E, 0x49,
+        0x6E, 0x00, 0x9E, 0x91, 0x46, 0x16, 0xCA, 0x57,
+        0x0C, 0x09, 0xF6, 0x38, 0xD0, 0x62, 0xBE, 0xC6,
+        0x87, 0x33, 0x3A, 0xC7, 0x28, 0x38, 0x34, 0x53,
+        0x7E, 0xFB, 0x60, 0x42, 0xF3, 0x7D, 0x83, 0xF7,
+        0x29, 0x5D, 0xEA, 0x30, 0xD5, 0x00, 0x90, 0xB6,
+        0x38, 0x4C, 0x17, 0x29, 0xEF, 0x17, 0xA0, 0xD5,
+        0x87, 0x50, 0xC0, 0x03, 0x75, 0x14, 0xE5, 0xE1,
+        0x22, 0x78, 0x53, 0xBC, 0x5A, 0xA3, 0x1E, 0x95,
+        0xBE, 0xEC, 0x37, 0xB1, 0x51, 0x82, 0x69, 0x26,
+        0x2E, 0xA3, 0x5A, 0xDA, 0x4F, 0xDA, 0x77, 0x62,
+        0x7E, 0xED, 0xDA, 0xAF, 0x57, 0x97, 0x1B, 0xA3,
+        0x6D, 0x46, 0x7B, 0x19, 0xA9, 0x0B, 0x99, 0x1C,
+        0xD2, 0x55, 0xDB, 0x79, 0xB0, 0x15, 0x48, 0x86,
+        0x52, 0x30, 0x31, 0xD6, 0xC5, 0xB1, 0xAE, 0x8F,
+        0xCF, 0x9A, 0x43, 0x10, 0xBB, 0xC8, 0x19, 0x74,
+        0x84, 0xB2, 0x92, 0x3B, 0xFE, 0x0B, 0x12, 0x15,
+        0xA1, 0xC4, 0xD8, 0xC6, 0x83, 0x90, 0x89, 0x8A,
+        0xD5, 0x3E, 0x33, 0x69, 0xB7, 0x05, 0x3F, 0xB1,
+        0x8B, 0x0D, 0x87, 0x40, 0x70, 0x90, 0x2A, 0x5D,
+        0x3B, 0x3D, 0x91, 0xD8, 0x1D, 0x4D, 0xF1, 0x08,
+        0x7E, 0xF7, 0xDC, 0x05, 0x84, 0xEB, 0xDC, 0x63,
+        0xD7, 0xBA, 0x3C, 0x0D, 0x31, 0xF8, 0x6D, 0xA6,
+        0xC0, 0xFD, 0x08, 0x11, 0x5C, 0x53, 0xF6, 0xAE,
+        0xFE, 0xC0, 0x82, 0x9A, 0x68, 0xD2, 0xA3, 0x44,
+        0x2E, 0xEE, 0x47, 0x36, 0x70, 0x2D, 0x66, 0x81,
+        0x0D, 0x62, 0x30, 0x8A, 0x8C, 0xC8, 0x2A, 0xA6,
+        0x21, 0x82, 0xF5, 0x98, 0xF4, 0x4E, 0x25, 0x37,
+        0x11, 0xB5, 0xD6, 0x07, 0x88, 0xBD, 0x0D, 0x69,
+        0x0E, 0xF9, 0x8F, 0x9A, 0xD5, 0x93, 0xE0, 0x3C,
+        0xEF, 0x38, 0xB9, 0xC9, 0x77, 0x98, 0x3F, 0x69,
+        0x11, 0xBA, 0x1A, 0xB9, 0xF7, 0x35, 0xE9, 0x28,
+        0xCD, 0xA3, 0x8C, 0x03, 0xE6, 0xAD, 0x83, 0x62,
+        0xF4, 0x60, 0xAE, 0x4C, 0xD0, 0xF4, 0x6E, 0x00,
+        0xEE, 0xEC, 0x74, 0xB6, 0x12, 0x34, 0x98, 0xAB,
+        0x31, 0xE7, 0xA7, 0x9D, 0x33, 0x4D, 0x72, 0xA7,
+        0xA7, 0xEE, 0xF3, 0xB5, 0x51, 0xE7, 0x8D, 0x31,
+        0xBC, 0x2C, 0xAF, 0xFB, 0x13, 0x9C, 0xAC, 0xA4,
+        0xD7, 0x9C, 0x8B, 0xBD, 0x52, 0xBD, 0x78, 0xF4,
+        0x90, 0x65, 0x09, 0xBE, 0x42, 0xE7, 0x76, 0x3A,
+        0xE6, 0xAC, 0xB8, 0x98, 0x28, 0x5E, 0xC9, 0x32,
+        0x3E, 0x68, 0x67, 0x6A, 0x8C, 0xC7, 0x4A, 0x58,
+        0xC8, 0xDA, 0x8B, 0xE9, 0x11, 0xED, 0x6F, 0x51,
+        0x3B, 0x66, 0x08, 0x70, 0x73, 0x10, 0xFB, 0x45,
+        0xCB, 0xD9, 0x7D, 0x5F, 0xF0, 0xD2, 0xAB, 0xA3,
+        0x6F, 0xCE, 0xF7, 0x3D, 0x46, 0xCB, 0x7F, 0x01,
+        0xC2, 0xCF, 0xE3, 0x8E, 0x68, 0xE8, 0x4F, 0x4A,
+        0x30, 0x19, 0x16, 0xD2, 0xF5, 0x10, 0xD8, 0x2B,
+        0x49, 0x69, 0xBE, 0x7A, 0x0E, 0x9C, 0xC6, 0x0E,
+        0xFF, 0x5C, 0x0A, 0x87, 0x17, 0xB8, 0x22, 0x83,
+        0x8C, 0x77, 0xAF, 0x42, 0x06, 0xB1, 0x25, 0x45,
+        0x08, 0x9B, 0xB2, 0xDD, 0x6A, 0x3F, 0xF0, 0x12,
+        0xC8, 0x64, 0x15, 0xBB, 0xA0, 0x4F, 0xD7, 0xD4,
+        0xEC, 0x70, 0x7A, 0xF3, 0xB1, 0x7F, 0x25, 0x57,
+        0x47, 0x66, 0xF1, 0xE9, 0x27, 0x38, 0xE0, 0x62,
+        0x10, 0xF4, 0x8A, 0x5E, 0xF2, 0x55, 0x0E, 0xBD,
+        0xF8, 0x5A, 0x5C, 0xA3, 0x44, 0x97, 0xCF, 0x1D,
+        0x4D, 0x3A, 0x75, 0x86, 0x48, 0xEC, 0x41, 0x17,
+        0x24, 0x43, 0x83, 0x5E, 0x50, 0x91, 0xBE, 0x8F,
+        0x04, 0x78, 0x23, 0xD9, 0x62, 0x0C, 0x2A, 0xD5,
+        0x1C, 0x96, 0x11, 0xAA, 0xEE, 0x39, 0xB2, 0x1E,
+        0x6D, 0x6A, 0xEC, 0x87, 0x0C, 0x89, 0x15, 0xE2,
+        0x66, 0x47, 0x6A, 0x50, 0xEE, 0xCA, 0x59, 0x96,
+        0x22, 0xF7, 0x09, 0x1A, 0x34, 0xC2, 0x3F, 0x14,
+        0xB4, 0x04, 0x29, 0xD9, 0x5E, 0x3E, 0xF9, 0x8F,
+        0xED, 0x3E, 0x74, 0x94, 0x37, 0xF0, 0x4B, 0xB4,
+        0xA3, 0x37, 0x52, 0x2E, 0x68, 0x09, 0xFC, 0x10,
+        0x45, 0x03, 0xE2, 0x53, 0xB4, 0x1C, 0x4F, 0x03,
+        0x01, 0xAF, 0x46, 0x7F, 0x74, 0xD3, 0x31, 0x25,
+        0xFA, 0x83, 0xEF, 0x71, 0x24, 0x45, 0xA1, 0x71,
+        0xFA, 0x40, 0xEB, 0xF4, 0xE6, 0x55, 0x3E, 0x45,
+        0x4A, 0xFE, 0x25, 0x68, 0x02, 0x1D, 0x2B, 0x2A,
+        0x19, 0x8D, 0xEC, 0x9B, 0xF7, 0x20, 0xF9, 0xD7,
+        0x2F, 0x81, 0x52, 0x0B, 0xE8, 0x74, 0x66, 0xAF,
+        0x70, 0xD0, 0x0E, 0x0E, 0x86, 0x0F, 0xF9, 0xAB,
+        0xD0, 0x39, 0x78, 0xC3, 0xE4, 0x29, 0xB5, 0xAA,
+        0x17, 0xB9, 0x7F, 0x9A, 0xE9, 0x34, 0x48, 0x85,
+        0x3D, 0x6E, 0xFD, 0x16, 0x8A, 0x30, 0xC6, 0xCB,
+        0xE8, 0xDE, 0x2D, 0x28, 0x8D, 0x9A, 0x24, 0xEA,
+        0x5D, 0x2A, 0x58, 0x23, 0x33, 0x2B, 0x84, 0xFD,
+        0x2C, 0xE7, 0x93, 0xA2, 0x2B, 0xEC, 0x43, 0x98,
+        0x48, 0xD4, 0xE6, 0x0F, 0x3B, 0xB9, 0xC7, 0x5D,
+        0x7E, 0xB0, 0x87, 0x1E, 0x80, 0x3D, 0x61, 0xB0,
+        0x7E, 0x74, 0x9E, 0xD7, 0x60, 0x72, 0xB2, 0x7C,
+        0x87, 0xB6, 0x9D, 0x6C, 0x01, 0x42, 0x61, 0xF6,
+        0x47, 0xAF, 0xA8, 0x8C, 0x4F, 0x1E, 0xC5, 0x5A,
+        0x75, 0xA5, 0x0F, 0xB4, 0xC7, 0x9D, 0x2C, 0x94,
+        0xC0, 0x50, 0x3D, 0xB2, 0x0D, 0xFD, 0xF7, 0x1F,
+        0x62, 0x88, 0x74, 0x18, 0x8C, 0xDD, 0x73, 0x85,
+        0xC0, 0x33, 0x81, 0xDA, 0xBB, 0x85, 0x4D, 0x4A,
+        0xA9, 0xF4, 0x7B, 0x66, 0x43, 0x8C, 0x43, 0xFF,
+        0x53, 0xEF, 0x5E, 0x78, 0xAB, 0x45, 0x0B, 0x45,
+        0x01, 0x91, 0x27, 0x8A, 0xF6, 0xE2, 0x6A, 0x7B,
+        0x5E, 0x64, 0x61, 0xF5, 0x77, 0xF9, 0x85, 0x2F,
+        0x81, 0xC9, 0x02, 0x03, 0xC7, 0x13, 0xF5, 0xB1,
+        0xF6, 0xC3, 0xEF, 0x55, 0x8C, 0x90, 0x32, 0x51,
+        0x6D, 0x8D, 0x62, 0xFD, 0x5E, 0x24, 0xE4, 0xF0,
+        0xF5, 0x07, 0x18, 0xF5, 0x6B, 0x5A, 0x59, 0xA0,
+        0x09, 0xD5, 0x93, 0x8D, 0xAD, 0x55, 0x91, 0xF6,
+        0x1F, 0x4C, 0x65, 0x9A, 0x76, 0x05, 0x26, 0xEF,
+        0x41, 0x20, 0x2F, 0xA7, 0xE5, 0xF6, 0xC7, 0xD5,
+        0xE0, 0xB0, 0xC0, 0xC4, 0x3B, 0x52, 0x4B, 0x66,
+        0x71, 0x2C, 0x5A, 0x7C, 0x53, 0xC8, 0x4C, 0x50,
+        0xB8, 0x3E, 0xB9, 0xC9, 0x8D, 0x2F, 0xD0, 0x84,
+        0xC9, 0xC5, 0xF2, 0x1F, 0xEE, 0x77, 0x42, 0xE6,
+        0xEF, 0xC8, 0xCB, 0xBE, 0x57, 0x18, 0xB7, 0x0C,
+        0x06, 0x2D, 0x82, 0xE2, 0xF9, 0x86, 0xF3, 0x8D,
+        0xF1, 0xE7, 0x15, 0x89, 0xDC, 0x79, 0x87, 0x24,
+        0x35, 0x62, 0xA2, 0x31, 0x9D, 0x7C, 0x00, 0xB2,
+        0x6E, 0x53, 0x1E, 0x93, 0xC3, 0x84, 0x44, 0x61,
+        0x8C, 0xE7, 0x58, 0x73, 0x4F, 0xDE, 0xCF, 0xD0,
+        0xC6, 0x85, 0x37, 0x28, 0xC6, 0x10, 0x00, 0x78,
+        0x4E, 0xDF, 0xFE, 0xD7, 0xB3, 0x30, 0x86, 0xE1,
+        0x68, 0xD6, 0xCB, 0x63, 0xE3, 0xDA, 0xCA, 0xF3,
+        0x55, 0x2F, 0x88, 0x5B, 0x47, 0x82, 0x62, 0xDE,
+        0x5E, 0x1E, 0x63, 0xCE, 0x7A, 0x4C, 0x66, 0x95,
+        0xD1, 0x19, 0x38, 0x35, 0xE4, 0x5A, 0x67, 0x91,
+        0x8C, 0x42, 0xD3, 0x9B, 0xF8, 0x80, 0x38, 0x53,
+        0x30, 0x31, 0x0F, 0x2C, 0x7B, 0xF9, 0x1E, 0x6C,
+        0x3E, 0x29, 0xB7, 0x81, 0xD0, 0x98, 0x70, 0xC2,
+        0x6D, 0x76, 0xBD, 0x8A, 0xE2, 0x09, 0xC4, 0x2B,
+        0xC7, 0x43, 0x2D, 0xBB, 0x4C, 0x16, 0x52, 0x63,
+        0x57, 0xA5, 0x63, 0x4E, 0xEC, 0xDE, 0x93, 0xC5,
+        0x1D, 0xD4, 0xD6, 0xF0, 0x06, 0x5B, 0x2E, 0xC5,
+        0x7A, 0xD3, 0xB5, 0x82, 0x66, 0x53, 0x95, 0x97,
+        0xC8, 0xF4, 0x2B, 0x55, 0x27, 0x1D, 0x6F, 0x90,
+        0xE9, 0x86, 0xF6, 0x82, 0x8D, 0x95, 0x9E, 0xE8,
+        0x00, 0xDB, 0xEB, 0xCF, 0x48, 0x23, 0x6B, 0xA3,
+        0xDE, 0x25, 0x27, 0xE0, 0xEC, 0xA4, 0xA3, 0xC2,
+        0xA3, 0x4B, 0xBC, 0xDD, 0x6C, 0xBB, 0x3A, 0x9C,
+        0x96, 0xDC, 0x3B, 0xE1, 0x10, 0xD3, 0x49, 0x94,
+        0x66, 0xE2, 0x85, 0x7F, 0xBA, 0x98, 0x12, 0x3A,
+        0x6D, 0xBA, 0x90, 0x14, 0x87, 0x7E, 0x24, 0xEA,
+        0xDC, 0xCA, 0x40, 0xF8, 0xAE, 0x94, 0xB2, 0xFE,
+        0xD2, 0x36, 0xCB, 0xE5, 0xBC, 0xA9, 0xDF, 0xE0,
+        0xCB, 0xA9, 0xA0, 0xF8, 0x62, 0x41, 0x33, 0x18,
+        0x59, 0xF9, 0xD6, 0xC0, 0x87, 0xB2, 0x76, 0xDE,
+        0xC9, 0x35, 0x6F, 0x1F, 0xEF, 0x69, 0xB3, 0x59,
+        0xF9, 0xFB, 0x38, 0x4A, 0x84, 0x02, 0x2D, 0xEC,
+        0xB7, 0x01, 0x08, 0xDA, 0xC8, 0xE9, 0x3B, 0xB6,
+        0xC3, 0x00, 0xC0, 0x34, 0x5F, 0xC6, 0x40, 0xC0,
+        0x06, 0xEA, 0xEB, 0xC1, 0x51, 0x13, 0x81, 0x2F,
+        0xB3, 0x7D, 0xD9, 0x6E, 0x2A, 0x06, 0xA4, 0x63,
+        0xAF, 0xCE, 0x66, 0xC5, 0x9F, 0x8D, 0x71, 0x4A,
+        0xA1, 0xFF, 0x49, 0x4F, 0x08, 0x6F, 0xB9, 0xEA,
+        0xDA, 0x18, 0x45, 0x63, 0xCA, 0x9D, 0x88, 0x08,
+        0xB1, 0x6C, 0x19, 0xA8, 0x24, 0xAD, 0x85, 0x7D,
+        0xDE, 0x51, 0xE5, 0x08, 0xB7, 0x04, 0x12, 0x35,
+        0xF3, 0x00, 0xED, 0x2C, 0x79, 0x9C, 0x18, 0x23,
+        0x05, 0x38, 0x95, 0x76, 0xCF, 0x39, 0x3C, 0xAE,
+        0xB0, 0xD3, 0xBA, 0x3E, 0x4E, 0xE4, 0xB5, 0x77,
+        0xA3, 0xE3, 0x7B, 0x27, 0x5F, 0xD8, 0x05, 0x19,
+        0x42, 0xAE, 0x91, 0x54, 0xE5, 0xBD, 0x7C, 0x35,
+        0xE0, 0xF8, 0x95, 0x52, 0x3A, 0x29, 0xB0, 0xE6,
+        0xB7, 0xAE, 0x20, 0xBE, 0x21, 0xDF, 0xF5, 0x67,
+        0xEC, 0x82, 0x52, 0xFF, 0x5B, 0xD0, 0xAA, 0x14,
+        0x50, 0x15, 0xE1, 0x1C, 0x6A, 0x1B, 0x94, 0x1B,
+        0xCC, 0x76, 0x01, 0xBF, 0x03, 0x94, 0x42, 0xF2,
+        0x00, 0x61, 0x96, 0x58, 0xD9, 0xD0, 0x40, 0x21,
+        0xFA, 0xCE, 0x6B, 0xAB, 0x5D, 0x49, 0xD8, 0xD7,
+        0xBC, 0x9A, 0x66, 0xC2, 0xBA, 0x3F, 0xDC, 0x49,
+        0x0D, 0xA5, 0x5C, 0xB4, 0x67, 0x08, 0x38, 0xEB,
+        0x2D, 0x07, 0x24, 0x5B, 0xB1, 0x22, 0x7B, 0x02,
+        0x4A, 0x8A, 0x53, 0x38, 0xE9, 0x42, 0x8E, 0xA5,
+        0x57, 0x41, 0xD6, 0x71, 0xA7, 0x9D, 0x6A, 0x14,
+        0xD2, 0x7D, 0x13, 0xFB, 0x59, 0xD0, 0xDA, 0xE5,
+        0x23, 0x9E, 0x1B, 0xC4, 0x21, 0x87, 0xBB, 0x78,
+        0xE0, 0x38, 0x01, 0x1D, 0xA0, 0xD1, 0x36, 0x3F,
+        0xD0, 0xA7, 0x8F, 0x86, 0x26, 0x1E, 0xB0, 0x26,
+        0xDE, 0x7E, 0x17, 0x3A, 0x90, 0xFC, 0xC0, 0x17,
+        0xDD, 0x78, 0xF5, 0xA3, 0x2D, 0x3E, 0x29, 0xCE,
+        0x38, 0x45, 0x76, 0xA9, 0x55, 0x11, 0xB6, 0xB4,
+        0xE5, 0x6E, 0xDD, 0x01, 0x4B, 0x16, 0x07, 0x99,
+        0xBD, 0x19, 0x77, 0xF5, 0xD7, 0x9E, 0x39, 0x9E,
+        0xAA, 0x8E, 0x2B, 0x75, 0xC5, 0xEB, 0x33, 0x56,
+        0x6C, 0xD8, 0xB6, 0x3F, 0x3F, 0x4E, 0x81, 0x7E,
+        0x29, 0x0A, 0x68, 0xED, 0x1E, 0x9F, 0xDC, 0x6B,
+        0xFA, 0x18, 0xE3, 0xE5, 0x7D, 0x05, 0x7F, 0x22,
+        0xFA, 0xA2, 0xF6, 0x0F, 0xB6, 0x34, 0x56, 0x72,
+        0x55, 0x16, 0x5E, 0xF4, 0x18, 0xD1, 0x82, 0xFA,
+        0xDD, 0xF7, 0xB8, 0x9F, 0x7D, 0x30, 0x10, 0x69,
+        0xC4, 0x85, 0xD8, 0xE8, 0x34, 0x89, 0xD4, 0x93,
+        0xBE, 0x56, 0xEE, 0xDC, 0x43, 0xD4, 0x82, 0x00,
+        0xFD, 0x1E, 0x2B, 0x06, 0x69, 0x07, 0x1B, 0xBF,
+        0x33, 0x61, 0x39, 0x28, 0xCA, 0x31, 0x91, 0x0B,
+        0xF2, 0xEA, 0x32, 0x8E, 0xA8, 0x64, 0x13, 0x9A,
+        0xEF, 0x79, 0x1A, 0x9A, 0xBE, 0x52, 0x13, 0x32,
+        0x49, 0x93, 0x7D, 0xA8, 0x8C, 0x48, 0xD4, 0xC0,
+        0x1D, 0x10, 0x8A, 0x46, 0x85, 0xAD, 0x29, 0xDF,
+        0x2E, 0xCD, 0x41, 0x83, 0x82, 0x01, 0x28, 0x44,
+        0x0E, 0xE5, 0x37, 0x8D, 0x6B, 0xCA, 0x61, 0x98,
+        0xDE, 0x89, 0xA9, 0x7B, 0xBB, 0x44, 0x48, 0xA2,
+        0x8D, 0x82, 0x3A, 0x57, 0x40, 0x60, 0x7C, 0x6E,
+        0x69, 0x98, 0x98, 0x93, 0xFA, 0x7E, 0x29, 0x9A,
+        0x74, 0x53, 0xD8, 0xDC, 0xB3, 0x4B, 0xDB, 0x7E,
+        0xFE, 0x95, 0xB0, 0xC7, 0x23, 0x14, 0xEF, 0xCB,
+        0x49, 0x3C, 0x09, 0xD7, 0x7B, 0xD0, 0x11, 0x9B,
+        0xAC, 0xF2, 0xC2, 0x2E, 0x7C, 0xCB, 0xCD, 0x59,
+        0x7F, 0x6A, 0x09, 0xFE, 0xFE, 0xDF, 0xA0, 0xA7,
+        0xAC, 0x3C, 0x90, 0xBA, 0x75, 0x19, 0xF4, 0x01,
+        0x60, 0x56, 0xD5, 0xFB, 0x41, 0x2B, 0xA0, 0x2D,
+        0x0D, 0x45, 0xCF, 0xF3, 0xA6, 0x3D, 0x36, 0xEE,
+        0xE1, 0xE4, 0x68, 0xE6, 0xEA, 0x2F, 0x67, 0x3A,
+        0x7A, 0x02, 0x92, 0x6B, 0xB3, 0x18, 0xBA, 0x73,
+        0xEE, 0x1B, 0x2C, 0x13, 0x7D, 0xEF, 0x4A, 0x39,
+        0xE8, 0x03, 0xFF, 0x57, 0x35, 0x53, 0xE9, 0xA5,
+        0xC6, 0xAA, 0x1A, 0x17, 0x21, 0xCA, 0x54, 0x38,
+        0x7C, 0xB1, 0xDF, 0xB8, 0xFA, 0x7D, 0xA7, 0x26,
+        0xB2, 0xAE, 0x7A, 0x05, 0x45, 0x3B, 0x40, 0x0A,
+        0x19, 0xE5, 0x32, 0x52, 0x78, 0x9D, 0xC3, 0x20,
+        0x63, 0x24, 0xB2, 0x58, 0x4B, 0x86, 0x1F, 0x00,
+        0xA2, 0x50, 0xF9, 0x9F, 0xD9, 0xDC, 0x7D, 0x51,
+        0x3D, 0xD7, 0xA6, 0x5A, 0x04, 0x03, 0x4E, 0xB3,
+        0x3D, 0x2D, 0x56, 0xA4, 0x96, 0xB3, 0x6A, 0xBA,
+        0x0A, 0x30, 0x08, 0xE3, 0x0F, 0xC1, 0x38, 0x24,
+        0x88, 0x5D, 0x9E, 0x6F, 0x68, 0x1A, 0x7D, 0xB6,
+        0x2D, 0xDD, 0xE3, 0x50, 0x1B, 0xD4, 0x07, 0x75,
+        0xE2, 0xE2, 0xCC, 0x09, 0xCC, 0x8E, 0x4E, 0x67,
+        0x02, 0x72, 0x02, 0xA8, 0x11, 0x70, 0xA5, 0x7F,
+        0x4A, 0xC1, 0x98, 0xC1, 0x7F, 0xBF, 0x95, 0xBB,
+        0xCE, 0xD3, 0x6D, 0x49, 0x30, 0xB9, 0x50, 0x8C,
+        0xFA, 0x3E, 0x8B, 0xF6, 0xE5, 0x54, 0xE9, 0x1B,
+        0xD7, 0xD6, 0xE5, 0x32, 0x33, 0xBB, 0x91, 0xAD,
+        0xC8, 0x15, 0x76, 0x1A, 0x04, 0x35, 0xDE, 0xCC,
+        0xE1, 0x67, 0x26, 0x4C, 0x2F, 0x4E, 0x34, 0x34,
+        0x3D, 0x1E, 0x5A, 0xF7, 0xBC, 0xE6, 0x0C, 0x9B,
+        0x7B, 0x7E, 0xE5, 0xDF, 0x72, 0x9A, 0x0D, 0xDD,
+        0x4B, 0xE6, 0x6F, 0x82, 0xFB, 0x5E, 0x2C, 0xC0,
+        0x7B, 0x03, 0x85, 0x76, 0x11, 0x0E, 0xFD, 0xC7,
+        0xD5, 0x50, 0x26, 0xBE, 0x75, 0x5E, 0xC1, 0xF0,
+        0x2E, 0x47, 0x62, 0xD6, 0xF1, 0xDA, 0xDF, 0xF4,
+        0x1C, 0xEE, 0x63, 0x52, 0xC4, 0x45, 0x37, 0xE6,
+        0x85, 0xA5, 0x0A, 0x07, 0x54, 0x63, 0x21, 0x7B,
+        0x92, 0xF7, 0x33, 0x0C, 0xD9, 0x29, 0xCF, 0xE3,
+        0xAB, 0xB5, 0xFC, 0xAA, 0x26, 0x20, 0x93, 0x55,
+        0x8A, 0x07, 0x33, 0xB2, 0x7D, 0x95, 0x02, 0x7A,
+        0x76, 0x9E, 0x7D, 0xBB, 0xC1, 0xF3, 0x6E, 0x84,
+        0x10, 0x30, 0x4B, 0x5D, 0x59, 0x73, 0x68, 0xEC,
+        0x2A, 0x63, 0x2D, 0x46, 0xE8, 0xC2, 0xF8, 0xEA,
+        0x2B, 0xC4, 0x4F, 0xA7, 0x6E, 0xF4, 0x74, 0xEB,
+        0x96, 0xA3, 0x64, 0x40, 0x9B, 0x23, 0x63, 0x42,
+        0x4B, 0x8F, 0x85, 0x00, 0x43, 0x04, 0xAD, 0x61,
+        0x76, 0x93, 0xBD, 0xC3, 0x88, 0xC3, 0xFC, 0x29,
+        0x61, 0xBD, 0xB1, 0x5A, 0x1F, 0x5B, 0x20, 0xEF,
+        0x95, 0xED, 0x99, 0x84, 0x96, 0xB2, 0x93, 0x81,
+        0x82, 0xFF, 0xE3, 0xB9, 0x27, 0xEA, 0x9A, 0x23,
+        0xF6, 0x42, 0x8D, 0xD3, 0x5C, 0x86, 0x11, 0xC8,
+        0x39, 0xE3, 0x16, 0xE9, 0xA5, 0x32, 0x7C, 0xC9,
+        0xEA, 0x82, 0x50, 0x9B, 0x21, 0x5C, 0xC9, 0x66,
+        0xBE, 0x1C, 0x78, 0x48, 0xEF, 0x39, 0x2D, 0xA1,
+        0xC6, 0xF3, 0x69, 0xA3, 0x36, 0x25, 0x3A, 0xA1,
+        0x15, 0x2B, 0x6D, 0xCF, 0xDA, 0xA7, 0xCA, 0xDD,
+        0x4D, 0x9A, 0x1D, 0x58, 0x9F, 0x73, 0xD3, 0xEF,
+        0x0F, 0xBF, 0x03, 0x88, 0x2F, 0xDE, 0xB9, 0x44,
+        0xB5, 0xB6, 0xCF, 0xE2, 0x6F, 0x6A, 0xB5, 0x12,
+        0x38, 0x29, 0x55, 0x8C, 0x4C, 0x73, 0x6F, 0x0B,
+        0x68, 0x7A, 0xC7, 0x06, 0x83, 0x80, 0xFE, 0x7F,
+        0x61, 0xBE, 0x6B, 0x40, 0xE3, 0xF0, 0x4D, 0x7B,
+        0x36, 0x82, 0x0F, 0xD8, 0x63, 0x29, 0xB3, 0x10,
+        0x9D, 0x02, 0xEC, 0x63, 0x90, 0xEA, 0xFC, 0x8C,
+        0xA7, 0x30, 0x56, 0x2B, 0x68, 0x08, 0x24, 0x24,
+        0xFD, 0xA9, 0x8D, 0x0B, 0x64, 0xBC, 0x97, 0x34,
+        0xB4, 0x0B, 0x63, 0xF7, 0xE3, 0x7A, 0xF6, 0x89,
+        0x0A, 0xF7, 0xC2, 0xD9, 0x2F, 0x79, 0xEE, 0xA3,
+        0xCC, 0xEA, 0xC6, 0x0A, 0x6F, 0x38, 0x06, 0x92,
+        0xF8, 0x02, 0xB1, 0x55, 0x6A, 0x78, 0xFE, 0x55,
+        0x83, 0xFF, 0x20, 0xA9, 0xC6, 0xA7, 0xBF, 0xCC,
+        0x86, 0x3A, 0x9E, 0x7B, 0x62, 0x01, 0x4D, 0x16,
+        0x05, 0xDE, 0x89, 0x4F, 0xB5, 0x85, 0xE2, 0xD4,
+        0xF9, 0x41, 0x15, 0xE0, 0x29, 0xE5, 0x85, 0x7E,
+        0x6A, 0x0A, 0x73, 0x89, 0x27, 0x5F, 0x53, 0x0D,
+        0x3D, 0x80, 0xCF, 0xAB, 0x1F, 0x22, 0x5D, 0x38,
+        0x33, 0x5D, 0x24, 0x67, 0x91, 0x97, 0xD4, 0x8A,
+        0x01, 0x8A, 0x34, 0x18, 0x7D, 0xE3, 0xBC, 0xCE,
+        0xDE, 0x94, 0xFF, 0x8E, 0xC5, 0x34, 0xC0, 0x2D,
+        0xA7, 0x24, 0xD4, 0x59, 0x8D, 0x66, 0x9E, 0x85,
+        0xA9, 0xC6, 0x0E, 0x45, 0x21, 0x4F, 0xAA, 0x65,
+        0x44, 0xD6, 0xA4, 0x7D, 0x1C, 0x4E, 0xD7, 0x40,
+        0x9D, 0x55, 0xB1, 0xA7, 0xF1, 0x15, 0xAE, 0x15,
+        0x44, 0x3A, 0x1C, 0x31, 0x06, 0x40, 0xD1, 0x16,
+        0x23, 0x84, 0x93, 0xEF, 0x3E, 0xE2, 0x87, 0x9B,
+        0xB8, 0x46, 0x1F, 0x7D, 0x68, 0x73, 0x64, 0x70,
+        0xD4, 0xB5, 0x73, 0xAE, 0x45, 0x49, 0x93, 0xF5,
+        0x32, 0x30, 0x1E, 0x35, 0xCB, 0x9E, 0xEE, 0xDF,
+        0xFE, 0xA8, 0x2F, 0xAC, 0x49, 0x77, 0x53, 0xF7,
+        0x50, 0x19, 0xF2, 0xB3, 0xB0, 0x2C, 0x70, 0xB6,
+        0x4A, 0x57, 0x95, 0x31, 0xC3, 0x26, 0x07, 0x2A,
+        0xCF, 0x1B, 0xD0, 0xAA, 0xA0, 0x9F, 0x0A, 0x97,
+        0x8B, 0x78, 0xAB, 0x22, 0xBD, 0x61, 0x19, 0xF8,
+        0x8D, 0xD2, 0xD5, 0x72, 0xF8, 0x91, 0x9D, 0x47,
+        0x4F, 0x59, 0x1D, 0xAE, 0x9F, 0xCE, 0x47, 0x53,
+        0xC9, 0x85, 0xFB, 0x25, 0x04, 0x25, 0xF2, 0x65,
+        0x61, 0xFF, 0xA9, 0x44, 0x3F, 0x23, 0x76, 0x68,
+        0x9F, 0xEB, 0x48, 0xC4, 0xCE, 0x51, 0x46, 0x04,
+        0x52, 0x6A, 0x10, 0x0A, 0xF3, 0x3F, 0x0D, 0x43,
+        0x37, 0xD1, 0x60, 0x42, 0x22, 0xC4, 0xD9, 0xF9,
+        0x3A, 0x8E, 0x69, 0xE4, 0xCC, 0xD3, 0x66, 0x69,
+        0x09, 0x0C, 0x5D, 0xFB, 0x0E, 0x95, 0x49, 0x42,
+        0x29, 0xFF, 0x9B, 0x20, 0xCC, 0xB1, 0xAC, 0x81,
+        0xB8, 0x1A, 0x36, 0xD6, 0x3A, 0x85, 0x0D, 0xDB,
+        0x33, 0x33, 0x4D, 0xAA, 0x51, 0x46, 0xBF, 0x36,
+        0xFE, 0x18, 0x80, 0x1E, 0x3B, 0xEB, 0xD0, 0xE9,
+        0x1B, 0x5E, 0x1C, 0xFE, 0x7A, 0x98, 0x26, 0x85,
+        0x0A, 0xF4, 0x39, 0x7D, 0x1B, 0x07, 0xD3, 0xB7,
+        0x19, 0xE5, 0x7B, 0xB8, 0x32, 0xAF, 0x42, 0x34,
+        0xC0, 0xCD, 0x9F, 0xD4, 0x0B, 0x88, 0x2F, 0xCE,
+        0xDA, 0x93, 0x7E, 0xF9, 0xA2, 0xDA, 0x24, 0x59,
+        0x2B, 0xCB, 0x5D, 0x1B, 0xE8, 0x3E, 0xC5, 0xF0,
+        0x3D, 0xBD, 0xFB, 0xCB, 0x33, 0x5D, 0x90, 0xD5,
+        0xC8, 0xA0, 0x2E, 0xE5, 0x3D, 0x50, 0x8E, 0xB5,
+        0xDE, 0x4A, 0x96, 0x1B, 0x95, 0x8F, 0x75, 0x1E,
+        0x5F, 0x89, 0xA1, 0xD2, 0x88, 0x95, 0xA3, 0xDB,
+        0x7B, 0x62, 0xEF, 0x4A, 0xE1, 0x6D, 0x28, 0xFB,
+        0x78, 0x9B, 0x32, 0x03, 0xAD, 0x24, 0x63, 0xD6,
+        0xEA, 0xB8, 0x3A, 0x6D, 0x20, 0xCE, 0xA1, 0x31,
+        0x4A, 0xE0, 0x2A, 0x3F, 0xF6, 0xF6, 0x53, 0x15,
+        0x4A, 0xE1, 0x44, 0x23, 0x81, 0x86, 0x21, 0x47,
+        0x41, 0xC2, 0x36, 0x14, 0x81, 0x83, 0xBC, 0x39,
+        0xAE, 0xDF, 0x44, 0xDA, 0x97, 0xF7, 0x31, 0xCE,
+        0x3D, 0xCB, 0x61, 0xA4, 0xCF, 0xE1, 0x4F, 0x9E,
+        0x84, 0xAA, 0x05, 0xAB, 0x1C, 0x1B, 0x95, 0x1D,
+        0x20, 0x15, 0x52, 0x33, 0xFA, 0xFA, 0xF1, 0x6C,
+        0xF1, 0xBD, 0x0B, 0xAF, 0xE1, 0x99, 0xE6, 0x5D,
+        0x56, 0x34, 0x53, 0xBF, 0xE5, 0x5D, 0x5F, 0x47,
+        0x4A, 0xB1, 0x05, 0x94, 0xD7, 0x38, 0xA8, 0xC1,
+        0x06, 0x28, 0x8D, 0x69, 0xD0, 0x7A, 0x16, 0x88,
+        0x60, 0x14, 0x63, 0xF3, 0xBD, 0x21, 0x46, 0x81,
+        0x9C, 0x83, 0x72, 0x6D, 0x14, 0xC6, 0xA8, 0x08,
+        0x39, 0xB8, 0x79, 0x0B, 0x57, 0x16, 0xE7, 0x72,
+        0xF6, 0xC2, 0x4C, 0x2B, 0xEB, 0x7E, 0x2C, 0xF3,
+        0x7B, 0x3F, 0x42, 0xAC, 0xDD, 0x47, 0x3E, 0x8C,
+        0xCD, 0xBE, 0x48, 0x4D, 0x6E, 0x07, 0xB0, 0x73,
+        0xDE, 0xCB, 0x17, 0x4A, 0xC3, 0xB8, 0xBB, 0x2E,
+        0xF5, 0x4E, 0x6D, 0xF9, 0xE0, 0x20, 0x71, 0xFA,
+        0x60, 0x0A, 0xE5, 0x59, 0x67, 0xEB, 0x6F, 0x70,
+        0x2F, 0x71, 0x91, 0x59, 0xF0, 0xEB, 0x06, 0x5C,
+        0xC4, 0x60, 0x48, 0xE8, 0x75, 0xE7, 0xCF, 0x42,
+        0x71, 0xAD, 0x2E, 0xDA, 0xF9, 0x10, 0x82, 0x9A,
+        0xF6, 0x13, 0xBA, 0x89, 0xFC, 0x61, 0x2A, 0x00,
+        0xFD, 0xAE, 0x53, 0x7B, 0x09, 0x3A, 0xE8, 0xCB,
+        0xE6, 0xB7, 0x0D, 0x03, 0x01, 0xFA, 0x2E, 0x13,
+        0xA9, 0x16, 0x38, 0x1C, 0x92, 0xEC, 0xB4, 0x51,
+        0xA3, 0x6E, 0x3F, 0xA8, 0xB7, 0x37, 0x36, 0x20,
+        0xC0, 0x71, 0xA3, 0x05, 0x34, 0xED, 0xCB, 0x4A,
+        0x3F, 0x11, 0x31, 0x17, 0xA5, 0x02, 0xD6, 0xA7,
+        0x2D, 0xE6, 0xC7, 0x7B, 0xBB, 0xF6, 0xAE, 0x99,
+        0x85, 0x9A, 0xAC, 0xE6, 0x4A, 0x92, 0x8C, 0x37,
+        0x4B, 0xD2, 0xC4, 0x65, 0x2A, 0xC9, 0x7E, 0xB7,
+        0x44, 0xD2, 0x9A, 0x70, 0xCE, 0xA9, 0xA1, 0x9D,
+        0x70, 0x13, 0x49, 0x7B, 0xCA, 0xB6, 0x96, 0x31,
+        0x43, 0x3F, 0x9E, 0xD1, 0xFE, 0x20, 0xF8, 0x0B,
+        0x59, 0x83, 0xE1, 0x28, 0x8B, 0xB6, 0xA2, 0xBE,
+        0x91, 0x54, 0x3E, 0xD4, 0x79, 0x28, 0xBB, 0x5E,
+        0x46, 0x2D, 0x01, 0xE9, 0xC0, 0xB7, 0xFF, 0xFA,
+        0xC0, 0x6C, 0x10, 0xF1, 0x52, 0xF4, 0x3C, 0x32,
+        0x9E, 0x89, 0xDF, 0x8A, 0x79, 0x99, 0x6A, 0x09,
+        0x79, 0x8A, 0x36, 0x76, 0x40, 0xBE, 0x9F, 0xB5,
+        0x3D, 0xCE, 0x27, 0xBD, 0x0B, 0xAA, 0x9B, 0xF0,
+        0x21, 0xBF, 0x10, 0xD2, 0xFC, 0xFE, 0x5B, 0x13,
+        0xFD, 0x7D, 0x84, 0xD1, 0xC1, 0xEB, 0xC0, 0xBC,
+        0xEC, 0x26, 0xD0, 0x87, 0x80, 0xD1, 0x3B, 0x99,
+        0x47, 0x67, 0x26, 0x61, 0xE0, 0xFA, 0x5F, 0xAE,
+        0x6F, 0x31, 0x5B, 0x6D, 0xE4, 0x01, 0x68, 0xC2,
+        0x35, 0x1D, 0xE3, 0x1F, 0x41, 0xFF, 0x6C, 0x53,
+        0x32, 0x26, 0xE1, 0xBC, 0xE3, 0xF8, 0xE2, 0x16,
+        0xAF, 0x3B, 0xE6, 0x4C, 0x69, 0x33, 0x72, 0xA0,
+        0x66, 0xB1, 0x75, 0xF7, 0x26, 0xCF, 0xCD, 0x64,
+        0x2B, 0xAE, 0x98, 0x02, 0x92, 0xC1, 0xCB, 0x65,
+        0xE0, 0x1F, 0x07, 0x29, 0x64, 0x0A, 0xB0, 0x09,
+        0xCB, 0x98, 0x89, 0x2D, 0x6C, 0xFE, 0x40, 0x03,
+        0x34, 0x55, 0xDE, 0xE7, 0x30, 0x33, 0xB6, 0xD5,
+        0xE1, 0x9C, 0x59, 0x9F, 0x8A, 0x40, 0x0E, 0xB1,
+        0x41, 0x52, 0x7D, 0xF2, 0xBB, 0xDD, 0xEF, 0x50,
+        0xBB, 0xD5, 0xFB, 0x55, 0xAA, 0x5E, 0xFD, 0xB3,
+        0x5D, 0x08, 0x56, 0x9B, 0x02, 0x97, 0xE2, 0x48,
+        0x14, 0x69, 0xF1, 0x7B, 0x87, 0xB5, 0x08, 0x93,
+        0x6A, 0x9C, 0x5C, 0x11, 0x08, 0x9A, 0xE9, 0xE4,
+        0xB0, 0xCA, 0xC5, 0x74, 0x93, 0x93, 0xC8, 0x03,
+        0xE4, 0x70, 0x39, 0xF5, 0x1B, 0x5C, 0xBD, 0x42,
+        0xA6, 0xC9, 0xE1, 0x9E, 0xC3, 0xF6, 0x3C, 0x23,
+        0x32, 0xE8, 0x77, 0x68, 0xA9, 0x60, 0xFA, 0x02,
+        0x18, 0x6B, 0x7A, 0x2B, 0x02, 0x92, 0x65, 0x09,
+        0x11, 0x46, 0x73, 0x04, 0x63, 0xDF, 0x8B, 0x37,
+        0x5F, 0x24, 0xAA, 0x83, 0xBD, 0xD4, 0x1D, 0x13,
+        0x04, 0xFC, 0x2F, 0xB5, 0x2D, 0xA1, 0x0F, 0x1F,
+        0xED, 0x65, 0x29, 0x08, 0xCF, 0x8C, 0x52, 0x8F,
+        0xB2, 0x62, 0x5F, 0x39, 0x3F, 0xC8, 0xC7, 0xB3,
+        0x3F, 0xAD, 0x45, 0xBA, 0xD4, 0x7D, 0x38, 0x3D,
+        0x2C, 0x04, 0xCF, 0x32, 0xE8, 0x07, 0x42, 0x5F,
+        0x93, 0xD2, 0x35, 0x07, 0x21, 0xB7, 0xB2, 0xF5,
+        0x96, 0x64, 0x8E, 0xB5, 0xE1, 0x38, 0x6B, 0x43,
+        0xD1, 0x2E, 0xFD, 0xDB, 0x8F, 0xE2, 0x43, 0x6A,
+        0xEC, 0x27, 0x8E, 0xE7, 0x68, 0x75, 0xB5, 0x23,
+        0xC5, 0x43, 0x1D, 0x99, 0x48, 0x57, 0x73, 0xD9,
+        0xAD, 0xBC, 0xD0, 0x14, 0xDD, 0x87, 0xBC, 0x68,
+        0xFB, 0x82, 0xEE, 0x47, 0x4B, 0x22, 0xA5, 0x43,
+        0x3A, 0xF9, 0xF9, 0x91, 0xFC, 0x34, 0xB2, 0x58,
+        0x34, 0xDF, 0x13, 0x09, 0x9A, 0x46, 0xF5, 0x68,
+        0xAF, 0xD1, 0x15, 0x5F, 0x32, 0x1B, 0x9D, 0xA9,
+        0xE9, 0xC0, 0x63, 0x47, 0xAB, 0x3C, 0x1F, 0x59,
+        0xF7, 0xEA, 0x0E, 0xD6, 0xCF, 0x47, 0xB3, 0xE9,
+        0xAF, 0x65, 0x7A, 0xA7, 0xAE, 0x9B, 0xF8, 0x26,
+        0x0B, 0x96, 0x9D, 0xE4, 0xAD, 0x24, 0xD3, 0xA8,
+        0xCE, 0x95, 0xE5, 0x77, 0xD0, 0x44, 0x13, 0x05,
+        0x06, 0x4E, 0x07, 0xB9, 0xA2, 0xC7, 0x5C, 0x3C,
+        0x43, 0x80, 0x1F, 0xCE, 0xB7, 0x36, 0xFE, 0x3D,
+        0x27, 0x1B, 0xE1, 0xF3, 0x6B, 0xFF, 0xC8, 0xE4,
+        0x3D, 0xB1, 0x4A, 0x16, 0x24, 0x76, 0xBA, 0xEA,
+        0x9D, 0x34, 0x6B, 0x52, 0x11, 0xAB, 0xD0, 0x06,
+        0x08, 0xB1, 0x5A, 0xF3, 0xB5, 0xE6, 0x3A, 0x00,
+        0xFF, 0x92, 0x8D, 0x1E, 0xA1, 0xA1, 0x8D, 0x75,
+        0xFA, 0x7C, 0x6C, 0x1B, 0x0F, 0xB6, 0x27, 0x2E,
+        0x55, 0xC3, 0xFE, 0x7E, 0x4D, 0x42, 0x05, 0xE5,
+        0xCF, 0x0A, 0x1F, 0x87, 0x18, 0x30, 0x4E, 0x14,
+        0xF2, 0xB4, 0xCC, 0x54, 0x3D, 0x04, 0x37, 0x34,
+        0x1A, 0x4A, 0x31, 0x16, 0x01, 0xA9, 0x2E, 0x92,
+        0x56, 0x6B, 0x7D, 0xFB, 0x42, 0x64, 0xE8, 0x70,
+        0xE1, 0xB3, 0xA8, 0x75, 0xED, 0xBC, 0x00, 0x3A,
+        0x56, 0x19, 0x70, 0xCF, 0x8A, 0x66, 0x9F, 0x3D,
+        0x1B, 0x69, 0x28, 0x8C, 0xC6, 0xE3, 0x59, 0xCE,
+        0x28, 0xCA, 0x65, 0xF9, 0xDA, 0xE8, 0xCE, 0xCA,
+        0x74, 0x3C, 0x1C, 0x8D, 0x9F, 0xFB, 0x55, 0x08,
+        0x82, 0x4A, 0x83, 0x61, 0xE3, 0x3B, 0x43, 0x1A,
+        0x2E, 0x9E, 0x9A, 0x99, 0x78, 0x47, 0xD2, 0xE6,
+        0xE4, 0x3C, 0x83, 0xF0, 0x22, 0x62, 0xE2, 0x94,
+        0x6D, 0xF7, 0x72, 0x6D, 0x54, 0xE3, 0xE6, 0xC9,
+        0xCC, 0xDB, 0x6D, 0x3F, 0x13, 0x63, 0x46, 0xC1,
+        0x1E, 0x59, 0x42, 0xE7, 0xA1, 0xBF, 0x85, 0x0C,
+        0x2E, 0x99, 0xB4, 0xFA, 0xCE, 0x75, 0xFD, 0x40,
+        0x88, 0x69, 0x33, 0x90, 0x7C, 0xCD, 0xFC, 0x0D,
+        0xE1, 0x17, 0x70, 0x20, 0x31, 0x94, 0x1D, 0x00,
+        0x1E, 0x2A, 0x68, 0x3C, 0x55, 0x78, 0xFD, 0x33,
+        0x54, 0x21, 0x2C, 0xEA, 0xD9, 0x69, 0xBF, 0x1C,
+        0x81, 0x23, 0x9E, 0xEC, 0xC7, 0x74, 0xFD, 0x0B,
+        0x88, 0x3D, 0x0E, 0xEE, 0x82, 0x4B, 0x10, 0xB8,
+        0x79, 0xCF, 0x70, 0x7C, 0xB2, 0x68, 0x47, 0x45,
+        0x22, 0x06, 0x1E, 0x92, 0x7B, 0x12, 0x43, 0x24,
+        0x41, 0x15, 0xC6, 0x69, 0xE9, 0xEB, 0x27, 0x2B,
+        0x60, 0xA6, 0x44, 0xF5, 0x19, 0xEF, 0xEC, 0x06,
+        0x34, 0x08, 0xB6, 0x58, 0x47, 0x2E, 0x91, 0x61,
+        0xA1, 0xF7, 0x44, 0xFD, 0x66, 0x16, 0x9F, 0x0C,
+        0xAE, 0x36, 0xB4, 0x2E, 0x23, 0x79, 0xCB, 0xE8,
+        0x1E, 0x6E, 0x51, 0xA0, 0xF5, 0x34, 0x15, 0x18,
+        0x4E, 0xA0, 0x06, 0xB2, 0x27, 0x0B, 0x33, 0xE2,
+        0xCA, 0x36, 0x4C, 0xDB, 0x33, 0xAA, 0xAE, 0x77,
+        0xFF, 0xD9, 0x53, 0xDB, 0x39, 0x70, 0x4D, 0x49,
+        0x0C, 0xE9, 0xAC, 0x6F, 0x2D, 0xD1, 0xC7, 0xA1,
+        0x8E, 0x61, 0x74, 0x19, 0xA9, 0xAA, 0xFB, 0x37,
+        0xE7, 0x23, 0x9B, 0x23, 0x6A, 0x4B, 0x74, 0xCE,
+        0x63, 0xE4, 0xA0, 0xAD, 0xFF, 0x85, 0x5D, 0xCD,
+        0x78, 0xF6, 0x45, 0x8E, 0x76, 0x0B, 0xFD, 0x1D,
+        0x2A, 0xB9, 0x5E, 0x83, 0xC0, 0x3B, 0x6F, 0xAE,
+        0x0C, 0xD3, 0xC5, 0xCE, 0xEE, 0xEE, 0x1C, 0x69,
+        0x51, 0x59, 0x65, 0xA3, 0x35, 0xFC, 0xF7, 0x8E,
+        0x80, 0xAA, 0x73, 0x93, 0x39, 0x54, 0x21, 0x27,
+        0x17, 0x0B, 0x2C, 0x3E, 0xE1, 0x0B, 0x0E, 0xAA,
+        0x09, 0x9A, 0xC7, 0xAD, 0x4C, 0xD7, 0x6E, 0x7F,
+        0xE4, 0xC1, 0x16, 0x4E, 0x62, 0xF4, 0xE5, 0x80,
+        0x7D, 0xC0, 0x06, 0x1F, 0x77, 0xE4, 0xA8, 0xA5,
+        0x28, 0xD7, 0x10, 0x37, 0x59, 0x30, 0xCB, 0x75,
+        0x5B, 0x28, 0xBF, 0xFD, 0x92, 0x8C, 0xB0, 0x7B,
+        0xB4, 0xA1, 0x07, 0xCD, 0xCA, 0xBB, 0x30, 0x8A,
+        0x48, 0x65, 0x0D, 0xA4, 0xE5, 0x74, 0xD9, 0xBF,
+        0x56, 0x07, 0xF5, 0x83, 0xDA, 0xC3, 0x40, 0xD7,
+        0x20, 0x93, 0xEF, 0xB1, 0x2B, 0xBF, 0x93, 0x41,
+        0x0F, 0x1E, 0xF5, 0xC9, 0x51, 0x6C, 0x74, 0x4D,
+        0x23, 0x15, 0xEC, 0x9E, 0x00, 0x0A, 0x8D, 0xC5,
+        0xD1, 0x7A, 0x7B, 0x6F, 0x0D, 0x07, 0x9D, 0x78,
+        0x4B, 0x6D, 0x90, 0x19, 0x3F, 0x6E, 0x3E, 0xE7,
+        0xEA, 0x0E, 0xAB, 0xFC, 0x6F, 0x68, 0xC5, 0x2B,
+        0x37, 0xCB, 0xCE, 0x82, 0x18, 0xAF, 0xA3, 0x67,
+        0x0A, 0x80, 0xBC, 0x17, 0xB9, 0x5D, 0x7B, 0x40,
+        0x53, 0x62, 0x26, 0x35, 0x8F, 0x04, 0xAC, 0xD9,
+        0x2A, 0x1B, 0xE1, 0x5B, 0x26, 0xA4, 0xE5, 0x81,
+        0x7E, 0x62, 0x8B, 0xA6, 0x79, 0xB3, 0x52, 0x72,
+        0x03, 0xCD, 0x36, 0x32, 0x62, 0x8E, 0xC8, 0x3A,
+        0xA4, 0xF2, 0x18, 0x6D, 0x2F, 0x00, 0x5D, 0x5D,
+        0xFE, 0x6F, 0x7F, 0xDB, 0x4F, 0xED, 0xAC, 0x9E,
+        0x89, 0xD6, 0x66, 0xE3, 0x03, 0xBB, 0x56, 0x83,
+        0x06, 0x15, 0x6C, 0x56, 0xF0, 0x95, 0x34, 0xE2,
+        0x5C, 0x61, 0x9A, 0xB3, 0xB9, 0x50, 0x18, 0xF4,
+        0x89, 0x6B, 0xAC, 0xAA, 0x48, 0x34, 0xF6, 0xD2,
+        0xD8, 0xFE, 0x14, 0xA9, 0x38, 0xAA, 0x10, 0xE5,
+        0x30, 0x54, 0xF0, 0x00, 0x84, 0x44, 0xAC, 0x2E,
+        0xEA, 0x25, 0x38, 0xC1, 0x23, 0x0E, 0x6A, 0x18,
+        0xC9, 0x2B, 0x01, 0xD9, 0x14, 0x7F, 0xDC, 0xEF,
+        0xC9, 0xC8, 0xDA, 0xC1, 0xD4, 0xEC, 0xC8, 0xCF,
+        0x1F, 0x96, 0x2E, 0xFA, 0x1B, 0x8C, 0xD3, 0xC9,
+        0x69, 0x00, 0x0B, 0x7E, 0xBA, 0xC5, 0x98, 0xDC,
+        0xA4, 0x5E, 0xB4, 0x0B, 0xCF, 0xB1, 0x98, 0x51,
+        0x48, 0x38, 0x51, 0xCF, 0x34, 0x0F, 0x3E, 0x8C,
+        0x23, 0x7A, 0x9E, 0xFF, 0x1C, 0x9F, 0x21, 0xE4,
+        0x97, 0x55, 0x41, 0xC6, 0x1A, 0x8F, 0xEF, 0x2A,
+        0xC6, 0x05, 0x7F, 0x59, 0xDC, 0xB2, 0x3A, 0x80,
+        0xE8, 0x06, 0x10, 0xCD, 0x85, 0xDB, 0x20, 0x3C,
+        0x35, 0xD2, 0x4B, 0xC8, 0x2B, 0x9C, 0xD7, 0x82,
+        0x46, 0xF5, 0x9F, 0xEB, 0xB2, 0x48, 0x32, 0xD7,
+        0xCD, 0x66, 0x4C, 0x99, 0x51, 0x88, 0xE0, 0x28,
+        0x1C, 0xD7, 0x86, 0x79, 0x00, 0xDC, 0x0D, 0xF4,
+        0x4D, 0x40, 0x90, 0x80, 0x26, 0x8B, 0x79, 0xE9,
+        0x56, 0x82, 0x88, 0x5F, 0x22, 0x87, 0x70, 0x73,
+        0x4F, 0xA5, 0x35, 0x18, 0xEC, 0x80, 0xCE, 0x23,
+        0x06, 0xCE, 0x14, 0x48, 0x52, 0x4E, 0xF0, 0x18,
+        0x43, 0x03, 0xD4, 0x50, 0xC7, 0x6E, 0xA6, 0x3B,
+        0x73, 0x3E, 0xB0, 0xC8, 0xDC, 0x48, 0xBF, 0x12,
+        0x42, 0x3A, 0xD2, 0x38, 0x89, 0xCF, 0xCD, 0xD8,
+        0x91, 0xE5, 0x95, 0x00, 0x47, 0x24, 0x0D, 0xC0,
+        0xC3, 0x8A, 0xB2, 0xDB, 0xC1, 0x65, 0xB8, 0x1E,
+        0x63, 0x10, 0x02, 0xEA, 0x6F, 0x74, 0x11, 0x9E,
+        0x27, 0xF9, 0xF8, 0x60, 0x73, 0xBF, 0x2D, 0xF7,
+        0x10, 0x81, 0x86, 0x76, 0x98, 0x0C, 0x4C, 0xB6,
+        0xBD, 0x53, 0xF9, 0xA5, 0x72, 0x17, 0x78, 0xB8,
+        0x9F, 0x59, 0xC6, 0x8C, 0x89, 0x35, 0xF5, 0x03,
+        0x1C, 0x8A, 0x93, 0x36, 0x7D, 0x71, 0x70, 0x57,
+        0xFD, 0x4D, 0x5E, 0xFA, 0xBE, 0xDE, 0x70, 0x2C,
+        0xC6, 0x45, 0xEF, 0xB6, 0xD7, 0xF4, 0x4C, 0x86,
+        0x0F, 0xFF, 0x76, 0x37, 0xAA, 0xD9, 0x72, 0x24,
+        0x8C, 0x84, 0x4D, 0x15, 0x13, 0x39, 0x20, 0x07,
+        0x38, 0x91, 0xC3, 0x13, 0x5D, 0x29, 0x78, 0x68,
+        0xB7, 0xDA, 0x86, 0xF0, 0x97, 0xD8, 0xFB, 0x39,
+        0xC1, 0x3B, 0xA1, 0x4C, 0x4F, 0x24, 0x75, 0x16,
+        0xAB, 0xA4, 0xC5, 0xF8, 0xCE, 0x38, 0x18, 0x48,
+        0x2C, 0x8F, 0xF6, 0x0C, 0xCA, 0x51, 0xFD, 0xB2,
+        0xCE, 0xE9, 0x6B, 0xC1, 0x13, 0x8D, 0xC0, 0x4A,
+        0x86, 0xF8, 0x57, 0x72, 0x75, 0x91, 0xAA, 0xE6,
+        0xF8, 0x7C, 0x30, 0x05, 0x9B, 0x3E, 0x81, 0xB6,
+        0x80, 0x55, 0xB2, 0x4E, 0xA2, 0xFA, 0x98, 0x36,
+        0x86, 0x49, 0x8B, 0xFC, 0x9D, 0x9E, 0x7D, 0x59,
+        0x50, 0x79, 0xEB, 0x64, 0x6E, 0x85, 0xB2, 0x12,
+        0xCE, 0xDD, 0x21, 0xD0, 0x08, 0x7E, 0x0F, 0x2A,
+        0xF6, 0x63, 0xEB, 0x77, 0x2A, 0x98, 0x47, 0xB1,
+        0xDF, 0x21, 0x97, 0xAF, 0x13, 0x62, 0x6B, 0x89,
+        0x7C, 0x24, 0x63, 0x7A, 0xF5, 0xBF, 0xE8, 0x18,
+        0x16, 0xA8, 0xC9, 0x0D, 0x30, 0x48, 0x37, 0x5B,
+        0x69, 0x94, 0x97, 0x14, 0x3E, 0x57, 0x71, 0x85,
+        0xA7, 0x0E, 0x11, 0x50, 0x58, 0xA3, 0xA9, 0x11,
+        0x2B, 0x2C, 0x43, 0x51, 0xB6, 0xCA, 0xD0, 0x09,
+        0x28, 0x2B, 0x4F, 0x7C, 0xB8, 0xBD, 0xFC, 0x28,
+        0x57, 0x77, 0xD7, 0xDF, 0xE8, 0xF5, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x03, 0x06, 0x0B, 0x11, 0x17,
+        0x1F, 0x27, 0x2E
+    };
+#endif
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key),
+        0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44,
+        (word32)sizeof(msg_44), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_44_draft,
+        (word32)sizeof(pk_44_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_44_draft,
+        (word32)sizeof(sig_44_draft), msg_44_draft,
+        (word32)sizeof(msg_44_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key),
+        0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65,
+        (word32)sizeof(msg_65), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_65_draft,
+        (word32)sizeof(pk_65_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_65_draft,
+        (word32)sizeof(sig_65_draft), msg_65_draft,
+        (word32)sizeof(msg_65_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key),
+        0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87,
+        (word32)sizeof(msg_87), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_87_draft,
+        (word32)sizeof(pk_87_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_87_draft,
+        (word32)sizeof(sig_87_draft), msg_87_draft,
+        (word32)sizeof(msg_87_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
 /*
  * Testing wc_SetSubjectBuffer
  */
@@ -26030,8 +37079,8 @@ static int test_wc_SetSubjectBuffer(void)
         XFCLOSE(file);
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
-    ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, derSz), 0);
-    ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, derSz), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, (int)derSz), 0);
+    ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -26047,7 +37096,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
     WC_RNG      rng;
     Cert        cert;
-#if !defined(NO_RSA) && defined(HAVE_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RsaKey      rsaKey;
     int         bits = 2048;
 #endif
@@ -26070,7 +37119,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
 
-#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* RSA */
     XMEMSET(&rsaKey, 0, sizeof(RsaKey));
     ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
@@ -26129,7 +37178,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
     WC_RNG      rng;
     Cert        cert;
-#if !defined(NO_RSA) && defined(HAVE_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RsaKey      rsaKey;
     int         bits = 2048;
 #endif
@@ -26152,7 +37201,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
 
-#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* RSA */
     XMEMSET(&rsaKey, 0, sizeof(RsaKey));
     ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
@@ -26228,7 +37277,7 @@ static int test_wc_PKCS7_Init(void)
 
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -26385,9 +37434,9 @@ static int test_wc_PKCS7_InitWithCert(void)
 
         /* Pass in bad args. No need free for null checks, free at end.*/
         ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifdef HAVE_ECC
         ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
@@ -26495,22 +37544,22 @@ static int test_wc_PKCS7_EncodeData(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
 
     if (pkcs7 != NULL) {
         pkcs7->content = data;
         pkcs7->contentSz = sizeof(data);
         pkcs7->privateKey = key;
-        pkcs7->privateKeySz = keySz;
+        pkcs7->privateKeySz = (word32)keySz;
     }
     ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
-                                                            BAD_FUNC_ARG);
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
-                                                            BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -26583,6 +37632,43 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
 }
 #endif
 
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+typedef struct encodeSignedDataStream {
+    byte out[FOURK_BUF*3];
+    int  idx;
+    word32 outIdx;
+} encodeSignedDataStream;
+
+
+/* content is 8k of partially created bundle */
+static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
+{
+    int ret = 0;
+    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
+
+    if (strm->outIdx  < pkcs7->contentSz) {
+        ret = (pkcs7->contentSz > strm->outIdx + FOURK_BUF)?
+                FOURK_BUF : pkcs7->contentSz - strm->outIdx;
+        *content = strm->out + strm->outIdx;
+        strm->outIdx += ret;
+    }
+
+    (void)pkcs7;
+    return ret;
+}
+
+static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz,
+    void* ctx)
+{
+    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
+
+    XMEMCPY(strm->out + strm->idx, output, outputSz);
+    strm->idx += outputSz;
+    (void)pkcs7;
+    return 0;
+}
+#endif
+
 
 /*
  * Testing wc_PKCS7_EncodeSignedData()
@@ -26599,6 +37685,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     word32 badOutSz = 0;
     byte   data[] = "Test data to encode.";
 #ifndef NO_RSA
+    int    encryptOid = RSAk;
     #if defined(USE_CERT_BUFFERS_2048)
         byte        key[sizeof(client_key_der_2048)];
         byte        cert[sizeof(client_cert_der_2048)];
@@ -26641,6 +37728,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             XFCLOSE(fp);
     #endif
 #elif defined(HAVE_ECC)
+    int    encryptOid = ECDSAk;
     #if defined(USE_CERT_BUFFERS_256)
         unsigned char    cert[sizeof(cliecc_cert_der_256)];
         unsigned char    key[sizeof(ecc_clikey_der_256)];
@@ -26657,7 +37745,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         int             certSz;
         int             keySz;
 
-        ExpectTrue((fp = XOPEN("./certs/client-ecc-cert.der", "rb")) !=
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
             XBADFILE);
         ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
         if (fp != XBADFILE) {
@@ -26688,7 +37776,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         pkcs7->contentSz = (word32)sizeof(data);
         pkcs7->privateKey = key;
         pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
+        pkcs7->encryptOID = encryptOid;
     #ifdef NO_SHA
         pkcs7->hashOID = SHA256h;
     #else
@@ -26698,24 +37786,129 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     }
 
     ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
-
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 
+#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* reinitialize and test setting stream mode */
+    {
+        int signedSz = 0;
+        encodeSignedDataStream strm;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+        if (pkcs7 != NULL) {
+            pkcs7->content = data;
+            pkcs7->contentSz = (word32)sizeof(data);
+            pkcs7->privateKey = key;
+            pkcs7->privateKeySz = (word32)sizeof(key);
+            pkcs7->encryptOID = encryptOid;
+        #ifdef NO_SHA
+            pkcs7->hashOID = SHA256h;
+        #else
+            pkcs7->hashOID = SHAh;
+        #endif
+            pkcs7->rng = &rng;
+        }
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
+
+        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
+            outputSz), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* use exact signed buffer size since BER encoded */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz),
+            0);
+        wc_PKCS7_Free(pkcs7);
+
+        /* now try with using callbacks for IO */
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+        if (pkcs7 != NULL) {
+            pkcs7->contentSz  = FOURK_BUF*2;
+            pkcs7->privateKey = key;
+            pkcs7->privateKeySz = (word32)sizeof(key);
+            pkcs7->encryptOID = encryptOid;
+        #ifdef NO_SHA
+            pkcs7->hashOID = SHA256h;
+        #else
+            pkcs7->hashOID = SHAh;
+        #endif
+            pkcs7->rng = &rng;
+        }
+        XMEMSET(&strm, 0, sizeof(strm));
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+            StreamOutputCB, (void*)&strm), 0);
+
+        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* use exact signed buffer size since BER encoded */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, (word32)signedSz), 0);
+    }
+#endif
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    {
+        word32 z;
+        int ret;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* test for streaming mode */
+        ret = -1;
+        for (z = 0; z < outputSz && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectIntNE(pkcs7->contentSz, 0);
+        ExpectNotNull(pkcs7->contentDynamic);
+    }
+#endif /* !NO_PKCS7_STREAM */
+
+
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
-                                badOutSz), BAD_FUNC_ARG);
+                                badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->hashOID = 0; /* bad hashOID */
     }
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
     !defined(NO_RSA) && !defined(NO_SHA256)
@@ -26743,6 +37936,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
     wc_PKCS7_Free(pkcs7);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_EncodeSignedData */
@@ -26770,7 +37964,7 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
     enum wc_HashType hashType = WC_HASH_TYPE_SHA;
 #endif
     byte        hashBuf[WC_MAX_DIGEST_SIZE];
-    word32      hashSz = wc_HashGetDigestSize(hashType);
+    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
 
 #ifndef NO_RSA
     #if defined(USE_CERT_BUFFERS_2048)
@@ -26912,6 +38106,10 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
     {
         byte* output = NULL;
         word32 outputSz = 0;
+    #ifndef NO_PKCS7_STREAM
+        word32 z;
+        int ret;
+    #endif /* !NO_PKCS7_STREAM */
 
         ExpectNotNull(output = (byte*)XMALLOC(
             outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
@@ -26928,60 +38126,86 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* test for streaming mode */
+        ret = -1;
+        for (z = 0; z < outputSz && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectIntNE(pkcs7->contentSz, 0);
+        ExpectNotNull(pkcs7->contentDynamic);
+
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    #endif /* !NO_PKCS7_STREAM */
+
         XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->hashOID = 0; /* bad hashOID */
     }
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     /* can pass in 0 buffer length with streaming API */
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
+        outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), BUFFER_E);
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
 
     wc_PKCS7_Free(pkcs7);
@@ -27302,7 +38526,7 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
         ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
     }
 
-    outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
+    outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, (word32)outputSz);
     ExpectIntGT(outputSz, 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -27312,7 +38536,7 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
         pkcs7->content = data;
         pkcs7->contentSz = dataSz;
     }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0);
 
     wc_PKCS7_Free(pkcs7);
     wc_FreeRng(&rng);
@@ -27345,7 +38569,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     enum wc_HashType hashType = WC_HASH_TYPE_SHA;
 #endif
     byte        hashBuf[WC_MAX_DIGEST_SIZE];
-    word32      hashSz = wc_HashGetDigestSize(hashType);
+    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
 #ifndef NO_RSA
     PKCS7DecodedAttrib* decodedAttrib = NULL;
     /* contentType OID (1.2.840.113549.1.9.3) */
@@ -27376,11 +38600,15 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     struct tm* tmpTime = &tmpTimeStorage;
 #endif
 #endif /* !NO_ASN && !NO_ASN_TIME */
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     XMEMSET(&hash, 0, sizeof(wc_HashAlg));
 
     /* Success test with RSA certs/key */
-    ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
         (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0);
 
     /* calculate hash for content, used later */
@@ -27394,6 +38622,26 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+#endif /* !NO_PKCS7_STREAM */
+
     /* Check that decoded signed attributes are correct */
 
     /* messageDigest should be first */
@@ -27459,16 +38707,16 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
-                                          BAD_FUNC_ARG);
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
-                                          BAD_FUNC_ARG);
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #ifndef NO_PKCS7_STREAM
         /* can pass in 0 buffer length with streaming API */
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), WC_PKCS7_WANT_READ_E);
+                                    badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
     #else
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), BAD_FUNC_ARG);
+                                    badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -27477,7 +38725,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     /* Try RSA certs/key/sig first */
     outputSz = sizeof(output);
     XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
                                                   (word32)sizeof(data),
                                                   1, 1, 0, RSA_TYPE)), 0);
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
@@ -27487,10 +38735,37 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
         pkcs7->contentSz = sizeof(badContent);
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-                SIG_VERIFY_E);
+                WC_NO_ERR_TRACE(SIG_VERIFY_E));
+
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
+            continue;
+        }
+        else if (ret < 0) {
+            break;
+        }
+    }
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+
     /* Test success case with detached signature and valid content */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@@ -27502,6 +38777,30 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
     /* verify using pre-computed content digest only (no content) */
     {
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
@@ -27517,7 +38816,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
 #ifndef NO_RSA
     outputSz = sizeof(output);
     XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
                                                   (word32)sizeof(data),
                                                   0, 0, 1, RSA_TYPE)), 0);
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
@@ -27525,7 +38824,105 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
 #endif /* !NO_RSA */
+#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
+        !defined(NO_FILESYSTEM)
+    {
+        XFILE signedBundle = XBADFILE;
+        int   signedBundleSz = 0;
+        int   chunkSz = 1;
+        int   i, rc = 0;
+        byte* buf = NULL;
+
+        ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
+            "rb")) != XBADFILE);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
+        ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
+        ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
+            DYNAMIC_TYPE_FILE));
+        if (buf != NULL) {
+            ExpectIntEQ(XFREAD(buf, 1, (size_t)signedBundleSz, signedBundle),
+                signedBundleSz);
+        }
+        if (signedBundle != XBADFILE) {
+            XFCLOSE(signedBundle);
+            signedBundle = XBADFILE;
+        }
+
+        if (buf != NULL) {
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+            for (i = 0; i < signedBundleSz;) {
+                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                    chunkSz;
+                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
+                if (rc < 0 ) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                        i += sz;
+                        continue;
+                    }
+                    break;
+                }
+                else {
+                    break;
+                }
+            }
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+
+        /* now try with malformed bundle */
+        if (buf != NULL) {
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+            buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
+            for (i = 0; i < signedBundleSz;) {
+                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                    chunkSz;
+                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
+                if (rc < 0 ) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                        i += sz;
+                        continue;
+                    }
+                    break;
+                }
+                else {
+                    break;
+                }
+            }
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E));
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+
+        if (buf != NULL)
+            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
+    }
+#endif /* BER and stream */
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_VerifySignedData()_RSA */
@@ -27543,20 +38940,24 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     byte   data[] = "Test data to encode.";
     byte   badContent[] = "This is different content than was signed";
     wc_HashAlg hash;
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 #ifdef NO_SHA
     enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
 #else
     enum wc_HashType hashType = WC_HASH_TYPE_SHA;
 #endif
     byte        hashBuf[WC_MAX_DIGEST_SIZE];
-    word32      hashSz = wc_HashGetDigestSize(hashType);
+    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
 
     XMEMSET(&hash, 0, sizeof(wc_HashAlg));
 
     /* Success test with ECC certs/key */
     outputSz = sizeof(output);
     XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
         (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0);
 
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
@@ -27566,11 +38967,30 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
     /* Invalid content should error, use detached signature so we can
      * easily change content */
     outputSz = sizeof(output);
     XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
         (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0);
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@@ -27579,10 +38999,37 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
         pkcs7->contentSz = sizeof(badContent);
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-        SIG_VERIFY_E);
+        WC_NO_ERR_TRACE(SIG_VERIFY_E));
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
+            continue;
+        }
+        else if (ret < 0) {
+            break;
+        }
+    }
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+
     /* Test success case with detached signature and valid content */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@@ -27594,6 +39041,30 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
     /* verify using pre-computed content digest only (no content) */
     {
         /* calculate hash for content */
@@ -27613,13 +39084,34 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     /* Test verify on signedData containing intermediate/root CA certs */
     outputSz = sizeof(output);
     XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
         (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0);
     ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_VerifySignedData_ECC() */
@@ -27664,7 +39156,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
     if (ret == 0) {
         ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
         if (ret == 0)
-            ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
+            ret = wc_AesCbcDecrypt(&aes, out, in, (word32)inSz);
         wc_AesFree(&aes);
     }
 
@@ -27727,6 +39219,95 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
 #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
 
 
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+#define MAX_TEST_DECODE_SIZE 6000
+static int test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb(wc_PKCS7* pkcs7,
+    const byte* output, word32 outputSz, void* ctx) {
+     WOLFSSL_BUFFER_INFO* out = (WOLFSSL_BUFFER_INFO*)ctx;
+
+    if (out == NULL) {
+        return -1;
+    }
+
+    if (outputSz + out->length > MAX_TEST_DECODE_SIZE) {
+        printf("Example buffer size needs increased");
+    }
+
+    /* printf("Decoded in %d bytes\n", outputSz);
+     * for (word32 z = 0; z < outputSz; z++) printf("%02X", output[z]);
+     * printf("\n");
+    */
+
+    XMEMCPY(out->buffer + out->length, output, outputSz);
+    out->length += outputSz;
+
+    (void)pkcs7;
+    return 0;
+}
+#endif /* HAVE_PKCS7 && ASN_BER_TO_DER */
+
+/*
+ * Testing wc_PKCS7_DecodeEnvelopedData with streaming
+ */
+static int test_wc_PKCS7_DecodeEnvelopedData_stream(void)
+{
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+    EXPECT_DECLS;
+    PKCS7*      pkcs7 = NULL;
+    int ret = 0;
+    XFILE f = XBADFILE;
+    const char* testStream = "./certs/test-stream-dec.p7b";
+    byte testStreamBuffer[100];
+    size_t testStreamBufferSz = 0;
+    byte decodedData[MAX_TEST_DECODE_SIZE]; /* large enough to hold result of decode, which is ca-cert.pem */
+    WOLFSSL_BUFFER_INFO out;
+
+    out.length = 0;
+    out.buffer = decodedData;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
+        sizeof_client_cert_der_2048), 0);
+
+    ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
+        sizeof_client_key_der_2048), 0);
+    ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL,
+        test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb, (void*)&out), 0);
+
+    ExpectTrue((f = XFOPEN(testStream, "rb")) != XBADFILE);
+    if (EXPECT_SUCCESS()) {
+        do {
+            testStreamBufferSz = XFREAD(testStreamBuffer, 1,
+                sizeof(testStreamBuffer), f);
+            if (testStreamBufferSz == 0) {
+                break;
+            }
+
+            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testStreamBuffer,
+                (word32)testStreamBufferSz, NULL, 0);
+            if (testStreamBufferSz < sizeof(testStreamBuffer)) {
+                break;
+            }
+        } while (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+    #ifdef NO_DES3
+        ExpectIntEQ(ret, ALGO_ID_E);
+    #else
+        ExpectIntGT(ret, 0);
+    #endif
+    }
+
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    wc_PKCS7_Free(pkcs7);
+    return EXPECT_RESULT();
+#else
+    return TEST_SKIPPED;
+#endif
+} /* END test_wc_PKCS7_DecodeEnvelopedData_stream() */
+
 /*
  * Testing wc_PKCS7_EncodeEnvelopedData()
  */
@@ -27735,6 +39316,9 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     EXPECT_DECLS;
 #if defined(HAVE_PKCS7)
     PKCS7*      pkcs7 = NULL;
+#ifdef ASN_BER_TO_DER
+    int encodedSz = 0;
+#endif
 #ifdef ECC_TIMING_RESISTANT
     WC_RNG      rng;
 #endif
@@ -27935,6 +39519,87 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
     for (i = 0; i < testSz; i++) {
+    #ifdef ASN_BER_TO_DER
+        encodeSignedDataStream strm;
+
+        /* test setting stream mode, the first one using IO callbacks */
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
+                                    (word32)(testVectors + i)->certSz), 0);
+        if (pkcs7 != NULL) {
+        #ifdef ECC_TIMING_RESISTANT
+            pkcs7->rng = &rng;
+        #endif
+
+            if (i != 0)
+                pkcs7->content       = (byte*)(testVectors + i)->content;
+            pkcs7->contentSz     = (testVectors + i)->contentSz;
+            pkcs7->contentOID    = (testVectors + i)->contentOID;
+            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
+            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
+            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
+            pkcs7->privateKey    = (testVectors + i)->privateKey;
+            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
+        }
+
+        if (i == 0) {
+            XMEMSET(&strm, 0, sizeof(strm));
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB, (void*)&strm), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
+        }
+        else {
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+                (word32)sizeof(output));
+        }
+
+        switch ((testVectors + i)->encryptOID) {
+        #ifndef NO_DES3
+            case DES3b:
+            case DESb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+            case AES128CCMb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_192
+            case AES192CCMb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_256
+            case AES256CCMb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #endif
+            default:
+                ExpectIntGE(encodedSz, 0);
+        }
+
+        if (encodedSz > 0) {
+            if (i == 0) {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
+                    strm.out, (word32)encodedSz, decoded,
+                    (word32)sizeof(decoded));
+            }
+            else {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+                    (word32)encodedSz, decoded, (word32)sizeof(decoded));
+            }
+            ExpectIntGE(decodedSz, 0);
+            /* Verify the size of each buffer. */
+            ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    #endif
+
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
                                     (word32)(testVectors + i)->certSz), 0);
         if (pkcs7 != NULL) {
@@ -27952,6 +39617,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
             pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
         }
 
+    #ifdef ASN_BER_TO_DER
+        /* test without setting stream mode */
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
+    #endif
+
         ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
             (word32)sizeof(output)), 0);
 
@@ -27960,6 +39630,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         ExpectIntGE(decodedSz, 0);
         /* Verify the size of each buffer. */
         ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+
         /* Don't free the last time through the loop. */
         if (i < testSz - 1) {
             wc_PKCS7_Free(pkcs7);
@@ -27971,24 +39642,24 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
-                    (word32)sizeof(output)), BAD_FUNC_ARG);
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
-                    (word32)sizeof(output)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Decode.  */
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
+        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
+        (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
-        (word32)sizeof(decoded)), BAD_FUNC_ARG);
+        (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
 #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
     /* only a failure for KARI test cases */
@@ -27999,11 +39670,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     #if defined(WOLFSSL_ASN_TEMPLATE)
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
     #endif
     if (pkcs7 != NULL) {
         pkcs7->singleCertSz = tempWrd32;
@@ -28017,11 +39688,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
      * is returned from kari parse which gets set to bad func arg */
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
     #endif
   #endif /* !NO_RSA */
     if (pkcs7 != NULL) {
@@ -28035,7 +39706,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->privateKeySz = tempWrd32;
 
@@ -28044,7 +39715,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     }
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->privateKey = tmpBytePtr;
     }
@@ -28079,7 +39750,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
         ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
         ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-                        envelopedSz, decoded, sizeof(decoded))), 0);
+                        (word32)envelopedSz, decoded, sizeof(decoded))), 0);
         wc_PKCS7_Free(pkcs7);
         pkcs7 = NULL;
     }
@@ -28151,10 +39822,10 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
     byte        decoded[TWOK_BUF];
     word32      tmpWrd32 = 0;
     int         tmpInt = 0;
-    int         decodedSz;
+    int         decodedSz = 0;
     int         encryptedSz = 0;
-    int         testSz;
-    int         i;
+    int         testSz = 0;
+    int         i = 0;
     const byte data[] = { /* Hello World */
         0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
         0x72,0x6c,0x64
@@ -28239,7 +39910,7 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
 
         /* Decode encryptedData */
         ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted,
-            encryptedSz, decoded, sizeof(decoded)), 0);
+            (word32)encryptedSz, decoded, sizeof(decoded)), 0);
 
         ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
         /* Keep values for last itr. */
@@ -28254,74 +39925,74 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
     }
 
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
-        sizeof(encrypted)),BAD_FUNC_ARG);
+        sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Testing the struct. */
     if (pkcs7 != NULL) {
         tmpBytePtr = pkcs7->content;
         pkcs7->content = NULL;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->content = tmpBytePtr;
         tmpWrd32 = pkcs7->contentSz;
         pkcs7->contentSz = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->contentSz = tmpWrd32;
         tmpInt = pkcs7->encryptOID;
         pkcs7->encryptOID = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptOID = tmpInt;
         tmpBytePtr = pkcs7->encryptionKey;
         pkcs7->encryptionKey = NULL;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKey = tmpBytePtr;
         tmpWrd32 = pkcs7->encryptionKeySz;
         pkcs7->encryptionKeySz = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKeySz = tmpWrd32;
     }
 
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
-        NULL, sizeof(decoded)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
-        decoded, 0), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Test struct fields */
 
     if (pkcs7 != NULL) {
         tmpBytePtr = pkcs7->encryptionKey;
         pkcs7->encryptionKey = NULL;
     }
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKey = tmpBytePtr;
         pkcs7->encryptionKeySz = 0;
     }
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -28340,7 +40011,10 @@ static int test_wc_PKCS7_Degenerate(void)
     XFILE  f = XBADFILE;
     byte   der[4096];
     word32 derSz = 0;
-
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
     ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
     ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
     if (f != XBADFILE)
@@ -28352,9 +40026,27 @@ static int test_wc_PKCS7_Degenerate(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 #ifndef NO_RSA
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
 #else
     ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
-#endif
+#endif /* NO_RSA */
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -28364,7 +40056,29 @@ static int test_wc_PKCS7_Degenerate(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
-        PKCS7_NO_SIGNER_E);
+        WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
+            continue;
+        }
+        else
+            break;
+    }
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
+    #endif /* !NO_PKCS7_STREAM */
+
     wc_PKCS7_Free(pkcs7);
 #endif
     return EXPECT_RESULT();
@@ -28581,6 +40295,10 @@ static int test_wc_PKCS7_BER(void)
     byte   decoded[2048];
 #endif
     word32 derSz = 0;
+#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM && !NO_RSA */
 
     ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
     ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
@@ -28594,6 +40312,24 @@ static int test_wc_PKCS7_BER(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 #ifndef NO_RSA
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
 #else
     ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
 #endif
@@ -28628,14 +40364,14 @@ static int test_wc_PKCS7_BER(void)
 #ifndef NO_RSA
 #ifdef WOLFSSL_SP_MATH
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
 #else
     ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
         sizeof(berContent), decoded, sizeof(decoded)), 0);
 #endif
 #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
     wc_PKCS7_Free(pkcs7);
 #endif /* !NO_DES3 */
@@ -28653,7 +40389,6 @@ static int test_wc_PKCS7_signed_enveloped(void)
 #ifdef HAVE_AES_CBC
     PKCS7* inner = NULL;
 #endif
-    void*  pt = NULL;
     WC_RNG rng;
     unsigned char key[FOURK_BUF/2];
     unsigned char cert[FOURK_BUF/2];
@@ -28667,6 +40402,10 @@ static int test_wc_PKCS7_signed_enveloped(void)
     unsigned char decoded[FOURK_BUF];
     int decodedSz = FOURK_BUF;
 #endif
+#ifndef NO_PKCS7_STREAM
+    int z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
 
@@ -28690,18 +40429,18 @@ static int test_wc_PKCS7_signed_enveloped(void)
     /* sign cert for envelope */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
     if (pkcs7 != NULL) {
         pkcs7->content    = cert;
-        pkcs7->contentSz  = certSz;
+        pkcs7->contentSz  = (word32)certSz;
         pkcs7->contentOID = DATA;
         pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = keySz;
+        pkcs7->privateKeySz = (word32)keySz;
         pkcs7->encryptOID   = RSAk;
         pkcs7->hashOID      = SHA256h;
         pkcs7->rng          = &rng;
     }
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -28709,16 +40448,16 @@ static int test_wc_PKCS7_signed_enveloped(void)
 #ifdef HAVE_AES_CBC
     /* create envelope */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
     if (pkcs7 != NULL) {
         pkcs7->content   = sig;
-        pkcs7->contentSz = sigSz;
+        pkcs7->contentSz = (word32)sigSz;
         pkcs7->contentOID = DATA;
         pkcs7->encryptOID = AES256CBCb;
         pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = keySz;
+        pkcs7->privateKeySz = (word32)keySz;
     }
-    ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
+    ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, (word32)envSz)), 0);
     ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -28728,37 +40467,33 @@ static int test_wc_PKCS7_signed_enveloped(void)
     sigSz = FOURK_BUF * 2;
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
     if (pkcs7 != NULL) {
         pkcs7->content    = env;
-        pkcs7->contentSz  = envSz;
+        pkcs7->contentSz  = (word32)envSz;
         pkcs7->contentOID = DATA;
         pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = keySz;
+        pkcs7->privateKeySz = (word32)keySz;
         pkcs7->encryptOID   = RSAk;
         pkcs7->hashOID      = SHA256h;
         pkcs7->rng = &rng;
     }
 
-    /* Set no certs in bundle for this test. Hang on to the pointer though to
-     * free it later. */
+    /* Set no certs in bundle for this test. */
     if (pkcs7 != NULL) {
-        pt = (void*)pkcs7->certList;
-        pkcs7->certList = NULL; /* no certs in bundle */
-    }
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
-    if (pkcs7 != NULL) {
-        /* restore pointer for PKCS7 free call */
-        pkcs7->certList = (Pkcs7Cert*)pt;
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
     }
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
     /* check verify fails */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
-            PKCS7_SIGNEEDS_CHECK);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz),
+            WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
 
     /* try verifying the signature manually */
     {
@@ -28766,10 +40501,10 @@ static int test_wc_PKCS7_signed_enveloped(void)
         word32 idx = 0;
         byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
             WC_MAX_DIGEST_SIZE];
-        int  digestSz;
+        int  digestSz = 0;
 
         ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
-        ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
+        ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, (word32)keySz), 0);
         ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature,
             pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0);
         ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz);
@@ -28783,8 +40518,26 @@ static int test_wc_PKCS7_signed_enveloped(void)
 
     /* initializing the PKCS7 struct with the signing certificate should pass */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
+
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < sigSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+#endif /* !NO_PKCS7_STREAM */
+
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -28793,16 +40546,16 @@ static int test_wc_PKCS7_signed_enveloped(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     if (pkcs7 != NULL) {
         pkcs7->content    = env;
-        pkcs7->contentSz  = envSz;
+        pkcs7->contentSz  = (word32)envSz;
         pkcs7->contentOID = DATA;
         pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = keySz;
+        pkcs7->privateKeySz = (word32)keySz;
         pkcs7->encryptOID   = RSAk;
         pkcs7->hashOID      = SHA256h;
         pkcs7->rng = &rng;
     }
     ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
     wc_FreeRng(&rng);
@@ -28810,19 +40563,56 @@ static int test_wc_PKCS7_signed_enveloped(void)
     /* check verify */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
     ExpectNotNull(pkcs7->content);
 
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* create valid degenerate bundle */
+    sigSz = FOURK_BUF * 2;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    if (pkcs7 != NULL) {
+        pkcs7->content    = env;
+        pkcs7->contentSz  = (word32)envSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = (word32)keySz;
+        pkcs7->encryptOID   = RSAk;
+        pkcs7->hashOID      = SHA256h;
+        pkcs7->rng = &rng;
+    }
+    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    wc_FreeRng(&rng);
+
+    /* check verify */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < sigSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+#endif /* !NO_PKCS7_STREAM */
+
 #ifdef HAVE_AES_CBC
     /* check decode */
     ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, (word32)certSz), 0);
     if (inner != NULL) {
         inner->privateKey   = key;
-        inner->privateKeySz = keySz;
+        inner->privateKeySz = (word32)keySz;
     }
     ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
-                   pkcs7->contentSz, decoded, decodedSz)), 0);
+                   pkcs7->contentSz, decoded, (word32)decodedSz)), 0);
     wc_PKCS7_Free(inner);
     inner = NULL;
 #endif
@@ -28833,12 +40623,60 @@ static int test_wc_PKCS7_signed_enveloped(void)
     /* check cert set */
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, (word32)decodedSz), 0);
     ExpectNotNull(pkcs7->singleCert);
     ExpectIntNE(pkcs7->singleCertSz, 0);
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < decodedSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectNotNull(pkcs7->singleCert);
+    ExpectIntNE(pkcs7->singleCertSz, 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
 #endif
+
+    {
+        /* arbitrary custom SKID */
+        const byte customSKID[] = {
+            0x40, 0x25, 0x77, 0x56
+        };
+
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        sigSz = FOURK_BUF * 2;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+            pkcs7->content    = cert;
+            pkcs7->contentSz  = (word32)certSz;
+            pkcs7->contentOID = DATA;
+            pkcs7->privateKey   = key;
+            pkcs7->privateKeySz = (word32)keySz;
+            pkcs7->encryptOID   = RSAk;
+            pkcs7->hashOID      = SHA256h;
+            pkcs7->rng          = &rng;
+            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
+                        sizeof(customSKID)), 0);
+            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
+                (word32)sigSz)), 0);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        wc_FreeRng(&rng);
+    }
 #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
     return EXPECT_RESULT();
 }
@@ -28854,7 +40692,7 @@ static int test_wc_PKCS7_NoDefaultSignedAttribs(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -28874,7 +40712,7 @@ static int test_wc_PKCS7_SetOriEncryptCtx(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -28894,7 +40732,7 @@ static int test_wc_PKCS7_SetOriDecryptCtx(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -28985,7 +40823,7 @@ static int test_wc_i2d_PKCS12(void)
     EXPECT_DECLS;
 #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
     && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
-    && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
+    && !defined(NO_AES) && !defined(NO_SHA)
     WC_PKCS12* pkcs12 = NULL;
     unsigned char der[FOURK_BUF * 2];
     unsigned char* pt;
@@ -29001,8 +40839,8 @@ static int test_wc_i2d_PKCS12(void)
         XFCLOSE(f);
 
     ExpectNotNull(pkcs12 = wc_PKCS12_new());
-    ExpectIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
 
     outSz = derSz - 1;
@@ -29022,14 +40860,14 @@ static int test_wc_i2d_PKCS12(void)
     /* Run the same test but use wc_d2i_PKCS12_fp. */
     ExpectNotNull(pkcs12 = wc_PKCS12_new());
     ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
     wc_PKCS12_free(pkcs12);
     pkcs12 = NULL;
 
     /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
     ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
     wc_PKCS12_free(pkcs12);
     pkcs12 = NULL;
@@ -29066,11 +40904,11 @@ static int test_wc_SignatureGetSize_ecc(void)
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     sig_type = (enum wc_SignatureType) 100;
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     sig_type = WC_SIGNATURE_TYPE_ECC;
     ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
     key_len = (word32)0;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_ecc_free(&ecc), 0);
 #endif /* !NO_SIG_WRAPPER && HAVE_ECC && !NO_ECC256 */
@@ -29133,15 +40971,11 @@ static int test_wc_SignatureGetSize_rsa(void)
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
     sig_type = (enum wc_SignatureType)100;
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     sig_type = WC_SIGNATURE_TYPE_RSA;
-    #ifndef HAVE_USER_RSA
-        ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
-    #else
-        ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
-    #endif
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     key_len = (word32)0;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRsaKey(&rsa_key), 0);
     XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -29149,192 +40983,6 @@ static int test_wc_SignatureGetSize_rsa(void)
     return EXPECT_RESULT();
 } /* END test_wc_SignatureGetSize_rsa(void) */
 
-/*----------------------------------------------------------------------------*
- | hash.h Tests
- *----------------------------------------------------------------------------*/
-
-static int test_wc_HashInit(void)
-{
-    EXPECT_DECLS;
-    int i;  /* 0 indicates tests passed, 1 indicates failure */
-
-    wc_HashAlg hash;
-
-    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
-    enum wc_HashType enumArray[] = {
-    #ifndef NO_MD5
-        WC_HASH_TYPE_MD5,
-    #endif
-    #ifndef NO_SHA
-        WC_HASH_TYPE_SHA,
-    #endif
-    #ifdef WOLFSSL_SHA224
-        WC_HASH_TYPE_SHA224,
-    #endif
-    #ifndef NO_SHA256
-        WC_HASH_TYPE_SHA256,
-    #endif
-    #ifdef WOLFSSL_SHA384
-        WC_HASH_TYPE_SHA384,
-    #endif
-    #ifdef WOLFSSL_SHA512
-        WC_HASH_TYPE_SHA512,
-    #endif
-    };
-    /* dynamically finds the length */
-    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
-
-    /* For loop to test various arguments... */
-    for (i = 0; i < enumlen; i++) {
-        /* check for bad args */
-        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
-        wc_HashFree(&hash, enumArray[i]);
-
-        /* check for null ptr */
-        ExpectIntEQ(wc_HashInit(NULL, enumArray[i]), BAD_FUNC_ARG);
-
-    }  /* end of for loop */
-
-    return EXPECT_RESULT();
-}  /* end of test_wc_HashInit */
-/*
- * Unit test function for wc_HashSetFlags()
- */
-static int test_wc_HashSetFlags(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_HASH_FLAGS
-    wc_HashAlg hash;
-    word32 flags = 0;
-    int i, j;
-    int notSupportedLen;
-
-    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
-    enum wc_HashType enumArray[] = {
-    #ifndef NO_MD5
-            WC_HASH_TYPE_MD5,
-    #endif
-    #ifndef NO_SHA
-            WC_HASH_TYPE_SHA,
-    #endif
-    #ifdef WOLFSSL_SHA224
-            WC_HASH_TYPE_SHA224,
-    #endif
-    #ifndef NO_SHA256
-            WC_HASH_TYPE_SHA256,
-    #endif
-    #ifdef WOLFSSL_SHA384
-            WC_HASH_TYPE_SHA384,
-    #endif
-    #ifdef WOLFSSL_SHA512
-            WC_HASH_TYPE_SHA512,
-    #endif
-    #ifdef WOLFSSL_SHA3
-            WC_HASH_TYPE_SHA3_224,
-    #endif
-    };
-    enum wc_HashType notSupported[] = {
-              WC_HASH_TYPE_MD5_SHA,
-              WC_HASH_TYPE_MD2,
-              WC_HASH_TYPE_MD4,
-              WC_HASH_TYPE_BLAKE2B,
-              WC_HASH_TYPE_BLAKE2S,
-              WC_HASH_TYPE_NONE,
-     };
-
-    /* dynamically finds the length */
-    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
-
-    /* For loop to test various arguments... */
-    for (i = 0; i < enumlen; i++) {
-        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
-        ExpectIntEQ(wc_HashSetFlags(&hash, enumArray[i], flags), 0);
-        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-        ExpectIntEQ(wc_HashSetFlags(NULL, enumArray[i], flags), BAD_FUNC_ARG);
-        wc_HashFree(&hash, enumArray[i]);
-
-    }
-    /* For loop to test not supported cases */
-    notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
-    for (j = 0; j < notSupportedLen; j++) {
-        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashSetFlags(&hash, notSupported[j], flags),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
-    }
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_HashSetFlags */
-/*
- * Unit test function for wc_HashGetFlags()
- */
-static int test_wc_HashGetFlags(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_HASH_FLAGS
-    wc_HashAlg hash;
-    word32 flags = 0;
-    int i, j;
-
-    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
-    enum wc_HashType enumArray[] = {
-    #ifndef NO_MD5
-            WC_HASH_TYPE_MD5,
-    #endif
-    #ifndef NO_SHA
-            WC_HASH_TYPE_SHA,
-    #endif
-    #ifdef WOLFSSL_SHA224
-            WC_HASH_TYPE_SHA224,
-    #endif
-    #ifndef NO_SHA256
-            WC_HASH_TYPE_SHA256,
-    #endif
-    #ifdef WOLFSSL_SHA384
-            WC_HASH_TYPE_SHA384,
-    #endif
-    #ifdef WOLFSSL_SHA512
-            WC_HASH_TYPE_SHA512,
-    #endif
-    #ifdef WOLFSSL_SHA3
-            WC_HASH_TYPE_SHA3_224,
-    #endif
-    };
-    enum wc_HashType notSupported[] = {
-              WC_HASH_TYPE_MD5_SHA,
-              WC_HASH_TYPE_MD2,
-              WC_HASH_TYPE_MD4,
-              WC_HASH_TYPE_BLAKE2B,
-              WC_HASH_TYPE_BLAKE2S,
-              WC_HASH_TYPE_NONE,
-    };
-    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
-    int notSupportedLen;
-
-    /* For loop to test various arguments... */
-    for (i = 0; i < enumlen; i++) {
-        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
-        ExpectIntEQ(wc_HashGetFlags(&hash, enumArray[i], &flags), 0);
-        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-        ExpectIntEQ(wc_HashGetFlags(NULL, enumArray[i], &flags), BAD_FUNC_ARG);
-        wc_HashFree(&hash, enumArray[i]);
-    }
-    /* For loop to test not supported cases */
-    notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
-    for (j = 0; j < notSupportedLen; j++) {
-        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashGetFlags(&hash, notSupported[j], &flags),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
-    }
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_HashGetFlags */
-
-/*----------------------------------------------------------------------------*
- | Compatibility Tests
- *----------------------------------------------------------------------------*/
-
 /*----------------------------------------------------------------------------*
  | ASN.1 Tests
  *----------------------------------------------------------------------------*/
@@ -29344,6 +40992,8 @@ static int test_wolfSSL_ASN1_BIT_STRING(void)
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && defined(OPENSSL_ALL)
     ASN1_BIT_STRING* str = NULL;
+    ASN1_BIT_STRING* str2 = NULL;
+    unsigned char* der = NULL;
 
     ExpectNotNull(str = ASN1_BIT_STRING_new());
     /* Empty data testing. */
@@ -29379,8 +41029,19 @@ static int test_wolfSSL_ASN1_BIT_STRING(void)
     ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1);
     ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0);
 
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, NULL), 14);
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, &der), 14);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    {
+        const unsigned char* tmp = der;
+        ExpectNotNull(d2i_ASN1_BIT_STRING(&str2, &tmp, 14));
+    }
+#endif
+
     ASN1_BIT_STRING_free(str);
+    ASN1_BIT_STRING_free(str2);
     ASN1_BIT_STRING_free(NULL);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
 #endif
     return EXPECT_RESULT();
 }
@@ -29414,7 +41075,7 @@ static int test_wolfSSL_ASN1_INTEGER(void)
     ASN1_INTEGER_free(a);
     a = NULL;
 
-    p = longDer;
+    p = invalidLenDer;
     ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
 
     p = longDer;
@@ -29680,7 +41341,7 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void)
     const byte* p = NULL;
     byte* p2 = NULL;
     byte* reEncoded = NULL;
-    int reEncodedSz;
+    int reEncodedSz = 0;
 
     static const byte zeroDer[] = {
         0x02, 0x01, 0x00
@@ -29769,7 +41430,7 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void)
     /* Set a to valid value. */
     ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
     /* NULL output buffer. */
-    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0);
+    ExpectIntEQ(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 3);
     wolfSSL_ASN1_INTEGER_free(a);
     a = NULL;
 
@@ -29837,54 +41498,54 @@ static int test_wolfSSL_a2i_ASN1_INTEGER(void)
     ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0);
     ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0);
     ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, 1024), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, 1024), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, 1024), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, sizeof(tmp)), 0);
     ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0);
     ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0);
     ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0);
     ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0);
 
     /* No data to read from BIO. */
-    ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, sizeof(tmp)), 0);
 
     /* read first line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 6);
     ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
 
     /* fail on second line (not % 2) */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
 
     /* read 3rd long line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 30);
     ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
 
     /* fail on empty line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
 
     BIO_free(bio);
     bio = NULL;
 
     /* Make long integer, requiring dynamic memory, even longer. */
     ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1));
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 48);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 56);
     ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1);
     BIO_free(bio);
@@ -29909,8 +41570,8 @@ static int test_wolfSSL_i2c_ASN1_INTEGER(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
     ASN1_INTEGER *a = NULL;
-    unsigned char *pp,*tpp;
-    int ret;
+    unsigned char *pp = NULL,*tpp = NULL;
+    int ret = 0;
 
     ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
 
@@ -30167,7 +41828,7 @@ static int test_wolfSSL_ASN1_get_object(void)
     const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 };
     const unsigned char objDerNoData[] = { 0x06, 0x00 };
     const unsigned char* p;
-    unsigned char objDer[8];
+    unsigned char objDer[10];
     unsigned char* der;
     unsigned char* derPtr;
     int len = sizeof_cliecc_cert_der_256;
@@ -30193,7 +41854,7 @@ static int test_wolfSSL_ASN1_get_object(void)
 
     /* SEQUENCE */
     ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
-    ExpectIntEQ(asnLen, 861);
+    ExpectIntEQ(asnLen, 862);
     ExpectIntEQ(tag, 0x10);
     ExpectIntEQ(cls, 0);
 
@@ -30281,13 +41942,13 @@ static int test_wolfSSL_ASN1_get_object(void)
     ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0);
     ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0);
 
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 10);
     der = NULL;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 10);
     derPtr = objDer;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 10);
     ExpectPtrNE(derPtr, objDer);
-    ExpectIntEQ(XMEMCMP(der, objDer, 8), 0);
+    ExpectIntEQ(XMEMCMP(der, objDer, 10), 0);
     XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
 
     ASN1_OBJECT_free(a);
@@ -30303,8 +41964,6 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void)
     ASN1_OBJECT* a = NULL;
     BIO *bio = NULL;
     const unsigned char notObjDer[] = { 0x04, 0x01, 0xff };
-    const unsigned char badLenDer[] = { 0x06, 0x04, 0x01 };
-    const unsigned char goodDer[] = { 0x06, 0x01, 0x01 };
     const unsigned char* p;
 
     ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
@@ -30320,22 +41979,10 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void)
     ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
     ASN1_OBJECT_free(a);
     a = NULL;
-    /* DER encoding - not OBJECT_ID */
+    /* DER encoding */
     p = notObjDer;
     ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Bad length encoding. */
-    p = badLenDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Good encoding - but unknown. */
-    p = goodDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
+    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 5);
     ASN1_OBJECT_free(a);
 
     BIO_free(bio);
@@ -30382,9 +42029,9 @@ static int test_wolfSSL_sk_ASN1_OBJECT(void)
     sk = NULL;
 
     ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), -1);
     ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0);
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), -1);
     ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
     wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
     sk = NULL;
@@ -30480,7 +42127,7 @@ static int test_wolfSSL_ASN1_STRING_to_UTF8(void)
 
     ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb"));
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
-    if (file != NULL)
+    if (file != XBADFILE)
         fclose(file);
 
     /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */
@@ -30490,7 +42137,7 @@ static int test_wolfSSL_ASN1_STRING_to_UTF8(void)
     ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
     ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
     ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
-    ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, len), 0);
+    ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), 0);
     a = NULL;
 
     /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */
@@ -30564,9 +42211,9 @@ static int test_wolfSSL_ASN1_STRING_canon(void)
     ExpectNotNull(canon = ASN1_STRING_new());
 
     /* Invalid parameter testing. */
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
     ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
@@ -30625,8 +42272,8 @@ static int test_wolfSSL_ASN1_STRING_print(void)
     /* setup */
 
     for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
-        unprintableData[i]  = HELLO_DATA[i];
-        expected[i]         = HELLO_DATA[i];
+        unprintableData[i]  = (unsigned char)HELLO_DATA[i];
+        expected[i]         = (unsigned char)HELLO_DATA[i];
     }
 
     for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
@@ -30888,31 +42535,22 @@ static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
 static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
     WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL;
-    unsigned char nullstr[32];
 
-    XMEMSET(nullstr, 0, 32);
-    ExpectNotNull(asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
-        sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER));
-    if (asn1_gtime != NULL) {
-        XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
-
-        wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
-        ExpectIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
-
-        XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    wolfSSL_ASN1_GENERALIZEDTIME_free(NULL);
-#endif /* OPENSSL_EXTRA */
+    ExpectNotNull(asn1_gtime = ASN1_GENERALIZEDTIME_new());
+    if (asn1_gtime != NULL)
+        XMEMCPY(asn1_gtime->data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE);
+    ASN1_GENERALIZEDTIME_free(asn1_gtime);
+#endif /* OPENSSL_EXTRA && !NO_ASN_TIME */
     return EXPECT_RESULT();
 }
 
 static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    WOLFSSL_ASN1_GENERALIZEDTIME gtime;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
+    WOLFSSL_ASN1_GENERALIZEDTIME* gtime = NULL;
     BIO* bio = NULL;
     unsigned char buf[24];
     int i;
@@ -30920,19 +42558,17 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     BIO_set_write_buf_size(bio, 24);
 
-    XMEMSET(&gtime, 0, sizeof(WOLFSSL_ASN1_GENERALIZEDTIME));
-    XMEMCPY(gtime.data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE);
-    gtime.length = ASN_GENERALIZED_TIME_SIZE;
+    ExpectNotNull(gtime = ASN1_GENERALIZEDTIME_new());
     /* Type not set. */
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, &gtime), 0);
-    gtime.type = V_ASN1_GENERALIZEDTIME;
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
+    ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1);
 
     /* Invalid parameters testing. */
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, &gtime), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, &gtime), 1);
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1);
     ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20);
     ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0);
 
@@ -30943,15 +42579,15 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
     ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
     /* Ensure there is 0 bytes available to write into. */
     ExpectIntEQ(BIO_write(bio, buf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, &gtime), 0);
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
     for (i = 1; i < 20; i++) {
         ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1);
-        ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, &gtime), 0);
+        ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
     }
     BIO_free(bio);
 
-    wolfSSL_ASN1_GENERALIZEDTIME_free(&gtime);
-#endif /* OPENSSL_EXTRA */
+    wolfSSL_ASN1_GENERALIZEDTIME_free(gtime);
+#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
     return EXPECT_RESULT();
 }
 
@@ -30960,7 +42596,7 @@ static int test_wolfSSL_ASN1_TIME(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
     WOLFSSL_ASN1_TIME* asn_time = NULL;
-    unsigned char *data;
+    unsigned char *data = NULL;
 
     ExpectNotNull(asn_time = ASN1_TIME_new());
 
@@ -30983,6 +42619,9 @@ static int test_wolfSSL_ASN1_TIME(void)
     ExpectIntEQ(ASN1_TIME_check(NULL), 0);
     ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
 
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1);
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0);
+
     ASN1_TIME_free(asn_time);
     ASN1_TIME_free(NULL);
 #endif
@@ -31026,8 +42665,8 @@ static int test_wolfSSL_ASN1_TIME_diff_compare(void)
     ASN1_TIME* closeToTime = NULL;
     ASN1_TIME* toTime = NULL;
     ASN1_TIME* invalidTime = NULL;
-    int daysDiff;
-    int secsDiff;
+    int daysDiff = 0;
+    int secsDiff = 0;
 
     ExpectNotNull((fromTime = ASN1_TIME_new()));
     /* Feb 22, 2003, 21:15:15 */
@@ -31047,9 +42686,10 @@ static int test_wolfSSL_ASN1_TIME_diff_compare(void)
 
     ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
 
-    /* Error conditions. */
-    ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 0);
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 0);
+    /* Test when secsDiff or daysDiff is NULL. */
+    ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(NULL, NULL, fromTime, toTime), 1);
 
     /* If both times are NULL, difference is 0. */
     ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1);
@@ -31219,6 +42859,8 @@ static int test_wolfSSL_ASN1_TIME_to_tm(void)
     struct tm tm;
     time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */
 
+    XMEMSET(&tm, 0, sizeof(struct tm));
+
     XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
     ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
     ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1);
@@ -31389,8 +43031,8 @@ static int test_wolfSSL_ASN1_TIME_print(void)
     BIO*  fixed = NULL;
     X509*  x509 = NULL;
     const unsigned char* der = client_cert_der_2048;
-    ASN1_TIME* notAfter;
-    ASN1_TIME* notBefore;
+    ASN1_TIME* notAfter = NULL;
+    ASN1_TIME* notBefore = NULL;
     unsigned char buf[25];
 
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
@@ -31405,7 +43047,7 @@ static int test_wolfSSL_ASN1_TIME_print(void)
 
     ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1);
     ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
-    ExpectIntEQ(XMEMCMP(buf, "Dec 13 22:19:28 2023 GMT", sizeof(buf) - 1), 0);
+    ExpectIntEQ(XMEMCMP(buf, "Dec 18 21:25:29 2024 GMT", sizeof(buf) - 1), 0);
 
     /* Test BIO_write fails. */
     ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
@@ -31579,7 +43221,7 @@ static int test_wolfSSL_ASN1_TYPE(void)
     return EXPECT_RESULT();
 }
 
-/* Testing code used in dpp.c in hostap */
+/* Testing code used in old dpp.c in hostap */
 #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
 typedef struct {
     /* AlgorithmIdentifier ecPublicKey with optional parameters present
@@ -31596,6 +43238,57 @@ ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
 
+typedef struct {
+    int type;
+    union {
+        ASN1_BIT_STRING *str1;
+        ASN1_BIT_STRING *str2;
+        ASN1_BIT_STRING *str3;
+    } d;
+} ASN1_CHOICE_TEST;
+
+ASN1_CHOICE(ASN1_CHOICE_TEST) = {
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str1, ASN1_BIT_STRING, 1),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str2, ASN1_BIT_STRING, 2),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str3, ASN1_BIT_STRING, 3)
+} ASN1_CHOICE_END(ASN1_CHOICE_TEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_CHOICE_TEST)
+
+/* Test nested objects */
+typedef struct {
+    DPP_BOOTSTRAPPING_KEY* key;
+    ASN1_INTEGER* asnNum;
+    ASN1_INTEGER* expNum;
+    STACK_OF(ASN1_GENERALSTRING) *strList;
+    ASN1_CHOICE_TEST* str;
+} TEST_ASN1_NEST1;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST1) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST1, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, asnNum, ASN1_INTEGER),
+    ASN1_EXP(TEST_ASN1_NEST1, expNum, ASN1_INTEGER, 0),
+    ASN1_EXP_SEQUENCE_OF(TEST_ASN1_NEST1, strList, ASN1_GENERALSTRING, 1),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, str, ASN1_CHOICE_TEST)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST1)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST1)
+
+typedef struct {
+    ASN1_INTEGER* num;
+    DPP_BOOTSTRAPPING_KEY* key;
+    TEST_ASN1_NEST1* asn1_obj;
+} TEST_ASN1_NEST2;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST2) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST2, num, ASN1_INTEGER),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, asn1_obj, TEST_ASN1_NEST1)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST2)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST2)
+/* End nested objects */
+
 typedef struct {
     ASN1_INTEGER *integer;
 } TEST_ASN1;
@@ -31606,16 +43299,13 @@ ASN1_SEQUENCE(TEST_ASN1) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1)
 
-typedef struct {
-    ASN1_OCTET_STRING *octet_string;
-} TEST_FAIL_ASN1;
+typedef STACK_OF(ASN1_INTEGER) TEST_ASN1_ITEM;
 
-#define WOLFSSL_ASN1_OCTET_STRING_ASN1   4
-ASN1_SEQUENCE(TEST_FAIL_ASN1) = {
-    ASN1_SIMPLE(TEST_FAIL_ASN1, octet_string, ASN1_OCTET_STRING),
-} ASN1_SEQUENCE_END(TEST_FAIL_ASN1)
+ASN1_ITEM_TEMPLATE(TEST_ASN1_ITEM) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, MemName, ASN1_INTEGER)
+ASN1_ITEM_TEMPLATE_END(TEST_ASN1_ITEM)
 
-IMPLEMENT_ASN1_FUNCTIONS(TEST_FAIL_ASN1)
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_ITEM)
 #endif
 
 static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
@@ -31626,9 +43316,11 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     EC_KEY *eckey = NULL;
     EVP_PKEY *key = NULL;
-    size_t len;
+    size_t len = 0;
     unsigned char *der = NULL;
-    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
+    unsigned char *der2 = NULL;
+    const unsigned char *tmp = NULL;
+    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL, *bootstrap2 = NULL;
     const unsigned char *in = ecc_clikey_der_256;
     WOLFSSL_ASN1_OBJECT* ec_obj = NULL;
     WOLFSSL_ASN1_OBJECT* group_obj = NULL;
@@ -31636,7 +43328,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     const EC_POINT *point = NULL;
     int nid;
     TEST_ASN1 *test_asn1 = NULL;
-    TEST_FAIL_ASN1 test_fail_asn1;
+    TEST_ASN1 *test_asn1_2 = NULL;
 
     const unsigned char badObjDer[] = { 0x06, 0x00 };
     const unsigned char goodObjDer[] = {
@@ -31649,9 +43341,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
 
     der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0);
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), -1);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), -1);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
 
     ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
                                        (long)sizeof_ecc_clikey_der_256));
@@ -31663,6 +43355,10 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
     group_obj = OBJ_nid2obj(nid);
     if ((ec_obj != NULL) && (group_obj != NULL)) {
+        ExpectIntEQ(X509_ALGOR_set0(NULL, ec_obj, V_ASN1_OBJECT,
+            group_obj), 0);
+        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, NULL, V_ASN1_OBJECT,
+            NULL), 1);
         ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT,
             group_obj), 1);
         if (EXPECT_SUCCESS()) {
@@ -31702,15 +43398,23 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
         bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
     }
 
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 16+len);
     der = NULL;
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16+len);
+    der2 = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    tmp = der;
+    ExpectNotNull(d2i_DPP_BOOTSTRAPPING_KEY(&bootstrap2, &tmp, 16+len));
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap2, &der2), 16+len);
+    ExpectBufEQ(der, der2, 49);
+#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
     EVP_PKEY_free(key);
     EC_KEY_free(eckey);
     DPP_BOOTSTRAPPING_KEY_free(bootstrap);
+    DPP_BOOTSTRAPPING_KEY_free(bootstrap2);
     bootstrap = NULL;
     DPP_BOOTSTRAPPING_KEY_free(NULL);
 
@@ -31734,7 +43438,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     }
     /* Encode with bad OBJECT_ID. */
     der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
 
     /* Fix OBJECT_ID and encode with empty BIT_STRING. */
     if (EXPECT_SUCCESS()) {
@@ -31744,7 +43448,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     }
     der = NULL;
     ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), -1);
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     DPP_BOOTSTRAPPING_KEY_free(bootstrap);
 
@@ -31753,24 +43457,250 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     der = NULL;
     ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1);
     ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5);
+    tmp = der;
+    ExpectNotNull(d2i_TEST_ASN1(&test_asn1_2, &tmp, 5));
+    der2 = NULL;
+    ExpectIntEQ(i2d_TEST_ASN1(test_asn1_2, &der2), 5);
+    ExpectBufEQ(der, der2, 5);
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
     TEST_ASN1_free(test_asn1);
+    TEST_ASN1_free(test_asn1_2);
 
     /* Test integer cases. */
     ExpectNull(wolfSSL_ASN1_item_new(NULL));
     TEST_ASN1_free(NULL);
 
-    /* Test error cases. */
-    ExpectNull(TEST_FAIL_ASN1_new());
-    ExpectNull(wolfSSL_ASN1_item_new(NULL));
-    TEST_FAIL_ASN1_free(NULL);
-    XMEMSET(&test_fail_asn1, 0, sizeof(TEST_FAIL_ASN1));
-    ExpectIntEQ(i2d_TEST_FAIL_ASN1(&test_fail_asn1, &der), 0);
+    /* Test nested asn1 objects */
+    {
+        TEST_ASN1_NEST2 *nested_asn1 = NULL;
+        TEST_ASN1_NEST2 *nested_asn1_2 = NULL;
+        int i;
+
+        ExpectNotNull(nested_asn1 = TEST_ASN1_NEST2_new());
+        /* Populate nested_asn1 with some random data */
+        /* nested_asn1->num */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->num, 30003), 1);
+        /* nested_asn1->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
+                1);
+        /* nested_asn1->asn1_obj->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
+                500, 1), 1);
+        /* nested_asn1->asn1_obj->asnNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->asnNum, 666666), 1);
+        /* nested_asn1->asn1_obj->expNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1);
+        /* nested_asn1->asn1_obj->strList */
+        for (i = 10; i >= 0; i--) {
+            ASN1_GENERALSTRING* genStr = NULL;
+            char fmtStr[20];
+
+            ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0);
+            ExpectNotNull(genStr = ASN1_GENERALSTRING_new());
+            ExpectIntEQ(ASN1_GENERALSTRING_set(genStr, fmtStr, -1), 1);
+            ExpectIntGT(
+                    sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
+                            genStr), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_GENERALSTRING_free(genStr);
+            }
+        }
+        /* nested_asn1->asn1_obj->str */
+        ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
+                = ASN1_BIT_STRING_new());
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
+                150, 1), 1);
+        if (nested_asn1 != NULL) {
+            nested_asn1->asn1_obj->str->type = 2;
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
+#ifdef WOLFSSL_ASN_TEMPLATE
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_NEST2(&nested_asn1_2, &tmp, 285));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1_2, &der2), 285);
+        ExpectBufEQ(der, der2, 285);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_NEST2_free(nested_asn1);
+        TEST_ASN1_NEST2_free(nested_asn1_2);
+    }
+
+    /* Test ASN1_ITEM_TEMPLATE */
+    {
+        TEST_ASN1_ITEM* asn1_item = NULL;
+        TEST_ASN1_ITEM* asn1_item2 = NULL;
+        int i;
+
+        ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new());
+        for (i = 0; i < 11; i++) {
+            ASN1_INTEGER* asn1_num = NULL;
+
+            ExpectNotNull(asn1_num = ASN1_INTEGER_new());
+            ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
+            ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_INTEGER_free(asn1_num);
+            }
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item, &der), 35);
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_ITEM(&asn1_item2, &tmp, 35));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item2, &der2), 35);
+        ExpectBufEQ(der, der2, 35);
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_ITEM_free(asn1_item);
+        TEST_ASN1_ITEM_free(asn1_item2);
+    }
+
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_i2d_ASN1_TYPE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+        0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+        0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_TYPE* asn1type = NULL;
+    unsigned char* der = NULL;
+
+    /* Create ASN1_TYPE manually as we don't have a d2i version yet */
+    {
+        ASN1_STRING* str = NULL;
+        ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+        ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+        ExpectNotNull(asn1type = ASN1_TYPE_new());
+        if (asn1type != NULL) {
+            ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
+        }
+        else {
+            ASN1_STRING_free(str);
+        }
+    }
+
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, &der), sizeof(str_bin));
+    ExpectBufEQ(der, str_bin, sizeof(str_bin));
+
+    ASN1_TYPE_free(asn1type);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_i2d_ASN1_SEQUENCE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_STRING* str = NULL;
+    unsigned char* der = NULL;
+
+    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+    ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, &der), sizeof(str_bin));
+
+    ASN1_STRING_free(str);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_ASN1_strings(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    char text[] = "\0\0test string";
+    unsigned char* der = NULL;
+    ASN1_STRING* str = NULL;
+
+    /* Set the length byte */
+    text[1] = XSTRLEN(text + 2);
+
+    /* GENERALSTRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_GENERALSTRING;
+        ExpectNotNull(d2i_ASN1_GENERALSTRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_GENERALSTRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* OCTET_STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_OCTET_STRING;
+        ExpectNotNull(d2i_ASN1_OCTET_STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_OCTET_STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* UTF8STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_UTF8STRING;
+        ExpectNotNull(d2i_ASN1_UTF8STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_UTF8STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_lhash(void)
 {
@@ -31798,15 +43728,17 @@ static int test_wolfSSL_X509_NAME(void)
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
      defined(OPENSSL_EXTRA))
     X509* x509 = NULL;
-    const unsigned char* c;
+#ifndef OPENSSL_EXTRA
+    const unsigned char* c = NULL;
+    int bytes = 0;
+#endif
     unsigned char buf[4096];
-    int bytes;
     XFILE f = XBADFILE;
     const X509_NAME* a = NULL;
     const X509_NAME* b = NULL;
     X509_NAME* d2i_name = NULL;
     int sz = 0;
-    unsigned char* tmp;
+    unsigned char* tmp = NULL;
     char file[] = "./certs/ca-cert.der";
 #ifndef OPENSSL_EXTRA_X509_SMALL
     byte empty[] = { /* CN=empty emailAddress= */
@@ -31817,6 +43749,10 @@ static int test_wolfSSL_X509_NAME(void)
         0x01, 0x16, 0x00
     };
 #endif
+#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
+    byte   digest[64]; /* max digest size */
+    word32 digestSz;
+#endif
 
 #ifndef OPENSSL_EXTRA_X509_SMALL
     /* test compile of deprecated function, returns 0 */
@@ -31824,25 +43760,81 @@ static int test_wolfSSL_X509_NAME(void)
 #endif
 
     ExpectNotNull(a = X509_NAME_new());
+    ExpectNotNull(b = X509_NAME_new());
+#ifndef OPENSSL_EXTRA_X509_SMALL
+    ExpectIntEQ(X509_NAME_cmp(a, b), 0);
+#endif
+    X509_NAME_free((X509_NAME*)b);
     X509_NAME_free((X509_NAME*)a);
     a = NULL;
 
     ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
+#ifndef OPENSSL_EXTRA
     ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
     if (f != XBADFILE)
         XFCLOSE(f);
 
     c = buf;
-    ExpectNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
+    ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));
+#else
+    ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE));
+    ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f));
+    if (f != XBADFILE)
+        XFCLOSE(f);
+#endif
 
     /* test cmp function */
+    ExpectNull(X509_get_issuer_name(NULL));
     ExpectNotNull(a = X509_get_issuer_name(x509));
+    ExpectNull(X509_get_subject_name(NULL));
     ExpectNotNull(b = X509_get_subject_name(x509));
-
-#ifndef OPENSSL_EXTRA_X509_SMALL
-    ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
+#ifdef KEEP_PEER_CERT
+    ExpectNull(wolfSSL_X509_get_subjectCN(NULL));
+    ExpectNotNull(wolfSSL_X509_get_subjectCN(x509));
 #endif
 
+#if defined(OPENSSL_EXTRA)
+    ExpectIntEQ(X509_check_issued(NULL, NULL),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(x509, NULL),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(NULL, x509),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK);
+
+    ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2);
+    ExpectIntEQ(X509_NAME_cmp(NULL, b), -2);
+    ExpectIntEQ(X509_NAME_cmp(a, NULL), -2);
+    ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
+
+#if !defined(NO_PWDBASED)
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0);
+#ifndef NO_SHA256
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL,
+        NULL), 0);
+#endif
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest,
+        &digestSz), 0);
+#ifndef NO_SHA256
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest,
+        &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL,
+        &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest,
+        NULL), 1);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest,
+        &digestSz), 1);
+    ExpectTrue(digestSz == 32);
+#endif
+#else
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL),
+        NOT_COMPILED_IN);
+#endif
+#endif /* OPENSSL_EXTRA */
+
     tmp = buf;
     ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
     if (sz > 0 && tmp == buf) {
@@ -31869,17 +43861,34 @@ static int test_wolfSSL_X509_NAME(void)
     /* test for givenName and name */
     {
         WOLFSSL_X509_NAME_ENTRY* entry = NULL;
+        WOLFSSL_X509_NAME_ENTRY empty;
         const byte gName[] = "test-given-name";
         const byte name[] = "test-name";
 
+        XMEMSET(&empty, 0, sizeof(empty));
+
+        ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
+            NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName)));
         ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
             NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
-        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
+        ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry,
+            NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL         , NULL  , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL  , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL         , entry , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0),
             1);
         wolfSSL_X509_NAME_ENTRY_free(entry);
         entry = NULL;
 
-        ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
+        ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry,
             NID_name, ASN_UTF8STRING, name, sizeof(name)));
         ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
             1);
@@ -31892,10 +43901,21 @@ static int test_wolfSSL_X509_NAME(void)
 #endif
 
     b = NULL;
+    ExpectNull(X509_NAME_dup(NULL));
     ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a));
 #ifndef OPENSSL_EXTRA_X509_SMALL
     ExpectIntEQ(X509_NAME_cmp(a, b), 0);
 #endif
+    ExpectIntEQ(X509_NAME_entry_count(NULL), 0);
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7);
+    X509_NAME_free((X509_NAME*)b);
+    ExpectNotNull(b = wolfSSL_X509_NAME_new());
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1);
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7);
     X509_NAME_free((X509_NAME*)b);
     X509_NAME_free(d2i_name);
     d2i_name = NULL;
@@ -31930,6 +43950,12 @@ static int test_wolfSSL_X509_NAME_hash(void)
     !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
     BIO* bio = NULL;
     X509* x509 = NULL;
+    X509_NAME* name = NULL;
+
+    ExpectIntEQ(X509_NAME_hash(NULL), 0);
+    ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL));
+    ExpectIntEQ(X509_NAME_hash(name), 0);
+    X509_NAME_free(name);
 
     ExpectNotNull(bio = BIO_new(BIO_s_file()));
     ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
@@ -31950,14 +43976,16 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
      defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
      defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \
     !defined(NO_BIO) && !defined(NO_RSA)
-    int memSz;
+    int memSz = 0;
     byte* mem = NULL;
     BIO* bio = NULL;
     BIO* membio = NULL;
     X509* x509 = NULL;
     X509_NAME* name = NULL;
+    X509_NAME* empty = NULL;
 
     const char* expNormal  = "C=US, CN=wolfssl.com";
+    const char* expEqSpace = "C = US, CN = wolfssl.com";
     const char* expReverse = "CN=wolfssl.com, C=US";
 
     const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;";
@@ -31973,7 +44001,13 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
 
     /* Test without flags */
     ExpectNotNull(membio = BIO_new(BIO_s_mem()));
+    ExpectNotNull(empty = wolfSSL_X509_NAME_new());
+    ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
+    wolfSSL_X509_NAME_free(empty);
     BIO_free(membio);
     membio = NULL;
 
@@ -32015,6 +44049,17 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
         BIO_free(membio);
         membio = NULL;
 
+        /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for
+           spaces around '=' */
+        ExpectNotNull(membio = BIO_new(BIO_s_mem()));
+        ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE),
+            WOLFSSL_SUCCESS);
+        ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
+        ExpectIntEQ(memSz, XSTRLEN(expEqSpace));
+        ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0);
+        BIO_free(membio);
+        membio = NULL;
+
         /* Test flags: XN_FLAG_RFC2253 - should be reversed */
         ExpectNotNull(membio = BIO_new(BIO_s_mem()));
         ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
@@ -32113,7 +44158,7 @@ static int test_wolfSSL_X509_INFO_multiple_info(void)
      * to group objects together. */
     ExpectNotNull(concatBIO = BIO_new(BIO_s_mem()));
     for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) {
-        int fileLen;
+        int fileLen = 0;
         ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb"));
         ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0);
         if (EXPECT_SUCCESS()) {
@@ -32230,6 +44275,12 @@ static int test_wolfSSL_X509_subject_name_hash(void)
     unsigned long ret1 = 0;
     unsigned long ret2 = 0;
 
+    ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_subject_name_hash(NULL), 0);
+    ExpectIntEQ(X509_subject_name_hash(x509), 0);
+    X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
     ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
@@ -32266,6 +44317,12 @@ static int test_wolfSSL_X509_issuer_name_hash(void)
     unsigned long ret1 = 0;
     unsigned long ret2 = 0;
 
+    ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_issuer_name_hash(NULL), 0);
+    ExpectIntEQ(X509_issuer_name_hash(x509), 0);
+    X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
     ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
@@ -32299,20 +44356,52 @@ static int test_wolfSSL_X509_check_host(void)
     && !defined(NO_SHA) && !defined(NO_RSA)
     X509* x509 = NULL;
     const char altName[] = "example.com";
+    const char badAltName[] = "a.example.com";
 
+    ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
 
     ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
             WOLFSSL_SUCCESS);
 
+    ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
+    ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(X509_check_host(x509, NULL, 0,
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     X509_free(x509);
 
     ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
+    ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     return EXPECT_RESULT();
 }
@@ -32322,15 +44411,24 @@ static int test_wolfSSL_X509_check_email(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
     X509* x509 = NULL;
+    X509* empty = NULL;
     const char goodEmail[] = "info@wolfssl.com";
     const char badEmail[] = "disinfo@wolfssl.com";
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
+    ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail),
+        0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail),
+        0), 0);
 
     /* Should fail on non-matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should succeed on matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
             WOLFSSL_SUCCESS);
@@ -32339,13 +44437,14 @@ static int test_wolfSSL_X509_check_email(void)
             WOLFSSL_SUCCESS);
     /* Should fail when email address is NULL */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
+    X509_free(empty);
     X509_free(x509);
 
     /* Should fail when x509 is NULL */
     ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
     return EXPECT_RESULT();
 }
@@ -32357,6 +44456,7 @@ static int test_wc_PemToDer(void)
     int ret;
     DerBuffer* pDer = NULL;
     const char* ca_cert = "./certs/server-cert.pem";
+    const char* trusted_cert = "./certs/test/ossl-trusted-cert.pem";
     byte* cert_buf = NULL;
     size_t cert_sz = 0;
     int eccKey = 0;
@@ -32365,7 +44465,19 @@ static int test_wc_PemToDer(void)
     XMEMSET(&info, 0, sizeof(info));
 
     ExpectIntEQ(ret = load_file(ca_cert, &cert_buf, &cert_sz), 0);
-    ExpectIntEQ(ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, &pDer, NULL,
+    ExpectIntEQ(ret = wc_PemToDer(cert_buf, (long int)cert_sz, CERT_TYPE, &pDer, NULL,
+        &info, &eccKey), 0);
+    wc_FreeDer(&pDer);
+    pDer = NULL;
+
+    if (cert_buf != NULL) {
+        free(cert_buf);
+        cert_buf = NULL;
+    }
+
+    /* Test that -----BEGIN TRUSTED CERTIFICATE----- banner parses OK */
+    ExpectIntEQ(ret = load_file(trusted_cert, &cert_buf, &cert_sz), 0);
+    ExpectIntEQ(ret = wc_PemToDer(cert_buf, (long int)cert_sz, TRUSTED_CERT_TYPE, &pDer, NULL,
         &info, &eccKey), 0);
     wc_FreeDer(&pDer);
     pDer = NULL;
@@ -32384,7 +44496,7 @@ static int test_wc_PemToDer(void)
         ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
         key_buf[0] = '\n';
         ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz));
-        ExpectIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
+        ExpectIntNE((ret = wc_PemToDer(key_buf, (long int)cert_sz + 1, CERT_TYPE,
             &pDer, NULL, &info, &eccKey)), 0);
 
     #ifdef OPENSSL_EXTRA
@@ -32408,7 +44520,7 @@ static int test_wc_AllocDer(void)
     word32 testSize = 1024;
 
     ExpectIntEQ(wc_AllocDer(NULL, testSize, CERT_TYPE, HEAP_HINT),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT), 0);
     ExpectNotNull(pDer);
     wc_FreeDer(&pDer);
@@ -32433,19 +44545,19 @@ static int test_wc_CertPemToDer(void)
         (int)cert_dersz, CERT_TYPE), 0);
 
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, (int)cert_dersz,
-        CERT_TYPE), BAD_FUNC_ARG);
+        CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der,
-        (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
+        (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL,
-        (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
+        (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
-        CERT_TYPE), BAD_FUNC_ARG);
+        CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     if (cert_der != NULL)
         free(cert_der);
@@ -32459,7 +44571,7 @@ static int test_wc_KeyPemToDer(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
-    int ret;
+    int ret = 0;
     const byte cert_buf[] = \
     "-----BEGIN PRIVATE KEY-----\n"
     "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMG5KgWxP002pA\n"
@@ -32496,15 +44608,15 @@ static int test_wc_KeyPemToDer(void)
 
     /* Bad arg: Cert buffer is NULL */
     ExpectIntEQ(wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */
     ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test normal operation */
     cert_dersz = cert_sz; /* DER will be smaller than PEM */
-    ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
+    ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz));
     ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
         cert_pw), 0);
     ExpectIntLE(ret, cert_sz);
@@ -32518,7 +44630,7 @@ static int test_wc_KeyPemToDer(void)
     ExpectIntLE(ret, cert_sz);
     if (EXPECT_SUCCESS())
         cert_dersz = ret;
-    ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
+    ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz));
     ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
         cert_pw), 0);
     ExpectIntLE(ret, cert_sz);
@@ -32540,7 +44652,7 @@ static int test_wc_PubKeyPemToDer(void)
     byte* cert_der = NULL;
 
     ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
-        cert_der, (int)cert_dersz), BAD_FUNC_ARG);
+        cert_der, (int)cert_dersz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
     cert_dersz = cert_sz; /* DER will be smaller than PEM */
@@ -32555,7 +44667,7 @@ static int test_wc_PubKeyPemToDer(void)
     /* Test NULL for DER buffer to return needed DER buffer size */
     ExpectIntGT(ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0), 0);
     ExpectIntLE(ret, cert_sz);
-    cert_dersz = ret;
+    cert_dersz = (size_t)ret;
     ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
     ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der,
         (int)cert_dersz), 0);
@@ -32580,7 +44692,7 @@ static int test_wc_PemPubKeyToDer(void)
     byte* cert_der = NULL;
 
     ExpectIntGE(wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
     ExpectIntGE(wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz), 0);
@@ -32663,19 +44775,19 @@ static int test_wc_GetPubKeyDerFromCert(void)
     /* test LENGTH_ONLY_E case */
     keyDerSz = 0;
     ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntGT(keyDerSz, 0);
 
     /* bad args: DecodedCert NULL */
-    ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: output key buff size */
-    ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: zero size output key buffer */
     keyDerSz = 0;
     ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDecodedCert(&decoded);
 
@@ -32743,7 +44855,7 @@ static int test_wc_GetPubKeyDerFromCert(void)
     /* test LENGTH_ONLY_E case */
     keyDerSz = 0;
     ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntGT(keyDerSz, 0);
 
     wc_FreeDecodedCert(&decoded);
@@ -32757,7 +44869,7 @@ static int test_wc_CheckCertSigPubKey(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
     !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC)
-    int ret;
+    int ret = 0;
     const char* ca_cert = "./certs/ca-cert.pem";
     byte* cert_buf = NULL;
     size_t cert_sz = 0;
@@ -32785,24 +44897,24 @@ static int test_wc_CheckCertSigPubKey(void)
 
     /* No certificate. */
     ExpectIntEQ(wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz,
-        ECDSAk), BAD_FUNC_ARG);
+        ECDSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad cert size. */
     ExpectIntNE(ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz,
         RSAk), 0);
-    ExpectTrue(ret == ASN_PARSE_E || ret == BUFFER_E);
+    ExpectTrue(ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || ret == WC_NO_ERR_TRACE(BUFFER_E));
 
     /* No public key. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL,
-        keyDerSz, RSAk), ASN_NO_SIGNER_E);
+        keyDerSz, RSAk), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 
     /* Bad public key size. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
-        RSAk), BAD_FUNC_ARG);
+        RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Wrong aglo. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
-        keyDerSz, ECDSAk), ASN_PARSE_E);
+        keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E));
 
     wc_FreeDecodedCert(&decoded);
     if (cert_der != NULL)
@@ -32813,14 +44925,49 @@ static int test_wc_CheckCertSigPubKey(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ext_d2i(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    X509* x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_alt_name,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_authority_key_identifier,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_key_identifier,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_key_usage,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_crl_distribution_points,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_ext_key_usage,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_info_access,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_certificate_policies,
+        NULL, NULL));
+    /* Invalid NID for an extension. */
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_description,
+        NULL, NULL));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_certs(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_RSA)
+    !defined(NO_TLS) && !defined(NO_RSA)
     X509*  x509ext = NULL;
-#ifdef OPENSSL_ALL
     X509*  x509 = NULL;
+#ifdef OPENSSL_ALL
     WOLFSSL_X509_EXTENSION* ext = NULL;
     ASN1_OBJECT* obj = NULL;
 #endif
@@ -32829,8 +44976,9 @@ static int test_wolfSSL_certs(void)
     STACK_OF(ASN1_OBJECT)* sk = NULL;
     ASN1_STRING* asn1_str = NULL;
     AUTHORITY_KEYID* akey = NULL;
+    WOLFSSL_STACK* skid = NULL;
     BASIC_CONSTRAINTS* bc = NULL;
-    int crit;
+    int crit = 0;
 
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
@@ -32840,16 +44988,24 @@ static int test_wolfSSL_certs(void)
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
-    ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
+    #if !defined(NO_CHECK_PRIVATE_KEY)
+    ExpectIntEQ(SSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    /* Invalid parameters. */
+    ExpectIntEQ(SSL_use_certificate_file(NULL, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_use_certificate_file(ssl, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate_file(NULL, "./certs/server-cert.pem",
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -32857,7 +45013,23 @@ static int test_wolfSSL_certs(void)
     ExpectIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
     #endif /* HAVE_PK_CALLBACKS */
 
+    /* Invalid parameters. */
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(SSL_use_certificate(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* No data in certificate. */
+    ExpectIntEQ(SSL_use_certificate(ssl, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     /* create and use x509 */
+    ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt, -1));
+    ExpectNull(wolfSSL_X509_load_certificate_file("/tmp/badfile",
+        WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_load_certificate_file(NULL, WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt,
+        WOLFSSL_FILETYPE_ASN1));
 #ifdef OPENSSL_ALL
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
@@ -32866,13 +45038,22 @@ static int test_wolfSSL_certs(void)
         WOLFSSL_FILETYPE_PEM));
     ExpectIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* with loading in a new cert the check on private key should now fail */
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
 
     #if defined(USE_CERT_BUFFERS_2048)
+        /* Invalid parameters. */
+        ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(SSL_use_certificate_ASN1(NULL,
+                (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        /* No data. */
+        ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
+                (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
         ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
                                   (unsigned char*)server_cert_der_2048,
                                   sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
@@ -32883,31 +45064,101 @@ static int test_wolfSSL_certs(void)
     {
         byte   digest[64]; /* max digest size */
         word32 digestSz;
+        X509*  x509Empty = NULL;
 
         XMEMSET(digest, 0, sizeof(digest));
-        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
-                    WOLFSSL_SUCCESS);
-        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
-                    WOLFSSL_SUCCESS);
-
         ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
                     WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, NULL, digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), NULL, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, NULL),
+                    WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
+                    WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+
+        ExpectNotNull(x509Empty = wolfSSL_X509_new());
+        ExpectIntEQ(X509_digest(x509Empty, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        wolfSSL_X509_free(x509Empty);
+    }
+    #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
+
+    #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
+    /************* Get Digest of Certificate ******************/
+    {
+        byte   digest[64]; /* max digest size */
+        word32 digestSz;
+        X509*  x509Empty = NULL;
+
+        XMEMSET(digest, 0, sizeof(digest));
+        ExpectIntEQ(X509_pubkey_digest(NULL, wolfSSL_EVP_sha1(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, NULL, digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), NULL,
+                    &digestSz), WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest,
+                    NULL), WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+
+        ExpectNotNull(x509Empty = wolfSSL_X509_new());
+        ExpectIntEQ(X509_pubkey_digest(x509Empty, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        wolfSSL_X509_free(x509Empty);
     }
     #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
 
     /* test and checkout X509 extensions */
+    ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
+        NID_basic_constraints, NULL, NULL));
+    BASIC_CONSTRAINTS_free(bc);
+    bc = NULL;
     ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
         NID_basic_constraints, &crit, NULL));
     ExpectIntEQ(crit, 0);
 
 #ifdef OPENSSL_ALL
+    ExpectNull(X509V3_EXT_i2d(NID_basic_constraints, crit, NULL));
+    {
+        int i;
+        int unsupportedNid[] = {
+            0,
+            NID_inhibit_any_policy,
+            NID_certificate_policies,
+            NID_policy_mappings,
+            NID_name_constraints,
+            NID_policy_constraints,
+            NID_crl_distribution_points
+        };
+        int unsupportedNidCnt = (int)(sizeof(unsupportedNid) /
+                                      sizeof(*unsupportedNid));
+
+        for (i = 0; i < unsupportedNidCnt; i++) {
+            ExpectNotNull(ext = X509V3_EXT_i2d(unsupportedNid[i], crit, bc));
+            X509_EXTENSION_free(ext);
+            ext = NULL;
+        }
+    }
     ExpectNotNull(ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc));
     X509_EXTENSION_free(ext);
     ext = NULL;
 
     ExpectNotNull(ext = X509_EXTENSION_new());
-    X509_EXTENSION_set_critical(ext, 1);
+    ExpectIntEQ(X509_EXTENSION_set_critical(NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_critical(ext, 1), WOLFSSL_SUCCESS);
     ExpectNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
+    ExpectIntEQ(X509_EXTENSION_set_object(NULL, NULL), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_object(NULL, obj), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_object(ext, NULL), SSL_SUCCESS);
+    ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
+    /* Check old object is being freed. */
     ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
     ASN1_OBJECT_free(obj);
     obj = NULL;
@@ -32915,10 +45166,16 @@ static int test_wolfSSL_certs(void)
     ext = NULL;
 
     ExpectNotNull(ext = X509_EXTENSION_new());
-    X509_EXTENSION_set_critical(ext, 0);
-    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
-    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
-            NULL);
+    ExpectIntEQ(X509_EXTENSION_set_critical(ext, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+            NID_key_usage, NULL, NULL));
+    ASN1_STRING_free(asn1_str);
+    asn1_str = NULL;
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+            NID_key_usage, &crit, NULL));
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
     ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
     ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
                                  * and X509_get_ext_d2i has created new */
@@ -32927,9 +45184,14 @@ static int test_wolfSSL_certs(void)
     ext = NULL;
 
 #endif
+    BASIC_CONSTRAINTS_free(NULL);
     BASIC_CONSTRAINTS_free(bc);
     bc = NULL;
 
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+        NID_key_usage, NULL, NULL));
+    ASN1_STRING_free(asn1_str);
+    asn1_str = NULL;
     ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
         NID_key_usage, &crit, NULL));
     ExpectIntEQ(crit, 1);
@@ -32943,6 +45205,11 @@ static int test_wolfSSL_certs(void)
     asn1_str = NULL;
 
 #ifdef OPENSSL_ALL
+    ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+        NID_ext_key_usage, NULL, NULL));
+    EXTENDED_KEY_USAGE_free(NULL);
+    EXTENDED_KEY_USAGE_free(sk);
+    sk = NULL;
     ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
         NID_ext_key_usage, &crit, NULL));
     ExpectNotNull(ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk));
@@ -32956,6 +45223,11 @@ static int test_wolfSSL_certs(void)
     ExpectNull(sk);
 #endif
 
+    ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
+        NID_authority_key_identifier, NULL, NULL));
+    wolfSSL_AUTHORITY_KEYID_free(NULL);
+    wolfSSL_AUTHORITY_KEYID_free(akey);
+    akey = NULL;
     ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
         NID_authority_key_identifier, &crit, NULL));
 #ifdef OPENSSL_ALL
@@ -32967,6 +45239,21 @@ static int test_wolfSSL_certs(void)
     wolfSSL_AUTHORITY_KEYID_free(akey);
     akey = NULL;
 
+    ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext,
+        NID_subject_key_identifier, NULL, NULL));
+    wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free);
+    skid = NULL;
+    ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext,
+        NID_subject_key_identifier, &crit, NULL));
+#ifdef OPENSSL_ALL
+    ExpectNotNull(ext = X509V3_EXT_i2d(NID_subject_key_identifier, crit,
+        skid));
+    X509_EXTENSION_free(ext);
+    ext = NULL;
+#endif
+    wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free);
+    skid = NULL;
+
     /* NID not yet supported */
     ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
         NID_private_key_usage_period, &crit, NULL));
@@ -32974,6 +45261,10 @@ static int test_wolfSSL_certs(void)
     sk_ASN1_OBJECT_free(sk);
     sk = NULL;
 
+    ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
+        NID_subject_alt_name, NULL, NULL));
+    sk_GENERAL_NAME_free(sk);
+    sk = NULL;
     ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
         NID_subject_alt_name, &crit, NULL));
     {
@@ -33108,7 +45399,7 @@ static int test_wolfSSL_X509_check_private_key(void)
 static int test_wolfSSL_private_keys(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     WOLFSSL*     ssl = NULL;
@@ -33124,32 +45415,56 @@ static int test_wolfSSL_private_keys(void)
     #else
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
     #endif
-    ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM));
     /* Have to load a cert before you can check the private key against that
      * certificates public key! */
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
-    ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
+    #if !defined(NO_CHECK_PRIVATE_KEY)
+    ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
-    ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
+        WOLFSSL_FILETYPE_PEM));
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
+    /* Invalid parameters. */
+    ExpectIntEQ(SSL_use_PrivateKey_file(NULL, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_use_PrivateKey_file(ssl, NULL, WOLFSSL_FILETYPE_PEM),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
 #ifdef USE_CERT_BUFFERS_2048
     {
     const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
     unsigned char buf[FOURK_BUF];
     word32 bufSz;
 
+    /* Invalid parameters. */
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL,
+        (unsigned char*)client_key_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key,
+        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* Should mismatch now that a different private key loaded */
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33157,7 +45472,7 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
                 (unsigned char*)server_key,
                 sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* After loading back in DER format of original key, should match */
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
@@ -33167,7 +45482,7 @@ static int test_wolfSSL_private_keys(void)
                 (unsigned char*)client_key_der_2048,
                 sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* Should mismatch now that a different private key loaded */
     ExpectIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
@@ -33175,13 +45490,20 @@ static int test_wolfSSL_private_keys(void)
     ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
                 (unsigned char*)server_key,
                 sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     /* After loading back in DER format of original key, should match */
     ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
     #endif
 
-    /* pkey not set yet, expecting to fail */
-    ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
+    /* Invalid parameters. */
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* pkey is empty - no key data to use. */
+    ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
 
     /* set PKEY and test again */
     ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
@@ -33198,7 +45520,7 @@ static int test_wolfSSL_private_keys(void)
 
     /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
     bufSz = FOURK_BUF;
-    ExpectIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
+    ExpectIntGT((bufSz = (word32)wc_CreatePKCS8Key(buf, &bufSz,
                     (byte*)server_key_der_2048, sizeof_server_key_der_2048,
                     RSAk, NULL, 0)), 0);
     server_key = (const unsigned char*)buf;
@@ -33229,7 +45551,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33262,7 +45584,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33273,8 +45595,12 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
+    #ifdef HAVE_ED25519_MAKE_KEY
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
+    #else
+    ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
+    #endif
     #endif
 
     SSL_free(ssl);
@@ -33295,7 +45621,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
     SSL_free(ssl);
@@ -33306,7 +45632,7 @@ static int test_wolfSSL_private_keys(void)
                                                          WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
+    #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
     #endif
 
@@ -33331,29 +45657,79 @@ static int test_wolfSSL_private_keys(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_PEM_def_callback(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    char buf[10];
+    const char* defpwd = "DEF PWD";
+    int defpwdLen = (int)XSTRLEN(defpwd);
+    int smallLen = 1;
+
+    /* Bad parameters. */
+    ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0);
+    ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd),
+        0);
+    ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0);
+
+    XMEMSET(buf, 0, sizeof(buf));
+    ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd),
+        defpwdLen);
+    ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0);
+    ExpectIntEQ(buf[defpwdLen], 0);
+    /* Size of buffer is smaller than default password. */
+    XMEMSET(buf, 0, sizeof(buf));
+    ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd),
+        smallLen);
+    ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0);
+    ExpectIntEQ(buf[smallLen], 0);
+#endif /* OPENSSL_EXTRA */
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_PEM_read_PrivateKey(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
-    && !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \
+    !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH))
     XFILE file = XBADFILE;
-    const char* fname = "./certs/server-key.pem";
-    EVP_PKEY* pkey = NULL;
+#if !defined(NO_RSA)
+    const char* fname_rsa = "./certs/server-key.pem";
     RSA* rsa = NULL;
     WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
     unsigned char* sig = NULL;
-    size_t sigLen;
+    size_t sigLen = 0;
     const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
     size_t tbsLen = sizeof(tbs);
+#endif
+#if !defined(NO_DSA)
+    const char* fname_dsa = "./certs/dsa2048.pem";
+#endif
+#if defined(HAVE_ECC)
+    const char* fname_ec = "./certs/ecc-key.pem";
+#endif
+#if !defined(NO_DH)
+    const char* fname_dh = "./certs/dh-priv-2048.pem";
+#endif
+    EVP_PKEY* pkey = NULL;
 
     /* Check error case. */
     ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));
 
+    /* not a PEM key. */
+    ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE);
+    ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL));
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    file = XBADFILE;
+
+#ifndef NO_RSA
     /* Read in an RSA key. */
-    ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
+    ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE);
     ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
     if (file != XBADFILE)
         XFCLOSE(file);
+    file = XBADFILE;
 
     /* Make sure the key is usable by signing some data with it. */
     ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
@@ -33368,6 +45744,52 @@ static int test_wolfSSL_PEM_read_PrivateKey(void)
     XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+#ifndef NO_DSA
+    /* Read in a DSA key. */
+    ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE);
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
+    ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+#else
+    ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL));
+#endif
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    file = XBADFILE;
+#endif
+
+#ifdef HAVE_ECC
+    /* Read in an EC key. */
+    ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE);
+    ExpectNotNull(pkey = EVP_PKEY_new());
+    ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey);
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    file = XBADFILE;
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+#ifndef NO_DH
+    /* Read in a DH key. */
+    ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE);
+#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
+     defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \
+     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+    ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+#else
+    ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL));
+#endif
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    file = XBADFILE;
+#endif
 #endif
     return EXPECT_RESULT();
 }
@@ -33388,8 +45810,411 @@ static int test_wolfSSL_PEM_read_PUBKEY(void)
     ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
     ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL));
     EVP_PKEY_free(pkey);
+    pkey = NULL;
     if (file != XBADFILE)
         XFCLOSE(file);
+    file = XBADFILE;
+    ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
+    ExpectNotNull(pkey = EVP_PKEY_new());
+    ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey);
+    EVP_PKEY_free(pkey);
+    if (file != XBADFILE)
+        XFCLOSE(file);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* test loading RSA key using BIO */
+static int test_wolfSSL_PEM_PrivateKey_rsa(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_BIO)
+    BIO*      bio = NULL;
+    XFILE file = XBADFILE;
+    const char* fname = "./certs/server-key.pem";
+    const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
+    EVP_PKEY* pkey  = NULL;
+    size_t sz = 0;
+    byte* buf = NULL;
+    EVP_PKEY* pkey2 = NULL;
+    EVP_PKEY* pkey3 = NULL;
+    RSA* rsa_key = NULL;
+#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+    unsigned char extra[10];
+    int i;
+    BIO* pub_bio = NULL;
+    const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
+#endif
+
+    ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
+    ExpectIntGT(sz = XFTELL(file), 0);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
+    ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
+    if (buf != NULL) {
+        ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
+    }
+    if (file != XBADFILE) {
+        XFCLOSE(file);
+        file = XBADFILE;
+    }
+
+    /* Test using BIO new mem and loading PEM private key */
+    ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
+    ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
+    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
+    buf = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* New empty EVP_PKEY */
+    ExpectNotNull(pkey2 = EVP_PKEY_new());
+    if (pkey2 != NULL) {
+        pkey2->type = EVP_PKEY_RSA;
+    }
+    /* Test parameter copy */
+    ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
+    EVP_PKEY_free(pkey2);
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+
+    /* Qt unit test case : rsa pkcs8 key */
+    ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
+    ExpectIntGT(sz = XFTELL(file), 0);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
+    ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
+    if (buf) {
+        ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
+    }
+    if (file != XBADFILE) {
+        XFCLOSE(file);
+        file = XBADFILE;
+    }
+
+    ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
+    ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
+    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
+    buf = NULL;
+    BIO_free(bio);
+    bio = NULL;
+    ExpectNotNull(pkey3 = EVP_PKEY_new());
+
+    ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
+    ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);
+
+#ifdef WOLFSSL_ERROR_CODE_OPENSSL
+    ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
+#else
+    ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
+#endif
+
+    RSA_free(rsa_key);
+    EVP_PKEY_free(pkey3);
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+    pkey2 = NULL;
+
+#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+    #define BIO_PEM_TEST_CHAR 'a'
+    XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
+
+    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key,
+        (long)sizeof_server_key_der_2048));
+    ExpectNull(pkey);
+
+    ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
+        (long)sizeof_server_key_der_2048));
+    ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio,  NULL, NULL, NULL, 0, NULL, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio,  pkey, NULL, NULL, 0, NULL, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntGT(BIO_pending(bio), 0);
+    ExpectIntEQ(BIO_pending(bio), 1679);
+    /* Check if the pubkey API writes only the public key */
+#ifdef WOLFSSL_KEY_GEN
+    ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
+    ExpectIntGT(BIO_pending(pub_bio), 0);
+    /* Previously both the private key and the pubkey calls would write
+     * out the private key and the PEM header was the only difference.
+     * The public PEM should be significantly shorter than the
+     * private key versison. */
+    ExpectIntEQ(BIO_pending(pub_bio), 451);
+#else
+    /* Not supported. */
+    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0);
+#endif
+
+    /* test creating new EVP_PKEY with good args */
+    ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
+    if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
+        ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr,
+            pkey->pkey_sz), 0);
+    }
+
+    /* test of reuse of EVP_PKEY */
+    ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
+    ExpectIntEQ(BIO_pending(bio), 0);
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
+            SSL_SUCCESS);
+    /* add 10 extra bytes after PEM */
+    ExpectIntEQ(BIO_write(bio, extra, 10), 10);
+    ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
+    ExpectNotNull(pkey);
+    if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
+        ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr,
+            pkey->pkey_sz), 0);
+    }
+    /* check 10 extra bytes still there */
+    ExpectIntEQ(BIO_pending(bio), 10);
+    ExpectIntEQ(BIO_read(bio, extra, 10), 10);
+    for (i = 0; i < 10; i++) {
+        ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR);
+    }
+
+    BIO_free(pub_bio);
+    BIO_free(bio);
+    bio = NULL;
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+    EVP_PKEY_free(pkey2);
+#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
+#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 &&
+        * !NO_FILESYSTEM && !NO_BIO */
+    return EXPECT_RESULT();
+}
+
+/* test loading ECC key using BIO */
+static int test_wolfSSL_PEM_PrivateKey_ecc(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_BIO)
+    BIO*      bio = NULL;
+    EVP_PKEY* pkey  = NULL;
+    XFILE file = XBADFILE;
+    const char* fname = "./certs/ecc-key.pem";
+    const char* fname_ecc_p8  = "./certs/ecc-keyPkcs8.pem";
+
+    size_t sz = 0;
+    byte* buf = NULL;
+    EVP_PKEY* pkey2 = NULL;
+    EVP_PKEY* pkey3 = NULL;
+    EC_KEY*   ec_key = NULL;
+    int nid = 0;
+    BIO* pub_bio = NULL;
+
+    ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
+    ExpectIntGT(sz = XFTELL(file), 0);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
+    ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
+    if (buf) {
+        ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
+    }
+    if (file != XBADFILE) {
+        XFCLOSE(file);
+        file = XBADFILE;
+    }
+
+    /* Test using BIO new mem and loading PEM private key */
+    ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
+    ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
+    BIO_free(bio);
+    bio = NULL;
+    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
+    buf = NULL;
+    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntGT(BIO_pending(bio), 0);
+    /* No parameters. */
+    ExpectIntEQ(BIO_pending(bio), 227);
+    /* Check if the pubkey API writes only the public key */
+#ifdef WOLFSSL_KEY_GEN
+    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
+    ExpectIntGT(BIO_pending(pub_bio), 0);
+    /* Previously both the private key and the pubkey calls would write
+     * out the private key and the PEM header was the only difference.
+     * The public PEM should be significantly shorter than the
+     * private key versison. */
+    ExpectIntEQ(BIO_pending(pub_bio), 178);
+#endif
+    BIO_free(pub_bio);
+    BIO_free(bio);
+    bio = NULL;
+    ExpectNotNull(pkey2 = EVP_PKEY_new());
+    ExpectNotNull(pkey3 = EVP_PKEY_new());
+    if (pkey2 != NULL) {
+         pkey2->type = EVP_PKEY_EC;
+    }
+    /* Test parameter copy */
+    ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
+
+
+    /* Qt unit test case 1*/
+    ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
+    ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
+    #ifdef WOLFSSL_ERROR_CODE_OPENSSL
+    ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
+    #else
+    ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
+    #endif
+    /* Test default digest */
+    ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
+    ExpectIntEQ(nid, NID_sha256);
+    EC_KEY_free(ec_key);
+    ec_key = NULL;
+    EVP_PKEY_free(pkey3);
+    pkey3 = NULL;
+    EVP_PKEY_free(pkey2);
+    pkey2 = NULL;
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+
+    /* Qt unit test case ec pkcs8 key */
+    ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
+    ExpectIntGT(sz = XFTELL(file), 0);
+    ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
+    ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
+    if (buf) {
+        ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
+    }
+    if (file != XBADFILE) {
+        XFCLOSE(file);
+        file = XBADFILE;
+    }
+
+    ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
+    ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
+    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
+    buf = NULL;
+    BIO_free(bio);
+    bio = NULL;
+    ExpectNotNull(pkey3 = EVP_PKEY_new());
+    /* Qt unit test case */
+    ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
+    ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
+#ifdef WOLFSSL_ERROR_CODE_OPENSSL
+    ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
+#else
+    ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
+#endif
+    EC_KEY_free(ec_key);
+    EVP_PKEY_free(pkey3);
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+#endif
+    return EXPECT_RESULT();
+}
+
+/* test loading DSA key using BIO */
+static int test_wolfSSL_PEM_PrivateKey_dsa(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_BIO)
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
+    BIO*      bio = NULL;
+    EVP_PKEY* pkey  = NULL;
+
+    ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb"));
+    /* Private DSA EVP_PKEY */
+    ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL,
+        NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+#ifdef WOLFSSL_ASN_TEMPLATE
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
+        NULL), 1216);
+#else
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
+        NULL), 1212);
+#endif
+#endif
+
+#ifdef WOLFSSL_KEY_GEN
+    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    ExpectIntEQ(BIO_pending(bio), 2394);
+#else
+    ExpectIntEQ(BIO_pending(bio), 2390);
+#endif
+    BIO_reset(bio);
+#endif
+
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
+        1);
+    ExpectIntEQ(BIO_pending(bio), 1196);
+
+    BIO_free(bio);
+    bio = NULL;
+
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+/* test loading DH key using BIO */
+static int test_wolfSSL_PEM_PrivateKey_dh(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_BIO)
+#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
+     defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \
+     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+    BIO*      bio = NULL;
+    EVP_PKEY* pkey  = NULL;
+    int       expectedBytes = 0;
+
+    ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb"));
+    /* Private DH EVP_PKEY */
+    ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL,
+        NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+
+#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+    expectedBytes += 806;
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
+        NULL), expectedBytes);
+#endif
+#ifdef WOLFSSL_KEY_GEN
+    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0);
+#endif
+
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
+        1);
+    expectedBytes += 806;
+    ExpectIntEQ(BIO_pending(bio), expectedBytes);
+
+    BIO_free(bio);
+    bio = NULL;
+
+    EVP_PKEY_free(pkey);
+    pkey  = NULL;
+#endif
 #endif
     return EXPECT_RESULT();
 }
@@ -33397,7 +46222,7 @@ static int test_wolfSSL_PEM_read_PUBKEY(void)
 static int test_wolfSSL_PEM_PrivateKey(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
 #ifndef NO_BIO
     BIO*      bio = NULL;
@@ -33410,264 +46235,32 @@ static int test_wolfSSL_PEM_PrivateKey(void)
     /* test creating new EVP_PKEY with bad arg */
     ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
 
-    /* test loading RSA key using BIO */
-#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
-    {
-        XFILE file = XBADFILE;
-        const char* fname = "./certs/server-key.pem";
-        const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
-
-        size_t sz;
-        byte* buf = NULL;
-        EVP_PKEY* pkey2 = NULL;
-        EVP_PKEY* pkey3 = NULL;
-        RSA* rsa_key = NULL;
-
-        ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
-        ExpectIntGT(sz = XFTELL(file), 0);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
-        ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
-        if (buf != NULL) {
-            ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
-        }
-        if (file != XBADFILE) {
-            XFCLOSE(file);
-            file = XBADFILE;
-        }
-
-        /* Test using BIO new mem and loading PEM private key */
-        ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
-        ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
-        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
-        buf = NULL;
-        BIO_free(bio);
-        bio = NULL;
-        ExpectNotNull(pkey2 = EVP_PKEY_new());
-        if (pkey2 != NULL) {
-            pkey2->type = EVP_PKEY_RSA;
-        }
-        /* Test parameter copy */
-        ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
-        EVP_PKEY_free(pkey2);
-        EVP_PKEY_free(pkey);
-        pkey  = NULL;
-
-        /* Qt unit test case : rsa pkcs8 key */
-        ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
-        ExpectIntGT(sz = XFTELL(file), 0);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
-        ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
-        if (buf) {
-            ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
-        }
-        if (file != XBADFILE) {
-            XFCLOSE(file);
-            file = XBADFILE;
-        }
-
-        ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
-        ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
-        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
-        buf = NULL;
-        BIO_free(bio);
-        bio = NULL;
-        ExpectNotNull(pkey3 = EVP_PKEY_new());
-
-        ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
-        ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);
-
-        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
-        ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
-        #else
-        ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
-        #endif
-
-        RSA_free(rsa_key);
-        EVP_PKEY_free(pkey3);
-        EVP_PKEY_free(pkey);
-        pkey  = NULL;
+    /* Test bad EVP_PKEY type. */
+    /* New HMAC EVP_PKEY */
+    ExpectNotNull(bio = BIO_new_mem_buf("", 1));
+    ExpectNotNull(pkey = EVP_PKEY_new());
+    if (pkey != NULL) {
+        pkey->type = EVP_PKEY_HMAC;
     }
+    ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
+        0);
+#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
+        NULL), 0);
 #endif
-
-    /* test loading ECC key using BIO */
-#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
-    {
-        XFILE file = XBADFILE;
-        const char* fname = "./certs/ecc-key.pem";
-        const char* fname_ecc_p8  = "./certs/ecc-keyPkcs8.pem";
-
-        size_t sz = 0;
-        byte* buf = NULL;
-        EVP_PKEY* pkey2 = NULL;
-        EVP_PKEY* pkey3 = NULL;
-        EC_KEY*   ec_key = NULL;
-        int nid = 0;
-
-        ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
-        ExpectIntGT(sz = XFTELL(file), 0);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
-        ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
-        if (buf) {
-            ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
-        }
-        if (file != XBADFILE) {
-            XFCLOSE(file);
-            file = XBADFILE;
-        }
-
-        /* Test using BIO new mem and loading PEM private key */
-        ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
-        ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
-        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
-        buf = NULL;
-        BIO_free(bio);
-        bio = NULL;
-        ExpectNotNull(pkey2 = EVP_PKEY_new());
-        ExpectNotNull(pkey3 = EVP_PKEY_new());
-        if (pkey2 != NULL) {
-             pkey2->type = EVP_PKEY_EC;
-        }
-        /* Test parameter copy */
-        ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
-        /* Qt unit test case 1*/
-        ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
-        ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
-        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
-        ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
-        #else
-        ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
-        #endif
-        /* Test default digest */
-        ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
-        ExpectIntEQ(nid, NID_sha256);
-        EC_KEY_free(ec_key);
-        ec_key = NULL;
-        EVP_PKEY_free(pkey3);
-        pkey3 = NULL;
-        EVP_PKEY_free(pkey2);
-        pkey2 = NULL;
-        EVP_PKEY_free(pkey);
-        pkey  = NULL;
-
-        /* Qt unit test case ec pkcs8 key */
-        ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
-        ExpectIntGT(sz = XFTELL(file), 0);
-        ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
-        ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
-        if (buf) {
-            ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
-        }
-        if (file != XBADFILE) {
-            XFCLOSE(file);
-            file = XBADFILE;
-        }
-
-        ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
-        ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
-        XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
-        buf = NULL;
-        BIO_free(bio);
-        bio = NULL;
-        ExpectNotNull(pkey3 = EVP_PKEY_new());
-        /* Qt unit test case */
-        ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
-        ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
-        #ifdef WOLFSSL_ERROR_CODE_OPENSSL
-        ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
-        #else
-        ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
-        #endif
-        EC_KEY_free(ec_key);
-        EVP_PKEY_free(pkey3);
-        EVP_PKEY_free(pkey);
-        pkey  = NULL;
-    }
-#endif
-
-#if !defined(NO_BIO) && !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || \
-    defined(WOLFSSL_CERT_GEN))
-    {
-        #define BIO_PEM_TEST_CHAR 'a'
-        EVP_PKEY* pkey2 = NULL;
-        unsigned char extra[10];
-        int i;
-        BIO* pub_bio = NULL;
-
-        XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
-
-        ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-        ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
-        ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-        ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
-
-        ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
-                &server_key, (long)sizeof_server_key_der_2048));
-        ExpectNull(pkey);
-
-        ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
-                &server_key, (long)sizeof_server_key_der_2048));
-        ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL,
-                NULL), WOLFSSL_FAILURE);
-        ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL,
-                NULL), WOLFSSL_FAILURE);
-        ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
-                NULL), WOLFSSL_SUCCESS);
-        ExpectIntGT(BIO_pending(bio), 0);
-        ExpectIntEQ(BIO_pending(bio), 1679);
-        /* Check if the pubkey API writes only the public key */
 #ifdef WOLFSSL_KEY_GEN
-        ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE);
-        ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE);
-        ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
-        ExpectIntGT(BIO_pending(pub_bio), 0);
-        /* Previously both the private key and the pubkey calls would write
-         * out the private key and the PEM header was the only difference.
-         * The public PEM should be significantly shorter than the
-         * private key versison. */
-        ExpectIntEQ(BIO_pending(pub_bio), 451);
+    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
 
 
-        /* test creating new EVP_PKEY with good args */
-        ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
-        if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
-            ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
-
-        /* test of reuse of EVP_PKEY */
-        ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
-        ExpectIntEQ(BIO_pending(bio), 0);
-        ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
-                SSL_SUCCESS);
-        ExpectIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
-        ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
-        ExpectNotNull(pkey);
-        if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
-            ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
-        }
-        ExpectIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
-        ExpectIntEQ(BIO_read(bio, extra, 10), 10);
-        for (i = 0; i < 10; i++) {
-            ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR);
-        }
-
-        BIO_free(pub_bio);
-        BIO_free(bio);
-        bio = NULL;
-        EVP_PKEY_free(pkey);
-        pkey  = NULL;
-        EVP_PKEY_free(pkey2);
-    }
-    #endif
-
     /* key is DES encrypted */
     #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
         !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \
-        !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && \
-        !defined(HAVE_USER_RSA) && !defined(NO_RSA)
+        !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
         XFILE f = XBADFILE;
         wc_pem_password_cb* passwd_cb = NULL;
@@ -33683,9 +46276,9 @@ static int test_wolfSSL_PEM_PrivateKey(void)
         #endif
     #else
         #ifndef NO_WOLFSSL_SERVER
-        ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
+        ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method()));
         #else
-        ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
+        ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method()));
         #endif
     #endif
 
@@ -33754,9 +46347,9 @@ static int test_wolfSSL_PEM_PrivateKey(void)
 
         server_key = buf;
         pkey = NULL;
-        ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
+        ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long int)bytes));
         ExpectNull(pkey);
-        ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
+        ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long int)bytes));
         ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
 
         EVP_PKEY_free(pkey);
@@ -33780,7 +46373,7 @@ static int test_wolfSSL_PEM_file_RSAKey(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
     defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     RSA* rsa = NULL;
     XFILE fp = XBADFILE;
 
@@ -33790,12 +46383,12 @@ static int test_wolfSSL_PEM_file_RSAKey(void)
         XFCLOSE(fp);
     ExpectIntEQ(RSA_size(rsa), 256);
 
-    ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS);
 
     RSA_free(rsa);
@@ -33809,12 +46402,12 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_FILESYSTEM) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     RSA* rsa = NULL;
     XFILE f = NULL;
 
-    ExpectTrue((f = XFOPEN(svrKeyFile, "r")) != XBADFILE);
+    ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
     ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
     if (f != XBADFILE) {
@@ -33823,16 +46416,16 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
     }
 
     ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
 
     RSA_free(rsa);
 
 #ifdef HAVE_ECC
-    ExpectTrue((f = XFOPEN(eccKeyFile, "r")) != XBADFILE);
+    ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE);
     ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
     if (f != XBADFILE)
         XFCLOSE(f);
@@ -33868,7 +46461,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
     defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
-    !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     RSA* rsa = NULL;
     BIO* bio = NULL;
 
@@ -33879,7 +46472,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     ExpectNotNull(rsa);
     ExpectIntEQ(RSA_size(rsa), 256);
     ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
-                                            NULL), WOLFSSL_FAILURE);
+                                            NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -33895,7 +46488,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
     ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
-    ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -33943,7 +46536,7 @@ static int test_wolfSSL_PEM_bio_RSAPrivateKey(void)
     ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     ExpectNull(rsa_dup = RSAPublicKey_dup(NULL));
     /* Test duplicating empty key. */
     ExpectNotNull(rsa_dup = RSA_new());
@@ -33990,7 +46583,7 @@ static int test_wolfSSL_PEM_bio_DSAKey(void)
     ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
     ExpectIntEQ(BN_num_bytes(dsa->g), 128);
     ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -34006,7 +46599,7 @@ static int test_wolfSSL_PEM_bio_DSAKey(void)
     ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
     ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
     ExpectIntEQ(BN_num_bytes(dsa->g), 128);
-    ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -34060,11 +46653,11 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     ExpectIntEQ(ec == ec2, 1);
     ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     /* Public key data - fail. */
@@ -34079,11 +46672,11 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     bio = NULL;
 
     ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL,
-        NULL),WOLFSSL_FAILURE);
+        NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
 
@@ -34118,7 +46711,7 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL)));
     ExpectIntEQ(ec == ec2, 1);
     ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
-    ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     /* Test 0x30, 0x00 fails. */
@@ -34139,9 +46732,9 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     bio = NULL;
 
     /* Same test as above, but with a file pointer rather than a BIO. */
-    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS);
 
     EC_KEY_free(ec);
@@ -34182,7 +46775,7 @@ static int test_wolfSSL_PEM_PUBKEY(void)
     {
         XFILE file = XBADFILE;
         const char* fname = "./certs/ecc-client-keyPub.pem";
-        size_t sz;
+        size_t sz = 0;
         byte* buf = NULL;
 
         EVP_PKEY* pkey2 = NULL;
@@ -34203,6 +46796,13 @@ static int test_wolfSSL_PEM_PUBKEY(void)
         /* Test using BIO new mem and loading PEM private key */
         ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
         ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
+        BIO_free(bio);
+        bio = NULL;
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+        ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
+        ExpectNotNull(pkey = EVP_PKEY_new());
+        ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey);
         XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
         BIO_free(bio);
         bio = NULL;
@@ -34220,7 +46820,7 @@ static int test_wolfSSL_PEM_PUBKEY(void)
         EC_KEY_free(ec_key);
         EVP_PKEY_free(pkey2);
         EVP_PKEY_free(pkey);
-        pkey  = NULL;
+        pkey = NULL;
     }
 #endif
 
@@ -34271,7 +46871,7 @@ static int test_DSA_do_sign_verify(void)
     XMEMSET(digest, 202, sizeof(digest));
 
     ExpectNotNull(dsa = DSA_new());
-    ExpectIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
+    ExpectIntEQ(DSA_LoadDer(dsa, tmp, (int)bytes), 1);
 
     ExpectIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
     ExpectIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
@@ -34290,33 +46890,124 @@ static int test_wolfSSL_tmp_dh(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+    !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) && \
+    !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     byte buff[6000];
+    static const unsigned char p[] = {
+        0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba,
+        0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00,
+        0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6,
+        0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a,
+        0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf,
+        0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a,
+        0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6,
+        0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48,
+        0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d,
+        0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19,
+        0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f,
+        0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a,
+        0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6,
+        0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04,
+        0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38,
+        0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5,
+        0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e,
+        0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a,
+        0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc,
+        0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7,
+        0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36,
+        0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90,
+        0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3,
+        0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48,
+        0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a,
+        0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab,
+        0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b,
+        0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08,
+        0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6,
+        0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b,
+        0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa,
+        0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93
+    };
+    int pSz = (int)sizeof(p);
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+    static const unsigned char bad_p[] = {
+        0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba,
+        0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00,
+        0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6,
+        0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a,
+        0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf,
+        0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a,
+        0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6,
+        0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48,
+        0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d,
+        0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19,
+        0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f,
+        0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a,
+        0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6,
+        0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04,
+        0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38,
+        0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5,
+        0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e,
+        0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a,
+        0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc,
+        0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7,
+        0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36,
+        0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90,
+        0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3,
+        0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48,
+        0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a,
+        0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab,
+        0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b,
+        0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08,
+        0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6,
+        0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b,
+        0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa,
+        0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x91
+    };
+#endif
+    static const unsigned char g[] = { 0x02 };
+    int gSz = (int)sizeof(g);
+#if !defined(NO_DSA)
     char file[] = "./certs/dsaparams.pem";
+    DSA* dsa = NULL;
+#else
+    char file[] = "./certs/dh2048.pem";
+#endif
     XFILE f = XBADFILE;
     int  bytes = 0;
-    DSA* dsa = NULL;
     DH*  dh = NULL;
-#if defined(WOLFSSL_DH_EXTRA) && \
-    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
     DH*  dh2 = NULL;
-#endif
     BIO*     bio = NULL;
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
+#ifndef NO_WOLFSSL_CLIENT
+    SSL*     ssl_c = NULL;
+    SSL_CTX* ctx_c = NULL;
+#endif
 
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
-#else
-    ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
-#endif
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectTrue(SSL_CTX_use_certificate_file(ctx_c, svrCertFile,
+        WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx_c, svrKeyFile,
+        WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ssl_c = SSL_new(ctx_c));
+#ifdef NO_WOLFSSL_SERVER
+    ctx = ctx_c;
+    ssl = ssl_c;
+#endif
+#endif
 
+    XMEMSET(buff, 0, sizeof(buff));
     ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
     if (f != XBADFILE)
@@ -34324,33 +47015,116 @@ static int test_wolfSSL_tmp_dh(void)
 
     ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
 
+#if !defined(NO_DSA)
     dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
     ExpectNotNull(dsa);
 
     dh = wolfSSL_DSA_dup_DH(dsa);
+#else
+    dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+#endif
     ExpectNotNull(dh);
 #if defined(WOLFSSL_DH_EXTRA) && \
     (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
     ExpectNotNull(dh2 = wolfSSL_DH_dup(dh));
+    DH_free(dh2);
+    dh2 = NULL;
 #endif
 
+    /* Failure cases */
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p   , 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p  , 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p   , 0, g   , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p   , 1, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , buff, 6000, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, bad_p, pSz, g, gSz),
+        WC_NO_ERR_TRACE(DH_CHECK_PUB_E));
+#endif
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p   , 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p  , 0, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, g   , 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p   , 0, g   , 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p   , 1, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , buff, 6000, g   , 1),
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
+#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+    !defined(HAVE_SELFTEST)
+#ifndef NO_WOLFSSL_SERVER
+    /* Parameters will be tested later so it passes now. */
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl, bad_p, pSz, g, gSz),
+        WOLFSSL_SUCCESS);
+#endif
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl_c, p, pSz, g, gSz),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh  ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh  ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* No p/g to use. */
+    dh2 = wolfSSL_DH_new();
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    DH_free(dh2);
+    dh2 = NULL;
+
+    ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz),
+        WOLFSSL_SUCCESS);
     ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 
     BIO_free(bio);
+#if !defined(NO_DSA)
     DSA_free(dsa);
+#endif
     DH_free(dh);
-#if defined(WOLFSSL_DH_EXTRA) && \
-    (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
-    DH_free(dh2);
+    dh = NULL;
+#ifndef NO_WOLFSSL_CLIENT
+    if (ssl != ssl_c) {
+        SSL_free(ssl_c);
+    }
 #endif
     SSL_free(ssl);
+#ifndef NO_WOLFSSL_CLIENT
+    if (ctx != ctx_c) {
+        SSL_CTX_free(ctx_c);
+    }
+#endif
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
     return EXPECT_RESULT();
 }
@@ -34507,21 +47281,21 @@ static int test_wolfSSL_EVP_Digest_all(void)
         "SHA512",
 #endif
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-        "SHA512_224",
+        "SHA512-224",
 #endif
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-        "SHA512_256",
+        "SHA512-256",
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-        "SHA3_224",
+        "SHA3-224",
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-        "SHA3_256",
+        "SHA3-256",
 #endif
-        "SHA3_384",
+        "SHA3-384",
 #ifndef WOLFSSL_NOSHA3_512
-        "SHA3_512",
+        "SHA3-512",
 #endif
 #endif /* WOLFSSL_SHA3 */
         NULL
@@ -34551,7 +47325,7 @@ static int test_wolfSSL_EVP_MD_size(void)
 #ifndef WOLFSSL_NOSHA3_224
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-224"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
@@ -34559,21 +47333,21 @@ static int test_wolfSSL_EVP_MD_size(void)
 #ifndef WOLFSSL_NOSHA3_256
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-256"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #endif
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-384"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #ifndef WOLFSSL_NOSHA3_512
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-512"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
@@ -34676,10 +47450,9 @@ static int test_wolfSSL_EVP_MD_size(void)
     /* error case */
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0);
+    ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0);
+    ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0);
     /* Cleanup is valid on uninit'ed struct */
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #endif /* OPENSSL_EXTRA */
@@ -34924,8 +47697,7 @@ static int test_wolfSSL_EVP_MD_hmac_signing(void)
 static int test_wolfSSL_EVP_MD_rsa_signing(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    defined(USE_CERT_BUFFERS_2048)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
     WOLFSSL_EVP_PKEY* privKey = NULL;
     WOLFSSL_EVP_PKEY* pubKey = NULL;
     WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL;
@@ -35116,7 +47888,7 @@ static int test_wolfSSL_EVP_MD_ecc_signing(void)
 static int test_wolfSSL_CTX_add_extra_chain_cert(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     char caFile[] = "./certs/client-ca.pem";
@@ -35137,12 +47909,23 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile,
         WOLFSSL_FILETYPE_PEM));
+
+    /* Negative tests. */
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    /* Empty certificate. */
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile,
         WOLFSSL_FILETYPE_PEM));
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
     /* additional test of getting EVP_PKEY key size from X509
      * Do not run with user RSA because wolfSSL_RSA_size is not currently
      * allowed with user RSA */
@@ -35179,7 +47962,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
         pkey = NULL;
 #endif /* HAVE_ECC */
     }
-#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
 
     ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
     if (EXPECT_SUCCESS()) {
@@ -35229,7 +48011,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
     return EXPECT_RESULT();
 }
 
-
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
 static int test_wolfSSL_ERR_peek_last_error_line(void)
 {
@@ -35323,8 +48104,9 @@ static int test_wolfSSL_X509_Name_canon(void)
 
     /* When output buffer is NULL, should return necessary output buffer
      * length.*/
+    ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG);
     ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0);
-    ExpectIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
+    ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
     ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
 
     hash = (((unsigned long)digest[3] << 24) |
@@ -35346,7 +48128,7 @@ static int test_wolfSSL_X509_Name_canon(void)
     ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
     ExpectNotNull(name = X509_get_issuer_name(x509));
 
-    ExpectIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
+    ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
     ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
 
     hash = (((unsigned long)digest[3] << 24) |
@@ -35391,7 +48173,13 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
     ExpectNotNull((str = wolfSSL_X509_STORE_new()));
     ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
     ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
-                                    SSL_FILETYPE_PEM,NULL), 0);
+                                    SSL_FILETYPE_PEM, NULL), 0);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE);
 
     /* free store */
     X509_STORE_free(str);
@@ -35480,6 +48268,14 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
     ExpectNotNull(ctx = X509_STORE_CTX_new());
     ExpectNotNull((str = wolfSSL_X509_STORE_new()));
     ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der       ,
+        WOLFSSL_FILETYPE_PEM), 0);
     ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
                                     SSL_FILETYPE_PEM,NULL), 1);
     ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
@@ -35498,8 +48294,12 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
 
     ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
     issuer = X509_STORE_CTX_get0_current_issuer(ctx);
-    ExpectNotNull(issuer);
+    ExpectNull(issuer);
 
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+
+    issuer = X509_STORE_CTX_get0_current_issuer(ctx);
+    ExpectNotNull(issuer);
     caName = X509_get_subject_name(x509Ca);
     ExpectNotNull(caName);
     issuerName = X509_get_subject_name(issuer);
@@ -35508,7 +48308,6 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
     ExpectIntEQ(cmp, 0);
 
     /* load der format */
-    X509_free(issuer);
     issuer = NULL;
     X509_STORE_CTX_free(ctx);
     ctx = NULL;
@@ -35564,7 +48363,7 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm,
                     "certs/server-revoked-cert.pem",
-                    WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
+                    WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
     }
 
     ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
@@ -35586,7 +48385,7 @@ static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
     return res;
 }
 
-static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
+static int test_wolfSSL_X509_STORE_CTX_get_issuer(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
@@ -35608,16 +48407,23 @@ static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
 
     ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
 
+    /* Issuer0 is not set until chain is built for verification */
     ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
-    ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
+    ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
 
+    /* Issuer1 will use the store to make a new issuer */
+    ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1);
+    ExpectNotNull(issuer);
+    X509_free(issuer);
+
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
     ExpectNotNull(caName = X509_get_subject_name(x509Ca));
     ExpectNotNull(issuerName = X509_get_subject_name(issuer));
 #ifdef WOLFSSL_SIGNER_DER_CERT
     ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0);
 #endif
 
-    X509_free(issuer);
     X509_STORE_CTX_free(ctx);
     X509_free(x509Svr);
     X509_STORE_free(str);
@@ -35659,7 +48465,7 @@ static int test_wolfSSL_PKCS7_certs(void)
         while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
             X509_INFO* info = NULL;
             ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            ExpectIntEQ(sk_X509_push(sk, info->x509), 1);
+            ExpectIntGT(sk_X509_push(sk, info->x509), 0);
             if (EXPECT_SUCCESS() && (info != NULL)) {
                 info->x509 = NULL;
             }
@@ -35764,11 +48570,9 @@ static int test_wolfSSL_X509_STORE_CTX(void)
     ExpectNotNull((ctx = X509_STORE_CTX_new()));
     ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
     ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
-    ExpectNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
-    ExpectIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
+    ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
     ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
-    ExpectNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
-    ExpectIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
+    ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
     X509_STORE_CTX_free(ctx);
     ctx = NULL;
     X509_STORE_free(str);
@@ -35798,7 +48602,7 @@ static int test_wolfSSL_X509_STORE_CTX(void)
         }
     #else
         ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
         ExpectNull(tmpDataRet);
     #endif
@@ -35821,7 +48625,7 @@ static int test_wolfSSL_X509_STORE_CTX(void)
         }
     #else
         ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
         ExpectNull(tmpDataRet);
     #endif
@@ -35835,6 +48639,424 @@ static int test_wolfSSL_X509_STORE_CTX(void)
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+
+typedef struct {
+    const char *caFile;
+    const char *caIntFile;
+    const char *caInt2File;
+    const char *leafFile;
+    X509 *x509Ca;
+    X509 *x509CaInt;
+    X509 *x509CaInt2;
+    X509 *x509Leaf;
+    STACK_OF(X509)* expectedChain;
+} X509_STORE_test_data;
+
+static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file)
+{
+    XFILE fp = XBADFILE;
+    X509 *x = NULL;
+
+    fp = XFOPEN(file, "rb");
+    if (fp == NULL) {
+        return NULL;
+    }
+    x = PEM_read_X509(fp, 0, 0, 0);
+    XFCLOSE(fp);
+
+    return x;
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 1, add X509 certs to store and verify */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 2, add certs by filename to store and verify */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caIntFile, NULL), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caInt2File, NULL), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 3, mix and match X509 with files */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* inter = NULL;
+    int i = 0;
+
+    /* Test case 4, CA loaded by file, intermediates passed on init */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectNotNull(inter = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(inter);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* trusted = NULL;
+    int i = 0;
+
+    /* Test case 5, manually set trusted stack */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* trusted = NULL;
+    STACK_OF(X509)* inter = NULL;
+    int i = 0;
+
+    /* Test case 6, manually set trusted stack will be unified with
+     * any intermediates provided on init */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectNotNull(inter = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    sk_X509_free(inter);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 7, certs added to store after ctx init are still used */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 8, Only full chain verifies */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    X509_STORE_CTX* ctx2 = NULL;
+    STACK_OF(X509)* trusted = NULL;
+
+    /* Test case 9, certs added to store should not be reflected in ctx that
+     * has been manually set with a trusted stack, but are reflected in ctx
+     * that has not set trusted stack */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectNotNull(ctx2 = X509_STORE_CTX_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntNE(X509_verify_cert(ctx2), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    /* CTX1 should now verify */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectIntNE(X509_verify_cert(ctx2), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    /* CTX2 should now verify */
+    ExpectIntEQ(X509_verify_cert(ctx2), 1);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_CTX_free(ctx2);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+
+    /* Test case 10, ensure partial chain flag works */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    /* Fails because chain is incomplete */
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
+    /* Partial chain now OK */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+
+    /* Test case 11, test partial chain flag on ctx itself */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    /* Fails because chain is incomplete */
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN);
+    /* Partial chain now OK */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_X509_STORE_CTX_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    X509_STORE_test_data testData;
+    XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data));
+    testData.caFile =     "./certs/ca-cert.pem";
+    testData.caIntFile =  "./certs/intermediate/ca-int-cert.pem";
+    testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem";
+    testData.leafFile =   "./certs/intermediate/server-chain.pem";
+
+    ExpectNotNull(testData.x509Ca = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile));
+    ExpectNotNull(testData.x509CaInt = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile));
+    ExpectNotNull(testData.x509CaInt2 = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File));
+    ExpectNotNull(testData.x509Leaf = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile));
+    ExpectNotNull(testData.expectedChain = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1);
+
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1);
+
+    if(testData.x509Ca) {
+        X509_free(testData.x509Ca);
+    }
+    if(testData.x509CaInt) {
+        X509_free(testData.x509CaInt);
+    }
+    if(testData.x509CaInt2) {
+        X509_free(testData.x509CaInt2);
+    }
+    if(testData.x509Leaf) {
+        X509_free(testData.x509Leaf);
+    }
+    if (testData.expectedChain) {
+        sk_X509_free(testData.expectedChain);
+    }
+
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+        * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
+
+    return EXPECT_RESULT();
+}
+
+
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
 static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         STACK_OF(X509)* chain)
@@ -35850,13 +49072,82 @@ static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(sk_X509_push(chain, cert), 1);
+    ExpectIntGT(sk_X509_push(chain, cert), 0);
     if (EXPECT_FAIL())
         X509_free(cert);
 
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_ALL)
+
+static int last_errcode;
+static int last_errdepth;
+
+static int X509Callback(int ok, X509_STORE_CTX *ctx)
+{
+
+    if (!ok) {
+        last_errcode  = X509_STORE_CTX_get_error(ctx);
+        last_errdepth = X509_STORE_CTX_get_error_depth(ctx);
+    }
+    /* Always return OK to allow verification to continue.*/
+    return 1;
+}
+
+static int test_X509_STORE_InvalidCa(void)
+{
+    EXPECT_DECLS;
+    const char* filename = "./certs/intermediate/ca_false_intermediate/"
+                                                    "test_int_not_cacert.pem";
+    const char* srvfile = "./certs/intermediate/ca_false_intermediate/"
+                                            "test_sign_bynoca_srv.pem";
+    X509_STORE_CTX* ctx = NULL;
+    X509_STORE* str = NULL;
+    XFILE fp = XBADFILE;
+    X509* cert = NULL;
+    STACK_OF(X509)* untrusted = NULL;
+
+    last_errcode = 0;
+    last_errdepth = 0;
+
+    ExpectTrue((fp = XFOPEN(srvfile, "rb"))
+            != XBADFILE);
+    ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    ExpectNotNull(str = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectNotNull(untrusted = sk_X509_new_null());
+
+    /* create cert chain stack */
+    ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename,
+                untrusted), TEST_SUCCESS);
+
+    X509_STORE_set_verify_cb(str, X509Callback);
+
+    ExpectIntEQ(X509_STORE_load_locations(str,
+                "./certs/intermediate/ca_false_intermediate/test_ca.pem",
+                                                                    NULL), 1);
+
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA);
+
+    X509_free(cert);
+    X509_STORE_free(str);
+    X509_STORE_CTX_free(ctx);
+    sk_X509_pop_free(untrusted, NULL);
+
+    return EXPECT_RESULT();
+}
+#endif /* OPENSSL_ALL */
+
+
+
 static int test_X509_STORE_untrusted_certs(const char** filenames, int ret,
         int err, int loadCA)
 {
@@ -35937,9 +49228,15 @@ static int test_X509_STORE_untrusted(void)
     /* Succeeds because path to loaded CA is available. */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1),
             TEST_SUCCESS);
-    /* Fails because root CA is in the untrusted stack */
+    /* Root CA in untrusted chain is OK so long as CA has been loaded
+     * properly */
+    ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1),
+            TEST_SUCCESS);
+    /* Still needs properly loaded CA, while including it in untrusted
+     * list is not an error, it also doesn't count for verify */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0,
-            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS);
+                X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0),
+            TEST_SUCCESS);
     /* Succeeds because path to loaded CA is available. */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1),
             TEST_SUCCESS);
@@ -35965,7 +49262,7 @@ static int test_wolfSSL_X509_STORE_set_flags(void)
         WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
     wolfSSL_X509_free(x509);
@@ -35995,7 +49292,7 @@ static int test_wolfSSL_X509_LOOKUP_load_file(void)
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
             WOLFSSL_FILETYPE_PEM), 1);
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
-            WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
     }
     ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
         X509_FILETYPE_PEM), 1);
@@ -36032,7 +49329,8 @@ static int test_wolfSSL_CTX_get0_set1_param(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL_CTX* ctx = NULL;
     WOLFSSL_X509_VERIFY_PARAM* pParam = NULL;
     WOLFSSL_X509_VERIFY_PARAM* pvpm = NULL;
@@ -36080,8 +49378,8 @@ static int test_wolfSSL_CTX_get0_set1_param(void)
 static int test_wolfSSL_get0_param(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
 
@@ -36099,8 +49397,7 @@ static int test_wolfSSL_get0_param(void)
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
+#endif
     return EXPECT_RESULT();
 }
 
@@ -36116,6 +49413,9 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
     if (pParam != NULL) {
         XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
 
+        ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)),
+            WOLFSSL_FAILURE);
+
         X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
 
         ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
@@ -36133,8 +49433,8 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
 static int test_wolfSSL_set1_host(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     const char host[] = "www.test_wolfSSL_set1_host.com";
     const char emptyStr[] = "";
     SSL_CTX*   ctx = NULL;
@@ -36171,8 +49471,7 @@ static int test_wolfSSL_set1_host(void)
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* OPENSSL_EXTRA */
+#endif
     return EXPECT_RESULT();
 }
 
@@ -36185,6 +49484,21 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
 
     ExpectNotNull(param = X509_VERIFY_PARAM_new());
 
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS);
+
     /* test 127.0.0.1 */
     buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
     ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
@@ -36265,11 +49579,76 @@ static int test_wolfSSL_X509_STORE_CTX_get0_store(void)
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_ECC) && !defined(NO_TLS) && \
+    defined(HAVE_AESGCM)
+static int test_wolfSSL_get_client_ciphers_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"));
+    return EXPECT_RESULT();
+}
+
+
+static int test_wolfSSL_get_client_ciphers_on_result(WOLFSSL* ssl) {
+    EXPECT_DECLS;
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* ciphers;
+
+    ciphers = SSL_get_client_ciphers(ssl);
+    if (wolfSSL_is_server(ssl) == 0) {
+        ExpectNull(ciphers);
+    }
+    else {
+        WOLFSSL_CIPHER* current;
+
+        /* client should have only sent over one cipher suite */
+        ExpectNotNull(ciphers);
+        ExpectIntEQ(sk_SSL_CIPHER_num(ciphers), 1);
+        current = sk_SSL_CIPHER_value(ciphers, 0);
+        ExpectNotNull(current);
+    #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
+        !defined(WOLFSSL_QT)
+        ExpectStrEQ("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+            SSL_CIPHER_get_name(current));
+    #else
+        ExpectStrEQ("ECDHE-RSA-AES128-GCM-SHA256",
+            SSL_CIPHER_get_name(current));
+    #endif
+    }
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_get_client_ciphers(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_ECC) && !defined(NO_TLS) && \
+    defined(HAVE_AESGCM)
+    test_ssl_cbf server_cb;
+    test_ssl_cbf client_cb;
+
+    XMEMSET(&client_cb, 0, sizeof(test_ssl_cbf));
+    XMEMSET(&server_cb, 0, sizeof(test_ssl_cbf));
+    client_cb.method = wolfTLSv1_2_client_method;
+    server_cb.method = wolfTLSv1_2_server_method;
+    client_cb.devId = testDevId;
+    server_cb.devId = testDevId;
+    client_cb.ctx_ready = test_wolfSSL_get_client_ciphers_ctx_ready;
+    client_cb.on_result = test_wolfSSL_get_client_ciphers_on_result;
+    server_cb.on_result = test_wolfSSL_get_client_ciphers_on_result;
+
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
+        &server_cb, NULL), TEST_SUCCESS);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_set_client_CA_list(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
-    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     X509_NAME* name = NULL;
@@ -36285,7 +49664,7 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
     ca_list = SSL_load_client_CA_file(caCertFile);
     ExpectNotNull(ca_list);
     ExpectNotNull(name = sk_X509_NAME_value(ca_list, 0));
-    ExpectIntEQ(sk_X509_NAME_push(names, name), 1);
+    ExpectIntEQ(sk_X509_NAME_push(names, name), 2);
     if (EXPECT_FAIL()) {
         wolfSSL_X509_NAME_free(name);
         name = NULL;
@@ -36297,6 +49676,8 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
     ExpectNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
     ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
 
+    ExpectIntEQ(sk_X509_NAME_find(NULL, name), BAD_FUNC_ARG);
+    ExpectIntEQ(sk_X509_NAME_find(names, NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0);
     for (i = 0; i < names_len; i++) {
         ExpectNotNull(name = sk_X509_NAME_value(names, i));
@@ -36398,7 +49779,7 @@ static int test_wolfSSL_CTX_add_client_CA(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
-    !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509* x509_a = NULL;
@@ -36477,7 +49858,7 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = wolfSSL_get_error(ssl, 0);
         }
-    } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+    } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
 
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
@@ -36511,20 +49892,19 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
 #endif /* HAVE_ECH && WOLFSSL_TLS13 */
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
-static void keyLog_callback(const WOLFSSL* ssl, const char* line )
+static void keyLog_callback(const WOLFSSL* ssl, const char* line)
 {
+    XFILE fp;
+    const byte lf = '\n';
 
     AssertNotNull(ssl);
     AssertNotNull(line);
 
-    XFILE fp;
-    const byte  lf = '\n';
     fp = XFOPEN("./MyKeyLog.txt", "a");
-    XFWRITE( line, 1, strlen(line),fp);
-    XFWRITE( (void*)&lf,1,1,fp);
+    XFWRITE(line, 1, XSTRLEN(line), fp);
+    XFWRITE((void*)&lf, 1, 1, fp);
     XFFLUSH(fp);
     XFCLOSE(fp);
-
 }
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
 static int test_wolfSSL_CTX_set_keylog_callback(void)
@@ -36572,12 +49952,14 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
-/* This test is intended for checking whether keylog callback is called
- * in client during TLS handshake between the client and a server.
- */
+    /* This test is intended for checking whether keylog callback is called
+     * in client during TLS handshake between the client and a server.
+     */
     test_ssl_cbf server_cbf;
     test_ssl_cbf client_cbf;
     XFILE fp = XBADFILE;
+    char  buff[500];
+    int   found = 0;
 
     XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf));
     XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf));
@@ -36587,6 +49969,7 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
     /* clean up keylog file */
     ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "w")) != XBADFILE);
     if (fp != XBADFILE) {
+        XFFLUSH(fp);
         XFCLOSE(fp);
         fp = XBADFILE;
     }
@@ -36595,12 +49978,10 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
         &server_cbf, NULL), TEST_SUCCESS);
 
     /* check if the keylog file exists */
+    ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE);
+    XFFLUSH(fp); /* Just to make sure any buffers get flushed */
 
-    char  buff[300] = {0};
-    int  found = 0;
-
-    ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
-
+    XMEMSET(buff, 0, sizeof(buff));
     while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
         if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) {
             found = 1;
@@ -36662,7 +50043,7 @@ static int test_wolfSSL_Tls13_Key_Logging_test(void)
         int  numfnd = 0;
         int  i;
 
-        ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
+        ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE);
 
         while (EXPECT_SUCCESS() &&
                 XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
@@ -36886,14 +50267,16 @@ static int post_auth_version_client_cb(WOLFSSL* ssl)
     /* do handshake and then test version error */
     ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
     ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
-    ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
     /* check was added to error queue */
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION));
 
     /* check the string matches expected string */
-    ExpectStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
+    #ifndef NO_ERROR_STRINGS
+    ExpectStrEQ(wolfSSL_ERR_error_string(-WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION), NULL),
             "WRONG_SSL_VERSION");
+    #endif
 #endif
     return EXPECT_RESULT();
 }
@@ -36966,7 +50349,7 @@ static int test_wolfSSL_X509_NID(void)
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
     !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
     int   sigType;
-    int   nameSz;
+    int   nameSz = 0;
 
     X509*  cert = NULL;
     EVP_PKEY*  pubKeyTmp = NULL;
@@ -36982,8 +50365,8 @@ static int test_wolfSSL_X509_NID(void)
     /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
 
     /* convert cert from DER to internal WOLFSSL_X509 struct */
-    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
-            sizeof_client_cert_der_2048));
+    ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
+            sizeof_client_cert_der_2048, HEAP_HINT));
 
     /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
 
@@ -36991,11 +50374,15 @@ static int test_wolfSSL_X509_NID(void)
     ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert));
 
     /* extract signatureType */
+    ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0);
     ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
 
     /* extract subjectName info */
     ExpectNotNull(name = X509_get_subject_name(cert));
     ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
+    ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1);
+    ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName,
+        commonName, -2), 0);
     ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
         NULL, 0)), 0);
     ExpectIntEQ(nameSz, 15);
@@ -37037,8 +50424,9 @@ static int test_wolfSSL_X509_NID(void)
 static int test_wolfSSL_CTX_set_srp_username(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-    && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
+    !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     const char *username = "TESTUSER";
@@ -37071,7 +50459,8 @@ static int test_wolfSSL_CTX_set_srp_password(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
-    !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx = NULL;
     const char *username = "TESTUSER";
     const char *password = "TESTPASSWORD";
@@ -37096,18 +50485,20 @@ static int test_wolfSSL_CTX_set_srp_password(void)
 static int test_wolfSSL_X509_STORE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS)
     X509_STORE *store = NULL;
 
 #ifdef HAVE_CRL
     X509_STORE_CTX *storeCtx = NULL;
-    X509_CRL *crl = NULL;
     X509 *ca = NULL;
     X509 *cert = NULL;
-    const char crlPem[] = "./certs/crl/crl.revoked";
     const char srvCert[] = "./certs/server-revoked-cert.pem";
     const char caCert[] = "./certs/ca-cert.pem";
+#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
+    X509_CRL *crl = NULL;
+    const char crlPem[] = "./certs/crl/crl.revoked";
     XFILE fp = XBADFILE;
+#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 
     ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
     ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
@@ -37127,6 +50518,7 @@ static int test_wolfSSL_X509_STORE(void)
     X509_free(ca);
     ca = NULL;
 
+#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
     /* should fail to verify now after adding in CRL */
     ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
     ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
@@ -37156,6 +50548,7 @@ static int test_wolfSSL_X509_STORE(void)
     cert = NULL;
     X509_free(ca);
     ca = NULL;
+#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 #endif /* HAVE_CRL */
 
 
@@ -37212,7 +50605,8 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \
+    !defined(NO_TLS)
     SSL_CTX *ctx = NULL;
     X509_STORE *store = NULL;
 
@@ -37238,14 +50632,14 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 
     /* Test bad arguments */
     ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifdef HAVE_CRL
     /* Test with CRL */
@@ -37265,6 +50659,15 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
     ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path),
         WOLFSSL_SUCCESS);
 
+#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \
+    _POSIX_C_SOURCE >= 200112L
+    ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
+    /* Test with env vars */
+    ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0);
+    ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0);
+    ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS);
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
     /* Clear nodes */
     ERR_clear_error();
@@ -37278,13 +50681,17 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 static int test_X509_STORE_get0_objects(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
     X509_STORE *store = NULL;
     X509_STORE *store_cpy = NULL;
     SSL_CTX *ctx = NULL;
     X509_OBJECT *obj = NULL;
+#ifdef HAVE_CRL
+    X509_OBJECT *objCopy = NULL;
+#endif
     STACK_OF(X509_OBJECT) *objs = NULL;
+    STACK_OF(X509_OBJECT) *objsCopy = NULL;
     int i;
 
     /* Setup store */
@@ -37322,22 +50729,46 @@ static int test_X509_STORE_get0_objects(void)
     ExpectIntEQ(sk_X509_OBJECT_num(objs), 0);
 #endif
 #endif
+    ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0);
+    ExpectNull(sk_X509_OBJECT_value(NULL, 0));
+    ExpectNull(sk_X509_OBJECT_value(NULL, 1));
+    ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs)));
+    ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1));
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(sk_X509_OBJECT_delete(objs, 0));
+#endif
+    ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL));
+    ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy));
     for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
         obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
+    #ifdef HAVE_CRL
+        objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i);
+    #endif
         switch (X509_OBJECT_get_type(obj)) {
         case X509_LU_X509:
         {
-            WOLFSSL_X509* x509;
+            X509* x509 = NULL;
+            X509_NAME *subj_name = NULL;
+            ExpectNull(X509_OBJECT_get0_X509_CRL(NULL));
+            ExpectNull(X509_OBJECT_get0_X509_CRL(obj));
             ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj));
             ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS);
+            ExpectNotNull(subj_name = X509_get_subject_name(x509));
+            ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509,
+                    subj_name));
+
             break;
         }
         case X509_LU_CRL:
 #ifdef HAVE_CRL
         {
-            WOLFSSL_CRL* crl = NULL;
+            X509_CRL* crl = NULL;
+            ExpectNull(X509_OBJECT_get0_X509(NULL));
+            ExpectNull(X509_OBJECT_get0_X509(obj));
             ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj));
             ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);
+
+            ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy));
             break;
         }
 #endif
@@ -37351,6 +50782,18 @@ static int test_X509_STORE_get0_objects(void)
 
     X509_STORE_free(store_cpy);
     SSL_CTX_free(ctx);
+
+    wolfSSL_sk_X509_OBJECT_free(NULL);
+    objs = NULL;
+    wolfSSL_sk_pop_free(objsCopy, NULL);
+    objsCopy = NULL;
+    ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new());
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE);
+    ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL));
+    wolfSSL_sk_X509_OBJECT_free(objsCopy);
+    wolfSSL_sk_X509_OBJECT_free(objs);
 #endif
     return EXPECT_RESULT();
 }
@@ -37361,17 +50804,16 @@ static int test_wolfSSL_BN_CTX(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
     !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
     WOLFSSL_BN_CTX* bn_ctx = NULL;
-    WOLFSSL_BIGNUM* t = NULL;
 
-    ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new());
+    ExpectNotNull(bn_ctx = BN_CTX_new());
 
-    /* No implementation. */
-    BN_CTX_init(NULL);
-
-    ExpectNotNull(t = BN_CTX_get(NULL));
-    BN_free(t);
-    ExpectNotNull(t = BN_CTX_get(bn_ctx));
-    BN_free(t);
+    ExpectNull(BN_CTX_get(NULL));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
 
 #ifndef NO_WOLFSSL_STUB
     /* No implementation. */
@@ -37441,7 +50883,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
     ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
     ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
-    ExpectIntEQ(BN_is_word(a, 3), SSL_FAILURE);
+    ExpectIntEQ(BN_is_word(a, 3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     {
@@ -37489,6 +50931,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntLT(BN_cmp(a, c), 0);
     ExpectIntGT(BN_cmp(c, b), 0);
 
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
     ExpectIntEQ(BN_print_fp(XBADFILE, NULL), 0);
     ExpectIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0);
     ExpectIntEQ(BN_print_fp(stderr, NULL), 0);
@@ -37496,6 +50939,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntEQ(BN_print_fp(XBADFILE, a), 0);
 
     ExpectIntEQ(BN_print_fp(stderr, a), 1);
+#endif
 
     BN_clear(a);
 
@@ -37533,19 +50977,34 @@ static int test_wolfSSL_BN_init(void)
     ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
 
     /* a^b mod c = */
-    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
 
     /* check result  3^2 mod 5 */
     ExpectIntEQ(BN_get_word(&dv), 4);
 
     /* a*b mod c = */
-    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
+    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
 
     /* check result  3*2 mod 5 */
     ExpectIntEQ(BN_get_word(&dv), 1);
 
+    {
+        BN_MONT_CTX* montCtx = NULL;
+        ExpectNotNull(montCtx = BN_MONT_CTX_new());
+
+        ExpectIntEQ(BN_MONT_CTX_set(montCtx, &cv, NULL), SSL_SUCCESS);
+        ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
+        ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
+        ExpectIntEQ(BN_mod_exp_mont_word(&dv, 3, &bv, &cv, NULL, NULL),
+                    WOLFSSL_SUCCESS);
+        /* check result  3^2 mod 5 */
+        ExpectIntEQ(BN_get_word(&dv), 4);
+
+        BN_MONT_CTX_free(montCtx);
+    }
+
     BN_free(ap);
 #endif
 #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
@@ -37574,7 +51033,6 @@ static int test_wolfSSL_BN_enc_dec(void)
     XMEMSET(&emptyBN, 0, sizeof(emptyBN));
     ExpectNotNull(a = BN_new());
     ExpectNotNull(b = BN_new());
-    ExpectIntEQ(BN_set_word(a, 2), 1);
 
     /* Invalid parameters */
     ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
@@ -37586,8 +51044,16 @@ static int test_wolfSSL_BN_enc_dec(void)
     ExpectNull(BN_bn2dec(NULL));
     ExpectNull(BN_bn2dec(&emptyBN));
 
-    ExpectNull(BN_bin2bn(NULL, sizeof(binNum), NULL));
-    ExpectNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL));
+    BN_clear(c);
+    BN_free(c);
+    c = NULL;
+
+    ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    BN_free(a);
+    a = NULL;
+    ExpectNotNull(a = BN_new());
+    ExpectIntEQ(BN_set_word(a, 2), 1);
     ExpectNull(BN_bin2bn(binNum, -1, a));
     ExpectNull(BN_bin2bn(binNum, -1, NULL));
     ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
@@ -37727,6 +51193,16 @@ static int test_wolfSSL_BN_word(void)
     ExpectIntEQ(BN_mod_word(a, 0), -1);
 #endif
 
+    ExpectIntEQ(BN_set_word(a, 5), 1);
+    ExpectIntEQ(BN_mul_word(a, 5), 1);
+    /* check result 5 * 5 */
+    ExpectIntEQ(BN_get_word(a), 25);
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    ExpectIntEQ(BN_div_word(a, 5), 1);
+    /* check result 25 / 5 */
+    ExpectIntEQ(BN_get_word(a), 5);
+#endif
+
     BN_free(c);
     BN_free(b);
     BN_free(a);
@@ -38372,7 +51848,7 @@ static int test_wolfSSL_BN_prime(void)
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #define TEST_ARG 0x1234
 static void msg_cb(int write_p, int version, int content_type,
@@ -38529,7 +52005,7 @@ static int test_generate_cookie(void)
     ExpectNotNull(ssl = SSL_new(ctx));
 
     /* Test unconnected */
-    ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
+    ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), WC_NO_ERR_TRACE(GEN_COOKIE_E));
 
     wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
 
@@ -38548,8 +52024,9 @@ static int test_generate_cookie(void)
 static int test_wolfSSL_set_options(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_FILESYSTEM) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_RSA)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -38615,7 +52092,7 @@ static int test_wolfSSL_set_options(void)
                     appData, sizeof(appData)), 0);
     }
 #else
-    ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
 #endif
 #endif
@@ -38669,15 +52146,14 @@ static int test_wolfSSL_set_options(void)
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
+#endif
     return EXPECT_RESULT();
 }
 
 static int test_wolfSSL_sk_SSL_CIPHER(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     SSL*     ssl = NULL;
@@ -38714,8 +52190,8 @@ static int test_wolfSSL_sk_SSL_CIPHER(void)
 static int test_wolfSSL_set1_curves_list(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
 
@@ -38729,42 +52205,136 @@ static int test_wolfSSL_set1_curves_list(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifdef HAVE_ECC
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
 #endif
 #ifdef HAVE_CURVE25519
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_CURVE448
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
-    ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifdef HAVE_ECC
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
 #endif
 
 #ifdef HAVE_CURVE25519
     ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_CURVE448
     ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+        (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC)
+static int test_wolfSSL_curves_mismatch_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    static int counter = 0;
+    EXPECT_DECLS;
+
+    if (counter % 2) {
+        ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "P-256"),
+                WOLFSSL_SUCCESS);
+    }
+    else {
+        ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "P-384"),
+                WOLFSSL_SUCCESS);
+    }
+
+    /* Ciphersuites that require curves */
+    wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384:"
+            "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:"
+            "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
+            "ECDHE-ECDSA-AES128-GCM-SHA256:"
+            "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:"
+            "ECDHE-ECDSA-CHACHA20-POLY1305");
+
+    counter++;
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_curves_mismatch(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+        (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC)
+    test_ssl_cbf func_cb_client;
+    test_ssl_cbf func_cb_server;
+    size_t i;
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* desc;
+        int client_last_err;
+        int server_last_err;
+    } test_params[] = {
+#ifdef WOLFSSL_TLS13
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3",
+                WC_NO_ERR_TRACE(FATAL_ERROR), WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA)},
+#endif
+#ifndef WOLFSSL_NO_TLS12
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2",
+                WC_NO_ERR_TRACE(FATAL_ERROR),
+#ifdef OPENSSL_EXTRA
+                WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)
+#else
+                WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)
+#endif
+        },
+#endif
+#ifndef NO_OLD_TLS
+        {wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLS 1.1",
+                WC_NO_ERR_TRACE(FATAL_ERROR),
+#ifdef OPENSSL_EXTRA
+                WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)
+#else
+                WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)
+#endif
+        },
+#endif
+    };
+
+    for (i = 0; i < XELEM_CNT(test_params) && !EXPECT_FAIL(); i++) {
+        XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
+        XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
+
+        printf("\tTesting with %s...\n", test_params[i].desc);
+
+        func_cb_client.ctx_ready = &test_wolfSSL_curves_mismatch_ctx_ready;
+        func_cb_server.ctx_ready = &test_wolfSSL_curves_mismatch_ctx_ready;
+
+        func_cb_client.method = test_params[i].client_meth;
+        func_cb_server.method = test_params[i].server_meth;
+
+        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
+            &func_cb_server, NULL), -1001);
+        ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err);
+        ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err);
+
+        if (!EXPECT_SUCCESS())
+            break;
+        printf("\t%s passed\n", test_params[i].desc);
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -38772,8 +52342,9 @@ static int test_wolfSSL_set1_curves_list(void)
 static int test_wolfSSL_set1_sigalgs_list(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
 
@@ -38787,29 +52358,29 @@ static int test_wolfSSL_set1_sigalgs_list(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_RSA
     #ifndef NO_SHA256
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
                     WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
                     WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         #ifdef WC_RSA_PSS
             ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
                         WOLFSSL_SUCCESS);
@@ -38831,17 +52402,17 @@ static int test_wolfSSL_set1_sigalgs_list(void)
             ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                        "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
         #endif
-        ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
-        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
 #endif
 #ifdef HAVE_ECC
@@ -38889,7 +52460,6 @@ static int test_wolfSSL_set1_sigalgs_list(void)
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
     return EXPECT_RESULT();
 }
@@ -38928,7 +52498,7 @@ static int test_wolfSSL_PEM_read_bio(void)
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     byte buff[6000];
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     X509* x509 = NULL;
     BIO*  bio = NULL;
     BUF_MEM* buf = NULL;
@@ -38988,7 +52558,7 @@ static int test_wolfSSL_BIO(void)
         buff[i] = i;
     }
     /* test BIO_free with NULL */
-    ExpectIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_free(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Creating and testing type BIO_s_bio */
     ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
@@ -39031,25 +52601,25 @@ static int test_wolfSSL_BIO(void)
     for (i = 0; i < 20; i++) {
         ExpectIntEQ((int)bufPt[i], i);
     }
-    ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), 0);
     ExpectIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
     for (i = 0; i < 8; i++) {
         ExpectIntEQ((int)bufPt[i], i);
     }
-    ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), 0);
     ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
 
     /* new pair */
-    ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio2); /* free bio2 and automatically remove from pair */
     bio2 = NULL;
     ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
     ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
-    ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0);
 
     /* test wrap around... */
-    ExpectIntEQ(BIO_reset(bio1), 0);
-    ExpectIntEQ(BIO_reset(bio3), 0);
+    ExpectIntEQ(BIO_reset(bio1), 1);
+    ExpectIntEQ(BIO_reset(bio3), 1);
 
     /* fill write buffer, read only small amount then write again */
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
@@ -39074,7 +52644,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ(bufPt[i], buff[4 + i]);
     }
 
-    ExpectIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_nread(bio3, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4);
     for (i = 0; i < 4; i++) {
         ExpectIntEQ(bufPt[i], 0);
@@ -39091,9 +52661,9 @@ static int test_wolfSSL_BIO(void)
     ExpectNotNull(XMEMCPY(bufPt, buff, 20));
 
     /* test reset on data in bio1 write buffer */
-    ExpectIntEQ(BIO_reset(bio1), 0);
+    ExpectIntEQ(BIO_reset(bio1), 1);
     ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
-    ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
+    ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0);
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
     ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
     ExpectNotNull(p);
@@ -39122,7 +52692,7 @@ static int test_wolfSSL_BIO(void)
     {
         BIO* bioA = NULL;
         BIO* bioB = NULL;
-        ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
+        ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
         BIO_free(bioA);
         bioA = NULL;
@@ -39149,7 +52719,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
         ExpectIntEQ((int)BIO_set_mem_eof_return(NULL, -1),   0);
 
-        ExpectTrue((f1 = XFOPEN(svrCertFile, "rwb")) != XBADFILE);
+        ExpectTrue((f1 = XFOPEN(svrCertFile, "rb+")) != XBADFILE);
         ExpectIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
         ExpectIntEQ(BIO_write_filename(f_bio2, testFile),
                 WOLFSSL_SUCCESS);
@@ -39162,7 +52732,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
 
         ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
-        ExpectIntEQ(BIO_reset(f_bio2), 0);
+        ExpectIntEQ(BIO_reset(f_bio2), 1);
         ExpectIntEQ(BIO_tell(NULL),-1);
         ExpectIntEQ(BIO_tell(f_bio2),0);
         ExpectIntEQ(BIO_seek(f_bio2, 4), 0);
@@ -39173,7 +52743,7 @@ static int test_wolfSSL_BIO(void)
         BIO_free(f_bio2);
         f_bio2 = NULL;
 
-        ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
+        ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rb+"));
         ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
         ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
         BIO_free(f_bio1);
@@ -39208,6 +52778,35 @@ static int test_wolfSSL_BIO(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_BIO_BIO_ring_read(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL)
+    BIO* bio1 = NULL;
+    BIO* bio2 = NULL;
+    byte data[50];
+    byte tmp[50];
+
+    XMEMSET(data, 42, sizeof(data));
+
+
+    ExpectIntEQ(BIO_new_bio_pair(&bio1, sizeof(data), &bio2, sizeof(data)),
+            SSL_SUCCESS);
+
+    ExpectIntEQ(BIO_write(bio1, data, 40), 40);
+    ExpectIntEQ(BIO_read(bio1, tmp, 20), -1);
+    ExpectIntEQ(BIO_read(bio2, tmp, 20), 20);
+    ExpectBufEQ(tmp, data, 20);
+    ExpectIntEQ(BIO_write(bio1, data, 20), 20);
+    ExpectIntEQ(BIO_read(bio2, tmp, 40), 40);
+    ExpectBufEQ(tmp, data, 40);
+
+    BIO_free(bio1);
+    BIO_free(bio2);
+#endif
+    return EXPECT_RESULT();
+}
+
 #endif /* !NO_BIO */
 
 
@@ -39268,6 +52867,7 @@ static int test_wolfSSL_X509_cmp_time(void)
 
     ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
     ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
+    ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time));
 #endif
     return EXPECT_RESULT();
 }
@@ -39301,6 +52901,576 @@ static int test_wolfSSL_X509_time_adj(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_bad_altname(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    const unsigned char malformed_alt_name_cert[] = {
+        0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01,
+        0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+        0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d,
+        0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31,
+        0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31,
+        0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32,
+        0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31,
+        0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61,
+        0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
+        0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8,
+        0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec,
+        0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97,
+        0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5,
+        0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83,
+        0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd,
+        0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58,
+        0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e,
+        0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09,
+        0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58,
+        0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68,
+        0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38,
+        0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c,
+        0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b,
+        0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64,
+        0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60,
+        0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7,
+        0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb,
+        0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84,
+        0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99,
+        0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50,
+        0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d,
+        0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c,
+        0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
+        0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82,
+        0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
+        0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f,
+        0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72,
+        0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+        0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58,
+        0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06,
+        0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
+        0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b,
+        0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa,
+        0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb,
+        0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd,
+        0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7,
+        0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10,
+        0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda,
+        0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1,
+        0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b,
+        0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1,
+        0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91,
+        0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7,
+        0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93,
+        0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1,
+        0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04,
+        0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee,
+        0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5,
+        0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff,
+        0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40,
+        0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09,
+        0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34,
+        0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd
+    };
+
+    X509* x509 = NULL;
+    int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char);
+    const char *name = "aaaaa";
+    int nameLen = (int)XSTRLEN(name);
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
+        malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1));
+
+    /* malformed_alt_name_cert has a malformed alternative
+     * name of "a*\0*". Ensure that it does not match "aaaaa" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
+
+    /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), 1);
+
+    X509_free(x509);
+
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_name_match(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    /* A certificate with the subject alternative name a* */
+    const unsigned char cert_der[] = {
+        0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01,
+        0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc,
+        0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30,
+        0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+        0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+        0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
+        0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
+        0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+        0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
+        0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+        0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+        0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+        0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+        0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33,
+        0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34,
+        0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30,
+        0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
+        0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
+        0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+        0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
+        0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
+        0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+        0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+        0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+        0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d,
+        0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a,
+        0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d,
+        0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97,
+        0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d,
+        0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6,
+        0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c,
+        0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22,
+        0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68,
+        0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd,
+        0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b,
+        0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e,
+        0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec,
+        0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b,
+        0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3,
+        0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6,
+        0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49,
+        0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f,
+        0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87,
+        0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71,
+        0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8,
+        0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a,
+        0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d,
+        0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61,
+        0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+        0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13,
+        0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09,
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
+        0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe,
+        0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde,
+        0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9,
+        0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78,
+        0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f,
+        0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06,
+        0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e,
+        0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f,
+        0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f,
+        0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae,
+        0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97,
+        0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f,
+        0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a,
+        0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11,
+        0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8,
+        0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91,
+        0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25,
+        0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa,
+        0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08,
+        0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b,
+        0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d,
+        0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e
+        };
+
+    WOLFSSL_X509* x509 = NULL;
+    int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char));
+    const char *name1 = "aaaaa";
+    int nameLen1 = (int)(XSTRLEN(name1));
+    const char *name2 = "a";
+    int nameLen2 = (int)(XSTRLEN(name2));
+    const char *name3 = "abbbb";
+    int nameLen3 = (int)(XSTRLEN(name3));
+    const char *name4 = "bbb";
+    int nameLen4 = (int)(XSTRLEN(name4));
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
+        cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
+
+    /* Ensure that "a*" matches "aaaaa" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" matches "a" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" matches "abbbb" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "bbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
+
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
+     * 'a*' alt name does not have wildcard left-most */
+
+    /* Ensure that "a*" does not match "aaaaa" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "a" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "abbbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "bbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_free(x509);
+
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_name_match2(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    /* A certificate with the subject alternative name a*b* */
+    const unsigned char cert_der[] = {
+        0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01,
+        0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52,
+        0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30,
+        0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+        0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+        0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
+        0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
+        0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+        0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
+        0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+        0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+        0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+        0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+        0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33,
+        0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34,
+        0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30,
+        0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
+        0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
+        0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+        0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
+        0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
+        0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+        0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+        0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+        0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80,
+        0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda,
+        0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57,
+        0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e,
+        0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55,
+        0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f,
+        0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9,
+        0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba,
+        0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef,
+        0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a,
+        0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3,
+        0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78,
+        0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34,
+        0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97,
+        0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95,
+        0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f,
+        0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9,
+        0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51,
+        0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0,
+        0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63,
+        0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0,
+        0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c,
+        0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f,
+        0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61,
+        0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+        0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e,
+        0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d,
+        0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+        0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5,
+        0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71,
+        0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea,
+        0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6,
+        0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb,
+        0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a,
+        0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b,
+        0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b,
+        0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29,
+        0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6,
+        0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5,
+        0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e,
+        0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47,
+        0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20,
+        0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20,
+        0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6,
+        0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06,
+        0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4,
+        0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a,
+        0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f,
+        0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39,
+        0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d
+        };
+
+    WOLFSSL_X509* x509 = NULL;
+    int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char));
+    const char *name1 = "ab";
+    int nameLen1 = (int)(XSTRLEN(name1));
+    const char *name2 = "acccbccc";
+    int nameLen2 = (int)(XSTRLEN(name2));
+    const char *name3 = "accb";
+    int nameLen3 = (int)(XSTRLEN(name3));
+    const char *name4 = "accda";
+    int nameLen4 = (int)(XSTRLEN(name4));
+    const char *name5 = "acc\0bcc";
+    int nameLen5 = 7;
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
+        cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
+
+    /* Ensure that "a*b*" matches "ab" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*b*" matches "acccbccc" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*b*" matches "accb" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*b*" does not match "accda" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
+     * 'a*b*' alt name does not have wildcard left-most */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+
+    /* Ensure that "a*b*" matches "ab", testing openssl behavior replication
+     * on check len input handling, 0 for len is OK as it should then use
+     * strlen(name1) */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Openssl also allows for len to include NULL terminator */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that check string with NULL terminator in middle is
+     * rejected */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_free(x509);
+
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_name_match3(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    /* A certificate with the subject alternative name *.example.com */
+    const unsigned char cert_der[] = {
+        0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01,
+        0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4,
+        0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30,
+        0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+        0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+        0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
+        0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
+        0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+        0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
+        0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+        0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+        0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+        0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+        0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33,
+        0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34,
+        0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30,
+        0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
+        0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
+        0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+        0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
+        0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
+        0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+        0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+        0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+        0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16,
+        0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82,
+        0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92,
+        0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a,
+        0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3,
+        0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88,
+        0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e,
+        0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd,
+        0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98,
+        0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42,
+        0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98,
+        0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb,
+        0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f,
+        0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc,
+        0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1,
+        0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43,
+        0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b,
+        0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09,
+        0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7,
+        0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6,
+        0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce,
+        0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54,
+        0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18,
+        0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a,
+        0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
+        0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60,
+        0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4,
+        0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+        0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
+        0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20,
+        0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd,
+        0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84,
+        0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec,
+        0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a,
+        0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04,
+        0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc,
+        0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73,
+        0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b,
+        0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12,
+        0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5,
+        0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f,
+        0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32,
+        0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7,
+        0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa,
+        0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d,
+        0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc,
+        0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9,
+        0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35,
+        0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f,
+        0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf,
+        0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48
+        };
+
+    WOLFSSL_X509* x509 = NULL;
+    int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char));
+    const char *name1 = "foo.example.com";
+    int nameLen1 = (int)(XSTRLEN(name1));
+    const char *name2 = "x.y.example.com";
+    int nameLen2 = (int)(XSTRLEN(name2));
+    const char *name3 = "example.com";
+    int nameLen3 = (int)(XSTRLEN(name3));
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
+        cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
+
+    /* Ensure that "*.example.com" matches "foo.example.com" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "*.example.com" does NOT match "x.y.example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "*.example.com" does NOT match "example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT  match "x.y.example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_free(x509);
+
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_max_altnames(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA)
+
+    /* Only test if max alt names has not been modified */
+#if WOLFSSL_MAX_ALT_NAMES <= 1024
+
+    WOLFSSL_CTX* ctx = NULL;
+    /* File contains a certificate encoded with 130 subject alternative names */
+    const char* over_max_altnames_cert = \
+        "./certs/test/cert-over-max-altnames.pem";
+
+#ifndef NO_WOLFSSL_SERVER
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#endif
+
+    ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE),
+            WOLFSSL_SUCCESS);
+    wolfSSL_CTX_free(ctx);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_max_name_constraints(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS)
+
+    /* Only test if max name constraints has not been modified */
+#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128
+
+    WOLFSSL_CTX* ctx = NULL;
+    /* File contains a certificate with 130 name constraints */
+    const char* over_max_nc = "./certs/test/cert-over-max-nc.pem";
+
+#ifndef NO_WOLFSSL_SERVER
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#endif
+
+    ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc,
+            NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
+    wolfSSL_CTX_free(ctx);
+#endif
+
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_X509(void)
 {
@@ -39315,8 +53485,18 @@ static int test_wolfSSL_X509(void)
 #endif
     char der[] = "certs/ca-cert.der";
     XFILE fp = XBADFILE;
+    int derSz = 0;
+
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+#endif
 
     ExpectNotNull(x509 = X509_new());
+    ExpectNull(wolfSSL_X509_get_der(x509, &derSz));
+#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
+    ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE);
+#endif
+    ExpectNull(wolfSSL_X509_dup(x509));
     X509_free(x509);
     x509 = NULL;
 
@@ -39324,33 +53504,65 @@ static int test_wolfSSL_X509(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
 
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-
 #ifdef WOLFSSL_CERT_GEN
+    ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE);
     ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
 #endif
 
     ExpectNotNull(ctx = X509_STORE_CTX_new());
 
-    ExpectIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
+    ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING));
 
     ExpectNotNull(store = X509_STORE_new());
     ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
     ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
     ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
 
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(X509_get_default_cert_file_env());
+    ExpectNull(X509_get_default_cert_file());
+    ExpectNull(X509_get_default_cert_dir_env());
+    ExpectNull(X509_get_default_cert_dir());
+#endif
+
+    ExpectNull(wolfSSL_X509_get_der(NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_der(x509, NULL));
+    ExpectNull(wolfSSL_X509_get_der(NULL, &derSz));
+
+    ExpectIntEQ(wolfSSL_X509_version(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_version(x509), 3);
 
     X509_STORE_CTX_free(ctx);
     X509_STORE_free(store);
     X509_free(x509);
     x509 = NULL;
     BIO_free(bio);
+    bio = NULL;
 #endif
 
     /** d2i_X509_fp test **/
     ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
     ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
     ExpectNotNull(x509);
+
+#ifdef HAVE_EX_DATA_CRYPTO
+    ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0);
+#endif
+    ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1));
+    ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
+#ifdef HAVE_EX_DATA
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1);
+    ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der);
+#else
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0);
+    ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
+#endif
+
     X509_free(x509);
     x509 = NULL;
     if (fp != XBADFILE) {
@@ -39358,12 +53570,24 @@ static int test_wolfSSL_X509(void)
         fp = XBADFILE;
     }
     ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
+    ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509));
     ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
     ExpectNotNull(x509);
     X509_free(x509);
+    x509 = NULL;
     if (fp != XBADFILE)
         XFCLOSE(fp);
 
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new_file(der, "rb"));
+    ExpectNull(d2i_X509_bio(NULL, &x509));
+    ExpectNotNull(x509 = d2i_X509_bio(bio, NULL));
+    ExpectNotNull(x509);
+    X509_free(x509);
+    BIO_free(bio);
+    bio = NULL;
+#endif
+
     /* X509_up_ref test */
     ExpectIntEQ(X509_up_ref(NULL), 0);
     ExpectNotNull(x509 = X509_new());   /* refCount = 1 */
@@ -39372,6 +53596,7 @@ static int test_wolfSSL_X509(void)
     X509_free(x509); /* refCount = 2 */
     X509_free(x509); /* refCount = 1 */
     X509_free(x509); /* refCount = 0, free */
+
 #endif
     return EXPECT_RESULT();
 }
@@ -39387,7 +53612,11 @@ static int test_wolfSSL_X509_get_ext_count(void)
     XFILE f = XBADFILE;
 
     /* NULL parameter check */
-    ExpectIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
@@ -39407,9 +53636,6 @@ static int test_wolfSSL_X509_get_ext_count(void)
     /* wolfSSL_X509_get_ext_count() valid input */
     ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
 
-    /* wolfSSL_X509_get_ext_count() NULL argument */
-    ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
-
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -39444,8 +53670,8 @@ static int test_wolfSSL_X509_sign2(void)
 
     const unsigned char expected[] = {
         0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01,
-        0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55, 0x8A,
-        0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30,
+        0x02, 0x02, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B, 0xB7,
+        0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, 0xF2, 0xEC, 0x30,
         0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
         0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
@@ -39524,34 +53750,34 @@ static int test_wolfSSL_X509_sign2(void)
         0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
         0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55,
-        0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8,
+        0x6F, 0x6D, 0x82, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B,
+        0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, 0xF2, 0xEC,
         0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
         0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
-        0x01, 0x01, 0x00, 0x14, 0xFB, 0xD0, 0xCE, 0x31, 0x7F, 0xA5, 0x59, 0xFA,
-        0x7C, 0x68, 0x26, 0xA7, 0xE8, 0x0D, 0x9F, 0x50, 0x57, 0xFA, 0x1C, 0x7C,
-        0x5E, 0x43, 0xA4, 0x97, 0x47, 0xB6, 0x41, 0xAC, 0x63, 0xD3, 0x61, 0x8C,
-        0x1F, 0x42, 0xEF, 0x53, 0xD0, 0xBA, 0x31, 0x4D, 0x99, 0x74, 0xA4, 0x60,
-        0xDC, 0xC6, 0x6F, 0xCC, 0x1E, 0x25, 0x98, 0xE1, 0xA4, 0xA0, 0x67, 0x69,
-        0x97, 0xE3, 0x97, 0x7C, 0x83, 0x28, 0xF1, 0xF4, 0x7D, 0x03, 0xA8, 0x31,
-        0x77, 0xCC, 0xD1, 0x37, 0xEF, 0x7B, 0x4A, 0x71, 0x2D, 0x11, 0x7E, 0x92,
-        0xF5, 0x67, 0xB7, 0x56, 0xBA, 0x28, 0xF8, 0xD6, 0xCE, 0x2A, 0x71, 0xE3,
-        0x70, 0x6B, 0x09, 0x0F, 0x67, 0x6F, 0x7A, 0xE0, 0x89, 0xF6, 0x5E, 0x23,
-        0x0C, 0x0A, 0x44, 0x4E, 0x65, 0x8E, 0x7B, 0x68, 0xD0, 0xAD, 0x76, 0x3E,
-        0x2A, 0x0E, 0xA2, 0x05, 0x11, 0x74, 0x24, 0x08, 0x60, 0xED, 0x9F, 0x98,
-        0x18, 0xE9, 0x91, 0x58, 0x36, 0xEC, 0xEC, 0x25, 0x6B, 0xBA, 0x9C, 0x87,
-        0x38, 0x68, 0xDC, 0xDC, 0x15, 0x6F, 0x20, 0x68, 0xC4, 0xBF, 0x05, 0x5B,
-        0x4A, 0x0C, 0x44, 0x2B, 0x92, 0x3F, 0x10, 0x99, 0xDC, 0xF6, 0x6C, 0x0E,
-        0x34, 0x26, 0x6E, 0x6D, 0x4E, 0x12, 0xBC, 0x60, 0x8F, 0x27, 0x1D, 0x7A,
-        0x00, 0x50, 0xBE, 0x23, 0xDE, 0x48, 0x47, 0x9F, 0xAD, 0x2F, 0x94, 0x3D,
-        0x16, 0x73, 0x48, 0x6B, 0xC8, 0x97, 0xE6, 0xB4, 0xB3, 0x4B, 0xE1, 0x68,
-        0x08, 0xC3, 0xE5, 0x34, 0x5F, 0x9B, 0xDA, 0xAB, 0xCA, 0x6D, 0x55, 0x32,
-        0xEF, 0x6C, 0xEF, 0x9B, 0x8B, 0x5B, 0xC7, 0xF0, 0xC2, 0x0F, 0x8E, 0x93,
-        0x09, 0x60, 0x3C, 0x0B, 0xDC, 0xBD, 0xDB, 0x4A, 0x2D, 0xD0, 0x98, 0xAA,
-        0xAB, 0x6C, 0x6F, 0x6D, 0x6B, 0x6A, 0x5C, 0x33, 0xAC, 0xAD, 0xA8, 0x1B,
-        0x38, 0x5D, 0x9F, 0xDA, 0xE7, 0x70, 0x07
+        0x01, 0x01, 0x00, 0xB9, 0x6C, 0xC2, 0xFA, 0x02, 0xC4, 0x3B, 0xB4, 0x68,
+        0xB2, 0xF3, 0xE3, 0x0D, 0xFA, 0x61, 0xAF, 0xB5, 0x54, 0x14, 0x4C, 0x59,
+        0xFC, 0xF8, 0xD0, 0x48, 0x09, 0xAC, 0x0E, 0x16, 0x73, 0x1F, 0xF2, 0x5B,
+        0x43, 0xD8, 0x41, 0xD1, 0x62, 0x8C, 0x07, 0x76, 0x88, 0x3F, 0x73, 0x6E,
+        0xD1, 0xE4, 0x66, 0x3D, 0x6A, 0x57, 0xC8, 0x85, 0x86, 0xBE, 0xAE, 0x7B,
+        0x48, 0xCB, 0x67, 0xB3, 0x80, 0x21, 0x3E, 0xFE, 0x7C, 0x7C, 0x0C, 0x76,
+        0x9F, 0x54, 0xBC, 0xA5, 0x89, 0xDE, 0x6C, 0x0B, 0x0A, 0x26, 0xCA, 0x66,
+        0x4F, 0xC0, 0xB9, 0xDF, 0x3A, 0x14, 0x88, 0xB8, 0x90, 0x7E, 0x32, 0x6D,
+        0x45, 0xF4, 0x14, 0x7B, 0x28, 0x69, 0xCE, 0x80, 0x59, 0x2D, 0x7B, 0x98,
+        0x8D, 0x33, 0xDB, 0x4B, 0x16, 0xAA, 0x5E, 0x5E, 0xED, 0x15, 0x6A, 0x01,
+        0x9F, 0x16, 0xC1, 0xE4, 0x23, 0x89, 0x30, 0xD4, 0xD8, 0xC9, 0xAD, 0x5A,
+        0x05, 0xC0, 0xE7, 0x9D, 0xF8, 0xD2, 0xD1, 0x80, 0x53, 0x9A, 0x00, 0xB6,
+        0xA3, 0xD6, 0x54, 0xFC, 0xFC, 0x4A, 0x9D, 0x31, 0x3F, 0xBB, 0xCD, 0xBC,
+        0xDD, 0x43, 0xFC, 0x25, 0x1A, 0x8F, 0xAE, 0x03, 0x39, 0xC8, 0x1D, 0x32,
+        0x86, 0x3F, 0xDE, 0xD1, 0xD4, 0xD8, 0x7F, 0xC0, 0x2F, 0x11, 0x56, 0x18,
+        0xC6, 0x27, 0x42, 0x2C, 0xB9, 0x10, 0xEC, 0xA9, 0xDE, 0x11, 0x25, 0x0C,
+        0xF3, 0xD6, 0x49, 0x22, 0x1E, 0x6A, 0x9D, 0x64, 0x06, 0x61, 0x26, 0xCE,
+        0x27, 0x3E, 0x22, 0x94, 0xEC, 0x6B, 0x25, 0xE0, 0xDC, 0x33, 0xF6, 0x91,
+        0x7D, 0x6E, 0x2E, 0x13, 0xFB, 0x36, 0x6C, 0x48, 0x1B, 0xAC, 0x3C, 0x1B,
+        0x7A, 0x60, 0x32, 0xCC, 0xE4, 0x05, 0xB4, 0x61, 0x2E, 0xCC, 0x14, 0xA4,
+        0xCE, 0xD0, 0xE9, 0xD6, 0xAF, 0x18, 0x9D, 0x51, 0x0E, 0xEF, 0x8B, 0xE4,
+        0xE0, 0x63, 0x86, 0x83, 0x6A, 0x4B, 0x7F
     };
 
     pt = ca_key_der_2048;
@@ -39574,9 +53800,16 @@ static int test_wolfSSL_X509_sign2(void)
     ExpectIntEQ(notAfter->length, 13);
 
     ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
+    ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore));
     ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
+    ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter));
 #endif
 
+    ExpectNull(wolfSSL_X509_notBefore(NULL));
+    ExpectNotNull(wolfSSL_X509_notBefore(x509));
+    ExpectNull(wolfSSL_X509_notAfter(NULL));
+    ExpectNotNull(wolfSSL_X509_notAfter(x509));
+
     ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 
@@ -39602,10 +53835,11 @@ static int test_wolfSSL_X509_sign(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
-    int ret;
+    int ret = 0;
     char *cn = NULL;
-    word32 cnSz;
+    word32 cnSz = 0;
     X509_NAME *name = NULL;
+    X509_NAME *emptyName = NULL;
     X509 *x509 = NULL;
     X509 *ca = NULL;
     DecodedCert dCert;
@@ -39629,6 +53863,11 @@ static int test_wolfSSL_X509_sign(void)
 #endif
     byte sn[16];
     int snSz = sizeof(sn);
+    int sigSz = 0;
+#ifndef NO_WOLFSSL_STUB
+    const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
+    const WOLFSSL_X509_ALGOR* alg = NULL;
+#endif
 
     /* Set X509_NAME fields */
     ExpectNotNull(name = X509_NAME_new());
@@ -39644,6 +53883,7 @@ static int test_wolfSSL_X509_sign(void)
                                                                   clientKeySz));
     ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
     ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0);
     /* Set version 3 */
     ExpectIntNE(X509_set_version(x509, 2L), 0);
     /* Set subject name, add pubkey, and sign certificate */
@@ -39652,6 +53892,9 @@ static int test_wolfSSL_X509_sign(void)
     name = NULL;
     ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
 #ifdef WOLFSSL_ALT_NAMES
+    ExpectNull(wolfSSL_X509_get_next_altname(NULL));
+    ExpectNull(wolfSSL_X509_get_next_altname(x509));
+
     /* Add some subject alt names */
     ExpectIntNE(wolfSSL_X509_add_altname(NULL,
                 "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
@@ -39666,7 +53909,7 @@ static int test_wolfSSL_X509_sign(void)
     ExpectIntEQ(wolfSSL_X509_add_altname(x509,
                 "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
                 ASN_DNS_TYPE), SSL_SUCCESS);
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     {
         unsigned char ip4_type[] = {127,128,0,255};
         unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
@@ -39679,10 +53922,53 @@ static int test_wolfSSL_X509_sign(void)
                 sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
     }
 #endif
+
+    {
+        int i;
+
+        if (x509 != NULL) {
+            x509->altNamesNext = x509->altNames;
+        }
+#ifdef WOLFSSL_IP_ALT_NAME
+        /* No names in IP address. */
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+#endif
+        for (i = 0; i < 3; i++) {
+            ExpectNotNull(wolfSSL_X509_get_next_altname(x509));
+        }
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST
+        ExpectNotNull(wolfSSL_X509_get_next_altname(x509));
+#endif
+    }
 #endif /* WOLFSSL_ALT_NAMES */
 
+    {
+        ASN1_UTCTIME* infinite_past = NULL;
+        ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0));
+        ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1);
+        ASN1_UTCTIME_free(infinite_past);
+    }
+
     /* test valid sign case */
     ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0);
+    /* test getting signature */
+#ifndef NO_WOLFSSL_STUB
+    wolfSSL_X509_get0_signature(&sig, &alg, x509);
+#endif
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz),
+        WOLFSSL_SUCCESS);
+    ExpectIntGT(sigSz, 0);
+    ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL),
+        WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL),
+        WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz),
+        WOLFSSL_FATAL_ERROR);
+    sigSz = 0;
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz),
+        WOLFSSL_FATAL_ERROR);
 
     /* test valid X509_sign_ctx case */
     ExpectNotNull(mctx = EVP_MD_CTX_new());
@@ -39692,7 +53978,7 @@ static int test_wolfSSL_X509_sign(void)
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
     ExpectIntEQ(X509_get_ext_count(x509), 1);
 #endif
-#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
+#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME)
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
 #endif
@@ -39708,7 +53994,7 @@ static int test_wolfSSL_X509_sign(void)
 #ifndef WOLFSSL_ALT_NAMES
     /* Valid case - size should be 781-786 with 16 byte serial number */
     ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz));
-#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#elif defined(WOLFSSL_IP_ALT_NAME)
     /* Valid case - size should be 955-960 with 16 byte serial number */
     ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz));
 #else
@@ -39731,15 +54017,37 @@ static int test_wolfSSL_X509_sign(void)
     InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
     ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
 
+    ExpectNotNull(emptyName = X509_NAME_new());
     ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
+    ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1);
     ExpectNotNull(name = X509_get_subject_name(ca));
-    cnSz = X509_NAME_get_sz(name);
+    ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0);
     ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
-    ExpectNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
+    ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz));
+    ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn);
+    ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn);
+    ExpectNull(X509_NAME_oneline(emptyName, NULL, 0));
+    ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn);
     ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
     XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
     cn = NULL;
 
+#if defined(XSNPRINTF)
+    ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0));
+    ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0));
+    ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0);
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn);
+    ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz));
+    ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1));
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn);
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn);
+    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    cn = NULL;
+#endif
+    X509_NAME_free(emptyName);
+
 #ifdef WOLFSSL_MULTI_ATTRIB
     /* test adding multiple OU's to the signer */
     ExpectNotNull(name = X509_get_subject_name(ca));
@@ -39757,7 +54065,7 @@ static int test_wolfSSL_X509_sign(void)
     ExpectNotNull(name = X509_get_issuer_name(x509));
     cnSz = X509_NAME_get_sz(name);
     ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
-    ExpectNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
+    ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz));
     /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
     ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
     XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
@@ -39783,7 +54091,7 @@ static int test_wolfSSL_X509_sign(void)
     ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
 
     /* uses ParseCert which fails on bad version number */
-    ExpectIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
+    ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     EVP_MD_CTX_free(mctx);
@@ -39820,8 +54128,12 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     X509* x509 = NULL;
     const ASN1_OBJECT* obj = NULL;
     const X509_ALGOR* alg = NULL;
+    X509_ALGOR* alg2 = NULL;
     int pptype = 0;
     const void *ppval = NULL;
+    byte* der = NULL;
+    const byte* tmp = NULL;
+    const byte badObj[] = { 0x06, 0x00 };
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
@@ -39832,6 +54144,7 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     ExpectNull(obj);
 
     /* Valid case */
+    X509_ALGOR_get0(NULL, NULL, NULL, alg);
     X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
     ExpectNotNull(obj);
     ExpectNull(ppval);
@@ -39839,7 +54152,24 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     /* Make sure NID of X509_ALGOR is Sha256 with RSA */
     ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
 
+    ExpectIntEQ(i2d_X509_ALGOR(NULL, NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(i2d_X509_ALGOR(alg, &der), 15);
+    ExpectNull(d2i_X509_ALGOR(NULL, NULL, 0));
+    /* tmp is NULL. */
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0));
+    tmp = badObj;
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, (long)sizeof(badObj)));
+    tmp = der;
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0));
+    ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
+    tmp = der;
+    ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
+
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     X509_free(x509);
+    X509_ALGOR_free(NULL);
+    X509_ALGOR_free(alg2);
+    alg2 = NULL;
 #endif
     return EXPECT_RESULT();
 }
@@ -39955,14 +54285,22 @@ static int test_wolfSSL_X509_VERIFY_PARAM(void)
     ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL),
         1);
 
+    ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0);
     ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo),
         X509_V_FLAG_CRL_CHECK_ALL);
 
+    ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL),
+        WOLFSSL_FAILURE);
     ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo,
         X509_V_FLAG_CRL_CHECK_ALL), 1);
 
     ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0);
 
+    ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL));
+    ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(""));
+    ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client"));
+    ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server"));
+
     X509_VERIFY_PARAM_free(paramTo);
     X509_VERIFY_PARAM_free(paramFrom);
     X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
@@ -39970,7 +54308,8 @@ static int test_wolfSSL_X509_VERIFY_PARAM(void)
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY)
 
 static int test_wolfSSL_check_domain_verify_count = 0;
 
@@ -40035,6 +54374,14 @@ static int test_wolfSSL_check_domain(void)
     return EXPECT_RESULT();
 }
 
+#else
+
+static int test_wolfSSL_check_domain(void)
+{
+    EXPECT_DECLS;
+    return EXPECT_RESULT();
+}
+
 #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
 static int test_wolfSSL_X509_get_X509_PUBKEY(void)
@@ -40065,6 +54412,8 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     X509_PUBKEY* pubKey = NULL;
     X509_PUBKEY* pubKey2 = NULL;
     EVP_PKEY* evpKey = NULL;
+    byte buf[1024];
+    byte* tmp;
 
     const unsigned char *pk = NULL;
     int ppklen;
@@ -40082,11 +54431,23 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     ExpectNotNull(pubKey);
     ExpectIntGT(ppklen, 0);
 
+    tmp = buf;
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294);
+
     ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
 
     ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey));
     ExpectNotNull(pubKey2 = X509_PUBKEY_new());
+    ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0);
+    ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0);
     ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
+    ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1);
     ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
     ExpectNotNull(pk);
     ExpectNotNull(pa);
@@ -40097,6 +54458,7 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     ExpectIntEQ(pptype, V_ASN1_NULL);
     ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
 
+    X509_PUBKEY_free(NULL);
     X509_PUBKEY_free(pubKey2);
     X509_free(x509);
     EVP_PKEY_free(evpKey);
@@ -40428,9 +54790,10 @@ static int test_wolfSSL_PKCS8_Compat(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \
     !defined(NO_BIO)
     PKCS8_PRIV_KEY_INFO* pt = NULL;
+    PKCS8_PRIV_KEY_INFO* pt2 = NULL;
     BIO* bio = NULL;
     XFILE f = XBADFILE;
-    int bytes;
+    int bytes = 0;
     char pkcs8_buffer[512];
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
     EVP_PKEY *pkey = NULL;
@@ -40450,17 +54813,30 @@ static int test_wolfSSL_PKCS8_Compat(void)
     ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
 
     /* gets PKCS8 pointer to pkey */
-    ExpectNotNull(EVP_PKEY2PKCS8(pkey));
+    ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey));
 
     EVP_PKEY_free(pkey);
 #endif
 
     BIO_free(bio);
     PKCS8_PRIV_KEY_INFO_free(pt);
+    PKCS8_PRIV_KEY_INFO_free(pt2);
 #endif
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
+static int NoPasswordCallBack(char* passwd, int sz, int rw, void* userdata)
+{
+    (void)passwd;
+    (void)sz;
+    (void)rw;
+    (void)userdata;
+
+    return -1;
+}
+#endif
+
 static int test_wolfSSL_PKCS8_d2i(void)
 {
     EXPECT_DECLS;
@@ -40471,8 +54847,8 @@ static int test_wolfSSL_PKCS8_d2i(void)
 
 #ifndef NO_FILESYSTEM
     unsigned char pkcs8_buffer[2048];
-    const unsigned char* p;
-    int bytes;
+    const unsigned char* p = NULL;
+    int bytes = 0;
     XFILE file = XBADFILE;
     WOLFSSL_EVP_PKEY* pkey = NULL;
 #ifndef NO_BIO
@@ -40543,6 +54919,13 @@ static int test_wolfSSL_PKCS8_d2i(void)
 #endif /* OPENSSL_ALL */
 
 #ifndef NO_FILESYSTEM
+#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(XBADFILE, pkey, NULL, NULL, 0, NULL,
+        NULL), 0);
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
+        NULL), 0);
+#endif
+
 #ifndef NO_RSA
     /* Get DER encoded RSA PKCS#8 data. */
     ExpectTrue((file = XFOPEN(rsaDerPkcs8File, "rb")) != XBADFILE);
@@ -40573,20 +54956,33 @@ static int test_wolfSSL_PKCS8_d2i(void)
 #if defined(OPENSSL_ALL) && \
     !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(NULL, pkey, NULL, NULL, 0, NULL,
+        NULL), 0);
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, NULL, NULL, NULL, 0, NULL,
+        NULL), 0);
     /* Write PKCS#8 PEM to BIO. */
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
         NULL), bytes);
+    /* Write PKCS#8 PEM to stderr. */
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, NULL, NULL, 0, NULL,
+        NULL), bytes);
     /* Compare file and written data */
     ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes);
     ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
     BIO_free(bio);
     bio = NULL;
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_gcm(),
+        NULL, 0, PasswordCallBack, (void*)"yassl123"), 0);
+#endif
 #if !defined(NO_DES3) && !defined(NO_SHA)
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     /* Write Encrypted PKCS#8 PEM to BIO. */
     bytes = 1834;
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
         NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_des_ede3_cbc(),
+        NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
     ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
         (void*)"yassl123"));
     EVP_PKEY_free(evpPkey);
@@ -40656,6 +55052,8 @@ static int test_wolfSSL_PKCS8_d2i(void)
     /* Write PKCS#8 PEM to BIO. */
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
         NULL), bytes);
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, NULL, NULL, 0, NULL,
+        NULL), bytes);
     /* Compare file and written data */
     ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes);
     ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
@@ -40665,6 +55063,14 @@ static int test_wolfSSL_PKCS8_d2i(void)
     /* Write Encrypted PKCS#8 PEM to BIO. */
     bytes = 379;
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
+        NULL, 0, NoPasswordCallBack, (void*)"yassl123"), 0);
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
+        NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(),
+        NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(),
+        (char*)"yassl123", 8, PasswordCallBack, NULL), bytes);
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_256_cbc(),
         NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
     ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
         (void*)"yassl123"));
@@ -40704,8 +55110,9 @@ static int test_wolfSSL_PKCS8_d2i(void)
     return EXPECT_RESULT();
 }
 
-#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
-    defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
+#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \
+    !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
+    defined(DEBUG_WOLFSSL)
 #define LOGGING_THREADS 5
 #define ERROR_COUNT 10
 /* copied from logging.c since this is not exposed otherwise */
@@ -40760,8 +55167,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
 static int test_error_queue_per_thread(void)
 {
     int res = TEST_SKIPPED;
-#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
-    defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
+#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \
+    !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
+    defined(DEBUG_WOLFSSL)
     THREAD_TYPE loggingThreads[LOGGING_THREADS];
     int i;
 
@@ -40862,13 +55270,13 @@ static int test_wolfSSL_ERR_get_error_order(void)
     /* Empty the queue. */
     wolfSSL_ERR_clear_error();
 
-    wolfSSL_ERR_put_error(0, 0, ASN_NO_SIGNER_E, "test", 0);
-    wolfSSL_ERR_put_error(0, 0, ASN_SELF_SIGNED_E, "test", 0);
+    wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), "test", 0);
+    wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E), "test", 0);
 
-    ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_NO_SIGNER_E);
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E);
-    ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E);
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E);
+    ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+    ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
 #endif /* WOLFSSL_HAVE_ERROR_QUEUE && OPENSSL_EXTRA */
     return EXPECT_RESULT();
 }
@@ -40911,7 +55319,9 @@ static int test_wolfSSL_ERR_print_errors(void)
     defined(DEBUG_WOLFSSL)
 static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
 {
-    wolfSSL_BIO_write((BIO*)u, str, (int)len);
+    if (u != NULL) {
+        wolfSSL_BIO_write((BIO*)u, str, (int)len);
+    }
     return 0;
 }
 #endif
@@ -40984,8 +55394,8 @@ static int test_wc_ERR_print_errors_fp(void)
     long sz;
     XFILE fp = XBADFILE;
 
-    WOLFSSL_ERROR(BAD_FUNC_ARG);
-    ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar")) !=
+    WOLFSSL_ERROR(WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "a+")) !=
         XBADFILE);
     wc_ERR_print_errors_fp(fp);
 #if defined(DEBUG_WOLFSSL)
@@ -41045,7 +55455,7 @@ static int test_wolfSSL_MD4(void)
 
     XMEMSET(out, 0, sizeof(out));
     MD4_Init(&md4);
-    MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
+    MD4_Update(&md4, (const void*)msg, (word32)msgSz);
     MD4_Final(out, &md4);
     ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
 #endif
@@ -41150,9 +55560,9 @@ static int test_wolfSSL_MD5_Transform(void)
     ExpectIntEQ(MD5_Transform(NULL, NULL), 0);
     ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0);
-    ExpectIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init MD5 CTX */
     ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
@@ -41186,7 +55596,7 @@ static int test_wolfSSL_SHA(void)
         unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
                                    "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
         unsigned char out[WC_SHA_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
         WOLFSSL_SHA_CTX sha;
 
         XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
@@ -41227,7 +55637,7 @@ static int test_wolfSSL_SHA(void)
             "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
             "\x15\xAD";
         unsigned char out[WC_SHA256_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
 
         XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
 #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
@@ -41254,7 +55664,7 @@ static int test_wolfSSL_SHA(void)
             "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
             "\xc8\x25\xa7";
         unsigned char out[WC_SHA384_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
 
         XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
 #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
@@ -41282,7 +55692,7 @@ static int test_wolfSSL_SHA(void)
             "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
             "\xa5\x4c\xa4\x9f";
         unsigned char out[WC_SHA512_DIGEST_SIZE];
-        unsigned char* p;
+        unsigned char* p = NULL;
 
         XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
 #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
@@ -41348,9 +55758,9 @@ static int test_wolfSSL_SHA_Transform(void)
     ExpectIntEQ(SHA1_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
-    ExpectIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA CTX */
     ExpectIntEQ(SHA_Init(&sha.compat), 1);
@@ -41407,7 +55817,7 @@ static int test_wolfSSL_SHA224(void)
          "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
     size_t inLen;
     byte hash[WC_SHA224_DIGEST_SIZE];
-    unsigned char* p;
+    unsigned char* p = NULL;
 
     inLen  = XSTRLEN((char*)input);
 
@@ -41489,9 +55899,9 @@ static int test_wolfSSL_SHA256_Transform(void)
     ExpectIntEQ(SHA256_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA256 CTX */
     ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
@@ -41563,9 +55973,9 @@ static int test_wolfSSL_SHA512_Transform(void)
     ExpectIntEQ(SHA512_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
@@ -41633,10 +56043,10 @@ static int test_wolfSSL_SHA512_224_Transform(void)
     ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1);
@@ -41706,10 +56116,10 @@ static int test_wolfSSL_SHA512_256_Transform(void)
     ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1);
@@ -41853,7 +56263,7 @@ static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest,
     ExpectIntEQ(digestSz, digestSz2);
     ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
 
-    *sz = digestSz;
+    *sz = (int)digestSz;
     return EXPECT_RESULT();
 }
 #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
@@ -42015,7 +56425,7 @@ static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
     ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1);
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1);
 #else
-    ExpectIntEQ(HMAC_size(hmac), BAD_FUNC_ARG);
+    ExpectIntEQ(HMAC_size(hmac), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0);
     ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0);
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0);
@@ -42023,7 +56433,7 @@ static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
     ExpectIntEQ(HMAC_Init_ex(NULL, (void*)key, (int)sizeof(key), md, e), 0);
     ExpectIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), 1);
 
-    /* re-using test key as data to hash */
+    /* reusing test key as data to hash */
     ExpectIntEQ(HMAC_Update(NULL, key, (int)sizeof(key)), 0);
     ExpectIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), 1);
     ExpectIntEQ(HMAC_Update(hmac, key, 0), 1);
@@ -42130,7 +56540,7 @@ static int test_wolfSSL_CMAC(void)
     ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
     ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
         NULL), 1);
-    /* re-using test key as data to hash */
+    /* reusing test key as data to hash */
     ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
     ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
     ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 1);
@@ -42220,8 +56630,8 @@ static int test_wolfSSL_DES(void)
     const_DES_cblock myDes;
     DES_cblock iv;
     DES_key_schedule key;
-    word32 i;
-    DES_LONG dl;
+    word32 i = 0;
+    DES_LONG dl = 0;
     unsigned char msg[] = "hello wolfssl";
     unsigned char weakKey[][8] = {
         { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
@@ -42788,7 +57198,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
     /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
     ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
     ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
-            15), WOLFSSL_FAILURE);
+            15), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
             sizeof(key256)), sizeof(wrapCipher));
     wc_AesFree((Aes*)&aes);
@@ -42796,7 +57206,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
     /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
     ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
     ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
-            23), WOLFSSL_FAILURE);
+            23), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
             sizeof(wrapCipher)), sizeof(wrapPlain));
     ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
@@ -43114,10 +57524,10 @@ static int test_wolfSSL_RC4(void)
             XMEMSET(dec, 0, sizeof(dec));
 
             /* Encrypt */
-            wolfSSL_RC4_set_key(&rc4Key, i, key);
+            wolfSSL_RC4_set_key(&rc4Key, (int)i, key);
             wolfSSL_RC4(&rc4Key, j, data, enc);
             /* Decrypt */
-            wolfSSL_RC4_set_key(&rc4Key, i, key);
+            wolfSSL_RC4_set_key(&rc4Key, (int)i, key);
             wolfSSL_RC4(&rc4Key, j, enc, dec);
 
             ExpectIntEQ(XMEMCMP(dec, data, j), 0);
@@ -43135,7 +57545,8 @@ static int test_wolfSSL_OBJ(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
     !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
-    defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
+    defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && \
+    !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
     ASN1_OBJECT *obj = NULL;
     ASN1_OBJECT *obj2 = NULL;
     char buf[50];
@@ -43164,7 +57575,7 @@ static int test_wolfSSL_OBJ(void)
     ASN1_STRING *asn1 = NULL;
     unsigned char *buf_dyn = NULL;
 
-    ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
+    ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
     ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy);
     ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
@@ -43199,6 +57610,16 @@ static int test_wolfSSL_OBJ(void)
 
         /* Get the Common Name by using OBJ_txt2obj */
         ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, NULL, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, field_name_obj, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 0),
+            WOLFSSL_FATAL_ERROR);
         do
         {
             lastpos = tmp;
@@ -43288,10 +57709,10 @@ static int test_wolfSSL_OBJ_cmp(void)
     ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
     ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256));
 
-    ExpectIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(OBJ_cmp(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(obj, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(NULL, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(obj, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(OBJ_cmp(obj, obj), 0);
     ExpectIntEQ(OBJ_cmp(obj2, obj2), 0);
 
@@ -43435,6 +57856,7 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
     BIO* output = NULL;
     X509* x509a = NULL;
     X509* x509b = NULL;
+    X509* empty = NULL;
 
     ASN1_TIME* notBeforeA = NULL;
     ASN1_TIME* notAfterA  = NULL;
@@ -43462,10 +57884,16 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
 
     /* write X509 back to PEM BIO; no need to sign as nothing changed. */
     ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE);
     ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
     /* compare length against expected */
     expectedLen = 2000;
     ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
+    wolfSSL_X509_free(empty);
 
 #ifndef NO_ASN_TIME
     /* read exported X509 PEM back into struct, sanity check on export,
@@ -43575,10 +58003,12 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
     X509*      x509 = NULL;
 #ifndef NO_BIO
+    X509*      empty = NULL;
     BIO*       bio = NULL;
 #endif
     X509_NAME* nm = NULL;
     X509_NAME_ENTRY* entry = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL;
     unsigned char cn[] = "another name to add";
 #ifdef OPENSSL_ALL
     int i;
@@ -43588,24 +58018,37 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     ExpectNotNull(x509 =
             wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
 #ifndef NO_BIO
+    ExpectNotNull(empty = wolfSSL_X509_new());
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE);
     ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
+    wolfSSL_X509_free(empty);
 #endif
 
 #ifdef WOLFSSL_CERT_REQ
     {
         X509_REQ* req = NULL;
 #ifndef NO_BIO
+        X509_REQ* emptyReq = NULL;
         BIO*      bReq = NULL;
 #endif
 
         ExpectNotNull(req =
             wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
 #ifndef NO_BIO
+        ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new());
         ExpectNotNull(bReq = BIO_new(BIO_s_mem()));
+        ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE);
         ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
 
         BIO_free(bReq);
+        X509_REQ_free(emptyReq);
 #endif
         X509_free(req);
     }
@@ -43618,10 +58061,26 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
                 0x0c, cn, (int)sizeof(cn)));
     ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
 
+    /* @TODO the internal name entry set value needs investigated for matching
+     * behavior with OpenSSL. At the moment the getter function for the set
+     * value is being tested only in that it succeeds in getting the internal
+     * value. */
+    ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0);
+
 #ifdef WOLFSSL_CERT_EXT
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
-                                           (byte*)"support@wolfssl.com", 19, -1,
-                                           1), WOLFSSL_SUCCESS);
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8,
+        (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1));
+    ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1));
+    ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0));
 #endif
     X509_NAME_ENTRY_free(entry);
     entry = NULL;
@@ -43629,19 +58088,26 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 #ifdef WOLFSSL_CERT_REQ
     {
         unsigned char srv_pkcs9p[] = "Server";
+        unsigned char rfc822Mlbx[] = "support@wolfssl.com";
         unsigned char fvrtDrnk[] = "tequila";
         unsigned char* der = NULL;
         char* subject = NULL;
+
         ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
             MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
 
+        ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox,
+            MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS);
+
         ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink,
             MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS);
 
+        ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG);
         ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0);
         ExpectNotNull(der);
 
-        ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0));
+        ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0));
+        ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com"));
         ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila"));
         ExpectNotNull(XSTRSTR(subject, "contentType=Server"));
     #ifdef DEBUG_WOLFSSL
@@ -43654,9 +58120,13 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     }
 #endif
 
+    ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn,
+        (int)sizeof(cn)));
     /* Test add entry by text */
     ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
                 0x0c, cn, (int)sizeof(cn)));
+    ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName",
+                0x0c, cn, (int)sizeof(cn)), entry);
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
     || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
     ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
@@ -43678,6 +58148,13 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     }
 #endif
 
+    ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL));
+    ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0);
+    ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0));
+    ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0));
+    wolfSSL_sk_X509_NAME_ENTRY_free(entries);
+
 #ifndef NO_BIO
     BIO_free(bio);
 #endif
@@ -43687,13 +58164,14 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 }
 
 /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
-static int test_GENERAL_NAME_set0_othername(void) {
+static int test_GENERAL_NAME_set0_othername(void)
+{
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_FPKI)
+    defined(WOLFSSL_FPKI) && !defined(NO_RSA)
     /* ./configure --enable-opensslall --enable-certgen --enable-certreq
      *  --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
      *  -DWOLFSSL_ALT_NAMES  -DWOLFSSL_FPKI' */
@@ -43728,6 +58206,20 @@ static int test_GENERAL_NAME_set0_othername(void) {
     if ((value == NULL) || (value->value.ptr != (char*)utf8str)) {
         wolfSSL_ASN1_STRING_free(utf8str);
     }
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL   , NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , NULL   , NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL   , value),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , upn_oid, NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , NULL   , value),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, value ),
+        WOLFSSL_FAILURE);
     ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1);
     if (EXPECT_FAIL()) {
         ASN1_TYPE_free(value);
@@ -43752,11 +58244,14 @@ static int test_GENERAL_NAME_set0_othername(void) {
     ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
     gns = NULL;
-    ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
-        NULL));
+    ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
+        NID_subject_alt_name, NULL, NULL));
 
+    ExpectIntEQ(sk_GENERAL_NAME_num(NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3);
 
+    ExpectNull(sk_GENERAL_NAME_value(NULL, 0));
+    ExpectNull(sk_GENERAL_NAME_value(gns, 20));
     ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 2));
     ExpectIntEQ(gn->type, 0);
 
@@ -43771,13 +58266,14 @@ static int test_GENERAL_NAME_set0_othername(void) {
 }
 
 /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
-static int test_othername_and_SID_ext(void) {
+static int test_othername_and_SID_ext(void)
+{
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE)
+    defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA)
     /* ./configure --enable-opensslall --enable-certgen --enable-certreq
      *  --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
      *  -DWOLFSSL_ALT_NAMES  -DWOLFSSL_FPKI' */
@@ -43786,6 +58282,7 @@ static int test_othername_and_SID_ext(void) {
 
     byte der[4096];
     int derSz = 0;
+    byte badDer[2] = { 0x30, 0x00 };
     X509_REQ* x509 = NULL;
     STACK_OF(X509_EXTENSION) *exts = NULL;
 
@@ -43801,13 +58298,13 @@ static int test_othername_and_SID_ext(void) {
     /* SID extension. SID data format explained here:
      * https://blog.qdsecurity.se/2022/05/27/manually-injecting-a-sid-in-a-certificate/
      */
-    uint8_t SidExtension[] = {
+    byte SidExtension[] = {
     48, 64, 160, 62, 6,  10, 43, 6,  1,  4,  1,  130, 55, 25, 2,  1,  160,
     48, 4,  46,  83, 45, 49, 45, 53, 45, 50, 49, 45,  50, 56, 52, 51, 57,
     48, 55, 52,  49, 56, 45, 51, 57, 50, 54, 50, 55,  55, 52, 50, 49, 45,
     51, 56, 49,  53, 57, 57, 51, 57, 55, 50, 45, 52,  54, 48, 49};
 
-    uint8_t expectedAltName[] = {
+    byte expectedAltName[] = {
     0x30, 0x27, 0xA0, 0x25, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82,
     0x37, 0x14, 0x02, 0x03, 0xA0, 0x17, 0x0C, 0x15, 0x6F, 0x74, 0x68, 0x65,
     0x72, 0x6E, 0x61, 0x6D, 0x65, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
@@ -43817,6 +58314,8 @@ static int test_othername_and_SID_ext(void) {
     ASN1_OBJECT* sid_oid = NULL;
     ASN1_OCTET_STRING *sid_data = NULL;
 
+    ASN1_OBJECT* alt_names_oid = NULL;
+
     EVP_PKEY* priv = NULL;
     XFILE f = XBADFILE;
     byte* pt = NULL;
@@ -43856,7 +58355,13 @@ static int test_othername_and_SID_ext(void) {
     ExpectNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0,
                                                          sid_data));
     ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
+    wolfSSL_sk_X509_EXTENSION_free(exts);
+    exts = NULL;
+    ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
     /* Ensure an empty stack doesn't raise an error. */
+    ExpectIntEQ(X509_REQ_add_extensions(NULL, NULL), 0);
+    ExpectIntEQ(X509_REQ_add_extensions(x509, NULL), 0);
+    ExpectIntEQ(X509_REQ_add_extensions(NULL, exts), 0);
     ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1);
     ExpectIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1);
     if (EXPECT_FAIL()) {
@@ -43877,15 +58382,23 @@ static int test_othername_and_SID_ext(void) {
     ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0);
     pt = der;
     ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0);
+    X509_REQ_free(x509);
+    x509 = NULL;
+    ExpectNull(d2i_X509_REQ_INFO(&x509, NULL, derSz));
+    pt = badDer;
+    ExpectNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt,
+        sizeof(badDer)));
+    pt = der;
+    ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz));
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
     gns = NULL;
     sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
     exts = NULL;
     ASN1_OBJECT_free(upn_oid);
     ASN1_OBJECT_free(sid_oid);
+    sid_oid = NULL;
     ASN1_OCTET_STRING_free(sid_data);
     X509_REQ_free(x509);
-    x509 = NULL;
     EVP_PKEY_free(priv);
 
     /* At this point everything used to generate what is in der is cleaned up.
@@ -43900,24 +58413,31 @@ static int test_othername_and_SID_ext(void) {
     BIO_free(bio);
     ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(
         x509));
+    ExpectIntEQ(sk_X509_EXTENSION_num(NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2);
 
     /* Check the SID extension. */
-    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 0));
+    ExpectNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1));
+    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts,
+            X509_get_ext_by_OBJ(x509, sid_oid, -1)));
     ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
     ExpectIntEQ(extval->length, sizeof(SidExtension));
     ExpectIntEQ(XMEMCMP(SidExtension, extval->data, sizeof(SidExtension)), 0);
+    ASN1_OBJECT_free(sid_oid);
 
     /* Check the AltNames extension. */
-    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 1));
+    ExpectNotNull(alt_names_oid = OBJ_txt2obj("subjectAltName", 0));
+    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts,
+            X509_get_ext_by_OBJ(x509, alt_names_oid, -1)));
     ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
     ExpectIntEQ(extval->length, sizeof(expectedAltName));
     ExpectIntEQ(XMEMCMP(expectedAltName, extval->data, sizeof(expectedAltName)),
                 0);
+    ASN1_OBJECT_free(alt_names_oid);
 
     /* Cleanup */
-    ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
-                                         NULL));
+    ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
+        NID_subject_alt_name, NULL, NULL));
     ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1);
     ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0));
     ExpectIntEQ(gn->type, 0);
@@ -43947,14 +58467,14 @@ static int test_wolfSSL_X509_set_name(void)
                                            1), WOLFSSL_SUCCESS);
     ExpectNotNull(x509 = X509_new());
 
-    ExpectIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_subject_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_subject_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_issuer_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_issuer_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
 
     X509_free(x509);
@@ -44074,6 +58594,9 @@ static int test_wolfSSL_X509_set_notBefore(void)
     ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL));
     ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time));
 
+    ExpectNull(X509_get_notBefore(NULL));
+    ExpectNull(X509_get_notAfter(NULL));
+
     /*
      * Cleanup
      */
@@ -44096,13 +58619,16 @@ static int test_wolfSSL_X509_set_version(void)
     ExpectNotNull(x509 = X509_new());
     /* These should pass. */
     ExpectTrue(wolfSSL_X509_set_version(x509, v));
+    ExpectIntEQ(0, wolfSSL_X509_get_version(NULL));
     ExpectIntEQ(v, wolfSSL_X509_get_version(x509));
     /* Fail Case: When v(long) is greater than x509->version(int). */
     v = maxInt+1;
     ExpectFalse(wolfSSL_X509_set_version(x509, v));
 
-    ExpectFalse(wolfSSL_X509_set_version(NULL, 2L));
-    ExpectFalse(wolfSSL_X509_set_version(NULL, maxInt+1));
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE);
 
     /* Cleanup */
     X509_free(x509);
@@ -44130,7 +58656,7 @@ static int test_wolfSSL_BIO_gets(void)
     /* try with bad args */
     ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
 #ifdef OPENSSL_ALL
-    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), BAD_FUNC_ARG);
+    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     /* try with real msg */
@@ -44230,7 +58756,7 @@ static int test_wolfSSL_BIO_gets(void)
     /* check error cases */
     BIO_free(bio);
     bio = NULL;
-    ExpectIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(BIO_gets(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
 
@@ -44543,7 +59069,7 @@ static int test_wolfSSL_BIO_connect(void)
     server_args.signal = &ready;
     start_thread(test_server_nofail, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
-    ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0);
+    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
 
     /* Start the test proper */
     /* Setup the TCP BIO */
@@ -44590,7 +59116,7 @@ static int test_wolfSSL_BIO_connect(void)
     server_args.signal = &ready;
     start_thread(test_server_nofail, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
-    ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0);
+    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
 
     ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx));
     ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
@@ -44619,7 +59145,8 @@ static int test_wolfSSL_BIO_connect(void)
 static int test_wolfSSL_BIO_tls(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL *ssl = NULL;
     BIO *readBio = NULL;
@@ -44641,15 +59168,15 @@ static int test_wolfSSL_BIO_tls(void)
 
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = SSL_connect(ssl);
         err = SSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* in this use case, should return WANT READ
      * so that Qt will read the data from plain packet for next state.
      */
@@ -44661,6 +59188,201 @@ static int test_wolfSSL_BIO_tls(void)
     return EXPECT_RESULT();
 }
 
+
+static int test_wolfSSL_BIO_datagram(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
+    int ret;
+    SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID;
+    WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL;
+    WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL;
+    SOCKADDR_IN sin1, sin2;
+    socklen_t slen;
+    static const char test_msg[] = "I am a datagram, short and stout.";
+    char test_msg_recvd[sizeof(test_msg) + 10];
+#ifdef USE_WINDOWS_API
+    static const DWORD timeout = 250; /* ms */
+#else
+    static const struct timeval timeout = { 0, 250000 };
+#endif
+
+    StartTCP();
+
+    if (EXPECT_SUCCESS()) {
+        fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+        ExpectIntNE(fd1, SOCKET_INVALID);
+    }
+    if (EXPECT_SUCCESS()) {
+        fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+        ExpectIntNE(fd2, SOCKET_INVALID);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */);
+        ExpectNotNull(bio1);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */);
+        ExpectNotNull(bio2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        sin1.sin_family = AF_INET;
+        sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        sin1.sin_port = 0;
+        slen = (socklen_t)sizeof(sin1);
+        ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0);
+        ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
+        ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        sin2.sin_family = AF_INET;
+        sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        sin2.sin_port = 0;
+        slen = (socklen_t)sizeof(sin2);
+        ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0);
+        ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
+        ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio_addr1 = wolfSSL_BIO_ADDR_new();
+        ExpectNotNull(bio_addr1);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio_addr2 = wolfSSL_BIO_ADDR_new();
+        ExpectNotNull(bio_addr2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+    ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg));
+#endif
+
+    /* bio2 should now have bio1's addr stored as its peer_addr, because the
+     * BIOs aren't "connected" yet.  use it to send a reply.
+     */
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
+    ExpectIntNE(BIO_should_retry(bio1), 0);
+
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
+    ExpectIntNE(BIO_should_retry(bio2), 0);
+
+    /* now "connect" the sockets. */
+
+    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0);
+    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+
+    if (EXPECT_SUCCESS()) {
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr1);
+    }
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+#ifdef __linux__
+    /* now "disconnect" the sockets and attempt transmits expected to fail. */
+
+    sin1.sin_family = AF_UNSPEC;
+    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+    sin1.sin_family = AF_INET;
+
+    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
+    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
+
+    if (EXPECT_SUCCESS()) {
+        sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    test_msg_recvd[0] = 0;
+    errno = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1);
+    ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH));
+
+#endif /* __linux__ */
+
+
+    if (bio1) {
+        ret = wolfSSL_BIO_free(bio1);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    } else if (fd1 != SOCKET_INVALID)
+        CloseSocket(fd1);
+    if (bio2) {
+        ret = wolfSSL_BIO_free(bio2);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    } else if (fd2 != SOCKET_INVALID)
+        CloseSocket(fd2);
+    if (bio_addr1)
+        wolfSSL_BIO_ADDR_free(bio_addr1);
+    if (bio_addr2)
+        wolfSSL_BIO_ADDR_free(bio_addr2);
+
+#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */
+
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_BIO_s_null(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(OPENSSL_EXTRA)
+    BIO *b = NULL;
+    char testData[10] = {'t','e','s','t',0};
+
+    ExpectNotNull(b = BIO_new(BIO_s_null()));
+    ExpectIntEQ(BIO_write(b, testData, sizeof(testData)), sizeof(testData));
+    ExpectIntEQ(BIO_read(b, testData, sizeof(testData)), 0);
+    ExpectIntEQ(BIO_puts(b, testData), 4);
+    ExpectIntEQ(BIO_gets(b, testData, sizeof(testData)), 0);
+    ExpectIntEQ(BIO_pending(b), 0);
+    ExpectIntEQ(BIO_eof(b), 1);
+
+    BIO_free(b);
+#endif
+    return EXPECT_RESULT();
+}
+
 #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
     defined(HAVE_HTTP_CLIENT)
 static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
@@ -44847,7 +59569,7 @@ static int test_wolfSSL_BIO_printf(void)
     XMEMSET(out, 0, sizeof(out));
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
-    ExpectIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(BIO_printf(NULL, ""), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30);
     ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
     BIO_free(bio);
@@ -44992,7 +59714,7 @@ static int test_wolfSSL_BIO_reset(void)
     ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0);
     ExpectIntEQ(BIO_read(bio, buf, 16), -1);
     XMEMSET(buf, 0, 16);
-    ExpectIntEQ(BIO_reset(bio), 0);
+    ExpectIntEQ(BIO_reset(bio), 1);
     ExpectIntEQ(BIO_read(bio, buf, 16), 16);
     ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0);
     BIO_free(bio);
@@ -45334,7 +60056,7 @@ static int test_wolfSSL_sigalg_info(void)
     word16 idx = 0;
     int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM;
 
-    InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len);
+    InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len);
     for (idx = 0; idx < len; idx += 2) {
         int hashAlgo = 0;
         int sigAlgo = 0;
@@ -45346,7 +60068,7 @@ static int test_wolfSSL_sigalg_info(void)
         ExpectIntNE(sigAlgo, 0);
     }
 
-    InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs | SIG_ANON, 1,
+    InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1,
             0xFFFFFFFF, &len);
     for (idx = 0; idx < len; idx += 2) {
         int hashAlgo = 0;
@@ -45376,12 +60098,12 @@ static int test_wolfSSL_SESSION(void)
 #ifdef HAVE_EXT_CACHE
     unsigned char* sessDer = NULL;
     unsigned char* ptr     = NULL;
-    int sz;
+    int sz = 0;
 #endif
     const unsigned char context[] = "user app context";
     unsigned int contextSz = (unsigned int)sizeof(context);
 #endif
-    int ret, err;
+    int ret = 0, err = 0;
     SOCKET_T sockfd;
     tcp_ready ready;
     func_args server_args;
@@ -45391,9 +60113,9 @@ static int test_wolfSSL_SESSION(void)
 
     /* TLS v1.3 requires session tickets */
     /* CHACHA and POLY1305 required for myTicketEncCb */
-#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
-    !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
-            defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
+#if !defined(WOLFSSL_NO_TLS12) && (!defined(WOLFSSL_TLS13) || \
+    !(defined(HAVE_SESSION_TICKET) && ((defined(HAVE_CHACHA) && \
+            defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))))
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
 #else
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -45440,14 +60162,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -45455,14 +60177,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, (int)XSTRLEN(sendGET));
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -45470,18 +60192,19 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_read(ssl, msg, sizeof(msg));
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, 23);
 
     ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
     ExpectPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */
+    ExpectIntEQ(wolfSSL_SessionIsSetup(sess), 1);
 #ifdef HAVE_EXT_CACHE
     ExpectPtrEq(sess, sess_copy); /* they should be the same pointer but without
                                    * HAVE_EXT_CACHE we get new objects each time */
@@ -45552,7 +60275,7 @@ static int test_wolfSSL_SESSION(void)
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
     /* get session from DER and update the timeout */
-    ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
     wolfSSL_SESSION_free(sess); sess = NULL;
     sess = NULL;
@@ -45578,10 +60301,10 @@ static int test_wolfSSL_SESSION(void)
         char buf[64] = {0};
         word32 bufSz = (word32)sizeof(buf);
 
-        ExpectIntEQ(SSL_SUCCESS,
+        ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
                 (word32)XSTRLEN(ticket)));
-        ExpectIntEQ(SSL_SUCCESS,
+        ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
         ExpectStrEQ(ticket, buf);
     }
@@ -45599,7 +60322,7 @@ static int test_wolfSSL_SESSION(void)
 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
     ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
 #else
-    ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl,sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
 
@@ -45607,15 +60330,15 @@ static int test_wolfSSL_SESSION(void)
     /* fail case with miss match session context IDs (use compatibility API) */
     ExpectIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
             SSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_free(ssl); ssl = NULL;
 
     ExpectIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
-            SSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
             SSL_SUCCESS);
     ExpectNotNull(ssl = wolfSSL_new(ctx));
-    ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #endif /* OPENSSL_EXTRA */
 
@@ -45700,15 +60423,12 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
     !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \
     !defined(WOLFSSL_NO_TLS12)
-
-    WOLFSSL_CTX* ctx = NULL;
     callback_functions server_cbf, client_cbf;
 
     XMEMSET(&server_cbf, 0, sizeof(callback_functions));
     XMEMSET(&client_cbf, 0, sizeof(callback_functions));
 
     /* force server side to use TLS 1.2 */
-    server_cbf.ctx = ctx;
     server_cbf.method = wolfTLSv1_2_server_method;
 
     client_cbf.method = wolfSSLv23_client_method;
@@ -45720,9 +60440,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
 
-    /* set the previously created session and wait till expired */
-    server_cbf.ctx = ctx;
-
     client_cbf.method = wolfSSLv23_client_method;
     server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
     client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait;
@@ -45733,9 +60450,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
 
-    /* set the previously created expired session */
-    server_cbf.ctx = ctx;
-
     client_cbf.method = wolfSSLv23_client_method;
     server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
     client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set;
@@ -45747,18 +60461,22 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
 
     wolfSSL_SESSION_free(test_wolfSSL_SESSION_expire_sess);
-    wolfSSL_CTX_free(ctx);
-
 #endif
     return EXPECT_RESULT();
 }
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
     defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
-static int clientSessRemCountMalloc = 0;
-static int serverSessRemCountMalloc = 0;
-static int clientSessRemCountFree = 0;
-static int serverSessRemCountFree = 0;
+#ifdef WOLFSSL_ATOMIC_OPS
+    typedef wolfSSL_Atomic_Int SessRemCounter_t;
+#else
+    typedef int SessRemCounter_t;
+#endif
+static SessRemCounter_t clientSessRemCountMalloc;
+static SessRemCounter_t serverSessRemCountMalloc;
+static SessRemCounter_t clientSessRemCountFree;
+static SessRemCounter_t serverSessRemCountFree;
+
 static WOLFSSL_CTX* serverSessCtx = NULL;
 static WOLFSSL_SESSION* serverSess = NULL;
 #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
@@ -45779,9 +60497,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
     side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
     if (side != NULL) {
         if (*side == WOLFSSL_CLIENT_END)
-            clientSessRemCountFree++;
+            (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1);
         else
-            serverSessRemCountFree++;
+            (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1);
 
         SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
     }
@@ -45818,16 +60536,16 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)
 
     if (SSL_is_server(ssl)) {
         side = &sessRemCtx_Server;
-        serverSessRemCountMalloc++;
+        (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1);
         ExpectNotNull(serverSess = SSL_get1_session(ssl));
         ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
                 SSL_SUCCESS);
     }
     else {
         side = &sessRemCtx_Client;
-        clientSessRemCountMalloc++;
-    #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
-        !defined(NO_SESSION_CACHE_REF)
+        (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
+#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
+    !defined(NO_SESSION_CACHE_REF)
         ExpectNotNull(clientSess = SSL_get1_session(ssl));
         ExpectIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
                 SSL_SUCCESS);
@@ -45849,6 +60567,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
      * session object */
     test_ssl_cbf func_cb;
 
+    wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0);
+    wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0);
+    wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0);
+    wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0);
+
     XMEMSET(&func_cb, 0, sizeof(func_cb));
     func_cb.ctx_ready = SessRemCtxSetupCb;
     func_cb.on_result = SessRemSslSetupCb;
@@ -45859,6 +60582,7 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
     /* Both should have been allocated */
     ExpectIntEQ(clientSessRemCountMalloc, 1);
     ExpectIntEQ(serverSessRemCountMalloc, 1);
+
     /* This should not be called yet. Session wasn't evicted from cache yet. */
     ExpectIntEQ(clientSessRemCountFree, 0);
 #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
@@ -45885,7 +60609,6 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
     ExpectIntEQ(SSL_CTX_remove_session(serverSessCtx, serverSess), 0);
     ExpectNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx));
     ExpectIntEQ(serverSessRemCountFree, 1);
-
     /* Need to free the references that we kept */
     SSL_CTX_free(serverSessCtx);
     SSL_SESSION_free(serverSess);
@@ -45902,41 +60625,41 @@ static int test_wolfSSL_ticket_keys(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
-    !defined(NO_WOLFSSL_SERVER)
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     byte keys[WOLFSSL_TICKET_KEYS_SZ];
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
                 WOLFSSL_SUCCESS);
@@ -46008,7 +60731,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
     return EXPECT_RESULT();
 }
 
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \
+    !defined(NO_TLS)
 static int test_wolfSSL_d2i_PrivateKeys_bio(void)
 {
     EXPECT_DECLS;
@@ -46029,7 +60753,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     {
         XFILE file = XBADFILE;
         const char* fname = "./certs/server-key.der";
-        size_t sz;
+        size_t sz = 0;
         byte* buf = NULL;
 
         ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
@@ -46058,7 +60782,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     {
         XFILE file = XBADFILE;
         const char* fname = "./certs/ecc-key.der";
-        size_t sz;
+        size_t sz = 0;
         byte* buf = NULL;
 
         ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
@@ -46088,15 +60812,22 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
 #endif
 
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
+        const unsigned char seqOnly[] = { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00 };
         RSA* rsa = NULL;
         /* Tests bad parameters */
         ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL));
 
+        /* Test using bad data. */
+        ExpectIntGT(BIO_write(bio, seqOnly, sizeof(seqOnly)), 0);
+        ExpectNull(d2i_RSAPrivateKey_bio(bio, NULL));
+
         /* RSA not set yet, expecting to fail*/
-        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
+        rsa = wolfSSL_RSA_new();
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        wolfSSL_RSA_free(rsa);
+        rsa = NULL;
 
 #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
         /* set RSA using bio*/
@@ -46105,10 +60836,15 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
         ExpectNotNull(d2i_RSAPrivateKey_bio(bio, &rsa));
         ExpectNotNull(rsa);
 
+        /* Tests bad parameters */
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
         ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
 
         /* i2d RSAprivate key tests */
-        ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
+        ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
                                                sizeof_client_key_der_2048);
@@ -46123,13 +60859,20 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
                             sizeof_client_key_der_2048), 0);
         XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
 
+        RSA_free(rsa);
+        rsa = NULL;
+        ExpectIntGT(BIO_write(bio, client_key_der_2048,
+                    sizeof_client_key_der_2048), 0);
+        ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa));
+        (void)BIO_reset(bio);
+
         RSA_free(rsa);
         rsa = RSA_new();
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0);
 #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
         RSA_free(rsa);
     }
-#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
     SSL_CTX_free(ctx);
     ctx = NULL;
     BIO_free(bio);
@@ -46149,6 +60892,7 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
     !defined(NO_RSA)
     X509* x509 = NULL;
     GENERAL_NAME* gn = NULL;
+    GENERAL_NAME* dup_gn = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt = NULL;
     int bytes = 0;
@@ -46186,6 +60930,10 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
                     break;
                 }
             }
+
+            ExpectNotNull(dup_gn = wolfSSL_GENERAL_NAME_dup(gn));
+            wolfSSL_GENERAL_NAME_free(dup_gn);
+            dup_gn = NULL;
         }
         X509_free(x509);
         x509 = NULL;
@@ -46201,6 +60949,11 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
         }
         sk = NULL;
     }
+
+    ExpectNull(wolfSSL_GENERAL_NAME_dup(NULL));
+    ExpectIntEQ(wolfSSL_GENERAL_NAME_set_type(NULL, WOLFSSL_GEN_IA5),
+        BAD_FUNC_ARG);
+    wolfSSL_GENERAL_NAMES_free(NULL);
 #endif
     return EXPECT_RESULT();
 }
@@ -46211,9 +60964,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
 #if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA)
     X509* x509 = NULL;
     GENERAL_NAME* gn = NULL;
+    GENERAL_NAME* dup_gn = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt = NULL;
-    int bytes;
+    int bytes = 0;
     XFILE f = XBADFILE;
     STACK_OF(GENERAL_NAME)* sk = NULL;
     BIO* out = NULL;
@@ -46223,6 +60977,7 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     AUTHORITY_INFO_ACCESS* aia = NULL;
     ACCESS_DESCRIPTION* ad = NULL;
     ASN1_IA5STRING *dnsname = NULL;
+    ASN1_OBJECT* ridObj = NULL;
 
     const unsigned char v4Addr[] = {192,168,53,1};
     const unsigned char v6Addr[] =
@@ -46231,15 +60986,20 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     const unsigned char email[]  =
                              {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
                               'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
+    const unsigned char ridData[] = { 0x06, 0x04, 0x2a, 0x03, 0x04, 0x05 };
+    const unsigned char* p;
+    unsigned long len;
 
-    const char* dnsStr   = "DNS:example.com";
-    const char* uriStr   = "URI:http://127.0.0.1:22220";
-    const char* v4addStr = "IP Address:192.168.53.1";
-    const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
-    const char* emailStr = "email:info@wolfssl.com";
-    const char* othrStr  = "othername:<unsupported>";
-    const char* x400Str  = "X400Name:<unsupported>";
-    const char* ediStr   = "EdiPartyName:<unsupported>";
+    const char* dnsStr     = "DNS:example.com";
+    const char* uriStr     = "URI:http://127.0.0.1:22220";
+    const char* v4addStr   = "IP Address:192.168.53.1";
+    const char* v6addStr   = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
+    const char* emailStr   = "email:info@wolfssl.com";
+    const char* othrStr    = "othername:<unsupported>";
+    const char* x400Str    = "X400Name:<unsupported>";
+    const char* ediStr     = "EdiPartyName:<unsupported>";
+    const char* dirNameStr = "DirName:";
+    const char* ridStr     = "Registered ID:1.2.3.4.5";
 
     /* BIO to output */
     ExpectNotNull(out = BIO_new(BIO_s_mem()));
@@ -46288,6 +61048,16 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     XMEMSET(outbuf, 0, sizeof(outbuf));
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, outbuf);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_DNS, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, outbuf);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, outbuf);
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
     GENERAL_NAME_free(gn);
 
     /* test for GEN_URI */
@@ -46307,6 +61077,9 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (ad != NULL) {
         gn = ad->location;
     }
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
     ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
     gn = NULL;
 
@@ -46341,6 +61114,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -46361,6 +61138,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -46381,6 +61162,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -46415,6 +61200,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (gn != NULL) {
         gn->type = GEN_IA5;
     }
+
+    /* Duplicating GEN_X400 not supported. */
+    ExpectNull(GENERAL_NAME_dup(gn));
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -46434,6 +61223,51 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (gn != NULL) {
         gn->type = GEN_IA5;
     }
+
+    /* Duplicating GEN_EDIPARTY not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
+
+    GENERAL_NAME_free(gn);
+    gn = NULL;
+
+    /* test for GEN_DIRNAME */
+    ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
+    if (gn != NULL) {
+        gn->type = GEN_DIRNAME;
+    }
+    ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
+    XMEMSET(outbuf,0,sizeof(outbuf));
+    ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
+    ExpectIntEQ(XSTRNCMP((const char*)outbuf, dirNameStr, XSTRLEN(dirNameStr)),
+        0);
+    /* Duplicating GEN_DIRNAME not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
+    /* Restore to GEN_IA5 (default) to avoid memory leak. */
+    if (gn != NULL) {
+        gn->type = GEN_IA5;
+    }
+    GENERAL_NAME_free(gn);
+    gn = NULL;
+
+    /* test for GEN_RID */
+    p = ridData;
+    len = sizeof(ridData);
+    ExpectNotNull(ridObj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, len));
+    ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
+    if (gn != NULL) {
+        gn->type = GEN_RID;
+        wolfSSL_ASN1_STRING_free(gn->d.ia5);
+        gn->d.registeredID = ridObj;
+    }
+    else {
+        wolfSSL_ASN1_OBJECT_free(ridObj);
+    }
+    ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
+    XMEMSET(outbuf,0,sizeof(outbuf));
+    ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
+    ExpectIntEQ(XSTRNCMP((const char*)outbuf, ridStr, XSTRLEN(ridStr)), 0);
+    /* Duplicating GEN_DIRNAME not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -46450,14 +61284,14 @@ static int test_wolfSSL_sk_DIST_POINT(void)
     X509* x509 = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt;
-    int bytes;
-    int i;
-    int j;
+    int bytes = 0;
+    int i = 0;
+    int j = 0;
     XFILE f = XBADFILE;
-    DIST_POINT* dp;
-    DIST_POINT_NAME* dpn;
-    GENERAL_NAME* gn;
-    ASN1_IA5STRING* uri;
+    DIST_POINT* dp = NULL;
+    DIST_POINT_NAME* dpn = NULL;
+    GENERAL_NAME* gn = NULL;
+    ASN1_IA5STRING* uri = NULL;
     STACK_OF(DIST_POINT)* dps = NULL;
     STACK_OF(GENERAL_NAME)* gns = NULL;
     const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";
@@ -46493,8 +61327,20 @@ static int test_wolfSSL_sk_DIST_POINT(void)
         }
     }
 
+    ExpectNotNull(dp = wolfSSL_DIST_POINT_new());
+    wolfSSL_DIST_POINT_free(NULL);
+    wolfSSL_DIST_POINTS_free(NULL);
+    wolfSSL_sk_DIST_POINT_free(NULL);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(dps, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, dp), WOLFSSL_FAILURE);
+    ExpectNull(wolfSSL_sk_DIST_POINT_value(NULL, 0));
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_num(NULL), WOLFSSL_FATAL_ERROR);
+    wolfSSL_DIST_POINT_free(dp);
+
     X509_free(x509);
     CRL_DIST_POINTS_free(dps);
+
 #endif
     return EXPECT_RESULT();
 }
@@ -46504,7 +61350,9 @@ static int test_wolfSSL_sk_DIST_POINT(void)
 static int test_wolfSSL_verify_mode(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(NO_TLS) && (defined(OPENSSL_ALL) || \
+    defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
 
@@ -46566,10 +61414,11 @@ static int test_wolfSSL_verify_mode(void)
 static int test_wolfSSL_verify_depth(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
-    long         depth;
+    long         depth = 0;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
@@ -46597,12 +61446,12 @@ static int test_wolfSSL_verify_result(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(OPENSSL_ALL)) && !defined(NO_WOLFSSL_CLIENT)
+    defined(OPENSSL_ALL)) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
     long         result = 0xDEADBEEF;
 
-    ExpectIntEQ(WOLFSSL_FAILURE, wolfSSL_get_verify_result(ssl));
+    ExpectIntEQ(WC_NO_ERR_TRACE(WOLFSSL_FAILURE), wolfSSL_get_verify_result(ssl));
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = SSL_new(ctx));
@@ -46616,7 +61465,8 @@ static int test_wolfSSL_verify_result(void)
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
 static void sslMsgCb(int w, int version, int type, const void* buf,
         size_t sz, SSL* ssl, void* arg)
 {
@@ -46635,7 +61485,8 @@ static void sslMsgCb(int w, int version, int type, const void* buf,
 static int test_wolfSSL_msg_callback(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
 
@@ -46643,7 +61494,7 @@ static int test_wolfSSL_msg_callback(void)
     ExpectNotNull(ssl = SSL_new(ctx));
     ExpectIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
     ExpectIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
-    ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
+    ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
@@ -46743,11 +61594,12 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
     };
 
     /* teset data size table */
-    int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
-    int test_drive2[] = {8, 3, 8, 512, 0};
-    int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
+    static const int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
+    static const int test_drive2[] = {8, 3, 8, 512, 0};
+    static const int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
+
+    static const int *test_drive[] = { test_drive1, test_drive2, test_drive3, NULL };
 
-    int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
     int test_drive_len[100];
 
     int ret = 0;
@@ -46949,6 +61801,7 @@ static int test_wolfSSL_PEM_read_DHparams(void)
         XFCLOSE(fp);
 
     DH_free(dh);
+    dh = NULL;
 #endif
     return EXPECT_RESULT();
 }
@@ -46961,12 +61814,16 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     ASN1_INTEGER* a = NULL;
     BIGNUM* bn = NULL;
     X509*   x509 = NULL;
+    X509*   empty = NULL;
     char *serialHex = NULL;
     byte serial[3];
     int  serialSz;
 
+    ExpectNotNull(empty = wolfSSL_X509_new());
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
+    ExpectNull(X509_get_serialNumber(NULL));
+    ExpectNotNull(X509_get_serialNumber(empty));
     ExpectNotNull(a = X509_get_serialNumber(x509));
 
     /* check on value of ASN1 Integer */
@@ -46976,7 +61833,22 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     /* test setting serial number and then retrieving it */
     ExpectNotNull(a = ASN1_INTEGER_new());
     ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1);
+    ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL),
+        BAD_FUNC_ARG);
+    serialSz = 0;
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
+        BUFFER_E);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(serialSz, 1);
     serialSz = sizeof(serial);
     ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
         WOLFSSL_SUCCESS);
@@ -47011,6 +61883,7 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     a = NULL;
 
     X509_free(x509); /* free's a */
+    X509_free(empty);
 
     ExpectNotNull(serialHex = BN_bn2hex(bn));
 #ifndef WC_DISABLE_RADIX_ZERO_PAD
@@ -47034,6 +61907,126 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ext_get_critical_by_NID(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    WOLFSSL_X509* x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL,
+        WC_NID_basic_constraints), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_basic_constraints), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_subject_alt_name), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_authority_key_identifier), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_subject_key_identifier), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_key_usage), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_crl_distribution_points), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_ext_key_usage), 0);
+#ifdef WOLFSSL_SEP
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_certificate_policies), 0);
+#endif
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_info_access), 0);
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_CRL_distribution_points(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    WOLFSSL_X509* x509 = NULL;
+    const char* file = "./certs/client-crl-dist.pem";
+
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL,
+        WC_NID_crl_distribution_points), 0);
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_crl_distribution_points), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file,
+         WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_crl_distribution_points), 1);
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_SEP(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_SEP)
+    WOLFSSL_X509* x509 = NULL;
+#if 0
+    byte* out;
+#endif
+    int outSz;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, &outSz));
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, &outSz));
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz));
+
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_certificate_policies), 0);
+
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+#if 0
+    /* Use certificate with the extension here. */
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
+        SSL_FILETYPE_PEM));
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_device_type(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_hw_type(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    wolfSSL_X509_free(x509);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_OpenSSL_add_all_algorithms(void)
 {
@@ -47078,7 +62071,7 @@ static int test_wolfSSL_OPENSSL_hexstr2buf(void)
     long len = 0;
     unsigned char* returnedBuf = NULL;
 
-    for (i = 0; i < NUM_CASES && EXPECT_SUCCESS(); ++i) {
+    for (i = 0; i < NUM_CASES && !EXPECT_FAIL(); ++i) {
         returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
         if (returnedBuf == NULL) {
             ExpectIntEQ(expectedOutputs[i].ret, 0);
@@ -47133,8 +62126,17 @@ static int test_wolfSSL_X509_check_ca(void)
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0);
     ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1);
     wolfSSL_X509_free(x509);
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0);
+    if (x509 != NULL) {
+        x509->extKeyUsageCrit = 1;
+    }
+    ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4);
+    wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
 }
@@ -47144,15 +62146,23 @@ static int test_wolfSSL_X509_check_ip_asc(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
     WOLFSSL_X509 *x509 = NULL;
+    WOLFSSL_X509 *empty = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
 #if 0
     /* TODO: add cert gen for testing positive case */
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
 #endif
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0);
+
+    wolfSSL_X509_free(empty);
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -47163,22 +62173,22 @@ static int test_wolfSSL_make_cert(void)
     EXPECT_DECLS;
 #if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \
     defined(WOLFSSL_CERT_EXT)
-    int      ret;
+    int      ret = 0;
     Cert     cert;
     CertName name;
     RsaKey   key;
     WC_RNG   rng;
     byte     der[FOURK_BUF];
-    word32   idx;
+    word32   idx = 0;
     const byte mySerial[8] = {1,2,3,4,5,6,7,8};
 
 #ifdef OPENSSL_EXTRA
-    const unsigned char* pt;
-    int                  certSz;
+    const unsigned char* pt = NULL;
+    int                  certSz = 0;
     X509*                x509 = NULL;
-    X509_NAME*           x509name;
-    X509_NAME_ENTRY*     entry;
-    ASN1_STRING*         entryValue;
+    X509_NAME*           x509name = NULL;
+    X509_NAME_ENTRY*     entry = NULL;
+    ASN1_STRING*         entryValue = NULL;
 #endif
 
     XMEMSET(&name, 0, sizeof(CertName));
@@ -47268,7 +62278,7 @@ static int test_wolfSSL_make_cert(void)
         if (ret >= 0) {
             ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntGT(ret, 0);
 
 #ifdef OPENSSL_EXTRA
@@ -47281,9 +62291,9 @@ static int test_wolfSSL_make_cert(void)
     ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                     -1)), 5);
     ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-                    idx)), 6);
+                    (int)idx)), 6);
     ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-                    idx)), -1);
+                    (int)idx)), -1);
 #endif /* WOLFSSL_MULTI_ATTRIB */
 
     /* compare DN at index 0 */
@@ -47306,20 +62316,21 @@ static int test_wolfSSL_make_cert(void)
     /* get first and second DC and compare result */
     ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
                     -1)), 5);
-    ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx));
+    ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx));
     ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
     ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
 
     ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-                   idx)), 6);
-    ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx));
+                   (int)idx)), 6);
+    ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx));
     ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
     ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
 #endif /* WOLFSSL_MULTI_ATTRIB */
 
+    ExpectNull(X509_NAME_get_entry(NULL, 0));
     /* try invalid index locations for regression test and sanity check */
-    ExpectNull(entry = X509_NAME_get_entry(x509name, 11));
-    ExpectNull(entry = X509_NAME_get_entry(x509name, 20));
+    ExpectNull(X509_NAME_get_entry(x509name, 11));
+    ExpectNull(X509_NAME_get_entry(x509name, 20));
 
     X509_free(x509);
 #endif /* OPENSSL_EXTRA */
@@ -47330,6 +62341,60 @@ static int test_wolfSSL_make_cert(void)
     return EXPECT_RESULT();
 }
 
+static int test_x509_get_key_id(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    X509 *x509 = NULL;
+    const ASN1_STRING* str = NULL;
+    byte* keyId = NULL;
+    byte keyIdData[32];
+    int len;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    len = (int)sizeof(keyIdData);
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
+        WOLFSSL_FILETYPE_PEM));
+
+    ExpectNotNull(str = X509_get0_subject_key_id(x509));
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL));
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    len = (int)sizeof(keyIdData);
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
+    ExpectIntEQ(len, ASN1_STRING_length(str));
+    ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL));
+    len = (int)sizeof(keyIdData);
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
+    ExpectIntEQ(len, 20);
+
+    X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 
 static int test_wolfSSL_X509_get_version(void)
 {
@@ -47349,7 +62414,7 @@ static int test_wolfSSL_X509_get_version(void)
 static int test_wolfSSL_sk_CIPHER_description(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(NO_TLS)
     const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
     int i;
     int numCiphers = 0;
@@ -47411,7 +62476,7 @@ static int test_wolfSSL_sk_CIPHER_description(void)
 static int test_wolfSSL_get_ciphers_compat(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(NO_TLS)
     const SSL_METHOD *method = NULL;
     const char certPath[] = "./certs/client-cert.pem";
     STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
@@ -47471,6 +62536,91 @@ static int test_wolfSSL_X509_PUBKEY_get(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_set_pubkey(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+#if !defined(NO_RSA)
+    {
+        WOLFSSL_RSA* rsa = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_RSA;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(rsa = wolfSSL_RSA_new());
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_RSA_free(rsa);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
+        defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
+    {
+        WOLFSSL_DSA* dsa = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_DSA;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(dsa = wolfSSL_DSA_new());
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_DSA_free(dsa);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if defined(HAVE_ECC)
+    {
+        WOLFSSL_EC_KEY* ec = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_EC;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(ec = wolfSSL_EC_KEY_new());
+        ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1);
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_EC_KEY_free(ec);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if !defined(NO_DH)
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    if (pkey != NULL) {
+        pkey->type = WC_EVP_PKEY_DH;
+    }
+    ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+    wolfSSL_X509_free(x509);
+
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
 {
     EXPECT_DECLS;
@@ -47500,7 +62650,7 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
 
     XMEMSET(tmp, 0, sizeof(tmp));
     XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
-    bytes = dsaKeySz;
+    bytes = (word32)dsaKeySz;
 #else
     byte    tmp[TWOK_BUF];
     const unsigned char* dsaKeyDer = (const unsigned char*)tmp;
@@ -47645,10 +62795,10 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
 
     /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should fail since ecKey is empty */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
 
@@ -47707,7 +62857,9 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
 
     EVP_PKEY_free(pkey);
     DH_free(setDh);
+    setDh = NULL;
     DH_free(dh);
+    dh = NULL;
 #endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
@@ -47717,7 +62869,7 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
 static int test_wolfSSL_CTX_ctrl(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     char caFile[] = "./certs/client-ca.pem";
     char clientFile[] = "./certs/client-cert.pem";
@@ -47727,7 +62879,7 @@ static int test_wolfSSL_CTX_ctrl(void)
     byte buf[6000];
     char file[] = "./certs/dsaparams.pem";
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     BIO* bio = NULL;
     DSA* dsa = NULL;
     DH*  dh = NULL;
@@ -47767,7 +62919,6 @@ static int test_wolfSSL_CTX_ctrl(void)
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
     /* additional test of getting EVP_PKEY key size from X509
      * Do not run with user RSA because wolfSSL_RSA_size is not currently
      * allowed with user RSA */
@@ -47801,18 +62952,17 @@ static int test_wolfSSL_CTX_ctrl(void)
         EVP_PKEY_free(pkey);
 #endif /* HAVE_ECC */
     }
-#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
 
     /* Tests should fail with passed in NULL pointer */
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if !defined(NO_DH) && !defined(NO_DSA)
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_ECC
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
@@ -47879,6 +63029,7 @@ static int test_wolfSSL_CTX_ctrl(void)
     BIO_free(bio);
     DSA_free(dsa);
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif
 #ifdef HAVE_ECC
@@ -47910,9 +63061,9 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_RSA;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(rsa = wolfSSL_RSA_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa),    WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa),    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa),  WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_RSA_free(rsa);
@@ -47925,9 +63076,9 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_DSA;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(dsa = wolfSSL_DSA_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa),    WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa),    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa),  WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_DSA_free(dsa);
@@ -47940,10 +63091,10 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_EC;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey),   WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey),   WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
@@ -47982,9 +63133,9 @@ static int test_wolfSSL_EVP_PKEY_assign_DH(void)
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
 
     /* Bad cases */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
@@ -48039,15 +63190,15 @@ static int test_wolfSSL_EVP_PKEY_paramgen(void)
     EVP_PKEY*     pkey = NULL;
 
     /* Test error conditions. */
-    ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
-    ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_RSA
     EVP_PKEY_CTX_free(ctx);
     /* Parameter generation for RSA not supported yet. */
     ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL));
-    ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
 #ifdef HAVE_ECC
@@ -48088,9 +63239,9 @@ static int test_wolfSSL_EVP_PKEY_keygen(void)
     ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
 
     /* Bad cases */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0);
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
@@ -48125,6 +63276,7 @@ static int test_wolfSSL_EVP_PKEY_keygen(void)
 
         ASN1_INTEGER_free(asn1int);
         DH_free(dh);
+        dh = NULL;
         XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
         EVP_PKEY_free(pkey);
@@ -48213,6 +63365,7 @@ static int test_wolfSSL_EVP_PKEY_copy_parameters(void)
     ExpectIntEQ(BN_cmp(g1, g2), 0);
 
     DH_free(dh);
+    dh = NULL;
     EVP_PKEY_free(copy);
     EVP_PKEY_free(params);
 #endif
@@ -48388,13 +63541,13 @@ static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
 
     /* Bad cases */
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
@@ -48859,6 +64012,49 @@ static int test_wolfSSL_EVP_SignInit_ex(void)
 
     return EXPECT_RESULT();
 }
+
+static int test_wolfSSL_EVP_DigestFinalXOF(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) && defined(OPENSSL_ALL)
+    WOLFSSL_EVP_MD_CTX mdCtx;
+    unsigned char      shake[256];
+    unsigned char      zeros[10];
+    unsigned char      data[] = "Test data";
+    unsigned int sz;
+
+    XMEMSET(zeros, 0, sizeof(zeros));
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_MD_flags(EVP_shake256()), EVP_MD_FLAG_XOF);
+    ExpectIntEQ(EVP_MD_flags(EVP_sha3_256()), 0);
+    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    XMEMSET(shake, 0, sizeof(shake));
+    ExpectIntEQ(EVP_DigestFinalXOF(&mdCtx, shake, 10), WOLFSSL_SUCCESS);
+
+    /* make sure was only size of 10 */
+    ExpectIntEQ(XMEMCMP(&shake[11], zeros, 10), 0);
+    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
+
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS);
+    ExpectIntEQ(sz, 32);
+    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
+
+    #if defined(WOLFSSL_SHAKE128)
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake128()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS);
+    ExpectIntEQ(sz, 16);
+    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
+    #endif
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_DigestFinal_ex(void)
 {
     EXPECT_DECLS;
@@ -48958,7 +64154,9 @@ static int test_wolfSSL_EVP_PKEY_param_check(void)
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(pkey);
     DH_free(setDh);
+    setDh = NULL;
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif
     return EXPECT_RESULT();
@@ -48989,7 +64187,7 @@ static int test_wolfSSL_EVP_BytesToKey(void)
                 16);
     md = "2";
     ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
-                 WOLFSSL_FAILURE);
+                 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     md = EVP_sha256();
@@ -49021,40 +64219,40 @@ static int test_evp_cipher_aes_gcm(void)
         NUM_ENCRYPTIONS = 3,
         AAD_SIZE = 4
     };
-    byte plainText1[] = {
+    static const byte plainText1[] = {
         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
     };
-    byte plainText2[] = {
+    static const byte plainText2[] = {
         0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14,
         0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22,
         0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c
     };
-    byte plainText3[] = {
+    static const byte plainText3[] = {
         0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e,
         0x5b, 0x57, 0x10
     };
-    byte* plainTexts[NUM_ENCRYPTIONS] = {
+    static const byte* plainTexts[NUM_ENCRYPTIONS] = {
         plainText1,
         plainText2,
         plainText3
     };
-    const int plainTextSzs[NUM_ENCRYPTIONS] = {
+    static const int plainTextSzs[NUM_ENCRYPTIONS] = {
         sizeof(plainText1),
         sizeof(plainText2),
         sizeof(plainText3)
     };
-    byte aad1[AAD_SIZE] = {
+    static const byte aad1[AAD_SIZE] = {
         0x00, 0x00, 0x00, 0x01
     };
-    byte aad2[AAD_SIZE] = {
+    static const byte aad2[AAD_SIZE] = {
         0x00, 0x00, 0x00, 0x10
     };
-    byte aad3[AAD_SIZE] = {
+    static const byte aad3[AAD_SIZE] = {
         0x00, 0x00, 0x01, 0x00
     };
-    byte* aads[NUM_ENCRYPTIONS] = {
+    static const byte* aads[NUM_ENCRYPTIONS] = {
         aad1,
         aad2,
         aad3
@@ -49096,22 +64294,21 @@ static int test_evp_cipher_aes_gcm(void)
             0x5B, 0xEC, 0x52, 0x49, 0x32,
         }
     };
-
-    const byte expCipherText1[] = {
+    static const byte expCipherText1[] = {
         0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15,
         0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51,
         0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE
     };
-    const byte expCipherText2[] = {
+    static const byte expCipherText2[] = {
         0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45,
         0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2,
         0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0
     };
-    const byte expCipherText3[] = {
+    static const byte expCipherText3[] = {
         0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B,
         0x80, 0x5E, 0x6B,
     };
-    const byte* expCipherTexts[NUM_ENCRYPTIONS] = {
+    static const byte* expCipherTexts[NUM_ENCRYPTIONS] = {
         expCipherText1,
         expCipherText2,
         expCipherText3
@@ -49144,7 +64341,7 @@ static int test_evp_cipher_aes_gcm(void)
             ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
                         SSL_SUCCESS);
             ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
-                        currentIv), SSL_FAILURE);
+                        currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
             ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
                         SSL_SUCCESS);
@@ -49168,7 +64365,7 @@ static int test_evp_cipher_aes_gcm(void)
          * been issued first.
          */
         ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
-                        currentIv), SSL_FAILURE);
+                        currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
                     (void*)iv), SSL_SUCCESS);
@@ -49189,7 +64386,7 @@ static int test_evp_cipher_aes_gcm(void)
                                              AAD_SIZE), SSL_SUCCESS);
             }
             else {
-                ExpectIntEQ(EVP_Cipher(encCtx, NULL, aads[j], AAD_SIZE),
+                ExpectIntEQ(EVP_Cipher(encCtx, NULL, (byte *)aads[j], AAD_SIZE),
                                        AAD_SIZE);
             }
 
@@ -49203,7 +64400,7 @@ static int test_evp_cipher_aes_gcm(void)
                             SSL_SUCCESS);
             }
             else {
-                ExpectIntEQ(EVP_Cipher(encCtx, cipherText, plainTexts[j],
+                ExpectIntEQ(EVP_Cipher(encCtx, cipherText, (byte *)plainTexts[j],
                             plainTextSzs[j]), plainTextSzs[j]);
             }
 
@@ -49241,7 +64438,7 @@ static int test_evp_cipher_aes_gcm(void)
                                              AAD_SIZE), SSL_SUCCESS);
             }
             else {
-                ExpectIntEQ(EVP_Cipher(decCtx, NULL, aads[j], AAD_SIZE),
+                ExpectIntEQ(EVP_Cipher(decCtx, NULL, (byte *)aads[j], AAD_SIZE),
                             AAD_SIZE);
             }
 
@@ -49358,14 +64555,10 @@ static int test_wolfSSL_OBJ_sn(void)
                            NID_stateOrProvinceName,NID_organizationName,
                            NID_organizationalUnitName,NID_emailAddress};
     const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
-    const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
-                                WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
-                                WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
-                                WOLFSSL_EMAIL_ADDR};
 
     ExpectIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
     for (i = 0; i < maxIdx; i++) {
-        ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
+        ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_open_set[i]), nid_set[i]);
         ExpectStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
     }
 
@@ -49373,9 +64566,9 @@ static int test_wolfSSL_OBJ_sn(void)
 }
 
 #if !defined(NO_BIO)
-static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
+static word32 TXT_DB_hash(const WOLFSSL_STRING *s)
 {
-    return lh_strhash(s[3]);
+    return (word32)lh_strhash(s[3]);
 }
 
 static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
@@ -49423,7 +64616,8 @@ static int test_wolfSSL_TXT_DB(void)
     BIO_free(bio);
 
     /* Test index */
-    ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
+    ExpectIntEQ(TXT_DB_create_index(db, 3, NULL,
+        (wolf_sk_hash_cb)(long unsigned int)TXT_DB_hash,
         (wolf_lh_compare_cb)TXT_DB_cmp), 1);
     ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
     fields[3] = "12DA";
@@ -49466,7 +64660,53 @@ static int test_wolfSSL_NCONF(void)
 }
 #endif /* OPENSSL_ALL */
 
-static int test_wolfSSL_X509V3_EXT_get(void) {
+static int test_wolfSSL_X509V3_set_ctx(void)
+{
+    EXPECT_DECLS;
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
+    WOLFSSL_X509V3_CTX ctx;
+    WOLFSSL_X509* issuer = NULL;
+    WOLFSSL_X509* subject = NULL;
+    WOLFSSL_X509 req;
+    WOLFSSL_X509_CRL crl;
+
+    XMEMSET(&ctx, 0, sizeof(ctx));
+    ExpectNotNull(issuer = wolfSSL_X509_new());
+    ExpectNotNull(subject = wolfSSL_X509_new());
+    XMEMSET(&req, 0, sizeof(req));
+    XMEMSET(&crl, 0, sizeof(crl));
+
+    wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1);
+    /* X509 allocated in context results in 'failure' (but not return). */
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+
+    wolfSSL_X509_free(subject);
+    wolfSSL_X509_free(issuer);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_get(void)
+{
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     XFILE f = XBADFILE;
@@ -49476,6 +64716,36 @@ static int test_wolfSSL_X509V3_EXT_get(void) {
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509_EXTENSION* ext = NULL;
     const WOLFSSL_v3_ext_method* method = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    /* No object in extension. */
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* NID is zero. */
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+    /* NID is not known. */
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = 1;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+
+    /* NIDs not in certificate. */
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = NID_certificate_policies;
+    }
+    ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
+    ExpectIntEQ(method->ext_nid, NID_certificate_policies);
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = NID_crl_distribution_points;
+    }
+    ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
+    ExpectIntEQ(method->ext_nid, NID_crl_distribution_points);
+
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+    ext = NULL;
 
     ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
@@ -49489,6 +64759,9 @@ static int test_wolfSSL_X509V3_EXT_get(void) {
         ExpectIntNE((extNid = ext->obj->nid), NID_undef);
         ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
         ExpectIntEQ(method->ext_nid, extNid);
+        if (method->ext_nid == NID_subject_key_identifier) {
+            ExpectNotNull(method->i2s);
+        }
     }
 
     /* wolfSSL_X509V3_EXT_get() NULL argument test */
@@ -49533,8 +64806,22 @@ static int test_wolfSSL_X509V3_EXT_nconf(void)
     X509* x509 = NULL;
     unsigned int keyUsageFlags;
     unsigned int extKeyUsageFlags;
+    WOLFSSL_CONF conf;
+    WOLFSSL_X509V3_CTX ctx;
+#ifndef NO_WOLFSSL_STUB
+    WOLFSSL_LHASH lhash;
+#endif
 
     ExpectNotNull(x509 = X509_new());
+    ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL));
+    ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0]));
+
+    /* conf and ctx ignored. */
+    ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0]));
 
     /* keyUsage / extKeyUsage should match string above */
     keyUsageFlags = KU_DIGITAL_SIGNATURE
@@ -49583,11 +64870,159 @@ static int test_wolfSSL_X509V3_EXT_nconf(void)
         ext = NULL;
     }
     X509_free(x509);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL));
+    ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL));
+    wolfSSL_X509V3_set_ctx_nodb(NULL);
+#endif
 #endif
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_X509V3_EXT(void) {
+static int test_wolfSSL_X509V3_EXT_bc(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;
+    WOLFSSL_ASN1_INTEGER* pathLen = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
+    if (pathLen != NULL) {
+        pathLen->length = 2;
+    }
+
+    if (obj != NULL) {
+        obj->type = NID_basic_constraints;
+        obj->nid = NID_basic_constraints;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No pathlen set. */
+    ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+    bc = NULL;
+
+    if ((ext != NULL) && (ext->obj != NULL)) {
+        ext->obj->pathlen = pathLen;
+        pathLen = NULL;
+    }
+    /* pathlen set. */
+    ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_ASN1_INTEGER_free(pathLen);
+    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_san(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_STACK* sk = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    if (obj != NULL) {
+        obj->type = NID_subject_alt_name;
+        obj->nid = NID_subject_alt_name;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    ExpectNotNull(sk = wolfSSL_sk_new_null());
+    if (ext != NULL) {
+        ext->ext_sk = sk;
+        sk = NULL;
+    }
+    /* Extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_sk_free(sk);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_aia(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_STACK* sk = NULL;
+    WOLFSSL_STACK* node = NULL;
+    WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL;
+    WOLFSSL_ASN1_OBJECT* entry = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    if (obj != NULL) {
+        obj->type = NID_info_access;
+        obj->nid = NID_info_access;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    ExpectNotNull(sk = wolfSSL_sk_new_null());
+    if (ext != NULL) {
+        ext->ext_sk = sk;
+        sk = NULL;
+    }
+    /* Extension stack set but empty. */
+    ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_AUTHORITY_INFO_ACCESS_free(aia);
+    aia = NULL;
+
+    ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new());
+    if (entry != NULL) {
+        entry->nid = WC_NID_ad_OCSP;
+        entry->obj = (const unsigned char*)"http://127.0.0.1";
+        entry->objSz = 16;
+    }
+    ExpectNotNull(node = wolfSSL_sk_new_node(NULL));
+    if ((node != NULL) && (ext != NULL)) {
+        node->type = STACK_TYPE_OBJ;
+        node->data.obj = entry;
+        entry = NULL;
+        ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS);
+        if (EXPECT_SUCCESS()) {
+            node = NULL;
+        }
+    }
+    ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_ACCESS_DESCRIPTION_free(NULL);
+
+    wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia,
+        wolfSSL_ACCESS_DESCRIPTION_free);
+    wolfSSL_ASN1_OBJECT_free(entry);
+    wolfSSL_sk_free(node);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT(void)
+{
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     XFILE f = XBADFILE;
@@ -49610,6 +65045,34 @@ static int test_wolfSSL_X509V3_EXT(void) {
     /* Check NULL argument */
     ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL));
 
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_ext_key_usage;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_certificate_policies;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_crl_distribution_points;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_subject_alt_name;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_ASN1_OBJECT_free(obj);
+    obj = NULL;
+    wolfSSL_X509_EXTENSION_free(ext);
+    ext = NULL;
+
     /* Using OCSP cert with X509V3 extensions */
     ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
@@ -49683,11 +65146,11 @@ static int test_wolfSSL_X509V3_EXT(void) {
     ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
 
     ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
-    #if defined(WOLFSSL_QT)
+#if defined(WOLFSSL_QT)
     ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
-    #else
+#else
     ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
-    #endif
+#endif
     expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
     if (data != NULL) {
     #ifdef BIG_ENDIAN_ORDER
@@ -49699,7 +65162,8 @@ static int test_wolfSSL_X509V3_EXT(void) {
     ExpectIntEQ(actual, expected);
     wolfSSL_ASN1_STRING_free(asn1str);
     asn1str = NULL;
-#if 1
+    ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected);
     i++;
 
     /* Authority Info Access */
@@ -49738,11 +65202,18 @@ static int test_wolfSSL_X509V3_EXT(void) {
     }
     ExpectIntEQ(actual, 0);
 
+    ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1);
+    ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0));
+    ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1));
+    ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0));
     wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
     aia = NULL;
-#else
-    (void) aia; (void) ad; (void) adObj; (void) gn;
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_delete_ext(x509, 0));
 #endif
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -49758,6 +65229,16 @@ static int test_wolfSSL_X509_get_extension_flags(void)
     unsigned int keyUsageFlags;
     unsigned int extKeyUsageFlags;
 
+    ExpectIntEQ(X509_get_extension_flags(NULL), 0);
+    ExpectIntEQ(X509_get_key_usage(NULL), 0);
+    ExpectIntEQ(X509_get_extended_key_usage(NULL), 0);
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(X509_get_extension_flags(x509), 0);
+    ExpectIntEQ(X509_get_key_usage(x509), -1);
+    ExpectIntEQ(X509_get_extended_key_usage(x509), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     /* client-int-cert.pem has the following extension flags. */
     extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
     /* and the following key usage flags. */
@@ -49827,6 +65308,8 @@ static int test_wolfSSL_X509_get_ext(void)
     /* wolfSSL_X509_get_ext() NULL x509, valid idx */
     ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
 
+    ExpectNull(wolfSSL_X509_get0_extensions(NULL));
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -49836,11 +65319,17 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_RSA)
-    int rc;
+    int rc = 0;
     XFILE f = XBADFILE;
     WOLFSSL_X509* x509 = NULL;
     ASN1_OBJECT* obj = NULL;
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1),
+        WOLFSSL_FATAL_ERROR);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
     if (f != XBADFILE)
@@ -49848,6 +65337,8 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
 
     ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
         -1), 0);
+    ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20),
+        -1);
 
     /* Start search from last location (should fail) */
     ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
@@ -49878,12 +65369,12 @@ static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_RSA)
-    int rc;
+    int rc = 0;
     XFILE f = XBADFILE;
     WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_EXTENSION* ext;
-    WOLFSSL_ASN1_STRING* sanString;
-    byte* sanDer;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_STRING* sanString = NULL;
+    byte* sanDer = NULL;
 
     const byte expectedDer[] = {
         0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
@@ -49906,6 +65397,381 @@ static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_set_ext(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509* x509 = NULL;
+    XFILE f = XBADFILE;
+    int loc;
+
+    ExpectNull(wolfSSL_X509_set_ext(NULL, 0));
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    /* Location too small. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, -1));
+    /* Location too big. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, 1));
+    /* No DER encoding. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, 0));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
+    ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+    }
+    for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) {
+        ExpectNotNull(wolfSSL_X509_set_ext(x509, loc));
+    }
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL)
+static int test_X509_add_basic_constraints(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    ASN1_INTEGER* pathLen = NULL;
+
+    p = basicConsObj;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p,
+        sizeof(basicConsObj)));
+    if (obj != NULL) {
+        obj->type = NID_basic_constraints;
+    }
+    ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
+    if (pathLen != NULL) {
+        pathLen->length = 2;
+    }
+    if (obj != NULL) {
+        obj->ca = 0;
+    }
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->ca = 0;
+        ext->obj->pathlen = pathLen;
+    }
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->isCa, 0);
+    ExpectIntEQ(x509->pathLength, 2);
+    if (ext != NULL && ext->obj != NULL) {
+        /* Add second time to without path length. */
+        ext->obj->ca = 1;
+        ext->obj->pathlen = NULL;
+    }
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->isCa, 1);
+    ExpectIntEQ(x509->pathLength, 2);
+    ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1);
+    ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2);
+
+    wolfSSL_ASN1_INTEGER_free(pathLen);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_X509_add_key_usage(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f };
+    const byte data[] = { 0x04, 0x02, 0x01, 0x80 };
+    const byte emptyData[] = { 0x04, 0x00 };
+    const char* strData = "digitalSignature,keyCertSign";
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_key_usage;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* No Data - no change. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY);
+
+    /* Add second time with string to interpret. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN);
+
+    /* Empty data. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    p = emptyData;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(emptyData)));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    /* Invalid string to parse. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 };
+    const byte data[] = { 0x04, 0x01, 0x01 };
+    const byte emptyData[] = { 0x04, 0x00 };
+    const char* strData = "serverAuth,codeSigning";
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_ext_key_usage;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* No Data - no change. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY);
+
+    /* Add second time with string to interpret. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN);
+
+    /* Empty data. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    p = emptyData;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(emptyData)));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    /* Invalid string to parse. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_x509_add_auth_key_id(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 };
+    const byte data[] = {
+        0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14,
+        0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d,
+        0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d,
+        0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4,
+        0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
+        0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
+        0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11,
+        0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+        0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74,
+        0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+        0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73,
+        0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+        0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c,
+        0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+        0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+        0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+        0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+        0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c,
+        0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a,
+        0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44
+    };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_authority_key_identifier;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    /* Add second time with string to interpret. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_x509_add_subj_key_id(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e };
+    const byte data[] = {
+        0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9,
+        0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b,
+        0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c
+    };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_subject_key_identifier;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    /* Add second time with string to interpret. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_X509_add_ext(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL)
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509_EXTENSION* ext_empty = NULL;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* data = NULL;
+    const byte* p;
+    const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 };
+    const byte subjAltName[] = {
+        0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+        0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01
+    };
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    /* Create extension: Subject Alternative Name */
+    ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new());
+    p = subjAltName;
+    ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(subjAltName)));
+    p = subjAltNameObj;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p,
+        sizeof(subjAltNameObj)));
+    if (obj != NULL) {
+        obj->type = NID_subject_alt_name;
+    }
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS);
+
+    /* Failure cases. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Add: Subject Alternative Name */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    /* Add second time to ensure no memory leaks. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_EXTENSION_free(ext);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_ASN1_STRING_free(data);
+    wolfSSL_X509_EXTENSION_free(ext_empty);
+
+    EXPECT_TEST(test_X509_add_basic_constraints(x509));
+    EXPECT_TEST(test_X509_add_key_usage(x509));
+    EXPECT_TEST(test_X509_add_ext_key_usage(x509));
+    EXPECT_TEST(test_x509_add_auth_key_id(x509));
+    EXPECT_TEST(test_x509_add_subj_key_id(x509));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_X509_EXTENSION_new(void)
 {
     EXPECT_DECLS;
@@ -49915,6 +65781,24 @@ static int test_wolfSSL_X509_EXTENSION_new(void)
     ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
     ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
 
+    wolfSSL_X509_EXTENSION_free(NULL);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_EXTENSION_dup(void)
+{
+    EXPECT_DECLS;
+#if defined (OPENSSL_ALL)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* dup = NULL;
+
+    ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext));
+
+    wolfSSL_X509_EXTENSION_free(dup);
     wolfSSL_X509_EXTENSION_free(ext);
 #endif
     return EXPECT_RESULT();
@@ -49926,6 +65810,7 @@ static int test_wolfSSL_X509_EXTENSION_get_object(void)
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* dup = NULL;
     WOLFSSL_ASN1_OBJECT* o = NULL;
     XFILE file = XBADFILE;
 
@@ -49939,6 +65824,8 @@ static int test_wolfSSL_X509_EXTENSION_get_object(void)
     ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL));
     ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
     ExpectIntEQ(o->nid, 128);
+    ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext));
+    wolfSSL_X509_EXTENSION_free(dup);
 
     /* wolfSSL_X509_EXTENSION_get_object() NULL argument */
     ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
@@ -49953,8 +65840,8 @@ static int test_wolfSSL_X509_EXTENSION_get_data(void)
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_EXTENSION* ext;
-    WOLFSSL_ASN1_STRING* str;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
     XFILE file = XBADFILE;
 
     ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
@@ -49976,9 +65863,9 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_EXTENSION* ext;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
     XFILE file = XBADFILE;
-    int crit;
+    int crit = 0;
 
     ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
@@ -49986,7 +65873,7 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
         XFCLOSE(file);
     ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
 
-    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
 
     wolfSSL_X509_free(x509);
@@ -49994,6 +65881,62 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    XFILE file = XBADFILE;
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509* empty = NULL;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* ext2 = NULL;
+    WOLFSSL_X509_EXTENSION* ext3 = NULL;
+    WOLFSSL_ASN1_OBJECT* o = NULL;
+    int crit = 0;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
+    ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
+
+    ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
+    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
+    ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
+
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL));
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL));
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str));
+    ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit,
+        str));
+    ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit,
+        str));
+    if (ext3 == NULL) {
+        wolfSSL_X509_EXTENSION_free(ext2);
+    }
+    wolfSSL_X509_EXTENSION_free(ext3);
+
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    wolfSSL_X509_free(empty);
+    empty = NULL;
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0);
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_X509V3_EXT_print(void)
 {
     EXPECT_DECLS;
@@ -50004,7 +65947,7 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         XFILE f = XBADFILE;
         WOLFSSL_X509* x509 = NULL;
         X509_EXTENSION * ext = NULL;
-        int loc;
+        int loc = 0;
         BIO *bio = NULL;
 
         ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE);
@@ -50017,6 +65960,15 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
             NID_basic_constraints, -1), -1);
         ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+
+        /* Failure cases. */
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0),
+            WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0),
+            WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0),
+            WOLFSSL_FAILURE);
+        /* Good case. */
         ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
 
         ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
@@ -50036,9 +65988,9 @@ static int test_wolfSSL_X509V3_EXT_print(void)
     {
         X509 *x509 = NULL;
         BIO *bio = NULL;
-        X509_EXTENSION *ext;
-        unsigned int i;
-        unsigned int idx;
+        X509_EXTENSION *ext = NULL;
+        unsigned int i = 0;
+        unsigned int idx = 0;
         /* Some NIDs to test with */
         int nids[] = {
                 /* NID_key_usage, currently X509_get_ext returns this as a bit
@@ -50046,7 +65998,7 @@ static int test_wolfSSL_X509V3_EXT_print(void)
                 /* NID_ext_key_usage, */
                 NID_subject_alt_name,
         };
-        int* n;
+        int* n = NULL;
 
         ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
 
@@ -50059,7 +66011,7 @@ static int test_wolfSSL_X509V3_EXT_print(void)
             /* X509_get_ext_by_NID should return 3 for now. If that changes then
              * update the index */
             ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
-            ExpectNotNull(ext = X509_get_ext(x509, idx));
+            ExpectNotNull(ext = X509_get_ext(x509, (int)idx));
             ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
             ExpectIntGT(fprintf(stderr, "\n"), 0);
         }
@@ -50067,6 +66019,46 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         BIO_free(bio);
         X509_free(x509);
     }
+
+    {
+        BIO* bio = NULL;
+        X509_EXTENSION* ext = NULL;
+        WOLFSSL_ASN1_OBJECT* obj = NULL;
+
+        ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+        ExpectNotNull(ext = X509_EXTENSION_new());
+
+        /* No object. */
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE);
+
+        ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+        ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj),
+            WOLFSSL_SUCCESS);
+
+        /* NID not supported yet - just doesn't write anything. */
+        if (ext != NULL && ext->obj != NULL) {
+            ext->obj->nid = AUTH_INFO_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = CERT_POLICY_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = CRL_DIST_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = KEY_USAGE_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+
+            ext->obj->nid = EXT_KEY_USAGE_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+        }
+
+        wolfSSL_ASN1_OBJECT_free(obj);
+        X509_EXTENSION_free(ext);
+        BIO_free(bio);
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -50079,6 +66071,7 @@ static int test_wolfSSL_X509_cmp(void)
     XFILE file2 = XBADFILE;
     WOLFSSL_X509* cert1 = NULL;
     WOLFSSL_X509* cert2 = NULL;
+    WOLFSSL_X509* empty = NULL;
 
     ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) !=
@@ -50091,6 +66084,8 @@ static int test_wolfSSL_X509_cmp(void)
     if (file2 != XBADFILE)
         fclose(file2);
 
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
     /* wolfSSL_X509_cmp() testing matching certs */
     ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
 
@@ -50098,16 +66093,21 @@ static int test_wolfSSL_X509_cmp(void)
     ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
 
     /* wolfSSL_X509_cmp() testing NULL, valid args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2));
 
     /* wolfSSL_X509_cmp() testing valid, NULL args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL));
 
     /* wolfSSL_X509_cmp() testing NULL, NULL args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL));
 
-    wolfSSL_X509_free(cert1);
+    /* wolfSSL_X509_cmp() testing empty cert */
+    ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2));
+    ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty));
+
+    wolfSSL_X509_free(empty);
     wolfSSL_X509_free(cert2);
+    wolfSSL_X509_free(cert1);
 #endif
     return EXPECT_RESULT();
 }
@@ -50176,10 +66176,10 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     int derLen;
     unsigned char pub_buf[65];
     const int pub_len = 65;
-    BN_CTX* ctx;
+    BN_CTX* ctx = NULL;
     EC_GROUP* curve = NULL;
     EC_KEY* ephemeral_key = NULL;
-    const EC_POINT* h;
+    const EC_POINT* h = NULL;
 
     /* Generate an x963 key pair and get public part into pub_buf */
     ExpectNotNull(ctx = BN_CTX_new());
@@ -50216,6 +66216,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     EVP_PKEY_free(pkey);
     EC_KEY_free(ephemeral_key);
     EC_GROUP_free(curve);
+    BN_CTX_free(ctx);
 #endif
     return EXPECT_RESULT();
 }
@@ -50296,7 +66297,7 @@ static int test_wolfSSL_i2d_PrivateKey(void)
             (const unsigned char*)server_key_der_2048;
         unsigned char buf[FOURK_BUF];
         unsigned char* pt = NULL;
-        int bufSz;
+        int bufSz = 0;
 
         ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
             (long)sizeof_server_key_der_2048));
@@ -50315,7 +66316,7 @@ static int test_wolfSSL_i2d_PrivateKey(void)
             (const unsigned char*)ecc_clikey_der_256;
         unsigned char buf[FOURK_BUF];
         unsigned char* pt = NULL;
-        int bufSz;
+        int bufSz = 0;
 
         ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
             (long)sizeof_ecc_clikey_der_256)));
@@ -50335,7 +66336,8 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && \
-    defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3)
     X509* cert = NULL;
     X509* issuer = NULL;
     OCSP_CERTID* id = NULL;
@@ -50345,7 +66347,7 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
     ASN1_OBJECT* pmd  = NULL;
     ASN1_STRING* keyHash = NULL;
     ASN1_INTEGER* serial = NULL;
-    ASN1_INTEGER* x509Int;
+    ASN1_INTEGER* x509Int = NULL;
 
     ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
@@ -50370,6 +66372,7 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
     ExpectNotNull(x509Int = X509_get_serialNumber(cert));
     ExpectIntEQ(x509Int->length, serial->length);
     ExpectIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
+    ExpectNotNull(x509Int = X509_get_serialNumber(cert));
 
     /* test OCSP_id_cmp */
     ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0);
@@ -50444,7 +66447,6 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
-    WOLFSSL_OCSP_CERTID* certId;
     WOLFSSL_OCSP_CERTID* certIdGood;
     WOLFSSL_OCSP_CERTID* certIdBad;
     const unsigned char* rawCertIdPtr;
@@ -50463,40 +66465,45 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void)
 
     /* If the cert ID is NULL the function should allocate it and copy the
      * data to it. */
-    certId = NULL;
-    ExpectNotNull(certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
-        sizeof(rawCertId)));
-    ExpectIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
-    if (certId != NULL) {
-        XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
-        XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+    {
+        WOLFSSL_OCSP_CERTID* certId = NULL;
+        ExpectNotNull(certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
+                                                       sizeof(rawCertId)));
+        if (certId != NULL) {
+            XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
+            wolfSSL_OCSP_CERTID_free(certId);
+        }
     }
 
     /* If the cert ID is not NULL the function will just copy the data to it. */
-    ExpectNotNull(certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectNotNull(certId);
-    ExpectNotNull(XMEMSET(certId, 0, sizeof(*certId)));
+    {
+        WOLFSSL_OCSP_CERTID* certId = NULL;
+        ExpectNotNull(certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
+                                                             DYNAMIC_TYPE_TMP_BUFFER));
+        ExpectNotNull(certId);
+        if (certId != NULL)
+            XMEMSET(certId, 0, sizeof(*certId));
 
-    /* Reset rawCertIdPtr since it was push forward in the previous call. */
-    rawCertIdPtr = &rawCertId[0];
-    ExpectNotNull(certIdGood = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
-        sizeof(rawCertId)));
-    ExpectPtrEq(certIdGood, certId);
-    ExpectIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
-    if (certId != NULL) {
-        XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
-        XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        certId = NULL;
+        /* Reset rawCertIdPtr since it was push forward in the previous call. */
+        rawCertIdPtr = &rawCertId[0];
+        ExpectNotNull(certIdGood = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
+                                                           sizeof(rawCertId)));
+        ExpectPtrEq(certIdGood, certId);
+        if (certId != NULL) {
+            XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
+            wolfSSL_OCSP_CERTID_free(certId);
+            certId = NULL;
+        }
     }
 
     /* The below tests should fail when passed bad parameters. NULL should
      * always be returned. */
-    ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr,
-        sizeof(rawCertId)));
-    ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL,
-        sizeof(rawCertId)));
-    ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0));
+    {
+        WOLFSSL_OCSP_CERTID* certId = NULL;
+        ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL,
+                                                       sizeof(rawCertId)));
+        ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0));
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -50521,7 +66528,7 @@ static int test_wolfSSL_OCSP_id_cmp(void)
 static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
     WOLFSSL_OCSP_SINGLERESP single;
     const WOLFSSL_OCSP_CERTID* certId;
 
@@ -50538,7 +66545,8 @@ static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
 static int test_wolfSSL_OCSP_single_get0_status(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \
+    defined(WOLFSSL_OCSP_PARSE_STATUS)
     WOLFSSL_OCSP_SINGLERESP single;
     CertStatus certStatus;
     WOLFSSL_ASN1_TIME* thisDate;
@@ -50573,7 +66581,7 @@ static int test_wolfSSL_OCSP_single_get0_status(void)
 static int test_wolfSSL_OCSP_resp_count(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
     WOLFSSL_OCSP_BASICRESP basicResp;
     WOLFSSL_OCSP_SINGLERESP singleRespOne;
     WOLFSSL_OCSP_SINGLERESP singleRespTwo;
@@ -50594,7 +66602,7 @@ static int test_wolfSSL_OCSP_resp_count(void)
 static int test_wolfSSL_OCSP_resp_get0(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
+#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
     WOLFSSL_OCSP_BASICRESP basicResp;
     WOLFSSL_OCSP_SINGLERESP singleRespOne;
     WOLFSSL_OCSP_SINGLERESP singleRespTwo;
@@ -50611,6 +66619,320 @@ static int test_wolfSSL_OCSP_resp_get0(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_OCSP_parse_url(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_OCSP)
+#define CK_OPU_OK(u, h, po, pa, s) do { \
+    char* host = NULL; \
+    char* port = NULL; \
+    char* path = NULL; \
+    int isSsl = 0; \
+    ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 1); \
+    ExpectStrEQ(host, h); \
+    ExpectStrEQ(port, po); \
+    ExpectStrEQ(path, pa); \
+    ExpectIntEQ(isSsl, s); \
+    XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \
+} while(0)
+
+#define CK_OPU_FAIL(u) do { \
+    char* host = NULL; \
+    char* port = NULL; \
+    char* path = NULL; \
+    int isSsl = 0; \
+    ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 0); \
+    XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \
+} while(0)
+
+    CK_OPU_OK("http://localhost", "localhost", "80", "/", 0);
+    CK_OPU_OK("https://wolfssl.com", "wolfssl.com", "443", "/", 1);
+    CK_OPU_OK("https://www.wolfssl.com/fips-140-3-announcement-to-the-world/",
+         "www.wolfssl.com", "443", "/fips-140-3-announcement-to-the-world/", 1);
+    CK_OPU_OK("http://localhost:1234", "localhost", "1234", "/", 0);
+    CK_OPU_OK("https://localhost:1234", "localhost", "1234", "/", 1);
+
+    CK_OPU_FAIL("ftp://localhost");
+    /* two strings to cppcheck doesn't mark it as a c++ style comment */
+    CK_OPU_FAIL("http/""/localhost");
+    CK_OPU_FAIL("http:/localhost");
+    CK_OPU_FAIL("https://localhost/path:1234");
+
+#undef CK_OPU_OK
+#undef CK_OPU_FAIL
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_ASN_TIME) && \
+    !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3)
+static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t)
+{
+    if (t != NULL) {
+        *t = 1722006780;
+    }
+
+    return 1722006780;
+}
+#endif
+
+static int test_wolfSSL_OCSP_REQ_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \
+    !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3)
+    /* This buffer was taken from the ocsp-stapling.test test case 1. The ocsp
+     * response was captured in wireshark. It contains both the http and binary
+     * parts. The time test_wolfSSL_OCSP_REQ_CTX_time_cb is set exactly so that
+     * the time check passes. */
+    unsigned char ocspRespBin[] = {
+      0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30,
+      0x20, 0x4f, 0x4b, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
+      0x2d, 0x74, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69,
+      0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2d,
+      0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x0d, 0x0a, 0x43, 0x6f,
+      0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+      0x3a, 0x20, 0x31, 0x38, 0x32, 0x31, 0x0d, 0x0a, 0x0d, 0x0a, 0x30, 0x82,
+      0x07, 0x19, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x12, 0x30, 0x82, 0x07,
+      0x0e, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01,
+      0x04, 0x82, 0x06, 0xff, 0x30, 0x82, 0x06, 0xfb, 0x30, 0x82, 0x01, 0x19,
+      0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+      0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
+      0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
+      0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+      0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10,
+      0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
+      0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
+      0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69,
+      0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+      0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
+      0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31,
+      0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+      0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
+      0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30,
+      0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35,
+      0x5a, 0x30, 0x62, 0x30, 0x60, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b,
+      0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59,
+      0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
+      0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02,
+      0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e,
+      0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30,
+      0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35, 0x5a, 0xa0, 0x11,
+      0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35,
+      0x31, 0x33, 0x30, 0x35, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
+      0x00, 0x89, 0x7a, 0xe9, 0x6b, 0x66, 0x47, 0x8e, 0x52, 0x16, 0xf9, 0x8a,
+      0x5a, 0x1e, 0x7a, 0x35, 0xbb, 0x1d, 0x6c, 0xd8, 0x31, 0xbb, 0x24, 0xd2,
+      0xd7, 0xa4, 0x30, 0x27, 0x06, 0x17, 0x66, 0xd1, 0xf9, 0x8d, 0x24, 0xb0,
+      0x49, 0x37, 0x62, 0x13, 0x78, 0x5e, 0xa6, 0x6d, 0xea, 0xe3, 0xd0, 0x30,
+      0x82, 0x7d, 0xb6, 0xf6, 0x55, 0x82, 0x11, 0xdc, 0xe7, 0x0f, 0xd6, 0x24,
+      0xb4, 0x80, 0x23, 0x4f, 0xfd, 0xa7, 0x9a, 0x4b, 0xac, 0xf2, 0xd3, 0xde,
+      0x42, 0x10, 0xfb, 0x4b, 0x29, 0x06, 0x02, 0x7b, 0x47, 0x36, 0x70, 0x75,
+      0x45, 0x38, 0x8d, 0x3e, 0x55, 0x9c, 0xce, 0x78, 0xd8, 0x18, 0x45, 0x47,
+      0x2d, 0x2a, 0x46, 0x65, 0x13, 0x93, 0x1a, 0x98, 0x90, 0xc6, 0x2d, 0xd5,
+      0x05, 0x2a, 0xfc, 0xcb, 0xac, 0x53, 0x73, 0x93, 0x42, 0x4e, 0xdb, 0x17,
+      0x91, 0xcb, 0xe1, 0x08, 0x03, 0xd1, 0x33, 0x57, 0x4b, 0x1d, 0xb8, 0x71,
+      0x84, 0x01, 0x04, 0x47, 0x6f, 0x06, 0xfa, 0x76, 0x7d, 0xd9, 0x37, 0x64,
+      0x57, 0x37, 0x3a, 0x8f, 0x4d, 0x88, 0x11, 0xa5, 0xd4, 0xaa, 0xcb, 0x49,
+      0x47, 0x86, 0xdd, 0xcf, 0x46, 0xa6, 0xfa, 0x8e, 0xf2, 0x62, 0x0f, 0xc9,
+      0x25, 0xf2, 0x39, 0x62, 0x3e, 0x2d, 0x35, 0xc4, 0x76, 0x7b, 0xae, 0xd5,
+      0xe8, 0x85, 0xa1, 0xa6, 0x2d, 0x41, 0xd6, 0x8e, 0x3c, 0xfa, 0xdc, 0x6c,
+      0x66, 0xe2, 0x61, 0xe7, 0xe5, 0x90, 0xa1, 0xfd, 0x7f, 0xdb, 0x18, 0xd0,
+      0xeb, 0x6d, 0x73, 0x08, 0x5f, 0x6a, 0x65, 0x44, 0x50, 0xad, 0x38, 0x9d,
+      0xb6, 0xfb, 0xbf, 0x28, 0x55, 0x84, 0x65, 0xfa, 0x0e, 0x34, 0xfc, 0x43,
+      0x19, 0x80, 0x5c, 0x7d, 0x2d, 0x5b, 0xd8, 0x60, 0xec, 0x0e, 0xf9, 0x1e,
+      0x6e, 0x32, 0x3f, 0x35, 0xf7, 0xec, 0x7e, 0x47, 0xba, 0xb5, 0xd2, 0xaa,
+      0x5a, 0x9d, 0x07, 0x2c, 0xc5, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04,
+      0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02,
+      0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31,
+      0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+      0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57,
+      0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
+      0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74,
+      0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a,
+      0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30,
+      0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69,
+      0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
+      0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+      0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30,
+      0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+      0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+      0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34,
+      0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x34, 0x5a, 0x17,
+      0x0d, 0x32, 0x37, 0x30, 0x34, 0x32, 0x32, 0x31, 0x35, 0x31, 0x32, 0x30,
+      0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+      0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+      0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+      0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+      0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+      0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+      0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+      0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+      0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
+      0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50,
+      0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f,
+      0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+      0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+      0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
+      0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+      0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
+      0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14,
+      0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23,
+      0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c,
+      0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b,
+      0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6,
+      0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe,
+      0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3,
+      0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43,
+      0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55,
+      0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73,
+      0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87,
+      0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97,
+      0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66,
+      0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17,
+      0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19,
+      0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08,
+      0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf,
+      0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8,
+      0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73,
+      0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84,
+      0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c,
+      0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00,
+      0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06,
+      0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03,
+      0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79,
+      0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56,
+      0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
+      0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f,
+      0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e,
+      0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97,
+      0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+      0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a,
+      0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
+      0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61,
+      0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+      0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14,
+      0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
+      0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16,
+      0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+      0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f,
+      0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+      0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+      0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13,
+      0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b,
+      0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+      0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
+      0x01, 0x01, 0x00, 0x37, 0xb9, 0x66, 0xd3, 0xa1, 0x08, 0xfc, 0x37, 0x58,
+      0x4e, 0xe0, 0x8c, 0xd3, 0x7f, 0xa6, 0x0f, 0x59, 0xd3, 0x14, 0xf7, 0x4b,
+      0x36, 0xf7, 0x2e, 0x98, 0xeb, 0x7c, 0x03, 0x3f, 0x3a, 0xd6, 0x9c, 0xcd,
+      0xb4, 0x9e, 0x8d, 0x5f, 0x92, 0xa6, 0x6f, 0x63, 0x87, 0x34, 0xe8, 0x83,
+      0xfd, 0x6d, 0x34, 0x64, 0xb5, 0xf0, 0x9c, 0x71, 0x02, 0xb8, 0xf6, 0x2f,
+      0x10, 0xa0, 0x92, 0x8f, 0x3f, 0x86, 0x3e, 0xe2, 0x01, 0x5a, 0x56, 0x39,
+      0x0a, 0x8d, 0xb1, 0xbe, 0x03, 0xf7, 0xf8, 0xa7, 0x88, 0x46, 0xef, 0x81,
+      0xa0, 0xad, 0x86, 0xc9, 0xe6, 0x23, 0x89, 0x1d, 0xa6, 0x24, 0x45, 0xf2,
+      0x6a, 0x83, 0x2d, 0x8e, 0x92, 0x17, 0x1e, 0x44, 0x19, 0xfa, 0x0f, 0x47,
+      0x6b, 0x8f, 0x4a, 0xa2, 0xda, 0xab, 0xd5, 0x2b, 0xcd, 0xcb, 0x14, 0xf0,
+      0xb5, 0xcf, 0x7c, 0x76, 0x42, 0x32, 0x90, 0x21, 0xdc, 0xdd, 0x52, 0xfc,
+      0x53, 0x7e, 0xff, 0x7f, 0xd9, 0x58, 0x6b, 0x1f, 0x73, 0xee, 0x83, 0xf4,
+      0x67, 0xfa, 0x4a, 0x4f, 0x24, 0xe4, 0x2b, 0x10, 0x74, 0x89, 0x52, 0x9a,
+      0xf7, 0xa4, 0xe0, 0xaf, 0xf5, 0x63, 0xd7, 0xfa, 0x0b, 0x2c, 0xc9, 0x39,
+      0x5d, 0xbd, 0x44, 0x93, 0x69, 0xa4, 0x1d, 0x01, 0xe2, 0x66, 0xe7, 0xc1,
+      0x11, 0x44, 0x7d, 0x0a, 0x7e, 0x5d, 0x1d, 0x26, 0xc5, 0x4a, 0x26, 0x2e,
+      0xa3, 0x58, 0xc4, 0xf7, 0x10, 0xcb, 0xba, 0xe6, 0x27, 0xfc, 0xdb, 0x54,
+      0xe2, 0x60, 0x08, 0xc2, 0x0e, 0x4b, 0xd4, 0xaa, 0x22, 0x23, 0x93, 0x9f,
+      0xe1, 0xcb, 0x85, 0xa4, 0x41, 0x6f, 0x26, 0xa7, 0x77, 0x8a, 0xef, 0x66,
+      0xd0, 0xf8, 0x33, 0xf6, 0xfd, 0x6d, 0x37, 0x7a, 0x89, 0xcc, 0x88, 0x3b,
+      0x82, 0xd0, 0xa9, 0xdf, 0xf1, 0x3d, 0xdc, 0xb0, 0x06, 0x1c, 0xe4, 0x4b,
+      0x57, 0xb4, 0x0c, 0x65, 0xb9, 0xb4, 0x6c
+    };
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_CERTID *cid = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    BIO* bio1 = NULL;
+    BIO* bio2 = NULL;
+    X509* cert = NULL;
+    X509* empty = NULL;
+    X509 *issuer = NULL;
+    X509_LOOKUP *lookup = NULL;
+    X509_STORE *store = NULL;
+    STACK_OF(X509_OBJECT) *str_objs = NULL;
+    X509_OBJECT *x509_obj = NULL;
+    STACK_OF(WOLFSSL_STRING) *skStr = NULL;
+
+    ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
+    ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
+    ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
+
+    /* Load the leaf cert */
+    ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
+            "certs/ocsp/server1-cert.pem", WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_get1_ocsp(NULL));
+    ExpectNotNull(skStr = wolfSSL_X509_get1_ocsp(cert));
+    wolfSSL_X509_email_free(NULL);
+    wolfSSL_X509_email_free(skStr);
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectNull(wolfSSL_X509_get1_ocsp(empty));
+    wolfSSL_X509_free(empty);
+
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
+    ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ocsp/server1-cert.pem",
+            X509_FILETYPE_PEM), 1);
+    ExpectNotNull(str_objs = X509_STORE_get0_objects(store));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509, NULL));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs, X509_LU_X509, NULL));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509,
+            X509_get_issuer_name(cert)));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs,
+            X509_LU_CRL, X509_get_issuer_name(cert)));
+    ExpectNotNull(x509_obj = X509_OBJECT_retrieve_by_subject(str_objs,
+            X509_LU_X509, X509_get_issuer_name(cert)));
+    ExpectNotNull(issuer = X509_OBJECT_get0_X509(x509_obj));
+    ExpectTrue(wolfSSL_X509_OBJECT_get_type(NULL) == WOLFSSL_X509_LU_NONE);
+#ifndef NO_WOLFSSL_STUB
+    /* Not implemented and not in OpenSSL 1.1.0+ */
+    wolfSSL_X509_OBJECT_free_contents(x509_obj);
+#endif
+    wolfSSL_X509_OBJECT_free(NULL);
+
+    ExpectNotNull(req = OCSP_REQUEST_new());
+    ExpectNotNull(cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer));
+    ExpectNotNull(OCSP_request_add0_id(req, cid));
+    ExpectIntEQ(OCSP_request_add1_nonce(req, NULL, -1), 1);
+
+    ExpectNotNull(ctx = OCSP_sendreq_new(bio1, "/", NULL, -1));
+    ExpectIntEQ(OCSP_REQ_CTX_add1_header(ctx, "Host", "127.0.0.1"), 1);
+    ExpectIntEQ(OCSP_REQ_CTX_set1_req(ctx, req), 1);
+    ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1);
+    ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)),
+            sizeof(ocspRespBin));
+#ifndef NO_ASN_TIME
+    ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0);
+    ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1);
+    ExpectIntEQ(wc_SetTimeCb(NULL), 0);
+    ExpectNotNull(rsp);
+#endif
+
+    OCSP_REQ_CTX_free(ctx);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(rsp);
+    BIO_free(bio1);
+    BIO_free(bio2);
+    X509_free(cert);
+    X509_STORE_free(store);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_PKEY_derive(void)
 {
     EXPECT_DECLS;
@@ -50798,7 +67120,8 @@ static int test_wc_CreateEncryptedPKCS8Key(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
- && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
+ && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \
+    !defined(NO_ASN_CRYPT)
     WC_RNG rng;
     byte* encKey = NULL;
     word32 encKeySz = 0;
@@ -50809,26 +67132,28 @@ static int test_wc_CreateEncryptedPKCS8Key(void)
 
     XMEMSET(&rng, 0, sizeof(WC_RNG));
     ExpectIntEQ(wc_InitRng(&rng), 0);
+    PRIVATE_KEY_UNLOCK();
     /* Call with NULL for out buffer to get necessary length. */
     ExpectIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
-        sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz,
+        sizeof_server_key_der_2048, NULL, &encKeySz, password, (int)passwordSz,
         PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
         DYNAMIC_TYPE_TMP_BUFFER));
     /* Call with the allocated out buffer. */
     ExpectIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
-        sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz,
+        sizeof_server_key_der_2048, encKey, &encKeySz, password, (int)passwordSz,
         PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
         0);
     /* Decrypt the encrypted PKCS8 key we just made. */
-    ExpectIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password,
-        passwordSz)), 0);
+    ExpectIntGT((decKeySz = (word32)wc_DecryptPKCS8Key(encKey, encKeySz, password,
+        (int)passwordSz)), 0);
     /* encKey now holds the decrypted key (decrypted in place). */
     ExpectIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0);
     /* Check that the decrypted key matches the key prior to encryption. */
     ExpectIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048,
         sizeof_server_key_der_2048), 0);
+    PRIVATE_KEY_LOCK();
 
     XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_FreeRng(&rng);
@@ -50844,6 +67169,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     int derSz = 0;
     word32 inOutIdx;
     const char* path = "./certs/server-keyPkcs8.der";
+    const char* pathAttributes = "./certs/ca-key-pkcs8-attribute.der";
     XFILE file = XBADFILE;
     byte der[2048];
 
@@ -50851,27 +67177,38 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
     if (file != XBADFILE)
         XFCLOSE(file);
+    file = XBADFILE; /* reset file to avoid warning of use after close */
 
     /* valid case */
     inOutIdx = 0;
-    ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz),
+    ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
         0);
 
     /* inOutIdx > sz */
     inOutIdx = 4000;
-    ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz),
-        BAD_FUNC_ARG);
+    ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* null input */
     inOutIdx = 0;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* invalid input, fill buffer with 1's */
     XMEMSET(der, 1, sizeof(der));
     inOutIdx = 0;
-    ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz),
-        ASN_PARSE_E);
+    ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    /* test parsing with attributes */
+    ExpectTrue((file = XFOPEN(pathAttributes, "rb")) != XBADFILE);
+    ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
+    if (file != XBADFILE)
+        XFCLOSE(file);
+
+    inOutIdx = 0;
+    ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx,
+        (word32)derSz), 0);
 #endif /* NO_ASN */
     return EXPECT_RESULT();
 }
@@ -50923,7 +67260,7 @@ static int test_wc_SetIssuerRaw(void)
     const char* joiCertFile = "./certs/test/cert-ext-joi.der";
     WOLFSSL_X509* x509 = NULL;
     int peerCertSz;
-    const byte* peerCertBuf;
+    const byte* peerCertBuf = NULL;
     Cert forgedCert;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
@@ -50948,7 +67285,7 @@ static int test_wc_SetIssueBuffer(void)
     const char* joiCertFile = "./certs/test/cert-ext-joi.der";
     WOLFSSL_X509* x509 = NULL;
     int peerCertSz;
-    const byte* peerCertBuf;
+    const byte* peerCertBuf = NULL;
     Cert forgedCert;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
@@ -50979,7 +67316,7 @@ static int test_wc_SetSubjectKeyId(void)
     ExpectIntEQ(0, wc_InitCert(&cert));
     ExpectIntEQ(0, wc_SetSubjectKeyId(&cert, file));
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubjectKeyId(NULL, file));
     ExpectIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
 #endif
     return EXPECT_RESULT();
@@ -50999,7 +67336,7 @@ static int test_wc_SetSubject(void)
     ExpectIntEQ(0, wc_InitCert(&cert));
     ExpectIntEQ(0, wc_SetSubject(&cert, file));
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubject(NULL, file));
     ExpectIntGT(0, wc_SetSubject(&cert, "badfile.name"));
 #endif
     return EXPECT_RESULT();
@@ -51017,37 +67354,37 @@ static int test_CheckCertSignature(void)
     int   certSz;
 #endif
 
-    ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, NULL));
     ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
-    ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, cm));
 
 #ifndef NO_RSA
 #ifdef USE_CERT_BUFFERS_1024
-    ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_1024,
                 sizeof_server_cert_der_1024, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_cert_der_1024, sizeof_ca_cert_der_1024,
                 WOLFSSL_FILETYPE_ASN1));
-    ExpectIntEQ(0, CheckCertSignature(server_cert_der_1024,
+    ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024,
                 sizeof_server_cert_der_1024, NULL, cm));
 #elif defined(USE_CERT_BUFFERS_2048)
-    ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_2048,
                 sizeof_server_cert_der_2048, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_cert_der_2048, sizeof_ca_cert_der_2048,
                 WOLFSSL_FILETYPE_ASN1));
-    ExpectIntEQ(0, CheckCertSignature(server_cert_der_2048,
+    ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_2048,
                 sizeof_server_cert_der_2048, NULL, cm));
 #endif
 #endif
 
 #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-    ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(serv_ecc_der_256,
                 sizeof_serv_ecc_der_256, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
                 WOLFSSL_FILETYPE_ASN1));
-    ExpectIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
+    ExpectIntEQ(0, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
                 NULL, cm));
 #endif
 
@@ -51062,10 +67399,10 @@ static int test_CheckCertSignature(void)
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-cert.pem", NULL));
-    ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
 #endif
 #ifdef HAVE_ECC
     ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE);
@@ -51074,10 +67411,10 @@ static int test_CheckCertSignature(void)
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-ecc-cert.pem", NULL));
-    ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
 #endif
 #endif
 
@@ -51133,19 +67470,22 @@ static int test_wc_ParseCert_Error(void)
     const byte c4[] = { 0x02, 0x80, 0x10, 0x00, 0x00};
 
     /* Test data */
-    const struct testStruct {
+    struct testStruct {
         const byte* c;
-        const int cSz;
-        const int expRet;
-    } t[] = {
-        {c0, sizeof(c0), ASN_PARSE_E}, /* Invalid bit-string length */
-        {c1, sizeof(c1), ASN_PARSE_E}, /* Invalid bit-string length */
-        {c2, sizeof(c2), ASN_PARSE_E}, /* Invalid integer length (zero) */
-        {c3, sizeof(c3), ASN_PARSE_E}, /* Valid INTEGER, but buffer too short */
-        {c4, sizeof(c4), ASN_PARSE_E}, /* Valid INTEGER, but not in bit-string */
-    };
+        word32 cSz;
+        int expRet;
+    } t[5];
     const int tSz = (int)(sizeof(t) / sizeof(struct testStruct));
 
+    #define INIT_TEST_DATA(i,x,y) \
+        t[i].c = x; t[i].cSz = sizeof(x); t[i].expRet = y
+    INIT_TEST_DATA(0, c0, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(1, c1, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(2, c2, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(3, c3, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(4, c4, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    #undef INIT_TEST_DATA
+
     for (i = 0; i < tSz; i++) {
         WOLFSSL_MSG_EX("i == %d", i);
         wc_InitDecodedCert(&decodedCert, t[i].c, t[i].cSz, NULL);
@@ -51204,7 +67544,7 @@ static int test_MakeCertWithPathLen(void)
     ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der,
         FOURK_BUF, NULL, &key, &rng), 0);
 
-    wc_InitDecodedCert(&decodedCert, der, derSize, NULL);
+    wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL);
     ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
     ExpectIntEQ(decodedCert.pathLength, expectedPathLen);
 
@@ -51217,6 +67557,74 @@ static int test_MakeCertWithPathLen(void)
     return EXPECT_RESULT();
 }
 
+static int test_MakeCertWith0Ser(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \
+    defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) && \
+    defined(WOLFSSL_ASN_TEMPLATE)
+    Cert cert;
+    DecodedCert decodedCert;
+    byte der[FOURK_BUF];
+    int derSize = 0;
+    WC_RNG rng;
+    ecc_key key;
+    int ret;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&cert, 0, sizeof(Cert));
+    XMEMSET(&decodedCert, 0, sizeof(DecodedCert));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0);
+    ExpectIntEQ(wc_InitCert(&cert), 0);
+
+    (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE);
+    (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE);
+    (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE);
+    (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE);
+    (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com",
+        CTC_NAME_SIZE);
+    (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com",
+        CTC_NAME_SIZE);
+
+    cert.selfSigned = 1;
+    cert.isCA       = 1;
+    cert.sigType    = CTC_SHA256wECDSA;
+
+#ifdef WOLFSSL_CERT_EXT
+    cert.keyUsage |= KEYUSE_KEY_CERT_SIGN;
+#endif
+
+    /* set serial number to 0 */
+    cert.serialSz  = 1;
+    cert.serial[0] = 0;
+
+    ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0);
+    ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der,
+        FOURK_BUF, NULL, &key, &rng), 0);
+
+    wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL);
+
+#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON)
+    ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL),
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+#else
+    ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
+#endif
+
+    wc_FreeDecodedCert(&decodedCert);
+    ret = wc_ecc_free(&key);
+    ExpectIntEQ(ret, 0);
+    ret = wc_FreeRng(&rng);
+    ExpectIntEQ(ret, 0);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_MakeCertWithCaFalse(void)
 {
     EXPECT_DECLS;
@@ -51287,7 +67695,7 @@ static int test_wc_ecc_get_curve_size_from_name(void)
     /* invalid case */
     ExpectIntEQ(wc_ecc_get_curve_size_from_name("BADCURVE"), -1);
     /* NULL input */
-    ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* HAVE_ECC */
     return EXPECT_RESULT();
 }
@@ -51303,7 +67711,7 @@ static int test_wc_ecc_get_curve_id_from_name(void)
     /* invalid case */
     ExpectIntEQ(wc_ecc_get_curve_id_from_name("BADCURVE"), -1);
     /* NULL input */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif /* HAVE_ECC */
     return EXPECT_RESULT();
 }
@@ -51342,7 +67750,7 @@ static int test_wc_ecc_get_curve_id_from_dp_params(void)
         }
     #endif
     /* invalid case, NULL input*/
-    ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wolfSSL_EC_KEY_free(ecKey);
 
@@ -51428,7 +67836,7 @@ static int test_wc_ecc_get_curve_id_from_params(void)
     /* invalid case, NULL prime */
     ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
         Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
-        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), BAD_FUNC_ARG);
+        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* invalid case, invalid prime */
     ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
@@ -51441,8 +67849,7 @@ static int test_wc_ecc_get_curve_id_from_params(void)
 static int test_wolfSSL_EVP_PKEY_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     WOLFSSL_RSA* rsa = NULL;
     WOLFSSL_EVP_PKEY* pkey = NULL;
     WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
@@ -51550,7 +67957,7 @@ static int test_wolfSSL_EVP_PKEY_encrypt(void)
 }
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
         #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
@@ -51578,7 +67985,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA)
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     WOLFSSL_RSA* rsa = NULL;
 #endif
@@ -51628,7 +68035,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     switch (keyType) {
         case EVP_PKEY_RSA:
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
         {
             ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
@@ -51665,7 +68072,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
     ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA)
         ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
@@ -51686,7 +68093,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
     ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL));
     ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA)
         ExpectIntEQ(
@@ -51699,10 +68106,10 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
         WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_PKEY_verify(
         ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     if (keyType == EVP_PKEY_RSA) {
     #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
@@ -51771,7 +68178,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
+    !defined(HAVE_SELFTEST)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS);
 #endif
@@ -51808,8 +68215,8 @@ static int test_EVP_PKEY_rsa(void)
 
     ExpectNotNull(rsa = wolfSSL_RSA_new());
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_RSA_free(rsa);
@@ -51830,10 +68237,10 @@ static int test_EVP_PKEY_ec(void)
 
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should fail since ecKey is empty */
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
@@ -51955,9 +68362,11 @@ static int test_ERR_load_crypto_strings(void)
 }
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
+static WOLFSSL_X509 x1;
+static WOLFSSL_X509 x2;
 static void free_x509(X509* x)
 {
-    AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
+    AssertIntEQ((x == &x1 || x == &x2), 1);
 }
 #endif
 
@@ -51968,7 +68377,7 @@ static int test_sk_X509(void)
     {
         STACK_OF(X509)* s = NULL;
 
-        ExpectNotNull(s = sk_X509_new_null());
+        ExpectNotNull(s = wolfSSL_sk_X509_new(NULL));
         ExpectIntEQ(sk_X509_num(s), 0);
         sk_X509_pop_free(s, NULL);
 
@@ -51977,14 +68386,25 @@ static int test_sk_X509(void)
         sk_X509_pop_free(s, NULL);
 
         ExpectNotNull(s = sk_X509_new_null());
-        sk_X509_push(s, (X509*)1);
+
+        /* Test invalid parameters. */
+        ExpectIntEQ(sk_X509_push(NULL, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(sk_X509_push(s, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(sk_X509_push(NULL, (X509*)1), WOLFSSL_FAILURE);
+        ExpectNull(sk_X509_pop(NULL));
+        ExpectNull(sk_X509_value(NULL, 0));
+        ExpectNull(sk_X509_value(NULL, 1));
+
+        sk_X509_push(s, &x1);
         ExpectIntEQ(sk_X509_num(s), 1);
-        ExpectIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
-        sk_X509_push(s, (X509*)2);
+        ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1);
+        sk_X509_push(s, &x2);
         ExpectIntEQ(sk_X509_num(s), 2);
-        ExpectIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
-        ExpectIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
-        sk_X509_push(s, (X509*)2);
+        ExpectNull(sk_X509_value(s, 2));
+        ExpectIntEQ((sk_X509_value(s, 0) == &x2), 1);
+        ExpectIntEQ((sk_X509_value(s, 1) == &x1), 1);
+        sk_X509_push(s, &x2);
+
         sk_X509_pop_free(s, free_x509);
     }
 
@@ -52047,6 +68467,8 @@ static int test_sk_X509(void)
             ExpectIntEQ((x == z), 1);
             ExpectIntEQ(sk_X509_num(s), len - 1 - i);
         }
+        ExpectNull(sk_X509_shift(NULL));
+        ExpectNull(sk_X509_shift(s));
 
         sk_free(s);
 
@@ -52064,6 +68486,150 @@ static int test_sk_X509_CRL(void)
     X509_CRL* crl = NULL;
     XFILE fp = XBADFILE;
     STACK_OF(X509_CRL)* s = NULL;
+#ifndef NO_BIO
+    BIO* bio = NULL;
+#endif
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    RevokedCert* rev = NULL;
+    byte buff[1024];
+    int len = 0;
+#endif
+#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
+    !defined(NO_BIO)
+    X509_CRL empty;
+#endif
+    WOLFSSL_X509_REVOKED revoked;
+    WOLFSSL_ASN1_INTEGER* asnInt = NULL;
+    const WOLFSSL_ASN1_INTEGER* sn;
+
+#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
+    !defined(NO_BIO)
+    XMEMSET(&empty, 0, sizeof(X509_CRL));
+#endif
+
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new_file("./certs/crl/crl.der", "rb"));
+    ExpectNull(wolfSSL_d2i_X509_CRL_bio(NULL, NULL));
+    ExpectNotNull(crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, crl), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, &empty), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, crl), WOLFSSL_SUCCESS);
+#ifndef NO_ASN_TIME
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1466);
+#else
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1324);
+#endif
+    BIO_free(bio);
+
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+#endif
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE);
+    ExpectNotNull(crl = d2i_X509_CRL_fp(fp, (X509_CRL **)NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+
+    ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE);
+    ExpectIntEQ(len = (int)XFREAD(buff, 1, sizeof(buff), fp), 520);
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    ExpectNull(crl = d2i_X509_CRL((X509_CRL **)NULL, NULL, len));
+    ExpectNotNull(crl = d2i_X509_CRL((X509_CRL **)NULL, buff, len));
+    ExpectNotNull(rev = crl->crlList->certs);
+
+    ExpectNull(wolfSSL_X509_CRL_get_issuer_name(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_issuer_name(&empty));
+    ExpectIntEQ(wolfSSL_X509_CRL_version(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_version(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl , NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &len), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &len),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev , NULL, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, &len),
+        BAD_FUNC_ARG);
+    ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(&empty));
+    ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(&empty));
+
+    ExpectNotNull(wolfSSL_X509_CRL_get_issuer_name(crl));
+    ExpectIntEQ(wolfSSL_X509_CRL_version(crl), 2);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(crl), CTC_SHA256wRSA);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(crl),
+        WC_NID_sha256WithRSAEncryption);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 256);
+    len--;
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), BUFFER_E);
+    len += 2;
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 256);
+    ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(crl));
+    ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(crl));
+
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, NULL, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 1);
+    len--;
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len),
+        BUFFER_E);
+    len += 2;
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 1);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(&revoked), 0);
+    ExpectNull(wolfSSL_X509_CRL_get_REVOKED(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_REVOKED(crl));
+    ExpectNull(wolfSSL_sk_X509_REVOKED_value(NULL, 0));
+    ExpectNull(wolfSSL_sk_X509_REVOKED_value(&revoked, 0));
+    ExpectIntEQ(wolfSSL_X509_CRL_verify(NULL, NULL), 0);
+    ExpectIntEQ(X509_OBJECT_set1_X509_CRL(NULL, NULL), 0);
+    ExpectIntEQ(X509_OBJECT_set1_X509(NULL, NULL), 0);
+#endif
+
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+#endif
+
+    ExpectNotNull(asnInt = wolfSSL_ASN1_INTEGER_new());
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(asnInt, 1), 1);
+    revoked.serialNumber = asnInt;
+    ExpectNull(wolfSSL_X509_REVOKED_get0_serial_number(NULL));
+    ExpectNotNull(sn = wolfSSL_X509_REVOKED_get0_serial_number(&revoked));
+    ExpectPtrEq(sn, asnInt);
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(NULL));
+    ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(&revoked));
+#endif
+    wolfSSL_ASN1_INTEGER_free(asnInt);
 
     ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE);
     ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
@@ -52072,6 +68638,13 @@ static int test_sk_X509_CRL(void)
         XFCLOSE(fp);
 
     ExpectNotNull(s = sk_X509_CRL_new());
+
+    ExpectIntEQ(sk_X509_CRL_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(sk_X509_CRL_push(NULL, crl), WOLFSSL_FAILURE);
+    ExpectIntEQ(sk_X509_CRL_push(s, NULL), WOLFSSL_FAILURE);
+    ExpectNull(sk_X509_CRL_value(NULL, 0));
+    ExpectIntEQ(sk_X509_CRL_num(NULL), 0);
+
     ExpectIntEQ(sk_X509_CRL_num(s), 0);
     ExpectIntEQ(sk_X509_CRL_push(s, crl), 1);
     if (EXPECT_FAIL()) {
@@ -52079,6 +68652,7 @@ static int test_sk_X509_CRL(void)
     }
     ExpectIntEQ(sk_X509_CRL_num(s), 1);
     ExpectPtrEq(sk_X509_CRL_value(s, 0), crl);
+
     sk_X509_CRL_free(s);
 #endif
     return EXPECT_RESULT();
@@ -52129,7 +68703,11 @@ static int test_X509_REQ(void)
 #ifdef HAVE_ECC
     const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
     const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
+    BIO* bio = NULL;
 #endif
+    unsigned char tooLongPassword[WC_CTC_NAME_SIZE + 1];
+
+    XMEMSET(tooLongPassword, 0, sizeof(tooLongPassword));
 
     ExpectNotNull(name = X509_NAME_new());
     ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
@@ -52143,16 +68721,19 @@ static int test_X509_REQ(void)
     ExpectNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
         (long)sizeof_client_keypub_der_2048));
     ExpectNotNull(req = X509_REQ_new());
-    ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
-    ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
-    ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(i2d_X509_REQ(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_X509_REQ(req, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_X509_REQ(NULL, &der), BAD_FUNC_ARG);
     len = i2d_X509_REQ(req, &der);
     DEBUG_WRITE_DER(der, len, "req.der");
 #ifdef USE_CERT_BUFFERS_1024
@@ -52166,6 +68747,9 @@ static int test_X509_REQ(void)
     mctx = EVP_MD_CTX_new();
     ExpectIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv),
         WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_sign_ctx(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign_ctx(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign_ctx(NULL, mctx), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
 
     EVP_MD_CTX_free(mctx);
@@ -52220,8 +68804,13 @@ static int test_X509_REQ(void)
     /* Signature is random and may be shorter or longer. */
     ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245);
     ExpectIntLE(len, 253);
+    ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+    ExpectIntEQ(X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_print(bio, NULL), WOLFSSL_FAILURE);
+    BIO_free(bio);
     XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
     X509_REQ_free(req);
+    req = NULL;
     EVP_PKEY_free(pub);
     EVP_PKEY_free(priv);
 
@@ -52231,6 +68820,140 @@ static int test_X509_REQ(void)
 #endif /* HAVE_ECC */
 
     X509_NAME_free(name);
+
+    ExpectNull(wolfSSL_X509_REQ_get_extensions(NULL));
+    /* Stub function. */
+    ExpectNull(wolfSSL_X509_to_X509_REQ(NULL, NULL, NULL));
+
+    ExpectNotNull(req = X509_REQ_new());
+#ifdef HAVE_LIBEST
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name",
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+
+
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL,
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+
+    /* Unsupported bytes. */
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.23", 16), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecpublicKey",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.2.1", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecdsa-with-SHA384",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.4.3.3", -1),
+        WOLFSSL_SUCCESS);
+#else
+    /* Stub function. */
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+#endif
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, NULL, -1), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber,
+        WOLFSSL_MBSTRING_ASC, (byte*)"123456", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber,
+        WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_unstructuredName,
+        WOLFSSL_MBSTRING_ASC, (byte*)"name", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_contentType,
+        WOLFSSL_MBSTRING_ASC, (byte*)"type", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_surname,
+        WOLFSSL_MBSTRING_ASC, (byte*)"surname", 7), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_initials,
+        WOLFSSL_MBSTRING_ASC, (byte*)"s.g", 3), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_givenName,
+        WOLFSSL_MBSTRING_ASC, (byte*)"givenname", 9), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_dnQualifier,
+        WOLFSSL_MBSTRING_ASC, (byte*)"dnQualifier", 11), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_REQ_free(req);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_REQ_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
+    WOLFSSL_X509* req = NULL;
+    XFILE fp = XBADFILE;
+    const char* csrFileName = "certs/csr.attr.der";
+    const char* csrExtFileName = "certs/csr.ext.der";
+    BIO* bio = NULL;
+
+    ExpectTrue((fp = XFOPEN(csrFileName, "rb")) != XBADFILE);
+    ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 2681);
+
+    BIO_free(bio);
+    bio = NULL;
+    wolfSSL_X509_REQ_free(req);
+    req = NULL;
+
+    ExpectTrue((fp = XFOPEN(csrExtFileName, "rb")) != XBADFILE);
+    ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+    }
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1889);
+
+    BIO_free(bio);
+    wolfSSL_X509_REQ_free(req);
 #endif
     return EXPECT_RESULT();
 }
@@ -52252,28 +68975,28 @@ static int test_wolfssl_PKCS7(void)
     byte*  out = NULL;
 #endif
 
-    ExpectIntGT((len = CreatePKCS7SignedData(data, len, content,
+    ExpectIntGT((len = (word32)CreatePKCS7SignedData(data, (int)len, content,
         (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0);
 
-    ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
+    ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, (int)len));
     ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
-    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
+    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
-        PKCS7_NOVERIFY), WOLFSSL_FAILURE);
+        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
     /* fail case, without PKCS7_NOVERIFY */
     p = data;
-    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
+    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
-        0), WOLFSSL_FAILURE);
+        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
     /* success case, with PKCS7_NOVERIFY */
     p = data;
-    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
+    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
         PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
 
@@ -52333,6 +69056,10 @@ static int test_wolfSSL_PKCS7_sign(void)
     EVP_PKEY* signKey = NULL;
     X509* caCert = NULL;
     X509_STORE* store = NULL;
+#ifndef NO_PKCS7_STREAM
+    int z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
 
     /* read signer cert/key into BIO */
     ExpectNotNull(certBio = BIO_new_file(cert, "r"));
@@ -52377,7 +69104,24 @@ static int test_wolfSSL_PKCS7_sign(void)
         /* verify with wc_PKCS7_VerifySignedData */
         ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
         ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0);
+
+    #ifndef NO_PKCS7_STREAM
+        /* verify with wc_PKCS7_VerifySignedData streaming */
+        wc_PKCS7_Free(p7Ver);
+        p7Ver = NULL;
+        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
+        /* test for streaming */
+        ret = -1;
+        for (z = 0; z < outLen && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
 
         /* compare the signer found to expected signer */
         ExpectIntNE(p7Ver->verifyCertSz, 0);
@@ -52447,10 +69191,30 @@ static int test_wolfSSL_PKCS7_sign(void)
             p7Ver->content = data;
             p7Ver->contentSz = sizeof(data);
         }
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0);
         wc_PKCS7_Free(p7Ver);
         p7Ver = NULL;
 
+    #ifndef NO_PKCS7_STREAM
+        /* verify with wc_PKCS7_VerifySignedData streaming */
+        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (p7Ver != NULL) {
+            p7Ver->content = data;
+            p7Ver->contentSz = sizeof(data);
+        }
+        /* test for streaming */
+        ret = -1;
+        for (z = 0; z < outLen && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        wc_PKCS7_Free(p7Ver);
+        p7Ver = NULL;
+    #endif /* !NO_PKCS7_STREAM */
+
         /* verify expected failure (NULL return) from d2i_PKCS7, it does not
          * yet support detached content */
         tmpPtr = out;
@@ -52484,11 +69248,33 @@ static int test_wolfSSL_PKCS7_sign(void)
             p7Ver->content = data;
             p7Ver->contentSz = sizeof(data);
         }
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0);
         wc_PKCS7_Free(p7Ver);
         p7Ver = NULL;
 
         ExpectNotNull(out);
+
+    #ifndef NO_PKCS7_STREAM
+        /* verify with wc_PKCS7_VerifySignedData streaming */
+        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (p7Ver != NULL) {
+            p7Ver->content = data;
+            p7Ver->contentSz = sizeof(data);
+        }
+        /* test for streaming */
+        ret = -1;
+        for (z = 0; z < outLen && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectNotNull(out);
+        wc_PKCS7_Free(p7Ver);
+        p7Ver = NULL;
+    #endif /* !NO_PKCS7_STREAM */
+
         XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         PKCS7_free(p7);
         p7 = NULL;
@@ -52657,6 +69443,7 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void)
 }
 
 #ifdef HAVE_SMIME
+/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */
 static int test_wolfSSL_SMIME_read_PKCS7(void)
 {
     EXPECT_DECLS;
@@ -52671,7 +69458,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
     XFILE smimeTestFile = XBADFILE;
 
-    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r")) !=
+    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) !=
         XBADFILE);
 
     /* smime-test.p7s */
@@ -52682,53 +69469,70 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     ExpectNotNull(pkcs7);
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
         PKCS7_NOVERIFY), SSL_SUCCESS);
-    XFCLOSE(smimeTestFile);
+    if (smimeTestFile != XBADFILE) {
+        XFCLOSE(smimeTestFile);
+        smimeTestFile = XBADFILE;
+    }
     if (bcont) BIO_free(bcont);
     bcont = NULL;
     wolfSSL_PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
     /* smime-test-multipart.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb");
+    ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
     ExpectNotNull(pkcs7);
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
         PKCS7_NOVERIFY), SSL_SUCCESS);
-    XFCLOSE(smimeTestFile);
+    if (smimeTestFile != XBADFILE) {
+        XFCLOSE(smimeTestFile);
+        smimeTestFile = XBADFILE;
+    }
     if (bcont) BIO_free(bcont);
     bcont = NULL;
     wolfSSL_PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
     /* smime-test-multipart-badsig.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s",
+        "rb");
+    ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
     ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
-        PKCS7_NOVERIFY), SSL_FAILURE);
-    XFCLOSE(smimeTestFile);
+        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    if (smimeTestFile != XBADFILE) {
+        XFCLOSE(smimeTestFile);
+        smimeTestFile = XBADFILE;
+    }
     if (bcont) BIO_free(bcont);
     bcont = NULL;
     wolfSSL_PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
     /* smime-test-canon.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
+    ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
     ExpectNotNull(pkcs7);
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
         PKCS7_NOVERIFY), SSL_SUCCESS);
-    XFCLOSE(smimeTestFile);
+    if (smimeTestFile != XBADFILE) {
+        XFCLOSE(smimeTestFile);
+        smimeTestFile = XBADFILE;
+    }
     if (bcont) BIO_free(bcont);
     bcont = NULL;
     wolfSSL_PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
     /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
+    ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
     ExpectNotNull(pkcs7);
@@ -52748,6 +69552,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
 #endif
     return EXPECT_RESULT();
 }
+/* // NOLINTEND(clang-analyzer-unix.Stream) */
 
 static int test_wolfSSL_SMIME_write_PKCS7(void)
 {
@@ -52962,7 +69767,7 @@ static int test_X509_STORE_No_SSL_CTX(void)
 
     /* Perform verification, which should NOT indicate CRL missing due to the
      * store CM's X509 store pointer being NULL */
-    ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
+    ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
 
     X509_CRL_free(crl);
     X509_STORE_free(store);
@@ -53033,7 +69838,7 @@ static int test_X509_LOOKUP_add_dir(void)
     ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
 
     /* Perform verification, which should NOT return CRL missing */
-    ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
+    ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
 
     X509_CRL_free(crl);
     crl = NULL;
@@ -53081,8 +69886,9 @@ static int test_X509_LOOKUP_add_dir(void)
 
     /* Now we SHOULD get CRL_MISSING, because we looked for PEM
      * in dir containing only ASN1/DER. */
-    ExpectIntEQ(X509_verify_cert(storeCtx), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_MISSING);
+    ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx),
+            X509_V_ERR_UNABLE_TO_GET_CRL);
 
     X509_CRL_free(crl);
     X509_STORE_free(store);
@@ -53144,7 +69950,7 @@ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
     (void)ca;
 #endif
 
-    ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz,
+    ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, (long int)cert_sz,
         WOLFSSL_FILETYPE_ASN1);
     /* Let ExpectIntEQ handle return code */
 
@@ -53165,16 +69971,20 @@ static int test_RsaSigFailure_cm(void)
     size_t cert_sz = 0;
 
     ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0);
-    if (cert_buf != NULL) {
+    if ((cert_buf != NULL) && (cert_sz > 0)) {
         /* corrupt DER - invert last byte, which is signature */
         cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
         /* test bad cert */
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
-           WOLFSSL_FATAL_ERROR);
+           WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+#elif defined(NO_ASN_CRYPT)
+        /* RSA verify is not called when ASN crypt support is disabled */
+        ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
+           WOLFSSL_SUCCESS);
 #else
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
-           ASN_SIG_CONFIRM_E);
+           WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E));
 #endif
     }
 
@@ -53197,17 +70007,21 @@ static int test_EccSigFailure_cm(void)
     size_t cert_sz = 0;
 
     ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0);
-    if (cert_buf != NULL) {
+    if (cert_buf != NULL && cert_sz > 0) {
         /* corrupt DER - invert last byte, which is signature */
         cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
 
         /* test bad cert */
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
-           WOLFSSL_FATAL_ERROR);
+           WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+#elif defined(NO_ASN_CRYPT)
+        /* ECC verify is not called when ASN crypt support is disabled */
+        ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
+           WOLFSSL_SUCCESS);
 #else
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
-           ASN_SIG_CONFIRM_E);
+           WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E));
 #endif
     }
 
@@ -53241,7 +70055,10 @@ static       char earlyDataBuffer[1];
 static int test_tls13_apis(void)
 {
     EXPECT_DECLS;
+#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \
+    (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
     int          ret;
+#endif
 #ifndef WOLFSSL_NO_TLS12
 #ifndef NO_WOLFSSL_CLIENT
     WOLFSSL_CTX* clientTls12Ctx = NULL;
@@ -53260,8 +70077,13 @@ static int test_tls13_apis(void)
     WOLFSSL_CTX* serverCtx = NULL;
     WOLFSSL*     serverSsl = NULL;
 #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#ifndef NO_RSA
     const char*  ourCert = svrCertFile;
     const char*  ourKey  = svrKeyFile;
+#elif defined(HAVE_ECC)
+    const char*  ourCert = eccCertFile;
+    const char*  ourKey  = eccKeyFile;
+#endif
 #endif
 #endif
     int          required;
@@ -53270,8 +70092,24 @@ static int test_tls13_apis(void)
 #endif
 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
     int          groups[2] = { WOLFSSL_ECC_SECP256R1,
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifndef WOLFSSL_NO_KYBER512
                                WOLFSSL_KYBER_LEVEL1
+    #elif !defined(WOLFSSL_NO_KYBER768)
+                               WOLFSSL_KYBER_LEVEL3
+    #else
+                               WOLFSSL_KYBER_LEVEL5
+    #endif
+#else
+    #ifndef WOLFSSL_NO_ML_KEM_512
+                               WOLFSSL_ML_KEM_512
+    #elif !defined(WOLFSSL_NO_ML_KEM_768)
+                               WOLFSSL_ML_KEM_768
+    #else
+                               WOLFSSL_ML_KEM_1024
+    #endif
+#endif
 #else
                                WOLFSSL_ECC_SECP256R1
 #endif
@@ -53283,27 +70121,75 @@ static int test_tls13_apis(void)
 #endif
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
     char         groupList[] =
+#ifdef HAVE_CURVE25519
+            "X25519:"
+#endif
+#ifdef HAVE_CURVE448
+            "X448:"
+#endif
 #ifndef NO_ECC_SECP
 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
-            "P-521:"
+            "P-521:secp521r1:"
 #endif
 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
-            "P-384:"
+            "P-384:secp384r1:"
 #endif
 #if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
-            "P-256"
-#ifdef HAVE_PQC
+            "P-256:secp256r1"
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MALLOC) && \
+    !defined(WOLFSSL_KYBER_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifndef WOLFSSL_NO_KYBER512
             ":P256_KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_KYBER_LEVEL3"
+    #else
+            ":P256_KYBER_LEVEL5"
+    #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":P256_ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_ML_KEM_768"
+    #else
+            ":P256_ML_KEM_1024"
+    #endif
+#endif
 #endif
 #endif
 #endif /* !defined(NO_ECC_SECP) */
-#ifdef HAVE_PQC
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MALLOC) && \
+    !defined(WOLFSSL_KYBER_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifndef WOLFSSL_NO_KYBER512
             ":KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":KYBER_LEVEL3"
+    #else
+            ":KYBER_LEVEL5"
+    #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":ML_KEM_768"
+    #else
+            ":ML_KEM_1024"
+    #endif
+#endif
 #endif
             "";
 #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
-
-    (void)ret;
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MALLOC) && \
+    !defined(WOLFSSL_KYBER_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+    int kyberLevel;
+#endif
 
 #ifndef WOLFSSL_NO_TLS12
 #ifndef NO_WOLFSSL_CLIENT
@@ -53312,10 +70198,23 @@ static int test_tls13_apis(void)
 #endif
 #ifndef NO_WOLFSSL_SERVER
     serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if !defined(NO_CERTS)
+    #if !defined(NO_FILESYSTEM)
     wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
     wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey,
         WOLFSSL_FILETYPE_PEM);
+    #elif defined(USE_CERT_BUFFERS_2048)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048,
+        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+    #elif defined(USE_CERT_BUFFERS_256)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
+        serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256,
+        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+    #endif
 #endif
     serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
 #endif
@@ -53327,23 +70226,37 @@ static int test_tls13_apis(void)
 #endif
 #ifndef NO_WOLFSSL_SERVER
     serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if !defined(NO_CERTS)
+    /* ignore load failures, since we just need the server to have a cert set */
+    #if !defined(NO_FILESYSTEM)
     wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
     wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
+    #elif defined(USE_CERT_BUFFERS_2048)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048,
+        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+    #elif defined(USE_CERT_BUFFERS_256)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256,
+        sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256,
+        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+    #endif
 #endif
     serverSsl = wolfSSL_new(serverCtx);
     ExpectNotNull(serverSsl);
 #endif
 
 #ifdef WOLFSSL_SEND_HRR_COOKIE
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
@@ -53355,16 +70268,16 @@ static int test_tls13_apis(void)
 #ifdef HAVE_SUPPORTED_CURVES
 #ifdef HAVE_ECC
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     do {
         ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 #ifndef NO_WOLFSSL_CLIENT
@@ -53372,25 +70285,25 @@ static int test_tls13_apis(void)
     do {
         ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
     do {
         ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 #elif defined(HAVE_CURVE25519)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
         WOLFSSL_SUCCESS);
@@ -53404,7 +70317,7 @@ static int test_tls13_apis(void)
         WOLFSSL_SUCCESS);
 #endif
 #elif defined(HAVE_CURVE448)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
         WOLFSSL_SUCCESS);
@@ -53419,36 +70332,56 @@ static int test_tls13_apis(void)
 #endif
 #else
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
     ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 #endif
 
-#if defined(HAVE_PQC)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MALLOC) && \
+    !defined(WOLFSSL_KYBER_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+#ifndef WOLFSSL_NO_ML_KEM
+#ifndef WOLFSSL_NO_ML_KEM_768
+    kyberLevel = WOLFSSL_ML_KEM_768;
+#elif !defined(WOLFSSL_NO_ML_KEM_1024)
+    kyberLevel = WOLFSSL_ML_KEM_1024;
+#else
+    kyberLevel = WOLFSSL_ML_KEM_512;
+#endif
+#else
+#ifndef WOLFSSL_NO_KYBER768
+    kyberLevel = WOLFSSL_KYBER_LEVEL3;
+#elif !defined(WOLFSSL_NO_KYBER1024)
+    kyberLevel = WOLFSSL_KYBER_LEVEL5;
+#else
+    kyberLevel = WOLFSSL_KYBER_LEVEL1;
+#endif
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, kyberLevel), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
+    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, kyberLevel),
         WOLFSSL_SUCCESS);
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
-        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, kyberLevel),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, kyberLevel),
         WOLFSSL_SUCCESS);
 #endif
 #endif
 
-    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
@@ -53458,32 +70391,32 @@ static int test_tls13_apis(void)
 #endif
 #endif /* HAVE_SUPPORTED_CURVES */
 
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
 #endif
@@ -53491,10 +70424,10 @@ static int test_tls13_apis(void)
     ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
 #endif
@@ -53502,143 +70435,143 @@ static int test_tls13_apis(void)
     ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
+    ExpectIntEQ(wolfSSL_update_keys(clientSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
+    ExpectIntEQ(wolfSSL_update_keys(serverSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
 #endif
 
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_request_certificate(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
+    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
 #endif
 #endif
 
 #ifdef HAVE_ECC
 #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
-    ExpectIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
+    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
 #endif
 #endif
 
 #ifdef HAVE_SUPPORTED_CURVES
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
-        BAD_FUNC_ARG);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
-    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
-        BAD_FUNC_ARG);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
-        WOLFSSL_FAILURE);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
         WOLFSSL_SUCCESS);
@@ -53648,15 +70581,15 @@ static int test_tls13_apis(void)
         WOLFSSL_SUCCESS);
 #endif
 
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
-        WOLFSSL_FAILURE);
+        WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
         WOLFSSL_SUCCESS);
@@ -53671,31 +70604,31 @@ static int test_tls13_apis(void)
 
 #ifdef WOLFSSL_EARLY_DATA
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
 #ifndef OPENSSL_EXTRA
     ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
     ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifndef OPENSSL_EXTRA
@@ -53713,11 +70646,11 @@ static int test_tls13_apis(void)
 #endif
 
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef OPENSSL_EXTRA
@@ -53735,11 +70668,11 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifndef OPENSSL_EXTRA
@@ -53757,49 +70690,49 @@ static int test_tls13_apis(void)
 
 
     ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), NULL), BAD_FUNC_ARG);
+        sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
-        sizeof(earlyData), &outSz), SIDE_ERROR);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
-        sizeof(earlyData), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #endif
 
     ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1,
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), SIDE_ERROR);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #endif
 #endif
 
@@ -53978,7 +70911,7 @@ static int test_tls13_cipher_suites(void)
         }
     }
     /* Test multiple occurrences of same cipher suite. */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     wolfSSL_free(ssl);
     ssl = NULL;
 
@@ -53997,7 +70930,7 @@ static int test_tls13_cipher_suites(void)
     /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
     ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
     /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* Check refined order - server order. */
     ExpectIntEQ(ssl->suites->suiteSz, 4);
     ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
@@ -54016,7 +70949,7 @@ static int test_tls13_cipher_suites(void)
     ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0);
     /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* Check refined order - client order. */
     ExpectIntEQ(ssl->suites->suiteSz, 4);
     ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
@@ -54098,7 +71031,7 @@ static int test_dh_ssl_setup(WOLFSSL* ssl)
     wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
     ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
     ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
-    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
+    if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) {
         ExpectIntEQ(ret, WOLFSSL_SUCCESS);
     }
     return EXPECT_RESULT();
@@ -54112,7 +71045,7 @@ static int test_dh_ssl_setup_fail(WOLFSSL* ssl)
     wolfSSL_SetDhAgreeCtx(ssl, NULL);
     ExpectNull(wolfSSL_GetDhAgreeCtx(ssl));
     ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
-    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
+    if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) {
         ExpectIntEQ(ret, WOLFSSL_SUCCESS);
     }
     return EXPECT_RESULT();
@@ -54133,7 +71066,7 @@ static int test_DhCallbacks(void)
 
     /* Test that DH callback APIs work. */
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
     /* load client ca cert */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
@@ -54179,7 +71112,7 @@ static int test_DhCallbacks(void)
     func_cb_server.method = wolfTLSv1_2_server_method;
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-        &func_cb_server, NULL), TEST_FAIL);
+        &func_cb_server, NULL), -1001);
 #endif
     return EXPECT_RESULT();
 }
@@ -54242,9 +71175,9 @@ static int test_get_rand_digit(void)
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
     ExpectIntEQ(get_rand_digit(&rng, &d), 0);
-    ExpectIntEQ(get_rand_digit(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(get_rand_digit(NULL, &d), BAD_FUNC_ARG);
-    ExpectIntEQ(get_rand_digit(&rng, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
@@ -54290,9 +71223,9 @@ static int test_mp_cond_copy(void)
     ExpectIntEQ(mp_init(&a), MP_OKAY);
     ExpectIntEQ(mp_init(&b), MP_OKAY);
 
-    ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(NULL, copy, &b), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(&a, copy, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(NULL, copy, &b), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(&a, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_cond_copy(&a, copy, &b), 0);
 
     mp_clear(&a);
@@ -54318,9 +71251,9 @@ static int test_mp_rand(void)
     ExpectIntEQ(mp_init(&a), MP_OKAY);
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
-    ExpectIntEQ(mp_rand(&a, digits, NULL), MISSING_RNG_E);
-    ExpectIntEQ(mp_rand(NULL, digits, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_rand(&a, 0, &rng), BAD_FUNC_ARG);
+    ExpectIntEQ(mp_rand(&a, digits, NULL), WC_NO_ERR_TRACE(MISSING_RNG_E));
+    ExpectIntEQ(mp_rand(NULL, digits, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_rand(&a, 0, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_rand(&a, digits, &rng), 0);
 
     mp_clear(&a);
@@ -54369,14 +71302,14 @@ static int test_wc_export_int(void)
     ExpectIntEQ(mp_set(&mp, 1234), 0);
 
     ExpectIntEQ(wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     len = sizeof(buf)-1;
     ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     len = sizeof(buf);
     ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), 0);
     len = 4; /* test input too small */
-    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), BUFFER_E);
+    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), WC_NO_ERR_TRACE(BUFFER_E));
     len = sizeof(buf);
     ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), 0);
     /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
@@ -54527,7 +71460,8 @@ static int test_wolfSSL_X509_load_crl_file(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_RSA) && !defined(NO_BIO)
+    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
     int i;
     char pem[][100] = {
         "./certs/crl/crl.pem",
@@ -54535,6 +71469,9 @@ static int test_wolfSSL_X509_load_crl_file(void)
         "./certs/crl/caEccCrl.pem",
         "./certs/crl/eccCliCRL.pem",
         "./certs/crl/eccSrvCRL.pem",
+    #ifdef WC_RSA_PSS
+        "./certs/crl/crl_rsapss.pem",
+    #endif
         ""
     };
     char der[][100] = {
@@ -54550,6 +71487,10 @@ static int test_wolfSSL_X509_load_crl_file(void)
 
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
         X509_FILETYPE_PEM), 1);
+#ifdef WC_RSA_PSS
+    ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem",
+        X509_FILETYPE_PEM), 1);
+#endif
     ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
         X509_FILETYPE_PEM), 1);
     if (store) {
@@ -54560,6 +71501,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1);
     }
 
+    ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0);
     for (i = 0; pem[i][0] != '\0'; i++) {
         ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM),
             1);
@@ -54569,7 +71511,12 @@ static int test_wolfSSL_X509_load_crl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
+#ifdef WC_RSA_PSS
+        ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
+            "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
+            WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+#endif
     }
     /* once feeing store */
     X509_STORE_free(store);
@@ -54599,7 +71546,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
     }
 
     /* test for incorrect parameter */
@@ -54620,8 +71567,15 @@ static int test_wolfSSL_i2d_X509(void)
     const unsigned char* cert_buf = server_cert_der_2048;
     unsigned char* out = NULL;
     unsigned char* tmp = NULL;
+    const unsigned char* nullPtr = NULL;
+    const unsigned char notCert[2] = { 0x30, 0x00 };
+    const unsigned char* notCertPtr = notCert;
     X509* cert = NULL;
 
+    ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048));
+    ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048));
+    ExpectNull(d2i_X509(NULL, &cert_buf, 0));
+    ExpectNull(d2i_X509(NULL, &notCertPtr, sizeof(notCert)));
     ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048));
     /* Pointer should be advanced */
     ExpectPtrGT(cert_buf, server_cert_der_2048);
@@ -54630,9 +71584,13 @@ static int test_wolfSSL_i2d_X509(void)
     tmp = out;
     ExpectIntGT(i2d_X509(cert, &tmp), 0);
     ExpectPtrGT(tmp, out);
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM)
+    ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1);
+#endif
 
-    if (out != NULL)
-        XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
     X509_free(cert);
 #endif
     return EXPECT_RESULT();
@@ -54687,10 +71645,13 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         pub_key = NULL;
     }
     {
+        X509_REQ* empty = NULL;
 #ifdef OPENSSL_ALL
-        X509_ATTRIBUTE* attr;
-        ASN1_TYPE *at;
+        X509_ATTRIBUTE* attr = NULL;
+        ASN1_TYPE *at = NULL;
 #endif
+
+        ExpectNotNull(empty = wolfSSL_X509_REQ_new());
         ExpectNotNull(bio = BIO_new_file(csrPopFile, "rb"));
         ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
 
@@ -54704,13 +71665,29 @@ static int test_wolfSSL_d2i_X509_REQ(void)
          */
         ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
 
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(NULL), 0);
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(empty), 0);
+#ifdef OPENSSL_ALL
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 2);
+#else
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 0);
+#endif
 #ifdef OPENSSL_ALL
         /*
          * Obtain the challenge password from the CSR
          */
+        ExpectIntEQ(X509_REQ_get_attr_by_NID(NULL, NID_pkcs9_challengePassword,
+            -1), -1);
         ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword,
             -1), 1);
+        ExpectNull(X509_REQ_get_attr(NULL, 3));
+        ExpectNull(X509_REQ_get_attr(req, 3));
+        ExpectNull(X509_REQ_get_attr(NULL, 0));
+        ExpectNull(X509_REQ_get_attr(empty, 0));
         ExpectNotNull(attr = X509_REQ_get_attr(req, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(attr, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 0));
         ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
         ExpectNotNull(at->value.asn1_string);
         ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string),
@@ -54724,11 +71701,12 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         bio = NULL;
         EVP_PKEY_free(pub_key);
         pub_key = NULL;
+        wolfSSL_X509_REQ_free(empty);
     }
     {
 #ifdef OPENSSL_ALL
-        X509_ATTRIBUTE* attr;
-        ASN1_TYPE *at;
+        X509_ATTRIBUTE* attr = NULL;
+        ASN1_TYPE *at = NULL;
         STACK_OF(X509_EXTENSION) *exts = NULL;
 #endif
         ExpectNotNull(bio = BIO_new_file(csrExtFile, "rb"));
@@ -54793,7 +71771,11 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         /* Run the same test, but with a file pointer instead of a BIO.
          * (PEM_read_X509_REQ)*/
         ExpectTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
-        ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
+        ExpectNull(PEM_read_X509_REQ(XBADFILE, &req, NULL, NULL));
+        if (EXPECT_SUCCESS())
+            ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
+        else if (f != XBADFILE)
+            XFCLOSE(f);
         ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
 
         X509_free(req);
@@ -54837,13 +71819,32 @@ static int test_wolfSSL_PEM_read(void)
     size_t fileDataSz = 0;
     byte* out;
 
+    ExpectNotNull(bio = BIO_new_file(filename, "rb"));
+    ExpectIntEQ(PEM_read_bio(bio, NULL, &header, &data, &len), 0);
+    ExpectIntEQ(PEM_read_bio(bio, &name, NULL, &data, &len), 0);
+    ExpectIntEQ(PEM_read_bio(bio, &name, &header, NULL, &len), 0);
+    ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, NULL), 0);
+
+    ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, &len), 1);
+    ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
+    ExpectIntGT(XSTRLEN(header), 0);
+    ExpectIntGT(len, 0);
+    XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    name = NULL;
+    XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    header = NULL;
+    XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    data = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
     ExpectTrue((fp = XFOPEN(filename, "rb")) != XBADFILE);
 
     /* Fail cases. */
-    ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
 
@@ -54875,25 +71876,52 @@ static int test_wolfSSL_PEM_read(void)
     ExpectIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
 
     /* Fail cases. */
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write(XBADFILE, name, header, data, len), 0);
+    ExpectIntEQ(PEM_write(stderr, NULL, header, data, len), 0);
+    ExpectIntEQ(PEM_write(stderr, name, NULL, data, len), 0);
+    ExpectIntEQ(PEM_write(stderr, name, header, NULL, len), 0);
+    /* Pass case */
+    ExpectIntEQ(PEM_write(stderr, name, header, data, len), fileDataSz);
+
+    XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    name = NULL;
+    XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    header = NULL;
+    XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    data = NULL;
+    /* Read out of a fixed buffer BIO - forces malloc in PEM_read_bio. */
+    ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, &len), 1);
+    ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
+    ExpectIntGT(XSTRLEN(header), 0);
+    ExpectIntGT(len, 0);
+
+    /* Fail cases. */
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_DES3
     ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
 #endif
 
     /* Fail cases. */
+    ExpectIntEQ(PEM_do_header(NULL, data, &len, PasswordCallBack,
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, NULL,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
+    ExpectIntEQ(PEM_do_header(&cipher, data, &len, NoPasswordCallBack,
+                              (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if !defined(NO_DES3) && !defined(NO_MD5)
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
                               (void*)"yassl123"), WOLFSSL_SUCCESS);
+#else
+    ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
+                              (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     BIO_free(bio);
@@ -55181,7 +72209,7 @@ static int test_wolfssl_EVP_aes_gcm(void)
         ciphertxtSz += len;
         ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG,
             AES_BLOCK_SIZE, tag));
-        ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]);
 
         EVP_CIPHER_CTX_init(&de[i]);
         if (i == 0) {
@@ -55266,7 +72294,7 @@ static int test_wolfssl_EVP_aes_gcm(void)
         ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
         ExpectIntEQ(0, len);
 
-        ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]);
     }
 #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
     return EXPECT_RESULT();
@@ -55607,19 +72635,22 @@ static int test_wolfssl_EVP_chacha20_poly1305(void)
     EVP_CIPHER_CTX* ctx = NULL;
     int outSz;
 
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+
     /* Encrypt. */
     ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
                 NULL), WOLFSSL_SUCCESS);
     /* Invalid IV length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
-                CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid IV length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
                 CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
     /* Invalid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
                 CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS);
@@ -55634,7 +72665,7 @@ static int test_wolfssl_EVP_chacha20_poly1305(void)
     ExpectIntEQ(outSz, 0);
     /* Invalid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
-                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
                 CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
@@ -55703,7 +72734,7 @@ static int test_wolfssl_EVP_chacha20(void)
                 NULL), WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                16, NULL), WOLFSSL_FAILURE);
+                16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
                 sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -55768,7 +72799,7 @@ static int test_wolfssl_EVP_sm4_ecb(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
@@ -55825,7 +72856,7 @@ static int test_wolfssl_EVP_sm4_cbc(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
         sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -55893,7 +72924,7 @@ static int test_wolfssl_EVP_sm4_ctr(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
         sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -56289,48 +73320,48 @@ static int test_wolfSSL_EVP_PKEY_hkdf(void)
     ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)));
     ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
     /* NULL ctx. */
-    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL md. */
-    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL salt is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)),
                 WOLFSSL_SUCCESS);
     /* Salt length <= 0. */
     /* Length 0 salt is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL key. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Key length <= 0 */
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL info is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)),
                 WOLFSSL_SUCCESS);
     /* Info length <= 0 */
     /* Length 0 info is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Extract and expand (default). */
     ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
     ExpectIntEQ(outKeySz, sizeof(extractAndExpand));
@@ -56371,6 +73402,7 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     BIO* bio = NULL;
     X509_INFO* info = NULL;
     STACK_OF(X509_INFO)* sk = NULL;
+    STACK_OF(X509_INFO)* sk2 = NULL;
     char* subject = NULL;
     char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/"
                   "CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
@@ -56383,12 +73415,14 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     ExpectIntEQ(sk_X509_INFO_num(sk), 2);
 
     /* using dereference to maintain testing for Apache port*/
+    ExpectNull(sk_X509_INFO_pop(NULL));
     ExpectNotNull(info = sk_X509_INFO_pop(sk));
     ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509),
         0, 0));
 
     ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
     XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+    subject = NULL;
     X509_INFO_free(info);
     info = NULL;
 
@@ -56398,11 +73432,47 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
 
     ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
     XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+    subject = NULL;
     X509_INFO_free(info);
     ExpectNull(info = sk_X509_INFO_pop(sk));
 
     sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    sk = NULL;
     BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null());
+    ExpectNotNull(bio = BIO_new(BIO_s_file()));
+    ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
+    ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL));
+    ExpectPtrEq(sk, sk2);
+    if (sk2 != sk) {
+        sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    }
+    sk = NULL;
+    BIO_free(bio);
+    sk_X509_INFO_pop_free(sk2, X509_INFO_free);
+
+    ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null());
+    sk_X509_INFO_free(sk);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_PEM_X509_INFO_read(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    XFILE fp = XBADFILE;
+    STACK_OF(X509_INFO)* sk = NULL;
+
+    ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE);
+    ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL));
+    ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL));
+
+    sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
 #endif
     return EXPECT_RESULT();
 }
@@ -56421,9 +73491,13 @@ static int test_wolfSSL_X509_NAME_ENTRY_get_object(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(name = X509_get_subject_name(x509));
+    ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1),
+        BAD_FUNC_ARG);
     ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
+    ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0);
 
     ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
+    ExpectNull(X509_NAME_ENTRY_get_object(NULL));
     ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne));
 
     X509_free(x509);
@@ -56482,6 +73556,166 @@ static int test_wolfSSL_X509_STORE_get1_certs(void)
 #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
     return EXPECT_RESULT();
 }
+
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(WOLFSSL_LOCAL_X509_STORE) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL)
+static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx,
+        X509_CRL** crl_out, X509* cert) {
+    X509_CRL *crl = NULL;
+    XFILE fp = XBADFILE;
+    char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
+    int ret = 0;
+
+    (void)ctx;
+
+    if (cert_issuer == NULL)
+        return 0;
+
+    if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) {
+        PEM_read_X509_CRL(fp, &crl, NULL, NULL);
+        XFCLOSE(fp);
+        if (crl != NULL) {
+            char* crl_issuer = X509_NAME_oneline(
+                    X509_CRL_get_issuer(crl), NULL, 0);
+            if ((crl_issuer != NULL) &&
+                   (XSTRCMP(cert_issuer, crl_issuer) == 0)) {
+                *crl_out = X509_CRL_dup(crl);
+                if (*crl_out != NULL)
+                    ret = 1;
+            }
+            OPENSSL_free(crl_issuer);
+        }
+    }
+
+    X509_CRL_free(crl);
+    OPENSSL_free(cert_issuer);
+    return ret;
+}
+
+static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx,
+        X509_CRL** crl_out, X509* cert) {
+    (void)ctx;
+    (void)cert;
+    *crl_out = NULL;
+    return 1;
+}
+
+#ifndef NO_WOLFSSL_STUB
+static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx,
+        X509_CRL* crl) {
+    (void)ctx;
+    (void)crl;
+    return 1;
+}
+#endif
+
+static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok,
+        X509_STORE_CTX* ctx) {
+    int cert_error = X509_STORE_CTX_get_error(ctx);
+    X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx);
+    int flags = X509_VERIFY_PARAM_get_flags(param);
+    if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) !=
+            (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) {
+        /* Make sure the flags are set */
+        return 0;
+    }
+    /* Ignore CRL missing error */
+#ifndef OPENSSL_COMPATIBLE_DEFAULTS
+    if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING))
+#else
+    if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL)
+#endif
+        return 1;
+    return ok;
+}
+
+static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    X509_STORE* cert_store = NULL;
+
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx));
+    X509_STORE_set_get_crl(cert_store,
+            test_wolfSSL_X509_STORE_set_get_crl_provider);
+#ifndef NO_WOLFSSL_STUB
+    X509_STORE_set_check_crl(cert_store,
+            test_wolfSSL_X509_STORE_set_get_crl_check);
+#endif
+
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    X509_STORE* cert_store = NULL;
+    X509_VERIFY_PARAM* param = NULL;
+
+    SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx));
+    X509_STORE_set_get_crl(cert_store,
+            test_wolfSSL_X509_STORE_set_get_crl_provider2);
+#ifndef NO_WOLFSSL_STUB
+    X509_STORE_set_check_crl(cert_store,
+            test_wolfSSL_X509_STORE_set_get_crl_check);
+#endif
+    X509_STORE_set_verify_cb(cert_store,
+            test_wolfSSL_X509_STORE_set_get_crl_verify);
+    ExpectNotNull(X509_STORE_get0_param(cert_store));
+    ExpectNotNull(param = X509_VERIFY_PARAM_new());
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
+            X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
+            X509_STORE_get0_param(cert_store)), 1);
+    ExpectIntEQ(X509_VERIFY_PARAM_set_flags(
+        param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
+    ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1);
+    ExpectIntEQ(X509_STORE_set_flags(cert_store,
+            X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
+
+
+    X509_VERIFY_PARAM_free(param);
+    return EXPECT_RESULT();
+}
+#endif
+
+/* This test mimics the usage of the CRL provider in gRPC */
+static int test_wolfSSL_X509_STORE_set_get_crl(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(WOLFSSL_LOCAL_X509_STORE) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL)
+    test_ssl_cbf func_cb_client;
+    test_ssl_cbf func_cb_server;
+
+    XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
+    XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
+
+    func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready;
+
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
+        &func_cb_server, NULL), TEST_SUCCESS);
+
+    XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
+    XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
+
+    func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2;
+
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
+        &func_cb_server, NULL), TEST_SUCCESS);
+#endif
+    return EXPECT_RESULT();
+}
+
+
 static int test_wolfSSL_dup_CA_list(void)
 {
     int res = TEST_SKIPPED;
@@ -56500,21 +73734,43 @@ static int test_wolfSSL_dup_CA_list(void)
     for (i = 0; i < 3; i++) {
         name = X509_NAME_new();
         ExpectNotNull(name);
-        AssertIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS);
+        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1);
+        if (EXPECT_FAIL()) {
+            X509_NAME_free(name);
+        }
     }
 
     copyStack = SSL_dup_CA_list(originalStack);
     ExpectNotNull(copyStack);
+    ExpectIntEQ(sk_X509_NAME_num(NULL), BAD_FUNC_ARG);
     originalCount = sk_X509_NAME_num(originalStack);
     copyCount = sk_X509_NAME_num(copyStack);
 
-    AssertIntEQ(originalCount, copyCount);
+    ExpectIntEQ(originalCount, copyCount);
     sk_X509_NAME_pop_free(originalStack, X509_NAME_free);
     sk_X509_NAME_pop_free(copyStack, X509_NAME_free);
 
     originalStack = NULL;
     copyStack = NULL;
 
+    originalStack = sk_X509_NAME_new_null();
+    ExpectNull(sk_X509_NAME_pop(NULL));
+    ExpectNull(sk_X509_NAME_pop(originalStack));
+    for (i = 0; i < 3; i++) {
+        name = X509_NAME_new();
+        ExpectNotNull(name);
+        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1);
+        if (EXPECT_FAIL()) {
+            X509_NAME_free(name);
+        }
+        name = NULL;
+    }
+    ExpectNotNull(name = sk_X509_NAME_pop(originalStack));
+    X509_NAME_free(name);
+    wolfSSL_sk_X509_NAME_set_cmp_func(NULL, NULL);
+    wolfSSL_sk_X509_NAME_set_cmp_func(originalStack, NULL);
+    wolfSSL_sk_X509_NAME_pop_free(originalStack, X509_NAME_free);
+
     res = EXPECT_RESULT();
 #endif /* OPENSSL_ALL */
     return res;
@@ -56533,7 +73789,7 @@ static int test_ForceZero(void)
     for (i = 0; i < sizeof(data); i++) {
         for (len = 1; len < sizeof(data) - i; len++) {
             for (j = 0; j < sizeof(data); j++)
-                data[j] = j + 1;
+                data[j] = ((unsigned char)j + 1);
 
             ForceZero(data + i, len);
 
@@ -56557,11 +73813,11 @@ static int test_wolfSSL_X509_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
+   !defined(NO_RSA) && defined(XSNPRINTF)
     X509 *x509 = NULL;
     BIO *bio = NULL;
 #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
-    const X509_ALGOR *cert_sig_alg;
+    const X509_ALGOR *cert_sig_alg = NULL;
 #endif
 
     ExpectNotNull(x509 = X509_load_certificate_file(svrCertFile,
@@ -56615,8 +73871,8 @@ static int test_wolfSSL_X509_print(void)
 static int test_wolfSSL_X509_CRL_print(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\
-    && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
+    !defined(NO_RSA) && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
     X509_CRL* crl = NULL;
     BIO *bio = NULL;
     XFILE fp = XBADFILE;
@@ -56643,7 +73899,7 @@ static int test_wolfSSL_BIO_get_len(void)
     BIO *bio = NULL;
     const char txt[] = "Some example text to push to the BIO.";
 
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 
@@ -56653,7 +73909,7 @@ static int test_wolfSSL_BIO_get_len(void)
     bio = NULL;
 
     ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     BIO_free(bio);
 #endif
     return EXPECT_RESULT();
@@ -56664,17 +73920,16 @@ static int test_wolfSSL_BIO_get_len(void)
 static int test_wolfSSL_RSA(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    defined(WOLFSSL_KEY_GEN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RSA* rsa = NULL;
-    const BIGNUM *n;
-    const BIGNUM *e;
-    const BIGNUM *d;
-    const BIGNUM *p;
-    const BIGNUM *q;
-    const BIGNUM *dmp1;
-    const BIGNUM *dmq1;
-    const BIGNUM *iqmp;
+    const BIGNUM *n = NULL;
+    const BIGNUM *e = NULL;
+    const BIGNUM *d = NULL;
+    const BIGNUM *p = NULL;
+    const BIGNUM *q = NULL;
+    const BIGNUM *dmp1 = NULL;
+    const BIGNUM *dmq1 = NULL;
+    const BIGNUM *iqmp = NULL;
 
     ExpectNotNull(rsa = RSA_new());
     ExpectIntEQ(RSA_size(NULL), 0);
@@ -56691,6 +73946,152 @@ static int test_wolfSSL_RSA(void)
     ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
     ExpectIntEQ(RSA_size(rsa), 256);
 
+#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
+    {
+        /* Test setting only subset of parameters */
+        RSA *rsa2 = NULL;
+        unsigned char hash[SHA256_DIGEST_LENGTH];
+        unsigned char signature[2048/8];
+        unsigned int signatureLen = 0;
+        BIGNUM* n2 = NULL;
+        BIGNUM* e2 = NULL;
+        BIGNUM* d2 = NULL;
+        BIGNUM* p2 = NULL;
+        BIGNUM* q2 = NULL;
+        BIGNUM* dmp12 = NULL;
+        BIGNUM* dmq12 = NULL;
+        BIGNUM* iqmp2 = NULL;
+
+        XMEMSET(hash, 0, sizeof(hash));
+        RSA_get0_key(rsa, &n, &e, &d);
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa), 1);
+        /* Quick sanity check */
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+
+        /* Verifying */
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        BN_free(iqmp2);
+        iqmp2 = NULL;
+        BN_free(dmq12);
+        dmq12 = NULL;
+        BN_free(dmp12);
+        dmp12 = NULL;
+        BN_free(q2);
+        q2 = NULL;
+        BN_free(p2);
+        p2 = NULL;
+        BN_free(e2);
+        e2 = NULL;
+        BN_free(n2);
+        n2 = NULL;
+
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(d2 = BN_dup(d));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
+        /* Signing */
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+            d2 = NULL;
+        }
+#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM)
+        /* SP is not support signing without CRT parameters. */
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+#else
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+#endif
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        BN_free(iqmp2);
+        BN_free(dmq12);
+        BN_free(dmp12);
+        BN_free(q2);
+        BN_free(p2);
+        BN_free(d2);
+        BN_free(e2);
+        BN_free(n2);
+    }
+#endif
+
 #ifdef WOLFSSL_RSA_KEY_CHECK
     ExpectIntEQ(RSA_check_key(NULL), 0);
     ExpectIntEQ(RSA_check_key(rsa), 1);
@@ -56810,7 +74211,7 @@ static int test_wolfSSL_RSA(void)
         const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
 
         XFILE f = XBADFILE;
-        int bytes;
+        int bytes = 0;
 
         /* test loading encrypted RSA private pem w/o password */
         ExpectTrue((f = XFOPEN(PrivKeyPemFile, "rb")) != XBADFILE);
@@ -56830,8 +74231,7 @@ static int test_wolfSSL_RSA(void)
 static int test_wolfSSL_RSA_DER(void)
 {
     EXPECT_DECLS;
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
     RSA *rsa = NULL;
     int i;
     const unsigned char *buff = NULL;
@@ -56872,7 +74272,7 @@ static int test_wolfSSL_RSA_DER(void)
     buff = tbl[0].der;
     ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
 
-    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     rsa = RSA_new();
     ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
     RSA_free(rsa);
@@ -56919,8 +74319,9 @@ static int test_wolfSSL_RSA_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-   !defined(HAVE_FAST_RSA) && !defined(NO_BIO) && defined(XFPRINTF)
+   !defined(NO_STDIO_FILESYSTEM) && \
+   !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
+   !defined(NO_BIO) && defined(XFPRINTF)
     BIO *bio = NULL;
     WOLFSSL_RSA* rsa = NULL;
 
@@ -57047,7 +74448,7 @@ static int test_wolfSSL_RSA_sign_sha3(void)
 static int test_wolfSSL_RSA_get0_key(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     const BIGNUM* n = NULL;
     const BIGNUM* e = NULL;
@@ -57099,7 +74500,7 @@ static int test_wolfSSL_RSA_get0_key(void)
 static int test_wolfSSL_RSA_meth(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     RSA_METHOD *rsa_meth = NULL;
 
@@ -57167,8 +74568,7 @@ static int test_wolfSSL_RSA_meth(void)
 static int test_wolfSSL_RSA_verify(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
-    !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
 #ifndef NO_BIO
     XFILE fp = XBADFILE;
     RSA *pKey = NULL;
@@ -57218,19 +74618,20 @@ static int test_wolfSSL_RSA_verify(void)
     ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
     if (fp != XBADFILE)
         XFCLOSE(fp);
+    ExpectNull(X509_get_pubkey(NULL));
     ExpectNotNull(evpPubkey = X509_get_pubkey(cert));
     ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
         signatureLength, pubKey), SSL_SUCCESS);
 
     ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, NULL), SSL_FAILURE);
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, pubKey), SSL_FAILURE);
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, pubKey), SSL_FAILURE);
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, NULL), SSL_FAILURE);
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 
     RSA_free(pKey);
@@ -57248,7 +74649,7 @@ static int test_wolfSSL_RSA_verify(void)
 static int test_wolfSSL_RSA_sign(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char hash[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57305,7 +74706,7 @@ static int test_wolfSSL_RSA_sign(void)
 static int test_wolfSSL_RSA_sign_ex(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa = NULL;
     unsigned char hash[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57393,7 +74794,7 @@ static int test_wolfSSL_RSA_sign_ex(void)
 static int test_wolfSSL_RSA_public_decrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char msg[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57568,7 +74969,7 @@ static int test_wolfSSL_RSA_public_decrypt(void)
 static int test_wolfSSL_RSA_private_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA *rsa;
     unsigned char msg[SHA256_DIGEST_LENGTH];
 #ifdef USE_CERT_BUFFERS_1024
@@ -57728,7 +75129,7 @@ static int test_wolfSSL_RSA_private_encrypt(void)
 static int test_wolfSSL_RSA_public_encrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa = NULL;
     const unsigned char msg[2048/8] = { 0 };
     unsigned char encMsg[2048/8];
@@ -57757,7 +75158,7 @@ static int test_wolfSSL_RSA_public_encrypt(void)
 static int test_wolfSSL_RSA_private_decrypt(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa = NULL;
     unsigned char msg[2048/8];
     const unsigned char encMsg[2048/8] = { 0 };
@@ -57806,10 +75207,11 @@ static int test_wolfSSL_RSA_GenAdd(void)
     ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
 
     ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
-#ifndef RSA_LOW_MEM
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+    !defined(RSA_LOW_MEM)
     ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
 #else
-    /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */
+    /* dmp1 and dmq1 are not set (allocated) in this config */
     ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
 #endif
 
@@ -57922,8 +75324,7 @@ static int test_wolfSSL_RSA_To_Der(void)
 {
     EXPECT_DECLS;
 #ifdef WOLFSSL_TEST_STATIC_BUILD
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \
-    defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA)
     RSA* rsa;
 #ifdef USE_CERT_BUFFERS_1024
     const unsigned char* privDer = client_key_der_1024;
@@ -57945,8 +75346,8 @@ static int test_wolfSSL_RSA_To_Der(void)
     rsa = NULL;
     ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
 
-    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
     outDer = out;
@@ -57966,14 +75367,14 @@ static int test_wolfSSL_RSA_To_Der(void)
     RSA_free(rsa);
 
     ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     RSA_free(rsa);
 
     der = pubDer;
     rsa = NULL;
     ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     RSA_free(rsa);
 #endif
 #endif
@@ -58006,7 +75407,7 @@ static int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+    defined(WOLFSSL_KEY_GEN)
     RSA* rsa = NULL;
 
     ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
@@ -58021,7 +75422,7 @@ static int test_wolfSSL_PEM_write_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
+    (defined(WOLFSSL_PEM_TO_DER) || \
     defined(WOLFSSL_DER_TO_PEM)) && !defined(NO_FILESYSTEM)
     RSA* rsa = NULL;
 #ifdef USE_CERT_BUFFERS_1024
@@ -58067,8 +75468,7 @@ static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \
-    defined(WOLFSSL_DER_TO_PEM))
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     RSA* rsa = NULL;
 #ifdef USE_CERT_BUFFERS_1024
     const unsigned char* privDer = client_key_der_1024;
@@ -58150,6 +75550,30 @@ static int test_wolfSSL_DH(void)
     ExpectNotNull(dh->g);
     ExpectTrue(pt == buf);
     ExpectIntEQ(DH_generate_key(dh), 1);
+
+    /* first, test for expected successful key agreement. */
+    if (EXPECT_SUCCESS()) {
+        DH *dh2 = NULL;
+        unsigned char buf2[268];
+        int sz1 = 0, sz2 = 0;
+
+        ExpectNotNull(dh2 = d2i_DHparams(NULL, &pt, len));
+        ExpectIntEQ(DH_generate_key(dh2), 1);
+
+        ExpectIntGT(sz1=DH_compute_key(buf, dh2->pub_key, dh), 0);
+        ExpectIntGT(sz2=DH_compute_key(buf2, dh->pub_key, dh2), 0);
+        ExpectIntEQ(sz1, sz2);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        ExpectIntNE(sz1 = DH_size(dh), 0);
+        ExpectIntEQ(DH_compute_key_padded(buf, dh2->pub_key, dh), sz1);
+        ExpectIntEQ(DH_compute_key_padded(buf2, dh->pub_key, dh2), sz1);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        if (dh2 != NULL)
+            DH_free(dh2);
+    }
+
     ExpectIntEQ(DH_generate_key(dh), 1);
     ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
     ExpectNotNull(pub = BN_new());
@@ -58232,6 +75656,7 @@ static int test_wolfSSL_DH(void)
     ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
     ExpectIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0);
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */
 #endif /* OPENSSL_ALL */
@@ -58382,10 +75807,11 @@ static int test_wolfSSL_DH(void)
     /* Test DH_up_ref() */
     dh = wolfSSL_DH_new();
     ExpectNotNull(dh);
-    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
     DH_free(dh); /* decrease ref count */
     DH_free(dh); /* free WOLFSSL_DH */
+    dh = NULL;
     q = NULL;
 
     ExpectNull((dh = DH_new_by_nid(NID_sha1)));
@@ -58395,16 +75821,19 @@ static int test_wolfSSL_DH(void)
 #ifdef HAVE_FFDHE_2048
     ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
     DH_free(dh);
+    dh = NULL;
     q = NULL;
 #endif
 #ifdef HAVE_FFDHE_3072
     ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
     DH_free(dh);
+    dh = NULL;
     q = NULL;
 #endif
 #ifdef HAVE_FFDHE_4096
     ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
     DH_free(dh);
+    dh = NULL;
     q = NULL;
 #endif
 #else
@@ -58469,7 +75898,7 @@ static int test_wolfSSL_DH_check(void)
     byte buf[6000];
     char file[] = "./certs/dsaparams.pem";
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     BIO* bio = NULL;
     DSA* dsa = NULL;
 #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
@@ -58604,6 +76033,7 @@ static int test_wolfSSL_DH_check(void)
     ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
     ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
     DH_free(dh);
+    dh = NULL;
 #endif
 #endif /* !NO_DH  && !NO_DSA */
 #endif
@@ -58787,9 +76217,9 @@ static int test_wolfSSL_DH_get_2048_256(void)
         0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
         0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
     };
-    int pSz;
-    int qSz;
-    int gSz;
+    int pSz = 0;
+    int qSz = 0;
+    int gSz = 0;
     byte* pReturned = NULL;
     byte* qReturned = NULL;
     byte* gReturned = NULL;
@@ -58886,12 +76316,12 @@ static int test_wolfSSL_PEM_write_DHparams(void)
 
     ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
     ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
-    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     DH_free(dh);
     dh = NULL;
 
     dh = wolfSSL_DH_new();
-    ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_DHparams(fp, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     if (fp != XBADFILE) {
         XFCLOSE(fp);
         fp = XBADFILE;
@@ -59061,7 +76491,7 @@ static int test_wolfSSL_i2d_DHparams(void)
 #ifdef HAVE_FFDHE_3072
     const char* params2 = "./certs/dh3072.der";
 #endif
-    long len;
+    long len = 0;
     WOLFSSL_DH* dh = NULL;
 
     /* Test 2048 bit parameters */
@@ -59089,6 +76519,7 @@ static int test_wolfSSL_i2d_DHparams(void)
     ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
 
     DH_free(dh);
+    dh = NULL;
 
     *buf = 0;
 #endif
@@ -59118,6 +76549,7 @@ static int test_wolfSSL_i2d_DHparams(void)
     ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
 
     DH_free(dh);
+    dh = NULL;
 #endif
 
     dh = DH_new();
@@ -59125,6 +76557,7 @@ static int test_wolfSSL_i2d_DHparams(void)
     pt2 = buf;
     ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0);
     DH_free(dh);
+    dh = NULL;
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */
 #endif
@@ -59371,6 +76804,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_i2d_ECPKParameters(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    EC_GROUP* grp = NULL;
+    unsigned char p256_oid[] = {
+        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+    };
+    unsigned char *der = p256_oid;
+    unsigned char out_der[sizeof(p256_oid)];
+
+    XMEMSET(out_der, 0, sizeof(out_der));
+    ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der,
+            sizeof(p256_oid)));
+    der = out_der;
+    ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid));
+    ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid));
+    EC_GROUP_free(grp);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EC_POINT(void)
 {
     EXPECT_DECLS;
@@ -59386,6 +76841,7 @@ static int test_wolfSSL_EC_POINT(void)
     EC_POINT* Gxy = NULL;
     EC_POINT* new_point = NULL;
     EC_POINT* set_point = NULL;
+    EC_POINT* get_point = NULL;
     EC_POINT* infinity = NULL;
     BIGNUM* k = NULL;
     BIGNUM* Gx = NULL;
@@ -59403,6 +76859,14 @@ static int test_wolfSSL_EC_POINT(void)
                         "77037D812DEB33A0F4A13945D898C296";
     const char* kGy   = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
                         "2BCE33576B315ECECBB6406837BF51F5";
+    const char* uncompG
+                      = "046B17D1F2E12C4247F8BCE6E563A440F2"
+                        "77037D812DEB33A0F4A13945D898C296"
+                        "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
+                        "2BCE33576B315ECECBB6406837BF51F5";
+    const char* compG
+                      = "036B17D1F2E12C4247F8BCE6E563A440F2"
+                        "77037D812DEB33A0F4A13945D898C296";
 
 #ifndef HAVE_SELFTEST
     EC_POINT *tmp = NULL;
@@ -59411,10 +76875,6 @@ static int test_wolfSSL_EC_POINT(void)
     unsigned char* buf = NULL;
     unsigned char bufInf[1] = { 0x00 };
 
-    const char* uncompG   = "046B17D1F2E12C4247F8BCE6E563A440F2"
-                              "77037D812DEB33A0F4A13945D898C296"
-                              "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
-                              "2BCE33576B315ECECBB6406837BF51F5";
     const unsigned char binUncompG[] = {
         0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
         0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
@@ -59432,8 +76892,6 @@ static int test_wolfSSL_EC_POINT(void)
         0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
     };
 
-    const char* compG   = "036B17D1F2E12C4247F8BCE6E563A440F2"
-                            "77037D812DEB33A0F4A13945D898C296";
 #ifdef HAVE_COMP_KEY
     const unsigned char binCompG[] = {
         0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
@@ -59556,7 +77014,7 @@ static int test_wolfSSL_EC_POINT(void)
         ctx), WOLFSSL_SUCCESS);
 
     /* check if point X coordinate is zero */
-    ExpectIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
+    ExpectIntEQ(BN_is_zero(X), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* set the same X and Y points in another object */
     ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y,
@@ -59633,7 +77091,8 @@ static int test_wolfSSL_EC_POINT(void)
     /* check bn2hex */
     hexStr = BN_bn2hex(k);
     ExpectStrEQ(hexStr, kTest);
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
     BN_print_fp(stderr, k);
     fprintf(stderr, "\n");
 #endif
@@ -59641,7 +77100,8 @@ static int test_wolfSSL_EC_POINT(void)
 
     hexStr = BN_bn2hex(Gx);
     ExpectStrEQ(hexStr, kGx);
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
     BN_print_fp(stderr, Gx);
     fprintf(stderr, "\n");
 #endif
@@ -59649,13 +77109,13 @@ static int test_wolfSSL_EC_POINT(void)
 
     hexStr = BN_bn2hex(Gy);
     ExpectStrEQ(hexStr, kGy);
-#if !defined(NO_FILESYSTEM) && defined(XFPRINTF)
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
     BN_print_fp(stderr, Gy);
     fprintf(stderr, "\n");
 #endif
     XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
 
-#ifndef HAVE_SELFTEST
     /* Test point to hex */
     ExpectNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
         ctx));
@@ -59672,13 +77132,22 @@ static int test_wolfSSL_EC_POINT(void)
     hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
     ExpectNotNull(hexStr);
     ExpectStrEQ(hexStr, uncompG);
+    ExpectNotNull(get_point = EC_POINT_hex2point(group, hexStr, NULL, ctx));
+    ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
     XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
 
     hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
     ExpectNotNull(hexStr);
     ExpectStrEQ(hexStr, compG);
+    #ifdef HAVE_COMP_KEY
+    ExpectNotNull(get_point = EC_POINT_hex2point
+                                            (group, hexStr, get_point, ctx));
+    ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
+    #endif
     XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
+    EC_POINT_free(get_point);
 
+#ifndef HAVE_SELFTEST
     /* Test point to oct */
     ExpectIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
         NULL, 0, ctx), 0);
@@ -59714,9 +77183,9 @@ static int test_wolfSSL_EC_POINT(void)
     ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1);
     ExpectIntEQ(blen, sizeof(binUncompG));
     ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC));
-    blen -= 1;
+    blen--;
     ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0);
-    blen += 1;
+    blen++;
     ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1);
     ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
     XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
@@ -60048,6 +77517,18 @@ static int test_EC_i2d(void)
     ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
     ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
 
+    {
+        EC_KEY *pubkey = NULL;
+        BIO* bio = NULL;
+
+        ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+        ExpectIntGT(BIO_write(bio, buf, len), 0);
+        ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey));
+
+        BIO_free(bio);
+        EC_KEY_free(pubkey);
+    }
+
     ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
     ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);
 
@@ -60240,7 +77721,7 @@ static int test_wolfSSL_EC_KEY_dup(void)
     /* Test EC_KEY_up_ref */
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
     /* reference count doesn't follow duplicate */
     ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
@@ -60392,12 +77873,12 @@ static int test_wolfSSL_EC_KEY_print_fp(void)
     EC_KEY* key = NULL;
 
     /* Bad file pointer. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL key. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
     /* Negative indent. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
@@ -60527,6 +78008,16 @@ static int test_wolfSSL_ECDSA_SIG(void)
     ExpectIntEQ((p == outSig + 8), 1);
     ExpectIntEQ(XMEMCMP(sigData, outSig, 8), 0);
 
+    p = NULL;
+    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), 8);
+#ifndef WOLFSSL_I2D_ECDSA_SIG_ALLOC
+    ExpectNull(p);
+#else
+    ExpectNotNull(p);
+    ExpectIntEQ(XMEMCMP(p, outSig, 8), 0);
+    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
     wolfSSL_ECDSA_SIG_free(sig);
 #endif
     return EXPECT_RESULT();
@@ -60558,14 +78049,14 @@ static int test_ECDSA_size_sign(void)
     ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0);
     ExpectIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0);
     ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0);
-    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, NULL), 0);
-    ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, sigSz, key), 0);
-    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, sigSz, key), 0);
+    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, NULL), 0);
+    ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, (int)sigSz, key), 0);
+    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, (int)sigSz, key), 0);
 
     ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
     ExpectIntGE(ECDSA_size(key), sigSz);
-    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
-    ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, sigSz, key), 0);
+    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, key), 1);
+    ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, (int)sigSz, key), 0);
 
     ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), NULL));
     ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), key));
@@ -60650,7 +78141,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey,
     BIGNUM* serial_number = NULL;
     X509_NAME* name = NULL;
     time_t epoch_off = 0;
-    ASN1_INTEGER* asn1_serial_number;
+    ASN1_INTEGER* asn1_serial_number = NULL;
     long not_before, not_after;
     int derSz;
 
@@ -60789,6 +78280,7 @@ static int test_stubs_are_stubs(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) && \
+    !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL_CTX* ctxN = NULL;
@@ -60818,8 +78310,15 @@ static int test_stubs_are_stubs(void)
     CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
     CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
 
+    /* when implemented this should take WOLFSSL object instead, right now
+     * always returns 0 */
+    ExpectPtrEq(SSL_get_current_expansion(NULL), NULL);
+
     wolfSSL_CTX_free(ctx);
     ctx = NULL;
+
+    ExpectStrEQ(SSL_COMP_get_name(NULL), "not supported");
+    ExpectPtrEq(SSL_get_current_expansion(NULL), NULL);
 #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT ||
         * !NO_WOLFSSL_SERVER) */
     return EXPECT_RESULT();
@@ -60891,25 +78390,26 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     EXPECT_DECLS;
 #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+    const char* issuerCert = "./certs/client-cert.pem";
+    const char* validFilePath = "./certs/crl/cliCrl.pem";
+    int pemType = WOLFSSL_FILETYPE_PEM;
+#ifndef NO_TLS
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     const char* badPath = "dummypath";
     const char* validPath = "./certs/crl";
-    const char* validFilePath = "./certs/crl/cliCrl.pem";
-    const char* issuerCert = "./certs/client-cert.pem";
     int derType = WOLFSSL_FILETYPE_ASN1;
-    int pemType = WOLFSSL_FILETYPE_PEM;
 #ifdef HAVE_CRL_MONITOR
     int monitor = WOLFSSL_CRL_MONITOR;
 #else
     int monitor = 0;
 #endif
-    WOLFSSL_CERT_MANAGER* cm = NULL;
 
     #define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
-                                                BAD_FUNC_ARG)
+                                       WC_NO_ERR_TRACE(BAD_FUNC_ARG))
     #define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
-                                                NOT_COMPILED_IN)
+                                    WC_NO_ERR_TRACE(NOT_COMPILED_IN))
     #define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
                                                 WOLFSSL_SUCCESS)
 #ifndef NO_WOLFSSL_CLIENT
@@ -60955,6 +78455,7 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     ssl = NULL;
     wolfSSL_CTX_free(ctx);
     ctx = NULL;
+#endif /* !NO_TLS */
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
@@ -60966,44 +78467,130 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL)
-static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx)
+#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
+    defined(HAVE_CRL_UPDATE_CB)
+int crlUpdateTestStatus = 0;
+WOLFSSL_CERT_MANAGER* updateCrlTestCm = NULL;
+static void updateCrlCb(CrlInfo* old, CrlInfo* cnew)
 {
-    EXPECT_DECLS;
-    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
-    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, "./certs/crl/crl.pem",
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-    return EXPECT_RESULT();
+    const char* crl1 = "./certs/crl/crl.pem";
+    const char* crlRevoked = "./certs/crl/crl.revoked";
+    byte *crl1Buff = NULL;
+    word32 crl1Sz;
+    byte *crlRevBuff = NULL;
+    word32  crlRevSz;
+    WOLFSSL_CERT_MANAGER* cm = updateCrlTestCm;
+    XFILE f;
+    word32 sz;
+    CrlInfo crl1Info;
+    CrlInfo crlRevInfo;
+
+    crlUpdateTestStatus = 0;
+    if (old == NULL || cnew == NULL) {
+        return;
+    }
+
+    AssertTrue((f = XFOPEN(crl1, "rb")) != XBADFILE);
+    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
+    AssertIntGE(sz = (size_t) XFTELL(f), 1);
+    AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0);
+    AssertTrue( \
+        (crl1Buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL);
+    AssertTrue(XFREAD(crl1Buff, 1, sz, f) == sz);
+    XFCLOSE(f);
+    crl1Sz = sz;
+
+    AssertTrue((f = XFOPEN(crlRevoked, "rb")) != XBADFILE);
+    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
+    AssertIntGE(sz = (size_t) XFTELL(f), 1);
+    AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0);
+    AssertTrue( \
+        (crlRevBuff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL);
+    AssertTrue(XFREAD(crlRevBuff, 1, sz, f) == sz);
+    XFCLOSE(f);
+    crlRevSz = sz;
+
+    AssertIntEQ(wolfSSL_CertManagerGetCRLInfo(
+        cm, &crl1Info, crl1Buff, crl1Sz, WOLFSSL_FILETYPE_PEM),
+        WOLFSSL_SUCCESS);
+    AssertIntEQ(wolfSSL_CertManagerGetCRLInfo(
+        cm, &crlRevInfo, crlRevBuff, crlRevSz, WOLFSSL_FILETYPE_PEM),
+        WOLFSSL_SUCCESS);
+
+    /* Old entry being replaced should match crl1 */
+    AssertIntEQ(crl1Info.issuerHashLen,  old->issuerHashLen);
+    AssertIntEQ(crl1Info.lastDateMaxLen, old->lastDateMaxLen);
+    AssertIntEQ(crl1Info.lastDateFormat, old->lastDateFormat);
+    AssertIntEQ(crl1Info.nextDateMaxLen, old->nextDateMaxLen);
+    AssertIntEQ(crl1Info.nextDateFormat, old->nextDateFormat);
+    AssertIntEQ(crl1Info.crlNumber,      old->crlNumber);
+    AssertIntEQ(XMEMCMP(
+        crl1Info.issuerHash, old->issuerHash, old->issuerHashLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crl1Info.lastDate, old->lastDate, old->lastDateMaxLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crl1Info.nextDate, old->nextDate, old->nextDateMaxLen), 0);
+
+    /* Newer entry should match crl revoked */
+    AssertIntEQ(crlRevInfo.issuerHashLen,  cnew->issuerHashLen);
+    AssertIntEQ(crlRevInfo.lastDateMaxLen, cnew->lastDateMaxLen);
+    AssertIntEQ(crlRevInfo.lastDateFormat, cnew->lastDateFormat);
+    AssertIntEQ(crlRevInfo.nextDateMaxLen, cnew->nextDateMaxLen);
+    AssertIntEQ(crlRevInfo.nextDateFormat, cnew->nextDateFormat);
+    AssertIntEQ(crlRevInfo.crlNumber,      cnew->crlNumber);
+    AssertIntEQ(XMEMCMP(
+        crlRevInfo.issuerHash, cnew->issuerHash, cnew->issuerHashLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crlRevInfo.lastDate, cnew->lastDate, cnew->lastDateMaxLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crlRevInfo.nextDate, cnew->nextDate, cnew->nextDateMaxLen), 0);
+
+    XFREE(crl1Buff, NULL, DYNAMIC_TYPE_FILE);
+    XFREE(crlRevBuff, NULL, DYNAMIC_TYPE_FILE);
+    crlUpdateTestStatus = 1;
 }
 #endif
 
-static int test_multiple_crls_same_issuer(void)
+static int test_wolfSSL_crl_update_cb(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL)
-    test_ssl_cbf client_cbs, server_cbs;
-    struct {
-        const char* server_cert;
-        const char* server_key;
-    } test_params[] = {
-        { "./certs/server-cert.pem", "./certs/server-key.pem" },
-        { "./certs/server-revoked-cert.pem", "./certs/server-revoked-key.pem" }
-    };
-    size_t i;
+#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
+    defined(HAVE_CRL_UPDATE_CB)
+    const char* crl1 =        "./certs/crl/crl.pem";
+    const char* crlRevoked =  "./certs/crl/crl.revoked";
+    const char* issuerCert =  "./certs/client-cert.pem";
+    const char* caCert     =  "./certs/ca-cert.pem";
+    const char* goodCert =    "./certs/server-cert.pem";
+    const char* revokedCert = "./certs/server-revoked-cert.pem";
+    int pemType = WOLFSSL_FILETYPE_PEM;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
 
-    for (i = 0; i < (sizeof(test_params)/sizeof(*test_params)); i++) {
-        XMEMSET(&client_cbs, 0, sizeof(client_cbs));
-        XMEMSET(&server_cbs, 0, sizeof(server_cbs));
-
-        server_cbs.certPemFile = test_params[i].server_cert;
-        server_cbs.keyPemFile = test_params[i].server_key;
-        client_cbs.crlPemFile = "./certs/crl/extra-crls/general-server-crl.pem";
-
-        client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;
-
-        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
-            &server_cbs, NULL), TEST_FAIL);
-    }
+    updateCrlTestCm = wolfSSL_CertManagerNew();
+    ExpectNotNull(updateCrlTestCm);
+    cm = updateCrlTestCm;
+    ExpectIntEQ(wolfSSL_CertManagerSetCRLUpdate_Cb(cm, updateCrlCb),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caCert, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl1, pemType),
+        WOLFSSL_SUCCESS);
+    /* CRL1 does not have good cert revoked */
+    ExpectIntEQ(wolfSSL_CertManagerVerify(cm, goodCert, pemType),
+        WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerify(cm, revokedCert, pemType),
+        WOLFSSL_SUCCESS);
+    /* Load newer CRL from same issuer, callback verifies CRL entry details */
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crlRevoked, pemType),
+        WOLFSSL_SUCCESS);
+    /* CRL callback verified entry info was as expected */
+    ExpectIntEQ(crlUpdateTestStatus, 1);
+    /* Ensure that both certs fail with newer CRL */
+    ExpectIntNE(wolfSSL_CertManagerVerify(cm, goodCert, pemType),
+        WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerify(cm, revokedCert, pemType),
+        WOLFSSL_SUCCESS);
 #endif
     return EXPECT_RESULT();
 }
@@ -61011,7 +78598,7 @@ static int test_multiple_crls_same_issuer(void)
 static int test_SetTmpEC_DHE_Sz(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
 
@@ -61030,7 +78617,7 @@ static int test_SetTmpEC_DHE_Sz(void)
 static int test_wolfSSL_CTX_get0_privatekey(void)
 {
     EXPECT_DECLS;
-#ifdef OPENSSL_ALL
+#if defined(OPENSSL_ALL) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
 
     (void)ctx;
@@ -61090,14 +78677,18 @@ static int test_wolfSSL_dtls_set_mtu(void)
     }
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_get_error(ssl, WC_NO_ERR_TRACE(WOLFSSL_FAILURE)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
 
+#ifdef OPENSSL_EXTRA
+    ExpectIntEQ(SSL_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
+#endif
+
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
 #endif
@@ -61166,10 +78757,11 @@ static void test_wolfSSL_dtls_plaintext_server(WOLFSSL* ssl)
 static void test_wolfSSL_dtls_plaintext_client(WOLFSSL* ssl)
 {
     byte ch[50];
-    int fd = wolfSSL_get_fd(ssl);
+    int fd = wolfSSL_get_wfd(ssl);
     byte msg[] = "This is a msg for the server";
     byte reply[40];
 
+    AssertIntGE(fd, 0);
     generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 0);
     /* Server should ignore this datagram */
     AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch));
@@ -61220,7 +78812,8 @@ static int test_wolfSSL_dtls_plaintext(void)
     return TEST_RES_CHECK(1);
 }
 #else
-static int test_wolfSSL_dtls_plaintext(void) {
+static int test_wolfSSL_dtls_plaintext(void)
+{
     return TEST_SKIPPED;
 }
 #endif
@@ -61235,7 +78828,7 @@ static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl)
     size_t seq_offset = 0;
     size_t msg_offset = 0;
     int i;
-    int fd = wolfSSL_get_fd(ssl);
+    int fd = wolfSSL_get_wfd(ssl);
     int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
     word32 seq_number = 100; /* start high so server definitely reads this */
     word16 msg_number = 50; /* start high so server has to buffer this */
@@ -61297,7 +78890,7 @@ static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl)
     byte b[150]; /* buffer for the messages to send */
     size_t idx = 0;
     size_t msg_offset = 0;
-    int fd = wolfSSL_get_fd(ssl);
+    int fd = wolfSSL_get_wfd(ssl);
     word16 msg_number = 10; /* start high so server has to buffer this */
     int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
     AssertIntEQ(ret, 1);
@@ -61328,9 +78921,10 @@ static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl)
         XMEMSET(&delay, 0, sizeof(delay));
         delay.tv_nsec = 10000000; /* wait 0.01 seconds */
         c16toa(msg_number, b + msg_offset);
-        sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b,
+        ret = sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b,
             (int)idx, handshake, 0, 0, 0);
-        ret = (int)send(fd, sendBuf, (size_t)sendSz, 0);
+        if (sendSz > 0)
+            ret = (int)send(fd, sendBuf, (size_t)sendSz, 0);
         nanosleep(&delay, NULL);
     }
 }
@@ -61373,14 +78967,14 @@ static int test_wolfSSL_dtls_fragments(void)
 
         /* The socket should be closed by the server resulting in a
          * socket error, fatal error or reading a close notify alert */
-        if (func_cb_client.last_err != SOCKET_ERROR_E &&
+        if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
                 func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
-                func_cb_client.last_err != FATAL_ERROR) {
-            ExpectIntEQ(func_cb_client.last_err, SOCKET_ERROR_E);
+                func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
+            ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
         }
         /* Check the server returned an error indicating the msg buffer
          * was full */
-        ExpectIntEQ(func_cb_server.last_err, DTLS_TOO_MANY_FRAGMENTS_E);
+        ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
 
         if (EXPECT_FAIL())
             break;
@@ -61402,7 +78996,8 @@ static void test_wolfSSL_dtls_send_alert(WOLFSSL* ssl)
         0x46 /* protocol version */
     };
 
-    fd = wolfSSL_get_fd(ssl);
+    fd = wolfSSL_get_wfd(ssl);
+    AssertIntGE(fd, 0);
     ret = (int)send(fd, alert_msg, sizeof(alert_msg), 0);
     AssertIntGT(ret, 0);
 }
@@ -61472,7 +79067,7 @@ static void test_wolfSSL_send_bad_record(WOLFSSL* ssl)
         0x03, 0x18, 0x72
     };
 
-    fd = wolfSSL_get_fd(ssl);
+    fd = wolfSSL_get_wfd(ssl);
     AssertIntGE(fd, 0);
     ret = (int)send(fd, bad_msg, sizeof(bad_msg), 0);
     AssertIntEQ(ret, sizeof(bad_msg));
@@ -61532,13 +79127,16 @@ static int test_wolfSSL_dtls_bad_record(void)
 }
 
 #else
-static int test_wolfSSL_dtls_fragments(void) {
+static int test_wolfSSL_dtls_fragments(void)
+{
     return TEST_SKIPPED;
 }
-static int test_wolfSSL_ignore_alert_before_cookie(void) {
+static int test_wolfSSL_ignore_alert_before_cookie(void)
+{
     return TEST_SKIPPED;
 }
-static int test_wolfSSL_dtls_bad_record(void) {
+static int test_wolfSSL_dtls_bad_record(void)
+{
     return TEST_SKIPPED;
 }
 #endif
@@ -61546,14 +79144,22 @@ static int test_wolfSSL_dtls_bad_record(void) {
 #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
-static byte test_AEAD_fail_decryption = 0;
-static byte test_AEAD_seq_num = 0;
-static byte test_AEAD_done = 0;
+static volatile int test_AEAD_seq_num = 0;
+#ifdef WOLFSSL_ATOMIC_INITIALIZER
+wolfSSL_Atomic_Int test_AEAD_done = WOLFSSL_ATOMIC_INITIALIZER(0);
+#else
+static volatile int test_AEAD_done = 0;
+#endif
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+static wolfSSL_Mutex test_AEAD_mutex = WOLFSSL_MUTEX_INITIALIZER(test_AEAD_mutex);
+#endif
 
+static int test_AEAD_fail_decryption = 0;
 static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 {
-    int ret = (int)recv(wolfSSL_get_fd(ssl), buf, sz, 0);
-    if (ret > 0) {
+    int fd = wolfSSL_get_fd(ssl);
+    int ret = -1;
+    if (fd >= 0 && (ret = (int)recv(fd, buf, sz, 0)) > 0) {
         if (test_AEAD_fail_decryption) {
             /* Modify the packet to trigger a decryption failure */
             buf[ret/2] ^= 0xFF;
@@ -61652,12 +79258,19 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
 
     if (!w64IsZero(sendLimit)) {
         /* Test the sending limit for AEAD ciphers */
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        (void)wc_LockMutex(&test_AEAD_mutex);
+#endif
         Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
         test_AEAD_seq_num = 1;
+        XMEMSET(msgBuf, 0, sizeof(msgBuf));
         ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
         AssertIntGT(ret, 0);
         didReKey = 0;
         w64Zero(&counter);
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        wc_UnLockMutex(&test_AEAD_mutex);
+#endif
         /* 100 read calls should be enough to complete the key update */
         for (i = 0; i < 100; i++) {
             /* Key update should be sent and negotiated */
@@ -61678,10 +79291,14 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
     w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
     /* Connection should fail with a DECRYPT_ERROR */
     ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
-    AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
-    AssertIntEQ(wolfSSL_get_error(ssl, ret), DECRYPT_ERROR);
+    AssertIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    AssertIntEQ(wolfSSL_get_error(ssl, ret), WC_NO_ERR_TRACE(DECRYPT_ERROR));
 
+#ifdef WOLFSSL_ATOMIC_INITIALIZER
+    WOLFSSL_ATOMIC_STORE(test_AEAD_done, 1);
+#else
     test_AEAD_done = 1;
+#endif
 }
 
 int counter = 0;
@@ -61697,8 +79314,18 @@ static void test_AEAD_limit_server(WOLFSSL* ssl)
     tcp_set_nonblocking(&fd); /* So that read doesn't block */
     wolfSSL_dtls_set_using_nonblock(ssl, 1);
     test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit);
-    while (!test_AEAD_done && ret > 0) {
+    while (!
+    #ifdef WOLFSSL_ATOMIC_INITIALIZER
+           WOLFSSL_ATOMIC_LOAD(test_AEAD_done)
+    #else
+           test_AEAD_done
+    #endif
+           && ret > 0)
+    {
         counter++;
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        (void)wc_LockMutex(&test_AEAD_mutex);
+#endif
         if (test_AEAD_seq_num) {
             /* We need to update the seq number so that we can understand the
              * peer. Otherwise we will incorrectly interpret the seq number. */
@@ -61707,6 +79334,9 @@ static void test_AEAD_limit_server(WOLFSSL* ssl)
             e->nextPeerSeqNumber = sendLimit;
             test_AEAD_seq_num = 0;
         }
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        wc_UnLockMutex(&test_AEAD_mutex);
+#endif
         (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
         ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
         nanosleep(&delay, NULL);
@@ -61743,7 +79373,8 @@ static int test_wolfSSL_dtls_AEAD_limit(void)
 #endif
 
 #if defined(WOLFSSL_DTLS) && \
-    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
+    !defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
 static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl)
 {
     int fd, ret;
@@ -61794,7 +79425,8 @@ static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl)
         0x31, 0x68, 0x4c
     };
 
-    fd = wolfSSL_get_fd(ssl);
+    fd = wolfSSL_get_wfd(ssl);
+    AssertIntGE(fd, 0);
     ret = (int)send(fd, ch_msg, sizeof(ch_msg), 0);
     AssertIntGT(ret, 0);
     /* consume the HRR otherwise handshake will fail */
@@ -61865,13 +79497,17 @@ static void test_wolfSSL_dtls_send_ch_with_invalid_cookie(WOLFSSL* ssl)
         0x02, 0x02, 0x2f
     };
 
-    fd = wolfSSL_get_fd(ssl);
-    ret = (int)send(fd, ch_msh_invalid_cookie, sizeof(ch_msh_invalid_cookie), 0);
-    AssertIntGT(ret, 0);
-    /* should reply with an illegal_parameter reply */
-    ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0);
-    AssertIntEQ(ret, sizeof(expected_alert_reply));
-    AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply, sizeof(expected_alert_reply)), 0);
+    fd = wolfSSL_get_wfd(ssl);
+    if (fd >= 0) {
+        ret = (int)send(fd, ch_msh_invalid_cookie,
+                sizeof(ch_msh_invalid_cookie), 0);
+        AssertIntGT(ret, 0);
+        /* should reply with an illegal_parameter reply */
+        ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0);
+        AssertIntEQ(ret, sizeof(expected_alert_reply));
+        AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply,
+                sizeof(expected_alert_reply)), 0);
+    }
 }
 #endif
 
@@ -61983,7 +79619,7 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
 
     res = wolfSSL_accept(ssl);
     err = wolfSSL_get_error(ssl, res);
-    AssertIntEQ(res, WOLFSSL_FATAL_ERROR);
+    AssertIntEQ(res, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ);
 
     AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl));
@@ -62056,9 +79692,7 @@ static int test_wolfSSL_dtls_stateless(void)
 #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE &&
         * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */
 
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
-    !defined(WOLFSSL_NO_CLIENT_AUTH))
+#ifdef HAVE_CERT_CHAIN_VALIDATION
 static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 {
     int ret;
@@ -62066,7 +79700,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
     if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
         fprintf(stderr, "loading cert %s failed\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((word32)ret));
         return -1;
     }
 
@@ -62080,7 +79714,7 @@ static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
                                                          != WOLFSSL_SUCCESS) {
         fprintf(stderr, "could not verify the cert: %s\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((word32)ret));
         return -1;
     }
     else {
@@ -62274,10 +79908,12 @@ static int test_various_pathlen_chains(void)
 #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
     ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
     wolfSSL_CertManagerFree(cm);
+    cm = NULL;
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
     wolfSSL_CertManagerFree(cm);
+    cm = NULL;
 
     /* Test chain J (Again only first ICA has pathLen set and it's set to 2,
      * this time followed by 3 ICA's, should fail */
@@ -62285,6 +79921,7 @@ static int test_various_pathlen_chains(void)
     ExpectIntLT(test_chainJ(cm), 0);
     ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
     wolfSSL_CertManagerFree(cm);
+    cm = NULL;
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
@@ -62356,13 +79993,26 @@ static int test_wolfSSL_THREADID_hash(void)
     CRYPTO_THREADID id;
 
     CRYPTO_THREADID_current(NULL);
-    /* Hash result is unsigned long. */
+    /* Hash result is word32. */
     ExpectTrue(CRYPTO_THREADID_hash(NULL) == 0UL);
     XMEMSET(&id, 0, sizeof(id));
     ExpectTrue(CRYPTO_THREADID_hash(&id) == 0UL);
 #endif /* OPENSSL_EXTRA */
     return EXPECT_RESULT();
 }
+static int test_wolfSSL_set_ecdh_auto(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    WOLFSSL* ssl = NULL;
+
+    ExpectIntEQ(SSL_set_ecdh_auto(NULL,0), 1);
+    ExpectIntEQ(SSL_set_ecdh_auto(NULL,1), 1);
+    ExpectIntEQ(SSL_set_ecdh_auto(ssl,0), 1);
+    ExpectIntEQ(SSL_set_ecdh_auto(ssl,1), 1);
+#endif /* OPENSSL_EXTRA */
+    return EXPECT_RESULT();
+}
 static int test_wolfSSL_CTX_set_ecdh_auto(void)
 {
     EXPECT_DECLS;
@@ -62391,7 +80041,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     char msg[] = "I hear you fa shizzle!";
     int  len   = (int) XSTRLEN(msg);
     char input[1024];
-    int  ret;
+    int  ret = 0;
     int  err = 0;
 
     if (!args)
@@ -62451,7 +80101,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             }
-        } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+        } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
@@ -62485,7 +80135,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     /* bidirectional shutdown */
     while (EXPECT_SUCCESS()) {
         ret = wolfSSL_shutdown(ssl);
-        ExpectIntNE(ret, WOLFSSL_FATAL_ERROR);
+        ExpectIntNE(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         if (ret == WOLFSSL_SUCCESS) {
             break;
         }
@@ -62500,7 +80150,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     }
 
     /* detect TCP disconnect */
-    ExpectIntLE(ret,WOLFSSL_FAILURE);
+    ExpectIntLE(ret,WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
 
     ((func_args*)args)->return_code = EXPECT_RESULT();
@@ -62559,7 +80209,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             }
-        } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+        } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 
     ExpectIntGE(wolfSSL_write(ssl, msg, len), 0);
@@ -62652,7 +80302,7 @@ static int test_wolfSSL_read_detect_TCP_disconnect(void)
 static int test_wolfSSL_CTX_get_min_proto_version(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+#if defined(OPENSSL_EXTRA) && !defined(NO_TLS)
     WOLFSSL_CTX *ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
@@ -62666,6 +80316,7 @@ static int test_wolfSSL_CTX_get_min_proto_version(void)
     wolfSSL_CTX_free(ctx);
     ctx = NULL;
 
+    #ifndef NO_OLD_TLS
     #ifdef WOLFSSL_ALLOW_TLSV10
         ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method()));
     #else
@@ -62680,6 +80331,7 @@ static int test_wolfSSL_CTX_get_min_proto_version(void)
     #endif
     wolfSSL_CTX_free(ctx);
     ctx = NULL;
+    #endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION),
@@ -62709,7 +80361,7 @@ static int test_wolfSSL_CTX_get_min_proto_version(void)
         wolfSSL_CTX_free(ctx);
         ctx = NULL;
     #endif
-#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
+#endif
     return EXPECT_RESULT();
 }
 
@@ -62767,9 +80419,18 @@ static int test_wolfSSL_set_SSL_CTX(void)
 #ifdef WOLFSSL_SESSION_ID_CTX
     ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0);
 #endif
+#ifdef WOLFSSL_COPY_CERT
+    if (ctx2 != NULL && ctx2->certificate != NULL) {
+        ExpectFalse(ssl->buffers.certificate == ctx2->certificate);
+    }
+    if (ctx2 != NULL && ctx2->certChain != NULL) {
+        ExpectFalse(ssl->buffers.certChain == ctx2->certChain);
+    }
+#else
     ExpectTrue(ssl->buffers.certificate == ctx2->certificate);
     ExpectTrue(ssl->buffers.certChain == ctx2->certChain);
 #endif
+#endif
 
 #ifdef HAVE_SESSION_TICKET
     ExpectIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0);
@@ -62786,8 +80447,17 @@ static int test_wolfSSL_set_SSL_CTX(void)
 #endif
     /* MUST change */
 #ifdef WOLFSSL_INT_H
+#ifdef WOLFSSL_COPY_CERT
+    if (ctx1 != NULL && ctx1->certificate != NULL) {
+        ExpectFalse(ssl->buffers.certificate == ctx1->certificate);
+    }
+    if (ctx1 != NULL && ctx1->certChain != NULL) {
+        ExpectFalse(ssl->buffers.certChain == ctx1->certChain);
+    }
+#else
     ExpectTrue(ssl->buffers.certificate == ctx1->certificate);
     ExpectTrue(ssl->buffers.certChain == ctx1->certChain);
+#endif
 #ifdef WOLFSSL_SESSION_ID_CTX
     ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0);
 #endif
@@ -62818,7 +80488,11 @@ static int test_wolfSSL_security_level(void)
         #endif
         SSL_CTX_set_security_level(NULL, 1);
         SSL_CTX_set_security_level(ctx, 1);
+        #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        ExpectIntEQ(SSL_CTX_get_security_level(NULL), BAD_FUNC_ARG);
+        #else
         ExpectIntEQ(SSL_CTX_get_security_level(NULL), 0);
+        #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
         /* Stub so nothing happens. */
         ExpectIntEQ(SSL_CTX_get_security_level(ctx), 0);
 
@@ -62830,10 +80504,707 @@ static int test_wolfSSL_security_level(void)
     return EXPECT_RESULT();
 }
 
+/* System wide crypto-policy test.
+ *
+ * Loads three different policies (legacy, default, future),
+ * then tests crypt_policy api.
+ * */
+static int test_wolfSSL_crypto_policy(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    const char * ciphers_list[] = {
+        "@SECLEVEL=1:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK"
+        ":!eNULL:!aNULL",
+        "@SECLEVEL=2:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK"
+        ":!RC4:!eNULL:!aNULL",
+        "@SECLEVEL=3:EECDH:EDH:PSK:DHEPSK:ECDHEPSK:!RSAPSK:!kRSA"
+        ":!AES128:!RC4:!eNULL:!aNULL:!SHA1",
+    };
+    int          seclevel_list[] = { 1, 2, 3 };
+    int          i = 0;
+
+    for (i = 0; i < 3; ++i) {
+        const char *  ciphers = NULL;
+        int           n_diff = 0;
+        WOLFSSL_CTX * ctx = NULL;
+        WOLFSSL     * ssl = NULL;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* Trying to enable while already enabled should return
+         * forbidden. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+
+        /* Security level and ciphers should match what is expected. */
+        rc = wolfSSL_crypto_policy_get_level();
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        ciphers = wolfSSL_crypto_policy_get_ciphers();
+        ExpectNotNull(ciphers);
+
+        if (ciphers != NULL) {
+            n_diff = XSTRNCMP(ciphers, ciphers_list[i], strlen(ciphers));
+            #ifdef DEBUG_WOLFSSL
+            if (n_diff) {
+                printf("error: got \n%s, expected \n%s\n",
+                       ciphers, ciphers_list[i]);
+            }
+            #endif /* DEBUG_WOLFSSL */
+            ExpectIntEQ(n_diff, 0);
+        }
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            ssl = wolfSSL_new(ctx);
+            ExpectNotNull(ssl);
+
+            /* These API should be rejected while enabled. */
+            rc = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3);
+            ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+
+            rc = wolfSSL_SetMinVersion(ssl, WOLFSSL_TLSV1_3);
+            ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        if (ssl != NULL) {
+            wolfSSL_free(ssl);
+            ssl = NULL;
+        }
+
+        wolfSSL_crypto_policy_disable();
+
+        /* Do the same test by buffer. */
+        rc = wolfSSL_crypto_policy_enable_buffer(ciphers_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* Security level and ciphers should match what is expected. */
+        rc = wolfSSL_crypto_policy_get_level();
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        ciphers = wolfSSL_crypto_policy_get_ciphers();
+        ExpectNotNull(ciphers);
+
+        if (ciphers != NULL) {
+            n_diff = XSTRNCMP(ciphers, ciphers_list[i], strlen(ciphers));
+            #ifdef DEBUG_WOLFSSL
+            if (n_diff) {
+                printf("error: got \n%s, expected \n%s\n",
+                       ciphers, ciphers_list[i]);
+            }
+            #endif /* DEBUG_WOLFSSL */
+            ExpectIntEQ(n_diff, 0);
+        }
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
+/* System wide crypto-policy test: certs and keys.
+ *
+ * Loads three different policies (legacy, default, future),
+ * then tests loading different certificates and keys of
+ * varying strength.
+ * */
+static int test_wolfSSL_crypto_policy_certs_and_keys(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    int          i = 0;
+
+    for (i = 0; i < 3; ++i) {
+        WOLFSSL_CTX * ctx = NULL;
+        WOLFSSL     * ssl = NULL;
+        int           is_legacy = 0;
+        int           is_future = 0;
+        /* certs */
+        const char *  cert1024 = "certs/1024/client-cert.pem";
+        const char *  cert2048 = "certs/client-cert.pem";
+        const char *  cert3072 = "certs/3072/client-cert.pem";
+        const char *  cert256 = "certs/client-ecc-cert.pem";
+        const char *  cert384 = "certs/client-ecc384-cert.pem";
+        /* keys */
+        const char *  key1024 = "certs/1024/client-key.pem";
+        const char *  key2048 = "certs/client-key.pem";
+        const char *  key3072 = "certs/3072/client-key.pem";
+        const char *  key256 = "certs/ecc-key.pem";
+        const char *  key384 = "certs/client-ecc384-key.pem";
+
+        is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0;
+        is_future = (XSTRSTR(policy_list[i], "future") != NULL) ? 1 : 0;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        /* Test certs of varying strength. */
+        if (ctx != NULL) {
+            /* VERIFY_PEER must be set for key/cert checks to be done. */
+            wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
+
+            /* Test loading a cert with 1024 RSA key size.
+             * This should fail for all but legacy. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert1024);
+
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+            }
+
+            /* Test loading a cert with 2048 RSA key size.
+             * Future crypto-policy is min 3072 RSA and DH key size,
+             * and should fail. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert2048);
+
+            if (is_future) {
+                /* Future crypto-policy is min 3072 RSA and DH key size, this
+                 * and should fail. */
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+                /* Set to VERIFY_NONE. This will disable key size checks,
+                 * it should now succeed. */
+                wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
+                rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert2048);
+
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+                /* Set back to verify peer. */
+                wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
+
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+
+            /* Test loading a CA cert with 3072 RSA key size.
+             * This should succeed for all policies. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert3072);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test loading an ecc cert with 256 key size.
+             * This should succeed for all policies. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert256);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test loading an ecc cert with 384 key size.
+             * This should succeed for all policies. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert384);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        /* Repeat same tests for keys of varying strength. */
+        if (ctx != NULL) {
+            /* 1024 RSA */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key1024,
+                                             SSL_FILETYPE_PEM);
+
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+            }
+
+            /* 2048 RSA */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key2048,
+                                             SSL_FILETYPE_PEM);
+
+            if (!is_future) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+            }
+
+            /* 3072 RSA */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key3072,
+                                             SSL_FILETYPE_PEM);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* 256 ecc */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key256,
+                                             SSL_FILETYPE_PEM);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* 384 ecc */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key384,
+                                             SSL_FILETYPE_PEM);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #ifdef HAVE_ECC
+        /* Test set ecc min key size. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            ssl = SSL_new(ctx);
+            ExpectNotNull(ssl);
+
+            /* Test setting ctx. */
+            rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 160);
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 224);
+            if (!is_future) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 256);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test setting ssl. */
+            if (ssl != NULL) {
+                rc = wolfSSL_SetMinEccKey_Sz(ssl, 160);
+                if (is_legacy) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinEccKey_Sz(ssl, 224);
+                if (!is_future) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinEccKey_Sz(ssl, 256);
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+                wolfSSL_free(ssl);
+                ssl = NULL;
+            }
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* HAVE_ECC */
+
+        #if !defined(NO_RSA)
+        /* Test set rsa min key size. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            ssl = SSL_new(ctx);
+            ExpectNotNull(ssl);
+
+            /* Test setting ctx. */
+            rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 1024);
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 2048);
+            if (!is_future) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 3072);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test setting ssl. */
+            if (ssl != NULL) {
+                rc = wolfSSL_SetMinRsaKey_Sz(ssl, 1024);
+                if (is_legacy) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinRsaKey_Sz(ssl, 2048);
+                if (!is_future) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinRsaKey_Sz(ssl, 3072);
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+                wolfSSL_free(ssl);
+                ssl = NULL;
+            }
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* !NO_RSA */
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
+/* System wide crypto-policy test: tls and dtls methods.
+ * */
+static int test_wolfSSL_crypto_policy_tls_methods(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    int          i = 0;
+
+    for (i = 0; i < 3; ++i) {
+        WOLFSSL_CTX * ctx = NULL;
+        int           is_legacy = 0;
+
+        is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* Try to use old TLS methods. Only allowed with legacy. */
+        #if !defined(NO_OLD_TLS)
+        ctx = wolfSSL_CTX_new(wolfTLSv1_1_method());
+
+        if (is_legacy) {
+            ExpectNotNull(ctx);
+        }
+        else {
+            ExpectNull(ctx);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #if defined(WOLFSSL_ALLOW_TLSV10)
+        ctx = wolfSSL_CTX_new(wolfTLSv1_method());
+
+        if (is_legacy) {
+            ExpectNotNull(ctx);
+        }
+        else {
+            ExpectNull(ctx);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* WOLFSSL_ALLOW_TLSV10 */
+        #else
+        (void) is_legacy;
+        #endif /* !NO_OLD_TLS */
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        ctx = wolfSSL_CTX_new(wolfTLSv1_3_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        ctx = wolfSSL_CTX_new(TLS_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #ifdef WOLFSSL_DTLS
+        ctx = wolfSSL_CTX_new(DTLS_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        ctx = wolfSSL_CTX_new(wolfDTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #ifndef NO_OLD_TLS
+        /* Only allowed with legacy. */
+        ctx = wolfSSL_CTX_new(wolfDTLSv1_method());
+
+        if (is_legacy) {
+            ExpectNotNull(ctx);
+        }
+        else {
+            ExpectNull(ctx);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* !NO_OLD_TLS */
+        #endif /* WOLFSSL_DTLS */
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+/*  Helper function for test_wolfSSL_crypto_policy_ciphers.
+ *  Searches ssl suites for cipher string.
+ *
+ *  Returns   1 if found.
+ *  Returns   0 if not found.
+ *  Returns < 0 if error.
+ * */
+static int crypto_policy_cipher_found(const WOLFSSL * ssl,
+                                      const char *    cipher,
+                                      int             match)
+{
+    WOLF_STACK_OF(WOLFSSL_CIPHER) * sk = NULL;
+    WOLFSSL_CIPHER *                current = NULL;
+    const char *                    suite;
+    int                             found = 0;
+    int                             i = 0;
+
+    if (ssl == NULL || cipher == NULL || *cipher == '\0') {
+        return -1;
+    }
+
+    sk = wolfSSL_get_ciphers_compat(ssl);
+
+    if (sk == NULL) {
+        return -1;
+    }
+
+    do {
+        current = wolfSSL_sk_SSL_CIPHER_value(sk, i++);
+        if (current) {
+            suite = wolfSSL_CIPHER_get_name(current);
+            if (suite) {
+                if (match == 1) {
+                    /* prefix match */
+                    if (XSTRNCMP(suite, cipher, XSTRLEN(cipher)) == 0) {
+                        found = 1;
+                        break;
+                    }
+                }
+                else if (match == -1) {
+                    /* postfix match */
+                    if (XSTRLEN(suite) > XSTRLEN(cipher)) {
+                        const char * postfix = suite + XSTRLEN(suite)
+                                               - XSTRLEN(cipher);
+                        if (XSTRNCMP(postfix, cipher, XSTRLEN(cipher)) == 0) {
+                            found = 1;
+                            break;
+                        }
+                    }
+                }
+                else {
+                    /* needle in haystack match */
+                    if (XSTRSTR(suite, cipher)) {
+                        found = 1;
+                        break;
+                    }
+                }
+            }
+        }
+    } while (current);
+
+    return found == 1;
+}
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+
+/* System wide crypto-policy test: ciphers.
+ * */
+static int test_wolfSSL_crypto_policy_ciphers(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    int          seclevel_list[] = { 1, 2, 3 };
+    int          i = 0;
+    int          is_legacy = 0;
+    int          is_future = 0;
+
+    for (i = 0; i < 3; ++i) {
+        WOLFSSL_CTX * ctx = NULL;
+        WOLFSSL     * ssl = NULL;
+        int           found = 0;
+
+        is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0;
+        is_future = (XSTRSTR(policy_list[i], "future") != NULL) ? 1 : 0;
+
+        (void) is_legacy;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        ctx = wolfSSL_CTX_new(TLS_method());
+        ExpectNotNull(ctx);
+
+        ssl = SSL_new(ctx);
+        ExpectNotNull(ssl);
+
+        rc = wolfSSL_CTX_get_security_level(ctx);
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        rc = wolfSSL_get_security_level(ssl);
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        found = crypto_policy_cipher_found(ssl, "RC4", 0);
+        ExpectIntEQ(found, is_legacy);
+
+        /* We return a different cipher string depending on build settings. */
+        #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && \
+        !defined(NO_ERROR_STRINGS) && !defined(WOLFSSL_QT)
+        found = crypto_policy_cipher_found(ssl, "AES_128", 0);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "TLS_DHE_RSA_WITH_AES", 1);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "_SHA", -1);
+        ExpectIntEQ(found, !is_future);
+        #else
+        found = crypto_policy_cipher_found(ssl, "AES128", 0);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "-SHA", -1);
+        ExpectIntEQ(found, !is_future);
+        #endif
+
+        if (ssl != NULL) {
+            SSL_free(ssl);
+            ssl = NULL;
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_SSL_in_init(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_BIO)
+#if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
     const char* testCertFile;
@@ -62881,11 +81252,12 @@ static int test_wolfSSL_SSL_in_init(void)
 static int test_wolfSSL_CTX_set_timeout(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
-    int timeout;
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_SESSION_CACHE)
     WOLFSSL_CTX* ctx = NULL;
-
-    (void)timeout;
+#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    int timeout;
+#endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
@@ -62893,20 +81265,20 @@ static int test_wolfSSL_CTX_set_timeout(void)
     /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
      * wolfSSL_CTX_set_timeout returns previous timeout value on success.
      */
-    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* giving 0 as timeout value sets default timeout */
     timeout = wolfSSL_CTX_set_timeout(ctx, 0);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
 
 #else
-    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
 #endif
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
+#endif
     return EXPECT_RESULT();
 }
 
@@ -62930,7 +81302,7 @@ static int test_wolfSSL_OpenSSL_version(void)
 static int test_CONF_CTX_CMDLINE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL_CONF_CTX* cctx = NULL;
 
@@ -62947,9 +81319,9 @@ static int test_CONF_CTX_CMDLINE(void)
     /* cmd invalid command */
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* cmd Certificate and Private Key*/
     {
@@ -63006,7 +81378,7 @@ static int test_CONF_CTX_CMDLINE(void)
 static int test_CONF_CTX_FILE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL_CONF_CTX* cctx = NULL;
 
@@ -63022,9 +81394,9 @@ static int test_CONF_CTX_FILE(void)
     /* sanity check */
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* cmd Certificate and Private Key*/
     {
@@ -63085,7 +81457,7 @@ static int test_CONF_CTX_FILE(void)
 static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
 {
     EXPECT_DECLS;
-#ifdef HAVE_EX_DATA
+#ifdef HAVE_EX_DATA_CRYPTO
     int idx1, idx2;
 
     /* test for unsupported class index */
@@ -63150,15 +81522,11 @@ static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
     ExpectIntNE(idx1, -1);
     ExpectIntNE(idx2, -1);
     ExpectIntNE(idx1, idx2);
-#endif /* HAVE_EX_DATA */
+#endif /* HAVE_EX_DATA_CRYPTO */
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_EX_DATA) && defined(HAVE_EXT_CACHE) && \
-    (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-        (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-        defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-        defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))))
+#if defined(HAVE_EX_DATA_CRYPTO) && defined(OPENSSL_EXTRA)
 
 #define SESSION_NEW_IDX_LONG 0xDEADBEEF
 #define SESSION_NEW_IDX_VAL  ((void*)0xAEADAEAD)
@@ -63247,7 +81615,7 @@ static int test_wolfSSL_SESSION_get_ex_new_index(void)
 static int test_wolfSSL_set_psk_use_session_callback(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
+#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
     const char* testCertFile;
@@ -63293,6 +81661,95 @@ static int test_wolfSSL_set_psk_use_session_callback(void)
     return EXPECT_RESULT();
 }
 
+/* similar to error_test() in wolfcrypt/test/test.c, but adding error codes from
+ * TLS layer.
+ */
+static int error_test(void)
+{
+    EXPECT_DECLS;
+    const char* errStr;
+    const char* unknownStr = wc_GetErrorString(0);
+
+#ifdef NO_ERROR_STRINGS
+    /* Ensure a valid error code's string matches an invalid code's.
+     * The string is that error strings are not available.
+     */
+    errStr = wc_GetErrorString(OPEN_RAN_E);
+    ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0);
+    if (EXPECT_FAIL())
+        return OPEN_RAN_E;
+#else
+    int i;
+    int j = 0;
+    /* Values that are not or no longer error codes. */
+    static const struct {
+        int first;
+        int last;
+    } missing[] = {
+#ifndef OPENSSL_EXTRA
+        { 0, 0 },
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+        { -11, -12 },
+        { -15, -17 },
+        { -19, -19 },
+        { -26, -27 },
+        { -30, WC_SPAN1_FIRST_E + 1 },
+#else
+        { -9, WC_SPAN1_FIRST_E + 1 },
+#endif
+        { -124, -124 },
+        { -167, -169 },
+        { -300, -300 },
+        { -334, -336 },
+        { -346, -349 },
+        { -356, -356 },
+        { -358, -358 },
+        { -384, -384 },
+        { -466, -499 },
+        { WOLFSSL_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
+        { WC_SPAN2_LAST_E - 1, MIN_CODE_E }
+    };
+
+    /* Check that all errors have a string and it's the same through the two
+     * APIs. Check that the values that are not errors map to the unknown
+     * string.
+     */
+    for (i = 0; i >= MIN_CODE_E; i--) {
+        int this_missing = 0;
+        for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
+            if ((i <= missing[j].first) && (i >= missing[j].last)) {
+                this_missing = 1;
+                break;
+            }
+        }
+        errStr = wolfSSL_ERR_reason_error_string((word32)i);
+
+        if (! this_missing) {
+            ExpectIntNE(XSTRCMP(errStr, unknownStr), 0);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+            ExpectTrue(XSTRLEN(errStr) < WOLFSSL_MAX_ERROR_SZ);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+        }
+        else {
+            j++;
+            ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+        }
+    }
+#endif
+
+    return 1;
+}
+
 static int test_wolfSSL_ERR_strings(void)
 {
     EXPECT_DECLS;
@@ -63307,27 +81764,28 @@ static int test_wolfSSL_ERR_strings(void)
     (void)err2;
 
 #if defined(OPENSSL_EXTRA)
-    ExpectNotNull(err = ERR_reason_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = ERR_func_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
     ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD));
     ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
 #else
-    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
-    /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
-    ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2));
+    ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E));
     ExpectIntEQ((*err == '\0'), 1);
 #endif
 #endif
 
+    ExpectIntEQ(error_test(), 1);
+
     return EXPECT_RESULT();
 }
 static int test_wolfSSL_EVP_shake128(void)
@@ -63391,13 +81849,13 @@ static int test_wolfSSL_EVP_sm3(void)
     ExpectTrue(mdCtx != NULL);
 
     /* Invalid Parameters */
-    ExpectIntEQ(EVP_DigestInit(NULL, md), BAD_FUNC_ARG);
+    ExpectIntEQ(EVP_DigestInit(NULL, md), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS);
@@ -63414,11 +81872,11 @@ static int test_wolfSSL_EVP_sm3(void)
         WOLFSSL_SUCCESS);
 
     /* Invalid Parameters */
-    ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS);
@@ -63461,12 +81919,12 @@ static int test_EVP_blake2(void)
 
 #if defined(HAVE_BLAKE2)
     ExpectNotNull(md = EVP_blake2b512());
-    ExpectIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
+    ExpectIntEQ(XSTRNCMP(md, "BLAKE2b512", XSTRLEN("BLAKE2b512")), 0);
 #endif
 
 #if defined(HAVE_BLAKE2S)
     ExpectNotNull(md = EVP_blake2s256());
-    ExpectIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
+    ExpectIntEQ(XSTRNCMP(md, "BLAKE2s256", XSTRLEN("BLAKE2s256")), 0);
 #endif
 #endif
 
@@ -63572,7 +82030,7 @@ static int test_SSL_CIPHER_get_xxx(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
-       !defined(NO_FILESYSTEM)
+    !defined(NO_FILESYSTEM) && !defined(NO_TLS)
     const SSL_CIPHER* cipher = NULL;
     STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
     int i, numCiphers = 0;
@@ -63735,7 +82193,7 @@ static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
 }
 static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     const char* privKeyFile = (const char*)ctx;
     DerBuffer* pDer = NULL;
     int keyFormat = 0;
@@ -63751,7 +82209,7 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
                 case RSA_PUBLIC_ENCRYPT:
                 case RSA_PUBLIC_DECRYPT:
                     /* perform software based RSA public op */
-                    ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
+                    ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* fallback to software */
                     break;
                 case RSA_PRIVATE_ENCRYPT:
                 case RSA_PRIVATE_DECRYPT:
@@ -63798,6 +82256,77 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
                 info->pk.rsa.type, ret, *info->pk.rsa.outLen);
         #endif
         }
+        #ifdef WOLF_CRYPTO_CB_RSA_PAD
+        else if (info->pk.type == WC_PK_TYPE_RSA_PKCS ||
+                 info->pk.type == WC_PK_TYPE_RSA_PSS  ||
+                 info->pk.type == WC_PK_TYPE_RSA_OAEP) {
+            RsaKey key;
+
+            if (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ||
+                info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
+                /* Have all public key ops fall back to SW */
+                return CRYPTOCB_UNAVAILABLE;
+            }
+
+            if (info->pk.rsa.padding == NULL) {
+                return BAD_FUNC_ARG;
+            }
+
+            /* Initialize key */
+            ret = load_pem_key_file_as_der(privKeyFile, &pDer,
+                &keyFormat);
+            if (ret != 0) {
+                return ret;
+            }
+
+            ret = wc_InitRsaKey(&key, HEAP_HINT);
+            if (ret == 0) {
+                word32 keyIdx = 0;
+                /* load RSA private key and perform private transform */
+                ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
+                    &key, pDer->length);
+            }
+            /* Perform RSA operation */
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PKCS)) {
+            #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+                ret = wc_RsaSSL_Sign(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen, &key,
+                    info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PSS)) {
+            #ifdef WC_RSA_PSS
+                ret = wc_RsaPSS_Sign_ex(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    info->pk.rsa.padding->hash, info->pk.rsa.padding->mgf,
+                    info->pk.rsa.padding->saltLen, &key, info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_OAEP)) {
+            #if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_NO_PADDING)
+                ret = wc_RsaPrivateDecrypt_ex(
+                    info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    &key, WC_RSA_OAEP_PAD, info->pk.rsa.padding->hash,
+                    info->pk.rsa.padding->mgf, info->pk.rsa.padding->label,
+                    info->pk.rsa.padding->labelSz);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+
+            if (ret > 0) {
+                *info->pk.rsa.outLen = ret;
+            }
+
+            wc_FreeRsaKey(&key);
+            wc_FreeDer(&pDer); pDer = NULL;
+        }
+        #endif /* ifdef WOLF_CRYPTO_CB_RSA_PAD */
     #endif /* !NO_RSA */
     #ifdef HAVE_ECC
         if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
@@ -64183,11 +82712,16 @@ static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
 
     ExpectNotNull((ssl1 = wolfSSL_new(ctx)));
     ExpectNotNull((ssl2 = wolfSSL_new(ctx)));
+
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
     /* this should fail because kMaxCtxClients == 2 */
     ExpectNull((ssl3 = wolfSSL_new(ctx)));
+#else
+    (void)ssl3;
+#endif
 
     if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) {
-    #ifdef DEBUG_WOLFSSL
+    #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         wolfSSL_PrintStatsConn(&ssl_stats);
     #endif
         (void)ssl_stats;
@@ -64195,7 +82729,7 @@ static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
 
     /* display collected statistics */
     if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) {
-    #ifdef DEBUG_WOLFSSL
+    #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
         wolfSSL_PrintStats(&mem_stats);
     #endif
         (void)mem_stats;
@@ -64333,12 +82867,12 @@ static int test_wolfSSL_FIPS_mode(void)
 #if defined(OPENSSL_ALL)
 #ifdef HAVE_FIPS
     ExpectIntEQ(wolfSSL_FIPS_mode(), 1);
-    ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(wolfSSL_FIPS_mode(), 0);
     ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #endif
     return EXPECT_RESULT();
@@ -64582,18 +83116,31 @@ static int test_wolfSSL_dtls_stateless2(void)
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
-    ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
-    wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
-    wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c2, NULL,
+        wolfDTLSv1_2_client_method, NULL), 0);
+    ExpectFalse(wolfSSL_is_stateful(ssl_s));
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_FAILURE);
+    ExpectFalse(wolfSSL_is_stateful(ssl_s));
     ExpectIntNE(test_ctx.c_len, 0);
     /* consume HRR */
     test_ctx.c_len = 0;
+    /* send CH1 */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WOLFSSL_ERROR_WANT_READ);
+    /* send HRR */
+    ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_FAILURE);
+    /* send CH2 */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WOLFSSL_ERROR_WANT_READ);
+    /* send HRR */
+    ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_SUCCESS);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    ExpectTrue(wolfSSL_is_stateful(ssl_s));
 
     wolfSSL_free(ssl_c2);
     wolfSSL_free(ssl_c);
@@ -64618,22 +83165,24 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void)
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+    ExpectNotNull(ssl_s);
     ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
     ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8),
         WOLFSSL_SUCCESS);
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
-    if (ssl_s != NULL) {
+    if (EXPECT_SUCCESS()) {
         max_fragment = ssl_s->max_fragment;
     }
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* CH without cookie shouldn't change state */
     ExpectIntEQ(ssl_s->max_fragment, max_fragment);
     ExpectIntNE(test_ctx.c_len, 0);
+
     /* consume HRR from buffer */
     test_ctx.c_len = 0;
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
@@ -64711,10 +83260,10 @@ static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
     wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_s, &test_ctx);
     ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectFalse(bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
     ExpectFalse(!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
     if (!useticket) {
@@ -64767,10 +83316,10 @@ static int test_wolfSSL_dtls_stateless_downgrade(void)
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectIntNE(test_ctx.c_len, 0);
     /* consume HRR */
     test_ctx.c_len = 0;
@@ -64807,23 +83356,23 @@ static int test_WOLFSSL_dtls_version_alert(void)
         wolfDTLSv1_2_client_method, wolfDTLSv1_server_method), 0);
 
     /* client hello */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* hrr */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* client hello 1 */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* server hello */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* should fail */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == VERSION_ERROR));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(VERSION_ERROR)));
     /* shuould fail */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == VERSION_ERROR || ssl_s->error == FATAL_ERROR));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(VERSION_ERROR) || ssl_s->error == WC_NO_ERR_TRACE(FATAL_ERROR)));
 
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
@@ -64886,7 +83435,9 @@ static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler)
 
     sz = BuildTls13Message(ssl, buf, 2048, buf+5, idx - 5,
         handshake, 0, 0, 0);
+    AssertIntGT(sz, 0);
     test_ctx = (struct test_memio_ctx*)wolfSSL_GetIOWriteCtx(ssl);
+    AssertNotNull(test_ctx);
     ret = test_memio_write_cb(ssl, (char*)buf, sz, test_ctx);
     return !(ret == sz);
 }
@@ -64917,8 +83468,8 @@ static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
     char *buf[1024];
 
     ExpectIntEQ(send_new_session_ticket(ssl_s, len, len), 0);
-    ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
 
     ExpectIntEQ(test_ticket_nonce_check(ssl_c->session, len), 0);
 
@@ -64976,15 +83527,23 @@ static int test_ticket_nonce_malloc(void)
     while (EXPECT_SUCCESS() && (ssl_c->options.handShakeDone == 0) &&
             (ssl_s->options.handShakeDone == 0)) {
         ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_SUCCESS) ||
-            (ssl_c->error == WANT_READ));
+            (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
 
         ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_SUCCESS) ||
-            (ssl_s->error == WANT_READ));
+            (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     }
 
     small = TLS13_TICKET_NONCE_STATIC_SZ;
-    medium = small + 20 <= 255 ? small + 20 : 255;
-    big = medium + 20 <= 255 ? small + 20 : 255;
+#if TLS13_TICKET_NONCE_STATIC_SZ + 20 <= 255
+    medium = small + 20;
+#else
+    medium = 255;
+#endif
+#if TLS13_TICKET_NONCE_STATIC_SZ + 20 + 20 <= 255
+    big = small + 20;
+#else
+    big = 255;
+#endif
 
     ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, small), TEST_SUCCESS);
     ExpectPtrEq(ssl_c->session->ticketNonce.data,
@@ -65336,7 +83895,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
     server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
-        &server_cbs, NULL), TEST_FAIL);
+        &server_cbs, NULL), -1001);
 
     return EXPECT_RESULT();
 }
@@ -65509,7 +84068,7 @@ static int test_extra_alerts_wrong_cs(void)
 
     /* CH */
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* consume CH */
@@ -65520,10 +84079,10 @@ static int test_extra_alerts_wrong_cs(void)
     test_ctx.c_len = sizeof(test_extra_alerts_wrong_cs_sh);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
-    ExpectIntEQ(h.last_tx.code, illegal_parameter);
+    ExpectIntEQ(h.last_tx.code, handshake_failure);
     ExpectIntEQ(h.last_tx.level, alert_fatal);
 
     wolfSSL_free(ssl_c);
@@ -65538,6 +84097,73 @@ static int test_extra_alerts_wrong_cs(void)
 }
 #endif
 
+#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) &&   \
+    defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+
+#define TEST_CS_DOWNGRADE_CLIENT "ECDHE-RSA-AES256-GCM-SHA384"
+
+byte test_wrong_cs_downgrade_sh[] = {
+  0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0x10,
+  0x2c, 0x88, 0xd9, 0x7a, 0x23, 0xc9, 0xbd, 0x11, 0x3b, 0x64, 0x24, 0xab,
+  0x5b, 0x45, 0x33, 0xf6, 0x2c, 0x34, 0xe4, 0xcf, 0xf4, 0x78, 0xc8, 0x62,
+  0x06, 0xc7, 0xe5, 0x30, 0x39, 0xbf, 0xa1, 0x20, 0xa3, 0x06, 0x74, 0xc3,
+  0xa9, 0x74, 0x52, 0x8a, 0xfb, 0xae, 0xf0, 0xd8, 0x6f, 0xb2, 0x9d, 0xfe,
+  0x78, 0xf0, 0x3f, 0x51, 0x8f, 0x9c, 0xcf, 0xbe, 0x61, 0x43, 0x9d, 0xf8,
+  0x85, 0xe5, 0x2f, 0x54,
+  0xc0, 0x2f, /* ECDHE-RSA-AES128-GCM-SHA256 */
+  0x00, 0x00, 0x0a, 0x00, 0x0b, 0x00,
+  0x02, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00
+};
+
+static int test_wrong_cs_downgrade(void)
+{
+    EXPECT_DECLS;
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL *ssl_c = NULL;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
+        wolfSSLv23_client_method, NULL), 0);
+
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, TEST_CS_DOWNGRADE_CLIENT),
+        WOLFSSL_SUCCESS);
+
+    /* CH */
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WOLFSSL_ERROR_WANT_READ);
+
+    /* consume CH */
+    test_ctx.s_len = 0;
+    /* inject SH */
+    XMEMCPY(test_ctx.c_buff, test_wrong_cs_downgrade_sh,
+        sizeof(test_wrong_cs_downgrade_sh));
+    test_ctx.c_len = sizeof(test_wrong_cs_downgrade_sh);
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+#ifdef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL));
+#else
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(MATCH_SUITE_ERROR));
+#endif /* OPENSSL_EXTRA */
+
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+#endif
+    return EXPECT_RESULT();
+}
+#else
+static int test_wrong_cs_downgrade(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
+
 #if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_EXTRA_ALERTS) &&             \
     defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH)
 
@@ -65563,7 +84189,7 @@ static int test_remove_hs_msg_from_buffer(byte *buf, int *len, byte type,
     word32 hLength;
 
     idx = buf;
-    tail_len = *len;
+    tail_len = (unsigned int)*len;
     *found = 0;
     while (tail_len > _RECORD_HEADER_SZ) {
         curr = idx;
@@ -65632,16 +84258,16 @@ static int test_remove_hs_message(byte hs_message_type,
         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     if (extra_round) {
         ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
             WOLFSSL_ERROR_WANT_READ);
 
         /* this will complete handshake from server side */
@@ -65660,7 +84286,7 @@ static int test_remove_hs_message(byte hs_message_type,
     }
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectTrue(alert_type == 0xff || h.last_tx.code == alert_type);
@@ -65735,15 +84361,15 @@ static int test_extra_alerts_bad_psk(void)
     wolfSSL_set_psk_server_callback(ssl_s, test_server_psk_cb);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_tx.code, handshake_failure);
@@ -65763,6 +84389,161 @@ static int test_extra_alerts_bad_psk(void)
 }
 #endif
 
+#if defined(OPENSSL_EXTRA) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+/*
+ * Emulates wolfSSL_shutdown that goes on EAGAIN,
+ * by returning on output WOLFSSL_ERROR_WANT_WRITE.*/
+static int custom_wolfSSL_shutdown(WOLFSSL *ssl, char *buf,
+        int sz, void *ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)ctx;
+    (void)sz;
+
+    return WOLFSSL_CBIO_ERR_WANT_WRITE;
+}
+
+static int test_multiple_alerts_EAGAIN(void)
+{
+    EXPECT_DECLS;
+    size_t size_of_last_packet = 0;
+
+    /* declare wolfSSL objects */
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    /* Create and initialize WOLFSSL_CTX and WOLFSSL objects */
+#ifdef USE_TLSV13
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+          wolfTLSv1_3_client_method,  wolfTLSv1_3_server_method), 0);
+#else
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
+#endif
+    ExpectNotNull(ctx_c);
+    ExpectNotNull(ssl_c);
+    ExpectNotNull(ctx_s);
+    ExpectNotNull(ssl_s);
+
+    /* Load client certificates into WOLFSSL_CTX */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c, "./certs/ca-cert.pem", NULL), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    /*
+     * We set the custom callback for the IO to emulate multiple EAGAINs
+     * on shutdown, so we can check that we don't send multiple packets.
+     * */
+    wolfSSL_SSLSetIOSend(ssl_c, custom_wolfSSL_shutdown);
+
+    /*
+     * We call wolfSSL_shutdown multiple times to reproduce the behaviour,
+     * to check that it doesn't add the CLOSE_NOTIFY packet multiple times
+     * on the output buffer.
+     * */
+    wolfSSL_shutdown(ssl_c);
+    wolfSSL_shutdown(ssl_c);
+
+    if (ssl_c != NULL) {
+        size_of_last_packet = ssl_c->buffers.outputBuffer.length;
+    }
+    wolfSSL_shutdown(ssl_c);
+
+    /*
+     * Finally we check the length of the output buffer.
+     * */
+    ExpectIntEQ((ssl_c->buffers.outputBuffer.length - size_of_last_packet), 0);
+
+    /* Cleanup and return */
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_s);
+    wolfSSL_free(ssl_s);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_multiple_alerts_EAGAIN(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
+    && !defined(NO_PSK)
+static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
+        const char* hint, char* identity, unsigned int id_max_len,
+        unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)hint;
+    (void)key_max_len;
+
+    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+    XSTRNCPY(identity, "Client_identity", id_max_len);
+
+    key[0] = 0x20;
+    return 1;
+}
+
+static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl,
+        const char* id, unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)id;
+    (void)key_max_len;
+    /* zero means error */
+    key[0] = 0x10;
+    return 1;
+}
+#endif
+
+static int test_tls13_bad_psk_binder(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
+    && !defined(NO_PSK)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_ALERT_HISTORY h;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
+
+    wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb);
+    wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WOLFSSL_ERROR_WANT_READ);
+
+    ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
+    ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(BAD_BINDER));
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
+    ExpectIntEQ(h.last_rx.code, illegal_parameter);
+    ExpectIntEQ(h.last_rx.level, alert_fatal);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
 #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES)
 static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf,
@@ -65820,10 +84601,10 @@ static int test_harden_no_secure_renegotiation(void)
     test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
 
     ExpectIntEQ(client_cbs.return_code, TEST_FAIL);
-    ExpectIntEQ(client_cbs.last_err, SECURE_RENEGOTIATION_E);
+    ExpectIntEQ(client_cbs.last_err, WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E));
     ExpectIntEQ(server_cbs.return_code, TEST_FAIL);
-    ExpectTrue(server_cbs.last_err == SOCKET_ERROR_E ||
-               server_cbs.last_err == FATAL_ERROR);
+    ExpectTrue(server_cbs.last_err == WC_NO_ERR_TRACE(SOCKET_ERROR_E) ||
+               server_cbs.last_err == WC_NO_ERR_TRACE(FATAL_ERROR));
 
     return EXPECT_RESULT();
 }
@@ -65841,13 +84622,13 @@ static int test_override_alt_cert_chain_cert_cb(int preverify,
     fprintf(stderr, "preverify: %d\n", preverify);
     fprintf(stderr, "store->error: %d\n", store->error);
     fprintf(stderr, "error reason: %s\n", wolfSSL_ERR_reason_error_string(store->error));
-    if (store->error == OCSP_INVALID_STATUS) {
+    if (store->error == WC_NO_ERR_TRACE(OCSP_INVALID_STATUS)) {
         fprintf(stderr, "Overriding OCSP error\n");
         return 1;
     }
 #ifndef WOLFSSL_ALT_CERT_CHAINS
-    else if ((store->error == ASN_NO_SIGNER_E ||
-              store->error == ASN_SELF_SIGNED_E
+    else if ((store->error == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+              store->error == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(HAVE_WEBSERVER)
             || store->error == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
@@ -65871,7 +84652,7 @@ static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url,
     (void)request;
     (void)requestSz;
     (void)response;
-    return -1;
+    return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
 static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx)
@@ -65921,7 +84702,7 @@ static int test_override_alt_cert_chain(void)
         {test_override_alt_cert_chain_client_ctx_ready,
                 test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
         {test_override_alt_cert_chain_client_ctx_ready2,
-                test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
+                test_override_alt_cert_chain_server_ctx_ready, -1001},
     };
 
     for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
@@ -65937,8 +84718,10 @@ static int test_override_alt_cert_chain(void)
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
             &server_cbs, NULL), params[i].result);
 
-        ExpectIntEQ(client_cbs.return_code, params[i].result);
-        ExpectIntEQ(server_cbs.return_code, params[i].result);
+        ExpectIntEQ(client_cbs.return_code,
+                    params[i].result <= 0 ? -1000 : TEST_SUCCESS);
+        ExpectIntEQ(server_cbs.return_code,
+                    params[i].result <= 0 ? -1000 : TEST_SUCCESS);
     }
 
     return EXPECT_RESULT();
@@ -65950,12 +84733,12 @@ static int test_override_alt_cert_chain(void)
 }
 #endif
 
-#if defined(HAVE_RPK)
+#if defined(HAVE_RPK) && !defined(NO_TLS)
 
 #define svrRpkCertFile     "./certs/rpk/server-cert-rpk.der"
 #define clntRpkCertFile    "./certs/rpk/client-cert-rpk.der"
 
-#if defined(WOLFSSL_ALWAYS_VERIFY_CB)
+#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13)
 static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx)
 {
     int ret = WOLFSSL_SUCCESS;
@@ -65964,7 +84747,7 @@ static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx)
     WOLFSSL_ENTER("MyRpkVerifyCb");
     return ret;
 }
-#endif /* WOLFSSL_ALWAYS_VERIFY_CB */
+#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */
 
 static WC_INLINE int test_rpk_memio_setup(
     struct test_memio_ctx *ctx,
@@ -66057,19 +84840,19 @@ static WC_INLINE int test_rpk_memio_setup(
 
     return 0;
 }
-#endif /* HAVE_RPK */
+#endif /* HAVE_RPK && !NO_TLS */
 
 static int test_rpk_set_xxx_cert_type(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_RPK)
+#if defined(HAVE_RPK) && !defined(NO_TLS)
 
     char ctype[MAX_CLIENT_CERT_TYPE_CNT + 1];   /* prepare bigger buffer */
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     int tp;
 
-    ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    ctx = wolfSSL_CTX_new(wolfTLS_client_method());
     ExpectNotNull(ctx);
 
     ssl = wolfSSL_new(ctx);
@@ -66082,25 +84865,25 @@ static int test_rpk_set_xxx_cert_type(void)
     /* illegal parameter test caces */
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(NULL, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -66108,7 +84891,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, NULL,
@@ -66130,25 +84913,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(NULL, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -66156,7 +84939,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, NULL,
@@ -66178,25 +84961,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(NULL, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -66204,7 +84987,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, NULL,
@@ -66226,25 +85009,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(NULL, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -66252,7 +85035,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, NULL,
@@ -66273,16 +85056,16 @@ static int test_rpk_set_xxx_cert_type(void)
     /*------------------------------------------------*/
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(NULL, &tp),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl, NULL),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(NULL, &tp),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl, NULL),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 
     /* clean up */
@@ -66296,8 +85079,10 @@ static int test_rpk_set_xxx_cert_type(void)
 static int test_tls13_rpk_handshake(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_RPK)
+#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
+#ifdef WOLFSSL_TLS13
     int ret = 0;
+#endif
     WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
     WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
     struct test_memio_ctx test_ctx;
@@ -66306,7 +85091,10 @@ static int test_tls13_rpk_handshake(void)
     char certType_s[MAX_CLIENT_CERT_TYPE_CNT];
     int typeCnt_c;
     int typeCnt_s;
-    int tp;
+    int tp = 0;
+#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13)
+    int isServer;
+#endif
 
     (void)err;
     (void)typeCnt_c;
@@ -66314,6 +85102,7 @@ static int test_tls13_rpk_handshake(void)
     (void)certType_c;
     (void)certType_s;
 
+#ifndef WOLFSSL_NO_TLS12
     /*  TLS1.2
      *  Both client and server load x509 cert and start handshaking.
      *  Check no negotiation occurred.
@@ -66340,12 +85129,11 @@ static int test_tls13_rpk_handshake(void)
     certType_s[1] = WOLFSSL_CERT_TYPE_X509;
     typeCnt_s = 2;
 
-    /*  both clien and server do not call client/server_cert_type APIs,
+    /*  both client and server do not call client/server_cert_type APIs,
      *  expecting default settings works and no negotiation performed.
      */
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     /* confirm no negotiation occurred */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -66362,13 +85150,18 @@ static int test_tls13_rpk_handshake(void)
                                                             WOLFSSL_SUCCESS);
     ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
 
+    (void)typeCnt_c;
+    (void)typeCnt_s;
+
     wolfSSL_free(ssl_c);
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_free(ssl_s);
     wolfSSL_CTX_free(ctx_s);
     ssl_c = ssl_s = NULL;
     ctx_c = ctx_s = NULL;
+#endif
 
+#ifdef WOLFSSL_TLS13
     /*  Both client and server load x509 cert and start handshaking.
      *  Check no negotiation occurred.
      */
@@ -66393,12 +85186,11 @@ static int test_tls13_rpk_handshake(void)
     certType_s[1] = WOLFSSL_CERT_TYPE_X509;
     typeCnt_s = 2;
 
-    /*  both clien and server do not call client/server_cert_type APIs,
+    /*  both client and server do not call client/server_cert_type APIs,
      *  expecting default settings works and no negotiation performed.
      */
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     /* confirm no negotiation occurred */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -66417,6 +85209,9 @@ static int test_tls13_rpk_handshake(void)
                                                         WOLFSSL_SUCCESS);
     ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
 
+    (void)typeCnt_c;
+    (void)typeCnt_s;
+
     wolfSSL_free(ssl_c);
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_free(ssl_s);
@@ -66464,8 +85259,7 @@ static int test_tls13_rpk_handshake(void)
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
                                                         WOLFSSL_SUCCESS);
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
                                                         WOLFSSL_SUCCESS);
@@ -66489,8 +85283,10 @@ static int test_tls13_rpk_handshake(void)
     wolfSSL_CTX_free(ctx_s);
     ssl_c = ssl_s = NULL;
     ctx_c = ctx_s = NULL;
+#endif
 
 
+#ifndef WOLFSSL_NO_TLS12
     /*  TLS1.2
      *  Both client and server load RPK cert and start handshaking.
      *  Confirm negotiated cert types match as expected.
@@ -66556,8 +85352,10 @@ static int test_tls13_rpk_handshake(void)
     wolfSSL_CTX_free(ctx_s);
     ssl_c = ssl_s = NULL;
     ctx_c = ctx_s = NULL;
+#endif
 
 
+#ifdef WOLFSSL_TLS13
     /*  Both client and server load x509 cert.
      *  Have client call set_client_cert_type with both RPK and x509.
      *  This doesn't makes client add client cert type extension to ClientHello,
@@ -66575,12 +85373,9 @@ static int test_tls13_rpk_handshake(void)
             svrKeyFile,      WOLFSSL_FILETYPE_PEM )
         , 0);
 
-    /* set client certificate type in client end */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    /* client indicates both RPK and x509 certs are available but loaded RPK
+    /* set client certificate type in client end
+     *
+     * client indicates both RPK and x509 certs are available but loaded RPK
      * cert only. It does not have client add client-cert-type extension in CH.
      */
     certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
@@ -66771,7 +85566,7 @@ static int test_tls13_rpk_handshake(void)
     if (ret != -1)
         return TEST_FAIL;
 
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), UNSUPPORTED_CERTIFICATE);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
                                                         WOLFSSL_SUCCESS);
@@ -66853,7 +85648,7 @@ static int test_tls13_rpk_handshake(void)
     /* expect server detect cert type mismatch then send Alert */
     ExpectIntNE(ret, 0);
     err = wolfSSL_get_error(ssl_c, ret);
-    ExpectIntEQ(err, UNSUPPORTED_CERTIFICATE);
+    ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
 
     /* client did not load RPK cert actually, so negotiation did not happen */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -66923,7 +85718,7 @@ static int test_tls13_rpk_handshake(void)
                                                         WOLFSSL_SUCCESS);
 
     /* set certificate verify callback to both client and server */
-    int isServer = 0;
+    isServer = 0;
     wolfSSL_SetCertCbCtx(ssl_c, &isServer);
     wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb);
 
@@ -66958,8 +85753,9 @@ static int test_tls13_rpk_handshake(void)
     ssl_c = ssl_s = NULL;
     ctx_c = ctx_s = NULL;
 #endif /* WOLFSSL_ALWAYS_VERIFY_CB */
+#endif /* WOLFSSL_TLS13 */
 
-#endif /* HAVE_RPK */
+#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */
     return EXPECT_RESULT();
 }
 
@@ -66985,7 +85781,7 @@ static int test_dtls13_bad_epoch_ch(void)
     ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntGE(test_ctx.s_len, EPOCH_OFF + 2);
@@ -66998,7 +85794,7 @@ static int test_dtls13_bad_epoch_ch(void)
     test_ctx.s_buff[EPOCH_OFF + 1] = 0x2;
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(ssl_s->msgsReceived.got_client_hello, 1);
@@ -67022,13 +85818,19 @@ static int test_dtls13_bad_epoch_ch(void)
 }
 #endif
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
+#if ((defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+      defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \
+      !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)) || \
+     (!defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
+      !defined(NO_DES3))) || !defined(WOLFSSL_NO_TLS12)) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
 static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
 {
     EXPECT_DECLS;
     WOLFSSL_SESSION *sess = NULL;
     /* Setup the session to avoid errors */
-    ssl->session->timeout = -1;
+    ssl->session->timeout = (word32)-1;
     ssl->session->side = WOLFSSL_CLIENT_END;
 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
                                defined(HAVE_SESSION_TICKET))
@@ -67096,7 +85898,6 @@ static int test_short_session_id(void)
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
             &server_cbf, NULL), TEST_SUCCESS);
     }
-
     return EXPECT_RESULT();
 }
 #else
@@ -67153,9 +85954,14 @@ static int test_wolfSSL_dtls13_null_cipher(void)
         *ptr = 'H';
         /* bad messages should be ignored in DTLS */
         ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), -1);
-        ExpectIntEQ(ssl_s->error, WANT_READ);
+        ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ));
     }
 
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
     wolfSSL_CTX_free(ctx_c);
@@ -67270,7 +86076,8 @@ static int test_dtls_msg_from_other_peer(void)
         *  !defined(SINGLE_THREADED) && !defined(NO_RSA) */
 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) &&               \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) &&   \
-    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) \
+    && !defined(USE_WINDOWS_API)
 static int test_dtls_ipv6_check(void)
 {
     EXPECT_DECLS;
@@ -67302,7 +86109,7 @@ static int test_dtls_ipv6_check(void)
     ExpectIntNE(fcntl(sockfd, F_SETFL, O_NONBLOCK), -1);
     wolfSSL_dtls_set_using_nonblock(ssl_c, 1);
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ssl_c->error, SOCKET_ERROR_E);
+    ExpectIntEQ(ssl_c->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
 
     ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_s, &fake_addr6, sizeof(fake_addr6)),
         WOLFSSL_SUCCESS);
@@ -67310,7 +86117,7 @@ static int test_dtls_ipv6_check(void)
     ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS);
     wolfSSL_dtls_set_using_nonblock(ssl_s, 1);
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ssl_s->error, SOCKET_ERROR_E);
+    ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
     if (sockfd != -1)
         close(sockfd);
 
@@ -67505,6 +86312,34 @@ static int test_dtls_no_extensions(void)
     return EXPECT_RESULT();
 }
 
+static int test_tls_alert_no_server_hello(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL_CTX *ctx_c = NULL;
+    struct test_memio_ctx test_ctx;
+    unsigned char alert_msg[] = { 0x15, 0x03, 0x01, 0x00, 0x02, 0x02, 0x28 };
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ssl_c = NULL;
+    ctx_c = NULL;
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
+        wolfTLSv1_2_client_method, NULL), 0);
+
+    XMEMCPY(test_ctx.c_buff, alert_msg, sizeof(alert_msg));
+    test_ctx.c_len = sizeof(alert_msg);
+
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(FATAL_ERROR));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_TLSX_CA_NAMES_bad_extension(void)
 {
     EXPECT_DECLS;
@@ -67575,9 +86410,9 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
 
         ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
 #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E));
 #else
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), BUFFER_ERROR);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR));
 #endif
 
         wolfSSL_free(ssl_c);
@@ -67727,8 +86562,8 @@ static int test_session_ticket_hs_update(void)
     wolfSSL_SetLoggingPrefix("client");
     /* Read the ticket msg */
     ExpectIntEQ(wolfSSL_read(ssl_c, read_data, sizeof(read_data)),
-            WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -67743,13 +86578,13 @@ static int test_session_ticket_hs_update(void)
 
     wolfSSL_SetLoggingPrefix("client");
     /* Exchange initial flights for the second connection */
-    ExpectIntEQ(wolfSSL_connect(ssl_c2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c2, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_connect(ssl_c2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
     wolfSSL_SetLoggingPrefix("server");
-    ExpectIntEQ(wolfSSL_accept(ssl_s2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s2, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_accept(ssl_s2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -67758,8 +86593,8 @@ static int test_session_ticket_hs_update(void)
     /* Read the ticket msg */
     wolfSSL_SetLoggingPrefix("client");
     ExpectIntEQ(wolfSSL_read(ssl_c3, read_data, sizeof(read_data)),
-            WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c3, WOLFSSL_FATAL_ERROR),
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c3, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -67801,8 +86636,8 @@ static void test_dtls_downgrade_scr_server_on_result(WOLFSSL* ssl)
     char testMsg[] = "Message after SCR";
     char msgBuf[sizeof(testMsg)];
     if (wolfSSL_is_server(ssl)) {
-        AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
-        AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
+        AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+        AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
         AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
         AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
@@ -67861,8 +86696,8 @@ static void test_dtls_downgrade_scr_on_result(WOLFSSL* ssl)
     char testMsg[] = "Message after SCR";
     char msgBuf[sizeof(testMsg)];
     if (wolfSSL_is_server(ssl)) {
-        AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
-        AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
+        AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+        AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
         AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
         AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
@@ -67971,9 +86806,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
             /* Drop the SH */
             dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
             len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
-            XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
+            if (EXPECT_SUCCESS()) {
+                XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
                     sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
                    (sizeof(DtlsRecordLayerHeader) + len));
+            }
             test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
             /* Read the remainder of the flight */
             ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -68002,9 +86839,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
             /* Drop the SH */
             dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
             len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
-            XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
+            if (EXPECT_SUCCESS()) {
+                XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
                     sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
                    (sizeof(DtlsRecordLayerHeader) + len));
+            }
             test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
             /* Read the remainder of the flight */
             ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -68210,6 +87049,81 @@ static int test_dtls_dropped_ccs(void)
 #endif
     return EXPECT_RESULT();
 }
+
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
+    && !defined(WOLFSSL_NO_TLS12)
+static int test_dtls_seq_num_downgrade_check_num(byte* ioBuf, int ioBufLen,
+        byte seq_num)
+{
+    EXPECT_DECLS;
+    DtlsRecordLayerHeader* dtlsRH;
+    byte sequence_number[8];
+
+    XMEMSET(&sequence_number, 0, sizeof(sequence_number));
+
+    ExpectIntGE(ioBufLen, sizeof(*dtlsRH));
+    dtlsRH = (DtlsRecordLayerHeader*)ioBuf;
+    ExpectIntEQ(dtlsRH->type, handshake);
+    ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
+    ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
+    sequence_number[7] = seq_num;
+    ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
+            sizeof(sequence_number)), 0);
+
+    return EXPECT_RESULT();
+}
+#endif
+
+/*
+ * Make sure that we send the correct sequence number after a HelloVerifyRequest
+ * and after a HelloRetryRequest. This is testing the server side as it is
+ * operating statelessly and should copy the sequence number of the ClientHello.
+ */
+static int test_dtls_seq_num_downgrade(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
+    && !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_2_client_method, wolfDTLS_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff,
+            test_ctx.s_len, 0), TEST_SUCCESS);
+    /* HVR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff,
+            test_ctx.c_len, 0), TEST_SUCCESS);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff,
+            test_ctx.s_len, 1), TEST_SUCCESS);
+    /* Server first flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff,
+            test_ctx.c_len, 1), TEST_SUCCESS);
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
 /**
  * Make sure we don't send RSA Signature Hash Algorithms in the
  * CertificateRequest when we don't have any such ciphers set.
@@ -68245,12 +87159,12 @@ static int test_certreq_sighash_algos(void)
     ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, "./certs/server-ecc.pem",
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
-    ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_accept(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* Find the CertificateRequest message */
@@ -68297,12 +87211,13 @@ static int test_certreq_sighash_algos(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
 static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
@@ -68322,7 +87237,7 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
@@ -68342,12 +87257,47 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     return EXPECT_RESULT();
 }
+
+static int test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb(int ret,
+        WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm, void* ctx)
+{
+    (void)crl;
+    (void)cm;
+    (void)ctx;
+    if (ret == WC_NO_ERR_TRACE(CRL_MISSING))
+        return 1;
+    return 0;
+}
+
+/* Here we are allowing missing CRL's but want to error out when its revoked */
+static int test_revoked_loaded_int_cert_ctx_ready3(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+    myVerifyAction = VERIFY_USE_PREVERIFY;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_SetCRL_ErrorCb(ctx,
+            test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb, NULL),
+            WOLFSSL_SUCCESS);
+    return EXPECT_RESULT();
+}
 #endif
 
 static int test_revoked_loaded_int_cert(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
     test_ssl_cbf client_cbf;
     test_ssl_cbf server_cbf;
     struct {
@@ -68362,6 +87312,8 @@ static int test_revoked_loaded_int_cert(void)
             "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
         {"./certs/intermediate/server-chain-short.pem",
             "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
+        {"./certs/intermediate/server-chain-short.pem",
+            "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready3},
     };
     size_t i;
 
@@ -68379,19 +87331,14 @@ static int test_revoked_loaded_int_cert(void)
         client_cbf.ctx_ready = test_params[i].client_ctx_ready;
 
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-            &server_cbf, NULL), TEST_FAIL);
-#ifndef WOLFSSL_HAPROXY
-        ExpectIntEQ(client_cbf.last_err, CRL_CERT_REVOKED);
-#else
-        ExpectIntEQ(client_cbf.last_err, WOLFSSL_X509_V_ERR_CERT_REVOKED);
-#endif
-        ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
+            &server_cbf, NULL), -1001);
+        ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
+        ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
 
         if (!EXPECT_SUCCESS())
             break;
         printf("\t%s passed\n", test_params[i].certPemFile);
     }
-
 #endif
     return EXPECT_RESULT();
 }
@@ -68409,7 +87356,11 @@ static int test_dtls13_frag_ch_pq(void)
     const char *test_str = "test";
     int test_str_size;
     byte buf[255];
+#ifdef WOLFSSL_KYBER_ORIGINAL
     int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
 
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
@@ -68419,8 +87370,13 @@ static int test_dtls13_frag_ch_pq(void)
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+#ifdef WOLFSSL_KYBER_ORIGINAL
     ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5");
     ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5");
+#else
+    ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024");
+    ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024");
+#endif
     test_str_size = XSTRLEN("test") + 1;
     ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
     ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
@@ -68445,6 +87401,8 @@ static int test_dtls_frag_ch_count_records(byte* b, int len)
         records++;
         dtlsRH = (DtlsRecordLayerHeader*)b;
         recordLen = (dtlsRH->length[0] << 8) | dtlsRH->length[1];
+        if (recordLen > (size_t)len)
+            break;
         b += sizeof(DtlsRecordLayerHeader) + recordLen;
         len -= sizeof(DtlsRecordLayerHeader) + recordLen;
     }
@@ -68551,8 +87509,18 @@ static int test_dtls_frag_ch(void)
             WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP521R1),
             WOLFSSL_SUCCESS);
+#ifdef HAVE_FFDHE_2048
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_2048),
             WOLFSSL_SUCCESS);
+#endif
+#ifdef HAVE_FFDHE_3072
+    ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_3072),
+            WOLFSSL_SUCCESS);
+#endif
+#ifdef HAVE_FFDHE_4096
+    ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_4096),
+            WOLFSSL_SUCCESS);
+#endif
 
     ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
 
@@ -68573,6 +87541,21 @@ static int test_dtls_frag_ch(void)
     /* Expect quietly dropping fragmented first CH */
     ExpectIntEQ(test_ctx.c_len, 0);
 
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    /* Disable ECH as it pushes it over our MTU */
+    wolfSSL_SetEchEnable(ssl_c, 0);
+#endif
+
+    /* Limit options to make the CH a fixed length */
+    /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2
+     * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */
+#ifdef OPENSSL_EXTRA
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
+                                       ":DHE-RSA-AES256-GCM-SHA384"));
+#else
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"));
+#endif
+
     /* CH1 */
     ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
     ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
@@ -68668,17 +87651,264 @@ static int test_dtls_empty_keyshare_with_cookie(void)
     return EXPECT_RESULT();
 }
 
+static int test_dtls_old_seq_number(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+    !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HVR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client second flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Modify the sequence number */
+    {
+        DtlsRecordLayerHeader* dtlsRH = (DtlsRecordLayerHeader*)test_ctx.s_buff;
+        XMEMSET(dtlsRH->sequence_number, 0, sizeof(dtlsRH->sequence_number));
+    }
+    /* Server second flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server should not do anything as a pkt was dropped */
+    ExpectIntEQ(test_ctx.c_len, 0);
+    ExpectIntEQ(test_ctx.s_len, 0);
+    /* Trigger rtx */
+    ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
+
+    /* Complete connection */
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_dtls12_missing_finished(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+    !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char test_str[] = "test string";
+    char test_buf[sizeof(test_str)];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HVR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+    /* Let's clear the output */
+    test_ctx.c_len = 0;
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    /* Client should not error out on a missing finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server rtx second flight with finished */
+    ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+    /* Client process rest of handshake */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    ExpectIntEQ(wolfSSL_read(ssl_c, test_buf, sizeof(test_buf)),
+                sizeof(test_str));
+    ExpectBufEQ(test_buf, test_str, sizeof(test_str));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_dtls13_missing_finished_client(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char test_str[] = "test string";
+    char test_buf[sizeof(test_str)];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HRR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Let's clear the output */
+    test_ctx.c_len = 0;
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    /* Client second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server should not error out on a missing finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client rtx second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+    /* Client */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    ExpectIntEQ(wolfSSL_read(ssl_c, test_buf, sizeof(test_buf)),
+                sizeof(test_str));
+    ExpectBufEQ(test_buf, test_str, sizeof(test_str));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_dtls13_missing_finished_server(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char test_str[] = "test string";
+    char test_buf[sizeof(test_str)];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HRR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Let's clear the output */
+    test_ctx.s_len = 0;
+    /* We should signal that the handshake is done */
+    ExpectTrue(wolfSSL_is_init_finished(ssl_c));
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    /* Server should not error out on a missing finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client rtx second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    ExpectIntEQ(wolfSSL_read(ssl_s, test_buf, sizeof(test_buf)),
+                sizeof(test_str));
+    ExpectBufEQ(test_buf, test_str, sizeof(test_str));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
     defined(HAVE_LIBOQS)
 static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
 {
+#ifdef WOLFSSL_KYBER_ORIGINAL
     int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
     AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
 }
 
 static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
 {
+#ifdef WOLFSSL_KYBER_ORIGINAL
     AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
+#else
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
+#endif
 }
 #endif
 
@@ -68707,102 +87937,176 @@ static int test_tls13_pq_groups(void)
     return EXPECT_RESULT();
 }
 
-static int test_dtls13_early_data(void)
+static int test_tls13_early_data(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
     defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET)
-    struct test_memio_ctx test_ctx;
-    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
-    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
-    WOLFSSL_SESSION *sess = NULL;
     int written = 0;
     int read = 0;
+    size_t i;
+    int splitEarlyData;
     char msg[] = "This is early data";
     char msg2[] = "This is client data";
     char msg3[] = "This is server data";
     char msg4[] = "This is server immediate data";
     char msgBuf[50];
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+        int isUdp;
+    } params[] = {
+#ifdef WOLFSSL_TLS13
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+                "TLS 1.3", 0 },
+#endif
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
+                "DTLS 1.3", 1 },
+#endif
+    };
 
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
+        for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) {
+            struct test_memio_ctx test_ctx;
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            WOLFSSL_SESSION *sess = NULL;
 
-    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
 
-    /* Get a ticket so that we can do 0-RTT on the next connection */
-    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
-    ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
+            fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
 
-    wolfSSL_free(ssl_c);
-    ssl_c = NULL;
-    wolfSSL_free(ssl_s);
-    ssl_s = NULL;
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
-    ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                    &ssl_s, params[i].client_meth, params[i].server_meth), 0);
+
+            /* Get a ticket so that we can do 0-RTT on the next connection */
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+            /* Make sure we read the ticket */
+            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
+
+            wolfSSL_free(ssl_c);
+            ssl_c = NULL;
+            wolfSSL_free(ssl_s);
+            ssl_s = NULL;
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                    params[i].client_meth, params[i].server_meth), 0);
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
+#ifdef WOLFSSL_DTLS13
+            if (params[i].isUdp) {
+                wolfSSL_SetLoggingPrefix("server");
 #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
-    ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
+                ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
 #else
-    /* Let's test this but we generally don't recommend turning off the
-     * cookie exchange */
-    ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
+                /* Let's test this but we generally don't recommend turning off the
+                 * cookie exchange */
+                ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
+#endif
+            }
 #endif
 
-    /* Test 0-RTT data */
-    ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
-            &written), sizeof(msg));
-    ExpectIntEQ(written, sizeof(msg));
+            /* Test 0-RTT data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
+                    &written), sizeof(msg));
+            ExpectIntEQ(written, sizeof(msg));
 
-    ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-            &read), sizeof(msg));
-    ExpectIntEQ(read, sizeof(msg));
-    ExpectStrEQ(msg, msgBuf);
+            if (splitEarlyData) {
+                ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
+                        &written), sizeof(msg));
+                ExpectIntEQ(written, sizeof(msg));
+            }
 
-    /* Test 0.5-RTT data */
-    ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
+            /* Read first 0-RTT data (if split otherwise entire data) */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                    &read), sizeof(msg));
+            ExpectIntEQ(read, sizeof(msg));
+            ExpectStrEQ(msg, msgBuf);
 
-    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+            /* Test 0.5-RTT data */
+            ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
 
-    ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
-    ExpectStrEQ(msg4, msgBuf);
+            if (splitEarlyData) {
+                /* Read second 0-RTT data */
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                        &read), sizeof(msg));
+                ExpectIntEQ(read, sizeof(msg));
+                ExpectStrEQ(msg, msgBuf);
+            }
 
-    /* Complete handshake */
-    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
-    /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally
-     * a user would loop until it is true but here we control both sides so we
-     * just assert the expected value. wolfSSL_read_early_data does not provide
-     * handshake status to us with non-blocking IO and we can't use
-     * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
-     * parsing logic. */
-    ExpectFalse(wolfSSL_is_init_finished(ssl_s));
-    ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-            &read), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            if (params[i].isUdp) {
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
 
-    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+                /* Read server 0.5-RTT data */
+                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
+                ExpectStrEQ(msg4, msgBuf);
 
-    ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+                /* Complete handshake */
+                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+                /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally
+                 * a user would loop until it is true but here we control both sides so we
+                 * just assert the expected value. wolfSSL_read_early_data does not provide
+                 * handshake status to us with non-blocking IO and we can't use
+                 * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
+                 * parsing logic. */
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                        &read), 0);
+                ExpectIntEQ(read, 0);
+                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
 
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+            }
+            else {
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
 
-    /* Test bi-directional write */
-    ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
-    ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
-    ExpectStrEQ(msg2, msgBuf);
-    ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
-    ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
-    ExpectStrEQ(msg3, msgBuf);
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                        &read), 0);
+                ExpectIntEQ(read, 0);
+                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
 
-    ExpectTrue(wolfSSL_session_reused(ssl_c));
-    ExpectTrue(wolfSSL_session_reused(ssl_s));
+                /* Read server 0.5-RTT data */
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
+                ExpectStrEQ(msg4, msgBuf);
+            }
 
-    wolfSSL_SESSION_free(sess);
-    wolfSSL_free(ssl_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_CTX_free(ctx_s);
+            /* Test bi-directional write */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
+            ExpectStrEQ(msg2, msgBuf);
+            ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
+            ExpectStrEQ(msg3, msgBuf);
+
+            wolfSSL_SetLoggingPrefix(NULL);
+            ExpectTrue(wolfSSL_session_reused(ssl_c));
+            ExpectTrue(wolfSSL_session_reused(ssl_s));
+
+            wolfSSL_SESSION_free(sess);
+            wolfSSL_free(ssl_c);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_CTX_free(ctx_s);
+        }
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -68903,6 +88207,881 @@ static int test_self_signed_stapling(void)
     return EXPECT_RESULT();
 }
 
+static int test_tls_multi_handshakes_one_record(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    RecordLayerHeader* rh = NULL;
+    byte   *len ;
+    int newRecIdx = RECORD_HEADER_SZ;
+    int idx = 0;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLS_client_method, wolfTLSv1_2_server_method), 0);
+
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+    /* Combine server handshake msgs into one record */
+    while (idx < test_ctx.c_len) {
+        word16 recLen;
+
+        rh = (RecordLayerHeader*)(test_ctx.c_buff + idx);
+        len = &rh->length[0];
+
+        ato16((const byte*)len, &recLen);
+        idx += RECORD_HEADER_SZ;
+
+        XMEMMOVE(test_ctx.c_buff + newRecIdx, test_ctx.c_buff + idx,
+                (size_t)recLen);
+
+        newRecIdx += recLen;
+        idx += recLen;
+    }
+    rh = (RecordLayerHeader*)(test_ctx.c_buff);
+    len = &rh->length[0];
+    c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len);
+    test_ctx.c_len = newRecIdx;
+
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+static int test_write_dup(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP)
+    size_t i, j;
+    char hiWorld[] = "dup message";
+    char readData[sizeof(hiWorld) + 5];
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* version_name;
+        int version;
+    } methods[] = {
+#ifndef WOLFSSL_NO_TLS12
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2},
+#endif
+#ifdef WOLFSSL_TLS13
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
+#endif
+    };
+    struct {
+        const char* cipher;
+        int version;
+    } ciphers[] = {
+/* For simplicity the macros are copied from internal.h */
+/* TLS 1.2 */
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
+    #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
+        #ifndef NO_RSA
+            {"ECDHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2},
+        #endif
+    #endif
+    #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
+        {"DHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2},
+    #endif
+#endif
+#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH)
+    #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+        {"DHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2},
+    #endif
+    #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+        {"DHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2},
+    #endif
+#endif
+#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
+                                         && !defined(NO_TLS) && !defined(NO_AES)
+    #ifdef HAVE_AESGCM
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+            #ifndef NO_RSA
+                {"ECDHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2},
+            #endif
+        #endif
+        #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+            #ifndef NO_RSA
+                {"ECDHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2},
+            #endif
+        #endif
+    #endif
+#endif
+/* TLS 1.3 */
+#ifdef WOLFSSL_TLS13
+    #ifdef HAVE_AESGCM
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+            {"TLS13-AES128-GCM-SHA256", WOLFSSL_TLSV1_3},
+        #endif
+        #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+            {"TLS13-AES256-GCM-SHA384", WOLFSSL_TLSV1_3},
+        #endif
+    #endif
+    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        #ifndef NO_SHA256
+            {"TLS13-CHACHA20-POLY1305-SHA256", WOLFSSL_TLSV1_3},
+        #endif
+    #endif
+    #ifdef HAVE_AESCCM
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
+            {"TLS13-AES128-CCM-SHA256", WOLFSSL_TLSV1_3},
+        #endif
+    #endif
+#endif
+    };
+
+    for (i = 0; i < XELEM_CNT(methods); i++) {
+        for (j = 0; j < XELEM_CNT(ciphers) && !EXPECT_FAIL(); j++) {
+            struct test_memio_ctx test_ctx;
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            WOLFSSL *ssl_c2 = NULL;
+
+            if (methods[i].version != ciphers[j].version)
+                continue;
+
+            if (i == 0 && j == 0)
+                printf("\n");
+
+            printf("Testing %s with %s... ", methods[i].version_name,
+                    ciphers[j].cipher);
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            test_ctx.c_ciphers = test_ctx.s_ciphers = ciphers[j].cipher;
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                    methods[i].client_meth, methods[i].server_meth), 0);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+            ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c));
+            ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)),
+                    WC_NO_ERR_TRACE(WRITE_DUP_WRITE_E));
+            ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
+                    sizeof(hiWorld));
+
+            ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)),
+                    sizeof(hiWorld));
+            ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)),
+                    sizeof(hiWorld));
+
+            ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)),
+                    WC_NO_ERR_TRACE(WRITE_DUP_READ_E));
+            ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
+                    sizeof(hiWorld));
+
+            if (EXPECT_SUCCESS())
+                printf("ok\n");
+            else
+                printf("failed\n");
+
+            wolfSSL_free(ssl_c);
+            wolfSSL_free(ssl_c2);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_CTX_free(ctx_s);
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_read_write_hs(void)
+{
+
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL;
+    WOLFSSL *ssl_s = NULL, *ssl_c = NULL;
+    struct test_memio_ctx test_ctx;
+    byte test_buffer[16];
+    unsigned int test;
+
+    /* test == 0 : client writes, server reads */
+    /* test == 1 : server writes, client reads */
+    for (test = 0; test < 2; test++) {
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s,  &ssl_c, &ssl_s,
+                                     wolfTLSv1_2_client_method,
+                                     wolfTLSv1_2_server_method), 0);
+        ExpectIntEQ(wolfSSL_set_group_messages(ssl_s), WOLFSSL_SUCCESS);
+        /* CH -> */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)),  -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* <- SH + SKE + SHD */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* -> CKE + CLIENT FINISHED */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* abide clang static analyzer */
+        if (ssl_s != NULL) {
+            /* disable group message to separate sending of ChangeCipherspec
+             * from Finished */
+            ssl_s->options.groupMessages = 0;
+        }
+        /* allow writing of CS, but not FINISHED */
+        test_ctx.c_len = TEST_MEMIO_BUF_SZ - 6;
+
+        /* <- CS */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_WRITE);
+
+        /* move CS message where the client can read it */
+        memmove(test_ctx.c_buff,
+                (test_ctx.c_buff + TEST_MEMIO_BUF_SZ - 6), 6);
+        test_ctx.c_len = 6;
+        /* read CS */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)), -1);
+        }
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectIntEQ(test_ctx.c_len, 0);
+
+        if (test == 0) {
+            /* send SERVER FINISHED */
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+        } else {
+            /* send SERVER FINISHED + App Data */
+            ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), 5);
+        }
+
+        ExpectIntGT(test_ctx.c_len, 0);
+
+        /* Send and receive the data */
+        if (test == 0) {
+            ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), 5);
+            ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
+                                     sizeof(test_buffer)), 5);
+        } else {
+            ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
+                                     sizeof(test_buffer)), 5);
+        }
+
+        ExpectBufEQ(test_buffer, "hello", 5);
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_CTX_free(ctx_s);
+        ssl_c = ssl_s = NULL;
+        ctx_c = ctx_s = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA)
+static const char* test_get_signature_nid_siglag;
+static int test_get_signature_nid_sig;
+static int test_get_signature_nid_hash;
+
+static int test_get_signature_nid_ssl_ready(WOLFSSL* ssl)
+{
+    EXPECT_DECLS;
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ALL"), WOLFSSL_SUCCESS);
+    if (!wolfSSL_is_server(ssl)) {
+        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
+            test_get_signature_nid_siglag), WOLFSSL_SUCCESS);
+    }
+    return EXPECT_RESULT();
+}
+
+static int test_get_signature_nid_on_hs_client(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
+{
+    EXPECT_DECLS;
+    int nid = 0;
+    (void)ctx;
+    if (XSTRSTR(wolfSSL_get_cipher(*ssl), "TLS_RSA_") == NULL) {
+        ExpectIntEQ(SSL_get_peer_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+        ExpectIntEQ(nid, test_get_signature_nid_sig);
+        ExpectIntEQ(SSL_get_peer_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+        ExpectIntEQ(nid, test_get_signature_nid_hash);
+    }
+    else /* No sigalg info on static ciphersuite */
+        return TEST_SUCCESS;
+    return EXPECT_RESULT();
+}
+
+static int test_get_signature_nid_on_hs_server(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
+{
+    EXPECT_DECLS;
+    int nid = 0;
+    (void)ctx;
+    ExpectIntEQ(SSL_get_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+    ExpectIntEQ(nid, test_get_signature_nid_sig);
+    ExpectIntEQ(SSL_get_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS);
+    ExpectIntEQ(nid, test_get_signature_nid_hash);
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_get_signature_nid(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA)
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+    size_t i;
+#define TGSN_TLS12_RSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, svrCertFile, svrKeyFile, \
+          caCertFile }
+#define TGSN_TLS12_ECDSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, eccCertFile, eccKeyFile, \
+          caEccCertFile }
+#define TGSN_TLS13_RSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, svrCertFile, svrKeyFile, \
+          caCertFile }
+#define TGSN_TLS13_ECDSA(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, eccCertFile, eccKeyFile, \
+          caEccCertFile }
+#define TGSN_TLS13_ED25519(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, edCertFile, edKeyFile, \
+            caEdCertFile }
+#define TGSN_TLS13_ED448(sigalg, sig_nid, hash_nid) \
+        { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, ed448CertFile, ed448KeyFile, \
+            caEd448CertFile }
+    struct {
+        const char* siglag;
+        int sig_nid;
+        int hash_nid;
+        int tls_ver;
+        const char* server_cert;
+        const char* server_key;
+        const char* client_ca;
+    } params[] = {
+#ifndef NO_RSA
+    #ifndef NO_SHA256
+        TGSN_TLS12_RSA("RSA+SHA256", NID_rsaEncryption, NID_sha256),
+        #ifdef WC_RSA_PSS
+        TGSN_TLS12_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256),
+        TGSN_TLS13_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256),
+        #endif
+    #endif
+    #ifdef WOLFSSL_SHA512
+        TGSN_TLS12_RSA("RSA+SHA512", NID_rsaEncryption, NID_sha512),
+        #ifdef WC_RSA_PSS
+        TGSN_TLS12_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512),
+        TGSN_TLS13_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512),
+        #endif
+    #endif
+#endif
+#ifdef HAVE_ECC
+    #ifndef NO_SHA256
+        TGSN_TLS12_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256),
+        TGSN_TLS13_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256),
+    #endif
+#endif
+#ifdef HAVE_ED25519
+        TGSN_TLS13_ED25519("ED25519", NID_ED25519, NID_sha512),
+#endif
+#ifdef HAVE_ED448
+        TGSN_TLS13_ED448("ED448", NID_ED448, NID_sha512),
+#endif
+    };
+    /* These correspond to WOLFSSL_SSLV3...WOLFSSL_DTLSV1_3 */
+    const char* tls_desc[] = {
+        "SSLv3", "TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3",
+        "DTLSv1.0", "DTLSv1.2", "DTLSv1.3"
+    };
+
+    printf("\n");
+
+    for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
+
+        XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+        XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+        printf("Testing %s with %s...", tls_desc[params[i].tls_ver],
+                params[i].siglag);
+
+        switch (params[i].tls_ver) {
+#ifndef WOLFSSL_NO_TLS12
+            case WOLFSSL_TLSV1_2:
+                client_cbf.method = wolfTLSv1_2_client_method;
+                server_cbf.method = wolfTLSv1_2_server_method;
+                break;
+#endif
+#ifdef WOLFSSL_TLS13
+            case WOLFSSL_TLSV1_3:
+                client_cbf.method = wolfTLSv1_3_client_method;
+                server_cbf.method = wolfTLSv1_3_server_method;
+                break;
+#endif
+            default:
+                printf("skipping\n");
+                continue;
+        }
+
+        test_get_signature_nid_siglag = params[i].siglag;
+        test_get_signature_nid_sig = params[i].sig_nid;
+        test_get_signature_nid_hash = params[i].hash_nid;
+
+        client_cbf.ssl_ready = test_get_signature_nid_ssl_ready;
+        server_cbf.ssl_ready = test_get_signature_nid_ssl_ready;
+
+        client_cbf.on_handshake = test_get_signature_nid_on_hs_client;
+        server_cbf.on_handshake = test_get_signature_nid_on_hs_server;
+
+        server_cbf.certPemFile = params[i].server_cert;
+        server_cbf.keyPemFile = params[i].server_key;
+
+        client_cbf.caPemFile = params[i].client_ca;
+
+        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+            &server_cbf, NULL), TEST_SUCCESS);
+        if (EXPECT_SUCCESS())
+            printf("passed\n");
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
+#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
+{
+#ifndef NO_MD5
+    enum wc_HashType hashType = WC_HASH_TYPE_MD5;
+#elif !defined(NO_SHA)
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
+#elif !defined(NO_SHA256)
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
+#else
+    #error "We need a digest to hash the Signer object"
+#endif
+    byte hashBuf[WC_MAX_DIGEST_SIZE];
+    wc_HashAlg hash;
+    size_t i;
+
+    AssertIntEQ(wc_HashInit(&hash, hashType), 0);
+    for (i = 0; i < CA_TABLE_SIZE; i++) {
+        Signer* cur;
+        for (cur = caTable[i]; cur != NULL; cur = cur->next)
+            AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)cur,
+                    sizeof(*cur)), 0);
+    }
+    AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
+    AssertIntEQ(wc_HashFree(&hash, hashType), 0);
+
+    return MakeWordFromHash(hashBuf);
+}
+
+static word32 test_tls_cert_store_unchanged_before_hashes[2];
+static size_t test_tls_cert_store_unchanged_before_hashes_idx;
+static word32 test_tls_cert_store_unchanged_after_hashes[2];
+static size_t test_tls_cert_store_unchanged_after_hashes_idx;
+
+static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+
+    ExpectIntNE(test_tls_cert_store_unchanged_before_hashes
+        [test_tls_cert_store_unchanged_before_hashes_idx++] =
+            test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0);
+
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
+            WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
+
+    return EXPECT_RESULT();
+}
+
+static int test_tls_cert_store_unchanged_ctx_cleanup(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    ExpectIntEQ(wolfSSL_CTX_UnloadIntermediateCerts(ctx), WOLFSSL_SUCCESS);
+    ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
+        [test_tls_cert_store_unchanged_after_hashes_idx++] =
+            test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0);
+
+    return EXPECT_RESULT();
+}
+
+static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CERT_MANAGER* cm;
+
+    (void)ssl;
+    /* WARNING: this approach bypasses the reference counter check in
+     * wolfSSL_CTX_UnloadIntermediateCerts. It is not recommended as it may
+     * cause unexpected behaviour when other active connections try accessing
+     * the caTable. */
+    ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(*ctx));
+    ExpectIntEQ(wolfSSL_CertManagerUnloadIntermediateCerts(cm),
+            WOLFSSL_SUCCESS);
+    ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
+        [test_tls_cert_store_unchanged_after_hashes_idx++] =
+            test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0);
+
+    return EXPECT_RESULT();
+}
+
+static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX* ctx;
+
+    ExpectNotNull(ctx = wolfSSL_get_SSL_CTX(ssl));
+
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_tls_cert_store_unchanged(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+    int i;
+
+    for (i = 0; i < 2; i++) {
+        XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+        XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+        test_tls_cert_store_unchanged_before_hashes_idx = 0;
+        XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0,
+                sizeof(test_tls_cert_store_unchanged_before_hashes));
+        test_tls_cert_store_unchanged_after_hashes_idx = 0;
+        XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0,
+                sizeof(test_tls_cert_store_unchanged_after_hashes));
+
+        client_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
+        server_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
+
+        client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
+        server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
+
+        switch (i) {
+            case 0:
+                client_cbf.on_ctx_cleanup =
+                        test_tls_cert_store_unchanged_ctx_cleanup;
+                server_cbf.on_ctx_cleanup =
+                        test_tls_cert_store_unchanged_ctx_cleanup;
+                break;
+            case 1:
+                client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
+                server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
+                break;
+            default:
+                Fail(("Should not enter here"), ("Entered here"));
+        }
+
+
+        client_cbf.certPemFile = "certs/intermediate/client-chain.pem";
+        server_cbf.certPemFile = "certs/intermediate/server-chain.pem";
+
+        server_cbf.caPemFile = caCertFile;
+
+        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+            &server_cbf, NULL), TEST_SUCCESS);
+
+        ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes,
+                test_tls_cert_store_unchanged_after_hashes,
+                sizeof(test_tls_cert_store_unchanged_after_hashes));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_SendUserCanceled(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+    size_t i;
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+    } params[] = {
+#if defined(WOLFSSL_TLS13)
+/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" },
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" },
+#endif
+#endif
+#ifndef WOLFSSL_NO_TLS12
+        { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" },
+#endif
+#endif
+#if !defined(NO_OLD_TLS)
+        { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" },
+#endif
+#endif
+    };
+
+    for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL;
+        WOLFSSL_CTX *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL;
+        WOLFSSL *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+        WOLFSSL_ALERT_HISTORY h;
+
+        printf("Testing %s\n", params[i].tls_version);
+
+        XMEMSET(&h, 0, sizeof(h));
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                params[i].client_meth, params[i].server_meth), 0);
+
+        /* CH1 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+        ExpectIntEQ(wolfSSL_SendUserCanceled(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+
+        /* Alert closed connection */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_ZERO_RETURN);
+
+        /* Last alert will be close notify because user_canceled should be
+         * followed by a close_notify */
+        ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
+        ExpectIntEQ(h.last_rx.code, close_notify);
+        ExpectIntEQ(h.last_rx.level, alert_warning);
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_CTX_free(ctx_s);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(HAVE_OCSP) && \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+    !defined(WOLFSSL_NO_TLS12)
+static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz,
+                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
+{
+    (void)ctx;
+    (void)url;
+    (void)urlSz;
+    (void)ocspReqBuf;
+    (void)ocspReqSz;
+    (void)ocspRespBuf;
+    return WOLFSSL_CBIO_ERR_GENERAL;
+}
+static int test_ocsp_callback_fails(void)
+{
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    EXPECT_DECLS;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_s), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl_c, WOLFSSL_CSR_OCSP,0), WOLFSSL_SUCCESS);
+    /* override URL to avoid exing from SendCertificateStatus because of no AuthInfo on the certificate */
+    ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx_s, "http://dummy.test"), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx_s, WOLFSSL_OCSP_NO_NONCE    | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_SetOCSP_Cb(ssl_s, test_ocsp_callback_fails_cb, NULL, NULL), WOLFSSL_SUCCESS);
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WC_NO_ERR_TRACE(OCSP_INVALID_STATUS));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_ocsp_callback_fails(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(HAVE_OCSP) && \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST) */
+
+#ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
+static int test_wolfSSL_SSLDisableRead_recv(WOLFSSL *ssl, char *buf, int sz,
+                                             void *ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)sz;
+    (void)ctx;
+    return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+static int test_wolfSSL_SSLDisableRead(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL *ssl_c = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
+            wolfTLS_client_method, NULL), 0);
+    wolfSSL_SSLSetIORecv(ssl_c, test_wolfSSL_SSLDisableRead_recv);
+    wolfSSL_SSLDisableRead(ssl_c);
+
+    /* Disabling reading should not even go into the IO layer */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    wolfSSL_SSLEnableRead(ssl_c);
+    /* By enabling reading we should reach the IO that will return an error */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SOCKET_ERROR_E);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    return EXPECT_RESULT();
+}
+#else
+static int test_wolfSSL_SSLDisableRead(void)
+{
+    EXPECT_DECLS;
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_inject(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+    size_t i;
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+    } params[] = {
+#if defined(WOLFSSL_TLS13)
+/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" },
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" },
+#endif
+#endif
+#ifndef WOLFSSL_NO_TLS12
+        { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" },
+#endif
+#endif
+#if !defined(NO_OLD_TLS)
+        { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" },
+#endif
+#endif
+    };
+
+    for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL;
+        WOLFSSL_CTX *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL;
+        WOLFSSL *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+        WOLFSSL_ALERT_HISTORY h;
+        int rounds;
+
+        printf("Testing %s\n", params[i].tls_version);
+
+        XMEMSET(&h, 0, sizeof(h));
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                params[i].client_meth, params[i].server_meth), 0);
+
+        for (rounds = 0; rounds < 10 && EXPECT_SUCCESS(); rounds++) {
+            wolfSSL_SetLoggingPrefix("client");
+            if (wolfSSL_negotiate(ssl_c) != 1) {
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+            }
+            wolfSSL_SetLoggingPrefix("server");
+            if (test_ctx.s_len > 0) {
+                ExpectIntEQ(wolfSSL_inject(ssl_s, test_ctx.s_buff,
+                                           test_ctx.s_len), 1);
+                test_ctx.s_len = 0;
+            }
+            if (wolfSSL_negotiate(ssl_s) != 1) {
+                ExpectIntEQ(wolfSSL_get_error(ssl_s, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+            }
+            wolfSSL_SetLoggingPrefix("client");
+            if (test_ctx.c_len > 0) {
+                ExpectIntEQ(wolfSSL_inject(ssl_c, test_ctx.c_buff,
+                                           test_ctx.c_len), 1);
+                test_ctx.c_len = 0;
+            }
+            wolfSSL_SetLoggingPrefix(NULL);
+        }
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_CTX_free(ctx_s);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
 /*----------------------------------------------------------------------------*
  | Main
  *----------------------------------------------------------------------------*/
@@ -68930,103 +89109,172 @@ TEST_CASE testCases[] = {
 
     TEST_DECL(test_wolfCrypt_Init),
 
+    TEST_DECL(test_wc_LoadStaticMemory_ex),
+    TEST_DECL(test_wc_LoadStaticMemory_CTX),
+
     /* Locking with Compat Mutex */
     TEST_DECL(test_wc_SetMutexCb),
     TEST_DECL(test_wc_LockMutex_ex),
 
     /* Digests */
+    /* test_md5.c */
     TEST_DECL(test_wc_InitMd5),
     TEST_DECL(test_wc_Md5Update),
     TEST_DECL(test_wc_Md5Final),
+    TEST_DECL(test_wc_Md5_KATs),
+    TEST_DECL(test_wc_Md5_other),
+    TEST_DECL(test_wc_Md5Copy),
+    TEST_DECL(test_wc_Md5GetHash),
+    TEST_DECL(test_wc_Md5Transform),
+    TEST_DECL(test_wc_Md5_Flags),
+
+    /* test_sha.c */
     TEST_DECL(test_wc_InitSha),
     TEST_DECL(test_wc_ShaUpdate),
     TEST_DECL(test_wc_ShaFinal),
+    TEST_DECL(test_wc_ShaFinalRaw),
+    TEST_DECL(test_wc_Sha_KATs),
+    TEST_DECL(test_wc_Sha_other),
+    TEST_DECL(test_wc_ShaCopy),
+    TEST_DECL(test_wc_ShaGetHash),
+    TEST_DECL(test_wc_ShaTransform),
+    TEST_DECL(test_wc_Sha_Flags),
+
+    /* test_sha256.c */
     TEST_DECL(test_wc_InitSha256),
     TEST_DECL(test_wc_Sha256Update),
     TEST_DECL(test_wc_Sha256Final),
     TEST_DECL(test_wc_Sha256FinalRaw),
-    TEST_DECL(test_wc_Sha256GetFlags),
-    TEST_DECL(test_wc_Sha256Free),
-    TEST_DECL(test_wc_Sha256GetHash),
+    TEST_DECL(test_wc_Sha256_KATs),
+    TEST_DECL(test_wc_Sha256_other),
     TEST_DECL(test_wc_Sha256Copy),
+    TEST_DECL(test_wc_Sha256GetHash),
+    TEST_DECL(test_wc_Sha256Transform),
+    TEST_DECL(test_wc_Sha256_Flags),
 
     TEST_DECL(test_wc_InitSha224),
     TEST_DECL(test_wc_Sha224Update),
     TEST_DECL(test_wc_Sha224Final),
-    TEST_DECL(test_wc_Sha224SetFlags),
-    TEST_DECL(test_wc_Sha224GetFlags),
-    TEST_DECL(test_wc_Sha224Free),
-    TEST_DECL(test_wc_Sha224GetHash),
+    TEST_DECL(test_wc_Sha224_KATs),
+    TEST_DECL(test_wc_Sha224_other),
     TEST_DECL(test_wc_Sha224Copy),
+    TEST_DECL(test_wc_Sha224GetHash),
+    TEST_DECL(test_wc_Sha224_Flags),
 
+    /* test_sha512.c */
     TEST_DECL(test_wc_InitSha512),
     TEST_DECL(test_wc_Sha512Update),
     TEST_DECL(test_wc_Sha512Final),
-    TEST_DECL(test_wc_Sha512GetFlags),
     TEST_DECL(test_wc_Sha512FinalRaw),
-    TEST_DECL(test_wc_Sha512Free),
-    TEST_DECL(test_wc_Sha512GetHash),
+    TEST_DECL(test_wc_Sha512_KATs),
+    TEST_DECL(test_wc_Sha512_other),
     TEST_DECL(test_wc_Sha512Copy),
+    TEST_DECL(test_wc_Sha512GetHash),
+    TEST_DECL(test_wc_Sha512Transform),
+    TEST_DECL(test_wc_Sha512_Flags),
 
     TEST_DECL(test_wc_InitSha512_224),
     TEST_DECL(test_wc_Sha512_224Update),
     TEST_DECL(test_wc_Sha512_224Final),
-    TEST_DECL(test_wc_Sha512_224GetFlags),
     TEST_DECL(test_wc_Sha512_224FinalRaw),
-    TEST_DECL(test_wc_Sha512_224Free),
-    TEST_DECL(test_wc_Sha512_224GetHash),
+    TEST_DECL(test_wc_Sha512_224_KATs),
+    TEST_DECL(test_wc_Sha512_224_other),
     TEST_DECL(test_wc_Sha512_224Copy),
+    TEST_DECL(test_wc_Sha512_224GetHash),
+    TEST_DECL(test_wc_Sha512_224Transform),
+    TEST_DECL(test_wc_Sha512_224_Flags),
+
     TEST_DECL(test_wc_InitSha512_256),
     TEST_DECL(test_wc_Sha512_256Update),
     TEST_DECL(test_wc_Sha512_256Final),
-    TEST_DECL(test_wc_Sha512_256GetFlags),
     TEST_DECL(test_wc_Sha512_256FinalRaw),
-    TEST_DECL(test_wc_Sha512_256Free),
-    TEST_DECL(test_wc_Sha512_256GetHash),
+    TEST_DECL(test_wc_Sha512_256_KATs),
+    TEST_DECL(test_wc_Sha512_256_other),
     TEST_DECL(test_wc_Sha512_256Copy),
+    TEST_DECL(test_wc_Sha512_256GetHash),
+    TEST_DECL(test_wc_Sha512_256Transform),
+    TEST_DECL(test_wc_Sha512_256_Flags),
 
     TEST_DECL(test_wc_InitSha384),
     TEST_DECL(test_wc_Sha384Update),
     TEST_DECL(test_wc_Sha384Final),
-    TEST_DECL(test_wc_Sha384GetFlags),
     TEST_DECL(test_wc_Sha384FinalRaw),
-    TEST_DECL(test_wc_Sha384Free),
-    TEST_DECL(test_wc_Sha384GetHash),
+    TEST_DECL(test_wc_Sha384_KATs),
+    TEST_DECL(test_wc_Sha384_other),
     TEST_DECL(test_wc_Sha384Copy),
+    TEST_DECL(test_wc_Sha384GetHash),
+    TEST_DECL(test_wc_Sha384_Flags),
 
+    /* test_sha3.c */
+    TEST_DECL(test_wc_InitSha3),
+    TEST_DECL(test_wc_Sha3_Update),
+    TEST_DECL(test_wc_Sha3_Final),
+    TEST_DECL(test_wc_Sha3_224_KATs),
+    TEST_DECL(test_wc_Sha3_256_KATs),
+    TEST_DECL(test_wc_Sha3_384_KATs),
+    TEST_DECL(test_wc_Sha3_512_KATs),
+    TEST_DECL(test_wc_Sha3_other),
+    TEST_DECL(test_wc_Sha3_Copy),
+    TEST_DECL(test_wc_Sha3_GetHash),
+    TEST_DECL(test_wc_Sha3_Flags),
+
+    TEST_DECL(test_wc_InitShake128),
+    TEST_DECL(test_wc_Shake128_Update),
+    TEST_DECL(test_wc_Shake128_Final),
+    TEST_DECL(test_wc_Shake128_KATs),
+    TEST_DECL(test_wc_Shake128_other),
+    TEST_DECL(test_wc_Shake128_Copy),
+    TEST_DECL(test_wc_Shake128Hash),
+    TEST_DECL(test_wc_Shake128_Absorb),
+    TEST_DECL(test_wc_Shake128_SqueezeBlocks),
+    TEST_DECL(test_wc_Shake128_XOF),
+
+    TEST_DECL(test_wc_InitShake256),
+    TEST_DECL(test_wc_Shake256_Update),
+    TEST_DECL(test_wc_Shake256_Final),
+    TEST_DECL(test_wc_Shake256_KATs),
+    TEST_DECL(test_wc_Shake256_other),
+    TEST_DECL(test_wc_Shake256_Copy),
+    TEST_DECL(test_wc_Shake256Hash),
+    TEST_DECL(test_wc_Shake256_Absorb),
+    TEST_DECL(test_wc_Shake256_SqueezeBlocks),
+    TEST_DECL(test_wc_Shake256_XOF),
+
+    /* test_blake.c */
     TEST_DECL(test_wc_InitBlake2b),
     TEST_DECL(test_wc_InitBlake2b_WithKey),
+    TEST_DECL(test_wc_Blake2bUpdate),
+    TEST_DECL(test_wc_Blake2bFinal),
+    TEST_DECL(test_wc_Blake2b_KATs),
+    TEST_DECL(test_wc_Blake2b_other),
+
+    TEST_DECL(test_wc_InitBlake2s),
     TEST_DECL(test_wc_InitBlake2s_WithKey),
+    TEST_DECL(test_wc_Blake2sUpdate),
+    TEST_DECL(test_wc_Blake2sFinal),
+    TEST_DECL(test_wc_Blake2s_KATs),
+    TEST_DECL(test_wc_Blake2s_other),
+
+    /* test_sm3.c: SM3 Digest */
+    TEST_DECL(test_wc_InitSm3),
+    TEST_DECL(test_wc_Sm3Update),
+    TEST_DECL(test_wc_Sm3Final),
+    TEST_DECL(test_wc_Sm3FinalRaw),
+    TEST_DECL(test_wc_Sm3_KATs),
+    TEST_DECL(test_wc_Sm3_other),
+    TEST_DECL(test_wc_Sm3Copy),
+    TEST_DECL(test_wc_Sm3GetHash),
+    TEST_DECL(test_wc_Sm3_Flags),
+    TEST_DECL(test_wc_Sm3Hash),
+
+    /* test_ripemd.c */
     TEST_DECL(test_wc_InitRipeMd),
     TEST_DECL(test_wc_RipeMdUpdate),
     TEST_DECL(test_wc_RipeMdFinal),
+    TEST_DECL(test_wc_RipeMd_KATs),
+    TEST_DECL(test_wc_RipeMd_other),
 
-    TEST_DECL(test_wc_InitSha3),
-    TEST_DECL(testing_wc_Sha3_Update),
-    TEST_DECL(test_wc_Sha3_224_Final),
-    TEST_DECL(test_wc_Sha3_256_Final),
-    TEST_DECL(test_wc_Sha3_384_Final),
-    TEST_DECL(test_wc_Sha3_512_Final),
-    TEST_DECL(test_wc_Sha3_224_Copy),
-    TEST_DECL(test_wc_Sha3_256_Copy),
-    TEST_DECL(test_wc_Sha3_384_Copy),
-    TEST_DECL(test_wc_Sha3_512_Copy),
-    TEST_DECL(test_wc_Sha3_GetFlags),
-    TEST_DECL(test_wc_InitShake256),
-    TEST_DECL(testing_wc_Shake256_Update),
-    TEST_DECL(test_wc_Shake256_Final),
-    TEST_DECL(test_wc_Shake256_Copy),
-    TEST_DECL(test_wc_Shake256Hash),
-
-    /* SM3 Digest */
-    TEST_DECL(test_wc_InitSm3Free),
-    TEST_DECL(test_wc_Sm3UpdateFinal),
-    TEST_DECL(test_wc_Sm3GetHash),
-    TEST_DECL(test_wc_Sm3Copy),
-    TEST_DECL(test_wc_Sm3FinalRaw),
-    TEST_DECL(test_wc_Sm3GetSetFlags),
-    TEST_DECL(test_wc_Sm3Hash),
-
+    /* test_hash.c */
     TEST_DECL(test_wc_HashInit),
     TEST_DECL(test_wc_HashSetFlags),
     TEST_DECL(test_wc_HashGetFlags),
@@ -69055,18 +89303,17 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_AesCmacGenerate),
 
     /* Cipher */
-    TEST_DECL(test_wc_AesGcmStream),
-
     TEST_DECL(test_wc_Des3_SetIV),
     TEST_DECL(test_wc_Des3_SetKey),
     TEST_DECL(test_wc_Des3_CbcEncryptDecrypt),
-    TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey),
     TEST_DECL(test_wc_Des3_EcbEncrypt),
+    /* wc_encrypt API */
+    TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey),
 
     TEST_DECL(test_wc_Chacha_SetKey),
     TEST_DECL(test_wc_Chacha_Process),
-    TEST_DECL(test_wc_ChaCha20Poly1305_aead),
     TEST_DECL(test_wc_Poly1305SetKey),
+    TEST_DECL(test_wc_ChaCha20Poly1305_aead),
 
     TEST_DECL(test_wc_CamelliaSetKey),
     TEST_DECL(test_wc_CamelliaSetIV),
@@ -69089,6 +89336,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_AesGcmSetKey),
     TEST_DECL(test_wc_AesGcmEncryptDecrypt),
     TEST_DECL(test_wc_AesGcmMixedEncDecLongIV),
+    TEST_DECL(test_wc_AesGcmStream),
     TEST_DECL(test_wc_GmacSetKey),
     TEST_DECL(test_wc_GmacUpdate),
     TEST_DECL(test_wc_AesCcmSetKey),
@@ -69100,6 +89348,10 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_AesEaxDecryptAuth),
 #endif /* WOLFSSL_AES_EAX */
 
+    /* Ascon */
+    TEST_DECL(test_ascon_hash256),
+    TEST_DECL(test_ascon_aead128),
+
     /* SM4 cipher */
     TEST_DECL(test_wc_Sm4),
     TEST_DECL(test_wc_Sm4Ecb),
@@ -69131,6 +89383,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_RsaPrivateKeyDecode),
     TEST_DECL(test_wc_RsaPublicKeyDecode),
     TEST_DECL(test_wc_RsaPublicKeyDecodeRaw),
+    TEST_DECL(test_wc_RsaPrivateKeyDecodeRaw),
     TEST_DECL(test_wc_MakeRsaKey),
     TEST_DECL(test_wc_CheckProbablePrime),
     TEST_DECL(test_wc_RsaPSS_Verify),
@@ -69259,6 +89512,25 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_Ed448PublicKeyToDer),
     TEST_DECL(test_wc_Ed448KeyToDer),
     TEST_DECL(test_wc_Ed448PrivateKeyToDer),
+    TEST_DECL(test_wc_Curve448PrivateKeyToDer),
+
+    /* Kyber */
+    TEST_DECL(test_wc_mlkem_make_key_kats),
+    TEST_DECL(test_wc_mlkem_encapsulate_kats),
+    TEST_DECL(test_wc_mlkem_decapsulate_kats),
+
+    /* Dilithium */
+    TEST_DECL(test_wc_dilithium),
+    TEST_DECL(test_wc_dilithium_make_key),
+    TEST_DECL(test_wc_dilithium_sign),
+    TEST_DECL(test_wc_dilithium_verify),
+    TEST_DECL(test_wc_dilithium_sign_vfy),
+    TEST_DECL(test_wc_dilithium_check_key),
+    TEST_DECL(test_wc_dilithium_public_der_decode),
+    TEST_DECL(test_wc_dilithium_der),
+    TEST_DECL(test_wc_dilithium_make_key_from_seed),
+    TEST_DECL(test_wc_dilithium_sig_kats),
+    TEST_DECL(test_wc_dilithium_verify_kats),
 
     /* Signature API */
     TEST_DECL(test_wc_SignatureGetSize_ecc),
@@ -69290,6 +89562,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_ParseCert),
     TEST_DECL(test_wc_ParseCert_Error),
     TEST_DECL(test_MakeCertWithPathLen),
+    TEST_DECL(test_MakeCertWith0Ser),
     TEST_DECL(test_MakeCertWithCaFalse),
     TEST_DECL(test_wc_SetKeyUsage),
     TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex),
@@ -69305,6 +89578,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex),
     TEST_DECL(test_wc_PKCS7_VerifySignedData_RSA),
     TEST_DECL(test_wc_PKCS7_VerifySignedData_ECC),
+    TEST_DECL(test_wc_PKCS7_DecodeEnvelopedData_stream),
     TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData),
     TEST_DECL(test_wc_PKCS7_EncodeEncryptedData),
     TEST_DECL(test_wc_PKCS7_Degenerate),
@@ -69326,6 +89600,10 @@ TEST_CASE testCases[] = {
 
     TEST_DECL(test_wolfSSL_Init),
 
+    TEST_DECL(test_dual_alg_support),
+
+    TEST_DECL(test_dual_alg_ecdsa_mldsa),
+
     /*********************************
      * OpenSSL compatibility API tests
      *********************************/
@@ -69368,20 +89646,30 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print),
     TEST_DECL(test_wolfSSL_ASN1_TYPE),
     TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),
+    TEST_DECL(test_wolfSSL_i2d_ASN1_TYPE),
+    TEST_DECL(test_wolfSSL_i2d_ASN1_SEQUENCE),
+    TEST_DECL(test_ASN1_strings),
 
     TEST_DECL(test_wolfSSL_lhash),
 
     TEST_DECL(test_wolfSSL_certs),
+    TEST_DECL(test_wolfSSL_X509_ext_d2i),
 
     TEST_DECL(test_wolfSSL_private_keys),
+    TEST_DECL(test_wolfSSL_PEM_def_callback),
     TEST_DECL(test_wolfSSL_PEM_read_PrivateKey),
     TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY),
     TEST_DECL(test_wolfSSL_PEM_read_PUBKEY),
+    TEST_DECL(test_wolfSSL_PEM_PrivateKey_rsa),
+    TEST_DECL(test_wolfSSL_PEM_PrivateKey_ecc),
+    TEST_DECL(test_wolfSSL_PEM_PrivateKey_dsa),
+    TEST_DECL(test_wolfSSL_PEM_PrivateKey_dh),
     TEST_DECL(test_wolfSSL_PEM_PrivateKey),
     TEST_DECL(test_wolfSSL_PEM_file_RSAKey),
     TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey),
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_BIO),
+    TEST_DECL(test_wolfSSL_BIO_BIO_ring_read),
     TEST_DECL(test_wolfSSL_PEM_read_bio),
     TEST_DECL(test_wolfSSL_PEM_bio_RSAKey),
     TEST_DECL(test_wolfSSL_PEM_bio_DSAKey),
@@ -69395,6 +89683,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free),
     TEST_DECL(test_wolfSSL_EVP_EncodeInit),
     TEST_DECL(test_wolfSSL_EVP_EncodeUpdate),
+    TEST_DECL(test_wolfSSL_EVP_CipherUpdate_Null),
     TEST_DECL(test_wolfSSL_EVP_EncodeFinal),
     TEST_DECL(test_wolfSSL_EVP_DecodeInit),
     TEST_DECL(test_wolfSSL_EVP_DecodeUpdate),
@@ -69411,6 +89700,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_EVP_MD_nid),
 
     TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex),
+    TEST_DECL(test_wolfSSL_EVP_DigestFinalXOF),
 #endif
 
     TEST_DECL(test_EVP_MD_do_all),
@@ -69479,7 +89769,8 @@ TEST_CASE testCases[] = {
 #endif
     TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams),
     TEST_DECL(test_wolfSSL_i2d_PrivateKey),
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \
+    !defined(NO_TLS)
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio),
 #endif /* !NO_BIO */
@@ -69532,6 +89823,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_configure_args),
     TEST_DECL(test_wolfSSL_sk_SSL_CIPHER),
     TEST_DECL(test_wolfSSL_set1_curves_list),
+    TEST_DECL(test_wolfSSL_curves_mismatch),
     TEST_DECL(test_wolfSSL_set1_sigalgs_list),
 
     TEST_DECL(test_wolfSSL_OtherName),
@@ -69540,9 +89832,13 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_TBS),
 
     TEST_DECL(test_wolfSSL_X509_STORE_CTX),
+    TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex),
     TEST_DECL(test_X509_STORE_untrusted),
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+    TEST_DECL(test_X509_STORE_InvalidCa),
+#endif
     TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup),
-    TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer),
+    TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer),
     TEST_DECL(test_wolfSSL_X509_STORE_set_flags),
     TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file),
     TEST_DECL(test_wolfSSL_X509_Name_canon),
@@ -69560,6 +89856,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_X509_STORE_get0_objects),
     TEST_DECL(test_wolfSSL_X509_load_crl_file),
     TEST_DECL(test_wolfSSL_X509_STORE_get1_certs),
+    TEST_DECL(test_wolfSSL_X509_STORE_set_get_crl),
     TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object),
     TEST_DECL(test_wolfSSL_X509_cmp_time),
     TEST_DECL(test_wolfSSL_X509_time_adj),
@@ -69592,25 +89889,43 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_set_notBefore),
     TEST_DECL(test_wolfSSL_X509_set_version),
     TEST_DECL(test_wolfSSL_X509_get_serialNumber),
+    TEST_DECL(test_wolfSSL_X509_ext_get_critical_by_NID),
+    TEST_DECL(test_wolfSSL_X509_CRL_distribution_points),
+    TEST_DECL(test_wolfSSL_X509_SEP),
     TEST_DECL(test_wolfSSL_X509_CRL),
     TEST_DECL(test_wolfSSL_i2d_X509),
-    TEST_DECL(test_wolfSSL_d2i_X509_REQ),
     TEST_DECL(test_wolfSSL_PEM_read_X509),
     TEST_DECL(test_wolfSSL_X509_check_ca),
     TEST_DECL(test_wolfSSL_X509_check_ip_asc),
+    TEST_DECL(test_wolfSSL_X509_bad_altname),
+    TEST_DECL(test_wolfSSL_X509_name_match),
+    TEST_DECL(test_wolfSSL_X509_name_match2),
+    TEST_DECL(test_wolfSSL_X509_name_match3),
+    TEST_DECL(test_wolfSSL_X509_max_altnames),
+    TEST_DECL(test_wolfSSL_X509_max_name_constraints),
     TEST_DECL(test_wolfSSL_make_cert),
 
+    /* X509 ACERT tests */
+    TEST_DECL(test_wolfSSL_X509_ACERT_verify),
+    TEST_DECL(test_wolfSSL_X509_ACERT_misc_api),
+    TEST_DECL(test_wolfSSL_X509_ACERT_buffer),
+    TEST_DECL(test_wolfSSL_X509_ACERT_new_and_sign),
+    TEST_DECL(test_wolfSSL_X509_ACERT_asn),
+
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_INFO_multiple_info),
     TEST_DECL(test_wolfSSL_X509_INFO),
     TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio),
+    TEST_DECL(test_wolfSSL_PEM_X509_INFO_read),
 #endif
 
 #ifdef OPENSSL_ALL
     TEST_DECL(test_wolfSSL_X509_PUBKEY_get),
+    TEST_DECL(test_wolfSSL_X509_set_pubkey),
 #endif
 
     TEST_DECL(test_wolfSSL_X509_CA_num),
+    TEST_DECL(test_x509_get_key_id),
     TEST_DECL(test_wolfSSL_X509_get_version),
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_print),
@@ -69623,13 +89938,21 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_get_ext_by_NID),
     TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name),
     TEST_DECL(test_wolfSSL_X509_get_ext_count),
+    TEST_DECL(test_wolfSSL_X509_set_ext),
+    TEST_DECL(test_wolfSSL_X509_add_ext),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_new),
+    TEST_DECL(test_wolfSSL_X509_EXTENSION_dup),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical),
+    TEST_DECL(test_wolfSSL_X509_EXTENSION_create_by_OBJ),
+    TEST_DECL(test_wolfSSL_X509V3_set_ctx),
     TEST_DECL(test_wolfSSL_X509V3_EXT_get),
     TEST_DECL(test_wolfSSL_X509V3_EXT_nconf),
     TEST_DECL(test_wolfSSL_X509V3_EXT),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_bc),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_san),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_aia),
     TEST_DECL(test_wolfSSL_X509V3_EXT_print),
     TEST_DECL(test_wolfSSL_X509_cmp),
 
@@ -69642,7 +89965,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_sk_X509_CRL),
 
     /* OpenSSL X509 REQ API test */
+    TEST_DECL(test_wolfSSL_d2i_X509_REQ),
     TEST_DECL(test_X509_REQ),
+    TEST_DECL(test_wolfSSL_X509_REQ_print),
 
     /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
     TEST_DECL(test_X509_STORE_No_SSL_CTX),
@@ -69722,9 +90047,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_BIO_get_len),
 #endif
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
     TEST_DECL(test_wolfSSL_check_domain),
-#endif
     TEST_DECL(test_wolfSSL_cert_cb),
     TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers),
     TEST_DECL(test_wolfSSL_ciphersuite_auth),
@@ -69750,6 +90073,8 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_OCSP_single_get0_status),
     TEST_DECL(test_wolfSSL_OCSP_resp_count),
     TEST_DECL(test_wolfSSL_OCSP_resp_get0),
+    TEST_DECL(test_wolfSSL_OCSP_parse_url),
+    TEST_DECL(test_wolfSSL_OCSP_REQ_CTX),
 
     TEST_DECL(test_wolfSSL_PEM_read),
 
@@ -69852,6 +90177,7 @@ TEST_CASE testCases[] = {
 
 #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
     TEST_DECL(test_wolfSSL_EC_GROUP),
+    TEST_DECL(test_wolfSSL_i2d_ECPKParameters),
     TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
     TEST_DECL(test_wolfSSL_EC_POINT),
     TEST_DECL(test_wolfSSL_SPAKE),
@@ -69871,7 +90197,9 @@ TEST_CASE testCases[] = {
 #endif
 
 #ifdef OPENSSL_EXTRA
+    TEST_DECL(test_EC25519),
     TEST_DECL(test_ED25519),
+    TEST_DECL(test_EC448),
     TEST_DECL(test_ED448),
 #endif
 
@@ -69903,9 +90231,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_CertManagerCRL),
     TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse),
     TEST_DECL(test_wolfSSL_CheckOCSPResponse),
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
-                           !defined(WOLFSSL_NO_CLIENT_AUTH))
+#ifdef HAVE_CERT_CHAIN_VALIDATION
     TEST_DECL(test_various_pathlen_chains),
 #endif
 
@@ -69914,12 +90240,13 @@ TEST_CASE testCases[] = {
      *********************************/
 
     TEST_DECL(test_wolfSSL_Method_Allocators),
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
     TEST_DECL(test_wolfSSL_CTX_new),
 #endif
     TEST_DECL(test_server_wolfSSL_new),
     TEST_DECL(test_client_wolfSSL_new),
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_TLS) && \
     (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
     TEST_DECL(test_for_double_Free),
 #endif
@@ -69942,6 +90269,10 @@ TEST_CASE testCases[] = {
 #endif
     TEST_DECL(test_wolfSSL_CTX_get_min_proto_version),
     TEST_DECL(test_wolfSSL_security_level),
+    TEST_DECL(test_wolfSSL_crypto_policy),
+    TEST_DECL(test_wolfSSL_crypto_policy_certs_and_keys),
+    TEST_DECL(test_wolfSSL_crypto_policy_tls_methods),
+    TEST_DECL(test_wolfSSL_crypto_policy_ciphers),
     TEST_DECL(test_wolfSSL_SSL_in_init),
     TEST_DECL(test_wolfSSL_CTX_set_timeout),
     TEST_DECL(test_wolfSSL_set_psk_use_session_callback),
@@ -69983,22 +90314,31 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_SSL_CIPHER_get_xxx),
     TEST_DECL(test_wolfSSL_ERR_strings),
     TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes),
+    TEST_DECL(test_wolfSSL_CTX_use_certificate),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),
+    TEST_DECL(test_wolfSSL_use_certificate_buffer),
     TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),
+    TEST_DECL(test_wolfSSL_CTX_use_RSAPrivateKey_file),
+    TEST_DECL(test_wolfSSL_use_RSAPrivateKey_file),
+    TEST_DECL(test_wolfSSL_CTX_use_PrivateKey),
     TEST_DECL(test_wolfSSL_CTX_load_verify_locations),
     /* Large number of memory allocations. */
     TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs),
 
+#ifdef HAVE_CERT_CHAIN_VALIDATION
     TEST_DECL(test_wolfSSL_CertRsaPss),
+#endif
     TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex),
     TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex),
     TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format),
     TEST_DECL(test_wolfSSL_CTX_add1_chain_cert),
+    TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format),
     TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format),
+    TEST_DECL(test_wolfSSL_use_certificate_chain_file),
     TEST_DECL(test_wolfSSL_CTX_trust_peer_cert),
     TEST_DECL(test_wolfSSL_CTX_LoadCRL),
-    TEST_DECL(test_multiple_crls_same_issuer),
+    TEST_DECL(test_wolfSSL_crl_update_cb),
     TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file),
     TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer),
     TEST_DECL(test_wolfSSL_CTX_SetMinMaxDhKey_Sz),
@@ -70020,6 +90360,7 @@ TEST_CASE testCases[] = {
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
     TEST_DECL(test_wolfSSL_read_write),
+    TEST_DECL(test_wolfSSL_read_write_ex),
     /* Can't memory test as server hangs if client fails before second connect.
      */
     TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj),
@@ -70041,6 +90382,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_a2i_IPADDRESS),
     TEST_DECL(test_wolfSSL_BUF),
     TEST_DECL(test_wolfSSL_set_tlsext_status_type),
+    TEST_DECL(test_wolfSSL_get_client_ciphers),
     /* Can't memory test as server hangs. */
     TEST_DECL(test_wolfSSL_CTX_set_client_CA_list),
     TEST_DECL(test_wolfSSL_CTX_add_client_CA),
@@ -70052,6 +90394,7 @@ TEST_CASE testCases[] = {
     /* Can't memory test as server hangs. */
     TEST_DECL(test_wolfSSL_Tls13_Key_Logging_test),
     TEST_DECL(test_wolfSSL_Tls13_postauth),
+    TEST_DECL(test_wolfSSL_set_ecdh_auto),
     TEST_DECL(test_wolfSSL_CTX_set_ecdh_auto),
     TEST_DECL(test_wolfSSL_set_minmax_proto_version),
     TEST_DECL(test_wolfSSL_CTX_set_max_proto_version),
@@ -70098,6 +90441,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_UseOCSPStapling),
     TEST_DECL(test_wolfSSL_UseOCSPStaplingV2),
     TEST_DECL(test_self_signed_stapling),
+    TEST_DECL(test_ocsp_callback_fails),
 
     /* Multicast */
     TEST_DECL(test_wolfSSL_mcast),
@@ -70125,6 +90469,8 @@ TEST_CASE testCases[] = {
     /* Can't memory test as server Asserts in thread. */
     TEST_DECL(test_wolfSSL_BIO_accept),
     TEST_DECL(test_wolfSSL_BIO_tls),
+    TEST_DECL(test_wolfSSL_BIO_s_null),
+    TEST_DECL(test_wolfSSL_BIO_datagram),
 #endif
 
 #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12)
@@ -70172,9 +90518,12 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_ticket_nonce_malloc),
 #endif
     TEST_DECL(test_ticket_ret_create),
+    TEST_DECL(test_wrong_cs_downgrade),
     TEST_DECL(test_extra_alerts_wrong_cs),
     TEST_DECL(test_extra_alerts_skip_hs),
     TEST_DECL(test_extra_alerts_bad_psk),
+    TEST_DECL(test_multiple_alerts_EAGAIN),
+    TEST_DECL(test_tls13_bad_psk_binder),
     /* Can't memory test as client/server Asserts. */
     TEST_DECL(test_harden_no_secure_renegotiation),
     TEST_DECL(test_override_alt_cert_chain),
@@ -70188,6 +90537,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls_ipv6_check),
     TEST_DECL(test_wolfSSL_SCR_after_resumption),
     TEST_DECL(test_dtls_no_extensions),
+    TEST_DECL(test_tls_alert_no_server_hello),
     TEST_DECL(test_TLSX_CA_NAMES_bad_extension),
     TEST_DECL(test_dtls_1_0_hvr_downgrade),
     TEST_DECL(test_session_ticket_no_id),
@@ -70197,13 +90547,33 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls_client_hello_timeout_downgrade),
     TEST_DECL(test_dtls_client_hello_timeout),
     TEST_DECL(test_dtls_dropped_ccs),
+    TEST_DECL(test_dtls_seq_num_downgrade),
     TEST_DECL(test_certreq_sighash_algos),
     TEST_DECL(test_revoked_loaded_int_cert),
     TEST_DECL(test_dtls_frag_ch),
     TEST_DECL(test_dtls13_frag_ch_pq),
     TEST_DECL(test_dtls_empty_keyshare_with_cookie),
+    TEST_DECL(test_dtls_old_seq_number),
+    TEST_DECL(test_dtls12_basic_connection_id),
+    TEST_DECL(test_dtls13_basic_connection_id),
+    TEST_DECL(test_dtls12_missing_finished),
+    TEST_DECL(test_dtls13_missing_finished_client),
+    TEST_DECL(test_dtls13_missing_finished_server),
     TEST_DECL(test_tls13_pq_groups),
-    TEST_DECL(test_dtls13_early_data),
+    TEST_DECL(test_tls13_early_data),
+    TEST_DECL(test_tls_multi_handshakes_one_record),
+    TEST_DECL(test_write_dup),
+    TEST_DECL(test_read_write_hs),
+    TEST_DECL(test_get_signature_nid),
+    TEST_DECL(test_tls_cert_store_unchanged),
+    TEST_DECL(test_wolfSSL_SendUserCanceled),
+    TEST_DECL(test_wolfSSL_SSLDisableRead),
+    TEST_DECL(test_wolfSSL_inject),
+    TEST_DECL(test_wolfSSL_dtls_cid_parse),
+    TEST_DECL(test_ocsp_status_callback),
+    TEST_DECL(test_ocsp_basic_verify),
+    TEST_DECL(test_ocsp_response_parsing),
+    TEST_DECL(test_ocsp_certid_enc_dec),
     /* This test needs to stay at the end to clean up any caches allocated. */
     TEST_DECL(test_wolfSSL_Cleanup)
 };
@@ -70254,6 +90624,32 @@ int ApiTest_RunIdx(int idx)
     return 0;
 }
 
+/* Add test cases with part of the name to the list to run.
+ *
+ * @param [in]  name  Part of the name of test cases to run.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when name is not a known test case name.
+ */
+int ApiTest_RunPartName(char* name)
+{
+    int i;
+    int cnt = 0;
+
+    for (i = 0; i < TEST_CASE_CNT; i++) {
+        if (XSTRSTR(testCases[i].name, name) != NULL) {
+            cnt++;
+            testAll = 0;
+            testCases[i].run = 1;
+        }
+    }
+    if (cnt > 0)
+        return 0;
+
+    printf("Not found a test case with: %s\n", name);
+    printf("Use --list to see all test case names.\n");
+    return BAD_FUNC_ARG;
+}
+
 /* Add test case with name to the list to run.
  *
  * @param [in]  name  Name of test case to run.
@@ -70303,14 +90699,19 @@ static const char* apitest_res_string(int res)
 
 #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
 static double gettime_secs(void)
-    #if defined(_MSC_VER) && defined(_WIN32)
+    #if defined(_WIN32) && (defined(_MSC_VER) || defined(__WATCOMC__))
     {
         /* there's no gettimeofday for Windows, so we'll use system time */
         #define EPOCH_DIFF 11644473600LL
         FILETIME currentFileTime;
-        GetSystemTimePreciseAsFileTime(&currentFileTime);
-
         ULARGE_INTEGER uli = { 0, 0 };
+
+    #if defined(__WATCOMC__)
+        GetSystemTimeAsFileTime(&currentFileTime);
+    #else
+        GetSystemTimePreciseAsFileTime(&currentFileTime);
+    #endif
+
         uli.LowPart = currentFileTime.dwLowDateTime;
         uli.HighPart = currentFileTime.dwHighDateTime;
 
diff --git a/tests/api/api.h b/tests/api/api.h
new file mode 100644
index 000000000..af310d71f
--- /dev/null
+++ b/tests/api/api.h
@@ -0,0 +1,68 @@
+/* api.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_API_H
+#define WOLFCRYPT_TEST_API_H
+
+
+#ifndef HEAP_HINT
+    #define HEAP_HINT NULL
+#endif
+
+
+#define TEST_STRING    "Everyone gets Friday off."
+#define TEST_STRING_SZ 25
+
+
+/* Returns the result based on whether check is true.
+ *
+ * @param [in] check  Condition for success.
+ * @return  When condition is true: TEST_SUCCESS.
+ * @return  When condition is false: TEST_FAIL.
+ */
+#ifdef DEBUG_WOLFSSL_VERBOSE
+#define XSTRINGIFY(s) STRINGIFY(s)
+#define STRINGIFY(s)  #s
+#define TEST_RES_CHECK(check) ({ \
+    int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \
+    if (_ret == TEST_FAIL) { \
+        fprintf(stderr, " check \"%s\" at %d ", \
+            XSTRINGIFY(check), __LINE__); \
+    } \
+    _ret; })
+#else
+#define TEST_RES_CHECK(check) \
+    ((check) ? TEST_SUCCESS : TEST_FAIL)
+#endif /* DEBUG_WOLFSSL_VERBOSE */
+
+
+typedef struct testVector {
+    const char* input;
+    const char* output;
+    size_t inLen;
+    size_t outLen;
+} testVector;
+
+
+extern int testDevId;
+
+#endif /* WOLFCRYPT_TEST_API_H */
+
diff --git a/tests/api/create_ocsp_test_blobs.py b/tests/api/create_ocsp_test_blobs.py
new file mode 100644
index 000000000..a887efe42
--- /dev/null
+++ b/tests/api/create_ocsp_test_blobs.py
@@ -0,0 +1,453 @@
+#!/usr/bin/env python3
+"""
+    This is a simple generator of OCSP responses that will be used to test
+    wolfSSL OCSP implementation
+"""
+from pyasn1_modules import rfc6960
+from pyasn1.codec.der.encoder import encode
+from pyasn1.codec.der.decoder import decode
+from pyasn1.type import univ, tag, useful, namedtype
+from base64 import b64decode
+from hashlib import sha1, sha256
+from datetime import datetime
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import rsa, padding
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+
+WOLFSSL_OCSP_CERT_PATH = './certs/ocsp/'
+
+def response_status(value: int) -> rfc6960.OCSPResponseStatus:
+    return rfc6960.OCSPResponseStatus(value)
+
+def response_type() -> univ.ObjectIdentifier:
+    return rfc6960.id_pkix_ocsp_basic
+
+sha256WithRSAEncryption = (1, 2, 840, 113549, 1, 1, 11)
+sha1_alg_id = (1, 3, 14, 3, 2, 26)
+def cert_id_sha1_alg_id() -> rfc6960.AlgorithmIdentifier:
+    return algorithm(sha1_alg_id)
+
+def signature_algorithm() -> rfc6960.AlgorithmIdentifier:
+    return algorithm(sha256WithRSAEncryption)
+
+def algorithm(value) -> rfc6960.AlgorithmIdentifier:
+    ai = rfc6960.AlgorithmIdentifier()
+    ai['algorithm'] = univ.ObjectIdentifier(value=value)
+    return ai
+
+def cert_pem_to_der(cert_path: str) -> bytes:
+    beg_cert = '-----BEGIN CERTIFICATE-----'
+    end_cert = '-----END CERTIFICATE-----'
+    with open(cert_path, 'r') as f:
+        pem = f.read()
+    cert = pem.split(beg_cert)[1].split(end_cert)[0]
+    return b64decode(cert)
+
+def certs(cert_path: list[str]) -> univ.SequenceOf | None:
+    if len(cert_path) == 0:
+        return None
+    certs = rfc6960.BasicOCSPResponse()['certs']
+    for cp in cert_path:
+        cert_der = cert_pem_to_der(cp)
+        cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+        certs.append(cert)
+    return certs
+
+def signature(bitstr: str) -> univ.BitString:
+    return univ.BitString(hexValue=bitstr)
+
+def resp_id_by_name(cert_path: str) -> rfc6960.ResponderID:
+    cert_der = cert_pem_to_der(cert_path)
+    cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+    subj = cert['tbsCertificate']['subject']
+    rid = rfc6960.ResponderID()
+    rdi_name = rid['byName']
+    rdi_name['rdnSequence'] = subj['rdnSequence']
+    return rid
+
+def resp_id_by_key(cert_path: str) -> rfc6960.ResponderID:
+    cert_der = cert_pem_to_der(cert_path)
+    cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+    key = get_key(cert)
+    key_hash = sha1(key.asOctets()).digest()
+    rid = rfc6960.ResponderID()
+    rid['byKey'] = rfc6960.KeyHash(value=key_hash).subtype(explicitTag=
+                                                           tag.Tag(
+                                                           tag.tagClassContext,
+                                                           tag.tagFormatSimple,
+                                                           2))
+    return rid
+
+def get_key(cert: rfc6960.Certificate) -> univ.BitString:
+    return cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']
+
+def get_name(cert: rfc6960.Certificate) -> rfc6960.Name:
+    return cert['tbsCertificate']['subject']
+
+def cert_id_from_hash(issuer_name_hash: bytes, issuer_key_hash: bytes,
+                      serial: int) -> rfc6960.CertID:
+    cert_id = rfc6960.CertID()
+    cert_id['hashAlgorithm'] = cert_id_sha1_alg_id()
+    cert_id['issuerNameHash'] = univ.OctetString(value=issuer_name_hash)
+    cert_id['issuerKeyHash'] = univ.OctetString(value=issuer_key_hash)
+    cert_id['serialNumber'] = rfc6960.CertificateSerialNumber(serial)
+    return cert_id
+
+def cert_id(issuer_cert_path: str, serial: int) -> rfc6960.CertID:
+    issuer_cert = cert_pem_to_der(issuer_cert_path)
+    issuer, _ = decode(bytes(issuer_cert), asn1Spec=rfc6960.Certificate())
+    issuer_name = get_name(issuer)
+    issuer_key = get_key(issuer)
+    issuer_name_hash = sha1(encode(issuer_name)).digest()
+    issuer_key_hash = sha1(issuer_key.asOctets()).digest()
+    cert_id = rfc6960.CertID()
+    cert_id['hashAlgorithm'] = cert_id_sha1_alg_id()
+    cert_id['issuerNameHash'] = univ.OctetString(value=issuer_name_hash)
+    cert_id['issuerKeyHash'] = univ.OctetString(value=issuer_key_hash)
+    cert_id['serialNumber'] = rfc6960.CertificateSerialNumber(serial)
+
+    return cert_id
+
+CERT_GOOD = 0
+CERT_REVOKED = 1
+CERT_UNKNOWN = 2
+def cert_status(value: int) -> rfc6960.CertStatus:
+    cs = rfc6960.CertStatus()
+
+    if value == CERT_GOOD:
+        good = univ.Null('').subtype(implicitTag=tag.Tag(tag.tagClassContext,
+                                                         tag.tagFormatSimple,
+                                                         0))
+        cs['good'] = good
+    elif value == CERT_REVOKED:
+        revoked = rfc6960.RevokedInfo().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 1))
+        revoked['revocationTime'] = useful.GeneralizedTime().fromDateTime(
+            datetime.now())
+        cs['revoked'] = revoked
+
+    return cs
+
+def single_response(issuer_cert_path: str, serial: int,
+                    status: int) -> rfc6960.SingleResponse:
+    cid = cert_id(issuer_cert_path, serial)
+    cs = cert_status(status)
+    sr = rfc6960.SingleResponse().clone()
+    sr.setComponentByName('certID', cid)
+    sr['certStatus'] = cs
+    sr['thisUpdate'] = useful.GeneralizedTime().fromDateTime(datetime.now())
+    return sr
+
+def response_data(rid: rfc6960.ResponderID | None,
+                  responses: list[rfc6960.SingleResponse]) -> rfc6960.ResponseData:
+    rd = rfc6960.ResponseData()
+    rd['version'] = rfc6960.Version('v1').subtype(explicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 0))
+    if rid:
+        rd['responderID'] = rid
+    rd['producedAt'] = useful.GeneralizedTime().fromDateTime(datetime.now())
+    rs = univ.SequenceOf(componentType=rfc6960.SingleResponse())
+    rs.extend(responses)
+    rd['responses'] = rs
+    return rd
+
+def read_key_der_from_pem(key_path: str) -> bytes:
+    with open(key_path, 'r') as f:
+        pem = f.readlines()
+    pem_start = [i for i, line in enumerate(pem) if '-----BEGIN' in line][0]
+    pem_end = [i for i, line in enumerate(pem) if '-----END' in line][0]
+    key = ''.join(pem[pem_start+1:pem_end])
+    return b64decode(key)
+
+def basic_ocsp_response(rd: rfc6960.ResponseData, sig_alg:
+                        rfc6960.AlgorithmIdentifier, sig: univ.BitString,
+                        certs: univ.SequenceOf|None = None) -> rfc6960.BasicOCSPResponse:
+    br = rfc6960.BasicOCSPResponse()
+
+    br['tbsResponseData'] = rd
+    br['signatureAlgorithm'] = sig_alg
+    br['signature'] = sig
+    if certs is not None:
+        br['certs'] = certs
+    return br
+
+def response_bytes(br: rfc6960.BasicOCSPResponse) -> rfc6960.ResponseBytes:
+    rb = rfc6960.ResponseBytes().subtype(explicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatConstructed, 0))
+    rb['responseType'] = response_type()
+    rb['response'] = encode(br)
+    return rb
+
+def ocsp_response(status: rfc6960.OCSPResponseStatus,
+                  response_bytes: rfc6960.ResponseBytes) -> rfc6960.OCSPResponse:
+    orsp = rfc6960.OCSPResponse()
+    orsp['responseStatus'] = status
+    orsp['responseBytes'] = response_bytes
+    return orsp
+
+def get_priv_key(pem_path) -> rsa.RSAPrivateKey:
+    key_der = read_key_der_from_pem(pem_path)
+    private_key = serialization.load_der_private_key(
+        key_der,
+        password=None,
+    )
+    return private_key
+
+def sign_repsonse_data(rd: rfc6960.ResponseData,
+                       key: rsa.RSAPrivateKey) -> univ.BitString:
+    sig = key.sign(encode(rd), padding.PKCS1v15(), hashes.SHA256())
+    return univ.BitString(hexValue=sig.hex())
+
+def get_pub_key(cert_path: str) -> rsa.RSAPublicKey:
+    with open(cert_path, 'rb') as f:
+        cert = f.read()
+    cert = x509.load_pem_x509_certificate(cert, default_backend())
+    return cert.public_key()
+
+def test_signature(ocsp_resp_path: str, key: rsa.RSAPublicKey):
+    with open(ocsp_resp_path, 'rb') as f:
+        ocsp_resp = f.read()
+    ocsp_resp, _ = decode(ocsp_resp, asn1Spec=rfc6960.OCSPResponse())
+    response = ocsp_resp.getComponentByName(
+        'responseBytes').getComponentByName('response')
+    br, _ = decode(response, asn1Spec=rfc6960.BasicOCSPResponse())
+    rd = br.getComponentByName('tbsResponseData')
+    rd_hash = sha256(encode(rd)).digest()
+    di = rfc8017.DigestInfo()
+    di['digestAlgorithm'] = signature_algorithm()
+    di['digest'] = univ.OctetString(rd_hash)
+    sig = br.getComponentByName('signature')
+    key.verify(sig.asOctets(), encode(rd), padding.PKCS1v15(), hashes.SHA256())
+
+def single_response_from_cert(cert_path: str,
+                              status: int) -> rfc6960.SingleResponse:
+    cert_der = cert_pem_to_der(cert_path)
+    cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+    serial = cert['tbsCertificate']['serialNumber']
+    issuer = cert['tbsCertificate']['issuer']
+    serialHash = sha1(serial.asOctets()).digest()
+    issuerHash = sha1(encode(issuer)).digest()
+    cid = cert_id_from_hash(issuerHash, serialHash, serial)
+    cs = cert_status(status)
+    sr = rfc6960.SingleResponse().clone()
+    sr.setComponentByName('certID', cid)
+    sr['certStatus'] = cs
+    sr['thisUpdate'] = useful.GeneralizedTime().fromDateTime(datetime.now())
+    return sr
+
+RESPONSE_STATUS_GOOD = 0
+
+def write_buffer(name: str, data: bytes, f):
+    f.write(f"unsigned char {name}[] = {{\n")
+    for i in range(0, len(data), 12):
+        f.write("    " + ", ".join(f"0x{b:02x}" for b in data[i:i+12]) + ",\n")
+    f.write("};\n\n")
+
+def create_response(rd: dict) -> rfc6960.OCSPResponse:
+    """create a response using definition in rd"""
+    cs = response_status(rd.get('response_status', RESPONSE_STATUS_GOOD))
+    sa = rd.get('signature_algorithm', signature_algorithm())
+    c = certs(rd.get('certs_path', []))
+    rid = None
+    if rd.get('responder_by_name') is not None:
+        rid = resp_id_by_name(
+            rd.get(
+                'responder_cert', WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'))
+    elif rd.get('responder_by_key', None) is not None:
+        rid = resp_id_by_key(
+            rd.get('responder_cert', WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'))
+    # implement responder byhash
+    responses = []
+    for entry in rd.get('responses', []):
+        if entry.get('certificate'):
+            sr = single_response_from_cert(entry['certificate'], entry['status'])
+        else:
+            sr = single_response(entry['issuer_cert'], entry['serial'], entry['status'])
+        responses.append(sr)
+    rd_data = response_data(rid, responses)
+    k = get_priv_key(rd.get('responder_key', WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem'))
+    s = sign_repsonse_data(rd_data, k)
+    br = basic_ocsp_response(rd_data, sa, s, c)
+    rb = response_bytes(br)
+    ocspr = ocsp_response(cs, rb)
+    return ocspr
+
+def create_and_write_response(rd: dict, f):
+    ocspr = create_response(rd)
+    encoded_response = encode(ocspr)
+    write_buffer(rd['name'].replace('-', '_').replace('.', '_'), encoded_response, f)
+
+def add_certificate(cert_path: str, f):
+    cert_der = cert_pem_to_der(cert_path)
+    write_buffer(cert_path.split('/')[-1].replace('-', '_').replace('.', '_'), cert_der, f)
+
+class badOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('responseBytes', rfc6960.ResponseBytes().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+def create_bad_response(rd: dict) -> bytes:
+    """Creates a malformed OCSP response by removing the response status field"""
+    r = create_response(rd)
+    br = badOCSPResponse()
+    br['responseBytes'] = r['responseBytes']
+    return encode(br)
+
+if __name__ == '__main__':
+    useful.GeneralizedTime._hasSubsecond = False
+    response_definitions = [
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'certs_path': [WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'],
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem',
+            'name': 'resp'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'certs_path': [WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'],
+            'responder_by_key': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem',
+            'name': 'resp_rid_bykey',
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem',
+            'name': 'resp_nocert'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                },
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x02,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
+            'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+            'name': 'resp_multi'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                },
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
+            'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+            'name': 'resp_bad_noauth'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                },
+            ],
+            # unrelated cert
+            'certs_path' : [WOLFSSL_OCSP_CERT_PATH + 'intermediate2-ca-cert.pem'],
+            'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
+            'name': 'resp_bad_embedded_cert'
+        },
+    ]
+
+    with open('./tests/api/test_ocsp_test_blobs.h', 'w') as f:
+        f.write(
+"""/*
+* This file is generated automatically by running ./tests/api/create_ocsp_test_blobs.py.
+*
+* ocsp_test_blobs.h
+*
+* Copyright (C) 2006-2025 wolfSSL Inc.
+*
+* This file is part of wolfSSL.
+*
+* wolfSSL is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* wolfSSL is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+*
+*/
+""")
+        f.write("#ifndef OCSP_TEST_BLOBS_H\n")
+        f.write("#define OCSP_TEST_BLOBS_H\n\n")
+        for rd in response_definitions:
+            create_and_write_response(rd, f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + '../server-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + 'intermediate1-ca-cert.pem', f)
+        br = create_bad_response({
+            'response_status': 0,
+            'responder_by_key': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'name': 'resp_bad'
+        })
+        write_buffer('resp_bad', br, f)
+        f.write("#endif /* OCSP_TEST_BLOBS_H */\n")
diff --git a/tests/api/include.am b/tests/api/include.am
new file mode 100644
index 000000000..a27e8543b
--- /dev/null
+++ b/tests/api/include.am
@@ -0,0 +1,71 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the
+
+if BUILD_TESTS
+# Digests
+tests_unit_test_SOURCES += tests/api/test_md5.c
+tests_unit_test_SOURCES += tests/api/test_sha.c
+tests_unit_test_SOURCES += tests/api/test_sha256.c
+tests_unit_test_SOURCES += tests/api/test_sha512.c
+tests_unit_test_SOURCES += tests/api/test_sha3.c
+tests_unit_test_SOURCES += tests/api/test_blake2.c
+tests_unit_test_SOURCES += tests/api/test_sm3.c
+tests_unit_test_SOURCES += tests/api/test_ripemd.c
+tests_unit_test_SOURCES += tests/api/test_hash.c
+# MAC
+tests_unit_test_SOURCES += tests/api/test_hmac.c
+tests_unit_test_SOURCES += tests/api/test_cmac.c
+# Cipher
+tests_unit_test_SOURCES += tests/api/test_des3.c
+tests_unit_test_SOURCES += tests/api/test_chacha.c
+tests_unit_test_SOURCES += tests/api/test_poly1305.c
+tests_unit_test_SOURCES += tests/api/test_chacha20_poly1305.c
+tests_unit_test_SOURCES += tests/api/test_camellia.c
+tests_unit_test_SOURCES += tests/api/test_arc4.c
+tests_unit_test_SOURCES += tests/api/test_rc2.c
+tests_unit_test_SOURCES += tests/api/test_aes.c
+tests_unit_test_SOURCES += tests/api/test_ascon.c
+tests_unit_test_SOURCES += tests/api/test_sm4.c
+tests_unit_test_SOURCES += tests/api/test_wc_encrypt.c
+# Signature Algorithm
+tests_unit_test_SOURCES += tests/api/test_mlkem.c
+# TLS Protocol
+tests_unit_test_SOURCES += tests/api/test_dtls.c
+# TLS Feature
+tests_unit_test_SOURCES += tests/api/test_ocsp.c
+tests_unit_test_SOURCES += tests/api/test_evp.c
+endif
+
+EXTRA_DIST += tests/api/api.h
+EXTRA_DIST += tests/api/test_md5.h
+EXTRA_DIST += tests/api/test_sha.h
+EXTRA_DIST += tests/api/test_sha256.h
+EXTRA_DIST += tests/api/test_sha512.h
+EXTRA_DIST += tests/api/test_sha3.h
+EXTRA_DIST += tests/api/test_blake2.h
+EXTRA_DIST += tests/api/test_sm3.h
+EXTRA_DIST += tests/api/test_ripemd.h
+EXTRA_DIST += tests/api/test_digest.h
+EXTRA_DIST += tests/api/test_hash.h
+EXTRA_DIST += tests/api/test_hmac.h
+EXTRA_DIST += tests/api/test_cmac.h
+EXTRA_DIST += tests/api/test_des3.h
+EXTRA_DIST += tests/api/test_chacha.h
+EXTRA_DIST += tests/api/test_poly1305.h
+EXTRA_DIST += tests/api/test_chacha20_poly1305.h
+EXTRA_DIST += tests/api/test_camellia.h
+EXTRA_DIST += tests/api/test_arc4.h
+EXTRA_DIST += tests/api/test_rc2.h
+EXTRA_DIST += tests/api/test_aes.h
+EXTRA_DIST += tests/api/test_ascon.h
+EXTRA_DIST += tests/api/test_sm4.h
+EXTRA_DIST += tests/api/test_ascon_kats.h
+EXTRA_DIST += tests/api/test_wc_encrypt.h
+EXTRA_DIST += tests/api/test_mlkem.h
+EXTRA_DIST += tests/api/test_dtls.h
+EXTRA_DIST += tests/api/test_ocsp.h
+EXTRA_DIST += tests/api/test_ocsp_test_blobs.h
+EXTRA_DIST += tests/api/create_ocsp_test_blobs.py
+EXTRA_DIST += tests/api/test_evp.h
+
diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c
new file mode 100644
index 000000000..878d721be
--- /dev/null
+++ b/tests/api/test_aes.c
@@ -0,0 +1,2685 @@
+/* test_aes.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_aes.h>
+
+/*******************************************************************************
+ * AES
+ ******************************************************************************/
+
+/*
+ * Testing function for wc_AesSetKey().
+ */
+int test_wc_AesSetKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_AES
+    Aes  aes;
+    byte key16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+    byte badKey16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
+    };
+    byte iv[] = "1234567890abcdef";
+
+    XMEMSET(&aes, 0, sizeof(Aes));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte),
+        iv, AES_ENCRYPTION), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte),
+        iv, AES_ENCRYPTION), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte),
+        iv, AES_ENCRYPTION), 0);
+#endif
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte),
+        iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesSetKey(&aes, badKey16,
+        (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesSetKey */
+
+/*
+ * Testing function for wc_AesSetIV
+ */
+int test_wc_AesSetIV(void)
+{
+    int res = TEST_SKIPPED;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    Aes     aes;
+    int     ret = 0;
+    byte    key16[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte    iv1[]    = "1234567890abcdef";
+    byte    iv2[]    = "0987654321fedcba";
+
+    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
+                                                     iv1, AES_ENCRYPTION);
+    if (ret == 0) {
+        ret = wc_AesSetIV(&aes, iv2);
+    }
+    /* Test bad args. */
+    if (ret == 0) {
+        ret = wc_AesSetIV(NULL, iv1);
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+            /* NULL iv should return 0. */
+            ret = wc_AesSetIV(&aes, NULL);
+        }
+        else {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+
+    wc_AesFree(&aes);
+
+    res = TEST_RES_CHECK(ret == 0);
+#endif
+    return res;
+} /* test_wc_AesSetIV */
+
+/*******************************************************************************
+ * AES-CBC
+ ******************************************************************************/
+
+/*
+ * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
+ * and wc_AesCbcDecryptWithKey()
+ */
+int test_wc_AesCbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
+    defined(WOLFSSL_AES_256)
+    Aes  aes;
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte vector[] = { /* Now is the time for all good men w/o trailing 0 */
+        0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
+        0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20,
+        0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e
+    };
+    byte    iv[]   = "1234567890abcdef";
+    byte    enc[sizeof(vector)];
+    byte    dec[sizeof(vector)];
+    byte    dec2[sizeof(vector)];
+
+    /* Init stack variables. */
+    XMEMSET(&aes, 0, sizeof(Aes));
+    XMEMSET(enc, 0, sizeof(enc));
+    XMEMSET(dec, 0, sizeof(vector));
+    XMEMSET(dec2, 0, sizeof(vector));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_ENCRYPTION), 0);
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0);
+
+    /* Re init for decrypt and set flag. */
+    ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_DECRYPTION), 0);
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0);
+    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
+
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, key32,
+        sizeof(key32)/sizeof(byte), iv), 0);
+    ExpectIntEQ(XMEMCMP(vector, dec2, WC_AES_BLOCK_SIZE), 0);
+
+    /* Pass in bad args */
+    ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1),
+        WC_NO_ERR_TRACE(BAD_LENGTH_E));
+#endif
+#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
+    fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS "
+                    "mode (v2), skip test");
+#else
+    /* Test passing in size of 0  */
+    XMEMSET(enc, 0, sizeof(enc));
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0);
+    /* Check enc was not modified */
+    {
+        int i;
+        for (i = 0; i < (int)sizeof(enc); i++)
+            ExpectIntEQ(enc[i], 0);
+    }
+#endif
+
+    ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1),
+        WC_NO_ERR_TRACE(BAD_LENGTH_E));
+#else
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    /* Test passing in size of 0  */
+    XMEMSET(dec, 0, sizeof(dec));
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0);
+    /* Check dec was not modified */
+    {
+        int i;
+        for (i = 0; i < (int)sizeof(dec); i++)
+            ExpectIntEQ(dec[i], 0);
+    }
+
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, WC_AES_BLOCK_SIZE,
+        key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, WC_AES_BLOCK_SIZE,
+        key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE,
+        NULL, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE,
+        key32, sizeof(key32)/sizeof(byte), NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesCbcEncryptDecrypt */
+
+/*******************************************************************************
+ * AES-CTR
+ ******************************************************************************/
+
+/*
+ * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
+ */
+int test_wc_AesCtrEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
+    Aes aesEnc;
+    Aes aesDec;
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte vector[] = { /* Now is the time for all w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    byte iv[] = "1234567890abcdef";
+    byte enc[WC_AES_BLOCK_SIZE * 2];
+    byte dec[WC_AES_BLOCK_SIZE * 2];
+
+    /* Init stack variables. */
+    XMEMSET(&aesEnc, 0, sizeof(Aes));
+    XMEMSET(&aesDec, 0, sizeof(Aes));
+    XMEMSET(enc, 0, WC_AES_BLOCK_SIZE * 2);
+    XMEMSET(dec, 0, WC_AES_BLOCK_SIZE * 2);
+
+    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_ENCRYPTION), 0);
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector,
+        sizeof(vector)/sizeof(byte)), 0);
+    /* Decrypt with wc_AesCtrEncrypt() */
+    ExpectIntEQ(wc_AesSetKey(&aesDec, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_ENCRYPTION), 0);
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)),
+        0);
+    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aesEnc);
+    wc_AesFree(&aesDec);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesCtrEncryptDecrypt */
+
+/*******************************************************************************
+ * AES-GCM
+ ******************************************************************************/
+
+/*
+ * test function for wc_AesGcmSetKey()
+ */
+int test_wc_AesGcmSetKey(void)
+{
+    EXPECT_DECLS;
+#if  !defined(NO_AES) && defined(HAVE_AESGCM)
+    Aes aes;
+#ifdef WOLFSSL_AES_128
+    byte key16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+    byte badKey16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
+    };
+    byte badKey24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
+    };
+    byte badKey32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
+    };
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
+#endif
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesGcmSetKey */
+
+/*
+ * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
+ */
+int test_wc_AesGcmEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+    /* WOLFSSL_AFALG requires 12 byte IV */
+#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
+    !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
+    Aes  aes;
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte vector[] = { /* Now is the time for all w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    const byte a[] = {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    byte iv[] = "1234567890a";
+    byte longIV[] = "1234567890abcdefghij";
+    byte enc[sizeof(vector)];
+    byte resultT[WC_AES_BLOCK_SIZE];
+    byte dec[sizeof(vector)];
+
+    /* Init stack variables. */
+    XMEMSET(&aes, 0, sizeof(Aes));
+    XMEMSET(enc, 0, sizeof(vector));
+    XMEMSET(dec, 0, sizeof(vector));
+    XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE);
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
+    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
+
+    /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
+    ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+        (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
+        defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
+        /* FIPS does not check the lower bound of ivSz */
+#else
+        ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0,
+            resultT, sizeof(resultT), a, sizeof(a)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    /* This case is now considered good. Long IVs are now allowed.
+     * Except for the original FIPS release, it still has an upper
+     * bound on the IV length. */
+#if (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
+    !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
+        sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        0);
+#else
+    (void)longIV;
+#endif /* Old FIPS */
+    /* END wc_AesGcmEncrypt */
+
+#ifdef HAVE_AES_DECRYPT
+    ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM))
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
+    #else
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+    #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+            (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
+            !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
+            /* FIPS does not check the lower bound of ivSz */
+    #else
+        ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
+            iv, 0, resultT, sizeof(resultT), a, sizeof(a)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+#endif /* HAVE_AES_DECRYPT */
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_AesGcmEncryptDecrypt */
+
+/*
+ * test function for mixed (one-shot encryption + stream decryption) AES GCM
+ * using a long IV (older FIPS does NOT support long IVs).  Relates to zd15423
+ */
+int test_wc_AesGcmMixedEncDecLongIV(void)
+{
+    EXPECT_DECLS;
+#if  (!defined(HAVE_FIPS) || \
+      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
+     !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
+    const byte key[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    const byte in[] = {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    const byte aad[] = {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    Aes aesEnc;
+    Aes aesDec;
+    byte iv[] = "1234567890abcdefghij";
+    byte out[sizeof(in)];
+    byte plain[sizeof(in)];
+    byte tag[WC_AES_BLOCK_SIZE];
+
+    XMEMSET(&aesEnc, 0, sizeof(Aes));
+    XMEMSET(&aesDec, 0, sizeof(Aes));
+    XMEMSET(out, 0, sizeof(out));
+    XMEMSET(plain, 0, sizeof(plain));
+    XMEMSET(tag, 0, sizeof(tag));
+
+    /* Perform one-shot encryption using long IV */
+    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0);
+    ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv),
+        tag, sizeof(tag), aad, sizeof(aad)), 0);
+
+    /* Perform streaming decryption using long IV */
+    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad,
+        sizeof(aad)), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+
+    /* Free resources */
+    wc_AesFree(&aesEnc);
+    wc_AesFree(&aesDec);
+#endif
+    return EXPECT_RESULT();
+
+} /* END wc_AesGcmMixedEncDecLongIV */
+
+/*
+ * Testing streaming AES-GCM API.
+ */
+int test_wc_AesGcmStream(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
+    defined(WOLFSSL_AESGCM_STREAM)
+    int i;
+    WC_RNG rng[1];
+    Aes aesEnc[1];
+    Aes aesDec[1];
+    byte tag[WC_AES_BLOCK_SIZE];
+    byte in[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, };
+    byte out[WC_AES_BLOCK_SIZE * 3 + 2];
+    byte plain[WC_AES_BLOCK_SIZE * 3 + 2];
+    byte aad[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, };
+    byte key[AES_128_KEY_SIZE] = { 0, };
+    byte iv[AES_IV_SIZE] = { 1, };
+    byte ivOut[AES_IV_SIZE];
+    static const byte expTagAAD1[WC_AES_BLOCK_SIZE] = {
+        0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
+        0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
+    };
+    static const byte expTagPlain1[WC_AES_BLOCK_SIZE] = {
+        0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
+        0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
+    };
+    static const byte expTag[WC_AES_BLOCK_SIZE] = {
+        0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
+        0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
+    };
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&aesEnc, 0, sizeof(Aes));
+    XMEMSET(&aesDec, 0, sizeof(Aes));
+
+    /* Create a random for generating IV/nonce. */
+    ExpectIntEQ(wc_InitRng(rng), 0);
+
+    /* Initialize data structures. */
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+
+    /* BadParameters to streaming init. */
+    ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Bad parameters to encrypt update. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Bad parameters to decrypt update. */
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Bad parameters to encrypt final. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE + 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Bad parameters to decrypt final. */
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE + 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Check calling final before setting key fails. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    /* Check calling update before setting key else fails. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+
+    /* Set key but not IV. */
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
+    /* Check calling final before setting IV fails. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    /* Check calling update before setting IV else fails. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_IV));
+
+    /* Set IV using fixed part IV and external IV APIs. */
+    ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
+        rng), 0);
+    ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
+        GCM_NONCE_MID_SZ), 0);
+    ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
+    /* Encrypt and decrypt data. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* Encrypt/decrypt one block and AAD of one block. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, WC_AES_BLOCK_SIZE, aad,
+        WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, WC_AES_BLOCK_SIZE,
+        aad, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, WC_AES_BLOCK_SIZE), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* No data to encrypt/decrypt one byte of AAD. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(tag, expTagAAD1, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* Encrypt/decrypt one byte and no AAD. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(tag, expTagPlain1, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* Encryption AES is one byte at a time */
+    for (i = 0; i < (int)sizeof(aad); i++) {
+        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
+            0);
+    }
+    for (i = 0; i < (int)sizeof(in); i++) {
+        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
+            0);
+    }
+    /* Decryption AES is two bytes at a time */
+    for (i = 0; i < (int)sizeof(aad); i += 2) {
+        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
+            0);
+    }
+    for (i = 0; i < (int)sizeof(aad); i += 2) {
+        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
+            0), 0);
+    }
+    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(tag, expTag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Check streaming encryption can be decrypted with one shot. */
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
+    ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
+        AES_IV_SIZE, tag, WC_AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    wc_FreeRng(rng);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesGcmStream */
+
+/*******************************************************************************
+ * GMAC
+ ******************************************************************************/
+
+/*
+ * unit test for wc_GmacSetKey()
+ */
+int test_wc_GmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+    Gmac gmac;
+    byte key16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+    byte badKey16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
+    };
+    byte badKey24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+    byte badKey32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+
+    XMEMSET(&gmac, 0, sizeof(Gmac));
+
+    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
+#endif
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&gmac.aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_GmacSetKey */
+
+/*
+ * unit test for wc_GmacUpdate
+ */
+int test_wc_GmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+    Gmac gmac;
+#ifdef WOLFSSL_AES_128
+    const byte key16[] = {
+        0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
+        0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
+        0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
+        0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+   byte key32[] = {
+        0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
+        0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
+        0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
+        0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
+    };
+#endif
+#ifdef WOLFSSL_AES_128
+    const byte authIn[] = {
+        0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
+        0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    const byte authIn2[] = {
+       0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
+       0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
+    };
+#endif
+    const byte authIn3[] = {
+        0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
+        0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
+    };
+#ifdef WOLFSSL_AES_128
+    const byte tag1[] = { /* Known. */
+        0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
+        0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    const byte tag2[] = { /* Known */
+        0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
+        0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
+    };
+#endif
+    const byte tag3[] = { /* Known */
+        0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
+        0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
+    };
+#ifdef WOLFSSL_AES_128
+    const byte iv[] = {
+        0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
+        0xe2, 0x8c, 0x8f, 0x16
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    const byte iv2[] = {
+        0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
+        0x7e, 0x1a, 0x6f, 0xbc
+    };
+#endif
+    const byte iv3[] = {
+        0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
+        0xc3, 0xfb, 0x6c, 0x8a
+    };
+    byte tagOut[16];
+    byte tagOut2[24];
+    byte tagOut3[32];
+
+    /* Init stack variables. */
+    XMEMSET(&gmac, 0, sizeof(Gmac));
+    XMEMSET(tagOut, 0, sizeof(tagOut));
+    XMEMSET(tagOut2, 0, sizeof(tagOut2));
+    XMEMSET(tagOut3, 0, sizeof(tagOut3));
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0);
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
+        tagOut, sizeof(tag1)), 0);
+    ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0);
+    wc_AesFree(&gmac.aes);
+#endif
+
+#ifdef WOLFSSL_AES_192
+    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
+    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2),
+        tagOut2, sizeof(tag2)), 0);
+    ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0);
+    wc_AesFree(&gmac.aes);
+#endif
+
+#ifdef WOLFSSL_AES_256
+    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
+    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3)), 0);
+    ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0);
+    wc_AesFree(&gmac.aes);
+#endif
+
+    /* Pass bad args. */
+    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3) + 1),  WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    wc_AesFree(&gmac.aes);
+
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_GmacUpdate */
+
+/*******************************************************************************
+ * AES-CCM
+ ******************************************************************************/
+
+/*
+ * unit test for wc_AesCcmSetKey
+ */
+int test_wc_AesCcmSetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_AESCCM
+    Aes aes;
+    const byte key16[] = {
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+    };
+    const byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+    const byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+
+    XMEMSET(&aes, 0, sizeof(Aes));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0);
+#endif
+
+    /* Test bad args. */
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_AesCcmSetKey */
+
+/*
+ * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
+ */
+int test_wc_AesCcmEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
+    Aes aes;
+    const byte key16[] = {
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+    };
+    /* plaintext */
+    const byte plainT[] = {
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
+    };
+    /* nonce */
+    const byte iv[] = {
+        0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
+        0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+    };
+    const byte c[] = { /* cipher text. */
+        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
+        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
+        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
+    };
+    const byte t[] = { /* Auth tag */
+        0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
+    };
+    const byte authIn[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+    };
+    byte cipherOut[sizeof(plainT)];
+    byte authTag[sizeof(t)];
+#ifdef HAVE_AES_DECRYPT
+    byte plainOut[sizeof(cipherOut)];
+#endif
+
+    XMEMSET(&aes, 0, sizeof(Aes));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
+
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0);
+    ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0);
+    ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0);
+#ifdef HAVE_AES_DECRYPT
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0);
+    ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0);
+#endif
+
+    /* Pass in bad args. Encrypt*/
+    ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifdef HAVE_AES_DECRYPT
+    /* Pass in bad args. Decrypt*/
+    ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+
+    wc_AesFree(&aes);
+#endif  /* HAVE_AESCCM */
+    return EXPECT_RESULT();
+} /* END test_wc_AesCcmEncryptDecrypt */
+
+#if defined(WOLFSSL_AES_EAX) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+
+/*******************************************************************************
+ * AES-EAX
+ ******************************************************************************/
+
+/*
+ * Testing test_wc_AesEaxVectors()
+ */
+int test_wc_AesEaxVectors(void)
+{
+    EXPECT_DECLS;
+
+    typedef struct {
+        byte key[AES_256_KEY_SIZE];
+        int key_length;
+        byte iv[WC_AES_BLOCK_SIZE];
+        int iv_length;
+        byte aad[WC_AES_BLOCK_SIZE * 2];
+        int aad_length;
+        byte msg[WC_AES_BLOCK_SIZE * 5];
+        int msg_length;
+        byte ct[WC_AES_BLOCK_SIZE * 5];
+        int ct_length;
+        byte tag[WC_AES_BLOCK_SIZE];
+        int tag_length;
+        int valid;
+    } AadVector;
+
+    /*  Test vectors obtained from Google wycheproof project
+     *  https://github.com/google/wycheproof
+     *  from testvectors/aes_eax_test.json
+     */
+    const AadVector vectors[] = {
+        {
+            /* key, key length  */
+            {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
+             0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
+            /* iv, iv length  */
+            {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
+             0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
+            /* aad, aad length  */
+            {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
+            /* msg, msg length  */
+            {0x00}, 0,
+            /* ct, ct length  */
+            {0x00}, 0,
+            /* tag, tag length  */
+            {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
+             0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
+             0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16,
+            /* iv, iv length  */
+            {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
+             0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16,
+            /* aad, aad length  */
+            {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8,
+            /* msg, msg length  */
+            {0xf7, 0xfb}, 2,
+            /* ct, ct length  */
+            {0x19, 0xdd}, 2,
+            /* tag, tag length  */
+            {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
+             0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
+             0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16,
+            /* iv, iv length  */
+            {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
+             0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16,
+            /* aad, aad length  */
+            {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8,
+            /* msg, msg length  */
+            {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5,
+            /* ct, ct length  */
+            {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5,
+            /* tag, tag length  */
+            {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
+             0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd,
+             0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16,
+            /* iv, iv length  */
+            {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12,
+             0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16,
+            /* aad, aad length  */
+            {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8,
+            /* msg, msg length  */
+            {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5,
+            /* ct, ct length  */
+            {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5,
+            /* tag, tag length  */
+            {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f,
+             0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1,
+             0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16,
+            /* iv, iv length  */
+            {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c,
+             0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16,
+            /* aad, aad length  */
+            {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8,
+            /* msg, msg length  */
+            {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6,
+            /* ct, ct length  */
+            {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6,
+            /* tag, tag length  */
+            {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe,
+             0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2,
+             0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16,
+            /* iv, iv length  */
+            {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85,
+             0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16,
+            /* aad, aad length  */
+            {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8,
+            /* msg, msg length  */
+            {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24,
+             0x5b, 0xd1, 0xfb, 0x7d}, 12,
+            /* ct, ct length  */
+            {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35,
+             0x0e, 0x72, 0x84, 0x14}, 12,
+            /* tag, tag length  */
+            {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69,
+             0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac,
+             0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16,
+            /* iv, iv length  */
+            {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39,
+             0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16,
+            /* aad, aad length  */
+            {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8,
+            /* msg, msg length  */
+            {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed,
+             0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16,
+             0x36}, 17,
+            /* ct, ct length  */
+            {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48,
+             0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda,
+             0x30}, 17,
+            /* tag, tag length  */
+            {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa,
+             0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca,
+             0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16,
+            /* iv, iv length  */
+            {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d,
+             0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16,
+            /* aad, aad length  */
+            {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8,
+            /* msg, msg length  */
+            {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba,
+             0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd,
+             0x2d, 0x56}, 18,
+            /* ct, ct length  */
+            {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89,
+             0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae,
+             0x8c, 0xc3}, 18,
+            /* tag, tag length  */
+            {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9,
+             0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5,
+             0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16,
+            /* iv, iv length  */
+            {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8,
+             0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16,
+            /* aad, aad length  */
+            {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8,
+            /* msg, msg length  */
+            {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13,
+             0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5,
+             0xef, 0x11}, 18,
+            /* ct, ct length  */
+            {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a,
+             0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38,
+             0xb1, 0xe8}, 18,
+            /* tag, tag length  */
+            {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f,
+             0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6,
+             0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16,
+            /* iv, iv length  */
+            {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93,
+             0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16,
+            /* aad, aad length  */
+            {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8,
+            /* msg, msg length  */
+            {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa,
+             0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f,
+             0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21,
+            /* ct, ct length  */
+            {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf,
+             0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97,
+             0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21,
+            /* tag, tag length  */
+            {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52,
+             0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
+             0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
+             0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
+             0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
+             0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
+            /* tag, tag length  */
+            {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
+             0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9,
+             0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91,
+             0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20,
+             0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3,
+             0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32,
+            /* tag, tag length  */
+            {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed,
+             0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d,
+             0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5,
+             0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0,
+             0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd,
+             0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32,
+            /* tag, tag length  */
+            {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a,
+             0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2,
+             0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e,
+             0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8,
+             0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2,
+             0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32,
+            /* tag, tag length  */
+            {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac,
+             0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83,
+             0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e,
+             0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac,
+             0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0,
+             0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32,
+            /* tag, tag length  */
+            {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e,
+             0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47,
+             0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8,
+             0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e,
+             0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22,
+             0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32,
+            /* tag, tag length  */
+            {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4,
+             0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a,
+             0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64,
+            /* ct, ct length  */
+            {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6,
+             0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3,
+             0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37,
+             0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66,
+             0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3,
+             0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40,
+             0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4,
+             0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64,
+            /* tag, tag length  */
+            {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd,
+             0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55,
+             0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80,
+            /* ct, ct length  */
+            {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3,
+             0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f,
+             0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46,
+             0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb,
+             0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f,
+             0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36,
+             0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb,
+             0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d,
+             0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77,
+             0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80,
+            /* tag, tag length  */
+            {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a,
+             0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37,
+             0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16,
+            /* iv, iv length  */
+            {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc,
+             0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00}, 0,
+            /* ct, ct length  */
+            {0x00}, 0,
+            /* tag, tag length  */
+            {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69,
+             0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10,
+             0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16,
+            /* iv, iv length  */
+            {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1,
+             0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x01}, 1,
+            /* ct, ct length  */
+            {0x1d}, 1,
+            /* tag, tag length  */
+            {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02,
+             0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32,
+             0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16,
+            /* iv, iv length  */
+            {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97,
+             0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60,
+             0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15,
+            /* ct, ct length  */
+            {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98,
+             0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15,
+            /* tag, tag length  */
+            {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e,
+             0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5,
+             0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16,
+            /* iv, iv length  */
+            {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51,
+             0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32,
+             0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea,
+             0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22,
+            /* ct, ct length  */
+            {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d,
+             0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd,
+             0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22,
+            /* tag, tag length  */
+            {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74,
+             0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d,
+             0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16,
+            /* iv, iv length  */
+            {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee,
+             0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16,
+            /* aad, aad length  */
+            {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8,
+            /* msg, msg length  */
+            {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c,
+             0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16,
+            /* ct, ct length  */
+            {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd,
+             0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16,
+            /* tag, tag length  */
+            {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad,
+             0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41,
+             0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16,
+            /* iv, iv length  */
+            {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a,
+             0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16,
+            /* aad, aad length  */
+            {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52,
+             0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15,
+            /* msg, msg length  */
+            {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73,
+             0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16,
+            /* ct, ct length  */
+            {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38,
+             0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16,
+            /* tag, tag length  */
+            {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2,
+             0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e,
+             0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16,
+            /* iv, iv length  */
+            {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a,
+             0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16,
+            /* aad, aad length  */
+            {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1,
+             0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16,
+            /* msg, msg length  */
+            {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0,
+             0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16,
+            /* ct, ct length  */
+            {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61,
+             0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16,
+            /* tag, tag length  */
+            {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a,
+             0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4,
+             0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16,
+            /* iv, iv length  */
+            {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf,
+             0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16,
+            /* aad, aad length  */
+            {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a,
+             0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8,
+             0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24,
+            /* msg, msg length  */
+            {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d,
+             0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16,
+            /* ct, ct length  */
+            {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c,
+             0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16,
+            /* tag, tag length  */
+            {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36,
+             0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d,
+             0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72,
+             0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3,
+             0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16,
+            /* valid */
+            0,
+        },
+    };
+
+    byte ciphertext[sizeof(vectors[0].ct)];
+    byte authtag[sizeof(vectors[0].tag)];
+    int i;
+    int len;
+    int ret;
+
+
+    for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
+
+        XMEMSET(ciphertext, 0, sizeof(ciphertext));
+
+        len = sizeof(authtag);
+        ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
+                                         ciphertext,
+                                         vectors[i].msg, vectors[i].msg_length,
+                                         vectors[i].iv, vectors[i].iv_length,
+                                         authtag, len,
+                                         vectors[i].aad, vectors[i].aad_length),
+                                         0);
+
+        /* check ciphertext matches vector */
+        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length),
+                    0);
+
+        /* check that computed tag matches vector only for vectors marked asx
+         * valid */
+        ret = XMEMCMP(authtag, vectors[i].tag, len);
+        if (vectors[i].valid) {
+            ExpectIntEQ(ret, 0);
+        }
+        else {
+            ExpectIntNE(ret, 0);
+        }
+
+        XMEMSET(ciphertext, 0, sizeof(ciphertext));
+
+        /* Decrypt, checking that the computed auth tags match */
+        ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
+                                         ciphertext,
+                                         vectors[i].ct, vectors[i].ct_length,
+                                         vectors[i].iv, vectors[i].iv_length,
+                                         authtag, len,
+                                         vectors[i].aad, vectors[i].aad_length),
+                                         0);
+
+        /* check decrypted ciphertext matches vector plaintext */
+        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length),
+                    0);
+    }
+    return EXPECT_RESULT();
+} /* END test_wc_AesEaxVectors */
+
+/*
+ * Testing test_wc_AesEaxEncryptAuth()
+ */
+int test_wc_AesEaxEncryptAuth(void)
+{
+    EXPECT_DECLS;
+
+    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+    const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04};
+
+    byte ciphertext[sizeof(msg)];
+    byte authtag[WC_AES_BLOCK_SIZE];
+    int i;
+    int len;
+
+    len = sizeof(authtag);
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     0);
+
+    /* Test null checking */
+    ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     NULL,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     NULL, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     NULL, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     NULL, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     NULL, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test bad key lengths */
+    for (i = 0; i <= 32; i++) {
+        int exp_ret;
+        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
+                                  || i == AES_256_KEY_SIZE) {
+            exp_ret = 0;
+        }
+        else {
+            exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+        }
+
+        ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i,
+                                         ciphertext,
+                                         msg, sizeof(msg),
+                                         iv, sizeof(iv),
+                                         authtag, (word32)len,
+                                         aad, sizeof(aad)),
+                                         exp_ret);
+    }
+
+
+    /* Test auth tag size out of range */
+    len = WC_AES_BLOCK_SIZE + 1;
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    return EXPECT_RESULT();
+} /* END test_wc_AesEaxEncryptAuth() */
+
+/*
+ * Testing test_wc_AesEaxDecryptAuth()
+ */
+int test_wc_AesEaxDecryptAuth(void)
+{
+    EXPECT_DECLS;
+
+    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+    const byte ct[] =  {0x00, 0x01, 0x02, 0x03, 0x04};
+    /* Garbage tag that should always fail for above aad */
+    const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE,
+                        0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF};
+
+    byte plaintext[sizeof(ct)];
+    int i;
+    int len;
+
+    len = sizeof(tag);
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(AES_EAX_AUTH_E));
+
+    /* Test null checking */
+    ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     NULL,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     NULL, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     NULL, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     NULL, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     NULL, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test bad key lengths */
+    for (i = 0; i <= 32; i++) {
+        int exp_ret;
+        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
+                                  || i == AES_256_KEY_SIZE) {
+            exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E);
+        }
+        else {
+            exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+        }
+
+        ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i,
+                                         plaintext,
+                                         ct, sizeof(ct),
+                                         iv, sizeof(iv),
+                                         tag, (word32)len,
+                                         aad, sizeof(aad)),
+                                         exp_ret);
+    }
+
+
+    /* Test auth tag size out of range */
+    len = WC_AES_BLOCK_SIZE + 1;
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    return EXPECT_RESULT();
+} /* END test_wc_AesEaxDecryptAuth() */
+
+#endif /* WOLFSSL_AES_EAX &&
+        * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
+        */
+
diff --git a/tests/api/test_aes.h b/tests/api/test_aes.h
new file mode 100644
index 000000000..eb172dba1
--- /dev/null
+++ b/tests/api/test_aes.h
@@ -0,0 +1,44 @@
+/* test_aes.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_AES_H
+#define WOLFCRYPT_TEST_AES_H
+
+int test_wc_AesSetKey(void);
+int test_wc_AesSetIV(void);
+int test_wc_AesCbcEncryptDecrypt(void);
+int test_wc_AesCtrEncryptDecrypt(void);
+int test_wc_AesGcmSetKey(void);
+int test_wc_AesGcmEncryptDecrypt(void);
+int test_wc_AesGcmMixedEncDecLongIV(void);
+int test_wc_AesGcmStream(void);
+int test_wc_GmacSetKey(void);
+int test_wc_GmacUpdate(void);
+int test_wc_AesCcmSetKey(void);
+int test_wc_AesCcmEncryptDecrypt(void);
+#if defined(WOLFSSL_AES_EAX) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+int test_wc_AesEaxVectors(void);
+int test_wc_AesEaxEncryptAuth(void);
+int test_wc_AesEaxDecryptAuth(void);
+#endif /* WOLFSSL_AES_EAX */
+
+#endif /* WOLFCRYPT_TEST_AES_H */
diff --git a/tests/api/test_arc4.c b/tests/api/test_arc4.c
new file mode 100644
index 000000000..6b32dd904
--- /dev/null
+++ b/tests/api/test_arc4.c
@@ -0,0 +1,114 @@
+/* test_arc4.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/arc4.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_arc4.h>
+
+/*
+ * Testing wc_Arc4SetKey()
+ */
+int test_wc_Arc4SetKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RC4
+    Arc4 arc;
+    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
+    int keyLen = 8;
+
+    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4SetKey(&arc, NULL      , (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0     ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Arc4SetKey */
+
+/*
+ * Testing wc_Arc4Process for ENC/DEC.
+ */
+int test_wc_Arc4Process(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RC4
+    Arc4 enc;
+    Arc4 dec;
+    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
+    int keyLen = 8;
+    const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
+    byte cipher[8];
+    byte plain[8];
+
+    /* Init stack variables */
+    XMEMSET(&enc, 0, sizeof(Arc4));
+    XMEMSET(&dec, 0, sizeof(Arc4));
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(plain, 0, sizeof(plain));
+
+    /* Use for async. */
+    ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0);
+    ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0);
+
+    ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0);
+    ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0);
+    ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0);
+
+    /* Bad args. */
+    ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_Arc4Free(&enc);
+    wc_Arc4Free(&dec);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Arc4Process */
+
diff --git a/tests/api/test_arc4.h b/tests/api/test_arc4.h
new file mode 100644
index 000000000..78d706ca9
--- /dev/null
+++ b/tests/api/test_arc4.h
@@ -0,0 +1,28 @@
+/* test_arc4.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_ARC4_H
+#define WOLFCRYPT_TEST_ARC4_H
+
+int test_wc_Arc4SetKey(void);
+int test_wc_Arc4Process(void);
+
+#endif /* WOLFCRYPT_TEST_ARC4_H */
diff --git a/tests/api/test_ascon.c b/tests/api/test_ascon.c
new file mode 100644
index 000000000..b8bef7a47
--- /dev/null
+++ b/tests/api/test_ascon.c
@@ -0,0 +1,194 @@
+/* test_ascon.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ascon.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/test_ascon.h>
+
+#ifdef HAVE_ASCON
+#include <tests/api/test_ascon_kats.h>
+#endif
+
+int test_ascon_hash256(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ASCON
+    byte msg[1024];
+    byte mdOut[ASCON_HASH256_SZ];
+    const size_t test_rounds = sizeof(msg) + 1; /* +1 to test 0-len msg */
+    wc_AsconHash256* asconHash = NULL;
+    word32 i;
+
+    ExpectIntEQ(XELEM_CNT(ascon_hash256_output), test_rounds);
+
+    /* init msg buffer */
+    for (i = 0; i < sizeof(msg); i++)
+        msg[i] = (byte)i;
+
+    ExpectNotNull(asconHash = wc_AsconHash256_New());
+
+    for (i = 0; i < test_rounds && EXPECT_SUCCESS(); i++) {
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        ExpectIntEQ(wc_AsconHash256_Init(asconHash), 0);
+        ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg, i), 0);
+        ExpectIntEQ(wc_AsconHash256_Final(asconHash, mdOut), 0);
+        ExpectBufEQ(mdOut, ascon_hash256_output[i], ASCON_HASH256_SZ);
+        wc_AsconHash256_Clear(asconHash);
+    }
+
+    /* Test separated update */
+    for (i = 0; i < test_rounds && EXPECT_SUCCESS(); i++) {
+        word32 half_i = i / 2;
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        ExpectIntEQ(wc_AsconHash256_Init(asconHash), 0);
+        ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg, half_i), 0);
+        ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg + half_i,
+                                           i - half_i), 0);
+        ExpectIntEQ(wc_AsconHash256_Final(asconHash, mdOut), 0);
+        ExpectBufEQ(mdOut, ascon_hash256_output[i], ASCON_HASH256_SZ);
+        wc_AsconHash256_Clear(asconHash);
+    }
+
+    wc_AsconHash256_Free(asconHash);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_ascon_aead128(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ASCON
+    word32 i;
+    wc_AsconAEAD128* asconAEAD = NULL;
+
+    ExpectNotNull(asconAEAD = wc_AsconAEAD128_New());
+
+    for (i = 0; i < XELEM_CNT(ascon_aead128_kat); i++) {
+        byte key[ASCON_AEAD128_KEY_SZ];
+        byte nonce[ASCON_AEAD128_NONCE_SZ];
+        byte pt[32]; /* longest plaintext we test is 32 bytes */
+        word32 ptSz;
+        byte ad[32]; /* longest AD we test is 32 bytes */
+        word32 adSz;
+        byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */
+        word32 ctSz;
+        word32 j;
+        byte tag[ASCON_AEAD128_TAG_SZ];
+        byte buf[32]; /* longest buffer we test is 32 bytes */
+
+        XMEMSET(key, 0, sizeof(key));
+        XMEMSET(nonce, 0, sizeof(nonce));
+        XMEMSET(pt, 0, sizeof(pt));
+        XMEMSET(ad, 0, sizeof(ad));
+        XMEMSET(ct, 0, sizeof(ct));
+        XMEMSET(tag, 0, sizeof(tag));
+
+        /* Convert HEX strings to byte stream */
+        for (j = 0; ascon_aead128_kat[i][0][j] != '\0'; j += 2) {
+            key[j/2] = HexCharToByte(ascon_aead128_kat[i][0][j]) << 4 |
+                       HexCharToByte(ascon_aead128_kat[i][0][j+1]);
+        }
+        for (j = 0; ascon_aead128_kat[i][1][j] != '\0'; j += 2) {
+            nonce[j/2] = HexCharToByte(ascon_aead128_kat[i][1][j]) << 4 |
+                         HexCharToByte(ascon_aead128_kat[i][1][j+1]);
+        }
+        for (j = 0; ascon_aead128_kat[i][2][j] != '\0'; j += 2) {
+            pt[j/2] = HexCharToByte(ascon_aead128_kat[i][2][j]) << 4 |
+                      HexCharToByte(ascon_aead128_kat[i][2][j+1]);
+        }
+        ptSz = j/2;
+        for (j = 0; ascon_aead128_kat[i][3][j] != '\0'; j += 2) {
+            ad[j/2] = HexCharToByte(ascon_aead128_kat[i][3][j]) << 4 |
+                      HexCharToByte(ascon_aead128_kat[i][3][j+1]);
+        }
+        adSz = j/2;
+        for (j = 0; ascon_aead128_kat[i][4][j] != '\0'; j += 2) {
+            ct[j/2] = HexCharToByte(ascon_aead128_kat[i][4][j]) << 4 |
+                      HexCharToByte(ascon_aead128_kat[i][4][j+1]);
+        }
+        ctSz = j/2 - ASCON_AEAD128_TAG_SZ;
+
+        for (j = 0; j < 4; j++) {
+            ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
+            ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
+            ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
+            ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, ad, adSz), 0);
+            if (j == 0) {
+                /* Encryption test */
+                ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, buf, pt,
+                            ptSz), 0);
+                ExpectBufEQ(buf, ct, ptSz);
+                ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tag), 0);
+                ExpectBufEQ(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ);
+            }
+            else if (j == 1) {
+                /* Decryption test */
+                ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, buf, ct,
+                            ctSz), 0);
+                ExpectBufEQ(buf, pt, ctSz);
+                ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, ct + ctSz),
+                            0);
+            }
+            else if (j == 2) {
+                /* Split encryption test */
+                ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, buf, pt,
+                        ptSz / 2), 0);
+                ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD,
+                        buf + (ptSz/2), pt + (ptSz/2), ptSz - (ptSz/2)), 0);
+                ExpectBufEQ(buf, ct, ptSz);
+                ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tag), 0);
+                ExpectBufEQ(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ);
+            }
+            else if (j == 3) {
+                /* Split decryption test */
+                ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, buf, ct,
+                        ctSz / 2), 0);
+                ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD,
+                        buf + (ctSz/2), ct + (ctSz/2), ctSz - (ctSz/2)), 0);
+                ExpectBufEQ(buf, pt, ctSz);
+                ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, ct + ctSz),
+                        0);
+            }
+            wc_AsconAEAD128_Clear(asconAEAD);
+        }
+    }
+
+    wc_AsconAEAD128_Free(asconAEAD);
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_ascon.h b/tests/api/test_ascon.h
new file mode 100644
index 000000000..09663f98a
--- /dev/null
+++ b/tests/api/test_ascon.h
@@ -0,0 +1,28 @@
+/* test_ascon.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef TESTS_API_TEST_ASCON_H
+#define TESTS_API_TEST_ASCON_H
+
+int test_ascon_hash256(void);
+int test_ascon_aead128(void);
+
+#endif /* TESTS_API_TEST_ASCON_H */
diff --git a/tests/api/test_ascon_kats.h b/tests/api/test_ascon_kats.h
new file mode 100644
index 000000000..0aad58dae
--- /dev/null
+++ b/tests/api/test_ascon_kats.h
@@ -0,0 +1,6517 @@
+/* test_ascon_kats.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef TESTS_API_TEST_ASCON_KATS_H
+#define TESTS_API_TEST_ASCON_KATS_H
+
+/* KATs taken from https://github.com/ascon/ascon-c */
+
+/* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt
+ * The message is just the byte stream 00 01 02 03 ... */
+static const byte ascon_hash256_output[][32] = {
+    { 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 },
+    { 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 },
+    { 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 },
+    { 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C },
+    { 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE },
+    { 0xC7, 0xB2, 0x89, 0x62, 0xD4, 0xF5, 0xC2, 0x21, 0x1F, 0x46, 0x6F, 0x83, 0xD3, 0xC5, 0x7A, 0xE1, 0x50, 0x43, 0x87, 0xE2, 0xA3, 0x26, 0x94, 0x97, 0x47, 0xA8, 0x37, 0x64, 0x47, 0xA6, 0xBB, 0x51 },
+    { 0xDC, 0x0C, 0x67, 0x48, 0xAF, 0x8F, 0xFE, 0x63, 0xE1, 0x08, 0x4A, 0xA3, 0xE5, 0x78, 0x6A, 0x19, 0x46, 0x85, 0xC8, 0x8C, 0x21, 0x34, 0x8B, 0x29, 0xE1, 0x84, 0xFB, 0x50, 0x40, 0x97, 0x03, 0xBC },
+    { 0x3E, 0x4D, 0x27, 0x3B, 0xA6, 0x9B, 0x3B, 0x9C, 0x53, 0x21, 0x61, 0x07, 0xE8, 0x8B, 0x75, 0xCD, 0xBE, 0xED, 0xBC, 0xBF, 0x8F, 0xAF, 0x02, 0x19, 0xC3, 0x92, 0x8A, 0xB6, 0x2B, 0x11, 0x65, 0x77 },
+    { 0xB8, 0x8E, 0x49, 0x7A, 0xE8, 0xE6, 0xFB, 0x64, 0x1B, 0x87, 0xEF, 0x62, 0x2E, 0xB8, 0xF2, 0xFC, 0xA0, 0xED, 0x95, 0x38, 0x3F, 0x7F, 0xFE, 0xBE, 0x16, 0x7A, 0xCF, 0x10, 0x99, 0xBA, 0x76, 0x4F },
+    { 0x94, 0x26, 0x9C, 0x30, 0xE0, 0x29, 0x6E, 0x1E, 0xC8, 0x66, 0x55, 0x04, 0x18, 0x41, 0x82, 0x3E, 0xFA, 0x19, 0x27, 0xF5, 0x20, 0xFD, 0x58, 0xC8, 0xE9, 0xBC, 0xE6, 0x19, 0x78, 0x78, 0xC1, 0xA6 },
+    { 0x89, 0x4F, 0x5C, 0x5B, 0xC7, 0x8A, 0x0A, 0x97, 0xAB, 0xC0, 0xD6, 0x31, 0x23, 0xD0, 0x9A, 0x33, 0x5F, 0xB0, 0xD9, 0x24, 0x30, 0xAD, 0xF9, 0xD1, 0x1F, 0xD2, 0x64, 0x38, 0x54, 0x17, 0x99, 0x68 },
+    { 0x68, 0x84, 0x66, 0xB9, 0xEC, 0x50, 0x70, 0x47, 0x6C, 0xEB, 0x93, 0x9F, 0xE3, 0x68, 0xC2, 0xA3, 0x2C, 0x0F, 0x1A, 0x79, 0x5A, 0xF7, 0x61, 0x94, 0x2D, 0x55, 0x18, 0x90, 0x9A, 0x10, 0x81, 0xDA },
+    { 0x8C, 0xAF, 0xA6, 0x56, 0x80, 0x7F, 0xAF, 0xA3, 0xDE, 0x9F, 0xEB, 0x2F, 0xB5, 0x66, 0xD6, 0x23, 0x9B, 0xEB, 0xA7, 0x4A, 0xE4, 0x8C, 0x4E, 0x9A, 0x4C, 0xED, 0x5B, 0xF1, 0xB1, 0x3A, 0x75, 0xC9 },
+    { 0x94, 0x88, 0x3D, 0x2A, 0x44, 0xE8, 0xF1, 0x39, 0x64, 0xF9, 0x26, 0xDE, 0x55, 0x35, 0x83, 0xDB, 0x7B, 0x1A, 0x82, 0xB0, 0xAA, 0xCC, 0x58, 0xEF, 0x2D, 0x48, 0x46, 0xA5, 0xD6, 0xE8, 0xB4, 0xAC },
+    { 0xBE, 0xB6, 0x35, 0x3F, 0x24, 0xE8, 0xDE, 0xE9, 0xF2, 0xB9, 0x92, 0x79, 0xF2, 0x9F, 0x42, 0x5F, 0x7C, 0xCE, 0x30, 0x98, 0xA3, 0x66, 0x5B, 0x7A, 0xF3, 0xAF, 0x86, 0xF7, 0x59, 0xCC, 0x98, 0x5D },
+    { 0x64, 0x21, 0x33, 0x0D, 0xF9, 0x9C, 0x05, 0xEB, 0x71, 0x54, 0x15, 0xEE, 0x17, 0xB4, 0x55, 0xF2, 0x67, 0x4F, 0x86, 0x2A, 0xE3, 0xCC, 0x5B, 0xAD, 0xFF, 0xE4, 0x3A, 0x4A, 0x3E, 0xD2, 0x73, 0xE1 },
+    { 0x31, 0x58, 0xC1, 0x94, 0x0A, 0x2F, 0xBA, 0xDB, 0xD6, 0x8A, 0xB6, 0x61, 0x77, 0x78, 0x59, 0xB9, 0x4A, 0x68, 0x9E, 0x4E, 0xFC, 0x37, 0x59, 0x11, 0x46, 0x7A, 0xDD, 0xD6, 0x41, 0x83, 0x5C, 0x38 },
+    { 0xF1, 0x49, 0xE9, 0x9D, 0xD0, 0xF4, 0x29, 0x59, 0x9B, 0xB8, 0x9B, 0x80, 0x79, 0xBF, 0x3F, 0x4D, 0xCA, 0x3F, 0x29, 0x8E, 0xFE, 0xFC, 0xF9, 0xB1, 0xEA, 0x16, 0xFE, 0x84, 0xF9, 0xB8, 0xB6, 0xE2 },
+    { 0xD0, 0x70, 0xF7, 0xBA, 0x0E, 0x9B, 0xCD, 0xB6, 0xB3, 0x4E, 0x83, 0x57, 0x34, 0x3E, 0x90, 0x41, 0x94, 0x31, 0x46, 0xF3, 0x34, 0xFD, 0xAF, 0x6E, 0x20, 0x09, 0x27, 0x5F, 0x6F, 0x25, 0xCB, 0xED },
+    { 0x75, 0x94, 0x01, 0xBA, 0x2D, 0x33, 0x73, 0xEB, 0x5A, 0x01, 0x52, 0xBD, 0xE6, 0xFC, 0xC7, 0x26, 0xEC, 0x65, 0xDE, 0xE7, 0x95, 0xA5, 0x74, 0xF1, 0xD7, 0x15, 0xF3, 0xCA, 0xC2, 0x1F, 0x03, 0x81 },
+    { 0x98, 0x94, 0x1E, 0x48, 0x4F, 0xBA, 0xE8, 0x74, 0x52, 0xDD, 0xAF, 0x60, 0x30, 0x08, 0x8B, 0x79, 0x8A, 0x56, 0xC3, 0x6E, 0xB6, 0xD4, 0xD3, 0xE9, 0x4B, 0x5C, 0xFF, 0x78, 0xB2, 0x0E, 0x04, 0x81 },
+    { 0x41, 0xC8, 0xF7, 0x33, 0xB9, 0xD8, 0x23, 0xBE, 0x30, 0xB6, 0x4E, 0xE7, 0x17, 0xC3, 0x22, 0xC5, 0x76, 0xD3, 0x67, 0x81, 0xFF, 0xC5, 0xF7, 0xD6, 0xC7, 0x30, 0xEC, 0xA5, 0x49, 0x78, 0x97, 0x25 },
+    { 0x04, 0x18, 0x3F, 0x60, 0x3C, 0xF5, 0x6E, 0xA2, 0x5E, 0x5C, 0x29, 0x9D, 0x3F, 0xBD, 0xB1, 0x72, 0x28, 0xD6, 0x41, 0x1F, 0x15, 0xE9, 0xF7, 0x7C, 0x77, 0x89, 0xCE, 0x89, 0xEC, 0x9B, 0x8B, 0x0E },
+    { 0xB4, 0xF8, 0x8D, 0x12, 0x1E, 0xDD, 0xF6, 0xD1, 0xFE, 0xA9, 0xAE, 0xF1, 0x5F, 0x68, 0xA0, 0xF3, 0xA1, 0x6D, 0x3D, 0x2C, 0xDD, 0x98, 0x17, 0x22, 0x58, 0x09, 0xC2, 0x04, 0x52, 0xB0, 0x4C, 0x61 },
+    { 0x7E, 0x6A, 0x31, 0xFA, 0x65, 0x59, 0x53, 0x6A, 0x7A, 0xD6, 0x16, 0x22, 0xF6, 0x15, 0x0F, 0xA3, 0xB2, 0xA2, 0x9E, 0xBB, 0xF3, 0x9A, 0xD8, 0x01, 0x1B, 0x79, 0x02, 0xCC, 0x61, 0x25, 0x71, 0xE6 },
+    { 0xAC, 0xF3, 0x9F, 0xB4, 0x9C, 0xBA, 0xA0, 0xB4, 0xBC, 0x04, 0xC5, 0x48, 0x22, 0x45, 0x43, 0xB7, 0x50, 0x19, 0xBA, 0x63, 0x9C, 0xE4, 0xD0, 0xA5, 0x8C, 0xAE, 0xDA, 0xF1, 0x7E, 0x0F, 0x8D, 0x9F },
+    { 0xB1, 0xBB, 0x94, 0x8E, 0xDA, 0x56, 0x00, 0x9F, 0x5D, 0x66, 0xED, 0x7B, 0xDC, 0x58, 0x94, 0xE5, 0xE7, 0x72, 0xD4, 0x34, 0x1B, 0xB7, 0x04, 0x05, 0xC3, 0x65, 0x51, 0x89, 0x76, 0xEB, 0x95, 0x73 },
+    { 0xB1, 0x6E, 0xE2, 0x00, 0xDD, 0x3E, 0x0C, 0x85, 0xCC, 0xCD, 0x7F, 0xFC, 0x3D, 0x6B, 0xD7, 0x1E, 0xBC, 0xB7, 0x6B, 0x2F, 0x4C, 0x03, 0x3A, 0xB0, 0x60, 0x2F, 0x68, 0x6F, 0xCA, 0xDF, 0xC3, 0xFA },
+    { 0x09, 0x86, 0xEC, 0xA8, 0xE6, 0x31, 0xD1, 0x84, 0xCF, 0x4A, 0x15, 0xF4, 0xA5, 0x8D, 0x4A, 0x17, 0x62, 0x5E, 0x66, 0xFF, 0x0E, 0xDE, 0x48, 0x6B, 0xA1, 0x19, 0xE5, 0xD4, 0x15, 0x5A, 0x15, 0x45 },
+    { 0x41, 0xDF, 0x85, 0xF3, 0x64, 0x72, 0x36, 0x93, 0x9A, 0xDB, 0xB8, 0x8A, 0xBD, 0x30, 0xA5, 0xE0, 0x52, 0x72, 0x3E, 0x25, 0xDB, 0x09, 0xAB, 0x23, 0xF2, 0x8B, 0xBA, 0x55, 0x40, 0x56, 0xF5, 0xEB },
+    { 0x84, 0xB6, 0x8F, 0xDE, 0xB9, 0xF5, 0xDF, 0xBA, 0x8F, 0xBE, 0x03, 0x14, 0xC4, 0xC7, 0x9A, 0x1E, 0x3E, 0xAE, 0x97, 0xC9, 0xB0, 0x18, 0xFC, 0xAC, 0x88, 0xFD, 0x9B, 0xD4, 0x07, 0x08, 0x6E, 0x70 },
+    { 0xB9, 0x00, 0xCD, 0x3F, 0x06, 0xF1, 0x61, 0x8B, 0x68, 0xC1, 0x66, 0x65, 0x80, 0x72, 0x06, 0xDB, 0xE2, 0x73, 0xDF, 0x40, 0x13, 0x53, 0x61, 0xF4, 0x49, 0x84, 0x7D, 0x57, 0x39, 0x03, 0xFA, 0xBD },
+    { 0xBD, 0x9D, 0x3D, 0x60, 0xA6, 0x6B, 0x53, 0x86, 0x8E, 0xAB, 0x2A, 0x5C, 0x74, 0x53, 0x9A, 0x51, 0x8A, 0x1F, 0x60, 0xF0, 0x1E, 0xB1, 0x76, 0xC6, 0x0E, 0x43, 0xDE, 0xE8, 0x16, 0x80, 0xB3, 0x3E },
+    { 0xA5, 0x86, 0x65, 0xA2, 0xCB, 0x95, 0x30, 0xC5, 0x02, 0x09, 0x6A, 0x79, 0x57, 0xA7, 0x6E, 0x42, 0x8A, 0xF4, 0xAD, 0x04, 0x4B, 0x4D, 0xA5, 0xC4, 0x71, 0xF9, 0xDA, 0x6F, 0x7B, 0x3E, 0x58, 0x68 },
+    { 0x23, 0x3B, 0x38, 0xDC, 0x79, 0x2B, 0x0B, 0xF3, 0xB4, 0x34, 0x5A, 0x4C, 0x12, 0xAE, 0x6E, 0xF2, 0x58, 0x90, 0x7F, 0x9F, 0x23, 0xBB, 0x8A, 0x48, 0xFB, 0x3D, 0x2C, 0x53, 0xC1, 0x71, 0xC4, 0x76 },
+    { 0xD1, 0x0C, 0x48, 0xFE, 0x22, 0xF4, 0x1C, 0xEF, 0x30, 0x0A, 0x09, 0x5C, 0xAE, 0x25, 0xC3, 0x56, 0x8F, 0xA2, 0xE4, 0x8F, 0xF6, 0xA0, 0xAF, 0xF0, 0xE6, 0x45, 0x7C, 0x7A, 0x40, 0x01, 0x35, 0x88 },
+    { 0x6C, 0x73, 0x55, 0x83, 0xF6, 0x0D, 0x13, 0x57, 0x4D, 0xA7, 0x9B, 0x62, 0xBA, 0x7D, 0x3E, 0x87, 0xF5, 0xFD, 0x09, 0x35, 0xD2, 0x26, 0x97, 0xEC, 0xAF, 0xC1, 0x7F, 0x39, 0x58, 0x25, 0xAE, 0x78 },
+    { 0xF2, 0x49, 0x19, 0xE8, 0xFE, 0xA2, 0x71, 0x8C, 0xBF, 0x9A, 0x8B, 0xF0, 0x98, 0x38, 0x1E, 0x0B, 0xE6, 0x6D, 0x1B, 0x96, 0x54, 0xAE, 0xC0, 0x4B, 0xEF, 0x00, 0x12, 0xAD, 0x9D, 0x0B, 0x38, 0x2D },
+    { 0xD9, 0x2A, 0x87, 0x30, 0x36, 0xD0, 0x32, 0x8E, 0xB8, 0x35, 0x76, 0x66, 0x97, 0x72, 0x6C, 0xC8, 0x1A, 0x6A, 0xA2, 0x2A, 0xDA, 0x1A, 0x52, 0x24, 0x8B, 0xE8, 0x04, 0x4C, 0x65, 0xC3, 0xEB, 0xBF },
+    { 0xBA, 0x2A, 0xAD, 0x77, 0x83, 0x0B, 0x4F, 0x5C, 0xFF, 0xDA, 0x77, 0x1F, 0xEF, 0xEF, 0x9E, 0x8C, 0x1E, 0x94, 0x7C, 0x97, 0xA1, 0x07, 0x72, 0x5F, 0x0D, 0x37, 0xE6, 0x9A, 0xF5, 0xB2, 0xFD, 0xC1 },
+    { 0x30, 0xB7, 0x80, 0xA6, 0x2A, 0xF5, 0x95, 0xCA, 0x6D, 0x21, 0xA6, 0x7B, 0xCF, 0x88, 0xAE, 0x12, 0xDA, 0xA3, 0xE3, 0x36, 0xDB, 0xBA, 0x52, 0xF4, 0x11, 0x2D, 0x37, 0x16, 0xBC, 0x0E, 0x63, 0x3C },
+    { 0xD3, 0xC0, 0x61, 0x33, 0x3D, 0x56, 0x3A, 0xFE, 0xDA, 0xE0, 0x90, 0x7A, 0xED, 0x1B, 0x39, 0x8A, 0x0D, 0x9B, 0xBA, 0x6A, 0x7B, 0xF3, 0x81, 0x11, 0xC1, 0x98, 0xD3, 0x73, 0x49, 0x85, 0xAA, 0x30 },
+    { 0x0D, 0x1A, 0x50, 0x49, 0x17, 0x18, 0xB3, 0x00, 0x24, 0x65, 0x2B, 0x02, 0xF6, 0xBB, 0xC8, 0xFD, 0x64, 0x89, 0x96, 0x28, 0x9B, 0x80, 0xBC, 0x68, 0x9B, 0x88, 0x63, 0xF9, 0x2A, 0xF3, 0xF0, 0x2A },
+    { 0xB4, 0xCB, 0x36, 0x55, 0xCF, 0xD0, 0xFF, 0x0C, 0xD9, 0x59, 0x0F, 0x6F, 0x24, 0xC5, 0xF3, 0x4C, 0xF9, 0xB2, 0xC6, 0xFA, 0xC8, 0x77, 0xCD, 0x3E, 0x03, 0x94, 0x25, 0x4D, 0x61, 0xAC, 0xA9, 0x2C },
+    { 0xCC, 0x14, 0x0B, 0xC4, 0x6B, 0x2F, 0x71, 0xE2, 0x2B, 0xDC, 0x55, 0x3F, 0x79, 0x39, 0xEA, 0x69, 0xEB, 0x69, 0x41, 0xDA, 0xCE, 0xCB, 0x1D, 0xD7, 0xE3, 0x64, 0x16, 0xC6, 0x3C, 0x8E, 0xCD, 0x1F },
+    { 0xE0, 0xB6, 0x8F, 0x41, 0x5B, 0x40, 0x82, 0x60, 0xD1, 0x8E, 0x70, 0xCF, 0x9C, 0x9D, 0x0C, 0x0E, 0x73, 0xA8, 0x73, 0x44, 0x81, 0x4F, 0x6D, 0xE5, 0xB4, 0x76, 0x9B, 0x0A, 0xC3, 0x88, 0xBD, 0xDF },
+    { 0x09, 0xA3, 0x7F, 0x0B, 0x5D, 0x1C, 0x58, 0x2A, 0x39, 0xB0, 0x76, 0xA4, 0x29, 0x08, 0x5D, 0xB4, 0x8F, 0xED, 0x6D, 0xD4, 0xA1, 0x96, 0x19, 0xCA, 0x66, 0xCF, 0x29, 0x39, 0x6B, 0x34, 0x91, 0x1D },
+    { 0xEF, 0x8D, 0x86, 0x52, 0xAB, 0xD1, 0xF6, 0xC1, 0xAD, 0x29, 0x8F, 0x37, 0x50, 0xD4, 0xD4, 0x59, 0xF1, 0xE0, 0xA8, 0x23, 0xD8, 0x41, 0x5C, 0x22, 0x4C, 0xB5, 0x0E, 0xDC, 0xF3, 0x47, 0x51, 0x99 },
+    { 0xB1, 0xF1, 0x67, 0x20, 0x71, 0xC9, 0xF7, 0x5A, 0x5F, 0xB2, 0x2B, 0xAF, 0xC9, 0x67, 0x22, 0xCD, 0x97, 0x05, 0xDB, 0x76, 0xD3, 0x4D, 0x00, 0x17, 0x0E, 0x07, 0xD0, 0x77, 0xB2, 0x22, 0x48, 0x63 },
+    { 0xC1, 0x54, 0x8D, 0xC2, 0x08, 0x9F, 0x06, 0x74, 0x07, 0xD0, 0xEE, 0x60, 0x2A, 0xC1, 0x4F, 0x2B, 0x3C, 0x51, 0xD9, 0x59, 0xBB, 0x88, 0x0B, 0x7F, 0xAF, 0x61, 0xAC, 0x11, 0xD7, 0x40, 0xA6, 0xFD },
+    { 0x56, 0xC4, 0xDF, 0x3D, 0x75, 0x03, 0x9D, 0xB9, 0x6B, 0x97, 0x51, 0x29, 0x08, 0xBA, 0xA1, 0xC7, 0x63, 0x21, 0xF2, 0x04, 0x80, 0xB8, 0xEA, 0xE5, 0x5B, 0xD9, 0x7F, 0x48, 0xB3, 0xB4, 0xCB, 0xFB },
+    { 0xA1, 0x8B, 0x3B, 0x8A, 0x87, 0xB0, 0xA3, 0xBA, 0x20, 0x66, 0x73, 0x4E, 0x20, 0xD1, 0xF2, 0x64, 0x65, 0x52, 0xAE, 0x11, 0x6A, 0x35, 0x31, 0xAC, 0x0C, 0x48, 0x39, 0x87, 0xC3, 0xFE, 0x54, 0x26 },
+    { 0xA0, 0x9D, 0x34, 0x48, 0x15, 0x8D, 0x82, 0x46, 0x57, 0xE2, 0x49, 0x63, 0xB0, 0xDD, 0x71, 0x81, 0xBD, 0x11, 0xEE, 0xC4, 0xAD, 0x18, 0x15, 0xA0, 0xCB, 0x7C, 0x0A, 0x45, 0xAF, 0x4F, 0x1E, 0x0A },
+    { 0xD2, 0xD1, 0x0D, 0xC1, 0xB3, 0x2B, 0x54, 0xA6, 0xED, 0x86, 0x6E, 0x9A, 0xE5, 0xEB, 0xD0, 0xD3, 0x0E, 0x17, 0x5D, 0xC0, 0x21, 0x1B, 0x94, 0x5F, 0x0B, 0x1D, 0x97, 0xA4, 0x2F, 0x65, 0x86, 0x0E },
+    { 0xEC, 0x5B, 0x70, 0xB8, 0xB9, 0xCB, 0x77, 0x03, 0x73, 0x49, 0x15, 0xE4, 0xA7, 0x3D, 0xD2, 0x26, 0x84, 0xCC, 0x79, 0x67, 0x81, 0xC8, 0xAF, 0x29, 0x8B, 0x76, 0xC9, 0xC2, 0x20, 0xFC, 0x2C, 0xCD },
+    { 0x7E, 0x1A, 0xC0, 0x99, 0x00, 0x3D, 0x8D, 0xBB, 0x94, 0xB6, 0x17, 0x4E, 0x1D, 0x9A, 0xC9, 0x48, 0x06, 0xFE, 0xA0, 0x50, 0x5D, 0xEC, 0xBB, 0x2F, 0x44, 0xED, 0xF7, 0xA7, 0xF4, 0xC5, 0x5D, 0x9F },
+    { 0xF5, 0xD3, 0x13, 0x4B, 0x3C, 0x08, 0x94, 0x73, 0x80, 0x24, 0xA9, 0x6C, 0xBB, 0x56, 0xFC, 0x2C, 0xDA, 0xB7, 0x2D, 0x99, 0xFD, 0x9E, 0x97, 0x96, 0x5A, 0xDC, 0xB6, 0xB8, 0xA2, 0x43, 0xDE, 0x09 },
+    { 0x7A, 0x73, 0x6E, 0x2E, 0x8E, 0xD2, 0xCF, 0xFF, 0xC3, 0xAC, 0x4B, 0xE0, 0x18, 0x4D, 0x7F, 0xBF, 0xE4, 0x65, 0x34, 0x3A, 0x2F, 0x86, 0x7A, 0x83, 0x50, 0xBE, 0x8E, 0x3D, 0x08, 0x21, 0xEA, 0x76 },
+    { 0x36, 0xBB, 0x5C, 0xCA, 0xFD, 0xBD, 0xEA, 0xD8, 0x49, 0x33, 0xCD, 0xF8, 0x4A, 0xE5, 0x15, 0x23, 0x28, 0x9B, 0xA2, 0xBF, 0x5D, 0x66, 0x2F, 0xDA, 0xE6, 0x73, 0x53, 0xE5, 0xC3, 0x1B, 0xE8, 0x1F },
+    { 0x09, 0xCC, 0x7B, 0xCC, 0xBF, 0x90, 0x8D, 0x95, 0x1F, 0xB0, 0xD9, 0x26, 0x29, 0x8E, 0x0F, 0x54, 0x6B, 0xD6, 0xA7, 0xA9, 0x77, 0x24, 0xAE, 0xFD, 0x26, 0xD6, 0xF7, 0xE5, 0x9D, 0x20, 0x8B, 0x46 },
+    { 0x4A, 0x99, 0xFA, 0x51, 0x04, 0xDC, 0xF3, 0xB3, 0xDB, 0x1A, 0xBF, 0x99, 0x89, 0xF6, 0x05, 0xDB, 0x41, 0xF4, 0x7E, 0x99, 0x64, 0x98, 0xE8, 0x95, 0x08, 0x39, 0x3B, 0xD4, 0x98, 0x01, 0x0D, 0x14 },
+    { 0x55, 0x60, 0x63, 0x49, 0xF7, 0x39, 0x94, 0x3D, 0x50, 0x58, 0x60, 0x7C, 0xEA, 0xC1, 0x96, 0x9F, 0x85, 0x5D, 0x28, 0xB9, 0xA1, 0xA9, 0xB3, 0xAC, 0xD6, 0xFE, 0xDD, 0x4B, 0x39, 0x6A, 0xC5, 0x0F },
+    { 0x10, 0x33, 0x93, 0x4C, 0xD0, 0xB8, 0x8F, 0xF3, 0x75, 0x3D, 0x64, 0xCE, 0x19, 0x44, 0x72, 0xC4, 0x0B, 0xAF, 0x64, 0x4C, 0xD8, 0xB0, 0xFE, 0x6A, 0xE8, 0xE5, 0xD1, 0x27, 0x0A, 0xED, 0x48, 0x28 },
+    { 0x50, 0x72, 0x89, 0x68, 0x62, 0xF6, 0xB9, 0xCF, 0xE8, 0xEF, 0x76, 0xD8, 0x05, 0x59, 0xE1, 0x56, 0x25, 0x47, 0x82, 0xA4, 0x0A, 0xC5, 0xF6, 0x4C, 0xBF, 0x79, 0x34, 0xAD, 0x1F, 0x62, 0x4B, 0x30 },
+    { 0xA6, 0xF2, 0x41, 0xBE, 0xA5, 0xD1, 0x64, 0x05, 0x81, 0x2C, 0x06, 0x01, 0x9D, 0x9F, 0x72, 0xD6, 0x01, 0x32, 0xBD, 0x7C, 0x08, 0x9C, 0x60, 0x54, 0x9B, 0x2E, 0x56, 0xBB, 0x01, 0xC6, 0x4F, 0x48 },
+    { 0xBF, 0xF4, 0xFA, 0x00, 0x6F, 0xE6, 0xFE, 0xAB, 0xB5, 0xCE, 0x9B, 0x21, 0x94, 0x92, 0xD0, 0xD2, 0x30, 0xF4, 0xD0, 0x5F, 0x2B, 0xAC, 0x42, 0xDB, 0x71, 0x89, 0xF4, 0x41, 0xB1, 0xE8, 0x3B, 0x53 },
+    { 0x75, 0x99, 0x0E, 0x96, 0x27, 0xBB, 0xB8, 0xC3, 0xF7, 0xC9, 0xE1, 0xF3, 0x8C, 0xB4, 0x1B, 0x51, 0xE5, 0x11, 0x05, 0x8E, 0x61, 0x90, 0x11, 0xF0, 0xD5, 0x67, 0xE1, 0xC0, 0x31, 0x60, 0x15, 0x1F },
+    { 0xF1, 0xFE, 0x88, 0xE3, 0xEA, 0x13, 0xAE, 0x2F, 0xBA, 0x90, 0x42, 0x7D, 0x2F, 0x2D, 0xDD, 0x29, 0x00, 0x2A, 0x34, 0xFF, 0x19, 0x89, 0x1A, 0x2E, 0xA5, 0x97, 0x5E, 0x16, 0x79, 0xBE, 0x51, 0xD0 },
+    { 0xD2, 0xFF, 0x3D, 0x2E, 0x18, 0x0C, 0x7B, 0x44, 0x01, 0x85, 0x03, 0x6C, 0xBF, 0xAD, 0xEF, 0x95, 0xA7, 0xDE, 0x89, 0x7E, 0xB1, 0xED, 0xD5, 0x65, 0xCB, 0x11, 0x28, 0x45, 0xAD, 0x63, 0x2F, 0xB2 },
+    { 0x9C, 0x6B, 0x59, 0x6A, 0x7B, 0x55, 0xE0, 0x6A, 0x85, 0x76, 0x65, 0xC0, 0x15, 0x36, 0xEB, 0x98, 0x62, 0x1D, 0x5E, 0xFA, 0xA1, 0x86, 0x92, 0x6B, 0xAC, 0x4C, 0x4B, 0xC7, 0x26, 0x80, 0xF5, 0xA5 },
+    { 0x4A, 0xE5, 0x7C, 0xDD, 0xE7, 0x06, 0x24, 0x7B, 0x6A, 0x0F, 0x3F, 0xEB, 0x5E, 0x2E, 0x96, 0x91, 0x35, 0x8A, 0x34, 0xBC, 0x12, 0x7F, 0xE6, 0x29, 0xE5, 0xF0, 0x88, 0x5E, 0x75, 0x1C, 0x68, 0x47 },
+    { 0xF4, 0xD2, 0x5E, 0x0C, 0xED, 0x01, 0x59, 0x65, 0xCA, 0x64, 0xF0, 0xFA, 0x2A, 0x02, 0x43, 0xEA, 0x4B, 0x6A, 0x2A, 0x28, 0x86, 0x91, 0xD3, 0x31, 0x92, 0x3F, 0x89, 0x15, 0xB1, 0x57, 0xC8, 0xE5 },
+    { 0xDC, 0xB2, 0x1F, 0x48, 0x33, 0xA5, 0x06, 0x06, 0x16, 0xE1, 0xE6, 0xF0, 0xAB, 0x19, 0x08, 0x33, 0xCC, 0xF6, 0x5C, 0xE6, 0xA9, 0x6E, 0x93, 0x33, 0x65, 0x82, 0xAE, 0x73, 0x2E, 0xDB, 0x55, 0xCA },
+    { 0x92, 0x10, 0x19, 0xC1, 0x9A, 0x28, 0x7F, 0x9A, 0x26, 0x99, 0x86, 0xEA, 0xE4, 0xF1, 0xC2, 0x7A, 0xF9, 0xAC, 0x6D, 0xA2, 0x84, 0x87, 0xEC, 0xF9, 0xAE, 0x70, 0x57, 0xEA, 0xBC, 0x6E, 0x15, 0x6E },
+    { 0x62, 0x21, 0xD9, 0xD6, 0xAD, 0x78, 0x39, 0x12, 0x7F, 0x69, 0x60, 0x1B, 0x1D, 0xAF, 0xBD, 0x5C, 0x2D, 0xEA, 0xA7, 0xD7, 0xF6, 0x5B, 0xE0, 0xF1, 0x0D, 0x1C, 0x76, 0x6F, 0x18, 0x7D, 0xB3, 0xA1 },
+    { 0x18, 0x89, 0x1B, 0x92, 0x4C, 0x37, 0x86, 0x46, 0x6E, 0x29, 0x48, 0xA1, 0x64, 0xDF, 0xFD, 0xFC, 0xCC, 0x39, 0xD9, 0x0E, 0x02, 0xFE, 0xB2, 0x23, 0xEE, 0x59, 0xC6, 0x84, 0x60, 0x33, 0x30, 0xEE },
+    { 0xF0, 0xF6, 0xD1, 0x14, 0xD5, 0xA9, 0xD7, 0x25, 0x89, 0x31, 0xB0, 0xC2, 0x30, 0xCA, 0xB4, 0x2D, 0x5F, 0xDD, 0x88, 0x5E, 0x10, 0x40, 0xB1, 0x64, 0xD6, 0x7C, 0x5E, 0x0D, 0x81, 0x9D, 0xF0, 0xF5 },
+    { 0xB8, 0xFB, 0x1C, 0x67, 0x45, 0x7E, 0xDA, 0x64, 0x35, 0xFC, 0x12, 0xD6, 0x6A, 0x1D, 0x9C, 0x8F, 0xCB, 0x84, 0xAF, 0x39, 0xE3, 0x66, 0xE1, 0x2D, 0x91, 0x9C, 0x4A, 0xCE, 0xAB, 0xC8, 0x9A, 0x5F },
+    { 0x09, 0xE5, 0x2E, 0x20, 0xE9, 0x27, 0x6C, 0xD9, 0x3D, 0xE5, 0x80, 0xCD, 0x62, 0x24, 0x7C, 0x29, 0x06, 0x67, 0x86, 0x9B, 0x8D, 0xD0, 0x59, 0x4E, 0xE2, 0x06, 0xFA, 0x6C, 0x80, 0x3E, 0x66, 0xB3 },
+    { 0xF6, 0x70, 0xCE, 0x04, 0x25, 0x42, 0xF0, 0x94, 0x17, 0x0A, 0xAE, 0x96, 0x52, 0x9D, 0x9A, 0x66, 0x8D, 0xE5, 0x00, 0x7C, 0xED, 0x22, 0x6D, 0x0C, 0xC3, 0x3D, 0x89, 0x35, 0xC5, 0x89, 0xEC, 0xFE },
+    { 0x12, 0x56, 0xEA, 0xF4, 0x2D, 0xA2, 0x69, 0xCD, 0xF7, 0xB4, 0x06, 0x0F, 0xBF, 0xAC, 0x5C, 0x0C, 0x9E, 0x4F, 0x15, 0x7D, 0x75, 0xA4, 0x28, 0x0D, 0x5A, 0xE3, 0x92, 0xB4, 0x7E, 0xA7, 0x3A, 0x8D },
+    { 0x7E, 0xCC, 0x08, 0xFC, 0x32, 0xC0, 0xD0, 0x8D, 0xCB, 0xB1, 0xA7, 0xD9, 0xD6, 0x59, 0x3D, 0x61, 0x32, 0x55, 0xCA, 0xE7, 0xA0, 0x66, 0x0D, 0x84, 0x58, 0xC8, 0x9B, 0xD1, 0x5F, 0x14, 0x61, 0x32 },
+    { 0x63, 0xE6, 0x9C, 0xB1, 0xED, 0x97, 0x2E, 0xBD, 0xEF, 0xB6, 0x1D, 0xFA, 0x17, 0x2D, 0x4E, 0x7D, 0x26, 0xBE, 0x9A, 0x96, 0x94, 0x07, 0x18, 0xB3, 0xE3, 0xEA, 0x6E, 0x24, 0x5C, 0x34, 0xD2, 0x3D },
+    { 0xC4, 0xE8, 0x6E, 0xCB, 0x29, 0xD9, 0xA5, 0xBC, 0x01, 0x63, 0x7D, 0x11, 0x62, 0x83, 0xDF, 0x12, 0xC3, 0x64, 0xA6, 0xE4, 0x7D, 0x6E, 0x5A, 0x17, 0x5E, 0xBA, 0x86, 0x6E, 0xD8, 0x87, 0x5A, 0x4E },
+    { 0x62, 0x6F, 0x79, 0x54, 0x41, 0x9A, 0x36, 0x21, 0xA5, 0x1A, 0x4E, 0x5B, 0x8E, 0x51, 0x22, 0xFC, 0xA4, 0x64, 0x2C, 0xF4, 0x78, 0x6A, 0x78, 0x05, 0x92, 0x7E, 0x40, 0xC3, 0x77, 0x23, 0xC0, 0x07 },
+    { 0x07, 0xD1, 0x4C, 0xB0, 0x76, 0x8F, 0xB8, 0xB6, 0x62, 0xC9, 0x61, 0x5A, 0x55, 0xF3, 0x6C, 0x6F, 0xE5, 0xB0, 0x4C, 0x10, 0x9A, 0x28, 0xA6, 0x2B, 0xF6, 0xA3, 0x82, 0x21, 0xB7, 0xB3, 0x3C, 0x29 },
+    { 0x56, 0x29, 0xF6, 0x3E, 0x46, 0xBE, 0x54, 0x70, 0xDD, 0x66, 0x82, 0xEA, 0x8E, 0x0A, 0x3D, 0x94, 0x2D, 0xE2, 0x73, 0xBC, 0xAE, 0xDD, 0x80, 0x84, 0xF2, 0xEE, 0x92, 0x12, 0xB2, 0x90, 0x53, 0xE2 },
+    { 0x41, 0x46, 0x44, 0x5D, 0xDC, 0xD6, 0x93, 0x05, 0x7D, 0xEC, 0x80, 0x45, 0x7B, 0xC4, 0x6F, 0xD6, 0xBB, 0x65, 0xC2, 0x6E, 0xDF, 0xB7, 0x8D, 0x42, 0x56, 0x8B, 0xEC, 0x94, 0xD9, 0x9E, 0x1D, 0xF8 },
+    { 0xC0, 0xF2, 0x62, 0xA5, 0x8F, 0x3E, 0x66, 0x49, 0x64, 0x37, 0x5E, 0xDC, 0x29, 0x75, 0xFC, 0xCE, 0x1F, 0x4E, 0xCA, 0xF1, 0x8C, 0x02, 0x58, 0xE7, 0x2D, 0xB4, 0xD2, 0x5C, 0x9E, 0x08, 0xCC, 0x69 },
+    { 0x08, 0xFE, 0x27, 0xA3, 0xF8, 0x20, 0xD8, 0xC5, 0x2D, 0x62, 0x4D, 0xD9, 0x38, 0xAE, 0xD1, 0x61, 0x53, 0x6E, 0x1A, 0x33, 0xE5, 0xCE, 0x4C, 0xC6, 0x23, 0x9D, 0xF0, 0x5F, 0x0A, 0x59, 0xA7, 0x51 },
+    { 0x9C, 0x13, 0xF4, 0xCE, 0x1E, 0x97, 0x5A, 0x80, 0x1F, 0x37, 0x4F, 0x2F, 0x64, 0x70, 0xF1, 0x8F, 0xDE, 0x9F, 0x0D, 0xE8, 0xA8, 0xDF, 0x6B, 0x4E, 0x36, 0x75, 0x8B, 0xB0, 0x26, 0x76, 0x45, 0x42 },
+    { 0xB5, 0xE0, 0x05, 0x74, 0xC2, 0xBA, 0x7A, 0x65, 0xEA, 0x9D, 0xF2, 0xFC, 0x0F, 0x70, 0x67, 0x82, 0xC7, 0xBD, 0xA2, 0x7E, 0xBF, 0x5B, 0x24, 0xE1, 0x9A, 0x20, 0xAB, 0xB8, 0x6E, 0x3B, 0x6F, 0x04 },
+    { 0xD7, 0xCE, 0x45, 0x59, 0xE0, 0xA4, 0x5E, 0x4B, 0x0B, 0xE3, 0x12, 0x70, 0x44, 0x9F, 0xB1, 0xD4, 0x7C, 0x57, 0xE1, 0x79, 0xE3, 0xA4, 0x43, 0x1A, 0xA4, 0x72, 0x3F, 0x32, 0x0A, 0xF9, 0x2A, 0x7D },
+    { 0x00, 0xFF, 0x7C, 0x40, 0xF1, 0xDE, 0xC0, 0x62, 0xD9, 0x21, 0xC2, 0x41, 0xA6, 0xD5, 0xFD, 0x20, 0xAB, 0x48, 0x01, 0xEB, 0x8D, 0xC9, 0x8E, 0xF2, 0x0A, 0xA0, 0xA4, 0xE9, 0x73, 0x16, 0x9F, 0x23 },
+    { 0x1D, 0xBD, 0x86, 0x7B, 0x3D, 0x40, 0x71, 0xCD, 0xED, 0xEF, 0xCE, 0x29, 0x79, 0x07, 0x9A, 0x0D, 0x14, 0x8F, 0xFF, 0xB9, 0x01, 0x89, 0xE2, 0x4F, 0x3E, 0x49, 0x43, 0x52, 0xD5, 0x5B, 0x32, 0xB8 },
+    { 0x58, 0xDB, 0xF7, 0x08, 0x68, 0x7D, 0xF3, 0x97, 0x48, 0x3F, 0xA2, 0xBE, 0x31, 0x06, 0x47, 0xFC, 0x11, 0xF2, 0x4D, 0xB0, 0xCC, 0x07, 0x23, 0xC1, 0xB0, 0x79, 0xEC, 0x2D, 0xD4, 0x33, 0xFA, 0x26 },
+    { 0xEF, 0xA6, 0xAF, 0x2D, 0x55, 0xDA, 0xDD, 0xD7, 0xC4, 0x79, 0x60, 0x67, 0x1F, 0x45, 0x22, 0xF3, 0x46, 0xDB, 0x32, 0xF5, 0x09, 0xF1, 0x39, 0x0B, 0x91, 0x49, 0xFD, 0xA5, 0x5E, 0x88, 0xB7, 0x05 },
+    { 0xE0, 0x05, 0xA4, 0x12, 0x9C, 0xA6, 0xC4, 0x41, 0xD9, 0x2C, 0x59, 0x2F, 0x42, 0x2C, 0x7C, 0x80, 0x93, 0x6E, 0x78, 0xF6, 0xA6, 0x27, 0xC3, 0xCB, 0x17, 0x32, 0x7F, 0xAF, 0x0E, 0x5F, 0x76, 0x04 },
+    { 0x86, 0xCE, 0x35, 0x14, 0x6F, 0x77, 0x12, 0x9E, 0xA1, 0xA2, 0xD3, 0xA2, 0x42, 0xEA, 0x6B, 0xA6, 0x38, 0xC2, 0x69, 0x94, 0xEF, 0x78, 0x70, 0x74, 0x7D, 0x2C, 0xA7, 0xC5, 0x91, 0xF6, 0xFF, 0xE5 },
+    { 0x31, 0xB3, 0xC6, 0xBB, 0x3E, 0xF3, 0xFE, 0xE1, 0xC8, 0x20, 0xF2, 0xBD, 0xA3, 0x1A, 0x52, 0x38, 0x7A, 0xAA, 0xE8, 0x16, 0x00, 0x3D, 0xDB, 0x99, 0x2A, 0xC0, 0x3D, 0x2D, 0xD9, 0xC6, 0xE0, 0x05 },
+    { 0xA4, 0xBC, 0x45, 0x3C, 0x84, 0xF8, 0x24, 0xF1, 0x00, 0x92, 0xE8, 0xE9, 0x03, 0x17, 0x99, 0x95, 0x7E, 0x98, 0x4A, 0x29, 0xBB, 0xAE, 0x5E, 0x84, 0x34, 0x5E, 0x82, 0xF4, 0x8D, 0xD7, 0x11, 0x92 },
+    { 0x53, 0xE2, 0xB4, 0x37, 0x6B, 0xA5, 0xD9, 0xED, 0xB8, 0x32, 0x22, 0xEA, 0x38, 0x48, 0x8F, 0x86, 0x20, 0x76, 0x04, 0x66, 0xFA, 0xFE, 0x2A, 0x13, 0x9A, 0x0A, 0x0E, 0xFB, 0x5A, 0x13, 0xBB, 0xDF },
+    { 0x1F, 0x15, 0x99, 0xE7, 0x8E, 0x22, 0x78, 0xDD, 0xEA, 0x1F, 0x73, 0x08, 0x74, 0xF3, 0x50, 0x43, 0xDF, 0x8D, 0xA1, 0xB3, 0x6A, 0x4C, 0xEC, 0x02, 0x97, 0x36, 0xEB, 0x83, 0x22, 0x55, 0x0E, 0x7C },
+    { 0x69, 0x6A, 0x1A, 0x34, 0x34, 0x07, 0xB0, 0x6B, 0x9A, 0xE6, 0x09, 0x6C, 0x40, 0x7D, 0x09, 0x98, 0xA4, 0xB6, 0x5F, 0xCF, 0xD6, 0xE3, 0xB7, 0xB1, 0xAD, 0xC7, 0xE8, 0xF5, 0x8F, 0x53, 0x6C, 0xF3 },
+    { 0x21, 0x9F, 0x6B, 0xC8, 0x7C, 0x08, 0xBB, 0xAD, 0xF0, 0x3F, 0xA9, 0xC8, 0x9B, 0x7C, 0x21, 0xAE, 0x79, 0x43, 0x7F, 0x6A, 0x28, 0xB3, 0xE6, 0x75, 0x52, 0xB5, 0x19, 0xAB, 0x3D, 0x23, 0xD4, 0x90 },
+    { 0x61, 0x53, 0x0E, 0xC0, 0x48, 0x1A, 0x7F, 0x69, 0x78, 0xF9, 0x44, 0x58, 0xFF, 0x1C, 0x4A, 0x8C, 0x70, 0x96, 0x8E, 0x60, 0x42, 0xAF, 0x77, 0xF6, 0x55, 0x6B, 0x9E, 0xF5, 0x47, 0x50, 0xCC, 0x58 },
+    { 0xD7, 0x87, 0x5C, 0x3A, 0xB1, 0x81, 0x16, 0xFE, 0xD8, 0x66, 0xA0, 0xD7, 0xBB, 0x41, 0x3A, 0x17, 0xDE, 0xA3, 0x00, 0x3C, 0x7F, 0xE3, 0xAB, 0x1C, 0xAF, 0x06, 0xE6, 0x89, 0x46, 0x14, 0x67, 0xF0 },
+    { 0x93, 0x4F, 0xDD, 0xDE, 0xBD, 0x08, 0xE4, 0x38, 0xE8, 0xEB, 0x84, 0x0F, 0x91, 0x01, 0x67, 0x69, 0xE8, 0x5B, 0xD2, 0xB2, 0x39, 0x81, 0xA5, 0xCF, 0x48, 0x71, 0xA6, 0x14, 0xC8, 0xF8, 0x55, 0x47 },
+    { 0xED, 0xD0, 0x1D, 0x5B, 0xCF, 0x39, 0xCD, 0xE3, 0x81, 0x3A, 0xE1, 0x26, 0x17, 0x33, 0x26, 0xE8, 0x9C, 0xCC, 0xE6, 0xAD, 0x45, 0xE5, 0x04, 0x17, 0x6E, 0x81, 0xBF, 0x5A, 0xE8, 0x21, 0x79, 0xF8 },
+    { 0x6D, 0xBD, 0xC2, 0x68, 0x40, 0x26, 0xF5, 0xD8, 0xF4, 0xB0, 0x37, 0x12, 0x89, 0x3B, 0xA2, 0x09, 0xCB, 0xC1, 0x8C, 0x6E, 0xFD, 0xD9, 0x71, 0x47, 0xA8, 0xCD, 0xF0, 0x3A, 0x4C, 0xB0, 0x2B, 0x1D },
+    { 0xBC, 0x3B, 0x15, 0x3E, 0xFA, 0x5E, 0x77, 0x92, 0xE9, 0xD5, 0x02, 0x63, 0xE8, 0xBC, 0x7D, 0x8E, 0x62, 0x29, 0x37, 0x88, 0x7D, 0x22, 0x64, 0x87, 0x65, 0x44, 0xA1, 0xEF, 0xF6, 0xA7, 0x72, 0x05 },
+    { 0x61, 0x57, 0x1D, 0x0E, 0x74, 0x67, 0x3F, 0x6F, 0x4D, 0x69, 0x88, 0xF5, 0xCE, 0x71, 0xC4, 0xD3, 0x56, 0xFE, 0xE4, 0x40, 0xCC, 0xFF, 0x5B, 0x49, 0xF1, 0x60, 0x6C, 0xF6, 0xBC, 0x5B, 0x01, 0xBB },
+    { 0xC3, 0x26, 0x98, 0x8B, 0x13, 0x01, 0x65, 0x60, 0xAD, 0xE4, 0x86, 0xF1, 0x34, 0xCE, 0x76, 0xD8, 0xAB, 0xCE, 0x06, 0x07, 0x2C, 0xCC, 0x1D, 0xFA, 0x22, 0x11, 0x03, 0x00, 0x84, 0x03, 0x00, 0x62 },
+    { 0x16, 0x29, 0xDD, 0xB6, 0x54, 0x2F, 0x0E, 0x98, 0x20, 0x74, 0x31, 0x60, 0x9F, 0xBF, 0xDC, 0x7D, 0xCF, 0x8D, 0x03, 0xFA, 0x44, 0x91, 0xE6, 0x1E, 0x09, 0xC6, 0xFE, 0x4E, 0x41, 0x2C, 0x45, 0xCE },
+    { 0x66, 0x9F, 0x94, 0x36, 0xEF, 0x5C, 0x22, 0xBD, 0x5E, 0xE7, 0xF1, 0xE1, 0xE9, 0xE7, 0xFF, 0x71, 0x71, 0xBC, 0x09, 0xD0, 0x64, 0x11, 0xCD, 0x6F, 0xB5, 0xEE, 0x9D, 0xC0, 0xE1, 0x96, 0x57, 0x3E },
+    { 0x7D, 0x93, 0x48, 0x63, 0xAA, 0xFB, 0xAB, 0xDA, 0x69, 0xD2, 0xD4, 0x26, 0xA1, 0xBF, 0xA4, 0x91, 0x92, 0xC8, 0x49, 0x80, 0x60, 0xD1, 0xD5, 0xCC, 0xE9, 0x34, 0x19, 0xCA, 0xE0, 0x62, 0xE0, 0x09 },
+    { 0xAD, 0xE7, 0xC8, 0xF2, 0xEC, 0xD6, 0xA0, 0x5E, 0x62, 0xFA, 0x8E, 0x80, 0x80, 0x75, 0x11, 0x96, 0xE8, 0x66, 0x4F, 0xB3, 0xA0, 0x82, 0x2D, 0xB5, 0x2B, 0xF7, 0x94, 0x0B, 0x24, 0x25, 0xFA, 0xE2 },
+    { 0xFC, 0x9F, 0x25, 0xF6, 0x45, 0x31, 0x5C, 0x10, 0xE6, 0xF1, 0xEB, 0x7D, 0x71, 0x87, 0x79, 0xB8, 0x28, 0xCB, 0x23, 0xDB, 0xD2, 0x51, 0x56, 0xB5, 0x4D, 0xBF, 0xC6, 0x25, 0xD9, 0x8E, 0x92, 0x99 },
+    { 0x45, 0x58, 0x22, 0xA1, 0x4D, 0x4D, 0xF9, 0xA7, 0xC7, 0x4C, 0x19, 0x4E, 0x15, 0x47, 0x82, 0x9D, 0x12, 0x09, 0xD8, 0xB2, 0x91, 0x22, 0xF6, 0x14, 0x88, 0x0C, 0x47, 0xB0, 0x1F, 0xCC, 0x60, 0x5E },
+    { 0x7A, 0x7E, 0xDA, 0x2F, 0xFA, 0xE6, 0x2B, 0x7B, 0x27, 0xFA, 0x8A, 0xD0, 0xD4, 0x09, 0xE3, 0x33, 0x49, 0x44, 0x1C, 0xC9, 0x29, 0x1E, 0x62, 0xF8, 0xF7, 0x19, 0x1F, 0x0A, 0x64, 0x1F, 0x37, 0x4C },
+    { 0x87, 0x3E, 0xE8, 0x8B, 0x54, 0x5F, 0x27, 0x52, 0x61, 0xEC, 0xFD, 0xC5, 0x40, 0x60, 0x5B, 0xC8, 0x02, 0x6E, 0x76, 0x10, 0x08, 0x46, 0xE5, 0x9F, 0xE8, 0xFD, 0x90, 0x61, 0xDB, 0x13, 0x0B, 0xEF },
+    { 0xEE, 0x36, 0xF1, 0x45, 0x89, 0x1A, 0x5B, 0x2C, 0xF5, 0x9B, 0x7F, 0xCD, 0x90, 0xDE, 0xF5, 0xE4, 0x14, 0x05, 0x44, 0x4B, 0xC7, 0x77, 0x81, 0x76, 0x80, 0xD8, 0xA8, 0x61, 0x76, 0x61, 0xC0, 0xEB },
+    { 0x32, 0x9A, 0x54, 0xEE, 0xAE, 0x68, 0x81, 0xB1, 0xCF, 0xA7, 0x7E, 0xC4, 0x82, 0x89, 0x7C, 0x59, 0x2F, 0x94, 0x21, 0xF1, 0x4E, 0x13, 0xB4, 0x15, 0xB6, 0xDB, 0x1B, 0x90, 0xFF, 0x15, 0x34, 0x34 },
+    { 0x9C, 0x1F, 0x0A, 0x7E, 0xCD, 0x6A, 0x2B, 0xAA, 0xE0, 0x3F, 0x4E, 0x1D, 0x22, 0x0B, 0xB1, 0x13, 0xB9, 0xBC, 0xA8, 0x07, 0x32, 0x92, 0xAD, 0xEE, 0x8D, 0xBE, 0x22, 0x03, 0xCC, 0x37, 0x00, 0x7D },
+    { 0x2D, 0xB4, 0x53, 0x2F, 0x09, 0xC7, 0xBE, 0x12, 0x99, 0x68, 0x1C, 0x6B, 0x75, 0x92, 0xF6, 0x2F, 0xB7, 0xC7, 0xDA, 0x3B, 0xBD, 0x8C, 0xEA, 0xDE, 0x64, 0xF3, 0x8A, 0xA1, 0xC7, 0x50, 0x8C, 0x4A },
+    { 0x07, 0xA6, 0x8E, 0x45, 0x2E, 0xDA, 0x5B, 0x67, 0x3B, 0x28, 0xB9, 0x5A, 0x32, 0x43, 0x19, 0xFF, 0x0B, 0xB8, 0x54, 0x8B, 0x7B, 0xE6, 0x6E, 0x3C, 0x81, 0xA8, 0x91, 0xC1, 0x76, 0x0B, 0xF9, 0xF3 },
+    { 0x46, 0x66, 0xAF, 0xF6, 0xBA, 0x88, 0x68, 0x35, 0x28, 0x11, 0x52, 0xB3, 0x0F, 0xD2, 0x6F, 0x7D, 0x8D, 0x15, 0xC2, 0x60, 0xED, 0x13, 0x66, 0x77, 0xC6, 0xDB, 0x21, 0x59, 0x3A, 0x47, 0x6A, 0x4E },
+    { 0xD9, 0x68, 0x93, 0x8C, 0x7F, 0x78, 0x49, 0x40, 0x31, 0x60, 0xE2, 0x91, 0xEA, 0x54, 0xAD, 0x79, 0xC0, 0xCA, 0xF1, 0x23, 0x7C, 0x13, 0x75, 0xA0, 0xB5, 0x53, 0xD5, 0xC8, 0x12, 0x2F, 0x88, 0xB3 },
+    { 0xCE, 0x8C, 0x10, 0x47, 0x06, 0x35, 0x27, 0xF5, 0x2D, 0xDD, 0xF7, 0x7D, 0xFA, 0x8C, 0xFF, 0x33, 0xCA, 0xD0, 0x7E, 0xDD, 0x98, 0x1A, 0xAE, 0x3F, 0xE8, 0x45, 0x95, 0x82, 0x09, 0xC0, 0xEC, 0x1F },
+    { 0x43, 0x4B, 0xBA, 0xFE, 0xF0, 0x77, 0x14, 0x65, 0x36, 0x01, 0xE7, 0x35, 0xC5, 0xBC, 0x3E, 0xE7, 0x1D, 0x41, 0xE5, 0x9B, 0xB5, 0xF4, 0x18, 0xA5, 0xAA, 0xF0, 0x2F, 0xED, 0xDE, 0x6F, 0x86, 0xA2 },
+    { 0x03, 0x68, 0xA2, 0xCC, 0x22, 0x42, 0x2A, 0x50, 0xD3, 0x15, 0x48, 0x88, 0x4A, 0xA9, 0xF1, 0xBF, 0x53, 0x94, 0x09, 0xC7, 0x34, 0xA3, 0x66, 0x2D, 0xED, 0x43, 0xCF, 0xDE, 0x64, 0x91, 0xF3, 0x69 },
+    { 0xD8, 0x85, 0xE2, 0x41, 0x0C, 0x4F, 0xF1, 0x9D, 0x4F, 0xA9, 0x48, 0x9C, 0x84, 0xE3, 0x91, 0x5E, 0x42, 0x1D, 0x3F, 0x68, 0x71, 0xF6, 0x9E, 0xFC, 0xCF, 0x52, 0xC3, 0x23, 0xBB, 0xA9, 0xCB, 0xFF },
+    { 0x78, 0xAE, 0x31, 0x3E, 0xEE, 0x58, 0xF9, 0x8C, 0xE8, 0xAF, 0x80, 0x13, 0x3A, 0xBA, 0xD2, 0xED, 0x16, 0x46, 0x7D, 0x4E, 0x92, 0x77, 0x2F, 0x2D, 0xA0, 0x5D, 0x58, 0x2E, 0x41, 0x07, 0x01, 0xA6 },
+    { 0xCC, 0x3F, 0xDF, 0x7B, 0xB9, 0xC3, 0x10, 0x13, 0x2E, 0x2A, 0x2E, 0x77, 0xE4, 0x4A, 0x32, 0x7B, 0xA1, 0xD7, 0x39, 0x30, 0xFB, 0x63, 0x64, 0xF0, 0x38, 0x5B, 0x87, 0x16, 0x4E, 0x36, 0x54, 0xEE },
+    { 0x9F, 0xD7, 0x77, 0x2B, 0xF7, 0x18, 0xAF, 0xD4, 0xE2, 0xD6, 0x56, 0xD3, 0x82, 0x9A, 0x6A, 0x84, 0xA1, 0x25, 0x9F, 0x13, 0xD9, 0xBF, 0xBD, 0xE1, 0xB5, 0x67, 0x81, 0x9E, 0xE1, 0x5A, 0xE4, 0x5B },
+    { 0x7C, 0xF9, 0x9C, 0x2F, 0x03, 0x2A, 0xF9, 0x83, 0x34, 0x03, 0xDC, 0x20, 0x1E, 0x42, 0x46, 0xC5, 0x40, 0x2A, 0xA5, 0xAE, 0x9C, 0xA3, 0xB3, 0xA9, 0x28, 0xA3, 0x3F, 0xDB, 0xB8, 0xB5, 0x9A, 0xB2 },
+    { 0xCF, 0xD2, 0x69, 0xB7, 0x3F, 0x73, 0x97, 0xDC, 0xDA, 0xED, 0x32, 0xAC, 0x64, 0xCE, 0x5D, 0x89, 0x63, 0xB5, 0xB3, 0x96, 0xDD, 0x64, 0x1E, 0xA8, 0xBB, 0xD9, 0x20, 0x8B, 0x2A, 0xDB, 0xD2, 0x3A },
+    { 0x21, 0x61, 0xCB, 0x63, 0xE4, 0xA5, 0x17, 0xBC, 0x1F, 0x1F, 0xCA, 0xA6, 0x87, 0x5D, 0x0E, 0x24, 0x53, 0xD9, 0x1F, 0x57, 0x7D, 0x24, 0x70, 0xB7, 0x8A, 0x24, 0xE7, 0xB2, 0xBC, 0xCB, 0xEC, 0xA1 },
+    { 0xA2, 0x49, 0x8F, 0x52, 0xC8, 0x0D, 0x8A, 0x83, 0x3C, 0x2A, 0xA7, 0x92, 0x46, 0xD5, 0xE0, 0xDE, 0x1E, 0x2B, 0x03, 0x76, 0x74, 0x4F, 0xA5, 0x1F, 0xB9, 0xFF, 0x29, 0x5A, 0xE7, 0x4B, 0x35, 0xE0 },
+    { 0x63, 0x4D, 0x01, 0x37, 0xC2, 0x59, 0x24, 0x08, 0x02, 0xA7, 0xE5, 0x74, 0x05, 0x3C, 0x6E, 0x80, 0x4A, 0x0B, 0xEC, 0x70, 0x4B, 0x14, 0x26, 0x05, 0x42, 0x20, 0xB0, 0x3E, 0xC0, 0x73, 0xD8, 0x7E },
+    { 0xBD, 0xEA, 0xB3, 0x9F, 0x4B, 0xDB, 0xFC, 0x12, 0x72, 0xE1, 0x0B, 0x61, 0xD8, 0x6A, 0xFD, 0x2C, 0x29, 0xD5, 0xC0, 0x4A, 0x7D, 0xE9, 0xDF, 0xEE, 0x06, 0x7C, 0x43, 0xF5, 0x3B, 0x28, 0xD3, 0xE6 },
+    { 0x9B, 0x33, 0x09, 0xB8, 0xBC, 0x1F, 0x66, 0xE3, 0xF6, 0xBD, 0x80, 0x8E, 0x7C, 0x35, 0x61, 0xB5, 0x1D, 0x3A, 0xCE, 0x7C, 0x59, 0x46, 0xCB, 0x92, 0xD9, 0x50, 0x71, 0xF0, 0x07, 0x77, 0x87, 0xA2 },
+    { 0xC7, 0x20, 0x54, 0xCD, 0x43, 0xEF, 0x37, 0xA6, 0xE8, 0x5B, 0x46, 0x75, 0xD7, 0xF2, 0x5F, 0x47, 0xC7, 0x8B, 0xC9, 0x6F, 0x7A, 0x1D, 0xB2, 0x4C, 0x87, 0xA3, 0xF9, 0xDA, 0x9D, 0x93, 0x41, 0xEE },
+    { 0xA0, 0xE6, 0xFC, 0xF1, 0xB2, 0xFC, 0x92, 0xA6, 0xB1, 0x56, 0xA3, 0x59, 0x19, 0xF6, 0x26, 0x9F, 0x4E, 0x6F, 0x1C, 0x8F, 0x32, 0x56, 0xD5, 0x83, 0x8D, 0x50, 0x0B, 0x1B, 0x1B, 0xFB, 0xA4, 0xAD },
+    { 0xE8, 0x2E, 0xE2, 0x1E, 0xDB, 0xF3, 0x4E, 0x94, 0xEB, 0x8B, 0xE4, 0x2B, 0xC3, 0xC6, 0x49, 0x92, 0xEA, 0x18, 0x67, 0xCB, 0xBD, 0xE9, 0x42, 0x97, 0xF5, 0x0C, 0x1E, 0xAC, 0xCF, 0x8A, 0xE0, 0x6D },
+    { 0xD1, 0x21, 0xD8, 0x8E, 0x42, 0xF0, 0x26, 0x87, 0x1A, 0x5B, 0x7E, 0xE6, 0xAE, 0x3E, 0x3E, 0x21, 0x45, 0xEB, 0xA5, 0x2B, 0xC4, 0x37, 0x94, 0xD4, 0x71, 0x10, 0x01, 0x7C, 0xB4, 0x63, 0xBC, 0x2F },
+    { 0x0F, 0x2A, 0x06, 0x2B, 0xEE, 0xDB, 0x5A, 0x37, 0x5D, 0xAF, 0xCE, 0x55, 0x0B, 0x00, 0x85, 0x3B, 0x4F, 0xAE, 0x9E, 0x80, 0x5E, 0xBF, 0x9B, 0x5A, 0xFF, 0x73, 0x32, 0x86, 0xC2, 0x3D, 0x97, 0xF7 },
+    { 0xDE, 0x0D, 0x36, 0x64, 0xFA, 0x3B, 0xD1, 0x18, 0x39, 0xBF, 0x02, 0xC9, 0x10, 0xF5, 0x77, 0x43, 0x0D, 0x86, 0x35, 0x0A, 0x15, 0xB5, 0xF4, 0xFB, 0x08, 0x6D, 0xEA, 0xF2, 0xC1, 0x42, 0xD8, 0xA3 },
+    { 0x9B, 0x4F, 0x64, 0xCB, 0x47, 0xF0, 0xD8, 0x30, 0x42, 0x56, 0x95, 0x16, 0x9F, 0x04, 0x53, 0x04, 0x51, 0x1C, 0xBC, 0x76, 0xC6, 0x18, 0xBE, 0x0C, 0x5D, 0xDA, 0xD6, 0xBE, 0x13, 0x3A, 0x80, 0x45 },
+    { 0xE2, 0x65, 0x52, 0x4B, 0x50, 0x41, 0xD1, 0x9A, 0xC7, 0xEE, 0xDB, 0xA7, 0x85, 0x6B, 0xF9, 0x48, 0x83, 0x4B, 0xCD, 0x16, 0x9B, 0x78, 0x0F, 0x62, 0x1C, 0x69, 0x16, 0xEF, 0x80, 0x89, 0x1A, 0xEA },
+    { 0x76, 0x0D, 0xD9, 0x26, 0xB3, 0x65, 0xF2, 0x65, 0x79, 0xB9, 0x4F, 0x3F, 0x7A, 0xBE, 0x51, 0x56, 0x22, 0xAD, 0xD9, 0xA2, 0x98, 0x01, 0xC3, 0x8F, 0x95, 0x28, 0xED, 0x78, 0x19, 0xE8, 0xD5, 0xD1 },
+    { 0xE5, 0xA0, 0xCB, 0x14, 0x92, 0x41, 0x59, 0xC9, 0x10, 0xC5, 0x46, 0x8A, 0xF9, 0x88, 0xFB, 0x7A, 0x03, 0xB1, 0x76, 0x7E, 0x18, 0x5B, 0x92, 0x70, 0x21, 0x51, 0x95, 0x47, 0x53, 0x7A, 0xFE, 0x32 },
+    { 0x19, 0xF5, 0x01, 0x3E, 0xF0, 0x56, 0xCC, 0x58, 0x97, 0xC7, 0x78, 0x51, 0x05, 0x33, 0x08, 0xD5, 0x49, 0xD1, 0xD2, 0xF1, 0x08, 0x4B, 0x44, 0xF4, 0x86, 0xD5, 0x66, 0x05, 0x50, 0xFC, 0x8A, 0x62 },
+    { 0xB9, 0xBB, 0xFE, 0x2F, 0x64, 0xF5, 0x79, 0xD4, 0xD4, 0xC0, 0x57, 0x2E, 0x10, 0x99, 0x13, 0xB2, 0xC4, 0xE2, 0xF7, 0x8C, 0x8E, 0x79, 0x7F, 0x21, 0x97, 0xEC, 0x42, 0xA8, 0x5B, 0xDD, 0x14, 0x22 },
+    { 0x56, 0xC2, 0x1C, 0xE5, 0xCA, 0x96, 0x3B, 0x22, 0xFC, 0x23, 0x93, 0xE9, 0x59, 0x70, 0x29, 0x8B, 0x1A, 0xB6, 0x94, 0x68, 0xA2, 0x09, 0xCF, 0x55, 0xAC, 0xFC, 0xBD, 0xBD, 0xE3, 0xCD, 0x6E, 0x50 },
+    { 0x60, 0xC4, 0x4A, 0xF4, 0xC4, 0xD3, 0x1C, 0xD5, 0x9A, 0x6B, 0xCF, 0xC3, 0xC9, 0x62, 0xCA, 0xCD, 0xBE, 0x10, 0x1A, 0x60, 0x52, 0xE1, 0x8E, 0x11, 0xCB, 0x7D, 0x0D, 0x14, 0xA4, 0x0F, 0x13, 0x02 },
+    { 0xB6, 0x93, 0x52, 0x3A, 0xC5, 0x6D, 0x0F, 0x8B, 0xF2, 0x3A, 0x07, 0xCE, 0x94, 0x36, 0xEE, 0x3D, 0x59, 0xEB, 0x95, 0x91, 0x31, 0x65, 0x01, 0xD6, 0x86, 0xC1, 0xDB, 0xE1, 0xA6, 0x57, 0x5B, 0x70 },
+    { 0xEA, 0xD3, 0x7B, 0x43, 0x72, 0x6A, 0x34, 0xF7, 0x8A, 0x06, 0x50, 0x22, 0x8E, 0x8C, 0x1C, 0xBE, 0x13, 0x51, 0x01, 0x25, 0x1E, 0x98, 0x27, 0xE0, 0x8C, 0x09, 0x44, 0xB7, 0x1A, 0x64, 0x44, 0x77 },
+    { 0x79, 0x92, 0x6A, 0x2D, 0x9A, 0x95, 0x23, 0x47, 0xB6, 0x10, 0xE3, 0x1C, 0x2B, 0x13, 0x0D, 0x9D, 0xEC, 0x28, 0xDC, 0xF2, 0x0C, 0xFA, 0x2E, 0xC5, 0x41, 0xAA, 0x47, 0x38, 0x42, 0xCE, 0x0D, 0x23 },
+    { 0xFB, 0x66, 0x9A, 0x5F, 0x3A, 0x82, 0xD0, 0x7C, 0x9D, 0x26, 0xAE, 0x0E, 0x00, 0xC5, 0x12, 0xF7, 0xD2, 0x07, 0x1F, 0x73, 0xAF, 0x60, 0x91, 0xB3, 0x8E, 0x56, 0x84, 0x66, 0x50, 0x66, 0xE5, 0x7E },
+    { 0xEE, 0xE6, 0x81, 0xAC, 0xB4, 0x52, 0xDC, 0xE9, 0x6C, 0x34, 0xB0, 0x14, 0x22, 0x22, 0xC1, 0x88, 0xE6, 0xBA, 0x9E, 0x4D, 0xD1, 0xAC, 0xC6, 0x49, 0xDA, 0xC1, 0x19, 0x6B, 0xBA, 0x55, 0x63, 0x06 },
+    { 0x6E, 0xDD, 0x4C, 0x0B, 0x40, 0xB3, 0x75, 0x16, 0x51, 0x9C, 0xD4, 0x7A, 0xD1, 0xA9, 0xDB, 0x4B, 0x73, 0xEB, 0x60, 0xE8, 0x99, 0xDA, 0xFF, 0x01, 0xDC, 0xF7, 0x2C, 0xDD, 0xF4, 0x14, 0x8E, 0x6A },
+    { 0x2A, 0x29, 0x8F, 0x19, 0x77, 0xFF, 0xED, 0xF9, 0xBD, 0xCE, 0x3F, 0x96, 0xED, 0x9A, 0x20, 0x4D, 0x33, 0x34, 0x1A, 0x4E, 0xCB, 0xB2, 0xE0, 0x9D, 0x34, 0x24, 0xB3, 0x14, 0x20, 0x95, 0xEF, 0x8F },
+    { 0xF5, 0xD5, 0x74, 0x1B, 0x4F, 0x78, 0x4E, 0x96, 0xD9, 0xED, 0x1F, 0xC0, 0x1B, 0x41, 0x4F, 0x84, 0xD7, 0xCF, 0x2C, 0x29, 0x45, 0x69, 0xFE, 0x9D, 0x41, 0xF5, 0xB9, 0x1B, 0xAD, 0x6F, 0x1C, 0xB8 },
+    { 0xC4, 0x59, 0xF3, 0x06, 0xA6, 0xD1, 0x64, 0x5D, 0xCA, 0xFE, 0xD3, 0x3E, 0x7E, 0x2A, 0xDD, 0xBD, 0xBE, 0x71, 0xD4, 0xC7, 0x26, 0x12, 0x70, 0x1B, 0x6B, 0x04, 0xAA, 0x83, 0x60, 0xE6, 0x47, 0xF4 },
+    { 0xD0, 0xD8, 0xDE, 0xDA, 0x8C, 0x4E, 0x1D, 0x51, 0x71, 0x80, 0x3E, 0x8C, 0x18, 0x17, 0xF2, 0x22, 0x2D, 0xDB, 0x2B, 0xCB, 0xA0, 0x04, 0x6C, 0xFF, 0x7B, 0xAB, 0xEF, 0x0E, 0x77, 0xDC, 0xA6, 0x12 },
+    { 0xAD, 0x6A, 0x76, 0x32, 0x9A, 0x7F, 0x49, 0xFD, 0xB4, 0x9C, 0x71, 0xB4, 0x85, 0x36, 0x36, 0x8A, 0xAA, 0x01, 0x7E, 0xCE, 0x0F, 0xA5, 0x23, 0x30, 0x4D, 0xEA, 0x5E, 0x26, 0x78, 0xF8, 0xD6, 0x87 },
+    { 0xFD, 0x7B, 0xFC, 0x0A, 0x64, 0x51, 0x03, 0xB4, 0xF7, 0x14, 0x34, 0x54, 0xE2, 0x57, 0x4E, 0x25, 0x55, 0xB5, 0xEF, 0x7E, 0x80, 0xEE, 0xE8, 0xD6, 0x08, 0x52, 0x02, 0xCD, 0xA6, 0x8F, 0x0D, 0x25 },
+    { 0xB6, 0xC2, 0x18, 0xB1, 0xC1, 0x6F, 0x13, 0xFF, 0xE0, 0x50, 0x22, 0x07, 0x60, 0x2C, 0x36, 0xCE, 0x02, 0xA5, 0xDE, 0xBE, 0x02, 0x73, 0x82, 0x2F, 0xAF, 0x4D, 0xD0, 0xFB, 0xA8, 0x2C, 0x97, 0xFE },
+    { 0x0E, 0xF8, 0x59, 0x18, 0x88, 0x34, 0x88, 0xDD, 0x82, 0x4F, 0xAE, 0x49, 0x82, 0xBD, 0x8B, 0x25, 0x25, 0xCA, 0xF4, 0x3B, 0xB1, 0x81, 0x59, 0x47, 0x15, 0x53, 0x37, 0xB3, 0xCD, 0xAF, 0xA3, 0x17 },
+    { 0xCD, 0x38, 0x79, 0x28, 0xAC, 0x3A, 0x1B, 0xAF, 0x1F, 0x3B, 0xF7, 0xF9, 0x29, 0xC4, 0x44, 0xA1, 0x67, 0x97, 0x51, 0x08, 0x21, 0x66, 0xE2, 0x88, 0x3D, 0x70, 0xF3, 0x38, 0xC4, 0x7F, 0xCB, 0xB8 },
+    { 0xC6, 0x67, 0xF6, 0x9D, 0xE9, 0xB5, 0x24, 0x36, 0x0D, 0x64, 0x3C, 0xF8, 0xFE, 0x94, 0x5C, 0x56, 0x94, 0x67, 0x1C, 0xE4, 0xE2, 0x14, 0x67, 0x1F, 0xE3, 0xC6, 0x51, 0x7E, 0x6C, 0xBF, 0x78, 0x60 },
+    { 0xB3, 0x06, 0xDC, 0x81, 0x81, 0x05, 0xCF, 0x47, 0x4A, 0x28, 0x5C, 0x5B, 0x29, 0xBC, 0x12, 0x7C, 0x3C, 0xE5, 0x88, 0xC1, 0x2B, 0xBC, 0x99, 0x2D, 0x71, 0x57, 0xA9, 0x06, 0xC8, 0x4E, 0x60, 0x2D },
+    { 0x47, 0x86, 0x43, 0x6A, 0x98, 0x5B, 0x0D, 0x23, 0x2C, 0xDC, 0x8C, 0x0A, 0x20, 0x6F, 0x83, 0x1D, 0x3C, 0x03, 0x4B, 0xB8, 0x24, 0xAD, 0xE7, 0xF5, 0xA8, 0x36, 0x64, 0x91, 0xCA, 0x37, 0x40, 0xB9 },
+    { 0x57, 0xA9, 0x40, 0xC6, 0x70, 0xA2, 0x63, 0x2D, 0x64, 0x1F, 0xB6, 0x65, 0xC8, 0x69, 0xAD, 0x4D, 0x6D, 0x2B, 0x6A, 0xBB, 0xBB, 0xA1, 0xCD, 0xC9, 0x7A, 0x6F, 0xAD, 0xFC, 0x1C, 0x7A, 0x4C, 0xB2 },
+    { 0x11, 0x2E, 0x5A, 0xA2, 0x6B, 0x25, 0x9A, 0xC2, 0x6B, 0xA3, 0xFC, 0x37, 0x79, 0x85, 0x62, 0xAA, 0xCE, 0xAD, 0x69, 0x33, 0x5E, 0x4F, 0xFD, 0x31, 0xE4, 0x4E, 0xC4, 0x30, 0x3A, 0xB4, 0x21, 0x95 },
+    { 0xC1, 0x07, 0x61, 0xA7, 0xB5, 0x36, 0x58, 0xA4, 0xF6, 0x04, 0x5B, 0x46, 0x23, 0xBC, 0x67, 0xCC, 0xA8, 0x63, 0x49, 0xD1, 0xE6, 0x4A, 0x8C, 0xDD, 0x1E, 0x06, 0x58, 0xB5, 0x2E, 0x68, 0xC4, 0x3C },
+    { 0xFB, 0x1A, 0xBE, 0xAE, 0xF4, 0xC3, 0x87, 0xB1, 0xBD, 0xEA, 0xB2, 0xD5, 0x80, 0x7D, 0xE7, 0xEA, 0xF5, 0xD0, 0x99, 0x79, 0xE7, 0xE6, 0xE1, 0x91, 0xC1, 0xE0, 0xF3, 0x17, 0x5D, 0xCD, 0xE8, 0x54 },
+    { 0xB1, 0xDA, 0x70, 0x53, 0x30, 0x5B, 0xBE, 0xC1, 0xE2, 0x49, 0x08, 0x40, 0x70, 0x3D, 0x0C, 0x86, 0xD3, 0x78, 0xB3, 0xEA, 0x2A, 0xD4, 0x96, 0x9A, 0x9F, 0x2D, 0x3B, 0xD2, 0x90, 0xAB, 0x44, 0x8D },
+    { 0x65, 0x71, 0xB9, 0xD4, 0xA7, 0xCA, 0xE6, 0x47, 0x5A, 0x72, 0x0C, 0xCA, 0xB5, 0x60, 0x76, 0x72, 0x53, 0xF2, 0x9D, 0x55, 0x7D, 0x09, 0x3A, 0x33, 0x86, 0x80, 0x37, 0xD7, 0xB8, 0x5A, 0x61, 0xFF },
+    { 0x8C, 0x78, 0x68, 0x44, 0xE0, 0xA1, 0x22, 0x1F, 0x10, 0xB4, 0xF6, 0x31, 0x70, 0xCB, 0xCA, 0xD9, 0xA6, 0xF7, 0x13, 0xA1, 0xE5, 0x59, 0x1A, 0x8C, 0x43, 0x6C, 0xE1, 0x9C, 0xFF, 0x41, 0x2B, 0xEA },
+    { 0x29, 0x0C, 0x0A, 0xE8, 0x50, 0x07, 0x81, 0xA6, 0xDE, 0x9B, 0x84, 0x2F, 0x95, 0x37, 0xAD, 0x8C, 0x08, 0xBC, 0x15, 0xDA, 0x55, 0x4A, 0x17, 0x03, 0xD0, 0xD6, 0x3C, 0x79, 0x75, 0x05, 0xB8, 0xA9 },
+    { 0x82, 0xA7, 0xE9, 0x11, 0x73, 0x83, 0x08, 0xFA, 0x27, 0xC9, 0x14, 0xC5, 0xFC, 0x7C, 0x46, 0x13, 0xBD, 0x0D, 0x10, 0x1A, 0xE2, 0xE2, 0x02, 0xFC, 0x65, 0x4D, 0x60, 0xFD, 0xDF, 0x18, 0xB7, 0x19 },
+    { 0xE2, 0x6F, 0x35, 0xAE, 0x70, 0x5E, 0xDC, 0x6B, 0x74, 0x2A, 0x2F, 0x90, 0xE1, 0x96, 0xDB, 0x9B, 0x4B, 0xE4, 0x58, 0x56, 0x24, 0x52, 0x50, 0xCB, 0xBD, 0x1C, 0x9F, 0x13, 0x14, 0x2A, 0x27, 0xB5 },
+    { 0x01, 0xE0, 0x4E, 0x47, 0x53, 0x05, 0xE6, 0x76, 0x28, 0x75, 0xE7, 0xFB, 0xDD, 0x84, 0xDF, 0x34, 0x72, 0xC1, 0x31, 0xA4, 0x8C, 0x41, 0x71, 0x17, 0x1A, 0x0C, 0x00, 0x01, 0x15, 0x57, 0x76, 0x56 },
+    { 0x41, 0x60, 0xE3, 0xA5, 0x9D, 0x0F, 0xD0, 0x59, 0xCF, 0x97, 0x5E, 0x95, 0xD4, 0x12, 0x7C, 0x1E, 0x92, 0xAF, 0x1B, 0x7B, 0xD0, 0x5D, 0x6E, 0x85, 0xDA, 0x9C, 0x25, 0xF9, 0xEF, 0xC3, 0xE1, 0x09 },
+    { 0x34, 0xAF, 0xB8, 0x89, 0x7C, 0xDC, 0xCE, 0xC7, 0xEE, 0x5F, 0xFE, 0x17, 0x49, 0x19, 0xAC, 0x14, 0xF7, 0x32, 0x96, 0xC3, 0x63, 0x53, 0xB6, 0x15, 0x5B, 0x47, 0x0D, 0xAE, 0xD8, 0xB3, 0xDE, 0x4C },
+    { 0x3F, 0x6A, 0xD7, 0x67, 0x75, 0x1C, 0xAD, 0x4F, 0xCE, 0x71, 0xEF, 0x63, 0x9D, 0x14, 0x3F, 0x4E, 0x33, 0x98, 0xB2, 0x8F, 0xA8, 0x00, 0x45, 0xEA, 0xAB, 0x61, 0xAC, 0x15, 0xDF, 0x42, 0x81, 0x5D },
+    { 0x2F, 0x58, 0xDF, 0x23, 0x0D, 0xB1, 0xF6, 0x94, 0x42, 0xD5, 0x32, 0x3C, 0x1F, 0x23, 0x5C, 0x1E, 0xD7, 0x91, 0x2C, 0xA6, 0x18, 0xA7, 0xA9, 0x02, 0xF4, 0xA5, 0x5F, 0x10, 0xA1, 0xCA, 0xBE, 0xEB },
+    { 0xF7, 0x3C, 0xBC, 0xAF, 0x05, 0xA2, 0xD6, 0x99, 0xA8, 0x99, 0x80, 0xF2, 0x33, 0xC1, 0xE5, 0x57, 0x2C, 0xC1, 0x5B, 0xC9, 0x38, 0x29, 0xD7, 0xB5, 0xEA, 0x13, 0x88, 0x02, 0xBA, 0x6C, 0x17, 0x98 },
+    { 0x3A, 0x6E, 0xA4, 0xE4, 0x1E, 0xA5, 0x82, 0x6B, 0x89, 0x38, 0xE4, 0xC8, 0xB7, 0xAD, 0xD8, 0x9D, 0xAC, 0x7B, 0x53, 0x36, 0x80, 0x26, 0x30, 0x9F, 0x56, 0xC7, 0xBE, 0xC5, 0xFF, 0xB1, 0xA7, 0x3C },
+    { 0x4F, 0xE7, 0x21, 0x18, 0x94, 0x91, 0x3B, 0xBE, 0x8A, 0x53, 0x8B, 0x3C, 0x13, 0x25, 0x73, 0x1F, 0x81, 0xB5, 0xC1, 0x1A, 0xCA, 0x88, 0x91, 0xEE, 0x58, 0x1E, 0x01, 0x6A, 0x8A, 0xD8, 0xCD, 0x1B },
+    { 0xDE, 0xCD, 0x5F, 0xC5, 0x6B, 0x2B, 0xC1, 0x8C, 0xE0, 0x54, 0x9C, 0x93, 0xD3, 0x08, 0x0C, 0x28, 0x27, 0xF2, 0x86, 0xD2, 0x8D, 0xB5, 0x57, 0x31, 0x81, 0x3C, 0xF0, 0x47, 0x3B, 0x07, 0x18, 0x00 },
+    { 0xDC, 0x87, 0xFC, 0x15, 0x68, 0xA9, 0xB7, 0x54, 0x0F, 0x23, 0xAA, 0x5D, 0x07, 0xE0, 0xE1, 0x98, 0x11, 0x02, 0x01, 0x81, 0x01, 0x6B, 0xEA, 0x85, 0x51, 0xF8, 0xBC, 0x20, 0x62, 0x83, 0xCA, 0x69 },
+    { 0x77, 0x8F, 0xB6, 0x71, 0x07, 0x64, 0x54, 0xB0, 0x1E, 0xA2, 0xD0, 0x8F, 0xA7, 0xF0, 0x48, 0x29, 0x6A, 0xCC, 0xD9, 0xA5, 0x38, 0x1D, 0xEB, 0xFE, 0xCC, 0x28, 0xBE, 0x9D, 0x48, 0x9F, 0x33, 0x51 },
+    { 0xA1, 0x33, 0x20, 0xDD, 0x31, 0x37, 0x5D, 0x81, 0x90, 0xD1, 0x3D, 0x18, 0xB1, 0x58, 0xFD, 0x73, 0x2E, 0xD4, 0x43, 0x2F, 0x69, 0x2B, 0xFE, 0x01, 0x85, 0xFD, 0xD5, 0x47, 0x84, 0xD4, 0xA5, 0xA1 },
+    { 0x96, 0x6C, 0xC6, 0x9E, 0x6B, 0x8B, 0xFF, 0x69, 0x1B, 0xA4, 0x73, 0x6D, 0x29, 0x34, 0x41, 0x92, 0xE4, 0x5D, 0x42, 0xFE, 0xCB, 0xAC, 0xAE, 0xDA, 0xD3, 0x14, 0x69, 0x82, 0xF6, 0x4E, 0xA1, 0x62 },
+    { 0xC4, 0x43, 0xF9, 0x35, 0xD2, 0x7A, 0x1B, 0x5B, 0x28, 0x28, 0x54, 0x30, 0xB4, 0xFE, 0xA1, 0x32, 0xD7, 0x84, 0x8F, 0xAD, 0xD6, 0xF3, 0xA2, 0xB4, 0xB9, 0x57, 0xBC, 0xBB, 0x04, 0xFD, 0x65, 0xE6 },
+    { 0x25, 0x30, 0xDB, 0x7B, 0x84, 0xBA, 0x64, 0x33, 0xF6, 0x7D, 0xE0, 0xCB, 0x2F, 0x68, 0x5D, 0x84, 0x12, 0x4E, 0xB0, 0xB9, 0x2E, 0xC2, 0xD9, 0xB5, 0x41, 0xF4, 0x4D, 0x9C, 0x53, 0x98, 0x6E, 0x50 },
+    { 0x60, 0x07, 0xC2, 0xFA, 0xA0, 0xEA, 0xC7, 0x95, 0x53, 0x8C, 0x21, 0x7D, 0xBC, 0x84, 0x40, 0xFD, 0x10, 0xEB, 0x83, 0x5C, 0x24, 0xB2, 0x05, 0x38, 0xE3, 0x3B, 0xEF, 0xA9, 0x22, 0x6E, 0xB1, 0x9F },
+    { 0x71, 0xE0, 0x33, 0x92, 0xEC, 0x64, 0x54, 0xE9, 0x27, 0x49, 0x81, 0x3B, 0x01, 0xFE, 0xC4, 0xA0, 0x53, 0x29, 0x4C, 0x0E, 0x14, 0x25, 0x57, 0x4E, 0x07, 0x4F, 0xAF, 0x17, 0x1F, 0x4C, 0x30, 0x8E },
+    { 0xED, 0x35, 0xF8, 0x99, 0x66, 0xCB, 0x70, 0x85, 0x5B, 0xE4, 0xAC, 0xEF, 0x04, 0x88, 0xE6, 0xAE, 0xFF, 0x9A, 0x1E, 0x28, 0x7B, 0xC0, 0x17, 0x7F, 0xE5, 0x0F, 0x09, 0xB5, 0xB3, 0x9F, 0xE3, 0x30 },
+    { 0x3B, 0xF8, 0xD0, 0xFA, 0xBE, 0x8B, 0x4C, 0x7D, 0x3A, 0xCC, 0xE5, 0x02, 0x61, 0xDB, 0xFA, 0xF1, 0x90, 0x4C, 0x1C, 0x99, 0xC0, 0xF4, 0x13, 0x55, 0x16, 0xD1, 0xE7, 0x19, 0xB6, 0x8F, 0x4A, 0x5D },
+    { 0x28, 0xDE, 0x79, 0x2D, 0x17, 0x83, 0x69, 0x7A, 0xC8, 0x68, 0xB7, 0xE1, 0x7F, 0xAF, 0x5F, 0x0E, 0x60, 0x3D, 0x8A, 0x32, 0x8B, 0x79, 0x02, 0x08, 0x2E, 0x13, 0xFF, 0xB0, 0xED, 0xAD, 0x6A, 0x9C },
+    { 0xFB, 0x3D, 0x2E, 0x41, 0x78, 0xFC, 0x44, 0x68, 0x31, 0x9C, 0x13, 0x09, 0xB8, 0x11, 0x1C, 0x59, 0x86, 0x71, 0xEE, 0xAE, 0xA8, 0xB9, 0x3A, 0xB2, 0xA6, 0xBB, 0x9E, 0xBB, 0x2F, 0xF9, 0x4B, 0x16 },
+    { 0x82, 0x88, 0x77, 0x99, 0x15, 0x90, 0x57, 0x55, 0x1B, 0x39, 0x57, 0xB1, 0xE9, 0xFB, 0x62, 0xC6, 0x7E, 0xEB, 0xEF, 0x8D, 0x73, 0xD9, 0x11, 0x3C, 0xC3, 0xF9, 0x4E, 0x24, 0x9C, 0x4A, 0x3E, 0x68 },
+    { 0x52, 0x69, 0x67, 0x85, 0x61, 0xEA, 0x36, 0x60, 0xE0, 0x03, 0xBB, 0xC8, 0xF8, 0x3D, 0xBE, 0x81, 0xF7, 0x3C, 0xDB, 0x8A, 0xE1, 0x54, 0x57, 0x7C, 0xF1, 0xFA, 0x83, 0x35, 0xD6, 0x17, 0xE2, 0xE0 },
+    { 0x85, 0x41, 0x14, 0x2E, 0x6C, 0x8A, 0xF9, 0x23, 0xC1, 0xB0, 0x32, 0x75, 0xCC, 0xBB, 0x80, 0x92, 0x0C, 0xAD, 0xE0, 0xB8, 0xD0, 0x97, 0xF4, 0x00, 0x50, 0x91, 0x46, 0xE8, 0xD9, 0x16, 0x13, 0x11 },
+    { 0x64, 0xEE, 0x48, 0x21, 0x73, 0xDA, 0x94, 0x17, 0x5C, 0x4C, 0xCE, 0xF6, 0x3A, 0xC3, 0x21, 0x2B, 0x87, 0xA5, 0x5F, 0x68, 0xAE, 0x8D, 0x82, 0xD4, 0x94, 0xC0, 0x0C, 0xBA, 0x6F, 0x30, 0x04, 0x87 },
+    { 0x6B, 0xCE, 0x16, 0x3D, 0x93, 0x2A, 0xE9, 0x2C, 0x68, 0xE6, 0xAA, 0xB9, 0xF8, 0xBC, 0x82, 0x64, 0x25, 0x9E, 0x35, 0x17, 0x52, 0xDE, 0xF6, 0x39, 0xB2, 0xA9, 0x6A, 0x20, 0xCB, 0x18, 0x0C, 0xB2 },
+    { 0x60, 0xCE, 0xF6, 0xA8, 0xD7, 0x86, 0xD6, 0x5D, 0x5B, 0x95, 0x61, 0x1B, 0x94, 0x32, 0xC6, 0x3D, 0x87, 0x59, 0xA7, 0x2A, 0x66, 0xB9, 0xD6, 0xFD, 0x4F, 0x12, 0xF4, 0x3F, 0x5B, 0xAA, 0x8D, 0xED },
+    { 0xE3, 0x59, 0xCC, 0x48, 0x22, 0xEB, 0x67, 0x4D, 0x2F, 0xF8, 0x89, 0x7D, 0xB2, 0x93, 0x0F, 0x99, 0x98, 0x57, 0xA8, 0xC5, 0xA1, 0x6C, 0x37, 0x49, 0xC6, 0x32, 0xF0, 0x75, 0x09, 0x0F, 0x66, 0x9C },
+    { 0x12, 0xA9, 0xE4, 0xFC, 0x96, 0xD0, 0xE5, 0x51, 0x69, 0xB3, 0xAA, 0xAE, 0xF9, 0x42, 0x2A, 0xAE, 0x7B, 0xD8, 0x9C, 0x91, 0xDE, 0x58, 0xEE, 0x0A, 0x97, 0xAD, 0x22, 0xD3, 0xD4, 0xCC, 0x6B, 0x96 },
+    { 0x59, 0x28, 0x19, 0x91, 0xE7, 0x2B, 0xA5, 0xE1, 0xD0, 0x1B, 0x76, 0x17, 0xEE, 0x89, 0xEA, 0xAE, 0x1C, 0x2D, 0xD0, 0x1A, 0x5A, 0xC3, 0x72, 0xD2, 0x3D, 0x01, 0x47, 0xE2, 0x62, 0xCB, 0x00, 0x3D },
+    { 0x13, 0x71, 0x77, 0x28, 0xC1, 0xEF, 0xF4, 0xF0, 0x36, 0x93, 0xC0, 0x39, 0xB8, 0xDF, 0x71, 0x99, 0x00, 0xD9, 0x97, 0x5F, 0x1F, 0x78, 0xD8, 0x90, 0xE5, 0x63, 0x43, 0x5F, 0x5C, 0xF4, 0x9D, 0x2E },
+    { 0xFD, 0x1C, 0xA3, 0x7D, 0x48, 0x7D, 0x27, 0xF4, 0xA9, 0xDD, 0x8F, 0x79, 0x1E, 0x03, 0x9E, 0xAF, 0x08, 0xF1, 0xA1, 0x97, 0xDD, 0x19, 0x77, 0x16, 0xE5, 0xF7, 0x9B, 0x79, 0xA8, 0x1F, 0x0C, 0x6B },
+    { 0x38, 0x2F, 0x6D, 0x5D, 0xF2, 0x76, 0xC2, 0x92, 0x1E, 0xE6, 0xEF, 0x39, 0x19, 0x37, 0x15, 0xA8, 0xAB, 0x92, 0x23, 0xD2, 0x99, 0x43, 0xC9, 0xC4, 0xCA, 0x8C, 0xE7, 0x83, 0xC5, 0xDB, 0x9C, 0xD7 },
+    { 0xDA, 0x80, 0x3C, 0x5D, 0x63, 0xF4, 0x8F, 0xAA, 0x1A, 0x4D, 0x0D, 0x16, 0xFE, 0xE5, 0x5E, 0x39, 0xD0, 0x7C, 0x06, 0xF6, 0x0A, 0xE7, 0x60, 0xE4, 0x43, 0x4C, 0x92, 0x2F, 0xF4, 0xD7, 0xE5, 0x22 },
+    { 0xE5, 0x0A, 0xBB, 0xD9, 0xA6, 0xF1, 0x83, 0x48, 0xBC, 0xDA, 0xFB, 0x69, 0x89, 0x33, 0x29, 0xCD, 0x01, 0x8D, 0xBA, 0xAC, 0x31, 0xE8, 0xB5, 0x25, 0xEB, 0xA6, 0xA3, 0xC0, 0x3C, 0xCB, 0x04, 0x88 },
+    { 0x2D, 0xA8, 0x3F, 0xC0, 0x27, 0x7C, 0x4B, 0x15, 0xD6, 0x94, 0x2A, 0x30, 0x67, 0x3D, 0x1E, 0x45, 0x3E, 0x92, 0x67, 0xF9, 0x8F, 0xA1, 0x2F, 0x70, 0x07, 0x21, 0xFE, 0x29, 0x80, 0x5B, 0x9B, 0x8C },
+    { 0x78, 0x79, 0xE3, 0xA3, 0x1B, 0x70, 0xFB, 0x4F, 0x8B, 0xD4, 0x34, 0x2E, 0x36, 0xEA, 0x71, 0x0C, 0x7B, 0x85, 0xC4, 0x3D, 0xAC, 0xC2, 0x79, 0xF3, 0xDE, 0xA5, 0x51, 0x98, 0x2E, 0xA3, 0xFF, 0x2F },
+    { 0x78, 0xA1, 0xBC, 0x06, 0x27, 0x6F, 0x73, 0x40, 0x7C, 0xBB, 0xF7, 0x64, 0xFD, 0x25, 0x15, 0x63, 0x8C, 0x31, 0x65, 0xA7, 0x55, 0xC4, 0x15, 0xB5, 0x3D, 0x50, 0x6D, 0x64, 0x28, 0x22, 0x4E, 0xF8 },
+    { 0xA5, 0x3B, 0x7E, 0x27, 0xD9, 0xC7, 0x34, 0xF1, 0x25, 0x30, 0x7B, 0x62, 0x14, 0xDB, 0x67, 0x36, 0x5A, 0xC9, 0x4C, 0x71, 0xCF, 0xAD, 0x88, 0x30, 0xB5, 0x39, 0x91, 0x79, 0xF7, 0xE4, 0x43, 0xB2 },
+    { 0xD0, 0x88, 0x27, 0x8A, 0xBD, 0x0B, 0x97, 0xDC, 0xE3, 0xFB, 0x65, 0x28, 0x0E, 0x44, 0x6B, 0x6C, 0x79, 0xB6, 0x67, 0xFD, 0xA2, 0xDB, 0x3F, 0xB2, 0xC9, 0xB4, 0xE7, 0x7E, 0x5D, 0xBF, 0xC0, 0x7B },
+    { 0x56, 0x40, 0xBD, 0x29, 0x4E, 0xAA, 0x0A, 0xA2, 0x75, 0x23, 0x3B, 0x3A, 0xB7, 0xF0, 0x01, 0xDF, 0x5D, 0x02, 0x59, 0x8D, 0x7E, 0x5E, 0x10, 0x15, 0x9D, 0x1C, 0x1A, 0x2F, 0xC6, 0xB5, 0xAB, 0x35 },
+    { 0x39, 0x0C, 0x40, 0x02, 0xBD, 0xA1, 0xC9, 0xD6, 0x09, 0x60, 0xAF, 0xDC, 0xEC, 0x6B, 0xED, 0xA7, 0x41, 0x99, 0x6E, 0x23, 0xD9, 0xF7, 0x13, 0x94, 0x0B, 0xBE, 0xDA, 0x18, 0x8A, 0xA4, 0x47, 0x73 },
+    { 0xF5, 0x24, 0x16, 0x61, 0x22, 0xF5, 0x14, 0xEB, 0xD8, 0xD4, 0x59, 0x16, 0x18, 0xFF, 0xDC, 0x07, 0x46, 0x0A, 0xBA, 0x3E, 0x9C, 0x56, 0x56, 0x84, 0xBC, 0xB3, 0x83, 0xB3, 0x2E, 0x86, 0x54, 0x49 },
+    { 0xCE, 0x69, 0x91, 0x18, 0x46, 0x61, 0x3F, 0x25, 0x77, 0x1E, 0x09, 0xF6, 0x4D, 0xBD, 0x85, 0x8F, 0x47, 0xC8, 0xE6, 0x42, 0x7D, 0x2F, 0xF7, 0x95, 0xD9, 0x5B, 0xDC, 0x2A, 0x29, 0xFD, 0xB0, 0xE4 },
+    { 0xB8, 0xEC, 0xB2, 0xC2, 0x09, 0x95, 0xA7, 0x8E, 0xFA, 0xC7, 0x08, 0x72, 0x77, 0xB2, 0x47, 0xF2, 0xDA, 0xD7, 0x89, 0xCA, 0x78, 0x5D, 0x06, 0x98, 0x26, 0xDA, 0x32, 0x24, 0xF7, 0xD7, 0xB1, 0x50 },
+    { 0x6A, 0x27, 0x48, 0x75, 0xF0, 0xB9, 0xF8, 0x7C, 0x30, 0x3F, 0xAD, 0x4D, 0x06, 0x87, 0xF9, 0x04, 0xF2, 0xD1, 0x21, 0x84, 0x29, 0xD1, 0x0E, 0x6B, 0xAE, 0x35, 0x79, 0x1D, 0xD8, 0xD0, 0xEE, 0x4E },
+    { 0xED, 0x16, 0xA3, 0xF0, 0x93, 0xC2, 0x0B, 0x13, 0xF6, 0xAD, 0x87, 0x70, 0xC7, 0x75, 0x78, 0xF4, 0xD8, 0x9C, 0xCC, 0xD9, 0x41, 0x19, 0x9E, 0x39, 0xE9, 0x13, 0x23, 0xE6, 0x98, 0xF6, 0x4B, 0x0D },
+    { 0x05, 0x9D, 0x75, 0x81, 0xC5, 0x07, 0x60, 0xEA, 0x6A, 0x51, 0x9A, 0xD3, 0x4B, 0x7C, 0x5F, 0x26, 0x29, 0x41, 0x4F, 0xBB, 0x4A, 0x42, 0x60, 0x83, 0x9A, 0xA1, 0x56, 0xF1, 0xDC, 0x92, 0x0D, 0xED },
+    { 0x00, 0x2E, 0xE2, 0x1B, 0x85, 0x15, 0x0D, 0x0B, 0x21, 0xBE, 0xA0, 0x8F, 0x41, 0xCF, 0xAA, 0xA4, 0xBD, 0x09, 0xDF, 0x2E, 0xFC, 0xF6, 0x13, 0x71, 0x8A, 0xE9, 0xF4, 0xB0, 0xB5, 0x75, 0x42, 0xD8 },
+    { 0x29, 0xC1, 0x19, 0xCE, 0x9A, 0x32, 0x92, 0xDB, 0x10, 0xC5, 0x63, 0x7B, 0xA5, 0x0A, 0x9F, 0x8D, 0x84, 0xB7, 0x51, 0x92, 0x4E, 0x37, 0x5B, 0x6E, 0x31, 0xC0, 0x21, 0x37, 0x27, 0x7D, 0x33, 0x7B },
+    { 0xB9, 0x56, 0x20, 0xF3, 0xA1, 0xBA, 0xA6, 0xB6, 0xCD, 0xE0, 0x6F, 0xF8, 0xB7, 0xCD, 0xEB, 0x24, 0x87, 0x79, 0x44, 0x5B, 0x9A, 0x2F, 0x7E, 0xBB, 0xDD, 0x98, 0x1A, 0x8F, 0x22, 0x71, 0x2D, 0xB2 },
+    { 0x5F, 0x49, 0xC7, 0x13, 0x1F, 0x96, 0xBA, 0x08, 0x52, 0x18, 0x0F, 0x5D, 0x53, 0x98, 0x5A, 0xF9, 0x1B, 0xB7, 0x3E, 0x66, 0x23, 0xB2, 0xE2, 0xE0, 0x31, 0x4C, 0x0E, 0x7F, 0x47, 0x56, 0x59, 0x99 },
+    { 0x7D, 0x87, 0xEC, 0x2F, 0x21, 0xEC, 0x8C, 0x59, 0xB5, 0xDF, 0xE9, 0x8D, 0xD4, 0x18, 0xF6, 0x94, 0x39, 0x5E, 0x3D, 0x95, 0x35, 0xB5, 0x7D, 0xB4, 0x49, 0x9A, 0x3D, 0xBD, 0x72, 0x2C, 0x55, 0x98 },
+    { 0x38, 0x20, 0x27, 0x3B, 0xFC, 0x97, 0xF7, 0x53, 0x69, 0xC0, 0xFC, 0x0D, 0x67, 0xF6, 0x3E, 0x00, 0xF9, 0xB4, 0x9D, 0x7E, 0x89, 0xA2, 0x9F, 0xA4, 0x87, 0xD6, 0x9A, 0x30, 0xBE, 0x09, 0x31, 0xE3 },
+    { 0x93, 0x49, 0xE7, 0x53, 0xB1, 0x66, 0x45, 0x1E, 0x6B, 0x84, 0x0B, 0x30, 0xFD, 0x50, 0x52, 0x72, 0x43, 0xC2, 0x6A, 0x1F, 0x93, 0xC6, 0xF6, 0x09, 0xA4, 0xFE, 0xE2, 0x4E, 0xB4, 0x4E, 0xD4, 0xF9 },
+    { 0xEF, 0x19, 0x4D, 0x2D, 0xEC, 0xD0, 0x8F, 0xF4, 0x2D, 0x99, 0x1F, 0x86, 0x29, 0x90, 0xD0, 0xA4, 0x70, 0xF6, 0xCF, 0x9B, 0x1D, 0x21, 0x25, 0xE1, 0xAD, 0xA0, 0x11, 0x40, 0x57, 0x57, 0xD3, 0x90 },
+    { 0xF3, 0xDA, 0xB8, 0xA0, 0xAA, 0xAD, 0xBA, 0xA6, 0xDD, 0x84, 0x45, 0xA8, 0xF3, 0xCE, 0x7B, 0x47, 0xFB, 0x2B, 0x77, 0x46, 0x20, 0xC8, 0x0C, 0x1F, 0xF2, 0x0A, 0x51, 0x83, 0x5A, 0xC9, 0x81, 0x08 },
+    { 0xE7, 0xA9, 0xFE, 0x61, 0xA0, 0xC2, 0x3F, 0x83, 0xF7, 0x6F, 0x75, 0x99, 0x83, 0x89, 0x1A, 0xAC, 0x43, 0xDF, 0xBF, 0x07, 0x86, 0x5E, 0xE2, 0x16, 0xD4, 0xAE, 0x14, 0x43, 0xBD, 0xE1, 0x8C, 0x3F },
+    { 0xBA, 0xD9, 0xC7, 0x03, 0x65, 0x45, 0xA6, 0xF6, 0xF3, 0x44, 0x77, 0x1B, 0x42, 0x03, 0x43, 0xB5, 0xB8, 0x93, 0xD3, 0x1B, 0xC7, 0x5D, 0xFC, 0xA2, 0xF7, 0x82, 0x3A, 0x58, 0xF7, 0xAA, 0xA8, 0x82 },
+    { 0x97, 0xCB, 0xCC, 0xDD, 0xE0, 0xB1, 0x82, 0x07, 0x2C, 0xCC, 0x23, 0xD0, 0x1C, 0xBD, 0x1A, 0x05, 0x2C, 0x86, 0x80, 0x1C, 0x1E, 0xF4, 0xFF, 0x3B, 0x8D, 0x49, 0x9E, 0x3B, 0x5B, 0x71, 0x27, 0x56 },
+    { 0xC0, 0x75, 0xB3, 0x96, 0x64, 0x96, 0x5E, 0xF5, 0xAB, 0x69, 0x2C, 0xE0, 0x29, 0x7D, 0x1B, 0xDD, 0xD4, 0xEB, 0x75, 0x8A, 0x4A, 0x48, 0xD8, 0xED, 0x90, 0xC1, 0xAA, 0x2C, 0x91, 0x02, 0xF0, 0xFC },
+    { 0x03, 0x2F, 0xFD, 0x51, 0x22, 0xAD, 0x94, 0xD2, 0x49, 0x80, 0x7D, 0xEA, 0xE0, 0x34, 0x11, 0x59, 0x12, 0xD7, 0xE3, 0xE6, 0x90, 0xCF, 0xCB, 0x92, 0x7E, 0x93, 0x4E, 0x3A, 0x69, 0xBE, 0xC2, 0xE4 },
+    { 0xC0, 0xEC, 0xAF, 0x87, 0x63, 0x21, 0x2D, 0xD6, 0xD0, 0x7E, 0x7E, 0x53, 0x06, 0x0E, 0x15, 0x44, 0x17, 0xD9, 0xF0, 0xF9, 0x6F, 0x8E, 0x86, 0xB3, 0x85, 0x3E, 0x15, 0x41, 0xC4, 0x34, 0x28, 0x97 },
+    { 0x4E, 0x5B, 0x1A, 0x12, 0x21, 0xBC, 0x72, 0xF7, 0x91, 0xE8, 0xB2, 0xDB, 0xFB, 0x7C, 0xA0, 0x19, 0x38, 0x62, 0x31, 0x09, 0x02, 0xBE, 0x3F, 0x3F, 0x7A, 0x65, 0x3A, 0xB6, 0xA6, 0xAC, 0x05, 0x88 },
+    { 0xA3, 0xAB, 0xFA, 0xD9, 0xB5, 0x32, 0xEA, 0x55, 0x24, 0xB5, 0xBF, 0x30, 0x57, 0x49, 0xFD, 0x25, 0x40, 0x77, 0x1C, 0xC3, 0x0C, 0x54, 0x84, 0x31, 0xAA, 0x71, 0xB4, 0x97, 0x3E, 0xDC, 0x22, 0x79 },
+    { 0x51, 0x1E, 0xEE, 0x62, 0xDF, 0xB8, 0xC4, 0xEB, 0x9B, 0x1A, 0x5D, 0x91, 0x60, 0xF6, 0x22, 0xCC, 0x62, 0xCD, 0x3A, 0xE9, 0x58, 0xF3, 0xF1, 0x57, 0x3F, 0x7C, 0x89, 0x13, 0x4D, 0x78, 0xAF, 0xEC },
+    { 0x4A, 0x1A, 0x5A, 0x44, 0xED, 0xD4, 0x9A, 0xB0, 0x80, 0x24, 0x2D, 0x23, 0x6F, 0x5D, 0x00, 0xD1, 0x57, 0x96, 0x9B, 0x9D, 0x91, 0xDD, 0xF5, 0x43, 0x75, 0xAE, 0x40, 0x66, 0x3F, 0x4A, 0x80, 0x4B },
+    { 0xF1, 0xA6, 0x40, 0x89, 0xEF, 0x90, 0x1A, 0xB7, 0xED, 0xF9, 0x47, 0x4F, 0x1C, 0x04, 0xD3, 0xFA, 0x6A, 0xC8, 0xFE, 0xD2, 0xD8, 0xBE, 0xDD, 0x45, 0xCB, 0xB6, 0x95, 0xC5, 0x6D, 0xEB, 0xA4, 0xFA },
+    { 0x21, 0xBE, 0xA3, 0x73, 0x80, 0x0B, 0x8A, 0xD6, 0xFB, 0x7B, 0xAD, 0x9D, 0x86, 0x05, 0x69, 0x2A, 0x73, 0x9A, 0x6D, 0x8B, 0x54, 0x52, 0x4C, 0x3C, 0xD9, 0x90, 0x83, 0xF4, 0x71, 0xCF, 0x46, 0x64 },
+    { 0xA8, 0x45, 0x63, 0x73, 0x57, 0xAF, 0xF2, 0x92, 0x6F, 0x34, 0x3A, 0x07, 0xF1, 0xC1, 0x3B, 0x3A, 0x6F, 0x07, 0x09, 0x60, 0xC0, 0x31, 0x89, 0xC7, 0xE5, 0xFC, 0x04, 0x84, 0x44, 0x85, 0x92, 0x4A },
+    { 0xF7, 0xC5, 0xEE, 0x43, 0xC5, 0x91, 0x22, 0x10, 0x8C, 0xB3, 0x7E, 0xA6, 0x72, 0x5F, 0x47, 0xFF, 0xB1, 0x5C, 0x40, 0x5F, 0xA1, 0xD6, 0x7D, 0xE1, 0xE9, 0x41, 0x1C, 0x4D, 0x13, 0xED, 0xFE, 0x41 },
+    { 0xAD, 0xA4, 0x96, 0xE2, 0xC0, 0xAD, 0xE8, 0x29, 0xF3, 0x78, 0x32, 0xA8, 0xBA, 0x34, 0xCF, 0x60, 0x59, 0xDF, 0xFB, 0xB3, 0xBE, 0xBA, 0x88, 0xCA, 0x5D, 0xED, 0x33, 0x63, 0x91, 0x4E, 0xA6, 0x9A },
+    { 0xA0, 0x23, 0xCD, 0x5A, 0x05, 0x47, 0x35, 0x45, 0x85, 0x73, 0x70, 0x1A, 0x96, 0x09, 0xC5, 0x4B, 0x01, 0xAA, 0xB0, 0xDA, 0x3A, 0x36, 0x5B, 0x39, 0xCA, 0x30, 0xB9, 0x72, 0xEA, 0xD1, 0x51, 0xA4 },
+    { 0x5A, 0x47, 0x4E, 0xAE, 0xEC, 0x52, 0xDF, 0xFB, 0x5A, 0xC1, 0x28, 0xA7, 0xE7, 0x21, 0xD6, 0xF7, 0x10, 0x2F, 0xCA, 0xEA, 0xC2, 0x3E, 0xA7, 0x22, 0x1C, 0xA0, 0x97, 0x29, 0xF4, 0xE6, 0x5B, 0xEF },
+    { 0xD5, 0xB5, 0xC5, 0x72, 0x83, 0xE6, 0x92, 0x31, 0x15, 0x5A, 0xCB, 0xDB, 0xF0, 0x2B, 0x20, 0x1C, 0xA6, 0x2E, 0xD9, 0x70, 0x85, 0x2A, 0x02, 0xB8, 0xE6, 0x4E, 0x4F, 0x0B, 0x51, 0x68, 0xAC, 0xB4 },
+    { 0xE7, 0x72, 0x38, 0xF4, 0x71, 0xC7, 0xDC, 0xFB, 0xA6, 0x95, 0xCC, 0x26, 0x6D, 0xD0, 0x5D, 0x34, 0x44, 0xFE, 0x10, 0x7F, 0xB5, 0xAA, 0x22, 0xC2, 0x35, 0x01, 0xE4, 0x7C, 0x1F, 0xD7, 0xFA, 0x52 },
+    { 0xD3, 0x7F, 0x01, 0x3A, 0x46, 0x6A, 0xCD, 0xDA, 0x63, 0xD6, 0x5C, 0xBE, 0x94, 0x90, 0xB0, 0x51, 0xC6, 0x83, 0x96, 0x20, 0xB7, 0xCB, 0xE8, 0x13, 0xFF, 0x3A, 0x93, 0xA3, 0x50, 0x70, 0x9C, 0xE2 },
+    { 0x74, 0xD4, 0x34, 0xE1, 0xDC, 0x0F, 0x06, 0xA4, 0xF4, 0xD6, 0x9B, 0x0C, 0x0E, 0xED, 0x0D, 0x35, 0x90, 0x25, 0xEF, 0x65, 0xAF, 0x3D, 0x4A, 0x07, 0xCD, 0x1B, 0x5D, 0xA6, 0x7F, 0x69, 0x32, 0xB5 },
+    { 0xAF, 0x64, 0xAB, 0x63, 0x65, 0x9F, 0xB0, 0x0F, 0xCA, 0x80, 0x26, 0xC5, 0xEA, 0xE9, 0x71, 0x8E, 0x6D, 0x38, 0xC3, 0xE9, 0xD9, 0x5E, 0x28, 0x97, 0x27, 0xF3, 0xC6, 0x06, 0x41, 0xC2, 0xB7, 0x4F },
+    { 0x34, 0x05, 0x09, 0x1C, 0x99, 0xE9, 0xE0, 0xF2, 0x31, 0xC0, 0x69, 0x4D, 0x81, 0xA8, 0x3C, 0x9C, 0x3D, 0xDD, 0x42, 0xAF, 0x12, 0x94, 0xC6, 0x8D, 0x26, 0x73, 0x96, 0xA1, 0x13, 0xC3, 0xE0, 0x34 },
+    { 0x13, 0x44, 0xB2, 0x02, 0x24, 0xD7, 0x80, 0xA3, 0xD4, 0xA4, 0xEF, 0x24, 0xE3, 0xFA, 0xA3, 0x7C, 0x28, 0x0C, 0xAC, 0x88, 0x7F, 0x9D, 0x9C, 0x67, 0x8D, 0x27, 0x36, 0x43, 0x70, 0x46, 0xF5, 0xDA },
+    { 0x93, 0xA0, 0x99, 0xD3, 0x23, 0xA3, 0xE1, 0xAF, 0xDF, 0x6C, 0x6C, 0x03, 0x4E, 0x9D, 0x09, 0x8B, 0xF6, 0xB1, 0xC5, 0xFF, 0x24, 0x8D, 0x3A, 0x2F, 0xF2, 0xF1, 0x62, 0xD0, 0xAD, 0xDD, 0x29, 0x2A },
+    { 0xF2, 0xD4, 0xF9, 0xCC, 0xCF, 0x06, 0x5D, 0x98, 0xAD, 0xEC, 0xE9, 0x2D, 0x60, 0x32, 0xB0, 0x3B, 0x55, 0x0D, 0xF4, 0x15, 0x96, 0x3F, 0xAF, 0x58, 0xA7, 0x14, 0x90, 0x48, 0x64, 0x70, 0xA5, 0xCB },
+    { 0xC0, 0xED, 0xCB, 0xEC, 0x75, 0xCF, 0xEC, 0xDD, 0x76, 0xF9, 0x4B, 0xFD, 0xFC, 0xFF, 0x00, 0x34, 0x04, 0x63, 0x85, 0x3F, 0x33, 0x59, 0x92, 0xC7, 0xCB, 0x75, 0x14, 0x6C, 0x53, 0x57, 0xD6, 0x78 },
+    { 0x01, 0x18, 0x45, 0x64, 0xCE, 0x92, 0xF8, 0x98, 0x7A, 0x61, 0x2A, 0x97, 0x6F, 0x16, 0xCF, 0xB2, 0x3F, 0x0F, 0x85, 0x18, 0x80, 0xEC, 0xE4, 0x09, 0xF4, 0x51, 0xD6, 0x09, 0x94, 0xA5, 0xAE, 0x05 },
+    { 0x06, 0x95, 0xC3, 0x96, 0xD8, 0x92, 0xF5, 0xFF, 0x33, 0x43, 0x36, 0xDB, 0xE7, 0x7D, 0x06, 0x89, 0xAB, 0xDB, 0x58, 0x3D, 0x18, 0x57, 0xF5, 0xCE, 0x5D, 0x10, 0x4D, 0x92, 0x62, 0x66, 0x26, 0x3B },
+    { 0xB1, 0x9F, 0xB8, 0x14, 0xC4, 0xBF, 0xCC, 0xA2, 0x79, 0x14, 0xDD, 0x9B, 0xFD, 0x7F, 0x96, 0x04, 0x62, 0xCE, 0xE9, 0x0C, 0xE0, 0xC7, 0xC9, 0x2E, 0x1C, 0x7D, 0xFE, 0xA2, 0xE8, 0x4B, 0x36, 0xD4 },
+    { 0x17, 0x8A, 0x79, 0x38, 0xD9, 0x6D, 0x88, 0x62, 0x36, 0xCC, 0x20, 0x0F, 0xA8, 0x1E, 0x33, 0xC5, 0xFF, 0x53, 0xD2, 0xDC, 0x49, 0xCD, 0xA9, 0xD4, 0x84, 0x17, 0x68, 0xC5, 0xD9, 0x63, 0xA1, 0xF0 },
+    { 0x19, 0x8D, 0xC0, 0x16, 0x39, 0x9E, 0xDB, 0xA3, 0xD3, 0xE6, 0x34, 0x03, 0xB2, 0x10, 0xD0, 0xCC, 0x49, 0xD7, 0xE1, 0x49, 0xEE, 0x41, 0xF3, 0x10, 0xBA, 0x02, 0xEB, 0x08, 0x8E, 0x24, 0x65, 0x04 },
+    { 0x80, 0xBA, 0xA1, 0xDC, 0x93, 0xB6, 0xAF, 0xC2, 0x78, 0x3A, 0x4B, 0xF8, 0xA8, 0x23, 0x05, 0x10, 0xD9, 0xFF, 0xA6, 0x71, 0x27, 0x6C, 0x42, 0x36, 0xC4, 0x4E, 0x17, 0xFF, 0xDD, 0xCC, 0x37, 0xE6 },
+    { 0x1C, 0xA8, 0x4D, 0x79, 0xAC, 0x11, 0x00, 0x58, 0xAC, 0x53, 0x8A, 0xAF, 0xA2, 0x88, 0x06, 0xDB, 0x42, 0xDF, 0x2F, 0x41, 0x9F, 0x10, 0x4E, 0xE3, 0xA1, 0xFB, 0x53, 0xA2, 0xF6, 0xA6, 0x8C, 0xB7 },
+    { 0x2F, 0xB6, 0xDE, 0x6F, 0xB2, 0x87, 0xCC, 0xD3, 0x01, 0xC7, 0x70, 0xA0, 0x3B, 0xC7, 0xB7, 0x76, 0xFD, 0x4A, 0xE7, 0xAB, 0x2E, 0xA6, 0x0A, 0xDE, 0xFA, 0xD6, 0x74, 0x83, 0x09, 0x1E, 0x6D, 0x7D },
+    { 0x42, 0xF7, 0x0D, 0x4B, 0x7C, 0x9C, 0x8B, 0xE8, 0x7B, 0xD2, 0x3A, 0x86, 0x9C, 0x28, 0x64, 0x60, 0xA2, 0x2C, 0xC4, 0xC4, 0xEE, 0xD6, 0xC2, 0x92, 0xF0, 0x09, 0xE3, 0x53, 0x67, 0x30, 0xDB, 0xC5 },
+    { 0x21, 0x3D, 0xB6, 0x97, 0x6F, 0xD4, 0xBA, 0x50, 0x55, 0x32, 0x23, 0x38, 0x5F, 0x95, 0x89, 0x51, 0x22, 0x9B, 0x3A, 0xA2, 0xEC, 0xFE, 0xCE, 0x62, 0x97, 0xC5, 0xD4, 0xDC, 0x4C, 0x2E, 0x1A, 0x10 },
+    { 0xB6, 0xAC, 0x86, 0x63, 0x32, 0xF2, 0x52, 0x93, 0xCA, 0x12, 0x76, 0x61, 0x97, 0x8E, 0xFF, 0x79, 0x7E, 0x70, 0x70, 0x09, 0x2E, 0x31, 0x3E, 0xC3, 0x77, 0x79, 0xB4, 0x25, 0x52, 0xAA, 0x9F, 0xA6 },
+    { 0x2C, 0x5C, 0x2C, 0x25, 0xE1, 0xB1, 0x75, 0x99, 0x6B, 0x51, 0x4C, 0x2B, 0x0E, 0xB8, 0x95, 0x9B, 0x2D, 0x0A, 0x07, 0x46, 0x4C, 0x82, 0x4B, 0x4C, 0xE5, 0xDC, 0x4B, 0x98, 0x57, 0xE6, 0xAA, 0x39 },
+    { 0x5F, 0x3A, 0xC8, 0x00, 0xBB, 0x46, 0x00, 0xAF, 0x6F, 0x30, 0xC6, 0xF7, 0x21, 0x8F, 0x9C, 0xF4, 0x5B, 0x28, 0x8E, 0xFA, 0x19, 0xC9, 0xAC, 0x21, 0x6A, 0x47, 0x0A, 0x9F, 0x6D, 0x38, 0xEF, 0x63 },
+    { 0x48, 0xB7, 0xD5, 0xF4, 0xFD, 0x19, 0x30, 0x86, 0x9C, 0x88, 0x8C, 0x01, 0xD8, 0xEC, 0x53, 0xB3, 0xEE, 0x04, 0xB3, 0xAB, 0x9E, 0xD1, 0x93, 0x7C, 0xA6, 0xE7, 0x10, 0x44, 0x1B, 0xAE, 0x3A, 0xB0 },
+    { 0x09, 0x02, 0xCF, 0xCE, 0x0A, 0xBC, 0x9D, 0x25, 0xC2, 0x8E, 0x59, 0x35, 0x83, 0x30, 0x15, 0x06, 0xAE, 0x48, 0xBE, 0x8C, 0x5F, 0x8D, 0xBA, 0x94, 0x93, 0xBB, 0xF0, 0x54, 0x3F, 0xAC, 0x78, 0x90 },
+    { 0x9C, 0x2F, 0x86, 0xED, 0xD2, 0xA8, 0x5D, 0x66, 0xCD, 0x07, 0xA1, 0xA3, 0x44, 0x4C, 0x8E, 0x73, 0x2B, 0x2F, 0x71, 0xCD, 0x54, 0xE2, 0x37, 0x99, 0x77, 0xD5, 0xA6, 0x88, 0xFA, 0x5F, 0xEB, 0xBC },
+    { 0x91, 0x7B, 0x16, 0xDD, 0x9A, 0x2E, 0x69, 0xF7, 0xF5, 0x3C, 0xE2, 0x90, 0xEF, 0x00, 0x27, 0xB7, 0xAC, 0x08, 0xBC, 0x04, 0x6D, 0x5E, 0x58, 0x43, 0x94, 0xE4, 0x4A, 0x5A, 0xD6, 0x38, 0xB0, 0xE1 },
+    { 0xF2, 0xDE, 0xB9, 0x33, 0x62, 0xBA, 0xDB, 0x31, 0x30, 0x53, 0x9C, 0xB4, 0x75, 0xF5, 0x17, 0xF1, 0xE7, 0x6A, 0x6C, 0xE7, 0x9B, 0x2D, 0xD8, 0x39, 0x0E, 0xFE, 0x40, 0x95, 0x7F, 0xC4, 0xAD, 0xC7 },
+    { 0x52, 0xF6, 0x69, 0x17, 0x58, 0x18, 0x2C, 0xD7, 0x75, 0x0B, 0x6B, 0x62, 0xF1, 0x82, 0x97, 0x1B, 0x61, 0xF7, 0xF3, 0x79, 0x98, 0xB8, 0x78, 0x00, 0x16, 0x2D, 0xD6, 0x1D, 0x38, 0x15, 0xC8, 0x98 },
+    { 0x60, 0x57, 0x5C, 0x1B, 0xF9, 0xBD, 0x7F, 0xD5, 0x89, 0x5D, 0xBB, 0x8E, 0xDB, 0xC4, 0xDD, 0xFE, 0x9C, 0x2B, 0x50, 0x18, 0x24, 0xCE, 0x89, 0xCB, 0x34, 0x32, 0xE2, 0xF6, 0xB2, 0x14, 0x57, 0xC9 },
+    { 0xE2, 0x2C, 0x84, 0x2A, 0xFB, 0xFB, 0x25, 0xA0, 0x52, 0x4E, 0xA3, 0x99, 0x9D, 0x23, 0x52, 0x8B, 0xF7, 0x88, 0x20, 0x15, 0x2E, 0x53, 0x81, 0x70, 0x7E, 0x4D, 0x31, 0xE9, 0x1A, 0xE8, 0x03, 0x4E },
+    { 0x5F, 0x67, 0x1E, 0x5C, 0xEA, 0xC6, 0x44, 0xC5, 0x1F, 0x91, 0xF6, 0xFF, 0xE4, 0x18, 0x0B, 0x2F, 0xC6, 0xA8, 0x61, 0xA5, 0x4A, 0x97, 0xC3, 0xCF, 0x44, 0x8E, 0xF6, 0xEE, 0x6D, 0xDB, 0xEF, 0x45 },
+    { 0xE5, 0x86, 0x25, 0x4A, 0x3A, 0xE3, 0x2D, 0xAF, 0xC0, 0x37, 0xC3, 0x44, 0xB6, 0xD6, 0x66, 0x51, 0x45, 0x78, 0xE2, 0x3F, 0x0D, 0xF1, 0x67, 0xAE, 0x5C, 0xE3, 0x24, 0x80, 0xEE, 0x49, 0x38, 0x08 },
+    { 0x5C, 0xA0, 0x55, 0x44, 0xE2, 0x4A, 0x53, 0xF2, 0x28, 0x75, 0x26, 0xE7, 0x2B, 0x07, 0x59, 0xD2, 0x3C, 0x8D, 0x56, 0x3B, 0x13, 0x6F, 0x3C, 0xA7, 0x14, 0x32, 0x40, 0xC7, 0x97, 0xD3, 0x55, 0x1E },
+    { 0xA0, 0xA2, 0xB4, 0x16, 0xA8, 0x4B, 0xFC, 0xBD, 0x22, 0xF1, 0xBF, 0xBB, 0xFA, 0xB3, 0xBA, 0xCC, 0xEB, 0x7D, 0xEB, 0x45, 0x81, 0xCA, 0xEA, 0x06, 0x82, 0x6C, 0x5D, 0xDF, 0xF8, 0x44, 0xD4, 0xD4 },
+    { 0xA7, 0xEF, 0x83, 0x22, 0xEC, 0x94, 0x90, 0xF0, 0xE8, 0x24, 0x09, 0xE0, 0x8D, 0x92, 0xEB, 0x1C, 0x15, 0x09, 0x32, 0x8E, 0x3B, 0xA2, 0x57, 0xFA, 0xBF, 0x98, 0x24, 0x0E, 0xB1, 0x2F, 0x56, 0x5D },
+    { 0x1E, 0xC2, 0x9B, 0x52, 0x5B, 0x24, 0xC3, 0xE5, 0xA8, 0xE9, 0xC8, 0x2B, 0xCF, 0xA8, 0x17, 0xC7, 0x02, 0xF4, 0x16, 0x82, 0x00, 0x0E, 0xD2, 0xCD, 0xF4, 0x75, 0x88, 0xD9, 0x24, 0xCF, 0xC3, 0xDB },
+    { 0xD6, 0x34, 0xC9, 0x29, 0x1F, 0x23, 0x48, 0x8F, 0x63, 0x01, 0x46, 0x6C, 0x95, 0xC0, 0x1E, 0x62, 0x77, 0xA9, 0x66, 0x5A, 0x89, 0x73, 0x77, 0xB4, 0x52, 0x8D, 0x2F, 0xED, 0x8E, 0xCF, 0x67, 0x01 },
+    { 0xF1, 0x4A, 0xD9, 0x3E, 0x65, 0x77, 0xDD, 0x06, 0xE8, 0x9C, 0x71, 0xD7, 0xEF, 0x26, 0x35, 0x83, 0xFF, 0xFE, 0xBD, 0x29, 0xE0, 0xB4, 0x34, 0x24, 0x3C, 0xD4, 0x1E, 0xB2, 0xF6, 0xC2, 0x43, 0xC5 },
+    { 0x2E, 0x98, 0xE5, 0x40, 0x47, 0xBF, 0x6B, 0x3E, 0xE4, 0xCD, 0x19, 0xFD, 0x68, 0xC2, 0xB6, 0x9C, 0x92, 0x10, 0xE5, 0xA4, 0x57, 0x90, 0xB8, 0x8E, 0x3F, 0x29, 0x85, 0x94, 0xAD, 0x67, 0x34, 0x3F },
+    { 0x39, 0x91, 0x3A, 0xF8, 0xED, 0x6F, 0x8A, 0x54, 0x40, 0x22, 0x28, 0x40, 0xDB, 0x1C, 0x62, 0xEE, 0xD6, 0x4D, 0x65, 0x03, 0xEA, 0x96, 0x39, 0x9D, 0xD1, 0x51, 0xFC, 0xF0, 0x66, 0x55, 0x53, 0x7F },
+    { 0x4D, 0x48, 0x74, 0xA3, 0xEB, 0x2A, 0x22, 0x04, 0x0C, 0x21, 0x91, 0xCE, 0x91, 0x6B, 0x2D, 0xA9, 0x20, 0x05, 0xCB, 0xC0, 0x09, 0xBF, 0xAB, 0xAB, 0xDD, 0x38, 0x0D, 0xC9, 0x76, 0x80, 0x8F, 0xD6 },
+    { 0xE9, 0xD5, 0xD1, 0xBC, 0x7E, 0xEA, 0x49, 0xBD, 0x2D, 0x16, 0x5B, 0x35, 0x87, 0xD0, 0x04, 0xCD, 0x2B, 0x85, 0xD2, 0x07, 0xBA, 0x19, 0xDA, 0xFF, 0x96, 0x0B, 0xF5, 0xD1, 0x75, 0xDD, 0xC1, 0xE2 },
+    { 0xE2, 0x6B, 0x4E, 0x7B, 0xA4, 0xF3, 0x63, 0x79, 0xB8, 0x94, 0x72, 0x98, 0x0A, 0xBB, 0xC1, 0x62, 0xCE, 0xA5, 0x63, 0x64, 0x0D, 0xFA, 0x4F, 0xB9, 0x37, 0xC4, 0xC7, 0xA9, 0xD9, 0x22, 0x24, 0xE7 },
+    { 0x89, 0x7A, 0xFB, 0xC7, 0x74, 0x31, 0xF5, 0x20, 0x1D, 0xD9, 0xB5, 0x72, 0x67, 0x78, 0x26, 0x2D, 0x2E, 0x7A, 0x1E, 0x16, 0x83, 0xAB, 0x27, 0x6D, 0x53, 0x42, 0x18, 0x8C, 0xD7, 0x3E, 0xE3, 0xEC },
+    { 0x02, 0x2A, 0xBD, 0xB2, 0x74, 0x54, 0x8F, 0xDD, 0xEA, 0xD7, 0xA1, 0x71, 0x65, 0xC0, 0x2A, 0x0B, 0x6C, 0xE9, 0xB9, 0x4D, 0x77, 0xEF, 0x03, 0xE2, 0xD6, 0x16, 0xAA, 0x01, 0xD5, 0x54, 0x03, 0x62 },
+    { 0x02, 0x4B, 0xD6, 0x38, 0x2F, 0x13, 0x4E, 0x47, 0xDC, 0x2A, 0x1F, 0x0B, 0x9A, 0xAD, 0x8B, 0x29, 0x16, 0x53, 0xBC, 0x20, 0xE5, 0x19, 0x7A, 0x54, 0x42, 0xA0, 0x33, 0x5D, 0xD2, 0xEE, 0x40, 0x3C },
+    { 0xD8, 0x8A, 0x3D, 0xC7, 0x02, 0x20, 0x89, 0xEA, 0xA3, 0x30, 0x91, 0x0A, 0x1D, 0xB4, 0xD5, 0x76, 0x06, 0xB4, 0x76, 0x59, 0x02, 0xA2, 0x8A, 0xE3, 0xE3, 0xA3, 0x4D, 0xEE, 0x26, 0x55, 0x0F, 0x1C },
+    { 0xC5, 0x11, 0xB0, 0xDD, 0x90, 0x66, 0x2E, 0xF6, 0x40, 0xD4, 0x17, 0xED, 0x6F, 0x67, 0x2D, 0x5A, 0xB2, 0x16, 0xD0, 0x20, 0x03, 0xD3, 0x65, 0xE6, 0x65, 0x3C, 0x1A, 0x82, 0x6A, 0x9A, 0xFE, 0xC2 },
+    { 0x20, 0x3C, 0x1F, 0x7B, 0xD2, 0xC3, 0xAA, 0x84, 0x1F, 0x16, 0x99, 0x11, 0x00, 0x2B, 0xF1, 0xA9, 0xC9, 0x26, 0xE4, 0xFA, 0x79, 0x56, 0xB1, 0xC3, 0x53, 0xD8, 0x2D, 0xC1, 0xB5, 0x4A, 0x70, 0xD9 },
+    { 0xDA, 0xDD, 0x52, 0x89, 0x29, 0x65, 0x7A, 0xF0, 0x94, 0x04, 0xEA, 0x4B, 0x93, 0xA3, 0x8B, 0x55, 0x5C, 0x56, 0x23, 0x48, 0x0F, 0x0A, 0x46, 0x74, 0xBE, 0x58, 0xAB, 0xEE, 0x84, 0x71, 0x1C, 0x25 },
+    { 0x10, 0xD7, 0xFA, 0x16, 0x87, 0xDD, 0xFE, 0xF8, 0xE9, 0x50, 0x85, 0xAF, 0xCA, 0x2F, 0x48, 0xBB, 0x4E, 0xE2, 0xB7, 0x76, 0xA9, 0x43, 0xC3, 0x4A, 0x08, 0xB7, 0x62, 0x02, 0x5D, 0x15, 0x1A, 0xA3 },
+    { 0x29, 0x0F, 0x94, 0x28, 0xEF, 0xF2, 0x91, 0x72, 0x4A, 0x2A, 0x3A, 0x8A, 0xDB, 0x2A, 0x0B, 0x7D, 0xDA, 0xFE, 0x06, 0xCB, 0x2D, 0x5E, 0xAF, 0xD1, 0xB4, 0xDA, 0x66, 0x17, 0x24, 0x45, 0xFE, 0x79 },
+    { 0x4C, 0x59, 0x0E, 0xC6, 0x72, 0xC6, 0x83, 0xCA, 0x9A, 0xD2, 0x46, 0x99, 0x18, 0x64, 0xB4, 0x04, 0x37, 0xF0, 0x94, 0xF4, 0x27, 0xB8, 0xE7, 0xE9, 0xBA, 0x21, 0xB0, 0xC0, 0x6A, 0xAC, 0xDA, 0xF2 },
+    { 0x25, 0x00, 0x97, 0xB2, 0x1C, 0x30, 0x78, 0xC9, 0xE0, 0x7E, 0x86, 0x15, 0xE4, 0x0E, 0x10, 0xAA, 0xEF, 0x29, 0x29, 0x65, 0x33, 0xBF, 0xA5, 0xB6, 0xDA, 0xF1, 0x96, 0x55, 0x1B, 0x26, 0xB2, 0xA4 },
+    { 0xAE, 0x4D, 0xC3, 0x43, 0x78, 0xF2, 0xF1, 0xD3, 0x9B, 0xC5, 0x35, 0x04, 0xA0, 0x5A, 0x90, 0xD5, 0x63, 0x40, 0xE3, 0xCA, 0x72, 0x3C, 0xBC, 0x6B, 0xD7, 0x98, 0xA2, 0x43, 0xF5, 0xF2, 0x7C, 0x5A },
+    { 0x25, 0x79, 0xC8, 0x64, 0x08, 0x49, 0x38, 0xDF, 0x9D, 0xE7, 0xB7, 0xE0, 0x7B, 0x6A, 0x8B, 0x8A, 0x45, 0x6E, 0x80, 0xE3, 0x0F, 0xDF, 0x9B, 0xEE, 0x9B, 0xEB, 0xB8, 0xFE, 0xDD, 0x6A, 0xEC, 0xC2 },
+    { 0x2D, 0xA7, 0xD5, 0x33, 0xA3, 0xED, 0x29, 0x54, 0x0C, 0x6A, 0x07, 0x60, 0xFC, 0x08, 0x3B, 0x3D, 0x62, 0xA5, 0x81, 0x1A, 0x66, 0x0B, 0x77, 0x2E, 0x46, 0x2E, 0xB5, 0x3F, 0xE5, 0xA9, 0xA5, 0x1B },
+    { 0x3B, 0x63, 0xD8, 0x66, 0x52, 0x33, 0x9C, 0xF1, 0xEE, 0xD6, 0x97, 0x4B, 0x14, 0xBF, 0xD5, 0x7C, 0x1B, 0x56, 0xE7, 0x57, 0x9B, 0xC7, 0x4A, 0xA3, 0xD1, 0x17, 0x51, 0x5E, 0x30, 0xC6, 0x92, 0xE4 },
+    { 0x53, 0x10, 0x43, 0x7E, 0xDC, 0xE9, 0xEC, 0xE2, 0x25, 0xBA, 0x1D, 0x9E, 0x98, 0x77, 0x2E, 0x47, 0x92, 0x85, 0xAC, 0xE5, 0x5C, 0xB2, 0xDB, 0x33, 0xB1, 0xAC, 0x4D, 0x3B, 0x58, 0x65, 0x92, 0xDB },
+    { 0x3B, 0xD7, 0xB3, 0x87, 0x50, 0xAC, 0x25, 0x0F, 0xBA, 0x58, 0xBC, 0x2E, 0x76, 0x59, 0x45, 0x92, 0xF4, 0x84, 0x5F, 0x16, 0xFA, 0x95, 0xF3, 0x33, 0x72, 0x57, 0x6D, 0xAE, 0xFB, 0x61, 0x29, 0xC5 },
+    { 0x85, 0xE6, 0xD5, 0x84, 0x07, 0x93, 0x7B, 0x41, 0xCF, 0x4B, 0x9F, 0xBB, 0x45, 0x03, 0x7C, 0x52, 0x56, 0xEC, 0x4F, 0x6E, 0x34, 0x89, 0xAA, 0x65, 0xF5, 0x4D, 0xAC, 0xFE, 0xC5, 0xD0, 0xDF, 0xC5 },
+    { 0x02, 0xBE, 0x35, 0xF6, 0xC0, 0x13, 0x04, 0xB2, 0x4A, 0x52, 0x1F, 0xBB, 0x90, 0xDC, 0xE8, 0x86, 0x9D, 0x43, 0x51, 0x7C, 0xC8, 0x39, 0xEF, 0x9D, 0x79, 0x80, 0xF0, 0x74, 0xF9, 0x97, 0xEB, 0x80 },
+    { 0xF5, 0x9E, 0x95, 0x42, 0x26, 0xC7, 0x7C, 0x98, 0xD4, 0x6E, 0x05, 0x9B, 0x5B, 0x6A, 0x28, 0xFF, 0x60, 0x6A, 0x8B, 0x3F, 0xFA, 0x79, 0xEE, 0xBA, 0xAC, 0x95, 0x34, 0x8C, 0x3F, 0x8A, 0x94, 0xA7 },
+    { 0x53, 0x16, 0x12, 0x00, 0x58, 0x33, 0x29, 0xE3, 0x83, 0x74, 0x97, 0x05, 0xA7, 0xB5, 0x99, 0xFF, 0x54, 0x60, 0x65, 0x13, 0x86, 0x7E, 0x27, 0xA5, 0x73, 0x3B, 0xD3, 0xD3, 0xC3, 0xF9, 0xBA, 0x6F },
+    { 0x36, 0xE5, 0x52, 0xE8, 0x2C, 0x39, 0x6B, 0x20, 0xC9, 0x24, 0x4A, 0x1D, 0x1C, 0x25, 0x7D, 0xFA, 0xFD, 0xED, 0x11, 0x2D, 0x04, 0x32, 0x0D, 0x96, 0xE6, 0x24, 0x73, 0xA2, 0x23, 0x69, 0x01, 0x1C },
+    { 0x2F, 0x1B, 0xD5, 0x46, 0xD0, 0x0C, 0x97, 0x18, 0xEA, 0x11, 0xA1, 0x0B, 0x20, 0xFF, 0x73, 0x67, 0x5C, 0x47, 0x42, 0x43, 0x48, 0x24, 0xEC, 0x77, 0xCF, 0x01, 0x55, 0xCF, 0xEE, 0x9F, 0x86, 0x7E },
+    { 0xA4, 0x0D, 0xDF, 0xCA, 0xC8, 0x6C, 0xAD, 0x39, 0x2C, 0x78, 0x0B, 0x76, 0x88, 0xEA, 0x60, 0xA3, 0x3C, 0xD1, 0x7A, 0x26, 0xDB, 0x2D, 0x86, 0x38, 0x71, 0x1C, 0xCB, 0x63, 0xB7, 0x4A, 0x10, 0x90 },
+    { 0x8C, 0x0B, 0xCD, 0x5A, 0x39, 0x05, 0xA2, 0x40, 0xCB, 0x33, 0xA0, 0x57, 0xFA, 0xFC, 0x04, 0xA8, 0x2B, 0xDA, 0x5F, 0x9A, 0x44, 0xEC, 0xC9, 0x03, 0xB4, 0x4B, 0x3A, 0x06, 0x00, 0x05, 0x23, 0x97 },
+    { 0x60, 0x74, 0x92, 0x55, 0xA8, 0x5B, 0x95, 0x10, 0xBD, 0x80, 0x38, 0x3B, 0x12, 0x08, 0x48, 0xB7, 0xC1, 0xF4, 0x6E, 0xA2, 0x58, 0xEE, 0x2E, 0x19, 0xA7, 0xC4, 0xED, 0x66, 0x9C, 0x79, 0x5A, 0x83 },
+    { 0xDA, 0x5F, 0x29, 0xCD, 0xE2, 0x8F, 0xB1, 0x9E, 0xC5, 0xEC, 0xE3, 0x27, 0xC3, 0x49, 0x55, 0x24, 0xD9, 0x39, 0x05, 0x77, 0xA3, 0xDF, 0x65, 0x0F, 0x8A, 0xCC, 0x1F, 0x78, 0xC6, 0x8B, 0xCD, 0x4A },
+    { 0x49, 0x24, 0x12, 0x41, 0x94, 0x3F, 0xFB, 0x1E, 0xF2, 0x18, 0x98, 0xE1, 0xB1, 0x35, 0x0E, 0xAB, 0x2A, 0x62, 0x7C, 0x80, 0xD0, 0xBE, 0xAA, 0xF0, 0x5F, 0x77, 0xE2, 0x2C, 0x72, 0x5E, 0x20, 0x57 },
+    { 0x81, 0x84, 0xC0, 0x9B, 0x76, 0x05, 0xFF, 0x21, 0xEA, 0xF5, 0x95, 0xAD, 0x34, 0xBC, 0xCD, 0xE7, 0x97, 0x5C, 0xD3, 0x84, 0xF0, 0xFF, 0x03, 0xB6, 0x97, 0x6F, 0x04, 0x7F, 0xDF, 0x9F, 0x98, 0x1C },
+    { 0x53, 0xA6, 0xE4, 0xE3, 0x70, 0xC1, 0x9B, 0x26, 0xE1, 0xB9, 0x0E, 0x88, 0x93, 0xBE, 0x78, 0xC5, 0x15, 0x1F, 0x50, 0x75, 0x8C, 0x7E, 0xD6, 0x09, 0xC3, 0xFB, 0x88, 0x91, 0x3C, 0xC0, 0xA9, 0xD3 },
+    { 0xAE, 0x74, 0x73, 0xC2, 0xC8, 0x46, 0xED, 0xD2, 0x94, 0x83, 0x49, 0xD9, 0x10, 0x74, 0xD7, 0x75, 0xEC, 0xE1, 0x32, 0xAA, 0x3F, 0x36, 0x7D, 0xEE, 0x34, 0xBF, 0x9A, 0x03, 0xC8, 0xC9, 0x3E, 0x4A },
+    { 0x96, 0xEE, 0xAB, 0x1C, 0x5B, 0xD7, 0x5E, 0xB9, 0xF1, 0x01, 0xCD, 0xFB, 0x65, 0xEF, 0xAD, 0xBB, 0x8A, 0x87, 0x74, 0xF8, 0xA7, 0xC8, 0x24, 0x7C, 0xD1, 0x1F, 0x6F, 0x12, 0x50, 0xBA, 0x0C, 0x2D },
+    { 0x42, 0x32, 0x33, 0xFC, 0x3A, 0x8B, 0x97, 0x22, 0xDA, 0xA1, 0x5F, 0xF4, 0x8B, 0x84, 0x93, 0xA0, 0xDE, 0xD4, 0x3A, 0x86, 0xD2, 0x96, 0x0D, 0x53, 0x2C, 0xA1, 0x74, 0xC4, 0x60, 0x8D, 0xC1, 0x84 },
+    { 0x53, 0x1F, 0x5A, 0x56, 0x2B, 0x17, 0x79, 0x33, 0x93, 0xED, 0x31, 0x28, 0x20, 0x6B, 0x7C, 0x73, 0x4E, 0xF0, 0xBC, 0xA5, 0xCD, 0x91, 0x57, 0x5D, 0x67, 0x3A, 0x27, 0x7E, 0x49, 0x78, 0xB0, 0x54 },
+    { 0xEF, 0x13, 0x06, 0x2E, 0x39, 0x90, 0x5C, 0xA2, 0x53, 0x78, 0x6E, 0x52, 0x6E, 0xAE, 0x01, 0x16, 0xAA, 0x3D, 0x97, 0x25, 0xAF, 0x9A, 0x04, 0x0C, 0xDD, 0xD9, 0xB8, 0xFE, 0xC3, 0xF3, 0x03, 0xE9 },
+    { 0xCE, 0x03, 0xF6, 0xB9, 0xFE, 0x37, 0x6E, 0x3B, 0xC6, 0x72, 0xD4, 0x6E, 0x5D, 0x89, 0x2E, 0xEA, 0xF7, 0x60, 0x79, 0xA8, 0x62, 0xD7, 0x16, 0xA7, 0xC9, 0x24, 0x81, 0xD8, 0xED, 0xC8, 0x11, 0xE1 },
+    { 0x63, 0xCC, 0xC5, 0xA6, 0x21, 0x1E, 0x91, 0xF2, 0xFA, 0xF6, 0xCD, 0x73, 0xD4, 0x58, 0x31, 0x14, 0x97, 0xE4, 0x9B, 0x91, 0x6C, 0x2E, 0x16, 0xCF, 0x4C, 0x86, 0x2E, 0x54, 0x6C, 0x15, 0xE8, 0x95 },
+    { 0x0A, 0xDF, 0x4B, 0xA1, 0x25, 0x0E, 0xB4, 0x15, 0xDE, 0xCF, 0x1B, 0xF1, 0x87, 0x16, 0x3F, 0x73, 0x70, 0xF6, 0x01, 0x8C, 0x5A, 0x2F, 0xD2, 0x9B, 0xF6, 0x9A, 0x6F, 0xE8, 0x3B, 0x0C, 0xB2, 0xF3 },
+    { 0xC8, 0x3B, 0xD1, 0xBB, 0xDD, 0xD0, 0x5E, 0xAF, 0x68, 0x68, 0x90, 0x47, 0x30, 0x9C, 0xE2, 0xEC, 0x57, 0x9E, 0xBF, 0xE3, 0x6C, 0x1B, 0xC0, 0xAF, 0x10, 0xC6, 0x59, 0x29, 0x86, 0xBD, 0xD2, 0x63 },
+    { 0x7E, 0x97, 0xFE, 0xB6, 0x5D, 0xB6, 0x05, 0x55, 0x2D, 0x42, 0x32, 0x0D, 0x1C, 0xB0, 0x60, 0x16, 0xB1, 0x40, 0x76, 0xD3, 0x34, 0x88, 0x2D, 0x84, 0x3B, 0x02, 0x11, 0x76, 0xA4, 0x93, 0x5F, 0x4B },
+    { 0xAF, 0x36, 0xAA, 0x5B, 0x5C, 0xDC, 0xD6, 0xDF, 0x35, 0x69, 0xD0, 0x00, 0x84, 0xC7, 0x2F, 0x1E, 0xED, 0x51, 0xCE, 0xEE, 0x5A, 0xA0, 0xE1, 0x3E, 0xAA, 0x63, 0x95, 0x74, 0x2C, 0xAA, 0xE4, 0x50 },
+    { 0x5E, 0x51, 0xB2, 0x6B, 0xC8, 0xE3, 0xBA, 0x0D, 0x40, 0xEC, 0x3F, 0x37, 0xAE, 0x48, 0x13, 0x70, 0xE4, 0x11, 0xF8, 0x61, 0xAA, 0xE3, 0xCF, 0x05, 0x97, 0x61, 0x44, 0x38, 0x1B, 0x0A, 0xAB, 0xC3 },
+    { 0x06, 0xDA, 0xCF, 0x9A, 0x6A, 0x58, 0xD2, 0x2C, 0x39, 0xC1, 0x0E, 0x85, 0xC7, 0xE6, 0x75, 0xB8, 0x82, 0xD0, 0xDB, 0x5E, 0x9A, 0x2E, 0x3D, 0xE2, 0x0F, 0xF1, 0x98, 0x3E, 0xD9, 0x01, 0x07, 0xD6 },
+    { 0x8C, 0xBC, 0xEF, 0x35, 0x65, 0x92, 0x37, 0x8E, 0x7F, 0xBC, 0xCF, 0x10, 0xC7, 0x5B, 0xB2, 0x64, 0x37, 0x21, 0xF5, 0x8B, 0x08, 0x46, 0xDA, 0xA3, 0xDF, 0x0C, 0x1E, 0x57, 0x6C, 0x1C, 0xC5, 0x4B },
+    { 0x2F, 0xAB, 0xF8, 0x70, 0x11, 0x52, 0xAC, 0xC8, 0xE1, 0x52, 0x85, 0xA0, 0x8B, 0x7B, 0x75, 0x48, 0x6E, 0x61, 0x91, 0x84, 0xE9, 0xB2, 0x5A, 0x42, 0x1C, 0x6E, 0x93, 0x4C, 0xFE, 0x3A, 0xA6, 0x50 },
+    { 0xA7, 0x1E, 0x51, 0xCF, 0x7E, 0xD7, 0xAF, 0xBF, 0x23, 0x6E, 0x0B, 0x81, 0x4E, 0x0D, 0x0E, 0xC4, 0x3C, 0xE6, 0x74, 0x07, 0x52, 0x3B, 0xC0, 0x20, 0x34, 0xD2, 0xB8, 0x56, 0xAA, 0xAE, 0x49, 0x93 },
+    { 0x39, 0x2D, 0x14, 0xB2, 0xBD, 0x1B, 0xFB, 0x11, 0x4B, 0x2F, 0xE7, 0xDB, 0xC1, 0x2E, 0xC0, 0x71, 0x54, 0x36, 0xAE, 0x78, 0x59, 0x9C, 0xE1, 0x61, 0x95, 0xC2, 0x0E, 0xCD, 0xB9, 0x21, 0x94, 0xDB },
+    { 0xDF, 0x14, 0x9B, 0x56, 0x09, 0x9D, 0x7D, 0x72, 0x2B, 0xBC, 0xAF, 0xFE, 0xF8, 0x2F, 0xD1, 0x3A, 0x4D, 0x7B, 0x27, 0xA0, 0xA7, 0x5E, 0xDE, 0x3C, 0x01, 0xEE, 0x0C, 0xDB, 0x54, 0x27, 0x73, 0xF7 },
+    { 0x8E, 0x64, 0xD4, 0xA1, 0x63, 0xF1, 0x0F, 0xCB, 0xFE, 0x95, 0x53, 0xE9, 0x6E, 0x4E, 0xE4, 0xE1, 0x07, 0x8C, 0xAB, 0x9F, 0x51, 0xED, 0x62, 0x7F, 0x6C, 0x22, 0x27, 0xFB, 0xE4, 0x16, 0x12, 0xC3 },
+    { 0xCA, 0xB0, 0xC4, 0xEA, 0xA4, 0x3A, 0xF7, 0x2D, 0xFD, 0x37, 0x8A, 0x0D, 0x05, 0x96, 0xE8, 0xA9, 0x3D, 0x5F, 0x9E, 0x9D, 0x8A, 0xF8, 0xB5, 0x47, 0xFB, 0xB0, 0xB5, 0x71, 0xC3, 0xD8, 0xAE, 0x85 },
+    { 0x07, 0x3D, 0x87, 0xA3, 0x0A, 0x98, 0x5F, 0x53, 0x82, 0xB2, 0xFF, 0x34, 0x4C, 0xCD, 0x1B, 0xAB, 0xC1, 0xB9, 0xE1, 0x97, 0xE6, 0xF4, 0xD7, 0x71, 0x78, 0xF0, 0x96, 0x93, 0xD9, 0xA5, 0xA4, 0x7D },
+    { 0xC9, 0x87, 0xA1, 0x8C, 0xD3, 0x50, 0x3F, 0x83, 0x30, 0x44, 0x14, 0x50, 0xAD, 0x0F, 0xE2, 0xC4, 0xEA, 0xC7, 0xF6, 0x3D, 0xC9, 0xE6, 0x50, 0xA7, 0xEA, 0x22, 0x41, 0xD7, 0x2E, 0x05, 0xE9, 0xF9 },
+    { 0xAF, 0x44, 0x71, 0x82, 0xC0, 0xA6, 0x65, 0x51, 0xED, 0x70, 0x04, 0xAC, 0x8E, 0xD1, 0x9E, 0xA9, 0x21, 0x54, 0xE0, 0x87, 0x96, 0x42, 0xC4, 0xC1, 0xA9, 0x20, 0xDC, 0xB2, 0xF8, 0xA9, 0xEC, 0xFA },
+    { 0xD2, 0x20, 0x63, 0x9D, 0xB0, 0x44, 0x98, 0xCF, 0xBC, 0x35, 0x80, 0xB3, 0x97, 0xB8, 0xE0, 0x4F, 0x7B, 0x0D, 0xE2, 0x4F, 0x16, 0x90, 0xA9, 0x85, 0x4E, 0xAD, 0x15, 0xCC, 0xD7, 0xEA, 0x6D, 0x38 },
+    { 0x1F, 0x64, 0xB2, 0x58, 0x8B, 0xE5, 0x31, 0x8A, 0xB1, 0xE5, 0x01, 0x00, 0x97, 0xB2, 0xB7, 0x4E, 0x31, 0x3F, 0xEA, 0x99, 0xA0, 0x41, 0xEE, 0x4E, 0x09, 0x43, 0x94, 0x1B, 0x20, 0x36, 0xA7, 0x9D },
+    { 0x78, 0x4F, 0x8D, 0x19, 0x35, 0x18, 0xFE, 0x4B, 0x6F, 0x86, 0xA9, 0x1D, 0x87, 0x1B, 0x35, 0x42, 0x48, 0x07, 0xA8, 0xFB, 0x09, 0x96, 0x6E, 0x57, 0xBE, 0x91, 0x70, 0x16, 0x2A, 0x71, 0x98, 0x67 },
+    { 0x9E, 0xB4, 0xCD, 0xEB, 0x1F, 0xD8, 0xB3, 0x8A, 0xC3, 0xC7, 0x8A, 0x99, 0x94, 0xAD, 0xEC, 0x29, 0xB9, 0x33, 0x5C, 0xCE, 0xF2, 0x09, 0x9B, 0xDE, 0xCD, 0x97, 0x46, 0x7E, 0xC8, 0xCB, 0xB1, 0x40 },
+    { 0x2B, 0x3E, 0xF4, 0x50, 0xD3, 0xF0, 0xDA, 0x47, 0x0F, 0x72, 0x2D, 0x0D, 0xB3, 0x94, 0x64, 0x1B, 0x88, 0x65, 0xD2, 0x16, 0x60, 0x87, 0x1C, 0xDD, 0x48, 0xC4, 0x8A, 0xAC, 0xCC, 0xBF, 0x17, 0xA8 },
+    { 0x25, 0xEB, 0xD7, 0xF8, 0x16, 0x47, 0x7A, 0x96, 0x5A, 0xB5, 0x7B, 0x74, 0x94, 0x37, 0x16, 0x0A, 0x8D, 0xD3, 0x70, 0xF7, 0xB4, 0xB8, 0x55, 0xA5, 0xB2, 0x3B, 0x25, 0x7B, 0xAA, 0x64, 0x18, 0x71 },
+    { 0xDA, 0x66, 0x61, 0xAE, 0x4F, 0x09, 0xDE, 0xA6, 0x4F, 0xD1, 0x56, 0x8B, 0x2E, 0xD1, 0x25, 0x4E, 0xA8, 0xC9, 0x44, 0x52, 0xD1, 0x15, 0x8E, 0x2F, 0x50, 0x4C, 0x5C, 0xB2, 0x50, 0x6C, 0xA5, 0xE1 },
+    { 0xC8, 0xC3, 0xE6, 0xF0, 0xEE, 0xA6, 0xDA, 0x34, 0x3F, 0xDF, 0x59, 0x2F, 0x0D, 0x53, 0x2B, 0x4D, 0x85, 0x74, 0x17, 0xC3, 0x38, 0xC9, 0xBC, 0xB2, 0xF0, 0x98, 0xAC, 0xB9, 0x59, 0x2C, 0x6F, 0x72 },
+    { 0x70, 0xDF, 0xCD, 0x34, 0xA0, 0xE4, 0x67, 0xCB, 0xBB, 0x91, 0x72, 0x23, 0xB8, 0x6B, 0xCB, 0x31, 0x4D, 0x3C, 0x4C, 0x58, 0x98, 0x45, 0x9A, 0x9A, 0xB7, 0x11, 0x4D, 0x37, 0x42, 0xE3, 0x56, 0x08 },
+    { 0x10, 0xD0, 0x3D, 0x8E, 0xF0, 0x5F, 0xEE, 0x57, 0x70, 0xFE, 0x77, 0x54, 0x02, 0xE1, 0x48, 0x14, 0xB9, 0xFE, 0xA6, 0x5D, 0x28, 0x8A, 0x33, 0x1C, 0x2D, 0xAE, 0xF4, 0xAA, 0x82, 0xEC, 0xF5, 0xA9 },
+    { 0x75, 0x0B, 0x27, 0xCB, 0x3A, 0x04, 0x3C, 0x49, 0xD1, 0xEF, 0x3F, 0xC4, 0x15, 0x29, 0x07, 0xCC, 0x2B, 0x73, 0x84, 0x80, 0x0A, 0x79, 0xA1, 0xEC, 0x49, 0x08, 0x0D, 0x36, 0x2D, 0x3A, 0xEB, 0xCD },
+    { 0xF4, 0xE1, 0x4D, 0x4E, 0x5A, 0x5F, 0xA0, 0x3E, 0x80, 0x61, 0x64, 0x0F, 0x37, 0x1E, 0xF4, 0xFF, 0xA6, 0x77, 0x18, 0x15, 0x62, 0xA3, 0xE2, 0x0D, 0xF8, 0xBB, 0x05, 0xF0, 0xED, 0xB5, 0xF2, 0x8A },
+    { 0xF5, 0xE0, 0x2F, 0xD9, 0xF4, 0x6F, 0x09, 0xBB, 0x77, 0x74, 0x00, 0x08, 0x35, 0xB1, 0xBA, 0xE5, 0x17, 0xB7, 0x33, 0x41, 0xBC, 0xC5, 0x24, 0x0E, 0x89, 0xD2, 0x71, 0x2F, 0x49, 0x87, 0xE0, 0x43 },
+    { 0x1A, 0x2F, 0x45, 0x4E, 0x43, 0x5D, 0xC5, 0xF8, 0x61, 0xFF, 0x4E, 0x34, 0xF0, 0x6D, 0x3D, 0x58, 0x21, 0xEE, 0xBD, 0xB6, 0x18, 0x31, 0x5A, 0xE4, 0xDE, 0xA8, 0xFF, 0x93, 0xCC, 0x53, 0x90, 0xE2 },
+    { 0x10, 0x33, 0xAF, 0xA1, 0x7D, 0x6B, 0x00, 0xB6, 0xD1, 0xFD, 0xE5, 0xCD, 0xC2, 0x05, 0x14, 0xEC, 0x13, 0x6B, 0xF4, 0xA5, 0xCB, 0xEA, 0xBF, 0x97, 0x7B, 0xCF, 0xCA, 0xDE, 0x64, 0x6F, 0xEA, 0xF5 },
+    { 0xC8, 0x42, 0xF4, 0x52, 0x38, 0x32, 0xDA, 0xE9, 0xC5, 0x9F, 0x29, 0x15, 0xE9, 0x1B, 0xAA, 0x46, 0x8A, 0xA4, 0x6C, 0x3F, 0x40, 0x81, 0xA0, 0x92, 0x52, 0xA7, 0x87, 0x0C, 0x22, 0xCD, 0xD1, 0x52 },
+    { 0x53, 0x31, 0x67, 0xF3, 0x83, 0x9F, 0x74, 0x72, 0xBE, 0x9F, 0x11, 0xFE, 0xA9, 0x81, 0x96, 0xAA, 0x51, 0x14, 0xED, 0xEE, 0x45, 0x3C, 0x0E, 0xF6, 0x33, 0xC0, 0xFD, 0x31, 0x99, 0x66, 0xC2, 0xE9 },
+    { 0x6E, 0xD2, 0xED, 0xED, 0xB0, 0xEC, 0x3C, 0x4A, 0xF7, 0xA2, 0x20, 0xEE, 0x2F, 0x02, 0x3A, 0x76, 0xBE, 0xB3, 0xE6, 0x43, 0xF2, 0x78, 0x8D, 0x6C, 0xC3, 0x21, 0xE5, 0x94, 0xF8, 0xB0, 0x2B, 0x21 },
+    { 0x9B, 0x66, 0x80, 0xB2, 0xCD, 0x0B, 0xCF, 0x4E, 0x68, 0x2D, 0xAD, 0x83, 0xE2, 0x83, 0x48, 0xD3, 0xF0, 0x9C, 0x50, 0x03, 0x81, 0x21, 0x50, 0x41, 0xB9, 0xC8, 0xFA, 0xBB, 0xFA, 0x6C, 0x7D, 0x1F },
+    { 0x87, 0x08, 0x51, 0x02, 0xD4, 0xFC, 0xA7, 0x37, 0xD5, 0xB0, 0x8D, 0x4C, 0x5B, 0xBB, 0xD8, 0xD5, 0xCE, 0x39, 0xCE, 0x39, 0xDD, 0x17, 0xF7, 0x22, 0x20, 0xC7, 0xD6, 0x44, 0x9D, 0x8B, 0x90, 0x1E },
+    { 0x96, 0xCA, 0x46, 0x48, 0xF4, 0xE8, 0xB9, 0xBC, 0x69, 0xA2, 0x77, 0x10, 0x51, 0x8C, 0x80, 0x84, 0xFA, 0x78, 0xC6, 0xD8, 0xA9, 0xD2, 0x85, 0x5D, 0x79, 0xB3, 0x27, 0x28, 0xAC, 0x93, 0xF3, 0xAD },
+    { 0x20, 0x73, 0x7D, 0x95, 0x19, 0x5C, 0xE1, 0x44, 0xA8, 0xC1, 0x9D, 0x1E, 0xB5, 0x79, 0x6E, 0x30, 0xCA, 0xFA, 0xF7, 0xCB, 0x9E, 0xEC, 0x7A, 0x76, 0x26, 0x06, 0xB2, 0x72, 0x4E, 0xE1, 0x76, 0x24 },
+    { 0x44, 0x6B, 0x90, 0xA6, 0x5A, 0x65, 0x26, 0x7A, 0x45, 0xF9, 0x90, 0x7C, 0x8E, 0x24, 0x03, 0x14, 0x06, 0x28, 0x6A, 0x4D, 0x37, 0x08, 0xE6, 0x25, 0xD9, 0x8B, 0xD6, 0x80, 0xD2, 0xDB, 0x9C, 0x35 },
+    { 0xDE, 0xE9, 0x6A, 0x5E, 0x6C, 0xA4, 0xED, 0xDA, 0xBE, 0x5F, 0xB1, 0x6E, 0xC5, 0xF3, 0x06, 0x85, 0xF7, 0x62, 0x41, 0x77, 0x69, 0x34, 0xB5, 0x4F, 0xF6, 0x40, 0xEF, 0x5F, 0xB1, 0xFF, 0x2F, 0x2F },
+    { 0x34, 0xBB, 0xD2, 0xB8, 0xD0, 0x8F, 0x09, 0xC7, 0x60, 0xF3, 0x29, 0xF3, 0x0B, 0x86, 0x02, 0x43, 0xB1, 0xEC, 0xE5, 0xE7, 0x5A, 0x94, 0x6D, 0x58, 0x68, 0xCC, 0x4A, 0xB6, 0x1F, 0x01, 0x93, 0xF0 },
+    { 0xB1, 0x95, 0xEC, 0x8A, 0x54, 0xF5, 0x8E, 0x15, 0x8D, 0xA1, 0xAF, 0x22, 0xF9, 0xA0, 0x5E, 0xB5, 0xC2, 0x7B, 0x09, 0xE9, 0xFD, 0x03, 0x68, 0x8B, 0x7C, 0xFC, 0x20, 0x8A, 0xE6, 0xD5, 0xDE, 0xD6 },
+    { 0x6D, 0x3E, 0x19, 0x98, 0x0A, 0xE1, 0xB7, 0xE2, 0x72, 0x08, 0x92, 0x65, 0x32, 0x31, 0x82, 0xD2, 0x56, 0x19, 0xF7, 0x55, 0x29, 0x9A, 0x5F, 0x0E, 0x96, 0x03, 0xC1, 0x71, 0xED, 0x7D, 0xC1, 0xF2 },
+    { 0xB9, 0x6D, 0xEA, 0x44, 0x34, 0x61, 0x9F, 0xA8, 0x96, 0x22, 0xD6, 0xDE, 0x76, 0x4F, 0x17, 0x13, 0x2A, 0x0F, 0x9C, 0x65, 0x42, 0xA8, 0xB0, 0xE5, 0x6F, 0xC7, 0xE6, 0x34, 0x7F, 0x0C, 0xE2, 0x77 },
+    { 0xA1, 0xF5, 0x50, 0xA9, 0x86, 0x74, 0x13, 0x56, 0x65, 0x57, 0x67, 0x6C, 0x20, 0xF3, 0x37, 0xC1, 0xEF, 0x7A, 0x8A, 0x98, 0x44, 0x1E, 0xB7, 0xC8, 0xAE, 0x9D, 0xD7, 0xDE, 0xC1, 0xE1, 0xDD, 0x60 },
+    { 0x4B, 0xFE, 0x00, 0x99, 0xB5, 0x2D, 0xA6, 0xD2, 0x52, 0x37, 0xCF, 0xAD, 0xCD, 0x2B, 0xD4, 0x07, 0x15, 0x09, 0xE0, 0xD0, 0xEC, 0xBD, 0x58, 0xA8, 0x7F, 0xE8, 0x36, 0x7B, 0x0D, 0x72, 0xEA, 0x86 },
+    { 0x4E, 0xD2, 0x58, 0x63, 0xB2, 0x39, 0xA6, 0x8A, 0xCD, 0xB4, 0x3B, 0x9C, 0xE2, 0x0A, 0xA9, 0x98, 0x29, 0xEA, 0x18, 0x7D, 0x97, 0x96, 0x53, 0x3F, 0x46, 0x4A, 0xF0, 0xD0, 0x0C, 0x9E, 0xF2, 0x17 },
+    { 0xAC, 0x4E, 0x29, 0x13, 0xFD, 0x99, 0x2D, 0x4B, 0xC6, 0x95, 0xE8, 0x08, 0x55, 0xAF, 0x8A, 0xE2, 0x4D, 0x35, 0x5F, 0x3C, 0xF2, 0xE4, 0xDF, 0xF1, 0x02, 0xD6, 0xB1, 0x4A, 0x2B, 0x6C, 0xAB, 0x8F },
+    { 0xC7, 0x21, 0xAD, 0xA7, 0xA8, 0xD3, 0x1C, 0x9F, 0x0F, 0x84, 0x5D, 0xC7, 0xD4, 0xFD, 0xE2, 0x6D, 0x41, 0x19, 0x53, 0xF6, 0xFE, 0x5E, 0x64, 0x49, 0xB3, 0x8E, 0x29, 0xD3, 0xD2, 0x9C, 0xAB, 0x16 },
+    { 0x2B, 0x85, 0xAD, 0xF8, 0x86, 0xE3, 0x17, 0x06, 0x43, 0xA7, 0xBE, 0x3A, 0x31, 0x2F, 0xBE, 0xD7, 0xDB, 0xAB, 0x88, 0x79, 0x68, 0x64, 0xB4, 0x5E, 0xF0, 0x2D, 0xB4, 0x8C, 0x1F, 0x95, 0x97, 0x11 },
+    { 0x9F, 0x72, 0x5A, 0xD8, 0xE0, 0xE1, 0x82, 0x91, 0x31, 0xFF, 0x0D, 0x76, 0xBC, 0xFA, 0x57, 0x43, 0x1C, 0xD9, 0x33, 0x73, 0x7A, 0x31, 0xD2, 0x0D, 0xDB, 0xA1, 0x77, 0x76, 0x8A, 0xDA, 0x60, 0x67 },
+    { 0x88, 0xEA, 0x04, 0x53, 0x12, 0x56, 0xE8, 0x55, 0x46, 0xEB, 0x03, 0x4F, 0x8F, 0x91, 0x17, 0x88, 0xF0, 0x7F, 0x36, 0xBF, 0xC8, 0x19, 0xD2, 0xD6, 0x8D, 0x61, 0x9D, 0xCE, 0x2F, 0xB4, 0x51, 0xDA },
+    { 0x64, 0xD8, 0xB0, 0x78, 0xFB, 0x20, 0x74, 0x8E, 0x5D, 0x0A, 0x99, 0xC4, 0xA9, 0xF6, 0x79, 0xFD, 0x42, 0x4A, 0x5D, 0x68, 0xDC, 0x22, 0xAD, 0xB4, 0x78, 0x6D, 0x75, 0xA3, 0x99, 0x7C, 0xAF, 0xC5 },
+    { 0x54, 0x88, 0x4D, 0xB8, 0x59, 0x82, 0xE2, 0x1F, 0x4B, 0x61, 0xBF, 0xFE, 0xFE, 0xDE, 0xE3, 0x09, 0x30, 0x17, 0x07, 0x33, 0x72, 0x4F, 0x78, 0x51, 0x0D, 0x60, 0xDF, 0x74, 0x79, 0x69, 0xE8, 0xFF },
+    { 0xAC, 0x00, 0x31, 0x7D, 0xC1, 0xBC, 0x95, 0xAC, 0x6B, 0x88, 0x06, 0x25, 0xD2, 0x84, 0x42, 0x8E, 0xF5, 0x0A, 0xB8, 0xD6, 0xAE, 0x76, 0x47, 0xF0, 0x7E, 0x0A, 0x3D, 0x63, 0x7C, 0xF4, 0x05, 0x02 },
+    { 0x03, 0x32, 0xA9, 0xF7, 0xE3, 0xCA, 0x0C, 0x1A, 0xB5, 0xD0, 0x9B, 0xE8, 0x64, 0xF7, 0x3A, 0x91, 0x56, 0x30, 0xCA, 0x78, 0xC5, 0x66, 0xA5, 0xE6, 0x36, 0x3C, 0xFF, 0xAE, 0x32, 0x11, 0xB4, 0x81 },
+    { 0x49, 0x82, 0x49, 0x37, 0x75, 0x3E, 0x06, 0x92, 0x49, 0x64, 0x97, 0x97, 0xA0, 0x80, 0xA4, 0xE2, 0x37, 0x76, 0x7B, 0x8E, 0xF8, 0xA7, 0xC9, 0xA8, 0x86, 0xD6, 0x33, 0xED, 0xE2, 0x9A, 0xFF, 0x02 },
+    { 0x12, 0x84, 0x0B, 0xAD, 0x18, 0x6A, 0x3B, 0x9B, 0x60, 0x4C, 0x08, 0x88, 0xC9, 0x88, 0x83, 0x83, 0x8C, 0xC6, 0x96, 0xE6, 0x24, 0xC0, 0xB4, 0xF9, 0xC0, 0xF6, 0xBB, 0x11, 0x3E, 0x2E, 0x9D, 0xAF },
+    { 0xCA, 0x27, 0xF1, 0x80, 0x8D, 0x6C, 0x8A, 0xCF, 0xF4, 0xE6, 0x0D, 0x08, 0x0B, 0x8A, 0x7E, 0xEA, 0x05, 0xCD, 0xAD, 0x94, 0x0F, 0xD3, 0x6E, 0x65, 0xC6, 0x71, 0xD9, 0xF8, 0x31, 0xF1, 0xCA, 0xD8 },
+    { 0x91, 0x87, 0xA3, 0x19, 0x4B, 0x4F, 0x33, 0xBC, 0x50, 0x5B, 0x5C, 0x4A, 0xE7, 0x39, 0xAF, 0x41, 0x45, 0xAC, 0x44, 0x59, 0x9C, 0x56, 0x98, 0x21, 0x4B, 0xB0, 0x7E, 0x6F, 0x07, 0x7E, 0xBE, 0x17 },
+    { 0x0E, 0x3C, 0x52, 0x1A, 0x5F, 0x11, 0x99, 0x2C, 0x90, 0x92, 0x2F, 0xA1, 0x9B, 0xB6, 0x33, 0xA5, 0x0E, 0x5F, 0x90, 0x95, 0x4F, 0xA3, 0x0F, 0x9A, 0x4D, 0x97, 0xFF, 0x73, 0x41, 0xB5, 0xDB, 0xAA },
+    { 0xFD, 0x7C, 0x34, 0xE3, 0xA3, 0x18, 0xF6, 0x60, 0xA0, 0xF7, 0xCF, 0xCC, 0xC4, 0x8F, 0xE8, 0x47, 0x4A, 0xB0, 0x87, 0xBF, 0x8F, 0xFA, 0x85, 0xBC, 0x2D, 0xCE, 0x68, 0xF7, 0x97, 0x1D, 0x11, 0xA6 },
+    { 0x4D, 0x8E, 0xE5, 0x9A, 0x5B, 0x87, 0x5D, 0xE3, 0xD2, 0xF1, 0x5F, 0x3C, 0x3E, 0xCD, 0x9C, 0x6D, 0x14, 0x9D, 0x2D, 0x24, 0xF8, 0x31, 0xD8, 0xD2, 0xA9, 0x8A, 0x1A, 0x86, 0xDB, 0x64, 0x06, 0x38 },
+    { 0x38, 0x2D, 0x94, 0x1B, 0x66, 0xBC, 0x96, 0xBC, 0xB5, 0xB3, 0xDE, 0x85, 0xA8, 0x0E, 0xEE, 0x3B, 0xB5, 0x32, 0x3D, 0x05, 0x3C, 0xA9, 0x73, 0xA3, 0xCA, 0x34, 0x73, 0xF6, 0xA5, 0x8C, 0x16, 0x91 },
+    { 0xD8, 0x30, 0x73, 0x12, 0xB0, 0xBF, 0x18, 0xBA, 0x6D, 0xF1, 0x0F, 0x11, 0x7E, 0xBA, 0xF8, 0x24, 0xFA, 0x1F, 0x8D, 0xF5, 0xEF, 0x49, 0x07, 0x7F, 0x91, 0x7F, 0xAB, 0x28, 0x54, 0x93, 0x3E, 0x51 },
+    { 0x92, 0xA3, 0x37, 0x17, 0x38, 0xD7, 0x4B, 0x52, 0x4A, 0xF5, 0xD3, 0x16, 0xA4, 0xC3, 0x3F, 0x5A, 0x56, 0xD0, 0x07, 0x60, 0x09, 0x11, 0xE4, 0xFB, 0xB6, 0xD1, 0x9D, 0x49, 0x01, 0x4A, 0xE6, 0x9C },
+    { 0x20, 0xCF, 0xBC, 0x9B, 0xA8, 0x23, 0xA4, 0x67, 0xC5, 0xCE, 0x31, 0xB4, 0x01, 0x13, 0x04, 0x5E, 0xC9, 0x1A, 0x12, 0x75, 0x1D, 0xFD, 0x1E, 0x85, 0x69, 0x83, 0x99, 0x9E, 0xF1, 0xEC, 0x25, 0x0B },
+    { 0xFE, 0x79, 0xDF, 0x29, 0xAA, 0xFD, 0x5F, 0x33, 0x11, 0x1D, 0xC1, 0x19, 0xF1, 0xB9, 0x77, 0x9E, 0xB1, 0x13, 0xF7, 0xEA, 0xFD, 0x46, 0x1B, 0x38, 0x49, 0x40, 0xED, 0x4D, 0x3B, 0x7F, 0x61, 0x96 },
+    { 0x63, 0xDB, 0x6B, 0xF6, 0x92, 0xF7, 0x6E, 0x42, 0xBA, 0xA4, 0x55, 0xA4, 0x68, 0xD6, 0xDA, 0xB9, 0x96, 0xE5, 0xE2, 0x56, 0xEA, 0x61, 0xE8, 0xD1, 0xA7, 0x47, 0x87, 0xAB, 0x91, 0xA8, 0x4B, 0x39 },
+    { 0x9F, 0xE5, 0xFF, 0x3E, 0x46, 0x87, 0xF4, 0xBF, 0x61, 0x64, 0x09, 0x43, 0x03, 0x5C, 0xB3, 0xDC, 0xC7, 0x20, 0x13, 0x3F, 0x81, 0xC9, 0x25, 0xB4, 0x8B, 0x0D, 0x57, 0x84, 0xB3, 0xFA, 0x1D, 0x45 },
+    { 0x38, 0x5C, 0x19, 0xD3, 0xEF, 0x69, 0xEF, 0xD6, 0x86, 0x39, 0x59, 0x30, 0xDE, 0xC8, 0x0D, 0x19, 0xB9, 0xB0, 0x3C, 0x78, 0x66, 0xA5, 0x15, 0x75, 0xBD, 0x1B, 0xDE, 0x78, 0x86, 0x02, 0xCF, 0x6D },
+    { 0xCD, 0x8E, 0x99, 0x1B, 0x2F, 0x4E, 0xF6, 0xCB, 0x63, 0xF5, 0x84, 0x41, 0x63, 0xF3, 0x8B, 0xFE, 0xFC, 0x15, 0x6A, 0x3F, 0x8A, 0xB2, 0x98, 0x6F, 0xD5, 0x54, 0x7C, 0x19, 0xCC, 0x29, 0x2C, 0xBF },
+    { 0x06, 0xEC, 0x75, 0x4F, 0xAC, 0xB0, 0x6D, 0xD9, 0xF0, 0x4A, 0xF2, 0x76, 0xA4, 0x7C, 0x85, 0x29, 0xF4, 0x0F, 0x7D, 0x65, 0x1C, 0xB3, 0xAE, 0x2D, 0x3E, 0x4C, 0x5B, 0xD5, 0xF3, 0x4D, 0xDC, 0x1E },
+    { 0x24, 0x86, 0x00, 0xE1, 0x2D, 0xA7, 0x93, 0x7D, 0x0A, 0x37, 0xAD, 0xC1, 0x56, 0xBC, 0x40, 0xDC, 0x7E, 0x9B, 0x83, 0x69, 0x39, 0xEB, 0x91, 0x22, 0x45, 0xA5, 0x23, 0xA6, 0xD9, 0x99, 0xDE, 0x93 },
+    { 0x5A, 0xED, 0x9E, 0x83, 0x47, 0xFB, 0x37, 0xA2, 0x97, 0x03, 0xA3, 0xF4, 0xB4, 0x7C, 0x0B, 0xEB, 0xD5, 0x71, 0x10, 0xCF, 0x47, 0x96, 0x97, 0x9B, 0x73, 0x90, 0xCC, 0x0C, 0xFA, 0x67, 0xE6, 0x30 },
+    { 0xA8, 0xFC, 0x1A, 0x55, 0xE5, 0xE6, 0x22, 0x65, 0x6F, 0xF9, 0x33, 0x81, 0xD8, 0x3C, 0x99, 0x14, 0xF8, 0x12, 0x23, 0x4D, 0x46, 0x86, 0x9F, 0x0E, 0xB3, 0xC0, 0x1C, 0x60, 0x89, 0x68, 0x05, 0xC9 },
+    { 0x49, 0xB4, 0xA7, 0xEF, 0x49, 0x79, 0x49, 0xA0, 0xF4, 0xCA, 0x24, 0xA3, 0x3E, 0xAE, 0x39, 0x50, 0x87, 0xB6, 0xC9, 0x80, 0xF3, 0x91, 0x4E, 0xA5, 0x3C, 0x1A, 0x39, 0x74, 0x40, 0xDD, 0xE7, 0xFC },
+    { 0x6F, 0x25, 0x2A, 0x22, 0x81, 0x38, 0xE7, 0x7E, 0x0F, 0x06, 0x15, 0x22, 0x24, 0x9B, 0x3F, 0x88, 0xF4, 0x38, 0x18, 0xD0, 0x52, 0x40, 0xD0, 0xE8, 0x01, 0x21, 0x37, 0xD8, 0xB2, 0x3B, 0x36, 0xFC },
+    { 0xEE, 0x46, 0x63, 0x86, 0x97, 0x39, 0xC5, 0xD9, 0xF7, 0x24, 0xA7, 0x2C, 0xB4, 0xCB, 0x5A, 0x3D, 0xF4, 0x39, 0xB3, 0x12, 0x84, 0xE7, 0x9C, 0x87, 0x52, 0x50, 0xB9, 0xC5, 0x50, 0x06, 0xC3, 0xDA },
+    { 0x85, 0xA7, 0x93, 0x0B, 0xCF, 0xE0, 0xCF, 0x0F, 0x13, 0x22, 0xFF, 0xA4, 0x8E, 0x78, 0xFA, 0xC2, 0x95, 0x51, 0xAF, 0x22, 0x93, 0x31, 0xCE, 0x65, 0xDD, 0x89, 0x68, 0x45, 0xD2, 0xA7, 0xED, 0x81 },
+    { 0xE2, 0xC7, 0x6E, 0xE5, 0x0D, 0xDD, 0x98, 0xD1, 0x03, 0xF8, 0x1C, 0x6E, 0x88, 0xBF, 0x86, 0x3E, 0x3C, 0x76, 0x0A, 0x5E, 0x0B, 0x9C, 0xB7, 0xC3, 0xE7, 0x52, 0x5F, 0x5A, 0x9F, 0x5C, 0x9C, 0xB1 },
+    { 0x30, 0x90, 0x49, 0x0F, 0x96, 0xFE, 0x9C, 0x2D, 0xD7, 0x53, 0x31, 0x4B, 0xD4, 0xB6, 0xD0, 0xD0, 0xF0, 0x10, 0x9B, 0x50, 0xD3, 0xAB, 0xCD, 0xAC, 0x15, 0xD1, 0x83, 0xA3, 0x7D, 0xE1, 0x50, 0x43 },
+    { 0xE4, 0x47, 0x75, 0xFB, 0x8D, 0x55, 0x23, 0x50, 0xEC, 0xB6, 0xCC, 0x64, 0x67, 0x30, 0x97, 0x40, 0x94, 0xB6, 0x6A, 0xAC, 0x9C, 0x00, 0x0B, 0x7E, 0xFC, 0xCA, 0x7B, 0xA2, 0xB6, 0x7A, 0xFC, 0x80 },
+    { 0x4F, 0x9E, 0x9A, 0x76, 0x2D, 0x82, 0x1E, 0xC1, 0x8A, 0x7C, 0xE9, 0x34, 0x89, 0x60, 0x03, 0x71, 0xAB, 0xA7, 0x65, 0x75, 0xA1, 0x4C, 0x5C, 0x56, 0x08, 0x96, 0x36, 0x1D, 0x80, 0x45, 0xEC, 0xF0 },
+    { 0xA3, 0xB5, 0x42, 0xA2, 0x74, 0xA8, 0x53, 0xE9, 0xCF, 0x8D, 0x70, 0x22, 0x3C, 0x8D, 0x55, 0xDA, 0xF5, 0x7E, 0xAE, 0xA0, 0x53, 0x0C, 0xB1, 0x81, 0x31, 0xF9, 0x0A, 0xCB, 0xEE, 0x34, 0x57, 0x1F },
+    { 0xD6, 0x7F, 0x57, 0xE2, 0x4B, 0x25, 0x33, 0x25, 0x38, 0xA0, 0x5B, 0xFC, 0x64, 0xC1, 0x38, 0xDD, 0xC1, 0x11, 0x9C, 0x4C, 0x72, 0x42, 0xB1, 0xD8, 0xC1, 0xCC, 0xCF, 0x3B, 0xC0, 0x37, 0x6B, 0x3E },
+    { 0x93, 0xDE, 0x65, 0xEB, 0xBE, 0x4F, 0xA9, 0xD2, 0x06, 0xE0, 0xD5, 0xBD, 0x15, 0xB7, 0xA8, 0x2B, 0x33, 0x2A, 0x5E, 0x5E, 0xC7, 0x8D, 0x37, 0x9E, 0x7C, 0x11, 0x09, 0xE1, 0xE3, 0xEF, 0xF4, 0x90 },
+    { 0xA6, 0x18, 0x23, 0xD6, 0xC4, 0xB4, 0x36, 0x16, 0x34, 0x0E, 0xA3, 0xFD, 0xC3, 0x2F, 0x0A, 0x06, 0x51, 0xF6, 0xA0, 0xD0, 0xC4, 0x7F, 0x74, 0xAA, 0x55, 0xE8, 0xE9, 0x44, 0xE2, 0x77, 0x07, 0xED },
+    { 0x00, 0x6C, 0x5B, 0x51, 0xE5, 0xA3, 0x36, 0x44, 0xE5, 0x53, 0x90, 0x20, 0x58, 0xE4, 0x0C, 0x19, 0x5B, 0x15, 0x69, 0x9E, 0x0C, 0xC9, 0x7E, 0x8A, 0x83, 0x38, 0xCD, 0x85, 0x8B, 0xB3, 0x6E, 0x6E },
+    { 0xC9, 0x81, 0x86, 0x90, 0x8C, 0x19, 0xEB, 0xD7, 0xB2, 0x79, 0x7B, 0xEF, 0x00, 0xC0, 0xA7, 0xFD, 0x61, 0x8D, 0xDE, 0x14, 0x08, 0xB0, 0x35, 0x59, 0xC5, 0xFE, 0x04, 0xF2, 0xA1, 0x77, 0x6D, 0xEE },
+    { 0x4B, 0x71, 0x6C, 0x16, 0x1F, 0x08, 0xD7, 0x4F, 0xB1, 0x91, 0x9C, 0xF1, 0x4D, 0x73, 0xD2, 0xAC, 0xAC, 0x69, 0x0C, 0xA6, 0xEF, 0x85, 0xC5, 0x49, 0x3B, 0x48, 0x2A, 0x65, 0xA3, 0x37, 0x9C, 0x32 },
+    { 0x3A, 0x57, 0xB0, 0xB1, 0xE1, 0xCC, 0x59, 0x38, 0xDC, 0x51, 0x52, 0x38, 0x01, 0xCB, 0x8D, 0xE0, 0x9A, 0xDC, 0x4C, 0xCB, 0x8D, 0xE0, 0xD7, 0x34, 0x6B, 0xA9, 0x9C, 0x8E, 0xAF, 0x31, 0xC0, 0x0F },
+    { 0x87, 0x60, 0x30, 0x9E, 0xC2, 0x2E, 0xC5, 0xC5, 0xE8, 0xD0, 0x52, 0x64, 0x14, 0x05, 0x1A, 0x29, 0xE8, 0x73, 0x46, 0x8B, 0xF4, 0x33, 0x79, 0x8D, 0x30, 0x0A, 0xF9, 0x16, 0x11, 0x82, 0xB9, 0x49 },
+    { 0x00, 0x70, 0xD1, 0x26, 0x45, 0xC6, 0x8B, 0x0C, 0xB6, 0x12, 0xF5, 0x32, 0xD8, 0xB9, 0xC9, 0x19, 0x55, 0x21, 0x00, 0x65, 0x56, 0x42, 0xEC, 0xF3, 0x14, 0x7D, 0x40, 0x2A, 0x88, 0x3F, 0x94, 0xA6 },
+    { 0x57, 0x62, 0x8E, 0xCD, 0x1A, 0x44, 0xBF, 0xDB, 0xA8, 0xD9, 0xFC, 0x56, 0x14, 0xE2, 0x7A, 0x42, 0xE4, 0x30, 0x79, 0xF7, 0x0F, 0xA4, 0xB2, 0x69, 0x89, 0xDA, 0xBA, 0x94, 0x89, 0x7B, 0x56, 0x6B },
+    { 0x0E, 0xE3, 0x45, 0x5E, 0xDA, 0x2A, 0x88, 0xF2, 0x5E, 0x6C, 0x2F, 0xC7, 0xE2, 0x5E, 0x02, 0xD3, 0x58, 0x91, 0x4E, 0x27, 0x56, 0x98, 0xEB, 0xFA, 0x1E, 0x15, 0xBF, 0x75, 0x8D, 0x79, 0x33, 0x74 },
+    { 0x05, 0x17, 0x18, 0x72, 0xD9, 0xA6, 0x60, 0x28, 0x4F, 0xC7, 0x78, 0x38, 0x8B, 0x18, 0x80, 0x04, 0x57, 0x83, 0x3D, 0x9C, 0xC5, 0x9E, 0x44, 0x7C, 0xA2, 0x78, 0x63, 0xF0, 0x1F, 0x5C, 0x87, 0x27 },
+    { 0xBE, 0x0A, 0x62, 0xEE, 0xF6, 0xFD, 0xFC, 0x14, 0xA7, 0xB8, 0xD2, 0xCC, 0x66, 0x29, 0x8F, 0xFD, 0x88, 0xE5, 0x47, 0x46, 0x7A, 0xAE, 0xFD, 0x37, 0x14, 0xB6, 0x75, 0xA7, 0x06, 0xDA, 0xF6, 0x7E },
+    { 0x08, 0x89, 0x49, 0x49, 0x56, 0x9A, 0xDB, 0x0D, 0x63, 0x77, 0xE4, 0xFB, 0xAA, 0x06, 0x32, 0x9E, 0x5F, 0x26, 0x17, 0x68, 0x29, 0xE3, 0xE8, 0x7B, 0x4F, 0x0C, 0xC2, 0x32, 0xF6, 0x10, 0x5F, 0x9E },
+    { 0xCB, 0xC9, 0xB3, 0xD8, 0xA6, 0x60, 0xCD, 0xE4, 0x46, 0x1E, 0x77, 0x95, 0xE3, 0x2F, 0xDF, 0x3F, 0xA5, 0x23, 0x7E, 0x94, 0x81, 0xB3, 0x3C, 0x79, 0xB4, 0xE8, 0x7E, 0x6D, 0x20, 0x21, 0x86, 0x73 },
+    { 0xCA, 0x7D, 0x7F, 0xC1, 0x2C, 0xC2, 0x7C, 0x95, 0xE6, 0x2E, 0x95, 0x44, 0x3A, 0xA1, 0x17, 0x24, 0x14, 0x75, 0x4D, 0xEF, 0x11, 0x81, 0xD0, 0x61, 0xA4, 0x4E, 0x73, 0x9E, 0x66, 0x44, 0x93, 0x41 },
+    { 0xBD, 0xDF, 0x7D, 0x5A, 0x18, 0x24, 0x1E, 0x2B, 0xDA, 0x15, 0xBF, 0x29, 0x37, 0x7A, 0x9F, 0x4E, 0x52, 0x61, 0x02, 0xD1, 0x6B, 0x06, 0x95, 0xAB, 0x1B, 0x6C, 0x8D, 0x5E, 0xDE, 0xC3, 0x76, 0xBB },
+    { 0x7B, 0x7F, 0x9D, 0x58, 0xB3, 0x41, 0x52, 0x88, 0x95, 0xFD, 0xC7, 0x2D, 0x0D, 0xA6, 0xDC, 0x64, 0x1D, 0xB1, 0x3C, 0x7D, 0x93, 0x45, 0x7B, 0xC2, 0xD4, 0xFD, 0x9D, 0xF4, 0x4C, 0x0C, 0x27, 0xFF },
+    { 0xF6, 0x3C, 0x65, 0xFA, 0xAA, 0xCF, 0xDC, 0x0C, 0x6E, 0xBB, 0x71, 0x8E, 0xDA, 0xB7, 0xE8, 0xD2, 0xD5, 0x1A, 0x6F, 0x51, 0xB6, 0x7F, 0xE3, 0x1A, 0x33, 0xE2, 0x98, 0xD5, 0xC5, 0x6B, 0x63, 0xBF },
+    { 0xD1, 0x97, 0xDB, 0xD2, 0x4D, 0x54, 0x05, 0x05, 0xF5, 0x1C, 0xCE, 0x6A, 0xD8, 0x11, 0x3F, 0x88, 0x83, 0x90, 0x56, 0xEF, 0xFD, 0xFA, 0xAA, 0x61, 0x3B, 0xE8, 0x0A, 0x7E, 0xE5, 0xAA, 0xA3, 0x1C },
+    { 0xE1, 0x0D, 0x10, 0xBD, 0x89, 0xBA, 0x8E, 0xC3, 0xF0, 0xA4, 0xCF, 0xAF, 0x78, 0x33, 0x08, 0x21, 0x99, 0x77, 0xCE, 0xA4, 0xCB, 0x79, 0xF8, 0xDC, 0xBC, 0xD1, 0x34, 0x01, 0x74, 0x1E, 0x67, 0x4D },
+    { 0xC1, 0x88, 0xBE, 0xE3, 0x9B, 0xDB, 0x4C, 0xBB, 0xA1, 0x2E, 0x38, 0x3B, 0xE3, 0xEA, 0xE5, 0x54, 0xA3, 0xA0, 0xD6, 0xA9, 0xAA, 0xFD, 0x8A, 0x5F, 0x1C, 0xAC, 0x58, 0x7F, 0x54, 0x6F, 0x58, 0xF8 },
+    { 0x67, 0x1B, 0x7B, 0x6A, 0x00, 0xBC, 0x8B, 0xFC, 0xBC, 0x6E, 0xAD, 0xE5, 0xCA, 0x1E, 0x85, 0xE5, 0x6D, 0xCC, 0x1E, 0xAD, 0x7B, 0x5E, 0xAD, 0xA3, 0xC0, 0xDC, 0xF3, 0x32, 0x59, 0x08, 0xE7, 0x01 },
+    { 0x92, 0xA2, 0x45, 0xA4, 0x76, 0x6E, 0x61, 0x63, 0xCC, 0x07, 0x52, 0xFF, 0x7B, 0xF1, 0x0C, 0x08, 0x2C, 0x38, 0x24, 0xE9, 0x74, 0xF0, 0xB7, 0x82, 0x5E, 0x79, 0x8C, 0x3A, 0x54, 0x1A, 0x0F, 0xC9 },
+    { 0x8D, 0xF0, 0xD3, 0x75, 0xF8, 0x22, 0x66, 0x0E, 0x7C, 0x09, 0xBD, 0xCB, 0x83, 0x30, 0x0B, 0x0B, 0xC0, 0xE8, 0x7F, 0x44, 0x50, 0x3E, 0x6A, 0x86, 0xFE, 0x4C, 0x2C, 0xC8, 0x44, 0xBC, 0x57, 0x73 },
+    { 0x9C, 0x43, 0xE9, 0x77, 0x42, 0x25, 0x69, 0xCC, 0x02, 0x7B, 0xB6, 0xE2, 0x3C, 0x5F, 0xAD, 0xBB, 0xCA, 0xC4, 0x78, 0x21, 0x5D, 0x0E, 0x58, 0xAC, 0x56, 0x1C, 0xB0, 0x87, 0x34, 0x0A, 0x7A, 0x59 },
+    { 0x20, 0xCC, 0xE1, 0xE5, 0x90, 0x8E, 0x87, 0x69, 0x9D, 0x47, 0x93, 0xBF, 0x15, 0x03, 0x08, 0xD9, 0x82, 0x58, 0x7F, 0xB6, 0x20, 0xB5, 0x5A, 0xAA, 0x6F, 0xCA, 0x35, 0x92, 0x69, 0xAC, 0x33, 0x25 },
+    { 0x2B, 0xFC, 0xA1, 0xE5, 0xDA, 0x1B, 0xA7, 0x4E, 0x87, 0x01, 0x90, 0x4D, 0xE1, 0x8F, 0xFE, 0x44, 0x6A, 0x42, 0x85, 0x09, 0x18, 0x3B, 0x00, 0xDE, 0xBE, 0x73, 0x4D, 0x08, 0x6A, 0xF3, 0x78, 0x62 },
+    { 0xE1, 0x7A, 0x75, 0xD1, 0x5D, 0xFB, 0x55, 0x3F, 0xDD, 0x51, 0x2B, 0x2E, 0x41, 0x10, 0x57, 0x17, 0x61, 0xA9, 0x54, 0x40, 0x60, 0x99, 0x71, 0x97, 0x9B, 0xC5, 0xD8, 0x47, 0xC1, 0x2D, 0x77, 0x39 },
+    { 0x57, 0xD8, 0x88, 0xFE, 0xE4, 0x03, 0xB9, 0xED, 0x31, 0xAF, 0x57, 0x2D, 0x0E, 0x36, 0x54, 0x9B, 0xD2, 0x75, 0x70, 0xD4, 0x66, 0xC2, 0x7A, 0xFB, 0xF6, 0x76, 0xF7, 0x93, 0x1C, 0xE0, 0x56, 0xED },
+    { 0x06, 0xE0, 0x8D, 0x7F, 0xDF, 0x16, 0xA9, 0xE3, 0x5D, 0x50, 0x8C, 0x58, 0xE3, 0x26, 0xD0, 0xFD, 0x6C, 0xFB, 0x54, 0x5A, 0xB7, 0x0E, 0xCD, 0x9D, 0x75, 0x61, 0x7E, 0xB7, 0xAD, 0x50, 0x99, 0xD4 },
+    { 0x0C, 0x48, 0x6E, 0x9C, 0xB5, 0xCD, 0x17, 0x1C, 0x9B, 0x42, 0x67, 0xCF, 0x44, 0xD5, 0xA8, 0xBD, 0x6A, 0xE4, 0x4B, 0xA6, 0xA8, 0x34, 0x65, 0x12, 0x1A, 0x61, 0x5A, 0xF6, 0xDC, 0x1C, 0x7F, 0xD7 },
+    { 0xFE, 0xC4, 0x76, 0x36, 0x9A, 0x9B, 0xA1, 0x7D, 0xD5, 0xCF, 0x57, 0xD9, 0x70, 0x02, 0x14, 0x75, 0x2C, 0x0E, 0xA3, 0x19, 0x6E, 0xFE, 0xB4, 0x23, 0xF7, 0x2A, 0xE0, 0x34, 0x92, 0x5B, 0xA1, 0xA0 },
+    { 0xE9, 0xA7, 0xF8, 0xCF, 0xAE, 0xEA, 0xC2, 0x18, 0x23, 0x32, 0x0D, 0x10, 0xF7, 0xCB, 0x3A, 0x00, 0x89, 0xBF, 0xEA, 0x3E, 0xD9, 0x58, 0xF8, 0x61, 0xBE, 0x26, 0x36, 0xFD, 0xEA, 0x67, 0x89, 0x08 },
+    { 0x73, 0xF6, 0xD6, 0x13, 0xFB, 0x2F, 0xA5, 0x87, 0x11, 0x37, 0xB6, 0x2B, 0xFB, 0x87, 0xEE, 0xB2, 0xB4, 0x7D, 0x01, 0x51, 0xBC, 0x85, 0x36, 0xA1, 0x5E, 0x1F, 0x62, 0xB0, 0xBD, 0x80, 0xE8, 0x51 },
+    { 0x69, 0xD2, 0x33, 0x7D, 0x8E, 0x9C, 0x6F, 0x94, 0xB3, 0xC6, 0xAE, 0x09, 0x94, 0xDE, 0x45, 0x4E, 0x3F, 0xD2, 0xD4, 0xE4, 0x32, 0xD4, 0x57, 0x43, 0x2B, 0x4E, 0x4D, 0x4B, 0x80, 0xEE, 0x2C, 0x09 },
+    { 0xCD, 0x8B, 0x00, 0x96, 0x62, 0xAD, 0xA8, 0x86, 0x76, 0xC3, 0x9F, 0x7D, 0x81, 0xA7, 0xC9, 0x3E, 0xB6, 0x1B, 0x48, 0xD8, 0x2D, 0xFB, 0x65, 0xE0, 0xD8, 0xD8, 0x5B, 0x4E, 0x4A, 0x88, 0x5E, 0xC3 },
+    { 0xA8, 0x1C, 0x71, 0x89, 0xF8, 0x72, 0xC7, 0x8F, 0xD5, 0x1C, 0xCE, 0x5A, 0x57, 0xDB, 0xD5, 0x01, 0x46, 0x4D, 0x5D, 0x35, 0x8B, 0x73, 0x6C, 0xBD, 0xE9, 0x37, 0x50, 0x2D, 0x65, 0x05, 0xB6, 0x60 },
+    { 0x6B, 0x6C, 0x9F, 0x89, 0x64, 0xB9, 0x6D, 0x51, 0x74, 0x5D, 0xC6, 0x95, 0x8D, 0xEA, 0xF9, 0xE2, 0x73, 0x46, 0x60, 0xD2, 0x02, 0x55, 0x17, 0x7A, 0x4D, 0x1F, 0xAA, 0xBD, 0x6A, 0xB4, 0xE6, 0x84 },
+    { 0xB6, 0xB7, 0x38, 0xD6, 0x3D, 0x74, 0x39, 0x4C, 0xF8, 0x86, 0x32, 0xF0, 0xC5, 0x65, 0xFF, 0x93, 0x15, 0x47, 0xCC, 0xE0, 0x5D, 0x87, 0xF9, 0x33, 0xE0, 0xB0, 0xCA, 0x01, 0x08, 0x4A, 0x79, 0x7C },
+    { 0x00, 0x99, 0xB9, 0xB9, 0x2B, 0xE6, 0x11, 0xD2, 0x38, 0x3F, 0x85, 0x7F, 0x49, 0xA2, 0xA9, 0xBF, 0xE7, 0x81, 0xDC, 0x37, 0x2A, 0xC0, 0x48, 0x23, 0x4F, 0x0C, 0x82, 0xBC, 0x11, 0x38, 0x34, 0x92 },
+    { 0xF3, 0x27, 0x44, 0xE9, 0x8E, 0xBB, 0xFB, 0x11, 0x74, 0x42, 0xC1, 0xE3, 0x97, 0x0D, 0x24, 0xEF, 0xF2, 0x27, 0x49, 0x6D, 0xA3, 0x1F, 0x28, 0x13, 0x5C, 0x16, 0x70, 0xFE, 0xEF, 0x1D, 0xF9, 0x01 },
+    { 0x1B, 0x03, 0xB9, 0x9B, 0x66, 0x47, 0xD2, 0x63, 0x1F, 0xBF, 0x9B, 0x14, 0x45, 0x4D, 0x42, 0x26, 0xC9, 0xFF, 0xC4, 0x73, 0xD7, 0x30, 0x86, 0x45, 0x73, 0x1E, 0x2A, 0x1F, 0xA4, 0x12, 0x52, 0x5D },
+    { 0x9A, 0x10, 0xD9, 0xB7, 0x80, 0x13, 0x06, 0xEA, 0x3B, 0x4E, 0xA4, 0x38, 0xBA, 0x3E, 0xFF, 0xCB, 0xC9, 0xB0, 0xB9, 0xAE, 0xCD, 0x38, 0x35, 0x76, 0xF1, 0xA4, 0x22, 0x17, 0x5F, 0x27, 0x1A, 0xA0 },
+    { 0x0A, 0x58, 0x3A, 0x19, 0x5D, 0x19, 0x7F, 0xAC, 0x78, 0x23, 0xEF, 0x9F, 0xDF, 0xE5, 0x79, 0xCB, 0x62, 0x71, 0x05, 0xC5, 0x75, 0xD4, 0x46, 0xD9, 0x24, 0x06, 0xCA, 0x6E, 0xE5, 0x42, 0x1C, 0x9E },
+    { 0x43, 0x58, 0x7C, 0x7B, 0x26, 0xFA, 0xCA, 0x35, 0x72, 0xF9, 0x01, 0x6B, 0xE8, 0x88, 0x25, 0x46, 0x88, 0x9F, 0x23, 0x98, 0xAD, 0xD6, 0xB4, 0x3C, 0xCB, 0x33, 0xBD, 0xEB, 0x32, 0x74, 0x68, 0xAE },
+    { 0x73, 0x49, 0x56, 0x54, 0x32, 0x4C, 0x55, 0x14, 0x2E, 0x79, 0xDB, 0xA6, 0xBE, 0x79, 0x9C, 0x7C, 0x96, 0xCE, 0x74, 0x47, 0x86, 0xBF, 0xC6, 0xDA, 0x56, 0x24, 0x40, 0x40, 0xDB, 0x79, 0xED, 0xFD },
+    { 0xC2, 0xD9, 0x81, 0x06, 0x28, 0x23, 0xAE, 0xB1, 0xE7, 0x1B, 0x2B, 0x37, 0x93, 0xAA, 0xF7, 0x4D, 0xCB, 0x27, 0x98, 0x45, 0xF0, 0x01, 0x48, 0xC6, 0xE3, 0x41, 0x7F, 0x29, 0x33, 0x2E, 0x9C, 0xC3 },
+    { 0xFD, 0x39, 0x9E, 0x95, 0x9E, 0x6B, 0x53, 0x3A, 0xBA, 0x81, 0xFC, 0xF9, 0x3A, 0x27, 0x69, 0x66, 0x9F, 0x5F, 0x3E, 0x03, 0xEC, 0xF7, 0x9C, 0xC6, 0x9F, 0x90, 0xBB, 0x94, 0xA2, 0xC2, 0x4F, 0x9F },
+    { 0xF7, 0x4A, 0x59, 0xC7, 0x46, 0x19, 0x67, 0x38, 0x8E, 0x5F, 0xF3, 0x36, 0x1F, 0xE7, 0x87, 0x81, 0x4D, 0x78, 0x86, 0x4C, 0xF9, 0x7A, 0x51, 0x52, 0x04, 0x64, 0xD4, 0x65, 0x55, 0xDC, 0xE6, 0x87 },
+    { 0x70, 0x1A, 0x04, 0x29, 0xB2, 0xAD, 0xB1, 0x99, 0xA3, 0x92, 0x77, 0x86, 0x41, 0x4E, 0x52, 0xD0, 0x0B, 0xEF, 0xFE, 0x91, 0x9C, 0x92, 0xD6, 0x7A, 0x9C, 0x11, 0x4B, 0x3F, 0x38, 0x10, 0x28, 0x53 },
+    { 0x56, 0x26, 0xE4, 0x45, 0xCF, 0xEB, 0xB0, 0xBD, 0xEA, 0xDD, 0x79, 0x26, 0xD6, 0xCA, 0x33, 0x7C, 0xC2, 0x50, 0x3D, 0x54, 0x33, 0x47, 0x24, 0xBC, 0xC2, 0xD5, 0x7B, 0x9A, 0x07, 0x77, 0x69, 0x4A },
+    { 0xA7, 0x80, 0xE5, 0x08, 0x25, 0x14, 0x69, 0x7A, 0x6B, 0xDE, 0x31, 0xA7, 0x34, 0xE3, 0xCA, 0x6A, 0x4B, 0x5A, 0xFB, 0x61, 0x24, 0x4C, 0xB0, 0xC4, 0xD7, 0xE1, 0x2D, 0x22, 0xD4, 0xF8, 0x75, 0x5E },
+    { 0x4C, 0x85, 0x01, 0x25, 0x35, 0x03, 0x4E, 0x85, 0x90, 0xE1, 0x70, 0x02, 0xED, 0xA6, 0x6E, 0x5D, 0xBE, 0x44, 0xC0, 0x99, 0x5D, 0xE7, 0xE1, 0xFA, 0xEF, 0x8D, 0x9F, 0xA0, 0x6F, 0x83, 0xFE, 0x58 },
+    { 0xFA, 0x5B, 0xEA, 0xD8, 0x46, 0x5F, 0x16, 0x99, 0xA0, 0x3D, 0x1B, 0xAD, 0xE3, 0x3E, 0xD3, 0xFB, 0xFB, 0x67, 0x5A, 0x64, 0x97, 0xF0, 0x55, 0xD1, 0x2E, 0xD9, 0x84, 0xF1, 0x89, 0xDE, 0x5A, 0x12 },
+    { 0xF6, 0x07, 0xA2, 0xA3, 0x98, 0x81, 0x3B, 0x6B, 0x4B, 0xF7, 0xEB, 0x1A, 0xD9, 0x02, 0xA7, 0x54, 0x83, 0x29, 0x76, 0xED, 0x98, 0x39, 0xE9, 0x44, 0x6A, 0x8D, 0x99, 0x28, 0x42, 0x3A, 0x95, 0x63 },
+    { 0x1E, 0x2C, 0x95, 0x3A, 0x28, 0xD8, 0x1B, 0xF9, 0x57, 0xCD, 0x29, 0xD3, 0xF1, 0x09, 0xE4, 0xCF, 0x9D, 0xD1, 0x3D, 0x2D, 0x37, 0x3E, 0xCB, 0x6F, 0x4B, 0xA4, 0x9E, 0xC3, 0x6F, 0xC1, 0xFD, 0x43 },
+    { 0xD8, 0xF6, 0xB2, 0x56, 0x2A, 0xCA, 0x61, 0x4E, 0x05, 0xB5, 0xC5, 0x88, 0x8E, 0xCB, 0x97, 0x96, 0x22, 0x7A, 0x1A, 0xE5, 0x7B, 0x2F, 0x2B, 0x93, 0x75, 0xCF, 0xF6, 0xFA, 0xB4, 0x6A, 0x47, 0x6B },
+    { 0xF1, 0xB5, 0x85, 0x24, 0x3B, 0xD1, 0x5F, 0x2A, 0x38, 0x2E, 0xB2, 0xC4, 0x7C, 0xF1, 0xC3, 0xC1, 0x3E, 0x10, 0x59, 0x45, 0xC5, 0x95, 0xA9, 0xB2, 0xC8, 0xA6, 0xE3, 0x91, 0x90, 0x61, 0xA5, 0x1F },
+    { 0x62, 0xCD, 0x38, 0x59, 0xD2, 0xC4, 0xD0, 0x97, 0x48, 0xD5, 0xD0, 0xDF, 0xF5, 0x3E, 0x04, 0x4A, 0x98, 0x4A, 0x49, 0xDC, 0xE2, 0xD1, 0x92, 0x35, 0x25, 0xF0, 0x81, 0x02, 0x1B, 0x47, 0x13, 0x94 },
+    { 0x88, 0x46, 0x72, 0x52, 0xA3, 0xF2, 0xDE, 0xCB, 0x36, 0xB7, 0xD8, 0x8B, 0xF9, 0x92, 0x20, 0x98, 0x9C, 0x61, 0x15, 0x36, 0xE5, 0x4A, 0x33, 0x90, 0xCC, 0x57, 0xFC, 0x32, 0x69, 0x4C, 0x1C, 0xE5 },
+    { 0xF1, 0x97, 0x4C, 0x1B, 0x8B, 0xB8, 0x1A, 0x53, 0x87, 0x00, 0x59, 0x0A, 0x41, 0xAB, 0x92, 0xB7, 0x5E, 0x29, 0x7D, 0xA8, 0xE4, 0x60, 0x03, 0x57, 0x22, 0xAF, 0x72, 0x50, 0xE4, 0x20, 0x3C, 0xD7 },
+    { 0xF5, 0xAB, 0x45, 0x16, 0xF8, 0xE3, 0xE5, 0xF3, 0x30, 0x55, 0x43, 0xFD, 0x99, 0xDA, 0x61, 0x94, 0xF8, 0xAD, 0x98, 0x83, 0x7A, 0xE6, 0x76, 0x83, 0x62, 0x54, 0xD3, 0x5D, 0xDF, 0xAD, 0x89, 0x24 },
+    { 0x46, 0xD4, 0x18, 0xDB, 0x65, 0xA8, 0xC4, 0xF1, 0x1A, 0x1B, 0x1F, 0x1E, 0xFC, 0xA6, 0x27, 0xB5, 0x31, 0xDC, 0x65, 0xCA, 0x01, 0xC8, 0x9D, 0xDB, 0x97, 0x2A, 0x68, 0x9F, 0xB5, 0x2F, 0xA1, 0xA9 },
+    { 0xB6, 0x31, 0x79, 0x52, 0xF4, 0xD8, 0xCF, 0xF7, 0x10, 0xDC, 0x31, 0x04, 0xBD, 0x0B, 0xA7, 0xC9, 0x7D, 0x0B, 0x56, 0x36, 0xE4, 0xEE, 0xD8, 0x07, 0x44, 0xB3, 0xD9, 0x76, 0x59, 0xCD, 0xBD, 0x25 },
+    { 0x53, 0x72, 0xAC, 0x9C, 0x2E, 0x80, 0x82, 0xCC, 0xD2, 0x7D, 0x53, 0x7A, 0xF8, 0xD3, 0x82, 0x18, 0x09, 0x05, 0xFA, 0x6A, 0x27, 0x63, 0x9D, 0xB4, 0x13, 0xAB, 0x01, 0xF7, 0x41, 0x8B, 0x9C, 0x22 },
+    { 0xB6, 0xFB, 0x62, 0x28, 0x0B, 0x27, 0xBD, 0xF6, 0xA6, 0x8B, 0x74, 0xC8, 0x10, 0xF5, 0xF1, 0x38, 0x4C, 0xC3, 0x9F, 0x54, 0xE1, 0x8D, 0xA1, 0xA2, 0x53, 0xFB, 0x72, 0x25, 0x98, 0x1D, 0xE7, 0xB0 },
+    { 0xC4, 0x8A, 0xCB, 0xBC, 0x24, 0x54, 0x15, 0xCC, 0xD9, 0xBC, 0x78, 0xC3, 0x79, 0x04, 0x6A, 0xAD, 0x82, 0x19, 0x66, 0xF7, 0xDD, 0x77, 0x5A, 0x99, 0x62, 0x65, 0x45, 0x39, 0x3E, 0x1E, 0xBF, 0xD9 },
+    { 0x1A, 0xCA, 0x91, 0xD5, 0x8F, 0x8D, 0xFD, 0x77, 0x82, 0xBC, 0x1D, 0xEB, 0x9D, 0x1D, 0x76, 0x3C, 0x86, 0x23, 0xC4, 0x20, 0x3B, 0x5D, 0x62, 0x0F, 0x5B, 0x7D, 0x7D, 0x47, 0x2F, 0x0B, 0x22, 0x9E },
+    { 0x38, 0x54, 0xE3, 0xB5, 0x6F, 0x9E, 0x8B, 0x6F, 0xAD, 0x2B, 0xE2, 0x9E, 0x34, 0x31, 0xE6, 0x2E, 0xBD, 0x0A, 0xFA, 0x95, 0xF5, 0x68, 0x24, 0x5B, 0xC2, 0xEC, 0x6A, 0x74, 0x78, 0xE8, 0xCD, 0xAF },
+    { 0xA2, 0x2E, 0x52, 0x42, 0xAD, 0x74, 0x59, 0x00, 0x5A, 0x75, 0x21, 0x16, 0x35, 0xC7, 0x98, 0x31, 0x4A, 0x26, 0xA5, 0x48, 0x73, 0x8E, 0x4C, 0x59, 0xC7, 0xBB, 0xC8, 0x9C, 0x92, 0xA6, 0x3E, 0x33 },
+    { 0x8B, 0x2B, 0x36, 0x36, 0xE6, 0xBF, 0x91, 0x36, 0x3F, 0x41, 0xB6, 0x65, 0x96, 0x31, 0x59, 0xD3, 0x38, 0xE3, 0xAA, 0x86, 0x65, 0x77, 0x4D, 0x25, 0xB7, 0x48, 0xD3, 0x4C, 0x61, 0xF1, 0xAD, 0x37 },
+    { 0xA0, 0x44, 0xED, 0x12, 0x89, 0x1C, 0x6B, 0xCD, 0x90, 0x94, 0x34, 0xCC, 0xA2, 0xC2, 0x4F, 0x5B, 0x93, 0x98, 0x8D, 0xD0, 0xC9, 0xD0, 0xE1, 0x84, 0xE1, 0x83, 0xED, 0xA9, 0x67, 0x12, 0x53, 0x62 },
+    { 0x6E, 0x59, 0x5C, 0x0A, 0xBB, 0xEA, 0x7E, 0x3F, 0xFE, 0xCE, 0x0C, 0xD1, 0x6D, 0x57, 0x0E, 0xBB, 0x1D, 0x36, 0xCD, 0x69, 0xBE, 0x03, 0x6B, 0xC4, 0xD9, 0x7D, 0x92, 0x1A, 0xFE, 0x93, 0xF0, 0x8B },
+    { 0x7E, 0x50, 0xDC, 0xC5, 0xC0, 0xF1, 0xCA, 0x2E, 0x27, 0xB9, 0x05, 0xFA, 0x28, 0xED, 0xB4, 0x92, 0x45, 0xA9, 0xDF, 0x56, 0x3B, 0x7E, 0x2A, 0xD4, 0x7B, 0xC5, 0x7B, 0xCF, 0x37, 0xD2, 0xF4, 0x43 },
+    { 0x81, 0x74, 0xF5, 0xE8, 0xDF, 0xC9, 0x44, 0x1D, 0xBB, 0x7A, 0x18, 0x3D, 0x56, 0xF4, 0x31, 0xB1, 0xAE, 0xF9, 0x51, 0x3E, 0x74, 0x7A, 0x38, 0x78, 0xBB, 0x80, 0x6B, 0xAE, 0x27, 0x65, 0x5E, 0x3E },
+    { 0xE7, 0x3D, 0x4D, 0xDB, 0x9D, 0x24, 0x8B, 0xF2, 0xC0, 0xF8, 0xD4, 0x98, 0x92, 0xD7, 0x45, 0x5A, 0x4C, 0x30, 0x53, 0x15, 0x3D, 0xE7, 0xF7, 0x9B, 0xA4, 0x48, 0x7C, 0x7D, 0x82, 0x3F, 0x60, 0x5C },
+    { 0xB7, 0x3F, 0xA0, 0x40, 0x79, 0x26, 0x3F, 0x6A, 0x73, 0x3B, 0x67, 0x46, 0x65, 0x52, 0x78, 0x4B, 0x43, 0x61, 0x38, 0xF4, 0x1F, 0x80, 0xB7, 0x2C, 0x4D, 0x5D, 0x03, 0x93, 0x4B, 0x72, 0x20, 0x7D },
+    { 0xF3, 0xE0, 0x25, 0x8A, 0xED, 0x42, 0x83, 0xB5, 0x75, 0x6F, 0x9E, 0x4E, 0xA3, 0x68, 0xE1, 0x2B, 0x16, 0xC2, 0xB7, 0xC5, 0xC4, 0x80, 0x79, 0x4C, 0x40, 0xE5, 0xF0, 0xDD, 0x39, 0xF2, 0xD6, 0x52 },
+    { 0xD8, 0x9A, 0x57, 0x97, 0xFE, 0xF9, 0xEF, 0x6E, 0xBF, 0x9D, 0x9F, 0xB8, 0x57, 0x16, 0x81, 0xF7, 0xC9, 0xAF, 0xA8, 0x86, 0x11, 0x78, 0x7D, 0x47, 0xE7, 0x2B, 0x68, 0x4C, 0x5F, 0x1A, 0xA9, 0x0E },
+    { 0xE2, 0xFE, 0x24, 0x29, 0x61, 0x00, 0x47, 0x64, 0x7E, 0xEF, 0x2F, 0x7D, 0xFE, 0x14, 0xA2, 0x6D, 0x15, 0x74, 0xB7, 0x18, 0x87, 0xF9, 0x29, 0x06, 0xE7, 0x18, 0x4D, 0xBA, 0xE6, 0x05, 0x11, 0x37 },
+    { 0x7A, 0xE8, 0xC9, 0xD8, 0x56, 0x74, 0x93, 0x7C, 0xD7, 0xA6, 0x1B, 0xF4, 0xEA, 0xE6, 0xE2, 0x3D, 0x81, 0x1B, 0x19, 0xBF, 0x73, 0x5D, 0x9A, 0xAF, 0x37, 0xFB, 0x02, 0x57, 0x76, 0x71, 0xED, 0x34 },
+    { 0x68, 0xEF, 0x97, 0x1E, 0x32, 0x32, 0x65, 0x30, 0xD4, 0xD8, 0xAD, 0x09, 0x05, 0x1F, 0x81, 0x71, 0xD6, 0x8B, 0x93, 0xC8, 0xA9, 0x9A, 0xB1, 0xDA, 0x29, 0x06, 0xEE, 0xC4, 0x83, 0xD4, 0x2D, 0x32 },
+    { 0x10, 0x1C, 0x3B, 0x12, 0xC6, 0xA2, 0xE2, 0xA0, 0x5A, 0xE8, 0x25, 0xA9, 0x13, 0x03, 0x9F, 0x46, 0xC3, 0x03, 0xB1, 0xD9, 0x5E, 0x6D, 0x97, 0xA9, 0xAB, 0x90, 0xD3, 0xAE, 0x37, 0x4E, 0x84, 0x1D },
+    { 0xF3, 0x1B, 0x0B, 0x3A, 0xFB, 0x52, 0xA7, 0x1C, 0x2F, 0xD7, 0x99, 0x42, 0x9F, 0x7D, 0xAD, 0x07, 0x00, 0x5F, 0x8F, 0x2C, 0x29, 0x66, 0x4F, 0xEE, 0xFE, 0xB2, 0xB0, 0x5B, 0x41, 0x8A, 0x27, 0x5D },
+    { 0xAD, 0xBF, 0xED, 0xFA, 0xFA, 0x21, 0xD0, 0x3D, 0xEB, 0xDD, 0xAC, 0x0B, 0x71, 0x9A, 0x33, 0x3A, 0x24, 0x22, 0xB4, 0x4B, 0x16, 0xAD, 0x51, 0x36, 0xBA, 0xB5, 0xE3, 0x42, 0xC3, 0x9B, 0xF2, 0x34 },
+    { 0x5D, 0xEE, 0xE1, 0x0F, 0x53, 0x8B, 0x97, 0x2A, 0x36, 0x57, 0x63, 0x5F, 0x28, 0xEE, 0x7A, 0xE3, 0xC2, 0x25, 0x88, 0x8A, 0x0F, 0x65, 0xE7, 0xB4, 0xFF, 0x1A, 0xC4, 0x38, 0xBF, 0xDE, 0x9D, 0xAE },
+    { 0x65, 0xEB, 0x85, 0xCF, 0x95, 0x8A, 0xB4, 0x54, 0x21, 0xA3, 0x90, 0x52, 0xDD, 0x13, 0xE6, 0x10, 0x11, 0xDE, 0xDE, 0xC9, 0xB8, 0x9C, 0x16, 0x1B, 0xD7, 0xD1, 0xAC, 0xE2, 0xA4, 0x8A, 0x18, 0xA9 },
+    { 0x39, 0xB4, 0x04, 0x4B, 0x29, 0x5D, 0x51, 0x75, 0xBD, 0x6B, 0xD8, 0x00, 0x00, 0x21, 0x7B, 0x17, 0x57, 0x72, 0x7A, 0x98, 0x90, 0xF9, 0x37, 0x9C, 0xC7, 0xF6, 0x45, 0xF9, 0x4C, 0x49, 0xE0, 0xE4 },
+    { 0x57, 0xF3, 0x37, 0xD9, 0x14, 0x94, 0x8D, 0xFD, 0x58, 0xE4, 0xDB, 0x24, 0xC1, 0x43, 0x2E, 0x02, 0x0F, 0x5B, 0xAF, 0xE9, 0x2E, 0x11, 0x34, 0x7B, 0x5B, 0xD0, 0xBD, 0x80, 0x02, 0xCB, 0x16, 0x0A },
+    { 0xD6, 0xFB, 0x62, 0x23, 0xCC, 0x20, 0xD7, 0xCC, 0x67, 0x9E, 0x26, 0x4B, 0xB8, 0x9C, 0xE1, 0x6E, 0x76, 0xA0, 0xDB, 0xEA, 0x29, 0xB7, 0xF8, 0x3E, 0xF9, 0xA6, 0x8B, 0x5F, 0xC6, 0xBB, 0x74, 0x17 },
+    { 0xB6, 0x73, 0x10, 0x89, 0x42, 0xBA, 0x15, 0x82, 0xE5, 0xC2, 0x0E, 0xE0, 0x80, 0xF1, 0xAC, 0xFF, 0x71, 0xDF, 0xF6, 0x5F, 0x1B, 0x1E, 0xFB, 0xD9, 0xBC, 0xD4, 0xDF, 0x2C, 0x5C, 0x5F, 0x22, 0xE7 },
+    { 0x59, 0x53, 0x6E, 0xCD, 0x3B, 0x14, 0x32, 0x71, 0xCA, 0x76, 0x40, 0x50, 0x7D, 0xF7, 0xC7, 0x6D, 0x83, 0x60, 0x09, 0xE6, 0x2A, 0x2D, 0xA3, 0xA5, 0x9E, 0xA8, 0x52, 0x93, 0x42, 0xBC, 0x7C, 0x2B },
+    { 0xDA, 0x64, 0x28, 0x97, 0x3E, 0xF0, 0x53, 0x84, 0x7B, 0x80, 0x1C, 0x15, 0x3F, 0xDF, 0x0C, 0x18, 0xDD, 0x21, 0x28, 0xF6, 0x78, 0x18, 0x79, 0x68, 0x25, 0xC1, 0xD8, 0x2E, 0xB5, 0x93, 0xFA, 0x56 },
+    { 0xC2, 0xF9, 0xEA, 0xD3, 0x73, 0x0F, 0x79, 0xB7, 0xBA, 0x6C, 0xAC, 0x61, 0x2E, 0xBC, 0x10, 0x4D, 0xBC, 0x58, 0xB5, 0xBF, 0xD7, 0xEE, 0x3E, 0x25, 0x1C, 0xEA, 0x1C, 0x84, 0x99, 0xB9, 0xA0, 0xC7 },
+    { 0x83, 0xDF, 0xE7, 0x5F, 0x5F, 0x0C, 0x1A, 0x47, 0xBD, 0x68, 0xC5, 0x5E, 0xD2, 0xD4, 0x10, 0xE7, 0xA9, 0x2E, 0x31, 0x04, 0x8D, 0xB9, 0x76, 0xC6, 0xE7, 0xAC, 0x2E, 0x8F, 0x91, 0xB6, 0xFF, 0x8E },
+    { 0x5A, 0x3E, 0x2C, 0x7C, 0x87, 0x60, 0xA7, 0x10, 0x87, 0x23, 0xF0, 0x59, 0xA8, 0x3F, 0x45, 0x4C, 0xD7, 0xB7, 0x1B, 0x25, 0xE6, 0x4D, 0x62, 0x7B, 0xDA, 0xD7, 0xC4, 0x0F, 0xC4, 0x0D, 0x5F, 0xC9 },
+    { 0x8B, 0x3F, 0x7F, 0x61, 0x4B, 0x5C, 0xF2, 0xC0, 0x59, 0x88, 0xEC, 0xD5, 0x12, 0x5B, 0x90, 0x37, 0x7F, 0xEC, 0xDF, 0x3B, 0x34, 0x48, 0xC0, 0x36, 0x80, 0x4C, 0x01, 0xAA, 0x0C, 0xAE, 0x79, 0x5E },
+    { 0x04, 0xD8, 0xB5, 0x50, 0x7F, 0xEA, 0x71, 0xFA, 0x26, 0x2C, 0xC3, 0x1E, 0xCD, 0x88, 0x87, 0xFE, 0x38, 0xA8, 0x3D, 0xE7, 0x97, 0x50, 0xE2, 0x09, 0xEC, 0xA1, 0x9A, 0xF2, 0x43, 0x13, 0x8D, 0x7D },
+    { 0x09, 0x34, 0x6E, 0xEF, 0x65, 0xBF, 0x8E, 0xC3, 0x78, 0x6F, 0x32, 0x50, 0x8C, 0xEC, 0xA1, 0x29, 0x6B, 0x15, 0x68, 0x78, 0x86, 0x6A, 0x7A, 0xAD, 0xED, 0xF2, 0x7B, 0xF0, 0xCD, 0xF0, 0xCB, 0xE3 },
+    { 0x8D, 0x03, 0x50, 0x1C, 0x7D, 0x1C, 0x39, 0x3D, 0x29, 0xA8, 0x02, 0xAF, 0x66, 0xC3, 0x90, 0x45, 0x91, 0xEE, 0x27, 0x54, 0xE4, 0x73, 0x35, 0x30, 0x0B, 0xC0, 0xD9, 0x13, 0x6E, 0x12, 0x60, 0x53 },
+    { 0x8D, 0x59, 0xDA, 0x20, 0x66, 0x6E, 0x08, 0xE9, 0xE9, 0xCE, 0x3E, 0x21, 0x57, 0x06, 0x1E, 0x05, 0xED, 0xB5, 0x24, 0xFE, 0xC1, 0xE5, 0xBD, 0x2E, 0xAA, 0x5C, 0x67, 0x1D, 0xCB, 0x4F, 0xA2, 0x13 },
+    { 0xEA, 0xC3, 0xD6, 0x4C, 0x73, 0xCF, 0x7B, 0x22, 0x7F, 0xD4, 0xF1, 0xAB, 0x19, 0xA8, 0x18, 0xE0, 0x38, 0xEE, 0x88, 0x6D, 0xAC, 0xBB, 0xB1, 0x19, 0x80, 0x06, 0xE6, 0x15, 0x28, 0xD5, 0x81, 0x2B },
+    { 0x7B, 0xAA, 0x9B, 0xAB, 0x9B, 0x83, 0xCD, 0x99, 0xE3, 0x3F, 0x5F, 0xE1, 0xA7, 0xCA, 0x89, 0x9F, 0x6E, 0x29, 0x1B, 0x64, 0xB7, 0xE8, 0xB8, 0xBD, 0x5B, 0x57, 0xC9, 0xA5, 0xE7, 0xCB, 0x6A, 0x4D },
+    { 0x69, 0xF5, 0x50, 0x60, 0xBE, 0xC5, 0x85, 0x6A, 0xDB, 0x38, 0x31, 0xE0, 0x12, 0xB9, 0xC5, 0x57, 0xB9, 0xF8, 0x89, 0xC4, 0x88, 0xAB, 0xF9, 0x80, 0xD4, 0xAB, 0xF5, 0xD1, 0x2D, 0x16, 0xFB, 0xD7 },
+    { 0xDF, 0x1A, 0x5F, 0x6C, 0x90, 0xB9, 0x12, 0xFA, 0xB4, 0x9F, 0x7E, 0xC1, 0x0C, 0xB9, 0xEC, 0x65, 0x24, 0xFF, 0xD4, 0xA6, 0x08, 0x96, 0x87, 0x49, 0x5C, 0xF1, 0xAB, 0xAB, 0x5B, 0xE2, 0x74, 0xEC },
+    { 0x0B, 0xC3, 0x49, 0xEC, 0x69, 0xCA, 0x11, 0x00, 0x1A, 0x8E, 0x12, 0x28, 0x15, 0x87, 0x20, 0x09, 0x6A, 0x14, 0xCF, 0x85, 0xBD, 0x29, 0x0C, 0x91, 0x02, 0x63, 0xC0, 0x54, 0xE5, 0x34, 0xE9, 0x61 },
+    { 0x61, 0x6E, 0x59, 0xE4, 0x4C, 0x50, 0xCF, 0x97, 0x53, 0x60, 0x34, 0xCD, 0xB1, 0xF7, 0x58, 0xCD, 0x87, 0x31, 0x80, 0x69, 0xDB, 0x16, 0x58, 0xEA, 0xFE, 0x24, 0xBA, 0x6F, 0x87, 0x94, 0xF2, 0xE1 },
+    { 0x89, 0x18, 0xA5, 0xA4, 0x39, 0x26, 0x77, 0x19, 0x97, 0x06, 0xF5, 0x51, 0x93, 0x40, 0x39, 0x67, 0x66, 0xB8, 0xA5, 0x42, 0xC0, 0xD6, 0x10, 0x04, 0xF3, 0x32, 0xB0, 0xF7, 0x8E, 0x08, 0xFF, 0xFC },
+    { 0x1D, 0xCA, 0x09, 0x04, 0xEF, 0xC4, 0xB2, 0xA6, 0x70, 0xD9, 0x92, 0x21, 0xDA, 0x00, 0x36, 0xE7, 0x72, 0x60, 0x85, 0x7F, 0x5F, 0x75, 0xAB, 0x9B, 0xD4, 0x84, 0x31, 0x5D, 0x75, 0xF4, 0x06, 0x61 },
+    { 0xF8, 0x2C, 0xAA, 0x09, 0x46, 0x85, 0x9D, 0x55, 0x90, 0x96, 0x7B, 0x4D, 0xE9, 0x88, 0xFB, 0xBB, 0xD4, 0xD1, 0x0B, 0x6F, 0x17, 0xB3, 0x5B, 0x64, 0x50, 0x4F, 0x45, 0x4E, 0x4A, 0x98, 0x2D, 0x45 },
+    { 0xC1, 0x7D, 0x00, 0x26, 0x09, 0x4D, 0xD5, 0x0A, 0xF6, 0x57, 0xB2, 0x46, 0x40, 0x01, 0x73, 0xB3, 0x2A, 0x90, 0x3A, 0x60, 0xB5, 0x71, 0xB3, 0x96, 0xCB, 0xD7, 0xED, 0x01, 0x86, 0x4C, 0x0A, 0x3F },
+    { 0xF7, 0x00, 0x7B, 0xFC, 0xE4, 0x08, 0x1B, 0xAE, 0x52, 0x09, 0x9F, 0x49, 0x36, 0x2A, 0xB4, 0xF5, 0x52, 0x4C, 0xAB, 0x14, 0xCB, 0x2A, 0xF5, 0xBC, 0x7A, 0x03, 0x97, 0xFA, 0xC2, 0x6A, 0x52, 0x2F },
+    { 0xC9, 0x5A, 0x87, 0x77, 0x5B, 0x94, 0x14, 0xAF, 0x89, 0x7F, 0x8E, 0xCE, 0xC4, 0xAD, 0x93, 0x80, 0xFF, 0x22, 0x09, 0xB4, 0x43, 0xA7, 0x8C, 0xD7, 0x5A, 0x37, 0x3B, 0xFF, 0x31, 0xE2, 0xCA, 0xBD },
+    { 0xDE, 0x2C, 0xF2, 0x65, 0x4C, 0x3E, 0xE7, 0x1F, 0xBB, 0x3B, 0x7C, 0x77, 0x89, 0xD8, 0x3E, 0x0D, 0xE2, 0xED, 0x5D, 0x65, 0xA2, 0xC1, 0xBC, 0x55, 0xEA, 0x61, 0x6B, 0x94, 0xCC, 0xA1, 0x6F, 0xD4 },
+    { 0xEE, 0x03, 0x42, 0xA5, 0x5A, 0x49, 0x6A, 0xF5, 0x23, 0xC9, 0x6D, 0x37, 0x1A, 0x5D, 0xD4, 0x51, 0xFC, 0x6F, 0x79, 0x30, 0xB6, 0x72, 0x05, 0xA9, 0xCC, 0x21, 0x83, 0x42, 0xC2, 0x0A, 0xD0, 0x37 },
+    { 0x68, 0x77, 0xCC, 0x1F, 0xA2, 0x98, 0x8A, 0xC9, 0x82, 0xAC, 0xB9, 0x78, 0x9A, 0x4B, 0xF0, 0xB4, 0xF3, 0xA0, 0x47, 0x00, 0xC7, 0x42, 0x67, 0x92, 0x3B, 0x33, 0x8C, 0x84, 0x09, 0x2B, 0x05, 0x9B },
+    { 0x9B, 0x9A, 0x38, 0xAA, 0x1C, 0x3B, 0x28, 0x91, 0x9F, 0x38, 0x76, 0x06, 0xF5, 0x3D, 0x9B, 0xE1, 0x24, 0xC4, 0xC9, 0x83, 0x72, 0x2D, 0x72, 0xAC, 0xE9, 0x2A, 0x26, 0x6E, 0x56, 0x38, 0x32, 0xB5 },
+    { 0x8F, 0xE7, 0x93, 0x64, 0xF6, 0x31, 0x96, 0x42, 0x3F, 0x94, 0xCD, 0x66, 0x32, 0xC2, 0x05, 0xF3, 0x7E, 0x3E, 0x56, 0xB9, 0xFE, 0x10, 0x0E, 0x95, 0x85, 0x6E, 0xBF, 0x0A, 0x31, 0x22, 0xCD, 0x06 },
+    { 0x3F, 0xE4, 0x76, 0x7D, 0x58, 0x56, 0x49, 0x03, 0x23, 0x8B, 0xFC, 0xF2, 0xD9, 0xFD, 0x42, 0x9E, 0xE2, 0x59, 0x2A, 0xE1, 0xF5, 0xFD, 0x18, 0x41, 0x73, 0xB9, 0x02, 0x0D, 0x63, 0x70, 0x42, 0xDD },
+    { 0x8B, 0xBA, 0x96, 0x56, 0x1C, 0x8F, 0xB5, 0x38, 0x04, 0x2F, 0xC9, 0x94, 0x68, 0x11, 0xEA, 0xD5, 0xDE, 0x15, 0xEE, 0xB1, 0xA5, 0x1C, 0x03, 0x8A, 0x5B, 0xCF, 0x59, 0x04, 0x8B, 0xC5, 0x6E, 0x55 },
+    { 0xE1, 0xCD, 0x83, 0xFB, 0xEA, 0xAD, 0x30, 0xCA, 0x83, 0x8E, 0xD4, 0x6B, 0xE1, 0xC1, 0x4B, 0x0B, 0x5C, 0x82, 0x7F, 0xE1, 0xCE, 0xB8, 0xBB, 0x27, 0x73, 0xF2, 0xF0, 0xBE, 0x62, 0x73, 0x10, 0xBE },
+    { 0x42, 0xEA, 0x5C, 0x76, 0xC9, 0xC1, 0xB7, 0x39, 0x48, 0x2E, 0xF1, 0x7A, 0xB8, 0x36, 0x48, 0x64, 0xC3, 0x9C, 0xA2, 0xF6, 0xA1, 0xA2, 0xCC, 0xEA, 0x13, 0x37, 0x5E, 0x7D, 0x57, 0xFF, 0xE8, 0xD0 },
+    { 0x98, 0xDC, 0x28, 0x46, 0xF3, 0xCC, 0xC9, 0x25, 0x15, 0x3C, 0xD9, 0x69, 0x29, 0x6F, 0xA4, 0x6B, 0xB2, 0x2B, 0xD7, 0x85, 0xC1, 0x9F, 0xB6, 0xEC, 0x4C, 0xB1, 0x85, 0xA6, 0x19, 0x3B, 0x6A, 0xBA },
+    { 0x4E, 0xFD, 0xA9, 0xA9, 0xFB, 0xCA, 0xBE, 0xA7, 0xEE, 0xE9, 0x29, 0xBF, 0x56, 0xA9, 0x38, 0xE9, 0x7C, 0x14, 0x50, 0x34, 0xB2, 0xA5, 0xAE, 0xD8, 0x70, 0xB9, 0x6B, 0x10, 0x5C, 0xE5, 0x54, 0xB4 },
+    { 0x1B, 0xBE, 0x63, 0x6A, 0x93, 0xEB, 0xAD, 0x11, 0xA4, 0x34, 0xCC, 0x20, 0xA6, 0x11, 0xA1, 0xD2, 0x97, 0x87, 0x86, 0x02, 0xA1, 0x35, 0x56, 0x5F, 0x44, 0xA4, 0x7F, 0xB9, 0x41, 0x7A, 0x37, 0x1B },
+    { 0x71, 0xEE, 0x60, 0x45, 0xF3, 0x5F, 0x48, 0xA6, 0xBF, 0xD4, 0x13, 0x89, 0x9A, 0x63, 0x44, 0x9E, 0xE0, 0x7F, 0x84, 0x39, 0x9E, 0xA0, 0x30, 0x3F, 0x92, 0x78, 0x63, 0x11, 0xA1, 0xED, 0x6F, 0x5D },
+    { 0xE2, 0x35, 0xDE, 0x00, 0xB2, 0x25, 0xFA, 0xD9, 0x54, 0x7E, 0x21, 0x90, 0xB0, 0xA4, 0xD2, 0x1F, 0xFB, 0xCF, 0xB8, 0x5F, 0xB0, 0x78, 0xF5, 0x02, 0x21, 0xDD, 0xE4, 0x72, 0x9A, 0x14, 0xB3, 0x1B },
+    { 0x39, 0xAB, 0xCC, 0xF1, 0x7E, 0xCD, 0x6E, 0xFD, 0x35, 0xD2, 0x02, 0xD9, 0x11, 0x00, 0x67, 0x62, 0x4A, 0x55, 0x23, 0xCF, 0xC2, 0xD8, 0xBE, 0x59, 0x34, 0x91, 0x6F, 0x0B, 0x20, 0xDE, 0x72, 0x63 },
+    { 0xDD, 0x49, 0xC0, 0xE2, 0x19, 0x90, 0x6A, 0x2B, 0xC0, 0x18, 0x2E, 0x3D, 0x35, 0x26, 0x5D, 0x63, 0xE6, 0x3E, 0xD8, 0x66, 0xF9, 0x2F, 0xC7, 0x83, 0xB9, 0x70, 0x9B, 0x6C, 0x2C, 0x65, 0x91, 0x99 },
+    { 0xD6, 0x26, 0x34, 0x62, 0xA6, 0xDE, 0x69, 0x49, 0x93, 0x42, 0x7A, 0xD9, 0x83, 0x2A, 0xBA, 0xF4, 0x80, 0xAB, 0x43, 0xBF, 0x11, 0xEF, 0x50, 0x93, 0x46, 0xB2, 0x0B, 0xA9, 0x55, 0x40, 0x6A, 0x02 },
+    { 0xD0, 0xC1, 0xD6, 0xAF, 0x24, 0x57, 0xAD, 0xA5, 0x5B, 0xFD, 0x29, 0xF7, 0xD8, 0xF7, 0x34, 0x3E, 0x13, 0x42, 0x68, 0x76, 0x77, 0xCE, 0x91, 0xDC, 0xF2, 0xC5, 0x80, 0x81, 0xA0, 0xB9, 0x3C, 0xE7 },
+    { 0x93, 0x2E, 0xFA, 0x57, 0x01, 0xF0, 0xAB, 0x3A, 0x6C, 0x8C, 0xD8, 0x1D, 0x7A, 0x22, 0x20, 0x76, 0x8B, 0x67, 0xBD, 0x8C, 0xC6, 0x0D, 0xF6, 0xE0, 0x05, 0xDD, 0x78, 0x45, 0x74, 0x58, 0xB2, 0xDF },
+    { 0x68, 0xA8, 0xC1, 0x33, 0xF7, 0x44, 0x89, 0xEB, 0x9A, 0x31, 0x09, 0x8D, 0x51, 0xC1, 0x03, 0x8A, 0xE9, 0xF2, 0xF4, 0xDF, 0x08, 0x45, 0x94, 0x77, 0x84, 0x07, 0x1D, 0x8A, 0xF7, 0x02, 0x47, 0x5E },
+    { 0x01, 0x6D, 0xD6, 0xC8, 0xCB, 0x1E, 0x89, 0x1E, 0x3D, 0xD2, 0x88, 0x2A, 0x11, 0x2F, 0x1A, 0x0C, 0x91, 0x1C, 0x93, 0xC9, 0xCE, 0x19, 0x70, 0xE4, 0x0E, 0xCB, 0xB3, 0x41, 0x9F, 0x8F, 0x77, 0x5B },
+    { 0x5E, 0xC2, 0x26, 0x2D, 0x5D, 0x60, 0x8F, 0xA1, 0xFB, 0xF5, 0xC1, 0xAB, 0xAE, 0x40, 0x51, 0xF0, 0xB2, 0x5C, 0xE1, 0x00, 0xF0, 0x60, 0x28, 0x4B, 0xA5, 0xFA, 0x4C, 0xC8, 0x67, 0x44, 0xEF, 0xCC },
+    { 0x79, 0x5F, 0x79, 0x7D, 0xBC, 0x43, 0x5E, 0x02, 0xB2, 0x58, 0x89, 0xC3, 0xA6, 0x13, 0x8C, 0xBA, 0xF6, 0x0C, 0x03, 0x9A, 0x34, 0x26, 0xCC, 0xCA, 0xD2, 0xCD, 0x04, 0x14, 0x2D, 0x18, 0x2C, 0x2E },
+    { 0xAC, 0x57, 0xEB, 0x3E, 0x68, 0xDA, 0xB7, 0x50, 0xCC, 0x07, 0xE7, 0xBF, 0xD1, 0x4E, 0xDC, 0x6E, 0xEB, 0x60, 0xDC, 0xAE, 0xF9, 0xB1, 0x8D, 0xE9, 0x2A, 0xD4, 0xDA, 0x88, 0x18, 0x7D, 0x4D, 0xB2 },
+    { 0x94, 0x19, 0xBD, 0x21, 0x31, 0x29, 0x17, 0x7E, 0x99, 0x1E, 0x4D, 0x82, 0x46, 0xAE, 0x7B, 0xA0, 0x99, 0x41, 0x85, 0xEF, 0x63, 0xC9, 0xD7, 0x17, 0x92, 0x79, 0x80, 0x90, 0xCB, 0xEF, 0x12, 0x20 },
+    { 0x12, 0xA1, 0x2F, 0xD1, 0xC5, 0x21, 0x8E, 0x36, 0x04, 0x64, 0xAC, 0x1D, 0x9F, 0x06, 0x27, 0xFD, 0xBA, 0xEF, 0xAC, 0x20, 0x77, 0xB3, 0xE6, 0x76, 0xF1, 0xF4, 0xC4, 0x56, 0x30, 0x51, 0xE2, 0xA3 },
+    { 0xDB, 0x6E, 0x9E, 0x55, 0x4B, 0x0B, 0x97, 0x0B, 0x9B, 0x51, 0x62, 0x99, 0xE1, 0xBD, 0xAA, 0x60, 0xC1, 0x40, 0x26, 0xB3, 0x56, 0x21, 0x0A, 0x1D, 0xE5, 0xC7, 0x73, 0x9B, 0x5F, 0x15, 0x0E, 0xC5 },
+    { 0x52, 0x21, 0xD8, 0x21, 0xBD, 0xDD, 0x3C, 0x00, 0xF2, 0xCD, 0xD4, 0x54, 0xBD, 0x74, 0xF4, 0x2B, 0x8B, 0x0E, 0xD1, 0xBE, 0xB7, 0x85, 0x78, 0x3F, 0xDA, 0x3F, 0x69, 0x36, 0xDD, 0xB9, 0x7E, 0xB2 },
+    { 0xF4, 0x11, 0x4B, 0xDC, 0x9B, 0x16, 0x89, 0xD9, 0x03, 0x47, 0x13, 0x50, 0x71, 0x0B, 0xDB, 0xD4, 0x3E, 0xB1, 0xCE, 0x6B, 0x95, 0xCB, 0xFB, 0x10, 0x64, 0xAE, 0x9D, 0x64, 0x76, 0x66, 0x6A, 0xAD },
+    { 0xE8, 0xD9, 0x68, 0x64, 0xF9, 0xC9, 0x64, 0x65, 0xB6, 0x8D, 0x5C, 0x9A, 0x47, 0x1D, 0x81, 0x42, 0x40, 0x0D, 0x4D, 0x65, 0x31, 0x28, 0xD0, 0x20, 0x0E, 0xE7, 0xD4, 0x1A, 0xD9, 0xBA, 0x0A, 0xA6 },
+    { 0x28, 0xFA, 0x2B, 0xEF, 0x73, 0x7A, 0xEB, 0x04, 0xDD, 0x29, 0x62, 0xA8, 0x92, 0x80, 0xF8, 0x2B, 0xA2, 0x2D, 0x77, 0xC5, 0x0D, 0x5A, 0x08, 0xCA, 0x17, 0xE2, 0x85, 0xC4, 0xC8, 0x45, 0x0A, 0xD8 },
+    { 0x10, 0x91, 0x79, 0xAC, 0xE5, 0x3C, 0x0D, 0xF7, 0x90, 0xEA, 0x44, 0x92, 0xC5, 0xC0, 0xCA, 0xCD, 0xBF, 0x86, 0x68, 0x87, 0x7D, 0xC4, 0x24, 0x57, 0xCE, 0xEE, 0xD9, 0x3C, 0x23, 0x49, 0x1A, 0xE5 },
+    { 0x1E, 0x3E, 0xAC, 0xB4, 0xAE, 0xE9, 0x43, 0x7A, 0x8D, 0x09, 0x97, 0xFF, 0xBB, 0x47, 0xAA, 0x1D, 0x0A, 0xB0, 0x62, 0x5D, 0x0B, 0x36, 0xD7, 0x91, 0x3D, 0xF1, 0xDD, 0xA5, 0x91, 0xB4, 0xE4, 0xC1 },
+    { 0x01, 0xB3, 0xD5, 0x15, 0xDA, 0x8F, 0x67, 0x3C, 0x6F, 0x37, 0x29, 0xB9, 0xFD, 0xFB, 0xBD, 0xC5, 0x04, 0x42, 0xE7, 0x9C, 0xD2, 0x91, 0x7D, 0x33, 0x79, 0x2C, 0x62, 0x0F, 0xD7, 0xF8, 0x86, 0x21 },
+    { 0xEC, 0xC8, 0x94, 0x08, 0xF1, 0x50, 0x24, 0x83, 0xCE, 0xA9, 0x51, 0x7A, 0xAF, 0xBE, 0x0B, 0x49, 0x56, 0x86, 0xEF, 0x05, 0x1B, 0x63, 0x59, 0x7C, 0x32, 0x09, 0x04, 0x24, 0x05, 0x37, 0x5B, 0x1F },
+    { 0x71, 0xC2, 0x6B, 0x89, 0x5C, 0x7B, 0x60, 0xC7, 0x91, 0x39, 0x84, 0x0B, 0xCD, 0x33, 0xC1, 0x67, 0x26, 0x5C, 0xA9, 0xD0, 0xFB, 0xDD, 0xE1, 0xAB, 0x7D, 0x07, 0x92, 0xDF, 0x8F, 0x65, 0xF8, 0x2E },
+    { 0xD9, 0xF9, 0xAB, 0x23, 0x43, 0x82, 0x8B, 0x07, 0x1C, 0x88, 0x1F, 0x8F, 0xC5, 0x95, 0x21, 0x24, 0xBD, 0xF6, 0x11, 0xDB, 0xD4, 0xCA, 0x32, 0xDC, 0xB8, 0xE5, 0xDE, 0x1D, 0x37, 0x03, 0xA9, 0xDD },
+    { 0x04, 0x42, 0xF8, 0x22, 0xDC, 0xF8, 0x1C, 0xD7, 0xC0, 0xE0, 0x82, 0x20, 0x08, 0xD5, 0x96, 0x79, 0xF9, 0xBF, 0x32, 0x6E, 0x9F, 0xAD, 0x51, 0x33, 0x9B, 0x6F, 0xC2, 0x98, 0x1C, 0x28, 0xB0, 0x60 },
+    { 0x6F, 0x3A, 0x59, 0x60, 0x5D, 0x92, 0x08, 0xE9, 0x92, 0xB2, 0x81, 0x30, 0xFD, 0xCD, 0xFA, 0x44, 0x24, 0xF0, 0x57, 0xB1, 0x6F, 0xDF, 0x27, 0x8B, 0xA1, 0x5E, 0x82, 0x3C, 0x82, 0xC3, 0xCA, 0xAD },
+    { 0x3D, 0x72, 0x09, 0xF5, 0x29, 0x5A, 0x8C, 0x68, 0x8A, 0x1F, 0xE8, 0xC6, 0x3E, 0xA8, 0xDC, 0x6B, 0xCB, 0x88, 0x70, 0x70, 0xFF, 0x7D, 0xC7, 0xC9, 0x5D, 0x2B, 0x66, 0xEE, 0x07, 0xF0, 0x4B, 0x0E },
+    { 0x1C, 0x03, 0x30, 0xA5, 0xE5, 0x50, 0x0B, 0xB4, 0xC6, 0x62, 0x38, 0x3E, 0x04, 0xC5, 0xB9, 0x0C, 0x7F, 0x91, 0x43, 0xFC, 0x13, 0xD0, 0xCB, 0x78, 0xCF, 0x77, 0x44, 0xBA, 0xA1, 0x20, 0x80, 0x82 },
+    { 0xF8, 0x9A, 0x6F, 0xB2, 0xDE, 0x52, 0x6E, 0x15, 0x65, 0x33, 0xBB, 0x67, 0x56, 0x2B, 0x85, 0x7C, 0xDA, 0xB5, 0x0A, 0x78, 0x87, 0x5A, 0xDD, 0x41, 0xC5, 0xE5, 0x22, 0xB0, 0xF7, 0xFD, 0x92, 0x4B },
+    { 0xD9, 0x13, 0x64, 0x69, 0xC5, 0x96, 0x7A, 0x6A, 0x9A, 0x75, 0xD5, 0x9B, 0xF1, 0x9D, 0x60, 0x85, 0x3C, 0x05, 0x70, 0x93, 0xF0, 0x28, 0x53, 0x81, 0xEA, 0x6B, 0x8B, 0x8D, 0xA8, 0x4C, 0x47, 0x16 },
+    { 0x14, 0x3A, 0xA1, 0x39, 0xE2, 0xD5, 0xF0, 0xD4, 0xAA, 0xBF, 0x8A, 0x5A, 0x0A, 0x93, 0xFB, 0x4F, 0x7C, 0x33, 0xD8, 0xB0, 0xC7, 0xB0, 0xB6, 0x32, 0x63, 0x87, 0xEE, 0x05, 0x59, 0xFF, 0x30, 0x13 },
+    { 0x2F, 0xBB, 0x84, 0x7B, 0xDD, 0x33, 0x22, 0x18, 0x8B, 0x24, 0x9C, 0x7F, 0x51, 0x6B, 0x8B, 0x39, 0x14, 0x33, 0x37, 0x7F, 0x8C, 0x70, 0x08, 0x4B, 0x71, 0xB6, 0x7A, 0x2F, 0x11, 0x3A, 0x5D, 0x86 },
+    { 0xA3, 0xA8, 0x04, 0x43, 0xAB, 0xD7, 0xD7, 0xC2, 0xBF, 0x99, 0x50, 0x93, 0x24, 0x65, 0x93, 0x1B, 0x81, 0x19, 0x72, 0x3D, 0x7A, 0xB9, 0x39, 0x69, 0x1F, 0x5D, 0x47, 0x0A, 0x42, 0x38, 0xE1, 0x00 },
+    { 0xDB, 0x73, 0x26, 0x49, 0x74, 0x45, 0xD8, 0x35, 0x71, 0xBE, 0xE8, 0x9E, 0xE3, 0x25, 0x57, 0x22, 0x45, 0x9F, 0x6F, 0x8F, 0x8E, 0x1C, 0xE6, 0x47, 0x42, 0x00, 0x16, 0xDD, 0x2D, 0x2A, 0x5C, 0x17 },
+    { 0x16, 0xF2, 0x76, 0xF5, 0xD5, 0x6B, 0xAC, 0x03, 0x8C, 0x9D, 0x3A, 0x5E, 0xA2, 0x54, 0xB7, 0x7D, 0x09, 0xDD, 0xBB, 0x90, 0x3F, 0x90, 0x07, 0x38, 0xC9, 0x3A, 0xC8, 0xFF, 0x0B, 0x14, 0x3C, 0xD8 },
+    { 0xC1, 0x18, 0x12, 0x3A, 0xEB, 0x58, 0x91, 0xEB, 0xF5, 0xAA, 0x8F, 0x88, 0x09, 0x58, 0x8A, 0xD4, 0xEC, 0x3E, 0xD8, 0x84, 0x01, 0x51, 0x43, 0x38, 0x87, 0x4F, 0xE0, 0x13, 0xAF, 0xED, 0xA7, 0xB7 },
+    { 0x2D, 0x4B, 0x38, 0x20, 0x3A, 0x1F, 0xAF, 0x9C, 0x02, 0x2F, 0x7A, 0x72, 0xAE, 0x38, 0x15, 0x6F, 0x87, 0x16, 0x3B, 0x5A, 0xE0, 0x34, 0x6C, 0xDB, 0xE4, 0x81, 0x71, 0xC2, 0x36, 0x63, 0x70, 0xBB },
+    { 0x4E, 0x59, 0xD0, 0xC2, 0xFA, 0x79, 0x4C, 0x2D, 0xE1, 0x87, 0xA2, 0x82, 0xA3, 0x01, 0x11, 0x7F, 0xC7, 0xC1, 0xBA, 0x7F, 0x8B, 0x87, 0xF9, 0x23, 0x91, 0x7F, 0x65, 0x08, 0x66, 0xE8, 0x99, 0xAF },
+    { 0x24, 0x82, 0xDD, 0xDB, 0xED, 0xF1, 0x66, 0x89, 0xA9, 0x50, 0x39, 0x2E, 0xC3, 0xDB, 0xBD, 0xFF, 0x56, 0xC8, 0x05, 0x13, 0xAC, 0x0C, 0x06, 0xB9, 0x14, 0xEE, 0x62, 0x25, 0xEE, 0xBE, 0xFA, 0xA8 },
+    { 0xE7, 0xAB, 0x91, 0x00, 0x62, 0x37, 0x10, 0x77, 0x7E, 0x1D, 0xDD, 0xCB, 0x29, 0xDE, 0xEA, 0xDF, 0x82, 0x2F, 0x60, 0x12, 0x0A, 0xBA, 0x12, 0xEE, 0x97, 0x3C, 0x03, 0x26, 0x98, 0xAB, 0x1A, 0xF5 },
+    { 0xC0, 0x9F, 0xF3, 0x9C, 0x44, 0x61, 0x22, 0xC8, 0x3A, 0xE1, 0x99, 0xD4, 0xA7, 0xF4, 0x83, 0x5D, 0x56, 0x28, 0xD5, 0xD8, 0x05, 0x4B, 0xA5, 0xFD, 0x6C, 0xF9, 0x13, 0xB8, 0x43, 0x5E, 0x36, 0x58 },
+    { 0xBC, 0xF2, 0xAD, 0x08, 0x34, 0xE7, 0x32, 0x41, 0xD7, 0x19, 0xB8, 0x34, 0x81, 0x24, 0x0A, 0x2A, 0xEA, 0x52, 0xF7, 0x6F, 0xF2, 0x84, 0x07, 0xC2, 0x03, 0x46, 0xE9, 0x37, 0x34, 0xEF, 0x11, 0x2C },
+    { 0x9E, 0xBA, 0x4A, 0xC2, 0x16, 0xC6, 0xF0, 0x22, 0x9B, 0x39, 0xB9, 0xF3, 0x00, 0x60, 0x0B, 0x59, 0x3B, 0x15, 0x12, 0xE1, 0x8B, 0xDB, 0x1B, 0x23, 0x9C, 0x74, 0x44, 0x3D, 0x9B, 0xEC, 0xCA, 0x79 },
+    { 0xA3, 0x43, 0x92, 0xBF, 0x6D, 0x91, 0x2C, 0xE8, 0x55, 0xD7, 0xE3, 0xF9, 0xE7, 0x40, 0x9C, 0x95, 0x7A, 0xD3, 0x73, 0x33, 0x15, 0x43, 0x58, 0x88, 0xA5, 0x0F, 0xE9, 0x45, 0x1E, 0xAF, 0xE8, 0x97 },
+    { 0xCA, 0x6B, 0xB7, 0xB7, 0x30, 0xCC, 0xE8, 0x3E, 0x1D, 0x56, 0xA9, 0x58, 0xE2, 0x65, 0x01, 0xA7, 0xE0, 0x23, 0x09, 0x3B, 0xBF, 0xA5, 0x6A, 0x84, 0x47, 0xBF, 0xBA, 0x1C, 0x4A, 0xEE, 0x99, 0xB1 },
+    { 0x6B, 0xC9, 0xEE, 0x6F, 0x43, 0xDC, 0xC7, 0x61, 0xFB, 0x5A, 0x28, 0x3B, 0xF4, 0x0D, 0x5C, 0xF0, 0xAB, 0x62, 0x10, 0x03, 0xF3, 0xF3, 0xE7, 0x74, 0x5E, 0x54, 0x18, 0xDA, 0xF6, 0x50, 0x98, 0x62 },
+    { 0x9F, 0xDD, 0xCE, 0x99, 0x46, 0xF8, 0x72, 0xC1, 0x95, 0x98, 0xF4, 0xD3, 0x11, 0x78, 0xEB, 0x7F, 0x76, 0x15, 0x5B, 0x03, 0x0C, 0x96, 0xB8, 0x75, 0xB5, 0x5B, 0x20, 0x3B, 0xC7, 0xE2, 0x68, 0xDB },
+    { 0x02, 0x5C, 0xD3, 0x4B, 0x3C, 0x2A, 0x4D, 0x4A, 0x8F, 0x23, 0xC1, 0x7A, 0x7D, 0x08, 0x14, 0xBE, 0x7E, 0x39, 0x11, 0xB4, 0x4B, 0x32, 0x07, 0xC5, 0xBF, 0x30, 0x86, 0x2F, 0x14, 0x66, 0xA6, 0xAA },
+    { 0x30, 0xC7, 0x54, 0x10, 0xF7, 0xE5, 0x64, 0x67, 0x86, 0x21, 0x4A, 0xEB, 0x82, 0xE9, 0xF9, 0x9B, 0xA2, 0xC4, 0xA9, 0x73, 0x6A, 0x94, 0x7F, 0x8C, 0x5C, 0x21, 0x53, 0x05, 0x50, 0x0C, 0x47, 0x78 },
+    { 0xA4, 0xA7, 0xA8, 0xE6, 0x39, 0xF8, 0xBB, 0x6C, 0x6C, 0xBA, 0x0D, 0x36, 0x5A, 0xF4, 0x47, 0x0D, 0x05, 0x1C, 0xB9, 0xAF, 0x23, 0x50, 0x58, 0x10, 0x8B, 0x58, 0x66, 0xD9, 0x75, 0x47, 0xB7, 0x94 },
+    { 0x7A, 0x5E, 0xE3, 0xC9, 0xED, 0xF1, 0x68, 0x94, 0x03, 0xF3, 0x12, 0x7E, 0xBE, 0x09, 0x50, 0x24, 0xCB, 0x4C, 0x27, 0xCD, 0xFD, 0xDC, 0x4D, 0xA1, 0xA2, 0x9B, 0xA1, 0xD0, 0x0B, 0x31, 0xBD, 0xC0 },
+    { 0xC3, 0xD0, 0x9E, 0x4B, 0xC6, 0xE6, 0x53, 0x73, 0xFE, 0xEB, 0xD4, 0x75, 0x9C, 0x1D, 0xCC, 0xD3, 0x39, 0xFE, 0xC8, 0x3D, 0xAF, 0x7F, 0x25, 0x71, 0xF0, 0x13, 0x70, 0x4C, 0x5A, 0x58, 0x76, 0xA6 },
+    { 0x22, 0xAF, 0x4C, 0xF6, 0x8A, 0xE5, 0x4A, 0x50, 0xF2, 0x8E, 0x88, 0x7A, 0x6D, 0x8C, 0xBE, 0xAA, 0xCF, 0x73, 0xA2, 0xF4, 0x6F, 0x50, 0xE1, 0xE9, 0xE9, 0xAA, 0x01, 0x70, 0x61, 0x17, 0xD1, 0x70 },
+    { 0xC0, 0x4B, 0x8D, 0x20, 0x0E, 0x33, 0x2C, 0x08, 0x77, 0x85, 0x1B, 0xF7, 0x2B, 0xD6, 0xBD, 0x80, 0xE1, 0x06, 0x2D, 0x8F, 0x8E, 0x17, 0xE5, 0xE0, 0xBF, 0xA6, 0x05, 0x2C, 0x1D, 0x66, 0xAC, 0x1A },
+    { 0x7A, 0xAC, 0x51, 0x99, 0x61, 0x71, 0xFC, 0x36, 0x12, 0xB3, 0x6F, 0x9C, 0x06, 0x18, 0xC0, 0x65, 0x74, 0xE6, 0x42, 0x43, 0xED, 0x66, 0xC0, 0xAF, 0x60, 0x01, 0xA6, 0x87, 0x82, 0x98, 0x9C, 0x70 },
+    { 0x59, 0x06, 0xE5, 0xAF, 0x50, 0x09, 0x72, 0xB8, 0xC0, 0xEB, 0x6B, 0x2F, 0x18, 0x7A, 0x49, 0x73, 0x55, 0xE7, 0x7B, 0x59, 0xEB, 0xB6, 0xD1, 0x12, 0x21, 0xDC, 0xC9, 0x82, 0xB8, 0x85, 0xA4, 0x94 },
+    { 0xB2, 0xD6, 0xC8, 0x93, 0xA0, 0xBF, 0x03, 0x08, 0x98, 0x0E, 0x4B, 0xC6, 0xBC, 0xD1, 0x3F, 0x7D, 0x60, 0xEE, 0x55, 0x74, 0x2C, 0xA7, 0xF6, 0x5B, 0xE2, 0xD7, 0x22, 0xF3, 0xC1, 0x4D, 0x0E, 0xDD },
+    { 0xB6, 0x22, 0x1A, 0xF8, 0x24, 0x66, 0x0A, 0x37, 0xC0, 0x0E, 0x0F, 0x7A, 0x2B, 0x9D, 0x84, 0x99, 0x20, 0x9F, 0x34, 0x98, 0x69, 0xF8, 0xE0, 0x26, 0x17, 0x8E, 0x89, 0xFF, 0x02, 0xC0, 0x9A, 0x0D },
+    { 0xD8, 0x79, 0x64, 0xB7, 0x15, 0x67, 0x29, 0x07, 0x93, 0x8F, 0xDD, 0x2E, 0x5C, 0x38, 0x92, 0xB0, 0x79, 0xA1, 0x38, 0xC1, 0x32, 0xDF, 0xFB, 0x68, 0x6B, 0x71, 0x75, 0xF1, 0xC8, 0x4C, 0x59, 0x18 },
+    { 0x26, 0x29, 0xB2, 0x54, 0x9F, 0x6A, 0x7B, 0x0E, 0x38, 0x61, 0x06, 0x20, 0x69, 0xDB, 0xBF, 0x89, 0x5B, 0xDF, 0x65, 0xD1, 0xD6, 0xEA, 0x52, 0x17, 0x27, 0x83, 0x79, 0xBA, 0xC8, 0x2B, 0x6B, 0x3D },
+    { 0x02, 0x16, 0xD2, 0x75, 0x70, 0xC9, 0x71, 0x00, 0xCF, 0xF3, 0x5D, 0xEA, 0x22, 0x59, 0xBB, 0x77, 0x9B, 0x4E, 0xFA, 0x9A, 0x26, 0x68, 0x73, 0xEB, 0x7F, 0xBE, 0x86, 0x5A, 0x3B, 0x44, 0x2B, 0x78 },
+    { 0x37, 0xC6, 0x97, 0x81, 0xA4, 0x36, 0xC5, 0x0F, 0xE6, 0x79, 0x62, 0xE4, 0xC9, 0xBB, 0x38, 0xAB, 0xD1, 0x17, 0xDD, 0x1D, 0x82, 0xA7, 0x21, 0x12, 0x6C, 0x86, 0x08, 0xE9, 0xC6, 0x6F, 0x9F, 0x8E },
+    { 0xD2, 0xB2, 0x14, 0x22, 0x1D, 0xB7, 0x5B, 0xCE, 0xBF, 0x96, 0x4F, 0x16, 0x48, 0xD7, 0x5B, 0x2F, 0x83, 0x2D, 0x02, 0x6D, 0x37, 0x01, 0x5B, 0xEA, 0x19, 0xF8, 0x0E, 0x45, 0x23, 0x56, 0x70, 0x9F },
+    { 0x26, 0x50, 0xDC, 0xFB, 0xC3, 0xFA, 0xFB, 0xD4, 0x7C, 0xD2, 0xEF, 0x10, 0x80, 0x74, 0x90, 0x2C, 0x86, 0x58, 0xA0, 0xE9, 0xA7, 0x0D, 0xA2, 0xF7, 0x90, 0x44, 0x53, 0x97, 0x47, 0x54, 0x01, 0x5F },
+    { 0x7E, 0xDE, 0x7A, 0x6F, 0xB7, 0x94, 0x26, 0xA3, 0xC3, 0x2E, 0x79, 0xC0, 0xBB, 0x3C, 0xA8, 0x5C, 0xC1, 0x66, 0x97, 0x5C, 0xB6, 0x67, 0x50, 0x95, 0x1A, 0x06, 0x9E, 0x1D, 0x0B, 0x84, 0x5A, 0x1C },
+    { 0x87, 0xBE, 0x66, 0xDB, 0x2C, 0x5A, 0x9C, 0x5A, 0xAF, 0xBB, 0xA1, 0xAE, 0x86, 0x9A, 0x9C, 0x78, 0x78, 0xE3, 0x8F, 0xA2, 0xBD, 0x82, 0x0D, 0xDA, 0x3C, 0x00, 0x49, 0x0E, 0xE7, 0x78, 0xBF, 0xB5 },
+    { 0x94, 0x88, 0xBD, 0x26, 0xFA, 0x51, 0x96, 0xE6, 0x78, 0x77, 0x98, 0x04, 0xBA, 0x0C, 0x92, 0x23, 0xB7, 0x88, 0x23, 0xF1, 0xE5, 0x74, 0x1E, 0x8B, 0xE6, 0x03, 0xF9, 0x9A, 0xA6, 0x79, 0xED, 0xD9 },
+    { 0x4F, 0x0A, 0xC5, 0xB3, 0x54, 0x3C, 0xF3, 0x01, 0xBF, 0xCC, 0xA4, 0x19, 0x6E, 0xEC, 0xAB, 0x3F, 0x22, 0x70, 0x2E, 0x58, 0xAC, 0x41, 0x2E, 0xB3, 0xB5, 0xA3, 0x23, 0xA7, 0x3A, 0x59, 0xA4, 0x19 },
+    { 0xFA, 0x72, 0x0F, 0x21, 0x7D, 0xAD, 0x6B, 0x57, 0xC0, 0x2D, 0x3C, 0xA8, 0x46, 0x7E, 0xC4, 0x34, 0xE9, 0x30, 0x80, 0x6D, 0x96, 0x94, 0xA4, 0x48, 0xA9, 0x7C, 0xAA, 0xC9, 0xB6, 0xA9, 0xDB, 0x0E },
+    { 0xD9, 0x25, 0x82, 0x7B, 0xB7, 0xA0, 0xD7, 0x69, 0x3C, 0x25, 0x20, 0x37, 0x53, 0x52, 0x3B, 0x21, 0xAB, 0x1E, 0x59, 0xC1, 0x7C, 0x9F, 0x01, 0x57, 0x14, 0x05, 0x5A, 0x7B, 0x29, 0xF4, 0xC9, 0x8A },
+    { 0x9F, 0xB4, 0xA2, 0xCD, 0x72, 0x24, 0xB6, 0x6D, 0x6A, 0x77, 0x96, 0x7D, 0x77, 0x6D, 0xEA, 0xB3, 0xDE, 0x51, 0xE8, 0x8C, 0x6A, 0xE5, 0x60, 0x79, 0xF6, 0x05, 0x43, 0x05, 0xBD, 0x20, 0x5D, 0x52 },
+    { 0xF3, 0x42, 0x09, 0xB6, 0x9B, 0x87, 0xCF, 0x44, 0xCF, 0xD4, 0x8B, 0xA7, 0x12, 0x33, 0x7B, 0xA1, 0x0E, 0xA6, 0x7D, 0xF5, 0x7C, 0xC0, 0xB6, 0x91, 0x05, 0xFB, 0x6B, 0x3A, 0x17, 0x87, 0xC2, 0x2A },
+    { 0x90, 0xCC, 0x6D, 0xE9, 0xA7, 0x8C, 0xD3, 0x8B, 0xE9, 0x8F, 0x7B, 0xAE, 0x02, 0xBA, 0xD7, 0xC8, 0xD9, 0xDA, 0xA2, 0x2D, 0x51, 0xA7, 0x5F, 0xB3, 0x04, 0xA8, 0xB2, 0xD7, 0x1C, 0x83, 0x7B, 0xF7 },
+    { 0x94, 0x75, 0xF3, 0xED, 0x16, 0x59, 0x23, 0xE1, 0xF3, 0xD0, 0xAA, 0x01, 0x9A, 0x61, 0x7E, 0xD3, 0x80, 0x64, 0xD5, 0xDB, 0xE7, 0x16, 0xB6, 0x86, 0xBC, 0xC3, 0xCB, 0x30, 0x73, 0xCA, 0x15, 0x56 },
+    { 0x11, 0x49, 0xC1, 0xD2, 0x38, 0x43, 0xD7, 0x52, 0xAF, 0xB1, 0xF6, 0xDA, 0x27, 0x99, 0x92, 0xD2, 0x43, 0xE4, 0xB1, 0x96, 0x73, 0xCA, 0xF0, 0xCC, 0xEA, 0xD0, 0xC8, 0xFE, 0x84, 0x59, 0x0B, 0x29 },
+    { 0x2D, 0x6C, 0xC3, 0x9E, 0xD8, 0x28, 0xC2, 0x9C, 0x79, 0x38, 0x81, 0x65, 0x12, 0xAC, 0xA7, 0x43, 0xF7, 0x43, 0x6D, 0x3B, 0xDA, 0x78, 0x4A, 0xBE, 0x7D, 0x87, 0x42, 0x78, 0x6D, 0x99, 0x3F, 0xBD },
+    { 0xC1, 0x95, 0x4D, 0x8D, 0x83, 0x37, 0xDB, 0x1E, 0xC5, 0xE8, 0x8A, 0xA8, 0xA0, 0xE4, 0xAD, 0xCB, 0x16, 0x42, 0x1D, 0xC0, 0x29, 0xB4, 0xC9, 0xEB, 0x36, 0xCA, 0x49, 0x58, 0xF4, 0x56, 0xFE, 0x6D },
+    { 0x31, 0x08, 0xD7, 0x13, 0xC0, 0x63, 0x6F, 0x46, 0xB8, 0xF4, 0x53, 0x63, 0x36, 0x8A, 0x93, 0xEF, 0xDC, 0x7B, 0x70, 0xFD, 0x0B, 0xEB, 0x62, 0x6D, 0x33, 0xD6, 0x74, 0x00, 0x15, 0x7A, 0x08, 0x81 },
+    { 0x2A, 0x3F, 0xD1, 0xEA, 0x98, 0x06, 0xB8, 0xDC, 0x53, 0xA2, 0x40, 0x7A, 0x91, 0xF7, 0x49, 0x13, 0xC0, 0xBC, 0x79, 0xA8, 0xD0, 0x34, 0xE5, 0xFF, 0xE2, 0x09, 0xAC, 0x1F, 0x8E, 0x2B, 0x0F, 0xAF },
+    { 0x5D, 0x1B, 0x6A, 0xC8, 0x48, 0x71, 0xFB, 0x3A, 0xBE, 0x99, 0xED, 0xCD, 0xB9, 0x8D, 0x28, 0x8C, 0xE5, 0x2F, 0x7C, 0xBF, 0x01, 0x7F, 0xB1, 0x7C, 0x5B, 0x8D, 0x80, 0xE0, 0x5F, 0xE2, 0x52, 0x83 },
+    { 0x69, 0x4B, 0xDC, 0x5E, 0xD7, 0x83, 0xC7, 0xEA, 0x0D, 0x76, 0x25, 0x89, 0x94, 0x5D, 0x87, 0x00, 0x09, 0xE8, 0x33, 0x98, 0xF5, 0x00, 0xDD, 0x81, 0x4F, 0xD5, 0xF7, 0xB3, 0x1F, 0xA2, 0xB1, 0xE0 },
+    { 0xC3, 0xE5, 0x8E, 0xCA, 0x3F, 0xBE, 0x33, 0xC1, 0xA0, 0x39, 0x6A, 0x3C, 0x88, 0x06, 0x28, 0x5E, 0x10, 0x92, 0xC0, 0x88, 0x13, 0x35, 0x9A, 0xB3, 0xF1, 0xF2, 0x4C, 0x1C, 0x30, 0xE2, 0xDF, 0xA5 },
+    { 0xCC, 0xDC, 0x4A, 0xBA, 0x8F, 0x7A, 0x21, 0x6B, 0x78, 0xB4, 0xC7, 0x0A, 0xCA, 0xDC, 0x95, 0x92, 0x4B, 0x85, 0x3E, 0x9F, 0xEB, 0x12, 0x01, 0x4B, 0xA9, 0x72, 0x35, 0x93, 0xE0, 0x60, 0x6C, 0x93 },
+    { 0x25, 0xBA, 0x14, 0xDF, 0xF7, 0x65, 0xDB, 0x9F, 0xA3, 0x86, 0x81, 0xF6, 0xE1, 0x6F, 0xA7, 0x9B, 0x9B, 0xE6, 0x8A, 0x37, 0x3A, 0xA7, 0x01, 0x87, 0xD3, 0x96, 0x6D, 0x5C, 0xEB, 0xD2, 0xD7, 0xCE },
+    { 0x8C, 0x37, 0x33, 0x72, 0xF5, 0xB3, 0xBC, 0xAD, 0xE9, 0x02, 0x98, 0x30, 0xB7, 0x02, 0x56, 0xA3, 0x53, 0xCB, 0xFC, 0x28, 0x98, 0x27, 0x9F, 0x9B, 0x51, 0x59, 0xEB, 0x0F, 0xC7, 0x7A, 0xF7, 0xFF },
+    { 0xF9, 0x52, 0x34, 0x3E, 0xCD, 0xD9, 0x0A, 0x08, 0xED, 0xD8, 0x6A, 0x2B, 0x3C, 0xEF, 0xB9, 0x1F, 0x94, 0x2B, 0x9A, 0xC9, 0x5C, 0xBD, 0xB1, 0xBD, 0xC3, 0x3C, 0xF1, 0x07, 0xF1, 0xE1, 0x56, 0xB2 },
+    { 0x3F, 0x22, 0x3E, 0x88, 0x70, 0x66, 0x78, 0x70, 0xC1, 0xC8, 0xA5, 0x6D, 0x59, 0x03, 0xE8, 0x7A, 0x83, 0x29, 0x45, 0xCA, 0xE7, 0x45, 0x96, 0x9D, 0x1B, 0x91, 0xA1, 0xEE, 0x2E, 0x1E, 0xE8, 0x49 },
+    { 0xBF, 0x61, 0x73, 0x5C, 0x05, 0xBD, 0x1B, 0x51, 0xFC, 0x35, 0x56, 0x36, 0x1B, 0x4C, 0x87, 0xF4, 0x6E, 0x11, 0x0B, 0x57, 0x50, 0x67, 0xD0, 0x7D, 0x66, 0x92, 0x8F, 0x47, 0x55, 0x09, 0x62, 0xB5 },
+    { 0x8A, 0x2D, 0x1B, 0x44, 0xF8, 0xA9, 0x52, 0x26, 0x3A, 0xB1, 0x1C, 0x0E, 0xF1, 0x50, 0x37, 0x52, 0x3E, 0x9D, 0x46, 0xA9, 0xEF, 0x10, 0xA8, 0x2F, 0x5F, 0x85, 0xE7, 0x50, 0x27, 0xDB, 0x6D, 0xBF },
+    { 0x3B, 0x01, 0x00, 0x0E, 0x04, 0x4D, 0x21, 0x71, 0xDB, 0x74, 0xAB, 0x8D, 0xE6, 0x43, 0x29, 0xC1, 0xC8, 0xCA, 0xF2, 0xCB, 0xCD, 0xD7, 0xE2, 0x2E, 0x52, 0x94, 0x93, 0x5A, 0x60, 0x12, 0x0F, 0x53 },
+    { 0xF6, 0x40, 0xB5, 0x07, 0x92, 0x07, 0x84, 0x0E, 0xC1, 0x82, 0xE1, 0x2F, 0x43, 0x20, 0x37, 0x70, 0x7B, 0xBB, 0x60, 0xD2, 0x67, 0xE6, 0x06, 0xC6, 0x7D, 0x53, 0xFB, 0x7F, 0xE8, 0xC7, 0xCA, 0xBF },
+    { 0xB0, 0xEE, 0x94, 0x4B, 0xBC, 0x2C, 0x66, 0x46, 0xE2, 0xD0, 0xF7, 0x37, 0x8C, 0xBE, 0xA8, 0x28, 0x65, 0xA9, 0x38, 0xAF, 0x38, 0xB7, 0xC3, 0xC3, 0x30, 0x48, 0x68, 0xCE, 0x6F, 0x2B, 0xF3, 0x7A },
+    { 0xDA, 0x30, 0xB6, 0x16, 0xFF, 0x4B, 0x44, 0x2B, 0x7F, 0x1C, 0x39, 0x5B, 0xA2, 0x49, 0x23, 0x60, 0x38, 0xF5, 0x5F, 0xAF, 0x5F, 0x2D, 0x3B, 0xEC, 0x6E, 0xE0, 0x61, 0x11, 0x15, 0x15, 0x58, 0x0B },
+    { 0x22, 0xE2, 0x23, 0x11, 0x57, 0x56, 0x30, 0xE3, 0x29, 0x37, 0x21, 0x0E, 0x63, 0x9D, 0x6D, 0x20, 0x67, 0x93, 0x39, 0xB2, 0xFB, 0x05, 0x54, 0x40, 0x30, 0x0C, 0xD6, 0x21, 0xAC, 0x8E, 0x7F, 0xD0 },
+    { 0xD3, 0xE8, 0xCF, 0x52, 0x8F, 0xF1, 0x45, 0xAA, 0xA1, 0x99, 0x90, 0x2E, 0x69, 0xF7, 0x0C, 0xA2, 0x0B, 0x38, 0x4F, 0xDA, 0xAA, 0x2B, 0x29, 0xF5, 0xDD, 0x86, 0x9A, 0x1F, 0x25, 0xD5, 0xA9, 0xCB },
+    { 0x28, 0x54, 0xB2, 0x09, 0x1D, 0xAC, 0xE2, 0xB1, 0x19, 0xE0, 0x6F, 0x0C, 0x93, 0x30, 0x90, 0x4C, 0x46, 0x49, 0x85, 0x51, 0x46, 0x8C, 0x4F, 0xAD, 0x26, 0x5E, 0x8C, 0x43, 0xD3, 0x73, 0xD4, 0x43 },
+    { 0x7E, 0x6E, 0xCA, 0x7A, 0xF5, 0xDA, 0xAF, 0x25, 0x01, 0xD1, 0x84, 0xFC, 0x21, 0x25, 0x53, 0x0B, 0xD2, 0xC2, 0x24, 0xEF, 0xD5, 0x24, 0x83, 0x1A, 0x14, 0x55, 0x58, 0xA2, 0xAC, 0xB6, 0x87, 0xDA },
+    { 0xDD, 0x47, 0x1B, 0x52, 0xC1, 0x97, 0x7E, 0xC0, 0xC2, 0x26, 0xCB, 0x12, 0xB2, 0x9E, 0x3D, 0xF5, 0x94, 0xF8, 0x8F, 0x5C, 0x4F, 0x94, 0x15, 0xE3, 0x79, 0xED, 0x14, 0xA2, 0x4A, 0xA4, 0xA5, 0x10 },
+    { 0x91, 0x96, 0x95, 0x5E, 0x5B, 0x4C, 0xF6, 0x45, 0x61, 0xA1, 0xAA, 0xFE, 0x92, 0x1A, 0xF2, 0x2A, 0x57, 0x2E, 0x06, 0x53, 0x99, 0xAF, 0x88, 0xC4, 0xA9, 0x37, 0xB5, 0xD1, 0xC3, 0xF4, 0x0A, 0xD5 },
+    { 0x76, 0xDE, 0x40, 0x86, 0x40, 0x5D, 0xE5, 0xB9, 0x06, 0xA5, 0xE6, 0x59, 0x1D, 0x2C, 0xB3, 0x85, 0xB2, 0xD6, 0x36, 0x3F, 0x7E, 0x9F, 0x65, 0xD1, 0x39, 0xD3, 0xF7, 0x85, 0x7A, 0xAB, 0x6E, 0x62 },
+    { 0x5A, 0x65, 0xB3, 0xED, 0x53, 0x14, 0x2E, 0xD4, 0xC8, 0x35, 0x4D, 0xAA, 0xDC, 0xEB, 0x29, 0x07, 0x21, 0x43, 0x82, 0xD8, 0xB1, 0x25, 0x8E, 0x6D, 0x2E, 0xE7, 0x9F, 0xDF, 0x35, 0xE1, 0x68, 0x31 },
+    { 0xB6, 0x62, 0x40, 0x61, 0x49, 0x1C, 0x48, 0xB6, 0x37, 0x04, 0xE3, 0x16, 0xED, 0x34, 0x9D, 0xD9, 0x0A, 0x93, 0x40, 0x92, 0x53, 0x01, 0xD6, 0xD6, 0xCE, 0x2E, 0xCA, 0x6E, 0x97, 0x58, 0x3A, 0xA8 },
+    { 0x91, 0x82, 0x6E, 0x7F, 0xEA, 0x9A, 0x9D, 0xFB, 0x6E, 0x24, 0x06, 0x9A, 0x6A, 0xC3, 0x0D, 0x10, 0xAA, 0x15, 0xC5, 0x53, 0x43, 0xE4, 0xE8, 0x5E, 0x04, 0xD1, 0x3F, 0x84, 0xFA, 0xF2, 0xB8, 0x8C },
+    { 0xE3, 0xD0, 0xF1, 0xAE, 0x5E, 0xD2, 0xA5, 0x4A, 0xD3, 0x31, 0x60, 0x4C, 0x91, 0x10, 0xFA, 0xAE, 0x90, 0x67, 0xC4, 0x57, 0x24, 0xB1, 0x6E, 0xE5, 0x7A, 0xFC, 0x67, 0xBC, 0xD2, 0xD6, 0xA9, 0x09 },
+    { 0x2C, 0xB8, 0xFF, 0x4F, 0xEB, 0x94, 0xF1, 0x98, 0xAC, 0xC0, 0xE3, 0x3E, 0xDD, 0x6F, 0xC0, 0xD2, 0x8B, 0x2C, 0x0C, 0xA6, 0x0E, 0xF5, 0x37, 0x24, 0xF5, 0x6E, 0x58, 0xC9, 0x5A, 0x0A, 0xAF, 0x0B },
+    { 0x9B, 0x35, 0xDF, 0x6B, 0x90, 0x37, 0x11, 0x08, 0xB9, 0x33, 0x4A, 0xE8, 0xD2, 0x32, 0x98, 0xD3, 0x5E, 0x1C, 0x02, 0x6F, 0x6F, 0xB2, 0x09, 0x65, 0xD4, 0xEB, 0xFB, 0xE9, 0xAF, 0x92, 0x05, 0xD1 },
+    { 0x87, 0x15, 0x5D, 0x2B, 0xC6, 0xD3, 0x8E, 0xB7, 0xE5, 0x3C, 0xD4, 0x9E, 0x23, 0xE0, 0x28, 0x86, 0x16, 0xCC, 0x39, 0x7A, 0xFD, 0x9C, 0xF8, 0xF7, 0xF3, 0x84, 0x5C, 0x21, 0xB8, 0x24, 0x5F, 0x22 },
+    { 0x9E, 0xB7, 0x82, 0x01, 0x0A, 0xA6, 0x9F, 0x4B, 0x92, 0x5D, 0xB4, 0xC7, 0x2F, 0x94, 0xC1, 0x22, 0x8B, 0xF7, 0x4D, 0xA2, 0x3D, 0x66, 0x99, 0xF5, 0x4F, 0xA6, 0x86, 0xA9, 0xCB, 0x11, 0xBD, 0x1C },
+    { 0x5D, 0xFE, 0xF9, 0xCA, 0x90, 0x90, 0xCD, 0x64, 0xE8, 0x08, 0x5F, 0x17, 0x5A, 0x5E, 0x0D, 0x13, 0x11, 0xE5, 0xCC, 0x9F, 0x8E, 0xCB, 0x8B, 0x76, 0x3F, 0x03, 0xAB, 0x5D, 0x85, 0x45, 0x70, 0x04 },
+    { 0xD5, 0x51, 0xC2, 0x41, 0xBD, 0x7C, 0xFD, 0x21, 0xC9, 0xFE, 0x5F, 0x4B, 0x30, 0x49, 0xB2, 0x7C, 0x8F, 0x3F, 0x63, 0x08, 0x88, 0x64, 0xCC, 0xFA, 0x08, 0xBE, 0x48, 0xDE, 0xEF, 0x71, 0x6F, 0x8C },
+    { 0x78, 0xB4, 0xB9, 0x49, 0x10, 0xB7, 0x1F, 0xDA, 0xCC, 0xE0, 0xD1, 0x59, 0x88, 0xE4, 0x62, 0x3B, 0xD3, 0x73, 0x3B, 0xCA, 0xFB, 0x13, 0x71, 0x93, 0x19, 0x28, 0x36, 0xCA, 0x4D, 0x3D, 0x80, 0x90 },
+    { 0x24, 0x23, 0xD1, 0x5F, 0x02, 0xCA, 0xB1, 0x42, 0xF7, 0x49, 0xA6, 0x6E, 0x65, 0x8C, 0x8C, 0x21, 0xBD, 0x37, 0xDC, 0x35, 0x32, 0xBF, 0x9A, 0x91, 0x9E, 0xAC, 0x93, 0x48, 0xB7, 0x7C, 0xD2, 0x19 },
+    { 0xD8, 0x5C, 0xA4, 0x66, 0x4C, 0xAA, 0x7D, 0xD8, 0x0B, 0x61, 0x9F, 0x33, 0xF4, 0xEE, 0xE6, 0x11, 0x80, 0x20, 0x1D, 0xEF, 0xFB, 0x5C, 0x2B, 0x63, 0xD6, 0x1A, 0x54, 0xF4, 0xF6, 0xFD, 0x7E, 0xE6 },
+    { 0xA3, 0xF8, 0xD1, 0xF8, 0xE1, 0x08, 0x6A, 0xF0, 0x3F, 0xA5, 0x96, 0x88, 0xD4, 0x37, 0xA8, 0xCA, 0x86, 0x48, 0x79, 0xD6, 0xC7, 0x1F, 0x87, 0xF0, 0x86, 0x10, 0xA7, 0x6A, 0x54, 0x9A, 0xDC, 0x26 },
+    { 0x1E, 0xF7, 0xDB, 0x0A, 0x22, 0x13, 0xE1, 0x03, 0x95, 0x48, 0xF5, 0xA6, 0xF5, 0xE9, 0xFF, 0x53, 0x14, 0x8A, 0x17, 0x5A, 0xFC, 0x5F, 0xF7, 0x90, 0x57, 0xB7, 0x5C, 0xB9, 0x34, 0xBD, 0x4C, 0x0D },
+    { 0x22, 0x79, 0x9E, 0xDB, 0xB3, 0x50, 0x55, 0x29, 0x39, 0xDD, 0x26, 0xCF, 0x75, 0xC4, 0xB4, 0x78, 0x99, 0xC5, 0x6B, 0xB1, 0x68, 0x35, 0x48, 0x0F, 0xBF, 0x44, 0xD2, 0xD1, 0xFF, 0x7A, 0x7E, 0xE2 },
+    { 0xFC, 0xE3, 0x05, 0x5C, 0xCD, 0x5D, 0x04, 0x46, 0x87, 0xA2, 0x41, 0xE8, 0x3D, 0xE9, 0x28, 0xC8, 0xC4, 0x88, 0x20, 0x39, 0xFB, 0xBD, 0x53, 0x32, 0x7C, 0x30, 0xC3, 0x79, 0x18, 0x84, 0x7D, 0x5F },
+    { 0x60, 0x49, 0x0A, 0x27, 0x11, 0x55, 0x57, 0x1F, 0x22, 0xA2, 0xA0, 0xFC, 0xA5, 0x55, 0xAF, 0x9C, 0x5E, 0xCF, 0x11, 0xC3, 0x78, 0x31, 0x76, 0xE3, 0x1A, 0xE9, 0x67, 0x39, 0x56, 0xF5, 0xB7, 0xA7 },
+    { 0xCD, 0xFB, 0x5F, 0x0D, 0x6C, 0x5D, 0x61, 0x1D, 0x7A, 0x15, 0x9B, 0x62, 0xB0, 0x6C, 0x4C, 0x68, 0x63, 0x1C, 0x1B, 0x9E, 0xD4, 0xD8, 0x7C, 0xFC, 0x66, 0xBE, 0x22, 0x38, 0x20, 0x27, 0x05, 0xF3 },
+    { 0xD4, 0x2A, 0x23, 0x96, 0x1F, 0xCB, 0x7C, 0x94, 0x87, 0x7B, 0xC6, 0xEF, 0xCA, 0xA5, 0xFE, 0xE4, 0xA7, 0x81, 0x44, 0x86, 0xD9, 0x9A, 0xF5, 0x73, 0xFE, 0x28, 0x79, 0x32, 0x0A, 0x97, 0x02, 0x9D },
+    { 0x35, 0x9C, 0x1E, 0xB9, 0x52, 0xFB, 0x8C, 0x37, 0x3F, 0x3F, 0x4D, 0xCB, 0x8E, 0xAD, 0x56, 0xFA, 0x17, 0x23, 0xFF, 0xED, 0xBB, 0xD2, 0x62, 0x77, 0x4C, 0x98, 0x4B, 0x1C, 0x8B, 0x32, 0x9F, 0xFE },
+    { 0xD5, 0x71, 0x77, 0xE5, 0x5B, 0x70, 0x9D, 0x38, 0x0B, 0x08, 0x00, 0xCE, 0x2F, 0x00, 0x0C, 0x37, 0xFF, 0xAB, 0x06, 0x20, 0x98, 0x7F, 0x2B, 0xBA, 0xBC, 0x65, 0x0A, 0x9D, 0x83, 0xC4, 0x98, 0x18 },
+    { 0xA5, 0xE1, 0x38, 0x99, 0x53, 0x01, 0x31, 0xA8, 0x57, 0x8A, 0x05, 0xAB, 0x7E, 0xCC, 0xB5, 0x21, 0x18, 0xEF, 0x93, 0xBD, 0xD8, 0x61, 0xBD, 0x5A, 0xFE, 0x9C, 0x4F, 0x23, 0xC2, 0x9C, 0x18, 0xDD },
+    { 0x88, 0xA0, 0xEB, 0x7F, 0xD4, 0xFE, 0xFC, 0x9B, 0x89, 0x14, 0x18, 0xA0, 0xBC, 0x62, 0xE7, 0xA2, 0x0A, 0x12, 0x05, 0x03, 0xAC, 0xB4, 0x78, 0x69, 0x3B, 0x21, 0x4D, 0xD5, 0x0C, 0xCB, 0xA9, 0x08 },
+    { 0xF5, 0x5F, 0x00, 0xEB, 0xB0, 0x91, 0xFD, 0x52, 0xAC, 0xDC, 0x68, 0x64, 0x35, 0xE5, 0xCA, 0x7A, 0xD7, 0x13, 0xCF, 0xDF, 0x83, 0x97, 0xD5, 0x0C, 0xA3, 0x62, 0x0F, 0xFA, 0xC4, 0xB1, 0xEB, 0xE5 },
+    { 0xDC, 0x6D, 0x16, 0xE8, 0x27, 0xF7, 0x81, 0xB3, 0x3D, 0xBA, 0xF2, 0x7B, 0x71, 0x8E, 0xBE, 0x4C, 0x43, 0x1D, 0xB5, 0x9D, 0x7F, 0xD7, 0x8B, 0xAA, 0xB3, 0xA8, 0x3F, 0x5D, 0xC3, 0x07, 0xA6, 0xC3 },
+    { 0x40, 0x07, 0xA6, 0x86, 0x26, 0xFD, 0x5B, 0x0F, 0xBC, 0xD8, 0x2B, 0x0D, 0x32, 0x63, 0xAB, 0x54, 0x36, 0x3A, 0xD2, 0xF7, 0x4D, 0x83, 0xDC, 0xC7, 0x21, 0xCB, 0xB7, 0xAD, 0xD7, 0x21, 0x03, 0x6E },
+    { 0xAB, 0xAE, 0x3D, 0x3A, 0x02, 0x42, 0x9D, 0x97, 0x25, 0x52, 0x9D, 0x38, 0x02, 0x6C, 0x45, 0x55, 0x20, 0x70, 0xDE, 0x29, 0x94, 0xAC, 0x9F, 0x9E, 0x50, 0xB6, 0x41, 0x62, 0x61, 0x57, 0xDB, 0x8F },
+    { 0xB2, 0xA5, 0x4B, 0x6C, 0x54, 0x49, 0xD6, 0x17, 0x84, 0x61, 0x96, 0x55, 0x77, 0x11, 0x44, 0xC1, 0x98, 0xCB, 0x36, 0x8A, 0x0D, 0x6B, 0x4B, 0x02, 0xF6, 0x38, 0x45, 0x5C, 0x4B, 0xF7, 0xD0, 0xFC },
+    { 0x26, 0x99, 0xCB, 0x65, 0x9A, 0x9E, 0xDA, 0xC2, 0xB9, 0x09, 0xB7, 0x15, 0xDA, 0x4E, 0xAC, 0x47, 0x9C, 0x9E, 0x10, 0x0B, 0x78, 0xD5, 0xFD, 0xE3, 0x32, 0xAB, 0x72, 0x32, 0x23, 0x78, 0x54, 0x6C },
+    { 0x88, 0x7A, 0x83, 0x23, 0x56, 0xDB, 0xB4, 0xF3, 0x73, 0x29, 0x18, 0x0C, 0x35, 0xCC, 0x88, 0xE2, 0xA7, 0x28, 0xAE, 0x95, 0xEA, 0x9B, 0x3D, 0x79, 0xB4, 0xF7, 0x7D, 0xE0, 0x9A, 0x8A, 0x50, 0x44 },
+    { 0x02, 0x8F, 0x34, 0x54, 0x51, 0x18, 0x7A, 0xF8, 0x68, 0x56, 0xB6, 0x8B, 0x39, 0x6D, 0x49, 0x24, 0xE9, 0xE8, 0x2B, 0x1E, 0xB6, 0xBF, 0x95, 0xF8, 0x2A, 0xFA, 0xEA, 0x39, 0xEE, 0xEE, 0x59, 0x09 },
+    { 0x69, 0x87, 0x41, 0x7C, 0xBD, 0xCC, 0x12, 0x88, 0x73, 0x05, 0x56, 0x9B, 0xD0, 0x7A, 0xB0, 0x7D, 0x48, 0x1D, 0xB6, 0xB9, 0x9A, 0xE1, 0x3F, 0xF9, 0x10, 0x77, 0xAD, 0xC1, 0x40, 0xCD, 0x4D, 0x39 },
+    { 0xEC, 0x17, 0xDC, 0x25, 0x62, 0x86, 0x0C, 0xF6, 0x5B, 0xD4, 0xAF, 0x7A, 0xDE, 0x88, 0x70, 0x4D, 0xF0, 0x59, 0xA5, 0x1E, 0xC5, 0xB6, 0xFD, 0xCF, 0x3B, 0x9C, 0x97, 0x08, 0x49, 0xA5, 0xF7, 0x65 },
+    { 0x26, 0x5F, 0x81, 0xAA, 0x3C, 0x67, 0x23, 0xB4, 0x15, 0x0D, 0x43, 0x30, 0x42, 0x1C, 0x33, 0x47, 0x91, 0xFB, 0xAE, 0xA8, 0x0F, 0x37, 0xDA, 0x0A, 0x64, 0x9A, 0xE3, 0x2E, 0xB3, 0x33, 0xDF, 0xBA },
+    { 0xF4, 0x8A, 0x61, 0x81, 0x4B, 0x60, 0xF0, 0x29, 0x4C, 0xA4, 0x8D, 0xD6, 0x26, 0x7C, 0x26, 0xBC, 0x40, 0x9E, 0x06, 0x71, 0x98, 0xE3, 0x78, 0x7A, 0x62, 0x15, 0xED, 0x54, 0xB1, 0xC4, 0x5B, 0x75 },
+    { 0xD5, 0xBA, 0xFE, 0xB1, 0xA1, 0xC2, 0x7C, 0xB3, 0x88, 0x0A, 0xA1, 0x52, 0x02, 0xA3, 0xC1, 0xF2, 0x0D, 0xC0, 0x52, 0x1A, 0x90, 0x1B, 0xD9, 0x7B, 0x4E, 0x43, 0x3B, 0x4E, 0x83, 0xA0, 0x4D, 0xC8 },
+    { 0x39, 0xA7, 0x19, 0xC2, 0xB6, 0xA6, 0x51, 0xFA, 0x75, 0x7B, 0xDB, 0xEA, 0x8E, 0xD8, 0x6E, 0xB3, 0x28, 0x6D, 0x0B, 0x1E, 0xE6, 0x4A, 0x54, 0x6D, 0x3C, 0xFC, 0x17, 0x07, 0x93, 0xD0, 0x20, 0x91 },
+    { 0xB6, 0xED, 0x8C, 0x03, 0x73, 0xD2, 0x3B, 0x03, 0x79, 0x60, 0x34, 0x11, 0x00, 0x6C, 0x4E, 0xF0, 0xD0, 0x04, 0xAD, 0xF8, 0x4C, 0xE5, 0x6E, 0x86, 0xBB, 0xF0, 0xEC, 0x59, 0x87, 0xD5, 0xB6, 0xD0 },
+    { 0x9F, 0x3E, 0xDE, 0x96, 0x02, 0x3A, 0x4E, 0x8B, 0x54, 0xA3, 0xA7, 0xE9, 0x26, 0xE1, 0xAD, 0x96, 0x91, 0xD4, 0xFA, 0x9B, 0x33, 0x9B, 0x94, 0xBE, 0xDC, 0xB2, 0xB6, 0x27, 0x4C, 0xD8, 0x63, 0x52 },
+    { 0xB5, 0xFD, 0x08, 0x4B, 0x19, 0xB8, 0x47, 0xD4, 0x99, 0x7F, 0x90, 0xE8, 0x1E, 0x52, 0x40, 0xA7, 0x5E, 0x89, 0x28, 0x42, 0x35, 0x7C, 0x54, 0xE8, 0x3F, 0xC5, 0x21, 0x3C, 0xCB, 0x76, 0x79, 0x49 },
+    { 0xCC, 0xA3, 0x83, 0x1C, 0xD0, 0x74, 0x66, 0xD9, 0x8F, 0x8B, 0x5A, 0xF9, 0x82, 0x42, 0x81, 0xDD, 0xAA, 0xBE, 0x7E, 0xC5, 0x37, 0x24, 0x05, 0xAA, 0x92, 0x30, 0xA5, 0x96, 0xAE, 0x62, 0x3C, 0xFC },
+    { 0x5E, 0xAB, 0x66, 0x9D, 0xE8, 0xE7, 0xAD, 0xF1, 0x99, 0x88, 0x4A, 0x41, 0x55, 0x0F, 0x50, 0xDF, 0x88, 0xCA, 0x23, 0x8E, 0x24, 0x7F, 0x14, 0xEC, 0x19, 0x82, 0x3A, 0x1B, 0x10, 0x72, 0x80, 0x3D },
+    { 0xC8, 0x8B, 0x10, 0x72, 0xE9, 0xDD, 0x02, 0xEB, 0x04, 0x51, 0x63, 0xA5, 0xF4, 0xC8, 0x62, 0xEE, 0x8A, 0xEB, 0xD4, 0xFF, 0xDF, 0x08, 0x10, 0xBA, 0x63, 0xF6, 0xDF, 0xEA, 0x9D, 0xD6, 0x8C, 0x12 },
+    { 0x14, 0x74, 0x77, 0xCB, 0xC1, 0x91, 0x7D, 0x3E, 0x64, 0x8E, 0x64, 0x3C, 0x1E, 0xA4, 0xC2, 0x02, 0x96, 0xA2, 0x11, 0xE3, 0x62, 0x82, 0x52, 0x76, 0xCC, 0xD4, 0xF9, 0xD4, 0xE1, 0x8A, 0x02, 0x43 },
+    { 0x62, 0x5C, 0x6D, 0xA8, 0x1A, 0xE9, 0x57, 0xC3, 0x98, 0x37, 0x33, 0x74, 0x14, 0x48, 0x13, 0x96, 0xFB, 0x08, 0x76, 0x05, 0xC9, 0x2B, 0x30, 0x12, 0x45, 0x16, 0xFC, 0xEF, 0x2E, 0x21, 0xDD, 0x5D },
+    { 0x34, 0x81, 0x8A, 0x8E, 0x40, 0x2E, 0x0F, 0x77, 0x4E, 0x14, 0x6F, 0xFD, 0x6F, 0xC0, 0x22, 0x04, 0x36, 0x6F, 0xD7, 0x96, 0x01, 0xF9, 0x40, 0xEC, 0x24, 0xA0, 0xB7, 0x41, 0xA4, 0x89, 0xBD, 0xAA },
+    { 0x1D, 0x82, 0x85, 0x93, 0x61, 0x73, 0x05, 0x4A, 0x3C, 0x26, 0x15, 0x8E, 0x59, 0xD8, 0x3A, 0xD1, 0x96, 0x63, 0xCA, 0x56, 0x25, 0x8C, 0x0C, 0xE0, 0xDC, 0xD7, 0x3A, 0x93, 0x28, 0xCE, 0xB6, 0x60 },
+    { 0x03, 0x36, 0x6F, 0xBA, 0x26, 0x12, 0x6D, 0x86, 0x03, 0x77, 0xA0, 0x99, 0xBD, 0x50, 0x74, 0x2D, 0x4E, 0xAF, 0x48, 0x07, 0x96, 0x0B, 0x95, 0x23, 0xBC, 0xD1, 0x92, 0x30, 0x35, 0xE2, 0xB2, 0xCE },
+    { 0xCA, 0x62, 0x9A, 0x9F, 0x9C, 0xC4, 0x2F, 0x3E, 0x5E, 0x87, 0x52, 0x1F, 0xDA, 0xD8, 0x8A, 0x27, 0x79, 0x44, 0x02, 0x7C, 0x4E, 0xA5, 0x30, 0xF1, 0x71, 0xC3, 0xA3, 0x35, 0x5D, 0x17, 0x23, 0x77 },
+    { 0x46, 0xCD, 0x1C, 0xFC, 0x20, 0x48, 0x28, 0x4D, 0xF0, 0x40, 0x22, 0x57, 0xFA, 0x5E, 0x9F, 0x50, 0xA6, 0x7C, 0x66, 0xD4, 0x62, 0xB5, 0xB0, 0x7A, 0xF0, 0xF1, 0x1D, 0x7F, 0x11, 0xCC, 0xFF, 0x5F },
+    { 0x9E, 0x98, 0x24, 0x3E, 0x13, 0x1B, 0x75, 0xA1, 0x58, 0xA9, 0x8F, 0x54, 0xF9, 0x74, 0x7B, 0x63, 0x4F, 0x31, 0xA2, 0xF4, 0x5F, 0xDD, 0x40, 0xB5, 0x83, 0x54, 0x5B, 0x86, 0x50, 0xB5, 0x53, 0x86 },
+    { 0x58, 0xE1, 0x4B, 0x92, 0x3D, 0xCE, 0x27, 0x13, 0x42, 0xA4, 0x7D, 0x4A, 0xE6, 0x93, 0xC6, 0xCD, 0x40, 0x57, 0xE2, 0x30, 0x24, 0x96, 0xA4, 0x4D, 0xBC, 0x26, 0x0A, 0x81, 0x1E, 0xF5, 0xCD, 0x4B },
+    { 0x81, 0xB0, 0x80, 0x49, 0x6B, 0x78, 0x96, 0x0E, 0xEB, 0xBF, 0xF7, 0x31, 0x8E, 0x30, 0x8C, 0xF8, 0x58, 0x88, 0x43, 0x12, 0x75, 0xD2, 0x67, 0xEA, 0x60, 0x34, 0xB1, 0x97, 0x0A, 0x0C, 0x42, 0x6F },
+    { 0xE0, 0x64, 0x62, 0x9C, 0xC3, 0xA5, 0x9C, 0xE4, 0x0D, 0xA5, 0x39, 0xDC, 0x34, 0x64, 0xE4, 0x24, 0x00, 0xC6, 0x3F, 0xB1, 0x99, 0x24, 0x4C, 0x56, 0xC6, 0x4A, 0x50, 0xA5, 0x25, 0x75, 0x46, 0xA3 },
+    { 0xAC, 0x5A, 0x9D, 0x15, 0xB7, 0x3E, 0x9A, 0x2D, 0xEF, 0x69, 0xA5, 0xAF, 0xF6, 0x73, 0x53, 0xC6, 0x9F, 0xA2, 0x7F, 0xA6, 0x62, 0x4B, 0x83, 0x1B, 0x9A, 0xC0, 0x49, 0xFF, 0x55, 0xDF, 0x8B, 0x24 },
+    { 0xA4, 0xF0, 0x03, 0x85, 0xCD, 0x93, 0x8F, 0x8F, 0x30, 0x84, 0x92, 0x3B, 0xA6, 0xAC, 0xC1, 0xF2, 0xB4, 0xBE, 0xDB, 0x11, 0x26, 0x7D, 0x28, 0x30, 0x71, 0x07, 0x9A, 0x8B, 0x45, 0x8C, 0xF7, 0x5F },
+    { 0x03, 0x23, 0xED, 0xE9, 0xBE, 0x1D, 0x1F, 0xFE, 0x61, 0x2B, 0x9A, 0xE4, 0xC8, 0x1E, 0x59, 0xB7, 0xE5, 0xB8, 0xB5, 0x35, 0xBB, 0x7B, 0x11, 0x14, 0x3A, 0x7C, 0xBE, 0x2E, 0x9C, 0xFF, 0x8A, 0x06 },
+    { 0x51, 0xC0, 0x7B, 0xE4, 0x52, 0xED, 0xFA, 0x41, 0x4D, 0x4B, 0xA1, 0x32, 0x39, 0x9D, 0x60, 0x12, 0x45, 0x80, 0xE1, 0xBD, 0xDB, 0xD4, 0xDB, 0xFE, 0xAE, 0x7B, 0x34, 0xC6, 0x03, 0xDA, 0x07, 0xAD },
+    { 0x39, 0x97, 0x7C, 0xD7, 0x80, 0xF5, 0x8D, 0x75, 0xDE, 0x7E, 0xDF, 0xAC, 0x2F, 0xF8, 0x55, 0xE8, 0xFC, 0x2D, 0x73, 0x42, 0xAF, 0x65, 0x8B, 0xC4, 0x7E, 0x13, 0x65, 0x19, 0x75, 0x55, 0xC6, 0x48 },
+    { 0x27, 0x2F, 0xCF, 0x98, 0x93, 0xE2, 0x30, 0x7D, 0xCE, 0x43, 0x38, 0xCB, 0x2C, 0x83, 0xCB, 0x0C, 0x8D, 0xB5, 0x4E, 0xB4, 0xE6, 0x8A, 0xBB, 0x0D, 0x34, 0x2D, 0x79, 0x36, 0xBD, 0xE4, 0xCC, 0x35 },
+    { 0x06, 0x50, 0xE9, 0x3C, 0x2B, 0xB4, 0xC4, 0x91, 0x7E, 0x21, 0xF3, 0xAB, 0xAA, 0xF3, 0x8C, 0x25, 0xE9, 0xA5, 0x38, 0x39, 0x18, 0x96, 0x01, 0xDE, 0x5A, 0x52, 0x59, 0x9F, 0x78, 0x0D, 0xA4, 0xE7 },
+    { 0x23, 0xDF, 0xAC, 0xBE, 0x90, 0x49, 0xCD, 0xB2, 0x0F, 0x10, 0x90, 0x36, 0x8C, 0xE7, 0xFD, 0xEB, 0x1A, 0xA5, 0x43, 0x0D, 0x31, 0x7A, 0x73, 0xA2, 0xDF, 0x5C, 0xFA, 0x3A, 0xCF, 0xD5, 0x8A, 0x35 },
+    { 0x3C, 0xE0, 0x06, 0xBC, 0xC5, 0xDD, 0xE7, 0xC7, 0x35, 0xAD, 0xA2, 0xA1, 0x6F, 0x80, 0xC1, 0xC2, 0x78, 0xEF, 0xFC, 0x7D, 0x63, 0xC4, 0xD4, 0xB8, 0x0D, 0x96, 0xF1, 0x79, 0xEF, 0xA6, 0xF9, 0xCE },
+    { 0x5B, 0x5C, 0x78, 0x5F, 0x9F, 0xEC, 0x70, 0xD8, 0x18, 0x52, 0xBE, 0x61, 0x4B, 0x23, 0x9F, 0x7A, 0x00, 0xDA, 0x85, 0xB1, 0x48, 0xC1, 0x85, 0x13, 0x20, 0x01, 0xFA, 0xC0, 0xDC, 0x77, 0xF3, 0x03 },
+    { 0xD1, 0xCA, 0x2A, 0x82, 0x10, 0x03, 0x61, 0xA3, 0xCD, 0xC3, 0xE0, 0xAA, 0xD9, 0xD4, 0x84, 0x56, 0xB8, 0x24, 0xEB, 0xC4, 0x3C, 0x34, 0xDD, 0xA6, 0x92, 0x77, 0x08, 0x11, 0x15, 0x4A, 0xCB, 0xA2 },
+    { 0xF8, 0x6D, 0xE9, 0x2A, 0x4C, 0xE8, 0x67, 0x80, 0x91, 0xB3, 0x33, 0xD7, 0x9E, 0x23, 0x6E, 0x43, 0xBB, 0x42, 0xFA, 0x5E, 0xDE, 0x1B, 0xE5, 0x71, 0xF6, 0x76, 0xCF, 0x0A, 0x54, 0x72, 0x59, 0x64 },
+    { 0x34, 0x0C, 0x28, 0x58, 0x60, 0x79, 0x13, 0x2F, 0xB3, 0xD4, 0x5F, 0x7A, 0x76, 0x55, 0x9F, 0xAE, 0xF6, 0x37, 0x6F, 0x5E, 0xC6, 0xB8, 0x8F, 0xC4, 0x16, 0xE5, 0x45, 0x63, 0xDA, 0x00, 0x23, 0x06 },
+    { 0xCA, 0x54, 0x31, 0x26, 0x16, 0xF8, 0x2A, 0x58, 0xE4, 0x98, 0x55, 0x76, 0xE3, 0x62, 0x1F, 0x3C, 0x43, 0x6E, 0x04, 0xAD, 0xCB, 0x9A, 0xA7, 0x41, 0xB4, 0x77, 0x84, 0xCB, 0x5B, 0x37, 0x56, 0xDF },
+    { 0xC1, 0x3E, 0x85, 0x96, 0x5B, 0x1F, 0xD2, 0x79, 0xA5, 0x7F, 0x4F, 0x6E, 0xCB, 0xFA, 0xA9, 0x12, 0xF7, 0x23, 0x25, 0x46, 0x4C, 0x75, 0x24, 0xF3, 0xB4, 0x07, 0x21, 0x6B, 0x7B, 0x60, 0x00, 0xB3 },
+    { 0xE5, 0xA0, 0xD5, 0x81, 0x91, 0x8F, 0xFC, 0x2C, 0x3C, 0x38, 0x42, 0xF3, 0xEF, 0xF5, 0xA1, 0x16, 0xA8, 0x6D, 0x9E, 0x42, 0x99, 0x10, 0xF4, 0x28, 0x4E, 0x21, 0x33, 0x85, 0xFC, 0x82, 0x63, 0x31 },
+    { 0x4D, 0x09, 0x4C, 0x60, 0x63, 0xE9, 0xE0, 0x41, 0xA8, 0x9A, 0xF7, 0x95, 0xE3, 0xBC, 0xAB, 0xFF, 0x98, 0x2C, 0xD0, 0x84, 0x29, 0x8E, 0xF6, 0x70, 0x08, 0xC8, 0xED, 0xF3, 0xF6, 0x03, 0x84, 0xAB },
+    { 0xD0, 0x89, 0xC2, 0xF3, 0x34, 0xDE, 0x3B, 0xC3, 0x5F, 0xFD, 0xF2, 0xA9, 0x14, 0xCF, 0x64, 0x16, 0x3F, 0x14, 0x45, 0x2F, 0xE4, 0xE7, 0x8D, 0x61, 0x48, 0xC1, 0xD4, 0xB4, 0x94, 0xEE, 0x8B, 0x42 },
+    { 0xC5, 0x5B, 0x31, 0x1E, 0x27, 0xBF, 0x04, 0x32, 0x4C, 0xDB, 0xF1, 0x47, 0x48, 0x7D, 0x4C, 0x7E, 0x05, 0x02, 0xEE, 0xD3, 0x71, 0x4D, 0x3B, 0x01, 0x2E, 0x03, 0x27, 0x41, 0x86, 0x46, 0xCA, 0x2A },
+    { 0xF2, 0x65, 0x10, 0xF6, 0x19, 0xD9, 0xB8, 0xA6, 0x73, 0x5A, 0xA1, 0xCB, 0xF9, 0xF1, 0xC5, 0xBE, 0x5C, 0x46, 0x6F, 0x91, 0xDF, 0x8B, 0x12, 0xAD, 0x1C, 0x74, 0x8E, 0xFA, 0x79, 0x37, 0x2E, 0x72 },
+    { 0x89, 0xFC, 0x0E, 0x4F, 0xE6, 0xDC, 0x9A, 0x31, 0x60, 0x6E, 0x51, 0x9A, 0x9B, 0xB8, 0x59, 0xB6, 0x51, 0x09, 0xF9, 0x2B, 0x15, 0x3B, 0xB7, 0xA5, 0x4E, 0x14, 0x4A, 0x31, 0x12, 0x20, 0x2E, 0xDE },
+    { 0xD4, 0x5D, 0x85, 0x7D, 0x10, 0xFB, 0x63, 0x0A, 0xF2, 0xDB, 0xBA, 0x3F, 0x05, 0xF4, 0x8B, 0x4F, 0xDC, 0x4F, 0xB2, 0x2B, 0x71, 0x63, 0xA5, 0xEE, 0xFA, 0x90, 0x83, 0x2C, 0xF4, 0xDD, 0x47, 0x28 },
+    { 0x40, 0x79, 0x67, 0x73, 0xBF, 0x7B, 0x5E, 0x6B, 0xF0, 0xF4, 0x19, 0x9F, 0x9B, 0x76, 0xDF, 0x9F, 0x31, 0xD3, 0xED, 0x69, 0x74, 0x48, 0xEC, 0x7D, 0x5B, 0x74, 0x80, 0xDD, 0x9D, 0xE4, 0x04, 0x4A },
+    { 0x31, 0x4E, 0x7F, 0x6D, 0x82, 0x24, 0xF3, 0xAF, 0x6B, 0x11, 0xEB, 0x38, 0xB3, 0x5A, 0x83, 0xFA, 0x5D, 0x56, 0x41, 0x35, 0xF7, 0xD3, 0x37, 0x9B, 0xA4, 0x46, 0xB3, 0x44, 0x4E, 0x90, 0x38, 0xF4 },
+    { 0x45, 0x82, 0xC6, 0x52, 0x62, 0xAE, 0xE5, 0xA8, 0x99, 0xE2, 0xBF, 0x6A, 0x70, 0x47, 0x28, 0xA9, 0x67, 0x47, 0xFE, 0x6D, 0x89, 0xF4, 0x47, 0x81, 0xEB, 0x32, 0x2A, 0xE2, 0x55, 0x37, 0x5E, 0xB1 },
+    { 0xFB, 0x38, 0x8B, 0x6B, 0x58, 0xBC, 0xEC, 0x05, 0x01, 0x8D, 0x3C, 0x03, 0xB4, 0xD5, 0xFC, 0x6B, 0xFD, 0x7C, 0x02, 0x74, 0x6A, 0xF1, 0x7C, 0x61, 0x0F, 0x3B, 0xA5, 0x99, 0xBF, 0x88, 0x57, 0xAF },
+    { 0x8A, 0x6D, 0xD0, 0x43, 0xFB, 0xDE, 0xE3, 0x18, 0x2A, 0xFA, 0xBD, 0x32, 0x69, 0x49, 0x74, 0x1B, 0x01, 0xD1, 0x80, 0xCB, 0xF2, 0xD3, 0x17, 0x50, 0xEB, 0xFA, 0x2D, 0xE8, 0xA0, 0x4F, 0x2C, 0x19 },
+    { 0xA7, 0x0A, 0xF4, 0xB4, 0x75, 0x6A, 0xE1, 0xF3, 0x9A, 0xD9, 0x3B, 0x95, 0xA0, 0x18, 0x35, 0x97, 0x1A, 0x18, 0xA4, 0xFE, 0xAE, 0xB7, 0x9A, 0x4E, 0x45, 0xFA, 0x73, 0xA7, 0x58, 0x1C, 0x1F, 0xA5 },
+    { 0x1D, 0x59, 0xE3, 0x38, 0x86, 0xFA, 0xA3, 0xCC, 0x8A, 0xD3, 0x20, 0x28, 0xC6, 0x11, 0xAD, 0x37, 0x59, 0x43, 0xA0, 0x9F, 0xAE, 0x45, 0xCD, 0xF8, 0xE5, 0x0E, 0xA6, 0x3F, 0xA7, 0xE7, 0x9A, 0xA3 },
+    { 0x8D, 0x50, 0x18, 0xF9, 0xCF, 0x0C, 0x7F, 0xA6, 0x64, 0x13, 0x2E, 0xDF, 0x4E, 0xE6, 0x65, 0xEA, 0x82, 0xE9, 0xA9, 0x07, 0xAE, 0x60, 0xF5, 0x9D, 0xEC, 0x28, 0xBC, 0x9A, 0x06, 0xB7, 0x43, 0xD7 },
+    { 0x3C, 0x01, 0xD6, 0x46, 0x48, 0xB2, 0x83, 0xF8, 0xEB, 0xD2, 0x7E, 0x4C, 0x08, 0x8B, 0x40, 0x2D, 0x9D, 0x0B, 0x6A, 0xAB, 0x7F, 0x60, 0xCC, 0x30, 0xF3, 0x4C, 0x58, 0x2F, 0x14, 0x2F, 0x03, 0x58 },
+    { 0xE6, 0x92, 0x1D, 0x0B, 0xCB, 0x8A, 0x22, 0x2B, 0x62, 0xA4, 0x5E, 0x03, 0xC7, 0x79, 0x15, 0x32, 0xE5, 0x58, 0x1A, 0xAC, 0x2F, 0x8E, 0x27, 0x4E, 0x5A, 0xC7, 0xFB, 0xB2, 0x35, 0x2A, 0x2D, 0x8B },
+    { 0xA9, 0xCD, 0x81, 0x26, 0x32, 0xEE, 0xAA, 0x2C, 0xAE, 0xAA, 0xDE, 0xCC, 0x21, 0x58, 0x50, 0x55, 0x98, 0x8D, 0xC1, 0xB1, 0x3F, 0x41, 0x19, 0x6B, 0x13, 0x62, 0x27, 0xE4, 0xB8, 0x3B, 0x26, 0xE7 },
+    { 0x72, 0x21, 0xC2, 0xFC, 0x55, 0xCF, 0xAA, 0x2F, 0x8D, 0x05, 0x92, 0xB7, 0x85, 0xB0, 0x84, 0x16, 0x6B, 0xA5, 0xDE, 0x6F, 0xC1, 0x50, 0x83, 0xE7, 0x09, 0x3E, 0x51, 0x89, 0x93, 0x14, 0x5E, 0xCA },
+    { 0x4F, 0x1A, 0x50, 0x67, 0x96, 0x01, 0xB4, 0x79, 0x03, 0x07, 0x9C, 0xFC, 0x52, 0xAF, 0x06, 0x90, 0xB5, 0x78, 0x3E, 0xBD, 0x6B, 0x27, 0xBB, 0xAC, 0x50, 0xDC, 0x9C, 0xC8, 0xDD, 0x6B, 0xF5, 0x84 },
+    { 0x37, 0xC7, 0xDD, 0x62, 0x76, 0xCA, 0xDC, 0x8C, 0x44, 0xDC, 0x37, 0xE5, 0xB8, 0x07, 0xF6, 0x65, 0x65, 0x11, 0x1D, 0xD6, 0x5B, 0xCC, 0xA8, 0x08, 0xD2, 0xEA, 0x78, 0x02, 0x44, 0xD4, 0x65, 0x15 },
+    { 0x1B, 0x71, 0x0B, 0xDB, 0xFB, 0x7E, 0x12, 0x79, 0x1E, 0x41, 0x1B, 0xCD, 0x1B, 0x30, 0xC7, 0x08, 0x8E, 0xFA, 0x97, 0xBF, 0x0D, 0xE7, 0x30, 0x6E, 0x9C, 0x2A, 0xC7, 0xC4, 0x18, 0xC0, 0xED, 0x1D },
+    { 0x7D, 0xB3, 0xE1, 0xEA, 0xEF, 0x9F, 0x49, 0x9D, 0x30, 0x91, 0x90, 0xEA, 0x9D, 0x15, 0xB7, 0xD0, 0xC3, 0xD1, 0x20, 0xCC, 0xF6, 0x1E, 0xE2, 0x43, 0xB7, 0xD2, 0x56, 0xA1, 0x91, 0x2A, 0xD5, 0xBA },
+    { 0xC3, 0xF7, 0x6C, 0x4D, 0x6F, 0xD1, 0x9E, 0x9A, 0x76, 0x8C, 0x14, 0xEF, 0xCD, 0x31, 0x23, 0x6A, 0xA6, 0xB0, 0x33, 0x71, 0x49, 0xFC, 0xCC, 0x5B, 0x29, 0xB3, 0xD9, 0x0C, 0x82, 0xBF, 0x90, 0x6A },
+    { 0x32, 0x79, 0x7F, 0x34, 0x46, 0xCA, 0xA8, 0x2E, 0xF0, 0x4D, 0x42, 0x66, 0x1D, 0xF7, 0xFE, 0x33, 0x81, 0x07, 0xCF, 0x6E, 0xED, 0x8D, 0x07, 0x0E, 0x71, 0x6F, 0xEF, 0x84, 0x94, 0x87, 0x17, 0x1A },
+    { 0x1F, 0xC4, 0x1D, 0xEA, 0x66, 0xE9, 0x38, 0x9C, 0x90, 0xC8, 0x5D, 0x95, 0x58, 0x80, 0x56, 0x0D, 0x33, 0x05, 0xB7, 0xC6, 0x05, 0xFE, 0x59, 0x5A, 0x68, 0x31, 0xC5, 0x66, 0x75, 0xFB, 0xB7, 0xC3 },
+    { 0xA5, 0x9E, 0x36, 0x90, 0x87, 0x34, 0x24, 0xCB, 0xDF, 0x88, 0xD2, 0x63, 0x5B, 0xC9, 0xA4, 0x60, 0xA6, 0x13, 0x1D, 0x0B, 0x0A, 0x52, 0x5B, 0xC4, 0xF5, 0x05, 0xBD, 0xBF, 0x40, 0xBD, 0xF6, 0x14 },
+    { 0x5C, 0xD1, 0x30, 0xD0, 0x12, 0x30, 0xF9, 0x6E, 0xDB, 0x16, 0xC1, 0x7E, 0xD6, 0x5A, 0x22, 0xF1, 0x81, 0xE4, 0x86, 0xBB, 0x30, 0x5F, 0xA3, 0x78, 0xFD, 0xD5, 0x0F, 0xCB, 0x90, 0x94, 0x13, 0xF5 },
+    { 0xF5, 0x5F, 0x72, 0x4C, 0xBE, 0xAB, 0x9C, 0xB0, 0x1F, 0x2B, 0x32, 0x29, 0xA6, 0xA4, 0x46, 0x12, 0x97, 0x7C, 0xCF, 0xC8, 0xA8, 0x21, 0x43, 0xAE, 0x03, 0x97, 0xB7, 0x28, 0xD2, 0x7A, 0xD1, 0x3E },
+    { 0xEC, 0x16, 0x92, 0xCD, 0x8A, 0x2C, 0x74, 0xBE, 0xE2, 0xDB, 0x32, 0x7D, 0xC7, 0x74, 0x9B, 0xF0, 0xBA, 0x81, 0xDF, 0x67, 0xB8, 0x42, 0x0C, 0x38, 0x87, 0x9D, 0xBD, 0xFE, 0xB2, 0x40, 0xFA, 0xD2 },
+    { 0xF5, 0x37, 0x78, 0x0C, 0xC9, 0x03, 0xA8, 0xDC, 0x14, 0xBD, 0xF4, 0x0E, 0x45, 0x22, 0x0C, 0xC7, 0xF7, 0xD9, 0x1F, 0x63, 0xDC, 0x40, 0x19, 0xBA, 0x6F, 0xAC, 0x01, 0x18, 0x31, 0xD2, 0x4C, 0x44 },
+    { 0x6C, 0xA6, 0x97, 0x60, 0x67, 0xCB, 0x1A, 0xD6, 0xA4, 0xDA, 0x89, 0xA7, 0x12, 0x65, 0xF7, 0x68, 0x90, 0x05, 0x4D, 0x94, 0xD7, 0xAD, 0x91, 0x10, 0xCD, 0xEB, 0x4C, 0x4F, 0xC5, 0xD5, 0x72, 0xEC },
+    { 0x88, 0x21, 0x55, 0xC1, 0x37, 0x81, 0xB9, 0xC6, 0xD4, 0xC9, 0xC9, 0x6A, 0xCF, 0x1B, 0xF4, 0xB6, 0xEF, 0xB0, 0x73, 0xDD, 0xC4, 0x8B, 0xA4, 0x76, 0xBA, 0x55, 0x67, 0x6F, 0x49, 0x0E, 0xCD, 0x77 },
+    { 0xBE, 0x84, 0xE6, 0x4C, 0x07, 0x88, 0xA8, 0xA0, 0x4D, 0x47, 0x1F, 0x44, 0x91, 0x0C, 0xBC, 0x20, 0xF5, 0x3E, 0x20, 0x35, 0x3A, 0x2B, 0xCC, 0x6C, 0x40, 0x3E, 0xFF, 0x80, 0xFC, 0x3D, 0x25, 0x79 },
+    { 0x4B, 0xF6, 0xA9, 0x2E, 0x75, 0x74, 0xD4, 0x66, 0xDC, 0x0F, 0x44, 0xD5, 0x94, 0x91, 0xAD, 0x96, 0x44, 0xF8, 0xFC, 0x7A, 0x15, 0x0C, 0x43, 0x35, 0x4B, 0x31, 0x4F, 0xE7, 0x35, 0x10, 0x01, 0xB3 },
+    { 0x00, 0x3C, 0x40, 0xA7, 0x88, 0xE4, 0x6F, 0x5A, 0x7C, 0xF3, 0xCC, 0x60, 0x61, 0x20, 0x03, 0x75, 0xD8, 0xC2, 0x86, 0x64, 0xB3, 0x7C, 0xE1, 0x8F, 0x44, 0x81, 0xA7, 0x9F, 0x53, 0xF0, 0xA5, 0xE1 },
+    { 0xA3, 0xCB, 0x7C, 0xB7, 0x00, 0xB4, 0xC7, 0x82, 0xE3, 0x1D, 0xA2, 0x57, 0xCD, 0xFD, 0x78, 0xFB, 0x5A, 0x58, 0x27, 0xC0, 0x10, 0xE7, 0x8C, 0x7F, 0xE4, 0x71, 0x32, 0xD0, 0x99, 0x95, 0x8D, 0xC2 },
+    { 0x60, 0x07, 0x15, 0xAE, 0x47, 0x8D, 0xB2, 0xA2, 0x9A, 0x9B, 0x2E, 0x96, 0x4B, 0xA3, 0xB3, 0xC0, 0x23, 0x93, 0x6B, 0xB4, 0x29, 0x9E, 0xE4, 0x15, 0x75, 0x83, 0x3C, 0x8C, 0x49, 0x76, 0xB5, 0x95 },
+    { 0xC9, 0x1A, 0xA1, 0xF5, 0x28, 0x72, 0x17, 0x11, 0x52, 0x9E, 0x95, 0xF7, 0x90, 0x70, 0x07, 0x8C, 0x25, 0xF4, 0x44, 0x88, 0x2F, 0x14, 0x9F, 0x58, 0xF8, 0xC1, 0x6B, 0xCF, 0x77, 0xFA, 0x1C, 0x98 },
+    { 0x18, 0x1F, 0x02, 0xED, 0x08, 0x7C, 0xDD, 0x6E, 0x00, 0xE6, 0x8E, 0x1B, 0x6E, 0xD9, 0x43, 0xA0, 0x96, 0x55, 0xDC, 0xC9, 0x22, 0x8F, 0xA9, 0xDD, 0xC1, 0x1F, 0xF6, 0x70, 0x83, 0x87, 0x55, 0x2E },
+    { 0xEA, 0x81, 0xEA, 0xA6, 0x91, 0x4C, 0x49, 0xB6, 0x59, 0xBB, 0x54, 0x5E, 0x36, 0x1E, 0xE8, 0x50, 0x15, 0x29, 0x12, 0xBF, 0x4D, 0xAA, 0xA5, 0x57, 0x41, 0xBE, 0x98, 0x4B, 0xE9, 0x2E, 0x40, 0x05 },
+    { 0xDB, 0x67, 0x03, 0xE8, 0xDF, 0x11, 0xDE, 0x31, 0x5D, 0xD2, 0x68, 0x69, 0xDF, 0xA8, 0x71, 0xF3, 0x8F, 0x25, 0x84, 0x62, 0xE3, 0x5D, 0xFB, 0x4D, 0xEE, 0xFB, 0xA4, 0x09, 0x73, 0xF5, 0x1D, 0xA6 },
+    { 0xCB, 0x78, 0x88, 0xE3, 0x01, 0xEB, 0x34, 0xBF, 0x1D, 0xC6, 0xFE, 0x1B, 0xCB, 0xFC, 0x45, 0x70, 0x19, 0x42, 0xD4, 0xB2, 0x4C, 0x0C, 0x77, 0x9C, 0x87, 0x65, 0xF6, 0x65, 0x5B, 0x77, 0x9C, 0x31 },
+    { 0xC8, 0x39, 0x57, 0x07, 0x8C, 0xF1, 0x4A, 0xF5, 0x5E, 0x65, 0x28, 0x9C, 0x8D, 0x37, 0x65, 0x15, 0xA6, 0x00, 0x88, 0x85, 0x34, 0x6D, 0xC0, 0xD1, 0x43, 0xDD, 0x05, 0x0D, 0x8F, 0x40, 0x0D, 0x9F },
+    { 0x71, 0xBD, 0x38, 0xBF, 0x18, 0xAE, 0x02, 0x59, 0xEA, 0x4B, 0x6C, 0x0D, 0xCE, 0x35, 0x67, 0x6F, 0x05, 0x80, 0x77, 0x24, 0xBF, 0xE5, 0x71, 0x5C, 0x1E, 0xA1, 0x16, 0x16, 0x55, 0xA5, 0x28, 0x6B },
+    { 0xBD, 0xA4, 0x2B, 0x99, 0x86, 0x9B, 0x12, 0x30, 0x21, 0xDC, 0x91, 0x87, 0x09, 0x32, 0x59, 0x49, 0xC6, 0x11, 0x91, 0x22, 0x51, 0x8A, 0x11, 0x29, 0x78, 0x85, 0x6B, 0x7D, 0xAC, 0x55, 0xAB, 0xC2 },
+    { 0x27, 0x38, 0xF1, 0x37, 0x4F, 0x16, 0xFF, 0xAE, 0x8B, 0xDE, 0xD4, 0xC4, 0x9C, 0x05, 0x32, 0x21, 0xAA, 0xC6, 0x39, 0xD6, 0x96, 0x71, 0x95, 0x98, 0xAE, 0xD8, 0xBC, 0x46, 0xAF, 0xF1, 0x2B, 0x53 },
+    { 0x1A, 0x92, 0x93, 0x1C, 0xD9, 0xCB, 0xE6, 0x0C, 0x34, 0x1F, 0xAC, 0xAB, 0x15, 0x79, 0xB2, 0x16, 0x24, 0x64, 0xFC, 0xFE, 0xF6, 0xA0, 0x63, 0x10, 0x57, 0xA6, 0x46, 0xDE, 0x94, 0x58, 0x82, 0xCE },
+    { 0x8B, 0x07, 0x9D, 0x8C, 0x63, 0xD5, 0x4B, 0xB0, 0x97, 0xB3, 0x08, 0x72, 0x3C, 0x86, 0xA5, 0x1D, 0xF6, 0xDC, 0x64, 0xCF, 0x46, 0x11, 0x08, 0x7F, 0xC4, 0x58, 0x5D, 0xC6, 0xE8, 0xFF, 0xE3, 0xE8 },
+    { 0x2F, 0xF0, 0xD2, 0xB3, 0xF4, 0x28, 0x02, 0xC6, 0x7E, 0x46, 0x27, 0x6B, 0x4B, 0x5E, 0x63, 0xF5, 0xE8, 0xE9, 0x64, 0xFA, 0xA4, 0x72, 0x01, 0xDD, 0xBA, 0x7A, 0x8E, 0xEE, 0xE3, 0xF1, 0x05, 0x03 },
+    { 0x7C, 0xDE, 0xF9, 0x2D, 0xB7, 0xB1, 0x9F, 0x90, 0xAD, 0xED, 0x25, 0xDD, 0x0D, 0x71, 0xB0, 0xC0, 0x72, 0xE6, 0x1D, 0x6A, 0x27, 0x4F, 0x54, 0x94, 0x06, 0xA3, 0xF6, 0x37, 0x81, 0x83, 0x96, 0xB4 },
+    { 0xEA, 0x78, 0x2A, 0xE7, 0xD1, 0x3B, 0x2A, 0x3E, 0x44, 0x33, 0xB7, 0xA3, 0xA5, 0x57, 0xCF, 0x39, 0x6D, 0x94, 0x5F, 0xFA, 0x6C, 0x4E, 0x81, 0x3D, 0x5C, 0x9E, 0xEA, 0x98, 0x1C, 0xCF, 0x70, 0xD5 },
+    { 0xBA, 0x2B, 0x01, 0x64, 0xA2, 0xB7, 0xD9, 0x48, 0x0E, 0x70, 0x8A, 0x6A, 0x89, 0xA5, 0x64, 0x2C, 0xE1, 0x5E, 0x9F, 0xFD, 0xCE, 0x96, 0x7E, 0xF1, 0xB9, 0x31, 0x73, 0x42, 0xB5, 0xBD, 0x20, 0xB8 },
+    { 0x75, 0x83, 0x97, 0x50, 0x0E, 0x35, 0x37, 0xCE, 0x8C, 0x8C, 0x8A, 0x42, 0x25, 0xCE, 0x39, 0xCA, 0x61, 0x6E, 0x00, 0x0F, 0x38, 0x0F, 0x99, 0xD5, 0xC7, 0xC9, 0x64, 0x77, 0xB1, 0x0E, 0xD6, 0xB6 },
+    { 0x60, 0x33, 0xE5, 0x14, 0xED, 0x62, 0x9D, 0x87, 0x3B, 0x14, 0x95, 0x55, 0x6E, 0x5E, 0x1C, 0xF3, 0x2A, 0x20, 0x6F, 0x17, 0x13, 0xEE, 0x82, 0x84, 0x6A, 0xAC, 0xB9, 0x45, 0x6A, 0x2D, 0xC7, 0x2B },
+    { 0x4B, 0x10, 0xF6, 0x2E, 0xA5, 0xEE, 0x03, 0x9A, 0x36, 0x35, 0xCA, 0xFB, 0x3C, 0xE4, 0x4E, 0xD1, 0x0A, 0x59, 0x7C, 0x2C, 0x43, 0xED, 0x84, 0x92, 0xEB, 0x2C, 0x14, 0xB5, 0x35, 0x52, 0x9F, 0x10 },
+    { 0x18, 0xA8, 0x38, 0x52, 0xA4, 0x08, 0x73, 0xB3, 0xC6, 0x6D, 0x01, 0x6A, 0x1C, 0xBF, 0x42, 0xB3, 0xAD, 0x48, 0x1D, 0xC8, 0xEE, 0xE9, 0x5B, 0x40, 0x47, 0xC4, 0x4B, 0x32, 0x67, 0x64, 0x36, 0x5A },
+    { 0x74, 0xE4, 0xAF, 0x82, 0xF0, 0xC8, 0xF8, 0xB5, 0x95, 0xBA, 0x4C, 0x19, 0x04, 0x0E, 0x46, 0x1F, 0xEE, 0x50, 0xEE, 0x7F, 0x89, 0xBD, 0x02, 0x71, 0x76, 0x1C, 0x40, 0x61, 0xD7, 0x91, 0xCB, 0x2E },
+    { 0xB3, 0x1D, 0x0F, 0x5F, 0x42, 0x03, 0xC8, 0xDC, 0xEA, 0x59, 0xF7, 0xF1, 0x91, 0x16, 0xCE, 0x57, 0xF4, 0xA8, 0x93, 0x19, 0xC6, 0x1F, 0x67, 0x5E, 0x38, 0xFE, 0xE3, 0x81, 0xE7, 0x5E, 0x3A, 0xB6 },
+    { 0xBE, 0x72, 0x9B, 0xA7, 0x5B, 0x4D, 0xC2, 0x90, 0xA5, 0x13, 0xC5, 0x49, 0x96, 0x9A, 0x65, 0xFF, 0x82, 0x91, 0xD2, 0xAD, 0xD6, 0x45, 0x41, 0x71, 0x28, 0x29, 0x9C, 0xE4, 0x29, 0xB7, 0x77, 0x87 },
+    { 0x99, 0x8F, 0x85, 0x08, 0x8A, 0x02, 0xC0, 0xAD, 0xE7, 0x83, 0x68, 0x21, 0x94, 0xAD, 0xF8, 0x99, 0x2D, 0x29, 0x26, 0x51, 0xC3, 0x82, 0x8D, 0xA6, 0x80, 0xA8, 0x23, 0x5A, 0x37, 0x87, 0x85, 0xCD },
+    { 0xE1, 0x31, 0xD7, 0xCC, 0x44, 0xFD, 0x53, 0xCB, 0x7A, 0x42, 0xA3, 0x56, 0x29, 0xDE, 0x62, 0xAD, 0x43, 0x82, 0x08, 0x00, 0xF7, 0x14, 0x49, 0xB7, 0x6D, 0x21, 0x00, 0x23, 0x0F, 0x1C, 0x15, 0xCB },
+    { 0x15, 0x53, 0x4B, 0xA5, 0xCE, 0xDC, 0xFC, 0xCC, 0xDB, 0xFB, 0xCD, 0x09, 0xAE, 0x9D, 0xC1, 0x83, 0xA4, 0xB5, 0x0E, 0x8C, 0x24, 0x94, 0x39, 0xC7, 0x41, 0x15, 0xCF, 0x59, 0x82, 0xE0, 0xD4, 0x19 },
+    { 0x1E, 0x66, 0x2E, 0x1C, 0x35, 0x15, 0x53, 0x3E, 0x58, 0x7B, 0x87, 0xC8, 0x95, 0x86, 0xC8, 0x8F, 0x69, 0xBB, 0x05, 0x6F, 0x6C, 0xC8, 0x4C, 0xE1, 0x93, 0x8B, 0x5B, 0xB1, 0x86, 0x38, 0x40, 0xD7 },
+    { 0x2E, 0x47, 0xE1, 0x6C, 0xCF, 0x6E, 0x6C, 0x01, 0xBB, 0xB1, 0x91, 0xEB, 0x7D, 0x70, 0x5F, 0xF6, 0x60, 0x66, 0x05, 0x9D, 0x97, 0x1B, 0x67, 0x17, 0x61, 0x71, 0x41, 0x1D, 0x72, 0x5F, 0x59, 0xEE },
+    { 0x72, 0x2E, 0xB9, 0xAC, 0x0D, 0xBD, 0x5A, 0x0C, 0xDC, 0xB2, 0xB7, 0x14, 0x03, 0x1F, 0xEB, 0xA5, 0xF7, 0xDB, 0x4F, 0x06, 0x3E, 0xB8, 0x7F, 0xD2, 0x25, 0x6B, 0xB4, 0x7D, 0xF0, 0xFD, 0xBD, 0xDC },
+    { 0xA4, 0xBB, 0x46, 0xA7, 0x2A, 0x3A, 0xC7, 0x2C, 0xA8, 0x03, 0xF4, 0x55, 0x0F, 0x20, 0xCB, 0x48, 0x61, 0xA9, 0x75, 0x69, 0x7B, 0xA8, 0x7A, 0x3E, 0xCA, 0x86, 0x6B, 0x3D, 0xF4, 0x59, 0xFE, 0x5C },
+    { 0x0D, 0xA7, 0x6E, 0x6D, 0x92, 0x9D, 0x86, 0xBB, 0x71, 0x4B, 0x89, 0x69, 0xC7, 0x52, 0xEB, 0x0B, 0x6B, 0x7F, 0x63, 0x87, 0x9B, 0x0D, 0x68, 0x45, 0x8D, 0x8B, 0xE1, 0xE7, 0x2E, 0xB3, 0x80, 0x59 },
+    { 0x2B, 0xB6, 0x5D, 0xD6, 0xAF, 0x5E, 0x9A, 0x00, 0x12, 0x01, 0x76, 0x81, 0x3C, 0x1E, 0x3C, 0xD3, 0x22, 0x79, 0x9E, 0xA9, 0x7F, 0x2D, 0xA5, 0x49, 0x00, 0xE2, 0xC5, 0x4D, 0x03, 0x60, 0x00, 0xA4 },
+    { 0xB9, 0xEB, 0xA7, 0x4F, 0x87, 0x63, 0x8F, 0x09, 0x93, 0x2B, 0xA1, 0xB1, 0xEB, 0xC8, 0x5D, 0x15, 0x28, 0x3E, 0x2E, 0xA6, 0xD9, 0x21, 0x2A, 0x6D, 0x3A, 0x59, 0x52, 0x3E, 0x2E, 0xFD, 0xF7, 0x35 },
+    { 0xD2, 0x43, 0x06, 0xF5, 0x97, 0x05, 0xF4, 0xA9, 0x69, 0x53, 0xCF, 0x39, 0xEB, 0xD2, 0x8D, 0xB5, 0xA8, 0x7B, 0xF3, 0x69, 0x9A, 0x7F, 0xCF, 0x3C, 0x3B, 0x46, 0xFB, 0xE7, 0x15, 0x48, 0x9F, 0x9B },
+    { 0xBF, 0x1B, 0x86, 0x6D, 0xA3, 0x3E, 0x53, 0x68, 0xC5, 0x31, 0x4C, 0xB7, 0xAF, 0x2D, 0x24, 0x14, 0xB2, 0xB4, 0x36, 0xFE, 0xDA, 0x3B, 0x8E, 0x89, 0xD9, 0x63, 0x9F, 0x06, 0xAA, 0xCD, 0x34, 0x73 },
+    { 0x25, 0x28, 0xAA, 0xBA, 0x38, 0x73, 0xCE, 0x29, 0x3D, 0x25, 0xA3, 0x68, 0xED, 0x93, 0x28, 0xAA, 0x47, 0xF8, 0x90, 0x04, 0x8B, 0x8B, 0x5D, 0xDE, 0xE3, 0x1F, 0xA0, 0x92, 0x56, 0x49, 0x2D, 0xD4 },
+    { 0x52, 0x15, 0x11, 0x57, 0xBA, 0x28, 0xEB, 0x98, 0x2D, 0xA7, 0x68, 0x39, 0xCF, 0x4F, 0xFC, 0xD6, 0x90, 0x98, 0xD0, 0x6C, 0x1A, 0x26, 0xAA, 0xDB, 0x89, 0x31, 0x7E, 0x76, 0x3C, 0x8D, 0xD8, 0x49 },
+    { 0x96, 0xCC, 0x86, 0x2A, 0x1C, 0xFD, 0xFE, 0x93, 0xCA, 0xA7, 0xFD, 0x5A, 0x39, 0xE6, 0x2F, 0xFB, 0xDB, 0x9C, 0xF6, 0xDF, 0x9D, 0xA3, 0x37, 0x58, 0xBF, 0x96, 0x9C, 0x18, 0xF7, 0x75, 0xAE, 0x84 },
+    { 0xEB, 0xE7, 0x0D, 0x78, 0x87, 0x86, 0xF3, 0x5E, 0xFD, 0xD0, 0x2C, 0x51, 0xB5, 0xA4, 0x01, 0x19, 0xEC, 0xA6, 0x1D, 0xDF, 0xD1, 0xED, 0x49, 0x17, 0x36, 0xB8, 0x8C, 0x64, 0x1E, 0xC8, 0x7E, 0x24 },
+    { 0xB9, 0xFC, 0x14, 0x78, 0xA9, 0x4C, 0x14, 0x74, 0x6A, 0x26, 0xCB, 0x0D, 0xA4, 0x90, 0x7E, 0xBF, 0xED, 0x63, 0x06, 0xC1, 0x58, 0xB2, 0x43, 0x81, 0xE8, 0x4C, 0xB7, 0xC7, 0x9E, 0xF8, 0xFC, 0x55 },
+    { 0x4C, 0xA4, 0x8B, 0x2B, 0x9A, 0xD8, 0x6F, 0xB8, 0x7E, 0xDD, 0xDC, 0x9A, 0x2E, 0xA7, 0xE9, 0xBD, 0xB9, 0xBC, 0xFD, 0x51, 0x8B, 0xC6, 0x48, 0x8D, 0xD6, 0xB4, 0xE1, 0x7C, 0x1B, 0xC2, 0x54, 0xC2 },
+    { 0xCF, 0x24, 0xDD, 0xFF, 0xCF, 0x07, 0x64, 0xE3, 0xFA, 0x8F, 0xCA, 0x36, 0x72, 0xF6, 0xEA, 0x9F, 0x5B, 0x18, 0xA2, 0x00, 0x63, 0x33, 0x22, 0x67, 0x80, 0x61, 0x7D, 0x12, 0x0D, 0x12, 0x28, 0x21 },
+    { 0x14, 0x4C, 0x4E, 0x5B, 0x3F, 0xD9, 0x2E, 0x05, 0x33, 0x47, 0x3E, 0xEB, 0xD7, 0xD5, 0xF4, 0x21, 0x4E, 0x47, 0x88, 0x2B, 0x80, 0x60, 0x0E, 0xE5, 0xEA, 0x39, 0xFB, 0x86, 0x0B, 0x8A, 0xD2, 0x0D },
+    { 0xAB, 0x62, 0x6B, 0xBA, 0x73, 0x48, 0x74, 0x25, 0x6C, 0x60, 0xE2, 0xDA, 0xEC, 0xEB, 0x18, 0x3F, 0xFA, 0xA1, 0x35, 0x08, 0x01, 0xBF, 0xFC, 0xF5, 0xC4, 0xDF, 0x8E, 0x57, 0x5F, 0x72, 0x4B, 0x90 },
+    { 0x92, 0xC5, 0x42, 0xBC, 0x62, 0xC4, 0xB5, 0x55, 0x08, 0xBB, 0x96, 0x87, 0x75, 0xEA, 0xEB, 0x29, 0xFD, 0x40, 0x69, 0xE9, 0x2D, 0xCB, 0xBF, 0x1B, 0xFE, 0xCD, 0xA5, 0x45, 0xA0, 0x33, 0x08, 0x2E },
+    { 0x27, 0x8B, 0xAD, 0xA0, 0x74, 0x29, 0x44, 0xDC, 0xFE, 0x8B, 0xA9, 0x88, 0xD6, 0xB4, 0xFB, 0x80, 0xA0, 0x3D, 0x53, 0xFC, 0xCE, 0xFA, 0x0A, 0x8B, 0x4E, 0x33, 0xC6, 0x14, 0x5E, 0x25, 0xA8, 0x8B },
+    { 0x90, 0x1F, 0x67, 0xE6, 0x35, 0x76, 0x8D, 0x7A, 0x57, 0xAC, 0x92, 0xAC, 0xFB, 0x58, 0xD2, 0x4A, 0xD2, 0x43, 0x4C, 0x97, 0xEC, 0xA4, 0xDC, 0x2A, 0x7F, 0xBF, 0x23, 0xD0, 0x78, 0x54, 0x86, 0x87 },
+    { 0x03, 0x32, 0x15, 0x85, 0x16, 0xC9, 0x1B, 0xFD, 0x75, 0xDF, 0x30, 0x42, 0x46, 0x4D, 0xB6, 0xF7, 0x56, 0xD3, 0xBF, 0x4D, 0x65, 0xF3, 0x96, 0xDD, 0xD4, 0x39, 0x0E, 0x62, 0x9B, 0x01, 0x9E, 0x8F },
+    { 0x8F, 0xDE, 0x76, 0x45, 0xB2, 0xA5, 0xF2, 0x6D, 0x6B, 0x63, 0xDF, 0xE0, 0x14, 0x6E, 0x0A, 0xF1, 0x86, 0xEB, 0x35, 0xC4, 0xCD, 0x11, 0x2E, 0x96, 0xD8, 0x9D, 0xAA, 0x65, 0x12, 0xE1, 0x3C, 0xDD },
+    { 0x4E, 0x31, 0x93, 0xCB, 0x00, 0xC9, 0x64, 0x2F, 0x21, 0xA0, 0xA9, 0x80, 0x87, 0xA5, 0xF3, 0x12, 0x77, 0xFB, 0x4B, 0x4B, 0x9C, 0xF3, 0xA9, 0x55, 0xE8, 0xE5, 0x7F, 0x45, 0xF5, 0x9E, 0x8B, 0x1A },
+    { 0x4F, 0x44, 0x57, 0x6E, 0x20, 0x3B, 0x73, 0x80, 0xF4, 0xF0, 0x99, 0x4D, 0xC8, 0xDA, 0x3B, 0x52, 0xD6, 0x17, 0xC0, 0x49, 0x62, 0xF9, 0x43, 0x41, 0x07, 0x15, 0x54, 0xC7, 0x4F, 0x35, 0xFD, 0xF3 },
+    { 0x2C, 0xF8, 0x69, 0x7B, 0xCF, 0x35, 0xC8, 0x0C, 0x6F, 0x96, 0xC4, 0xB4, 0xCA, 0xCF, 0x3F, 0xB0, 0x59, 0xCA, 0x46, 0x41, 0x14, 0xE9, 0x82, 0xF2, 0x81, 0x82, 0x8E, 0x78, 0x10, 0x04, 0x95, 0x7C },
+    { 0x93, 0x31, 0xC1, 0x30, 0xE9, 0x13, 0xB2, 0x88, 0xB1, 0x0D, 0x73, 0x15, 0x4E, 0xDE, 0xA0, 0xFF, 0x97, 0x27, 0xC8, 0xEA, 0x77, 0xD3, 0x9B, 0xE9, 0x16, 0x47, 0x15, 0xAA, 0x69, 0x04, 0x83, 0xD5 },
+    { 0xF8, 0xF8, 0x7C, 0xAB, 0xFF, 0x80, 0x30, 0xDA, 0x55, 0x95, 0x3C, 0x58, 0xA0, 0x18, 0x43, 0xB8, 0xEB, 0xFF, 0x2E, 0xF2, 0x62, 0xF5, 0x01, 0xA0, 0x77, 0xE2, 0x0E, 0x67, 0x05, 0xF6, 0xE8, 0x04 },
+    { 0x29, 0x8C, 0xD0, 0xB2, 0x42, 0x89, 0xF9, 0x5E, 0xD7, 0xEF, 0x49, 0x31, 0x2A, 0xAE, 0xEF, 0x9A, 0xE5, 0x9D, 0xC7, 0x93, 0xF5, 0x89, 0xAB, 0xA7, 0x06, 0x38, 0x41, 0x74, 0x8C, 0xEC, 0x43, 0x1D },
+    { 0x60, 0x89, 0xA4, 0xBB, 0xE4, 0xD1, 0x5B, 0xBC, 0x8D, 0x6B, 0x2E, 0xA5, 0x69, 0x18, 0x73, 0xCD, 0xA6, 0x7F, 0x7E, 0xD2, 0xF0, 0xB9, 0xB1, 0xFB, 0xB0, 0xC0, 0x5D, 0xD4, 0xAD, 0xFC, 0x41, 0xA5 },
+    { 0xD1, 0x72, 0x07, 0x9E, 0xF7, 0x1F, 0x7E, 0xBD, 0x34, 0xFE, 0xD9, 0x61, 0x71, 0x39, 0x67, 0x82, 0x3B, 0xDD, 0x17, 0xCA, 0x55, 0xED, 0x37, 0xF4, 0xEF, 0xB0, 0xAF, 0xC0, 0x9D, 0x46, 0x5A, 0xB4 },
+    { 0xA6, 0x63, 0x70, 0x1D, 0xB1, 0xEC, 0xE3, 0xD5, 0x03, 0x61, 0xAD, 0x78, 0xF7, 0x37, 0x9A, 0xE3, 0xC8, 0xD1, 0xC1, 0xA3, 0x6F, 0x76, 0x36, 0x92, 0x58, 0xA8, 0x69, 0x9B, 0x64, 0x61, 0x2B, 0x98 },
+    { 0x07, 0xC1, 0xA0, 0x97, 0x8D, 0x7E, 0x6D, 0xE4, 0x36, 0xDD, 0xD8, 0xAF, 0x6E, 0xD7, 0x70, 0xDC, 0xDE, 0xEB, 0x1D, 0x50, 0x91, 0xEF, 0xCF, 0x54, 0xE2, 0x6F, 0x0A, 0x77, 0xD1, 0x65, 0xE9, 0xF3 },
+    { 0x74, 0x7A, 0x10, 0xDB, 0xA1, 0x03, 0x5D, 0x5D, 0xA7, 0x5A, 0x1C, 0xA2, 0x3E, 0x43, 0x41, 0xCA, 0xBC, 0x27, 0x5B, 0xF6, 0xFA, 0x36, 0x31, 0x47, 0x91, 0x47, 0xA6, 0x37, 0x34, 0xF9, 0x05, 0x7F },
+    { 0x07, 0xED, 0x8F, 0x05, 0x30, 0x15, 0x64, 0xE9, 0x21, 0xCA, 0x41, 0x39, 0xE6, 0x18, 0xCB, 0x55, 0x41, 0xA8, 0x42, 0xFB, 0xE4, 0x35, 0xAB, 0x4D, 0x94, 0x52, 0x2D, 0xA8, 0xDC, 0x3F, 0x2F, 0x01 },
+    { 0xDC, 0xF1, 0xD5, 0x34, 0x79, 0x0D, 0x3E, 0x06, 0xAE, 0x0B, 0x99, 0xE9, 0x2E, 0x83, 0x76, 0x9E, 0x0D, 0x32, 0xD8, 0x22, 0xB4, 0x3A, 0x88, 0x17, 0x92, 0xF8, 0x3A, 0xDE, 0xAA, 0xD7, 0xB5, 0x18 },
+    { 0xB9, 0xDA, 0x49, 0x2B, 0xF4, 0xEC, 0xA3, 0x4B, 0x3A, 0xFA, 0xB1, 0xB4, 0x86, 0xB5, 0xC5, 0x38, 0xCB, 0xC4, 0x01, 0xC5, 0x69, 0xAB, 0xE9, 0x82, 0x99, 0xC0, 0x29, 0xE3, 0x4D, 0xFF, 0x9C, 0x6C },
+    { 0x41, 0x2B, 0x10, 0x65, 0x6D, 0xF0, 0x76, 0x4C, 0x87, 0x7C, 0x2A, 0xC8, 0x80, 0x37, 0xB9, 0x15, 0x9B, 0x52, 0xE2, 0x96, 0x0E, 0x91, 0x14, 0x3B, 0x97, 0x9D, 0x2A, 0x40, 0x3A, 0xC7, 0xC6, 0xB1 },
+    { 0xF9, 0x8B, 0xBC, 0xBA, 0x2E, 0x27, 0x38, 0xDE, 0x90, 0x9F, 0xB6, 0x67, 0x25, 0xF9, 0x31, 0x7B, 0xA6, 0x31, 0xF8, 0x03, 0x01, 0x73, 0x6A, 0x10, 0x4F, 0xE7, 0xCC, 0x1F, 0x5F, 0xEC, 0x73, 0xD8 },
+    { 0x28, 0x49, 0xE8, 0x11, 0xEE, 0x81, 0x63, 0x33, 0x13, 0x41, 0xBC, 0x45, 0x04, 0x30, 0xE5, 0x80, 0x0A, 0x6E, 0xB9, 0x9F, 0x7C, 0x5D, 0x0E, 0xC9, 0xE3, 0xF9, 0x5C, 0x08, 0xA9, 0x54, 0xF0, 0x2C },
+    { 0x6E, 0x77, 0x6F, 0xD1, 0xF1, 0x68, 0xCA, 0x2D, 0xE5, 0x67, 0x74, 0xA7, 0x0D, 0x4D, 0xD6, 0xAD, 0x6C, 0x8C, 0x7D, 0x85, 0xC1, 0xB9, 0x7A, 0x31, 0xC0, 0xDA, 0x79, 0x97, 0xE4, 0x96, 0x6A, 0x6E },
+    { 0x5A, 0x25, 0x19, 0xEF, 0x40, 0xF3, 0x4F, 0x89, 0x51, 0x19, 0xBC, 0x29, 0xE2, 0x91, 0x3F, 0x23, 0xF0, 0x54, 0x4E, 0xE4, 0x14, 0x3C, 0x32, 0x5B, 0x07, 0xC7, 0x42, 0x7D, 0xC2, 0x3D, 0xCA, 0xE8 },
+    { 0x32, 0xF2, 0xF1, 0xD8, 0x10, 0x9C, 0xB2, 0xA1, 0x32, 0xA1, 0xAD, 0x85, 0xA5, 0x7B, 0xF8, 0x15, 0x16, 0x25, 0xD2, 0x84, 0x33, 0x3C, 0x77, 0x74, 0x4A, 0xD7, 0xDD, 0x95, 0x6B, 0x51, 0x03, 0x88 },
+    { 0x98, 0x63, 0x49, 0x9E, 0xB1, 0x66, 0xDF, 0x82, 0x2B, 0x10, 0x44, 0xFA, 0x7A, 0x07, 0x44, 0xAB, 0xF9, 0x80, 0xA1, 0xE2, 0xF9, 0xA1, 0x1F, 0x37, 0xF3, 0x25, 0xA7, 0xB1, 0x5D, 0xFE, 0x70, 0x72 },
+    { 0x30, 0x91, 0x5C, 0x5F, 0x3D, 0xC5, 0xA1, 0xA5, 0xAB, 0x64, 0xAD, 0x30, 0xA3, 0xCD, 0xE7, 0x82, 0x57, 0x58, 0x4F, 0x05, 0x90, 0x37, 0x0A, 0xC7, 0xD2, 0xAC, 0x5E, 0x46, 0xD1, 0x45, 0xDC, 0xD6 },
+    { 0xA6, 0x56, 0x45, 0xBE, 0xE0, 0xCC, 0x3E, 0x53, 0xE4, 0xA5, 0x21, 0xE4, 0xA2, 0x99, 0x6C, 0x31, 0x81, 0xBC, 0x4C, 0x07, 0x2C, 0x24, 0x68, 0x76, 0x16, 0x7C, 0x84, 0x4B, 0xA9, 0x31, 0x54, 0x2D },
+    { 0x96, 0x6F, 0xB1, 0xDC, 0x30, 0x56, 0x41, 0x8C, 0x90, 0xF5, 0x5E, 0x46, 0xB8, 0x29, 0xBF, 0x1A, 0x8E, 0xAA, 0x93, 0x57, 0xE0, 0x3E, 0xE9, 0x54, 0xD7, 0x5A, 0x02, 0x43, 0xDE, 0x8A, 0x15, 0x1C },
+    { 0x10, 0x4D, 0xA9, 0xE4, 0x5A, 0x9A, 0x04, 0x4F, 0xA8, 0x92, 0x35, 0x77, 0x10, 0x0E, 0x40, 0x95, 0xA6, 0x1E, 0xFF, 0xDC, 0x77, 0xB3, 0x1B, 0x82, 0x90, 0x2F, 0x29, 0xCA, 0x8E, 0x41, 0xAF, 0xE7 },
+    { 0xAB, 0x3F, 0x18, 0xF0, 0x3D, 0x04, 0xB6, 0xD9, 0xC7, 0x39, 0x7E, 0x41, 0x72, 0x73, 0x92, 0xE6, 0xAE, 0x50, 0xF3, 0x8F, 0xEE, 0xE0, 0x22, 0x91, 0x04, 0x5B, 0x77, 0x54, 0xD3, 0xC0, 0x04, 0xB8 },
+    { 0x52, 0x48, 0x87, 0x9A, 0xEA, 0xD5, 0xD9, 0x82, 0x3D, 0x3B, 0xCF, 0xE9, 0x8F, 0x19, 0xE8, 0xA5, 0x87, 0x17, 0xEA, 0xC7, 0x32, 0xA1, 0x4A, 0xA0, 0x1B, 0x28, 0x9A, 0xD3, 0x1C, 0x9D, 0xAA, 0x8D },
+    { 0x79, 0xD1, 0xC3, 0x33, 0x83, 0x02, 0xDC, 0xBB, 0x9A, 0x59, 0xD8, 0x69, 0xA2, 0x57, 0x04, 0x1D, 0x27, 0x48, 0xB4, 0xA5, 0x8C, 0x73, 0x43, 0x56, 0x81, 0x4C, 0x96, 0x28, 0x36, 0x92, 0xB2, 0x1D },
+    { 0xDD, 0x41, 0x39, 0xF9, 0x2E, 0xD9, 0xEA, 0xB7, 0xD0, 0x74, 0x6C, 0x49, 0xA6, 0xF9, 0x5F, 0x5B, 0x17, 0xC4, 0x44, 0xF5, 0x1A, 0x76, 0x97, 0xB0, 0x56, 0xA1, 0xEC, 0x6E, 0x54, 0x22, 0x8A, 0x72 },
+    { 0x4C, 0xDA, 0xF8, 0xD2, 0xD0, 0xEC, 0xD1, 0x04, 0x5E, 0x49, 0x64, 0x71, 0xE2, 0x2A, 0x25, 0x90, 0xA9, 0x49, 0x83, 0xC6, 0xCF, 0x32, 0x73, 0xCD, 0x88, 0xBF, 0x80, 0xCC, 0xEB, 0x86, 0xA6, 0x33 },
+    { 0x93, 0x9E, 0xD9, 0x9C, 0x58, 0xE0, 0x64, 0x70, 0xAE, 0xBA, 0x78, 0xEF, 0xD3, 0x9B, 0x04, 0xDD, 0x1A, 0x5B, 0xE8, 0x03, 0xAC, 0x21, 0x59, 0xC0, 0xA0, 0x18, 0xE4, 0x05, 0xCB, 0x13, 0xE9, 0xB7 },
+    { 0x83, 0xB6, 0xBF, 0x71, 0xCD, 0x42, 0x31, 0x77, 0x57, 0x10, 0xBB, 0xED, 0x0D, 0x80, 0x8D, 0xE6, 0x73, 0x2C, 0xDD, 0xD6, 0x4D, 0x51, 0x08, 0xB0, 0x2A, 0x1B, 0x0E, 0x80, 0xCC, 0x61, 0x8E, 0xBD },
+    { 0x3C, 0x14, 0x0C, 0x6E, 0xB5, 0x25, 0x3B, 0xD4, 0xEF, 0xF1, 0x9F, 0xBF, 0xCD, 0xC8, 0xA2, 0xBA, 0x5C, 0x49, 0x96, 0xF9, 0xAC, 0x7B, 0xB5, 0x5E, 0xB3, 0x2A, 0x10, 0xF4, 0x5F, 0x67, 0xAD, 0x32 },
+    { 0xDF, 0x5D, 0x47, 0xDC, 0xB0, 0x39, 0x3E, 0xD4, 0x3C, 0xA7, 0x7C, 0xBF, 0x8D, 0xE1, 0x62, 0x94, 0xD7, 0x15, 0x40, 0xFA, 0xD5, 0x9B, 0x84, 0x03, 0x9D, 0x5B, 0xD2, 0x62, 0x33, 0x5B, 0x7B, 0xB6 },
+    { 0x09, 0xBD, 0xBF, 0xF3, 0x0B, 0xC6, 0x58, 0x09, 0x6D, 0xB3, 0x53, 0xC3, 0x80, 0x16, 0xC4, 0x83, 0x37, 0x6B, 0x72, 0x26, 0x84, 0xDE, 0x43, 0xF0, 0x60, 0x0D, 0xC4, 0xD8, 0xD7, 0xEA, 0x47, 0x9F },
+    { 0xFB, 0x81, 0x2E, 0x6D, 0xCF, 0xB0, 0xAF, 0x15, 0x2D, 0x13, 0x8B, 0xCB, 0x27, 0x4C, 0x1A, 0x4D, 0xA6, 0x26, 0x87, 0x0D, 0x1A, 0x95, 0xC7, 0x2B, 0xB7, 0xD9, 0xCF, 0xA6, 0x26, 0x55, 0x89, 0x5F },
+    { 0x9B, 0x19, 0xF2, 0x4F, 0xCD, 0x8C, 0xD5, 0xE8, 0x36, 0x52, 0xF0, 0xB5, 0x0B, 0xDB, 0x9B, 0x8A, 0x70, 0x08, 0x57, 0x44, 0xE3, 0xBC, 0x48, 0xB2, 0x03, 0xD1, 0x88, 0xE3, 0x1F, 0x66, 0x47, 0x88 },
+    { 0xD9, 0xB9, 0x91, 0x7F, 0x57, 0x2E, 0xEC, 0xFB, 0xE8, 0x6B, 0x9B, 0x8A, 0x62, 0x6B, 0xEE, 0x8E, 0x78, 0xAB, 0x22, 0x9D, 0x38, 0xD5, 0x50, 0xC3, 0xB1, 0xFC, 0x65, 0x83, 0x0B, 0xA4, 0x81, 0xCC },
+    { 0x7A, 0xC3, 0x24, 0x74, 0xC9, 0xC4, 0x86, 0x87, 0x0A, 0xA9, 0x6B, 0x6A, 0x8E, 0x23, 0x34, 0x2B, 0x9B, 0x32, 0xC4, 0xB2, 0x4F, 0xF6, 0xA8, 0xAA, 0x28, 0xAB, 0xB2, 0xB6, 0xE3, 0x60, 0xCC, 0xFB },
+    { 0x3A, 0x58, 0xF2, 0xFD, 0xD7, 0xF6, 0x5E, 0x53, 0xB0, 0x67, 0xBA, 0x21, 0xA8, 0x95, 0x9A, 0x5D, 0x5C, 0x8A, 0x87, 0xE5, 0x65, 0xE1, 0x43, 0x24, 0xED, 0xA8, 0x78, 0xD6, 0xDF, 0xA8, 0x44, 0xA7 },
+    { 0x83, 0x8E, 0x63, 0x3C, 0xAA, 0xD4, 0x84, 0x8F, 0x4C, 0xDD, 0xF4, 0xCF, 0x4B, 0x13, 0xC0, 0x2F, 0x51, 0xBB, 0x20, 0xB8, 0x80, 0x00, 0x82, 0xB5, 0xBB, 0x61, 0x82, 0xC9, 0x56, 0x84, 0x37, 0x93 },
+    { 0xA6, 0x2B, 0x1F, 0x26, 0x30, 0x9F, 0xD5, 0x69, 0x0E, 0x74, 0x80, 0xCE, 0x4F, 0x73, 0x54, 0x41, 0x37, 0x45, 0x3B, 0x65, 0xB7, 0x98, 0x8F, 0x89, 0x42, 0xF3, 0x58, 0x68, 0x4B, 0xA2, 0xBD, 0x00 },
+    { 0x4B, 0x23, 0xBD, 0xD6, 0x13, 0x7E, 0x71, 0x3F, 0xB6, 0xB7, 0xA6, 0xB4, 0x1D, 0xE3, 0xF8, 0x4D, 0xD5, 0xFF, 0x9E, 0x8F, 0xD5, 0xFF, 0xA4, 0x2E, 0x08, 0x7D, 0xCA, 0x68, 0x42, 0x51, 0xDC, 0xBB },
+    { 0x31, 0x29, 0x40, 0x55, 0x42, 0x9B, 0xD5, 0x15, 0xB5, 0xD0, 0x3B, 0xA2, 0x1A, 0x6D, 0xD4, 0xBF, 0xB2, 0xFD, 0xC1, 0xB6, 0x87, 0xF7, 0x6A, 0xBA, 0x26, 0x22, 0x4D, 0x57, 0x0C, 0x68, 0x2D, 0xBA },
+    { 0x8D, 0x56, 0x1F, 0x71, 0x1F, 0xDF, 0x4A, 0x47, 0xF2, 0x95, 0x20, 0x7F, 0x4B, 0x1C, 0x06, 0x5A, 0x20, 0x52, 0xF6, 0x7A, 0xE0, 0x0D, 0xD7, 0xC6, 0x08, 0x2E, 0xA7, 0x38, 0xF5, 0xD0, 0x5F, 0x46 },
+    { 0xBF, 0xE2, 0x1C, 0xF8, 0x2A, 0x36, 0x29, 0xB8, 0x44, 0xD8, 0x6A, 0x55, 0x27, 0x0F, 0x0D, 0x0C, 0x05, 0xE1, 0xED, 0xD9, 0x4F, 0x41, 0xF5, 0x59, 0x52, 0xBC, 0x6E, 0xC8, 0xC8, 0xD1, 0xFE, 0x7E },
+    { 0x0F, 0x6E, 0xEF, 0xA1, 0xAB, 0x35, 0xA1, 0x6F, 0x68, 0x5C, 0x7F, 0x55, 0xBB, 0x21, 0xB7, 0x1E, 0x94, 0x77, 0x85, 0x29, 0x8A, 0x68, 0xE8, 0x44, 0xA4, 0x88, 0x32, 0xB9, 0xAD, 0x61, 0xDB, 0x24 },
+    { 0x10, 0x2B, 0x4D, 0x9A, 0x10, 0xE9, 0x91, 0x00, 0xB6, 0xFF, 0x47, 0x02, 0x6B, 0xFD, 0x97, 0xAF, 0x02, 0x25, 0xC7, 0xF4, 0xEB, 0xF4, 0x3A, 0xCD, 0xDD, 0x02, 0xDB, 0x83, 0x18, 0x31, 0xBC, 0xB2 },
+    { 0xA2, 0x16, 0xEF, 0x79, 0x8F, 0xDB, 0xB8, 0x95, 0xE0, 0xB4, 0x81, 0x5D, 0xB6, 0xC5, 0x23, 0x03, 0x85, 0x7F, 0xF1, 0x2C, 0x3E, 0xA6, 0xDD, 0x57, 0x98, 0x68, 0x38, 0x77, 0x10, 0x7C, 0x5F, 0x27 },
+    { 0xCA, 0x8C, 0x06, 0x7D, 0x13, 0x6D, 0x74, 0x44, 0x33, 0x44, 0x7C, 0xF3, 0xE9, 0x3E, 0x3D, 0xA1, 0x66, 0x3F, 0xA4, 0x41, 0x5D, 0xB8, 0xEF, 0xF8, 0x83, 0x37, 0x12, 0x85, 0x52, 0xC2, 0xD1, 0x2E },
+    { 0x16, 0x1C, 0x1B, 0x01, 0xCF, 0x17, 0xBB, 0x7C, 0x0B, 0xDA, 0xE1, 0x93, 0x20, 0x2C, 0x63, 0xCE, 0x65, 0xAE, 0x65, 0x28, 0x0E, 0xF4, 0xB7, 0x03, 0xB6, 0x32, 0x21, 0x5B, 0x3E, 0xDE, 0x83, 0x72 },
+    { 0xDB, 0x08, 0xDE, 0x97, 0xB4, 0x40, 0x74, 0x57, 0x34, 0x22, 0xE9, 0x08, 0x15, 0x31, 0x6D, 0x77, 0x35, 0x57, 0xF2, 0x06, 0xD8, 0x74, 0x58, 0x93, 0x94, 0xD9, 0xAB, 0xA9, 0x75, 0xF9, 0x04, 0x64 },
+    { 0x69, 0x13, 0x38, 0xEC, 0x05, 0x25, 0xA0, 0xC3, 0xC8, 0x0E, 0x80, 0x16, 0x95, 0xAD, 0x1B, 0x96, 0x09, 0xE1, 0x2D, 0xAC, 0x22, 0x2C, 0xE6, 0x7C, 0xDB, 0xC5, 0x07, 0x9F, 0xCF, 0xB8, 0xF0, 0x7B },
+    { 0x15, 0xC6, 0x38, 0xE6, 0x56, 0xD3, 0x11, 0xCE, 0xC1, 0x14, 0xAE, 0xCD, 0xEC, 0x20, 0xB4, 0xD6, 0x1F, 0x9F, 0x8C, 0xE4, 0xA6, 0x37, 0x7B, 0x9D, 0xE9, 0x81, 0x64, 0xF6, 0xD4, 0xD7, 0xBC, 0xC4 },
+    { 0xB1, 0x80, 0x49, 0x82, 0x71, 0x2D, 0x94, 0xF9, 0xE3, 0x0A, 0x06, 0x4C, 0x1C, 0xBE, 0x69, 0x1E, 0xD6, 0x6E, 0xFD, 0x98, 0x47, 0x9F, 0x37, 0x22, 0xE0, 0x11, 0x9D, 0xB1, 0x7E, 0x78, 0x17, 0xB4 },
+    { 0x99, 0x8C, 0x91, 0x57, 0x6B, 0x32, 0x40, 0x0F, 0xC1, 0x5E, 0x7C, 0x71, 0xAC, 0x17, 0x29, 0x8C, 0x24, 0xB5, 0xA8, 0x34, 0x94, 0xB4, 0x68, 0x98, 0x54, 0x3C, 0x7E, 0xCE, 0x90, 0x70, 0x68, 0x4C },
+    { 0x27, 0xED, 0x5F, 0x49, 0x50, 0x7B, 0xB0, 0xDF, 0x1F, 0xD5, 0xA0, 0x80, 0x2F, 0xFC, 0xF4, 0x15, 0xA5, 0x01, 0x72, 0xB0, 0xB9, 0x76, 0x02, 0x72, 0xE4, 0xFD, 0x29, 0x35, 0xC2, 0xC9, 0x39, 0x18 },
+    { 0x3B, 0xD6, 0xD9, 0x4B, 0xC4, 0xDC, 0x4A, 0x9E, 0x85, 0xB5, 0xC8, 0xF1, 0x72, 0x10, 0x92, 0xCE, 0x7E, 0x3B, 0x3B, 0xA3, 0xDF, 0x2C, 0x2F, 0x19, 0x42, 0xAB, 0x41, 0x23, 0x56, 0x9B, 0x2A, 0x40 },
+    { 0xA8, 0xD9, 0x7C, 0x2B, 0xB8, 0x45, 0x52, 0x7F, 0xF1, 0x84, 0xDE, 0x12, 0xF3, 0xB2, 0x65, 0xD7, 0x74, 0xA8, 0x35, 0x3E, 0x16, 0xEB, 0x60, 0xF4, 0xFC, 0xA3, 0x86, 0x2B, 0xE9, 0x87, 0x53, 0x6A },
+    { 0x41, 0x32, 0xDC, 0xE2, 0x10, 0x57, 0x04, 0xC9, 0x71, 0x38, 0x73, 0x1E, 0x82, 0xD9, 0xF3, 0x49, 0xB9, 0xF9, 0xD0, 0xDA, 0xC5, 0xEA, 0xC3, 0xDA, 0x9B, 0xEA, 0x9C, 0x45, 0xC4, 0x98, 0xE7, 0x54 },
+    { 0xAA, 0x25, 0xD7, 0x85, 0x78, 0x3A, 0x39, 0xE5, 0x88, 0xE6, 0xE4, 0xD9, 0x09, 0x34, 0x78, 0x0C, 0x88, 0xD2, 0x99, 0xD4, 0x3D, 0x67, 0x1E, 0xC0, 0xFE, 0xBB, 0x3B, 0xA6, 0x9A, 0xF4, 0x92, 0x2D },
+    { 0xC4, 0xAA, 0x56, 0x76, 0xC1, 0x7D, 0x30, 0xBA, 0x35, 0x37, 0x8F, 0x03, 0x91, 0xE9, 0xE5, 0xA1, 0xEB, 0xFC, 0xA8, 0x03, 0xE2, 0x6A, 0x76, 0xF7, 0xD6, 0x5E, 0x50, 0xF2, 0x64, 0x57, 0x41, 0x1B },
+    { 0xA2, 0xAE, 0xB7, 0x41, 0xD0, 0xD9, 0xD6, 0x21, 0x59, 0x18, 0x7A, 0x05, 0x2E, 0xBB, 0xBB, 0xCF, 0x7D, 0xD6, 0xC6, 0x87, 0x87, 0xDD, 0x39, 0xD0, 0x64, 0xF2, 0xA1, 0xE8, 0x3C, 0xFE, 0x87, 0xEF },
+    { 0xFA, 0xAE, 0xE8, 0xDD, 0x0C, 0x53, 0x92, 0xC9, 0x0C, 0xE4, 0x5C, 0x4F, 0x41, 0xE5, 0x0C, 0xAE, 0x6B, 0x78, 0xFE, 0x91, 0xD4, 0x2C, 0xF4, 0x07, 0xB0, 0xCA, 0x4D, 0x6F, 0x50, 0x87, 0xA5, 0xB5 },
+    { 0x6C, 0x3B, 0xE8, 0xB6, 0x55, 0x71, 0x0A, 0x7B, 0xEF, 0x08, 0x73, 0x68, 0x06, 0x3B, 0x11, 0x3F, 0x6F, 0xF3, 0x3A, 0xBB, 0x02, 0x5D, 0xEA, 0x8B, 0xB1, 0x43, 0x1B, 0xB4, 0x72, 0x4D, 0x6A, 0x2C },
+    { 0x36, 0x07, 0xE8, 0x69, 0x66, 0x98, 0x8E, 0x87, 0x9C, 0x7A, 0x70, 0x76, 0x75, 0x7C, 0x93, 0x20, 0xF7, 0x93, 0x3F, 0x96, 0xC1, 0x80, 0x90, 0xF2, 0x2C, 0x54, 0xAA, 0x65, 0x9C, 0xEA, 0xAB, 0xAD },
+    { 0xB2, 0x7F, 0xEA, 0x26, 0x17, 0x16, 0x63, 0x58, 0x8D, 0xC3, 0x61, 0x9A, 0x4B, 0x36, 0x2A, 0x38, 0x96, 0x77, 0xFA, 0x1B, 0x28, 0x0F, 0x93, 0xD0, 0x12, 0xC2, 0x1A, 0x55, 0xF7, 0x2F, 0x60, 0xD1 },
+    { 0x00, 0x51, 0xF1, 0x55, 0x1E, 0x6F, 0x30, 0x8D, 0x4B, 0xEE, 0xA7, 0xA0, 0x39, 0x73, 0xE6, 0xB9, 0x56, 0xF2, 0x8A, 0xC6, 0x57, 0xEF, 0x85, 0x2F, 0xF1, 0x7A, 0xB3, 0xC9, 0x27, 0x99, 0xEC, 0xAD },
+    { 0x7C, 0x9C, 0x80, 0x8F, 0x6E, 0x4A, 0x12, 0xF4, 0x13, 0xAD, 0x52, 0xE8, 0xAF, 0x77, 0x24, 0xD8, 0xF5, 0x9B, 0xF5, 0xE6, 0x62, 0xD6, 0xF6, 0xC8, 0x50, 0x8F, 0x93, 0xA0, 0x5C, 0x74, 0x23, 0xE5 },
+    { 0xF5, 0x50, 0xEC, 0x9B, 0xAC, 0x06, 0x3B, 0x87, 0x67, 0xB8, 0xA2, 0xEA, 0xDD, 0xDB, 0x4B, 0xE4, 0xC7, 0xF1, 0x06, 0xAE, 0xDE, 0x97, 0xFC, 0x53, 0x1F, 0x6D, 0x83, 0x74, 0xC2, 0x03, 0x27, 0x9B },
+    { 0xB4, 0x46, 0x3D, 0x5B, 0x7C, 0xBC, 0xFD, 0x19, 0xBC, 0xA5, 0x74, 0x32, 0xB0, 0x1F, 0xA7, 0xD9, 0x80, 0x8E, 0x7E, 0xD2, 0x08, 0x37, 0xF2, 0xAD, 0x73, 0x26, 0x86, 0x86, 0xD2, 0x66, 0x73, 0xB3 },
+    { 0x0A, 0xD5, 0x02, 0x63, 0xC4, 0x5B, 0xE8, 0x58, 0x99, 0x90, 0xDB, 0x8A, 0xEA, 0x8A, 0x41, 0x9F, 0xF9, 0x05, 0x72, 0xB3, 0x32, 0x42, 0x49, 0xEA, 0x20, 0x16, 0x89, 0xA2, 0x01, 0x56, 0x45, 0xC3 },
+    { 0xB1, 0x7D, 0x30, 0xB7, 0xCE, 0x5A, 0x37, 0xBE, 0x9D, 0x01, 0xC6, 0x50, 0x97, 0xBA, 0x63, 0x3E, 0x95, 0xD6, 0x48, 0x00, 0xBA, 0x8B, 0xA7, 0x9F, 0x69, 0x31, 0xF0, 0xF7, 0x9B, 0x07, 0x0F, 0xDD },
+    { 0xDC, 0x4C, 0xD7, 0x19, 0x8F, 0xBE, 0xBB, 0xEA, 0x5E, 0xC7, 0xE4, 0x60, 0xF7, 0xF6, 0xE1, 0xE5, 0x61, 0x15, 0x3C, 0x57, 0x6C, 0xAD, 0x8A, 0x33, 0x6B, 0xF9, 0x99, 0xFA, 0xD6, 0xC3, 0xE6, 0x4A },
+    { 0xE0, 0x6A, 0x33, 0x02, 0x58, 0xE4, 0x39, 0x26, 0x41, 0x1D, 0xB6, 0x27, 0xBE, 0x62, 0x4E, 0xF2, 0x91, 0x91, 0x44, 0xB7, 0xA3, 0x4B, 0x72, 0x07, 0x55, 0x39, 0xBE, 0x4E, 0x35, 0xDC, 0x36, 0xEC },
+    { 0x21, 0x24, 0x05, 0x2C, 0xCA, 0x1E, 0x81, 0xEF, 0x39, 0xC7, 0x6F, 0x56, 0x23, 0xE8, 0x75, 0x67, 0x0C, 0x9C, 0x1C, 0x7A, 0x38, 0x91, 0xE5, 0xA7, 0xDF, 0x64, 0x57, 0x8C, 0x5A, 0xB4, 0x24, 0x37 },
+    { 0x6E, 0xE0, 0x35, 0x7A, 0xE3, 0xC7, 0x1A, 0x3C, 0x79, 0xE3, 0x60, 0xE3, 0xA4, 0xF0, 0xC2, 0x31, 0x01, 0xBF, 0x10, 0x42, 0xB1, 0xCE, 0xDA, 0xC6, 0x44, 0x99, 0x6F, 0xCD, 0x26, 0x08, 0x7F, 0xF9 },
+    { 0x75, 0xB5, 0x0D, 0x34, 0xD8, 0xD3, 0x49, 0x04, 0xED, 0x49, 0xCE, 0x12, 0x1A, 0x5A, 0xC5, 0x41, 0xA4, 0xB4, 0x86, 0x98, 0x49, 0x57, 0xD0, 0x20, 0x4B, 0xA2, 0x16, 0xDF, 0x49, 0xB2, 0xA0, 0xB9 },
+    { 0xAF, 0xFE, 0xF6, 0xFE, 0xC7, 0xA0, 0x39, 0xE8, 0x55, 0x2B, 0xF5, 0x0C, 0xC4, 0xB2, 0x55, 0x27, 0x7F, 0x47, 0xBE, 0xEB, 0x5B, 0x7F, 0x01, 0xDE, 0x95, 0x51, 0x66, 0xB4, 0x19, 0x2F, 0x40, 0xE6 },
+    { 0xFE, 0xD8, 0x44, 0xBF, 0x7B, 0x45, 0x40, 0xB9, 0x60, 0x03, 0x37, 0x4D, 0x23, 0xF3, 0x27, 0x6D, 0x25, 0xB7, 0xAA, 0xBC, 0x3C, 0xF2, 0x1B, 0xB6, 0x21, 0x9B, 0xB4, 0x14, 0x50, 0x30, 0xD7, 0x70 },
+    { 0xF1, 0x4A, 0x1E, 0xCD, 0xBD, 0x04, 0x47, 0xCE, 0x7D, 0x5A, 0x2D, 0xFE, 0xEC, 0x7C, 0xB2, 0x14, 0x9A, 0x72, 0xAD, 0x2A, 0xE5, 0x40, 0x0B, 0xD1, 0x42, 0x57, 0x01, 0xCE, 0x5A, 0x48, 0xF8, 0x6D },
+    { 0xBD, 0x42, 0xBE, 0x49, 0x52, 0x38, 0xA0, 0x00, 0x88, 0x69, 0x2F, 0x65, 0xE4, 0x7D, 0xD9, 0xE2, 0xB8, 0x22, 0xAA, 0x86, 0x16, 0xEA, 0xD1, 0x17, 0x99, 0xF6, 0x0E, 0x62, 0x87, 0x04, 0x2A, 0xA9 },
+    { 0xB7, 0xCD, 0x36, 0xE6, 0x75, 0x8B, 0x5F, 0xE1, 0x6B, 0xFE, 0xDF, 0x6D, 0xF7, 0xF4, 0xFF, 0xFC, 0xBF, 0x76, 0x51, 0x39, 0xE7, 0xCD, 0x05, 0x68, 0x09, 0x26, 0xEF, 0xCA, 0xC3, 0xD2, 0x3E, 0x27 },
+    { 0x2F, 0xC5, 0x59, 0x4E, 0x86, 0x5C, 0x68, 0xD5, 0xEB, 0xD2, 0x73, 0x42, 0xB8, 0x9D, 0x43, 0xA9, 0x1B, 0x08, 0x1C, 0x6B, 0x47, 0x06, 0x6F, 0xC9, 0x49, 0xB2, 0x48, 0xE6, 0x04, 0x46, 0x9B, 0xF3 },
+    { 0x7C, 0x8E, 0x9D, 0xED, 0x13, 0x97, 0x76, 0xE3, 0x8F, 0x4C, 0x3E, 0x35, 0x70, 0x75, 0x5B, 0x55, 0x5D, 0x34, 0x9F, 0xEC, 0xB5, 0x9F, 0x4E, 0x46, 0xB8, 0x6F, 0x45, 0xF2, 0xF2, 0x39, 0x47, 0x98 },
+    { 0xE2, 0x18, 0x85, 0x63, 0x54, 0xA2, 0x62, 0x86, 0xC6, 0xA6, 0xCE, 0x14, 0x54, 0x00, 0x7A, 0xDC, 0x7E, 0x3C, 0x7C, 0x18, 0xA0, 0xFB, 0xDB, 0xD3, 0xD3, 0xCF, 0xBF, 0x0C, 0xDA, 0x59, 0x22, 0xBB },
+    { 0xC0, 0x18, 0xA3, 0x61, 0x24, 0x34, 0x4E, 0x7C, 0x12, 0x54, 0xF5, 0x56, 0xA9, 0xE2, 0x8F, 0xF8, 0xA4, 0xF2, 0x90, 0xF5, 0x29, 0x43, 0x37, 0xDD, 0xEB, 0x77, 0x3D, 0xAC, 0xD9, 0x7D, 0x89, 0x0C },
+    { 0x9B, 0x82, 0xCF, 0xAE, 0x94, 0x42, 0xCA, 0x86, 0x09, 0x8A, 0xC8, 0xB6, 0xF2, 0x9C, 0xB4, 0x9F, 0x5C, 0x87, 0x95, 0xEF, 0x16, 0xD4, 0xEC, 0xD8, 0x8C, 0x8C, 0x2D, 0x14, 0x1A, 0xD3, 0x23, 0x40 },
+    { 0xC4, 0x1A, 0x67, 0x6F, 0x6F, 0xED, 0x49, 0x8A, 0x38, 0xFB, 0x51, 0x5C, 0x34, 0x1F, 0x3F, 0xAD, 0x20, 0xF8, 0xF5, 0xE5, 0xC8, 0x4A, 0xE2, 0xBA, 0x9E, 0x79, 0x72, 0x8C, 0x9F, 0x3F, 0x65, 0x7F },
+    { 0xBD, 0x01, 0xB1, 0x67, 0x47, 0xD5, 0xA2, 0x48, 0x33, 0xA7, 0xAA, 0xE8, 0x25, 0x3F, 0x2A, 0x48, 0xA9, 0xFF, 0xB0, 0x42, 0x9E, 0x23, 0x70, 0x01, 0x3A, 0xFC, 0x6B, 0x5B, 0x74, 0x22, 0x16, 0xCB },
+    { 0x70, 0x8E, 0x9A, 0xC3, 0x67, 0xAB, 0x1F, 0x7A, 0x91, 0x09, 0x20, 0xCF, 0x90, 0x87, 0x81, 0xAA, 0xDF, 0x04, 0x2A, 0xAE, 0x44, 0xA2, 0xF2, 0x91, 0xBB, 0x77, 0x82, 0xB2, 0xEF, 0xDD, 0xAE, 0x46 },
+    { 0xBF, 0xF7, 0xD1, 0xEB, 0xB9, 0x82, 0x51, 0x5E, 0xE4, 0xB0, 0xA5, 0x4C, 0x6A, 0x29, 0xA0, 0x4E, 0xBF, 0x84, 0xAF, 0xDC, 0x48, 0xCA, 0xB2, 0x4C, 0x94, 0xB4, 0x0E, 0xB9, 0x40, 0xE9, 0xDE, 0x0D },
+    { 0xC7, 0x12, 0x81, 0xB3, 0xFD, 0xF8, 0x46, 0x77, 0x74, 0xE6, 0xEE, 0xF1, 0xC8, 0xA0, 0x46, 0xF2, 0xA9, 0xD4, 0x29, 0xAE, 0xBE, 0x34, 0x3C, 0xB6, 0x70, 0x62, 0xC1, 0xAE, 0x9D, 0xA4, 0x63, 0x3D },
+    { 0xFE, 0x3C, 0x1E, 0xA3, 0x85, 0x6D, 0x98, 0x6C, 0xEB, 0xD8, 0x4A, 0x4F, 0x6E, 0xDE, 0x41, 0x61, 0x15, 0x02, 0xAA, 0xB7, 0x11, 0xEB, 0x58, 0xAF, 0xA1, 0xA2, 0xAF, 0xCF, 0xE0, 0x0B, 0x00, 0xB0 },
+    { 0xA9, 0x04, 0x4C, 0xE7, 0xB7, 0xFD, 0x2E, 0xC3, 0x00, 0xC6, 0xB0, 0x70, 0xE1, 0xEA, 0x0D, 0x71, 0xF4, 0x0E, 0x67, 0x54, 0x2A, 0x45, 0xA0, 0x55, 0x59, 0xA7, 0xCD, 0xF7, 0x2F, 0xB8, 0x43, 0x28 },
+    { 0xBF, 0xF0, 0xA7, 0x2F, 0x4F, 0x57, 0x80, 0x0B, 0xF3, 0x44, 0xFB, 0x57, 0x94, 0xC3, 0x33, 0xAC, 0xB2, 0xB9, 0x91, 0x74, 0xC3, 0xAB, 0x10, 0xF8, 0x8E, 0xB1, 0x98, 0xE3, 0x44, 0xED, 0x50, 0x26 },
+    { 0xD5, 0xC6, 0x14, 0x55, 0x4D, 0x87, 0x2A, 0xE4, 0x05, 0x61, 0xAB, 0xC1, 0xDC, 0x3A, 0x80, 0xCC, 0xFE, 0xFD, 0x21, 0x66, 0x95, 0x4F, 0x08, 0x76, 0x29, 0x35, 0x95, 0xE4, 0x0E, 0xC3, 0xB0, 0x8C },
+    { 0xF6, 0xB9, 0x85, 0xAE, 0x6F, 0xE9, 0x61, 0x53, 0x55, 0x52, 0xB0, 0x40, 0x9A, 0x99, 0x97, 0x1C, 0x54, 0xEF, 0x22, 0x88, 0x4F, 0x5B, 0x3A, 0x32, 0x48, 0x2B, 0x8E, 0xE8, 0x16, 0xEA, 0x03, 0x8E },
+    { 0x5B, 0xAB, 0xDF, 0x61, 0x79, 0xA0, 0xC3, 0xD2, 0x4A, 0x4B, 0xAC, 0xFE, 0xEB, 0x8B, 0x11, 0x42, 0xCC, 0xB7, 0x32, 0xF2, 0x9C, 0xC5, 0x15, 0x51, 0xA4, 0x89, 0xB0, 0x01, 0x7E, 0xE5, 0x3D, 0x51 },
+    { 0x1F, 0xBB, 0x58, 0xDF, 0xBF, 0x0B, 0x9D, 0x97, 0x5E, 0xBE, 0x81, 0xE7, 0x55, 0xD9, 0x8C, 0x72, 0xDE, 0x73, 0xAC, 0xEA, 0xF3, 0xD6, 0x72, 0x96, 0xF8, 0x1B, 0x78, 0xB2, 0x8D, 0x55, 0x16, 0x1B },
+    { 0xC8, 0xCD, 0x6A, 0xDA, 0xE5, 0xA8, 0xB1, 0x00, 0xF8, 0xF1, 0xCF, 0xA3, 0x6E, 0x2E, 0x39, 0x6A, 0xD0, 0x02, 0x8B, 0xAE, 0x5A, 0x92, 0xF5, 0x1B, 0xB7, 0x3B, 0xC0, 0x38, 0x34, 0x24, 0xDA, 0xC0 },
+    { 0x44, 0x0E, 0x0F, 0x91, 0xCD, 0x40, 0xC6, 0x3A, 0x56, 0x6E, 0x14, 0xB3, 0x40, 0xD5, 0x65, 0x02, 0x00, 0x23, 0x57, 0xF7, 0xB8, 0x83, 0xA5, 0xDE, 0xEC, 0xBD, 0x8A, 0xAD, 0xA9, 0xE2, 0x9D, 0xC8 },
+    { 0x17, 0xF5, 0xA0, 0x14, 0xF7, 0xC2, 0xCD, 0xBB, 0x37, 0x34, 0x64, 0xD8, 0x26, 0xF6, 0xD2, 0x21, 0xE1, 0x25, 0x62, 0xA9, 0x6E, 0xA2, 0xC8, 0xD3, 0x6A, 0xDF, 0xE4, 0xBB, 0xCF, 0x5B, 0x60, 0x03 },
+    { 0x02, 0xB7, 0x7B, 0xBC, 0xAF, 0xA2, 0x02, 0xDE, 0xB8, 0xA4, 0x59, 0x5F, 0x00, 0x9D, 0x4C, 0x16, 0xE3, 0xE9, 0x9D, 0xD7, 0x2E, 0x9E, 0xFC, 0xFF, 0x63, 0x26, 0x66, 0x18, 0xD1, 0x5A, 0xB7, 0x1E },
+    { 0x1A, 0x7F, 0xD6, 0xD1, 0x5A, 0xF9, 0x81, 0x37, 0xB3, 0x7C, 0xD2, 0x44, 0xAA, 0x57, 0x20, 0xA9, 0xEA, 0x16, 0xD6, 0x54, 0x86, 0x94, 0x33, 0x5B, 0xD0, 0xEC, 0x41, 0xCF, 0x4A, 0x77, 0xA5, 0xD3 },
+    { 0x97, 0xB4, 0x5D, 0x99, 0xCD, 0x21, 0xE1, 0xB1, 0x07, 0x3F, 0xEF, 0x00, 0x4F, 0x80, 0x07, 0x23, 0x00, 0x53, 0x19, 0x92, 0xDF, 0xB8, 0x89, 0x48, 0xB1, 0x7C, 0xD6, 0xDA, 0xBA, 0x3E, 0x84, 0x17 },
+    { 0x16, 0xC5, 0xC9, 0xB5, 0x76, 0xBF, 0xF4, 0xFA, 0xE0, 0x5F, 0xC1, 0x4F, 0xB3, 0x60, 0x02, 0x3B, 0x4C, 0xE9, 0xC7, 0x3D, 0x07, 0x88, 0x5E, 0xE1, 0x08, 0xB2, 0x3E, 0x2D, 0x71, 0x7E, 0x6C, 0x04 },
+    { 0x55, 0xC4, 0x43, 0xDC, 0x1F, 0x1E, 0xBD, 0x7C, 0x83, 0x47, 0x06, 0x3F, 0x5E, 0xB3, 0x0C, 0xE0, 0x54, 0xE5, 0x8F, 0x6E, 0xD3, 0x12, 0x53, 0xE8, 0x1D, 0x30, 0xB5, 0xD9, 0x82, 0xA1, 0xB3, 0x81 },
+    { 0x6B, 0x8F, 0x18, 0x0B, 0x6C, 0x98, 0x35, 0xD0, 0x67, 0x01, 0xD8, 0xF2, 0x2E, 0xAE, 0xD3, 0xC8, 0x4F, 0xF5, 0x84, 0xA6, 0x7C, 0x56, 0xC2, 0x51, 0x17, 0xCB, 0x7A, 0x86, 0x86, 0x3E, 0x46, 0x06 },
+    { 0xEB, 0xA8, 0xA9, 0xC2, 0x66, 0x16, 0xBA, 0x17, 0xDE, 0x28, 0xE9, 0x82, 0x48, 0xA3, 0x87, 0x84, 0x3A, 0xEE, 0x00, 0x3B, 0x4D, 0x98, 0x4D, 0x19, 0x2C, 0x81, 0xE4, 0x31, 0xA1, 0xAF, 0x5A, 0xB2 },
+    { 0xA1, 0x80, 0x9A, 0x61, 0x79, 0xAD, 0xC6, 0x06, 0x7E, 0xDD, 0x81, 0x01, 0x23, 0xAD, 0x2B, 0x59, 0x0B, 0xFD, 0x71, 0xEC, 0x0E, 0xBA, 0xAF, 0xFB, 0xA2, 0xCD, 0x56, 0x41, 0x4F, 0x3F, 0xDB, 0x5D },
+    { 0x29, 0xF3, 0xDB, 0xF7, 0x0F, 0xED, 0x14, 0xBC, 0x2B, 0x4C, 0x95, 0x03, 0xCF, 0xFF, 0x7F, 0x7F, 0xC4, 0x5C, 0x9D, 0x47, 0xA8, 0x59, 0x5F, 0xCD, 0x1B, 0x6C, 0x4A, 0x48, 0x46, 0xAF, 0x95, 0x05 },
+    { 0xEC, 0x21, 0x6E, 0xF1, 0xE9, 0x02, 0xD1, 0x18, 0xAF, 0x0F, 0xC2, 0xDD, 0x6E, 0xD3, 0xB5, 0xAB, 0x5D, 0xF2, 0x60, 0x0E, 0x7B, 0xB3, 0xA7, 0xE0, 0x09, 0x6C, 0xF2, 0x0B, 0x93, 0x3E, 0xCC, 0x0A },
+    { 0xC9, 0x78, 0x6A, 0x90, 0xC9, 0xDD, 0x20, 0x2E, 0x08, 0x66, 0x64, 0x6F, 0x53, 0x93, 0xE3, 0x23, 0xB4, 0x2C, 0xC8, 0x77, 0xD0, 0x4C, 0x35, 0xBF, 0x1F, 0x5E, 0x66, 0xC0, 0xC5, 0x0B, 0xD4, 0x1E },
+    { 0x92, 0x17, 0xD7, 0x92, 0xE4, 0x81, 0x98, 0xAA, 0x29, 0x30, 0x03, 0x3D, 0x54, 0x3E, 0x12, 0xDE, 0x1A, 0x77, 0x46, 0x44, 0x51, 0xFC, 0x3C, 0x3C, 0x2E, 0xAB, 0xE9, 0x9C, 0xEA, 0x33, 0xC3, 0xCA },
+    { 0xE1, 0x02, 0xF6, 0xB9, 0x59, 0x7D, 0xE4, 0xDC, 0x12, 0x89, 0xB7, 0x0A, 0x1B, 0xFC, 0xD5, 0xC0, 0xC8, 0x51, 0x1A, 0x88, 0x78, 0x86, 0x64, 0xE2, 0x65, 0x04, 0xF4, 0x12, 0xAC, 0xF4, 0x30, 0xF0 },
+    { 0xFA, 0xCE, 0x40, 0x47, 0xFE, 0x38, 0x83, 0xD4, 0xB6, 0x22, 0x9C, 0xF1, 0x8A, 0x4B, 0xEA, 0x6E, 0x81, 0x1C, 0xD4, 0x4A, 0x88, 0x1B, 0x22, 0x69, 0x5C, 0x4C, 0xD6, 0x98, 0xE5, 0x42, 0xC5, 0x5C },
+    { 0x9D, 0x17, 0x5D, 0x76, 0xB8, 0xA4, 0x27, 0x12, 0x4A, 0xFF, 0xC4, 0x3C, 0x2E, 0x8B, 0x17, 0xD5, 0x3E, 0xCC, 0xDB, 0x2B, 0xFB, 0x47, 0x53, 0x82, 0x11, 0x99, 0x8D, 0x20, 0x6D, 0x90, 0x3A, 0x5F },
+    { 0x9D, 0x3B, 0xDC, 0xA3, 0xF3, 0x28, 0xEF, 0x66, 0xCB, 0xB1, 0x84, 0xD6, 0xD2, 0xE8, 0xBC, 0x71, 0x71, 0x9E, 0x26, 0xFF, 0x75, 0xCB, 0x79, 0x28, 0x0B, 0x3B, 0x20, 0xE8, 0x16, 0x68, 0x26, 0xF9 },
+    { 0x0D, 0xA1, 0x29, 0x3E, 0x4E, 0xDB, 0xD5, 0x22, 0x3F, 0x40, 0xD1, 0xAF, 0x51, 0xAC, 0x59, 0x83, 0x8C, 0xBD, 0xDD, 0x85, 0xE8, 0x0F, 0x92, 0xF1, 0xCA, 0x7B, 0xE9, 0x06, 0x21, 0x4C, 0x86, 0x19 },
+    { 0x7F, 0x0C, 0x9D, 0xE8, 0x49, 0xC6, 0x4E, 0x21, 0x67, 0xC3, 0x70, 0x81, 0x45, 0x90, 0x40, 0x53, 0x5D, 0x77, 0x48, 0x99, 0x5E, 0x39, 0xCD, 0x9E, 0x33, 0x23, 0x56, 0xF1, 0xD8, 0x89, 0x8C, 0x65 },
+    { 0xE3, 0x6A, 0x98, 0x30, 0x70, 0x54, 0xF9, 0x8F, 0xC1, 0x45, 0x4E, 0x37, 0x5E, 0xD0, 0x49, 0xDC, 0x24, 0x82, 0x78, 0x51, 0x5B, 0xFD, 0x5F, 0x2F, 0x40, 0xFE, 0xFC, 0x0C, 0x08, 0xA2, 0x1B, 0xE6 },
+    { 0xC6, 0x7A, 0xA4, 0xF8, 0x9F, 0xDE, 0xFE, 0xD2, 0x40, 0xBB, 0xE6, 0xBD, 0x11, 0x11, 0x30, 0xCD, 0x3B, 0xBC, 0x5B, 0xE1, 0x55, 0xA5, 0xD4, 0x9B, 0x43, 0xE3, 0x89, 0x47, 0xBF, 0x6C, 0x38, 0xD4 },
+    { 0xF1, 0x16, 0xD1, 0x8E, 0xAE, 0x30, 0x8E, 0x96, 0x1D, 0xE8, 0x73, 0x0F, 0x55, 0x33, 0xE9, 0xB2, 0x4E, 0x28, 0x5B, 0x8E, 0x4D, 0x48, 0xC8, 0x08, 0x2E, 0x41, 0x35, 0x3B, 0xE0, 0xFA, 0x7B, 0x0E },
+    { 0xA5, 0x8F, 0x42, 0x5A, 0x11, 0x52, 0xE8, 0xE2, 0xDD, 0x7C, 0x19, 0xA2, 0xE3, 0xBD, 0xF9, 0x8D, 0x38, 0x45, 0x53, 0x3D, 0x96, 0x0F, 0xD3, 0x54, 0xE0, 0x0E, 0x75, 0xFC, 0x6B, 0x43, 0x37, 0x3A },
+    { 0xB4, 0x85, 0x12, 0xC1, 0x42, 0x8C, 0xDD, 0xF9, 0x2A, 0xD5, 0xAC, 0x62, 0x19, 0x71, 0x74, 0xB7, 0xCC, 0x0B, 0x67, 0xEE, 0x57, 0x62, 0x06, 0x00, 0x8D, 0x6D, 0xB0, 0x97, 0x50, 0x34, 0xA0, 0x0C },
+    { 0x99, 0x2D, 0xA1, 0x75, 0x05, 0xDA, 0x6A, 0x73, 0xCD, 0xF1, 0x84, 0x18, 0xED, 0x50, 0x6E, 0xBF, 0x90, 0xAB, 0xB7, 0xE1, 0x77, 0x02, 0x2F, 0x8C, 0xCC, 0x49, 0x40, 0xE4, 0x15, 0x92, 0xF6, 0x6E },
+    { 0x6F, 0x75, 0x8E, 0xED, 0x58, 0x90, 0x4D, 0xCB, 0xA0, 0xAE, 0x6B, 0xE6, 0x2B, 0xFA, 0x2E, 0x8D, 0x73, 0x18, 0x15, 0xDC, 0x6B, 0x66, 0xB2, 0xC7, 0x3E, 0x23, 0xDC, 0x8A, 0x45, 0xA6, 0xAB, 0x61 },
+    { 0xC7, 0x82, 0x07, 0x97, 0x89, 0x16, 0x16, 0xDB, 0xE1, 0x11, 0xBF, 0xEF, 0x93, 0x65, 0xCB, 0xE4, 0x4F, 0x28, 0xA1, 0x91, 0x62, 0x15, 0xC0, 0x25, 0x0F, 0x6D, 0xE3, 0xB0, 0x58, 0xD4, 0xCE, 0x29 },
+    { 0x8E, 0xD6, 0xC7, 0x92, 0x04, 0xD4, 0x38, 0x22, 0x28, 0x43, 0x9A, 0xC4, 0x07, 0xC7, 0x56, 0xEE, 0x41, 0x17, 0x48, 0x8B, 0x34, 0xA7, 0x42, 0xEF, 0x83, 0x4B, 0xB2, 0xF8, 0x9D, 0xBF, 0x96, 0x25 },
+    { 0x75, 0x8B, 0xBD, 0x7B, 0xA5, 0xFC, 0x20, 0x4D, 0xDE, 0x6C, 0x3E, 0x5B, 0x3F, 0xA1, 0x9E, 0x14, 0xBA, 0x21, 0x4D, 0xE0, 0x95, 0x3D, 0x3E, 0x05, 0xB2, 0xF4, 0x19, 0x64, 0x1C, 0x2D, 0x12, 0xBE },
+    { 0x15, 0xEE, 0x19, 0xA1, 0x36, 0x9B, 0x01, 0xF3, 0x8F, 0x36, 0x3D, 0xDA, 0x95, 0x2A, 0x08, 0xAC, 0x38, 0x93, 0x62, 0xD6, 0xC5, 0x44, 0xBF, 0xCC, 0xF7, 0xF1, 0x75, 0x07, 0x4D, 0x72, 0x55, 0xD9 },
+    { 0x9B, 0x09, 0x25, 0xA7, 0x08, 0x1B, 0x75, 0xC2, 0xD9, 0x8E, 0xDA, 0x58, 0x43, 0x75, 0x19, 0x80, 0xB8, 0xB9, 0x54, 0xB0, 0x48, 0x83, 0x3A, 0x11, 0x37, 0x4E, 0x7F, 0x39, 0xC2, 0xC1, 0xCC, 0xCC },
+    { 0x82, 0x5C, 0x1D, 0x36, 0xF3, 0xB7, 0x37, 0xD6, 0x19, 0xAC, 0xB2, 0x8A, 0xE1, 0x8D, 0x99, 0xC2, 0x57, 0x50, 0x00, 0x86, 0x6D, 0x0C, 0x9D, 0xA4, 0x3B, 0x15, 0xCD, 0x9C, 0x9D, 0x66, 0x0E, 0xD0 },
+    { 0xDB, 0xF5, 0x2D, 0x4E, 0xFD, 0xC7, 0xF5, 0x04, 0xD0, 0x60, 0x38, 0xA1, 0xAF, 0x7F, 0x79, 0xB4, 0x73, 0x75, 0x9E, 0x4C, 0x48, 0xA1, 0x4A, 0x97, 0xE6, 0x36, 0x11, 0x86, 0x9F, 0xC8, 0xD7, 0x4E },
+    { 0x73, 0x6D, 0xC4, 0x1F, 0xCA, 0x7A, 0x64, 0xB5, 0xEA, 0xC4, 0x99, 0x0E, 0x1F, 0x43, 0x98, 0xB5, 0xC4, 0xC7, 0x51, 0x62, 0x11, 0x08, 0x28, 0x6A, 0x3E, 0xE7, 0xC1, 0x06, 0xDD, 0x33, 0xB0, 0x83 },
+    { 0x73, 0xA4, 0x5C, 0x6F, 0x90, 0xE3, 0x24, 0x91, 0xBA, 0x64, 0x80, 0x63, 0x44, 0x1F, 0xE0, 0x3C, 0x32, 0x9F, 0x3F, 0x2D, 0x3C, 0x9E, 0xA3, 0x0B, 0x58, 0x81, 0x36, 0x83, 0x19, 0x2A, 0x8A, 0x42 },
+    { 0x93, 0x0F, 0x89, 0x8F, 0x48, 0xB3, 0xCA, 0xF2, 0xEC, 0xEA, 0x1C, 0xA9, 0xF9, 0x48, 0x71, 0x7B, 0xDD, 0x3D, 0x63, 0x96, 0x79, 0x17, 0x23, 0x4A, 0x8F, 0xDB, 0x75, 0x3A, 0x40, 0x53, 0xB9, 0xB8 },
+    { 0x73, 0x5C, 0x04, 0x76, 0x89, 0x2A, 0xC1, 0x85, 0x70, 0xD9, 0x58, 0x6E, 0x6E, 0x2A, 0x3B, 0x40, 0xC1, 0xEE, 0x00, 0xC9, 0x59, 0xAD, 0x43, 0x9A, 0xC6, 0x4C, 0xAF, 0x2E, 0x6C, 0xCF, 0x01, 0xD5 },
+    { 0x6C, 0x1E, 0xD6, 0xB0, 0x2C, 0x9E, 0x4B, 0x1B, 0x7D, 0xE4, 0x4C, 0x5E, 0xCB, 0x53, 0xC1, 0xF0, 0xEC, 0xA3, 0x31, 0x25, 0x58, 0x3C, 0xCB, 0x42, 0xFC, 0xD8, 0xC9, 0x87, 0xEF, 0x15, 0x5D, 0x52 },
+    { 0x2C, 0x0B, 0x59, 0x95, 0xD2, 0xE1, 0xCC, 0xF6, 0x0E, 0x09, 0x64, 0xFA, 0xCF, 0x6E, 0x7E, 0xFE, 0x4E, 0x33, 0xBB, 0x83, 0x95, 0xAB, 0xFF, 0xB4, 0x10, 0x1E, 0x19, 0x13, 0xD4, 0x47, 0x40, 0xEB },
+    { 0x38, 0x3B, 0xA9, 0x66, 0x88, 0x6D, 0xE3, 0x23, 0x18, 0x1E, 0x00, 0xFB, 0x97, 0x14, 0xF6, 0xA5, 0xC9, 0xB4, 0x15, 0x1E, 0xAB, 0x1C, 0xBE, 0x85, 0x98, 0xC3, 0x03, 0x2B, 0x76, 0x47, 0x2F, 0x89 },
+    { 0x66, 0xD9, 0x05, 0xD9, 0xC9, 0x3F, 0xE8, 0x01, 0x49, 0x62, 0x3A, 0x3B, 0x26, 0x85, 0xF2, 0x86, 0x3E, 0x64, 0x63, 0xF1, 0xB6, 0xC2, 0xA0, 0x0E, 0xA7, 0x70, 0x6F, 0xF2, 0xF2, 0x67, 0xEA, 0x41 },
+    { 0x31, 0x1B, 0xDC, 0x1A, 0x1F, 0x5E, 0xB6, 0xF9, 0x5C, 0x51, 0x14, 0x0D, 0xC8, 0x63, 0x5E, 0x61, 0x46, 0xA2, 0x72, 0xE3, 0x32, 0x62, 0x7E, 0x70, 0xCA, 0xCC, 0xCB, 0x71, 0xD0, 0x71, 0xD2, 0x6B },
+    { 0x79, 0xCE, 0x06, 0x01, 0xBF, 0xF7, 0x7D, 0x3F, 0x7E, 0x3E, 0xFC, 0x7A, 0x5F, 0x1B, 0x43, 0x46, 0x07, 0xA8, 0xC9, 0x6F, 0xDB, 0xBC, 0xBB, 0x29, 0xAC, 0x08, 0x76, 0xA7, 0xBA, 0x5C, 0x34, 0x94 },
+    { 0x90, 0x6F, 0x27, 0xC9, 0xA4, 0x94, 0x96, 0xEC, 0xF0, 0x77, 0x1B, 0x07, 0x53, 0x06, 0xEE, 0x8C, 0x5D, 0x8C, 0xFE, 0xF0, 0xDC, 0xB1, 0x39, 0xFF, 0x8D, 0xCB, 0x85, 0x10, 0x86, 0x87, 0xBE, 0x39 },
+    { 0x7A, 0x68, 0x5A, 0x51, 0xC2, 0x2A, 0x34, 0x23, 0x79, 0x53, 0xB7, 0xE4, 0xAC, 0xAB, 0x98, 0x7E, 0x75, 0xB7, 0x01, 0xA5, 0x97, 0x0F, 0x94, 0xF1, 0x76, 0x9C, 0x0D, 0x8D, 0xD6, 0xC3, 0x06, 0x7C },
+    { 0x45, 0x0B, 0xA0, 0xE6, 0xC7, 0xAF, 0x7C, 0xFD, 0xE5, 0xAE, 0xBF, 0x87, 0x8C, 0x09, 0x5A, 0xA0, 0x97, 0xF8, 0x23, 0xF0, 0xA1, 0xBD, 0xC4, 0x4F, 0xE5, 0xDD, 0x26, 0xA6, 0x50, 0x17, 0x04, 0x06 },
+    { 0x9E, 0x45, 0xD8, 0xB8, 0xF0, 0x0B, 0x3A, 0x29, 0x60, 0x0A, 0x64, 0x6A, 0xF5, 0x70, 0xFA, 0xCA, 0xC0, 0xEA, 0xB0, 0xDC, 0x44, 0x3B, 0x88, 0x21, 0x86, 0x39, 0x5F, 0x1A, 0xD9, 0x49, 0xF6, 0xB3 },
+    { 0x5B, 0x60, 0x65, 0xE6, 0xA9, 0xE8, 0x3A, 0x6F, 0xAE, 0x16, 0x47, 0x0D, 0xA4, 0xC8, 0x56, 0x07, 0x72, 0xD0, 0xCD, 0x2B, 0x61, 0xF8, 0x06, 0x34, 0xAF, 0x69, 0x94, 0x8A, 0xFA, 0x83, 0xDF, 0xFC },
+    { 0x79, 0xA9, 0x2B, 0x54, 0xC7, 0x28, 0x90, 0xBF, 0x45, 0xE6, 0x39, 0x0B, 0xC2, 0xCF, 0xE4, 0xAC, 0x50, 0x5B, 0xC3, 0x95, 0x21, 0x77, 0xD2, 0x68, 0x4B, 0xB8, 0xFF, 0x9A, 0xCC, 0x87, 0x81, 0xDC },
+    { 0x60, 0xD6, 0xA6, 0x62, 0xA5, 0x64, 0xD3, 0xF9, 0x99, 0x04, 0xEB, 0x96, 0x94, 0xC4, 0x61, 0x1C, 0xEA, 0xDE, 0xFC, 0xDF, 0x28, 0xD8, 0xB2, 0xEC, 0xA6, 0x84, 0x7F, 0xEE, 0x7E, 0x17, 0xB5, 0x39 },
+    { 0x9A, 0xD8, 0x81, 0xC4, 0xDB, 0x75, 0x30, 0xEF, 0x5B, 0x98, 0x01, 0x69, 0xDF, 0x41, 0x1A, 0x12, 0x00, 0x71, 0x7D, 0x95, 0xD6, 0xD7, 0x44, 0xF2, 0xF5, 0x0C, 0x5E, 0xDF, 0x8B, 0xCC, 0x06, 0x70 },
+    { 0xAC, 0x8A, 0xA0, 0xCA, 0x80, 0xAD, 0x5A, 0x2C, 0x51, 0x0E, 0xA9, 0x8C, 0x8C, 0xBB, 0x5D, 0xAA, 0xDD, 0x67, 0x20, 0xAA, 0x9F, 0x6D, 0xC8, 0x4B, 0x47, 0xD9, 0x8B, 0xBB, 0x5A, 0xA1, 0x35, 0x49 },
+    { 0xB3, 0x58, 0xD3, 0x49, 0x78, 0x5A, 0x2B, 0x8B, 0x93, 0x11, 0xC2, 0x67, 0xF4, 0x13, 0x5B, 0x06, 0x4A, 0x88, 0x85, 0x92, 0xCB, 0xF0, 0x09, 0x68, 0x36, 0x6B, 0xB5, 0x24, 0x56, 0xBB, 0xD5, 0xC9 },
+    { 0x2A, 0x50, 0xAB, 0xCB, 0x22, 0xC4, 0x1A, 0x75, 0x9B, 0x39, 0x3A, 0x53, 0xED, 0x55, 0xFD, 0xA5, 0xAE, 0x84, 0x27, 0x2E, 0x00, 0x82, 0x9F, 0x33, 0xA8, 0x43, 0x3A, 0xA0, 0x8C, 0x7E, 0xB7, 0xD8 },
+    { 0x69, 0x6C, 0xFC, 0xA0, 0x52, 0xF5, 0x8A, 0x3A, 0xD3, 0xFA, 0xE5, 0x54, 0x7C, 0xB8, 0x25, 0x43, 0x5B, 0xE1, 0xF9, 0x13, 0xA1, 0xA2, 0x67, 0x47, 0x44, 0x81, 0x9D, 0xCE, 0xA1, 0x72, 0x82, 0xD6 },
+    { 0xCD, 0x01, 0xF9, 0x70, 0xCE, 0xB5, 0x8F, 0x49, 0xA2, 0x66, 0x26, 0xE0, 0xBE, 0x31, 0xB6, 0x7D, 0xEF, 0xF7, 0xAB, 0xA2, 0x5D, 0xA9, 0xE7, 0x8B, 0xB0, 0x71, 0x94, 0xC1, 0xB1, 0x6B, 0xF5, 0x82 },
+    { 0x78, 0x8C, 0xF0, 0x75, 0x1B, 0xE0, 0xCA, 0x97, 0xE9, 0x37, 0x56, 0x6D, 0x77, 0x71, 0x0D, 0x1F, 0x52, 0x3D, 0x61, 0x34, 0x92, 0xD8, 0xF0, 0xF2, 0x40, 0x33, 0xEA, 0x65, 0xEE, 0xAA, 0x95, 0xA9 },
+    { 0xD5, 0xB4, 0xAA, 0xA7, 0xEE, 0xFF, 0x27, 0xAF, 0xA3, 0x93, 0x5C, 0x1F, 0x90, 0x47, 0x3E, 0x51, 0x10, 0xBB, 0x4A, 0xA3, 0xA3, 0xD3, 0x3B, 0xEE, 0x07, 0x54, 0xDE, 0x71, 0xC1, 0xC2, 0xF3, 0x36 },
+    { 0xC6, 0xD5, 0xF3, 0xDA, 0x57, 0xC7, 0xAA, 0xA3, 0xEB, 0x50, 0xA8, 0xBF, 0xE0, 0x02, 0x4C, 0x88, 0x68, 0x84, 0xD5, 0xA3, 0x78, 0x00, 0x63, 0x3A, 0xAE, 0xA9, 0xB3, 0x46, 0x91, 0xBA, 0xDA, 0xCD },
+    { 0xD0, 0x65, 0x64, 0x60, 0x92, 0xCF, 0xF1, 0x70, 0x3A, 0x72, 0x65, 0x7A, 0x95, 0xBF, 0xB5, 0x3E, 0xF7, 0x3F, 0xAB, 0xEE, 0x93, 0x0A, 0x3F, 0xE5, 0x9C, 0xED, 0x10, 0xF1, 0x7D, 0x2B, 0x27, 0xC8 },
+    { 0xE1, 0xB3, 0x1A, 0x5B, 0xC6, 0x2B, 0x3A, 0xEA, 0x44, 0xE6, 0xF2, 0x88, 0x8F, 0xBD, 0x4D, 0x45, 0x36, 0x18, 0x4B, 0x7A, 0x73, 0x15, 0x66, 0x12, 0xD1, 0x3C, 0xAE, 0x3A, 0x23, 0x53, 0xF0, 0xA0 },
+    { 0x62, 0x00, 0x5F, 0x7C, 0x5D, 0x30, 0x0A, 0xF7, 0x08, 0x16, 0x2C, 0xD2, 0xAF, 0x59, 0x9E, 0x1F, 0x13, 0xAA, 0x1E, 0x95, 0x81, 0x48, 0xEE, 0x08, 0xB6, 0xB6, 0x07, 0xF0, 0x81, 0x66, 0x8E, 0x98 },
+    { 0xDA, 0x2B, 0xFB, 0xC0, 0xAD, 0xE9, 0x92, 0x90, 0xD5, 0x91, 0xF3, 0x1B, 0xD2, 0x9B, 0xAD, 0xD4, 0x27, 0xCB, 0xD6, 0x5C, 0x3F, 0x51, 0x05, 0xE6, 0x58, 0xA7, 0x26, 0xB6, 0xC0, 0xD7, 0x0E, 0x00 },
+    { 0x77, 0x98, 0x10, 0xF9, 0xE4, 0xB5, 0x86, 0x90, 0xF7, 0xF1, 0x59, 0x46, 0x0C, 0x50, 0x8A, 0x13, 0x22, 0x6C, 0x68, 0x20, 0x36, 0x1C, 0x83, 0x5B, 0xC4, 0x56, 0xAA, 0x58, 0x90, 0xDB, 0x1F, 0xCA },
+    { 0xE9, 0x7A, 0xEC, 0x75, 0x0B, 0x79, 0x61, 0xFC, 0xC9, 0xFC, 0xA4, 0x8B, 0x2F, 0xC1, 0x51, 0x24, 0x3E, 0x0B, 0x1A, 0x1A, 0xC9, 0xF1, 0xB6, 0x14, 0x00, 0xE2, 0x4B, 0xA9, 0xAA, 0x7E, 0x92, 0x11 },
+    { 0x69, 0x1C, 0x70, 0x5E, 0x4F, 0xC4, 0x94, 0xFD, 0xED, 0xAF, 0x6E, 0xB2, 0x1C, 0x32, 0x93, 0x2E, 0x3D, 0x81, 0x64, 0x18, 0x26, 0xDD, 0xA9, 0x69, 0x48, 0x53, 0x98, 0xF7, 0x78, 0xE6, 0x75, 0x91 },
+    { 0x23, 0x4D, 0x2F, 0x60, 0xBF, 0x67, 0x59, 0x0B, 0x45, 0x48, 0x17, 0x66, 0x26, 0x60, 0x2B, 0x89, 0x34, 0x8E, 0x25, 0xB4, 0x6D, 0xDC, 0x60, 0xB5, 0x98, 0xDF, 0xA7, 0x4C, 0xCB, 0x49, 0x1D, 0x87 },
+    { 0x7D, 0x1F, 0x01, 0xE9, 0xC3, 0x10, 0xD7, 0xF3, 0xB4, 0x27, 0x0F, 0x5E, 0x08, 0xF3, 0x01, 0x1B, 0xE3, 0xCD, 0x48, 0x41, 0xF7, 0xBC, 0x02, 0x93, 0x04, 0x75, 0x17, 0x3E, 0x3A, 0x01, 0xBA, 0x02 },
+    { 0x8E, 0x43, 0x20, 0x2C, 0x17, 0x32, 0x72, 0x78, 0xF3, 0x4C, 0xE8, 0xCE, 0xEB, 0x53, 0xF0, 0xA2, 0xC6, 0xB5, 0xA1, 0xBF, 0x86, 0x87, 0xEE, 0xCA, 0x6D, 0x83, 0xE3, 0x84, 0x10, 0x52, 0x1B, 0xFF },
+    { 0x94, 0xE6, 0xBB, 0x82, 0xC2, 0x82, 0x33, 0xA1, 0x71, 0x0A, 0x81, 0x86, 0x99, 0x76, 0x82, 0x20, 0x5C, 0xB3, 0xCF, 0x0C, 0x17, 0xC4, 0x33, 0x10, 0x94, 0x4E, 0xDD, 0xDA, 0xD1, 0x9B, 0x76, 0xFF },
+    { 0x13, 0xC0, 0xE9, 0x9A, 0xB8, 0x64, 0xE4, 0x87, 0xE9, 0xB3, 0x97, 0x0C, 0xDF, 0xA0, 0x87, 0xAB, 0x2B, 0x41, 0x21, 0x1F, 0x53, 0x46, 0xCA, 0x5F, 0x0F, 0x98, 0xCC, 0x1F, 0xEC, 0x1B, 0x6E, 0x9C },
+    { 0xAB, 0xDB, 0x05, 0xBE, 0x84, 0x5D, 0x36, 0xFB, 0x11, 0x4B, 0xA3, 0x75, 0xA4, 0xA2, 0x2F, 0x16, 0x61, 0x21, 0x75, 0xE9, 0x23, 0x05, 0xEB, 0x8E, 0x00, 0xB5, 0xC6, 0x14, 0xD7, 0x70, 0x29, 0xD6 },
+    { 0x23, 0x89, 0xBC, 0x6E, 0x6F, 0x8C, 0x67, 0x7C, 0x61, 0xFE, 0xFE, 0xF4, 0x06, 0xDE, 0x17, 0x58, 0xC2, 0x49, 0x8D, 0x24, 0xBC, 0xC0, 0x09, 0x94, 0x3C, 0x0A, 0xDD, 0xBC, 0x43, 0x0E, 0x34, 0x90 },
+    { 0xAA, 0x39, 0x28, 0xAC, 0x64, 0xB8, 0x03, 0x29, 0x5D, 0xD2, 0x7B, 0x82, 0x62, 0xB5, 0xEF, 0xA3, 0x12, 0x43, 0xE0, 0x04, 0xE1, 0x40, 0x1C, 0x9E, 0x4A, 0x35, 0x67, 0xE3, 0x84, 0x6A, 0x4C, 0xB2 },
+    { 0x58, 0x2D, 0x07, 0x72, 0x8B, 0x7C, 0x4B, 0x0E, 0x43, 0x55, 0x93, 0x49, 0x31, 0x27, 0x63, 0x7E, 0x3F, 0x58, 0xF5, 0xBA, 0x75, 0xCC, 0xCF, 0x58, 0xE6, 0xC7, 0x7B, 0xAE, 0x55, 0xD8, 0x7A, 0x72 },
+    { 0xFA, 0xF4, 0x94, 0x29, 0x66, 0x45, 0x01, 0x60, 0xDE, 0x76, 0x78, 0x7B, 0x9D, 0xC2, 0x37, 0x15, 0x50, 0x56, 0x5A, 0x9C, 0x09, 0x85, 0xE8, 0x4D, 0x18, 0xD4, 0x30, 0x84, 0x02, 0xB5, 0xA2, 0xD4 },
+    { 0x6A, 0xC2, 0xA8, 0xAC, 0x04, 0xB5, 0x8A, 0x57, 0x81, 0x7B, 0x13, 0xFB, 0xD0, 0xC4, 0xFE, 0x7C, 0x1C, 0xF8, 0x6A, 0x2A, 0x56, 0x53, 0x1A, 0x05, 0x11, 0x83, 0xFD, 0x8D, 0xE4, 0xB0, 0x2D, 0x0A },
+    { 0x8B, 0x6F, 0x0C, 0xCD, 0x37, 0xB6, 0xDE, 0x75, 0x94, 0x0D, 0x48, 0x10, 0x00, 0x53, 0x95, 0xD4, 0x49, 0x6A, 0xD9, 0x73, 0x59, 0x10, 0xB2, 0x8C, 0xC8, 0x14, 0xEB, 0x84, 0xFB, 0x4B, 0x86, 0xDC },
+    { 0x67, 0xDD, 0xE5, 0xB0, 0x93, 0x39, 0xB3, 0xAC, 0xDD, 0x65, 0x96, 0x5B, 0x48, 0x3A, 0x7C, 0xEF, 0xF0, 0x32, 0x35, 0x06, 0x6E, 0x5F, 0xD4, 0x53, 0x77, 0x67, 0x41, 0x0E, 0x18, 0x47, 0x74, 0x25 },
+    { 0xE9, 0x30, 0x26, 0xDB, 0xA1, 0x52, 0x20, 0x03, 0x4C, 0x5D, 0x1E, 0x5E, 0xB7, 0xB3, 0x67, 0x5A, 0x51, 0x4B, 0xB8, 0x13, 0xD5, 0x76, 0x8B, 0xAB, 0x87, 0x10, 0x9A, 0x51, 0x63, 0x70, 0x50, 0x0A },
+    { 0x57, 0x55, 0x8D, 0x90, 0xC3, 0xEF, 0x02, 0xCD, 0x09, 0x3B, 0x8E, 0x32, 0xED, 0xCA, 0x40, 0x63, 0x68, 0x84, 0x9E, 0x69, 0x97, 0x7B, 0x88, 0x73, 0x87, 0x77, 0xE7, 0x32, 0x02, 0xE9, 0xB8, 0xB1 },
+    { 0x5B, 0x8E, 0x1F, 0xE0, 0x3F, 0x39, 0x02, 0x19, 0x6F, 0x8E, 0x04, 0x1A, 0x5C, 0x86, 0xF6, 0x22, 0xE2, 0xF6, 0x87, 0x82, 0x44, 0x38, 0x80, 0x4F, 0x4C, 0x75, 0xC3, 0x5F, 0x12, 0xDF, 0xE2, 0x7F },
+    { 0x07, 0xEF, 0xDD, 0xB3, 0xBA, 0x48, 0x72, 0xF1, 0x40, 0xB7, 0xF8, 0x32, 0xE0, 0xB1, 0x5D, 0x80, 0x0F, 0xC2, 0x1C, 0xCB, 0x5C, 0x25, 0x68, 0x2E, 0x10, 0x41, 0xC6, 0xDD, 0x78, 0x04, 0xD1, 0x46 },
+    { 0x21, 0x37, 0x86, 0xD5, 0x37, 0xC9, 0xE1, 0x51, 0x33, 0x72, 0x5E, 0x43, 0x37, 0x01, 0xC0, 0x66, 0xDC, 0x6E, 0xEB, 0x2F, 0x8E, 0x7A, 0x07, 0x10, 0xE6, 0x51, 0x07, 0x8D, 0xB1, 0x5F, 0x09, 0xEE },
+    { 0x4F, 0xC7, 0xE3, 0xE2, 0xD8, 0x7D, 0x7D, 0x5D, 0x59, 0x8F, 0x2E, 0x80, 0x88, 0xFC, 0x08, 0x9E, 0xDB, 0xF8, 0x8C, 0xC7, 0x80, 0xBE, 0x8E, 0xC3, 0x64, 0xDE, 0xD1, 0x62, 0x43, 0x86, 0x41, 0x9A },
+    { 0xD1, 0x1F, 0xB6, 0xEE, 0x53, 0xB2, 0x45, 0x24, 0x3B, 0xEB, 0x8B, 0x9A, 0xFA, 0xC1, 0xF7, 0x5D, 0xF6, 0x65, 0xB7, 0xC5, 0x77, 0x1D, 0xFF, 0xCF, 0x55, 0x83, 0xD6, 0x68, 0xB9, 0x8A, 0xB2, 0xA9 },
+    { 0x39, 0xA5, 0xA2, 0xD2, 0x6E, 0xC4, 0xDC, 0x08, 0x2C, 0xA6, 0xD7, 0xA3, 0x2B, 0x43, 0x7B, 0xFC, 0xA2, 0xC2, 0xB9, 0x6C, 0xA2, 0x6B, 0x01, 0xF4, 0x89, 0xC7, 0x68, 0xE8, 0x9B, 0x3B, 0xE1, 0x75 },
+    { 0x12, 0xFA, 0x98, 0xB8, 0x74, 0x0D, 0x97, 0x01, 0xE6, 0xB3, 0x9C, 0x03, 0x23, 0x79, 0x4D, 0xE4, 0xB1, 0x73, 0xB3, 0x72, 0x91, 0xA2, 0x3F, 0xFD, 0x7F, 0x58, 0x0F, 0x46, 0x58, 0xF3, 0x7B, 0xB6 },
+    { 0xD1, 0x02, 0xB2, 0xF5, 0x96, 0x76, 0x0C, 0xA5, 0xAD, 0x82, 0x8F, 0x79, 0xFD, 0x43, 0x36, 0x91, 0x57, 0xC3, 0x55, 0x9B, 0x54, 0x3B, 0xD9, 0xDD, 0x87, 0x92, 0x97, 0x2E, 0x44, 0x11, 0x9C, 0xEC },
+    { 0xA8, 0x79, 0xA1, 0x33, 0x78, 0x2C, 0x53, 0xA3, 0x59, 0xE2, 0x8B, 0x34, 0xA7, 0x26, 0x58, 0x64, 0x6A, 0x2C, 0x9A, 0x5B, 0x86, 0xCE, 0xDB, 0x23, 0x14, 0x49, 0x3A, 0x9A, 0x3C, 0x8B, 0xB4, 0xD3 },
+    { 0x6B, 0x6D, 0x38, 0x6D, 0x0E, 0x46, 0x0C, 0x8F, 0xC6, 0x25, 0xC3, 0xC6, 0x20, 0x3A, 0xD4, 0xD6, 0x33, 0x53, 0x2B, 0x0A, 0x21, 0x71, 0xC3, 0xBF, 0xF3, 0x9A, 0x50, 0x82, 0x85, 0x05, 0x17, 0xBE },
+    { 0x64, 0x21, 0xC3, 0x5B, 0x8D, 0xF6, 0x43, 0x40, 0xF4, 0x89, 0x32, 0x1B, 0x75, 0xBB, 0x75, 0x96, 0x7E, 0xF0, 0xCC, 0xF4, 0xB7, 0xFF, 0x6F, 0x80, 0x0A, 0xAC, 0xC7, 0x50, 0x50, 0x8D, 0x9E, 0x56 },
+    { 0xE7, 0x5E, 0x8B, 0x3C, 0xB4, 0x79, 0x26, 0xF3, 0xD1, 0x7D, 0xCB, 0xA2, 0xF3, 0x13, 0x3B, 0x0B, 0x4E, 0x21, 0xD9, 0x04, 0x01, 0x22, 0xE6, 0xBE, 0xCB, 0x00, 0x85, 0x36, 0x4D, 0x32, 0xAD, 0x17 },
+    { 0xDD, 0x77, 0x01, 0x94, 0x80, 0xBD, 0x1A, 0xAA, 0x5E, 0x1F, 0xDA, 0x25, 0x1E, 0x0C, 0xF2, 0xFE, 0xEB, 0xC8, 0x0D, 0x92, 0xF5, 0x9F, 0xCE, 0x6A, 0xC4, 0x7E, 0xF0, 0x5D, 0x70, 0x1B, 0x93, 0x15 },
+    { 0x20, 0x74, 0xC7, 0x0A, 0x62, 0xF7, 0x92, 0x1D, 0x24, 0x48, 0x8A, 0x0E, 0x1A, 0x96, 0x81, 0xCB, 0x0D, 0x9B, 0x0E, 0xA5, 0x47, 0x1B, 0x15, 0xC8, 0x04, 0x1A, 0x1E, 0xB6, 0x77, 0x2E, 0x45, 0xDF },
+    { 0xB9, 0x74, 0xC2, 0xA4, 0x9F, 0xDF, 0x58, 0x22, 0xB5, 0x97, 0x5F, 0xD1, 0xC7, 0xDD, 0xCA, 0xD8, 0x35, 0x3C, 0x41, 0x2A, 0xA3, 0xA2, 0xB5, 0xC3, 0xBE, 0x1F, 0x6C, 0xD5, 0xF2, 0x4D, 0x41, 0x13 },
+    { 0x16, 0x0F, 0x55, 0xD1, 0x3C, 0x02, 0x6C, 0x23, 0x15, 0x87, 0x51, 0x8E, 0xA3, 0x6A, 0x65, 0xCD, 0x4F, 0x7C, 0xE9, 0x47, 0x0B, 0xE6, 0xB5, 0x97, 0xFE, 0x2D, 0xF2, 0x0D, 0xDE, 0x86, 0x31, 0x45 },
+    { 0x28, 0xE3, 0xBB, 0x9B, 0x5F, 0x64, 0x0F, 0x0E, 0x02, 0x4A, 0x62, 0x95, 0xC1, 0x92, 0x0C, 0xF4, 0xEB, 0x95, 0x7E, 0x56, 0x7F, 0x7B, 0xB9, 0xB3, 0x62, 0x67, 0x0E, 0x43, 0xB1, 0xDE, 0xA1, 0x5F },
+    { 0xCC, 0xB1, 0xF7, 0xF3, 0xA6, 0x78, 0xC5, 0x96, 0xC6, 0x5B, 0x4A, 0x81, 0x51, 0xC5, 0xD0, 0x63, 0x03, 0xF1, 0x28, 0x56, 0x44, 0xA1, 0x28, 0x31, 0x74, 0xE0, 0x5B, 0x72, 0x3E, 0x20, 0x6D, 0x11 },
+    { 0x56, 0x1A, 0xE0, 0x97, 0xD9, 0xC0, 0x64, 0xA8, 0x6B, 0x46, 0xA8, 0x18, 0xBE, 0xED, 0x4D, 0x47, 0x68, 0x2C, 0xD7, 0xC1, 0x1D, 0x39, 0xCE, 0xC8, 0x1E, 0x6D, 0x15, 0xB8, 0xDF, 0xE0, 0xD9, 0xC5 },
+    { 0x8A, 0xE4, 0x94, 0xEA, 0xE9, 0xBA, 0x5B, 0xD4, 0x4C, 0xC4, 0x84, 0xC7, 0x81, 0xB9, 0xC5, 0xA1, 0xB4, 0xF2, 0x73, 0x0B, 0xF9, 0x5F, 0xF4, 0xF8, 0xEB, 0xA7, 0xBF, 0x6D, 0x8D, 0x36, 0x50, 0x1F },
+    { 0xD0, 0x07, 0x3A, 0xCE, 0xED, 0xCC, 0x96, 0x17, 0x11, 0xE3, 0x69, 0xDC, 0xD5, 0x05, 0xEE, 0x21, 0x59, 0x1D, 0x74, 0x51, 0xA8, 0x57, 0xA9, 0x98, 0x84, 0x73, 0xEC, 0x95, 0x08, 0xD6, 0xC3, 0x09 },
+    { 0x0E, 0x9F, 0xA8, 0x6B, 0x7A, 0xD5, 0xB3, 0xC2, 0x0A, 0x3E, 0x6F, 0xC0, 0x1F, 0x8F, 0x38, 0x9E, 0xE8, 0xC9, 0x6E, 0xE5, 0xE4, 0x81, 0xF4, 0x68, 0xFE, 0x8D, 0x6E, 0xD3, 0xD5, 0x5E, 0x38, 0xB3 },
+    { 0xA4, 0xA4, 0x0E, 0xDB, 0xC0, 0x57, 0x6B, 0x64, 0xA3, 0x58, 0xC0, 0x42, 0xE3, 0x6E, 0x2A, 0x46, 0xE8, 0x4E, 0x12, 0x4E, 0x82, 0x4D, 0x7C, 0x18, 0x0B, 0x2D, 0x77, 0xA5, 0x7A, 0x2B, 0xA4, 0x15 },
+    { 0x2A, 0x05, 0x18, 0x1E, 0x0A, 0xF1, 0x31, 0x56, 0xA8, 0x8D, 0xC6, 0x0D, 0x5B, 0xE1, 0x70, 0xEB, 0x24, 0x75, 0xBB, 0x34, 0xE4, 0xD1, 0x9A, 0x32, 0xA2, 0xB9, 0x71, 0x5A, 0xED, 0xF7, 0x39, 0x05 },
+    { 0x02, 0xCF, 0xCD, 0xF5, 0xFC, 0xDC, 0xB0, 0x77, 0x44, 0xAC, 0x84, 0x81, 0x42, 0xD7, 0xED, 0xCA, 0x02, 0xF8, 0x16, 0x01, 0xB4, 0x8E, 0xDC, 0xB7, 0x6C, 0x77, 0x95, 0x4A, 0xC8, 0x08, 0x58, 0x2E },
+    { 0xFE, 0xCD, 0xCB, 0x5E, 0xA5, 0xFB, 0x00, 0xE3, 0x55, 0x28, 0xB9, 0xB8, 0xD2, 0x0E, 0x8F, 0x41, 0xB8, 0x45, 0x89, 0xD4, 0x2D, 0x4A, 0x59, 0x1E, 0x86, 0x5B, 0x85, 0x8F, 0x9A, 0xAF, 0xC0, 0xBB },
+    { 0xA7, 0x73, 0x64, 0x6D, 0x8B, 0x89, 0x11, 0xAB, 0x00, 0xAF, 0x8A, 0x59, 0x62, 0x64, 0x7D, 0x95, 0x5B, 0x30, 0x75, 0xCA, 0xD5, 0xA0, 0x68, 0x13, 0x9E, 0x4D, 0x79, 0x44, 0x91, 0x21, 0xA5, 0x12 },
+    { 0x92, 0x68, 0x75, 0x4F, 0x01, 0x7C, 0x30, 0xA9, 0x0B, 0x82, 0xE5, 0x7D, 0x3A, 0x6A, 0x64, 0xBE, 0xF3, 0x4F, 0x17, 0x62, 0xF8, 0x8F, 0xEA, 0x58, 0x1E, 0x2D, 0x0E, 0x1A, 0x92, 0x6D, 0xE2, 0x44 },
+    { 0x3C, 0x64, 0x96, 0x9F, 0x86, 0xE6, 0x90, 0x81, 0xBA, 0x64, 0xD5, 0x4F, 0xAA, 0x1D, 0xFD, 0xA5, 0x33, 0x74, 0x1C, 0xB3, 0xAE, 0xEC, 0xE6, 0xBA, 0x7D, 0xF2, 0x1F, 0x7E, 0x48, 0x36, 0x5B, 0x18 },
+    { 0xC5, 0xEE, 0x5E, 0x28, 0x24, 0x4B, 0x87, 0xA3, 0xA7, 0x42, 0x0A, 0xA4, 0xE2, 0xF0, 0x9A, 0x3F, 0xCD, 0x21, 0xBF, 0x0D, 0x57, 0xFF, 0x2F, 0x69, 0x95, 0xFC, 0x82, 0x8C, 0xFA, 0xEE, 0xCE, 0x6F },
+    { 0xB2, 0x46, 0x8D, 0xA3, 0x55, 0x0E, 0x67, 0x6C, 0x6F, 0x00, 0xF1, 0xAC, 0xA2, 0x44, 0x45, 0x1F, 0x39, 0xA4, 0xEA, 0x62, 0x0A, 0x4E, 0xF3, 0xE6, 0x67, 0x7F, 0x9D, 0x87, 0xF7, 0xED, 0xF2, 0x73 },
+    { 0xE3, 0xC4, 0xD9, 0xAC, 0x6F, 0x2E, 0x6F, 0x9A, 0x4F, 0x10, 0xA2, 0x32, 0x5D, 0x9B, 0x6F, 0x9C, 0x0C, 0x9E, 0xB3, 0x58, 0x70, 0x38, 0x50, 0x35, 0x7F, 0xED, 0x9A, 0xED, 0x8D, 0x61, 0x96, 0xFA },
+    { 0xF5, 0x08, 0x4A, 0x0F, 0x0C, 0x3B, 0x5F, 0x0D, 0x76, 0xCA, 0xFA, 0xA3, 0x18, 0xD3, 0x2E, 0x26, 0x4D, 0x57, 0x44, 0x0E, 0xC5, 0x4E, 0xC5, 0xEF, 0x8E, 0xBA, 0xB6, 0xDD, 0xAA, 0x09, 0xF7, 0x81 },
+    { 0x47, 0x3E, 0xD0, 0x4B, 0x5D, 0x4B, 0xC1, 0x5B, 0x21, 0xC8, 0x89, 0x2D, 0x9B, 0xD0, 0x0C, 0x14, 0xB6, 0x7F, 0xE8, 0x43, 0xF1, 0xAA, 0x2D, 0x35, 0xA4, 0x74, 0x93, 0x39, 0x52, 0xFB, 0xDC, 0x1F },
+    { 0x48, 0x14, 0x00, 0x32, 0xBB, 0x7D, 0xF2, 0xE2, 0xB5, 0xC9, 0x5D, 0x40, 0x3C, 0x9A, 0xB6, 0x9B, 0x4B, 0xC0, 0x04, 0x53, 0x98, 0x0B, 0xF8, 0x5F, 0x15, 0xA8, 0x4C, 0xAE, 0x2B, 0x09, 0xA0, 0xE9 },
+};
+
+
+/* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */
+static const char *ascon_aead128_kat[][5] = {
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "",
+      /* CT = */ "4427D64B8E1E1451FC445960F0839BB0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00",
+      /* CT = */ "103AB79D913A0321287715A979BB8585", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "0001",
+      /* CT = */ "A50E88E30F923B90A9C810181230DF10", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102",
+      /* CT = */ "AE214C9F66630658ED8DC7D31131174C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00010203",
+      /* CT = */ "C6FF3CF70575B144B955820D9BC7685E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "0001020304",
+      /* CT = */ "6279C4882F99DFB6D9EC3695C9F2A773", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405",
+      /* CT = */ "078A29237061C0D397B2A0E6EA5C876B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00010203040506",
+      /* CT = */ "03571475150BCEE52386848E25B06509", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "B26DFF49B1D32299DDAF77393DA1BFB9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "199B9F815BA37A386D283F504B8D2277", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "72ADAF0FB14368FCAE684504B30AC101", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "7A743A79172DA75466F25F40457A6B73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "3147BDC1FE566B1981841CCF2A6AE34F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "020EBC69E08706864E71E3D1B58B357F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "A82E222AFF512CDBC3DE114D906F19EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "6FC17A2738F9F525213E59384FB75037", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "B747D3235E971C20D00DCF87406938FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "D990A242654D0741C7525E6F903653ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "578A86396447B8A041BAD515A601A34A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "8DB8ADA4D118B78363846DD3541E2189", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "60ADBE0BFFAD8E8A261E6B8CA48C75DF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "C85D563277DB0C83A2B4E94CD6EA1AEE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "211A251C1766C2E5A3FFDD74B03B2529", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "12004754BA17098AAD179E061E1749E7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "B0C8E78E5E9091F5005D79AABDA96DB2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "AAA1A35A588016DC63EE291946FC6154", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "166C67CC262390C81596F8C463C87B00", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "143DB82F41FE376CFD53D29675078EAC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "6BAF6585E8FFE8F552780C7EADC7DA28", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "D1401CB996969FD5F721A422439DFD2E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "78362CB020E6CE64063595D856AB9173", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "2C899FF0082B24C0E179399DE588F918", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "22133A313FBF0B38029A45870AADC542", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "",
+      /* CT = */ "E79F58F1F541FC51B5D438F8E1DD03F147", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00",
+      /* CT = */ "25EB4B700ED4AC8517DCBA20F673292230", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "0001",
+      /* CT = */ "49BE454D8C97E1EAB5119BF47D3654DDE2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102",
+      /* CT = */ "D2FDDB3A70AD9A1F2BB342615B97AB191A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00010203",
+      /* CT = */ "4AC40555DC0E91960643A438D4EB371137", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F3F5CE816E7C1BA5F7453AB9D526B82D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405",
+      /* CT = */ "7C56A3122EC3F0FBFC89C725171061705D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44ED28EA9A451BE731C7D5B4AAEBD97969", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "10AAC070D4736FAD110E011A42D813E453", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A3D03F3A5AAB12316DB48C0ACFF1B6D0F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2CEE4C21C5E8BE47C62801CF8F99C0F68", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29046A1589F368954B3B520A1582BF3999", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBA99810090A3340A198FF6B536BAFE22E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4B9B02EEEE46735A799825D48A5793E1C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E1B69707A42C085AB15B212E545AD48C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B0EA3438393984BFBEBB5642907A511568", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6AF88FDEC9275574DDA9C51F390C301A4F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "98BD6CB9C387D71D275A5D50E5525C643C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "5012CDE984E442C183285468CF95509AAB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64E8A535661ECD9BD9986CEA0A46A8556B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C31E5D2C32CD3BA00B03595D1D80580E5D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "99B94D9B0FDC389333390F467DA793DA18", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "36F8BC8ECBE5373E8CF98A6AF971F4FF82", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C03D53C849AD1DBAFE0CA9084AB60E4967", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BAAE9C333640BCBD5AFD22A6D086BCD48A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4CF2085BF59B1F8D21FF2690EEE3A54E45", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "12647E22AC5BE3FDF70E9FEFC249AD38CD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8B1FAB3F10CAF5CDC2E84954AB7F4169D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "669A01C76EF9F95F4B1C77C362D3789B62", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26C5395877E5027743965CF9CC5C8364C0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F9B7E3321C6F13FBC36CB520FF40E398E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "145D307EAA756D8BA5D06A0BBE704B37CA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C6977B26283789F81CA53EE0C984D3FFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "",
+      /* CT = */ "E770024EF7895C325CBE02EB5FBE6F9D7E8D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00",
+      /* CT = */ "25FB41D2732019820A0F8BAB4248B35E7B0B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "0001",
+      /* CT = */ "49E57017A30E8073D1FA284AC8346110F89F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102",
+      /* CT = */ "D2729AEF0954A0B62131B41B77BB07DD1BDF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53C3ABDE1911DBBAFCA250E82B32E6623B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F82CA8DB431D4C88044A58AD984EBDB0767", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC825226D46FFA5AB35DC4F3802BB252B5A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00010203040506",
+      /* CT = */ "4486D2C8ED8489C9E0D04DFFB8F412149695", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108639EF290EA2810D6A1C03649CB66F6D94", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A25B328B990BF7D77C15C621519779A7126", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F4C9EDE27986D157E41FBAD2D2C805D070", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FC67CBC9D0678F451F593E4C827661F84A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE3268C0D34744D396B233E7C9FCAF5DE6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE58B7A9081226609FCAB0FC439CA9BA4DF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E58968373B211EA0FC538D8AA77E338CEF6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03EA80E65729A8CA944EA44BBBDE99658C5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A2834C4A74578201C95C841BF174402B238", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813A67DFADCF44B938B0DDBBF1C246F24BA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DBB47F895CDE177FAD82CB3C7341A4541", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64ACD2BDDB3E2E206DF00A71418289215105", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C3050C85A58C4967CD61BEFF2C6A5E6D1513", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "99493C7D15D98F80584F6A2B6F19E7827DF5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D092115E687090CE11EDB6E83B4029D51", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EBFBE6F932F2EECD51DA65D220FBA68D7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35F45A5FB21281E4701FAB3C9ADEEA1170", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C8393FAA9930679187C22C63879D6A4A714", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244C10C58F56790662D4E862E0D3595864A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C800EF8E732F5D80CF31022F0A48CA7F5594", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662DF08B8B3404A00343D5D4E616F29AA76C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6577F6634FE09EB7B1B7EEB6D7DA61DF1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55AB1A2B6B649ED9885B1BA67E8ECA6780", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B95CA9B935C15006A74174A16962CBB75", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C0838C27A7741EF0D33DD0312E48657F5FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "",
+      /* CT = */ "E770D29AB195F40EE49B127840263B2A7F1356", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00",
+      /* CT = */ "25FBE4381FA4B64A6C6A5C06030EA163AE8082", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "0001",
+      /* CT = */ "49E505D644B6A140B7305500088BBD30A5963B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102",
+      /* CT = */ "D2721F2ED83F53550FCFE2188D4151162A3F9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9F9BFC2F512F9E90288EF5E4728C4D4CC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F8202100240F484078227FF47F85A47E8CB51", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88B34BECE08E696ED8F527D0C89F05101DC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864F9D866CD8429604894B45AFA35053170F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "10864087901895D83F4902B68968EA8433A7A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256F60B6870387756DD121FEB63276B3BD99", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B3D4DE1D4214960F7A2A312527B2086CD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD8FEDFE3A8C68B307ECFA86DBE97E5FF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D722692214C612F12FEE54E7A3E5565AA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547D02164F9B18D92235BB8804454A4AE83", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E5892E6A4BD2A1951254CF8FF9004606EBD18", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607B87982471BC3CDA0F4066BF58758C5C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A2821C812A75544ECBADC70A26480FEC45461", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B79BA0B8F4055963CCF3A8169D250A9E42", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE33089D4192C97E31F939A3A5D6D7AA0C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC7287B8B140172FF8B70B692323AEA189AE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB4A7A86AF2ADD545D828ACC346C47485B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "9949846BD638424096EE64054A358F2ADED190", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61B37E6666E07C7B973529587D2C1F9820", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA797B6CE28687236364C82756322ACF3A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FAC0B48D847EAF787D6310BD06E0155FD2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29C7591CCB1C4F0BF7EA01E881C7BD878", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5EA6793A91968167CF94F833568FDD265", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E29CEC49F148B8540BCFB863DD5AADECE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D52606D8469F7BCD07C8B4090BF5507BD04", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E702A8F08E0F97B8782A248375B88D6794", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7460C590C19464890AB2EE78C127254F9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8BD2AD5A687F079420012C341C58166C81", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086DCD5125F2AAC592072AF93BA58F4C466E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "",
+      /* CT = */ "E770D289723DBD7401E58C36EB488D1520305D0F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48A550AFEF7CE25BA45A6F0418AB2D671FE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "0001",
+      /* CT = */ "49E505472EF152646BFF0BF584748E6702CC14DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB763F015C201A7983C9D5D36B463D1E0B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D996863A6CE3E220259BB1D9405103D52E73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273AC12205DC254A4777C873A050DA7B6DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDB4AD0FAF4F1DD4F40F80141148AF93D2E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD3DBEA4923D1C581EDDA1ACD0070C6D7DC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BDF5755D678B2C03A9D5F97DFBAB13EE71", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBB24744AD22D95E3208D705E4FE91C95D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B08E0460C35AF5C3CBF5F1D4E626FC8D558", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75D7877CB464B49B5E93A0EA495F0319AB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88AF62A4D15B897B118A05F9385535B3C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE54773774E373E54CC5D746C6CAE56D4A540B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270F4188BD0B38DBF880024DA167E143173", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E6073927D845ABC584B40206A1E4520DC28AE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215EE219C60F71D317B2CA232101CDA4DCE7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B701495B9FB1286FD97880A182818688150C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE331256A6B92A6389F9D8644125E716A52F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72124A2C2750525514AAA8720C1E73B156DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E9A9A7833C5F6FB36BD82F1C78C322678", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D4BADCDC5496A1358D2540B786B8B2F04C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A83931283B9A628C1A5E82BE2E81429813", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA779641A28CF5D536DFAFBCC99681BD2DFE4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7EC6E681B74F8CF58575D50FD3DE1B03CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A2969AB6BC3FAE40BB8EFD7109C7622D6AC9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1167196DCD6EDC088A6D1FD392B0522D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D3B47F7AE734361A6C94058DDD037238D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D5219BF07F68001CA1A177A4F5011514E6BE5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E7657BBD31B35A10BD09C27381DA60542992", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D705915580B4AF6C588D35809636A697B148", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25A30CBD1204ECBB79619CC02A3E2ED020", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27493689F2C080418ACF11125FDE5C2F91", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2E5705A06B6C2FAA93CC7108B5B1502B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC1C46C0CC9ECB8CEB25053FFEC2C4AC129", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA6CC8555CC75D28EAD641E90E631BE359", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB367493484DB51C8BBBC43E1A1D14029689", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D2C7DBF3BEEBF01EF347B8C773A6C17DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C61B8B77D367C0D86E0557A43039A0A506", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D993149407C6FB863AFF9894C309931C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD33743ED20D7695A424D3505E437B8501178", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD714CD79EEC957DBC9D194598C083C982C7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD30168BBA48AB95240EA22A53A13225882", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B0813F97AA0A08CAB30E34A22B72D4F06F35B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A40EBAA64F602CAD77EAF94419624A64BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D8862AB4D9A818CFE0A9772010B53878C93F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736B01309C6DA7218E0A44213CF96D0D33E2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB4C2A2A5F6A3A1586722395B49C06057", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317FE6FE606F09A10C9C0DCEA94B35B44A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A7B7D538B7076F7061FF4854FD882D3F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B70130B49A4D7FEC9305A57598B9B85602F87B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EDF7C2C3ED1EE637795B45161B588223A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E3413D5D1308671462856E8461DED4635", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E85B924A8BE14FB58D6CB2515C3FD5FF59B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48BECCFF2A29F142D5AD83B87E1C41B3D76", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D44E33E09D28285ABB4B34325BD3C4504F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792B355FEEB4EAC92C8DD02EB28DA256C2AF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE0B6F05413DFFEC1812B3C7BBCE709732", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686DC383714EDE30D9E1038E254DD33F5E0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B44B314EE6524B54917F90897F9D09548C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D44D34441EA7867C4A6A4472C3431D17C4D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D52198071651F8AB4CF52CD8C51FD0007A843EB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6F4E62701284C7B0033F6D40F1E6C862F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051DB231505F18918C0EAD574C471BBF1939", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E57DE5241D5B15F6259CDF96A9B177DC42", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3EF7065D7335F3321905C61C08462E879", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A4A5D8FAFA197CC29BD868CA5322B1CEBE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155289C7CA4B7561222452AF2417C8A4A21", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C741C71BFA1F2CFDCF8CB9F7E4504759E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5445CD7AF443EC7E6B305B93601A578", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D879358A83E1F9B487EA884B4E9D9854EEF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65287B01F7EB63572CF2E2A5160BE11356F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D7E5D53D8457FFB27516E44D6E8C126CA5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BB9600E5823A16A22384F826CE85791ED6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71341DE5B02980F6F8E8E1F8C4D852E25DEE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3724F7272227A805D7CC4EA25F9F53D4DD5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B0813120C401EB1FEA272BFF28E4431A587A458", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A416204DF88D4BEF5CBFF3DA03DF92F50422", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D886219CE7737ABB8B52EC3ABC35921336AD3D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE14CB26786CCE959BFE361E05F823DDA7D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB802D06896BF3932C4CF603791221D2402", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A295B8B855240BA70D70DBB90C0260F3A8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A60D8D2B69BE469A05A58C36DB58BB6D962", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089C4B588AE68FADC469AD3225FB3662F01", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4292894D9167763AC2F49642BCF1C0E24", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66DC69F8DF81A340F47A926C6C42994536", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DA4BEA085B1C931A90B99BBECE8CAF07D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B445900E803B938F327E6E3288CC67803F3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D48872C1D6060F6B69678B41D2A59DD84405", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5BAC971D7B4A4248A9B5CBC8530701E58", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7CFC2F7AF7D89D0E032826E294B20EFBFC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE9274F8ADEBB2340320399A5EC0D6B202", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B4351FF1DD8DB594F774870E89010D69B0AC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447F6973726765006319B0E81F3EB320C6DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D5219804260C037C4E8481FE7029C95BED1C5050E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BF495D976762756C7FF4E315D76EA70B8A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D74EB7CC65835F3CDB97AA9F5289A28BC06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E40CCC85994F5B78A7D9B653BBFD144A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A036B71D170118B82192E7EFB2FBF59", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44A71B1ED9117B692EDDB148CBB6699A7F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C100336794354DD81E8675EB922524452C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C750523D92CE28F16BEE9E75B5034B8FF6F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB55BEB58E640B6BA8C4B08196C990FF1F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BF82DD40FEAC052EA4192AB813105B30DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C652463A0DF41AAED674E9857368BB6B30DF04", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D706B12F30E2303D3EE71E6DD3F6951776D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF29552F1B2C0D86C197FA779F20E97B75E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345CD3B1EA3C08BEA6AC30A74C48F7BC2E2A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C3A42F7FF53E518AD829BFB2FB5D19661", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3CE46331B924130CE74A112F778AB5FDE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163D7DA036D478F46A21A46781D675C11D5C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912082CE6BE1330DB520598448155AA0324", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D88662A0E9BCABB519E4A44A6107F823AC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89B5B5A7884AFF4E587F96533EAB43DF6B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251CCF75D8ECB57BA7863E7596EB262A0FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FB68CB1FB348DAA426A508A4F09F229D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB2A8E65EE59764BDB6AAB789882779EA8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528D5EC577018F9492C1EFBC6C7E330F4C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A27AEA1C013E631E57BF078868FC1ED894", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF97219BE37E416B942BA4B1A4864B9BD2D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B4BCFE48FEFE0BEC3AFD95C7983A9A2F4E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E80C2E81C095D6F5C9A7C492B124475EA0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9CA2A7EFBC273D59BA25054E3F804A39F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C78D9A4A41EAB23FAC36B8C90458EF56538", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFDE1CCF11C4994F35A1486E7650810D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFC824FB3C14F170CCDF906C80674A20C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA490C5F38FD825E6B97B266FCFD6F8C77E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423C1E08A4C2AA892BAABFF521A74DA0C43E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE78AE8E46C5A4321B9FAC9F0A917C020A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D747844B4E03718503CA10850C78FDC6BB0F5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D494C20BA259DACD1C527859F4059302E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A616FEA454758AAD99D6EB53AC3975DE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEEB076C632E98C61F69CD5DB919B58D204", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C10386CF87FE743D9A2A627FC00DAE5B9B52", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C7547950D3B9804241712431C81D23C03D7D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E1F8FD3F2BD9F0FF14E7F0B9EBC084D752", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED09BE0A67072FD1F51FE5B1CE7E8BB84C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B7267A2CB1C513FE65991DA288CCBC8985", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D706056C8B219F65945332DEDE9303DEF1D5DF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF2374302FC5DAC7C369371C7171FADBDFD47", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6E37294FAC4BDDCAD22EE5E7178D20132C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C8215F807001FD7678E08FDCD6B37EE9F01", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8941D7A98139835C2A973E67E6361008A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE384DDC15FF1ED2C4A0427C605CB4641EF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED8EBF251E9D01F44DA85C293FC268DF21", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6861CCF3287D781E0377726F81AF65F08", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB2779FB252BD1BD51D3C48C5505BE0673C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B0D199FBBA97AEFC56FDD43971B6A765C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FA5E3DA35C3EDA411E8D18EA4A253DC57E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB86E59079F8C17FF9705EB3F7B599004E40", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528EE3CEB4CBD39E65B1E4328E8300D8FCF2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202FCF75807DF1FB9524BE8CF4213EA5F4D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B3978F03A1502E04DCEA4B4B8DFF15680", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B494882DC9077A2CF12F66D31A233129F015", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB184219C4DBB58348FE5ED5B33032EA06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F96293FE69533B1263F98ABF16914DB90D27", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FE8F7EEC9EBC53BB595BFA5239AC4E987", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC501F0788B15A180D61326986793B9DE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF432D08A17E45051EB02E6C023B1D66E41", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA429B700555F01728766EC33ECBBAC1FC09F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF9BB914B8AB0E0F71FE89504E2509D42E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC2710F5E7FCFF32C81CBCB9C43289B2D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D5205F1740139CFE40E45C30027C648D50", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D0107E70967DBECB41D7BF40C2D312AAD29", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A23D39116F51D76FE9DE67890FCCD7DC3DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7C61B4623AC9931D92AC8AAE3F9F78C0CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103926FD82C34FE8EDE74F8B4BDA0CBE9C500", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C7547848EFD5E4DE60C2580C4B48AC4ACA27F3A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C360520512C49823ACBD6701966E57F77", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED68CFABF4D3B0A4D69F1D04681BF6271659", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76DE40951C91F2C8B18097127BB1C1B59D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D706059738292F22EC49DDF614846D1712D03227", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DBD36368EE6094699B36657AA033BECDBC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDCD66C67162F61A848D296C4BCB8CBFD46", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F40E10B01156FA225437C2E518FF29C37", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C1C3EB2EE4FA2B8FE58F0B457FD49A3BBE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE31931F35D13C116FE3DCAA7D4CBBE18DC5E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED7365FC752813430D5A45AE29C534620291", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CD48C637890D9B34AD5A702E4A3BE8C1BB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB224589220FCB5A616AD33159ABD95E074AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B9012988302FE50D9FF044809B0D94A41", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE49D797FAC59DC5A9F1501B82DE55BF79B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A3FA3006697C92747D37905BD9D387ADB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D9181A99F3956898A8484B9B3749B9DCE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A20243012E69A8309583C1DD8C860816B1439F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F1B715DFEFECEE7A83F2D6AEA3CBA3F35", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B494468486B6FAA8AE1DBC985AB8CB58033654", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F68A302A04EEC3B9FE72DD06BC6367EE6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F421E34FD5ABEF1EC7F43B6621A6E20B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF21138EA057F2307E7DABE42D6A1C823D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3F63030A9CBBB3085CFDF2CB8F30824E0A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF48979024ABA2E259C98E89EC0C7AE18ACBC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945D03C7AD8B0DCFB190F2E9A0AEAD01693", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF5233A5E1D7348DC85F7462505CB7380BCB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0EA959D9DAC45EF5E108685791C08D4364", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53FF23AD62D658D494C051EC5D937923F81", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B17CDF0E9E7BA08769A9AAE211125F0E26", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A23336690C8B42C0B811E74CE6CF0A5F563D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0BA5DFDFE05DBAAE61E1DFF349BE58240", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E1EB44A2A166AF15A0D997B8DA642C1C2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F225F85AC672152F920DFFD248610090CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C68689CD8F01AEA3BE660AA60EB692DB61D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED6865927D89264E1BFF075CDB8A00F62CD434", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4F38773704C9B4C59E40007517BC1E5182", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B8FC22EB913A41CEE3F01069AFAE92001", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB149250FB8864B8C59BCE4F417F4904C5BC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AE686279EA0C1723AF33EADB5D77EF381", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99F8B1E7E8AFB03983E3B524C05CD53C6C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E1F2E1DE986408917271CC2891D55607B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4900103A5D1A1AA33ECBEF7CAF2BBA7B6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737E8F5A49E06C52CCEC4C58AE9CD82BB5D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE16E3F167A11EC658130C12ABAC3BED8A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB224085211094DF3959B58E71A4F01F5CAF39E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B307D04637B673770952AEEAD496D4BFA99", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE4204CF4E4DEEA8A532A6A5ED5DEF5B3E900", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742548E1054AF955E532F91979A03351D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BAFD6B5ECC9AB43C252B5F0962CB530EE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433CF2A6BA2326DA11905798274116CB9E1F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8A5C2433C5F7100D27481CEF49FD9590F4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B4944609DCF78D702E4721439B6AA051D87E6E8A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9FB23B82932FC6DB68696A860BC26860EF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F075E48C7CB297F1ED7C963194FB3F18D03", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8BE43287D0137B079F940A363371F35AD1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD44B88CAC3F60962B510675C7BFB9102A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8B5AB5B2897B7F18A9D3B284B13D9E440", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF6560FE45093C9B630E9AFA02B410E568", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E0CE321AF34D5A1A1B7C6F11436119ED1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E259544D5F21C04650FF36AD994E43C966F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BF5FC3DADAC814E396C1B6B339D1AD36C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B1143974536141A7084D3A4AFE730ADB0E2A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFF9D363D14DCC737C8FAA67ED066DCE62", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A4E063D016DE47F98A7F0B1B344410A944", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E5969931EC0AD6B9CB14904E9E9BB49A02B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A67F63DE77E7B898037AE971E9EB4DE8D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872614B633DCE534A333E506D26086966C7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED6865858439827C1BB65B7DF6F235BA8D648A5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8AAB99C2E9AB1E0C6F508FE31D857F862", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCC9AF5943FDD02FE0070703DD45BC3AC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14137BF76BE1C0CDF453929039B6C70282D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC6E3CE10C6733FED240C25B2A6E84D515", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E57762B45EE4594348B19B8CDA7340B1A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E8423F1450500AA811C8CF28D360E0308D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3CBCF82C6EEA838AD617067B84CFB72D4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EAD74F20DC2AA0B95BE083FF167AF1545D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18DD23F4612D23A2B27DE8E591246F186DE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408043B62031CB3A7AAC293EB4A2088BF68AE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F7B9743D878EDF9AD8BBDAACCF10778A47", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095CA57296D9A38F281EC0758B893057FB6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4A403B2F87FE884C6B34977053543418", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC4A249F078C51F6ADAFEA0BDD4D11683E2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C61935F7080C32B1CFE757146EE33720C24", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA25CB842C09B8087DA823958D45441CFD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092E7AF0001B616272F6DD0FAB613454B020", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57DE9FDF3153B4BE00C987A6C9CF869D2D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A27DE83E5306C4D7CA5E9A9883493C868C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7EE8F2F5B376291234338F5EFA24CBE3B9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84BDDF4C43F10930D31BA83B84E86DD104", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD1E9017A1E8EE19988053A60809039AC8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF666CA598FF75070E3CF50D46A73CF41CA0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7ED135881EBD6EC718B52FA5CC8308DA35", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E258877A2D836356067424D228A3A84DFC81B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA0A8C8E06FB60BF627305F287F7EFE50E6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422BED79619A10D8D2CE95A45E25D351D27", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC76375353C06366198CA0BD8954829EF02", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48E4E6A4FF286931434579C0BD704E3D915", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C6EC1848559DA4A363E0D56C6136CA07EB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F9F8D75BF188E83D1FBC93582BF15A3C33", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C687244E486708610E62934EFBDC6D40E90BDE1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE55CE0EA2422AA3F2790539A216B2AB8F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1AEE5F251B92BE69AE7BE8C89773CDB91", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD1ADFFFB6527B90BB2C394274D17FE1A8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139B7C534D271A620CCE5E9BFCC1AF3570C0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC766E448981134131AAB8BA7BD2B4948AC1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C524303CE4F7C99AEEF2CAAFCBD508A4D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F97741939E99018CEBD55AAC85DE1EB39", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E47C3ACA1BE5DBE1F4C9A7B0E99092CA56", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1A799EFD6EB3D1DAB69BB2C2B0BECB465", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D14FBF208AF27A909A0AEF11E5C7A3B5612", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041D52241FA8E32B128F5E340BE620359204", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744D69E011E60E55A63369595A289AC97A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE4209531D4FF11F1DDE01A82ED0B498E24715DBA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C178483B900A69B3A53241256131DCF25", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467DA548BFFE42584E2DB089D51A61F0718", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C6182716AEFB3022C5BF9E839A1CC8BF37D0A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA4495787DE780A1410B50BADD84AE0639F4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE2998CC94BE03B4FEB2225C6D186B45E72", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D72494D4268983B582233D1A4CA96B9D06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A2669F55B4B955F999281B76702DCA2B2FD4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41D925132755BEB256513FD4D0700CB058", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD848971F914441B4F89AB9349105D8CFEE382", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04329783BC8F04053DDE5FDF957B79B219", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF333842BEE2E89F4BA375B92319791924", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4FF79E9AA6D09FEDC587AC9D44CEB64F85", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E2588660EF98E139504F92E5E88FA0A89D22F75", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03E5AB7A2238074E8D0D53DD40591C49594", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D98F455B73B776EC563854B20000D888A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F2A13574D9140D012B69B057657168818E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE38A71EC52FCE382042598A9F3225DFA3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C8EF98D2402A1EB6A3DAFB2A289181C79", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F9364929F9146287F322C38010C1BBA75303", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449BA0F342779F302DA386F7C15096E69C72", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A27B9DBE171DF9A348075E9B55005E247", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD3801FBA7E68B45285FE7FBDC92A2B57", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35502854FBE4C7136EE5A7D1DC40E73AB8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6CCD2ADAF132C61D96566566095F0DE2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3D2F959324D042C62BB360F3B2C5B19C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C52502748AE50F4343902A0DCE8C350D6456", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0AEAF8A7090E8D948AFEA26489B148EAB3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C90D5E2CAD1CC203682F18461D2E866D44", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B1E9DDCD35A88D280627380D6EC8474F1E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430CA3A5C60A60EE2E114D4D9BDEFAA1FB8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF90E30886E64690DD108B34620EEA8DF8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B75621C217F4E7AF4E84B280D94C99C621", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B82B3778B933598FBF3F4359D11261C31", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C1312FDC6CB8554CC51551385A3601012C9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A0AFBE21674E55C72A620F62A5A1410403", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208FFD894880B66C4D42FEC1596C1C97F79", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F22B29F278C6A5BB2E2D39135B246A5BC7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25E7570242793792B517BB860A3722E2EA4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D793B5B4FB493189636C7647E4D8808321F6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6038CE2EDB4B683152454A4B55B811B54", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC64BCEC36CB18E75163D37682B751D520", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6B49D86DFF62950C9F6409973FF29008", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B825AAF34585583E9797A3F7A329B5A600", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF533699F68050362B334F1E277DBA824795", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BA954D61B21523C507EDC8347ED5321B2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657B1D673F89B0B6077F7E2DEA7807A9456", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF24EB02FC8C4B87890382A7A4DD085EC0B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D940315A23C1ABC358C74F53E749F2C4047B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F2218C78BD40D7174F8D158AD297EB11E029", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5202E5BAE52DD5E452F7B6B843B163BAB8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C8814D937B0BC7D7A26EF5BC0E802F14006", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED772921C0C30D6F85E660B37F1EB55EF0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B1132F55C1D299956030E69273287971557", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A284CF180A87F8CA62B92F20C9BD5061475", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD776A6935D3E1DCDF8377826D3368428C0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DA86B4B88395FBABC8E6A07A29567836E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E67C2B2455146B3D1F3CDBD39C2B09CE3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3B0A3FA61CD4F30D9EAD0901AB5CAB877E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CB77DDF9FACC702DFC3CEFDBDC016B1A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBC03813101144C22ADEA4FE5131EC103B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F1128694A9AB183C5D0B7FB7C13A27916", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FABE811B4B12E9A3F07BE943CDCB5EB48", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BAD091C881BBD3327261B2832E39609AA8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D5146B49BB9D27512811C20B7D049DBCB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71940A51E5C77B95B21AE9E5F0F164F63B1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B181B3D95D5B6158D2F9D65BF3A4B8D6FFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F156CE91ADA5289EC9C29BCA4290D6289E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A023D237CDE3BA8DA27A628B15F0DA8FF623", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B20F4C73EC1D1886C845CB9C9C2C48B634", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BD41B2B9605BAF759111600266D7038C5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF588BD05CA9FB8C8C39EA1F0EC85043235", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D793502A2BC48F545D62DDEEBA429E23503974", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF9ECD0D84895061B602DEA18A93DA7855", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97D9E06997E811FE95676447F495557561", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F7ED81CA474F733D33A115BA1441765CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87BDF9463A583CDB25B513124CF11CDD5ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375C2DCE9FC6FE329FBF4EAAE5DA899631D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BAB00E72894846E6609319E7B6AB9B6BDE1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E2588665748B7EE3A213082694FF1C6890EA307667D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF29056651660C3375F3EC4266AE67C182B81", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048B35BDA0F89F7D79A585662310A0012A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172ACE6260894BB22E96C9F382ED552B5E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE52749EC39B48260DF0B8692D1D5239800449", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A51F1BCFFF90BD2D2D447D0D8A505CE2EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED94FA56CAB84ED5A2F5072AB61073575470", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117BB3FD1597C7D3982784650EF9AEF01335", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7B64D3EDA09F51BA9F7D619E4C5E77EA0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D13DF95A28388A8DCC7E183097DA04EAB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABDA04070DF1B7072B6E293E6CD58886C1D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1DE26C03879885A624B66C9FE102B9168B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5BA16E25343D2B86A32C7D8D32C155108", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC5B180260510D28819F1793CBBECAAED7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB879E776B6AAA1492138EA11CEFE343049", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D9397FF85D0FF19F13891279A3C9EB5F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB4375E0EA77576881C298A6FEF1F738A8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA863DD0B48829CD59A69657488076F36917", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55086C4318F5C1FC91C1CD83352B6479B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965E2CD4BEE393F2DE0D8CD8B8B4827E6E9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187FDC46412B80E88264FE2415762FC76486", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F140C9E7558506B8277CD46BF4619EF4893C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391946E05C9402166B0CFB2E25844EA1277", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281A88BAD044AD709F21728F3EF541F8F3A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADBD6C6675A7D44CCEBEAA89BE8618B89E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF52146ACC5F1907622DE105CB986B4056FDB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E39FBCDB02E055DEA555E497720860FF58", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF87F91504FABD05FBE4C17359AE43611DD4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC978234B069A9291EDBF7C8C0E654AD4C23DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F516BE676D69734DCD05D340E9CF67338BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B076CE5F8ABE4451BF4E79D1294E06A4915", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF18B585C0CD01FF9267F92F2BA52E8E43", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0431043CBDE24862C77A3F62DDF4606D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E67FF0F7CF362C2DFC7132A73A0AA8E7B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C4581F8A5E332162E0C8B1ECE623E53AD0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8A979F770ABAC8CA4052239588187EC23", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A973FD31C0A3F03CEBB3DF3BB7BBCF6D7E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E3EA721F9A8FC4E556F2745972F5A78411", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56BBCAE1D932EEE3D3463DC8CAA44F3EF5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED94970ABB678CD2213561991F08F5A61A9F1A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B999D3ECB707C921EA87CC2FB6E4163AFC4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D330B31B5D83F19653ABB5C4362BA1B1BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CCEBBCC91D4DBCBB67DC33806C9AB0D0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B1ACC4F81FFE3ECF118BBBFAA730FFB50", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25D7EC1D31C8994781052A46722890DD6A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4C6E6AB66848F59AA2CA36C7F4414824A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC36B7E80EE1C0A9285685A95D261CA0AE33", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D1728363A74744BA0ED4CA66D2477BBB3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5F5B5928563EBBF0F4F5FDAE0C71E6B4E0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19F08D351F1C4085D9F6BE99E2C82055ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6E5469037AC06D4206BE3D8ECFF3D704", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB94013B2148896577C0F401C50298297E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0821238149850B113A2CAF70A9B65C3D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99E0C479771A09B5D29AFD05825B013D0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408EBE839B337BF8289BA39CFF353229E0DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BFE9DF482A0251E9C355A725CD35B9B049", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F91C0C6B55D6BCC1821CCE2CA6B8D5C7E0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF1E5973F77F1A47C15E4D4FF09D68DA8FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4EF2C7B174A7C41FCAB40AB9DC0ADFAA7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353C9B63AF867F1531E87D661795CCAC05C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E24658BD441183DB814917AD2B612AACF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F4AC0D6C4E70CACAEF751BBCD5092A0BC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F51762485698C69834A49F84E1C05F0B9880D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B07630AB4A4A21709CA187E6A3DA5959ED254", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF61A5B5CC5CF5C74F4BE93E39504A8B6390", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FFF494D975B4DE29012E58D75929721162", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D096D1C38B4DF6875CC5CA8CE018D0CFB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48BC42BBB51366D28C27FF3C180373C8833", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C804D829BDFB647DF809721ECEEE433520E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BC6D0EACE132FB02D26512DEF99D3AA62E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381A6132E1D1B072B1F103817B2D454700D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B694C864CD71D1266539E23801DFE750835", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C313DE7AE137C9FD8B0DAE6B53ADFFB6FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926900D29C2F298AC9E209CFA8DF4F1178B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D30217BCFF911A3FFA48C7F39065B6092038", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC119415E9C145DA8790A1E8F52A6B8F3FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B377C3843C5858B3006224EF2939BFA901B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D2514C6289FAD15429D7346FDBD112D38798F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DFCAA4EE178055310EB8FA6E1CA6F4FDA2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D6EAB0E6D1C189D9B3A0A6268E9A737F0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D307D0D9561560FE476926D255B4D992F4E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC463529C5FD3B534C95F58AC5E6A3213E8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9C762CA518BE19EE0098BE301E6924260", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6BCF8DE2BCBC8F71E658DC705D8DFE15BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BCD159F7F92968B02A07FD3E139B59FCF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1D5E576F7118A4E67FD4246766E7E7428", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C58C47A610AD1D15094A4F527D902BBD6B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E9781D46986CBC03B3E6A335581EB9DA954", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF4DEAB958A3870690C5899B22D39FCAA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F92987643DD59BD26F57C017368D058F9FDF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13B9D0C7F9B80A45244BDEDED1A56BBF663", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E4981A2943A2748D066E5CF51251ECE205", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111FE7D30AFDD8AC215BC542FFA87E8B09", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B921F6CEC26CE77E238759A29CA28D638", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F98F2BB975E1438F5D9FAB40C66FA6CD49F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6CA6415C6802CD4511CC14278980AA6CC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4D64F5D4E146CAB4FBA71093AE8A83223", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF61021925FE6C4C23A3BE904FC33AE79150F4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF905A71A8F4B7A39603E766E5CFA5FF91CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4CA370491E5EA138AAD665CEC4EFB1422B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D55981A135974A5C281BD4D23E3CD7127", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045E24C2BE3EE6DCE07FB187A1922DCF08A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCADA92B2A1CDEA6B1B8DA77294080EAD708", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BA01E0EA2595E8A1298ED9AB925C7A430B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5190D7AECAE313946B30AD835341C6E48", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A5FDC8BF0150C7FFE8E13EA187764148C2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B992679F2DE01627C325FAC1342EEFA58A28EAF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F420375B043C3F372BD02A9F3858ADABB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC170974453EB43684ECB92BC8E6BEEECC694", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B93CE5DE0570F6E4868FD7561DBD25B9B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140DEAFAAADAEA87E93BE84F137AAB6039A0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44FFD658E6770535C0ABDA9F47E26BA11C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13D066301F046D43DAFECCAF9ED9C7077E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B76D66D84E7F757C30AC8CE399BB74BF43", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473A85C21F34A587C3B3B63DEBF580E4487", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDE695868387BE01A1EA7ECABE67843676", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39596B5BD4381CD78F40ABBD7FADF9C419", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA1D3FCB0E2D4ED80A1DF5D9349C69BD7C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE63B7C60537954C9BD8F4AFF0701BA78B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D03C271847A2A5BBF71EFCF84AB57CB1D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CF95944BD80DCE8D124F20C04207351DA5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF2F81515016BF469F19C5B7FB795F42566", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7D76B6D8C8E9A31F974B9D60F2F069D31", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEA3112FE09E093C702B56F5280CB73C6B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B3904EA1D5D497E00CA12D7B9B6D0B86D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E3531114C57B945AE1B8C8B25E499F7FF77F8E7B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B5489D20894A5F82035A3B587643D7FB285", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E30D229194F8E8699AD9C127539267015", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B40C0D1FDD9FC5EFDD092FD1E5331889E3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C37C8C3108673186DE37F8373ED0551394", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FCA29DADBA4B5C8C20149581F4173261B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90076E9343E5EA3ED67E7FF9C6A7B5644EF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B30EA817D3F150AF2A9D710FCE7F55584", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D0077D6AF4A4CF430EFDCEBF8E41872764B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE79D4FC6CDB0BC7AA84420C8F1341CBE00", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD880B5A1D83C4F24F355A61AE1578E1E550", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD76042A7E82EA5439B942A5EF1584D3B8E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1E66589392B2E9969352609A0A62C917F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A55650829E182B5573CDA45BA5A0CED54A99", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791F6B928D29D4B7E2E1E1F6A945F1B466D4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F066C578B3974A9F987818181ACA2E708C9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC17033DADC9AE39DAE3F35977F2D88898F30D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998B431D6513C278DB361CB8C1242E68180", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D312DB060FE4DC661688340B57DB2E14FF8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BE15A1F8ED39E6FA8F684DCC1BE746B536", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B730D9F3331F776C4DECB87FCC5EB09EBD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2CFD84B5C030740DC4F117DC37A1D9468", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC47326D6628F171C865049B95ACB10094FB748", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB39A9AFE53D9F5A8ED207F6AA3DE38F9AA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6E954231275446EB3D63070ECAF431B0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA12550A23EFFC860BA935FAF8AF3FB1E0A9B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A13A6BD607EE4CB834B36D96335EF8C03", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2309F41D31EB4E2DE7C519A735193FB63C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFED58366EFA92B7E0AD2DBF91C21F4390B5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28DC8385063628D8DA0684EE01713098545", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE24CF768720AE6A9CE48D6B365E83E81A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC529F8CFE269D320A4F234B34443D563BA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5C811766A550593539CFD337C5AAAC6D5A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140467EC0054430055D00E0CDE9521D09A61", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541F3E1481572A2BFFD7F364F4D724FD7A9E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E197D6CDD419BCA138D20DC715EDCAE5758", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABE31BE9A7A51853156DFDBA71A38993B2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C3853B9F472BA9BFBA037011C9A500DBC6A2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33288C2CDFC11E2F406AAD754CD1E2FC8A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072CC05E3E73B580EDBF13044A72C2DA550D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7EC2DF39DC68AD83868CBACB0F3B74DCFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9E74E3F8DCC2E2E37BF1E22ABE4D2DF19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7741AFEAD7B1D8ADADF1D961DC31887D6D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8066BEF43C66F5E186A788FE1DA56810F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E1EB410DB6608A9387396A64D0B6FD88A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C2DC871BB26DC7575ED897042381ABE90F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D3ED93FBB666DF0DB63E2633487525C0FE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD7FACE4487FEA998C8D88E8A5A70C8BF3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EB8D35B16F784706DDA743676C02294C27", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338EBA14D6B95D20687D1585A6AC5B48509", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207B14C9F2F446D0F71192AFFE70C98364", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F800FEA58531C94CBBF5B41626C91197E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF99F9B9F52CE178E112F53947F02D2ED2E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714938DFBF751165B44414486395A8F2A96", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A253F504E5FBE1BCC508289F663E00EB2ED1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A68963E1BFC5244F9A64497D69BCF61EA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB36783BF33792EEBDB555653F1A0E5386106", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A46E068ED8479EBB94E4117D70C3FF558A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D25A21C1C52F102A4348D1EE7BE13F64", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A35E0517DE679D7DAEBB250FE17BCEDA001", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D23069628AF741BE40A933DE5D40395C687E5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCA3C671D399FBE05D9D28DF3E961CB3C2B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D939B604252A81A6325E2732DB9C88020DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66517CFC08FF1DAD724E80BD6E531F4929", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54DF097509F683EAB735088E9F72D091489", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC0E3B0F7AB1A4B30E37AC791886750C5C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403D638904947DF0A880016384E5E30AC83", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA7B7092858CE21D5DF3A6CEAB9C3070FC6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196EE175660528C6B0079177FDEC8BAF1C1E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF105024B76299B1F8EDE03DFC9E6AF4FF3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F1B420A794A857C30FD0BF0BADDAE41D93", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A4D0BFFDEE1B2D355CCDCC8F338C064A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C740F8635B4DBF4D1934573C9C7661E7480", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E0361660EAAFC3E361193F908545AE87196", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AFD96F9C4525B106E95F4FBAEB00D5EB3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744D76ED368CAE6A9B45C3276B7805712717", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4427B136D2C172762AAACD306A569FD3F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E1637C3B51865920FB3F01F36CE63C8AD387", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C2255A402CE1981198154D1B1079C777067B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34D8A767A9C904D517B0EA320B6526A40F5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD749F00914C927167B8407247374C7804696", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8DCECF0F5A787C22CD604631AC4605721", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B9F64CA097DB3709A6BD11D0C6285B023D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A75F3FE9B2955DA60A3D488CBCD623B5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19F37B2D7311FDFA5368EEA8D45D531B4F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE528F1FF9AA57E1E25695644B8F3120A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B7143020F5C954755C63E73ABA3E9BA5B6513A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A371B9BEF5C4D98ABFDFEFADD2503B96F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E141DB836F92F53414251FA32C0431D61", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E4F22888E43D09B7057CDF8DD62B539532", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE40A399A5DF9BF10ECA510EAF3E56D47E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1FAFCC4C197E011C0A969AB3C016B7445", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356F1F52C0F4C6DC83BC51D502344451D11B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BED4CCEACCA3A5148A5C34D6D2D135AF11", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA645A3A63E10C34F8914B1E89C721389B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D935090BB06D2127B068B5DCBE0F1195B7615", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B793B92B88581786C19CD234407B51359D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8B2847F1BD79D70F802068FC7E0593CEDB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FD25BFC5AA9B9F3BD5C1FDB9FF261C5D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403545C733D52B97665F3E62C2144FB016E4B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E093A842817725C631F9E9E6F5BE22684", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED31855EBCD46CB34D3910B9DC87D0DEA73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143256D7C294658694857EF8B6F18A10E63", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F184478326E9F1AEAE51C3CA305B87C7E255", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A00C127A280F0D4F7C2A369090E68AD325", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E0C5468A71BD0A700158D740234906F2C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB659C541BA7282DDBE249231EE73FEECD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59FED36BC074E552EBEE246D665A234483", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD07E7FB401D9131A2695D23D3CD96BA591", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D7EE52AFC8415C2D767A5BDC06FCCAA99C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DC6E54D095ECBCDB59DF8B4779CC28AFE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF368B5C971C27A1E531ED15E26FA228A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE416BD153619E57621A7F55C856EA3EFC4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD749259C4BC8D681AA8E06C6E2C0F2394B502A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35196BBE2DB2B9988217AF821BD50EF5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98C36C3BC0ADD13225E014A9778772228A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55A34DD6F028BA5A0799134D91F7F8BAA4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C05C664B32273234D589E4E2BB094C77B9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7BB3FD3FD5E71A774C6894F4AA9D20A8BE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309A184FF8E4EC3619D716F4D2C0FD374FAD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A357CD783A1945D02B44F6F2BE17EB4833D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FD2E4CB864BE3C3668C54DDCD6EF1A0B1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F449D8FAFD23D81CFB04BC80E7AC87F30", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4EC54A634FD5C690D0A55DA54E89D0E8F9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E539AE8E2B99546CE7E0D4BB9CBD8A91FC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF03EA938CDAB114B57470851C77986666", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE156BA606E90EEA62412AA3BFE35639234F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA2252140B25B1111ADDE61BF9A8A63CD1A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9A90B0B6183BA2E518126112D005440CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779CC861AEFA2BEC2167558845C75D69340", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA3BA8223BF064CCB5E6F9DBBAEB951151", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6C1051D6B2C56B34BE2EA7874C3ECDC56", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451F7A9B3458FDE3C4E42FA2CF1D1BCA6B8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D47DC99B3F631ECB8E3A6160891B7CF90", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384B12A4643C0113B978DB1EE21F3020F3C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DD9497FD9A2D52B61CAD3BFF32A3DC428A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F1840457F9387CF2EC2A000871A670292DF5EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8AC6AF12AD62DB45D4CC9D29E67A56367", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FC00EAE19115C6404EEF519AB689F4CCE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93FC6D58387955D80E44830908AC635414", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D37CCFB9DC62CDD9E1DE7B35CC4518E892", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD004F1EED0816EC94F283717DFF43E8179D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E0DE21FF41C5FE116F1F5B2EBF202CAF7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC43D37BF733634D15FE76FACD13605CB8E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3AE3AC4472F25E74FCF65877F1C0B40D9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CCE819F4692D8D7EBC79AD4FD673497E6A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F013D70AFC00B61DE6478F7E514466A1AB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD357FFE25AE1540062A50D5A35BD7FFD6AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4E484D5A98B5F9561286C821B07A8C151", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC46EE96F90CF6BCA7BC4604F16873F86D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C059BD465B47858744894F0A48D2395CC33E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69F3A40596C7AD15BD9171E82F67D4A0F6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA917BD015B2FEBB876B8DC12C7A421779", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A357200816AF9D65FF10149196A97621471FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA7BB2CFA2F6D9FCEA68CE44C1256D08097", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0B223B1CDF0FFEAE96E05F308B2FBFC97F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E43365B6E90147867FE50B2872E77BE95AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F83292D524D664A0FC04FA8BE2CC6BCFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF03AEE6806FA02008A5736199F6E8404238", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573DB4BE1D5F4C7AB0C2532C807C080C756", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7B21749273A178107A9020F00C2A14030", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CA302A7A1DC2C8F7A07B845CF7485A8BAA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C1D3E920637DC7D304D2CCAD8C5BFAA973", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10933F0837AB3D76D93DD435DA34D61900", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7C96072286570056F5FF008717AB93497", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E3531114040354519513CC80F0AAF5FD0F9C98FAABCFC93CE9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A9F158190A2470F912DD0D0FCD8B7664B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E70A60E87A982748DEE006E35C40F27E01", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD9781455E019E8E757C5006A28EB364D64", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404430F2DA7A4C292A930E7925C54B21B3779", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5C1DDF5245DC462F44CCB7AEE1E14ED1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE874D8F0EAE1C02A10E5EFCC2B796AC572", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3470DE000F51AB291B3571CDB13E162D4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EF9A24C6095137DC2F5117E0EB7C6AB3FC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF13008BBDF90F0C4CB9CFAB2F902A9CF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50465FD50333149A24F1942FFA2FBD0909", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC497C421CAD7E3A4DF2BE9EACCD8117C717A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D1C37FA000CF7F14D1292240519DA162A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC230774C0524B0D93519802603DFD1294C8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9E1D8D700203C201DC092524957D7253A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7C3A13A4DFF475AE828D73D0EAE922441", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B3644C77AC426E3C930EC8748FAC43E360", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC995A3B40EF5CFFA2E66753FB1AE9940D69", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FFB480724FD5977A225C9ED8ABC7E4710", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C868BAB4D2BC58FECF3B186070234B6A38", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44FF83CA90C0AF633654E6BF1466F4B3AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E241C1D4AF53026F3C1F1E39055789F23", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795DED3E085A303C110AD095C91C6D2E3A9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4511B5873E39E1EC8D3677BCE6CA1BD0A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436E2CDF9C41BA76C2DA79780E3C728A1CC0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75F2F4D7AA062DADA76E065C8324FB909C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C420436A4179A327AD848A729F2201E3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6BD4B3D1465019DC6EF9BEA0FEDD640B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA0C3523DA5B9FFC3E6CC8DC3D4FD36367", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9DAFBE59DA765099A78EB0BFBB934C51B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14DF81A0085840580FE2FBCA0AF5002907A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8363B3B123E5CE1916C194243E70D41BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7491C9EC0EDEF3F0873E9365C84F1316107", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403545195428D6217730F6DBA712A153ADF7C563BD2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A6F96EEE1C5AE4DFBE81154CF9CEED5AA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DD2B386F44B2BEBDD5831EAAECADF9E41E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92D56C0B24679ADB36B174F78F624C60C48", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DFB4D6E7CC26F65FCA9EFF8DCB34D2B76", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5FB78C6872C53021857E4298A48AFF37DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C2C63783AACB33B9B8822B633AB996C42D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC5A31966531B2FBAC82CCE165CAE57077", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCCD8878D87010E49267C8F6C8D3E691785", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF048282B68E02F547F7C35483EBFBC73B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622408C3012880E1A58D9FA4F3D615552F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970FEE464255B60E9CC0E29009675FDFC0A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C190891EC8318193A373229C2546BBA9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F35C92DBE4380DEC34E332D81B38876F53", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9450575789E98D824EA496A80F58C9EF7D7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768D4D24DA4A38BB07C2558F5D0385E55E7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B2B4250A85106D4C0FCCD668BB068B429", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A9ECB0B9F69E994A6DA9E6E154BE1DC15", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB06EFDA11A466E170BEC185E15D44D4095", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85AF3B96E2806F85EF467964E61C33799A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD471C4E15858085DE8B0170FA94A451D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E570E884CA46E06A8F920851044A4E1A176", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B0FF8BBE180F887AC099F83A91FDE022C3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4ACF682BF9828617E0DC846D3C961CDF6A2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EABC40AA73DACAA54FE7C0E669DA40D2F16", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD18248AAFAE15970F226DB09EE7E91CBF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9EE7DFB458B1E697D8F05FB493E88E8585", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E382A72A447DDA92CA81C4915AA9F5CCA1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA812C547DA33141797A957581D17D6838DC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B219F385E889843E9F713697C8B8661892", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18FF31FCF531CF6D0807819E73005B4954", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA3E92F97A10A6F24AB2776F0EBFD299B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492BBCA07C2D3DDFBC4D17F59B6EDFD66214", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226EA27EF2E6EDE634FCC87A482AC9FB661", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62E967A0D31DA54CD7CEC94635182C2CD5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEBDC85A7823C106488B253F11ADC6C0960", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF82C7B4AF6883D72572FC8C04A794A2B0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE4591B3FC911902805A8F1B449703CAC0C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F13BA0902646A17E74A4FB3167A72237DD3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A9F1A13413E966429A5415CD5978D124F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC227883A81C03223A4D809F03ECC6F2B5FA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D52FD0F6DA838CABEBFFA00ED6E1DAE16", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B0CDD133CEBACB318749343241B73005D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622DDEF004D51115487FA8D2A8813EA18657", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F786005D5FF17BCE157263989199E84DC15", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C73CE46F92D48534DD5CA3D1E19C64B7140", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C29022F78F0DA130522C3098E2255E5649", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459C1E7E94EC141145D78D952428C9A06D19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C76806DF75F1A321E30CECF7E2FCD30F9D0924", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AD170303C8FA30A9669BB249ACA5AA4EB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A71DEB3C0D8C9B357A0D5ADD56B2BE93854", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031D093181BB3818DDED8BC78E7A59B05ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A958FC051CE45717655F0D929CF7641E1BB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD906F890C0EFBBE835D48D2D61F540EBB3F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E5754EEB221110C19D7865832E0DCEDD6DD7B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067EA1AE225C0C142812AA3382FF6ABE64E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F3C36A75E4693628AA6B530B7BF999C0C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB592D19CE76A99F60E2143A1F470A9FE0A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BB80BE753B0D6F9C548891496A48DC3AB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E948B096FCA2C76332BB3EAB79C39758D13", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3EC0200D93E1F7F68AC44870330A47828F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA8104F4A441EF3B0BADFA31BB1946A6755FB9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B73CFEF4CFACAA6499487404BF232D449A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDD3FC89A696B86B569537969056AFEC73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA91960C5F2359839920BDB1AB46D615418B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55D01FAA6EDF34944AF393396AABA744A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDEB75CA0F57DAC7F74603A0D4B0D7BF2D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DA067FF116A44684402C709E102E504389", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB24BFAA34FC345FA13B71B5D7C68669066C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5F57FE4173AD4966C29CFB3686157228", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417E79D7B256D52BE5AFB7CB4EFC9DE14A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F13349A85F26FC9AF40E66CABE820045F6EDB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85B629F622A3EDB42E5B8CB7D49A379306", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF7F44A6ADD47D6C3C2074136AD7CA3ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D347F9C6392F2F0B7D9C6C6AB44D5094085", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6C643855105B0BA973BD4AEC3BC0ECDE1F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D789BFE76CE0A2130453F7A05B0B5364BD6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F78734DDB9CE0523B99779E4497AD5964E6C5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379935C053F229C92D664368876B2011791", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CEB9882BB795889D4AEE31E9EA04405FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA79715549452A9F918CAE4D52ACBA51C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768069356836DE14D328579C63AD95BA95DF96A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF98A2B0B5271981599FF69C203245B6C50", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717F732BFC622DD69894029AEBF2C35DB916", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB29DC6847FC70FD80EC17C8AA8C5BAF6C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A95787A5A9FF1968324C0702913253B832393", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909FFE14A59BBF3F300E9FB78D441FB13F3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B37FB439E9C5CB4CEA08F3A47D71A96C2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B0677008D6DC5CE5E8761AF221E745C627C657", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9FA167C566FA70846600FAA8457823EDE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920017C8BE261B3527DAAD2E162D1DB1120", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDEBCFB6DB67C43EA35032BC886EFD1647D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94013EE1C1217DAA7B9B24CE353B970257C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0225B1C8C72F7BE7EDA082DB418C4FD1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042CF85A9C35E464D5129663C60B2D8B2928", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7769C9B3CA234D5AD37A7FF0D0E51396A86", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA32274938424DD5547FD8247960A8BB7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913DE17A3D510380A8280002CCE30C18B375", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C67854A378E62C2E1D7860330C9338C437", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2E7FEF6411D78766708AF9E771FA9926B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA5550C592C73E531D84F1B4B1198EC58", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247AE6F7EAC22E33990B1F339CD292F02122", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5DE52943526766B92E9EDB0E7BF8B30B67", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE41790D7E9874DF9F1E50C3ACF75B27C40E760", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D8425B8D00EF29C46500F749304729E591", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A2164E68ED7A1BD67999EB77E5FF73424A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6C6849E90348530D6AE2A625971B3950A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E47832ADEBCB69AFDE570DF1D2C186425", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED2D32A4013CED6406F39489C10DDC7CF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788334FB2AD867472BD640796447077D4998", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873615B1BF7E07D0DFD0303366291F0C13421", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FAAAC5D1351FAE1727CE0BA9CC4B82092D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDBBE1F3D9C6D9E2AC0B43A92029D91A2BE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA792C3849B85749785E8A1B29242FBA2A88", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768069349410982EE12CC87BE081648520EECFB66", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE9CC04B87820146D6D4A86A6DBDECB2E3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8DFF86953AB81BC6CB91BDD12C652C71A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C901226DC60B5DC8993FA2227331DC5DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C707599F7664AD6F3C871A49B6EF2FC0DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F3207CE2218F0CE99E5878061A010A8EEC9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D7BE52443B10F3200DBBC17CC81465BEF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C3273091B5764C4AB027956C000B33C6B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F77F1A8000686EB011F1AEBB6926BE3E822", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB50E17E7552090E4C904AA7FEF1BAD896", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4B735B92725281AA24D69DDBA2FCEC9F44", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E9401932DA440B79B125551BC821418D1BE4A25", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0D046BF0FBFFB62C298F093881764EF462", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D570AD452403CB99E83788E79C676E7E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C62FC5E4A3679CCC3C44C0D0407BEC3EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2FDC44D03A640D612E3C5D2589B81A12A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A8FAD0BA3F4809D1621E8CB88F5664BAF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6602560193EAF9FFA99FE9CA775F813F1A9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F65B20E8A4C237EB98CBBA80B96E7C67", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA022033F750B5C5C2B04423F4AFD526723", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A7285C58D114687832855FADD754794347D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CBC22B0233BF9527E78D9A38F022253A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905F7CEE504FE9065E580BC3D89BDB6B4EC1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88DD8344D168CA1EE1955E71DF515158CC2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D17DB899AFA425A5F24C8731CDA6C17F0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD3892ABE1218D8566FFF6C56969FBD34B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6A233F14FA3CEBE88FBC844075D5EF10E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0ED22951AF4016B148D6CACDFA78303BEC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D7883455AAF5E8ADE16FBB36FD476A76B5F5988", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610D634EBDD09456E5DC2ED6CD5A5FF86793", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53C0F55E525E1023B8E6E9513B4EE51E68", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6DFE71F0328D900C490648E46AAC9D4082", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940D7E3F79349BDB969183E1A48EDC72F52", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493074BEA0E944FC217A77F54877728BF91F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE4690D0E25CA0307C11D11193E9B6A2D1EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF870CFCD6A10B058644D4E1280909098E44B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2D69B0131D48D0DC05B096642FFE827F45", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C77024FCD71415E9DE2E21FB1655F0BC3039", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B6BD5F25F7E7E04A778494BD666ECC9A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9B352103AC233F21002072E0A7DC3E4739", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C51F0B3353B31AE123D0B649F6349C37124", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E0BB4D73C507DF3596E6C654BA6D31CCF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12870C2B41369AAB1C7D2E78B09C7D74A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDAC028AD0195B3CB95E3EA9D256901F249", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E940193629BB55AA5F905DC5DC35CAC1391580489", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF8D707751412AB9F5819AAE3FBBD6AB682", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E2E663D6EAC31A5377FFF65B3F5D8BCAF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6D187730437F6996206799A7ED5E2298B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EFE717C6C901C73EE6A3FC6ABB0B74A375", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A943587C6DBB56716BC8F09C50B118C6C45", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607DD458067A071F27E94CDFD080478E5351", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9671748BAAE80280A25E9935CC6EB9A92", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F73A8234C5B06CD0A47F2DEBA68F290558", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728E287F016B12CB4E4320E4C93A1BEF2161", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD3EAF8436A80449E750590176EA1C70C04", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA64AC13E572557AAFE3B9C869FE347C1F3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73AA18D10D1504CB9F41260505FBF70BD4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43A846FEABE6F85FE9A0D1DBA6E18C5166", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6E6803AE420D1A57792899CF43ED6C3823", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE82601F4B891685C1D025C914994E43338", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4FC0B4604271FEF50FA50611B77254BAEB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FAF0DDEF49C8963D18488CA6F992383336", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEB7075EFBF71C194850DE9DA2A50236A60", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BA874D9E05ECA3464427A2896943063027", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D4458468F2AC3D82ADB2D25AA5B2F56CDBA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD5A8E37679BB8ED3219BF985CFD74C278", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C76806934930918654B7DA2A75AF4090204A5EDABB559B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE4612B77C2C4550E87B333BBB434C3AD78012", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702FF4097F81119F1E4932A06A72C5474F89", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE006DA16A75677F9A181AF9CEBBB0ACC2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705A3C8F60FBA293114A22E92E16B10EA2FC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B30500E02A8E8089A98BF778113746075D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA277A5993BFE34637D241A9374EAD046C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518D010539B10558995926316D58ABF2DC29", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2CD2CD2586CE37BCE0BF9054EA011366C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B419D6921FD73CF05E06A2339A2F5CB138", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18344AF6C7AA31C4FE4EABD7BBFABABFC9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C555926E326980EAF271CBE6C2432D1077", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819C47B6A78FAD2BE485D4D523E3ADA1EAE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E30120A1ACC6753BE432F717776533AFB02", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA840C162E0F19111066B112B0734AF5B19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50AA94E47E5D6F9F0924E384BD76ADF883", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD6BE35E586291754D0A06D917ED2166A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D5216E01C84A49097436451869E44C124A2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B632B26220FB0BC970DA69B1AE523C02F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769AE8CA4EEAA704D6127F4D78F91A31E8F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED9C04DF7AD6634225D49480D085585D969", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD31395024DCB4FD3ED5F6C9886B4E85FDEAE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B5D8CFF8C9C321E2A1379EF317E589DA16", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E274F44792336787A210718DC48899155C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F772A794F27D5ACC2063B77FBD6D79BE5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA220D6AF228B692AE090DD47A2F95F3E8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D86066282C5512C7D7F7BF835ABACBD337", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F256DADE434F55ADB4DABA13ACA40B781D2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7B202C9DB99A6CD7AAB352BFC0E9FA180A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEBBED2E8B3025BB7767D5A9B992787BFA711", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BAD5D7AC8DDFCDB071577ABBC85A3F3EBDF3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D447C7A7A81140204835F9B0F5FCFD8C063A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD1BD3321ADE3CD62DA279301477D96BD55D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493091067F98DDB903C5D684F30F3CD4BDC114FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE461202D4668B6D9E0B5AFEE5400BCA3E605B19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702F10256B0DC55184F0EACB8E8809CAE80E6D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE3B9E31EF3E5C9D02C7BE72ABFA1DA1B252", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705ACA84E85A556A93D4F83BC2572A3F803056", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B301D3E4AB074CDAFC883FE363DA28C5F107D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA996D011D99913FF27F37961B26258BF4A0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518DE8BDCCEAAE3606D1E6E6E79FECE071288D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2C2158128743E9227CE49039593DF72B6CAE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B43AC9DC073324C3CC82F899DEF41CF81C9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18C0CA35235DE9B4FF8BF4C4E3095936A977", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C559DBD916D6373BB469C267589A911F725A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819DB8E887F35C143068B14A963D71E9EFA7E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E301DF46E8A30DB901442D9259F26980BE630", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA888AB27D593E0BC110DD9718DA52208EAC7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50E591CE9EF909554131E2DB1DF5ED8AF8D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD72148DE364DEF49DC5144A813F7EC9F93E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D52E83D3A452794913709BD7690C11B04FBDF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B695FF9F39E52C178A7791F995DF8D5CE251", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769609BE56EC62AB5043D092DA9929ED7A21E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED97D33BC915A466AE53524DCC2F89499AE3C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD313181F2BE9D90172C9A88B9649B9F150FCAC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B524DC62CF611C80D167A79C32FE260F54D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E2D9150E7D73DFD6E6CAFF5A53A7EBF5EB0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F7804CC64A7A66ADFADBDDAF6CE57D79762C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA0BA324E89FF4631ACFED599ACB499EC391", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D8DF9EA64F7AE36235FC9A84FBD6CE49C390", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F255B196B883137E0D1CAF33AFEBB4B9E72C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7BEE2FA78AED259CE07FB15CD65585E407B5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEBBEB1A28657F6E82FE53D08B09EFF9330BD2B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BAD550B72100ED30B362AD4E54DA95D5FE81BE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D447CDB0F7324DEC1D9F0B3C2125EA5AAD85A12", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD1BC1E2A1C710B0814E44188B2207828C7206", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493091068DB6219EB3BDEFCA3655D4BD834136383B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE46120201F53D87E6764E4008CBE3FBE87A08ADF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702F107074247F782093AD907E7040B22CA7BD7C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE3BA0DFC1D241CC18E6228544BD816283C38E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705ACA2E5CAF789E99F9F566DE4EB813B600FE74", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B301DC475C5CD33E913B0B198EFF30508CB9B54", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA99531A32EAA78CB4A105912623AF2C895F95", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518DE89A9D3D6FB75EA34A68A5B0A003771EF16D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2C2195D4C4A1412D57DA00D67B8F561DC04B06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B43A64D24740A17013ED20E655CDD25E3396EE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18C0793384BDE51781CFEC7EC9CE6961827063", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C559A217552DA84151A370BB25D4F78B6F1168", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819DB87363A60D9CDA76645D7CBED45B7C56470", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E301DACD14E8CB31E60870699542BE0D16800B0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA88818F2F5E3B3A0AF95ED6BCDAD67E50DD6A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50E5A50DD77DDD74446DDDA76EB8E599E16084", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD72F626D2ED4344DCDDB709823A4AFF345F4A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D52E89F7ADC60EDA79A4CE5CB822A4A371805D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B695388820AEC504402E011B974B6B0CEC2A26", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769601B137B92B496041A8A1B2C7E06000D619D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED97D2EF7AB5FC950E9B24177F4FD14557CC12C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD31318E605E2A08F457910F05BE0553A2971BF88", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B5247AE8F61A273B6D9357FA8E9869D54DD342", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E2D95B50459F83BBBBCFC34715D41A58D58610", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F7807334B38C59FE294D019FC599C562790E93", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA0B1C7A7122C0D077AE4E76A310EDB67F79F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D8DF02AABF416D29B6E558DFE1B1E5561DCED7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F255BBD4D4A994B5F271A0A659530252583A4C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7BEE4468915D3F9422289F2349D6A3B4160397", },
+};
+
+#endif /* TESTS_API_TEST_ASCON_KATS_H */
diff --git a/tests/api/test_blake2.c b/tests/api/test_blake2.c
new file mode 100644
index 000000000..2530c4537
--- /dev/null
+++ b/tests/api/test_blake2.c
@@ -0,0 +1,553 @@
+/* test_blake2.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/blake2.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_blake2.h>
+
+/*******************************************************************************
+ * BLAKE2b
+ ******************************************************************************/
+
+int test_wc_InitBlake2b(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitBlake2b(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(NULL, WC_BLAKE2B_DIGEST_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_InitBlake2b_WithKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b     blake;
+    word32      digestSz = BLAKE2B_KEYBYTES;
+    byte        key[BLAKE2B_KEYBYTES];
+    word32      keylen = BLAKE2B_KEYBYTES;
+
+    XMEMSET(key, 0, sizeof(key));
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, NULL, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2bUpdate(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+
+    /* Pass in bad values. */
+    ExpectIntEQ(wc_Blake2bUpdate(NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bUpdate(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)"a", 1), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2bFinal(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+    byte hash[WC_BLAKE2B_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Blake2bFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bFinal(&blake, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define BLAKE2B_KAT_CNT     7
+int test_wc_Blake2b_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+
+    testVector blake2b_kat[BLAKE2B_KAT_CNT];
+    byte hash[WC_BLAKE2B_DIGEST_SIZE];
+    int i = 0;
+
+    blake2b_kat[i].input = "";
+    blake2b_kat[i].inLen = 0;
+    blake2b_kat[i].output =
+        "\x78\x6a\x02\xf7\x42\x01\x59\x03"
+        "\xc6\xc6\xfd\x85\x25\x52\xd2\x72"
+        "\x91\x2f\x47\x40\xe1\x58\x47\x61"
+        "\x8a\x86\xe2\x17\xf7\x1f\x54\x19"
+        "\xd2\x5e\x10\x31\xaf\xee\x58\x53"
+        "\x13\x89\x64\x44\x93\x4e\xb0\x4b"
+        "\x90\x3a\x68\x5b\x14\x48\xb7\x55"
+        "\xd5\x6f\x70\x1a\xfe\x9b\xe2\xce";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "a";
+    blake2b_kat[i].inLen = 1;
+    blake2b_kat[i].output =
+        "\x33\x3f\xcb\x4e\xe1\xaa\x7c\x11"
+        "\x53\x55\xec\x66\xce\xac\x91\x7c"
+        "\x8b\xfd\x81\x5b\xf7\x58\x7d\x32"
+        "\x5a\xec\x18\x64\xed\xd2\x4e\x34"
+        "\xd5\xab\xe2\xc6\xb1\xb5\xee\x3f"
+        "\xac\xe6\x2f\xed\x78\xdb\xef\x80"
+        "\x2f\x2a\x85\xcb\x91\xd4\x55\xa8"
+        "\xf5\x24\x9d\x33\x08\x53\xcb\x3c";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "abc";
+    blake2b_kat[i].inLen = 3;
+    blake2b_kat[i].output =
+        "\xba\x80\xa5\x3f\x98\x1c\x4d\x0d"
+        "\x6a\x27\x97\xb6\x9f\x12\xf6\xe9"
+        "\x4c\x21\x2f\x14\x68\x5a\xc4\xb7"
+        "\x4b\x12\xbb\x6f\xdb\xff\xa2\xd1"
+        "\x7d\x87\xc5\x39\x2a\xab\x79\x2d"
+        "\xc2\x52\xd5\xde\x45\x33\xcc\x95"
+        "\x18\xd3\x8a\xa8\xdb\xf1\x92\x5a"
+        "\xb9\x23\x86\xed\xd4\x00\x99\x23";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "message digest";
+    blake2b_kat[i].inLen = 14;
+    blake2b_kat[i].output =
+        "\x3c\x26\xce\x48\x7b\x1c\x0f\x06"
+        "\x23\x63\xaf\xa3\xc6\x75\xeb\xdb"
+        "\xf5\xf4\xef\x9b\xdc\x02\x2c\xfb"
+        "\xef\x91\xe3\x11\x1c\xdc\x28\x38"
+        "\x40\xd8\x33\x1f\xc3\x0a\x8a\x09"
+        "\x06\xcf\xf4\xbc\xdb\xcd\x23\x0c"
+        "\x61\xaa\xec\x60\xfd\xfa\xd4\x57"
+        "\xed\x96\xb7\x09\xa3\x82\x35\x9a";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    blake2b_kat[i].inLen = 26;
+    blake2b_kat[i].output =
+        "\xc6\x8e\xde\x14\x3e\x41\x6e\xb7"
+        "\xb4\xaa\xae\x0d\x8e\x48\xe5\x5d"
+        "\xd5\x29\xea\xfe\xd1\x0b\x1d\xf1"
+        "\xa6\x14\x16\x95\x3a\x2b\x0a\x56"
+        "\x66\xc7\x61\xe7\xd4\x12\xe6\x70"
+        "\x9e\x31\xff\xe2\x21\xb7\xa7\xa7"
+        "\x39\x08\xcb\x95\xa4\xd1\x20\xb8"
+        "\xb0\x90\xa8\x7d\x1f\xbe\xdb\x4c";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    blake2b_kat[i].inLen = 62;
+    blake2b_kat[i].output =
+        "\x99\x96\x48\x02\xe5\xc2\x5e\x70"
+        "\x37\x22\x90\x5d\x3f\xb8\x00\x46"
+        "\xb6\xbc\xa6\x98\xca\x9e\x2c\xc7"
+        "\xe4\x9b\x4f\xe1\xfa\x08\x7c\x2e"
+        "\xdf\x03\x12\xdf\xbb\x27\x5c\xf2"
+        "\x50\xa1\xe5\x42\xfd\x5d\xc2\xed"
+        "\xd3\x13\xf9\xc4\x91\x12\x7c\x2e"
+        "\x8c\x0c\x9b\x24\x16\x8e\x2d\x50";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    blake2b_kat[i].inLen = 80;
+    blake2b_kat[i].output =
+        "\x68\x6f\x41\xec\x5a\xff\xf6\xe8"
+        "\x7e\x1f\x07\x6f\x54\x2a\xa4\x66"
+        "\x46\x6f\xf5\xfb\xde\x16\x2c\x48"
+        "\x48\x1b\xa4\x8a\x74\x8d\x84\x27"
+        "\x99\xf5\xb3\x0f\x5b\x67\xfc\x68"
+        "\x47\x71\xb3\x3b\x99\x42\x06\xd0"
+        "\x5c\xc3\x10\xf3\x19\x14\xed\xd7"
+        "\xb9\x7e\x41\x86\x0d\x77\xd2\x82";
+    blake2b_kat[i].outLen = 0;
+
+    for (i = 0; i < BLAKE2B_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+        ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)blake2b_kat[i].input,
+            (word32)blake2b_kat[i].inLen), 0);
+        ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)blake2b_kat[i].output, WC_BLAKE2B_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2b_other(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+    byte hash[WC_BLAKE2B_DIGEST_SIZE + 1];
+    byte data[WC_BLAKE2B_DIGEST_SIZE * 8 + 1];
+    int dataLen = WC_BLAKE2B_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\xfb\xea\x44\x32\x0b\x4a\x40\x44"
+        "\xa0\xad\x54\x0c\x39\x62\xa6\x4d"
+        "\x2a\xc2\x08\x3f\xce\xb4\x1d\x71"
+        "\x77\x04\xa6\xfc\x38\xe5\xd9\x99"
+        "\xe6\x92\xf1\x9f\xe7\x21\x10\x94"
+        "\xe6\x08\xc1\x9c\x1d\xdf\x87\x11"
+        "\xfa\xf4\xe6\x7b\xf1\xe5\xc8\x12"
+        "\x55\x90\x05\x00\xfa\x0d\x61\x3d";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_Blake2bFinal(&blake, hash + 1, WC_BLAKE2B_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, data, dataLen), 0);
+    ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_Blake2bUpdate(&blake, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * BLAKE2s
+ ******************************************************************************/
+
+int test_wc_InitBlake2s(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitBlake2s(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(NULL, WC_BLAKE2S_DIGEST_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_InitBlake2s_WithKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s     blake;
+    word32      digestSz = BLAKE2S_KEYBYTES;
+    byte        *key = (byte*)"01234567890123456789012345678901";
+    word32      keylen = BLAKE2S_KEYBYTES;
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, NULL, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2sUpdate(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+
+    /* Pass in bad values. */
+    ExpectIntEQ(wc_Blake2sUpdate(NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sUpdate(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)"a", 1), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2sFinal(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+    byte hash[WC_BLAKE2B_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Blake2sFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sFinal(&blake, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define BLAKE2S_KAT_CNT     7
+int test_wc_Blake2s_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+
+    testVector blake2s_kat[BLAKE2S_KAT_CNT];
+    byte hash[WC_BLAKE2S_DIGEST_SIZE];
+    int i = 0;
+
+    blake2s_kat[i].input = "";
+    blake2s_kat[i].inLen = 0;
+    blake2s_kat[i].output =
+        "\x69\x21\x7a\x30\x79\x90\x80\x94"
+        "\xe1\x11\x21\xd0\x42\x35\x4a\x7c"
+        "\x1f\x55\xb6\x48\x2c\xa1\xa5\x1e"
+        "\x1b\x25\x0d\xfd\x1e\xd0\xee\xf9";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "a";
+    blake2s_kat[i].inLen = 1;
+    blake2s_kat[i].output =
+        "\x4a\x0d\x12\x98\x73\x40\x30\x37"
+        "\xc2\xcd\x9b\x90\x48\x20\x36\x87"
+        "\xf6\x23\x3f\xb6\x73\x89\x56\xe0"
+        "\x34\x9b\xd4\x32\x0f\xec\x3e\x90";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "abc";
+    blake2s_kat[i].inLen = 3;
+    blake2s_kat[i].output =
+        "\x50\x8c\x5e\x8c\x32\x7c\x14\xe2"
+        "\xe1\xa7\x2b\xa3\x4e\xeb\x45\x2f"
+        "\x37\x45\x8b\x20\x9e\xd6\x3a\x29"
+        "\x4d\x99\x9b\x4c\x86\x67\x59\x82";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "message digest";
+    blake2s_kat[i].inLen = 14;
+    blake2s_kat[i].output =
+        "\xfa\x10\xab\x77\x5a\xcf\x89\xb7"
+        "\xd3\xc8\xa6\xe8\x23\xd5\x86\xf6"
+        "\xb6\x7b\xdb\xac\x4c\xe2\x07\xfe"
+        "\x14\x5b\x7d\x3a\xc2\x5c\xd2\x8c";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    blake2s_kat[i].inLen = 26;
+    blake2s_kat[i].output =
+        "\xbd\xf8\x8e\xb1\xf8\x6a\x0c\xdf"
+        "\x0e\x84\x0b\xa8\x8f\xa1\x18\x50"
+        "\x83\x69\xdf\x18\x6c\x73\x55\xb4"
+        "\xb1\x6c\xf7\x9f\xa2\x71\x0a\x12";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    blake2s_kat[i].inLen = 62;
+    blake2s_kat[i].output =
+        "\xc7\x54\x39\xea\x17\xe1\xde\x6f"
+        "\xa4\x51\x0c\x33\x5d\xc3\xd3\xf3"
+        "\x43\xe6\xf9\xe1\xce\x27\x73\xe2"
+        "\x5b\x41\x74\xf1\xdf\x8b\x11\x9b";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    blake2s_kat[i].inLen = 80;
+    blake2s_kat[i].output =
+        "\xfd\xae\xdb\x29\x0a\x0d\x5a\xf9"
+        "\x87\x08\x64\xfe\xc2\xe0\x90\x20"
+        "\x09\x89\xdc\x9c\xd5\x3a\x3c\x09"
+        "\x21\x29\xe8\x53\x5e\x8b\x4f\x66";
+    blake2s_kat[i].outLen = 0;
+
+    for (i = 0; i < BLAKE2S_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+        ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)blake2s_kat[i].input,
+            (word32)blake2s_kat[i].inLen), 0);
+        ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)blake2s_kat[i].output, WC_BLAKE2S_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2s_other(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+    byte hash[WC_BLAKE2S_DIGEST_SIZE + 1];
+    byte data[WC_BLAKE2S_DIGEST_SIZE * 8 + 1];
+    int dataLen = WC_BLAKE2S_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\x30\x1c\x41\x93\xd0\x63\x99\xeb"
+        "\x17\x68\x7a\xfb\xba\x58\x47\x33"
+        "\xad\x62\xea\x91\x77\x20\xf0\x72"
+        "\x11\xe3\x9e\x29\xe9\xc8\x24\x59";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_Blake2sFinal(&blake, hash + 1, WC_BLAKE2S_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, data, dataLen), 0);
+    ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_Blake2sUpdate(&blake, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_blake2.h b/tests/api/test_blake2.h
new file mode 100644
index 000000000..858694364
--- /dev/null
+++ b/tests/api/test_blake2.h
@@ -0,0 +1,39 @@
+/* test_blake2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_BLAKE2_H
+#define WOLFCRYPT_TEST_BLAKE2_H
+
+int test_wc_InitBlake2b(void);
+int test_wc_InitBlake2b_WithKey(void);
+int test_wc_Blake2bUpdate(void);
+int test_wc_Blake2bFinal(void);
+int test_wc_Blake2b_KATs(void);
+int test_wc_Blake2b_other(void);
+
+int test_wc_InitBlake2s(void);
+int test_wc_InitBlake2s_WithKey(void);
+int test_wc_Blake2sUpdate(void);
+int test_wc_Blake2sFinal(void);
+int test_wc_Blake2s_KATs(void);
+int test_wc_Blake2s_other(void);
+
+#endif /* WOLFCRYPT_TEST_BLAKE2_H */
diff --git a/tests/api/test_camellia.c b/tests/api/test_camellia.c
new file mode 100644
index 000000000..d09b5fe35
--- /dev/null
+++ b/tests/api/test_camellia.c
@@ -0,0 +1,224 @@
+/* test_camellia.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/camellia.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_camellia.h>
+
+/*
+ * testing wc_CamelliaSetKey
+ */
+int test_wc_CamelliaSetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    /*128-bit key*/
+    static const byte key16[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
+    };
+    /* 192-bit key */
+    static const byte key24[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+    };
+    /* 256-bit key */
+    static const byte key32[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
+    };
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32),
+        NULL), 0);
+
+    /* Bad args. */
+    ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CameliaSetKey */
+
+/*
+ * Testing wc_CamelliaSetIV()
+ */
+int test_wc_CamelliaSetIV(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia    camellia;
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+
+    ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0);
+    ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0);
+
+    /* Bad args. */
+    ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CamelliaSetIV*/
+
+/*
+ * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
+ */
+int test_wc_CamelliaEncryptDecryptDirect(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    static const byte key24[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+    };
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+    static const byte plainT[] = {
+        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
+    };
+    byte    enc[sizeof(plainT)];
+    byte    dec[sizeof(enc)];
+
+    /* Init stack variables.*/
+    XMEMSET(enc, 0, 16);
+    XMEMSET(enc, 0, 16);
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0);
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0);
+    ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0);
+
+    /* Pass bad args. */
+    ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test-wc_CamelliaEncryptDecryptDirect */
+
+/*
+ * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
+ */
+int test_wc_CamelliaCbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    static const byte key24[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+    };
+    static const byte plainT[] = {
+        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
+    };
+    byte    enc[WC_CAMELLIA_BLOCK_SIZE];
+    byte    dec[WC_CAMELLIA_BLOCK_SIZE];
+
+    /* Init stack variables. */
+    XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE);
+    XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE);
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT,
+        WC_CAMELLIA_BLOCK_SIZE), 0);
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc,
+        WC_CAMELLIA_BLOCK_SIZE),
+        0);
+    ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT,
+        WC_CAMELLIA_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, WC_CAMELLIA_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CamelliaCbcEncryptDecrypt */
+
diff --git a/tests/api/test_camellia.h b/tests/api/test_camellia.h
new file mode 100644
index 000000000..6112cc103
--- /dev/null
+++ b/tests/api/test_camellia.h
@@ -0,0 +1,30 @@
+/* test_camellia.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CAMELLIA_H
+#define WOLFCRYPT_TEST_CAMELLIA_H
+
+int test_wc_CamelliaSetKey(void);
+int test_wc_CamelliaSetIV(void);
+int test_wc_CamelliaEncryptDecryptDirect(void);
+int test_wc_CamelliaCbcEncryptDecrypt(void);
+
+#endif /* WOLFCRYPT_TEST_CAMELLIA_H */
diff --git a/tests/api/test_chacha.c b/tests/api/test_chacha.c
new file mode 100644
index 000000000..f39403bde
--- /dev/null
+++ b/tests/api/test_chacha.c
@@ -0,0 +1,196 @@
+/* test_chacha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_chacha.h>
+
+/*
+ * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
+ */
+int test_wc_Chacha_SetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CHACHA
+    ChaCha     ctx;
+    const byte key[] = {
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
+    };
+    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
+    byte       cipher[128];
+
+    XMEMSET(cipher, 0, sizeof(cipher));
+    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Chacha_SetKey */
+
+/*
+ * Testing wc_Chacha_Process()
+ */
+int test_wc_Chacha_Process(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CHACHA
+    ChaCha      enc, dec;
+    byte        cipher[128];
+    byte        plain[128];
+    const byte  key[] =
+    {
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
+    };
+    const char* input = "Everybody gets Friday off.";
+    word32      keySz = sizeof(key)/sizeof(byte);
+    unsigned long int inlen = XSTRLEN(input);
+
+    /* Initialize stack variables. */
+    XMEMSET(cipher, 0, 128);
+    XMEMSET(plain, 0, 128);
+
+    ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0);
+    ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0);
+    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
+    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
+
+    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen),
+        0);
+    ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0);
+    ExpectIntEQ(XMEMCMP(input, plain, inlen), 0);
+
+#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
+    /* test checking and using leftovers, currently just in C code */
+    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
+    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
+
+    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input,
+        (word32)inlen - 2), 0);
+    ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2),
+        (byte*)input + (inlen - 2), 2), 0);
+    ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher,
+        (word32)inlen - 2), 0);
+    ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2),
+        (byte*)input + (inlen - 2), 2), 0);
+    ExpectIntEQ(XMEMCMP(input, plain, inlen), 0);
+
+    /* check edge cases with counter increment */
+    {
+        /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
+        const byte expected[] = {
+            0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
+            0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
+            0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
+            0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
+            0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
+            0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
+            0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
+            0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
+            0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
+            0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
+            0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
+            0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
+            0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
+            0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
+            0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
+            0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
+            0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
+            0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
+            0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
+            0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
+            0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
+            0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
+            0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
+            0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
+            0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
+            0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
+            0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
+            0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
+            0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
+            0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
+            0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
+            0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
+        };
+        const byte iv2[] = {
+            0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
+            0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
+        };
+        byte input2[256];
+        int i;
+
+        for (i = 0; i < 256; i++)
+            input2[i] = (byte)i;
+
+        ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0);
+
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0);
+        ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0);
+
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0);
+        ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
+
+        /* partial */
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0);
+        ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
+
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0);
+        ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
+    }
+#endif
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Chacha_Process */
+
diff --git a/tests/api/test_chacha.h b/tests/api/test_chacha.h
new file mode 100644
index 000000000..4289daea5
--- /dev/null
+++ b/tests/api/test_chacha.h
@@ -0,0 +1,28 @@
+/* test_chacha.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CHACHA_H
+#define WOLFCRYPT_TEST_CHACHA_H
+
+int test_wc_Chacha_SetKey(void);
+int test_wc_Chacha_Process(void);
+
+#endif /* WOLFCRYPT_TEST_CHACHA_H */
diff --git a/tests/api/test_chacha20_poly1305.c b/tests/api/test_chacha20_poly1305.c
new file mode 100644
index 000000000..ddcc484cc
--- /dev/null
+++ b/tests/api/test_chacha20_poly1305.c
@@ -0,0 +1,164 @@
+/* test_chacha20_poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_chacha20_poly1305.h>
+
+/*
+ * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
+ */
+int test_wc_ChaCha20Poly1305_aead(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    const byte  key[] = {
+        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+    };
+    const byte  plaintext[] = {
+        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
+        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
+        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
+        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
+        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
+        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
+        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
+        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
+        0x74, 0x2e
+    };
+    const byte  iv[] = {
+        0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
+        0x44, 0x45, 0x46, 0x47
+    };
+    const byte  aad[] = { /* additional data */
+        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
+        0xc4, 0xc5, 0xc6, 0xc7
+    };
+    const byte  cipher[] = { /* expected output from operation */
+        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
+        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
+        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
+        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
+        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
+        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
+        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
+        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
+        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
+        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
+        0x61, 0x16
+    };
+    const byte  authTag[] = { /* expected output from operation */
+        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
+        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
+    };
+    byte        generatedCiphertext[272];
+    byte        generatedPlaintext[272];
+    byte        generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
+
+    /* Initialize stack variables. */
+    XMEMSET(generatedCiphertext, 0, 272);
+    XMEMSET(generatedPlaintext, 0, 272);
+
+    /* Test Encrypt */
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        0);
+    ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher,
+        sizeof(cipher)/sizeof(byte)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
+        sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), NULL, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), authTag, generatedPlaintext), 0);
+    ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext,
+        sizeof(plaintext)/sizeof(byte)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
+        cipher, sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
+        sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), NULL, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), authTag, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
+        sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ChaCha20Poly1305_aead */
+
diff --git a/tests/api/test_chacha20_poly1305.h b/tests/api/test_chacha20_poly1305.h
new file mode 100644
index 000000000..7d8f6334a
--- /dev/null
+++ b/tests/api/test_chacha20_poly1305.h
@@ -0,0 +1,27 @@
+/* test_chacha20_poly1305.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CHACHA20_POLY1305_H
+#define WOLFCRYPT_TEST_CHACHA20_POLY1305_H
+
+int test_wc_ChaCha20Poly1305_aead(void);
+
+#endif /* WOLFCRYPT_TEST_CHACHA20_POLY1305_H */
diff --git a/tests/api/test_cmac.c b/tests/api/test_cmac.c
new file mode 100644
index 000000000..5e829c4ce
--- /dev/null
+++ b/tests/api/test_cmac.c
@@ -0,0 +1,259 @@
+/* test_cmac.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/cmac.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_cmac.h>
+
+/*
+ * Testing wc_InitCmac()
+ */
+int test_wc_InitCmac(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
+    Cmac        cmac1;
+    Cmac        cmac2;
+    Cmac        cmac3;
+    /* AES 128 key. */
+    byte        key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x10\x11\x12\x13\x14\x15\x16";
+    /* AES 192 key. */
+    byte        key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x01\x11\x12\x13\x14\x15\x16"
+                         "\x01\x02\x03\x04\x05\x06\x07\x08";
+    /* AES 256 key. */
+    byte        key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x01\x11\x12\x13\x14\x15\x16"
+                         "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x01\x11\x12\x13\x14\x15\x16";
+    word32      key1Sz = (word32)sizeof(key1) - 1;
+    word32      key2Sz = (word32)sizeof(key2) - 1;
+    word32      key3Sz = (word32)sizeof(key3) - 1;
+    int         type   = WC_CMAC_AES;
+
+    (void)key1;
+    (void)key1Sz;
+    (void)key2;
+    (void)key2Sz;
+
+    XMEMSET(&cmac1, 0, sizeof(Cmac));
+    XMEMSET(&cmac2, 0, sizeof(Cmac));
+    XMEMSET(&cmac3, 0, sizeof(Cmac));
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    wc_AesFree(&cmac1.aes);
+    ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    wc_AesFree(&cmac2.aes);
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0);
+#endif
+
+    wc_AesFree(&cmac3.aes);
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitCmac */
+
+/*
+ * Testing wc_CmacUpdate()
+ */
+int test_wc_CmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    Cmac        cmac;
+    byte        key[] = {
+        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
+        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
+    };
+    byte        in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
+                       "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
+                       "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
+                       "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
+                       "\xf4";
+    word32      inSz  = (word32)sizeof(in) - 1;
+    word32      keySz = (word32)sizeof(key);
+    int         type  = WC_CMAC_AES;
+
+    XMEMSET(&cmac, 0, sizeof(Cmac));
+
+    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
+    ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    wc_AesFree(&cmac.aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CmacUpdate */
+
+/*
+ * Testing wc_CmacFinal()
+ */
+int test_wc_CmacFinal(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    Cmac        cmac;
+    byte        key[] = {
+        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
+        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
+    };
+    byte        msg[] = {
+        0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
+        0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
+        0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
+        0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
+        0xf4
+    };
+    /* Test vectors from CMACGenAES128.rsp from
+     * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
+     * Per RFC4493 truncation of lsb is possible.
+     */
+    byte        expMac[] = {
+        0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
+        0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
+    };
+    byte        mac[WC_AES_BLOCK_SIZE];
+    word32      msgSz    = (word32)sizeof(msg);
+    word32      keySz    = (word32)sizeof(key);
+    word32      macSz    = sizeof(mac);
+    word32      badMacSz = 17;
+    int         expMacSz = sizeof(expMac);
+    int         type     = WC_CMAC_AES;
+
+    XMEMSET(&cmac, 0, sizeof(Cmac));
+    XMEMSET(mac, 0, macSz);
+
+    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
+    ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0);
+
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz),
+        WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* For the last call, use the API with implicit wc_CmacFree(). */
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
+    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
+#else /* !HAVE_FIPS || FIPS>=5.3 */
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
+    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E));
+#endif /* !HAVE_FIPS || FIPS>=5.3 */
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CmacFinal */
+
+/*
+ * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
+ */
+int test_wc_AesCmacGenerate(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    byte        key[] = {
+        0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
+        0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
+    };
+    byte        msg[]    = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
+                           "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
+    byte        expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
+                           "\x3d\x32\x65\x4c\x66\x23\xc5";
+    byte        mac[WC_AES_BLOCK_SIZE];
+    word32      keySz    = sizeof(key);
+    word32      macSz    = sizeof(mac);
+    word32      msgSz    = sizeof(msg) - 1;
+    word32      expMacSz = sizeof(expMac) - 1;
+
+    XMEMSET(mac, 0, macSz);
+
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0);
+    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_AesCmacGenerate */
+
diff --git a/tests/api/test_cmac.h b/tests/api/test_cmac.h
new file mode 100644
index 000000000..dac1e3dca
--- /dev/null
+++ b/tests/api/test_cmac.h
@@ -0,0 +1,30 @@
+/* test_cmac.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CMAC_H
+#define WOLFCRYPT_TEST_CMAC_H
+
+int test_wc_InitCmac(void);
+int test_wc_CmacUpdate(void);
+int test_wc_CmacFinal(void);
+int test_wc_AesCmacGenerate(void);
+
+#endif /* WOLFCRYPT_TEST_CMAC_H */
diff --git a/tests/api/test_des3.c b/tests/api/test_des3.c
new file mode 100644
index 000000000..9b567e6d9
--- /dev/null
+++ b/tests/api/test_des3.c
@@ -0,0 +1,231 @@
+/* test_des3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_des3.h>
+
+/*
+ * unit test for wc_Des3_SetIV()
+ */
+int test_wc_Des3_SetIV(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    Des3 des;
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+
+    /* DES_ENCRYPTION or DES_DECRYPTION */
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
+
+#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
+    /* Test explicitly wc_Des3_SetIV()  */
+    ExpectIntEQ(wc_Des3_SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0);
+#endif
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Des3_SetIV */
+
+/*
+ * unit test for wc_Des3_SetKey()
+ */
+int test_wc_Des3_SetKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    Des3 des;
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+
+    /* DES_ENCRYPTION or DES_DECRYPTION */
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Default case. Should return 0. */
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0);
+
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Des3_SetKey */
+
+/*
+ * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
+ */
+int test_wc_Des3_CbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    Des3 des;
+    byte cipher[24];
+    byte plain[24];
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0);
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0);
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0);
+    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+
+} /* END wc_Des3_CbcEncrypt */
+
+/*
+ *  Unit test for wc_Des3_EcbEncrypt
+ */
+int test_wc_Des3_EcbEncrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
+    Des3    des;
+    byte    cipher[24];
+    word32  cipherSz = sizeof(cipher);
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0);
+
+    /* Good Cases */
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0);
+
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Des3_EcbEncrypt */
+
diff --git a/tests/api/test_des3.h b/tests/api/test_des3.h
new file mode 100644
index 000000000..70e8bca59
--- /dev/null
+++ b/tests/api/test_des3.h
@@ -0,0 +1,30 @@
+/* test_des3.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_DES3_H
+#define WOLFCRYPT_TEST_DES3_H
+
+int test_wc_Des3_SetIV(void);
+int test_wc_Des3_SetKey(void);
+int test_wc_Des3_CbcEncryptDecrypt(void);
+int test_wc_Des3_EcbEncrypt(void);
+
+#endif /* WOLFCRYPT_TEST_DES3_H */
diff --git a/tests/api/test_digest.h b/tests/api/test_digest.h
new file mode 100644
index 000000000..00643887a
--- /dev/null
+++ b/tests/api/test_digest.h
@@ -0,0 +1,716 @@
+/* test_digest.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#define PRINT_DATA(name, data, len)             \
+do {                                            \
+    int ii;                                     \
+    fprintf(stderr, "%s\n", name);              \
+    for (ii = 0; ii < (int)(len); ii++) {       \
+        if ((ii % 8) == 0)                      \
+            fprintf(stderr, "        \"");      \
+        fprintf(stderr, "\\x%02x", (data)[ii]); \
+        if ((ii % 8) == 7)                      \
+            fprintf(stderr, "\"\n");            \
+    }                                           \
+    if ((ii % 8) != 0)                          \
+        fprintf(stderr, "\"");                  \
+    fprintf(stderr, "\n");                      \
+} while (0)
+
+
+#define DIGEST_INIT_TEST(type, name)                                           \
+do {                                                                           \
+    type dgst;                                                                 \
+                                                                               \
+    /* Test bad arg. */                                                        \
+    ExpectIntEQ(wc_Init##name(NULL, HEAP_HINT, INVALID_DEVID),                 \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good arg. */                                                       \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+    wc_##name##_Free(&dgst);                                                   \
+                                                                               \
+    wc_##name##_Free(NULL);                                                    \
+} while (0)
+
+#define DIGEST_INIT_AND_INIT_EX_TEST(type, name)                               \
+    type dgst;                                                                 \
+                                                                               \
+    /* Test bad arg. */                                                        \
+    ExpectIntEQ(wc_Init##name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));           \
+    ExpectIntEQ(wc_Init##name##_ex(NULL, HEAP_HINT, INVALID_DEVID),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good arg. */                                                       \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+    wc_##name##Free(&dgst);                                                    \
+                                                                               \
+    ExpectIntEQ(wc_Init##name##_ex(&dgst, HEAP_HINT, INVALID_DEVID), 0);       \
+    wc_##name##Free(&dgst);                                                    \
+                                                                               \
+    wc_##name##Free(NULL)
+
+#define DIGEST_UPDATE_TEST(type, name)                                         \
+    type dgst;                                                                 \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Pass in bad values. */                                                  \
+    ExpectIntEQ(wc_##name##Update(NULL, NULL, 1),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Update(&dgst, NULL, 1),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Update(NULL, NULL, 0),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##Update(&dgst, NULL, 0), 0);                         \
+    ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"a", 1), 0);                   \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_UPDATE_TEST(type, name)                                     \
+do {                                                                           \
+    type dgst;                                                                 \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Pass in bad values. */                                                  \
+    ExpectIntEQ(wc_##name##_Update(NULL, NULL, 1),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 1),                            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Update(NULL, NULL, 0),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0);                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"a", 1), 0);                  \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_FINAL_TEST(type, name, upper)                                   \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##Final(&dgst, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \
+    ExpectIntEQ(wc_##name##Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                             \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_FINAL_TEST(type, name, upper)                               \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##_Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \
+    ExpectIntEQ(wc_##name##_Final(&dgst, NULL),                                \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                            \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_COUNT_FINAL_TEST(type, name, upper)                             \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_COUNT * 8];                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##_Final(NULL, NULL, WC_##upper##_COUNT * 8),         \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Final(&dgst, NULL, WC_##upper##_COUNT * 8),        \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Final(NULL, hash, WC_##upper##_COUNT * 8),         \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), 0);    \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_FINAL_RAW_TEST(type, name, upper, hashStr)                      \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    const char* expHash = hashStr;                                             \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##FinalRaw(NULL, NULL),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##FinalRaw(NULL, hash),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, expHash, WC_##upper##_DIGEST_SIZE);                      \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_KATS_TEST_VARS(type, upper)                                     \
+    type dgst;                                                                 \
+    testVector dgst_kat[upper##_KAT_CNT];                                      \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    int i = 0
+
+#define DIGEST_COUNT_KATS_TEST_VARS(type, upper, count)                        \
+    type dgst;                                                                 \
+    testVector dgst_kat[upper##_KAT_CNT];                                      \
+    byte hash[WC_##count##_COUNT * 8];                                         \
+    int i = 0
+
+#define DIGEST_KATS_ADD(in, len, out)                                          \
+    dgst_kat[i].input = in;                                                    \
+    dgst_kat[i].inLen = len;                                                   \
+    dgst_kat[i].output = out;                                                  \
+    dgst_kat[i].outLen = 0;                                                    \
+    i++
+
+#define DIGEST_KATS_TEST(name, upper)                                          \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        ExpectIntEQ(wc_##name##Update(&dgst, (byte*)dgst_kat[i].input,         \
+            (word32)dgst_kat[i].inLen), 0);                                    \
+        ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                         \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##upper##_DIGEST_SIZE);                                         \
+    }                                                                          \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_COUNT_KATS_TEST(name, upper, count)                             \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)dgst_kat[i].input,        \
+            (word32)dgst_kat[i].inLen), 0);                                    \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##count##_COUNT * 8),    \
+            0);                                                                \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##count##_COUNT * 8);                                           \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst)
+
+#define DIGEST_OTHER_TEST(type, name, upper, hashStr)                          \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE + 1];                                   \
+    byte data[WC_##upper##_DIGEST_SIZE * 8 + 1];                               \
+    int dataLen = WC_##upper##_DIGEST_SIZE * 8;                                \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    ExpectIntEQ(wc_##name##Update(&dgst, data + 1, dataLen), 0);               \
+    ExpectIntEQ(wc_##name##Final(&dgst, hash + 1), 0);                         \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    ExpectIntEQ(wc_##name##Update(&dgst, NULL, 0), 0);                         \
+    ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"", 0), 0);                    \
+    ExpectIntEQ(wc_##name##Update(&dgst, data, dataLen), 0);                   \
+    ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                             \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             ExpectIntEQ(wc_##name##Update(&dgst, data + j, len), 0);          \
+        }                                                                      \
+        ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                         \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+    }                                                                          \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_OTHER_TEST(type, name, upper, hashStr)                      \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE + 1];                                   \
+    byte data[WC_##upper##_DIGEST_SIZE * 8 + 1];                               \
+    int dataLen = WC_##upper##_DIGEST_SIZE * 8;                                \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data + 1, dataLen), 0);              \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash + 1), 0);                        \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0);                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"", 0), 0);                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data, dataLen), 0);                  \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                            \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             ExpectIntEQ(wc_##name##_Update(&dgst, data + j, len), 0);         \
+        }                                                                      \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                        \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_COUNT_OTHER_TEST(type, name, upper, hashStr)                    \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_COUNT * 8 + 1];                                     \
+    byte data[WC_##upper##_COUNT * 8 * 8 + 1];                                 \
+    int dataLen = WC_##upper##_COUNT * 8 * 8;                                  \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data + 1, dataLen), 0);              \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash + 1, WC_##upper##_COUNT * 8),    \
+        0);                                                                    \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_COUNT * 8);             \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0);                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"", 0), 0);                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data, dataLen), 0);                  \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), 0);    \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_COUNT * 8);                 \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             ExpectIntEQ(wc_##name##_Update(&dgst, data + j, len), 0);         \
+        }                                                                      \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8),    \
+            0);                                                                \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_COUNT * 8);             \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr)          \
+    type src;                                                                  \
+    type dst;                                                                  \
+    byte hashSrc[WC_##upper##_DIGEST_SIZE];                                    \
+    byte hashDst[WC_##upper##_DIGEST_SIZE];                                    \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&src), 0);                                       \
+    XMEMSET(&dst, 0, sizeof(dst));                                             \
+                                                                               \
+    /* Tests bad params. */                                                    \
+    ExpectIntEQ(wc_##name##Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));   \
+    ExpectIntEQ(wc_##name##Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));   \
+    ExpectIntEQ(wc_##name##Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));   \
+                                                                               \
+    /* Test copy works. */                                                     \
+    ExpectIntEQ(wc_##name##Copy(&src, &dst), 0);                               \
+    ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0);                           \
+    ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0);                           \
+    ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    ExpectBufEQ(hashDst, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    wc_##name##Free(&dst);                                                     \
+                                                                               \
+    /* Test buffered data is copied. */                                        \
+    ExpectIntEQ(wc_##name##Update(&src, (byte*)"abc", 3), 0);                  \
+    ExpectIntEQ(wc_##name##Copy(&src, &dst), 0);                               \
+    ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0);                           \
+    ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0);                           \
+    ExpectBufEQ(hashSrc, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    ExpectBufEQ(hashDst, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##Free(&dst);                                                     \
+                                                                               \
+    /* Test count of length is copied. */                                      \
+    ExpectIntEQ(wc_##name##Update(&src, data, sizeof(data)), 0);               \
+    ExpectIntEQ(wc_##name##Copy(&src, &dst), 0);                               \
+    ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0);                           \
+    ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0);                           \
+    ExpectBufEQ(hashSrc, hashDst, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##Free(&dst);                                                     \
+                                                                               \
+    wc_##name##Free(&src)
+
+#define DIGEST_ALT_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr)      \
+do {                                                                           \
+    type src;                                                                  \
+    type dst;                                                                  \
+    byte hashSrc[WC_##upper##_DIGEST_SIZE];                                    \
+    byte hashDst[WC_##upper##_DIGEST_SIZE];                                    \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&src, HEAP_HINT, INVALID_DEVID), 0);             \
+    XMEMSET(&dst, 0, sizeof(dst));                                             \
+                                                                               \
+    ExpectIntEQ(wc_##name##_Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+                                                                               \
+    /* Test copy works. */                                                     \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0);                          \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0);                          \
+    ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    ExpectBufEQ(hashDst, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    /* Test buffered data is copied. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&src, (byte*)"abc", 3), 0);                 \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0);                          \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0);                          \
+    ExpectBufEQ(hashSrc, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    ExpectBufEQ(hashDst, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    /* Test count of length is copied. */                                      \
+    ExpectIntEQ(wc_##name##_Update(&src, data, sizeof(data)), 0);              \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0);                          \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0);                          \
+    ExpectBufEQ(hashSrc, hashDst, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    wc_##name##_Free(&src);                                                    \
+} while (0)
+
+#define DIGEST_COUNT_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr)    \
+do {                                                                           \
+    type src;                                                                  \
+    type dst;                                                                  \
+    byte hashSrc[WC_##upper##_COUNT * 8];                                      \
+    byte hashDst[WC_##upper##_COUNT * 8];                                      \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&src, HEAP_HINT, INVALID_DEVID), 0);             \
+    XMEMSET(&dst, 0, sizeof(dst));                                             \
+                                                                               \
+    ExpectIntEQ(wc_##name##_Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+                                                                               \
+    /* Test copy works. */                                                     \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0);  \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0);  \
+    ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_COUNT * 8);                   \
+    ExpectBufEQ(hashDst, emptyHash, WC_##upper##_COUNT * 8);                   \
+    wc_##name##_Free(&src);                                                    \
+                                                                               \
+    /* Test buffered data is copied. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&src, (byte*)"abc", 3), 0);                 \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0);  \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0);  \
+    ExpectBufEQ(hashSrc, abcHash, WC_##upper##_COUNT * 8);                     \
+    ExpectBufEQ(hashDst, abcHash, WC_##upper##_COUNT * 8);                     \
+    wc_##name##_Free(&src);                                                    \
+                                                                               \
+    /* Test count of length is copied. */                                      \
+    ExpectIntEQ(wc_##name##_Update(&src, data, sizeof(data)), 0);              \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0);  \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0);  \
+    ExpectBufEQ(hashSrc, hashDst, WC_##upper##_COUNT * 8);                     \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    wc_##name##_Free(&src);                                                    \
+} while (0)
+
+#define DIGEST_GET_HASH_TEST(type, name, upper, emptyHashStr, abcHashStr)      \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    ExpectIntEQ(wc_##name##GetHash(NULL, NULL),                                \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##GetHash(&dgst, NULL),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##GetHash(NULL, hash),                                \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##GetHash(&dgst, hash), 0);                           \
+    ExpectBufEQ(hash, emptyHash, WC_##upper##_DIGEST_SIZE);                    \
+    /* Test that the hash state hasn't been modified. */                       \
+    ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"abc", 3), 0);                 \
+    ExpectIntEQ(wc_##name##GetHash(&dgst, hash), 0);                           \
+    ExpectBufEQ(hash, abcHash, WC_##upper##_DIGEST_SIZE);                      \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#ifdef LITTLE_ENDIAN_ORDER
+
+#define DIGEST_TRANSFORM_TEST(type, name, upper, abcBlockStr, abcHashStr)      \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL), BAD_FUNC_ARG);               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL), BAD_FUNC_ARG);              \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        BAD_FUNC_ARG);                                                         \
+                                                                               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##Data), 0);       \
+    ExpectBufEQ((byte*)dgst.digest, (byte*)abcHash, WC_##upper##_DIGEST_SIZE); \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_TRANSFORM_FINAL_RAW_TEST(type, name, upper, abcBlockStr,        \
+                                        abcHashStr)                            \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    byte abcData[WC_##upper##_BLOCK_SIZE];                                     \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    XMEMCPY(abcData, abc##name##Data, WC_##upper##_BLOCK_SIZE);                \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL), BAD_FUNC_ARG);               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL), BAD_FUNC_ARG);              \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        BAD_FUNC_ARG);                                                         \
+                                                                               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abcData), 0);               \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#else
+
+#define DIGEST_TRANSFORM_TEST(type, name, upper, abcBlockStr, abcHashStr)      \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    char abc##name##DataBE[WC_##upper##_BLOCK_SIZE];                           \
+    char abcHashBE[WC_##upper##_DIGEST_SIZE];                                  \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL), BAD_FUNC_ARG);               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL), BAD_FUNC_ARG);              \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        BAD_FUNC_ARG);                                                         \
+                                                                               \
+    ByteReverseWords((word32*)abc##name##DataBE, (word32*)abc##name##Data,     \
+        WC_##upper##_BLOCK_SIZE);                                              \
+    ByteReverseWords((word32*)abcHashBE, (word32*)abcHash,                     \
+        WC_##upper##_DIGEST_SIZE);                                             \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##DataBE), 0);     \
+    ExpectBufEQ((byte*)dgst.digest, (byte*)abcHashBE,                          \
+        WC_##upper##_DIGEST_SIZE);                                             \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_TRANSFORM_FINAL_RAW_TEST(type, name, upper, abcBlockStr,        \
+                                        abcHashStr)                            \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    char abc##name##DataBE[WC_##upper##_BLOCK_SIZE];                           \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL), BAD_FUNC_ARG);               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL), BAD_FUNC_ARG);              \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        BAD_FUNC_ARG);                                                         \
+                                                                               \
+    ByteReverseWords((word32*)abc##name##DataBE, (word32*)abc##name##Data,     \
+        WC_##upper##_BLOCK_SIZE);                                              \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##DataBE), 0);     \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#endif
+
+#define DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(type, name, upper, abcBlockStr,    \
+                                            abcHashStr)                        \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    byte abcData[WC_##upper##_BLOCK_SIZE];                                     \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    XMEMCPY(abcData, abc##name##Data, WC_##upper##_BLOCK_SIZE);                \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL), BAD_FUNC_ARG);               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL), BAD_FUNC_ARG);              \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        BAD_FUNC_ARG);                                                         \
+                                                                               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abcData), 0);               \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_FLAGS_TEST(type, name)                                          \
+    type dgst;                                                                 \
+    type dgst_copy;                                                            \
+    word32 flags;                                                              \
+                                                                               \
+    XMEMSET(&dgst_copy, 0, sizeof(dgst_copy));                                 \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Do nothing. */                                                          \
+    ExpectIntEQ(wc_##name##GetFlags(NULL, NULL), 0);                           \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, NULL), 0);                          \
+    ExpectIntEQ(wc_##name##GetFlags(NULL, &flags), 0);                         \
+    ExpectIntEQ(wc_##name##SetFlags(NULL, 1), 0);                              \
+                                                                               \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0);                        \
+    ExpectIntEQ(flags, 0);                                                     \
+                                                                               \
+    ExpectIntEQ(wc_##name##Copy(&dgst, &dgst_copy), 0);                        \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0);                        \
+    ExpectIntEQ(flags, 0);                                                     \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst_copy, &flags), 0);                   \
+    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY);                                   \
+                                                                               \
+    ExpectIntEQ(wc_##name##SetFlags(&dgst, WC_HASH_FLAG_WILLCOPY), 0);         \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0);                        \
+    ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);                                 \
+    ExpectIntEQ(wc_##name##SetFlags(&dgst, 0), 0);                             \
+                                                                               \
+    wc_##name##Free(&dgst_copy);                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_FLAGS_TEST(type, name, inst)                                \
+    type dgst;                                                                 \
+    type dgst_copy;                                                            \
+    word32 flags;                                                              \
+                                                                               \
+    XMEMSET(&dgst_copy, 0, sizeof(dgst_copy));                                 \
+    ExpectIntEQ(wc_Init##inst(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Do nothing. */                                                          \
+    ExpectIntEQ(wc_##name##_GetFlags(NULL, NULL), 0);                          \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, NULL), 0);                         \
+    ExpectIntEQ(wc_##name##_GetFlags(NULL, &flags), 0);                        \
+    ExpectIntEQ(wc_##name##_SetFlags(NULL, 1), 0);                             \
+                                                                               \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0);                       \
+    ExpectIntEQ(flags, 0);                                                     \
+                                                                               \
+    ExpectIntEQ(wc_##inst##_Copy(&dgst, &dgst_copy), 0);                       \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0);                       \
+    ExpectIntEQ(flags, 0);                                                     \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst_copy, &flags), 0);                  \
+    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY);                                   \
+                                                                               \
+    ExpectIntEQ(wc_##name##_SetFlags(&dgst, 1), 0);                            \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0);                       \
+    ExpectIntEQ(flags, 1);                                                     \
+    ExpectIntEQ(wc_##name##_SetFlags(&dgst, 0), 0);                            \
+                                                                               \
+    wc_##inst##_Free(&dgst_copy);                                              \
+    wc_##inst##_Free(&dgst)
+
diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c
new file mode 100644
index 000000000..bb3cf51fd
--- /dev/null
+++ b/tests/api/test_dtls.c
@@ -0,0 +1,597 @@
+/* test_dtls.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/ssl.h>
+#include <wolfssl/internal.h>
+
+#include <tests/utils.h>
+#include <tests/api/test_dtls.h>
+
+int test_dtls12_basic_connection_id(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS_CID)
+    unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+    unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 };
+    unsigned char readBuf[40];
+    void *        cid = NULL;
+    const char* params[] = {
+#ifndef NO_RSA
+#ifndef NO_SHA256
+#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_STATIC_RSA)
+        "AES128-SHA256",
+#ifdef HAVE_AESCCM
+        "AES128-CCM8",
+#endif
+        "DHE-RSA-AES128-SHA256",
+        "ECDHE-RSA-AES128-SHA256",
+#ifdef HAVE_AESGCM
+        "DHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+#endif
+#endif /* WOLFSSL_AES_128 && WOLFSSL_STATIC_RSA */
+#endif /* NO_SHA256 */
+#endif /* NO_RSA */
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(HAVE_FIPS)
+        "DHE-RSA-CHACHA20-POLY1305",
+        "DHE-RSA-CHACHA20-POLY1305-OLD",
+        "ECDHE-RSA-CHACHA20-POLY1305",
+        "ECDHE-RSA-CHACHA20-POLY1305-OLD",
+#endif
+#ifndef NO_PSK
+        "DHE-PSK-AES128-CBC-SHA256",
+        "DHE-PSK-AES256-GCM-SHA384",
+#ifdef HAVE_NULL_CIPHER
+        "DHE-PSK-NULL-SHA256",
+#endif
+        "DHE-PSK-AES128-CCM",
+#endif
+    };
+    size_t i;
+    struct {
+        byte drop:1;
+        byte changeCID:1;
+    } run_params[] = {
+        { .drop = 0, .changeCID = 0 },
+        { .drop = 1, .changeCID = 0 },
+        { .drop = 0, .changeCID = 1 },
+    };
+
+    /* We check if the side included the CID in their output */
+#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
+                              client_cid, sizeof(client_cid))
+#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
+                              server_cid, sizeof(server_cid))
+#define RESET_CID(cid) if ((cid) != NULL) { \
+                           ((char*)(cid))[0] = -1; \
+                       }
+
+
+    printf("\n");
+    for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
+        size_t j;
+        for (j = 0; j < XELEM_CNT(run_params); j++) {
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            struct test_memio_ctx test_ctx;
+
+            printf("Testing %s run #%ld ... ", params[i], (long int)j);
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method),
+                0);
+
+            ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), 1);
+            ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), 1);
+
+            ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid,
+                    sizeof(server_cid)), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid,
+                    sizeof(client_cid)), 1);
+
+#ifndef NO_PSK
+            if (XSTRSTR(params[i], "-PSK-") != NULL) {
+                wolfSSL_set_psk_client_callback(ssl_c, my_psk_client_cb);
+                wolfSSL_set_psk_server_callback(ssl_s, my_psk_server_cb);
+            }
+#endif
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+            ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1);
+            ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1);
+#endif
+
+            /* CH1 */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNull(CLIENT_CID());
+            }
+            /* HVR */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(SERVER_CID());
+            /* No point dropping HVR */
+            /* CH2 */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNull(CLIENT_CID());
+            }
+            /* Server first flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNull(SERVER_CID());
+            }
+            /* Client second flight */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            /* Server second flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Client complete connection */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+            ExpectNull(CLIENT_CID());
+
+            /* Write some data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            ExpectNotNull(SERVER_CID());
+            /* Read the data */
+            wolfSSL_SetLoggingPrefix("client");
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            /* Write short data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
+            ExpectNotNull(SERVER_CID());
+            /* Read the short data */
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
+            ExpectIntEQ(readBuf[0], params[i][0]);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
+            ExpectIntEQ(readBuf[0], params[i][0]);
+            /* Write some data but with wrong CID */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Reset client cid. */
+            ExpectNotNull(cid = CLIENT_CID());
+            RESET_CID(cid);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Reset server cid. */
+            ExpectNotNull(cid = SERVER_CID());
+            RESET_CID(cid);
+            /* Try to read the data but it shouldn't be there */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+            /* do two SCR's */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+            /* SCR's after the first one have extra internal logic */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+            if (run_params[j].changeCID) {
+                ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, client_cid,
+                        sizeof(client_cid)), 0);
+                /* Forcefully change the CID */
+                ssl_c->dtlsCidInfo->rx->id[0] = -1;
+                /* We need to init the rehandshake from the client, otherwise
+                 * we won't be able to test changing the CID. It would be
+                 * rejected by the record CID matching code. */
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+                ExpectNotNull(CLIENT_CID());
+                ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
+                /* Server first flight */
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+                /* We expect the server to reject the CID change. */
+                ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), DTLS_CID_ERROR);
+                goto loop_exit;
+            }
+            /* Server init'd SCR */
+            /* Server request */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(SERVER_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 1);
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Init SCR on client side with the server's request */
+            /* CH no HVR on SCR */
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            /* Server first flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Client second flight */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Server second flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), APP_DATA_READY);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            if (!run_params[j].drop) {
+                ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                        (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            }
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Test loading old epoch */
+            /* Client complete connection */
+            wolfSSL_SetLoggingPrefix("client");
+            if (!run_params[j].drop) {
+                ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+                XMEMSET(readBuf, 0, sizeof(readBuf));
+                ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                        XSTRLEN(params[i]));
+                ExpectStrEQ(readBuf, params[i]);
+            }
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+            ExpectNull(CLIENT_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0);
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0);
+#endif
+            /* Close connection */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+            ExpectNotNull(SERVER_CID());
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+loop_exit:
+#endif
+            wolfSSL_SetLoggingPrefix(NULL);
+            wolfSSL_free(ssl_c);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_s);
+
+            if (EXPECT_SUCCESS())
+                printf("ok\n");
+            else
+                printf("failed\n");
+        }
+
+    }
+
+#undef CLIENT_CID
+#undef SERVER_CID
+#undef RESET_CID
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_dtls13_basic_connection_id(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
+    && defined(WOLFSSL_DTLS_CID)
+    unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+    unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
+    unsigned char readBuf[50];
+    void *        cid = NULL;
+    const char* params[] = {
+#ifndef NO_SHA256
+#ifdef WOLFSSL_AES_128
+#ifdef HAVE_AESGCM
+        "TLS13-AES128-GCM-SHA256",
+#endif
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        "TLS13-CHACHA20-POLY1305-SHA256",
+#endif
+#ifdef HAVE_AESCCM
+        "TLS13-AES128-CCM-8-SHA256",
+        "TLS13-AES128-CCM-SHA256",
+#endif
+#endif
+#ifdef HAVE_NULL_CIPHER
+        "TLS13-SHA256-SHA256",
+#endif
+#endif
+    };
+    size_t i;
+
+    /* We check if the side included the CID in their output */
+#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
+                              client_cid, sizeof(client_cid))
+#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
+                              server_cid, sizeof(server_cid))
+#define RESET_CID(cid) if ((cid) != NULL) { \
+                           ((char*)(cid))[0] = -1; \
+                       }
+
+
+    printf("\n");
+    for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+
+        printf("Testing %s ... ", params[i]);
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+        ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), WOLFSSL_SUCCESS);
+
+        ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, sizeof(server_cid)),
+                1);
+        ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+        ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, sizeof(client_cid)),
+                1);
+
+        /* CH1 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(CLIENT_CID());
+        /* HRR */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(SERVER_CID());
+        /* CH2 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(CLIENT_CID());
+        /* Server first flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNotNull(SERVER_CID());
+        /* Client second flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNotNull(CLIENT_CID());
+        /* Server process flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+        /* Client process flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+
+        /* Write some data */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        ExpectNotNull(SERVER_CID());
+        /* Read the data */
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                XSTRLEN(params[i]));
+        ExpectStrEQ(readBuf, params[i]);
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                XSTRLEN(params[i]));
+        ExpectStrEQ(readBuf, params[i]);
+        /* Write short data */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
+        ExpectNotNull(SERVER_CID());
+        /* Read the short data */
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
+        ExpectIntEQ(readBuf[0], params[i][0]);
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
+        ExpectIntEQ(readBuf[0], params[i][0]);
+        /* Write some data but with wrong CID */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        /* Reset client cid. */
+        ExpectNotNull(cid = CLIENT_CID());
+        RESET_CID(cid);
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        /* Reset server cid. */
+        ExpectNotNull(cid = SERVER_CID());
+        RESET_CID(cid);
+        /* Try to read the data but it shouldn't be there */
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* Close connection */
+        ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+        ExpectNotNull(SERVER_CID());
+        ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+        if (EXPECT_SUCCESS())
+            printf("ok\n");
+        else
+            printf("failed\n");
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_s);
+    }
+
+#undef CLIENT_CID
+#undef SERVER_CID
+#undef RESET_CID
+
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_dtls_cid_parse(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    /* Taken from Wireshark. Right-click -> copy -> ... as escaped string */
+    /* Plaintext ServerHelloDone. No CID. */
+    byte noCid[] =
+            "\x16\xfe\xfd\x00\x00\x00\x00\x00\x00\x00\x04\x00\x0c\x0e\x00\x00" \
+            "\x00\x00\x04\x00\x00\x00\x00\x00\x00";
+    /* 1.2 app data containing CID */
+    byte cid12[] =
+            "\x19\xfe\xfd\x00\x01\x00\x00\x00\x00\x00\x01\x77\xa3\x79\x34\xb3" \
+            "\xf1\x1f\x34\x00\x1f\xdb\x8c\x28\x25\x9f\xe1\x02\x26\x77\x1c\x3a" \
+            "\x50\x1b\x50\x99\xd0\xb5\x20\xd8\x2c\x2e\xaa\x36\x36\xe0\xb7\xb7" \
+            "\xf7\x7d\xff\xb0";
+#ifdef WOLFSSL_DTLS13
+    /* 1.3 app data containing CID */
+    byte cid13[] =
+            "\x3f\x70\x64\x04\xc6\xfb\x97\x21\xd9\x28\x27\x00\x17\xc1\x01\x86" \
+            "\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \
+            "\x81\xda\xf5\x3f";
+#endif
+
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL);
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11);
+#ifdef WOLFSSL_DTLS13
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_dtls.h b/tests/api/test_dtls.h
new file mode 100644
index 000000000..68980c3e5
--- /dev/null
+++ b/tests/api/test_dtls.h
@@ -0,0 +1,29 @@
+/* test_dtls.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef TESTS_API_DTLS_H
+#define TESTS_API_DTLS_H
+
+int test_dtls12_basic_connection_id(void);
+int test_dtls13_basic_connection_id(void);
+int test_wolfSSL_dtls_cid_parse(void);
+
+#endif /* TESTS_API_DTLS_H */
diff --git a/tests/api/test_evp.c b/tests/api/test_evp.c
new file mode 100644
index 000000000..614a977b1
--- /dev/null
+++ b/tests/api/test_evp.c
@@ -0,0 +1,70 @@
+/* test_evp.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <tests/unit.h>
+#include <wolfssl/openssl/evp.h>
+#include <tests/api/test_evp.h>
+
+/* Test for NULL_CIPHER_TYPE in wolfSSL_EVP_CipherUpdate() */
+int test_wolfSSL_EVP_CipherUpdate_Null(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    WOLFSSL_EVP_CIPHER_CTX* ctx;
+    const char* testData = "Test NULL cipher data";
+    unsigned char output[100];
+    int outputLen = 0;
+    int testDataLen = (int)XSTRLEN(testData);
+
+    /* Create and initialize the cipher context */
+    ctx = wolfSSL_EVP_CIPHER_CTX_new();
+    ExpectNotNull(ctx);
+
+    /* Initialize with NULL cipher */
+    ExpectIntEQ(wolfSSL_EVP_CipherInit_ex(ctx, wolfSSL_EVP_enc_null(),
+                                         NULL, NULL, NULL, 1), WOLFSSL_SUCCESS);
+
+    /* Test encryption (which should just copy the data) */
+    ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, output, &outputLen,
+                                        (const unsigned char*)testData,
+                                        testDataLen), WOLFSSL_SUCCESS);
+
+    /* Verify output length matches input length */
+    ExpectIntEQ(outputLen, testDataLen);
+
+    /* Verify output data matches input data (no encryption occurred) */
+    ExpectIntEQ(XMEMCMP(output, testData, testDataLen), 0);
+
+    /* Clean up */
+    wolfSSL_EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_EXTRA */
+
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_evp.h b/tests/api/test_evp.h
new file mode 100644
index 000000000..9c18941e5
--- /dev/null
+++ b/tests/api/test_evp.h
@@ -0,0 +1,27 @@
+/* test_evp.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_TEST_EVP_H
+#define WOLFSSL_TEST_EVP_H
+
+int test_wolfSSL_EVP_CipherUpdate_Null(void);
+
+#endif /* WOLFSSL_TEST_EVP_H */
diff --git a/tests/api/test_hash.c b/tests/api/test_hash.c
new file mode 100644
index 000000000..965aac575
--- /dev/null
+++ b/tests/api/test_hash.c
@@ -0,0 +1,230 @@
+/* test_hash.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_hash.h>
+
+int test_wc_HashInit(void)
+{
+    EXPECT_DECLS;
+    int i;  /* 0 indicates tests passed, 1 indicates failure */
+
+    wc_HashAlg hash;
+
+    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
+    enum wc_HashType enumArray[] = {
+    #ifndef NO_MD5
+        WC_HASH_TYPE_MD5,
+    #endif
+    #ifndef NO_SHA
+        WC_HASH_TYPE_SHA,
+    #endif
+    #ifdef WOLFSSL_SHA224
+        WC_HASH_TYPE_SHA224,
+    #endif
+    #ifndef NO_SHA256
+        WC_HASH_TYPE_SHA256,
+    #endif
+    #ifdef WOLFSSL_SHA384
+        WC_HASH_TYPE_SHA384,
+    #endif
+    #ifdef WOLFSSL_SHA512
+        WC_HASH_TYPE_SHA512,
+    #endif
+    };
+    /* dynamically finds the length */
+    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
+
+    /* For loop to test various arguments... */
+    for (i = 0; i < enumlen; i++) {
+        /* check for bad args */
+        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
+        wc_HashFree(&hash, enumArray[i]);
+
+        /* check for null ptr */
+        ExpectIntEQ(wc_HashInit(NULL, enumArray[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    }  /* end of for loop */
+
+    return EXPECT_RESULT();
+}  /* end of test_wc_HashInit */
+
+/*
+ * Unit test function for wc_HashSetFlags()
+ */
+int test_wc_HashSetFlags(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_HASH_FLAGS
+    wc_HashAlg hash;
+    word32 flags = 0;
+    int i, j;
+    int notSupportedLen;
+
+    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
+    enum wc_HashType enumArray[] = {
+    #ifndef NO_MD5
+            WC_HASH_TYPE_MD5,
+    #endif
+    #ifndef NO_SHA
+            WC_HASH_TYPE_SHA,
+    #endif
+    #ifdef WOLFSSL_SHA224
+            WC_HASH_TYPE_SHA224,
+    #endif
+    #ifndef NO_SHA256
+            WC_HASH_TYPE_SHA256,
+    #endif
+    #ifdef WOLFSSL_SHA384
+            WC_HASH_TYPE_SHA384,
+    #endif
+    #ifdef WOLFSSL_SHA512
+            WC_HASH_TYPE_SHA512,
+    #endif
+    #ifdef WOLFSSL_SHA3
+            WC_HASH_TYPE_SHA3_224,
+    #endif
+    };
+    enum wc_HashType notSupported[] = {
+              WC_HASH_TYPE_MD5_SHA,
+              WC_HASH_TYPE_MD2,
+              WC_HASH_TYPE_MD4,
+              WC_HASH_TYPE_BLAKE2B,
+              WC_HASH_TYPE_BLAKE2S,
+              WC_HASH_TYPE_NONE,
+     };
+
+    /* dynamically finds the length */
+    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
+
+    /* For loop to test various arguments... */
+    for (i = 0; i < enumlen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
+        ExpectIntEQ(wc_HashSetFlags(&hash, enumArray[i], flags), 0);
+        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
+        ExpectIntEQ(wc_HashSetFlags(NULL, enumArray[i], flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        wc_HashFree(&hash, enumArray[i]);
+
+    }
+    /* For loop to test not supported cases */
+    notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
+    for (j = 0; j < notSupportedLen; j++) {
+        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashSetFlags(&hash, notSupported[j], flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_HashSetFlags */
+
+/*
+ * Unit test function for wc_HashGetFlags()
+ */
+int test_wc_HashGetFlags(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_HASH_FLAGS
+    wc_HashAlg hash;
+    word32 flags = 0;
+    int i, j;
+
+    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
+    enum wc_HashType enumArray[] = {
+    #ifndef NO_MD5
+            WC_HASH_TYPE_MD5,
+    #endif
+    #ifndef NO_SHA
+            WC_HASH_TYPE_SHA,
+    #endif
+    #ifdef WOLFSSL_SHA224
+            WC_HASH_TYPE_SHA224,
+    #endif
+    #ifndef NO_SHA256
+            WC_HASH_TYPE_SHA256,
+    #endif
+    #ifdef WOLFSSL_SHA384
+            WC_HASH_TYPE_SHA384,
+    #endif
+    #ifdef WOLFSSL_SHA512
+            WC_HASH_TYPE_SHA512,
+    #endif
+    #ifdef WOLFSSL_SHA3
+            WC_HASH_TYPE_SHA3_224,
+    #endif
+    };
+    enum wc_HashType notSupported[] = {
+              WC_HASH_TYPE_MD5_SHA,
+              WC_HASH_TYPE_MD2,
+              WC_HASH_TYPE_MD4,
+              WC_HASH_TYPE_BLAKE2B,
+              WC_HASH_TYPE_BLAKE2S,
+              WC_HASH_TYPE_NONE,
+    };
+    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
+    int notSupportedLen;
+
+    /* For loop to test various arguments... */
+    for (i = 0; i < enumlen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
+        ExpectIntEQ(wc_HashGetFlags(&hash, enumArray[i], &flags), 0);
+        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
+        ExpectIntEQ(wc_HashGetFlags(NULL, enumArray[i], &flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        wc_HashFree(&hash, enumArray[i]);
+    }
+    /* For loop to test not supported cases */
+    notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
+    for (j = 0; j < notSupportedLen; j++) {
+        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashGetFlags(&hash, notSupported[j], &flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_HashGetFlags */
+
diff --git a/tests/api/test_hash.h b/tests/api/test_hash.h
new file mode 100644
index 000000000..8d7be7104
--- /dev/null
+++ b/tests/api/test_hash.h
@@ -0,0 +1,29 @@
+/* test_hash.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_HASH_H
+#define WOLFCRYPT_TEST_HASH_H
+
+int test_wc_HashInit(void);
+int test_wc_HashSetFlags(void);
+int test_wc_HashGetFlags(void);
+
+#endif /* WOLFCRYPT_TEST_HASH_H */
diff --git a/tests/api/test_hmac.c b/tests/api/test_hmac.c
new file mode 100644
index 000000000..a811db233
--- /dev/null
+++ b/tests/api/test_hmac.c
@@ -0,0 +1,691 @@
+/* test_cmac.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/hmac.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_hmac.h>
+
+/*
+ * Test function for wc_HmacSetKey
+ */
+int test_wc_Md5HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_MD5)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr]));
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+        wc_HmacFree(&hmac);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+        ExpectIntEQ(ret, 0);
+#endif
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#elif defined(HAVE_FIPS)
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Md5HmacSetKey */
+
+/*
+ * testing wc_HmacSetKey() on wc_Sha hash.
+ */
+int test_wc_ShaHmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaHmacSetKey() */
+
+/*
+ * testing wc_HmacSetKey() on Sha224 hash.
+ */
+int test_wc_Sha224HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224HmacSetKey() */
+
+ /*
+  * testing wc_HmacSetKey() on Sha256 hash
+  */
+int test_wc_Sha256HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA256)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256HmacSetKey() */
+
+/*
+ * testing wc_HmacSetKey on Sha384 hash.
+ */
+int test_wc_Sha384HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384HmacSetKey() */
+
+/*
+ * testing wc_HmacUpdate on wc_Md5 hash.
+ */
+int test_wc_Md5HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 5))
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Md5HmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA hash.
+ */
+int test_wc_ShaHmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaHmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA224 hash.
+ */
+int test_wc_Sha224HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224HmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA256 hash.
+ */
+int test_wc_Sha256HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA256)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256HmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA384  hash.
+ */
+int test_wc_Sha384HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384HmacUpdate */
+
+/*
+ * Testing wc_HmacFinal() with MD5
+ */
+
+int test_wc_Md5HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 5))
+    Hmac hmac;
+    byte hash[WC_MD5_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
+               "\x9d";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)),
+        0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Md5HmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA
+ */
+int test_wc_ShaHmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+    Hmac hmac;
+    byte hash[WC_SHA_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
+               "\x8e\xf1\x46\xbe\x00";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)),
+        0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaHmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA224
+ */
+int test_wc_Sha224HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+    Hmac hmac;
+    byte hash[WC_SHA224_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
+               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key,
+        (word32)XSTRLEN(key)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224HmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA256
+ */
+int test_wc_Sha256HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA256)
+    Hmac hmac;
+    byte hash[WC_SHA256_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
+               "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
+               "\xcf\xf7";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key,
+        (word32)XSTRLEN(key)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256HmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA384
+ */
+int test_wc_Sha384HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    Hmac hmac;
+    byte hash[WC_SHA384_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
+               "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
+               "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
+               "\xfa\x9c\xb6";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key,
+        (word32)XSTRLEN(key)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384HmacFinal */
+
diff --git a/tests/api/test_hmac.h b/tests/api/test_hmac.h
new file mode 100644
index 000000000..e92949f53
--- /dev/null
+++ b/tests/api/test_hmac.h
@@ -0,0 +1,41 @@
+/* test_hmac.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_HMAC_H
+#define WOLFCRYPT_TEST_HMAC_H
+
+int test_wc_Md5HmacSetKey(void);
+int test_wc_Md5HmacUpdate(void);
+int test_wc_Md5HmacFinal(void);
+int test_wc_ShaHmacSetKey(void);
+int test_wc_ShaHmacUpdate(void);
+int test_wc_ShaHmacFinal(void);
+int test_wc_Sha224HmacSetKey(void);
+int test_wc_Sha224HmacUpdate(void);
+int test_wc_Sha224HmacFinal(void);
+int test_wc_Sha256HmacSetKey(void);
+int test_wc_Sha256HmacUpdate(void);
+int test_wc_Sha256HmacFinal(void);
+int test_wc_Sha384HmacSetKey(void);
+int test_wc_Sha384HmacUpdate(void);
+int test_wc_Sha384HmacFinal(void);
+
+#endif /* WOLFCRYPT_TEST_HMAC_H */
diff --git a/tests/api/test_md5.c b/tests/api/test_md5.c
new file mode 100644
index 000000000..2e94b88d2
--- /dev/null
+++ b/tests/api/test_md5.c
@@ -0,0 +1,178 @@
+/* test_md5.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/md5.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_md5.h>
+#include <tests/api/test_digest.h>
+
+/* Unit test for wc_InitMd5() and wc_InitMd5_ex() */
+int test_wc_InitMd5(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Md5, Md5);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_UpdateMd5() */
+int test_wc_Md5Update(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_UPDATE_TEST(wc_Md5, Md5);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_Md5Final() */
+int test_wc_Md5Final(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_FINAL_TEST(wc_Md5, Md5, MD5);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define MD5_KAT_CNT     7
+
+int test_wc_Md5_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_KATS_TEST_VARS(wc_Md5, MD5);
+
+    /* From RFC 1321. */
+    DIGEST_KATS_ADD("", 0,
+                    "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+                    "\xe9\x80\x09\x98\xec\xf8\x42\x7e");
+    DIGEST_KATS_ADD("a", 1,
+                    "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
+                    "\x31\xc3\x99\xe2\x69\x77\x26\x61");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+                    "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
+                    "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
+                    "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
+                    "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
+                    "\xac\x49\xda\x2e\x21\x07\xb6\x7a");
+
+    DIGEST_KATS_TEST(Md5, MD5);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_OTHER_TEST(wc_Md5, Md5, MD5,
+                      "\xd9\xa6\xc2\x1f\xf4\x05\xab\x62"
+                      "\xd6\xad\xa8\xcd\x0c\xb9\x49\x14");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5Copy(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_COPY_TEST(wc_Md5, Md5, MD5,
+                     "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+                     "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+                     "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+                     "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5GetHash(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_GET_HASH_TEST(wc_Md5, Md5, MD5,
+                         "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+                         "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+                         "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+                         "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5Transform(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_MD5) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_MD5_CUST_API)
+    DIGEST_TRANSFORM_TEST(wc_Md5, Md5, MD5,
+                          "\x61\x62\x63\x80\x00\x00\x00\x00"
+                          "\x00\x00\x00\x00\x00\x00\x00\x00"
+                          "\x00\x00\x00\x00\x00\x00\x00\x00"
+                          "\x00\x00\x00\x00\x00\x00\x00\x00"
+                          "\x00\x00\x00\x00\x00\x00\x00\x00"
+                          "\x00\x00\x00\x00\x00\x00\x00\x00"
+                          "\x00\x00\x00\x00\x00\x00\x00\x00"
+                          "\x18\x00\x00\x00\x00\x00\x00\x00",
+                          "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+                          "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5_Flags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_MD5) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Md5, Md5);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_md5.h b/tests/api/test_md5.h
new file mode 100644
index 000000000..56ec522e3
--- /dev/null
+++ b/tests/api/test_md5.h
@@ -0,0 +1,35 @@
+/* test_md5.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MD5_H
+#define WOLFCRYPT_TEST_MD5_H
+
+int test_wc_InitMd5(void);
+int test_wc_Md5Update(void);
+int test_wc_Md5Final(void);
+int test_wc_Md5_KATs(void);
+int test_wc_Md5_other(void);
+int test_wc_Md5Copy(void);
+int test_wc_Md5GetHash(void);
+int test_wc_Md5Transform(void);
+int test_wc_Md5_Flags(void);
+
+#endif /* WOLFCRYPT_TEST_MD5_H */
diff --git a/tests/api/test_mlkem.c b/tests/api/test_mlkem.c
new file mode 100644
index 000000000..1b5514407
--- /dev/null
+++ b/tests/api/test_mlkem.c
@@ -0,0 +1,3882 @@
+/* test_mlkem.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLFSSL_HAVE_KYBER
+    #include <wolfssl/wolfcrypt/kyber.h>
+#ifdef WOLFSSL_WC_KYBER
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#endif
+#endif
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_mlkem.h>
+
+int test_wc_mlkem_make_key_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
+    !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_KYBER_NO_MAKE_KEY)
+    KyberKey* key;
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte seed_512[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
+        /* d */
+        0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1,
+        0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4,
+        0x9A, 0xB9, 0x0A, 0x57, 0xFF, 0xEC, 0xB3, 0xA0,
+        0xE7, 0x5E, 0x17, 0x94, 0x50, 0xF5, 0x27, 0x61,
+        /* z */
+        0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3,
+        0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E,
+        0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
+        0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
+    };
+    static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = {
+        0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
+        0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
+        0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
+        0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35,
+        0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC,
+        0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E,
+        0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B,
+        0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9,
+        0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1,
+        0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5,
+        0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F,
+        0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D,
+        0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60,
+        0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8,
+        0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75,
+        0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12,
+        0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B,
+        0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0,
+        0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94,
+        0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73,
+        0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD,
+        0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84,
+        0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29,
+        0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F,
+        0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13,
+        0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE,
+        0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4,
+        0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5,
+        0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A,
+        0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30,
+        0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4,
+        0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08,
+        0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12,
+        0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4,
+        0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6,
+        0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E,
+        0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30,
+        0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1,
+        0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04,
+        0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5,
+        0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE,
+        0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE,
+        0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6,
+        0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51,
+        0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90,
+        0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80,
+        0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95,
+        0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37,
+        0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90,
+        0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20,
+        0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2,
+        0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45,
+        0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA,
+        0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D,
+        0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93,
+        0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D,
+        0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58,
+        0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07,
+        0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD,
+        0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35,
+        0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19,
+        0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52,
+        0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB,
+        0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8,
+        0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD,
+        0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09,
+        0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9,
+        0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8,
+        0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28,
+        0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85,
+        0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38,
+        0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2,
+        0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1,
+        0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B,
+        0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A,
+        0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC,
+        0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54,
+        0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61,
+        0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95,
+        0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4,
+        0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6,
+        0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3,
+        0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E,
+        0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F,
+        0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9,
+        0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE,
+        0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D,
+        0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB,
+        0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1,
+        0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14,
+        0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82,
+        0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C,
+        0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58,
+        0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA,
+        0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95,
+        0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83,
+        0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1,
+        0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8,
+        0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
+        0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B
+    };
+    static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = {
+        0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64,
+        0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC,
+        0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E,
+        0x65, 0x89, 0x8D, 0x59, 0x6A, 0x88, 0x36, 0xC4,
+        0x9F, 0xBD, 0x3B, 0x4A, 0x84, 0x97, 0x59, 0xAA,
+        0x15, 0x46, 0xBD, 0xA8, 0x35, 0xCA, 0xF1, 0x75,
+        0x64, 0x2C, 0x28, 0x28, 0x08, 0x92, 0xA7, 0x87,
+        0x8C, 0xC3, 0x18, 0xBC, 0xC7, 0x5B, 0x83, 0x4C,
+        0xB2, 0x9F, 0xDF, 0x53, 0x60, 0xD7, 0xF9, 0x82,
+        0xA5, 0x2C, 0x88, 0xAE, 0x91, 0x4D, 0xBF, 0x02,
+        0xB5, 0x8B, 0xEB, 0x8B, 0xA8, 0x87, 0xAE, 0x8F,
+        0xAB, 0x5E, 0xB7, 0x87, 0x31, 0xC6, 0x75, 0x78,
+        0x05, 0x47, 0x1E, 0xBC, 0xEC, 0x2E, 0x38, 0xDB,
+        0x1F, 0x4B, 0x83, 0x10, 0xD2, 0x88, 0x92, 0x0D,
+        0x8A, 0x49, 0x27, 0x95, 0xA3, 0x90, 0xA7, 0x4B,
+        0xCD, 0x55, 0xCD, 0x85, 0x57, 0xB4, 0xDA, 0xAB,
+        0xA8, 0x2C, 0x28, 0xCB, 0x3F, 0x15, 0x2C, 0x52,
+        0x31, 0x19, 0x61, 0x93, 0xA6, 0x6A, 0x8C, 0xCF,
+        0x34, 0xB8, 0x0E, 0x1F, 0x69, 0x42, 0xC3, 0x2B,
+        0xCF, 0xF9, 0x6A, 0x6E, 0x3C, 0xF3, 0x93, 0x9B,
+        0x7B, 0x94, 0x24, 0x98, 0xCC, 0x5E, 0x4C, 0xB8,
+        0xE8, 0x46, 0x8E, 0x70, 0x27, 0x59, 0x85, 0x2A,
+        0xA2, 0x29, 0xC0, 0x25, 0x7F, 0x02, 0x98, 0x20,
+        0x97, 0x33, 0x86, 0x07, 0xC0, 0xF0, 0xF4, 0x54,
+        0x46, 0xFA, 0xB4, 0x26, 0x79, 0x93, 0xB8, 0xA5,
+        0x90, 0x8C, 0xAB, 0x9C, 0x46, 0x78, 0x01, 0x34,
+        0x80, 0x4A, 0xE1, 0x88, 0x15, 0xB1, 0x02, 0x05,
+        0x27, 0xA2, 0x22, 0xEC, 0x4B, 0x39, 0xA3, 0x19,
+        0x4E, 0x66, 0x17, 0x37, 0x79, 0x17, 0x14, 0x12,
+        0x26, 0x62, 0xD8, 0xB9, 0x76, 0x9F, 0x6C, 0x67,
+        0xDE, 0x62, 0x5C, 0x0D, 0x48, 0x3C, 0x3D, 0x42,
+        0x0F, 0xF1, 0xBB, 0x88, 0x9A, 0x72, 0x7E, 0x75,
+        0x62, 0x81, 0x51, 0x3A, 0x70, 0x04, 0x76, 0x48,
+        0xD2, 0x9C, 0x0C, 0x30, 0xF9, 0xBE, 0x52, 0xEC,
+        0x0D, 0xEB, 0x97, 0x7C, 0xF0, 0xF3, 0x4F, 0xC2,
+        0x07, 0x84, 0x83, 0x45, 0x69, 0x64, 0x74, 0x34,
+        0x10, 0x63, 0x8C, 0x57, 0xB5, 0x53, 0x95, 0x77,
+        0xBF, 0x85, 0x66, 0x90, 0x78, 0xC3, 0x56, 0xB3,
+        0x46, 0x2E, 0x9F, 0xA5, 0x80, 0x7D, 0x49, 0x59,
+        0x1A, 0xFA, 0x41, 0xC1, 0x96, 0x9F, 0x65, 0xE3,
+        0x40, 0x5C, 0xB6, 0x4D, 0xDF, 0x16, 0x3F, 0x26,
+        0x73, 0x4C, 0xE3, 0x48, 0xB9, 0xCF, 0x45, 0x67,
+        0xA3, 0x3A, 0x59, 0x69, 0xEB, 0x32, 0x6C, 0xFB,
+        0x5A, 0xDC, 0x69, 0x5D, 0xCA, 0x0C, 0x8B, 0x2A,
+        0x7B, 0x1F, 0x4F, 0x40, 0x4C, 0xC7, 0xA0, 0x98,
+        0x1E, 0x2C, 0xC2, 0x4C, 0x1C, 0x23, 0xD1, 0x6A,
+        0xA9, 0xB4, 0x39, 0x24, 0x15, 0xE2, 0x6C, 0x22,
+        0xF4, 0xA9, 0x34, 0xD7, 0x94, 0xC1, 0xFB, 0x4E,
+        0x5A, 0x67, 0x05, 0x11, 0x23, 0xCC, 0xD1, 0x53,
+        0x76, 0x4D, 0xEC, 0x99, 0xD5, 0x53, 0x52, 0x90,
+        0x53, 0xC3, 0xDA, 0x55, 0x0B, 0xCE, 0xA3, 0xAC,
+        0x54, 0x13, 0x6A, 0x26, 0xA6, 0x76, 0xD2, 0xBA,
+        0x84, 0x21, 0x06, 0x70, 0x68, 0xC6, 0x38, 0x1C,
+        0x2A, 0x62, 0xA7, 0x27, 0xC9, 0x33, 0x70, 0x2E,
+        0xE5, 0x80, 0x4A, 0x31, 0xCA, 0x86, 0x5A, 0x45,
+        0x58, 0x8F, 0xB7, 0x4D, 0xE7, 0xE2, 0x22, 0x3D,
+        0x88, 0xC0, 0x60, 0x8A, 0x16, 0xBF, 0xEC, 0x4F,
+        0xAD, 0x67, 0x52, 0xDB, 0x56, 0xB4, 0x8B, 0x88,
+        0x72, 0xBF, 0x26, 0xBA, 0x2F, 0xFA, 0x0C, 0xED,
+        0xE5, 0x34, 0x3B, 0xE8, 0x14, 0x36, 0x89, 0x26,
+        0x5E, 0x06, 0x5F, 0x41, 0xA6, 0x92, 0x5B, 0x86,
+        0xC8, 0x92, 0xE6, 0x2E, 0xB0, 0x77, 0x27, 0x34,
+        0xF5, 0xA3, 0x57, 0xC7, 0x5C, 0xA1, 0xAC, 0x6D,
+        0xF7, 0x8A, 0xB1, 0xB8, 0x88, 0x5A, 0xD0, 0x81,
+        0x96, 0x15, 0x37, 0x6D, 0x33, 0xEB, 0xB9, 0x8F,
+        0x87, 0x33, 0xA6, 0x75, 0x58, 0x03, 0xD9, 0x77,
+        0xBF, 0x51, 0xC1, 0x27, 0x40, 0x42, 0x4B, 0x2B,
+        0x49, 0xC2, 0x83, 0x82, 0xA6, 0x91, 0x7C, 0xBF,
+        0xA0, 0x34, 0xC3, 0xF1, 0x26, 0xA3, 0x8C, 0x21,
+        0x6C, 0x03, 0xC3, 0x57, 0x70, 0xAD, 0x48, 0x1B,
+        0x90, 0x84, 0xB5, 0x58, 0x8D, 0xA6, 0x5F, 0xF1,
+        0x18, 0xA7, 0x4F, 0x93, 0x2C, 0x7E, 0x53, 0x7A,
+        0xBE, 0x58, 0x63, 0xFB, 0x29, 0xA1, 0x0C, 0x09,
+        0x70, 0x1B, 0x44, 0x1F, 0x83, 0x99, 0xC1, 0xF8,
+        0xA6, 0x37, 0x82, 0x5A, 0xCE, 0xA3, 0xE9, 0x31,
+        0x80, 0x57, 0x4F, 0xDE, 0xB8, 0x80, 0x76, 0x66,
+        0x1A, 0xB4, 0x69, 0x51, 0x71, 0x6A, 0x50, 0x01,
+        0x84, 0xA0, 0x40, 0x55, 0x72, 0x66, 0x59, 0x8C,
+        0xAF, 0x76, 0x10, 0x5E, 0x1C, 0x18, 0x70, 0xB4,
+        0x39, 0x69, 0xC3, 0xBC, 0xC1, 0xA0, 0x49, 0x27,
+        0x63, 0x80, 0x17, 0x49, 0x8B, 0xB6, 0x2C, 0xAF,
+        0xD3, 0xA6, 0xB0, 0x82, 0xB7, 0xBF, 0x7A, 0x23,
+        0x45, 0x0E, 0x19, 0x17, 0x99, 0x61, 0x9B, 0x92,
+        0x51, 0x12, 0xD0, 0x72, 0x02, 0x5C, 0xA8, 0x88,
+        0x54, 0x8C, 0x79, 0x1A, 0xA4, 0x22, 0x51, 0x50,
+        0x4D, 0x5D, 0x1C, 0x1C, 0xDD, 0xB2, 0x13, 0x30,
+        0x3B, 0x04, 0x9E, 0x73, 0x46, 0xE8, 0xD8, 0x3A,
+        0xD5, 0x87, 0x83, 0x6F, 0x35, 0x28, 0x4E, 0x10,
+        0x97, 0x27, 0xE6, 0x6B, 0xBC, 0xC9, 0x52, 0x1F,
+        0xE0, 0xB1, 0x91, 0x63, 0x00, 0x47, 0xD1, 0x58,
+        0xF7, 0x56, 0x40, 0xFF, 0xEB, 0x54, 0x56, 0x07,
+        0x27, 0x40, 0x02, 0x1A, 0xFD, 0x15, 0xA4, 0x54,
+        0x69, 0xC5, 0x83, 0x82, 0x9D, 0xAA, 0xC8, 0xA7,
+        0xDE, 0xB0, 0x5B, 0x24, 0xF0, 0x56, 0x7E, 0x43,
+        0x17, 0xB3, 0xE3, 0xB3, 0x33, 0x89, 0xB5, 0xC5,
+        0xF8, 0xB0, 0x4B, 0x09, 0x9F, 0xB4, 0xD1, 0x03,
+        0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
+        0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
+        0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
+        0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35,
+        0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC,
+        0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E,
+        0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B,
+        0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9,
+        0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1,
+        0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5,
+        0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F,
+        0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D,
+        0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60,
+        0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8,
+        0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75,
+        0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12,
+        0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B,
+        0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0,
+        0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94,
+        0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73,
+        0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD,
+        0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84,
+        0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29,
+        0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F,
+        0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13,
+        0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE,
+        0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4,
+        0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5,
+        0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A,
+        0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30,
+        0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4,
+        0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08,
+        0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12,
+        0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4,
+        0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6,
+        0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E,
+        0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30,
+        0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1,
+        0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04,
+        0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5,
+        0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE,
+        0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE,
+        0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6,
+        0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51,
+        0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90,
+        0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80,
+        0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95,
+        0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37,
+        0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90,
+        0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20,
+        0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2,
+        0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45,
+        0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA,
+        0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D,
+        0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93,
+        0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D,
+        0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58,
+        0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07,
+        0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD,
+        0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35,
+        0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19,
+        0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52,
+        0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB,
+        0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8,
+        0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD,
+        0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09,
+        0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9,
+        0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8,
+        0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28,
+        0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85,
+        0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38,
+        0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2,
+        0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1,
+        0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B,
+        0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A,
+        0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC,
+        0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54,
+        0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61,
+        0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95,
+        0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4,
+        0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6,
+        0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3,
+        0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E,
+        0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F,
+        0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9,
+        0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE,
+        0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D,
+        0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB,
+        0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1,
+        0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14,
+        0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82,
+        0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C,
+        0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58,
+        0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA,
+        0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95,
+        0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83,
+        0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1,
+        0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8,
+        0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
+        0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B,
+        0x62, 0x01, 0x30, 0xD6, 0xC2, 0xB8, 0xC9, 0x04,
+        0xA3, 0xBB, 0x93, 0x07, 0xBE, 0x51, 0x03, 0xF8,
+        0xD8, 0x14, 0x50, 0x5F, 0xB6, 0xA6, 0x0A, 0xF7,
+        0x93, 0x7E, 0xA6, 0xCA, 0xA1, 0x17, 0x31, 0x5E,
+        0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3,
+        0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E,
+        0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
+        0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte seed_768[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
+        /* d */
+        0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F,
+        0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84,
+        0xD9, 0x76, 0x11, 0xF2, 0x52, 0x3E, 0xFE, 0x0C,
+        0x99, 0x8A, 0xF0, 0x50, 0x56, 0xD6, 0x93, 0xDC,
+        /* z */
+        0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A,
+        0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E,
+        0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
+        0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
+    };
+    static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = {
+        0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
+        0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
+        0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
+        0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73,
+        0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64,
+        0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1,
+        0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34,
+        0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44,
+        0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86,
+        0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C,
+        0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C,
+        0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71,
+        0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98,
+        0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E,
+        0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E,
+        0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3,
+        0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93,
+        0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22,
+        0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18,
+        0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E,
+        0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A,
+        0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98,
+        0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B,
+        0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20,
+        0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60,
+        0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58,
+        0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B,
+        0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87,
+        0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B,
+        0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73,
+        0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09,
+        0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7,
+        0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83,
+        0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A,
+        0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9,
+        0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89,
+        0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A,
+        0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2,
+        0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33,
+        0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70,
+        0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6,
+        0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A,
+        0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3,
+        0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44,
+        0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C,
+        0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56,
+        0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43,
+        0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02,
+        0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5,
+        0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B,
+        0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D,
+        0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB,
+        0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73,
+        0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1,
+        0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85,
+        0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B,
+        0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66,
+        0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48,
+        0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02,
+        0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A,
+        0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B,
+        0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A,
+        0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22,
+        0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30,
+        0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98,
+        0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44,
+        0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC,
+        0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC,
+        0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA,
+        0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22,
+        0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69,
+        0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B,
+        0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6,
+        0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B,
+        0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E,
+        0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78,
+        0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3,
+        0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68,
+        0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9,
+        0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38,
+        0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8,
+        0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C,
+        0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0,
+        0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62,
+        0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0,
+        0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79,
+        0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F,
+        0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7,
+        0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A,
+        0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89,
+        0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81,
+        0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80,
+        0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C,
+        0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C,
+        0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3,
+        0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90,
+        0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76,
+        0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2,
+        0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1,
+        0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6,
+        0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48,
+        0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20,
+        0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1,
+        0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6,
+        0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46,
+        0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7,
+        0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7,
+        0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8,
+        0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4,
+        0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C,
+        0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B,
+        0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73,
+        0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C,
+        0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4,
+        0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8,
+        0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30,
+        0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33,
+        0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00,
+        0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C,
+        0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B,
+        0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6,
+        0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21,
+        0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE,
+        0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB,
+        0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48,
+        0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7,
+        0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA,
+        0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95,
+        0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44,
+        0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6,
+        0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF,
+        0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81,
+        0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28,
+        0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A,
+        0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55,
+        0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51,
+        0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7,
+        0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE,
+        0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42,
+        0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43,
+        0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94,
+        0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72,
+        0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4,
+        0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F,
+        0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA,
+        0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68,
+        0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
+        0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68
+    };
+    static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = {
+        0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5,
+        0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB,
+        0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B,
+        0xA1, 0x07, 0x82, 0x71, 0x5B, 0x35, 0xA3, 0x10,
+        0x2D, 0xF6, 0x37, 0x87, 0x2B, 0xE6, 0x5B, 0xAB,
+        0x37, 0xA1, 0xDE, 0x25, 0x11, 0xD7, 0x03, 0xC7,
+        0x02, 0x47, 0xB3, 0x5E, 0xF2, 0x74, 0x35, 0x48,
+        0x50, 0x24, 0xD9, 0x3F, 0xD9, 0xE7, 0x7C, 0x43,
+        0x80, 0x4F, 0x37, 0x17, 0x49, 0xBA, 0x00, 0xB2,
+        0x0A, 0x8C, 0x5C, 0x58, 0x8B, 0xC9, 0xAB, 0xE0,
+        0x68, 0xAE, 0xAA, 0xA9, 0x38, 0x51, 0x7E, 0xBF,
+        0xE5, 0x3B, 0x6B, 0x66, 0x32, 0x82, 0x90, 0x3D,
+        0xCD, 0x18, 0x97, 0x36, 0xD7, 0x29, 0x68, 0x16,
+        0xC7, 0x33, 0xA1, 0xC7, 0x7C, 0x63, 0x75, 0xE5,
+        0x39, 0x7C, 0x0F, 0x18, 0x9B, 0xBF, 0xE4, 0x76,
+        0x43, 0xA6, 0x1F, 0x58, 0xF8, 0xA3, 0xC6, 0x91,
+        0x1B, 0xE4, 0x61, 0x1A, 0x8C, 0x7B, 0xC0, 0x50,
+        0x02, 0x11, 0x63, 0xD0, 0xA4, 0x04, 0xDC, 0x14,
+        0x06, 0x57, 0x48, 0xFF, 0x29, 0xBE, 0x60, 0xD2,
+        0xB9, 0xFD, 0xCC, 0x8F, 0xFD, 0x98, 0xC5, 0x87,
+        0xF3, 0x8C, 0x67, 0x11, 0x57, 0x86, 0x46, 0x4B,
+        0xDB, 0x34, 0x2B, 0x17, 0xE8, 0x97, 0xD6, 0x46,
+        0x17, 0xCB, 0xFB, 0x11, 0x79, 0x73, 0xA5, 0x45,
+        0x89, 0x77, 0xA7, 0xD7, 0x61, 0x7A, 0x1B, 0x4D,
+        0x83, 0xBA, 0x03, 0xC6, 0x11, 0x13, 0x8A, 0x46,
+        0x73, 0xB1, 0xEB, 0x34, 0xB0, 0x78, 0x03, 0x3F,
+        0x97, 0xCF, 0xFE, 0x80, 0xC1, 0x46, 0xA2, 0x69,
+        0x43, 0xF8, 0x42, 0xB9, 0x76, 0x32, 0x7B, 0xF1,
+        0xCB, 0xC6, 0x01, 0x19, 0x52, 0x5B, 0xB9, 0xA3,
+        0xC0, 0x34, 0x93, 0x34, 0x90, 0x00, 0xDD, 0x8F,
+        0x51, 0xBA, 0x21, 0xA2, 0xE9, 0x23, 0x61, 0x76,
+        0x23, 0x24, 0x60, 0x0E, 0x0C, 0x13, 0xAA, 0xA6,
+        0xCB, 0x69, 0xBF, 0xB2, 0x42, 0x76, 0x48, 0x3F,
+        0x6B, 0x02, 0x42, 0x12, 0x59, 0xB7, 0x58, 0x52,
+        0x63, 0xC1, 0xA0, 0x28, 0xD6, 0x82, 0xC5, 0x08,
+        0xBB, 0xC2, 0x80, 0x1A, 0x56, 0xE9, 0x8B, 0x8F,
+        0x62, 0x0B, 0x04, 0x83, 0xD7, 0x9B, 0x5A, 0xD8,
+        0x58, 0x5A, 0xC0, 0xA4, 0x75, 0xBA, 0xC7, 0x78,
+        0x65, 0x19, 0x41, 0x96, 0x33, 0x87, 0x91, 0xB7,
+        0x98, 0x5A, 0x05, 0xD1, 0x09, 0x39, 0x5C, 0xCA,
+        0x89, 0x32, 0x72, 0x2A, 0x91, 0x95, 0x0D, 0x37,
+        0xE1, 0x2B, 0x89, 0x14, 0x20, 0xA5, 0x2B, 0x62,
+        0xCB, 0xFA, 0x81, 0x5D, 0xF6, 0x17, 0x4C, 0xE0,
+        0x0E, 0x68, 0xBC, 0xA7, 0x5D, 0x48, 0x38, 0xCA,
+        0x28, 0x0F, 0x71, 0x3C, 0x7E, 0x69, 0x24, 0xAF,
+        0xD9, 0x5B, 0xAA, 0x0D, 0x01, 0xAD, 0xA6, 0x37,
+        0xB1, 0x58, 0x34, 0x70, 0x34, 0xC0, 0xAB, 0x1A,
+        0x71, 0x83, 0x33, 0x1A, 0x82, 0x0A, 0xCB, 0xCB,
+        0x83, 0x19, 0x3A, 0x1A, 0x94, 0xC8, 0xF7, 0xE3,
+        0x84, 0xAE, 0xD0, 0xC3, 0x5E, 0xD3, 0xCB, 0x33,
+        0x97, 0xBB, 0x63, 0x80, 0x86, 0xE7, 0xA3, 0x5A,
+        0x64, 0x08, 0xA3, 0xA4, 0xB9, 0x0C, 0xE9, 0x53,
+        0x70, 0x7C, 0x19, 0xBC, 0x46, 0xC3, 0xB2, 0xDA,
+        0x3B, 0x2E, 0xE3, 0x23, 0x19, 0xC5, 0x6B, 0x92,
+        0x80, 0x32, 0xB5, 0xED, 0x12, 0x56, 0xD0, 0x75,
+        0x3D, 0x34, 0x14, 0x23, 0xE9, 0xDB, 0x13, 0x9D,
+        0xE7, 0x71, 0x4F, 0xF0, 0x75, 0xCA, 0xF5, 0x8F,
+        0xD9, 0xF5, 0x7D, 0x1A, 0x54, 0x01, 0x9B, 0x59,
+        0x26, 0x40, 0x68, 0x30, 0xDA, 0xE2, 0x9A, 0x87,
+        0x53, 0x02, 0xA8, 0x12, 0x56, 0xF4, 0xD6, 0xCF,
+        0x5E, 0x74, 0x03, 0x4E, 0xA6, 0x14, 0xBF, 0x70,
+        0xC2, 0x76, 0x4B, 0x20, 0xC9, 0x58, 0x9C, 0xDB,
+        0x5C, 0x25, 0x76, 0x1A, 0x04, 0xE5, 0x82, 0x92,
+        0x90, 0x7C, 0x57, 0x8A, 0x94, 0xA3, 0x58, 0x36,
+        0xBE, 0xE3, 0x11, 0x2D, 0xC2, 0xC3, 0xAE, 0x21,
+        0x92, 0xC9, 0xDE, 0xAA, 0x30, 0x4B, 0x29, 0xC7,
+        0xFE, 0xA1, 0xBD, 0xF4, 0x7B, 0x3B, 0x6B, 0xCB,
+        0xA2, 0xC0, 0xE5, 0x5C, 0x9C, 0xDB, 0x6D, 0xE7,
+        0x14, 0x9E, 0x9C, 0xB1, 0x79, 0x17, 0x71, 0x8F,
+        0x12, 0xC8, 0x03, 0x2D, 0xE1, 0xAD, 0xE0, 0x64,
+        0x8D, 0x40, 0x55, 0x19, 0xC7, 0x07, 0x19, 0xBE,
+        0xCC, 0x70, 0x18, 0x45, 0xCF, 0x9F, 0x4B, 0x91,
+        0x2F, 0xE7, 0x19, 0x83, 0xCA, 0x34, 0xF9, 0x01,
+        0x8C, 0x7C, 0xA7, 0xBB, 0x2F, 0x6C, 0x5D, 0x7F,
+        0x8C, 0x5B, 0x29, 0x73, 0x59, 0xEC, 0x75, 0x20,
+        0x9C, 0x25, 0x43, 0xFF, 0x11, 0xC4, 0x24, 0x49,
+        0x77, 0xC5, 0x96, 0x95, 0x24, 0xEC, 0x45, 0x4D,
+        0x44, 0xC3, 0x23, 0xFC, 0xCA, 0x94, 0xAC, 0xAC,
+        0x27, 0x3A, 0x0E, 0xC4, 0x9B, 0x4A, 0x8A, 0x58,
+        0x5B, 0xCE, 0x7A, 0x5B, 0x30, 0x5C, 0x04, 0xC3,
+        0x50, 0x64, 0x22, 0x58, 0x03, 0x57, 0x01, 0x6A,
+        0x85, 0x0C, 0x3F, 0x7E, 0xE1, 0x72, 0x05, 0xA7,
+        0x7B, 0x29, 0x1C, 0x77, 0x31, 0xC9, 0x83, 0x6C,
+        0x02, 0xAE, 0xE5, 0x40, 0x6F, 0x63, 0xC6, 0xA0,
+        0x7A, 0x21, 0x43, 0x82, 0xAA, 0x15, 0x33, 0x6C,
+        0x05, 0xD1, 0x04, 0x55, 0x88, 0x10, 0x76, 0x45,
+        0xEA, 0x7D, 0xE6, 0x87, 0x0F, 0xC0, 0xE5, 0x5E,
+        0x15, 0x40, 0x97, 0x43, 0x01, 0xC4, 0x2E, 0xC1,
+        0x41, 0x05, 0x51, 0x86, 0x80, 0xF6, 0x88, 0xAB,
+        0xE4, 0xCE, 0x45, 0x37, 0x38, 0xFE, 0x47, 0x1B,
+        0x87, 0xFC, 0x31, 0xF5, 0xC6, 0x8A, 0x39, 0xE6,
+        0x8A, 0xF5, 0x1B, 0x02, 0x40, 0xB9, 0x0E, 0x03,
+        0x64, 0xB0, 0x4B, 0xAC, 0x43, 0xD6, 0xFB, 0x68,
+        0xAB, 0x65, 0xAE, 0x02, 0x8B, 0x62, 0xBD, 0x68,
+        0x3B, 0x7D, 0x28, 0xAD, 0x38, 0x80, 0x6B, 0xEE,
+        0x72, 0x5B, 0x5B, 0x24, 0x16, 0xA8, 0xD7, 0x9C,
+        0x16, 0xEC, 0x2A, 0x99, 0xEA, 0x4A, 0x8D, 0x92,
+        0xA2, 0xF5, 0x05, 0x2E, 0x67, 0xF9, 0x73, 0x52,
+        0x28, 0x97, 0x61, 0xC5, 0xC3, 0x9F, 0xC5, 0xC7,
+        0x42, 0xE9, 0xC0, 0xA7, 0x40, 0xCA, 0x59, 0xFC,
+        0x01, 0x82, 0xF7, 0x09, 0xD0, 0x1B, 0x51, 0x87,
+        0xF0, 0x00, 0x63, 0xDA, 0xAB, 0x39, 0x75, 0x96,
+        0xEE, 0xA4, 0xA3, 0x1B, 0xDB, 0xCB, 0xD4, 0xC1,
+        0xBB, 0x0C, 0x55, 0xBE, 0x7C, 0x68, 0x50, 0xFD,
+        0xA9, 0x32, 0x6B, 0x35, 0x3E, 0x28, 0x8C, 0x50,
+        0x13, 0x22, 0x6C, 0x3C, 0x39, 0x23, 0xA7, 0x91,
+        0x60, 0x9E, 0x80, 0x02, 0xE7, 0x3A, 0x5F, 0x7B,
+        0x6B, 0xB4, 0xA8, 0x77, 0xB1, 0xFD, 0xF5, 0x3B,
+        0xB2, 0xBA, 0xB3, 0xDD, 0x42, 0x4D, 0x31, 0xBB,
+        0xB4, 0x48, 0xE6, 0x09, 0xA6, 0x6B, 0x0E, 0x34,
+        0x3C, 0x28, 0x6E, 0x87, 0x60, 0x31, 0x2B, 0x6D,
+        0x37, 0xAA, 0x52, 0x01, 0xD2, 0x1F, 0x53, 0x50,
+        0x3D, 0x88, 0x38, 0x9A, 0xDC, 0xA2, 0x1C, 0x70,
+        0xFB, 0x6C, 0x0F, 0xC9, 0xC6, 0x9D, 0x66, 0x16,
+        0xC9, 0xEA, 0x37, 0x80, 0xE3, 0x55, 0x65, 0xC0,
+        0xC9, 0x7C, 0x15, 0x17, 0x9C, 0x95, 0x34, 0x3E,
+        0xCC, 0x5E, 0x1C, 0x2A, 0x24, 0xDE, 0x46, 0x99,
+        0xF6, 0x87, 0x5E, 0xA2, 0xFA, 0x2D, 0xD3, 0xE3,
+        0x57, 0xBC, 0x43, 0x91, 0x47, 0x95, 0x20, 0x7E,
+        0x02, 0x6B, 0x85, 0x0A, 0x22, 0x37, 0x95, 0x0C,
+        0x10, 0x8A, 0x51, 0x2F, 0xC8, 0x8C, 0x22, 0x48,
+        0x81, 0x12, 0x60, 0x70, 0x88, 0x18, 0x5F, 0xB0,
+        0xE0, 0x9C, 0x2C, 0x41, 0x97, 0xA8, 0x36, 0x87,
+        0x26, 0x6B, 0xAB, 0x2E, 0x58, 0x3E, 0x21, 0xC4,
+        0x0F, 0x4C, 0xC0, 0x08, 0xFE, 0x65, 0x28, 0x04,
+        0xD8, 0x22, 0x3F, 0x15, 0x20, 0xA9, 0x0B, 0x0D,
+        0x53, 0x85, 0xC7, 0x55, 0x3C, 0xC7, 0x67, 0xC5,
+        0x8D, 0x12, 0x0C, 0xCD, 0x3E, 0xF5, 0xB5, 0xD1,
+        0xA6, 0xCD, 0x7B, 0xC0, 0x0D, 0xFF, 0x13, 0x21,
+        0xB2, 0xF2, 0xC4, 0x32, 0xB6, 0x4E, 0xFB, 0x8A,
+        0x3F, 0x5D, 0x00, 0x64, 0xB3, 0xF3, 0x42, 0x93,
+        0x02, 0x6C, 0x85, 0x1C, 0x2D, 0xED, 0x68, 0xB9,
+        0xDF, 0xF4, 0xA2, 0x8F, 0x6A, 0x8D, 0x22, 0x55,
+        0x35, 0xE0, 0x47, 0x70, 0x84, 0x43, 0x0C, 0xFF,
+        0xDA, 0x0A, 0xC0, 0x55, 0x2F, 0x9A, 0x21, 0x27,
+        0x85, 0xB7, 0x49, 0x91, 0x3A, 0x06, 0xFA, 0x22,
+        0x74, 0xC0, 0xD1, 0x5B, 0xAD, 0x32, 0x54, 0x58,
+        0xD3, 0x23, 0xEF, 0x6B, 0xAE, 0x13, 0xC0, 0x01,
+        0x0D, 0x52, 0x5C, 0x1D, 0x52, 0x69, 0x97, 0x3A,
+        0xC2, 0x9B, 0xDA, 0x7C, 0x98, 0x37, 0x46, 0x91,
+        0x8B, 0xA0, 0xE0, 0x02, 0x58, 0x8E, 0x30, 0x37,
+        0x5D, 0x78, 0x32, 0x9E, 0x6B, 0x8B, 0xA8, 0xC4,
+        0x46, 0x2A, 0x69, 0x2F, 0xB6, 0x08, 0x38, 0x42,
+        0xB8, 0xC8, 0xC9, 0x2C, 0x60, 0xF2, 0x52, 0x72,
+        0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
+        0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
+        0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
+        0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73,
+        0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64,
+        0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1,
+        0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34,
+        0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44,
+        0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86,
+        0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C,
+        0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C,
+        0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71,
+        0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98,
+        0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E,
+        0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E,
+        0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3,
+        0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93,
+        0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22,
+        0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18,
+        0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E,
+        0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A,
+        0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98,
+        0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B,
+        0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20,
+        0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60,
+        0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58,
+        0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B,
+        0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87,
+        0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B,
+        0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73,
+        0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09,
+        0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7,
+        0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83,
+        0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A,
+        0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9,
+        0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89,
+        0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A,
+        0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2,
+        0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33,
+        0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70,
+        0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6,
+        0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A,
+        0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3,
+        0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44,
+        0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C,
+        0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56,
+        0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43,
+        0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02,
+        0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5,
+        0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B,
+        0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D,
+        0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB,
+        0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73,
+        0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1,
+        0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85,
+        0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B,
+        0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66,
+        0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48,
+        0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02,
+        0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A,
+        0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B,
+        0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A,
+        0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22,
+        0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30,
+        0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98,
+        0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44,
+        0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC,
+        0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC,
+        0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA,
+        0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22,
+        0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69,
+        0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B,
+        0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6,
+        0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B,
+        0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E,
+        0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78,
+        0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3,
+        0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68,
+        0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9,
+        0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38,
+        0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8,
+        0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C,
+        0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0,
+        0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62,
+        0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0,
+        0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79,
+        0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F,
+        0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7,
+        0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A,
+        0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89,
+        0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81,
+        0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80,
+        0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C,
+        0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C,
+        0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3,
+        0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90,
+        0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76,
+        0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2,
+        0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1,
+        0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6,
+        0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48,
+        0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20,
+        0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1,
+        0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6,
+        0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46,
+        0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7,
+        0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7,
+        0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8,
+        0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4,
+        0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C,
+        0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B,
+        0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73,
+        0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C,
+        0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4,
+        0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8,
+        0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30,
+        0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33,
+        0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00,
+        0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C,
+        0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B,
+        0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6,
+        0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21,
+        0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE,
+        0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB,
+        0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48,
+        0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7,
+        0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA,
+        0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95,
+        0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44,
+        0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6,
+        0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF,
+        0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81,
+        0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28,
+        0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A,
+        0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55,
+        0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51,
+        0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7,
+        0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE,
+        0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42,
+        0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43,
+        0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94,
+        0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72,
+        0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4,
+        0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F,
+        0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA,
+        0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68,
+        0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
+        0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68,
+        0xE2, 0x90, 0x20, 0x83, 0x9D, 0x05, 0x2F, 0xA3,
+        0x72, 0x58, 0x56, 0x27, 0xF8, 0xB5, 0x9E, 0xE3,
+        0x12, 0xAE, 0x41, 0x4C, 0x97, 0x9D, 0x82, 0x5F,
+        0x06, 0xA6, 0x92, 0x9A, 0x79, 0x62, 0x57, 0x18,
+        0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A,
+        0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E,
+        0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
+        0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte seed_1024[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
+        /* d */
+        0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E,
+        0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE,
+        0xAA, 0x52, 0x89, 0x7E, 0x7E, 0xC6, 0xC4, 0x0B,
+        0x53, 0x0B, 0xC7, 0x60, 0xAB, 0x77, 0xDC, 0xE3,
+        /* z */
+        0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E,
+        0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33,
+        0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
+        0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
+    };
+    static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = {
+        0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
+        0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
+        0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
+        0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC,
+        0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9,
+        0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11,
+        0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7,
+        0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68,
+        0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18,
+        0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19,
+        0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41,
+        0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6,
+        0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA,
+        0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D,
+        0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23,
+        0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30,
+        0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72,
+        0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40,
+        0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68,
+        0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF,
+        0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5,
+        0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4,
+        0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6,
+        0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B,
+        0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5,
+        0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97,
+        0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23,
+        0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57,
+        0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0,
+        0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B,
+        0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B,
+        0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E,
+        0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16,
+        0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31,
+        0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE,
+        0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1,
+        0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89,
+        0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7,
+        0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67,
+        0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC,
+        0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82,
+        0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D,
+        0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33,
+        0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8,
+        0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6,
+        0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2,
+        0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB,
+        0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37,
+        0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8,
+        0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32,
+        0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0,
+        0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6,
+        0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05,
+        0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC,
+        0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52,
+        0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE,
+        0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79,
+        0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6,
+        0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE,
+        0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36,
+        0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36,
+        0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C,
+        0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88,
+        0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8,
+        0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F,
+        0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75,
+        0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8,
+        0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30,
+        0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F,
+        0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24,
+        0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92,
+        0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54,
+        0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0,
+        0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21,
+        0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47,
+        0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94,
+        0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90,
+        0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF,
+        0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26,
+        0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED,
+        0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B,
+        0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A,
+        0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87,
+        0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D,
+        0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82,
+        0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98,
+        0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6,
+        0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8,
+        0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D,
+        0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8,
+        0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7,
+        0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B,
+        0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79,
+        0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07,
+        0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC,
+        0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D,
+        0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8,
+        0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72,
+        0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0,
+        0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48,
+        0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4,
+        0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17,
+        0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2,
+        0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B,
+        0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF,
+        0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26,
+        0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63,
+        0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B,
+        0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07,
+        0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71,
+        0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8,
+        0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43,
+        0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D,
+        0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07,
+        0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01,
+        0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D,
+        0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC,
+        0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87,
+        0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE,
+        0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B,
+        0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35,
+        0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C,
+        0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7,
+        0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8,
+        0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8,
+        0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14,
+        0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90,
+        0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB,
+        0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E,
+        0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC,
+        0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82,
+        0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F,
+        0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49,
+        0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5,
+        0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29,
+        0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61,
+        0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9,
+        0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87,
+        0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28,
+        0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB,
+        0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16,
+        0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63,
+        0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8,
+        0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C,
+        0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90,
+        0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65,
+        0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99,
+        0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6,
+        0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97,
+        0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D,
+        0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67,
+        0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48,
+        0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F,
+        0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC,
+        0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC,
+        0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06,
+        0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB,
+        0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9,
+        0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0,
+        0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60,
+        0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02,
+        0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F,
+        0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78,
+        0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30,
+        0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73,
+        0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69,
+        0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65,
+        0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38,
+        0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A,
+        0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10,
+        0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E,
+        0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0,
+        0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2,
+        0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D,
+        0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69,
+        0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02,
+        0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57,
+        0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29,
+        0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70,
+        0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98,
+        0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9,
+        0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF,
+        0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3,
+        0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2,
+        0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2,
+        0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8,
+        0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72,
+        0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8,
+        0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA,
+        0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23,
+        0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E,
+        0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57,
+        0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41,
+        0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C,
+        0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
+        0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21
+    };
+    static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = {
+        0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05,
+        0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07,
+        0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02,
+        0x0F, 0xF1, 0x2F, 0x63, 0x18, 0x91, 0xA9, 0xC4,
+        0x68, 0xD3, 0xA6, 0x7B, 0xF6, 0x27, 0x12, 0x80,
+        0xDA, 0x58, 0xD0, 0x3C, 0xB0, 0x42, 0xB3, 0xA4,
+        0x61, 0x44, 0x16, 0x37, 0xF9, 0x29, 0xC2, 0x73,
+        0x46, 0x9A, 0xD1, 0x53, 0x11, 0xE9, 0x10, 0xDE,
+        0x18, 0xCB, 0x95, 0x37, 0xBA, 0x1B, 0xE4, 0x2E,
+        0x98, 0xBB, 0x59, 0xE4, 0x98, 0xA1, 0x3F, 0xD4,
+        0x40, 0xD0, 0xE6, 0x9E, 0xE8, 0x32, 0xB4, 0x5C,
+        0xD9, 0x5C, 0x38, 0x21, 0x77, 0xD6, 0x70, 0x96,
+        0xA1, 0x8C, 0x07, 0xF1, 0x78, 0x16, 0x63, 0x65,
+        0x1B, 0xDC, 0xAC, 0x90, 0xDE, 0xDA, 0x3D, 0xDD,
+        0x14, 0x34, 0x85, 0x86, 0x41, 0x81, 0xC9, 0x1F,
+        0xA2, 0x08, 0x0F, 0x6D, 0xAB, 0x3F, 0x86, 0x20,
+        0x4C, 0xEB, 0x64, 0xA7, 0xB4, 0x44, 0x68, 0x95,
+        0xC0, 0x39, 0x87, 0xA0, 0x31, 0xCB, 0x4B, 0x6D,
+        0x9E, 0x04, 0x62, 0xFD, 0xA8, 0x29, 0x17, 0x2B,
+        0x6C, 0x01, 0x2C, 0x63, 0x8B, 0x29, 0xB5, 0xCD,
+        0x75, 0xA2, 0xC9, 0x30, 0xA5, 0x59, 0x6A, 0x31,
+        0x81, 0xC3, 0x3A, 0x22, 0xD5, 0x74, 0xD3, 0x02,
+        0x61, 0x19, 0x6B, 0xC3, 0x50, 0x73, 0x8D, 0x4F,
+        0xD9, 0x18, 0x3A, 0x76, 0x33, 0x36, 0x24, 0x3A,
+        0xCE, 0xD9, 0x9B, 0x32, 0x21, 0xC7, 0x1D, 0x88,
+        0x66, 0x89, 0x5C, 0x4E, 0x52, 0xC1, 0x19, 0xBF,
+        0x32, 0x80, 0xDA, 0xF8, 0x0A, 0x95, 0xE1, 0x52,
+        0x09, 0xA7, 0x95, 0xC4, 0x43, 0x5F, 0xBB, 0x35,
+        0x70, 0xFD, 0xB8, 0xAA, 0x9B, 0xF9, 0xAE, 0xFD,
+        0x43, 0xB0, 0x94, 0xB7, 0x81, 0xD5, 0xA8, 0x11,
+        0x36, 0xDA, 0xB8, 0x8B, 0x87, 0x99, 0x69, 0x65,
+        0x56, 0xFE, 0xC6, 0xAE, 0x14, 0xB0, 0xBB, 0x8B,
+        0xE4, 0x69, 0x5E, 0x9A, 0x12, 0x4C, 0x2A, 0xB8,
+        0xFF, 0x4A, 0xB1, 0x22, 0x9B, 0x8A, 0xAA, 0x8C,
+        0x6F, 0x41, 0xA6, 0x0C, 0x34, 0xC7, 0xB5, 0x61,
+        0x82, 0xC5, 0x5C, 0x2C, 0x68, 0x5E, 0x73, 0x7C,
+        0x6C, 0xA0, 0x0A, 0x23, 0xFB, 0x8A, 0x68, 0xC1,
+        0xCD, 0x61, 0xF3, 0x0D, 0x39, 0x93, 0xA1, 0x65,
+        0x3C, 0x16, 0x75, 0xAC, 0x5F, 0x09, 0x01, 0xA7,
+        0x16, 0x0A, 0x73, 0x96, 0x64, 0x08, 0xB8, 0x87,
+        0x6B, 0x71, 0x53, 0x96, 0xCF, 0xA4, 0x90, 0x3F,
+        0xC6, 0x9D, 0x60, 0x49, 0x1F, 0x81, 0x46, 0x80,
+        0x8C, 0x97, 0xCD, 0x5C, 0x53, 0x3E, 0x71, 0x01,
+        0x79, 0x09, 0xE9, 0x7B, 0x83, 0x5B, 0x86, 0xFF,
+        0x84, 0x7B, 0x42, 0xA6, 0x96, 0x37, 0x54, 0x35,
+        0xE0, 0x06, 0x06, 0x1C, 0xF7, 0xA4, 0x79, 0x46,
+        0x32, 0x72, 0x11, 0x4A, 0x89, 0xEB, 0x3E, 0xAF,
+        0x22, 0x46, 0xF0, 0xF8, 0xC1, 0x04, 0xA1, 0x49,
+        0x86, 0x82, 0x8E, 0x0A, 0xD2, 0x04, 0x20, 0xC9,
+        0xB3, 0x7E, 0xA2, 0x3F, 0x5C, 0x51, 0x49, 0x49,
+        0xE7, 0x7A, 0xD9, 0xE9, 0xAD, 0x12, 0x29, 0x0D,
+        0xD1, 0x21, 0x5E, 0x11, 0xDA, 0x27, 0x44, 0x57,
+        0xAC, 0x86, 0xB1, 0xCE, 0x68, 0x64, 0xB1, 0x22,
+        0x67, 0x7F, 0x37, 0x18, 0xAA, 0x31, 0xB0, 0x25,
+        0x80, 0xE6, 0x43, 0x17, 0x17, 0x8D, 0x38, 0xF2,
+        0x5F, 0x60, 0x9B, 0xC6, 0xC5, 0x5B, 0xC3, 0x74,
+        0xA1, 0xBF, 0x78, 0xEA, 0x8E, 0xCC, 0x21, 0x9B,
+        0x30, 0xB7, 0x4C, 0xBB, 0x32, 0x72, 0xA5, 0x99,
+        0x23, 0x8C, 0x93, 0x98, 0x51, 0x70, 0x04, 0x8F,
+        0x17, 0x67, 0x75, 0xFB, 0x19, 0x96, 0x2A, 0xC3,
+        0xB1, 0x35, 0xAA, 0x59, 0xDB, 0x10, 0x4F, 0x71,
+        0x14, 0xDB, 0xC2, 0xC2, 0xD4, 0x29, 0x49, 0xAD,
+        0xEC, 0xA6, 0xA8, 0x5B, 0x32, 0x3E, 0xE2, 0xB2,
+        0xB2, 0x3A, 0x77, 0xD9, 0xDB, 0x23, 0x59, 0x79,
+        0xA8, 0xE2, 0xD6, 0x7C, 0xF7, 0xD2, 0x13, 0x6B,
+        0xBB, 0xA7, 0x1F, 0x26, 0x95, 0x74, 0xB3, 0x88,
+        0x88, 0xE1, 0x54, 0x13, 0x40, 0xC1, 0x92, 0x84,
+        0x07, 0x4F, 0x9B, 0x7C, 0x8C, 0xF3, 0x7E, 0xB0,
+        0x13, 0x84, 0xE6, 0xE3, 0x82, 0x2E, 0xC4, 0x88,
+        0x2D, 0xFB, 0xBE, 0xC4, 0xE6, 0x09, 0x8E, 0xF2,
+        0xB2, 0xFC, 0x17, 0x7A, 0x1F, 0x0B, 0xCB, 0x65,
+        0xA5, 0x7F, 0xDA, 0xA8, 0x93, 0x15, 0x46, 0x1B,
+        0xEB, 0x78, 0x85, 0xFB, 0x68, 0xB3, 0xCD, 0x09,
+        0x6E, 0xDA, 0x59, 0x6A, 0xC0, 0xE6, 0x1D, 0xD7,
+        0xA9, 0xC5, 0x07, 0xBC, 0x63, 0x45, 0xE0, 0x82,
+        0x7D, 0xFC, 0xC8, 0xA3, 0xAC, 0x2D, 0xCE, 0x51,
+        0xAD, 0x73, 0x1A, 0xA0, 0xEB, 0x93, 0x2A, 0x6D,
+        0x09, 0x83, 0x99, 0x23, 0x47, 0xCB, 0xEB, 0x3C,
+        0xD0, 0xD9, 0xC9, 0x71, 0x97, 0x97, 0xCC, 0x21,
+        0xCF, 0x00, 0x62, 0xB0, 0xAD, 0x94, 0xCA, 0xD7,
+        0x34, 0xC6, 0x3E, 0x6B, 0x5D, 0x85, 0x9C, 0xBE,
+        0x19, 0xF0, 0x36, 0x82, 0x45, 0x35, 0x1B, 0xF4,
+        0x64, 0xD7, 0x50, 0x55, 0x69, 0x79, 0x0D, 0x2B,
+        0xB7, 0x24, 0xD8, 0x65, 0x9A, 0x9F, 0xEB, 0x1C,
+        0x7C, 0x47, 0x3D, 0xC4, 0xD0, 0x61, 0xE2, 0x98,
+        0x63, 0xA2, 0x71, 0x4B, 0xAC, 0x42, 0xAD, 0xCD,
+        0x1A, 0x83, 0x72, 0x77, 0x65, 0x56, 0xF7, 0x92,
+        0x8A, 0x7A, 0x44, 0xE9, 0x4B, 0x6A, 0x25, 0x32,
+        0x2D, 0x03, 0xC0, 0xA1, 0x62, 0x2A, 0x7F, 0xD2,
+        0x61, 0x52, 0x2B, 0x73, 0x58, 0xF0, 0x85, 0xBD,
+        0xFB, 0x60, 0x75, 0x87, 0x62, 0xCB, 0x90, 0x10,
+        0x31, 0x90, 0x1B, 0x5E, 0xEC, 0xF4, 0x92, 0x0C,
+        0x81, 0x02, 0x0A, 0x9B, 0x17, 0x81, 0xBC, 0xB9,
+        0xDD, 0x19, 0xA9, 0xDF, 0xB6, 0x64, 0x58, 0xE7,
+        0x75, 0x7C, 0x52, 0xCE, 0xC7, 0x5B, 0x4B, 0xA7,
+        0x40, 0xA2, 0x40, 0x99, 0xCB, 0x56, 0xBB, 0x60,
+        0xA7, 0x6B, 0x69, 0x01, 0xAA, 0x3E, 0x01, 0x69,
+        0xC9, 0xE8, 0x34, 0x96, 0xD7, 0x3C, 0x4C, 0x99,
+        0x43, 0x5A, 0x28, 0xD6, 0x13, 0xE9, 0x7A, 0x11,
+        0x77, 0xF5, 0x8B, 0x6C, 0xC5, 0x95, 0xD3, 0xB2,
+        0x33, 0x1E, 0x9C, 0xA7, 0xB5, 0x7B, 0x74, 0xDC,
+        0x2C, 0x52, 0x77, 0xD2, 0x6F, 0x2F, 0xE1, 0x92,
+        0x40, 0xA5, 0x5C, 0x35, 0xD6, 0xCF, 0xCA, 0x26,
+        0xC7, 0x3E, 0x9A, 0x2D, 0x7C, 0x98, 0x0D, 0x97,
+        0x96, 0x0A, 0xE1, 0xA0, 0x46, 0x98, 0xC1, 0x6B,
+        0x39, 0x8A, 0x5F, 0x20, 0xC3, 0x5A, 0x09, 0x14,
+        0x14, 0x5C, 0xE1, 0x67, 0x4B, 0x71, 0xAB, 0xC6,
+        0x06, 0x6A, 0x90, 0x9A, 0x3E, 0x4B, 0x91, 0x1E,
+        0x69, 0xD5, 0xA8, 0x49, 0x43, 0x03, 0x61, 0xF7,
+        0x31, 0xB0, 0x72, 0x46, 0xA6, 0x32, 0x9B, 0x52,
+        0x36, 0x19, 0x04, 0x22, 0x50, 0x82, 0xD0, 0xAA,
+        0xC5, 0xB2, 0x1D, 0x6B, 0x34, 0x86, 0x24, 0x81,
+        0xA8, 0x90, 0xC3, 0xC3, 0x60, 0x76, 0x6F, 0x04,
+        0x26, 0x36, 0x03, 0xA6, 0xB7, 0x3E, 0x80, 0x2B,
+        0x1F, 0x70, 0xB2, 0xEB, 0x00, 0x04, 0x68, 0x36,
+        0xB8, 0xF4, 0x93, 0xBF, 0x10, 0xB9, 0x0B, 0x87,
+        0x37, 0xC6, 0xC5, 0x48, 0x44, 0x9B, 0x29, 0x4C,
+        0x47, 0x25, 0x3B, 0xE2, 0x6C, 0xA7, 0x23, 0x36,
+        0xA6, 0x32, 0x06, 0x3A, 0xD3, 0xD0, 0xB4, 0x8C,
+        0x8B, 0x0F, 0x4A, 0x34, 0x44, 0x7E, 0xF1, 0x3B,
+        0x76, 0x40, 0x20, 0xDE, 0x73, 0x9E, 0xB7, 0x9A,
+        0xBA, 0x20, 0xE2, 0xBE, 0x19, 0x51, 0x82, 0x5F,
+        0x29, 0x3B, 0xED, 0xD1, 0x08, 0x9F, 0xCB, 0x0A,
+        0x91, 0xF5, 0x60, 0xC8, 0xE1, 0x7C, 0xDF, 0x52,
+        0x54, 0x1D, 0xC2, 0xB8, 0x1F, 0x97, 0x2A, 0x73,
+        0x75, 0xB2, 0x01, 0xF1, 0x0C, 0x08, 0xD9, 0xB5,
+        0xBC, 0x8B, 0x95, 0x10, 0x00, 0x54, 0xA3, 0xD0,
+        0xAA, 0xFF, 0x89, 0xBD, 0x08, 0xD6, 0xA0, 0xE7,
+        0xF2, 0x11, 0x5A, 0x43, 0x52, 0x31, 0x29, 0x04,
+        0x60, 0xC9, 0xAD, 0x43, 0x5A, 0x3B, 0x3C, 0xF3,
+        0x5E, 0x52, 0x09, 0x1E, 0xDD, 0x18, 0x90, 0x04,
+        0x7B, 0xCC, 0x0A, 0xAB, 0xB1, 0xAC, 0xEB, 0xC7,
+        0x5F, 0x4A, 0x32, 0xBC, 0x14, 0x51, 0xAC, 0xC4,
+        0x96, 0x99, 0x40, 0x78, 0x8E, 0x89, 0x41, 0x21,
+        0x88, 0x94, 0x6C, 0x91, 0x43, 0xC5, 0x04, 0x6B,
+        0xD1, 0xB4, 0x58, 0xDF, 0x61, 0x7C, 0x5D, 0xF5,
+        0x33, 0xB0, 0x52, 0xCD, 0x60, 0x38, 0xB7, 0x75,
+        0x40, 0x34, 0xA2, 0x3C, 0x2F, 0x77, 0x20, 0x13,
+        0x4C, 0x7B, 0x4E, 0xAC, 0xE0, 0x1F, 0xAC, 0x0A,
+        0x28, 0x53, 0xA9, 0x28, 0x58, 0x47, 0xAB, 0xBD,
+        0x06, 0xA3, 0x34, 0x3A, 0x77, 0x8A, 0xC6, 0x06,
+        0x2E, 0x45, 0x8B, 0xC5, 0xE6, 0x1E, 0xCE, 0x1C,
+        0x0D, 0xE0, 0x20, 0x6E, 0x6F, 0xE8, 0xA8, 0x40,
+        0x34, 0xA7, 0xC5, 0xF1, 0xB0, 0x05, 0xFB, 0x0A,
+        0x58, 0x40, 0x51, 0xD3, 0x22, 0x9B, 0x86, 0xC9,
+        0x09, 0xAC, 0x56, 0x47, 0xB3, 0xD7, 0x55, 0x69,
+        0xE0, 0x5A, 0x88, 0x27, 0x9D, 0x80, 0xE5, 0xC3,
+        0x0F, 0x57, 0x4D, 0xC3, 0x27, 0x51, 0x2C, 0x6B,
+        0xBE, 0x81, 0x01, 0x23, 0x9E, 0xC6, 0x28, 0x61,
+        0xF4, 0xBE, 0x67, 0xB0, 0x5B, 0x9C, 0xDA, 0x9C,
+        0x54, 0x5C, 0x13, 0xE7, 0xEB, 0x53, 0xCF, 0xF2,
+        0x60, 0xAD, 0x98, 0x70, 0x19, 0x9C, 0x21, 0xF8,
+        0xC6, 0x3D, 0x64, 0xF0, 0x45, 0x8A, 0x71, 0x41,
+        0x28, 0x50, 0x23, 0xFE, 0xB8, 0x29, 0x29, 0x08,
+        0x72, 0x38, 0x96, 0x44, 0xB0, 0xC3, 0xB7, 0x3A,
+        0xC2, 0xC8, 0xE1, 0x21, 0xA2, 0x9B, 0xB1, 0xC4,
+        0x3C, 0x19, 0xA2, 0x33, 0xD5, 0x6B, 0xED, 0x82,
+        0x74, 0x0E, 0xB0, 0x21, 0xC9, 0x7B, 0x8E, 0xBB,
+        0xA4, 0x0F, 0xF3, 0x28, 0xB5, 0x41, 0x76, 0x0F,
+        0xCC, 0x37, 0x2B, 0x52, 0xD3, 0xBC, 0x4F, 0xCB,
+        0xC0, 0x6F, 0x42, 0x4E, 0xAF, 0x25, 0x38, 0x04,
+        0xD4, 0xCB, 0x46, 0xF4, 0x1F, 0xF2, 0x54, 0xC0,
+        0xC5, 0xBA, 0x48, 0x3B, 0x44, 0xA8, 0x7C, 0x21,
+        0x96, 0x54, 0x55, 0x5E, 0xC7, 0xC1, 0x63, 0xC7,
+        0x9B, 0x9C, 0xB7, 0x60, 0xA2, 0xAD, 0x9B, 0xB7,
+        0x22, 0xB9, 0x3E, 0x0C, 0x28, 0xBD, 0x4B, 0x16,
+        0x85, 0x94, 0x9C, 0x49, 0x6E, 0xAB, 0x1A, 0xFF,
+        0x90, 0x91, 0x9E, 0x37, 0x61, 0xB3, 0x46, 0x83,
+        0x8A, 0xBB, 0x2F, 0x01, 0xA9, 0x1E, 0x55, 0x43,
+        0x75, 0xAF, 0xDA, 0xAA, 0xF3, 0x82, 0x6E, 0x6D,
+        0xB7, 0x9F, 0xE7, 0x35, 0x3A, 0x7A, 0x57, 0x8A,
+        0x7C, 0x05, 0x98, 0xCE, 0x28, 0xB6, 0xD9, 0x91,
+        0x52, 0x14, 0x23, 0x6B, 0xBF, 0xFA, 0x6D, 0x45,
+        0xB6, 0x37, 0x6A, 0x07, 0x92, 0x4A, 0x39, 0xA7,
+        0xBE, 0x81, 0x82, 0x86, 0x71, 0x5C, 0x8A, 0x3C,
+        0x11, 0x0C, 0xD7, 0x6C, 0x02, 0xE0, 0x41, 0x7A,
+        0xF1, 0x38, 0xBD, 0xB9, 0x5C, 0x3C, 0xCA, 0x79,
+        0x8A, 0xC8, 0x09, 0xED, 0x69, 0xCF, 0xB6, 0x72,
+        0xB6, 0xFD, 0xDC, 0x24, 0xD8, 0x9C, 0x06, 0xA6,
+        0x55, 0x88, 0x14, 0xAB, 0x0C, 0x21, 0xC6, 0x2B,
+        0x2F, 0x84, 0xC0, 0xE3, 0xE0, 0x80, 0x3D, 0xB3,
+        0x37, 0xA4, 0xE0, 0xC7, 0x12, 0x7A, 0x6B, 0x4C,
+        0x8C, 0x08, 0xB1, 0xD1, 0xA7, 0x6B, 0xF0, 0x7E,
+        0xB6, 0xE5, 0xB5, 0xBB, 0x47, 0xA1, 0x6C, 0x74,
+        0xBC, 0x54, 0x83, 0x75, 0xFB, 0x29, 0xCD, 0x78,
+        0x9A, 0x5C, 0xFF, 0x91, 0xBD, 0xBD, 0x07, 0x18,
+        0x59, 0xF4, 0x84, 0x6E, 0x35, 0x5B, 0xB0, 0xD2,
+        0x94, 0x84, 0xE2, 0x64, 0xDF, 0xF3, 0x6C, 0x91,
+        0x77, 0xA7, 0xAC, 0xA7, 0x89, 0x08, 0x87, 0x96,
+        0x95, 0xCA, 0x87, 0xF2, 0x54, 0x36, 0xBC, 0x12,
+        0x63, 0x07, 0x24, 0xBB, 0x22, 0xF0, 0xCB, 0x64,
+        0x89, 0x7F, 0xE5, 0xC4, 0x11, 0x95, 0x28, 0x0D,
+        0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
+        0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
+        0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
+        0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC,
+        0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9,
+        0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11,
+        0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7,
+        0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68,
+        0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18,
+        0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19,
+        0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41,
+        0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6,
+        0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA,
+        0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D,
+        0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23,
+        0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30,
+        0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72,
+        0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40,
+        0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68,
+        0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF,
+        0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5,
+        0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4,
+        0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6,
+        0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B,
+        0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5,
+        0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97,
+        0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23,
+        0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57,
+        0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0,
+        0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B,
+        0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B,
+        0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E,
+        0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16,
+        0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31,
+        0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE,
+        0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1,
+        0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89,
+        0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7,
+        0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67,
+        0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC,
+        0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82,
+        0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D,
+        0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33,
+        0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8,
+        0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6,
+        0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2,
+        0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB,
+        0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37,
+        0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8,
+        0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32,
+        0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0,
+        0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6,
+        0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05,
+        0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC,
+        0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52,
+        0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE,
+        0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79,
+        0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6,
+        0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE,
+        0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36,
+        0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36,
+        0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C,
+        0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88,
+        0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8,
+        0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F,
+        0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75,
+        0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8,
+        0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30,
+        0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F,
+        0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24,
+        0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92,
+        0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54,
+        0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0,
+        0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21,
+        0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47,
+        0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94,
+        0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90,
+        0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF,
+        0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26,
+        0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED,
+        0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B,
+        0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A,
+        0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87,
+        0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D,
+        0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82,
+        0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98,
+        0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6,
+        0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8,
+        0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D,
+        0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8,
+        0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7,
+        0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B,
+        0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79,
+        0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07,
+        0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC,
+        0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D,
+        0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8,
+        0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72,
+        0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0,
+        0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48,
+        0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4,
+        0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17,
+        0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2,
+        0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B,
+        0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF,
+        0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26,
+        0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63,
+        0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B,
+        0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07,
+        0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71,
+        0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8,
+        0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43,
+        0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D,
+        0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07,
+        0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01,
+        0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D,
+        0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC,
+        0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87,
+        0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE,
+        0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B,
+        0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35,
+        0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C,
+        0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7,
+        0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8,
+        0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8,
+        0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14,
+        0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90,
+        0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB,
+        0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E,
+        0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC,
+        0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82,
+        0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F,
+        0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49,
+        0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5,
+        0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29,
+        0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61,
+        0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9,
+        0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87,
+        0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28,
+        0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB,
+        0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16,
+        0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63,
+        0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8,
+        0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C,
+        0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90,
+        0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65,
+        0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99,
+        0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6,
+        0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97,
+        0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D,
+        0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67,
+        0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48,
+        0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F,
+        0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC,
+        0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC,
+        0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06,
+        0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB,
+        0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9,
+        0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0,
+        0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60,
+        0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02,
+        0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F,
+        0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78,
+        0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30,
+        0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73,
+        0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69,
+        0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65,
+        0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38,
+        0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A,
+        0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10,
+        0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E,
+        0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0,
+        0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2,
+        0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D,
+        0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69,
+        0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02,
+        0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57,
+        0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29,
+        0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70,
+        0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98,
+        0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9,
+        0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF,
+        0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3,
+        0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2,
+        0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2,
+        0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8,
+        0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72,
+        0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8,
+        0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA,
+        0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23,
+        0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E,
+        0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57,
+        0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41,
+        0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C,
+        0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
+        0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21,
+        0xD2, 0xE5, 0x74, 0xDF, 0xD8, 0xCD, 0x0A, 0xE8,
+        0x93, 0xAA, 0x7E, 0x12, 0x5B, 0x44, 0xB9, 0x24,
+        0xF4, 0x52, 0x23, 0xEC, 0x09, 0xF2, 0xAD, 0x11,
+        0x41, 0xEA, 0x93, 0xA6, 0x80, 0x50, 0xDB, 0xF6,
+        0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E,
+        0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33,
+        0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
+        0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
+    };
+#endif
+    static byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+    static byte privKey[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
+
+    key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(KyberKey));
+    }
+
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)),
+        0);
+    ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
+        WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_512, WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0);
+    wc_KyberKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)),
+        0);
+    ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
+        WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_768, WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0);
+    wc_KyberKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_1024,
+        sizeof(seed_1024)), 0);
+    ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
+        WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
+        WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_1024, WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0);
+    wc_KyberKey_Free(key);
+#endif
+
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_mlkem_encapsulate_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
+    !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
+    KyberKey* key;
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = {
+        0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17,
+        0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72,
+        0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44,
+        0x2B, 0x2A, 0xCE, 0x30, 0xC0, 0x23, 0x7B, 0x30,
+        0x7D, 0x3E, 0x76, 0xBF, 0x8E, 0xEB, 0x78, 0xAD,
+        0xDC, 0x4A, 0xAC, 0xD1, 0x64, 0x63, 0xD8, 0x60,
+        0x2F, 0xD5, 0x48, 0x7B, 0x63, 0xC8, 0x8B, 0xB6,
+        0x60, 0x27, 0xF3, 0x7D, 0x0D, 0x61, 0x4D, 0x6F,
+        0x9C, 0x24, 0x60, 0x3C, 0x42, 0x94, 0x76, 0x64,
+        0xAC, 0x43, 0x98, 0xC6, 0xC5, 0x23, 0x83, 0x46,
+        0x9B, 0x4F, 0x97, 0x77, 0xE5, 0xEC, 0x72, 0x06,
+        0x21, 0x0F, 0x3E, 0x5A, 0x79, 0x6B, 0xF4, 0x5C,
+        0x53, 0x26, 0x8E, 0x25, 0xF3, 0x9A, 0xC2, 0x61,
+        0xAF, 0x3B, 0xFA, 0x2E, 0xE7, 0x55, 0xBE, 0xB8,
+        0xB6, 0x7A, 0xB3, 0xAC, 0x8D, 0xF6, 0xC6, 0x29,
+        0xC1, 0x17, 0x6E, 0x9E, 0x3B, 0x96, 0x5E, 0x93,
+        0x69, 0xF9, 0xB3, 0xB9, 0x2A, 0xD7, 0xC2, 0x09,
+        0x55, 0x64, 0x1D, 0x99, 0x52, 0x6F, 0xE7, 0xB9,
+        0xFE, 0x8C, 0x85, 0x08, 0x20, 0x27, 0x5C, 0xD9,
+        0x64, 0x84, 0x92, 0x50, 0x09, 0x07, 0x33, 0xCE,
+        0x12, 0x4E, 0xCF, 0x31, 0x66, 0x24, 0x37, 0x4B,
+        0xD1, 0x8B, 0x7C, 0x35, 0x8C, 0x06, 0xE9, 0xC1,
+        0x36, 0xEE, 0x12, 0x59, 0xA9, 0x24, 0x5A, 0xBC,
+        0x55, 0xB9, 0x64, 0xD6, 0x89, 0xF5, 0xA0, 0x82,
+        0x92, 0xD2, 0x82, 0x65, 0x65, 0x8E, 0xBB, 0x40,
+        0xCB, 0xFE, 0x48, 0x8A, 0x22, 0x28, 0x27, 0x55,
+        0x90, 0xAB, 0x9F, 0x32, 0xA3, 0x41, 0x09, 0x70,
+        0x9C, 0x1C, 0x29, 0x1D, 0x4A, 0x23, 0x33, 0x72,
+        0x74, 0xC7, 0xA5, 0xA5, 0x99, 0x1C, 0x7A, 0x87,
+        0xB8, 0x1C, 0x97, 0x4A, 0xB1, 0x8C, 0xE7, 0x78,
+        0x59, 0xE4, 0x99, 0x5E, 0x7C, 0x14, 0xF0, 0x37,
+        0x17, 0x48, 0xB7, 0x71, 0x2F, 0xB5, 0x2C, 0x59,
+        0x66, 0xCD, 0x63, 0x06, 0x3C, 0x4F, 0x3B, 0x81,
+        0xB4, 0x7C, 0x45, 0xDD, 0xE8, 0x3F, 0xB3, 0xA2,
+        0x72, 0x40, 0x29, 0xB1, 0x0B, 0x32, 0x30, 0x21,
+        0x4C, 0x04, 0xFA, 0x05, 0x77, 0xFC, 0x29, 0xAC,
+        0x90, 0x86, 0xAE, 0x18, 0xC5, 0x3B, 0x3E, 0xD4,
+        0x4E, 0x50, 0x74, 0x12, 0xFC, 0xA0, 0x4B, 0x4F,
+        0x53, 0x8A, 0x51, 0x58, 0x8E, 0xC1, 0xF1, 0x02,
+        0x9D, 0x15, 0x2D, 0x9A, 0xE7, 0x73, 0x5F, 0x76,
+        0xA0, 0x77, 0xAA, 0x94, 0x84, 0x38, 0x0A, 0xED,
+        0x91, 0x89, 0xE5, 0x91, 0x24, 0x87, 0xFC, 0xC5,
+        0xB7, 0xC7, 0x01, 0x2D, 0x92, 0x23, 0xDD, 0x96,
+        0x7E, 0xEC, 0xDA, 0xC3, 0x00, 0x8A, 0x89, 0x31,
+        0xB6, 0x48, 0x24, 0x35, 0x37, 0xF5, 0x48, 0xC1,
+        0x71, 0x69, 0x8C, 0x5B, 0x38, 0x1D, 0x84, 0x6A,
+        0x72, 0xE5, 0xC9, 0x2D, 0x42, 0x26, 0xC5, 0xA8,
+        0x90, 0x98, 0x84, 0xF1, 0xC4, 0xA3, 0x40, 0x4C,
+        0x17, 0x20, 0xA5, 0x27, 0x94, 0x14, 0xD7, 0xF2,
+        0x7B, 0x2B, 0x98, 0x26, 0x52, 0xB6, 0x74, 0x02,
+        0x19, 0xC5, 0x6D, 0x21, 0x77, 0x80, 0xD7, 0xA5,
+        0xE5, 0xBA, 0x59, 0x83, 0x63, 0x49, 0xF7, 0x26,
+        0x88, 0x1D, 0xEA, 0x18, 0xEF, 0x75, 0xC0, 0x77,
+        0x2A, 0x8B, 0x92, 0x27, 0x66, 0x95, 0x37, 0x18,
+        0xCA, 0xCC, 0x14, 0xCC, 0xBA, 0xCB, 0x5F, 0xC4,
+        0x12, 0xA2, 0xD0, 0xBE, 0x52, 0x18, 0x17, 0x64,
+        0x5A, 0xB2, 0xBF, 0x6A, 0x47, 0x85, 0xE9, 0x2B,
+        0xC9, 0x4C, 0xAF, 0x47, 0x7A, 0x96, 0x78, 0x76,
+        0x79, 0x6C, 0x0A, 0x51, 0x90, 0x31, 0x5A, 0xC0,
+        0x88, 0x56, 0x71, 0xA4, 0xC7, 0x49, 0x56, 0x4C,
+        0x3B, 0x2C, 0x7A, 0xED, 0x90, 0x64, 0xEB, 0xA2,
+        0x99, 0xEF, 0x21, 0x4B, 0xA2, 0xF4, 0x04, 0x93,
+        0x66, 0x7C, 0x8B, 0xD0, 0x32, 0xAE, 0xC5, 0x62,
+        0x17, 0x11, 0xB4, 0x1A, 0x38, 0x52, 0xC5, 0xC2,
+        0xBA, 0xB4, 0xA3, 0x49, 0xCE, 0x4B, 0x7F, 0x08,
+        0x5A, 0x81, 0x2B, 0xBB, 0xC8, 0x20, 0xB8, 0x1B,
+        0xEF, 0xE6, 0x3A, 0x05, 0xB8, 0xBC, 0xDF, 0xE9,
+        0xC2, 0xA7, 0x0A, 0x8B, 0x1A, 0xCA, 0x9B, 0xF9,
+        0x81, 0x64, 0x81, 0x90, 0x7F, 0xF4, 0x43, 0x24,
+        0x61, 0x11, 0x12, 0x87, 0x30, 0x3F, 0x0B, 0xD8,
+        0x17, 0xC0, 0x57, 0x26, 0xBF, 0xA1, 0x8A, 0x2E,
+        0x24, 0xC7, 0x72, 0x49, 0x21, 0x02, 0x80, 0x32,
+        0xF6, 0x22, 0xBD, 0x96, 0x0A, 0x31, 0x7D, 0x83,
+        0xB3, 0x56, 0xB5, 0x7F, 0x4A, 0x80, 0x04, 0x49,
+        0x9C, 0xBC, 0x73, 0xC9, 0x7D, 0x1E, 0xB7, 0x74,
+        0x59, 0x72, 0x63, 0x1C, 0x05, 0x61, 0xC1, 0xA3,
+        0xAB, 0x6E, 0xF9, 0x1B, 0xD3, 0x63, 0x28, 0x0A,
+        0x10, 0x54, 0x5D, 0xA6, 0x93, 0xE6, 0xD5, 0x8A,
+        0xED, 0x68, 0x45, 0xE7, 0xCC, 0x5F, 0x0D, 0x08,
+        0xCA, 0x79, 0x05, 0x05, 0x2C, 0x77, 0x36, 0x6D,
+        0x19, 0x72, 0xCC, 0xFC, 0xC1, 0xA2, 0x76, 0x10,
+        0xCB, 0x54, 0x36, 0x65, 0xAA, 0x79, 0x8E, 0x20,
+        0x94, 0x01, 0x28, 0xB9, 0x56, 0x7A, 0x7E, 0xDB,
+        0x7A, 0x90, 0x04, 0x07, 0xC7, 0x0D, 0x35, 0x94,
+        0x38, 0x43, 0x5E, 0x13, 0x96, 0x16, 0x08, 0xD5,
+        0x52, 0xA9, 0x4C, 0x5C, 0xDA, 0x78, 0x59, 0x22,
+        0x05, 0x09, 0xB4, 0x83, 0xC5, 0xC5, 0x2A, 0x21,
+        0x0E, 0x9C, 0x81, 0x2B, 0xC0, 0xC2, 0x32, 0x8C,
+        0xA0, 0x0E, 0x78, 0x9A, 0x56, 0xB2, 0x60, 0x6B,
+        0x90, 0x29, 0x2E, 0x35, 0x43, 0xDA, 0xCA, 0xA2,
+        0x43, 0x18, 0x41, 0xD6, 0x1A, 0x22, 0xCA, 0x90,
+        0xC1, 0xCC, 0xF0, 0xB5, 0xB4, 0xE0, 0xA6, 0xF6,
+        0x40, 0x53, 0x6D, 0x1A, 0x26, 0xAB, 0x5B, 0x8D,
+        0x21, 0x51, 0x32, 0x79, 0x28, 0xCE, 0x02, 0x90,
+        0x4C, 0xF1, 0xD1, 0x5E, 0x32, 0x78, 0x8A, 0x95,
+        0xF6, 0x2D, 0x3C, 0x27, 0x0B, 0x6F, 0xA1, 0x50,
+        0x8F, 0x97, 0xB9, 0x15, 0x5A, 0x27, 0x26, 0xD8,
+        0x0A, 0x1A, 0xFA, 0x3C, 0x53, 0x87, 0xA2, 0x76,
+        0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E,
+        0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB
+    };
+    static const byte seed_512[WC_ML_KEM_ENC_RAND_SZ] = {
+        0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B,
+        0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C,
+        0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92,
+        0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA
+    };
+    static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = {
+        0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C,
+        0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB,
+        0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB,
+        0xA5, 0xD0, 0x68, 0xFC, 0xAC, 0xAB, 0xED, 0xF7,
+        0x77, 0x84, 0xE2, 0xB2, 0x4D, 0x79, 0x61, 0x77,
+        0x5F, 0x0B, 0xF1, 0xA9, 0x97, 0xAE, 0x8B, 0xA9,
+        0xFC, 0x43, 0x11, 0xBE, 0x63, 0x71, 0x67, 0x79,
+        0xC2, 0xB7, 0x88, 0xF8, 0x12, 0xCB, 0xB7, 0x8C,
+        0x74, 0xE7, 0x51, 0x7E, 0x22, 0xE9, 0x10, 0xEF,
+        0xF5, 0xF3, 0x8D, 0x44, 0x46, 0x9C, 0x50, 0xDE,
+        0x16, 0x75, 0xAE, 0x19, 0x8F, 0xD6, 0xA2, 0x89,
+        0xAE, 0x7E, 0x6C, 0x30, 0xA9, 0xD4, 0x35, 0x1B,
+        0x3D, 0x1F, 0x4C, 0x36, 0xEF, 0xF9, 0xC6, 0x8D,
+        0xA9, 0x1C, 0x40, 0xB8, 0x2D, 0xC9, 0xB2, 0x79,
+        0x9A, 0x33, 0xA2, 0x6B, 0x60, 0xA4, 0xE7, 0x0D,
+        0x71, 0x01, 0x86, 0x27, 0x79, 0x46, 0x9F, 0x3A,
+        0x9D, 0xAE, 0xC8, 0xE3, 0xE8, 0xF8, 0xC6, 0xA1,
+        0x6B, 0xF0, 0x92, 0xFB, 0xA5, 0x86, 0x61, 0x86,
+        0xB8, 0xD2, 0x08, 0xFD, 0xEB, 0x27, 0x4A, 0xC1,
+        0xF8, 0x29, 0x65, 0x9D, 0xC2, 0xBE, 0x4A, 0xC4,
+        0xF3, 0x06, 0xCB, 0x55, 0x84, 0xBA, 0xD1, 0x93,
+        0x6A, 0x92, 0xC9, 0xB7, 0x68, 0x19, 0x23, 0x42,
+        0x81, 0xBB, 0x39, 0x58, 0x41, 0xC2, 0x57, 0x56,
+        0x08, 0x6E, 0xA5, 0x64, 0xCA, 0x3E, 0x22, 0x7E,
+        0x3D, 0x9F, 0x10, 0x52, 0xC0, 0x76, 0x6D, 0x2E,
+        0xB7, 0x9A, 0x47, 0xC1, 0x50, 0x72, 0x1E, 0x0D,
+        0xEA, 0x7C, 0x00, 0x69, 0xD5, 0x51, 0xB2, 0x64,
+        0x80, 0x1B, 0x77, 0x27, 0xEC, 0xAF, 0x82, 0xEE,
+        0xCB, 0x99, 0xA8, 0x76, 0xFD, 0xA0, 0x90, 0xBF,
+        0x6C, 0x3F, 0xC6, 0xB1, 0x09, 0xF1, 0x70, 0x14,
+        0x85, 0xF0, 0x3C, 0xE6, 0x62, 0x74, 0xB8, 0x43,
+        0x5B, 0x0A, 0x01, 0x4C, 0xFB, 0x3E, 0x79, 0xCC,
+        0xED, 0x67, 0x05, 0x7B, 0x5A, 0xE2, 0xAD, 0x7F,
+        0x52, 0x79, 0xEB, 0x71, 0x49, 0x42, 0xE4, 0xC1,
+        0xCC, 0xFF, 0x7E, 0x85, 0xC0, 0xDB, 0x43, 0xE5,
+        0xD4, 0x12, 0x89, 0x20, 0x73, 0x63, 0xB4, 0x44,
+        0xBB, 0x51, 0xBB, 0x8A, 0xB0, 0x37, 0x1E, 0x70,
+        0xCB, 0xD5, 0x5F, 0x0F, 0x3D, 0xAD, 0x40, 0x3E,
+        0x10, 0x51, 0x76, 0xE3, 0xE8, 0xA2, 0x25, 0xD8,
+        0x4A, 0xC8, 0xBE, 0xE3, 0x8C, 0x82, 0x1E, 0xE0,
+        0xF5, 0x47, 0x43, 0x11, 0x45, 0xDC, 0xB3, 0x13,
+        0x92, 0x86, 0xAB, 0xB1, 0x17, 0x94, 0xA4, 0x3A,
+        0x3C, 0x1B, 0x52, 0x29, 0xE4, 0xBC, 0xFE, 0x95,
+        0x9C, 0x78, 0xAD, 0xAE, 0xE2, 0xD5, 0xF2, 0x49,
+        0x7B, 0x5D, 0x24, 0xBC, 0x21, 0xFA, 0x03, 0xA9,
+        0xA5, 0x8C, 0x24, 0x55, 0x37, 0x3E, 0xC8, 0x95,
+        0x83, 0xE7, 0xE5, 0x88, 0xD7, 0xFE, 0x67, 0x99,
+        0x1E, 0xE9, 0x37, 0x83, 0xED, 0x4A, 0x6F, 0x9E,
+        0xEA, 0xE0, 0x4E, 0x64, 0xE2, 0xE1, 0xE0, 0xE6,
+        0x99, 0xF6, 0xDC, 0x9C, 0x5D, 0x39, 0xEF, 0x92,
+        0x78, 0xC9, 0x85, 0xE7, 0xFD, 0xF2, 0xA7, 0x64,
+        0xFF, 0xD1, 0xA0, 0xB9, 0x57, 0x92, 0xAD, 0x68,
+        0x1E, 0x93, 0x0D, 0x76, 0xDF, 0x4E, 0xFE, 0x5D,
+        0x65, 0xDB, 0xBD, 0x0F, 0x14, 0x38, 0x48, 0x1E,
+        0xD8, 0x33, 0xAD, 0x49, 0x46, 0xAD, 0x1C, 0x69,
+        0xAD, 0x21, 0xDD, 0x7C, 0x86, 0x18, 0x57, 0x74,
+        0x42, 0x6F, 0x3F, 0xCF, 0x53, 0xB5, 0x2A, 0xD4,
+        0xB4, 0x0D, 0x22, 0x8C, 0xE1, 0x24, 0x07, 0x2F,
+        0x59, 0x2C, 0x7D, 0xAA, 0x05, 0x7F, 0x17, 0xD7,
+        0x90, 0xA5, 0xBD, 0x5B, 0x93, 0x83, 0x4D, 0x58,
+        0xC0, 0x8C, 0x88, 0xDC, 0x8F, 0x0E, 0xF4, 0x88,
+        0x15, 0x64, 0x25, 0xB7, 0x44, 0x65, 0x4E, 0xAC,
+        0xA9, 0xD6, 0x48, 0x58, 0xA4, 0xD6, 0xCE, 0xB4,
+        0x78, 0x79, 0x51, 0x94, 0xBF, 0xAD, 0xB1, 0x8D,
+        0xC0, 0xEA, 0x05, 0x4F, 0x97, 0x71, 0x21, 0x5A,
+        0xD3, 0xCB, 0x1F, 0xD0, 0x31, 0xD7, 0xBE, 0x45,
+        0x98, 0x62, 0x19, 0x26, 0x47, 0x8D, 0x37, 0x5A,
+        0x18, 0x45, 0xAA, 0x91, 0xD7, 0xC7, 0x33, 0xF8,
+        0xF0, 0xE1, 0x88, 0xC8, 0x38, 0x96, 0xED, 0xF8,
+        0x3B, 0x86, 0x46, 0xC9, 0x9E, 0x29, 0xC0, 0xDA,
+        0x22, 0x90, 0xE7, 0x1C, 0x3D, 0x2E, 0x97, 0x07,
+        0x20, 0xC9, 0x7B, 0x5B, 0x7F, 0x95, 0x04, 0x86,
+        0x03, 0x3C, 0x6A, 0x25, 0x71, 0xDD, 0xF2, 0xBC,
+        0xCD, 0xAB, 0xB2, 0xDF, 0xA5, 0xFC, 0xE4, 0xC3,
+        0xA1, 0x88, 0x46, 0x06, 0x04, 0x1D, 0x18, 0x1C,
+        0x72, 0x87, 0x94, 0xAE, 0x0E, 0x80, 0x6E, 0xCB,
+        0x49, 0xAF, 0x16, 0x75, 0x6A, 0x4C, 0xE7, 0x3C,
+        0x87, 0xBD, 0x42, 0x34, 0xE6, 0x0F, 0x05, 0x53,
+        0x5F, 0xA5, 0x92, 0x9F, 0xD5, 0xA3, 0x44, 0x73,
+        0x26, 0x64, 0x01, 0xF6, 0x3B, 0xBD, 0x6B, 0x90,
+        0xE0, 0x03, 0x47, 0x2A, 0xC0, 0xCE, 0x88, 0xF1,
+        0xB6, 0x66, 0x59, 0x72, 0x79, 0xD0, 0x56, 0xA6,
+        0x32, 0xC8, 0xD6, 0xB7, 0x90, 0xFD, 0x41, 0x17,
+        0x67, 0x84, 0x8A, 0x69, 0xE3, 0x7A, 0x8A, 0x83,
+        0x9B, 0xC7, 0x66, 0xA0, 0x2C, 0xA2, 0xF6, 0x95,
+        0xEC, 0x63, 0xF0, 0x56, 0xA4, 0xE2, 0xA1, 0x14,
+        0xCA, 0xCF, 0x9F, 0xD9, 0x0D, 0x73, 0x0C, 0x97,
+        0x0D, 0xB3, 0x87, 0xF6, 0xDE, 0x73, 0x39, 0x5F,
+        0x70, 0x1A, 0x1D, 0x95, 0x3B, 0x2A, 0x89, 0xDD,
+        0x7E, 0xDA, 0xD4, 0x39, 0xFC, 0x20, 0x5A, 0x54,
+        0xA4, 0x81, 0xE8, 0x89, 0xB0, 0x98, 0xD5, 0x25,
+        0x56, 0x70, 0xF0, 0x26, 0xB4, 0xA2, 0xBF, 0x02,
+        0xD2, 0xBD, 0xDE, 0x87, 0xC7, 0x66, 0xB2, 0x5F,
+        0xC5, 0xE0, 0xFD, 0x45, 0x37, 0x57, 0xE7, 0x56,
+        0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F,
+        0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62
+    };
+    static const byte k_512[WC_ML_KEM_SS_SZ] = {
+        0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21,
+        0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71,
+        0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF,
+        0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = {
+        0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC,
+        0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38,
+        0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24,
+        0xD5, 0x07, 0x97, 0xA5, 0xF2, 0x3C, 0x3A, 0x18,
+        0xB3, 0x10, 0x1A, 0x12, 0x69, 0x06, 0x9F, 0x43,
+        0xA8, 0x42, 0xBA, 0xCC, 0x09, 0x8A, 0x88, 0x21,
+        0x27, 0x1C, 0x67, 0x3D, 0xB1, 0xBE, 0xB3, 0x30,
+        0x34, 0xE4, 0xD7, 0x77, 0x4D, 0x16, 0x63, 0x5C,
+        0x7C, 0x2C, 0x3C, 0x27, 0x63, 0x45, 0x35, 0x38,
+        0xBC, 0x16, 0x32, 0xE1, 0x85, 0x15, 0x91, 0xA5,
+        0x16, 0x42, 0x97, 0x4E, 0x59, 0x28, 0xAB, 0xB8,
+        0xE5, 0x5F, 0xE5, 0x56, 0x12, 0xF9, 0xB1, 0x41,
+        0xAF, 0xF0, 0x15, 0x54, 0x53, 0x94, 0xB2, 0x09,
+        0x2E, 0x59, 0x09, 0x70, 0xEC, 0x29, 0xA7, 0xB7,
+        0xE7, 0xAA, 0x1F, 0xB4, 0x49, 0x3B, 0xF7, 0xCB,
+        0x73, 0x19, 0x06, 0xC2, 0xA5, 0xCB, 0x49, 0xE6,
+        0x61, 0x48, 0x59, 0x06, 0x4E, 0x19, 0xB8, 0xFA,
+        0x26, 0xAF, 0x51, 0xC4, 0x4B, 0x5E, 0x75, 0x35,
+        0xBF, 0xDA, 0xC0, 0x72, 0xB6, 0x46, 0xD3, 0xEA,
+        0x49, 0x0D, 0x27, 0x7F, 0x0D, 0x97, 0xCE, 0xD4,
+        0x73, 0x95, 0xFE, 0xD9, 0x1E, 0x8F, 0x2B, 0xCE,
+        0x0E, 0x3C, 0xA1, 0x22, 0xC2, 0x02, 0x5F, 0x74,
+        0x06, 0x7A, 0xB9, 0x28, 0xA8, 0x22, 0xB3, 0x56,
+        0x53, 0xA7, 0x4F, 0x06, 0x75, 0x76, 0x29, 0xAF,
+        0xB1, 0xA1, 0xCA, 0xF2, 0x37, 0x10, 0x0E, 0xA9,
+        0x35, 0xE7, 0x93, 0xC8, 0xF5, 0x8A, 0x71, 0xB3,
+        0xD6, 0xAE, 0x2C, 0x86, 0x58, 0xB1, 0x01, 0x50,
+        0xD4, 0xA3, 0x8F, 0x57, 0x2A, 0x0D, 0x49, 0xD2,
+        0x8A, 0xE8, 0x94, 0x51, 0xD3, 0x38, 0x32, 0x6F,
+        0xDB, 0x3B, 0x43, 0x50, 0x03, 0x6C, 0x10, 0x81,
+        0x11, 0x77, 0x40, 0xED, 0xB8, 0x6B, 0x12, 0x08,
+        0x1C, 0x5C, 0x12, 0x23, 0xDB, 0xB5, 0x66, 0x0D,
+        0x5B, 0x3C, 0xB3, 0x78, 0x7D, 0x48, 0x18, 0x49,
+        0x30, 0x4C, 0x68, 0xBE, 0x87, 0x54, 0x66, 0xF1,
+        0x4E, 0xE5, 0x49, 0x5C, 0x2B, 0xD7, 0x95, 0xAE,
+        0x41, 0x2D, 0x09, 0x00, 0x2D, 0x65, 0xB8, 0x71,
+        0x9B, 0x90, 0xCB, 0xA3, 0x60, 0x3A, 0xC4, 0x95,
+        0x8E, 0xA0, 0x3C, 0xC1, 0x38, 0xC8, 0x6F, 0x78,
+        0x51, 0x59, 0x31, 0x25, 0x33, 0x47, 0x01, 0xB6,
+        0x77, 0xF8, 0x2F, 0x49, 0x52, 0xA4, 0xC9, 0x3B,
+        0x5B, 0x4C, 0x13, 0x4B, 0xB4, 0x2A, 0x85, 0x7F,
+        0xD1, 0x5C, 0x65, 0x08, 0x64, 0xA6, 0xAA, 0x94,
+        0xEB, 0x69, 0x1C, 0x0B, 0x69, 0x1B, 0xE4, 0x68,
+        0x4C, 0x1F, 0x5B, 0x74, 0x90, 0x46, 0x7F, 0xC0,
+        0x1B, 0x1D, 0x1F, 0xDA, 0x4D, 0xDA, 0x35, 0xC4,
+        0xEC, 0xC2, 0x31, 0xBC, 0x73, 0xA6, 0xFE, 0xF4,
+        0x2C, 0x99, 0xD3, 0x4E, 0xB8, 0x2A, 0x4D, 0x01,
+        0x49, 0x87, 0xB3, 0xE3, 0x86, 0x91, 0x0C, 0x62,
+        0x67, 0x9A, 0x11, 0x8F, 0x3C, 0x5B, 0xD9, 0xF4,
+        0x67, 0xE4, 0x16, 0x20, 0x42, 0x42, 0x43, 0x57,
+        0xDB, 0x92, 0xEF, 0x48, 0x4A, 0x4A, 0x17, 0x98,
+        0xC1, 0x25, 0x7E, 0x87, 0x0A, 0x30, 0xCB, 0x20,
+        0xAA, 0xA0, 0x33, 0x5D, 0x83, 0x31, 0x4F, 0xE0,
+        0xAA, 0x7E, 0x63, 0xA8, 0x62, 0x64, 0x80, 0x41,
+        0xA7, 0x2A, 0x63, 0x21, 0x52, 0x32, 0x20, 0xB1,
+        0xAC, 0xE9, 0xBB, 0x70, 0x1B, 0x21, 0xAC, 0x12,
+        0x53, 0xCB, 0x81, 0x2C, 0x15, 0x57, 0x5A, 0x90,
+        0x85, 0xEA, 0xBE, 0xAD, 0xE7, 0x3A, 0x4A, 0xE7,
+        0x6E, 0x6A, 0x7B, 0x15, 0x8A, 0x20, 0x58, 0x6D,
+        0x78, 0xA5, 0xAC, 0x62, 0x0A, 0x5C, 0x9A, 0xBC,
+        0xC9, 0xC0, 0x43, 0x35, 0x0A, 0x73, 0x65, 0x6B,
+        0x0A, 0xBE, 0x82, 0x2D, 0xA5, 0xE0, 0xBA, 0x76,
+        0x04, 0x5F, 0xAD, 0x75, 0x40, 0x1D, 0x7A, 0x3B,
+        0x70, 0x37, 0x91, 0xB7, 0xE9, 0x92, 0x61, 0x71,
+        0x0F, 0x86, 0xB7, 0x24, 0x21, 0xD2, 0x40, 0xA3,
+        0x47, 0x63, 0x83, 0x77, 0x20, 0x5A, 0x15, 0x2C,
+        0x79, 0x41, 0x30, 0xA4, 0xE0, 0x47, 0x74, 0x2B,
+        0x88, 0x83, 0x03, 0xBD, 0xDC, 0x30, 0x91, 0x16,
+        0x76, 0x4D, 0xE7, 0x42, 0x4C, 0xEB, 0xEA, 0x6D,
+        0xB6, 0x53, 0x48, 0xAC, 0x53, 0x7E, 0x01, 0xA9,
+        0xCC, 0x56, 0xEA, 0x66, 0x7D, 0x5A, 0xA8, 0x7A,
+        0xC9, 0xAA, 0xA4, 0x31, 0x7D, 0x26, 0x2C, 0x10,
+        0x14, 0x30, 0x50, 0xB8, 0xD0, 0x7A, 0x72, 0x8C,
+        0xA6, 0x33, 0xC1, 0x3E, 0x46, 0x8A, 0xBC, 0xEA,
+        0xD3, 0x72, 0xC7, 0x7B, 0x8E, 0xCF, 0x3B, 0x98,
+        0x6B, 0x98, 0xC1, 0xE5, 0x58, 0x60, 0xB2, 0xB4,
+        0x21, 0x67, 0x66, 0xAD, 0x87, 0x4C, 0x35, 0xED,
+        0x72, 0x05, 0x06, 0x87, 0x39, 0x23, 0x02, 0x20,
+        0xB5, 0xA2, 0x31, 0x7D, 0x10, 0x2C, 0x59, 0x83,
+        0x56, 0xF1, 0x68, 0xAC, 0xBE, 0x80, 0x60, 0x8D,
+        0xE4, 0xC9, 0xA7, 0x10, 0xB8, 0xDD, 0x07, 0x07,
+        0x8C, 0xD7, 0xC6, 0x71, 0x05, 0x8A, 0xF1, 0xB0,
+        0xB8, 0x30, 0x4A, 0x31, 0x4F, 0x7B, 0x29, 0xBE,
+        0x78, 0xA9, 0x33, 0xC7, 0xB9, 0x29, 0x44, 0x24,
+        0x95, 0x4A, 0x1B, 0xF8, 0xBC, 0x74, 0x5D, 0xE8,
+        0x61, 0x98, 0x65, 0x9E, 0x0E, 0x12, 0x25, 0xA9,
+        0x10, 0x72, 0x60, 0x74, 0x96, 0x9C, 0x39, 0xA9,
+        0x7C, 0x19, 0x24, 0x06, 0x01, 0xA4, 0x6E, 0x01,
+        0x3D, 0xCD, 0xCB, 0x67, 0x7A, 0x8C, 0xBD, 0x2C,
+        0x95, 0xA4, 0x06, 0x29, 0xC2, 0x56, 0xF2, 0x4A,
+        0x32, 0x89, 0x51, 0xDF, 0x57, 0x50, 0x2A, 0xB3,
+        0x07, 0x72, 0xCC, 0x7E, 0x5B, 0x85, 0x00, 0x27,
+        0xC8, 0x55, 0x17, 0x81, 0xCE, 0x49, 0x85, 0xBD,
+        0xAC, 0xF6, 0xB8, 0x65, 0xC1, 0x04, 0xE8, 0xA4,
+        0xBC, 0x65, 0xC4, 0x16, 0x94, 0xD4, 0x56, 0xB7,
+        0x16, 0x9E, 0x45, 0xAB, 0x3D, 0x7A, 0xCA, 0xBE,
+        0xAF, 0xE2, 0x3A, 0xD6, 0xA7, 0xB9, 0x4D, 0x19,
+        0x79, 0xA2, 0xF4, 0xC1, 0xCA, 0xE7, 0xCD, 0x77,
+        0xD6, 0x81, 0xD2, 0x90, 0xB5, 0xD8, 0xE4, 0x51,
+        0xBF, 0xDC, 0xCC, 0xF5, 0x31, 0x0B, 0x9D, 0x12,
+        0xA8, 0x8E, 0xC2, 0x9B, 0x10, 0x25, 0x5D, 0x5E,
+        0x17, 0xA1, 0x92, 0x67, 0x0A, 0xA9, 0x73, 0x1C,
+        0x5C, 0xA6, 0x7E, 0xC7, 0x84, 0xC5, 0x02, 0x78,
+        0x1B, 0xE8, 0x52, 0x7D, 0x6F, 0xC0, 0x03, 0xC6,
+        0x70, 0x1B, 0x36, 0x32, 0x28, 0x4B, 0x40, 0x30,
+        0x7A, 0x52, 0x7C, 0x76, 0x20, 0x37, 0x7F, 0xEB,
+        0x0B, 0x73, 0xF7, 0x22, 0xC9, 0xE3, 0xCD, 0x4D,
+        0xEC, 0x64, 0x87, 0x6B, 0x93, 0xAB, 0x5B, 0x7C,
+        0xFC, 0x4A, 0x65, 0x7F, 0x85, 0x2B, 0x65, 0x92,
+        0x82, 0x86, 0x43, 0x84, 0xF4, 0x42, 0xB2, 0x2E,
+        0x8A, 0x21, 0x10, 0x93, 0x87, 0xB8, 0xB4, 0x75,
+        0x85, 0xFC, 0x68, 0x0D, 0x0B, 0xA4, 0x5C, 0x7A,
+        0x8B, 0x1D, 0x72, 0x74, 0xBD, 0xA5, 0x78, 0x45,
+        0xD1, 0x00, 0xD0, 0xF4, 0x2A, 0x3B, 0x74, 0x62,
+        0x87, 0x73, 0x35, 0x1F, 0xD7, 0xAC, 0x30, 0x5B,
+        0x24, 0x97, 0x63, 0x9B, 0xE9, 0x0B, 0x3F, 0x4F,
+        0x71, 0xA6, 0xAA, 0x35, 0x61, 0xEE, 0xCC, 0x6A,
+        0x69, 0x1B, 0xB5, 0xCB, 0x39, 0x14, 0xD8, 0x63,
+        0x4C, 0xA1, 0xE1, 0xAF, 0x54, 0x3C, 0x04, 0x9A,
+        0x8C, 0x6E, 0x86, 0x8C, 0x51, 0xF0, 0x42, 0x3B,
+        0xD2, 0xD5, 0xAE, 0x09, 0xB7, 0x9E, 0x57, 0xC2,
+        0x7F, 0x3F, 0xE3, 0xAE, 0x2B, 0x26, 0xA4, 0x41,
+        0xBA, 0xBF, 0xC6, 0x71, 0x8C, 0xE8, 0xC0, 0x5B,
+        0x4F, 0xE7, 0x93, 0xB9, 0x10, 0xB8, 0xFB, 0xCB,
+        0xBE, 0x7F, 0x10, 0x13, 0x24, 0x2B, 0x40, 0xE0,
+        0x51, 0x4D, 0x0B, 0xDC, 0x5C, 0x88, 0xBA, 0xC5,
+        0x94, 0xC7, 0x94, 0xCE, 0x51, 0x22, 0xFB, 0xF3,
+        0x48, 0x96, 0x81, 0x91, 0x47, 0xB9, 0x28, 0x38,
+        0x15, 0x87, 0x96, 0x3B, 0x0B, 0x90, 0x03, 0x4A,
+        0xA0, 0x7A, 0x10, 0xBE, 0x17, 0x6E, 0x01, 0xC8,
+        0x0A, 0xD6, 0xA4, 0xB7, 0x1B, 0x10, 0xAF, 0x42,
+        0x41, 0x40, 0x0A, 0x2A, 0x4C, 0xBB, 0xC0, 0x59,
+        0x61, 0xA1, 0x5E, 0xC1, 0x47, 0x4E, 0xD5, 0x1A,
+        0x3C, 0xC6, 0xD3, 0x58, 0x00, 0x67, 0x9A, 0x46,
+        0x28, 0x09, 0xCA, 0xA3, 0xAB, 0x4F, 0x70, 0x94,
+        0xCD, 0x66, 0x10, 0xB4, 0xA7, 0x00, 0xCB, 0xA9,
+        0x39, 0xE7, 0xEA, 0xC9, 0x3E, 0x38, 0xC9, 0x97,
+        0x55, 0x90, 0x87, 0x27, 0x61, 0x9E, 0xD7, 0x6A,
+        0x34, 0xE5, 0x3C, 0x4F, 0xA2, 0x5B, 0xFC, 0x97,
+        0x00, 0x82, 0x06, 0x69, 0x7D, 0xD1, 0x45, 0xE5,
+        0xB9, 0x18, 0x8E, 0x5B, 0x01, 0x4E, 0x94, 0x16,
+        0x81, 0xE1, 0x5F, 0xE3, 0xE1, 0x32, 0xB8, 0xA3,
+        0x90, 0x34, 0x74, 0x14, 0x8B, 0xA2, 0x8B, 0x98,
+        0x71, 0x11, 0xC9, 0xBC, 0xB3, 0x98, 0x9B, 0xBB,
+        0xC6, 0x71, 0xC5, 0x81, 0xB4, 0x4A, 0x49, 0x28,
+        0x45, 0xF2, 0x88, 0xE6, 0x21, 0x96, 0xE4, 0x71,
+        0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08,
+        0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4
+    };
+    static const byte seed_768[WC_ML_KEM_ENC_RAND_SZ] = {
+        0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18,
+        0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D,
+        0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C,
+        0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7
+    };
+    static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = {
+        0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87,
+        0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3,
+        0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B,
+        0x77, 0x37, 0x64, 0xB6, 0xC0, 0xDD, 0x30, 0x47,
+        0x0F, 0x68, 0xDF, 0xF8, 0x2E, 0x0D, 0xCA, 0x92,
+        0x50, 0x92, 0x74, 0xEC, 0xFE, 0x83, 0xA9, 0x54,
+        0x73, 0x5F, 0xDE, 0x6E, 0x14, 0x67, 0x6D, 0xAA,
+        0xA3, 0x68, 0x0C, 0x30, 0xD5, 0x24, 0xF4, 0xEF,
+        0xA7, 0x9E, 0xD6, 0xA1, 0xF9, 0xED, 0x7E, 0x1C,
+        0x00, 0x56, 0x0E, 0x86, 0x83, 0x53, 0x8C, 0x31,
+        0x05, 0xAB, 0x93, 0x1B, 0xE0, 0xD2, 0xB2, 0x49,
+        0xB3, 0x8C, 0xB9, 0xB1, 0x3A, 0xF5, 0xCE, 0xAF,
+        0x78, 0x87, 0xA5, 0x9D, 0xBA, 0x16, 0x68, 0x8A,
+        0x7F, 0x28, 0xDE, 0x0B, 0x14, 0xD1, 0x9F, 0x39,
+        0x1E, 0xB4, 0x18, 0x32, 0xA5, 0x64, 0x79, 0x41,
+        0x6C, 0xCF, 0x94, 0xE9, 0x97, 0x39, 0x0E, 0xD7,
+        0x87, 0x8E, 0xEA, 0xFF, 0x49, 0x32, 0x8A, 0x70,
+        0xE0, 0xAB, 0x5F, 0xCE, 0x6C, 0x63, 0xC0, 0x9B,
+        0x35, 0xF4, 0xE4, 0x59, 0x94, 0xDE, 0x61, 0x5B,
+        0x88, 0xBB, 0x72, 0x2F, 0x70, 0xE8, 0x7D, 0x2B,
+        0xBD, 0x72, 0xAE, 0x71, 0xE1, 0xEE, 0x90, 0x08,
+        0xE4, 0x59, 0xD8, 0xE7, 0x43, 0x03, 0x9A, 0x8D,
+        0xDE, 0xB8, 0x74, 0xFC, 0xE5, 0x30, 0x1A, 0x2F,
+        0x8C, 0x0E, 0xE8, 0xC2, 0xFE, 0xE7, 0xA4, 0xEE,
+        0x68, 0xB5, 0xED, 0x6A, 0x6D, 0x9A, 0xB7, 0x4F,
+        0x98, 0xBB, 0x3B, 0xA0, 0xFE, 0x89, 0xE8, 0x2B,
+        0xD5, 0xA5, 0x25, 0xC5, 0xE8, 0x79, 0x0F, 0x81,
+        0x8C, 0xCC, 0x60, 0x58, 0x77, 0xD4, 0x6C, 0x8B,
+        0xDB, 0x5C, 0x33, 0x7B, 0x02, 0x5B, 0xB8, 0x40,
+        0xFF, 0x47, 0x18, 0x96, 0xE4, 0x3B, 0xFA, 0x99,
+        0xD7, 0x3D, 0xBE, 0x31, 0x80, 0x5C, 0x27, 0xA4,
+        0x3E, 0x57, 0xF0, 0x61, 0x8B, 0x3A, 0xE5, 0x22,
+        0xA4, 0x64, 0x4E, 0x0D, 0x4E, 0x4C, 0x1C, 0x54,
+        0x84, 0x89, 0x43, 0x1B, 0xE5, 0x58, 0xF3, 0xBF,
+        0xC5, 0x0E, 0x16, 0x61, 0x7E, 0x11, 0x0D, 0xD7,
+        0xAF, 0x9A, 0x6F, 0xD8, 0x3E, 0x3F, 0xBB, 0x68,
+        0xC3, 0x04, 0xD1, 0x5F, 0x6C, 0xB7, 0x00, 0xD6,
+        0x1D, 0x7A, 0xA9, 0x15, 0xA6, 0x75, 0x1E, 0xA3,
+        0xBA, 0x80, 0x22, 0x3E, 0x65, 0x41, 0x32, 0xA2,
+        0x09, 0x99, 0xA4, 0x3B, 0xF4, 0x08, 0x59, 0x27,
+        0x30, 0xB9, 0xA9, 0x49, 0x96, 0x36, 0xC0, 0x9F,
+        0xA7, 0x29, 0xF9, 0xCB, 0x1F, 0x9D, 0x34, 0x42,
+        0xF4, 0x73, 0x57, 0xA2, 0xB9, 0xCF, 0x15, 0xD3,
+        0x10, 0x3B, 0x9B, 0xF3, 0x96, 0xC2, 0x30, 0x88,
+        0xF1, 0x18, 0xED, 0xE3, 0x46, 0xB5, 0xC0, 0x38,
+        0x91, 0xCF, 0xA5, 0xD5, 0x17, 0xCE, 0xF8, 0x47,
+        0x13, 0x22, 0xE7, 0xE3, 0x10, 0x87, 0xC4, 0xB0,
+        0x36, 0xAB, 0xAD, 0x78, 0x4B, 0xFF, 0x72, 0xA9,
+        0xB1, 0x1F, 0xA1, 0x98, 0xFA, 0xCB, 0xCB, 0x91,
+        0xF0, 0x67, 0xFE, 0xAF, 0x76, 0xFC, 0xFE, 0x53,
+        0x27, 0xC1, 0x07, 0x0B, 0x3D, 0xA6, 0x98, 0x84,
+        0x00, 0x75, 0x67, 0x60, 0xD2, 0xD1, 0xF0, 0x60,
+        0x29, 0x8F, 0x16, 0x83, 0xD5, 0x1E, 0x36, 0x16,
+        0xE9, 0x8C, 0x51, 0xC9, 0xC0, 0x3A, 0xA4, 0x2F,
+        0x2E, 0x63, 0x36, 0x51, 0xA4, 0x7A, 0xD3, 0xCC,
+        0x2A, 0xB4, 0xA8, 0x52, 0xAE, 0x0C, 0x4B, 0x04,
+        0xB4, 0xE1, 0xC3, 0xDD, 0x94, 0x44, 0x45, 0xA2,
+        0xB1, 0x2B, 0x4F, 0x42, 0xA6, 0x43, 0x51, 0x05,
+        0xC0, 0x41, 0x22, 0xFC, 0x35, 0x87, 0xAF, 0xE4,
+        0x09, 0xA0, 0x0B, 0x30, 0x8D, 0x63, 0xC5, 0xDD,
+        0x81, 0x63, 0x65, 0x45, 0x04, 0xEE, 0xDB, 0xB7,
+        0xB5, 0x32, 0x95, 0x77, 0xC3, 0x5F, 0xBE, 0xB3,
+        0xF4, 0x63, 0x87, 0x2C, 0xAC, 0x28, 0x14, 0x2B,
+        0x3C, 0x12, 0xA7, 0x40, 0xEC, 0x6E, 0xA7, 0xCE,
+        0x9A, 0xD7, 0x8C, 0x6F, 0xC8, 0xFE, 0x1B, 0x4D,
+        0xF5, 0xFC, 0x55, 0xC1, 0x66, 0x7F, 0x31, 0xF2,
+        0x31, 0x2D, 0xA0, 0x77, 0x99, 0xDC, 0x87, 0x0A,
+        0x47, 0x86, 0x08, 0x54, 0x9F, 0xED, 0xAF, 0xE0,
+        0x21, 0xF1, 0xCF, 0x29, 0x84, 0x18, 0x03, 0x64,
+        0xE9, 0x0A, 0xD9, 0x8D, 0x84, 0x56, 0x52, 0xAA,
+        0x3C, 0xDD, 0x7A, 0x8E, 0xB0, 0x9F, 0x5E, 0x51,
+        0x42, 0x3F, 0xAB, 0x42, 0xA7, 0xB7, 0xBB, 0x4D,
+        0x51, 0x48, 0x64, 0xBE, 0x8D, 0x71, 0x29, 0x7E,
+        0x9C, 0x3B, 0x17, 0xA9, 0x93, 0xF0, 0xAE, 0x62,
+        0xE8, 0xEF, 0x52, 0x63, 0x7B, 0xD1, 0xB8, 0x85,
+        0xBD, 0x9B, 0x6A, 0xB7, 0x27, 0x85, 0x4D, 0x70,
+        0x3D, 0x8D, 0xC4, 0x78, 0xF9, 0x6C, 0xB8, 0x1F,
+        0xCE, 0x4C, 0x60, 0x38, 0x3A, 0xC0, 0x1F, 0xCF,
+        0x0F, 0x97, 0x1D, 0x4C, 0x8F, 0x35, 0x2B, 0x7A,
+        0x82, 0xE2, 0x18, 0x65, 0x2F, 0x2C, 0x10, 0x6C,
+        0xA9, 0x2A, 0xE6, 0x86, 0xBA, 0xCF, 0xCE, 0xF5,
+        0xD3, 0x27, 0x34, 0x7A, 0x97, 0xA9, 0xB3, 0x75,
+        0xD6, 0x73, 0x41, 0x55, 0x2B, 0xC2, 0xC5, 0x38,
+        0x77, 0x8E, 0x0F, 0x98, 0x01, 0x82, 0x3C, 0xCD,
+        0xFC, 0xD1, 0xEA, 0xAD, 0xED, 0x55, 0xB1, 0x8C,
+        0x97, 0x57, 0xE3, 0xF2, 0x12, 0xB2, 0x88, 0x9D,
+        0x38, 0x57, 0xDB, 0x51, 0xF9, 0x81, 0xD1, 0x61,
+        0x85, 0xFD, 0x0F, 0x90, 0x08, 0x53, 0xA7, 0x50,
+        0x05, 0xE3, 0x02, 0x0A, 0x8B, 0x95, 0xB7, 0xD8,
+        0xF2, 0xF2, 0x63, 0x1C, 0x70, 0xD7, 0x8A, 0x95,
+        0x7C, 0x7A, 0x62, 0xE1, 0xB3, 0x71, 0x90, 0x70,
+        0xAC, 0xD1, 0xFD, 0x48, 0x0C, 0x25, 0xB8, 0x38,
+        0x47, 0xDA, 0x02, 0x7B, 0x6E, 0xBB, 0xC2, 0xEE,
+        0xC2, 0xDF, 0x22, 0xC8, 0x7F, 0x9B, 0x46, 0xD5,
+        0xD7, 0xBA, 0xF1, 0x56, 0xB5, 0x3C, 0xEE, 0x92,
+        0x95, 0x72, 0xB9, 0x2C, 0x47, 0x84, 0xC4, 0xE8,
+        0x29, 0xF3, 0x44, 0x6A, 0x1F, 0xFE, 0x47, 0xF9,
+        0x9D, 0xEC, 0xD0, 0x43, 0x60, 0x29, 0xDD, 0xEB,
+        0xD3, 0xED, 0x8E, 0x87, 0xE5, 0xE7, 0x3D, 0x12,
+        0x3D, 0xBE, 0x8A, 0x4D, 0xDA, 0xCF, 0x2A, 0xBD,
+        0xE8, 0x7F, 0x33, 0xAE, 0x2B, 0x62, 0x1C, 0x0E,
+        0xC5, 0xD5, 0xCA, 0xD1, 0x25, 0x9D, 0xEE, 0xC2,
+        0xAE, 0xFF, 0x60, 0x88, 0xF0, 0x4F, 0x27, 0xA2,
+        0x03, 0x38, 0xB5, 0x76, 0x25, 0x43, 0xE5, 0x10,
+        0x08, 0x99, 0xA4, 0xCB, 0xFB, 0x7B, 0x3C, 0xA4,
+        0x56, 0xB3, 0xA1, 0x9B, 0x83, 0xA4, 0xC4, 0x32,
+        0x23, 0x0C, 0x23, 0xE1, 0xC7, 0xF1, 0x07, 0xC4,
+        0xCB, 0x11, 0x21, 0x52, 0xF1, 0xC0, 0xF3, 0x0D,
+        0xA0, 0xBB, 0x33, 0xF4, 0xF1, 0x1F, 0x47, 0xEE,
+        0xA4, 0x38, 0x72, 0xBA, 0xFA, 0x84, 0xAE, 0x22,
+        0x25, 0x6D, 0x70, 0x8E, 0x06, 0x04, 0xDA, 0xDE,
+        0x4B, 0x2A, 0x4D, 0xDE, 0x8C, 0xCC, 0xF1, 0x19,
+        0x30, 0xE1, 0x35, 0x53, 0x93, 0x4A, 0xE3, 0xEC,
+        0xE5, 0x2F, 0x3D, 0x7C, 0xCC, 0x00, 0x28, 0x73,
+        0x77, 0x87, 0x9F, 0xE6, 0xB8, 0xEC, 0xE7, 0xEF,
+        0x79, 0x42, 0x35, 0x07, 0xC9, 0xDA, 0x33, 0x95,
+        0x59, 0xC2, 0x0D, 0xE1, 0xC5, 0x19, 0x55, 0x99,
+        0x9B, 0xAE, 0x47, 0x40, 0x1D, 0xC3, 0xCD, 0xFA,
+        0xA1, 0xB2, 0x56, 0xD0, 0x9C, 0x7D, 0xB9, 0xFC,
+        0x86, 0x98, 0xBF, 0xCE, 0xFA, 0x73, 0x02, 0xD5,
+        0x6F, 0xBC, 0xDE, 0x1F, 0xBA, 0xAA, 0x1C, 0x65,
+        0x34, 0x54, 0xE6, 0xFD, 0x3D, 0x84, 0xE4, 0xF7,
+        0x9A, 0x93, 0x1C, 0x68, 0x1C, 0xBB, 0x6C, 0xB4,
+        0x62, 0xB1, 0x0D, 0xAE, 0x11, 0x2B, 0xDF, 0xB7,
+        0xF6, 0x5C, 0x7F, 0xDF, 0x6E, 0x5F, 0xC5, 0x94,
+        0xEC, 0x3A, 0x47, 0x4A, 0x94, 0xBD, 0x97, 0xE6,
+        0xEC, 0x81, 0xF7, 0x1C, 0x23, 0x0B, 0xF7, 0x0C,
+        0xA0, 0xF1, 0x3C, 0xE3, 0xDF, 0xFB, 0xD9, 0xFF,
+        0x98, 0x04, 0xEF, 0xD8, 0xF3, 0x7A, 0x4D, 0x36,
+        0x29, 0xB4, 0x3A, 0x8F, 0x55, 0x54, 0x4E, 0xBC,
+        0x5A, 0xC0, 0xAB, 0xD9, 0xA3, 0x3D, 0x79, 0x69,
+        0x90, 0x68, 0x34, 0x6A, 0x0F, 0x1A, 0x3A, 0x96,
+        0xE1, 0x15, 0xA5, 0xD8, 0x0B, 0xE1, 0x65, 0xB5,
+        0x62, 0xD0, 0x82, 0x98, 0x4D, 0x5A, 0xAC, 0xC3,
+        0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B,
+        0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6
+    };
+    static const byte k_768[WC_ML_KEM_SS_SZ] = {
+        0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0,
+        0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29,
+        0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE,
+        0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = {
+        0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B,
+        0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23,
+        0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08,
+        0x47, 0xD8, 0x6E, 0xF3, 0x27, 0x39, 0xF9, 0x4C,
+        0x3B, 0x44, 0x6C, 0x4D, 0x81, 0xD8, 0x9B, 0x8B,
+        0x42, 0x2A, 0x9D, 0x07, 0x9C, 0x88, 0xB1, 0x1A,
+        0xCA, 0xF3, 0x21, 0xB0, 0x14, 0x29, 0x4E, 0x18,
+        0xB2, 0x96, 0xE5, 0x2F, 0x3F, 0x74, 0x4C, 0xF9,
+        0x63, 0x4A, 0x4F, 0xB0, 0x1D, 0xB0, 0xD9, 0x9E,
+        0xF2, 0x0A, 0x63, 0x3A, 0x55, 0x2E, 0x76, 0xA0,
+        0x58, 0x5C, 0x61, 0x09, 0xF0, 0x18, 0x76, 0x8B,
+        0x76, 0x3A, 0xF3, 0x67, 0x8B, 0x47, 0x80, 0x08,
+        0x9C, 0x13, 0x42, 0xB9, 0x69, 0x07, 0xA2, 0x9A,
+        0x1C, 0x11, 0x52, 0x1C, 0x74, 0x4C, 0x27, 0x97,
+        0xD0, 0xBF, 0x2B, 0x9C, 0xCD, 0xCA, 0x61, 0x46,
+        0x72, 0xB4, 0x50, 0x76, 0x77, 0x3F, 0x45, 0x8A,
+        0x31, 0xEF, 0x86, 0x9B, 0xE1, 0xEB, 0x2E, 0xFE,
+        0xB5, 0x0D, 0x0E, 0x37, 0x49, 0x5D, 0xC5, 0xCA,
+        0x55, 0xE0, 0x75, 0x28, 0x93, 0x4F, 0x62, 0x93,
+        0xC4, 0x16, 0x80, 0x27, 0xD0, 0xE5, 0x3D, 0x07,
+        0xFA, 0xCC, 0x66, 0x30, 0xCB, 0x08, 0x19, 0x7E,
+        0x53, 0xFB, 0x19, 0x3A, 0x17, 0x11, 0x35, 0xDC,
+        0x8A, 0xD9, 0x97, 0x94, 0x02, 0xA7, 0x1B, 0x69,
+        0x26, 0xBC, 0xDC, 0xDC, 0x47, 0xB9, 0x34, 0x01,
+        0x91, 0x0A, 0x5F, 0xCC, 0x1A, 0x81, 0x3B, 0x68,
+        0x2B, 0x09, 0xBA, 0x7A, 0x72, 0xD2, 0x48, 0x6D,
+        0x6C, 0x79, 0x95, 0x16, 0x46, 0x5C, 0x14, 0x72,
+        0x9B, 0x26, 0x94, 0x9B, 0x0B, 0x7C, 0xBC, 0x7C,
+        0x64, 0x0F, 0x26, 0x7F, 0xED, 0x80, 0xB1, 0x62,
+        0xC5, 0x1F, 0xD8, 0xE0, 0x92, 0x27, 0xC1, 0x01,
+        0xD5, 0x05, 0xA8, 0xFA, 0xE8, 0xA2, 0xD7, 0x05,
+        0x4E, 0x28, 0xA7, 0x8B, 0xA8, 0x75, 0x0D, 0xEC,
+        0xF9, 0x05, 0x7C, 0x83, 0x97, 0x9F, 0x7A, 0xBB,
+        0x08, 0x49, 0x45, 0x64, 0x80, 0x06, 0xC5, 0xB2,
+        0x88, 0x04, 0xF3, 0x4E, 0x73, 0xB2, 0x38, 0x11,
+        0x1A, 0x65, 0xA1, 0xF5, 0x00, 0xB1, 0xCC, 0x60,
+        0x6A, 0x84, 0x8F, 0x28, 0x59, 0x07, 0x0B, 0xEB,
+        0xA7, 0x57, 0x31, 0x79, 0xF3, 0x61, 0x49, 0xCF,
+        0x58, 0x01, 0xBF, 0x89, 0xA1, 0xC3, 0x8C, 0xC2,
+        0x78, 0x41, 0x55, 0x28, 0xD0, 0x3B, 0xDB, 0x94,
+        0x3F, 0x96, 0x28, 0x0C, 0x8C, 0xC5, 0x20, 0x42,
+        0xD9, 0xB9, 0x1F, 0xAA, 0x9D, 0x6E, 0xA7, 0xBC,
+        0xBB, 0x7A, 0xB1, 0x89, 0x7A, 0x32, 0x66, 0x96,
+        0x6F, 0x78, 0x39, 0x34, 0x26, 0xC7, 0x6D, 0x8A,
+        0x49, 0x57, 0x8B, 0x98, 0xB1, 0x59, 0xEB, 0xB4,
+        0x6E, 0xE0, 0xA8, 0x83, 0xA2, 0x70, 0xD8, 0x05,
+        0x7C, 0xD0, 0x23, 0x1C, 0x86, 0x90, 0x6A, 0x91,
+        0xDB, 0xBA, 0xDE, 0x6B, 0x24, 0x69, 0x58, 0x1E,
+        0x2B, 0xCA, 0x2F, 0xEA, 0x83, 0x89, 0xF7, 0xC7,
+        0x4B, 0xCD, 0x70, 0x96, 0x1E, 0xA5, 0xB9, 0x34,
+        0xFB, 0xCF, 0x9A, 0x65, 0x90, 0xBF, 0x86, 0xB8,
+        0xDB, 0x54, 0x88, 0x54, 0xD9, 0xA3, 0xFB, 0x30,
+        0x11, 0x04, 0x33, 0xBD, 0x7A, 0x1B, 0x65, 0x9C,
+        0xA8, 0x56, 0x80, 0x85, 0x63, 0x92, 0x37, 0xB3,
+        0xBD, 0xC3, 0x7B, 0x7F, 0xA7, 0x16, 0xD4, 0x82,
+        0xA2, 0x5B, 0x54, 0x10, 0x6B, 0x3A, 0x8F, 0x54,
+        0xD3, 0xAA, 0x99, 0xB5, 0x12, 0x3D, 0xA9, 0x60,
+        0x66, 0x90, 0x45, 0x92, 0xF3, 0xA5, 0x4E, 0xE2,
+        0x3A, 0x79, 0x81, 0xAB, 0x60, 0x8A, 0x2F, 0x44,
+        0x13, 0xCC, 0x65, 0x89, 0x46, 0xC6, 0xD7, 0x78,
+        0x0E, 0xA7, 0x65, 0x64, 0x4B, 0x3C, 0xC0, 0x6C,
+        0x70, 0x03, 0x4A, 0xB4, 0xEB, 0x35, 0x19, 0x12,
+        0xE7, 0x71, 0x5B, 0x56, 0x75, 0x5D, 0x09, 0x02,
+        0x15, 0x71, 0xBF, 0x34, 0x0A, 0xB9, 0x25, 0x98,
+        0xA2, 0x4E, 0x81, 0x18, 0x93, 0x19, 0x5B, 0x96,
+        0xA1, 0x62, 0x9F, 0x80, 0x41, 0xF5, 0x86, 0x58,
+        0x43, 0x15, 0x61, 0xFC, 0x0A, 0xB1, 0x52, 0x92,
+        0xB9, 0x13, 0xEC, 0x47, 0x3F, 0x04, 0x47, 0x9B,
+        0xC1, 0x45, 0xCD, 0x4C, 0x56, 0x3A, 0x28, 0x62,
+        0x35, 0x64, 0x6C, 0xD3, 0x05, 0xA9, 0xBE, 0x10,
+        0x14, 0xE2, 0xC7, 0xB1, 0x30, 0xC3, 0x3E, 0xB7,
+        0x7C, 0xC4, 0xA0, 0xD9, 0x78, 0x6B, 0xD6, 0xBC,
+        0x2A, 0x95, 0x4B, 0xF3, 0x00, 0x57, 0x78, 0xF8,
+        0x91, 0x7C, 0xE1, 0x37, 0x89, 0xBB, 0xB9, 0x62,
+        0x80, 0x78, 0x58, 0xB6, 0x77, 0x31, 0x57, 0x2B,
+        0x6D, 0x3C, 0x9B, 0x4B, 0x52, 0x06, 0xFA, 0xC9,
+        0xA7, 0xC8, 0x96, 0x16, 0x98, 0xD8, 0x83, 0x24,
+        0xA9, 0x15, 0x18, 0x68, 0x99, 0xB2, 0x99, 0x23,
+        0xF0, 0x84, 0x42, 0xA3, 0xD3, 0x86, 0xBD, 0x41,
+        0x6B, 0xCC, 0x9A, 0x10, 0x01, 0x64, 0xC9, 0x30,
+        0xEC, 0x35, 0xEA, 0xFB, 0x6A, 0xB3, 0x58, 0x51,
+        0xB6, 0xC8, 0xCE, 0x63, 0x77, 0x36, 0x6A, 0x17,
+        0x5F, 0x3D, 0x75, 0x29, 0x8C, 0x51, 0x8D, 0x44,
+        0x89, 0x89, 0x33, 0xF5, 0x3D, 0xEE, 0x61, 0x71,
+        0x45, 0x09, 0x33, 0x79, 0xC4, 0x65, 0x9F, 0x68,
+        0x58, 0x3B, 0x2B, 0x28, 0x12, 0x26, 0x66, 0xBE,
+        0xC5, 0x78, 0x38, 0x99, 0x1F, 0xF1, 0x6C, 0x36,
+        0x8D, 0xD2, 0x2C, 0x36, 0xE7, 0x80, 0xC9, 0x1A,
+        0x35, 0x82, 0xE2, 0x5E, 0x19, 0x79, 0x4C, 0x6B,
+        0xF2, 0xAB, 0x42, 0x45, 0x8A, 0x8D, 0xD7, 0x70,
+        0x5D, 0xE2, 0xC2, 0xAA, 0x20, 0xC0, 0x54, 0xE8,
+        0x4B, 0x3E, 0xF3, 0x50, 0x32, 0x79, 0x86, 0x26,
+        0xC2, 0x48, 0x26, 0x32, 0x53, 0xA7, 0x1A, 0x11,
+        0x94, 0x35, 0x71, 0x34, 0x0A, 0x97, 0x8C, 0xD0,
+        0xA6, 0x02, 0xE4, 0x7D, 0xEE, 0x54, 0x0A, 0x88,
+        0x14, 0xBA, 0x06, 0xF3, 0x14, 0x14, 0x79, 0x7C,
+        0xDF, 0x60, 0x49, 0x58, 0x23, 0x61, 0xBB, 0xAB,
+        0xA3, 0x87, 0xA8, 0x3D, 0x89, 0x91, 0x3F, 0xE4,
+        0xC0, 0xC1, 0x12, 0xB9, 0x56, 0x21, 0xA4, 0xBD,
+        0xA8, 0x12, 0x3A, 0x14, 0xD1, 0xA8, 0x42, 0xFB,
+        0x57, 0xB8, 0x3A, 0x4F, 0xBA, 0xF3, 0x3A, 0x8E,
+        0x55, 0x22, 0x38, 0xA5, 0x96, 0xAA, 0xE7, 0xA1,
+        0x50, 0xD7, 0x5D, 0xA6, 0x48, 0xBC, 0x44, 0x64,
+        0x49, 0x77, 0xBA, 0x1F, 0x87, 0xA4, 0xC6, 0x8A,
+        0x8C, 0x4B, 0xD2, 0x45, 0xB7, 0xD0, 0x07, 0x21,
+        0xF7, 0xD6, 0x4E, 0x82, 0x2B, 0x08, 0x5B, 0x90,
+        0x13, 0x12, 0xEC, 0x37, 0xA8, 0x16, 0x98, 0x02,
+        0x16, 0x0C, 0xCE, 0x11, 0x60, 0xF0, 0x10, 0xBE,
+        0x8C, 0xBC, 0xAC, 0xE8, 0xE7, 0xB0, 0x05, 0xD7,
+        0x83, 0x92, 0x34, 0xA7, 0x07, 0x86, 0x83, 0x09,
+        0xD0, 0x37, 0x84, 0xB4, 0x27, 0x3B, 0x1C, 0x8A,
+        0x16, 0x01, 0x33, 0xED, 0x29, 0x81, 0x84, 0x70,
+        0x46, 0x25, 0xF2, 0x9C, 0xFA, 0x08, 0x6D, 0x13,
+        0x26, 0x3E, 0xE5, 0x89, 0x91, 0x23, 0xC5, 0x96,
+        0xBA, 0x78, 0x8E, 0x5C, 0x54, 0xA8, 0xE9, 0xBA,
+        0x82, 0x9B, 0x8A, 0x9D, 0x90, 0x4B, 0xC4, 0xBC,
+        0x0B, 0xBE, 0xA7, 0x6B, 0xC5, 0x3F, 0xF8, 0x11,
+        0x21, 0x45, 0x98, 0x47, 0x2C, 0x9C, 0x20, 0x2B,
+        0x73, 0xEF, 0xF0, 0x35, 0xDC, 0x09, 0x70, 0x3A,
+        0xF7, 0xBF, 0x1B, 0xAB, 0xAA, 0xC7, 0x31, 0x93,
+        0xCB, 0x46, 0x11, 0x7A, 0x7C, 0x94, 0x92, 0xA4,
+        0x3F, 0xC9, 0x57, 0x89, 0xA9, 0x24, 0xC5, 0x91,
+        0x27, 0x87, 0xB2, 0xE2, 0x09, 0x0E, 0xBB, 0xCF,
+        0xD3, 0x79, 0x62, 0x21, 0xF0, 0x6D, 0xEB, 0xF9,
+        0xCF, 0x70, 0xE0, 0x56, 0xB8, 0xB9, 0x16, 0x1D,
+        0x63, 0x47, 0xF4, 0x73, 0x35, 0xF3, 0xE1, 0x77,
+        0x6D, 0xA4, 0xBB, 0x87, 0xC1, 0x5C, 0xC8, 0x26,
+        0x14, 0x6F, 0xF0, 0x24, 0x9A, 0x41, 0x3B, 0x45,
+        0xAA, 0x93, 0xA8, 0x05, 0x19, 0x6E, 0xA4, 0x53,
+        0x11, 0x4B, 0x52, 0x4E, 0x31, 0x0A, 0xED, 0xAA,
+        0x46, 0xE3, 0xB9, 0x96, 0x42, 0x36, 0x87, 0x82,
+        0x56, 0x6D, 0x04, 0x9A, 0x72, 0x6D, 0x6C, 0xCA,
+        0x91, 0x09, 0x93, 0xAE, 0xD6, 0x21, 0xD0, 0x14,
+        0x9E, 0xA5, 0x88, 0xA9, 0xAB, 0xD9, 0x09, 0xDB,
+        0xB6, 0x9A, 0xA2, 0x28, 0x29, 0xD9, 0xB8, 0x3A,
+        0xDA, 0x22, 0x09, 0xA6, 0xC2, 0x65, 0x9F, 0x21,
+        0x69, 0xD6, 0x68, 0xB9, 0x31, 0x48, 0x42, 0xC6,
+        0xE2, 0x2A, 0x74, 0x95, 0x8B, 0x4C, 0x25, 0xBB,
+        0xDC, 0xD2, 0x93, 0xD9, 0x9C, 0xB6, 0x09, 0xD8,
+        0x66, 0x74, 0x9A, 0x48, 0x5D, 0xFB, 0x56, 0x02,
+        0x48, 0x83, 0xCF, 0x54, 0x65, 0xDB, 0xA0, 0x36,
+        0x32, 0x06, 0x58, 0x7F, 0x45, 0x59, 0x7F, 0x89,
+        0x00, 0x2F, 0xB8, 0x60, 0x72, 0x32, 0x13, 0x8E,
+        0x03, 0xB2, 0xA8, 0x94, 0x52, 0x5F, 0x26, 0x53,
+        0x70, 0x05, 0x4B, 0x48, 0x86, 0x36, 0x14, 0x47,
+        0x2B, 0x95, 0xD0, 0xA2, 0x30, 0x34, 0x42, 0xE3,
+        0x78, 0xB0, 0xDD, 0x1C, 0x75, 0xAC, 0xBA, 0xB9,
+        0x71, 0xA9, 0xA8, 0xD1, 0x28, 0x1C, 0x79, 0x61,
+        0x3A, 0xCE, 0xC6, 0x93, 0x3C, 0x37, 0x7B, 0x3C,
+        0x57, 0x8C, 0x2A, 0x61, 0xA1, 0xEC, 0x18, 0x1B,
+        0x10, 0x12, 0x97, 0xA3, 0x7C, 0xC5, 0x19, 0x7B,
+        0x29, 0x42, 0xF6, 0xA0, 0xE4, 0x70, 0x4C, 0x0E,
+        0xC6, 0x35, 0x40, 0x48, 0x1B, 0x9F, 0x15, 0x9D,
+        0xC2, 0x55, 0xB5, 0x9B, 0xB5, 0x5D, 0xF4, 0x96,
+        0xAE, 0x54, 0x21, 0x7B, 0x76, 0x89, 0xBD, 0x51,
+        0xDB, 0xA0, 0x38, 0x3A, 0x3D, 0x72, 0xD8, 0x52,
+        0xFF, 0xCA, 0x76, 0xDF, 0x05, 0xB6, 0x6E, 0xEC,
+        0xCB, 0xD4, 0x7B, 0xC5, 0x30, 0x40, 0x81, 0x76,
+        0x28, 0xC7, 0x1E, 0x36, 0x1D, 0x6A, 0xF8, 0x89,
+        0x08, 0x49, 0x16, 0xB4, 0x08, 0xA4, 0x66, 0xC9,
+        0x6E, 0x70, 0x86, 0xC4, 0xA6, 0x0A, 0x10, 0xFC,
+        0xF7, 0x53, 0x7B, 0xB9, 0x4A, 0xFB, 0xCC, 0x7D,
+        0x43, 0x75, 0x90, 0x91, 0x9C, 0x28, 0x65, 0x0C,
+        0x4F, 0x23, 0x68, 0x25, 0x92, 0x26, 0xA9, 0xBF,
+        0xDA, 0x3A, 0x3A, 0x0B, 0xA1, 0xB5, 0x08, 0x7D,
+        0x9D, 0x76, 0x44, 0x2F, 0xD7, 0x86, 0xC6, 0xF8,
+        0x1C, 0x68, 0xC0, 0x36, 0x0D, 0x71, 0x94, 0xD7,
+        0x07, 0x2C, 0x45, 0x33, 0xAE, 0xA8, 0x6C, 0x2D,
+        0x1F, 0x8C, 0x0A, 0x27, 0x69, 0x60, 0x66, 0xF6,
+        0xCF, 0xD1, 0x10, 0x03, 0xF7, 0x97, 0x27, 0x0B,
+        0x32, 0x38, 0x97, 0x13, 0xCF, 0xFA, 0x09, 0x3D,
+        0x99, 0x1B, 0x63, 0x84, 0x4C, 0x38, 0x5E, 0x72,
+        0x27, 0x7F, 0x16, 0x6F, 0x5A, 0x39, 0x34, 0xD6,
+        0xBB, 0x89, 0xA4, 0x78, 0x8D, 0xE2, 0x83, 0x21,
+        0xDE, 0xFC, 0x74, 0x57, 0xAB, 0x48, 0x4B, 0xD3,
+        0x09, 0x86, 0xDC, 0x1D, 0xAB, 0x30, 0x08, 0xCD,
+        0x7B, 0x22, 0xF6, 0x97, 0x02, 0xFA, 0xBB, 0x9A,
+        0x10, 0x45, 0x40, 0x7D, 0xA4, 0x79, 0x1C, 0x35,
+        0x90, 0xFF, 0x59, 0x9D, 0x81, 0xD6, 0x88, 0xCF,
+        0xA7, 0xCC, 0x12, 0xA6, 0x8C, 0x50, 0xF5, 0x1A,
+        0x10, 0x09, 0x41, 0x1B, 0x44, 0x85, 0x0F, 0x90,
+        0x15, 0xDC, 0x84, 0xA9, 0x3B, 0x17, 0xC7, 0xA2,
+        0x07, 0x55, 0x2C, 0x66, 0x1E, 0xA9, 0x83, 0x8E,
+        0x31, 0xB9, 0x5E, 0xAD, 0x54, 0x62, 0x48, 0xE5,
+        0x6B, 0xE7, 0xA5, 0x13, 0x05, 0x05, 0x26, 0x87,
+        0x71, 0x19, 0x98, 0x80, 0xA1, 0x41, 0x77, 0x1A,
+        0x9E, 0x47, 0xAC, 0xFE, 0xD5, 0x90, 0xCB, 0x3A,
+        0xA7, 0xCB, 0x7C, 0x5F, 0x74, 0x91, 0x1D, 0x89,
+        0x12, 0xC2, 0x9D, 0x62, 0x33, 0xF4, 0xD5, 0x3B,
+        0xC6, 0x41, 0x39, 0xE2, 0xF5, 0x5B, 0xE7, 0x55,
+        0x07, 0xDD, 0x77, 0x86, 0x8E, 0x38, 0x4A, 0xEC,
+        0x58, 0x1F, 0x3F, 0x41, 0x1D, 0xB1, 0xA7, 0x42,
+        0x97, 0x2D, 0x3E, 0xBF, 0xD3, 0x31, 0x5C, 0x84,
+        0xA5, 0xAD, 0x63, 0xA0, 0xE7, 0x5C, 0x8B, 0xCA,
+        0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF,
+        0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83
+    };
+    static const byte seed_1024[WC_ML_KEM_ENC_RAND_SZ] = {
+        0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA,
+        0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38,
+        0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B,
+        0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72
+    };
+    static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = {
+        0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5,
+        0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5,
+        0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2,
+        0x39, 0x50, 0xF9, 0x14, 0x7A, 0x47, 0x2E, 0xE5,
+        0x53, 0x39, 0x28, 0xA2, 0xF4, 0x6D, 0x59, 0x2F,
+        0x35, 0xDA, 0x8B, 0x4F, 0x75, 0x8C, 0x89, 0x3B,
+        0x0D, 0x7B, 0x98, 0x94, 0x8B, 0xE4, 0x47, 0xB1,
+        0x7C, 0xB2, 0xAE, 0x58, 0xAF, 0x8A, 0x48, 0x9D,
+        0xDD, 0x92, 0x32, 0xB9, 0x9B, 0x1C, 0x0D, 0x2D,
+        0xE7, 0x7C, 0xAA, 0x47, 0x2B, 0xC3, 0xBB, 0xD4,
+        0xA7, 0xC6, 0x0D, 0xBF, 0xDC, 0xA9, 0x2E, 0xBF,
+        0x3A, 0x1C, 0xE1, 0xC2, 0x2D, 0xAD, 0x13, 0xE8,
+        0x87, 0x00, 0x4E, 0x29, 0x24, 0xFD, 0x22, 0x65,
+        0x6F, 0x5E, 0x50, 0x87, 0x91, 0xDE, 0x06, 0xD8,
+        0x5E, 0x1A, 0x14, 0x26, 0x80, 0x8E, 0xD9, 0xA8,
+        0x9F, 0x6E, 0x2F, 0xD3, 0xC2, 0x45, 0xD4, 0x75,
+        0x8B, 0x22, 0xB0, 0x2C, 0xAD, 0xE3, 0x3B, 0x60,
+        0xFC, 0x88, 0x9A, 0x33, 0xFC, 0x44, 0x47, 0xED,
+        0xEB, 0xBF, 0xD4, 0x53, 0x0D, 0xE8, 0x65, 0x96,
+        0xA3, 0x37, 0x89, 0xD5, 0xDB, 0xA6, 0xE6, 0xEC,
+        0x9F, 0x89, 0x87, 0x9A, 0xF4, 0xBE, 0x49, 0x09,
+        0xA6, 0x90, 0x17, 0xC9, 0xBB, 0x7A, 0x5E, 0x31,
+        0x81, 0x5E, 0xA5, 0xF1, 0x32, 0xEE, 0xC4, 0x98,
+        0x4F, 0xAA, 0x7C, 0xCF, 0x59, 0x4D, 0xD0, 0x0D,
+        0x4D, 0x84, 0x87, 0xE4, 0x56, 0x21, 0xAF, 0x8F,
+        0x6E, 0x33, 0x05, 0x51, 0x43, 0x9C, 0x93, 0xEC,
+        0x07, 0x8A, 0x7A, 0x3C, 0xC1, 0x59, 0x4A, 0xF9,
+        0x1F, 0x84, 0x17, 0x37, 0x5F, 0xD6, 0x08, 0x8C,
+        0xEB, 0x5E, 0x85, 0xC6, 0x70, 0x99, 0x09, 0x1B,
+        0xAC, 0x11, 0x49, 0x8A, 0x0D, 0x71, 0x14, 0x55,
+        0xF5, 0xE0, 0xD9, 0x5C, 0xD7, 0xBB, 0xE5, 0xCD,
+        0xD8, 0xFE, 0xCB, 0x31, 0x9E, 0x68, 0x53, 0xC2,
+        0x3C, 0x9B, 0xE2, 0xC7, 0x63, 0xDF, 0x57, 0x86,
+        0x66, 0xC4, 0x0A, 0x40, 0xA8, 0x74, 0x86, 0xE4,
+        0x6B, 0xA8, 0x71, 0x61, 0x46, 0x19, 0x29, 0x04,
+        0x51, 0x0A, 0x6D, 0xC5, 0x9D, 0xA8, 0x02, 0x58,
+        0x25, 0x28, 0x3D, 0x68, 0x4D, 0xB9, 0x14, 0x10,
+        0xB4, 0xF1, 0x2C, 0x6D, 0x8F, 0xBD, 0x0A, 0xDD,
+        0x75, 0xD3, 0x09, 0x89, 0x18, 0xCB, 0x04, 0xAC,
+        0x7B, 0xC4, 0xDB, 0x0D, 0x6B, 0xCD, 0xF1, 0x19,
+        0x4D, 0xD8, 0x62, 0x92, 0xE0, 0x5B, 0x7B, 0x86,
+        0x30, 0x62, 0x5B, 0x58, 0x9C, 0xC5, 0x09, 0xD2,
+        0x15, 0xBB, 0xD0, 0x6A, 0x2E, 0x7C, 0x66, 0xF4,
+        0x24, 0xCD, 0xF8, 0xC4, 0x0A, 0xC6, 0xC1, 0xE5,
+        0xAE, 0x6C, 0x96, 0x4B, 0x7D, 0x9E, 0x92, 0xF9,
+        0x5F, 0xC5, 0xC8, 0x85, 0x22, 0x81, 0x62, 0x8B,
+        0x81, 0xB9, 0xAF, 0xAB, 0xC7, 0xF0, 0x3B, 0xE3,
+        0xF6, 0x2E, 0x80, 0x47, 0xBB, 0x88, 0xD0, 0x1C,
+        0x68, 0x68, 0x7B, 0x8D, 0xD4, 0xFE, 0x63, 0x82,
+        0x00, 0x62, 0xB6, 0x78, 0x8A, 0x53, 0x72, 0x90,
+        0x53, 0x82, 0x6E, 0xD3, 0xB7, 0xC7, 0xEF, 0x82,
+        0x41, 0xE1, 0x9C, 0x85, 0x11, 0x7B, 0x3C, 0x53,
+        0x41, 0x88, 0x1D, 0x4F, 0x29, 0x9E, 0x50, 0x37,
+        0x4C, 0x8E, 0xEF, 0xD5, 0x56, 0x0B, 0xD1, 0x83,
+        0x19, 0xA7, 0x96, 0x3A, 0x3D, 0x02, 0xF0, 0xFB,
+        0xE8, 0x4B, 0xC4, 0x84, 0xB5, 0xA4, 0x01, 0x8B,
+        0x97, 0xD2, 0x74, 0x19, 0x1C, 0x95, 0xF7, 0x02,
+        0xBA, 0xB9, 0xB0, 0xD1, 0x05, 0xFA, 0xF9, 0xFD,
+        0xCF, 0xF9, 0x7E, 0x43, 0x72, 0x36, 0x56, 0x75,
+        0x99, 0xFA, 0xF7, 0x3B, 0x07, 0x5D, 0x40, 0x61,
+        0x04, 0xD4, 0x03, 0xCD, 0xF8, 0x12, 0x24, 0xDA,
+        0x59, 0x0B, 0xEC, 0x28, 0x97, 0xE3, 0x01, 0x09,
+        0xE1, 0xF2, 0xE5, 0xAE, 0x46, 0x10, 0xC8, 0x09,
+        0xA7, 0x3F, 0x63, 0x8C, 0x84, 0x21, 0x0B, 0x34,
+        0x47, 0xA7, 0xC8, 0xB6, 0xDD, 0xDB, 0x5A, 0xE2,
+        0x00, 0xBF, 0x20, 0xE2, 0xFE, 0x4D, 0x4B, 0xA6,
+        0xC6, 0xB1, 0x27, 0x67, 0xFB, 0x87, 0x60, 0xF6,
+        0x6C, 0x51, 0x18, 0xE7, 0xA9, 0x93, 0x5B, 0x41,
+        0xC9, 0xA4, 0x71, 0xA1, 0xD3, 0x23, 0x76, 0x88,
+        0xC1, 0xE6, 0x18, 0xCC, 0x3B, 0xE9, 0x36, 0xAA,
+        0x3F, 0x5E, 0x44, 0xE0, 0x86, 0x82, 0x0B, 0x81,
+        0x0E, 0x06, 0x32, 0x11, 0xFC, 0x21, 0xC4, 0x04,
+        0x4B, 0x3A, 0xC4, 0xD0, 0x0D, 0xF1, 0xBC, 0xC7,
+        0xB2, 0x4D, 0xC0, 0x7B, 0xA4, 0x8B, 0x23, 0xB0,
+        0xFC, 0x12, 0xA3, 0xED, 0x3D, 0x0A, 0x5C, 0xF7,
+        0x67, 0x14, 0x15, 0xAB, 0x9C, 0xF2, 0x12, 0x86,
+        0xFE, 0x63, 0xFB, 0x41, 0x41, 0x85, 0x70, 0x55,
+        0x5D, 0x47, 0x39, 0xB8, 0x81, 0x04, 0xA8, 0x59,
+        0x3F, 0x29, 0x30, 0x25, 0xA4, 0xE3, 0xEE, 0x7C,
+        0x67, 0xE4, 0xB4, 0x8E, 0x40, 0xF6, 0xBA, 0x8C,
+        0x09, 0x86, 0x0C, 0x3F, 0xBB, 0xE5, 0x5D, 0x45,
+        0xB4, 0x5F, 0xC9, 0xAB, 0x62, 0x9B, 0x17, 0xC2,
+        0x76, 0xC9, 0xC9, 0xE2, 0xAF, 0x3A, 0x04, 0x3B,
+        0xEA, 0xFC, 0x18, 0xFD, 0x4F, 0x25, 0xEE, 0x7F,
+        0x83, 0xBD, 0xDC, 0xD2, 0xD9, 0x39, 0x14, 0xB7,
+        0xED, 0x4F, 0x7C, 0x9A, 0xF1, 0x27, 0xF3, 0xF1,
+        0x5C, 0x27, 0x7B, 0xE1, 0x65, 0x51, 0xFE, 0xF3,
+        0xAE, 0x03, 0xD7, 0xB9, 0x14, 0x3F, 0x0C, 0x9C,
+        0x01, 0x9A, 0xB9, 0x7E, 0xEA, 0x07, 0x63, 0x66,
+        0x13, 0x1F, 0x51, 0x83, 0x63, 0x71, 0x1B, 0x34,
+        0xE9, 0x6D, 0x3F, 0x8A, 0x51, 0x3F, 0x3E, 0x20,
+        0xB1, 0xD4, 0x52, 0xC4, 0xB7, 0xAE, 0x3B, 0x97,
+        0x5E, 0xA9, 0x4D, 0x88, 0x0D, 0xAC, 0x66, 0x93,
+        0x39, 0x97, 0x50, 0xD0, 0x22, 0x20, 0x40, 0x3F,
+        0x0D, 0x3E, 0x3F, 0xC1, 0x17, 0x2A, 0x4D, 0xE9,
+        0xDC, 0x28, 0x0E, 0xAF, 0x0F, 0xEE, 0x28, 0x83,
+        0xA6, 0x66, 0x0B, 0xF5, 0xA3, 0xD2, 0x46, 0xFF,
+        0x41, 0xD2, 0x1B, 0x36, 0xEA, 0x52, 0x1C, 0xF7,
+        0xAA, 0x68, 0x9F, 0x80, 0x0D, 0x0F, 0x86, 0xF4,
+        0xFA, 0x10, 0x57, 0xD8, 0xA1, 0x3F, 0x9D, 0xA8,
+        0xFF, 0xFD, 0x0D, 0xC1, 0xFA, 0xD3, 0xC0, 0x4B,
+        0xB1, 0xCC, 0xCB, 0x7C, 0x83, 0x4D, 0xB0, 0x51,
+        0xA7, 0xAC, 0x2E, 0x4C, 0x60, 0x30, 0x19, 0x96,
+        0xC9, 0x30, 0x71, 0xEA, 0x41, 0x6B, 0x42, 0x17,
+        0x59, 0x93, 0x56, 0x59, 0xCF, 0x62, 0xCA, 0x5F,
+        0x13, 0xAE, 0x07, 0xC3, 0xB1, 0x95, 0xC1, 0x48,
+        0x15, 0x9D, 0x8B, 0xEB, 0x03, 0xD4, 0x40, 0xB0,
+        0x0F, 0x53, 0x05, 0x76, 0x5F, 0x20, 0xC0, 0xC4,
+        0x6E, 0xEE, 0x59, 0xC6, 0xD1, 0x62, 0x06, 0x40,
+        0x2D, 0xB1, 0xC7, 0x15, 0xE8, 0x88, 0xBD, 0xE5,
+        0x9C, 0x78, 0x1F, 0x35, 0xA7, 0xCC, 0x7C, 0x1C,
+        0x5E, 0xCB, 0x21, 0x55, 0xAE, 0x3E, 0x95, 0x9C,
+        0x09, 0x64, 0xCC, 0x1E, 0xF8, 0xD7, 0xC6, 0x9D,
+        0x14, 0x58, 0xA9, 0xA4, 0x2F, 0x95, 0xF4, 0xC6,
+        0xB5, 0xB9, 0x96, 0x34, 0x57, 0x12, 0xAA, 0x29,
+        0x0F, 0xBB, 0xF7, 0xDF, 0xD4, 0xA6, 0xE8, 0x64,
+        0x63, 0x02, 0x2A, 0x3F, 0x47, 0x25, 0xF6, 0x51,
+        0x1B, 0xF7, 0xEA, 0x5E, 0x95, 0xC7, 0x07, 0xCD,
+        0x35, 0x73, 0x60, 0x9A, 0xAD, 0xEA, 0xF5, 0x40,
+        0x15, 0x2C, 0x49, 0x5F, 0x37, 0xFE, 0x6E, 0xC8,
+        0xBB, 0x9F, 0xA2, 0xAA, 0x61, 0xD1, 0x57, 0x35,
+        0x93, 0x4F, 0x47, 0x37, 0x92, 0x8F, 0xDE, 0x90,
+        0xBA, 0x99, 0x57, 0x22, 0x46, 0x5D, 0x4A, 0x64,
+        0x50, 0x5A, 0x52, 0x01, 0xF0, 0x7A, 0xA5, 0x8C,
+        0xFD, 0x8A, 0xE2, 0x26, 0xE0, 0x20, 0x70, 0xB2,
+        0xDB, 0xF5, 0x12, 0xB9, 0x75, 0x31, 0x9A, 0x7E,
+        0x87, 0x53, 0xB4, 0xFD, 0xAE, 0x0E, 0xB4, 0x92,
+        0x28, 0x69, 0xCC, 0x8E, 0x25, 0xC4, 0xA5, 0x56,
+        0x0C, 0x2A, 0x06, 0x85, 0xDE, 0x3A, 0xC3, 0x92,
+        0xA8, 0x92, 0x5B, 0xA8, 0x82, 0x00, 0x48, 0x94,
+        0x74, 0x2E, 0x43, 0xCC, 0xFC, 0x27, 0x74, 0x39,
+        0xEC, 0x80, 0x50, 0xA9, 0xAE, 0xB4, 0x29, 0x32,
+        0xE0, 0x1C, 0x84, 0x0D, 0xFC, 0xED, 0xCC, 0x34,
+        0xD3, 0x99, 0x12, 0x89, 0xA6, 0x2C, 0x17, 0xD1,
+        0x28, 0x4C, 0x83, 0x95, 0x14, 0xB9, 0x33, 0x51,
+        0xDB, 0xB2, 0xDD, 0xA8, 0x1F, 0x92, 0x45, 0x65,
+        0xD7, 0x0E, 0x70, 0x79, 0xD5, 0xB8, 0x12, 0x6C,
+        0xAA, 0xB7, 0xA4, 0xA1, 0xC7, 0x31, 0x65, 0x5A,
+        0x53, 0xBC, 0xC0, 0x9F, 0x5D, 0x63, 0xEC, 0x90,
+        0x86, 0xDE, 0xA6, 0x50, 0x05, 0x59, 0x85, 0xED,
+        0xFA, 0x82, 0x97, 0xD9, 0xC9, 0x54, 0x10, 0xC5,
+        0xD1, 0x89, 0x4D, 0x17, 0xD5, 0x93, 0x05, 0x49,
+        0xAD, 0xBC, 0x2B, 0x87, 0x33, 0xC9, 0x9F, 0xE6,
+        0x2E, 0x17, 0xC4, 0xDE, 0x34, 0xA5, 0xD8, 0x9B,
+        0x12, 0xD1, 0x8E, 0x42, 0xA4, 0x22, 0xD2, 0xCE,
+        0x77, 0x9C, 0x2C, 0x28, 0xEB, 0x2D, 0x98, 0x00,
+        0x3D, 0x5C, 0xD3, 0x23, 0xFC, 0xBE, 0xCF, 0x02,
+        0xB5, 0x06, 0x6E, 0x0E, 0x73, 0x48, 0x10, 0xF0,
+        0x9E, 0xD8, 0x90, 0x13, 0xC0, 0x0F, 0x01, 0x1B,
+        0xD2, 0x20, 0xF2, 0xE5, 0xD6, 0xA3, 0x62, 0xDF,
+        0x90, 0x59, 0x91, 0x98, 0xA0, 0x93, 0xB0, 0x3C,
+        0x8D, 0x8E, 0xFB, 0xFE, 0x0B, 0x61, 0x75, 0x92,
+        0xFA, 0xF1, 0xE6, 0x42, 0x20, 0xC4, 0x44, 0x0B,
+        0x53, 0xFF, 0xB4, 0x71, 0x64, 0xF3, 0x69, 0xC9,
+        0x52, 0x90, 0xBA, 0x9F, 0x31, 0x08, 0xD6, 0x86,
+        0xC5, 0x7D, 0xB6, 0x45, 0xC5, 0x3C, 0x01, 0x2E,
+        0x57, 0xAF, 0x25, 0xBD, 0x66, 0x93, 0xE2, 0xCC,
+        0x6B, 0x57, 0x65, 0x1A, 0xF1, 0x59, 0x1F, 0xE5,
+        0xD8, 0x91, 0x66, 0x40, 0xEC, 0x01, 0x7C, 0x25,
+        0x3D, 0xF0, 0x60, 0x6B, 0xB6, 0xB3, 0x03, 0x5F,
+        0xAE, 0x74, 0x8F, 0x3D, 0x40, 0x34, 0x22, 0x3B,
+        0x1B, 0x5E, 0xFB, 0xF5, 0x28, 0x3E, 0x77, 0x8C,
+        0x10, 0x94, 0x29, 0x1C, 0xF7, 0xB1, 0x9B, 0xE0,
+        0xF3, 0x17, 0x35, 0x0E, 0x6F, 0x85, 0x18, 0xFD,
+        0xE0, 0xEF, 0xB1, 0x38, 0x1F, 0xB6, 0xE1, 0x6C,
+        0x24, 0x1F, 0x7F, 0x17, 0xA5, 0x21, 0x06, 0x93,
+        0xA2, 0x74, 0x15, 0x9E, 0x7F, 0xAC, 0x86, 0x8C,
+        0xD0, 0xDC, 0x43, 0x59, 0xC3, 0xD9, 0xEE, 0xFE,
+        0xA0, 0xD9, 0xE3, 0x1E, 0x43, 0xFA, 0x65, 0x13,
+        0x92, 0xC6, 0x5A, 0x54, 0x3A, 0x59, 0xB3, 0xEE,
+        0xE3, 0xA6, 0x39, 0xDC, 0x94, 0x17, 0xD0, 0x56,
+        0xA5, 0xFF, 0x0F, 0x16, 0x0B, 0xEE, 0xE2, 0xEA,
+        0xC2, 0x9A, 0x7D, 0x88, 0xC0, 0x98, 0x2C, 0xF7,
+        0x0B, 0x5A, 0x46, 0x37, 0x9F, 0x21, 0xE5, 0x06,
+        0xAA, 0xC6, 0x1A, 0x9B, 0xB1, 0xB8, 0xC2, 0xB9,
+        0xDA, 0xB0, 0xE4, 0x4A, 0x82, 0x3B, 0x61, 0xD0,
+        0xAA, 0x11, 0xD9, 0x4F, 0x76, 0xA4, 0xA8, 0xE2,
+        0x1F, 0x9D, 0x42, 0x80, 0x68, 0x32, 0x08, 0xF4,
+        0xEA, 0x91, 0x11, 0x16, 0xF6, 0xFD, 0x6A, 0x97,
+        0x42, 0x69, 0x34, 0xEC, 0x34, 0x26, 0xB8, 0xC8,
+        0xF7, 0x03, 0xDA, 0x85, 0xE9, 0xDC, 0xF9, 0x93,
+        0x36, 0x13, 0x60, 0x03, 0x72, 0x8B, 0x8E, 0xCD,
+        0xD0, 0x4A, 0x38, 0x9F, 0x6A, 0x81, 0x7A, 0x78,
+        0xBF, 0xA6, 0x1B, 0xA4, 0x60, 0x20, 0xBF, 0x3C,
+        0x34, 0x82, 0x95, 0x08, 0xF9, 0xD0, 0x6D, 0x15,
+        0x53, 0xCD, 0x98, 0x7A, 0xAC, 0x38, 0x0D, 0x86,
+        0xF1, 0x68, 0x84, 0x3B, 0xA3, 0x90, 0x4D, 0xE5,
+        0xF7, 0x05, 0x8A, 0x41, 0xB4, 0xCD, 0x38, 0x8B,
+        0xC9, 0xCE, 0x3A, 0xBA, 0x7E, 0xE7, 0x13, 0x9B,
+        0x7F, 0xC9, 0xE5, 0xB8, 0xCF, 0xAA, 0xA3, 0x89,
+        0x90, 0xBD, 0x4A, 0x5D, 0xB3, 0x2E, 0x26, 0x13,
+        0xE7, 0xEC, 0x4F, 0x5F, 0x8B, 0x12, 0x92, 0xA3,
+        0x8C, 0x6F, 0x4F, 0xF5, 0xA4, 0x04, 0x90, 0xD7,
+        0x6B, 0x12, 0x66, 0x52, 0xFC, 0xF8, 0x6E, 0x24,
+        0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02,
+        0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C
+    };
+    static const byte k_1024[WC_ML_KEM_SS_SZ] = {
+        0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48,
+        0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F,
+        0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69,
+        0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3
+    };
+#endif
+    static byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
+    static byte ss[WC_ML_KEM_SS_SZ];
+
+    key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(KyberKey));
+    }
+
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0);
+    ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_512,
+        sizeof(seed_512)), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_512, WC_ML_KEM_512_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_512, WC_ML_KEM_SS_SZ), 0);
+    wc_KyberKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0);
+    ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_768,
+        sizeof(seed_768)), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_768, WC_ML_KEM_768_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_768, WC_ML_KEM_SS_SZ), 0);
+    wc_KyberKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0);
+    ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_1024,
+        sizeof(seed_1024)), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_1024, WC_ML_KEM_1024_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_1024, WC_ML_KEM_SS_SZ), 0);
+    wc_KyberKey_Free(key);
+#endif
+
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_mlkem_decapsulate_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
+    !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+    KyberKey* key;
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = {
+        0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16,
+        0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6,
+        0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E,
+        0xA4, 0xE3, 0xAD, 0x8F, 0x26, 0x7A, 0x9C, 0x44,
+        0x20, 0x10, 0xD3, 0x2E, 0x61, 0xF8, 0x3E, 0x6B,
+        0xFA, 0x5C, 0x58, 0x70, 0x61, 0x45, 0x37, 0x6D,
+        0xBB, 0x84, 0x95, 0x28, 0xF6, 0x80, 0x07, 0xC8,
+        0x22, 0xB3, 0x3A, 0x95, 0xB8, 0x49, 0x04, 0xDC,
+        0xD2, 0x70, 0x8D, 0x03, 0x40, 0xC8, 0xB8, 0x08,
+        0xBC, 0xD3, 0xAA, 0xD0, 0xE4, 0x8B, 0x85, 0x84,
+        0x95, 0x83, 0xA1, 0xB4, 0xE5, 0x94, 0x5D, 0xD9,
+        0x51, 0x4A, 0x7F, 0x64, 0x61, 0xE0, 0x57, 0xB7,
+        0xEC, 0xF6, 0x19, 0x57, 0xE9, 0x7C, 0xF6, 0x28,
+        0x15, 0xF9, 0xC3, 0x22, 0x94, 0xB3, 0x26, 0xE1,
+        0xA1, 0xC4, 0xE3, 0x60, 0xB9, 0x49, 0x8B, 0xA8,
+        0x0F, 0x8C, 0xA9, 0x15, 0x32, 0xB1, 0x71, 0xD0,
+        0xAE, 0xFC, 0x48, 0x49, 0xFA, 0x53, 0xBC, 0x61,
+        0x79, 0x32, 0xE2, 0x08, 0xA6, 0x77, 0xC6, 0x04,
+        0x4A, 0x66, 0x00, 0xB8, 0xD8, 0xB8, 0x3F, 0x26,
+        0xA7, 0x47, 0xB1, 0x8C, 0xFB, 0x78, 0xBE, 0xAF,
+        0xC5, 0x51, 0xAD, 0x52, 0xB7, 0xCA, 0x6C, 0xB8,
+        0x8F, 0x3B, 0x5D, 0x9C, 0xE2, 0xAF, 0x6C, 0x67,
+        0x95, 0x6C, 0x47, 0x8C, 0xEF, 0x49, 0x1F, 0x59,
+        0xE0, 0x19, 0x1B, 0x3B, 0xBE, 0x92, 0x9B, 0x94,
+        0xB6, 0x66, 0xC1, 0x76, 0x13, 0x8B, 0x00, 0xF4,
+        0x97, 0x24, 0x34, 0x1E, 0xE2, 0xE1, 0x64, 0xB9,
+        0x4C, 0x05, 0x3C, 0x18, 0x5A, 0x51, 0xF9, 0x3E,
+        0x00, 0xF3, 0x68, 0x61, 0x61, 0x3A, 0x7F, 0xD7,
+        0x2F, 0xEB, 0xD2, 0x3A, 0x8B, 0x96, 0xA2, 0x60,
+        0x23, 0x42, 0x39, 0xC9, 0x62, 0x8F, 0x99, 0x5D,
+        0xC1, 0x38, 0x07, 0xB4, 0x3A, 0x69, 0x46, 0x81,
+        0x67, 0xCB, 0x1A, 0x8F, 0x9D, 0xD0, 0x7E, 0xE3,
+        0xB3, 0x32, 0x38, 0xF6, 0x30, 0x96, 0xEB, 0xC4,
+        0x9D, 0x50, 0x51, 0xC4, 0xB6, 0x59, 0x63, 0xD7,
+        0x4A, 0x47, 0x66, 0xC2, 0x26, 0xF0, 0xB9, 0x4F,
+        0x18, 0x62, 0xC2, 0x12, 0x4C, 0x8C, 0x74, 0x97,
+        0x48, 0xC0, 0xBC, 0x4D, 0xC1, 0x4C, 0xB3, 0x49,
+        0x06, 0xB8, 0x1C, 0x55, 0x24, 0xFB, 0x81, 0x00,
+        0x79, 0x85, 0x42, 0xDC, 0x6C, 0xC2, 0xAA, 0x0A,
+        0x70, 0x85, 0x75, 0xEA, 0xBC, 0xC1, 0x1F, 0x96,
+        0xA9, 0xE6, 0x1C, 0x01, 0x7A, 0x96, 0xA7, 0xCE,
+        0x93, 0xC4, 0x20, 0x91, 0x73, 0x71, 0x13, 0xAE,
+        0x78, 0x3C, 0x0A, 0xE8, 0x75, 0x5E, 0x59, 0x41,
+        0x11, 0xED, 0xFA, 0xBF, 0xD8, 0x6C, 0x32, 0x12,
+        0xC6, 0x12, 0xA7, 0xB6, 0x2A, 0xFD, 0x3C, 0x7A,
+        0x5C, 0x78, 0xB2, 0xF0, 0x73, 0x44, 0xB7, 0x89,
+        0xC2, 0xB2, 0xDB, 0xB5, 0xF4, 0x44, 0x8B, 0xE9,
+        0x7B, 0xBA, 0x42, 0x33, 0xC0, 0x03, 0x9C, 0x0F,
+        0xE8, 0x43, 0x00, 0xF9, 0xB0, 0x3A, 0xC9, 0x94,
+        0x97, 0xE6, 0xD4, 0x6B, 0x6E, 0x95, 0x30, 0x8F,
+        0xF8, 0x47, 0x90, 0xF6, 0x12, 0xCF, 0x18, 0x6E,
+        0xC1, 0x68, 0x11, 0xE8, 0x0C, 0x17, 0x93, 0x16,
+        0xA6, 0x3B, 0x25, 0x70, 0x3F, 0x60, 0xB8, 0x42,
+        0xB6, 0x19, 0x07, 0xE6, 0x28, 0x94, 0xE7, 0x36,
+        0x64, 0x7B, 0x3C, 0x09, 0xDA, 0x6F, 0xEC, 0x59,
+        0x32, 0x78, 0x2B, 0x36, 0xE0, 0x63, 0x50, 0x85,
+        0xA3, 0x94, 0x9E, 0x69, 0x4D, 0x7E, 0x17, 0xCB,
+        0xA3, 0xD9, 0x06, 0x43, 0x30, 0x43, 0x8C, 0x07,
+        0x1B, 0x58, 0x36, 0xA7, 0x70, 0xC5, 0x5F, 0x62,
+        0x13, 0xCC, 0x14, 0x25, 0x84, 0x5D, 0xE5, 0xA3,
+        0x34, 0xD7, 0x5D, 0x3E, 0x50, 0x58, 0xC7, 0x80,
+        0x9F, 0xDA, 0x4B, 0xCD, 0x78, 0x19, 0x1D, 0xA9,
+        0x79, 0x73, 0x25, 0xE6, 0x23, 0x6C, 0x26, 0x50,
+        0xFC, 0x60, 0x4E, 0xE4, 0x3A, 0x83, 0xCE, 0xB3,
+        0x49, 0x80, 0x08, 0x44, 0x03, 0xA3, 0x32, 0x59,
+        0x85, 0x79, 0x07, 0x79, 0x9A, 0x9D, 0x2A, 0x71,
+        0x3A, 0x63, 0x3B, 0x5C, 0x90, 0x47, 0x27, 0xF6,
+        0x1E, 0x42, 0x52, 0x09, 0x91, 0xD6, 0x55, 0x70,
+        0x5C, 0xB6, 0xBC, 0x1B, 0x74, 0xAF, 0x60, 0x71,
+        0x3E, 0xF8, 0x71, 0x2F, 0x14, 0x08, 0x68, 0x69,
+        0xBE, 0x8E, 0xB2, 0x97, 0xD2, 0x28, 0xB3, 0x25,
+        0xA0, 0x60, 0x9F, 0xD6, 0x15, 0xEA, 0xB7, 0x08,
+        0x15, 0x40, 0xA6, 0x1A, 0x82, 0xAB, 0xF4, 0x3B,
+        0x7D, 0xF9, 0x8A, 0x59, 0x5B, 0xE1, 0x1F, 0x41,
+        0x6B, 0x41, 0xE1, 0xEB, 0x75, 0xBB, 0x57, 0x97,
+        0x7C, 0x25, 0xC6, 0x4E, 0x97, 0x43, 0x7D, 0x88,
+        0xCA, 0x5F, 0xDA, 0x61, 0x59, 0xD6, 0x68, 0xF6,
+        0xBA, 0xB8, 0x15, 0x75, 0x55, 0xB5, 0xD5, 0x4C,
+        0x0F, 0x47, 0xCB, 0xCD, 0x16, 0x84, 0x3B, 0x1A,
+        0x0A, 0x0F, 0x02, 0x10, 0xEE, 0x31, 0x03, 0x13,
+        0x96, 0x7F, 0x3D, 0x51, 0x64, 0x99, 0x01, 0x8F,
+        0xDF, 0x31, 0x14, 0x77, 0x24, 0x70, 0xA1, 0x88,
+        0x9C, 0xC0, 0x6C, 0xB6, 0xB6, 0x69, 0x0A, 0xC3,
+        0x1A, 0xBC, 0xFA, 0xF4, 0xBC, 0x70, 0x76, 0x84,
+        0x54, 0x5B, 0x00, 0x0B, 0x58, 0x0C, 0xCB, 0xFC,
+        0xBC, 0xE9, 0xFA, 0x70, 0xAA, 0xEA, 0x0B, 0xBD,
+        0x91, 0x10, 0x99, 0x2A, 0x7C, 0x6C, 0x06, 0xCB,
+        0x36, 0x85, 0x27, 0xFD, 0x22, 0x90, 0x90, 0x75,
+        0x7E, 0x6F, 0xE7, 0x57, 0x05, 0xFA, 0x59, 0x2A,
+        0x76, 0x08, 0xF0, 0x50, 0xC6, 0xF8, 0x87, 0x03,
+        0xCC, 0x28, 0xCB, 0x00, 0x0C, 0x1D, 0x7E, 0x77,
+        0xB8, 0x97, 0xB7, 0x2C, 0x62, 0xBC, 0xC7, 0xAE,
+        0xA2, 0x1A, 0x57, 0x72, 0x94, 0x83, 0xD2, 0x21,
+        0x18, 0x32, 0xBE, 0xD6, 0x12, 0x43, 0x0C, 0x98,
+        0x31, 0x03, 0xC6, 0x9E, 0x8C, 0x07, 0x2C, 0x0E,
+        0xA7, 0x89, 0x8F, 0x22, 0x83, 0xBE, 0xC4, 0x8C,
+        0x5A, 0xC8, 0x19, 0x84, 0xD4, 0xA5, 0xA8, 0x36,
+        0x19, 0x73, 0x5A, 0x84, 0x2B, 0xD1, 0x72, 0xC0,
+        0xD1, 0xB3, 0x9F, 0x43, 0x58, 0x8A, 0xF1, 0x70,
+        0x45, 0x8B, 0xA9, 0xEE, 0x74, 0x92, 0xEA, 0xAA,
+        0x94, 0xEA, 0x53, 0xA4, 0xD3, 0x84, 0x98, 0xEC,
+        0xBB, 0x98, 0xA5, 0xF4, 0x07, 0xE7, 0xC9, 0x7B,
+        0x4E, 0x16, 0x6E, 0x39, 0x71, 0x92, 0xC2, 0x16,
+        0x03, 0x30, 0x14, 0xB8, 0x78, 0xE9, 0x38, 0x07,
+        0x5C, 0x6C, 0x1F, 0x10, 0xA0, 0x06, 0x5A, 0xBC,
+        0x31, 0x63, 0x72, 0x2F, 0x1A, 0x2E, 0xFF, 0xEC,
+        0x8D, 0x6E, 0x3A, 0x0C, 0x4F, 0x71, 0x74, 0xFC,
+        0x16, 0xB7, 0x9F, 0xB5, 0x18, 0x6A, 0x75, 0x16,
+        0x8F, 0x81, 0xA5, 0x6A, 0xA4, 0x8A, 0x20, 0xA0,
+        0x4B, 0xDD, 0xF1, 0x82, 0xC6, 0xE1, 0x79, 0xC3,
+        0xF6, 0x90, 0x61, 0x55, 0x5E, 0xF7, 0x39, 0x6D,
+        0xD0, 0xB7, 0x49, 0x96, 0x01, 0xA6, 0xEB, 0x3A,
+        0x96, 0xA9, 0xA2, 0x2D, 0x04, 0xF1, 0x16, 0x8D,
+        0xB5, 0x63, 0x55, 0xB0, 0x76, 0x00, 0xA2, 0x03,
+        0x70, 0x63, 0x7B, 0x64, 0x59, 0x76, 0xBB, 0xD9,
+        0x7B, 0x6D, 0x62, 0x88, 0xA0, 0xD3, 0x03, 0x63,
+        0x60, 0x47, 0x2E, 0x3A, 0xC7, 0x1D, 0x56, 0x6D,
+        0xB8, 0xFB, 0xB1, 0xB1, 0xD7, 0x6C, 0xB7, 0x55,
+        0xCD, 0x0D, 0x68, 0xBD, 0xBF, 0xC0, 0x48, 0xEB,
+        0xA2, 0x52, 0x5E, 0xEA, 0x9D, 0xD5, 0xB1, 0x44,
+        0xFB, 0x3B, 0x60, 0xFB, 0xC3, 0x42, 0x39, 0x32,
+        0x0C, 0xBC, 0x06, 0x9B, 0x35, 0xAB, 0x16, 0xB8,
+        0x75, 0x65, 0x36, 0xFB, 0x33, 0xE8, 0xA6, 0xAF,
+        0x1D, 0xD4, 0x2C, 0x79, 0xF4, 0x8A, 0xD1, 0x20,
+        0xAE, 0x4B, 0x15, 0x9D, 0x3D, 0x8C, 0x31, 0x90,
+        0x60, 0xCC, 0xE5, 0x69, 0xC3, 0xF6, 0x03, 0x53,
+        0x65, 0x58, 0x5D, 0x34, 0x41, 0x37, 0x95, 0xA6,
+        0xA1, 0x8E, 0xC5, 0x13, 0x6A, 0xB1, 0x3C, 0x90,
+        0xE3, 0xAF, 0x14, 0xC0, 0xB8, 0xA4, 0x64, 0xC8,
+        0x6B, 0x90, 0x73, 0x22, 0x2B, 0x56, 0xB3, 0xF7,
+        0x32, 0x8A, 0xEA, 0x79, 0x81, 0x55, 0x32, 0x59,
+        0x11, 0x25, 0x0E, 0xF0, 0x16, 0xD7, 0x28, 0x02,
+        0xE3, 0x87, 0x8A, 0xA5, 0x05, 0x40, 0xCC, 0x98,
+        0x39, 0x56, 0x97, 0x1D, 0x6E, 0xFA, 0x35, 0x2C,
+        0x02, 0x55, 0x4D, 0xC7, 0x60, 0xA5, 0xA9, 0x13,
+        0x58, 0xEA, 0x56, 0x37, 0x08, 0x84, 0xFD, 0x5B,
+        0x3F, 0x85, 0xB7, 0x0E, 0x83, 0xE4, 0x69, 0x7D,
+        0xEB, 0x17, 0x05, 0x16, 0x9E, 0x9C, 0x60, 0xA7,
+        0x45, 0x28, 0xCF, 0x15, 0x28, 0x1C, 0xB1, 0xB1,
+        0xC4, 0x57, 0xD4, 0x67, 0xB5, 0xF9, 0x3A, 0x60,
+        0x37, 0x3D, 0x10, 0xE0, 0xCF, 0x6A, 0x83, 0x7A,
+        0xA3, 0xC9, 0x59, 0x6A, 0x72, 0xBE, 0xC2, 0x9B,
+        0x2D, 0x7E, 0x58, 0x65, 0x3D, 0x53, 0x30, 0x61,
+        0xD3, 0x81, 0xD5, 0x17, 0x59, 0x75, 0x22, 0x17,
+        0xEB, 0x46, 0xCA, 0xC7, 0x80, 0x7C, 0x4A, 0xD3,
+        0x8B, 0x61, 0x16, 0x44, 0xAC, 0xF0, 0xA3, 0xF2,
+        0x6B, 0x6B, 0x08, 0x4A, 0xB4, 0x7A, 0x83, 0xBF,
+        0x0D, 0x69, 0x6F, 0x8A, 0x47, 0x68, 0xFC, 0x35,
+        0xBC, 0xA6, 0xBC, 0x79, 0x03, 0xB2, 0xA2, 0x37,
+        0xC2, 0x77, 0x49, 0xF5, 0x51, 0x0C, 0x86, 0x38,
+        0x69, 0xE6, 0xAE, 0x56, 0xBB, 0x2A, 0xFE, 0x47,
+        0x71, 0xC9, 0x22, 0x18, 0x74, 0xF5, 0x0F, 0x5B,
+        0x14, 0xBA, 0xAD, 0x59, 0x93, 0xB4, 0x92, 0x38,
+        0xFD, 0x0A, 0x0C, 0x9F, 0x79, 0xB7, 0xB4, 0x58,
+        0x4E, 0x41, 0x30, 0x1F, 0x7A, 0x88, 0x5C, 0x9F,
+        0x91, 0x81, 0x9B, 0xEA, 0x00, 0xD5, 0x12, 0x58,
+        0x17, 0x30, 0x53, 0x9F, 0xB3, 0x7E, 0x59, 0xE8,
+        0x6A, 0x6D, 0x19, 0xCA, 0x25, 0xF0, 0xA8, 0x11,
+        0xC9, 0xB4, 0x28, 0xBA, 0x86, 0x14, 0xAA, 0x4F,
+        0x94, 0x80, 0x7B, 0xC0, 0x31, 0xCB, 0xCC, 0x18,
+        0x3F, 0x3B, 0xF0, 0x7F, 0xE2, 0xC1, 0xA6, 0xEB,
+        0xA8, 0x0D, 0x5A, 0x70, 0x6E, 0xE0, 0xDA, 0xB2,
+        0x7E, 0x23, 0x14, 0x58, 0x02, 0x5D, 0x84, 0xA7,
+        0xA9, 0xB0, 0x23, 0x05, 0x01, 0x11, 0x6C, 0x29,
+        0x0A, 0x6B, 0xB5, 0x06, 0x26, 0xD9, 0x7B, 0x93,
+        0x98, 0x50, 0x94, 0x28, 0x28, 0x39, 0x0B, 0x0A,
+        0x20, 0x01, 0xB7, 0x85, 0x3A, 0xD1, 0xAE, 0x9B,
+        0x01, 0x1B, 0x2D, 0xB3, 0x6C, 0xAE, 0xEA, 0x73,
+        0xA2, 0x32, 0x8E, 0x3C, 0x56, 0x48, 0x5B, 0x49,
+        0x1C, 0x29, 0x91, 0x15, 0xA0, 0x17, 0xC9, 0x07,
+        0xAB, 0x54, 0x31, 0x72, 0x60, 0xA5, 0x93, 0xA0,
+        0xD7, 0xBA, 0x6D, 0x06, 0x61, 0x5D, 0x6E, 0x2C,
+        0xA8, 0x4B, 0x86, 0x0E, 0xFF, 0x3C, 0xCB, 0x59,
+        0x72, 0x11, 0xBF, 0xE3, 0x6B, 0xDE, 0xF8, 0x06,
+        0x9A, 0xFA, 0x36, 0xC5, 0xA7, 0x33, 0x92, 0x72,
+        0x26, 0x50, 0xE4, 0x95, 0x7D, 0xCA, 0x59, 0x7A,
+        0xCB, 0xA5, 0x60, 0x5B, 0x63, 0xC1, 0x63, 0xCF,
+        0xA9, 0x4B, 0x64, 0xDD, 0xD6, 0x23, 0x01, 0xA4,
+        0x33, 0x20, 0x83, 0x36, 0x19, 0x72, 0x58, 0x9D,
+        0xB0, 0x59, 0x9A, 0x69, 0x4D, 0xD4, 0x54, 0x7A,
+        0x5E, 0xE9, 0x19, 0x65, 0x77, 0xC2, 0x2E, 0xD4,
+        0x27, 0xAC, 0x89, 0xBB, 0x8B, 0xA3, 0x75, 0x3E,
+        0xB7, 0x6C, 0x41, 0xF2, 0xC1, 0x12, 0x9C, 0x8A,
+        0x77, 0xD6, 0x80, 0x5F, 0xA7, 0x19, 0xB1, 0xB6,
+        0xCA, 0x11, 0xB7, 0x40, 0xA7, 0x8A, 0x3D, 0x41,
+        0xB5, 0x33, 0x05, 0x26, 0xAB, 0x87, 0xD5, 0x8D,
+        0x59, 0x25, 0x31, 0x5A, 0x14, 0x85, 0xED, 0xC6,
+        0x47, 0xC1, 0x60, 0x4E, 0xB3, 0x81, 0x38, 0xDE,
+        0x63, 0x7A, 0xD2, 0xC6, 0xCA, 0x5B, 0xE4, 0x4E,
+        0x10, 0x08, 0xB2, 0xC0, 0x86, 0x7B, 0x22, 0x9C,
+        0xCC, 0x36, 0x61, 0x9E, 0x27, 0x58, 0xC4, 0xC2,
+        0x02, 0x9E, 0xAE, 0xB2, 0x6E, 0x7A, 0x80, 0x3F,
+        0xCA, 0x30, 0x5A, 0x59, 0xCD, 0x58, 0x5E, 0x11,
+        0x7D, 0x69, 0x8E, 0xCE, 0x01, 0x1C, 0xC3, 0xFC,
+        0xE5, 0x4D, 0x2E, 0x11, 0x45, 0x45, 0xA2, 0x1A,
+        0xC5, 0xBE, 0x67, 0x71, 0xAB, 0x8F, 0x13, 0x12,
+        0x2F, 0xAD, 0x29, 0x5E, 0x74, 0x5A, 0x50, 0x3B,
+        0x14, 0x2F, 0x91, 0xAE, 0xF7, 0xBD, 0xE9, 0x99,
+        0x98, 0x84, 0x5F, 0xDA, 0x04, 0x35, 0x55, 0xC9,
+        0xC1, 0xEE, 0x53, 0x5B, 0xE1, 0x25, 0xE5, 0xDC,
+        0xE5, 0xD2, 0x66, 0x66, 0x7E, 0x72, 0x3E, 0x67,
+        0xB6, 0xBA, 0x89, 0x1C, 0x16, 0xCB, 0xA1, 0x74,
+        0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88,
+        0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04
+    };
+    static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = {
+        0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6,
+        0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8,
+        0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD,
+        0x76, 0xD5, 0xDC, 0x1C, 0x9F, 0xDE, 0x0D, 0xED,
+        0xB3, 0x65, 0x81, 0x00, 0x4C, 0xB4, 0x81, 0x12,
+        0xF8, 0x52, 0xE7, 0xF8, 0x7F, 0x64, 0x9E, 0x8A,
+        0x42, 0xCD, 0x9E, 0x03, 0x49, 0xE7, 0xDA, 0xBD,
+        0xF0, 0xA9, 0xAC, 0x1B, 0x52, 0x1C, 0x37, 0xEA,
+        0x52, 0x41, 0x37, 0x0A, 0x8A, 0xB2, 0x91, 0x1C,
+        0xC7, 0x99, 0x02, 0xC9, 0x5D, 0x28, 0x22, 0x4F,
+        0xA8, 0x89, 0x6A, 0xD7, 0x15, 0x20, 0x9E, 0xCD,
+        0xD5, 0xD7, 0x84, 0xE9, 0x1D, 0xD9, 0xD0, 0xBE,
+        0x91, 0x6B, 0x45, 0x65, 0xF4, 0xD5, 0x66, 0x9A,
+        0xEE, 0x0D, 0xEF, 0x93, 0x1E, 0x97, 0x68, 0x29,
+        0x4E, 0xEC, 0x52, 0x58, 0xDE, 0x83, 0x91, 0xEC,
+        0xE2, 0x71, 0xE7, 0xE4, 0xCF, 0xD9, 0xD2, 0x3A,
+        0x79, 0xFA, 0xC3, 0xA8, 0xE0, 0xDB, 0x5D, 0xDD,
+        0x6E, 0x01, 0x07, 0x23, 0x56, 0x88, 0xBB, 0xDF,
+        0x7B, 0xC5, 0xD5, 0x63, 0x2F, 0x20, 0x6C, 0x63,
+        0xA0, 0xC9, 0x56, 0x4F, 0x30, 0x96, 0x5C, 0xA5,
+        0x8C, 0x69, 0xFF, 0x92, 0xD2, 0x5A, 0x4F, 0x93,
+        0xA0, 0x9E, 0xAB, 0x9B, 0x90, 0x85, 0x94, 0x7E,
+        0x07, 0x8A, 0x23, 0xE4, 0xD9, 0xC1, 0x3B, 0x8A,
+        0x56, 0xE7, 0x3E, 0x18, 0xDF, 0x42, 0xD6, 0x94,
+        0x9F, 0xAF, 0x59, 0x21, 0xF2, 0xE3, 0x73, 0xD4,
+        0x50, 0xC8, 0xC0, 0x9D, 0x07, 0xB1, 0x52, 0xA9,
+        0x7C, 0x24, 0x54, 0x47, 0x42, 0x94, 0x81, 0xD4,
+        0x98, 0xBE, 0xB7, 0x25, 0x6B, 0xC4, 0x7F, 0x68,
+        0xF9, 0x92, 0x2B, 0x0B, 0x1C, 0x62, 0xD9, 0xC2,
+        0x3F, 0x9F, 0x73, 0x3D, 0xD7, 0x37, 0x92, 0xCF,
+        0xC7, 0xB4, 0x3C, 0xBC, 0xEA, 0x27, 0x7D, 0x51,
+        0xB2, 0xB8, 0xAD, 0x4A, 0x4F, 0x52, 0x2F, 0x64,
+        0x2C, 0xAD, 0x5C, 0x5D, 0xEB, 0x21, 0xF3, 0x62,
+        0x7F, 0x8A, 0xF4, 0xD3, 0xE5, 0xBC, 0x9E, 0x91,
+        0xD4, 0xCB, 0x2F, 0x12, 0x4B, 0x5B, 0xD7, 0xC2,
+        0xF4, 0xA0, 0x50, 0xCA, 0x75, 0x5B, 0xDB, 0x80,
+        0x56, 0x60, 0x96, 0x63, 0xFB, 0x95, 0x11, 0xC9,
+        0xAD, 0x83, 0xB5, 0x03, 0x90, 0x88, 0xCC, 0x01,
+        0xF0, 0xDD, 0x54, 0x35, 0x3B, 0x0D, 0xD7, 0x43,
+        0x3F, 0x0C, 0x6C, 0xEE, 0x0D, 0x07, 0x59, 0x59,
+        0x81, 0x0D, 0xEC, 0x54, 0x16, 0x52, 0x2B, 0xB1,
+        0xF1, 0xF6, 0x55, 0x47, 0xA0, 0xC2, 0xE9, 0xCC,
+        0x9B, 0xC1, 0x7F, 0x8D, 0x39, 0xD2, 0x93, 0x09,
+        0xEB, 0xE7, 0x9F, 0x21, 0x33, 0x1B, 0x75, 0xE1,
+        0x2A, 0xF2, 0xE9, 0x3F, 0x03, 0xF7, 0x4F, 0x7F,
+        0x87, 0xD3, 0x60, 0xF1, 0xDA, 0xF8, 0x6C, 0xED,
+        0x73, 0x60, 0x92, 0xA2, 0x11, 0xA8, 0x15, 0x88,
+        0x59, 0xC4, 0x2E, 0x22, 0x3C, 0xFE, 0x2E, 0x6E,
+        0x55, 0x34, 0x37, 0xD8, 0x05, 0x76, 0xCF, 0xD1,
+        0x94, 0x4E, 0x97, 0xEE, 0xFF, 0x9B, 0x49, 0xE5,
+        0xEC, 0xCF, 0xC6, 0x78, 0xEE, 0x16, 0x52, 0x68,
+        0xDF, 0xE3, 0xD3, 0x59, 0x6B, 0x4B, 0x86, 0x20,
+        0x4A, 0x81, 0xC6, 0x06, 0x3B, 0x0C, 0xDC, 0xE6,
+        0x19, 0xFD, 0xBB, 0x96, 0xDF, 0x7D, 0xE6, 0xE0,
+        0xBD, 0x52, 0x70, 0xB4, 0xD5, 0x9C, 0x4D, 0xC5,
+        0x08, 0x47, 0x6E, 0x7F, 0x07, 0x08, 0xF9, 0x8C,
+        0x7A, 0x4F, 0x66, 0x45, 0xC4, 0x9D, 0x06, 0x10,
+        0x0C, 0x76, 0x0C, 0x59, 0x95, 0x28, 0xD1, 0xB8,
+        0xBB, 0xFE, 0x62, 0x81, 0x91, 0xCC, 0x08, 0x3C,
+        0x8D, 0x22, 0x5A, 0x09, 0x3F, 0x9F, 0x17, 0xE3,
+        0x55, 0x74, 0x98, 0x6F, 0x86, 0xBA, 0xA4, 0x68,
+        0x98, 0xB5, 0x89, 0xF3, 0xCB, 0x7D, 0xB4, 0x6A,
+        0x45, 0xF3, 0xED, 0xD4, 0xFA, 0xC2, 0x08, 0x08,
+        0xF4, 0xCD, 0x02, 0x49, 0xDA, 0x69, 0x3F, 0x8F,
+        0xAB, 0xFB, 0xD4, 0xE1, 0x0C, 0x02, 0xC6, 0x5B,
+        0xA8, 0xC8, 0x61, 0x0F, 0xA8, 0xC6, 0xDF, 0x3D,
+        0xBA, 0xEB, 0x67, 0x63, 0xDD, 0x48, 0x2A, 0xF4,
+        0x15, 0x58, 0xB1, 0xE1, 0x5C, 0xC9, 0xC7, 0xA7,
+        0x2E, 0x07, 0x16, 0x85, 0xAC, 0x19, 0xA0, 0x51,
+        0xF1, 0x92, 0x45, 0xB9, 0xF7, 0x7C, 0x30, 0x38,
+        0xA5, 0x4E, 0x29, 0x58, 0x62, 0x3E, 0xB8, 0x10,
+        0x59, 0x55, 0x60, 0x9E, 0x27, 0xD6, 0x7C, 0xF7,
+        0x2E, 0xC5, 0xC4, 0xA8, 0xE9, 0xB9, 0xC2, 0x92,
+        0x4A, 0x9E, 0x22, 0x98, 0x50, 0x8B, 0xAB, 0xA1,
+        0x3C, 0xF1, 0x11, 0xFD, 0xFB, 0x06, 0x2C, 0x96,
+        0x07, 0xAC, 0x1A, 0xAA, 0x6C, 0x63, 0x73, 0x10,
+        0xA8, 0x89, 0x4B, 0xF0, 0xB9, 0x6F, 0x0C, 0x19,
+        0x13, 0x61, 0x86, 0xB6, 0x18, 0xDF, 0xFB, 0x27,
+        0x55, 0x28, 0xBE, 0xD1, 0xCC, 0x27, 0x15, 0xDE,
+        0xF4, 0x12, 0xF7, 0x7A, 0x3C, 0xF9, 0x66, 0x45,
+        0x73, 0x3B, 0x04, 0x8A, 0x78, 0x47, 0x43, 0x20,
+        0xD1, 0xA3, 0x80, 0xF5, 0xEE, 0xDB, 0xDA, 0x21,
+        0xFA, 0x01, 0x25, 0xC9, 0x1D, 0x3C, 0x37, 0xC5,
+        0x4B, 0xF3, 0x75, 0x2A, 0x1F, 0x84, 0x71, 0xC8,
+        0x1F, 0xCA, 0xE2, 0xD3, 0xED, 0xA9, 0x66, 0xE1,
+        0x4E, 0x66, 0xF2, 0x23, 0xB0, 0x54, 0xD7, 0x98,
+        0x48, 0xFF, 0x94, 0x11, 0xD6, 0x34, 0x02, 0x4A,
+        0x09, 0x89, 0x70, 0xAD, 0xE6, 0xA8, 0x8B, 0x5F,
+        0x90, 0x69, 0xF7, 0x60, 0x58, 0x4D, 0xC4, 0xCF,
+        0xFF, 0xCE, 0xA8, 0xEC, 0xE1, 0x1B, 0xB5, 0x56,
+        0x6B, 0xD2, 0x36, 0x0A, 0xB7, 0x07, 0xDF, 0x2D,
+        0x21, 0xB6, 0x74, 0x88, 0xD9, 0x31, 0xF0, 0x20,
+        0x06, 0x91, 0x76, 0x42, 0x3E, 0x69, 0x44, 0x49,
+        0x0C, 0xB3, 0x85, 0xE7, 0x0B, 0x35, 0x8A, 0x25,
+        0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F,
+        0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D
+    };
+    static const byte kprime_512[WC_ML_KEM_SS_SZ] = {
+        0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97,
+        0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B,
+        0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73,
+        0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = {
+        0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52,
+        0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D,
+        0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC,
+        0x0D, 0x19, 0x6B, 0x7B, 0xA6, 0x31, 0xB8, 0xE9,
+        0x29, 0x30, 0x28, 0xA8, 0xF3, 0x79, 0x88, 0x8C,
+        0x42, 0x2D, 0xC8, 0xD3, 0x2B, 0xBF, 0x22, 0x60,
+        0x10, 0xC2, 0xC1, 0xEC, 0x73, 0x18, 0x90, 0x80,
+        0x45, 0x6B, 0x05, 0x64, 0xB2, 0x58, 0xB0, 0xF2,
+        0x31, 0x31, 0xBC, 0x79, 0xC8, 0xE8, 0xC1, 0x1C,
+        0xEF, 0x39, 0x38, 0xB2, 0x43, 0xC5, 0xCE, 0x9C,
+        0x0E, 0xDD, 0x37, 0xC8, 0xF9, 0xD2, 0x98, 0x77,
+        0xDB, 0xBB, 0x61, 0x5B, 0x9B, 0x5A, 0xC3, 0xC9,
+        0x48, 0x48, 0x7E, 0x46, 0x71, 0x96, 0xA9, 0x14,
+        0x3E, 0xFB, 0xC7, 0xCE, 0xDB, 0x64, 0xB4, 0x5D,
+        0x4A, 0xCD, 0xA2, 0x66, 0x6C, 0xBC, 0x28, 0x04,
+        0xF2, 0xC8, 0x66, 0x2E, 0x12, 0x8F, 0x6A, 0x99,
+        0x69, 0xEC, 0x15, 0xBC, 0x0B, 0x93, 0x51, 0xF6,
+        0xF9, 0x63, 0x46, 0xAA, 0x7A, 0xBC, 0x74, 0x3A,
+        0x14, 0xFA, 0x03, 0x0E, 0x37, 0xA2, 0xE7, 0x59,
+        0x7B, 0xDD, 0xFC, 0x5A, 0x22, 0xF9, 0xCE, 0xDA,
+        0xF8, 0x61, 0x48, 0x32, 0x52, 0x72, 0x10, 0xB2,
+        0x6F, 0x02, 0x4C, 0x7F, 0x6C, 0x0D, 0xCF, 0x55,
+        0x1E, 0x97, 0xA4, 0x85, 0x87, 0x64, 0xC3, 0x21,
+        0xD1, 0x83, 0x4A, 0xD5, 0x1D, 0x75, 0xBB, 0x24,
+        0x6D, 0x27, 0x72, 0x37, 0xB7, 0xBD, 0x41, 0xDC,
+        0x43, 0x62, 0xD0, 0x63, 0xF4, 0x29, 0x82, 0x92,
+        0x27, 0x2D, 0x01, 0x01, 0x17, 0x80, 0xB7, 0x98,
+        0x56, 0xB2, 0x96, 0xC4, 0xE9, 0x46, 0x65, 0x8B,
+        0x79, 0x60, 0x31, 0x97, 0xC9, 0xB2, 0xA9, 0x9E,
+        0xC6, 0x6A, 0xCB, 0x06, 0xCE, 0x2F, 0x69, 0xB5,
+        0xA5, 0xA6, 0x1E, 0x9B, 0xD0, 0x6A, 0xD4, 0x43,
+        0xCE, 0xB0, 0xC7, 0x4E, 0xD6, 0x53, 0x45, 0xA9,
+        0x03, 0xB6, 0x14, 0xE8, 0x13, 0x68, 0xAA, 0xC2,
+        0xB3, 0xD2, 0xA7, 0x9C, 0xA8, 0xCC, 0xAA, 0x1C,
+        0x3B, 0x88, 0xFB, 0x82, 0xA3, 0x66, 0x32, 0x86,
+        0x0B, 0x3F, 0x79, 0x50, 0x83, 0x3F, 0xD0, 0x21,
+        0x2E, 0xC9, 0x6E, 0xDE, 0x4A, 0xB6, 0xF5, 0xA0,
+        0xBD, 0xA3, 0xEC, 0x60, 0x60, 0xA6, 0x58, 0xF9,
+        0x45, 0x7F, 0x6C, 0xC8, 0x7C, 0x6B, 0x62, 0x0C,
+        0x1A, 0x14, 0x51, 0x98, 0x74, 0x86, 0xE4, 0x96,
+        0x61, 0x2A, 0x10, 0x1D, 0x0E, 0x9C, 0x20, 0x57,
+        0x7C, 0x57, 0x1E, 0xDB, 0x52, 0x82, 0x60, 0x8B,
+        0xF4, 0xE1, 0xAC, 0x92, 0x6C, 0x0D, 0xB1, 0xC8,
+        0x2A, 0x50, 0x4A, 0x79, 0x9D, 0x89, 0x88, 0x5C,
+        0xA6, 0x25, 0x2B, 0xD5, 0xB1, 0xC1, 0x83, 0xAF,
+        0x70, 0x13, 0x92, 0xA4, 0x07, 0xC0, 0x5B, 0x84,
+        0x8C, 0x2A, 0x30, 0x16, 0xC4, 0x06, 0x13, 0xF0,
+        0x2A, 0x44, 0x9B, 0x3C, 0x79, 0x26, 0xDA, 0x06,
+        0x7A, 0x53, 0x31, 0x16, 0x50, 0x68, 0x40, 0x09,
+        0x75, 0x10, 0x46, 0x0B, 0xBF, 0xD3, 0x60, 0x73,
+        0xDC, 0xB0, 0xBF, 0xA0, 0x09, 0xB3, 0x6A, 0x91,
+        0x23, 0xEA, 0xA6, 0x8F, 0x83, 0x5F, 0x74, 0xA0,
+        0x1B, 0x00, 0xD2, 0x09, 0x78, 0x35, 0x96, 0x4D,
+        0xF5, 0x21, 0xCE, 0x92, 0x10, 0x78, 0x9C, 0x30,
+        0xB7, 0xF0, 0x6E, 0x58, 0x44, 0xB4, 0x44, 0xC5,
+        0x33, 0x22, 0x39, 0x6E, 0x47, 0x99, 0xBA, 0xF6,
+        0xA8, 0x8A, 0xF7, 0x31, 0x58, 0x60, 0xD0, 0x19,
+        0x2D, 0x48, 0xC2, 0xC0, 0xDA, 0x6B, 0x5B, 0xA6,
+        0x43, 0x25, 0x54, 0x3A, 0xCD, 0xF5, 0x90, 0x0E,
+        0x8B, 0xC4, 0x77, 0xAB, 0x05, 0x82, 0x00, 0x72,
+        0xD4, 0x63, 0xAF, 0xFE, 0xD0, 0x97, 0xE0, 0x62,
+        0xBD, 0x78, 0xC9, 0x9D, 0x12, 0xB3, 0x85, 0x13,
+        0x1A, 0x24, 0x1B, 0x70, 0x88, 0x65, 0xB4, 0x19,
+        0x0A, 0xF6, 0x9E, 0xA0, 0xA6, 0x4D, 0xB7, 0x14,
+        0x48, 0xA6, 0x08, 0x29, 0x36, 0x9C, 0x75, 0x55,
+        0x19, 0x8E, 0x43, 0x8C, 0x9A, 0xBC, 0x31, 0x0B,
+        0xC7, 0x01, 0x01, 0x91, 0x3B, 0xB1, 0x2F, 0xAA,
+        0x5B, 0xEE, 0xF9, 0x75, 0x84, 0x16, 0x17, 0xC8,
+        0x47, 0xCD, 0x6B, 0x33, 0x6F, 0x87, 0x79, 0x87,
+        0x75, 0x38, 0x22, 0x02, 0x0B, 0x92, 0xC4, 0xCC,
+        0x97, 0x05, 0x5C, 0x9B, 0x1E, 0x0B, 0x12, 0x8B,
+        0xF1, 0x1F, 0x50, 0x50, 0x05, 0xB6, 0xAB, 0x0E,
+        0x62, 0x77, 0x95, 0xA2, 0x06, 0x09, 0xEF, 0xA9,
+        0x91, 0xE5, 0x98, 0xB8, 0x0F, 0x37, 0xB1, 0xC6,
+        0xA1, 0xC3, 0xA1, 0xE9, 0xAE, 0xE7, 0x02, 0x8F,
+        0x77, 0x57, 0x0A, 0xB2, 0x13, 0x91, 0x28, 0xA0,
+        0x01, 0x08, 0xC5, 0x0E, 0xB3, 0x05, 0xCD, 0xB8,
+        0xF9, 0xA6, 0x03, 0xA6, 0xB0, 0x78, 0x41, 0x3F,
+        0x6F, 0x9B, 0x14, 0xC6, 0xD8, 0x2B, 0x51, 0x99,
+        0xCE, 0x59, 0xD8, 0x87, 0x90, 0x2A, 0x28, 0x1A,
+        0x02, 0x7B, 0x71, 0x74, 0x95, 0xFE, 0x12, 0x67,
+        0x2A, 0x12, 0x7B, 0xBF, 0x9B, 0x25, 0x6C, 0x43,
+        0x72, 0x0D, 0x7C, 0x16, 0x0B, 0x28, 0x1C, 0x12,
+        0x75, 0x7D, 0xA1, 0x35, 0xB1, 0x93, 0x33, 0x52,
+        0xBE, 0x4A, 0xB6, 0x7E, 0x40, 0x24, 0x8A, 0xFC,
+        0x31, 0x8E, 0x23, 0x70, 0xC3, 0xB8, 0x20, 0x8E,
+        0x69, 0x5B, 0xDF, 0x33, 0x74, 0x59, 0xB9, 0xAC,
+        0xBF, 0xE5, 0xB4, 0x87, 0xF7, 0x6E, 0x9B, 0x4B,
+        0x40, 0x01, 0xD6, 0xCF, 0x90, 0xCA, 0x8C, 0x69,
+        0x9A, 0x17, 0x4D, 0x42, 0x97, 0x2D, 0xC7, 0x33,
+        0xF3, 0x33, 0x89, 0xFD, 0xF5, 0x9A, 0x1D, 0xAB,
+        0xA8, 0x1D, 0x83, 0x49, 0x55, 0x02, 0x73, 0x34,
+        0x18, 0x5A, 0xD0, 0x2C, 0x76, 0xCF, 0x29, 0x48,
+        0x46, 0xCA, 0x92, 0x94, 0xBA, 0x0E, 0xD6, 0x67,
+        0x41, 0xDD, 0xEC, 0x79, 0x1C, 0xAB, 0x34, 0x19,
+        0x6A, 0xC5, 0x65, 0x7C, 0x5A, 0x78, 0x32, 0x1B,
+        0x56, 0xC3, 0x33, 0x06, 0xB5, 0x10, 0x23, 0x97,
+        0xA5, 0xC0, 0x9C, 0x35, 0x08, 0xF7, 0x6B, 0x48,
+        0x28, 0x24, 0x59, 0xF8, 0x1D, 0x0C, 0x72, 0xA4,
+        0x3F, 0x73, 0x7B, 0xC2, 0xF1, 0x2F, 0x45, 0x42,
+        0x26, 0x28, 0xB6, 0x7D, 0xB5, 0x1A, 0xC1, 0x42,
+        0x42, 0x76, 0xA6, 0xC0, 0x8C, 0x3F, 0x76, 0x15,
+        0x66, 0x5B, 0xBB, 0x8E, 0x92, 0x81, 0x48, 0xA2,
+        0x70, 0xF9, 0x91, 0xBC, 0xF3, 0x65, 0xA9, 0x0F,
+        0x87, 0xC3, 0x06, 0x87, 0xB6, 0x88, 0x09, 0xC9,
+        0x1F, 0x23, 0x18, 0x13, 0xB8, 0x66, 0xBE, 0xA8,
+        0x2E, 0x30, 0x37, 0x4D, 0x80, 0xAA, 0x0C, 0x02,
+        0x97, 0x34, 0x37, 0x49, 0x8A, 0x53, 0xB1, 0x4B,
+        0xF6, 0xB6, 0xCA, 0x1E, 0xD7, 0x6A, 0xB8, 0xA2,
+        0x0D, 0x54, 0xA0, 0x83, 0xF4, 0xA2, 0x6B, 0x7C,
+        0x03, 0x8D, 0x81, 0x96, 0x76, 0x40, 0xC2, 0x0B,
+        0xF4, 0x43, 0x1E, 0x71, 0xDA, 0xCC, 0xE8, 0x57,
+        0x7B, 0x21, 0x24, 0x0E, 0x49, 0x4C, 0x31, 0xF2,
+        0xD8, 0x77, 0xDA, 0xF4, 0x92, 0x4F, 0xD3, 0x9D,
+        0x82, 0xD6, 0x16, 0x7F, 0xBC, 0xC1, 0xF9, 0xC5,
+        0xA2, 0x59, 0xF8, 0x43, 0xE3, 0x09, 0x87, 0xCC,
+        0xC4, 0xBC, 0xE7, 0x49, 0x3A, 0x24, 0x04, 0xB5,
+        0xE4, 0x43, 0x87, 0xF7, 0x07, 0x42, 0x57, 0x81,
+        0xB7, 0x43, 0xFB, 0x55, 0x56, 0x85, 0x58, 0x4E,
+        0x25, 0x57, 0xCC, 0x03, 0x8B, 0x1A, 0x9B, 0x3F,
+        0x40, 0x43, 0x12, 0x1F, 0x54, 0x72, 0xEB, 0x2B,
+        0x96, 0xE5, 0x94, 0x1F, 0xEC, 0x01, 0x1C, 0xEE,
+        0xA5, 0x07, 0x91, 0x63, 0x6C, 0x6A, 0xBC, 0x26,
+        0xC1, 0x37, 0x7E, 0xE3, 0xB5, 0x14, 0x6F, 0xC7,
+        0xC8, 0x5C, 0xB3, 0x35, 0xB1, 0xE7, 0x95, 0xEE,
+        0xC2, 0x03, 0x3E, 0xE4, 0x4B, 0x9A, 0xA9, 0x06,
+        0x85, 0x24, 0x5E, 0xF7, 0xB4, 0x43, 0x6C, 0x00,
+        0x0E, 0x66, 0xBC, 0x8B, 0xCB, 0xF1, 0xCD, 0xB8,
+        0x03, 0xAC, 0x14, 0x21, 0xB1, 0xFD, 0xB2, 0x66,
+        0xD5, 0x29, 0x1C, 0x83, 0x10, 0x37, 0x3A, 0x8A,
+        0x3C, 0xE9, 0x56, 0x2A, 0xB1, 0x97, 0x95, 0x38,
+        0x71, 0xAB, 0x99, 0xF3, 0x82, 0xCC, 0x5A, 0xA9,
+        0xC0, 0xF2, 0x73, 0xD1, 0xDC, 0xA5, 0x5D, 0x27,
+        0x12, 0x85, 0x38, 0x71, 0xE1, 0xA8, 0x3C, 0xB3,
+        0xB8, 0x54, 0x50, 0xF7, 0x6D, 0x3F, 0x3C, 0x42,
+        0xBA, 0xB5, 0x50, 0x5F, 0x72, 0x12, 0xFD, 0xB6,
+        0xB8, 0xB7, 0xF6, 0x02, 0x99, 0x72, 0xA8, 0xF3,
+        0x75, 0x1E, 0x4C, 0x94, 0xC1, 0x10, 0x8B, 0x02,
+        0xD6, 0xAC, 0x79, 0xF8, 0xD9, 0x38, 0xF0, 0x5A,
+        0x1B, 0x2C, 0x22, 0x9B, 0x14, 0xB4, 0x2B, 0x31,
+        0xB0, 0x1A, 0x36, 0x40, 0x17, 0xE5, 0x95, 0x78,
+        0xC6, 0xB0, 0x33, 0x83, 0x37, 0x74, 0xCB, 0x9B,
+        0x57, 0x0F, 0x90, 0x86, 0xB7, 0x22, 0x90, 0x3B,
+        0x37, 0x54, 0x46, 0xB4, 0x95, 0xD8, 0xA2, 0x9B,
+        0xF8, 0x07, 0x51, 0x87, 0x7A, 0x80, 0xFB, 0x72,
+        0x4A, 0x02, 0x10, 0xC3, 0xE1, 0x69, 0x2F, 0x39,
+        0x7C, 0x2F, 0x1D, 0xDC, 0x2E, 0x6B, 0xA1, 0x7A,
+        0xF8, 0x1B, 0x92, 0xAC, 0xFA, 0xBE, 0xF5, 0xF7,
+        0x57, 0x3C, 0xB4, 0x93, 0xD1, 0x84, 0x02, 0x7B,
+        0x71, 0x82, 0x38, 0xC8, 0x9A, 0x35, 0x49, 0xB8,
+        0x90, 0x5B, 0x28, 0xA8, 0x33, 0x62, 0x86, 0x7C,
+        0x08, 0x2D, 0x30, 0x19, 0xD3, 0xCA, 0x70, 0x70,
+        0x07, 0x31, 0xCE, 0xB7, 0x3E, 0x84, 0x72, 0xC1,
+        0xA3, 0xA0, 0x93, 0x36, 0x1C, 0x5F, 0xEA, 0x6A,
+        0x7D, 0x40, 0x95, 0x5D, 0x07, 0xA4, 0x1B, 0x64,
+        0xE5, 0x00, 0x81, 0xA3, 0x61, 0xB6, 0x04, 0xCC,
+        0x51, 0x84, 0x47, 0xC8, 0xE2, 0x57, 0x65, 0xAB,
+        0x7D, 0x68, 0xB2, 0x43, 0x27, 0x52, 0x07, 0xAF,
+        0x8C, 0xA6, 0x56, 0x4A, 0x4C, 0xB1, 0xE9, 0x41,
+        0x99, 0xDB, 0xA1, 0x87, 0x8C, 0x59, 0xBE, 0xC8,
+        0x09, 0xAB, 0x48, 0xB2, 0xF2, 0x11, 0xBA, 0xDC,
+        0x6A, 0x19, 0x98, 0xD9, 0xC7, 0x22, 0x7C, 0x13,
+        0x03, 0xF4, 0x69, 0xD4, 0x6A, 0x9C, 0x7E, 0x53,
+        0x03, 0xF9, 0x8A, 0xBA, 0x67, 0x56, 0x9A, 0xE8,
+        0x22, 0x7C, 0x16, 0xBA, 0x1F, 0xB3, 0x24, 0x44,
+        0x66, 0xA2, 0x5E, 0x7F, 0x82, 0x36, 0x71, 0x81,
+        0x0C, 0xC2, 0x62, 0x06, 0xFE, 0xB2, 0x9C, 0x7E,
+        0x2A, 0x1A, 0x91, 0x95, 0x9E, 0xEB, 0x03, 0xA9,
+        0x82, 0x52, 0xA4, 0xF7, 0x41, 0x26, 0x74, 0xEB,
+        0x9A, 0x4B, 0x27, 0x7E, 0x1F, 0x25, 0x95, 0xFC,
+        0xA6, 0x40, 0x33, 0xB4, 0x1B, 0x40, 0x33, 0x08,
+        0x12, 0xE9, 0x73, 0x5B, 0x7C, 0x60, 0x75, 0x01,
+        0xCD, 0x81, 0x83, 0xA2, 0x2A, 0xFC, 0x33, 0x92,
+        0x55, 0x37, 0x44, 0xF3, 0x3C, 0x4D, 0x20, 0x25,
+        0x26, 0x94, 0x5C, 0x6D, 0x78, 0xA6, 0x0E, 0x20,
+        0x1A, 0x16, 0x98, 0x7A, 0x6F, 0xA5, 0x9D, 0x94,
+        0x46, 0x4B, 0x56, 0x50, 0x65, 0x56, 0x78, 0x48,
+        0x24, 0xA0, 0x70, 0x58, 0xF5, 0x73, 0x20, 0xE7,
+        0x6C, 0x82, 0x5B, 0x93, 0x47, 0xF2, 0x93, 0x6F,
+        0x4A, 0x0E, 0x5C, 0xDA, 0xA1, 0x8C, 0xF8, 0x83,
+        0x39, 0x45, 0xAE, 0x31, 0x2A, 0x36, 0xB5, 0xF5,
+        0xA3, 0x81, 0x0A, 0xAC, 0x82, 0x38, 0x1F, 0xDA,
+        0xE4, 0xCB, 0x9C, 0x68, 0x31, 0xD8, 0xEB, 0x8A,
+        0xBA, 0xB8, 0x50, 0x41, 0x64, 0x43, 0xD7, 0x39,
+        0x08, 0x6B, 0x1C, 0x32, 0x6F, 0xC2, 0xA3, 0x97,
+        0x57, 0x04, 0xE3, 0x96, 0xA5, 0x96, 0x80, 0xC3,
+        0xB5, 0xF3, 0x60, 0xF5, 0x48, 0x0D, 0x2B, 0x62,
+        0x16, 0x9C, 0xD9, 0x4C, 0xA7, 0x1B, 0x37, 0xBC,
+        0x58, 0x78, 0xBA, 0x29, 0x85, 0xE0, 0x68, 0xBA,
+        0x05, 0x0B, 0x2C, 0xE5, 0x07, 0x26, 0xD4, 0xB4,
+        0x45, 0x1B, 0x77, 0xAA, 0xA8, 0x67, 0x6E, 0xAE,
+        0x09, 0x49, 0x82, 0x21, 0x01, 0x92, 0x19, 0x7B,
+        0x1E, 0x92, 0xA2, 0x7F, 0x59, 0x86, 0x8B, 0x78,
+        0x86, 0x78, 0x87, 0xB9, 0xA7, 0x0C, 0x32, 0xAF,
+        0x84, 0x63, 0x0A, 0xA9, 0x08, 0x81, 0x43, 0x79,
+        0xE6, 0x51, 0x91, 0x50, 0xBA, 0x16, 0x43, 0x9B,
+        0x5E, 0x2B, 0x06, 0x03, 0xD0, 0x6A, 0xA6, 0x67,
+        0x45, 0x57, 0xF5, 0xB0, 0x98, 0x3E, 0x5C, 0xB6,
+        0xA9, 0x75, 0x96, 0x06, 0x9B, 0x01, 0xBB, 0x31,
+        0x28, 0xC4, 0x16, 0x68, 0x06, 0x57, 0x20, 0x4F,
+        0xD0, 0x76, 0x40, 0x39, 0x2E, 0x16, 0xB1, 0x9F,
+        0x33, 0x7A, 0x99, 0xA3, 0x04, 0x84, 0x4E, 0x1A,
+        0xA4, 0x74, 0xE9, 0xC7, 0x99, 0x06, 0x29, 0x71,
+        0xF6, 0x72, 0x26, 0x89, 0x60, 0xF5, 0xA8, 0x2F,
+        0x95, 0x00, 0x70, 0xBB, 0xE9, 0xC2, 0xA7, 0x19,
+        0x50, 0xA3, 0x78, 0x5B, 0xDF, 0x0B, 0x84, 0x40,
+        0x25, 0x5E, 0xD6, 0x39, 0x28, 0xD2, 0x57, 0x84,
+        0x51, 0x68, 0xB1, 0xEC, 0xCC, 0x41, 0x91, 0x32,
+        0x5A, 0xA7, 0x66, 0x45, 0x71, 0x9B, 0x28, 0xEB,
+        0xD8, 0x93, 0x02, 0xDC, 0x67, 0x23, 0xC7, 0x86,
+        0xDF, 0x52, 0x17, 0xB2, 0x43, 0x09, 0x9C, 0xA7,
+        0x82, 0x38, 0xE5, 0x7E, 0x64, 0x69, 0x2F, 0x20,
+        0x6B, 0x17, 0x7A, 0xBC, 0x25, 0x96, 0x60, 0x39,
+        0x5C, 0xD7, 0x86, 0x0F, 0xB3, 0x5A, 0x16, 0xF6,
+        0xB2, 0xFE, 0x65, 0x48, 0xC8, 0x5A, 0xB6, 0x63,
+        0x30, 0xC5, 0x17, 0xFA, 0x74, 0xCD, 0xF3, 0xCB,
+        0x49, 0xD2, 0x6B, 0x11, 0x81, 0x90, 0x1A, 0xF7,
+        0x75, 0xA1, 0xE1, 0x80, 0x81, 0x3B, 0x6A, 0x24,
+        0xC4, 0x56, 0x82, 0x9B, 0x5C, 0x38, 0x10, 0x4E,
+        0xCE, 0x43, 0xC7, 0x6A, 0x43, 0x7A, 0x6A, 0x33,
+        0xB6, 0xFC, 0x6C, 0x5E, 0x65, 0xC8, 0xA8, 0x94,
+        0x66, 0xC1, 0x42, 0x54, 0x85, 0xB2, 0x9B, 0x9E,
+        0x18, 0x54, 0x36, 0x8A, 0xFC, 0xA3, 0x53, 0xE1,
+        0x43, 0xD0, 0xA9, 0x0A, 0x6C, 0x6C, 0x9E, 0x7F,
+        0xDB, 0x62, 0xA6, 0x06, 0x85, 0x6B, 0x56, 0x14,
+        0xF1, 0x2B, 0x64, 0xB7, 0x96, 0x02, 0x0C, 0x35,
+        0x34, 0xC3, 0x60, 0x5C, 0xFD, 0xC7, 0x3B, 0x86,
+        0x71, 0x4F, 0x41, 0x18, 0x50, 0x22, 0x8A, 0x28,
+        0xB8, 0xF4, 0xB4, 0x9E, 0x66, 0x34, 0x16, 0xC8,
+        0x4F, 0x7E, 0x38, 0x1F, 0x6A, 0xF1, 0x07, 0x13,
+        0x43, 0xBF, 0x9D, 0x39, 0xB4, 0x54, 0x39, 0x24,
+        0x0C, 0xC0, 0x38, 0x97, 0x29, 0x5F, 0xEA, 0x08,
+        0x0B, 0x14, 0xBB, 0x2D, 0x81, 0x19, 0xA8, 0x80,
+        0xE1, 0x64, 0x49, 0x5C, 0x61, 0xBE, 0xBC, 0x71,
+        0x39, 0xC1, 0x18, 0x57, 0xC8, 0x5E, 0x17, 0x50,
+        0x33, 0x8D, 0x63, 0x43, 0x91, 0x37, 0x06, 0xA5,
+        0x07, 0xC9, 0x56, 0x64, 0x64, 0xCD, 0x28, 0x37,
+        0xCF, 0x91, 0x4D, 0x1A, 0x3C, 0x35, 0xE8, 0x9B,
+        0x23, 0x5C, 0x6A, 0xB7, 0xED, 0x07, 0x8B, 0xED,
+        0x23, 0x47, 0x57, 0xC0, 0x2E, 0xF6, 0x99, 0x3D,
+        0x4A, 0x27, 0x3C, 0xB8, 0x15, 0x05, 0x28, 0xDA,
+        0x4D, 0x76, 0x70, 0x81, 0x77, 0xE9, 0x42, 0x55,
+        0x46, 0xC8, 0x3E, 0x14, 0x70, 0x39, 0x76, 0x66,
+        0x03, 0xB3, 0x0D, 0xA6, 0x26, 0x8F, 0x45, 0x98,
+        0xA5, 0x31, 0x94, 0x24, 0x0A, 0x28, 0x32, 0xA3,
+        0xD6, 0x75, 0x33, 0xB5, 0x05, 0x6F, 0x9A, 0xAA,
+        0xC6, 0x1B, 0x4B, 0x17, 0xB9, 0xA2, 0x69, 0x3A,
+        0xA0, 0xD5, 0x88, 0x91, 0xE6, 0xCC, 0x56, 0xCD,
+        0xD7, 0x72, 0x41, 0x09, 0x00, 0xC4, 0x05, 0xAF,
+        0x20, 0xB9, 0x03, 0x79, 0x7C, 0x64, 0x87, 0x69,
+        0x15, 0xC3, 0x7B, 0x84, 0x87, 0xA1, 0x44, 0x9C,
+        0xE9, 0x24, 0xCD, 0x34, 0x5C, 0x29, 0xA3, 0x6E,
+        0x08, 0x23, 0x8F, 0x7A, 0x15, 0x7C, 0xC7, 0xE5,
+        0x16, 0xAB, 0x5B, 0xA7, 0x3C, 0x80, 0x63, 0xF7,
+        0x26, 0xBB, 0x5A, 0x0A, 0x03, 0x19, 0xE5, 0x71,
+        0x27, 0x43, 0x8C, 0x7F, 0xC6, 0x01, 0xC9, 0x9C,
+        0xCA, 0xAE, 0x4C, 0x1A, 0x83, 0x72, 0x6F, 0xDC,
+        0xB5, 0x04, 0x5E, 0xD1, 0xA8, 0x2A, 0x98, 0x5E,
+        0xA9, 0x95, 0x39, 0x6D, 0x77, 0x27, 0x2C, 0x66,
+        0xCE, 0x49, 0x32, 0x89, 0xF6, 0x11, 0x09, 0x10,
+        0xF3, 0x7C, 0x27, 0x41, 0xCE, 0x47, 0x02, 0x6A,
+        0x6F, 0x82, 0x61, 0x99, 0x9C, 0x64, 0x82, 0x57,
+        0x2B, 0x16, 0x93, 0x91, 0x2E, 0xF1, 0x2E, 0xEB,
+        0xEA, 0x7A, 0xCF, 0x92, 0x34, 0xFB, 0x40, 0x9F,
+        0x2A, 0x60, 0x90, 0xE6, 0xB0, 0xBF, 0xD8, 0x95,
+        0x46, 0x9D, 0x0B, 0x2A, 0x92, 0x1B, 0xB7, 0x23,
+        0xF8, 0x7A, 0x33, 0xEA, 0x54, 0x65, 0xAB, 0x90,
+        0xF5, 0x14, 0xB6, 0x76, 0x98, 0xC0, 0x76, 0x8B,
+        0x6C, 0xA4, 0x98, 0xB0, 0x22, 0xC5, 0x12, 0xFA,
+        0x08, 0x75, 0xF0, 0x54, 0xAA, 0x22, 0x65, 0x86,
+        0x7E, 0x31, 0xC0, 0xE5, 0x22, 0x65, 0x1E, 0x02,
+        0x4A, 0x07, 0xD6, 0x0D, 0xD9, 0xF6, 0x33, 0x16,
+        0x69, 0x21, 0xF4, 0x12, 0x6B, 0xC2, 0xB6, 0xAA,
+        0x01, 0xCC, 0x15, 0xA0, 0x9B, 0x85, 0xBF, 0xF8,
+        0x21, 0x8C, 0x5A, 0xAE, 0x95, 0xBC, 0x1F, 0xFB,
+        0x26, 0xAE, 0x5A, 0x13, 0x76, 0x70, 0xF0, 0x49,
+        0x10, 0xCA, 0x9D, 0x72, 0x41, 0xB6, 0x66, 0x0C,
+        0x39, 0x4C, 0x54, 0x55, 0x91, 0x77, 0x46, 0xA2,
+        0x66, 0x82, 0xFB, 0x71, 0xA4, 0x32, 0xEA, 0x95,
+        0x30, 0xE8, 0x39, 0xBD, 0xEB, 0x07, 0x43, 0x30,
+        0x04, 0xF4, 0x5A, 0x0D, 0xDA, 0xA0, 0xB2, 0x4E,
+        0x3A, 0x56, 0x6A, 0x54, 0x08, 0x15, 0xF2, 0x81,
+        0xE3, 0xFC, 0x25, 0x9A, 0xC6, 0xCB, 0xC0, 0xAC,
+        0xB8, 0xD6, 0x22, 0x68, 0xB6, 0x03, 0xBC, 0x67,
+        0x6A, 0xB4, 0x15, 0xC4, 0x74, 0xBB, 0x94, 0x87,
+        0x3E, 0x44, 0x87, 0xAE, 0x31, 0xA4, 0xE3, 0x84,
+        0x5C, 0x79, 0x90, 0x15, 0x50, 0x89, 0x0E, 0xE8,
+        0x78, 0x4E, 0xEF, 0x90, 0x4F, 0xEE, 0x62, 0xBA,
+        0x8C, 0x5F, 0x95, 0x2C, 0x68, 0x41, 0x30, 0x52,
+        0xE0, 0xA7, 0xE3, 0x38, 0x8B, 0xB8, 0xFF, 0x0A,
+        0xD6, 0x02, 0xAE, 0x3E, 0xA1, 0x4D, 0x9D, 0xF6,
+        0xDD, 0x5E, 0x4C, 0xC6, 0xA3, 0x81, 0xA4, 0x1D,
+        0xA5, 0xC1, 0x37, 0xEC, 0xC4, 0x9D, 0xF5, 0x87,
+        0xE1, 0x78, 0xEA, 0xF4, 0x77, 0x02, 0xEC, 0x62,
+        0x37, 0x80, 0x69, 0x1A, 0x32, 0x33, 0xF6, 0x9F,
+        0x12, 0xBD, 0x9C, 0x9B, 0x96, 0x37, 0xC5, 0x13,
+        0x78, 0xAD, 0x71, 0xA8, 0x31, 0x05, 0x52, 0x77,
+        0x25, 0x4C, 0xC6, 0x3C, 0x5A, 0xD4, 0xCB, 0x76,
+        0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8,
+        0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F
+    };
+    static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = {
+        0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1,
+        0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68,
+        0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D,
+        0xF1, 0xF3, 0x7C, 0x9B, 0x17, 0xDC, 0xE7, 0x80,
+        0x76, 0x01, 0x9A, 0x6B, 0x0B, 0x7C, 0x95, 0xC9,
+        0xBE, 0x7A, 0xF2, 0x95, 0x07, 0xB2, 0xD5, 0xA6,
+        0x98, 0x7C, 0x8E, 0xE3, 0x25, 0x91, 0x90, 0x85,
+        0x52, 0x43, 0xE6, 0xE5, 0x6F, 0x56, 0x20, 0x60,
+        0x8C, 0x52, 0xD9, 0x6F, 0xAB, 0x10, 0x3A, 0x87,
+        0x00, 0xFB, 0xA1, 0xA8, 0x7D, 0xCA, 0x60, 0x78,
+        0x11, 0x8A, 0x08, 0x71, 0x76, 0x2C, 0x95, 0x34,
+        0xC0, 0xC0, 0xC3, 0x97, 0x8C, 0x91, 0xC3, 0xA0,
+        0x1F, 0x0F, 0x60, 0x8D, 0xCF, 0x75, 0x78, 0x15,
+        0x43, 0x8F, 0xE8, 0x95, 0x7C, 0x8A, 0x85, 0x91,
+        0x83, 0xB1, 0xB6, 0x72, 0x1A, 0x08, 0x65, 0xBE,
+        0xBC, 0x79, 0x9D, 0x4E, 0x5C, 0x0E, 0x7B, 0xD3,
+        0xEA, 0xE4, 0x85, 0x8E, 0x6A, 0xB6, 0xA2, 0xE7,
+        0x65, 0x8E, 0xD8, 0x0D, 0x4E, 0xD1, 0x58, 0xB0,
+        0x36, 0xB9, 0x3F, 0xA0, 0x3A, 0xFA, 0x6A, 0xE3,
+        0x13, 0x6C, 0xF3, 0xD6, 0x93, 0xC9, 0x11, 0xBC,
+        0xC7, 0x59, 0x05, 0xE5, 0xB0, 0xCB, 0x28, 0x65,
+        0xB9, 0xE9, 0x88, 0x45, 0x22, 0xA7, 0x77, 0x77,
+        0x61, 0x3E, 0x53, 0x11, 0x1D, 0x5A, 0x1C, 0x7D,
+        0x3D, 0xAB, 0x73, 0x4C, 0xEB, 0x03, 0x65, 0x7A,
+        0xE0, 0xC8, 0x97, 0x63, 0xE9, 0x94, 0x71, 0x05,
+        0x47, 0x76, 0xBA, 0xE7, 0xD5, 0x1B, 0x0E, 0x73,
+        0xA5, 0xBB, 0x35, 0xAE, 0xC3, 0x0F, 0xF6, 0xBC,
+        0x93, 0x68, 0x49, 0x16, 0xFE, 0xF1, 0x16, 0x25,
+        0x86, 0x45, 0x2F, 0x42, 0x66, 0x53, 0xE2, 0xCA,
+        0x84, 0x4D, 0x57, 0x44, 0x30, 0x7F, 0xF9, 0xAE,
+        0xB2, 0x87, 0xA6, 0x44, 0x77, 0x83, 0xB2, 0x1A,
+        0x0E, 0x93, 0x9C, 0x81, 0x42, 0x1D, 0x63, 0x1F,
+        0x5D, 0xCB, 0x45, 0x2E, 0x51, 0xED, 0x34, 0xE3,
+        0xDA, 0xD1, 0xCF, 0x50, 0x4E, 0x0A, 0x3B, 0x0F,
+        0x47, 0x11, 0xA8, 0xDC, 0x64, 0x99, 0xD1, 0x69,
+        0x1D, 0x10, 0x95, 0x69, 0x33, 0x6C, 0xE1, 0x55,
+        0x8A, 0x4C, 0x0A, 0x46, 0x4E, 0x20, 0x87, 0xEA,
+        0x8F, 0x9E, 0x3B, 0x18, 0xF7, 0x47, 0xEF, 0x61,
+        0xF4, 0x57, 0x6A, 0xEB, 0x42, 0xB1, 0x7C, 0xAD,
+        0xB7, 0xF0, 0xFD, 0x84, 0xDA, 0x8E, 0x3A, 0x6F,
+        0x47, 0x1D, 0x95, 0xED, 0xFA, 0x65, 0xBE, 0x9E,
+        0x6C, 0x9F, 0x6A, 0xE7, 0x56, 0xA2, 0x2A, 0x4F,
+        0x1A, 0x5C, 0x54, 0x3C, 0x26, 0xBA, 0x7B, 0xAD,
+        0x88, 0xE1, 0x6D, 0x5F, 0x5B, 0x7E, 0x12, 0xE2,
+        0xD4, 0xCA, 0x34, 0xB3, 0xA6, 0x4D, 0x17, 0xF8,
+        0x7C, 0xCF, 0xC4, 0xFF, 0x8C, 0x5E, 0x4F, 0x53,
+        0x75, 0x2A, 0x07, 0x7C, 0x68, 0x72, 0x1E, 0x8C,
+        0xC8, 0x17, 0xF9, 0xFF, 0x24, 0x87, 0x61, 0x70,
+        0xFF, 0x2A, 0xF8, 0x9F, 0xA9, 0x58, 0x55, 0xA5,
+        0xB1, 0xDE, 0x34, 0x7C, 0x07, 0xFD, 0xDB, 0xCF,
+        0xE7, 0x26, 0x4A, 0xA5, 0xED, 0x64, 0x01, 0x49,
+        0x15, 0x61, 0xD8, 0x31, 0x53, 0x8F, 0x85, 0x2B,
+        0x0E, 0xD7, 0xB9, 0xE8, 0xEB, 0xAF, 0xFC, 0x06,
+        0x02, 0x84, 0xF2, 0x2D, 0x2B, 0xAE, 0xE5, 0x6F,
+        0xA9, 0xF6, 0xD0, 0x14, 0x32, 0xA1, 0x15, 0xA2,
+        0xD6, 0xA6, 0x4C, 0x38, 0xAE, 0x0A, 0x50, 0xBA,
+        0x36, 0x2F, 0xB5, 0x7B, 0x53, 0xE3, 0xE8, 0x55,
+        0xB8, 0x3C, 0xE8, 0xC4, 0x22, 0x74, 0x04, 0x55,
+        0x99, 0xF6, 0x5F, 0xA6, 0xA8, 0x92, 0x1D, 0x85,
+        0xF9, 0x4E, 0xD2, 0x30, 0xB5, 0x16, 0x71, 0x2D,
+        0xB6, 0xFD, 0x2F, 0xF2, 0x8B, 0x3A, 0x33, 0x71,
+        0xD9, 0xBE, 0x05, 0x8A, 0xE7, 0x5C, 0x2F, 0xA5,
+        0x91, 0xB7, 0xEC, 0x3C, 0x3D, 0xAA, 0x1F, 0x76,
+        0x42, 0xBC, 0x26, 0xC3, 0x24, 0xC0, 0x80, 0x90,
+        0x60, 0x7E, 0x66, 0x62, 0x15, 0x4D, 0xB3, 0x7C,
+        0xF7, 0x47, 0x96, 0x7A, 0x1F, 0x9F, 0xC2, 0x90,
+        0x89, 0xF5, 0x70, 0xEB, 0xE6, 0x0E, 0xEE, 0xF8,
+        0x9F, 0xD2, 0x44, 0x81, 0x02, 0x8C, 0x85, 0xAE,
+        0xF1, 0xDC, 0x3B, 0x09, 0xF2, 0x2C, 0xD3, 0x69,
+        0x1B, 0xBB, 0xB8, 0x21, 0xC7, 0xA8, 0xA0, 0xF3,
+        0x5A, 0xD1, 0x2B, 0xE1, 0xDD, 0x19, 0x9B, 0x97,
+        0x70, 0x48, 0xF3, 0xD4, 0x8C, 0x16, 0xBB, 0x2C,
+        0xA9, 0x4C, 0xEC, 0xB8, 0x92, 0x87, 0x70, 0xD5,
+        0xBB, 0x32, 0x9A, 0x03, 0x27, 0xE0, 0xB2, 0x86,
+        0xFA, 0xA1, 0xC6, 0x52, 0x81, 0x03, 0x1A, 0x31,
+        0xC8, 0x4F, 0x2E, 0xDC, 0x9C, 0x04, 0xD4, 0x75,
+        0xED, 0x4E, 0x12, 0x8E, 0x51, 0xEF, 0xA9, 0x7D,
+        0x01, 0x48, 0xCB, 0xA6, 0xC9, 0x5F, 0x67, 0x4C,
+        0x58, 0x9F, 0x30, 0x1C, 0x26, 0x5B, 0xED, 0x70,
+        0x8E, 0x9A, 0xD8, 0xDA, 0x3C, 0x5C, 0xEC, 0xBD,
+        0xEE, 0xED, 0x35, 0xEF, 0x1E, 0x25, 0x31, 0x32,
+        0xBA, 0x89, 0x92, 0x0D, 0x78, 0x6B, 0x88, 0x23,
+        0x0B, 0x01, 0x3B, 0xCF, 0x2D, 0xC9, 0x2D, 0x6B,
+        0x15, 0x7A, 0xFA, 0x8D, 0xA8, 0x59, 0x2C, 0xD0,
+        0x74, 0x3D, 0x49, 0x82, 0xBE, 0x60, 0xD7, 0xC2,
+        0xD5, 0xC4, 0x72, 0xAB, 0x9F, 0xA7, 0xF4, 0xCC,
+        0x3D, 0x12, 0xB0, 0xEB, 0xAF, 0x0A, 0xBE, 0x55,
+        0x5C, 0x75, 0x80, 0x54, 0x26, 0x84, 0x4D, 0xD9,
+        0x42, 0x86, 0x43, 0xF8, 0x44, 0x06, 0xA1, 0xB8,
+        0xD6, 0xFA, 0xED, 0xFD, 0x8A, 0xE6, 0xE7, 0x3A,
+        0x72, 0x77, 0x2A, 0x21, 0x59, 0xAC, 0xAB, 0xD9,
+        0x72, 0xAE, 0xB6, 0xF7, 0xDE, 0x09, 0x1A, 0xC5,
+        0xFD, 0xD7, 0xF4, 0x9A, 0x3D, 0xC6, 0x64, 0x1C,
+        0xDF, 0x62, 0x44, 0x6B, 0x4B, 0x04, 0xA3, 0x1F,
+        0x73, 0xB8, 0x0A, 0x62, 0xF8, 0x0A, 0x40, 0x4A,
+        0x8C, 0xB1, 0x8C, 0xE3, 0xE6, 0x54, 0x80, 0xEF,
+        0x7B, 0x52, 0xBF, 0x00, 0x91, 0x11, 0x7E, 0x5D,
+        0x08, 0xEA, 0xE1, 0xB0, 0xAA, 0xBB, 0x72, 0xE6,
+        0xDF, 0xFF, 0xF7, 0x6F, 0x6E, 0x44, 0xBB, 0xD7,
+        0xEA, 0x57, 0x0D, 0x66, 0x04, 0xBC, 0x2E, 0x74,
+        0x31, 0x8B, 0xAF, 0xA3, 0x15, 0xA3, 0x88, 0x61,
+        0xAA, 0x1B, 0x21, 0xAF, 0xB2, 0xA5, 0x3F, 0x26,
+        0x14, 0xF1, 0xD6, 0x40, 0x07, 0x59, 0x84, 0xAE,
+        0x62, 0xE2, 0xFC, 0xA1, 0xD1, 0xB4, 0xDB, 0x36,
+        0x9F, 0x15, 0x70, 0x5C, 0xE7, 0xD4, 0xDF, 0x8A,
+        0xE9, 0x82, 0x64, 0x50, 0x10, 0x51, 0xC0, 0xDE,
+        0xF2, 0x1D, 0x64, 0x5D, 0x49, 0x62, 0x5A, 0xF0,
+        0x2C, 0xA4, 0x28, 0xD9, 0xF0, 0xC2, 0xCD, 0x9F,
+        0xBA, 0xEE, 0xAB, 0x97, 0xE8, 0xE9, 0x15, 0x16,
+        0x62, 0xB6, 0x99, 0x2B, 0x4C, 0x99, 0xAB, 0x1B,
+        0x92, 0x5D, 0x08, 0x92, 0x03, 0x63, 0x37, 0x3F,
+        0x76, 0xD3, 0xFD, 0xF0, 0x82, 0x8C, 0xAA, 0x69,
+        0xC8, 0xB1, 0xBD, 0xC6, 0xF5, 0x21, 0xDF, 0x64,
+        0x1C, 0xF1, 0xC8, 0xA4, 0xE7, 0xEF, 0x0C, 0x23,
+        0x28, 0x9A, 0x4E, 0x2C, 0xF1, 0x8A, 0xCE, 0xBB,
+        0xE4, 0xC1, 0xE6, 0x83, 0x69, 0xBD, 0x52, 0x35,
+        0x12, 0x01, 0x42, 0xEC, 0xDD, 0x1A, 0x73, 0x81,
+        0x1E, 0x2E, 0x53, 0x3A, 0x64, 0x7D, 0x7A, 0xEE,
+        0x16, 0xDA, 0xA0, 0x3B, 0x68, 0x36, 0x39, 0xDC,
+        0xF1, 0xE1, 0xF1, 0xE7, 0x1C, 0xFA, 0xED, 0x48,
+        0xF6, 0x9A, 0xEC, 0x3E, 0x83, 0x17, 0x33, 0xDA,
+        0x19, 0xCE, 0xBE, 0xC1, 0xDD, 0xBF, 0x71, 0xCB,
+        0xAE, 0x08, 0x00, 0xF2, 0xF6, 0xD6, 0x4A, 0x09,
+        0x6E, 0xC4, 0x95, 0xD6, 0x2F, 0x43, 0x44, 0xF7,
+        0xAA, 0x56, 0x21, 0xB3, 0x22, 0x35, 0x3A, 0x79,
+        0x5A, 0xA0, 0x99, 0xEA, 0x3A, 0x07, 0x02, 0x72,
+        0xD0, 0x53, 0xD4, 0x65, 0x3A, 0x20, 0xCF, 0x21,
+        0x0E, 0xAA, 0xF1, 0x2C, 0xAE, 0x60, 0x23, 0xD8,
+        0xE5, 0x11, 0x8D, 0xF0, 0x4B, 0x38, 0x4A, 0x44,
+        0xD1, 0xED, 0xB9, 0x1C, 0x44, 0x98, 0x9E, 0xF7,
+        0xEE, 0x57, 0xF2, 0xBF, 0x81, 0xA2, 0x4B, 0xDC,
+        0x76, 0x80, 0x7D, 0xA9, 0x67, 0xEE, 0x65, 0x25,
+        0x41, 0x0C, 0x5C, 0x48, 0x50, 0x67, 0xEF, 0xC3,
+        0xD3, 0x9A, 0x9A, 0xD4, 0x2C, 0xC7, 0x53, 0xBA,
+        0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00,
+        0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA
+    };
+    static const byte kprime_768[WC_ML_KEM_SS_SZ] = {
+        0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C,
+        0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2,
+        0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26,
+        0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = {
+        0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29,
+        0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79,
+        0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61,
+        0x0C, 0xF5, 0x2F, 0x14, 0xDB, 0xCB, 0x94, 0x7C,
+        0x1F, 0x3E, 0xE9, 0x26, 0x69, 0x67, 0x27, 0x6B,
+        0x0C, 0x57, 0x6C, 0xF7, 0xC3, 0x0E, 0xE6, 0xB9,
+        0x3D, 0xEA, 0x51, 0x18, 0x67, 0x6C, 0xBE, 0xE1,
+        0xB1, 0xD4, 0x79, 0x42, 0x06, 0xFB, 0x36, 0x9A,
+        0xBA, 0x41, 0x16, 0x7B, 0x43, 0x93, 0x85, 0x5C,
+        0x84, 0xEB, 0xA8, 0xF3, 0x23, 0x73, 0xC0, 0x5B,
+        0xAE, 0x76, 0x31, 0xC8, 0x02, 0x74, 0x4A, 0xAD,
+        0xB6, 0xC2, 0xDE, 0x41, 0x25, 0x0C, 0x49, 0x43,
+        0x15, 0x23, 0x0B, 0x52, 0x82, 0x6C, 0x34, 0x58,
+        0x7C, 0xB2, 0x1B, 0x18, 0x3B, 0x49, 0xB2, 0xA5,
+        0xAC, 0x04, 0x92, 0x1A, 0xC6, 0xBF, 0xAC, 0x1B,
+        0x24, 0xA4, 0xB3, 0x7A, 0x93, 0xA4, 0xB1, 0x68,
+        0xCC, 0xE7, 0x59, 0x1B, 0xE6, 0x11, 0x1F, 0x47,
+        0x62, 0x60, 0xF2, 0x76, 0x29, 0x59, 0xF5, 0xC1,
+        0x64, 0x01, 0x18, 0xC2, 0x42, 0x37, 0x72, 0xE2,
+        0xAD, 0x03, 0xDC, 0x71, 0x68, 0xA3, 0x8C, 0x6D,
+        0xD3, 0x9F, 0x5F, 0x72, 0x54, 0x26, 0x42, 0x80,
+        0xC8, 0xBC, 0x10, 0xB9, 0x14, 0x16, 0x80, 0x70,
+        0x47, 0x2F, 0xA8, 0x80, 0xAC, 0xB8, 0x60, 0x1A,
+        0x8A, 0x08, 0x37, 0xF2, 0x5F, 0xE1, 0x94, 0x68,
+        0x7C, 0xD6, 0x8B, 0x7D, 0xE2, 0x34, 0x0F, 0x03,
+        0x6D, 0xAD, 0x89, 0x1D, 0x38, 0xD1, 0xB0, 0xCE,
+        0x9C, 0x26, 0x33, 0x35, 0x5C, 0xF5, 0x7B, 0x50,
+        0xB8, 0x96, 0x03, 0x6F, 0xCA, 0x26, 0x0D, 0x26,
+        0x69, 0xF8, 0x5B, 0xAC, 0x79, 0x71, 0x4F, 0xDA,
+        0xFB, 0x41, 0xEF, 0x80, 0xB8, 0xC3, 0x02, 0x64,
+        0xC3, 0x13, 0x86, 0xAE, 0x60, 0xB0, 0x5F, 0xAA,
+        0x54, 0x2A, 0x26, 0xB4, 0x1E, 0xB8, 0x5F, 0x67,
+        0x06, 0x8F, 0x08, 0x80, 0x34, 0xFF, 0x67, 0xAA,
+        0x2E, 0x81, 0x5A, 0xAB, 0x8B, 0xCA, 0x6B, 0xF7,
+        0x1F, 0x70, 0xEC, 0xC3, 0xCB, 0xCB, 0xC4, 0x5E,
+        0xF7, 0x01, 0xFC, 0xD5, 0x42, 0xBD, 0x21, 0xC7,
+        0xB0, 0x95, 0x68, 0xF3, 0x69, 0xC6, 0x69, 0xF3,
+        0x96, 0x47, 0x38, 0x44, 0xFB, 0xA1, 0x49, 0x57,
+        0xF5, 0x19, 0x74, 0xD8, 0x52, 0xB9, 0x78, 0x01,
+        0x46, 0x03, 0xA2, 0x10, 0xC0, 0x19, 0x03, 0x62,
+        0x87, 0x00, 0x89, 0x94, 0xF2, 0x12, 0x55, 0xB2,
+        0x50, 0x99, 0xAD, 0x82, 0xAA, 0x13, 0x24, 0x38,
+        0x96, 0x3B, 0x2C, 0x0A, 0x47, 0xCD, 0xF5, 0xF3,
+        0x2B, 0xA4, 0x6B, 0x76, 0xC7, 0xA6, 0x55, 0x9F,
+        0x18, 0xBF, 0xD5, 0x55, 0xB7, 0x62, 0xE4, 0x87,
+        0xB6, 0xAC, 0x99, 0x2F, 0xE2, 0x0E, 0x28, 0x3C,
+        0xA0, 0xB3, 0xF6, 0x16, 0x44, 0x96, 0x95, 0x59,
+        0x95, 0xC3, 0xB2, 0x8A, 0x57, 0xBB, 0xC2, 0x98,
+        0x26, 0xF0, 0x6F, 0xB3, 0x8B, 0x25, 0x34, 0x70,
+        0xAF, 0x63, 0x1B, 0xC4, 0x6C, 0x3A, 0x8F, 0x9C,
+        0xE8, 0x24, 0x32, 0x19, 0x85, 0xDD, 0x01, 0xC0,
+        0x5F, 0x69, 0xB8, 0x24, 0xF9, 0x16, 0x63, 0x3B,
+        0x40, 0x65, 0x4C, 0x75, 0xAA, 0xEB, 0x93, 0x85,
+        0x57, 0x6F, 0xFD, 0xE2, 0x99, 0x0A, 0x6B, 0x0A,
+        0x3B, 0xE8, 0x29, 0xD6, 0xD8, 0x4E, 0x34, 0xF1,
+        0x78, 0x05, 0x89, 0xC7, 0x92, 0x04, 0xC6, 0x3C,
+        0x79, 0x8F, 0x55, 0xD2, 0x31, 0x87, 0xE4, 0x61,
+        0xD4, 0x8C, 0x21, 0xE5, 0xC0, 0x47, 0xE5, 0x35,
+        0xB1, 0x9F, 0x45, 0x8B, 0xBA, 0x13, 0x45, 0xB9,
+        0xE4, 0x1E, 0x0C, 0xB4, 0xA9, 0xC2, 0xD8, 0xC4,
+        0x0B, 0x49, 0x0A, 0x3B, 0xAB, 0xC5, 0x53, 0xB3,
+        0x02, 0x6B, 0x16, 0x72, 0xD2, 0x8C, 0xBC, 0x8B,
+        0x49, 0x8A, 0x3A, 0x99, 0x57, 0x9A, 0x83, 0x2F,
+        0xEA, 0xE7, 0x46, 0x10, 0xF0, 0xB6, 0x25, 0x0C,
+        0xC3, 0x33, 0xE9, 0x49, 0x3E, 0xB1, 0x62, 0x1E,
+        0xD3, 0x4A, 0xA4, 0xAB, 0x17, 0x5F, 0x2C, 0xA2,
+        0x31, 0x15, 0x25, 0x09, 0xAC, 0xB6, 0xAC, 0x86,
+        0xB2, 0x0F, 0x6B, 0x39, 0x10, 0x84, 0x39, 0xE5,
+        0xEC, 0x12, 0xD4, 0x65, 0xA0, 0xFE, 0xF3, 0x50,
+        0x03, 0xE1, 0x42, 0x77, 0xA2, 0x18, 0x12, 0x14,
+        0x6B, 0x25, 0x44, 0x71, 0x6D, 0x6A, 0xB8, 0x2D,
+        0x1B, 0x07, 0x26, 0xC2, 0x7A, 0x98, 0xD5, 0x89,
+        0xEB, 0xDA, 0xCC, 0x4C, 0x54, 0xBA, 0x77, 0xB2,
+        0x49, 0x8F, 0x21, 0x7E, 0x14, 0xE3, 0x4E, 0x66,
+        0x02, 0x5A, 0x2A, 0x14, 0x3A, 0x99, 0x25, 0x20,
+        0xA6, 0x1C, 0x06, 0x72, 0xCC, 0x9C, 0xCE, 0xD7,
+        0xC9, 0x45, 0x0C, 0x68, 0x3E, 0x90, 0xA3, 0xE4,
+        0x65, 0x1D, 0xB6, 0x23, 0xA6, 0xDB, 0x39, 0xAC,
+        0x26, 0x12, 0x5B, 0x7F, 0xC1, 0x98, 0x6D, 0x7B,
+        0x04, 0x93, 0xB8, 0xB7, 0x2D, 0xE7, 0x70, 0x7D,
+        0xC2, 0x0B, 0xBD, 0xD4, 0x37, 0x13, 0x15, 0x6A,
+        0xF7, 0xD9, 0x43, 0x0E, 0xF4, 0x53, 0x99, 0x66,
+        0x3C, 0x22, 0x02, 0x73, 0x91, 0x68, 0x69, 0x2D,
+        0xD6, 0x57, 0x54, 0x5B, 0x05, 0x6D, 0x9C, 0x92,
+        0x38, 0x5A, 0x7F, 0x41, 0x4B, 0x34, 0xB9, 0x0C,
+        0x79, 0x60, 0xD5, 0x7B, 0x35, 0xBA, 0x7D, 0xDE,
+        0x7B, 0x81, 0xFC, 0xA0, 0x11, 0x9D, 0x74, 0x1B,
+        0x12, 0x78, 0x09, 0x26, 0x01, 0x8F, 0xE4, 0xC8,
+        0x03, 0x0B, 0xF0, 0x38, 0xE1, 0x8B, 0x4F, 0xA3,
+        0x37, 0x43, 0xD0, 0xD3, 0xC8, 0x46, 0x41, 0x7E,
+        0x9D, 0x59, 0x15, 0xC2, 0x46, 0x31, 0x59, 0x38,
+        0xB1, 0xE2, 0x33, 0x61, 0x45, 0x01, 0xD0, 0x26,
+        0x95, 0x95, 0x51, 0x25, 0x8B, 0x23, 0x32, 0x30,
+        0xD4, 0x28, 0xB1, 0x81, 0xB1, 0x32, 0xF1, 0xD0,
+        0xB0, 0x26, 0x06, 0x7B, 0xA8, 0x16, 0x99, 0x9B,
+        0xC0, 0xCD, 0x6B, 0x54, 0x7E, 0x54, 0x8B, 0x63,
+        0xC9, 0xEA, 0xA0, 0x91, 0xBA, 0xC4, 0x93, 0xDC,
+        0x59, 0x8D, 0xBC, 0x2B, 0x0E, 0x14, 0x6A, 0x25,
+        0x91, 0xC2, 0xA8, 0xC0, 0x09, 0xDD, 0x51, 0x70,
+        0xAA, 0xE0, 0x27, 0xC5, 0x41, 0xA1, 0xB5, 0xE6,
+        0x6E, 0x45, 0xC6, 0x56, 0x12, 0x98, 0x4C, 0x46,
+        0x77, 0x04, 0x93, 0xEC, 0x89, 0x6E, 0xF2, 0x5A,
+        0xA9, 0x30, 0x5E, 0x9F, 0x06, 0x69, 0x2C, 0xD0,
+        0xB2, 0xF0, 0x69, 0x62, 0xE2, 0x05, 0xBE, 0xBE,
+        0x11, 0x3A, 0x34, 0xEB, 0xB1, 0xA4, 0x83, 0x0A,
+        0x9B, 0x37, 0x49, 0x64, 0x1B, 0xB9, 0x35, 0x00,
+        0x7B, 0x23, 0xB2, 0x4B, 0xFE, 0x57, 0x69, 0x56,
+        0x25, 0x4D, 0x7A, 0x35, 0xAA, 0x49, 0x6A, 0xC4,
+        0x46, 0xC6, 0x7A, 0x7F, 0xEC, 0x85, 0xA6, 0x00,
+        0x57, 0xE8, 0x58, 0x06, 0x17, 0xBC, 0xB3, 0xFA,
+        0xD1, 0x5C, 0x76, 0x44, 0x0F, 0xED, 0x54, 0xCC,
+        0x78, 0x93, 0x94, 0xFE, 0xA2, 0x44, 0x52, 0xCC,
+        0x6B, 0x05, 0x85, 0xB7, 0xEB, 0x0A, 0x88, 0xBB,
+        0xA9, 0x50, 0x0D, 0x98, 0x00, 0xE6, 0x24, 0x1A,
+        0xFE, 0xB5, 0x23, 0xB5, 0x5A, 0x96, 0xA5, 0x35,
+        0x15, 0x1D, 0x10, 0x49, 0x57, 0x32, 0x06, 0xE5,
+        0x9C, 0x7F, 0xEB, 0x07, 0x09, 0x66, 0x82, 0x36,
+        0x34, 0xF7, 0x7D, 0x5F, 0x12, 0x91, 0x75, 0x5A,
+        0x24, 0x31, 0x19, 0x62, 0x1A, 0xF8, 0x08, 0x4A,
+        0xB7, 0xAC, 0x1E, 0x22, 0xA0, 0x56, 0x8C, 0x62,
+        0x01, 0x41, 0x7C, 0xBE, 0x36, 0x55, 0xD8, 0xA0,
+        0x8D, 0xD5, 0xB5, 0x13, 0x88, 0x4C, 0x98, 0xD5,
+        0xA4, 0x93, 0xFD, 0x49, 0x38, 0x2E, 0xA4, 0x18,
+        0x60, 0xF1, 0x33, 0xCC, 0xD6, 0x01, 0xE8, 0x85,
+        0x96, 0x64, 0x26, 0xA2, 0xB1, 0xF2, 0x3D, 0x42,
+        0xD8, 0x2E, 0x24, 0x58, 0x2D, 0x99, 0x72, 0x51,
+        0x92, 0xC2, 0x17, 0x77, 0x46, 0x7B, 0x14, 0x57,
+        0xB1, 0xDD, 0x42, 0x9A, 0x0C, 0x41, 0xA5, 0xC3,
+        0xD7, 0x04, 0xCE, 0xA0, 0x62, 0x78, 0xC5, 0x99,
+        0x41, 0xB4, 0x38, 0xC6, 0x27, 0x27, 0x09, 0x78,
+        0x09, 0xB4, 0x53, 0x0D, 0xBE, 0x83, 0x7E, 0xA3,
+        0x96, 0xB6, 0xD3, 0x10, 0x77, 0xFA, 0xD3, 0x73,
+        0x30, 0x53, 0x98, 0x9A, 0x84, 0x42, 0xAA, 0xC4,
+        0x25, 0x5C, 0xB1, 0x63, 0xB8, 0xCA, 0x2F, 0x27,
+        0x50, 0x1E, 0xA9, 0x67, 0x30, 0x56, 0x95, 0xAB,
+        0xD6, 0x59, 0xAA, 0x02, 0xC8, 0x3E, 0xE6, 0x0B,
+        0xB5, 0x74, 0x20, 0x3E, 0x99, 0x37, 0xAE, 0x1C,
+        0x62, 0x1C, 0x8E, 0xCB, 0x5C, 0xC1, 0xD2, 0x1D,
+        0x55, 0x69, 0x60, 0xB5, 0xB9, 0x16, 0x1E, 0xA9,
+        0x6F, 0xFF, 0xEB, 0xAC, 0x72, 0xE1, 0xB8, 0xA6,
+        0x15, 0x4F, 0xC4, 0xD8, 0x8B, 0x56, 0xC0, 0x47,
+        0x41, 0xF0, 0x90, 0xCB, 0xB1, 0x56, 0xA7, 0x37,
+        0xC9, 0xE6, 0xA2, 0x2B, 0xA8, 0xAC, 0x70, 0x4B,
+        0xC3, 0x04, 0xF8, 0xE1, 0x7E, 0x5E, 0xA8, 0x45,
+        0xFD, 0xE5, 0x9F, 0xBF, 0x78, 0x8C, 0xCE, 0x0B,
+        0x97, 0xC8, 0x76, 0x1F, 0x89, 0xA2, 0x42, 0xF3,
+        0x05, 0x25, 0x83, 0xC6, 0x84, 0x4A, 0x63, 0x20,
+        0x31, 0xC9, 0x64, 0xA6, 0xC4, 0xA8, 0x5A, 0x12,
+        0x8A, 0x28, 0x61, 0x9B, 0xA1, 0xBB, 0x3D, 0x1B,
+        0xEA, 0x4B, 0x49, 0x84, 0x1F, 0xC8, 0x47, 0x61,
+        0x4A, 0x06, 0x68, 0x41, 0xF5, 0x2E, 0xD0, 0xEB,
+        0x8A, 0xE0, 0xB8, 0xB0, 0x96, 0xE9, 0x2B, 0x81,
+        0x95, 0x40, 0x58, 0x15, 0xB2, 0x31, 0x26, 0x6F,
+        0x36, 0xB1, 0x8C, 0x1A, 0x53, 0x33, 0x3D, 0xAB,
+        0x95, 0xD2, 0xA9, 0xA3, 0x74, 0xB5, 0x47, 0x8A,
+        0x4A, 0x41, 0xFB, 0x87, 0x59, 0x95, 0x7C, 0x9A,
+        0xB2, 0x2C, 0xAE, 0x54, 0x5A, 0xB5, 0x44, 0xBA,
+        0x8D, 0xD0, 0x5B, 0x83, 0xF3, 0xA6, 0x13, 0xA2,
+        0x43, 0x7A, 0xDB, 0x07, 0x3A, 0x96, 0x35, 0xCB,
+        0x4B, 0xBC, 0x96, 0x5F, 0xB4, 0x54, 0xCF, 0x27,
+        0xB2, 0x98, 0xA4, 0x0C, 0xD0, 0xDA, 0x3B, 0x8F,
+        0x9C, 0xA9, 0x9D, 0x8C, 0xB4, 0x28, 0x6C, 0x5E,
+        0xB4, 0x76, 0x41, 0x67, 0x96, 0x07, 0x0B, 0xA5,
+        0x35, 0xAA, 0xA5, 0x8C, 0xDB, 0x45, 0x1C, 0xD6,
+        0xDB, 0x5C, 0xBB, 0x0C, 0xA2, 0x0F, 0x0C, 0x71,
+        0xDE, 0x97, 0xC3, 0x0D, 0xA9, 0x7E, 0xC7, 0x90,
+        0x6D, 0x06, 0xB4, 0xB9, 0x39, 0x39, 0x60, 0x28,
+        0xC4, 0x6B, 0xA0, 0xE7, 0xA8, 0x65, 0xBC, 0x83,
+        0x08, 0xA3, 0x81, 0x0F, 0x12, 0x12, 0x00, 0x63,
+        0x39, 0xF7, 0xBC, 0x16, 0x9B, 0x16, 0x66, 0xFD,
+        0xF4, 0x75, 0x91, 0x1B, 0xBC, 0x8A, 0xAA, 0xB4,
+        0x17, 0x55, 0xC9, 0xA8, 0xAA, 0xBF, 0xA2, 0x3C,
+        0x0E, 0x37, 0xF8, 0x4F, 0xE4, 0x69, 0x99, 0xE0,
+        0x30, 0x49, 0x4B, 0x92, 0x98, 0xEF, 0x99, 0x34,
+        0xE8, 0xA6, 0x49, 0xC0, 0xA5, 0xCC, 0xE2, 0xB2,
+        0x2F, 0x31, 0x80, 0x9A, 0xFE, 0xD2, 0x39, 0x55,
+        0xD8, 0x78, 0x81, 0xD9, 0x9F, 0xC1, 0xD3, 0x52,
+        0x89, 0x6C, 0xAC, 0x90, 0x55, 0xBE, 0xA0, 0xD0,
+        0x16, 0xCC, 0xBA, 0x78, 0x05, 0xA3, 0xA5, 0x0E,
+        0x22, 0x16, 0x30, 0x37, 0x9B, 0xD0, 0x11, 0x35,
+        0x22, 0x1C, 0xAD, 0x5D, 0x95, 0x17, 0xC8, 0xCC,
+        0x42, 0x63, 0x7B, 0x9F, 0xC0, 0x71, 0x8E, 0x9A,
+        0x9B, 0xB4, 0x94, 0x5C, 0x72, 0xD8, 0xD1, 0x1D,
+        0x3D, 0x65, 0x9D, 0x83, 0xA3, 0xC4, 0x19, 0x50,
+        0x9A, 0xF5, 0xB4, 0x70, 0xDD, 0x89, 0xB7, 0xF3,
+        0xAC, 0xCF, 0x5F, 0x35, 0xCF, 0xC3, 0x22, 0x11,
+        0x5F, 0xD6, 0x6A, 0x5C, 0xD2, 0x87, 0x56, 0x51,
+        0x32, 0x6F, 0x9B, 0x31, 0x68, 0x91, 0x3B, 0xE5,
+        0xB9, 0xC8, 0x7A, 0xE0, 0xB0, 0x25, 0xEC, 0x7A,
+        0x2F, 0x4A, 0x07, 0x27, 0x50, 0x94, 0x6A, 0xC6,
+        0x11, 0x70, 0xA7, 0x82, 0x6D, 0x97, 0x04, 0xC5,
+        0xA2, 0x3A, 0x1C, 0x0A, 0x23, 0x25, 0x14, 0x6C,
+        0x3B, 0xC1, 0x85, 0x88, 0x26, 0xC6, 0xB3, 0x92,
+        0x79, 0xC2, 0xDA, 0x74, 0x38, 0xA3, 0x70, 0xED,
+        0x8A, 0x0A, 0xA5, 0x16, 0x9E, 0x3B, 0xEC, 0x29,
+        0xED, 0x88, 0x47, 0x87, 0x32, 0x75, 0x8D, 0x45,
+        0x41, 0x43, 0xE2, 0x27, 0xF8, 0x59, 0x58, 0x83,
+        0x29, 0x78, 0x42, 0xE6, 0xAF, 0x13, 0x3B, 0x17,
+        0xE4, 0x81, 0x1B, 0x0F, 0x57, 0x13, 0xAC, 0x73,
+        0xB7, 0xE3, 0x47, 0x42, 0x3E, 0xB9, 0x28, 0x22,
+        0xD2, 0x30, 0x6F, 0xA1, 0x45, 0x00, 0xA7, 0x20,
+        0x7A, 0x06, 0x72, 0x67, 0x20, 0x46, 0x54, 0x4A,
+        0xCC, 0x4E, 0xA9, 0xC1, 0x6E, 0xD7, 0x42, 0x1A,
+        0x06, 0x9E, 0x0D, 0x73, 0x7A, 0x98, 0x62, 0x85,
+        0x19, 0xC6, 0xA2, 0x9A, 0x42, 0x4A, 0x86, 0x8B,
+        0x46, 0xD9, 0xA0, 0xCC, 0x7C, 0x6C, 0x9D, 0xDD,
+        0x8B, 0x8B, 0xCB, 0xF4, 0x22, 0xC8, 0xF4, 0x8A,
+        0x73, 0x14, 0x3D, 0x5A, 0xBB, 0x66, 0xBC, 0x55,
+        0x49, 0x94, 0x18, 0x43, 0x08, 0x02, 0xBA, 0xC5,
+        0x44, 0x46, 0x3C, 0xC7, 0x31, 0x9D, 0x17, 0x99,
+        0x8F, 0x29, 0x41, 0x13, 0x65, 0x76, 0x6D, 0x04,
+        0xC8, 0x47, 0xF3, 0x12, 0x9D, 0x90, 0x77, 0xB7,
+        0xD8, 0x33, 0x9B, 0xFB, 0x96, 0xA6, 0x73, 0x9C,
+        0x3F, 0x6B, 0x74, 0xA8, 0xF0, 0x5F, 0x91, 0x38,
+        0xAB, 0x2F, 0xE3, 0x7A, 0xCB, 0x57, 0x63, 0x4D,
+        0x18, 0x20, 0xB5, 0x01, 0x76, 0xF5, 0xA0, 0xB6,
+        0xBC, 0x29, 0x40, 0xF1, 0xD5, 0x93, 0x8F, 0x19,
+        0x36, 0xB5, 0xF9, 0x58, 0x28, 0xB9, 0x2E, 0xB7,
+        0x29, 0x73, 0xC1, 0x59, 0x0A, 0xEB, 0x7A, 0x55,
+        0x2C, 0xEC, 0xA1, 0x0B, 0x00, 0xC3, 0x03, 0xB7,
+        0xC7, 0x5D, 0x40, 0x20, 0x71, 0xA7, 0x9E, 0x2C,
+        0x81, 0x0A, 0xF7, 0xC7, 0x45, 0xE3, 0x33, 0x67,
+        0x12, 0x49, 0x2A, 0x42, 0x04, 0x3F, 0x29, 0x03,
+        0xA3, 0x7C, 0x64, 0x34, 0xCE, 0xE2, 0x0B, 0x1D,
+        0x15, 0x9B, 0x05, 0x76, 0x99, 0xFF, 0x9C, 0x1D,
+        0x3B, 0xD6, 0x80, 0x29, 0x83, 0x9A, 0x08, 0xF4,
+        0x3E, 0x6C, 0x1C, 0x81, 0x99, 0x13, 0x53, 0x2F,
+        0x91, 0x1D, 0xD3, 0x70, 0xC7, 0x02, 0x14, 0x88,
+        0xE1, 0x1C, 0xB5, 0x04, 0xCB, 0x9C, 0x70, 0x57,
+        0x0F, 0xFF, 0x35, 0xB4, 0xB4, 0x60, 0x11, 0x91,
+        0xDC, 0x1A, 0xD9, 0xE6, 0xAD, 0xC5, 0xFA, 0x96,
+        0x18, 0x79, 0x8D, 0x7C, 0xC8, 0x60, 0xC8, 0x7A,
+        0x93, 0x9E, 0x4C, 0xCF, 0x85, 0x33, 0x63, 0x22,
+        0x68, 0xCF, 0x1A, 0x51, 0xAF, 0xF0, 0xCB, 0x81,
+        0x1C, 0x55, 0x45, 0xCB, 0x16, 0x56, 0xE6, 0x52,
+        0x69, 0x47, 0x74, 0x30, 0x69, 0x9C, 0xCD, 0xEA,
+        0x38, 0x00, 0x63, 0x0B, 0x78, 0xCD, 0x58, 0x10,
+        0x33, 0x4C, 0xCF, 0x02, 0xE0, 0x13, 0xF3, 0xB8,
+        0x02, 0x44, 0xE7, 0x0A, 0xCD, 0xB0, 0x60, 0xBB,
+        0xE7, 0xA5, 0x53, 0xB0, 0x63, 0x45, 0x6B, 0x2E,
+        0xA8, 0x07, 0x47, 0x34, 0x13, 0x16, 0x5C, 0xE5,
+        0x7D, 0xD5, 0x63, 0x47, 0x3C, 0xFB, 0xC9, 0x06,
+        0x18, 0xAD, 0xE1, 0xF0, 0xB8, 0x88, 0xAA, 0x48,
+        0xE7, 0x22, 0xBB, 0x27, 0x51, 0x85, 0x8F, 0xE1,
+        0x96, 0x87, 0x44, 0x2A, 0x48, 0xE7, 0xCA, 0x0D,
+        0x2A, 0x29, 0xCD, 0x51, 0xBF, 0xD8, 0xF7, 0x8C,
+        0x17, 0xB9, 0x66, 0x0B, 0xFB, 0x54, 0xA4, 0x70,
+        0xB2, 0xAE, 0x9A, 0x95, 0x5C, 0x6A, 0xB8, 0xD6,
+        0xE5, 0xCC, 0x92, 0xAC, 0x8E, 0xD3, 0xC1, 0x85,
+        0xDA, 0xA8, 0xBC, 0x29, 0xF0, 0x57, 0x8E, 0xBB,
+        0x81, 0x2B, 0x97, 0xC9, 0xE5, 0xA8, 0x48, 0xA6,
+        0x38, 0x4D, 0xE4, 0xE7, 0x5A, 0x31, 0x47, 0x0B,
+        0x53, 0x06, 0x6A, 0x8D, 0x02, 0x7B, 0xA4, 0x4B,
+        0x21, 0x74, 0x9C, 0x04, 0x92, 0x46, 0x5F, 0x90,
+        0x72, 0xB2, 0x83, 0x76, 0xC4, 0xE2, 0x90, 0xB3,
+        0x0C, 0x18, 0x63, 0xF9, 0xE5, 0xB7, 0x99, 0x96,
+        0x08, 0x34, 0x22, 0xBD, 0x8C, 0x27, 0x2C, 0x10,
+        0xEC, 0xC6, 0xEB, 0x9A, 0x0A, 0x82, 0x25, 0xB3,
+        0x1A, 0xA0, 0xA6, 0x6E, 0x35, 0xB9, 0xC0, 0xB9,
+        0xA7, 0x95, 0x82, 0xBA, 0x20, 0xA3, 0xC0, 0x4C,
+        0xD2, 0x99, 0x14, 0xF0, 0x83, 0xA0, 0x15, 0x82,
+        0x88, 0xBA, 0x4D, 0x6E, 0xB6, 0x2D, 0x87, 0x26,
+        0x4B, 0x91, 0x2B, 0xCA, 0x39, 0x73, 0x2F, 0xBD,
+        0xE5, 0x36, 0xA3, 0x77, 0xAD, 0x02, 0xB8, 0xC8,
+        0x35, 0xD4, 0xA2, 0xF4, 0xE7, 0xB1, 0xCE, 0x11,
+        0x5D, 0x0C, 0x86, 0x0B, 0xEA, 0xA7, 0x95, 0x5A,
+        0x49, 0xAD, 0x68, 0x95, 0x86, 0xA8, 0x9A, 0x2B,
+        0x9F, 0x9B, 0x10, 0xD1, 0x59, 0x5D, 0x2F, 0xC0,
+        0x65, 0xAD, 0x01, 0x8A, 0x7D, 0x56, 0xC6, 0x14,
+        0x47, 0x1F, 0x8E, 0x94, 0x6F, 0xE8, 0xAB, 0x49,
+        0xE8, 0x22, 0x65, 0x91, 0x11, 0x9F, 0xCA, 0xDB,
+        0x4F, 0x9A, 0x86, 0x16, 0x31, 0x37, 0x87, 0x36,
+        0xB6, 0x68, 0x8B, 0x78, 0x2D, 0x58, 0xE9, 0x7E,
+        0x45, 0x72, 0x75, 0x3A, 0x96, 0x64, 0xB6, 0xB8,
+        0x53, 0x68, 0x12, 0xB2, 0x59, 0x11, 0xAA, 0x76,
+        0xA2, 0x42, 0x37, 0x54, 0x33, 0x19, 0x27, 0x38,
+        0xEE, 0xE7, 0x62, 0xF6, 0xB8, 0x43, 0x15, 0xBB,
+        0x34, 0x36, 0x23, 0x1E, 0x0A, 0x9B, 0x27, 0x7E,
+        0xD2, 0x8A, 0xE0, 0x05, 0x07, 0x28, 0x34, 0x64,
+        0x57, 0xE1, 0x34, 0x05, 0x06, 0x2D, 0xB2, 0x80,
+        0x4B, 0x8D, 0xA6, 0x0B, 0xB5, 0xC7, 0x93, 0xD4,
+        0xCC, 0x0E, 0x10, 0x1C, 0xBA, 0x2D, 0x91, 0x82,
+        0xFD, 0x71, 0x24, 0xFF, 0x52, 0xBF, 0x4C, 0xA2,
+        0x82, 0x92, 0xAC, 0x26, 0xD6, 0x78, 0x08, 0x89,
+        0x53, 0x97, 0x1D, 0xBA, 0x0B, 0x6F, 0xEC, 0x2C,
+        0x96, 0x59, 0x35, 0x32, 0x91, 0xC7, 0x0C, 0x5B,
+        0x92, 0x45, 0xA0, 0xCA, 0x25, 0x33, 0x04, 0xAF,
+        0xD3, 0xC9, 0x51, 0x02, 0xBE, 0xA6, 0x68, 0x75,
+        0xC6, 0x20, 0x16, 0x80, 0xB4, 0xBD, 0xA3, 0x86,
+        0x87, 0xB6, 0x48, 0xC2, 0x8E, 0xB3, 0x74, 0x78,
+        0xE3, 0xBC, 0x00, 0xCA, 0x8A, 0x3C, 0xC2, 0x72,
+        0x04, 0x64, 0x2B, 0x42, 0xB6, 0x8F, 0xCB, 0xE7,
+        0xB2, 0x1A, 0x36, 0x6D, 0x06, 0x68, 0xA5, 0x02,
+        0x9A, 0x7D, 0xEE, 0xF9, 0x4C, 0xDD, 0x6A, 0x95,
+        0xD7, 0xEA, 0x89, 0x31, 0x67, 0x3B, 0xF7, 0x11,
+        0x2D, 0x40, 0x42, 0x10, 0x7B, 0x1B, 0x8B, 0x97,
+        0x00, 0xC9, 0x74, 0xF9, 0xC4, 0xE8, 0x3A, 0x8F,
+        0xAC, 0xD8, 0x9B, 0xFE, 0x0C, 0xA3, 0xCC, 0x4C,
+        0x2F, 0xCE, 0x80, 0xA0, 0x3D, 0x35, 0x76, 0xC2,
+        0x22, 0xA7, 0x92, 0xB7, 0x2B, 0x1F, 0x07, 0x0A,
+        0xB7, 0xF6, 0xB6, 0xF2, 0xB5, 0xCA, 0x2A, 0xF5,
+        0x05, 0x4A, 0xFA, 0x70, 0xA8, 0x96, 0x99, 0x01,
+        0x59, 0xB4, 0x5D, 0x10, 0x03, 0xE2, 0xA0, 0x56,
+        0x48, 0x67, 0x5E, 0x59, 0x60, 0x16, 0xF1, 0xB7,
+        0x1D, 0xD0, 0xF7, 0xBD, 0xA7, 0xE2, 0x09, 0x7F,
+        0xC7, 0x3B, 0x3A, 0x14, 0x3D, 0x12, 0xC7, 0x26,
+        0x02, 0x0A, 0xC3, 0x49, 0x58, 0xAD, 0x70, 0x62,
+        0xB9, 0x2B, 0x9A, 0xBF, 0x3C, 0xA6, 0xBE, 0x5A,
+        0xE2, 0x9F, 0x57, 0x13, 0x5E, 0x62, 0x5A, 0x36,
+        0x79, 0x71, 0x83, 0x7E, 0x63, 0x63, 0xD1, 0x53,
+        0x20, 0x94, 0xE0, 0x22, 0xA2, 0x34, 0x67, 0xCF,
+        0x93, 0x2E, 0x1F, 0x89, 0xB5, 0xB0, 0x80, 0x3C,
+        0x1E, 0xC9, 0x9B, 0x58, 0x5A, 0x78, 0xB5, 0x86,
+        0x50, 0x96, 0x74, 0x6F, 0x32, 0x25, 0x82, 0x14,
+        0xEC, 0xB3, 0x80, 0x65, 0xC9, 0x7F, 0x45, 0x5E,
+        0x15, 0x5A, 0xCC, 0x2D, 0xD0, 0x05, 0xA9, 0xC7,
+        0x6B, 0xED, 0x59, 0xCD, 0xA7, 0x38, 0x37, 0xD3,
+        0x03, 0x50, 0x4E, 0x6C, 0x97, 0x6A, 0x60, 0x6A,
+        0x2B, 0xE7, 0xBB, 0xEC, 0x59, 0x48, 0xB9, 0x1A,
+        0x34, 0x9E, 0x89, 0x36, 0x68, 0x8C, 0xC0, 0x27,
+        0x97, 0x54, 0xB7, 0x43, 0xAB, 0xC5, 0x86, 0x66,
+        0xB1, 0x9B, 0x6C, 0x32, 0x60, 0x05, 0x1F, 0x19,
+        0x20, 0x6B, 0xB9, 0x62, 0xBB, 0x66, 0x33, 0xEB,
+        0x00, 0x48, 0xE3, 0x2B, 0xAA, 0xCC, 0x5B, 0x02,
+        0x0D, 0x02, 0xC8, 0x6C, 0xA9, 0x77, 0x0A, 0xD4,
+        0x69, 0xDB, 0x54, 0xA1, 0x06, 0xAC, 0x73, 0xA3,
+        0x5B, 0x80, 0x57, 0x42, 0x2B, 0x3D, 0xB2, 0x02,
+        0xC5, 0xA5, 0xB4, 0xE3, 0xD5, 0x35, 0xF0, 0xFC,
+        0x99, 0x32, 0x6C, 0x4B, 0x8B, 0x7B, 0x16, 0xF1,
+        0xCB, 0x5A, 0xF9, 0x68, 0x03, 0xFA, 0x8C, 0x19,
+        0x5F, 0xC0, 0xBC, 0xED, 0xDA, 0xAF, 0x01, 0x2A,
+        0x51, 0x72, 0x8B, 0x76, 0x48, 0x90, 0x82, 0x37,
+        0x3C, 0x91, 0xE9, 0x2C, 0x87, 0xAC, 0xCA, 0x79,
+        0x51, 0x60, 0x78, 0x2E, 0x3B, 0x0D, 0xD6, 0x43,
+        0x54, 0x4B, 0xB9, 0x6A, 0xBC, 0x27, 0x08, 0xD4,
+        0x9B, 0x75, 0x9C, 0xF0, 0x57, 0xAA, 0x22, 0x3B,
+        0xAF, 0xD9, 0x6A, 0x33, 0x0B, 0xAF, 0x39, 0x81,
+        0x0F, 0xE8, 0x67, 0x1B, 0x43, 0x43, 0xC2, 0x97,
+        0xDA, 0x1E, 0x19, 0x69, 0xC9, 0x96, 0x21, 0x6A,
+        0xB5, 0x10, 0x6D, 0xA6, 0x68, 0x94, 0x1B, 0x16,
+        0x0D, 0x44, 0x77, 0x01, 0x71, 0x36, 0xCB, 0xCA,
+        0x5B, 0x5A, 0x8D, 0x44, 0xC4, 0xA8, 0xB1, 0xCF,
+        0x3E, 0xF7, 0x97, 0x85, 0xE5, 0xAA, 0x25, 0xC3,
+        0xA1, 0xAD, 0x6C, 0x24, 0xFD, 0x14, 0x0F, 0x79,
+        0x20, 0x7D, 0xE5, 0xA4, 0x99, 0xF8, 0xA1, 0x53,
+        0x4F, 0xFA, 0x80, 0x4A, 0xA7, 0xB3, 0x88, 0x9C,
+        0xBE, 0x25, 0xC0, 0x41, 0x47, 0x04, 0xAA, 0x57,
+        0x89, 0x7F, 0x17, 0x86, 0x23, 0x64, 0xEC, 0xA5,
+        0x62, 0x58, 0x00, 0x72, 0x48, 0x81, 0x39, 0x12,
+        0xB8, 0x36, 0x49, 0x7F, 0x03, 0x59, 0xC2, 0xF7,
+        0x23, 0x8A, 0x05, 0xD3, 0x05, 0xA0, 0xEA, 0x15,
+        0x2E, 0x72, 0xB4, 0x44, 0x17, 0xA8, 0x68, 0x13,
+        0x4E, 0x91, 0xB3, 0xCA, 0x79, 0x31, 0x23, 0x2F,
+        0xD4, 0xC2, 0x5F, 0x8C, 0x2A, 0x49, 0x2A, 0x33,
+        0x9C, 0xDC, 0x0A, 0x13, 0x89, 0x67, 0x21, 0x14,
+        0x51, 0xF2, 0x56, 0x26, 0x78, 0xFA, 0x14, 0x08,
+        0x0A, 0x34, 0x43, 0x6C, 0x42, 0xB0, 0x78, 0x65,
+        0xAC, 0x03, 0x6A, 0x81, 0xE9, 0x7A, 0x77, 0x87,
+        0xA9, 0x38, 0x02, 0x5C, 0xAF, 0x81, 0x34, 0x50,
+        0x36, 0x8B, 0xED, 0x0C, 0x94, 0xB1, 0x85, 0x76,
+        0x04, 0x52, 0x64, 0x05, 0xD2, 0x7A, 0x1C, 0x1A,
+        0xBC, 0x81, 0xB5, 0xB6, 0xEC, 0x13, 0xC7, 0x19,
+        0x30, 0xA9, 0x7D, 0x92, 0x32, 0xCF, 0x70, 0x21,
+        0xEF, 0x87, 0xA4, 0xD1, 0x55, 0x32, 0x8E, 0x62,
+        0xB5, 0x83, 0xA8, 0x3B, 0x4A, 0xF2, 0x1F, 0x9F,
+        0x57, 0x50, 0xF8, 0x57, 0x51, 0x50, 0x42, 0x4F,
+        0x63, 0xB8, 0x99, 0xD7, 0x1C, 0xAD, 0x26, 0x7C,
+        0x09, 0xE4, 0x46, 0x71, 0x46, 0xE1, 0x6E, 0x9B,
+        0x6C, 0x65, 0x3F, 0x00, 0x8C, 0x31, 0x13, 0x75,
+        0xE2, 0xE0, 0x06, 0xD4, 0x07, 0x6A, 0x54, 0x6B,
+        0x82, 0xF5, 0x31, 0x42, 0x22, 0xF7, 0xC6, 0x54,
+        0x31, 0x7E, 0x79, 0xEC, 0x60, 0x35, 0xB7, 0x3F,
+        0xAF, 0x49, 0x17, 0x57, 0xE6, 0x1C, 0x82, 0x83,
+        0x26, 0xD5, 0x30, 0x44, 0x54, 0x1C, 0x4D, 0x45,
+        0x37, 0xAB, 0xD3, 0xEA, 0x1E, 0x67, 0x99, 0x8C,
+        0x33, 0x82, 0x97, 0x4C, 0xA7, 0x8A, 0xE1, 0xB1,
+        0x96, 0x0E, 0x4A, 0x92, 0x26, 0xB0, 0x21, 0x9A,
+        0xB0, 0x70, 0xF0, 0xD7, 0xAA, 0x66, 0xD7, 0x6F,
+        0x93, 0x16, 0xAD, 0xB8, 0x0C, 0x54, 0xD6, 0x49,
+        0x97, 0x71, 0xB4, 0x71, 0xE8, 0x16, 0x8D, 0x47,
+        0xBC, 0xAA, 0x08, 0x32, 0x4A, 0xB6, 0xBA, 0x92,
+        0xC3, 0xA7, 0x02, 0x75, 0xF2, 0x4F, 0xA4, 0xDC,
+        0x10, 0xE2, 0x51, 0x63, 0x3F, 0xB9, 0x8D, 0x16,
+        0x2B, 0xB5, 0x53, 0x72, 0x02, 0xC6, 0xA5, 0x53,
+        0xCE, 0x78, 0x41, 0xC4, 0xD4, 0x0B, 0x87, 0x3B,
+        0x85, 0xCA, 0x03, 0xA0, 0xA1, 0xE1, 0xCF, 0xAD,
+        0xE6, 0xBA, 0x51, 0x80, 0xAB, 0x13, 0x23, 0xCC,
+        0xBA, 0x9A, 0x3E, 0x9C, 0x53, 0xD3, 0x75, 0x75,
+        0xAB, 0x1F, 0xD9, 0xE7, 0x31, 0x6C, 0x6F, 0xEE,
+        0xCB, 0x0A, 0x14, 0xDF, 0x6F, 0x2D, 0xA5, 0x6C,
+        0x2F, 0x56, 0xF5, 0x5A, 0x89, 0x63, 0x5C, 0xFC,
+        0xFD, 0xA4, 0x79, 0x27, 0xAF, 0x1F, 0x0A, 0x47,
+        0xB2, 0xD4, 0xE4, 0xE6, 0x16, 0x34, 0xB1, 0xB5,
+        0x1D, 0x37, 0xA3, 0xA3, 0x07, 0xA9, 0x72, 0x42,
+        0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58,
+        0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6
+    };
+    static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = {
+        0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD,
+        0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6,
+        0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9,
+        0x99, 0xB6, 0x20, 0x36, 0xA5, 0x3D, 0xC5, 0xCB,
+        0x06, 0x0A, 0x47, 0x3C, 0x08, 0xE5, 0xDA, 0x5C,
+        0x0F, 0x5A, 0xF0, 0xE5, 0x17, 0x0C, 0x65, 0x97,
+        0xE5, 0x0E, 0xC0, 0x80, 0x60, 0xF9, 0x9B, 0x0C,
+        0x00, 0xEE, 0x9B, 0xDD, 0xAD, 0x7E, 0x7D, 0x25,
+        0xA2, 0x2B, 0x22, 0x6F, 0x90, 0x14, 0x9B, 0x4C,
+        0xE8, 0x87, 0xC7, 0x2F, 0xB6, 0x0A, 0xFF, 0x21,
+        0x44, 0xEA, 0x2A, 0x72, 0x38, 0x3B, 0x31, 0x18,
+        0xF9, 0x22, 0xD0, 0x32, 0xA1, 0x6F, 0x55, 0x42,
+        0x89, 0x90, 0x2A, 0x14, 0xCF, 0x77, 0x55, 0x51,
+        0x2B, 0xB1, 0x18, 0x6B, 0xAF, 0xAF, 0xFE, 0x79,
+        0x4D, 0x2B, 0x6C, 0xDE, 0x90, 0x10, 0x9E, 0x65,
+        0x82, 0xD3, 0x9C, 0xE0, 0xC9, 0x61, 0x97, 0x48,
+        0x4B, 0x3F, 0xA0, 0x7F, 0xC9, 0x1D, 0x39, 0x4F,
+        0xC8, 0xD8, 0x8E, 0x7F, 0xC4, 0xBE, 0x00, 0x2E,
+        0x2D, 0xB5, 0x6F, 0x0C, 0x4D, 0x9D, 0x3F, 0xBD,
+        0xA2, 0x74, 0x53, 0x6A, 0x0B, 0x86, 0xAB, 0xC6,
+        0xE3, 0x9B, 0xDA, 0x52, 0x93, 0x1A, 0xEB, 0xB8,
+        0xF1, 0x08, 0x4C, 0x5C, 0x1F, 0x7C, 0xB3, 0x17,
+        0x77, 0x88, 0xB7, 0xF3, 0x31, 0xB7, 0x07, 0x43,
+        0x61, 0x16, 0x34, 0x91, 0xD4, 0x28, 0xE7, 0x8B,
+        0xCB, 0xB5, 0x7B, 0x63, 0x08, 0x41, 0xAA, 0x98,
+        0x73, 0x33, 0x37, 0x7C, 0xF0, 0x95, 0x69, 0xCF,
+        0xD1, 0x4C, 0xC2, 0xA1, 0x1C, 0x50, 0x1B, 0xDF,
+        0x82, 0xC9, 0x3D, 0xE0, 0x5B, 0xEA, 0x20, 0x06,
+        0x0D, 0xE8, 0x9C, 0x68, 0x6B, 0x82, 0x45, 0x71,
+        0xCE, 0xF9, 0x4A, 0xB3, 0xFD, 0xAF, 0xA8, 0x51,
+        0x26, 0x19, 0x81, 0x36, 0x69, 0xD4, 0xF5, 0x36,
+        0x37, 0xFE, 0xFA, 0x4D, 0x02, 0x8C, 0xB2, 0x33,
+        0xE5, 0x69, 0x30, 0xE2, 0x23, 0x5F, 0x7E, 0x60,
+        0x34, 0xCA, 0x94, 0xB1, 0x43, 0xB7, 0x7A, 0xD4,
+        0xA6, 0x87, 0x56, 0xE8, 0xA9, 0x18, 0x4D, 0xBA,
+        0x61, 0xA8, 0x9F, 0x91, 0xED, 0xFB, 0x51, 0xA3,
+        0x92, 0x11, 0x40, 0x24, 0x73, 0xA5, 0xF8, 0x91,
+        0x45, 0x73, 0x6B, 0x2B, 0xF8, 0x56, 0x9C, 0x70,
+        0x5B, 0x0C, 0xDB, 0x89, 0x80, 0xA4, 0x47, 0xE4,
+        0xE1, 0xEA, 0xAD, 0x3E, 0x7E, 0x05, 0x78, 0xF5,
+        0xF8, 0x6B, 0x8D, 0x03, 0xC9, 0xDA, 0xFE, 0x87,
+        0x5E, 0x33, 0x9B, 0x44, 0x23, 0x84, 0x56, 0x16,
+        0x79, 0x9E, 0xDC, 0xE0, 0x5F, 0x31, 0xB9, 0x26,
+        0x64, 0xC5, 0xA5, 0x92, 0x53, 0xA6, 0x0E, 0x9D,
+        0x89, 0x54, 0x8A, 0x30, 0x0C, 0x1A, 0xDB, 0x6D,
+        0x19, 0x0A, 0x77, 0x5C, 0x5E, 0xE6, 0xE8, 0xA8,
+        0x9B, 0x6E, 0x77, 0x9B, 0x03, 0x4C, 0x34, 0x00,
+        0xA6, 0x25, 0xF4, 0xBB, 0xED, 0xBF, 0x91, 0x9C,
+        0x45, 0xB2, 0xBC, 0xD1, 0x4C, 0x66, 0x92, 0x48,
+        0xFC, 0x43, 0xC3, 0xEF, 0x47, 0xE1, 0x00, 0x75,
+        0x89, 0x42, 0xE7, 0x5E, 0x8E, 0xD6, 0x07, 0x5A,
+        0x96, 0xD7, 0x0D, 0x4E, 0xBD, 0x2B, 0x61, 0x35,
+        0x82, 0x24, 0xDD, 0xA1, 0xEC, 0x4C, 0x19, 0xC2,
+        0xA9, 0x28, 0x98, 0x17, 0x6F, 0xEB, 0x3C, 0x02,
+        0xED, 0xCB, 0x99, 0x08, 0xBA, 0xE4, 0x9B, 0xD9,
+        0x4A, 0xF0, 0x28, 0xED, 0xF8, 0xCF, 0xC2, 0xE5,
+        0xF2, 0xE0, 0xBD, 0x37, 0x50, 0x06, 0x98, 0x6A,
+        0xD4, 0x9E, 0x71, 0x75, 0x48, 0xE7, 0x46, 0xFE,
+        0xF4, 0x9C, 0x86, 0x8B, 0xCE, 0xA2, 0x79, 0x0A,
+        0xA9, 0x7E, 0x04, 0x06, 0x1B, 0x75, 0x60, 0x5C,
+        0xB3, 0x9E, 0xFD, 0x46, 0x3D, 0x7B, 0x3D, 0x68,
+        0xBA, 0x57, 0x44, 0x34, 0xFF, 0x7B, 0xE8, 0xE2,
+        0xB8, 0x4B, 0xFC, 0x47, 0xE6, 0x7E, 0x9C, 0xD1,
+        0x5F, 0x3E, 0xD4, 0x50, 0xC6, 0x1A, 0xFB, 0xA7,
+        0x9A, 0x20, 0xB0, 0xB6, 0xF2, 0x87, 0x77, 0x7C,
+        0x72, 0xF4, 0xAD, 0x24, 0x81, 0x74, 0xF1, 0x95,
+        0x94, 0x77, 0xAA, 0x7A, 0x7C, 0x97, 0xF1, 0x22,
+        0xC5, 0x04, 0x47, 0xC7, 0x48, 0x4F, 0x38, 0x2B,
+        0xC4, 0x7D, 0x81, 0xFC, 0xC9, 0xC7, 0xE8, 0x92,
+        0xC8, 0x83, 0x9D, 0x37, 0xB3, 0x53, 0x94, 0xB5,
+        0x3E, 0x6B, 0x2B, 0x18, 0x95, 0xAB, 0xB0, 0xDE,
+        0x8C, 0x98, 0xF2, 0x63, 0x3D, 0xC4, 0x41, 0x3A,
+        0x8D, 0x57, 0x35, 0xDF, 0xC9, 0xA6, 0x40, 0x26,
+        0xB6, 0xF3, 0x47, 0x79, 0xD6, 0xAC, 0x8A, 0xD9,
+        0x9C, 0xC3, 0x1A, 0xA8, 0x98, 0xC2, 0xE7, 0x05,
+        0x7F, 0x3D, 0xB8, 0xA1, 0xA8, 0xA9, 0x85, 0x27,
+        0xA7, 0x9E, 0x43, 0x55, 0x2F, 0x28, 0xD1, 0x02,
+        0x3E, 0x1F, 0x6A, 0x6B, 0x84, 0x85, 0x5C, 0xF5,
+        0xE6, 0xDF, 0x88, 0x9B, 0xA2, 0x69, 0xF0, 0x48,
+        0x94, 0x6E, 0x84, 0x02, 0x1C, 0x65, 0xC5, 0xA9,
+        0x3B, 0x00, 0x7B, 0x07, 0x74, 0x1C, 0x1E, 0xE1,
+        0x76, 0xC7, 0x39, 0x49, 0x11, 0x0F, 0x54, 0x8E,
+        0xF4, 0x33, 0x2D, 0xCD, 0xD4, 0x91, 0xD2, 0xCE,
+        0xFD, 0x02, 0x48, 0x88, 0x3F, 0x5E, 0x95, 0x25,
+        0xBC, 0x91, 0xF3, 0x0A, 0xF1, 0x7C, 0xF5, 0xA9,
+        0x8D, 0xD4, 0x4E, 0xF9, 0xA7, 0x1F, 0x99, 0xBB,
+        0x73, 0x29, 0x85, 0xBA, 0x10, 0xA7, 0x23, 0xEF,
+        0x47, 0x6F, 0xCF, 0x96, 0x6D, 0xA9, 0x45, 0x6B,
+        0x24, 0x97, 0x8E, 0x33, 0x05, 0x0D, 0x0E, 0xC9,
+        0x0D, 0x3C, 0xE4, 0x63, 0x78, 0x85, 0x1C, 0x9E,
+        0xCF, 0xCF, 0xD3, 0x6C, 0x89, 0x5D, 0x44, 0xE9,
+        0xE5, 0x06, 0x99, 0x30, 0x82, 0x52, 0x3D, 0x26,
+        0x18, 0x57, 0x66, 0xB2, 0x35, 0x68, 0xCB, 0x95,
+        0xE6, 0x41, 0x08, 0xF8, 0x9D, 0x10, 0x14, 0x74,
+        0x7C, 0x67, 0xB6, 0xF3, 0xC8, 0x76, 0x7B, 0xE5,
+        0xFC, 0x34, 0x12, 0x27, 0xDE, 0x94, 0x88, 0x86,
+        0x1C, 0x5F, 0xE8, 0x11, 0x40, 0x9F, 0x80, 0x95,
+        0x7D, 0x07, 0x52, 0x2A, 0x72, 0xCF, 0x6A, 0xB0,
+        0x37, 0x8D, 0x0F, 0x2F, 0x28, 0xAF, 0x54, 0x81,
+        0x85, 0xC3, 0x93, 0x67, 0x77, 0x99, 0x44, 0x66,
+        0xA0, 0x19, 0xD3, 0x3B, 0x18, 0xA5, 0x4F, 0x38,
+        0x0A, 0x33, 0x89, 0x2A, 0xB4, 0xD4, 0xBD, 0x50,
+        0x7B, 0x5A, 0x61, 0xD0, 0xD3, 0x58, 0x34, 0x1A,
+        0xC9, 0x2F, 0x07, 0xB4, 0x3B, 0x8F, 0x6A, 0xFC,
+        0x69, 0x91, 0xBB, 0x6A, 0x1E, 0xAC, 0x23, 0xCA,
+        0x6F, 0x73, 0xE9, 0x1F, 0x24, 0x64, 0xBD, 0x11,
+        0x90, 0x98, 0xD7, 0xE7, 0x68, 0xE7, 0x7E, 0xCE,
+        0x53, 0xFB, 0x89, 0x9B, 0xEB, 0x42, 0x26, 0x5E,
+        0xCF, 0x7B, 0x27, 0x1F, 0x66, 0x54, 0x62, 0x82,
+        0xD4, 0x72, 0xC3, 0x62, 0x39, 0x00, 0x6B, 0xB0,
+        0xAB, 0xAB, 0xCC, 0xA2, 0x45, 0x50, 0xBA, 0xA0,
+        0xA6, 0x01, 0x34, 0x8C, 0x81, 0x0F, 0xF5, 0xF9,
+        0xEE, 0x50, 0x4B, 0xF7, 0x15, 0x5D, 0xEE, 0x41,
+        0x41, 0xA1, 0x16, 0x05, 0xA4, 0xF3, 0x50, 0x9A,
+        0xC9, 0xCA, 0xEF, 0x66, 0x24, 0xD2, 0x1D, 0xE3,
+        0x32, 0xD5, 0xD5, 0x08, 0x28, 0xB5, 0x2E, 0x92,
+        0x88, 0x5D, 0x3B, 0x90, 0x55, 0x3B, 0x14, 0x46,
+        0x3A, 0xFB, 0x1E, 0xDC, 0xCD, 0x3B, 0x56, 0x9B,
+        0x5A, 0x7F, 0x00, 0xBB, 0x66, 0x76, 0x9D, 0xAD,
+        0xAC, 0x23, 0xAD, 0x8B, 0xB5, 0xD7, 0x3A, 0x6F,
+        0x39, 0x0E, 0x6F, 0xC2, 0xF6, 0xF8, 0xEE, 0x3C,
+        0xF4, 0x00, 0x9A, 0x5C, 0x3E, 0x1E, 0xF6, 0x0E,
+        0x8F, 0x04, 0x06, 0x72, 0xD2, 0x62, 0xE6, 0x49,
+        0x03, 0x79, 0xBB, 0xC7, 0x04, 0x95, 0xDF, 0xF2,
+        0x37, 0xBE, 0xCD, 0x99, 0x52, 0xCD, 0x7E, 0xDE,
+        0xB6, 0xD1, 0xDF, 0xC3, 0x60, 0xB3, 0xFC, 0x8B,
+        0x0A, 0xF4, 0x80, 0xFF, 0xE0, 0x24, 0xAE, 0xEF,
+        0xCD, 0x4E, 0x9C, 0xE9, 0x5D, 0x9B, 0x46, 0x9C,
+        0x9A, 0x70, 0xE5, 0x11, 0x0D, 0xA0, 0xBA, 0xC1,
+        0x24, 0xFC, 0x37, 0x41, 0xDC, 0xF4, 0x91, 0x16,
+        0x26, 0x17, 0x96, 0x50, 0x4D, 0x5F, 0x49, 0x0B,
+        0x43, 0x3C, 0x33, 0xC4, 0x0E, 0xDC, 0xE2, 0xB7,
+        0x51, 0x51, 0xDA, 0x25, 0x6A, 0x86, 0x8A, 0x5E,
+        0x35, 0xF8, 0x62, 0x26, 0xB8, 0x15, 0x1C, 0x91,
+        0x93, 0x4C, 0xCC, 0x3D, 0xAC, 0xA3, 0x91, 0xDE,
+        0xCC, 0xA7, 0x45, 0x37, 0x56, 0x60, 0xB6, 0xEC,
+        0x41, 0xAE, 0x5D, 0x81, 0x08, 0x38, 0xCB, 0xEE,
+        0xFF, 0xA1, 0x25, 0x57, 0x88, 0x44, 0x12, 0x35,
+        0x7B, 0x10, 0x08, 0x36, 0x3D, 0x32, 0xB2, 0x37,
+        0xAA, 0x1D, 0xD8, 0xE2, 0xD9, 0xC6, 0x36, 0x7A,
+        0xDA, 0x09, 0xB2, 0xC9, 0x50, 0x60, 0x20, 0x6C,
+        0xEC, 0x3E, 0xED, 0x39, 0x1F, 0xDC, 0x5D, 0xBE,
+        0xF6, 0xF0, 0x8B, 0xDF, 0x04, 0x08, 0xE5, 0x85,
+        0xAE, 0x5E, 0xBC, 0x8E, 0x97, 0x45, 0xD4, 0x4F,
+        0xEC, 0xA9, 0x75, 0xAB, 0xBC, 0x14, 0x0B, 0xB3,
+        0x7B, 0x8A, 0xDD, 0x16, 0xFC, 0xC2, 0x95, 0x69,
+        0x10, 0xDC, 0x72, 0xBB, 0x3F, 0x02, 0xE9, 0xA1,
+        0x30, 0xC9, 0xA8, 0x4F, 0x9C, 0xCB, 0x74, 0xD1,
+        0x34, 0xCD, 0xF4, 0x0A, 0xFC, 0xBA, 0x20, 0x09,
+        0xC8, 0xF0, 0x04, 0x02, 0x39, 0xBC, 0x99, 0x22,
+        0x0E, 0xF6, 0x4C, 0x4D, 0xCC, 0xDE, 0x2E, 0x2E,
+        0x5C, 0x9B, 0x68, 0x60, 0x2F, 0xBE, 0x8E, 0xF4,
+        0xC9, 0x8B, 0x34, 0x68, 0xC7, 0x9D, 0xF4, 0xE0,
+        0x78, 0x51, 0x1B, 0xFB, 0x8A, 0xA3, 0xDA, 0x09,
+        0x59, 0x7A, 0x02, 0x51, 0x1E, 0x7C, 0x21, 0xA7,
+        0xCF, 0x66, 0xA9, 0x38, 0x43, 0xA9, 0x48, 0x68,
+        0xF1, 0x9E, 0x85, 0x52, 0x55, 0x2E, 0x3A, 0xCD,
+        0xF6, 0xCB, 0x81, 0x06, 0x34, 0xDB, 0x97, 0xCB,
+        0xC4, 0xBB, 0x56, 0x97, 0x09, 0xDA, 0xD4, 0x84,
+        0x56, 0x45, 0x44, 0x6F, 0xA8, 0xD2, 0x89, 0xFC,
+        0x59, 0x30, 0x7B, 0x80, 0x1E, 0x60, 0xCE, 0x2A,
+        0x91, 0xE0, 0x6E, 0x9C, 0x22, 0xC1, 0x6E, 0x2E,
+        0x59, 0xBD, 0xE3, 0x8A, 0x41, 0x6B, 0xB1, 0xB4,
+        0xAC, 0x54, 0x57, 0x43, 0x8F, 0xDC, 0x5D, 0x64,
+        0x45, 0x0A, 0x89, 0xEC, 0xB8, 0x32, 0xC1, 0xBB,
+        0x27, 0x9D, 0xBF, 0x59, 0x33, 0x46, 0x81, 0x77,
+        0x6A, 0xC0, 0x04, 0x09, 0x84, 0x6D, 0x09, 0xD6,
+        0xF6, 0x87, 0x77, 0x2E, 0x34, 0x08, 0x50, 0xAB,
+        0x86, 0x73, 0x38, 0x42, 0x15, 0xE1, 0x2C, 0x8D,
+        0x0F, 0x53, 0x1C, 0x45, 0x1E, 0x58, 0x49, 0x3E,
+        0x0E, 0xE4, 0x15, 0xAD, 0x59, 0x4D, 0xF3, 0x8C,
+        0x34, 0x40, 0x8C, 0x7E, 0xD9, 0xF0, 0xC3, 0x92,
+        0xF1, 0x53, 0x46, 0x04, 0xEA, 0xC3, 0xD9, 0xC1,
+        0x54, 0x65, 0xA9, 0xA4, 0x66, 0x32, 0x21, 0x4B,
+        0x53, 0x69, 0x90, 0xD7, 0x80, 0x78, 0xE5, 0xBD,
+        0x7E, 0xAE, 0x20, 0x13, 0xFF, 0xF8, 0xFD, 0xD8,
+        0xB2, 0x75, 0xC8, 0x9D, 0x97, 0xC9, 0x35, 0x3D,
+        0xF3, 0xC4, 0x2A, 0x28, 0xE8, 0x14, 0xD8, 0x46,
+        0x8E, 0x2B, 0x48, 0xDB, 0x09, 0x76, 0xD8, 0x8F,
+        0x5E, 0xEC, 0xEF, 0xEA, 0xFB, 0x8F, 0x7F, 0x4A,
+        0xF2, 0x91, 0xA7, 0x28, 0xF6, 0x24, 0x9E, 0xCF,
+        0x56, 0x22, 0x33, 0x92, 0x69, 0xAA, 0x94, 0x53,
+        0x29, 0xE9, 0x19, 0xF8, 0xB4, 0x41, 0xC8, 0x3D,
+        0x55, 0x07, 0xF3, 0x0D, 0xF0, 0xFD, 0x2B, 0x13,
+        0xFF, 0x80, 0x6F, 0x52, 0x2D, 0xAA, 0x11, 0xAF,
+        0x67, 0x6A, 0x51, 0x3C, 0x14, 0x9C, 0x70, 0xF0,
+        0xD6, 0xE9, 0x9A, 0x88, 0x04, 0x50, 0xA5, 0x4E,
+        0x04, 0x17, 0xFE, 0x3C, 0x1E, 0x51, 0x3E, 0x9D,
+        0x92, 0x0E, 0x30, 0xA8, 0xB4, 0x28, 0x91, 0x26,
+        0x7A, 0x2D, 0xC5, 0x0A, 0xD8, 0x1F, 0x98, 0x04,
+        0x49, 0x20, 0xC0, 0x99, 0xDF, 0x22, 0xC7, 0x39,
+        0x98, 0xA2, 0x5C, 0x58, 0x1A, 0x51, 0x78, 0xC7,
+        0x2B, 0x17, 0xAC, 0x87, 0x5B, 0xC6, 0x85, 0x48,
+        0xA0, 0xFB, 0x0C, 0xBE, 0xE3, 0x8F, 0x05, 0x01,
+        0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1,
+        0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F
+    };
+    static const byte kprime_1024[WC_ML_KEM_SS_SZ] = {
+        0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E,
+        0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F,
+        0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF,
+        0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94
+    };
+#endif
+    static byte ss[WC_ML_KEM_SS_SZ];
+
+    key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(KyberKey));
+    }
+
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0);
+    ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_512, WC_ML_KEM_SS_SZ), 0);
+    wc_KyberKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0);
+    ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_768, WC_ML_KEM_SS_SZ), 0);
+    wc_KyberKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0);
+    ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_1024, WC_ML_KEM_SS_SZ), 0);
+    wc_KyberKey_Free(key);
+#endif
+
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_mlkem.h b/tests/api/test_mlkem.h
new file mode 100644
index 000000000..c726edbe4
--- /dev/null
+++ b/tests/api/test_mlkem.h
@@ -0,0 +1,29 @@
+/* test_mlkem.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MLKEM_H
+#define WOLFCRYPT_TEST_MLKEM_H
+
+int test_wc_mlkem_make_key_kats(void);
+int test_wc_mlkem_encapsulate_kats(void);
+int test_wc_mlkem_decapsulate_kats(void);
+
+#endif /* WOLFCRYPT_TEST_MLKEM_H */
diff --git a/tests/api/test_ocsp.c b/tests/api/test_ocsp.c
new file mode 100644
index 000000000..7d2c9fddf
--- /dev/null
+++ b/tests/api/test_ocsp.c
@@ -0,0 +1,662 @@
+/* test_ocsp.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <tests/api/test_ocsp.h>
+#include <tests/api/test_ocsp_test_blobs.h>
+#include <tests/unit.h>
+#include <wolfssl/internal.h>
+#include <wolfssl/ocsp.h>
+#include <wolfssl/ssl.h>
+
+#if defined(HAVE_OCSP) && !defined(NO_SHA)
+struct ocsp_cb_ctx {
+    byte* response;
+    int responseSz;
+};
+
+struct test_conf {
+    unsigned char* resp;
+    int respSz;
+    unsigned char* ca0;
+    int ca0Sz;
+    unsigned char* ca1;
+    int ca1Sz;
+    unsigned char* targetCert;
+    int targetCertSz;
+};
+
+static int ocsp_cb(void* ctx, const char* url, int urlSz, unsigned char* req,
+    int reqSz, unsigned char** respBuf)
+{
+    struct ocsp_cb_ctx* cb_ctx = (struct ocsp_cb_ctx*)ctx;
+    (void)url;
+    (void)urlSz;
+    (void)req;
+    (void)reqSz;
+
+    *respBuf = cb_ctx->response;
+    return cb_ctx->responseSz;
+}
+
+static int test_ocsp_response_with_cm(struct test_conf* c, int expectedRet)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+    struct ocsp_cb_ctx cb_ctx;
+
+    ExpectNotNull(cm = wolfSSL_CertManagerNew());
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm,
+                    WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, "http://foo.com"),
+        WOLFSSL_SUCCESS);
+    cb_ctx.response = (byte*)c->resp;
+    cb_ctx.responseSz = c->respSz;
+    ExpectIntEQ(
+        wolfSSL_CertManagerSetOCSP_Cb(cm, ocsp_cb, NULL, (void*)&cb_ctx),
+        WOLFSSL_SUCCESS);
+    /* add ca in cm */
+    if (c->ca0 != NULL) {
+        ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca0, c->ca0Sz,
+                        WOLFSSL_FILETYPE_ASN1),
+            WOLFSSL_SUCCESS);
+    }
+    if (c->ca1 != NULL) {
+        ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca1, c->ca1Sz,
+                        WOLFSSL_FILETYPE_ASN1),
+            WOLFSSL_SUCCESS);
+    }
+    /* check cert */
+    ExpectIntEQ(
+        wolfSSL_CertManagerCheckOCSP(cm, c->targetCert, c->targetCertSz),
+        expectedRet);
+    if (cm != NULL)
+        wolfSSL_CertManagerFree(cm);
+    return EXPECT_RESULT();
+}
+
+int test_ocsp_response_parsing(void)
+{
+    EXPECT_DECLS;
+    struct test_conf conf;
+    int  expectedRet;
+
+    conf.resp = (unsigned char*)resp;
+    conf.respSz = sizeof(resp);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = NULL;
+    conf.ca1Sz = 0;
+    conf.targetCert = intermediate1_ca_cert_pem;
+    conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
+        TEST_SUCCESS);
+
+    conf.resp = (unsigned char*)resp_multi;
+    conf.respSz = sizeof(resp_multi);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = NULL;
+    conf.ca1Sz = 0;
+    conf.targetCert = intermediate1_ca_cert_pem;
+    conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
+        TEST_SUCCESS);
+
+    conf.resp = (unsigned char*)resp_bad_noauth;
+    conf.respSz = sizeof(resp_bad_noauth);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = ca_cert_pem;
+    conf.ca1Sz = sizeof(ca_cert_pem);
+    conf.targetCert = server_cert_pem;
+    conf.targetCertSz = sizeof(server_cert_pem);
+    expectedRet = OCSP_LOOKUP_FAIL;
+#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    expectedRet = WOLFSSL_SUCCESS;
+#endif
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, expectedRet), TEST_SUCCESS);
+
+    /* Test response with unusable internal cert but that can be verified in CM
+     */
+    conf.resp = (unsigned char*)resp_bad_embedded_cert;
+    conf.respSz = sizeof(resp_bad_embedded_cert);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = NULL;
+    conf.ca1Sz = 0;
+    conf.targetCert = intermediate1_ca_cert_pem;
+    conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
+        TEST_SUCCESS);
+
+    return EXPECT_SUCCESS();
+}
+#else  /* HAVE_OCSP && !NO_SHA */
+int test_ocsp_response_parsing(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* HAVE_OCSP && !NO_SHA */
+
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+static int test_ocsp_create_x509store(WOLFSSL_X509_STORE** store,
+    unsigned char* ca, int caSz)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* cert = NULL;
+
+    ExpectNotNull(*store = wolfSSL_X509_STORE_new());
+    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, ca, caSz));
+    ExpectIntEQ(wolfSSL_X509_STORE_add_cert(*store, cert), WOLFSSL_SUCCESS);
+    wolfSSL_X509_free(cert);
+    return EXPECT_RESULT();
+}
+
+static int test_create_stack_of_x509(WOLF_STACK_OF(WOLFSSL_X509) * *certs,
+    unsigned char* der, int derSz)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* cert = NULL;
+
+    ExpectNotNull(*certs = wolfSSL_sk_X509_new_null());
+    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, der, derSz));
+    ExpectIntEQ(wolfSSL_sk_X509_push(*certs, cert), 1);
+    return EXPECT_RESULT();
+}
+
+int test_ocsp_basic_verify(void)
+{
+    EXPECT_DECLS;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
+    WOLFSSL_X509_STORE* store = NULL;
+    const unsigned char* ptr = NULL;
+    OcspResponse* response = NULL;
+    DecodedCert cert;
+    int expectedRet;
+
+    wc_InitDecodedCert(&cert, ocsp_responder_cert_pem,
+        sizeof(ocsp_responder_cert_pem), NULL);
+    ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
+
+    /* just decoding */
+    ptr = (const unsigned char*)resp;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
+    ExpectIntEQ(response->responseStatus, 0);
+    ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME);
+    ExpectBufEQ(response->responderId.nameHash, cert.subjectHash,
+        OCSP_DIGEST_SIZE);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* responder Id by key hash */
+    ptr = (const unsigned char*)resp_rid_bykey;
+    ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
+                      sizeof(resp_rid_bykey)));
+    ExpectIntEQ(response->responseStatus, 0);
+    ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY);
+    ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash,
+        OCSP_RESPONDER_ID_KEY_SZ);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* decoding with no embedded certificates */
+    ptr = (const unsigned char*)resp_nocert;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
+    ExpectIntEQ(response->responseStatus, 0);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* decoding an invalid response */
+    ptr = (const unsigned char*)resp_bad;
+    ExpectNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)));
+
+    ptr = (const unsigned char*)resp;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
+    /* no verify signer certificate */
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
+        WOLFSSL_SUCCESS);
+    /* verify that the signature is checked */
+    if (EXPECT_SUCCESS()) {
+        response->sig[0] ^= 0xff;
+    }
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
+        WOLFSSL_FAILURE);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* populate a store with root-ca-cert */
+    ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem,
+                    sizeof(root_ca_cert_pem)),
+        TEST_SUCCESS);
+
+    /* populate a WOLF_STACK_OF(WOLFSSL_X509) with responder certificate */
+    ExpectIntEQ(test_create_stack_of_x509(&certs, ocsp_responder_cert_pem,
+                    sizeof(ocsp_responder_cert_pem)),
+        TEST_SUCCESS);
+
+    /* cert not embedded, cert in certs, validated using store */
+    ptr = (const unsigned char*)resp_nocert;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* cert embedded, verified using store */
+    ptr = (const unsigned char*)resp;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
+        WOLFSSL_SUCCESS);
+    /* make invalid signature */
+    if (EXPECT_SUCCESS()) {
+        response->sig[0] ^= 0xff;
+    }
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
+        WOLFSSL_FAILURE);
+    if (EXPECT_SUCCESS()) {
+        response->sig[0] ^= 0xff;
+    }
+
+    /* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, NULL, OCSP_TRUSTOTHER),
+        WOLFSSL_SUCCESS);
+    /* this should also pass */
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOINTERN),
+        WOLFSSL_SUCCESS);
+    /* this should not */
+    ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, OCSP_NOINTERN),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* cert not embedded, not certs */
+    ptr = (const unsigned char*)resp_nocert;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
+    ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free);
+    wolfSSL_X509_STORE_free(store);
+
+    ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem,
+                    sizeof(root_ca_cert_pem)),
+        TEST_SUCCESS);
+    ExpectIntEQ(test_create_stack_of_x509(&certs, root_ca_cert_pem,
+                    sizeof(root_ca_cert_pem)),
+        TEST_SUCCESS);
+
+    /* multiple responses in a ocsp response */
+    ptr = (const unsigned char*)resp_multi;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi)));
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* cert in certs, cert verified on store, not authorized to verify all
+     * responses */
+    ptr = (const unsigned char*)resp_bad_noauth;
+    ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
+                      sizeof(resp_bad_noauth)));
+
+    expectedRet = WOLFSSL_FAILURE;
+#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    expectedRet = WOLFSSL_SUCCESS;
+#endif
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
+        expectedRet);
+    /* should pass with OCSP_NOCHECKS ...*/
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS),
+        WOLFSSL_SUCCESS);
+    /* or with OSCP_TRUSTOTHER */
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_TRUSTOTHER),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    wc_FreeDecodedCert(&cert);
+    wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free);
+    wolfSSL_X509_STORE_free(store);
+
+    return EXPECT_RESULT();
+}
+#else
+int test_ocsp_basic_verify(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* HAVE_OCSP  && (OPENSSL_ALL || OPENSSL_EXTRA) */
+
+#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) &&     \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) &&  \
+    defined(OPENSSL_ALL)
+
+struct _test_ocsp_status_callback_ctx {
+    byte* ocsp_resp;
+    int ocsp_resp_sz;
+    int invoked;
+};
+
+static int test_ocsp_status_callback_cb(WOLFSSL* ssl, void* ctx)
+{
+    struct _test_ocsp_status_callback_ctx* _ctx =
+        (struct _test_ocsp_status_callback_ctx*)ctx;
+    byte* allocated;
+
+    _ctx->invoked++;
+    allocated = (byte*)XMALLOC(_ctx->ocsp_resp_sz, NULL, 0);
+    if (allocated == NULL)
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    XMEMCPY(allocated, _ctx->ocsp_resp, _ctx->ocsp_resp_sz);
+    SSL_set_tlsext_status_ocsp_resp(ssl, allocated, _ctx->ocsp_resp_sz);
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int test_ocsp_status_callback_cb_noack(WOLFSSL* ssl, void* ctx)
+{
+    struct _test_ocsp_status_callback_ctx* _ctx =
+        (struct _test_ocsp_status_callback_ctx*)ctx;
+    (void)ssl;
+
+    _ctx->invoked++;
+    return SSL_TLSEXT_ERR_NOACK;
+}
+
+static int test_ocsp_status_callback_cb_err(WOLFSSL* ssl, void* ctx)
+{
+    struct _test_ocsp_status_callback_ctx* _ctx =
+        (struct _test_ocsp_status_callback_ctx*)ctx;
+    (void)ssl;
+
+    _ctx->invoked++;
+    return SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+
+static int test_ocsp_status_callback_test_setup(
+    struct _test_ocsp_status_callback_ctx* cb_ctx,
+    struct test_ssl_memio_ctx* test_ctx, method_provider cm, method_provider sm)
+{
+    int ret;
+
+    cb_ctx->invoked = 0;
+    XMEMSET(test_ctx, 0, sizeof(*test_ctx));
+    test_ctx->c_cb.caPemFile = "./certs/ocsp/root-ca-cert.pem";
+    test_ctx->s_cb.certPemFile = "./certs/ocsp/server1-cert.pem";
+    test_ctx->s_cb.keyPemFile = "./certs/ocsp/server1-key.pem";
+    test_ctx->c_cb.method = cm;
+    test_ctx->s_cb.method = sm;
+    ret = test_ssl_memio_setup(test_ctx);
+    wolfSSL_set_verify(test_ctx->c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+    return ret;
+}
+
+int test_ocsp_status_callback(void)
+{
+    struct test_params {
+        method_provider c_method;
+        method_provider s_method;
+    };
+
+    const char* responseFile = "./certs/ocsp/test-leaf-response.der";
+    struct _test_ocsp_status_callback_ctx cb_ctx;
+    struct test_ssl_memio_ctx test_ctx;
+    int enable_client_ocsp;
+    int enable_must_staple;
+    XFILE f = XBADFILE;
+    byte data[4096];
+    unsigned int i;
+    EXPECT_DECLS;
+
+    struct test_params params[] = {
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method},
+#if defined(WOLFSSL_TLS13)
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method},
+#endif
+#if defined(WOLFSSL_DTLS)
+        {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method},
+#endif
+#if defined(WOLFSSL_DTLS13)
+        {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method},
+#endif
+    };
+
+    XMEMSET(&cb_ctx, 0, sizeof(cb_ctx));
+    f = XFOPEN(responseFile, "rb");
+    if (f == XBADFILE)
+        return -1;
+    cb_ctx.ocsp_resp_sz = (word32)XFREAD(data, 1, 4096, f);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+    cb_ctx.ocsp_resp = data;
+
+    for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) {
+        for (enable_client_ocsp = 0; enable_client_ocsp <= 1;
+            enable_client_ocsp++) {
+            ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                            params[i].c_method, params[i].s_method),
+                TEST_SUCCESS);
+            ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                            test_ocsp_status_callback_cb),
+                SSL_SUCCESS);
+            ExpectIntEQ(
+                SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+                SSL_SUCCESS);
+            if (enable_client_ocsp) {
+                ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl,
+                                WOLFSSL_CSR_OCSP, 0),
+                    WOLFSSL_SUCCESS);
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+            }
+            ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL),
+                TEST_SUCCESS);
+            ExpectIntEQ(cb_ctx.invoked, enable_client_ocsp ? 1 : 0);
+            test_ssl_memio_cleanup(&test_ctx);
+            if (!EXPECT_SUCCESS())
+                return EXPECT_RESULT();
+        }
+    }
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    /* test client sending both OCSPv1 and OCSPv2/MultiOCSP */
+    /* StatusCb only supports OCSPv1 */
+    ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                    wolfTLSv1_2_client_method, wolfTLSv1_2_server_method),
+        TEST_SUCCESS);
+    ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                    test_ocsp_status_callback_cb),
+        SSL_SUCCESS);
+    ExpectIntEQ(SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+        SSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(
+        wolfSSL_UseOCSPStaplingV2(test_ctx.c_ssl, WOLFSSL_CSR2_OCSP_MULTI, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+    ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
+    ExpectIntEQ(cb_ctx.invoked, 1);
+    test_ssl_memio_cleanup(&test_ctx);
+
+    if (!EXPECT_SUCCESS())
+        return EXPECT_RESULT();
+#endif /* defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) */
+    /* test cb returning NO_ACK, not acking the OCSP */
+    for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) {
+        for (enable_must_staple = 0; enable_must_staple <= 1;
+            enable_must_staple++) {
+            ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                            params[i].c_method, params[i].s_method),
+                TEST_SUCCESS);
+            ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                            test_ocsp_status_callback_cb_noack),
+                SSL_SUCCESS);
+            ExpectIntEQ(
+                SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+                SSL_SUCCESS);
+            ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+                WOLFSSL_SUCCESS);
+            ExpectIntEQ(
+                wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0),
+                WOLFSSL_SUCCESS);
+            if (enable_must_staple)
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+            wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+            ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL),
+                enable_must_staple ? TEST_FAIL : TEST_SUCCESS);
+            ExpectIntEQ(cb_ctx.invoked, 1);
+            test_ssl_memio_cleanup(&test_ctx);
+            if (!EXPECT_SUCCESS())
+                return EXPECT_RESULT();
+        }
+    }
+
+    /* test cb returning err aborting handshake */
+    for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) {
+        for (enable_client_ocsp = 0; enable_client_ocsp <= 1;
+            enable_client_ocsp++) {
+            ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                            params[i].c_method, params[i].s_method),
+                TEST_SUCCESS);
+            ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                            test_ocsp_status_callback_cb_err),
+                SSL_SUCCESS);
+            ExpectIntEQ(
+                SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+                SSL_SUCCESS);
+            if (enable_client_ocsp)
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+            ExpectIntEQ(
+                wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0),
+                WOLFSSL_SUCCESS);
+            wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+            ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL),
+                enable_client_ocsp ? TEST_FAIL : TEST_SUCCESS);
+            ExpectIntEQ(cb_ctx.invoked, enable_client_ocsp ? 1 : 0);
+            test_ssl_memio_cleanup(&test_ctx);
+            if (!EXPECT_SUCCESS())
+                return EXPECT_RESULT();
+        }
+    }
+
+    return EXPECT_RESULT();
+}
+
+#else
+int test_ocsp_status_callback(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* defined(HAVE_OCSP) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)  \
+        && defined(HAVE_CERTIFICATE_STATUS_REQUEST) &&                         \
+        !defined(WOLFSSL_NO_TLS12)                                             \
+        && defined(OPENSSL_ALL) */
+
+#if !defined(NO_SHA) && defined(OPENSSL_ALL) && defined(HAVE_OCSP) &&          \
+    !defined(WOLFSSL_SM3) && !defined(WOLFSSL_SM2)
+int test_ocsp_certid_enc_dec(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_OCSP_CERTID* certIdDec = NULL;
+    WOLFSSL_OCSP_CERTID* certId = NULL;
+    WOLFSSL_X509* subject = NULL;
+    WOLFSSL_X509* issuer = NULL;
+    unsigned char* temp = NULL;
+    unsigned char* der2 = NULL;
+    unsigned char* der = NULL;
+    int derSz = 0, derSz1 = 0;
+
+    /* Load test certificates */
+    ExpectNotNull(
+        subject = wolfSSL_X509_load_certificate_file(
+            "./certs/ocsp/intermediate1-ca-cert.pem", WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(
+                      "./certs/ocsp/root-ca-cert.pem", WOLFSSL_FILETYPE_PEM));
+
+    /* Create CERTID from certificates */
+    ExpectNotNull(certId = wolfSSL_OCSP_cert_to_id(NULL, subject, issuer));
+
+    /* get len */
+    ExpectIntGT(derSz = wolfSSL_i2d_OCSP_CERTID(certId, NULL), 0);
+
+    /* encode it */
+    ExpectIntGT(derSz1 = wolfSSL_i2d_OCSP_CERTID(certId, &der), 0);
+    ExpectIntEQ(derSz, derSz1);
+
+    if (EXPECT_SUCCESS())
+        temp = der2 = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
+    ExpectNotNull(der2);
+    /* encode without allocation */
+    ExpectIntGT(derSz1 = wolfSSL_i2d_OCSP_CERTID(certId, &der2), 0);
+    ExpectIntEQ(derSz, derSz1);
+    ExpectPtrEq(der2, temp + derSz);
+    ExpectBufEQ(der, temp, derSz);
+    XFREE(temp, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    /* save original */
+    temp = der;
+    /* decode it */
+    ExpectNotNull(certIdDec = wolfSSL_d2i_OCSP_CERTID(NULL,
+                      (const unsigned char**)&der, derSz));
+    /* check ptr is advanced */
+    ExpectPtrEq(der, temp + derSz);
+    der = der2;
+    XFREE(temp, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    /* compare */
+    ExpectIntEQ(wolfSSL_OCSP_id_cmp(certId, certIdDec), 0);
+
+    wolfSSL_OCSP_CERTID_free(certId);
+    wolfSSL_OCSP_CERTID_free(certIdDec);
+    wolfSSL_X509_free(subject);
+    wolfSSL_X509_free(issuer);
+
+    return EXPECT_SUCCESS();
+}
+#else /* !NO_SHA && OPENSSL_ALL && HAVE_OCSP && !WOLFSSL_SM3 && !WOLFSSL_SM2 */
+int test_ocsp_certid_enc_dec(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
diff --git a/tests/api/test_ocsp.h b/tests/api/test_ocsp.h
new file mode 100644
index 000000000..55065b9d6
--- /dev/null
+++ b/tests/api/test_ocsp.h
@@ -0,0 +1,30 @@
+/* test_ocsp.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_TEST_OCSP_H
+#define WOLFSSL_TEST_OCSP_H
+
+int test_ocsp_certid_enc_dec(void);
+int test_ocsp_status_callback(void);
+int test_ocsp_basic_verify(void);
+int test_ocsp_response_parsing(void);
+#endif /* WOLFSSL_TEST_OCSP_H */
+
diff --git a/tests/api/test_ocsp_test_blobs.h b/tests/api/test_ocsp_test_blobs.h
new file mode 100644
index 000000000..04a667ec1
--- /dev/null
+++ b/tests/api/test_ocsp_test_blobs.h
@@ -0,0 +1,1224 @@
+/*
+* This file is generated automatically by running ./tests/api/create_ocsp_test_blobs.py.
+*
+* ocsp_test_blobs.h
+*
+* Copyright (C) 2006-2025 wolfSSL Inc.
+*
+* This file is part of wolfSSL.
+*
+* wolfSSL is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* wolfSSL is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+*
+*/
+#ifndef OCSP_TEST_BLOBS_H
+#define OCSP_TEST_BLOBS_H
+
+unsigned char resp[] = {
+    0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30,
+    0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82,
+    0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f,
+    0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65,
+    0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f,
+    0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34,
+    0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06,
+    0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1,
+    0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52,
+    0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82,
+    0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72,
+    0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32,
+    0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a,
+    0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x31, 0xb2, 0x07, 0x71, 0xa6, 0x8e,
+    0xd7, 0x32, 0xf5, 0x8d, 0x38, 0xd5, 0xbd, 0xe8, 0x6a, 0xba, 0x50, 0x79,
+    0x0d, 0x60, 0x14, 0xc4, 0xdc, 0x3a, 0xb2, 0xd3, 0x47, 0x21, 0x83, 0x2f,
+    0xb8, 0xa8, 0x91, 0x12, 0x58, 0x43, 0xd4, 0x27, 0x03, 0x10, 0x7c, 0x67,
+    0x65, 0xfc, 0x7c, 0xb9, 0xe9, 0x07, 0x76, 0xa3, 0x68, 0x1a, 0x2b, 0x56,
+    0xe0, 0x72, 0x5f, 0xb6, 0x6a, 0x2d, 0x52, 0x52, 0xf4, 0xf3, 0x4b, 0x91,
+    0x6b, 0x65, 0xe2, 0xd3, 0x03, 0x9b, 0xaf, 0x11, 0x43, 0x97, 0x94, 0x63,
+    0xff, 0x0d, 0x71, 0xf5, 0x4f, 0xef, 0x61, 0x4f, 0x55, 0xd3, 0x5b, 0x5f,
+    0x61, 0x1f, 0x2c, 0x03, 0xbd, 0x3f, 0xde, 0x62, 0xb5, 0x36, 0xb0, 0x3a,
+    0x52, 0xf3, 0x35, 0x26, 0x41, 0x2d, 0xa3, 0x1b, 0x1b, 0x07, 0x2c, 0x0a,
+    0x6b, 0x2b, 0x36, 0x87, 0x0c, 0xec, 0x5a, 0x9b, 0x72, 0xc2, 0x04, 0x79,
+    0x4a, 0x68, 0xba, 0xde, 0x6d, 0x65, 0x37, 0x37, 0x4f, 0x0a, 0xa8, 0x5b,
+    0x06, 0x45, 0xc0, 0x59, 0x39, 0x11, 0xd4, 0xcc, 0x28, 0x0c, 0x5d, 0x76,
+    0x11, 0xeb, 0x71, 0x0a, 0xf7, 0x72, 0x06, 0x2f, 0x50, 0x98, 0xe1, 0xfc,
+    0x86, 0x00, 0xaa, 0x9f, 0x45, 0xc5, 0x81, 0x8b, 0x73, 0xe9, 0x8c, 0xef,
+    0x31, 0xd9, 0x9b, 0xde, 0xe7, 0x57, 0xd0, 0x14, 0x8f, 0xfe, 0xec, 0xed,
+    0xc2, 0xfc, 0x18, 0x35, 0x4e, 0x24, 0xd0, 0x46, 0x36, 0x86, 0xdb, 0x6f,
+    0xa7, 0x06, 0x85, 0xef, 0x70, 0x2c, 0xce, 0xbb, 0xcc, 0x44, 0x3e, 0x82,
+    0x2f, 0xfa, 0xc2, 0x12, 0x6d, 0x40, 0x71, 0xc4, 0xac, 0xd9, 0x48, 0x72,
+    0xff, 0xec, 0x65, 0x89, 0x29, 0x81, 0x5f, 0x92, 0x98, 0x9f, 0xfb, 0xd0,
+    0x73, 0xcf, 0xb1, 0x80, 0x37, 0x33, 0x37, 0xb1, 0x95, 0x7e, 0xba, 0xb2,
+    0x6f, 0xee, 0x7b, 0x16, 0x09, 0x04, 0x9b, 0x01, 0x4b, 0x1e, 0xa0, 0x82,
+    0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82,
+    0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+    0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20,
+    0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
+    0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
+    0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32,
+    0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34,
+    0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+    0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23,
+    0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5,
+    0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a,
+    0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a,
+    0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41,
+    0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb,
+    0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75,
+    0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95,
+    0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce,
+    0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3,
+    0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39,
+    0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72,
+    0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a,
+    0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03,
+    0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7,
+    0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff,
+    0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11,
+    0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda,
+    0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef,
+    0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f,
+    0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3,
+    0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5,
+    0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82,
+    0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30,
+    0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+    0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70,
+    0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06,
+    0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4,
+    0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+    0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+    0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+    0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+    0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+    0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+    0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74,
+    0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c,
+    0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
+    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0xa2, 0xd8, 0x55,
+    0xe0, 0x2b, 0xf4, 0xad, 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2,
+    0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, 0xbd, 0x2e, 0x28, 0x6e,
+    0x1c, 0x56, 0x2a, 0x35, 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a,
+    0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, 0xaf, 0x9b, 0xef, 0x23,
+    0x88, 0x56, 0x95, 0x73, 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7,
+    0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, 0xfd, 0xe2, 0xa0, 0x81,
+    0xa0, 0x4c, 0x0c, 0x2c, 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6,
+    0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, 0xd6, 0x6a, 0x4c, 0x4c,
+    0x78, 0x18, 0x3c, 0xca, 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27,
+    0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, 0x6b, 0x25, 0xbd, 0x2f,
+    0xae, 0x1b, 0xaa, 0xce, 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b,
+    0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, 0xe6, 0x66, 0xbc, 0x84,
+    0x63, 0x56, 0x50, 0x7d, 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58,
+    0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, 0x4c, 0x7e, 0x4f, 0x93,
+    0xeb, 0x5f, 0x8f, 0x9c, 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22,
+    0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, 0x65, 0xbd, 0x0c, 0x71,
+    0x3c, 0xbb, 0xa3, 0x07, 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4,
+    0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, 0x28, 0xc1, 0x01, 0x31,
+    0x73, 0x5c, 0x2b, 0xbd, 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83,
+    0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, 0x55, 0xb9, 0x70, 0x87,
+    0xd5, 0x02, 0x85, 0x13, 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57,
+};
+
+unsigned char resp_rid_bykey[] = {
+    0x30, 0x82, 0x06, 0x76, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0x6f, 0x30,
+    0x82, 0x06, 0x6b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x06, 0x5c, 0x30, 0x82, 0x06, 0x58, 0x30, 0x7a,
+    0xa2, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc,
+    0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36,
+    0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36,
+    0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30,
+    0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8,
+    0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8,
+    0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4,
+    0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a,
+    0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32,
+    0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30,
+    0x39, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x18, 0x8b, 0xc4, 0x9c,
+    0x4e, 0x93, 0x4c, 0x91, 0x99, 0x32, 0x43, 0x3d, 0x03, 0xa0, 0x18, 0x7c,
+    0x20, 0x03, 0x2d, 0x29, 0x4a, 0xf8, 0x48, 0x43, 0xe5, 0x86, 0x27, 0x3f,
+    0x35, 0x99, 0x0e, 0x7f, 0xed, 0x7c, 0x1a, 0xd6, 0xfe, 0x2d, 0xed, 0xf8,
+    0x42, 0xda, 0xf3, 0xc0, 0x28, 0x8c, 0x7a, 0xf7, 0x4a, 0xbc, 0x9d, 0x54,
+    0xf0, 0x27, 0x89, 0xf3, 0xb9, 0x08, 0x9a, 0x8c, 0xf9, 0x4b, 0x75, 0x47,
+    0x39, 0x68, 0x64, 0xea, 0x2b, 0x16, 0x8d, 0xe6, 0x30, 0x4e, 0xb8, 0x97,
+    0xcd, 0x2d, 0x87, 0xc2, 0x5a, 0xb7, 0x10, 0xfa, 0xb9, 0x94, 0xad, 0xfe,
+    0xe4, 0x4e, 0xeb, 0x40, 0xe6, 0x56, 0xa0, 0x79, 0x88, 0x84, 0x51, 0x38,
+    0x79, 0xc6, 0x00, 0xc8, 0x94, 0xc8, 0x06, 0x45, 0x0d, 0x16, 0x51, 0xa1,
+    0xa0, 0xb5, 0xee, 0xa0, 0x91, 0xee, 0x35, 0x4a, 0xec, 0x60, 0xfb, 0x5a,
+    0x38, 0x40, 0x72, 0xf9, 0xc8, 0x54, 0x26, 0x58, 0xed, 0x6a, 0x7e, 0x4e,
+    0xca, 0xd8, 0xae, 0xb5, 0xf0, 0xe8, 0xed, 0x3a, 0xff, 0x51, 0xf9, 0x6e,
+    0x3d, 0x09, 0x4a, 0xb2, 0x68, 0x48, 0x33, 0xc0, 0xe8, 0x48, 0x77, 0xc9,
+    0xe3, 0x06, 0x0c, 0xc8, 0x92, 0x70, 0x54, 0x70, 0x33, 0x1b, 0x7c, 0xb8,
+    0x50, 0x67, 0xa7, 0xb4, 0x2d, 0x98, 0x77, 0x0e, 0x90, 0x0a, 0x55, 0xb7,
+    0xde, 0x06, 0x2a, 0x14, 0x51, 0x9d, 0xb1, 0x79, 0x2e, 0x8e, 0x3d, 0xef,
+    0x4c, 0x9b, 0x86, 0x22, 0x95, 0x2b, 0x1e, 0xa4, 0xf4, 0x09, 0x4c, 0xca,
+    0xe9, 0x5e, 0x0c, 0x87, 0x2c, 0x74, 0x1d, 0x78, 0x50, 0xa6, 0x9e, 0x36,
+    0x3b, 0xeb, 0x4e, 0x24, 0x00, 0xa2, 0x25, 0x2a, 0x63, 0xd8, 0x2e, 0xfe,
+    0xd2, 0xf1, 0x3b, 0x9d, 0x36, 0x80, 0x00, 0x67, 0xe4, 0x1d, 0xf9, 0x83,
+    0xd1, 0x65, 0x73, 0x3e, 0xe1, 0xbc, 0x16, 0x54, 0xa8, 0x0d, 0x21, 0xc0,
+    0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe,
+    0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04,
+    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
+    0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
+    0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+    0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10,
+    0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
+    0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
+    0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69,
+    0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f,
+    0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66,
+    0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+    0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32,
+    0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39,
+    0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, 0x81, 0x9e,
+    0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+    0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a,
+    0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
+    0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61,
+    0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+    0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14,
+    0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
+    0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70,
+    0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
+    0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8,
+    0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61,
+    0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c,
+    0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1,
+    0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4,
+    0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51,
+    0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74,
+    0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb,
+    0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80,
+    0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e,
+    0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16,
+    0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7,
+    0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8,
+    0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8,
+    0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e,
+    0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71,
+    0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27,
+    0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c,
+    0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76,
+    0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95,
+    0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b,
+    0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54,
+    0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a,
+    0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
+    0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+    0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23,
+    0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81,
+    0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9,
+    0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5,
+    0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81,
+    0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69,
+    0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+    0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f,
+    0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25,
+    0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+    0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0xa2,
+    0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60,
+    0xa0, 0xa2, 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, 0xbd, 0x2e,
+    0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47,
+    0x21, 0x1a, 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, 0xaf, 0x9b,
+    0xef, 0x23, 0x88, 0x56, 0x95, 0x73, 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b,
+    0x69, 0xf7, 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, 0xfd, 0xe2,
+    0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c,
+    0x32, 0xa6, 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, 0xd6, 0x6a,
+    0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81,
+    0x5b, 0x27, 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, 0x6b, 0x25,
+    0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0,
+    0x34, 0x6b, 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, 0xe6, 0x66,
+    0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4,
+    0xfd, 0x58, 0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, 0x4c, 0x7e,
+    0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53,
+    0x77, 0x22, 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, 0x65, 0xbd,
+    0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a,
+    0xb4, 0xc4, 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, 0x28, 0xc1,
+    0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96,
+    0xd7, 0x83, 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, 0x55, 0xb9,
+    0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a,
+    0xaa, 0x57,
+};
+
+unsigned char resp_nocert[] = {
+    0x30, 0x82, 0x02, 0x3a, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x33, 0x30,
+    0x82, 0x02, 0x2f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x02, 0x20, 0x30, 0x82, 0x02, 0x1c, 0x30, 0x82,
+    0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f,
+    0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65,
+    0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f,
+    0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34,
+    0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06,
+    0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1,
+    0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52,
+    0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82,
+    0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72,
+    0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32,
+    0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a,
+    0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x31, 0xb2, 0x07, 0x71, 0xa6, 0x8e,
+    0xd7, 0x32, 0xf5, 0x8d, 0x38, 0xd5, 0xbd, 0xe8, 0x6a, 0xba, 0x50, 0x79,
+    0x0d, 0x60, 0x14, 0xc4, 0xdc, 0x3a, 0xb2, 0xd3, 0x47, 0x21, 0x83, 0x2f,
+    0xb8, 0xa8, 0x91, 0x12, 0x58, 0x43, 0xd4, 0x27, 0x03, 0x10, 0x7c, 0x67,
+    0x65, 0xfc, 0x7c, 0xb9, 0xe9, 0x07, 0x76, 0xa3, 0x68, 0x1a, 0x2b, 0x56,
+    0xe0, 0x72, 0x5f, 0xb6, 0x6a, 0x2d, 0x52, 0x52, 0xf4, 0xf3, 0x4b, 0x91,
+    0x6b, 0x65, 0xe2, 0xd3, 0x03, 0x9b, 0xaf, 0x11, 0x43, 0x97, 0x94, 0x63,
+    0xff, 0x0d, 0x71, 0xf5, 0x4f, 0xef, 0x61, 0x4f, 0x55, 0xd3, 0x5b, 0x5f,
+    0x61, 0x1f, 0x2c, 0x03, 0xbd, 0x3f, 0xde, 0x62, 0xb5, 0x36, 0xb0, 0x3a,
+    0x52, 0xf3, 0x35, 0x26, 0x41, 0x2d, 0xa3, 0x1b, 0x1b, 0x07, 0x2c, 0x0a,
+    0x6b, 0x2b, 0x36, 0x87, 0x0c, 0xec, 0x5a, 0x9b, 0x72, 0xc2, 0x04, 0x79,
+    0x4a, 0x68, 0xba, 0xde, 0x6d, 0x65, 0x37, 0x37, 0x4f, 0x0a, 0xa8, 0x5b,
+    0x06, 0x45, 0xc0, 0x59, 0x39, 0x11, 0xd4, 0xcc, 0x28, 0x0c, 0x5d, 0x76,
+    0x11, 0xeb, 0x71, 0x0a, 0xf7, 0x72, 0x06, 0x2f, 0x50, 0x98, 0xe1, 0xfc,
+    0x86, 0x00, 0xaa, 0x9f, 0x45, 0xc5, 0x81, 0x8b, 0x73, 0xe9, 0x8c, 0xef,
+    0x31, 0xd9, 0x9b, 0xde, 0xe7, 0x57, 0xd0, 0x14, 0x8f, 0xfe, 0xec, 0xed,
+    0xc2, 0xfc, 0x18, 0x35, 0x4e, 0x24, 0xd0, 0x46, 0x36, 0x86, 0xdb, 0x6f,
+    0xa7, 0x06, 0x85, 0xef, 0x70, 0x2c, 0xce, 0xbb, 0xcc, 0x44, 0x3e, 0x82,
+    0x2f, 0xfa, 0xc2, 0x12, 0x6d, 0x40, 0x71, 0xc4, 0xac, 0xd9, 0x48, 0x72,
+    0xff, 0xec, 0x65, 0x89, 0x29, 0x81, 0x5f, 0x92, 0x98, 0x9f, 0xfb, 0xd0,
+    0x73, 0xcf, 0xb1, 0x80, 0x37, 0x33, 0x37, 0xb1, 0x95, 0x7e, 0xba, 0xb2,
+    0x6f, 0xee, 0x7b, 0x16, 0x09, 0x04, 0x9b, 0x01, 0x4b, 0x1e,
+};
+
+unsigned char resp_multi[] = {
+    0x30, 0x82, 0x02, 0x83, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x7c, 0x30,
+    0x82, 0x02, 0x78, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x02, 0x69, 0x30, 0x82, 0x02, 0x65, 0x30, 0x82,
+    0x01, 0x4f, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72,
+    0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+    0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30,
+    0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x9e, 0x30,
+    0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+    0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b,
+    0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80,
+    0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31,
+    0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07,
+    0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb,
+    0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2,
+    0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f,
+    0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e,
+    0x72, 0x15, 0x21, 0x02, 0x01, 0x02, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30,
+    0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39,
+    0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0a, 0xc7, 0xfd, 0xa9, 0x1f,
+    0x76, 0x19, 0xc8, 0xbd, 0xa2, 0x67, 0x24, 0xd1, 0x68, 0xe3, 0x8b, 0x27,
+    0xf2, 0x67, 0x24, 0x87, 0xe3, 0x10, 0xba, 0x8d, 0x8d, 0x6f, 0xe2, 0xfa,
+    0xc1, 0xa6, 0x5a, 0x4c, 0xb1, 0x79, 0x56, 0x50, 0x2b, 0xb7, 0xdf, 0x20,
+    0x89, 0xda, 0x02, 0x3d, 0xef, 0xd3, 0xf9, 0x86, 0x6b, 0x0d, 0xd4, 0x92,
+    0x7e, 0x90, 0x04, 0x6c, 0xfd, 0x7b, 0x6d, 0xde, 0x02, 0x37, 0xec, 0x09,
+    0x2f, 0x6e, 0xf2, 0x69, 0xf8, 0x44, 0x82, 0xa9, 0x98, 0xca, 0xf4, 0x69,
+    0xa1, 0xe5, 0x68, 0xa3, 0xa9, 0x5c, 0xea, 0x07, 0xdd, 0x62, 0x2f, 0xb1,
+    0xd1, 0x55, 0x44, 0x82, 0x1a, 0xc3, 0x9f, 0x39, 0xec, 0xb9, 0x24, 0xfe,
+    0xea, 0x50, 0x28, 0x6c, 0x79, 0x3a, 0x6b, 0xfd, 0xbc, 0x3f, 0x81, 0xd3,
+    0x7c, 0xab, 0x13, 0x54, 0x1b, 0x0d, 0xd7, 0xa9, 0x31, 0x97, 0x0f, 0x53,
+    0x7a, 0xca, 0x49, 0x51, 0x03, 0xa9, 0xdc, 0x89, 0x00, 0x80, 0x69, 0xb6,
+    0x52, 0x0a, 0x10, 0xfe, 0xe1, 0x7e, 0x5f, 0x73, 0x8a, 0xd9, 0xbf, 0x3f,
+    0x02, 0x00, 0xf0, 0xb3, 0xb5, 0x04, 0xb8, 0x59, 0x07, 0xc9, 0x9b, 0x41,
+    0x12, 0x8d, 0x12, 0xed, 0x58, 0x3d, 0xcf, 0xa0, 0x1c, 0x7d, 0x45, 0x5d,
+    0x7c, 0x06, 0x0d, 0x8c, 0x98, 0xc9, 0x4e, 0xe9, 0x26, 0xa3, 0xc8, 0x70,
+    0x18, 0xe8, 0xff, 0x9b, 0x88, 0x0d, 0x3f, 0x47, 0xb3, 0x24, 0x43, 0x8c,
+    0x23, 0xa1, 0x3b, 0x64, 0x3d, 0x85, 0x34, 0x87, 0xae, 0x24, 0x76, 0x0f,
+    0x1e, 0x20, 0x6b, 0xf8, 0x5e, 0x4b, 0xea, 0x8c, 0x2a, 0xb1, 0xfb, 0xf2,
+    0xbc, 0xf7, 0x1d, 0x8f, 0x77, 0x69, 0x46, 0x4c, 0xff, 0x49, 0xd7, 0x47,
+    0x07, 0xa2, 0x04, 0x18, 0x14, 0xa9, 0x59, 0x53, 0x18, 0x5c, 0x0d, 0xbf,
+    0x04, 0xd9, 0xc8, 0xeb, 0xd2, 0xe7, 0x7b, 0xf1, 0x51, 0x8f, 0xca,
+};
+
+unsigned char resp_bad_noauth[] = {
+    0x30, 0x82, 0x02, 0x83, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x7c, 0x30,
+    0x82, 0x02, 0x78, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x02, 0x69, 0x30, 0x82, 0x02, 0x65, 0x30, 0x82,
+    0x01, 0x4f, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72,
+    0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+    0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30,
+    0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x9e, 0x30,
+    0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+    0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b,
+    0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80,
+    0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31,
+    0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07,
+    0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0xff, 0x66, 0x21,
+    0x8a, 0x6e, 0xc5, 0x86, 0x61, 0x84, 0x25, 0x9a, 0xba, 0xd6, 0x55, 0x39,
+    0xfb, 0x25, 0x51, 0x2c, 0xdd, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74,
+    0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30,
+    0xe5, 0xe8, 0xd5, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30,
+    0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39,
+    0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x16, 0xe7, 0xf6, 0x64, 0x59,
+    0x3a, 0x69, 0x64, 0x73, 0x5f, 0x9d, 0xdf, 0x91, 0xd8, 0xca, 0xc4, 0x99,
+    0xa5, 0x21, 0xdf, 0x49, 0x49, 0x84, 0xb9, 0xbe, 0x34, 0xaf, 0xf1, 0xf8,
+    0x6f, 0x8d, 0xea, 0x0d, 0x43, 0x1f, 0xcf, 0xe1, 0xd0, 0xda, 0x3e, 0x41,
+    0x3d, 0xab, 0x27, 0x19, 0x62, 0x03, 0x95, 0x1d, 0xc4, 0x09, 0xa2, 0xfb,
+    0x86, 0xfb, 0x19, 0x58, 0x32, 0x23, 0xc7, 0xb8, 0x96, 0xc1, 0xa4, 0x13,
+    0xc5, 0xe5, 0x61, 0x33, 0xb6, 0xbf, 0x34, 0x6f, 0x06, 0xaf, 0xcf, 0x9f,
+    0xaf, 0x84, 0x82, 0xa0, 0x9d, 0x00, 0x2a, 0x40, 0x9a, 0x77, 0x7f, 0xdd,
+    0x20, 0xc0, 0x3f, 0xa4, 0x84, 0x16, 0xef, 0x42, 0x32, 0x56, 0x66, 0xba,
+    0x9a, 0xb4, 0xf3, 0x79, 0x33, 0x3c, 0x5b, 0xa2, 0x40, 0xe9, 0x8b, 0xdc,
+    0x0d, 0x1d, 0x7a, 0x26, 0x25, 0x9f, 0xe8, 0x09, 0x74, 0x8a, 0x77, 0x6a,
+    0x82, 0x9b, 0xa1, 0x57, 0xd2, 0xa3, 0xb7, 0x40, 0x06, 0x62, 0x35, 0x15,
+    0x31, 0x54, 0xd4, 0x68, 0x75, 0x76, 0x56, 0xe3, 0xd6, 0x0b, 0x38, 0x99,
+    0x06, 0xf9, 0x75, 0xb0, 0x81, 0x3f, 0xa4, 0x97, 0xec, 0xee, 0x28, 0x0b,
+    0xcd, 0xe8, 0x23, 0xb1, 0x21, 0xe3, 0xd0, 0x88, 0xe0, 0x57, 0x97, 0x40,
+    0x54, 0x62, 0x7c, 0x9a, 0xbd, 0x07, 0xe1, 0x5c, 0x71, 0xe0, 0xfb, 0xcd,
+    0xc5, 0x03, 0xf5, 0x90, 0xc1, 0x2b, 0xc4, 0x5a, 0x09, 0x55, 0x17, 0x80,
+    0x41, 0xa6, 0xdc, 0xaf, 0x42, 0x41, 0x3c, 0xbf, 0xe8, 0xef, 0xa7, 0xf4,
+    0x7b, 0x9d, 0xa1, 0xfe, 0x80, 0xa1, 0xab, 0x0f, 0x8b, 0x4e, 0x4f, 0x0a,
+    0x10, 0x8b, 0xf2, 0x10, 0xeb, 0xf7, 0x73, 0xe3, 0xa7, 0x03, 0x9f, 0x0e,
+    0x33, 0x03, 0x42, 0x4e, 0xbe, 0xdd, 0x11, 0x2f, 0x9a, 0x06, 0xf7, 0x22,
+    0x7d, 0xfd, 0xb5, 0xa4, 0x89, 0xf8, 0x06, 0x2c, 0x41, 0xcf, 0x8a,
+};
+
+unsigned char resp_bad_embedded_cert[] = {
+    0x30, 0x82, 0x07, 0x2e, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x27, 0x30,
+    0x82, 0x07, 0x23, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x07, 0x14, 0x30, 0x82, 0x07, 0x10, 0x30, 0x81,
+    0xff, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69,
+    0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+    0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f,
+    0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35,
+    0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30,
+    0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14,
+    0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a,
+    0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0,
+    0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04,
+    0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18,
+    0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34,
+    0x34, 0x30, 0x39, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0x34,
+    0x62, 0xfc, 0xd3, 0xf8, 0x95, 0x00, 0xc1, 0x3e, 0x4a, 0x18, 0x68, 0xf2,
+    0x6a, 0x71, 0xe8, 0xdf, 0x99, 0x42, 0xef, 0x2a, 0x2a, 0xcf, 0xa7, 0x43,
+    0xca, 0xd0, 0x93, 0x6b, 0x51, 0x05, 0xbf, 0xf9, 0xbb, 0xdb, 0x10, 0xc0,
+    0xb4, 0x02, 0xc7, 0x78, 0x07, 0x96, 0xf7, 0x02, 0x12, 0xa0, 0x9f, 0x68,
+    0x6f, 0xfc, 0x35, 0x6d, 0x9f, 0x90, 0x84, 0x1c, 0x6e, 0x57, 0x7b, 0x45,
+    0x37, 0xb8, 0xe3, 0x9d, 0x65, 0x22, 0x56, 0x24, 0xf6, 0xce, 0xb0, 0x79,
+    0xd6, 0xfa, 0xec, 0xc1, 0xe6, 0xbe, 0x97, 0xf7, 0xd5, 0x6e, 0xcd, 0xbb,
+    0xf9, 0x0c, 0xf8, 0x26, 0x0b, 0xf1, 0x20, 0x93, 0x11, 0x40, 0x61, 0x18,
+    0x5b, 0x24, 0xdf, 0x62, 0x39, 0xe1, 0x3d, 0xf2, 0x35, 0x3f, 0xbe, 0xa8,
+    0xc5, 0x99, 0xe7, 0x67, 0xbe, 0xaa, 0xc0, 0x0b, 0x53, 0xe9, 0xb6, 0x16,
+    0x55, 0x7f, 0xc6, 0x0d, 0xe4, 0x43, 0x96, 0xa6, 0xf7, 0x48, 0x21, 0xab,
+    0xf3, 0x0a, 0x17, 0x77, 0x87, 0x54, 0x7a, 0x35, 0x87, 0xfb, 0x7b, 0x7a,
+    0xcb, 0x87, 0x9f, 0x80, 0x8c, 0xe9, 0xcf, 0x04, 0x8d, 0xc0, 0xa5, 0x8c,
+    0xd7, 0xc6, 0x37, 0xcd, 0x28, 0x83, 0x6c, 0x68, 0x32, 0x97, 0xa7, 0x2e,
+    0x9d, 0x1c, 0x5b, 0x20, 0x77, 0x63, 0x55, 0x1b, 0x8b, 0x0b, 0xed, 0x1d,
+    0x25, 0x65, 0xaf, 0xf8, 0x3e, 0xcf, 0x5f, 0x43, 0x7f, 0xf8, 0xe3, 0x03,
+    0x13, 0x4f, 0x7a, 0x8a, 0x0d, 0x6b, 0xdd, 0xd6, 0xee, 0xd9, 0x97, 0xfe,
+    0xc1, 0x6a, 0x5b, 0x20, 0x39, 0x4f, 0x8f, 0x0c, 0x8c, 0x62, 0x33, 0x17,
+    0x9a, 0xa8, 0x25, 0x20, 0xa4, 0x7b, 0x20, 0x98, 0x7d, 0x64, 0xc8, 0x7d,
+    0xf4, 0xae, 0x77, 0xcb, 0x4a, 0xb7, 0xa0, 0xdf, 0x5e, 0x08, 0x83, 0xc5,
+    0x85, 0xdf, 0x71, 0xb1, 0x4f, 0x68, 0x1a, 0x34, 0x6f, 0xf5, 0xc1, 0xd0,
+    0x0d, 0x97, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x30, 0x82,
+    0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
+    0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72,
+    0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+    0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31,
+    0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x37,
+    0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30,
+    0x81, 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+    0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+    0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53,
+    0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
+    0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x22,
+    0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x77, 0x6f, 0x6c,
+    0x66, 0x53, 0x53, 0x4c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
+    0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20, 0x32, 0x31, 0x1f,
+    0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+    0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+    0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
+    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+    0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
+    0x82, 0x01, 0x01, 0x00, 0xd0, 0x20, 0x3c, 0x35, 0x19, 0x6f, 0x2c, 0x44,
+    0xb4, 0x7e, 0x42, 0xc7, 0x75, 0xb4, 0x6a, 0x2b, 0xa9, 0x23, 0x85, 0xbf,
+    0x87, 0xb4, 0xee, 0xca, 0xd7, 0x4b, 0x1f, 0x31, 0xd7, 0x11, 0x02, 0xa1,
+    0xab, 0x58, 0x3d, 0xfb, 0xdc, 0x51, 0xca, 0x3a, 0x1d, 0x1f, 0x95, 0xa6,
+    0x56, 0x82, 0xf7, 0x8f, 0xff, 0x6b, 0x50, 0xbb, 0xea, 0x10, 0xe1, 0x47,
+    0x1d, 0x35, 0x77, 0x2e, 0x4b, 0x28, 0xc5, 0x53, 0x46, 0x23, 0x2b, 0x82,
+    0xfd, 0x5a, 0xd3, 0xf4, 0x21, 0xdb, 0x0e, 0xe0, 0xf2, 0x76, 0x33, 0x47,
+    0xb3, 0x00, 0xbe, 0x3a, 0xb1, 0x23, 0x98, 0x53, 0xeb, 0xea, 0xa0, 0xde,
+    0x1b, 0xcc, 0x05, 0x4e, 0xee, 0x63, 0xa8, 0x2c, 0x93, 0x24, 0xd6, 0x98,
+    0x78, 0x74, 0x03, 0xe4, 0xc8, 0x89, 0x43, 0x61, 0xf1, 0x25, 0xb8, 0xcd,
+    0x3b, 0x87, 0xc1, 0x31, 0x25, 0xfd, 0xba, 0x4c, 0xfc, 0x29, 0x94, 0x45,
+    0x9e, 0x69, 0xd7, 0x67, 0x0a, 0x8a, 0x8e, 0xd5, 0x52, 0x93, 0x30, 0xa2,
+    0x0e, 0xdd, 0x6a, 0x1c, 0xb0, 0x94, 0x77, 0xdb, 0x52, 0x52, 0xb7, 0x89,
+    0x21, 0xbe, 0x96, 0x75, 0x24, 0xcb, 0xe9, 0x49, 0xdf, 0x81, 0x9d, 0x9d,
+    0xf8, 0x55, 0x7d, 0x01, 0x2a, 0xeb, 0x78, 0x03, 0x12, 0xe2, 0x20, 0x6e,
+    0xdb, 0x63, 0x35, 0xcd, 0xa1, 0x96, 0xf0, 0xf8, 0x8c, 0x20, 0x35, 0x69,
+    0x87, 0x01, 0xca, 0xb4, 0x54, 0x36, 0xa0, 0x15, 0xe0, 0x23, 0x7d, 0xb9,
+    0xfb, 0xbe, 0x99, 0x05, 0x50, 0xf0, 0xbf, 0xec, 0x7f, 0x12, 0xe1, 0x3d,
+    0x75, 0x15, 0x4e, 0xc8, 0xc2, 0x30, 0xe6, 0x8b, 0xfe, 0xe5, 0x8b, 0x55,
+    0xf8, 0x44, 0x5e, 0xe5, 0xe3, 0x56, 0xe0, 0x66, 0x2d, 0x6f, 0x42, 0x5a,
+    0x45, 0x6b, 0x96, 0xaa, 0xc7, 0x5d, 0x41, 0x08, 0x5f, 0xce, 0xd7, 0xdc,
+    0x9f, 0x20, 0xe4, 0x46, 0x78, 0xff, 0xd9, 0x99, 0x02, 0x03, 0x01, 0x00,
+    0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, 0x0c, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+    0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x05, 0xd1,
+    0xba, 0x86, 0x00, 0xa2, 0xee, 0x2a, 0x05, 0x24, 0xb7, 0x11, 0xad, 0x2d,
+    0x60, 0xf1, 0x90, 0x14, 0x8f, 0x17, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55,
+    0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0,
+    0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04,
+    0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a,
+    0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+    0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+    0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
+    0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
+    0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+    0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b,
+    0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31,
+    0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43,
+    0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01,
+    0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
+    0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+    0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06,
+    0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70,
+    0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31,
+    0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
+    0x01, 0x00, 0x1f, 0x0a, 0xd4, 0x04, 0xb7, 0x38, 0x42, 0xe7, 0xfa, 0x85,
+    0xee, 0x3a, 0xf7, 0x11, 0x98, 0x5a, 0x79, 0xd2, 0x43, 0x8b, 0xf0, 0x2b,
+    0xd2, 0xfc, 0xad, 0x7b, 0x33, 0xa0, 0x25, 0xa5, 0xb5, 0x3f, 0x29, 0x13,
+    0x94, 0x9c, 0xda, 0xb6, 0xe6, 0x41, 0x8c, 0x9a, 0x92, 0x3b, 0xcc, 0x44,
+    0x6e, 0x0e, 0x8e, 0x8b, 0x79, 0x09, 0x96, 0xed, 0x39, 0x57, 0xc4, 0xd6,
+    0xb1, 0x7f, 0xdd, 0xbf, 0xf1, 0x26, 0x75, 0x89, 0x7d, 0x28, 0x54, 0xc5,
+    0xe8, 0xda, 0x12, 0x28, 0x02, 0x5d, 0xbe, 0x91, 0x98, 0x95, 0xbf, 0xca,
+    0xe8, 0x20, 0xd6, 0xc6, 0x6c, 0xb2, 0xaf, 0x09, 0xab, 0x3a, 0xc2, 0xc2,
+    0xe5, 0xb1, 0xcf, 0xab, 0x79, 0x54, 0xf1, 0x44, 0xde, 0x77, 0xe4, 0xcb,
+    0x18, 0xf5, 0x7a, 0xd9, 0x5f, 0xe9, 0x88, 0xcd, 0x50, 0x54, 0x59, 0x01,
+    0xa0, 0x83, 0x1c, 0xb2, 0xad, 0x92, 0xea, 0xdf, 0xb1, 0x24, 0x84, 0xc7,
+    0xb5, 0x17, 0xe5, 0xc3, 0xb4, 0x26, 0x5f, 0x24, 0x90, 0xda, 0xe1, 0xd4,
+    0xac, 0xb8, 0xc7, 0xe0, 0x89, 0x1c, 0x56, 0x20, 0xaa, 0x53, 0x2d, 0x51,
+    0x55, 0x0a, 0x01, 0xe2, 0x4c, 0xbc, 0x8c, 0x74, 0x59, 0x9d, 0xf5, 0xf1,
+    0x74, 0xe7, 0x8b, 0xd8, 0x71, 0x12, 0x01, 0x2e, 0x6e, 0x4a, 0x01, 0xd7,
+    0xfb, 0x8d, 0xa8, 0x2e, 0x42, 0x63, 0xab, 0x11, 0x57, 0x1f, 0x4a, 0x1e,
+    0xc0, 0x43, 0x3b, 0x77, 0x32, 0x0d, 0xfe, 0x1f, 0xec, 0x62, 0x47, 0x27,
+    0xa7, 0x74, 0x84, 0x0a, 0x82, 0x3c, 0x0f, 0x5f, 0x83, 0x91, 0xe1, 0x78,
+    0x35, 0x88, 0x9d, 0xe1, 0xda, 0xb1, 0x00, 0xcb, 0x77, 0xc7, 0xfc, 0xf2,
+    0xa1, 0x3d, 0xc3, 0x7a, 0xde, 0xab, 0x81, 0xe4, 0x1b, 0xee, 0x75, 0xc9,
+    0xb9, 0xea, 0xf8, 0xc1, 0x5f, 0xe6, 0x15, 0x6a, 0x1f, 0x96, 0xba, 0x30,
+    0x05, 0x0f, 0x43, 0x7c, 0x21, 0xb6,
+};
+
+unsigned char ocsp_responder_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+    0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31,
+    0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d,
+    0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31,
+    0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20,
+    0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30,
+    0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+    0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+    0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+    0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3,
+    0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34,
+    0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d,
+    0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb,
+    0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b,
+    0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5,
+    0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee,
+    0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4,
+    0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac,
+    0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31,
+    0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1,
+    0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd,
+    0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c,
+    0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0,
+    0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12,
+    0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71,
+    0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0,
+    0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04,
+    0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68,
+    0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa,
+    0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65,
+    0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01,
+    0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
+    0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2,
+    0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8,
+    0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81,
+    0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82,
+    0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72,
+    0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31,
+    0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+    0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57,
+    0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74,
+    0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a,
+    0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30,
+    0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69,
+    0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+    0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30,
+    0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+    0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+    0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06,
+    0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06,
+    0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
+    0x01, 0x00, 0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, 0x65, 0xe2,
+    0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58,
+    0x57, 0x37, 0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, 0xde, 0xff,
+    0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb,
+    0x3e, 0xc6, 0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, 0x2e, 0xb3,
+    0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba,
+    0xc9, 0x59, 0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, 0xcb, 0x57,
+    0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3,
+    0x26, 0x69, 0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, 0x19, 0xf1,
+    0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d,
+    0x78, 0x99, 0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, 0x84, 0xb9,
+    0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60,
+    0xf1, 0xef, 0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, 0xbb, 0x2c,
+    0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, 0x77, 0x87, 0xee, 0x27, 0x20, 0x96,
+    0x72, 0x8e, 0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, 0x1e, 0x59,
+    0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f,
+    0xe8, 0x9d, 0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, 0xbf, 0xfb,
+    0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0,
+    0x5b, 0x05, 0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, 0x60, 0x97,
+    0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97,
+    0x86, 0x41, 0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, 0x41, 0xf8,
+    0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57,
+};
+
+unsigned char root_ca_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xe6, 0x30, 0x82, 0x03, 0xce, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+    0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31,
+    0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d,
+    0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31,
+    0x5a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20,
+    0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
+    0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
+    0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+    0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xab, 0x2c, 0xb4, 0x2f,
+    0x1d, 0x06, 0x09, 0xef, 0x4e, 0x29, 0x86, 0x84, 0x7e, 0xcc, 0xbf, 0xa6,
+    0x79, 0x7c, 0xf0, 0xc0, 0xc1, 0x64, 0x25, 0x8c, 0x75, 0xb7, 0x10, 0x05,
+    0xca, 0x48, 0x27, 0x0c, 0x0e, 0x32, 0x1c, 0xb0, 0xfe, 0x99, 0x85, 0x39,
+    0xb6, 0xb9, 0xa2, 0xf7, 0x27, 0xff, 0x6d, 0x3c, 0x8c, 0x16, 0x73, 0x29,
+    0x21, 0x7f, 0x8b, 0xa6, 0x54, 0x71, 0x90, 0xad, 0xcc, 0x05, 0xb9, 0x9f,
+    0x15, 0xc7, 0x0a, 0x3f, 0x5f, 0x69, 0xf4, 0x0a, 0x5f, 0x8c, 0x71, 0xb5,
+    0x2c, 0xbf, 0x66, 0xe2, 0x03, 0x9a, 0x32, 0xf4, 0xd2, 0xec, 0x2a, 0x89,
+    0x4b, 0xf9, 0x35, 0x88, 0x14, 0x33, 0x47, 0x4e, 0x2e, 0x05, 0x79, 0x01,
+    0xed, 0x64, 0x36, 0x76, 0xb9, 0xf8, 0x85, 0xcd, 0x01, 0x88, 0xac, 0xc5,
+    0xb2, 0xb1, 0x59, 0xb8, 0xcd, 0x5a, 0xf4, 0x09, 0x09, 0x38, 0x9b, 0xda,
+    0x5a, 0xcf, 0xce, 0x78, 0x99, 0x1f, 0x49, 0x3d, 0x41, 0xd6, 0x06, 0x7c,
+    0x52, 0x99, 0xc8, 0x97, 0xd1, 0xb3, 0x80, 0x3a, 0xa2, 0x4f, 0x36, 0xc4,
+    0xc5, 0x96, 0x30, 0x77, 0x31, 0x38, 0xc8, 0x70, 0xcc, 0xe1, 0x67, 0x06,
+    0xb3, 0x2b, 0x2f, 0x93, 0xb5, 0x69, 0xcf, 0x83, 0x7e, 0x88, 0x53, 0x9b,
+    0x0f, 0x46, 0x21, 0x4c, 0xd6, 0x05, 0x36, 0x44, 0x99, 0x60, 0x68, 0x47,
+    0xe5, 0x32, 0x01, 0x12, 0xd4, 0x10, 0x73, 0xae, 0x9a, 0x34, 0x94, 0xfa,
+    0x6e, 0xb8, 0x58, 0x4f, 0x7b, 0x5b, 0x8a, 0x92, 0x97, 0xad, 0xfd, 0x97,
+    0xb9, 0x75, 0xca, 0xc2, 0xd4, 0x45, 0x7d, 0x17, 0x6b, 0xcd, 0x2f, 0xf3,
+    0x63, 0x7a, 0x0e, 0x30, 0xb5, 0x0b, 0xa9, 0xd9, 0xa6, 0x7c, 0x74, 0x60,
+    0x9d, 0xcc, 0x09, 0x03, 0x43, 0xf1, 0x0f, 0x90, 0xd3, 0xb7, 0xfe, 0x6c,
+    0x9f, 0xd9, 0xcd, 0x78, 0x4b, 0x15, 0xae, 0x8c, 0x5b, 0xf9, 0x99, 0x81,
+    0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01,
+    0x35, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
+    0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+    0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5,
+    0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x30, 0x81,
+    0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9,
+    0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5,
+    0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81,
+    0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69,
+    0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+    0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f,
+    0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f,
+    0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06,
+    0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22,
+    0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16,
+    0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30,
+    0x2e, 0x30, 0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+    0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x76, 0xe8, 0xfa, 0xf6, 0x1e, 0x5b,
+    0x0e, 0xff, 0x24, 0x43, 0xe0, 0xcb, 0x19, 0x26, 0x38, 0xd9, 0xdf, 0x18,
+    0x5d, 0x66, 0xe1, 0x4b, 0xac, 0xe4, 0x8e, 0xb0, 0x49, 0x2c, 0xd6, 0x04,
+    0x20, 0xeb, 0x4a, 0xa8, 0x06, 0xd7, 0x55, 0xec, 0x6b, 0x38, 0xf8, 0x0f,
+    0x8c, 0xe6, 0xc9, 0xec, 0x42, 0xf0, 0xca, 0x07, 0x9f, 0x88, 0x7a, 0xee,
+    0xbf, 0xaf, 0x3f, 0x7d, 0xd3, 0x45, 0x67, 0x20, 0x84, 0xbb, 0xc7, 0xc5,
+    0x32, 0x69, 0xab, 0x59, 0xe1, 0xe3, 0x38, 0x4b, 0xed, 0x18, 0x2e, 0xde,
+    0xda, 0x88, 0xec, 0xa0, 0xb7, 0xff, 0xc1, 0x50, 0x96, 0x73, 0xe3, 0x03,
+    0xdf, 0xa1, 0xe7, 0x47, 0x93, 0x13, 0x1d, 0xfb, 0xe6, 0x6b, 0x37, 0x3e,
+    0x50, 0xa3, 0xeb, 0x5b, 0x24, 0x26, 0xd2, 0x43, 0x2e, 0x6e, 0x9c, 0x83,
+    0x9c, 0xfb, 0x79, 0xba, 0xcd, 0xfd, 0x3b, 0xe5, 0x87, 0x87, 0xa7, 0x0f,
+    0x5f, 0xf9, 0x64, 0x34, 0x56, 0x5e, 0x8b, 0x13, 0xe2, 0xc4, 0x41, 0xe3,
+    0x9d, 0x3e, 0x36, 0x2d, 0xcb, 0xd3, 0x5f, 0xd3, 0x12, 0x90, 0xbf, 0x78,
+    0xc1, 0x4c, 0xdf, 0xeb, 0x7b, 0x99, 0xe6, 0x1e, 0xee, 0x52, 0x78, 0x6f,
+    0x0c, 0x82, 0xe1, 0x59, 0xd4, 0x25, 0x40, 0xe5, 0x24, 0x95, 0x3e, 0x0f,
+    0xcc, 0x08, 0x60, 0xfe, 0xb4, 0x8c, 0x48, 0x42, 0xbf, 0x29, 0x74, 0x92,
+    0x71, 0x1a, 0x85, 0x00, 0xa7, 0x4c, 0xf0, 0xc0, 0x32, 0x47, 0xf3, 0xbe,
+    0xf4, 0x08, 0x5c, 0xf2, 0x43, 0xe0, 0xb9, 0x76, 0x86, 0x60, 0x9a, 0x3b,
+    0xaf, 0xd6, 0x32, 0x41, 0x5f, 0xb0, 0x04, 0x12, 0x44, 0x2a, 0x44, 0x19,
+    0xd4, 0x27, 0xd3, 0xce, 0x71, 0x7e, 0x5b, 0x16, 0x1a, 0xf5, 0x0c, 0xdb,
+    0x43, 0xb0, 0xa6, 0xbb, 0x76, 0x02, 0xf6, 0xe0, 0x30, 0x4e, 0x04, 0xf4,
+    0xf3, 0x9b, 0xcd, 0xd4, 0xae, 0x45, 0x94, 0xc5, 0x8c, 0xbb,
+};
+
+unsigned char ca_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xff, 0x30, 0x82, 0x03, 0xe7, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x6b, 0x9b, 0x70, 0xc6, 0xf1, 0xa3, 0x94, 0x65, 0x19,
+    0xa1, 0x08, 0x58, 0xef, 0xa7, 0x8d, 0x2b, 0x7a, 0x83, 0xc1, 0xda, 0x30,
+    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
+    0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
+    0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74,
+    0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a,
+    0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18,
+    0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
+    0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+    0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17,
+    0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x32,
+    0x39, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31,
+    0x32, 0x35, 0x32, 0x39, 0x5a, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
+    0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+    0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30,
+    0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74,
+    0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+    0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e,
+    0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+    0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x0c, 0xca,
+    0x2d, 0x14, 0xb2, 0x1e, 0x84, 0x42, 0x5b, 0xcd, 0x38, 0x1f, 0x4a, 0xf2,
+    0x4d, 0x75, 0x10, 0xf1, 0xb6, 0x35, 0x9f, 0xdf, 0xca, 0x7d, 0x03, 0x98,
+    0xd3, 0xac, 0xde, 0x03, 0x66, 0xee, 0x2a, 0xf1, 0xd8, 0xb0, 0x7d, 0x6e,
+    0x07, 0x54, 0x0b, 0x10, 0x98, 0x21, 0x4d, 0x80, 0xcb, 0x12, 0x20, 0xe7,
+    0xcc, 0x4f, 0xde, 0x45, 0x7d, 0xc9, 0x72, 0x77, 0x32, 0xea, 0xca, 0x90,
+    0xbb, 0x69, 0x52, 0x10, 0x03, 0x2f, 0xa8, 0xf3, 0x95, 0xc5, 0xf1, 0x8b,
+    0x62, 0x56, 0x1b, 0xef, 0x67, 0x6f, 0xa4, 0x10, 0x41, 0x95, 0xad, 0x0a,
+    0x9b, 0xe3, 0xa5, 0xc0, 0xb0, 0xd2, 0x70, 0x76, 0x50, 0x30, 0x5b, 0xa8,
+    0xe8, 0x08, 0x2c, 0x7c, 0xed, 0xa7, 0xa2, 0x7a, 0x8d, 0x38, 0x29, 0x1c,
+    0xac, 0xc7, 0xed, 0xf2, 0x7c, 0x95, 0xb0, 0x95, 0x82, 0x7d, 0x49, 0x5c,
+    0x38, 0xcd, 0x77, 0x25, 0xef, 0xbd, 0x80, 0x75, 0x53, 0x94, 0x3c, 0x3d,
+    0xca, 0x63, 0x5b, 0x9f, 0x15, 0xb5, 0xd3, 0x1d, 0x13, 0x2f, 0x19, 0xd1,
+    0x3c, 0xdb, 0x76, 0x3a, 0xcc, 0xb8, 0x7d, 0xc9, 0xe5, 0xc2, 0xd7, 0xda,
+    0x40, 0x6f, 0xd8, 0x21, 0xdc, 0x73, 0x1b, 0x42, 0x2d, 0x53, 0x9c, 0xfe,
+    0x1a, 0xfc, 0x7d, 0xab, 0x7a, 0x36, 0x3f, 0x98, 0xde, 0x84, 0x7c, 0x05,
+    0x67, 0xce, 0x6a, 0x14, 0x38, 0x87, 0xa9, 0xf1, 0x8c, 0xb5, 0x68, 0xcb,
+    0x68, 0x7f, 0x71, 0x20, 0x2b, 0xf5, 0xa0, 0x63, 0xf5, 0x56, 0x2f, 0xa3,
+    0x26, 0xd2, 0xb7, 0x6f, 0xb1, 0x5a, 0x17, 0xd7, 0x38, 0x99, 0x08, 0xfe,
+    0x93, 0x58, 0x6f, 0xfe, 0xc3, 0x13, 0x49, 0x08, 0x16, 0x0b, 0xa7, 0x4d,
+    0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4e, 0x98, 0xed, 0x51, 0x45, 0x1d,
+    0xb9, 0x04, 0xd9, 0x0b, 0xec, 0xd8, 0x28, 0xb3, 0x4b, 0xbd, 0xed, 0x36,
+    0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30, 0x82,
+    0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
+    0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33,
+    0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0x30, 0x81, 0xd4,
+    0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80,
+    0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33,
+    0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a,
+    0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
+    0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
+    0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
+    0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
+    0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
+    0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
+    0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+    0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14,
+    0x6b, 0x9b, 0x70, 0xc6, 0xf1, 0xa3, 0x94, 0x65, 0x19, 0xa1, 0x08, 0x58,
+    0xef, 0xa7, 0x8d, 0x2b, 0x7a, 0x83, 0xc1, 0xda, 0x30, 0x0c, 0x06, 0x03,
+    0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1c,
+    0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65,
+    0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04,
+    0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
+    0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
+    0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30,
+    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0x3b, 0x3d, 0x66, 0x74,
+    0xbc, 0x97, 0xfe, 0x40, 0x16, 0xe6, 0xba, 0xa5, 0xd5, 0xd1, 0x84, 0x08,
+    0x89, 0x69, 0x4f, 0x88, 0x0d, 0x57, 0xa9, 0xef, 0x8c, 0xc3, 0x97, 0x52,
+    0xc8, 0xbd, 0x8b, 0xa2, 0x49, 0x3b, 0xb7, 0xf7, 0x5d, 0x1e, 0xd6, 0x14,
+    0x7f, 0xb2, 0x80, 0x33, 0xda, 0xa0, 0x8a, 0xd3, 0xe1, 0x2f, 0xd5, 0xbc,
+    0x33, 0x9f, 0xea, 0x5a, 0x72, 0x24, 0xe5, 0xf8, 0xb8, 0x4b, 0xb3, 0xdf,
+    0x62, 0x90, 0x3b, 0xa8, 0x21, 0xef, 0x27, 0x42, 0x75, 0xbc, 0x60, 0x02,
+    0x8e, 0x37, 0x35, 0x99, 0xeb, 0xa3, 0x28, 0xf2, 0x65, 0x4c, 0xff, 0x7a,
+    0xf8, 0x8e, 0xcc, 0x23, 0x6d, 0xe5, 0x6a, 0xfe, 0x22, 0x5a, 0xd9, 0xb2,
+    0x4f, 0x47, 0xc7, 0xe0, 0xae, 0x98, 0xef, 0x94, 0xac, 0xb6, 0x4f, 0x61,
+    0x81, 0x29, 0x8e, 0xe1, 0x79, 0x2c, 0x46, 0xfc, 0xe9, 0x1a, 0xc3, 0x96,
+    0x1f, 0x19, 0x93, 0x64, 0x2e, 0x9f, 0x37, 0x72, 0xc5, 0xe4, 0x93, 0x4e,
+    0x61, 0x5f, 0x38, 0x8e, 0xae, 0xe8, 0x39, 0x19, 0xe6, 0x97, 0xa8, 0x91,
+    0xd4, 0x23, 0x7e, 0x1e, 0xd2, 0xd0, 0x53, 0xec, 0xcc, 0xac, 0xa0, 0x1d,
+    0xd0, 0xb7, 0xdd, 0xb1, 0xb7, 0x01, 0x2e, 0x96, 0xcd, 0x85, 0x27, 0xe0,
+    0xe7, 0x47, 0xe2, 0xc1, 0xc1, 0x00, 0xf6, 0x94, 0xdf, 0x77, 0xe7, 0xfa,
+    0xc6, 0xef, 0x8a, 0xc0, 0x7c, 0x67, 0xbc, 0xff, 0xa0, 0x7c, 0x94, 0x3b,
+    0x7d, 0x86, 0x42, 0xaf, 0x3d, 0x83, 0x31, 0xee, 0x2a, 0x3b, 0x7b, 0xf0,
+    0x2c, 0x9e, 0x6f, 0xe9, 0xc4, 0x07, 0x81, 0x24, 0xda, 0x05, 0x70, 0x4d,
+    0xdd, 0x09, 0xae, 0x9e, 0x72, 0xb8, 0x21, 0x0e, 0x8c, 0xb2, 0xab, 0xaa,
+    0x4c, 0x49, 0x10, 0xf7, 0x76, 0xf9, 0xb5, 0x0d, 0x6c, 0x20, 0xd3, 0xdf,
+    0x7a, 0x06, 0x32, 0x8d, 0x29, 0x1f, 0x28, 0x1d, 0x8d, 0x26, 0x33,
+};
+
+unsigned char server_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f,
+    0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61,
+    0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38,
+    0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30,
+    0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5a, 0x30, 0x81,
+    0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
+    0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
+    0x61, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6f,
+    0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c,
+    0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66,
+    0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+    0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
+    0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95,
+    0x08, 0xe1, 0x57, 0x41, 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27,
+    0x01, 0x65, 0xc6, 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce,
+    0x2f, 0x4e, 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67,
+    0x7f, 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
+    0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8, 0x17,
+    0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e, 0x6f, 0x2e,
+    0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9, 0x5f, 0x3f, 0xd7,
+    0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51, 0x8b, 0x0b, 0x64, 0x3f,
+    0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34, 0xb3, 0xae, 0x00, 0xa0, 0x63,
+    0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68, 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9,
+    0x02, 0x6d, 0xaf, 0xc3, 0x19, 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc,
+    0x40, 0xb4, 0x69, 0xa3, 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17,
+    0xa6, 0xf3, 0xe8, 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd,
+    0x66, 0x51, 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23,
+    0x73, 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
+    0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0, 0xc0,
+    0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23,
+    0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2, 0x5d, 0x25, 0xc9,
+    0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0, 0x69, 0x42, 0x42, 0x09,
+    0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3, 0x58, 0x22, 0xa7, 0xaa, 0xeb,
+    0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5, 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f,
+    0xad, 0xd7, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30,
+    0x82, 0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+    0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8,
+    0xd0, 0x3b, 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c, 0x30, 0x81,
+    0xd4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9,
+    0x80, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed,
+    0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81,
+    0x9a, 0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61,
+    0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f,
+    0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b,
+    0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
+    0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
+    0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
+    0x14, 0x6b, 0x9b, 0x70, 0xc6, 0xf1, 0xa3, 0x94, 0x65, 0x19, 0xa1, 0x08,
+    0x58, 0xef, 0xa7, 0x8d, 0x2b, 0x7a, 0x83, 0xc1, 0xda, 0x30, 0x0c, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+    0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b,
+    0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87,
+    0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25,
+    0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+    0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
+    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8a, 0xf1, 0x4e, 0xe8,
+    0x9f, 0x59, 0xb2, 0xd9, 0x13, 0xac, 0xfc, 0x42, 0xc4, 0x81, 0x34, 0x9f,
+    0x6b, 0x39, 0x57, 0x9c, 0xe9, 0x92, 0x5d, 0x41, 0xac, 0x05, 0x35, 0xb1,
+    0x26, 0x93, 0x4d, 0x4a, 0xda, 0xf8, 0x51, 0x82, 0xd2, 0x8d, 0x7f, 0xd3,
+    0x5c, 0x6e, 0x29, 0x80, 0x8d, 0x9b, 0x02, 0x10, 0x2b, 0x64, 0xf5, 0xd1,
+    0x31, 0x06, 0xfa, 0x85, 0x2b, 0x8f, 0x63, 0x32, 0x14, 0x76, 0x7a, 0x39,
+    0x15, 0xf3, 0x4e, 0xdd, 0xfd, 0xe2, 0x2c, 0x90, 0x15, 0xd1, 0x6f, 0x73,
+    0x87, 0xee, 0xe6, 0xc8, 0xeb, 0xad, 0x40, 0xd5, 0xe8, 0x94, 0x1f, 0xa6,
+    0x7e, 0x26, 0x5b, 0x87, 0xba, 0x0f, 0x06, 0x5a, 0x4d, 0x55, 0x7a, 0xaa,
+    0xc4, 0x09, 0x34, 0x8b, 0xf7, 0xe5, 0xcc, 0xd6, 0xb7, 0x6c, 0x46, 0x6d,
+    0xa1, 0xe6, 0x66, 0x66, 0x4c, 0x4b, 0xe5, 0x12, 0x31, 0x37, 0x54, 0x49,
+    0x64, 0xa5, 0x66, 0xeb, 0xe0, 0xc6, 0xa1, 0x49, 0xf8, 0x4d, 0xc3, 0xd3,
+    0x55, 0xa4, 0x05, 0xd2, 0xac, 0xfb, 0xe1, 0xc8, 0x69, 0x30, 0x4b, 0x98,
+    0xfd, 0x72, 0x1a, 0xab, 0x9f, 0x86, 0xeb, 0x0d, 0xbd, 0x7c, 0xa6, 0x3d,
+    0x81, 0xd9, 0x01, 0xa7, 0x8a, 0x79, 0xab, 0x3c, 0xce, 0xe5, 0xb6, 0xc3,
+    0x1b, 0xef, 0x7d, 0x5e, 0x37, 0x7b, 0x37, 0x7c, 0x91, 0x89, 0x59, 0x11,
+    0x21, 0x11, 0x7c, 0x05, 0x80, 0xe1, 0xa8, 0xd6, 0xf9, 0x35, 0xda, 0x1b,
+    0x86, 0x06, 0x5a, 0x32, 0x67, 0x6c, 0xa9, 0x2b, 0xe0, 0x31, 0x7b, 0x89,
+    0x53, 0x37, 0x42, 0xaf, 0x34, 0xa4, 0x53, 0xd2, 0x7c, 0x91, 0x50, 0x63,
+    0x3a, 0x8e, 0x4a, 0x1f, 0xa3, 0x90, 0x4e, 0x7c, 0x41, 0x59, 0x1d, 0xeb,
+    0x7b, 0xa2, 0x14, 0x87, 0xba, 0x76, 0x36, 0xa4, 0x77, 0x46, 0x34, 0xf2,
+    0x55, 0x50, 0xf0, 0x24, 0x9f, 0x83, 0x83, 0xda, 0xa6, 0xaa, 0x3c, 0xc8,
+};
+
+unsigned char intermediate1_ca_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+    0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31,
+    0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d,
+    0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31,
+    0x5a, 0x30, 0x81, 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72,
+    0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20, 0x31,
+    0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+    0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01,
+    0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01,
+    0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xde, 0xb4, 0xc8, 0x5c, 0x77, 0xe0,
+    0x2d, 0xb1, 0xf5, 0xb9, 0xad, 0x16, 0x47, 0x35, 0xa0, 0x35, 0x65, 0x65,
+    0xc6, 0xe1, 0x40, 0xab, 0x1e, 0xb4, 0xb9, 0x13, 0xb7, 0xcb, 0x8c, 0xbb,
+    0x77, 0xa5, 0x76, 0xda, 0x6d, 0x87, 0x87, 0xf6, 0x4a, 0x4d, 0x13, 0xe4,
+    0x26, 0x3e, 0x27, 0x87, 0xee, 0x5b, 0xc7, 0x6a, 0x3f, 0x45, 0x30, 0x61,
+    0x55, 0x5c, 0xf6, 0x35, 0xd1, 0x65, 0xfa, 0x98, 0x11, 0xa3, 0xa7, 0x55,
+    0xd5, 0xbe, 0x91, 0x82, 0x4b, 0xfc, 0xbe, 0x90, 0xd6, 0x50, 0x53, 0x63,
+    0x9a, 0x2c, 0x22, 0xe1, 0x35, 0x11, 0xdc, 0x78, 0x02, 0x97, 0x8a, 0xe4,
+    0x46, 0x92, 0x9c, 0x53, 0x08, 0x76, 0xde, 0x1f, 0x53, 0xb6, 0xb8, 0xca,
+    0x77, 0x3e, 0x79, 0x6e, 0xbc, 0xd0, 0xe3, 0x0d, 0x30, 0x5b, 0x4c, 0xf6,
+    0x94, 0x0d, 0x30, 0x29, 0x64, 0x9f, 0x04, 0xe5, 0xdb, 0xfb, 0x89, 0x60,
+    0x67, 0xbb, 0xaf, 0x26, 0x83, 0x51, 0x77, 0x24, 0x2f, 0x2b, 0x0b, 0xa1,
+    0x94, 0x81, 0x10, 0x98, 0xe8, 0xeb, 0x26, 0xa8, 0x1e, 0x7c, 0xe4, 0xc4,
+    0x6c, 0x67, 0x06, 0x95, 0x55, 0x4a, 0xdd, 0x52, 0xf4, 0xf2, 0x60, 0x6d,
+    0x01, 0x2b, 0x19, 0x91, 0x35, 0x6d, 0xa4, 0x08, 0x47, 0x06, 0x71, 0x24,
+    0x00, 0xd9, 0xde, 0xc6, 0x56, 0xf3, 0x8b, 0x53, 0x2c, 0xe2, 0x9a, 0x96,
+    0xa5, 0xf3, 0x62, 0xe5, 0xc4, 0xe3, 0x23, 0xf2, 0xd2, 0xfc, 0x21, 0xea,
+    0x0f, 0x62, 0x76, 0x8d, 0xd5, 0x99, 0x48, 0xce, 0xdc, 0x58, 0xc4, 0xbb,
+    0x7f, 0xda, 0x94, 0x2c, 0x80, 0x74, 0x83, 0xc5, 0xe0, 0xb0, 0x15, 0x7e,
+    0x41, 0xfd, 0x0e, 0xf2, 0xf4, 0xf0, 0x78, 0x76, 0x7b, 0xad, 0x26, 0x0d,
+    0xaa, 0x48, 0x96, 0x17, 0x2f, 0x21, 0xe3, 0x95, 0x2b, 0x26, 0x37, 0xf9,
+    0xaa, 0x80, 0x2f, 0xfe, 0xde, 0xf6, 0x5e, 0xbc, 0x97, 0x7f, 0x02, 0x03,
+    0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30,
+    0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+    0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+    0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2,
+    0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x30, 0x81, 0xc4, 0x06,
+    0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4,
+    0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+    0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+    0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+    0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+    0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+    0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+    0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74,
+    0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04,
+    0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
+    0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08,
+    0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74,
+    0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30,
+    0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
+    0x82, 0x01, 0x01, 0x00, 0x75, 0x57, 0xf1, 0x0c, 0x87, 0x8f, 0xa2, 0x70,
+    0x3c, 0xce, 0xe4, 0x70, 0x0e, 0x99, 0x6a, 0xda, 0xc4, 0x80, 0x94, 0x2c,
+    0x25, 0x0c, 0xde, 0x0d, 0x7b, 0xf3, 0x94, 0xf1, 0xe8, 0xad, 0x6f, 0xd0,
+    0xde, 0x9a, 0x9d, 0xf5, 0x64, 0x31, 0x65, 0x3f, 0x18, 0xe6, 0xc3, 0xf5,
+    0xb5, 0x1d, 0xa2, 0xbe, 0x5b, 0x97, 0x79, 0x41, 0x78, 0x15, 0x1c, 0xb3,
+    0x83, 0xde, 0xd0, 0x00, 0xea, 0xd2, 0x70, 0x43, 0xc5, 0x60, 0x60, 0x07,
+    0x72, 0xe5, 0x76, 0x59, 0xb8, 0x0e, 0x2f, 0x47, 0xc9, 0x8d, 0xa4, 0x4c,
+    0xf1, 0x20, 0xb0, 0x40, 0x3b, 0xed, 0xe9, 0xde, 0xb2, 0x46, 0x10, 0x90,
+    0x1b, 0x0f, 0x96, 0x16, 0xe6, 0x97, 0xbc, 0xd5, 0x9a, 0x93, 0xaa, 0x3c,
+    0xe3, 0xb3, 0x6b, 0x5f, 0xdb, 0x2c, 0xaf, 0x2b, 0xda, 0x7c, 0x36, 0x36,
+    0xaa, 0x86, 0xa1, 0x65, 0x70, 0xc8, 0xf1, 0x34, 0xd1, 0x1f, 0x10, 0x96,
+    0x71, 0xe6, 0xcf, 0x69, 0x5c, 0xbf, 0x0e, 0x15, 0x33, 0x97, 0xfe, 0x40,
+    0x42, 0xbe, 0x30, 0x48, 0xad, 0xfb, 0xd7, 0x0e, 0x7b, 0x73, 0xdd, 0x64,
+    0x30, 0x7e, 0x10, 0x81, 0xac, 0x3b, 0x0b, 0x3c, 0xe4, 0x12, 0x9f, 0x31,
+    0x8b, 0x3d, 0xf0, 0x9b, 0x84, 0xdc, 0x5b, 0x32, 0x33, 0x39, 0xde, 0xeb,
+    0x1a, 0x17, 0x89, 0xd8, 0x1b, 0x00, 0x33, 0x2d, 0x50, 0xa4, 0x1a, 0x2c,
+    0x11, 0xa2, 0x60, 0xac, 0xc1, 0x9a, 0x0f, 0x44, 0x90, 0x00, 0xcf, 0x8d,
+    0x6c, 0xaf, 0x5b, 0x71, 0x23, 0x7a, 0xa7, 0x4f, 0xdf, 0xf5, 0x3f, 0x5c,
+    0xae, 0x93, 0xca, 0x4e, 0xec, 0xf0, 0x1b, 0xf4, 0xfa, 0x53, 0x7d, 0xd9,
+    0x36, 0xaf, 0x5e, 0x4c, 0x54, 0xc7, 0x3a, 0xd5, 0xe3, 0x68, 0xca, 0x78,
+    0xe5, 0x1f, 0x55, 0x44, 0x65, 0xeb, 0x00, 0x2d, 0xc3, 0xc8, 0xba, 0x0e,
+    0x1f, 0x47, 0x1c, 0x67, 0x2e, 0xa9, 0xc1, 0x6e,
+};
+
+unsigned char resp_bad[] = {
+    0x30, 0x82, 0x01, 0xa9, 0xa0, 0x82, 0x01, 0xa5, 0x30, 0x82, 0x01, 0xa1,
+    0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04,
+    0x82, 0x01, 0x92, 0x30, 0x82, 0x01, 0x8e, 0x30, 0x7a, 0xa2, 0x16, 0x04,
+    0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c,
+    0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x18, 0x0f, 0x32,
+    0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30,
+    0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05,
+    0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc,
+    0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37,
+    0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb,
+    0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15,
+    0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35,
+    0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30,
+    0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x03, 0x82, 0x01, 0x01, 0x00, 0x18, 0x8b, 0xc4, 0x9c, 0x4e, 0x93, 0x4c,
+    0x91, 0x99, 0x32, 0x43, 0x3d, 0x03, 0xa0, 0x18, 0x7c, 0x20, 0x03, 0x2d,
+    0x29, 0x4a, 0xf8, 0x48, 0x43, 0xe5, 0x86, 0x27, 0x3f, 0x35, 0x99, 0x0e,
+    0x7f, 0xed, 0x7c, 0x1a, 0xd6, 0xfe, 0x2d, 0xed, 0xf8, 0x42, 0xda, 0xf3,
+    0xc0, 0x28, 0x8c, 0x7a, 0xf7, 0x4a, 0xbc, 0x9d, 0x54, 0xf0, 0x27, 0x89,
+    0xf3, 0xb9, 0x08, 0x9a, 0x8c, 0xf9, 0x4b, 0x75, 0x47, 0x39, 0x68, 0x64,
+    0xea, 0x2b, 0x16, 0x8d, 0xe6, 0x30, 0x4e, 0xb8, 0x97, 0xcd, 0x2d, 0x87,
+    0xc2, 0x5a, 0xb7, 0x10, 0xfa, 0xb9, 0x94, 0xad, 0xfe, 0xe4, 0x4e, 0xeb,
+    0x40, 0xe6, 0x56, 0xa0, 0x79, 0x88, 0x84, 0x51, 0x38, 0x79, 0xc6, 0x00,
+    0xc8, 0x94, 0xc8, 0x06, 0x45, 0x0d, 0x16, 0x51, 0xa1, 0xa0, 0xb5, 0xee,
+    0xa0, 0x91, 0xee, 0x35, 0x4a, 0xec, 0x60, 0xfb, 0x5a, 0x38, 0x40, 0x72,
+    0xf9, 0xc8, 0x54, 0x26, 0x58, 0xed, 0x6a, 0x7e, 0x4e, 0xca, 0xd8, 0xae,
+    0xb5, 0xf0, 0xe8, 0xed, 0x3a, 0xff, 0x51, 0xf9, 0x6e, 0x3d, 0x09, 0x4a,
+    0xb2, 0x68, 0x48, 0x33, 0xc0, 0xe8, 0x48, 0x77, 0xc9, 0xe3, 0x06, 0x0c,
+    0xc8, 0x92, 0x70, 0x54, 0x70, 0x33, 0x1b, 0x7c, 0xb8, 0x50, 0x67, 0xa7,
+    0xb4, 0x2d, 0x98, 0x77, 0x0e, 0x90, 0x0a, 0x55, 0xb7, 0xde, 0x06, 0x2a,
+    0x14, 0x51, 0x9d, 0xb1, 0x79, 0x2e, 0x8e, 0x3d, 0xef, 0x4c, 0x9b, 0x86,
+    0x22, 0x95, 0x2b, 0x1e, 0xa4, 0xf4, 0x09, 0x4c, 0xca, 0xe9, 0x5e, 0x0c,
+    0x87, 0x2c, 0x74, 0x1d, 0x78, 0x50, 0xa6, 0x9e, 0x36, 0x3b, 0xeb, 0x4e,
+    0x24, 0x00, 0xa2, 0x25, 0x2a, 0x63, 0xd8, 0x2e, 0xfe, 0xd2, 0xf1, 0x3b,
+    0x9d, 0x36, 0x80, 0x00, 0x67, 0xe4, 0x1d, 0xf9, 0x83, 0xd1, 0x65, 0x73,
+    0x3e, 0xe1, 0xbc, 0x16, 0x54, 0xa8, 0x0d, 0x21, 0xc0,
+};
+
+#endif /* OCSP_TEST_BLOBS_H */
diff --git a/tests/api/test_poly1305.c b/tests/api/test_poly1305.c
new file mode 100644
index 000000000..775e7cea7
--- /dev/null
+++ b/tests/api/test_poly1305.c
@@ -0,0 +1,73 @@
+/* test_poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_poly1305.h>
+
+/*
+ * unit test for wc_Poly1305SetKey()
+ */
+int test_wc_Poly1305SetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_POLY1305
+    Poly1305    ctx;
+    const byte  key[] =
+    {
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
+    };
+    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
+
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Poly1305_SetKey() */
+
diff --git a/tests/api/test_poly1305.h b/tests/api/test_poly1305.h
new file mode 100644
index 000000000..0986d6cf0
--- /dev/null
+++ b/tests/api/test_poly1305.h
@@ -0,0 +1,27 @@
+/* test_poly1305.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_POLY1305_H
+#define WOLFCRYPT_TEST_POLY1305_H
+
+int test_wc_Poly1305SetKey(void);
+
+#endif /* WOLFCRYPT_TEST_POLY1305_H */
diff --git a/tests/api/test_rc2.c b/tests/api/test_rc2.c
new file mode 100644
index 000000000..108ecc86c
--- /dev/null
+++ b/tests/api/test_rc2.c
@@ -0,0 +1,230 @@
+/* test_rc2.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/rc2.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_rc2.h>
+
+/*
+ * Testing function for wc_Rc2SetKey().
+ */
+int test_wc_Rc2SetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2  rc2;
+    byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
+    byte iv[]    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
+
+    /* valid key and IV */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
+        iv, 40), 0);
+    /* valid key, no IV */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
+        NULL, 40), 0);
+
+    /* bad arguments  */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
+        iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null key */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
+        iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* key size == 0 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40),
+        WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+    /* key size > 128 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40),
+        WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+    /* effective bits == 0 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
+        iv, 0), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+    /* effective bits > 1024 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
+        iv, 1025), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2SetKey */
+
+/*
+ * Testing function for wc_Rc2SetIV().
+ */
+int test_wc_Rc2SetIV(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2  rc2;
+    byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
+
+    /* valid IV */
+    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
+    /* valid NULL IV */
+    ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0);
+
+    /* bad arguments */
+    ExpectIntEQ(wc_Rc2SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2SetIV */
+
+/*
+ * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt().
+ */
+int test_wc_Rc2EcbEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2 rc2;
+    int effectiveKeyBits = 63;
+    byte cipher[RC2_BLOCK_SIZE];
+    byte plain[RC2_BLOCK_SIZE];
+    byte key[]    = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+    byte input[]  = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+    byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
+
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(plain, 0, sizeof(plain));
+
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
+        NULL, effectiveKeyBits), 0);
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0);
+
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0);
+
+    /* Rc2EcbEncrypt bad arguments */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* output buffer sz != RC2_BLOCK_SIZE (8) */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7),
+        WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* Rc2EcbDecrypt bad arguments */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* output buffer sz != RC2_BLOCK_SIZE (8) */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2EcbEncryptDecrypt */
+
+/*
+ * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt().
+ */
+int test_wc_Rc2CbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2 rc2;
+    int effectiveKeyBits = 63;
+    byte cipher[RC2_BLOCK_SIZE*2];
+    byte plain[RC2_BLOCK_SIZE*2];
+    /* vector taken from test.c */
+    byte key[] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    byte iv[] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    byte input[] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    byte output[] = {
+        0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
+        0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
+    };
+
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(plain, 0, sizeof(plain));
+
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
+        iv, effectiveKeyBits), 0);
+    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0);
+    ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0);
+
+    /* reset IV for decrypt */
+    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0);
+    ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0);
+
+    /* Rc2CbcEncrypt bad arguments */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Rc2CbcDecrypt bad arguments */
+    /* in size is 0 */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0);
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2CbcEncryptDecrypt */
+
diff --git a/tests/api/test_rc2.h b/tests/api/test_rc2.h
new file mode 100644
index 000000000..ab3159bc3
--- /dev/null
+++ b/tests/api/test_rc2.h
@@ -0,0 +1,30 @@
+/* test_rc2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_RC2_H
+#define WOLFCRYPT_TEST_RC2_H
+
+int test_wc_Rc2SetKey(void);
+int test_wc_Rc2SetIV(void);
+int test_wc_Rc2EcbEncryptDecrypt(void);
+int test_wc_Rc2CbcEncryptDecrypt(void);
+
+#endif /* WOLFCRYPT_TEST_RC2_H */
diff --git a/tests/api/test_ripemd.c b/tests/api/test_ripemd.c
new file mode 100644
index 000000000..a59cdb599
--- /dev/null
+++ b/tests/api/test_ripemd.c
@@ -0,0 +1,243 @@
+/* test_ripemd.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ripemd.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ripemd.h>
+#include <tests/api/test_digest.h>
+
+/*
+ * Testing wc_InitRipeMd()
+ */
+int test_wc_InitRipeMd(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitRipeMd(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_InitRipeMd */
+
+/*
+ * Testing wc_RipeMdUpdate()
+ */
+int test_wc_RipeMdUpdate(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_RipeMdUpdate(NULL   , NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdUpdate(NULL   , NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 0), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)"a", 1), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RipeMdUdpate */
+
+/*
+ * Unit test function for wc_RipeMdFinal()
+ */
+int test_wc_RipeMdFinal(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+    byte hash[RIPEMD_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RipeMdFinal */
+
+#define RIPEMD_KAT_CNT  7
+int test_wc_RipeMd_KATs( void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+    testVector ripemd_kat[RIPEMD_KAT_CNT];
+    byte hash[RIPEMD_DIGEST_SIZE];
+    int i = 0;
+
+    ripemd_kat[i].input = "";
+    ripemd_kat[i].inLen = 0;
+    ripemd_kat[i].output =
+        "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54"
+        "\x61\x28\x08\x97\x7e\xe8\xf5\x48"
+        "\xb2\x25\x8d\x31";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "a";
+    ripemd_kat[i].inLen = 1;
+    ripemd_kat[i].output =
+        "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9"
+        "\xda\xae\x34\x7b\xe6\xf4\xdc\x83"
+        "\x5a\x46\x7f\xfe";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "abc";
+    ripemd_kat[i].inLen = 3;
+    ripemd_kat[i].output =
+        "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a"
+        "\x9b\x04\x4a\x8e\x98\xc6\xb0\x87"
+        "\xf1\x5a\x0b\xfc";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "message digest";
+    ripemd_kat[i].inLen = 14;
+    ripemd_kat[i].output =
+        "\x5d\x06\x89\xef\x49\xd2\xfa\xe5"
+        "\x72\xb8\x81\xb1\x23\xa8\x5f\xfa"
+        "\x21\x59\x5f\x36";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    ripemd_kat[i].inLen = 26;
+    ripemd_kat[i].output =
+        "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b"
+        "\x56\xbb\xdc\xeb\x5b\x9d\x28\x65"
+        "\xb3\x70\x8d\xbc";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    ripemd_kat[i].inLen = 62;
+    ripemd_kat[i].output =
+        "\xb0\xe2\x0b\x6e\x31\x16\x64\x02"
+        "\x86\xed\x3a\x87\xa5\x71\x30\x79"
+        "\xb2\x1f\x51\x89";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    ripemd_kat[i].inLen = 80;
+    ripemd_kat[i].output =
+        "\x9b\x75\x2e\x45\x57\x3d\x4b\x39"
+        "\xf4\xdb\xd3\x32\x3c\xab\x82\xbf"
+        "\x63\x32\x6b\xfb";
+    ripemd_kat[i].outLen = 0;
+
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+    for (i = 0; i < RIPEMD_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)ripemd_kat[i].input,
+            (word32)ripemd_kat[i].inLen), 0);
+        ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+        ExpectBufEQ(hash, (byte*)ripemd_kat[i].output, RIPEMD_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RipeMd_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+    byte hash[RIPEMD_DIGEST_SIZE + 1];
+    byte data[RIPEMD_DIGEST_SIZE * 8 + 1];
+    int dataLen = RIPEMD_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\x11\x8f\x4f\x23\xa9\xc2\xcb\x04"
+        "\x10\x10\xbb\x44\x5a\x1d\xfb\x17"
+        "\x6b\x68\x09\xb4";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash + 1), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, RIPEMD_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 0), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data, dataLen), 0);
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+    ExpectBufEQ(hash, (byte*)expHash, RIPEMD_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+        ExpectBufEQ(hash, (byte*)expHash, RIPEMD_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ripemd.h b/tests/api/test_ripemd.h
new file mode 100644
index 000000000..f954b64d3
--- /dev/null
+++ b/tests/api/test_ripemd.h
@@ -0,0 +1,31 @@
+/* test_ripemd.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_RIPEMD_H
+#define WOLFCRYPT_TEST_RIPEMD_H
+
+int test_wc_InitRipeMd(void);
+int test_wc_RipeMdUpdate(void);
+int test_wc_RipeMdFinal(void);
+int test_wc_RipeMd_KATs(void);
+int test_wc_RipeMd_other(void);
+
+#endif /* WOLFCRYPT_TEST_RIPEMD_H */
diff --git a/tests/api/test_sha.c b/tests/api/test_sha.c
new file mode 100644
index 000000000..12017e1b6
--- /dev/null
+++ b/tests/api/test_sha.c
@@ -0,0 +1,214 @@
+/* test_sha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha.h>
+#include <tests/api/test_digest.h>
+
+/*
+ * Unit test for the wc_InitSha()
+ */
+int test_wc_InitSha(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha, Sha);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha */
+
+/*
+ *  Tesing wc_ShaUpdate()
+ */
+int test_wc_ShaUpdate(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_UPDATE_TEST(wc_Sha, Sha);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaUpdate() */
+
+/*
+ * Unit test on wc_ShaFinal
+ */
+int test_wc_ShaFinal(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_FINAL_TEST(wc_Sha, Sha, SHA);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+/*
+ * Unit test on wc_ShaFinalRaw
+ */
+int test_wc_ShaFinalRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha, Sha, SHA,
+                          "\x67\x45\x23\x01\xef\xcd\xab\x89"
+                          "\x98\xba\xdc\xfe\x10\x32\x54\x76"
+                          "\xc3\xd2\xe1\xf0");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+#define SHA_KAT_CNT     7
+int test_wc_Sha_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_KATS_TEST_VARS(wc_Sha, SHA);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
+                    "\x32\x55\xbf\xef\x95\x60\x18\x90"
+                    "\xaf\xd8\x07\x09");
+    DIGEST_KATS_ADD("a", 1,
+                    "\x86\xf7\xe4\x37\xfa\xa5\xa7\xfc"
+                    "\xe1\x5d\x1d\xdc\xb9\xea\xea\xea"
+                    "\x37\x76\x67\xb8");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+                    "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+                    "\x9c\xd0\xd8\x9d");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\xc1\x22\x52\xce\xda\x8b\xe8\x99"
+                    "\x4d\x5f\xa0\x29\x0a\x47\x23\x1c"
+                    "\x1d\x16\xaa\xe3");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\x32\xd1\x0c\x7b\x8c\xf9\x65\x70"
+                    "\xca\x04\xce\x37\xf2\xa1\x9d\x84"
+                    "\x24\x0d\x3a\x89");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\x76\x1c\x45\x7b\xf7\x3b\x14\xd2"
+                    "\x7e\x9e\x92\x65\xc4\x6f\x4b\x4d"
+                    "\xda\x11\xf9\x40");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\x50\xab\xf5\x70\x6a\x15\x09\x90"
+                    "\xa0\x8b\x2c\x5e\xa4\x0f\xa0\xe5"
+                    "\x85\x55\x47\x32");
+
+    DIGEST_KATS_TEST(Sha, SHA);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+int test_wc_Sha_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_OTHER_TEST(wc_Sha, Sha, SHA,
+                      "\xf0\xc2\x3f\xeb\xe0\xb0\xd9\x8c"
+                      "\x01\x23\x6c\x4c\x3b\x72\x7b\x01"
+                      "\xc7\x0d\x2b\x60");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+int test_wc_ShaCopy(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_COPY_TEST(wc_Sha, Sha, SHA,
+                     "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
+                     "\x32\x55\xbf\xef\x95\x60\x18\x90"
+                     "\xaf\xd8\x07\x09",
+                     "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+                     "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+                     "\x9c\xd0\xd8\x9d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_ShaGetHash(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_GET_HASH_TEST(wc_Sha, Sha, SHA,
+                         "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
+                         "\x32\x55\xbf\xef\x95\x60\x18\x90"
+                         "\xaf\xd8\x07\x09",
+                         "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+                         "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+                         "\x9c\xd0\xd8\x9d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_ShaTransform(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_TEST(wc_Sha, Sha, SHA,
+                                    "\x80\x63\x62\x61\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x18\x00\x00\x00",
+                                    "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+                                    "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+                                    "\x9c\xd0\xd8\x9d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha_Flags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha, Sha);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha.h b/tests/api/test_sha.h
new file mode 100644
index 000000000..54d36a027
--- /dev/null
+++ b/tests/api/test_sha.h
@@ -0,0 +1,36 @@
+/* test_sha.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA_H
+#define WOLFCRYPT_TEST_SHA_H
+
+int test_wc_InitSha(void);
+int test_wc_ShaUpdate(void);
+int test_wc_ShaFinal(void);
+int test_wc_ShaFinalRaw(void);
+int test_wc_Sha_KATs(void);
+int test_wc_Sha_other(void);
+int test_wc_ShaCopy(void);
+int test_wc_ShaGetHash(void);
+int test_wc_ShaTransform(void);
+int test_wc_Sha_Flags(void);
+
+#endif /* WOLFCRYPT_TEST_SHA_H */
diff --git a/tests/api/test_sha256.c b/tests/api/test_sha256.c
new file mode 100644
index 000000000..9bd31c5b2
--- /dev/null
+++ b/tests/api/test_sha256.c
@@ -0,0 +1,379 @@
+/* test_sha256.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha256.h>
+#include <tests/api/test_digest.h>
+
+/*******************************************************************************
+ * SHA-256
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha256()
+ */
+int test_wc_InitSha256(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha256, Sha256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha256 */
+
+/*
+ *  Tesing wc_Sha256Update()
+ */
+int test_wc_Sha256Update(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_UPDATE_TEST(wc_Sha256, Sha256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Update() */
+
+/*
+ * Unit test on wc_Sha256Final
+ */
+int test_wc_Sha256Final(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_FINAL_TEST(wc_Sha256, Sha256, SHA256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+/*
+ * Unit test on wc_Sha256FinalRaw
+ */
+int test_wc_Sha256FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha256, Sha256, SHA256,
+                          "\x6a\x09\xe6\x67\xbb\x67\xae\x85"
+                          "\x3c\x6e\xf3\x72\xa5\x4f\xf5\x3a"
+                          "\x51\x0e\x52\x7f\x9b\x05\x68\x8c"
+                          "\x1f\x83\xd9\xab\x5b\xe0\xcd\x19");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+#define SHA256_KAT_CNT     7
+int test_wc_Sha256_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_KATS_TEST_VARS(wc_Sha256, SHA256);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
+                    "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
+                    "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
+                    "\xa4\x95\x99\x1b\x78\x52\xb8\x55");
+    DIGEST_KATS_ADD("a", 1,
+                    "\xca\x97\x81\x12\xca\x1b\xbd\xca"
+                    "\xfa\xc2\x31\xb3\x9a\x23\xdc\x4d"
+                    "\xa7\x86\xef\xf8\x14\x7c\x4e\x72"
+                    "\xb9\x80\x77\x85\xaf\xee\x48\xbb");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+                    "\x41\x41\x40\xde\x5d\xae\x22\x23"
+                    "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+                    "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\xf7\x84\x6f\x55\xcf\x23\xe1\x4e"
+                    "\xeb\xea\xb5\xb4\xe1\x55\x0c\xad"
+                    "\x5b\x50\x9e\x33\x48\xfb\xc4\xef"
+                    "\xa3\xa1\x41\x3d\x39\x3c\xb6\x50");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\x71\xc4\x80\xdf\x93\xd6\xae\x2f"
+                    "\x1e\xfa\xd1\x44\x7c\x66\xc9\x52"
+                    "\x5e\x31\x62\x18\xcf\x51\xfc\x8d"
+                    "\x9e\xd8\x32\xf2\xda\xf1\x8b\x73");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\xdb\x4b\xfc\xbd\x4d\xa0\xcd\x85"
+                    "\xa6\x0c\x3c\x37\xd3\xfb\xd8\x80"
+                    "\x5c\x77\xf1\x5f\xc6\xb1\xfd\xfe"
+                    "\x61\x4e\xe0\xa7\xc8\xfd\xb4\xc0");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\xf3\x71\xbc\x4a\x31\x1f\x2b\x00"
+                    "\x9e\xef\x95\x2d\xd8\x3c\xa8\x0e"
+                    "\x2b\x60\x02\x6c\x8e\x93\x55\x92"
+                    "\xd0\xf9\xc3\x08\x45\x3c\x81\x3e");
+
+    DIGEST_KATS_TEST(Sha256, SHA256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+int test_wc_Sha256_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_OTHER_TEST(wc_Sha256, Sha256, SHA256,
+                      "\x2c\x41\xa1\xdd\x58\x4e\x37\x73"
+                      "\xb9\x56\x74\x84\x1b\x68\x5f\x36"
+                      "\xc7\x6b\x48\xec\x4d\xb7\x58\x63"
+                      "\x37\x2c\x2f\xd6\xe1\x9a\x61\xce");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+int test_wc_Sha256Copy(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_COPY_TEST(wc_Sha256, Sha256, SHA256,
+                     "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
+                     "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
+                     "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
+                     "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+                     "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+                     "\x41\x41\x40\xde\x5d\xae\x22\x23"
+                     "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+                     "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha256GetHash(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_GET_HASH_TEST(wc_Sha256, Sha256, SHA256,
+                         "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
+                         "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
+                         "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
+                         "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+                         "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+                         "\x41\x41\x40\xde\x5d\xae\x22\x23"
+                         "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+                         "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha256Transform(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA256) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_TEST(wc_Sha256, Sha256, SHA256,
+                                    "\x80\x63\x62\x61\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x18\x00\x00\x00",
+                                    "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+                                    "\x41\x41\x40\xde\x5d\xae\x22\x23"
+                                    "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+                                    "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha256_Flags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha256, Sha256);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-224
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha224()
+ */
+int test_wc_InitSha224(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha224, Sha224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha224 */
+
+/*
+ *  Tesing wc_Sha224Update()
+ */
+int test_wc_Sha224Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_UPDATE_TEST(wc_Sha224, Sha224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Update() */
+
+/*
+ * Unit test on wc_Sha224Final
+ */
+int test_wc_Sha224Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_FINAL_TEST(wc_Sha224, Sha224, SHA224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Final */
+
+#define SHA224_KAT_CNT     7
+int test_wc_Sha224_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_KATS_TEST_VARS(wc_Sha224, SHA224);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
+                    "\x47\x61\x02\xbb\x28\x82\x34\xc4"
+                    "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
+                    "\xc5\xb3\xe4\x2f");
+    DIGEST_KATS_ADD("a", 1,
+                    "\xab\xd3\x75\x34\xc7\xd9\xa2\xef"
+                    "\xb9\x46\x5d\xe9\x31\xcd\x70\x55"
+                    "\xff\xdb\x88\x79\x56\x3a\xe9\x80"
+                    "\x78\xd6\xd6\xd5");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\x23\x09\x7d\x22\x34\x05\xd8\x22"
+                    "\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+                    "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7"
+                    "\xe3\x6c\x9d\xa7");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\x2c\xb2\x1c\x83\xae\x2f\x00\x4d"
+                    "\xe7\xe8\x1c\x3c\x70\x19\xcb\xcb"
+                    "\x65\xb7\x1a\xb6\x56\xb2\x2d\x6d"
+                    "\x0c\x39\xb8\xeb");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\x45\xa5\xf7\x2c\x39\xc5\xcf\xf2"
+                    "\x52\x2e\xb3\x42\x97\x99\xe4\x9e"
+                    "\x5f\x44\xb3\x56\xef\x92\x6b\xcf"
+                    "\x39\x0d\xcc\xc2");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\xbf\xf7\x2b\x4f\xcb\x7d\x75\xe5"
+                    "\x63\x29\x00\xac\x5f\x90\xd2\x19"
+                    "\xe0\x5e\x97\xa7\xbd\xe7\x2e\x74"
+                    "\x0d\xb3\x93\xd9");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\xb5\x0a\xec\xbe\x4e\x9b\xb0\xb5"
+                    "\x7b\xc5\xf3\xae\x76\x0a\x8e\x01"
+                    "\xdb\x24\xf2\x03\xfb\x3c\xdc\xd1"
+                    "\x31\x48\x04\x6e");
+
+    DIGEST_KATS_TEST(Sha224, SHA224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Final */
+
+int test_wc_Sha224_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_OTHER_TEST(wc_Sha224, Sha224, SHA224,
+                      "\x60\x81\xdf\x2f\xae\xe2\x25\xe9"
+                      "\x87\x61\x2a\x8e\x25\x19\x16\x39"
+                      "\x80\xfb\x77\xfa\x28\x74\x17\x4d"
+                      "\xf3\x15\x52\x2b");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Final */
+
+int test_wc_Sha224Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_COPY_TEST(wc_Sha224, Sha224, SHA224,
+                     "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
+                     "\x47\x61\x02\xbb\x28\x82\x34\xc4"
+                     "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
+                     "\xc5\xb3\xe4\x2f",
+                     "\x23\x09\x7d\x22\x34\x05\xd8\x22"
+                     "\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+                     "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7"
+                     "\xe3\x6c\x9d\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha224GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_GET_HASH_TEST(wc_Sha224, Sha224, SHA224,
+                         "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
+                         "\x47\x61\x02\xbb\x28\x82\x34\xc4"
+                         "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
+                         "\xc5\xb3\xe4\x2f",
+                         "\x23\x09\x7d\x22\x34\x05\xd8\x22"
+                         "\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+                         "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7"
+                         "\xe3\x6c\x9d\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha224_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha224, Sha224);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha256.h b/tests/api/test_sha256.h
new file mode 100644
index 000000000..9a3053723
--- /dev/null
+++ b/tests/api/test_sha256.h
@@ -0,0 +1,45 @@
+/* test_sha256.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA256_H
+#define WOLFCRYPT_TEST_SHA256_H
+
+int test_wc_InitSha256(void);
+int test_wc_Sha256Update(void);
+int test_wc_Sha256Final(void);
+int test_wc_Sha256FinalRaw(void);
+int test_wc_Sha256_KATs(void);
+int test_wc_Sha256_other(void);
+int test_wc_Sha256Copy(void);
+int test_wc_Sha256GetHash(void);
+int test_wc_Sha256Transform(void);
+int test_wc_Sha256_Flags(void);
+
+int test_wc_InitSha224(void);
+int test_wc_Sha224Update(void);
+int test_wc_Sha224Final(void);
+int test_wc_Sha224_KATs(void);
+int test_wc_Sha224_other(void);
+int test_wc_Sha224Copy(void);
+int test_wc_Sha224GetHash(void);
+int test_wc_Sha224_Flags(void);
+
+#endif /* WOLFCRYPT_TEST_SHA256_H */
diff --git a/tests/api/test_sha3.c b/tests/api/test_sha3.c
new file mode 100644
index 000000000..dc362a3ae
--- /dev/null
+++ b/tests/api/test_sha3.c
@@ -0,0 +1,1415 @@
+/* test_sha3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha3.h>
+#include <tests/api/test_digest.h>
+
+#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 3)))
+    #define WC_SHA3_128_BLOCK_SIZE  168
+    #define WC_SHA3_224_BLOCK_SIZE  144
+    #define WC_SHA3_256_BLOCK_SIZE  136
+    #define WC_SHA3_384_BLOCK_SIZE  104
+    #define WC_SHA3_512_BLOCK_SIZE  72
+#endif
+
+/*******************************************************************************
+ * SHA-3
+ ******************************************************************************/
+
+#define SHA3_KATS_TEST(name, upper)                                            \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)dgst_kat[i].input,        \
+            (word32)dgst_kat[i].inLen), 0);                                    \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                        \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##upper##_DIGEST_SIZE);                                         \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst)
+
+#define SHA3_GET_HASH_TEST(name, upper, emptyHashStr, abcHashStr)              \
+do {                                                                           \
+    wc_Sha3 dgst;                                                              \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    ExpectIntEQ(wc_##name##_GetHash(NULL, NULL),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_GetHash(&dgst, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_GetHash(NULL, hash),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##_GetHash(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, emptyHash, WC_##upper##_DIGEST_SIZE);                    \
+    /* Test that the hash state hasn't been modified. */                       \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"abc", 3), 0);                \
+    ExpectIntEQ(wc_##name##_GetHash(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, abcHash, WC_##upper##_DIGEST_SIZE);                      \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+
+int test_wc_InitSha3(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_224);
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_256);
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_384);
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_224);
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_256);
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_384);
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_224, SHA3_224);
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_256, SHA3_256);
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_384, SHA3_384);
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_512, SHA3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_224_KAT_CNT    7
+int test_wc_Sha3_224_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_224);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
+        "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
+        "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
+        "\x5b\x5a\x6b\xc7");
+    DIGEST_KATS_ADD("a", 1,
+        "\x9e\x86\xff\x69\x55\x7c\xa9\x5f"
+        "\x40\x5f\x08\x12\x69\x68\x5b\x38"
+        "\xe3\xa8\x19\xb3\x09\xee\x94\x2f"
+        "\x48\x2b\x6a\x8b");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a"
+        "\xd0\x92\x34\xee\x7d\x3c\x76\x6f"
+        "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad"
+        "\x73\xb4\x6f\xdf");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x18\x76\x8b\xb4\xc4\x8e\xb7\xfc"
+        "\x88\xe5\xdd\xb1\x7e\xfc\xf2\x96"
+        "\x4a\xbd\x77\x98\xa3\x9d\x86\xa4"
+        "\xb4\xa1\xe4\xc8");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x5c\xde\xca\x81\xe1\x23\xf8\x7c"
+        "\xad\x96\xb9\xcb\xa9\x99\xf1\x6f"
+        "\x6d\x41\x54\x96\x08\xd4\xe0\xf4"
+        "\x68\x1b\x82\x39");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xa6\x7c\x28\x9b\x82\x50\xa6\xf4"
+        "\x37\xa2\x01\x37\x98\x5d\x60\x55"
+        "\x89\xa8\xc1\x63\xd4\x52\x61\xb1"
+        "\x54\x19\x55\x6e");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x05\x26\x89\x8e\x18\x58\x69\xf9"
+        "\x1b\x3e\x2a\x76\xdd\x72\xa1\x5d"
+        "\xc6\x94\x0a\x67\xc8\x16\x4a\x04"
+        "\x4c\xd2\x5c\xc8");
+
+    SHA3_KATS_TEST(Sha3_224, SHA3_224);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_256_KAT_CNT    7
+int test_wc_Sha3_256_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_256);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
+        "\x51\xc1\x47\x56\xa0\x61\xd6\x62"
+        "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
+        "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a");
+    DIGEST_KATS_ADD("a", 1,
+        "\x80\x08\x4b\xf2\xfb\xa0\x24\x75"
+        "\x72\x6f\xeb\x2c\xab\x2d\x82\x15"
+        "\xea\xb1\x4b\xc6\xbd\xd8\xbf\xb2"
+        "\xc8\x15\x12\x57\x03\x2e\xcd\x8b");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2"
+        "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+        "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b"
+        "\x46\xbf\xe2\x45\x11\x43\x15\x32");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xed\xcd\xb2\x06\x93\x66\xe7\x52"
+        "\x43\x86\x0c\x18\xc3\xa1\x14\x65"
+        "\xec\xa3\x4b\xce\x61\x43\xd3\x0c"
+        "\x86\x65\xce\xfc\xfd\x32\xbf\xfd");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x7c\xab\x2d\xc7\x65\xe2\x1b\x24"
+        "\x1d\xbc\x1c\x25\x5c\xe6\x20\xb2"
+        "\x9f\x52\x7c\x6d\x5e\x7f\x5f\x84"
+        "\x3e\x56\x28\x8f\x0d\x70\x75\x21");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xa7\x9d\x6a\x9d\xa4\x7f\x04\xa3"
+        "\xb9\xa9\x32\x3e\xc9\x99\x1f\x21"
+        "\x05\xd4\xc7\x8a\x7b\xc7\xbe\xeb"
+        "\x10\x38\x55\xa7\xa1\x1d\xfb\x9f");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x29\x3e\x5c\xe4\xce\x54\xee\x71"
+        "\x99\x0a\xb0\x6e\x51\x1b\x7c\xcd"
+        "\x62\x72\x2b\x1b\xeb\x41\x4f\x5f"
+        "\xf6\x5c\x82\x74\xe0\xf5\xbe\x1d");
+
+    SHA3_KATS_TEST(Sha3_256, SHA3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_384_KAT_CNT    7
+int test_wc_Sha3_384_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_384);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
+        "\x01\x10\x7d\x85\x2e\x4c\x24\x85"
+        "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
+        "\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
+        "\xc3\x71\x38\x31\x26\x4a\xdb\x47"
+        "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04");
+    DIGEST_KATS_ADD("a", 1,
+        "\x18\x15\xf7\x74\xf3\x20\x49\x1b"
+        "\x48\x56\x9e\xfe\xc7\x94\xd2\x49"
+        "\xee\xb5\x9a\xae\x46\xd2\x2b\xf7"
+        "\x7d\xaf\xe2\x5c\x5e\xdc\x28\xd7"
+        "\xea\x44\xf9\x3e\xe1\x23\x4a\xa8"
+        "\x8f\x61\xc9\x19\x12\xa4\xcc\xd9");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xec\x01\x49\x82\x88\x51\x6f\xc9"
+        "\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+        "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25"
+        "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+        "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5"
+        "\x39\xf1\xed\xf2\x28\x37\x6d\x25");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xd9\x51\x97\x09\xf4\x4a\xf7\x3e"
+        "\x2c\x8e\x29\x11\x09\xa9\x79\xde"
+        "\x3d\x61\xdc\x02\xbf\x69\xde\xf7"
+        "\xfb\xff\xdf\xff\xe6\x62\x75\x15"
+        "\x13\xf1\x9a\xd5\x7e\x17\xd4\xb9"
+        "\x3b\xa1\xe4\x84\xfc\x19\x80\xd5");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xfe\xd3\x99\xd2\x21\x7a\xaf\x4c"
+        "\x71\x7a\xd0\xc5\x10\x2c\x15\x58"
+        "\x9e\x1c\x99\x0c\xc2\xb9\xa5\x02"
+        "\x90\x56\xa7\xf7\x48\x58\x88\xd6"
+        "\xab\x65\xdb\x23\x70\x07\x7a\x5c"
+        "\xad\xb5\x3f\xc9\x28\x0d\x27\x8f");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xd5\xb9\x72\x30\x2f\x50\x80\xd0"
+        "\x83\x0e\x0d\xe7\xb6\xb2\xcf\x38"
+        "\x36\x65\xa0\x08\xf4\xc4\xf3\x86"
+        "\xa6\x11\x12\x65\x2c\x74\x2d\x20"
+        "\xcb\x45\xaa\x51\xbd\x4f\x54\x2f"
+        "\xc7\x33\xe2\x71\x9e\x99\x92\x91");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x3c\x21\x3a\x17\xf5\x14\x63\x8a"
+        "\xcb\x3b\xf1\x7f\x10\x9f\x3e\x24"
+        "\xc1\x6f\x9f\x14\xf0\x85\xb5\x2a"
+        "\x2f\x2b\x81\xad\xc0\xdb\x83\xdf"
+        "\x1a\x58\xdb\x2c\xe0\x13\x19\x1b"
+        "\x8b\xa7\x2d\x8f\xae\x7e\x2a\x5e");
+
+    SHA3_KATS_TEST(Sha3_384, SHA3_384);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_512_KAT_CNT    7
+int test_wc_Sha3_512_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_512);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
+        "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
+        "\x97\xc9\x82\x16\x4f\xe2\x58\x59"
+        "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
+        "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
+        "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
+        "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
+        "\x01\x75\x85\x86\x28\x1d\xcd\x26");
+    DIGEST_KATS_ADD("a", 1,
+        "\x69\x7f\x2d\x85\x61\x72\xcb\x83"
+        "\x09\xd6\xb8\xb9\x7d\xac\x4d\xe3"
+        "\x44\xb5\x49\xd4\xde\xe6\x1e\xdf"
+        "\xb4\x96\x2d\x86\x98\xb7\xfa\x80"
+        "\x3f\x4f\x93\xff\x24\x39\x35\x86"
+        "\xe2\x8b\x5b\x95\x7a\xc3\xd1\xd3"
+        "\x69\x42\x0c\xe5\x33\x32\x71\x2f"
+        "\x99\x7b\xd3\x36\xd0\x9a\xb0\x2a");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xb7\x51\x85\x0b\x1a\x57\x16\x8a"
+        "\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+        "\x08\xf6\x21\x82\x74\x44\xf7\x0d"
+        "\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+        "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9"
+        "\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+        "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5"
+        "\x65\x92\xf8\x27\x4e\xec\x53\xf0");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x34\x44\xe1\x55\x88\x1f\xa1\x55"
+        "\x11\xf5\x77\x26\xc7\xd7\xcf\xe8"
+        "\x03\x02\xa7\x43\x30\x67\xb2\x9d"
+        "\x59\xa7\x14\x15\xca\x9d\xd1\x41"
+        "\xac\x89\x2d\x31\x0b\xc4\xd7\x81"
+        "\x28\xc9\x8f\xda\x83\x9d\x18\xd7"
+        "\xf0\x55\x6f\x2f\xe7\xac\xb3\xc0"
+        "\xcd\xa4\xbf\xf3\xa2\x5f\x5f\x59");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xaf\x32\x8d\x17\xfa\x28\x75\x3a"
+        "\x3c\x9f\x5c\xb7\x2e\x37\x6b\x90"
+        "\x44\x0b\x96\xf0\x28\x9e\x57\x03"
+        "\xb7\x29\x32\x4a\x97\x5a\xb3\x84"
+        "\xed\xa5\x65\xfc\x92\xaa\xde\xd1"
+        "\x43\x66\x99\x00\xd7\x61\x86\x16"
+        "\x87\xac\xdc\x0a\x5f\xfa\x35\x8b"
+        "\xd0\x57\x1a\xaa\xd8\x0a\xca\x68");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xd1\xdb\x17\xb4\x74\x5b\x25\x5e"
+        "\x5e\xb1\x59\xf6\x65\x93\xcc\x9c"
+        "\x14\x38\x50\x97\x9f\xc7\xa3\x95"
+        "\x17\x96\xab\xa8\x01\x65\xaa\xb5"
+        "\x36\xb4\x61\x74\xce\x19\xe3\xf7"
+        "\x07\xf0\xe5\xc6\x48\x7f\x5f\x03"
+        "\x08\x4b\xc0\xec\x94\x61\x69\x1e"
+        "\xf2\x01\x13\xe4\x2a\xd2\x81\x63");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x95\x24\xb9\xa5\x53\x6b\x91\x06"
+        "\x95\x26\xb4\xf6\x19\x6b\x7e\x94"
+        "\x75\xb4\xda\x69\xe0\x1f\x0c\x85"
+        "\x57\x97\xf2\x24\xcd\x73\x35\xdd"
+        "\xb2\x86\xfd\x99\xb9\xb3\x2f\xfe"
+        "\x33\xb5\x9a\xd4\x24\xcc\x17\x44"
+        "\xf6\xeb\x59\x13\x7f\x5f\xb8\x60"
+        "\x19\x32\xe8\xa8\xaf\x0a\xe9\x30");
+
+    SHA3_KATS_TEST(Sha3_512, SHA3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_224, SHA3_224,
+        "\xbb\x4e\xb3\xf7\xfb\x7b\x50\xff"
+        "\x3b\xf8\xb0\x53\x8c\x13\x40\xce"
+        "\x0c\x43\x5f\xff\x6a\x08\x43\x87"
+        "\x34\x9f\x7a\x4c");
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_256, SHA3_256,
+        "\x78\xc4\x14\xa4\x5d\x85\x07\xf4"
+        "\x48\x64\xe0\x5f\x73\x2c\x3b\x78"
+        "\xce\x5a\x78\x45\x97\x0b\x29\xa8"
+        "\xb4\x53\xed\x38\x19\xd2\x4e\xa9");
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_384, SHA3_384,
+        "\x22\x29\x8c\x46\xa7\xf0\xf9\xc7"
+        "\xa7\xaf\x66\x5d\x58\x88\xb3\x6c"
+        "\xc2\x02\x43\x83\x71\x5f\xce\x12"
+        "\x65\x1b\x11\xba\x1c\xde\x52\xdc"
+        "\x6f\xde\x26\x43\xf1\x9f\xbe\xea"
+        "\x5f\xd6\x25\x06\x7c\xad\x16\xed");
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_512, SHA3_512,
+        "\xc3\xaf\x62\x06\x69\x92\xa1\x2f"
+        "\xa5\x66\xcc\xcd\xec\x80\xdd\x27"
+        "\x93\xbd\x11\xb0\xb7\xba\x6a\x5e"
+        "\x36\xcf\x23\x4c\x1a\xf4\x8d\x37"
+        "\xb9\xb6\x7f\xb1\xb4\x9a\x04\x23"
+        "\x23\x42\x51\x5d\x8f\x07\x0d\x42"
+        "\x04\x68\x84\xc4\x56\x24\x14\x65"
+        "\x84\x28\xa9\x2f\x10\x35\x7b\x6d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_224, SHA3_224,
+        "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
+        "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
+        "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
+        "\x5b\x5a\x6b\xc7",
+        "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a"
+        "\xd0\x92\x34\xee\x7d\x3c\x76\x6f"
+        "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad"
+        "\x73\xb4\x6f\xdf");
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_256, SHA3_256,
+        "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
+        "\x51\xc1\x47\x56\xa0\x61\xd6\x62"
+        "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
+        "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a",
+        "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2"
+        "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+        "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b"
+        "\x46\xbf\xe2\x45\x11\x43\x15\x32");
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_384, SHA3_384,
+        "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
+        "\x01\x10\x7d\x85\x2e\x4c\x24\x85"
+        "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
+        "\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
+        "\xc3\x71\x38\x31\x26\x4a\xdb\x47"
+        "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04",
+        "\xec\x01\x49\x82\x88\x51\x6f\xc9"
+        "\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+        "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25"
+        "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+        "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5"
+        "\x39\xf1\xed\xf2\x28\x37\x6d\x25");
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_512, SHA3_512,
+        "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
+        "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
+        "\x97\xc9\x82\x16\x4f\xe2\x58\x59"
+        "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
+        "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
+        "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
+        "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
+        "\x01\x75\x85\x86\x28\x1d\xcd\x26",
+        "\xb7\x51\x85\x0b\x1a\x57\x16\x8a"
+        "\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+        "\x08\xf6\x21\x82\x74\x44\xf7\x0d"
+        "\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+        "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9"
+        "\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+        "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5"
+        "\x65\x92\xf8\x27\x4e\xec\x53\xf0");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    SHA3_GET_HASH_TEST(Sha3_224, SHA3_224,
+        "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
+        "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
+        "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
+        "\x5b\x5a\x6b\xc7",
+        "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a"
+        "\xd0\x92\x34\xee\x7d\x3c\x76\x6f"
+        "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad"
+        "\x73\xb4\x6f\xdf");
+    SHA3_GET_HASH_TEST(Sha3_256, SHA3_256,
+        "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
+        "\x51\xc1\x47\x56\xa0\x61\xd6\x62"
+        "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
+        "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a",
+        "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2"
+        "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+        "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b"
+        "\x46\xbf\xe2\x45\x11\x43\x15\x32");
+    SHA3_GET_HASH_TEST(Sha3_384, SHA3_384,
+        "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
+        "\x01\x10\x7d\x85\x2e\x4c\x24\x85"
+        "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
+        "\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
+        "\xc3\x71\x38\x31\x26\x4a\xdb\x47"
+        "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04",
+        "\xec\x01\x49\x82\x88\x51\x6f\xc9"
+        "\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+        "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25"
+        "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+        "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5"
+        "\x39\xf1\xed\xf2\x28\x37\x6d\x25");
+    SHA3_GET_HASH_TEST(Sha3_512, SHA3_512,
+        "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
+        "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
+        "\x97\xc9\x82\x16\x4f\xe2\x58\x59"
+        "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
+        "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
+        "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
+        "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
+        "\x01\x75\x85\x86\x28\x1d\xcd\x26",
+        "\xb7\x51\x85\x0b\x1a\x57\x16\x8a"
+        "\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+        "\x08\xf6\x21\x82\x74\x44\xf7\x0d"
+        "\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+        "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9"
+        "\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+        "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5"
+        "\x65\x92\xf8\x27\x4e\xec\x53\xf0");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_ALT_FLAGS_TEST(wc_Sha3, Sha3, Sha3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHAKE-128
+ ******************************************************************************/
+
+int test_wc_InitShake128(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_INIT_TEST(wc_Shake, Shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_ALT_UPDATE_TEST(wc_Shake, Shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_FINAL_TEST(wc_Shake, Shake128, SHA3_128);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHAKE128_KAT_CNT    7
+int test_wc_Shake128_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_KATS_TEST_VARS(wc_Shake, SHAKE128, SHA3_128);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d"
+        "\x61\x60\x45\x50\x76\x05\x85\x3e"
+        "\xd7\x3b\x80\x93\xf6\xef\xbc\x88"
+        "\xeb\x1a\x6e\xac\xfa\x66\xef\x26"
+        "\x3c\xb1\xee\xa9\x88\x00\x4b\x93"
+        "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68"
+        "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63"
+        "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2"
+        "\x35\xb8\xcc\x87\x3c\x23\xdc\x62"
+        "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75"
+        "\xab\x91\x6a\x58\xd9\x74\x91\x88"
+        "\x35\xd2\x5e\x6a\x43\x50\x85\xb2"
+        "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5"
+        "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38"
+        "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
+        "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea"
+        "\x17\xcd\xa7\xcf\xad\x76\x5f\x56"
+        "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf"
+        "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f"
+        "\x16\x7a\x58\x0b\x14\xaa\xbd\xef"
+        "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9");
+    DIGEST_KATS_ADD("a", 1,
+        "\x85\xc8\xde\x88\xd2\x88\x66\xbf"
+        "\x08\x68\x09\x0b\x39\x61\x16\x2b"
+        "\xf8\x23\x92\xf6\x90\xd9\xe4\x73"
+        "\x09\x10\xf4\xaf\x7c\x6a\xb3\xee"
+        "\x43\x54\xb4\x9c\xa7\x29\xeb\x35"
+        "\x6e\xe3\xf5\xb0\xfb\xd2\x9b\x66"
+        "\x76\x93\x83\xe5\xe4\x01\xb1\xf8"
+        "\x5e\x04\x4c\x92\xbb\x52\x31\xaa"
+        "\x4d\xee\x17\x99\xaf\x7a\x7c\xee"
+        "\x21\x3a\x23\xad\xcd\x03\xc4\x80"
+        "\x6c\x9a\x8b\x0d\x8a\x2e\xea\xd8"
+        "\xea\x7a\x61\x34\xc1\x3e\x52\x3c"
+        "\xcf\x93\xad\x39\xd2\x27\xd3\xe7"
+        "\xd0\x22\xd9\x65\x4f\x3b\x49\x41"
+        "\x37\x88\x75\x8a\x64\x17\xe4\x2d"
+        "\x41\x95\x7c\xb3\x0c\xf0\x4d\xa3"
+        "\x7f\x26\x89\x7c\x2c\xf2\xf8\x00"
+        "\x55\x84\x62\x93\xfd\xe0\x23\x31"
+        "\xcf\x4a\x26\x9a\xaf\x2d\x47\xeb"
+        "\x27\xab\xa0\xfa\xba\x4a\x67\x8e"
+        "\xc0\x02\xbc\x0d\x30\x64\xea\xd0");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x58\x81\x09\x2d\xd8\x18\xbf\x5c"
+        "\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7"
+        "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f"
+        "\x97\xb8\x33\x51\x94\x0f\x2c\xc8"
+        "\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c"
+        "\xdd\x06\x65\x68\x70\x6f\x50\x9b"
+        "\xc1\xbd\xde\x58\x29\x5d\xae\x3f"
+        "\x89\x1a\x9a\x0f\xca\x57\x83\x78"
+        "\x9a\x41\xf8\x61\x12\x14\xce\x61"
+        "\x23\x94\xdf\x28\x6a\x62\xd1\xa2"
+        "\x25\x2a\xa9\x4d\xb9\xc5\x38\x95"
+        "\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32"
+        "\xa0\x29\x4c\x85\x7c\x73\x0a\xa1"
+        "\x60\x67\xac\x10\x62\xf1\x20\x1f"
+        "\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
+        "\x35\x99\xb2\x7f\x34\x62\xbb\xa4"
+        "\xa0\xed\x29\x6c\x80\x1f\x9f\xf7"
+        "\xf5\x73\x02\xbb\x30\x76\xee\x14"
+        "\x5f\x97\xa3\x2a\xe6\x8e\x76\xab"
+        "\x66\xc4\x8d\x51\x67\x5b\xd4\x9a"
+        "\xcc\x29\x08\x2f\x56\x47\x58\x4e");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xcb\xef\x73\x29\x61\xb5\x5b\x4c"
+        "\x31\x39\x67\x96\x57\x7d\xf4\x91"
+        "\xb6\xee\xd6\x1d\x89\x49\xce\x96"
+        "\x72\x26\x80\x1e\x41\x1e\x53\xf0"
+        "\x95\x44\xc1\x3f\xe4\xdf\x40\xfc"
+        "\x8d\xf5\xf9\x85\x3e\x85\x41\xd0"
+        "\x45\x41\xf1\x00\x77\xd9\xd4\x4e"
+        "\x74\x93\xe8\x7f\x16\x0a\x0a\x0d"
+        "\x37\xb3\xd6\xda\xc9\x64\x59\x88"
+        "\xed\x5d\x06\xdd\x53\x21\x99\x3d"
+        "\x87\x35\x74\xd1\x47\xe3\x36\xd7"
+        "\x23\x3a\x68\x27\x31\x87\x21\x48"
+        "\xe9\x3e\x72\x28\x16\xb3\xb1\xcc"
+        "\x31\x3b\xc4\x33\x94\x5f\x74\xf2"
+        "\x14\x39\xdf\xd8\xc8\x9b\xc5\x9b"
+        "\xf3\xd1\x6d\x48\x9a\x5d\x5c\xaf"
+        "\xdf\x77\xac\x07\xbe\x5d\x96\xa7"
+        "\x6e\x95\x27\x53\x07\xd8\x83\xca"
+        "\xd6\x25\x71\x43\xb5\x61\x00\x73"
+        "\xcb\xbf\x7b\x8e\x89\x70\x31\x74"
+        "\x66\xa8\xb6\x85\xd4\x81\x78\xb8");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x96\x1c\x91\x9c\x08\x54\x57\x6e"
+        "\x56\x13\x20\xe8\x15\x14\xbf\x37"
+        "\x24\x19\x7d\x07\x15\xe1\x6a\x36"
+        "\x45\x20\x38\x4e\xe9\x97\xf6\xef"
+        "\x3b\xe7\xad\x1a\xb6\x87\xd3\x1e"
+        "\xbd\x7e\x66\x04\xef\x2c\x76\x52"
+        "\x93\x2e\x42\x06\x11\x3d\x26\x35"
+        "\x14\xe7\x2f\x31\xf5\xe1\xdf\x87"
+        "\xc5\xf5\x4f\xc4\x3e\x8f\x85\x7f"
+        "\xc4\xa5\x2b\xbb\x56\x5b\xd6\xd4"
+        "\x58\x69\xdf\x92\x59\xc0\x97\x74"
+        "\x72\x83\x94\xe3\xe0\xc3\xb3\x26"
+        "\x41\x00\x85\xc3\x56\xe5\xb1\x73"
+        "\xd5\x70\x08\x79\x45\xb0\xf0\x68"
+        "\xe4\xc6\x3a\x5b\x19\x1f\xef\x22"
+        "\xd9\x3b\x9f\xd4\x21\x13\x28\xd7"
+        "\x0e\x51\x4f\xec\x92\xb1\xb4\x86"
+        "\x43\x49\x59\x18\xb6\x41\xea\xb0"
+        "\x54\x60\xd0\x79\x8c\xbe\x42\xfd"
+        "\xa4\x7a\x23\x75\xf1\x06\x5d\x03"
+        "\x7e\xbc\x76\xbd\xce\xff\x29\xef");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x54\xdd\x20\x1e\x53\x24\x99\x10"
+        "\xdb\x3c\x7d\x36\x65\x74\xfb\xb6"
+        "\x4e\x71\xfa\xe4\x42\xa4\xba\xc1"
+        "\x34\x39\xf2\x6d\xd4\x89\x68\x83"
+        "\x70\xd0\x12\xa1\x55\x86\xd8\x7e"
+        "\x73\x00\xbe\xed\xd9\x23\x3e\xea"
+        "\x98\xf9\x16\xda\xb2\x66\x51\x38"
+        "\x02\x50\x24\x40\x31\x5b\xba\x9e"
+        "\x40\xcd\xb8\x60\x09\x7b\x12\xdf"
+        "\xd8\x8d\x4f\x24\x2f\x77\xc2\x2e"
+        "\x93\xad\xfd\x3e\xb7\x89\x94\x82"
+        "\xd3\x9f\x7c\x0f\x16\x0e\xcc\x07"
+        "\x04\x73\x47\x82\x94\x73\x31\x46"
+        "\x74\xa5\x6a\x13\xe7\x01\xd5\xd8"
+        "\xaa\x37\x54\x6b\x43\xc5\x73\x36"
+        "\x56\xc1\xac\x3c\xa4\x69\x7a\x30"
+        "\x32\x0b\x98\xad\xf9\xbc\xa3\xc6"
+        "\x8b\xec\x9f\x14\xe3\x3b\x8f\xae"
+        "\x30\xd5\x5e\xc6\x0e\x80\x15\xa5"
+        "\x16\x80\xbb\x37\xeb\x5a\x7e\xbc"
+        "\x90\x88\xcd\xcf\x09\xff\x2d\x6b");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x7b\xf4\x51\xc9\x2f\xdc\x77\xb9"
+        "\x77\x1e\x6c\x90\x56\x44\x58\x94"
+        "\xee\x86\x7f\x00\xc2\xb7\x0d\x3a"
+        "\xf0\xd1\x96\xa0\xcf\x6b\x28\xe1"
+        "\x2c\xed\x96\x05\x37\xf2\x2a\x0e"
+        "\x90\x33\x41\x03\x67\x58\x44\x99"
+        "\x3c\x4f\xd7\x13\x64\x68\x00\xbd"
+        "\x89\x99\x51\xe5\x6f\x06\x45\xfc"
+        "\xf0\x39\x78\xa6\x27\xc0\x7c\x62"
+        "\xa7\x5a\x54\x3b\x8a\xf7\xed\xb0"
+        "\xaf\xe7\x64\x3d\x94\x95\x36\x3b"
+        "\x30\xbc\xc5\x50\x1c\x74\xdf\x19"
+        "\x5b\x2a\xd4\x28\x83\x1b\x77\x9b"
+        "\xf1\xab\x2a\x0d\xfc\x92\xa5\x92"
+        "\x5a\xc8\xd5\x97\x90\xee\xbc\xf2"
+        "\xec\x29\xb3\x33\x8f\x66\x0c\x5a"
+        "\x6f\x66\x73\xce\x32\x2c\xc1\x03"
+        "\x9a\xe5\xf1\x46\x3b\x86\xca\x7e"
+        "\x96\xaa\xa9\x9a\x27\x09\x93\x02"
+        "\x6a\xc8\x13\xda\xc4\xb9\xeb\x82"
+        "\x14\xe3\x1c\xe8\x68\x27\xcb\x21");
+
+    DIGEST_COUNT_KATS_TEST(Shake128, SHAKE128, SHA3_128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_OTHER_TEST(wc_Shake, Shake128, SHA3_128,
+        "\x1b\xbe\x22\xa0\x40\xc7\x15\x88"
+        "\xcc\x2b\xaa\x3e\x5a\x7c\x89\x03"
+        "\x33\xd4\xac\x54\x27\x14\xf9\x96"
+        "\x0e\x60\x3d\x8f\x13\x9a\xf8\x1e"
+        "\x8f\x45\xc8\x37\xa8\x63\x16\x7b"
+        "\x96\x69\xd4\xe4\x2e\x45\x9f\x1d"
+        "\x50\xaa\x92\x2e\x0d\x32\x37\x97"
+        "\xf7\xd7\xcc\x7c\x5c\xfa\x71\x42"
+        "\xf3\x23\x68\x6a\x36\x03\xd4\x0a"
+        "\x77\x7d\xd3\x84\x40\x75\xc5\xad"
+        "\x1f\xb7\xa4\x90\x80\x66\x91\x49"
+        "\x7d\x3e\x8a\x69\xb9\x94\xbf\x0f"
+        "\x0a\x09\xde\xc8\xfe\x10\xb5\x4f"
+        "\xe5\x78\xda\x4c\x3a\xcd\xcd\xc2"
+        "\x30\xb0\x14\x75\x45\x2b\x2e\x40"
+        "\x74\xf4\x5c\xad\x2e\xcf\x1c\xa0"
+        "\x0b\x8d\x58\x30\xcd\x0f\xaa\x11"
+        "\x68\x84\x2b\x55\xa7\x62\x1b\x9a"
+        "\xec\x6e\xd6\xcc\xa1\xc9\x9f\xc8"
+        "\x11\x74\xb4\x22\x18\xc0\xe6\x37"
+        "\xc4\xef\xc2\xe4\xc3\x26\x27\x0b");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_COPY_TEST(wc_Shake, Shake128, SHA3_128,
+        "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d"
+        "\x61\x60\x45\x50\x76\x05\x85\x3e"
+        "\xd7\x3b\x80\x93\xf6\xef\xbc\x88"
+        "\xeb\x1a\x6e\xac\xfa\x66\xef\x26"
+        "\x3c\xb1\xee\xa9\x88\x00\x4b\x93"
+        "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68"
+        "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63"
+        "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2"
+        "\x35\xb8\xcc\x87\x3c\x23\xdc\x62"
+        "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75"
+        "\xab\x91\x6a\x58\xd9\x74\x91\x88"
+        "\x35\xd2\x5e\x6a\x43\x50\x85\xb2"
+        "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5"
+        "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38"
+        "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
+        "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea"
+        "\x17\xcd\xa7\xcf\xad\x76\x5f\x56"
+        "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf"
+        "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f"
+        "\x16\x7a\x58\x0b\x14\xaa\xbd\xef"
+        "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9",
+        "\x58\x81\x09\x2d\xd8\x18\xbf\x5c"
+        "\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7"
+        "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f"
+        "\x97\xb8\x33\x51\x94\x0f\x2c\xc8"
+        "\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c"
+        "\xdd\x06\x65\x68\x70\x6f\x50\x9b"
+        "\xc1\xbd\xde\x58\x29\x5d\xae\x3f"
+        "\x89\x1a\x9a\x0f\xca\x57\x83\x78"
+        "\x9a\x41\xf8\x61\x12\x14\xce\x61"
+        "\x23\x94\xdf\x28\x6a\x62\xd1\xa2"
+        "\x25\x2a\xa9\x4d\xb9\xc5\x38\x95"
+        "\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32"
+        "\xa0\x29\x4c\x85\x7c\x73\x0a\xa1"
+        "\x60\x67\xac\x10\x62\xf1\x20\x1f"
+        "\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
+        "\x35\x99\xb2\x7f\x34\x62\xbb\xa4"
+        "\xa0\xed\x29\x6c\x80\x1f\x9f\xf7"
+        "\xf5\x73\x02\xbb\x30\x76\xee\x14"
+        "\x5f\x97\xa3\x2a\xe6\x8e\x76\xab"
+        "\x66\xc4\x8d\x51\x67\x5b\xd4\x9a"
+        "\xcc\x29\x08\x2f\x56\x47\x58\x4e");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128Hash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    const byte  data[] = { /* Hello World */
+        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
+        0x72,0x6c,0x64
+    };
+    word32      len = sizeof(data);
+    byte        hash[WC_SHA3_128_COUNT * 8];
+    word32      hashLen = sizeof(hash);
+    const char* expHash =
+        "\x12\x27\xc5\xf8\x82\xf9\xc5\x7b"
+        "\xf2\xe3\xe4\x8d\x2c\x87\xeb\x20"
+        "\xf3\x82\xa4\xb6\x39\xb5\x4d\x26"
+        "\xf6\xd5\x95\xff\x3d\xb9\x06\x4d"
+        "\x07\x4e\xe7\x88\xf0\x74\x7c\xa3"
+        "\xfc\x46\xce\x86\x93\x6c\xfc\x6b"
+        "\xd3\x63\x8d\xae\x5a\x2b\x7d\x65"
+        "\x92\x52\x29\x98\xd6\xda\x6f\xaa"
+        "\x5f\x5d\x41\x5d\x99\xd5\x56\x51"
+        "\x46\xee\x3c\xd2\xb8\xec\x15\x38"
+        "\xbc\x62\xdd\xe9\x46\x94\x9b\x23"
+        "\xb8\xcf\x3c\xa3\xe4\x7f\x35\x2d"
+        "\x3c\x46\x2f\x16\x87\x10\x84\x34"
+        "\xf7\x84\x95\x2c\xcf\xe3\x26\xaf"
+        "\xdf\x78\x53\xb3\x98\x20\x22\xca"
+        "\x14\x82\xbc\x9c\xd1\x8f\x9a\x6c"
+        "\xe0\x92\x0b\x8f\x34\x5a\xa0\x4e"
+        "\x7f\xd5\x83\xa4\xe2\x01\x25\x33"
+        "\x45\x0b\x00\xc1\x6a\x5a\x14\xe8"
+        "\x6a\xd1\x45\x0c\x4e\x8a\x4a\x6f"
+        "\x37\xb4\x15\x5d\xd6\x0d\xd1\xab";
+
+    ExpectIntEQ(wc_Shake128Hash(data, len, hash, hashLen), 0);
+    ExpectBufEQ(hash, expHash, hashLen);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Absorb(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    wc_Shake shake128;
+
+    ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake128_Absorb(NULL     , NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_Absorb(&shake128, NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_Absorb(NULL     , NULL    , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake128_Absorb(&shake128, NULL, 0), 0);
+#endif
+
+    ExpectIntEQ(wc_Shake128_Absorb(&shake128, (byte*)"a", 1), 0);
+
+    wc_Shake128_Free(&shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_SqueezeBlocks(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    wc_Shake shake128;
+    byte hash[WC_SHA3_128_COUNT * 8];
+
+    ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(NULL     , NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(NULL     , NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, NULL, 0), 0);
+#endif
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, hash, 1), 0);
+
+    wc_Shake128_Free(&shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define TEST_SHAKE128_MAX_BLOCKS     3
+int test_wc_Shake128_XOF(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    wc_Shake shake128;
+    byte hash[WC_SHA3_128_COUNT * 8 * TEST_SHAKE128_MAX_BLOCKS];
+    const char* expOut =
+        "\xf4\x2f\xac\xcf\x13\x0e\x25\x5f"
+        "\xfd\x4a\x29\xbb\x9d\x47\x25\xea"
+        "\x19\xfe\x86\xd3\xeb\x58\xd7\x74"
+        "\xc1\x3c\xf9\xc7\x0e\xdc\xc6\x3b"
+        "\x4b\x97\x0d\x2b\xbc\xa6\x89\x4c"
+        "\xda\x48\x8c\x02\x62\x15\x1f\x2e"
+        "\x36\xb1\x95\x78\xfe\x02\x81\x35"
+        "\x30\x55\x5f\x3c\x06\x47\x2b\x93"
+        "\x1e\xf5\x8e\xf2\xfc\x81\x5b\xec"
+        "\x9f\xde\xf3\xee\xc0\xac\xb0\x90"
+        "\x5c\x19\xc8\x3e\x8a\xa4\xf6\xa7"
+        "\xdf\xa3\x39\xdf\x22\x03\x6c\x07"
+        "\xaa\xbb\xea\x3d\xec\x00\xc2\xb2"
+        "\x6e\x4c\x6b\xdc\xb8\x39\x8b\xb5"
+        "\x67\x3f\xdc\x2a\xf5\x91\x32\xb9"
+        "\x07\xbc\x1d\xb3\x92\x79\x13\xdb"
+        "\x56\xe5\xae\x43\x91\x58\x18\x41"
+        "\xa8\xe1\x75\x8e\x5b\xeb\xac\x4f"
+        "\xeb\x41\xac\x5d\x8b\x4a\x3d\xf6"
+        "\xb6\x5f\xe6\x9c\x19\x1e\x33\x97"
+        "\xbc\x7c\xa7\x7e\xed\x5c\xe5\x4b"
+        "\xdb\xa2\x34\xcd\x90\x94\x46\x19"
+        "\x2e\x60\xbb\xf4\xb1\xe6\x78\xc8"
+        "\xb2\x89\x0b\x2b\x0a\xb9\x69\x81"
+        "\x90\x36\xc7\x5e\xcc\x36\x46\xde"
+        "\x5e\x1d\xb2\x1d\x62\x46\x58\xdf"
+        "\x9a\x07\xea\xe5\x6e\xac\x06\x53"
+        "\x4f\xb4\xb5\x1e\xe3\x78\x60\x84"
+        "\xe0\x96\xfd\xe8\xc0\xf4\x3b\x80"
+        "\x7a\x2d\xb5\x22\x3e\xb5\x0f\x21"
+        "\xcb\x47\x13\x2d\x97\xb5\x28\x25"
+        "\xe7\x84\xa1\x64\x46\xa8\xeb\x8d"
+        "\xa7\xf9\xbe\x89\x3f\x96\x8a\x08"
+        "\x97\x8d\x5c\x72\x7c\x9d\x52\x27"
+        "\xea\xb2\xf0\x9d\x9c\x00\x0d\x3e"
+        "\xd1\xa4\x0f\xdd\xba\x43\x41\xfb"
+        "\xf8\x26\x13\x98\x27\x88\xae\x8b"
+        "\xfb\x8f\xcd\x37\x72\xb3\x37\x09"
+        "\xf4\xde\xde\x33\x8e\x1f\xbd\x49"
+        "\x90\x3c\x8a\x8b\xd2\x89\xb0\x26"
+        "\x39\xc8\x2f\xc7\xfc\x2d\xf9\xa7"
+        "\xd3\x5d\x69\x3d\x90\x17\x9c\xc1"
+        "\x83\xc7\x1d\xd6\xd3\xa2\x01\x57"
+        "\x33\x4f\x0d\xfc\x52\x9e\x2a\xd1"
+        "\x9e\xfb\x36\xdf\x3e\xb3\x49\x9f"
+        "\x83\x22\xa8\x24\x0e\xa1\xfb\xca"
+        "\xd5\x17\x58\x1a\x40\x3f\x4f\x54"
+        "\x3f\xd4\xed\x99\xd2\x39\xad\x37"
+        "\x03\x39\xf7\x3b\xcf\x52\x55\xc4"
+        "\x76\x74\x1d\x33\x04\x76\x44\x0d"
+        "\xf6\x93\x89\x9d\x74\x19\x9c\x09"
+        "\xd9\xf4\x5f\x0b\xbc\xf4\x13\xec"
+        "\x2c\xce\x5f\x2b\x00\xeb\x8b\xa0"
+        "\xa2\xf1\xdd\x93\xc0\x9c\x7c\xb5"
+        "\xca\xe2\xfb\x07\xa9\x1b\xa8\xc9"
+        "\xc9\x84\x2b\x7e\x1e\x05\x8c\x98"
+        "\xfd\x8d\x2a\xd0\xf2\x3a\x7b\x88"
+        "\x26\x4d\xed\x2b\xdb\x99\xb8\x9f"
+        "\x88\x01\x47\x29\xeb\x23\x80\x81"
+        "\x2b\xdd\xac\xbf\xcb\x1e\x80\x0d"
+        "\x4f\xba\xc3\x13\xfa\xb1\xa6\xa9"
+        "\x69\x09\x48\xe6\xb8\xd5\x55\x12"
+        "\xb5\x25\xba\xf6\xd4\x2a\x5e\xf0";
+    int i;
+    int j;
+
+    for (i = 1; i <= TEST_SHAKE128_MAX_BLOCKS; i++) {
+        ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_Shake128_Absorb(&shake128, (byte*)"Starting point", 15),
+            0);
+
+        for (j = 0; j < TEST_SHAKE128_MAX_BLOCKS; j += i) {
+            int cnt = TEST_SHAKE128_MAX_BLOCKS - j;
+            if (i < cnt)
+                cnt = i;
+            ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128,
+                hash + WC_SHA3_128_COUNT * 8 * j, cnt), 0);
+        }
+        ExpectBufEQ(hash, expOut,
+            WC_SHA3_128_COUNT * 8 * TEST_SHAKE128_MAX_BLOCKS);
+    }
+
+    wc_Shake128_Free(&shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHAKE-256
+ ******************************************************************************/
+
+int test_wc_InitShake256(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_INIT_TEST(wc_Shake, Shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_ALT_UPDATE_TEST(wc_Shake, Shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_FINAL_TEST(wc_Shake, Shake256, SHA3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHAKE256_KAT_CNT    7
+int test_wc_Shake256_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_KATS_TEST_VARS(wc_Shake, SHAKE256, SHA3_256);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13"
+        "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24"
+        "\x3f\xcd\x52\xea\x62\xb8\x1b\x82"
+        "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f"
+        "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00"
+        "\xcb\x05\x01\x9d\x67\xb5\x92\xf6"
+        "\xfc\x82\x1c\x49\x47\x9a\xb4\x86"
+        "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe"
+        "\x14\x1e\x96\x61\x6f\xb1\x39\x57"
+        "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3"
+        "\xdc\x07\x22\x3c\x8e\x92\x93\x7b"
+        "\xef\x84\xbc\x0e\xab\x86\x28\x53"
+        "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7"
+        "\xc2\x77\x5c\x38\x46\x2c\x50\x10"
+        "\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
+        "\x95\x52\x2a\x6b\xcd\x16\xcf\x86"
+        "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd");
+    DIGEST_KATS_ADD("a", 1,
+        "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc"
+        "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c"
+        "\xea\xaf\xca\x50\x25\x56\x26\xca"
+        "\x73\x6c\x13\x80\x42\x53\x0b\xa4"
+        "\x36\xb7\xb1\xec\x0e\x06\xa2\x79"
+        "\xbc\x79\x07\x33\xbb\x0a\xee\x6f"
+        "\xa8\x02\x68\x3c\x7b\x35\x50\x63"
+        "\xc4\x34\xe9\x11\x89\xb0\xc6\x51"
+        "\xd0\x92\xb0\x1e\x55\xce\x4d\x61"
+        "\x0b\x54\xa5\x46\x6d\x02\xf8\x8f"
+        "\xc3\x78\x09\x6f\xb0\xda\xd0\x25"
+        "\x48\x57\xfe\x1e\x63\x81\xab\xc0"
+        "\x4e\x07\xe3\x3d\x91\x69\x35\x93"
+        "\x56\x36\x00\x48\x96\xc5\xb1\x25"
+        "\x34\x64\xf1\xcb\x5e\xa7\x3b\x00"
+        "\x7b\xc5\x02\x8b\xbb\xea\x13\xeb"
+        "\xc2\x86\x68\xdb\xfc\x26\xb1\x24");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x48\x33\x66\x60\x13\x60\xa8\x77"
+        "\x1c\x68\x63\x08\x0c\xc4\x11\x4d"
+        "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee"
+        "\x4f\x94\xea\x37\xe7\x8b\x57\x39"
+        "\xd5\xa1\x5b\xef\x18\x6a\x53\x86"
+        "\xc7\x57\x44\xc0\x52\x7e\x1f\xaa"
+        "\x9f\x87\x26\xe4\x62\xa1\x2a\x4f"
+        "\xeb\x06\xbd\x88\x01\xe7\x51\xe4"
+        "\x13\x85\x14\x12\x04\xf3\x29\x97"
+        "\x9f\xd3\x04\x7a\x13\xc5\x65\x77"
+        "\x24\xad\xa6\x4d\x24\x70\x15\x7b"
+        "\x3c\xdc\x28\x86\x20\x94\x4d\x78"
+        "\xdb\xcd\xdb\xd9\x12\x99\x3f\x09"
+        "\x13\xf1\x64\xfb\x2c\xe9\x51\x31"
+        "\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
+        "\x62\x27\x20\xd7\xa7\x5c\x63\x34"
+        "\xe8\xa2\xd7\xec\x71\xa7\xcc\x29");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x71\x8e\x22\x40\x88\x85\x68\x40"
+        "\xad\xe4\xdc\x73\x48\x7e\x15\x82"
+        "\x6a\x07\xec\xb8\xed\x5e\x2b\xda"
+        "\x52\x6c\xc1\xac\xdd\xb9\x9d\x00"
+        "\x60\x49\x81\x58\x44\xbe\x0c\x6c"
+        "\x29\xb7\x59\xdb\x80\xb7\xda\xa6"
+        "\x84\xcb\x46\xd9\x0f\x7e\xef\x10"
+        "\x7d\x24\xaa\xfc\xfa\xf0\xda\xca"
+        "\xca\x28\x88\xdf\xaa\x73\x76\x94"
+        "\xbc\x46\xd5\xc9\x5f\x17\xc5\xcf"
+        "\xe7\xb0\xc9\x5c\xfd\x6a\x12\x6d"
+        "\xd9\x64\x0c\x8e\x62\xe5\xad\x1c"
+        "\x06\xe5\x75\x61\x6a\x2d\xec\x06"
+        "\x46\x06\x6e\x80\x37\xe5\x1a\x00"
+        "\x54\x78\x3d\x82\x0b\x92\xc1\x14"
+        "\x17\x96\xf7\xc3\xe9\x35\x03\x8e"
+        "\x67\x13\xbb\xba\x46\x08\x0b\x2e");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xb7\xb7\x8b\x04\xa3\xdd\x30\xa2"
+        "\x65\xc8\x88\x6c\x33\xfd\xa9\x47"
+        "\x99\x85\x3d\xe5\xd3\xd1\x05\x41"
+        "\xfd\x4e\x9f\x46\x13\x70\x1c\x61"
+        "\x07\x52\x49\xbe\xd1\x6b\x07\x81"
+        "\x10\x8f\xcf\xe0\x86\xdb\xf3\x8a"
+        "\x7f\xb8\x30\x08\x07\xce\xa8\x5c"
+        "\xc6\x49\x32\x8d\x07\xd4\xff\x2b"
+        "\x5e\x89\x08\x56\x3f\xf0\xfd\xcc"
+        "\x06\xa8\x09\x2f\xbf\xe7\x72\xf8"
+        "\x0e\x49\xf8\x7a\x10\x3b\x2a\xee"
+        "\x12\x99\x0c\xcb\x47\x98\xe9\xec"
+        "\x03\xaa\x48\x18\xa4\xbf\x5a\xbd"
+        "\xa0\x84\xe1\xa5\xfe\x68\x7c\x2c"
+        "\xfe\xf4\x40\x68\x46\xfe\x47\xa0"
+        "\xd0\x7b\xf4\x50\x55\xa2\x69\x9c"
+        "\x37\xd6\xb6\xd9\xcd\x6c\x4f\xf0");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x31\xf1\x9a\x09\x7c\x72\x3e\x91"
+        "\xfa\x59\xb0\x99\x8d\xd8\x52\x3c"
+        "\x2a\x9e\x7e\x13\xb4\x02\x5d\x6b"
+        "\x48\xfc\xbc\x32\x89\x73\xa1\x08"
+        "\x78\xcf\xbe\xb3\x81\x0d\x88\x2f"
+        "\xdb\x6a\x06\xe8\x7f\x3e\xa5\x2c"
+        "\xf8\x26\xca\x55\x22\x31\x6f\xb6"
+        "\x45\xb7\x08\xac\xbe\x43\xb2\xcb"
+        "\x32\x52\x09\x24\x32\x42\x70\x60"
+        "\xc9\x63\x9e\x21\xa8\x98\xd3\x88"
+        "\xa7\xe1\x53\xe4\x2a\x8b\x89\x33"
+        "\xf2\xad\x0c\x27\x52\x97\x69\x8e"
+        "\x25\x7e\x05\xd2\x62\x75\x39\xb4"
+        "\x2c\x10\x1b\x97\x67\xbc\x6d\x90"
+        "\x06\x39\x31\x1f\x8e\x4a\x2e\x88"
+        "\x26\x7b\xbb\x85\xb3\xfa\x4e\xad"
+        "\xf4\x01\xe0\x74\x18\x9f\x6b\xbf");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x24\xc5\x08\xad\xef\xdf\x5e\x3f"
+        "\x25\x96\xe8\xb5\xa8\x88\xfe\x10"
+        "\xeb\x7b\x5b\x22\xe1\xf3\x5d\x85"
+        "\x8e\x6e\xff\x30\x25\xc4\xcc\x18"
+        "\xa3\xc9\xac\xe5\x1d\xdd\x24\x3d"
+        "\x08\xc8\xc7\x0c\xf6\x8e\x91\xd1"
+        "\x70\x60\x3d\xc3\xe2\xa3\x1c\x6c"
+        "\xa8\x9f\x20\xc4\xa5\x95\xa2\x65"
+        "\x4f\xb7\xd5\x35\x29\x42\x7e\x81"
+        "\x2d\xea\x48\xe8\xe8\x9a\xbe\x06"
+        "\x2b\x88\x90\x2f\x9b\xff\xb5\xee"
+        "\xf2\x8a\x65\x80\xfb\x24\x1a\x15"
+        "\x20\x1f\x18\xf5\x29\x9d\x03\xc3"
+        "\xe7\x17\x3d\x41\x43\x88\x68\x80"
+        "\xe4\xfb\x0b\xe1\xf5\x03\xeb\x4a"
+        "\x10\x9a\xf6\xf9\xe9\x7f\xa8\xdc"
+        "\x2e\xe6\x42\xe3\xc9\x18\x1b\x85");
+
+    DIGEST_COUNT_KATS_TEST(Shake256, SHAKE256, SHA3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_OTHER_TEST(wc_Shake, Shake256, SHA3_256,
+        "\x97\x52\xa7\xbe\xe4\x06\x06\x10"
+        "\xb2\x43\xb5\xca\x1e\x3a\x76\x06"
+        "\x68\xac\x62\xfe\xad\xa4\xad\xc9"
+        "\x23\xa2\x72\xeb\x90\x54\xeb\xd9"
+        "\x06\x7f\x1e\xea\x2d\x80\x92\xb2"
+        "\xd1\xe7\xae\x6b\xc0\x1d\x46\x6a"
+        "\x3f\x62\x67\x35\x7b\x50\x4b\xe2"
+        "\x05\x63\xf7\x97\x10\x4e\x9c\x14"
+        "\xff\x21\x64\x40\xf6\xd4\x55\x79"
+        "\x2e\x7b\x9b\x5b\xfb\xa2\x15\xf9"
+        "\x6d\x6a\x54\xae\x5e\x7d\x6c\x72"
+        "\x4a\x4e\x91\xcc\xc2\x37\x1c\x9d"
+        "\x14\x95\x27\x38\x64\x6c\x62\x10"
+        "\x19\x04\x6f\x19\xde\x61\x5e\xc8"
+        "\x6d\xd2\xcc\x5b\xf4\xe0\xf2\x54"
+        "\x0f\xe9\x2a\xe7\x0a\x7d\xb0\x55"
+        "\x8a\x74\x83\x49\xf0\x2a\x6e\xa9");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_COPY_TEST(wc_Shake, Shake256, SHA3_256,
+        "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13"
+        "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24"
+        "\x3f\xcd\x52\xea\x62\xb8\x1b\x82"
+        "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f"
+        "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00"
+        "\xcb\x05\x01\x9d\x67\xb5\x92\xf6"
+        "\xfc\x82\x1c\x49\x47\x9a\xb4\x86"
+        "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe"
+        "\x14\x1e\x96\x61\x6f\xb1\x39\x57"
+        "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3"
+        "\xdc\x07\x22\x3c\x8e\x92\x93\x7b"
+        "\xef\x84\xbc\x0e\xab\x86\x28\x53"
+        "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7"
+        "\xc2\x77\x5c\x38\x46\x2c\x50\x10"
+        "\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
+        "\x95\x52\x2a\x6b\xcd\x16\xcf\x86"
+        "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd",
+        "\x48\x33\x66\x60\x13\x60\xa8\x77"
+        "\x1c\x68\x63\x08\x0c\xc4\x11\x4d"
+        "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee"
+        "\x4f\x94\xea\x37\xe7\x8b\x57\x39"
+        "\xd5\xa1\x5b\xef\x18\x6a\x53\x86"
+        "\xc7\x57\x44\xc0\x52\x7e\x1f\xaa"
+        "\x9f\x87\x26\xe4\x62\xa1\x2a\x4f"
+        "\xeb\x06\xbd\x88\x01\xe7\x51\xe4"
+        "\x13\x85\x14\x12\x04\xf3\x29\x97"
+        "\x9f\xd3\x04\x7a\x13\xc5\x65\x77"
+        "\x24\xad\xa6\x4d\x24\x70\x15\x7b"
+        "\x3c\xdc\x28\x86\x20\x94\x4d\x78"
+        "\xdb\xcd\xdb\xd9\x12\x99\x3f\x09"
+        "\x13\xf1\x64\xfb\x2c\xe9\x51\x31"
+        "\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
+        "\x62\x27\x20\xd7\xa7\x5c\x63\x34"
+        "\xe8\xa2\xd7\xec\x71\xa7\xcc\x29");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256Hash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    const byte  data[] = { /* Hello World */
+        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
+        0x72,0x6c,0x64
+    };
+    word32      len = sizeof(data);
+    byte        hash[WC_SHA3_256_COUNT * 8];
+    word32      hashLen = sizeof(hash);
+    const char* expHash =
+        "\x84\x0d\x1c\xe8\x1a\x43\x27\x84"
+        "\x0b\x54\xcb\x1d\x41\x99\x07\xfd"
+        "\x1f\x62\x35\x9b\xad\x33\x65\x6e"
+        "\x05\x86\x53\xd2\xe4\x17\x2a\x43"
+        "\xac\xc9\x58\xdb\xec\x0c\xf0\xd4"
+        "\x73\xdb\x45\x8c\xe1\xc0\x07\xaa"
+        "\x6e\xb4\x0e\xac\x92\xaa\x0e\x65"
+        "\x20\x2e\xdb\x4d\x7f\xee\xd3\x78"
+        "\x8a\x77\xed\x6a\x6d\xdc\x5a\xbf"
+        "\xbf\xbf\xf7\x2f\x22\xf4\x9e\x66"
+        "\x7e\x45\x03\x2c\x1e\xe8\xcf\xb0"
+        "\x79\xf8\x08\x9b\x43\xd1\x6a\xe6"
+        "\xe5\x8f\x06\x3a\x4d\x93\xef\x36"
+        "\x99\xb3\x2b\x9d\x00\xb3\x3c\x37"
+        "\x2c\x10\xa4\x8d\x72\xf6\x4d\xa0"
+        "\x25\x97\xf4\xfa\x23\xd5\x89\x0a"
+        "\x4d\x65\x0a\xcb\x7b\xf8\xd2\x36";
+
+    ExpectIntEQ(wc_Shake256Hash(data, len, hash, hashLen), 0);
+    ExpectBufEQ(hash, expHash, hashLen);
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_Shake256Hash */
+
+int test_wc_Shake256_Absorb(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    wc_Shake shake256;
+
+    ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake256_Absorb(NULL     , NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_Absorb(&shake256, NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_Absorb(NULL     , NULL    , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake256_Absorb(&shake256, NULL, 0), 0);
+#endif
+    ExpectIntEQ(wc_Shake256_Absorb(&shake256, (byte*)"a", 1), 0);
+
+    wc_Shake256_Free(&shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_SqueezeBlocks(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    wc_Shake shake256;
+    byte hash[WC_SHA3_256_COUNT * 8];
+
+    ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(NULL     , NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(NULL     , NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, NULL, 0), 0);
+#endif
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, hash, 1), 0);
+
+    wc_Shake256_Free(&shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define TEST_SHAKE256_MAX_BLOCKS    3
+int test_wc_Shake256_XOF(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    wc_Shake shake256;
+    byte hash[WC_SHA3_256_COUNT * 8 * TEST_SHAKE256_MAX_BLOCKS];
+    const char* expOut =
+        "\x26\x16\x27\x51\x34\xae\xba\x85"
+        "\x2e\x81\x43\x9a\x50\x72\x03\xd8"
+        "\x1c\x58\x2b\x87\xb5\x89\x3a\x45"
+        "\x66\xfe\x0e\x5a\xde\x60\x8e\xca"
+        "\x2e\x27\x87\x25\x08\x0f\x13\x0e"
+        "\x4e\x82\xb0\x6a\x4b\xe0\xca\x79"
+        "\xcc\x55\xd8\x3f\xb4\x36\x74\x18"
+        "\x5d\x2d\xb9\xa7\x95\x25\x6b\x44"
+        "\x70\xc5\xa0\xa5\x21\x7e\x88\xed"
+        "\x70\x67\x71\x57\x61\xb2\x3c\xb8"
+        "\x89\x0f\x43\x28\x8a\xa9\xf1\x29"
+        "\x4c\x71\x33\xe7\x96\x4e\x8b\x58"
+        "\x7c\x16\x12\xed\xac\x10\xfb\xc8"
+        "\xf8\xd2\x1f\xa3\x12\x29\x34\xb2"
+        "\xf1\xaa\xcd\x4a\x10\x7a\xd1\x68"
+        "\x00\xc1\xb2\xb8\x4b\xb2\xe5\x8a"
+        "\xa3\xa0\xda\x73\x15\x3e\xb4\x50"
+        "\x70\x3a\x3c\x7f\x8d\xd7\xa8\xfc"
+        "\x03\x63\x0f\x80\x15\xd7\x05\x4f"
+        "\x48\x42\x52\x12\x4f\xa1\x87\x85"
+        "\xb9\xa4\x9b\x04\x17\xdb\x9f\x62"
+        "\x9a\xbb\x07\x40\x56\x6c\xb0\xb9"
+        "\x20\xf1\x85\x18\x36\x4f\x2e\x71"
+        "\x16\x7d\xc0\xed\xb3\x89\x22\x3c"
+        "\x93\xbd\xee\x71\x36\x59\x25\x7b"
+        "\xae\x3c\x8b\x4b\xa8\xac\x63\xef"
+        "\xd5\xfe\x6c\x07\x6b\xb9\x3b\x41"
+        "\x8f\x30\x6d\xee\x7b\x1d\xfc\x6c"
+        "\xda\x21\x1f\xaa\x63\x72\xc6\xf1"
+        "\x51\x27\xce\xdc\x6b\xb2\x84\x7c"
+        "\x79\x3b\xa3\xaf\xf0\xb7\x2d\xd8"
+        "\x6e\xd9\xc5\x2e\x5e\x48\x42\xbc"
+        "\xc3\xe5\x3a\xee\x82\x6c\x90\x21"
+        "\xc9\x17\x9e\x17\x2c\x30\x11\x34"
+        "\x0a\x53\x33\x93\x47\xca\x7d\x9e"
+        "\x4e\xb4\xea\x70\xb7\x58\x39\xc2"
+        "\x3c\x29\x6c\x9d\x75\x45\x88\x3d"
+        "\x68\x5c\x1c\x6a\x52\x56\x6c\xe5"
+        "\x28\x51\xf1\x64\xce\x0b\x45\x66"
+        "\x7a\xc4\xb7\x42\x08\x39\x00\x17"
+        "\xbe\x55\xd2\xda\x05\x5e\x70\xc3"
+        "\xdc\x65\x36\x0b\xa9\x49\x95\xce"
+        "\x8a\x04\x04\x4e\xb2\xff\xfa\x31"
+        "\x07\x09\x5d\xe4\xa8\x04\x10\xf2"
+        "\x84\x3c\x5d\xf4\x99\x5d\x75\x23"
+        "\x03\x66\xed\xac\x07\xbb\x89\x61"
+        "\xd6\xd0\x5f\x19\xd2\x2f\x1c\xd7"
+        "\x73\x4d\x92\x12\x85\x07\x9c\x38"
+        "\xd2\x50\x6e\xe5\xe8\x15\x6c\xf6"
+        "\xde\x66\x9a\x10\x6f\xa1\xaf\x20"
+        "\x99\x1d\xc0\xe6\xdc\xeb\xbc\x74";
+    int i;
+    int j;
+
+    for (i = 1; i <= TEST_SHAKE256_MAX_BLOCKS; i++) {
+        ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_Shake256_Absorb(&shake256, (byte*)"Starting point", 15),
+            0);
+
+        for (j = 0; j < TEST_SHAKE256_MAX_BLOCKS; j += i) {
+            int cnt = TEST_SHAKE256_MAX_BLOCKS - j;
+            if (i < cnt)
+                cnt = i;
+            ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256,
+                hash + WC_SHA3_256_COUNT * 8 * j, cnt), 0);
+        }
+        ExpectBufEQ(hash, expOut,
+            WC_SHA3_256_COUNT * 8 * TEST_SHAKE256_MAX_BLOCKS);
+    }
+
+    wc_Shake256_Free(&shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha3.h b/tests/api/test_sha3.h
new file mode 100644
index 000000000..f4692f5c4
--- /dev/null
+++ b/tests/api/test_sha3.h
@@ -0,0 +1,59 @@
+/* test_sha3.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA3_H
+#define WOLFCRYPT_TEST_SHA3_H
+
+int test_wc_InitSha3(void);
+int test_wc_Sha3_Update(void);
+int test_wc_Sha3_Final(void);
+int test_wc_Sha3_224_KATs(void);
+int test_wc_Sha3_256_KATs(void);
+int test_wc_Sha3_384_KATs(void);
+int test_wc_Sha3_512_KATs(void);
+int test_wc_Sha3_other(void);
+int test_wc_Sha3_Copy(void);
+int test_wc_Sha3_GetHash(void);
+int test_wc_Sha3_Flags(void);
+
+int test_wc_InitShake128(void);
+int test_wc_Shake128_Update(void);
+int test_wc_Shake128_Final(void);
+int test_wc_Shake128_KATs(void);
+int test_wc_Shake128_other(void);
+int test_wc_Shake128_Copy(void);
+int test_wc_Shake128Hash(void);
+int test_wc_Shake128_Absorb(void);
+int test_wc_Shake128_SqueezeBlocks(void);
+int test_wc_Shake128_XOF(void);
+
+int test_wc_InitShake256(void);
+int test_wc_Shake256_Update(void);
+int test_wc_Shake256_Final(void);
+int test_wc_Shake256_KATs(void);
+int test_wc_Shake256_other(void);
+int test_wc_Shake256_Copy(void);
+int test_wc_Shake256Hash(void);
+int test_wc_Shake256_Absorb(void);
+int test_wc_Shake256_SqueezeBlocks(void);
+int test_wc_Shake256_XOF(void);
+
+#endif /* WOLFCRYPT_TEST_SHA3_H */
diff --git a/tests/api/test_sha512.c b/tests/api/test_sha512.c
new file mode 100644
index 000000000..27cc176e8
--- /dev/null
+++ b/tests/api/test_sha512.c
@@ -0,0 +1,884 @@
+/* test_sha512.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha512.h>
+#include <tests/api/test_digest.h>
+
+/*******************************************************************************
+ * SHA-512
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha512()
+ */
+int test_wc_InitSha512(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha512 */
+
+/*
+ *  Tesing wc_Sha512Update()
+ */
+int test_wc_Sha512Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_UPDATE_TEST(wc_Sha512, Sha512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Update() */
+
+/*
+ * Unit test on wc_Sha512Final
+ */
+int test_wc_Sha512Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_FINAL_TEST(wc_Sha512, Sha512, SHA512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+/*
+ * Unit test on wc_Sha512FinalRaw
+ */
+int test_wc_Sha512FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512, SHA512,
+                          "\x6a\x09\xe6\x67\xf3\xbc\xc9\x08"
+                          "\xbb\x67\xae\x85\x84\xca\xa7\x3b"
+                          "\x3c\x6e\xf3\x72\xfe\x94\xf8\x2b"
+                          "\xa5\x4f\xf5\x3a\x5f\x1d\x36\xf1"
+                          "\x51\x0e\x52\x7f\xad\xe6\x82\xd1"
+                          "\x9b\x05\x68\x8c\x2b\x3e\x6c\x1f"
+                          "\x1f\x83\xd9\xab\xfb\x41\xbd\x6b"
+                          "\x5b\xe0\xcd\x19\x13\x7e\x21\x79");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+#define SHA512_KAT_CNT     7
+int test_wc_Sha512_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
+                    "\xf1\x54\x28\x50\xd6\x6d\x80\x07"
+                    "\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
+                    "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
+                    "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
+                    "\xff\x83\x18\xd2\x87\x7e\xec\x2f"
+                    "\x63\xb9\x31\xbd\x47\x41\x7a\x81"
+                    "\xa5\x38\x32\x7a\xf9\x27\xda\x3e");
+    DIGEST_KATS_ADD("a", 1,
+                    "\x1f\x40\xfc\x92\xda\x24\x16\x94"
+                    "\x75\x09\x79\xee\x6c\xf5\x82\xf2"
+                    "\xd5\xd7\xd2\x8e\x18\x33\x5d\xe0"
+                    "\x5a\xbc\x54\xd0\x56\x0e\x0f\x53"
+                    "\x02\x86\x0c\x65\x2b\xf0\x8d\x56"
+                    "\x02\x52\xaa\x5e\x74\x21\x05\x46"
+                    "\xf3\x69\xfb\xbb\xce\x8c\x12\xcf"
+                    "\xc7\x95\x7b\x26\x52\xfe\x9a\x75");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
+                    "\xcc\x41\x73\x49\xae\x20\x41\x31"
+                    "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
+                    "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
+                    "\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
+                    "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
+                    "\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
+                    "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\x10\x7d\xbf\x38\x9d\x9e\x9f\x71"
+                    "\xa3\xa9\x5f\x6c\x05\x5b\x92\x51"
+                    "\xbc\x52\x68\xc2\xbe\x16\xd6\xc1"
+                    "\x34\x92\xea\x45\xb0\x19\x9f\x33"
+                    "\x09\xe1\x64\x55\xab\x1e\x96\x11"
+                    "\x8e\x8a\x90\x5d\x55\x97\xb7\x20"
+                    "\x38\xdd\xb3\x72\xa8\x98\x26\x04"
+                    "\x6d\xe6\x66\x87\xbb\x42\x0e\x7c");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\x4d\xbf\xf8\x6c\xc2\xca\x1b\xae"
+                    "\x1e\x16\x46\x8a\x05\xcb\x98\x81"
+                    "\xc9\x7f\x17\x53\xbc\xe3\x61\x90"
+                    "\x34\x89\x8f\xaa\x1a\xab\xe4\x29"
+                    "\x95\x5a\x1b\xf8\xec\x48\x3d\x74"
+                    "\x21\xfe\x3c\x16\x46\x61\x3a\x59"
+                    "\xed\x54\x41\xfb\x0f\x32\x13\x89"
+                    "\xf7\x7f\x48\xa8\x79\xc7\xb1\xf1");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\x1e\x07\xbe\x23\xc2\x6a\x86\xea"
+                    "\x37\xea\x81\x0c\x8e\xc7\x80\x93"
+                    "\x52\x51\x5a\x97\x0e\x92\x53\xc2"
+                    "\x6f\x53\x6c\xfc\x7a\x99\x96\xc4"
+                    "\x5c\x83\x70\x58\x3e\x0a\x78\xfa"
+                    "\x4a\x90\x04\x1d\x71\xa4\xce\xab"
+                    "\x74\x23\xf1\x9c\x71\xb9\xd5\xa3"
+                    "\xe0\x12\x49\xf0\xbe\xbd\x58\x94");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\x72\xec\x1e\xf1\x12\x4a\x45\xb0"
+                    "\x47\xe8\xb7\xc7\x5a\x93\x21\x95"
+                    "\x13\x5b\xb6\x1d\xe2\x4e\xc0\xd1"
+                    "\x91\x40\x42\x24\x6e\x0a\xec\x3a"
+                    "\x23\x54\xe0\x93\xd7\x6f\x30\x48"
+                    "\xb4\x56\x76\x43\x46\x90\x0c\xb1"
+                    "\x30\xd2\xa4\xfd\x5d\xd1\x6a\xbb"
+                    "\x5e\x30\xbc\xb8\x50\xde\xe8\x43");
+
+    DIGEST_KATS_TEST(Sha512, SHA512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+int test_wc_Sha512_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_OTHER_TEST(wc_Sha512, Sha512, SHA512,
+                      "\xf2\x7d\xa3\xe0\x25\x71\x51\x3f"
+                      "\x75\xf4\xdc\xea\xdc\xf7\x7f\xf1"
+                      "\xad\x5a\x51\x32\x07\x73\x1d\xf8"
+                      "\xdd\xaa\xf1\x15\x3e\xa3\x3c\xc5"
+                      "\x00\x76\x6e\x1d\xa5\xa2\x4a\x44"
+                      "\x99\x3e\x2d\xaa\xa8\x05\xc8\x49"
+                      "\xf0\x83\x34\x02\x07\x43\x8b\xac"
+                      "\xfb\xe6\x02\x40\x6b\x48\x54\x8e");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+int test_wc_Sha512Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_COPY_TEST(wc_Sha512, Sha512, SHA512,
+                     "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
+                     "\xf1\x54\x28\x50\xd6\x6d\x80\x07"
+                     "\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
+                     "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
+                     "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
+                     "\xff\x83\x18\xd2\x87\x7e\xec\x2f"
+                     "\x63\xb9\x31\xbd\x47\x41\x7a\x81"
+                     "\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
+                     "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
+                     "\xcc\x41\x73\x49\xae\x20\x41\x31"
+                     "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
+                     "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
+                     "\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
+                     "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
+                     "\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
+                     "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_GET_HASH_TEST(wc_Sha512, Sha512, SHA512,
+                         "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
+                         "\xf1\x54\x28\x50\xd6\x6d\x80\x07"
+                         "\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
+                         "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
+                         "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
+                         "\xff\x83\x18\xd2\x87\x7e\xec\x2f"
+                         "\x63\xb9\x31\xbd\x47\x41\x7a\x81"
+                         "\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
+                         "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
+                         "\xcc\x41\x73\x49\xae\x20\x41\x31"
+                         "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
+                         "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
+                         "\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
+                         "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
+                         "\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
+                         "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512, SHA512,
+                                    "\x80\x63\x62\x61\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x18\x00\x00\x00",
+                                    "\x54\x52\xb6\x73\x58\x3e\x6f\x12"
+                                    "\xcb\x0b\xf3\x61\x38\xb9\x76\xe8"
+                                    "\x2e\x46\x13\xd9\x4a\x67\xe3\x7c"
+                                    "\x5c\xd7\xa5\xe6\x43\x55\x16\xa2"
+                                    "\x83\x06\x9a\x32\x69\x55\x63\x95"
+                                    "\x68\x75\xde\x70\x09\x4d\xcd\xfe"
+                                    "\xbe\x11\x20\xd6\xe7\x7c\x49\xd3"
+                                    "\x5b\xd7\x07\x75\x19\xc9\x8a\xfa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha512, Sha512);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-512-224
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha512_224()
+ */
+int test_wc_InitSha512_224(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha512_224 */
+
+/*
+ *  Tesing wc_Sha512_224Update()
+ */
+int test_wc_Sha512_224Update(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_UPDATE_TEST(wc_Sha512, Sha512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Update() */
+
+/*
+ * Unit test on wc_Sha512_224Final
+ */
+int test_wc_Sha512_224Final(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_FINAL_TEST(wc_Sha512, Sha512_224, SHA512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+/*
+ * Unit test on wc_Sha512_224FinalRaw
+ */
+int test_wc_Sha512_224FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
+    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 3))) && !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512_224, SHA512_224,
+                          "\x8c\x3d\x37\xc8\x19\x54\x4d\xa2"
+                          "\x73\xe1\x99\x66\x89\xdc\xd4\xd6"
+                          "\x1d\xfa\xb7\xae\x32\xff\x9c\x82"
+                          "\x67\x9d\xd5\x14");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+#define SHA512_224_KAT_CNT     7
+int test_wc_Sha512_224_KATs(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512_224);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e"
+                    "\x25\xde\x06\x0c\x19\xd3\xac\x86"
+                    "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c"
+                    "\x33\x3b\x84\xf4");
+    DIGEST_KATS_ADD("a", 1,
+                    "\xd5\xcd\xb9\xcc\xc7\x69\xa5\x12"
+                    "\x1d\x41\x75\xf2\xbf\xdd\x13\xd6"
+                    "\x31\x0e\x0d\x3d\x36\x1e\xa7\x5d"
+                    "\x82\x10\x83\x27");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+                    "\xda\xae\x75\x30\x46\x08\x42\xe2"
+                    "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+                    "\x3e\x89\x24\xaa");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\xad\x1a\x4d\xb1\x88\xfe\x57\x06"
+                    "\x4f\x4f\x24\x60\x9d\x2a\x83\xcd"
+                    "\x0a\xfb\x9b\x39\x8e\xb2\xfc\xae"
+                    "\xaa\xe2\xc5\x64");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\xff\x83\x14\x8a\xa0\x7e\xc3\x06"
+                    "\x55\xc1\xb4\x0a\xff\x86\x14\x1c"
+                    "\x02\x15\xfe\x2a\x54\xf7\x67\xd3"
+                    "\xf3\x87\x43\xd8");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\xa8\xb4\xb9\x17\x4b\x99\xff\xc6"
+                    "\x7d\x6f\x49\xbe\x99\x81\x58\x7b"
+                    "\x96\x44\x10\x51\xe1\x6e\x6d\xd0"
+                    "\x36\xb1\x40\xd3");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\xae\x98\x8f\xaa\xa4\x7e\x40\x1a"
+                    "\x45\xf7\x04\xd1\x27\x2d\x99\x70"
+                    "\x24\x58\xfe\xa2\xdd\xc6\x58\x28"
+                    "\x27\x55\x6d\xd2");
+
+    DIGEST_KATS_TEST(Sha512_224, SHA512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+int test_wc_Sha512_224_other(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_OTHER_TEST(wc_Sha512, Sha512_224, SHA512_224,
+                      "\xbe\xbb\x85\xa0\x14\x9f\xd7\xae"
+                      "\xc4\xbe\xa4\x8f\xa3\xeb\xac\xc0"
+                      "\x88\x02\x6b\xa0\xe8\x22\x5c\xb3"
+                      "\x12\x11\xa0\x48");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+int test_wc_Sha512_224Copy(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_COPY_TEST(wc_Sha512, Sha512_224, SHA512_224,
+                     "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e"
+                     "\x25\xde\x06\x0c\x19\xd3\xac\x86"
+                     "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c"
+                     "\x33\x3b\x84\xf4",
+                     "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+                     "\xda\xae\x75\x30\x46\x08\x42\xe2"
+                     "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+                     "\x3e\x89\x24\xaa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_224GetHash(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_GET_HASH_TEST(wc_Sha512, Sha512_224, SHA512_224,
+                         "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e"
+                         "\x25\xde\x06\x0c\x19\xd3\xac\x86"
+                         "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c"
+                         "\x33\x3b\x84\xf4",
+                         "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+                         "\xda\xae\x75\x30\x46\x08\x42\xe2"
+                         "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+                         "\x3e\x89\x24\xaa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_224Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512_224, SHA512_224,
+                                    "\x61\x62\x63\x80\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x18",
+                                    "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+                                    "\xda\xae\x75\x30\x46\x08\x42\xe2"
+                                    "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+                                    "\x3e\x89\x24\xaa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_224_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
+    defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha512, Sha512_224);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-512-256
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha512_256()
+ */
+int test_wc_InitSha512_256(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha512_256 */
+
+/*
+ *  Tesing wc_Sha512_256Update()
+ */
+int test_wc_Sha512_256Update(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_UPDATE_TEST(wc_Sha512, Sha512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Update() */
+
+/*
+ * Unit test on wc_Sha512_256Final
+ */
+int test_wc_Sha512_256Final(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_FINAL_TEST(wc_Sha512, Sha512_256, SHA512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+/*
+ * Unit test on wc_Sha512_256FinalRaw
+ */
+int test_wc_Sha512_256FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
+    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 3))) && !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512_256, SHA512_256,
+                          "\x22\x31\x21\x94\xfc\x2b\xf7\x2c"
+                          "\x9f\x55\x5f\xa3\xc8\x4c\x64\xc2"
+                          "\x23\x93\xb8\x6b\x6f\x53\xb1\x51"
+                          "\x96\x38\x77\x19\x59\x40\xea\xbd");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+#define SHA512_256_KAT_CNT     7
+int test_wc_Sha512_256_KATs(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512_256);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\xc6\x72\xb8\xd1\xef\x56\xed\x28"
+                    "\xab\x87\xc3\x62\x2c\x51\x14\x06"
+                    "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74"
+                    "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a");
+    DIGEST_KATS_ADD("a", 1,
+                    "\x45\x5e\x51\x88\x24\xbc\x06\x01"
+                    "\xf9\xfb\x85\x8f\xf5\xc3\x7d\x41"
+                    "\x7d\x67\xc2\xf8\xe0\xdf\x2b\xab"
+                    "\xe4\x80\x88\x58\xae\xa8\x30\xf8");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+                    "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+                    "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+                    "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\x0c\xf4\x71\xfd\x17\xed\x69\xd9"
+                    "\x90\xda\xf3\x43\x3c\x89\xb1\x6d"
+                    "\x63\xde\xc1\xbb\x9c\xb4\x2a\x60"
+                    "\x94\x60\x4e\xe5\xd7\xb4\xe9\xfb");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\xfc\x31\x89\x44\x3f\x9c\x26\x8f"
+                    "\x62\x6a\xea\x08\xa7\x56\xab\xe7"
+                    "\xb7\x26\xb0\x5f\x70\x1c\xb0\x82"
+                    "\x22\x31\x2c\xcf\xd6\x71\x0a\x26");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\xcd\xf1\xcc\x0e\xff\xe2\x6e\xcc"
+                    "\x0c\x13\x75\x8f\x7b\x4a\x48\xe0"
+                    "\x00\x61\x5d\xf2\x41\x28\x41\x85"
+                    "\xc3\x9e\xb0\x5d\x35\x5b\xb9\xc8");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\x2c\x9f\xdb\xc0\xc9\x0b\xdd\x87"
+                    "\x61\x2e\xe8\x45\x54\x74\xf9\x04"
+                    "\x48\x50\x24\x1d\xc1\x05\xb1\xe8"
+                    "\xb9\x4b\x8d\xdf\x5f\xac\x91\x48");
+
+    DIGEST_KATS_TEST(Sha512_256, SHA512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+int test_wc_Sha512_256_other(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_OTHER_TEST(wc_Sha512, Sha512_256, SHA512_256,
+                      "\x0c\x80\x73\xf5\xf4\xc8\xc7\x13"
+                      "\x4a\xc4\x8a\xda\x04\xfc\x77\x74"
+                      "\xea\xa0\x85\xa9\x29\xb3\x54\xa4"
+                      "\x08\xef\x2a\x87\x61\x1f\x8c\xb8");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+int test_wc_Sha512_256Copy(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_COPY_TEST(wc_Sha512, Sha512_256, SHA512_256,
+                     "\xc6\x72\xb8\xd1\xef\x56\xed\x28"
+                     "\xab\x87\xc3\x62\x2c\x51\x14\x06"
+                     "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74"
+                     "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a",
+                     "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+                     "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+                     "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+                     "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_256GetHash(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_GET_HASH_TEST(wc_Sha512, Sha512_256, SHA512_256,
+                         "\xc6\x72\xb8\xd1\xef\x56\xed\x28"
+                         "\xab\x87\xc3\x62\x2c\x51\x14\x06"
+                         "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74"
+                         "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a",
+                         "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+                         "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+                         "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+                         "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_256Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512_256, SHA512_256,
+                                    "\x61\x62\x63\x80\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                    "\x00\x00\x00\x00\x00\x00\x00\x18",
+                                    "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+                                    "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+                                    "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+                                    "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_256_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
+    defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha512, Sha512_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-384
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha384()
+ */
+int test_wc_InitSha384(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha384, Sha384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha384 */
+
+/*
+ *  Tesing wc_Sha384Update()
+ */
+int test_wc_Sha384Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_UPDATE_TEST(wc_Sha384, Sha384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Update() */
+
+/*
+ * Unit test on wc_Sha384Final
+ */
+int test_wc_Sha384Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_FINAL_TEST(wc_Sha384, Sha384, SHA384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Final */
+
+/*
+ * Unit test on wc_Sha384FinalRaw
+ */
+int test_wc_Sha384FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha384, Sha384, SHA384,
+                          "\xcb\xbb\x9d\x5d\xc1\x05\x9e\xd8"
+                          "\x62\x9a\x29\x2a\x36\x7c\xd5\x07"
+                          "\x91\x59\x01\x5a\x30\x70\xdd\x17"
+                          "\x15\x2f\xec\xd8\xf7\x0e\x59\x39"
+                          "\x67\x33\x26\x67\xff\xc0\x0b\x31"
+                          "\x8e\xb4\x4a\x87\x68\x58\x15\x11");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384 */
+
+#define SHA384_KAT_CNT     7
+int test_wc_Sha384_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_KATS_TEST_VARS(wc_Sha384, SHA384);
+
+    DIGEST_KATS_ADD("", 0,
+                    "\x38\xb0\x60\xa7\x51\xac\x96\x38"
+                    "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
+                    "\x21\xfd\xb7\x11\x14\xbe\x07\x43"
+                    "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
+                    "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
+                    "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b");
+    DIGEST_KATS_ADD("a", 1,
+                    "\x54\xa5\x9b\x9f\x22\xb0\xb8\x08"
+                    "\x80\xd8\x42\x7e\x54\x8b\x7c\x23"
+                    "\xab\xd8\x73\x48\x6e\x1f\x03\x5d"
+                    "\xce\x9c\xd6\x97\xe8\x51\x75\x03"
+                    "\x3c\xaa\x88\xe6\xd5\x7b\xc3\x5e"
+                    "\xfa\xe0\xb5\xaf\xd3\x14\x5f\x31");
+    DIGEST_KATS_ADD("abc", 3,
+                    "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
+                    "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+                    "\x27\x2c\x32\xab\x0e\xde\xd1\x63"
+                    "\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+                    "\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
+                    "\x58\xba\xec\xa1\x34\xc8\x25\xa7");
+    DIGEST_KATS_ADD("message digest", 14,
+                    "\x47\x3e\xd3\x51\x67\xec\x1f\x5d"
+                    "\x8e\x55\x03\x68\xa3\xdb\x39\xbe"
+                    "\x54\x63\x9f\x82\x88\x68\xe9\x45"
+                    "\x4c\x23\x9f\xc8\xb5\x2e\x3c\x61"
+                    "\xdb\xd0\xd8\xb4\xde\x13\x90\xc2"
+                    "\x56\xdc\xbb\x5d\x5f\xd9\x9c\xd5");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+                    "\xfe\xb6\x73\x49\xdf\x3d\xb6\xf5"
+                    "\x92\x48\x15\xd6\xc3\xdc\x13\x3f"
+                    "\x09\x18\x09\x21\x37\x31\xfe\x5c"
+                    "\x7b\x5f\x49\x99\xe4\x63\x47\x9f"
+                    "\xf2\x87\x7f\x5f\x29\x36\xfa\x63"
+                    "\xbb\x43\x78\x4b\x12\xf3\xeb\xb4");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+                    "\x17\x61\x33\x6e\x3f\x7c\xbf\xe5"
+                    "\x1d\xeb\x13\x7f\x02\x6f\x89\xe0"
+                    "\x1a\x44\x8e\x3b\x1f\xaf\xa6\x40"
+                    "\x39\xc1\x46\x4e\xe8\x73\x2f\x11"
+                    "\xa5\x34\x1a\x6f\x41\xe0\xc2\x02"
+                    "\x29\x47\x36\xed\x64\xdb\x1a\x84");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+                    "\xb1\x29\x32\xb0\x62\x7d\x1c\x06"
+                    "\x09\x42\xf5\x44\x77\x64\x15\x56"
+                    "\x55\xbd\x4d\xa0\xc9\xaf\xa6\xdd"
+                    "\x9b\x9e\xf5\x31\x29\xaf\x1b\x8f"
+                    "\xb0\x19\x59\x96\xd2\xde\x9c\xa0"
+                    "\xdf\x9d\x82\x1f\xfe\xe6\x70\x26");
+
+    DIGEST_KATS_TEST(Sha384, SHA384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Final */
+
+int test_wc_Sha384_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_OTHER_TEST(wc_Sha384, Sha384, SHA384,
+                      "\xbe\x28\x56\x36\xd3\xae\x1c\x63"
+                      "\x94\x7a\xc0\x7f\xb1\x71\x5c\x19"
+                      "\x45\xfd\x81\x7b\x46\xfb\x03\xc2"
+                      "\x46\x2c\x80\x8d\xd2\xc0\x16\x91"
+                      "\x23\x51\x6b\xa5\x0d\x71\x6f\x8b"
+                      "\x2f\x52\x74\x86\x0d\x05\xa5\x95");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Final */
+
+int test_wc_Sha384Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_COPY_TEST(wc_Sha384, Sha384, SHA384,
+                     "\x38\xb0\x60\xa7\x51\xac\x96\x38"
+                     "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
+                     "\x21\xfd\xb7\x11\x14\xbe\x07\x43"
+                     "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
+                     "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
+                     "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
+                     "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
+                     "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+                     "\x27\x2c\x32\xab\x0e\xde\xd1\x63"
+                     "\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+                     "\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
+                     "\x58\xba\xec\xa1\x34\xc8\x25\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha384GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_GET_HASH_TEST(wc_Sha384, Sha384, SHA384,
+                         "\x38\xb0\x60\xa7\x51\xac\x96\x38"
+                         "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
+                         "\x21\xfd\xb7\x11\x14\xbe\x07\x43"
+                         "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
+                         "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
+                         "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
+                         "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
+                         "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+                         "\x27\x2c\x32\xab\x0e\xde\xd1\x63"
+                         "\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+                         "\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
+                         "\x58\xba\xec\xa1\x34\xc8\x25\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha384_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha384, Sha384);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha512.h b/tests/api/test_sha512.h
new file mode 100644
index 000000000..e7b8ac9ab
--- /dev/null
+++ b/tests/api/test_sha512.h
@@ -0,0 +1,68 @@
+/* test_sha512.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA512_H
+#define WOLFCRYPT_TEST_SHA512_H
+
+int test_wc_InitSha512(void);
+int test_wc_Sha512Update(void);
+int test_wc_Sha512Final(void);
+int test_wc_Sha512FinalRaw(void);
+int test_wc_Sha512_KATs(void);
+int test_wc_Sha512_other(void);
+int test_wc_Sha512Copy(void);
+int test_wc_Sha512GetHash(void);
+int test_wc_Sha512Transform(void);
+int test_wc_Sha512_Flags(void);
+
+int test_wc_InitSha512_224(void);
+int test_wc_Sha512_224Update(void);
+int test_wc_Sha512_224Final(void);
+int test_wc_Sha512_224FinalRaw(void);
+int test_wc_Sha512_224_KATs(void);
+int test_wc_Sha512_224_other(void);
+int test_wc_Sha512_224Copy(void);
+int test_wc_Sha512_224GetHash(void);
+int test_wc_Sha512_224Transform(void);
+int test_wc_Sha512_224_Flags(void);
+
+int test_wc_InitSha512_256(void);
+int test_wc_Sha512_256Update(void);
+int test_wc_Sha512_256Final(void);
+int test_wc_Sha512_256FinalRaw(void);
+int test_wc_Sha512_256_KATs(void);
+int test_wc_Sha512_256_other(void);
+int test_wc_Sha512_256Copy(void);
+int test_wc_Sha512_256GetHash(void);
+int test_wc_Sha512_256Transform(void);
+int test_wc_Sha512_256_Flags(void);
+
+int test_wc_InitSha384(void);
+int test_wc_Sha384Update(void);
+int test_wc_Sha384Final(void);
+int test_wc_Sha384FinalRaw(void);
+int test_wc_Sha384_KATs(void);
+int test_wc_Sha384_other(void);
+int test_wc_Sha384Copy(void);
+int test_wc_Sha384GetHash(void);
+int test_wc_Sha384_Flags(void);
+
+#endif /* WOLFCRYPT_TEST_SHA512_H */
diff --git a/tests/api/test_sm3.c b/tests/api/test_sm3.c
new file mode 100644
index 000000000..0c90548ed
--- /dev/null
+++ b/tests/api/test_sm3.c
@@ -0,0 +1,447 @@
+/* test_sm3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sm3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sm3.h>
+#include <tests/api/test_digest.h>
+
+
+int test_wc_InitSm3(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitSm3(NULL, HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+    wc_Sm3Free(&sm3);
+
+    wc_Sm3Free(NULL);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Pass in bad values. */
+    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"a", 1), 0);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Sm3Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Final(&sm3, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SM3) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE];
+    const char* expHash =
+        "\x73\x80\x16\x6f\x49\x14\xb2\xb9"
+        "\x17\x24\x42\xd7\xda\x8a\x06\x00"
+        "\xa9\x6f\x30\xbc\x16\x31\x38\xaa"
+        "\xe3\x8d\xee\x4d\xb0\xfb\x0e\x4e";
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, hash), 0);
+    ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SM3_KAT_CNT     7
+int test_wc_Sm3_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+
+    testVector sm3_kat[SM3_KAT_CNT];
+    byte hash[WC_SM3_DIGEST_SIZE];
+    int i = 0;
+
+    sm3_kat[i].input = "";
+    sm3_kat[i].inLen = 0;
+    sm3_kat[i].output =
+        "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+        "\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+        "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+        "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "a";
+    sm3_kat[i].inLen = 1;
+    sm3_kat[i].output =
+        "\x62\x34\x76\xac\x18\xf6\x5a\x29"
+        "\x09\xe4\x3c\x7f\xec\x61\xb4\x9c"
+        "\x7e\x76\x4a\x91\xa1\x8c\xcb\x82"
+        "\xf1\x91\x7a\x29\xc8\x6c\x5e\x88";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "abc";
+    sm3_kat[i].inLen = 3;
+    sm3_kat[i].output =
+        "\x66\xc7\xf0\xf4\x62\xee\xed\xd9"
+        "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+        "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2"
+        "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "message digest";
+    sm3_kat[i].inLen = 14;
+    sm3_kat[i].output =
+        "\xc5\x22\xa9\x42\xe8\x9b\xd8\x0d"
+        "\x97\xdd\x66\x6e\x7a\x55\x31\xb3"
+        "\x61\x88\xc9\x81\x71\x49\xe9\xb2"
+        "\x58\xdf\xe5\x1e\xce\x98\xed\x77";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    sm3_kat[i].inLen = 26;
+    sm3_kat[i].output =
+        "\xb8\x0f\xe9\x7a\x4d\xa2\x4a\xfc"
+        "\x27\x75\x64\xf6\x6a\x35\x9e\xf4"
+        "\x40\x46\x2a\xd2\x8d\xcc\x6d\x63"
+        "\xad\xb2\x4d\x5c\x20\xa6\x15\x95";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    sm3_kat[i].inLen = 62;
+    sm3_kat[i].output =
+        "\x29\x71\xd1\x0c\x88\x42\xb7\x0c"
+        "\x97\x9e\x55\x06\x34\x80\xc5\x0b"
+        "\xac\xff\xd9\x0e\x98\xe2\xe6\x0d"
+        "\x25\x12\xab\x8a\xbf\xdf\xce\xc5";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    sm3_kat[i].inLen = 80;
+    sm3_kat[i].output =
+        "\xad\x81\x80\x53\x21\xf3\xe6\x9d"
+        "\x25\x12\x35\xbf\x88\x6a\x56\x48"
+        "\x44\x87\x3b\x56\xdd\x7d\xde\x40"
+        "\x0f\x05\x5b\x7d\xde\x39\x30\x7a";
+    sm3_kat[i].outLen = 0;
+
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    for (i = 0; i < SM3_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)sm3_kat[i].input,
+            (word32)sm3_kat[i].inLen), 0);
+        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+        ExpectBufEQ(hash, (byte*)sm3_kat[i].output, WC_SM3_DIGEST_SIZE);
+    }
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE + 1];
+    byte data[WC_SM3_DIGEST_SIZE * 8 + 1];
+    int dataLen = WC_SM3_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\x76\x6e\x30\x64\x3f\x02\x26\x7f"
+        "\xb1\x94\x26\xd4\x41\xd1\xed\x87"
+        "\x40\x5a\x58\xa5\xaa\x65\xd6\x61"
+        "\xe9\x95\xcc\x5d\xdd\xe8\x49\x34";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_Sm3Update(&sm3, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_Sm3Final(&sm3, hash + 1), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_SM3_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_Sm3Update(&sm3, data, dataLen), 0);
+    ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+    ExpectBufEQ(hash, (byte*)expHash, WC_SM3_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_Sm3Update(&sm3, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+        ExpectBufEQ(hash, (byte*)expHash, WC_SM3_DIGEST_SIZE);
+    }
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 src;
+    wc_Sm3 dst;
+    byte hashSrc[WC_SM3_DIGEST_SIZE];
+    byte hashDst[WC_SM3_DIGEST_SIZE];
+    const char* emptyHash =
+        "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+        "\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+        "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+        "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b";
+    const char* abcHash =
+        "\x66\xc7\xf0\xf4\x62\xee\xed\xd9"
+        "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+        "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2"
+        "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+    byte data[WC_SM3_BLOCK_SIZE];
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    ExpectIntEQ(wc_InitSm3(&src, HEAP_HINT, INVALID_DEVID), 0);
+    XMEMSET(&dst, 0, sizeof(dst));
+
+    ExpectIntEQ(wc_Sm3Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test copy works. */
+    ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0);
+    ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0);
+    ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0);
+    ExpectBufEQ(hashSrc, emptyHash, WC_SM3_DIGEST_SIZE);
+    ExpectBufEQ(hashDst, emptyHash, WC_SM3_DIGEST_SIZE);
+    wc_Sm3Free(&dst);
+
+    /* Test buffered data is copied. */
+    ExpectIntEQ(wc_Sm3Update(&src, (byte*)"abc", 3), 0);
+    ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0);
+    ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0);
+    ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0);
+    ExpectBufEQ(hashSrc, abcHash, WC_SM3_DIGEST_SIZE);
+    ExpectBufEQ(hashDst, abcHash, WC_SM3_DIGEST_SIZE);
+    wc_Sm3Free(&dst);
+
+    /* Test count of length is copied. */
+    ExpectIntEQ(wc_Sm3Update(&src, data, sizeof(data)), 0);
+    ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0);
+    ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0);
+    ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0);
+    ExpectBufEQ(hashSrc, hashDst, WC_SM3_DIGEST_SIZE);
+    wc_Sm3Free(&dst);
+
+    wc_Sm3Free(&src);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE];
+    const char* emptyHash =
+        "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+        "\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+        "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+        "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b";
+    const char* abcHash =
+        "\x66\xc7\xf0\xf4\x62\xee\xed\xd9"
+        "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+        "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2"
+        "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_Sm3GetHash(NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3GetHash(NULL, hash),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
+    ExpectBufEQ(hash, emptyHash, WC_SM3_DIGEST_SIZE);
+    /* Test that the hash state hasn't been modified. */
+    ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"abc", 3), 0);
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
+    ExpectBufEQ(hash, abcHash, WC_SM3_DIGEST_SIZE);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wc_Sm3_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
+    wc_Sm3 sm3;
+    wc_Sm3 sm3_copy;
+    word32 flags;
+
+    XMEMSET(&sm3_copy, 0, sizeof(sm3_copy));
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Do nothing. */
+    ExpectIntEQ(wc_Sm3GetFlags(NULL, NULL), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, NULL), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
+    ExpectIntEQ(wc_Sm3SetFlags(NULL, 1), 0);
+
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
+    ExpectIntEQ(flags, 0);
+
+    ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3_copy), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
+    ExpectIntEQ(flags, 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3_copy, &flags), 0);
+    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY);
+
+    ExpectIntEQ(wc_Sm3SetFlags(&sm3, WC_HASH_FLAG_WILLCOPY), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
+    ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);
+    ExpectIntEQ(wc_Sm3SetFlags(&sm3, 0), 0);
+
+    wc_Sm3Free(&sm3_copy);
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*
+ *  Testing wc_Sm3Hash()
+ */
+int test_wc_Sm3Hash(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
+    byte data[WC_SM3_BLOCK_SIZE];
+    byte hash[WC_SM3_DIGEST_SIZE];
+
+    /* Invalid parameters. */
+    ExpectIntEQ(wc_Sm3Hash(NULL, sizeof(data), hash),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid parameters. */
+    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), hash), 0);
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_Sm3Hash */
+
diff --git a/tests/api/test_sm3.h b/tests/api/test_sm3.h
new file mode 100644
index 000000000..f50fb8d23
--- /dev/null
+++ b/tests/api/test_sm3.h
@@ -0,0 +1,36 @@
+/* test_sm3.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SM3_H
+#define WOLFCRYPT_TEST_SM3_H
+
+int test_wc_InitSm3(void);
+int test_wc_Sm3Update(void);
+int test_wc_Sm3Final(void);
+int test_wc_Sm3FinalRaw(void);
+int test_wc_Sm3_KATs(void);
+int test_wc_Sm3_other(void);
+int test_wc_Sm3Copy(void);
+int test_wc_Sm3GetHash(void);
+int test_wc_Sm3_Flags(void);
+int test_wc_Sm3Hash(void);
+
+#endif /* WOLFCRYPT_TEST_SM3_H */
diff --git a/tests/api/test_sm4.c b/tests/api/test_sm4.c
new file mode 100644
index 000000000..3d8a30400
--- /dev/null
+++ b/tests/api/test_sm4.c
@@ -0,0 +1,795 @@
+/* test_sm4.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sm4.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sm4.h>
+
+/*
+ * Testing streaming SM4 API.
+ */
+int test_wc_Sm4(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
+    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
+    unsigned char key[SM4_KEY_SIZE];
+#endif
+#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
+    unsigned char iv[SM4_IV_SIZE];
+#endif
+
+    /* Invalid parameters - wc_Sm4Init */
+    ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4Init */
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+
+#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
+    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
+    XMEMSET(key, 0, sizeof(key));
+
+    /* Invalid parameters - wc_Sm4SetKey. */
+    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4SetKey. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+#endif
+
+#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
+    XMEMSET(iv, 0, sizeof(iv));
+
+    /* Invalid parameters - wc_Sm4SetIV. */
+    ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4SetIV. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+#endif
+
+    /* Valid cases - wc_Sm4Free */
+    wc_Sm4Free(NULL);
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4 */
+
+/*
+ * Testing block based SM4-ECB API.
+ */
+int test_wc_Sm4Ecb(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_ECB
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE];
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(in, 0, sizeof(in));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+
+    /* Invalid parameters - wc_Sm4EcbEncrypt. */
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4EcbEncrypt. */
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Invalid parameters - wc_Sm4EcbDecrypt. */
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4EcbDecrypt. */
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Ecb */
+
+/*
+ * Testing block based SM4-CBC API.
+ */
+int test_wc_Sm4Cbc(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_CBC
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char iv[SM4_IV_SIZE];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE];
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+    XMEMSET(in, 0, sizeof(in));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+
+    /* Invalid parameters - wc_Sm4CbcEncrypt. */
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4CbcEncrypt. */
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Invalid parameters - wc_Sm4CbcDecrypt. */
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    /* Valid cases - wc_Sm4CbcDecrypt. */
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Cbc */
+
+/*
+ * Testing streaming SM4-CTR API.
+ */
+int test_wc_Sm4Ctr(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_CTR
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char iv[SM4_IV_SIZE];
+    unsigned char in[SM4_BLOCK_SIZE * 4];
+    unsigned char out[SM4_BLOCK_SIZE * 4];
+    unsigned char out2[SM4_BLOCK_SIZE * 4];
+    word32 chunk;
+    word32 i;
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+    XMEMSET(in, 0, sizeof(in));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+
+    /* Invalid parameters - wc_Sm4CtrEncrypt. */
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4CtrEncrypt. */
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, 1), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(out2, out, 2), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. Also check encrypt of cipher text produces
+     *   plaintext.
+     */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Chunking tests. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0);
+    for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
+        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+        for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) {
+             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0);
+        }
+        if (i < (word32)sizeof(in)) {
+             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i,
+                 (word32)sizeof(in) - i), 0);
+        }
+        ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0);
+    }
+
+    for (i = 0; i < (word32)sizeof(iv); i++) {
+        iv[i] = 0xff;
+        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0);
+        ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0);
+    }
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Ctr */
+
+/*
+ * Testing stream SM4-GCM API.
+ */
+int test_wc_Sm4Gcm(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_GCM
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char nonce[GCM_NONCE_MAX_SZ];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char in2[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE * 2];
+    unsigned char dec[SM4_BLOCK_SIZE * 2];
+    unsigned char tag[SM4_BLOCK_SIZE];
+    unsigned char aad[SM4_BLOCK_SIZE * 2];
+    word32 i;
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(nonce, 0, sizeof(nonce));
+    XMEMSET(in, 0, sizeof(in));
+    XMEMSET(in2, 0, sizeof(in2));
+    XMEMSET(aad, 0, sizeof(aad));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+
+    /* Invalid parameters - wc_Sm4GcmSetKey. */
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid parameters - wc_Sm4GcmSetKey. */
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0);
+
+    /* Invalid parameters - wc_Sm4GcmEncrypt. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Invalid parameters - wc_Sm4GcmDecrypt. */
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(SM4_GCM_AUTH_E));
+
+    /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
+    for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) {
+        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
+    }
+
+    /* Check different in/out sizes. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
+        XMEMCPY(out2, out, i - 1);
+        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
+        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
+    }
+
+    /* Force the counter to roll over in first byte. */
+    {
+        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
+        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
+
+        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
+            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
+            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
+    }
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Gcm */
+
+/*
+ * Testing stream SM4-CCM API.
+ */
+int test_wc_Sm4Ccm(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_CCM
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char nonce[CCM_NONCE_MAX_SZ];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char in2[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE * 2];
+    unsigned char dec[SM4_BLOCK_SIZE * 2];
+    unsigned char tag[SM4_BLOCK_SIZE];
+    unsigned char aad[SM4_BLOCK_SIZE * 2];
+    word32 i;
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(nonce, 0, sizeof(nonce));
+    XMEMSET(in, 0, sizeof(in));
+    XMEMSET(in2, 0, sizeof(in2));
+    XMEMSET(aad, 0, sizeof(aad));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+
+    /* Invalid parameters - wc_Sm4CcmEncrypt. */
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Invalid parameters - wc_Sm4CcmDecrypt. */
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
+    for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    }
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(SM4_CCM_AUTH_E));
+
+    /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
+    for (i = 0; i < 4; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+    /*   Odd values in range 4..SM4_BLOCK_SIZE. */
+    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+    /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt.
+     * Even values in range 4..SM4_BLOCK_SIZE.
+     */
+    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
+    }
+
+    /* Check different in/out sizes. */
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
+        XMEMCPY(out2, out, i - 1);
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
+    }
+
+    /* Force the counter to roll over in first byte. */
+    {
+        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
+        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
+
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
+            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
+            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
+    }
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Ccm */
+
diff --git a/tests/api/test_sm4.h b/tests/api/test_sm4.h
new file mode 100644
index 000000000..be60a466d
--- /dev/null
+++ b/tests/api/test_sm4.h
@@ -0,0 +1,32 @@
+/* test_sm4.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SM4_H
+#define WOLFCRYPT_TEST_SM4_H
+
+int test_wc_Sm4(void);
+int test_wc_Sm4Ecb(void);
+int test_wc_Sm4Cbc(void);
+int test_wc_Sm4Ctr(void);
+int test_wc_Sm4Gcm(void);
+int test_wc_Sm4Ccm(void);
+
+#endif /* WOLFCRYPT_TEST_SM4_H */
diff --git a/tests/api/test_wc_encrypt.c b/tests/api/test_wc_encrypt.c
new file mode 100644
index 000000000..1200e9361
--- /dev/null
+++ b/tests/api/test_wc_encrypt.c
@@ -0,0 +1,99 @@
+/* test_wc_encrypt.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/unit.h>
+#include <tests/api/api.h>
+#include <tests/api/test_wc_encrypt.h>
+
+/*
+ *  Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
+ */
+int test_wc_Des3_CbcEncryptDecryptWithKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    word32 vectorSz, cipherSz;
+    byte cipher[24];
+    byte plain[24];
+    byte vector[] = { /* Now is the time for all w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+
+    vectorSz = sizeof(byte) * 24;
+    cipherSz = sizeof(byte) * 24;
+
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv),
+        0);
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0);
+    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
+
+    /* pass in bad args. */
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL),
+        0);
+
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL),
+        0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
+
diff --git a/tests/api/test_wc_encrypt.h b/tests/api/test_wc_encrypt.h
new file mode 100644
index 000000000..c6cf25e8f
--- /dev/null
+++ b/tests/api/test_wc_encrypt.h
@@ -0,0 +1,27 @@
+/* test_wc_encrypt.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_WC_ENCRYPT_H
+#define WOLFCRYPT_TEST_WC_ENCRYPT_H
+
+int test_wc_Des3_CbcEncryptDecryptWithKey(void);
+
+#endif /* WOLFCRYPT_TEST_WC_ENCRYPT_H */
diff --git a/tests/hash.c b/tests/hash.c
index a2ecf58b5..2abe2df69 100644
--- a/tests/hash.c
+++ b/tests/hash.c
@@ -1,6 +1,6 @@
 /* hash.c has unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,11 +20,7 @@
  */
 
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <tests/unit.h>
 
 #include <stdio.h>
 
@@ -36,8 +32,6 @@
 #include <wolfssl/wolfcrypt/ripemd.h>
 #include <wolfssl/wolfcrypt/hmac.h>
 
-#include <tests/unit.h>
-
 typedef struct testVector {
     const char*  input;
     const char*  output;
diff --git a/tests/include.am b/tests/include.am
index 5ed4fe40d..cd629eed2 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -8,6 +8,8 @@ noinst_PROGRAMS += tests/unit.test
 tests_unit_test_SOURCES = \
                   tests/unit.c \
                   tests/api.c \
+                  tests/utils.c \
+                  testsuite/utils.c \
                   tests/suites.c \
                   tests/hash.c \
                   tests/w64wrapper.c \
@@ -18,6 +20,7 @@ tests_unit_test_SOURCES = \
 tests_unit_test_CFLAGS       = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE)
 tests_unit_test_LDADD        = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB)
 tests_unit_test_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la
+include tests/api/include.am
 endif
 EXTRA_DIST += tests/unit.h \
               tests/test.conf \
@@ -27,11 +30,11 @@ EXTRA_DIST += tests/unit.h \
               tests/test-tls13-ecc.conf \
               tests/test-tls13-psk.conf \
               tests/test-tls13-pq.conf \
-              tests/test-tls13-pq-2.conf \
+              tests/test-tls13-pq-hybrid.conf \
               tests/test-dtls13-pq.conf \
               tests/test-dtls13-pq-frag.conf \
-              tests/test-dtls13-pq-2.conf \
-              tests/test-dtls13-pq-2-frag.conf \
+              tests/test-dtls13-pq-hybrid.conf \
+              tests/test-dtls13-pq-hybrid-frag.conf \
               tests/test-psk.conf \
               tests/test-psk-no-id.conf \
               tests/test-psk-no-id-sha2.conf \
diff --git a/tests/quic.c b/tests/quic.c
index a04434399..7f49f39f3 100644
--- a/tests/quic.c
+++ b/tests/quic.c
@@ -1,6 +1,6 @@
 /* quic.c QUIC unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
-
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
 #include <tests/unit.h>
@@ -41,6 +42,11 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/internal.h>
 
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    #define DEFAULT_TLS_DIGEST_SZ WC_SHA384_DIGEST_SIZE
+#else
+    #define DEFAULT_TLS_DIGEST_SZ WC_SHA256_DIGEST_SIZE
+#endif
 
 #define testingFmt "   %s:"
 #define resultFmt  " %s\n"
@@ -63,6 +69,16 @@ static int dummy_set_encryption_secrets(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL l
     return 1;
 }
 
+static int dummy_set_encryption_secrets_fail(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                                         const uint8_t *read_secret,
+                                         const uint8_t *write_secret, size_t secret_len)
+{
+    (void)ssl;
+    printf("QUIC_set_encryption_secrets(level=%d, length=%d, rx=%s, tx=%s)\n",
+           level, (int)secret_len, read_secret? "yes" : "no", write_secret? "yes" : "no");
+    return 0;
+}
+
 static int dummy_add_handshake_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
                                     const uint8_t *data, size_t len)
 {
@@ -268,6 +284,8 @@ static int test_provide_quic_data(void) {
     size_t len;
     int ret = 0;
 
+    XMEMSET(lbuffer, 0, sizeof(lbuffer));
+
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
     AssertTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
     /* provide_quic_data() feeds CRYPTO packets inside a QUIC Frame into
@@ -281,7 +299,10 @@ static int test_provide_quic_data(void) {
      */
     AssertNotNull(ssl = wolfSSL_new(ctx));
     len = fake_record(1, 100, lbuffer);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 0));
+    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, 1, 0));
+    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer+1, 3, 0));
+    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer+4, len, 0)
+            );
     len = fake_record(2, 1523, lbuffer);
     AssertTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0));
     len = fake_record(2, 1, lbuffer);
@@ -435,6 +456,13 @@ static WOLFSSL_QUIC_METHOD ctx_method = {
     ctx_send_alert,
 };
 
+static WOLFSSL_QUIC_METHOD ctx_method_fail = {
+    dummy_set_encryption_secrets_fail,
+    ctx_add_handshake_data,
+    ctx_flush_flight,
+    ctx_send_alert,
+};
+
 static void QuicTestContext_init(QuicTestContext *tctx, WOLFSSL_CTX *ctx,
                                  const char *name, int verbose)
 {
@@ -461,6 +489,36 @@ static void QuicTestContext_init(QuicTestContext *tctx, WOLFSSL_CTX *ctx,
         wolfSSL_set_quic_transport_version(tctx->ssl, 0);
         wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_c, sizeof(tp_params_c));
     }
+    (void)ctx_method;
+}
+
+static void QuicTestContext_init_fail_cb(QuicTestContext *tctx, WOLFSSL_CTX *ctx,
+                                 const char *name, int verbose)
+{
+    static const byte tp_params_c[] = {0, 1, 2, 3, 4, 5, 6, 7};
+    static const byte tp_params_s[] = {7, 6, 5, 4, 3, 2, 1, 0, 1};
+
+    AssertNotNull(tctx);
+    memset(tctx, 0, sizeof(*tctx));
+    tctx->name = name;
+    AssertNotNull((tctx->ssl = wolfSSL_new(ctx)));
+    tctx->verbose = verbose;
+    wolfSSL_set_app_data(tctx->ssl, tctx);
+    AssertTrue(wolfSSL_set_quic_method(tctx->ssl, &ctx_method_fail) == WOLFSSL_SUCCESS);
+    wolfSSL_set_verify(tctx->ssl, SSL_VERIFY_NONE, 0);
+#ifdef HAVE_SESSION_TICKET
+    wolfSSL_UseSessionTicket(tctx->ssl);
+    wolfSSL_set_SessionTicket_cb(tctx->ssl, ctx_session_ticket_cb, NULL);
+#endif
+    if (wolfSSL_is_server(tctx->ssl)) {
+        wolfSSL_set_quic_transport_version(tctx->ssl, 0);
+        wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_s, sizeof(tp_params_s));
+    }
+    else {
+        wolfSSL_set_quic_transport_version(tctx->ssl, 0);
+        wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_c, sizeof(tp_params_c));
+    }
+    (void)ctx_method;
 }
 
 static void QuicTestContext_free(QuicTestContext *tctx)
@@ -548,7 +606,7 @@ static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t
     if (ctx->verbose) {
         printf("[%s] send_alert: level=%d, err=%d\n", ctx->name, level, err);
     }
-    ctx->alert_level = level;
+    ctx->alert_level = (int)level;
     ctx->alert = alert;
     return 1;
 }
@@ -569,10 +627,10 @@ static int ctx_session_ticket_cb(WOLFSSL* ssl,
     }
     memset(ctx->ticket, 0, sizeof(ctx->ticket));
     ctx->ticket_len = (word32)ticketSz;
-    memcpy(ctx->ticket, ticket, ticketSz);
+    memcpy(ctx->ticket, ticket, (size_t)ticketSz);
     if (ctx->verbose) {
         printf("Session Ticket[%s]: ", ctx->name);
-        dump_buffer("", ticket, ticketSz, 4);
+        dump_buffer("", ticket, (size_t)ticketSz, 4);
     }
     return 0;
 }
@@ -848,7 +906,7 @@ static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int i
                 rec_name = "Finished";
                 break;
             default:
-                sprintf(lbuffer, "%d", rec_type);
+                (void)XSNPRINTF(lbuffer, sizeof(lbuffer), "%d", rec_type);
                 rec_name = lbuffer;
                 break;
         }
@@ -931,7 +989,7 @@ static int QuicConversation_start(QuicConversation *conv, const byte *data,
         if (ret < 0) {
             int err = wolfSSL_get_error(conv->client->ssl, ret);
             char lbuffer[1024];
-            printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err, wolfSSL_ERR_error_string(err, lbuffer));
+            printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err, wolfSSL_ERR_error_string((unsigned long)err, lbuffer));
             AssertTrue(0);
         }
         *pwritten = (size_t)written;
@@ -944,7 +1002,7 @@ static int QuicConversation_start(QuicConversation *conv, const byte *data,
     else {
         ret = wolfSSL_connect(conv->client->ssl);
         if (ret != WOLFSSL_SUCCESS) {
-            AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), SSL_ERROR_WANT_READ);
+            AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
         }
         if (pwritten) *pwritten = 0;
     }
@@ -959,9 +1017,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
     if (!conv->started) {
         n = wolfSSL_connect(conv->client->ssl);
         if (n != WOLFSSL_SUCCESS
-            && wolfSSL_get_error(conv->client->ssl, 0) != SSL_ERROR_WANT_READ) {
+            && wolfSSL_get_error(conv->client->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
             if (may_fail) return 0;
-            AssertIntEQ(SSL_ERROR_WANT_READ, wolfSSL_get_error(conv->client->ssl, 0));
+            AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ), wolfSSL_get_error(conv->client->ssl, 0));
         }
         conv->started = 1;
     }
@@ -969,9 +1027,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
         QuicTestContext_forward(conv->server, conv->client, conv->rec_log, sizeof(conv->rec_log));
         n = wolfSSL_quic_read_write(conv->client->ssl);
         if (n != WOLFSSL_SUCCESS
-            && wolfSSL_get_error(conv->client->ssl, 0) != SSL_ERROR_WANT_READ) {
+            && wolfSSL_get_error(conv->client->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
             if (may_fail) return 0;
-            AssertIntEQ(SSL_ERROR_WANT_READ, wolfSSL_get_error(conv->client->ssl, 0));
+            AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ), wolfSSL_get_error(conv->client->ssl, 0));
         }
         return 1;
     }
@@ -985,13 +1043,13 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
                                         (int)(sizeof(conv->early_data) - conv->early_data_len),
                                         &written);
             if (n < 0) {
-                if (wolfSSL_get_error(conv->server->ssl, 0) != SSL_ERROR_WANT_READ) {
+                if (wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
                     if (may_fail) return 0;
-                    AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), SSL_ERROR_WANT_READ);
+                    AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
                 }
             }
             else if (n > 0) {
-                conv->early_data_len += n;
+                conv->early_data_len += (size_t)n;
                 if (conv->verbose)
                     printf("RECVed early data, len now=%d\n", (int)conv->early_data_len);
             }
@@ -1001,9 +1059,9 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
         {
             n = wolfSSL_quic_read_write(conv->server->ssl);
             if (n != WOLFSSL_SUCCESS
-                && wolfSSL_get_error(conv->server->ssl, 0) != SSL_ERROR_WANT_READ) {
+                && wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
                 if (may_fail) return 0;
-                AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), SSL_ERROR_WANT_READ);
+                AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
             }
         }
         return 1;
@@ -1065,7 +1123,7 @@ static int test_quic_client_hello(int verbose) {
     /* Without any QUIC transport params, this needs to fail */
     AssertTrue(wolfSSL_set_quic_transport_params(tctx.ssl, NULL, 0) == WOLFSSL_SUCCESS);
     AssertTrue(wolfSSL_quic_read_write(tctx.ssl) != 0);
-    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), QUIC_TP_MISSING_E);
+    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), WC_NO_ERR_TRACE(QUIC_TP_MISSING_E));
     QuicTestContext_free(&tctx);
 
     /* Set transport params, expect both extensions */
@@ -1075,7 +1133,7 @@ static int test_quic_client_hello(int verbose) {
                    "wolfssl.com", sizeof("wolfssl.com")-1);
 #endif
     AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
-    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), SSL_ERROR_WANT_READ);
+    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
     check_quic_client_hello_tp(&tctx.output, 1, 1);
     QuicTestContext_free(&tctx);
 
@@ -1126,13 +1184,16 @@ static int test_quic_server_hello(int verbose) {
     QuicConversation_step(&conv, 0);
     /* check established/missing secrets */
     check_secrets(&tserver, wolfssl_encryption_initial, 0, 0);
-    check_secrets(&tserver, wolfssl_encryption_handshake, 32, 32);
-    check_secrets(&tserver, wolfssl_encryption_application, 32, 32);
+    check_secrets(&tserver, wolfssl_encryption_handshake,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tserver, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
     check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0);
     /* feed the server data to the client */
     QuicConversation_step(&conv, 0);
     /* client has generated handshake secret */
-    check_secrets(&tclient, wolfssl_encryption_handshake, 32, 32);
+    check_secrets(&tclient, wolfssl_encryption_handshake,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
     /* continue the handshake till done */
     conv.started = 1;
     /* run till end */
@@ -1155,8 +1216,10 @@ static int test_quic_server_hello(int verbose) {
     /* the last client write (FINISHED) was at handshake level */
     AssertTrue(tclient.output.level == wolfssl_encryption_handshake);
     /* we have the app secrets */
-    check_secrets(&tclient, wolfssl_encryption_application, 32, 32);
-    check_secrets(&tserver, wolfssl_encryption_application, 32, 32);
+    check_secrets(&tclient, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tserver, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
     /* verify client and server have the same secrets established */
     assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_handshake);
     assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_application);
@@ -1177,6 +1240,50 @@ static int test_quic_server_hello(int verbose) {
     return ret;
 }
 
+static int test_quic_server_hello_fail(int verbose) {
+    WOLFSSL_CTX *ctx_c, *ctx_s;
+    int ret = 0;
+    QuicTestContext tclient, tserver;
+    QuicConversation conv;
+
+    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
+    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+
+    /* setup ssls */
+    QuicTestContext_init_fail_cb(&tclient, ctx_c, "client", verbose);
+    QuicTestContext_init(&tserver, ctx_s, "server", verbose);
+
+    /* connect */
+    QuicConversation_init(&conv, &tclient, &tserver);
+    QuicConversation_step(&conv, 0);
+    /* check established/missing secrets */
+    check_secrets(&tserver, wolfssl_encryption_initial, 0, 0);
+    check_secrets(&tserver, wolfssl_encryption_handshake,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tserver, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0);
+    /* feed the server data to the client. This is when the cb will fail */
+    QuicConversation_step(&conv, 1);
+    /* confirm failure to generate secrets */
+    {
+        int idx = (int)wolfssl_encryption_handshake;
+        AssertTrue(idx < 4);
+        AssertIntEQ(tclient.rx_secret_len[idx], 0);
+        AssertIntEQ(tclient.tx_secret_len[idx], 0);
+    }
+    QuicTestContext_free(&tclient);
+    QuicTestContext_free(&tserver);
+
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+    printf("    test_quic_server_hello_fail: %s\n", (ret == 0)? passed : failed);
+
+    return ret;
+}
+
 /* This has gotten a bit out of hand. */
 #if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
     (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
@@ -1339,8 +1446,8 @@ static int test_quic_key_share(int verbose) {
                == WOLFSSL_SUCCESS);
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_fail(&conv);
-    AssertIntEQ(wolfSSL_get_error(tserver.ssl, 0), SSL_ERROR_WANT_READ);
-    AssertIntEQ(wolfSSL_get_error(tclient.ssl, 0), BAD_KEY_SHARE_DATA);
+    AssertIntEQ(wolfSSL_get_error(tserver.ssl, 0), WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
+    AssertIntEQ(wolfSSL_get_error(tclient.ssl, 0), WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA));
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
     printf("    test_quic_key_share: no match ok\n");
@@ -1382,10 +1489,10 @@ static int test_quic_resumption(int verbose) {
      * a session works. */
     AssertTrue(tclient.ticket_len > 0);
     AssertNotNull(session = wolfSSL_get1_session(tclient.ssl));
-    AssertTrue((session_size = wolfSSL_i2d_SSL_SESSION(session, NULL)) > 0);
+    AssertTrue((session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, NULL)) > 0);
     AssertTrue((size_t)session_size < sizeof(session_buffer));
     session_data2 = session_data = session_buffer;
-    session_size = wolfSSL_i2d_SSL_SESSION(session, &session_data);
+    session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, &session_data);
     session_restored = wolfSSL_d2i_SSL_SESSION(NULL, &session_data2, session_size);
     AssertNotNull(session_restored);
 
@@ -1550,7 +1657,7 @@ static int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
         return -1;
     }
     data = ctx->session;
-    ctx->session_len = wolfSSL_i2d_SSL_SESSION(session, &data);
+    ctx->session_len = (word32)wolfSSL_i2d_SSL_SESSION(session, &data);
     if (ctx->verbose) {
         printf("[%s]", ctx->name);
         dump_buffer(" new SESSION", ctx->session, ctx->session_len, 4);
@@ -1637,6 +1744,7 @@ int QuicTest(void)
     if ((ret = test_quic_crypt()) != 0) goto leave;
     if ((ret = test_quic_client_hello(verbose)) != 0) goto leave;
     if ((ret = test_quic_server_hello(verbose)) != 0) goto leave;
+    if ((ret = test_quic_server_hello_fail(verbose)) != 0) goto leave;
 #ifdef REALLY_HAVE_ALPN_AND_SNI
     if ((ret = test_quic_alpn(verbose)) != 0) goto leave;
 #endif /* REALLY_HAVE_ALPN_AND_SNI */
diff --git a/tests/srp.c b/tests/srp.c
index a890f3cc1..42c3f59ae 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -1,6 +1,6 @@
 /* srp.c SRP unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,9 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
 #include <tests/unit.h>
@@ -126,11 +129,11 @@ static void test_SrpInit(void)
     Srp srp;
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
                                          SRP_CLIENT_SIDE));
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
                                          (SrpSide)255));
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
@@ -147,8 +150,8 @@ static void test_SrpSetUsername(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(NULL, username, usernameSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(&srp, NULL, usernameSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
@@ -165,7 +168,7 @@ static void test_SrpSetParams(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpSetParams(&srp,
                                                   srp_N,    sizeof(srp_N),
                                                   srp_g,    sizeof(srp_g),
                                                   srp_salt, sizeof(srp_salt)));
@@ -174,19 +177,19 @@ static void test_SrpSetParams(void)
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(NULL,
                                               srp_N,    sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               NULL,     sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               srp_N,    sizeof(srp_N),
                                               NULL,      sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               srp_N,    sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               NULL,     sizeof(srp_salt)));
@@ -215,9 +218,9 @@ static void test_SrpSetPassword(void)
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E),
                 wc_SrpSetPassword(&srp, password, passwordSz));
-    AssertIntEQ(SRP_CALL_ORDER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E),
                 wc_SrpGetVerifier(&srp, v, &vSz));
 
     /* fix call order */
@@ -226,16 +229,16 @@ static void test_SrpSetPassword(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL,     passwordSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(NULL, password, passwordSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(&srp, NULL,     passwordSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v,    &vSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetVerifier(&srp, v,    &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(NULL, v,    &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(&srp, NULL, &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetVerifier(&srp, v,    &vSz));
 
     /* success */
     vSz = sizeof(v);
@@ -244,14 +247,14 @@ static void test_SrpSetPassword(void)
     AssertIntEQ(0, XMEMCMP(srp_verifier, v, vSz));
 
     /* invalid params - client side srp */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, v, vSz));
 
     wc_SrpTerm(&srp);
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v,    vSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(NULL, v,    vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, NULL, vSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz));
@@ -273,16 +276,16 @@ static void test_SrpGetPublic(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, pub, &pubSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &pubSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, pub, NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(NULL, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, NULL,   &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, pub, NULL));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* success */
     pubSz = sizeof(pub);
@@ -300,7 +303,7 @@ static void test_SrpGetPublic(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, srp_verifier, sizeof(srp_verifier)));
@@ -328,7 +331,7 @@ static void test_SrpComputeKey(void)
     AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpComputeKey(&cli,
                                                    clientPubKey, clientPubKeySz,
                                                    serverPubKey, serverPubKeySz));
 
@@ -354,19 +357,19 @@ static void test_SrpComputeKey(void)
     AssertIntEQ(0, XMEMCMP(serverPubKey, srp_B, serverPubKeySz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(NULL,
                                                clientPubKey, clientPubKeySz,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                NULL,         clientPubKeySz,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, 0,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, clientPubKeySz,
                                                NULL,         serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, clientPubKeySz,
                                                serverPubKey, 0));
 
@@ -432,16 +435,16 @@ static void test_SrpGetProofAndVerify(void)
 
     /* invalid params */
     serverProofSz = 0;
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL,       &clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(NULL, clientProof,&clientProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, NULL,       &clientProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, clientProof,NULL));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
 
-    AssertIntEQ(BAD_FUNC_ARG,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG),
                 wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG),
                 wc_SrpVerifyPeersProof(&cli, NULL,        clientProofSz));
-    AssertIntEQ(BUFFER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),
                 wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz));
     serverProofSz = SRP_MAX_DIGEST_SIZE;
 
diff --git a/tests/suites.c b/tests/suites.c
index e95ff933c..503dec1de 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -1,6 +1,6 @@
 /* suites.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,11 +20,7 @@
  */
 
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <tests/unit.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -37,7 +33,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <wolfssl/ssl.h>
-#include <tests/unit.h>
+
 #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
                       && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
 #include <wolfssl/wolfcrypt/ecc.h>
@@ -62,7 +58,7 @@
 #include "examples/server/server.h"
 
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
-    !defined(SINGLE_THREADED)
+    !defined(NO_TLS) && !defined(SINGLE_THREADED)
 static WOLFSSL_CTX* cipherSuiteCtx = NULL;
 static char nonblockFlag[] = "-N";
 static char noVerifyFlag[] = "-d";
@@ -154,7 +150,7 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
                 printf("suite too long!\n");
                 return 0;
             }
-            XMEMCPY(suite, begin, len);
+            XMEMCPY(suite, begin, (size_t) len);
             suite[len] = '\0';
         }
         else
@@ -172,6 +168,71 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
     return valid;
 }
 
+#if defined(WOLFSSL_HAVE_KYBER)
+static int IsKyberLevelAvailable(const char* line)
+{
+    int available = 0;
+    const char* find = "--pqc ";
+    const char* begin = strstr(line, find);
+    const char* end;
+
+    if (begin != NULL) {
+        begin += 6;
+        end = XSTRSTR(begin, " ");
+
+    #ifndef WOLFSSL_NO_ML_KEM
+        if ((size_t)end - (size_t)begin == 10) {
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) {
+                available = 1;
+            }
+        #endif
+        }
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+        if ((size_t)end - (size_t)begin == 11) {
+            if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) {
+                available = 1;
+            }
+        }
+        #endif
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
+        if ((size_t)end - (size_t)begin == 12) {
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        }
+    #endif
+    }
+
+#if defined(WOLFSSL_KYBER_NO_MAKE_KEY) || \
+    defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+    (void)available;
+    return begin == NULL;
+#else
+    return (begin == NULL) || available;
+#endif
+}
+#endif
+
 static int IsValidCert(const char* line)
 {
     int ret = 1;
@@ -307,8 +368,8 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     func_args cliArgs = {0, NULL, 0, NULL, NULL, NULL};
     func_args svrArgs = {0, NULL, 0, NULL, NULL, NULL};
 #else
-    func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
-    func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
+    func_args cliArgs = {0, NULL, 0, NULL, NULL};
+    func_args svrArgs = {0, NULL, 0, NULL, NULL};
 #endif
 
     tcp_ready   ready;
@@ -325,17 +386,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
 #ifdef WOLFSSL_NO_CLIENT_AUTH
     int         reqClientCert;
 #endif
-
 #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
     srtp_test_helper srtp_helper;
 #endif
 
-#if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
     cliArgs.argc = cli_argc;
     cliArgs.argv = cli_argv;
     svrArgs.argc = svr_argc;
     svrArgs.argv = svr_argv;
-#endif
 
     /* Is Valid Cipher and Version Checks */
     /* build command list for the Is checks below */
@@ -356,6 +414,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
         #endif
         return NOT_BUILT_IN;
     }
+#ifdef WOLFSSL_HAVE_KYBER
+    if (!IsKyberLevelAvailable(commandLine)) {
+        #ifdef DEBUG_SUITE_TESTS
+            printf("Kyber level not supported in build: %s\n", commandLine);
+        #endif
+        return NOT_BUILT_IN;
+    }
+#endif
     if (!IsValidCert(commandLine)) {
         #ifdef DEBUG_SUITE_TESTS
             printf("certificate %s not supported in build\n", commandLine);
@@ -660,7 +726,7 @@ static void test_harness(void* vargs)
         return;
     }
 
-    script = (char*)malloc(sz+1);
+    script = (char*)malloc((size_t)(sz+1));
     if (script == 0) {
         fprintf(stderr, "unable to allocate script buffer\n");
         fclose(file);
@@ -668,7 +734,7 @@ static void test_harness(void* vargs)
         return;
     }
 
-    len = fread(script, 1, sz, file);
+    len = (long) fread(script, 1, (size_t)sz, file);
     if (len != sz) {
         fprintf(stderr, "read error\n");
         fclose(file);
@@ -796,8 +862,8 @@ static void test_harness(void* vargs)
 int SuiteTest(int argc, char** argv)
 {
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
-    !defined(SINGLE_THREADED)
+    !defined(NO_TLS) && !defined(SINGLE_THREADED) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     func_args args;
     char argv0[3][80];
     char* myArgv[3];
@@ -926,9 +992,8 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-    #ifdef HAVE_LIBOQS
-    /* add TLSv13 pq tests */
-    XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
+    /* add TLSv13 pq hybrid tests */
+    XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid.conf", sizeof(argv0[1]));
     printf("starting TLSv13 post-quantum groups tests\n");
     test_harness(&args);
     if (args.return_code != 0) {
@@ -937,29 +1002,6 @@ int SuiteTest(int argc, char** argv)
         goto exit;
     }
     #endif
-    #endif
-    #ifdef HAVE_PQC
-    /* add TLSv13 pq tests */
-    XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
-    printf("starting TLSv13 post-quantum groups tests\n");
-    test_harness(&args);
-    if (args.return_code != 0) {
-        printf("error from script %d\n", args.return_code);
-        args.return_code = EXIT_FAILURE;
-        goto exit;
-    }
-    #ifdef HAVE_LIBOQS
-    /* add TLSv13 pq tests */
-    XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
-    printf("starting TLSv13 post-quantum groups tests\n");
-    test_harness(&args);
-    if (args.return_code != 0) {
-        printf("error from script %d\n", args.return_code);
-        args.return_code = EXIT_FAILURE;
-        goto exit;
-    }
-    #endif
-    #endif
     #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
     /* add DTLSv13 pq tests */
     XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
@@ -970,6 +1012,15 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
+    /* add DTLSv13 pq hybrid tests */
+    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid.conf", sizeof(argv0[1]));
+    printf("starting DTLSv13 post-quantum 2 groups tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
     #ifdef WOLFSSL_DTLS_CH_FRAG
     /* add DTLSv13 pq frag tests */
     XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1]));
@@ -980,20 +1031,8 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-    #endif
-    #ifdef HAVE_LIBOQS
-    /* add DTLSv13 pq 2 tests */
-    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2.conf", sizeof(argv0[1]));
-    printf("starting DTLSv13 post-quantum 2 groups tests\n");
-    test_harness(&args);
-    if (args.return_code != 0) {
-        printf("error from script %d\n", args.return_code);
-        args.return_code = EXIT_FAILURE;
-        goto exit;
-    }
-    #ifdef WOLFSSL_DTLS_CH_FRAG
-    /* add DTLSv13 pq 2 frag tests */
-    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2-frag.conf", sizeof(argv0[1]));
+    /* add DTLSv13 pq hybrid frag tests */
+    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-frag.conf", sizeof(argv0[1]));
     printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
     test_harness(&args);
     if (args.return_code != 0) {
@@ -1003,7 +1042,6 @@ int SuiteTest(int argc, char** argv)
     }
     #endif
     #endif
-    #endif
 #endif
 #if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
@@ -1060,7 +1098,9 @@ int SuiteTest(int argc, char** argv)
 #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
     defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \
         /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \
-        !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V)
+        !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) && \
+        /* only supported with newer ASN template code */ \
+        defined(WOLFSSL_ASN_TEMPLATE)
 
     /* TLS non-NIST curves (Koblitz / Brainpool) */
     XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1]));
@@ -1301,7 +1341,7 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-#endif /* HAVE_RSA and HAVE_ECC */
+#endif /* !NO__RSA and HAVE_ECC */
 #endif /* !WC_STRICT_SIG */
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \
     (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM))
@@ -1458,5 +1498,5 @@ exit:
     (void)argc;
     (void)argv;
     return NOT_COMPILED_IN;
-#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT && !NO_TLS */
 }
diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf
index 42f0f63c8..bb055c36b 100644
--- a/tests/test-dtls.conf
+++ b/tests/test-dtls.conf
@@ -55,6 +55,20 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
+# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-u
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
+# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-u
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
 # server TLSv1.2 PSK-CHACHA20-POLY1305
 -u
 -v 3
diff --git a/tests/test-dtls13-downgrade.conf b/tests/test-dtls13-downgrade.conf
index bda26666c..931cc6b8c 100644
--- a/tests/test-dtls13-downgrade.conf
+++ b/tests/test-dtls13-downgrade.conf
@@ -41,3 +41,16 @@
 -7 2
 -u
 -l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.2 - PSK
+-v 3
+-u
+-s
+-l ECDHE-PSK-AES128-GCM-SHA256
+
+# client DTLS PSK multiversion, allow downgrade
+-vd
+-7 2
+-u
+-s
+-l ECDHE-PSK-AES128-GCM-SHA256
diff --git a/tests/test-dtls13-pq-2-frag.conf b/tests/test-dtls13-pq-2-frag.conf
deleted file mode 100644
index 6ea8317db..000000000
--- a/tests/test-dtls13-pq-2-frag.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# server DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# client DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# server DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
-
-# client DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
diff --git a/tests/test-dtls13-pq-2.conf b/tests/test-dtls13-pq-2.conf
deleted file mode 100644
index 6a4bfac08..000000000
--- a/tests/test-dtls13-pq-2.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# server DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# client DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# P384_KYBER_LEVEL3 and P521_KYBER_LEVEL5 would fragment the ClientHello.
diff --git a/tests/test-dtls13-pq-frag.conf b/tests/test-dtls13-pq-frag.conf
index 01aaf477f..5592ecb79 100644
--- a/tests/test-dtls13-pq-frag.conf
+++ b/tests/test-dtls13-pq-frag.conf
@@ -1,3 +1,27 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
 # server DTLSv1.3 with post-quantum group
 -u
 -v 4
@@ -21,4 +45,3 @@
 -v 4
 -l TLS13-AES256-GCM-SHA384
 --pqc KYBER_LEVEL5
-
diff --git a/tests/test-dtls13-pq-hybrid-frag.conf b/tests/test-dtls13-pq-hybrid-frag.conf
new file mode 100644
index 000000000..c9edc6907
--- /dev/null
+++ b/tests/test-dtls13-pq-hybrid-frag.conf
@@ -0,0 +1,131 @@
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
diff --git a/tests/test-dtls13-pq-hybrid.conf b/tests/test-dtls13-pq-hybrid.conf
new file mode 100644
index 000000000..3bb14cac5
--- /dev/null
+++ b/tests/test-dtls13-pq-hybrid.conf
@@ -0,0 +1,51 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# Hybrids with ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello.
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# Hybrids with KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello.
diff --git a/tests/test-dtls13-pq.conf b/tests/test-dtls13-pq.conf
index c84ab819d..559741f32 100644
--- a/tests/test-dtls13-pq.conf
+++ b/tests/test-dtls13-pq.conf
@@ -1,3 +1,17 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello.
+
 # server DTLSv1.3 with post-quantum group
 -u
 -v 4
diff --git a/tests/test-ecc-cust-curves.conf b/tests/test-ecc-cust-curves.conf
index 697d96796..6f24783e8 100644
--- a/tests/test-ecc-cust-curves.conf
+++ b/tests/test-ecc-cust-curves.conf
@@ -179,3 +179,19 @@
 -k ./certs/ecc/bp256r1-key.pem
 -A ./certs/ecc/server-bp256r1-cert.pem
 -C
+
+# -- SECP256K1 without OID inside PKCS#8 --
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
+-v 3
+-l ECDHE-ECDSA-AES128-GCM-SHA256
+-c ./certs/ecc/server2-secp256k1-cert.pem
+-k ./certs/ecc/secp256k1-privkey.pem
+-d
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
+-v 3
+-l ECDHE-ECDSA-AES128-GCM-SHA256
+-A ./certs/ecc/ca-secp256k1-cert.pem
+-x
+-C
+
diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf
index 02512f4d6..90f0c4bb4 100644
--- a/tests/test-tls13-down.conf
+++ b/tests/test-tls13-down.conf
@@ -108,3 +108,14 @@
 # client TLSv 1.2
 -v 3
 -H exitWithRet
+
+# server TLSv1.2 - PSK
+-v 3
+-s
+-l ECDHE-PSK-AES128-GCM-SHA256
+
+# client TLS PSK multiversion, allow downgrade
+-v d
+-7 3
+-s
+-l ECDHE-PSK-AES128-GCM-SHA256
diff --git a/tests/test-tls13-pq-2.conf b/tests/test-tls13-pq-2.conf
deleted file mode 100644
index ff09d72a7..000000000
--- a/tests/test-tls13-pq-2.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
diff --git a/tests/test-tls13-pq-hybrid.conf b/tests/test-tls13-pq-hybrid.conf
new file mode 100644
index 000000000..242cd3089
--- /dev/null
+++ b/tests/test-tls13-pq-hybrid.conf
@@ -0,0 +1,149 @@
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
diff --git a/tests/test-tls13-pq.conf b/tests/test-tls13-pq.conf
index 9d2b218de..ac8164e99 100644
--- a/tests/test-tls13-pq.conf
+++ b/tests/test-tls13-pq.conf
@@ -1,3 +1,33 @@
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
 # server TLSv1.3 with post-quantum group
 -v 4
 -l TLS13-AES256-GCM-SHA384
diff --git a/tests/test.conf b/tests/test.conf
index 099ef4706..73d40f000 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -45,6 +45,18 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
+# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
+# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519
+-v 3
+-s
+-t
+-l ECDHE-PSK-CHACHA20-POLY1305
+
 # server TLSv1.2 PSK-CHACHA20-POLY1305
 -v 3
 -s
diff --git a/tests/unit.c b/tests/unit.c
index 00bac225c..432ce61fb 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -1,6 +1,6 @@
 /* unit.c API unit tests driver
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,15 +22,11 @@
 
 /* Name change compatibility layer no longer need to be included here */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <tests/unit.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 
 #include <stdio.h>
-#include <tests/unit.h>
 #include <wolfssl/wolfcrypt/fips_test.h>
 
 
@@ -68,7 +64,6 @@ int unit_test(int argc, char** argv)
 
     (void)argc;
     (void)argv;
-
 #ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST
     if (argc > 1) {
         int memFailCount = atoi(argv[1]);
@@ -161,7 +156,7 @@ int unit_test(int argc, char** argv)
         err_sys("KDF TLSv1.2 CAST failed");
     }
 #endif
-#if defined(WOLFSSL_HAVE_PRF) && defined(WOLFSSL_TLS13)
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
     if (wc_RunCast_fips(FIPS_CAST_KDF_TLS13) != 0) {
         err_sys("KDF TLSv1.3 CAST failed");
     }
@@ -172,6 +167,11 @@ int unit_test(int argc, char** argv)
     }
 #endif
 #endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */
+#if FIPS_VERSION3_GT(5,2,0)
+    if (wc_RunAllCast_fips() != 0) {
+        err_sys("wc_RunAllCast_fips() failed\n");
+    }
+#endif
 
     while (argc > 1) {
         if (argv[1][0] != '-') {
@@ -192,13 +192,20 @@ int unit_test(int argc, char** argv)
         else if (XSTRCMP(argv[1], "--no-api") == 0) {
             apiTesting = 0;
         }
-        else if (argv[1][1] >= '0' && argv[1][1] <= '9') {
+        else if (argv[1][0] == '-' && argv[1][1] >= '0' && argv[1][1] <= '9') {
             ret = ApiTest_RunIdx(atoi(argv[1] + 1));
             if (ret != 0) {
                 goto exit;
             }
             allTesting = 0;
         }
+        else if (argv[1][0] == '-' && argv[1][1] == '~') {
+            ret = ApiTest_RunPartName(argv[1] + 2);
+            if (ret != 0) {
+                goto exit;
+            }
+            allTesting = 0;
+        }
         else {
             ret = ApiTest_RunName(argv[1] + 1);
             if (ret != 0) {
@@ -247,16 +254,15 @@ int unit_test(int argc, char** argv)
         SrpTest();
     }
 
-#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST
-#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
-#ifndef SINGLE_THREADED
+#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_TLS) && \
+    !defined(SINGLE_THREADED)
     if ((ret = SuiteTest(argc, argv)) != 0) {
         fprintf(stderr, "suite test failed with %d\n", ret);
         goto exit;
     }
 #endif
-#endif
-#endif /* NO_WOLFSSL_CIPHER_SUITE_TEST */
 
 exit:
 #ifdef HAVE_WNR
diff --git a/tests/unit.h b/tests/unit.h
index 185fc22df..ece943482 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -1,6 +1,6 @@
 /* unit.c API unit tests driver
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,8 +20,20 @@
  */
 
 
-#ifndef CyaSSL_UNIT_H
-#define CyaSSL_UNIT_H
+#ifndef TESTS_UNIT_H
+#define TESTS_UNIT_H
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with unit tests */
+#undef OPENSSL_COEXIST /* can't use this option with unit tests */
 
 #include <wolfssl/ssl.h>
 #include <wolfssl/test.h>    /* thread and tcp stuff */
@@ -121,27 +133,61 @@
 #define AssertPtrGE(x, y) AssertPtr(x, y, >=,  <)
 #define AssertPtrLE(x, y) AssertPtr(x, y, <=,  >)
 
+#define TEST_FAIL               0
+#define TEST_SUCCESS            1
+#define TEST_SUCCESS_NO_MSGS    2
+#define TEST_SKIPPED            3  /* Test skipped - not run. */
+#define TEST_SKIPPED_NO_MSGS    4  /* Test skipped - not run. */
 
 #define EXPECT_DECLS \
-    int _ret = TEST_SKIPPED
+    int _ret = TEST_SKIPPED, _fail_codepoint_id = TEST_FAIL
+#define EXPECT_DECLS_NO_MSGS(fail_codepoint_offset)     \
+    int _ret = TEST_SKIPPED_NO_MSGS,                    \
+        _fail_codepoint_id = (fail_codepoint_offset)
+#define EXPECT_FAILURE_CODEPOINT_ID _fail_codepoint_id
 #define EXPECT_RESULT() \
-    _ret
+    ((void)_fail_codepoint_id,                                          \
+     _ret == TEST_SUCCESS_NO_MSGS ? TEST_SUCCESS :                      \
+     _ret == TEST_SKIPPED_NO_MSGS ? TEST_SKIPPED :                      \
+     _ret)
 #define EXPECT_SUCCESS() \
-    (_ret == TEST_SUCCESS)
+    ((_ret == TEST_SUCCESS) ||                                          \
+     (_ret == TEST_SKIPPED) ||                                          \
+     (_ret == TEST_SUCCESS_NO_MSGS) ||                                  \
+     (_ret == TEST_SKIPPED_NO_MSGS))
 #define EXPECT_FAIL() \
-    (_ret == TEST_FAIL)
+    (! EXPECT_SUCCESS())
 
-#define ExpFail(description, result) do {                                      \
-    printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);           \
-    fputs("\n    expected: ", stdout); printf description;                     \
-    fputs("\n    result:   ", stdout); printf result; fputs("\n\n", stdout);   \
-    fflush(stdout);                                                            \
-    _ret = TEST_FAIL;                                                          \
+#define EXPECT_TEST(ret) do {                                                  \
+    if (EXPECT_SUCCESS()) {                                                    \
+        _ret = (ret);                                                          \
+    }                                                                          \
 } while (0)
 
-#define Expect(test, description, result) do {                                 \
-    if (_ret != TEST_FAIL) { if (!(test)) ExpFail(description, result);        \
-                             else _ret = TEST_SUCCESS; }                       \
+#define ExpFail(description, result) do {                                    \
+    if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS))    \
+        _ret = _fail_codepoint_id;                                           \
+    else {                                                                   \
+        printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);     \
+        fputs("\n    expected: ", stdout); printf description;               \
+        fputs("\n    result:   ", stdout); printf result;                    \
+        fputs("\n\n", stdout);                                               \
+        fflush(stdout);                                                      \
+        _ret = TEST_FAIL;                                                    \
+    }                                                                        \
+} while (0)
+
+#define Expect(test, description, result) do {                               \
+    if (EXPECT_SUCCESS()) {                                                  \
+        if (!(test))                                                         \
+            ExpFail(description, result);                                    \
+        else if (_ret == TEST_SKIPPED_NO_MSGS)                               \
+            _ret = TEST_SUCCESS_NO_MSGS;                                     \
+        else                                                                 \
+            _ret = TEST_SUCCESS;                                             \
+    }                                                                        \
+    if (_ret == TEST_SUCCESS_NO_MSGS)                                        \
+        --_fail_codepoint_id;                                                \
 } while (0)
 
 #define ExpectTrue(x)    Expect( (x), ("%s is true",     #x), (#x " => FALSE"))
@@ -149,14 +195,14 @@
 #define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL"))
 
 #define ExpectNull(x) do {                                                     \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         PEDANTIC_EXTENSION void* _x = (void*)(x);                              \
         Expect(!_x, ("%s is null", #x), (#x " => %p", _x));                    \
     }                                                                          \
 } while(0)
 
 #define ExpectInt(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         int _x = (int)(x);                                                     \
         int _y = (int)(y);                                                     \
         Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\
@@ -171,7 +217,7 @@
 #define ExpectIntLE(x, y) ExpectInt(x, y, <=,  >)
 
 #define ExpectStr(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         const char* _x = (const char*)(x);                                     \
         const char* _y = (const char*)(y);                                     \
         int         _z = (_x && _y) ? XSTRCMP(_x, _y) : -1;                    \
@@ -188,7 +234,7 @@
 #define ExpectStrLE(x, y) ExpectStr(x, y, <=,  >)
 
 #define ExpectPtr(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         PRAGMA_DIAG_PUSH                                                       \
           /* remarkably, without this inhibition, */                           \
           /* the _Pragma()s make the declarations warn. */                     \
@@ -211,13 +257,14 @@
 #define ExpectPtrLE(x, y) ExpectPtr(x, y, <=,  >)
 
 #define ExpectBuf(x, y, z, op, er) do {                                        \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         const byte* _x = (const byte*)(x);                                     \
         const byte* _y = (const byte*)(y);                                     \
         int         _z = (int)(z);                                             \
-        int         _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1;            \
+        int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, (unsigned long)_z) : -1;     \
         Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z),                  \
-                             ("\"%p\" " #er " \"%p\" for \"%d\"", _x, _y, _z));\
+                             ("\"%p\" " #er " \"%p\" for \"%d\"",              \
+                                (const void *)_x, (const void *)_y, _z));      \
     }                                                                          \
 } while(0)
 
@@ -293,8 +340,81 @@
 #define DoExpectBufEQ(x, y, z) DoExpectBuf(x, y, z, ==, !=)
 #define DoExpectBufNE(x, y, z) DoExpectBuf(x, y, z, !=, ==)
 
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(WOLFSSL_TIRTOS)
+    #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+#endif
+#ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+
+typedef int (*ctx_cb)(WOLFSSL_CTX* ctx);
+typedef int (*ssl_cb)(WOLFSSL* ssl);
+typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
+typedef int (*hs_cb)(WOLFSSL_CTX **ctx, WOLFSSL **ssl);
+
+typedef struct test_ssl_cbf {
+    method_provider method;
+    ctx_cb ctx_ready;
+    ssl_cb ssl_ready;
+    ssl_cb on_result;
+    ctx_cb on_ctx_cleanup;
+    ssl_cb on_cleanup;
+    hs_cb  on_handshake;
+    WOLFSSL_CTX* ctx;
+    const char* caPemFile;
+    const char* certPemFile;
+    const char* keyPemFile;
+    const char* crlPemFile;
+#ifdef WOLFSSL_STATIC_MEMORY
+    byte*               mem;
+    word32              memSz;
+    wolfSSL_method_func method_ex;
+#endif
+    int devId;
+    int return_code;
+    int last_err;
+    unsigned char isSharedCtx:1;
+    unsigned char loadToSSL:1;
+    unsigned char ticNoInit:1;
+    unsigned char doUdp:1;
+} test_ssl_cbf;
+
+#define TEST_SSL_MEMIO_BUF_SZ   (64 * 1024)
+typedef struct test_ssl_memio_ctx {
+    WOLFSSL_CTX* s_ctx;
+    WOLFSSL_CTX* c_ctx;
+    WOLFSSL* s_ssl;
+    WOLFSSL* c_ssl;
+
+    const char* c_ciphers;
+    const char* s_ciphers;
+
+    char* c_msg;
+    int c_msglen;
+    char* s_msg;
+    int s_msglen;
+
+    test_ssl_cbf s_cb;
+    test_ssl_cbf c_cb;
+
+    byte c_buff[TEST_SSL_MEMIO_BUF_SZ];
+    int c_len;
+    byte s_buff[TEST_SSL_MEMIO_BUF_SZ];
+    int s_len;
+} test_ssl_memio_ctx;
+
+int test_ssl_memio_setup(test_ssl_memio_ctx *ctx);
+int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
+    int* rounds);
+void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx);
+int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
+    test_ssl_cbf* server_cb, test_cbType client_on_handshake);
+#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
+
 void ApiTest_PrintTestCases(void);
 int ApiTest_RunIdx(int idx);
+int ApiTest_RunPartName(char* name);
 int ApiTest_RunName(char* name);
 int ApiTest(void);
 
@@ -305,4 +425,4 @@ int w64wrapper_test(void);
 int QuicTest(void);
 
 
-#endif /* CyaSSL_UNIT_H */
+#endif /* TESTS_UNIT_H */
diff --git a/tests/utils.c b/tests/utils.c
new file mode 100644
index 000000000..2b78b3a67
--- /dev/null
+++ b/tests/utils.c
@@ -0,0 +1,263 @@
+/* utils.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+#include <tests/utils.h>
+
+#ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
+
+/* This set of memio functions allows for more fine tuned control of the TLS
+ * connection operations. For new tests, try to use ssl_memio first. */
+
+/* To dump the memory in gdb use
+ *   dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len
+ *   dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len
+ * This can be imported into Wireshark by transforming the file with
+ *   od -Ax -tx1 -v client.bin > client.bin.hex
+ *   od -Ax -tx1 -v server.bin > server.bin.hex
+ * And then loading test_output.dump.hex into Wireshark using the
+ * "Import from Hex Dump..." option ion and selecting the TCP
+ * encapsulation option.
+ */
+
+int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, void *ctx)
+{
+    struct test_memio_ctx *test_ctx;
+    byte *buf;
+    int *len;
+
+    test_ctx = (struct test_memio_ctx*)ctx;
+
+    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+        buf = test_ctx->c_buff;
+        len = &test_ctx->c_len;
+    }
+    else {
+        buf = test_ctx->s_buff;
+        len = &test_ctx->s_len;
+    }
+
+    if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
+
+#ifdef WOLFSSL_DUMP_MEMIO_STREAM
+    {
+        char dump_file_name[64];
+        WOLFSSL_BIO *dump_file;
+        sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName);
+        dump_file = wolfSSL_BIO_new_file(dump_file_name, "a");
+        if (dump_file != NULL) {
+            (void)wolfSSL_BIO_write(dump_file, data, sz);
+            wolfSSL_BIO_free(dump_file);
+        }
+    }
+#endif
+    XMEMCPY(buf + *len, data, (size_t)sz);
+    *len += sz;
+
+    return sz;
+}
+
+int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, void *ctx)
+{
+    struct test_memio_ctx *test_ctx;
+    int read_sz;
+    byte *buf;
+    int *len;
+
+    test_ctx = (struct test_memio_ctx*)ctx;
+
+    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+        buf = test_ctx->s_buff;
+        len = &test_ctx->s_len;
+    }
+    else {
+        buf = test_ctx->c_buff;
+        len = &test_ctx->c_len;
+    }
+
+    if (*len == 0)
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+
+    read_sz = sz < *len ? sz : *len;
+
+    XMEMCPY(data, buf, (size_t)read_sz);
+    XMEMMOVE(buf, buf + read_sz,(size_t) (*len - read_sz));
+
+    *len -= read_sz;
+
+    return read_sz;
+}
+
+int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
+    int max_rounds, int *rounds)
+{
+    byte handshake_complete = 0, hs_c = 0, hs_s = 0;
+    int ret, err;
+
+    if (rounds != NULL)
+        *rounds = 0;
+    while (!handshake_complete && max_rounds > 0) {
+        if (!hs_c) {
+            wolfSSL_SetLoggingPrefix("client");
+            ret = wolfSSL_connect(ssl_c);
+            wolfSSL_SetLoggingPrefix(NULL);
+            if (ret == WOLFSSL_SUCCESS) {
+                hs_c = 1;
+            }
+            else {
+                err = wolfSSL_get_error(ssl_c, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ &&
+                    err != WOLFSSL_ERROR_WANT_WRITE)
+                    return -1;
+            }
+        }
+        if (!hs_s) {
+            wolfSSL_SetLoggingPrefix("server");
+            ret = wolfSSL_accept(ssl_s);
+            wolfSSL_SetLoggingPrefix(NULL);
+            if (ret == WOLFSSL_SUCCESS) {
+                hs_s = 1;
+            }
+            else {
+                err = wolfSSL_get_error(ssl_s, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ &&
+                    err != WOLFSSL_ERROR_WANT_WRITE)
+                    return -1;
+            }
+        }
+        handshake_complete = hs_c && hs_s;
+        max_rounds--;
+        if (rounds != NULL)
+            *rounds = *rounds + 1;
+    }
+
+    if (!handshake_complete)
+        return -1;
+
+    return 0;
+}
+
+int test_memio_setup_ex(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s,
+    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
+    byte *serverKey, int serverKeySz)
+{
+    int ret;
+    (void)caCert;
+    (void)caCertSz;
+    (void)serverCert;
+    (void)serverCertSz;
+    (void)serverKey;
+    (void)serverKeySz;
+
+    if (ctx_c != NULL && *ctx_c == NULL) {
+        *ctx_c = wolfSSL_CTX_new(method_c());
+        if (*ctx_c == NULL)
+            return -1;
+#ifndef NO_CERTS
+        if (caCert == NULL) {
+            ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
+        }
+        else {
+            ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
+                                                 WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return -1;
+#endif /* NO_CERTS */
+        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
+        if (ctx->c_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
+            if (ret != WOLFSSL_SUCCESS)
+                return -1;
+        }
+    }
+
+    if (ctx_s != NULL && *ctx_s == NULL) {
+        *ctx_s = wolfSSL_CTX_new(method_s());
+        if (*ctx_s == NULL)
+            return -1;
+#ifndef NO_CERTS
+        if (serverKey == NULL) {
+            ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
+                WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
+                (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return- -1;
+
+        if (serverCert == NULL) {
+            ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
+                                                   WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
+                serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return -1;
+#endif /* NO_CERTS */
+        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
+        if (ctx->s_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
+            if (ret != WOLFSSL_SUCCESS)
+                return -1;
+        }
+    }
+
+    if (ctx_c != NULL && ssl_c != NULL) {
+        *ssl_c = wolfSSL_new(*ctx_c);
+        if (*ssl_c == NULL)
+            return -1;
+        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
+    }
+    if (ctx_s != NULL && ssl_s != NULL) {
+        *ssl_s = wolfSSL_new(*ctx_s);
+        if (*ssl_s == NULL)
+            return -1;
+        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
+#if !defined(NO_DH)
+        SetDH(*ssl_s);
+#endif
+    }
+
+    return 0;
+}
+
+int test_memio_setup(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s)
+{
+    return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c,
+                               method_s, NULL, 0, NULL, 0, NULL, 0);
+}
+
+#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES */
+
diff --git a/tests/utils.h b/tests/utils.h
index 46b16e2c8..75bae2cb0 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -1,6 +1,6 @@
 /* utils.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,120 +18,19 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#include <tests/unit.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/test.h>
 
-#ifndef NO_FILESYSTEM
-
-#ifdef _MSC_VER
-#include <direct.h>
-#endif
-
-#define TMP_DIR_PREFIX "tmpDir-"
-/* len is length of tmpDir name, assuming
- * len does not include null terminating character */
-char* create_tmp_dir(char *tmpDir, int len)
-{
-    if (len < (int)XSTR_SIZEOF(TMP_DIR_PREFIX))
-        return NULL;
-
-    XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX));
-
-    if (mymktemp(tmpDir, len, len - XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL)
-        return NULL;
-
-#ifdef _MSC_VER
-    if (_mkdir(tmpDir) != 0)
-        return NULL;
-#elif defined(__MINGW32__)
-    if (mkdir(tmpDir) != 0)
-        return NULL;
-#else
-    if (mkdir(tmpDir, 0700) != 0)
-        return NULL;
-#endif
-
-    return tmpDir;
-}
-
-int rem_dir(const char* dirName)
-{
-#ifdef _MSC_VER
-    if (_rmdir(dirName) != 0)
-        return -1;
-#else
-    if (rmdir(dirName) != 0)
-        return -1;
-#endif
-    return 0;
-}
-
-int rem_file(const char* fileName)
-{
-#ifdef _MSC_VER
-    if (_unlink(fileName) != 0)
-        return -1;
-#else
-    if (unlink(fileName) != 0)
-        return -1;
-#endif
-    return 0;
-}
-
-int copy_file(const char* in, const char* out)
-{
-    byte buf[100];
-    XFILE inFile = XBADFILE;
-    XFILE outFile = XBADFILE;
-    size_t sz;
-    int ret = -1;
-
-    inFile = XFOPEN(in, "rb");
-    if (inFile == XBADFILE)
-        goto cleanup;
-
-    outFile = XFOPEN(out, "wb");
-    if (outFile == XBADFILE)
-        goto cleanup;
-
-    while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) {
-        if (XFWRITE(buf, 1, sz, outFile) != sz)
-            goto cleanup;
-    }
-
-    ret = 0;
-cleanup:
-    if (inFile != XBADFILE)
-        XFCLOSE(inFile);
-    if (outFile != XBADFILE)
-        XFCLOSE(outFile);
-    return ret;
-}
-#endif /* !NO_FILESYSTEM */
+#ifndef TESTS_UTILS_H
+#define TESTS_UTILS_H
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-
-/* This set of memio functions allows for more fine tuned control of the TLS
- * connection operations. For new tests, try to use ssl_memio first. */
-
-/* To dump the memory in gdb use
- *   dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len
- *   dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len
- * This can be imported into Wireshark by transforming the file with
- *   od -Ax -tx1 -v client.bin > client.bin.hex
- *   od -Ax -tx1 -v server.bin > server.bin.hex
- * And then loading test_output.dump.hex into Wireshark using the
- * "Import from Hex Dump..." option ion and selecting the TCP
- * encapsulation option.
- */
-
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
 #define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
-
 #define TEST_MEMIO_BUF_SZ (64 * 1024)
 struct test_memio_ctx
 {
@@ -142,244 +41,18 @@ struct test_memio_ctx
     int s_len;
     const char* s_ciphers;
 };
-
+int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, void *ctx);
+int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, void *ctx);
 int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
     int max_rounds, int *rounds);
 int test_memio_setup(struct test_memio_ctx *ctx,
     WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
     method_provider method_c, method_provider method_s);
-
-static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
-    void *ctx)
-{
-    struct test_memio_ctx *test_ctx;
-    byte *buf;
-    int *len;
-
-    test_ctx = (struct test_memio_ctx*)ctx;
-
-    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
-        buf = test_ctx->c_buff;
-        len = &test_ctx->c_len;
-    }
-    else {
-        buf = test_ctx->s_buff;
-        len = &test_ctx->s_len;
-    }
-
-    if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ)
-        return WOLFSSL_CBIO_ERR_WANT_WRITE;
-
-#ifdef WOLFSSL_DUMP_MEMIO_STREAM
-    {
-        WOLFSSL_BIO *dump_file = wolfSSL_BIO_new_file("test_memio.dump", "a");
-        if (dump_file != NULL) {
-            (void)wolfSSL_BIO_write(dump_file, data, sz);
-            wolfSSL_BIO_free(dump_file);
-        }
-    }
-#endif
-    XMEMCPY(buf + *len, data, sz);
-    *len += sz;
-
-    return sz;
-}
-
-static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
-    void *ctx)
-{
-    struct test_memio_ctx *test_ctx;
-    int read_sz;
-    byte *buf;
-    int *len;
-
-    test_ctx = (struct test_memio_ctx*)ctx;
-
-    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
-        buf = test_ctx->s_buff;
-        len = &test_ctx->s_len;
-    }
-    else {
-        buf = test_ctx->c_buff;
-        len = &test_ctx->c_len;
-    }
-
-    if (*len == 0)
-        return WOLFSSL_CBIO_ERR_WANT_READ;
-
-    read_sz = sz < *len ? sz : *len;
-
-    XMEMCPY(data, buf, read_sz);
-    XMEMMOVE(buf, buf + read_sz, *len - read_sz);
-
-    *len -= read_sz;
-
-    return read_sz;
-}
-
-int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
-    int max_rounds, int *rounds)
-{
-    byte handshake_complete = 0, hs_c = 0, hs_s = 0;
-    int ret, err;
-
-    if (rounds != NULL)
-        *rounds = 0;
-    while (!handshake_complete && max_rounds > 0) {
-        if (!hs_c) {
-            wolfSSL_SetLoggingPrefix("client");
-            ret = wolfSSL_connect(ssl_c);
-            wolfSSL_SetLoggingPrefix(NULL);
-            if (ret == WOLFSSL_SUCCESS) {
-                hs_c = 1;
-            }
-            else {
-                err = wolfSSL_get_error(ssl_c, ret);
-                if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE)
-                    return -1;
-            }
-        }
-        if (!hs_s) {
-            wolfSSL_SetLoggingPrefix("server");
-            ret = wolfSSL_accept(ssl_s);
-            wolfSSL_SetLoggingPrefix(NULL);
-            if (ret == WOLFSSL_SUCCESS) {
-                hs_s = 1;
-            }
-            else {
-                err = wolfSSL_get_error(ssl_s, ret);
-                if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE)
-                    return -1;
-            }
-        }
-        handshake_complete = hs_c && hs_s;
-        max_rounds--;
-        if (rounds != NULL)
-            *rounds = *rounds + 1;
-    }
-
-    if (!handshake_complete)
-        return -1;
-
-    return 0;
-}
-
-int test_memio_setup(struct test_memio_ctx *ctx,
+int test_memio_setup_ex(struct test_memio_ctx *ctx,
     WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
-    method_provider method_c, method_provider method_s)
-{
-    int ret;
-
-    if (ctx_c != NULL && *ctx_c == NULL) {
-        *ctx_c = wolfSSL_CTX_new(method_c());
-        if (*ctx_c == NULL)
-            return -1;
-#ifndef NO_CERTS
-        ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
-        if (ret != WOLFSSL_SUCCESS)
-            return -1;
-#endif /* NO_CERTS */
-        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
-        if (ctx->c_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
-                return -1;
-        }
-    }
-
-    if (ctx_s != NULL && *ctx_s == NULL) {
-        *ctx_s = wolfSSL_CTX_new(method_s());
-        if (*ctx_s == NULL)
-            return -1;
-#ifndef NO_CERTS
-        ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
-            WOLFSSL_FILETYPE_PEM);
-        if (ret != WOLFSSL_SUCCESS)
-            return- -1;
-        ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
-                                               WOLFSSL_FILETYPE_PEM);
-        if (ret != WOLFSSL_SUCCESS)
-            return -1;
-#endif
-        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
-        if (ctx->s_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
-                return -1;
-        }
-    }
-
-    if (ctx_c != NULL && ssl_c != NULL) {
-        *ssl_c = wolfSSL_new(*ctx_c);
-        if (*ssl_c == NULL)
-            return -1;
-        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
-    }
-    if (ctx_s != NULL && ssl_s != NULL) {
-        *ssl_s = wolfSSL_new(*ctx_s);
-        if (*ssl_s == NULL)
-            return -1;
-        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
-#if !defined(NO_DH)
-        SetDH(*ssl_s);
-#endif
-    }
-
-    return 0;
-}
+    method_provider method_c, method_provider method_s,
+    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
+    byte *serverKey, int serverKeySz);
 #endif
 
-#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
-void signal_ready(tcp_ready* ready)
-{
-    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
-    ready->ready = 1;
-    THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond));
-    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
-}
-#endif
-
-void wait_tcp_ready(func_args* args)
-{
-#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
-    tcp_ready* ready = args->signal;
-    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
-    if (!ready->ready) {
-        THREAD_CHECK_RET(wolfSSL_CondWait(&ready->cond));
-    }
-    ready->ready = 0; /* reset */
-    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
-#else
-    /* no threading wait or single threaded */
-    (void)args;
-#endif
-}
-
-#ifndef SINGLE_THREADED
-/* Start a thread.
- *
- * @param [in]  fun     Function to execute in thread.
- * @param [in]  args    Object to send to function in thread.
- * @param [out] thread  Handle to thread.
- */
-void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread)
-{
-    THREAD_CHECK_RET(wolfSSL_NewThread(thread, fun, args));
-}
-
-
-/* Join thread to wait for completion.
- *
- * @param [in] thread  Handle to thread.
- */
-void join_thread(THREAD_TYPE thread)
-{
-    THREAD_CHECK_RET(wolfSSL_JoinThread(thread));
-}
-#endif /* SINGLE_THREADED */
+#endif /* TESTS_UTILS_H */
diff --git a/tests/w64wrapper.c b/tests/w64wrapper.c
index 926de49d1..1010d23dc 100644
--- a/tests/w64wrapper.c
+++ b/tests/w64wrapper.c
@@ -1,6 +1,6 @@
 /* w64wrapper.c w64wrapper unit tests
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,11 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <tests/unit.h>
 
 #ifdef WOLFSSL_W64_WRAPPER
diff --git a/testsuite/include.am b/testsuite/include.am
index 7b7cddd03..c96c79cbf 100644
--- a/testsuite/include.am
+++ b/testsuite/include.am
@@ -20,6 +20,7 @@ endif
 EXTRA_DIST += testsuite/testsuite.sln
 EXTRA_DIST += testsuite/testsuite.vcproj
 EXTRA_DIST += testsuite/testsuite.vcxproj
+EXTRA_DIST += testsuite/utils.h
 EXTRA_DIST += input
 EXTRA_DIST += quit
 DISTCLEANFILES+= testsuite/.libs/testsuite.test
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index 753077aad..162338c6f 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -1,6 +1,6 @@
 /* testsuite.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,14 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/wolfcrypt/types.h>
 
 #include <wolfssl/ssl.h>
@@ -45,13 +52,16 @@
 #include <examples/server/server.h>
 #include <examples/client/client.h>
 
-#include "tests/utils.h"
+#include <testsuite/utils.h>
+/* include source file to not change all the testsuite build systems */
+#include <testsuite/utils.c>
 
 #ifndef NO_SHA256
 void file_test(const char* file, byte* check);
 #endif
 
-#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS)
 
 #ifdef HAVE_STACK_SIZE
 static THREAD_RETURN simple_test(func_args *args);
@@ -104,6 +114,7 @@ static void *echoclient_test_wrapper(void* args) {
 int testsuite_test(int argc, char** argv)
 {
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS) && \
     (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
     func_args server_args;
 
@@ -300,7 +311,7 @@ static int test_crl_monitor(void)
 
     printf("\nRunning CRL monitor test\n");
 
-    sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS);
+    (void)XSNPRINTF(rounds, sizeof(rounds), "%d", CRL_MONITOR_TEST_ROUNDS);
 
     XMEMSET(&server_args, 0, sizeof(func_args));
     XMEMSET(&client_args, 0, sizeof(func_args));
@@ -320,18 +331,19 @@ static int test_crl_monitor(void)
     InitTcpReady(&ready);
     start_thread(server_test, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
-    sprintf(portNum, "%d", server_args.signal->port);
+    (void)XSNPRINTF(portNum, sizeof(portNum), "%d", server_args.signal->port);
 
     for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) {
         int expectFail;
         if (i % 2 == 0) {
+
             /* succeed on even rounds */
-            sprintf(buf, "%s/%s", tmpDir, "crl.pem");
-            if (copy_file("certs/crl/crl.pem", buf) != 0) {
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem");
+            if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) {
                 fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
                 goto cleanup;
             }
-            sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked");
             /* The monitor can be holding the file handle and this will cause
              * the remove call to fail. Let's give the monitor a some time to
              * finish up. */
@@ -349,12 +361,12 @@ static int test_crl_monitor(void)
         }
         else {
             /* fail on odd rounds */
-            sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
-            if (copy_file("certs/crl/crl.revoked", buf) != 0) {
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked");
+            if (STAGE_FILE("certs/crl/crl.revoked", buf) != 0) {
                 fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
                 goto cleanup;
             }
-            sprintf(buf, "%s/%s", tmpDir, "crl.pem");
+            (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem");
             /* The monitor can be holding the file handle and this will cause
              * the remove call to fail. Let's give the monitor a some time to
              * finish up. */
@@ -395,9 +407,9 @@ static int test_crl_monitor(void)
 cleanup:
     if (ret != 0 && i >= 0)
         fprintf(stderr, "test_crl_monitor failed on iteration %d\n", i);
-    sprintf(buf, "%s/%s", tmpDir, "crl.pem");
+    (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem");
     rem_file(buf);
-    sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
+    (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked");
     rem_file(buf);
     (void)rem_dir(tmpDir);
     return ret;
@@ -405,6 +417,7 @@ cleanup:
 #endif
 
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS) && \
    (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
 /* Perform a basic TLS handshake.
  *
@@ -610,12 +623,19 @@ void file_test(const char* file, byte* check)
         return;
     }
     while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) {
-        ret = wc_Sha256Update(&sha256, buf, i);
+        if (ferror(f)) {
+            printf("I/O error reading %s\n", file);
+            fclose(f);
+            return;
+        }
+        ret = wc_Sha256Update(&sha256, buf, (word32)i);
         if (ret != 0) {
             printf("Can't wc_Sha256Update %d\n", ret);
             fclose(f);
             return;
         }
+        if (feof(f))
+            break;
     }
 
     ret = wc_Sha256Final(&sha256, shasum);
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index 958f937fa..609731732 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{611E8971-46E0-4D0A-B5A1-632C3B00CB80}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\examples\client\client.c" />
     <ClCompile Include="..\examples\echoclient\echoclient.c" />
diff --git a/testsuite/utils.c b/testsuite/utils.c
new file mode 100644
index 000000000..931eb2dd2
--- /dev/null
+++ b/testsuite/utils.c
@@ -0,0 +1,191 @@
+/* utils.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <testsuite/utils.h>
+#include <tests/unit.h>
+
+#ifndef NO_FILESYSTEM
+
+#if defined(_MSC_VER)
+#include <direct.h>
+#elif defined(__WATCOMC__)
+#ifdef __LINUX__
+#include <unistd.h>
+#else
+#include <direct.h>
+#endif
+#endif
+
+#define TMP_DIR_PREFIX "tmpDir-"
+/* len is length of tmpDir name, assuming
+ * len does not include null terminating character */
+char* create_tmp_dir(char *tmpDir, int len)
+{
+    if (len < (int)XSTR_SIZEOF(TMP_DIR_PREFIX))
+        return NULL;
+
+    XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX));
+
+    if (mymktemp(tmpDir, len, len - (int)XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL)
+        return NULL;
+
+#ifdef _MSC_VER
+    if (_mkdir(tmpDir) != 0)
+        return NULL;
+#elif defined(__MINGW32__)
+    if (mkdir(tmpDir) != 0)
+        return NULL;
+#elif defined(__WATCOMC__) && !defined(__LINUX__)
+    if (mkdir(tmpDir) != 0)
+        return NULL;
+#else
+    if (mkdir(tmpDir, 0700) != 0)
+        return NULL;
+#endif
+
+    return tmpDir;
+}
+
+int rem_dir(const char* dirName)
+{
+#ifdef _MSC_VER
+    if (_rmdir(dirName) != 0)
+        return -1;
+#else
+    if (rmdir(dirName) != 0)
+        return -1;
+#endif
+    return 0;
+}
+
+int rem_file(const char* fileName)
+{
+#ifdef _MSC_VER
+    if (_unlink(fileName) != 0)
+        return -1;
+#else
+    if (unlink(fileName) != 0)
+        return -1;
+#endif
+    return 0;
+}
+
+int copy_file(const char* in, const char* out)
+{
+    byte buf[100];
+    XFILE inFile = XBADFILE;
+    XFILE outFile = XBADFILE;
+    size_t sz;
+    int ret = -1;
+
+    inFile = XFOPEN(in, "rb");
+    if (inFile == XBADFILE)
+        goto cleanup;
+
+    outFile = XFOPEN(out, "wb");
+    if (outFile == XBADFILE)
+        goto cleanup;
+
+    while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) {
+        if (XFERROR(inFile))
+            goto cleanup;
+        if (XFWRITE(buf, 1, sz, outFile) != sz)
+            goto cleanup;
+        if (XFEOF(inFile))
+            break;
+    }
+
+    ret = 0;
+cleanup:
+    if (inFile != XBADFILE)
+        XFCLOSE(inFile);
+    if (outFile != XBADFILE)
+        XFCLOSE(outFile);
+    return ret;
+}
+
+#if defined(__MACH__) || defined(__FreeBSD__)
+int link_file(const char* in, const char* out)
+{
+    return link(in, out);
+}
+#endif
+#endif /* !NO_FILESYSTEM */
+
+#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
+void signal_ready(tcp_ready* ready)
+{
+    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
+    ready->ready = 1;
+    THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond));
+    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
+}
+#endif
+
+void wait_tcp_ready(func_args* args)
+{
+#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
+    tcp_ready* ready = args->signal;
+    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
+    if (!ready->ready) {
+        THREAD_CHECK_RET(wolfSSL_CondWait(&ready->cond));
+    }
+    ready->ready = 0; /* reset */
+    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
+#else
+    /* no threading wait or single threaded */
+    (void)args;
+#endif
+}
+
+#ifndef SINGLE_THREADED
+/* Start a thread.
+ *
+ * @param [in]  fun     Function to execute in thread.
+ * @param [in]  args    Object to send to function in thread.
+ * @param [out] thread  Handle to thread.
+ */
+void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread)
+{
+    THREAD_CHECK_RET(wolfSSL_NewThread(thread, fun, args));
+}
+
+
+/* Join thread to wait for completion.
+ *
+ * @param [in] thread  Handle to thread.
+ */
+void join_thread(THREAD_TYPE thread)
+{
+    THREAD_CHECK_RET(wolfSSL_JoinThread(thread));
+}
+#endif /* SINGLE_THREADED */
+
diff --git a/testsuite/utils.h b/testsuite/utils.h
new file mode 100644
index 000000000..696ef4d06
--- /dev/null
+++ b/testsuite/utils.h
@@ -0,0 +1,40 @@
+/* utils.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This is a set of utility functions that are used by testsuite.c. They are
+ * also used in api.c but we want to keep the utils for testsuite.c as small
+ * as possible. */
+
+#ifndef TESTSUITE_UTILS_H
+#define TESTSUITE_UTILS_H
+
+/* Return
+ *   tmpDir on success
+ *   NULL on failure */
+char* create_tmp_dir(char* tmpDir, int len);
+/* Remaining functions return
+ * 0 on success
+ * -1 on failure */
+int rem_dir(const char* dirName);
+int rem_file(const char* fileName);
+int copy_file(const char* in, const char* out);
+
+#endif /* TESTSUITE_UTILS_H */
diff --git a/wolfcrypt/benchmark/README.md b/wolfcrypt/benchmark/README.md
index 6e2bed942..269b9af9d 100644
--- a/wolfcrypt/benchmark/README.md
+++ b/wolfcrypt/benchmark/README.md
@@ -11,9 +11,9 @@ Tool for performing cryptographic algorithm benchmarking.
 
 Compile with the following options for fixed units. Otherwise the units will auto-scale. See `-base10` parameter option, below.
 
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB  
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB  
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB  
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB
 `-DWOLFSSL_BENCHMARK_FIXED_UNITS_B` for Bytes
 
 To set the output to always be CSV:
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.sln b/wolfcrypt/benchmark/benchmark-VS2022.sln
new file mode 100644
index 000000000..2831db510
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.sln
@@ -0,0 +1,87 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35327.3
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "benchmark-VS2022", "benchmark-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h
+		..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h
+	EndProjectSection
+EndProject
+Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM64 = Debug|ARM64
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DLL Debug|ARM64 = DLL Debug|ARM64
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|x86 = DLL Debug|x86
+		DLL Release|ARM64 = DLL Release|ARM64
+		DLL Release|x64 = DLL Release|x64
+		DLL Release|x86 = DLL Release|x86
+		Release|ARM64 = Release|ARM64
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA}
+	EndGlobalSection
+EndGlobal
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj
new file mode 100644
index 000000000..ce5937e29
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.35327.3</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="benchmark.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\wolfssl-VS2022.vcxproj">
+      <Project>{12226dbe-7278-4dfa-a119-5a0294cf0b33}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
new file mode 100644
index 000000000..2219efc16
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerWorkingDirectory>$(ProjectDir)../../</LocalDebuggerWorkingDirectory>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 352530d43..fa308dfca 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1,6 +1,6 @@
 /* benchmark.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,14 +53,15 @@
  * Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
  * DEBUG_WOLFSSL_BENCHMARK_TIMING
  *
+ * Turn on timer debugging (used when CPU cycles not available)
+ * WOLFSSL_BENCHMARK_TIMER_DEBUG
  */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 
-#ifndef WOLFSSL_USER_SETTINGS
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h> /* also picks up user_settings.h */
@@ -68,6 +69,8 @@
 /* Macro to disable benchmark */
 #ifndef NO_CRYPT_BENCHMARK
 
+#define WC_ALLOC_DO_ON_FAILURE() do { printf("out of memory at benchmark.c L %d\n", __LINE__); ret = MEMORY_E; goto exit; } while (0)
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/wolfmath.h>
@@ -77,6 +80,11 @@
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/version.h>
 
+#ifdef WOLFSSL_LINUXKM
+    /* remap current_time() -- collides with a function in kernel linux/fs.h */
+    #define current_time benchmark_current_time
+#endif /* WOLFSSL_LINUXKM */
+
 #ifdef HAVE_CHACHA
     #include <wolfssl/wolfcrypt/chacha.h>
 #endif
@@ -164,7 +172,7 @@
     #ifdef WOLFSSL_WC_KYBER
         #include <wolfssl/wolfcrypt/wc_kyber.h>
     #endif
-    #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+    #if defined(HAVE_LIBOQS)
         #include <wolfssl/wolfcrypt/ext_kyber.h>
     #endif
 #endif
@@ -172,12 +180,16 @@
     #include <wolfssl/wolfcrypt/lms.h>
     #ifdef HAVE_LIBLMS
         #include <wolfssl/wolfcrypt/ext_lms.h>
+    #else
+        #include <wolfssl/wolfcrypt/wc_lms.h>
     #endif
 #endif
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
     #include <wolfssl/wolfcrypt/xmss.h>
     #ifdef HAVE_LIBXMSS
         #include <wolfssl/wolfcrypt/ext_xmss.h>
+    #else
+        #include <wolfssl/wolfcrypt/wc_xmss.h>
     #endif
 #endif
 #ifdef WOLFCRYPT_HAVE_ECCSI
@@ -187,16 +199,14 @@
     #include <wolfssl/wolfcrypt/sakke.h>
 #endif
 
-#if defined(HAVE_PQC)
-    #if defined(HAVE_FALCON)
-        #include <wolfssl/wolfcrypt/falcon.h>
-    #endif
-    #if defined(HAVE_DILITHIUM)
-        #include <wolfssl/wolfcrypt/dilithium.h>
-    #endif
-    #if defined(HAVE_SPHINCS)
-        #include <wolfssl/wolfcrypt/sphincs.h>
-    #endif
+#if defined(HAVE_FALCON)
+    #include <wolfssl/wolfcrypt/falcon.h>
+#endif
+#if defined(HAVE_DILITHIUM)
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
+#if defined(HAVE_SPHINCS)
+    #include <wolfssl/wolfcrypt/sphincs.h>
 #endif
 
 #ifdef WOLF_CRYPTO_CB
@@ -210,19 +220,23 @@
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
+#include <wolfssl/wolfcrypt/cpuid.h>
+
 #ifdef USE_FLAT_BENCHMARK_H
     #include "benchmark.h"
 #else
     #include "wolfcrypt/benchmark/benchmark.h"
 #endif
 
-
 /* define the max length for each string of metric reported */
 #ifndef WC_BENCH_MAX_LINE_LEN
 #define WC_BENCH_MAX_LINE_LEN 150
@@ -301,16 +315,62 @@
 #endif /* WOLFSSL_NO_FLOAT_FMT */
 
 #ifdef WOLFSSL_ESPIDF
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+
+    /* Benchmark uses 64 bit integer formatting support. When new nanolib is
+     * enabled, all if the values in report are blank. */
+    #ifdef CONFIG_NEWLIB_NANO_FORMAT
+        #if CONFIG_NEWLIB_NANO_FORMAT == 1
+            #error "Nano newlib formatting must not be enabled for benchmark"
+        #endif
+    #endif
+    #if ESP_IDF_VERSION_MAJOR >= 5
+        #define TFMT "%lu"
+    #else
+        #define TFMT "%d"
+    #endif
+
     #ifdef configTICK_RATE_HZ
         /* Define CPU clock cycles per tick of FreeRTOS clock
          *   CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ is typically a value like 240
          *   configTICK_RATE_HZ is typically 100 or 1000.
          **/
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ
+            #endif
+            #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ
+            #endif
+        #endif
+        #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+            /* This section is for pre-v5 ESP-IDF */
+            #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
+            #else
+                /* TODO unsupported */
+            #endif /* older CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ */
+        #endif
         #define CPU_TICK_CYCLES (                               \
               (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \
               / configTICK_RATE_HZ                              \
             )
-    #endif
+    #endif /* WOLFSSL_ESPIDF configTICK_RATE_HZ */
+
     #if defined(CONFIG_IDF_TARGET_ESP32C2)
         #include "driver/gptimer.h"
         static gptimer_handle_t esp_gptimer = NULL;
@@ -322,23 +382,35 @@
     #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
           defined(CONFIG_IDF_TARGET_ESP32C6)
         #include <esp_cpu.h>
-        #include "driver/gptimer.h"
+        #if ESP_IDF_VERSION_MAJOR >= 5
+            #include <driver/gptimer.h>
+        #endif
         #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
             #define RESOLUTION_SCALE 100
+            /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
             static gptimer_handle_t esp_gptimer = NULL;
             static gptimer_config_t esp_timer_config = {
-                                .clk_src = GPTIMER_CLK_SRC_DEFAULT,
-                                .direction = GPTIMER_COUNT_UP,
-                                .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * (MILLION_VALUE / RESOLUTION_SCALE), /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
-                             };
+                .clk_src = GPTIMER_CLK_SRC_DEFAULT,
+                .direction = GPTIMER_COUNT_UP,
+                /* CONFIG_XTAL_FREQ = 40,
+                 * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
+                .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ *
+                                 (MILLION_VALUE / RESOLUTION_SCALE),
+                };
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
 
     #elif defined(CONFIG_IDF_TARGET_ESP32) || \
           defined(CONFIG_IDF_TARGET_ESP32S2) || \
           defined(CONFIG_IDF_TARGET_ESP32S3)
         #include <xtensa/hal.h>
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */
+        #include <FreeRTOS.h>
+        #include <esp_system.h>
+        #include <esp_timer.h>
+        #include <xtensa/hal.h>
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
-
+        /* TODO add ESP32-H2 benchmark support */
     #else
         /* Other platform */
     #endif
@@ -406,6 +478,7 @@
     #endif
 #elif defined(WOLFSSL_ZEPHYR)
     #include <stdio.h>
+    #include <stdarg.h>
     #define BENCH_EMBEDDED
     #define printf printfk
     static int printfk(const char *fmt, ...)
@@ -465,7 +538,7 @@
         #include <stdlib.h>  /* we're using malloc / free direct here */
     #endif
 
-    #ifndef STRING_USER
+    #if !defined(STRING_USER) && !defined(NO_STDIO_FILESYSTEM)
         #include <string.h>
         #include <stdio.h>
     #endif
@@ -480,6 +553,10 @@
     #endif
 #endif
 
+#ifdef HAVE_ASCON
+    #include <wolfssl/wolfcrypt/ascon.h>
+#endif
+
 #ifdef HAVE_FIPS
     #include <wolfssl/wolfcrypt/fips_test.h>
 
@@ -491,7 +568,7 @@
                wc_GetErrorString(err));
         printf("%shash = %s\n", ok ? info_prefix : err_prefix, hash);
 
-        if (err == IN_CORE_FIPS_E) {
+        if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
             printf("%sIn core integrity hash check failure, copy above hash\n",
                    err_prefix);
             printf("%sinto verifyCore[] in fips_test.c and rebuild\n",
@@ -513,7 +590,7 @@
 #undef LIBCALL_CHECK_RET
 #if defined(NO_STDIO_FILESYSTEM) || defined(NO_ERROR_STRINGS) || \
     defined(NO_MAIN_DRIVER) || defined(BENCH_EMBEDDED)
-#define LIBCALL_CHECK_RET(...) __VA_ARGS__
+#define LIBCALL_CHECK_RET(...) (void)(__VA_ARGS__)
 #else
 #define LIBCALL_CHECK_RET(...) do {                           \
         int _libcall_ret = (__VA_ARGS__);                     \
@@ -596,6 +673,8 @@
 #define BENCH_BLAKE2B            0x00008000
 #define BENCH_BLAKE2S            0x00010000
 #define BENCH_SM3                0x00020000
+#define BENCH_ASCON_HASH256      0x00040000
+#define BENCH_ASCON_AEAD128      0x00080000
 
 /* MAC algorithms. */
 #define BENCH_CMAC               0x00000001
@@ -619,7 +698,6 @@
 #define BENCH_RSA                0x00000002
 #define BENCH_RSA_SZ             0x00000004
 #define BENCH_DH                 0x00000010
-#define BENCH_KYBER              0x00000020
 #define BENCH_ECC_MAKEKEY        0x00001000
 #define BENCH_ECC                0x00002000
 #define BENCH_ECC_ENCRYPT        0x00004000
@@ -646,11 +724,27 @@
 #define BENCH_SAKKE              0x80000000
 
 /* Post-Quantum Asymmetric algorithms. */
+#define BENCH_KYBER512                  0x00000020
+#define BENCH_KYBER768                  0x00000040
+#define BENCH_KYBER1024                 0x00000080
+#define BENCH_KYBER                     (BENCH_KYBER512 | BENCH_KYBER768 | \
+                                         BENCH_KYBER1024)
+#define BENCH_ML_KEM_512                0x00000020
+#define BENCH_ML_KEM_768                0x00000040
+#define BENCH_ML_KEM_1024               0x00000080
+#define BENCH_ML_KEM                    (BENCH_ML_KEM_512 | BENCH_ML_KEM_768 | \
+                                         BENCH_ML_KEM_1024)
 #define BENCH_FALCON_LEVEL1_SIGN        0x00000001
 #define BENCH_FALCON_LEVEL5_SIGN        0x00000002
 #define BENCH_DILITHIUM_LEVEL2_SIGN     0x04000000
 #define BENCH_DILITHIUM_LEVEL3_SIGN     0x08000000
 #define BENCH_DILITHIUM_LEVEL5_SIGN     0x10000000
+#define BENCH_ML_DSA_44_SIGN            0x04000000
+#define BENCH_ML_DSA_65_SIGN            0x08000000
+#define BENCH_ML_DSA_87_SIGN            0x10000000
+#define BENCH_ML_DSA_SIGN               (BENCH_ML_DSA_44_SIGN | \
+                                         BENCH_ML_DSA_65_SIGN | \
+                                         BENCH_ML_DSA_87_SIGN)
 
 /* Post-Quantum Asymmetric algorithms. (Part 2) */
 #define BENCH_SPHINCS_FAST_LEVEL1_SIGN  0x00000001
@@ -662,13 +756,28 @@
 
 /* Post-Quantum Stateful Hash-Based sig algorithms. */
 #define BENCH_LMS_HSS                   0x00000001
-#define BENCH_XMSS_XMSSMT               0x00000002
+#define BENCH_XMSS_XMSSMT_SHA256        0x00000002
+#define BENCH_XMSS_XMSSMT_SHA512        0x00000004
+#define BENCH_XMSS_XMSSMT_SHAKE128      0x00000008
+#define BENCH_XMSS_XMSSMT_SHAKE256      0x00000010
+#ifndef NO_SHA256
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHA256
+#elif defined(WOLFSSL_SHA512)
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHA512
+#elif defined(WOLFSSL_SHAKE128)
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHAKE128
+#elif defined(WOLFSSL_SHAKE256)
+#define BENCH_XMSS_XMSSMT               BENCH_XMSS_XMSSMT_SHAKE256
+#else
+#define BENCH_XMSS_XMSSMT               0x00000000
+#endif
 
 /* Other */
 #define BENCH_RNG                0x00000001
 #define BENCH_SCRYPT             0x00000002
 
-#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
+    (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 /* Define AES_AUTH_ADD_SZ already here, since it's used in the
  * static declaration of `bench_Usage_msg1`. */
 #if !defined(AES_AUTH_ADD_SZ) && \
@@ -779,6 +888,9 @@ static const bench_alg bench_cipher_opt[] = {
 #endif
 #ifndef NO_DES3
     { "-des",                BENCH_DES               },
+#endif
+#ifdef HAVE_ASCON
+    { "-ascon-aead",         BENCH_ASCON_AEAD128     },
 #endif
     { NULL, 0 }
 };
@@ -846,6 +958,9 @@ static const bench_alg bench_digest_opt[] = {
 #endif
 #ifdef HAVE_BLAKE2S
     { "-blake2s",            BENCH_BLAKE2S           },
+#endif
+#ifdef HAVE_ASCON
+    { "-ascon-hash",         BENCH_ASCON_HASH256     },
 #endif
     { NULL, 0 }
 };
@@ -903,14 +1018,13 @@ static const bench_alg bench_asym_opt[] = {
     { "-rsa-kg",             BENCH_RSA_KEYGEN        },
     #endif
     { "-rsa",                BENCH_RSA               },
+    #ifdef WOLFSSL_KEY_GEN
     { "-rsa-sz",             BENCH_RSA_SZ            },
+    #endif
 #endif
 #ifndef NO_DH
     { "-dh",                 BENCH_DH                },
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    { "-kyber",              BENCH_KYBER             },
-#endif
 #ifdef HAVE_ECC
     { "-ecc-kg",             BENCH_ECC_MAKEKEY       },
     { "-ecc",                BENCH_ECC               },
@@ -987,13 +1101,30 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
     { "-lms_hss", BENCH_LMS_HSS},
 #endif
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
-    { "-xmss_xmssmt", BENCH_XMSS_XMSSMT},
+    { "-xmss_xmssmt",          BENCH_XMSS_XMSSMT},
+#ifdef WC_XMSS_SHA256
+    { "-xmss_xmssmt_sha256",   BENCH_XMSS_XMSSMT_SHA256},
+#endif
+#ifdef WC_XMSS_SHA512
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+    { "-xmss_xmssmt_sha512",   BENCH_XMSS_XMSSMT_SHA512},
+#endif
+#endif
+#ifdef WC_XMSS_SHAKE128
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+    { "-xmss_xmssmt_shake128", BENCH_XMSS_XMSSMT_SHAKE128},
+#endif
+#endif
+#ifdef WC_XMSS_SHAKE256
+    { "-xmss_xmssmt_shake256", BENCH_XMSS_XMSSMT_SHAKE256},
+#endif
 #endif
     { NULL, 0}
 };
 #endif /* BENCH_PQ_STATEFUL_HBS */
 
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
+#if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \
+    defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
 /* The post-quantum-specific mapping of command line option to bit values and
  * OQS name. */
 typedef struct bench_pq_alg {
@@ -1001,49 +1132,53 @@ typedef struct bench_pq_alg {
     const char* str;
     /* Bit values to set. */
     word32 val;
-    const char* pqc_name;
 } bench_pq_alg;
 
 /* All recognized post-quantum asymmetric algorithm choosing command line
  * options. */
 static const bench_pq_alg bench_pq_asym_opt[] = {
-    { "-pq",                 0xffffffff, NULL},
-#ifdef HAVE_LIBOQS
-    { "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN,
-      OQS_SIG_alg_falcon_512 },
-    { "-falcon_level5", BENCH_FALCON_LEVEL5_SIGN,
-      OQS_SIG_alg_falcon_1024 },
-    { "-dilithium_level2", BENCH_DILITHIUM_LEVEL2_SIGN,
-      OQS_SIG_alg_dilithium_2 },
-    { "-dilithium_level3", BENCH_DILITHIUM_LEVEL3_SIGN,
-      OQS_SIG_alg_dilithium_3 },
-    { "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN,
-      OQS_SIG_alg_dilithium_5 },
-#endif /* HAVE_LIBOQS */
-    { NULL, 0, NULL }
+    { "-pq",                0xffffffff },
+#ifdef WOLFSSL_HAVE_KYBER
+    { "-kyber",             BENCH_KYBER             },
+    { "-kyber512",          BENCH_KYBER512          },
+    { "-kyber768",          BENCH_KYBER768          },
+    { "-kyber1024",         BENCH_KYBER1024         },
+    { "-ml-kem",            BENCH_ML_KEM            },
+    { "-ml-kem-512",        BENCH_ML_KEM_512        },
+    { "-ml-kem-768",        BENCH_ML_KEM_768        },
+    { "-ml-kem-1024",       BENCH_ML_KEM_1024       },
+#endif
+#if defined(HAVE_FALCON)
+    { "-falcon_level1",     BENCH_FALCON_LEVEL1_SIGN },
+    { "-falcon_level5",     BENCH_FALCON_LEVEL5_SIGN },
+#endif
+#if defined(HAVE_DILITHIUM)
+    { "-dilithium_level2",  BENCH_DILITHIUM_LEVEL2_SIGN },
+    { "-dilithium_level3",  BENCH_DILITHIUM_LEVEL3_SIGN },
+    { "-dilithium_level5",  BENCH_DILITHIUM_LEVEL5_SIGN },
+    { "-ml-dsa",            BENCH_ML_DSA_SIGN           },
+    { "-ml-dsa-44",         BENCH_ML_DSA_44_SIGN        },
+    { "-ml-dsa-65",         BENCH_ML_DSA_65_SIGN        },
+    { "-ml-dsa-87",         BENCH_ML_DSA_87_SIGN        },
+#endif
+    { NULL, 0 }
 };
 
-#if defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS)
+#if defined(HAVE_SPHINCS)
 /* All recognized post-quantum asymmetric algorithm choosing command line
  * options. (Part 2) */
 static const bench_pq_alg bench_pq_asym_opt2[] = {
-    { "-pq",                 0xffffffff, NULL},
-    { "-sphincs_fast_level1", BENCH_SPHINCS_FAST_LEVEL1_SIGN,
-      OQS_SIG_alg_sphincs_shake_128f_simple },
-    { "-sphincs_fast_level3", BENCH_SPHINCS_FAST_LEVEL3_SIGN,
-      OQS_SIG_alg_sphincs_shake_192f_simple },
-    { "-sphincs_fast_level5", BENCH_SPHINCS_FAST_LEVEL5_SIGN,
-      OQS_SIG_alg_sphincs_shake_256f_simple },
-    { "-sphincs_small_level1", BENCH_SPHINCS_SMALL_LEVEL1_SIGN,
-      OQS_SIG_alg_sphincs_shake_128s_simple },
-    { "-sphincs_small_level3", BENCH_SPHINCS_SMALL_LEVEL3_SIGN,
-      OQS_SIG_alg_sphincs_shake_192s_simple },
-    { "-sphincs_small_level5", BENCH_SPHINCS_SMALL_LEVEL5_SIGN,
-      OQS_SIG_alg_sphincs_shake_256s_simple },
-    { NULL, 0, NULL }
+    { "-pq",                 0xffffffff },
+    { "-sphincs_fast_level1", BENCH_SPHINCS_FAST_LEVEL1_SIGN },
+    { "-sphincs_fast_level3", BENCH_SPHINCS_FAST_LEVEL3_SIGN },
+    { "-sphincs_fast_level5", BENCH_SPHINCS_FAST_LEVEL5_SIGN },
+    { "-sphincs_small_level1", BENCH_SPHINCS_SMALL_LEVEL1_SIGN },
+    { "-sphincs_small_level3", BENCH_SPHINCS_SMALL_LEVEL3_SIGN },
+    { "-sphincs_small_level5", BENCH_SPHINCS_SMALL_LEVEL5_SIGN },
+    { NULL, 0, }
 };
-#endif /* HAVE_LIBOQS && HAVE_SPHINCS */
-#endif /* HAVE_PQC */
+#endif /* HAVE_SPHINCS */
+#endif
 
 #ifdef HAVE_WNR
     const char* wnrConfigFile = "wnr-example.conf";
@@ -1058,7 +1193,7 @@ static int lng_index = 0;
 
 #ifndef NO_MAIN_DRIVER
 #ifndef MAIN_NO_ARGS
-static const char* bench_Usage_msg1[][25] = {
+static const char* bench_Usage_msg1[][27] = {
     /* 0 English  */
     {   "-? <num>    Help, print this usage\n",
         "            0: English, 1: Japanese\n",
@@ -1072,6 +1207,8 @@ static const char* bench_Usage_msg1[][25] = {
         "            (if set via -aad_size) <aad_size> bytes.\n"
        ),
         "-dgst_full  Full digest operation performed.\n",
+        "-mac_final  MAC update and final operation timed.\n",
+        "-aead_set_key   Set the key as part of the timing of AEAD ciphers.\n",
         "-rsa_sign   Measure RSA sign/verify instead of encrypt/decrypt.\n",
         "<keySz> -rsa-sz\n            Measure RSA <key size> performance.\n",
         "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n",
@@ -1105,6 +1242,8 @@ static const char* bench_Usage_msg1[][25] = {
         "-aad_size <num>  TBD.\n",
         "-all_aad    TBD.\n",
         "-dgst_full  フル� digest 暗��作を実施���。\n",
+        "-mac_final  MAC update and final operation timed.\n",
+        "-aead_set_key   Set the key as part of the timing of AEAD ciphers.\n",
         "-rsa_sign   暗�/復�化�代�り� RSA �署�/検証を測定���。\n",
         "<keySz> -rsa-sz\n            RSA <key size> �性能を測定���。\n",
         "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n",
@@ -1151,7 +1290,7 @@ static const char* bench_result_words1[][4] = {
     defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET)  || \
     defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
     defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
 
 static const char* bench_desc_words[][15] = {
     /* 0           1          2         3        4        5         6            7            8          9        10        11       12          13       14 */
@@ -1246,10 +1385,10 @@ static const char* bench_result_words3[][5] = {
     /* TAG for ESP_LOGx() */
     static const char* TAG = "wolfssl_benchmark";
 
-    static THREAD_LS_T word64 begin_cycles;
-    static THREAD_LS_T word64 begin_cycles_ticks;
-    static THREAD_LS_T word64 end_cycles;
-    static THREAD_LS_T word64 total_cycles;
+    static THREAD_LS_T word64 begin_cycles = 0;
+    static THREAD_LS_T word64 begin_cycles_ticks = 0;
+    static THREAD_LS_T word64 end_cycles = 0;
+    static THREAD_LS_T word64 total_cycles = 0;
 
     /* the return value, as a global var */
     static THREAD_LS_T word64 _esp_get_cycle_count_ex = 0;
@@ -1339,36 +1478,53 @@ static const char* bench_result_words3[][5] = {
         /*           unsigned int max       =              4,294,967,295    */
         uint64_t thisVal = 0; /* CPU counter, "this current value" as read. */
         uint64_t thisIncrement = 0; /* The adjusted increment amount.       */
-        uint64_t expected_diff = 0; /* FreeRTOS esimated expected CPU diff. */
+        uint64_t expected_diff = 0; /* FreeRTOS estimated expected CPU diff.*/
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        uint32_t tickCount = 0; /* Currrent rtos tick counter.              */
-        uint32_t tickDiff = 0;  /* Tick difference from last check.         */
-        uint32_t tickBeginDiff = 0; /* Tick difference from beginning.      */
+        uint64_t tickCount = 0; /* Current rtos tick counter.               */
+        uint64_t tickDiff = 0;  /* Tick difference from last check.         */
+        uint64_t tickBeginDiff = 0; /* Tick difference from beginning.      */
+    #endif
+    #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
+        uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */
+        uint64_t diffDiff = 0;   /* Difference between CPU & Timer differences:
+                                  * (current - last) */
     #endif
-
     #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
         defined(CONFIG_IDF_TARGET_ESP32C3) || \
         defined(CONFIG_IDF_TARGET_ESP32C6)
 
         #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
-            uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */
-            uint64_t diffDiff = 0;     /* Difference between CPU & Timer differences:
-                                        * (current - last) */
             ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisTimerVal));
             thisTimerVal = thisTimerVal * RESOLUTION_SCALE;
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
 
-        thisVal = esp_cpu_get_cycle_count();
+        #if ESP_IDF_VERSION_MAJOR >= 5
+            thisVal = esp_cpu_get_cycle_count();
+        #else
+            thisVal = cpu_hal_get_cycle_count();
+        #endif
 
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
         thisVal = esp_cpu_get_cycle_count();
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        thisVal = esp_timer_get_time();
     #else
         /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa?
          * Calling current_time(1) to reset time causes thisVal overflow,
          * on Xtensa, but not on RISC-V architecture. See also, below */
-        #ifndef __XTENSA__
+        #if defined(CONFIG_IDF_TARGET_ESP8266) || (ESP_IDF_VERSION_MAJOR < 5)
+            #ifndef configCPU_CLOCK_HZ
+                /* esp_cpu_get_cycle_count not available in ESP-IDF v4 */
+                #define configCPU_CLOCK_HZ \
+                       (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
+            #endif
+            /* There's no CPU counter on the ESP8266 (Tensilica). Using RTOS */
+            thisVal =  (uint64_t)xTaskGetTickCount() *
+                        (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ);
+        #elif defined(__XTENSA__)
             thisVal = esp_cpu_get_cycle_count();
         #else
+            /* Not Tensilica(ESP8266), not Xtensa(ESP32/-S2/-S3, then RISC-V */
             thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */
         #endif
     #endif
@@ -1379,9 +1535,9 @@ static const char* bench_result_words3[][5] = {
             tickDiff = tickCount - last_tickCount; /* ticks since bench start */
             expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */
             ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES);
-            ESP_LOGV(TAG, "tickCount           = %lu", tickCount);
-            ESP_LOGV(TAG, "last_tickCount      = %lu", last_tickCount);
-            ESP_LOGV(TAG, "tickDiff            = %lu", tickDiff);
+            ESP_LOGV(TAG, "tickCount           = %llu", tickCount);
+            ESP_LOGV(TAG, "last_tickCount      = " TFMT, last_tickCount);
+            ESP_LOGV(TAG, "tickDiff            = %llu", tickDiff);
             ESP_LOGV(TAG, "expected_diff1      = %llu", expected_diff);
         }
         #endif
@@ -1405,22 +1561,32 @@ static const char* bench_result_words3[][5] = {
             ** overflow CPU tick count, all will be well.
             */
             #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-                ESP_LOGW(TAG,
-                    "Alert: Detected xthal_get_ccount overflow at %llu, "
-                              "adding UINT_MAX.",
-                    thisVal);
+                ESP_LOGW(TAG, "Alert: Detected xthal_get_ccount overflow at "
+                              "(%llu < %llu) adding UINT_MAX = %llu.",
+                         thisVal, _esp_cpu_count_last, (uint64_t) UINT_MAX);
+            #endif
+            #if !defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ) && \
+                !defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+                #error "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ not found"
             #endif
 
             /* double check expected diff calc */
             #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-              expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
-                              * tickDiff / configTICK_RATE_HZ;
-              ESP_LOGI(TAG, "expected_diff2      = %llu", expected_diff);
+                #if  defined(CONFIG_IDF_TARGET_ESP8266)
+                    expected_diff = (CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ
+                                     * MILLION_VALUE)
+                                     * tickDiff / configTICK_RATE_HZ;
+                #else
+                    expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
+                                    * tickDiff / configTICK_RATE_HZ;
+
+                #endif
+                ESP_LOGI(TAG, "expected_diff2      = %llu", expected_diff);
             #endif
             if (expected_diff > UINT_MAX) {
                 /* The number of cycles expected from FreeRTOS ticks is
                  * greater than the maximum size of an unsigned 32-bit
-                 * integer, meaning multiple overflows occured. */
+                 * integer, meaning multiple overflows occurred. */
                 #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
                     ESP_LOGW(TAG, "expected_diff > UINT_MAX (%u)", UINT_MAX);
                 #endif
@@ -1435,11 +1601,11 @@ static const char* bench_result_words3[][5] = {
                 tickBeginDiff = tickCount - begin_cycles_ticks;
 
                 ESP_LOGI(TAG, "begin_cycles_ticks  = %llu", begin_cycles_ticks);
-                ESP_LOGI(TAG, "tickDiff            = %lu", tickDiff);
+                ESP_LOGI(TAG, "tickDiff            = %llu", tickDiff);
                 ESP_LOGI(TAG, "expected_diff       = %llu", expected_diff);
-                ESP_LOGI(TAG, "tickBeginDiff       = %lu", tickBeginDiff);
+                ESP_LOGI(TAG, "tickBeginDiff       = %llu", tickBeginDiff);
 
-                ESP_LOGW(TAG, "");
+                ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             }
             #endif
         }
@@ -1492,26 +1658,42 @@ static const char* bench_result_words3[][5] = {
                 ESP_LOGI(TAG, "diffDiff                 = %llu", diffDiff);
                 ESP_LOGI(TAG, "_xthal_get_ccount_exDiff = %llu", _xthal_get_ccount_exDiff);
             #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
-            _esp_cpu_count_last = esp_cpu_get_cycle_count();
+
+            #if ESP_IDF_VERSION_MAJOR >= 5
+                _esp_cpu_count_last = esp_cpu_get_cycle_count();
+            #else
+                _esp_cpu_count_last = cpu_hal_get_cycle_count();
+            #endif
+
             ESP_LOGV(TAG, "_xthal_get_ccount_last   = %llu", _esp_cpu_count_last);
         }
         #elif defined(CONFIG_IDF_TARGET_ESP32H2)
             _esp_cpu_count_last = esp_cpu_get_cycle_count();
         #else
             /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa
-             * when resetting CPU cycle counter? FreeRTOS tick collison?
+             * when resetting CPU cycle counter? FreeRTOS tick collision?
              *    thisVal = esp_cpu_get_cycle_count(); See also, above
              * or thisVal = xthal_get_ccount(); */
-            #if ESP_IDF_VERSION_MAJOR < 5
+            #if defined(CONFIG_IDF_TARGET_ESP8266)
+                /* There's no CPU counter on the ESP8266, so we'll estimate
+                 * cycles based on defined CPU frequency from sdkconfig and
+                 * the RTOS tick frequency */
+                _esp_cpu_count_last = (uint64_t)xTaskGetTickCount() *
+                           (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ);
+            #elif ESP_IDF_VERSION_MAJOR < 5
                 _esp_cpu_count_last = xthal_get_ccount();
             #else
                 _esp_cpu_count_last = esp_cpu_get_cycle_count();
             #endif
         #endif
 
+        #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
+            ESP_LOGI(TAG, "_esp_cpu_count_last = %llu", _esp_cpu_count_last);
+        #endif
+
         /* Return the 64 bit extended total from 32 bit counter. */
         return _esp_get_cycle_count_ex;
-    }
+    } /* esp_get_cycle_count_ex for esp_get_cpu_benchmark_cycles() */
 
 /* implement other architecture cycle counters here */
 
@@ -1560,22 +1742,12 @@ static const char* bench_result_words3[][5] = {
 #endif
 
 #ifdef LINUX_RUSAGE_UTIME
-    static void check_for_excessive_stime(const char *desc,
+    static void check_for_excessive_stime(const char *algo,
+                                          int strength,
+                                          const char *desc,
                                           const char *desc_extra);
 #endif
 
-#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) && \
-        !defined(HAVE_STACK_SIZE)
-#ifdef __cplusplus
-    extern "C" {
-#endif
-    WOLFSSL_API int wolfSSL_Debugging_ON(void);
-    WOLFSSL_API void wolfSSL_Debugging_OFF(void);
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-#endif
-
 #if !defined(WC_NO_RNG) && \
         ((!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) \
         || !defined(NO_DH) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC) \
@@ -1593,7 +1765,8 @@ static const char* bench_result_words3[][5] = {
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
     defined(HAVE_ECC) || !defined(NO_DH) || \
     !defined(NO_RSA) || defined(HAVE_SCRYPT) || \
-    defined(WOLFSSL_HAVE_KYBER)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
     #define BENCH_ASYM
 #endif
 
@@ -1601,7 +1774,8 @@ static const char* bench_result_words3[][5] = {
 #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
 static const char* bench_result_words2[][5] = {
 #ifdef BENCH_MICROSECOND
     { "ops took", "μsec"     , "avg" , "ops/μsec", NULL },   /* 0 English
@@ -1702,7 +1876,7 @@ static const char* bench_result_words2[][5] = {
     {
         WOLF_EVENT_STATE state = asyncDev->event.state;
 
-        if (*ret == WC_PENDING_E) {
+        if (*ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             if (state == WOLF_EVENT_STATE_DONE) {
                 *ret = asyncDev->event.ret;
                 asyncDev->event.state = WOLF_EVENT_STATE_READY;
@@ -1790,10 +1964,13 @@ static const char* bench_result_words2[][5] = {
     #define BENCH_MIN_RUNTIME_SEC   1.0F
 #endif
 
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
+    (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
+    static word32 aesAuthAddSz = AES_AUTH_ADD_SZ;
+#endif
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
     #define AES_AUTH_TAG_SZ 16
     #define BENCH_CIPHER_ADD AES_AUTH_TAG_SZ
-    static word32 aesAuthAddSz = AES_AUTH_ADD_SZ;
     #if !defined(AES_AAD_OPTIONS_DEFAULT)
         #if !defined(NO_MAIN_DRIVER)
             #define AES_AAD_OPTIONS_DEFAULT 0x1U
@@ -1839,23 +2016,40 @@ static const char* bench_result_words2[][5] = {
 #endif
 
 
+
+#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_AUTHSZ_BENCH)
+    #warning Large/Unalligned AuthSz could result in errors with /dev/crypto
+#endif
+
 /* use kB instead of mB for embedded benchmarking */
 #ifdef BENCH_EMBEDDED
+    #ifndef BENCH_NTIMES
+    #define BENCH_NTIMES 2
+    #endif
+    #ifndef BENCH_AGREETIMES
+    #define BENCH_AGREETIMES 2
+    #endif
     enum BenchmarkBounds {
         scryptCnt  = 1,
-        ntimes     = 2,
+        ntimes     = BENCH_NTIMES,
         genTimes   = BENCH_MAX_PENDING,
-        agreeTimes = 2
+        agreeTimes = BENCH_AGREETIMES
     };
     /* how many kB to test (en/de)cryption */
     #define NUM_BLOCKS 25
     #define BENCH_SIZE (1024uL)
 #else
+    #ifndef BENCH_NTIMES
+    #define BENCH_NTIMES 100
+    #endif
+    #ifndef BENCH_AGREETIMES
+    #define BENCH_AGREETIMES 100
+    #endif
     enum BenchmarkBounds {
         scryptCnt  = 10,
-        ntimes     = 100,
+        ntimes     = BENCH_NTIMES,
         genTimes   = BENCH_MAX_PENDING, /* must be at least BENCH_MAX_PENDING */
-        agreeTimes = 100
+        agreeTimes = BENCH_AGREETIMES
     };
     /* how many megs to test (en/de)cryption */
     #define NUM_BLOCKS 5
@@ -1866,6 +2060,14 @@ static int    numBlocks  = NUM_BLOCKS;
 static word32 bench_size = BENCH_SIZE;
 static int base2 = 1;
 static int digest_stream = 1;
+static int mac_stream = 1;
+static int aead_set_key = 0;
+#ifdef HAVE_CHACHA
+static int encrypt_only = 0;
+#endif
+#ifdef HAVE_AES_CBC
+static int cipher_same_buffer = 0;
+#endif
 
 #ifdef MULTI_VALUE_STATISTICS
 static int minimum_runs = 0;
@@ -2126,8 +2328,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 
 #ifdef WOLFSSL_ESPIDF
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu, start=" FLT_FMT,
-                       total_cycles, FLT_FMT_ARGS(*start) );
+        ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu"
+                      ", start=" FLT_FMT,
+                      total_cycles, FLT_FMT_ARGS(*start) );
     #endif
     BEGIN_ESP_CYCLES
 #else
@@ -2147,12 +2350,13 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 static WC_INLINE int bench_stats_check(double start)
 {
     int ret = 0;
-    double this_current_time;
+    double this_current_time = 0.0;
     this_current_time = current_time(0); /* get the timestamp, no reset */
-#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING)
-    #if (WOLFSSL_ESPIDF)
-        ESP_LOGI(TAG, "bench_stats_check Current time %f, start %f",
-                        this_current_time, start );
+
+#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF)
+    #if defined(WOLFSSL_ESPIDF)
+        ESP_LOGI(TAG, "bench_stats_check Current time = %f, start = %f",
+                       this_current_time, start );
     #endif
 #endif
 
@@ -2312,7 +2516,7 @@ static void bench_multi_value_stats(double max, double min, double sum,
 #endif
 
 /* countSz is number of bytes that 1 count represents. Normally bench_size,
- * except for AES direct that operates on AES_BLOCK_SIZE blocks */
+ * except for AES direct that operates on WC_AES_BLOCK_SIZE blocks */
 static void bench_stats_sym_finish(const char* desc, int useDeviceID,
                                    int count, word32 countSz,
                                    double start, int ret)
@@ -2338,7 +2542,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
 #endif
 
 #ifdef LINUX_RUSAGE_UTIME
-    check_for_excessive_stime(desc, "");
+    check_for_excessive_stime(desc, 0, "", "");
 #endif
 
     /* calculate actual bytes */
@@ -2540,7 +2744,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
 #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER)
+    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
 static void bench_stats_asym_finish_ex(const char* algo, int strength,
     const char* desc, const char* desc_extra, int useDeviceID, int count,
     double start, int ret)
@@ -2563,7 +2768,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
     total = current_time(0) - start;
 
 #ifdef LINUX_RUSAGE_UTIME
-    check_for_excessive_stime(desc, desc_extra);
+    check_for_excessive_stime(algo, strength, desc, desc_extra);
 #endif
 
 #ifdef GENERATE_MACHINE_PARSEABLE_REPORT
@@ -2894,8 +3099,8 @@ static void* benchmarks_do(void* args)
         bench_buf_size += 16 - (bench_buf_size % 16);
 
 #ifdef WOLFSSL_AFALG_XILINX_AES
-    bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16);
-    bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16);
+    bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */
+    bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */
 #else
     bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16,
                                  HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT);
@@ -2913,7 +3118,7 @@ static void* benchmarks_do(void* args)
 
 #ifndef NO_FILESYSTEM
     if (hash_input) {
-        int    rawSz;
+        size_t rawSz;
         XFILE  file;
         file = XFOPEN(hash_input, "rb");
         if (file == XBADFILE)
@@ -2932,7 +3137,7 @@ static void* benchmarks_do(void* args)
 
         XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT);
 
-        rawSz = (int)bench_buf_size;
+        rawSz = (size_t)bench_buf_size;
         if (bench_buf_size % 16)
             bench_buf_size += 16 - (bench_buf_size % 16);
 
@@ -2947,7 +3152,7 @@ static void* benchmarks_do(void* args)
         }
 
         if ((size_t)XFREAD(bench_plain, 1, rawSz, file)
-                != (size_t)rawSz) {
+                != rawSz) {
             XFCLOSE(file);
             goto exit;
         }
@@ -2959,7 +3164,7 @@ static void* benchmarks_do(void* args)
     }
 
     if (cipher_input) {
-        int    rawSz;
+        size_t rawSz;
         XFILE  file;
         file = XFOPEN(cipher_input, "rb");
         if (file == XBADFILE)
@@ -2978,7 +3183,7 @@ static void* benchmarks_do(void* args)
 
         XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT);
 
-        rawSz = (int)bench_buf_size;
+        rawSz = (size_t)bench_buf_size;
         if (bench_buf_size % 16)
             bench_buf_size += 16 - (bench_buf_size % 16);
 
@@ -2994,7 +3199,7 @@ static void* benchmarks_do(void* args)
         }
 
         if ((size_t)XFREAD(bench_cipher, 1, rawSz, file)
-                != (size_t)rawSz) {
+                != rawSz) {
             XFCLOSE(file);
             goto exit;
         }
@@ -3054,8 +3259,9 @@ static void* benchmarks_do(void* args)
     #endif
     #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \
          defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
-         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) && \
-        !defined(NO_HW_BENCH)
+         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) || \
+         ((defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+         defined(WOLF_CRYPTO_CB)) && !defined(NO_HW_BENCH)
         bench_aes_aad_options_wrap(bench_aesgcm, 1);
     #endif
     #ifndef NO_SW_BENCH
@@ -3154,6 +3360,10 @@ static void* benchmarks_do(void* args)
     #endif
     }
 #endif
+#ifdef HAVE_ASCON
+    if (bench_all || (bench_cipher_algs & BENCH_ASCON_AEAD128))
+        bench_ascon_aead();
+#endif
 #ifndef NO_MD5
     if (bench_all || (bench_digest_algs & BENCH_MD5)) {
     #ifndef NO_SW_BENCH
@@ -3327,6 +3537,10 @@ static void* benchmarks_do(void* args)
     if (bench_all || (bench_digest_algs & BENCH_BLAKE2S))
         bench_blake2s();
 #endif
+#ifdef HAVE_ASCON
+    if (bench_all || (bench_digest_algs & BENCH_ASCON_HASH256))
+        bench_ascon_hash();
+#endif
 #ifdef WOLFSSL_CMAC
     if (bench_all || (bench_mac_algs & BENCH_CMAC)) {
         bench_cmac(0);
@@ -3477,16 +3691,41 @@ static void* benchmarks_do(void* args)
 #endif
 
 #ifdef WOLFSSL_HAVE_KYBER
-    if (bench_all || (bench_asym_algs & BENCH_KYBER)) {
+    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
+            bench_kyber(WC_ML_KEM_512);
+        }
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
+            bench_kyber(WC_ML_KEM_768);
+        }
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
+            bench_kyber(WC_ML_KEM_1024);
+        }
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
-        bench_kyber(KYBER512);
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
+            bench_kyber(KYBER512);
+        }
     #endif
     #ifdef WOLFSSL_KYBER768
-        bench_kyber(KYBER768);
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
+            bench_kyber(KYBER768);
+        }
     #endif
     #ifdef WOLFSSL_KYBER1024
-        bench_kyber(KYBER1024);
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
+            bench_kyber(KYBER1024);
+        }
     #endif
+#endif
     }
 #endif
 
@@ -3497,9 +3736,29 @@ static void* benchmarks_do(void* args)
 #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
-    if (bench_all || (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT)) {
-        bench_xmss();
+    if (bench_all) {
+        bench_pq_hash_sig_algs |= BENCH_XMSS_XMSSMT;
     }
+#ifndef NO_SHA256
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHA256) {
+        bench_xmss(WC_HASH_TYPE_SHA256);
+    }
+#endif
+#ifdef WOLFSSL_SHA512
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHA512) {
+        bench_xmss(WC_HASH_TYPE_SHA512);
+    }
+#endif
+#ifdef WOLFSSL_SHAKE128
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHAKE128) {
+        bench_xmss(WC_HASH_TYPE_SHAKE128);
+    }
+#endif
+#ifdef WOLFSSL_SHAKE256
+    if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHAKE256) {
+        bench_xmss(WC_HASH_TYPE_SHAKE256);
+    }
+#endif
 #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
 
 #ifdef HAVE_ECC
@@ -3532,7 +3791,7 @@ static void* benchmarks_do(void* args)
             #endif
 
                 if (wc_ecc_get_curve_size_from_id(curveId) !=
-                        ECC_BAD_ARG_E) {
+                        WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
                     bench_ecc_curve(curveId);
                     if (csv_format != 1) {
                         printf("\n");
@@ -3650,7 +3909,6 @@ static void* benchmarks_do(void* args)
     #endif
 #endif
 
-#if defined(HAVE_LIBOQS)
 #ifdef HAVE_FALCON
     if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN))
         bench_falconKeySign(1);
@@ -3658,13 +3916,19 @@ static void* benchmarks_do(void* args)
         bench_falconKeySign(5);
 #endif
 #ifdef HAVE_DILITHIUM
+#ifndef WOLFSSL_NO_ML_DSA_44
     if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN))
         bench_dilithiumKeySign(2);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
     if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL3_SIGN))
         bench_dilithiumKeySign(3);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
     if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL5_SIGN))
         bench_dilithiumKeySign(5);
 #endif
+#endif
 #ifdef HAVE_SPHINCS
     if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL1_SIGN))
         bench_sphincsKeySign(1, FAST_VARIANT);
@@ -3679,7 +3943,6 @@ static void* benchmarks_do(void* args)
     if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL5_SIGN))
         bench_sphincsKeySign(5, SMALL_VARIANT);
 #endif
-#endif /* HAVE_LIBOQS */
 
 exit:
     /* free benchmark buffers */
@@ -3710,6 +3973,46 @@ exit:
     return NULL;
 }
 
+#if defined(HAVE_CPUID) && defined(WOLFSSL_TEST_STATIC_BUILD)
+static void print_cpu_features(void)
+{
+    word32 cpuid_flags = cpuid_get_flags();
+
+    printf("CPU: ");
+#ifdef HAVE_CPUID_INTEL
+    printf("Intel");
+#ifdef WOLFSSL_X86_64_BUILD
+    printf(" x86_64");
+#else
+    printf(" x86");
+#endif
+    printf(" -");
+    if (IS_INTEL_AVX1(cpuid_flags))   printf(" avx1");
+    if (IS_INTEL_AVX2(cpuid_flags))   printf(" avx2");
+    if (IS_INTEL_RDRAND(cpuid_flags)) printf(" rdrand");
+    if (IS_INTEL_RDSEED(cpuid_flags)) printf(" rdseed");
+    if (IS_INTEL_BMI2(cpuid_flags))   printf(" bmi2");
+    if (IS_INTEL_AESNI(cpuid_flags))  printf(" aesni");
+    if (IS_INTEL_ADX(cpuid_flags))    printf(" adx");
+    if (IS_INTEL_MOVBE(cpuid_flags))  printf(" movbe");
+    if (IS_INTEL_BMI1(cpuid_flags))   printf(" bmi1");
+    if (IS_INTEL_SHA(cpuid_flags))    printf(" sha");
+#endif
+#ifdef __aarch64__
+    printf("Aarch64 -");
+    if (IS_AARCH64_AES(cpuid_flags))    printf(" aes");
+    if (IS_AARCH64_PMULL(cpuid_flags))  printf(" pmull");
+    if (IS_AARCH64_SHA256(cpuid_flags)) printf(" sha256");
+    if (IS_AARCH64_SHA512(cpuid_flags)) printf(" sha512");
+    if (IS_AARCH64_RDM(cpuid_flags))    printf(" rdm");
+    if (IS_AARCH64_SHA3(cpuid_flags))   printf(" sha3");
+    if (IS_AARCH64_SM3(cpuid_flags))    printf(" sm3");
+    if (IS_AARCH64_SM4(cpuid_flags))    printf(" sm4");
+#endif
+    printf("\n");
+}
+#endif
+
 int benchmark_init(void)
 {
     int ret = 0;
@@ -3730,6 +4033,10 @@ int benchmark_init(void)
         return EXIT_FAILURE;
     }
 
+#if defined(HAVE_CPUID) && defined(WOLFSSL_TEST_STATIC_BUILD)
+    print_cpu_features();
+#endif
+
 #ifdef HAVE_WC_INTROSPECTION
     printf("Math: %s\n", wc_GetMathInfo());
 #endif
@@ -4013,29 +4320,36 @@ static void bench_aescbc_internal(int useDeviceID,
                                   const byte* iv, const char* encLabel,
                                   const char* decLabel)
 {
+    const byte* in = bench_cipher;
+    byte* out = bench_plain;
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                                 useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesSetKey(&enc[i], key, keySz, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, iv, AES_ENCRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
         }
     }
 
+    if (cipher_same_buffer) {
+        in = bench_plain;
+    }
+
     bench_stats_start(&count, &start);
     do {
         for (times = 0; times < numBlocks || pending > 0; ) {
@@ -4043,12 +4357,11 @@ static void bench_aescbc_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesCbcEncrypt(&enc[i], bench_plain, bench_cipher,
-                        bench_size);
+                    ret = wc_AesCbcEncrypt(enc[i], out, in, bench_size);
 
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_enc;
                     }
@@ -4077,7 +4390,7 @@ exit_aes_enc:
 #ifdef HAVE_AES_DECRYPT
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        ret = wc_AesSetKey(&enc[i], key, keySz, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, iv, AES_DECRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4093,12 +4406,11 @@ exit_aes_enc:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesCbcDecrypt(&enc[i], bench_cipher, bench_plain,
-                        bench_size);
+                    ret = wc_AesCbcDecrypt(enc[i], out, in, bench_size);
 
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_dec;
                     }
@@ -4125,8 +4437,11 @@ exit_aes_dec:
     (void)decLabel;
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 
@@ -4165,45 +4480,43 @@ static void bench_aesgcm_internal(int useDeviceID,
                                   const char* encLabel, const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #ifdef HAVE_AES_DECRYPT
-    Aes    dec[BENCH_MAX_PENDING+1];
+    WC_DECLARE_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #endif
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
-
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesgcm_internal malloc failed\n");
-        goto exit;
-    }
+
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
+#ifdef HAVE_AES_DECRYPT
+    WC_CALLOC_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
 #endif
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_additional)
-#endif
-        XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_tag)
-#endif
-        XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
+    XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
+    XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&enc[i], key, keySz);
-        if (ret != 0) {
-            printf("AesGcmSetKey failed, ret = %d\n", ret);
-            goto exit;
+        if (!aead_set_key) {
+            ret = wc_AesGcmSetKey(enc[i], key, keySz);
+            if (ret != 0) {
+                printf("AesGcmSetKey failed, ret = %d\n", ret);
+                goto exit;
+            }
         }
     }
 
@@ -4215,13 +4528,21 @@ static void bench_aesgcm_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmEncrypt(&enc[i], bench_cipher,
+                    if (aead_set_key) {
+                        ret = wc_AesGcmSetKey(enc[i], key, keySz);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(enc[i]), 0,
+                                                &times, &pending)) {
+                            goto exit_aes_gcm;
+                        }
+                    }
+                    ret = wc_AesGcmEncrypt(enc[i], bench_cipher,
                         bench_plain, bench_size,
                         iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
                         bench_additional, aesAuthAddSz);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm;
                     }
@@ -4244,22 +4565,23 @@ exit_aes_gcm:
 #endif
 
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(dec, 0, sizeof(dec));
 
     RESET_MULTI_VALUE_STATS_VARS();
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&dec[i], HEAP_HINT,
+        if ((ret = wc_AesInit(dec[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&dec[i], key, keySz);
-        if (ret != 0) {
-            printf("AesGcmSetKey failed, ret = %d\n", ret);
-            goto exit;
+        if (!aead_set_key) {
+            ret = wc_AesGcmSetKey(dec[i], key, keySz);
+            if (ret != 0) {
+                printf("AesGcmSetKey failed, ret = %d\n", ret);
+                goto exit;
+            }
         }
     }
 
@@ -4270,13 +4592,21 @@ exit_aes_gcm:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmDecrypt(&dec[i], bench_plain,
+                    if (aead_set_key) {
+                        ret = wc_AesGcmSetKey(dec[i], key, keySz);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(dec[i]), 0,
+                                                &times, &pending)) {
+                            goto exit_aes_gcm_dec;
+                        }
+                    }
+                    ret = wc_AesGcmDecrypt(dec[i], bench_plain,
                         bench_cipher, bench_size,
                         iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
                         bench_additional, aesAuthAddSz);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(dec[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm_dec;
                     }
@@ -4307,12 +4637,18 @@ exit:
         printf("bench_aesgcm failed: %d\n", ret);
     }
 #ifdef HAVE_AES_DECRYPT
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&dec[i]);
+    if (WC_ARRAY_OK(dec)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(dec[i]);
+        }
+        WC_FREE_ARRAY(dec, BENCH_MAX_PENDING, HEAP_HINT);
     }
 #endif
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 
     WC_FREE_VAR(bench_additional, HEAP_HINT);
@@ -4325,45 +4661,40 @@ static void bench_aesgcm_stream_internal(int useDeviceID,
     const char* encLabel, const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #ifdef HAVE_AES_DECRYPT
-    Aes    dec[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 #endif
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesgcm_internal malloc failed\n");
-        goto exit;
-    }
+
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
+
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
+#ifdef HAVE_AES_DECRYPT
+    WC_CALLOC_ARRAY(dec, Aes, BENCH_MAX_PENDING,
+                  sizeof(Aes), HEAP_HINT);
 #endif
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
-#ifdef HAVE_AES_DECRYPT
-    XMEMSET(dec, 0, sizeof(dec));
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_additional)
-#endif
-        XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
-#ifdef WOLFSSL_ASYNC_CRYPT
-    if (bench_tag)
-#endif
-        XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
+    XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
+    XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&enc[i], key, keySz);
+        ret = wc_AesGcmSetKey(enc[i], key, keySz);
         if (ret != 0) {
             printf("AesGcmSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4378,19 +4709,19 @@ static void bench_aesgcm_stream_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmEncryptInit(&enc[i], NULL, 0, iv, ivSz);
+                    ret = wc_AesGcmEncryptInit(enc[i], NULL, 0, iv, ivSz);
                     if (ret == 0) {
-                        ret = wc_AesGcmEncryptUpdate(&enc[i], bench_cipher,
+                        ret = wc_AesGcmEncryptUpdate(enc[i], bench_cipher,
                             bench_plain, bench_size, bench_additional,
                             aesAuthAddSz);
                     }
                     if (ret == 0) {
-                        ret = wc_AesGcmEncryptFinal(&enc[i], bench_tag,
+                        ret = wc_AesGcmEncryptFinal(enc[i], bench_tag,
                             AES_AUTH_TAG_SZ);
                     }
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm;
                     }
@@ -4415,13 +4746,13 @@ exit_aes_gcm:
 #ifdef HAVE_AES_DECRYPT
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&dec[i], HEAP_HINT,
+        if ((ret = wc_AesInit(dec[i], HEAP_HINT,
                         useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(&dec[i], key, keySz);
+        ret = wc_AesGcmSetKey(dec[i], key, keySz);
         if (ret != 0) {
             printf("AesGcmSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4437,19 +4768,19 @@ exit_aes_gcm:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_AesGcmDecryptInit(&enc[i], NULL, 0, iv, ivSz);
+                    ret = wc_AesGcmDecryptInit(enc[i], NULL, 0, iv, ivSz);
                     if (ret == 0) {
-                        ret = wc_AesGcmDecryptUpdate(&enc[i], bench_plain,
+                        ret = wc_AesGcmDecryptUpdate(enc[i], bench_plain,
                             bench_cipher, bench_size, bench_additional,
                             aesAuthAddSz);
                     }
                     if (ret == 0) {
-                        ret = wc_AesGcmDecryptFinal(&enc[i], bench_tag,
+                        ret = wc_AesGcmDecryptFinal(enc[i], bench_tag,
                             AES_AUTH_TAG_SZ);
                     }
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(dec[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_gcm_dec;
                     }
@@ -4480,12 +4811,18 @@ exit:
         printf("bench_aesgcm failed: %d\n", ret);
     }
 #ifdef HAVE_AES_DECRYPT
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&dec[i]);
+    if (WC_ARRAY_OK(dec)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(dec[i]);
+        }
+        WC_FREE_ARRAY(dec, BENCH_MAX_PENDING, HEAP_HINT);
     }
 #endif
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 
     WC_FREE_VAR(bench_additional, HEAP_HINT);
@@ -4565,6 +4902,14 @@ void bench_gmac(int useDeviceID)
     const char* gmacStr = "GMAC Default";
 #endif
 
+/* Implementations of /Dev/Crypto will error out if the size of Auth in is */
+/* greater than the system's page size */
+#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_AUTHSZ_BENCH)
+    bench_size = WOLFSSL_AUTHSZ_BENCH;
+#elif defined(WOLFSSL_DEVCRYPTO)
+    bench_size = sysconf(_SC_PAGESIZE);
+#endif
+
     /* init keys */
     XMEMSET(bench_plain, 0, bench_size);
     XMEMSET(tag, 0, sizeof(tag));
@@ -4595,7 +4940,13 @@ void bench_gmac(int useDeviceID)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
-
+#if defined(WOLFSSL_DEVCRYPTO)
+    if (ret != 0 && (bench_size > sysconf(_SC_PAGESIZE))) {
+        printf("authIn Buffer Size[%d] greater than System Page Size[%ld]\n",
+                        bench_size, sysconf(_SC_PAGESIZE));
+    }
+    bench_size = BENCH_SIZE;
+#endif
 }
 
 #endif /* HAVE_AESGCM */
@@ -4607,27 +4958,28 @@ static void bench_aesecb_internal(int useDeviceID,
                                   const char* encLabel, const char* decLabel)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Aes    enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 #ifdef HAVE_FIPS
-    const int benchSz = AES_BLOCK_SIZE;
+    const word32 benchSz = WC_AES_BLOCK_SIZE;
 #else
-    const int benchSz = (int)bench_size;
+    const word32 benchSz = bench_size;
 #endif
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING,
+                     sizeof(Aes), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_AesInit(&enc[i], HEAP_HINT,
+        if ((ret = wc_AesInit(enc[i], HEAP_HINT,
                                 useDeviceID ? devId: INVALID_DEVID)) != 0) {
-            printf("AesInit failed, ret = %d\n", ret);
+            printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
             goto exit;
         }
 
-        ret = wc_AesSetKey(&enc[i], key, keySz, bench_iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, bench_iv, AES_ENCRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4636,7 +4988,7 @@ static void bench_aesecb_internal(int useDeviceID,
 
     bench_stats_start(&count, &start);
     do {
-        int outer_loop_limit = (((int)bench_size / benchSz) * 10) + 1;
+        int outer_loop_limit = (int)((bench_size / benchSz) * 10) + 1;
         for (times = 0;
              times < outer_loop_limit /* numBlocks */ || pending > 0;
             ) {
@@ -4644,16 +4996,16 @@ static void bench_aesecb_internal(int useDeviceID,
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
-                                      &times, numBlocks, &pending)) {
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
+                                      &times, outer_loop_limit, &pending)) {
                 #ifdef HAVE_FIPS
-                    wc_AesEncryptDirect(&enc[i], bench_cipher, bench_plain);
+                    wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
                 #else
-                    wc_AesEcbEncrypt(&enc[i], bench_cipher, bench_plain,
+                    wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain,
                         benchSz);
                 #endif
                     ret = 0;
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_enc;
                     }
@@ -4678,7 +5030,7 @@ exit_aes_enc:
 #ifdef HAVE_AES_DECRYPT
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        ret = wc_AesSetKey(&enc[i], key, keySz, bench_iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(enc[i], key, keySz, bench_iv, AES_DECRYPTION);
         if (ret != 0) {
             printf("AesSetKey failed, ret = %d\n", ret);
             goto exit;
@@ -4689,22 +5041,22 @@ exit_aes_enc:
 
     bench_stats_start(&count, &start);
     do {
-        int outer_loop_limit = (10 * ((int)bench_size / benchSz)) + 1;
+        int outer_loop_limit = (int)(10 * (bench_size / benchSz)) + 1;
         for (times = 0; times < outer_loop_limit || pending > 0; ) {
             bench_async_poll(&pending);
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
-                                      &times, numBlocks, &pending)) {
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
+                                      &times, outer_loop_limit, &pending)) {
                 #ifdef HAVE_FIPS
-                    wc_AesDecryptDirect(&enc[i], bench_plain, bench_cipher);
+                    wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
                 #else
-                    wc_AesEcbDecrypt(&enc[i], bench_plain, bench_cipher,
+                    wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher,
                         benchSz);
                 #endif
                     ret = 0;
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_aes_dec;
                     }
@@ -4728,10 +5080,15 @@ exit_aes_dec:
 
 #endif /* HAVE_AES_DECRYPT */
 
+    (void)decLabel;
+
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_AesFree(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_AesFree(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 
@@ -4764,14 +5121,14 @@ static void bench_aescfb_internal(const byte* key,
 
     ret = wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID);
     if (ret != 0) {
-        printf("AesInit failed, ret = %d\n", ret);
+        printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
         return;
     }
 
     ret = wc_AesSetKey(&enc, key, keySz, iv, AES_ENCRYPTION);
     if (ret != 0) {
         printf("AesSetKey failed, ret = %d\n", ret);
-        return;
+        goto out;
     }
 
     bench_stats_start(&count, &start);
@@ -4780,7 +5137,7 @@ static void bench_aescfb_internal(const byte* key,
             if((ret = wc_AesCfbEncrypt(&enc, bench_plain, bench_cipher,
                             bench_size)) != 0) {
                 printf("wc_AesCfbEncrypt failed, ret = %d\n", ret);
-                return;
+                goto out;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -4795,6 +5152,11 @@ static void bench_aescfb_internal(const byte* key,
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+out:
+
+    wc_AesFree(&enc);
+    return;
 }
 
 void bench_aescfb(void)
@@ -4824,7 +5186,7 @@ static void bench_aesofb_internal(const byte* key,
 
     ret = wc_AesInit(&enc, NULL, INVALID_DEVID);
     if (ret != 0) {
-        printf("AesInit failed, ret = %d\n", ret);
+        printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret);
         return;
     }
 
@@ -4877,37 +5239,39 @@ void bench_aesofb(void)
 #ifdef WOLFSSL_AES_XTS
 void bench_aesxts(void)
 {
-    XtsAes aes;
+    WC_DECLARE_VAR(aes, XtsAes, 1, HEAP_HINT);
     double start;
     int    i, count, ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    static unsigned char k1[] = {
+    static const unsigned char k1[] = {
         0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
         0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
         0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
         0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
     };
 
-    static unsigned char i1[] = {
+    static const unsigned char i1[] = {
         0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
         0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
     };
 
-    ret = wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION,
+    WC_ALLOC_VAR(aes, XtsAes, 1, HEAP_HINT);
+
+    ret = wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
             HEAP_HINT, devId);
     if (ret != 0) {
         printf("wc_AesXtsSetKey failed, ret = %d\n", ret);
-        return;
+        goto exit;
     }
 
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            if ((ret = wc_AesXtsEncrypt(&aes, bench_cipher, bench_plain,
+            if ((ret = wc_AesXtsEncrypt(aes, bench_cipher, bench_plain,
                             bench_size, i1, sizeof(i1))) != 0) {
                 printf("wc_AesXtsEncrypt failed, ret = %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -4922,14 +5286,14 @@ void bench_aesxts(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
-    wc_AesXtsFree(&aes);
+    wc_AesXtsFree(aes);
 
     /* decryption benchmark */
-    ret = wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION,
+    ret = wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
             HEAP_HINT, devId);
     if (ret != 0) {
         printf("wc_AesXtsSetKey failed, ret = %d\n", ret);
-        return;
+        goto exit;
     }
 
     RESET_MULTI_VALUE_STATS_VARS();
@@ -4937,10 +5301,10 @@ void bench_aesxts(void)
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            if ((ret = wc_AesXtsDecrypt(&aes, bench_plain, bench_cipher,
+            if ((ret = wc_AesXtsDecrypt(aes, bench_plain, bench_cipher,
                             bench_size, i1, sizeof(i1))) != 0) {
                 printf("wc_AesXtsDecrypt failed, ret = %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -4955,7 +5319,11 @@ void bench_aesxts(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
-    wc_AesXtsFree(&aes);
+
+exit:
+
+    wc_AesXtsFree(aes);
+    WC_FREE_VAR(aes, HEAP_HINT);
 }
 #endif /* WOLFSSL_AES_XTS */
 
@@ -5024,6 +5392,7 @@ void bench_aesctr(int useDeviceID)
 void bench_aesccm(int useDeviceID)
 {
     Aes    enc;
+    int    enc_inited = 0;
     double start;
     int    ret, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
@@ -5031,18 +5400,15 @@ void bench_aesccm(int useDeviceID)
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesccm malloc failed\n");
-        goto exit;
-    }
-#endif
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
     XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
     XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
 
     if ((ret = wc_AesInit(&enc, HEAP_HINT,
-        useDeviceID ? devId : INVALID_DEVID)) != 0) {
+        useDeviceID ? devId : INVALID_DEVID)) != 0)
+    {
         printf("wc_AesInit failed, ret = %d\n", ret);
         goto exit;
     }
@@ -5051,6 +5417,7 @@ void bench_aesccm(int useDeviceID)
         printf("wc_AesCcmSetKey failed, ret = %d\n", ret);
         goto exit;
     }
+    enc_inited = 1;
 
     bench_stats_start(&count, &start);
     do {
@@ -5077,6 +5444,7 @@ void bench_aesccm(int useDeviceID)
         goto exit;
     }
 
+#ifdef HAVE_AES_DECRYPT
     RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
@@ -5103,9 +5471,13 @@ void bench_aesccm(int useDeviceID)
         printf("wc_AesCcmEncrypt failed, ret = %d\n", ret);
         goto exit;
     }
+#endif
 
   exit:
 
+    if (enc_inited)
+        wc_AesFree(&enc);
+
     WC_FREE_VAR(bench_additional, HEAP_HINT);
     WC_FREE_VAR(bench_tag, HEAP_HINT);
 }
@@ -5118,9 +5490,9 @@ static void bench_aessiv_internal(const byte* key, word32 keySz, const char*
 {
     int i;
     int ret = 0;
-    byte assoc[AES_BLOCK_SIZE];
-    byte nonce[AES_BLOCK_SIZE];
-    byte siv[AES_BLOCK_SIZE];
+    byte assoc[WC_AES_BLOCK_SIZE];
+    byte nonce[WC_AES_BLOCK_SIZE];
+    byte siv[WC_AES_BLOCK_SIZE];
     int count = 0;
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
@@ -5128,8 +5500,8 @@ static void bench_aessiv_internal(const byte* key, word32 keySz, const char*
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            ret = wc_AesSivEncrypt(key, keySz, assoc, AES_BLOCK_SIZE, nonce,
-                                   AES_BLOCK_SIZE, bench_plain, bench_size,
+            ret = wc_AesSivEncrypt(key, keySz, assoc, WC_AES_BLOCK_SIZE, nonce,
+                                   WC_AES_BLOCK_SIZE, bench_plain, bench_size,
                                    siv, bench_cipher);
             if (ret != 0) {
                 printf("wc_AesSivEncrypt failed (%d)\n", ret);
@@ -5154,8 +5526,8 @@ static void bench_aessiv_internal(const byte* key, word32 keySz, const char*
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            ret = wc_AesSivDecrypt(key, keySz, assoc, AES_BLOCK_SIZE, nonce,
-                                   AES_BLOCK_SIZE, bench_cipher, bench_size,
+            ret = wc_AesSivDecrypt(key, keySz, assoc, WC_AES_BLOCK_SIZE, nonce,
+                                   WC_AES_BLOCK_SIZE, bench_cipher, bench_size,
                                    siv, bench_plain);
             if (ret != 0) {
                 printf("wc_AesSivDecrypt failed (%d)\n", ret);
@@ -5255,7 +5627,7 @@ void bench_poly1305(void)
 #ifdef HAVE_CAMELLIA
 void bench_camellia(void)
 {
-    Camellia cam;
+    wc_Camellia cam;
     double   start;
     int      ret, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
@@ -5372,17 +5744,14 @@ void bench_sm4_gcm(void)
 
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesgcm_internal malloc failed\n");
-        return;
-    }
-#endif
+
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
     ret = wc_Sm4GcmSetKey(&sm4, bench_key, SM4_KEY_SIZE);
     if (ret != 0) {
         printf("Sm4GcmSetKey failed, ret = %d\n", ret);
-        return;
+        goto exit;
     }
 
     bench_stats_start(&count, &start);
@@ -5393,7 +5762,7 @@ void bench_sm4_gcm(void)
                 bench_additional, aesAuthAddSz);
             if (ret < 0) {
                 printf("Sm4GcmEncrypt failed: %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -5419,7 +5788,7 @@ void bench_sm4_gcm(void)
                 bench_additional, aesAuthAddSz);
             if (ret < 0) {
                 printf("Sm4GcmDecrypt failed: %d\n", ret);
-                return;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -5434,11 +5803,16 @@ void bench_sm4_gcm(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(bench_additional, HEAP_HINT);
+    WC_FREE_VAR(bench_tag, HEAP_HINT);
 }
 #endif
 
 #ifdef WOLFSSL_SM4_CCM
-void bench_sm4_ccm()
+void bench_sm4_ccm(void)
 {
     wc_Sm4 enc;
     double start;
@@ -5448,12 +5822,8 @@ void bench_sm4_ccm()
     WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (bench_additional == NULL || bench_tag == NULL) {
-        printf("bench_aesccm malloc failed\n");
-        goto exit;
-    }
-#endif
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT);
 
     XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ);
     XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
@@ -5523,22 +5893,23 @@ void bench_sm4_ccm()
 void bench_des(int useDeviceID)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Des3   enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Des3, BENCH_MAX_PENDING,
+                     sizeof(Des3), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Des3, BENCH_MAX_PENDING,
+                     sizeof(Des3), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_Des3Init(&enc[i], HEAP_HINT,
+        if ((ret = wc_Des3Init(enc[i], HEAP_HINT,
                                 useDeviceID ? devId : INVALID_DEVID)) != 0) {
             printf("Des3Init failed, ret = %d\n", ret);
             goto exit;
         }
 
-        ret = wc_Des3_SetKey(&enc[i], bench_key, bench_iv, DES_ENCRYPTION);
+        ret = wc_Des3_SetKey(enc[i], bench_key, bench_iv, DES_ENCRYPTION);
         if (ret != 0) {
             printf("Des3_SetKey failed, ret = %d\n", ret);
             goto exit;
@@ -5552,12 +5923,12 @@ void bench_des(int useDeviceID)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_Des3_CbcEncrypt(&enc[i],
+                    ret = wc_Des3_CbcEncrypt(enc[i],
                                              bench_cipher,
                                              bench_plain, bench_size);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_3des;
                     }
@@ -5580,8 +5951,11 @@ exit_3des:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Des3Free(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Des3Free(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 #endif /* !NO_DES3 */
@@ -5591,22 +5965,23 @@ exit:
 void bench_arc4(int useDeviceID)
 {
     int    ret = 0, i, count = 0, times, pending = 0;
-    Arc4   enc[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(enc, Arc4, BENCH_MAX_PENDING,
+                     sizeof(Arc4), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* clear for done cleanup */
-    XMEMSET(enc, 0, sizeof(enc));
+    WC_CALLOC_ARRAY(enc, Arc4, BENCH_MAX_PENDING,
+                     sizeof(Arc4), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        if ((ret = wc_Arc4Init(&enc[i], HEAP_HINT,
+        if ((ret = wc_Arc4Init(enc[i], HEAP_HINT,
                             useDeviceID ? devId : INVALID_DEVID)) != 0) {
             printf("Arc4Init failed, ret = %d\n", ret);
             goto exit;
         }
 
-        ret = wc_Arc4SetKey(&enc[i], bench_key, 16);
+        ret = wc_Arc4SetKey(enc[i], bench_key, 16);
         if (ret != 0) {
             printf("Arc4SetKey failed, ret = %d\n", ret);
             goto exit;
@@ -5620,11 +5995,11 @@ void bench_arc4(int useDeviceID)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
-                    ret = wc_Arc4Process(&enc[i], bench_cipher, bench_plain,
+                    ret = wc_Arc4Process(enc[i], bench_cipher, bench_plain,
                                          bench_size);
-                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]),
+                    if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]),
                                             0, &times, &pending)) {
                         goto exit_arc4;
                     }
@@ -5647,8 +6022,11 @@ exit_arc4:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Arc4Free(&enc[i]);
+    if (WC_ARRAY_OK(enc)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Arc4Free(enc[i]);
+        }
+        WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 #endif /* !NO_RC4 */
@@ -5657,32 +6035,72 @@ exit:
 #ifdef HAVE_CHACHA
 void bench_chacha(void)
 {
-    ChaCha enc;
+    WC_DECLARE_VAR(enc, ChaCha, 1, HEAP_HINT);
     double start;
-    int    i, count;
+    int    ret, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    XMEMSET(&enc, 0, sizeof(enc));
-    wc_Chacha_SetKey(&enc, bench_key, 16);
+    WC_ALLOC_VAR(enc, ChaCha, 1, HEAP_HINT);
 
-    bench_stats_start(&count, &start);
-    do {
-        for (i = 0; i < numBlocks; i++) {
-            wc_Chacha_SetIV(&enc, bench_iv, 0);
-            wc_Chacha_Process(&enc, bench_cipher, bench_plain, bench_size);
-            RECORD_MULTI_VALUE_STATS();
+    XMEMSET(enc, 0, sizeof(ChaCha));
+    wc_Chacha_SetKey(enc, bench_key, 16);
+
+    if (encrypt_only) {
+        ret = wc_Chacha_SetIV(enc, bench_iv, 0);
+        if (ret < 0) {
+            printf("wc_Chacha_SetIV error: %d\n", ret);
+            goto exit;
         }
-        count += i;
-    } while (bench_stats_check(start)
-#ifdef MULTI_VALUE_STATISTICS
-        || runs < minimum_runs
-#endif
-        );
+        bench_stats_start(&count, &start);
+        do {
+            for (i = 0; i < numBlocks; i++) {
+                ret = wc_Chacha_Process(enc, bench_cipher, bench_plain,
+                    bench_size);
+                if (ret < 0) {
+                    printf("wc_Chacha_Process error: %d\n", ret);
+                    goto exit;
+                }
+                RECORD_MULTI_VALUE_STATS();
+            }
+            count += i;
+        } while (bench_stats_check(start)
+    #ifdef MULTI_VALUE_STATISTICS
+            || runs < minimum_runs
+    #endif
+            );
+    }
+    else {
+        bench_stats_start(&count, &start);
+        do {
+            for (i = 0; i < numBlocks; i++) {
+                ret = wc_Chacha_SetIV(enc, bench_iv, 0);
+                if (ret < 0) {
+                    printf("wc_Chacha_SetIV error: %d\n", ret);
+                    goto exit;
+                }
+                ret = wc_Chacha_Process(enc, bench_cipher, bench_plain,
+                    bench_size);
+                if (ret < 0) {
+                    printf("wc_Chacha_Process error: %d\n", ret);
+                    goto exit;
+                }
+                RECORD_MULTI_VALUE_STATS();
+            }
+            count += i;
+        } while (bench_stats_check(start)
+    #ifdef MULTI_VALUE_STATISTICS
+            || runs < minimum_runs
+    #endif
+            );
+    }
 
     bench_stats_sym_finish("CHACHA", 0, count, bench_size, start, 0);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+    WC_FREE_VAR(enc, HEAP_HINT);
 }
 #endif /* HAVE_CHACHA*/
 
@@ -5693,17 +6111,22 @@ void bench_chacha20_poly1305_aead(void)
     int    ret = 0, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-    XMEMSET(authTag, 0, sizeof(authTag));
+    WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_DECLARE_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT);
+    XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
+    XMEMSET(authTag, 0, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE);
 
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
-                bench_plain, bench_size, bench_cipher, authTag);
+            ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv,
+                bench_additional, aesAuthAddSz, bench_plain, bench_size,
+                bench_cipher, authTag);
             if (ret < 0) {
                 printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -5718,37 +6141,103 @@ void bench_chacha20_poly1305_aead(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(authTag, HEAP_HINT);
+    WC_FREE_VAR(bench_additional, HEAP_HINT);
 }
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 
+#ifdef HAVE_ASCON
+
+void bench_ascon_aead(void)
+{
+#define ASCON_AD (byte*)"ADADADADAD"
+#define ASCON_AD_SZ XSTR_SIZEOF(ASCON_AD)
+    double start;
+    int    ret = 0, i, count;
+    WC_DECLARE_VAR(authTag, byte, ASCON_AEAD128_TAG_SZ, HEAP_HINT);
+    WC_DECLARE_VAR(enc, wc_AsconAEAD128, 1, HEAP_HINT);
+    DECLARE_MULTI_VALUE_STATS_VARS()
+
+    WC_ALLOC_VAR(authTag, byte, ASCON_AEAD128_TAG_SZ, HEAP_HINT);
+    XMEMSET(authTag, 0, ASCON_AEAD128_TAG_SZ);
+
+    WC_ALLOC_VAR(enc, wc_AsconAEAD128, 1, HEAP_HINT);
+    XMEMSET(enc, 0, sizeof(wc_AsconAEAD128));
+
+    bench_stats_start(&count, &start);
+    do {
+        for (i = 0; i < numBlocks; i++) {
+            ret = wc_AsconAEAD128_Init(enc);
+            if (ret == 0)
+                ret = wc_AsconAEAD128_SetKey(enc, bench_key);
+            if (ret == 0)
+                ret = wc_AsconAEAD128_SetNonce(enc, bench_iv);
+            if (ret == 0)
+                ret = wc_AsconAEAD128_SetAD(enc, ASCON_AD, ASCON_AD_SZ);
+            if (ret == 0) {
+                ret = wc_AsconAEAD128_EncryptUpdate(enc, bench_cipher,
+                        bench_plain, bench_size);
+            }
+            if (ret == 0)
+                ret = wc_AsconAEAD128_EncryptFinal(enc, authTag);
+            wc_AsconAEAD128_Clear(enc);
+
+            if (ret != 0) {
+                printf("ASCON-AEAD error: %d\n", ret);
+                goto exit;
+            }
+            RECORD_MULTI_VALUE_STATS();
+        }
+        count += i;
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+        || runs < minimum_runs
+#endif
+        );
+
+    bench_stats_sym_finish("ASCON-AEAD", 0, count, bench_size, start, ret);
+#ifdef MULTI_VALUE_STATISTICS
+    bench_multi_value_stats(max, min, sum, squareSum, runs);
+#endif
+
+exit:
+
+    WC_FREE_VAR(authTag, HEAP_HINT);
+    WC_FREE_VAR(enc, HEAP_HINT);
+}
+
+#endif /* HAVE_ASCON */
 
 #ifndef NO_MD5
 void bench_md5(int useDeviceID)
 {
-    wc_Md5 hash[BENCH_MAX_PENDING];
-    double start;
+    WC_DECLARE_ARRAY(hash, wc_Md5, BENCH_MAX_PENDING,
+                     sizeof(wc_Md5), HEAP_HINT);
+    double start = 0;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
-
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_MD5_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_MD5_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Md5, BENCH_MAX_PENDING,
+                     sizeof(wc_Md5), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_MD5_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitMd5_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitMd5_ex(hash[i], HEAP_HINT,
                         useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitMd5_ex failed, ret = %d\n", ret);
                 goto exit;
             }
         #ifdef WOLFSSL_PIC32MZ_HASH
-            wc_Md5SizeSet(&hash[i], numBlocks * bench_size);
+            wc_Md5SizeSet(hash[i], numBlocks * bench_size);
         #endif
         }
 
@@ -5759,12 +6248,12 @@ void bench_md5(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Md5Update(&hash[i], bench_plain,
+                        ret = wc_Md5Update(hash[i], bench_plain,
                                            bench_size);
                         if (!bench_async_handle(&ret,
-                                                BENCH_ASYNC_GET_DEV(&hash[i]),
+                                                BENCH_ASYNC_GET_DEV(hash[i]),
                                                 0, &times, &pending)) {
                             goto exit_md5;
                         }
@@ -5779,11 +6268,11 @@ void bench_md5(int useDeviceID)
                 bench_async_poll(&pending);
 
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Md5Final(&hash[i], digest[i]);
+                        ret = wc_Md5Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_md5;
                         }
@@ -5800,11 +6289,11 @@ void bench_md5(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitMd5_ex(hash, HEAP_HINT, INVALID_DEVID);
+                ret = wc_InitMd5_ex(hash[0], HEAP_HINT, INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Md5Update(hash, bench_plain, bench_size);
+                    ret = wc_Md5Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Md5Final(hash, digest[0]);
+                    ret = wc_Md5Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_md5;
                 RECORD_MULTI_VALUE_STATS();
@@ -5825,11 +6314,14 @@ exit_md5:
 exit:
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Md5Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Md5Free(hash[i]);
+        }
     }
 #endif
 
+    WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* !NO_MD5 */
@@ -5838,29 +6330,30 @@ exit:
 #ifndef NO_SHA
 void bench_sha(int useDeviceID)
 {
-    wc_Sha hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha failed, ret = %d\n", ret);
                 goto exit;
             }
         #ifdef WOLFSSL_PIC32MZ_HASH
-            wc_ShaSizeSet(&hash[i], numBlocks * bench_size);
+            wc_ShaSizeSet(hash[i], numBlocks * bench_size);
         #endif
         }
 
@@ -5871,12 +6364,12 @@ void bench_sha(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_ShaUpdate(&hash[i], bench_plain,
+                        ret = wc_ShaUpdate(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha;
                         }
@@ -5891,11 +6384,11 @@ void bench_sha(int useDeviceID)
                 bench_async_poll(&pending);
 
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_ShaFinal(&hash[i], digest[i]);
+                        ret = wc_ShaFinal(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha;
                         }
@@ -5912,12 +6405,12 @@ void bench_sha(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha_ex(hash, HEAP_HINT,
+                ret = wc_InitSha_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_ShaUpdate(hash, bench_plain, bench_size);
+                    ret = wc_ShaUpdate(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_ShaFinal(hash, digest[0]);
+                    ret = wc_ShaFinal(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha;
                 RECORD_MULTI_VALUE_STATS();
@@ -5937,10 +6430,12 @@ exit_sha:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ShaFree(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_ShaFree(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* NO_SHA */
@@ -5949,22 +6444,23 @@ exit:
 #ifdef WOLFSSL_SHA224
 void bench_sha224(int useDeviceID)
 {
-    wc_Sha224 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha224), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA224_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA224_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha224), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA224_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha224_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha224_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha224_ex failed, ret = %d\n", ret);
@@ -5979,12 +6475,12 @@ void bench_sha224(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha224Update(&hash[i], bench_plain,
+                        ret = wc_Sha224Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha224;
                         }
@@ -5998,11 +6494,11 @@ void bench_sha224(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha224Final(&hash[i], digest[i]);
+                        ret = wc_Sha224Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha224;
                         }
@@ -6019,12 +6515,12 @@ void bench_sha224(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha224_ex(hash, HEAP_HINT,
+                ret = wc_InitSha224_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha224Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha224Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha224Final(hash, digest[0]);
+                    ret = wc_Sha224Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha224;
             } /* for times */
@@ -6044,10 +6540,12 @@ exit_sha224:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha224Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha224Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -6056,29 +6554,30 @@ exit:
 #ifndef NO_SHA256
 void bench_sha256(int useDeviceID)
 {
-    wc_Sha256 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha256), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA256_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA256_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha256), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA256_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha256_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha256_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId: INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha256_ex failed, ret = %d\n", ret);
                 goto exit;
             }
         #ifdef WOLFSSL_PIC32MZ_HASH
-            wc_Sha256SizeSet(&hash[i], numBlocks * bench_size);
+            wc_Sha256SizeSet(hash[i], numBlocks * bench_size);
         #endif
         }
 
@@ -6089,12 +6588,12 @@ void bench_sha256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha256Update(&hash[i], bench_plain,
+                        ret = wc_Sha256Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha256;
                         }
@@ -6108,11 +6607,11 @@ void bench_sha256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha256Final(&hash[i], digest[i]);
+                        ret = wc_Sha256Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha256;
                         }
@@ -6129,12 +6628,12 @@ void bench_sha256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha256_ex(hash, HEAP_HINT,
+                ret = wc_InitSha256_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId: INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha256Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha256Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha256Final(hash, digest[0]);
+                    ret = wc_Sha256Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha256;
                 RECORD_MULTI_VALUE_STATS();
@@ -6153,10 +6652,12 @@ exit_sha256:
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 exit:
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha256Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha256Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -6164,22 +6665,23 @@ exit:
 #ifdef WOLFSSL_SHA384
 void bench_sha384(int useDeviceID)
 {
-    wc_Sha384 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha384, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha384), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA384_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA384_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha384, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha384), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA384_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha384_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha384_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha384_ex failed, ret = %d\n", ret);
@@ -6194,12 +6696,12 @@ void bench_sha384(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha384Update(&hash[i], bench_plain,
+                        ret = wc_Sha384Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha384;
                         }
@@ -6213,11 +6715,11 @@ void bench_sha384(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha384Final(&hash[i], digest[i]);
+                        ret = wc_Sha384Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha384;
                         }
@@ -6234,12 +6736,12 @@ void bench_sha384(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha384_ex(hash, HEAP_HINT,
+                ret = wc_InitSha384_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha384Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha384Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha384Final(hash, digest[0]);
+                    ret = wc_Sha384Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha384;
                 RECORD_MULTI_VALUE_STATS();
@@ -6260,10 +6762,12 @@ exit_sha384:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha384Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha384Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -6271,22 +6775,23 @@ exit:
 #ifdef WOLFSSL_SHA512
 void bench_sha512(int useDeviceID)
 {
-    wc_Sha512 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha512, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA512_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA512_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha512, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA512_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha512_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha512_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha512_ex failed, ret = %d\n", ret);
@@ -6301,12 +6806,12 @@ void bench_sha512(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512Update(&hash[i], bench_plain,
+                        ret = wc_Sha512Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512;
                         }
@@ -6320,11 +6825,11 @@ void bench_sha512(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512Final(&hash[i], digest[i]);
+                        ret = wc_Sha512Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512;
                         }
@@ -6341,12 +6846,12 @@ void bench_sha512(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha512_ex(hash, HEAP_HINT,
+                ret = wc_InitSha512_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha512Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha512Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha512Final(hash, digest[0]);
+                    ret = wc_Sha512Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha512;
                 RECORD_MULTI_VALUE_STATS();
@@ -6367,10 +6872,12 @@ exit_sha512:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha512Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha512Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 
@@ -6378,22 +6885,23 @@ exit:
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 void bench_sha512_224(int useDeviceID)
 {
-    wc_Sha512_224 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha512_224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_224), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
-   WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
+    WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA512_224_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA512_224_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha512_224, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_224), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA512_224_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha512_224_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha512_224_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha512_224_ex failed, ret = %d\n", ret);
@@ -6408,12 +6916,12 @@ void bench_sha512_224(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_224Update(&hash[i], bench_plain,
+                        ret = wc_Sha512_224Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_224;
                         }
@@ -6427,11 +6935,11 @@ void bench_sha512_224(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_224Final(&hash[i], digest[i]);
+                        ret = wc_Sha512_224Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_224;
                         }
@@ -6448,12 +6956,12 @@ void bench_sha512_224(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha512_224_ex(hash, HEAP_HINT,
+                ret = wc_InitSha512_224_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha512_224Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha512_224Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha512_224Final(hash, digest[0]);
+                    ret = wc_Sha512_224Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha512_224;
                 RECORD_MULTI_VALUE_STATS();
@@ -6474,10 +6982,12 @@ exit_sha512_224:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha512_224Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha512_224Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA512_224 && !FIPS ... */
@@ -6486,22 +6996,23 @@ exit:
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 void bench_sha512_256(int useDeviceID)
 {
-    wc_Sha512_256 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha512_256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_256), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA512_256_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA512_256_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha512_256, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha512_256), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA512_256_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha512_256_ex(&hash[i], HEAP_HINT,
+            ret = wc_InitSha512_256_ex(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha512_256_ex failed, ret = %d\n", ret);
@@ -6516,12 +7027,12 @@ void bench_sha512_256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_256Update(&hash[i], bench_plain,
+                        ret = wc_Sha512_256Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_256;
                         }
@@ -6535,11 +7046,11 @@ void bench_sha512_256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha512_256Final(&hash[i], digest[i]);
+                        ret = wc_Sha512_256Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha512_256;
                         }
@@ -6556,12 +7067,12 @@ void bench_sha512_256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha512_256_ex(hash, HEAP_HINT,
+                ret = wc_InitSha512_256_ex(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha512_256Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha512_256Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha512_256Final(hash, digest[0]);
+                    ret = wc_Sha512_256Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha512_256;
                 RECORD_MULTI_VALUE_STATS();
@@ -6582,10 +7093,12 @@ exit_sha512_256:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha512_256Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha512_256Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA512_256 && !FIPS ... */
@@ -6597,22 +7110,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_224
 void bench_sha3_224(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_224_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_224_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_224_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_224(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_224(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_224 failed, ret = %d\n", ret);
@@ -6627,12 +7141,12 @@ void bench_sha3_224(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_224_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_224_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_224;
                         }
@@ -6646,11 +7160,11 @@ void bench_sha3_224(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_224_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_224_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_224;
                         }
@@ -6667,12 +7181,12 @@ void bench_sha3_224(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_224(hash, HEAP_HINT,
+                ret = wc_InitSha3_224(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_224_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_224_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_224_Final(hash, digest[0]);
+                    ret = wc_Sha3_224_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_224;
                 RECORD_MULTI_VALUE_STATS();
@@ -6693,10 +7207,12 @@ exit_sha3_224:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_224_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_224_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_224 */
@@ -6704,22 +7220,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_256
 void bench_sha3_256(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
     int    ret = 0, i, count = 0, times, pending = 0;
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_256_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_256_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_256_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_256(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_256(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_256 failed, ret = %d\n", ret);
@@ -6734,12 +7251,12 @@ void bench_sha3_256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_256_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_256_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_256;
                         }
@@ -6753,11 +7270,11 @@ void bench_sha3_256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_256_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_256_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_256;
                         }
@@ -6774,12 +7291,12 @@ void bench_sha3_256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_256(hash, HEAP_HINT,
+                ret = wc_InitSha3_256(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_256_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_256_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_256_Final(hash, digest[0]);
+                    ret = wc_Sha3_256_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_256;
                 RECORD_MULTI_VALUE_STATS();
@@ -6800,10 +7317,12 @@ exit_sha3_256:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_256_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_256_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_256 */
@@ -6811,22 +7330,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_384
 void bench_sha3_384(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_384_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_384_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_384_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_384(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_384(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_384 failed, ret = %d\n", ret);
@@ -6841,12 +7361,12 @@ void bench_sha3_384(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_384_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_384_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_384;
                         }
@@ -6860,11 +7380,11 @@ void bench_sha3_384(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_384_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_384_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_384;
                         }
@@ -6881,12 +7401,12 @@ void bench_sha3_384(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_384(hash, HEAP_HINT,
+                ret = wc_InitSha3_384(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_384_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_384_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_384_Final(hash, digest[0]);
+                    ret = wc_Sha3_384_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_384;
                 RECORD_MULTI_VALUE_STATS();
@@ -6907,10 +7427,12 @@ exit_sha3_384:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_384_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_384_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_384 */
@@ -6918,22 +7440,23 @@ exit:
 #ifndef WOLFSSL_NOSHA3_512
 void bench_sha3_512(int useDeviceID)
 {
-    wc_Sha3   hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_512_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_512_DIGEST_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sha3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_512_DIGEST_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSha3_512(&hash[i], HEAP_HINT,
+            ret = wc_InitSha3_512(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSha3_512 failed, ret = %d\n", ret);
@@ -6948,12 +7471,12 @@ void bench_sha3_512(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_512_Update(&hash[i], bench_plain,
+                        ret = wc_Sha3_512_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_512;
                         }
@@ -6967,11 +7490,11 @@ void bench_sha3_512(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Sha3_512_Final(&hash[i], digest[i]);
+                        ret = wc_Sha3_512_Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_sha3_512;
                         }
@@ -6988,12 +7511,12 @@ void bench_sha3_512(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSha3_512(hash, HEAP_HINT,
+                ret = wc_InitSha3_512(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sha3_512_Update(hash, bench_plain, bench_size);
+                    ret = wc_Sha3_512_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sha3_512_Final(hash, digest[0]);
+                    ret = wc_Sha3_512_Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sha3_512;
                 RECORD_MULTI_VALUE_STATS();
@@ -7014,10 +7537,12 @@ exit_sha3_512:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sha3_512_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sha3_512_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_NOSHA3_512 */
@@ -7025,22 +7550,23 @@ exit:
 #ifdef WOLFSSL_SHAKE128
 void bench_shake128(int useDeviceID)
 {
-    wc_Shake hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_128_BLOCK_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_128_BLOCK_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_128_BLOCK_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitShake128(&hash[i], HEAP_HINT,
+            ret = wc_InitShake128(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitShake128 failed, ret = %d\n", ret);
@@ -7055,12 +7581,12 @@ void bench_shake128(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake128_Update(&hash[i], bench_plain,
+                        ret = wc_Shake128_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake128;
                         }
@@ -7074,12 +7600,12 @@ void bench_shake128(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake128_Final(&hash[i], digest[i],
+                        ret = wc_Shake128_Final(hash[i], digest[i],
                             WC_SHA3_128_BLOCK_SIZE);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake128;
                         }
@@ -7096,12 +7622,12 @@ void bench_shake128(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitShake128(hash, HEAP_HINT,
+                ret = wc_InitShake128(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Shake128_Update(hash, bench_plain, bench_size);
+                    ret = wc_Shake128_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Shake128_Final(hash, digest[0],
+                    ret = wc_Shake128_Final(hash[0], digest[0],
                         WC_SHA3_128_BLOCK_SIZE);
                 if (ret != 0)
                     goto exit_shake128;
@@ -7123,10 +7649,12 @@ exit_shake128:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Shake128_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Shake128_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_SHAKE128 */
@@ -7134,22 +7662,23 @@ exit:
 #ifdef WOLFSSL_SHAKE256
 void bench_shake256(int useDeviceID)
 {
-    wc_Shake hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_SHA3_256_BLOCK_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
-                  WC_SHA3_256_BLOCK_SIZE, HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING,
+                     sizeof(wc_Shake), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
+                  WC_SHA3_256_BLOCK_SIZE, HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitShake256(&hash[i], HEAP_HINT,
+            ret = wc_InitShake256(hash[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
             if (ret != 0) {
                 printf("InitShake256 failed, ret = %d\n", ret);
@@ -7164,12 +7693,12 @@ void bench_shake256(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake256_Update(&hash[i], bench_plain,
+                        ret = wc_Shake256_Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake256;
                         }
@@ -7183,12 +7712,12 @@ void bench_shake256(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                           0, &times, numBlocks, &pending)) {
-                        ret = wc_Shake256_Final(&hash[i], digest[i],
+                        ret = wc_Shake256_Final(hash[i], digest[i],
                             WC_SHA3_256_BLOCK_SIZE);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0,
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0,
                                                 &times, &pending)) {
                             goto exit_shake256;
                         }
@@ -7205,12 +7734,12 @@ void bench_shake256(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitShake256(hash, HEAP_HINT,
+                ret = wc_InitShake256(hash[0], HEAP_HINT,
                     useDeviceID ? devId : INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Shake256_Update(hash, bench_plain, bench_size);
+                    ret = wc_Shake256_Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Shake256_Final(hash, digest[0],
+                    ret = wc_Shake256_Final(hash[0], digest[0],
                         WC_SHA3_256_BLOCK_SIZE);
                 if (ret != 0)
                     goto exit_shake256;
@@ -7232,10 +7761,12 @@ exit_shake256:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Shake256_Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Shake256_Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif /* WOLFSSL_SHAKE256 */
@@ -7244,22 +7775,23 @@ exit:
 #ifdef WOLFSSL_SM3
 void bench_sm3(int useDeviceID)
 {
-    wc_Sm3 hash[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hash, wc_Sm3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sm3), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE,
         HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE,
-        HEAP_HINT);
 
-    /* clear for done cleanup */
-    XMEMSET(hash, 0, sizeof(hash));
+    WC_CALLOC_ARRAY(hash, wc_Sm3, BENCH_MAX_PENDING,
+                     sizeof(wc_Sm3), HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE,
+        HEAP_HINT);
 
     if (digest_stream) {
         /* init keys */
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            ret = wc_InitSm3(&hash[i], HEAP_HINT,
+            ret = wc_InitSm3(hash[i], HEAP_HINT,
                 useDeviceID ? devId: INVALID_DEVID);
             if (ret != 0) {
                 printf("InitSm3 failed, ret = %d\n", ret);
@@ -7274,12 +7806,12 @@ void bench_sm3(int useDeviceID)
 
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                               0, &times, numBlocks, &pending)) {
-                        ret = wc_Sm3Update(&hash[i], bench_plain,
+                        ret = wc_Sm3Update(hash[i], bench_plain,
                             bench_size);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0, &times, &pending)) {
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0, &times, &pending)) {
                             goto exit_sm3;
                         }
                     }
@@ -7292,11 +7824,11 @@ void bench_sm3(int useDeviceID)
             do {
                 bench_async_poll(&pending);
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]),
+                    if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]),
                                               0, &times, numBlocks, &pending)) {
-                        ret = wc_Sm3Final(&hash[i], digest[i]);
+                        ret = wc_Sm3Final(hash[i], digest[i]);
                         if (!bench_async_handle(&ret,
-                            BENCH_ASYNC_GET_DEV(&hash[i]), 0, &times, &pending)) {
+                            BENCH_ASYNC_GET_DEV(hash[i]), 0, &times, &pending)) {
                             goto exit_sm3;
                         }
                     }
@@ -7312,12 +7844,12 @@ void bench_sm3(int useDeviceID)
         bench_stats_start(&count, &start);
         do {
             for (times = 0; times < numBlocks; times++) {
-                ret = wc_InitSm3(hash, HEAP_HINT,
+                ret = wc_InitSm3(hash[0], HEAP_HINT,
                     useDeviceID ? devId: INVALID_DEVID);
                 if (ret == 0)
-                    ret = wc_Sm3Update(hash, bench_plain, bench_size);
+                    ret = wc_Sm3Update(hash[0], bench_plain, bench_size);
                 if (ret == 0)
-                    ret = wc_Sm3Final(hash, digest[0]);
+                    ret = wc_Sm3Final(hash[0], digest[0]);
                 if (ret != 0)
                     goto exit_sm3;
                 RECORD_MULTI_VALUE_STATS();
@@ -7337,10 +7869,12 @@ exit_sm3:
 
 exit:
 
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_Sm3Free(&hash[i]);
+    if (WC_ARRAY_OK(hash)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_Sm3Free(hash[i]);
+        }
+        WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 }
 #endif
@@ -7569,13 +8103,71 @@ void bench_blake2s(void)
 }
 #endif
 
+#ifdef HAVE_ASCON
+void bench_ascon_hash(void)
+{
+    wc_AsconHash256 ascon;
+    byte    digest[ASCON_HASH256_SZ];
+    double  start;
+    int     ret = 0, i, count;
+
+    if (digest_stream) {
+        ret = wc_AsconHash256_Init(&ascon);
+        if (ret != 0) {
+            printf("wc_AsconHash256_Init failed, ret = %d\n", ret);
+            return;
+        }
+
+        bench_stats_start(&count, &start);
+        do {
+            for (i = 0; i < numBlocks; i++) {
+                ret = wc_AsconHash256_Update(&ascon, bench_plain, bench_size);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Update failed, ret = %d\n", ret);
+                    return;
+                }
+            }
+            ret = wc_AsconHash256_Final(&ascon, digest);
+            if (ret != 0) {
+                printf("wc_AsconHash256_Final failed, ret = %d\n", ret);
+                return;
+            }
+            count += i;
+        } while (bench_stats_check(start));
+    }
+    else {
+        bench_stats_start(&count, &start);
+        do {
+            for (i = 0; i < numBlocks; i++) {
+                ret = wc_AsconHash256_Init(&ascon);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Init failed, ret = %d\n", ret);
+                    return;
+                }
+                ret = wc_AsconHash256_Update(&ascon, bench_plain, bench_size);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Update failed, ret = %d\n", ret);
+                    return;
+                }
+                ret = wc_AsconHash256_Final(&ascon, digest);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Final failed, ret = %d\n", ret);
+                    return;
+                }
+            }
+            count += i;
+        } while (bench_stats_check(start));
+    }
+    bench_stats_sym_finish("ASCON hash", 0, count, bench_size, start, ret);
+}
+#endif
 
 #ifdef WOLFSSL_CMAC
 
 static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID)
 {
     Cmac    cmac;
-    byte    digest[AES_BLOCK_SIZE];
+    byte    digest[WC_AES_BLOCK_SIZE];
     word32  digestSz = sizeof(digest);
     double  start;
     int     ret, i, count;
@@ -7699,14 +8291,15 @@ exit:
 static void bench_hmac(int useDeviceID, int type, int digestSz,
                        const byte* key, word32 keySz, const char* label)
 {
-    Hmac   hmac[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(hmac, Hmac, BENCH_MAX_PENDING,
+                     sizeof(Hmac), HEAP_HINT);
     double start;
     int    ret = 0, i, count = 0, times, pending = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING,
                      WC_MAX_DIGEST_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING,
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING,
                   WC_MAX_DIGEST_SIZE, HEAP_HINT);
 #else
     byte digest[BENCH_MAX_PENDING][WC_MAX_DIGEST_SIZE];
@@ -7714,69 +8307,108 @@ static void bench_hmac(int useDeviceID, int type, int digestSz,
 
     (void)digestSz;
 
-    /* clear for done cleanup */
-    XMEMSET(hmac, 0, sizeof(hmac));
+    WC_CALLOC_ARRAY(hmac, Hmac, BENCH_MAX_PENDING,
+                     sizeof(Hmac), HEAP_HINT);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        ret = wc_HmacInit(&hmac[i], HEAP_HINT,
+        ret = wc_HmacInit(hmac[i], HEAP_HINT,
                 useDeviceID ? devId : INVALID_DEVID);
         if (ret != 0) {
             printf("wc_HmacInit failed for %s, ret = %d\n", label, ret);
             goto exit;
         }
 
-        ret = wc_HmacSetKey(&hmac[i], type, key, keySz);
+        ret = wc_HmacSetKey(hmac[i], type, key, keySz);
         if (ret != 0) {
             printf("wc_HmacSetKey failed for %s, ret = %d\n", label, ret);
             goto exit;
         }
     }
 
-    bench_stats_start(&count, &start);
-    do {
-        for (times = 0; times < numBlocks || pending > 0; ) {
-            bench_async_poll(&pending);
-
-            /* while free pending slots in queue, submit ops */
-            for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(&hmac[i]), 0,
-                                      &times, numBlocks, &pending)) {
-                    ret = wc_HmacUpdate(&hmac[i], bench_plain, bench_size);
-                    if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&hmac[i]),
-                                            0, &times, &pending)) {
-                        goto exit_hmac;
-                    }
-                }
-            } /* for i */
-        } /* for times */
-        count += times;
-
-        times = 0;
+    if (mac_stream) {
+        bench_stats_start(&count, &start);
         do {
-            bench_async_poll(&pending);
+            for (times = 0; times < numBlocks || pending > 0; ) {
+                bench_async_poll(&pending);
 
-            for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(&hmac[i]), 0,
-                                      &times, numBlocks, &pending)) {
-                    ret = wc_HmacFinal(&hmac[i], digest[i]);
-                    if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&hmac[i]),
-                                            0, &times, &pending)) {
-                        goto exit_hmac;
+                /* while free pending slots in queue, submit ops */
+                for (i = 0; i < BENCH_MAX_PENDING; i++) {
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
                     }
-                }
-                RECORD_MULTI_VALUE_STATS();
-            } /* for i */
-        } while (pending > 0);
-    } while (bench_stats_check(start)
-#ifdef MULTI_VALUE_STATISTICS
-       || runs < minimum_runs
-#endif
-       );
+                } /* for i */
+            } /* for times */
+            count += times;
+
+            times = 0;
+            do {
+                bench_async_poll(&pending);
+
+                for (i = 0; i < BENCH_MAX_PENDING; i++) {
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacFinal(hmac[i], digest[i]);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
+                    }
+                    RECORD_MULTI_VALUE_STATS();
+                } /* for i */
+            } while (pending > 0);
+        } while (bench_stats_check(start)
+    #ifdef MULTI_VALUE_STATISTICS
+           || runs < minimum_runs
+    #endif
+           );
+    }
+    else {
+        bench_stats_start(&count, &start);
+        do {
+            for (times = 0; times < numBlocks || pending > 0; ) {
+                bench_async_poll(&pending);
+
+                /* while free pending slots in queue, submit ops */
+                for (i = 0; i < BENCH_MAX_PENDING; i++) {
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
+                    }
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacFinal(hmac[i], digest[i]);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
+                    }
+                } /* for i */
+            } /* for times */
+            count += times;
+        } while (bench_stats_check(start)
+    #ifdef MULTI_VALUE_STATISTICS
+           || runs < minimum_runs
+    #endif
+           );
+    }
 
 exit_hmac:
     bench_stats_sym_finish(label, useDeviceID, count, bench_size, start, ret);
@@ -7787,9 +8419,10 @@ exit_hmac:
 exit:
 
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_HmacFree(&hmac[i]);
+        wc_HmacFree(hmac[i]);
     }
 
+    WC_FREE_ARRAY(hmac, BENCH_MAX_PENDING, HEAP_HINT);
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
@@ -7910,6 +8543,7 @@ void bench_pbkdf2(void)
     DECLARE_MULTI_VALUE_STATS_VARS()
 
     bench_stats_start(&count, &start);
+    PRIVATE_KEY_UNLOCK();
     do {
         ret = wc_PBKDF2(derived, (const byte*)passwd32, (int)XSTRLEN(passwd32),
             salt32, (int)sizeof(salt32), 1000, 32, WC_SHA256);
@@ -7920,6 +8554,7 @@ void bench_pbkdf2(void)
        || runs < minimum_runs
 #endif
        );
+    PRIVATE_KEY_LOCK();
 
     bench_stats_sym_finish("PBKDF2", 32, count, 32, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
@@ -8000,6 +8635,7 @@ void bench_srtpkdf(void)
     DECLARE_MULTI_VALUE_STATS_VARS()
 
     bench_stats_start(&count, &start);
+    PRIVATE_KEY_UNLOCK();
     do {
         for (i = 0; i < numBlocks; i++) {
             ret = wc_SRTP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt),
@@ -8013,6 +8649,7 @@ void bench_srtpkdf(void)
        || runs < minimum_runs
 #endif
        );
+    PRIVATE_KEY_LOCK();
     bench_stats_asym_finish("KDF", 128, "SRTP", 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -8021,6 +8658,7 @@ void bench_srtpkdf(void)
     RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
+    PRIVATE_KEY_UNLOCK();
     do {
         for (i = 0; i < numBlocks; i++) {
             ret = wc_SRTP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt),
@@ -8034,6 +8672,7 @@ void bench_srtpkdf(void)
        || runs < minimum_runs
 #endif
        );
+    PRIVATE_KEY_LOCK();
     bench_stats_asym_finish("KDF", 256, "SRTP", 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -8042,6 +8681,7 @@ void bench_srtpkdf(void)
     RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
+    PRIVATE_KEY_UNLOCK();
     do {
         for (i = 0; i < numBlocks; i++) {
             ret = wc_SRTCP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt),
@@ -8055,6 +8695,7 @@ void bench_srtpkdf(void)
        || runs < minimum_runs
 #endif
        );
+    PRIVATE_KEY_LOCK();
     bench_stats_asym_finish("KDF", 128, "SRTCP", 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -8063,6 +8704,7 @@ void bench_srtpkdf(void)
     RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
+    PRIVATE_KEY_UNLOCK();
     do {
         for (i = 0; i < numBlocks; i++) {
             ret = wc_SRTCP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt),
@@ -8076,6 +8718,7 @@ void bench_srtpkdf(void)
        || runs < minimum_runs
 #endif
        );
+    PRIVATE_KEY_LOCK();
     bench_stats_asym_finish("KDF", 256, "SRTCP", 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -8089,28 +8732,16 @@ void bench_srtpkdf(void)
 #if defined(WOLFSSL_KEY_GEN)
 static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
 {
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey *genKey;
-#else
-    RsaKey genKey[BENCH_MAX_PENDING];
-#endif
-    double start;
+    WC_DECLARE_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
+    double start = 0;
     int    ret = 0, i, count = 0, times, pending = 0;
     const long rsa_e_val = WC_RSA_EXPONENT;
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-#ifdef WOLFSSL_SMALL_STACK
-    genKey = (RsaKey *)XMALLOC(sizeof(*genKey) * BENCH_MAX_PENDING,
-                               HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey == NULL) {
-        printf("bench_rsaKeyGen_helper malloc failed\n");
-        return;
-    }
-#endif
-
-    /* clear for done cleanup */
-    XMEMSET(genKey, 0, sizeof(*genKey) * BENCH_MAX_PENDING);
+    WC_CALLOC_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
 
     bench_stats_start(&count, &start);
     do {
@@ -8119,19 +8750,18 @@ static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
             bench_async_poll(&pending);
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]),
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]),
                                       0, &times, genTimes, &pending)) {
-
-                    wc_FreeRsaKey(&genKey[i]);
-                    ret = wc_InitRsaKey_ex(&genKey[i], HEAP_HINT, devId);
+                    wc_FreeRsaKey(genKey[i]);
+                    ret = wc_InitRsaKey_ex(genKey[i], HEAP_HINT, devId);
                     if (ret < 0) {
                         goto exit;
                     }
 
-                    ret = wc_MakeRsaKey(&genKey[i], (int)keySz, rsa_e_val,
+                    ret = wc_MakeRsaKey(genKey[i], (int)keySz, rsa_e_val,
                                         &gRng);
                     if (!bench_async_handle(&ret,
-                        BENCH_ASYNC_GET_DEV(&genKey[i]), 0,
+                        BENCH_ASYNC_GET_DEV(genKey[i]), 0,
                                             &times, &pending)) {
                         goto exit;
                     }
@@ -8155,21 +8785,46 @@ exit:
 
     /* cleanup */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeRsaKey(&genKey[i]);
+        wc_FreeRsaKey(genKey[i]);
     }
 
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
+    WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
 }
 
 void bench_rsaKeyGen(int useDeviceID)
 {
     int    k;
-#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    static const word32  keySizes[2] = {1024, 2048};
+
+#if !defined(RSA_MAX_SIZE) || !defined(RSA_MIN_SIZE)
+    static const word32  keySizes[2] = {1024, 2048 };
+#elif RSA_MAX_SIZE >= 4096
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[4] = {1024, 2048, 3072, 4096 };
+    #else
+        static const word32  keySizes[3] = {2048, 3072, 4096};
+    #endif
+#elif RSA_MAX_SIZE >= 3072
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[3] = {1024, 2048, 3072 };
+    #else
+        static const word32  keySizes[2] = {2048, 3072 };
+    #endif
+#elif RSA_MAX_SIZE >= 2048
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[2] = {1024, 2048 };
+    #else
+        static const word32  keySizes[1] = {2048};
+    #endif
 #else
-    static const word32  keySizes[1] = {2048};
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[1] = {1024 };
+    #else
+        #error No candidate RSA key sizes to benchmark.
+    #endif
 #endif
 
     for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) {
@@ -8291,7 +8946,11 @@ static const unsigned char rsa_3072_sig[] = {
 #endif
 #endif /* WOLFSSL_RSA_VERIFY_INLINE || WOLFSSL_RSA_PUBLIC_ONLY */
 
-static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
+static void bench_rsa_helper(int useDeviceID,
+                             WC_ARRAY_ARG(rsaKey,
+                                          RsaKey,
+                                          BENCH_MAX_PENDING,
+                                          sizeof(RsaKey)),
                              word32 rsaKeySz)
 {
     int         ret = 0, i, times, count = 0, pending = 0;
@@ -8306,41 +8965,38 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     WC_DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
 #endif
-    WC_DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING,
+    WC_DECLARE_HEAP_ARRAY(enc, byte, BENCH_MAX_PENDING,
                                  rsaKeySz, HEAP_HINT);
 
-    #if (  !defined(WOLFSSL_RSA_VERIFY_INLINE) \
-        && !defined(WOLFSSL_RSA_PUBLIC_ONLY)   )
-        WC_DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING,
-                                     rsaKeySz, HEAP_HINT);
-    #else
-        byte* out[BENCH_MAX_PENDING];
-    #endif
+#if (!defined(WOLFSSL_RSA_VERIFY_INLINE) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+    WC_DECLARE_HEAP_ARRAY(out, byte, BENCH_MAX_PENDING,
+                                    rsaKeySz, HEAP_HINT);
+#else
+    byte* out[BENCH_MAX_PENDING];
+#endif
 
-    WC_DECLARE_ARRAY_DYNAMIC_EXE(enc, byte, BENCH_MAX_PENDING,
+    XMEMSET(out, 0, sizeof(out));
+
+    WC_ALLOC_HEAP_ARRAY(enc, byte, BENCH_MAX_PENDING,
                                  rsaKeySz, HEAP_HINT);
 
-    #if (  !defined(WOLFSSL_RSA_VERIFY_INLINE) \
-        && !defined(WOLFSSL_RSA_PUBLIC_ONLY)   )
-        WC_DECLARE_ARRAY_DYNAMIC_EXE(out, byte, BENCH_MAX_PENDING,
-                                     rsaKeySz, HEAP_HINT);
-        if (out[0] == NULL) {
-            ret = MEMORY_E;
-            goto exit;
-        }
-    #endif
+#if (!defined(WOLFSSL_RSA_VERIFY_INLINE) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+    WC_ALLOC_HEAP_ARRAY(out, byte, BENCH_MAX_PENDING,
+                                    rsaKeySz, HEAP_HINT);
+    if (out[0] == NULL) {
+        ret = MEMORY_E;
+        goto exit;
+    }
+#endif
     if (enc[0] == NULL) {
         ret = MEMORY_E;
         goto exit;
     }
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
-    #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (message == NULL) {
-        ret = MEMORY_E;
-        goto exit;
-    }
-    #endif
+    WC_ALLOC_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
     XMEMCPY(message, messageStr, len);
 #endif
 
@@ -8355,14 +9011,14 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaPublicEncrypt(message, (word32)len, enc[i],
-                                                  rsaKeySz/8, &rsaKey[i],
+                                                  rsaKeySz/8, rsaKey[i],
                                                   GLOBAL_RNG);
                         if (!bench_async_handle(&ret,
                                                 BENCH_ASYNC_GET_DEV(
-                                                &rsaKey[i]), 1, &times,
+                                                rsaKey[i]), 1, &times,
                                                 &pending)) {
                             goto exit_rsa_verify;
                         }
@@ -8404,12 +9060,12 @@ exit_rsa_verify:
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaPrivateDecrypt(enc[i], idx, out[i],
-                                                   rsaKeySz/8, &rsaKey[i]);
+                                                   rsaKeySz/8, rsaKey[i]);
                         if (!bench_async_handle(&ret,
-                                           BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                           BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                                 1, &times, &pending)) {
                             goto exit_rsa_pub;
                         }
@@ -8443,12 +9099,12 @@ exit_rsa_pub:
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                         ret = wc_RsaSSL_Sign(message, len, enc[i],
-                                            rsaKeySz/8, &rsaKey[i], GLOBAL_RNG);
+                                            rsaKeySz/8, rsaKey[i], GLOBAL_RNG);
                         if (!bench_async_handle(&ret,
-                                           BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                           BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                            1, &times, &pending)) {
                             goto exit_rsa_sign;
                         }
@@ -8489,18 +9145,18 @@ exit_rsa_sign:
                 /* while free pending slots in queue, submit ops */
                 for (i = 0; i < BENCH_MAX_PENDING; i++) {
                     if (bench_async_check(&ret,
-                                          BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                          BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                           1, &times, ntimes, &pending)) {
                     #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
                         !defined(WOLFSSL_RSA_PUBLIC_ONLY)
                         ret = wc_RsaSSL_Verify(enc[i], idx, out[i],
-                                                      rsaKeySz/8, &rsaKey[i]);
+                                                      rsaKeySz/8, rsaKey[i]);
                     #elif defined(USE_CERT_BUFFERS_2048)
                         XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig));
                         idx = sizeof(rsa_2048_sig);
                         out[i] = NULL;
                         ret = wc_RsaSSL_VerifyInline(enc[i], idx,
-                                                     &out[i], &rsaKey[i]);
+                                                     &out[i], rsaKey[i]);
                         if (ret > 0) {
                             ret = 0;
                         }
@@ -8510,12 +9166,12 @@ exit_rsa_sign:
                         idx = sizeof(rsa_3072_sig);
                         out[i] = NULL;
                         ret = wc_RsaSSL_VerifyInline(enc[i], idx,
-                                                     &out[i], &rsaKey[i]);
+                                                     &out[i], rsaKey[i]);
                         if (ret > 0)
                             ret = 0;
                     #endif
                         if (!bench_async_handle(&ret,
-                                              BENCH_ASYNC_GET_DEV(&rsaKey[i]),
+                                              BENCH_ASYNC_GET_DEV(rsaKey[i]),
                                               1, &times, &pending)) {
                             goto exit_rsa_verifyinline;
                         }
@@ -8540,9 +9196,9 @@ exit_rsa_verifyinline:
 
 exit:
 
-    WC_FREE_ARRAY_DYNAMIC(enc, BENCH_MAX_PENDING, HEAP_HINT);
+    WC_FREE_HEAP_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT);
 #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
-    WC_FREE_ARRAY_DYNAMIC(out, BENCH_MAX_PENDING, HEAP_HINT);
+    WC_FREE_HEAP_ARRAY(out, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     WC_FREE_VAR(message, HEAP_HINT);
@@ -8552,11 +9208,8 @@ exit:
 void bench_rsa(int useDeviceID)
 {
     int         i;
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey      *rsaKey;
-#else
-    RsaKey      rsaKey[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
     int         ret = 0;
     word32      rsaKeySz = 0;
     const byte* tmp;
@@ -8565,14 +9218,8 @@ void bench_rsa(int useDeviceID)
     word32      idx;
 #endif
 
-#ifdef WOLFSSL_SMALL_STACK
-    rsaKey = (RsaKey *)XMALLOC(sizeof(*rsaKey) * BENCH_MAX_PENDING,
-                               HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (rsaKey == NULL) {
-        printf("bench_rsa malloc failed\n");
-        return;
-    }
-#endif
+    WC_CALLOC_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
 
 #ifdef USE_CERT_BUFFERS_1024
     tmp = rsa_key_der_1024;
@@ -8594,23 +9241,20 @@ void bench_rsa(int useDeviceID)
     #error "need a cert buffer size"
 #endif /* USE_CERT_BUFFERS */
 
-    /* clear for done cleanup */
-    XMEMSET(rsaKey, 0, sizeof(*rsaKey) * BENCH_MAX_PENDING);
-
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an async context for each key */
-        ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
+        ret = wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT,
             useDeviceID ? devId : INVALID_DEVID);
         if (ret < 0) {
-            goto exit_bench_rsa;
+            goto exit;
         }
 
 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     #ifdef WC_RSA_BLINDING
-        ret = wc_RsaSetRNG(&rsaKey[i], &gRng);
+        ret = wc_RsaSetRNG(rsaKey[i], &gRng);
         if (ret != 0)
-            goto exit_bench_rsa;
+            goto exit;
     #endif
 #endif
 
@@ -8618,9 +9262,9 @@ void bench_rsa(int useDeviceID)
         /* decode the private key */
         idx = 0;
         if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx,
-                                          &rsaKey[i], (word32)bytes)) != 0) {
+                                          rsaKey[i], (word32)bytes)) != 0) {
             printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
-            goto exit_bench_rsa;
+            goto exit;
         }
 #elif defined(WOLFSSL_PUBLIC_MP)
         /* get offset to public portion of the RSA key */
@@ -8629,15 +9273,15 @@ void bench_rsa(int useDeviceID)
     #elif defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_3072)
         bytes = 12;
     #endif
-        ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[bytes], rsaKeySz/8);
+        ret = mp_read_unsigned_bin(&rsaKey[i]->n, &tmp[bytes], rsaKeySz/8);
         if (ret != 0) {
             printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
-            goto exit_bench_rsa;
+            goto exit;
         }
-        ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT);
+        ret = mp_set_int(&rsaKey[i]->e, WC_RSA_EXPONENT);
         if (ret != 0) {
             printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
-            goto exit_bench_rsa;
+            goto exit;
         }
 #else
         /* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */
@@ -8652,15 +9296,14 @@ void bench_rsa(int useDeviceID)
     (void)bytes;
     (void)tmp;
 
-exit_bench_rsa:
+exit:
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeRsaKey(&rsaKey[i]);
+    if (WC_ARRAY_OK(rsaKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_FreeRsaKey(rsaKey[i]);
+        }
+        WC_FREE_ARRAY(rsaKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(rsaKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 }
 
 
@@ -8669,27 +9312,17 @@ exit_bench_rsa:
 void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
 {
     int     ret = 0, i, pending = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey *rsaKey;
-#else
-    RsaKey  rsaKey[BENCH_MAX_PENDING];
-#endif
-    int     isPending[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
+    int isPending[BENCH_MAX_PENDING];
     long    exp = 65537L;
 
-#ifdef WOLFSSL_SMALL_STACK
-    rsaKey = (RsaKey *)XMALLOC(sizeof(*rsaKey) * BENCH_MAX_PENDING,
-                               HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (rsaKey == NULL) {
-        printf("bench_rsa_key malloc failed\n");
-        return;
-    }
-#endif
-
     /* clear for done cleanup */
-    XMEMSET(rsaKey, 0, sizeof(*rsaKey) * BENCH_MAX_PENDING);
     XMEMSET(isPending, 0, sizeof(isPending));
 
+    WC_CALLOC_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING,
+                     sizeof(RsaKey), HEAP_HINT);
+
     /* init keys */
     do {
         pending = 0;
@@ -8697,42 +9330,41 @@ void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
             if (!isPending[i]) { /* if making the key is pending then just call
                                   * wc_MakeRsaKey again */
                 /* setup an async context for each key */
-                if (wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT,
+                if (wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT,
                         useDeviceID ? devId : INVALID_DEVID) < 0) {
-                    goto exit_bench_rsa_key;
+                    goto exit;
                 }
 
             #ifdef WC_RSA_BLINDING
-                ret = wc_RsaSetRNG(&rsaKey[i], &gRng);
+                ret = wc_RsaSetRNG(rsaKey[i], &gRng);
                 if (ret != 0)
-                    goto exit_bench_rsa_key;
+                    goto exit;
             #endif
             }
 
             /* create the RSA key */
-            ret = wc_MakeRsaKey(&rsaKey[i], (int)rsaKeySz, exp, &gRng);
-            if (ret == WC_PENDING_E) {
+            ret = wc_MakeRsaKey(rsaKey[i], (int)rsaKeySz, exp, &gRng);
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 isPending[i] = 1;
                 pending      = 1;
             }
             else if (ret != 0) {
                 printf("wc_MakeRsaKey failed! %d\n", ret);
-                goto exit_bench_rsa_key;
+                goto exit;
             }
         } /* for i */
     } while (pending > 0);
 
     bench_rsa_helper(useDeviceID, rsaKey, rsaKeySz);
-exit_bench_rsa_key:
+exit:
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeRsaKey(&rsaKey[i]);
+    if (WC_ARRAY_OK(rsaKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_FreeRsaKey(rsaKey[i]);
+        }
+        WC_FREE_ARRAY(rsaKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(rsaKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 }
 #endif /* WOLFSSL_KEY_GEN */
 #endif /* !NO_RSA */
@@ -8768,11 +9400,8 @@ void bench_dh(int useDeviceID)
     int    count = 0, times, pending = 0;
     const byte* tmp = NULL;
     double start = 0.0F;
-#ifdef WOLFSSL_SMALL_STACK
-    DhKey *dhKey = NULL;
-#else
-    DhKey  dhKey[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(dhKey, DhKey, BENCH_MAX_PENDING,
+                     sizeof(DhKey), HEAP_HINT);
     int    dhKeySz = BENCH_DH_KEY_SIZE * 8; /* used in printf */
     const char**desc = bench_desc_words[lng_index];
 #ifndef NO_ASN
@@ -8804,28 +9433,22 @@ void bench_dh(int useDeviceID)
     WC_DECLARE_VAR(priv2, byte,
                      BENCH_DH_PRIV_SIZE, HEAP_HINT);
 
-    WC_INIT_ARRAY(pub, byte,
+    /* old scan-build misfires -Wmaybe-uninitialized on these. */
+    XMEMSET(pub, 0, sizeof(pub));
+    XMEMSET(agree, 0, sizeof(agree));
+    XMEMSET(priv, 0, sizeof(priv));
+
+    WC_CALLOC_ARRAY(dhKey, DhKey, BENCH_MAX_PENDING,
+                     sizeof(DhKey), HEAP_HINT);
+    WC_ALLOC_ARRAY(pub, byte,
                   BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(agree, byte,
+    WC_ALLOC_ARRAY(agree, byte,
                   BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(priv, byte,
+    WC_ALLOC_ARRAY(priv, byte,
                   BENCH_MAX_PENDING, BENCH_DH_PRIV_SIZE, HEAP_HINT);
 
-#ifdef WOLFSSL_SMALL_STACK
-    dhKey = (DhKey *)XMALLOC(sizeof(DhKey) * BENCH_MAX_PENDING, HEAP_HINT,
-                             DYNAMIC_TYPE_TMP_BUFFER);
-    if (! dhKey) {
-        ret = MEMORY_E;
-        goto exit;
-    }
-#endif
-
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    if (pub[0] == NULL || pub2 == NULL || agree[0] == NULL || priv[0] == NULL || priv2 == NULL) {
-        ret = MEMORY_E;
-        goto exit;
-    }
-#endif
+    WC_ALLOC_VAR(pub2, byte, BENCH_DH_KEY_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(priv2, byte, BENCH_DH_PRIV_SIZE, HEAP_HINT);
 
     (void)tmp;
 
@@ -8884,18 +9507,10 @@ void bench_dh(int useDeviceID)
     }
 #endif
 
-    /* clear for done cleanup */
-    XMEMSET(dhKey, 0, sizeof(DhKey) * BENCH_MAX_PENDING);
-#if 0
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        XMEMSET(dhKey[i], 0, sizeof(DhKey));
-    }
-#endif
-
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an async context for each key */
-        ret = wc_InitDhKey_ex(&dhKey[i], HEAP_HINT,
+        ret = wc_InitDhKey_ex(dhKey[i], HEAP_HINT,
                         useDeviceID ? devId : INVALID_DEVID);
         if (ret != 0)
             goto exit;
@@ -8903,22 +9518,23 @@ void bench_dh(int useDeviceID)
         /* setup key */
         if (!use_ffdhe) {
     #ifdef NO_ASN
-            ret = wc_DhSetKey(&dhKey[i], dh_p,
+            ret = wc_DhSetKey(dhKey[i], dh_p,
                               sizeof(dh_p), dh_g, sizeof(dh_g));
     #else
             idx = 0;
-            ret = wc_DhKeyDecode(tmp, &idx, &dhKey[i], (word32)bytes);
+            ret = wc_DhKeyDecode(tmp, &idx, dhKey[i], (word32)bytes);
     #endif
         }
-    #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)
+    #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096)
     #ifdef HAVE_PUBLIC_FFDHE
         else if (params != NULL) {
-            ret = wc_DhSetKey(&dhKey[i], params->p, params->p_len,
+            ret = wc_DhSetKey(dhKey[i], params->p, params->p_len,
                               params->g, params->g_len);
         }
     #else
         else if (paramName != 0) {
-            ret = wc_DhSetNamedKey(&dhKey[i], paramName);
+            ret = wc_DhSetNamedKey(dhKey[i], paramName);
         }
     #endif
     #endif
@@ -8938,15 +9554,15 @@ void bench_dh(int useDeviceID)
             bench_async_poll(&pending);
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]),
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dhKey[i]),
                                       0, &times, genTimes, &pending)) {
                     privSz[i] = BENCH_DH_PRIV_SIZE;
                     pubSz[i] = BENCH_DH_KEY_SIZE;
-                    ret = wc_DhGenerateKeyPair(&dhKey[i], &gRng,
+                    ret = wc_DhGenerateKeyPair(dhKey[i], &gRng,
                                                priv[i], &privSz[i],
                                                pub[i], &pubSz[i]);
                     if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&dhKey[i]),
+                                            BENCH_ASYNC_GET_DEV(dhKey[i]),
                                             0, &times, &pending)) {
                         goto exit_dh_gen;
                     }
@@ -8977,11 +9593,11 @@ exit_dh_gen:
 
     /* Generate key to use as other public */
     PRIVATE_KEY_UNLOCK();
-    ret = wc_DhGenerateKeyPair(&dhKey[0], &gRng,
+    ret = wc_DhGenerateKeyPair(dhKey[0], &gRng,
                                priv2, &privSz2, pub2, &pubSz2);
     PRIVATE_KEY_LOCK();
 #ifdef WOLFSSL_ASYNC_CRYPT
-    ret = wc_AsyncWait(ret, &dhKey[0].asyncDev, WC_ASYNC_FLAG_NONE);
+    ret = wc_AsyncWait(ret, &dhKey[0]->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 
     /* Key Agree */
@@ -8993,12 +9609,12 @@ exit_dh_gen:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]),
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dhKey[i]),
                                       0, &times, agreeTimes, &pending)) {
-                    ret = wc_DhAgree(&dhKey[i], agree[i], &agreeSz[i], priv[i],
+                    ret = wc_DhAgree(dhKey[i], agree[i], &agreeSz[i], priv[i],
                                      privSz[i], pub2, pubSz2);
                     if (!bench_async_handle(&ret,
-                        BENCH_ASYNC_GET_DEV(&dhKey[i]), 0, &times, &pending)) {
+                        BENCH_ASYNC_GET_DEV(dhKey[i]), 0, &times, &pending)) {
                         goto exit;
                     }
                 }
@@ -9022,19 +9638,12 @@ exit:
 #endif
 
     /* cleanup */
-#ifdef WOLFSSL_SMALL_STACK
-    if (dhKey) {
+    if (WC_ARRAY_OK(dhKey)) {
         for (i = 0; i < BENCH_MAX_PENDING; i++) {
-            wc_FreeDhKey(&dhKey[i]);
+            wc_FreeDhKey(dhKey[i]);
         }
-        XFREE(dhKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        WC_FREE_ARRAY(dhKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-#else
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_FreeDhKey(&dhKey[i]);
-    }
-#endif
-
     WC_FREE_ARRAY(pub, BENCH_MAX_PENDING, HEAP_HINT);
     WC_FREE_VAR(pub2, HEAP_HINT);
     WC_FREE_ARRAY(priv, BENCH_MAX_PENDING, HEAP_HINT);
@@ -9047,6 +9656,7 @@ exit:
 static void bench_kyber_keygen(int type, const char* name, int keySize,
     KyberKey* key)
 {
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
     int ret = 0, times, count, pending = 0;
     double start;
     const char**desc = bench_desc_words[lng_index];
@@ -9084,33 +9694,62 @@ exit:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#else
+   (void)type;
+   (void)name;
+   (void)keySize;
+   (void)key;
+#endif /* !WOLFSSL_KYBER_NO_MAKE_KEY */
 }
 
-static void bench_kyber_encap(const char* name, int keySize, KyberKey* key)
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+static void bench_kyber_encap(int type, const char* name, int keySize,
+    KyberKey* key1, KyberKey* key2)
 {
     int ret = 0, times, count, pending = 0;
     double start;
     const char**desc = bench_desc_words[lng_index];
     byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+    byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
+    word32 pubLen;
     word32 ctSz;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    ret = wc_KyberKey_CipherTextSize(key, &ctSz);
+    ret = wc_KyberKey_PublicKeySize(key1, &pubLen);
+    if (ret != 0) {
+        return;
+    }
+    ret = wc_KyberKey_EncodePublicKey(key1, pub, pubLen);
+    if (ret != 0) {
+        return;
+    }
+    ret = wc_KyberKey_Init(type, key2, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0) {
+        return;
+    }
+    ret = wc_KyberKey_DecodePublicKey(key2, pub, pubLen);
     if (ret != 0) {
         return;
     }
 
+    ret = wc_KyberKey_CipherTextSize(key2, &ctSz);
+    if (ret != 0) {
+        return;
+    }
+
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
     /* KYBER Encapsulate */
     bench_stats_start(&count, &start);
     do {
         /* while free pending slots in queue, submit ops */
         for (times = 0; times < agreeTimes || pending > 0; times++) {
 #ifdef KYBER_NONDETERMINISTIC
-            ret = wc_KyberKey_Encapsulate(key, ct, ss, &gRng);
+            ret = wc_KyberKey_Encapsulate(key2, ct, ss, &gRng);
 #else
             unsigned char rand[KYBER_ENC_RAND_SZ] = {0,};
-            ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, rand,
+            ret = wc_KyberKey_EncapsulateWithRandom(key2, ct, ss, rand,
                 sizeof(rand));
 #endif
             if (ret != 0)
@@ -9129,7 +9768,9 @@ exit_encap:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#endif
 
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
     RESET_MULTI_VALUE_STATS_VARS();
 
     /* KYBER Decapsulate */
@@ -9137,7 +9778,7 @@ exit_encap:
     do {
         /* while free pending slots in queue, submit ops */
         for (times = 0; times < agreeTimes || pending > 0; times++) {
-            ret = wc_KyberKey_Decapsulate(key, ss, ct, ctSz);
+            ret = wc_KyberKey_Decapsulate(key1, ss, ct, ctSz);
             if (ret != 0)
                 goto exit_decap;
             RECORD_MULTI_VALUE_STATS();
@@ -9154,15 +9795,39 @@ exit_decap:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#endif
 }
+#endif
 
 void bench_kyber(int type)
 {
-    KyberKey key;
+    KyberKey key1;
+    KyberKey key2;
     const char* name = NULL;
     int keySize = 0;
 
     switch (type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        name = "ML-KEM 512 ";
+        keySize = 128;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        name = "ML-KEM 768 ";
+        keySize = 192;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        name = "ML-KEM 1024";
+        keySize = 256;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
 #ifdef WOLFSSL_KYBER512
     case KYBER512:
         name = "KYBER512 ";
@@ -9180,17 +9845,23 @@ void bench_kyber(int type)
         name = "KYBER1024";
         keySize = 256;
         break;
+#endif
 #endif
     }
 
-    bench_kyber_keygen(type, name, keySize, &key);
-    bench_kyber_encap(name, keySize, &key);
+    bench_kyber_keygen(type, name, keySize, &key1);
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+    bench_kyber_encap(type, name, keySize, &key1, &key2);
+#endif
 
-    wc_KyberKey_Free(&key);
+    wc_KyberKey_Free(&key2);
+    wc_KyberKey_Free(&key1);
 }
 #endif
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 /* WC_LMS_PARM_L2_H10_W2
  * signature length: 9300 */
 static const byte lms_priv_L2_H10_W2[64] =
@@ -9346,8 +10017,9 @@ static const byte lms_pub_L4_H5_W8[60] =
     0x85,0x1A,0x7A,0xD8,0xD5,0x46,0x74,0x3B,
     0x74,0x24,0x12,0xC8
 };
+#endif
 
-static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
+static int lms_write_key_mem(const byte* priv, word32 privSz, void* context)
 {
    /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
     * BE USED FOR TESTING PURPOSES! Production applications should
@@ -9356,15 +10028,128 @@ static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
     return WC_LMS_RC_SAVED_TO_NV_MEMORY;
 }
 
-static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
+static int lms_read_key_mem(byte* priv, word32 privSz, void* context)
 {
    /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
     * BE USED FOR TESTING PURPOSES! */
     XMEMCPY(priv, context, privSz);
     return WC_LMS_RC_READ_TO_MEMORY;
 }
+static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN];
 
-static void bench_lms_sign_verify(enum wc_LmsParm parm)
+static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
+{
+    WC_RNG      rng;
+    LmsKey      key;
+    int         ret;
+    word32      pubLen = HSS_MAX_PUBLIC_KEY_LEN;
+    int         times = 0;
+    int         count = 0;
+    double      start = 0.0F;
+    int         levels;
+    int         height;
+    int         winternitz;
+    const char* str = wc_LmsKey_ParmToStr(parm);
+    DECLARE_MULTI_VALUE_STATS_VARS()
+
+#ifndef HAVE_FIPS
+    ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
+#else
+    ret = wc_InitRng(&rng);
+#endif
+    if (ret != 0) {
+        fprintf(stderr, "error: wc_InitRng failed: %d\n", ret);
+        return;
+    }
+
+    ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID);
+    if (ret) {
+        printf("wc_LmsKey_Init failed: %d\n", ret);
+        wc_FreeRng(&rng);
+        return;
+    }
+
+    count = 0;
+    bench_stats_start(&count, &start);
+
+    do {
+        /* LMS is stateful. Async queuing not practical. */
+        for (times = 0; times < 1; ++times) {
+
+            wc_LmsKey_Free(&key);
+
+            ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID);
+            if (ret) {
+                printf("wc_LmsKey_Init failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetLmsParm(&key, parm);
+            if (ret) {
+                printf("wc_LmsKey_SetLmsParm failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_GetParameters failed: %d\n",
+                    ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n",
+                    ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
+            if (ret) {
+                fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n",
+                    ret);
+                goto exit_lms_keygen;
+            }
+
+            ret = wc_LmsKey_MakeKey(&key, &rng);
+            if (ret) {
+                printf("wc_LmsKey_MakeKey failed: %d\n", ret);
+                goto exit_lms_keygen;
+            }
+
+            RECORD_MULTI_VALUE_STATS();
+        }
+
+        count += times;
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+       || runs < minimum_runs
+#endif
+       );
+
+    bench_stats_asym_finish(str, levels * height, "keygen", 0,
+                            count, start, ret);
+#ifdef MULTI_VALUE_STATISTICS
+    bench_multi_value_stats(max, min, sum, squareSum, runs);
+#endif
+
+    ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen);
+    if (ret) {
+        fprintf(stderr, "error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
+    }
+
+exit_lms_keygen:
+    wc_LmsKey_Free(&key);
+    wc_FreeRng(&rng);
+}
+
+static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
 {
     LmsKey       key;
     int          ret = 0;
@@ -9377,8 +10162,8 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     int          times = 0;
     int          count = 0;
     double       start = 0.0F;
-    byte         priv[HSS_MAX_PRIVATE_KEY_LEN];
     const char * str = wc_LmsKey_ParmToStr(parm);
+    DECLARE_MULTI_VALUE_STATS_VARS()
 
     ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID);
     if (ret) {
@@ -9393,34 +10178,35 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     }
 
     switch (parm) {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     case WC_LMS_PARM_L2_H10_W2:
-        XMEMCPY(priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2));
-        XMEMCPY(key.pub, lms_pub_L2_H10_W2, sizeof(lms_pub_L2_H10_W2));
+        XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2));
+        XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L2_H10_W4:
-        XMEMCPY(priv, lms_priv_L2_H10_W4, sizeof(lms_priv_L2_H10_W4));
-        XMEMCPY(key.pub, lms_pub_L2_H10_W4, sizeof(lms_pub_L2_H10_W4));
+        XMEMCPY(lms_priv, lms_priv_L2_H10_W4, sizeof(lms_priv_L2_H10_W4));
+        XMEMCPY(key.pub, lms_pub_L2_H10_W4, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L3_H5_W4:
-        XMEMCPY(priv, lms_priv_L3_H5_W4, sizeof(lms_priv_L3_H5_W4));
-        XMEMCPY(key.pub, lms_pub_L3_H5_W4, sizeof(lms_pub_L3_H5_W4));
+        XMEMCPY(lms_priv, lms_priv_L3_H5_W4, sizeof(lms_priv_L3_H5_W4));
+        XMEMCPY(key.pub, lms_pub_L3_H5_W4, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L3_H5_W8:
-        XMEMCPY(priv, lms_priv_L3_H5_W8, sizeof(lms_priv_L3_H5_W8));
-        XMEMCPY(key.pub, lms_pub_L3_H5_W8, sizeof(lms_pub_L3_H5_W8));
+        XMEMCPY(lms_priv, lms_priv_L3_H5_W8, sizeof(lms_priv_L3_H5_W8));
+        XMEMCPY(key.pub, lms_pub_L3_H5_W8, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L3_H10_W4:
-        XMEMCPY(priv, lms_priv_L3_H10_W4, sizeof(lms_priv_L3_H10_W4));
-        XMEMCPY(key.pub, lms_pub_L3_H10_W4, sizeof(lms_pub_L3_H10_W4));
+        XMEMCPY(lms_priv, lms_priv_L3_H10_W4, sizeof(lms_priv_L3_H10_W4));
+        XMEMCPY(key.pub, lms_pub_L3_H10_W4, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_L4_H5_W8:
-        XMEMCPY(priv, lms_priv_L4_H5_W8, sizeof(lms_priv_L4_H5_W8));
-        XMEMCPY(key.pub, lms_pub_L4_H5_W8, sizeof(lms_pub_L4_H5_W8));
+        XMEMCPY(lms_priv, lms_priv_L4_H5_W8, sizeof(lms_priv_L4_H5_W8));
+        XMEMCPY(key.pub, lms_pub_L4_H5_W8, HSS_MAX_PUBLIC_KEY_LEN);
         break;
 
     case WC_LMS_PARM_NONE:
@@ -9428,9 +10214,59 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     case WC_LMS_PARM_L1_H15_W4:
     case WC_LMS_PARM_L2_H10_W8:
     case WC_LMS_PARM_L3_H5_W2:
-        printf("bench_lms_sign_verify: unsupported benchmark option: %d\n",
-               parm);
-        goto exit_lms_sign_verify;
+    case WC_LMS_PARM_L1_H5_W1:
+    case WC_LMS_PARM_L1_H5_W2:
+    case WC_LMS_PARM_L1_H5_W4:
+    case WC_LMS_PARM_L1_H5_W8:
+    case WC_LMS_PARM_L1_H10_W2:
+    case WC_LMS_PARM_L1_H10_W4:
+    case WC_LMS_PARM_L1_H10_W8:
+    case WC_LMS_PARM_L1_H15_W8:
+    case WC_LMS_PARM_L1_H20_W2:
+    case WC_LMS_PARM_L1_H20_W4:
+    case WC_LMS_PARM_L1_H20_W8:
+    case WC_LMS_PARM_L2_H5_W2:
+    case WC_LMS_PARM_L2_H5_W4:
+    case WC_LMS_PARM_L2_H5_W8:
+    case WC_LMS_PARM_L2_H15_W2:
+    case WC_LMS_PARM_L2_H15_W4:
+    case WC_LMS_PARM_L2_H15_W8:
+    case WC_LMS_PARM_L2_H20_W2:
+    case WC_LMS_PARM_L2_H20_W4:
+    case WC_LMS_PARM_L2_H20_W8:
+    case WC_LMS_PARM_L3_H10_W8:
+    case WC_LMS_PARM_L4_H5_W2:
+    case WC_LMS_PARM_L4_H5_W4:
+    case WC_LMS_PARM_L4_H10_W4:
+    case WC_LMS_PARM_L4_H10_W8:
+#endif
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    case WC_LMS_PARM_SHA256_192_L1_H5_W1:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W8:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W8:
+    case WC_LMS_PARM_SHA256_192_L1_H15_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H15_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H20_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H20_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H20_W8:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W2:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W8:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W2:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W4:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W8:
+    case WC_LMS_PARM_SHA256_192_L3_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L4_H5_W8:
+#endif
+
+    default:
+        XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
+        break;
     }
 
     ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
@@ -9445,7 +10281,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
         goto exit_lms_sign_verify;
     }
 
-    ret = wc_LmsKey_SetContext(&key, (void *) priv);
+    ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
     if (ret) {
         fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", ret);
         goto exit_lms_sign_verify;
@@ -9454,39 +10290,72 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
     /* Even with saved priv/pub keys, we must still reload the private
      * key before using it. Reloading the private key is the bottleneck
      * for larger heights. Only print load time in debug builds. */
-#if defined(DEBUG_WOLFSSL)
+    count = 0;
     bench_stats_start(&count, &start);
-#endif /* if defined DEBUG_WOLFSSL*/
 
+#ifndef WOLFSSL_WC_LMS_SMALL
+    do {
+    #ifdef WOLFSSL_WC_LMS
+        key.priv.inited = 0;
+        key.state = WC_LMS_STATE_PARMSET;
+    #endif
+        ret = wc_LmsKey_Reload(&key);
+        if (ret) {
+            printf("wc_LmsKey_Reload failed: %d\n", ret);
+            goto exit_lms_sign_verify;
+        }
+        RECORD_MULTI_VALUE_STATS();
+
+        count++;
+
+        ret = wc_LmsKey_GetSigLen(&key, &sigSz);
+        if (ret) {
+            printf("wc_LmsKey_GetSigLen failed: %d\n", ret);
+            goto exit_lms_sign_verify;
+        }
+
+        ret = wc_LmsKey_GetPrivLen(&key, &privLen);
+        if (ret) {
+            printf("wc_LmsKey_GetPrivLen failed: %d\n", ret);
+            goto exit_lms_sign_verify;
+        }
+    #ifdef HAVE_LIBLMS
+        break;
+    #endif
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+       || runs < minimum_runs
+#endif
+       );
+
+    bench_stats_asym_finish(str, (int)privLen, "load", 0,
+                            count, start, ret);
+#ifdef MULTI_VALUE_STATISTICS
+    bench_multi_value_stats(max, min, sum, squareSum, runs);
+#endif
+
+    RESET_MULTI_VALUE_STATS_VARS();
+#else
     ret = wc_LmsKey_Reload(&key);
     if (ret) {
         printf("wc_LmsKey_Reload failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
-
-    count +=1;
-
     ret = wc_LmsKey_GetSigLen(&key, &sigSz);
     if (ret) {
         printf("wc_LmsKey_GetSigLen failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
-
     ret = wc_LmsKey_GetPrivLen(&key, &privLen);
     if (ret) {
         printf("wc_LmsKey_GetPrivLen failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
-
-#if defined(DEBUG_WOLFSSL)
-    bench_stats_check(start);
-    bench_stats_asym_finish(str, (int)privLen, "load", 0,
-                            count, start, ret);
-#endif /* if defined DEBUG_WOLFSSL*/
+#endif
 
     loaded = 1;
 
-    sig = XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (sig == NULL) {
         printf("bench_lms_sign_verify malloc failed\n");
         goto exit_lms_sign_verify;
@@ -9497,22 +10366,29 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm)
 
     do {
         /* LMS is stateful. Async queuing not practical. */
-        for (times = 0; times < ntimes; ++times) {
-
+#ifndef WOLFSSL_WC_LMS_SMALL
+        for (times = 0; times < ntimes; ++times)
+#else
+        for (times = 0; times < 1; ++times)
+#endif
+        {
             ret = wc_LmsKey_Sign(&key, sig, &sigSz, (byte *) msg, msgSz);
             if (ret) {
                 printf("wc_LmsKey_Sign failed: %d\n", ret);
                 goto exit_lms_sign_verify;
             }
             RECORD_MULTI_VALUE_STATS();
+            if (!wc_LmsKey_SigsLeft(&key)) {
+                break;
+            }
         }
 
         count += times;
-    } while (bench_stats_check(start)
+    } while (wc_LmsKey_SigsLeft(&key) && (bench_stats_check(start)
 #ifdef MULTI_VALUE_STATISTICS
        || runs < minimum_runs
 #endif
-       );
+       ));
 
     bench_stats_asym_finish(str, (int)sigSz, "sign", 0,
                             count, start, ret);
@@ -9552,25 +10428,112 @@ exit_lms_sign_verify:
 
     if (loaded) {
         wc_LmsKey_Free(&key);
-        loaded = 0;
-    }
-
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sig = NULL;
     }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return;
 }
 
 void bench_lms(void)
 {
-    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2);
-    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W4);
-    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4);
-    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W8);
-    bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4);
-    bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8);
+    byte pub[HSS_MAX_PUBLIC_KEY_LEN];
+
+#ifndef WOLFSSL_NO_LMS_SHA256_256
+#ifdef BENCH_LMS_SLOW_KEYGEN
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
+    bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#ifdef BENCH_LMS_SLOW_KEYGEN
+    bench_lms_keygen(WC_LMS_PARM_L2_H10_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub);
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
+    bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub);
+    bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W8, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub);
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
+    bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub);
+#endif
+
+#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
+    bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub);
+#endif
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+#ifdef BENCH_LMS_SLOW_KEYGEN
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#ifdef BENCH_LMS_SLOW_KEYGEN
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
+#endif
+
+#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
+#endif
+#endif /* WOLFSSL_LMS_SHA256_192 */
+
     return;
 }
 
@@ -9640,11 +10603,17 @@ static void bench_xmss_sign_verify(const char * params)
     }
 
     ret = wc_XmssKey_GetPubLen(&key, &pkSz);
+    if (ret != 0) {
+        fprintf(stderr, "wc_XmssKey_GetPubLen failed: %d\n", ret);
+        goto exit_xmss_sign_verify;
+    }
+#ifndef WOLFSSL_WC_XMSS
     if (pkSz != XMSS_SHA256_PUBLEN) {
         fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz,
                 XMSS_SHA256_PUBLEN);
         goto exit_xmss_sign_verify;
     }
+#endif
 
     ret = wc_XmssKey_GetPrivLen(&key, &skSz);
     if (ret != 0 || skSz <= 0) {
@@ -9684,7 +10653,7 @@ static void bench_xmss_sign_verify(const char * params)
         goto exit_xmss_sign_verify;
     }
 
-    ret = wc_XmssKey_SetContext(&key, (void *) sk);
+    ret = wc_XmssKey_SetContext(&key, (void *)sk);
     if (ret != 0) {
         fprintf(stderr, "error: wc_XmssKey_SetContext failed: %d\n", ret);
         goto exit_xmss_sign_verify;
@@ -9697,25 +10666,21 @@ static void bench_xmss_sign_verify(const char * params)
     fprintf(stderr, "sigSz:  %d\n", sigSz);
 #endif
 
-    /* Making the private key is the bottleneck
-     * for larger heights. Only print load time in debug builds. */
-#if defined(DEBUG_WOLFSSL)
+    /* Making the private key is the bottleneck for larger heights. */
+    count = 0;
     bench_stats_start(&count, &start);
-#endif /* if defined DEBUG_WOLFSSL*/
 
     ret = wc_XmssKey_MakeKey(&key, &rng);
     if (ret != 0) {
         printf("wc_XmssKey_MakeKey failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
+    /* Can only do one at a time - state changes after make key. */
 
     count +=1;
 
-#if defined(DEBUG_WOLFSSL)
     bench_stats_check(start);
-    bench_stats_asym_finish(params, (int)skSz, "load", 0,
-                            count, start, ret);
-#endif /* if defined DEBUG_WOLFSSL*/
+    bench_stats_asym_finish(params, (int)skSz, "gen", 0, count, start, ret);
 
     freeKey = 1;
 
@@ -9724,20 +10689,24 @@ static void bench_xmss_sign_verify(const char * params)
 
     do {
         /* XMSS is stateful. Async queuing not practical. */
-        for (times = 0; times < ntimes; ++times) {
-
+#ifndef WOLFSSL_WC_XMSS_SMALL
+        for (times = 0; times < ntimes; ++times)
+#else
+        for (times = 0; times < 1; ++times)
+#endif
+        {
+            if (!wc_XmssKey_SigsLeft(&key))
+                break;
             ret = wc_XmssKey_Sign(&key, sig, &sigSz, (byte *) msg, msgSz);
             if (ret) {
                 printf("wc_XmssKey_Sign failed: %d\n", ret);
                 goto exit_xmss_sign_verify;
             }
         }
-
         count += times;
-    } while (bench_stats_check(start));
+    } while (wc_XmssKey_SigsLeft(&key) && bench_stats_check(start));
 
-    bench_stats_asym_finish(params, (int)sigSz, "sign", 0,
-                            count, start, ret);
+    bench_stats_asym_finish(params, (int)sigSz, "sign", 0, count, start, ret);
 
     count = 0;
     bench_stats_start(&count, &start);
@@ -9751,39 +10720,31 @@ static void bench_xmss_sign_verify(const char * params)
                 goto exit_xmss_sign_verify;
             }
         }
-
         count += times;
     } while (bench_stats_check(start));
 
 exit_xmss_sign_verify:
-    bench_stats_asym_finish(params, (int)sigSz, "verify", 0,
-                            count, start, ret);
+    bench_stats_asym_finish(params, (int)sigSz, "verify", 0, count, start, ret);
 
     /* Cleanup everything. */
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sig = NULL;
-    }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sig = NULL;
 
-    if (sk != NULL) {
-        XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sk = NULL;
-    }
+    XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sk = NULL;
 
     if (freeRng) {
         wc_FreeRng(&rng);
-        freeRng = 0;
     }
 
     if (freeKey) {
         wc_XmssKey_Free(&key);
-        freeKey = 0;
     }
 
     return;
 }
 
-void bench_xmss(void)
+void bench_xmss(int hash)
 {
     /* All NIST SP 800-208 approved SHA256 XMSS/XMSS^MT parameter
      * sets.
@@ -9799,18 +10760,287 @@ void bench_xmss(void)
      *
      * h is the total height of the hyper tree, and d the number of
      * trees.
-     * */
-                                                       /* h/d    h   d */
-    bench_xmss_sign_verify("XMSS-SHA2_10_256");        /*  10   10   1 */
- /* bench_xmss_sign_verify("XMSS-SHA2_16_256"); */     /*  16   16   1 */
- /* bench_xmss_sign_verify("XMSS-SHA2_20_256"); */     /*  20   20   1 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_20/2_256");    /*  10   20   2 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_20/4_256");    /*   5   20   4 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_40/4_256");    /*  10   40   4 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_40/8_256");    /*   5   40   8 */
- /* bench_xmss_sign_verify("XMSSMT-SHA2_60/3_256"); */ /*  20   60   3 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_60/6_256");    /*  10   60   6 */
-    bench_xmss_sign_verify("XMSSMT-SHA2_60/12_256");   /*   5   60  12 */
+     */
+                                                            /* h/d    h   d */
+#ifdef WC_XMSS_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHA2_10_256");         /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_16_256");         /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_20_256");         /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHA2_10_192");         /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_16_192");         /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_20_192");         /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 192 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/2_256");     /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/4_256");     /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/2_256");     /*  20   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/4_256");     /*  10   40   4 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/8_256");     /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/3_256");     /*  20   60   3 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/6_256");     /*  10   60   6 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/12_256");    /*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/2_192");     /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/4_192");     /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/2_192");     /*  20   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/4_192");     /*  10   40   4 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/8_192");     /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/3_192");     /*  20   60   3 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/6_192");     /*  10   60   6 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/12_192");    /*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 192 */
+    }
+#endif
+#ifdef WC_XMSS_SHA512
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+    if (hash == WC_HASH_TYPE_SHA512) {
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHA2_10_512");         /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_16_512");         /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHA2_20_512");         /*  20   20   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/2_512");     /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHA2_20/4_512");     /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/2_512");     /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/4_512");     /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_40/8_512");     /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/3_512");     /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/6_512");     /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHA2_60/12_512");    /*   5   60  12 */
+#endif
+    }
+#endif /* HASH_SIZE 512 */
+#endif
+#ifdef WC_XMSS_SHAKE128
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE_10_256");        /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_16_256");        /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_20_256");        /*  20   20   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/2_256");    /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/4_256");    /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/2_256");    /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/4_256");    /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/8_256");    /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/3_256");    /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/6_256");    /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/12_256");   /*   5   60  12 */
+#endif
+    }
+#endif /* HASH_SIZE 256 */
+#endif
+#ifdef WC_XMSS_SHAKE256
+    if (hash == WC_HASH_TYPE_SHAKE256) {
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE_10_512");        /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_16_512");        /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE_20_512");        /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 512 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE256_10_256");     /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_16_256");     /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_20_256");     /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+        bench_xmss_sign_verify("XMSS-SHAKE256_10_192");     /*  10   10   1 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_16_192");     /*  16   16   1 */
+#endif
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSS-SHAKE256_20_192");     /*  20   20   1 */
+#endif
+#endif
+#endif /* HASH_SIZE 192 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/2_512");    /*  10   20   2 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_20/4_512");    /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/2_512");    /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/4_512");    /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_40/8_512");    /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/3_512");    /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/6_512");    /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE_60/12_512");   /*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 512 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/2_256"); /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/4_256"); /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/2_256"); /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/4_256"); /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/8_256"); /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/3_256"); /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/6_256"); /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/12_256");/*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 256 */
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/2_192"); /*  10   20   2 */
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_20/4_192"); /*   5   20   4 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/2_192"); /*  20   40   4 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/4_192"); /*  10   40   4 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_40/8_192"); /*   5   40   8 */
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/3_192"); /*  20   60   3 */
+#endif
+#ifdef BENCH_XMSS_SLOW_KEYGEN
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/6_192"); /*  10   60   6 */
+#endif
+        bench_xmss_sign_verify("XMSSMT-SHAKE256_60/12_192");/*   5   60  12 */
+#endif
+#endif /* HASH_SIZE 192 */
+    }
+#endif
     return;
 }
 #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
@@ -9849,34 +11079,22 @@ void bench_ecc_curve(int curveId)
 
 void bench_eccMakeKey(int useDeviceID, int curveId)
 {
-    int ret = 0, i, times, count, pending = 0;
+    int ret = 0, i, times, count = 0, pending = 0;
     int deviceID;
-    int keySize;
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key *genKey;
-#else
-    ecc_key genKey[BENCH_MAX_PENDING];
-#endif
+    int keySize = 0;
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
     char name[BENCH_ECC_NAME_SZ];
-    double start;
+    double start = 0;
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-#ifdef WOLFSSL_SMALL_STACK
-    genKey = (ecc_key *)XMALLOC(sizeof(*genKey) * BENCH_MAX_PENDING,
-                                HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey == NULL) {
-        printf("bench_eccMakeKey malloc failed\n");
-        return;
-    }
-#endif
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 
     deviceID = useDeviceID ? devId : INVALID_DEVID;
     keySize = wc_ecc_get_curve_size_from_id(curveId);
 
-    /* clear for done cleanup */
-    XMEMSET(genKey, 0, sizeof(*genKey) * BENCH_MAX_PENDING);
-
     /* ECC Make Key */
     bench_stats_start(&count, &start);
     do {
@@ -9886,19 +11104,19 @@ void bench_eccMakeKey(int useDeviceID, int curveId)
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
                 if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(&genKey[i]), 0,
+                                      BENCH_ASYNC_GET_DEV(genKey[i]), 0,
                                       &times, agreeTimes, &pending)) {
 
-                    wc_ecc_free(&genKey[i]);
-                    ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID);
+                    wc_ecc_free(genKey[i]);
+                    ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID);
                     if (ret < 0) {
                         goto exit;
                     }
 
-                    ret = wc_ecc_make_key_ex(&gRng, keySize, &genKey[i],
+                    ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i],
                             curveId);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 0, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 0, &times,
                                 &pending)) {
                         goto exit;
                     }
@@ -9923,13 +11141,12 @@ exit:
 #endif
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_ecc_free(genKey[i]);
+        }
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 }
 
 
@@ -9939,22 +11156,16 @@ void bench_ecc(int useDeviceID, int curveId)
     int deviceID;
     int  keySize;
     char name[BENCH_ECC_NAME_SZ];
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key *genKey;
-#else
-    ecc_key genKey[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #ifdef HAVE_ECC_DHE
-#ifdef WOLFSSL_SMALL_STACK
-    ecc_key *genKey2;
-#else
-    ecc_key genKey2[BENCH_MAX_PENDING];
-#endif
+    WC_DECLARE_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #endif
 
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
     #ifdef HAVE_ECC_VERIFY
-        int    verify[BENCH_MAX_PENDING];
+        int verify[BENCH_MAX_PENDING];
     #endif
 #endif
 
@@ -9975,61 +11186,52 @@ void bench_ecc(int useDeviceID, int curveId)
                      BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
-#ifdef WOLFSSL_SMALL_STACK
-    genKey = (ecc_key *)XMALLOC(sizeof(*genKey) * BENCH_MAX_PENDING,
-                                HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey == NULL) {
-        printf("bench_eccMakeKey malloc failed\n");
-        return;
-    }
-#ifdef HAVE_ECC_DHE
-    genKey2 = (ecc_key *)XMALLOC(sizeof(*genKey2) * BENCH_MAX_PENDING,
-                                 HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (genKey2 == NULL) {
-        XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        printf("bench_eccMakeKey malloc failed\n");
-        return;
-    }
-#endif
+#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
+    /* old scan-build misfires -Wmaybe-uninitialized on these. */
+    XMEMSET(sig, 0, sizeof(sig));
+    XMEMSET(digest, 0, sizeof(digest));
 #endif
 
 #ifdef HAVE_ECC_DHE
-    WC_INIT_ARRAY(shared, byte,
+    XMEMSET(shared, 0, sizeof(shared));
+#endif
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
+
+#ifdef HAVE_ECC_DHE
+    WC_CALLOC_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
+    WC_ALLOC_ARRAY(shared, byte,
                   BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
-    WC_INIT_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
     deviceID = useDeviceID ? devId : INVALID_DEVID;
 
-    /* clear for done cleanup */
-    XMEMSET(genKey, 0, sizeof(*genKey) * BENCH_MAX_PENDING);
-#ifdef HAVE_ECC_DHE
-    XMEMSET(genKey2, 0, sizeof(*genKey2) * BENCH_MAX_PENDING);
-#endif
     keySize = wc_ecc_get_curve_size_from_id(curveId);
 
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an context for each key */
-        if ((ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        ret = wc_ecc_make_key_ex(&gRng, keySize, &genKey[i], curveId);
+        ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        ret = wc_AsyncWait(ret, &genKey[i].asyncDev, WC_ASYNC_FLAG_NONE);
+        ret = wc_AsyncWait(ret, &genKey[i]->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret < 0) {
             goto exit;
         }
 
     #ifdef HAVE_ECC_DHE
-        if ((ret = wc_ecc_init_ex(&genKey2[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        if ((ret = wc_ecc_make_key_ex(&gRng, keySize, &genKey2[i],
+        if ((ret = wc_ecc_make_key_ex(&gRng, keySize, genKey2[i],
                     curveId)) > 0) {
             goto exit;
         }
@@ -10041,7 +11243,7 @@ void bench_ecc(int useDeviceID, int curveId)
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        (void)wc_ecc_set_rng(&genKey[i], &gRng);
+        (void)wc_ecc_set_rng(genKey[i], &gRng);
     }
 #endif
 
@@ -10054,13 +11256,13 @@ void bench_ecc(int useDeviceID, int curveId)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                                       &times, agreeTimes, &pending)) {
                     x[i] = (word32)keySize;
-                    ret = wc_ecc_shared_secret(&genKey[i], &genKey2[i],
+                    ret = wc_ecc_shared_secret(genKey[i], genKey2[i],
                             shared[i], &x[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdhe;
                     }
@@ -10111,18 +11313,18 @@ exit_ecdhe:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                                       &times, agreeTimes, &pending)) {
 
-                    if (genKey[i].state == 0) {
+                    if (genKey[i]->state == 0) {
                         x[i] = ECC_MAX_SIG_SIZE;
                     }
 
                     ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i],
-                                           &x[i], GLOBAL_RNG, &genKey[i]);
+                                           &x[i], GLOBAL_RNG, genKey[i]);
 
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdsa_sign;
                     }
@@ -10163,18 +11365,18 @@ exit_ecdsa_sign:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                                       &times, agreeTimes, &pending)) {
-                    if (genKey[i].state == 0) {
+                    if (genKey[i]->state == 0) {
                         verify[i] = 0;
                     }
 
                     ret = wc_ecc_verify_hash(sig[i], x[i], digest[i],
                                              (word32)keySize, &verify[i],
-                                             &genKey[i]);
+                                             genKey[i]);
 
                     if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(&genKey[i]),
+                                            BENCH_ASYNC_GET_DEV(genKey[i]),
                                                                 1, &times,
                                                                 &pending)) {
                         goto exit_ecdsa_verify;
@@ -10205,19 +11407,18 @@ exit_ecdsa_verify:
 exit:
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
-    #ifdef HAVE_ECC_DHE
-        wc_ecc_free(&genKey2[i]);
-    #endif
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey[i]);
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #ifdef HAVE_ECC_DHE
-    XFREE(genKey2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (WC_ARRAY_OK(genKey2)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey2[i]);
+        WC_FREE_ARRAY(genKey2, BENCH_MAX_PENDING, HEAP_HINT);
+    }
     #endif
-#endif
 
 #ifdef HAVE_ECC_DHE
     WC_FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT);
@@ -10350,6 +11551,9 @@ exit_enc:
 
     RESET_MULTI_VALUE_STATS_VARS();
 
+    if (ret != 0)
+        goto exit;
+
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < ntimes; i++) {
@@ -10387,10 +11591,8 @@ exit:
         wc_ecc_free(userB);
         XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (msg)
-        XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (out)
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_ecc_free(userB);
     wc_ecc_free(userA);
@@ -10401,20 +11603,21 @@ exit:
 #ifdef WOLFSSL_SM2
 static void bench_sm2_MakeKey(int useDeviceID)
 {
-    int ret = 0, i, times, count, pending = 0;
+    int ret = 0, i, times, count = 0, pending = 0;
     int deviceID;
     int keySize;
-    ecc_key genKey[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
     char name[BENCH_ECC_NAME_SZ];
-    double start;
+    double start = 0;
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
 
     deviceID = useDeviceID ? devId : INVALID_DEVID;
     keySize = wc_ecc_get_curve_size_from_id(ECC_SM2P256V1);
 
-    /* clear for done cleanup */
-    XMEMSET(&genKey, 0, sizeof(genKey));
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 
     /* ECC Make Key */
     bench_stats_start(&count, &start);
@@ -10424,19 +11627,19 @@ static void bench_sm2_MakeKey(int useDeviceID)
             bench_async_poll(&pending);
 
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 0,
                             &times, agreeTimes, &pending)) {
 
-                    wc_ecc_free(&genKey[i]);
-                    ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID);
+                    wc_ecc_free(genKey[i]);
+                    ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID);
                     if (ret < 0) {
                         goto exit;
                     }
 
-                    ret = wc_ecc_sm2_make_key(&gRng, &genKey[i],
+                    ret = wc_ecc_sm2_make_key(&gRng, genKey[i],
                         WC_ECC_FLAG_NONE);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 0, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 0, &times,
                                 &pending)) {
                         goto exit;
                     }
@@ -10461,8 +11664,11 @@ exit:
 #endif
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++) {
+            wc_ecc_free(genKey[i]);
+        }
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
 }
 
@@ -10473,13 +11679,15 @@ void bench_sm2(int useDeviceID)
     int deviceID;
     int  keySize;
     char name[BENCH_ECC_NAME_SZ];
-    ecc_key genKey[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #ifdef HAVE_ECC_DHE
-    ecc_key genKey2[BENCH_MAX_PENDING];
+    WC_DECLARE_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #endif
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
 #ifdef HAVE_ECC_VERIFY
-    int    verify[BENCH_MAX_PENDING];
+    int verify[BENCH_MAX_PENDING];
 #endif
 #endif
     word32 x[BENCH_MAX_PENDING];
@@ -10496,20 +11704,21 @@ void bench_sm2(int useDeviceID)
 #endif
 
 #ifdef HAVE_ECC_DHE
-    WC_INIT_ARRAY(shared, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_ARRAY(shared, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 #if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
-    WC_INIT_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
-    WC_INIT_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
 #endif
     deviceID = useDeviceID ? devId : INVALID_DEVID;
 
     bench_sm2_MakeKey(useDeviceID);
 
-    /* clear for done cleanup */
-    XMEMSET(&genKey, 0, sizeof(genKey));
+    WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #ifdef HAVE_ECC_DHE
-    XMEMSET(&genKey2, 0, sizeof(genKey2));
+    WC_CALLOC_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING,
+                     sizeof(ecc_key), HEAP_HINT);
 #endif
 
     keySize = wc_ecc_get_curve_size_from_id(ECC_SM2P256V1);
@@ -10517,22 +11726,22 @@ void bench_sm2(int useDeviceID)
     /* init keys */
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
         /* setup an context for each key */
-        if ((ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        ret = wc_ecc_sm2_make_key(&gRng, &genKey[i], WC_ECC_FLAG_NONE);
+        ret = wc_ecc_sm2_make_key(&gRng, genKey[i], WC_ECC_FLAG_NONE);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        ret = wc_AsyncWait(ret, &genKey[i].asyncDev, WC_ASYNC_FLAG_NONE);
+        ret = wc_AsyncWait(ret, genKey[i].asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret < 0) {
             goto exit;
         }
 
     #ifdef HAVE_ECC_DHE
-        if ((ret = wc_ecc_init_ex(&genKey2[i], HEAP_HINT, deviceID)) < 0) {
+        if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) {
             goto exit;
         }
-        if ((ret = wc_ecc_sm2_make_key(&gRng, &genKey2[i],
+        if ((ret = wc_ecc_sm2_make_key(&gRng, genKey2[i],
                 WC_ECC_FLAG_NONE)) > 0) {
             goto exit;
         }
@@ -10544,7 +11753,7 @@ void bench_sm2(int useDeviceID)
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        (void)wc_ecc_set_rng(&genKey[i], &gRng);
+        (void)wc_ecc_set_rng(genKey[i], &gRng);
     }
 #endif
 
@@ -10557,13 +11766,13 @@ void bench_sm2(int useDeviceID)
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                             &times, agreeTimes, &pending)) {
                     x[i] = (word32)keySize;
-                    ret = wc_ecc_sm2_shared_secret(&genKey[i], &genKey2[i],
+                    ret = wc_ecc_sm2_shared_secret(genKey[i], genKey2[i],
                             shared[i], &x[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdhe;
                     }
@@ -10613,14 +11822,14 @@ exit_ecdhe:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                             &times, agreeTimes, &pending)) {
-                    if (genKey[i].state == 0)
+                    if (genKey[i]->state == 0)
                         x[i] = ECC_MAX_SIG_SIZE;
                     ret = wc_ecc_sm2_sign_hash(digest[i], (word32)keySize,
-                            sig[i], &x[i], &gRng, &genKey[i]);
+                            sig[i], &x[i], &gRng, genKey[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdsa_sign;
                     }
@@ -10659,14 +11868,14 @@ exit_ecdsa_sign:
 
             /* while free pending slots in queue, submit ops */
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1,
+                if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1,
                             &times, agreeTimes, &pending)) {
-                    if (genKey[i].state == 0)
+                    if (genKey[i]->state == 0)
                         verify[i] = 0;
                     ret = wc_ecc_sm2_verify_hash(sig[i], x[i], digest[i],
-                                       (word32)keySize, &verify[i], &genKey[i]);
+                                       (word32)keySize, &verify[i], genKey[i]);
                     if (!bench_async_handle(&ret,
-                                BENCH_ASYNC_GET_DEV(&genKey[i]), 1, &times,
+                                BENCH_ASYNC_GET_DEV(genKey[i]), 1, &times,
                                 &pending)) {
                         goto exit_ecdsa_verify;
                     }
@@ -10697,12 +11906,18 @@ exit_ecdsa_verify:
 exit:
 
     /* cleanup */
-    for (i = 0; i < BENCH_MAX_PENDING; i++) {
-        wc_ecc_free(&genKey[i]);
-    #ifdef HAVE_ECC_DHE
-        wc_ecc_free(&genKey2[i]);
-    #endif
+    if (WC_ARRAY_OK(genKey)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey[i]);
+        WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT);
     }
+    #ifdef HAVE_ECC_DHE
+    if (WC_ARRAY_OK(genKey2)) {
+        for (i = 0; i < BENCH_MAX_PENDING; i++)
+            wc_ecc_free(genKey2[i]);
+        WC_FREE_ARRAY(genKey2, BENCH_MAX_PENDING, HEAP_HINT);
+    }
+    #endif
 
 #ifdef HAVE_ECC_DHE
     WC_FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT);
@@ -10712,6 +11927,7 @@ exit:
     WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT);
 #endif
 
+
     (void)useDeviceID;
     (void)pending;
     (void)x;
@@ -10794,6 +12010,21 @@ void bench_curve25519KeyAgree(int useDeviceID)
         return;
     }
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+   ret = wc_curve25519_set_rng(&genKey, &gRng);
+   if (ret != 0) {
+        wc_curve25519_free(&genKey);
+        wc_curve25519_free(&genKey2);
+        return;
+   }
+   ret = wc_curve25519_set_rng(&genKey2, &gRng);
+   if (ret != 0) {
+        wc_curve25519_free(&genKey);
+        wc_curve25519_free(&genKey2);
+        return;
+   }
+#endif
+
     /* Shared secret */
     bench_stats_start(&count, &start);
     do {
@@ -11071,11 +12302,10 @@ void bench_ed448KeyGen(void)
 #endif
 }
 
-
 void bench_ed448KeySign(void)
 {
     int    ret;
-    ed448_key genKey;
+    WC_DECLARE_VAR(genKey, ed448_key, 1, HEAP_HINT);
 #ifdef HAVE_ED448_SIGN
     double start;
     int    i, count;
@@ -11086,12 +12316,14 @@ void bench_ed448KeySign(void)
     DECLARE_MULTI_VALUE_STATS_VARS()
 #endif
 
-    wc_ed448_init(&genKey);
+    WC_ALLOC_VAR(genKey, ed448_key, 1, HEAP_HINT);
 
-    ret = wc_ed448_make_key(&gRng, ED448_KEY_SIZE, &genKey);
+    wc_ed448_init(genKey);
+
+    ret = wc_ed448_make_key(&gRng, ED448_KEY_SIZE, genKey);
     if (ret != 0) {
         printf("ed448_make_key failed\n");
-        return;
+        goto exit;
     }
 
 #ifdef HAVE_ED448_SIGN
@@ -11103,11 +12335,11 @@ void bench_ed448KeySign(void)
     do {
         for (i = 0; i < agreeTimes; i++) {
             x = sizeof(sig);
-            ret = wc_ed448_sign_msg(msg, sizeof(msg), sig, &x, &genKey,
+            ret = wc_ed448_sign_msg(msg, sizeof(msg), sig, &x, genKey,
                                     NULL, 0);
             if (ret != 0) {
                 printf("ed448_sign_msg failed\n");
-                goto exit_ed_sign;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11118,7 +12350,6 @@ void bench_ed448KeySign(void)
 #endif
        );
 
-exit_ed_sign:
     bench_stats_asym_finish("ED", 448, desc[4], 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -11132,10 +12363,10 @@ exit_ed_sign:
         for (i = 0; i < agreeTimes; i++) {
             int verify = 0;
             ret = wc_ed448_verify_msg(sig, x, msg, sizeof(msg), &verify,
-                                      &genKey, NULL, 0);
+                                      genKey, NULL, 0);
             if (ret != 0 || verify != 1) {
                 printf("ed448_verify_msg failed\n");
-                goto exit_ed_verify;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11146,7 +12377,6 @@ exit_ed_sign:
 #endif
        );
 
-exit_ed_verify:
     bench_stats_asym_finish("ED", 448, desc[5], 0, count, start, ret);
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
@@ -11154,7 +12384,10 @@ exit_ed_verify:
 #endif /* HAVE_ED448_VERIFY */
 #endif /* HAVE_ED448_SIGN */
 
-    wc_ed448_free(&genKey);
+exit:
+
+    wc_ed448_free(genKey);
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 #endif /* HAVE_ED448 */
 
@@ -11162,24 +12395,26 @@ exit_ed_verify:
 #ifdef WOLFCRYPT_ECCSI_KMS
 void bench_eccsiKeyGen(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
     int    ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+
     /* Key Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-            ret = wc_MakeEccsiKey(&genKey, &gRng);
+            wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+            ret = wc_MakeEccsiKey(genKey, &gRng);
+            wc_FreeEccsiKey(genKey);
             if (ret != 0) {
                 printf("wc_MakeEccsiKey failed: %d\n", ret);
-                break;
+                goto exit;
             }
-            wc_FreeEccsiKey(&genKey);
             RECORD_MULTI_VALUE_STATS();
         }
         count += i;
@@ -11193,34 +12428,41 @@ void bench_eccsiKeyGen(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 
 void bench_eccsiPairGen(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
-    mp_int ssk;
+    WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
     ecc_point* pvt;
     static const byte id[] = { 0x01, 0x23, 0x34, 0x45 };
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    (void)mp_init(&ssk);
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT);
+
+    (void)mp_init(ssk);
     pvt = wc_ecc_new_point();
-    wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-    (void)wc_MakeEccsiKey(&genKey, &gRng);
+    wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+    (void)wc_MakeEccsiKey(genKey, &gRng);
 
     /* RSK Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeEccsiPair(&genKey, &gRng, WC_HASH_TYPE_SHA256, id,
-                                   sizeof(id), &ssk, pvt);
+            ret = wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id,
+                                   sizeof(id), ssk, pvt);
             if (ret != 0) {
                 printf("wc_MakeEccsiPair failed: %d\n", ret);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11236,43 +12478,51 @@ void bench_eccsiPairGen(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeEccsiKey(&genKey);
+    wc_FreeEccsiKey(genKey);
     wc_ecc_del_point(pvt);
-    mp_free(&ssk);
+    mp_free(ssk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
+    WC_FREE_VAR(ssk, HEAP_HINT);
 }
 #endif
 
 #ifdef WOLFCRYPT_ECCSI_CLIENT
 void bench_eccsiValidate(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
-    mp_int ssk;
+    WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
     ecc_point* pvt;
     static const byte id[] = { 0x01, 0x23, 0x34, 0x45 };
     int valid;
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    (void)mp_init(&ssk);
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT);
+
+    (void)mp_init(ssk);
     pvt = wc_ecc_new_point();
-    wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-    (void)wc_MakeEccsiKey(&genKey, &gRng);
-    (void)wc_MakeEccsiPair(&genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
-                           &ssk, pvt);
+    wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+    (void)wc_MakeEccsiKey(genKey, &gRng);
+    (void)wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
+                           ssk, pvt);
 
     /* Validation of RSK */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_ValidateEccsiPair(&genKey, WC_HASH_TYPE_SHA256, id,
-                                       sizeof(id), &ssk, pvt, &valid);
+            ret = wc_ValidateEccsiPair(genKey, WC_HASH_TYPE_SHA256, id,
+                                       sizeof(id), ssk, pvt, &valid);
             if (ret != 0 || !valid) {
                 printf("wc_ValidateEccsiPair failed: %d (valid=%d))\n", ret,
                        valid);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11288,18 +12538,23 @@ void bench_eccsiValidate(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeEccsiKey(&genKey);
+    wc_FreeEccsiKey(genKey);
     wc_ecc_del_point(pvt);
-    mp_free(&ssk);
+    mp_free(ssk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
+    WC_FREE_VAR(ssk, HEAP_HINT);
 }
 
 void bench_eccsi(void)
 {
-    EccsiKey genKey;
+    WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
-    mp_int ssk;
+    WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
     ecc_point* pvt;
     static const byte id[] = { 0x01, 0x23, 0x34, 0x45 };
     static const byte msg[] = { 0x01, 0x23, 0x34, 0x45 };
@@ -11311,22 +12566,25 @@ void bench_eccsi(void)
     int verified;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    (void)mp_init(&ssk);
+    WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT);
+
+    (void)mp_init(ssk);
     pvt = wc_ecc_new_point();
-    (void)wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID);
-    (void)wc_MakeEccsiKey(&genKey, &gRng);
-    (void)wc_MakeEccsiPair(&genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
-                           &ssk, pvt);
-    (void)wc_HashEccsiId(&genKey, WC_HASH_TYPE_SHA256, id, sizeof(id), pvt,
+    (void)wc_InitEccsiKey(genKey, NULL, INVALID_DEVID);
+    (void)wc_MakeEccsiKey(genKey, &gRng);
+    (void)wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id),
+                           ssk, pvt);
+    (void)wc_HashEccsiId(genKey, WC_HASH_TYPE_SHA256, id, sizeof(id), pvt,
                          hash, &hashSz);
-    (void)wc_SetEccsiHash(&genKey, hash, hashSz);
-    (void)wc_SetEccsiPair(&genKey, &ssk, pvt);
+    (void)wc_SetEccsiHash(genKey, hash, hashSz);
+    (void)wc_SetEccsiPair(genKey, ssk, pvt);
 
     /* Encapsulate */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_SignEccsiHash(&genKey, &gRng, WC_HASH_TYPE_SHA256, msg,
+            ret = wc_SignEccsiHash(genKey, &gRng, WC_HASH_TYPE_SHA256, msg,
                                    sizeof(msg), sig, &sigSz);
             if (ret != 0) {
                 printf("wc_SignEccsiHash failed: %d\n", ret);
@@ -11352,13 +12610,13 @@ void bench_eccsi(void)
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_VerifyEccsiHash(&genKey, WC_HASH_TYPE_SHA256, msg,
+            ret = wc_VerifyEccsiHash(genKey, WC_HASH_TYPE_SHA256, msg,
                                      sizeof(msg), sig, sigSz, &verified);
 
             if (ret != 0 || !verified) {
                 printf("wc_VerifyEccsiHash failed: %d (verified: %d)\n", ret,
                        verified);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11374,8 +12632,13 @@ void bench_eccsi(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeEccsiKey(&genKey);
+    wc_FreeEccsiKey(genKey);
     wc_ecc_del_point(pvt);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
+    WC_FREE_VAR(ssk, HEAP_HINT);
 }
 #endif /* WOLFCRYPT_ECCSI_CLIENT */
 #endif /* WOLFCRYPT_HAVE_ECCSI */
@@ -11384,24 +12647,26 @@ void bench_eccsi(void)
 #ifdef WOLFCRYPT_SAKKE_KMS
 void bench_sakkeKeyGen(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
     int    ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     /* Key Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-            ret = wc_MakeSakkeKey(&genKey, &gRng);
+            wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+            ret = wc_MakeSakkeKey(genKey, &gRng);
             if (ret != 0) {
                 printf("wc_MakeSakkeKey failed: %d\n", ret);
-                break;
+                goto exit;
             }
-            wc_FreeSakkeKey(&genKey);
+            wc_FreeSakkeKey(genKey);
             RECORD_MULTI_VALUE_STATS();
         }
         count += i;
@@ -11415,11 +12680,15 @@ void bench_sakkeKeyGen(void)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 
 void bench_sakkeRskGen(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
@@ -11428,18 +12697,20 @@ void bench_sakkeRskGen(void)
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     rsk = wc_ecc_new_point();
-    wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    (void)wc_MakeSakkeKey(&genKey, &gRng);
+    wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+    (void)wc_MakeSakkeKey(genKey, &gRng);
 
     /* RSK Gen */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeSakkeRsk(&genKey, id, sizeof(id), rsk);
+            ret = wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk);
             if (ret != 0) {
                 printf("wc_MakeSakkeRsk failed: %d\n", ret);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11455,15 +12726,19 @@ void bench_sakkeRskGen(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeSakkeKey(&genKey);
+    wc_FreeSakkeKey(genKey);
     wc_ecc_del_point(rsk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 #endif
 
 #ifdef WOLFCRYPT_SAKKE_CLIENT
 void bench_sakkeValidate(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
@@ -11473,21 +12748,23 @@ void bench_sakkeValidate(void)
     int ret;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     rsk = wc_ecc_new_point();
-    (void)wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    (void)wc_MakeSakkeKey(&genKey, &gRng);
-    (void)wc_MakeSakkeRsk(&genKey, id, sizeof(id), rsk);
-    (void)wc_ValidateSakkeRsk(&genKey, id, sizeof(id), rsk, &valid);
+    (void)wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+    (void)wc_MakeSakkeKey(genKey, &gRng);
+    (void)wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk);
+    (void)wc_ValidateSakkeRsk(genKey, id, sizeof(id), rsk, &valid);
 
     /* Validation of RSK */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_ValidateSakkeRsk(&genKey, id, sizeof(id), rsk, &valid);
+            ret = wc_ValidateSakkeRsk(genKey, id, sizeof(id), rsk, &valid);
             if (ret != 0 || !valid) {
                 printf("wc_ValidateSakkeRsk failed: %d (valid=%d))\n", ret,
                        valid);
-                break;
+                goto exit;
             }
             RECORD_MULTI_VALUE_STATS();
         }
@@ -11503,13 +12780,17 @@ void bench_sakkeValidate(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeSakkeKey(&genKey);
+    wc_FreeSakkeKey(genKey);
     wc_ecc_del_point(rsk);
+
+exit:
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 
 void bench_sakke(void)
 {
-    SakkeKey genKey;
+    WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT);
     double start;
     int    i, count;
     const char**desc = bench_desc_words[lng_index];
@@ -11527,20 +12808,22 @@ void bench_sakke(void)
     word32 iTableLen = 0;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT);
+
     XMEMCPY(ssv, ssv_init, sizeof ssv);
 
     rsk = wc_ecc_new_point();
-    (void)wc_InitSakkeKey_ex(&genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    (void)wc_MakeSakkeKey(&genKey, &gRng);
-    (void)wc_MakeSakkeRsk(&genKey, id, sizeof(id), rsk);
-    (void)wc_SetSakkeRsk(&genKey, rsk, NULL, 0);
-    (void)wc_SetSakkeIdentity(&genKey, id, sizeof(id));
+    (void)wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
+    (void)wc_MakeSakkeKey(genKey, &gRng);
+    (void)wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk);
+    (void)wc_SetSakkeRsk(genKey, rsk, NULL, 0);
+    (void)wc_SetSakkeIdentity(genKey, id, sizeof(id));
 
     /* Encapsulate */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeSakkeEncapsulatedSSV(&genKey,
+            ret = wc_MakeSakkeEncapsulatedSSV(genKey,
                                               WC_HASH_TYPE_SHA256,
                                               ssv, sizeof(ssv), auth, &authSz);
             if (ret != 0) {
@@ -11569,7 +12852,7 @@ void bench_sakke(void)
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11592,19 +12875,21 @@ void bench_sakke(void)
 #endif
 
     /* Calculate Point I and generate table. */
-    (void)wc_MakeSakkePointI(&genKey, id, sizeof(id));
+    (void)wc_MakeSakkePointI(genKey, id, sizeof(id));
     iTableLen = 0;
-    (void)wc_GenerateSakkePointITable(&genKey, NULL, &iTableLen);
+    (void)wc_GenerateSakkePointITable(genKey, NULL, &iTableLen);
     if (iTableLen != 0) {
         iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        (void)wc_GenerateSakkePointITable(&genKey, iTable, &iTableLen);
+        if (iTable == NULL)
+            WC_ALLOC_DO_ON_FAILURE();
+        (void)wc_GenerateSakkePointITable(genKey, iTable, &iTableLen);
     }
 
     /* Encapsulate with Point I table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
-            ret = wc_MakeSakkeEncapsulatedSSV(&genKey,
+            ret = wc_MakeSakkeEncapsulatedSSV(genKey,
                                               WC_HASH_TYPE_SHA256, ssv,
                                               sizeof(ssv), auth, &authSz);
             if (ret != 0) {
@@ -11628,14 +12913,14 @@ void bench_sakke(void)
 
     RESET_MULTI_VALUE_STATS_VARS();
 
-    (void)wc_SetSakkeRsk(&genKey, rsk, table, len);
+    (void)wc_SetSakkeRsk(genKey, rsk, table, len);
 
     /* Derive with Point I table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11660,19 +12945,21 @@ void bench_sakke(void)
     RESET_MULTI_VALUE_STATS_VARS();
 
     len = 0;
-    (void)wc_GenerateSakkeRskTable(&genKey, rsk, NULL, &len);
+    (void)wc_GenerateSakkeRskTable(genKey, rsk, NULL, &len);
     if (len > 0) {
         table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        (void)wc_GenerateSakkeRskTable(&genKey, rsk, table, &len);
+        if (table == NULL)
+            WC_ALLOC_DO_ON_FAILURE();
+        (void)wc_GenerateSakkeRskTable(genKey, rsk, table, &len);
     }
-    (void)wc_SetSakkeRsk(&genKey, rsk, table, len);
+    (void)wc_SetSakkeRsk(genKey, rsk, table, len);
 
     /* Derive with Point I table and RSK table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11696,13 +12983,13 @@ void bench_sakke(void)
 
     RESET_MULTI_VALUE_STATS_VARS();
 
-    wc_ClearSakkePointITable(&genKey);
+    wc_ClearSakkePointITable(genKey);
     /* Derive with RSK table */
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < genTimes; i++) {
             XMEMCPY(derSSV, ssv, sizeof(ssv));
-            ret = wc_DeriveSakkeSSV(&genKey, WC_HASH_TYPE_SHA256, derSSV,
+            ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV,
                                     sizeof(derSSV), auth, authSz);
             if (ret != 0) {
                 printf("wc_DeriveSakkeSSV failed: %d\n", ret);
@@ -11724,13 +13011,20 @@ void bench_sakke(void)
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
 
-    wc_FreeSakkeKey(&genKey);
+    wc_FreeSakkeKey(genKey);
     wc_ecc_del_point(rsk);
+
+exit:
+
+    XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
+    XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
+    WC_FREE_VAR(genKey, HEAP_HINT);
 }
 #endif /* WOLFCRYPT_SAKKE_CLIENT */
 #endif /* WOLFCRYPT_HAVE_SAKKE */
 
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
 #ifdef HAVE_FALCON
 void bench_falconKeySign(byte level)
 {
@@ -11788,7 +13082,7 @@ void bench_falconKeySign(byte level)
                     x = FALCON_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_falcon_sign_msg failed\n");
                 }
@@ -11847,17 +13141,1100 @@ void bench_falconKeySign(byte level)
 #endif /* HAVE_FALCON */
 
 #ifdef HAVE_DILITHIUM
+
+#if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+static const unsigned char bench_dilithium_level2_sig[] = {
+    0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
+    0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
+    0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40,
+    0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f,
+    0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74,
+    0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd,
+    0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0,
+    0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3,
+    0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e,
+    0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47,
+    0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0,
+    0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4,
+    0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64,
+    0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a,
+    0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59,
+    0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b,
+    0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8,
+    0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32,
+    0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb,
+    0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28,
+    0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c,
+    0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71,
+    0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77,
+    0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65,
+    0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17,
+    0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d,
+    0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3,
+    0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e,
+    0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61,
+    0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb,
+    0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3,
+    0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12,
+    0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d,
+    0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57,
+    0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34,
+    0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0,
+    0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57,
+    0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e,
+    0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d,
+    0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea,
+    0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3,
+    0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57,
+    0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd,
+    0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07,
+    0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f,
+    0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83,
+    0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa,
+    0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c,
+    0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e,
+    0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b,
+    0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a,
+    0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d,
+    0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0,
+    0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48,
+    0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9,
+    0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84,
+    0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b,
+    0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad,
+    0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb,
+    0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63,
+    0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6,
+    0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb,
+    0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45,
+    0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6,
+    0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29,
+    0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f,
+    0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25,
+    0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95,
+    0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44,
+    0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5,
+    0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17,
+    0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59,
+    0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda,
+    0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1,
+    0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a,
+    0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46,
+    0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1,
+    0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36,
+    0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc,
+    0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde,
+    0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4,
+    0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21,
+    0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91,
+    0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f,
+    0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29,
+    0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf,
+    0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3,
+    0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6,
+    0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f,
+    0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53,
+    0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6,
+    0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19,
+    0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e,
+    0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58,
+    0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8,
+    0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5,
+    0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66,
+    0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7,
+    0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65,
+    0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad,
+    0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13,
+    0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba,
+    0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e,
+    0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde,
+    0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a,
+    0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f,
+    0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56,
+    0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac,
+    0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48,
+    0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25,
+    0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93,
+    0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38,
+    0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2,
+    0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c,
+    0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad,
+    0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e,
+    0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9,
+    0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51,
+    0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea,
+    0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3,
+    0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37,
+    0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54,
+    0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06,
+    0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae,
+    0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89,
+    0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62,
+    0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb,
+    0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a,
+    0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31,
+    0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f,
+    0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5,
+    0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6,
+    0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0,
+    0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a,
+    0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86,
+    0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4,
+    0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a,
+    0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69,
+    0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7,
+    0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2,
+    0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a,
+    0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12,
+    0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6,
+    0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4,
+    0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02,
+    0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61,
+    0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5,
+    0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a,
+    0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82,
+    0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60,
+    0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd,
+    0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a,
+    0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3,
+    0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61,
+    0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba,
+    0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05,
+    0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68,
+    0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe,
+    0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56,
+    0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87,
+    0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37,
+    0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76,
+    0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09,
+    0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66,
+    0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57,
+    0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67,
+    0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b,
+    0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10,
+    0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00,
+    0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac,
+    0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2,
+    0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13,
+    0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda,
+    0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c,
+    0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd,
+    0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9,
+    0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d,
+    0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56,
+    0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc,
+    0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc,
+    0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34,
+    0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57,
+    0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98,
+    0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d,
+    0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86,
+    0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5,
+    0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98,
+    0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2,
+    0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3,
+    0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90,
+    0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6,
+    0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d,
+    0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40,
+    0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b,
+    0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f,
+    0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28,
+    0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37,
+    0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f,
+    0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1,
+    0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd,
+    0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81,
+    0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae,
+    0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61,
+    0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72,
+    0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97,
+    0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa,
+    0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f,
+    0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51,
+    0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80,
+    0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc,
+    0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32,
+    0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1,
+    0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81,
+    0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8,
+    0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61,
+    0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf,
+    0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32,
+    0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35,
+    0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59,
+    0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d,
+    0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44,
+    0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d,
+    0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a,
+    0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67,
+    0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b,
+    0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d,
+    0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47,
+    0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45,
+    0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78,
+    0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48,
+    0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b,
+    0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6,
+    0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d,
+    0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b,
+    0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4,
+    0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67,
+    0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25,
+    0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2,
+    0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32,
+    0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c,
+    0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46,
+};
+static const int sizeof_bench_dilithium_level2_sig =
+    sizeof(bench_dilithium_level2_sig);
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+static const unsigned char bench_dilithium_level3_sig[] = {
+    0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
+    0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
+    0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2,
+    0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04,
+    0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca,
+    0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7,
+    0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99,
+    0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66,
+    0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2,
+    0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb,
+    0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a,
+    0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74,
+    0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd,
+    0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b,
+    0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13,
+    0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47,
+    0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b,
+    0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3,
+    0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0,
+    0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46,
+    0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35,
+    0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1,
+    0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73,
+    0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87,
+    0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe,
+    0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa,
+    0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10,
+    0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1,
+    0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8,
+    0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde,
+    0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f,
+    0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12,
+    0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e,
+    0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e,
+    0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2,
+    0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9,
+    0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89,
+    0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf,
+    0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9,
+    0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45,
+    0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a,
+    0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33,
+    0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad,
+    0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd,
+    0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8,
+    0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25,
+    0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd,
+    0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8,
+    0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a,
+    0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd,
+    0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d,
+    0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84,
+    0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba,
+    0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90,
+    0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49,
+    0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c,
+    0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05,
+    0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a,
+    0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5,
+    0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75,
+    0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f,
+    0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61,
+    0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e,
+    0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72,
+    0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e,
+    0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9,
+    0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6,
+    0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4,
+    0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1,
+    0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99,
+    0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6,
+    0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e,
+    0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c,
+    0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea,
+    0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62,
+    0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca,
+    0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b,
+    0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78,
+    0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab,
+    0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4,
+    0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20,
+    0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92,
+    0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80,
+    0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb,
+    0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3,
+    0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5,
+    0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74,
+    0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7,
+    0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20,
+    0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7,
+    0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02,
+    0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4,
+    0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6,
+    0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf,
+    0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94,
+    0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76,
+    0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f,
+    0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74,
+    0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88,
+    0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08,
+    0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57,
+    0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04,
+    0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16,
+    0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07,
+    0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45,
+    0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5,
+    0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5,
+    0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7,
+    0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d,
+    0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16,
+    0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1,
+    0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82,
+    0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d,
+    0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47,
+    0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11,
+    0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f,
+    0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc,
+    0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69,
+    0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50,
+    0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1,
+    0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74,
+    0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8,
+    0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92,
+    0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5,
+    0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d,
+    0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7,
+    0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f,
+    0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42,
+    0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4,
+    0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2,
+    0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36,
+    0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30,
+    0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68,
+    0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41,
+    0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0,
+    0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce,
+    0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce,
+    0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c,
+    0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83,
+    0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9,
+    0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca,
+    0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec,
+    0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15,
+    0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e,
+    0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab,
+    0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34,
+    0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03,
+    0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0,
+    0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea,
+    0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7,
+    0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32,
+    0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8,
+    0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9,
+    0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce,
+    0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee,
+    0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe,
+    0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e,
+    0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8,
+    0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7,
+    0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a,
+    0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98,
+    0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47,
+    0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe,
+    0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5,
+    0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74,
+    0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e,
+    0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92,
+    0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12,
+    0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab,
+    0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25,
+    0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80,
+    0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55,
+    0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0,
+    0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20,
+    0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda,
+    0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76,
+    0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b,
+    0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e,
+    0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7,
+    0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1,
+    0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5,
+    0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f,
+    0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15,
+    0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94,
+    0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7,
+    0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12,
+    0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd,
+    0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7,
+    0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b,
+    0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68,
+    0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e,
+    0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98,
+    0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61,
+    0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6,
+    0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5,
+    0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89,
+    0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7,
+    0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7,
+    0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd,
+    0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37,
+    0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e,
+    0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff,
+    0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e,
+    0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb,
+    0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8,
+    0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2,
+    0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20,
+    0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73,
+    0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e,
+    0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1,
+    0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1,
+    0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c,
+    0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3,
+    0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42,
+    0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21,
+    0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f,
+    0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb,
+    0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76,
+    0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66,
+    0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36,
+    0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8,
+    0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee,
+    0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10,
+    0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1,
+    0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec,
+    0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f,
+    0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61,
+    0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9,
+    0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0,
+    0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06,
+    0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b,
+    0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07,
+    0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31,
+    0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12,
+    0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab,
+    0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73,
+    0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6,
+    0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe,
+    0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7,
+    0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12,
+    0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8,
+    0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69,
+    0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43,
+    0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26,
+    0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0,
+    0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61,
+    0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45,
+    0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83,
+    0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63,
+    0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e,
+    0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9,
+    0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad,
+    0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52,
+    0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9,
+    0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f,
+    0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4,
+    0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d,
+    0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73,
+    0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a,
+    0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe,
+    0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd,
+    0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24,
+    0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf,
+    0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3,
+    0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38,
+    0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e,
+    0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b,
+    0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38,
+    0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c,
+    0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3,
+    0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb,
+    0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2,
+    0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44,
+    0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33,
+    0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25,
+    0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27,
+    0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a,
+    0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2,
+    0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d,
+    0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d,
+    0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd,
+    0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d,
+    0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01,
+    0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91,
+    0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86,
+    0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d,
+    0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69,
+    0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f,
+    0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21,
+    0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4,
+    0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89,
+    0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05,
+    0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c,
+    0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf,
+    0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3,
+    0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d,
+    0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42,
+    0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7,
+    0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20,
+    0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0,
+    0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6,
+    0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5,
+    0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9,
+    0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8,
+    0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f,
+    0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a,
+    0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a,
+    0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16,
+    0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33,
+    0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76,
+    0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8,
+    0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde,
+    0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7,
+    0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00,
+    0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92,
+    0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d,
+    0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4,
+    0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7,
+    0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a,
+    0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef,
+    0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba,
+    0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12,
+    0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1,
+    0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46,
+    0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2,
+    0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5,
+    0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d,
+    0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e,
+    0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28,
+};
+static const int sizeof_bench_dilithium_level3_sig =
+    sizeof(bench_dilithium_level3_sig);
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+static const unsigned char bench_dilithium_level5_sig[] = {
+    0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
+    0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
+    0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2,
+    0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57,
+    0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35,
+    0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70,
+    0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94,
+    0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d,
+    0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47,
+    0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e,
+    0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4,
+    0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37,
+    0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d,
+    0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84,
+    0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a,
+    0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41,
+    0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe,
+    0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c,
+    0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8,
+    0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3,
+    0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8,
+    0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a,
+    0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb,
+    0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f,
+    0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe,
+    0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28,
+    0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80,
+    0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51,
+    0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65,
+    0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d,
+    0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95,
+    0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae,
+    0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4,
+    0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f,
+    0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0,
+    0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1,
+    0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19,
+    0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21,
+    0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd,
+    0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0,
+    0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f,
+    0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e,
+    0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab,
+    0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70,
+    0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e,
+    0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88,
+    0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff,
+    0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14,
+    0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc,
+    0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6,
+    0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f,
+    0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34,
+    0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0,
+    0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1,
+    0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e,
+    0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e,
+    0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44,
+    0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba,
+    0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3,
+    0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6,
+    0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c,
+    0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c,
+    0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a,
+    0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc,
+    0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6,
+    0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba,
+    0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b,
+    0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00,
+    0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f,
+    0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71,
+    0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf,
+    0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7,
+    0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75,
+    0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f,
+    0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d,
+    0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85,
+    0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0,
+    0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7,
+    0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b,
+    0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94,
+    0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3,
+    0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63,
+    0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69,
+    0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf,
+    0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16,
+    0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a,
+    0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0,
+    0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f,
+    0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96,
+    0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a,
+    0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87,
+    0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9,
+    0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01,
+    0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70,
+    0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b,
+    0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb,
+    0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec,
+    0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9,
+    0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d,
+    0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8,
+    0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57,
+    0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e,
+    0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb,
+    0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c,
+    0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde,
+    0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b,
+    0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53,
+    0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81,
+    0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76,
+    0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9,
+    0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9,
+    0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c,
+    0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a,
+    0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d,
+    0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde,
+    0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a,
+    0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb,
+    0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70,
+    0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25,
+    0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac,
+    0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3,
+    0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6,
+    0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f,
+    0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c,
+    0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07,
+    0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63,
+    0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a,
+    0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c,
+    0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d,
+    0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7,
+    0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74,
+    0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36,
+    0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81,
+    0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68,
+    0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40,
+    0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14,
+    0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90,
+    0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2,
+    0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d,
+    0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc,
+    0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8,
+    0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3,
+    0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c,
+    0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e,
+    0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45,
+    0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e,
+    0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1,
+    0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c,
+    0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4,
+    0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66,
+    0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58,
+    0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d,
+    0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a,
+    0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57,
+    0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9,
+    0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62,
+    0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6,
+    0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb,
+    0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9,
+    0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55,
+    0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8,
+    0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08,
+    0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18,
+    0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f,
+    0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6,
+    0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0,
+    0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1,
+    0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6,
+    0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57,
+    0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17,
+    0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48,
+    0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85,
+    0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d,
+    0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f,
+    0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88,
+    0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66,
+    0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51,
+    0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57,
+    0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98,
+    0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b,
+    0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe,
+    0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00,
+    0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32,
+    0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04,
+    0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff,
+    0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54,
+    0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65,
+    0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17,
+    0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5,
+    0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d,
+    0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72,
+    0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51,
+    0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3,
+    0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02,
+    0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c,
+    0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06,
+    0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b,
+    0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6,
+    0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44,
+    0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7,
+    0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89,
+    0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52,
+    0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1,
+    0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98,
+    0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0,
+    0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab,
+    0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab,
+    0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0,
+    0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83,
+    0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84,
+    0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b,
+    0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a,
+    0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec,
+    0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46,
+    0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5,
+    0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00,
+    0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd,
+    0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92,
+    0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6,
+    0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5,
+    0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c,
+    0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c,
+    0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57,
+    0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7,
+    0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78,
+    0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57,
+    0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04,
+    0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed,
+    0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc,
+    0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d,
+    0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71,
+    0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d,
+    0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e,
+    0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6,
+    0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7,
+    0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3,
+    0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f,
+    0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a,
+    0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6,
+    0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56,
+    0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7,
+    0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b,
+    0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d,
+    0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef,
+    0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9,
+    0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21,
+    0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0,
+    0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c,
+    0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1,
+    0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9,
+    0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90,
+    0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76,
+    0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35,
+    0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4,
+    0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb,
+    0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a,
+    0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07,
+    0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b,
+    0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc,
+    0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e,
+    0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92,
+    0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64,
+    0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12,
+    0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f,
+    0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88,
+    0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a,
+    0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20,
+    0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8,
+    0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25,
+    0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4,
+    0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d,
+    0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0,
+    0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8,
+    0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f,
+    0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0,
+    0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1,
+    0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb,
+    0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f,
+    0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e,
+    0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b,
+    0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b,
+    0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d,
+    0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d,
+    0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd,
+    0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6,
+    0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68,
+    0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38,
+    0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49,
+    0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5,
+    0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7,
+    0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81,
+    0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0,
+    0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1,
+    0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c,
+    0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad,
+    0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81,
+    0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e,
+    0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1,
+    0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56,
+    0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f,
+    0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2,
+    0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88,
+    0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6,
+    0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67,
+    0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92,
+    0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a,
+    0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75,
+    0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2,
+    0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63,
+    0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b,
+    0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86,
+    0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83,
+    0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa,
+    0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10,
+    0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5,
+    0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07,
+    0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b,
+    0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27,
+    0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21,
+    0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e,
+    0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00,
+    0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d,
+    0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55,
+    0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc,
+    0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81,
+    0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2,
+    0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb,
+    0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01,
+    0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe,
+    0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc,
+    0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f,
+    0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24,
+    0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52,
+    0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45,
+    0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c,
+    0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c,
+    0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2,
+    0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb,
+    0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b,
+    0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c,
+    0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b,
+    0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c,
+    0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe,
+    0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8,
+    0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf,
+    0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b,
+    0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40,
+    0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b,
+    0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1,
+    0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0,
+    0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe,
+    0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f,
+    0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95,
+    0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f,
+    0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b,
+    0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2,
+    0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e,
+    0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6,
+    0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d,
+    0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44,
+    0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6,
+    0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e,
+    0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11,
+    0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55,
+    0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19,
+    0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d,
+    0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e,
+    0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c,
+    0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4,
+    0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9,
+    0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78,
+    0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2,
+    0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31,
+    0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e,
+    0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12,
+    0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca,
+    0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06,
+    0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53,
+    0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a,
+    0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59,
+    0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87,
+    0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1,
+    0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a,
+    0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05,
+    0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d,
+    0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93,
+    0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83,
+    0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c,
+    0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80,
+    0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0,
+    0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e,
+    0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37,
+    0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01,
+    0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72,
+    0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae,
+    0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6,
+    0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31,
+    0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b,
+    0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a,
+    0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74,
+    0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70,
+    0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0,
+    0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00,
+    0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69,
+    0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e,
+    0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30,
+    0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80,
+    0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25,
+    0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9,
+    0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf,
+    0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47,
+    0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2,
+    0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31,
+    0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5,
+    0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86,
+    0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b,
+    0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1,
+    0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e,
+    0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e,
+    0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65,
+    0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19,
+    0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3,
+    0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24,
+    0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa,
+    0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62,
+    0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd,
+    0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70,
+    0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a,
+    0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1,
+    0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d,
+    0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b,
+    0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c,
+    0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17,
+    0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72,
+    0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7,
+    0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03,
+    0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39,
+    0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd,
+    0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd,
+    0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63,
+    0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b,
+    0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d,
+    0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2,
+    0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9,
+    0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c,
+    0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e,
+    0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde,
+    0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6,
+    0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0,
+    0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f,
+    0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e,
+    0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18,
+    0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b,
+    0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44,
+    0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf,
+    0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1,
+    0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2,
+    0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c,
+    0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38,
+    0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8,
+    0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+    0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f,
+};
+static const int sizeof_bench_dilithium_level5_sig =
+    sizeof(bench_dilithium_level5_sig);
+#endif
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+
 void bench_dilithiumKeySign(byte level)
 {
     int    ret = 0;
     dilithium_key key;
     double start;
     int    i, count;
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
     byte   sig[DILITHIUM_MAX_SIG_SIZE];
     byte   msg[512];
     word32 x = 0;
+#endif
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
+    byte params = 0;
+
+    if (level == 2) {
+        params = 44;
+    }
+    else if (level == 3) {
+        params = 65;
+    }
+    else if (level == 5) {
+        params = 87;
+    }
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    /* make dummy msg */
+    for (i = 0; i < (int)sizeof(msg); i++) {
+        msg[i] = (byte)i;
+    }
+#endif
 
     ret = wc_dilithium_init(&key);
     if (ret != 0) {
@@ -11870,46 +14247,77 @@ void bench_dilithiumKeySign(byte level)
         printf("wc_dilithium_set_level() failed %d\n", ret);
     }
 
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    bench_stats_start(&count, &start);
+    do {
+        for (i = 0; i < agreeTimes; i++) {
+            ret = wc_dilithium_make_key(&key, GLOBAL_RNG);
+            if (ret != 0) {
+                printf("wc_dilithium_import_private_key failed %d\n", ret);
+                return;
+            }
+        }
+        count += i;
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+       || runs < minimum_runs
+#endif
+       );
+
     if (ret == 0) {
-        ret = -1;
-        if (level == 2) {
-            ret = wc_dilithium_import_private_key(bench_dilithium_level2_key,
-                      sizeof_bench_dilithium_level2_key, NULL, 0, &key);
-        }
-        else if (level == 3) {
-            ret = wc_dilithium_import_private_key(bench_dilithium_level3_key,
-                      sizeof_bench_dilithium_level3_key, NULL, 0, &key);
-        }
-        else if (level == 5) {
-            ret = wc_dilithium_import_private_key(bench_dilithium_level5_key,
-                      sizeof_bench_dilithium_level5_key, NULL, 0, &key);
-        }
-
-        if (ret != 0) {
-            printf("wc_dilithium_import_private_key failed %d\n", ret);
-        }
+        bench_stats_asym_finish("ML-DSA", params, desc[2], 0, count,
+                                start, ret);
+    #ifdef MULTI_VALUE_STATISTICS
+        bench_multi_value_stats(max, min, sum, squareSum, runs);
+    #endif
     }
 
-    /* make dummy msg */
-    for (i = 0; i < (int)sizeof(msg); i++) {
-        msg[i] = (byte)i;
+#elif !defined WOLFSSL_DILITHIUM_NO_SIGN
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (level == 2) {
+        ret = wc_dilithium_import_private(bench_dilithium_level2_key,
+            sizeof_bench_dilithium_level2_key, &key);
     }
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    if (level == 3) {
+        ret = wc_dilithium_import_private(bench_dilithium_level3_key,
+            sizeof_bench_dilithium_level3_key, &key);
+    }
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    if (level == 5) {
+        ret = wc_dilithium_import_private(bench_dilithium_level5_key,
+            sizeof_bench_dilithium_level5_key, &key);
+    }
+#endif
+    if (ret != 0) {
+        printf("Failed to load private key\n");
+        return;
+    }
+
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    if (level == 2) {
+        x = DILITHIUM_LEVEL2_SIG_SIZE;
+    }
+    else if (level == 3) {
+        x = DILITHIUM_LEVEL3_SIG_SIZE;
+    }
+    else {
+        x = DILITHIUM_LEVEL5_SIG_SIZE;
+    }
+
+    RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < agreeTimes; i++) {
             if (ret == 0) {
-                if (level == 2) {
-                    x = DILITHIUM_LEVEL2_SIG_SIZE;
-                }
-                else if (level == 3) {
-                    x = DILITHIUM_LEVEL3_SIG_SIZE;
-                }
-                else {
-                    x = DILITHIUM_LEVEL5_SIG_SIZE;
-                }
-
-                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key,
+                                            GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_dilithium_sign_msg failed\n");
                 }
@@ -11924,13 +14332,57 @@ void bench_dilithiumKeySign(byte level)
        );
 
     if (ret == 0) {
-        bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count, start,
+        bench_stats_asym_finish("ML-DSA", params, desc[4], 0, count, start,
                                 ret);
     #ifdef MULTI_VALUE_STATISTICS
         bench_multi_value_stats(max, min, sum, squareSum, runs);
     #endif
     }
 
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+    (defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+     defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY))
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (level == 2) {
+    #ifdef WOLFSSL_DILITHIUM_NO_SIGN
+        x = sizeof_bench_dilithium_level2_sig;
+        XMEMCPY(sig, bench_dilithium_level2_sig, x);
+    #endif
+        ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey,
+            sizeof_bench_dilithium_level2_pubkey, &key);
+    }
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    if (level == 3) {
+    #ifdef WOLFSSL_DILITHIUM_NO_SIGN
+        x = sizeof_bench_dilithium_level3_sig;
+        XMEMCPY(sig, bench_dilithium_level3_sig, x);
+    #endif
+        ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey,
+            sizeof_bench_dilithium_level3_pubkey, &key);
+    }
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    if (level == 5) {
+    #ifdef WOLFSSL_DILITHIUM_NO_SIGN
+        x = sizeof_bench_dilithium_level5_sig;
+        XMEMCPY(sig, bench_dilithium_level5_sig, x);
+    #endif
+        ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey,
+            sizeof_bench_dilithium_level5_pubkey, &key);
+    }
+#endif
+    if (ret != 0) {
+        printf("Failed to load public key\n");
+        return;
+    }
+
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     RESET_MULTI_VALUE_STATS_VARS();
 
     bench_stats_start(&count, &start);
@@ -11957,12 +14409,13 @@ void bench_dilithiumKeySign(byte level)
        );
 
     if (ret == 0) {
-        bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count, start,
+        bench_stats_asym_finish("ML-DSA", params, desc[5], 0, count, start,
                                 ret);
     #ifdef MULTI_VALUE_STATISTICS
         bench_multi_value_stats(max, min, sum, squareSum, runs);
     #endif
     }
+#endif
 
     wc_dilithium_free(&key);
 }
@@ -12055,7 +14508,7 @@ void bench_sphincsKeySign(byte level, byte optim)
                     x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_sphincs_sign_msg failed\n");
                 }
@@ -12125,12 +14578,13 @@ void bench_sphincsKeySign(byte level, byte optim)
     wc_sphincs_free(&key);
 }
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
 
 #if defined(_WIN32) && !defined(INTIME_RTOS)
 
     #define WIN32_LEAN_AND_MEAN
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 
     double current_time(int reset)
     {
@@ -12185,7 +14639,13 @@ void bench_sphincsKeySign(byte level, byte optim)
 
 #elif defined(FREERTOS)
 
-    #include "task.h"
+    #ifdef PLATFORMIO
+        #include <freertos/FreeRTOS.h>
+        #include <freertos/task.h>
+    #else
+        #include "task.h"
+    #endif
+
 #if defined(WOLFSSL_ESPIDF)
     /* prototype definition */
     int construct_argv();
@@ -12233,8 +14693,13 @@ void bench_sphincsKeySign(byte level, byte optim)
             #ifdef __XTENSA__
                 _esp_cpu_count_last = xthal_get_ccount();
             #else
-                esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0);
-                _esp_cpu_count_last = esp_cpu_get_cycle_count();
+                #if ESP_IDF_VERSION_MAJOR >= 5
+                    esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0);
+                    _esp_cpu_count_last = esp_cpu_get_cycle_count();
+                #else
+                    cpu_hal_set_cycle_count((uint32_t)0);
+                    _esp_cpu_count_last = cpu_hal_get_cycle_count();
+                #endif
             #endif
        }
     #endif
@@ -12245,9 +14710,9 @@ void bench_sphincsKeySign(byte level, byte optim)
       typiclly in app_startup.c */
 
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGV(TAG, "tickCount = %lu", tickCount);
+        ESP_LOGV(TAG, "tickCount = " TFMT, tickCount);
         if (tickCount == last_tickCount) {
-            ESP_LOGW(TAG, "last_tickCount unchanged? %lu", tickCount);
+            ESP_LOGW(TAG, "last_tickCount unchanged?" TFMT, tickCount);
 
         }
         if (tickCount < last_tickCount) {
@@ -12257,13 +14722,13 @@ void bench_sphincsKeySign(byte level, byte optim)
 
     if (reset) {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGW(TAG, "Assign last_tickCount = %lu", tickCount);
+            ESP_LOGW(TAG, "Assign last_tickCount = " TFMT, tickCount);
         #endif
         last_tickCount = tickCount;
     }
     else {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGW(TAG, "No Reset last_tickCount = %lu", tickCount);
+            ESP_LOGV(TAG, "No Reset last_tickCount = " TFMT, tickCount);
         #endif
     }
 
@@ -12287,10 +14752,13 @@ void bench_sphincsKeySign(byte level, byte optim)
     * Use care when repeatedly calling calling. See implementation. */
     double current_time(int reset)
     {
-        portTickType tickCount;
-        /* tick count == ms, if configTICK_RATE_HZ is set to 1000 */
-        tickCount = xTaskGetTickCount();
+        portTickType tickCount = xTaskGetTickCount();
+        /* if configTICK_RATE_HZ is available use if (default is 1000) */
+    #ifdef configTICK_RATE_HZ
+        return (double)tickCount / configTICK_RATE_HZ;
+    #else
         return (double)tickCount / 1000;
+    #endif
     }
 #endif
 
@@ -12309,6 +14777,15 @@ void bench_sphincsKeySign(byte level, byte optim)
         return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000;
     }
 
+#elif (defined(WOLFSSL_MAX3266X_OLD) || defined(WOLFSSL_MAX3266X)) \
+            && defined(MAX3266X_RTC)
+
+    double current_time(int reset)
+    {
+        (void)reset;
+        return wc_MXC_RTC_Time();
+    }
+
 #elif defined(FREESCALE_KSDK_BM)
 
     double current_time(int reset)
@@ -12382,13 +14859,13 @@ void bench_sphincsKeySign(byte level, byte optim)
 
     double current_time(int reset)
     {
+        int64_t t;
         (void)reset;
-
      #if defined(CONFIG_ARCH_POSIX)
          k_cpu_idle();
      #endif
-
-        return (double)k_uptime_get() / 1000;
+        t = k_uptime_get(); /* returns current uptime in milliseconds */
+        return (double)(t / 1000);
     }
 
 #elif defined(WOLFSSL_NETBURNER)
@@ -12403,7 +14880,15 @@ void bench_sphincsKeySign(byte level, byte optim)
 
         return (double) ticks/TICKS_PER_SECOND;
     }
+#elif defined(WOLFSSL_RPIPICO)
+    #include "pico/stdlib.h"
 
+    double current_time(int reset)
+    {
+        (void)reset;
+
+        return (double) time_us_64() / 1000000;
+    }
 #elif defined(THREADX)
     #include "tx_api.h"
     double current_time(int reset)
@@ -12462,7 +14947,9 @@ void bench_sphincsKeySign(byte level, byte optim)
             (double)rusage.ru_utime.tv_usec / MILLION_VALUE;
     }
 
-    static void check_for_excessive_stime(const char *desc,
+    static void check_for_excessive_stime(const char *algo,
+                                          int strength,
+                                          const char *desc,
                                           const char *desc_extra)
     {
         double start_utime = (double)base_rusage.ru_utime.tv_sec +
@@ -12475,11 +14962,20 @@ void bench_sphincsKeySign(byte level, byte optim)
             (double)cur_rusage.ru_stime.tv_usec / MILLION_VALUE;
         double stime_utime_ratio =
             (cur_stime - start_stime) / (cur_utime - start_utime);
-        if (stime_utime_ratio > .1)
-            printf("%swarning, "
-                   "excessive system time ratio for %s%s (" FLT_FMT_PREC "%%).\n",
-                   err_prefix, desc, desc_extra,
-                   FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0));
+        if (stime_utime_ratio > .1) {
+            if (strength > 0) {
+                printf("%swarning, "
+                       "excessive system time ratio for %s-%d-%s%s (" FLT_FMT_PREC "%%).\n",
+                       err_prefix, algo, strength, desc, desc_extra,
+                       FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0));
+            }
+            else {
+                printf("%swarning, "
+                       "excessive system time ratio for %s%s%s (" FLT_FMT_PREC "%%).\n",
+                       err_prefix, algo, desc, desc_extra,
+                       FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0));
+            }
+        }
     }
 
 #elif defined(WOLFSSL_LINUXKM)
@@ -12491,8 +14987,27 @@ void bench_sphincsKeySign(byte level, byte optim)
         return (double)ns / 1000000000.0;
     }
 
+#elif defined(WOLFSSL_GAISLER_BCC)
+
+    #include <bcc/bcc.h>
+    double current_time(int reset)
+    {
+        (void)reset;
+        uint32_t us = bcc_timer_get_us();
+        return (double)us / 1000000.0;
+    }
+
+#elif defined(__WATCOMC__)
+
+    #include <time.h>
+    WC_INLINE double current_time(int reset)
+    {
+        (void)reset;
+        return ((double)clock())/CLOCKS_PER_SEC;
+    }
 #else
 
+    #include <time.h>
     #include <sys/time.h>
 
     double current_time(int reset)
@@ -12601,6 +15116,7 @@ static void Usage(void)
     e += 3;
 #endif
     printf("%s", bench_Usage_msg1[lng_index][e++]);    /* option -dgst_full */
+    printf("%s", bench_Usage_msg1[lng_index][e++]);    /* option -mca_final */
 #ifndef NO_RSA
     printf("%s", bench_Usage_msg1[lng_index][e++]);    /* option -ras_sign */
     #ifdef WOLFSSL_KEY_GEN
@@ -12649,14 +15165,15 @@ static void Usage(void)
         print_alg(bench_asym_opt[i].str, &line);
     for (i=0; bench_other_opt[i].str != NULL; i++)
         print_alg(bench_other_opt[i].str, &line);
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
+#if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \
+    defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
     for (i=0; bench_pq_asym_opt[i].str != NULL; i++)
         print_alg(bench_pq_asym_opt[i].str, &line);
-#if defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS)
+#if defined(HAVE_SPHINCS)
     for (i=0; bench_pq_asym_opt2[i].str != NULL; i++)
         print_alg(bench_pq_asym_opt2[i].str, &line);
-#endif /* HAVE_LIBOQS && HAVE_SPHINCS */
-#endif /* HAVE_PQC */
+#endif /* HAVE_SPHINCS */
+#endif
 #if defined(BENCH_PQ_STATEFUL_HBS)
     for (i=0; bench_pq_hash_sig_opt[i].str != NULL; i++)
         print_alg(bench_pq_hash_sig_opt[i].str, &line);
@@ -12797,6 +15314,14 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
 #endif
         else if (string_matches(argv[1], "-dgst_full"))
             digest_stream = 0;
+        else if (string_matches(argv[1], "-mac_final"))
+            mac_stream = 0;
+        else if (string_matches(argv[1], "-aead_set_key"))
+            aead_set_key = 1;
+#ifdef HAVE_CHACHA
+        else if (string_matches(argv[1], "-enc_only"))
+            encrypt_only = 1;
+#endif
 #ifndef NO_RSA
         else if (string_matches(argv[1], "-rsa_sign"))
             rsa_sign_verify = 1;
@@ -12923,7 +15448,8 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
                     optMatched = 1;
                 }
             }
-        #if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
+        #if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \
+            defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
             /* Known asymmetric post-quantum algorithms */
             for (i=0; !optMatched && bench_pq_asym_opt[i].str != NULL; i++) {
                 if (string_matches(argv[1], bench_pq_asym_opt[i].str)) {
@@ -12936,7 +15462,9 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
             /* Both bench_pq_asym_opt and bench_pq_asym_opt2 are looking for
              * -pq, so we need to do a special case for -pq since optMatched
              * was set to 1 just above. */
-            if (string_matches(argv[1], bench_pq_asym_opt[0].str)) {
+            if ((bench_pq_asym_opt[0].str != NULL) &&
+                string_matches(argv[1], bench_pq_asym_opt[0].str))
+            {
                 bench_pq_asym_algs2 |= bench_pq_asym_opt2[0].val;
                 bench_all = 0;
                 optMatched = 1;
@@ -12949,7 +15477,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
                 }
             }
         #endif
-        #endif /* HAVE_PQC */
+        #endif
             /* Other known cryptographic algorithms */
             for (i=0; !optMatched && bench_other_opt[i].str != NULL; i++) {
                 if (string_matches(argv[1], bench_other_opt[i].str)) {
diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h
index cefef7ca6..ac4c16864 100644
--- a/wolfcrypt/benchmark/benchmark.h
+++ b/wolfcrypt/benchmark/benchmark.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/benchmark/benchmark.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,6 +64,7 @@ void bench_camellia(void);
 void bench_sm4_cbc(void);
 void bench_sm4_gcm(void);
 void bench_sm4_ccm(void);
+void bench_ascon_aead(void);
 void bench_md5(int useDeviceID);
 void bench_sha(int useDeviceID);
 void bench_sha224(int useDeviceID);
@@ -103,7 +104,7 @@ void bench_rsa_key(int useDeviceID, word32 keySz);
 void bench_dh(int useDeviceID);
 void bench_kyber(int type);
 void bench_lms(void);
-void bench_xmss(void);
+void bench_xmss(int hash);
 void bench_ecc_curve(int curveId);
 void bench_eccMakeKey(int useDeviceID, int curveId);
 void bench_ecc(int useDeviceID, int curveId);
@@ -128,6 +129,7 @@ void bench_sakke(void);
 void bench_rng(void);
 void bench_blake2b(void);
 void bench_blake2s(void);
+void bench_ascon_hash(void);
 void bench_pbkdf2(void);
 void bench_falconKeySign(byte level);
 void bench_dilithiumKeySign(byte level);
diff --git a/wolfcrypt/benchmark/include.am b/wolfcrypt/benchmark/include.am
index dc2b71c41..22cecbdae 100644
--- a/wolfcrypt/benchmark/include.am
+++ b/wolfcrypt/benchmark/include.am
@@ -23,5 +23,8 @@ endif
 
 EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln
 EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.sln
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
 EXTRA_DIST += wolfcrypt/benchmark/README.md
 DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark
diff --git a/wolfcrypt/src/ASN_TEMPLATE.md b/wolfcrypt/src/ASN_TEMPLATE.md
new file mode 100644
index 000000000..5fa3fce32
--- /dev/null
+++ b/wolfcrypt/src/ASN_TEMPLATE.md
@@ -0,0 +1,162 @@
+# Writing an ASN Template
+
+## Template
+
+A template that describes the ASN.1 items that are expected is required.
+
+Each ASN.1 item should have a named index to make it easier to choose the item
+when assigning variables or getting data.
+
+The number of items in the template is needed too. Use a define using sizeof to
+allow for modification.
+
+```c
+/* ASN template for <name of ASN.1 definition>.
+ * <RFC or standard that it comes from>
+ */
+static const ASNItem <template>[] = {
+/*  <ITEM_0> */ { <depth>, <ASN Type>, <constructed>, <header>, <optional> },
+...
+};
+/* Named indices for <template>. */
+enum {
+    <TEMPLATE>_<ITEM_0> = 0,
+    <TEMPLATE>_<ITEM_1>,
+    ...
+};
+/* Number of items in <template>. */
+#define <template>_Length (sizeof(<template>) / sizeof(ASNItem))
+```
+
+## Examples of ASN.1 items
+
+### Sequence
+
+This is a sequence at depth 0 and want to parse the contents.
+
+ASN.1 description would be something like:
+```
+  RSASSA-PSS-params ::= SEQUENCE {
+```
+
+```c
+    { 0, ASN_SEQUENCE, 1, 1, 0 },
+```
+
+To skip over the contents of the sequence, set the header to 0 indicating that
+the next item to parse will be this level or higher.
+
+```c
+    { 0, ASN_SEQUENCE, 1, 0, 0 },
+```
+
+### Simple types
+
+An INTEGER at depth 1.
+
+ASN.1 description would be something like:
+```
+  prime    INTEGER,
+```
+
+```c
+        { 1, ASN_INTEGER, 0, 0, 1 },
+```
+
+An OCTET_STRING at depth 1 but stop after header in order to parse contents:
+
+ASN.1 description would be something like:
+```
+  digest   OCTET STRING
+```
+
+```c
+        { 1, ASN_COTET_STRING, 0, 1, 0 },
+```
+
+### Context Specific
+
+Content specific ASN.1 items need the value associated with them.
+
+This is a constructed ASN.1 Content Specific item of 1 that is optional.
+
+ASN.1 description would be something like:
+```
+  maskGenAlgorithm  [1] MaskGeneration Default mgf1SHA1
+```
+
+
+```c
+        { 1, ASN_CONTENT_SPECIFIC | 1, 1, 1, 1 },
+```
+
+### Optional items
+
+An optional boolean (like criticality of a certificate extension):
+
+ASN.1 description would be something like:
+```
+  critical    BOOLEAN DEFAULT FALSE,
+```
+
+```c
+        { 1, ASN_BOOLEAN, 0, 0, 1 },
+```
+
+### Choice
+
+Next ASN.1 item, at depth 2, is one of multiple types:
+
+```c
+            { 2, ASN_TAG_NULL, 0, 0, 2 },
+            { 2, ASN_OBJECT_ID, 0, 0, 2 },
+            { 2, ASN_SEQUENCE, 1, 0, 2 },
+```
+
+Note, use the optional value to uniquely identify the choices.
+
+
+
+# Decoding function outline
+
+An outline of a decoding function:
+
+```c
+#include <wolfssl/wolfcrypt/asn.h>
+
+...
+
+static int Decode<Something>(const byte* input, int sz, <Object Type* <obj>)
+{
+    DECL_ASNGETDATA(dataASN, <template>_Length);
+    int ret = 0;
+    /* Declare variables to parse data into. For example:
+     *   word32 idx = 0;
+     *   byte isCA = 0;
+     */
+
+    CALLOC_ASNGETDATA(dataASN, <template>_Length, ret, <obj>->heap);
+
+    if (ret == 0) {
+        /* Set any variables to be filled in by the parser. For example:
+         *  GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &isCA);
+         *  GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &<obj>->pathLength);
+         */
+
+        /* Decode the ASN.1 DER. */
+        ret = GetASN_Items(<template>, dataASN, <template>_Length, 1, input,
+                           &idx, (word32)sz);
+    }
+
+    if (ret == 0) {
+        /* Check data in variables is valid. */
+    }
+    if (ret == 0) {
+        /* Put data in variables into object. */
+    }
+
+    FREE_ASNGETDATA(dataASN, <obj>->heap);
+    return ret;
+}
+```
+
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index d4e44d735..c6682214e 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -1,6 +1,6 @@
 /* aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,15 +39,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 
 /* Tip: Locate the software cipher modes by searching for "Software AES" */
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-
+#if FIPS_VERSION3_GE(2,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$g")
-        #pragma const_seg(".fipsB$g")
+        #pragma code_seg(".fipsA$b")
+        #pragma const_seg(".fipsB$b")
     #endif
 #endif
 
@@ -84,6 +82,17 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef MAX3266X_CB
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    /* Turn off MAX3266X_AES in the context of this file when using CB */
+    #undef MAX3266X_AES
+#endif
+#endif
+
 #if defined(WOLFSSL_TI_CRYPT)
     #include <wolfcrypt/src/port/ti/ti-aes.c>
 #else
@@ -97,7 +106,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#ifndef WOLFSSL_ARMASM
+#if (!defined(WOLFSSL_ARMASM) || defined(__aarch64__)) && \
+    !defined(WOLFSSL_RISCV_ASM)
 
 #ifdef WOLFSSL_IMX6_CAAM_BLOB
     /* case of possibly not using hardware acceleration for AES but using key
@@ -114,6 +124,15 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #pragma warning(disable: 4127)
 #endif
 
+#if !defined(WOLFSSL_ARMASM) && FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000002 };
+    int wolfCrypt_FIPS_AES_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
 /* Define AES implementation includes and functions */
 #if defined(STM32_CRYPTO)
      /* STM32F2/F4/F7/L4/L5/H7/WB55 hardware AES support for ECB, CBC, CTR and GCM modes */
@@ -156,13 +175,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
             (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #else
-        ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -257,13 +276,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
             (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #else
-        ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -361,7 +380,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
 
             if (wolfSSL_CryptHwMutexLock() == 0) {
-                LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE,
+                LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                     key, keySize);
                 wolfSSL_CryptHwMutexUnLock();
             }
@@ -384,7 +403,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
 
             if (wolfSSL_CryptHwMutexLock() == 0) {
-                LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE,
+                LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                     key, keySize, kLTC_EncryptKey);
                 wolfSSL_CryptHwMutexUnLock();
             }
@@ -475,7 +494,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
         /* Thread mutex protection handled in Pic32Crypto */
         return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0,
-            outBlock, inBlock, AES_BLOCK_SIZE,
+            outBlock, inBlock, WC_AES_BLOCK_SIZE,
             PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB);
     }
     #endif
@@ -493,7 +512,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
         /* Thread mutex protection handled in Pic32Crypto */
         return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0,
-            outBlock, inBlock, AES_BLOCK_SIZE,
+            outBlock, inBlock, WC_AES_BLOCK_SIZE,
             PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB);
     }
     #endif
@@ -527,10 +546,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #endif /* HAVE_AES_DECRYPT */
 
 #elif defined(WOLFSSL_ESP32_CRYPT) && \
-    !defined(NO_WOLFSSL_ESP32_CRYPT_AES)
+     !defined(NO_WOLFSSL_ESP32_CRYPT_AES)
     #include <esp_log.h>
     #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-    const char* TAG = "aes";
+    #define TAG "aes"
 
     /* We'll use SW for fallback:
      *   unsupported key lengths. (e.g. ESP32-S3)
@@ -606,6 +625,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         #define AESNI_ALIGN 16
     #endif
 
+    /* note that all write access to these static variables must be idempotent,
+     * as arranged by Check_CPU_support_AES(), else they will be susceptible to
+     * data races.
+     */
     static int checkedAESNI = 0;
     static int haveAESNI  = 0;
     static word32 intel_flags = 0;
@@ -720,7 +743,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
                 return MEMORY_E;
 #endif
 
-            if (AES_set_encrypt_key_AESNI(userKey,bits,temp_key) == BAD_FUNC_ARG) {
+            if (AES_set_encrypt_key_AESNI(userKey,bits,temp_key)
+                == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
 #ifdef WOLFSSL_SMALL_STACK
                 XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES);
 #endif
@@ -764,6 +788,27 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         }
     #endif /* HAVE_AES_DECRYPT */
 
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+
+    #define NEED_AES_TABLES
+
+    static int checkedCpuIdFlags = 0;
+    static word32 cpuid_flags = 0;
+
+    static void Check_CPU_support_HwCrypto(Aes* aes)
+    {
+        if (checkedCpuIdFlags == 0) {
+            cpuid_flags = cpuid_get_flags();
+            checkedCpuIdFlags = 1;
+        }
+        aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags);
+    #ifdef HAVE_AESGCM
+        aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags);
+        aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags);
+    #endif
+    }
+
 #elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) \
         && !defined(WOLFSSL_QNX_CAAM)) || \
       ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
@@ -928,7 +973,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
                 return ret;
         }
 #endif
-        return AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+        return AES_ECB_encrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
     }
     #endif
 
@@ -943,7 +988,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
                 return ret;
         }
 #endif
-        return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+        return AES_ECB_decrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
     }
     #endif
 
@@ -960,6 +1005,9 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
 /* implemented in wolfcrypt/src/port/psa/psa_aes.c */
 
+#elif defined(WOLFSSL_RISCV_ASM)
+/* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
+
 #else
 
     /* using wolfCrypt software implementation */
@@ -968,6 +1016,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 
 
 
+#if defined(WC_AES_BITSLICED) && !defined(HAVE_AES_ECB)
+    #error "When WC_AES_BITSLICED is defined, HAVE_AES_ECB is needed."
+#endif
+
 #ifdef NEED_AES_TABLES
 
 #ifndef WC_AES_BITSLICED
@@ -1904,6 +1956,7 @@ static word32 GetTable8_4(const byte* t, byte o0, byte o1, byte o2, byte o3)
      ((word32)(t)[o2] <<  8) | ((word32)(t)[o3] <<  0))
 #endif
 
+#ifndef HAVE_CUDA
 /* Encrypt a block using AES.
  *
  * @param [in]  aes       AES object.
@@ -1918,7 +1971,7 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
     word32 t0, t1, t2, t3;
     const word32* rk;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     rk = aes->key_C_fallback;
 #else
     rk = aes->key;
@@ -2185,7 +2238,8 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Encrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -2197,13 +2251,18 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 {
     word32 i;
 
-    for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+    for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
         AesEncrypt_C(aes, in, out, aes->rounds >> 1);
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 }
 #endif
+#else
+extern void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
+        word32 r);
+extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz);
+#endif /* HAVE_CUDA */
 
 #else
 
@@ -2655,18 +2714,18 @@ static void bs_set_key(bs_word* rk, const byte* key, word32 keyLen,
     word32 rounds)
 {
     int i;
-    byte bs_key[15 * AES_BLOCK_SIZE];
-    int ksSz = (rounds + 1) * AES_BLOCK_SIZE;
+    byte bs_key[15 * WC_AES_BLOCK_SIZE];
+    int ksSz = (rounds + 1) * WC_AES_BLOCK_SIZE;
     bs_word block[AES_BLOCK_BITS];
 
     /* Fist round. */
     XMEMCPY(bs_key, key, keyLen);
     bs_expand_key(bs_key, ksSz);
 
-    for (i = 0; i < ksSz; i += AES_BLOCK_SIZE) {
+    for (i = 0; i < ksSz; i += WC_AES_BLOCK_SIZE) {
         int k;
 
-        XMEMCPY(block, bs_key + i, AES_BLOCK_SIZE);
+        XMEMCPY(block, bs_key + i, WC_AES_BLOCK_SIZE);
         for (k = BS_BLOCK_WORDS; k < AES_BLOCK_BITS; k += BS_BLOCK_WORDS) {
             int l;
             for (l = 0; l < BS_BLOCK_WORDS; l++) {
@@ -2699,6 +2758,7 @@ static void bs_encrypt(bs_word* state, bs_word* rk, word32 r)
     bs_inv_transpose(state, trans);
 }
 
+#ifndef HAVE_CUDA
 /* Encrypt a block using AES.
  *
  * @param [in]  aes       AES object.
@@ -2713,12 +2773,12 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 
     (void)r;
 
-    XMEMCPY(state, inBlock, AES_BLOCK_SIZE);
-    XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE);
+    XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE);
+    XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE);
 
     bs_encrypt(state, aes->bs_key, aes->rounds);
 
-    XMEMCPY(outBlock, state, AES_BLOCK_SIZE);
+    XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE);
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
@@ -2750,6 +2810,11 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
     }
 }
 #endif
+#else
+extern void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
+        word32 r);
+extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz);
+#endif /* HAVE_CUDA */
 
 #endif /* !WC_AES_BITSLICED */
 
@@ -2758,6 +2823,12 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 static WARN_UNUSED_RESULT int wc_AesEncrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -2789,13 +2860,13 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
             printf("out = %p\n", outBlock);
             printf("aes->key = %p\n", aes->key);
             printf("aes->rounds = %d\n", aes->rounds);
-            printf("sz = %d\n", AES_BLOCK_SIZE);
+            printf("sz = %d\n", WC_AES_BLOCK_SIZE);
         #endif
 
         /* check alignment, decrypt doesn't need alignment */
         if ((wc_ptr_t)inBlock % AESNI_ALIGN) {
         #ifndef NO_WOLFSSL_ALLOC_ALIGN
-            byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap,
+            byte* tmp = (byte*)XMALLOC(WC_AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap,
                                                       DYNAMIC_TYPE_TMP_BUFFER);
             byte* tmp_align;
             if (tmp == NULL)
@@ -2803,10 +2874,10 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
 
             tmp_align = tmp + (AESNI_ALIGN - ((wc_ptr_t)tmp % AESNI_ALIGN));
 
-            XMEMCPY(tmp_align, inBlock, AES_BLOCK_SIZE);
-            AES_ECB_encrypt_AESNI(tmp_align, tmp_align, AES_BLOCK_SIZE,
+            XMEMCPY(tmp_align, inBlock, WC_AES_BLOCK_SIZE);
+            AES_ECB_encrypt_AESNI(tmp_align, tmp_align, WC_AES_BLOCK_SIZE,
                     (byte*)aes->key, (int)aes->rounds);
-            XMEMCPY(outBlock, tmp_align, AES_BLOCK_SIZE);
+            XMEMCPY(outBlock, tmp_align, WC_AES_BLOCK_SIZE);
             XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
             return 0;
         #else
@@ -2816,7 +2887,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
         #endif
         }
 
-        AES_ECB_encrypt_AESNI(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
+        AES_ECB_encrypt_AESNI(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
                         (int)aes->rounds);
 
         return 0;
@@ -2826,22 +2897,29 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
             printf("Skipping AES-NI\n");
         #endif
     }
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key,
+            (int)aes->rounds);
+        return 0;
+    }
 #endif /* WOLFSSL_AESNI */
 #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
-    AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+    AES_ECB_encrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
     return 0;
 #endif
 
 #if defined(WOLFSSL_IMXRT_DCP)
     if (aes->keylen == 16) {
-        DCPAesEcbEncrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE);
+        DCPAesEcbEncrypt(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE);
         return 0;
     }
 #endif
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
     if (aes->useSWCrypt == 0) {
-        return se050_aes_crypt(aes, inBlock, outBlock, AES_BLOCK_SIZE,
+        return se050_aes_crypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                                AES_ENCRYPTION, kAlgorithm_SSS_AES_ECB);
     }
 #endif
@@ -2861,6 +2939,26 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
     }
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, WC_AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesEncrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -2889,7 +2987,7 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd(void)
     }
     return x;
 }
-#endif
+#endif /* !WOLFSSL_AES_SMALL_TABLES */
 
 /* load Td Table4 into cache by cache line stride */
 static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void)
@@ -2906,7 +3004,7 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void)
     return 0;
 #endif
 }
-#endif
+#endif /* !WC_NO_CACHE_RESISTANT */
 
 /* Decrypt a block using AES.
  *
@@ -2922,7 +3020,7 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
     word32 t0, t1, t2, t3;
     const word32* rk;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     rk = aes->key_C_fallback;
 #else
     rk = aes->key;
@@ -3141,7 +3239,8 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Decrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -3153,15 +3252,15 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 {
     word32 i;
 
-    for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+    for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
         AesDecrypt_C(aes, in, out, aes->rounds >> 1);
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 }
 #endif
 
-#else
+#else /* WC_AES_BITSLICED */
 
 /* http://cs-www.cs.yale.edu/homes/peralta/CircuitStuff/Sinv.txt */
 static void bs_inv_sub_bytes(bs_word u[8])
@@ -3462,12 +3561,12 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 
     (void)r;
 
-    XMEMCPY(state, inBlock, AES_BLOCK_SIZE);
-    XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE);
+    XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE);
+    XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE);
 
     bs_decrypt(state, aes->bs_key, aes->rounds);
 
-    XMEMCPY(outBlock, state, AES_BLOCK_SIZE);
+    XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE);
 }
 #endif
 
@@ -3501,13 +3600,19 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 }
 #endif
 
-#endif
+#endif /* !WC_AES_BITSLICED */
 
 #if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT)
 /* Software AES - ECB Decrypt */
 static WARN_UNUSED_RESULT int wc_AesDecrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -3539,13 +3644,13 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             printf("out = %p\n", outBlock);
             printf("aes->key = %p\n", aes->key);
             printf("aes->rounds = %d\n", aes->rounds);
-            printf("sz = %d\n", AES_BLOCK_SIZE);
+            printf("sz = %d\n", WC_AES_BLOCK_SIZE);
         #endif
 
         /* if input and output same will overwrite input iv */
         if ((const byte*)aes->tmp != inBlock)
-            XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE);
-        AES_ECB_decrypt_AESNI(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
+            XMEMCPY(aes->tmp, inBlock, WC_AES_BLOCK_SIZE);
+        AES_ECB_decrypt_AESNI(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
                         (int)aes->rounds);
         return 0;
     }
@@ -3554,19 +3659,26 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             printf("Skipping AES-NI\n");
         #endif
     }
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key,
+            (int)aes->rounds);
+        return 0;
+    }
 #endif /* WOLFSSL_AESNI */
 #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
-    return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+    return AES_ECB_decrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
 #endif
 #if defined(WOLFSSL_IMXRT_DCP)
     if (aes->keylen == 16) {
-        DCPAesEcbDecrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE);
+        DCPAesEcbDecrypt(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE);
         return 0;
     }
 #endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
     if (aes->useSWCrypt == 0) {
-        return se050_aes_crypt(aes, inBlock, outBlock, AES_BLOCK_SIZE,
+        return se050_aes_crypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                                AES_DECRYPTION, kAlgorithm_SSS_AES_ECB);
     }
 #endif
@@ -3584,6 +3696,27 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     } /* else !wc_esp32AesSupportedKeyLen for ESP32 */
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, WC_AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+
+#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesDecrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -3629,8 +3762,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2)
         ByteReverseWords(rk, rk, keylen);
     #endif
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
         return wc_AesSetIV(aes, iv);
@@ -3649,7 +3782,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         extern TX_BYTE_POOL mp_ncached;  /* Non Cached memory pool */
     #endif
 
-    #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64)
+    #define AES_BUFFER_SIZE (WC_AES_BLOCK_SIZE * 64)
     static unsigned char *AESBuffIn = NULL;
     static unsigned char *AESBuffOut = NULL;
     static byte *secReg;
@@ -3676,9 +3809,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut,
                                   AES_BUFFER_SIZE, TX_NO_WAIT);
             s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey,
-                                  AES_BLOCK_SIZE*2, TX_NO_WAIT);
+                                  WC_AES_BLOCK_SIZE*2, TX_NO_WAIT);
             s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg,
-                                  AES_BLOCK_SIZE, TX_NO_WAIT);
+                                  WC_AES_BLOCK_SIZE, TX_NO_WAIT);
 
             if (s1 || s2 || s3 || s4 || s5)
                 return BAD_FUNC_ARG;
@@ -3708,10 +3841,10 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         XMEMCPY(aes->key, userKey, keylen);
 
         if (iv)
-            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3741,8 +3874,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         aes->rounds = keylen/4 + 6;
         XMEMCPY(aes->key, userKey, keylen);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3793,8 +3926,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         if (rk == NULL)
             return BAD_FUNC_ARG;
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3874,8 +4007,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         XMEMCPY(aes->key, userKey, keylen);
         ret = nrf51_aes_set_key(userKey);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3931,7 +4064,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         aes->rounds = keylen/4 + 6;
 
         XMEMCPY(aes->key, userKey, keylen);
-        #if defined(WOLFSSL_AES_COUNTER)
+        #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+            defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
             aes->left = 0;
         #endif
         return wc_AesSetIV(aes, iv);
@@ -4005,9 +4139,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         ret = wc_AesSetIV(aes, iv);
 
         if (iv)
-            XMEMCPY(iv_aes, iv, AES_BLOCK_SIZE);
+            XMEMCPY(iv_aes, iv, WC_AES_BLOCK_SIZE);
         else
-            XMEMSET(iv_aes,  0, AES_BLOCK_SIZE);
+            XMEMSET(iv_aes,  0, WC_AES_BLOCK_SIZE);
 
 
         ret = SaSi_AesSetIv(&aes->ctx.user_ctx, iv_aes);
@@ -4062,7 +4196,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
  */
 static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     word32* rk = aes->key_C_fallback;
 #else
     word32* rk = aes->key;
@@ -4072,7 +4206,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
     XMEMCPY(rk, key, keySz);
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \
+    !defined(MAX3266X_AES)
     /* Always reverse words when using only SW */
     {
         ByteReverseWords(rk, rk, keySz);
@@ -4219,11 +4354,11 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
     } /* switch */
     ForceZero(&temp, sizeof(temp));
 
-#if defined(HAVE_AES_DECRYPT)
+#if defined(HAVE_AES_DECRYPT) && !defined(MAX3266X_AES)
     if (dir == AES_DECRYPTION) {
         unsigned int j;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
         rk = aes->key_C_fallback;
 #else
         rk = aes->key;
@@ -4294,6 +4429,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
 #endif /* NEED_AES_TABLES */
 
+#ifndef WOLFSSL_RISCV_ASM
     /* Software AES - SetKey */
     static WARN_UNUSED_RESULT int wc_AesSetKeyLocal(
         Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir,
@@ -4374,9 +4510,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
             wc_FreeRng(&rng);
 
             if (iv)
-                XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+                XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
             else
-                XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+                XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
 
             switch (keylen) {
                 case AES_128_KEY_SIZE: keyType = CAAM_KEYTYPE_AES128; break;
@@ -4421,8 +4557,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         #endif
         }
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -4432,11 +4568,11 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         if (ret != 0)
             return ret;
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
 #ifdef NEED_AES_TABLES
         AesSetKey_C(aes, userKey, keylen, dir);
 #endif /* NEED_AES_TABLES */
-#endif /* WC_AES_C_DYNAMIC_FALLBACK */
+#endif /* WC_C_DYNAMIC_FALLBACK */
 
     #ifdef WOLFSSL_AESNI
         aes->use_aesni = 0;
@@ -4465,13 +4601,13 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
                 if (ret == 0)
                     aes->use_aesni = 1;
                 else {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
                     ret = 0;
 #endif
                 }
                 return ret;
             } else {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
                 return 0;
 #else
                 return ret;
@@ -4480,6 +4616,14 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         }
     #endif /* WOLFSSL_AESNI */
 
+    #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+        !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        Check_CPU_support_HwCrypto(aes);
+        if (aes->use_aes_hw_crypto) {
+            return AES_set_key_AARCH64(userKey, keylen, aes, dir);
+        }
+    #endif
+
     #ifdef WOLFSSL_KCAPI_AES
         XMEMCPY(aes->devKey, userKey, keylen);
         if (aes->init != 0) {
@@ -4514,8 +4658,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
 #ifndef WC_AES_BITSLICED
     #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-        (!defined(WOLFSSL_ESP32_CRYPT) || \
-          defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+        (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) \
+        && !defined(MAX3266X_AES)
 
         /* software */
         ByteReverseWords(aes->key, aes->key, keylen);
@@ -4562,8 +4706,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         }
 #endif
 
-        ret = wc_AesSetIV(aes, iv);
-
     #if defined(WOLFSSL_DEVCRYPTO) && \
         (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
         aes->ctx.cfd = -1;
@@ -4607,6 +4749,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1);
 
     } /* wc_AesSetKey() */
+#endif
 
     #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
         /* AES-CTR and AES-DIRECT need to use this for key setup */
@@ -4642,9 +4785,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #endif
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
     defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
@@ -4657,9 +4800,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
 #ifdef WOLFSSL_AESNI
 
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
 
-#define VECTOR_REGISTERS_PUSH { \
+#define VECTOR_REGISTERS_PUSH {                                      \
         int orig_use_aesni = aes->use_aesni;                         \
         if (aes->use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) {     \
             aes->use_aesni = 0;                                      \
@@ -4674,6 +4817,15 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     }                                                                \
     WC_DO_NOTHING
 
+#elif defined(SAVE_VECTOR_REGISTERS2_DOES_NOTHING)
+
+#define VECTOR_REGISTERS_PUSH { \
+        WC_DO_NOTHING
+
+#define VECTOR_REGISTERS_POP                                         \
+    }                                                                \
+    WC_DO_NOTHING
+
 #else
 
 #define VECTOR_REGISTERS_PUSH { \
@@ -4765,10 +4917,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     {
         int ret = 0;
         CRYP_HandleTypeDef hcryp;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4786,7 +4938,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
     #if defined(STM32_HAL_V2)
         hcryp.Init.Algorithm  = CRYP_AES_CBC;
-        ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
+        ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
     #elif defined(STM32_CRYPTO_AES_ONLY)
         hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
         hcryp.Init.ChainingMode  = CRYP_CHAINMODE_AES_CBC;
@@ -4796,14 +4948,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
             (uint32_t*)out, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
             out, STM32_HAL_TIMEOUT);
     #else
         ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in,
-                                      blocks * AES_BLOCK_SIZE,
+                                      blocks * WC_AES_BLOCK_SIZE,
                                       out, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -4811,7 +4963,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* store iv for next call */
-        XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         HAL_CRYP_DeInit(&hcryp);
 
@@ -4825,10 +4977,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     {
         int ret = 0;
         CRYP_HandleTypeDef hcryp;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4845,11 +4997,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
     #if defined(STM32_HAL_V2)
         hcryp.Init.Algorithm  = CRYP_AES_CBC;
-        ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
+        ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
     #elif defined(STM32_CRYPTO_AES_ONLY)
         hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT;
         hcryp.Init.ChainingMode  = CRYP_CHAINMODE_AES_CBC;
@@ -4860,14 +5012,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
             (uint32_t*)out, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
             out, STM32_HAL_TIMEOUT);
     #else
         ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in,
-                                      blocks * AES_BLOCK_SIZE,
+                                      blocks * WC_AES_BLOCK_SIZE,
             out, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -4875,7 +5027,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* store iv for next call */
-        XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
         HAL_CRYP_DeInit(&hcryp);
         wolfSSL_CryptHwMutexUnLock();
@@ -4893,10 +5045,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         CRYP_InitTypeDef cryptInit;
         CRYP_KeyInitTypeDef keyInit;
         CRYP_IVInitTypeDef ivInit;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4921,7 +5073,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         /* set iv */
         iv = aes->reg;
         CRYP_IVStructInit(&ivInit);
-        ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
+        ByteReverseWords(iv, iv, WC_AES_BLOCK_SIZE);
         ivInit.CRYP_IV0Left  = iv[0];
         ivInit.CRYP_IV0Right = iv[1];
         ivInit.CRYP_IV1Left  = iv[2];
@@ -4954,11 +5106,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             *(uint32_t*)&out[12] = CRYP_DataOut();
 
             /* store iv for next call */
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
-            sz  -= AES_BLOCK_SIZE;
-            in  += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            sz  -= WC_AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 
         /* disable crypto processor */
@@ -4977,10 +5129,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         CRYP_InitTypeDef cryptInit;
         CRYP_KeyInitTypeDef keyInit;
         CRYP_IVInitTypeDef ivInit;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4997,7 +5149,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         /* reset registers to their default values */
         CRYP_DeInit();
@@ -5022,7 +5174,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         /* set iv */
         iv = aes->reg;
         CRYP_IVStructInit(&ivInit);
-        ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
+        ByteReverseWords(iv, iv, WC_AES_BLOCK_SIZE);
         ivInit.CRYP_IV0Left  = iv[0];
         ivInit.CRYP_IV0Right = iv[1];
         ivInit.CRYP_IV1Left  = iv[2];
@@ -5050,10 +5202,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             *(uint32_t*)&out[12] = CRYP_DataOut();
 
             /* store iv for next call */
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
-            in  += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 
         /* disable crypto processor */
@@ -5081,7 +5233,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return BAD_FUNC_ARG;    /*wrong pointer*/
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5092,7 +5244,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         secDesc->length1 = 0x0;
         secDesc->pointer1 = NULL;
 
-        secDesc->length2 = AES_BLOCK_SIZE;
+        secDesc->length2 = WC_AES_BLOCK_SIZE;
         secDesc->pointer2 = (byte *)secReg; /* Initial Vector */
 
         switch(aes->rounds) {
@@ -5116,7 +5268,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #endif
         while (sz) {
             secDesc->header = descHeader;
-            XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE);
+            XMEMCPY(secReg, aes->reg, WC_AES_BLOCK_SIZE);
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             sz -= AES_BUFFER_SIZE;
 #else
@@ -5134,8 +5286,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
             XMEMCPY(AESBuffIn, pi, size);
             if(descHeader == SEC_DESC_AES_CBC_DECRYPT) {
-                XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]),
-                        AES_BLOCK_SIZE);
+                XMEMCPY((void*)aes->tmp, (void*)&(pi[size-WC_AES_BLOCK_SIZE]),
+                        WC_AES_BLOCK_SIZE);
             }
 
             /* Point SEC to the location of the descriptor */
@@ -5160,10 +5312,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             XMEMCPY(po, AESBuffOut, size);
 
             if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) {
-                XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]),
-                        AES_BLOCK_SIZE);
+                XMEMCPY((void*)aes->reg, (void*)&(po[size-WC_AES_BLOCK_SIZE]),
+                        WC_AES_BLOCK_SIZE);
             } else {
-                XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE);
+                XMEMCPY((void*)aes->reg, (void*)aes->tmp, WC_AES_BLOCK_SIZE);
             }
 
             pi += size;
@@ -5192,10 +5344,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         word32 keySize;
         status_t status;
         byte *iv, *enc_key;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5213,13 +5365,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         status = wolfSSL_CryptHwMutexLock();
         if (status != 0)
             return status;
-        status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE,
+        status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * WC_AES_BLOCK_SIZE,
             iv, enc_key, keySize);
         wolfSSL_CryptHwMutexUnLock();
 
         /* store iv for next call */
         if (status == kStatus_Success) {
-            XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return (status == kStatus_Success) ? 0 : -1;
@@ -5231,11 +5383,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         word32 keySize;
         status_t status;
         byte* iv, *dec_key;
-        byte temp_block[AES_BLOCK_SIZE];
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        byte temp_block[WC_AES_BLOCK_SIZE];
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5251,18 +5403,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* get IV for next call */
-        XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         status = wolfSSL_CryptHwMutexLock();
         if (status != 0)
             return status;
-        status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE,
+        status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * WC_AES_BLOCK_SIZE,
             iv, dec_key, keySize, kLTC_EncryptKey);
         wolfSSL_CryptHwMutexUnLock();
 
         /* store IV for next call */
         if (status == kStatus_Success) {
-            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
         }
 
         return (status == kStatus_Success) ? 0 : -1;
@@ -5274,12 +5426,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     {
         int offset = 0;
         byte *iv;
-        byte temp_block[AES_BLOCK_SIZE];
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        byte temp_block[WC_AES_BLOCK_SIZE];
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
         int ret;
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5289,19 +5441,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         iv = (byte*)aes->reg;
 
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             /* XOR block with IV for CBC */
-            xorbuf(temp_block, iv, AES_BLOCK_SIZE);
+            xorbuf(temp_block, iv, WC_AES_BLOCK_SIZE);
 
             ret = wc_AesEncrypt(aes, temp_block, out + offset);
             if (ret != 0)
                 return ret;
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
 
             /* store IV for next block */
-            XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(iv, out + offset - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return 0;
@@ -5312,11 +5464,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         int ret;
         int offset = 0;
         byte* iv;
-        byte temp_block[AES_BLOCK_SIZE];
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        byte temp_block[WC_AES_BLOCK_SIZE];
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5326,25 +5478,110 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         iv = (byte*)aes->reg;
 
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             ret = wc_AesDecrypt(aes, in + offset, out + offset);
             if (ret != 0)
                 return ret;
 
             /* XOR block with IV for CBC */
-            xorbuf(out + offset, iv, AES_BLOCK_SIZE);
+            xorbuf(out + offset, iv, WC_AES_BLOCK_SIZE);
 
             /* store IV for next block */
-            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
         }
 
         return 0;
     }
     #endif /* HAVE_AES_DECRYPT */
 
+#elif defined(MAX3266X_AES)
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % WC_AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        (unsigned int)keySize);
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+        byte temp_block[WC_AES_BLOCK_SIZE];
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % WC_AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        /* get IV for next call */
+        XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        keySize);
+
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+    #endif /* HAVE_AES_DECRYPT */
+
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -5355,7 +5592,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return 0;
 
         /* hardware fails on input that is not a multiple of AES block size */
-        if (sz % AES_BLOCK_SIZE != 0) {
+        if (sz % WC_AES_BLOCK_SIZE != 0) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -5364,13 +5601,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
             out, in, sz, PIC32_ENCRYPTION,
             PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC);
 
         /* store iv for next call */
         if (ret == 0) {
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return ret;
@@ -5379,29 +5616,29 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
         int ret;
-        byte scratch[AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
 
         if (sz == 0)
             return 0;
 
         /* hardware fails on input that is not a multiple of AES block size */
-        if (sz % AES_BLOCK_SIZE != 0) {
+        if (sz % WC_AES_BLOCK_SIZE != 0) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
             return BAD_FUNC_ARG;
 #endif
         }
-        XMEMCPY(scratch, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(scratch, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
             out, in, sz, PIC32_DECRYPTION,
             PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC);
 
         /* store iv for next call */
         if (ret == 0) {
-            XMEMCPY((byte*)aes->reg, scratch, AES_BLOCK_SIZE);
+            XMEMCPY((byte*)aes->reg, scratch, WC_AES_BLOCK_SIZE);
         }
 
         return ret;
@@ -5466,9 +5703,9 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             return 0;
         }
 
-        blocks = sz / AES_BLOCK_SIZE;
+        blocks = sz / WC_AES_BLOCK_SIZE;
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             WOLFSSL_ERROR_VERBOSE(BAD_LENGTH_E);
             return BAD_LENGTH_E;
         }
@@ -5486,7 +5723,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #endif
         {
             int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz);
-            if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return crypto_cb_ret;
             /* fall-through when unavailable */
         }
@@ -5500,7 +5737,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #elif defined(HAVE_INTEL_QA)
             return IntelQaSymAesCbcEncrypt(&aes->asyncDev, out, in, sz,
                 (const byte*)aes->devKey, aes->keylen,
-                (byte*)aes->reg, AES_BLOCK_SIZE);
+                (byte*)aes->reg, WC_AES_BLOCK_SIZE);
         #elif defined(WOLFSSL_ASYNC_CRYPT_SW)
             if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_ENCRYPT)) {
                 WC_ASYNC_SW* sw = &aes->asyncDev.sw;
@@ -5550,7 +5787,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             /* check alignment, decrypt doesn't need alignment */
             if ((wc_ptr_t)in % AESNI_ALIGN) {
             #ifndef NO_WOLFSSL_ALLOC_ALIGN
-                byte* tmp = (byte*)XMALLOC(sz + AES_BLOCK_SIZE + AESNI_ALIGN,
+                byte* tmp = (byte*)XMALLOC(sz + WC_AES_BLOCK_SIZE + AESNI_ALIGN,
                                             aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
                 byte* tmp_align;
                 if (tmp == NULL)
@@ -5561,7 +5798,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                     AES_CBC_encrypt_AESNI(tmp_align, tmp_align, (byte*)aes->reg, sz,
                                           (byte*)aes->key, (int)aes->rounds);
                     /* store iv for next call */
-                    XMEMCPY(aes->reg, tmp_align + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+                    XMEMCPY(aes->reg, tmp_align + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
                     XMEMCPY(out, tmp_align, sz);
                     XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5576,24 +5813,32 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                 AES_CBC_encrypt_AESNI(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
                                       (int)aes->rounds);
                 /* store iv for next call */
-                XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+                XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
                 ret = 0;
             }
         }
         else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg,
+                (byte*)aes->key, (int)aes->rounds);
+            ret = 0;
+        }
+        else
     #endif
         {
             ret = 0;
             while (blocks--) {
-                xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE);
+                xorbuf((byte*)aes->reg, in, WC_AES_BLOCK_SIZE);
                 ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg);
                 if (ret != 0)
                     break;
-                XMEMCPY(out, aes->reg, AES_BLOCK_SIZE);
+                XMEMCPY(out, aes->reg, WC_AES_BLOCK_SIZE);
 
-                out += AES_BLOCK_SIZE;
-                in  += AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
+                in  += WC_AES_BLOCK_SIZE;
             }
         }
 
@@ -5634,8 +5879,8 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
     #endif
 
-        blocks = sz / AES_BLOCK_SIZE;
-        if (sz % AES_BLOCK_SIZE) {
+        blocks = sz / WC_AES_BLOCK_SIZE;
+        if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -5655,7 +5900,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #endif
         {
             int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz);
-            if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return crypto_cb_ret;
             /* fall-through when unavailable */
         }
@@ -5669,7 +5914,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #elif defined(HAVE_INTEL_QA)
             return IntelQaSymAesCbcDecrypt(&aes->asyncDev, out, in, sz,
                 (const byte*)aes->devKey, aes->keylen,
-                (byte*)aes->reg, AES_BLOCK_SIZE);
+                (byte*)aes->reg, WC_AES_BLOCK_SIZE);
         #elif defined(WOLFSSL_ASYNC_CRYPT_SW)
             if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_DECRYPT)) {
                 WC_ASYNC_SW* sw = &aes->asyncDev.sw;
@@ -5706,7 +5951,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             #endif
 
             /* if input and output same will overwrite input iv */
-            XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
             #if defined(WOLFSSL_AESNI_BY4) || defined(WOLFSSL_X86_BUILD)
             AES_CBC_decrypt_AESNI_by4(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
                             aes->rounds);
@@ -5718,7 +5963,15 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                             (int)aes->rounds);
             #endif /* WOLFSSL_AESNI_BYx */
             /* store iv for next call */
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
+            ret = 0;
+        }
+        else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg,
+                (byte*)aes->key, (int)aes->rounds);
             ret = 0;
         }
         else
@@ -5727,76 +5980,76 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             ret = 0;
 #ifdef WC_AES_BITSLICED
             if (in != out) {
-                unsigned char dec[AES_BLOCK_SIZE * BS_WORD_SIZE];
+                unsigned char dec[WC_AES_BLOCK_SIZE * BS_WORD_SIZE];
 
                 while (blocks > BS_WORD_SIZE) {
-                    AesDecryptBlocks_C(aes, in, dec, AES_BLOCK_SIZE * BS_WORD_SIZE);
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    xorbufout(out + AES_BLOCK_SIZE, dec + AES_BLOCK_SIZE, in,
-                              AES_BLOCK_SIZE * (BS_WORD_SIZE - 1));
-                    XMEMCPY(aes->reg, in + (AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)),
-                            AES_BLOCK_SIZE);
-                    in += AES_BLOCK_SIZE * BS_WORD_SIZE;
-                    out += AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    AesDecryptBlocks_C(aes, in, dec, WC_AES_BLOCK_SIZE * BS_WORD_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    xorbufout(out + WC_AES_BLOCK_SIZE, dec + WC_AES_BLOCK_SIZE, in,
+                              WC_AES_BLOCK_SIZE * (BS_WORD_SIZE - 1));
+                    XMEMCPY(aes->reg, in + (WC_AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)),
+                            WC_AES_BLOCK_SIZE);
+                    in += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    out += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
                     blocks -= BS_WORD_SIZE;
                 }
                 if (blocks > 0) {
-                    AesDecryptBlocks_C(aes, in, dec, blocks * AES_BLOCK_SIZE);
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    xorbufout(out + AES_BLOCK_SIZE, dec + AES_BLOCK_SIZE, in,
-                              AES_BLOCK_SIZE * (blocks - 1));
-                    XMEMCPY(aes->reg, in + (AES_BLOCK_SIZE * (blocks - 1)),
-                            AES_BLOCK_SIZE);
+                    AesDecryptBlocks_C(aes, in, dec, blocks * WC_AES_BLOCK_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    xorbufout(out + WC_AES_BLOCK_SIZE, dec + WC_AES_BLOCK_SIZE, in,
+                              WC_AES_BLOCK_SIZE * (blocks - 1));
+                    XMEMCPY(aes->reg, in + (WC_AES_BLOCK_SIZE * (blocks - 1)),
+                            WC_AES_BLOCK_SIZE);
                     blocks = 0;
                 }
             }
             else {
-                unsigned char dec[AES_BLOCK_SIZE * BS_WORD_SIZE];
+                unsigned char dec[WC_AES_BLOCK_SIZE * BS_WORD_SIZE];
                 int i;
 
                 while (blocks > BS_WORD_SIZE) {
-                    AesDecryptBlocks_C(aes, in, dec, AES_BLOCK_SIZE * BS_WORD_SIZE);
-                    XMEMCPY(aes->tmp, in + (BS_WORD_SIZE - 1) * AES_BLOCK_SIZE,
-                            AES_BLOCK_SIZE);
+                    AesDecryptBlocks_C(aes, in, dec, WC_AES_BLOCK_SIZE * BS_WORD_SIZE);
+                    XMEMCPY(aes->tmp, in + (BS_WORD_SIZE - 1) * WC_AES_BLOCK_SIZE,
+                            WC_AES_BLOCK_SIZE);
                     for (i = BS_WORD_SIZE-1; i >= 1; i--) {
-                        xorbufout(out + i * AES_BLOCK_SIZE,
-                                  dec + i * AES_BLOCK_SIZE, in + (i - 1) * AES_BLOCK_SIZE,
-                                  AES_BLOCK_SIZE);
+                        xorbufout(out + i * WC_AES_BLOCK_SIZE,
+                                  dec + i * WC_AES_BLOCK_SIZE, in + (i - 1) * WC_AES_BLOCK_SIZE,
+                                  WC_AES_BLOCK_SIZE);
                     }
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
-                    in += AES_BLOCK_SIZE * BS_WORD_SIZE;
-                    out += AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    in += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    out += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
                     blocks -= BS_WORD_SIZE;
                 }
                 if (blocks > 0) {
-                    AesDecryptBlocks_C(aes, in, dec, blocks * AES_BLOCK_SIZE);
-                    XMEMCPY(aes->tmp, in + (blocks - 1) * AES_BLOCK_SIZE,
-                            AES_BLOCK_SIZE);
+                    AesDecryptBlocks_C(aes, in, dec, blocks * WC_AES_BLOCK_SIZE);
+                    XMEMCPY(aes->tmp, in + (blocks - 1) * WC_AES_BLOCK_SIZE,
+                            WC_AES_BLOCK_SIZE);
                     for (i = blocks-1; i >= 1; i--) {
-                        xorbufout(out + i * AES_BLOCK_SIZE,
-                                  dec + i * AES_BLOCK_SIZE, in + (i - 1) * AES_BLOCK_SIZE,
-                                  AES_BLOCK_SIZE);
+                        xorbufout(out + i * WC_AES_BLOCK_SIZE,
+                                  dec + i * WC_AES_BLOCK_SIZE, in + (i - 1) * WC_AES_BLOCK_SIZE,
+                                  WC_AES_BLOCK_SIZE);
                     }
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
                     blocks = 0;
                 }
             }
 #else
             while (blocks--) {
-                XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE);
+                XMEMCPY(aes->tmp, in, WC_AES_BLOCK_SIZE);
                 ret = wc_AesDecrypt(aes, in, out);
                 if (ret != 0)
                     return ret;
-                xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE);
+                xorbuf(out, (byte*)aes->reg, WC_AES_BLOCK_SIZE);
                 /* store iv for next call */
-                XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+                XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
-                out += AES_BLOCK_SIZE;
-                in  += AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
+                in  += WC_AES_BLOCK_SIZE;
             }
 #endif
         }
@@ -5823,7 +6076,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #ifdef WOLFSSL_STM32_CUBEMX
             CRYP_HandleTypeDef hcryp;
             #ifdef STM32_HAL_V2
-            word32 iv[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 iv[WC_AES_BLOCK_SIZE/sizeof(word32)];
             #endif
         #else
             word32 *iv;
@@ -5845,7 +6098,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
         #if defined(STM32_HAL_V2)
             hcryp.Init.Algorithm  = CRYP_AES_CTR;
-            ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE);
+            ByteReverseWords(iv, aes->reg, WC_AES_BLOCK_SIZE);
             hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv;
         #elif defined(STM32_CRYPTO_AES_ONLY)
             hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
@@ -5858,13 +6111,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             HAL_CRYP_Init(&hcryp);
 
         #if defined(STM32_HAL_V2)
-            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE,
+            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, WC_AES_BLOCK_SIZE,
                 (uint32_t*)out, STM32_HAL_TIMEOUT);
         #elif defined(STM32_CRYPTO_AES_ONLY)
-            ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE,
+            ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, WC_AES_BLOCK_SIZE,
                 out, STM32_HAL_TIMEOUT);
         #else
-            ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE,
+            ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, WC_AES_BLOCK_SIZE,
                 out, STM32_HAL_TIMEOUT);
         #endif
             if (ret != HAL_OK) {
@@ -5939,11 +6192,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
         int wc_AesCtrEncryptBlock(Aes* aes, byte* out, const byte* in)
         {
-            word32 tmpIv[AES_BLOCK_SIZE / sizeof(word32)];
-            XMEMCPY(tmpIv, aes->reg, AES_BLOCK_SIZE);
+            word32 tmpIv[WC_AES_BLOCK_SIZE / sizeof(word32)];
+            XMEMCPY(tmpIv, aes->reg, WC_AES_BLOCK_SIZE);
             return wc_Pic32AesCrypt(
-                aes->key, aes->keylen, tmpIv, AES_BLOCK_SIZE,
-                out, in, AES_BLOCK_SIZE,
+                aes->key, aes->keylen, tmpIv, WC_AES_BLOCK_SIZE,
+                out, in, WC_AES_BLOCK_SIZE,
                 PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
         }
 
@@ -5963,7 +6216,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             }
 
             /* consume any unused bytes left in aes->tmp */
-            tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+            tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
             while (aes->left && sz) {
                 *(out++) = *(in++) ^ *(tmp++);
                 aes->left--;
@@ -6020,7 +6273,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         {
             /* in network byte order so start at end and work back */
             int i;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                 if (++inOutCtr[i])  /* we're done unless we overflow */
                     return;
             }
@@ -6029,10 +6282,12 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         /* Software AES - CTR Encrypt */
         int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         {
-            byte scratch[AES_BLOCK_SIZE];
+            byte scratch[WC_AES_BLOCK_SIZE];
             int ret = 0;
             word32 processed;
 
+            XMEMSET(scratch, 0, sizeof(scratch));
+
             if (aes == NULL || out == NULL || in == NULL) {
                 return BAD_FUNC_ARG;
             }
@@ -6043,7 +6298,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             #endif
             {
                 int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz);
-                if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+                if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                     return crypto_cb_ret;
                 /* fall-through when unavailable */
             }
@@ -6051,61 +6306,69 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
             /* consume any unused bytes left in aes->tmp */
             processed = min(aes->left, sz);
-            xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left,
+            xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
                       processed);
             out += processed;
             in += processed;
             aes->left -= processed;
             sz -= processed;
 
+        #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+            !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+            if (aes->use_aes_hw_crypto) {
+                AES_CTR_encrypt_AARCH64(aes, out, in, sz);
+                return 0;
+            }
+        #endif
+
             VECTOR_REGISTERS_PUSH;
 
         #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
             !defined(XTRANSFORM_AESCTRBLOCK)
-            if (in != out && sz >= AES_BLOCK_SIZE) {
-                word32 blocks = sz / AES_BLOCK_SIZE;
+            if (in != out && sz >= WC_AES_BLOCK_SIZE) {
+                word32 blocks = sz / WC_AES_BLOCK_SIZE;
                 byte* counter = (byte*)aes->reg;
                 byte* c = out;
                 while (blocks--) {
-                    XMEMCPY(c, counter, AES_BLOCK_SIZE);
-                    c += AES_BLOCK_SIZE;
+                    XMEMCPY(c, counter, WC_AES_BLOCK_SIZE);
+                    c += WC_AES_BLOCK_SIZE;
                     IncrementAesCounter(counter);
                 }
 
                 /* reset number of blocks and then do encryption */
-                blocks = sz / AES_BLOCK_SIZE;
-                wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
-                xorbuf(out, in, AES_BLOCK_SIZE * blocks);
-                in += AES_BLOCK_SIZE * blocks;
-                out += AES_BLOCK_SIZE * blocks;
-                sz -= blocks * AES_BLOCK_SIZE;
+                blocks = sz / WC_AES_BLOCK_SIZE;
+                wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
+                xorbuf(out, in, WC_AES_BLOCK_SIZE * blocks);
+                in += WC_AES_BLOCK_SIZE * blocks;
+                out += WC_AES_BLOCK_SIZE * blocks;
+                sz -= blocks * WC_AES_BLOCK_SIZE;
             }
             else
         #endif
             {
             #ifdef WOLFSSL_CHECK_MEM_ZERO
                 wc_MemZero_Add("wc_AesCtrEncrypt scratch", scratch,
-                    AES_BLOCK_SIZE);
+                    WC_AES_BLOCK_SIZE);
             #endif
                 /* do as many block size ops as possible */
-                while (sz >= AES_BLOCK_SIZE) {
+                while (sz >= WC_AES_BLOCK_SIZE) {
                 #ifdef XTRANSFORM_AESCTRBLOCK
                     XTRANSFORM_AESCTRBLOCK(aes, out, in);
                 #else
                     ret = wc_AesEncrypt(aes, (byte*)aes->reg, scratch);
                     if (ret != 0)
                         break;
-                    xorbuf(scratch, in, AES_BLOCK_SIZE);
-                    XMEMCPY(out, scratch, AES_BLOCK_SIZE);
+                    xorbuf(scratch, in, WC_AES_BLOCK_SIZE);
+                    XMEMCPY(out, scratch, WC_AES_BLOCK_SIZE);
                 #endif
                     IncrementAesCounter((byte*)aes->reg);
 
-                    out += AES_BLOCK_SIZE;
-                    in  += AES_BLOCK_SIZE;
-                    sz  -= AES_BLOCK_SIZE;
+                    out += WC_AES_BLOCK_SIZE;
+                    in  += WC_AES_BLOCK_SIZE;
+                    sz  -= WC_AES_BLOCK_SIZE;
                     aes->left = 0;
                 }
-                ForceZero(scratch, AES_BLOCK_SIZE);
+                ForceZero(scratch, WC_AES_BLOCK_SIZE);
             }
 
             /* handle non block size remaining and store unused byte count in left */
@@ -6113,16 +6376,16 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                 ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
                 if (ret == 0) {
                     IncrementAesCounter((byte*)aes->reg);
-                    aes->left = AES_BLOCK_SIZE - sz;
+                    aes->left = WC_AES_BLOCK_SIZE - sz;
                     xorbufout(out, in, aes->tmp, sz);
                 }
             }
 
             if (ret < 0)
-                ForceZero(scratch, AES_BLOCK_SIZE);
+                ForceZero(scratch, WC_AES_BLOCK_SIZE);
 
         #ifdef WOLFSSL_CHECK_MEM_ZERO
-            wc_MemZero_Check(scratch, AES_BLOCK_SIZE);
+            wc_MemZero_Check(scratch, WC_AES_BLOCK_SIZE);
         #endif
 
             VECTOR_REGISTERS_POP;
@@ -6140,13 +6403,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                 return BAD_FUNC_ARG;
             }
 
-            return wc_AesSetKeyLocal(aes, key, len, iv, dir, 0);
+            return wc_AesSetKey(aes, key, len, iv, dir);
         }
 
     #endif /* NEED_AES_CTR_SOFT */
 
 #endif /* WOLFSSL_AES_COUNTER */
-#endif /* !WOLFSSL_ARMASM */
+#endif /* !WOLFSSL_RISCV_ASM */
 
 
 /*
@@ -6177,15 +6440,31 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 
 #ifdef WOLFSSL_AESGCM_STREAM
     /* Access initialization counter data. */
-    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * AES_BLOCK_SIZE)
+    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE)
     /* Access counter data. */
-    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * AES_BLOCK_SIZE)
+    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE)
     /* Access tag data. */
-    #define AES_TAG(aes)            ((aes)->streamData + 2 * AES_BLOCK_SIZE)
+    #define AES_TAG(aes)            ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE)
     /* Access last GHASH block. */
-    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * AES_BLOCK_SIZE)
+    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE)
     /* Access last encrypted block. */
-    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * AES_BLOCK_SIZE)
+    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE)
+
+    #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+        !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        #define GHASH_ONE_BLOCK(aes, block)                                 \
+            do {                                                            \
+                if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {   \
+                    GHASH_ONE_BLOCK_AARCH64(aes, block);                    \
+                }                                                           \
+                else {                                                      \
+                    GHASH_ONE_BLOCK_SW(aes, block);                         \
+                }                                                           \
+            }                                                               \
+            while (0)
+    #else
+        #define GHASH_ONE_BLOCK     GHASH_ONE_BLOCK_SW
+    #endif
 #endif
 
 #if defined(HAVE_COLDFIRE_SEC)
@@ -6193,8 +6472,11 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 
 #endif
 
-#ifdef WOLFSSL_ARMASM
-    /* implementation is located in wolfcrypt/src/port/arm/armv8-aes.c */
+#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__)
+    /* implemented in wolfcrypt/src/port/arm/rmv8-aes.c */
+
+#elif defined(WOLFSSL_RISCV_ASM)
+    /* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
 
 #elif defined(WOLFSSL_AFALG)
     /* implemented in wolfcrypt/src/port/afalg/afalg_aes.c */
@@ -6213,7 +6495,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
     int i;
 
     /* in network byte order so start at end and work back */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -6244,9 +6526,9 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
 {
     int i;
     int carryIn = 0;
-    byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
+    byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U);
 
-    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
         int carryOut = (x[i] & 0x01) << 7;
         x[i] = (byte) ((x[i] >> 1) | carryIn);
         carryIn = carryOut;
@@ -6262,23 +6544,23 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
 void GenerateM0(Gcm* gcm)
 {
     int i, j;
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
-    XMEMCPY(m[128], gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(m[128], gcm->H, WC_AES_BLOCK_SIZE);
 
     for (i = 64; i > 0; i /= 2) {
-        XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
+        XMEMCPY(m[i], m[i*2], WC_AES_BLOCK_SIZE);
         RIGHTSHIFTX(m[i]);
     }
 
     for (i = 2; i < 256; i *= 2) {
         for (j = 1; j < i; j++) {
-            XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
-            xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
+            XMEMCPY(m[i+j], m[i], WC_AES_BLOCK_SIZE);
+            xorbuf(m[i+j], m[j], WC_AES_BLOCK_SIZE);
         }
     }
 
-    XMEMSET(m[0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0], 0, WC_AES_BLOCK_SIZE);
 }
 
 #elif defined(GCM_TABLE_4BIT)
@@ -6298,49 +6580,49 @@ void GenerateM0(Gcm* gcm)
 #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU)
     int i;
 #endif
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
     /* 0 times -> 0x0 */
-    XMEMSET(m[0x0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE);
     /* 1 times -> 0x8 */
-    XMEMCPY(m[0x8], gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(m[0x8], gcm->H, WC_AES_BLOCK_SIZE);
     /* 2 times -> 0x4 */
-    XMEMCPY(m[0x4], m[0x8], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x4], m[0x8], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x4]);
     /* 4 times -> 0x2 */
-    XMEMCPY(m[0x2], m[0x4], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x2], m[0x4], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x2]);
     /* 8 times -> 0x1 */
-    XMEMCPY(m[0x1], m[0x2], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x1], m[0x2], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x1]);
 
     /* 0x3 */
-    XMEMCPY(m[0x3], m[0x2], AES_BLOCK_SIZE);
-    xorbuf (m[0x3], m[0x1], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x3], m[0x2], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x3], m[0x1], WC_AES_BLOCK_SIZE);
 
     /* 0x5 -> 0x7 */
-    XMEMCPY(m[0x5], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x5], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x6], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x6], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x7], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x7], m[0x3], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x5], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x5], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x6], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x6], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x7], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x7], m[0x3], WC_AES_BLOCK_SIZE);
 
     /* 0x9 -> 0xf */
-    XMEMCPY(m[0x9], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0x9], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xa], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xa], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xb], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xb], m[0x3], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xc], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xc], m[0x4], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xd], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xd], m[0x5], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xe], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xe], m[0x6], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xf], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xf], m[0x7], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x9], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x9], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xa], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xa], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xb], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xb], m[0x3], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xc], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xc], m[0x4], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xd], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xd], m[0x5], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xe], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xe], m[0x6], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE);
 
 #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU)
     for (i = 0; i < 16; i++) {
@@ -6351,11 +6633,30 @@ void GenerateM0(Gcm* gcm)
 
 #endif /* GCM_TABLE */
 
+#if defined(WOLFSSL_AESNI) && defined(USE_INTEL_SPEEDUP)
+    #define HAVE_INTEL_AVX1
+    #define HAVE_INTEL_AVX2
+#endif
+
+#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT) && \
+    defined(WC_C_DYNAMIC_FALLBACK)
+void GCM_generate_m0_aesni(const unsigned char *h, unsigned char *m)
+                           XASM_LINK("GCM_generate_m0_aesni");
+#ifdef HAVE_INTEL_AVX1
+void GCM_generate_m0_avx1(const unsigned char *h, unsigned char *m)
+                          XASM_LINK("GCM_generate_m0_avx1");
+#endif
+#ifdef HAVE_INTEL_AVX2
+void GCM_generate_m0_avx2(const unsigned char *h, unsigned char *m)
+                          XASM_LINK("GCM_generate_m0_avx2");
+#endif
+#endif /* WOLFSSL_AESNI && GCM_TABLE_4BIT && WC_C_DYNAMIC_FALLBACK */
+
 /* Software AES - GCM SetKey */
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     #ifdef WOLFSSL_IMX6_CAAM_BLOB
         byte   local[32];
@@ -6377,18 +6678,17 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     if (!((len == 16) || (len == 24) || (len == 32)))
         return BAD_FUNC_ARG;
 
-    if (aes == NULL) {
+    if (aes == NULL || key == NULL) {
 #ifdef WOLFSSL_IMX6_CAAM_BLOB
         ForceZero(local, sizeof(local));
 #endif
         return BAD_FUNC_ARG;
     }
-
 #ifdef OPENSSL_EXTRA
     XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH));
     aes->gcm.aadLen = 0;
 #endif
-    XMEMSET(iv, 0, AES_BLOCK_SIZE);
+    XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 #ifdef WOLFSSL_AESGCM_STREAM
     aes->gcmKeySet = 1;
@@ -6404,6 +6704,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return ret;
     #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (ret == 0 && aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        AES_GCM_set_key_AARCH64(aes, iv);
+    }
+    else
+#endif
 #if !defined(FREESCALE_LTC_AES_GCM)
     if (ret == 0) {
         VECTOR_REGISTERS_PUSH;
@@ -6414,9 +6721,33 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         VECTOR_REGISTERS_POP;
     }
     if (ret == 0) {
-    #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
-        GenerateM0(&aes->gcm);
-    #endif /* GCM_TABLE */
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT)
+        if (aes->use_aesni) {
+    #if defined(WC_C_DYNAMIC_FALLBACK)
+        #ifdef HAVE_INTEL_AVX2
+            if (IS_INTEL_AVX2(intel_flags)) {
+                GCM_generate_m0_avx2(aes->gcm.H, (byte*)aes->gcm.M0);
+            }
+            else
+        #endif
+        #if defined(HAVE_INTEL_AVX1)
+            if (IS_INTEL_AVX1(intel_flags)) {
+                GCM_generate_m0_avx1(aes->gcm.H, (byte*)aes->gcm.M0);
+            }
+            else
+        #endif
+            {
+                GCM_generate_m0_aesni(aes->gcm.H, (byte*)aes->gcm.M0);
+            }
+    #endif
+        }
+        else
+#endif
+        {
+            GenerateM0(&aes->gcm);
+        }
+#endif /* GCM_TABLE || GCM_TABLE_4BIT */
     }
 #endif /* FREESCALE_LTC_AES_GCM */
 
@@ -6439,11 +6770,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 
 #ifdef WOLFSSL_AESNI
 
-#if defined(USE_INTEL_SPEEDUP)
-    #define HAVE_INTEL_AVX1
-    #define HAVE_INTEL_AVX2
-#endif /* USE_INTEL_SPEEDUP */
-
 void AES_GCM_encrypt_aesni(const unsigned char *in, unsigned char *out,
                      const unsigned char* addt, const unsigned char* ivec,
                      unsigned char *tag, word32 nbytes,
@@ -6499,34 +6825,34 @@ void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out,
 #if defined(GCM_SMALL)
 static void GMULT(byte* X, byte* Y)
 {
-    byte Z[AES_BLOCK_SIZE];
-    byte V[AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE];
+    byte V[WC_AES_BLOCK_SIZE];
     int i, j;
 
-    XMEMSET(Z, 0, AES_BLOCK_SIZE);
-    XMEMCPY(V, X, AES_BLOCK_SIZE);
-    for (i = 0; i < AES_BLOCK_SIZE; i++)
+    XMEMSET(Z, 0, WC_AES_BLOCK_SIZE);
+    XMEMCPY(V, X, WC_AES_BLOCK_SIZE);
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++)
     {
         byte y = Y[i];
         for (j = 0; j < 8; j++)
         {
             if (y & 0x80) {
-                xorbuf(Z, V, AES_BLOCK_SIZE);
+                xorbuf(Z, V, WC_AES_BLOCK_SIZE);
             }
 
             RIGHTSHIFTX(V);
             y = y << 1;
         }
     }
-    XMEMCPY(X, Z, AES_BLOCK_SIZE);
+    XMEMCPY(X, Z, WC_AES_BLOCK_SIZE);
 }
 
 
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
     byte* h;
 
@@ -6535,38 +6861,38 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     }
 
     h = gcm->H;
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
@@ -6574,7 +6900,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, h);
 
     /* Copy the result into s. */
@@ -6595,10 +6921,10 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
-        GMULT(AES_TAG(aes), aes->gcm.H);                \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
+        GMULT(AES_TAG(aes), (aes)->gcm.H);              \
     }                                                   \
     while (0)
 #endif /* WOLFSSL_AESGCM_STREAM */
@@ -6672,17 +6998,17 @@ ALIGN16 static const byte R[256][2] = {
     {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
 
 
-static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
+static void GMULT(byte *x, byte m[256][WC_AES_BLOCK_SIZE])
 {
 #if !defined(WORD64_AVAILABLE) || defined(BIG_ENDIAN_ORDER)
     int i, j;
-    byte Z[AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE];
     byte a;
 
     XMEMSET(Z, 0, sizeof(Z));
 
     for (i = 15; i > 0; i--) {
-        xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
+        xorbuf(Z, m[x[i]], WC_AES_BLOCK_SIZE);
         a = Z[15];
 
         for (j = 15; j > 0; j--) {
@@ -6692,11 +7018,11 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
         Z[0]  = R[a][0];
         Z[1] ^= R[a][1];
     }
-    xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
+    xorbuf(Z, m[x[0]], WC_AES_BLOCK_SIZE);
 
-    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+    XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
 #elif defined(WC_32BIT_CPU)
-    byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
     byte a;
     word32* pZ;
     word32* pm;
@@ -6728,7 +7054,7 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
     px[0] = pZ[0] ^ pm[0]; px[1] = pZ[1] ^ pm[1];
     px[2] = pZ[2] ^ pm[2]; px[3] = pZ[3] ^ pm[3];
 #else
-    byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
     byte a;
     word64* pZ;
     word64* pm;
@@ -6760,46 +7086,46 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
     if (gcm == NULL) {
         return;
     }
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
@@ -6807,7 +7133,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, gcm->M0);
 
     /* Copy the result into s. */
@@ -6828,9 +7154,9 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
         GMULT(AES_TAG(aes), aes->gcm.M0);               \
     }                                                   \
     while (0)
@@ -6883,10 +7209,10 @@ static const word16 R[32] = {
  *    [0..15] * H
  */
 #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU)
-static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE])
+static void GMULT(byte *x, byte m[16][WC_AES_BLOCK_SIZE])
 {
     int i, j, n;
-    byte Z[AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE];
     byte a;
 
     XMEMSET(Z, 0, sizeof(Z));
@@ -6894,9 +7220,9 @@ static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE])
     for (i = 15; i >= 0; i--) {
         for (n = 0; n < 2; n++) {
             if (n == 0)
-                xorbuf(Z, m[x[i] & 0xf], AES_BLOCK_SIZE);
+                xorbuf(Z, m[x[i] & 0xf], WC_AES_BLOCK_SIZE);
             else {
-                xorbuf(Z, m[x[i] >> 4], AES_BLOCK_SIZE);
+                xorbuf(Z, m[x[i] >> 4], WC_AES_BLOCK_SIZE);
                 if (i == 0)
                     break;
             }
@@ -6911,10 +7237,10 @@ static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE])
         }
     }
 
-    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+    XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
 }
 #elif defined(WC_32BIT_CPU)
-static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
+static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE])
 {
     int i;
     word32 z8[4] = {0, 0, 0, 0};
@@ -6988,7 +7314,7 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
     x8[0] = z8[0]; x8[1] = z8[1]; x8[2] = z8[2]; x8[3] = z8[3];
 }
 #else
-static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
+static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE])
 {
     int i;
     word64 z8[2] = {0, 0};
@@ -7060,46 +7386,46 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
     if (gcm == NULL) {
         return;
     }
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
@@ -7107,7 +7433,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, gcm->M0);
 
     /* Copy the result into s. */
@@ -7128,9 +7454,9 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
         GMULT(AES_TAG(aes), (aes)->gcm.M0);             \
     }                                                   \
     while (0)
@@ -7186,31 +7512,31 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         return;
     }
 
-    XMEMCPY(bigH, gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE);
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE);
+        ByteReverseWords64(bigH, bigH, WC_AES_BLOCK_SIZE);
     #endif
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
         word64 bigA[2];
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
             GMULT(x, bigH);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigA, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigA, a, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
@@ -7228,8 +7554,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
         word64 bigC[2];
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
 #ifdef OPENSSL_EXTRA
         /* Start from last AAD partial tag */
         if(gcm->aadLen) {
@@ -7238,20 +7564,20 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
          }
 #endif
         while (blocks--) {
-            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
             GMULT(x, bigH);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigC, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigC, c, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
@@ -7276,7 +7602,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         GMULT(x, bigH);
     }
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords64(x, x, AES_BLOCK_SIZE);
+        ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE);
     #endif
     XMEMCPY(s, x, sSz);
 }
@@ -7291,7 +7617,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in] aes  AES GCM object.
  */
 #define GHASH_INIT_EXTRA(aes)                                               \
-    ByteReverseWords64((word64*)aes->gcm.H, (word64*)aes->gcm.H, AES_BLOCK_SIZE)
+    ByteReverseWords64((word64*)aes->gcm.H, (word64*)aes->gcm.H, WC_AES_BLOCK_SIZE)
 
 /* GHASH one block of data..
  *
@@ -7300,17 +7626,17 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                             \
-    do {                                                        \
-        word64* x = (word64*)AES_TAG(aes);                      \
-        word64* h = (word64*)aes->gcm.H;                        \
-        word64 block64[2];                                      \
-        XMEMCPY(block64, block, AES_BLOCK_SIZE);                \
-        ByteReverseWords64(block64, block64, AES_BLOCK_SIZE);   \
-        x[0] ^= block64[0];                                     \
-        x[1] ^= block64[1];                                     \
-        GMULT(x, h);                                            \
-    }                                                           \
+#define GHASH_ONE_BLOCK_SW(aes, block)                              \
+    do {                                                            \
+        word64* x = (word64*)AES_TAG(aes);                          \
+        word64* h = (word64*)aes->gcm.H;                            \
+        word64 block64[2];                                          \
+        XMEMCPY(block64, block, WC_AES_BLOCK_SIZE);                 \
+        ByteReverseWords64(block64, block64, WC_AES_BLOCK_SIZE);    \
+        x[0] ^= block64[0];                                         \
+        x[1] ^= block64[1];                                         \
+        GMULT(x, h);                                                \
+    }                                                               \
     while (0)
 
 #ifdef OPENSSL_EXTRA
@@ -7335,7 +7661,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         x[0] ^= len[0];                                 \
         x[1] ^= len[1];                                 \
         GMULT(x, h);                                    \
-        ByteReverseWords64(x, x, AES_BLOCK_SIZE);       \
+        ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE);    \
     }                                                   \
     while (0)
 #else
@@ -7358,7 +7684,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         x[0] ^= len[0];                                 \
         x[1] ^= len[1];                                 \
         GMULT(x, h);                                    \
-        ByteReverseWords64(x, x, AES_BLOCK_SIZE);       \
+        ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE);    \
     }                                                   \
     while (0)
 #endif
@@ -7378,12 +7704,12 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
         word64* x = (word64*)AES_TAG(aes);              \
         word64* h = (word64*)aes->gcm.H;                \
         word64 block64[2];                              \
-        XMEMCPY(block64, block, AES_BLOCK_SIZE);        \
+        XMEMCPY(block64, block, WC_AES_BLOCK_SIZE);        \
         x[0] ^= block64[0];                             \
         x[1] ^= block64[1];                             \
         GMULT(x, h);                                    \
@@ -7503,33 +7829,33 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         return;
     }
 
-    XMEMCPY(bigH, gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE);
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE);
+        ByteReverseWords(bigH, bigH, WC_AES_BLOCK_SIZE);
     #endif
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
         word32 bigA[4];
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
             x[2] ^= bigA[2];
             x[3] ^= bigA[3];
             GMULT(x, bigH);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigA, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigA, a, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
@@ -7542,25 +7868,25 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
         word32 bigC[4];
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
             x[2] ^= bigC[2];
             x[3] ^= bigC[3];
             GMULT(x, bigH);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigC, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigC, c, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
@@ -7587,7 +7913,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         GMULT(x, bigH);
     }
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords(x, x, AES_BLOCK_SIZE);
+        ByteReverseWords(x, x, WC_AES_BLOCK_SIZE);
     #endif
     XMEMCPY(s, x, sSz);
 }
@@ -7601,7 +7927,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes  AES GCM object.
  */
 #define GHASH_INIT_EXTRA(aes) \
-    ByteReverseWords((word32*)aes->gcm.H, (word32*)aes->gcm.H, AES_BLOCK_SIZE)
+    ByteReverseWords((word32*)aes->gcm.H, (word32*)aes->gcm.H, WC_AES_BLOCK_SIZE)
 
 /* GHASH one block of data..
  *
@@ -7610,19 +7936,19 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                         \
-    do {                                                    \
-        word32* x = (word32*)AES_TAG(aes);                  \
-        word32* h = (word32*)aes->gcm.H;                    \
-        word32 bigEnd[4];                                   \
-        XMEMCPY(bigEnd, block, AES_BLOCK_SIZE);             \
-        ByteReverseWords(bigEnd, bigEnd, AES_BLOCK_SIZE);   \
-        x[0] ^= bigEnd[0];                                  \
-        x[1] ^= bigEnd[1];                                  \
-        x[2] ^= bigEnd[2];                                  \
-        x[3] ^= bigEnd[3];                                  \
-        GMULT(x, h);                                        \
-    }                                                       \
+#define GHASH_ONE_BLOCK_SW(aes, block)                          \
+    do {                                                        \
+        word32* x = (word32*)AES_TAG(aes);                      \
+        word32* h = (word32*)aes->gcm.H;                        \
+        word32 bigEnd[4];                                       \
+        XMEMCPY(bigEnd, block, WC_AES_BLOCK_SIZE);              \
+        ByteReverseWords(bigEnd, bigEnd, WC_AES_BLOCK_SIZE);    \
+        x[0] ^= bigEnd[0];                                      \
+        x[1] ^= bigEnd[1];                                      \
+        x[2] ^= bigEnd[2];                                      \
+        x[3] ^= bigEnd[3];                                      \
+        GMULT(x, h);                                            \
+    }                                                           \
     while (0)
 
 /* GHASH in AAD and cipher text lengths in bits.
@@ -7645,7 +7971,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         x[2] ^= len[2];                                     \
         x[3] ^= len[3];                                     \
         GMULT(x, h);                                        \
-        ByteReverseWords(x, x, AES_BLOCK_SIZE);             \
+        ByteReverseWords(x, x, WC_AES_BLOCK_SIZE);          \
     }                                                       \
     while (0)
 #else
@@ -7662,12 +7988,12 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                         \
+#define GHASH_ONE_BLOCK_SW(aes, block)                      \
     do {                                                    \
         word32* x = (word32*)AES_TAG(aes);                  \
         word32* h = (word32*)aes->gcm.H;                    \
         word32 block32[4];                                  \
-        XMEMCPY(block32, block, AES_BLOCK_SIZE);            \
+        XMEMCPY(block32, block, WC_AES_BLOCK_SIZE);         \
         x[0] ^= block32[0];                                 \
         x[1] ^= block32[1];                                 \
         x[2] ^= block32[2];                                 \
@@ -7711,7 +8037,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  */
 #define GHASH_LEN_BLOCK(aes)                      \
     do {                                          \
-        byte scratch[AES_BLOCK_SIZE];             \
+        byte scratch[WC_AES_BLOCK_SIZE];          \
         FlattenSzInBits(&scratch[0], (aes)->aSz); \
         FlattenSzInBits(&scratch[8], (aes)->cSz); \
         GHASH_ONE_BLOCK(aes, scratch);            \
@@ -7725,12 +8051,21 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  */
 static void GHASH_INIT(Aes* aes) {
     /* Set tag to all zeros as initial value. */
-    XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+    XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE);
     /* Reset counts of AAD and cipher text. */
     aes->aOver = 0;
     aes->cOver = 0;
-    /* Extra initialization based on implementation. */
-    GHASH_INIT_EXTRA(aes);
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        ; /* Don't do extra initialization. */
+    }
+    else
+#endif
+    {
+        /* Extra initialization based on implementation. */
+        GHASH_INIT_EXTRA(aes);
+    }
 }
 
 /* Update the GHASH with AAD and/or cipher text.
@@ -7754,14 +8089,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         /* Check if we have unprocessed data. */
         if (aes->aOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->aOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver);
             if (sz > aSz) {
                 sz = (byte)aSz;
             }
             /* Copy extra into last GHASH block array and update count. */
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
-            aes->aOver += sz;
-            if (aes->aOver == AES_BLOCK_SIZE) {
+            aes->aOver = (byte)(aes->aOver + sz);
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -7773,12 +8108,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of AAD and the leftover. */
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, a);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -7789,7 +8124,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
     if (aes->aOver > 0 && cSz > 0 && c != NULL) {
         /* No more AAD coming and we have a partial block. */
         /* Fill the rest of the block with zeros. */
-        byte sz = AES_BLOCK_SIZE - aes->aOver;
+        byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver);
         XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
         /* GHASH last AAD block. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
@@ -7803,14 +8138,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver);
             if (sz > cSz) {
                 sz = (byte)cSz;
             }
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
             /* Update count of unused encrypted counter. */
-            aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            aes->cOver = (byte)(aes->cOver + sz);
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -7822,12 +8157,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of cipher text and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, c);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -7856,7 +8191,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     }
     if (over > 0) {
         /* Zeroize the unused part of the block. */
-        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0,
+            (size_t)WC_AES_BLOCK_SIZE - over);
         /* Hash the last block of cipher text. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
     }
@@ -7864,6 +8200,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     GHASH_LEN_BLOCK(aes);
     /* Copy the result into s. */
     XMEMCPY(s, AES_TAG(aes), sSz);
+    /* reset aes->gcm.H in case of reuse */
+    GHASH_INIT_EXTRA(aes);
 }
 #endif /* WOLFSSL_AESGCM_STREAM */
 
@@ -7878,7 +8216,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     word32 keySize;
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0) {
         return BAD_FUNC_ARG;
     }
 
@@ -7924,16 +8262,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     word32 keySize;
 #ifdef WOLFSSL_STM32_CUBEMX
     int status = HAL_OK;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partialBlock[WC_AES_BLOCK_SIZE/sizeof(word32)];
 #else
     int status = SUCCESS;
 #endif
-    word32 partial = sz % AES_BLOCK_SIZE;
-    word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
+    word32 tag[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 ctrInit[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 ctr[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 authhdr[WC_AES_BLOCK_SIZE/sizeof(word32)];
     byte* authInPadded = NULL;
     int authPadSz, wasAlloc = 0, useSwGhash = 0;
 
@@ -7947,21 +8285,31 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
         return ret;
 #endif
 
-    XMEMSET(ctr, 0, AES_BLOCK_SIZE);
+    XMEMSET(ctr, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         byte* pCtr = (byte*)ctr;
         XMEMCPY(ctr, iv, ivSz);
-        pCtr[AES_BLOCK_SIZE - 1] = 1;
+        pCtr[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, WC_AES_BLOCK_SIZE);
     }
     XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */
 
     /* Authentication buffer - must be 4-byte multiple zero padded */
     authPadSz = authInSz % sizeof(word32);
+#ifdef WOLFSSL_STM32MP13
+    /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a
+     * minimum of 16 bytes for the auth
+     */
+    if ((authInSz > 0) && (authInSz < 16)) {
+        authPadSz = 16 - authInSz;
+    }
+#endif
     if (authPadSz != 0) {
-        authPadSz = authInSz + sizeof(word32) - authPadSz;
+        if (authPadSz < authInSz + sizeof(word32)) {
+            authPadSz = authInSz + sizeof(word32) - authPadSz;
+        }
         if (authPadSz <= sizeof(authhdr)) {
             authInPadded = (byte*)authhdr;
         }
@@ -7984,11 +8332,12 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     /* for cases where hardware cannot be used for authTag calculate it */
     /* if IV is not 12 calculate GHASH using software */
     if (ivSz != GCM_NONCE_MID_SZ
-    #ifndef CRYP_HEADERWIDTHUNIT_BYTE
+    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)
         /* or hardware that does not support partial block */
         || sz == 0 || partial != 0
     #endif
-    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL)
+    #if (!defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)) \
+        && !defined(STM32_AESGCM_PARTIAL)
         /* or authIn is not a multiple of 4  */
         || authPadSz != authInSz
     #endif
@@ -8003,13 +8352,14 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     if (ret != 0) {
         return ret;
     }
+
 #ifdef WOLFSSL_STM32_CUBEMX
     hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
     hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded;
 
 #if defined(STM32_HAL_V2)
     hcryp.Init.Algorithm = CRYP_AES_GCM;
-    #ifdef CRYP_HEADERWIDTHUNIT_BYTE
+    #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(WOLFSSL_STM32MP13)
     /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */
     hcryp.Init.HeaderSize = authInSz;
     #else
@@ -8019,27 +8369,27 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     /* allows repeated calls to HAL_CRYP_Encrypt */
     hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE;
     #endif
-    ByteReverseWords(ctr, ctr, AES_BLOCK_SIZE);
+    ByteReverseWords(ctr, ctr, WC_AES_BLOCK_SIZE);
     hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
     HAL_CRYP_Init(&hcryp);
 
     #ifndef CRYP_KEYIVCONFIG_ONCE
     /* GCM payload phase - can handle partial blocks */
     status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in,
-        (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
+        (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
     #else
     /* GCM payload phase - blocks */
     if (blocks) {
         status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in,
-            (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
     }
     /* GCM payload phase - partial remainder */
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)partialBlock, partial,
             (uint32_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     #endif
     if (status == HAL_OK && !useSwGhash) {
@@ -8069,16 +8419,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
         hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
         if (blocks) {
             status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
-                (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+                (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
         }
     }
     if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial,
                 (uint8_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && !useSwGhash) {
         /* GCM final phase */
@@ -8091,15 +8441,15 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     if (blocks) {
         /* GCM payload phase - blocks */
         status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (byte*)in,
-            (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
     }
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial,
             (uint8_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && !useSwGhash) {
         /* Compute the authTag */
@@ -8168,20 +8518,20 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
                       const byte* authIn, word32 authInSz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* p = in;
     byte* c = out;
-    ALIGN16 byte counter[AES_BLOCK_SIZE];
-    ALIGN16 byte initialCounter[AES_BLOCK_SIZE];
-    ALIGN16 byte scratch[AES_BLOCK_SIZE];
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -8189,21 +8539,21 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
     }
-    XMEMCPY(initialCounter, counter, AES_BLOCK_SIZE);
+    XMEMCPY(initialCounter, counter, WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_PIC32MZ_CRYPT
     if (blocks) {
         /* use initial IV for HW, but don't use it below */
-        XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, counter, WC_AES_BLOCK_SIZE);
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
-            out, in, (blocks * AES_BLOCK_SIZE),
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
+            out, in, (blocks * WC_AES_BLOCK_SIZE),
             PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
         if (ret != 0)
             return ret;
@@ -8217,15 +8567,15 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
     if (c != p && blocks > 0) { /* can not handle inline encryption */
         while (blocks--) {
             IncrementGcmCounter(counter);
-            XMEMCPY(c, counter, AES_BLOCK_SIZE);
-            c += AES_BLOCK_SIZE;
+            XMEMCPY(c, counter, WC_AES_BLOCK_SIZE);
+            c += WC_AES_BLOCK_SIZE;
         }
 
         /* reset number of blocks and then do encryption */
-        blocks = sz / AES_BLOCK_SIZE;
-        wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
-        xorbuf(out, p, AES_BLOCK_SIZE * blocks);
-        p += AES_BLOCK_SIZE * blocks;
+        blocks = sz / WC_AES_BLOCK_SIZE;
+        wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
+        xorbuf(out, p, WC_AES_BLOCK_SIZE * blocks);
+        p += WC_AES_BLOCK_SIZE * blocks;
     }
     else
 #endif /* HAVE_AES_ECB && !WOLFSSL_PIC32MZ_CRYPT */
@@ -8236,10 +8586,10 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
             ret = wc_AesEncrypt(aes, counter, scratch);
             if (ret != 0)
                 return ret;
-            xorbufout(c, scratch, p, AES_BLOCK_SIZE);
+            xorbufout(c, scratch, p, WC_AES_BLOCK_SIZE);
         #endif
-            p += AES_BLOCK_SIZE;
-            c += AES_BLOCK_SIZE;
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -8275,7 +8625,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     int ret;
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
+        ((authTagSz > 0) && (authTag == NULL)) ||
+        ((authInSz > 0) && (authIn == NULL)))
+    {
         return BAD_FUNC_ARG;
     }
 
@@ -8292,7 +8645,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         int crypto_cb_ret =
             wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag,
                                       authTagSz, authIn, authInSz);
-        if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return crypto_cb_ret;
         /* fall-through when unavailable */
     }
@@ -8374,6 +8727,14 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         }
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        AES_GCM_encrypt_AARCH64(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+            authIn, authInSz);
+        ret = 0;
+    }
+    else
 #endif /* WOLFSSL_AESNI */
     {
         ret = AES_GCM_encrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
@@ -8403,9 +8764,9 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* If the sz is non-zero, both in and out must be set. If sz is 0,
      * in and out are don't cares, as this is is the GMAC case. */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
-        ivSz == 0) {
-
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
+        ivSz == 0 || ((authInSz > 0) && (authIn == NULL)))
+    {
         return BAD_FUNC_ARG;
     }
 
@@ -8440,18 +8801,18 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
 #ifdef WOLFSSL_STM32_CUBEMX
     int status = HAL_OK;
     CRYP_HandleTypeDef hcryp;
-    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
 #else
     int status = SUCCESS;
     word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)];
 #endif
     word32 keySize;
-    word32 partial = sz % AES_BLOCK_SIZE;
-    word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
+    word32 tag[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 tagExpected[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 partialBlock[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 ctr[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 authhdr[WC_AES_BLOCK_SIZE/sizeof(word32)];
     byte* authInPadded = NULL;
     int authPadSz, wasAlloc = 0, tagComputed = 0;
 
@@ -8465,14 +8826,14 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         return ret;
 #endif
 
-    XMEMSET(ctr, 0, AES_BLOCK_SIZE);
+    XMEMSET(ctr, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         byte* pCtr = (byte*)ctr;
         XMEMCPY(ctr, iv, ivSz);
-        pCtr[AES_BLOCK_SIZE - 1] = 1;
+        pCtr[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, WC_AES_BLOCK_SIZE);
     }
 
     /* Make copy of expected authTag, which could get corrupted in some
@@ -8489,14 +8850,24 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         authPadSz = authInSz;
     }
 
+#ifdef WOLFSSL_STM32MP13
+    /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a
+     * minimum of 16 bytes for the auth
+     */
+    if ((authInSz > 0) && (authInSz < 16)) {
+        authPadSz = 16 - authInSz;
+    }
+#endif
+
     /* for cases where hardware cannot be used for authTag calculate it */
     /* if IV is not 12 calculate GHASH using software */
     if (ivSz != GCM_NONCE_MID_SZ
-    #ifndef CRYP_HEADERWIDTHUNIT_BYTE
+    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)
         /* or hardware that does not support partial block */
         || sz == 0 || partial != 0
     #endif
-    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL)
+    #if (!defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)) \
+        && !defined(STM32_AESGCM_PARTIAL)
         /* or authIn is not a multiple of 4  */
         || authPadSz != authInSz
     #endif
@@ -8542,7 +8913,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
 
 #if defined(STM32_HAL_V2)
     hcryp.Init.Algorithm = CRYP_AES_GCM;
-    #ifdef CRYP_HEADERWIDTHUNIT_BYTE
+    #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(WOLFSSL_STM32MP13)
     /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */
     hcryp.Init.HeaderSize = authInSz;
     #else
@@ -8552,26 +8923,26 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
     /* allows repeated calls to HAL_CRYP_Decrypt */
     hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE;
     #endif
-    ByteReverseWords(ctr, ctr, AES_BLOCK_SIZE);
+    ByteReverseWords(ctr, ctr, WC_AES_BLOCK_SIZE);
     hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
     HAL_CRYP_Init(&hcryp);
 
     #ifndef CRYP_KEYIVCONFIG_ONCE
     status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
-        (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
+        (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
     #else
     /* GCM payload phase - blocks */
     if (blocks) {
         status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
-            (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
     }
     /* GCM payload phase - partial remainder */
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial,
             (uint32_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     #endif
     if (status == HAL_OK && !tagComputed) {
@@ -8601,16 +8972,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
         if (blocks) {
             status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
-                (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+                (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
         }
     }
     if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)partialBlock, partial,
             (byte*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && tagComputed == 0) {
         /* GCM final phase */
@@ -8623,15 +8994,15 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
     if (blocks) {
         /* GCM payload phase - blocks */
         status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)in,
-            (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
     }
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)partialBlock, partial,
             (byte*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && tagComputed == 0) {
         /* Compute the authTag */
@@ -8696,22 +9067,22 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
                       const byte* authIn, word32 authInSz)
 {
     int ret;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* c = in;
     byte* p = out;
-    ALIGN16 byte counter[AES_BLOCK_SIZE];
-    ALIGN16 byte scratch[AES_BLOCK_SIZE];
-    ALIGN16 byte Tprime[AES_BLOCK_SIZE];
-    ALIGN16 byte EKY0[AES_BLOCK_SIZE];
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
     sword32 res;
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -8719,7 +9090,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -8756,11 +9127,11 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
 #if defined(WOLFSSL_PIC32MZ_CRYPT)
     if (blocks) {
         /* use initial IV for HW, but don't use it below */
-        XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, counter, WC_AES_BLOCK_SIZE);
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
-            out, in, (blocks * AES_BLOCK_SIZE),
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
+            out, in, (blocks * WC_AES_BLOCK_SIZE),
             PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
         if (ret != 0)
             return ret;
@@ -8774,16 +9145,16 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
     if (c != p && blocks > 0) { /* can not handle inline decryption */
         while (blocks--) {
             IncrementGcmCounter(counter);
-            XMEMCPY(p, counter, AES_BLOCK_SIZE);
-            p += AES_BLOCK_SIZE;
+            XMEMCPY(p, counter, WC_AES_BLOCK_SIZE);
+            p += WC_AES_BLOCK_SIZE;
         }
 
         /* reset number of blocks and then do encryption */
-        blocks = sz / AES_BLOCK_SIZE;
+        blocks = sz / WC_AES_BLOCK_SIZE;
 
-        wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
-        xorbuf(out, c, AES_BLOCK_SIZE * blocks);
-        c += AES_BLOCK_SIZE * blocks;
+        wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
+        xorbuf(out, c, WC_AES_BLOCK_SIZE * blocks);
+        c += WC_AES_BLOCK_SIZE * blocks;
     }
     else
 #endif /* HAVE_AES_ECB && !PIC32MZ */
@@ -8794,10 +9165,10 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
             ret = wc_AesEncrypt(aes, counter, scratch);
             if (ret != 0)
                 return ret;
-            xorbufout(p, scratch, c, AES_BLOCK_SIZE);
+            xorbufout(p, scratch, c, WC_AES_BLOCK_SIZE);
         #endif
-            p += AES_BLOCK_SIZE;
-            c += AES_BLOCK_SIZE;
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -8822,7 +9193,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
     /* now use res as a mask for constant time return of ret, unless tag
      * mismatch, whereupon AES_GCM_AUTH_E is returned.
      */
-    ret = (ret & ~res) | (res & AES_GCM_AUTH_E);
+    ret = (ret & ~res) | (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
 #endif
     return ret;
 }
@@ -8835,14 +9206,14 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 {
     int ret;
 #ifdef WOLFSSL_AESNI
-    int res = AES_GCM_AUTH_E;
+    int res = WC_NO_ERR_TRACE(AES_GCM_AUTH_E);
 #endif
 
     /* argument checks */
     /* If the sz is non-zero, both in and out must be set. If sz is 0,
      * in and out are don't cares, as this is is the GMAC case. */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0) {
 
         return BAD_FUNC_ARG;
@@ -8856,7 +9227,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         int crypto_cb_ret =
             wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz,
                                       authTag, authTagSz, authIn, authInSz);
-        if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return crypto_cb_ret;
         /* fall-through when unavailable */
     }
@@ -8948,6 +9319,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         }
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        ret = AES_GCM_decrypt_AARCH64(aes, out, in, sz, iv, ivSz, authTag,
+            authTagSz, authIn, authInSz);
+    }
+    else
 #endif /* WOLFSSL_AESNI */
     {
         ret = AES_GCM_decrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
@@ -8963,10 +9341,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #ifdef WOLFSSL_AESGCM_STREAM
 
-#if defined(WC_AES_C_DYNAMIC_FALLBACK) && defined(WOLFSSL_AESNI)
-    #error "AES-GCM streaming with AESNI is incompatible with WC_AES_C_DYNAMIC_FALLBACK."
-#endif
-
 /* Initialize the AES GCM cipher with an IV. C implementation.
  *
  * @param [in, out] aes   AES object.
@@ -8975,19 +9349,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  */
 static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
 {
-    ALIGN32 byte counter[AES_BLOCK_SIZE];
+    ALIGN32 byte counter[WC_AES_BLOCK_SIZE];
     int ret;
 
-#ifdef WOLFSSL_AESNI
-    aes->use_aesni = 0;
-#endif
-
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -8995,14 +9365,14 @@ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
     #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
     #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
     #endif
     }
 
     /* Copy in the counter for use with cipher. */
-    XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE);
+    XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE);
     /* Encrypt initial counter into a buffer for GCM. */
     ret = wc_AesEncrypt(aes, counter, AES_INITCTR(aes));
     if (ret != 0)
@@ -9035,12 +9405,12 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C(
 
     /* Check if previous encrypted block was not used up. */
     if (aes->over > 0) {
-        byte pSz = AES_BLOCK_SIZE - aes->over;
+        byte pSz = (byte)(WC_AES_BLOCK_SIZE - aes->over);
         if (pSz > sz) pSz = (byte)sz;
 
         /* Use some/all of last encrypted block. */
         xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
-        aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1);
+        aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1);
 
         /* Some data used. */
         sz  -= pSz;
@@ -9050,8 +9420,8 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C(
 
     /* Calculate the number of blocks needing to be encrypted and any leftover.
      */
-    blocks  = sz / AES_BLOCK_SIZE;
-    partial = sz & (AES_BLOCK_SIZE - 1);
+    blocks  = sz / WC_AES_BLOCK_SIZE;
+    partial = sz & (WC_AES_BLOCK_SIZE - 1);
 
 #if defined(HAVE_AES_ECB)
     /* Some hardware acceleration can gain performance from doing AES encryption
@@ -9063,33 +9433,33 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C(
         /* Place incrementing counter blocks into cipher text. */
         for (b = 0; b < blocks; b++) {
             IncrementGcmCounter(AES_COUNTER(aes));
-            XMEMCPY(out + b * AES_BLOCK_SIZE, AES_COUNTER(aes), AES_BLOCK_SIZE);
+            XMEMCPY(out + b * WC_AES_BLOCK_SIZE, AES_COUNTER(aes), WC_AES_BLOCK_SIZE);
         }
 
         /* Encrypt counter blocks. */
-        wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
+        wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
         /* XOR in plaintext. */
-        xorbuf(out, in, AES_BLOCK_SIZE * blocks);
+        xorbuf(out, in, WC_AES_BLOCK_SIZE * blocks);
         /* Skip over processed data. */
-        in += AES_BLOCK_SIZE * blocks;
-        out += AES_BLOCK_SIZE * blocks;
+        in += WC_AES_BLOCK_SIZE * blocks;
+        out += WC_AES_BLOCK_SIZE * blocks;
     }
     else
 #endif /* HAVE_AES_ECB */
     {
         /* Encrypt block by block. */
         while (blocks--) {
-            ALIGN32 byte scratch[AES_BLOCK_SIZE];
+            ALIGN32 byte scratch[WC_AES_BLOCK_SIZE];
             IncrementGcmCounter(AES_COUNTER(aes));
             /* Encrypt counter into a buffer. */
             ret = wc_AesEncrypt(aes, AES_COUNTER(aes), scratch);
             if (ret != 0)
                 return ret;
             /* XOR plain text into encrypted counter into cipher text buffer. */
-            xorbufout(out, scratch, in, AES_BLOCK_SIZE);
+            xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE);
             /* Data complete. */
-            in  += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -9127,7 +9497,7 @@ static WARN_UNUSED_RESULT int AesGcmFinal_C(
     aes->gcm.aadLen = aes->aSz;
 #endif
     /* Zeroize last block to protect sensitive data. */
-    ForceZero(AES_LASTBLOCK(aes), AES_BLOCK_SIZE);
+    ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -9208,10 +9578,11 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
     ASSERT_SAVED_VECTOR_REGISTERS();
 
     /* Reset state fields. */
+    aes->over = 0;
     aes->aSz = 0;
     aes->cSz = 0;
     /* Set tag to all zeros as initial value. */
-    XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+    XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE);
     /* Reset counts of AAD and cipher text. */
     aes->aOver = 0;
     aes->cOver = 0;
@@ -9235,8 +9606,6 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
             aes->gcm.H, AES_COUNTER(aes), AES_INITCTR(aes));
     }
 
-    aes->use_aesni = 1;
-
     return 0;
 }
 
@@ -9263,14 +9632,14 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni(
         /* Check if we have unprocessed data. */
         if (aes->aOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->aOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver);
             if (sz > aSz) {
                 sz = (byte)aSz;
             }
             /* Copy extra into last GHASH block array and update count. */
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
-            aes->aOver += sz;
-            if (aes->aOver == AES_BLOCK_SIZE) {
+            aes->aOver = (byte)(aes->aOver + sz);
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
             #ifdef HAVE_INTEL_AVX2
                 if (IS_INTEL_AVX2(intel_flags)) {
@@ -9299,30 +9668,30 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni(
         }
 
         /* Calculate number of blocks of AAD and the leftover. */
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
             /* GHASH full blocks now. */
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
-                AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE,
+                AES_GCM_aad_update_avx2(a, blocks * WC_AES_BLOCK_SIZE,
                                         AES_TAG(aes), aes->gcm.H);
             }
             else
         #endif
         #ifdef HAVE_INTEL_AVX1
             if (IS_INTEL_AVX1(intel_flags)) {
-                AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE,
+                AES_GCM_aad_update_avx1(a, blocks * WC_AES_BLOCK_SIZE,
                                         AES_TAG(aes), aes->gcm.H);
             }
             else
         #endif
             {
-                AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE,
+                AES_GCM_aad_update_aesni(a, blocks * WC_AES_BLOCK_SIZE,
                                          AES_TAG(aes), aes->gcm.H);
             }
             /* Skip over to end of AAD blocks. */
-            a += blocks * AES_BLOCK_SIZE;
+            a += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -9334,7 +9703,7 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni(
         /* No more AAD coming and we have a partial block. */
         /* Fill the rest of the block with zeros. */
         XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0,
-                AES_BLOCK_SIZE - aes->aOver);
+                (size_t)WC_AES_BLOCK_SIZE - aes->aOver);
         /* GHASH last AAD block. */
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -9392,7 +9761,7 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver);
             if (sz > cSz) {
                 sz = (byte)cSz;
             }
@@ -9400,8 +9769,8 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
             xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, p, sz);
             XMEMCPY(c, AES_LASTGBLOCK(aes) + aes->cOver, sz);
             /* Update count of unused encrypted counter. */
-            aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            aes->cOver = (byte)(aes->cOver + sz);
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
             #ifdef HAVE_INTEL_AVX2
                 if (IS_INTEL_AVX2(intel_flags)) {
@@ -9431,14 +9800,14 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
         }
 
         /* Calculate number of blocks of plaintext and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
             /* Encrypt and GHASH full blocks now. */
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_encrypt_update_avx2((byte*)aes->key, (int)aes->rounds,
-                    c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
@@ -9446,23 +9815,23 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
         #ifdef HAVE_INTEL_AVX1
             if (IS_INTEL_AVX1(intel_flags)) {
                 AES_GCM_encrypt_update_avx1((byte*)aes->key, (int)aes->rounds,
-                    c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
         #endif
             {
                 AES_GCM_encrypt_update_aesni((byte*)aes->key, (int)aes->rounds,
-                    c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             /* Skip over to end of blocks. */
-            p += blocks * AES_BLOCK_SIZE;
-            c += blocks * AES_BLOCK_SIZE;
+            p += blocks * WC_AES_BLOCK_SIZE;
+            c += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Encrypt the counter - XOR in zeros as proxy for plaintext. */
-            XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE);
+            XMEMSET(AES_LASTGBLOCK(aes), 0, WC_AES_BLOCK_SIZE);
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_encrypt_block_avx2((byte*)aes->key, (int)aes->rounds,
@@ -9516,7 +9885,7 @@ static WARN_UNUSED_RESULT int AesGcmEncryptFinal_aesni(
     }
     if (over > 0) {
         /* Fill the rest of the block with zeros. */
-        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, (size_t)WC_AES_BLOCK_SIZE - over);
         /* GHASH last cipher block. */
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -9613,7 +9982,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
     ASSERT_SAVED_VECTOR_REGISTERS();
 
     /* Hash in A, the Authentication Data */
-    ret = AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
+    ret = AesGcmAadUpdate_aesni(aes, a, aSz, cSz > 0);
     if (ret != 0)
         return ret;
 
@@ -9623,7 +9992,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver);
             if (sz > cSz) {
                 sz = (byte)cSz;
             }
@@ -9633,8 +10002,8 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
             xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
             XMEMCPY(p, AES_LASTGBLOCK(aes) + aes->cOver, sz);
             /* Update count of unused encrypted counter. */
-            aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            aes->cOver = (byte)(aes->cOver + sz);
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
             #ifdef HAVE_INTEL_AVX2
                 if (IS_INTEL_AVX2(intel_flags)) {
@@ -9664,14 +10033,14 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
         }
 
         /* Calculate number of blocks of plaintext and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
             /* Decrypt and GHASH full blocks now. */
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_decrypt_update_avx2((byte*)aes->key, (int)aes->rounds,
-                    p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
@@ -9679,23 +10048,23 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
         #ifdef HAVE_INTEL_AVX1
             if (IS_INTEL_AVX1(intel_flags)) {
                 AES_GCM_decrypt_update_avx1((byte*)aes->key, (int)aes->rounds,
-                    p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
         #endif
             {
                 AES_GCM_decrypt_update_aesni((byte*)aes->key, (int)aes->rounds,
-                    p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             /* Skip over to end of blocks. */
-            c += blocks * AES_BLOCK_SIZE;
-            p += blocks * AES_BLOCK_SIZE;
+            c += blocks * WC_AES_BLOCK_SIZE;
+            p += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Encrypt the counter - XOR in zeros as proxy for cipher text. */
-            XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE);
+            XMEMSET(AES_LASTGBLOCK(aes), 0, WC_AES_BLOCK_SIZE);
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_encrypt_block_avx2((byte*)aes->key, (int)aes->rounds,
@@ -9756,7 +10125,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptFinal_aesni(
     }
     if (over > 0) {
         /* Zeroize the unused part of the block. */
-        XMEMSET(lastBlock + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(lastBlock + over, 0, (size_t)WC_AES_BLOCK_SIZE - over);
         /* Hash the last block of cipher text. */
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -9834,7 +10203,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
     if ((ret == 0) && (aes->streamData == NULL)) {
         /* Allocate buffers for streaming. */
-        aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap,
+        aes->streamData_sz = 5 * WC_AES_BLOCK_SIZE;
+        aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap,
                                                               DYNAMIC_TYPE_AES);
         if (aes->streamData == NULL) {
             ret = MEMORY_E;
@@ -9849,7 +10219,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 
     if (ret == 0) {
         /* Set the IV passed in if it is smaller than a block. */
-        if ((iv != NULL) && (ivSz <= AES_BLOCK_SIZE)) {
+        if ((iv != NULL) && (ivSz <= WC_AES_BLOCK_SIZE)) {
             XMEMMOVE((byte*)aes->reg, iv, ivSz);
             aes->nonceSz = ivSz;
         }
@@ -9862,20 +10232,32 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 
         if (iv != NULL) {
             /* Initialize with the IV. */
-            VECTOR_REGISTERS_PUSH;
 
         #ifdef WOLFSSL_AESNI
             if (aes->use_aesni) {
+                SAVE_VECTOR_REGISTERS(return _svr_ret;);
                 ret = AesGcmInit_aesni(aes, iv, ivSz);
+                RESTORE_VECTOR_REGISTERS();
             }
             else
-        #endif
+        #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+              !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+            if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+                AES_GCM_init_AARCH64(aes, iv, ivSz);
+
+                /* Reset state fields. */
+                aes->over = 0;
+                aes->aSz = 0;
+                aes->cSz = 0;
+                /* Initialization for GHASH. */
+                GHASH_INIT(aes);
+            }
+            else
+        #endif /* WOLFSSL_AESNI */
             {
                 ret = AesGcmInit_C(aes, iv, ivSz);
             }
 
-            VECTOR_REGISTERS_POP;
-
             if (ret == 0)
                 aes->nonceSet = 1;
         }
@@ -9989,11 +10371,19 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
 
     if (ret == 0) {
         /* Encrypt with AAD and/or plaintext. */
-        VECTOR_REGISTERS_PUSH;
 
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            AES_GCM_crypt_update_AARCH64(aes, out, in, sz);
+            GHASH_UPDATE_AARCH64(aes, authIn, authInSz, out, sz);
         }
         else
     #endif
@@ -10006,8 +10396,6 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
                 GHASH_UPDATE(aes, authIn, authInSz, out, sz);
             }
         }
-
-        VECTOR_REGISTERS_POP;
     }
 
     return ret;
@@ -10028,7 +10416,7 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -10044,17 +10432,23 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
 
     if (ret == 0) {
         /* Calculate authentication tag. */
-        VECTOR_REGISTERS_PUSH;
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmEncryptFinal_aesni(aes, authTag, authTagSz);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            AES_GCM_final_AARCH64(aes, authTag, authTagSz);
         }
         else
     #endif
         {
             ret = AesGcmFinal_C(aes, authTag, authTagSz);
         }
-        VECTOR_REGISTERS_POP;
     }
 
     if ((ret == 0) && aes->ctrSet) {
@@ -10127,10 +10521,18 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
 
     if (ret == 0) {
         /* Decrypt with AAD and/or cipher text. */
-        VECTOR_REGISTERS_PUSH;
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            GHASH_UPDATE_AARCH64(aes, authIn, authInSz, in, sz);
+            AES_GCM_crypt_update_AARCH64(aes, out, in, sz);
         }
         else
     #endif
@@ -10141,7 +10543,6 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
             /* Decrypt the cipher text. */
             ret = AesGcmCryptUpdate_C(aes, out, in, sz);
         }
-        VECTOR_REGISTERS_POP;
     }
 
     return ret;
@@ -10162,7 +10563,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -10178,15 +10579,27 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
 
     if (ret == 0) {
         /* Calculate authentication tag and compare with one passed in.. */
-        VECTOR_REGISTERS_PUSH;
     #ifdef WOLFSSL_AESNI
         if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
             ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE];
+            AES_GCM_final_AARCH64(aes, calcTag, authTagSz);
+            /* Check calculated tag matches the one passed in. */
+            if (ConstantCompare(authTag, calcTag, (int)authTagSz) != 0) {
+                ret = AES_GCM_AUTH_E;
+            }
         }
         else
     #endif
         {
-            ALIGN32 byte calcTag[AES_BLOCK_SIZE];
+            ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE];
             /* Calculate authentication tag. */
             ret = AesGcmFinal_C(aes, calcTag, authTagSz);
             if (ret == 0) {
@@ -10196,7 +10609,6 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
                 }
             }
         }
-        VECTOR_REGISTERS_POP;
     }
 
     return ret;
@@ -10323,7 +10735,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
             byte* authTag, word32 authTagSz, WC_RNG* rng)
 {
 #ifdef WOLFSSL_SMALL_STACK
-    Aes *aes = NULL;
+    Aes *aes;
 #else
     Aes aes[1];
 #endif
@@ -10336,24 +10748,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                              DYNAMIC_TYPE_AES)) == NULL)
-        return MEMORY_E;
-#endif
-
+    aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
-    if (ret == 0) {
-        ret = wc_AesGcmSetKey(aes, key, keySz);
-        if (ret == 0)
-            ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
-        if (ret == 0)
-            ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
+#endif
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesGcmSetKey(aes, key, keySz);
+    if (ret == 0)
+        ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
+    if (ret == 0)
+        ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
-        wc_AesFree(aes);
-    }
-    ForceZero(aes, sizeof *aes);
+
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -10373,28 +10785,27 @@ int wc_GmacVerify(const byte* key, word32 keySz,
 #endif
 
     if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
-        authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
+        authTag == NULL || authTagSz == 0 || authTagSz > WC_AES_BLOCK_SIZE) {
 
         return BAD_FUNC_ARG;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                              DYNAMIC_TYPE_AES)) == NULL)
-        return MEMORY_E;
-#endif
-
+    aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+#endif
     if (ret == 0) {
         ret = wc_AesGcmSetKey(aes, key, keySz);
         if (ret == 0)
             ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
-        wc_AesFree(aes);
+
     }
-    ForceZero(aes, sizeof *aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 #else
     (void)key;
@@ -10462,8 +10873,11 @@ int wc_AesCcmCheckTagSize(int sz)
     return 0;
 }
 
-#ifdef WOLFSSL_ARMASM
-    /* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */
+#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__)
+    /* implemented in wolfcrypt/src/port/arm/rmv8-aes.c */
+
+#elif defined(WOLFSSL_RISCV_ASM)
+    /* implementation located in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
 
 #elif defined(HAVE_COLDFIRE_SEC)
     #error "Coldfire SEC doesn't currently support AES-CCM mode"
@@ -10590,10 +11004,10 @@ static WARN_UNUSED_RESULT int roll_x(
     int ret;
 
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
-        xorbuf(out, in, AES_BLOCK_SIZE);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf(out, in, WC_AES_BLOCK_SIZE);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         ret = wc_AesEncrypt(aes, out, out);
         if (ret != 0)
@@ -10639,7 +11053,7 @@ static WARN_UNUSED_RESULT int roll_auth(
      */
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -10666,7 +11080,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -10676,23 +11090,23 @@ static WC_INLINE void AesCcmCtrIncSet4(byte* B, word32 lenSz)
     word32 i;
 
     /* B+1 = B */
-    XMEMCPY(B + AES_BLOCK_SIZE * 1, B, AES_BLOCK_SIZE);
+    XMEMCPY(B + WC_AES_BLOCK_SIZE * 1, B, WC_AES_BLOCK_SIZE);
     /* B+2,B+3 = B,B+1 */
-    XMEMCPY(B + AES_BLOCK_SIZE * 2, B, AES_BLOCK_SIZE * 2);
+    XMEMCPY(B + WC_AES_BLOCK_SIZE * 2, B, WC_AES_BLOCK_SIZE * 2);
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
+        if (++B[WC_AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
     }
-    B[AES_BLOCK_SIZE * 3 - 1] += 2;
-    if (B[AES_BLOCK_SIZE * 3 - 1] < 2) {
+    B[WC_AES_BLOCK_SIZE * 3 - 1] = (byte)(B[WC_AES_BLOCK_SIZE * 3 - 1] + 2U);
+    if (B[WC_AES_BLOCK_SIZE * 3 - 1] < 2U) {
         for (i = 1; i < lenSz; i++) {
-            if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break;
+            if (++B[WC_AES_BLOCK_SIZE * 3 - 1 - i] != 0) break;
         }
     }
-    B[AES_BLOCK_SIZE * 4 - 1] += 3;
-    if (B[AES_BLOCK_SIZE * 4 - 1] < 3) {
+    B[WC_AES_BLOCK_SIZE * 4 - 1] = (byte)(B[WC_AES_BLOCK_SIZE * 4 - 1] + 3U);
+    if (B[WC_AES_BLOCK_SIZE * 4 - 1] < 3U) {
         for (i = 1; i < lenSz; i++) {
-            if (++B[AES_BLOCK_SIZE * 4 - 1 - i] != 0) break;
+            if (++B[WC_AES_BLOCK_SIZE * 4 - 1 - i] != 0) break;
         }
     }
 }
@@ -10701,10 +11115,10 @@ static WC_INLINE void AesCcmCtrInc4(byte* B, word32 lenSz)
 {
     word32 i;
 
-    B[AES_BLOCK_SIZE - 1] += 4;
-    if (B[AES_BLOCK_SIZE - 1] < 4) {
+    B[WC_AES_BLOCK_SIZE - 1] = (byte)(B[WC_AES_BLOCK_SIZE - 1] + 4U);
+    if (B[WC_AES_BLOCK_SIZE - 1] < 4U) {
         for (i = 1; i < lenSz; i++) {
-            if (++B[AES_BLOCK_SIZE - 1 - i] != 0) break;
+            if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) break;
         }
     }
 }
@@ -10718,11 +11132,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authIn, word32 authInSz)
 {
 #ifdef WOLFSSL_AESNI
-    ALIGN128 byte A[AES_BLOCK_SIZE * 4];
-    ALIGN128 byte B[AES_BLOCK_SIZE * 4];
+    ALIGN128 byte A[WC_AES_BLOCK_SIZE * 4];
+    ALIGN128 byte B[WC_AES_BLOCK_SIZE * 4];
 #else
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
 #endif
     byte lenSz;
     word32 i;
@@ -10733,7 +11147,12 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     /* sanity check on arguments */
     if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-            authTagSz > AES_BLOCK_SIZE)
+            authTagSz > WC_AES_BLOCK_SIZE)
+        return BAD_FUNC_ARG;
+
+    /* Sanity check on authIn to prevent segfault in xorbuf() where
+     * variable 'in' is dereferenced as the mask 'm' in misc.c */
+    if (authIn == NULL && authInSz > 0)
         return BAD_FUNC_ARG;
 
     /* sanity check on tag size */
@@ -10749,7 +11168,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         int crypto_cb_ret =
             wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz,
                                       authTag, authTagSz, authIn, authInSz);
-        if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return crypto_cb_ret;
         /* fall-through when unavailable */
     }
@@ -10757,14 +11176,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     XMEMSET(A, 0, sizeof(A));
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = (byte)(WC_AES_BLOCK_SIZE - 1U - nonceSz);
     B[0] = (byte)((authInSz > 0 ? 64 : 0)
                   + (8 * (((byte)authTagSz - 2) / 2))
                   + (lenSz - 1));
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
     }
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -10787,9 +11206,9 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     if (ret == 0) {
         XMEMCPY(authTag, A, authTagSz);
 
-        B[0] = lenSz - 1;
+        B[0] = (byte)(lenSz - 1U);
         for (i = 0; i < lenSz; i++)
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         ret = wc_AesEncrypt(aes, B, A);
     }
 
@@ -10799,35 +11218,35 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 #ifdef WOLFSSL_AESNI
     if ((ret == 0) && aes->use_aesni) {
-        while (inSz >= AES_BLOCK_SIZE * 4) {
+        while (inSz >= WC_AES_BLOCK_SIZE * 4) {
             AesCcmCtrIncSet4(B, lenSz);
 
-            AES_ECB_encrypt_AESNI(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key,
+            AES_ECB_encrypt_AESNI(B, A, WC_AES_BLOCK_SIZE * 4, (byte*)aes->key,
                             (int)aes->rounds);
 
-            xorbuf(A, in, AES_BLOCK_SIZE * 4);
-            XMEMCPY(out, A, AES_BLOCK_SIZE * 4);
+            xorbuf(A, in, WC_AES_BLOCK_SIZE * 4);
+            XMEMCPY(out, A, WC_AES_BLOCK_SIZE * 4);
 
-            inSz -= AES_BLOCK_SIZE * 4;
-            in += AES_BLOCK_SIZE * 4;
-            out += AES_BLOCK_SIZE * 4;
+            inSz -= WC_AES_BLOCK_SIZE * 4;
+            in += WC_AES_BLOCK_SIZE * 4;
+            out += WC_AES_BLOCK_SIZE * 4;
 
             AesCcmCtrInc4(B, lenSz);
         }
     }
 #endif
     if (ret == 0) {
-        while (inSz >= AES_BLOCK_SIZE) {
+        while (inSz >= WC_AES_BLOCK_SIZE) {
             ret = wc_AesEncrypt(aes, B, A);
             if (ret != 0)
                 break;
-            xorbuf(A, in, AES_BLOCK_SIZE);
-            XMEMCPY(out, A, AES_BLOCK_SIZE);
+            xorbuf(A, in, WC_AES_BLOCK_SIZE);
+            XMEMCPY(out, A, WC_AES_BLOCK_SIZE);
 
             AesCcmCtrInc(B, lenSz);
-            inSz -= AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            inSz -= WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
     }
     if ((ret == 0) && (inSz > 0)) {
@@ -10859,11 +11278,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authIn, word32 authInSz)
 {
 #ifdef WOLFSSL_AESNI
-    ALIGN128 byte B[AES_BLOCK_SIZE * 4];
-    ALIGN128 byte A[AES_BLOCK_SIZE * 4];
+    ALIGN128 byte B[WC_AES_BLOCK_SIZE * 4];
+    ALIGN128 byte A[WC_AES_BLOCK_SIZE * 4];
 #else
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
 #endif
     byte* o;
     byte lenSz;
@@ -10875,7 +11294,12 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     /* sanity check on arguments */
     if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
+        return BAD_FUNC_ARG;
+
+    /* Sanity check on authIn to prevent segfault in xorbuf() where
+     * variable 'in' is dereferenced as the mask 'm' in misc.c */
+    if (authIn == NULL && authInSz > 0)
         return BAD_FUNC_ARG;
 
     /* sanity check on tag size */
@@ -10891,7 +11315,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         int crypto_cb_ret =
             wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
             authTag, authTagSz, authIn, authInSz);
-        if (crypto_cb_ret != CRYPTOCB_UNAVAILABLE)
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return crypto_cb_ret;
         /* fall-through when unavailable */
     }
@@ -10901,11 +11325,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     oSz = inSz;
     XMEMSET(A, 0, sizeof A);
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = (byte)(WC_AES_BLOCK_SIZE - 1U - nonceSz);
 
-    B[0] = lenSz - 1;
+    B[0] = (byte)(lenSz - 1U);
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -10917,34 +11341,34 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
 #ifdef WOLFSSL_AESNI
     if (aes->use_aesni) {
-        while (oSz >= AES_BLOCK_SIZE * 4) {
+        while (oSz >= WC_AES_BLOCK_SIZE * 4) {
             AesCcmCtrIncSet4(B, lenSz);
 
-            AES_ECB_encrypt_AESNI(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key,
+            AES_ECB_encrypt_AESNI(B, A, WC_AES_BLOCK_SIZE * 4, (byte*)aes->key,
                             (int)aes->rounds);
 
-            xorbuf(A, in, AES_BLOCK_SIZE * 4);
-            XMEMCPY(o, A, AES_BLOCK_SIZE * 4);
+            xorbuf(A, in, WC_AES_BLOCK_SIZE * 4);
+            XMEMCPY(o, A, WC_AES_BLOCK_SIZE * 4);
 
-            oSz -= AES_BLOCK_SIZE * 4;
-            in += AES_BLOCK_SIZE * 4;
-            o += AES_BLOCK_SIZE * 4;
+            oSz -= WC_AES_BLOCK_SIZE * 4;
+            in += WC_AES_BLOCK_SIZE * 4;
+            o += WC_AES_BLOCK_SIZE * 4;
 
             AesCcmCtrInc4(B, lenSz);
         }
     }
 #endif
 
-    while (oSz >= AES_BLOCK_SIZE) {
+    while (oSz >= WC_AES_BLOCK_SIZE) {
         ret = wc_AesEncrypt(aes, B, A);
         if (ret != 0)
             break;
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(o, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(o, A, WC_AES_BLOCK_SIZE);
         AesCcmCtrInc(B, lenSz);
-        oSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        o += AES_BLOCK_SIZE;
+        oSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        o += WC_AES_BLOCK_SIZE;
     }
 
     if ((ret == 0) && (inSz > 0))
@@ -10954,7 +11378,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         xorbuf(A, in, oSz);
         XMEMCPY(o, A, oSz);
         for (i = 0; i < lenSz; i++)
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         ret = wc_AesEncrypt(aes, B, A);
     }
 
@@ -10968,7 +11392,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         for (i = 0; i < lenSz; i++) {
             if (mask && i >= wordSz)
                 mask = 0x00;
-            B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
+            B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
         }
 
         ret = wc_AesEncrypt(aes, B, A);
@@ -10982,9 +11406,9 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         ret = roll_x(aes, o, oSz, A);
 
     if (ret == 0) {
-        B[0] = lenSz - 1;
+        B[0] = (byte)(lenSz - 1U);
         for (i = 0; i < lenSz; i++)
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         ret = wc_AesEncrypt(aes, B, B);
     }
 
@@ -11093,8 +11517,41 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #endif /* HAVE_AESCCM */
 
+#ifndef WC_NO_CONSTRUCTORS
+Aes* wc_AesNew(void* heap, int devId, int *result_code)
+{
+    int ret;
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_AesInit(aes, heap, devId);
+        if (ret != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+    }
 
-/* Initialize Aes for use with async hardware */
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return aes;
+}
+
+int wc_AesDelete(Aes *aes, Aes** aes_p)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+    wc_AesFree(aes);
+    XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
+    if (aes_p != NULL)
+        *aes_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
+/* Initialize Aes */
 int wc_AesInit(Aes* aes, void* heap, int devId)
 {
     int ret = 0;
@@ -11102,11 +11559,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     if (aes == NULL)
         return BAD_FUNC_ARG;
 
+    XMEMSET(aes, 0, sizeof(*aes));
+
     aes->heap = heap;
 
 #ifdef WOLF_CRYPTO_CB
     aes->devId = devId;
-    aes->devCtx = NULL;
 #else
     (void)devId;
 #endif
@@ -11119,51 +11577,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     aes->alFd = WC_SOCK_NOTSET;
     aes->rdFd = WC_SOCK_NOTSET;
 #endif
-#ifdef WOLFSSL_KCAPI_AES
-    aes->handle = NULL;
-    aes->init   = 0;
-#endif
 #if defined(WOLFSSL_DEVCRYPTO) && \
    (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
     aes->ctx.cfd = -1;
 #endif
-#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES)
-    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
-#endif
 #if defined(WOLFSSL_IMXRT_DCP)
     DCPAesInit(aes);
 #endif
 
-#ifdef WOLFSSL_MAXQ10XX_CRYPTO
-    XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx));
-#endif
-
-#ifdef HAVE_AESGCM
-#ifdef OPENSSL_EXTRA
-    XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH));
-    aes->gcm.aadLen = 0;
-#endif
-#endif
-
-#ifdef WOLFSSL_AESGCM_STREAM
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
-    aes->streamData = NULL;
-#endif
-    aes->keylen = 0;
-    aes->nonceSz = 0;
-    aes->gcmKeySet = 0;
-    aes->nonceSet = 0;
-    aes->ctrSet = 0;
-#endif
-
 #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
     ret = wc_psa_aes_init(aes);
 #endif
 
-#if defined(WOLFSSL_RENESAS_FSPSM)
-    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
-#endif
-
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     if (ret == 0)
         ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap);
@@ -11218,11 +11643,12 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
 }
 #endif
 
-/* Free Aes from use with async hardware */
+/* Free Aes resources */
 void wc_AesFree(Aes* aes)
 {
-    if (aes == NULL)
+    if (aes == NULL) {
         return;
+    }
 
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1);
@@ -11264,6 +11690,7 @@ void wc_AesFree(Aes* aes)
 #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \
     !defined(WOLFSSL_AESNI)
     if (aes->streamData != NULL) {
+        ForceZero(aes->streamData, aes->streamData_sz);
         XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
         aes->streamData = NULL;
     }
@@ -11289,6 +11716,8 @@ void wc_AesFree(Aes* aes)
     wc_fspsm_Aesfree(aes);
 #endif
 
+    ForceZero(aes, sizeof(Aes));
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(aes, sizeof(Aes));
 #endif
@@ -11356,6 +11785,51 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
 #elif defined(WOLFSSL_DEVCRYPTO_AES)
     /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */
 
+#elif defined(WOLFSSL_RISCV_ASM)
+    /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */
+
+#elif defined(MAX3266X_AES)
+
+int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+
+#ifdef HAVE_AES_DECRYPT
+int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_DECRYPT */
+
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
 
 /* Software AES - ECB */
@@ -11390,7 +11864,7 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
     #endif
     {
         ret = wc_CryptoCb_AesEcbEncrypt(aes, out, in, sz);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         ret = 0;
         /* fall-through when unavailable */
@@ -11408,19 +11882,31 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
         AES_ECB_encrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds);
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        word32 i;
+
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
+            AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+        }
+    }
+    else
 #endif
     {
-#ifndef WOLFSSL_ARMASM
+#ifdef NEED_AES_TABLES
         AesEncryptBlocks_C(aes, in, out, sz);
 #else
         word32 i;
 
-        for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
             ret = wc_AesEncryptDirect(aes, out, in);
             if (ret != 0)
                 break;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 #endif
     }
@@ -11430,6 +11916,7 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
     return ret;
 }
 
+#ifdef HAVE_AES_DECRYPT
 static WARN_UNUSED_RESULT int _AesEcbDecrypt(
     Aes* aes, byte* out, const byte* in, word32 sz)
 {
@@ -11441,7 +11928,7 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
     #endif
     {
         ret = wc_CryptoCb_AesEcbDecrypt(aes, out, in, sz);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         ret = 0;
         /* fall-through when unavailable */
@@ -11459,19 +11946,31 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
         AES_ECB_decrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds);
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        word32 i;
+
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
+            AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+        }
+    }
+    else
 #endif
     {
-#ifndef WOLFSSL_ARMASM
+#ifdef NEED_AES_TABLES
         AesDecryptBlocks_C(aes, in, out, sz);
 #else
         word32 i;
 
-        for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
             ret = wc_AesDecryptDirect(aes, out, in);
             if (ret != 0)
                 break;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 #endif
     }
@@ -11480,28 +11979,31 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
 
     return ret;
 }
+#endif
 
 int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
-    if ((sz % AES_BLOCK_SIZE) != 0) {
+    if ((sz % WC_AES_BLOCK_SIZE) != 0) {
         return BAD_LENGTH_E;
     }
 
     return _AesEcbEncrypt(aes, out, in, sz);
 }
 
+#ifdef HAVE_AES_DECRYPT
 int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
-    if ((sz % AES_BLOCK_SIZE) != 0) {
+    if ((sz % WC_AES_BLOCK_SIZE) != 0) {
         return BAD_LENGTH_E;
     }
 
     return _AesEcbDecrypt(aes, out, in, sz);
 }
+#endif /* HAVE_AES_DECRYPT */
 #endif
 #endif /* HAVE_AES_ECB */
 
@@ -11531,10 +12033,10 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
 
     /* consume any unused bytes left in aes->tmp */
     processed = min(aes->left, sz);
-    xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
+    xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, processed);
 #ifdef WOLFSSL_AES_CFB
     if (mode == AES_CFB_MODE) {
-        XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, out, processed);
+        XMEMCPY((byte*)aes->reg + WC_AES_BLOCK_SIZE - aes->left, out, processed);
     }
 #endif
     aes->left -= processed;
@@ -11544,26 +12046,26 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
 
     VECTOR_REGISTERS_PUSH;
 
-    while (sz >= AES_BLOCK_SIZE) {
+    while (sz >= WC_AES_BLOCK_SIZE) {
         /* Using aes->tmp here for inline case i.e. in=out */
         ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
         if (ret != 0)
             break;
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
-        xorbuf((byte*)aes->tmp, in, AES_BLOCK_SIZE);
+        xorbuf((byte*)aes->tmp, in, WC_AES_BLOCK_SIZE);
     #ifdef WOLFSSL_AES_CFB
         if (mode == AES_CFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
-        XMEMCPY(out, aes->tmp, AES_BLOCK_SIZE);
-        out += AES_BLOCK_SIZE;
-        in  += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        XMEMCPY(out, aes->tmp, WC_AES_BLOCK_SIZE);
+        out += WC_AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         aes->left = 0;
     }
 
@@ -11572,11 +12074,11 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
         ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
     }
     if ((ret == 0) && sz) {
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
 
@@ -11621,13 +12123,14 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
     /* check if more input needs copied over to aes->reg */
     if (aes->left && sz && mode == AES_CFB_MODE) {
         word32 size = min(aes->left, sz);
-        XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, in, size);
+        XMEMCPY((byte*)aes->reg + WC_AES_BLOCK_SIZE - aes->left, in, size);
     }
     #endif
 
     /* consume any unused bytes left in aes->tmp */
     processed = min(aes->left, sz);
-    xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
+    xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
+        processed);
     aes->left -= processed;
     out += processed;
     in += processed;
@@ -11635,26 +12138,26 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
 
     VECTOR_REGISTERS_PUSH;
 
-    while (sz > AES_BLOCK_SIZE) {
+    while (sz > WC_AES_BLOCK_SIZE) {
         /* Using aes->tmp here for inline case i.e. in=out */
         ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
         if (ret != 0)
             break;
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY((byte*)aes->reg, (byte*)aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY((byte*)aes->reg, (byte*)aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
-        xorbuf((byte*)aes->tmp, in, AES_BLOCK_SIZE);
+        xorbuf((byte*)aes->tmp, in, WC_AES_BLOCK_SIZE);
     #ifdef WOLFSSL_AES_CFB
         if (mode == AES_CFB_MODE) {
-            XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, in, WC_AES_BLOCK_SIZE);
         }
     #endif
-        XMEMCPY(out, (byte*)aes->tmp, AES_BLOCK_SIZE);
-        out += AES_BLOCK_SIZE;
-        in  += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        XMEMCPY(out, (byte*)aes->tmp, WC_AES_BLOCK_SIZE);
+        out += WC_AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         aes->left = 0;
     }
 
@@ -11670,11 +12173,11 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
     #endif
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
 
-        aes->left = AES_BLOCK_SIZE - sz;
+        aes->left = WC_AES_BLOCK_SIZE - sz;
         xorbufout(out, in, aes->tmp, sz);
     }
 
@@ -11721,27 +12224,27 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 #endif /* HAVE_AES_DECRYPT */
 
-
-/* shift the whole AES_BLOCK_SIZE array left by 8 or 1 bits */
+#ifndef WOLFSSL_NO_AES_CFB_1_8
+/* shift the whole WC_AES_BLOCK_SIZE array left by 8 or 1 bits */
 static void shiftLeftArray(byte* ary, byte shift)
 {
     int i;
 
     if (shift == WOLFSSL_BIT_SIZE) {
         /* shifting over by 8 bits */
-        for (i = 0; i < AES_BLOCK_SIZE - 1; i++) {
+        for (i = 0; i < WC_AES_BLOCK_SIZE - 1; i++) {
             ary[i] = ary[i+1];
         }
         ary[i] = 0;
     }
     else {
         /* shifting over by 7 or less bits */
-        for (i = 0; i < AES_BLOCK_SIZE - 1; i++) {
-            byte carry = ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift));
-            carry >>= (WOLFSSL_BIT_SIZE - shift);
+        for (i = 0; i < WC_AES_BLOCK_SIZE - 1; i++) {
+            byte carry = (byte)(ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift)));
+            carry = (byte)(carry >> (WOLFSSL_BIT_SIZE - shift));
             ary[i] = (byte)((ary[i] << shift) + carry);
         }
-        ary[i] = ary[i] << shift;
+        ary[i] = (byte)(ary[i] << shift);
     }
 }
 
@@ -11772,12 +12275,12 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8(
 
             /* LSB + CAT */
             shiftLeftArray(pt, WOLFSSL_BIT_SIZE);
-            pt[AES_BLOCK_SIZE - 1] = in[0];
+            pt[WC_AES_BLOCK_SIZE - 1] = in[0];
         }
 
         /* MSB + XOR */
     #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(aes->tmp, aes->tmp, AES_BLOCK_SIZE);
+        ByteReverseWords(aes->tmp, aes->tmp, WC_AES_BLOCK_SIZE);
     #endif
         out[0] = (byte)(aes->tmp[0] ^ in[0]);
         if (dir == AES_ENCRYPTION) {
@@ -11785,7 +12288,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8(
 
             /* LSB + CAT */
             shiftLeftArray(pt, WOLFSSL_BIT_SIZE);
-            pt[AES_BLOCK_SIZE - 1] = out[0];
+            pt[WC_AES_BLOCK_SIZE - 1] = out[0];
         }
 
         out += 1;
@@ -11827,19 +12330,19 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
             pt = (byte*)aes->reg;
 
             /* LSB + CAT */
-            tmp = (0X01 << bit) & in[0];
-            tmp = tmp >> bit;
+            tmp = (byte)((0X01U << bit) & in[0]);
+            tmp = (byte)(tmp >> bit);
             tmp &= 0x01;
             shiftLeftArray((byte*)aes->reg, 1);
-            pt[AES_BLOCK_SIZE - 1] |= tmp;
+            pt[WC_AES_BLOCK_SIZE - 1] |= tmp;
         }
 
         /* MSB  + XOR */
-        tmp = (0X01 << bit) & in[0];
+        tmp = (byte)((0X01U << bit) & in[0]);
         pt = (byte*)aes->tmp;
-        tmp = (pt[0] >> 7) ^ (tmp >> bit);
+        tmp = (byte)((pt[0] >> 7) ^ (tmp >> bit));
         tmp &= 0x01;
-        cur |= (tmp << bit);
+        cur = (byte)(cur | (tmp << bit));
 
 
         if (dir == AES_ENCRYPTION) {
@@ -11847,7 +12350,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
 
             /* LSB + CAT */
             shiftLeftArray((byte*)aes->reg, 1);
-            pt[AES_BLOCK_SIZE - 1] |= tmp;
+            pt[WC_AES_BLOCK_SIZE - 1] |= tmp;
         }
 
         bit--;
@@ -11856,7 +12359,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
             out += 1;
             in  += 1;
             sz  -= 1;
-            bit = 7;
+            bit = 7U;
             cur = 0;
         }
         else {
@@ -11865,7 +12368,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
     }
 
     if (ret == 0) {
-        if (bit > 0 && bit < 7) {
+        if (bit >= 0 && bit < 7) {
             out[0] = cur;
         }
     }
@@ -11939,6 +12442,7 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     return wc_AesFeedbackCFB8(aes, out, in, sz, AES_DECRYPTION);
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 #endif /* WOLFSSL_AES_CFB */
 
 #ifdef WOLFSSL_AES_OFB
@@ -12026,7 +12530,7 @@ int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
     int ret = 0;
 
     byte t[KEYWRAP_BLOCK_SIZE];
-    byte tmp[AES_BLOCK_SIZE];
+    byte tmp[WC_AES_BLOCK_SIZE];
 
     /* n must be at least 2 64-bit blocks, output size is (n + 1) 8 bytes (64-bit) */
     if (aes == NULL || in  == NULL || inSz < 2*KEYWRAP_BLOCK_SIZE ||
@@ -12119,8 +12623,7 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
 
   out:
 #ifdef WOLFSSL_SMALL_STACK
-    if (aes != NULL)
-        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12135,7 +12638,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
     int ret = 0;
 
     byte t[KEYWRAP_BLOCK_SIZE];
-    byte tmp[AES_BLOCK_SIZE];
+    byte tmp[WC_AES_BLOCK_SIZE];
 
     const byte* expIv;
     const byte defaultIV[] = {
@@ -12238,8 +12741,7 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
 
   out:
 #ifdef WOLFSSL_SMALL_STACK
-    if (aes)
-        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -12249,9 +12751,17 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz,
 
 #ifdef WOLFSSL_AES_XTS
 
-/* Galios Field to use */
+/* Galois Field to use */
 #define GF_XTS 0x87
 
+/* Set up keys for encryption and/or decryption.
+ *
+ * aes   buffer holding aes subkeys
+ * heap  heap hint to use for memory. Can be NULL
+ * devId id to use with async crypto. Can be 0
+ *
+ * return 0 on success
+ */
 int wc_AesXtsInit(XtsAes* aes, void* heap, int devId)
 {
     int    ret = 0;
@@ -12264,22 +12774,28 @@ int wc_AesXtsInit(XtsAes* aes, void* heap, int devId)
         return ret;
     }
     if ((ret = wc_AesInit(&aes->aes, heap, devId)) != 0) {
+        (void)wc_AesFree(&aes->tweak);
         return ret;
     }
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    if ((ret = wc_AesInit(&aes->aes_decrypt, heap, devId)) != 0) {
+        (void)wc_AesFree(&aes->tweak);
+        (void)wc_AesFree(&aes->aes);
+        return ret;
+    }
+#endif
 
     return 0;
 }
 
-/* This is to help with setting keys to correct encrypt or decrypt type.
+/* Set up keys for encryption and/or decryption.
  *
- * tweak AES key for tweak in XTS
- * aes   AES key for encrypt/decrypt process
- * key   buffer holding aes key | tweak key
+ * aes   buffer holding aes subkeys
+ * key   AES key for encrypt/decrypt and tweak process (concatenated)
  * len   length of key buffer in bytes. Should be twice that of key size. i.e.
  *       32 for a 16 byte key.
- * dir   direction, either AES_ENCRYPTION or AES_DECRYPTION
- * heap  heap hint to use for memory. Can be NULL
- * devId id to use with async crypto. Can be 0
+ * dir   direction: AES_ENCRYPTION, AES_DECRYPTION, or
+ *       AES_ENCRYPTION_AND_DECRYPTION
  *
  * return 0 on success
  */
@@ -12292,27 +12808,94 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
         return BAD_FUNC_ARG;
     }
 
-    keySz = len/2;
-    if (keySz != 16 && keySz != 32) {
+    if ((dir != AES_ENCRYPTION) && (dir != AES_DECRYPTION)
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        && (dir != AES_ENCRYPTION_AND_DECRYPTION)
+#endif
+        )
+    {
+        return BAD_FUNC_ARG;
+    }
+
+    if ((len != (AES_128_KEY_SIZE*2)) &&
+#ifndef HAVE_FIPS
+        /* XTS-384 not allowed by FIPS and can not be treated like
+         * RSA-4096 bit keys back in the day, can not vendor affirm
+         * the use of 2 concatenated 192-bit keys (XTS-384) */
+        (len != (AES_192_KEY_SIZE*2)) &&
+#endif
+        (len != (AES_256_KEY_SIZE*2)))
+    {
         WOLFSSL_MSG("Unsupported key size");
         return WC_KEY_SIZE_E;
     }
 
-    if ((ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, dir)) == 0) {
+    keySz = len/2;
+
+#ifdef HAVE_FIPS
+    if (XMEMCMP(key, key + keySz, keySz) == 0) {
+        WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
+    if (dir == AES_ENCRYPTION
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        || dir == AES_ENCRYPTION_AND_DECRYPTION
+#endif
+        )
+    {
+        ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_ENCRYPTION);
+    }
+
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    if ((ret == 0) && ((dir == AES_DECRYPTION)
+                       || (dir == AES_ENCRYPTION_AND_DECRYPTION)))
+        ret = wc_AesSetKey(&aes->aes_decrypt, key, keySz, NULL, AES_DECRYPTION);
+#else
+    if (dir == AES_DECRYPTION)
+        ret = wc_AesSetKey(&aes->aes, key, keySz, NULL, AES_DECRYPTION);
+#endif
+
+    if (ret == 0)
         ret = wc_AesSetKey(&aes->tweak, key + keySz, keySz, NULL,
                 AES_ENCRYPTION);
-        if (ret != 0) {
-            wc_AesFree(&aes->aes);
-        }
+
 #ifdef WOLFSSL_AESNI
-        if (aes->aes.use_aesni != aes->tweak.use_aesni) {
-            if (aes->aes.use_aesni)
-                aes->aes.use_aesni = 0;
-            else
-                aes->tweak.use_aesni = 0;
+    if (ret == 0) {
+        /* With WC_C_DYNAMIC_FALLBACK, the main and tweak keys could have
+         * conflicting _aesni status, but the AES-XTS asm implementations need
+         * them to all be AESNI.  If any aren't, disable AESNI on all.
+         */
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        if ((((dir == AES_ENCRYPTION) ||
+              (dir == AES_ENCRYPTION_AND_DECRYPTION))
+             && (aes->aes.use_aesni != aes->tweak.use_aesni))
+            ||
+            (((dir == AES_DECRYPTION) ||
+              (dir == AES_ENCRYPTION_AND_DECRYPTION))
+             && (aes->aes_decrypt.use_aesni != aes->tweak.use_aesni)))
+        {
+        #ifdef WC_C_DYNAMIC_FALLBACK
+            aes->aes.use_aesni = 0;
+            aes->aes_decrypt.use_aesni = 0;
+            aes->tweak.use_aesni = 0;
+        #else
+            ret = SYSLIB_FAILED_E;
+        #endif
         }
-#endif
+    #else /* !WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS */
+        if (aes->aes.use_aesni != aes->tweak.use_aesni) {
+        #ifdef WC_C_DYNAMIC_FALLBACK
+            aes->aes.use_aesni = 0;
+            aes->tweak.use_aesni = 0;
+        #else
+            ret = SYSLIB_FAILED_E;
+        #endif
+        }
+    #endif /* !WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS */
     }
+#endif /* WOLFSSL_AESNI */
 
     return ret;
 }
@@ -12355,6 +12938,9 @@ int wc_AesXtsFree(XtsAes* aes)
 {
     if (aes != NULL) {
         wc_AesFree(&aes->aes);
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        wc_AesFree(&aes->aes_decrypt);
+#endif
         wc_AesFree(&aes->tweak);
     }
 
@@ -12378,16 +12964,16 @@ int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, const byte* in,
         word32 sz, word64 sector)
 {
     byte* pt;
-    byte  i[AES_BLOCK_SIZE];
+    byte  i[WC_AES_BLOCK_SIZE];
 
-    XMEMSET(i, 0, AES_BLOCK_SIZE);
+    XMEMSET(i, 0, WC_AES_BLOCK_SIZE);
 #ifdef BIG_ENDIAN_ORDER
     sector = ByteReverseWord64(sector);
 #endif
     pt = (byte*)&sector;
     XMEMCPY(i, pt, sizeof(word64));
 
-    return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, AES_BLOCK_SIZE);
+    return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE);
 }
 
 
@@ -12406,16 +12992,16 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz,
         word64 sector)
 {
     byte* pt;
-    byte  i[AES_BLOCK_SIZE];
+    byte  i[WC_AES_BLOCK_SIZE];
 
-    XMEMSET(i, 0, AES_BLOCK_SIZE);
+    XMEMSET(i, 0, WC_AES_BLOCK_SIZE);
 #ifdef BIG_ENDIAN_ORDER
     sector = ByteReverseWord64(sector);
 #endif
     pt = (byte*)&sector;
     XMEMCPY(i, pt, sizeof(word64));
 
-    return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, AES_BLOCK_SIZE);
+    return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE);
 }
 
 #ifdef WOLFSSL_AESNI
@@ -12429,12 +13015,28 @@ void AES_XTS_encrypt_aesni(const unsigned char *in, unsigned char *out, word32 s
                      const unsigned char* i, const unsigned char* key,
                      const unsigned char* key2, int nr)
                      XASM_LINK("AES_XTS_encrypt_aesni");
+#ifdef WOLFSSL_AESXTS_STREAM
+void AES_XTS_init_aesni(unsigned char* i, const unsigned char* tweak_key,
+                     int tweak_nr)
+                     XASM_LINK("AES_XTS_init_aesni");
+void AES_XTS_encrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz,
+                     const unsigned char* key, unsigned char *i, int nr)
+                     XASM_LINK("AES_XTS_encrypt_update_aesni");
+#endif
 #ifdef HAVE_INTEL_AVX1
 void AES_XTS_encrypt_avx1(const unsigned char *in, unsigned char *out,
-                          word32 sz, const unsigned char* i,
-                          const unsigned char* key, const unsigned char* key2,
-                          int nr)
-                          XASM_LINK("AES_XTS_encrypt_avx1");
+                     word32 sz, const unsigned char* i,
+                     const unsigned char* key, const unsigned char* key2,
+                     int nr)
+                     XASM_LINK("AES_XTS_encrypt_avx1");
+#ifdef WOLFSSL_AESXTS_STREAM
+void AES_XTS_init_avx1(unsigned char* i, const unsigned char* tweak_key,
+                     int tweak_nr)
+                     XASM_LINK("AES_XTS_init_avx1");
+void AES_XTS_encrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz,
+                     const unsigned char* key, unsigned char *i, int nr)
+                     XASM_LINK("AES_XTS_encrypt_update_avx1");
+#endif
 #endif /* HAVE_INTEL_AVX1 */
 
 #ifdef HAVE_AES_DECRYPT
@@ -12442,59 +13044,78 @@ void AES_XTS_decrypt_aesni(const unsigned char *in, unsigned char *out, word32 s
                      const unsigned char* i, const unsigned char* key,
                      const unsigned char* key2, int nr)
                      XASM_LINK("AES_XTS_decrypt_aesni");
+#ifdef WOLFSSL_AESXTS_STREAM
+void AES_XTS_decrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz,
+                     const unsigned char* key, unsigned char *i, int nr)
+                     XASM_LINK("AES_XTS_decrypt_update_aesni");
+#endif
 #ifdef HAVE_INTEL_AVX1
 void AES_XTS_decrypt_avx1(const unsigned char *in, unsigned char *out,
-                          word32 sz, const unsigned char* i,
-                          const unsigned char* key, const unsigned char* key2,
-                          int nr)
-                          XASM_LINK("AES_XTS_decrypt_avx1");
+                     word32 sz, const unsigned char* i,
+                     const unsigned char* key, const unsigned char* key2,
+                     int nr)
+                     XASM_LINK("AES_XTS_decrypt_avx1");
+#ifdef WOLFSSL_AESXTS_STREAM
+void AES_XTS_decrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz,
+                     const unsigned char* key, unsigned char *i, int nr)
+                     XASM_LINK("AES_XTS_decrypt_update_avx1");
+#endif
 #endif /* HAVE_INTEL_AVX1 */
 #endif /* HAVE_AES_DECRYPT */
 
 #endif /* WOLFSSL_AESNI */
 
-#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) || \
+    defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
 #ifdef HAVE_AES_ECB
 /* helper function for encrypting / decrypting full buffer at once */
 static WARN_UNUSED_RESULT int _AesXtsHelper(
     Aes* aes, byte* out, const byte* in, word32 sz, int dir)
 {
     word32 outSz   = sz;
-    word32 totalSz = (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; /* total bytes */
+    word32 totalSz = (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE; /* total bytes */
     byte*  pt      = out;
 
-    outSz -= AES_BLOCK_SIZE;
+    outSz -= WC_AES_BLOCK_SIZE;
 
     while (outSz > 0) {
         word32 j;
         byte carry = 0;
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE && outSz > 0; j++, outSz--) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE && outSz > 0; j++, outSz--) {
             byte tmpC;
 
             tmpC   = (pt[j] >> 7) & 0x01;
-            pt[j+AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry);
+            pt[j+WC_AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry);
             carry  = tmpC;
         }
         if (carry) {
-            pt[AES_BLOCK_SIZE] ^= GF_XTS;
+            pt[WC_AES_BLOCK_SIZE] ^= GF_XTS;
         }
 
-        pt += AES_BLOCK_SIZE;
+        pt += WC_AES_BLOCK_SIZE;
     }
 
     xorbuf(out, in, totalSz);
+#ifndef WOLFSSL_RISCV_ASM
     if (dir == AES_ENCRYPTION) {
         return _AesEcbEncrypt(aes, out, out, totalSz);
     }
     else {
         return _AesEcbDecrypt(aes, out, out, totalSz);
     }
+#else
+    if (dir == AES_ENCRYPTION) {
+        return wc_AesEcbEncrypt(aes, out, out, totalSz);
+    }
+    else {
+        return wc_AesEcbDecrypt(aes, out, out, totalSz);
+    }
+#endif
 }
 #endif /* HAVE_AES_ECB */
 
-
 /* AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text Stealing.
  *
  * xaes  AES keys to use for block encrypt/decrypt
@@ -12506,27 +13127,63 @@ static WARN_UNUSED_RESULT int _AesXtsHelper(
  * returns 0 on success
  */
 /* Software AES - XTS Encrypt  */
+
+static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
+                                  word32 sz,
+                                  byte *i);
 static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i)
 {
-    int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    Aes *aes = &xaes->aes;
-    Aes *tweak = &xaes->tweak;
-    byte tmp[AES_BLOCK_SIZE];
-
-    XMEMSET(tmp, 0, AES_BLOCK_SIZE); /* set to 0's in case of improper AES
-                                      * key setup passed to encrypt direct*/
-
-    ret = wc_AesEncryptDirect(tweak, tmp, i);
+    int ret;
+    byte tweak_block[WC_AES_BLOCK_SIZE];
 
+    ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i);
     if (ret != 0)
         return ret;
 
+    return AesXtsEncryptUpdate_sw(xaes, out, in, sz, tweak_block);
+}
+
+#ifdef WOLFSSL_AESXTS_STREAM
+
+/* Block-streaming AES-XTS tweak setup.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * i     readwrite value to use for tweak
+ *
+ * returns 0 on success
+ */
+static int AesXtsInitTweak_sw(XtsAes* xaes, byte* i) {
+    return wc_AesEncryptDirect(&xaes->tweak, i, i);
+}
+
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+/* Block-streaming AES-XTS.
+ *
+ * Supply block-aligned input data with successive calls.  Final call need not
+ * be block aligned.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * out   output buffer to hold cipher text
+ * in    input plain text buffer to encrypt
+ * sz    size of both out and in buffers
+ *
+ * returns 0 on success
+ */
+/* Software AES - XTS Encrypt  */
+static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
+                                  word32 sz,
+                                  byte *i)
+{
+    int ret = 0;
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    Aes *aes = &xaes->aes;
+
 #ifdef HAVE_AES_ECB
     /* encrypt all of buffer at once when possible */
     if (in != out) { /* can not handle inline */
-        XMEMCPY(out, tmp, AES_BLOCK_SIZE);
+        XMEMCPY(out, i, WC_AES_BLOCK_SIZE);
         if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0)
             return ret;
     }
@@ -12540,40 +13197,40 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         if (in == out)
 #endif
         { /* check for if inline */
-            byte buf[AES_BLOCK_SIZE];
+            byte buf[WC_AES_BLOCK_SIZE];
 
-            XMEMCPY(buf, in, AES_BLOCK_SIZE);
-            xorbuf(buf, tmp, AES_BLOCK_SIZE);
+            XMEMCPY(buf, in, WC_AES_BLOCK_SIZE);
+            xorbuf(buf, i, WC_AES_BLOCK_SIZE);
             ret = wc_AesEncryptDirect(aes, out, buf);
             if (ret != 0)
                 return ret;
         }
-        xorbuf(out, tmp, AES_BLOCK_SIZE);
+        xorbuf(out, i, WC_AES_BLOCK_SIZE);
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE; j++) {
             byte tmpC;
 
-            tmpC   = (tmp[j] >> 7) & 0x01;
-            tmp[j] = (byte)((tmp[j] << 1) + carry);
+            tmpC   = (i[j] >> 7) & 0x01;
+            i[j] = (byte)((i[j] << 1) + carry);
             carry  = tmpC;
         }
         if (carry) {
-            tmp[0] ^= GF_XTS;
+            i[0] ^= GF_XTS;
         }
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         blocks--;
     }
 
     /* stealing operation of XTS to handle left overs */
     if (sz > 0) {
-        byte buf[AES_BLOCK_SIZE];
+        byte buf[WC_AES_BLOCK_SIZE];
 
-        XMEMCPY(buf, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-        if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */
+        XMEMCPY(buf, out - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        if (sz >= WC_AES_BLOCK_SIZE) { /* extra sanity check before copy */
             return BUFFER_E;
         }
         if (in != out) {
@@ -12581,17 +13238,17 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
             XMEMCPY(buf, in, sz);
         }
         else {
-            byte buf2[AES_BLOCK_SIZE];
+            byte buf2[WC_AES_BLOCK_SIZE];
 
             XMEMCPY(buf2, buf, sz);
             XMEMCPY(buf, in, sz);
             XMEMCPY(out, buf2, sz);
         }
 
-        xorbuf(buf, tmp, AES_BLOCK_SIZE);
-        ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf);
+        xorbuf(buf, i, WC_AES_BLOCK_SIZE);
+        ret = wc_AesEncryptDirect(aes, out - WC_AES_BLOCK_SIZE, buf);
         if (ret == 0)
-            xorbuf(out - AES_BLOCK_SIZE, tmp, AES_BLOCK_SIZE);
+            xorbuf(out - WC_AES_BLOCK_SIZE, i, WC_AES_BLOCK_SIZE);
     }
 
     return ret;
@@ -12604,7 +13261,7 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input plain text buffer to encrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -12614,69 +13271,274 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 {
     int ret;
 
+    Aes *aes;
+
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+#if FIPS_VERSION3_GE(6,0,0)
+    /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
+     * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+     * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes)
+     */
+    if (sz > FIPS_AES_XTS_MAX_BYTES_PER_TWEAK) {
+        WOLFSSL_MSG("Request exceeds allowed bytes per SP800-38E");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
+    aes = &xaes->aes;
+
+    if (aes->keylen == 0) {
+        WOLFSSL_MSG("wc_AesXtsEncrypt called with unset encryption key.");
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Plain text input too small for encryption");
         return BAD_FUNC_ARG;
     }
 
     {
 #ifdef WOLFSSL_AESNI
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
-        int orig_use_aesni = xaes->aes.use_aesni;
-#endif
-        if (xaes->aes.use_aesni && ((ret = SAVE_VECTOR_REGISTERS2()) != 0)) {
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
-            xaes->aes.use_aesni = 0;
-            xaes->tweak.use_aesni = 0;
-#else
-            return ret;
-#endif
-        }
-        if (xaes->aes.use_aesni) {
+        if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #if defined(HAVE_INTEL_AVX1)
             if (IS_INTEL_AVX1(intel_flags)) {
-                AES_XTS_encrypt_avx1(in, out, sz, i, (const byte*)xaes->aes.key,
-                                     (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_encrypt_avx1(in, out, sz, i,
+                                     (const byte*)aes->key,
+                                     (const byte*)xaes->tweak.key,
+                                     (int)aes->rounds);
                 ret = 0;
             }
             else
 #endif
             {
-                AES_XTS_encrypt_aesni(in, out, sz, i, (const byte*)xaes->aes.key,
-                                      (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_encrypt_aesni(in, out, sz, i,
+                                      (const byte*)aes->key,
+                                      (const byte*)xaes->tweak.key,
+                                      (int)aes->rounds);
                 ret = 0;
             }
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_XTS_encrypt_AARCH64(xaes, out, in, sz, i);
+            ret = 0;
         }
         else
 #endif
         {
             ret = AesXtsEncrypt_sw(xaes, out, in, sz, i);
         }
-
-#ifdef WOLFSSL_AESNI
-        if (xaes->aes.use_aesni)
-            RESTORE_VECTOR_REGISTERS();
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
-        else if (orig_use_aesni) {
-            xaes->aes.use_aesni = orig_use_aesni;
-            xaes->tweak.use_aesni = orig_use_aesni;
-        }
-#endif
-#endif
     }
 
     return ret;
 }
 
-/* Same process as encryption but Aes key is AES_DECRYPTION type.
+#ifdef WOLFSSL_AESXTS_STREAM
+
+/* Block-streaming AES-XTS.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * i     readwrite value to use for tweak
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
+ *       adds a sanity check on how the user calls the function.
+ *
+ * returns 0 on success
+ */
+int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz,
+                         struct XtsAesStreamData *stream)
+{
+    int ret;
+
+    Aes *aes;
+
+    if ((xaes == NULL) || (i == NULL) || (stream == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (iSz < WC_AES_BLOCK_SIZE) {
+        return BAD_FUNC_ARG;
+    }
+
+    aes = &xaes->aes;
+
+    if (aes->keylen == 0) {
+        WOLFSSL_MSG("wc_AesXtsEncrypt called with unset encryption key.");
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMCPY(stream->tweak_block, i, WC_AES_BLOCK_SIZE);
+    stream->bytes_crypted_with_this_tweak = 0;
+
+    {
+#ifdef WOLFSSL_AESNI
+        if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#if defined(HAVE_INTEL_AVX1)
+            if (IS_INTEL_AVX1(intel_flags)) {
+                AES_XTS_init_avx1(stream->tweak_block,
+                                  (const byte*)xaes->tweak.key,
+                                  (int)xaes->tweak.rounds);
+                ret = 0;
+            }
+            else
+#endif
+            {
+                AES_XTS_init_aesni(stream->tweak_block,
+                                   (const byte*)xaes->tweak.key,
+                                   (int)xaes->tweak.rounds);
+                ret = 0;
+            }
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+#endif /* WOLFSSL_AESNI */
+        {
+            ret = AesXtsInitTweak_sw(xaes, stream->tweak_block);
+        }
+    }
+
+    return ret;
+}
+
+/* Block-streaming AES-XTS
+ *
+ * Note that sz must be >= WC_AES_BLOCK_SIZE in each call, and must be a multiple
+ * of WC_AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate().
+ * wc_AesXtsEncryptFinal() can handle any length >= WC_AES_BLOCK_SIZE.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * out   output buffer to hold cipher text
+ * in    input plain text buffer to encrypt
+ * sz    size of both out and in buffers -- must be >= WC_AES_BLOCK_SIZE.
+ * i     value to use for tweak
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
+ *       adds a sanity check on how the user calls the function.
+ *
+ * returns 0 on success
+ */
+static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+                           struct XtsAesStreamData *stream)
+{
+    int ret;
+
+#ifdef WOLFSSL_AESNI
+    Aes *aes;
+#endif
+
+    if (xaes == NULL || out == NULL || in == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_AESNI
+    aes = &xaes->aes;
+#endif
+
+    if (sz < WC_AES_BLOCK_SIZE) {
+        WOLFSSL_MSG("Plain text input too small for encryption");
+        return BAD_FUNC_ARG;
+    }
+
+    if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))
+    {
+        WOLFSSL_MSG("Call to AesXtsEncryptUpdate after previous finalizing call");
+        return BAD_FUNC_ARG;
+    }
+
+#ifndef WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
+    (void)WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz,
+                             stream->bytes_crypted_with_this_tweak);
+#endif
+#if FIPS_VERSION3_GE(6,0,0)
+    /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
+     * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+     * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes)
+     */
+    if (stream->bytes_crypted_with_this_tweak >
+        FIPS_AES_XTS_MAX_BYTES_PER_TWEAK)
+    {
+        WOLFSSL_MSG("Request exceeds allowed bytes per SP800-38E");
+        return BAD_FUNC_ARG;
+    }
+#endif
+    {
+#ifdef WOLFSSL_AESNI
+        if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#if defined(HAVE_INTEL_AVX1)
+            if (IS_INTEL_AVX1(intel_flags)) {
+                AES_XTS_encrypt_update_avx1(in, out, sz,
+                                            (const byte*)aes->key,
+                                            stream->tweak_block,
+                                            (int)aes->rounds);
+                ret = 0;
+            }
+            else
+#endif
+            {
+                AES_XTS_encrypt_update_aesni(in, out, sz,
+                                            (const byte*)aes->key,
+                                            stream->tweak_block,
+                                            (int)aes->rounds);
+                ret = 0;
+            }
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+#endif /* WOLFSSL_AESNI */
+        {
+            ret = AesXtsEncryptUpdate_sw(xaes, out, in, sz, stream->tweak_block);
+        }
+    }
+
+    return ret;
+}
+
+int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+                           struct XtsAesStreamData *stream)
+{
+    if (stream == NULL)
+        return BAD_FUNC_ARG;
+    if (sz & ((word32)WC_AES_BLOCK_SIZE - 1U))
+        return BAD_FUNC_ARG;
+    return AesXtsEncryptUpdate(xaes, out, in, sz, stream);
+}
+
+int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+                           struct XtsAesStreamData *stream)
+{
+    int ret;
+    if (stream == NULL)
+        return BAD_FUNC_ARG;
+    if (sz > 0)
+        ret = AesXtsEncryptUpdate(xaes, out, in, sz, stream);
+    else
+        ret = 0;
+    /* force the count odd, to assure error on attempt to AesXtsEncryptUpdate()
+     * after finalization.
+     */
+    stream->bytes_crypted_with_this_tweak |= 1U;
+    ForceZero(stream->tweak_block, WC_AES_BLOCK_SIZE);
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+    wc_MemZero_Check(stream->tweak_block, WC_AES_BLOCK_SIZE);
+#endif
+    return ret;
+}
+
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+
+/* Same process as encryption but use aes_decrypt key.
  *
  * xaes  AES keys to use for block encrypt/decrypt
  * out   output buffer to hold plain text
@@ -12687,25 +13549,53 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * returns 0 on success
  */
 /* Software AES - XTS Decrypt */
+
+static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
+                                  word32 sz, byte *i);
+
 static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i)
 {
-    int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    Aes *aes = &xaes->aes;
-    Aes *tweak = &xaes->tweak;
-    word32 j;
-    byte carry = 0;
-    byte tmp[AES_BLOCK_SIZE];
-    byte stl = (sz % AES_BLOCK_SIZE);
+    int ret;
+    byte tweak_block[WC_AES_BLOCK_SIZE];
 
-    XMEMSET(tmp, 0, AES_BLOCK_SIZE); /* set to 0's in case of improper AES
-                                      * key setup passed to decrypt direct*/
-
-    ret = wc_AesEncryptDirect(tweak, tmp, i);
+    ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i);
     if (ret != 0)
         return ret;
 
+    return AesXtsDecryptUpdate_sw(xaes, out, in, sz, tweak_block);
+}
+
+/* Block-streaming AES-XTS.
+ *
+ * Same process as encryption but use decrypt key.
+ *
+ * Supply block-aligned input data with successive calls.  Final call need not
+ * be block aligned.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * out   output buffer to hold plain text
+ * in    input cipher text buffer to decrypt
+ * sz    size of both out and in buffers
+ * i     value to use for tweak
+ *
+ * returns 0 on success
+ */
+/* Software AES - XTS Decrypt */
+static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
+                                  word32 sz, byte *i)
+{
+    int ret = 0;
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    Aes *aes = &xaes->aes_decrypt;
+#else
+    Aes *aes = &xaes->aes;
+#endif
+    word32 j;
+    byte carry = 0;
+    byte stl = (sz % WC_AES_BLOCK_SIZE);
+
     /* if Stealing then break out of loop one block early to handle special
      * case */
     if (stl > 0) {
@@ -12715,7 +13605,7 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 #ifdef HAVE_AES_ECB
     /* decrypt all of buffer at once when possible */
     if (in != out) { /* can not handle inline */
-        XMEMCPY(out, tmp, AES_BLOCK_SIZE);
+        XMEMCPY(out, i, WC_AES_BLOCK_SIZE);
         if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0)
             return ret;
     }
@@ -12726,79 +13616,79 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         if (in == out)
 #endif
         { /* check for if inline */
-            byte buf[AES_BLOCK_SIZE];
+            byte buf[WC_AES_BLOCK_SIZE];
 
-            XMEMCPY(buf, in, AES_BLOCK_SIZE);
-            xorbuf(buf, tmp, AES_BLOCK_SIZE);
+            XMEMCPY(buf, in, WC_AES_BLOCK_SIZE);
+            xorbuf(buf, i, WC_AES_BLOCK_SIZE);
             ret = wc_AesDecryptDirect(aes, out, buf);
             if (ret != 0)
                 return ret;
         }
-        xorbuf(out, tmp, AES_BLOCK_SIZE);
+        xorbuf(out, i, WC_AES_BLOCK_SIZE);
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE; j++) {
             byte tmpC;
 
-            tmpC   = (tmp[j] >> 7) & 0x01;
-            tmp[j] = (byte)((tmp[j] << 1) + carry);
+            tmpC   = (i[j] >> 7) & 0x01;
+            i[j] = (byte)((i[j] << 1) + carry);
             carry  = tmpC;
         }
         if (carry) {
-            tmp[0] ^= GF_XTS;
+            i[0] ^= GF_XTS;
         }
         carry = 0;
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         blocks--;
     }
 
     /* stealing operation of XTS to handle left overs */
-    if (sz >= AES_BLOCK_SIZE) {
-        byte buf[AES_BLOCK_SIZE];
-        byte tmp2[AES_BLOCK_SIZE];
+    if (sz >= WC_AES_BLOCK_SIZE) {
+        byte buf[WC_AES_BLOCK_SIZE];
+        byte tmp2[WC_AES_BLOCK_SIZE];
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE; j++) {
             byte tmpC;
 
-            tmpC   = (tmp[j] >> 7) & 0x01;
-            tmp2[j] = (byte)((tmp[j] << 1) + carry);
+            tmpC   = (i[j] >> 7) & 0x01;
+            tmp2[j] = (byte)((i[j] << 1) + carry);
             carry  = tmpC;
         }
         if (carry) {
             tmp2[0] ^= GF_XTS;
         }
 
-        XMEMCPY(buf, in, AES_BLOCK_SIZE);
-        xorbuf(buf, tmp2, AES_BLOCK_SIZE);
+        XMEMCPY(buf, in, WC_AES_BLOCK_SIZE);
+        xorbuf(buf, tmp2, WC_AES_BLOCK_SIZE);
         ret = wc_AesDecryptDirect(aes, out, buf);
         if (ret != 0)
             return ret;
-        xorbuf(out, tmp2, AES_BLOCK_SIZE);
+        xorbuf(out, tmp2, WC_AES_BLOCK_SIZE);
 
         /* tmp2 holds partial | last */
-        XMEMCPY(tmp2, out, AES_BLOCK_SIZE);
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        XMEMCPY(tmp2, out, WC_AES_BLOCK_SIZE);
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
 
         /* Make buffer with end of cipher text | last */
-        XMEMCPY(buf, tmp2, AES_BLOCK_SIZE);
-        if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */
+        XMEMCPY(buf, tmp2, WC_AES_BLOCK_SIZE);
+        if (sz >= WC_AES_BLOCK_SIZE) { /* extra sanity check before copy */
             return BUFFER_E;
         }
         XMEMCPY(buf, in,   sz);
         XMEMCPY(out, tmp2, sz);
 
-        xorbuf(buf, tmp, AES_BLOCK_SIZE);
+        xorbuf(buf, i, WC_AES_BLOCK_SIZE);
         ret = wc_AesDecryptDirect(aes, tmp2, buf);
         if (ret != 0)
             return ret;
-        xorbuf(tmp2, tmp, AES_BLOCK_SIZE);
-        XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE);
+        xorbuf(tmp2, i, WC_AES_BLOCK_SIZE);
+        XMEMCPY(out - WC_AES_BLOCK_SIZE, tmp2, WC_AES_BLOCK_SIZE);
     }
 
     return ret;
@@ -12811,7 +13701,7 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -12820,44 +13710,69 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i, word32 iSz)
 {
     int ret;
+    Aes *aes;
 
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    aes = &xaes->aes_decrypt;
+#else
+    aes = &xaes->aes;
+#endif
+
+/* FIPS TODO: SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
+ * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+ * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes or
+ * 134,217,728-bits) Add helpful printout and message along with BAD_FUNC_ARG
+ * return whenever sz / WC_AES_BLOCK_SIZE > 1,048,576 or equal to that and sz is
+ * not a sequence of complete blocks.
+ */
+
+    if (aes->keylen == 0) {
+        WOLFSSL_MSG("wc_AesXtsDecrypt called with unset decryption key.");
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for decryption");
         return BAD_FUNC_ARG;
     }
 
     {
 #ifdef WOLFSSL_AESNI
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
-        int orig_use_aesni = xaes->aes.use_aesni;
-#endif
-
-        if (xaes->aes.use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) {
-            xaes->aes.use_aesni = 0;
-            xaes->tweak.use_aesni = 0;
-        }
-        if (xaes->aes.use_aesni) {
+        if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #if defined(HAVE_INTEL_AVX1)
             if (IS_INTEL_AVX1(intel_flags)) {
-                AES_XTS_decrypt_avx1(in, out, sz, i, (const byte*)xaes->aes.key,
-                                     (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_decrypt_avx1(in, out, sz, i,
+                                     (const byte*)aes->key,
+                                     (const byte*)xaes->tweak.key,
+                                     (int)aes->rounds);
                 ret = 0;
             }
             else
 #endif
             {
-                AES_XTS_decrypt_aesni(in, out, sz, i, (const byte*)xaes->aes.key,
-                                      (const byte*)xaes->tweak.key, (int)xaes->aes.rounds);
+                AES_XTS_decrypt_aesni(in, out, sz, i,
+                                      (const byte*)aes->key,
+                                      (const byte*)xaes->tweak.key,
+                                      (int)aes->rounds);
                 ret = 0;
             }
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_XTS_decrypt_AARCH64(xaes, out, in, sz, i);
+            ret = 0;
         }
         else
 #endif
@@ -12865,21 +13780,198 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
             ret = AesXtsDecrypt_sw(xaes, out, in, sz, i);
         }
 
-#ifdef WOLFSSL_AESNI
-        if (xaes->aes.use_aesni)
-            RESTORE_VECTOR_REGISTERS();
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
-        else if (orig_use_aesni) {
-            xaes->aes.use_aesni = orig_use_aesni;
-            xaes->tweak.use_aesni = orig_use_aesni;
-        }
-#endif
-#endif
-
         return ret;
     }
 }
-#endif /* !WOLFSSL_ARMASM || WOLFSSL_ARMASM_NO_HW_CRYPTO */
+
+#ifdef WOLFSSL_AESXTS_STREAM
+
+/* Same process as encryption but Aes key is AES_DECRYPTION type.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * i     readwrite value to use for tweak
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
+ *       adds a sanity check on how the user calls the function.
+ *
+ * returns 0 on success
+ */
+int wc_AesXtsDecryptInit(XtsAes* xaes, const byte* i, word32 iSz,
+                         struct XtsAesStreamData *stream)
+{
+    int ret;
+    Aes *aes;
+
+    if (xaes == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    aes = &xaes->aes_decrypt;
+#else
+    aes = &xaes->aes;
+#endif
+
+    if (aes->keylen == 0) {
+        WOLFSSL_MSG("wc_AesXtsDecrypt called with unset decryption key.");
+        return BAD_FUNC_ARG;
+    }
+
+    if (iSz < WC_AES_BLOCK_SIZE) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMCPY(stream->tweak_block, i, WC_AES_BLOCK_SIZE);
+    stream->bytes_crypted_with_this_tweak = 0;
+
+    {
+#ifdef WOLFSSL_AESNI
+        if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#if defined(HAVE_INTEL_AVX1)
+            if (IS_INTEL_AVX1(intel_flags)) {
+                AES_XTS_init_avx1(stream->tweak_block,
+                                  (const byte*)xaes->tweak.key,
+                                  (int)xaes->tweak.rounds);
+                ret = 0;
+            }
+            else
+#endif
+            {
+                AES_XTS_init_aesni(stream->tweak_block,
+                                   (const byte*)xaes->tweak.key,
+                                   (int)xaes->tweak.rounds);
+                ret = 0;
+            }
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+#endif /* WOLFSSL_AESNI */
+        {
+            ret = AesXtsInitTweak_sw(xaes, stream->tweak_block);
+        }
+
+    }
+
+    return ret;
+}
+
+/* Block-streaming AES-XTS
+ *
+ * Note that sz must be >= WC_AES_BLOCK_SIZE in each call, and must be a multiple
+ * of WC_AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate().
+ * wc_AesXtsDecryptFinal() can handle any length >= WC_AES_BLOCK_SIZE.
+ *
+ * xaes  AES keys to use for block encrypt/decrypt
+ * out   output buffer to hold plain text
+ * in    input cipher text buffer to decrypt
+ * sz    size of both out and in buffers
+ * i     tweak buffer of size WC_AES_BLOCK_SIZE.
+ *
+ * returns 0 on success
+ */
+static int AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+                           struct XtsAesStreamData *stream)
+{
+    int ret;
+#ifdef WOLFSSL_AESNI
+    Aes *aes;
+#endif
+
+    if (xaes == NULL || out == NULL || in == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_AESNI
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    aes = &xaes->aes_decrypt;
+#else
+    aes = &xaes->aes;
+#endif
+#endif
+
+    if (sz < WC_AES_BLOCK_SIZE) {
+        WOLFSSL_MSG("Cipher text input too small for decryption");
+        return BAD_FUNC_ARG;
+    }
+
+    if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))
+    {
+        WOLFSSL_MSG("Call to AesXtsDecryptUpdate after previous finalizing call");
+        return BAD_FUNC_ARG;
+    }
+
+#ifndef WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
+    (void)WC_SAFE_SUM_WORD32(stream->bytes_crypted_with_this_tweak, sz,
+                             stream->bytes_crypted_with_this_tweak);
+#endif
+
+    {
+#ifdef WOLFSSL_AESNI
+        if (aes->use_aesni) {
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#if defined(HAVE_INTEL_AVX1)
+            if (IS_INTEL_AVX1(intel_flags)) {
+                AES_XTS_decrypt_update_avx1(in, out, sz,
+                                            (const byte*)aes->key,
+                                            stream->tweak_block,
+                                            (int)aes->rounds);
+                ret = 0;
+            }
+            else
+#endif
+            {
+                AES_XTS_decrypt_update_aesni(in, out, sz,
+                                             (const byte*)aes->key,
+                                             stream->tweak_block,
+                                             (int)aes->rounds);
+                ret = 0;
+            }
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+#endif /* WOLFSSL_AESNI */
+        {
+            ret = AesXtsDecryptUpdate_sw(xaes, out, in, sz,
+                                         stream->tweak_block);
+        }
+    }
+
+    return ret;
+}
+
+int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+                           struct XtsAesStreamData *stream)
+{
+    if (stream == NULL)
+        return BAD_FUNC_ARG;
+    if (sz & ((word32)WC_AES_BLOCK_SIZE - 1U))
+        return BAD_FUNC_ARG;
+    return AesXtsDecryptUpdate(xaes, out, in, sz, stream);
+}
+
+int wc_AesXtsDecryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+                           struct XtsAesStreamData *stream)
+{
+    int ret;
+    if (stream == NULL)
+        return BAD_FUNC_ARG;
+    if (sz > 0)
+        ret = AesXtsDecryptUpdate(xaes, out, in, sz, stream);
+    else
+        ret = 0;
+    ForceZero(stream->tweak_block, WC_AES_BLOCK_SIZE);
+    /* force the count odd, to assure error on attempt to AesXtsEncryptUpdate()
+     * after finalization.
+     */
+    stream->bytes_crypted_with_this_tweak |= 1U;
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+    wc_MemZero_Check(stream->tweak_block, WC_AES_BLOCK_SIZE);
+#endif
+    return ret;
+}
+
+#endif /* WOLFSSL_AESXTS_STREAM */
+#endif
 
 /* Same as wc_AesXtsEncryptSector but the sector gets incremented by one every
  * sectorSz bytes
@@ -12905,7 +13997,7 @@ int wc_AesXtsEncryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for encryption");
         return BAD_FUNC_ARG;
     }
@@ -12954,7 +14046,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for decryption");
         return BAD_FUNC_ARG;
     }
@@ -12987,7 +14079,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
  * See RFC 5297 Section 2.4.
  */
 static WARN_UNUSED_RESULT int S2V(
-    const byte* key, word32 keySz, const byte* assoc, word32 assocSz,
+    const byte* key, word32 keySz, const AesSivAssoc* assoc, word32 numAssoc,
     const byte* nonce, word32 nonceSz, const byte* data,
     word32 dataSz, byte* out)
 {
@@ -12996,16 +14088,18 @@ static WARN_UNUSED_RESULT int S2V(
     int i;
     Cmac* cmac;
 #else
-    byte tmp[3][AES_BLOCK_SIZE];
+    byte tmp[3][WC_AES_BLOCK_SIZE];
     Cmac cmac[1];
 #endif
-    word32 macSz = AES_BLOCK_SIZE;
+    word32 macSz = WC_AES_BLOCK_SIZE;
     int ret = 0;
+    byte tmpi = 0;
+    word32 ai;
     word32 zeroBytes;
 
 #ifdef WOLFSSL_SMALL_STACK
     for (i = 0; i < 3; ++i) {
-        tmp[i] = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmp[i] = (byte*)XMALLOC(WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp[i] == NULL) {
             ret = MEMORY_E;
             break;
@@ -13013,38 +14107,54 @@ static WARN_UNUSED_RESULT int S2V(
     }
     if (ret == 0)
 #endif
-    {
-        XMEMSET(tmp[1], 0, AES_BLOCK_SIZE);
-        XMEMSET(tmp[2], 0, AES_BLOCK_SIZE);
 
-        ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], AES_BLOCK_SIZE,
+    if ((numAssoc > 126) || ((nonceSz > 0) && (numAssoc > 125))) {
+        /* See RFC 5297 Section 7. */
+        WOLFSSL_MSG("Maximum number of ADs (including the nonce) for AES SIV is"
+                    " 126.");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        XMEMSET(tmp[1], 0, WC_AES_BLOCK_SIZE);
+        XMEMSET(tmp[2], 0, WC_AES_BLOCK_SIZE);
+
+        ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], WC_AES_BLOCK_SIZE,
                                  key, keySz);
-        if (ret == 0) {
-            ShiftAndXorRb(tmp[1], tmp[0]);
-            ret = wc_AesCmacGenerate(tmp[0], &macSz, assoc, assocSz, key,
-                                     keySz);
+    }
+
+    if (ret == 0) {
+        /* Loop over authenticated associated data AD1..ADn */
+        for (ai = 0; ai < numAssoc; ++ai) {
+            ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]);
+            ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, assoc[ai].assoc,
+                                     assoc[ai].assocSz, key, keySz);
+            if (ret != 0)
+                break;
+            xorbuf(tmp[1-tmpi], tmp[tmpi], WC_AES_BLOCK_SIZE);
+            tmpi = (byte)(1 - tmpi);
+        }
+
+        /* Add nonce as final AD. See RFC 5297 Section 3. */
+        if ((ret == 0) && (nonceSz > 0)) {
+            ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]);
+            ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, nonce,
+                                     nonceSz, key, keySz);
             if (ret == 0) {
-                xorbuf(tmp[1], tmp[0], AES_BLOCK_SIZE);
+                xorbuf(tmp[1-tmpi], tmp[tmpi], WC_AES_BLOCK_SIZE);
             }
+            tmpi = (byte)(1U - tmpi);
+        }
+
+        /* For simplicity of the remaining code, make sure the "final" result
+           is always in tmp[0]. */
+        if (tmpi == 1) {
+            XMEMCPY(tmp[0], tmp[1], WC_AES_BLOCK_SIZE);
         }
     }
 
     if (ret == 0) {
-        if (nonceSz > 0) {
-            ShiftAndXorRb(tmp[0], tmp[1]);
-            ret = wc_AesCmacGenerate(tmp[1], &macSz, nonce, nonceSz, key,
-                                     keySz);
-            if (ret == 0) {
-                xorbuf(tmp[0], tmp[1], AES_BLOCK_SIZE);
-            }
-        }
-        else {
-            XMEMCPY(tmp[0], tmp[1], AES_BLOCK_SIZE);
-        }
-    }
-
-    if (ret == 0) {
-        if (dataSz >= AES_BLOCK_SIZE) {
+        if (dataSz >= WC_AES_BLOCK_SIZE) {
 
         #ifdef WOLFSSL_SMALL_STACK
             cmac = (Cmac*)XMALLOC(sizeof(Cmac), NULL, DYNAMIC_TYPE_CMAC);
@@ -13060,23 +14170,21 @@ static WARN_UNUSED_RESULT int S2V(
                     ((unsigned char *)cmac) + sizeof(Aes),
                     sizeof(Cmac) - sizeof(Aes));
             #endif
-                xorbuf(tmp[0], data + (dataSz - AES_BLOCK_SIZE),
-                       AES_BLOCK_SIZE);
+                xorbuf(tmp[0], data + (dataSz - WC_AES_BLOCK_SIZE),
+                       WC_AES_BLOCK_SIZE);
                 ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
                 if (ret == 0) {
-                    ret = wc_CmacUpdate(cmac, data, dataSz - AES_BLOCK_SIZE);
+                    ret = wc_CmacUpdate(cmac, data, dataSz - WC_AES_BLOCK_SIZE);
                 }
                 if (ret == 0) {
-                    ret = wc_CmacUpdate(cmac, tmp[0], AES_BLOCK_SIZE);
+                    ret = wc_CmacUpdate(cmac, tmp[0], WC_AES_BLOCK_SIZE);
                 }
                 if (ret == 0) {
                     ret = wc_CmacFinal(cmac, out, &macSz);
                 }
             }
         #ifdef WOLFSSL_SMALL_STACK
-            if (cmac != NULL) {
-                XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
-            }
+            XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
         #elif defined(WOLFSSL_CHECK_MEM_ZERO)
             wc_MemZero_Check(cmac, sizeof(Cmac));
         #endif
@@ -13084,13 +14192,13 @@ static WARN_UNUSED_RESULT int S2V(
         else {
             XMEMCPY(tmp[2], data, dataSz);
             tmp[2][dataSz] |= 0x80;
-            zeroBytes = AES_BLOCK_SIZE - (dataSz + 1);
+            zeroBytes = WC_AES_BLOCK_SIZE - (dataSz + 1);
             if (zeroBytes != 0) {
                 XMEMSET(tmp[2] + dataSz + 1, 0, zeroBytes);
             }
             ShiftAndXorRb(tmp[1], tmp[0]);
-            xorbuf(tmp[1], tmp[2], AES_BLOCK_SIZE);
-            ret = wc_AesCmacGenerate(out, &macSz, tmp[1], AES_BLOCK_SIZE, key,
+            xorbuf(tmp[1], tmp[2], WC_AES_BLOCK_SIZE);
+            ret = wc_AesCmacGenerate(out, &macSz, tmp[1], WC_AES_BLOCK_SIZE, key,
                                      keySz);
         }
     }
@@ -13107,8 +14215,8 @@ static WARN_UNUSED_RESULT int S2V(
 }
 
 static WARN_UNUSED_RESULT int AesSivCipher(
-    const byte* key, word32 keySz, const byte* assoc,
-    word32 assocSz, const byte* nonce, word32 nonceSz,
+    const byte* key, word32 keySz, const AesSivAssoc* assoc,
+    word32 numAssoc, const byte* nonce, word32 nonceSz,
     const byte* data, word32 dataSz, byte* siv, byte* out,
     int enc)
 {
@@ -13118,7 +14226,7 @@ static WARN_UNUSED_RESULT int AesSivCipher(
 #else
     Aes aes[1];
 #endif
-    byte sivTmp[AES_BLOCK_SIZE];
+    byte sivTmp[WC_AES_BLOCK_SIZE];
 
     if (key == NULL || siv == NULL || out == NULL) {
         WOLFSSL_MSG("Bad parameter");
@@ -13132,31 +14240,26 @@ static WARN_UNUSED_RESULT int AesSivCipher(
 
     if (ret == 0) {
         if (enc == 1) {
-            ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, data,
+            ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, data,
                       dataSz, sivTmp);
             if (ret != 0) {
                 WOLFSSL_MSG("S2V failed.");
             }
             else {
-                XMEMCPY(siv, sivTmp, AES_BLOCK_SIZE);
+                XMEMCPY(siv, sivTmp, WC_AES_BLOCK_SIZE);
             }
         }
         else {
-            XMEMCPY(sivTmp, siv, AES_BLOCK_SIZE);
+            XMEMCPY(sivTmp, siv, WC_AES_BLOCK_SIZE);
         }
     }
 
+    if (ret == 0) {
 #ifdef WOLFSSL_SMALL_STACK
-    if (ret == 0) {
-        aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
-        if (aes == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-#endif
-
-    if (ret == 0) {
+        aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
         ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+#endif
         if (ret != 0) {
             WOLFSSL_MSG("Failed to initialized AES object.");
         }
@@ -13179,21 +14282,22 @@ static WARN_UNUSED_RESULT int AesSivCipher(
     }
 
     if (ret == 0 && enc == 0) {
-        ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, out, dataSz,
+        ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, out, dataSz,
                   sivTmp);
         if (ret != 0) {
             WOLFSSL_MSG("S2V failed.");
         }
 
-        if (XMEMCMP(siv, sivTmp, AES_BLOCK_SIZE) != 0) {
+        if (XMEMCMP(siv, sivTmp, WC_AES_BLOCK_SIZE) != 0) {
             WOLFSSL_MSG("Computed SIV doesn't match received SIV.");
             ret = AES_SIV_AUTH_E;
         }
     }
 
-    wc_AesFree(aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -13206,7 +14310,10 @@ int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out)
 {
-    return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz,
+    AesSivAssoc ad;
+    ad.assoc = assoc;
+    ad.assocSz = assocSz;
+    return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz,
                         siv, out, 1);
 }
 
@@ -13217,7 +14324,32 @@ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out)
 {
-    return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz,
+    AesSivAssoc ad;
+    ad.assoc = assoc;
+    ad.assocSz = assocSz;
+    return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz,
+                        siv, out, 0);
+}
+
+/*
+ * See RFC 5297 Section 2.6.
+ */
+int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out)
+{
+    return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz,
+                        siv, out, 1);
+}
+
+/*
+ * See RFC 5297 Section 2.7.
+ */
+int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out)
+{
+    return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz,
                         siv, out, 0);
 }
 
@@ -13414,7 +14546,7 @@ int  wc_AesEaxInit(AesEax* eax,
         goto out;
     }
 
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinal(&eax->nonceCmac,
                             eax->nonceCmacFinal,
                             &cmacSize)) != 0) {
@@ -13431,7 +14563,7 @@ int  wc_AesEaxInit(AesEax* eax,
      * provided
      *   H' = OMAC^1_K(H)
      */
-    eax->prefixBuf[AES_BLOCK_SIZE-1] = 1;
+    eax->prefixBuf[WC_AES_BLOCK_SIZE-1] = 1;
     if ((ret = wc_InitCmac(&eax->aadCmac,
                            key,
                            keySz,
@@ -13458,7 +14590,7 @@ int  wc_AesEaxInit(AesEax* eax,
      * updated in subsequent calls to encrypt/decrypt
      *  C' = OMAC^2_K(C)
      */
-    eax->prefixBuf[AES_BLOCK_SIZE-1] = 2;
+    eax->prefixBuf[WC_AES_BLOCK_SIZE-1] = 2;
     if ((ret = wc_InitCmac(&eax->ciphertextCmac,
                            key,
                            keySz,
@@ -13606,12 +14738,12 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz)
     int ret;
     word32 i;
 
-    if (eax == NULL || authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (eax == NULL || authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
     /* Complete the OMAC for the ciphertext */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->ciphertextCmac,
                                   eax->ciphertextCmacFinal,
                                   &cmacSize)) != 0) {
@@ -13619,7 +14751,7 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz)
     }
 
     /* Complete the OMAC for auth data */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->aadCmac,
                                   eax->aadCmacFinal,
                                   &cmacSize)) != 0) {
@@ -13660,15 +14792,15 @@ int wc_AesEaxDecryptFinal(AesEax* eax,
 #if defined(WOLFSSL_SMALL_STACK)
     byte *authTag;
 #else
-    byte authTag[AES_BLOCK_SIZE];
+    byte authTag[WC_AES_BLOCK_SIZE];
 #endif
 
-    if (eax == NULL || authIn == NULL || authInSz > AES_BLOCK_SIZE) {
+    if (eax == NULL || authIn == NULL || authInSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
     /* Complete the OMAC for the ciphertext */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->ciphertextCmac,
                                   eax->ciphertextCmacFinal,
                                   &cmacSize)) != 0) {
@@ -13676,7 +14808,7 @@ int wc_AesEaxDecryptFinal(AesEax* eax,
     }
 
     /* Complete the OMAC for auth data */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->aadCmac,
                                   eax->aadCmacFinal,
                                   &cmacSize)) != 0) {
@@ -13684,7 +14816,7 @@ int wc_AesEaxDecryptFinal(AesEax* eax,
     }
 
 #if defined(WOLFSSL_SMALL_STACK)
-    authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    authTag = (byte*)XMALLOC(WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (authTag == NULL) {
         return MEMORY_E;
     }
diff --git a/wolfcrypt/src/aes_asm.S b/wolfcrypt/src/aes_asm.S
index afaa0d40d..f3e9b973d 100644
--- a/wolfcrypt/src/aes_asm.S
+++ b/wolfcrypt/src/aes_asm.S
@@ -1,6 +1,6 @@
 /* aes_asm.S
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1095,12 +1095,13 @@ DECB_END_4:
 void AES_128_Key_Expansion_AESNI(const unsigned char* userkey,
    unsigned char* key_schedule);
 */
-.align  16,0x90
 #ifndef __APPLE__
 .globl AES_128_Key_Expansion_AESNI
+.align  16,0x90
 AES_128_Key_Expansion_AESNI:
 #else
 .globl _AES_128_Key_Expansion_AESNI
+.p2align  4
 _AES_128_Key_Expansion_AESNI:
 #endif
 # parameter 1: %rdi
@@ -1971,12 +1972,13 @@ DECB_END_4:
 void AES_128_Key_Expansion_AESNI(const unsigned char* userkey,
    unsigned char* key_schedule);
 */
-.align  16,0x90
 #ifndef __APPLE__
 .globl AES_128_Key_Expansion_AESNI
+.align  16,0x90
 AES_128_Key_Expansion_AESNI:
 #else
 .globl _AES_128_Key_Expansion_AESNI
+.p2align  4
 _AES_128_Key_Expansion_AESNI:
 #endif
         # parameter 1: stack[4] => %eax
diff --git a/wolfcrypt/src/aes_asm.asm b/wolfcrypt/src/aes_asm.asm
index 39d5fdc9b..c4f0495af 100644
--- a/wolfcrypt/src/aes_asm.asm
+++ b/wolfcrypt/src/aes_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_asm.asm
 ;  *
-;  * Copyright (C) 2006-2023 wolfSSL Inc.
+; * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
@@ -40,7 +40,7 @@ IFDEF HAVE_FIPS
 ENDIF
 
 IF fips_version GE 2
-  fipsAh SEGMENT ALIAS(".fipsA$h") 'CODE'
+  fipsAb SEGMENT ALIAS(".fipsA$b") 'CODE'
 ELSE
   _text SEGMENT
 ENDIF
@@ -1523,7 +1523,7 @@ MAKE_RK256_b:
 
 
 IF fips_version GE 2
-  fipsAh ENDS
+  fipsAb ENDS
 ELSE
   _text ENDS
 ENDIF
diff --git a/wolfcrypt/src/aes_gcm_asm.S b/wolfcrypt/src/aes_gcm_asm.S
index 4175888f1..95ac60ae2 100644
--- a/wolfcrypt/src/aes_gcm_asm.S
+++ b/wolfcrypt/src/aes_gcm_asm.S
@@ -1,6 +1,6 @@
 /* aes_gcm_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,6 +56,272 @@
 #else
 .p2align	4
 #endif /* __APPLE__ */
+L_GCM_generate_m0_aesni_rev8:
+.quad	0x8090a0b0c0d0e0f, 0x1020304050607
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_GCM_generate_m0_aesni_mod2_128:
+.quad	0x0, 0xe100000000000000
+#ifndef __APPLE__
+.text
+.globl	GCM_generate_m0_aesni
+.type	GCM_generate_m0_aesni,@function
+.align	16
+GCM_generate_m0_aesni:
+#else
+.section	__TEXT,__text
+.globl	_GCM_generate_m0_aesni
+.p2align	4
+_GCM_generate_m0_aesni:
+#endif /* __APPLE__ */
+        movdqu	L_GCM_generate_m0_aesni_rev8(%rip), %xmm9
+        movdqu	L_GCM_generate_m0_aesni_mod2_128(%rip), %xmm10
+        pxor	%xmm8, %xmm8
+        movdqu	(%rdi), %xmm0
+        movdqu	%xmm8, (%rsi)
+        movdqu	%xmm0, %xmm8
+        pshufb	%xmm9, %xmm0
+        movdqu	%xmm0, %xmm5
+        movdqu	%xmm0, %xmm4
+        psllq	$63, %xmm5
+        psrlq	$0x01, %xmm4
+        movdqu	%xmm5, %xmm1
+        pslldq	$8, %xmm1
+        psrldq	$8, %xmm5
+        pshufd	$0xff, %xmm1, %xmm1
+        por	%xmm5, %xmm4
+        psrad	$31, %xmm1
+        pand	%xmm10, %xmm1
+        pxor	%xmm4, %xmm1
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm1, %xmm4
+        psllq	$63, %xmm5
+        psrlq	$0x01, %xmm4
+        movdqu	%xmm5, %xmm2
+        pslldq	$8, %xmm2
+        psrldq	$8, %xmm5
+        pshufd	$0xff, %xmm2, %xmm2
+        por	%xmm5, %xmm4
+        psrad	$31, %xmm2
+        pand	%xmm10, %xmm2
+        pxor	%xmm4, %xmm2
+        movdqu	%xmm2, %xmm5
+        movdqu	%xmm2, %xmm4
+        psllq	$63, %xmm5
+        psrlq	$0x01, %xmm4
+        movdqu	%xmm5, %xmm3
+        pslldq	$8, %xmm3
+        psrldq	$8, %xmm5
+        pshufd	$0xff, %xmm3, %xmm3
+        por	%xmm5, %xmm4
+        psrad	$31, %xmm3
+        pand	%xmm10, %xmm3
+        pxor	%xmm4, %xmm3
+        pshufb	%xmm9, %xmm3
+        pshufb	%xmm9, %xmm2
+        movdqu	%xmm3, %xmm8
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm0
+        pxor	%xmm2, %xmm8
+        movdqu	%xmm3, 16(%rsi)
+        movdqu	%xmm2, 32(%rsi)
+        movdqu	%xmm8, 48(%rsi)
+        movdqu	%xmm1, 64(%rsi)
+        movdqu	%xmm3, %xmm4
+        movdqu	%xmm2, %xmm5
+        movdqu	%xmm8, %xmm6
+        pxor	%xmm1, %xmm4
+        pxor	%xmm1, %xmm5
+        pxor	%xmm1, %xmm6
+        movdqu	%xmm4, 80(%rsi)
+        movdqu	%xmm5, 96(%rsi)
+        movdqu	%xmm6, 112(%rsi)
+        movdqu	%xmm0, 128(%rsi)
+        pxor	%xmm0, %xmm1
+        movdqu	%xmm3, %xmm4
+        movdqu	%xmm2, %xmm6
+        pxor	%xmm0, %xmm4
+        pxor	%xmm0, %xmm6
+        movdqu	%xmm4, 144(%rsi)
+        movdqu	%xmm6, 160(%rsi)
+        pxor	%xmm3, %xmm6
+        movdqu	%xmm6, 176(%rsi)
+        movdqu	%xmm1, 192(%rsi)
+        movdqu	%xmm3, %xmm4
+        movdqu	%xmm2, %xmm5
+        movdqu	%xmm8, %xmm6
+        pxor	%xmm1, %xmm4
+        pxor	%xmm1, %xmm5
+        pxor	%xmm1, %xmm6
+        movdqu	%xmm4, 208(%rsi)
+        movdqu	%xmm5, 224(%rsi)
+        movdqu	%xmm6, 240(%rsi)
+        movdqu	(%rsi), %xmm0
+        movdqu	16(%rsi), %xmm1
+        movdqu	32(%rsi), %xmm2
+        movdqu	48(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 256(%rsi)
+        movdqu	%xmm1, 272(%rsi)
+        movdqu	%xmm2, 288(%rsi)
+        movdqu	%xmm3, 304(%rsi)
+        movdqu	64(%rsi), %xmm0
+        movdqu	80(%rsi), %xmm1
+        movdqu	96(%rsi), %xmm2
+        movdqu	112(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 320(%rsi)
+        movdqu	%xmm1, 336(%rsi)
+        movdqu	%xmm2, 352(%rsi)
+        movdqu	%xmm3, 368(%rsi)
+        movdqu	128(%rsi), %xmm0
+        movdqu	144(%rsi), %xmm1
+        movdqu	160(%rsi), %xmm2
+        movdqu	176(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 384(%rsi)
+        movdqu	%xmm1, 400(%rsi)
+        movdqu	%xmm2, 416(%rsi)
+        movdqu	%xmm3, 432(%rsi)
+        movdqu	192(%rsi), %xmm0
+        movdqu	208(%rsi), %xmm1
+        movdqu	224(%rsi), %xmm2
+        movdqu	240(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 448(%rsi)
+        movdqu	%xmm1, 464(%rsi)
+        movdqu	%xmm2, 480(%rsi)
+        movdqu	%xmm3, 496(%rsi)
+        repz retq
+#ifndef __APPLE__
+.size	GCM_generate_m0_aesni,.-GCM_generate_m0_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
 L_aes_gcm_one:
 .quad	0x0, 0x1
 #ifndef __APPLE__
@@ -6221,6 +6487,238 @@ L_AES_GCM_decrypt_final_aesni_cmp_tag_done:
 #else
 .p2align	4
 #endif /* __APPLE__ */
+L_GCM_generate_m0_avx1_rev8:
+.quad	0x8090a0b0c0d0e0f, 0x1020304050607
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_GCM_generate_m0_avx1_mod2_128:
+.quad	0x0, 0xe100000000000000
+#ifndef __APPLE__
+.text
+.globl	GCM_generate_m0_avx1
+.type	GCM_generate_m0_avx1,@function
+.align	16
+GCM_generate_m0_avx1:
+#else
+.section	__TEXT,__text
+.globl	_GCM_generate_m0_avx1
+.p2align	4
+_GCM_generate_m0_avx1:
+#endif /* __APPLE__ */
+        vmovdqu	L_GCM_generate_m0_avx1_rev8(%rip), %xmm9
+        vmovdqu	L_GCM_generate_m0_avx1_mod2_128(%rip), %xmm10
+        vpxor	%xmm8, %xmm8, %xmm8
+        vmovdqu	(%rdi), %xmm0
+        vmovdqu	%xmm8, (%rsi)
+        vmovdqu	%xmm0, %xmm8
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsllq	$63, %xmm0, %xmm5
+        vpsrlq	$0x01, %xmm0, %xmm4
+        vpslldq	$8, %xmm5, %xmm1
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm1, %xmm1
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm1, %xmm1
+        vpand	%xmm10, %xmm1, %xmm1
+        vpxor	%xmm4, %xmm1, %xmm1
+        vpsllq	$63, %xmm1, %xmm5
+        vpsrlq	$0x01, %xmm1, %xmm4
+        vpslldq	$8, %xmm5, %xmm2
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm2, %xmm2
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm2, %xmm2
+        vpand	%xmm10, %xmm2, %xmm2
+        vpxor	%xmm4, %xmm2, %xmm2
+        vpsllq	$63, %xmm2, %xmm5
+        vpsrlq	$0x01, %xmm2, %xmm4
+        vpslldq	$8, %xmm5, %xmm3
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm3, %xmm3
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm3, %xmm3
+        vpand	%xmm10, %xmm3, %xmm3
+        vpxor	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpxor	%xmm2, %xmm3, %xmm8
+        vmovdqu	%xmm3, 16(%rsi)
+        vmovdqu	%xmm2, 32(%rsi)
+        vmovdqu	%xmm8, 48(%rsi)
+        vmovdqu	%xmm1, 64(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 80(%rsi)
+        vmovdqu	%xmm5, 96(%rsi)
+        vmovdqu	%xmm6, 112(%rsi)
+        vmovdqu	%xmm0, 128(%rsi)
+        vpxor	%xmm0, %xmm1, %xmm1
+        vpxor	%xmm0, %xmm3, %xmm4
+        vpxor	%xmm0, %xmm2, %xmm6
+        vmovdqu	%xmm4, 144(%rsi)
+        vmovdqu	%xmm6, 160(%rsi)
+        vpxor	%xmm6, %xmm3, %xmm6
+        vmovdqu	%xmm6, 176(%rsi)
+        vmovdqu	%xmm1, 192(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 208(%rsi)
+        vmovdqu	%xmm5, 224(%rsi)
+        vmovdqu	%xmm6, 240(%rsi)
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 256(%rsi)
+        vmovdqu	%xmm1, 272(%rsi)
+        vmovdqu	%xmm2, 288(%rsi)
+        vmovdqu	%xmm3, 304(%rsi)
+        vmovdqu	64(%rsi), %xmm0
+        vmovdqu	80(%rsi), %xmm1
+        vmovdqu	96(%rsi), %xmm2
+        vmovdqu	112(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 320(%rsi)
+        vmovdqu	%xmm1, 336(%rsi)
+        vmovdqu	%xmm2, 352(%rsi)
+        vmovdqu	%xmm3, 368(%rsi)
+        vmovdqu	128(%rsi), %xmm0
+        vmovdqu	144(%rsi), %xmm1
+        vmovdqu	160(%rsi), %xmm2
+        vmovdqu	176(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 384(%rsi)
+        vmovdqu	%xmm1, 400(%rsi)
+        vmovdqu	%xmm2, 416(%rsi)
+        vmovdqu	%xmm3, 432(%rsi)
+        vmovdqu	192(%rsi), %xmm0
+        vmovdqu	208(%rsi), %xmm1
+        vmovdqu	224(%rsi), %xmm2
+        vmovdqu	240(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 448(%rsi)
+        vmovdqu	%xmm1, 464(%rsi)
+        vmovdqu	%xmm2, 480(%rsi)
+        vmovdqu	%xmm3, 496(%rsi)
+        repz retq
+#ifndef __APPLE__
+.size	GCM_generate_m0_avx1,.-GCM_generate_m0_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
 L_avx1_aes_gcm_one:
 .quad	0x0, 0x1
 #ifndef __APPLE__
@@ -9412,7 +9910,6 @@ L_AES_GCM_init_avx1_iv_done:
         vpaddd	L_avx1_aes_gcm_one(%rip), %xmm4, %xmm4
         vmovdqa	%xmm5, (%r8)
         vmovdqa	%xmm4, (%r9)
-        vzeroupper
         addq	$16, %rsp
         popq	%r13
         popq	%r12
@@ -9487,7 +9984,6 @@ L_AES_GCM_aad_update_avx1_16_loop:
         cmpl	%esi, %ecx
         jl	L_AES_GCM_aad_update_avx1_16_loop
         vmovdqa	%xmm5, (%rdx)
-        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	AES_GCM_aad_update_avx1,.-AES_GCM_aad_update_avx1
@@ -11454,6 +11950,238 @@ L_AES_GCM_decrypt_final_avx1_cmp_tag_done:
 #else
 .p2align	4
 #endif /* __APPLE__ */
+L_GCM_generate_m0_avx2_rev8:
+.quad	0x8090a0b0c0d0e0f, 0x1020304050607
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_GCM_generate_m0_avx2_mod2_128:
+.quad	0x0, 0xe100000000000000
+#ifndef __APPLE__
+.text
+.globl	GCM_generate_m0_avx2
+.type	GCM_generate_m0_avx2,@function
+.align	16
+GCM_generate_m0_avx2:
+#else
+.section	__TEXT,__text
+.globl	_GCM_generate_m0_avx2
+.p2align	4
+_GCM_generate_m0_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_GCM_generate_m0_avx2_rev8(%rip), %xmm9
+        vmovdqu	L_GCM_generate_m0_avx2_mod2_128(%rip), %xmm10
+        vpxor	%xmm8, %xmm8, %xmm8
+        vmovdqu	(%rdi), %xmm0
+        vmovdqu	%xmm8, (%rsi)
+        vmovdqu	%xmm0, %xmm8
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsllq	$63, %xmm0, %xmm5
+        vpsrlq	$0x01, %xmm0, %xmm4
+        vpslldq	$8, %xmm5, %xmm1
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm1, %xmm1
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm1, %xmm1
+        vpand	%xmm10, %xmm1, %xmm1
+        vpxor	%xmm4, %xmm1, %xmm1
+        vpsllq	$63, %xmm1, %xmm5
+        vpsrlq	$0x01, %xmm1, %xmm4
+        vpslldq	$8, %xmm5, %xmm2
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm2, %xmm2
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm2, %xmm2
+        vpand	%xmm10, %xmm2, %xmm2
+        vpxor	%xmm4, %xmm2, %xmm2
+        vpsllq	$63, %xmm2, %xmm5
+        vpsrlq	$0x01, %xmm2, %xmm4
+        vpslldq	$8, %xmm5, %xmm3
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm3, %xmm3
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm3, %xmm3
+        vpand	%xmm10, %xmm3, %xmm3
+        vpxor	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpxor	%xmm2, %xmm3, %xmm8
+        vmovdqu	%xmm3, 16(%rsi)
+        vmovdqu	%xmm2, 32(%rsi)
+        vmovdqu	%xmm8, 48(%rsi)
+        vmovdqu	%xmm1, 64(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 80(%rsi)
+        vmovdqu	%xmm5, 96(%rsi)
+        vmovdqu	%xmm6, 112(%rsi)
+        vmovdqu	%xmm0, 128(%rsi)
+        vpxor	%xmm0, %xmm1, %xmm1
+        vpxor	%xmm0, %xmm3, %xmm4
+        vpxor	%xmm0, %xmm2, %xmm6
+        vmovdqu	%xmm4, 144(%rsi)
+        vmovdqu	%xmm6, 160(%rsi)
+        vpxor	%xmm6, %xmm3, %xmm6
+        vmovdqu	%xmm6, 176(%rsi)
+        vmovdqu	%xmm1, 192(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 208(%rsi)
+        vmovdqu	%xmm5, 224(%rsi)
+        vmovdqu	%xmm6, 240(%rsi)
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 256(%rsi)
+        vmovdqu	%xmm1, 272(%rsi)
+        vmovdqu	%xmm2, 288(%rsi)
+        vmovdqu	%xmm3, 304(%rsi)
+        vmovdqu	64(%rsi), %xmm0
+        vmovdqu	80(%rsi), %xmm1
+        vmovdqu	96(%rsi), %xmm2
+        vmovdqu	112(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 320(%rsi)
+        vmovdqu	%xmm1, 336(%rsi)
+        vmovdqu	%xmm2, 352(%rsi)
+        vmovdqu	%xmm3, 368(%rsi)
+        vmovdqu	128(%rsi), %xmm0
+        vmovdqu	144(%rsi), %xmm1
+        vmovdqu	160(%rsi), %xmm2
+        vmovdqu	176(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 384(%rsi)
+        vmovdqu	%xmm1, 400(%rsi)
+        vmovdqu	%xmm2, 416(%rsi)
+        vmovdqu	%xmm3, 432(%rsi)
+        vmovdqu	192(%rsi), %xmm0
+        vmovdqu	208(%rsi), %xmm1
+        vmovdqu	224(%rsi), %xmm2
+        vmovdqu	240(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 448(%rsi)
+        vmovdqu	%xmm1, 464(%rsi)
+        vmovdqu	%xmm2, 480(%rsi)
+        vmovdqu	%xmm3, 496(%rsi)
+        repz retq
+#ifndef __APPLE__
+.size	GCM_generate_m0_avx2,.-GCM_generate_m0_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
 L_avx2_aes_gcm_one:
 .quad	0x0, 0x1
 #ifndef __APPLE__
diff --git a/wolfcrypt/src/aes_gcm_asm.asm b/wolfcrypt/src/aes_gcm_asm.asm
index c0e3682fe..a818e8658 100644
--- a/wolfcrypt/src/aes_gcm_asm.asm
+++ b/wolfcrypt/src/aes_gcm_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_gcm_asm.asm */
 ; /*
-;  * Copyright (C) 2006-2023 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
@@ -40,6 +40,259 @@ IFNDEF _WIN64
 _WIN64 = 1
 ENDIF
 
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_aesni_rev8 QWORD 579005069656919567, 283686952306183
+ptr_L_GCM_generate_m0_aesni_rev8 QWORD L_GCM_generate_m0_aesni_rev8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_aesni_mod2_128 QWORD 0, 16212958658533785600
+ptr_L_GCM_generate_m0_aesni_mod2_128 QWORD L_GCM_generate_m0_aesni_mod2_128
+_DATA ENDS
+_text SEGMENT READONLY PARA
+GCM_generate_m0_aesni PROC
+        sub	rsp, 80
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	xmm9, OWORD PTR L_GCM_generate_m0_aesni_rev8
+        movdqu	xmm10, OWORD PTR L_GCM_generate_m0_aesni_mod2_128
+        pxor	xmm8, xmm8
+        movdqu	xmm0, OWORD PTR [rcx]
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	xmm8, xmm0
+        pshufb	xmm0, xmm9
+        movdqu	xmm5, xmm0
+        movdqu	xmm4, xmm0
+        psllq	xmm5, 63
+        psrlq	xmm4, 1
+        movdqu	xmm1, xmm5
+        pslldq	xmm1, 8
+        psrldq	xmm5, 8
+        pshufd	xmm1, xmm1, 255
+        por	xmm4, xmm5
+        psrad	xmm1, 31
+        pand	xmm1, xmm10
+        pxor	xmm1, xmm4
+        movdqu	xmm5, xmm1
+        movdqu	xmm4, xmm1
+        psllq	xmm5, 63
+        psrlq	xmm4, 1
+        movdqu	xmm2, xmm5
+        pslldq	xmm2, 8
+        psrldq	xmm5, 8
+        pshufd	xmm2, xmm2, 255
+        por	xmm4, xmm5
+        psrad	xmm2, 31
+        pand	xmm2, xmm10
+        pxor	xmm2, xmm4
+        movdqu	xmm5, xmm2
+        movdqu	xmm4, xmm2
+        psllq	xmm5, 63
+        psrlq	xmm4, 1
+        movdqu	xmm3, xmm5
+        pslldq	xmm3, 8
+        psrldq	xmm5, 8
+        pshufd	xmm3, xmm3, 255
+        por	xmm4, xmm5
+        psrad	xmm3, 31
+        pand	xmm3, xmm10
+        pxor	xmm3, xmm4
+        pshufb	xmm3, xmm9
+        pshufb	xmm2, xmm9
+        movdqu	xmm8, xmm3
+        pshufb	xmm1, xmm9
+        pshufb	xmm0, xmm9
+        pxor	xmm8, xmm2
+        movdqu	OWORD PTR [rdx+16], xmm3
+        movdqu	OWORD PTR [rdx+32], xmm2
+        movdqu	OWORD PTR [rdx+48], xmm8
+        movdqu	OWORD PTR [rdx+64], xmm1
+        movdqu	xmm4, xmm3
+        movdqu	xmm5, xmm2
+        movdqu	xmm6, xmm8
+        pxor	xmm4, xmm1
+        pxor	xmm5, xmm1
+        pxor	xmm6, xmm1
+        movdqu	OWORD PTR [rdx+80], xmm4
+        movdqu	OWORD PTR [rdx+96], xmm5
+        movdqu	OWORD PTR [rdx+112], xmm6
+        movdqu	OWORD PTR [rdx+128], xmm0
+        pxor	xmm1, xmm0
+        movdqu	xmm4, xmm3
+        movdqu	xmm6, xmm2
+        pxor	xmm4, xmm0
+        pxor	xmm6, xmm0
+        movdqu	OWORD PTR [rdx+144], xmm4
+        movdqu	OWORD PTR [rdx+160], xmm6
+        pxor	xmm6, xmm3
+        movdqu	OWORD PTR [rdx+176], xmm6
+        movdqu	OWORD PTR [rdx+192], xmm1
+        movdqu	xmm4, xmm3
+        movdqu	xmm5, xmm2
+        movdqu	xmm6, xmm8
+        pxor	xmm4, xmm1
+        pxor	xmm5, xmm1
+        pxor	xmm6, xmm1
+        movdqu	OWORD PTR [rdx+208], xmm4
+        movdqu	OWORD PTR [rdx+224], xmm5
+        movdqu	OWORD PTR [rdx+240], xmm6
+        movdqu	xmm0, OWORD PTR [rdx]
+        movdqu	xmm1, OWORD PTR [rdx+16]
+        movdqu	xmm2, OWORD PTR [rdx+32]
+        movdqu	xmm3, OWORD PTR [rdx+48]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+256], xmm0
+        movdqu	OWORD PTR [rdx+272], xmm1
+        movdqu	OWORD PTR [rdx+288], xmm2
+        movdqu	OWORD PTR [rdx+304], xmm3
+        movdqu	xmm0, OWORD PTR [rdx+64]
+        movdqu	xmm1, OWORD PTR [rdx+80]
+        movdqu	xmm2, OWORD PTR [rdx+96]
+        movdqu	xmm3, OWORD PTR [rdx+112]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+320], xmm0
+        movdqu	OWORD PTR [rdx+336], xmm1
+        movdqu	OWORD PTR [rdx+352], xmm2
+        movdqu	OWORD PTR [rdx+368], xmm3
+        movdqu	xmm0, OWORD PTR [rdx+128]
+        movdqu	xmm1, OWORD PTR [rdx+144]
+        movdqu	xmm2, OWORD PTR [rdx+160]
+        movdqu	xmm3, OWORD PTR [rdx+176]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+384], xmm0
+        movdqu	OWORD PTR [rdx+400], xmm1
+        movdqu	OWORD PTR [rdx+416], xmm2
+        movdqu	OWORD PTR [rdx+432], xmm3
+        movdqu	xmm0, OWORD PTR [rdx+192]
+        movdqu	xmm1, OWORD PTR [rdx+208]
+        movdqu	xmm2, OWORD PTR [rdx+224]
+        movdqu	xmm3, OWORD PTR [rdx+240]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+448], xmm0
+        movdqu	OWORD PTR [rdx+464], xmm1
+        movdqu	OWORD PTR [rdx+480], xmm2
+        movdqu	OWORD PTR [rdx+496], xmm3
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        add	rsp, 80
+        ret
+GCM_generate_m0_aesni ENDP
+_text ENDS
 _DATA SEGMENT
 ALIGN 16
 L_aes_gcm_one QWORD 0, 1
@@ -116,16 +369,16 @@ AES_GCM_encrypt_aesni PROC
         mov	r15, QWORD PTR [rsp+136]
         mov	r10d, DWORD PTR [rsp+144]
         sub	rsp, 320
-        movdqu	[rsp+160], xmm6
-        movdqu	[rsp+176], xmm7
-        movdqu	[rsp+192], xmm8
-        movdqu	[rsp+208], xmm9
-        movdqu	[rsp+224], xmm10
-        movdqu	[rsp+240], xmm11
-        movdqu	[rsp+256], xmm12
-        movdqu	[rsp+272], xmm13
-        movdqu	[rsp+288], xmm14
-        movdqu	[rsp+304], xmm15
+        movdqu	OWORD PTR [rsp+160], xmm6
+        movdqu	OWORD PTR [rsp+176], xmm7
+        movdqu	OWORD PTR [rsp+192], xmm8
+        movdqu	OWORD PTR [rsp+208], xmm9
+        movdqu	OWORD PTR [rsp+224], xmm10
+        movdqu	OWORD PTR [rsp+240], xmm11
+        movdqu	OWORD PTR [rsp+256], xmm12
+        movdqu	OWORD PTR [rsp+272], xmm13
+        movdqu	OWORD PTR [rsp+288], xmm14
+        movdqu	OWORD PTR [rsp+304], xmm15
         pxor	xmm4, xmm4
         pxor	xmm6, xmm6
         cmp	ebx, 12
@@ -189,7 +442,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_12_last:
         aesenclast	xmm5, xmm7
         aesenclast	xmm1, xmm7
         pshufb	xmm5, OWORD PTR L_aes_gcm_bswap_mask
-        movdqu	[rsp+144], xmm1
+        movdqu	OWORD PTR [rsp+144], xmm1
         jmp	L_AES_GCM_encrypt_aesni_iv_done
 L_AES_GCM_encrypt_aesni_iv_not_12:
         ; Calculate values when IV is not 12 bytes
@@ -227,7 +480,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last:
         jl	L_AES_GCM_encrypt_aesni_calc_iv_lt16
         and	edx, 4294967280
 L_AES_GCM_encrypt_aesni_calc_iv_16_loop:
-        movdqu	xmm8, [rax+rcx]
+        movdqu	xmm8, OWORD PTR [rax+rcx]
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm8
         pshufd	xmm1, xmm4, 78
@@ -294,7 +547,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_lt16:
         sub	rsp, 16
         pxor	xmm8, xmm8
         xor	ebx, ebx
-        movdqu	[rsp], xmm8
+        movdqu	OWORD PTR [rsp], xmm8
 L_AES_GCM_encrypt_aesni_calc_iv_loop:
         movzx	r13d, BYTE PTR [rax+rcx]
         mov	BYTE PTR [rsp+rbx], r13b
@@ -302,7 +555,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_loop:
         inc	ebx
         cmp	ecx, edx
         jl	L_AES_GCM_encrypt_aesni_calc_iv_loop
-        movdqu	xmm8, [rsp]
+        movdqu	xmm8, OWORD PTR [rsp]
         add	rsp, 16
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm8
@@ -446,7 +699,7 @@ L_AES_GCM_encrypt_aesni_calc_iv_done:
         movdqa	xmm9, OWORD PTR [r15+224]
 L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last:
         aesenclast	xmm8, xmm9
-        movdqu	[rsp+144], xmm8
+        movdqu	OWORD PTR [rsp+144], xmm8
 L_AES_GCM_encrypt_aesni_iv_done:
         ; Additional authentication data
         mov	edx, r11d
@@ -457,7 +710,7 @@ L_AES_GCM_encrypt_aesni_iv_done:
         jl	L_AES_GCM_encrypt_aesni_calc_aad_lt16
         and	edx, 4294967280
 L_AES_GCM_encrypt_aesni_calc_aad_16_loop:
-        movdqu	xmm8, [r12+rcx]
+        movdqu	xmm8, OWORD PTR [r12+rcx]
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
         pshufd	xmm1, xmm6, 78
@@ -524,7 +777,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_lt16:
         sub	rsp, 16
         pxor	xmm8, xmm8
         xor	ebx, ebx
-        movdqu	[rsp], xmm8
+        movdqu	OWORD PTR [rsp], xmm8
 L_AES_GCM_encrypt_aesni_calc_aad_loop:
         movzx	r13d, BYTE PTR [r12+rcx]
         mov	BYTE PTR [rsp+rbx], r13b
@@ -532,7 +785,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_loop:
         inc	ebx
         cmp	ecx, edx
         jl	L_AES_GCM_encrypt_aesni_calc_aad_loop
-        movdqu	xmm8, [rsp]
+        movdqu	xmm8, OWORD PTR [rsp]
         add	rsp, 16
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
@@ -596,7 +849,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         movdqa	xmm9, xmm5
         paddd	xmm4, OWORD PTR L_aes_gcm_one
         movdqa	xmm8, xmm5
-        movdqu	[rsp+128], xmm4
+        movdqu	OWORD PTR [rsp+128], xmm4
         psrlq	xmm9, 63
         psllq	xmm8, 1
         pslldq	xmm9, 8
@@ -612,7 +865,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         and	r13d, 4294967168
         movdqa	xmm2, xmm6
         ; H ^ 1
-        movdqu	[rsp], xmm5
+        movdqu	OWORD PTR [rsp], xmm5
         ; H ^ 2
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm5, 78
@@ -654,7 +907,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm0, xmm14
-        movdqu	[rsp+16], xmm0
+        movdqu	OWORD PTR [rsp+16], xmm0
         ; H ^ 3
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm0, 78
@@ -696,7 +949,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm1, xmm14
-        movdqu	[rsp+32], xmm1
+        movdqu	OWORD PTR [rsp+32], xmm1
         ; H ^ 4
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm0, 78
@@ -738,7 +991,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm3, xmm14
-        movdqu	[rsp+48], xmm3
+        movdqu	OWORD PTR [rsp+48], xmm3
         ; H ^ 5
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm1, 78
@@ -780,7 +1033,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+64], xmm7
+        movdqu	OWORD PTR [rsp+64], xmm7
         ; H ^ 6
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm1, 78
@@ -822,7 +1075,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+80], xmm7
+        movdqu	OWORD PTR [rsp+80], xmm7
         ; H ^ 7
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm3, 78
@@ -864,7 +1117,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+96], xmm7
+        movdqu	OWORD PTR [rsp+96], xmm7
         ; H ^ 8
         pshufd	xmm9, xmm3, 78
         pshufd	xmm10, xmm3, 78
@@ -906,9 +1159,9 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+112], xmm7
+        movdqu	OWORD PTR [rsp+112], xmm7
         ; First 128 bytes of input
-        movdqu	xmm8, [rsp+128]
+        movdqu	xmm8, OWORD PTR [rsp+128]
         movdqa	xmm1, OWORD PTR L_aes_gcm_bswap_epi64
         movdqa	xmm0, xmm8
         pshufb	xmm8, xmm1
@@ -935,7 +1188,7 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
         pshufb	xmm15, xmm1
         paddd	xmm0, OWORD PTR L_aes_gcm_eight
         movdqa	xmm7, OWORD PTR [r15]
-        movdqu	[rsp+128], xmm0
+        movdqu	OWORD PTR [rsp+128], xmm0
         pxor	xmm8, xmm7
         pxor	xmm9, xmm7
         pxor	xmm10, xmm7
@@ -1069,36 +1322,36 @@ L_AES_GCM_encrypt_aesni_calc_aad_done:
 L_AES_GCM_encrypt_aesni_enc_done:
         aesenclast	xmm8, xmm7
         aesenclast	xmm9, xmm7
-        movdqu	xmm0, [rdi]
-        movdqu	xmm1, [rdi+16]
+        movdqu	xmm0, OWORD PTR [rdi]
+        movdqu	xmm1, OWORD PTR [rdi+16]
         pxor	xmm8, xmm0
         pxor	xmm9, xmm1
-        movdqu	[rsi], xmm8
-        movdqu	[rsi+16], xmm9
+        movdqu	OWORD PTR [rsi], xmm8
+        movdqu	OWORD PTR [rsi+16], xmm9
         aesenclast	xmm10, xmm7
         aesenclast	xmm11, xmm7
-        movdqu	xmm0, [rdi+32]
-        movdqu	xmm1, [rdi+48]
+        movdqu	xmm0, OWORD PTR [rdi+32]
+        movdqu	xmm1, OWORD PTR [rdi+48]
         pxor	xmm10, xmm0
         pxor	xmm11, xmm1
-        movdqu	[rsi+32], xmm10
-        movdqu	[rsi+48], xmm11
+        movdqu	OWORD PTR [rsi+32], xmm10
+        movdqu	OWORD PTR [rsi+48], xmm11
         aesenclast	xmm12, xmm7
         aesenclast	xmm13, xmm7
-        movdqu	xmm0, [rdi+64]
-        movdqu	xmm1, [rdi+80]
+        movdqu	xmm0, OWORD PTR [rdi+64]
+        movdqu	xmm1, OWORD PTR [rdi+80]
         pxor	xmm12, xmm0
         pxor	xmm13, xmm1
-        movdqu	[rsi+64], xmm12
-        movdqu	[rsi+80], xmm13
+        movdqu	OWORD PTR [rsi+64], xmm12
+        movdqu	OWORD PTR [rsi+80], xmm13
         aesenclast	xmm14, xmm7
         aesenclast	xmm15, xmm7
-        movdqu	xmm0, [rdi+96]
-        movdqu	xmm1, [rdi+112]
+        movdqu	xmm0, OWORD PTR [rdi+96]
+        movdqu	xmm1, OWORD PTR [rdi+112]
         pxor	xmm14, xmm0
         pxor	xmm15, xmm1
-        movdqu	[rsi+96], xmm14
-        movdqu	[rsi+112], xmm15
+        movdqu	OWORD PTR [rsi+96], xmm14
+        movdqu	OWORD PTR [rsi+112], xmm15
         cmp	r13d, 128
         mov	ebx, 128
         jle	L_AES_GCM_encrypt_aesni_end_128
@@ -1106,7 +1359,7 @@ L_AES_GCM_encrypt_aesni_enc_done:
 L_AES_GCM_encrypt_aesni_ghash_128:
         lea	rcx, QWORD PTR [rdi+rbx]
         lea	rdx, QWORD PTR [rsi+rbx]
-        movdqu	xmm8, [rsp+128]
+        movdqu	xmm8, OWORD PTR [rsp+128]
         movdqa	xmm1, OWORD PTR L_aes_gcm_bswap_epi64
         movdqa	xmm0, xmm8
         pshufb	xmm8, xmm1
@@ -1133,7 +1386,7 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pshufb	xmm15, xmm1
         paddd	xmm0, OWORD PTR L_aes_gcm_eight
         movdqa	xmm7, OWORD PTR [r15]
-        movdqu	[rsp+128], xmm0
+        movdqu	OWORD PTR [rsp+128], xmm0
         pxor	xmm8, xmm7
         pxor	xmm9, xmm7
         pxor	xmm10, xmm7
@@ -1142,8 +1395,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm13, xmm7
         pxor	xmm14, xmm7
         pxor	xmm15, xmm7
-        movdqu	xmm7, [rsp+112]
-        movdqu	xmm0, [rdx+-128]
+        movdqu	xmm7, OWORD PTR [rsp+112]
+        movdqu	xmm0, OWORD PTR [rdx+-128]
         aesenc	xmm8, [r15+16]
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm0, xmm2
@@ -1165,8 +1418,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         aesenc	xmm15, [r15+16]
         pxor	xmm1, xmm2
         pxor	xmm1, xmm3
-        movdqu	xmm7, [rsp+96]
-        movdqu	xmm0, [rdx+-112]
+        movdqu	xmm7, OWORD PTR [rsp+96]
+        movdqu	xmm0, OWORD PTR [rdx+-112]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+32]
@@ -1189,8 +1442,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+80]
-        movdqu	xmm0, [rdx+-96]
+        movdqu	xmm7, OWORD PTR [rsp+80]
+        movdqu	xmm0, OWORD PTR [rdx+-96]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+48]
@@ -1213,8 +1466,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+64]
-        movdqu	xmm0, [rdx+-80]
+        movdqu	xmm7, OWORD PTR [rsp+64]
+        movdqu	xmm0, OWORD PTR [rdx+-80]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+64]
@@ -1237,8 +1490,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+48]
-        movdqu	xmm0, [rdx+-64]
+        movdqu	xmm7, OWORD PTR [rsp+48]
+        movdqu	xmm0, OWORD PTR [rdx+-64]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+80]
@@ -1261,8 +1514,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm0, [rdx+-48]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm0, OWORD PTR [rdx+-48]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+96]
@@ -1285,8 +1538,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+16]
-        movdqu	xmm0, [rdx+-32]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm0, OWORD PTR [rdx+-32]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+112]
@@ -1309,8 +1562,8 @@ L_AES_GCM_encrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp]
-        movdqu	xmm0, [rdx+-16]
+        movdqu	xmm7, OWORD PTR [rsp]
+        movdqu	xmm0, OWORD PTR [rdx+-16]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+128]
@@ -1413,36 +1666,36 @@ L_AES_GCM_encrypt_aesni_ghash_128:
 L_AES_GCM_encrypt_aesni_aesenc_128_ghash_avx_done:
         aesenclast	xmm8, xmm7
         aesenclast	xmm9, xmm7
-        movdqu	xmm0, [rcx]
-        movdqu	xmm1, [rcx+16]
+        movdqu	xmm0, OWORD PTR [rcx]
+        movdqu	xmm1, OWORD PTR [rcx+16]
         pxor	xmm8, xmm0
         pxor	xmm9, xmm1
-        movdqu	[rdx], xmm8
-        movdqu	[rdx+16], xmm9
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
         aesenclast	xmm10, xmm7
         aesenclast	xmm11, xmm7
-        movdqu	xmm0, [rcx+32]
-        movdqu	xmm1, [rcx+48]
+        movdqu	xmm0, OWORD PTR [rcx+32]
+        movdqu	xmm1, OWORD PTR [rcx+48]
         pxor	xmm10, xmm0
         pxor	xmm11, xmm1
-        movdqu	[rdx+32], xmm10
-        movdqu	[rdx+48], xmm11
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
         aesenclast	xmm12, xmm7
         aesenclast	xmm13, xmm7
-        movdqu	xmm0, [rcx+64]
-        movdqu	xmm1, [rcx+80]
+        movdqu	xmm0, OWORD PTR [rcx+64]
+        movdqu	xmm1, OWORD PTR [rcx+80]
         pxor	xmm12, xmm0
         pxor	xmm13, xmm1
-        movdqu	[rdx+64], xmm12
-        movdqu	[rdx+80], xmm13
+        movdqu	OWORD PTR [rdx+64], xmm12
+        movdqu	OWORD PTR [rdx+80], xmm13
         aesenclast	xmm14, xmm7
         aesenclast	xmm15, xmm7
-        movdqu	xmm0, [rcx+96]
-        movdqu	xmm1, [rcx+112]
+        movdqu	xmm0, OWORD PTR [rcx+96]
+        movdqu	xmm1, OWORD PTR [rcx+112]
         pxor	xmm14, xmm0
         pxor	xmm15, xmm1
-        movdqu	[rdx+96], xmm14
-        movdqu	[rdx+112], xmm15
+        movdqu	OWORD PTR [rdx+96], xmm14
+        movdqu	OWORD PTR [rdx+112], xmm15
         add	ebx, 128
         cmp	ebx, r13d
         jl	L_AES_GCM_encrypt_aesni_ghash_128
@@ -1457,7 +1710,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         pshufb	xmm13, xmm4
         pshufb	xmm14, xmm4
         pshufb	xmm15, xmm4
-        movdqu	xmm7, [rsp+112]
+        movdqu	xmm7, OWORD PTR [rsp+112]
         pshufd	xmm1, xmm8, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1476,7 +1729,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+96]
+        movdqu	xmm7, OWORD PTR [rsp+96]
         pshufd	xmm1, xmm9, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1495,7 +1748,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+80]
+        movdqu	xmm7, OWORD PTR [rsp+80]
         pshufd	xmm1, xmm10, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1514,7 +1767,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+64]
+        movdqu	xmm7, OWORD PTR [rsp+64]
         pshufd	xmm1, xmm11, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1533,7 +1786,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+48]
+        movdqu	xmm7, OWORD PTR [rsp+48]
         pshufd	xmm1, xmm12, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1552,7 +1805,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+32]
+        movdqu	xmm7, OWORD PTR [rsp+32]
         pshufd	xmm1, xmm13, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1571,7 +1824,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+16]
         pshufd	xmm1, xmm14, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1590,7 +1843,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp]
+        movdqu	xmm7, OWORD PTR [rsp]
         pshufd	xmm1, xmm15, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -1632,7 +1885,7 @@ L_AES_GCM_encrypt_aesni_end_128:
         pxor	xmm2, xmm1
         pxor	xmm2, xmm4
         pxor	xmm6, xmm2
-        movdqu	xmm5, [rsp]
+        movdqu	xmm5, OWORD PTR [rsp]
 L_AES_GCM_encrypt_aesni_done_128:
         mov	edx, r9d
         cmp	ebx, edx
@@ -1643,12 +1896,12 @@ L_AES_GCM_encrypt_aesni_done_128:
         jge	L_AES_GCM_encrypt_aesni_last_block_done
         lea	rcx, QWORD PTR [rdi+rbx]
         lea	rdx, QWORD PTR [rsi+rbx]
-        movdqu	xmm8, [rsp+128]
+        movdqu	xmm8, OWORD PTR [rsp+128]
         movdqa	xmm9, xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm9, OWORD PTR L_aes_gcm_one
         pxor	xmm8, [r15]
-        movdqu	[rsp+128], xmm9
+        movdqu	OWORD PTR [rsp+128], xmm9
         aesenc	xmm8, [r15+16]
         aesenc	xmm8, [r15+32]
         aesenc	xmm8, [r15+48]
@@ -1671,9 +1924,9 @@ L_AES_GCM_encrypt_aesni_done_128:
         movdqa	xmm9, OWORD PTR [r15+224]
 L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last:
         aesenclast	xmm8, xmm9
-        movdqu	xmm9, [rcx]
+        movdqu	xmm9, OWORD PTR [rcx]
         pxor	xmm8, xmm9
-        movdqu	[rdx], xmm8
+        movdqu	OWORD PTR [rdx], xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
         add	ebx, 16
@@ -1682,12 +1935,12 @@ L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last:
 L_AES_GCM_encrypt_aesni_last_block_start:
         lea	rcx, QWORD PTR [rdi+rbx]
         lea	rdx, QWORD PTR [rsi+rbx]
-        movdqu	xmm8, [rsp+128]
+        movdqu	xmm8, OWORD PTR [rsp+128]
         movdqa	xmm9, xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm9, OWORD PTR L_aes_gcm_one
         pxor	xmm8, [r15]
-        movdqu	[rsp+128], xmm9
+        movdqu	OWORD PTR [rsp+128], xmm9
         movdqa	xmm10, xmm6
         pclmulqdq	xmm10, xmm5, 16
         aesenc	xmm8, [r15+16]
@@ -1735,9 +1988,9 @@ L_AES_GCM_encrypt_aesni_last_block_start:
         movdqa	xmm9, OWORD PTR [r15+224]
 L_AES_GCM_encrypt_aesni_aesenc_gfmul_last:
         aesenclast	xmm8, xmm9
-        movdqu	xmm9, [rcx]
+        movdqu	xmm9, OWORD PTR [rcx]
         pxor	xmm8, xmm9
-        movdqu	[rdx], xmm8
+        movdqu	OWORD PTR [rdx], xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
         add	ebx, 16
@@ -1789,7 +2042,7 @@ L_AES_GCM_encrypt_aesni_last_block_done:
         mov	edx, ecx
         and	ecx, 15
         jz	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done
-        movdqu	xmm4, [rsp+128]
+        movdqu	xmm4, OWORD PTR [rsp+128]
         pshufb	xmm4, OWORD PTR L_aes_gcm_bswap_epi64
         pxor	xmm4, [r15]
         aesenc	xmm4, [r15+16]
@@ -1816,7 +2069,7 @@ L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last:
         aesenclast	xmm4, xmm9
         sub	rsp, 16
         xor	ecx, ecx
-        movdqu	[rsp], xmm4
+        movdqu	OWORD PTR [rsp], xmm4
 L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop:
         movzx	r13d, BYTE PTR [rdi+rbx]
         xor	r13b, BYTE PTR [rsp+rcx]
@@ -1835,7 +2088,7 @@ L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop:
         cmp	ecx, 16
         jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop
 L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc:
-        movdqu	xmm4, [rsp]
+        movdqu	xmm4, OWORD PTR [rsp]
         add	rsp, 16
         pshufb	xmm4, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm4
@@ -1929,12 +2182,12 @@ L_AES_GCM_encrypt_aesni_done_enc:
         pxor	xmm14, xmm8
         pxor	xmm6, xmm14
         pshufb	xmm6, OWORD PTR L_aes_gcm_bswap_mask
-        movdqu	xmm0, [rsp+144]
+        movdqu	xmm0, OWORD PTR [rsp+144]
         pxor	xmm0, xmm6
         cmp	r14d, 16
         je	L_AES_GCM_encrypt_aesni_store_tag_16
         xor	rcx, rcx
-        movdqu	[rsp], xmm0
+        movdqu	OWORD PTR [rsp], xmm0
 L_AES_GCM_encrypt_aesni_store_tag_loop:
         movzx	r13d, BYTE PTR [rsp+rcx]
         mov	BYTE PTR [r8+rcx], r13b
@@ -1943,18 +2196,18 @@ L_AES_GCM_encrypt_aesni_store_tag_loop:
         jne	L_AES_GCM_encrypt_aesni_store_tag_loop
         jmp	L_AES_GCM_encrypt_aesni_store_tag_done
 L_AES_GCM_encrypt_aesni_store_tag_16:
-        movdqu	[r8], xmm0
+        movdqu	OWORD PTR [r8], xmm0
 L_AES_GCM_encrypt_aesni_store_tag_done:
-        movdqu	xmm6, [rsp+160]
-        movdqu	xmm7, [rsp+176]
-        movdqu	xmm8, [rsp+192]
-        movdqu	xmm9, [rsp+208]
-        movdqu	xmm10, [rsp+224]
-        movdqu	xmm11, [rsp+240]
-        movdqu	xmm12, [rsp+256]
-        movdqu	xmm13, [rsp+272]
-        movdqu	xmm14, [rsp+288]
-        movdqu	xmm15, [rsp+304]
+        movdqu	xmm6, OWORD PTR [rsp+160]
+        movdqu	xmm7, OWORD PTR [rsp+176]
+        movdqu	xmm8, OWORD PTR [rsp+192]
+        movdqu	xmm9, OWORD PTR [rsp+208]
+        movdqu	xmm10, OWORD PTR [rsp+224]
+        movdqu	xmm11, OWORD PTR [rsp+240]
+        movdqu	xmm12, OWORD PTR [rsp+256]
+        movdqu	xmm13, OWORD PTR [rsp+272]
+        movdqu	xmm14, OWORD PTR [rsp+288]
+        movdqu	xmm15, OWORD PTR [rsp+304]
         add	rsp, 320
         pop	r15
         pop	r14
@@ -1989,16 +2242,16 @@ AES_GCM_decrypt_aesni PROC
         mov	r10d, DWORD PTR [rsp+152]
         mov	rbp, QWORD PTR [rsp+160]
         sub	rsp, 328
-        movdqu	[rsp+168], xmm6
-        movdqu	[rsp+184], xmm7
-        movdqu	[rsp+200], xmm8
-        movdqu	[rsp+216], xmm9
-        movdqu	[rsp+232], xmm10
-        movdqu	[rsp+248], xmm11
-        movdqu	[rsp+264], xmm12
-        movdqu	[rsp+280], xmm13
-        movdqu	[rsp+296], xmm14
-        movdqu	[rsp+312], xmm15
+        movdqu	OWORD PTR [rsp+168], xmm6
+        movdqu	OWORD PTR [rsp+184], xmm7
+        movdqu	OWORD PTR [rsp+200], xmm8
+        movdqu	OWORD PTR [rsp+216], xmm9
+        movdqu	OWORD PTR [rsp+232], xmm10
+        movdqu	OWORD PTR [rsp+248], xmm11
+        movdqu	OWORD PTR [rsp+264], xmm12
+        movdqu	OWORD PTR [rsp+280], xmm13
+        movdqu	OWORD PTR [rsp+296], xmm14
+        movdqu	OWORD PTR [rsp+312], xmm15
         pxor	xmm4, xmm4
         pxor	xmm6, xmm6
         cmp	ebx, 12
@@ -2062,7 +2315,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_12_last:
         aesenclast	xmm5, xmm7
         aesenclast	xmm1, xmm7
         pshufb	xmm5, OWORD PTR L_aes_gcm_bswap_mask
-        movdqu	[rsp+144], xmm1
+        movdqu	OWORD PTR [rsp+144], xmm1
         jmp	L_AES_GCM_decrypt_aesni_iv_done
 L_AES_GCM_decrypt_aesni_iv_not_12:
         ; Calculate values when IV is not 12 bytes
@@ -2100,7 +2353,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last:
         jl	L_AES_GCM_decrypt_aesni_calc_iv_lt16
         and	edx, 4294967280
 L_AES_GCM_decrypt_aesni_calc_iv_16_loop:
-        movdqu	xmm8, [rax+rcx]
+        movdqu	xmm8, OWORD PTR [rax+rcx]
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm8
         pshufd	xmm1, xmm4, 78
@@ -2167,7 +2420,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_lt16:
         sub	rsp, 16
         pxor	xmm8, xmm8
         xor	ebx, ebx
-        movdqu	[rsp], xmm8
+        movdqu	OWORD PTR [rsp], xmm8
 L_AES_GCM_decrypt_aesni_calc_iv_loop:
         movzx	r13d, BYTE PTR [rax+rcx]
         mov	BYTE PTR [rsp+rbx], r13b
@@ -2175,7 +2428,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_loop:
         inc	ebx
         cmp	ecx, edx
         jl	L_AES_GCM_decrypt_aesni_calc_iv_loop
-        movdqu	xmm8, [rsp]
+        movdqu	xmm8, OWORD PTR [rsp]
         add	rsp, 16
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm8
@@ -2319,7 +2572,7 @@ L_AES_GCM_decrypt_aesni_calc_iv_done:
         movdqa	xmm9, OWORD PTR [r15+224]
 L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last:
         aesenclast	xmm8, xmm9
-        movdqu	[rsp+144], xmm8
+        movdqu	OWORD PTR [rsp+144], xmm8
 L_AES_GCM_decrypt_aesni_iv_done:
         ; Additional authentication data
         mov	edx, r11d
@@ -2330,7 +2583,7 @@ L_AES_GCM_decrypt_aesni_iv_done:
         jl	L_AES_GCM_decrypt_aesni_calc_aad_lt16
         and	edx, 4294967280
 L_AES_GCM_decrypt_aesni_calc_aad_16_loop:
-        movdqu	xmm8, [r12+rcx]
+        movdqu	xmm8, OWORD PTR [r12+rcx]
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
         pshufd	xmm1, xmm6, 78
@@ -2397,7 +2650,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_lt16:
         sub	rsp, 16
         pxor	xmm8, xmm8
         xor	ebx, ebx
-        movdqu	[rsp], xmm8
+        movdqu	OWORD PTR [rsp], xmm8
 L_AES_GCM_decrypt_aesni_calc_aad_loop:
         movzx	r13d, BYTE PTR [r12+rcx]
         mov	BYTE PTR [rsp+rbx], r13b
@@ -2405,7 +2658,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_loop:
         inc	ebx
         cmp	ecx, edx
         jl	L_AES_GCM_decrypt_aesni_calc_aad_loop
-        movdqu	xmm8, [rsp]
+        movdqu	xmm8, OWORD PTR [rsp]
         add	rsp, 16
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
@@ -2469,7 +2722,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         movdqa	xmm9, xmm5
         paddd	xmm4, OWORD PTR L_aes_gcm_one
         movdqa	xmm8, xmm5
-        movdqu	[rsp+128], xmm4
+        movdqu	OWORD PTR [rsp+128], xmm4
         psrlq	xmm9, 63
         psllq	xmm8, 1
         pslldq	xmm9, 8
@@ -2485,7 +2738,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         and	r13d, 4294967168
         movdqa	xmm2, xmm6
         ; H ^ 1
-        movdqu	[rsp], xmm5
+        movdqu	OWORD PTR [rsp], xmm5
         ; H ^ 2
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm5, 78
@@ -2527,7 +2780,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm0, xmm14
-        movdqu	[rsp+16], xmm0
+        movdqu	OWORD PTR [rsp+16], xmm0
         ; H ^ 3
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm0, 78
@@ -2569,7 +2822,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm1, xmm14
-        movdqu	[rsp+32], xmm1
+        movdqu	OWORD PTR [rsp+32], xmm1
         ; H ^ 4
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm0, 78
@@ -2611,7 +2864,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm3, xmm14
-        movdqu	[rsp+48], xmm3
+        movdqu	OWORD PTR [rsp+48], xmm3
         ; H ^ 5
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm1, 78
@@ -2653,7 +2906,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+64], xmm7
+        movdqu	OWORD PTR [rsp+64], xmm7
         ; H ^ 6
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm1, 78
@@ -2695,7 +2948,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+80], xmm7
+        movdqu	OWORD PTR [rsp+80], xmm7
         ; H ^ 7
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm3, 78
@@ -2737,7 +2990,7 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+96], xmm7
+        movdqu	OWORD PTR [rsp+96], xmm7
         ; H ^ 8
         pshufd	xmm9, xmm3, 78
         pshufd	xmm10, xmm3, 78
@@ -2779,11 +3032,11 @@ L_AES_GCM_decrypt_aesni_calc_aad_done:
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+112], xmm7
+        movdqu	OWORD PTR [rsp+112], xmm7
 L_AES_GCM_decrypt_aesni_ghash_128:
         lea	rcx, QWORD PTR [rdi+rbx]
         lea	rdx, QWORD PTR [rsi+rbx]
-        movdqu	xmm8, [rsp+128]
+        movdqu	xmm8, OWORD PTR [rsp+128]
         movdqa	xmm1, OWORD PTR L_aes_gcm_bswap_epi64
         movdqa	xmm0, xmm8
         pshufb	xmm8, xmm1
@@ -2810,7 +3063,7 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pshufb	xmm15, xmm1
         paddd	xmm0, OWORD PTR L_aes_gcm_eight
         movdqa	xmm7, OWORD PTR [r15]
-        movdqu	[rsp+128], xmm0
+        movdqu	OWORD PTR [rsp+128], xmm0
         pxor	xmm8, xmm7
         pxor	xmm9, xmm7
         pxor	xmm10, xmm7
@@ -2819,8 +3072,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm13, xmm7
         pxor	xmm14, xmm7
         pxor	xmm15, xmm7
-        movdqu	xmm7, [rsp+112]
-        movdqu	xmm0, [rcx]
+        movdqu	xmm7, OWORD PTR [rsp+112]
+        movdqu	xmm0, OWORD PTR [rcx]
         aesenc	xmm8, [r15+16]
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm0, xmm2
@@ -2842,8 +3095,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         aesenc	xmm15, [r15+16]
         pxor	xmm1, xmm2
         pxor	xmm1, xmm3
-        movdqu	xmm7, [rsp+96]
-        movdqu	xmm0, [rcx+16]
+        movdqu	xmm7, OWORD PTR [rsp+96]
+        movdqu	xmm0, OWORD PTR [rcx+16]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+32]
@@ -2866,8 +3119,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+80]
-        movdqu	xmm0, [rcx+32]
+        movdqu	xmm7, OWORD PTR [rsp+80]
+        movdqu	xmm0, OWORD PTR [rcx+32]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+48]
@@ -2890,8 +3143,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+64]
-        movdqu	xmm0, [rcx+48]
+        movdqu	xmm7, OWORD PTR [rsp+64]
+        movdqu	xmm0, OWORD PTR [rcx+48]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+64]
@@ -2914,8 +3167,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+48]
-        movdqu	xmm0, [rcx+64]
+        movdqu	xmm7, OWORD PTR [rsp+48]
+        movdqu	xmm0, OWORD PTR [rcx+64]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+80]
@@ -2938,8 +3191,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm0, [rcx+80]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm0, OWORD PTR [rcx+80]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+96]
@@ -2962,8 +3215,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+16]
-        movdqu	xmm0, [rcx+96]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm0, OWORD PTR [rcx+96]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+112]
@@ -2986,8 +3239,8 @@ L_AES_GCM_decrypt_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp]
-        movdqu	xmm0, [rcx+112]
+        movdqu	xmm7, OWORD PTR [rsp]
+        movdqu	xmm0, OWORD PTR [rcx+112]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [r15+128]
@@ -3090,41 +3343,41 @@ L_AES_GCM_decrypt_aesni_ghash_128:
 L_AES_GCM_decrypt_aesni_aesenc_128_ghash_avx_done:
         aesenclast	xmm8, xmm7
         aesenclast	xmm9, xmm7
-        movdqu	xmm0, [rcx]
-        movdqu	xmm1, [rcx+16]
+        movdqu	xmm0, OWORD PTR [rcx]
+        movdqu	xmm1, OWORD PTR [rcx+16]
         pxor	xmm8, xmm0
         pxor	xmm9, xmm1
-        movdqu	[rdx], xmm8
-        movdqu	[rdx+16], xmm9
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
         aesenclast	xmm10, xmm7
         aesenclast	xmm11, xmm7
-        movdqu	xmm0, [rcx+32]
-        movdqu	xmm1, [rcx+48]
+        movdqu	xmm0, OWORD PTR [rcx+32]
+        movdqu	xmm1, OWORD PTR [rcx+48]
         pxor	xmm10, xmm0
         pxor	xmm11, xmm1
-        movdqu	[rdx+32], xmm10
-        movdqu	[rdx+48], xmm11
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
         aesenclast	xmm12, xmm7
         aesenclast	xmm13, xmm7
-        movdqu	xmm0, [rcx+64]
-        movdqu	xmm1, [rcx+80]
+        movdqu	xmm0, OWORD PTR [rcx+64]
+        movdqu	xmm1, OWORD PTR [rcx+80]
         pxor	xmm12, xmm0
         pxor	xmm13, xmm1
-        movdqu	[rdx+64], xmm12
-        movdqu	[rdx+80], xmm13
+        movdqu	OWORD PTR [rdx+64], xmm12
+        movdqu	OWORD PTR [rdx+80], xmm13
         aesenclast	xmm14, xmm7
         aesenclast	xmm15, xmm7
-        movdqu	xmm0, [rcx+96]
-        movdqu	xmm1, [rcx+112]
+        movdqu	xmm0, OWORD PTR [rcx+96]
+        movdqu	xmm1, OWORD PTR [rcx+112]
         pxor	xmm14, xmm0
         pxor	xmm15, xmm1
-        movdqu	[rdx+96], xmm14
-        movdqu	[rdx+112], xmm15
+        movdqu	OWORD PTR [rdx+96], xmm14
+        movdqu	OWORD PTR [rdx+112], xmm15
         add	ebx, 128
         cmp	ebx, r13d
         jl	L_AES_GCM_decrypt_aesni_ghash_128
         movdqa	xmm6, xmm2
-        movdqu	xmm5, [rsp]
+        movdqu	xmm5, OWORD PTR [rsp]
 L_AES_GCM_decrypt_aesni_done_128:
         mov	edx, r9d
         cmp	ebx, edx
@@ -3136,16 +3389,16 @@ L_AES_GCM_decrypt_aesni_done_128:
 L_AES_GCM_decrypt_aesni_last_block_start:
         lea	rcx, QWORD PTR [rdi+rbx]
         lea	rdx, QWORD PTR [rsi+rbx]
-        movdqu	xmm1, [rcx]
+        movdqu	xmm1, OWORD PTR [rcx]
         movdqa	xmm0, xmm5
         pshufb	xmm1, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm1, xmm6
-        movdqu	xmm8, [rsp+128]
+        movdqu	xmm8, OWORD PTR [rsp+128]
         movdqa	xmm9, xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm9, OWORD PTR L_aes_gcm_one
         pxor	xmm8, [r15]
-        movdqu	[rsp+128], xmm9
+        movdqu	OWORD PTR [rsp+128], xmm9
         movdqa	xmm10, xmm1
         pclmulqdq	xmm10, xmm0, 16
         aesenc	xmm8, [r15+16]
@@ -3193,9 +3446,9 @@ L_AES_GCM_decrypt_aesni_last_block_start:
         movdqa	xmm9, OWORD PTR [r15+224]
 L_AES_GCM_decrypt_aesni_aesenc_gfmul_last:
         aesenclast	xmm8, xmm9
-        movdqu	xmm9, [rcx]
+        movdqu	xmm9, OWORD PTR [rcx]
         pxor	xmm8, xmm9
-        movdqu	[rdx], xmm8
+        movdqu	OWORD PTR [rdx], xmm8
         add	ebx, 16
         cmp	ebx, r13d
         jl	L_AES_GCM_decrypt_aesni_last_block_start
@@ -3204,7 +3457,7 @@ L_AES_GCM_decrypt_aesni_last_block_done:
         mov	edx, ecx
         and	ecx, 15
         jz	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done
-        movdqu	xmm4, [rsp+128]
+        movdqu	xmm4, OWORD PTR [rsp+128]
         pshufb	xmm4, OWORD PTR L_aes_gcm_bswap_epi64
         pxor	xmm4, [r15]
         aesenc	xmm4, [r15+16]
@@ -3231,9 +3484,9 @@ L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last:
         aesenclast	xmm4, xmm9
         sub	rsp, 32
         xor	ecx, ecx
-        movdqu	[rsp], xmm4
+        movdqu	OWORD PTR [rsp], xmm4
         pxor	xmm0, xmm0
-        movdqu	[rsp+16], xmm0
+        movdqu	OWORD PTR [rsp+16], xmm0
 L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop:
         movzx	r13d, BYTE PTR [rdi+rbx]
         mov	BYTE PTR [rsp+rcx+16], r13b
@@ -3243,7 +3496,7 @@ L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop:
         inc	ecx
         cmp	ebx, edx
         jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop
-        movdqu	xmm4, [rsp+16]
+        movdqu	xmm4, OWORD PTR [rsp+16]
         add	rsp, 32
         pshufb	xmm4, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm4
@@ -3337,14 +3590,14 @@ L_AES_GCM_decrypt_aesni_done_dec:
         pxor	xmm14, xmm8
         pxor	xmm6, xmm14
         pshufb	xmm6, OWORD PTR L_aes_gcm_bswap_mask
-        movdqu	xmm0, [rsp+144]
+        movdqu	xmm0, OWORD PTR [rsp+144]
         pxor	xmm0, xmm6
         cmp	r14d, 16
         je	L_AES_GCM_decrypt_aesni_cmp_tag_16
         sub	rsp, 16
         xor	rcx, rcx
         xor	rbx, rbx
-        movdqu	[rsp], xmm0
+        movdqu	OWORD PTR [rsp], xmm0
 L_AES_GCM_decrypt_aesni_cmp_tag_loop:
         movzx	r13d, BYTE PTR [rsp+rcx]
         xor	r13b, BYTE PTR [r8+rcx]
@@ -3352,13 +3605,13 @@ L_AES_GCM_decrypt_aesni_cmp_tag_loop:
         inc	ecx
         cmp	ecx, r14d
         jne	L_AES_GCM_decrypt_aesni_cmp_tag_loop
-        cmp	rbx, 0
+        cmp	bl, 0
         sete	bl
         add	rsp, 16
         xor	rcx, rcx
         jmp	L_AES_GCM_decrypt_aesni_cmp_tag_done
 L_AES_GCM_decrypt_aesni_cmp_tag_16:
-        movdqu	xmm1, [r8]
+        movdqu	xmm1, OWORD PTR [r8]
         pcmpeqb	xmm0, xmm1
         pmovmskb	rdx, xmm0
         ; %%edx == 0xFFFF then return 1 else => return 0
@@ -3367,16 +3620,16 @@ L_AES_GCM_decrypt_aesni_cmp_tag_16:
         sete	bl
 L_AES_GCM_decrypt_aesni_cmp_tag_done:
         mov	DWORD PTR [rbp], ebx
-        movdqu	xmm6, [rsp+168]
-        movdqu	xmm7, [rsp+184]
-        movdqu	xmm8, [rsp+200]
-        movdqu	xmm9, [rsp+216]
-        movdqu	xmm10, [rsp+232]
-        movdqu	xmm11, [rsp+248]
-        movdqu	xmm12, [rsp+264]
-        movdqu	xmm13, [rsp+280]
-        movdqu	xmm14, [rsp+296]
-        movdqu	xmm15, [rsp+312]
+        movdqu	xmm6, OWORD PTR [rsp+168]
+        movdqu	xmm7, OWORD PTR [rsp+184]
+        movdqu	xmm8, OWORD PTR [rsp+200]
+        movdqu	xmm9, OWORD PTR [rsp+216]
+        movdqu	xmm10, OWORD PTR [rsp+232]
+        movdqu	xmm11, OWORD PTR [rsp+248]
+        movdqu	xmm12, OWORD PTR [rsp+264]
+        movdqu	xmm13, OWORD PTR [rsp+280]
+        movdqu	xmm14, OWORD PTR [rsp+296]
+        movdqu	xmm15, OWORD PTR [rsp+312]
         add	rsp, 328
         pop	rbp
         pop	r15
@@ -3404,10 +3657,10 @@ AES_GCM_init_aesni PROC
         mov	r8, QWORD PTR [rsp+88]
         mov	r9, QWORD PTR [rsp+96]
         sub	rsp, 80
-        movdqu	[rsp+16], xmm6
-        movdqu	[rsp+32], xmm7
-        movdqu	[rsp+48], xmm8
-        movdqu	[rsp+64], xmm15
+        movdqu	OWORD PTR [rsp+16], xmm6
+        movdqu	OWORD PTR [rsp+32], xmm7
+        movdqu	OWORD PTR [rsp+48], xmm8
+        movdqu	OWORD PTR [rsp+64], xmm15
         pxor	xmm4, xmm4
         mov	edx, r11d
         cmp	edx, 12
@@ -3508,7 +3761,7 @@ L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last:
         jl	L_AES_GCM_init_aesni_calc_iv_lt16
         and	edx, 4294967280
 L_AES_GCM_init_aesni_calc_iv_16_loop:
-        movdqu	xmm7, [r10+rcx]
+        movdqu	xmm7, OWORD PTR [r10+rcx]
         pshufb	xmm7, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm7
         pshufd	xmm1, xmm4, 78
@@ -3575,7 +3828,7 @@ L_AES_GCM_init_aesni_calc_iv_lt16:
         sub	rsp, 16
         pxor	xmm7, xmm7
         xor	r13d, r13d
-        movdqu	[rsp], xmm7
+        movdqu	OWORD PTR [rsp], xmm7
 L_AES_GCM_init_aesni_calc_iv_loop:
         movzx	r12d, BYTE PTR [r10+rcx]
         mov	BYTE PTR [rsp+r13], r12b
@@ -3583,7 +3836,7 @@ L_AES_GCM_init_aesni_calc_iv_loop:
         inc	r13d
         cmp	ecx, edx
         jl	L_AES_GCM_init_aesni_calc_iv_loop
-        movdqu	xmm7, [rsp]
+        movdqu	xmm7, OWORD PTR [rsp]
         add	rsp, 16
         pshufb	xmm7, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm7
@@ -3734,10 +3987,10 @@ L_AES_GCM_init_aesni_iv_done:
         paddd	xmm4, OWORD PTR L_aes_gcm_one
         movdqa	OWORD PTR [rax], xmm5
         movdqa	OWORD PTR [r8], xmm4
-        movdqu	xmm6, [rsp+16]
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm8, [rsp+48]
-        movdqu	xmm15, [rsp+64]
+        movdqu	xmm6, OWORD PTR [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm8, OWORD PTR [rsp+48]
+        movdqu	xmm15, OWORD PTR [rsp+64]
         add	rsp, 80
         pop	r14
         pop	r13
@@ -3751,13 +4004,13 @@ _text SEGMENT READONLY PARA
 AES_GCM_aad_update_aesni PROC
         mov	rax, rcx
         sub	rsp, 32
-        movdqu	[rsp], xmm6
-        movdqu	[rsp+16], xmm7
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
         movdqa	xmm5, OWORD PTR [r8]
         movdqa	xmm6, OWORD PTR [r9]
         xor	ecx, ecx
 L_AES_GCM_aad_update_aesni_16_loop:
-        movdqu	xmm7, [rax+rcx]
+        movdqu	xmm7, OWORD PTR [rax+rcx]
         pshufb	xmm7, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm5, xmm7
         pshufd	xmm1, xmm5, 78
@@ -3818,8 +4071,8 @@ L_AES_GCM_aad_update_aesni_16_loop:
         cmp	ecx, edx
         jl	L_AES_GCM_aad_update_aesni_16_loop
         movdqa	OWORD PTR [r8], xmm5
-        movdqu	xmm6, [rsp]
-        movdqu	xmm7, [rsp+16]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
         add	rsp, 32
         ret
 AES_GCM_aad_update_aesni ENDP
@@ -3829,12 +4082,12 @@ AES_GCM_encrypt_block_aesni PROC
         mov	r10, r8
         mov	r11, r9
         mov	rax, QWORD PTR [rsp+40]
-        movdqu	xmm0, [rax]
+        movdqu	xmm0, OWORD PTR [rax]
         movdqa	xmm1, xmm0
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm1, OWORD PTR L_aes_gcm_one
         pxor	xmm0, [rcx]
-        movdqu	[rax], xmm1
+        movdqu	OWORD PTR [rax], xmm1
         aesenc	xmm0, [rcx+16]
         aesenc	xmm0, [rcx+32]
         aesenc	xmm0, [rcx+48]
@@ -3857,9 +4110,9 @@ AES_GCM_encrypt_block_aesni PROC
         movdqa	xmm1, OWORD PTR [rcx+224]
 L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last:
         aesenclast	xmm0, xmm1
-        movdqu	xmm1, [r11]
+        movdqu	xmm1, OWORD PTR [r11]
         pxor	xmm0, xmm1
-        movdqu	[r10], xmm0
+        movdqu	OWORD PTR [r10], xmm0
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         ret
 AES_GCM_encrypt_block_aesni ENDP
@@ -3867,11 +4120,11 @@ _text ENDS
 _text SEGMENT READONLY PARA
 AES_GCM_ghash_block_aesni PROC
         sub	rsp, 32
-        movdqu	[rsp], xmm6
-        movdqu	[rsp+16], xmm7
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
         movdqa	xmm4, OWORD PTR [rdx]
         movdqa	xmm5, OWORD PTR [r8]
-        movdqu	xmm7, [rcx]
+        movdqu	xmm7, OWORD PTR [rcx]
         pshufb	xmm7, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm4, xmm7
         pshufd	xmm1, xmm4, 78
@@ -3929,8 +4182,8 @@ AES_GCM_ghash_block_aesni PROC
         pxor	xmm2, xmm6
         pxor	xmm4, xmm2
         movdqa	OWORD PTR [rdx], xmm4
-        movdqu	xmm6, [rsp]
-        movdqu	xmm7, [rsp+16]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
         add	rsp, 32
         ret
 AES_GCM_ghash_block_aesni ENDP
@@ -3951,16 +4204,16 @@ AES_GCM_encrypt_update_aesni PROC
         mov	r14, QWORD PTR [rsp+96]
         mov	r15, QWORD PTR [rsp+104]
         sub	rsp, 320
-        movdqu	[rsp+160], xmm6
-        movdqu	[rsp+176], xmm7
-        movdqu	[rsp+192], xmm8
-        movdqu	[rsp+208], xmm9
-        movdqu	[rsp+224], xmm10
-        movdqu	[rsp+240], xmm11
-        movdqu	[rsp+256], xmm12
-        movdqu	[rsp+272], xmm13
-        movdqu	[rsp+288], xmm14
-        movdqu	[rsp+304], xmm15
+        movdqu	OWORD PTR [rsp+160], xmm6
+        movdqu	OWORD PTR [rsp+176], xmm7
+        movdqu	OWORD PTR [rsp+192], xmm8
+        movdqu	OWORD PTR [rsp+208], xmm9
+        movdqu	OWORD PTR [rsp+224], xmm10
+        movdqu	OWORD PTR [rsp+240], xmm11
+        movdqu	OWORD PTR [rsp+256], xmm12
+        movdqu	OWORD PTR [rsp+272], xmm13
+        movdqu	OWORD PTR [rsp+288], xmm14
+        movdqu	OWORD PTR [rsp+304], xmm15
         movdqa	xmm6, OWORD PTR [r12]
         movdqa	xmm5, OWORD PTR [r14]
         movdqa	xmm9, xmm5
@@ -3980,7 +4233,7 @@ AES_GCM_encrypt_update_aesni PROC
         and	r13d, 4294967168
         movdqa	xmm2, xmm6
         ; H ^ 1
-        movdqu	[rsp], xmm5
+        movdqu	OWORD PTR [rsp], xmm5
         ; H ^ 2
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm5, 78
@@ -4022,7 +4275,7 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm0, xmm14
-        movdqu	[rsp+16], xmm0
+        movdqu	OWORD PTR [rsp+16], xmm0
         ; H ^ 3
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm0, 78
@@ -4064,7 +4317,7 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm1, xmm14
-        movdqu	[rsp+32], xmm1
+        movdqu	OWORD PTR [rsp+32], xmm1
         ; H ^ 4
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm0, 78
@@ -4106,7 +4359,7 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm3, xmm14
-        movdqu	[rsp+48], xmm3
+        movdqu	OWORD PTR [rsp+48], xmm3
         ; H ^ 5
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm1, 78
@@ -4148,7 +4401,7 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+64], xmm7
+        movdqu	OWORD PTR [rsp+64], xmm7
         ; H ^ 6
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm1, 78
@@ -4190,7 +4443,7 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+80], xmm7
+        movdqu	OWORD PTR [rsp+80], xmm7
         ; H ^ 7
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm3, 78
@@ -4232,7 +4485,7 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+96], xmm7
+        movdqu	OWORD PTR [rsp+96], xmm7
         ; H ^ 8
         pshufd	xmm9, xmm3, 78
         pshufd	xmm10, xmm3, 78
@@ -4274,9 +4527,9 @@ AES_GCM_encrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+112], xmm7
+        movdqu	OWORD PTR [rsp+112], xmm7
         ; First 128 bytes of input
-        movdqu	xmm8, [r15]
+        movdqu	xmm8, OWORD PTR [r15]
         movdqa	xmm1, OWORD PTR L_aes_gcm_bswap_epi64
         movdqa	xmm0, xmm8
         pshufb	xmm8, xmm1
@@ -4303,7 +4556,7 @@ AES_GCM_encrypt_update_aesni PROC
         pshufb	xmm15, xmm1
         paddd	xmm0, OWORD PTR L_aes_gcm_eight
         movdqa	xmm7, OWORD PTR [rax]
-        movdqu	[r15], xmm0
+        movdqu	OWORD PTR [r15], xmm0
         pxor	xmm8, xmm7
         pxor	xmm9, xmm7
         pxor	xmm10, xmm7
@@ -4437,36 +4690,36 @@ AES_GCM_encrypt_update_aesni PROC
 L_AES_GCM_encrypt_update_aesni_enc_done:
         aesenclast	xmm8, xmm7
         aesenclast	xmm9, xmm7
-        movdqu	xmm0, [r11]
-        movdqu	xmm1, [r11+16]
+        movdqu	xmm0, OWORD PTR [r11]
+        movdqu	xmm1, OWORD PTR [r11+16]
         pxor	xmm8, xmm0
         pxor	xmm9, xmm1
-        movdqu	[r10], xmm8
-        movdqu	[r10+16], xmm9
+        movdqu	OWORD PTR [r10], xmm8
+        movdqu	OWORD PTR [r10+16], xmm9
         aesenclast	xmm10, xmm7
         aesenclast	xmm11, xmm7
-        movdqu	xmm0, [r11+32]
-        movdqu	xmm1, [r11+48]
+        movdqu	xmm0, OWORD PTR [r11+32]
+        movdqu	xmm1, OWORD PTR [r11+48]
         pxor	xmm10, xmm0
         pxor	xmm11, xmm1
-        movdqu	[r10+32], xmm10
-        movdqu	[r10+48], xmm11
+        movdqu	OWORD PTR [r10+32], xmm10
+        movdqu	OWORD PTR [r10+48], xmm11
         aesenclast	xmm12, xmm7
         aesenclast	xmm13, xmm7
-        movdqu	xmm0, [r11+64]
-        movdqu	xmm1, [r11+80]
+        movdqu	xmm0, OWORD PTR [r11+64]
+        movdqu	xmm1, OWORD PTR [r11+80]
         pxor	xmm12, xmm0
         pxor	xmm13, xmm1
-        movdqu	[r10+64], xmm12
-        movdqu	[r10+80], xmm13
+        movdqu	OWORD PTR [r10+64], xmm12
+        movdqu	OWORD PTR [r10+80], xmm13
         aesenclast	xmm14, xmm7
         aesenclast	xmm15, xmm7
-        movdqu	xmm0, [r11+96]
-        movdqu	xmm1, [r11+112]
+        movdqu	xmm0, OWORD PTR [r11+96]
+        movdqu	xmm1, OWORD PTR [r11+112]
         pxor	xmm14, xmm0
         pxor	xmm15, xmm1
-        movdqu	[r10+96], xmm14
-        movdqu	[r10+112], xmm15
+        movdqu	OWORD PTR [r10+96], xmm14
+        movdqu	OWORD PTR [r10+112], xmm15
         cmp	r13d, 128
         mov	edi, 128
         jle	L_AES_GCM_encrypt_update_aesni_end_128
@@ -4474,7 +4727,7 @@ L_AES_GCM_encrypt_update_aesni_enc_done:
 L_AES_GCM_encrypt_update_aesni_ghash_128:
         lea	rcx, QWORD PTR [r11+rdi]
         lea	rdx, QWORD PTR [r10+rdi]
-        movdqu	xmm8, [r15]
+        movdqu	xmm8, OWORD PTR [r15]
         movdqa	xmm1, OWORD PTR L_aes_gcm_bswap_epi64
         movdqa	xmm0, xmm8
         pshufb	xmm8, xmm1
@@ -4501,7 +4754,7 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pshufb	xmm15, xmm1
         paddd	xmm0, OWORD PTR L_aes_gcm_eight
         movdqa	xmm7, OWORD PTR [rax]
-        movdqu	[r15], xmm0
+        movdqu	OWORD PTR [r15], xmm0
         pxor	xmm8, xmm7
         pxor	xmm9, xmm7
         pxor	xmm10, xmm7
@@ -4510,8 +4763,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm13, xmm7
         pxor	xmm14, xmm7
         pxor	xmm15, xmm7
-        movdqu	xmm7, [rsp+112]
-        movdqu	xmm0, [rdx+-128]
+        movdqu	xmm7, OWORD PTR [rsp+112]
+        movdqu	xmm0, OWORD PTR [rdx+-128]
         aesenc	xmm8, [rax+16]
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm0, xmm2
@@ -4533,8 +4786,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         aesenc	xmm15, [rax+16]
         pxor	xmm1, xmm2
         pxor	xmm1, xmm3
-        movdqu	xmm7, [rsp+96]
-        movdqu	xmm0, [rdx+-112]
+        movdqu	xmm7, OWORD PTR [rsp+96]
+        movdqu	xmm0, OWORD PTR [rdx+-112]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+32]
@@ -4557,8 +4810,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+80]
-        movdqu	xmm0, [rdx+-96]
+        movdqu	xmm7, OWORD PTR [rsp+80]
+        movdqu	xmm0, OWORD PTR [rdx+-96]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+48]
@@ -4581,8 +4834,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+64]
-        movdqu	xmm0, [rdx+-80]
+        movdqu	xmm7, OWORD PTR [rsp+64]
+        movdqu	xmm0, OWORD PTR [rdx+-80]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+64]
@@ -4605,8 +4858,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+48]
-        movdqu	xmm0, [rdx+-64]
+        movdqu	xmm7, OWORD PTR [rsp+48]
+        movdqu	xmm0, OWORD PTR [rdx+-64]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+80]
@@ -4629,8 +4882,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm0, [rdx+-48]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm0, OWORD PTR [rdx+-48]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+96]
@@ -4653,8 +4906,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+16]
-        movdqu	xmm0, [rdx+-32]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm0, OWORD PTR [rdx+-32]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+112]
@@ -4677,8 +4930,8 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp]
-        movdqu	xmm0, [rdx+-16]
+        movdqu	xmm7, OWORD PTR [rsp]
+        movdqu	xmm0, OWORD PTR [rdx+-16]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+128]
@@ -4781,36 +5034,36 @@ L_AES_GCM_encrypt_update_aesni_ghash_128:
 L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done:
         aesenclast	xmm8, xmm7
         aesenclast	xmm9, xmm7
-        movdqu	xmm0, [rcx]
-        movdqu	xmm1, [rcx+16]
+        movdqu	xmm0, OWORD PTR [rcx]
+        movdqu	xmm1, OWORD PTR [rcx+16]
         pxor	xmm8, xmm0
         pxor	xmm9, xmm1
-        movdqu	[rdx], xmm8
-        movdqu	[rdx+16], xmm9
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
         aesenclast	xmm10, xmm7
         aesenclast	xmm11, xmm7
-        movdqu	xmm0, [rcx+32]
-        movdqu	xmm1, [rcx+48]
+        movdqu	xmm0, OWORD PTR [rcx+32]
+        movdqu	xmm1, OWORD PTR [rcx+48]
         pxor	xmm10, xmm0
         pxor	xmm11, xmm1
-        movdqu	[rdx+32], xmm10
-        movdqu	[rdx+48], xmm11
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
         aesenclast	xmm12, xmm7
         aesenclast	xmm13, xmm7
-        movdqu	xmm0, [rcx+64]
-        movdqu	xmm1, [rcx+80]
+        movdqu	xmm0, OWORD PTR [rcx+64]
+        movdqu	xmm1, OWORD PTR [rcx+80]
         pxor	xmm12, xmm0
         pxor	xmm13, xmm1
-        movdqu	[rdx+64], xmm12
-        movdqu	[rdx+80], xmm13
+        movdqu	OWORD PTR [rdx+64], xmm12
+        movdqu	OWORD PTR [rdx+80], xmm13
         aesenclast	xmm14, xmm7
         aesenclast	xmm15, xmm7
-        movdqu	xmm0, [rcx+96]
-        movdqu	xmm1, [rcx+112]
+        movdqu	xmm0, OWORD PTR [rcx+96]
+        movdqu	xmm1, OWORD PTR [rcx+112]
         pxor	xmm14, xmm0
         pxor	xmm15, xmm1
-        movdqu	[rdx+96], xmm14
-        movdqu	[rdx+112], xmm15
+        movdqu	OWORD PTR [rdx+96], xmm14
+        movdqu	OWORD PTR [rdx+112], xmm15
         add	edi, 128
         cmp	edi, r13d
         jl	L_AES_GCM_encrypt_update_aesni_ghash_128
@@ -4825,7 +5078,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         pshufb	xmm13, xmm4
         pshufb	xmm14, xmm4
         pshufb	xmm15, xmm4
-        movdqu	xmm7, [rsp+112]
+        movdqu	xmm7, OWORD PTR [rsp+112]
         pshufd	xmm1, xmm8, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4844,7 +5097,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+96]
+        movdqu	xmm7, OWORD PTR [rsp+96]
         pshufd	xmm1, xmm9, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4863,7 +5116,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+80]
+        movdqu	xmm7, OWORD PTR [rsp+80]
         pshufd	xmm1, xmm10, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4882,7 +5135,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+64]
+        movdqu	xmm7, OWORD PTR [rsp+64]
         pshufd	xmm1, xmm11, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4901,7 +5154,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+48]
+        movdqu	xmm7, OWORD PTR [rsp+48]
         pshufd	xmm1, xmm12, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4920,7 +5173,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+32]
+        movdqu	xmm7, OWORD PTR [rsp+32]
         pshufd	xmm1, xmm13, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4939,7 +5192,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+16]
         pshufd	xmm1, xmm14, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -4958,7 +5211,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         psrldq	xmm1, 8
         pxor	xmm4, xmm2
         pxor	xmm6, xmm1
-        movdqu	xmm7, [rsp]
+        movdqu	xmm7, OWORD PTR [rsp]
         pshufd	xmm1, xmm15, 78
         pshufd	xmm2, xmm7, 78
         movdqa	xmm3, xmm7
@@ -5000,7 +5253,7 @@ L_AES_GCM_encrypt_update_aesni_end_128:
         pxor	xmm2, xmm1
         pxor	xmm2, xmm4
         pxor	xmm6, xmm2
-        movdqu	xmm5, [rsp]
+        movdqu	xmm5, OWORD PTR [rsp]
 L_AES_GCM_encrypt_update_aesni_done_128:
         mov	edx, r9d
         cmp	edi, edx
@@ -5011,12 +5264,12 @@ L_AES_GCM_encrypt_update_aesni_done_128:
         jge	L_AES_GCM_encrypt_update_aesni_last_block_done
         lea	rcx, QWORD PTR [r11+rdi]
         lea	rdx, QWORD PTR [r10+rdi]
-        movdqu	xmm8, [r15]
+        movdqu	xmm8, OWORD PTR [r15]
         movdqa	xmm9, xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm9, OWORD PTR L_aes_gcm_one
         pxor	xmm8, [rax]
-        movdqu	[r15], xmm9
+        movdqu	OWORD PTR [r15], xmm9
         aesenc	xmm8, [rax+16]
         aesenc	xmm8, [rax+32]
         aesenc	xmm8, [rax+48]
@@ -5039,9 +5292,9 @@ L_AES_GCM_encrypt_update_aesni_done_128:
         movdqa	xmm9, OWORD PTR [rax+224]
 L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last:
         aesenclast	xmm8, xmm9
-        movdqu	xmm9, [rcx]
+        movdqu	xmm9, OWORD PTR [rcx]
         pxor	xmm8, xmm9
-        movdqu	[rdx], xmm8
+        movdqu	OWORD PTR [rdx], xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
         add	edi, 16
@@ -5050,12 +5303,12 @@ L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last:
 L_AES_GCM_encrypt_update_aesni_last_block_start:
         lea	rcx, QWORD PTR [r11+rdi]
         lea	rdx, QWORD PTR [r10+rdi]
-        movdqu	xmm8, [r15]
+        movdqu	xmm8, OWORD PTR [r15]
         movdqa	xmm9, xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm9, OWORD PTR L_aes_gcm_one
         pxor	xmm8, [rax]
-        movdqu	[r15], xmm9
+        movdqu	OWORD PTR [r15], xmm9
         movdqa	xmm10, xmm6
         pclmulqdq	xmm10, xmm5, 16
         aesenc	xmm8, [rax+16]
@@ -5103,9 +5356,9 @@ L_AES_GCM_encrypt_update_aesni_last_block_start:
         movdqa	xmm9, OWORD PTR [rax+224]
 L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last:
         aesenclast	xmm8, xmm9
-        movdqu	xmm9, [rcx]
+        movdqu	xmm9, OWORD PTR [rcx]
         pxor	xmm8, xmm9
-        movdqu	[rdx], xmm8
+        movdqu	OWORD PTR [rdx], xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm6, xmm8
         add	edi, 16
@@ -5155,16 +5408,16 @@ L_AES_GCM_encrypt_update_aesni_last_block_ghash:
 L_AES_GCM_encrypt_update_aesni_last_block_done:
 L_AES_GCM_encrypt_update_aesni_done_enc:
         movdqa	OWORD PTR [r12], xmm6
-        movdqu	xmm6, [rsp+160]
-        movdqu	xmm7, [rsp+176]
-        movdqu	xmm8, [rsp+192]
-        movdqu	xmm9, [rsp+208]
-        movdqu	xmm10, [rsp+224]
-        movdqu	xmm11, [rsp+240]
-        movdqu	xmm12, [rsp+256]
-        movdqu	xmm13, [rsp+272]
-        movdqu	xmm14, [rsp+288]
-        movdqu	xmm15, [rsp+304]
+        movdqu	xmm6, OWORD PTR [rsp+160]
+        movdqu	xmm7, OWORD PTR [rsp+176]
+        movdqu	xmm8, OWORD PTR [rsp+192]
+        movdqu	xmm9, OWORD PTR [rsp+208]
+        movdqu	xmm10, OWORD PTR [rsp+224]
+        movdqu	xmm11, OWORD PTR [rsp+240]
+        movdqu	xmm12, OWORD PTR [rsp+256]
+        movdqu	xmm13, OWORD PTR [rsp+272]
+        movdqu	xmm14, OWORD PTR [rsp+288]
+        movdqu	xmm15, OWORD PTR [rsp+304]
         add	rsp, 320
         pop	rdi
         pop	r15
@@ -5186,14 +5439,14 @@ AES_GCM_encrypt_final_aesni PROC
         mov	r12, QWORD PTR [rsp+72]
         mov	r14, QWORD PTR [rsp+80]
         sub	rsp, 144
-        movdqu	[rsp+16], xmm6
-        movdqu	[rsp+32], xmm7
-        movdqu	[rsp+48], xmm8
-        movdqu	[rsp+64], xmm9
-        movdqu	[rsp+80], xmm10
-        movdqu	[rsp+96], xmm11
-        movdqu	[rsp+112], xmm12
-        movdqu	[rsp+128], xmm13
+        movdqu	OWORD PTR [rsp+16], xmm6
+        movdqu	OWORD PTR [rsp+32], xmm7
+        movdqu	OWORD PTR [rsp+48], xmm8
+        movdqu	OWORD PTR [rsp+64], xmm9
+        movdqu	OWORD PTR [rsp+80], xmm10
+        movdqu	OWORD PTR [rsp+96], xmm11
+        movdqu	OWORD PTR [rsp+112], xmm12
+        movdqu	OWORD PTR [rsp+128], xmm13
         movdqa	xmm4, OWORD PTR [rax]
         movdqa	xmm5, OWORD PTR [r12]
         movdqa	xmm6, OWORD PTR [r14]
@@ -5260,7 +5513,7 @@ AES_GCM_encrypt_final_aesni PROC
         cmp	r8d, 16
         je	L_AES_GCM_encrypt_final_aesni_store_tag_16
         xor	rcx, rcx
-        movdqu	[rsp], xmm0
+        movdqu	OWORD PTR [rsp], xmm0
 L_AES_GCM_encrypt_final_aesni_store_tag_loop:
         movzx	r13d, BYTE PTR [rsp+rcx]
         mov	BYTE PTR [r9+rcx], r13b
@@ -5269,16 +5522,16 @@ L_AES_GCM_encrypt_final_aesni_store_tag_loop:
         jne	L_AES_GCM_encrypt_final_aesni_store_tag_loop
         jmp	L_AES_GCM_encrypt_final_aesni_store_tag_done
 L_AES_GCM_encrypt_final_aesni_store_tag_16:
-        movdqu	[r9], xmm0
+        movdqu	OWORD PTR [r9], xmm0
 L_AES_GCM_encrypt_final_aesni_store_tag_done:
-        movdqu	xmm6, [rsp+16]
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm8, [rsp+48]
-        movdqu	xmm9, [rsp+64]
-        movdqu	xmm10, [rsp+80]
-        movdqu	xmm11, [rsp+96]
-        movdqu	xmm12, [rsp+112]
-        movdqu	xmm13, [rsp+128]
+        movdqu	xmm6, OWORD PTR [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm8, OWORD PTR [rsp+48]
+        movdqu	xmm9, OWORD PTR [rsp+64]
+        movdqu	xmm10, OWORD PTR [rsp+80]
+        movdqu	xmm11, OWORD PTR [rsp+96]
+        movdqu	xmm12, OWORD PTR [rsp+112]
+        movdqu	xmm13, OWORD PTR [rsp+128]
         add	rsp, 144
         pop	r14
         pop	r12
@@ -5303,16 +5556,16 @@ AES_GCM_decrypt_update_aesni PROC
         mov	r14, QWORD PTR [rsp+104]
         mov	r15, QWORD PTR [rsp+112]
         sub	rsp, 328
-        movdqu	[rsp+168], xmm6
-        movdqu	[rsp+184], xmm7
-        movdqu	[rsp+200], xmm8
-        movdqu	[rsp+216], xmm9
-        movdqu	[rsp+232], xmm10
-        movdqu	[rsp+248], xmm11
-        movdqu	[rsp+264], xmm12
-        movdqu	[rsp+280], xmm13
-        movdqu	[rsp+296], xmm14
-        movdqu	[rsp+312], xmm15
+        movdqu	OWORD PTR [rsp+168], xmm6
+        movdqu	OWORD PTR [rsp+184], xmm7
+        movdqu	OWORD PTR [rsp+200], xmm8
+        movdqu	OWORD PTR [rsp+216], xmm9
+        movdqu	OWORD PTR [rsp+232], xmm10
+        movdqu	OWORD PTR [rsp+248], xmm11
+        movdqu	OWORD PTR [rsp+264], xmm12
+        movdqu	OWORD PTR [rsp+280], xmm13
+        movdqu	OWORD PTR [rsp+296], xmm14
+        movdqu	OWORD PTR [rsp+312], xmm15
         movdqa	xmm6, OWORD PTR [r12]
         movdqa	xmm5, OWORD PTR [r14]
         movdqa	xmm9, xmm5
@@ -5332,7 +5585,7 @@ AES_GCM_decrypt_update_aesni PROC
         and	r13d, 4294967168
         movdqa	xmm2, xmm6
         ; H ^ 1
-        movdqu	[rsp], xmm5
+        movdqu	OWORD PTR [rsp], xmm5
         ; H ^ 2
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm5, 78
@@ -5374,7 +5627,7 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm0, xmm14
-        movdqu	[rsp+16], xmm0
+        movdqu	OWORD PTR [rsp+16], xmm0
         ; H ^ 3
         pshufd	xmm9, xmm5, 78
         pshufd	xmm10, xmm0, 78
@@ -5416,7 +5669,7 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm1, xmm14
-        movdqu	[rsp+32], xmm1
+        movdqu	OWORD PTR [rsp+32], xmm1
         ; H ^ 4
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm0, 78
@@ -5458,7 +5711,7 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm3, xmm14
-        movdqu	[rsp+48], xmm3
+        movdqu	OWORD PTR [rsp+48], xmm3
         ; H ^ 5
         pshufd	xmm9, xmm0, 78
         pshufd	xmm10, xmm1, 78
@@ -5500,7 +5753,7 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+64], xmm7
+        movdqu	OWORD PTR [rsp+64], xmm7
         ; H ^ 6
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm1, 78
@@ -5542,7 +5795,7 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+80], xmm7
+        movdqu	OWORD PTR [rsp+80], xmm7
         ; H ^ 7
         pshufd	xmm9, xmm1, 78
         pshufd	xmm10, xmm3, 78
@@ -5584,7 +5837,7 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+96], xmm7
+        movdqu	OWORD PTR [rsp+96], xmm7
         ; H ^ 8
         pshufd	xmm9, xmm3, 78
         pshufd	xmm10, xmm3, 78
@@ -5626,11 +5879,11 @@ AES_GCM_decrypt_update_aesni PROC
         pxor	xmm14, xmm13
         pxor	xmm14, xmm8
         pxor	xmm7, xmm14
-        movdqu	[rsp+112], xmm7
+        movdqu	OWORD PTR [rsp+112], xmm7
 L_AES_GCM_decrypt_update_aesni_ghash_128:
         lea	rcx, QWORD PTR [r11+rdi]
         lea	rdx, QWORD PTR [r10+rdi]
-        movdqu	xmm8, [r15]
+        movdqu	xmm8, OWORD PTR [r15]
         movdqa	xmm1, OWORD PTR L_aes_gcm_bswap_epi64
         movdqa	xmm0, xmm8
         pshufb	xmm8, xmm1
@@ -5657,7 +5910,7 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pshufb	xmm15, xmm1
         paddd	xmm0, OWORD PTR L_aes_gcm_eight
         movdqa	xmm7, OWORD PTR [rax]
-        movdqu	[r15], xmm0
+        movdqu	OWORD PTR [r15], xmm0
         pxor	xmm8, xmm7
         pxor	xmm9, xmm7
         pxor	xmm10, xmm7
@@ -5666,8 +5919,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm13, xmm7
         pxor	xmm14, xmm7
         pxor	xmm15, xmm7
-        movdqu	xmm7, [rsp+112]
-        movdqu	xmm0, [rcx]
+        movdqu	xmm7, OWORD PTR [rsp+112]
+        movdqu	xmm0, OWORD PTR [rcx]
         aesenc	xmm8, [rax+16]
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm0, xmm2
@@ -5689,8 +5942,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         aesenc	xmm15, [rax+16]
         pxor	xmm1, xmm2
         pxor	xmm1, xmm3
-        movdqu	xmm7, [rsp+96]
-        movdqu	xmm0, [rcx+16]
+        movdqu	xmm7, OWORD PTR [rsp+96]
+        movdqu	xmm0, OWORD PTR [rcx+16]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+32]
@@ -5713,8 +5966,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+80]
-        movdqu	xmm0, [rcx+32]
+        movdqu	xmm7, OWORD PTR [rsp+80]
+        movdqu	xmm0, OWORD PTR [rcx+32]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+48]
@@ -5737,8 +5990,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+64]
-        movdqu	xmm0, [rcx+48]
+        movdqu	xmm7, OWORD PTR [rsp+64]
+        movdqu	xmm0, OWORD PTR [rcx+48]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+64]
@@ -5761,8 +6014,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+48]
-        movdqu	xmm0, [rcx+64]
+        movdqu	xmm7, OWORD PTR [rsp+48]
+        movdqu	xmm0, OWORD PTR [rcx+64]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+80]
@@ -5785,8 +6038,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm0, [rcx+80]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm0, OWORD PTR [rcx+80]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+96]
@@ -5809,8 +6062,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp+16]
-        movdqu	xmm0, [rcx+96]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm0, OWORD PTR [rcx+96]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+112]
@@ -5833,8 +6086,8 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
         pxor	xmm1, xmm6
         pxor	xmm3, xmm6
         pxor	xmm1, xmm4
-        movdqu	xmm7, [rsp]
-        movdqu	xmm0, [rcx+112]
+        movdqu	xmm7, OWORD PTR [rsp]
+        movdqu	xmm0, OWORD PTR [rcx+112]
         pshufd	xmm4, xmm7, 78
         pshufb	xmm0, OWORD PTR L_aes_gcm_bswap_mask
         aesenc	xmm8, [rax+128]
@@ -5937,41 +6190,41 @@ L_AES_GCM_decrypt_update_aesni_ghash_128:
 L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done:
         aesenclast	xmm8, xmm7
         aesenclast	xmm9, xmm7
-        movdqu	xmm0, [rcx]
-        movdqu	xmm1, [rcx+16]
+        movdqu	xmm0, OWORD PTR [rcx]
+        movdqu	xmm1, OWORD PTR [rcx+16]
         pxor	xmm8, xmm0
         pxor	xmm9, xmm1
-        movdqu	[rdx], xmm8
-        movdqu	[rdx+16], xmm9
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
         aesenclast	xmm10, xmm7
         aesenclast	xmm11, xmm7
-        movdqu	xmm0, [rcx+32]
-        movdqu	xmm1, [rcx+48]
+        movdqu	xmm0, OWORD PTR [rcx+32]
+        movdqu	xmm1, OWORD PTR [rcx+48]
         pxor	xmm10, xmm0
         pxor	xmm11, xmm1
-        movdqu	[rdx+32], xmm10
-        movdqu	[rdx+48], xmm11
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
         aesenclast	xmm12, xmm7
         aesenclast	xmm13, xmm7
-        movdqu	xmm0, [rcx+64]
-        movdqu	xmm1, [rcx+80]
+        movdqu	xmm0, OWORD PTR [rcx+64]
+        movdqu	xmm1, OWORD PTR [rcx+80]
         pxor	xmm12, xmm0
         pxor	xmm13, xmm1
-        movdqu	[rdx+64], xmm12
-        movdqu	[rdx+80], xmm13
+        movdqu	OWORD PTR [rdx+64], xmm12
+        movdqu	OWORD PTR [rdx+80], xmm13
         aesenclast	xmm14, xmm7
         aesenclast	xmm15, xmm7
-        movdqu	xmm0, [rcx+96]
-        movdqu	xmm1, [rcx+112]
+        movdqu	xmm0, OWORD PTR [rcx+96]
+        movdqu	xmm1, OWORD PTR [rcx+112]
         pxor	xmm14, xmm0
         pxor	xmm15, xmm1
-        movdqu	[rdx+96], xmm14
-        movdqu	[rdx+112], xmm15
+        movdqu	OWORD PTR [rdx+96], xmm14
+        movdqu	OWORD PTR [rdx+112], xmm15
         add	edi, 128
         cmp	edi, r13d
         jl	L_AES_GCM_decrypt_update_aesni_ghash_128
         movdqa	xmm6, xmm2
-        movdqu	xmm5, [rsp]
+        movdqu	xmm5, OWORD PTR [rsp]
 L_AES_GCM_decrypt_update_aesni_done_128:
         mov	edx, r9d
         cmp	edi, edx
@@ -5983,16 +6236,16 @@ L_AES_GCM_decrypt_update_aesni_done_128:
 L_AES_GCM_decrypt_update_aesni_last_block_start:
         lea	rcx, QWORD PTR [r11+rdi]
         lea	rdx, QWORD PTR [r10+rdi]
-        movdqu	xmm1, [rcx]
+        movdqu	xmm1, OWORD PTR [rcx]
         movdqa	xmm0, xmm5
         pshufb	xmm1, OWORD PTR L_aes_gcm_bswap_mask
         pxor	xmm1, xmm6
-        movdqu	xmm8, [r15]
+        movdqu	xmm8, OWORD PTR [r15]
         movdqa	xmm9, xmm8
         pshufb	xmm8, OWORD PTR L_aes_gcm_bswap_epi64
         paddd	xmm9, OWORD PTR L_aes_gcm_one
         pxor	xmm8, [rax]
-        movdqu	[r15], xmm9
+        movdqu	OWORD PTR [r15], xmm9
         movdqa	xmm10, xmm1
         pclmulqdq	xmm10, xmm0, 16
         aesenc	xmm8, [rax+16]
@@ -6040,25 +6293,25 @@ L_AES_GCM_decrypt_update_aesni_last_block_start:
         movdqa	xmm9, OWORD PTR [rax+224]
 L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last:
         aesenclast	xmm8, xmm9
-        movdqu	xmm9, [rcx]
+        movdqu	xmm9, OWORD PTR [rcx]
         pxor	xmm8, xmm9
-        movdqu	[rdx], xmm8
+        movdqu	OWORD PTR [rdx], xmm8
         add	edi, 16
         cmp	edi, r13d
         jl	L_AES_GCM_decrypt_update_aesni_last_block_start
 L_AES_GCM_decrypt_update_aesni_last_block_done:
 L_AES_GCM_decrypt_update_aesni_done_dec:
         movdqa	OWORD PTR [r12], xmm6
-        movdqu	xmm6, [rsp+168]
-        movdqu	xmm7, [rsp+184]
-        movdqu	xmm8, [rsp+200]
-        movdqu	xmm9, [rsp+216]
-        movdqu	xmm10, [rsp+232]
-        movdqu	xmm11, [rsp+248]
-        movdqu	xmm12, [rsp+264]
-        movdqu	xmm13, [rsp+280]
-        movdqu	xmm14, [rsp+296]
-        movdqu	xmm15, [rsp+312]
+        movdqu	xmm6, OWORD PTR [rsp+168]
+        movdqu	xmm7, OWORD PTR [rsp+184]
+        movdqu	xmm8, OWORD PTR [rsp+200]
+        movdqu	xmm9, OWORD PTR [rsp+216]
+        movdqu	xmm10, OWORD PTR [rsp+232]
+        movdqu	xmm11, OWORD PTR [rsp+248]
+        movdqu	xmm12, OWORD PTR [rsp+264]
+        movdqu	xmm13, OWORD PTR [rsp+280]
+        movdqu	xmm14, OWORD PTR [rsp+296]
+        movdqu	xmm15, OWORD PTR [rsp+312]
         add	rsp, 328
         pop	rsi
         pop	rdi
@@ -6084,15 +6337,15 @@ AES_GCM_decrypt_final_aesni PROC
         mov	r14, QWORD PTR [rsp+96]
         mov	rbp, QWORD PTR [rsp+104]
         sub	rsp, 160
-        movdqu	[rsp+16], xmm6
-        movdqu	[rsp+32], xmm7
-        movdqu	[rsp+48], xmm8
-        movdqu	[rsp+64], xmm9
-        movdqu	[rsp+80], xmm10
-        movdqu	[rsp+96], xmm11
-        movdqu	[rsp+112], xmm12
-        movdqu	[rsp+128], xmm13
-        movdqu	[rsp+144], xmm15
+        movdqu	OWORD PTR [rsp+16], xmm6
+        movdqu	OWORD PTR [rsp+32], xmm7
+        movdqu	OWORD PTR [rsp+48], xmm8
+        movdqu	OWORD PTR [rsp+64], xmm9
+        movdqu	OWORD PTR [rsp+80], xmm10
+        movdqu	OWORD PTR [rsp+96], xmm11
+        movdqu	OWORD PTR [rsp+112], xmm12
+        movdqu	OWORD PTR [rsp+128], xmm13
+        movdqu	OWORD PTR [rsp+144], xmm15
         movdqa	xmm6, OWORD PTR [rax]
         movdqa	xmm5, OWORD PTR [r12]
         movdqa	xmm15, OWORD PTR [r14]
@@ -6161,7 +6414,7 @@ AES_GCM_decrypt_final_aesni PROC
         sub	rsp, 16
         xor	rcx, rcx
         xor	r15, r15
-        movdqu	[rsp], xmm0
+        movdqu	OWORD PTR [rsp], xmm0
 L_AES_GCM_decrypt_final_aesni_cmp_tag_loop:
         movzx	r13d, BYTE PTR [rsp+rcx]
         xor	r13b, BYTE PTR [r9+rcx]
@@ -6169,13 +6422,13 @@ L_AES_GCM_decrypt_final_aesni_cmp_tag_loop:
         inc	ecx
         cmp	ecx, r8d
         jne	L_AES_GCM_decrypt_final_aesni_cmp_tag_loop
-        cmp	r15, 0
+        cmp	r15b, 0
         sete	r15b
         add	rsp, 16
         xor	rcx, rcx
         jmp	L_AES_GCM_decrypt_final_aesni_cmp_tag_done
 L_AES_GCM_decrypt_final_aesni_cmp_tag_16:
-        movdqu	xmm1, [r9]
+        movdqu	xmm1, OWORD PTR [r9]
         pcmpeqb	xmm0, xmm1
         pmovmskb	rdx, xmm0
         ; %%edx == 0xFFFF then return 1 else => return 0
@@ -6184,15 +6437,15 @@ L_AES_GCM_decrypt_final_aesni_cmp_tag_16:
         sete	r15b
 L_AES_GCM_decrypt_final_aesni_cmp_tag_done:
         mov	DWORD PTR [rbp], r15d
-        movdqu	xmm6, [rsp+16]
-        movdqu	xmm7, [rsp+32]
-        movdqu	xmm8, [rsp+48]
-        movdqu	xmm9, [rsp+64]
-        movdqu	xmm10, [rsp+80]
-        movdqu	xmm11, [rsp+96]
-        movdqu	xmm12, [rsp+112]
-        movdqu	xmm13, [rsp+128]
-        movdqu	xmm15, [rsp+144]
+        movdqu	xmm6, OWORD PTR [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm8, OWORD PTR [rsp+48]
+        movdqu	xmm9, OWORD PTR [rsp+64]
+        movdqu	xmm10, OWORD PTR [rsp+80]
+        movdqu	xmm11, OWORD PTR [rsp+96]
+        movdqu	xmm12, OWORD PTR [rsp+112]
+        movdqu	xmm13, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         pop	r15
         pop	rbp
@@ -6205,6 +6458,225 @@ _text ENDS
 IFDEF HAVE_INTEL_AVX1
 _DATA SEGMENT
 ALIGN 16
+L_GCM_generate_m0_avx1_rev8 QWORD 579005069656919567, 283686952306183
+ptr_L_GCM_generate_m0_avx1_rev8 QWORD L_GCM_generate_m0_avx1_rev8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_avx1_mod2_128 QWORD 0, 16212958658533785600
+ptr_L_GCM_generate_m0_avx1_mod2_128 QWORD L_GCM_generate_m0_avx1_mod2_128
+_DATA ENDS
+_text SEGMENT READONLY PARA
+GCM_generate_m0_avx1 PROC
+        sub	rsp, 80
+        vmovdqu	OWORD PTR [rsp], xmm6
+        vmovdqu	OWORD PTR [rsp+16], xmm7
+        vmovdqu	OWORD PTR [rsp+32], xmm8
+        vmovdqu	OWORD PTR [rsp+48], xmm9
+        vmovdqu	OWORD PTR [rsp+64], xmm10
+        vmovdqu	xmm9, OWORD PTR L_GCM_generate_m0_avx1_rev8
+        vmovdqu	xmm10, OWORD PTR L_GCM_generate_m0_avx1_mod2_128
+        vpxor	xmm8, xmm8, xmm8
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	xmm8, xmm0
+        vpshufb	xmm0, xmm0, xmm9
+        vpsllq	xmm5, xmm0, 63
+        vpsrlq	xmm4, xmm0, 1
+        vpslldq	xmm1, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm1, xmm1, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm1, xmm1, 31
+        vpand	xmm1, xmm1, xmm10
+        vpxor	xmm1, xmm1, xmm4
+        vpsllq	xmm5, xmm1, 63
+        vpsrlq	xmm4, xmm1, 1
+        vpslldq	xmm2, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm2, xmm2, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm2, xmm2, 31
+        vpand	xmm2, xmm2, xmm10
+        vpxor	xmm2, xmm2, xmm4
+        vpsllq	xmm5, xmm2, 63
+        vpsrlq	xmm4, xmm2, 1
+        vpslldq	xmm3, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm3, xmm3, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm3, xmm3, 31
+        vpand	xmm3, xmm3, xmm10
+        vpxor	xmm3, xmm3, xmm4
+        vpshufb	xmm3, xmm3, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm0, xmm0, xmm9
+        vpxor	xmm8, xmm3, xmm2
+        vmovdqu	OWORD PTR [rdx+16], xmm3
+        vmovdqu	OWORD PTR [rdx+32], xmm2
+        vmovdqu	OWORD PTR [rdx+48], xmm8
+        vmovdqu	OWORD PTR [rdx+64], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+80], xmm4
+        vmovdqu	OWORD PTR [rdx+96], xmm5
+        vmovdqu	OWORD PTR [rdx+112], xmm6
+        vmovdqu	OWORD PTR [rdx+128], xmm0
+        vpxor	xmm1, xmm1, xmm0
+        vpxor	xmm4, xmm3, xmm0
+        vpxor	xmm6, xmm2, xmm0
+        vmovdqu	OWORD PTR [rdx+144], xmm4
+        vmovdqu	OWORD PTR [rdx+160], xmm6
+        vpxor	xmm6, xmm3, xmm6
+        vmovdqu	OWORD PTR [rdx+176], xmm6
+        vmovdqu	OWORD PTR [rdx+192], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+208], xmm4
+        vmovdqu	OWORD PTR [rdx+224], xmm5
+        vmovdqu	OWORD PTR [rdx+240], xmm6
+        vmovdqu	xmm0, OWORD PTR [rdx]
+        vmovdqu	xmm1, OWORD PTR [rdx+16]
+        vmovdqu	xmm2, OWORD PTR [rdx+32]
+        vmovdqu	xmm3, OWORD PTR [rdx+48]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+256], xmm0
+        vmovdqu	OWORD PTR [rdx+272], xmm1
+        vmovdqu	OWORD PTR [rdx+288], xmm2
+        vmovdqu	OWORD PTR [rdx+304], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+64]
+        vmovdqu	xmm1, OWORD PTR [rdx+80]
+        vmovdqu	xmm2, OWORD PTR [rdx+96]
+        vmovdqu	xmm3, OWORD PTR [rdx+112]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+320], xmm0
+        vmovdqu	OWORD PTR [rdx+336], xmm1
+        vmovdqu	OWORD PTR [rdx+352], xmm2
+        vmovdqu	OWORD PTR [rdx+368], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+128]
+        vmovdqu	xmm1, OWORD PTR [rdx+144]
+        vmovdqu	xmm2, OWORD PTR [rdx+160]
+        vmovdqu	xmm3, OWORD PTR [rdx+176]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+384], xmm0
+        vmovdqu	OWORD PTR [rdx+400], xmm1
+        vmovdqu	OWORD PTR [rdx+416], xmm2
+        vmovdqu	OWORD PTR [rdx+432], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+192]
+        vmovdqu	xmm1, OWORD PTR [rdx+208]
+        vmovdqu	xmm2, OWORD PTR [rdx+224]
+        vmovdqu	xmm3, OWORD PTR [rdx+240]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+448], xmm0
+        vmovdqu	OWORD PTR [rdx+464], xmm1
+        vmovdqu	OWORD PTR [rdx+480], xmm2
+        vmovdqu	OWORD PTR [rdx+496], xmm3
+        vmovdqu	xmm6, OWORD PTR [rsp]
+        vmovdqu	xmm7, OWORD PTR [rsp+16]
+        vmovdqu	xmm8, OWORD PTR [rsp+32]
+        vmovdqu	xmm9, OWORD PTR [rsp+48]
+        vmovdqu	xmm10, OWORD PTR [rsp+64]
+        add	rsp, 80
+        ret
+GCM_generate_m0_avx1 ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
 L_avx1_aes_gcm_one QWORD 0, 1
 ptr_L_avx1_aes_gcm_one QWORD L_avx1_aes_gcm_one
 _DATA ENDS
@@ -9012,7 +9484,7 @@ L_AES_GCM_decrypt_avx1_cmp_tag_loop:
         inc	ecx
         cmp	ecx, r14d
         jne	L_AES_GCM_decrypt_avx1_cmp_tag_loop
-        cmp	rbx, 0
+        cmp	bl, 0
         sete	bl
         add	rsp, 16
         xor	rcx, rcx
@@ -9360,7 +9832,6 @@ L_AES_GCM_init_avx1_iv_done:
         vpaddd	xmm4, xmm4, OWORD PTR L_avx1_aes_gcm_one
         vmovdqa	OWORD PTR [rax], xmm5
         vmovdqa	OWORD PTR [r8], xmm4
-        vzeroupper
         vmovdqu	xmm6, OWORD PTR [rsp+16]
         vmovdqu	xmm7, OWORD PTR [rsp+32]
         vmovdqu	xmm8, OWORD PTR [rsp+48]
@@ -9433,7 +9904,6 @@ L_AES_GCM_aad_update_avx1_16_loop:
         cmp	ecx, edx
         jl	L_AES_GCM_aad_update_avx1_16_loop
         vmovdqa	OWORD PTR [r8], xmm5
-        vzeroupper
         vmovdqu	xmm6, OWORD PTR [rsp]
         vmovdqu	xmm7, OWORD PTR [rsp+16]
         add	rsp, 32
@@ -11398,7 +11868,7 @@ L_AES_GCM_decrypt_final_avx1_cmp_tag_loop:
         inc	ecx
         cmp	ecx, r8d
         jne	L_AES_GCM_decrypt_final_avx1_cmp_tag_loop
-        cmp	r15, 0
+        cmp	r15b, 0
         sete	r15b
         add	rsp, 16
         xor	rcx, rcx
@@ -11436,6 +11906,225 @@ ENDIF
 IFDEF HAVE_INTEL_AVX2
 _DATA SEGMENT
 ALIGN 16
+L_GCM_generate_m0_avx2_rev8 QWORD 579005069656919567, 283686952306183
+ptr_L_GCM_generate_m0_avx2_rev8 QWORD L_GCM_generate_m0_avx2_rev8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_avx2_mod2_128 QWORD 0, 16212958658533785600
+ptr_L_GCM_generate_m0_avx2_mod2_128 QWORD L_GCM_generate_m0_avx2_mod2_128
+_DATA ENDS
+_text SEGMENT READONLY PARA
+GCM_generate_m0_avx2 PROC
+        sub	rsp, 80
+        vmovdqu	OWORD PTR [rsp], xmm6
+        vmovdqu	OWORD PTR [rsp+16], xmm7
+        vmovdqu	OWORD PTR [rsp+32], xmm8
+        vmovdqu	OWORD PTR [rsp+48], xmm9
+        vmovdqu	OWORD PTR [rsp+64], xmm10
+        vmovdqu	xmm9, OWORD PTR L_GCM_generate_m0_avx2_rev8
+        vmovdqu	xmm10, OWORD PTR L_GCM_generate_m0_avx2_mod2_128
+        vpxor	xmm8, xmm8, xmm8
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	xmm8, xmm0
+        vpshufb	xmm0, xmm0, xmm9
+        vpsllq	xmm5, xmm0, 63
+        vpsrlq	xmm4, xmm0, 1
+        vpslldq	xmm1, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm1, xmm1, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm1, xmm1, 31
+        vpand	xmm1, xmm1, xmm10
+        vpxor	xmm1, xmm1, xmm4
+        vpsllq	xmm5, xmm1, 63
+        vpsrlq	xmm4, xmm1, 1
+        vpslldq	xmm2, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm2, xmm2, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm2, xmm2, 31
+        vpand	xmm2, xmm2, xmm10
+        vpxor	xmm2, xmm2, xmm4
+        vpsllq	xmm5, xmm2, 63
+        vpsrlq	xmm4, xmm2, 1
+        vpslldq	xmm3, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm3, xmm3, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm3, xmm3, 31
+        vpand	xmm3, xmm3, xmm10
+        vpxor	xmm3, xmm3, xmm4
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpxor	xmm8, xmm3, xmm2
+        vmovdqu	OWORD PTR [rdx+16], xmm3
+        vmovdqu	OWORD PTR [rdx+32], xmm2
+        vmovdqu	OWORD PTR [rdx+48], xmm8
+        vmovdqu	OWORD PTR [rdx+64], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+80], xmm4
+        vmovdqu	OWORD PTR [rdx+96], xmm5
+        vmovdqu	OWORD PTR [rdx+112], xmm6
+        vmovdqu	OWORD PTR [rdx+128], xmm0
+        vpxor	xmm1, xmm1, xmm0
+        vpxor	xmm4, xmm3, xmm0
+        vpxor	xmm6, xmm2, xmm0
+        vmovdqu	OWORD PTR [rdx+144], xmm4
+        vmovdqu	OWORD PTR [rdx+160], xmm6
+        vpxor	xmm6, xmm3, xmm6
+        vmovdqu	OWORD PTR [rdx+176], xmm6
+        vmovdqu	OWORD PTR [rdx+192], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+208], xmm4
+        vmovdqu	OWORD PTR [rdx+224], xmm5
+        vmovdqu	OWORD PTR [rdx+240], xmm6
+        vmovdqu	xmm0, OWORD PTR [rdx]
+        vmovdqu	xmm1, OWORD PTR [rdx+16]
+        vmovdqu	xmm2, OWORD PTR [rdx+32]
+        vmovdqu	xmm3, OWORD PTR [rdx+48]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+256], xmm0
+        vmovdqu	OWORD PTR [rdx+272], xmm1
+        vmovdqu	OWORD PTR [rdx+288], xmm2
+        vmovdqu	OWORD PTR [rdx+304], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+64]
+        vmovdqu	xmm1, OWORD PTR [rdx+80]
+        vmovdqu	xmm2, OWORD PTR [rdx+96]
+        vmovdqu	xmm3, OWORD PTR [rdx+112]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+320], xmm0
+        vmovdqu	OWORD PTR [rdx+336], xmm1
+        vmovdqu	OWORD PTR [rdx+352], xmm2
+        vmovdqu	OWORD PTR [rdx+368], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+128]
+        vmovdqu	xmm1, OWORD PTR [rdx+144]
+        vmovdqu	xmm2, OWORD PTR [rdx+160]
+        vmovdqu	xmm3, OWORD PTR [rdx+176]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+384], xmm0
+        vmovdqu	OWORD PTR [rdx+400], xmm1
+        vmovdqu	OWORD PTR [rdx+416], xmm2
+        vmovdqu	OWORD PTR [rdx+432], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+192]
+        vmovdqu	xmm1, OWORD PTR [rdx+208]
+        vmovdqu	xmm2, OWORD PTR [rdx+224]
+        vmovdqu	xmm3, OWORD PTR [rdx+240]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+448], xmm0
+        vmovdqu	OWORD PTR [rdx+464], xmm1
+        vmovdqu	OWORD PTR [rdx+480], xmm2
+        vmovdqu	OWORD PTR [rdx+496], xmm3
+        vmovdqu	xmm6, OWORD PTR [rsp]
+        vmovdqu	xmm7, OWORD PTR [rsp+16]
+        vmovdqu	xmm8, OWORD PTR [rsp+32]
+        vmovdqu	xmm9, OWORD PTR [rsp+48]
+        vmovdqu	xmm10, OWORD PTR [rsp+64]
+        add	rsp, 80
+        ret
+GCM_generate_m0_avx2 ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
 L_avx2_aes_gcm_one QWORD 0, 1
 ptr_L_avx2_aes_gcm_one QWORD L_avx2_aes_gcm_one
 _DATA ENDS
@@ -13765,7 +14454,7 @@ L_AES_GCM_decrypt_avx2_cmp_tag_loop:
         inc	edx
         cmp	edx, r15d
         jne	L_AES_GCM_decrypt_avx2_cmp_tag_loop
-        cmp	rax, 0
+        cmp	al, 0
         sete	al
         jmp	L_AES_GCM_decrypt_avx2_cmp_tag_done
 L_AES_GCM_decrypt_avx2_cmp_tag_16:
@@ -15764,7 +16453,7 @@ L_AES_GCM_decrypt_final_avx2_cmp_tag_loop:
         inc	r13d
         cmp	r13d, r8d
         jne	L_AES_GCM_decrypt_final_avx2_cmp_tag_loop
-        cmp	r10, 0
+        cmp	r10b, 0
         sete	r10b
         jmp	L_AES_GCM_decrypt_final_avx2_cmp_tag_done
 L_AES_GCM_decrypt_final_avx2_cmp_tag_16:
diff --git a/wolfcrypt/src/aes_gcm_x86_asm.S b/wolfcrypt/src/aes_gcm_x86_asm.S
index c428a1c45..6ce6bbe13 100644
--- a/wolfcrypt/src/aes_gcm_x86_asm.S
+++ b/wolfcrypt/src/aes_gcm_x86_asm.S
@@ -1,6 +1,6 @@
 /* aes_gcm_x86_asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -97,10 +97,10 @@ L_aes_gcm_avx2_bswap_mask:
 L_aes_gcm_avx2_mod2_128:
 .long	0x1,0x0,0x0,0xc2000000
 .text
-.globl	AES_GCM_encrypt
-.type	AES_GCM_encrypt,@function
+.globl	AES_GCM_encrypt_aesni
+.type	AES_GCM_encrypt_aesni,@function
 .align	16
-AES_GCM_encrypt:
+AES_GCM_encrypt_aesni:
         pushl	%ebx
         pushl	%esi
         pushl	%edi
@@ -112,7 +112,7 @@ AES_GCM_encrypt:
         pxor	%xmm0, %xmm0
         pxor	%xmm2, %xmm2
         cmpl	$12, %edx
-        jne	L_AES_GCM_encrypt_iv_not_12
+        jne	L_AES_GCM_encrypt_aesni_iv_not_12
         # # Calculate values when IV is 12 bytes
         # Set counter based on IV
         movl	$0x1000000, %ecx
@@ -153,7 +153,7 @@ AES_GCM_encrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_calc_iv_12_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	176(%ebp), %xmm3
@@ -161,20 +161,20 @@ AES_GCM_encrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_calc_iv_12_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	208(%ebp), %xmm3
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_encrypt_calc_iv_12_last:
+L_AES_GCM_encrypt_aesni_calc_iv_12_last:
         aesenclast	%xmm3, %xmm1
         aesenclast	%xmm3, %xmm5
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         movdqu	%xmm5, 80(%esp)
-        jmp	L_AES_GCM_encrypt_iv_done
-L_AES_GCM_encrypt_iv_not_12:
+        jmp	L_AES_GCM_encrypt_aesni_iv_done
+L_AES_GCM_encrypt_aesni_iv_not_12:
         # Calculate values when IV is not 12 bytes
         # H = Encrypt X(=0)
         movdqa	(%ebp), %xmm1
@@ -189,27 +189,27 @@ L_AES_GCM_encrypt_iv_not_12:
         aesenc	144(%ebp), %xmm1
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	176(%ebp), %xmm1
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	208(%ebp), %xmm1
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_calc_iv_1_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last:
         aesenclast	%xmm5, %xmm1
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         # Calc counter
         # Initialization vector
         cmpl	$0x00, %edx
         movl	$0x00, %ecx
-        je	L_AES_GCM_encrypt_calc_iv_done
+        je	L_AES_GCM_encrypt_aesni_calc_iv_done
         cmpl	$16, %edx
-        jl	L_AES_GCM_encrypt_calc_iv_lt16
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_encrypt_calc_iv_16_loop:
+L_AES_GCM_encrypt_aesni_calc_iv_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm0
@@ -269,22 +269,22 @@ L_AES_GCM_encrypt_calc_iv_16_loop:
         pxor	%xmm6, %xmm0
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_iv_16_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_16_loop
         movl	160(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_encrypt_calc_iv_done
-L_AES_GCM_encrypt_calc_iv_lt16:
+        je	L_AES_GCM_encrypt_aesni_calc_iv_done
+L_AES_GCM_encrypt_aesni_calc_iv_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_encrypt_calc_iv_loop:
+L_AES_GCM_encrypt_aesni_calc_iv_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_iv_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -343,7 +343,7 @@ L_AES_GCM_encrypt_calc_iv_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm0
-L_AES_GCM_encrypt_calc_iv_done:
+L_AES_GCM_encrypt_aesni_calc_iv_done:
         # T = Encrypt counter
         pxor	%xmm4, %xmm4
         shll	$3, %edx
@@ -418,29 +418,29 @@ L_AES_GCM_encrypt_calc_iv_done:
         aesenc	144(%ebp), %xmm4
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_calc_iv_2_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last:
         aesenclast	%xmm5, %xmm4
         movdqu	%xmm4, 80(%esp)
-L_AES_GCM_encrypt_iv_done:
+L_AES_GCM_encrypt_aesni_iv_done:
         movl	140(%esp), %esi
         # Additional authentication data
         movl	156(%esp), %edx
         cmpl	$0x00, %edx
-        je	L_AES_GCM_encrypt_calc_aad_done
+        je	L_AES_GCM_encrypt_aesni_calc_aad_done
         xorl	%ecx, %ecx
         cmpl	$16, %edx
-        jl	L_AES_GCM_encrypt_calc_aad_lt16
+        jl	L_AES_GCM_encrypt_aesni_calc_aad_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_encrypt_calc_aad_16_loop:
+L_AES_GCM_encrypt_aesni_calc_aad_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm2
@@ -500,22 +500,22 @@ L_AES_GCM_encrypt_calc_aad_16_loop:
         pxor	%xmm6, %xmm2
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_aad_16_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_aad_16_loop
         movl	156(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_encrypt_calc_aad_done
-L_AES_GCM_encrypt_calc_aad_lt16:
+        je	L_AES_GCM_encrypt_aesni_calc_aad_done
+L_AES_GCM_encrypt_aesni_calc_aad_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_encrypt_calc_aad_loop:
+L_AES_GCM_encrypt_aesni_calc_aad_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_encrypt_calc_aad_loop
+        jl	L_AES_GCM_encrypt_aesni_calc_aad_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -574,7 +574,7 @@ L_AES_GCM_encrypt_calc_aad_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm2
-L_AES_GCM_encrypt_calc_aad_done:
+L_AES_GCM_encrypt_aesni_calc_aad_done:
         movdqu	%xmm2, 96(%esp)
         movl	132(%esp), %esi
         movl	136(%esp), %edi
@@ -595,7 +595,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         xorl	%ebx, %ebx
         movl	152(%esp), %eax
         cmpl	$0x40, %eax
-        jl	L_AES_GCM_encrypt_done_64
+        jl	L_AES_GCM_encrypt_aesni_done_64
         andl	$0xffffffc0, %eax
         movdqa	%xmm2, %xmm6
         # H ^ 1
@@ -792,7 +792,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_enc_done
+        jl	L_AES_GCM_encrypt_aesni_enc_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -804,7 +804,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_enc_done
+        jl	L_AES_GCM_encrypt_aesni_enc_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -815,7 +815,7 @@ L_AES_GCM_encrypt_calc_aad_done:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_encrypt_enc_done:
+L_AES_GCM_encrypt_aesni_enc_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%esi), %xmm0
@@ -836,9 +836,9 @@ L_AES_GCM_encrypt_enc_done:
         movl	$0x40, %ebx
         movl	%esi, %ecx
         movl	%edi, %edx
-        jle	L_AES_GCM_encrypt_end_64
+        jle	L_AES_GCM_encrypt_aesni_end_64
         # More 64 bytes of input
-L_AES_GCM_encrypt_ghash_64:
+L_AES_GCM_encrypt_aesni_ghash_64:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         # Encrypt 64 bytes of counter
@@ -909,7 +909,7 @@ L_AES_GCM_encrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -921,7 +921,7 @@ L_AES_GCM_encrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_encrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -932,7 +932,7 @@ L_AES_GCM_encrypt_ghash_64:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_encrypt_aesenc_64_ghash_avx_done:
+L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%ecx), %xmm0
@@ -1045,8 +1045,8 @@ L_AES_GCM_encrypt_aesenc_64_ghash_avx_done:
         movdqu	%xmm6, 96(%esp)
         addl	$0x40, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_encrypt_ghash_64
-L_AES_GCM_encrypt_end_64:
+        jl	L_AES_GCM_encrypt_aesni_ghash_64
+L_AES_GCM_encrypt_aesni_end_64:
         movdqu	96(%esp), %xmm2
         # Block 1
         movdqa	L_aes_gcm_bswap_mask, %xmm4
@@ -1165,14 +1165,14 @@ L_AES_GCM_encrypt_end_64:
         pxor	%xmm0, %xmm6
         pxor	%xmm6, %xmm2
         movdqu	(%esp), %xmm1
-L_AES_GCM_encrypt_done_64:
+L_AES_GCM_encrypt_aesni_done_64:
         movl	152(%esp), %edx
         cmpl	%edx, %ebx
-        jge	L_AES_GCM_encrypt_done_enc
+        jge	L_AES_GCM_encrypt_aesni_done_enc
         movl	152(%esp), %eax
         andl	$0xfffffff0, %eax
         cmpl	%eax, %ebx
-        jge	L_AES_GCM_encrypt_last_block_done
+        jge	L_AES_GCM_encrypt_aesni_last_block_done
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         movdqu	64(%esp), %xmm4
@@ -1192,16 +1192,16 @@ L_AES_GCM_encrypt_done_64:
         aesenc	144(%ebp), %xmm4
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last:
         aesenclast	%xmm5, %xmm4
         movdqu	(%ecx), %xmm5
         pxor	%xmm5, %xmm4
@@ -1210,8 +1210,8 @@ L_AES_GCM_encrypt_aesenc_block_aesenc_avx_last:
         pxor	%xmm4, %xmm2
         addl	$16, %ebx
         cmpl	%eax, %ebx
-        jge	L_AES_GCM_encrypt_last_block_ghash
-L_AES_GCM_encrypt_last_block_start:
+        jge	L_AES_GCM_encrypt_aesni_last_block_ghash
+L_AES_GCM_encrypt_aesni_last_block_start:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         movdqu	64(%esp), %xmm4
@@ -1255,16 +1255,16 @@ L_AES_GCM_encrypt_last_block_start:
         pxor	%xmm5, %xmm2
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_aesenc_gfmul_last:
+L_AES_GCM_encrypt_aesni_aesenc_gfmul_last:
         aesenclast	%xmm5, %xmm4
         movdqu	(%ecx), %xmm5
         pxor	%xmm5, %xmm4
@@ -1273,8 +1273,8 @@ L_AES_GCM_encrypt_aesenc_gfmul_last:
         pxor	%xmm4, %xmm2
         addl	$16, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_encrypt_last_block_start
-L_AES_GCM_encrypt_last_block_ghash:
+        jl	L_AES_GCM_encrypt_aesni_last_block_start
+L_AES_GCM_encrypt_aesni_last_block_ghash:
         pshufd	$0x4e, %xmm1, %xmm5
         pshufd	$0x4e, %xmm2, %xmm6
         movdqa	%xmm2, %xmm7
@@ -1314,11 +1314,11 @@ L_AES_GCM_encrypt_last_block_ghash:
         pxor	%xmm7, %xmm5
         pxor	%xmm4, %xmm5
         pxor	%xmm5, %xmm2
-L_AES_GCM_encrypt_last_block_done:
+L_AES_GCM_encrypt_aesni_last_block_done:
         movl	152(%esp), %ecx
         movl	%ecx, %edx
         andl	$15, %ecx
-        jz	L_AES_GCM_encrypt_aesenc_last15_enc_avx_done
+        jz	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done
         movdqu	64(%esp), %xmm0
         pshufb	L_aes_gcm_bswap_epi64, %xmm0
         pxor	(%ebp), %xmm0
@@ -1333,21 +1333,21 @@ L_AES_GCM_encrypt_last_block_done:
         aesenc	144(%ebp), %xmm0
         cmpl	$11, 172(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	176(%ebp), %xmm0
         cmpl	$13, 172(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_aesenc_avx_last
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	208(%ebp), %xmm0
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_aesenc_avx_last:
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last:
         aesenclast	%xmm5, %xmm0
         subl	$16, %esp
         xorl	%ecx, %ecx
         movdqu	%xmm0, (%esp)
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_loop:
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop:
         movzbl	(%esi,%ebx,1), %eax
         xorb	(%esp,%ecx,1), %al
         movb	%al, (%edi,%ebx,1)
@@ -1355,16 +1355,16 @@ L_AES_GCM_encrypt_aesenc_last15_enc_avx_loop:
         incl	%ebx
         incl	%ecx
         cmpl	%edx, %ebx
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_loop
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop
         xorl	%eax, %eax
         cmpl	$16, %ecx
-        je	L_AES_GCM_encrypt_aesenc_last15_enc_avx_finish_enc
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_byte_loop:
+        je	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop:
         movb	%al, (%esp,%ecx,1)
         incl	%ecx
         cmpl	$16, %ecx
-        jl	L_AES_GCM_encrypt_aesenc_last15_enc_avx_byte_loop
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_finish_enc:
+        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc:
         movdqu	(%esp), %xmm0
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm0
@@ -1408,8 +1408,8 @@ L_AES_GCM_encrypt_aesenc_last15_enc_avx_finish_enc:
         pxor	%xmm7, %xmm5
         pxor	%xmm4, %xmm5
         pxor	%xmm5, %xmm2
-L_AES_GCM_encrypt_aesenc_last15_enc_avx_done:
-L_AES_GCM_encrypt_done_enc:
+L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done:
+L_AES_GCM_encrypt_aesni_done_enc:
         movl	148(%esp), %edi
         movl	164(%esp), %ebx
         movl	152(%esp), %edx
@@ -1468,31 +1468,31 @@ L_AES_GCM_encrypt_done_enc:
         movdqu	80(%esp), %xmm4
         pxor	%xmm2, %xmm4
         cmpl	$16, %ebx
-        je	L_AES_GCM_encrypt_store_tag_16
+        je	L_AES_GCM_encrypt_aesni_store_tag_16
         xorl	%ecx, %ecx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_encrypt_store_tag_loop:
+L_AES_GCM_encrypt_aesni_store_tag_loop:
         movzbl	(%esp,%ecx,1), %eax
         movb	%al, (%edi,%ecx,1)
         incl	%ecx
         cmpl	%ebx, %ecx
-        jne	L_AES_GCM_encrypt_store_tag_loop
-        jmp	L_AES_GCM_encrypt_store_tag_done
-L_AES_GCM_encrypt_store_tag_16:
+        jne	L_AES_GCM_encrypt_aesni_store_tag_loop
+        jmp	L_AES_GCM_encrypt_aesni_store_tag_done
+L_AES_GCM_encrypt_aesni_store_tag_16:
         movdqu	%xmm4, (%edi)
-L_AES_GCM_encrypt_store_tag_done:
+L_AES_GCM_encrypt_aesni_store_tag_done:
         addl	$0x70, %esp
         popl	%ebp
         popl	%edi
         popl	%esi
         popl	%ebx
         ret
-.size	AES_GCM_encrypt,.-AES_GCM_encrypt
+.size	AES_GCM_encrypt_aesni,.-AES_GCM_encrypt_aesni
 .text
-.globl	AES_GCM_decrypt
-.type	AES_GCM_decrypt,@function
+.globl	AES_GCM_decrypt_aesni
+.type	AES_GCM_decrypt_aesni,@function
 .align	16
-AES_GCM_decrypt:
+AES_GCM_decrypt_aesni:
         pushl	%ebx
         pushl	%esi
         pushl	%edi
@@ -1504,7 +1504,7 @@ AES_GCM_decrypt:
         pxor	%xmm0, %xmm0
         pxor	%xmm2, %xmm2
         cmpl	$12, %edx
-        jne	L_AES_GCM_decrypt_iv_not_12
+        jne	L_AES_GCM_decrypt_aesni_iv_not_12
         # # Calculate values when IV is 12 bytes
         # Set counter based on IV
         movl	$0x1000000, %ecx
@@ -1545,7 +1545,7 @@ AES_GCM_decrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_calc_iv_12_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	176(%ebp), %xmm3
@@ -1553,20 +1553,20 @@ AES_GCM_decrypt:
         aesenc	%xmm3, %xmm5
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_calc_iv_12_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_12_last
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	208(%ebp), %xmm3
         aesenc	%xmm3, %xmm1
         aesenc	%xmm3, %xmm5
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_decrypt_calc_iv_12_last:
+L_AES_GCM_decrypt_aesni_calc_iv_12_last:
         aesenclast	%xmm3, %xmm1
         aesenclast	%xmm3, %xmm5
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         movdqu	%xmm5, 80(%esp)
-        jmp	L_AES_GCM_decrypt_iv_done
-L_AES_GCM_decrypt_iv_not_12:
+        jmp	L_AES_GCM_decrypt_aesni_iv_done
+L_AES_GCM_decrypt_aesni_iv_not_12:
         # Calculate values when IV is not 12 bytes
         # H = Encrypt X(=0)
         movdqa	(%ebp), %xmm1
@@ -1581,27 +1581,27 @@ L_AES_GCM_decrypt_iv_not_12:
         aesenc	144(%ebp), %xmm1
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	176(%ebp), %xmm1
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_1_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last
         aesenc	%xmm5, %xmm1
         aesenc	208(%ebp), %xmm1
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_calc_iv_1_aesenc_avx_last:
+L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last:
         aesenclast	%xmm5, %xmm1
         pshufb	L_aes_gcm_bswap_mask, %xmm1
         # Calc counter
         # Initialization vector
         cmpl	$0x00, %edx
         movl	$0x00, %ecx
-        je	L_AES_GCM_decrypt_calc_iv_done
+        je	L_AES_GCM_decrypt_aesni_calc_iv_done
         cmpl	$16, %edx
-        jl	L_AES_GCM_decrypt_calc_iv_lt16
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_decrypt_calc_iv_16_loop:
+L_AES_GCM_decrypt_aesni_calc_iv_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm0
@@ -1661,22 +1661,22 @@ L_AES_GCM_decrypt_calc_iv_16_loop:
         pxor	%xmm6, %xmm0
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_iv_16_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_16_loop
         movl	224(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_decrypt_calc_iv_done
-L_AES_GCM_decrypt_calc_iv_lt16:
+        je	L_AES_GCM_decrypt_aesni_calc_iv_done
+L_AES_GCM_decrypt_aesni_calc_iv_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_decrypt_calc_iv_loop:
+L_AES_GCM_decrypt_aesni_calc_iv_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_iv_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -1735,7 +1735,7 @@ L_AES_GCM_decrypt_calc_iv_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm0
-L_AES_GCM_decrypt_calc_iv_done:
+L_AES_GCM_decrypt_aesni_calc_iv_done:
         # T = Encrypt counter
         pxor	%xmm4, %xmm4
         shll	$3, %edx
@@ -1810,29 +1810,29 @@ L_AES_GCM_decrypt_calc_iv_done:
         aesenc	144(%ebp), %xmm4
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_calc_iv_2_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_calc_iv_2_aesenc_avx_last:
+L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last:
         aesenclast	%xmm5, %xmm4
         movdqu	%xmm4, 80(%esp)
-L_AES_GCM_decrypt_iv_done:
+L_AES_GCM_decrypt_aesni_iv_done:
         movl	204(%esp), %esi
         # Additional authentication data
         movl	220(%esp), %edx
         cmpl	$0x00, %edx
-        je	L_AES_GCM_decrypt_calc_aad_done
+        je	L_AES_GCM_decrypt_aesni_calc_aad_done
         xorl	%ecx, %ecx
         cmpl	$16, %edx
-        jl	L_AES_GCM_decrypt_calc_aad_lt16
+        jl	L_AES_GCM_decrypt_aesni_calc_aad_lt16
         andl	$0xfffffff0, %edx
-L_AES_GCM_decrypt_calc_aad_16_loop:
+L_AES_GCM_decrypt_aesni_calc_aad_16_loop:
         movdqu	(%esi,%ecx,1), %xmm4
         pshufb	L_aes_gcm_bswap_mask, %xmm4
         pxor	%xmm4, %xmm2
@@ -1892,22 +1892,22 @@ L_AES_GCM_decrypt_calc_aad_16_loop:
         pxor	%xmm6, %xmm2
         addl	$16, %ecx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_aad_16_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_aad_16_loop
         movl	220(%esp), %edx
         cmpl	%edx, %ecx
-        je	L_AES_GCM_decrypt_calc_aad_done
-L_AES_GCM_decrypt_calc_aad_lt16:
+        je	L_AES_GCM_decrypt_aesni_calc_aad_done
+L_AES_GCM_decrypt_aesni_calc_aad_lt16:
         subl	$16, %esp
         pxor	%xmm4, %xmm4
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_decrypt_calc_aad_loop:
+L_AES_GCM_decrypt_aesni_calc_aad_loop:
         movzbl	(%esi,%ecx,1), %eax
         movb	%al, (%esp,%ebx,1)
         incl	%ecx
         incl	%ebx
         cmpl	%edx, %ecx
-        jl	L_AES_GCM_decrypt_calc_aad_loop
+        jl	L_AES_GCM_decrypt_aesni_calc_aad_loop
         movdqu	(%esp), %xmm4
         addl	$16, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm4
@@ -1966,7 +1966,7 @@ L_AES_GCM_decrypt_calc_aad_loop:
         pxor	%xmm5, %xmm6
         pxor	%xmm3, %xmm6
         pxor	%xmm6, %xmm2
-L_AES_GCM_decrypt_calc_aad_done:
+L_AES_GCM_decrypt_aesni_calc_aad_done:
         movdqu	%xmm2, 96(%esp)
         movl	196(%esp), %esi
         movl	200(%esp), %edi
@@ -1987,7 +1987,7 @@ L_AES_GCM_decrypt_calc_aad_done:
         xorl	%ebx, %ebx
         cmpl	$0x40, 216(%esp)
         movl	216(%esp), %eax
-        jl	L_AES_GCM_decrypt_done_64
+        jl	L_AES_GCM_decrypt_aesni_done_64
         andl	$0xffffffc0, %eax
         movdqa	%xmm2, %xmm6
         # H ^ 1
@@ -2116,8 +2116,8 @@ L_AES_GCM_decrypt_calc_aad_done:
         pxor	%xmm5, %xmm3
         movdqu	%xmm3, 48(%esp)
         cmpl	%esi, %edi
-        jne	L_AES_GCM_decrypt_ghash_64
-L_AES_GCM_decrypt_ghash_64_inplace:
+        jne	L_AES_GCM_decrypt_aesni_ghash_64
+L_AES_GCM_decrypt_aesni_ghash_64_inplace:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         # Encrypt 64 bytes of counter
@@ -2188,7 +2188,7 @@ L_AES_GCM_decrypt_ghash_64_inplace:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2200,7 +2200,7 @@ L_AES_GCM_decrypt_ghash_64_inplace:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2211,7 +2211,7 @@ L_AES_GCM_decrypt_ghash_64_inplace:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done:
+L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%ecx), %xmm0
@@ -2328,9 +2328,9 @@ L_AES_GCM_decryptinplace_aesenc_64_ghash_avx_done:
         movdqu	%xmm6, 96(%esp)
         addl	$0x40, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_decrypt_ghash_64_inplace
-        jmp	L_AES_GCM_decrypt_ghash_64_done
-L_AES_GCM_decrypt_ghash_64:
+        jl	L_AES_GCM_decrypt_aesni_ghash_64_inplace
+        jmp	L_AES_GCM_decrypt_aesni_ghash_64_done
+L_AES_GCM_decrypt_aesni_ghash_64:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         # Encrypt 64 bytes of counter
@@ -2401,7 +2401,7 @@ L_AES_GCM_decrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2413,7 +2413,7 @@ L_AES_GCM_decrypt_ghash_64:
         aesenc	%xmm3, %xmm7
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm3
-        jl	L_AES_GCM_decrypt_aesenc_64_ghash_avx_done
+        jl	L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done
         aesenc	%xmm3, %xmm4
         aesenc	%xmm3, %xmm5
         aesenc	%xmm3, %xmm6
@@ -2424,7 +2424,7 @@ L_AES_GCM_decrypt_ghash_64:
         aesenc	%xmm3, %xmm6
         aesenc	%xmm3, %xmm7
         movdqa	224(%ebp), %xmm3
-L_AES_GCM_decrypt_aesenc_64_ghash_avx_done:
+L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done:
         aesenclast	%xmm3, %xmm4
         aesenclast	%xmm3, %xmm5
         movdqu	(%ecx), %xmm0
@@ -2541,19 +2541,19 @@ L_AES_GCM_decrypt_aesenc_64_ghash_avx_done:
         movdqu	%xmm6, 96(%esp)
         addl	$0x40, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_decrypt_ghash_64
-L_AES_GCM_decrypt_ghash_64_done:
+        jl	L_AES_GCM_decrypt_aesni_ghash_64
+L_AES_GCM_decrypt_aesni_ghash_64_done:
         movdqa	%xmm6, %xmm2
         movdqu	(%esp), %xmm1
-L_AES_GCM_decrypt_done_64:
+L_AES_GCM_decrypt_aesni_done_64:
         movl	216(%esp), %edx
         cmpl	%edx, %ebx
-        jge	L_AES_GCM_decrypt_done_dec
+        jge	L_AES_GCM_decrypt_aesni_done_dec
         movl	216(%esp), %eax
         andl	$0xfffffff0, %eax
         cmpl	%eax, %ebx
-        jge	L_AES_GCM_decrypt_last_block_done
-L_AES_GCM_decrypt_last_block_start:
+        jge	L_AES_GCM_decrypt_aesni_last_block_done
+L_AES_GCM_decrypt_aesni_last_block_start:
         leal	(%esi,%ebx,1), %ecx
         leal	(%edi,%ebx,1), %edx
         movdqu	(%ecx), %xmm5
@@ -2601,28 +2601,28 @@ L_AES_GCM_decrypt_last_block_start:
         pxor	%xmm5, %xmm2
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	176(%ebp), %xmm4
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_gfmul_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_gfmul_last
         aesenc	%xmm5, %xmm4
         aesenc	208(%ebp), %xmm4
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_aesenc_gfmul_last:
+L_AES_GCM_decrypt_aesni_aesenc_gfmul_last:
         aesenclast	%xmm5, %xmm4
         movdqu	(%ecx), %xmm5
         pxor	%xmm5, %xmm4
         movdqu	%xmm4, (%edx)
         addl	$16, %ebx
         cmpl	%eax, %ebx
-        jl	L_AES_GCM_decrypt_last_block_start
-L_AES_GCM_decrypt_last_block_done:
+        jl	L_AES_GCM_decrypt_aesni_last_block_start
+L_AES_GCM_decrypt_aesni_last_block_done:
         movl	216(%esp), %ecx
         movl	%ecx, %edx
         andl	$15, %ecx
-        jz	L_AES_GCM_decrypt_aesenc_last15_dec_avx_done
+        jz	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done
         movdqu	64(%esp), %xmm0
         pshufb	L_aes_gcm_bswap_epi64, %xmm0
         pxor	(%ebp), %xmm0
@@ -2637,23 +2637,23 @@ L_AES_GCM_decrypt_last_block_done:
         aesenc	144(%ebp), %xmm0
         cmpl	$11, 236(%esp)
         movdqa	160(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_last15_dec_avx_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	176(%ebp), %xmm0
         cmpl	$13, 236(%esp)
         movdqa	192(%ebp), %xmm5
-        jl	L_AES_GCM_decrypt_aesenc_last15_dec_avx_aesenc_avx_last
+        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last
         aesenc	%xmm5, %xmm0
         aesenc	208(%ebp), %xmm0
         movdqa	224(%ebp), %xmm5
-L_AES_GCM_decrypt_aesenc_last15_dec_avx_aesenc_avx_last:
+L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last:
         aesenclast	%xmm5, %xmm0
         subl	$32, %esp
         xorl	%ecx, %ecx
         movdqu	%xmm0, (%esp)
         pxor	%xmm4, %xmm4
         movdqu	%xmm4, 16(%esp)
-L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop:
+L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop:
         movzbl	(%esi,%ebx,1), %eax
         movb	%al, 16(%esp,%ecx,1)
         xorb	(%esp,%ecx,1), %al
@@ -2661,7 +2661,7 @@ L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop:
         incl	%ebx
         incl	%ecx
         cmpl	%edx, %ebx
-        jl	L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop
+        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop
         movdqu	16(%esp), %xmm0
         addl	$32, %esp
         pshufb	L_aes_gcm_bswap_mask, %xmm0
@@ -2705,8 +2705,8 @@ L_AES_GCM_decrypt_aesenc_last15_dec_avx_loop:
         pxor	%xmm7, %xmm5
         pxor	%xmm4, %xmm5
         pxor	%xmm5, %xmm2
-L_AES_GCM_decrypt_aesenc_last15_dec_avx_done:
-L_AES_GCM_decrypt_done_dec:
+L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done:
+L_AES_GCM_decrypt_aesni_done_dec:
         movl	212(%esp), %esi
         movl	228(%esp), %ebp
         movl	216(%esp), %edx
@@ -2766,24 +2766,24 @@ L_AES_GCM_decrypt_done_dec:
         pxor	%xmm2, %xmm4
         movl	240(%esp), %edi
         cmpl	$16, %ebp
-        je	L_AES_GCM_decrypt_cmp_tag_16
+        je	L_AES_GCM_decrypt_aesni_cmp_tag_16
         subl	$16, %esp
         xorl	%ecx, %ecx
         xorl	%ebx, %ebx
         movdqu	%xmm4, (%esp)
-L_AES_GCM_decrypt_cmp_tag_loop:
+L_AES_GCM_decrypt_aesni_cmp_tag_loop:
         movzbl	(%esp,%ecx,1), %eax
         xorb	(%esi,%ecx,1), %al
         orb	%al, %bl
         incl	%ecx
         cmpl	%ebp, %ecx
-        jne	L_AES_GCM_decrypt_cmp_tag_loop
+        jne	L_AES_GCM_decrypt_aesni_cmp_tag_loop
         cmpb	$0x00, %bl
         sete	%bl
         addl	$16, %esp
         xorl	%ecx, %ecx
-        jmp	L_AES_GCM_decrypt_cmp_tag_done
-L_AES_GCM_decrypt_cmp_tag_16:
+        jmp	L_AES_GCM_decrypt_aesni_cmp_tag_done
+L_AES_GCM_decrypt_aesni_cmp_tag_16:
         movdqu	(%esi), %xmm5
         pcmpeqb	%xmm5, %xmm4
         pmovmskb	%xmm4, %edx
@@ -2791,7 +2791,7 @@ L_AES_GCM_decrypt_cmp_tag_16:
         xorl	%ebx, %ebx
         cmpl	$0xffff, %edx
         sete	%bl
-L_AES_GCM_decrypt_cmp_tag_done:
+L_AES_GCM_decrypt_aesni_cmp_tag_done:
         movl	%ebx, (%edi)
         addl	$0xb0, %esp
         popl	%ebp
@@ -2799,7 +2799,7 @@ L_AES_GCM_decrypt_cmp_tag_done:
         popl	%esi
         popl	%ebx
         ret
-.size	AES_GCM_decrypt,.-AES_GCM_decrypt
+.size	AES_GCM_decrypt_aesni,.-AES_GCM_decrypt_aesni
 #ifdef WOLFSSL_AESGCM_STREAM
 .text
 .globl	AES_GCM_init_aesni
diff --git a/wolfcrypt/src/aes_xts_asm.S b/wolfcrypt/src/aes_xts_asm.S
index fedead84f..3d90cec33 100644
--- a/wolfcrypt/src/aes_xts_asm.S
+++ b/wolfcrypt/src/aes_xts_asm.S
@@ -1,6 +1,6 @@
 /* aes_xts_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,6 +48,59 @@
 #ifdef WOLFSSL_AES_XTS
 #ifdef WOLFSSL_X86_64_BUILD
 #ifndef __APPLE__
+.text
+.globl	AES_XTS_init_aesni
+.type	AES_XTS_init_aesni,@function
+.align	16
+AES_XTS_init_aesni:
+#else
+.section	__TEXT,__text
+.globl	_AES_XTS_init_aesni
+.p2align	4
+_AES_XTS_init_aesni:
+#endif /* __APPLE__ */
+        movdqu	(%rdi), %xmm0
+        # aes_enc_block
+        pxor	(%rsi), %xmm0
+        movdqu	16(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	32(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	48(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	64(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	80(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	96(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	112(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	128(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        movdqu	144(%rsi), %xmm2
+        aesenc	%xmm2, %xmm0
+        cmpl	$11, %edx
+        movdqu	160(%rsi), %xmm2
+        jl	L_AES_XTS_init_aesni_tweak_aes_enc_block_last
+        aesenc	%xmm2, %xmm0
+        movdqu	176(%rsi), %xmm3
+        aesenc	%xmm3, %xmm0
+        cmpl	$13, %edx
+        movdqu	192(%rsi), %xmm2
+        jl	L_AES_XTS_init_aesni_tweak_aes_enc_block_last
+        aesenc	%xmm2, %xmm0
+        movdqu	208(%rsi), %xmm3
+        aesenc	%xmm3, %xmm0
+        movdqu	224(%rsi), %xmm2
+L_AES_XTS_init_aesni_tweak_aes_enc_block_last:
+        aesenclast	%xmm2, %xmm0
+        movdqu	%xmm0, (%rdi)
+        repz retq
+#ifndef __APPLE__
+.size	AES_XTS_init_aesni,.-AES_XTS_init_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
@@ -378,6 +431,291 @@ L_AES_XTS_encrypt_aesni_done_enc:
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
+.globl	AES_XTS_encrypt_update_aesni
+.type	AES_XTS_encrypt_update_aesni,@function
+.align	16
+AES_XTS_encrypt_update_aesni:
+#else
+.section	__TEXT,__text
+.globl	_AES_XTS_encrypt_update_aesni
+.p2align	4
+_AES_XTS_encrypt_update_aesni:
+#endif /* __APPLE__ */
+        pushq	%r12
+        movq	%rdx, %rax
+        movq	%rcx, %r10
+        subq	$0x40, %rsp
+        movdqu	L_aes_xts_gc_xts(%rip), %xmm12
+        movdqu	(%r8), %xmm0
+        xorl	%r12d, %r12d
+        cmpl	$0x40, %eax
+        movl	%eax, %r11d
+        jl	L_AES_XTS_encrypt_update_aesni_done_64
+        andl	$0xffffffc0, %r11d
+L_AES_XTS_encrypt_update_aesni_enc_64:
+        # 64 bytes of input
+        # aes_enc_64
+        leaq	(%rdi,%r12,1), %rcx
+        leaq	(%rsi,%r12,1), %rdx
+        movdqu	(%rcx), %xmm8
+        movdqu	16(%rcx), %xmm9
+        movdqu	32(%rcx), %xmm10
+        movdqu	48(%rcx), %xmm11
+        movdqa	%xmm0, %xmm4
+        movdqa	%xmm0, %xmm1
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm1
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm1
+        movdqa	%xmm1, %xmm4
+        movdqa	%xmm1, %xmm2
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm2
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm2
+        movdqa	%xmm2, %xmm4
+        movdqa	%xmm2, %xmm3
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm3
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm3
+        pxor	%xmm0, %xmm8
+        pxor	%xmm1, %xmm9
+        pxor	%xmm2, %xmm10
+        pxor	%xmm3, %xmm11
+        # aes_enc_block
+        movdqu	(%r10), %xmm4
+        pxor	%xmm4, %xmm8
+        pxor	%xmm4, %xmm9
+        pxor	%xmm4, %xmm10
+        pxor	%xmm4, %xmm11
+        movdqu	16(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	32(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	48(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	64(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	80(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	96(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	112(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	128(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	144(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm4
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	176(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm4
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	208(%r10), %xmm4
+        aesenc	%xmm4, %xmm8
+        aesenc	%xmm4, %xmm9
+        aesenc	%xmm4, %xmm10
+        aesenc	%xmm4, %xmm11
+        movdqu	224(%r10), %xmm4
+L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last:
+        aesenclast	%xmm4, %xmm8
+        aesenclast	%xmm4, %xmm9
+        aesenclast	%xmm4, %xmm10
+        aesenclast	%xmm4, %xmm11
+        pxor	%xmm0, %xmm8
+        pxor	%xmm1, %xmm9
+        pxor	%xmm2, %xmm10
+        pxor	%xmm3, %xmm11
+        movdqu	%xmm8, (%rdx)
+        movdqu	%xmm9, 16(%rdx)
+        movdqu	%xmm10, 32(%rdx)
+        movdqu	%xmm11, 48(%rdx)
+        movdqa	%xmm3, %xmm4
+        movdqa	%xmm3, %xmm0
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm0
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm0
+        addl	$0x40, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_encrypt_update_aesni_enc_64
+L_AES_XTS_encrypt_update_aesni_done_64:
+        cmpl	%eax, %r12d
+        movl	%eax, %r11d
+        je	L_AES_XTS_encrypt_update_aesni_done_enc
+        subl	%r12d, %r11d
+        cmpl	$16, %r11d
+        movl	%eax, %r11d
+        jl	L_AES_XTS_encrypt_update_aesni_last_15
+        andl	$0xfffffff0, %r11d
+        # 16 bytes of input
+L_AES_XTS_encrypt_update_aesni_enc_16:
+        leaq	(%rdi,%r12,1), %rcx
+        movdqu	(%rcx), %xmm8
+        pxor	%xmm0, %xmm8
+        # aes_enc_block
+        pxor	(%r10), %xmm8
+        movdqu	16(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	32(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	48(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	64(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	80(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	96(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	112(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	128(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	144(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_block_last
+        aesenc	%xmm5, %xmm8
+        movdqu	176(%r10), %xmm6
+        aesenc	%xmm6, %xmm8
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_block_last
+        aesenc	%xmm5, %xmm8
+        movdqu	208(%r10), %xmm6
+        aesenc	%xmm6, %xmm8
+        movdqu	224(%r10), %xmm5
+L_AES_XTS_encrypt_update_aesni_aes_enc_block_last:
+        aesenclast	%xmm5, %xmm8
+        pxor	%xmm0, %xmm8
+        leaq	(%rsi,%r12,1), %rcx
+        movdqu	%xmm8, (%rcx)
+        movdqa	%xmm0, %xmm4
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm0
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm0
+        addl	$16, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_encrypt_update_aesni_enc_16
+        cmpl	%eax, %r12d
+        je	L_AES_XTS_encrypt_update_aesni_done_enc
+L_AES_XTS_encrypt_update_aesni_last_15:
+        subq	$16, %r12
+        leaq	(%rsi,%r12,1), %rcx
+        movdqu	(%rcx), %xmm8
+        addq	$16, %r12
+        movdqu	%xmm8, (%rsp)
+        xorq	%rdx, %rdx
+L_AES_XTS_encrypt_update_aesni_last_15_byte_loop:
+        movb	(%rsp,%rdx,1), %r11b
+        movb	(%rdi,%r12,1), %cl
+        movb	%r11b, (%rsi,%r12,1)
+        movb	%cl, (%rsp,%rdx,1)
+        incl	%r12d
+        incl	%edx
+        cmpl	%eax, %r12d
+        jl	L_AES_XTS_encrypt_update_aesni_last_15_byte_loop
+        subq	%rdx, %r12
+        movdqu	(%rsp), %xmm8
+        subq	$16, %r12
+        pxor	%xmm0, %xmm8
+        # aes_enc_block
+        pxor	(%r10), %xmm8
+        movdqu	16(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	32(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	48(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	64(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	80(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	96(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	112(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	128(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        movdqu	144(%r10), %xmm5
+        aesenc	%xmm5, %xmm8
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last
+        aesenc	%xmm5, %xmm8
+        movdqu	176(%r10), %xmm6
+        aesenc	%xmm6, %xmm8
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last
+        aesenc	%xmm5, %xmm8
+        movdqu	208(%r10), %xmm6
+        aesenc	%xmm6, %xmm8
+        movdqu	224(%r10), %xmm5
+L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last:
+        aesenclast	%xmm5, %xmm8
+        pxor	%xmm0, %xmm8
+        leaq	(%rsi,%r12,1), %rcx
+        movdqu	%xmm8, (%rcx)
+L_AES_XTS_encrypt_update_aesni_done_enc:
+        movdqu	%xmm0, (%r8)
+        addq	$0x40, %rsp
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	AES_XTS_encrypt_update_aesni,.-AES_XTS_encrypt_update_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
 .globl	AES_XTS_decrypt_aesni
 .type	AES_XTS_decrypt_aesni,@function
 .align	16
@@ -752,8 +1090,401 @@ L_AES_XTS_decrypt_aesni_done_dec:
 #ifndef __APPLE__
 .size	AES_XTS_decrypt_aesni,.-AES_XTS_decrypt_aesni
 #endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	AES_XTS_decrypt_update_aesni
+.type	AES_XTS_decrypt_update_aesni,@function
+.align	16
+AES_XTS_decrypt_update_aesni:
+#else
+.section	__TEXT,__text
+.globl	_AES_XTS_decrypt_update_aesni
+.p2align	4
+_AES_XTS_decrypt_update_aesni:
+#endif /* __APPLE__ */
+        pushq	%r12
+        movq	%rdx, %rax
+        movq	%rcx, %r10
+        subq	$16, %rsp
+        movdqu	L_aes_xts_gc_xts(%rip), %xmm12
+        movdqu	(%r8), %xmm0
+        xorl	%r12d, %r12d
+        movl	%eax, %r11d
+        andl	$0xfffffff0, %r11d
+        cmpl	%eax, %r11d
+        je	L_AES_XTS_decrypt_update_aesni_mul16_64
+        subl	$16, %r11d
+        cmpl	$16, %r11d
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_start
+L_AES_XTS_decrypt_update_aesni_mul16_64:
+        cmpl	$0x40, %r11d
+        jl	L_AES_XTS_decrypt_update_aesni_done_64
+        andl	$0xffffffc0, %r11d
+L_AES_XTS_decrypt_update_aesni_dec_64:
+        # 64 bytes of input
+        # aes_dec_64
+        leaq	(%rdi,%r12,1), %rcx
+        leaq	(%rsi,%r12,1), %rdx
+        movdqu	(%rcx), %xmm8
+        movdqu	16(%rcx), %xmm9
+        movdqu	32(%rcx), %xmm10
+        movdqu	48(%rcx), %xmm11
+        movdqa	%xmm0, %xmm4
+        movdqa	%xmm0, %xmm1
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm1
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm1
+        movdqa	%xmm1, %xmm4
+        movdqa	%xmm1, %xmm2
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm2
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm2
+        movdqa	%xmm2, %xmm4
+        movdqa	%xmm2, %xmm3
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm3
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm3
+        pxor	%xmm0, %xmm8
+        pxor	%xmm1, %xmm9
+        pxor	%xmm2, %xmm10
+        pxor	%xmm3, %xmm11
+        # aes_dec_block
+        movdqu	(%r10), %xmm4
+        pxor	%xmm4, %xmm8
+        pxor	%xmm4, %xmm9
+        pxor	%xmm4, %xmm10
+        pxor	%xmm4, %xmm11
+        movdqu	16(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	32(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	48(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	64(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	80(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	96(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	112(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	128(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	144(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm4
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	176(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm4
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	208(%r10), %xmm4
+        aesdec	%xmm4, %xmm8
+        aesdec	%xmm4, %xmm9
+        aesdec	%xmm4, %xmm10
+        aesdec	%xmm4, %xmm11
+        movdqu	224(%r10), %xmm4
+L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last:
+        aesdeclast	%xmm4, %xmm8
+        aesdeclast	%xmm4, %xmm9
+        aesdeclast	%xmm4, %xmm10
+        aesdeclast	%xmm4, %xmm11
+        pxor	%xmm0, %xmm8
+        pxor	%xmm1, %xmm9
+        pxor	%xmm2, %xmm10
+        pxor	%xmm3, %xmm11
+        movdqu	%xmm8, (%rdx)
+        movdqu	%xmm9, 16(%rdx)
+        movdqu	%xmm10, 32(%rdx)
+        movdqu	%xmm11, 48(%rdx)
+        movdqa	%xmm3, %xmm4
+        movdqa	%xmm3, %xmm0
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm0
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm0
+        addl	$0x40, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_decrypt_update_aesni_dec_64
+L_AES_XTS_decrypt_update_aesni_done_64:
+        cmpl	%eax, %r12d
+        movl	%eax, %r11d
+        je	L_AES_XTS_decrypt_update_aesni_done_dec
+        andl	$0xfffffff0, %r11d
+        cmpl	%eax, %r11d
+        je	L_AES_XTS_decrypt_update_aesni_mul16
+        subl	$16, %r11d
+        subl	%r12d, %r11d
+        cmpl	$16, %r11d
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_start
+        addl	%r12d, %r11d
+L_AES_XTS_decrypt_update_aesni_mul16:
+L_AES_XTS_decrypt_update_aesni_dec_16:
+        # 16 bytes of input
+        leaq	(%rdi,%r12,1), %rcx
+        movdqu	(%rcx), %xmm8
+        pxor	%xmm0, %xmm8
+        # aes_dec_block
+        pxor	(%r10), %xmm8
+        movdqu	16(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	32(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	48(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	64(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	80(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	96(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	112(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	128(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	144(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_block_last
+        aesdec	%xmm5, %xmm8
+        movdqu	176(%r10), %xmm6
+        aesdec	%xmm6, %xmm8
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_block_last
+        aesdec	%xmm5, %xmm8
+        movdqu	208(%r10), %xmm6
+        aesdec	%xmm6, %xmm8
+        movdqu	224(%r10), %xmm5
+L_AES_XTS_decrypt_update_aesni_aes_dec_block_last:
+        aesdeclast	%xmm5, %xmm8
+        pxor	%xmm0, %xmm8
+        leaq	(%rsi,%r12,1), %rcx
+        movdqu	%xmm8, (%rcx)
+        movdqa	%xmm0, %xmm4
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm0
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm0
+        addl	$16, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_decrypt_update_aesni_dec_16
+        cmpl	%eax, %r12d
+        je	L_AES_XTS_decrypt_update_aesni_done_dec
+L_AES_XTS_decrypt_update_aesni_last_31_start:
+        movdqa	%xmm0, %xmm4
+        movdqa	%xmm0, %xmm7
+        psrad	$31, %xmm4
+        pslld	$0x01, %xmm7
+        pshufd	$0x93, %xmm4, %xmm4
+        pand	%xmm12, %xmm4
+        pxor	%xmm4, %xmm7
+        leaq	(%rdi,%r12,1), %rcx
+        movdqu	(%rcx), %xmm8
+        pxor	%xmm7, %xmm8
+        # aes_dec_block
+        pxor	(%r10), %xmm8
+        movdqu	16(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	32(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	48(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	64(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	80(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	96(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	112(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	128(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	144(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last
+        aesdec	%xmm5, %xmm8
+        movdqu	176(%r10), %xmm6
+        aesdec	%xmm6, %xmm8
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last
+        aesdec	%xmm5, %xmm8
+        movdqu	208(%r10), %xmm6
+        aesdec	%xmm6, %xmm8
+        movdqu	224(%r10), %xmm5
+L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last:
+        aesdeclast	%xmm5, %xmm8
+        pxor	%xmm7, %xmm8
+        movdqu	%xmm8, (%rsp)
+        addq	$16, %r12
+        xorq	%rdx, %rdx
+L_AES_XTS_decrypt_update_aesni_last_31_byte_loop:
+        movb	(%rsp,%rdx,1), %r11b
+        movb	(%rdi,%r12,1), %cl
+        movb	%r11b, (%rsi,%r12,1)
+        movb	%cl, (%rsp,%rdx,1)
+        incl	%r12d
+        incl	%edx
+        cmpl	%eax, %r12d
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_byte_loop
+        subq	%rdx, %r12
+        movdqu	(%rsp), %xmm8
+        pxor	%xmm0, %xmm8
+        # aes_dec_block
+        pxor	(%r10), %xmm8
+        movdqu	16(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	32(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	48(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	64(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	80(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	96(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	112(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	128(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        movdqu	144(%r10), %xmm5
+        aesdec	%xmm5, %xmm8
+        cmpl	$11, %r9d
+        movdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last
+        aesdec	%xmm5, %xmm8
+        movdqu	176(%r10), %xmm6
+        aesdec	%xmm6, %xmm8
+        cmpl	$13, %r9d
+        movdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last
+        aesdec	%xmm5, %xmm8
+        movdqu	208(%r10), %xmm6
+        aesdec	%xmm6, %xmm8
+        movdqu	224(%r10), %xmm5
+L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last:
+        aesdeclast	%xmm5, %xmm8
+        pxor	%xmm0, %xmm8
+        subq	$16, %r12
+        leaq	(%rsi,%r12,1), %rcx
+        movdqu	%xmm8, (%rcx)
+L_AES_XTS_decrypt_update_aesni_done_dec:
+        movdqu	%xmm0, (%r8)
+        addq	$16, %rsp
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	AES_XTS_decrypt_update_aesni,.-AES_XTS_decrypt_update_aesni
+#endif /* __APPLE__ */
 #ifdef HAVE_INTEL_AVX1
 #ifndef __APPLE__
+.text
+.globl	AES_XTS_init_avx1
+.type	AES_XTS_init_avx1,@function
+.align	16
+AES_XTS_init_avx1:
+#else
+.section	__TEXT,__text
+.globl	_AES_XTS_init_avx1
+.p2align	4
+_AES_XTS_init_avx1:
+#endif /* __APPLE__ */
+        movl	%edx, %eax
+        vmovdqu	(%rdi), %xmm0
+        # aes_enc_block
+        vpxor	(%rsi), %xmm0, %xmm0
+        vmovdqu	16(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	32(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	48(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	64(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	80(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	96(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	112(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	128(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	144(%rsi), %xmm2
+        vaesenc	%xmm2, %xmm0, %xmm0
+        cmpl	$11, %eax
+        vmovdqu	160(%rsi), %xmm2
+        jl	L_AES_XTS_init_avx1_tweak_aes_enc_block_last
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	176(%rsi), %xmm3
+        vaesenc	%xmm3, %xmm0, %xmm0
+        cmpl	$13, %eax
+        vmovdqu	192(%rsi), %xmm2
+        jl	L_AES_XTS_init_avx1_tweak_aes_enc_block_last
+        vaesenc	%xmm2, %xmm0, %xmm0
+        vmovdqu	208(%rsi), %xmm3
+        vaesenc	%xmm3, %xmm0, %xmm0
+        vmovdqu	224(%rsi), %xmm2
+L_AES_XTS_init_avx1_tweak_aes_enc_block_last:
+        vaesenclast	%xmm2, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        repz retq
+#ifndef __APPLE__
+.size	AES_XTS_init_avx1,.-AES_XTS_init_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
@@ -1066,7 +1797,6 @@ L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last:
         leaq	(%rsi,%r13,1), %rcx
         vmovdqu	%xmm8, (%rcx)
 L_AES_XTS_encrypt_avx1_done_enc:
-        vzeroupper
         addq	$0x40, %rsp
         popq	%r13
         popq	%r12
@@ -1076,6 +1806,282 @@ L_AES_XTS_encrypt_avx1_done_enc:
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
+.globl	AES_XTS_encrypt_update_avx1
+.type	AES_XTS_encrypt_update_avx1,@function
+.align	16
+AES_XTS_encrypt_update_avx1:
+#else
+.section	__TEXT,__text
+.globl	_AES_XTS_encrypt_update_avx1
+.p2align	4
+_AES_XTS_encrypt_update_avx1:
+#endif /* __APPLE__ */
+        pushq	%r12
+        movq	%rdx, %rax
+        movq	%rcx, %r10
+        subq	$0x40, %rsp
+        vmovdqu	L_avx1_aes_xts_gc_xts(%rip), %xmm12
+        vmovdqu	(%r8), %xmm0
+        xorl	%r12d, %r12d
+        cmpl	$0x40, %eax
+        movl	%eax, %r11d
+        jl	L_AES_XTS_encrypt_update_avx1_done_64
+        andl	$0xffffffc0, %r11d
+L_AES_XTS_encrypt_update_avx1_enc_64:
+        # 64 bytes of input
+        # aes_enc_64
+        leaq	(%rdi,%r12,1), %rcx
+        leaq	(%rsi,%r12,1), %rdx
+        vmovdqu	(%rcx), %xmm8
+        vmovdqu	16(%rcx), %xmm9
+        vmovdqu	32(%rcx), %xmm10
+        vmovdqu	48(%rcx), %xmm11
+        vpsrad	$31, %xmm0, %xmm4
+        vpslld	$0x01, %xmm0, %xmm1
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm1, %xmm1
+        vpsrad	$31, %xmm1, %xmm4
+        vpslld	$0x01, %xmm1, %xmm2
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm2, %xmm2
+        vpsrad	$31, %xmm2, %xmm4
+        vpslld	$0x01, %xmm2, %xmm3
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm3, %xmm3
+        vpxor	%xmm0, %xmm8, %xmm8
+        vpxor	%xmm1, %xmm9, %xmm9
+        vpxor	%xmm2, %xmm10, %xmm10
+        vpxor	%xmm3, %xmm11, %xmm11
+        # aes_enc_block
+        vmovdqu	(%r10), %xmm4
+        vpxor	%xmm4, %xmm8, %xmm8
+        vpxor	%xmm4, %xmm9, %xmm9
+        vpxor	%xmm4, %xmm10, %xmm10
+        vpxor	%xmm4, %xmm11, %xmm11
+        vmovdqu	16(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	32(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	48(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	64(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	80(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	96(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	112(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	128(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	144(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm4
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	176(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm4
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	208(%r10), %xmm4
+        vaesenc	%xmm4, %xmm8, %xmm8
+        vaesenc	%xmm4, %xmm9, %xmm9
+        vaesenc	%xmm4, %xmm10, %xmm10
+        vaesenc	%xmm4, %xmm11, %xmm11
+        vmovdqu	224(%r10), %xmm4
+L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last:
+        vaesenclast	%xmm4, %xmm8, %xmm8
+        vaesenclast	%xmm4, %xmm9, %xmm9
+        vaesenclast	%xmm4, %xmm10, %xmm10
+        vaesenclast	%xmm4, %xmm11, %xmm11
+        vpxor	%xmm0, %xmm8, %xmm8
+        vpxor	%xmm1, %xmm9, %xmm9
+        vpxor	%xmm2, %xmm10, %xmm10
+        vpxor	%xmm3, %xmm11, %xmm11
+        vmovdqu	%xmm8, (%rdx)
+        vmovdqu	%xmm9, 16(%rdx)
+        vmovdqu	%xmm10, 32(%rdx)
+        vmovdqu	%xmm11, 48(%rdx)
+        vpsrad	$31, %xmm3, %xmm4
+        vpslld	$0x01, %xmm3, %xmm0
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm0, %xmm0
+        addl	$0x40, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_encrypt_update_avx1_enc_64
+L_AES_XTS_encrypt_update_avx1_done_64:
+        cmpl	%eax, %r12d
+        movl	%eax, %r11d
+        je	L_AES_XTS_encrypt_update_avx1_done_enc
+        subl	%r12d, %r11d
+        cmpl	$16, %r11d
+        movl	%eax, %r11d
+        jl	L_AES_XTS_encrypt_update_avx1_last_15
+        andl	$0xfffffff0, %r11d
+        # 16 bytes of input
+L_AES_XTS_encrypt_update_avx1_enc_16:
+        leaq	(%rdi,%r12,1), %rcx
+        vmovdqu	(%rcx), %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        # aes_enc_block
+        vpxor	(%r10), %xmm8, %xmm8
+        vmovdqu	16(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	32(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	48(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	64(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	80(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	96(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	112(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	128(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	144(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_block_last
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	176(%r10), %xmm6
+        vaesenc	%xmm6, %xmm8, %xmm8
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_block_last
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	208(%r10), %xmm6
+        vaesenc	%xmm6, %xmm8, %xmm8
+        vmovdqu	224(%r10), %xmm5
+L_AES_XTS_encrypt_update_avx1_aes_enc_block_last:
+        vaesenclast	%xmm5, %xmm8, %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        leaq	(%rsi,%r12,1), %rcx
+        vmovdqu	%xmm8, (%rcx)
+        vpsrad	$31, %xmm0, %xmm4
+        vpslld	$0x01, %xmm0, %xmm0
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm0, %xmm0
+        addl	$16, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_encrypt_update_avx1_enc_16
+        cmpl	%eax, %r12d
+        je	L_AES_XTS_encrypt_update_avx1_done_enc
+L_AES_XTS_encrypt_update_avx1_last_15:
+        subq	$16, %r12
+        leaq	(%rsi,%r12,1), %rcx
+        vmovdqu	(%rcx), %xmm8
+        addq	$16, %r12
+        vmovdqu	%xmm8, (%rsp)
+        xorq	%rdx, %rdx
+L_AES_XTS_encrypt_update_avx1_last_15_byte_loop:
+        movb	(%rsp,%rdx,1), %r11b
+        movb	(%rdi,%r12,1), %cl
+        movb	%r11b, (%rsi,%r12,1)
+        movb	%cl, (%rsp,%rdx,1)
+        incl	%r12d
+        incl	%edx
+        cmpl	%eax, %r12d
+        jl	L_AES_XTS_encrypt_update_avx1_last_15_byte_loop
+        subq	%rdx, %r12
+        vmovdqu	(%rsp), %xmm8
+        subq	$16, %r12
+        vpxor	%xmm0, %xmm8, %xmm8
+        # aes_enc_block
+        vpxor	(%r10), %xmm8, %xmm8
+        vmovdqu	16(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	32(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	48(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	64(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	80(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	96(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	112(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	128(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	144(%r10), %xmm5
+        vaesenc	%xmm5, %xmm8, %xmm8
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	176(%r10), %xmm6
+        vaesenc	%xmm6, %xmm8, %xmm8
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last
+        vaesenc	%xmm5, %xmm8, %xmm8
+        vmovdqu	208(%r10), %xmm6
+        vaesenc	%xmm6, %xmm8, %xmm8
+        vmovdqu	224(%r10), %xmm5
+L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last:
+        vaesenclast	%xmm5, %xmm8, %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        leaq	(%rsi,%r12,1), %rcx
+        vmovdqu	%xmm8, (%rcx)
+L_AES_XTS_encrypt_update_avx1_done_enc:
+        vmovdqu	%xmm0, (%r8)
+        addq	$0x40, %rsp
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	AES_XTS_encrypt_update_avx1,.-AES_XTS_encrypt_update_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
 .globl	AES_XTS_decrypt_avx1
 .type	AES_XTS_decrypt_avx1,@function
 .align	16
@@ -1432,7 +2438,6 @@ L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last:
         leaq	(%rsi,%r13,1), %rcx
         vmovdqu	%xmm8, (%rcx)
 L_AES_XTS_decrypt_avx1_done_dec:
-        vzeroupper
         addq	$16, %rsp
         popq	%r13
         popq	%r12
@@ -1440,6 +2445,334 @@ L_AES_XTS_decrypt_avx1_done_dec:
 #ifndef __APPLE__
 .size	AES_XTS_decrypt_avx1,.-AES_XTS_decrypt_avx1
 #endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	AES_XTS_decrypt_update_avx1
+.type	AES_XTS_decrypt_update_avx1,@function
+.align	16
+AES_XTS_decrypt_update_avx1:
+#else
+.section	__TEXT,__text
+.globl	_AES_XTS_decrypt_update_avx1
+.p2align	4
+_AES_XTS_decrypt_update_avx1:
+#endif /* __APPLE__ */
+        pushq	%r12
+        movq	%rdx, %rax
+        movq	%rcx, %r10
+        subq	$16, %rsp
+        vmovdqu	L_avx1_aes_xts_gc_xts(%rip), %xmm12
+        vmovdqu	(%r8), %xmm0
+        xorl	%r12d, %r12d
+        movl	%eax, %r11d
+        andl	$0xfffffff0, %r11d
+        cmpl	%eax, %r11d
+        je	L_AES_XTS_decrypt_update_avx1_mul16_64
+        subl	$16, %r11d
+        cmpl	$16, %r11d
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_start
+L_AES_XTS_decrypt_update_avx1_mul16_64:
+        cmpl	$0x40, %r11d
+        jl	L_AES_XTS_decrypt_update_avx1_done_64
+        andl	$0xffffffc0, %r11d
+L_AES_XTS_decrypt_update_avx1_dec_64:
+        # 64 bytes of input
+        # aes_dec_64
+        leaq	(%rdi,%r12,1), %rcx
+        leaq	(%rsi,%r12,1), %rdx
+        vmovdqu	(%rcx), %xmm8
+        vmovdqu	16(%rcx), %xmm9
+        vmovdqu	32(%rcx), %xmm10
+        vmovdqu	48(%rcx), %xmm11
+        vpsrad	$31, %xmm0, %xmm4
+        vpslld	$0x01, %xmm0, %xmm1
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm1, %xmm1
+        vpsrad	$31, %xmm1, %xmm4
+        vpslld	$0x01, %xmm1, %xmm2
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm2, %xmm2
+        vpsrad	$31, %xmm2, %xmm4
+        vpslld	$0x01, %xmm2, %xmm3
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm3, %xmm3
+        vpxor	%xmm0, %xmm8, %xmm8
+        vpxor	%xmm1, %xmm9, %xmm9
+        vpxor	%xmm2, %xmm10, %xmm10
+        vpxor	%xmm3, %xmm11, %xmm11
+        # aes_dec_block
+        vmovdqu	(%r10), %xmm4
+        vpxor	%xmm4, %xmm8, %xmm8
+        vpxor	%xmm4, %xmm9, %xmm9
+        vpxor	%xmm4, %xmm10, %xmm10
+        vpxor	%xmm4, %xmm11, %xmm11
+        vmovdqu	16(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	32(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	48(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	64(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	80(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	96(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	112(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	128(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	144(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm4
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	176(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm4
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	208(%r10), %xmm4
+        vaesdec	%xmm4, %xmm8, %xmm8
+        vaesdec	%xmm4, %xmm9, %xmm9
+        vaesdec	%xmm4, %xmm10, %xmm10
+        vaesdec	%xmm4, %xmm11, %xmm11
+        vmovdqu	224(%r10), %xmm4
+L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last:
+        vaesdeclast	%xmm4, %xmm8, %xmm8
+        vaesdeclast	%xmm4, %xmm9, %xmm9
+        vaesdeclast	%xmm4, %xmm10, %xmm10
+        vaesdeclast	%xmm4, %xmm11, %xmm11
+        vpxor	%xmm0, %xmm8, %xmm8
+        vpxor	%xmm1, %xmm9, %xmm9
+        vpxor	%xmm2, %xmm10, %xmm10
+        vpxor	%xmm3, %xmm11, %xmm11
+        vmovdqu	%xmm8, (%rdx)
+        vmovdqu	%xmm9, 16(%rdx)
+        vmovdqu	%xmm10, 32(%rdx)
+        vmovdqu	%xmm11, 48(%rdx)
+        vpsrad	$31, %xmm3, %xmm4
+        vpslld	$0x01, %xmm3, %xmm0
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm0, %xmm0
+        addl	$0x40, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_decrypt_update_avx1_dec_64
+L_AES_XTS_decrypt_update_avx1_done_64:
+        cmpl	%eax, %r12d
+        movl	%eax, %r11d
+        je	L_AES_XTS_decrypt_update_avx1_done_dec
+        andl	$0xfffffff0, %r11d
+        cmpl	%eax, %r11d
+        je	L_AES_XTS_decrypt_update_avx1_mul16
+        subl	$16, %r11d
+        subl	%r12d, %r11d
+        cmpl	$16, %r11d
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_start
+        addl	%r12d, %r11d
+L_AES_XTS_decrypt_update_avx1_mul16:
+L_AES_XTS_decrypt_update_avx1_dec_16:
+        # 16 bytes of input
+        leaq	(%rdi,%r12,1), %rcx
+        vmovdqu	(%rcx), %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        # aes_dec_block
+        vpxor	(%r10), %xmm8, %xmm8
+        vmovdqu	16(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	32(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	48(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	64(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	80(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	96(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	112(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	128(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	144(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_block_last
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	176(%r10), %xmm6
+        vaesdec	%xmm6, %xmm8, %xmm8
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_block_last
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	208(%r10), %xmm6
+        vaesdec	%xmm6, %xmm8, %xmm8
+        vmovdqu	224(%r10), %xmm5
+L_AES_XTS_decrypt_update_avx1_aes_dec_block_last:
+        vaesdeclast	%xmm5, %xmm8, %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        leaq	(%rsi,%r12,1), %rcx
+        vmovdqu	%xmm8, (%rcx)
+        vpsrad	$31, %xmm0, %xmm4
+        vpslld	$0x01, %xmm0, %xmm0
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm0, %xmm0
+        addl	$16, %r12d
+        cmpl	%r11d, %r12d
+        jl	L_AES_XTS_decrypt_update_avx1_dec_16
+        cmpl	%eax, %r12d
+        je	L_AES_XTS_decrypt_update_avx1_done_dec
+L_AES_XTS_decrypt_update_avx1_last_31_start:
+        vpsrad	$31, %xmm0, %xmm4
+        vpslld	$0x01, %xmm0, %xmm7
+        vpshufd	$0x93, %xmm4, %xmm4
+        vpand	%xmm12, %xmm4, %xmm4
+        vpxor	%xmm4, %xmm7, %xmm7
+        leaq	(%rdi,%r12,1), %rcx
+        vmovdqu	(%rcx), %xmm8
+        vpxor	%xmm7, %xmm8, %xmm8
+        # aes_dec_block
+        vpxor	(%r10), %xmm8, %xmm8
+        vmovdqu	16(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	32(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	48(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	64(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	80(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	96(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	112(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	128(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	144(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	176(%r10), %xmm6
+        vaesdec	%xmm6, %xmm8, %xmm8
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	208(%r10), %xmm6
+        vaesdec	%xmm6, %xmm8, %xmm8
+        vmovdqu	224(%r10), %xmm5
+L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last:
+        vaesdeclast	%xmm5, %xmm8, %xmm8
+        vpxor	%xmm7, %xmm8, %xmm8
+        vmovdqu	%xmm8, (%rsp)
+        addq	$16, %r12
+        xorq	%rdx, %rdx
+L_AES_XTS_decrypt_update_avx1_last_31_byte_loop:
+        movb	(%rsp,%rdx,1), %r11b
+        movb	(%rdi,%r12,1), %cl
+        movb	%r11b, (%rsi,%r12,1)
+        movb	%cl, (%rsp,%rdx,1)
+        incl	%r12d
+        incl	%edx
+        cmpl	%eax, %r12d
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_byte_loop
+        subq	%rdx, %r12
+        vmovdqu	(%rsp), %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        # aes_dec_block
+        vpxor	(%r10), %xmm8, %xmm8
+        vmovdqu	16(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	32(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	48(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	64(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	80(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	96(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	112(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	128(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	144(%r10), %xmm5
+        vaesdec	%xmm5, %xmm8, %xmm8
+        cmpl	$11, %r9d
+        vmovdqu	160(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	176(%r10), %xmm6
+        vaesdec	%xmm6, %xmm8, %xmm8
+        cmpl	$13, %r9d
+        vmovdqu	192(%r10), %xmm5
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last
+        vaesdec	%xmm5, %xmm8, %xmm8
+        vmovdqu	208(%r10), %xmm6
+        vaesdec	%xmm6, %xmm8, %xmm8
+        vmovdqu	224(%r10), %xmm5
+L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last:
+        vaesdeclast	%xmm5, %xmm8, %xmm8
+        vpxor	%xmm0, %xmm8, %xmm8
+        subq	$16, %r12
+        leaq	(%rsi,%r12,1), %rcx
+        vmovdqu	%xmm8, (%rcx)
+L_AES_XTS_decrypt_update_avx1_done_dec:
+        vmovdqu	%xmm0, (%r8)
+        addq	$16, %rsp
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	AES_XTS_decrypt_update_avx1,.-AES_XTS_decrypt_update_avx1
+#endif /* __APPLE__ */
 #endif /* HAVE_INTEL_AVX1 */
 #endif /* WOLFSSL_X86_64_BUILD */
 #endif /* WOLFSSL_AES_XTS */
diff --git a/wolfcrypt/src/aes_xts_asm.asm b/wolfcrypt/src/aes_xts_asm.asm
new file mode 100644
index 000000000..731334465
--- /dev/null
+++ b/wolfcrypt/src/aes_xts_asm.asm
@@ -0,0 +1,2832 @@
+; /* aes_xts_asm.asm */
+; /*
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
+;  *
+;  * This file is part of wolfSSL.
+;  *
+;  * wolfSSL is free software; you can redistribute it and/or modify
+;  * it under the terms of the GNU General Public License as published by
+;  * the Free Software Foundation; either version 2 of the License, or
+;  * (at your option) any later version.
+;  *
+;  * wolfSSL is distributed in the hope that it will be useful,
+;  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+;  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;  * GNU General Public License for more details.
+;  *
+;  * You should have received a copy of the GNU General Public License
+;  * along with this program; if not, write to the Free Software
+;  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+;  */
+IF @Version LT 1200
+; AVX2 instructions not recognized by old versions of MASM
+IFNDEF NO_AVX2_SUPPORT
+NO_AVX2_SUPPORT = 1
+ENDIF
+; MOVBE instruction not recognized by old versions of MASM
+IFNDEF NO_MOVBE_SUPPORT
+NO_MOVBE_SUPPORT = 1
+ENDIF
+ENDIF
+
+IFNDEF HAVE_INTEL_AVX1
+HAVE_INTEL_AVX1 = 1
+ENDIF
+IFNDEF NO_AVX2_SUPPORT
+HAVE_INTEL_AVX2 = 1
+ENDIF
+
+IFNDEF _WIN64
+_WIN64 = 1
+ENDIF
+
+_text SEGMENT READONLY PARA
+AES_XTS_init_aesni PROC
+        movdqu	xmm0, OWORD PTR [rcx]
+        ; aes_enc_block
+        pxor	xmm0, [rdx]
+        movdqu	xmm2, OWORD PTR [rdx+16]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+32]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+48]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+64]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+80]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+96]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+112]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+128]
+        aesenc	xmm0, xmm2
+        movdqu	xmm2, OWORD PTR [rdx+144]
+        aesenc	xmm0, xmm2
+        cmp	r8d, 11
+        movdqu	xmm2, OWORD PTR [rdx+160]
+        jl	L_AES_XTS_init_aesni_tweak_aes_enc_block_last
+        aesenc	xmm0, xmm2
+        movdqu	xmm3, OWORD PTR [rdx+176]
+        aesenc	xmm0, xmm3
+        cmp	r8d, 13
+        movdqu	xmm2, OWORD PTR [rdx+192]
+        jl	L_AES_XTS_init_aesni_tweak_aes_enc_block_last
+        aesenc	xmm0, xmm2
+        movdqu	xmm3, OWORD PTR [rdx+208]
+        aesenc	xmm0, xmm3
+        movdqu	xmm2, OWORD PTR [rdx+224]
+L_AES_XTS_init_aesni_tweak_aes_enc_block_last:
+        aesenclast	xmm0, xmm2
+        movdqu	OWORD PTR [rcx], xmm0
+        ret
+AES_XTS_init_aesni ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
+L_aes_xts_gc_xts DWORD 135,1,1,1
+ptr_L_aes_xts_gc_xts QWORD L_aes_xts_gc_xts
+_DATA ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_encrypt_aesni PROC
+        push	rdi
+        push	rsi
+        push	r12
+        push	r13
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r12, r9
+        mov	r8, QWORD PTR [rsp+72]
+        mov	r9, QWORD PTR [rsp+80]
+        mov	r10d, DWORD PTR [rsp+88]
+        sub	rsp, 176
+        movdqu	OWORD PTR [rsp+64], xmm6
+        movdqu	OWORD PTR [rsp+80], xmm7
+        movdqu	OWORD PTR [rsp+96], xmm8
+        movdqu	OWORD PTR [rsp+112], xmm9
+        movdqu	OWORD PTR [rsp+128], xmm10
+        movdqu	OWORD PTR [rsp+144], xmm11
+        movdqu	OWORD PTR [rsp+160], xmm12
+        movdqu	xmm12, OWORD PTR L_aes_xts_gc_xts
+        movdqu	xmm0, OWORD PTR [r12]
+        ; aes_enc_block
+        pxor	xmm0, [r9]
+        movdqu	xmm5, OWORD PTR [r9+16]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+32]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+48]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+64]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+80]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+96]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+112]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+128]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+144]
+        aesenc	xmm0, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r9+160]
+        jl	L_AES_XTS_encrypt_aesni_tweak_aes_enc_block_last
+        aesenc	xmm0, xmm5
+        movdqu	xmm6, OWORD PTR [r9+176]
+        aesenc	xmm0, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r9+192]
+        jl	L_AES_XTS_encrypt_aesni_tweak_aes_enc_block_last
+        aesenc	xmm0, xmm5
+        movdqu	xmm6, OWORD PTR [r9+208]
+        aesenc	xmm0, xmm6
+        movdqu	xmm5, OWORD PTR [r9+224]
+L_AES_XTS_encrypt_aesni_tweak_aes_enc_block_last:
+        aesenclast	xmm0, xmm5
+        xor	r13d, r13d
+        cmp	eax, 64
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_aesni_done_64
+        and	r11d, 4294967232
+L_AES_XTS_encrypt_aesni_enc_64:
+        ; 64 bytes of input
+        ; aes_enc_64
+        lea	rcx, QWORD PTR [rdi+r13]
+        lea	rdx, QWORD PTR [rsi+r13]
+        movdqu	xmm8, OWORD PTR [rcx]
+        movdqu	xmm9, OWORD PTR [rcx+16]
+        movdqu	xmm10, OWORD PTR [rcx+32]
+        movdqu	xmm11, OWORD PTR [rcx+48]
+        movdqa	xmm4, xmm0
+        movdqa	xmm1, xmm0
+        psrad	xmm4, 31
+        pslld	xmm1, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm1, xmm4
+        movdqa	xmm4, xmm1
+        movdqa	xmm2, xmm1
+        psrad	xmm4, 31
+        pslld	xmm2, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm2, xmm4
+        movdqa	xmm4, xmm2
+        movdqa	xmm3, xmm2
+        psrad	xmm4, 31
+        pslld	xmm3, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm3, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        ; aes_enc_block
+        movdqu	xmm4, OWORD PTR [r8]
+        pxor	xmm8, xmm4
+        pxor	xmm9, xmm4
+        pxor	xmm10, xmm4
+        pxor	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+16]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+32]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+48]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+64]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+80]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+96]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+112]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+128]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+144]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        cmp	r10d, 11
+        movdqu	xmm4, OWORD PTR [r8+160]
+        jl	L_AES_XTS_encrypt_aesni_aes_enc_64_aes_enc_block_last
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+176]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        cmp	r10d, 13
+        movdqu	xmm4, OWORD PTR [r8+192]
+        jl	L_AES_XTS_encrypt_aesni_aes_enc_64_aes_enc_block_last
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+208]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+224]
+L_AES_XTS_encrypt_aesni_aes_enc_64_aes_enc_block_last:
+        aesenclast	xmm8, xmm4
+        aesenclast	xmm9, xmm4
+        aesenclast	xmm10, xmm4
+        aesenclast	xmm11, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
+        movdqa	xmm4, xmm3
+        movdqa	xmm0, xmm3
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r13d, 64
+        cmp	r13d, r11d
+        jl	L_AES_XTS_encrypt_aesni_enc_64
+L_AES_XTS_encrypt_aesni_done_64:
+        cmp	r13d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_encrypt_aesni_done_enc
+        sub	r11d, r13d
+        cmp	r11d, 16
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_aesni_last_15
+        and	r11d, 4294967280
+        ; 16 bytes of input
+L_AES_XTS_encrypt_aesni_enc_16:
+        lea	rcx, QWORD PTR [rdi+r13]
+        movdqu	xmm8, OWORD PTR [rcx]
+        pxor	xmm8, xmm0
+        ; aes_enc_block
+        pxor	xmm8, [r8]
+        movdqu	xmm5, OWORD PTR [r8+16]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+32]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+48]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+64]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+80]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+96]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+112]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+128]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+144]
+        aesenc	xmm8, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_encrypt_aesni_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+176]
+        aesenc	xmm8, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_encrypt_aesni_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+208]
+        aesenc	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_encrypt_aesni_aes_enc_block_last:
+        aesenclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r13]
+        movdqu	OWORD PTR [rcx], xmm8
+        movdqa	xmm4, xmm0
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r13d, 16
+        cmp	r13d, r11d
+        jl	L_AES_XTS_encrypt_aesni_enc_16
+        cmp	r13d, eax
+        je	L_AES_XTS_encrypt_aesni_done_enc
+L_AES_XTS_encrypt_aesni_last_15:
+        sub	r13, 16
+        lea	rcx, QWORD PTR [rsi+r13]
+        movdqu	xmm8, OWORD PTR [rcx]
+        add	r13, 16
+        movdqu	OWORD PTR [rsp], xmm8
+        xor	rdx, rdx
+L_AES_XTS_encrypt_aesni_last_15_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r13]
+        mov	BYTE PTR [rsi+r13], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r13d
+        inc	edx
+        cmp	r13d, eax
+        jl	L_AES_XTS_encrypt_aesni_last_15_byte_loop
+        sub	r13, rdx
+        movdqu	xmm8, OWORD PTR [rsp]
+        sub	r13, 16
+        pxor	xmm8, xmm0
+        ; aes_enc_block
+        pxor	xmm8, [r8]
+        movdqu	xmm5, OWORD PTR [r8+16]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+32]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+48]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+64]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+80]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+96]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+112]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+128]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+144]
+        aesenc	xmm8, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_encrypt_aesni_last_15_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+176]
+        aesenc	xmm8, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_encrypt_aesni_last_15_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+208]
+        aesenc	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_encrypt_aesni_last_15_aes_enc_block_last:
+        aesenclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r13]
+        movdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_encrypt_aesni_done_enc:
+        movdqu	xmm6, OWORD PTR [rsp+64]
+        movdqu	xmm7, OWORD PTR [rsp+80]
+        movdqu	xmm8, OWORD PTR [rsp+96]
+        movdqu	xmm9, OWORD PTR [rsp+112]
+        movdqu	xmm10, OWORD PTR [rsp+128]
+        movdqu	xmm11, OWORD PTR [rsp+144]
+        movdqu	xmm12, OWORD PTR [rsp+160]
+        add	rsp, 176
+        pop	r13
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_encrypt_aesni ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_encrypt_update_aesni PROC
+        push	rdi
+        push	rsi
+        push	r12
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r10, r9
+        mov	r8, QWORD PTR [rsp+64]
+        mov	r9d, DWORD PTR [rsp+72]
+        sub	rsp, 176
+        movdqu	OWORD PTR [rsp+64], xmm6
+        movdqu	OWORD PTR [rsp+80], xmm7
+        movdqu	OWORD PTR [rsp+96], xmm8
+        movdqu	OWORD PTR [rsp+112], xmm9
+        movdqu	OWORD PTR [rsp+128], xmm10
+        movdqu	OWORD PTR [rsp+144], xmm11
+        movdqu	OWORD PTR [rsp+160], xmm12
+        movdqu	xmm12, OWORD PTR L_aes_xts_gc_xts
+        movdqu	xmm0, OWORD PTR [r8]
+        xor	r12d, r12d
+        cmp	eax, 64
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_update_aesni_done_64
+        and	r11d, 4294967232
+L_AES_XTS_encrypt_update_aesni_enc_64:
+        ; 64 bytes of input
+        ; aes_enc_64
+        lea	rcx, QWORD PTR [rdi+r12]
+        lea	rdx, QWORD PTR [rsi+r12]
+        movdqu	xmm8, OWORD PTR [rcx]
+        movdqu	xmm9, OWORD PTR [rcx+16]
+        movdqu	xmm10, OWORD PTR [rcx+32]
+        movdqu	xmm11, OWORD PTR [rcx+48]
+        movdqa	xmm4, xmm0
+        movdqa	xmm1, xmm0
+        psrad	xmm4, 31
+        pslld	xmm1, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm1, xmm4
+        movdqa	xmm4, xmm1
+        movdqa	xmm2, xmm1
+        psrad	xmm4, 31
+        pslld	xmm2, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm2, xmm4
+        movdqa	xmm4, xmm2
+        movdqa	xmm3, xmm2
+        psrad	xmm4, 31
+        pslld	xmm3, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm3, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        ; aes_enc_block
+        movdqu	xmm4, OWORD PTR [r10]
+        pxor	xmm8, xmm4
+        pxor	xmm9, xmm4
+        pxor	xmm10, xmm4
+        pxor	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+16]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+32]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+48]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+64]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+80]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+96]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+112]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+128]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+144]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        cmp	r9d, 11
+        movdqu	xmm4, OWORD PTR [r10+160]
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+176]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        cmp	r9d, 13
+        movdqu	xmm4, OWORD PTR [r10+192]
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+208]
+        aesenc	xmm8, xmm4
+        aesenc	xmm9, xmm4
+        aesenc	xmm10, xmm4
+        aesenc	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+224]
+L_AES_XTS_encrypt_update_aesni_aes_enc_64_aes_enc_block_last:
+        aesenclast	xmm8, xmm4
+        aesenclast	xmm9, xmm4
+        aesenclast	xmm10, xmm4
+        aesenclast	xmm11, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
+        movdqa	xmm4, xmm3
+        movdqa	xmm0, xmm3
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r12d, 64
+        cmp	r12d, r11d
+        jl	L_AES_XTS_encrypt_update_aesni_enc_64
+L_AES_XTS_encrypt_update_aesni_done_64:
+        cmp	r12d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_encrypt_update_aesni_done_enc
+        sub	r11d, r12d
+        cmp	r11d, 16
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_update_aesni_last_15
+        and	r11d, 4294967280
+        ; 16 bytes of input
+L_AES_XTS_encrypt_update_aesni_enc_16:
+        lea	rcx, QWORD PTR [rdi+r12]
+        movdqu	xmm8, OWORD PTR [rcx]
+        pxor	xmm8, xmm0
+        ; aes_enc_block
+        pxor	xmm8, [r10]
+        movdqu	xmm5, OWORD PTR [r10+16]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+32]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+48]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+64]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+80]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+96]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+112]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+128]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+144]
+        aesenc	xmm8, xmm5
+        cmp	r9d, 11
+        movdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+176]
+        aesenc	xmm8, xmm6
+        cmp	r9d, 13
+        movdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_encrypt_update_aesni_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+208]
+        aesenc	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_encrypt_update_aesni_aes_enc_block_last:
+        aesenclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r12]
+        movdqu	OWORD PTR [rcx], xmm8
+        movdqa	xmm4, xmm0
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r12d, 16
+        cmp	r12d, r11d
+        jl	L_AES_XTS_encrypt_update_aesni_enc_16
+        cmp	r12d, eax
+        je	L_AES_XTS_encrypt_update_aesni_done_enc
+L_AES_XTS_encrypt_update_aesni_last_15:
+        sub	r12, 16
+        lea	rcx, QWORD PTR [rsi+r12]
+        movdqu	xmm8, OWORD PTR [rcx]
+        add	r12, 16
+        movdqu	OWORD PTR [rsp], xmm8
+        xor	rdx, rdx
+L_AES_XTS_encrypt_update_aesni_last_15_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r12]
+        mov	BYTE PTR [rsi+r12], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r12d
+        inc	edx
+        cmp	r12d, eax
+        jl	L_AES_XTS_encrypt_update_aesni_last_15_byte_loop
+        sub	r12, rdx
+        movdqu	xmm8, OWORD PTR [rsp]
+        sub	r12, 16
+        pxor	xmm8, xmm0
+        ; aes_enc_block
+        pxor	xmm8, [r10]
+        movdqu	xmm5, OWORD PTR [r10+16]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+32]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+48]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+64]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+80]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+96]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+112]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+128]
+        aesenc	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+144]
+        aesenc	xmm8, xmm5
+        cmp	r9d, 11
+        movdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+176]
+        aesenc	xmm8, xmm6
+        cmp	r9d, 13
+        movdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last
+        aesenc	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+208]
+        aesenc	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_encrypt_update_aesni_last_15_aes_enc_block_last:
+        aesenclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r12]
+        movdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_encrypt_update_aesni_done_enc:
+        movdqu	OWORD PTR [r8], xmm0
+        movdqu	xmm6, OWORD PTR [rsp+64]
+        movdqu	xmm7, OWORD PTR [rsp+80]
+        movdqu	xmm8, OWORD PTR [rsp+96]
+        movdqu	xmm9, OWORD PTR [rsp+112]
+        movdqu	xmm10, OWORD PTR [rsp+128]
+        movdqu	xmm11, OWORD PTR [rsp+144]
+        movdqu	xmm12, OWORD PTR [rsp+160]
+        add	rsp, 176
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_encrypt_update_aesni ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_decrypt_aesni PROC
+        push	rdi
+        push	rsi
+        push	r12
+        push	r13
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r12, r9
+        mov	r8, QWORD PTR [rsp+72]
+        mov	r9, QWORD PTR [rsp+80]
+        mov	r10d, DWORD PTR [rsp+88]
+        sub	rsp, 128
+        movdqu	OWORD PTR [rsp+16], xmm6
+        movdqu	OWORD PTR [rsp+32], xmm7
+        movdqu	OWORD PTR [rsp+48], xmm8
+        movdqu	OWORD PTR [rsp+64], xmm9
+        movdqu	OWORD PTR [rsp+80], xmm10
+        movdqu	OWORD PTR [rsp+96], xmm11
+        movdqu	OWORD PTR [rsp+112], xmm12
+        movdqu	xmm12, OWORD PTR L_aes_xts_gc_xts
+        movdqu	xmm0, OWORD PTR [r12]
+        ; aes_enc_block
+        pxor	xmm0, [r9]
+        movdqu	xmm5, OWORD PTR [r9+16]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+32]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+48]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+64]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+80]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+96]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+112]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+128]
+        aesenc	xmm0, xmm5
+        movdqu	xmm5, OWORD PTR [r9+144]
+        aesenc	xmm0, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r9+160]
+        jl	L_AES_XTS_decrypt_aesni_tweak_aes_enc_block_last
+        aesenc	xmm0, xmm5
+        movdqu	xmm6, OWORD PTR [r9+176]
+        aesenc	xmm0, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r9+192]
+        jl	L_AES_XTS_decrypt_aesni_tweak_aes_enc_block_last
+        aesenc	xmm0, xmm5
+        movdqu	xmm6, OWORD PTR [r9+208]
+        aesenc	xmm0, xmm6
+        movdqu	xmm5, OWORD PTR [r9+224]
+L_AES_XTS_decrypt_aesni_tweak_aes_enc_block_last:
+        aesenclast	xmm0, xmm5
+        xor	r13d, r13d
+        mov	r11d, eax
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_aesni_mul16_64
+        sub	r11d, 16
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_aesni_last_31_start
+L_AES_XTS_decrypt_aesni_mul16_64:
+        cmp	r11d, 64
+        jl	L_AES_XTS_decrypt_aesni_done_64
+        and	r11d, 4294967232
+L_AES_XTS_decrypt_aesni_dec_64:
+        ; 64 bytes of input
+        ; aes_dec_64
+        lea	rcx, QWORD PTR [rdi+r13]
+        lea	rdx, QWORD PTR [rsi+r13]
+        movdqu	xmm8, OWORD PTR [rcx]
+        movdqu	xmm9, OWORD PTR [rcx+16]
+        movdqu	xmm10, OWORD PTR [rcx+32]
+        movdqu	xmm11, OWORD PTR [rcx+48]
+        movdqa	xmm4, xmm0
+        movdqa	xmm1, xmm0
+        psrad	xmm4, 31
+        pslld	xmm1, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm1, xmm4
+        movdqa	xmm4, xmm1
+        movdqa	xmm2, xmm1
+        psrad	xmm4, 31
+        pslld	xmm2, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm2, xmm4
+        movdqa	xmm4, xmm2
+        movdqa	xmm3, xmm2
+        psrad	xmm4, 31
+        pslld	xmm3, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm3, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        ; aes_dec_block
+        movdqu	xmm4, OWORD PTR [r8]
+        pxor	xmm8, xmm4
+        pxor	xmm9, xmm4
+        pxor	xmm10, xmm4
+        pxor	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+16]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+32]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+48]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+64]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+80]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+96]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+112]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+128]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+144]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        cmp	r10d, 11
+        movdqu	xmm4, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_aesni_aes_dec_64_aes_dec_block_last
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+176]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        cmp	r10d, 13
+        movdqu	xmm4, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_aesni_aes_dec_64_aes_dec_block_last
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+208]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_aesni_aes_dec_64_aes_dec_block_last:
+        aesdeclast	xmm8, xmm4
+        aesdeclast	xmm9, xmm4
+        aesdeclast	xmm10, xmm4
+        aesdeclast	xmm11, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
+        movdqa	xmm4, xmm3
+        movdqa	xmm0, xmm3
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r13d, 64
+        cmp	r13d, r11d
+        jl	L_AES_XTS_decrypt_aesni_dec_64
+L_AES_XTS_decrypt_aesni_done_64:
+        cmp	r13d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_decrypt_aesni_done_dec
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_aesni_mul16
+        sub	r11d, 16
+        sub	r11d, r13d
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_aesni_last_31_start
+        add	r11d, r13d
+L_AES_XTS_decrypt_aesni_mul16:
+L_AES_XTS_decrypt_aesni_dec_16:
+        ; 16 bytes of input
+        lea	rcx, QWORD PTR [rdi+r13]
+        movdqu	xmm8, OWORD PTR [rcx]
+        pxor	xmm8, xmm0
+        ; aes_dec_block
+        pxor	xmm8, [r8]
+        movdqu	xmm5, OWORD PTR [r8+16]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+32]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+48]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+64]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+80]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+96]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+112]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+128]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+144]
+        aesdec	xmm8, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_aesni_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+176]
+        aesdec	xmm8, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_aesni_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+208]
+        aesdec	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_aesni_aes_dec_block_last:
+        aesdeclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r13]
+        movdqu	OWORD PTR [rcx], xmm8
+        movdqa	xmm4, xmm0
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r13d, 16
+        cmp	r13d, r11d
+        jl	L_AES_XTS_decrypt_aesni_dec_16
+        cmp	r13d, eax
+        je	L_AES_XTS_decrypt_aesni_done_dec
+L_AES_XTS_decrypt_aesni_last_31_start:
+        movdqa	xmm4, xmm0
+        movdqa	xmm7, xmm0
+        psrad	xmm4, 31
+        pslld	xmm7, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm7, xmm4
+        lea	rcx, QWORD PTR [rdi+r13]
+        movdqu	xmm8, OWORD PTR [rcx]
+        pxor	xmm8, xmm7
+        ; aes_dec_block
+        pxor	xmm8, [r8]
+        movdqu	xmm5, OWORD PTR [r8+16]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+32]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+48]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+64]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+80]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+96]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+112]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+128]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+144]
+        aesdec	xmm8, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_aesni_last_31_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+176]
+        aesdec	xmm8, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_aesni_last_31_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+208]
+        aesdec	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_aesni_last_31_aes_dec_block_last:
+        aesdeclast	xmm8, xmm5
+        pxor	xmm8, xmm7
+        movdqu	OWORD PTR [rsp], xmm8
+        add	r13, 16
+        xor	rdx, rdx
+L_AES_XTS_decrypt_aesni_last_31_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r13]
+        mov	BYTE PTR [rsi+r13], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r13d
+        inc	edx
+        cmp	r13d, eax
+        jl	L_AES_XTS_decrypt_aesni_last_31_byte_loop
+        sub	r13, rdx
+        movdqu	xmm8, OWORD PTR [rsp]
+        pxor	xmm8, xmm0
+        ; aes_dec_block
+        pxor	xmm8, [r8]
+        movdqu	xmm5, OWORD PTR [r8+16]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+32]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+48]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+64]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+80]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+96]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+112]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+128]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r8+144]
+        aesdec	xmm8, xmm5
+        cmp	r10d, 11
+        movdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_aesni_last_31_2_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+176]
+        aesdec	xmm8, xmm6
+        cmp	r10d, 13
+        movdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_aesni_last_31_2_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r8+208]
+        aesdec	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_aesni_last_31_2_aes_dec_block_last:
+        aesdeclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        sub	r13, 16
+        lea	rcx, QWORD PTR [rsi+r13]
+        movdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_decrypt_aesni_done_dec:
+        movdqu	xmm6, OWORD PTR [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm8, OWORD PTR [rsp+48]
+        movdqu	xmm9, OWORD PTR [rsp+64]
+        movdqu	xmm10, OWORD PTR [rsp+80]
+        movdqu	xmm11, OWORD PTR [rsp+96]
+        movdqu	xmm12, OWORD PTR [rsp+112]
+        add	rsp, 128
+        pop	r13
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_decrypt_aesni ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_decrypt_update_aesni PROC
+        push	rdi
+        push	rsi
+        push	r12
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r10, r9
+        mov	r8, QWORD PTR [rsp+64]
+        mov	r9d, DWORD PTR [rsp+72]
+        sub	rsp, 128
+        movdqu	OWORD PTR [rsp+16], xmm6
+        movdqu	OWORD PTR [rsp+32], xmm7
+        movdqu	OWORD PTR [rsp+48], xmm8
+        movdqu	OWORD PTR [rsp+64], xmm9
+        movdqu	OWORD PTR [rsp+80], xmm10
+        movdqu	OWORD PTR [rsp+96], xmm11
+        movdqu	OWORD PTR [rsp+112], xmm12
+        movdqu	xmm12, OWORD PTR L_aes_xts_gc_xts
+        movdqu	xmm0, OWORD PTR [r8]
+        xor	r12d, r12d
+        mov	r11d, eax
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_update_aesni_mul16_64
+        sub	r11d, 16
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_start
+L_AES_XTS_decrypt_update_aesni_mul16_64:
+        cmp	r11d, 64
+        jl	L_AES_XTS_decrypt_update_aesni_done_64
+        and	r11d, 4294967232
+L_AES_XTS_decrypt_update_aesni_dec_64:
+        ; 64 bytes of input
+        ; aes_dec_64
+        lea	rcx, QWORD PTR [rdi+r12]
+        lea	rdx, QWORD PTR [rsi+r12]
+        movdqu	xmm8, OWORD PTR [rcx]
+        movdqu	xmm9, OWORD PTR [rcx+16]
+        movdqu	xmm10, OWORD PTR [rcx+32]
+        movdqu	xmm11, OWORD PTR [rcx+48]
+        movdqa	xmm4, xmm0
+        movdqa	xmm1, xmm0
+        psrad	xmm4, 31
+        pslld	xmm1, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm1, xmm4
+        movdqa	xmm4, xmm1
+        movdqa	xmm2, xmm1
+        psrad	xmm4, 31
+        pslld	xmm2, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm2, xmm4
+        movdqa	xmm4, xmm2
+        movdqa	xmm3, xmm2
+        psrad	xmm4, 31
+        pslld	xmm3, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm3, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        ; aes_dec_block
+        movdqu	xmm4, OWORD PTR [r10]
+        pxor	xmm8, xmm4
+        pxor	xmm9, xmm4
+        pxor	xmm10, xmm4
+        pxor	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+16]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+32]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+48]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+64]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+80]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+96]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+112]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+128]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+144]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        cmp	r9d, 11
+        movdqu	xmm4, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+176]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        cmp	r9d, 13
+        movdqu	xmm4, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+208]
+        aesdec	xmm8, xmm4
+        aesdec	xmm9, xmm4
+        aesdec	xmm10, xmm4
+        aesdec	xmm11, xmm4
+        movdqu	xmm4, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_aesni_aes_dec_64_aes_dec_block_last:
+        aesdeclast	xmm8, xmm4
+        aesdeclast	xmm9, xmm4
+        aesdeclast	xmm10, xmm4
+        aesdeclast	xmm11, xmm4
+        pxor	xmm8, xmm0
+        pxor	xmm9, xmm1
+        pxor	xmm10, xmm2
+        pxor	xmm11, xmm3
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	OWORD PTR [rdx+16], xmm9
+        movdqu	OWORD PTR [rdx+32], xmm10
+        movdqu	OWORD PTR [rdx+48], xmm11
+        movdqa	xmm4, xmm3
+        movdqa	xmm0, xmm3
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r12d, 64
+        cmp	r12d, r11d
+        jl	L_AES_XTS_decrypt_update_aesni_dec_64
+L_AES_XTS_decrypt_update_aesni_done_64:
+        cmp	r12d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_decrypt_update_aesni_done_dec
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_update_aesni_mul16
+        sub	r11d, 16
+        sub	r11d, r12d
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_start
+        add	r11d, r12d
+L_AES_XTS_decrypt_update_aesni_mul16:
+L_AES_XTS_decrypt_update_aesni_dec_16:
+        ; 16 bytes of input
+        lea	rcx, QWORD PTR [rdi+r12]
+        movdqu	xmm8, OWORD PTR [rcx]
+        pxor	xmm8, xmm0
+        ; aes_dec_block
+        pxor	xmm8, [r10]
+        movdqu	xmm5, OWORD PTR [r10+16]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+32]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+48]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+64]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+80]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+96]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+112]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+128]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+144]
+        aesdec	xmm8, xmm5
+        cmp	r9d, 11
+        movdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+176]
+        aesdec	xmm8, xmm6
+        cmp	r9d, 13
+        movdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_aesni_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+208]
+        aesdec	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_aesni_aes_dec_block_last:
+        aesdeclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r12]
+        movdqu	OWORD PTR [rcx], xmm8
+        movdqa	xmm4, xmm0
+        psrad	xmm4, 31
+        pslld	xmm0, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm0, xmm4
+        add	r12d, 16
+        cmp	r12d, r11d
+        jl	L_AES_XTS_decrypt_update_aesni_dec_16
+        cmp	r12d, eax
+        je	L_AES_XTS_decrypt_update_aesni_done_dec
+L_AES_XTS_decrypt_update_aesni_last_31_start:
+        movdqa	xmm4, xmm0
+        movdqa	xmm7, xmm0
+        psrad	xmm4, 31
+        pslld	xmm7, 1
+        pshufd	xmm4, xmm4, 147
+        pand	xmm4, xmm12
+        pxor	xmm7, xmm4
+        lea	rcx, QWORD PTR [rdi+r12]
+        movdqu	xmm8, OWORD PTR [rcx]
+        pxor	xmm8, xmm7
+        ; aes_dec_block
+        pxor	xmm8, [r10]
+        movdqu	xmm5, OWORD PTR [r10+16]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+32]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+48]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+64]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+80]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+96]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+112]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+128]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+144]
+        aesdec	xmm8, xmm5
+        cmp	r9d, 11
+        movdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+176]
+        aesdec	xmm8, xmm6
+        cmp	r9d, 13
+        movdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+208]
+        aesdec	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_aesni_last_31_aes_dec_block_last:
+        aesdeclast	xmm8, xmm5
+        pxor	xmm8, xmm7
+        movdqu	OWORD PTR [rsp], xmm8
+        add	r12, 16
+        xor	rdx, rdx
+L_AES_XTS_decrypt_update_aesni_last_31_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r12]
+        mov	BYTE PTR [rsi+r12], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r12d
+        inc	edx
+        cmp	r12d, eax
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_byte_loop
+        sub	r12, rdx
+        movdqu	xmm8, OWORD PTR [rsp]
+        pxor	xmm8, xmm0
+        ; aes_dec_block
+        pxor	xmm8, [r10]
+        movdqu	xmm5, OWORD PTR [r10+16]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+32]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+48]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+64]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+80]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+96]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+112]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+128]
+        aesdec	xmm8, xmm5
+        movdqu	xmm5, OWORD PTR [r10+144]
+        aesdec	xmm8, xmm5
+        cmp	r9d, 11
+        movdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+176]
+        aesdec	xmm8, xmm6
+        cmp	r9d, 13
+        movdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last
+        aesdec	xmm8, xmm5
+        movdqu	xmm6, OWORD PTR [r10+208]
+        aesdec	xmm8, xmm6
+        movdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_aesni_last_31_2_aes_dec_block_last:
+        aesdeclast	xmm8, xmm5
+        pxor	xmm8, xmm0
+        sub	r12, 16
+        lea	rcx, QWORD PTR [rsi+r12]
+        movdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_decrypt_update_aesni_done_dec:
+        movdqu	OWORD PTR [r8], xmm0
+        movdqu	xmm6, OWORD PTR [rsp+16]
+        movdqu	xmm7, OWORD PTR [rsp+32]
+        movdqu	xmm8, OWORD PTR [rsp+48]
+        movdqu	xmm9, OWORD PTR [rsp+64]
+        movdqu	xmm10, OWORD PTR [rsp+80]
+        movdqu	xmm11, OWORD PTR [rsp+96]
+        movdqu	xmm12, OWORD PTR [rsp+112]
+        add	rsp, 128
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_decrypt_update_aesni ENDP
+_text ENDS
+IFDEF HAVE_INTEL_AVX1
+_text SEGMENT READONLY PARA
+AES_XTS_init_avx1 PROC
+        mov	eax, r8d
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        ; aes_enc_block
+        vpxor	xmm0, xmm0, [rdx]
+        vmovdqu	xmm2, OWORD PTR [rdx+16]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+32]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+48]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+64]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+80]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+96]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+112]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+128]
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm2, OWORD PTR [rdx+144]
+        vaesenc	xmm0, xmm0, xmm2
+        cmp	eax, 11
+        vmovdqu	xmm2, OWORD PTR [rdx+160]
+        jl	L_AES_XTS_init_avx1_tweak_aes_enc_block_last
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm3, OWORD PTR [rdx+176]
+        vaesenc	xmm0, xmm0, xmm3
+        cmp	eax, 13
+        vmovdqu	xmm2, OWORD PTR [rdx+192]
+        jl	L_AES_XTS_init_avx1_tweak_aes_enc_block_last
+        vaesenc	xmm0, xmm0, xmm2
+        vmovdqu	xmm3, OWORD PTR [rdx+208]
+        vaesenc	xmm0, xmm0, xmm3
+        vmovdqu	xmm2, OWORD PTR [rdx+224]
+L_AES_XTS_init_avx1_tweak_aes_enc_block_last:
+        vaesenclast	xmm0, xmm0, xmm2
+        vmovdqu	OWORD PTR [rcx], xmm0
+        ret
+AES_XTS_init_avx1 ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
+L_avx1_aes_xts_gc_xts DWORD 135,1,1,1
+ptr_L_avx1_aes_xts_gc_xts QWORD L_avx1_aes_xts_gc_xts
+_DATA ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_encrypt_avx1 PROC
+        push	rdi
+        push	rsi
+        push	r12
+        push	r13
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r12, r9
+        mov	r8, QWORD PTR [rsp+72]
+        mov	r9, QWORD PTR [rsp+80]
+        mov	r10d, DWORD PTR [rsp+88]
+        sub	rsp, 176
+        vmovdqu	OWORD PTR [rsp+64], xmm6
+        vmovdqu	OWORD PTR [rsp+80], xmm7
+        vmovdqu	OWORD PTR [rsp+96], xmm8
+        vmovdqu	OWORD PTR [rsp+112], xmm9
+        vmovdqu	OWORD PTR [rsp+128], xmm10
+        vmovdqu	OWORD PTR [rsp+144], xmm11
+        vmovdqu	OWORD PTR [rsp+160], xmm12
+        vmovdqu	xmm12, OWORD PTR L_avx1_aes_xts_gc_xts
+        vmovdqu	xmm0, OWORD PTR [r12]
+        ; aes_enc_block
+        vpxor	xmm0, xmm0, [r9]
+        vmovdqu	xmm5, OWORD PTR [r9+16]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+32]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+48]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+64]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+80]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+96]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+112]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+128]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+144]
+        vaesenc	xmm0, xmm0, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r9+160]
+        jl	L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm6, OWORD PTR [r9+176]
+        vaesenc	xmm0, xmm0, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r9+192]
+        jl	L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm6, OWORD PTR [r9+208]
+        vaesenc	xmm0, xmm0, xmm6
+        vmovdqu	xmm5, OWORD PTR [r9+224]
+L_AES_XTS_encrypt_avx1_tweak_aes_enc_block_last:
+        vaesenclast	xmm0, xmm0, xmm5
+        xor	r13d, r13d
+        cmp	eax, 64
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_avx1_done_64
+        and	r11d, 4294967232
+L_AES_XTS_encrypt_avx1_enc_64:
+        ; 64 bytes of input
+        ; aes_enc_64
+        lea	rcx, QWORD PTR [rdi+r13]
+        lea	rdx, QWORD PTR [rsi+r13]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vmovdqu	xmm9, OWORD PTR [rcx+16]
+        vmovdqu	xmm10, OWORD PTR [rcx+32]
+        vmovdqu	xmm11, OWORD PTR [rcx+48]
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm1, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm1, xmm1, xmm4
+        vpsrad	xmm4, xmm1, 31
+        vpslld	xmm2, xmm1, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm2, xmm2, xmm4
+        vpsrad	xmm4, xmm2, 31
+        vpslld	xmm3, xmm2, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm3, xmm3, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        ; aes_enc_block
+        vmovdqu	xmm4, OWORD PTR [r8]
+        vpxor	xmm8, xmm8, xmm4
+        vpxor	xmm9, xmm9, xmm4
+        vpxor	xmm10, xmm10, xmm4
+        vpxor	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+16]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+32]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+48]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+64]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+80]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+96]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+112]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+128]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+144]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        cmp	r10d, 11
+        vmovdqu	xmm4, OWORD PTR [r8+160]
+        jl	L_AES_XTS_encrypt_avx1_aes_enc_64_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+176]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        cmp	r10d, 13
+        vmovdqu	xmm4, OWORD PTR [r8+192]
+        jl	L_AES_XTS_encrypt_avx1_aes_enc_64_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+208]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+224]
+L_AES_XTS_encrypt_avx1_aes_enc_64_aes_enc_block_last:
+        vaesenclast	xmm8, xmm8, xmm4
+        vaesenclast	xmm9, xmm9, xmm4
+        vaesenclast	xmm10, xmm10, xmm4
+        vaesenclast	xmm11, xmm11, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	OWORD PTR [rdx+16], xmm9
+        vmovdqu	OWORD PTR [rdx+32], xmm10
+        vmovdqu	OWORD PTR [rdx+48], xmm11
+        vpsrad	xmm4, xmm3, 31
+        vpslld	xmm0, xmm3, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r13d, 64
+        cmp	r13d, r11d
+        jl	L_AES_XTS_encrypt_avx1_enc_64
+L_AES_XTS_encrypt_avx1_done_64:
+        cmp	r13d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_encrypt_avx1_done_enc
+        sub	r11d, r13d
+        cmp	r11d, 16
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_avx1_last_15
+        and	r11d, 4294967280
+        ; 16 bytes of input
+L_AES_XTS_encrypt_avx1_enc_16:
+        lea	rcx, QWORD PTR [rdi+r13]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_enc_block
+        vpxor	xmm8, xmm8, [r8]
+        vmovdqu	xmm5, OWORD PTR [r8+16]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+32]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+48]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+64]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+80]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+96]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+112]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+128]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+144]
+        vaesenc	xmm8, xmm8, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_encrypt_avx1_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+176]
+        vaesenc	xmm8, xmm8, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_encrypt_avx1_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+208]
+        vaesenc	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_encrypt_avx1_aes_enc_block_last:
+        vaesenclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r13]
+        vmovdqu	OWORD PTR [rcx], xmm8
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm0, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r13d, 16
+        cmp	r13d, r11d
+        jl	L_AES_XTS_encrypt_avx1_enc_16
+        cmp	r13d, eax
+        je	L_AES_XTS_encrypt_avx1_done_enc
+L_AES_XTS_encrypt_avx1_last_15:
+        sub	r13, 16
+        lea	rcx, QWORD PTR [rsi+r13]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        add	r13, 16
+        vmovdqu	OWORD PTR [rsp], xmm8
+        xor	rdx, rdx
+L_AES_XTS_encrypt_avx1_last_15_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r13]
+        mov	BYTE PTR [rsi+r13], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r13d
+        inc	edx
+        cmp	r13d, eax
+        jl	L_AES_XTS_encrypt_avx1_last_15_byte_loop
+        sub	r13, rdx
+        vmovdqu	xmm8, OWORD PTR [rsp]
+        sub	r13, 16
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_enc_block
+        vpxor	xmm8, xmm8, [r8]
+        vmovdqu	xmm5, OWORD PTR [r8+16]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+32]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+48]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+64]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+80]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+96]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+112]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+128]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+144]
+        vaesenc	xmm8, xmm8, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+176]
+        vaesenc	xmm8, xmm8, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+208]
+        vaesenc	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_encrypt_avx1_last_15_aes_enc_block_last:
+        vaesenclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r13]
+        vmovdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_encrypt_avx1_done_enc:
+        vmovdqu	xmm6, OWORD PTR [rsp+64]
+        vmovdqu	xmm7, OWORD PTR [rsp+80]
+        vmovdqu	xmm8, OWORD PTR [rsp+96]
+        vmovdqu	xmm9, OWORD PTR [rsp+112]
+        vmovdqu	xmm10, OWORD PTR [rsp+128]
+        vmovdqu	xmm11, OWORD PTR [rsp+144]
+        vmovdqu	xmm12, OWORD PTR [rsp+160]
+        add	rsp, 176
+        pop	r13
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_encrypt_avx1 ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_encrypt_update_avx1 PROC
+        push	rdi
+        push	rsi
+        push	r12
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r10, r9
+        mov	r8, QWORD PTR [rsp+64]
+        mov	r9d, DWORD PTR [rsp+72]
+        sub	rsp, 176
+        vmovdqu	OWORD PTR [rsp+64], xmm6
+        vmovdqu	OWORD PTR [rsp+80], xmm7
+        vmovdqu	OWORD PTR [rsp+96], xmm8
+        vmovdqu	OWORD PTR [rsp+112], xmm9
+        vmovdqu	OWORD PTR [rsp+128], xmm10
+        vmovdqu	OWORD PTR [rsp+144], xmm11
+        vmovdqu	OWORD PTR [rsp+160], xmm12
+        vmovdqu	xmm12, OWORD PTR L_avx1_aes_xts_gc_xts
+        vmovdqu	xmm0, OWORD PTR [r8]
+        xor	r12d, r12d
+        cmp	eax, 64
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_update_avx1_done_64
+        and	r11d, 4294967232
+L_AES_XTS_encrypt_update_avx1_enc_64:
+        ; 64 bytes of input
+        ; aes_enc_64
+        lea	rcx, QWORD PTR [rdi+r12]
+        lea	rdx, QWORD PTR [rsi+r12]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vmovdqu	xmm9, OWORD PTR [rcx+16]
+        vmovdqu	xmm10, OWORD PTR [rcx+32]
+        vmovdqu	xmm11, OWORD PTR [rcx+48]
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm1, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm1, xmm1, xmm4
+        vpsrad	xmm4, xmm1, 31
+        vpslld	xmm2, xmm1, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm2, xmm2, xmm4
+        vpsrad	xmm4, xmm2, 31
+        vpslld	xmm3, xmm2, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm3, xmm3, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        ; aes_enc_block
+        vmovdqu	xmm4, OWORD PTR [r10]
+        vpxor	xmm8, xmm8, xmm4
+        vpxor	xmm9, xmm9, xmm4
+        vpxor	xmm10, xmm10, xmm4
+        vpxor	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+16]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+32]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+48]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+64]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+80]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+96]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+112]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+128]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+144]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        cmp	r9d, 11
+        vmovdqu	xmm4, OWORD PTR [r10+160]
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+176]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        cmp	r9d, 13
+        vmovdqu	xmm4, OWORD PTR [r10+192]
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+208]
+        vaesenc	xmm8, xmm8, xmm4
+        vaesenc	xmm9, xmm9, xmm4
+        vaesenc	xmm10, xmm10, xmm4
+        vaesenc	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+224]
+L_AES_XTS_encrypt_update_avx1_aes_enc_64_aes_enc_block_last:
+        vaesenclast	xmm8, xmm8, xmm4
+        vaesenclast	xmm9, xmm9, xmm4
+        vaesenclast	xmm10, xmm10, xmm4
+        vaesenclast	xmm11, xmm11, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	OWORD PTR [rdx+16], xmm9
+        vmovdqu	OWORD PTR [rdx+32], xmm10
+        vmovdqu	OWORD PTR [rdx+48], xmm11
+        vpsrad	xmm4, xmm3, 31
+        vpslld	xmm0, xmm3, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r12d, 64
+        cmp	r12d, r11d
+        jl	L_AES_XTS_encrypt_update_avx1_enc_64
+L_AES_XTS_encrypt_update_avx1_done_64:
+        cmp	r12d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_encrypt_update_avx1_done_enc
+        sub	r11d, r12d
+        cmp	r11d, 16
+        mov	r11d, eax
+        jl	L_AES_XTS_encrypt_update_avx1_last_15
+        and	r11d, 4294967280
+        ; 16 bytes of input
+L_AES_XTS_encrypt_update_avx1_enc_16:
+        lea	rcx, QWORD PTR [rdi+r12]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_enc_block
+        vpxor	xmm8, xmm8, [r10]
+        vmovdqu	xmm5, OWORD PTR [r10+16]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+32]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+48]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+64]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+80]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+96]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+112]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+128]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+144]
+        vaesenc	xmm8, xmm8, xmm5
+        cmp	r9d, 11
+        vmovdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+176]
+        vaesenc	xmm8, xmm8, xmm6
+        cmp	r9d, 13
+        vmovdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_encrypt_update_avx1_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+208]
+        vaesenc	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_encrypt_update_avx1_aes_enc_block_last:
+        vaesenclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r12]
+        vmovdqu	OWORD PTR [rcx], xmm8
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm0, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r12d, 16
+        cmp	r12d, r11d
+        jl	L_AES_XTS_encrypt_update_avx1_enc_16
+        cmp	r12d, eax
+        je	L_AES_XTS_encrypt_update_avx1_done_enc
+L_AES_XTS_encrypt_update_avx1_last_15:
+        sub	r12, 16
+        lea	rcx, QWORD PTR [rsi+r12]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        add	r12, 16
+        vmovdqu	OWORD PTR [rsp], xmm8
+        xor	rdx, rdx
+L_AES_XTS_encrypt_update_avx1_last_15_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r12]
+        mov	BYTE PTR [rsi+r12], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r12d
+        inc	edx
+        cmp	r12d, eax
+        jl	L_AES_XTS_encrypt_update_avx1_last_15_byte_loop
+        sub	r12, rdx
+        vmovdqu	xmm8, OWORD PTR [rsp]
+        sub	r12, 16
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_enc_block
+        vpxor	xmm8, xmm8, [r10]
+        vmovdqu	xmm5, OWORD PTR [r10+16]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+32]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+48]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+64]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+80]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+96]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+112]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+128]
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+144]
+        vaesenc	xmm8, xmm8, xmm5
+        cmp	r9d, 11
+        vmovdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+176]
+        vaesenc	xmm8, xmm8, xmm6
+        cmp	r9d, 13
+        vmovdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last
+        vaesenc	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+208]
+        vaesenc	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_encrypt_update_avx1_last_15_aes_enc_block_last:
+        vaesenclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r12]
+        vmovdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_encrypt_update_avx1_done_enc:
+        vmovdqu	OWORD PTR [r8], xmm0
+        vmovdqu	xmm6, OWORD PTR [rsp+64]
+        vmovdqu	xmm7, OWORD PTR [rsp+80]
+        vmovdqu	xmm8, OWORD PTR [rsp+96]
+        vmovdqu	xmm9, OWORD PTR [rsp+112]
+        vmovdqu	xmm10, OWORD PTR [rsp+128]
+        vmovdqu	xmm11, OWORD PTR [rsp+144]
+        vmovdqu	xmm12, OWORD PTR [rsp+160]
+        add	rsp, 176
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_encrypt_update_avx1 ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_decrypt_avx1 PROC
+        push	rdi
+        push	rsi
+        push	r12
+        push	r13
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r12, r9
+        mov	r8, QWORD PTR [rsp+72]
+        mov	r9, QWORD PTR [rsp+80]
+        mov	r10d, DWORD PTR [rsp+88]
+        sub	rsp, 128
+        vmovdqu	OWORD PTR [rsp+16], xmm6
+        vmovdqu	OWORD PTR [rsp+32], xmm7
+        vmovdqu	OWORD PTR [rsp+48], xmm8
+        vmovdqu	OWORD PTR [rsp+64], xmm9
+        vmovdqu	OWORD PTR [rsp+80], xmm10
+        vmovdqu	OWORD PTR [rsp+96], xmm11
+        vmovdqu	OWORD PTR [rsp+112], xmm12
+        vmovdqu	xmm12, OWORD PTR L_avx1_aes_xts_gc_xts
+        vmovdqu	xmm0, OWORD PTR [r12]
+        ; aes_enc_block
+        vpxor	xmm0, xmm0, [r9]
+        vmovdqu	xmm5, OWORD PTR [r9+16]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+32]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+48]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+64]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+80]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+96]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+112]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+128]
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm5, OWORD PTR [r9+144]
+        vaesenc	xmm0, xmm0, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r9+160]
+        jl	L_AES_XTS_decrypt_avx1_tweak_aes_enc_block_last
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm6, OWORD PTR [r9+176]
+        vaesenc	xmm0, xmm0, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r9+192]
+        jl	L_AES_XTS_decrypt_avx1_tweak_aes_enc_block_last
+        vaesenc	xmm0, xmm0, xmm5
+        vmovdqu	xmm6, OWORD PTR [r9+208]
+        vaesenc	xmm0, xmm0, xmm6
+        vmovdqu	xmm5, OWORD PTR [r9+224]
+L_AES_XTS_decrypt_avx1_tweak_aes_enc_block_last:
+        vaesenclast	xmm0, xmm0, xmm5
+        xor	r13d, r13d
+        mov	r11d, eax
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_avx1_mul16_64
+        sub	r11d, 16
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_avx1_last_31_start
+L_AES_XTS_decrypt_avx1_mul16_64:
+        cmp	r11d, 64
+        jl	L_AES_XTS_decrypt_avx1_done_64
+        and	r11d, 4294967232
+L_AES_XTS_decrypt_avx1_dec_64:
+        ; 64 bytes of input
+        ; aes_dec_64
+        lea	rcx, QWORD PTR [rdi+r13]
+        lea	rdx, QWORD PTR [rsi+r13]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vmovdqu	xmm9, OWORD PTR [rcx+16]
+        vmovdqu	xmm10, OWORD PTR [rcx+32]
+        vmovdqu	xmm11, OWORD PTR [rcx+48]
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm1, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm1, xmm1, xmm4
+        vpsrad	xmm4, xmm1, 31
+        vpslld	xmm2, xmm1, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm2, xmm2, xmm4
+        vpsrad	xmm4, xmm2, 31
+        vpslld	xmm3, xmm2, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm3, xmm3, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        ; aes_dec_block
+        vmovdqu	xmm4, OWORD PTR [r8]
+        vpxor	xmm8, xmm8, xmm4
+        vpxor	xmm9, xmm9, xmm4
+        vpxor	xmm10, xmm10, xmm4
+        vpxor	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+16]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+32]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+48]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+64]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+80]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+96]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+112]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+128]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+144]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        cmp	r10d, 11
+        vmovdqu	xmm4, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_avx1_aes_dec_64_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+176]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        cmp	r10d, 13
+        vmovdqu	xmm4, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_avx1_aes_dec_64_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+208]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_avx1_aes_dec_64_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm4
+        vaesdeclast	xmm9, xmm9, xmm4
+        vaesdeclast	xmm10, xmm10, xmm4
+        vaesdeclast	xmm11, xmm11, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	OWORD PTR [rdx+16], xmm9
+        vmovdqu	OWORD PTR [rdx+32], xmm10
+        vmovdqu	OWORD PTR [rdx+48], xmm11
+        vpsrad	xmm4, xmm3, 31
+        vpslld	xmm0, xmm3, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r13d, 64
+        cmp	r13d, r11d
+        jl	L_AES_XTS_decrypt_avx1_dec_64
+L_AES_XTS_decrypt_avx1_done_64:
+        cmp	r13d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_decrypt_avx1_done_dec
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_avx1_mul16
+        sub	r11d, 16
+        sub	r11d, r13d
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_avx1_last_31_start
+        add	r11d, r13d
+L_AES_XTS_decrypt_avx1_mul16:
+L_AES_XTS_decrypt_avx1_dec_16:
+        ; 16 bytes of input
+        lea	rcx, QWORD PTR [rdi+r13]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_dec_block
+        vpxor	xmm8, xmm8, [r8]
+        vmovdqu	xmm5, OWORD PTR [r8+16]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+32]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+48]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+64]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+80]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+96]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+112]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+128]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+144]
+        vaesdec	xmm8, xmm8, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_avx1_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+176]
+        vaesdec	xmm8, xmm8, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_avx1_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+208]
+        vaesdec	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_avx1_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r13]
+        vmovdqu	OWORD PTR [rcx], xmm8
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm0, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r13d, 16
+        cmp	r13d, r11d
+        jl	L_AES_XTS_decrypt_avx1_dec_16
+        cmp	r13d, eax
+        je	L_AES_XTS_decrypt_avx1_done_dec
+L_AES_XTS_decrypt_avx1_last_31_start:
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm7, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm7, xmm7, xmm4
+        lea	rcx, QWORD PTR [rdi+r13]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vpxor	xmm8, xmm8, xmm7
+        ; aes_dec_block
+        vpxor	xmm8, xmm8, [r8]
+        vmovdqu	xmm5, OWORD PTR [r8+16]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+32]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+48]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+64]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+80]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+96]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+112]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+128]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+144]
+        vaesdec	xmm8, xmm8, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_avx1_last_31_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+176]
+        vaesdec	xmm8, xmm8, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_avx1_last_31_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+208]
+        vaesdec	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_avx1_last_31_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm7
+        vmovdqu	OWORD PTR [rsp], xmm8
+        add	r13, 16
+        xor	rdx, rdx
+L_AES_XTS_decrypt_avx1_last_31_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r13]
+        mov	BYTE PTR [rsi+r13], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r13d
+        inc	edx
+        cmp	r13d, eax
+        jl	L_AES_XTS_decrypt_avx1_last_31_byte_loop
+        sub	r13, rdx
+        vmovdqu	xmm8, OWORD PTR [rsp]
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_dec_block
+        vpxor	xmm8, xmm8, [r8]
+        vmovdqu	xmm5, OWORD PTR [r8+16]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+32]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+48]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+64]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+80]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+96]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+112]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+128]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r8+144]
+        vaesdec	xmm8, xmm8, xmm5
+        cmp	r10d, 11
+        vmovdqu	xmm5, OWORD PTR [r8+160]
+        jl	L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+176]
+        vaesdec	xmm8, xmm8, xmm6
+        cmp	r10d, 13
+        vmovdqu	xmm5, OWORD PTR [r8+192]
+        jl	L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r8+208]
+        vaesdec	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r8+224]
+L_AES_XTS_decrypt_avx1_last_31_2_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        sub	r13, 16
+        lea	rcx, QWORD PTR [rsi+r13]
+        vmovdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_decrypt_avx1_done_dec:
+        vmovdqu	xmm6, OWORD PTR [rsp+16]
+        vmovdqu	xmm7, OWORD PTR [rsp+32]
+        vmovdqu	xmm8, OWORD PTR [rsp+48]
+        vmovdqu	xmm9, OWORD PTR [rsp+64]
+        vmovdqu	xmm10, OWORD PTR [rsp+80]
+        vmovdqu	xmm11, OWORD PTR [rsp+96]
+        vmovdqu	xmm12, OWORD PTR [rsp+112]
+        add	rsp, 128
+        pop	r13
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_decrypt_avx1 ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+AES_XTS_decrypt_update_avx1 PROC
+        push	rdi
+        push	rsi
+        push	r12
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rax, r8
+        mov	r10, r9
+        mov	r8, QWORD PTR [rsp+64]
+        mov	r9d, DWORD PTR [rsp+72]
+        sub	rsp, 128
+        vmovdqu	OWORD PTR [rsp+16], xmm6
+        vmovdqu	OWORD PTR [rsp+32], xmm7
+        vmovdqu	OWORD PTR [rsp+48], xmm8
+        vmovdqu	OWORD PTR [rsp+64], xmm9
+        vmovdqu	OWORD PTR [rsp+80], xmm10
+        vmovdqu	OWORD PTR [rsp+96], xmm11
+        vmovdqu	OWORD PTR [rsp+112], xmm12
+        vmovdqu	xmm12, OWORD PTR L_avx1_aes_xts_gc_xts
+        vmovdqu	xmm0, OWORD PTR [r8]
+        xor	r12d, r12d
+        mov	r11d, eax
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_update_avx1_mul16_64
+        sub	r11d, 16
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_start
+L_AES_XTS_decrypt_update_avx1_mul16_64:
+        cmp	r11d, 64
+        jl	L_AES_XTS_decrypt_update_avx1_done_64
+        and	r11d, 4294967232
+L_AES_XTS_decrypt_update_avx1_dec_64:
+        ; 64 bytes of input
+        ; aes_dec_64
+        lea	rcx, QWORD PTR [rdi+r12]
+        lea	rdx, QWORD PTR [rsi+r12]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vmovdqu	xmm9, OWORD PTR [rcx+16]
+        vmovdqu	xmm10, OWORD PTR [rcx+32]
+        vmovdqu	xmm11, OWORD PTR [rcx+48]
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm1, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm1, xmm1, xmm4
+        vpsrad	xmm4, xmm1, 31
+        vpslld	xmm2, xmm1, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm2, xmm2, xmm4
+        vpsrad	xmm4, xmm2, 31
+        vpslld	xmm3, xmm2, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm3, xmm3, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        ; aes_dec_block
+        vmovdqu	xmm4, OWORD PTR [r10]
+        vpxor	xmm8, xmm8, xmm4
+        vpxor	xmm9, xmm9, xmm4
+        vpxor	xmm10, xmm10, xmm4
+        vpxor	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+16]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+32]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+48]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+64]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+80]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+96]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+112]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+128]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+144]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        cmp	r9d, 11
+        vmovdqu	xmm4, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+176]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        cmp	r9d, 13
+        vmovdqu	xmm4, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+208]
+        vaesdec	xmm8, xmm8, xmm4
+        vaesdec	xmm9, xmm9, xmm4
+        vaesdec	xmm10, xmm10, xmm4
+        vaesdec	xmm11, xmm11, xmm4
+        vmovdqu	xmm4, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_avx1_aes_dec_64_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm4
+        vaesdeclast	xmm9, xmm9, xmm4
+        vaesdeclast	xmm10, xmm10, xmm4
+        vaesdeclast	xmm11, xmm11, xmm4
+        vpxor	xmm8, xmm8, xmm0
+        vpxor	xmm9, xmm9, xmm1
+        vpxor	xmm10, xmm10, xmm2
+        vpxor	xmm11, xmm11, xmm3
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	OWORD PTR [rdx+16], xmm9
+        vmovdqu	OWORD PTR [rdx+32], xmm10
+        vmovdqu	OWORD PTR [rdx+48], xmm11
+        vpsrad	xmm4, xmm3, 31
+        vpslld	xmm0, xmm3, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r12d, 64
+        cmp	r12d, r11d
+        jl	L_AES_XTS_decrypt_update_avx1_dec_64
+L_AES_XTS_decrypt_update_avx1_done_64:
+        cmp	r12d, eax
+        mov	r11d, eax
+        je	L_AES_XTS_decrypt_update_avx1_done_dec
+        and	r11d, 4294967280
+        cmp	r11d, eax
+        je	L_AES_XTS_decrypt_update_avx1_mul16
+        sub	r11d, 16
+        sub	r11d, r12d
+        cmp	r11d, 16
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_start
+        add	r11d, r12d
+L_AES_XTS_decrypt_update_avx1_mul16:
+L_AES_XTS_decrypt_update_avx1_dec_16:
+        ; 16 bytes of input
+        lea	rcx, QWORD PTR [rdi+r12]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_dec_block
+        vpxor	xmm8, xmm8, [r10]
+        vmovdqu	xmm5, OWORD PTR [r10+16]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+32]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+48]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+64]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+80]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+96]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+112]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+128]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+144]
+        vaesdec	xmm8, xmm8, xmm5
+        cmp	r9d, 11
+        vmovdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+176]
+        vaesdec	xmm8, xmm8, xmm6
+        cmp	r9d, 13
+        vmovdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_avx1_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+208]
+        vaesdec	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_avx1_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        lea	rcx, QWORD PTR [rsi+r12]
+        vmovdqu	OWORD PTR [rcx], xmm8
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm0, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm0, xmm0, xmm4
+        add	r12d, 16
+        cmp	r12d, r11d
+        jl	L_AES_XTS_decrypt_update_avx1_dec_16
+        cmp	r12d, eax
+        je	L_AES_XTS_decrypt_update_avx1_done_dec
+L_AES_XTS_decrypt_update_avx1_last_31_start:
+        vpsrad	xmm4, xmm0, 31
+        vpslld	xmm7, xmm0, 1
+        vpshufd	xmm4, xmm4, 147
+        vpand	xmm4, xmm4, xmm12
+        vpxor	xmm7, xmm7, xmm4
+        lea	rcx, QWORD PTR [rdi+r12]
+        vmovdqu	xmm8, OWORD PTR [rcx]
+        vpxor	xmm8, xmm8, xmm7
+        ; aes_dec_block
+        vpxor	xmm8, xmm8, [r10]
+        vmovdqu	xmm5, OWORD PTR [r10+16]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+32]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+48]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+64]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+80]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+96]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+112]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+128]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+144]
+        vaesdec	xmm8, xmm8, xmm5
+        cmp	r9d, 11
+        vmovdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+176]
+        vaesdec	xmm8, xmm8, xmm6
+        cmp	r9d, 13
+        vmovdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+208]
+        vaesdec	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_avx1_last_31_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm7
+        vmovdqu	OWORD PTR [rsp], xmm8
+        add	r12, 16
+        xor	rdx, rdx
+L_AES_XTS_decrypt_update_avx1_last_31_byte_loop:
+        mov	r11b, BYTE PTR [rsp+rdx]
+        mov	cl, BYTE PTR [rdi+r12]
+        mov	BYTE PTR [rsi+r12], r11b
+        mov	BYTE PTR [rsp+rdx], cl
+        inc	r12d
+        inc	edx
+        cmp	r12d, eax
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_byte_loop
+        sub	r12, rdx
+        vmovdqu	xmm8, OWORD PTR [rsp]
+        vpxor	xmm8, xmm8, xmm0
+        ; aes_dec_block
+        vpxor	xmm8, xmm8, [r10]
+        vmovdqu	xmm5, OWORD PTR [r10+16]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+32]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+48]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+64]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+80]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+96]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+112]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+128]
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm5, OWORD PTR [r10+144]
+        vaesdec	xmm8, xmm8, xmm5
+        cmp	r9d, 11
+        vmovdqu	xmm5, OWORD PTR [r10+160]
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+176]
+        vaesdec	xmm8, xmm8, xmm6
+        cmp	r9d, 13
+        vmovdqu	xmm5, OWORD PTR [r10+192]
+        jl	L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last
+        vaesdec	xmm8, xmm8, xmm5
+        vmovdqu	xmm6, OWORD PTR [r10+208]
+        vaesdec	xmm8, xmm8, xmm6
+        vmovdqu	xmm5, OWORD PTR [r10+224]
+L_AES_XTS_decrypt_update_avx1_last_31_2_aes_dec_block_last:
+        vaesdeclast	xmm8, xmm8, xmm5
+        vpxor	xmm8, xmm8, xmm0
+        sub	r12, 16
+        lea	rcx, QWORD PTR [rsi+r12]
+        vmovdqu	OWORD PTR [rcx], xmm8
+L_AES_XTS_decrypt_update_avx1_done_dec:
+        vmovdqu	OWORD PTR [r8], xmm0
+        vmovdqu	xmm6, OWORD PTR [rsp+16]
+        vmovdqu	xmm7, OWORD PTR [rsp+32]
+        vmovdqu	xmm8, OWORD PTR [rsp+48]
+        vmovdqu	xmm9, OWORD PTR [rsp+64]
+        vmovdqu	xmm10, OWORD PTR [rsp+80]
+        vmovdqu	xmm11, OWORD PTR [rsp+96]
+        vmovdqu	xmm12, OWORD PTR [rsp+112]
+        add	rsp, 128
+        pop	r12
+        pop	rsi
+        pop	rdi
+        ret
+AES_XTS_decrypt_update_avx1 ENDP
+_text ENDS
+ENDIF
+END
diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c
index af298a0d2..1b0d1ea08 100644
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@@ -1,6 +1,6 @@
 /* arc4.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ascon.c b/wolfcrypt/src/ascon.c
new file mode 100644
index 000000000..d5eb451d7
--- /dev/null
+++ b/wolfcrypt/src/ascon.c
@@ -0,0 +1,527 @@
+/* ascon.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_ASCON
+
+#include <wolfssl/wolfcrypt/ascon.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/*
+ * Implementation of the ASCON AEAD and HASH algorithms. Based on the NIST
+ * Initial Public Draft "NIST SP 800-232 ipd" and reference implementation found
+ * at https://github.com/ascon/ascon-c.
+ */
+
+/*
+ * TODO
+ * - Add support for big-endian systems
+ * - Add support for 32-bit and smaller systems */
+
+#ifndef WORD64_AVAILABLE
+    #error "Ascon implementation requires a 64-bit word"
+#endif
+
+/* Data block size in bytes */
+#define ASCON_HASH256_RATE                              8
+#define ASCON_HASH256_ROUNDS                           12
+#define ASCON_HASH256_IV            0x0000080100CC0002ULL
+
+#define ASCON_AEAD128_ROUNDS_PA                        12
+#define ASCON_AEAD128_ROUNDS_PB                         8
+#define ASCON_AEAD128_IV            0x00001000808C0001ULL
+#define ASCON_AEAD128_RATE                             16
+
+#define MAX_ROUNDS 12
+
+#ifndef WOLFSSL_ASCON_UNROLL
+
+/* Table 5 */
+static const byte round_constants[MAX_ROUNDS] = {
+    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b
+};
+
+static byte start_index(byte rounds)
+{
+    switch (rounds) {
+        case 8:
+            return 4;
+        case 12:
+            return 0;
+        default:
+            WOLFSSL_MSG("Something went wrong in wolfCrypt logic. Wrong ASCON "
+                        "rounds value.");
+            return MAX_ROUNDS;
+    }
+}
+
+static WC_INLINE void ascon_round(AsconState* a, byte round)
+{
+    word64 tmp0, tmp1, tmp2, tmp3, tmp4;
+    /* 3.2 Constant-Addition Layer */
+    a->s64[2] ^= round_constants[round];
+    /* 3.3 Substitution Layer */
+    a->s64[0] ^= a->s64[4];
+    a->s64[4] ^= a->s64[3];
+    a->s64[2] ^= a->s64[1];
+    tmp0 = a->s64[0] ^ (~a->s64[1] & a->s64[2]);
+    tmp2 = a->s64[2] ^ (~a->s64[3] & a->s64[4]);
+    tmp4 = a->s64[4] ^ (~a->s64[0] & a->s64[1]);
+    tmp1 = a->s64[1] ^ (~a->s64[2] & a->s64[3]);
+    tmp3 = a->s64[3] ^ (~a->s64[4] & a->s64[0]);
+    tmp1 ^= tmp0;
+    tmp3 ^= tmp2;
+    tmp0 ^= tmp4;
+    tmp2 = ~tmp2;
+    /* 3.4 Linear Diffusion Layer */
+    a->s64[4] = tmp4 ^ rotrFixed64(tmp4,  7) ^ rotrFixed64(tmp4, 41);
+    a->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39);
+    a->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17);
+    a->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28);
+    a->s64[2] = tmp2 ^ rotrFixed64(tmp2,  1) ^ rotrFixed64(tmp2,  6);
+}
+
+static void permutation(AsconState* a, byte rounds)
+{
+    byte i = start_index(rounds);
+    for (; i < MAX_ROUNDS; i++) {
+        ascon_round(a, i);
+    }
+}
+
+#else
+
+#define p(a, c) do {                                                           \
+    word64 tmp0, tmp1, tmp2, tmp3, tmp4;                                       \
+    /* 3.2 Constant-Addition Layer */                                          \
+    (a)->s64[2] ^= c;                                                          \
+    /* 3.3 Substitution Layer */                                               \
+    (a)->s64[0] ^= (a)->s64[4];                                                \
+    (a)->s64[4] ^= (a)->s64[3];                                                \
+    (a)->s64[2] ^= (a)->s64[1];                                                \
+    tmp0 = (a)->s64[0] ^ (~(a)->s64[1] & (a)->s64[2]);                         \
+    tmp2 = (a)->s64[2] ^ (~(a)->s64[3] & (a)->s64[4]);                         \
+    tmp4 = (a)->s64[4] ^ (~(a)->s64[0] & (a)->s64[1]);                         \
+    tmp1 = (a)->s64[1] ^ (~(a)->s64[2] & (a)->s64[3]);                         \
+    tmp3 = (a)->s64[3] ^ (~(a)->s64[4] & (a)->s64[0]);                         \
+    tmp1 ^= tmp0;                                                              \
+    tmp3 ^= tmp2;                                                              \
+    tmp0 ^= tmp4;                                                              \
+    tmp2 = ~tmp2;                                                              \
+    /* 3.4 Linear Diffusion Layer */                                           \
+    (a)->s64[4] = tmp4 ^ rotrFixed64(tmp4,  7) ^ rotrFixed64(tmp4, 41);        \
+    (a)->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39);        \
+    (a)->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17);        \
+    (a)->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28);        \
+    (a)->s64[2] = tmp2 ^ rotrFixed64(tmp2,  1) ^ rotrFixed64(tmp2,  6);        \
+} while (0)
+
+#define p8(a) \
+    p(a, 0xb4); \
+    p(a, 0xa5); \
+    p(a, 0x96); \
+    p(a, 0x87); \
+    p(a, 0x78); \
+    p(a, 0x69); \
+    p(a, 0x5a); \
+    p(a, 0x4b)
+
+#define p12(a) \
+    p(a, 0xf0); \
+    p(a, 0xe1); \
+    p(a, 0xd2); \
+    p(a, 0xc3); \
+    p8(a)
+
+/* Needed layer to evaluate the macro values */
+#define _permutation(a, rounds) \
+    p ## rounds(a)
+
+#define permutation(a, rounds) \
+    _permutation(a, rounds)
+
+#endif
+
+/* AsconHash API */
+
+wc_AsconHash256* wc_AsconHash256_New(void)
+{
+    wc_AsconHash256* ret = (wc_AsconHash256*)XMALLOC(sizeof(wc_AsconHash256),
+            NULL, DYNAMIC_TYPE_ASCON);
+    if (ret != NULL) {
+        if (wc_AsconHash256_Init(ret) != 0) {
+            wc_AsconHash256_Free(ret);
+            ret = NULL;
+        }
+    }
+    return ret;
+}
+
+void wc_AsconHash256_Free(wc_AsconHash256* a)
+{
+    if (a != NULL) {
+        wc_AsconHash256_Clear(a);
+        XFREE(a, NULL, DYNAMIC_TYPE_ASCON);
+    }
+}
+
+int wc_AsconHash256_Init(wc_AsconHash256* a)
+{
+    if (a == NULL)
+        return BAD_FUNC_ARG;
+
+    XMEMSET(a, 0, sizeof(*a));
+
+    a->state.s64[0] = ASCON_HASH256_IV;
+    permutation(&a->state, ASCON_HASH256_ROUNDS);
+
+    return 0;
+}
+
+void wc_AsconHash256_Clear(wc_AsconHash256* a)
+{
+    if (a != NULL) {
+        ForceZero(a, sizeof(*a));
+    }
+}
+
+int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, word32 dataSz)
+{
+    if (a == NULL || (data == NULL && dataSz != 0))
+        return BAD_FUNC_ARG;
+
+    if (dataSz == 0)
+        return 0;
+
+    /* Process leftover block */
+    if (a->lastBlkSz != 0) {
+        word32 toProcess = min(ASCON_HASH256_RATE - a->lastBlkSz, dataSz);
+        xorbuf(a->state.s8 + a->lastBlkSz, data, toProcess);
+        data += toProcess;
+        dataSz -= toProcess;
+        a->lastBlkSz += toProcess;
+
+        if (a->lastBlkSz < ASCON_HASH256_RATE)
+            return 0;
+
+        permutation(&a->state, ASCON_HASH256_ROUNDS);
+        /* Reset the counter */
+        a->lastBlkSz = 0;
+    }
+
+    while (dataSz >= ASCON_HASH256_RATE) {
+        /* Read in input as little endian numbers */
+        xorbuf(a->state.s64, data, ASCON_HASH256_RATE);
+        permutation(&a->state, ASCON_HASH256_ROUNDS);
+        data += ASCON_HASH256_RATE;
+        dataSz -= ASCON_HASH256_RATE;
+    }
+
+    xorbuf(a->state.s64, data, dataSz);
+    a->lastBlkSz = dataSz;
+
+    return 0;
+}
+
+int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash)
+{
+    byte i;
+
+    if (a == NULL || hash == NULL)
+        return BAD_FUNC_ARG;
+
+    /* Process last block */
+    a->state.s8[a->lastBlkSz] ^= 1;
+
+    for (i = 0; i < ASCON_HASH256_SZ; i += ASCON_HASH256_RATE) {
+        permutation(&a->state, ASCON_HASH256_ROUNDS);
+        XMEMCPY(hash, a->state.s64, ASCON_HASH256_RATE);
+        hash += ASCON_HASH256_RATE;
+    }
+
+    /* Clear state as soon as possible */
+    wc_AsconHash256_Clear(a);
+    return 0;
+}
+
+/* AsconAEAD API */
+
+wc_AsconAEAD128* wc_AsconAEAD128_New(void)
+{
+    wc_AsconAEAD128 *ret = (wc_AsconAEAD128*) XMALLOC(sizeof(wc_AsconAEAD128),
+            NULL, DYNAMIC_TYPE_ASCON);
+    if (ret != NULL) {
+        if (wc_AsconAEAD128_Init(ret) != 0) {
+            wc_AsconAEAD128_Free(ret);
+            ret = NULL;
+        }
+    }
+    return ret;
+}
+
+void wc_AsconAEAD128_Free(wc_AsconAEAD128 *a)
+{
+    if (a != NULL) {
+        wc_AsconAEAD128_Clear(a);
+        XFREE(a, NULL, DYNAMIC_TYPE_ASCON);
+    }
+}
+
+int wc_AsconAEAD128_Init(wc_AsconAEAD128 *a)
+{
+    if (a == NULL)
+        return BAD_FUNC_ARG;
+
+    XMEMSET(a, 0, sizeof(*a));
+    a->state.s64[0] = ASCON_AEAD128_IV;
+
+    return 0;
+}
+
+void wc_AsconAEAD128_Clear(wc_AsconAEAD128 *a)
+{
+    if (a != NULL) {
+        ForceZero(a, sizeof(*a));
+    }
+}
+
+int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key)
+{
+    if (a == NULL || key == NULL)
+        return BAD_FUNC_ARG;
+    if (a->keySet)
+        return BAD_STATE_E;
+
+    XMEMCPY(a->key, key, ASCON_AEAD128_KEY_SZ);
+    a->state.s64[1] = a->key[0];
+    a->state.s64[2] = a->key[1];
+    a->keySet = 1;
+
+    return 0;
+}
+
+int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce)
+{
+    if (a == NULL || nonce == NULL)
+        return BAD_FUNC_ARG;
+    if (a->nonceSet)
+        return BAD_STATE_E;
+
+    XMEMCPY(&a->state.s64[3], nonce, ASCON_AEAD128_NONCE_SZ);
+    a->nonceSet = 1;
+
+    return 0;
+}
+
+int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad,
+                                      word32 adSz)
+{
+    if (a == NULL || (ad == NULL && adSz > 0))
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet) /* key and nonce must be set before */
+        return BAD_STATE_E;
+
+    permutation(&a->state, ASCON_AEAD128_ROUNDS_PA);
+    a->state.s64[3] ^= a->key[0];
+    a->state.s64[4] ^= a->key[1];
+
+    if (adSz > 0) {
+        while (adSz >= ASCON_AEAD128_RATE) {
+            xorbuf(a->state.s64, ad, ASCON_AEAD128_RATE);
+            permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+            ad += ASCON_AEAD128_RATE;
+            adSz -= ASCON_AEAD128_RATE;
+        }
+        xorbuf(a->state.s64, ad, adSz);
+        /* Pad the last block */
+        a->state.s8[adSz] ^= 1;
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+    }
+    a->state.s64[4] ^= 1ULL << 63;
+
+    a->adSet = 1;
+    return 0;
+}
+
+int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                  const byte* in, word32 inSz)
+{
+    if (a == NULL || (in == NULL && inSz > 0))
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op == ASCON_AEAD128_NOTSET)
+        a->op = ASCON_AEAD128_ENCRYPT;
+    else if (a->op != ASCON_AEAD128_ENCRYPT)
+        return BAD_STATE_E;
+
+    /* Process leftover from last block */
+    if (a->lastBlkSz != 0) {
+        word32 toProcess = min(ASCON_AEAD128_RATE - a->lastBlkSz, inSz);
+        xorbuf(&a->state.s8[a->lastBlkSz], in, toProcess);
+        XMEMCPY(out, &a->state.s8[a->lastBlkSz], toProcess);
+        a->lastBlkSz += toProcess;
+        in += toProcess;
+        out += toProcess;
+        inSz -= toProcess;
+
+        if (a->lastBlkSz < ASCON_AEAD128_RATE)
+            return 0;
+
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        a->lastBlkSz = 0;
+    }
+
+    while (inSz >= ASCON_AEAD128_RATE) {
+        xorbuf(a->state.s64, in, ASCON_AEAD128_RATE);
+        XMEMCPY(out, a->state.s64, ASCON_AEAD128_RATE);
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        in += ASCON_AEAD128_RATE;
+        out += ASCON_AEAD128_RATE;
+        inSz -= ASCON_AEAD128_RATE;
+    }
+    /* Store leftover */
+    xorbuf(a->state.s64, in, inSz);
+    XMEMCPY(out, a->state.s64, inSz);
+    a->lastBlkSz = inSz;
+
+    return 0;
+}
+
+
+int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag)
+{
+    if (a == NULL || tag == NULL)
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op != ASCON_AEAD128_ENCRYPT)
+        return BAD_STATE_E;
+
+    /* Process leftover from last block */
+    a->state.s8[a->lastBlkSz] ^= 1;
+
+    a->state.s64[2] ^= a->key[0];
+    a->state.s64[3] ^= a->key[1];
+    permutation(&a->state, ASCON_AEAD128_ROUNDS_PA);
+    a->state.s64[3] ^= a->key[0];
+    a->state.s64[4] ^= a->key[1];
+
+    XMEMCPY(tag, &a->state.s64[3], ASCON_AEAD128_TAG_SZ);
+
+    /* Clear state as soon as possible */
+    wc_AsconAEAD128_Clear(a);
+
+    return 0;
+
+}
+
+
+int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                  const byte* in, word32 inSz)
+{
+    if (a == NULL || (in == NULL && inSz > 0))
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op == ASCON_AEAD128_NOTSET)
+        a->op = ASCON_AEAD128_DECRYPT;
+    else if (a->op != ASCON_AEAD128_DECRYPT)
+        return BAD_STATE_E;
+
+    /* Process leftover block */
+    if (a->lastBlkSz != 0) {
+        word32 toProcess = min(ASCON_AEAD128_RATE - a->lastBlkSz, inSz);
+        xorbufout(out, a->state.s8 + a->lastBlkSz, in, toProcess);
+        XMEMCPY(a->state.s8 + a->lastBlkSz, in, toProcess);
+        in += toProcess;
+        out += toProcess;
+        inSz -= toProcess;
+        a->lastBlkSz += toProcess;
+
+        if (a->lastBlkSz < ASCON_AEAD128_RATE)
+            return 0;
+
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        a->lastBlkSz = 0;
+    }
+
+    while (inSz >= ASCON_AEAD128_RATE) {
+        xorbufout(out, a->state.s64, in, ASCON_AEAD128_RATE);
+        XMEMCPY(a->state.s64, in, ASCON_AEAD128_RATE);
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        in += ASCON_AEAD128_RATE;
+        out += ASCON_AEAD128_RATE;
+        inSz -= ASCON_AEAD128_RATE;
+    }
+    /* Store leftover */
+    xorbufout(out, a->state.s64, in, inSz);
+    XMEMCPY(a->state.s64, in, inSz);
+    a->lastBlkSz = inSz;
+
+    return 0;
+}
+
+int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag)
+{
+    if (a == NULL || tag == NULL)
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op != ASCON_AEAD128_DECRYPT)
+        return BAD_STATE_E;
+
+    /* Pad last block */
+    a->state.s8[a->lastBlkSz] ^= 1;
+
+    a->state.s64[2] ^= a->key[0];
+    a->state.s64[3] ^= a->key[1];
+    permutation(&a->state, ASCON_AEAD128_ROUNDS_PA);
+    a->state.s64[3] ^= a->key[0];
+    a->state.s64[4] ^= a->key[1];
+
+    if (ConstantCompare(tag, (const byte*)&a->state.s64[3],
+                        ASCON_AEAD128_TAG_SZ) != 0)
+        return ASCON_AUTH_E;
+
+    /* Clear state as soon as possible */
+    wc_AsconAEAD128_Clear(a);
+
+    return 0;
+}
+
+#endif /* HAVE_ASCON */
diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index c735ebfe4..69f34b562 100644
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -1,6 +1,6 @@
 /* asm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -529,6 +529,27 @@ __asm__(                           \
 #define LOOP_START \
    mu = c[x] * mp
 
+#ifdef __APPLE__
+
+#define INNERMUL                     \
+__asm__(                             \
+   " mullw    r16,%3,%4       \n\t"  \
+   " mulhwu   r17,%3,%4       \n\t"  \
+   " addc     r16,r16,%2      \n\t"  \
+   " addze    r17,r17         \n\t"  \
+   " addc     %1,r16,%5       \n\t"  \
+   " addze    %0,r17          \n\t"  \
+:"=r"(cy),"=r"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"r16", "r17", "cc"); ++tmpm;
+
+#define PROPCARRY                    \
+__asm__(                             \
+   " addc     %1,%3,%2      \n\t"    \
+   " xor      %0,%2,%2      \n\t"    \
+   " addze    %0,%2         \n\t"    \
+:"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc");
+
+#else
+
 #define INNERMUL                     \
 __asm__(                             \
    " mullw    16,%3,%4       \n\t"   \
@@ -546,6 +567,8 @@ __asm__(                             \
    " addze    %0,%2         \n\t"    \
 :"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc");
 
+#endif
+
 #elif defined(TFM_PPC64)
 
 /* PPC64 */
@@ -555,6 +578,8 @@ __asm__(                             \
 #define LOOP_START \
    mu = c[x] * mp
 
+#ifdef __APPLE__
+
 #define INNERMUL                      \
 __asm__(                              \
    " mulld    r16,%3,%4       \n\t"   \
@@ -576,6 +601,31 @@ __asm__(                              \
    " addze    %0,%0          \n\t"    \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r16","cc");
 
+#else
+
+#define INNERMUL                     \
+__asm__(                             \
+   " mulld    16,%3,%4       \n\t"   \
+   " mulhdu   17,%3,%4       \n\t"   \
+   " addc     16,16,%0       \n\t"   \
+   " addze    17,17          \n\t"   \
+   " ldx      18,0,%1        \n\t"   \
+   " addc     16,16,18       \n\t"   \
+   " addze    %0,17          \n\t"   \
+   " sdx      16,0,%1        \n\t"   \
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;
+
+#define PROPCARRY                    \
+__asm__(                             \
+   " ldx      16,0,%1       \n\t"    \
+   " addc     16,16,%0      \n\t"    \
+   " sdx      16,0,%1       \n\t"    \
+   " xor      %0,%0,%0      \n\t"    \
+   " addze    %0,%0         \n\t"    \
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");
+
+#endif
+
 /******************************************************************/
 
 #elif defined(TFM_AVR32)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 67e46de0e..224f8819a 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1,6 +1,6 @@
 /* asn.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,6 +56,8 @@ ASN Options:
  * WOLFSSL_CERT_GEN: Cert generation. Saves extra certificate info in GetName.
  * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to
     restore 3.13.0 behavior.
+ * WOLFSSL_ASN_ALLOW_0_SERIAL: Even if WOLFSSL_NO_ASN_STRICT is not defined,
+    allow a length=1, but zero value serial number.
  * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer
     must still be trusted)
  * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert
@@ -100,6 +102,11 @@ ASN Options:
  *  which is discouraged by X.690 specification - default values shall not
  *  be encoded.
  * NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
+ * WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature
+ *  algorithms in certificates to have NULL parameter instead of empty.
+ *  DO NOT enable this unless required for interoperability.
+ * WOLFSSL_ASN_EXTRA: Make more ASN.1 APIs available regardless of internal
+ *  usage.
 */
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -166,16 +173,14 @@ ASN Options:
     #include <wolfssl/wolfcrypt/curve448.h>
 #endif
 
-#ifdef HAVE_PQC
-    #if defined(HAVE_FALCON)
+#if defined(HAVE_FALCON)
     #include <wolfssl/wolfcrypt/falcon.h>
-    #endif
-    #if defined(HAVE_DILITHIUM)
+#endif
+#if defined(HAVE_DILITHIUM)
     #include <wolfssl/wolfcrypt/dilithium.h>
-    #endif
-    #if defined(HAVE_SPHINCS)
+#endif
+#if defined(HAVE_SPHINCS)
     #include <wolfssl/wolfcrypt/sphincs.h>
-    #endif
 #endif
 
 #ifdef WOLFSSL_QNX_CAAM
@@ -1065,6 +1070,16 @@ static int GetASN_Integer(const byte* input, word32 idx, int length,
         #endif
         }
     }
+    /* check for invalid padding on negative integer.
+     * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
+     */
+    else if ((length > 1) && (input[idx] == 0xff) &&
+             ((input[idx + 1] & 0x80) != 0)) {
+        WOLFSSL_MSG("Bad INTEGER encoding of negative");
+    #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
+        return ASN_EXPECT_0_E;
+    #endif /* WOLFSSL_ASN_INT_LEAD_0_ANY */
+    }
     /* Check whether a leading zero byte was required. */
     else if (positive && (input[idx] & 0x80)) {
         WOLFSSL_MSG("INTEGER is negative");
@@ -1084,7 +1099,7 @@ static int GetASN_Integer(const byte* input, word32 idx, int length,
  * @return  0 on success.
  * @return  ASN_PARSE_E when unused bits is invalid.
  */
-static int GetASN_BitString(const byte* input, word32 idx, int length)
+int GetASN_BitString(const byte* input, word32 idx, int length)
 {
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
@@ -1116,6 +1131,100 @@ static int GetASN_BitString(const byte* input, word32 idx, int length)
     return 0;
 }
 
+#ifndef WOLFSSL_NO_ASN_STRICT
+/* Check a UTF8STRING's data is valid.
+ *
+ * @param [in] input   BER encoded data.
+ * @param [in] idx     Index of UTF8STRING data.
+ * @param [in] length  Length of input data.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when data is invalid.
+ */
+static int GetASN_UTF8String(const byte* input, word32 idx, int length)
+{
+    int ret = 0;
+    word32 i = 0;
+
+    while ((ret == 0) && ((int)i < length)) {
+        int cnt;
+
+        /* Check code points and get count of following bytes. */
+        if ((input[idx + i] & 0x80) == 0x00) {
+            cnt = 0;
+        }
+        else if ((input[idx + i] & 0xe0) == 0xc0) {
+            cnt = 1;
+        }
+        else if ((input[idx + i] & 0xf0) == 0xe0) {
+            cnt = 2;
+        }
+        else if ((input[idx + i] & 0xf8) == 0xf0) {
+            cnt = 3;
+        }
+        else {
+            WOLFSSL_MSG("Invalid character in UTF8STRING\n");
+            ret = ASN_PARSE_E;
+            break;
+        }
+
+        /* Have checked first byte. */
+        i++;
+        /* Check each following byte. */
+        for (; cnt > 0; cnt--) {
+            /* Check we have enough data. */
+            if ((int)i == length) {
+                WOLFSSL_MSG("Missing character in UTF8STRING\n");
+                ret = ASN_PARSE_E;
+                break;
+            }
+            /* Check following byte has top bit set. */
+            if ((input[idx + i] & 0x80) != 0x80) {
+                WOLFSSL_MSG("Invalid character in UTF8STRING\n");
+                ret = ASN_PARSE_E;
+                break;
+            }
+            i++;
+        }
+    }
+
+    return ret;
+}
+#endif
+
+/* Check an OBJECT IDENTIFIER's data is valid.
+ *
+ * X.690 8.19
+ *
+ * @param [in] input   BER encoded data.
+ * @param [in] idx     Index of OBJECT IDENTIFIER data.
+ * @param [in] length  Length of input data.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when data is invalid.
+ */
+static int GetASN_ObjectId(const byte* input, word32 idx, int length)
+{
+    int ret = 0;
+
+    /* OID data must be at least 3 bytes. */
+    if (length < 3) {
+    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", length);
+    #else
+        WOLFSSL_MSG("OID length less than 3");
+    #endif
+        ret = ASN_PARSE_E;
+    }
+    /* Last octet of a sub-identifier has bit 8 clear. Last octet must be last
+     * of a subidentifier. Ensure last octet hasn't got top bit set.
+     */
+    else if ((input[(int)idx + length - 1] & 0x80) == 0x80) {
+        WOLFSSL_MSG("OID last octet has top bit set");
+        ret = ASN_PARSE_E;
+    }
+
+    return ret;
+}
+
 /* Get the ASN.1 items from the BER encoding.
  *
  * @param [in] asn         ASN.1 item expected.
@@ -1164,8 +1273,8 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
             /* Fill number with all of data. */
             *data->data.u16 = 0;
             for (i = 0; i < len; i++) {
-                *data->data.u16 <<= 8;
-                *data->data.u16 |= input[idx + (word32)i] ;
+                *data->data.u16 = (word16)(*data->data.u16 << 8U);
+                *data->data.u16 = (word16)(*data->data.u16 | input[idx + (word32)i]);
             }
             break;
         case ASN_DATA_TYPE_WORD32:
@@ -1191,7 +1300,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
                 WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len,
                         *data->data.buffer.length);
             #endif
-                return ASN_PARSE_E;
+                return BUFFER_E;
             }
             /* Copy in data and record actual length seen. */
             XMEMCPY(data->data.buffer.data, input + idx, (size_t)len);
@@ -1384,9 +1493,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
     int    len;
     /* Current index into buffer. */
     word32 idx = *inOutIdx;
-    /* Initialize the end index at each depth to be the length. */
-    word32 endIdx[GET_ASN_MAX_DEPTH] = { length, length, length, length, length,
-                                         length, length };
+    /* Declare the end index array. */
+    word32 endIdx[GET_ASN_MAX_DEPTH];
     /* Set choices to -1 to indicate they haven't been seen or found. */
     signed char   choiceMet[GET_ASN_MAX_CHOICES] = { -1, -1 };
     /* Not matching a choice right now. */
@@ -1397,11 +1505,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
     int    minDepth;
     /* Integer had a zero prepended. */
     int    zeroPadded;
+    word32 tmpW32Val;
+    signed char tmpScharVal;
 
 #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
     WOLFSSL_ENTER("GetASN_Items");
 #endif
 
+    /* Set the end index at each depth to be the length. */
+    for (i=0; i<GET_ASN_MAX_DEPTH; i++) {
+        endIdx[i] = length;
+    }
+
     /* Start depth at first items depth. */
     minDepth = depth = asn[0].depth;
     /* Check every ASN.1 item. */
@@ -1430,14 +1545,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
         /* Check if first of numbered choice. */
         if (choice == 0 && asn[i].optional > 1) {
             choice = asn[i].optional;
-            if (choiceMet[choice - 2] == -1) {
+            tmpScharVal = choiceMet[choice - 2];
+            XFENCE(); /* Prevent memory access */
+            if (tmpScharVal == -1) {
                 /* Choice seen but not found a match yet. */
                 choiceMet[choice - 2] = 0;
             }
         }
 
         /* Check for end of data or not a choice and tag not matching. */
-        if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
+        tmpW32Val = endIdx[depth];
+        XFENCE(); /* Prevent memory access */
+        if (idx == tmpW32Val || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
                               (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
             if (asn[i].optional) {
                 /* Skip over ASN.1 items underneath this optional item. */
@@ -1505,6 +1624,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
 
         /* Store found tag in data. */
         data[i].tag = input[idx];
+        XFENCE(); /* Prevent memory access */
         if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
             int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
             /* Check constructed match expected for non-choice ASN.1 item. */
@@ -1577,11 +1697,20 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
             idx++;
             len--;
         }
-        else if ((asn[i].tag == ASN_OBJECT_ID) && (len < 3)) {
-        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
-            WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len);
-        #endif
-            return ASN_PARSE_E;
+    #ifndef WOLFSSL_NO_ASN_STRICT
+        else if ((asn[i].tag == ASN_UTF8STRING) ||
+                 (data[i].tag == ASN_UTF8STRING)) {
+            /* Check validity of data. */
+            err = GetASN_UTF8String(input, idx, len);
+            if (err != 0)
+                return err;
+        }
+    #endif
+        else if (asn[i].tag == ASN_OBJECT_ID) {
+            /* Check validity of data. */
+            err = GetASN_ObjectId(input, idx, len);
+            if (err != 0)
+                return err;
         }
 
         /* Don't parse data if only header required. */
@@ -2170,7 +2299,7 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx,
         /* Bottom 7 bits are the number of bytes to calculate length with.
          * Note: 0 indicates indefinite length encoding *not* 0 bytes of length.
          */
-        word32 bytes = (word32)b & 0x7FU;
+        int bytes = (int)(b & 0x7F);
         int minLen;
 
         /* Calculate minimum length to be encoded with bytes. */
@@ -2182,15 +2311,16 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx,
             minLen = 0x80;
         }
         /* Only support up to the number of bytes that fit into return var. */
-        else if (bytes > sizeof(length)) {
+        else if (bytes > (int)sizeof(length)) {
             WOLFSSL_MSG("GetLength - overlong data length spec");
             return ASN_PARSE_E;
-        } else {
+        }
+        else {
             minLen = 1 << ((bytes - 1) * 8);
         }
 
         /* Check the number of bytes required are available. */
-        if ((idx + bytes) > maxIdx) {
+        if ((idx + (word32)bytes) > maxIdx) {
             WOLFSSL_MSG("GetLength - bad long length");
             return BUFFER_E;
         }
@@ -2314,6 +2444,20 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
     if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) {
         ret = ASN_PARSE_E;
     }
+    if (ret == 0 && tag == ASN_OBJECT_ID) {
+        if (length < 3) {
+            /* OID data must be at least 3 bytes. */
+            WOLFSSL_MSG("OID length less than 3");
+            ret = ASN_PARSE_E;
+        }
+        else if ((input[(int)idx + length - 1] & 0x80) == 0x80) {
+            /* Last octet of a sub-identifier has bit 8 clear. Last octet must
+             * be last of a subidentifier. Ensure last octet hasn't got top bit
+             * set. */
+            WOLFSSL_MSG("OID last octet has top bit set");
+            ret = ASN_PARSE_E;
+        }
+    }
     if (ret == 0) {
         /* Return the length of data and index after header. */
         *len      = length;
@@ -2342,7 +2486,7 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
  * @return  BUFFER_E when there is not enough data to parse.
  * @return  ASN_PARSE_E when the expected tag is not found or length is invalid.
  */
-static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
+int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
                         word32 maxIdx)
 {
     return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1);
@@ -2575,14 +2719,15 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len,
         return ret;
 
     if (*len > 0) {
-
 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
         /* check for invalid padding on negative integer.
          * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
          */
         if (*len > 1) {
-            if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80))
-                return ASN_PARSE_E;
+            if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) {
+                WOLFSSL_MSG("Bad INTEGER encoding of negative");
+                return ASN_EXPECT_0_E;
+            }
         }
 #endif
 
@@ -2592,8 +2737,10 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len,
             (*len)--;
 
 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
-            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
-                return ASN_PARSE_E;
+            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) {
+                WOLFSSL_MSG("INTEGER is negative");
+                return ASN_EXPECT_0_E;
+            }
 #endif
         }
     }
@@ -2875,7 +3022,7 @@ const char* GetSigName(int oid) {
 #if !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_CERTS) || \
    (!defined(NO_RSA) && \
         (defined(WOLFSSL_CERT_GEN) || \
-        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))))
+        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)))))
 /* Set the DER/BER encoding of the ASN.1 INTEGER header.
  *
  * When output is NULL, calculate the header length only.
@@ -2924,7 +3071,7 @@ int SetASNInt(int len, byte firstByte, byte* output)
 #if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_CERT_GEN) && \
     !defined(NO_RSA)) || ((defined(WOLFSSL_KEY_GEN) || \
     (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
-    defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
+    defined(OPENSSL_EXTRA)) && !defined(NO_RSA))
 /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
  * The number is assumed to be positive.
  *
@@ -2960,41 +3107,6 @@ static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
     return idx;
 }
 #endif
-
-#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA))
-/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int from
- * an RSA key.
- * The number is assumed to be positive.
- *
- * n       Multi-precision integer to encode.
- * output  Buffer to write into.
- * returns BUFFER_E when the data is too long for the buffer.
- *         MP_TO_E when encoding the integer fails.
- *         Otherwise, the number of bytes added to the buffer.
- */
-static int SetASNIntRSA(void* n, byte* output)
-{
-    int idx = 0;
-    int leadingBit;
-    int length;
-
-    leadingBit = wc_Rsa_leading_bit(n);
-    length = wc_Rsa_unsigned_bin_size(n);
-    idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
-    if ((idx + length) > MAX_RSA_INT_SZ)
-        return BUFFER_E;
-
-    if (output) {
-        int err = wc_Rsa_to_unsigned_bin(n, output + idx, length);
-        if (err != MP_OKAY)
-            return MP_TO_E;
-    }
-    idx += length;
-
-    return idx;
-}
-#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
 #endif /* !WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -3049,7 +3161,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
 #else
     ASNGetData dataASN[intASN_Length];
     int ret;
-    byte num;
+    byte num = 0;
 
     /* Clear dynamic data and set the version number variable. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
@@ -3067,7 +3179,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
 }
 
 
-#ifndef NO_PWDBASED
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
 /* Decode small integer, 32 bits or less.
  *
  * @param [in]      input     Buffer of BER data.
@@ -3116,7 +3228,7 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
 #else
     ASNGetData dataASN[intASN_Length];
     int ret;
-    word32 num;
+    word32 num = 0;
 
     /* Clear dynamic data and set the 32-bit number variable. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
@@ -3132,8 +3244,10 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
     return ret;
 #endif
 }
+#endif /* !NO_PWDBASED || WOLFSSL_ASN_EXTRA */
 
 
+#ifndef NO_PWDBASED
 #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \
      defined(HAVE_PKCS12)
 /* Set small integer, 32 bits or less. DER encoding with no leading 0s
@@ -3316,7 +3430,7 @@ static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx,
 #endif /* (ECC || !NO_DSA) && !WOLFSSL_ASN_TEMPLATE */
 
 #ifndef WOLFSSL_ASN_TEMPLATE
-#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || !defined(NO_DSA)
+#if !defined(NO_RSA) || !defined(NO_DSA)
 static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx)
 {
     word32 idx = *inOutIdx;
@@ -3393,7 +3507,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
     }
 
     b = input[idx];
-    if (zeroBits && b != 0x00)
+    if (zeroBits && (b != 0x00))
         return ASN_EXPECT_0_E;
     if (b >= 0x08)
         return ASN_PARSE_E;
@@ -3414,7 +3528,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
 #else
     ASNGetData dataASN[bitStringASN_Length];
     int ret;
-    int bits;
+    int bits = 0;
 
     /* Parse BIT_STRING and check validity of unused bits. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
@@ -3445,14 +3559,14 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
 
 /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or
  * KeyGen) */
-#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
+#if (!defined(NO_RSA) && \
      (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
       defined(OPENSSL_EXTRA))) || \
     (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \
     ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
      (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
       defined(OPENSSL_EXTRA))) || \
-    (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERT)) || \
+    (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERTS)) || \
     (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) || \
     (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA))
 
@@ -3495,9 +3609,75 @@ word32 SetBitString(word32 len, byte unusedBits, byte* output)
 #endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
 
 #ifdef ASN_BER_TO_DER
+
+#ifndef BER_OCTET_LENGTH
+    #define BER_OCTET_LENGTH 4096
+#endif
+
+/* sets the terminating 0x00 0x00 at the end of an indefinite length
+ * returns the number of bytes written */
+word32 SetIndefEnd(byte* output)
+{
+    byte terminate[ASN_INDEF_END_SZ] = { 0x00, 0x00 };
+
+    if (output != NULL) {
+        XMEMCPY(output, terminate, ASN_INDEF_END_SZ);
+    }
+
+    return (word32)ASN_INDEF_END_SZ;
+}
+
+
+/* Breaks an octet string up into chunks for use with streaming
+ * returns 0 on success and updates idx */
+int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out,
+                      word32* outSz, word32* idx)
+{
+    word32 i  = 0;
+    word32 outIdx = *idx;
+    byte* tmp = out;
+
+    if (tmp) tmp += outIdx;
+
+    while (i < inBufSz) {
+        word32 ret, sz;
+
+        sz = BER_OCTET_LENGTH;
+
+        if ((sz + i) > inBufSz) {
+            sz = inBufSz - i;
+        }
+
+        ret = SetOctetString(sz, tmp);
+        if (ret > 0) {
+            outIdx += ret;
+        }
+
+        if (tmp) {
+            if ((word32)ret + sz + i + outIdx > *outSz) {
+                return BUFFER_E;
+            }
+            XMEMCPY(tmp + ret, inBuf + i, sz);
+            tmp += sz + ret;
+        }
+        outIdx += sz;
+        i      += sz;
+    }
+
+    if (tmp) {
+        *idx = outIdx;
+        return 0;
+    }
+    else {
+        *outSz = outIdx;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
+    }
+}
+
+
 /* Convert BER to DER */
 
-/* Pull informtation from the ASN.1 BER encoded item header */
+/* Pull information from the ASN.1 BER encoded item header */
 static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx,
                         byte* pTag, word32* pLen, int* indef)
 {
@@ -3858,13 +4038,11 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz)
     /* Return the length of the DER encoded ASN.1 */
     *derSz = j;
     if (der == NULL) {
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 end:
 #ifdef WOLFSSL_SMALL_STACK
-    if (indefItems != NULL) {
-        XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return ret;
 }
@@ -4052,26 +4230,39 @@ static word32 SetBitString16Bit(word16 val, byte* output)
 #ifdef HAVE_ED448
     static const byte sigEd448Oid[] = {43, 101, 113};
 #endif /* HAVE_ED448 */
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
-    /* Falcon Level 1: 1 3 9999 3 1 */
-    static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
+    /* Falcon Level 1: 1 3 9999 3 6 */
+    static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
 
-    /* Falcon Level 5: 1 3 9999 3 4 */
-    static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
+    /* Falcon Level 5: 1 3 9999 3 9 */
+    static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FACON */
 #ifdef HAVE_DILITHIUM
-    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte sigDilithium_Level2Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
 
-    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
+    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
     static const byte sigDilithium_Level3Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};
 
-    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
+    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte sigDilithium_Level5Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
+#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+
+    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
+    static const byte sigMlDsa_Level2Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 17};
+
+    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
+    static const byte sigMlDsa_Level3Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 18};
+
+    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
+    static const byte sigMlDsa_Level5Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 19};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4098,7 +4289,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte sigSphincsSmall_Level5Oid[] =
         {43, 206, 15, 6, 9, 7};
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
 
 /* keyType */
 #ifndef NO_DSA
@@ -4128,26 +4318,39 @@ static word32 SetBitString16Bit(word16 val, byte* output)
 #ifndef NO_DH
     static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1};
 #endif /* !NO_DH */
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
-    /* Falcon Level 1: 1 3 9999 3 1 */
-    static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
+    /* Falcon Level 1: 1 3 9999 3 6 */
+    static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
 
-    /* Falcon Level 5: 1 3 9999 3 4 */
-    static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
+    /* Falcon Level 5: 1 3 9999 3 9 */
+    static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte keyDilithium_Level2Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
 
-    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
+    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
     static const byte keyDilithium_Level3Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};
 
-    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
+    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte keyDilithium_Level5Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
+#endif
+
+    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
+    static const byte keyMlDsa_Level2Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 17};
+
+    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
+    static const byte keyMlDsa_Level3Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 18};
+
+    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
+    static const byte keyMlDsa_Level5Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 19};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4174,7 +4377,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte keySphincsSmall_Level5Oid[] =
         {43, 206, 15, 6, 9, 7};
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
 
 /* curveType */
 #ifdef HAVE_ECC
@@ -4400,6 +4602,7 @@ static const byte dnsSRVOid[] = {43, 6, 1, 5, 5, 7, 8, 7};
 /* Pilot attribute types (0.9.2342.19200300.100.1.*) */
 #define PLT_ATTR_TYPE_OID_BASE(num) {9, 146, 38, 137, 147, 242, 44, 100, 1, num}
 static const byte uidOid[] = PLT_ATTR_TYPE_OID_BASE(1); /* user id */
+static const byte rfc822Mlbx[] = PLT_ATTR_TYPE_OID_BASE(3); /* RFC822 mailbox */
 static const byte fvrtDrk[] = PLT_ATTR_TYPE_OID_BASE(5);/* favourite drink*/
 #endif
 
@@ -4682,7 +4885,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(sigEd448Oid);
                     break;
                 #endif
-                #ifdef HAVE_PQC
                 #ifdef HAVE_FALCON
                 case CTC_FALCON_LEVEL1:
                     oid = sigFalcon_Level1Oid;
@@ -4693,7 +4895,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(sigFalcon_Level5Oid);
                     break;
                 #endif /* HAVE_FALCON */
-                #ifdef HAVE_DILITHIUM
+            #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case CTC_DILITHIUM_LEVEL2:
                     oid = sigDilithium_Level2Oid;
                     *oidSz = sizeof(sigDilithium_Level2Oid);
@@ -4706,7 +4909,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = sigDilithium_Level5Oid;
                     *oidSz = sizeof(sigDilithium_Level5Oid);
                     break;
-                #endif /* HAVE_DILITHIUM */
+                #endif
+                case CTC_ML_DSA_LEVEL2:
+                    oid = sigMlDsa_Level2Oid;
+                    *oidSz = sizeof(sigMlDsa_Level2Oid);
+                    break;
+                case CTC_ML_DSA_LEVEL3:
+                    oid = sigMlDsa_Level3Oid;
+                    *oidSz = sizeof(sigMlDsa_Level3Oid);
+                    break;
+                case CTC_ML_DSA_LEVEL5:
+                    oid = sigMlDsa_Level5Oid;
+                    *oidSz = sizeof(sigMlDsa_Level5Oid);
+                    break;
+            #endif /* HAVE_DILITHIUM */
                 #ifdef HAVE_SPHINCS
                 case CTC_SPHINCS_FAST_LEVEL1:
                     oid = sigSphincsFast_Level1Oid;
@@ -4733,7 +4949,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(sigSphincsSmall_Level5Oid);
                     break;
                 #endif /* HAVE_SPHINCS */
-                #endif /* HAVE_PQC */
                 default:
                     break;
             }
@@ -4795,7 +5010,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(keyDhOid);
                     break;
                 #endif /* !NO_DH */
-                #ifdef HAVE_PQC
                 #ifdef HAVE_FALCON
                 case FALCON_LEVEL1k:
                     oid = keyFalcon_Level1Oid;
@@ -4806,7 +5020,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(keyFalcon_Level5Oid);
                     break;
                 #endif /* HAVE_FALCON */
-                #ifdef HAVE_DILITHIUM
+            #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
                     oid = keyDilithium_Level2Oid;
                     *oidSz = sizeof(keyDilithium_Level2Oid);
@@ -4819,7 +5034,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = keyDilithium_Level5Oid;
                     *oidSz = sizeof(keyDilithium_Level5Oid);
                     break;
-                #endif /* HAVE_DILITHIUM */
+                #endif
+                case ML_DSA_LEVEL2k:
+                    oid = keyMlDsa_Level2Oid;
+                    *oidSz = sizeof(keyMlDsa_Level2Oid);
+                    break;
+                case ML_DSA_LEVEL3k:
+                    oid = keyMlDsa_Level3Oid;
+                    *oidSz = sizeof(keyMlDsa_Level3Oid);
+                    break;
+                case ML_DSA_LEVEL5k:
+                    oid = keyMlDsa_Level5Oid;
+                    *oidSz = sizeof(keyMlDsa_Level5Oid);
+                    break;
+            #endif /* HAVE_DILITHIUM */
                 #ifdef HAVE_SPHINCS
                 case SPHINCS_FAST_LEVEL1k:
                     oid = keySphincsFast_Level1Oid;
@@ -4846,7 +5074,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(keySphincsSmall_Level5Oid);
                     break;
                 #endif /* HAVE_SPHINCS */
-                #endif /* HAVE_PQC */
                 default:
                     break;
             }
@@ -5328,7 +5555,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
 #ifdef WOLFSSL_APACHE_HTTPD
         case oidCertNameType:
             switch (id) {
-                 case NID_id_on_dnsSRV:
+                 case WC_NID_id_on_dnsSRV:
                     oid = dnsSRVOid;
                     *oidSz = sizeof(dnsSRVOid);
                     break;
@@ -5487,7 +5714,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
     }
 
     /* compute length of encoded OID */
-    d = (in[0] * 40) + in[1];
+    d = ((word32)in[0] * 40) + in[1];
     len = 0;
     for (i = 1; i < (int)inSz; i++) {
         x = 0;
@@ -5510,7 +5737,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
         }
 
         /* calc first byte */
-        d = (in[0] * 40) + in[1];
+        d = ((word32)in[0] * 40) + in[1];
 
         /* encode bytes */
         x = 0;
@@ -5545,14 +5772,13 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
     }
 
     /* return length */
-    *outSz = len;
+    *outSz = (word32)len;
 
     return 0;
 }
 #endif /* HAVE_OID_ENCODING */
 
-#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \
-    defined(OPENSSL_ALL)
+#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)
 /* Encode dotted form of OID into byte array version.
  *
  * @param [in]      in     Byte array containing OID.
@@ -5599,7 +5825,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz)
 
     return 0;
 }
-#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */
+#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT */
 
 /* Decode the header of a BER/DER encoded OBJECT ID.
  *
@@ -5727,7 +5953,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
     const byte* checkOid = NULL;
     word32 checkOidSz;
 #endif /* NO_VERIFY_OID */
-#ifdef HAVE_PQC
+#if defined(HAVE_SPHINCS)
     word32 found_collision = 0;
 #endif
     (void)oidType;
@@ -5739,7 +5965,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
     actualOidSz = (word32)length;
 #endif /* NO_VERIFY_OID */
 
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS)
+#if defined(HAVE_SPHINCS)
     /* Since we are summing it up, there could be collisions...and indeed there
      * are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3.
      *
@@ -5753,7 +5979,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
                sizeof(sigSphincsFast_Level3Oid)) == 0) {
         found_collision = SPHINCS_FAST_LEVEL3k;
     }
-#endif /* HAVE_PQC */
+#endif /* HAVE_SPHINCS */
 
     /* Sum it up for now. */
     while (length--) {
@@ -5762,11 +5988,11 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
         idx++;
     }
 
-#ifdef HAVE_PQC
+#ifdef HAVE_SPHINCS
     if (found_collision) {
         *oid = found_collision;
     }
-#endif /* HAVE_PQC */
+#endif /* HAVE_SPHINCS */
 
     /* Return the index after the OID data. */
     *inOutIdx = idx;
@@ -5909,22 +6135,8 @@ enum {
 #define algoIdASN_Length (sizeof(algoIdASN) / sizeof(ASNItem))
 #endif
 
-/* Get the OID id/sum from the BER encoding of an algorithm identifier.
- *
- * NULL tag is skipped if present.
- *
- * @param [in]      input     Buffer holding BER encoded data.
- * @param [in, out] inOutIdx  On in, start of algorithm identifier.
- *                            On out, start of ASN.1 item after algorithm id.
- * @param [out]     oid       Id of OID in algorithm identifier data.
- * @param [in]      oidType   Type of OID to expect.
- * @param [in]      maxIdx    Maximum index of data in buffer.
- * @return  0 on success.
- * @return  ASN_PARSE_E when encoding is invalid.
- * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
- */
-int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
-                     word32 oidType, word32 maxIdx)
+static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx, byte *absentParams)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int    length;
@@ -5950,6 +6162,10 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
                 ret = GetASNNull(input, &idx, maxIdx);
                 if (ret != 0)
                     return ret;
+
+                if (absentParams != NULL) {
+                    *absentParams = FALSE;
+                }
             }
         }
     }
@@ -5974,6 +6190,11 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
     if (ret == 0) {
         /* Return the OID id/sum. */
         *oid = dataASN[ALGOIDASN_IDX_OID].data.oid.sum;
+
+        if ((absentParams != NULL) &&
+            (dataASN[ALGOIDASN_IDX_NULL].tag == ASN_TAG_NULL)) {
+            *absentParams = FALSE;
+        }
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
@@ -5981,6 +6202,37 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Get the OID id/sum from the BER encoding of an algorithm identifier.
+ *
+ * NULL tag is skipped if present.
+ *
+ * @param [in]      input     Buffer holding BER encoded data.
+ * @param [in, out] inOutIdx  On in, start of algorithm identifier.
+ *                            On out, start of ASN.1 item after algorithm id.
+ * @param [out]     oid       Id of OID in algorithm identifier data.
+ * @param [in]      oidType   Type of OID to expect.
+ * @param [in]      maxIdx    Maximum index of data in buffer.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when encoding is invalid.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ */
+int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx)
+{
+    return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, NULL);
+}
+
+int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx, byte *absentParams)
+{
+    /* Assume absent until proven otherwise */
+    if (absentParams != NULL) {
+        *absentParams = TRUE;
+    }
+
+    return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, absentParams);
+}
+
 #ifndef NO_RSA
 
 #ifdef WC_RSA_PSS
@@ -6072,7 +6324,8 @@ static int RsaPssHashOidToMgf1(word32 oid, int* mgf)
     return ret;
 }
 
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && !defined(NO_ASN_CRYPT)
+
 /* Convert a hash OID to a fake signature OID.
  *
  * @param  [in]   oid     Hash OID.
@@ -6123,7 +6376,7 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid)
 #endif
 
 #ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN tag for hashAlgorigthm. */
+/* ASN tag for hashAlgorithm. */
 #define ASN_TAG_RSA_PSS_HASH        (ASN_CONTEXT_SPECIFIC | 0)
 /* ASN tag for maskGenAlgorithm. */
 #define ASN_TAG_RSA_PSS_MGF         (ASN_CONTEXT_SPECIFIC | 1)
@@ -6165,13 +6418,13 @@ enum {
     RSAPSSPARAMSASN_IDX_SALTLEN,
     RSAPSSPARAMSASN_IDX_SALTLENINT,
     RSAPSSPARAMSASN_IDX_TRAILER,
-    RSAPSSPARAMSASN_IDX_TRAILERINT,
+    RSAPSSPARAMSASN_IDX_TRAILERINT
 };
 
 /* Number of items in ASN.1 template for an algorithm identifier. */
 #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem))
 #else
-/* ASN tag for hashAlgorigthm. */
+/* ASN tag for hashAlgorithm. */
 #define ASN_TAG_RSA_PSS_HASH        (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)
 /* ASN tag for maskGenAlgorithm. */
 #define ASN_TAG_RSA_PSS_MGF         (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)
@@ -6336,22 +6589,21 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
 }
 #endif /* WC_RSA_PSS */
 
-#ifndef HAVE_USER_RSA
 #if defined(WOLFSSL_ASN_TEMPLATE) || (!defined(NO_CERTS) && \
     (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)))
 /* Byte offset of numbers in RSA key. */
 size_t rsaIntOffset[] = {
-    OFFSETOF(RsaKey, n),
-    OFFSETOF(RsaKey, e),
+    WC_OFFSETOF(RsaKey, n),
+    WC_OFFSETOF(RsaKey, e),
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
-    OFFSETOF(RsaKey, d),
-    OFFSETOF(RsaKey, p),
-    OFFSETOF(RsaKey, q),
+    WC_OFFSETOF(RsaKey, d),
+    WC_OFFSETOF(RsaKey, p),
+    WC_OFFSETOF(RsaKey, q),
 #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
-    OFFSETOF(RsaKey, dP),
-    OFFSETOF(RsaKey, dQ),
-    OFFSETOF(RsaKey, u)
+    WC_OFFSETOF(RsaKey, dP),
+    WC_OFFSETOF(RsaKey, dQ),
+    WC_OFFSETOF(RsaKey, u)
 #endif
 #endif
 };
@@ -6674,8 +6926,6 @@ int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, int* keySz,
 {
     return _RsaPrivateKeyDecode(input, inOutIdx, NULL, keySz, inSz);
 }
-
-#endif /* HAVE_USER_RSA */
 #endif /* NO_RSA */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -6694,8 +6944,9 @@ static const ASNItem pkcs8KeyASN[] = {
 /*  PKEY_ALGO_PARAM_SEQ */            { 2, ASN_SEQUENCE, 1, 0, 1 },
 #endif
 /*  PKEY_DATA           */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
-                /* attributes            [0] Attributes OPTIONAL */
-                /* [[2: publicKey        [1] PublicKey OPTIONAL ]] */
+/*  OPTIONAL Attributes IMPLICIT [0] */
+                                  { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
+/* [[2: publicKey        [1] PublicKey OPTIONAL ]] */
 };
 enum {
     PKCS8KEYASN_IDX_SEQ = 0,
@@ -6708,6 +6959,7 @@ enum {
     PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ,
 #endif
     PKCS8KEYASN_IDX_PKEY_DATA,
+    PKCS8KEYASN_IDX_PKEY_ATTRIBUTES,
     WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
 };
 
@@ -6722,6 +6974,7 @@ enum {
  *                             On out, start of encoded key.
  * @param [in]       sz        Size of data in buffer.
  * @param [out]      algId     Key's algorithm id from PKCS #8 header.
+ * @param [out]      eccOid    ECC curve OID.
  * @return  Length of key data on success.
  * @return  BAD_FUNC_ARG when input or inOutIdx is NULL.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -6731,8 +6984,8 @@ enum {
  * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
  *          non-zero length.
  */
-int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
-                           word32* algId)
+int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
+                            word32* algId, word32* eccOid)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx;
@@ -6782,13 +7035,19 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
 #endif /* WC_RSA_PSS && !NO_RSA */
 
     if (tag == ASN_OBJECT_ID) {
-        if (SkipObjectId(input, &idx, sz) < 0)
-            return ASN_PARSE_E;
+        if ((*algId == ECDSAk) && (eccOid != NULL)) {
+            if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0)
+                return ASN_PARSE_E;
+        }
+        else {
+            if (SkipObjectId(input, &idx, sz) < 0)
+                return ASN_PARSE_E;
+        }
     }
 
     ret = GetOctetString(input, &idx, &length, sz);
     if (ret < 0) {
-        if (ret == BUFFER_E)
+        if (ret == WC_NO_ERR_TRACE(BUFFER_E))
             return ASN_PARSE_E;
         /* Some private keys don't expect an octet string */
         WOLFSSL_MSG("Couldn't find Octet string");
@@ -6801,9 +7060,11 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
     DECL_ASNGETDATA(dataASN, pkcs8KeyASN_Length);
     int ret = 0;
     word32 oid = 9;
-    byte version;
+    byte version = 0;
     word32 idx;
 
+    (void)eccOid;
+
     /* Check validity of parameters. */
     if (input == NULL || inOutIdx == NULL) {
         return BAD_FUNC_ARG;
@@ -6877,6 +7138,11 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
                 if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) {
                     ret = ASN_PARSE_E;
                 }
+                if (eccOid != NULL) {
+                    ASNGetData* oidCurve =
+                        &dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE];
+                    *eccOid = oidCurve->data.oid.sum;
+                }
                 break;
         #endif
         #ifdef HAVE_ED25519
@@ -6914,6 +7180,15 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
                     ret = ASN_PARSE_E;
                 }
                 break;
+        #endif
+        #ifndef NO_DH
+            case DHk:
+                /* Neither NULL item nor OBJECT_ID item allowed. */
+                if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
+                    (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                break;
         #endif
             /* DSAk not supported. */
             /* Falcon, Dilithium and Sphincs not supported. */
@@ -6936,6 +7211,29 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
 #endif
 }
 
+/* Remove PKCS #8 header around an RSA, ECDSA, Ed25519, or Ed448.
+ *
+ * @param [in]       input     Buffer holding BER data.
+ * @param [in, out]  inOutIdx  On in, start of PKCS #8 encoding.
+ *                             On out, start of encoded key.
+ * @param [in]       sz        Size of data in buffer.
+ * @param [out]      algId     Key's algorithm id from PKCS #8 header.
+ * @return  Length of key data on success.
+ * @return  BAD_FUNC_ARG when input or inOutIdx is NULL.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
+ * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
+ *          non-zero length.
+ */
+int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz,
+                           word32* algId)
+{
+    return ToTraditionalInline_ex2(input, inOutIdx, sz, algId, NULL);
+}
+
+
 /* TODO: test case  */
 int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz)
 {
@@ -7011,7 +7309,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
 
         WOLFSSL_MSG("Checking size of PKCS8");
 
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     WOLFSSL_ENTER("wc_CreatePKCS8Key");
@@ -7081,8 +7379,10 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
     *outSz = tmpSz + sz;
     return (int)(tmpSz + sz);
 #else
-    DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length);
-    int sz;
+    /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional
+     * set of attributes */
+    DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1);
+    int sz = 0;
     int ret = 0;
     word32 keyIdx = 0;
     word32 tmpAlgId = 0;
@@ -7102,7 +7402,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
         ret = ASN_PARSE_E;
     }
 
-    CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL);
+    CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL);
 
     if (ret == 0) {
         /* Only support default PKCS #8 format - v0. */
@@ -7128,20 +7428,20 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
         SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
 
         /* Get the size of the DER encoding. */
-        ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz);
+        ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz);
     }
-    if (ret == 0) {
+    if ((ret == 0) || (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
         /* Always return the calculated size. */
         *outSz = (word32)sz;
     }
     /* Check for buffer to encoded into. */
     if ((ret == 0) && (out == NULL)) {
         WOLFSSL_MSG("Checking size of PKCS8");
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (ret == 0) {
         /*  Encode PKCS #8 key into buffer. */
-        SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out);
+        SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out);
         ret = sz;
     }
 
@@ -7161,9 +7461,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
  * privKeySz : size of private key buffer
  * pubKey    : buffer holding DER format public key
  * pubKeySz  : size of public key buffer
- * ks        : type of key */
+ * ks        : type of key
+ * heap      : heap hint to use */
 int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
-                       const byte* pubKey, word32 pubKeySz, enum Key_Sum ks)
+                       const byte* pubKey, word32 pubKeySz, enum Key_Sum ks,
+                       void* heap)
 {
     int ret;
     (void)privKeySz;
@@ -7200,14 +7502,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         }
     #endif
 
-        if ((ret = wc_InitRsaKey(a, NULL)) < 0) {
+        if ((ret = wc_InitRsaKey(a, heap)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(b, NULL, DYNAMIC_TYPE_RSA);
             XFREE(a, NULL, DYNAMIC_TYPE_RSA);
     #endif
             return ret;
         }
-        if ((ret = wc_InitRsaKey(b, NULL)) < 0) {
+        if ((ret = wc_InitRsaKey(b, heap)) < 0) {
             wc_FreeRsaKey(a);
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(b, NULL, DYNAMIC_TYPE_RSA);
@@ -7221,12 +7523,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
 
             if ((ret = wc_RsaPublicKeyDecode(pubKey, &keyIdx, b,
                     pubKeySz)) == 0) {
-                /* limit for user RSA crypto because of RsaKey
-                 * dereference. */
-            #if defined(HAVE_USER_RSA)
-                WOLFSSL_MSG("Cannot verify RSA pair with user RSA");
-                ret = 1; /* return first RSA cert as match */
-            #else
                 /* both keys extracted successfully now check n and e
                  * values are the same. This is dereferencing RsaKey */
                 if (mp_cmp(&(a->n), &(b->n)) != MP_EQ ||
@@ -7236,7 +7532,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                 }
                 else
                     ret = 1;
-            #endif
             }
             else {
                 WOLFSSL_ERROR_VERBOSE(ret);
@@ -7275,7 +7570,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         }
     #endif
 
-        if ((ret = wc_ecc_init(key_pair)) < 0) {
+        if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
@@ -7293,7 +7588,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                 wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz);
             #endif
                 wc_ecc_free(key_pair);
-                ret = wc_ecc_init(key_pair);
+                ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID);
                 if (ret == 0) {
                     ret = wc_ecc_import_private_key(privDer,
                                             privSz, pubKey,
@@ -7344,7 +7639,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_ed25519_init(key_pair)) < 0) {
+        if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
     #endif
@@ -7394,7 +7689,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_ed448_init(key_pair)) < 0) {
+        if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
     #endif
@@ -7427,7 +7722,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
     }
     else
     #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
     if ((ks == FALCON_LEVEL1k) || (ks == FALCON_LEVEL5k)) {
     #ifdef WOLFSSL_SMALL_STACK
@@ -7489,10 +7783,17 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
     }
     else
     #endif /* HAVE_FALCON */
-    #if defined(HAVE_DILITHIUM)
-    if ((ks == DILITHIUM_LEVEL2k) ||
-        (ks == DILITHIUM_LEVEL3k) ||
-        (ks == DILITHIUM_LEVEL5k)) {
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+    if ((ks == ML_DSA_LEVEL2k) ||
+        (ks == ML_DSA_LEVEL3k) ||
+        (ks == ML_DSA_LEVEL5k)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (ks == DILITHIUM_LEVEL2k)
+     || (ks == DILITHIUM_LEVEL3k)
+     || (ks == DILITHIUM_LEVEL5k)
+    #endif
+        ) {
     #ifdef WOLFSSL_SMALL_STACK
         dilithium_key* key_pair = NULL;
     #else
@@ -7514,15 +7815,27 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return ret;
         }
 
-        if (ks == DILITHIUM_LEVEL2k) {
-            ret = wc_dilithium_set_level(key_pair, 2);
+
+        if (ks == ML_DSA_LEVEL2k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44);
+        }
+        else if (ks == ML_DSA_LEVEL3k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65);
+        }
+        else if (ks == ML_DSA_LEVEL5k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87);
+        }
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if (ks == DILITHIUM_LEVEL2k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44_DRAFT);
         }
         else if (ks == DILITHIUM_LEVEL3k) {
-            ret = wc_dilithium_set_level(key_pair, 3);
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65_DRAFT);
         }
         else if (ks == DILITHIUM_LEVEL5k) {
-            ret = wc_dilithium_set_level(key_pair, 5);
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87_DRAFT);
         }
+    #endif
 
         if (ret  < 0) {
     #ifdef WOLFSSL_SMALL_STACK
@@ -7547,7 +7860,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
     #endif
     }
     else
-    #endif /* HAVE_DILITHIUM */
+#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_VERIFY_ONLY */
     #if defined(HAVE_SPHINCS)
     if ((ks == SPHINCS_FAST_LEVEL1k) ||
         (ks == SPHINCS_FAST_LEVEL3k) ||
@@ -7619,11 +7932,11 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
     }
     else
     #endif /* HAVE_SPHINCS */
-    #endif /* HAVE_PQC */
     {
         ret = 0;
     }
     (void)ks;
+    (void)heap;
 
     return ret;
 }
@@ -7632,17 +7945,59 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
  * return 1 (true) on match
  * return 0 or negative value on failure/error
  *
- * key   : buffer holding DER format key
- * keySz : size of key buffer
- * der   : a initialized and parsed DecodedCert holding a certificate */
-int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der)
+ * key      : buffer holding DER format key
+ * keySz    : size of key buffer
+ * der      : a initialized and parsed DecodedCert holding a certificate
+ * checkAlt : indicate if we check primary or alternative key
+ */
+int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
+                           int checkAlt, void* heap)
 {
+    int ret = 0;
+
     if (key == NULL || der == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    return wc_CheckPrivateKey(key, keySz, der->publicKey,
-            der->pubKeySize, (enum Key_Sum) der->keyOID);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (checkAlt && der->sapkiDer != NULL) {
+        /* We have to decode the public key first */
+        word32 idx = 0;
+        /* Dilithium has the largest public key at the moment */
+        word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+        byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
+                                             DYNAMIC_TYPE_PUBLIC_KEY);
+        if (decodedPubKey == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) {
+                /* Simply copy the data */
+                XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen);
+                pubKeyLen = der->sapkiLen;
+            }
+            else {
+                ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, der->sapkiLen,
+                                          decodedPubKey, &pubKeyLen,
+                                          der->sapkiOID);
+            }
+        }
+        if (ret == 0) {
+            ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen,
+                                     (enum Key_Sum) der->sapkiOID, heap);
+        }
+        XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    }
+    else
+#endif
+    {
+        ret = wc_CheckPrivateKey(key, keySz, der->publicKey,
+                der->pubKeySize, (enum Key_Sum) der->keyOID, heap);
+    }
+
+    (void)checkAlt;
+
+    return ret;
 }
 
 #endif /* HAVE_PKCS12 || !NO_CHECK_PRIVATE_KEY */
@@ -7797,7 +8152,7 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz)
     case AES256CBCb:
         *id = PBE_AES256_CBC;
         if (blockSz != NULL) {
-            *blockSz = AES_BLOCK_SIZE;
+            *blockSz = WC_AES_BLOCK_SIZE;
         }
         break;
 #endif
@@ -7805,7 +8160,7 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz)
     case AES128CBCb:
         *id = PBE_AES128_CBC;
         if (blockSz != NULL) {
-            *blockSz = AES_BLOCK_SIZE;
+            *blockSz = WC_AES_BLOCK_SIZE;
         }
         break;
 #endif
@@ -7922,7 +8277,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
         XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
-#if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
     if (*algoID == 0) {
         falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(*falcon), heap,
@@ -7958,7 +8312,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
         XFREE(falcon, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif /* HAVE_FALCON */
-#if defined(HAVE_DILITHIUM)
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
     if (*algoID == 0) {
         dilithium_key *dilithium = (dilithium_key *)XMALLOC(sizeof(*dilithium),
              heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -7967,31 +8322,28 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
 
         if (wc_dilithium_init(dilithium) != 0) {
             tmpIdx = 0;
-            if (wc_dilithium_set_level(dilithium, 2)
-                == 0) {
+            if (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL2k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL2k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 2 DER key");
                 }
             }
-            else if (wc_dilithium_set_level(dilithium, 3)
-                == 0) {
+            else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL3k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL3k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 3 DER key");
                 }
             }
-            else if (wc_dilithium_set_level(dilithium, 5)
-                == 0) {
+            else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL5k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL5k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 5 DER key");
@@ -8004,7 +8356,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
         }
         XFREE(dilithium, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
-#endif /* HAVE_DILITHIUM */
+#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_VERIFY_ONLY */
 #if defined(HAVE_SPHINCS)
     if (*algoID == 0) {
         sphincs_key *sphincs = (sphincs_key *)XMALLOC(sizeof(*sphincs),
@@ -8082,7 +8434,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
         XFREE(sphincs, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
 
     /* if flag is not set then this is not a key that we understand. */
     if (*algoID == 0) {
@@ -8290,12 +8641,12 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
             pbeOidBuf = pbes2;
             pbeOidBufSz = sizeof(pbes2);
             /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */
-            kdfLen = 2 + sizeof(pbkdf2Oid) + 2 + innerLen;
+            kdfLen = 2U + (word32)sizeof(pbkdf2Oid) + 2U + innerLen;
             /* enc = OBJ enc_alg OCT iv */
-            encLen = 2 + (word32)encOidSz + 2 + (word32)blockSz;
+            encLen = 2U + (word32)encOidSz + 2U + (word32)blockSz;
             /* pbe = OBJ pbse2 SEQ [ SEQ [ kdf ] SEQ [ enc ] ] */
-            pbeLen = (word32)(2 + sizeof(pbes2) + 2 + 2 + (size_t)kdfLen + 2 +
-                              (size_t)encLen);
+            pbeLen = 2U + (word32)sizeof(pbes2) + 2U + 2U + kdfLen + 2U +
+                encLen;
 
             ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz);
         }
@@ -8311,7 +8662,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
         if (out == NULL) {
             /* Sequence tag, length */
             *outSz = 1 + SetLength(outerLen, NULL) + outerLen;
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         SetOctetString(keySz + padSz, out);
 
@@ -8365,7 +8716,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
             idx += SetSequence(kdfLen, out + idx);
             idx += (word32)SetObjectId((int)sizeof(pbkdf2Oid), out + idx);
             XMEMCPY(out + idx, pbkdf2Oid, sizeof(pbkdf2Oid));
-            idx += sizeof(pbkdf2Oid);
+            idx += (word32)sizeof(pbkdf2Oid);
         }
         idx += SetSequence(innerLen, out + idx);
         idx += SetOctetString(saltSz, out + idx);
@@ -8394,9 +8745,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (saltTmp != NULL) {
-        XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     WOLFSSL_LEAVE("wc_EncryptPKCS8Key", ret);
@@ -8467,7 +8816,7 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
     if (ret == 0) {
         ret = wc_CreatePKCS8Key(NULL, &pkcs8KeySz, key, keySz, algId, curveOid,
                                                                     curveOidSz);
-        if (ret == LENGTH_ONLY_E)
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             ret = 0;
     }
     if (ret == 0) {
@@ -8723,10 +9072,10 @@ exit_dc:
     DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length);
     int    ret = 0;
     int    id = 0;
-    int    version;
+    int    version = 0;
     word32 idx = 0;
     word32 pIdx = 0;
-    word32 iterations;
+    word32 iterations = 0;
     word32 keySz = 0;
     word32 saltSz = 0;
     word32 shaOid = 0;
@@ -8861,26 +9210,6 @@ int ToTraditionalEnc(byte* input, word32 sz, const char* password,
 
 #ifdef HAVE_PKCS12
 
-#define PKCS8_MIN_BLOCK_SIZE 8
-static int Pkcs8Pad(byte* buf, int sz, int blockSz)
-{
-    int padSz;
-
-    /* calculate pad size */
-    padSz = blockSz - (sz & (blockSz - 1));
-
-    /* pad with padSz value */
-    if (buf) {
-        int i;
-        for (i = 0; i < padSz; i++) {
-            buf[sz+i] = (byte)(padSz & 0xFF);
-        }
-    }
-
-    /* return adjusted length */
-    return sz + padSz;
-}
-
 #ifdef WOLFSSL_ASN_TEMPLATE
 /* ASN.1 template for PKCS #8 encrypted key with PBES1 parameters.
  * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo
@@ -8896,7 +9225,7 @@ static const ASNItem p8EncPbes1ASN[] = {
 /* ENCALGO_PBEPARAM_SALT */             { 3, ASN_OCTET_STRING, 0, 0, 0 },
                         /* Iteration Count */
 /* ENCALGO_PBEPARAM_ITER */             { 3, ASN_INTEGER, 0, 0, 0 },
-/* ENCDATA               */     { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ENCDATA               */     { 1, (ASN_CONTEXT_SPECIFIC | 0), 0, 0, 0 },
 };
 enum {
     P8ENCPBES1ASN_IDX_SEQ = 0,
@@ -8955,7 +9284,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     word32 seqSz;
     word32 innerSz;
     int    ret;
-    int    version, id, blockSz = 0;
+    int    version, id = PBE_NONE, blockSz = 0;
 #ifdef WOLFSSL_SMALL_STACK
     byte*  saltTmp = NULL;
     byte*  cbcIv   = NULL;
@@ -8990,7 +9319,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     /* calculate size */
     /* size of constructed string at end */
-    sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
+    sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz);
     totalSz  = ASN_TAG_SZ;
     totalSz += SetLength(sz, seq);
     totalSz += sz;
@@ -9027,7 +9356,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     if (out == NULL) {
         *outSz = totalSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     inOutIdx = 0;
@@ -9086,7 +9415,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0;
 
     /* get pad size and verify buffer room */
-    sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
+    sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz);
     if (sz + inOutIdx > *outSz) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9097,7 +9426,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     /* copy input to output buffer and pad end */
     XMEMCPY(out + inOutIdx, input, inputSz);
-    sz = (word32)Pkcs8Pad(out + inOutIdx, (int)inputSz, blockSz);
+    sz = wc_PkcsPad(out + inOutIdx, inputSz, (word32)blockSz);
 #ifdef WOLFSSL_SMALL_STACK
     cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (cbcIv == NULL) {
@@ -9171,7 +9500,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
                 salt, saltSz);
         SetASN_Int16Bit(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER],
                         (word16)itt);
-        pkcs8Sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
+        pkcs8Sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz);
         SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCDATA], NULL, pkcs8Sz);
 
         /* Calculate size of encoding. */
@@ -9183,7 +9512,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     /* Return size when no output buffer. */
     if ((ret == 0) && (out == NULL)) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check output buffer is big enough for encoded data. */
     if ((ret == 0) && (sz > (int)*outSz)) {
@@ -9209,7 +9538,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
         byte* pkcs8 =
             (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data;
         XMEMCPY(pkcs8, input, inputSz);
-        Pkcs8Pad(pkcs8, (int)inputSz, blockSz);
+        (void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz);
 
         /* Encrypt PKCS#8 key inline. */
         ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id,
@@ -9229,9 +9558,74 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 #endif /* HAVE_PKCS12 */
 #endif /* NO_PWDBASED */
 
-#ifndef NO_RSA
+/* Block padding used for PKCS#5, PKCS#7, PKCS#8 and PKCS#12.
+ *
+ * The length of padding is the value of each padding byte.
+ *
+ * When buf is NULL, the padded size is returned.
+ *
+ * @param [in, out] buf      Buffer of data to be padded. May be NULL.
+ * @param [in]      sz       Size of data in bytes.
+ * @param [in]      blockSz  Size of block, in bytes, which buffer size must be
+ *                           a multiple of. Assumed to be less than 256 and
+ *                           a power of 2.
+ * @return  Size of padded buffer in bytes.
+ */
+word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz)
+{
+    /* Calculate number of padding bytes. */
+    word32 padSz = blockSz - (sz & (blockSz - 1));
+
+    /* Pad with padSz byte. */
+    if (buf != NULL) {
+        word32 i;
+        for (i = 0; i < padSz; i++) {
+            buf[sz+i] = (byte)(padSz & 0xFF);
+        }
+    }
+
+    /* Return padded buffer size in bytes. */
+    return sz + padSz;
+}
+
+#ifndef NO_RSA
+#ifdef WOLFSSL_ASN_TEMPLATE
+/* ASN.1 template for an RSA public key.
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
+ * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
+ */
+static const ASNItem rsaPublicKeyASN[] = {
+/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
+                                                  /* RSAPublicKey */
+/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
+/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
+/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
+};
+enum {
+    RSAPUBLICKEYASN_IDX_SEQ = 0,
+    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
+    RSAPUBLICKEYASN_IDX_ALGOID_OID,
+    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
+#ifdef WC_RSA_PSS
+    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
+#endif
+    RSAPUBLICKEYASN_IDX_PUBKEY,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
+};
+
+/* Number of items in ASN.1 template for an RSA public key. */
+#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
+#endif
 
-#ifndef HAVE_USER_RSA
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 /* This function is to retrieve key position information in a cert.*
  * The information will be used to call TSIP TLS-linked API for    *
@@ -9241,9 +9635,10 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
                                       word32* key_n_len, word32* key_e,
                                       word32* key_e_len)
 {
-
+#ifndef WOLFSSL_ASN_TEMPLATE
     int ret = 0;
     int length = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
     byte b;
 #endif
@@ -9306,48 +9701,31 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
     }
     if (key_e_len)
         *key_e_len = length;
-
     return ret;
+#else
+    int ret = 0;
+    const byte*  n   = NULL;
+    const byte*  e   = NULL; /* pointer to modulus/exponent */
+    word32 rawIndex = 0;
+
+    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, (word32)inSz,
+                                                &n, key_n_len, &e, key_e_len);
+    if (ret == 0) {
+        /* convert pointer to offset */
+        if (key_n != NULL) {
+            rawIndex = n - input;
+            *key_n += rawIndex;
+        }
+        if (key_e != NULL) {
+            rawIndex = e - input;
+            *key_e += rawIndex;
+        }
+    }
+    return ret;
+#endif
+
 }
 #endif /* WOLFSSL_RENESAS_TSIP */
-
-#ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN.1 template for an RSA public key.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- */
-static const ASNItem rsaPublicKeyASN[] = {
-/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
-/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
-#ifdef WC_RSA_PSS
-/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
-#endif
-/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
-                                                  /* RSAPublicKey */
-/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
-/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
-/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
-};
-enum {
-    RSAPUBLICKEYASN_IDX_SEQ = 0,
-    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
-    RSAPUBLICKEYASN_IDX_ALGOID_OID,
-    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
-#ifdef WC_RSA_PSS
-    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
-#endif
-    RSAPUBLICKEYASN_IDX_PUBKEY,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
-};
-
-/* Number of items in ASN.1 template for an RSA public key. */
-#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
-#endif
-
 /* Decode RSA public key.
  *
  * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
@@ -9583,7 +9961,6 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
 
     return ret;
 }
-#endif /* HAVE_USER_RSA */
 #endif /* !NO_RSA */
 
 #ifndef NO_DH
@@ -9779,7 +10156,7 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
     #if !defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
     /* If ASN_DH_KEY_E: Check if input started at beginning of key */
-    if (ret == ASN_DH_KEY_E) {
+    if (ret == WC_NO_ERR_TRACE(ASN_DH_KEY_E)) {
         *inOutIdx = temp;
 
         /* the version (0) - private only (for public skip) */
@@ -9940,7 +10317,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     /* DH Parameters sequence with P and G */
     total = 0;
     ret = wc_DhParamsToDer(key, NULL, &total);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return ret;
     idx += total;
 
@@ -9960,7 +10337,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     /* if no output, then just getting size */
     if (output == NULL) {
         *outSz = total;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* make sure output fits in buffer */
@@ -10035,7 +10412,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz);
     if (output == NULL) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && ((int)*outSz < sz)) {
@@ -10099,7 +10476,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
 
     if (output == NULL) {
         *outSz = idx;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* make sure output fits in buffer */
     if (idx > *outSz) {
@@ -10147,7 +10524,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
     }
     if ((ret == 0) && (output == NULL)) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && (*outSz < (word32)sz)) {
@@ -10589,7 +10966,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
         }
     }
     /* An alternate pass if default certificate fails parsing */
-    if (ret == ASN_PARSE_E) {
+    if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         *inOutIdx = (word32)temp;
         if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
             return ASN_PARSE_E;
@@ -10998,7 +11375,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     *inLen = outLen;
     if (output == NULL) {
         FreeTmpDsas(tmps, key->heap, ints);
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (outLen > *inLen) {
         FreeTmpDsas(tmps, key->heap, ints);
@@ -11060,7 +11437,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     }
     if ((ret == 0) && (output == NULL)) {
         *inLen = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && (sz > (int)*inLen)) {
@@ -11111,8 +11488,8 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen)
 }
 
 /* This version of the function allows output to be NULL. In that case, the
-   DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer
-   size will be pointed to by inLen. */
+   DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required
+   output buffer size will be pointed to by inLen. */
 int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
 {
     if (!key || !inLen)
@@ -11207,10 +11584,10 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
         DNS_entry* tmp = altNames->next;
 
         XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+    #ifdef WOLFSSL_IP_ALT_NAME
         XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
     #endif
-    #if defined(OPENSSL_ALL)
+    #ifdef WOLFSSL_RID_ALT_NAME
         XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
     #endif
         XFREE(altNames,       heap, DYNAMIC_TYPE_ALTNAME);
@@ -11230,6 +11607,47 @@ DNS_entry* AltNameNew(void* heap)
     return ret;
 }
 
+DNS_entry* AltNameDup(DNS_entry* from, void* heap)
+{
+    DNS_entry* ret;
+
+    ret = AltNameNew(heap);
+    if (ret == NULL) {
+        WOLFSSL_MSG("\tOut of Memory");
+        return NULL;
+    }
+
+    ret->type = from->type;
+    ret->len = from->len;
+
+
+    ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME);
+#ifdef WOLFSSL_IP_ALT_NAME
+    ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME);
+#endif
+#ifdef WOLFSSL_RID_ALT_NAME
+    ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME);
+#endif
+    if (ret->name == NULL
+#ifdef WOLFSSL_IP_ALT_NAME
+            || (from->ipString != NULL && ret->ipString == NULL)
+#endif
+#ifdef WOLFSSL_RID_ALT_NAME
+            || (from->ridString != NULL && ret->ridString == NULL)
+#endif
+            ) {
+        WOLFSSL_MSG("\tOut of Memory");
+        FreeAltNames(ret, heap);
+        return NULL;
+    }
+
+#ifdef WOLFSSL_FPKI
+    ret->oidSum = from->oidSum;
+#endif
+
+    return ret;
+}
+
 
 #ifndef IGNORE_NAME_CONSTRAINTS
 
@@ -11293,8 +11711,7 @@ void FreeDecodedCert(DecodedCert* cert)
         wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName);
 #endif /* WOLFSSL_X509_NAME_AVAILABLE */
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
-    if (cert->sce_tsip_encRsaKeyIdx != NULL)
-        XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA);
+    XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA);
 #endif
     FreeSignatureCtx(&cert->sigCtx);
 }
@@ -11327,16 +11744,18 @@ static int GetCertHeader(DecodedCert* cert)
                                                             cert->sigIndex) < 0)
         return ASN_PARSE_E;
 
-    if (wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial,
-                                           &cert->serialSz, cert->sigIndex) < 0)
-        return ASN_PARSE_E;
+    ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial,
+        &cert->serialSz, cert->sigIndex);
+    if (ret < 0) {
+        return ret;
+    }
 
     return ret;
 }
 #endif
 
-#if defined(HAVE_ED25519) || defined(HAVE_ED448) || (defined(HAVE_PQC) && \
-    defined(HAVE_LIBOQS))
+#if defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \
+    defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
 /* Store the key data under the BIT_STRING in dynamically allocated data.
  *
  * @param [in, out] cert    Certificate object.
@@ -11566,8 +11985,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
     if (ret == 0) {
         /* Calculate the size of the encoded public point. */
         PRIVATE_KEY_UNLOCK();
-    #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && \
-            defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
+    #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
         /* in earlier versions of FIPS the get length functionality is not
          * available with compressed keys */
         pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES;
@@ -11575,13 +11993,13 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
             pubSz = 1 + pubSz;
         else
             pubSz = 1 + 2 * pubSz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     #else
         ret = wc_ecc_export_x963_ex(key, NULL, &pubSz, comp);
     #endif
         PRIVATE_KEY_LOCK();
         /* LENGTH_ONLY_E on success. */
-        if (ret == LENGTH_ONLY_E) {
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             ret = 0;
         }
     }
@@ -11695,34 +12113,38 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve)
 
 #ifdef WOLFSSL_ASN_TEMPLATE
 #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT)
-/* ASN.1 template for Ed25519 and Ed448 public key (SubkectPublicKeyInfo).
+/* ASN.1 template for the SubjectPublicKeyInfo of a general asymmetric key.
+ * Used with Ed448/Ed25519, Curve448/Curve25519, SPHINCS+, falcon, dilithium,
+ * etc.
+ *
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
  * RFC 8410, 4 - Subject Public Key Fields
  */
-static const ASNItem edPubKeyASN[] = {
+static const ASNItem publicKeyASN[] = {
             /* SubjectPublicKeyInfo */
 /* SEQ        */ { 0, ASN_SEQUENCE, 1, 1, 0 },
                                      /* AlgorithmIdentifier */
 /* ALGOID_SEQ */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-                                         /* Ed25519/Ed448 OID */
+                                         /* Ed25519/Ed448 OID, etc. */
 /* ALGOID_OID */         { 2, ASN_OBJECT_ID, 0, 0, 1 },
                                      /* Public key stream */
 /* PUBKEY     */     { 1, ASN_BIT_STRING, 0, 0, 0 },
 };
 enum {
-    EDPUBKEYASN_IDX_SEQ = 0,
-    EDPUBKEYASN_IDX_ALGOID_SEQ,
-    EDPUBKEYASN_IDX_ALGOID_OID,
-    EDPUBKEYASN_IDX_PUBKEY
+    PUBKEYASN_IDX_SEQ = 0,
+    PUBKEYASN_IDX_ALGOID_SEQ,
+    PUBKEYASN_IDX_ALGOID_OID,
+    PUBKEYASN_IDX_PUBKEY
 };
 
-/* Number of items in ASN.1 template for Ed25519 and Ed448 public key. */
-#define edPubKeyASN_Length (sizeof(edPubKeyASN) / sizeof(ASNItem))
+/* Number of items in ASN.1 template for public key SubjectPublicKeyInfo. */
+#define publicKeyASN_Length (sizeof(publicKeyASN) / sizeof(ASNItem))
 #endif /* WC_ENABLE_ASYM_KEY_EXPORT || WC_ENABLE_ASYM_KEY_IMPORT */
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WC_ENABLE_ASYM_KEY_EXPORT
 
-/* Build ASN.1 formatted public key based on RFC 8410
+/* Build ASN.1 formatted public key based on RFC 5280 and RFC 8410
  *
  * Pass NULL for output to get the size of the encoding.
  *
@@ -11746,12 +12168,16 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     word32 sz;
 #else
     int sz = 0;
-    DECL_ASNSETDATA(dataASN, edPubKeyASN_Length);
+    DECL_ASNSETDATA(dataASN, publicKeyASN_Length);
 #endif
 
-    if (pubKey == NULL) {
+    /* validate parameters */
+    if (pubKey == NULL){
         return BAD_FUNC_ARG;
     }
+    if (output != NULL && outLen == 0) {
+        return BUFFER_E;
+    }
 
 #ifndef WOLFSSL_ASN_TEMPLATE
     /* calculate size */
@@ -11794,25 +12220,26 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     }
 #else
     if (withHeader) {
-        CALLOC_ASNSETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
+        CALLOC_ASNSETDATA(dataASN, publicKeyASN_Length, ret, NULL);
 
         if (ret == 0) {
             /* Set the OID. */
-            SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
+            SetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
                     oidKeyType);
             /* Leave space for public point. */
-            SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
+            SetASN_Buffer(&dataASN[PUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
             /* Calculate size of public key encoding. */
-            ret = SizeASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, &sz);
+            ret = SizeASN_Items(publicKeyASN, dataASN, publicKeyASN_Length,
+                                &sz);
         }
         if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) {
             ret = BUFFER_E;
         }
         if ((ret == 0) && (output != NULL)) {
             /* Encode public key. */
-            SetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, output);
+            SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output);
             /* Set location to encode public point. */
-            output = (byte*)dataASN[EDPUBKEYASN_IDX_PUBKEY].data.buffer.data;
+            output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data;
         }
 
         FREE_ASNSETDATA(dataASN, NULL);
@@ -12409,7 +12836,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
             ret = StoreKey(cert, source, &srcIdx, maxIdx);
             break;
     #endif /* HAVE_ED448 */
-    #if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
     #ifdef HAVE_FALCON
         case FALCON_LEVEL1k:
             cert->pkCurveOID = FALCON_LEVEL1k;
@@ -12421,16 +12847,15 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
             break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
-            cert->pkCurveOID = DILITHIUM_LEVEL2k;
-            ret = StoreKey(cert, source, &srcIdx, maxIdx);
-            break;
         case DILITHIUM_LEVEL3k:
-            cert->pkCurveOID = DILITHIUM_LEVEL3k;
-            ret = StoreKey(cert, source, &srcIdx, maxIdx);
-            break;
         case DILITHIUM_LEVEL5k:
-            cert->pkCurveOID = DILITHIUM_LEVEL5k;
+        #endif
+        case ML_DSA_LEVEL2k:
+        case ML_DSA_LEVEL3k:
+        case ML_DSA_LEVEL5k:
+            cert->pkCurveOID = cert->keyOID;
             ret = StoreKey(cert, source, &srcIdx, maxIdx);
             break;
     #endif /* HAVE_DILITHIUM */
@@ -12460,7 +12885,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
             ret = StoreKey(cert, source, &srcIdx, maxIdx);
             break;
     #endif /* HAVE_SPHINCS */
-    #endif /* HAVE_PQC */
     #ifndef NO_DSA
         case DSAk:
             cert->publicKey = source + pubIdx;
@@ -12638,6 +13062,17 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
     (((id) - 3) >= 0 && ((id) - 3) < certNameSubjectSz && \
             (certNameSubject[(id) - 3].strLen > 0))
 
+/* Set the string for a name component into the issuer name. */
+#define SetCertNameIssuer(cert, id, val) \
+    *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val)
+/* Set the string length for a name component into the issuer name. */
+#define SetCertNameIssuerLen(cert, id, val) \
+    *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val)
+/* Set the encoding for a name component into the issuer name. */
+#define SetCertNameIssuerEnc(cert, id, val) \
+    *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].encI)) = (val)
+
+
 /* Mapping of certificate name component to useful information. */
 typedef struct CertNameData {
     /* Type string of name component. */
@@ -12651,6 +13086,14 @@ typedef struct CertNameData {
     size_t      len;
     /* Offset of encoding in subject name component. */
     size_t      enc;
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+    /* Offset of data in subject name component. */
+    size_t      dataI;
+    /* Offset of length in subject name component. */
+    size_t      lenI;
+    /* Offset of encoding in subject name component. */
+    size_t      encI;
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
     /* NID of type for subject name component. */
@@ -12664,108 +13107,153 @@ static const CertNameData certNameSubject[] = {
     {
         "/CN=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectCN),
-        OFFSETOF(DecodedCert, subjectCNLen),
-        OFFSETOF(DecodedCert, subjectCNEnc),
+        WC_OFFSETOF(DecodedCert, subjectCN),
+        WC_OFFSETOF(DecodedCert, subjectCNLen),
+        WC_OFFSETOF(DecodedCert, subjectCNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerCN),
+        WC_OFFSETOF(DecodedCert, issuerCNLen),
+        WC_OFFSETOF(DecodedCert, issuerCNEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_commonName
+        WC_NID_commonName
 #endif
     },
     /* Surname */
     {
         "/SN=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectSN),
-        OFFSETOF(DecodedCert, subjectSNLen),
-        OFFSETOF(DecodedCert, subjectSNEnc),
+        WC_OFFSETOF(DecodedCert, subjectSN),
+        WC_OFFSETOF(DecodedCert, subjectSNLen),
+        WC_OFFSETOF(DecodedCert, subjectSNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerSN),
+        WC_OFFSETOF(DecodedCert, issuerSNLen),
+        WC_OFFSETOF(DecodedCert, issuerSNEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_surname
+        WC_NID_surname
 #endif
     },
     /* Serial Number */
     {
         "/serialNumber=", 14,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectSND),
-        OFFSETOF(DecodedCert, subjectSNDLen),
-        OFFSETOF(DecodedCert, subjectSNDEnc),
+        WC_OFFSETOF(DecodedCert, subjectSND),
+        WC_OFFSETOF(DecodedCert, subjectSNDLen),
+        WC_OFFSETOF(DecodedCert, subjectSNDEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerSND),
+        WC_OFFSETOF(DecodedCert, issuerSNDLen),
+        WC_OFFSETOF(DecodedCert, issuerSNDEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_serialNumber
+        WC_NID_serialNumber
 #endif
     },
     /* Country Name */
     {
         "/C=", 3,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectC),
-        OFFSETOF(DecodedCert, subjectCLen),
-        OFFSETOF(DecodedCert, subjectCEnc),
+        WC_OFFSETOF(DecodedCert, subjectC),
+        WC_OFFSETOF(DecodedCert, subjectCLen),
+        WC_OFFSETOF(DecodedCert, subjectCEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerC),
+        WC_OFFSETOF(DecodedCert, issuerCLen),
+        WC_OFFSETOF(DecodedCert, issuerCEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_countryName
+        WC_NID_countryName
 #endif
     },
     /* Locality Name */
     {
         "/L=", 3,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectL),
-        OFFSETOF(DecodedCert, subjectLLen),
-        OFFSETOF(DecodedCert, subjectLEnc),
+        WC_OFFSETOF(DecodedCert, subjectL),
+        WC_OFFSETOF(DecodedCert, subjectLLen),
+        WC_OFFSETOF(DecodedCert, subjectLEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerL),
+        WC_OFFSETOF(DecodedCert, issuerLLen),
+        WC_OFFSETOF(DecodedCert, issuerLEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_localityName
+        WC_NID_localityName
 #endif
     },
     /* State Name */
     {
         "/ST=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectST),
-        OFFSETOF(DecodedCert, subjectSTLen),
-        OFFSETOF(DecodedCert, subjectSTEnc),
+        WC_OFFSETOF(DecodedCert, subjectST),
+        WC_OFFSETOF(DecodedCert, subjectSTLen),
+        WC_OFFSETOF(DecodedCert, subjectSTEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerST),
+        WC_OFFSETOF(DecodedCert, issuerSTLen),
+        WC_OFFSETOF(DecodedCert, issuerSTEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_stateOrProvinceName
+        WC_NID_stateOrProvinceName
 #endif
     },
     /* Street Address */
     {
         "/street=", 8,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectStreet),
-        OFFSETOF(DecodedCert, subjectStreetLen),
-        OFFSETOF(DecodedCert, subjectStreetEnc),
+        WC_OFFSETOF(DecodedCert, subjectStreet),
+        WC_OFFSETOF(DecodedCert, subjectStreetLen),
+        WC_OFFSETOF(DecodedCert, subjectStreetEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_streetAddress
+        WC_NID_streetAddress
 #endif
     },
     /* Organization Name */
     {
         "/O=", 3,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectO),
-        OFFSETOF(DecodedCert, subjectOLen),
-        OFFSETOF(DecodedCert, subjectOEnc),
+        WC_OFFSETOF(DecodedCert, subjectO),
+        WC_OFFSETOF(DecodedCert, subjectOLen),
+        WC_OFFSETOF(DecodedCert, subjectOEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerO),
+        WC_OFFSETOF(DecodedCert, issuerOLen),
+        WC_OFFSETOF(DecodedCert, issuerOEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_organizationName
+        WC_NID_organizationName
 #endif
     },
     /* Organization Unit Name */
     {
         "/OU=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectOU),
-        OFFSETOF(DecodedCert, subjectOULen),
-        OFFSETOF(DecodedCert, subjectOUEnc),
+        WC_OFFSETOF(DecodedCert, subjectOU),
+        WC_OFFSETOF(DecodedCert, subjectOULen),
+        WC_OFFSETOF(DecodedCert, subjectOUEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        WC_OFFSETOF(DecodedCert, issuerOU),
+        WC_OFFSETOF(DecodedCert, issuerOULen),
+        WC_OFFSETOF(DecodedCert, issuerOUEnc),
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_organizationalUnitName
+        WC_NID_organizationalUnitName
 #endif
     },
     /* Title */
@@ -12775,6 +13263,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12787,6 +13280,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12799,6 +13297,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12808,12 +13311,17 @@ static const CertNameData certNameSubject[] = {
     {
         "/businessCategory=", 18,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectBC),
-        OFFSETOF(DecodedCert, subjectBCLen),
-        OFFSETOF(DecodedCert, subjectBCEnc),
+        WC_OFFSETOF(DecodedCert, subjectBC),
+        WC_OFFSETOF(DecodedCert, subjectBCLen),
+        WC_OFFSETOF(DecodedCert, subjectBCEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_businessCategory
+        WC_NID_businessCategory
 #endif
     },
     /* Undefined */
@@ -12823,6 +13331,11 @@ static const CertNameData certNameSubject[] = {
         0,
         0,
         0,
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         0,
@@ -12832,24 +13345,34 @@ static const CertNameData certNameSubject[] = {
     {
         "/postalCode=", 12,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectPC),
-        OFFSETOF(DecodedCert, subjectPCLen),
-        OFFSETOF(DecodedCert, subjectPCEnc),
+        WC_OFFSETOF(DecodedCert, subjectPC),
+        WC_OFFSETOF(DecodedCert, subjectPCLen),
+        WC_OFFSETOF(DecodedCert, subjectPCEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_postalCode
+        WC_NID_postalCode
 #endif
     },
     /* User Id */
     {
         "/userid=", 8,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectUID),
-        OFFSETOF(DecodedCert, subjectUIDLen),
-        OFFSETOF(DecodedCert, subjectUIDEnc),
+        WC_OFFSETOF(DecodedCert, subjectUID),
+        WC_OFFSETOF(DecodedCert, subjectUIDLen),
+        WC_OFFSETOF(DecodedCert, subjectUIDEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_userId
+        WC_NID_userId
 #endif
     },
 #ifdef WOLFSSL_CERT_NAME_ALL
@@ -12857,48 +13380,68 @@ static const CertNameData certNameSubject[] = {
     {
         "/N=", 3,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectN),
-        OFFSETOF(DecodedCert, subjectNLen),
-        OFFSETOF(DecodedCert, subjectNEnc),
+        WC_OFFSETOF(DecodedCert, subjectN),
+        WC_OFFSETOF(DecodedCert, subjectNLen),
+        WC_OFFSETOF(DecodedCert, subjectNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_name
+        WC_NID_name
     #endif
     },
     /* Given Name, id 42 */
     {
         "/GN=", 4,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectGN),
-        OFFSETOF(DecodedCert, subjectGNLen),
-        OFFSETOF(DecodedCert, subjectGNEnc),
+        WC_OFFSETOF(DecodedCert, subjectGN),
+        WC_OFFSETOF(DecodedCert, subjectGNLen),
+        WC_OFFSETOF(DecodedCert, subjectGNEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_givenName
+        WC_NID_givenName
     #endif
     },
     /* initials, id 43 */
     {
         "/initials=", 10,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectI),
-        OFFSETOF(DecodedCert, subjectILen),
-        OFFSETOF(DecodedCert, subjectIEnc),
+        WC_OFFSETOF(DecodedCert, subjectI),
+        WC_OFFSETOF(DecodedCert, subjectILen),
+        WC_OFFSETOF(DecodedCert, subjectIEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_initials
+        WC_NID_initials
     #endif
     },
     /* DN Qualifier Name, id 46 */
     {
         "/dnQualifier=", 13,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectDNQ),
-        OFFSETOF(DecodedCert, subjectDNQLen),
-        OFFSETOF(DecodedCert, subjectDNQEnc),
+        WC_OFFSETOF(DecodedCert, subjectDNQ),
+        WC_OFFSETOF(DecodedCert, subjectDNQLen),
+        WC_OFFSETOF(DecodedCert, subjectDNQEnc),
+#ifdef WOLFSSL_HAVE_ISSUER_NAMES
+        0,
+        0,
+        0,
+#endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_dnQualifier
+        WC_NID_dnQualifier
     #endif
     },
 #endif /* WOLFSSL_CERT_NAME_ALL */
@@ -12907,6 +13450,7 @@ static const CertNameData certNameSubject[] = {
 static const int certNameSubjectSz =
         (int) (sizeof(certNameSubject) / sizeof(CertNameData));
 
+
 /* ASN.1 template for an RDN.
  * X.509: RFC 5280, 4.1.2.4 - RelativeDistinguishedName
  */
@@ -12939,7 +13483,7 @@ static const byte rdnChoice[] = {
 };
 #endif
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
 /* used to set the human readable string for the IP address with a ASN_IP_TYPE
  * DNS entry
  * return 0 on success
@@ -12947,8 +13491,8 @@ static const byte rdnChoice[] = {
 static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 {
     int ret = 0;
-    size_t nameSz;
-    char tmpName[WOLFSSL_MAX_IPSTR] = {0};
+    size_t nameSz = 0;
+    char tmpName[WOLFSSL_MAX_IPSTR];
     unsigned char* ip;
 
     if (entry == NULL || entry->type != ASN_IP_TYPE) {
@@ -12962,6 +13506,8 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
     }
     ip = (unsigned char*)entry->name;
 
+    XMEMSET(tmpName, 0, sizeof(tmpName));
+
     /* store IP addresses as a string */
     if (entry->len == WOLFSSL_IP4_ADDR_LEN) {
         if (XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFFU & ip[0],
@@ -13003,9 +13549,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 
     return ret;
 }
-#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+#endif /* WOLFSSL_IP_ALT_NAME */
 
-#if defined(OPENSSL_ALL)
+#ifdef WOLFSSL_RID_ALT_NAME
 /* used to set the human readable string for the registeredID with an
  * ASN_RID_TYPE DNS entry
  * return 0 on success
@@ -13013,14 +13559,16 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
 {
     int i, j, ret   = 0;
-    int nameSz      = 0;
+    word16 nameSz   = 0;
+#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     int nid         = 0;
+#endif
     int tmpSize     = MAX_OID_SZ;
     word32 oid      = 0;
     word32 idx      = 0;
     word16 tmpName[MAX_OID_SZ];
     char   oidName[MAX_OID_SZ];
-    char*  finalName;
+    char*  finalName = NULL;
 
     if (entry == NULL || entry->type != ASN_RID_TYPE) {
         return BAD_FUNC_ARG;
@@ -13034,47 +13582,56 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
 
     ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType,
                  entry->len);
+    if (ret == 0) {
+    #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
+        if ((nid = oid2nid(oid, oidCsrAttrType)) > 0) {
+            /* OID has known string value */
+            finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
+        }
+        else
+    #endif
+        {
+            /* Decode OBJECT_ID into dotted form array. */
+            ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
+                    tmpName, (word32*)&tmpSize);
 
-    if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) {
-        /* OID has known string value */
-        finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
-    }
-    else {
-        /* Decode OBJECT_ID into dotted form array. */
-        ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
-                tmpName, (word32*)&tmpSize);
+            if (ret == 0) {
+                j = 0;
+                /* Append each number of dotted form. */
+                for (i = 0; i < tmpSize; i++) {
+                    if (j >= MAX_OID_SZ) {
+                        return BUFFER_E;
+                    }
 
-        if (ret == 0) {
-            j = 0;
-            /* Append each number of dotted form. */
-            for (i = 0; i < tmpSize; i++) {
-                if (j >= MAX_OID_SZ) {
-                    return BUFFER_E;
-                }
+                    if (i < tmpSize - 1) {
+                        ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j),
+                            "%d.", tmpName[i]);
+                    }
+                    else {
+                        ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j),
+                            "%d", tmpName[i]);
+                    }
 
-                if (i < tmpSize - 1) {
-                    ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]);
-                }
-                else {
-                    ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]);
-                }
-
-                if (ret >= 0) {
-                    j += ret;
-                }
-                else {
-                    return BUFFER_E;
+                    if (ret >= 0) {
+                        j += ret;
+                    }
+                    else {
+                        return BUFFER_E;
+                    }
                 }
+                ret = 0;
+                finalName = oidName;
             }
-            ret = 0;
-            finalName = oidName;
         }
     }
 
     if (ret == 0) {
-        nameSz = (int)XSTRLEN((const char*)finalName);
+        nameSz = (word16)XSTRLEN((const char*)finalName);
+        if (nameSz > MAX_OID_SZ) {
+            return BUFFER_E;
+        }
 
-        entry->ridString = (char*)XMALLOC(nameSz + 1, heap,
+        entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap,
                 DYNAMIC_TYPE_ALTNAME);
 
         if (entry->ridString == NULL) {
@@ -13082,13 +13639,13 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
         }
 
         if (ret == 0) {
-            XMEMCPY(entry->ridString, finalName, nameSz + 1);
+            XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1));
         }
     }
 
     return ret;
 }
-#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */
+#endif /* WOLFSSL_RID_ALT_NAME */
 
 #ifdef WOLFSSL_ASN_TEMPLATE
 
@@ -13129,7 +13686,7 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
 
 /* Allocate a DNS entry and set the fields.
  *
- * @param [in]      cert     Certificate object.
+ * @param [in]      heap     Heap hint.
  * @param [in]      str      DNS name string.
  * @param [in]      strLen   Length of DNS name string.
  * @param [in]      type     Type of DNS name string.
@@ -13137,27 +13694,23 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
  * @return  0 on success.
  * @return  MEMORY_E when dynamic memory allocation fails.
  */
-static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
+static int SetDNSEntry(void* heap, const char* str, int strLen,
                        int type, DNS_entry** entries)
 {
     DNS_entry* dnsEntry;
     int ret = 0;
 
-    /* Only used for heap. */
-    (void)cert;
-
     /* TODO: consider one malloc. */
     /* Allocate DNS Entry object. */
-    dnsEntry = AltNameNew(cert->heap);
+    dnsEntry = AltNameNew(heap);
     if (dnsEntry == NULL) {
         ret = MEMORY_E;
     }
     if (ret == 0) {
         /* Allocate DNS Entry name - length of string plus 1 for NUL. */
-        dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
+        dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, heap,
                                                           DYNAMIC_TYPE_ALTNAME);
         if (dnsEntry->name == NULL) {
-            XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
             ret = MEMORY_E;
         }
     }
@@ -13168,29 +13721,27 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
         XMEMCPY(dnsEntry->name, str, (size_t)strLen);
         dnsEntry->name[strLen] = '\0';
 
-#if defined(OPENSSL_ALL)
+#ifdef WOLFSSL_RID_ALT_NAME
         /* store registeredID as a string */
-        if (type == ASN_RID_TYPE) {
-            if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) {
-                XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
-                XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
-            }
-        }
+        if (type == ASN_RID_TYPE)
+            ret = GenerateDNSEntryRIDString(dnsEntry, heap);
 #endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
-        /* store IP addresses as a string */
-        if (type == ASN_IP_TYPE) {
-            if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) {
-                XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
-                XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
-            }
-        }
     }
-    if (ret == 0) {
+#ifdef WOLFSSL_IP_ALT_NAME
+    /* store IP addresses as a string */
+    if (ret == 0 && type == ASN_IP_TYPE)
+        ret = GenerateDNSEntryIPString(dnsEntry, heap);
 #endif
+    if (ret == 0) {
         ret = AddDNSEntryToList(entries, dnsEntry);
     }
 
+    /* failure cleanup */
+    if (ret != 0 && dnsEntry != NULL) {
+        XFREE(dnsEntry->name, heap, DYNAMIC_TYPE_ALTNAME);
+        XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME);
+    }
+
     return ret;
 }
 #endif
@@ -13247,6 +13798,43 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
     return ret;
 }
 
+#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
+    defined(WOLFSSL_HAVE_ISSUER_NAMES)
+/* Set the details of an issuer name component into a certificate.
+ *
+ * @param [in, out] cert    Certificate object.
+ * @param [in]      id      Id of component.
+ * @param [in]      str     String for component.
+ * @param [in]      strLen  Length of string.
+ * @param [in]      tag     BER tag representing encoding of string.
+ * @return  0 on success, negative values on failure.
+ */
+static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen,
+                      byte tag)
+{
+    int ret = 0;
+
+    /* Put string and encoding into certificate. */
+    if (id == ASN_COMMON_NAME) {
+        cert->issuerCN = (char *)str;
+        cert->issuerCNLen = (int)strLen;
+        cert->issuerCNEnc = (char)tag;
+    }
+    else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
+        /* Use table and offsets to put data into appropriate fields. */
+        SetCertNameIssuer(cert, id, (char*)str);
+        SetCertNameIssuerLen(cert, id, strLen);
+        SetCertNameIssuerEnc(cert, id, tag);
+    }
+    else if (id == ASN_EMAIL) {
+        cert->issuerEmail = (char*)str;
+        cert->issuerEmailLen = strLen;
+    }
+
+    return ret;
+}
+#endif
+
 /* Get a RelativeDistinguishedName from the encoding and put in certificate.
  *
  * @param [in, out] cert       Certificate object.
@@ -13293,7 +13881,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr =  WOLFSSL_EMAIL_ADDR;
         typeStrLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_emailAddress;
+        *nid = WC_NID_emailAddress;
     #endif
     }
     else if (oidSz == sizeof(uidOid) && XMEMCMP(oid, uidOid, oidSz) == 0) {
@@ -13302,7 +13890,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_USER_ID;
         typeStrLen = sizeof(WOLFSSL_USER_ID) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_userId;
+        *nid = WC_NID_userId;
     #endif
     }
     else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz) == 0) {
@@ -13311,7 +13899,16 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_DOMAIN_COMPONENT;
         typeStrLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_domainComponent;
+        *nid = WC_NID_domainComponent;
+    #endif
+    }
+    else if (oidSz == sizeof(rfc822Mlbx) && XMEMCMP(oid, rfc822Mlbx, oidSz) == 0) {
+        /* Set the RFC822 mailbox, type string, length and NID. */
+        id = ASN_RFC822_MAILBOX;
+        typeStr = WOLFSSL_RFC822_MAILBOX;
+        typeStrLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1;
+    #ifdef WOLFSSL_X509_NAME_AVAILABLE
+        *nid = WC_NID_rfc822Mailbox;
     #endif
     }
     else if (oidSz == sizeof(fvrtDrk) && XMEMCMP(oid, fvrtDrk, oidSz) == 0) {
@@ -13320,7 +13917,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_FAVOURITE_DRINK;
         typeStrLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_favouriteDrink;
+        *nid = WC_NID_favouriteDrink;
     #endif
     }
 #ifdef WOLFSSL_CERT_REQ
@@ -13331,7 +13928,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_CONTENT_TYPE;
         typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_pkcs9_contentType;
+        *nid = WC_NID_pkcs9_contentType;
     #endif
     }
 #endif
@@ -13351,14 +13948,14 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
             typeStr = WOLFSSL_JOI_C;
             typeStrLen = sizeof(WOLFSSL_JOI_C) - 1;
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
-            *nid = NID_jurisdictionCountryName;
+            *nid = WC_NID_jurisdictionCountryName;
         #endif /* WOLFSSL_X509_NAME_AVAILABLE */
         }
         else if (oid[ASN_JOI_PREFIX_SZ] == ASN_JOI_ST) {
             typeStr = WOLFSSL_JOI_ST;
             typeStrLen = sizeof(WOLFSSL_JOI_ST) - 1;
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
-            *nid = NID_jurisdictionStateOrProvinceName;
+            *nid = WC_NID_jurisdictionStateOrProvinceName;
         #endif /* WOLFSSL_X509_NAME_AVAILABLE */
         }
         else {
@@ -13379,6 +13976,13 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
             /* Store subject field components. */
             ret = SetSubject(cert, id, str, (int)strLen, tag);
         }
+    #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
+        defined(WOLFSSL_HAVE_ISSUER_NAMES)
+        /* Put issuer common name string and encoding into certificate. */
+        else {
+            ret = SetIssuer(cert, id, str, (int)strLen, tag);
+        }
+    #endif
         if (ret == 0) {
             /* Check there is space for this in the full name string and
              * terminating NUL character. */
@@ -13405,7 +14009,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
  * @param [in, out] cert      Decoded certificate object.
  * @param [out]     full      Buffer to hold full name as a string.
  * @param [out]     hash      Buffer to hold hash of name.
- * @param [in]      nameType  ISSUER or SUBJECT.
+ * @param [in]      nameType  ASN_ISSUER or ASN_SUBJECT.
  * @param [in]      input     Buffer holding certificate name.
  * @param [in, out] inOutIdx  On in, start of certificate name.
  *                            On out, start of ASN.1 item after cert name.
@@ -13460,13 +14064,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
 #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
     /* store pointer to raw issuer */
-    if (nameType == ISSUER) {
+    if (nameType == ASN_ISSUER) {
         cert->issuerRaw = &input[srcIdx];
         cert->issuerRawLen = length;
     }
 #endif
 #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
-    if (nameType == SUBJECT) {
+    if (nameType == ASN_SUBJECT) {
         cert->subjectRaw = &input[srcIdx];
         cert->subjectRawLen = length;
     }
@@ -13486,7 +14090,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
         byte        id      = 0;
     #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                 && !defined(WOLFCRYPT_ONLY)
-         int        nid = NID_undef;
+         int        nid = WC_NID_undef;
          int        enc;
     #endif /* OPENSSL_EXTRA */
 
@@ -13534,15 +14138,31 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 return ASN_PARSE_E;
             }
 
+        #ifndef WOLFSSL_NO_ASN_STRICT
+            /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being
+             * 1..MAX in length */
+            if (strLen < 1) {
+                WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
+                            " found");
+                WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow"
+                            " empty DirectoryString's");
+            #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
+            !defined(WOLFCRYPT_ONLY)
+                wolfSSL_X509_NAME_free(dName);
+            #endif /* OPENSSL_EXTRA */
+                return ASN_PARSE_E;
+            }
+        #endif
+
             if (id == ASN_COMMON_NAME) {
-                if (nameType == SUBJECT) {
+                if (nameType == ASN_SUBJECT) {
                     cert->subjectCN = (char *)&input[srcIdx];
                     cert->subjectCNLen = strLen;
                     cert->subjectCNEnc = (char)b;
                 }
             #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
                 defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                else if (nameType == ISSUER) {
+                else if (nameType == ASN_ISSUER) {
                     cert->issuerCN = (char*)&input[srcIdx];
                     cert->issuerCNLen = strLen;
                     cert->issuerCNEnc = (char)b;
@@ -13553,7 +14173,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
             #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                 && !defined(WOLFCRYPT_ONLY)
-                nid = NID_commonName;
+                nid = WC_NID_commonName;
             #endif /* OPENSSL_EXTRA */
             }
         #ifdef WOLFSSL_CERT_NAME_ALL
@@ -13561,7 +14181,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_NAME;
                 copyLen = sizeof(WOLFSSL_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectN = (char*)&input[srcIdx];
                         cert->subjectNLen = strLen;
                         cert->subjectNEnc = b;
@@ -13570,14 +14190,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_name;
+                    nid = WC_NID_name;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_INITIALS) {
                 copy = WOLFSSL_INITIALS;
                 copyLen = sizeof(WOLFSSL_INITIALS) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectI = (char*)&input[srcIdx];
                         cert->subjectILen = strLen;
                         cert->subjectIEnc = b;
@@ -13586,14 +14206,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_initials;
+                    nid = WC_NID_initials;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_GIVEN_NAME) {
                 copy = WOLFSSL_GIVEN_NAME;
                 copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectGN = (char*)&input[srcIdx];
                         cert->subjectGNLen = strLen;
                         cert->subjectGNEnc = b;
@@ -13602,14 +14222,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_givenName;
+                    nid = WC_NID_givenName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_DNQUALIFIER) {
                 copy = WOLFSSL_DNQUALIFIER;
                 copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectDNQ = (char*)&input[srcIdx];
                         cert->subjectDNQLen = strLen;
                         cert->subjectDNQEnc = b;
@@ -13618,7 +14238,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_dnQualifier;
+                    nid = WC_NID_dnQualifier;
                 #endif /* OPENSSL_EXTRA */
             }
         #endif /* WOLFSSL_CERT_NAME_ALL */
@@ -13626,13 +14246,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_SUR_NAME;
                 copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectSN = (char*)&input[srcIdx];
                         cert->subjectSNLen = strLen;
                         cert->subjectSNEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerSN = (char*)&input[srcIdx];
                         cert->issuerSNLen = strLen;
                         cert->issuerSNEnc = (char)b;
@@ -13642,20 +14262,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_surname;
+                    nid = WC_NID_surname;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_COUNTRY_NAME) {
                 copy = WOLFSSL_COUNTRY_NAME;
                 copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectC = (char*)&input[srcIdx];
                         cert->subjectCLen = strLen;
                         cert->subjectCEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerC = (char*)&input[srcIdx];
                         cert->issuerCLen = strLen;
                         cert->issuerCEnc = (char)b;
@@ -13665,20 +14285,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_countryName;
+                    nid = WC_NID_countryName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_LOCALITY_NAME) {
                 copy = WOLFSSL_LOCALITY_NAME;
                 copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectL = (char*)&input[srcIdx];
                         cert->subjectLLen = strLen;
                         cert->subjectLEnc = (char)b;
                     }
                     #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerL = (char*)&input[srcIdx];
                         cert->issuerLLen = strLen;
                         cert->issuerLEnc = (char)b;
@@ -13688,20 +14308,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_localityName;
+                    nid = WC_NID_localityName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_STATE_NAME) {
                 copy = WOLFSSL_STATE_NAME;
                 copyLen = sizeof(WOLFSSL_STATE_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectST = (char*)&input[srcIdx];
                         cert->subjectSTLen = strLen;
                         cert->subjectSTEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerST = (char*)&input[srcIdx];
                         cert->issuerSTLen = strLen;
                         cert->issuerSTEnc = (char)b;
@@ -13711,20 +14331,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_stateOrProvinceName;
+                    nid = WC_NID_stateOrProvinceName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_ORG_NAME) {
                 copy = WOLFSSL_ORG_NAME;
                 copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectO = (char*)&input[srcIdx];
                         cert->subjectOLen = strLen;
                         cert->subjectOEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerO = (char*)&input[srcIdx];
                         cert->issuerOLen = strLen;
                         cert->issuerOEnc = (char)b;
@@ -13734,20 +14354,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_organizationName;
+                    nid = WC_NID_organizationName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_ORGUNIT_NAME) {
                 copy = WOLFSSL_ORGUNIT_NAME;
                 copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectOU = (char*)&input[srcIdx];
                         cert->subjectOULen = strLen;
                         cert->subjectOUEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerOU = (char*)&input[srcIdx];
                         cert->issuerOULen = strLen;
                         cert->issuerOUEnc = (char)b;
@@ -13757,20 +14377,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_organizationalUnitName;
+                    nid = WC_NID_organizationalUnitName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_SERIAL_NUMBER) {
                 copy = WOLFSSL_SERIAL_NUMBER;
                 copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectSND = (char*)&input[srcIdx];
                         cert->subjectSNDLen = strLen;
                         cert->subjectSNDEnc = (char)b;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerSND = (char*)&input[srcIdx];
                         cert->issuerSNDLen = strLen;
                         cert->issuerSNDEnc = (char)b;
@@ -13780,14 +14400,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_serialNumber;
+                    nid = WC_NID_serialNumber;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_USER_ID) {
                 copy = WOLFSSL_USER_ID;
                 copyLen = sizeof(WOLFSSL_USER_ID) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectUID = (char*)&input[srcIdx];
                         cert->subjectUIDLen = strLen;
                         cert->subjectUIDEnc = (char)b;
@@ -13796,7 +14416,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_userId;
+                    nid = WC_NID_userId;
                 #endif /* OPENSSL_EXTRA */
             }
         #ifdef WOLFSSL_CERT_EXT
@@ -13804,7 +14424,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_STREET_ADDR_NAME;
                 copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectStreet = (char*)&input[srcIdx];
                         cert->subjectStreetLen = strLen;
                         cert->subjectStreetEnc = (char)b;
@@ -13813,14 +14433,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_streetAddress;
+                    nid = WC_NID_streetAddress;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_BUS_CAT) {
                 copy = WOLFSSL_BUS_CAT;
                 copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
             #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                if (nameType == SUBJECT) {
+                if (nameType == ASN_SUBJECT) {
                     cert->subjectBC = (char*)&input[srcIdx];
                     cert->subjectBCLen = strLen;
                     cert->subjectBCEnc = (char)b;
@@ -13828,14 +14448,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
             #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                nid = NID_businessCategory;
+                nid = WC_NID_businessCategory;
             #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_POSTAL_CODE) {
                 copy = WOLFSSL_POSTAL_NAME;
                 copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectPC = (char*)&input[srcIdx];
                         cert->subjectPCLen = strLen;
                         cert->subjectPCEnc = (char)b;
@@ -13844,7 +14464,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_postalCode;
+                    nid = WC_NID_postalCode;
                 #endif /* OPENSSL_EXTRA */
             }
         #endif /* WOLFSSL_CERT_EXT */
@@ -13874,7 +14494,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_JOI_C;
                 copyLen = sizeof(WOLFSSL_JOI_C) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectJC = (char*)&input[srcIdx];
                         cert->subjectJCLen = strLen;
                         cert->subjectJCEnc = (char)b;
@@ -13883,7 +14503,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_jurisdictionCountryName;
+                    nid = WC_NID_jurisdictionCountryName;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -13892,7 +14512,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copy = WOLFSSL_JOI_ST;
                 copyLen = sizeof(WOLFSSL_JOI_ST) - 1;
                 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectJS = (char*)&input[srcIdx];
                         cert->subjectJSLen = strLen;
                         cert->subjectJSEnc = (char)b;
@@ -13901,7 +14521,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_jurisdictionStateOrProvinceName;
+                    nid = WC_NID_jurisdictionStateOrProvinceName;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -13956,13 +14576,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
                 #if !defined(IGNORE_NAME_CONSTRAINTS) || \
                      defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-                    if (nameType == SUBJECT) {
+                    if (nameType == ASN_SUBJECT) {
                         cert->subjectEmail = (char*)&input[srcIdx];
                         cert->subjectEmailLen = strLen;
                     }
                 #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \
                     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
-                    else if (nameType == ISSUER) {
+                    else if (nameType == ASN_ISSUER) {
                         cert->issuerEmail = (char*)&input[srcIdx];
                         cert->issuerEmailLen = strLen;
                     }
@@ -13971,7 +14591,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_emailAddress;
+                    nid = WC_NID_emailAddress;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -13983,7 +14603,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_userId;
+                        nid = WC_NID_userId;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_DOMAIN_COMPONENT:
@@ -13992,7 +14612,16 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_domainComponent;
+                        nid = WC_NID_domainComponent;
+                    #endif /* OPENSSL_EXTRA */
+                        break;
+                    case ASN_RFC822_MAILBOX:
+                        copy = WOLFSSL_RFC822_MAILBOX;
+                        copyLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1;
+                    #if (defined(OPENSSL_EXTRA) || \
+                        defined(OPENSSL_EXTRA_X509_SMALL)) \
+                        && !defined(WOLFCRYPT_ONLY)
+                        nid = WC_NID_rfc822Mailbox;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_FAVOURITE_DRINK:
@@ -14001,7 +14630,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_favouriteDrink;
+                        nid = WC_NID_favouriteDrink;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_CONTENT_TYPE:
@@ -14010,7 +14639,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_pkcs9_contentType;
+                        nid = WC_NID_pkcs9_contentType;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     default:
@@ -14039,17 +14668,17 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             !defined(WOLFCRYPT_ONLY)
         switch (b) {
             case CTC_UTF8:
-                enc = MBSTRING_UTF8;
+                enc = WOLFSSL_MBSTRING_UTF8;
                 break;
             case CTC_PRINTABLE:
-                enc = V_ASN1_PRINTABLESTRING;
+                enc = WOLFSSL_V_ASN1_PRINTABLESTRING;
                 break;
             default:
                 WOLFSSL_MSG("Unknown encoding type, using UTF8 by default");
-                enc = MBSTRING_UTF8;
+                enc = WOLFSSL_MBSTRING_UTF8;
         }
 
-        if (nid != NID_undef) {
+        if (nid != WC_NID_undef) {
             if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc,
                             &input[srcIdx], strLen, -1, -1) !=
                             WOLFSSL_SUCCESS) {
@@ -14064,8 +14693,8 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
             !defined(WOLFCRYPT_ONLY)
-    if (nameType == ISSUER) {
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
+    if (nameType == ASN_ISSUER) {
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\
     (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
         dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
         XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
@@ -14088,7 +14717,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
     DECL_ASNGETDATA(dataASN, rdnASN_Length);
     int    ret = 0;
     word32 idx = 0;
-    int    len;
+    int    len = 0;
     word32 srcIdx = *inOutIdx;
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
     WOLFSSL_X509_NAME* dName = NULL;
@@ -14123,14 +14752,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
     if (ret == 0) {
     #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
         /* Store pointer and length to raw issuer. */
-        if (nameType == ISSUER) {
+        if (nameType == ASN_ISSUER) {
             cert->issuerRaw = &input[srcIdx];
             cert->issuerRawLen = len;
         }
     #endif
     #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
         /* Store pointer and length to raw subject. */
-        if (nameType == SUBJECT) {
+        if (nameType == ASN_SUBJECT) {
             cert->subjectRaw = &input[srcIdx];
             cert->subjectRawLen = len;
         }
@@ -14149,7 +14778,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                                &srcIdx, maxIdx);
             if (ret == 0) {
                 /* Put RDN data into certificate. */
-                ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT,
+                ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT,
                              dataASN);
             }
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
@@ -14164,17 +14793,29 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 /* Get string reference. */
                 GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen);
 
+            #ifndef WOLFSSL_NO_ASN_STRICT
+                /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being
+                 * 1..MAX in length */
+                if (ret == 0 && strLen < 1) {
+                    WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
+                                " found");
+                    WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow"
+                                " empty DirectoryString's");
+                    ret = ASN_PARSE_E;
+                }
+            #endif
+
                 /* Convert BER tag to a OpenSSL type. */
                 switch (tag) {
                     case CTC_UTF8:
-                        enc = MBSTRING_UTF8;
+                        enc = WOLFSSL_MBSTRING_UTF8;
                         break;
                     case CTC_PRINTABLE:
-                        enc = V_ASN1_PRINTABLESTRING;
+                        enc = WOLFSSL_V_ASN1_PRINTABLESTRING;
                         break;
                     default:
                         WOLFSSL_MSG("Unknown encoding type, default UTF8");
-                        enc = MBSTRING_UTF8;
+                        enc = WOLFSSL_MBSTRING_UTF8;
                 }
                 if (nid != 0) {
                     /* Add an entry to the X509_NAME. */
@@ -14195,7 +14836,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         /* Store X509_NAME in certificate. */
-        if (nameType == ISSUER) {
+        if (nameType == ASN_ISSUER) {
         #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
              defined(HAVE_LIGHTY)) && \
             (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
@@ -14245,7 +14886,7 @@ enum {
  * Either the issuer or subject name.
  *
  * @param [in, out] cert      Decoded certificate object.
- * @param [in]      nameType  Type of name being decoded: ISSUER or SUBJECT.
+ * @param [in]      nameType  Type being decoded: ASN_ISSUER or ASN_SUBJECT.
  * @param [in]      maxIdx    Index of next item after certificate name.
  * @return  0 on success.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -14266,7 +14907,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
 
     WOLFSSL_MSG("Getting Name");
 
-    if (nameType == ISSUER) {
+    if (nameType == ASN_ISSUER) {
         full = cert->issuer;
         hash = cert->issuerHash;
     }
@@ -14324,7 +14965,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
         cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset;
 
         /* Get fields to fill in based on name type. */
-        if (nameType == ISSUER) {
+        if (nameType == ASN_ISSUER) {
             full = cert->issuer;
             hash = cert->issuerHash;
         }
@@ -14381,18 +15022,23 @@ static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx)
 }
 #endif
 
+/* Extract certTime from date string parameter.
+ * Reminder: idx is incremented in each call to GetTime()
+ * Return 0 on failure, 1 for success.  */
 int ExtractDate(const unsigned char* date, unsigned char format,
-                                                  struct tm* certTime, int* idx)
+                struct tm* certTime, int* idx)
 {
     XMEMSET(certTime, 0, sizeof(struct tm));
 
+    /* Get the first two bytes of the year (century) */
     if (format == ASN_UTC_TIME) {
         if (btoi(date[*idx]) >= 5)
             certTime->tm_year = 1900;
         else
             certTime->tm_year = 2000;
     }
-    else  { /* format == GENERALIZED_TIME */
+    else {
+        /* format == GENERALIZED_TIME */
 #ifdef WOLFSSL_LINUXKM
         if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
 #else
@@ -14412,11 +15058,7 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     int tm_min  = certTime->tm_min;
     int tm_sec  = certTime->tm_sec;
 
-#ifdef WOLFSSL_LINUXKM
-    if (GetTime_Long(&tm_year, date, idx) != 0) return 0;
-#else
     if (GetTime(&tm_year, date, idx) != 0) return 0;
-#endif
     if (GetTime(&tm_mon , date, idx) != 0) return 0;
     if (GetTime(&tm_mday, date, idx) != 0) return 0;
     if (GetTime(&tm_hour, date, idx) != 0) return 0;
@@ -14430,28 +15072,30 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     certTime->tm_hour = tm_hour;
     certTime->tm_min  = tm_min;
     certTime->tm_sec  = tm_sec;
-#else
-    /* adjust tm_year, tm_mon */
-#ifdef WOLFSSL_LINUXKM
-    if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
-#else
-    if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
-#endif
+#else /* !AVR */
+    /* Get the next two bytes of the year. */
+    #ifdef WOLFSSL_LINUXKM
+        if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0;
+    #else
+        if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
+    #endif
     certTime->tm_year -= 1900;
+
+    /* The next fields are expected in specific order in [date] string: */
     if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0;
     certTime->tm_mon  -= 1;
     if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0;
     if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0;
     if (GetTime(&certTime->tm_min , date, idx) != 0) return 0;
     if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0;
-#endif
+
+#endif /* !AVR */
 
     return 1;
 }
 
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
-    defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_ASN_TIME_STRING
 int GetTimeString(byte* date, int format, char* buf, int len)
 {
     struct tm t;
@@ -14497,7 +15141,7 @@ int GetTimeString(byte* date, int format, char* buf, int len)
 
     return 1;
 }
-#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#endif /* WOLFSSL_ASN_TIME_STRING */
 
 /* Check time struct for valid values. Returns 0 for success */
 static int ValidateGmtime(struct tm* inTime)
@@ -14613,19 +15257,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len)
         hour = ts->tm_hour;
         mini = ts->tm_min;
         sec  = ts->tm_sec;
-    #if defined(WOLF_C89)
         if (len < ASN_UTC_TIME_SIZE) {
             WOLFSSL_MSG("buffer for GetFormattedTime is too short.");
             return BUFFER_E;
         }
-        ret = XSPRINTF((char*)buf,
-                        "%02d%02d%02d%02d%02d%02dZ", year, mon, day,
-                        hour, mini, sec);
-    #else
         ret = XSNPRINTF((char*)buf, len,
                         "%02d%02d%02d%02d%02d%02dZ", year, mon, day,
                         hour, mini, sec);
-    #endif
     }
     else {
         /* GeneralizedTime */
@@ -14635,19 +15273,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len)
         hour = ts->tm_hour;
         mini = ts->tm_min;
         sec  = ts->tm_sec;
-    #if defined(WOLF_C89)
         if (len < ASN_GENERALIZED_TIME_SIZE) {
             WOLFSSL_MSG("buffer for GetFormattedTime is too short.");
             return BUFFER_E;
         }
-        ret = XSPRINTF((char*)buf,
-                        "%4d%02d%02d%02d%02d%02dZ", year, mon, day,
-                        hour, mini, sec);
-    #else
         ret = XSNPRINTF((char*)buf, len,
                         "%4d%02d%02d%02d%02d%02dZ", year, mon, day,
                         hour, mini, sec);
-    #endif
     }
 
     return ret;
@@ -14698,7 +15330,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
 /* Make sure before and after dates are valid */
 /* date = ASN.1 raw */
 /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
-/* dateType = AFTER or BEFORE */
+/* dateType = ASN_AFTER or ASN_BEFORE */
 int wc_ValidateDate(const byte* date, byte format, int dateType)
 {
     time_t ltime;
@@ -14719,7 +15351,7 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
 
     ltime = wc_Time(0);
 #ifndef NO_TIME_SIGNEDNESS_CHECK
-    if (sizeof(ltime) == sizeof(word32) && (int)ltime < 0){
+    if (sizeof(ltime) == sizeof(word32) && (sword32)ltime < 0){
         /* A negative response here could be due to a 32-bit time_t
          * where the year is 2038 or later. */
         WOLFSSL_MSG("wc_Time failed to return a valid value");
@@ -14728,14 +15360,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
 #endif
 
 #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
-    if (dateType == BEFORE) {
+    if (dateType == ASN_BEFORE) {
         WOLFSSL_MSG("Skewing local time for before date check");
         ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW;
     }
 #endif
 
 #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW
-    if (dateType == AFTER) {
+    if (dateType == ASN_AFTER) {
         WOLFSSL_MSG("Skewing local time for after date check");
         ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW;
     }
@@ -14769,13 +15401,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
         return 0;
     }
 
-    if (dateType == BEFORE) {
+    if (dateType == ASN_BEFORE) {
         if (DateLessThan(localTime, &certTime)) {
             WOLFSSL_MSG("Date BEFORE check failed");
             return 0;
         }
     }
-    else {  /* dateType == AFTER */
+    else {  /* dateType == ASN_AFTER */
         if (DateGreaterThan(localTime, &certTime)) {
             WOLFSSL_MSG("Date AFTER check failed");
             return 0;
@@ -14941,7 +15573,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
     byte   format;
     word32 startIdx = 0;
 
-    if (dateType == BEFORE)
+    if (dateType == ASN_BEFORE)
         cert->beforeDate = &cert->source[cert->srcIdx];
     else
         cert->afterDate = &cert->source[cert->srcIdx];
@@ -14955,7 +15587,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
     XMEMSET(date, 0, MAX_DATE_SIZE);
     XMEMCPY(date, datePtr, (size_t)length);
 
-    if (dateType == BEFORE)
+    if (dateType == ASN_BEFORE)
         cert->beforeDateLen = (int)(cert->srcIdx - startIdx);
     else
         cert->afterDateLen  = (int)(cert->srcIdx - startIdx);
@@ -14963,7 +15595,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
 #ifndef NO_ASN_TIME_CHECK
     if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE &&
             !XVALIDATE_DATE(date, format, dateType)) {
-        if (dateType == BEFORE) {
+        if (dateType == ASN_BEFORE) {
             WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E);
             return ASN_BEFORE_DATE_E;
         }
@@ -14989,10 +15621,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx)
 
     maxIdx = (int)cert->srcIdx + length;
 
-    if (GetDate(cert, BEFORE, verify, maxIdx) < 0)
+    if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0)
         badDate = ASN_BEFORE_DATE_E; /* continue parsing */
 
-    if (GetDate(cert, AFTER, verify, maxIdx) < 0)
+    if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0)
         return ASN_AFTER_DATE_E;
 
     if (badDate != 0)
@@ -15192,7 +15824,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
 
         WOLFSSL_MSG("Got Algo ID");
 
-        if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0)
+        if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0)
             return ret;
 
         if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0)
@@ -15201,7 +15833,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
     }
 #endif
 
-    if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0)
+    if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0)
         return ret;
 
     WOLFSSL_MSG("Got Subject Name");
@@ -15228,8 +15860,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
  * @return  0 on success.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
@@ -15285,8 +15917,15 @@ int DecodeToKey(DecodedCert* cert, int verify)
     int ret;
     int badDate = 0;
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Call internal version and decode completely to also handle extensions.
+     * This is required to parse a potential alternative public key in the
+     * SubjectAlternativeKey extension. */
+    ret = DecodeCertInternal(cert, verify, NULL, &badDate, 0, 0);
+#else
     /* Call internal version and stop after public key. */
     ret = DecodeCertInternal(cert, verify, NULL, &badDate, 0, 1);
+#endif
     /* Always return date errors. */
     if (ret == 0) {
         ret = badDate;
@@ -15381,6 +16020,18 @@ word32 SetLength(word32 length, byte* output)
     return i;
 }
 
+word32 SetLengthEx(word32 length, byte* output, byte isIndef)
+{
+    if (isIndef) {
+        if (output != NULL) {
+            output[0] = ASN_INDEF_LENGTH;
+        }
+        return 1;
+    }
+    else {
+        return SetLength(length, output);
+    }
+}
 /* Encode a DER header - type/tag and length.
  *
  * @param [in]  tag     DER tag of ASN.1 item.
@@ -15388,14 +16039,15 @@ word32 SetLength(word32 length, byte* output)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-static word32 SetHeader(byte tag, word32 len, byte* output)
+word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
 {
     if (output) {
         /* Encode tag first. */
         output[0] = tag;
     }
     /* Encode the length. */
-    return SetLength(len, output ? output + ASN_TAG_SZ : NULL) + ASN_TAG_SZ;
+    return SetLengthEx(len, output ? output + ASN_TAG_SZ : NULL, isIndef) +
+        ASN_TAG_SZ;
 }
 
 /* Encode a SEQUENCE header in DER.
@@ -15406,7 +16058,12 @@ static word32 SetHeader(byte tag, word32 len, byte* output)
  */
 word32 SetSequence(word32 len, byte* output)
 {
-    return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output);
+    return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, 0);
+}
+
+word32 SetSequenceEx(word32 len, byte* output, byte isIndef)
+{
+    return SetHeader(ASN_SEQUENCE | ASN_CONSTRUCTED, len, output, isIndef);
 }
 
 /* Encode an OCTET STRING header in DER.
@@ -15417,7 +16074,14 @@ word32 SetSequence(word32 len, byte* output)
  */
 word32 SetOctetString(word32 len, byte* output)
 {
-    return SetHeader(ASN_OCTET_STRING, len, output);
+    return SetHeader(ASN_OCTET_STRING, len, output, 0);
+}
+
+word32 SetOctetStringEx(word32 len, byte* output, byte indef)
+{
+    if (indef)
+        return SetHeader(ASN_OCTET_STRING | ASN_CONSTRUCTED, len, output, indef);
+    return SetOctetString(len, output);
 }
 
 /* Encode a SET header in DER.
@@ -15428,7 +16092,7 @@ word32 SetOctetString(word32 len, byte* output)
  */
 word32 SetSet(word32 len, byte* output)
 {
-    return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output);
+    return SetHeader(ASN_SET | ASN_CONSTRUCTED, len, output, 0);
 }
 
 /* Encode an implicit context specific header in DER.
@@ -15441,11 +16105,23 @@ word32 SetSet(word32 len, byte* output)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
+word32 SetImplicit(byte tag, byte number, word32 len, byte* output, byte isIndef)
 {
-    tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ? ASN_CONSTRUCTED : 0)
-                 | ASN_CONTEXT_SPECIFIC | number);
-    return SetHeader(tag, len, output);
+    byte useIndef = 0;
+
+    if ((tag == ASN_OCTET_STRING) && isIndef) {
+        tag = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | number;
+    }
+    else {
+        tag = (byte)(((tag == ASN_SEQUENCE || tag == ASN_SET) ?
+            ASN_CONSTRUCTED : 0) | ASN_CONTEXT_SPECIFIC | number);
+    }
+
+    if (isIndef && (tag & ASN_CONSTRUCTED)) {
+        useIndef = 1;
+    }
+
+    return SetHeader(tag, len, output, useIndef);
 }
 
 /* Encode an explicit context specific header in DER.
@@ -15457,10 +16133,10 @@ word32 SetImplicit(byte tag, byte number, word32 len, byte* output)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-word32 SetExplicit(byte number, word32 len, byte* output)
+word32 SetExplicit(byte number, word32 len, byte* output, byte isIndef)
 {
     return SetHeader((byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | number),
-                     len, output);
+                     len, output, isIndef);
 }
 
 #if defined(OPENSSL_EXTRA)
@@ -15475,7 +16151,6 @@ word32 SetOthername(void *name, byte *output)
     WOLFSSL_ASN1_OTHERNAME *nm = (WOLFSSL_ASN1_OTHERNAME *)name;
     char *nameStr = NULL;
     word32 nameSz = 0;
-    word32 len = 0;
 
     if ((nm == NULL) || (nm->value == NULL)) {
         WOLFSSL_MSG("otherName value is NULL");
@@ -15485,24 +16160,33 @@ word32 SetOthername(void *name, byte *output)
     nameStr = nm->value->value.utf8string->data;
     nameSz = (word32)nm->value->value.utf8string->length;
 
-    len = nm->type_id->objSz +
-          SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL) +
-          SetHeader(CTC_UTF8, nameSz, NULL) + nameSz;
-
-    if (output != NULL) {
+    if (output == NULL) {
+        return nm->type_id->objSz +
+            SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
+            SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
+    }
+    else {
+        const byte *output_start = output;
         /* otherName OID */
         XMEMCPY(output, nm->type_id->obj, nm->type_id->objSz);
         output += nm->type_id->objSz;
 
         output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2,
-                            output);
+                            output, 0);
 
-        output += SetHeader(CTC_UTF8, nameSz, output);
+        /* work around false positive from -fstack-protector */
+        PRAGMA_GCC_DIAG_PUSH
+        PRAGMA_GCC("GCC diagnostic ignored \"-Wstringop-overflow\"")
+
+        output += SetHeader(CTC_UTF8, nameSz, output, 0);
+
+        PRAGMA_GCC_DIAG_POP
 
         XMEMCPY(output, nameStr, nameSz);
-    }
 
-    return len;
+        output += nameSz;
+        return (word32)(output - output_start);
+    }
 }
 #endif /* OPENSSL_EXTRA */
 
@@ -15556,15 +16240,19 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
         #ifdef HAVE_CURVE448
               || (algoOID == X448k)
         #endif
-        #ifdef HAVE_PQC
         #ifdef HAVE_FACON
               || (algoOID == FALCON_LEVEL1k)
               || (algoOID == FALCON_LEVEL5k)
         #endif
         #ifdef HAVE_DILITHIUM
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
               || (algoOID == DILITHIUM_LEVEL2k)
               || (algoOID == DILITHIUM_LEVEL3k)
               || (algoOID == DILITHIUM_LEVEL5k)
+            #endif
+              || (algoOID == ML_DSA_LEVEL2k)
+              || (algoOID == ML_DSA_LEVEL3k)
+              || (algoOID == ML_DSA_LEVEL5k)
         #endif
         #ifdef HAVE_SPHINCS
               || (algoOID == SPHINCS_FAST_LEVEL1k)
@@ -15574,7 +16262,6 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
               || (algoOID == SPHINCS_SMALL_LEVEL3k)
               || (algoOID == SPHINCS_SMALL_LEVEL5k)
         #endif
-        #endif /* HAVE_PQC */
     );
 }
 
@@ -15589,7 +16276,8 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
  * @return  Encoded data size on success.
  * @return  0 when dynamic memory allocation fails.
  */
-word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
+static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz,
+                            byte absentParams)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 tagSz, idSz, seqSz, algoSz = 0;
@@ -15598,9 +16286,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
     byte   seqArray[MAX_SEQ_SZ + 1];  /* add object_id to end */
     word32    length = 0;
 
-    tagSz = (type == oidHashType ||
+    tagSz = ((type == oidHashType ||
              (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) ||
-             (type == oidKeyType && algoOID == RSAk)) ? 2U : 0U;
+             (type == oidKeyType && algoOID == RSAk)) &&
+                (absentParams == FALSE)) ? 2U : 0U;
     algoName = OidFromId((word32)algoOID, (word32)type, &algoSz);
     if (algoName == NULL) {
         WOLFSSL_MSG("Unknown Algorithm");
@@ -15656,6 +16345,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
             /* Don't put out NULL DER item. */
             dataASN[ALGOIDASN_IDX_NULL].noOut = 1;
         }
+        /* Override for absent (not NULL) params */
+        if (TRUE == absentParams) {
+            dataASN[ALGOIDASN_IDX_NULL].noOut = 1;
+        }
         if (algoOID == DSAk) {
             /* Don't include SEQUENCE for DSA keys. */
             o = 1;
@@ -15698,6 +16391,28 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Encode an algorithm identifier.
+ *
+ * [algoOID, type] is unique.
+ *
+ * @param [in]  algoOID   Algorithm identifier.
+ * @param [out] output    Buffer to hold encoding.
+ * @param [in]  type      Type of OID being encoded.
+ * @param [in]  curveSz   Add extra space for curve data.
+ * @return  Encoded data size on success.
+ * @return  0 when dynamic memory allocation fails.
+ */
+word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
+{
+    return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE);
+}
+
+word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz,
+                   byte absentParams)
+{
+    return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams);
+}
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 /* Always encode PKCS#1 v1.5 RSA signature and compare to encoded data. */
 /* ASN.1 template for DigestInfo for a PKCS#1 v1.5 RSA signature.
@@ -15753,7 +16468,7 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
 #else
     DECL_ASNSETDATA(dataASN, digestInfoASN_Length);
     int ret = 0;
-    int sz;
+    int sz = 0;
     unsigned char dgst[WC_MAX_DIGEST_SIZE];
 
     CALLOC_ASNSETDATA(dataASN, digestInfoASN_Length, ret, NULL);
@@ -15830,15 +16545,11 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
     if (sigCtx == NULL)
         return;
 
-    if (sigCtx->digest) {
-        XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
-        sigCtx->digest = NULL;
-    }
+    XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
+    sigCtx->digest = NULL;
 #if !(defined(NO_RSA) && defined(NO_DSA))
-    if (sigCtx->sigCpy) {
-        XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
-        sigCtx->sigCpy = NULL;
-    }
+    XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
+    sigCtx->sigCpy = NULL;
 #endif
 #ifndef NO_ASN_CRYPT
     if (sigCtx->key.ptr) {
@@ -15892,7 +16603,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
                 sigCtx->key.ed448 = NULL;
                 break;
         #endif /* HAVE_ED448 */
-        #if defined(HAVE_PQC)
         #if defined(HAVE_FALCON)
             case FALCON_LEVEL1k:
             case FALCON_LEVEL5k:
@@ -15903,9 +16613,14 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
                 break;
         #endif /* HAVE_FALCON */
         #if defined(HAVE_DILITHIUM)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
             case DILITHIUM_LEVEL2k:
             case DILITHIUM_LEVEL3k:
             case DILITHIUM_LEVEL5k:
+            #endif
+            case ML_DSA_LEVEL2k:
+            case ML_DSA_LEVEL3k:
+            case ML_DSA_LEVEL5k:
                 wc_dilithium_free(sigCtx->key.dilithium);
                 XFREE(sigCtx->key.dilithium, sigCtx->heap,
                       DYNAMIC_TYPE_DILITHIUM);
@@ -15925,7 +16640,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
                 sigCtx->key.sphincs = NULL;
                 break;
         #endif /* HAVE_SPHINCS */
-        #endif /* HAVE_PQC  */
             default:
                 break;
         } /* switch (keyOID) */
@@ -15952,7 +16666,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
             }
             else if ((ret = wc_Md2Hash(buf, bufSz, digest)) == 0) {
                 *typeH    = MD2h;
-                *digestSz = MD2_DIGEST_SIZE;
+                *digestSz = WC_MD2_DIGEST_SIZE;
             }
         break;
     #endif
@@ -16071,7 +16785,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
              */
             break;
     #endif
-    #ifdef HAVE_PQC
     #ifdef HAVE_FALCON
         case CTC_FALCON_LEVEL1:
         case CTC_FALCON_LEVEL5:
@@ -16079,9 +16792,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
             break;
     #endif
     #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case CTC_DILITHIUM_LEVEL2:
         case CTC_DILITHIUM_LEVEL3:
         case CTC_DILITHIUM_LEVEL5:
+        #endif
+        case CTC_ML_DSA_LEVEL2:
+        case CTC_ML_DSA_LEVEL3:
+        case CTC_ML_DSA_LEVEL5:
             /* Hashes done in signing operation. */
             break;
     #endif
@@ -16095,7 +16813,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
             /* Hashes done in signing operation. */
             break;
     #endif
-    #endif /* HAVE_PQC */
 
         default:
             ret = HASH_TYPE_E;
@@ -16115,14 +16832,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
 #endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */
 
 /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
-static int ConfirmSignature(SignatureCtx* sigCtx,
+int ConfirmSignature(SignatureCtx* sigCtx,
     const byte* buf, word32 bufSz,
     const byte* key, word32 keySz, word32 keyOID,
     const byte* sig, word32 sigSz, word32 sigOID,
     const byte* sigParams, word32 sigParamsSz,
     byte* rsaKeyIdx)
 {
-    int ret = 0;
+    int ret = WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E); /* default to failure */
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
     CertAttribute* certatt = NULL;
 #endif
@@ -16475,10 +17192,10 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif
-            #if defined(HAVE_PQC)
             #if defined(HAVE_FALCON)
                 case FALCON_LEVEL1k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.falcon =
                         (falcon_key*)XMALLOC(sizeof(falcon_key),
@@ -16487,15 +17204,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.falcon == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_falcon_init(sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 1))
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_falcon_import_public(key, keySz,
-                        sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_Falcon_PublicKeyDecode(key, &idx,
+                        sigCtx->key.falcon, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import error Falcon Level 1");
                         WOLFSSL_ERROR_VERBOSE(ret);
                         goto exit_cs;
@@ -16504,6 +17222,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case FALCON_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.falcon =
                         (falcon_key*)XMALLOC(sizeof(falcon_key),
@@ -16512,15 +17231,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.falcon == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_falcon_init(sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 5))
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_falcon_import_public(key, keySz,
-                        sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_Falcon_PublicKeyDecode(key, &idx,
+                        sigCtx->key.falcon, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import error Falcon Level 5");
                         WOLFSSL_ERROR_VERBOSE(ret);
                         goto exit_cs;
@@ -16528,78 +17248,62 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif /* HAVE_FALCON */
-            #if defined(HAVE_DILITHIUM)
+            #if defined(HAVE_DILITHIUM) && \
+                !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+                !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
-                {
-                    sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
-                    if (sigCtx->key.dilithium == NULL) {
-                        ERROR_OUT(MEMORY_E, exit_cs);
-                    }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 2))
-                        < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_import_public(key, keySz,
-                        sigCtx->key.dilithium)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
-                        goto exit_cs;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL3k:
-                {
-                    sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
-                    if (sigCtx->key.dilithium == NULL) {
-                        ERROR_OUT(MEMORY_E, exit_cs);
-                    }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 3))
-                        < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_import_public(key, keySz,
-                        sigCtx->key.dilithium)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
-                        goto exit_cs;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL5k:
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
                 {
+                    word32 idx = 0;
+                    int level;
+                    if (keyOID == ML_DSA_LEVEL2k) {
+                        level = WC_ML_DSA_44;
+                    }
+                    else if (keyOID == ML_DSA_LEVEL3k) {
+                        level = WC_ML_DSA_65;
+                    }
+                    else if (keyOID == ML_DSA_LEVEL5k) {
+                        level = WC_ML_DSA_87;
+                    }
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+                    else if (keyOID == DILITHIUM_LEVEL2k) {
+                        level = WC_ML_DSA_44_DRAFT;
+                    }
+                    else if (keyOID == DILITHIUM_LEVEL3k) {
+                        level = WC_ML_DSA_65_DRAFT;
+                    }
+                    else if (keyOID == DILITHIUM_LEVEL5k) {
+                        level = WC_ML_DSA_87_DRAFT;
+                    }
+                #endif
+                    else {
+                        WOLFSSL_MSG("Invalid Dilithium key OID");
+                        goto exit_cs;
+                    }
                     sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
+                    sigCtx->key.dilithium = (dilithium_key*)XMALLOC(
+                        sizeof(dilithium_key), sigCtx->heap,
+                        DYNAMIC_TYPE_DILITHIUM);
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 5))
-                        < 0) {
+                    if ((ret = wc_dilithium_set_level(sigCtx->key.dilithium,
+                            level)) < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_import_public(key, keySz,
-                        sigCtx->key.dilithium)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
+                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
+                        sigCtx->key.dilithium, keySz)) < 0) {
+                        WOLFSSL_MSG("ASN Key import error Dilithium");
                         goto exit_cs;
                     }
                     break;
@@ -16608,6 +17312,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
             #if defined(HAVE_SPHINCS)
                 case SPHINCS_FAST_LEVEL1k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16624,8 +17329,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level1");
                         goto exit_cs;
                     }
@@ -16633,6 +17338,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_FAST_LEVEL3k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16649,8 +17355,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level3");
                         goto exit_cs;
                     }
@@ -16658,6 +17364,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_FAST_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16674,16 +17381,16 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level5");
                         goto exit_cs;
                     }
                     break;
                 }
-
                 case SPHINCS_SMALL_LEVEL1k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16700,8 +17407,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level1");
                         goto exit_cs;
                     }
@@ -16709,6 +17416,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_SMALL_LEVEL3k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16725,8 +17433,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level3");
                         goto exit_cs;
                     }
@@ -16734,6 +17442,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
                 case SPHINCS_SMALL_LEVEL5k:
                 {
+                    word32 idx = 0;
                     sigCtx->verify = 0;
                     sigCtx->key.sphincs =
                         (sphincs_key*)XMALLOC(sizeof(sphincs_key),
@@ -16750,15 +17459,14 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                         < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_sphincs_import_public(key, keySz,
-                        sigCtx->key.sphincs)) < 0) {
+                    if ((ret = wc_Sphincs_PublicKeyDecode(key, &idx,
+                        sigCtx->key.sphincs, keySz)) < 0) {
                         WOLFSSL_MSG("ASN Key import err: Sphincs-fast Level5");
                         goto exit_cs;
                     }
                     break;
                 }
             #endif /* HAVE_SPHINCS */
-            #endif /* HAVE_PQC */
                 default:
                     WOLFSSL_MSG("Verify Key type unknown");
                     ret = ASN_UNKNOWN_OID_E;
@@ -16810,7 +17518,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     !defined(WOLFSSL_RENESAS_TSIP_TLS)
                     else
                 #else
-                    if (!sigCtx->pkCbRsa || ret == CRYPTOCB_UNAVAILABLE)
+                    if (!sigCtx->pkCbRsa ||
+                        ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 #endif /* WOLFSSL_RENESAS_FSPSM_TLS */
                 #endif /* HAVE_PK_CALLBACKS */
                     {
@@ -16884,7 +17593,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     !defined(WOLFSSL_RENESAS_TSIP_TLS)
                     else
                 #else
-                    if (!sigCtx->pkCbEcc || ret == CRYPTOCB_UNAVAILABLE)
+                    if (!sigCtx->pkCbEcc ||
+                        ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 #endif /* WOLFSSL_RENESAS_FSPSM_TLS */
                 #endif /* HAVE_PK_CALLBACKS */
                     {
@@ -16912,7 +17622,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif
-            #if defined(HAVE_PQC)
             #if defined(HAVE_FALCON)
                 case FALCON_LEVEL1k:
                 case FALCON_LEVEL5k:
@@ -16923,7 +17632,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif /* HAVE_FALCON */
-            #if defined(HAVE_DILITHIUM)
+            #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
                 case DILITHIUM_LEVEL3k:
                 case DILITHIUM_LEVEL5k:
@@ -16933,6 +17643,15 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                                                sigCtx->key.dilithium);
                     break;
                 }
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
+                {
+                    ret = wc_dilithium_verify_ctx_msg(sig, sigSz, NULL, 0, buf,
+                        bufSz, &sigCtx->verify, sigCtx->key.dilithium);
+                    break;
+                }
             #endif /* HAVE_DILITHIUM */
             #if defined(HAVE_SPHINCS)
                 case SPHINCS_FAST_LEVEL1k:
@@ -16948,13 +17667,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif /* HAVE_SPHINCS */
-            #endif /* HAVE_PQC */
                 default:
                     break;
             }  /* switch (keyOID) */
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 goto exit_cs;
             }
         #endif
@@ -17101,7 +17819,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif /* HAVE_ED448 */
-            #ifdef HAVE_PQC
             #ifdef HAVE_FALCON
                 case FALCON_LEVEL1k:
                 {
@@ -17129,39 +17846,22 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
             #endif /* HAVE_FALCON */
             #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
-                {
-                    if (sigCtx->verify == 1) {
-                        ret = 0;
-                    }
-                    else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL2 Verify didn't match");
-                        ret = ASN_SIG_CONFIRM_E;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL3k:
-                {
-                    if (sigCtx->verify == 1) {
-                        ret = 0;
-                    }
-                    else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL3 Verify didn't match");
-                        ret = ASN_SIG_CONFIRM_E;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL5k:
-                {
+                #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
                     if (sigCtx->verify == 1) {
                         ret = 0;
                     }
                     else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL5 Verify didn't match");
+                        WOLFSSL_MSG("DILITHIUM Verify didn't match");
                         ret = ASN_SIG_CONFIRM_E;
                     }
                     break;
-                }
             #endif /* HAVE_DILITHIUM */
             #ifdef HAVE_SPHINCS
                 case SPHINCS_FAST_LEVEL1k:
@@ -17231,7 +17931,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     break;
                 }
             #endif /* HAVE_SPHINCS */
-            #endif /* HAVE_PQC */
                 default:
                     break;
             }  /* switch (keyOID) */
@@ -17245,6 +17944,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
 
 exit_cs:
 
+#else
+    /* For NO_ASN_CRYPT return "not compiled in" */
+    ret = NOT_COMPILED_IN;
 #endif /* !NO_ASN_CRYPT */
 
     (void)keyOID;
@@ -17253,7 +17955,7 @@ exit_cs:
     WOLFSSL_LEAVE("ConfirmSignature", ret);
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E)
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
         return ret;
 #endif
 
@@ -17262,7 +17964,6 @@ exit_cs:
     return ret;
 }
 
-
 #ifndef IGNORE_NAME_CONSTRAINTS
 
 static int MatchBaseName(int type, const char* name, int nameSz,
@@ -17508,7 +18209,9 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
 #ifndef WOLFSSL_ASN_TEMPLATE
 static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
 {
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
+#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \
+    !defined(WOLFSSL_ALT_NAMES_NO_REV)
+    /* logic to add alt name to end of list */
     dnsEntry->next = NULL;
     if (cert->altNames == NULL) {
         /* First on list */
@@ -17631,7 +18334,7 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
     }
 
     if (ret == 0) {
-        ret = SetDNSEntry(cert, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
+        ret = SetDNSEntry(cert->heap, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
         if (ret == 0) {
         #ifdef WOLFSSL_FPKI
             entry->oidSum = oid;
@@ -17658,10 +18361,12 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
  * @return  BUFFER_E when data in buffer is too small.
  */
 static int DecodeOtherName(DecodedCert* cert, const byte* input,
-                           word32* inOutIdx, word32 maxIdx)
+                           word32* inOutIdx, int len)
 {
     DECL_ASNGETDATA(dataASN, otherNameASN_Length);
     int ret = 0;
+    word32 maxIdx = *inOutIdx + (word32)len;
+    const char* name = (const char*)input + *inOutIdx;
 
     CALLOC_ASNGETDATA(dataASN, otherNameASN_Length, ret, cert->heap);
 
@@ -17690,7 +18395,9 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input,
                            (int)dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum);
                 break;
             default:
-                WOLFSSL_MSG("\tunsupported OID skipping");
+                WOLFSSL_MSG("\tadding unsupported OID");
+                ret = SetDNSEntry(cert->heap, name, len, ASN_OTHER_TYPE,
+                        &cert->altNames);
                 break;
         }
     }
@@ -17722,8 +18429,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
 
     /* GeneralName choice: dnsName */
     if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_DNS_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_DNS_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
@@ -17741,7 +18448,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
             return ASN_PARSE_E;
         }
 
-        ret = SetDNSEntry(cert, (const char*)(input + idxDir), strLen,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idxDir), strLen,
                 ASN_DIR_TYPE, &cert->altDirNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -17749,7 +18456,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
     }
     /* GeneralName choice: rfc822Name */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
                 ASN_RFC822_TYPE, &cert->altEmailNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -17797,38 +18504,38 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
         }
     #endif
 
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_URI_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_URI_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
     }
-    #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
-                                            defined(WOLFSSL_IP_ALT_NAME)
+    #ifdef WOLFSSL_IP_ALT_NAME
     /* GeneralName choice: iPAddress */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_IP_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
     }
-    #endif /* WOLFSSL_QT || OPENSSL_ALL */
-
+    #endif /* WOLFSSL_IP_ALT_NAME */
+    #ifdef WOLFSSL_RID_ALT_NAME
     /* GeneralName choice: registeredID */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
                 ASN_RID_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
     }
+    #endif /* WOLFSSL_RID_ALT_NAME */
 #endif /* IGNORE_NAME_CONSTRAINTS */
 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI)
     /* GeneralName choice: otherName */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
         /* TODO: test data for code path */
-        ret = DecodeOtherName(cert, input, &idx, idx + (word32)len);
+        ret = DecodeOtherName(cert, input, &idx, len);
     }
 #endif
     /* GeneralName choice: dNSName, x400Address, ediPartyName */
@@ -18066,6 +18773,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
     int length = 0;
+    word32 numNames = 0;
 
     WOLFSSL_ENTER("DecodeAltNames");
 
@@ -18098,8 +18806,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             return BUFFER_E;
         }
 
-        current_byte = input[idx++];
+        numNames++;
+        if (numNames > WOLFSSL_MAX_ALT_NAMES) {
+            WOLFSSL_MSG("\tToo many subject alternative names");
+            return ASN_ALT_NAME_E;
+        }
 
+        current_byte = input[idx++];
         length--;
 
         /* Save DNS Type names in the altNames list. */
@@ -18293,7 +19006,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             length -= strLen;
             idx    += (word32)strLen;
         }
-#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
         else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
             DNS_entry* ipAddr;
             int strLen;
@@ -18328,21 +19041,19 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             XMEMCPY(ipAddr->name, &input[idx], strLen);
             ipAddr->name[strLen] = '\0';
 
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
             if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) {
                 WOLFSSL_MSG("\tOut of Memory for IP string");
                 XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
                 XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
                 return MEMORY_E;
             }
-        #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
             AddAltName(cert, ipAddr);
 
             length -= strLen;
             idx    += (word32)strLen;
         }
-#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
-#if defined(OPENSSL_ALL)
+#endif /* WOLFSSL_IP_ALT_NAME */
+#ifdef WOLFSSL_RID_ALT_NAME
         else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
             DNS_entry* rid;
             int strLen;
@@ -18389,7 +19100,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
             length -= strLen;
             idx    += (word32)strLen;
         }
-#endif /* OPENSSL_ALL */
+#endif /* WOLFSSL_RID_ALT_NAME */
 #endif /* IGNORE_NAME_CONSTRAINTS */
         else if (current_byte ==
                 (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
@@ -18465,6 +19176,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
     word32 idx = 0;
     int length = 0;
     int ret = 0;
+    word32 numNames = 0;
 
     WOLFSSL_ENTER("DecodeAltNames");
 
@@ -18497,6 +19209,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
     while ((ret == 0) && (idx < sz)) {
         ASNGetData dataASN[altNameASN_Length];
 
+        numNames++;
+        if (numNames > WOLFSSL_MAX_ALT_NAMES) {
+            WOLFSSL_MSG("\tToo many subject alternative names");
+            ret = ASN_ALT_NAME_E;
+            break;
+        }
+
         /* Clear dynamic data items. */
         XMEMSET(dataASN, 0, sizeof(dataASN));
         /* Parse GeneralName with the choices supported. */
@@ -18983,15 +19702,11 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
 
         /* Set ocsp entry */
         if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
-                cert->extAuthInfo == NULL)
-        {
+                cert->extAuthInfo == NULL) {
             cert->extAuthInfoSz = length;
             cert->extAuthInfo = input + idx;
-        #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
-            break;
-        #endif
         }
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+    #ifdef WOLFSSL_ASN_CA_ISSUER
         /* Set CaIssuers entry */
         else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
                 cert->extAuthInfoCaIssuer == NULL)
@@ -18999,7 +19714,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
             cert->extAuthInfoCaIssuerSz = length;
             cert->extAuthInfoCaIssuer = input + idx;
         }
-        #endif
+    #endif
         idx += (word32)length;
     }
 
@@ -19037,11 +19752,8 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
                 GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
                         &cert->extAuthInfo, &sz32);
                 cert->extAuthInfoSz = (int)sz32;
-            #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
-                break;
-            #endif
             }
-            #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+        #ifdef WOLFSSL_ASN_CA_ISSUER
             /* Check we have CA Issuer and URI. */
             else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
                         AIA_CA_ISSUER_OID) &&
@@ -19052,7 +19764,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
                         &cert->extAuthInfoCaIssuer, &sz32);
                 cert->extAuthInfoCaIssuerSz = (int)sz32;
             }
-            #endif
+        #endif
             /* Otherwise skip. */
         }
     }
@@ -19128,13 +19840,14 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
         return ASN_PARSE_E;
     }
 
+    cert->extAuthKeyIdSz = length;
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #ifdef WOLFSSL_AKID_NAME
     cert->extRawAuthKeyIdSrc = input;
     cert->extRawAuthKeyIdSz = sz;
 #endif
     cert->extAuthKeyIdSrc = &input[idx];
-    cert->extAuthKeyIdSz = length;
 #endif /* OPENSSL_EXTRA */
 
     return GetHashId(input + idx, length, cert->extAuthKeyId,
@@ -19230,9 +19943,9 @@ static int DecodeSubjKeyId(const byte* input, word32 sz, DecodedCert* cert)
 
     ret = GetOctetString(input, &idx, &length, sz);
     if (ret > 0) {
+        cert->extSubjKeyIdSz = (word32)length;
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
         cert->extSubjKeyIdSrc = &input[idx];
-        cert->extSubjKeyIdSz = (word32)length;
     #endif /* OPENSSL_EXTRA */
 
         /* Get the hash or hash of the hash if wrong size. */
@@ -19301,6 +20014,7 @@ static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 
     /* Clear dynamic data and set where to store extended key usage. */
     XMEMSET(dataASN, 0, sizeof(dataASN));
+    XMEMSET(keyUsage, 0, sizeof(keyUsage));
     GetASN_Buffer(&dataASN[KEYUSAGEASN_IDX_STR], keyUsage, &keyUsageSz);
     /* Parse key usage. */
     ret = GetASN_Items(keyUsageASN, dataASN, keyUsageASN_Length, 0, input,
@@ -19363,7 +20077,7 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 
     while (idx < (word32)sz) {
         ret = GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz);
-        if (ret == ASN_UNKNOWN_OID_E)
+        if (ret == WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E))
             continue;
         else if (ret < 0)
             return ret;
@@ -19443,7 +20157,7 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
         ret = GetASN_Items(keyPurposeIdASN, dataASN, keyPurposeIdASN_Length, 0,
                            input, &idx, sz);
         /* Skip unknown OIDs. */
-        if (ret == ASN_UNKNOWN_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)) {
             ret = 0;
         }
         else if (ret == 0) {
@@ -19547,7 +20261,7 @@ enum {
 static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag,
                                     Base_entry** head, void* heap)
 {
-    Base_entry* entry;
+    Base_entry* entry = NULL;
     word32 nameIdx = 0;
     word32 len = sz;
     int strLen;
@@ -19606,17 +20320,21 @@ static int DecodeSubtreeGeneralName(const byte* input, word32 sz, byte tag,
  * @param [in]      input  Buffer holding data.
  * @param [in]      sz     Size of data in buffer.
  * @param [in, out] head   Linked list of subtree names.
+ * @param [in]      limit  If > 0, limit on number of tree
+ *                         entries to  process, exceeding
+ *                         is an error.
  * @param [in]      heap   Dynamic memory hint.
  * @return  0 on success.
  * @return  MEMORY_E when dynamic memory allocation fails.
  * @return  ASN_PARSE_E when SEQUENCE is not found as expected.
  */
 static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
-                         void* heap)
+                         word32 limit, void* heap)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
     int ret = 0;
+    word32 cnt = 0;
 
     (void)heap;
 
@@ -19625,6 +20343,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
         word32 nameIdx;
         byte b, bType;
 
+        if (limit > 0) {
+            cnt++;
+            if (cnt > limit) {
+                WOLFSSL_MSG("too many name constraints");
+                return ASN_NAME_INVALID_E;
+            }
+        }
+
         if (GetSequence(input, &idx, &seqLength, sz) < 0) {
             WOLFSSL_MSG("\tfail: should be a SEQUENCE");
             return ASN_PARSE_E;
@@ -19690,6 +20416,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
     DECL_ASNGETDATA(dataASN, subTreeASN_Length);
     word32 idx = 0;
     int ret = 0;
+    word32 cnt = 0;
 
     (void)heap;
 
@@ -19699,6 +20426,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head,
     while ((ret == 0) && (idx < (word32)sz)) {
         byte minVal = 0;
         byte maxVal = 0;
+        if (limit > 0) {
+            cnt++;
+            if (cnt > limit) {
+                WOLFSSL_MSG("too many name constraints");
+                ret = ASN_NAME_INVALID_E;
+                break;
+            }
+        }
 
         /* Clear dynamic data and set choice for GeneralName and location to
          * store minimum and maximum.
@@ -19797,7 +20532,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz,
         }
 
         if (DecodeSubtree(input + idx, (word32)length, subtree,
-                cert->heap) < 0) {
+                WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap) < 0) {
             WOLFSSL_MSG("\terror parsing subtree");
             return ASN_PARSE_E;
         }
@@ -19824,7 +20559,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz,
             ret = DecodeSubtree(
                     dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.data,
                     dataASN[NAMECONSTRAINTSASN_IDX_PERMIT].data.ref.length,
-                    &cert->permittedNames, cert->heap);
+                    &cert->permittedNames, WOLFSSL_MAX_NAME_CONSTRAINTS,
+                    cert->heap);
         }
     }
     if (ret == 0) {
@@ -19833,7 +20569,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz,
             ret = DecodeSubtree(
                     dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.data,
                     dataASN[NAMECONSTRAINTSASN_IDX_EXCLUDE].data.ref.length,
-                    &cert->excludedNames, cert->heap);
+                    &cert->excludedNames, WOLFSSL_MAX_NAME_CONSTRAINTS,
+                    cert->heap);
         }
     }
 
@@ -19844,7 +20581,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz,
 }
 #endif /* IGNORE_NAME_CONSTRAINTS */
 
-#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \
+#if defined(WOLFSSL_CERT_EXT) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* Decode ITU-T X.690 OID format to a string representation
@@ -19897,10 +20634,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
 exit:
     return w;
 }
-#endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */
+#endif /* WOLFSSL_CERT_EXT || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT)
-    #ifdef WOLFSSL_ASN_TEMPLATE
+#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
+#ifdef WOLFSSL_ASN_TEMPLATE
     /* ASN.1 template for PolicyInformation.
      * X.509: RFC 5280, 4.2.1.4 - Certificate Policies.
      */
@@ -19919,230 +20656,221 @@ exit:
 
     /* Number of items in ASN.1 template for PolicyInformation. */
     #define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem))
-    #endif
+#endif
 
-    /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
-    static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
-    {
-    #ifndef WOLFSSL_ASN_TEMPLATE
-        word32 idx = 0;
-        word32 oldIdx;
-        int policy_length = 0;
-        int ret;
-        int total_length = 0;
-    #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
-        !defined(WOLFSSL_DUP_CERTPOL)
-        int i;
-    #endif
+/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
+static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
+{
+#ifndef WOLFSSL_ASN_TEMPLATE
+    word32 idx = 0;
+    word32 oldIdx;
+    int policy_length = 0;
+    int ret;
+    int total_length = 0;
+#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL)
+    int i;
+#endif
 
-        WOLFSSL_ENTER("DecodeCertPolicy");
+    WOLFSSL_ENTER("DecodeCertPolicy");
 
-    #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
-        /* Check if cert is null before dereferencing below */
-        if (cert == NULL)
-            return BAD_FUNC_ARG;
-    #else
-        (void)cert;
-    #endif
+    /* Check if cert is null before dereferencing below */
+    if (cert == NULL)
+        return BAD_FUNC_ARG;
 
-    #if defined(WOLFSSL_CERT_EXT)
-         cert->extCertPoliciesNb = 0;
-    #endif
+#if defined(WOLFSSL_CERT_EXT)
+        cert->extCertPoliciesNb = 0;
+#endif
 
-        if (GetSequence(input, &idx, &total_length, sz) < 0) {
-            WOLFSSL_MSG("\tGet CertPolicy total seq failed");
+    if (GetSequence(input, &idx, &total_length, sz) < 0) {
+        WOLFSSL_MSG("\tGet CertPolicy total seq failed");
+        return ASN_PARSE_E;
+    }
+
+    /* Validate total length */
+    if (total_length > (int)(sz - idx)) {
+        WOLFSSL_MSG("\tCertPolicy length mismatch");
+        return ASN_PARSE_E;
+    }
+
+    /* Unwrap certificatePolicies */
+    do {
+        int length = 0;
+
+        if (GetSequence(input, &idx, &policy_length, sz) < 0) {
+            WOLFSSL_MSG("\tGet CertPolicy seq failed");
             return ASN_PARSE_E;
         }
 
-        /* Validate total length */
-        if (total_length > (int)(sz - idx)) {
-            WOLFSSL_MSG("\tCertPolicy length mismatch");
-            return ASN_PARSE_E;
-        }
+        oldIdx = idx;
+        ret = GetASNObjectId(input, &idx, &length, sz);
+        if (ret != 0)
+            return ret;
+        policy_length -= (int)(idx - oldIdx);
 
-        /* Unwrap certificatePolicies */
-        do {
-            int length = 0;
-
-            if (GetSequence(input, &idx, &policy_length, sz) < 0) {
-                WOLFSSL_MSG("\tGet CertPolicy seq failed");
+        if (length > 0) {
+            /* Verify length won't overrun buffer */
+            if (length > (int)(sz - idx)) {
+                WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
                 return ASN_PARSE_E;
             }
 
-            oldIdx = idx;
-            ret = GetASNObjectId(input, &idx, &length, sz);
-            if (ret != 0)
-                return ret;
-            policy_length -= (int)(idx - oldIdx);
-
-            if (length > 0) {
-                /* Verify length won't overrun buffer */
-                if (length > (int)(sz - idx)) {
-                    WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
-                    return ASN_PARSE_E;
-                }
-
-        #if defined(WOLFSSL_SEP)
+    #ifdef WOLFSSL_SEP
+            if (cert->deviceType == NULL) {
                 cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap,
-                                                         DYNAMIC_TYPE_X509_EXT);
+                                                        DYNAMIC_TYPE_X509_EXT);
                 if (cert->deviceType == NULL) {
                     WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
                     return MEMORY_E;
                 }
                 cert->deviceTypeSz = length;
                 XMEMCPY(cert->deviceType, input + idx, (size_t)length);
-                break;
-        #elif defined(WOLFSSL_CERT_EXT)
-                /* decode cert policy */
-                if (DecodePolicyOID(cert->extCertPolicies[
-                                       cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
-                                       input + idx, length) <= 0) {
-                    WOLFSSL_MSG("\tCouldn't decode CertPolicy");
-                    WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
-                    return ASN_PARSE_E;
-                }
-            #ifndef WOLFSSL_DUP_CERTPOL
-                /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
-                 * NOT appear more than once in a certificate policies
-                 * extension". This is a sanity check for duplicates.
-                 * extCertPolicies should only have OID values, additional
-                 * qualifiers need to be stored in a separate array. */
-                for (i = 0; i < cert->extCertPoliciesNb; i++) {
-                    if (XMEMCMP(cert->extCertPolicies[i],
-                            cert->extCertPolicies[cert->extCertPoliciesNb],
-                            MAX_CERTPOL_SZ) == 0) {
-                            WOLFSSL_MSG("Duplicate policy OIDs not allowed");
-                            WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
-                            WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
-                            return CERTPOLICIES_E;
-                    }
-                }
-            #endif /* !WOLFSSL_DUP_CERTPOL */
-                cert->extCertPoliciesNb++;
-        #else
-                WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
-                return 0;
-        #endif
             }
-            idx += (word32)policy_length;
-        } while((int)idx < total_length
-    #if defined(WOLFSSL_CERT_EXT)
-            && cert->extCertPoliciesNb < MAX_CERTPOL_NB
-    #endif
-        );
-
-        WOLFSSL_LEAVE("DecodeCertPolicy", 0);
-        return 0;
-    #else /* WOLFSSL_ASN_TEMPLATE */
-        word32 idx = 0;
-        int ret = 0;
-        int total_length = 0;
-    #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
-        !defined(WOLFSSL_DUP_CERTPOL)
-        int i;
     #endif
 
-        WOLFSSL_ENTER("DecodeCertPolicy");
-        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
-        /* Check if cert is null before dereferencing below */
-        if (cert == NULL)
-            ret = BAD_FUNC_ARG;
-        #endif
-
-        if (ret == 0) {
-        #if defined(WOLFSSL_CERT_EXT)
-            cert->extCertPoliciesNb = 0;
-        #endif
-
-            /* Strip SEQUENCE OF and check using all data. */
-            if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
-            {
-               ret = ASN_PARSE_E;
+    #ifdef WOLFSSL_CERT_EXT
+            /* decode cert policy */
+            if (DecodePolicyOID(cert->extCertPolicies[
+                                cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
+                                input + idx, length) <= 0) {
+                WOLFSSL_MSG("\tCouldn't decode CertPolicy");
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                return ASN_PARSE_E;
             }
-        }
-
-        /* Unwrap certificatePolicies */
-        while ((ret == 0) && ((int)idx < total_length)
-        #if defined(WOLFSSL_CERT_EXT)
-            && (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
-        #endif
-               ) {
-            ASNGetData dataASN[policyInfoASN_Length];
-            byte* data = NULL;
-            word32 length = 0;
-
-            /* Clear dynamic data and check OID is a cert policy type. */
-            XMEMSET(dataASN, 0, sizeof(dataASN));
-            GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
-            ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
-                               input, &idx, (word32)sz);
-            if (ret == 0) {
-                /* Get the OID. */
-                GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
-                if (length == 0) {
-                    ret = ASN_PARSE_E;
-                }
-            }
-            #if defined(WOLFSSL_SEP)
-            /* Store OID in device type. */
-            if (ret == 0) {
-                cert->deviceType = (byte*)XMALLOC(length, cert->heap,
-                                                  DYNAMIC_TYPE_X509_EXT);
-                if (cert->deviceType == NULL) {
-                    WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
-                    ret = MEMORY_E;
-                }
-            }
-            if (ret == 0) {
-                /* Store device type data and length. */
-                cert->deviceTypeSz = (int)length;
-                XMEMCPY(cert->deviceType, data, length);
-                break;
-            }
-            #elif defined(WOLFSSL_CERT_EXT)
-            if (ret == 0) {
-                /* Decode cert policy. */
-                if (DecodePolicyOID(
-                                 cert->extCertPolicies[cert->extCertPoliciesNb],
-                                 MAX_CERTPOL_SZ, data, length) <= 0) {
-                    WOLFSSL_MSG("\tCouldn't decode CertPolicy");
-                    WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
-                    ret = ASN_PARSE_E;
-                }
-            }
-            #ifndef WOLFSSL_DUP_CERTPOL
+        #ifndef WOLFSSL_DUP_CERTPOL
             /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
              * NOT appear more than once in a certificate policies
              * extension". This is a sanity check for duplicates.
              * extCertPolicies should only have OID values, additional
              * qualifiers need to be stored in a separate array. */
-            for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
+            for (i = 0; i < cert->extCertPoliciesNb; i++) {
                 if (XMEMCMP(cert->extCertPolicies[i],
                             cert->extCertPolicies[cert->extCertPoliciesNb],
                             MAX_CERTPOL_SZ) == 0) {
                     WOLFSSL_MSG("Duplicate policy OIDs not allowed");
                     WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
                     WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
-                    ret = CERTPOLICIES_E;
+                    return CERTPOLICIES_E;
                 }
             }
-            #endif /* !defined(WOLFSSL_DUP_CERTPOL) */
-            if (ret == 0) {
-                /* Keep count of policies seen. */
-                cert->extCertPoliciesNb++;
-            }
-            #else
-                (void)data;
-                WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
-                break;
-            #endif
+        #endif /* !WOLFSSL_DUP_CERTPOL */
+            cert->extCertPoliciesNb++;
+    #endif
         }
+        idx += (word32)policy_length;
+    } while((int)idx < total_length
+    #ifdef WOLFSSL_CERT_EXT
+        && cert->extCertPoliciesNb < MAX_CERTPOL_NB
+    #endif
+    );
 
-        WOLFSSL_LEAVE("DecodeCertPolicy", 0);
-        return ret;
-    #endif /* WOLFSSL_ASN_TEMPLATE */
+    WOLFSSL_LEAVE("DecodeCertPolicy", 0);
+    return 0;
+#else /* WOLFSSL_ASN_TEMPLATE */
+    word32 idx = 0;
+    int ret = 0;
+    int total_length = 0;
+#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL)
+    int i;
+#endif
+
+    WOLFSSL_ENTER("DecodeCertPolicy");
+
+    /* Check if cert is null before dereferencing below */
+    if (cert == NULL) {
+        ret = BAD_FUNC_ARG;
     }
-#endif /* WOLFSSL_SEP */
+
+    if (ret == 0) {
+    #if defined(WOLFSSL_CERT_EXT)
+        cert->extCertPoliciesNb = 0;
+    #endif
+
+        /* Strip SEQUENCE OF and check using all data. */
+        if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
+        {
+            ret = ASN_PARSE_E;
+        }
+    }
+
+    /* Unwrap certificatePolicies */
+    while ((ret == 0) && ((int)idx < total_length)
+    #if defined(WOLFSSL_CERT_EXT)
+        && (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
+    #endif
+            ) {
+        ASNGetData dataASN[policyInfoASN_Length];
+        byte* data = NULL;
+        word32 length = 0;
+
+        /* Clear dynamic data and check OID is a cert policy type. */
+        XMEMSET(dataASN, 0, sizeof(dataASN));
+        GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
+        ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
+                            input, &idx, (word32)sz);
+        if (ret == 0) {
+            /* Get the OID. */
+            GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
+            if (length == 0) {
+                ret = ASN_PARSE_E;
+            }
+        }
+    #ifdef WOLFSSL_SEP
+        /* Store OID in device type. */
+        if (ret == 0 && cert->deviceType == NULL) {
+            cert->deviceType = (byte*)XMALLOC(length, cert->heap,
+                                                DYNAMIC_TYPE_X509_EXT);
+            if (cert->deviceType != NULL) {
+                /* Store device type data and length. */
+                cert->deviceTypeSz = (int)length;
+                XMEMCPY(cert->deviceType, data, length);
+            }
+            else {
+                WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
+                ret = MEMORY_E;
+            }
+        }
+    #endif /* WOLFSSL_SEP */
+
+    #ifdef WOLFSSL_CERT_EXT
+        if (ret == 0) {
+            /* Decode cert policy. */
+            if (DecodePolicyOID(
+                    cert->extCertPolicies[cert->extCertPoliciesNb],
+                    MAX_CERTPOL_SZ, data, length) <= 0) {
+                WOLFSSL_MSG("\tCouldn't decode CertPolicy");
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                ret = ASN_PARSE_E;
+            }
+        }
+        #ifndef WOLFSSL_DUP_CERTPOL
+        /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
+         * NOT appear more than once in a certificate policies
+         * extension". This is a sanity check for duplicates.
+         * extCertPolicies should only have OID values, additional
+         * qualifiers need to be stored in a separate array. */
+        for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
+            if (XMEMCMP(cert->extCertPolicies[i],
+                        cert->extCertPolicies[cert->extCertPoliciesNb],
+                        MAX_CERTPOL_SZ) == 0) {
+                WOLFSSL_MSG("Duplicate policy OIDs not allowed");
+                WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
+                WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
+                ret = CERTPOLICIES_E;
+            }
+        }
+        #endif /* !WOLFSSL_DUP_CERTPOL */
+        if (ret == 0) {
+            /* Keep count of policies seen. */
+            cert->extCertPoliciesNb++;
+        }
+    #endif /* WOLFSSL_CERT_EXT */
+    }
+
+    WOLFSSL_LEAVE("DecodeCertPolicy", 0);
+    return ret;
+#endif /* WOLFSSL_ASN_TEMPLATE */
+}
+#endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT  */
 
 #ifdef WOLFSSL_SUBJ_DIR_ATTR
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -20157,7 +20885,7 @@ static const ASNItem subjDirAttrASN[] = {
 enum {
     SUBJDIRATTRASN_IDX_SEQ = 0,
     SUBJDIRATTRASN_IDX_OID,
-    SUBJDIRATTRASN_IDX_SET,
+    SUBJDIRATTRASN_IDX_SET
 };
 
 /* Number of items in ASN.1 template for BasicConstraints. */
@@ -20242,6 +20970,11 @@ static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert)
 
     WOLFSSL_ENTER("DecodeSubjDirAttr");
 
+#ifdef OPENSSL_ALL
+    cert->extSubjDirAttrSrc = input;
+    cert->extSubjDirAttrSz = sz;
+#endif /* OPENSSL_ALL */
+
     CALLOC_ASNGETDATA(dataASN, subjDirAttrASN_Length, ret, cert->heap);
 
     /* Strip outer SEQUENCE. */
@@ -20368,6 +21101,162 @@ static int DecodeSubjInfoAcc(const byte* input, word32 sz, DecodedCert* cert)
 }
 #endif /* WOLFSSL_SUBJ_INFO_ACC */
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* The subject alternative public key is an extension that holds the same thing
+ * as a subject public key. */
+static const ASNItem subjAltPubKeyInfoASN[] = {
+                           /* subjectPublicKeyInfo SubjectPublicKeyInfo */
+/* ALT_SPUBKEYINFO_SEQ          */      { 0, ASN_SEQUENCE, 1, 1, 0 },
+                           /* algorithm          AlgorithmIdentifier */
+                           /* AlgorithmIdentifier ::= SEQUENCE */
+/* ALT_SPUBKEYINFO_ALGO_SEQ     */         { 1, ASN_SEQUENCE, 1, 1, 0 },
+                          /* Algorithm    OBJECT IDENTIFIER */
+/* ALT_SPUBKEYINFO_ALGO_OID     */             { 2, ASN_OBJECT_ID, 0, 0, 0 },
+                           /* parameters   ANY defined by algorithm OPTIONAL */
+/* ALT_SPUBKEYINFO_ALGO_NULL    */             { 2, ASN_TAG_NULL, 0, 0, 1 },
+/* ALT_SPUBKEYINFO_ALGO_CURVEID */             { 2, ASN_OBJECT_ID, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/* ALT_SPUBKEYINFO_ALGO_P_SEQ   */             { 2, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+                           /* subjectPublicKey   BIT STRING */
+/* ALT_SPUBKEYINFO_PUBKEY       */          { 1, ASN_BIT_STRING, 0, 0, 0 }
+};
+
+#define subjAltPubKeyInfoASN_Length (sizeof(subjAltPubKeyInfoASN) / \
+                                     sizeof(ASNItem))
+
+enum {
+    ALT_SPUBKEYINFO_SEQ = 0,
+    ALT_SPUBKEYINFO_ALGO_SEQ,
+    ALT_SPUBKEYINFO_ALGO_OID,
+    ALT_SPUBKEYINFO_ALGO_NULL,
+    ALT_SPUBKEYINFO_ALGO_CURVEID,
+#ifdef WC_RSA_PSS
+    ALT_SPUBKEYINFO_ALGO_P_SEQ,
+#endif
+    ALT_SPUBKEYINFO_PUBKEY
+};
+
+static int DecodeSubjAltPubKeyInfo(const byte* input, int sz, DecodedCert* cert)
+{
+    int ret = 0;
+    word32 idx = 0;
+    DECL_ASNGETDATA(dataASN, subjAltPubKeyInfoASN_Length);
+
+    WOLFSSL_ENTER("DecodeSubjAltPubKeyInfo");
+
+    if (ret == 0) {
+        CALLOC_ASNGETDATA(dataASN, subjAltPubKeyInfoASN_Length, ret,
+                          cert->heap);
+        (void)cert;
+    }
+
+    if (ret == 0) {
+        GetASN_OID(&dataASN[ALT_SPUBKEYINFO_ALGO_OID], oidKeyType);
+        GetASN_OID(&dataASN[ALT_SPUBKEYINFO_ALGO_CURVEID], oidCurveType);
+
+        ret = GetASN_Items(subjAltPubKeyInfoASN, dataASN,
+                           subjAltPubKeyInfoASN_Length, 1, input, &idx,
+                           (word32)sz);
+    }
+
+    if (ret == 0) {
+        /* dataASN[ALT_SPUBKEYINFO_SEQ].data.u8 */
+        cert->sapkiDer = (byte *)input;
+        /* dataASN[ALT_SPUBKEYINFO_SEQ].length */
+        cert->sapkiLen = sz;
+        cert->sapkiOID = dataASN[ALT_SPUBKEYINFO_ALGO_OID].data.oid.sum;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    WOLFSSL_LEAVE("DecodeSubjAltPubKeyInfo", ret);
+    return ret;
+}
+
+/* The alternative signature algorithm extension holds the same thing as a
+ * as a signature algorithm identifier. */
+static const ASNItem altSigAlgASN[] = {
+                          /* AltSigAlg            AlgorithmIdentifier */
+                          /* AlgorithmIdentifier ::= SEQUENCE */
+/* ALTSIG_ALGOID_SEQ                */ { 0, ASN_SEQUENCE, 1, 1, 0 },
+                          /* Algorithm    OBJECT IDENTIFIER */
+/* ALTSIG_ALGOID_OID                */     { 1, ASN_OBJECT_ID, 0, 0, 0 },
+                          /* parameters   ANY defined by algorithm OPTIONAL */
+/* ALTSIG_ALGOID_PARAMS_NULL        */     { 1, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/* ALTSIG_ALGOID_PARAMS             */     { 1, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+};
+
+#define altSigAlgASN_Length (sizeof(altSigAlgASN) / sizeof(ASNItem))
+
+enum {
+    ALTSIG_ALGOID_SEQ = 0,
+    ALTSIG_ALGOID_OID,
+    ALTSIG_ALGOID_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    ALTSIG_ALGOID_PARAMS,
+#endif
+};
+
+static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
+{
+    int ret = 0;
+    word32 idx = 0;
+    DECL_ASNGETDATA(dataASN, altSigAlgASN_Length);
+
+    WOLFSSL_ENTER("DecodeAltSigAlg");
+
+    if (ret == 0) {
+        CALLOC_ASNGETDATA(dataASN, altSigAlgASN_Length, ret, cert->heap);
+        (void)cert;
+    }
+
+    /* We do this to make sure the format of the extension is correct. */
+    if (ret == 0) {
+        GetASN_OID(&dataASN[ALTSIG_ALGOID_OID], oidSigType);
+
+        ret = GetASN_Items(altSigAlgASN, dataASN,
+                           altSigAlgASN_Length, 1, input, &idx,
+                           (word32)sz);
+    }
+
+    if (ret == 0) {
+        cert->altSigAlgDer = (byte *)input;
+        cert->altSigAlgLen = sz;
+        cert->altSigAlgOID = dataASN[ALTSIG_ALGOID_OID].data.oid.sum;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    WOLFSSL_LEAVE("DecodeAltSigAlg", ret);
+    return ret;
+}
+
+/* The alternative signature value extension holds an ASN.1 bitstring just
+ * like a traditional signature in the certificate. */
+static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert)
+{
+    (void)cert;
+    int ret = 0;
+    word32 idx = 0;
+    int len = 0;
+
+    WOLFSSL_ENTER("DecodeAltSigVal");
+
+    if (ret == 0) {
+        ret = CheckBitString(input, &idx, &len, sz, 1, NULL);
+    }
+
+    if (ret == 0) {
+        cert->altSigValDer = (byte *)input + idx;
+        cert->altSigValLen = len;
+    }
+
+    WOLFSSL_LEAVE("DecodeAltSigVal", ret);
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
 /* Macro to check if bit is set, if not sets and return success.
     Otherwise returns failure */
 /* Macro required here because bit-field operation */
@@ -20516,20 +21405,22 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
 
         /* Certificate policies. */
         case CERT_POLICY_OID:
-        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+        #ifdef WOLFSSL_SEP
             VERIFY_AND_SET_OID(cert->extCertPolicySet);
-            #if defined(OPENSSL_EXTRA) || \
-                defined(OPENSSL_EXTRA_X509_SMALL)
-                cert->extCertPolicyCrit = critical ? 1 : 0;
-            #endif
+            cert->extCertPolicyCrit = critical ? 1 : 0;
         #endif
-        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \
-            defined(WOLFSSL_QT)
+        #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
             if (DecodeCertPolicy(input, length, cert) < 0) {
                 ret = ASN_PARSE_E;
             }
         #else
-            WOLFSSL_MSG("Certificate Policy extension not supported yet.");
+            WOLFSSL_MSG("Certificate Policy extension not supported.");
+            #ifndef WOLFSSL_NO_ASN_STRICT
+            if (critical) {
+                WOLFSSL_ERROR_VERBOSE(ASN_CRIT_EXT_E);
+                ret = ASN_CRIT_EXT_E;
+            }
+            #endif
         #endif
             break;
 
@@ -20615,6 +21506,23 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
                 return ASN_PARSE_E;
             break;
     #endif
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        case SUBJ_ALT_PUB_KEY_INFO_OID:
+            VERIFY_AND_SET_OID(cert->extSapkiSet);
+            if (DecodeSubjAltPubKeyInfo(&input[idx], length, cert) < 0)
+                return ASN_PARSE_E;
+            break;
+        case ALT_SIG_ALG_OID:
+            VERIFY_AND_SET_OID(cert->extAltSigAlgSet);
+            if (DecodeAltSigAlg(&input[idx], length, cert) < 0)
+                return ASN_PARSE_E;
+            break;
+        case ALT_SIG_VAL_OID:
+            VERIFY_AND_SET_OID(cert->extAltSigValSet);
+            if (DecodeAltSigVal(&input[idx], length, cert) < 0)
+                return ASN_PARSE_E;
+            break;
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
         default:
             if (isUnknownExt != NULL)
                 *isUnknownExt = 1;
@@ -20673,8 +21581,7 @@ enum {
 #define certExtASN_Length (sizeof(certExtASN) / sizeof(ASNItem))
 #endif
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
 int wc_SetUnknownExtCallback(DecodedCert* cert,
                              wc_UnknownExtCallback cb) {
     if (cert == NULL) {
@@ -20684,7 +21591,18 @@ int wc_SetUnknownExtCallback(DecodedCert* cert,
     cert->unknownExtCallback = cb;
     return 0;
 }
-#endif
+
+int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
+                               wc_UnknownExtCallbackEx cb, void *ctx) {
+    if (cert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    cert->unknownExtCallbackEx = cb;
+    cert->unknownExtCallbackExCtx = ctx;
+    return 0;
+}
+#endif /* WC_ASN_UNKNOWN_EXT_CB */
 
 /*
  *  Processing the Certificate Extensions. This does not modify the current
@@ -20775,7 +21693,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
 
         ret = DecodeExtensionType(input + idx, (word32)length, oid, critical,
             cert, NULL);
-        if (ret == ASN_CRIT_EXT_E) {
+        if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
             ret = 0;
             criticalFail = 1;
         }
@@ -20838,8 +21756,9 @@ end:
             /* Decode the extension by type. */
             ret = DecodeExtensionType(input + idx, length, oid, critical, cert,
                                       &isUnknownExt);
-#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING)
-            if (isUnknownExt && (cert->unknownExtCallback != NULL)) {
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+            if (isUnknownExt && (cert->unknownExtCallback != NULL ||
+                                 cert->unknownExtCallbackEx != NULL)) {
                 word16 decOid[MAX_OID_SZ];
                 word32 decOidSz = sizeof(decOid);
                 ret = DecodeObjectId(
@@ -20853,19 +21772,29 @@ end:
                     WOLFSSL_ERROR(ret);
                 }
 
-                ret = cert->unknownExtCallback(decOid, decOidSz, critical,
-                          dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
-                          dataASN[CERTEXTASN_IDX_VAL].length);
+                if ((ret == 0) && (cert->unknownExtCallback != NULL)) {
+                    ret = cert->unknownExtCallback(decOid, decOidSz, critical,
+                              dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
+                              dataASN[CERTEXTASN_IDX_VAL].length);
+                }
+
+                if ((ret == 0) && (cert->unknownExtCallbackEx != NULL)) {
+                    ret = cert->unknownExtCallbackEx(decOid, decOidSz, critical,
+                              dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
+                              dataASN[CERTEXTASN_IDX_VAL].length,
+                              cert->unknownExtCallbackExCtx);
+                }
             }
-#endif
+#else
             (void)isUnknownExt;
+#endif
 
             /* Move index on to next extension. */
             idx += length;
         }
         /* Don't fail criticality until all other extensions have been checked.
          */
-        if (ret == ASN_CRIT_EXT_E) {
+        if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
             criticalRet = ASN_CRIT_EXT_E;
             ret = 0;
         }
@@ -20912,7 +21841,7 @@ enum {
 #ifdef WC_RSA_PSS
     RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ,
 #endif
-    RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY,
+    RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY
 };
 
 #endif /* HAVE_RPK */
@@ -21041,12 +21970,12 @@ enum {
 /* Check the data data.
  *
  * @param [in] dataASN   ASN template dynamic data item.
- * @param [in] dataType  BEFORE or AFTER date.
+ * @param [in] dataType  ASN_BEFORE or ASN_AFTER date.
  * @return  0 on success.
  * @return  ASN_TIME_E when BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  */
 static int CheckDate(ASNGetData *dataASN, int dateType)
 {
@@ -21064,14 +21993,18 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
     }
 
 #ifndef NO_ASN_TIME_CHECK
-    /* Check date is a valid string and BEFORE or AFTER now. */
-    if ((ret == 0) &&
-            (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) {
-        if (dateType == BEFORE) {
-            ret = ASN_BEFORE_DATE_E;
-        }
-        else {
-            ret = ASN_AFTER_DATE_E;
+    /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */
+    if (ret == 0) {
+        if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType)) {
+            if (dateType == ASN_BEFORE) {
+                ret = ASN_BEFORE_DATE_E;
+            }
+            else if (dateType == ASN_AFTER) {
+                ret = ASN_AFTER_DATE_E;
+            }
+            else {
+                ret = ASN_TIME_E;
+            }
         }
     }
 #endif
@@ -21086,14 +22019,14 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
  * @param [in]  verify           Whether to verify dates before and after now.
  * @param [out] criticalExt      Critical extension return code.
  * @param [out] badDateRet       Bad date return code.
- * @param [in]  stopAtPubKey     Stop parsing before subkectPublicKeyInfo.
- * @param [in]  stopAfterPubKey  Stop parsing after subkectPublicKeyInfo.
+ * @param [in]  stopAtPubKey     Stop parsing before subjectPublicKeyInfo.
+ * @param [in]  stopAfterPubKey  Stop parsing after subjectPublicKeyInfo.
  * @return  0 on success.
  * @return  ASN_CRIT_EXT_E when a critical extension was not recognized.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
@@ -21110,9 +22043,9 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
     DECL_ASNGETDATA(dataASN, x509CertASN_Length);
     int ret = 0;
     int badDate = 0;
-    byte version;
+    byte version = 0;
     word32 idx;
-    word32 serialSz;
+    word32 serialSz = 0;
     const unsigned char* issuer = NULL;
     word32 issuerSz = 0;
     const unsigned char* subject = NULL;
@@ -21195,33 +22128,52 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         /* Set fields extracted from data. */
         cert->version = version;
         cert->serialSz = (int)serialSz;
+
+    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \
+        !defined(WOLFSSL_ASN_ALLOW_0_SERIAL)
+        /* RFC 5280 section 4.1.2.2 states that non-conforming CAs may issue
+         * a negative or zero serial number and should be handled gracefully.
+         * Since it is a non-conforming CA that issues a serial of 0 then we
+         * treat it as an error here. */
+        if (cert->serialSz == 1 && cert->serial[0] == 0) {
+            WOLFSSL_MSG("Error serial number of 0, use WOLFSSL_NO_ASN_STRICT "
+                "if wanted");
+            ret = ASN_PARSE_E;
+        }
+    #endif
+        if (cert->serialSz == 0) {
+            WOLFSSL_MSG("Error serial size is zero. Should be at least one "
+                        "even with no serial number.");
+            ret = ASN_PARSE_E;
+        }
+
         cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum;
         cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum;
         cert->certBegin = dataASN[X509CERTASN_IDX_TBS_SEQ].offset;
 
         /* No bad date error - don't always care. */
         badDate = 0;
-        /* Find the item with the BEFORE date and check it. */
+        /* Find the item with the ASN_BEFORE date and check it. */
         i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
                 ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
                 : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
-        if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) &&
+        if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) &&
                 (verify != VERIFY_SKIP_DATE)) {
             badDate = ASN_BEFORE_DATE_E;
         }
-        /* Store reference to BEFOREdate. */
+        /* Store reference to ASN_BEFORE date. */
         cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source);
         cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
 
-        /* Find the item with the AFTER date and check it. */
+        /* Find the item with the ASN_AFTER date and check it. */
         i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
                 ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
                 : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
-        if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) &&
+        if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) &&
                 (verify != VERIFY_SKIP_DATE)) {
             badDate = ASN_AFTER_DATE_E;
         }
-        /* Store reference to AFTER date. */
+        /* Store reference to ASN_AFTER date. */
         cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source);
         cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
 
@@ -21259,16 +22211,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         }
         /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
         else if (IsSigAlgoECC(cert->signatureOID)) {
-            if ((dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0)
-        #ifdef WC_RSA_PSS
-                || (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0)
-        #endif
-                ) {
+        #ifndef WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
+            if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0) {
                 WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
                 ret = ASN_PARSE_E;
             }
-        }
+        #endif
         #ifdef WC_RSA_PSS
+            if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                ret = ASN_PARSE_E;
+            }
+        #endif
+        }
+    #ifdef WC_RSA_PSS
         /* Check parameters starting with a SEQUENCE. */
         else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
             word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
@@ -21310,7 +22266,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
                 cert->sigParamsLength = sigAlgParamsSz;
             }
         }
-        #endif
+    #endif
     }
     if ((ret == 0) && (!done)) {
         pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset;
@@ -21352,13 +22308,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
     if ((ret == 0) && (issuer != NULL)) {
         idx = 0;
         /* Put issuer into cert and calculate hash. */
-        ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer,
+        ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer,
             &idx, issuerSz);
     }
     if ((ret == 0) && (subject != NULL)) {
         idx = 0;
         /* Put subject into cert and calculate hash. */
-        ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
+        ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
             subject, &idx, subjectSz);
     }
     if (ret == 0) {
@@ -21388,7 +22344,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         /* Decode the extension data starting at [3]. */
         ret = DecodeCertExtensions(cert);
         if (criticalExt != NULL) {
-            if (ret == ASN_CRIT_EXT_E) {
+            if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
                 /* Return critical extension not recognized. */
                 *criticalExt = ret;
                 ret = 0;
@@ -21420,8 +22376,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
  * @return  ASN_CRIT_EXT_E when a critical extension was not recognized.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
  * @return  ASN_DATE_SZ_E when time data is not supported.
- * @return  ASN_BEFORE_DATE_E when BEFORE date is invalid.
- * @return  ASN_AFTER_DATE_E when AFTER date is invalid.
+ * @return  ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
+ * @return  ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
@@ -21579,7 +22535,7 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
 
             /* Decode and validate extensions. */
             ret = DecodeCertExtensions(cert);
-            if (ret == ASN_CRIT_EXT_E) {
+            if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
                 /* Return critical extension not recognized. */
                 *criticalExt = ret;
                 ret = 0;
@@ -21730,7 +22686,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 {
     DECL_ASNGETDATA(dataASN, certReqASN_Length);
     int ret = 0;
-    byte version;
+    byte version = 0;
     word32 idx;
 
     CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap);
@@ -21766,7 +22722,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 
         /* Parse the subject name. */
         idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset;
-        ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT,
+        ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
                           cert->source, &idx,
                           dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset);
     }
@@ -21806,7 +22762,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
     char* ptr;
 #endif
 
-    ret = ParseCertRelative(cert, type, verify, cm);
+    ret = ParseCertRelative(cert, type, verify, cm, NULL);
     if (ret < 0)
         return ret;
 
@@ -22339,8 +23295,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
 
     FreeSignatureCtx(sigCtx);
 #ifdef WOLFSSL_SMALL_STACK
-    if (sigCtx != NULL)
-        XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
 #endif
     return ret;
 #else /* WOLFSSL_ASN_TEMPLATE */
@@ -22559,9 +23514,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
-#ifdef OPENSSL_EXTRA
-/* Call CheckCertSignature_ex using a public key buffer for verification
- */
+/* Call CheckCertSignature_ex using a public key buffer for verification */
 int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
         const byte* pubKey, word32 pubKeySz, int pubKeyOID)
 {
@@ -22569,6 +23522,7 @@ int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
             pubKey, pubKeySz, pubKeyOID, 0);
 }
 
+/* Call CheckCertSignature_ex using a public key and oid */
 int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap,
         const byte* pubKey, word32 pubKeySz, int pubKeyOID)
 {
@@ -22584,15 +23538,12 @@ int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
             pubKey, pubKeySz, pubKeyOID, 1);
 }
 #endif /* WOLFSSL_CERT_REQ */
-#endif /* OPENSSL_EXTRA */
-#ifdef WOLFSSL_SMALL_CERT_VERIFY
-/* Call CheckCertSignature_ex using a certificate manager (cm)
- */
-int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
+
+/* Call CheckCertSignature_ex using a certificate manager (cm) */
+int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
 {
     return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0);
 }
-#endif /* WOLFSSL_SMALL_CERT_VERIFY */
 #endif /* WOLFSSL_SMALL_CERT_VERIFY || OPENSSL_EXTRA */
 
 #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
@@ -22602,9 +23553,9 @@ typedef struct DecodeInstr {
     /* Tag expected. */
     byte tag;
     /* Operation to perform: step in or go over */
-    byte op:1;
+    WC_BITFIELD op:1;
     /* ASN.1 item is optional. */
-    byte optional:1;
+    WC_BITFIELD optional:1;
 } DecodeInstr;
 
 /* Step into ASN.1 item. */
@@ -22628,7 +23579,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
     const unsigned char** pubKey, word32* pubKeySz)
 {
     int ret = 0;
-    int l;
+    int l = 0;
     word32 o = 0;
     int i;
     static DecodeInstr ops[] = {
@@ -22697,8 +23648,32 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
     return ret;
 }
 #endif
+#ifdef HAVE_OCSP
+Signer* findSignerByKeyHash(Signer *list, byte *hash)
+{
+    Signer *s;
+    for (s = list; s != NULL; s = s->next) {
+        if (XMEMCMP(s->subjectKeyHash, hash, KEYID_SIZE) == 0) {
+            return s;
+        }
+    }
+    return NULL;
+}
+#endif /* WOLFSSL_OCSP */
 
-int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
+Signer* findSignerByName(Signer *list, byte *hash)
+{
+    Signer *s;
+    for (s = list; s != NULL; s = s->next) {
+        if (XMEMCMP(s->subjectNameHash, hash, SIGNER_DIGEST_SIZE) == 0) {
+            return s;
+        }
+    }
+    return NULL;
+}
+
+int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
+                      Signer *extraCAList)
 {
     int    ret = 0;
 #ifndef WOLFSSL_ASN_TEMPLATE
@@ -22711,6 +23686,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
     int    idx = 0;
 #endif
     byte*  sce_tsip_encRsaKeyIdx;
+    (void)extraCAList;
 
     if (cert == NULL) {
         return BAD_FUNC_ARG;
@@ -22726,7 +23702,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         cert->badDate = 0;
         cert->criticalExt = 0;
         if ((ret = DecodeToKey(cert, verify)) < 0) {
-            if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) {
+            if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) ||
+                ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
                 cert->badDate = ret;
                 if (verify == VERIFY_SKIP_DATE)
                     ret = 0;
@@ -22889,7 +23866,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
                         cert->extensionsIdx = cert->srcIdx; /* for potential later use */
 
                         if ((ret = DecodeCertExtensions(cert)) < 0) {
-                            if (ret == ASN_CRIT_EXT_E) {
+                            if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
                                 cert->criticalExt = ret;
                             }
                             else {
@@ -22923,7 +23900,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
             cert->extensionsIdx = cert->srcIdx;   /* for potential later use */
 
             if ((ret = DecodeCertExtensions(cert)) < 0) {
-                if (ret == ASN_CRIT_EXT_E)
+                if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E))
                     cert->criticalExt = ret;
                 else
                     return ret;
@@ -22976,7 +23953,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
 #endif
         {
             ret = DecodeCert(cert, verify, &cert->criticalExt);
-            if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) {
+            if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) ||
+                ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
                 cert->badDate = ret;
                 if (verify == VERIFY_SKIP_DATE)
                     ret = 0;
@@ -23027,8 +24005,13 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         if (!cert->selfSigned || (verify != NO_VERIFY && type != CA_TYPE &&
                                                    type != TRUSTED_PEER_TYPE)) {
             cert->ca = NULL;
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
+        if (extraCAList != NULL) {
+            cert->ca = findSignerByName(extraCAList, cert->issuerHash);
+        }
+#endif
     #ifndef NO_SKID
-            if (cert->extAuthKeyIdSet) {
+            if (cert->ca == NULL && cert->extAuthKeyIdSet) {
                 cert->ca = GetCA(cm, cert->extAuthKeyId);
         #ifdef WOLFSSL_AKID_NAME
                 if (cert->ca == NULL) {
@@ -23098,7 +24081,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
                     }
                 }
                 else {
-                    cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1,
+                    cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1U,
                                            cert->maxPathLen);
                 }
             }
@@ -23173,13 +24156,19 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         if (cert->ca) {
             if (verify == VERIFY || verify == VERIFY_OCSP ||
                                                  verify == VERIFY_SKIP_DATE) {
+                word32 keyOID = cert->ca->keyOID;
+            #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+                if (cert->selfSigned && (cert->signatureOID == CTC_SM3wSM2)) {
+                    keyOID = SM2k;
+                }
+            #endif
                 /* try to confirm/verify signature */
                 if ((ret = ConfirmSignature(&cert->sigCtx,
                         cert->source + cert->certBegin,
                         cert->sigIndex - cert->certBegin,
                         cert->ca->publicKey, cert->ca->pubKeySize,
-                        cert->ca->keyOID, cert->signature,
-                        cert->sigLength, cert->signatureOID,
+                        keyOID, cert->signature, cert->sigLength,
+                        cert->signatureOID,
                     #ifdef WC_RSA_PSS
                         cert->source + cert->sigParamsIndex,
                         cert->sigParamsLength,
@@ -23187,12 +24176,50 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
                         NULL, 0,
                     #endif
                         sce_tsip_encRsaKeyIdx)) != 0) {
-                    if (ret != WC_PENDING_E) {
+                    if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         WOLFSSL_MSG("Confirm signature failed");
                     }
                     WOLFSSL_ERROR_VERBOSE(ret);
                     return ret;
                 }
+
+            #ifdef WOLFSSL_DUAL_ALG_CERTS
+                if ((ret == 0) && cert->extAltSigAlgSet &&
+                    cert->extAltSigValSet) {
+                #ifndef WOLFSSL_SMALL_STACK
+                    byte der[WC_MAX_CERT_VERIFY_SZ];
+                #else
+                    byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap,
+                                            DYNAMIC_TYPE_DCERT);
+                    if (der == NULL) {
+                        ret = MEMORY_E;
+                    } else
+                #endif /* ! WOLFSSL_SMALL_STACK */
+                    {
+                        ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ);
+
+                        if (ret > 0) {
+                            ret = ConfirmSignature(&cert->sigCtx, der, ret,
+                                    cert->ca->sapkiDer, cert->ca->sapkiLen,
+                                    cert->ca->sapkiOID, cert->altSigValDer,
+                                    cert->altSigValLen, cert->altSigAlgOID,
+                                    NULL, 0, NULL);
+                        }
+                #ifdef WOLFSSL_SMALL_STACK
+                        XFREE(der, cert->heap, DYNAMIC_TYPE_DCERT);
+                #endif /* WOLFSSL_SMALL_STACK */
+
+                        if (ret != 0) {
+                            WOLFSSL_MSG("Confirm alternative signature failed");
+                            WOLFSSL_ERROR_VERBOSE(ret);
+                            return ret;
+                        }
+                        else {
+                            WOLFSSL_MSG("Alt signature has been verified!");
+                        }
+                    }
+                }
+            #endif /* WOLFSSL_DUAL_ALG_CERTS */
             }
         #ifndef IGNORE_NAME_CONSTRAINTS
             if (verify == VERIFY || verify == VERIFY_OCSP ||
@@ -23209,6 +24236,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         }
 #ifdef WOLFSSL_CERT_REQ
         else if (type == CERTREQ_TYPE) {
+            /* try to confirm/verify signature */
             if ((ret = ConfirmSignature(&cert->sigCtx,
                     cert->source + cert->certBegin,
                     cert->sigIndex - cert->certBegin,
@@ -23221,19 +24249,59 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
                     NULL, 0,
                 #endif
                     sce_tsip_encRsaKeyIdx)) != 0) {
-                if (ret != WC_PENDING_E) {
+                if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     WOLFSSL_MSG("Confirm signature failed");
                 }
                 WOLFSSL_ERROR_VERBOSE(ret);
                 return ret;
             }
+
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            if ((ret == 0) && cert->extAltSigAlgSet &&
+                cert->extAltSigValSet) {
+            #ifndef WOLFSSL_SMALL_STACK
+                byte der[WC_MAX_CERT_VERIFY_SZ];
+            #else
+                byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap,
+                                        DYNAMIC_TYPE_DCERT);
+                if (der == NULL) {
+                    ret = MEMORY_E;
+                } else
+            #endif /* ! WOLFSSL_SMALL_STACK */
+                {
+                    ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ);
+
+                    if (ret > 0) {
+                        ret = ConfirmSignature(&cert->sigCtx, der, ret,
+                                cert->sapkiDer, cert->sapkiLen,
+                                cert->sapkiOID, cert->altSigValDer,
+                                cert->altSigValLen, cert->altSigAlgOID,
+                                NULL, 0, NULL);
+                    }
+            #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(der, cert->heap, DYNAMIC_TYPE_DCERT);
+            #endif /* WOLFSSL_SMALL_STACK */
+
+                    if (ret != 0) {
+                        WOLFSSL_MSG("Confirm alternative signature failed");
+                        WOLFSSL_ERROR_VERBOSE(ret);
+                        return ret;
+                    }
+                    else {
+                        WOLFSSL_MSG("Alt signature has been verified!");
+                    }
+                }
+            }
+        #endif /* WOLFSSL_DUAL_ALG_CERTS */
         }
 #endif
         else {
             /* no signer */
             WOLFSSL_MSG("No CA signer to verify with");
+            /* If you end up here with error -188,
+             * consider using WOLFSSL_ALT_CERT_CHAINS. */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            /* ret needs to be self-signer error for Qt compat */
+            /* ret needs to be self-signer error for openssl compatibility */
             if (cert->selfSigned) {
                 WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E);
                 return ASN_SELF_SIGNED_E;
@@ -23264,6 +24332,89 @@ exit_pcr:
     return ret;
 }
 
+int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)
+{
+    int ret = 0;
+
+    if (signer == NULL || cert == NULL)
+        return BAD_FUNC_ARG;
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    if (ret == 0 && signer != NULL) {
+        if (cert->extSapkiSet && cert->sapkiLen > 0) {
+            /* Allocated space for alternative public key. */
+            signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cert->heap,
+                                              DYNAMIC_TYPE_PUBLIC_KEY);
+            if (signer->sapkiDer == NULL) {
+                ret = MEMORY_E;
+            }
+            else {
+                XMEMCPY(signer->sapkiDer, cert->sapkiDer, cert->sapkiLen);
+                signer->sapkiLen = cert->sapkiLen;
+                signer->sapkiOID = cert->sapkiOID;
+            }
+        }
+    }
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL)
+    if (ret == 0 && signer != NULL)
+        ret = CalcHashId(cert->serial, (word32)cert->serialSz,
+                         signer->serialHash);
+#endif
+    if (ret == 0 && signer != NULL) {
+    #ifdef WOLFSSL_SIGNER_DER_CERT
+        ret = AllocDer(&signer->derCert, der->length, der->type, NULL);
+    }
+    if (ret == 0 && signer != NULL) {
+        XMEMCPY(signer->derCert->buffer, der->buffer, der->length);
+    #else
+    (void)der;
+    #endif
+        signer->keyOID         = cert->keyOID;
+        if (cert->pubKeyStored) {
+            signer->publicKey      = cert->publicKey;
+            signer->pubKeySize     = cert->pubKeySize;
+        }
+
+        if (cert->subjectCNStored) {
+            signer->nameLen        = cert->subjectCNLen;
+            signer->name           = cert->subjectCN;
+        }
+        signer->maxPathLen     = cert->maxPathLen;
+        signer->selfSigned     = cert->selfSigned;
+    #ifndef IGNORE_NAME_CONSTRAINTS
+        signer->permittedNames = cert->permittedNames;
+        signer->excludedNames  = cert->excludedNames;
+    #endif
+    #ifndef NO_SKID
+        XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
+                SIGNER_DIGEST_SIZE);
+    #endif
+        XMEMCPY(signer->subjectNameHash, cert->subjectHash,
+                SIGNER_DIGEST_SIZE);
+    #if defined(HAVE_OCSP) || defined(HAVE_CRL)
+        XMEMCPY(signer->issuerNameHash, cert->issuerHash,
+                SIGNER_DIGEST_SIZE);
+    #endif
+    #ifdef HAVE_OCSP
+        XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash,
+                KEYID_SIZE);
+    #endif
+        signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
+                                                : 0xFFFF;
+        signer->next    = NULL; /* If Key Usage not set, all uses valid. */
+        cert->publicKey = 0;    /* in case lock fails don't free here.   */
+        cert->subjectCN = 0;
+    #ifndef IGNORE_NAME_CONSTRAINTS
+        cert->permittedNames = NULL;
+        cert->excludedNames = NULL;
+    #endif
+        signer->type = (byte)type;
+    }
+    return ret;
+}
+
 /* Create and init an new signer */
 Signer* MakeSigner(void* heap)
 {
@@ -23292,6 +24443,9 @@ void FreeSigner(Signer* signer, void* heap)
     (void)heap;
     XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
     XFREE((void*)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    XFREE(signer->sapkiDer, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+#endif
 #ifndef IGNORE_NAME_CONSTRAINTS
     if (signer->permittedNames)
         FreeNameSubtrees(signer->permittedNames, heap);
@@ -23329,6 +24483,28 @@ void FreeSignerTable(Signer** table, int rows, void* heap)
     }
 }
 
+void FreeSignerTableType(Signer** table, int rows, byte type, void* heap)
+{
+    int i;
+
+    for (i = 0; i < rows; i++) {
+        Signer* signer = table[i];
+        Signer** next = &table[i];
+
+        while (signer) {
+            if (signer->type == type) {
+                *next = signer->next;
+                FreeSigner(signer, heap);
+                signer = *next;
+            }
+            else {
+                next = &signer->next;
+                signer = signer->next;
+            }
+        }
+    }
+}
+
 #ifdef WOLFSSL_TRUST_PEER_CERT
 /* Free an individual trusted peer cert.
  *
@@ -23341,13 +24517,9 @@ void FreeTrustedPeer(TrustedPeerCert* tp, void* heap)
         return;
     }
 
-    if (tp->name) {
-        XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
-    }
+    XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
 
-    if (tp->sig) {
-        XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE);
-    }
+    XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE);
 #ifndef IGNORE_NAME_CONSTRAINTS
     if (tp->permittedNames)
         FreeNameSubtrees(tp->permittedNames, heap);
@@ -23498,7 +24670,7 @@ int wc_GetSerialNumber(const byte* input, word32* inOutIdx,
 
 int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     if (pDer) {
         int dynType = 0;
         DerBuffer* der;
@@ -23529,18 +24701,31 @@ int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
         der->buffer = (byte*)der + sizeof(DerBuffer);
         der->length = length;
         ret = 0; /* Success */
+    } else {
+        ret = BAD_FUNC_ARG;
     }
     return ret;
 }
 
+int AllocCopyDer(DerBuffer** pDer, const unsigned char* buff, word32 length,
+    int type, void* heap)
+{
+    int ret = AllocDer(pDer, length, type, heap);
+    if (ret == 0) {
+        XMEMCPY((*pDer)->buffer, buff, length);
+    }
+
+    return ret;
+}
+
 void FreeDer(DerBuffer** pDer)
 {
-    if (pDer && *pDer)
-    {
+    if (pDer && *pDer) {
         DerBuffer* der = (DerBuffer*)*pDer;
 
         /* ForceZero private keys */
-        if (der->type == PRIVATEKEY_TYPE && der->buffer != NULL) {
+        if (((der->type == PRIVATEKEY_TYPE) ||
+             (der->type == ALT_PRIVATEKEY_TYPE)) && der->buffer != NULL) {
             ForceZero(der->buffer, der->length);
         }
         der->buffer = NULL;
@@ -23572,6 +24757,10 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
     wcchar BEGIN_CERT_REQ   = "-----BEGIN CERTIFICATE REQUEST-----";
     wcchar END_CERT_REQ     = "-----END CERTIFICATE REQUEST-----";
 #endif
+#if defined(WOLFSSL_ACERT)
+    wcchar BEGIN_ACERT      = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
+    wcchar END_ACERT        = "-----END ATTRIBUTE CERTIFICATE-----";
+#endif /* WOLFSSL_ACERT */
 #ifndef NO_DH
     wcchar BEGIN_DH_PARAM   = "-----BEGIN DH PARAMETERS-----";
     wcchar END_DH_PARAM     = "-----END DH PARAMETERS-----";
@@ -23584,6 +24773,8 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
 #endif
 wcchar BEGIN_X509_CRL       = "-----BEGIN X509 CRL-----";
 wcchar END_X509_CRL         = "-----END X509 CRL-----";
+wcchar BEGIN_TRUSTED_CERT   = "-----BEGIN TRUSTED CERTIFICATE-----";
+wcchar END_TRUSTED_CERT     = "-----END TRUSTED CERTIFICATE-----";
 wcchar BEGIN_RSA_PRIV       = "-----BEGIN RSA PRIVATE KEY-----";
 wcchar END_RSA_PRIV         = "-----END RSA PRIVATE KEY-----";
 wcchar BEGIN_RSA_PUB        = "-----BEGIN RSA PUBLIC KEY-----";
@@ -23600,6 +24791,10 @@ wcchar END_ENC_PRIV_KEY     = "-----END ENCRYPTED PRIVATE KEY-----";
     wcchar END_EC_PARAM     = "-----END EC PARAMETERS-----";
 #endif
 #endif
+#ifdef HAVE_PKCS7
+wcchar BEGIN_PKCS7          = "-----BEGIN PKCS7-----";
+wcchar END_PKCS7            = "-----END PKCS7-----";
+#endif
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
                                                                 !defined(NO_DSA)
     wcchar BEGIN_DSA_PRIV   = "-----BEGIN DSA PRIVATE KEY-----";
@@ -23616,7 +24811,6 @@ wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";
     wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
     wcchar END_EDDSA_PRIV   = "-----END EDDSA PRIVATE KEY-----";
 #endif
-#if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
     wcchar BEGIN_FALCON_LEVEL1_PRIV  = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
     wcchar END_FALCON_LEVEL1_PRIV    = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
@@ -23624,12 +24818,20 @@ wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";
     wcchar END_FALCON_LEVEL5_PRIV   = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL2_PRIV   = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
     wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL3_PRIV   = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
     wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL5_PRIV   = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
+    #endif
+    wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL2_PRIV   = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----";
+    wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL3_PRIV   = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----";
+    wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL5_PRIV   = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_DILITHIUM */
 #if defined(HAVE_SPHINCS)
     wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
@@ -23646,7 +24848,6 @@ wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";
     wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
     wcchar END_SPHINCS_SMALL_LEVEL5_PRIV   = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
 
 const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----"
                                              "-----END X509 CRL-----");
@@ -23666,7 +24867,7 @@ static WC_INLINE const char* SkipEndOfLineChars(const char* line,
 
 int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (type) {
         case CA_TYPE:       /* same as below */
@@ -23709,6 +24910,20 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             ret = 0;
             break;
     #endif
+    #ifdef HAVE_PKCS7
+        case PKCS7_TYPE:
+            if (header) *header = BEGIN_PKCS7;
+            if (footer) *footer = END_PKCS7;
+            ret = 0;
+            break;
+    #endif
+    #if defined(WOLFSSL_ACERT)
+        case ACERT_TYPE:
+            if (header) *header = BEGIN_ACERT;
+            if (footer) *footer = END_ACERT;
+            ret = 0;
+            break;
+    #endif /* WOLFSSL_ACERT */
     #ifndef NO_DSA
         case DSA_TYPE:
         case DSA_PRIVATEKEY_TYPE:
@@ -23734,6 +24949,9 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
     #endif
         case RSA_TYPE:
         case PRIVATEKEY_TYPE:
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        case ALT_PRIVATEKEY_TYPE:
+    #endif
             if (header) *header = BEGIN_RSA_PRIV;
             if (footer) *footer = END_RSA_PRIV;
             ret = 0;
@@ -23751,7 +24969,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             ret = 0;
             break;
     #endif
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
         case FALCON_LEVEL1_TYPE:
             if (header) *header = BEGIN_FALCON_LEVEL1_PRIV;
@@ -23765,6 +24982,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             break;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_TYPE:
             if (header) *header = BEGIN_DILITHIUM_LEVEL2_PRIV;
             if (footer) *footer = END_DILITHIUM_LEVEL2_PRIV;
@@ -23780,6 +24998,22 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV;
             ret = 0;
             break;
+    #endif
+        case ML_DSA_LEVEL2_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL2_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL2_PRIV;
+            ret = 0;
+            break;
+        case ML_DSA_LEVEL3_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL3_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL3_PRIV;
+            ret = 0;
+            break;
+        case ML_DSA_LEVEL5_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL5_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL5_PRIV;
+            ret = 0;
+            break;
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         case SPHINCS_FAST_LEVEL1_TYPE:
@@ -23813,7 +25047,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             ret = 0;
             break;
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
         case PUBLICKEY_TYPE:
         case ECC_PUBLICKEY_TYPE:
             if (header) *header = BEGIN_PUB_KEY;
@@ -23838,7 +25071,13 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_ENC_PRIV_KEY;
             ret = 0;
             break;
+        case TRUSTED_CERT_TYPE:
+            if (header) *header = BEGIN_TRUSTED_CERT;
+            if (footer) *footer = END_TRUSTED_CERT;
+            ret = 0;
+            break;
         default:
+            ret = BAD_FUNC_ARG;
             break;
     }
     return ret;
@@ -24082,8 +25321,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     char header[MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE];
     char footer[MAX_X509_HEADER_SZ];
 #endif
-    int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE;
-    int footerLen = MAX_X509_HEADER_SZ;
+    size_t headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE;
+    size_t footerLen = MAX_X509_HEADER_SZ;
     int i;
     int err;
     int outLen;   /* return length or error */
@@ -24110,9 +25349,9 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
 #endif
 
     /* build header and footer based on type */
-    XSTRNCPY(header, headerStr, (size_t)headerLen - 1);
+    XSTRNCPY(header, headerStr, headerLen - 1);
     header[headerLen - 2] = 0;
-    XSTRNCPY(footer, footerStr, (size_t)footerLen - 1);
+    XSTRNCPY(footer, footerStr, footerLen - 1);
     footer[footerLen - 2] = 0;
 
     /* add new line to end */
@@ -24120,7 +25359,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     XSTRNCAT(footer, "\n", 2);
 
 #ifdef WOLFSSL_ENCRYPTED_KEYS
-    err = wc_EncryptedInfoAppend(header, headerLen, (char*)cipher_info);
+    err = wc_EncryptedInfoAppend(header, (int)headerLen, (char*)cipher_info);
     if (err != 0) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -24130,8 +25369,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     }
 #endif
 
-    headerLen = (int)XSTRLEN(header);
-    footerLen = (int)XSTRLEN(footer);
+    headerLen = XSTRLEN(header);
+    footerLen = XSTRLEN(footer);
 
     /* if null output and 0 size passed in then return size needed */
     if (!output && outSz == 0) {
@@ -24141,11 +25380,11 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
 #endif
         outLen = 0;
         if ((err = Base64_Encode(der, derSz, NULL, (word32*)&outLen))
-                != LENGTH_ONLY_E) {
+                != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             WOLFSSL_ERROR_VERBOSE(err);
             return err;
         }
-        return headerLen + footerLen + outLen;
+        return (int)headerLen + (int)footerLen + outLen;
     }
 
     if (!der || !output) {
@@ -24167,14 +25406,14 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
 
     /* header */
     XMEMCPY(output, header, (size_t)headerLen);
-    i = headerLen;
+    i = (int)headerLen;
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     /* body */
-    outLen = (int)outSz - (headerLen + footerLen);  /* input to Base64_Encode */
+    outLen = (int)outSz - (int)(headerLen + footerLen);  /* input to Base64_Encode */
     if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -24185,7 +25424,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     i += outLen;
 
     /* footer */
-    if ( (i + footerLen) > (int)outSz) {
+    if ( (i + (int)footerLen) > (int)outSz) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -24197,7 +25436,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-    return outLen + headerLen + footerLen;
+    return outLen + (int)headerLen + (int)footerLen;
 }
 
 #endif /* WOLFSSL_DER_TO_PEM */
@@ -24211,9 +25450,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 {
     const char* header      = NULL;
     const char* footer      = NULL;
-    const char* headerEnd;
-    const char* footerEnd;
-    const char* consumedEnd;
+    const char* headerEnd   = NULL;
+    const char* footerEnd   = NULL;
+    const char* consumedEnd = NULL;
     const char* bufferEnd   = (const char*)(buff + longSz);
     long        neededSz;
     int         ret         = 0;
@@ -24241,7 +25480,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             break;
         }
 
-        if (type == PRIVATEKEY_TYPE) {
+        if (type == PRIVATEKEY_TYPE
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            || type == ALT_PRIVATEKEY_TYPE
+#endif
+           ) {
             if (header == BEGIN_RSA_PRIV) {
                 header = BEGIN_PRIV_KEY;
                 footer = END_PRIV_KEY;
@@ -24314,7 +25557,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     if (!headerEnd) {
 #ifdef OPENSSL_EXTRA
-        if (type == PRIVATEKEY_TYPE) {
+        if (type == PRIVATEKEY_TYPE
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+            || type == ALT_PRIVATEKEY_TYPE
+#endif
+           ) {
             /* see if there is a -----BEGIN * PRIVATE KEY----- header */
             headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz);
             if (headerEnd) {
@@ -24393,7 +25640,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     if (keyFormat) {
         /* keyFormat is Key_Sum enum */
-        if (type == PRIVATEKEY_TYPE) {
+        if (type == PRIVATEKEY_TYPE
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            || type == ALT_PRIVATEKEY_TYPE
+        #endif
+           ) {
         #ifndef NO_RSA
             if (header == BEGIN_RSA_PRIV)
                 *keyFormat = RSAk;
@@ -24506,7 +25757,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
         }
 
     #ifdef WOLFSSL_SMALL_STACK
-        password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
+        password = (char*)XMALLOC((size_t)passwordSz, heap, DYNAMIC_TYPE_STRING);
         if (password == NULL) {
             return MEMORY_E;
         }
@@ -24589,9 +25840,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && \
                     defined(HAVE_AES_DECRYPT)
                     if (info->cipherType == WC_CIPHER_AES_CBC) {
-                        if (der->length > AES_BLOCK_SIZE) {
+                        if (der->length > WC_AES_BLOCK_SIZE) {
                             padVal = der->buffer[der->length-1];
-                            if (padVal <= AES_BLOCK_SIZE) {
+                            if (padVal <= WC_AES_BLOCK_SIZE) {
                                 der->length -= (word32)padVal;
                             }
                         }
@@ -24602,14 +25853,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             }
 #ifdef OPENSSL_EXTRA
             if (ret) {
-                PEMerr(0, PEM_R_BAD_DECRYPT);
+                WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_DECRYPT_E);
             }
 #endif
             ForceZero(password, (word32)passwordSz);
         }
 #ifdef OPENSSL_EXTRA
         else {
-            PEMerr(0, PEM_R_BAD_PASSWORD_READ);
+            WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_PASSWORD_READ_E);
         }
 #endif
 
@@ -24732,7 +25983,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz,
     }
 
     if (type != CERT_TYPE && type != CHAIN_CERT_TYPE && type != CA_TYPE &&
-            type != CERTREQ_TYPE) {
+            type != CERTREQ_TYPE && type != PKCS7_TYPE) {
         WOLFSSL_MSG("Bad cert type");
         return BAD_FUNC_ARG;
     }
@@ -25023,7 +26274,7 @@ int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
     /* if derKey is NULL, return required output buffer size in derKeySz */
     if (derKey == NULL) {
         *derKeySz = cert->pubKeySize;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (ret == 0) {
@@ -25073,7 +26324,7 @@ static DNS_entry* FindAltName(struct DecodedCert* cert, int nameType,
 /* returns 0 on success */
 int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz)
 {
-    int ret = ALT_NAME_E;
+    int ret = WC_NO_ERR_TRACE(ALT_NAME_E);
     DNS_entry* id = NULL;
 
     do {
@@ -25090,7 +26341,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz)
 
             if (uuid == NULL) {
                 *uuidSz = (word32)id->len;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if ((int)*uuidSz < id->len) {
@@ -25110,7 +26361,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz)
 /* returns 0 on success */
 int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
 {
-    int ret = ALT_NAME_E;
+    int ret = WC_NO_ERR_TRACE(ALT_NAME_E);
     DNS_entry* id = NULL;
 
     do {
@@ -25118,7 +26369,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
         if (id != NULL && id->oidSum == FASCN_OID) {
             if (fascn == NULL) {
                 *fascnSz = (word32)id->len;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if ((int)*fascnSz < id->len) {
@@ -25136,7 +26387,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
 
 #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
     defined(WOLFSSL_KCAPI_RSA) || \
-    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))
+    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))))
 /* USER RSA ifdef portions used instead of refactor in consideration for
    possible fips build */
 /* Encode a public RSA key to output.
@@ -25171,19 +26422,13 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
         return BAD_FUNC_ARG;
     }
 
-#ifdef HAVE_USER_RSA
-    nSz = SetASNIntRSA(key->n, NULL);
-#else
     nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL);
-#endif
+
     if (nSz < 0)
         return nSz;
 
-#ifdef HAVE_USER_RSA
-    eSz = SetASNIntRSA(key->e, NULL);
-#else
     eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL);
-#endif
+
     if (eSz < 0)
         return eSz;
     seqSz = SetSequence((word32)(nSz + eSz), seq);
@@ -25224,18 +26469,10 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
     XMEMCPY(output + idx, seq, seqSz);
     idx += seqSz;
     /* n */
-#ifdef HAVE_USER_RSA
-    nSz = SetASNIntRSA(key->n, output + idx);
-#else
     nSz = SetASNIntMP(&key->n, nSz, output + idx);
-#endif
     idx += (word32)nSz;
     /* e */
-#ifdef HAVE_USER_RSA
-    eSz = SetASNIntRSA(key->e, output + idx);
-#else
     eSz = SetASNIntMP(&key->e, eSz, output + idx);
-#endif
     idx += (word32)eSz;
 
     return (int)idx;
@@ -25263,13 +26500,8 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen,
         dataASN[RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ].noOut = 1;
     #endif
         /* Set public key mp_ints. */
-    #ifdef HAVE_USER_RSA
-        SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], key->n);
-        SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], key->e);
-    #else
         SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N], &key->n);
         SetASN_MP(&dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E], &key->e);
-    #endif
         /* Calculate size of RSA public key. */
         ret = SizeASN_Items(rsaPublicKeyASN + o, dataASN + o,
                             (int)rsaPublicKeyASN_Length - o, &sz);
@@ -25338,11 +26570,12 @@ int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
 }
 
 #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA ||
-            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN) && !HAVE_USER_RSA))) */
+            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN))) */
+#endif /* NO_CERTS */
 
 #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)) && \
-     !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+     !defined(NO_RSA)
 
 /* Encode private RSA key in DER format.
  *
@@ -25359,11 +26592,16 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int ret = 0, i;
+    int mpSz;
     word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0;
     word32 sizes[RSA_INTS];
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
+    mp_int* keyInt;
+#ifndef WOLFSSL_NO_MALLOC
+    word32 rawLen;
     byte* tmps[RSA_INTS];
+#endif
 
     if (key == NULL)
         return BAD_FUNC_ARG;
@@ -25371,18 +26609,18 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
     if (key->type != RSA_PRIVATE)
         return BAD_FUNC_ARG;
 
+#ifndef WOLFSSL_NO_MALLOC
     for (i = 0; i < RSA_INTS; i++)
         tmps[i] = NULL;
+#endif
 
     /* write all big ints from key to DER tmps */
     for (i = 0; i < RSA_INTS; i++) {
-        mp_int* keyInt = GetRsaInt(key, i);
-        int mpSz;
-        word32 rawLen;
-
+        keyInt = GetRsaInt(key, i);
         ret = mp_unsigned_bin_size(keyInt);
         if (ret < 0)
-            return ret;
+            break;
+#ifndef WOLFSSL_NO_MALLOC
         rawLen = (word32)ret + 1;
         ret = 0;
         if (output != NULL) {
@@ -25393,8 +26631,11 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
                 break;
             }
         }
-
         mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]);
+#else
+        ret = 0;
+        mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, NULL);
+#endif
         if (mpSz < 0) {
             ret = mpSz;
             break;
@@ -25426,15 +26667,33 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
         j += verSz;
 
         for (i = 0; i < RSA_INTS; i++) {
+/* copy from tmps if we have malloc, otherwise re-export with buffer */
+#ifndef WOLFSSL_NO_MALLOC
             XMEMCPY(output + j, tmps[i], sizes[i]);
             j += sizes[i];
+#else
+            keyInt = GetRsaInt(key, i);
+            ret = mp_unsigned_bin_size(keyInt);
+            if (ret < 0)
+                break;
+            ret = 0;
+            /* This won't overrun output due to the outLen check above */
+            mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, output + j);
+            if (mpSz < 0) {
+                ret = mpSz;
+                break;
+            }
+            j += mpSz;
+#endif
         }
     }
 
+#ifndef WOLFSSL_NO_MALLOC
     for (i = 0; i < RSA_INTS; i++) {
         if (tmps[i])
             XFREE(tmps[i], key->heap, DYNAMIC_TYPE_RSA);
     }
+#endif
 
     if (ret == 0)
         ret = (int)outLen;
@@ -25481,8 +26740,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 #endif
 }
 
-#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA && !HAVE_USER_RSA */
+#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
 
+#ifndef NO_CERTS
 
 #ifdef WOLFSSL_CERT_GEN
 
@@ -25743,7 +27003,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
             InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz,
                     cert->heap, devId);
             ret = ParseCertRelative((DecodedCert*)cert->decodedCert,
-                    CERT_TYPE, 0, NULL);
+                    CERT_TYPE, 0, NULL, NULL);
             if (ret >= 0) {
                 cert->der = (byte*)der;
             }
@@ -25763,7 +27023,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
 #ifndef NO_ASN_TIME
 static WC_INLINE byte itob(int number)
 {
-    return (byte)number + 0x30;
+    return (byte)(number + 0x30);
 }
 
 
@@ -26475,12 +27735,8 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input)
     }
 
     /* Dispose of allocated data. */
-    if (extKuASN != NULL) {
-        XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (dataASN != NULL) {
-        XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 #endif
@@ -26633,7 +27889,7 @@ static int SetCertificatePolicies(byte *output,
     byte   oid[MAX_OID_SZ];
     word32 oidSz;
     word32 sz = 0;
-    int    piSz;
+    int    piSz = 0;
 
     if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) {
         ret = BAD_FUNC_ARG;
@@ -26863,6 +28119,10 @@ static int EncodeName(EncodedName* name, const char* nameStr,
             thisLen += (int)sizeof(uidOid);
             firstSz  = (int)sizeof(uidOid);
             break;
+        case ASN_RFC822_MAILBOX:
+            thisLen += (int)sizeof(rfc822Mlbx);
+            firstSz  = (int)sizeof(rfc822Mlbx);
+            break;
         case ASN_FAVOURITE_DRINK:
             thisLen += (int)sizeof(fvrtDrk);
             firstSz  = (int)sizeof(fvrtDrk);
@@ -26928,6 +28188,12 @@ static int EncodeName(EncodedName* name, const char* nameStr,
             /* str type */
             name->encoded[idx++] = nameTag;
             break;
+        case ASN_RFC822_MAILBOX:
+            XMEMCPY(name->encoded + idx, rfc822Mlbx, sizeof(rfc822Mlbx));
+            idx += (int)sizeof(rfc822Mlbx);
+            /* str type */
+            name->encoded[idx++] = nameTag;
+            break;
         case ASN_FAVOURITE_DRINK:
             XMEMCPY(name->encoded + idx, fvrtDrk, sizeof(fvrtDrk));
             idx += (int)sizeof(fvrtDrk);
@@ -26979,14 +28245,25 @@ static int EncodeName(EncodedName* name, const char* nameStr,
     int ret = 0;
     int sz = 0;
     const byte* oid;
-    word32 oidSz;
-    word32 nameSz;
+    word32 oidSz = 0;
+    word32 nameSz = 0;
 
     /* Validate input parameters. */
     if ((name == NULL) || (nameStr == NULL)) {
         ret = BAD_FUNC_ARG;
     }
 
+#ifdef WOLFSSL_CUSTOM_OID
+    if (ret == 0 && type == ASN_CUSTOM_NAME) {
+        if (cname == NULL || cname->custom.oidSz == 0) {
+            name->used = 0;
+            return 0;
+        }
+    }
+#else
+    (void)cname;
+#endif
+
     CALLOC_ASNSETDATA(dataASN, rdnASN_Length, ret, NULL);
     if (ret == 0) {
         nameSz = (word32)XSTRLEN(nameStr);
@@ -27013,15 +28290,19 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 oid = uidOid;
                 oidSz = sizeof(uidOid);
                 break;
+            case ASN_RFC822_MAILBOX:
+                oid = rfc822Mlbx;
+                oidSz = sizeof(rfc822Mlbx);
+                break;
             case ASN_FAVOURITE_DRINK:
                 oid = fvrtDrk;
                 oidSz = sizeof(fvrtDrk);
                 break;
         #ifdef WOLFSSL_CUSTOM_OID
             case ASN_CUSTOM_NAME:
-                nameSz = cname->custom.valSz;
+                nameSz = (word32)cname->custom.valSz;
                 oid = cname->custom.oid;
-                oidSz = cname->custom.oidSz;
+                oidSz = (word32)cname->custom.oidSz;
                 break;
         #endif
         #ifdef WOLFSSL_CERT_REQ
@@ -27088,8 +28369,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
 }
 #endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
-    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE
 
 /* Convert key usage string (comma delimited, null terminated) to word16
  * Returns 0 on success, negative on error */
@@ -27212,7 +28492,7 @@ int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap)
     return ret;
 }
 
-#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
+#endif /* WOLFSSL_ASN_PARSE_KEYUSAGE */
 
 #ifdef WOLFSSL_CERT_GEN
 /* Encodes one attribute of the name (issuer/subject)
@@ -27337,6 +28617,12 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
                                 sizeof(uidOid), (byte)GetNameType(name, i),
                         (const byte*)GetOneCertName(name, i), nameLen[i]);
                 }
+                else if (type == ASN_RFC822_MAILBOX) {
+                    /* Copy RFC822 mailbox data into dynamic vars. */
+                    SetRdnItems(namesASN + idx, dataASN + idx, rfc822Mlbx,
+                                sizeof(rfc822Mlbx), (byte)GetNameType(name, i),
+                        (const byte*)GetOneCertName(name, i), nameLen[i]);
+                }
                 else if (type == ASN_FAVOURITE_DRINK) {
                     /* Copy favourite drink data into dynamic vars. */
                     SetRdnItems(namesASN + idx, dataASN + idx, fvrtDrk,
@@ -27346,8 +28632,8 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
                 else if (type == ASN_CUSTOM_NAME) {
                 #ifdef WOLFSSL_CUSTOM_OID
                     SetRdnItems(namesASN + idx, dataASN + idx, name->custom.oid,
-                        name->custom.oidSz, name->custom.enc,
-                        name->custom.val, name->custom.valSz);
+                        (word32)name->custom.oidSz, (byte)name->custom.enc,
+                        name->custom.val, (word32)name->custom.valSz);
                 #endif
                 }
                 else {
@@ -27521,6 +28807,13 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap)
         ret = 0;
     }
 
+    if (items == 0) {
+        /* if zero items, short-circuit return to avoid frivolous zero-size
+         * allocations.
+         */
+        return 0;
+    }
+
     /* Allocate dynamic data items. */
     dataASN = (ASNSetData*)XMALLOC(items * sizeof(ASNSetData), heap,
                                    DYNAMIC_TYPE_TMP_BUFFER);
@@ -27569,10 +28862,8 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap)
         }
     }
 
-    if (namesASN != NULL)
-        XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dataASN != NULL)
-        XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER);
     (void)heap;
     return ret;
 #endif
@@ -27586,7 +28877,8 @@ int SetName(byte* output, word32 outputSz, CertName* name)
 static int EncodePublicKey(int keyType, byte* output, int outLen,
                            RsaKey* rsaKey, ecc_key* eccKey,
                            ed25519_key* ed25519Key, ed448_key* ed448Key,
-                           DsaKey* dsaKey)
+                           DsaKey* dsaKey, falcon_key* falconKey,
+                           dilithium_key* dilithiumKey, sphincs_key* sphincsKey)
 {
     int ret = 0;
 
@@ -27596,6 +28888,9 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
     (void)ed25519Key;
     (void)ed448Key;
     (void)dsaKey;
+    (void)falconKey;
+    (void)dilithiumKey;
+    (void)sphincsKey;
 
     switch (keyType) {
     #ifndef NO_RSA
@@ -27631,6 +28926,46 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
             }
             break;
     #endif
+    #if defined(HAVE_FALCON)
+        case FALCON_LEVEL1_KEY:
+        case FALCON_LEVEL5_KEY:
+            ret = wc_Falcon_PublicKeyToDer(falconKey, output,
+                                           (word32)outLen, 1);
+            if (ret <= 0) {
+                ret = PUBLIC_KEY_E;
+            }
+            break;
+    #endif /* HAVE_FALCON */
+    #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2_KEY:
+        case DILITHIUM_LEVEL3_KEY:
+        case DILITHIUM_LEVEL5_KEY:
+        #endif
+        case ML_DSA_LEVEL2_KEY:
+        case ML_DSA_LEVEL3_KEY:
+        case ML_DSA_LEVEL5_KEY:
+            ret = wc_Dilithium_PublicKeyToDer(dilithiumKey, output,
+                                              (word32)outLen, 1);
+            if (ret <= 0) {
+                ret = PUBLIC_KEY_E;
+            }
+            break;
+    #endif /* HAVE_DILITHIUM */
+    #if defined(HAVE_SPHINCS)
+        case SPHINCS_FAST_LEVEL1_KEY:
+        case SPHINCS_FAST_LEVEL3_KEY:
+        case SPHINCS_FAST_LEVEL5_KEY:
+        case SPHINCS_SMALL_LEVEL1_KEY:
+        case SPHINCS_SMALL_LEVEL3_KEY:
+        case SPHINCS_SMALL_LEVEL5_KEY:
+            ret = wc_Sphincs_PublicKeyToDer(sphincsKey, output,
+                                            (word32)outLen, 1);
+            if (ret <= 0) {
+                ret = PUBLIC_KEY_E;
+            }
+            break;
+    #endif /* HAVE_SPHINCS */
         default:
             ret = PUBLIC_KEY_E;
             break;
@@ -27692,6 +29027,17 @@ static const ASNItem static_certExtsASN[] = {
 /* CRLINFO_SEQ   */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* CRLINFO_OID   */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
 /* CRLINFO_STR   */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* SAPKI_SEQ     */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* SAPKI_OID     */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* SAPKI_STR     */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ALTSIGALG_SEQ */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* ALTSIGALG_OID */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* ALTSIGALG_STR */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ALTSIGVAL_SEQ */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* ALTSIGVAL_OID */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* ALTSIGVAL_STR */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 /* CUSTOM_SEQ    */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* CUSTOM_OID    */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
 /* CUSTOM_STR    */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
@@ -27735,6 +29081,17 @@ enum {
     CERTEXTSASN_IDX_CRLINFO_SEQ,
     CERTEXTSASN_IDX_CRLINFO_OID,
     CERTEXTSASN_IDX_CRLINFO_STR,
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    CERTEXTSASN_IDX_SAPKI_SEQ,
+    CERTEXTSASN_IDX_SAPKI_OID,
+    CERTEXTSASN_IDX_SAPKI_STR,
+    CERTEXTSASN_IDX_ALTSIGALG_SEQ,
+    CERTEXTSASN_IDX_ALTSIGALG_OID,
+    CERTEXTSASN_IDX_ALTSIGALG_STR,
+    CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
+    CERTEXTSASN_IDX_ALTSIGVAL_OID,
+    CERTEXTSASN_IDX_ALTSIGVAL_STR,
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
     CERTEXTSASN_IDX_CUSTOM_SEQ,
     CERTEXTSASN_IDX_CUSTOM_OID,
     CERTEXTSASN_IDX_CUSTOM_STR,
@@ -27757,7 +29114,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
                             int forRequest)
 {
     DECL_ASNSETDATA(dataASN, certExtsASN_Length);
-    int sz;
+    int sz = 0;
     int ret = 0;
     int i = 0;
     static const byte bcOID[]   = { 0x55, 0x1d, 0x13 };
@@ -27773,7 +29130,12 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
     static const byte nsCertOID[] = { 0x60, 0x86, 0x48, 0x01,
                                       0x86, 0xF8, 0x42, 0x01, 0x01 };
     static const byte crlInfoOID[] = { 0x55, 0x1D, 0x1F };
-#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    static const byte sapkiOID[] = { 0x55, 0x1d, 0x48 };
+    static const byte altSigAlgOID[] = { 0x55, 0x1d, 0x49 };
+    static const byte altSigValOID[] = { 0x55, 0x1d, 0x4a };
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLFSSL_CERT_EXT */
 
 #ifdef WOLFSSL_SMALL_STACK
 #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_CERT_EXT)
@@ -28005,6 +29367,47 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
                     CERTEXTSASN_IDX_CRLINFO_STR);
         }
 
+    #ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (cert->sapkiDer != NULL) {
+            /* Set subject alternative public key info OID and data. */
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_OID], sapkiOID,
+                    sizeof(sapkiOID));
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_STR], cert->sapkiDer,
+                    cert->sapkiLen);
+        }
+        else {
+            /* Don't write out subject alternative public key info. */
+            SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SAPKI_SEQ,
+                    CERTEXTSASN_IDX_SAPKI_STR);
+        }
+
+        if (cert->altSigAlgDer != NULL) {
+            /* Set alternative signature algorithm OID and data. */
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_OID], altSigAlgOID,
+                    sizeof(altSigAlgOID));
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_STR],
+                    cert->altSigAlgDer, cert->altSigAlgLen);
+        }
+        else {
+            /* Don't write out alternative signature algorithm. */
+            SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_ALTSIGALG_SEQ,
+                    CERTEXTSASN_IDX_ALTSIGALG_STR);
+        }
+
+        if (cert->altSigValDer != NULL) {
+            /* Set alternative signature value OID and data. */
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_OID], altSigValOID,
+                    sizeof(altSigValOID));
+            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_STR],
+                    cert->altSigValDer, cert->altSigValLen);
+        }
+        else {
+            /* Don't write out alternative signature value. */
+            SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
+                    CERTEXTSASN_IDX_ALTSIGVAL_STR);
+        }
+    #endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CUSTOM_OID)
         /* encode a custom oid and value */
         if (cert->extCustom.oidSz > 0) {
@@ -28351,7 +29754,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
     }
 #endif
 
-#if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
     if ((cert->keyType == FALCON_LEVEL1_KEY) ||
         (cert->keyType == FALCON_LEVEL5_KEY)) {
@@ -28363,10 +29765,16 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
                                      (word32)sizeof(der->publicKey), 1);
     }
 #endif /* HAVE_FALCON */
-#if defined(HAVE_DILITHIUM)
-    if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+    if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL3_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL5_KEY)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (cert->keyType == DILITHIUM_LEVEL2_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL3_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL5_KEY)
+    #endif
+        ) {
         if (dilithiumKey == NULL)
             return PUBLIC_KEY_E;
 
@@ -28390,7 +29798,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
                                       (word32)sizeof(der->publicKey), 1);
     }
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
 
     if (der->publicKeySz <= 0)
         return PUBLIC_KEY_E;
@@ -28854,7 +30261,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
 
     case CERTSIGN_STATE_DO:
         certSignCtx->state = CERTSIGN_STATE_DO;
-        ret = ALGO_ID_E; /* default to error */
+        ret = -1; /* default to error, reassigned to ALGO_ID_E below. */
 
     #ifndef NO_RSA
         if (rsaKey) {
@@ -28896,11 +30303,10 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         }
     #endif /* HAVE_ED448 && HAVE_ED448_SIGN */
 
-    #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
             word32 outSz = sigSz;
-            ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey);
+            ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng);
             if (ret == 0)
                 ret = outSz;
         }
@@ -28909,21 +30315,37 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             dilithiumKey) {
             word32 outSz = sigSz;
-            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey);
-            if (ret == 0)
-                ret = outSz;
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) ||
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) ||
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
+                ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey,
+                    rng);
+                if (ret == 0)
+                    ret = outSz;
+            }
+            else
+            #endif
+            {
+                ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig,
+                    &outSz, dilithiumKey, rng);
+                if (ret == 0)
+                    ret = outSz;
+            }
         }
     #endif /* HAVE_DILITHIUM */
     #if defined(HAVE_SPHINCS)
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             !dilithiumKey && sphincsKey) {
             word32 outSz = sigSz;
-            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);
+            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
             if (ret == 0)
                 ret = outSz;
         }
     #endif /* HAVE_SPHINCS */
-    #endif /* HAVE_PQC */
+
+        if (ret == -1)
+            ret = ALGO_ID_E;
 
         break;
     }
@@ -28931,7 +30353,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
 exit_ms:
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (ret == WC_PENDING_E) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         return ret;
     }
 #endif
@@ -29055,8 +30477,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
     return (int)(idx + seqSz);
 #else
     DECL_ASNSETDATA(dataASN, sigASN_Length);
-    word32 seqSz;
-    int sz;
+    word32 seqSz = 0;
+    int sz = 0;
     int ret = 0;
 
     CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL);
@@ -29140,7 +30562,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = ED25519_KEY;
     else if (ed448Key)
         cert->keyType = ED448_KEY;
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     else if ((falconKey != NULL) && (falconKey->level == 1))
         cert->keyType = FALCON_LEVEL1_KEY;
@@ -29148,12 +30569,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = FALCON_LEVEL5_KEY;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL2_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL3_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL5_KEY;
+    }
+    #endif
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44)) {
+        cert->keyType = ML_DSA_LEVEL2_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65)) {
+        cert->keyType = ML_DSA_LEVEL3_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87)) {
+        cert->keyType = ML_DSA_LEVEL5_KEY;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -29175,7 +30616,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
              && (sphincsKey->optim == SMALL_VARIANT))
         cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
     else
         return BAD_FUNC_ARG;
 
@@ -29235,7 +30675,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         else if (ed448Key) {
             cert->keyType = ED448_KEY;
         }
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
         else if ((falconKey != NULL) && (falconKey->level == 1)) {
             cert->keyType = FALCON_LEVEL1_KEY;
@@ -29245,15 +30684,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL2_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL3_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL5_KEY;
         }
+    #endif
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_44)) {
+            cert->keyType = ML_DSA_LEVEL2_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_65)) {
+            cert->keyType = ML_DSA_LEVEL3_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_87)) {
+            cert->keyType = ML_DSA_LEVEL5_KEY;
+        }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -29281,7 +30737,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
             cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
         }
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
         else {
             ret = BAD_FUNC_ARG;
         }
@@ -29329,7 +30784,8 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
     if (ret >= 0) {
         /* Calculate public key encoding size. */
         ret = EncodePublicKey(cert->keyType, NULL, 0, rsaKey,
-            eccKey, ed25519Key, ed448Key, dsaKey);
+                eccKey, ed25519Key, ed448Key, dsaKey, falconKey,
+                dilithiumKey, sphincsKey);
         publicKeySz = (word32)ret;
     }
     if (ret >= 0) {
@@ -29345,8 +30801,24 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
                        (byte)cert->version);
         SetASN_Buffer(&dataASN[X509CERTASN_IDX_TBS_SERIAL], cert->serial,
                 (word32)cert->serialSz);
-        SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID],
-                   (word32)cert->sigType, oidSigType);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+        if (cert->sigType == 0) {
+            /* sigOID being 0 indicates preTBS. Do not encode signature. */
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_SEQ].noOut = 1;
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].noOut = 1;
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1;
+    #ifdef WC_RSA_PSS
+            dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS].noOut = 1;
+    #endif
+
+        }
+        else
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+        {
+            SetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID],
+                       (word32)cert->sigType, oidSigType);
+        }
+
         if (IsSigAlgoECC((word32)cert->sigType)) {
             /* No NULL tagged item with ECDSA and EdDSA signature OIDs. */
             dataASN[X509CERTASN_IDX_TBS_ALGOID_PARAMS_NULL].noOut = 1;
@@ -29493,7 +30965,8 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
                            .data.buffer.data,
             (int)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ]
                            .data.buffer.length,
-            rsaKey, eccKey, ed25519Key, ed448Key, dsaKey);
+            rsaKey, eccKey, ed25519Key, ed448Key, dsaKey,
+            falconKey, dilithiumKey, sphincsKey);
     }
     if ((ret >= 0) && (!dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].noOut)) {
         /* Encode extensions into buffer. */
@@ -29513,8 +30986,18 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
 #endif
 }
 
-
-/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
+/* Make an x509 Certificate v3 from cert input using any
+ * key type, and write to buffer.
+ *
+ * @param [in, out] cert      Certificate object.
+ * @param [out]     derBuffer Buffer to write der in.
+ * @param [in]      derSz     Der buffer size.
+ * @param [in]      keyType   The type of key.
+ * @param [in]      key       Key data.
+ * @param [in]      rng       Random number generator.
+ * @return          Size of encoded data in bytes on success.
+ * @return          < 0 on error
+ * */
 int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
                    void* key, WC_RNG* rng)
 {
@@ -29541,12 +31024,20 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -29574,6 +31065,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
                        NULL, NULL, NULL, NULL);
 }
 
+
 #ifdef WOLFSSL_CERT_REQ
 
 #ifndef WOLFSSL_ASN_TEMPLATE
@@ -29837,7 +31329,6 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
             (word32)sizeof(der->publicKey), 1);
     }
 #endif
-#if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
     if ((cert->keyType == FALCON_LEVEL1_KEY) ||
         (cert->keyType == FALCON_LEVEL5_KEY)) {
@@ -29847,10 +31338,16 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
             der->publicKey, (word32)sizeof(der->publicKey), 1);
     }
 #endif
-#if defined(HAVE_DILITHIUM)
-    if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+    if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL3_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL5_KEY)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (cert->keyType == DILITHIUM_LEVEL2_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL3_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL5_KEY)
+   #endif
+        ) {
         if (dilithiumKey == NULL)
             return PUBLIC_KEY_E;
         der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
@@ -29870,7 +31367,6 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
             der->publicKey, (word32)sizeof(der->publicKey), 1);
     }
 #endif
-#endif /* HAVE_PQC */
 
     if (der->publicKeySz <= 0)
         return PUBLIC_KEY_E;
@@ -30196,7 +31692,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = ED25519_KEY;
     else if (ed448Key)
         cert->keyType = ED448_KEY;
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
     else if ((falconKey != NULL) && (falconKey->level == 1))
         cert->keyType = FALCON_LEVEL1_KEY;
@@ -30204,12 +31699,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = FALCON_LEVEL5_KEY;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL2_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL3_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL5_KEY;
+    }
+    #endif
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44)) {
+        cert->keyType = ML_DSA_LEVEL2_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65)) {
+        cert->keyType = ML_DSA_LEVEL3_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87)) {
+        cert->keyType = ML_DSA_LEVEL5_KEY;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -30231,7 +31746,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
              && (sphincsKey->optim == SMALL_VARIANT))
         cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
     else
         return BAD_FUNC_ARG;
 
@@ -30292,7 +31806,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         else if (ed448Key != NULL) {
             cert->keyType = ED448_KEY;
         }
-#ifdef HAVE_PQC
 #ifdef HAVE_FALCON
         else if ((falconKey != NULL) && (falconKey->level == 1)) {
             cert->keyType = FALCON_LEVEL1_KEY;
@@ -30302,15 +31815,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL2_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL3_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL5_KEY;
         }
+    #endif
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_44)) {
+            cert->keyType = ML_DSA_LEVEL2_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_65)) {
+            cert->keyType = ML_DSA_LEVEL3_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_87)) {
+            cert->keyType = ML_DSA_LEVEL5_KEY;
+        }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -30338,7 +31868,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
             cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
         }
 #endif /* HAVE_SPHINCS */
-#endif /* HAVE_PQC */
         else {
             ret = BAD_FUNC_ARG;
         }
@@ -30360,7 +31889,8 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
     if (ret >= 0) {
         /* Determine encode public key size. */
          ret = EncodePublicKey(cert->keyType, NULL, 0, rsaKey,
-             eccKey, ed25519Key, ed448Key, dsaKey);
+             eccKey, ed25519Key, ed448Key, dsaKey, falconKey,
+             dilithiumKey, sphincsKey);
          publicKeySz = (word32)ret;
     }
     if (ret >= 0) {
@@ -30474,7 +32004,8 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         ret = EncodePublicKey(cert->keyType,
             (byte*)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data,
             (int)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.length,
-            rsaKey, eccKey, ed25519Key, ed448Key, dsaKey);
+            rsaKey, eccKey, ed25519Key, ed448Key, dsaKey, falconKey,
+            dilithiumKey, sphincsKey);
     }
     if ((ret >= 0 && derBuffer != NULL) &&
             (!dataASN[CERTREQBODYASN_IDX_EXT_BODY].noOut)) {
@@ -30521,12 +32052,20 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -30604,7 +32143,7 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
         MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
         falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap);
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (sigSz == WC_PENDING_E) {
+    if (sigSz == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         /* Not free'ing certSignCtx->sig here because it could still be in use
          * with async operations. */
         return sigSz;
@@ -30625,6 +32164,164 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
     return sigSz;
 }
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Generate a signature from input buffer using
+ * any key type.
+ *
+ * @param [out] sig     The signature buffer to write in.
+ * @param [out] sigsz   The signature buffer size.
+ * @param [in]  sType   The signature type.
+ * @param [in]  buf     The input buf to sign.
+ * @param [in]  bufSz   The buffer size
+ * @param [in]  keyType The key type.
+ * @param [in]  key     Key data.
+ * @param [in]  rng     Random number generator.
+ *
+ * @return  Size of signature on success.
+ * @return  < 0 on error.
+ * */
+int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
+                         word32 bufSz, int keyType, void* key, WC_RNG* rng)
+{
+    RsaKey*            rsaKey = NULL;
+    ecc_key*           eccKey = NULL;
+    ed25519_key*       ed25519Key = NULL;
+    ed448_key*         ed448Key = NULL;
+    falcon_key*        falconKey = NULL;
+    dilithium_key*     dilithiumKey = NULL;
+    sphincs_key*       sphincsKey = NULL;
+
+    WOLFSSL_ENTER("wc_MakeSigWithBitStr");
+
+    int ret = 0;
+    int headerSz;
+    void* heap = NULL;
+    CertSignCtx  certSignCtx_lcl;
+    CertSignCtx* certSignCtx = &certSignCtx_lcl;
+
+    if ((sig == NULL) || (sigSz <= 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(certSignCtx, 0, sizeof(*certSignCtx));
+
+    switch (keyType)
+    {
+        case RSA_TYPE:
+            rsaKey = (RsaKey*)key;
+            break;
+        case ECC_TYPE:
+            eccKey = (ecc_key*)key;
+            break;
+        case ED25519_TYPE:
+            ed25519Key = (ed25519_key*)key;
+            break;
+        case ED448_TYPE:
+            ed448Key = (ed448_key*)key;
+            break;
+        case FALCON_LEVEL1_TYPE:
+        case FALCON_LEVEL5_TYPE:
+            falconKey = (falcon_key*)key;
+            break;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2_TYPE:
+        case DILITHIUM_LEVEL3_TYPE:
+        case DILITHIUM_LEVEL5_TYPE:
+#endif
+        case ML_DSA_LEVEL2_TYPE:
+        case ML_DSA_LEVEL3_TYPE:
+        case ML_DSA_LEVEL5_TYPE:
+            dilithiumKey = (dilithium_key*)key;
+            break;
+        case SPHINCS_FAST_LEVEL1_TYPE:
+        case SPHINCS_FAST_LEVEL3_TYPE:
+        case SPHINCS_FAST_LEVEL5_TYPE:
+        case SPHINCS_SMALL_LEVEL1_TYPE:
+        case SPHINCS_SMALL_LEVEL3_TYPE:
+        case SPHINCS_SMALL_LEVEL5_TYPE:
+            sphincsKey = (sphincs_key*)key;
+            break;
+        default:
+            return BAD_FUNC_ARG;
+    }
+
+    /* locate ctx */
+    if (rsaKey) {
+    #ifndef NO_RSA
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        certSignCtx = &rsaKey->certSignCtx;
+    #endif
+        heap = rsaKey->heap;
+    #else
+        return NOT_COMPILED_IN;
+    #endif /* NO_RSA */
+    }
+    else if (eccKey) {
+    #ifdef HAVE_ECC
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        certSignCtx = &eccKey->certSignCtx;
+    #endif
+        heap = eccKey->heap;
+    #else
+        return NOT_COMPILED_IN;
+    #endif /* HAVE_ECC */
+    }
+
+    if (certSignCtx->sig == NULL) {
+        certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (certSignCtx->sig == NULL)
+            return MEMORY_E;
+    }
+
+    ret = MakeSignature(certSignCtx, buf, (word32)bufSz, certSignCtx->sig,
+        MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
+        falconKey, dilithiumKey, sphincsKey, rng, (word32)sType, heap);
+#ifdef WOLFSSL_ASYNC_CRYPT
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+        /* Not free'ing certSignCtx->sig here because it could still be in use
+         * with async operations. */
+        return ret;
+    }
+#endif
+
+    if (ret <= 0) {
+        XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        certSignCtx->sig = NULL;
+        return ret;
+    }
+
+    headerSz = SetBitString(ret, 0, NULL);
+    if (headerSz + ret > sigSz) {
+        ret = BUFFER_E;
+    }
+
+    if (ret > 0) {
+       sig += SetBitString(ret, 0, sig);
+       XMEMCPY(sig, certSignCtx->sig, ret);
+       ret += headerSz;
+    }
+
+    XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    certSignCtx->sig = NULL;
+    return ret;
+}
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
+/* Sign an x509 Certificate v3 from cert input using any
+ * key type, and write to buffer.
+ *
+ * @param [in]     requestSz Size of requested data to sign.
+ * @param [in]     sType     The signature type.
+ * @param [in,out] buf       Der buffer to sign.
+ * @param [in]     buffSz    Der buffer size.
+ * @param [in]     keyType   The type of key.
+ * @param [in]     key       Key data.
+ * @param [in]     rng       Random number generator.
+ *
+ * @return  Size of signature on success.
+ * @return  < 0 on error
+ * */
 int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
                    int keyType, void* key, WC_RNG* rng)
 {
@@ -30648,12 +32345,20 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -30678,6 +32383,7 @@ int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
                     NULL, NULL, NULL, rng);
 }
 
+
 WOLFSSL_ABI
 int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
                     RsaKey* key, WC_RNG* rng)
@@ -30700,7 +32406,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
 WOLFSSL_ABI
 int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert)
 {
-    int rc = BAD_FUNC_ARG;
+    int rc = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     if ((subjectRaw != NULL) && (cert != NULL)) {
         *subjectRaw = cert->sbjRaw;
         rc = 0;
@@ -30754,14 +32460,13 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
         bufferSz = wc_Ed448PublicKeyToDer(ed448Key, buf, MAX_PUBLIC_KEY_SZ, 0);
     }
 #endif
-#if defined(HAVE_PQC)
 #if defined(HAVE_FALCON)
     if (falconKey != NULL) {
         bufferSz = wc_Falcon_PublicKeyToDer(falconKey, buf, MAX_PUBLIC_KEY_SZ,
                                             0);
     }
 #endif
-#if defined(HAVE_DILITHIUM)
+#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
     if (dilithiumKey != NULL) {
         bufferSz = wc_Dilithium_PublicKeyToDer(dilithiumKey, buf,
                                                MAX_PUBLIC_KEY_SZ, 0);
@@ -30773,7 +32478,6 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
                                                MAX_PUBLIC_KEY_SZ, 0);
     }
 #endif
-#endif /* HAVE_PQC */
 
     if (bufferSz <= 0) {
         XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -30828,12 +32532,20 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -30881,12 +32593,20 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -31139,8 +32859,8 @@ int wc_SetExtKeyUsage(Cert *cert, const char *value)
 int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
         void* heap)
 {
-    byte oid[MAX_OID_SZ];
-    word32 oidSz = MAX_OID_SZ;
+    byte oid[CTC_MAX_EKU_OID_SZ];
+    word32 oidSz = CTC_MAX_EKU_OID_SZ;
 
     if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) {
         WOLFSSL_MSG("Either idx or sz was too large");
@@ -31152,7 +32872,7 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
     }
 
     XMEMCPY(cert->extKeyUsageOID[idx], oid, oidSz);
-    cert->extKeyUsageOIDSz[idx] = oidSz;
+    cert->extKeyUsageOIDSz[idx] = (byte)oidSz;
     cert->extKeyUsage |= EXTKEYUSE_USER;
 
     return 0;
@@ -31188,7 +32908,7 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
     ext->oid = (char*)oid;
     ext->crit = (critical == 0) ? 0 : 1;
     ext->val = (byte*)der;
-    ext->valSz = derSz;
+    ext->valSz = (int)derSz;
 
     cert->customCertExtCount++;
     return 0;
@@ -31241,7 +32961,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz,
 #endif
 
     InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
-    ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
+    ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL);
 
     if (ret < 0) {
         WOLFSSL_MSG("ParseCertRelative error");
@@ -31440,7 +33160,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz, int devId)
 #endif
 
     InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
-    ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
+    ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL);
 
     if (ret < 0) {
         WOLFSSL_MSG("ParseCertRelative error");
@@ -31763,7 +33483,8 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap)
                 return BUFFER_E;
             }
 
-            out[idx++] += (byte)val;
+            out[idx] = (byte)(out[idx] + val);
+            ++idx;
         }
         else {
             word32  tb = 0;
@@ -32109,8 +33830,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     ret = GetASNInt(sig, &idx, &len, sigLen);
     if (ret != 0)
         return ret;
-    if (rLen)
-        *rLen = (word32)len;
+    if (rLen) {
+        if (*rLen >= (word32)len)
+            *rLen = (word32)len;
+        else {
+            /* Buffer too small to hold r value */
+            return BUFFER_E;
+        }
+    }
     if (r)
         XMEMCPY(r, (byte*)sig + idx, (size_t)len);
     idx += (word32)len;
@@ -32118,8 +33845,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     ret = GetASNInt(sig, &idx, &len, sigLen);
     if (ret != 0)
         return ret;
-    if (sLen)
-        *sLen = (word32)len;
+    if (sLen) {
+        if (*sLen >= (word32)len)
+            *sLen = (word32)len;
+        else {
+            /* Buffer too small to hold s value */
+            return BUFFER_E;
+        }
+    }
     if (s)
         XMEMCPY(s, (byte*)sig + idx, (size_t)len);
 
@@ -32214,6 +33947,11 @@ int DecodeECC_DSA_Sig_Ex(const byte* sig, word32 sigLen, mp_int* r, mp_int* s,
     /* Decode the DSA signature. */
     ret = GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 0, sig, &idx,
                        sigLen);
+
+    if (ret != 0) {
+        ret = ASN_ECC_KEY_E;
+    }
+
 #ifndef NO_STRICT_ECDSA_LEN
     /* sanity check that the index has been advanced all the way to the end of
      * the buffer */
@@ -32353,12 +34091,12 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
 {
     DECL_ASNGETDATA(dataASN, eccSpecifiedASN_Length);
     int ret = 0;
-    ecc_set_type* curve;
+    ecc_set_type* curve = NULL;
     word32 idx = 0;
-    byte version;
-    byte cofactor;
-    const byte *base;
-    word32 baseLen;
+    byte version = 0;
+    byte cofactor = 0;
+    const byte *base = NULL;
+    word32 baseLen = 0;
 
     /* Allocate a new parameter set. */
     curve = (ecc_set_type*)XMALLOC(sizeof(*curve), heap,
@@ -32474,9 +34212,9 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
     #else
     if (ret == 0) {
         /* Base X-ordinate */
-        DataToHexString(base + 1, curve->size, curve->Gx);
+        DataToHexString(base + 1, (word32)curve->size, curve->Gx);
         /* Base Y-ordinate */
-        DataToHexString(base + 1 + curve->size, curve->size, curve->Gy);
+        DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy);
         /* Prime */
         DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
                         dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
@@ -32496,23 +34234,26 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
     }
     #endif /* WOLFSSL_ECC_CURVE_STATIC */
 
-    if (key) {
-        /* Store parameter set in key. */
-        if ((ret == 0) && (wc_ecc_set_custom_curve(key, curve) < 0)) {
-            ret = ASN_PARSE_E;
-        }
-        if (ret == 0) {
-            /* The parameter set was allocated.. */
-            key->deallocSet = 1;
-        }
-    }
-
     if ((ret == 0) && (curveSz)) {
         *curveSz = curve->size;
     }
 
-    if ((ret != 0) && (curve != NULL)) {
-        /* Failed to set parameters so free parameter set. */
+    if (key) {
+        /* Store parameter set in key. */
+        if (ret == 0) {
+            if (wc_ecc_set_custom_curve(key, curve) < 0) {
+                ret = ASN_PARSE_E;
+            }
+            else {
+                /* The parameter set was allocated.. */
+                key->deallocSet = 1;
+                /* Don't deallocate below. */
+                curve = NULL;
+            }
+        }
+    }
+
+    if (curve != NULL) { /* NOLINT(clang-analyzer-unix.Malloc) */
         wc_ecc_free_curve(curve, heap);
     }
 
@@ -32668,7 +34409,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
                     ret = BUFFER_E;
                 else {
             #ifdef WOLFSSL_SMALL_STACK
-                    pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                    pub = (byte*)XMALLOC(pubSz, key->heap,
+                                         DYNAMIC_TYPE_TMP_BUFFER);
                     if (pub == NULL)
                         ret = MEMORY_E;
                     else
@@ -32696,11 +34438,12 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     return ret;
 #else
     DECL_ASNGETDATA(dataASN, eccKeyASN_Length);
-    byte version;
+    byte version = 0;
     int ret = 0;
     int curve_id = ECC_CURVE_DEF;
-#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
+#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(WOLFSSL_SM2)
     word32 algId = 0;
+    word32 eccOid = 0;
 #endif
 
     /* Validate parameters. */
@@ -32708,13 +34451,13 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
         ret = BAD_FUNC_ARG;
     }
 
-#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
+#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(WOLFSSL_SM2)
     /* if has pkcs8 header skip it */
-    if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) {
+    if (ToTraditionalInline_ex2(input, inOutIdx, inSz, &algId, &eccOid) < 0) {
         /* ignore error, did not have pkcs8 header */
     }
     else {
-        curve_id = wc_ecc_get_oid(algId, NULL, NULL);
+        curve_id = wc_ecc_get_oid(eccOid, NULL, NULL);
     }
 #endif
 
@@ -32816,7 +34559,7 @@ static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
     return 0;
 }
 
-static int EccKeyParamCopy(char** dst, char* src)
+static int EccKeyParamCopy(char** dst, char* src, void* heap)
 {
     int ret = 0;
 #ifdef WOLFSSL_ECC_CURVE_STATIC
@@ -32837,8 +34580,9 @@ static int EccKeyParamCopy(char** dst, char* src)
     else {
         XSTRNCPY(*dst, src, MAX_ECC_STRING);
     }
-    XFREE(src, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(src, heap, DYNAMIC_TYPE_ECC_BUFFER);
 #endif
+    (void)heap;
 
     return ret;
 }
@@ -32946,10 +34690,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->prime, p);
+                ret = EccKeyParamCopy((char**)&curve->prime, p, key->heap);
 #else
                 const char *_tmp_ptr = &curve->prime[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, p);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, p, key->heap);
 #endif
             }
         }
@@ -32965,10 +34709,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->Af, af);
+                ret = EccKeyParamCopy((char**)&curve->Af, af, key->heap);
 #else
                 const char *_tmp_ptr = &curve->Af[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, af);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, af, key->heap);
 #endif
             }
         }
@@ -32978,10 +34722,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->Bf, bf);
+                ret = EccKeyParamCopy((char**)&curve->Bf, bf, key->heap);
 #else
                 const char *_tmp_ptr = &curve->Bf[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, bf);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, bf, key->heap);
 #endif
             }
         }
@@ -33038,10 +34782,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
                                             key->heap, DYNAMIC_TYPE_ECC_BUFFER);
             if (ret == 0) {
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-                ret = EccKeyParamCopy((char**)&curve->order, o);
+                ret = EccKeyParamCopy((char**)&curve->order, o, key->heap);
 #else
                 const char *_tmp_ptr = &curve->order[0];
-                ret = EccKeyParamCopy((char**)&_tmp_ptr, o);
+                ret = EccKeyParamCopy((char**)&_tmp_ptr, o, key->heap);
 #endif
             }
         }
@@ -33206,7 +34950,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
-#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
+#ifdef HAVE_ECC_KEY_EXPORT
 /* build DER formatted ECC key, include optional public key if requested,
  * return length on success, negative on error */
 int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
@@ -33287,7 +35031,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
         PRIVATE_KEY_UNLOCK();
         ret = wc_ecc_export_x963(key, NULL, &pubSz);
         PRIVATE_KEY_LOCK();
-        if (ret != LENGTH_ONLY_E) {
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         #ifndef WOLFSSL_NO_MALLOC
             XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
         #endif
@@ -33341,7 +35085,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
             XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
     #endif
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (inLen != NULL && totalSz > *inLen) {
         #ifndef WOLFSSL_NO_MALLOC
@@ -33385,7 +35129,8 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
     return (int)totalSz;
 #else
     DECL_ASNSETDATA(dataASN, eccKeyASN_Length);
-    word32 privSz, pubSz;
+    word32 privSz = 0;
+    word32 pubSz = 0;
     int sz = 0;
     int ret = 0;
     int curveIdSz = 0;
@@ -33410,7 +35155,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
             PRIVATE_KEY_UNLOCK();
             ret = wc_ecc_export_x963(key, NULL, &pubSz);
             PRIVATE_KEY_LOCK();
-            if (ret == LENGTH_ONLY_E)
+            if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
                 ret = 0;
         }
     }
@@ -33452,7 +35197,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
     /* Return the size if no buffer. */
     if ((ret == 0) && (output == NULL)) {
         *inLen = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check the buffer is big enough. */
     if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) {
@@ -33497,6 +35242,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
 
 /* Write a Private ecc key, including public to DER format,
  * length on success else < 0 */
+/* Note: use wc_EccKeyDerSize to get length only */
 WOLFSSL_ABI
 int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
@@ -33508,11 +35254,8 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 int wc_EccKeyDerSize(ecc_key* key, int pub)
 {
     word32 sz = 0;
-    int ret;
-
-    ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
-
-    if (ret != LENGTH_ONLY_E) {
+    int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         return ret;
     }
     return (int)sz;
@@ -33522,7 +35265,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub)
  * length on success else < 0 */
 int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
-    return wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        return (int)inLen;
+    }
+    return ret;
 }
 
 #ifdef HAVE_PKCS8
@@ -33579,7 +35326,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen,
     /* get pkcs8 expected output size */
     ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, tmpDer, tmpDerSz, algoID,
                             curveOID, oidSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
     #ifndef WOLFSSL_NO_MALLOC
         XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
@@ -33591,7 +35338,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen,
         XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
         *outLen = pkcs8Sz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
 
     }
     else if (*outLen < pkcs8Sz) {
@@ -33636,7 +35383,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
     return eccToPKCS8(key, output, outLen, 1);
 }
 #endif /* HAVE_PKCS8 */
-#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
+#endif /* HAVE_ECC_KEY_EXPORT */
 #endif /* HAVE_ECC */
 
 #ifdef WC_ENABLE_ASYM_KEY_IMPORT
@@ -33679,13 +35426,12 @@ enum {
     || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
     || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
     || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
-    || (defined(HAVE_PQC) && defined(HAVE_FALCON)) \
-    || (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \
-    || (defined(HAVE_PQC) && defined(HAVE_SPHINCS)))
+    || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
 
-int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
-    byte* privKey, word32* privKeyLen,
-    byte* pubKey, word32* pubKeyLen, int keyType)
+
+int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
+    const byte** privKey, word32* privKeyLen,
+    const byte** pubKey, word32* pubKeyLen, int* inOutKeyType)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 oid;
@@ -33699,7 +35445,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
 #endif
 
     if (input == NULL || inOutIdx == NULL || inSz == 0 ||
-        privKey == NULL || privKeyLen == NULL) {
+        privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) {
     #ifdef WOLFSSL_ASN_TEMPLATE
         FREE_ASNGETDATA(dataASN, NULL);
     #endif
@@ -33713,14 +35459,22 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
         if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
             return ASN_PARSE_E;
         if (version != 0) {
-            WOLFSSL_MSG("Unrecognized version of ED25519 private key");
+            WOLFSSL_MSG("Unrecognized version of private key");
             return ASN_PARSE_E;
         }
 
         if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0)
             return ASN_PARSE_E;
-        if (oid != (word32)keyType)
+
+        /* If user supplies ANONk (0) key type, we want to auto-detect from
+         * DER and copy it back to user */
+        if (*inOutKeyType == ANONk) {
+            *inOutKeyType = oid;
+        }
+        /* Otherwise strictly validate against the expected type */
+        else if (oid != (word32)*inOutKeyType) {
             return ASN_PARSE_E;
+        }
 
         if (GetOctetString(input, inOutIdx, &length, inSz) < 0)
             return ASN_PARSE_E;
@@ -33740,12 +35494,9 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
         endKeyIdx = (int)*inOutIdx;
     }
 
-    if ((word32)privSz > *privKeyLen)
-        return BUFFER_E;
-
     if (endKeyIdx == (int)*inOutIdx) {
         *privKeyLen = (word32)privSz;
-        XMEMCPY(privKey, priv, *privKeyLen);
+        *privKey = priv;
         if (pubKeyLen != NULL)
             *pubKeyLen = 0;
     }
@@ -33759,27 +35510,35 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
             return ASN_PARSE_E;
         }
 
-        if ((word32)pubSz > *pubKeyLen)
-            return BUFFER_E;
-
         pub = input + *inOutIdx;
         *inOutIdx += (word32)pubSz;
 
         *privKeyLen = (word32)privSz;
-        XMEMCPY(privKey, priv, *privKeyLen);
+        *privKey = priv;
         *pubKeyLen = (word32)pubSz;
         if (pubKey != NULL)
-            XMEMCPY(pubKey, pub, *pubKeyLen);
+            *pubKey = pub;
     }
     if (endKeyIdx != (int)*inOutIdx)
         return ASN_PARSE_E;
     return 0;
 #else
     if (ret == 0) {
-        /* Require OID. */
-        word32 oidSz;
-        const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
-        GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oid, oidSz);
+        /* If user supplies an expected keyType (algorithm OID sum), attempt to
+         * process DER accordingly */
+        if (*inOutKeyType != ANONk) {
+            word32 oidSz;
+            /* Explicit OID check - use expected type */
+            const byte* oidDerBytes = OidFromId((word32)*inOutKeyType,
+                                                oidKeyType, &oidSz);
+            GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidDerBytes,
+                            oidSz);
+        }
+        else {
+            /* Auto-detect OID using template */
+            GetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidKeyType);
+        }
+
         /* Parse full private key. */
         ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input,
                 inOutIdx, inSz);
@@ -33792,34 +35551,29 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
                 ret = ASN_PARSE_E;
             }
         }
+
+        /* Store detected OID if requested */
+        if (ret == 0 && *inOutKeyType == ANONk) {
+            *inOutKeyType =
+                (int)dataASN[EDKEYASN_IDX_PKEYALGO_OID].data.oid.sum;
+        }
     }
-    /* Check the private value length is correct. */
-    if ((ret == 0) && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length
-            > *privKeyLen) {
-        ret = ASN_PARSE_E;
+    if (ret == 0) {
+        /* Import private value. */
+        *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
+        *privKey = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data;
     }
     if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) {
-        *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
-        XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data,
-                *privKeyLen);
+        /* Set public length to 0 as not seen. */
         if (pubKeyLen != NULL)
             *pubKeyLen = 0;
     }
-    else if ((ret == 0) &&
-             (pubKeyLen != NULL) &&
-             (dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) {
-        ret = ASN_PARSE_E;
-    }
     else if (ret == 0) {
-        /* Import private and public value. */
-        *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
-        XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data,
-                *privKeyLen);
+        /* Import public value. */
         if (pubKeyLen != NULL)
             *pubKeyLen = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length;
         if (pubKey != NULL && pubKeyLen != NULL)
-            XMEMCPY(pubKey, dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data,
-                    *pubKeyLen);
+            *pubKey = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data;
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
@@ -33827,8 +35581,46 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
-int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
+int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
+    byte* privKey, word32* privKeyLen,
     byte* pubKey, word32* pubKeyLen, int keyType)
+{
+    int ret = 0;
+    const byte* privKeyPtr = NULL;
+    const byte* pubKeyPtr = NULL;
+    word32 privKeyPtrLen = 0;
+    word32 pubKeyPtrLen = 0;
+
+    if (privKey == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr,
+            &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType);
+    }
+    if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) {
+        ret = BUFFER_E;
+    }
+    if ((ret == 0) && (pubKeyLen != NULL) && (pubKeyPtrLen > *pubKeyLen)) {
+        ret = BUFFER_E;
+    }
+    if ((ret == 0) && (privKeyPtr != NULL)) {
+        XMEMCPY(privKey, privKeyPtr, privKeyPtrLen);
+        *privKeyLen = privKeyPtrLen;
+    }
+    if ((ret == 0) && (pubKey != NULL) && (pubKeyPtr != NULL)) {
+        XMEMCPY(pubKey, pubKeyPtr, pubKeyPtrLen);
+    }
+    if ((ret == 0) && (pubKeyLen != NULL)) {
+        *pubKeyLen = pubKeyPtrLen;
+    }
+
+    return ret;
+}
+
+int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
+    const byte** pubKey, word32* pubKeyLen, int *inOutKeyType)
 {
     int ret = 0;
 #ifndef WOLFSSL_ASN_TEMPLATE
@@ -33836,11 +35628,11 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
     word32 oid;
 #else
     word32 len;
-    DECL_ASNGETDATA(dataASN, edPubKeyASN_Length);
+    DECL_ASNGETDATA(dataASN, publicKeyASN_Length);
 #endif
 
     if (input == NULL || inSz == 0 || inOutIdx == NULL ||
-        pubKey == NULL || pubKeyLen == NULL) {
+        pubKey == NULL || pubKeyLen == NULL || inOutKeyType == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -33853,64 +35645,104 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
 
     if (GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz) < 0)
         return ASN_PARSE_E;
-    if (oid != (word32)keyType)
+
+    /* If user supplies ANONk (0) key type, we want to auto-detect from
+     * DER and copy it back to user */
+    if (*inOutKeyType == ANONk) {
+        *inOutKeyType = oid;
+    }
+    /* Otherwise strictly validate against the expected type */
+    else if (oid != (word32)*inOutKeyType) {
         return ASN_PARSE_E;
+    }
 
     /* key header */
     ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL);
     if (ret != 0)
         return ret;
 
-    /* check that the value found is not too large for pubKey buffer */
-    if ((word32)length > *pubKeyLen)
-        return ASN_PARSE_E;
-
     /* check that input buffer is exhausted */
     if (*inOutIdx + (word32)length != inSz)
         return ASN_PARSE_E;
 
     /* This is the raw point data compressed or uncompressed. */
     *pubKeyLen = (word32)length;
-    XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
+    *pubKey = input + *inOutIdx;
 #else
     len = inSz - *inOutIdx;
 
-    CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
+    CALLOC_ASNGETDATA(dataASN, publicKeyASN_Length, ret, NULL);
 
     if (ret == 0) {
-        /* Require OID. */
-        word32 oidSz;
-        const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
-
-        GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz);
-        /* Decode Ed25519 private key. */
-        ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
-                inOutIdx, inSz);
+        /* If user supplies an expected keyType (algorithm OID sum), attempt to
+         * process DER accordingly */
+        if (*inOutKeyType != ANONk) {
+            word32 oidSz;
+            /* Explicit OID check - use expected type */
+            const byte* oidDerBytes = OidFromId((word32)*inOutKeyType,
+                                              oidKeyType, &oidSz);
+            GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oidDerBytes,
+                           oidSz);
+        }
+        else {
+            /* Auto-detect OID using template */
+            GetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oidKeyType);
+        }
+        /* Decode public key. */
+        ret = GetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, 1,
+                           input, inOutIdx, inSz);
         if (ret != 0)
             ret = ASN_PARSE_E;
         /* check that input buffer is exhausted */
         if (*inOutIdx != inSz)
             ret = ASN_PARSE_E;
-    }
-    /* Check the public value length is correct. */
-    if ((ret == 0) &&
-            (dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) {
-        ret = ASN_PARSE_E;
+
+        /* Store detected OID if requested */
+        if (ret == 0 && *inOutKeyType == ANONk) {
+            *inOutKeyType =
+                (int)dataASN[PUBKEYASN_IDX_ALGOID_OID].data.oid.sum;
+        }
     }
     /* Check that the all the buffer was used. */
     if ((ret == 0) &&
-            (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) {
+            (GetASNItem_Length(dataASN[PUBKEYASN_IDX_SEQ], input) != len)) {
         ret = ASN_PARSE_E;
     }
     if (ret == 0) {
-        *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length;
-        XMEMCPY(pubKey, dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data,
-                *pubKeyLen);
+        *pubKeyLen = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.length;
+        *pubKey = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.data;
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
 #endif /* WOLFSSL_ASN_TEMPLATE */
     return ret;
+
+}
+
+int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
+    byte* pubKey, word32* pubKeyLen, int keyType)
+{
+    int ret = 0;
+    const byte* pubKeyPtr = NULL;
+    word32 pubKeyPtrLen = 0;
+
+    if (pubKey == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKeyPtr,
+            &pubKeyPtrLen, &keyType);
+    }
+    if ((ret == 0) && (pubKeyPtrLen > *pubKeyLen)) {
+        ret = BUFFER_E;
+    }
+    if ((ret == 0) && (pubKeyPtr != NULL)) {
+        XMEMCPY(pubKey, pubKeyPtr, pubKeyPtrLen);
+        *pubKeyLen = pubKeyPtrLen;
+    }
+
+    return ret;
 }
 #endif
 #endif /* WC_ENABLE_ASYM_KEY_IMPORT */
@@ -34000,6 +35832,55 @@ int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
     }
     return ret;
 }
+
+/* Decode Curve25519 key from DER format - can handle private only,
+ * public only, or private+public key pairs.
+ * return 0 on success, negative on error */
+int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx,
+                          curve25519_key* key, word32 inSz)
+{
+    int ret;
+    byte privKey[CURVE25519_KEYSIZE];
+    byte pubKey[CURVE25519_PUB_KEY_SIZE];
+    word32 privKeyLen = CURVE25519_KEYSIZE;
+    word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE;
+
+    /* sanity check */
+    if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Try to decode as private key first (may include public) */
+    ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
+                        pubKey, &pubKeyLen, X25519k);
+
+    if (ret == 0) {
+        /* Successfully decoded private key */
+        if (pubKeyLen > 0) {
+            /* Have both private and public */
+            ret = wc_curve25519_import_private_raw(privKey, privKeyLen,
+                                                   pubKey, pubKeyLen, key);
+        }
+        else {
+            /* Private only */
+            ret = wc_curve25519_import_private(privKey, privKeyLen, key);
+        }
+    }
+    else {
+        /* Try decoding as public key */
+        *inOutIdx = 0; /* Reset index */
+        pubKeyLen = CURVE25519_KEYSIZE;
+        ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
+                                  pubKey, &pubKeyLen, X25519k);
+        if (ret == 0) {
+            /* Successfully decoded public key */
+            ret = wc_curve25519_import_public(pubKey, pubKeyLen, key);
+        }
+    }
+
+    return ret;
+}
+
 #endif /* HAVE_CURVE25519 && HAVE_ED25519_KEY_IMPORT */
 
 
@@ -34029,13 +35910,16 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz;
 #else
     DECL_ASNSETDATA(dataASN, edKeyASN_Length);
-    int sz;
+    int sz = 0;
 #endif
 
-    /* Validate parameters. */
-    if (privKey == NULL || outLen == 0) {
+    /* validate parameters */
+    if (privKey == NULL) {
         return BAD_FUNC_ARG;
     }
+    if (output != NULL && outLen == 0) {
+        return BUFFER_E;
+    }
 
 #ifndef WOLFSSL_ASN_TEMPLATE
     /* calculate size */
@@ -34072,7 +35956,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
         /* pubKey */
         if (pubKey) {
             idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY |
-                             1, pubKeyLen, output + idx);
+                             1, pubKeyLen, output + idx, 0);
             XMEMCPY(output + idx, pubKey, pubKeyLen);
             idx += pubKeyLen;
         }
@@ -34166,7 +36050,8 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen)
 #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
 /* Write only private Curve25519 key to DER format,
  * length on success else < 0 */
-int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, word32 inLen)
+int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output,
+                                 word32 inLen)
 {
     int    ret;
     byte   privKey[CURVE25519_KEYSIZE];
@@ -34193,7 +36078,7 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
     byte   pubKey[CURVE25519_PUB_KEY_SIZE];
     word32 pubKeyLen = (word32)sizeof(pubKey);
 
-    if (key == NULL || output == NULL) {
+    if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -34204,6 +36089,64 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
     }
     return ret;
 }
+
+/* Export Curve25519 key to DER format - handles private only, public only,
+ * or private+public key pairs based on what's set in the key structure.
+ * Returns length written on success, negative on error */
+int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                          int withAlg)
+{
+    int ret;
+    byte privKey[CURVE25519_KEYSIZE];
+    byte pubKey[CURVE25519_PUB_KEY_SIZE];
+    word32 privKeyLen = CURVE25519_KEYSIZE;
+    word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE;
+
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check what we have in the key structure */
+    if (key->privSet) {
+        /* Export private key to buffer */
+        ret = wc_curve25519_export_private_raw(key, privKey, &privKeyLen);
+        if (ret != 0) {
+            return ret;
+        }
+
+        if (key->pubSet) {
+            /* Export public key if available */
+            ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
+            if (ret != 0) {
+                return ret;
+            }
+            /* Export both private and public */
+            ret = SetAsymKeyDer(privKey, privKeyLen,
+                                pubKey, pubKeyLen,
+                                output, inLen, X25519k);
+        }
+        else {
+            /* Export private only */
+            ret = SetAsymKeyDer(privKey, privKeyLen,
+                                NULL, 0,
+                                output, inLen, X25519k);
+        }
+    }
+    else if (key->pubSet) {
+        /* Export public key only */
+        ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
+        if (ret == 0) {
+            ret = SetAsymKeyDerPublic(pubKey, pubKeyLen,
+                                      output, inLen, X25519k, withAlg);
+        }
+    }
+    else {
+        /* Neither public nor private key is set */
+        ret = BAD_FUNC_ARG;
+    }
+
+    return ret;
+}
 #endif /* HAVE_CURVE25519 && HAVE_CURVE25519_KEY_EXPORT */
 
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
@@ -34347,7 +36290,7 @@ int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output, word32 inLen,
     byte   pubKey[CURVE448_PUB_KEY_SIZE];
     word32 pubKeyLen = (word32)sizeof(pubKey);
 
-    if (key == NULL || output == NULL) {
+    if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -34431,17 +36374,7 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value,
 static const ASNItem singleResponseASN[] = {
 /* SEQ                   */ { 0, ASN_SEQUENCE, 1, 1, 0 },
                                                       /* certId */
-/* CID_SEQ               */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-                                                          /* hashAlgorithm */
-/* CID_HASHALGO_SEQ      */         { 2, ASN_SEQUENCE, 1, 1, 0 },
-/* CID_HASHALGO_OID      */             { 3, ASN_OBJECT_ID, 0, 0, 0 },
-/* CID_HASHALGO_NULL     */             { 3, ASN_TAG_NULL, 0, 0, 1 },
-                                                          /* issuerNameHash */
-/* CID_ISSUERHASH        */         { 2, ASN_OCTET_STRING, 0, 0, 0 },
-                                                          /* issuerKeyHash */
-/* CID_ISSUERKEYHASH     */         { 2, ASN_OCTET_STRING, 0, 0, 0 },
-                                                          /* serialNumber */
-/* CID_SERIAL            */         { 2, ASN_INTEGER, 0, 0, 0 },
+/* CID_SEQ               */     { 1, ASN_SEQUENCE, 1, 0, 0 },
                                                       /* certStatus - CHOICE */
                                                       /* good              [0] IMPLICIT NULL */
 /* CS_GOOD               */     { 1, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 2 },
@@ -34450,7 +36383,7 @@ static const ASNItem singleResponseASN[] = {
                                                           /* revocationTime */
 /* CS_REVOKED_TIME       */         { 2, ASN_GENERALIZED_TIME, 0, 0, 0 },
                                                           /* revocationReason  [0] EXPLICIT CRLReason OPTIONAL */
-/* CS_REVOKED_REASON     */         { 2, ASN_CONTEXT_SPECIFIC | 0, 0, 1, 1 },
+/* CS_REVOKED_REASON     */         { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 },
                                                               /* crlReason */
 /* CS_REVOKED_REASON_VAL */             { 3, ASN_ENUMERATED, 0, 0, 0 },
                                                       /* unknown           [2] IMPLICIT UnknownInfo ::= NULL */
@@ -34467,12 +36400,6 @@ static const ASNItem singleResponseASN[] = {
 enum {
     SINGLERESPONSEASN_IDX_SEQ = 0,
     SINGLERESPONSEASN_IDX_CID_SEQ,
-    SINGLERESPONSEASN_IDX_CID_HASHALGO_SEQ,
-    SINGLERESPONSEASN_IDX_CID_HASHALGO_OID,
-    SINGLERESPONSEASN_IDX_CID_HASHALGO_NULL,
-    SINGLERESPONSEASN_IDX_CID_ISSUERHASH,
-    SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH,
-    SINGLERESPONSEASN_IDX_CID_SERIAL,
     SINGLERESPONSEASN_IDX_CS_GOOD,
     SINGLERESPONSEASN_IDX_CS_REVOKED,
     SINGLERESPONSEASN_IDX_CS_REVOKED_TIME,
@@ -34487,13 +36414,139 @@ enum {
 
 /* Number of items in ASN.1 template for OCSP single response. */
 #define singleResponseASN_Length (sizeof(singleResponseASN) / sizeof(ASNItem))
+
+static const ASNItem certIDASNItems[] = {
+                                                            /* hashAlgorithm */
+/* CID_HASHALGO_SEQ      */         { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* CID_HASHALGO_OID      */             { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* CID_HASHALGO_NULL     */             { 1, ASN_TAG_NULL, 0, 0, 1 },
+                                                          /* issuerNameHash */
+/* CID_ISSUERHASH        */         { 0, ASN_OCTET_STRING, 0, 0, 0 },
+                                                          /* issuerKeyHash */
+/* CID_ISSUERKEYHASH     */         { 0, ASN_OCTET_STRING, 0, 0, 0 },
+                                                          /* serialNumber */
+/* CID_SERIAL            */         { 0, ASN_INTEGER, 0, 0, 0 },
+};
+
+enum {
+    CERTIDASN_IDX_CID_HASHALGO_SEQ,
+    CERTIDASN_IDX_CID_HASHALGO_OID,
+    CERTIDASN_IDX_CID_HASHALGO_NULL,
+    CERTIDASN_IDX_CID_ISSUERHASH,
+    CERTIDASN_IDX_CID_ISSUERKEYHASH,
+    CERTIDASN_IDX_CID_SERIAL,
+};
+
+#define certidasn_Length (sizeof(certIDASNItems) / sizeof(ASNItem))
 #endif
 
+#ifndef WOLFSSL_ASN_TEMPLATE
+static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz,
+                 OcspEntry* entry)
+{
+    int length;
+    word32 oid;
+    int ret;
+    /* Hash algorithm */
+    ret = GetAlgoId(input, inOutIdx, &oid, oidHashType, inSz);
+    if (ret < 0)
+        return ret;
+    entry->hashAlgoOID = oid;
+    /* Save reference to the hash of CN */
+    ret = GetOctetString(input, inOutIdx, &length, inSz);
+    if (ret < 0)
+        return ret;
+    if (length != OCSP_DIGEST_SIZE)
+        return ASN_PARSE_E;
+    XMEMCPY(entry->issuerHash, input + *inOutIdx, length);
+    *inOutIdx += length;
+    /* Save reference to the hash of the issuer public key */
+    ret = GetOctetString(input, inOutIdx, &length, inSz);
+    if (ret < 0)
+        return ret;
+    if (length != OCSP_DIGEST_SIZE)
+        return ASN_PARSE_E;
+    XMEMCPY(entry->issuerKeyHash, input + *inOutIdx, length);
+    *inOutIdx += length;
+
+    /* Get serial number */
+    if (wc_GetSerialNumber(input, inOutIdx, entry->status->serial,
+                        &entry->status->serialSz, inSz) < 0)
+        return ASN_PARSE_E;
+    return 0;
+}
+#else
+static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz,
+                 OcspEntry* entry)
+{
+    DECL_ASNGETDATA(dataASN, certidasn_Length);
+    word32 issuerKeyHashLen = OCSP_DIGEST_SIZE;
+    word32 issuerHashLen = OCSP_DIGEST_SIZE;
+    word32 serialSz = EXTERNAL_SERIAL_SIZE;
+    word32 digestSz;
+    int ret = 0;
+
+    WOLFSSL_ENTER("DecodeCertIdTemplate");
+    CALLOC_ASNGETDATA(dataASN, certidasn_Length, ret, NULL);
+    if (ret != 0)
+        return ret;
+
+    GetASN_OID(&dataASN[CERTIDASN_IDX_CID_HASHALGO_OID], oidHashType);
+    GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERHASH], entry->issuerHash,
+        &issuerHashLen);
+    GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERKEYHASH],
+        entry->issuerKeyHash, &issuerKeyHashLen);
+    GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_SERIAL], entry->status->serial,
+                    &serialSz);
+    ret = GetASN_Items(certIDASNItems, dataASN, certidasn_Length,
+                1, input, inOutIdx, inSz);
+    if (ret != 0) {
+       goto out;
+    }
+    entry->status->serialSz = serialSz;
+    entry->hashAlgoOID =
+        dataASN[CERTIDASN_IDX_CID_HASHALGO_OID].data.oid.sum;
+    digestSz = wc_HashGetDigestSize(wc_OidGetHash(entry->hashAlgoOID));
+    if (issuerKeyHashLen != digestSz || issuerHashLen != digestSz) {
+        ret = ASN_PARSE_E;
+        goto out;
+    }
+out:
+    FREE_ASNGETDATA(dataASN, NULL);
+    return ret;
+}
+#endif
+
+int OcspDecodeCertID(const byte *input, word32 *inOutIdx, word32 inSz,
+    OcspEntry *entry)
+{
+    word32 seqIdx = 0;
+    int len = inSz;
+    int ret;
+
+#ifndef WOLFSSL_ASN_TEMPLATE
+    ret = GetSequence(input, inOutIdx, &len, inSz);
+#else
+    ret = GetASN_Sequence(input, inOutIdx, &len, inSz, 0);
+#endif
+    if (ret < 0)
+        return ASN_PARSE_E;
+    ret = OcspDecodeCertIDInt(input + *inOutIdx, &seqIdx, len, entry);
+    if (ret < 0)
+        return ASN_PARSE_E;
+    if (seqIdx != (word32)len)
+        return ASN_PARSE_E;
+    *inOutIdx += len;
+
+    return 0;
+}
+
+
 static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
                                 int wrapperSz, OcspEntry* single)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
-    word32 idx = *ioIndex, prevIndex, oid, localIdx, certIdIdx;
+    word32 idx = *ioIndex, prevIndex, localIdx, certIdIdx;
     int length;
     int ret;
     byte tag;
@@ -34511,31 +36564,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     if (GetSequence(source, &idx, &length, size) < 0)
         return ASN_PARSE_E;
     single->rawCertId = source + certIdIdx;
-    /* Hash algorithm */
-    ret = GetAlgoId(source, &idx, &oid, oidIgnoreType, size);
+    ret = OcspDecodeCertIDInt(source, &idx, size, single);
     if (ret < 0)
-        return ret;
-    single->hashAlgoOID = oid;
-    /* Save reference to the hash of CN */
-    ret = GetOctetString(source, &idx, &length, size);
-    if (ret < 0)
-        return ret;
-    if (length > (int)sizeof(single->issuerHash))
-        return BUFFER_E;
-    XMEMCPY(single->issuerHash, source + idx, length);
-    idx += length;
-    /* Save reference to the hash of the issuer public key */
-    ret = GetOctetString(source, &idx, &length, size);
-    if (ret < 0)
-        return ret;
-    if (length > (int)sizeof(single->issuerKeyHash))
-        return BUFFER_E;
-    XMEMCPY(single->issuerKeyHash, source + idx, length);
-    idx += length;
-
-    /* Get serial number */
-    if (wc_GetSerialNumber(source, &idx, single->status->serial,
-                        &single->status->serialSz, size) < 0)
         return ASN_PARSE_E;
     single->rawCertIdSize = idx - certIdIdx;
 
@@ -34566,7 +36596,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     if (idx >= size)
         return BUFFER_E;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     single->status->thisDateAsn = source + idx;
     localIdx = 0;
     if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL,
@@ -34582,12 +36612,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
             single->status->thisDateParsed.length);
 #endif
     if (GetBasicDate(source, &idx, single->status->thisDate,
-                                                &single->status->thisDateFormat, size) < 0)
+                     &single->status->thisDateFormat, size) < 0)
         return ASN_PARSE_E;
 
 #ifndef NO_ASN_TIME_CHECK
 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
-    if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE))
+    if (!XVALIDATE_DATE(single->status->thisDate,
+        single->status->thisDateFormat, ASN_BEFORE))
         return ASN_BEFORE_DATE_E;
 #endif
 #endif
@@ -34602,7 +36633,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
         idx++;
         if (GetLength(source, &idx, &length, size) < 0)
             return ASN_PARSE_E;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
         single->status->nextDateAsn = source + idx;
         localIdx = 0;
         if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL,
@@ -34618,12 +36649,12 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
                 single->status->nextDateParsed.length);
 #endif
         if (GetBasicDate(source, &idx, single->status->nextDate,
-                                                &single->status->nextDateFormat, size) < 0)
+                         &single->status->nextDateFormat, size) < 0)
             return ASN_PARSE_E;
 
 #ifndef NO_ASN_TIME_CHECK
 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
-        if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER))
+        if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER))
             return ASN_AFTER_DATE_E;
 #endif
 #endif
@@ -34644,20 +36675,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     *ioIndex = idx;
 
     return 0;
-#else
+#else /* WOLFSSL_ASN_TEMPLATE */
     DECL_ASNGETDATA(dataASN, singleResponseASN_Length);
     int ret = 0;
-    word32 ocspDigestSize = OCSP_DIGEST_SIZE;
     CertStatus* cs = NULL;
-    word32 serialSz;
-    word32 issuerHashLen;
-    word32 issuerKeyHashLen;
     word32 thisDateLen;
     word32 nextDateLen;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
-    WOLFSSL_ASN1_TIME *at;
-#endif
+    word32 certIdSeqIdx;
 
     (void)wrapperSz;
 
@@ -34666,25 +36690,12 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     CALLOC_ASNGETDATA(dataASN, singleResponseASN_Length, ret, NULL);
 
     if (ret == 0) {
-        /* Certificate Status field. */
         cs = single->status;
-
         /* Set maximum lengths for data. */
-        issuerHashLen    = OCSP_DIGEST_SIZE;
-        issuerKeyHashLen = OCSP_DIGEST_SIZE;
-        serialSz         = EXTERNAL_SERIAL_SIZE;
         thisDateLen      = MAX_DATE_SIZE;
         nextDateLen      = MAX_DATE_SIZE;
 
         /* Set OID type, buffers to hold data and variables to hold size. */
-        GetASN_OID(&dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID],
-                oidHashType);
-        GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERHASH],
-                single->issuerHash, &issuerHashLen);
-        GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH],
-                single->issuerKeyHash, &issuerKeyHashLen);
-        GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_SERIAL], cs->serial,
-                &serialSz);
         GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT],
                 cs->thisDate, &thisDateLen);
         GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT],
@@ -34695,27 +36706,11 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
                 1, source, ioIndex, size);
     }
     if (ret == 0) {
-        single->hashAlgoOID =
-            dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum;
-        ocspDigestSize = (word32)wc_HashGetDigestSize(
-            wc_OidGetHash((int)single->hashAlgoOID));
-    }
-    /* Validate the issuer hash length is the size required. */
-    if ((ret == 0) && (issuerHashLen != ocspDigestSize)) {
-        ret = ASN_PARSE_E;
-    }
-    /* Validate the issuer key hash length is the size required. */
-    if (ret == 0) {
-        if (issuerKeyHashLen != ocspDigestSize) {
-            ret = ASN_PARSE_E;
-        }
+        certIdSeqIdx = 0;
+        ret = OcspDecodeCertIDInt(dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.ref.data,
+            &certIdSeqIdx, dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.ref.length, single);
     }
     if (ret == 0) {
-        /* Store serial size. */
-        cs->serialSz = (int)serialSz;
-        /* Set the hash algorithm OID */
-        single->hashAlgoOID =
-                dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum;
 
         /* Determine status by which item was found. */
         if (dataASN[SINGLERESPONSEASN_IDX_CS_GOOD].tag != 0) {
@@ -34731,48 +36726,49 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
         /* Store the thisDate format - only one possible. */
         cs->thisDateFormat = ASN_GENERALIZED_TIME;
     #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
-        /* Check date is a valid string and BEFORE now. */
-        if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) {
+        /* Check date is a valid string and ASN_BEFORE now. */
+        if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) {
             ret = ASN_BEFORE_DATE_E;
         }
+    #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */
     }
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (ret == 0) {
-    #endif
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-        defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
         /* Store ASN.1 version of thisDate. */
+        WOLFSSL_ASN1_TIME *at;
         cs->thisDateAsn = GetASNItem_Addr(
                 dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source);
         at = &cs->thisDateParsed;
         at->type = ASN_GENERALIZED_TIME;
         XMEMCPY(at->data, cs->thisDate, thisDateLen);
         at->length = (int)thisDateLen;
-    #endif
     }
+#endif
     if ((ret == 0) &&
             (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
         /* Store the nextDate format - only one possible. */
         cs->nextDateFormat = ASN_GENERALIZED_TIME;
     #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
-        /* Check date is a valid string and AFTER now. */
-        if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) {
+        /* Check date is a valid string and ASN_AFTER now. */
+        if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) {
             ret = ASN_AFTER_DATE_E;
         }
+    #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */
     }
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if ((ret == 0) &&
-            (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
-    #endif
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-        defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+            (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0))
+    {
         /* Store ASN.1 version of thisDate. */
+        WOLFSSL_ASN1_TIME *at;
         cs->nextDateAsn = GetASNItem_Addr(
                 dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source);
         at = &cs->nextDateParsed;
         at->type = ASN_GENERALIZED_TIME;
         XMEMCPY(at->data, cs->nextDate, nextDateLen);
         at->length = (int)nextDateLen;
-    #endif
     }
+#endif
     if (ret == 0) {
         /* OcspEntry now used. */
         single->used = 1;
@@ -34780,7 +36776,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
 
     FREE_ASNGETDATA(dataASN, NULL);
     return ret;
-#endif
+#endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -34950,7 +36946,8 @@ static const ASNItem ocspRespDataASN[] = {
                                              /* byName */
 /* BYNAME      */        { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 },
                                              /* byKey */
-/* BYKEY       */        { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 2 },
+/* BYKEY       */        { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 2 },
+/* BYKEY_OCT   */            { 2, ASN_OCTET_STRING, 0, 0, 0 },
                                              /* producedAt */
 /* PA          */        { 1, ASN_GENERALIZED_TIME, 0, 0, 0, },
                                              /* responses */
@@ -34964,6 +36961,7 @@ enum {
     OCSPRESPDATAASN_IDX_VER,
     OCSPRESPDATAASN_IDX_BYNAME,
     OCSPRESPDATAASN_IDX_BYKEY,
+    OCSPRESPDATAASN_IDX_BYKEY_OCT,
     OCSPRESPDATAASN_IDX_PA,
     OCSPRESPDATAASN_IDX_RESP,
     OCSPRESPDATAASN_IDX_RESPEXT,
@@ -35008,16 +37006,40 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         version = 0;
 
     localIdx = idx;
-    if (GetASNTag(source, &localIdx, &tag, size) == 0 &&
-        ( tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) ||
-          tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2) ))
+    if (GetASNTag(source, &localIdx, &tag, size) != 0)
+        return ASN_PARSE_E;
+
+    resp->responderIdType = OCSP_RESPONDER_ID_INVALID;
+    /* parse byName */
+    if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
     {
         idx++; /* advance past ASN tag */
         if (GetLength(source, &idx, &length, size) < 0)
             return ASN_PARSE_E;
+        /* compute the hash of the name */
+        resp->responderIdType = OCSP_RESPONDER_ID_NAME;
+        ret = CalcHashId_ex(source + idx, length,
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
+        if (ret != 0)
+            return ret;
         idx += length;
     }
-    else
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))
+    {
+        idx++; /* advance past ASN tag */
+        if (GetLength(source, &idx, &length, size) < 0)
+            return ASN_PARSE_E;
+
+        if (GetOctetString(source, &idx, &length, size) < 0)
+            return ASN_PARSE_E;
+
+        if (length != OCSP_RESPONDER_ID_KEY_SZ)
+            return ASN_PARSE_E;
+        resp->responderIdType = OCSP_RESPONDER_ID_KEY;
+        XMEMCPY(resp->responderId.keyHash, source + idx, length);
+        idx += length;
+    }
+    if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID)
         return ASN_PARSE_E;
 
     /* save pointer to the producedAt time */
@@ -35053,6 +37075,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
             XMEMSET(single->next->status, 0, sizeof(CertStatus));
 
             single->next->isDynamic = 1;
+            single->next->ownStatus = 1;
 
             single = single->next;
         }
@@ -35072,7 +37095,9 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
     DECL_ASNGETDATA(dataASN, ocspRespDataASN_Length);
     int ret = 0;
     byte version;
-    word32 dateSz, idx = *ioIndex;
+    word32 dateSz = 0;
+    word32 responderByKeySz = OCSP_RESPONDER_ID_KEY_SZ;
+    word32 idx = *ioIndex;
     OcspEntry* single = NULL;
 
     WOLFSSL_ENTER("DecodeResponseData");
@@ -35090,6 +37115,8 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         GetASN_Int8Bit(&dataASN[OCSPRESPDATAASN_IDX_VER], &version);
         GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_PA], resp->producedDate,
                 &dateSz);
+        GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT],
+                resp->responderId.keyHash, &responderByKeySz);
         /* Decode the ResponseData. */
         ret = GetASN_Items(ocspRespDataASN, dataASN, ocspRespDataASN_Length,
                 1, source, ioIndex, size);
@@ -35107,7 +37134,23 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         }
     }
     if (ret == 0) {
-        /* TODO: use byName/byKey fields. */
+        if (dataASN[OCSPRESPDATAASN_IDX_BYNAME].tag != 0) {
+            resp->responderIdType = OCSP_RESPONDER_ID_NAME;
+            ret = CalcHashId_ex(
+                dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.data,
+                dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.length,
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
+        } else {
+            resp->responderIdType = OCSP_RESPONDER_ID_KEY;
+            if (dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT].length
+                    != OCSP_RESPONDER_ID_KEY_SZ) {
+                ret = ASN_PARSE_E;
+            } else {
+                resp->responderIdType = OCSP_RESPONDER_ID_KEY;
+            }
+        }
+    }
+    if (ret == 0) {
         /* Store size of response. */
         resp->responseSz = *ioIndex - idx;
         /* Store date format/tag. */
@@ -35141,6 +37184,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
 
                     /* Entry to be freed. */
                     single->next->isDynamic = 1;
+                    single->next->ownStatus = 1;
                     /* used will be 0 (false) */
 
                     single = single->next;
@@ -35249,8 +37293,139 @@ enum {
 #define ocspBasicRespASN_Length (sizeof(ocspBasicRespASN) / sizeof(ASNItem))
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
+static int OcspRespIdMatch(OcspResponse *resp, const byte *NameHash,
+    const byte *keyHash)
+{
+    if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID)
+        return 0;
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME)
+        return XMEMCMP(NameHash, resp->responderId.nameHash,
+            SIGNER_DIGEST_SIZE) == 0;
+    /* OCSP_RESPONDER_ID_KEY */
+    return ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) &&
+        XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
+}
+
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+static int OcspRespCheck(OcspResponse *resp, Signer *responder)
+{
+    OcspEntry *s;
+
+    s = resp->single;
+    if (s == NULL)
+        return -1;
+
+    /* singles responses must have the same issuer */
+    for (; s != NULL; s = s->next) {
+        if (XMEMCMP(s->issuerKeyHash, responder->subjectKeyHash,
+                KEYID_SIZE) != 0)
+            return -1;
+    }
+
+    return 0;
+}
+#endif
+
+static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm)
+{
+    Signer *s;
+
+    if (cm == NULL)
+        return NULL;
+
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
+#ifndef NO_SKID
+        s = GetCAByName(cm, resp->responderId.nameHash);
+#else
+        s = GetCA(cm, resp->responderId.nameHash);
+#endif
+        if (s)
+            return s;
+    }
+    else if ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) {
+        s = GetCAByKeyHash(cm, resp->responderId.keyHash);
+        if (s)
+            return s;
+    }
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    if (resp->pendingCAs == NULL)
+        return NULL;
+
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
+        s = findSignerByName(resp->pendingCAs, resp->responderId.nameHash);
+        if (s)
+            return s;
+    }
+    else {
+        s = findSignerByKeyHash(resp->pendingCAs, resp->responderId.keyHash);
+        if (s)
+            return s;
+    }
+#endif
+    return NULL;
+}
+
+static int OcspCheckCert(OcspResponse *resp, int noVerify,
+    int noVerifySignature, WOLFSSL_CERT_MANAGER *cm, void *heap)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (cert == NULL)
+        return MEMORY_E;
+#else
+    DecodedCert cert[1];
+#endif
+
+    InitDecodedCert(cert, resp->cert, resp->certSz, heap);
+    ret = ParseCertRelative(cert, CERT_TYPE,
+                            noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
+                            cm, resp->pendingCAs);
+    if (ret < 0) {
+        WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
+    }
+
+    if (ret == 0 &&
+            OcspRespIdMatch(resp,
+                cert->subjectHash, cert->subjectKeyHash) == 0) {
+        WOLFSSL_MSG("\tInternal check doesn't match responder ID, ignoring\n");
+        ret = BAD_OCSP_RESPONDER;
+        goto err;
+    }
+
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    if (ret == 0 && !noVerify) {
+        ret = CheckOcspResponder(resp, cert, cm);
+        if (ret != 0) {
+            WOLFSSL_MSG("\tOCSP Responder certificate issuer check failed");
+            goto err;
+        }
+    }
+#endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */
+    if (ret == 0 && !noVerifySignature) {
+        ret = ConfirmSignature(
+            &cert->sigCtx,
+            resp->response, resp->responseSz,
+            cert->publicKey, cert->pubKeySize, cert->keyOID,
+            resp->sig, resp->sigSz, resp->sigOID, resp->sigParams,
+            resp->sigParamsSz, NULL);
+    }
+err:
+    FreeDecodedCert(cert);
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (cert != NULL) {
+        XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
+
+    return ret;
+}
+
 static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
-            OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify)
+            OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify,
+            int noVerifySignature)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int    length;
@@ -35260,8 +37435,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     #endif
     int    ret;
     int    sigLength;
-    const byte*   sigParams = NULL;
-    word32        sigParamsSz = 0;
+    int    sigValid = 0;
     WOLFSSL_ENTER("DecodeBasicOcspResponse");
     (void)heap;
 
@@ -35285,16 +37459,16 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     else if (resp->sigOID == CTC_RSASSAPSS) {
         word32 sz;
         int len;
-        const byte* params;
+        byte* params;
 
         sz = idx;
         params = source + idx;
         if (GetSequence(source, &idx, &len, size) < 0)
-            ret = ASN_PARSE_E;
+            return ASN_PARSE_E;
         if (ret == 0) {
             idx += len;
-            sigParams = params;
-            sigParamsSz = idx - sz;
+            resp->sigParams = params;
+            resp->sigParamsSz = idx - sz;
         }
     }
 #endif
@@ -35314,103 +37488,43 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
 #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
     if (idx < end_index)
     {
-        int cert_inited = 0;
-#ifdef WOLFSSL_SMALL_STACK
-        DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                  DYNAMIC_TYPE_TMP_BUFFER);
-        if (cert == NULL)
-            return MEMORY_E;
-#else
-        DecodedCert cert[1];
-#endif
+        if (DecodeCerts(source, &idx, resp, size) < 0)
+            return ASN_PARSE_E;
 
-        do {
-            if (DecodeCerts(source, &idx, resp, size) < 0) {
-                ret = ASN_PARSE_E;
-                break;
-            }
-
-            InitDecodedCert(cert, resp->cert, resp->certSz, heap);
-            cert_inited = 1;
-
-            /* Don't verify if we don't have access to Cert Manager. */
-            ret = ParseCertRelative(cert, CERT_TYPE,
-                                    noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
-                                    cm);
-            if (ret < 0) {
-                WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
-                break;
-            }
-
-#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
-            if ((cert->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) {
-                if (XMEMCMP(cert->subjectHash,
-                            resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) {
-                    WOLFSSL_MSG("\tOCSP Response signed by issuer");
-                }
-                else {
-                    WOLFSSL_MSG("\tOCSP Responder key usage check failed");
-    #ifdef OPENSSL_EXTRA
-                    resp->verifyError = OCSP_BAD_ISSUER;
-    #else
-                    ret = BAD_OCSP_RESPONDER;
-                    break;
-    #endif
-                }
-            }
-#endif
-
-            /* ConfirmSignature is blocking here */
-            ret = ConfirmSignature(
-                &cert->sigCtx,
-                resp->response, resp->responseSz,
-                cert->publicKey, cert->pubKeySize, cert->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
-                NULL);
-
-            if (ret != 0) {
-                WOLFSSL_MSG("\tOCSP Confirm signature failed");
-                ret = ASN_OCSP_CONFIRM_E;
-                break;
-            }
-        } while(0);
-
-        if (cert_inited)
-            FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-        if (ret != 0)
-            return ret;
+        ret = OcspCheckCert(resp, noVerify, noVerifySignature, cm, heap);
+        if (ret == 0) {
+            sigValid = 1;
+        }
+        else {
+            WOLFSSL_MSG("OCSP Internal cert can't verify the response\n");
+            /* try to verify the OCSP response with CA certs */
+            ret = 0;
+        }
     }
     else
 #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
-    {
+    if (!noVerifySignature && !sigValid) {
         Signer* ca;
-        int sigValid = -1;
+        SignatureCtx sigCtx;
+        ca = OcspFindSigner(resp, cm);
+        if (ca == NULL)
+            return ASN_NO_SIGNER_E;
 
-        #ifndef NO_SKID
-            ca = GetCA(cm, resp->single->issuerKeyHash);
-        #else
-            ca = GetCA(cm, resp->single->issuerHash);
-        #endif
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+        if (OcspRespCheck(resp, ca) != 0)
+           return BAD_OCSP_RESPONDER;
+#endif
+        InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
 
-        if (ca) {
-            SignatureCtx sigCtx;
-            InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
-
-            /* ConfirmSignature is blocking here */
-            sigValid = ConfirmSignature(&sigCtx, resp->response,
-                resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
-                NULL);
-        }
-        if (ca == NULL || sigValid != 0) {
+        /* ConfirmSignature is blocking here */
+        sigValid = ConfirmSignature(&sigCtx, resp->response,
+            resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
+            resp->sig, resp->sigSz, resp->sigOID, resp->sigParams,
+            resp->sigParamsSz, NULL);
+        if (sigValid != 0) {
             WOLFSSL_MSG("\tOCSP Confirm signature failed");
             return ASN_OCSP_CONFIRM_E;
         }
-
         (void)noVerify;
     }
 
@@ -35420,16 +37534,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     DECL_ASNGETDATA(dataASN, ocspBasicRespASN_Length);
     int ret = 0;
     word32 idx = *ioIndex;
-    const byte*   sigParams = NULL;
-    word32        sigParamsSz = 0;
-#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
-    #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert = NULL;
-    #else
-        DecodedCert cert[1];
-    #endif
-    int certInit = 0;
-#endif
+    Signer* ca = NULL;
+    int sigValid = 0;
 
     WOLFSSL_ENTER("DecodeBasicOcspResponse");
     (void)heap;
@@ -35446,20 +37552,18 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     if (ret == 0) {
         word32 dataIdx = 0;
         /* Decode the response data. */
-        if (DecodeResponseData(
+        ret = DecodeResponseData(
                 GetASNItem_Addr(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source),
                 &dataIdx, resp,
                 GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source)
-                ) < 0) {
-            ret = ASN_PARSE_E;
-        }
+                );
     }
 #ifdef WC_RSA_PSS
     if (ret == 0 && (dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS].tag != 0)) {
-        sigParams = GetASNItem_Addr(
+        resp->sigParams = GetASNItem_Addr(
                 dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS],
                 source);
-        sigParamsSz =
+        resp->sigParamsSz =
                GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS],
                source);
     }
@@ -35470,6 +37574,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE], &resp->sig,
                 &resp->sigSz);
     }
+    resp->certSz = 0;
 #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
     if ((ret == 0) &&
             (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
@@ -35477,99 +37582,52 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         /* Store reference to certificate BER data. */
         GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ], &resp->cert,
                 &resp->certSz);
-
-        /* Allocate a certificate object to decode cert into. */
-    #ifdef WOLFSSL_SMALL_STACK
-        cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-        if (cert == NULL) {
-            ret = MEMORY_E;
-        }
     }
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
-    #endif
-        /* Initialize the certificate object. */
-        InitDecodedCert(cert, resp->cert, resp->certSz, heap);
-        certInit = 1;
-        /* Parse the certificate and don't verify if we don't have access to
-         * Cert Manager. */
-        ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY,
-                cm);
-        if (ret < 0) {
-            WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
+
+    if ((ret == 0) && resp->certSz > 0) {
+        ret = OcspCheckCert(resp, noVerify, noVerifySignature,
+                            (WOLFSSL_CERT_MANAGER*)cm, heap);
+        if (ret == 0) {
+            sigValid = 1;
         }
+        ret = 0; /* try to verify the OCSP response with CA certs */
+    }
+#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
+    /* try to verify using cm certs */
+    if (ret == 0 && !noVerifySignature && !sigValid)
+    {
+        ca = OcspFindSigner(resp, (WOLFSSL_CERT_MANAGER*)cm);
+        if (ca == NULL)
+            ret = ASN_NO_SIGNER_E;
     }
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL) &&
-            !noVerify) {
-        ret = CheckOcspResponder(resp, cert, cm);
+    if (ret == 0 && !noVerifySignature && !sigValid) {
+        if (OcspRespCheck(resp, ca) != 0) {
+            ret = BAD_OCSP_RESPONDER;
+        }
     }
-#endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
+#endif
+    if (ret == 0 && !noVerifySignature && !sigValid) {
+        SignatureCtx sigCtx;
+        /* Initialize the signature context. */
+        InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
+
         /* TODO: ConfirmSignature is blocking here */
-        /* Check the signature of the response. */
-        ret = ConfirmSignature(&cert->sigCtx, resp->response, resp->responseSz,
-            cert->publicKey, cert->pubKeySize, cert->keyOID, resp->sig,
-            resp->sigSz, resp->sigOID, NULL, 0, NULL);
-        if (ret != 0) {
+        /* Check the signature of the response CA public key. */
+        sigValid = ConfirmSignature(&sigCtx, resp->response,
+            resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
+            resp->sig, resp->sigSz, resp->sigOID, resp->sigParams,
+            resp->sigParamsSz, NULL);
+        if (sigValid != 0) {
             WOLFSSL_MSG("\tOCSP Confirm signature failed");
             ret = ASN_OCSP_CONFIRM_E;
         }
     }
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data == NULL))
-#else
-    if (ret == 0)
-#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
-    {
-        Signer* ca;
-        int sigValid = -1;
-
-        /* Response didn't have a certificate - lookup CA. */
-    #ifndef NO_SKID
-        ca = GetCA(cm, resp->single->issuerKeyHash);
-    #else
-        ca = GetCA(cm, resp->single->issuerHash);
-    #endif
-        if (ca) {
-            SignatureCtx sigCtx;
-
-            /* Initialize he signature context. */
-            InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
-
-            /* TODO: ConfirmSignature is blocking here */
-            /* Check the signature of the response CA public key. */
-            sigValid = ConfirmSignature(&sigCtx, resp->response,
-                resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
-                NULL);
-        }
-        if ((ca == NULL) || (sigValid != 0)) {
-            /* Didn't find certificate or signature verificate failed. */
-            WOLFSSL_MSG("\tOCSP Confirm signature failed");
-            ret = ASN_OCSP_CONFIRM_E;
-        }
-    }
-
     if (ret == 0) {
         /* Update the position to after response data. */
         *ioIndex = idx;
     }
 
-#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
-    if (certInit) {
-        FreeDecodedCert(cert);
-    }
-    #ifdef WOLFSSL_SMALL_STACK
-    if (cert != NULL) {
-        /* Dispose of certificate object. */
-        XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    #endif
-#endif
     FREE_ASNGETDATA(dataASN, heap);
     return ret;
 #endif /* WOLFSSL_ASN_TEMPLATE */
@@ -35591,6 +37649,10 @@ void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status,
     resp->source         = source;
     resp->maxIdx         = inSz;
     resp->heap           = heap;
+    resp->pendingCAs     = NULL;
+    resp->sigParams      = NULL;
+    resp->sigParamsSz    = 0;
+    resp->responderIdType = OCSP_RESPONDER_ID_INVALID;
 }
 
 void FreeOcspResponse(OcspResponse* resp)
@@ -35644,7 +37706,8 @@ enum {
 #define ocspResponseASN_Length (sizeof(ocspResponseASN) / sizeof(ASNItem))
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
-int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
+int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap,
+    int noVerifyCert, int noVerifySignature)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int ret;
@@ -35713,7 +37776,8 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
         return ret;
     }
 
-    ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify);
+    ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap,
+         noVerifyCert, noVerifySignature);
     if (ret < 0) {
         WOLFSSL_LEAVE("OcspResponseDecode", ret);
         return ret;
@@ -35726,7 +37790,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
     int ret = 0;
     word32 idx = 0, size = resp->maxIdx;
     byte* source = resp->source;
-    byte status;
+    byte status = 0;
     byte* basic;
     word32 basicSz;
 
@@ -35753,7 +37817,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
             idx = 0;
             /* Decode BasicOCSPResponse. */
             ret = DecodeBasicOcspResponse(basic, &idx, resp, basicSz, cm, heap,
-                noVerify);
+                noVerifyCert, noVerifySignature);
         }
         /* Only support BasicOCSPResponse. */
         else {
@@ -35851,18 +37915,20 @@ word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size)
     /* Check request has nonce to write in extension. */
     if (req != NULL && req->nonceSz != 0) {
         DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length);
-        int sz;
+        int sz = 0;
 
         CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, req->heap);
 
-        /* Set nonce extension OID and nonce. */
-        SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId,
-                sizeof(NonceObjId));
-        SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce,
-                (word32)req->nonceSz);
-        /* Calculate size of nonce extension. */
-        ret = SizeASN_Items(ocspNonceExtASN, dataASN, ocspNonceExtASN_Length,
-                            &sz);
+        if (ret == 0) {
+            /* Set nonce extension OID and nonce. */
+            SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId,
+                    sizeof(NonceObjId));
+            SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce,
+                    (word32)req->nonceSz);
+            /* Calculate size of nonce extension. */
+            ret = SizeASN_Items(ocspNonceExtASN, dataASN,
+                                ocspNonceExtASN_Length, &sz);
+        }
         /* Check buffer big enough for encoding if supplied. */
         if ((ret == 0) && (output != NULL) && (sz > (int)size)) {
             ret = BUFFER_E;
@@ -35972,7 +38038,7 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
          */
         extSz = EncodeOcspRequestExtensions(req, extArray + 2,
                                             OCSP_NONCE_EXT_SZ);
-        extSz += SetExplicit(2, extSz, extArray);
+        extSz += SetExplicit(2, extSz, extArray, 0);
     }
 
     totalSz = algoSz + issuerSz + issuerKeySz + snSz;
@@ -36157,8 +38223,7 @@ void FreeOcspRequest(OcspRequest* req)
     WOLFSSL_ENTER("FreeOcspRequest");
 
     if (req) {
-        if (req->serial)
-            XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+        XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
         req->serial = NULL;
 
 #ifdef OPENSSL_EXTRA
@@ -36171,13 +38236,10 @@ void FreeOcspRequest(OcspRequest* req)
         req->serialInt = NULL;
 #endif
 
-        if (req->url)
-            XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+        XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
         req->url = NULL;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
-    defined(HAVE_LIGHTY)
+#ifdef OPENSSL_EXTRA
         if (req->cid != NULL)
             wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid);
         req->cid = NULL;
@@ -36395,8 +38457,7 @@ void FreeDecodedCRL(DecodedCRL* dcrl)
         tmp = next;
     }
 #ifdef OPENSSL_EXTRA
-    if (dcrl->issuer != NULL)
-        XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
 #endif
 }
 
@@ -36609,7 +38670,8 @@ static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
 
 int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
                         word32 tbsSz, const byte* signature, word32 sigSz,
-                        word32 signatureOID, Signer *ca, void* heap)
+                        word32 signatureOID, const byte* sigParams,
+                        int sigParamsSz, Signer *ca, void* heap)
 {
     /* try to confirm/verify signature */
 #ifndef IGNORE_KEY_EXTENSIONS
@@ -36623,7 +38685,7 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
     InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
     if (ConfirmSignature(sigCtx, toBeSigned, tbsSz, ca->publicKey,
                          ca->pubKeySize, ca->keyOID, signature, sigSz,
-                         signatureOID, NULL, 0, NULL) != 0) {
+                         signatureOID, sigParams, (word32)sigParamsSz, NULL) != 0) {
         WOLFSSL_MSG("CRL Confirm signature failed");
         WOLFSSL_ERROR_VERBOSE(ASN_CRL_CONFIRM_E);
         return ASN_CRL_CONFIRM_E;
@@ -36642,7 +38704,8 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned,
  * @return  ASN_CRL_NO_SIGNER_E when no signer found.
  * @return  ASN_CRL_CONFIRM_E when signature did not verify.
  */
-static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
+static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* sigParams,
+    int sigParamsSz, const byte* buff, void* cm)
 {
     int ret = 0;
     Signer* ca = NULL;
@@ -36686,7 +38749,7 @@ static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
         /* Verify CRL signature with CA. */
         ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin,
            dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength,
-           dcrl->signatureOID, ca, dcrl->heap);
+           dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap);
     }
 
     return ret;
@@ -36718,8 +38781,24 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
         dcrl->version++;
     }
 
-    if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0)
+    if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0) {
         return ASN_PARSE_E;
+    }
+#ifdef WC_RSA_PSS
+    else if (oid == CTC_RSASSAPSS) {
+        word32 tmpSz;
+        int len;
+
+        tmpSz = idx;
+        dcrl->sigParamsIndex = idx;
+        if (GetSequence(buf, &idx, &len, sz) < 0) {
+            dcrl->sigParamsIndex = 0;
+            return ASN_PARSE_E;
+        }
+        idx += len;
+        dcrl->sigParamsLength = idx - tmpSz;
+    }
+#endif
 
     checkIdx = idx;
     if (GetSequence(buf, &checkIdx, &length, sz) < 0) {
@@ -36756,7 +38835,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
     {
 #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
         if (verify != NO_VERIFY &&
-                !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+            !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
             WOLFSSL_MSG("CRL after date is no longer valid");
             WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
             return CRL_CERT_DATE_ERR;
@@ -36819,6 +38898,7 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
     }
 
     dcrl->extAuthKeyIdSet = 1;
+
     /* Get the hash or hash of the hash if wrong size. */
     ret = GetHashId(input + idx, length, dcrl->extAuthKeyId,
         HashIdAlg(dcrl->signatureOID));
@@ -36844,6 +38924,8 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
             WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available");
         }
         else {
+            dcrl->extAuthKeyIdSet = 1;
+
             /* Get the hash or hash of the hash if wrong size. */
             ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
                 (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
@@ -36857,7 +38939,6 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
 }
 #endif
 
-
 #ifndef WOLFSSL_ASN_TEMPLATE
 static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
         word32* inOutIdx, word32 sz)
@@ -37049,7 +39130,34 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
                 }
             #endif
             }
-            /* TODO: Parse CRL Number extension */
+            else if (oid == CRL_NUMBER_OID) {
+            #ifdef WOLFSSL_SMALL_STACK
+                mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
+                        DYNAMIC_TYPE_BIGINT);
+                if (m == NULL) {
+                    ret = MEMORY_E;
+                }
+            #else
+                mp_int m[1];
+            #endif
+
+                if (ret == 0) {
+                    if (mp_init(m) != MP_OKAY) {
+                        ret = MP_INIT_E;
+                    }
+                }
+                if (ret == 0) {
+                    ret = GetInt(m, buf, &idx, maxIdx);
+                }
+                if (ret == 0) {
+                    dcrl->crlNumber = (int)m->dp[0];
+                }
+
+                mp_free(m);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
+            #endif
+            }
             /* TODO: check criticality */
             /* Move index on to next extension. */
             idx += (word32)length;
@@ -37083,6 +39191,9 @@ static const ASNItem crlASN[] = {
 /* TBS_SIGALGO_OID    */                { 3, ASN_OBJECT_ID, 0, 0, 0 },
 /* TBS_SIGALGO_NULL   */                { 3, ASN_TAG_NULL, 0, 0, 1 },
                                                /* issuer */
+#ifdef WC_RSA_PSS
+/* TBS_SIGALGO_P_SEQ  */                { 3, ASN_SEQUENCE, 1, 0, 2 },
+#endif
 /* TBS_ISSUER         */            { 2, ASN_SEQUENCE, 1, 0, 0 },
                                                /* thisUpdate */
 /* TBS_THISUPDATE_UTC */            { 2, ASN_UTC_TIME, 0, 0, 2 },
@@ -37099,6 +39210,9 @@ static const ASNItem crlASN[] = {
 /* SIGALGO            */        { 1, ASN_SEQUENCE, 1, 1, 0 },
 /* SIGALGO_OID        */            { 2, ASN_OBJECT_ID, 0, 0, 0 },
 /* SIGALGO_NULL       */            { 2, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/* SIGALGO_PARAMS     */            { 2, ASN_SEQUENCE, 1, 0, 2 },
+#endif
                                            /* signatureValue */
 /* SIGNATURE          */        { 1, ASN_BIT_STRING, 0, 0, 0 },
 };
@@ -37109,6 +39223,9 @@ enum {
     CRLASN_IDX_TBS_SIGALGO,
     CRLASN_IDX_TBS_SIGALGO_OID,
     CRLASN_IDX_TBS_SIGALGO_NULL,
+#ifdef WC_RSA_PSS
+    CRLASN_IDX_TBS_SIGALGO_PARAMS,
+#endif
     CRLASN_IDX_TBS_ISSUER,
     CRLASN_IDX_TBS_THISUPDATE_UTC,
     CRLASN_IDX_TBS_THISUPDATE_GT,
@@ -37120,6 +39237,9 @@ enum {
     CRLASN_IDX_SIGALGO,
     CRLASN_IDX_SIGALGO_OID,
     CRLASN_IDX_SIGALGO_NULL,
+#ifdef WC_RSA_PSS
+    CRLASN_IDX_SIGALGO_PARAMS,
+#endif
     CRLASN_IDX_SIGNATURE,
 };
 
@@ -37137,6 +39257,8 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
     int          ret = 0;
     int          len;
     word32       idx = 0;
+    const byte* sigParams = NULL;
+    int sigParamsSz = 0;
 
     WOLFSSL_MSG("ParseCRL");
 
@@ -37166,8 +39288,24 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
 
     idx = dcrl->sigIndex;
 
-    if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0)
+    if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0) {
         return ASN_PARSE_E;
+    }
+#ifdef WC_RSA_PSS
+    else if (dcrl->signatureOID == CTC_RSASSAPSS) {
+        word32 tmpSz;
+        const byte* params;
+
+        tmpSz = idx;
+        params = buff + idx;
+        if (GetSequence(buff, &idx, &len, sz) < 0) {
+            return ASN_PARSE_E;
+        }
+        idx += len;
+        sigParams = params;
+        sigParamsSz = idx - tmpSz;
+    }
+#endif
 
     if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0)
         return ASN_PARSE_E;
@@ -37207,7 +39345,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
     WOLFSSL_MSG("Found CRL issuer CA");
     ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin,
            dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength,
-           dcrl->signatureOID, ca, dcrl->heap);
+           dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap);
 
 end:
     return ret;
@@ -37220,6 +39358,12 @@ end:
     /* Size of buffer for date. */
     word32 lastDateSz = MAX_DATE_SIZE;
     word32 nextDateSz = MAX_DATE_SIZE;
+    const byte* sigParams = NULL;
+    int   sigParamsSz = 0;
+#ifdef WC_RSA_PSS
+    const byte* tbsParams = NULL;
+    int   tbsParamsSz = 0;
+#endif
 
     /* When NO_ASN_TIME is defined, verify not used. */
     (void)verify;
@@ -37272,11 +39416,54 @@ end:
         dcrl->certBegin = dataASN[CRLASN_IDX_TBS].offset;
         /* Store index of signature. */
         dcrl->sigIndex = dataASN[CRLASN_IDX_SIGALGO].offset;
+
+    #ifdef WC_RSA_PSS
+        /* get TBS and Signature parameters for PSS */
+        if (dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS].tag != 0) {
+            tbsParams =
+                GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
+                    buff);
+            tbsParamsSz =(int)
+                GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
+                    buff);
+        }
+        if (dataASN[CRLASN_IDX_SIGALGO_PARAMS].tag != 0) {
+            sigParams =
+                GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
+                    buff);
+            sigParamsSz = (int)
+                GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
+                    buff);
+            dcrl->sigParamsIndex =
+                dataASN[CRLASN_IDX_SIGALGO_PARAMS].offset;
+            dcrl->sigParamsLength = (word32)sigParamsSz;
+        }
+    #endif
+
         /* Store address and length of signature data. */
         GetASN_GetRef(&dataASN[CRLASN_IDX_SIGNATURE], &dcrl->signature,
                 &dcrl->sigLength);
         /* Get the signature OID. */
         dcrl->signatureOID = dataASN[CRLASN_IDX_SIGALGO_OID].data.oid.sum;
+
+    #ifdef WC_RSA_PSS
+        /* Sanity check on parameters found */
+        if (tbsParamsSz != sigParamsSz) {
+            WOLFSSL_MSG("CRL TBS and signature parameter sizes mismatch");
+            ret = ASN_PARSE_E;
+        }
+        else if ((tbsParamsSz > 0) &&
+          (dataASN[CRLASN_IDX_TBS_SIGALGO_OID].data.oid.sum != CTC_RSASSAPSS)) {
+            WOLFSSL_MSG("CRL unexpected signature parameters found");
+            ret = ASN_PARSE_E;
+        }
+        else if ((tbsParamsSz > 0) &&
+                 (XMEMCMP(tbsParams, sigParams, (word32)tbsParamsSz) != 0)) {
+            WOLFSSL_MSG("CRL TBS and signature parameter mismatch");
+            ret = ASN_PARSE_E;
+        }
+    #endif
+
         /* Get the format/tag of the last and next date. */
         dcrl->lastDateFormat = (dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC].tag != 0)
                 ? dataASN[CRLASN_IDX_TBS_THISUPDATE_UTC].tag
@@ -37288,7 +39475,7 @@ end:
         if (dcrl->nextDateFormat != 0) {
             /* Next date was set, so validate it. */
             if (verify != NO_VERIFY &&
-                 !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
+                 !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
                 WOLFSSL_MSG("CRL after date is no longer valid");
                 ret = CRL_CERT_DATE_ERR;
                 WOLFSSL_ERROR_VERBOSE(ret);
@@ -37329,7 +39516,7 @@ end:
     }
     if (ret == 0) {
         /* Find signer and verify signature. */
-        ret = PaseCRL_CheckSignature(dcrl, buff, cm);
+        ret = PaseCRL_CheckSignature(dcrl, sigParams, sigParamsSz, buff, cm);
     }
 
     FREE_ASNGETDATA(dataASN, dcrl->heap);
@@ -37600,8 +39787,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
                 mimeType == MIME_PARAM)) && pos >= 1) {
                 mimeStatus = MIME_BODYVAL;
                 end = pos-1;
-                if (nameAttr != NULL)
-                    XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+                XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+                nameAttr = NULL;
                 ret = wc_MIME_header_strip(curLine, &nameAttr, start, end);
                 if (ret) {
                     goto error;
@@ -37610,10 +39797,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
             }
             else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) {
                 end = pos-1;
-                if (bodyVal != NULL) {
-                    XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
-                    bodyVal = NULL;
-                }
+                XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
+                bodyVal = NULL;
                 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end);
                 if (ret) {
                     goto error;
@@ -37706,12 +39891,9 @@ error:
     if (ret != 0)
         wc_MIME_free_hdrs(curHdr);
     wc_MIME_free_hdrs(nextHdr);
-    if (nameAttr != NULL)
-        XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
-    if (bodyVal != NULL)
-        XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
-    if (nextParam != NULL)
-        XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
+    XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
 
     return ret;
 }
@@ -37758,8 +39940,8 @@ int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end)
 }
 
 /*****************************************************************************
-* wc_MIME_find_header_name - Searches through all given headers until a header with
-* a name matching the provided name is found.
+* wc_MIME_find_header_name - Searches through all given headers until a header
+* with a name matching the provided name is found.
 *
 * RETURNS:
 * returns a pointer to the found header, if no match was found, returns NULL.
@@ -37837,8 +40019,8 @@ char* wc_MIME_single_canonicalize(const char* line, word32* len)
 }
 
 /*****************************************************************************
-* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from
-* the provided header pointer.
+* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting
+* from the provided header pointer.
 *
 * RETURNS:
 * returns zero on success, non-zero on error.
@@ -38121,7 +40303,7 @@ static void PrintObjectIdText(Asn1* asn1, Asn1PrintOptions* opts)
 
     /* Get the OID value for the OBJECT_ID. */
     if (GetObjectId(asn1->data + asn1->offset, &i, &oid, oidIgnoreType,
-            asn1->item.len + 2) == ASN_PARSE_E) {
+            asn1->item.len + 2) == WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         known = 0;
     }
     else
@@ -38640,8 +40822,7 @@ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data,
 #endif /* !NO_ASN */
 
 /* Functions that parse, but are not using ASN.1 */
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
+#if !defined(NO_RSA) && (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
 /* import RSA public key elements (n, e) into RsaKey structure (key) */
 /* this function does not use any ASN.1 parsing */
 int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
@@ -38692,8 +40873,1106 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
 
     return 0;
 }
-#endif /* !NO_RSA && !HAVE_USER_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
+#endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
 
+#if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE)
+/* Initialize decoded attribute certificate object with buffer of DER encoding.
+ *
+ * @param [in, out] acert   Decoded attribute certificate object.
+ * @param [in]      source  Buffer containing DER encoded certificate.
+ * @param [in]      inSz    Size of DER data in buffer in bytes.
+ * @param [in]      heap    Dynamic memory hint.
+ */
+void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
+                      void* heap)
+{
+    WOLFSSL_MSG("InitDecodedAcert");
+
+    if (acert == NULL) {
+        return;
+    }
+
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+    acert->heap = heap;
+    acert->source = source;  /* don't own */
+    acert->maxIdx = inSz;    /* can't go over this index */
+    acert->heap = heap;
+
+    InitSignatureCtx(&acert->sigCtx, heap, INVALID_DEVID);
+
+    return;
+}
+
+/* Free the decoded attribute cert object's dynamic data.
+ *
+ * @param [in, out] acert   Decoded attribute certificate object.
+ */
+void FreeDecodedAcert(DecodedAcert * acert)
+{
+    WOLFSSL_MSG("FreeDecodedAcert");
+
+    if (acert == NULL) {
+        return;
+    }
+
+    if (acert->holderIssuerName) {
+        FreeAltNames(acert->holderIssuerName, acert->heap);
+        acert->holderIssuerName = NULL;
+    }
+
+    if (acert->holderEntityName) {
+        FreeAltNames(acert->holderEntityName, acert->heap);
+        acert->holderEntityName = NULL;
+    }
+
+    if (acert->AttCertIssuerName) {
+        FreeAltNames(acert->AttCertIssuerName, acert->heap);
+        acert->AttCertIssuerName = NULL;
+    }
+
+    FreeSignatureCtx(&acert->sigCtx);
+
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+    return;
+}
+
+/* Decode an Attribute Cert GeneralName field.
+ *
+ * @param [in]      input     Buffer containing encoded OtherName.
+ * @param [in, out] inOutIdx  On in, the index of the start of the OtherName.
+ *                            On out, index after OtherName.
+ * @param [in]      len       Length of data in buffer.
+ * @param [in]      acert     Decoded attribute certificate object.
+ * @param [in, out] entries   Linked list of DNS name entries.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
+                                  byte tag, int len, DecodedAcert* acert,
+                                  DNS_entry** entries)
+{
+    int    ret = 0;
+    word32 idx = *inOutIdx;
+
+    /* GeneralName choice: dnsName */
+    if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_DNS_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+#ifndef IGNORE_NAME_CONSTRAINTS
+    /* GeneralName choice: directoryName */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
+        int    strLen = 0;
+        word32 idxDir = idx;
+
+        /* Expecting a SEQUENCE using up all data. */
+        if (GetASN_Sequence(input, &idxDir, &strLen, idx + (word32)len, 1) < 0)
+        {
+            WOLFSSL_MSG("\tfail: seq length");
+            return ASN_PARSE_E;
+        }
+
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idxDir), strLen,
+                          ASN_DIR_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    /* GeneralName choice: rfc822Name */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                ASN_RFC822_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    /* GeneralName choice: uniformResourceIdentifier */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
+        WOLFSSL_MSG("\tPutting URI into list but not using");
+
+    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
+        /* Verify RFC 5280 Sec 4.2.1.6 rule:
+           "The name MUST NOT be a relative URI"
+           As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
+           a scheme and hier-part.  So the only strict requirement is a ':'
+           being present after the scheme.  If a '/' is present as part of the
+           hier-part, it must come after the ':' (see RFC 3986 Sec 3). */
+        {
+            int i = 0;
+
+            /* skip past scheme (i.e http,ftp,...) finding first ':' char */
+            for (i = 0; i < len; i++) {
+                if (input[idx + (word32)i] == ':') {
+                    break;
+                }
+                if (input[idx + (word32)i] == '/') {
+                    i = len; /* error, found relative path since '/' was
+                              * encountered before ':'. Returning error
+                              * value in next if statement. */
+                }
+            }
+
+            /* test hier-part is empty */
+            if (i == 0 || i == len) {
+                WOLFSSL_MSG("\tEmpty or malformed URI");
+                WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
+                return ASN_ALT_NAME_E;
+            }
+
+            /* test if scheme is missing  */
+            if (input[idx + (word32)i] != ':') {
+                WOLFSSL_MSG("\tAlt Name must be absolute URI");
+                WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
+                return ASN_ALT_NAME_E;
+            }
+        }
+    #endif
+
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_URI_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
+                                            defined(WOLFSSL_IP_ALT_NAME)
+    /* GeneralName choice: iPAddress */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_IP_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #endif /* WOLFSSL_QT || OPENSSL_ALL */
+
+    #ifdef OPENSSL_ALL
+    /* GeneralName choice: registeredID */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                ASN_RID_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #endif
+#endif /* IGNORE_NAME_CONSTRAINTS */
+    /* GeneralName choice: dNSName, x400Address, ediPartyName */
+    else {
+        WOLFSSL_MSG("\tUnsupported name type, skipping");
+        idx += (word32)len;
+    }
+
+    if (ret == 0) {
+        /* Return index of next encoded byte. */
+        *inOutIdx = idx;
+    }
+    return ret;
+}
+
+/* Decode General Names from an ACERT input.
+ *
+ * @param [in]      input    Buffer holding encoded data.
+ * @param [in]      sz       Size of encoded data in bytes.
+ * @param [in]      tag      ASN.1 tag value expected in header.
+ * @param [in, out] acert    Decoded attribute certificate object.
+ * @param [in, out] entries  Linked list of DNS name entries.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DecodeAcertGeneralNames(const byte* input, word32 sz,
+                                   byte tag, DecodedAcert* acert,
+                                   DNS_entry** entries)
+{
+    word32 idx = 0;
+    int    length = 0;
+    int    ret = 0;
+    word32 numNames = 0;
+
+    if (GetASNHeader(input, tag, &idx, &length, sz) <= 0) {
+        WOLFSSL_MSG("error: acert general names: bad header");
+        return ASN_PARSE_E;
+    }
+
+    if (length == 0) {
+        WOLFSSL_MSG("error: acert general names: zero length");
+        return ASN_PARSE_E;
+    }
+
+    if ((word32)length + idx != sz) {
+        #ifdef DEBUG_WOLFSSL
+        WOLFSSL_MSG_EX("error: acert general names: got %d, expected %d",
+                       (word32)length + idx, sz);
+        #endif
+        return ASN_PARSE_E;
+    }
+
+    while ((ret == 0) && (idx < sz)) {
+        ASNGetData dataASN[altNameASN_Length];
+
+        /* Not sure what a reasonable max would be for attribute certs,
+         * therefore observing WOLFSSL_MAX_ALT_NAMES limit. */
+        numNames++;
+        if (numNames > WOLFSSL_MAX_ALT_NAMES) {
+            #ifdef DEBUG_WOLFSSL
+            WOLFSSL_MSG_EX("error: acert general names: too many names, %d",
+                           numNames);
+            #endif
+            ret = ASN_ALT_NAME_E;
+            break;
+        }
+
+        /* Clear dynamic data items. */
+        XMEMSET(dataASN, 0, sizeof(dataASN));
+        /* Parse GeneralName with the choices supported. */
+        GetASN_Choice(&dataASN[ALTNAMEASN_IDX_GN], generalNameChoice);
+        /* Decode a GeneralName choice. */
+        ret = GetASN_Items(altNameASN, dataASN, altNameASN_Length, 0, input,
+                           &idx, sz);
+
+        if (ret != 0) {
+            break;
+        }
+
+        ret = DecodeAcertGeneralName(input, &idx,
+                                     dataASN[ALTNAMEASN_IDX_GN].tag,
+                                     (int)dataASN[ALTNAMEASN_IDX_GN].length,
+                                     acert, entries);
+    }
+
+    return ret;
+}
+
+/* Holder has three potential forms:
+ *   Holder ::= SEQUENCE {
+ *     baseCertificateID   [0] IssuerSerial OPTIONAL,
+ *         -- the issuer and serial number of
+ *         -- the holder's Public Key Certificate
+ *     entityName          [1] GeneralNames OPTIONAL,
+ *         -- the name of the claimant or role
+ *     objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
+ *         -- used to directly authenticate the holder,
+ *         -- for example, an executable
+ *   }
+ *
+ * where IssuerSerial is:
+ *   IssuerSerial  ::=  SEQUENCE {
+ *     issuer         GeneralNames,
+ *     serial         CertificateSerialNumber,
+ *     issuerUID      UniqueIdentifier OPTIONAL
+ *   }
+ *
+ * Note:
+ *   - Holder Option 2 objectDigestInfo is not mandatory
+ *     for the spec and is not implemented here yet.
+ *
+ *   - issuerUniqueID not supported yet.
+ * */
+static const ASNItem HolderASN[] =
+{
+                     /* Holder root sequence. */
+/* HOLDER_SEQ  */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+                         /* Holder Option 0:*/
+                         /* baseCertificateID   [0] IssuerSerial OPTIONAL */
+/* ISSUERSERIAL_SEQ  */  { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 2 },
+                             /* issuer         GeneralNames, */
+/* GN_SEQ  */                { 2, ASN_SEQUENCE, 1, 0, 0 },
+                             /* serial     CertificateSerialNumber */
+/* SERIAL_INT  */            { 2, ASN_INTEGER, 0, 0, 0 },
+                         /* Holder Option 1: */
+                         /* entityName          [1] GeneralNames OPTIONAL */
+/* ENTITYNAME_SEQ  */  { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 1, 2 },
+};
+
+enum {
+    HOLDER_IDX_SEQ = 0,
+    HOLDER_IDX_ISSUERSERIAL_SEQ,
+    HOLDER_IDX_GN_SEQ,
+    HOLDER_IDX_SERIAL_INT,
+    HOLDER_IDX_GN_SEQ_OPT1
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem))
+
+/* Decode the Holder field of an x509 attribute certificate.
+ *
+ * @param [in]      input     Buffer containing encoded Holder field.
+ * @param [in]      len       Length of Holder field.
+ * @param [in, out] acert     Decoded attribute certificate object.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * */
+static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert)
+{
+    DECL_ASNGETDATA(dataASN, HolderASN_Length);
+    int    ret = 0;
+    word32 idx = 0;
+    word32 holderSerialSz = 0;
+
+    if (input == NULL || len <= 0 || acert == NULL) {
+        return BUFFER_E;
+    }
+
+    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+    printf("debug: decode holder: holder len: %d\n", len);
+    #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+    CALLOC_ASNGETDATA(dataASN, HolderASN_Length, ret, acert->heap);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return MEMORY_E;
+    }
+
+    holderSerialSz = EXTERNAL_SERIAL_SIZE;
+
+    GetASN_Buffer(&dataASN[HOLDER_IDX_SERIAL_INT], acert->holderSerial,
+                  &holderSerialSz);
+
+    ret = GetASN_Items(HolderASN, dataASN, HolderASN_Length, 0, input,
+                       &idx, len);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: Holder: GetASN_Items failed");
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return ret;
+    }
+
+    if (dataASN[HOLDER_IDX_SERIAL_INT].tag != 0) {
+        acert->holderSerialSz = (int)holderSerialSz;
+    }
+    else {
+        acert->holderSerialSz = 0;
+    }
+
+    {
+        /* Now parse the GeneralNames field.
+         * Use the HOLDER_IDX_GN_SEQ offset for input. */
+        const byte * gn_input = NULL;
+        word32       gn_len = 0;
+        byte         tag = 0x00;
+
+        /* Determine which tag was seen. */
+        if (dataASN[HOLDER_IDX_GN_SEQ].tag != 0) {
+            gn_input = input + dataASN[HOLDER_IDX_GN_SEQ].offset;
+            gn_len = dataASN[HOLDER_IDX_GN_SEQ].length;
+            tag = dataASN[HOLDER_IDX_GN_SEQ].tag;
+
+            if (gn_len >= ASN_LONG_LENGTH) {
+                gn_len += 3;
+            }
+            else {
+                gn_len += 2;
+            }
+
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+            printf("debug: decode holder: holder index: %d\n",
+                   HOLDER_IDX_GN_SEQ);
+            #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+            ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, acert,
+                                          &acert->holderIssuerName);
+        }
+
+        if (dataASN[HOLDER_IDX_GN_SEQ_OPT1].tag != 0) {
+            gn_input = input + dataASN[HOLDER_IDX_GN_SEQ_OPT1].offset;
+            gn_len = dataASN[HOLDER_IDX_GN_SEQ_OPT1].length;
+            tag = dataASN[HOLDER_IDX_GN_SEQ_OPT1].tag;
+
+            if (gn_len >= ASN_LONG_LENGTH) {
+                gn_len += 3;
+            }
+            else {
+                gn_len += 2;
+            }
+
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+            printf("debug: decode holder: holder index: %d\n",
+                   HOLDER_IDX_GN_SEQ_OPT1);
+            #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+            ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, acert,
+                                          &acert->holderEntityName);
+        }
+
+        if (ret != 0) {
+            WOLFSSL_MSG("error: Holder: DecodeAcertGeneralNames failed");
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            return ret;
+        }
+    }
+
+    FREE_ASNGETDATA(dataASN, acert->heap);
+    return 0;
+}
+
+/* Note on AttCertIssuer field. ACERTs are supposed to follow
+ * v2form, but some (acert_bc1.pem) follow v1form. Because
+ * of the limited set of example ACERTs, the v1form will be
+ * tolerated for now but the field will not be parsed.
+ *
+ * More info from RFC below:
+ *
+ * From RFC 5755.
+ * 4.2.3.  Issuer
+ *
+ * ACs conforming to this profile MUST use the v2Form choice, which MUST
+ * contain one and only one GeneralName in the issuerName, which MUST
+ * contain a non-empty distinguished name in the directoryName field.
+ * This means that all AC issuers MUST have non-empty distinguished
+ * names.  ACs conforming to this profile MUST omit the
+ * baseCertificateID and objectDigestInfo fields.
+ *
+ * 4.1.  X.509 Attribute Certificate Definition
+ *
+ * AttCertIssuer ::= CHOICE {
+ *   v1Form      GeneralNames,  -- MUST NOT be used in this
+ *                              -- profile
+ *   v2Form  [0] V2Form         -- v2 only
+ * }
+ *
+ * V2Form ::= SEQUENCE {
+ *   issuerName             GeneralNames  OPTIONAL,
+ *   baseCertificateID  [0] IssuerSerial  OPTIONAL,
+ *   objectDigestInfo   [1] ObjectDigestInfo  OPTIONAL
+ *          -- issuerName MUST be present in this profile
+ *          -- baseCertificateID and objectDigestInfo MUST
+ *          -- NOT be present in this profile
+ * }
+ * */
+static const ASNItem AttCertIssuerASN[] =
+{
+                           /* V2Form ::= SEQUENCE { */
+/* AttCertIssuer_GN_SEQ */ { 0, ASN_SEQUENCE, 1, 0, 0 },
+};
+
+enum {
+    ATTCERTISSUER_IDX_GN_SEQ
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define AttCertIssuerASN_Length (sizeof(AttCertIssuerASN) / sizeof(ASNItem))
+
+/* Decode the AttCertIssuer Field of an x509 attribute certificate.
+ *
+ * @param [in]      input     Buffer containing encoded AttCertIssuer field.
+ * @param [in]      len       Length of Holder field.
+ * @param [in,out]  acert     Decoded attribute certificate object.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * */
+static int DecodeAttCertIssuer(const byte* input, word32 len,
+                               DecodedAcert* cert)
+{
+    DECL_ASNGETDATA(dataASN, AttCertIssuerASN_Length);
+    int          ret = 0;
+    word32       idx = 0;
+    const byte * gn_input = NULL;
+    word32       gn_len = 0;
+    byte         tag = 0x00;
+
+    if (input == NULL || len <= 0 || cert == NULL) {
+        return BUFFER_E;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AttCertIssuerASN_Length, ret, cert->heap);
+
+    if (ret != 0) {
+        return MEMORY_E;
+    }
+
+    ret = GetASN_Items(AttCertIssuerASN, dataASN, AttCertIssuerASN_Length,
+                       0, input, &idx, len);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, cert->heap);
+        WOLFSSL_MSG("error: AttCertIssuer: GetASN_Items failed");
+        return ret;
+    }
+
+    /* Now parse the GeneralNames field.
+     * Use the HOLDER_IDX_GN_SEQ offset for input. */
+    gn_input = input + dataASN[ATTCERTISSUER_IDX_GN_SEQ].offset;
+    gn_len = dataASN[ATTCERTISSUER_IDX_GN_SEQ].length;
+    tag = dataASN[ATTCERTISSUER_IDX_GN_SEQ].tag;
+
+    if (gn_len >= ASN_LONG_LENGTH) {
+        gn_len += 3;
+    }
+    else {
+        gn_len += 2;
+    }
+
+    ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, cert,
+                                  &cert->AttCertIssuerName);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, cert->heap);
+        WOLFSSL_MSG("error: AttCertIssuer: DecodeAcertGeneralNames failed");
+        return ret;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    return 0;
+}
+
+
+/* ASN template for an X509 Attribute Certificate,
+ * from RFC 5755
+ */
+static const ASNItem AcertASN[] =
+{
+                          /* AttributeCertificate ::= SEQUENCE */
+/* SEQ                */  { 0, ASN_SEQUENCE, 1, 1, 0 },
+                              /* AttributeCertificateInfo ::= SEQUENCE  */
+/* ACINFO_SEQ         */      { 1, ASN_SEQUENCE, 1, 1, 0 },
+                                  /* AttCertVersion ::= INTEGER { v2(1) } */
+/* ACINFO_VER_INT     */          { 2, ASN_INTEGER, 0, 0, 0 },
+                                  /* holder   Holder */
+/* ACINFO_HOLDER_SEQ  */          { 2, ASN_SEQUENCE, 1, 0, 0 },
+                                  /* issuer   AttCertIssuer */
+                                  /* v2Form   [0] V2Form  */
+/* ACINFO_ISSUER_V2FORM */        { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 2 },
+                                  /* v1Form   GeneralNames */
+/* ACINFO_ISSUER_V1FORM  */       { 2, ASN_SEQUENCE, 1, 0, 2 },
+                                  /* signature    AlgorithmIdentifier */
+                                  /* AlgorithmIdentifier ::= SEQUENCE */
+/* ACINFO_ALGOID_SEQ */           { 2, ASN_SEQUENCE, 1, 1, 0 },
+                                      /* Algorithm    OBJECT IDENTIFIER */
+/* ACINFO_ALGOID_OID */               { 3, ASN_OBJECT_ID, 0, 0, 0 },
+                                      /* parameters */
+/* ACINFO_ALGOID_PARAMS_NULL */       { 3, ASN_TAG_NULL, 0, 0, 2 },
+#ifdef WC_RSA_PSS
+/* ACINFO_ALGOID_PARAMS */            { 3, ASN_SEQUENCE, 1, 0, 2 },
+#endif
+                                  /* CertificateSerialNumber ::= INTEGER */
+/* ACINFO_SERIAL        */        { 2, ASN_INTEGER, 0, 0, 0 },
+                                  /* Validity ::= SEQUENCE */
+/* ACINFO_VALIDITY_SEQ      */    { 2, ASN_SEQUENCE, 1, 1, 0 },
+                                      /* notBeforeTime  GeneralizedTime,  */
+/* ACINFO_VALIDITY_NOTB_GT  */        { 3, ASN_GENERALIZED_TIME, 0, 0, 2 },
+                                      /* notAfterTime   GeneralizedTime */
+/* ACINFO_VALIDITY_NOTA_GT  */        { 3, ASN_GENERALIZED_TIME, 0, 0, 3 },
+                                  /* attributes        SEQUENCE OF Attribute */
+/* ACINFO_ATTRIBUTES_SEQ    */    { 2, ASN_SEQUENCE, 1, 0, 0 },
+                                  /* issuerUniqueID    OPTIONAL, */
+/* ACINFO_UNIQUE_ID         */    { 2, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 },
+                                  /* extensions        OPTIONAL */
+/* ACINFO_EXT               */    { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 1 },
+/* ACINFO_EXT_SEQ           */    { 2, ASN_SEQUENCE, 1, 0, 1 },
+                              /* signature    AlgorithmIdentifier */
+                              /* AlgorithmIdentifier ::= SEQUENCE */
+/* SIGALGO_SEQ         */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+                                  /* Algorithm    OBJECT IDENTIFIER */
+/* SIGALGO_OID         */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+                                  /* parameters */
+/* SIGALGO_PARAMS_NULL */         { 2, ASN_TAG_NULL, 0, 0, 2 },
+#ifdef WC_RSA_PSS
+/* SIGALGO_PARAMS      */         { 2, ASN_SEQUENCE, 1, 0, 2 },
+#endif
+                              /* signature    BIT STRING */
+/* SIGNATURE           */     { 1, ASN_BIT_STRING, 0, 0, 0 },
+};
+
+enum {
+    ACERT_IDX_SEQ = 0,
+    ACERT_IDX_ACINFO_SEQ,
+    ACERT_IDX_ACINFO_VER_INT,
+    /* ACINFO holder and issuer */
+    ACERT_IDX_ACINFO_HOLDER_SEQ,
+    /* The issuer should be in V2 form, but tolerate V1 for now. */
+    ACERT_IDX_ACINFO_ISSUER_V2,
+    ACERT_IDX_ACINFO_ISSUER_V1,
+    /* ACINFO sig alg*/
+    ACERT_IDX_ACINFO_ALGOID_SEQ,
+    ACERT_IDX_ACINFO_ALGOID_OID,
+    ACERT_IDX_ACINFO_ALGOID_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    /* Additional RSA-PSS params. */
+    ACERT_IDX_ACINFO_ALGOID_PARAMS,
+#endif
+    /* serial number */
+    ACERT_IDX_ACINFO_SERIAL,
+    /* validity time */
+    ACERT_IDX_ACINFO_VALIDITY_SEQ,
+    ACERT_IDX_ACINFO_VALIDITY_NOTB_GT,
+    ACERT_IDX_ACINFO_VALIDITY_NOTA_GT,
+    /* attributes */
+    ACERT_IDX_ACINFO_ATTRIBUTES_SEQ,
+    /* unique identifier */
+    ACERT_IDX_ACINFO_UNIQUE_ID,
+    /* extensions */
+    ACERT_ACINFO_EXT,
+    ACERT_ACINFO_EXT_SEQ,
+    /* sig alg */
+    ACERT_IDX_SIGALGO_SEQ,
+    ACERT_IDX_SIGALGO_OID,
+    ACERT_IDX_SIGALGO_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    /* Additional RSA-PSS params. */
+    ACERT_IDX_SIGALGO_PARAMS,
+#endif
+    /* signature */
+    ACERT_IDX_SIGNATURE,
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(ACERT_IDX)
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define AcertASN_Length (sizeof(AcertASN) / sizeof(ASNItem))
+
+/* Initial implementation for parsing and verifying an
+ * X509 Attribute Certificate (RFC 5755).
+ *
+ * At present these fields are NOT parsed:
+ *   - issuerUniqueID
+ *   - extensions
+ *   - attributes
+ *
+ * @param [in, out] acert   Decoded attribute certificate object.
+ * @param [in]      verify  Whether to verify dates.
+ * @return  0 on success.
+ * @return  negative error code on error/fail.
+ * */
+int ParseX509Acert(DecodedAcert* acert, int verify)
+{
+    DECL_ASNGETDATA(dataASN, AcertASN_Length);
+    int    ret = 0;
+    word32 idx = 0;
+    int    badDate = 0;
+    byte   version = 0;
+    word32 serialSz = EXTERNAL_SERIAL_SIZE;
+
+    WOLFSSL_MSG("ParseX509Acert");
+
+    if (acert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, acert->heap);
+
+    if (ret != 0) {
+        return MEMORY_E;
+    }
+
+    /* Get the version and put the serial number into the buffer. */
+    GetASN_Int8Bit(&dataASN[ACERT_IDX_ACINFO_VER_INT], &version);
+
+    GetASN_Buffer(&dataASN[ACERT_IDX_ACINFO_SERIAL], acert->serial,
+                  &serialSz);
+
+    /* Check OID types for signature algorithm. */
+    GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType);
+    GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType);
+
+    /* Parse the X509 certificate. */
+    ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1,
+                       acert->source, &acert->srcIdx, acert->maxIdx);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return ret;
+    }
+
+    /* Check version is valid/supported - can't be negative. */
+    if (version > MAX_X509_VERSION) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        WOLFSSL_MSG("Unexpected attribute certificate version");
+        WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+        return ASN_PARSE_E;
+    }
+
+    acert->version = version;
+    acert->serialSz = (int)serialSz;
+
+    acert->signatureOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum;
+    acert->certBegin = dataASN[ACERT_IDX_ACINFO_SEQ].offset;
+
+    /* check BEFORE date. */
+    idx = ACERT_IDX_ACINFO_VALIDITY_NOTB_GT;
+    if (CheckDate(&dataASN[idx], BEFORE) < 0) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            badDate = ASN_BEFORE_DATE_E;
+        }
+    }
+
+    /* Store reference to BEFORE date. */
+    acert->beforeDate = GetASNItem_Addr(dataASN[idx], acert->source);
+    acert->beforeDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source);
+
+    /* check AFTER date. */
+    idx = ACERT_IDX_ACINFO_VALIDITY_NOTA_GT;
+    if (CheckDate(&dataASN[idx], AFTER) < 0) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            badDate = ASN_BEFORE_DATE_E;
+        }
+    }
+
+    /* Store reference to AFTER date. */
+    acert->afterDate = GetASNItem_Addr(dataASN[idx], acert->source);
+    acert->afterDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source);
+
+    /* Store the signature information. */
+    acert->sigIndex = dataASN[ACERT_IDX_SIGALGO_SEQ].offset;
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE],
+                       &acert->signature, &acert->sigLength);
+
+    /* Make sure 'signature' and 'signatureAlgorithm' are the same. */
+    if (dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum != acert->signatureOID) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E);
+        return ASN_SIG_OID_E;
+    }
+
+    /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
+    if (IsSigAlgoECC(acert->signatureOID)) {
+        if ((dataASN[ACERT_IDX_SIGALGO_PARAMS_NULL].tag != 0)
+    #ifdef WC_RSA_PSS
+            || (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0)
+    #endif
+            ) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+    }
+
+    #ifdef WC_RSA_PSS
+    /* Check parameters starting with a SEQUENCE. */
+    if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) {
+        word32       oid = dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum;
+        word32       sigAlgParamsSz = 0;
+        const byte * acParams = NULL;
+        word32       acParamsSz = 0;
+        const byte * sigAlgParams = NULL;
+
+        /* Parameters only with RSA PSS. */
+        if (oid != CTC_RSASSAPSS) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+
+        /* Check RSA PSS parameters are the same. */
+        acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                   acert->source);
+        acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                       acert->source);
+        sigAlgParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                       acert->source);
+        sigAlgParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                           acert->source);
+
+        if ((acParamsSz != sigAlgParamsSz) ||
+            (XMEMCMP(acParams, sigAlgParams, acParamsSz) != 0)) {
+
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+
+        /* Store RSA PSS parameters for use in signature verification. */
+        acert->sigParamsIndex = dataASN[ACERT_IDX_SIGALGO_PARAMS].offset;
+        acert->sigParamsLength = sigAlgParamsSz;
+    }
+    #endif
+
+    /* Store the raw Attributes field. */
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_ACINFO_ATTRIBUTES_SEQ],
+                       &acert->rawAttr, &acert->rawAttrLen);
+
+    {
+        /* Now parse the Holder and AttCertIssuer fields.
+         * Use the ACINFO holder and issuer sequence offset for input. */
+        const byte * holder_input = NULL;
+        word32       holder_len = 0;
+        const byte * issuer_input = NULL;
+        word32       issuer_len = 0;
+        word32       i_holder = ACERT_IDX_ACINFO_HOLDER_SEQ;
+        word32       i_issuer = 0;
+
+        /* Determine which issuer tag was seen. We need this to determine
+         * the holder_input. */
+        i_issuer = (dataASN[ACERT_IDX_ACINFO_ISSUER_V2].tag != 0) ?
+                    ACERT_IDX_ACINFO_ISSUER_V2 : ACERT_IDX_ACINFO_ISSUER_V1;
+
+        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        printf("debug: parse acert: issuer index: %d\n", i_issuer);
+        printf("debug: parse acert: issuer seq offset: %d\n",
+               dataASN[i_issuer].offset);
+        #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+        holder_input = acert->source + dataASN[i_holder].offset;
+        holder_len = dataASN[i_issuer].offset - dataASN[i_holder].offset;
+
+        ret = DecodeHolder(holder_input, holder_len, acert);
+
+        if (ret != 0) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            return ret;
+        }
+
+        GetASN_GetConstRef(&dataASN[i_issuer], &issuer_input, &issuer_len);
+
+        if (i_issuer == ACERT_IDX_ACINFO_ISSUER_V2 && issuer_len > 0) {
+            /* Try to decode the AttCertIssuer as well. */
+            ret = DecodeAttCertIssuer(issuer_input, issuer_len, acert);
+
+            if (ret != 0) {
+                FREE_ASNGETDATA(dataASN, acert->heap);
+                return ret;
+            }
+        }
+        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        else {
+            printf("debug: parse acert: unsupported issuer format: %d, %d\n",
+                   i_issuer, issuer_len);
+        }
+        #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+    }
+
+    if (badDate) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            ret = badDate;
+        }
+    }
+
+    FREE_ASNGETDATA(dataASN, acert->heap);
+    return ret;
+}
+
+/* Given the parsed attribute cert info, verify the signature.
+ * The sigCtx is alloced and freed here.
+ *
+ * @param [in]      acinfo        the parsed acinfo sequence
+ * @param [in]      acinfoSz      the parsed acinfo sequence length
+ * @param [in]      pubKey        public key
+ * @param [in]      pubKeySz      public key length
+ * @param [in]      pubKeyOID     public key oid
+ * @param [in]      sig           the parsed signature
+ * @param [in]      sigSz         the parsed signature length
+ * @param [in]      sigOID        the parsed signature OID
+ * @param [in]      sigParams     the parsed signature RSA-PSS params
+ * @param [in]      sigParamsSz   the parsed signature RSA-PSS params length
+ * @param [in]      heap          heap hint
+ *
+ * @return  0   on verify success
+ * @return  < 0 on error
+ * */
+static int acert_sig_verify(const byte * acinfo, word32 acinfoSz,
+                            const byte * pubKey, word32 pubKeySz,
+                            int pubKeyOID, const byte * sig, word32 sigSz,
+                            word32 sigOID, const byte * sigParams,
+                            word32 sigParamsSz, void * heap)
+{
+#ifndef WOLFSSL_SMALL_STACK
+    SignatureCtx   sigCtx[1];
+#else
+    SignatureCtx * sigCtx = NULL;
+#endif
+    int            ret = 0;
+
+    #ifdef WOLFSSL_SMALL_STACK
+    sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
+                                    DYNAMIC_TYPE_SIGNATURE);
+    if (sigCtx == NULL) {
+        WOLFSSL_MSG("error: VerifyX509Acert: malloc sigCtx failed");
+        return MEMORY_E;
+    }
+    #endif
+
+    InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
+
+    /* Check x509 acert signature. */
+    ret = ConfirmSignature(sigCtx, acinfo, acinfoSz, pubKey, pubKeySz,
+                           (word32)pubKeyOID, sig, sigSz, sigOID,
+                           sigParams, sigParamsSz, NULL);
+
+    if (ret == WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E)) {
+        WOLFSSL_MSG("info: VerifyX509Acert: confirm signature failed");
+    }
+
+    FreeSignatureCtx(sigCtx);
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+    sigCtx = NULL;
+    #endif
+
+    return ret;
+}
+
+/* Verify the X509 ACERT signature, using the given pubkey.
+ *
+ * @param [in]      der         input acert in der format
+ * @param [in]      derSz       acert length
+ * @param [in]      pubKey      public key
+ * @param [in]      pubKeySz    public key length
+ * @param [in]      pubKeyOID   public key oid
+ * @param [in]      heap        heap hint
+ *
+ * @return  0   on success
+ * @return  < 0 on error
+ * */
+int VerifyX509Acert(const byte* der, word32 derSz,
+                    const byte* pubKey, word32 pubKeySz, int pubKeyOID,
+                    void * heap)
+{
+    DECL_ASNGETDATA(dataASN, AcertASN_Length);
+    word32         idx = 0;
+    int            ret = 0;
+    const byte *   acinfo = NULL; /* The acinfo sequence. */
+    word32         acinfoSz = 0;  /* The acinfo sequence length. */
+#ifdef WC_RSA_PSS
+    const byte *   acParams = NULL;
+    word32         acParamsSz = 0;
+#endif
+    const byte *   sig = NULL;
+    word32         sigSz = 0;
+    word32         sigOID = 0;
+    const byte *   sigParams = NULL;
+    word32         sigParamsSz = 0;
+
+    WOLFSSL_MSG("VerifyX509Acert");
+
+    if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: bad args");
+        return BAD_FUNC_ARG;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, heap);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: calloc dataASN failed");
+        return MEMORY_E;
+    }
+
+    /* Check OID types for signature algorithm. */
+    GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType);
+    GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType);
+
+    /* Parse the X509 certificate. */
+    ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1,
+                       der, &idx, derSz);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: GetASN_Items failed");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ret;
+    }
+
+    /* Check signature OIDs match. */
+    if (dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum
+        != dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum) {
+        WOLFSSL_MSG("error: VerifyX509Acert: sig OID mismatch");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ASN_SIG_OID_E;
+    }
+
+    /* Get the attribute certificate info. */
+    acinfo = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_SEQ], der);
+    acinfoSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_SEQ], der);
+
+    if (acinfo == NULL || acinfoSz == 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: empty acinfo");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ASN_PARSE_E;
+    }
+
+    /* Get acert signature and sig info. */
+    sigOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum;
+    #ifdef WC_RSA_PSS
+    if (dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS].tag != 0) {
+        acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                  der);
+        acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                       der);
+    }
+    if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) {
+        sigParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS], der);
+        sigParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                        der);
+    }
+    #endif
+
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE], &sig, &sigSz);
+
+    #ifdef WC_RSA_PSS
+    if (acParamsSz != sigParamsSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if ((acParamsSz > 0) && (sigOID != CTC_RSASSAPSS)) {
+        ret = ASN_PARSE_E;
+    }
+    else if ((acParamsSz > 0) &&
+             (XMEMCMP(acParams, sigParams, acParamsSz) != 0)) {
+        ret = ASN_PARSE_E;
+    }
+    #endif
+
+    if (ret == 0) {
+        /* Finally, do the verification. */
+        ret = acert_sig_verify(acinfo, acinfoSz,
+                               pubKey, pubKeySz, pubKeyOID,
+                               sig, sigSz, sigOID, sigParams, sigParamsSz,
+                               heap);
+    }
+
+    FREE_ASNGETDATA(dataASN, heap);
+    return ret;
+}
+
+/**
+ * Wrapper API to expose Acert ASN functions. See Acert ASN functions
+ * for comments.
+ * */
+void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
+                         void* heap)
+{
+    InitDecodedAcert(acert, source, inSz, heap);
+}
+
+void wc_FreeDecodedAcert(DecodedAcert * acert)
+{
+    FreeDecodedAcert(acert);
+}
+
+int wc_ParseX509Acert(DecodedAcert* acert, int verify)
+{
+    return ParseX509Acert(acert, verify);
+}
+
+int wc_VerifyX509Acert(const byte* acert, word32 acertSz,
+                       const byte* pubKey, word32 pubKeySz,
+                       int pubKeyOID, void * heap)
+{
+    return VerifyX509Acert(acert, acertSz, pubKey, pubKeySz,
+                           pubKeyOID, heap);
+}
+
+#endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_SEP
 
diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c
index adc603404..fed8eac38 100644
--- a/wolfcrypt/src/blake2b.c
+++ b/wolfcrypt/src/blake2b.c
@@ -12,7 +12,7 @@
 */
 /* blake2b.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -491,6 +491,16 @@ int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word3
 /* Blake2b Update */
 int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
 {
+    if (b2b == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && sz != 0){
+        return BAD_FUNC_ARG;
+    }
+    if (sz == 0){
+        return 0;
+    }
+
     return blake2b_update(b2b->S, data, sz);
 }
 
@@ -498,7 +508,16 @@ int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
 /* Blake2b Final, if pass in zero size we use init digestSz */
 int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
 {
-    word32 sz = requestSz ? requestSz : b2b->digestSz;
+    word32 sz;
+
+    if (b2b == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (final == NULL){
+        return BAD_FUNC_ARG;
+    }
+
+    sz = requestSz ? requestSz : b2b->digestSz;
 
     return blake2b_final(b2b->S, final, (byte)sz);
 }
diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c
index 9efa84f3b..e55cf7640 100644
--- a/wolfcrypt/src/blake2s.c
+++ b/wolfcrypt/src/blake2s.c
@@ -12,7 +12,7 @@
 */
 /* blake2s.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -487,6 +487,16 @@ int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz, const byte *key, word3
 /* Blake2s Update */
 int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz)
 {
+    if (b2s == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && sz != 0){
+        return BAD_FUNC_ARG;
+    }
+    if (sz == 0){
+        return 0;
+    }
+
     return blake2s_update(b2s->S, data, sz);
 }
 
@@ -494,7 +504,16 @@ int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz)
 /* Blake2s Final, if pass in zero size we use init digestSz */
 int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz)
 {
-    word32 sz = requestSz ? requestSz : b2s->digestSz;
+    word32 sz;
+
+    if (b2s == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (final == NULL){
+        return BAD_FUNC_ARG;
+    }
+
+    sz = requestSz ? requestSz : b2s->digestSz;
 
     return blake2s_final(b2s->S, final, (byte)sz);
 }
diff --git a/wolfcrypt/src/camellia.c b/wolfcrypt/src/camellia.c
index 9f2897f28..568743fa5 100644
--- a/wolfcrypt/src/camellia.c
+++ b/wolfcrypt/src/camellia.c
@@ -27,7 +27,7 @@
 
 /* camellia.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1466,7 +1466,7 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io)
 
 static void Camellia_EncryptBlock(const word32 keyBitLength,
                            const unsigned char *plaintext,
-                           const KEY_TABLE_TYPE keyTable,
+                           const WC_CAMELLIA_KEY_TABLE_TYPE keyTable,
                            unsigned char *ciphertext)
 {
     u32 tmp[4];
@@ -1497,7 +1497,7 @@ static void Camellia_EncryptBlock(const word32 keyBitLength,
 
 static void Camellia_DecryptBlock(const word32 keyBitLength,
                            const unsigned char *ciphertext,
-                           const KEY_TABLE_TYPE keyTable,
+                           const WC_CAMELLIA_KEY_TABLE_TYPE keyTable,
                            unsigned char *plaintext)
 {
     u32 tmp[4];
@@ -1529,13 +1529,13 @@ static void Camellia_DecryptBlock(const word32 keyBitLength,
 
 /* wolfCrypt wrappers to the Camellia code */
 
-int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)
+int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, const byte* iv)
 {
     int ret = 0;
 
     if (cam == NULL) return BAD_FUNC_ARG;
 
-    XMEMSET(cam->key, 0, CAMELLIA_TABLE_BYTE_LEN);
+    XMEMSET(cam->key, 0, WC_CAMELLIA_TABLE_BYTE_LEN);
 
     switch (len) {
         case 16:
@@ -1560,21 +1560,21 @@ int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv
 }
 
 
-int wc_CamelliaSetIV(Camellia* cam, const byte* iv)
+int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv)
 {
     if (cam == NULL)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(cam->reg, iv, WC_CAMELLIA_BLOCK_SIZE);
     else
-        XMEMSET(cam->reg,  0, CAMELLIA_BLOCK_SIZE);
+        XMEMSET(cam->reg,  0, WC_CAMELLIA_BLOCK_SIZE);
 
     return 0;
 }
 
 
-int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
+int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in)
 {
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
@@ -1585,7 +1585,7 @@ int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
 }
 
 
-int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
+int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in)
 {
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
@@ -1596,44 +1596,44 @@ int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
 }
 
 
-int wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
+int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz)
 {
     word32 blocks;
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
-    blocks = sz / CAMELLIA_BLOCK_SIZE;
+    blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
 
     while (blocks--) {
-        xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE);
+        xorbuf((byte*)cam->reg, in, WC_CAMELLIA_BLOCK_SIZE);
         Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg,
                                                      cam->key, (byte*)cam->reg);
-        XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(out, cam->reg, WC_CAMELLIA_BLOCK_SIZE);
 
-        out += CAMELLIA_BLOCK_SIZE;
-        in  += CAMELLIA_BLOCK_SIZE;
+        out += WC_CAMELLIA_BLOCK_SIZE;
+        in  += WC_CAMELLIA_BLOCK_SIZE;
     }
 
     return 0;
 }
 
 
-int wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
+int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz)
 {
     word32 blocks;
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
-    blocks = sz / CAMELLIA_BLOCK_SIZE;
+    blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
 
     while (blocks--) {
-        XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(cam->tmp, in, WC_CAMELLIA_BLOCK_SIZE);
         Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out);
-        xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE);
-        XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE);
+        xorbuf(out, (byte*)cam->reg, WC_CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(cam->reg, cam->tmp, WC_CAMELLIA_BLOCK_SIZE);
 
-        out += CAMELLIA_BLOCK_SIZE;
-        in  += CAMELLIA_BLOCK_SIZE;
+        out += WC_CAMELLIA_BLOCK_SIZE;
+        in  += WC_CAMELLIA_BLOCK_SIZE;
     }
 
     return 0;
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index c84829b77..5200dcb5d 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -1,6 +1,6 @@
 /* chacha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,22 +35,56 @@ Public domain.
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)
+#ifdef HAVE_CHACHA
+    #include <wolfssl/wolfcrypt/chacha.h>
+    #include <wolfssl/wolfcrypt/error-crypt.h>
+
+    #ifdef NO_INLINE
+        #include <wolfssl/wolfcrypt/misc.h>
+    #else
+        #define WOLFSSL_MISC_INCLUDED
+        #include <wolfcrypt/src/misc.c>
+    #endif
+
+    #ifdef BIG_ENDIAN_ORDER
+        #define LITTLE32(x) ByteReverseWord32(x)
+    #else
+        #define LITTLE32(x) (x)
+    #endif
+
+    /* Number of rounds */
+    #define ROUNDS  20
+
+    #define U32C(v) (v##U)
+    #define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
+    #define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
+
+    #define ROTATE(v,c) rotlFixed(v, c)
+    #define XOR(v,w)    ((v) ^ (w))
+    #define PLUS(v,w)   (U32V((v) + (w)))
+    #define PLUSONE(v)  (PLUS((v),1))
+
+    #define QUARTERROUND(a,b,c,d) \
+        x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
+        x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
+        x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
+        x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
+#endif /* HAVE_CHACHA */
+
+
+#if defined(WOLFSSL_ARMASM)
     /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
 
+#elif defined(WOLFSSL_RISCV_ASM)
+    /* implementation located in wolfcrypt/src/port/riscv/riscv-64-chacha.c */
+
 #else
+
+/* BEGIN ChaCha C implementation */
 #if defined(HAVE_CHACHA)
 
-#include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #define WOLFSSL_MISC_INCLUDED
-    #include <wolfcrypt/src/misc.c>
-#endif
 
 #ifdef CHACHA_AEAD_TEST
     #include <stdio.h>
@@ -72,6 +106,10 @@ Public domain.
     #elif defined(__clang__) && defined(NO_AVX2_SUPPORT)
         #undef NO_AVX2_SUPPORT
     #endif
+    #if defined(_MSC_VER) && (_MSC_VER <= 1900)
+        #undef  NO_AVX2_SUPPORT
+        #define NO_AVX2_SUPPORT
+    #endif
 
     #ifndef NO_AVX2_SUPPORT
         #define HAVE_INTEL_AVX2
@@ -81,31 +119,6 @@ Public domain.
     static word32 cpuidFlags = 0;
 #endif
 
-#ifdef BIG_ENDIAN_ORDER
-    #define LITTLE32(x) ByteReverseWord32(x)
-#else
-    #define LITTLE32(x) (x)
-#endif
-
-/* Number of rounds */
-#define ROUNDS  20
-
-#define U32C(v) (v##U)
-#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
-#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
-
-#define ROTATE(v,c) rotlFixed(v, c)
-#define XOR(v,w)    ((v) ^ (w))
-#define PLUS(v,w)   (U32V((v) + (w)))
-#define PLUSONE(v)  (PLUS((v),1))
-
-#define QUARTERROUND(a,b,c,d) \
-  x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
-  x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
-  x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
-  x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
-
-
 /**
   * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
   * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
@@ -231,86 +244,6 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
 }
 #endif /* !USE_INTEL_CHACHA_SPEEDUP */
 
-
-#ifdef HAVE_XCHACHA
-
-/*
- * wc_HChacha_block - half a ChaCha block, for XChaCha
- *
- * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03
- */
-static WC_INLINE void wc_HChacha_block(ChaCha* ctx, word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds)
-{
-    word32 x[CHACHA_CHUNK_WORDS];
-    word32 i;
-
-    for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
-        x[i] = ctx->X[i];
-    }
-
-    for (i = nrounds; i > 0; i -= 2) {
-        QUARTERROUND(0, 4,  8, 12)
-        QUARTERROUND(1, 5,  9, 13)
-        QUARTERROUND(2, 6, 10, 14)
-        QUARTERROUND(3, 7, 11, 15)
-        QUARTERROUND(0, 5, 10, 15)
-        QUARTERROUND(1, 6, 11, 12)
-        QUARTERROUND(2, 7,  8, 13)
-        QUARTERROUND(3, 4,  9, 14)
-    }
-
-    for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i)
-        stream[i] = x[i];
-    for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i)
-        stream[i] = x[i + CHACHA_CHUNK_WORDS/2];
-}
-
-/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
-int wc_XChacha_SetKey(ChaCha *ctx,
-                      const byte *key, word32 keySz,
-                      const byte *nonce, word32 nonceSz,
-                      word32 counter) {
-    word32 k[CHACHA_MAX_KEY_SZ];
-    byte iv[CHACHA_IV_BYTES];
-    int ret;
-
-    if (nonceSz != XCHACHA_NONCE_BYTES)
-        return BAD_FUNC_ARG;
-
-    if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0)
-        return ret;
-
-    /* form a first chacha IV from the first 16 bytes of the nonce.
-     * the first word is supplied in the "counter" arg, and
-     * the result is a full 128 bit nonceful IV for the one-time block
-     * crypto op that follows.
-     */
-    if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0)
-        return ret;
-
-    wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */
-
-    /* the HChacha output is used as a 256 bit key for the main cipher. */
-    XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
-
-    /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes,
-     * to form the IV for the main cipher.
-     */
-    XMEMSET(iv, 0, 4);
-    XMEMCPY(iv + 4, nonce + 16, 8);
-
-    if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
-        return ret;
-
-    ForceZero(k, sizeof k);
-    ForceZero(iv, sizeof iv);
-
-    return 0;
-}
-
-#endif /* HAVE_XCHACHA */
-
-
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -434,7 +367,13 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
 #endif
 }
 
-void wc_Chacha_purge_current_block(ChaCha* ctx) {
+#endif /* HAVE_CHACHA */
+#endif /* END ChaCha C implementation */
+
+#if defined(HAVE_CHACHA) && defined(HAVE_XCHACHA)
+
+void wc_Chacha_purge_current_block(ChaCha* ctx)
+{
     if (ctx->left > 0) {
         byte scratch[CHACHA_CHUNK_BYTES];
         XMEMSET(scratch, 0, sizeof(scratch));
@@ -442,6 +381,80 @@ void wc_Chacha_purge_current_block(ChaCha* ctx) {
     }
 }
 
-#endif /* HAVE_CHACHA */
+/*
+ * wc_HChacha_block - half a ChaCha block, for XChaCha
+ *
+ * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03
+ */
+static WC_INLINE void wc_HChacha_block(ChaCha* ctx,
+    word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds)
+{
+    word32 x[CHACHA_CHUNK_WORDS];
+    word32 i;
 
-#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
+    for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
+        x[i] = ctx->X[i];
+    }
+
+    for (i = nrounds; i > 0; i -= 2) {
+        QUARTERROUND(0, 4,  8, 12)
+        QUARTERROUND(1, 5,  9, 13)
+        QUARTERROUND(2, 6, 10, 14)
+        QUARTERROUND(3, 7, 11, 15)
+        QUARTERROUND(0, 5, 10, 15)
+        QUARTERROUND(1, 6, 11, 12)
+        QUARTERROUND(2, 7,  8, 13)
+        QUARTERROUND(3, 4,  9, 14)
+    }
+
+    for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i)
+        stream[i] = x[i];
+    for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i)
+        stream[i] = x[i + CHACHA_CHUNK_WORDS/2];
+}
+
+/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
+int wc_XChacha_SetKey(ChaCha *ctx,
+                      const byte *key, word32 keySz,
+                      const byte *nonce, word32 nonceSz,
+                      word32 counter)
+{
+    int ret;
+    word32 k[CHACHA_MAX_KEY_SZ];
+    byte   iv[CHACHA_IV_BYTES];
+
+    if (nonceSz != XCHACHA_NONCE_BYTES)
+        return BAD_FUNC_ARG;
+
+    if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0)
+        return ret;
+
+    /* form a first chacha IV from the first 16 bytes of the nonce.
+     * the first word is supplied in the "counter" arg, and
+     * the result is a full 128 bit nonceful IV for the one-time block
+     * crypto op that follows.
+     */
+    if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0)
+        return ret;
+
+    wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */
+
+    /* the HChacha output is used as a 256 bit key for the main cipher. */
+    XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
+
+    /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes,
+     * to form the IV for the main cipher.
+     */
+    XMEMSET(iv, 0, 4);
+    XMEMCPY(iv + 4, nonce + 16, 8);
+
+    if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
+        return ret;
+
+    ForceZero(k, sizeof k);
+    ForceZero(iv, sizeof iv);
+
+    return 0;
+}
+
+#endif /* HAVE_CHACHA && HAVE_XCHACHA */
diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c
index 0c37de747..535fdd977 100644
--- a/wolfcrypt/src/chacha20_poly1305.c
+++ b/wolfcrypt/src/chacha20_poly1305.c
@@ -1,6 +1,6 @@
 /* chacha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,11 @@ int wc_ChaCha20Poly1305_Encrypt(
                 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
 {
     int ret;
-    ChaChaPoly_Aead aead;
+#ifdef WOLFSSL_SMALL_STACK
+    ChaChaPoly_Aead *aead = NULL;
+#else
+    ChaChaPoly_Aead aead[1];
+#endif
 
     /* Validate function arguments */
     if (!inKey || !inIV ||
@@ -68,15 +72,27 @@ int wc_ChaCha20Poly1305_Encrypt(
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_ChaCha20Poly1305_Init(&aead, inKey, inIV,
+#ifdef WOLFSSL_SMALL_STACK
+    aead = (ChaChaPoly_Aead *)XMALLOC(sizeof(*aead), NULL,
+                                      DYNAMIC_TYPE_TMP_BUFFER);
+    if (aead == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_ChaCha20Poly1305_Init(aead, inKey, inIV,
         CHACHA20_POLY1305_AEAD_ENCRYPT);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateAad(&aead, inAAD, inAADLen);
+        ret = wc_ChaCha20Poly1305_UpdateAad(aead, inAAD, inAADLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateData(&aead, inPlaintext, outCiphertext,
+        ret = wc_ChaCha20Poly1305_UpdateData(aead, inPlaintext, outCiphertext,
             inPlaintextLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_Final(&aead, outAuthTag);
+        ret = wc_ChaCha20Poly1305_Final(aead, outAuthTag);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }
 
@@ -90,7 +106,11 @@ int wc_ChaCha20Poly1305_Decrypt(
                 byte* outPlaintext)
 {
     int ret;
-    ChaChaPoly_Aead aead;
+#ifdef WOLFSSL_SMALL_STACK
+    ChaChaPoly_Aead *aead = NULL;
+#else
+    ChaChaPoly_Aead aead[1];
+#endif
     byte calculatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
 
     /* Validate function arguments */
@@ -102,19 +122,31 @@ int wc_ChaCha20Poly1305_Decrypt(
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLFSSL_SMALL_STACK
+    aead = (ChaChaPoly_Aead *)XMALLOC(sizeof(*aead), NULL,
+                                      DYNAMIC_TYPE_TMP_BUFFER);
+    if (aead == NULL)
+        return MEMORY_E;
+#endif
+
     XMEMSET(calculatedAuthTag, 0, sizeof(calculatedAuthTag));
 
-    ret = wc_ChaCha20Poly1305_Init(&aead, inKey, inIV,
+    ret = wc_ChaCha20Poly1305_Init(aead, inKey, inIV,
         CHACHA20_POLY1305_AEAD_DECRYPT);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateAad(&aead, inAAD, inAADLen);
+        ret = wc_ChaCha20Poly1305_UpdateAad(aead, inAAD, inAADLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_UpdateData(&aead, inCiphertext, outPlaintext,
+        ret = wc_ChaCha20Poly1305_UpdateData(aead, inCiphertext, outPlaintext,
             inCiphertextLen);
     if (ret == 0)
-        ret = wc_ChaCha20Poly1305_Final(&aead, calculatedAuthTag);
+        ret = wc_ChaCha20Poly1305_Final(aead, calculatedAuthTag);
     if (ret == 0)
         ret = wc_ChaCha20Poly1305_CheckTag(inAuthTag, calculatedAuthTag);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/chacha_asm.S b/wolfcrypt/src/chacha_asm.S
index 9ca854cb4..37e2a5930 100644
--- a/wolfcrypt/src/chacha_asm.S
+++ b/wolfcrypt/src/chacha_asm.S
@@ -1,6 +1,6 @@
 /* chacha_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -536,9 +536,19 @@ chacha_encrypt_avx1:
 .p2align	4
 _chacha_encrypt_avx1:
 #endif /* __APPLE__ */
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
         subq	$0x190, %rsp
         movq	%rsp, %r9
         leaq	256(%rsp), %r10
+        leaq	L_chacha20_avx1_rotl8(%rip), %r12
+        leaq	L_chacha20_avx1_rotl16(%rip), %r13
+        leaq	L_chacha20_avx1_add(%rip), %r14
+        leaq	L_chacha20_avx1_four(%rip), %r15
+        addq	$15, %r9
+        addq	$15, %r10
         andq	$-16, %r9
         andq	$-16, %r10
         movl	%ecx, %eax
@@ -560,7 +570,7 @@ _chacha_encrypt_avx1:
         vpshufd	$0x00, 52(%rdi), %xmm13
         vpshufd	$0x00, 56(%rdi), %xmm14
         vpshufd	$0x00, 60(%rdi), %xmm15
-        vpaddd	L_chacha20_avx1_add(%rip), %xmm12, %xmm12
+        vpaddd	(%r14), %xmm12, %xmm12
         vmovdqa	%xmm0, (%r9)
         vmovdqa	%xmm1, 16(%r9)
         vmovdqa	%xmm2, 32(%r9)
@@ -584,22 +594,22 @@ L_chacha20_avx1_loop128:
         vpaddd	%xmm4, %xmm0, %xmm0
         vpxor	%xmm0, %xmm12, %xmm12
         vmovdqa	48(%r10), %xmm11
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm12, %xmm12
+        vpshufb	(%r13), %xmm12, %xmm12
         vpaddd	%xmm12, %xmm8, %xmm8
         vpxor	%xmm8, %xmm4, %xmm4
         vpaddd	%xmm5, %xmm1, %xmm1
         vpxor	%xmm1, %xmm13, %xmm13
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm13, %xmm13
+        vpshufb	(%r13), %xmm13, %xmm13
         vpaddd	%xmm13, %xmm9, %xmm9
         vpxor	%xmm9, %xmm5, %xmm5
         vpaddd	%xmm6, %xmm2, %xmm2
         vpxor	%xmm2, %xmm14, %xmm14
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm14, %xmm14
+        vpshufb	(%r13), %xmm14, %xmm14
         vpaddd	%xmm14, %xmm10, %xmm10
         vpxor	%xmm10, %xmm6, %xmm6
         vpaddd	%xmm7, %xmm3, %xmm3
         vpxor	%xmm3, %xmm15, %xmm15
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm15, %xmm15
+        vpshufb	(%r13), %xmm15, %xmm15
         vpaddd	%xmm15, %xmm11, %xmm11
         vpxor	%xmm11, %xmm7, %xmm7
         vmovdqa	%xmm11, 48(%r10)
@@ -618,22 +628,22 @@ L_chacha20_avx1_loop128:
         vpaddd	%xmm4, %xmm0, %xmm0
         vpxor	%xmm0, %xmm12, %xmm12
         vmovdqa	48(%r10), %xmm11
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm12, %xmm12
+        vpshufb	(%r12), %xmm12, %xmm12
         vpaddd	%xmm12, %xmm8, %xmm8
         vpxor	%xmm8, %xmm4, %xmm4
         vpaddd	%xmm5, %xmm1, %xmm1
         vpxor	%xmm1, %xmm13, %xmm13
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm13, %xmm13
+        vpshufb	(%r12), %xmm13, %xmm13
         vpaddd	%xmm13, %xmm9, %xmm9
         vpxor	%xmm9, %xmm5, %xmm5
         vpaddd	%xmm6, %xmm2, %xmm2
         vpxor	%xmm2, %xmm14, %xmm14
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm14, %xmm14
+        vpshufb	(%r12), %xmm14, %xmm14
         vpaddd	%xmm14, %xmm10, %xmm10
         vpxor	%xmm10, %xmm6, %xmm6
         vpaddd	%xmm7, %xmm3, %xmm3
         vpxor	%xmm3, %xmm15, %xmm15
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm15, %xmm15
+        vpshufb	(%r12), %xmm15, %xmm15
         vpaddd	%xmm15, %xmm11, %xmm11
         vpxor	%xmm11, %xmm7, %xmm7
         vmovdqa	%xmm11, 48(%r10)
@@ -652,22 +662,22 @@ L_chacha20_avx1_loop128:
         vpaddd	%xmm5, %xmm0, %xmm0
         vpxor	%xmm0, %xmm15, %xmm15
         vmovdqa	48(%r10), %xmm11
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm15, %xmm15
+        vpshufb	(%r13), %xmm15, %xmm15
         vpaddd	%xmm15, %xmm10, %xmm10
         vpxor	%xmm10, %xmm5, %xmm5
         vpaddd	%xmm6, %xmm1, %xmm1
         vpxor	%xmm1, %xmm12, %xmm12
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm12, %xmm12
+        vpshufb	(%r13), %xmm12, %xmm12
         vpaddd	%xmm12, %xmm11, %xmm11
         vpxor	%xmm11, %xmm6, %xmm6
         vpaddd	%xmm7, %xmm2, %xmm2
         vpxor	%xmm2, %xmm13, %xmm13
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm13, %xmm13
+        vpshufb	(%r13), %xmm13, %xmm13
         vpaddd	%xmm13, %xmm8, %xmm8
         vpxor	%xmm8, %xmm7, %xmm7
         vpaddd	%xmm4, %xmm3, %xmm3
         vpxor	%xmm3, %xmm14, %xmm14
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm14, %xmm14
+        vpshufb	(%r13), %xmm14, %xmm14
         vpaddd	%xmm14, %xmm9, %xmm9
         vpxor	%xmm9, %xmm4, %xmm4
         vmovdqa	%xmm11, 48(%r10)
@@ -686,22 +696,22 @@ L_chacha20_avx1_loop128:
         vpaddd	%xmm5, %xmm0, %xmm0
         vpxor	%xmm0, %xmm15, %xmm15
         vmovdqa	48(%r10), %xmm11
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm15, %xmm15
+        vpshufb	(%r12), %xmm15, %xmm15
         vpaddd	%xmm15, %xmm10, %xmm10
         vpxor	%xmm10, %xmm5, %xmm5
         vpaddd	%xmm6, %xmm1, %xmm1
         vpxor	%xmm1, %xmm12, %xmm12
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm12, %xmm12
+        vpshufb	(%r12), %xmm12, %xmm12
         vpaddd	%xmm12, %xmm11, %xmm11
         vpxor	%xmm11, %xmm6, %xmm6
         vpaddd	%xmm7, %xmm2, %xmm2
         vpxor	%xmm2, %xmm13, %xmm13
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm13, %xmm13
+        vpshufb	(%r12), %xmm13, %xmm13
         vpaddd	%xmm13, %xmm8, %xmm8
         vpxor	%xmm8, %xmm7, %xmm7
         vpaddd	%xmm4, %xmm3, %xmm3
         vpxor	%xmm3, %xmm14, %xmm14
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm14, %xmm14
+        vpshufb	(%r12), %xmm14, %xmm14
         vpaddd	%xmm14, %xmm9, %xmm9
         vpxor	%xmm9, %xmm4, %xmm4
         vmovdqa	%xmm11, 48(%r10)
@@ -835,7 +845,7 @@ L_chacha20_avx1_loop128:
         vmovdqa	192(%r9), %xmm12
         addq	$0x100, %rsi
         addq	$0x100, %rdx
-        vpaddd	L_chacha20_avx1_four(%rip), %xmm12, %xmm12
+        vpaddd	(%r15), %xmm12, %xmm12
         subl	$0x100, %ecx
         vmovdqa	%xmm12, 192(%r9)
         cmpl	$0x100, %ecx
@@ -858,7 +868,7 @@ L_chacha20_avx1_loop128:
         vmovdqa	240(%r9), %xmm15
         jmp	L_chacha20_avx1_start128
 L_chacha20_avx1_done128:
-        shl	$2, %eax
+        shll	$2, %eax
         addl	%eax, 48(%rdi)
 L_chacha20_avx1_end128:
         cmpl	$0x40, %ecx
@@ -876,7 +886,7 @@ L_chacha20_avx1_block_start:
 L_chacha20_avx1_block_crypt_start:
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3
+        vpshufb	(%r13), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$20, %xmm1, %xmm4
@@ -884,7 +894,7 @@ L_chacha20_avx1_block_crypt_start:
         vpxor	%xmm4, %xmm1, %xmm1
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3
+        vpshufb	(%r12), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$25, %xmm1, %xmm4
@@ -895,7 +905,7 @@ L_chacha20_avx1_block_crypt_start:
         vpshufd	$0x93, %xmm3, %xmm3
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3
+        vpshufb	(%r13), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$20, %xmm1, %xmm4
@@ -903,7 +913,7 @@ L_chacha20_avx1_block_crypt_start:
         vpxor	%xmm4, %xmm1, %xmm1
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3
+        vpshufb	(%r12), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$25, %xmm1, %xmm4
@@ -952,7 +962,7 @@ L_chacha20_avx1_block_done:
 L_chacha20_avx1_partial_crypt_start:
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3
+        vpshufb	(%r13), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$20, %xmm1, %xmm4
@@ -960,7 +970,7 @@ L_chacha20_avx1_partial_crypt_start:
         vpxor	%xmm4, %xmm1, %xmm1
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3
+        vpshufb	(%r12), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$25, %xmm1, %xmm4
@@ -971,7 +981,7 @@ L_chacha20_avx1_partial_crypt_start:
         vpshufd	$0x93, %xmm3, %xmm3
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl16(%rip), %xmm3, %xmm3
+        vpshufb	(%r13), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$20, %xmm1, %xmm4
@@ -979,7 +989,7 @@ L_chacha20_avx1_partial_crypt_start:
         vpxor	%xmm4, %xmm1, %xmm1
         vpaddd	%xmm1, %xmm0, %xmm0
         vpxor	%xmm0, %xmm3, %xmm3
-        vpshufb	L_chacha20_avx1_rotl8(%rip), %xmm3, %xmm3
+        vpshufb	(%r12), %xmm3, %xmm3
         vpaddd	%xmm3, %xmm2, %xmm2
         vpxor	%xmm2, %xmm1, %xmm1
         vpsrld	$25, %xmm1, %xmm4
@@ -1024,6 +1034,10 @@ L_chacha20_avx1_partial_end64:
         movl	%r8d, 76(%rdi)
 L_chacha20_avx1_partial_done:
         addq	$0x190, %rsp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
         repz retq
 #ifndef __APPLE__
 .size	chacha_encrypt_avx1,.-chacha_encrypt_avx1
@@ -1094,9 +1108,18 @@ chacha_encrypt_avx2:
 .p2align	4
 _chacha_encrypt_avx2:
 #endif /* __APPLE__ */
-        subq	$0x310, %rsp
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        subq	$0x320, %rsp
         movq	%rsp, %r9
+        leaq	L_chacha20_avx2_rotl8(%rip), %r11
+        leaq	L_chacha20_avx2_rotl16(%rip), %r12
+        leaq	L_chacha20_avx2_add(%rip), %r13
+        leaq	L_chacha20_avx2_eight(%rip), %r14
         leaq	512(%rsp), %r10
+        addq	$31, %r9
+        addq	$31, %r10
         andq	$-32, %r9
         andq	$-32, %r10
         movl	%ecx, %eax
@@ -1118,7 +1141,7 @@ _chacha_encrypt_avx2:
         vpbroadcastd	52(%rdi), %ymm13
         vpbroadcastd	56(%rdi), %ymm14
         vpbroadcastd	60(%rdi), %ymm15
-        vpaddd	L_chacha20_avx2_add(%rip), %ymm12, %ymm12
+        vpaddd	(%r13), %ymm12, %ymm12
         vmovdqa	%ymm0, (%r9)
         vmovdqa	%ymm1, 32(%r9)
         vmovdqa	%ymm2, 64(%r9)
@@ -1142,22 +1165,22 @@ L_chacha20_avx2_loop256:
         vpaddd	%ymm4, %ymm0, %ymm0
         vpxor	%ymm0, %ymm12, %ymm12
         vmovdqa	96(%r10), %ymm11
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm12, %ymm12
+        vpshufb	(%r12), %ymm12, %ymm12
         vpaddd	%ymm12, %ymm8, %ymm8
         vpxor	%ymm8, %ymm4, %ymm4
         vpaddd	%ymm5, %ymm1, %ymm1
         vpxor	%ymm1, %ymm13, %ymm13
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm13, %ymm13
+        vpshufb	(%r12), %ymm13, %ymm13
         vpaddd	%ymm13, %ymm9, %ymm9
         vpxor	%ymm9, %ymm5, %ymm5
         vpaddd	%ymm6, %ymm2, %ymm2
         vpxor	%ymm2, %ymm14, %ymm14
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm14, %ymm14
+        vpshufb	(%r12), %ymm14, %ymm14
         vpaddd	%ymm14, %ymm10, %ymm10
         vpxor	%ymm10, %ymm6, %ymm6
         vpaddd	%ymm7, %ymm3, %ymm3
         vpxor	%ymm3, %ymm15, %ymm15
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm15, %ymm15
+        vpshufb	(%r12), %ymm15, %ymm15
         vpaddd	%ymm15, %ymm11, %ymm11
         vpxor	%ymm11, %ymm7, %ymm7
         vmovdqa	%ymm11, 96(%r10)
@@ -1176,22 +1199,22 @@ L_chacha20_avx2_loop256:
         vpaddd	%ymm4, %ymm0, %ymm0
         vpxor	%ymm0, %ymm12, %ymm12
         vmovdqa	96(%r10), %ymm11
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm12, %ymm12
+        vpshufb	(%r11), %ymm12, %ymm12
         vpaddd	%ymm12, %ymm8, %ymm8
         vpxor	%ymm8, %ymm4, %ymm4
         vpaddd	%ymm5, %ymm1, %ymm1
         vpxor	%ymm1, %ymm13, %ymm13
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm13, %ymm13
+        vpshufb	(%r11), %ymm13, %ymm13
         vpaddd	%ymm13, %ymm9, %ymm9
         vpxor	%ymm9, %ymm5, %ymm5
         vpaddd	%ymm6, %ymm2, %ymm2
         vpxor	%ymm2, %ymm14, %ymm14
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm14, %ymm14
+        vpshufb	(%r11), %ymm14, %ymm14
         vpaddd	%ymm14, %ymm10, %ymm10
         vpxor	%ymm10, %ymm6, %ymm6
         vpaddd	%ymm7, %ymm3, %ymm3
         vpxor	%ymm3, %ymm15, %ymm15
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm15, %ymm15
+        vpshufb	(%r11), %ymm15, %ymm15
         vpaddd	%ymm15, %ymm11, %ymm11
         vpxor	%ymm11, %ymm7, %ymm7
         vmovdqa	%ymm11, 96(%r10)
@@ -1210,22 +1233,22 @@ L_chacha20_avx2_loop256:
         vpaddd	%ymm5, %ymm0, %ymm0
         vpxor	%ymm0, %ymm15, %ymm15
         vmovdqa	96(%r10), %ymm11
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm15, %ymm15
+        vpshufb	(%r12), %ymm15, %ymm15
         vpaddd	%ymm15, %ymm10, %ymm10
         vpxor	%ymm10, %ymm5, %ymm5
         vpaddd	%ymm6, %ymm1, %ymm1
         vpxor	%ymm1, %ymm12, %ymm12
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm12, %ymm12
+        vpshufb	(%r12), %ymm12, %ymm12
         vpaddd	%ymm12, %ymm11, %ymm11
         vpxor	%ymm11, %ymm6, %ymm6
         vpaddd	%ymm7, %ymm2, %ymm2
         vpxor	%ymm2, %ymm13, %ymm13
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm13, %ymm13
+        vpshufb	(%r12), %ymm13, %ymm13
         vpaddd	%ymm13, %ymm8, %ymm8
         vpxor	%ymm8, %ymm7, %ymm7
         vpaddd	%ymm4, %ymm3, %ymm3
         vpxor	%ymm3, %ymm14, %ymm14
-        vpshufb	L_chacha20_avx2_rotl16(%rip), %ymm14, %ymm14
+        vpshufb	(%r12), %ymm14, %ymm14
         vpaddd	%ymm14, %ymm9, %ymm9
         vpxor	%ymm9, %ymm4, %ymm4
         vmovdqa	%ymm11, 96(%r10)
@@ -1244,22 +1267,22 @@ L_chacha20_avx2_loop256:
         vpaddd	%ymm5, %ymm0, %ymm0
         vpxor	%ymm0, %ymm15, %ymm15
         vmovdqa	96(%r10), %ymm11
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm15, %ymm15
+        vpshufb	(%r11), %ymm15, %ymm15
         vpaddd	%ymm15, %ymm10, %ymm10
         vpxor	%ymm10, %ymm5, %ymm5
         vpaddd	%ymm6, %ymm1, %ymm1
         vpxor	%ymm1, %ymm12, %ymm12
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm12, %ymm12
+        vpshufb	(%r11), %ymm12, %ymm12
         vpaddd	%ymm12, %ymm11, %ymm11
         vpxor	%ymm11, %ymm6, %ymm6
         vpaddd	%ymm7, %ymm2, %ymm2
         vpxor	%ymm2, %ymm13, %ymm13
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm13, %ymm13
+        vpshufb	(%r11), %ymm13, %ymm13
         vpaddd	%ymm13, %ymm8, %ymm8
         vpxor	%ymm8, %ymm7, %ymm7
         vpaddd	%ymm4, %ymm3, %ymm3
         vpxor	%ymm3, %ymm14, %ymm14
-        vpshufb	L_chacha20_avx2_rotl8(%rip), %ymm14, %ymm14
+        vpshufb	(%r11), %ymm14, %ymm14
         vpaddd	%ymm14, %ymm9, %ymm9
         vpxor	%ymm9, %ymm4, %ymm4
         vmovdqa	%ymm11, 96(%r10)
@@ -1409,7 +1432,7 @@ L_chacha20_avx2_loop256:
         vmovdqa	384(%r9), %ymm12
         addq	$0x200, %rsi
         addq	$0x200, %rdx
-        vpaddd	L_chacha20_avx2_eight(%rip), %ymm12, %ymm12
+        vpaddd	(%r14), %ymm12, %ymm12
         subl	$0x200, %ecx
         vmovdqa	%ymm12, 384(%r9)
         cmpl	$0x200, %ecx
@@ -1432,7 +1455,7 @@ L_chacha20_avx2_loop256:
         vmovdqa	480(%r9), %ymm15
         jmp	L_chacha20_avx2_start256
 L_chacha20_avx2_done256:
-        shl	$3, %eax
+        shll	$3, %eax
         addl	%eax, 48(%rdi)
 L_chacha20_avx2_end256:
 #ifndef __APPLE__
@@ -1440,7 +1463,11 @@ L_chacha20_avx2_end256:
 #else
         callq	_chacha_encrypt_avx1
 #endif /* __APPLE__ */
-        addq	$0x310, %rsp
+        vzeroupper
+        addq	$0x320, %rsp
+        popq	%r14
+        popq	%r13
+        popq	%r12
         repz retq
 #ifndef __APPLE__
 .size	chacha_encrypt_avx2,.-chacha_encrypt_avx2
diff --git a/wolfcrypt/src/chacha_asm.asm b/wolfcrypt/src/chacha_asm.asm
new file mode 100644
index 000000000..e9988945b
--- /dev/null
+++ b/wolfcrypt/src/chacha_asm.asm
@@ -0,0 +1,1425 @@
+; /* chacha_asm.asm */
+; /*
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
+;  *
+;  * This file is part of wolfSSL.
+;  *
+;  * wolfSSL is free software; you can redistribute it and/or modify
+;  * it under the terms of the GNU General Public License as published by
+;  * the Free Software Foundation; either version 2 of the License, or
+;  * (at your option) any later version.
+;  *
+;  * wolfSSL is distributed in the hope that it will be useful,
+;  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+;  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;  * GNU General Public License for more details.
+;  *
+;  * You should have received a copy of the GNU General Public License
+;  * along with this program; if not, write to the Free Software
+;  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+;  */
+IF @Version LT 1200
+; AVX2 instructions not recognized by old versions of MASM
+IFNDEF NO_AVX2_SUPPORT
+NO_AVX2_SUPPORT = 1
+ENDIF
+; MOVBE instruction not recognized by old versions of MASM
+IFNDEF NO_MOVBE_SUPPORT
+NO_MOVBE_SUPPORT = 1
+ENDIF
+ENDIF
+
+IFNDEF HAVE_INTEL_AVX1
+HAVE_INTEL_AVX1 = 1
+ENDIF
+IFNDEF NO_AVX2_SUPPORT
+HAVE_INTEL_AVX2 = 1
+ENDIF
+
+IFNDEF _WIN64
+_WIN64 = 1
+ENDIF
+
+_text SEGMENT READONLY PARA
+chacha_encrypt_x64 PROC
+        push	rbx
+        push	rbp
+        push	r12
+        push	r13
+        push	r14
+        push	r15
+        sub	rsp, 64
+        cmp	r9d, 64
+        jl	L_chacha_x64_small
+L_chacha_x64_start:
+        sub	rsp, 48
+        mov	QWORD PTR [rsp+24], r8
+        mov	QWORD PTR [rsp+32], rdx
+        mov	QWORD PTR [rsp+40], r9
+        mov	rax, QWORD PTR [rcx+32]
+        mov	rbx, QWORD PTR [rcx+40]
+        mov	QWORD PTR [rsp+8], rax
+        mov	QWORD PTR [rsp+16], rbx
+        mov	eax, DWORD PTR [rcx]
+        mov	ebx, DWORD PTR [rcx+4]
+        mov	r9d, DWORD PTR [rcx+8]
+        mov	r8d, DWORD PTR [rcx+12]
+        mov	r8d, DWORD PTR [rcx+16]
+        mov	r9d, DWORD PTR [rcx+20]
+        mov	r10d, DWORD PTR [rcx+24]
+        mov	r11d, DWORD PTR [rcx+28]
+        mov	r12d, DWORD PTR [rcx+48]
+        mov	r13d, DWORD PTR [rcx+52]
+        mov	r14d, DWORD PTR [rcx+56]
+        mov	r15d, DWORD PTR [rcx+60]
+        mov	BYTE PTR [rsp], 10
+        mov	edx, DWORD PTR [rsp+8]
+        mov	ebp, DWORD PTR [rsp+12]
+L_chacha_x64_block_crypt_start:
+        add	eax, r8d
+        add	ebx, r9d
+        xor	r12d, eax
+        xor	r13d, ebx
+        rol	r12d, 16
+        rol	r13d, 16
+        add	edx, r12d
+        add	ebp, r13d
+        xor	r8d, edx
+        xor	r9d, ebp
+        rol	r8d, 12
+        rol	r9d, 12
+        add	eax, r8d
+        add	ebx, r9d
+        xor	r12d, eax
+        xor	r13d, ebx
+        rol	r12d, 8
+        rol	r13d, 8
+        add	edx, r12d
+        add	ebp, r13d
+        xor	r8d, edx
+        xor	r9d, ebp
+        rol	r8d, 7
+        rol	r9d, 7
+        mov	DWORD PTR [rsp+8], edx
+        mov	DWORD PTR [rsp+12], ebp
+        mov	edx, DWORD PTR [rsp+16]
+        mov	ebp, DWORD PTR [rsp+20]
+        add	r9d, r10d
+        add	r8d, r11d
+        xor	r14d, r9d
+        xor	r15d, r8d
+        rol	r14d, 16
+        rol	r15d, 16
+        add	edx, r14d
+        add	ebp, r15d
+        xor	r10d, edx
+        xor	r11d, ebp
+        rol	r10d, 12
+        rol	r11d, 12
+        add	r9d, r10d
+        add	r8d, r11d
+        xor	r14d, r9d
+        xor	r15d, r8d
+        rol	r14d, 8
+        rol	r15d, 8
+        add	edx, r14d
+        add	ebp, r15d
+        xor	r10d, edx
+        xor	r11d, ebp
+        rol	r10d, 7
+        rol	r11d, 7
+        add	eax, r9d
+        add	ebx, r10d
+        xor	r15d, eax
+        xor	r12d, ebx
+        rol	r15d, 16
+        rol	r12d, 16
+        add	edx, r15d
+        add	ebp, r12d
+        xor	r9d, edx
+        xor	r10d, ebp
+        rol	r9d, 12
+        rol	r10d, 12
+        add	eax, r9d
+        add	ebx, r10d
+        xor	r15d, eax
+        xor	r12d, ebx
+        rol	r15d, 8
+        rol	r12d, 8
+        add	edx, r15d
+        add	ebp, r12d
+        xor	r9d, edx
+        xor	r10d, ebp
+        rol	r9d, 7
+        rol	r10d, 7
+        mov	DWORD PTR [rsp+16], edx
+        mov	DWORD PTR [rsp+20], ebp
+        mov	edx, DWORD PTR [rsp+8]
+        mov	ebp, DWORD PTR [rsp+12]
+        add	r9d, r11d
+        add	r8d, r8d
+        xor	r13d, r9d
+        xor	r14d, r8d
+        rol	r13d, 16
+        rol	r14d, 16
+        add	edx, r13d
+        add	ebp, r14d
+        xor	r11d, edx
+        xor	r8d, ebp
+        rol	r11d, 12
+        rol	r8d, 12
+        add	r9d, r11d
+        add	r8d, r8d
+        xor	r13d, r9d
+        xor	r14d, r8d
+        rol	r13d, 8
+        rol	r14d, 8
+        add	edx, r13d
+        add	ebp, r14d
+        xor	r11d, edx
+        xor	r8d, ebp
+        rol	r11d, 7
+        rol	r8d, 7
+        dec	BYTE PTR [rsp]
+        jnz	L_chacha_x64_block_crypt_start
+        mov	DWORD PTR [rsp+8], edx
+        mov	DWORD PTR [rsp+12], ebp
+        mov	rdx, QWORD PTR [rsp+32]
+        mov	rbp, QWORD PTR [rsp+24]
+        add	eax, DWORD PTR [rcx]
+        add	ebx, DWORD PTR [rcx+4]
+        add	r9d, DWORD PTR [rcx+8]
+        add	r8d, DWORD PTR [rcx+12]
+        add	r8d, DWORD PTR [rcx+16]
+        add	r9d, DWORD PTR [rcx+20]
+        add	r10d, DWORD PTR [rcx+24]
+        add	r11d, DWORD PTR [rcx+28]
+        add	r12d, DWORD PTR [rcx+48]
+        add	r13d, DWORD PTR [rcx+52]
+        add	r14d, DWORD PTR [rcx+56]
+        add	r15d, DWORD PTR [rcx+60]
+        xor	eax, DWORD PTR [rdx]
+        xor	ebx, DWORD PTR [rdx+4]
+        xor	r9d, DWORD PTR [rdx+8]
+        xor	r8d, DWORD PTR [rdx+12]
+        xor	r8d, DWORD PTR [rdx+16]
+        xor	r9d, DWORD PTR [rdx+20]
+        xor	r10d, DWORD PTR [rdx+24]
+        xor	r11d, DWORD PTR [rdx+28]
+        xor	r12d, DWORD PTR [rdx+48]
+        xor	r13d, DWORD PTR [rdx+52]
+        xor	r14d, DWORD PTR [rdx+56]
+        xor	r15d, DWORD PTR [rdx+60]
+        mov	DWORD PTR [rbp], eax
+        mov	DWORD PTR [rbp+4], ebx
+        mov	DWORD PTR [rbp+8], r9d
+        mov	DWORD PTR [rbp+12], r8d
+        mov	DWORD PTR [rbp+16], r8d
+        mov	DWORD PTR [rbp+20], r9d
+        mov	DWORD PTR [rbp+24], r10d
+        mov	DWORD PTR [rbp+28], r11d
+        mov	DWORD PTR [rbp+48], r12d
+        mov	DWORD PTR [rbp+52], r13d
+        mov	DWORD PTR [rbp+56], r14d
+        mov	DWORD PTR [rbp+60], r15d
+        mov	eax, DWORD PTR [rsp+8]
+        mov	ebx, DWORD PTR [rsp+12]
+        mov	r9d, DWORD PTR [rsp+16]
+        mov	r8d, DWORD PTR [rsp+20]
+        add	eax, DWORD PTR [rcx+32]
+        add	ebx, DWORD PTR [rcx+36]
+        add	r9d, DWORD PTR [rcx+40]
+        add	r8d, DWORD PTR [rcx+44]
+        xor	eax, DWORD PTR [rdx+32]
+        xor	ebx, DWORD PTR [rdx+36]
+        xor	r9d, DWORD PTR [rdx+40]
+        xor	r8d, DWORD PTR [rdx+44]
+        mov	DWORD PTR [rbp+32], eax
+        mov	DWORD PTR [rbp+36], ebx
+        mov	DWORD PTR [rbp+40], r9d
+        mov	DWORD PTR [rbp+44], r8d
+        mov	r8, QWORD PTR [rsp+24]
+        mov	r9, QWORD PTR [rsp+40]
+        add	DWORD PTR [rcx+48], 1
+        add	rsp, 48
+        sub	r9d, 64
+        add	rdx, 64
+        add	r8, 64
+        cmp	r9d, 64
+        jge	L_chacha_x64_start
+L_chacha_x64_small:
+        cmp	r9d, 0
+        je	L_chacha_x64_done
+        sub	rsp, 48
+        mov	QWORD PTR [rsp+24], r8
+        mov	QWORD PTR [rsp+32], rdx
+        mov	QWORD PTR [rsp+40], r9
+        mov	rax, QWORD PTR [rcx+32]
+        mov	rbx, QWORD PTR [rcx+40]
+        mov	QWORD PTR [rsp+8], rax
+        mov	QWORD PTR [rsp+16], rbx
+        mov	eax, DWORD PTR [rcx]
+        mov	ebx, DWORD PTR [rcx+4]
+        mov	r9d, DWORD PTR [rcx+8]
+        mov	r8d, DWORD PTR [rcx+12]
+        mov	r8d, DWORD PTR [rcx+16]
+        mov	r9d, DWORD PTR [rcx+20]
+        mov	r10d, DWORD PTR [rcx+24]
+        mov	r11d, DWORD PTR [rcx+28]
+        mov	r12d, DWORD PTR [rcx+48]
+        mov	r13d, DWORD PTR [rcx+52]
+        mov	r14d, DWORD PTR [rcx+56]
+        mov	r15d, DWORD PTR [rcx+60]
+        mov	BYTE PTR [rsp], 10
+        mov	edx, DWORD PTR [rsp+8]
+        mov	ebp, DWORD PTR [rsp+12]
+L_chacha_x64_partial_crypt_start:
+        add	eax, r8d
+        add	ebx, r9d
+        xor	r12d, eax
+        xor	r13d, ebx
+        rol	r12d, 16
+        rol	r13d, 16
+        add	edx, r12d
+        add	ebp, r13d
+        xor	r8d, edx
+        xor	r9d, ebp
+        rol	r8d, 12
+        rol	r9d, 12
+        add	eax, r8d
+        add	ebx, r9d
+        xor	r12d, eax
+        xor	r13d, ebx
+        rol	r12d, 8
+        rol	r13d, 8
+        add	edx, r12d
+        add	ebp, r13d
+        xor	r8d, edx
+        xor	r9d, ebp
+        rol	r8d, 7
+        rol	r9d, 7
+        mov	DWORD PTR [rsp+8], edx
+        mov	DWORD PTR [rsp+12], ebp
+        mov	edx, DWORD PTR [rsp+16]
+        mov	ebp, DWORD PTR [rsp+20]
+        add	r9d, r10d
+        add	r8d, r11d
+        xor	r14d, r9d
+        xor	r15d, r8d
+        rol	r14d, 16
+        rol	r15d, 16
+        add	edx, r14d
+        add	ebp, r15d
+        xor	r10d, edx
+        xor	r11d, ebp
+        rol	r10d, 12
+        rol	r11d, 12
+        add	r9d, r10d
+        add	r8d, r11d
+        xor	r14d, r9d
+        xor	r15d, r8d
+        rol	r14d, 8
+        rol	r15d, 8
+        add	edx, r14d
+        add	ebp, r15d
+        xor	r10d, edx
+        xor	r11d, ebp
+        rol	r10d, 7
+        rol	r11d, 7
+        add	eax, r9d
+        add	ebx, r10d
+        xor	r15d, eax
+        xor	r12d, ebx
+        rol	r15d, 16
+        rol	r12d, 16
+        add	edx, r15d
+        add	ebp, r12d
+        xor	r9d, edx
+        xor	r10d, ebp
+        rol	r9d, 12
+        rol	r10d, 12
+        add	eax, r9d
+        add	ebx, r10d
+        xor	r15d, eax
+        xor	r12d, ebx
+        rol	r15d, 8
+        rol	r12d, 8
+        add	edx, r15d
+        add	ebp, r12d
+        xor	r9d, edx
+        xor	r10d, ebp
+        rol	r9d, 7
+        rol	r10d, 7
+        mov	DWORD PTR [rsp+16], edx
+        mov	DWORD PTR [rsp+20], ebp
+        mov	edx, DWORD PTR [rsp+8]
+        mov	ebp, DWORD PTR [rsp+12]
+        add	r9d, r11d
+        add	r8d, r8d
+        xor	r13d, r9d
+        xor	r14d, r8d
+        rol	r13d, 16
+        rol	r14d, 16
+        add	edx, r13d
+        add	ebp, r14d
+        xor	r11d, edx
+        xor	r8d, ebp
+        rol	r11d, 12
+        rol	r8d, 12
+        add	r9d, r11d
+        add	r8d, r8d
+        xor	r13d, r9d
+        xor	r14d, r8d
+        rol	r13d, 8
+        rol	r14d, 8
+        add	edx, r13d
+        add	ebp, r14d
+        xor	r11d, edx
+        xor	r8d, ebp
+        rol	r11d, 7
+        rol	r8d, 7
+        dec	BYTE PTR [rsp]
+        jnz	L_chacha_x64_partial_crypt_start
+        mov	DWORD PTR [rsp+8], edx
+        mov	DWORD PTR [rsp+12], ebp
+        mov	rdx, QWORD PTR [rsp+32]
+        add	eax, DWORD PTR [rcx]
+        add	ebx, DWORD PTR [rcx+4]
+        add	r9d, DWORD PTR [rcx+8]
+        add	r8d, DWORD PTR [rcx+12]
+        add	r8d, DWORD PTR [rcx+16]
+        add	r9d, DWORD PTR [rcx+20]
+        add	r10d, DWORD PTR [rcx+24]
+        add	r11d, DWORD PTR [rcx+28]
+        add	r12d, DWORD PTR [rcx+48]
+        add	r13d, DWORD PTR [rcx+52]
+        add	r14d, DWORD PTR [rcx+56]
+        add	r15d, DWORD PTR [rcx+60]
+        lea	rbp, QWORD PTR [rcx+80]
+        mov	DWORD PTR [rbp], eax
+        mov	DWORD PTR [rbp+4], ebx
+        mov	DWORD PTR [rbp+8], r9d
+        mov	DWORD PTR [rbp+12], r8d
+        mov	DWORD PTR [rbp+16], r8d
+        mov	DWORD PTR [rbp+20], r9d
+        mov	DWORD PTR [rbp+24], r10d
+        mov	DWORD PTR [rbp+28], r11d
+        mov	DWORD PTR [rbp+48], r12d
+        mov	DWORD PTR [rbp+52], r13d
+        mov	DWORD PTR [rbp+56], r14d
+        mov	DWORD PTR [rbp+60], r15d
+        mov	eax, DWORD PTR [rsp+8]
+        mov	ebx, DWORD PTR [rsp+12]
+        mov	r9d, DWORD PTR [rsp+16]
+        mov	r8d, DWORD PTR [rsp+20]
+        add	eax, DWORD PTR [rcx+32]
+        add	ebx, DWORD PTR [rcx+36]
+        add	r9d, DWORD PTR [rcx+40]
+        add	r8d, DWORD PTR [rcx+44]
+        mov	DWORD PTR [rbp+32], eax
+        mov	DWORD PTR [rbp+36], ebx
+        mov	DWORD PTR [rbp+40], r9d
+        mov	DWORD PTR [rbp+44], r8d
+        mov	r8, QWORD PTR [rsp+24]
+        mov	r9, QWORD PTR [rsp+40]
+        add	DWORD PTR [rcx+48], 1
+        add	rsp, 48
+        mov	r8d, r9d
+        xor	rbx, rbx
+        and	r8d, 7
+        jz	L_chacha_x64_partial_start64
+L_chacha_x64_partial_start8:
+        movzx	eax, BYTE PTR [rbp+rbx]
+        xor	al, BYTE PTR [rdx+rbx]
+        mov	BYTE PTR [r8+rbx], al
+        inc	ebx
+        cmp	ebx, r8d
+        jne	L_chacha_x64_partial_start8
+        je	L_chacha_x64_partial_end64
+L_chacha_x64_partial_start64:
+        mov	rax, QWORD PTR [rbp+rbx]
+        xor	rax, QWORD PTR [rdx+rbx]
+        mov	QWORD PTR [r8+rbx], rax
+        add	ebx, 8
+L_chacha_x64_partial_end64:
+        cmp	ebx, r9d
+        jne	L_chacha_x64_partial_start64
+        mov	r9d, 64
+        sub	r9d, ebx
+        mov	DWORD PTR [rcx+76], r9d
+L_chacha_x64_done:
+        add	rsp, 64
+        pop	r15
+        pop	r14
+        pop	r13
+        pop	r12
+        pop	rbp
+        pop	rbx
+        ret
+chacha_encrypt_x64 ENDP
+_text ENDS
+IFDEF HAVE_INTEL_AVX1
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx1_rotl8 QWORD 433757367256023043, 1012478749960636427
+ptr_L_chacha20_avx1_rotl8 QWORD L_chacha20_avx1_rotl8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx1_rotl16 QWORD 361421592464458498, 940142975169071882
+ptr_L_chacha20_avx1_rotl16 QWORD L_chacha20_avx1_rotl16
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx1_add QWORD 4294967296, 12884901890
+ptr_L_chacha20_avx1_add QWORD L_chacha20_avx1_add
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx1_four QWORD 17179869188, 17179869188
+ptr_L_chacha20_avx1_four QWORD L_chacha20_avx1_four
+_DATA ENDS
+_text SEGMENT READONLY PARA
+chacha_encrypt_avx1 PROC
+        push	r12
+        push	r13
+        push	r14
+        push	r15
+        push	rdi
+        push	rsi
+        sub	rsp, 560
+        vmovdqu	OWORD PTR [rsp+400], xmm6
+        vmovdqu	OWORD PTR [rsp+416], xmm7
+        vmovdqu	OWORD PTR [rsp+432], xmm8
+        vmovdqu	OWORD PTR [rsp+448], xmm9
+        vmovdqu	OWORD PTR [rsp+464], xmm10
+        vmovdqu	OWORD PTR [rsp+480], xmm11
+        vmovdqu	OWORD PTR [rsp+496], xmm12
+        vmovdqu	OWORD PTR [rsp+512], xmm13
+        vmovdqu	OWORD PTR [rsp+528], xmm14
+        vmovdqu	OWORD PTR [rsp+544], xmm15
+        mov	r11, rsp
+        lea	r12, QWORD PTR [rsp+256]
+        mov	r14, QWORD PTR [ptr_L_chacha20_avx1_rotl8]
+        mov	r15, QWORD PTR [ptr_L_chacha20_avx1_rotl16]
+        mov	rdi, QWORD PTR [ptr_L_chacha20_avx1_add]
+        mov	rsi, QWORD PTR [ptr_L_chacha20_avx1_four]
+        add	r11, 15
+        add	r12, 15
+        and	r11, -16
+        and	r12, -16
+        mov	eax, r9d
+        shr	eax, 8
+        jz	L_chacha20_avx1_end128
+        vpshufd	xmm0, [rcx], 0
+        vpshufd	xmm1, [rcx+4], 0
+        vpshufd	xmm2, [rcx+8], 0
+        vpshufd	xmm3, [rcx+12], 0
+        vpshufd	xmm4, [rcx+16], 0
+        vpshufd	xmm5, [rcx+20], 0
+        vpshufd	xmm6, [rcx+24], 0
+        vpshufd	xmm7, [rcx+28], 0
+        vpshufd	xmm8, [rcx+32], 0
+        vpshufd	xmm9, [rcx+36], 0
+        vpshufd	xmm10, [rcx+40], 0
+        vpshufd	xmm11, [rcx+44], 0
+        vpshufd	xmm12, [rcx+48], 0
+        vpshufd	xmm13, [rcx+52], 0
+        vpshufd	xmm14, [rcx+56], 0
+        vpshufd	xmm15, [rcx+60], 0
+        vpaddd	xmm12, xmm12, OWORD PTR [rdi]
+        vmovdqa	OWORD PTR [r11], xmm0
+        vmovdqa	OWORD PTR [r11+16], xmm1
+        vmovdqa	OWORD PTR [r11+32], xmm2
+        vmovdqa	OWORD PTR [r11+48], xmm3
+        vmovdqa	OWORD PTR [r11+64], xmm4
+        vmovdqa	OWORD PTR [r11+80], xmm5
+        vmovdqa	OWORD PTR [r11+96], xmm6
+        vmovdqa	OWORD PTR [r11+112], xmm7
+        vmovdqa	OWORD PTR [r11+128], xmm8
+        vmovdqa	OWORD PTR [r11+144], xmm9
+        vmovdqa	OWORD PTR [r11+160], xmm10
+        vmovdqa	OWORD PTR [r11+176], xmm11
+        vmovdqa	OWORD PTR [r11+192], xmm12
+        vmovdqa	OWORD PTR [r11+208], xmm13
+        vmovdqa	OWORD PTR [r11+224], xmm14
+        vmovdqa	OWORD PTR [r11+240], xmm15
+L_chacha20_avx1_start128:
+        vmovdqa	OWORD PTR [r12+48], xmm11
+        mov	r10b, 10
+L_chacha20_avx1_loop128:
+        vpaddd	xmm0, xmm0, xmm4
+        vpxor	xmm12, xmm12, xmm0
+        vmovdqa	xmm11, OWORD PTR [r12+48]
+        vpshufb	xmm12, xmm12, OWORD PTR [r15]
+        vpaddd	xmm8, xmm8, xmm12
+        vpxor	xmm4, xmm4, xmm8
+        vpaddd	xmm1, xmm1, xmm5
+        vpxor	xmm13, xmm13, xmm1
+        vpshufb	xmm13, xmm13, OWORD PTR [r15]
+        vpaddd	xmm9, xmm9, xmm13
+        vpxor	xmm5, xmm5, xmm9
+        vpaddd	xmm2, xmm2, xmm6
+        vpxor	xmm14, xmm14, xmm2
+        vpshufb	xmm14, xmm14, OWORD PTR [r15]
+        vpaddd	xmm10, xmm10, xmm14
+        vpxor	xmm6, xmm6, xmm10
+        vpaddd	xmm3, xmm3, xmm7
+        vpxor	xmm15, xmm15, xmm3
+        vpshufb	xmm15, xmm15, OWORD PTR [r15]
+        vpaddd	xmm11, xmm11, xmm15
+        vpxor	xmm7, xmm7, xmm11
+        vmovdqa	OWORD PTR [r12+48], xmm11
+        vpsrld	xmm11, xmm4, 20
+        vpslld	xmm4, xmm4, 12
+        vpxor	xmm4, xmm4, xmm11
+        vpsrld	xmm11, xmm5, 20
+        vpslld	xmm5, xmm5, 12
+        vpxor	xmm5, xmm5, xmm11
+        vpsrld	xmm11, xmm6, 20
+        vpslld	xmm6, xmm6, 12
+        vpxor	xmm6, xmm6, xmm11
+        vpsrld	xmm11, xmm7, 20
+        vpslld	xmm7, xmm7, 12
+        vpxor	xmm7, xmm7, xmm11
+        vpaddd	xmm0, xmm0, xmm4
+        vpxor	xmm12, xmm12, xmm0
+        vmovdqa	xmm11, OWORD PTR [r12+48]
+        vpshufb	xmm12, xmm12, OWORD PTR [r14]
+        vpaddd	xmm8, xmm8, xmm12
+        vpxor	xmm4, xmm4, xmm8
+        vpaddd	xmm1, xmm1, xmm5
+        vpxor	xmm13, xmm13, xmm1
+        vpshufb	xmm13, xmm13, OWORD PTR [r14]
+        vpaddd	xmm9, xmm9, xmm13
+        vpxor	xmm5, xmm5, xmm9
+        vpaddd	xmm2, xmm2, xmm6
+        vpxor	xmm14, xmm14, xmm2
+        vpshufb	xmm14, xmm14, OWORD PTR [r14]
+        vpaddd	xmm10, xmm10, xmm14
+        vpxor	xmm6, xmm6, xmm10
+        vpaddd	xmm3, xmm3, xmm7
+        vpxor	xmm15, xmm15, xmm3
+        vpshufb	xmm15, xmm15, OWORD PTR [r14]
+        vpaddd	xmm11, xmm11, xmm15
+        vpxor	xmm7, xmm7, xmm11
+        vmovdqa	OWORD PTR [r12+48], xmm11
+        vpsrld	xmm11, xmm4, 25
+        vpslld	xmm4, xmm4, 7
+        vpxor	xmm4, xmm4, xmm11
+        vpsrld	xmm11, xmm5, 25
+        vpslld	xmm5, xmm5, 7
+        vpxor	xmm5, xmm5, xmm11
+        vpsrld	xmm11, xmm6, 25
+        vpslld	xmm6, xmm6, 7
+        vpxor	xmm6, xmm6, xmm11
+        vpsrld	xmm11, xmm7, 25
+        vpslld	xmm7, xmm7, 7
+        vpxor	xmm7, xmm7, xmm11
+        vpaddd	xmm0, xmm0, xmm5
+        vpxor	xmm15, xmm15, xmm0
+        vmovdqa	xmm11, OWORD PTR [r12+48]
+        vpshufb	xmm15, xmm15, OWORD PTR [r15]
+        vpaddd	xmm10, xmm10, xmm15
+        vpxor	xmm5, xmm5, xmm10
+        vpaddd	xmm1, xmm1, xmm6
+        vpxor	xmm12, xmm12, xmm1
+        vpshufb	xmm12, xmm12, OWORD PTR [r15]
+        vpaddd	xmm11, xmm11, xmm12
+        vpxor	xmm6, xmm6, xmm11
+        vpaddd	xmm2, xmm2, xmm7
+        vpxor	xmm13, xmm13, xmm2
+        vpshufb	xmm13, xmm13, OWORD PTR [r15]
+        vpaddd	xmm8, xmm8, xmm13
+        vpxor	xmm7, xmm7, xmm8
+        vpaddd	xmm3, xmm3, xmm4
+        vpxor	xmm14, xmm14, xmm3
+        vpshufb	xmm14, xmm14, OWORD PTR [r15]
+        vpaddd	xmm9, xmm9, xmm14
+        vpxor	xmm4, xmm4, xmm9
+        vmovdqa	OWORD PTR [r12+48], xmm11
+        vpsrld	xmm11, xmm5, 20
+        vpslld	xmm5, xmm5, 12
+        vpxor	xmm5, xmm5, xmm11
+        vpsrld	xmm11, xmm6, 20
+        vpslld	xmm6, xmm6, 12
+        vpxor	xmm6, xmm6, xmm11
+        vpsrld	xmm11, xmm7, 20
+        vpslld	xmm7, xmm7, 12
+        vpxor	xmm7, xmm7, xmm11
+        vpsrld	xmm11, xmm4, 20
+        vpslld	xmm4, xmm4, 12
+        vpxor	xmm4, xmm4, xmm11
+        vpaddd	xmm0, xmm0, xmm5
+        vpxor	xmm15, xmm15, xmm0
+        vmovdqa	xmm11, OWORD PTR [r12+48]
+        vpshufb	xmm15, xmm15, OWORD PTR [r14]
+        vpaddd	xmm10, xmm10, xmm15
+        vpxor	xmm5, xmm5, xmm10
+        vpaddd	xmm1, xmm1, xmm6
+        vpxor	xmm12, xmm12, xmm1
+        vpshufb	xmm12, xmm12, OWORD PTR [r14]
+        vpaddd	xmm11, xmm11, xmm12
+        vpxor	xmm6, xmm6, xmm11
+        vpaddd	xmm2, xmm2, xmm7
+        vpxor	xmm13, xmm13, xmm2
+        vpshufb	xmm13, xmm13, OWORD PTR [r14]
+        vpaddd	xmm8, xmm8, xmm13
+        vpxor	xmm7, xmm7, xmm8
+        vpaddd	xmm3, xmm3, xmm4
+        vpxor	xmm14, xmm14, xmm3
+        vpshufb	xmm14, xmm14, OWORD PTR [r14]
+        vpaddd	xmm9, xmm9, xmm14
+        vpxor	xmm4, xmm4, xmm9
+        vmovdqa	OWORD PTR [r12+48], xmm11
+        vpsrld	xmm11, xmm5, 25
+        vpslld	xmm5, xmm5, 7
+        vpxor	xmm5, xmm5, xmm11
+        vpsrld	xmm11, xmm6, 25
+        vpslld	xmm6, xmm6, 7
+        vpxor	xmm6, xmm6, xmm11
+        vpsrld	xmm11, xmm7, 25
+        vpslld	xmm7, xmm7, 7
+        vpxor	xmm7, xmm7, xmm11
+        vpsrld	xmm11, xmm4, 25
+        vpslld	xmm4, xmm4, 7
+        vpxor	xmm4, xmm4, xmm11
+        dec	r10b
+        jnz	L_chacha20_avx1_loop128
+        vmovdqa	xmm11, OWORD PTR [r12+48]
+        vpaddd	xmm0, xmm0, OWORD PTR [r11]
+        vpaddd	xmm1, xmm1, OWORD PTR [r11+16]
+        vpaddd	xmm2, xmm2, OWORD PTR [r11+32]
+        vpaddd	xmm3, xmm3, OWORD PTR [r11+48]
+        vpaddd	xmm4, xmm4, OWORD PTR [r11+64]
+        vpaddd	xmm5, xmm5, OWORD PTR [r11+80]
+        vpaddd	xmm6, xmm6, OWORD PTR [r11+96]
+        vpaddd	xmm7, xmm7, OWORD PTR [r11+112]
+        vpaddd	xmm8, xmm8, OWORD PTR [r11+128]
+        vpaddd	xmm9, xmm9, OWORD PTR [r11+144]
+        vpaddd	xmm10, xmm10, OWORD PTR [r11+160]
+        vpaddd	xmm11, xmm11, OWORD PTR [r11+176]
+        vpaddd	xmm12, xmm12, OWORD PTR [r11+192]
+        vpaddd	xmm13, xmm13, OWORD PTR [r11+208]
+        vpaddd	xmm14, xmm14, OWORD PTR [r11+224]
+        vpaddd	xmm15, xmm15, OWORD PTR [r11+240]
+        vmovdqa	OWORD PTR [r12], xmm8
+        vmovdqa	OWORD PTR [r12+16], xmm9
+        vmovdqa	OWORD PTR [r12+32], xmm10
+        vmovdqa	OWORD PTR [r12+48], xmm11
+        vmovdqa	OWORD PTR [r12+64], xmm12
+        vmovdqa	OWORD PTR [r12+80], xmm13
+        vmovdqa	OWORD PTR [r12+96], xmm14
+        vmovdqa	OWORD PTR [r12+112], xmm15
+        vpunpckldq	xmm8, xmm0, xmm1
+        vpunpckldq	xmm9, xmm2, xmm3
+        vpunpckhdq	xmm12, xmm0, xmm1
+        vpunpckhdq	xmm13, xmm2, xmm3
+        vpunpckldq	xmm10, xmm4, xmm5
+        vpunpckldq	xmm11, xmm6, xmm7
+        vpunpckhdq	xmm14, xmm4, xmm5
+        vpunpckhdq	xmm15, xmm6, xmm7
+        vpunpcklqdq	xmm0, xmm8, xmm9
+        vpunpcklqdq	xmm1, xmm10, xmm11
+        vpunpckhqdq	xmm2, xmm8, xmm9
+        vpunpckhqdq	xmm3, xmm10, xmm11
+        vpunpcklqdq	xmm4, xmm12, xmm13
+        vpunpcklqdq	xmm5, xmm14, xmm15
+        vpunpckhqdq	xmm6, xmm12, xmm13
+        vpunpckhqdq	xmm7, xmm14, xmm15
+        vmovdqu	xmm8, OWORD PTR [rdx]
+        vmovdqu	xmm9, OWORD PTR [rdx+16]
+        vmovdqu	xmm10, OWORD PTR [rdx+64]
+        vmovdqu	xmm11, OWORD PTR [rdx+80]
+        vmovdqu	xmm12, OWORD PTR [rdx+128]
+        vmovdqu	xmm13, OWORD PTR [rdx+144]
+        vmovdqu	xmm14, OWORD PTR [rdx+192]
+        vmovdqu	xmm15, OWORD PTR [rdx+208]
+        vpxor	xmm0, xmm0, xmm8
+        vpxor	xmm1, xmm1, xmm9
+        vpxor	xmm2, xmm2, xmm10
+        vpxor	xmm3, xmm3, xmm11
+        vpxor	xmm4, xmm4, xmm12
+        vpxor	xmm5, xmm5, xmm13
+        vpxor	xmm6, xmm6, xmm14
+        vpxor	xmm7, xmm7, xmm15
+        vmovdqu	OWORD PTR [r8], xmm0
+        vmovdqu	OWORD PTR [r8+16], xmm1
+        vmovdqu	OWORD PTR [r8+64], xmm2
+        vmovdqu	OWORD PTR [r8+80], xmm3
+        vmovdqu	OWORD PTR [r8+128], xmm4
+        vmovdqu	OWORD PTR [r8+144], xmm5
+        vmovdqu	OWORD PTR [r8+192], xmm6
+        vmovdqu	OWORD PTR [r8+208], xmm7
+        vmovdqa	xmm0, OWORD PTR [r12]
+        vmovdqa	xmm1, OWORD PTR [r12+16]
+        vmovdqa	xmm2, OWORD PTR [r12+32]
+        vmovdqa	xmm3, OWORD PTR [r12+48]
+        vmovdqa	xmm4, OWORD PTR [r12+64]
+        vmovdqa	xmm5, OWORD PTR [r12+80]
+        vmovdqa	xmm6, OWORD PTR [r12+96]
+        vmovdqa	xmm7, OWORD PTR [r12+112]
+        vpunpckldq	xmm8, xmm0, xmm1
+        vpunpckldq	xmm9, xmm2, xmm3
+        vpunpckhdq	xmm12, xmm0, xmm1
+        vpunpckhdq	xmm13, xmm2, xmm3
+        vpunpckldq	xmm10, xmm4, xmm5
+        vpunpckldq	xmm11, xmm6, xmm7
+        vpunpckhdq	xmm14, xmm4, xmm5
+        vpunpckhdq	xmm15, xmm6, xmm7
+        vpunpcklqdq	xmm0, xmm8, xmm9
+        vpunpcklqdq	xmm1, xmm10, xmm11
+        vpunpckhqdq	xmm2, xmm8, xmm9
+        vpunpckhqdq	xmm3, xmm10, xmm11
+        vpunpcklqdq	xmm4, xmm12, xmm13
+        vpunpcklqdq	xmm5, xmm14, xmm15
+        vpunpckhqdq	xmm6, xmm12, xmm13
+        vpunpckhqdq	xmm7, xmm14, xmm15
+        vmovdqu	xmm8, OWORD PTR [rdx+32]
+        vmovdqu	xmm9, OWORD PTR [rdx+48]
+        vmovdqu	xmm10, OWORD PTR [rdx+96]
+        vmovdqu	xmm11, OWORD PTR [rdx+112]
+        vmovdqu	xmm12, OWORD PTR [rdx+160]
+        vmovdqu	xmm13, OWORD PTR [rdx+176]
+        vmovdqu	xmm14, OWORD PTR [rdx+224]
+        vmovdqu	xmm15, OWORD PTR [rdx+240]
+        vpxor	xmm0, xmm0, xmm8
+        vpxor	xmm1, xmm1, xmm9
+        vpxor	xmm2, xmm2, xmm10
+        vpxor	xmm3, xmm3, xmm11
+        vpxor	xmm4, xmm4, xmm12
+        vpxor	xmm5, xmm5, xmm13
+        vpxor	xmm6, xmm6, xmm14
+        vpxor	xmm7, xmm7, xmm15
+        vmovdqu	OWORD PTR [r8+32], xmm0
+        vmovdqu	OWORD PTR [r8+48], xmm1
+        vmovdqu	OWORD PTR [r8+96], xmm2
+        vmovdqu	OWORD PTR [r8+112], xmm3
+        vmovdqu	OWORD PTR [r8+160], xmm4
+        vmovdqu	OWORD PTR [r8+176], xmm5
+        vmovdqu	OWORD PTR [r8+224], xmm6
+        vmovdqu	OWORD PTR [r8+240], xmm7
+        vmovdqa	xmm12, OWORD PTR [r11+192]
+        add	rdx, 256
+        add	r8, 256
+        vpaddd	xmm12, xmm12, OWORD PTR [rsi]
+        sub	r9d, 256
+        vmovdqa	OWORD PTR [r11+192], xmm12
+        cmp	r9d, 256
+        jl	L_chacha20_avx1_done128
+        vmovdqa	xmm0, OWORD PTR [r11]
+        vmovdqa	xmm1, OWORD PTR [r11+16]
+        vmovdqa	xmm2, OWORD PTR [r11+32]
+        vmovdqa	xmm3, OWORD PTR [r11+48]
+        vmovdqa	xmm4, OWORD PTR [r11+64]
+        vmovdqa	xmm5, OWORD PTR [r11+80]
+        vmovdqa	xmm6, OWORD PTR [r11+96]
+        vmovdqa	xmm7, OWORD PTR [r11+112]
+        vmovdqa	xmm8, OWORD PTR [r11+128]
+        vmovdqa	xmm9, OWORD PTR [r11+144]
+        vmovdqa	xmm10, OWORD PTR [r11+160]
+        vmovdqa	xmm11, OWORD PTR [r11+176]
+        vmovdqa	xmm12, OWORD PTR [r11+192]
+        vmovdqa	xmm13, OWORD PTR [r11+208]
+        vmovdqa	xmm14, OWORD PTR [r11+224]
+        vmovdqa	xmm15, OWORD PTR [r11+240]
+        jmp	L_chacha20_avx1_start128
+L_chacha20_avx1_done128:
+        shl	eax, 2
+        add	DWORD PTR [rcx+48], eax
+L_chacha20_avx1_end128:
+        cmp	r9d, 64
+        jl	L_chacha20_avx1_block_done
+L_chacha20_avx1_block_start:
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        vmovdqu	xmm1, OWORD PTR [rcx+16]
+        vmovdqu	xmm2, OWORD PTR [rcx+32]
+        vmovdqu	xmm3, OWORD PTR [rcx+48]
+        vmovdqa	xmm5, xmm0
+        vmovdqa	xmm6, xmm1
+        vmovdqa	xmm7, xmm2
+        vmovdqa	xmm8, xmm3
+        mov	al, 10
+L_chacha20_avx1_block_crypt_start:
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r15]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 20
+        vpslld	xmm1, xmm1, 12
+        vpxor	xmm1, xmm1, xmm4
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r14]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 25
+        vpslld	xmm1, xmm1, 7
+        vpxor	xmm1, xmm1, xmm4
+        vpshufd	xmm1, xmm1, 57
+        vpshufd	xmm2, xmm2, 78
+        vpshufd	xmm3, xmm3, 147
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r15]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 20
+        vpslld	xmm1, xmm1, 12
+        vpxor	xmm1, xmm1, xmm4
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r14]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 25
+        vpslld	xmm1, xmm1, 7
+        vpxor	xmm1, xmm1, xmm4
+        vpshufd	xmm1, xmm1, 147
+        vpshufd	xmm2, xmm2, 78
+        vpshufd	xmm3, xmm3, 57
+        dec	al
+        jnz	L_chacha20_avx1_block_crypt_start
+        vpaddd	xmm0, xmm0, xmm5
+        vpaddd	xmm1, xmm1, xmm6
+        vpaddd	xmm2, xmm2, xmm7
+        vpaddd	xmm3, xmm3, xmm8
+        vmovdqu	xmm5, OWORD PTR [rdx]
+        vmovdqu	xmm6, OWORD PTR [rdx+16]
+        vmovdqu	xmm7, OWORD PTR [rdx+32]
+        vmovdqu	xmm8, OWORD PTR [rdx+48]
+        vpxor	xmm0, xmm0, xmm5
+        vpxor	xmm1, xmm1, xmm6
+        vpxor	xmm2, xmm2, xmm7
+        vpxor	xmm3, xmm3, xmm8
+        vmovdqu	OWORD PTR [r8], xmm0
+        vmovdqu	OWORD PTR [r8+16], xmm1
+        vmovdqu	OWORD PTR [r8+32], xmm2
+        vmovdqu	OWORD PTR [r8+48], xmm3
+        add	DWORD PTR [rcx+48], 1
+        sub	r9d, 64
+        add	rdx, 64
+        add	r8, 64
+        cmp	r9d, 64
+        jge	L_chacha20_avx1_block_start
+L_chacha20_avx1_block_done:
+        cmp	r9d, 0
+        je	L_chacha20_avx1_partial_done
+        lea	r12, QWORD PTR [rcx+80]
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        vmovdqu	xmm1, OWORD PTR [rcx+16]
+        vmovdqu	xmm2, OWORD PTR [rcx+32]
+        vmovdqu	xmm3, OWORD PTR [rcx+48]
+        vmovdqa	xmm5, xmm0
+        vmovdqa	xmm6, xmm1
+        vmovdqa	xmm7, xmm2
+        vmovdqa	xmm8, xmm3
+        mov	al, 10
+L_chacha20_avx1_partial_crypt_start:
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r15]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 20
+        vpslld	xmm1, xmm1, 12
+        vpxor	xmm1, xmm1, xmm4
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r14]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 25
+        vpslld	xmm1, xmm1, 7
+        vpxor	xmm1, xmm1, xmm4
+        vpshufd	xmm1, xmm1, 57
+        vpshufd	xmm2, xmm2, 78
+        vpshufd	xmm3, xmm3, 147
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r15]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 20
+        vpslld	xmm1, xmm1, 12
+        vpxor	xmm1, xmm1, xmm4
+        vpaddd	xmm0, xmm0, xmm1
+        vpxor	xmm3, xmm3, xmm0
+        vpshufb	xmm3, xmm3, OWORD PTR [r14]
+        vpaddd	xmm2, xmm2, xmm3
+        vpxor	xmm1, xmm1, xmm2
+        vpsrld	xmm4, xmm1, 25
+        vpslld	xmm1, xmm1, 7
+        vpxor	xmm1, xmm1, xmm4
+        vpshufd	xmm1, xmm1, 147
+        vpshufd	xmm2, xmm2, 78
+        vpshufd	xmm3, xmm3, 57
+        dec	al
+        jnz	L_chacha20_avx1_partial_crypt_start
+        vpaddd	xmm0, xmm0, xmm5
+        vpaddd	xmm1, xmm1, xmm6
+        vpaddd	xmm2, xmm2, xmm7
+        vpaddd	xmm3, xmm3, xmm8
+        vmovdqu	OWORD PTR [r12], xmm0
+        vmovdqu	OWORD PTR [r12+16], xmm1
+        vmovdqu	OWORD PTR [r12+32], xmm2
+        vmovdqu	OWORD PTR [r12+48], xmm3
+        add	DWORD PTR [rcx+48], 1
+        mov	r10d, r9d
+        xor	r13, r13
+        and	r10d, 7
+        jz	L_chacha20_avx1_partial_start64
+L_chacha20_avx1_partial_start8:
+        movzx	eax, BYTE PTR [r12+r13]
+        xor	al, BYTE PTR [rdx+r13]
+        mov	BYTE PTR [r8+r13], al
+        inc	r13d
+        cmp	r13d, r10d
+        jne	L_chacha20_avx1_partial_start8
+        je	L_chacha20_avx1_partial_end64
+L_chacha20_avx1_partial_start64:
+        mov	rax, QWORD PTR [r12+r13]
+        xor	rax, QWORD PTR [rdx+r13]
+        mov	QWORD PTR [r8+r13], rax
+        add	r13d, 8
+L_chacha20_avx1_partial_end64:
+        cmp	r13d, r9d
+        jne	L_chacha20_avx1_partial_start64
+        mov	r10d, 64
+        sub	r10d, r13d
+        mov	DWORD PTR [rcx+76], r10d
+L_chacha20_avx1_partial_done:
+        vmovdqu	xmm6, OWORD PTR [rsp+400]
+        vmovdqu	xmm7, OWORD PTR [rsp+416]
+        vmovdqu	xmm8, OWORD PTR [rsp+432]
+        vmovdqu	xmm9, OWORD PTR [rsp+448]
+        vmovdqu	xmm10, OWORD PTR [rsp+464]
+        vmovdqu	xmm11, OWORD PTR [rsp+480]
+        vmovdqu	xmm12, OWORD PTR [rsp+496]
+        vmovdqu	xmm13, OWORD PTR [rsp+512]
+        vmovdqu	xmm14, OWORD PTR [rsp+528]
+        vmovdqu	xmm15, OWORD PTR [rsp+544]
+        add	rsp, 560
+        pop	rsi
+        pop	rdi
+        pop	r15
+        pop	r14
+        pop	r13
+        pop	r12
+        ret
+chacha_encrypt_avx1 ENDP
+_text ENDS
+ENDIF
+IFDEF HAVE_INTEL_AVX2
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx2_rotl8 QWORD 433757367256023043, 1012478749960636427,
+    433757367256023043, 1012478749960636427
+ptr_L_chacha20_avx2_rotl8 QWORD L_chacha20_avx2_rotl8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx2_rotl16 QWORD 361421592464458498, 940142975169071882,
+    361421592464458498, 940142975169071882
+ptr_L_chacha20_avx2_rotl16 QWORD L_chacha20_avx2_rotl16
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx2_add QWORD 4294967296, 12884901890,
+    21474836484, 30064771078
+ptr_L_chacha20_avx2_add QWORD L_chacha20_avx2_add
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_chacha20_avx2_eight QWORD 34359738376, 34359738376,
+    34359738376, 34359738376
+ptr_L_chacha20_avx2_eight QWORD L_chacha20_avx2_eight
+_DATA ENDS
+_text SEGMENT READONLY PARA
+chacha_encrypt_avx2 PROC
+        push	r12
+        push	r13
+        push	r14
+        push	r15
+        push	rdi
+        sub	rsp, 960
+        vmovdqu	OWORD PTR [rsp+800], xmm6
+        vmovdqu	OWORD PTR [rsp+816], xmm7
+        vmovdqu	OWORD PTR [rsp+832], xmm8
+        vmovdqu	OWORD PTR [rsp+848], xmm9
+        vmovdqu	OWORD PTR [rsp+864], xmm10
+        vmovdqu	OWORD PTR [rsp+880], xmm11
+        vmovdqu	OWORD PTR [rsp+896], xmm12
+        vmovdqu	OWORD PTR [rsp+912], xmm13
+        vmovdqu	OWORD PTR [rsp+928], xmm14
+        vmovdqu	OWORD PTR [rsp+944], xmm15
+        mov	r11, rsp
+        mov	r13, QWORD PTR [ptr_L_chacha20_avx2_rotl8]
+        mov	r14, QWORD PTR [ptr_L_chacha20_avx2_rotl16]
+        mov	r15, QWORD PTR [ptr_L_chacha20_avx2_add]
+        mov	rdi, QWORD PTR [ptr_L_chacha20_avx2_eight]
+        lea	r12, QWORD PTR [rsp+512]
+        add	r11, 31
+        add	r12, 31
+        and	r11, -32
+        and	r12, -32
+        mov	eax, r9d
+        shr	eax, 9
+        jz	L_chacha20_avx2_end256
+        vpbroadcastd	ymm0, DWORD PTR [rcx]
+        vpbroadcastd	ymm1, DWORD PTR [rcx+4]
+        vpbroadcastd	ymm2, DWORD PTR [rcx+8]
+        vpbroadcastd	ymm3, DWORD PTR [rcx+12]
+        vpbroadcastd	ymm4, DWORD PTR [rcx+16]
+        vpbroadcastd	ymm5, DWORD PTR [rcx+20]
+        vpbroadcastd	ymm6, DWORD PTR [rcx+24]
+        vpbroadcastd	ymm7, DWORD PTR [rcx+28]
+        vpbroadcastd	ymm8, DWORD PTR [rcx+32]
+        vpbroadcastd	ymm9, DWORD PTR [rcx+36]
+        vpbroadcastd	ymm10, DWORD PTR [rcx+40]
+        vpbroadcastd	ymm11, DWORD PTR [rcx+44]
+        vpbroadcastd	ymm12, DWORD PTR [rcx+48]
+        vpbroadcastd	ymm13, DWORD PTR [rcx+52]
+        vpbroadcastd	ymm14, DWORD PTR [rcx+56]
+        vpbroadcastd	ymm15, DWORD PTR [rcx+60]
+        vpaddd	ymm12, ymm12, YMMWORD PTR [r15]
+        vmovdqa	YMMWORD PTR [r11], ymm0
+        vmovdqa	YMMWORD PTR [r11+32], ymm1
+        vmovdqa	YMMWORD PTR [r11+64], ymm2
+        vmovdqa	YMMWORD PTR [r11+96], ymm3
+        vmovdqa	YMMWORD PTR [r11+128], ymm4
+        vmovdqa	YMMWORD PTR [r11+160], ymm5
+        vmovdqa	YMMWORD PTR [r11+192], ymm6
+        vmovdqa	YMMWORD PTR [r11+224], ymm7
+        vmovdqa	YMMWORD PTR [r11+256], ymm8
+        vmovdqa	YMMWORD PTR [r11+288], ymm9
+        vmovdqa	YMMWORD PTR [r11+320], ymm10
+        vmovdqa	YMMWORD PTR [r11+352], ymm11
+        vmovdqa	YMMWORD PTR [r11+384], ymm12
+        vmovdqa	YMMWORD PTR [r11+416], ymm13
+        vmovdqa	YMMWORD PTR [r11+448], ymm14
+        vmovdqa	YMMWORD PTR [r11+480], ymm15
+L_chacha20_avx2_start256:
+        mov	r10b, 10
+        vmovdqa	YMMWORD PTR [r12+96], ymm11
+L_chacha20_avx2_loop256:
+        vpaddd	ymm0, ymm0, ymm4
+        vpxor	ymm12, ymm12, ymm0
+        vmovdqa	ymm11, YMMWORD PTR [r12+96]
+        vpshufb	ymm12, ymm12, YMMWORD PTR [r14]
+        vpaddd	ymm8, ymm8, ymm12
+        vpxor	ymm4, ymm4, ymm8
+        vpaddd	ymm1, ymm1, ymm5
+        vpxor	ymm13, ymm13, ymm1
+        vpshufb	ymm13, ymm13, YMMWORD PTR [r14]
+        vpaddd	ymm9, ymm9, ymm13
+        vpxor	ymm5, ymm5, ymm9
+        vpaddd	ymm2, ymm2, ymm6
+        vpxor	ymm14, ymm14, ymm2
+        vpshufb	ymm14, ymm14, YMMWORD PTR [r14]
+        vpaddd	ymm10, ymm10, ymm14
+        vpxor	ymm6, ymm6, ymm10
+        vpaddd	ymm3, ymm3, ymm7
+        vpxor	ymm15, ymm15, ymm3
+        vpshufb	ymm15, ymm15, YMMWORD PTR [r14]
+        vpaddd	ymm11, ymm11, ymm15
+        vpxor	ymm7, ymm7, ymm11
+        vmovdqa	YMMWORD PTR [r12+96], ymm11
+        vpsrld	ymm11, ymm4, 20
+        vpslld	ymm4, ymm4, 12
+        vpxor	ymm4, ymm4, ymm11
+        vpsrld	ymm11, ymm5, 20
+        vpslld	ymm5, ymm5, 12
+        vpxor	ymm5, ymm5, ymm11
+        vpsrld	ymm11, ymm6, 20
+        vpslld	ymm6, ymm6, 12
+        vpxor	ymm6, ymm6, ymm11
+        vpsrld	ymm11, ymm7, 20
+        vpslld	ymm7, ymm7, 12
+        vpxor	ymm7, ymm7, ymm11
+        vpaddd	ymm0, ymm0, ymm4
+        vpxor	ymm12, ymm12, ymm0
+        vmovdqa	ymm11, YMMWORD PTR [r12+96]
+        vpshufb	ymm12, ymm12, YMMWORD PTR [r13]
+        vpaddd	ymm8, ymm8, ymm12
+        vpxor	ymm4, ymm4, ymm8
+        vpaddd	ymm1, ymm1, ymm5
+        vpxor	ymm13, ymm13, ymm1
+        vpshufb	ymm13, ymm13, YMMWORD PTR [r13]
+        vpaddd	ymm9, ymm9, ymm13
+        vpxor	ymm5, ymm5, ymm9
+        vpaddd	ymm2, ymm2, ymm6
+        vpxor	ymm14, ymm14, ymm2
+        vpshufb	ymm14, ymm14, YMMWORD PTR [r13]
+        vpaddd	ymm10, ymm10, ymm14
+        vpxor	ymm6, ymm6, ymm10
+        vpaddd	ymm3, ymm3, ymm7
+        vpxor	ymm15, ymm15, ymm3
+        vpshufb	ymm15, ymm15, YMMWORD PTR [r13]
+        vpaddd	ymm11, ymm11, ymm15
+        vpxor	ymm7, ymm7, ymm11
+        vmovdqa	YMMWORD PTR [r12+96], ymm11
+        vpsrld	ymm11, ymm4, 25
+        vpslld	ymm4, ymm4, 7
+        vpxor	ymm4, ymm4, ymm11
+        vpsrld	ymm11, ymm5, 25
+        vpslld	ymm5, ymm5, 7
+        vpxor	ymm5, ymm5, ymm11
+        vpsrld	ymm11, ymm6, 25
+        vpslld	ymm6, ymm6, 7
+        vpxor	ymm6, ymm6, ymm11
+        vpsrld	ymm11, ymm7, 25
+        vpslld	ymm7, ymm7, 7
+        vpxor	ymm7, ymm7, ymm11
+        vpaddd	ymm0, ymm0, ymm5
+        vpxor	ymm15, ymm15, ymm0
+        vmovdqa	ymm11, YMMWORD PTR [r12+96]
+        vpshufb	ymm15, ymm15, YMMWORD PTR [r14]
+        vpaddd	ymm10, ymm10, ymm15
+        vpxor	ymm5, ymm5, ymm10
+        vpaddd	ymm1, ymm1, ymm6
+        vpxor	ymm12, ymm12, ymm1
+        vpshufb	ymm12, ymm12, YMMWORD PTR [r14]
+        vpaddd	ymm11, ymm11, ymm12
+        vpxor	ymm6, ymm6, ymm11
+        vpaddd	ymm2, ymm2, ymm7
+        vpxor	ymm13, ymm13, ymm2
+        vpshufb	ymm13, ymm13, YMMWORD PTR [r14]
+        vpaddd	ymm8, ymm8, ymm13
+        vpxor	ymm7, ymm7, ymm8
+        vpaddd	ymm3, ymm3, ymm4
+        vpxor	ymm14, ymm14, ymm3
+        vpshufb	ymm14, ymm14, YMMWORD PTR [r14]
+        vpaddd	ymm9, ymm9, ymm14
+        vpxor	ymm4, ymm4, ymm9
+        vmovdqa	YMMWORD PTR [r12+96], ymm11
+        vpsrld	ymm11, ymm5, 20
+        vpslld	ymm5, ymm5, 12
+        vpxor	ymm5, ymm5, ymm11
+        vpsrld	ymm11, ymm6, 20
+        vpslld	ymm6, ymm6, 12
+        vpxor	ymm6, ymm6, ymm11
+        vpsrld	ymm11, ymm7, 20
+        vpslld	ymm7, ymm7, 12
+        vpxor	ymm7, ymm7, ymm11
+        vpsrld	ymm11, ymm4, 20
+        vpslld	ymm4, ymm4, 12
+        vpxor	ymm4, ymm4, ymm11
+        vpaddd	ymm0, ymm0, ymm5
+        vpxor	ymm15, ymm15, ymm0
+        vmovdqa	ymm11, YMMWORD PTR [r12+96]
+        vpshufb	ymm15, ymm15, YMMWORD PTR [r13]
+        vpaddd	ymm10, ymm10, ymm15
+        vpxor	ymm5, ymm5, ymm10
+        vpaddd	ymm1, ymm1, ymm6
+        vpxor	ymm12, ymm12, ymm1
+        vpshufb	ymm12, ymm12, YMMWORD PTR [r13]
+        vpaddd	ymm11, ymm11, ymm12
+        vpxor	ymm6, ymm6, ymm11
+        vpaddd	ymm2, ymm2, ymm7
+        vpxor	ymm13, ymm13, ymm2
+        vpshufb	ymm13, ymm13, YMMWORD PTR [r13]
+        vpaddd	ymm8, ymm8, ymm13
+        vpxor	ymm7, ymm7, ymm8
+        vpaddd	ymm3, ymm3, ymm4
+        vpxor	ymm14, ymm14, ymm3
+        vpshufb	ymm14, ymm14, YMMWORD PTR [r13]
+        vpaddd	ymm9, ymm9, ymm14
+        vpxor	ymm4, ymm4, ymm9
+        vmovdqa	YMMWORD PTR [r12+96], ymm11
+        vpsrld	ymm11, ymm5, 25
+        vpslld	ymm5, ymm5, 7
+        vpxor	ymm5, ymm5, ymm11
+        vpsrld	ymm11, ymm6, 25
+        vpslld	ymm6, ymm6, 7
+        vpxor	ymm6, ymm6, ymm11
+        vpsrld	ymm11, ymm7, 25
+        vpslld	ymm7, ymm7, 7
+        vpxor	ymm7, ymm7, ymm11
+        vpsrld	ymm11, ymm4, 25
+        vpslld	ymm4, ymm4, 7
+        vpxor	ymm4, ymm4, ymm11
+        dec	r10b
+        jnz	L_chacha20_avx2_loop256
+        vmovdqa	ymm11, YMMWORD PTR [r12+96]
+        vpaddd	ymm0, ymm0, YMMWORD PTR [r11]
+        vpaddd	ymm1, ymm1, YMMWORD PTR [r11+32]
+        vpaddd	ymm2, ymm2, YMMWORD PTR [r11+64]
+        vpaddd	ymm3, ymm3, YMMWORD PTR [r11+96]
+        vpaddd	ymm4, ymm4, YMMWORD PTR [r11+128]
+        vpaddd	ymm5, ymm5, YMMWORD PTR [r11+160]
+        vpaddd	ymm6, ymm6, YMMWORD PTR [r11+192]
+        vpaddd	ymm7, ymm7, YMMWORD PTR [r11+224]
+        vpaddd	ymm8, ymm8, YMMWORD PTR [r11+256]
+        vpaddd	ymm9, ymm9, YMMWORD PTR [r11+288]
+        vpaddd	ymm10, ymm10, YMMWORD PTR [r11+320]
+        vpaddd	ymm11, ymm11, YMMWORD PTR [r11+352]
+        vpaddd	ymm12, ymm12, YMMWORD PTR [r11+384]
+        vpaddd	ymm13, ymm13, YMMWORD PTR [r11+416]
+        vpaddd	ymm14, ymm14, YMMWORD PTR [r11+448]
+        vpaddd	ymm15, ymm15, YMMWORD PTR [r11+480]
+        vmovdqa	YMMWORD PTR [r12], ymm8
+        vmovdqa	YMMWORD PTR [r12+32], ymm9
+        vmovdqa	YMMWORD PTR [r12+64], ymm10
+        vmovdqa	YMMWORD PTR [r12+96], ymm11
+        vmovdqa	YMMWORD PTR [r12+128], ymm12
+        vmovdqa	YMMWORD PTR [r12+160], ymm13
+        vmovdqa	YMMWORD PTR [r12+192], ymm14
+        vmovdqa	YMMWORD PTR [r12+224], ymm15
+        vpunpckldq	ymm8, ymm0, ymm1
+        vpunpckldq	ymm9, ymm2, ymm3
+        vpunpckhdq	ymm12, ymm0, ymm1
+        vpunpckhdq	ymm13, ymm2, ymm3
+        vpunpckldq	ymm10, ymm4, ymm5
+        vpunpckldq	ymm11, ymm6, ymm7
+        vpunpckhdq	ymm14, ymm4, ymm5
+        vpunpckhdq	ymm15, ymm6, ymm7
+        vpunpcklqdq	ymm0, ymm8, ymm9
+        vpunpcklqdq	ymm1, ymm10, ymm11
+        vpunpckhqdq	ymm2, ymm8, ymm9
+        vpunpckhqdq	ymm3, ymm10, ymm11
+        vpunpcklqdq	ymm4, ymm12, ymm13
+        vpunpcklqdq	ymm5, ymm14, ymm15
+        vpunpckhqdq	ymm6, ymm12, ymm13
+        vpunpckhqdq	ymm7, ymm14, ymm15
+        vperm2i128	ymm8, ymm0, ymm1, 32
+        vperm2i128	ymm9, ymm2, ymm3, 32
+        vperm2i128	ymm12, ymm0, ymm1, 49
+        vperm2i128	ymm13, ymm2, ymm3, 49
+        vperm2i128	ymm10, ymm4, ymm5, 32
+        vperm2i128	ymm11, ymm6, ymm7, 32
+        vperm2i128	ymm14, ymm4, ymm5, 49
+        vperm2i128	ymm15, ymm6, ymm7, 49
+        vmovdqu	ymm0, YMMWORD PTR [rdx]
+        vmovdqu	ymm1, YMMWORD PTR [rdx+64]
+        vmovdqu	ymm2, YMMWORD PTR [rdx+128]
+        vmovdqu	ymm3, YMMWORD PTR [rdx+192]
+        vmovdqu	ymm4, YMMWORD PTR [rdx+256]
+        vmovdqu	ymm5, YMMWORD PTR [rdx+320]
+        vmovdqu	ymm6, YMMWORD PTR [rdx+384]
+        vmovdqu	ymm7, YMMWORD PTR [rdx+448]
+        vpxor	ymm8, ymm8, ymm0
+        vpxor	ymm9, ymm9, ymm1
+        vpxor	ymm10, ymm10, ymm2
+        vpxor	ymm11, ymm11, ymm3
+        vpxor	ymm12, ymm12, ymm4
+        vpxor	ymm13, ymm13, ymm5
+        vpxor	ymm14, ymm14, ymm6
+        vpxor	ymm15, ymm15, ymm7
+        vmovdqu	YMMWORD PTR [r8], ymm8
+        vmovdqu	YMMWORD PTR [r8+64], ymm9
+        vmovdqu	YMMWORD PTR [r8+128], ymm10
+        vmovdqu	YMMWORD PTR [r8+192], ymm11
+        vmovdqu	YMMWORD PTR [r8+256], ymm12
+        vmovdqu	YMMWORD PTR [r8+320], ymm13
+        vmovdqu	YMMWORD PTR [r8+384], ymm14
+        vmovdqu	YMMWORD PTR [r8+448], ymm15
+        vmovdqa	ymm0, YMMWORD PTR [r12]
+        vmovdqa	ymm1, YMMWORD PTR [r12+32]
+        vmovdqa	ymm2, YMMWORD PTR [r12+64]
+        vmovdqa	ymm3, YMMWORD PTR [r12+96]
+        vmovdqa	ymm4, YMMWORD PTR [r12+128]
+        vmovdqa	ymm5, YMMWORD PTR [r12+160]
+        vmovdqa	ymm6, YMMWORD PTR [r12+192]
+        vmovdqa	ymm7, YMMWORD PTR [r12+224]
+        vpunpckldq	ymm8, ymm0, ymm1
+        vpunpckldq	ymm9, ymm2, ymm3
+        vpunpckhdq	ymm12, ymm0, ymm1
+        vpunpckhdq	ymm13, ymm2, ymm3
+        vpunpckldq	ymm10, ymm4, ymm5
+        vpunpckldq	ymm11, ymm6, ymm7
+        vpunpckhdq	ymm14, ymm4, ymm5
+        vpunpckhdq	ymm15, ymm6, ymm7
+        vpunpcklqdq	ymm0, ymm8, ymm9
+        vpunpcklqdq	ymm1, ymm10, ymm11
+        vpunpckhqdq	ymm2, ymm8, ymm9
+        vpunpckhqdq	ymm3, ymm10, ymm11
+        vpunpcklqdq	ymm4, ymm12, ymm13
+        vpunpcklqdq	ymm5, ymm14, ymm15
+        vpunpckhqdq	ymm6, ymm12, ymm13
+        vpunpckhqdq	ymm7, ymm14, ymm15
+        vperm2i128	ymm8, ymm0, ymm1, 32
+        vperm2i128	ymm9, ymm2, ymm3, 32
+        vperm2i128	ymm12, ymm0, ymm1, 49
+        vperm2i128	ymm13, ymm2, ymm3, 49
+        vperm2i128	ymm10, ymm4, ymm5, 32
+        vperm2i128	ymm11, ymm6, ymm7, 32
+        vperm2i128	ymm14, ymm4, ymm5, 49
+        vperm2i128	ymm15, ymm6, ymm7, 49
+        vmovdqu	ymm0, YMMWORD PTR [rdx+32]
+        vmovdqu	ymm1, YMMWORD PTR [rdx+96]
+        vmovdqu	ymm2, YMMWORD PTR [rdx+160]
+        vmovdqu	ymm3, YMMWORD PTR [rdx+224]
+        vmovdqu	ymm4, YMMWORD PTR [rdx+288]
+        vmovdqu	ymm5, YMMWORD PTR [rdx+352]
+        vmovdqu	ymm6, YMMWORD PTR [rdx+416]
+        vmovdqu	ymm7, YMMWORD PTR [rdx+480]
+        vpxor	ymm8, ymm8, ymm0
+        vpxor	ymm9, ymm9, ymm1
+        vpxor	ymm10, ymm10, ymm2
+        vpxor	ymm11, ymm11, ymm3
+        vpxor	ymm12, ymm12, ymm4
+        vpxor	ymm13, ymm13, ymm5
+        vpxor	ymm14, ymm14, ymm6
+        vpxor	ymm15, ymm15, ymm7
+        vmovdqu	YMMWORD PTR [r8+32], ymm8
+        vmovdqu	YMMWORD PTR [r8+96], ymm9
+        vmovdqu	YMMWORD PTR [r8+160], ymm10
+        vmovdqu	YMMWORD PTR [r8+224], ymm11
+        vmovdqu	YMMWORD PTR [r8+288], ymm12
+        vmovdqu	YMMWORD PTR [r8+352], ymm13
+        vmovdqu	YMMWORD PTR [r8+416], ymm14
+        vmovdqu	YMMWORD PTR [r8+480], ymm15
+        vmovdqa	ymm12, YMMWORD PTR [r11+384]
+        add	rdx, 512
+        add	r8, 512
+        vpaddd	ymm12, ymm12, YMMWORD PTR [rdi]
+        sub	r9d, 512
+        vmovdqa	YMMWORD PTR [r11+384], ymm12
+        cmp	r9d, 512
+        jl	L_chacha20_avx2_done256
+        vmovdqa	ymm0, YMMWORD PTR [r11]
+        vmovdqa	ymm1, YMMWORD PTR [r11+32]
+        vmovdqa	ymm2, YMMWORD PTR [r11+64]
+        vmovdqa	ymm3, YMMWORD PTR [r11+96]
+        vmovdqa	ymm4, YMMWORD PTR [r11+128]
+        vmovdqa	ymm5, YMMWORD PTR [r11+160]
+        vmovdqa	ymm6, YMMWORD PTR [r11+192]
+        vmovdqa	ymm7, YMMWORD PTR [r11+224]
+        vmovdqa	ymm8, YMMWORD PTR [r11+256]
+        vmovdqa	ymm9, YMMWORD PTR [r11+288]
+        vmovdqa	ymm10, YMMWORD PTR [r11+320]
+        vmovdqa	ymm11, YMMWORD PTR [r11+352]
+        vmovdqa	ymm12, YMMWORD PTR [r11+384]
+        vmovdqa	ymm13, YMMWORD PTR [r11+416]
+        vmovdqa	ymm14, YMMWORD PTR [r11+448]
+        vmovdqa	ymm15, YMMWORD PTR [r11+480]
+        jmp	L_chacha20_avx2_start256
+L_chacha20_avx2_done256:
+        shl	eax, 3
+        add	DWORD PTR [rcx+48], eax
+L_chacha20_avx2_end256:
+        call	chacha_encrypt_avx1
+        vzeroupper
+        vmovdqu	xmm6, OWORD PTR [rsp+800]
+        vmovdqu	xmm7, OWORD PTR [rsp+816]
+        vmovdqu	xmm8, OWORD PTR [rsp+832]
+        vmovdqu	xmm9, OWORD PTR [rsp+848]
+        vmovdqu	xmm10, OWORD PTR [rsp+864]
+        vmovdqu	xmm11, OWORD PTR [rsp+880]
+        vmovdqu	xmm12, OWORD PTR [rsp+896]
+        vmovdqu	xmm13, OWORD PTR [rsp+912]
+        vmovdqu	xmm14, OWORD PTR [rsp+928]
+        vmovdqu	xmm15, OWORD PTR [rsp+944]
+        add	rsp, 960
+        pop	rdi
+        pop	r15
+        pop	r14
+        pop	r13
+        pop	r12
+        ret
+chacha_encrypt_avx2 ENDP
+_text ENDS
+ENDIF
+END
diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index 7cade1903..d023e1801 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -1,6 +1,6 @@
 /* cmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,15 +32,15 @@
 #include <wolfssl/wolfcrypt/hash.h>
 #endif
 
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+#if defined(WOLFSSL_CMAC)
 
 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$n")
-        #pragma const_seg(".fipsB$n")
+        #pragma code_seg(".fipsA$c")
+        #pragma const_seg(".fipsB$c")
     #endif
 #endif
 
@@ -59,6 +59,15 @@
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000003 };
+    int wolfCrypt_FIPS_CMAC_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
 #ifdef WOLFSSL_HASH_KEEP
 /* Some hardware have issues with update, this function stores the data to be
  * hashed into an array. Once ready, the Final operation is called on all of the
@@ -71,7 +80,7 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz)
 }
 #endif /* WOLFSSL_HASH_KEEP */
 
-
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
 /* Used by AES-SIV. See aes.c. */
 void ShiftAndXorRb(byte* out, byte* in)
 {
@@ -81,7 +90,7 @@ void ShiftAndXorRb(byte* out, byte* in)
 
     xorRb = (in[0] & 0x80) != 0;
 
-    for (i = 1, j = AES_BLOCK_SIZE - 1; i <= AES_BLOCK_SIZE; i++, j--) {
+    for (i = 1, j = WC_AES_BLOCK_SIZE - 1; i <= WC_AES_BLOCK_SIZE; i++, j--) {
         last = (in[j] & 0x80) ? 1 : 0;
         out[j] = (byte)((in[j] << 1) | mask);
         mask = last;
@@ -91,12 +100,13 @@ void ShiftAndXorRb(byte* out, byte* in)
         }
     }
 }
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
 
 /* returns 0 on success */
 int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
                 int type, void* unused, void* heap, int devId)
 {
-    int ret;
+    int ret = 0;
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
     byte useSW = 0;
 #endif
@@ -125,7 +135,7 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
 
         ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL,
                 type, unused);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -137,30 +147,40 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_AesInit(&cmac->aes, heap, devId);
+    switch (type) {
+#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+        cmac->type = WC_CMAC_AES;
+        ret = wc_AesInit(&cmac->aes, heap, devId);
 
-#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
-    cmac->useSWCrypt = useSW;
-    if (cmac->useSWCrypt == 1) {
-        cmac->aes.useSWCrypt = 1;
-    }
-#endif
-
-    if (ret == 0) {
-        ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
-    }
-
-    if (ret == 0) {
-        byte l[AES_BLOCK_SIZE];
-
-        XMEMSET(l, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEncryptDirect(&cmac->aes, l, l);
-        if (ret == 0) {
-            ShiftAndXorRb(cmac->k1, l);
-            ShiftAndXorRb(cmac->k2, cmac->k1);
-            ForceZero(l, AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
+        cmac->useSWCrypt = useSW;
+        if (cmac->useSWCrypt == 1) {
+            cmac->aes.useSWCrypt = 1;
         }
+    #endif
+
+        if (ret == 0) {
+            ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
+        }
+
+        if (ret == 0) {
+            byte l[WC_AES_BLOCK_SIZE];
+
+            XMEMSET(l, 0, WC_AES_BLOCK_SIZE);
+            ret = wc_AesEncryptDirect(&cmac->aes, l, l);
+            if (ret == 0) {
+                ShiftAndXorRb(cmac->k1, l);
+                ShiftAndXorRb(cmac->k2, cmac->k1);
+                ForceZero(l, WC_AES_BLOCK_SIZE);
+            }
+        }
+        break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        return BAD_FUNC_ARG;
     }
+
     return ret;
 }
 
@@ -192,34 +212,45 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
     #endif
     {
         ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz,
-                NULL, NULL, 0, NULL);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+            NULL, NULL, (int)cmac->type, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
-        ret = 0; /* reset error code */
     }
 #endif
 
-    while (inSz != 0) {
-        word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
-        XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
+    /* Clear CRYPTOCB_UNAVAILABLE return code */
+    ret = 0;
 
-        cmac->bufferSz += add;
-        in += add;
-        inSz -= add;
+    switch (cmac->type) {
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+    {
+        while ((ret == 0) && (inSz != 0)) {
+            word32 add = min(inSz, WC_AES_BLOCK_SIZE - cmac->bufferSz);
+            XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
 
-        if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
-            if (cmac->totalSz != 0) {
-                xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
-            }
-            ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
-            if (ret == 0) {
-                cmac->totalSz += AES_BLOCK_SIZE;
-                cmac->bufferSz = 0;
+            cmac->bufferSz += add;
+            in += add;
+            inSz -= add;
+
+            if (cmac->bufferSz == WC_AES_BLOCK_SIZE && inSz != 0) {
+                if (cmac->totalSz != 0) {
+                    xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE);
+                }
+                ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest,
+                        cmac->buffer);
+                if (ret == 0) {
+                    cmac->totalSz += WC_AES_BLOCK_SIZE;
+                    cmac->bufferSz = 0;
+                }
             }
         }
+    }; break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        ret = BAD_FUNC_ARG;
     }
-
     return ret;
 }
 
@@ -231,20 +262,25 @@ int wc_CmacFree(Cmac* cmac)
     /* TODO: msg is leaked if wc_CmacFinal() is not called
      * e.g. when multiple calls to wc_CmacUpdate() and one fails but
      * wc_CmacFinal() not called. */
-    if (cmac->msg != NULL) {
-        XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    wc_AesFree(&cmac->aes);
+    switch (cmac->type) {
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+        wc_AesFree(&cmac->aes);
+        break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        /* Nothing to do */
+        (void)cmac;
+    }
     ForceZero(cmac, sizeof(Cmac));
     return 0;
 }
 
 int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
 {
-    int ret;
-    const byte* subKey;
-    word32 remainder;
+    int ret = 0;
 
     if (cmac == NULL || out == NULL || outSz == NULL) {
         return BAD_FUNC_ARG;
@@ -258,45 +294,65 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
     if (cmac->devId != INVALID_DEVID)
     #endif
     {
-        ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz,
+            (int)cmac->type, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
+
+        /* Clear CRYPTOCB_UNAVAILABLE return code */
+       ret = 0;
+
         /* fall-through when unavailable */
     }
 #endif
-
-    if (cmac->bufferSz == AES_BLOCK_SIZE) {
-        subKey = cmac->k1;
-    }
-    else {
-        /* ensure we will have a valid remainder value */
-        if (cmac->bufferSz > AES_BLOCK_SIZE) {
-            return BAD_STATE_E;
-        }
-        remainder = AES_BLOCK_SIZE - cmac->bufferSz;
-
-        if (remainder == 0) {
-            remainder = AES_BLOCK_SIZE;
-        }
-        if (remainder > 1) {
-            XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
-        }
-
-        cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
-        subKey = cmac->k2;
-    }
-    xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
-    xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
-    ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
     if (ret == 0) {
-        XMEMCPY(out, cmac->digest, *outSz);
-    }
+        switch (cmac->type) {
+    #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+        case WC_CMAC_AES:
+        {
+            const byte* subKey;
+            word32 remainder;
 
-    return 0;
+            if (cmac->bufferSz == WC_AES_BLOCK_SIZE) {
+                subKey = cmac->k1;
+            }
+            else {
+                /* ensure we will have a valid remainder value */
+                if (cmac->bufferSz > WC_AES_BLOCK_SIZE) {
+                    ret = BAD_STATE_E;
+                    break;
+                }
+                remainder = WC_AES_BLOCK_SIZE - cmac->bufferSz;
+
+                if (remainder == 0) {
+                    remainder = WC_AES_BLOCK_SIZE;
+                }
+                if (remainder > 1) {
+                    XMEMSET(cmac->buffer + WC_AES_BLOCK_SIZE - remainder, 0,
+                            remainder);
+                }
+
+                cmac->buffer[WC_AES_BLOCK_SIZE - remainder] = 0x80;
+                subKey = cmac->k2;
+            }
+            xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE);
+            xorbuf(cmac->buffer, subKey, WC_AES_BLOCK_SIZE);
+            ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
+            if (ret == 0) {
+                XMEMCPY(out, cmac->digest, *outSz);
+            }
+        }; break;
+    #endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+        default:
+            ret = BAD_FUNC_ARG;
+        }
+    }
+    return ret;
 }
 
-int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
-    int ret;
+int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
+{
+    int ret = 0;
 
     if (cmac == NULL)
         return BAD_FUNC_ARG;
@@ -305,11 +361,68 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
     return ret;
 }
 
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+int wc_AesCmacGenerate_ex(Cmac* cmac,
+                          byte* out, word32* outSz,
+                          const byte* in, word32 inSz,
+                          const byte* key, word32 keySz,
+                          void* heap, int devId)
+{
+    int ret = 0;
+
+    if (cmac == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    /* Set devId regardless of value (invalid or not) */
+    cmac->devId = devId;
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz,
+                WC_CMAC_AES, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+
+         /* Clear CRYPTOCB_UNAVAILABLE return code */
+        ret = 0;
+
+        /* fall-through when unavailable */
+    }
+#endif
+
+    if ( ((out == NULL) && (outSz != NULL) && (*outSz > 0))
+         || (in == NULL && inSz > 0)
+         || (key == NULL && keySz > 0))  {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Init step is optional */
+    if (key != NULL) {
+        ret = wc_InitCmac_ex(cmac, key, keySz, WC_CMAC_AES, NULL, heap, devId);
+    }
+    if (ret == 0) {
+        ret = wc_CmacUpdate(cmac, in, inSz);
+        /* Ensure we are freed and zeroed if not calling wc_CmacFinal */
+        if (ret != 0) {
+            (void)wc_CmacFree(cmac);
+        }
+    }
+    if (ret == 0) {
+        ret = wc_CmacFinal(cmac, out, outSz);
+    }
+
+    return ret;
+}
+
+
 int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* in, word32 inSz,
                        const byte* key, word32 keySz)
 {
-    int ret;
+    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
     Cmac *cmac;
 #else
@@ -326,26 +439,25 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
         return MEMORY_E;
     }
 #endif
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     XMEMSET(((unsigned char *)cmac) + sizeof(Aes), 0xff,
         sizeof(Cmac) - sizeof(Aes));
     /* Aes part is checked by wc_AesFree. */
-    wc_MemZero_Add("wc_AesCmacGenerate cmac",
+    wc_MemZero_Add("wc_AesCmacGenerate_ex cmac",
         ((unsigned char *)cmac) + sizeof(Aes), sizeof(Cmac) - sizeof(Aes));
 #endif
 
-    ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
-    if (ret == 0) {
-        ret = wc_CmacUpdate(cmac, in, inSz);
-    }
-    if (ret == 0) {
-        ret = wc_CmacFinal(cmac, out, outSz);
-    }
+    ret = wc_AesCmacGenerate_ex(cmac,
+                                out, outSz,
+                                in, inSz,
+                                key, keySz,
+                                NULL,
+                                INVALID_DEVID);
+
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (cmac) {
-        XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
-    }
+    XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     wc_MemZero_Check(cmac, sizeof(Cmac));
 #endif
@@ -354,28 +466,84 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
 }
 
 
+int wc_AesCmacVerify_ex(Cmac* cmac,
+                        const byte* check, word32 checkSz,
+                        const byte* in, word32 inSz,
+                        const byte* key, word32 keySz,
+                        void* heap, int devId)
+{
+    int ret = 0;
+    byte a[WC_AES_BLOCK_SIZE];
+    word32 aSz = sizeof(a);
+    int compareRet;
+
+    if (cmac == NULL || check == NULL || checkSz == 0 ||
+            (in == NULL && inSz != 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(a, 0, aSz);
+    ret = wc_AesCmacGenerate_ex(cmac,
+                                a, &aSz,
+                                in, inSz,
+                                key, keySz,
+                                heap,
+                                devId);
+    if (ret == 0) {
+        compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz));
+        ret = compareRet ? 1 : 0;
+    }
+
+    return ret;
+}
+
+
 int wc_AesCmacVerify(const byte* check, word32 checkSz,
                      const byte* in, word32 inSz,
                      const byte* key, word32 keySz)
 {
-    int ret;
-    byte a[AES_BLOCK_SIZE];
-    word32 aSz = sizeof(a);
-    int compareRet;
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Cmac *cmac;
+#else
+    Cmac cmac[1];
+#endif
 
-    if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) ||
-        key == NULL || keySz == 0) {
+    if (check == NULL || checkSz == 0 || (in == NULL && inSz > 0) ||
+            key == NULL || keySz == 0) {
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(a, 0, aSz);
-    ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
-    compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz));
+#ifdef WOLFSSL_SMALL_STACK
+    if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL,
+                                DYNAMIC_TYPE_CMAC)) == NULL) {
+        return MEMORY_E;
+    }
+#endif
 
-    if (ret == 0)
-        ret = compareRet ? 1 : 0;
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+    XMEMSET(((unsigned char *)cmac) + sizeof(Aes), 0xff,
+        sizeof(Cmac) - sizeof(Aes));
+    /* Aes part is checked by wc_AesFree. */
+    wc_MemZero_Add("wc_AesCmacGenerate_ex cmac",
+        ((unsigned char *)cmac) + sizeof(Aes), sizeof(Cmac) - sizeof(Aes));
+#endif
+
+    ret = wc_AesCmacVerify_ex(cmac,
+                              check, checkSz,
+                              in, inSz,
+                              key, keySz,
+                              NULL,
+                              INVALID_DEVID);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
+#elif defined(WOLFSSL_CHECK_MEM_ZERO)
+    wc_MemZero_Check(cmac, sizeof(Cmac));
+#endif
 
     return ret;
 }
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
 
-#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */
+#endif /* WOLFSSL_CMAC */
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index be5f418d1..6e73bb193 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -1,6 +1,6 @@
 /* coding.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,16 +62,25 @@ enum {
 #ifdef BASE64_NO_TABLE
 static WC_INLINE byte Base64_Char2Val(byte c)
 {
-    word16 v = 0x0000;
+    word16 v;
+    sword16 smallEnd   = (sword16)c - 0x7b;
+    sword16 smallStart = (sword16)c - 0x61;
+    sword16 bigEnd     = (sword16)c - 0x5b;
+    sword16 bigStart   = (sword16)c - 0x41;
+    sword16 numEnd     = (sword16)c - 0x3a;
+    sword16 numStart   = (sword16)c - 0x30;
+    sword16 slashEnd   = (sword16)c - 0x30;
+    sword16 slashStart = (sword16)c - 0x2f;
+    sword16 plusEnd    = (sword16)c - 0x2c;
+    sword16 plusStart  = (sword16)c - 0x2b;
 
-    v |= 0xff3E & ctMask16Eq(c, 0x2b);
-    v |= 0xff3F & ctMask16Eq(c, 0x2f);
-    v |= (c + 0xff04) & ctMask16GTE(c, 0x30) & ctMask16LTE(c, 0x39);
-    v |= (0xff00 + c - 0x41) & ctMask16GTE(c, 0x41) & ctMask16LTE(c, 0x5a);
-    v |= (0xff00 + c - 0x47) & ctMask16GTE(c, 0x61) & ctMask16LTE(c, 0x7a);
-    v |= ~(v >> 8);
+    v  = ((smallStart >> 8) ^ (smallEnd >> 8)) & (smallStart + 26 + 1);
+    v |= ((bigStart   >> 8) ^ (bigEnd   >> 8)) & (bigStart   +  0 + 1);
+    v |= ((numStart   >> 8) ^ (numEnd   >> 8)) & (numStart   + 52 + 1);
+    v |= ((slashStart >> 8) ^ (slashEnd >> 8)) & (slashStart + 63 + 1);
+    v |= ((plusStart  >> 8) ^ (plusEnd  >> 8)) & (plusStart  + 62 + 1);
 
-    return (byte)v;
+    return (byte)(v - 1);
 }
 #else
 static
@@ -99,7 +108,7 @@ static WC_INLINE byte Base64_Char2Val(byte c)
     byte v;
     byte mask;
 
-    c -= BASE64_MIN;
+    c = (byte)(c - BASE64_MIN);
     mask = (byte)((((byte)(0x3f - c)) >> 7) - 1);
     /* Load a value from the first cache line and use when mask set. */
     v  = (byte)(base64Decode[ c & 0x3f        ] &   mask);
@@ -181,7 +190,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         byte e1, e2, e3, e4;
 
         if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
-            if (ret == BUFFER_E) {
+            if (ret == WC_NO_ERR_TRACE(BUFFER_E)) {
                 /* Running out of buffer here is not an error */
                 break;
             }
@@ -297,8 +306,10 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 maxSz,
 
     if (raw)
         basic = e;
-    else
+    else if (e < sizeof(base64Encode))
         basic = base64Encode[e];
+    else
+        return BAD_FUNC_ARG;
 
     /* check whether to escape. Only escape for EncodeEsc */
     if (escaped == WC_ESC_NL_ENC) {
@@ -458,7 +469,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     *outLen = i;
 
     if (ret == 0)
-        return getSzOnly ? LENGTH_ONLY_E : 0;
+        return getSzOnly ? WC_NO_ERR_TRACE(LENGTH_ONLY_E) : 0;
 
     return ret;
 }
@@ -488,7 +499,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
 #ifdef WOLFSSL_BASE16
 
 static
-const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
+const ALIGN64 byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                            BAD, BAD, BAD, BAD, BAD, BAD, BAD,
                            10, 11, 12, 13, 14, 15,  /* upper case A-F */
                            BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD,
@@ -507,7 +518,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     if (inLen == 1 && *outLen && in) {
-        byte b = in[inIdx++] - BASE16_MIN;  /* 0 starts at 0x30 */
+        byte b = (byte)(in[inIdx++] - BASE16_MIN);  /* 0 starts at 0x30 */
 
         /* sanity check */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
@@ -531,8 +542,8 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     while (inLen) {
-        byte b  = in[inIdx++] - BASE16_MIN;  /* 0 starts at 0x30 */
-        byte b2 = in[inIdx++] - BASE16_MIN;
+        byte b  = (byte)(in[inIdx++] - BASE16_MIN);  /* 0 starts at 0x30 */
+        byte b2 = (byte)(in[inIdx++] - BASE16_MIN);
 
         /* sanity checks */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
@@ -554,6 +565,11 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     return 0;
 }
 
+static
+const ALIGN64 byte hexEncode[] = { '0', '1', '2', '3', '4', '5', '6', '7',
+                                   '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+};
+
 int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 outIdx = 0;
@@ -569,15 +585,8 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
         byte hb = in[i] >> 4;
         byte lb = in[i] & 0x0f;
 
-        /* ASCII value */
-        hb += '0';
-        if (hb > '9')
-            hb += 7;
-
-        /* ASCII value */
-        lb += '0';
-        if (lb>'9')
-            lb += 7;
+        hb = hexEncode[hb];
+        lb = hexEncode[lb];
 
         out[outIdx++] = hb;
         out[outIdx++] = lb;
diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c
index 58c154c59..77904adbd 100644
--- a/wolfcrypt/src/compress.c
+++ b/wolfcrypt/src/compress.c
@@ -1,6 +1,6 @@
 /* compress.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -310,10 +310,8 @@ int wc_DeCompressDynamic(byte** out, int maxSz, int memoryType,
     if (inflateEnd(&stream) != Z_OK)
         result = DECOMPRESS_E;
 
-    if (tmp != NULL) {
-        XFREE(tmp, heap, memoryType);
-        tmp = NULL;
-    }
+    XFREE(tmp, heap, memoryType);
+    tmp = NULL;
 
     return result;
 }
diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c
index c1924c1e5..a8b9d94c0 100644
--- a/wolfcrypt/src/cpuid.c
+++ b/wolfcrypt/src/cpuid.c
@@ -1,6 +1,6 @@
 /* cpuid.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,7 +28,8 @@
 
 #include <wolfssl/wolfcrypt/cpuid.h>
 
-#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL)
+#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL) || \
+    defined(HAVE_CPUID_AARCH64)
     static word32 cpuid_check = 0;
     static word32 cpuid_flags = 0;
 #endif
@@ -96,10 +97,217 @@
             if (cpuid_flag(7, 0, EBX, 19)) { cpuid_flags |= CPUID_ADX   ; }
             if (cpuid_flag(1, 0, ECX, 22)) { cpuid_flags |= CPUID_MOVBE ; }
             if (cpuid_flag(7, 0, EBX,  3)) { cpuid_flags |= CPUID_BMI1  ; }
+            if (cpuid_flag(7, 0, EBX, 29)) { cpuid_flags |= CPUID_SHA   ; }
 
             cpuid_check = 1;
         }
     }
+#elif defined(HAVE_CPUID_AARCH64)
+
+#define CPUID_AARCH64_FEAT_AES         ((word64)1 << 4)
+#define CPUID_AARCH64_FEAT_AES_PMULL   ((word64)1 << 5)
+#define CPUID_AARCH64_FEAT_SHA256      ((word64)1 << 12)
+#define CPUID_AARCH64_FEAT_SHA256_512  ((word64)1 << 13)
+#define CPUID_AARCH64_FEAT_RDM         ((word64)1 << 28)
+#define CPUID_AARCH64_FEAT_SHA3        ((word64)1 << 32)
+#define CPUID_AARCH64_FEAT_SM3         ((word64)1 << 36)
+#define CPUID_AARCH64_FEAT_SM4         ((word64)1 << 40)
+
+#ifdef WOLFSSL_AARCH64_PRIVILEGE_MODE
+    /* https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers
+     * /ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0 */
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 features;
+
+            __asm__ __volatile (
+                "mrs    %[feat], ID_AA64ISAR0_EL1\n"
+                : [feat] "=r" (features)
+                :
+                :
+            );
+
+            if (features & CPUID_AARCH64_FEAT_AES)
+                cpuid_flags |= CPUID_AES;
+            if (features & CPUID_AARCH64_FEAT_AES_PMULL) {
+                cpuid_flags |= CPUID_AES;
+                cpuid_flags |= CPUID_PMULL;
+            }
+            if (features & CPUID_AARCH64_FEAT_SHA256)
+                cpuid_flags |= CPUID_SHA256;
+            if (features & CPUID_AARCH64_FEAT_SHA256_512)
+                cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
+            if (features & CPUID_AARCH64_FEAT_RDM)
+                cpuid_flags |= CPUID_RDM;
+            if (features & CPUID_AARCH64_FEAT_SHA3)
+                cpuid_flags |= CPUID_SHA3;
+            if (features & CPUID_AARCH64_FEAT_SM3)
+                cpuid_flags |= CPUID_SM3;
+            if (features & CPUID_AARCH64_FEAT_SM4)
+                cpuid_flags |= CPUID_SM4;
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__linux__)
+    /* https://community.arm.com/arm-community-blogs/b/operating-systems-blog/
+     * posts/runtime-detection-of-cpu-features-on-an-armv8-a-cpu */
+
+    #include <sys/auxv.h>
+    #include <asm/hwcap.h>
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 hwcaps = getauxval(AT_HWCAP);
+
+            if (hwcaps & HWCAP_AES)
+                cpuid_flags |= CPUID_AES;
+            if (hwcaps & HWCAP_PMULL)
+                cpuid_flags |= CPUID_PMULL;
+            if (hwcaps & HWCAP_SHA2)
+                cpuid_flags |= CPUID_SHA256;
+            if (hwcaps & HWCAP_SHA512)
+                cpuid_flags |= CPUID_SHA512;
+            if (hwcaps & HWCAP_ASIMDRDM)
+                cpuid_flags |= CPUID_RDM;
+            if (hwcaps & HWCAP_SHA3)
+                cpuid_flags |= CPUID_SHA3;
+            if (hwcaps & HWCAP_SM3)
+                cpuid_flags |= CPUID_SM3;
+            if (hwcaps & HWCAP_SM4)
+                cpuid_flags |= CPUID_SM4;
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__ANDROID__) || defined(ANDROID)
+    /* https://community.arm.com/arm-community-blogs/b/operating-systems-blog/
+     * posts/runtime-detection-of-cpu-features-on-an-armv8-a-cpu */
+
+    #include "cpu-features.h"
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 features = android_getCpuFeatures();
+
+            if (features & ANDROID_CPU_ARM_FEATURE_AES)
+                cpuid_flags |= CPUID_AES;
+            if (features & ANDROID_CPU_ARM_FEATURE_PMULL)
+                cpuid_flags |= CPUID_PMULL;
+            if (features & ANDROID_CPU_ARM_FEATURE_SHA2)
+                cpuid_flags |= CPUID_SHA256;
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__APPLE__)
+    /* https://developer.apple.com/documentation/kernel/1387446-sysctlbyname/
+     * determining_instruction_set_characteristics */
+
+    #include <sys/sysctl.h>
+
+    static word64 cpuid_get_sysctlbyname(const char* name)
+    {
+        word64 ret = 0;
+        size_t size = sizeof(ret);
+
+        sysctlbyname(name, &ret, &size, NULL, 0);
+
+        return ret;
+    }
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_AES") != 0)
+                cpuid_flags |= CPUID_AES;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_PMULL") != 0)
+                cpuid_flags |= CPUID_PMULL;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA256") != 0)
+                cpuid_flags |= CPUID_SHA256;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA512") != 0)
+                cpuid_flags |= CPUID_SHA512;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_RDM") != 0)
+                cpuid_flags |= CPUID_RDM;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA3") != 0)
+                cpuid_flags |= CPUID_SHA3;
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
+            cpuid_flags |= CPUID_SM3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
+            cpuid_flags |= CPUID_SM4;
+        #endif
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__FreeBSD__) || defined(__OpenBSD__)
+    /* https://man.freebsd.org/cgi/man.cgi?elf_aux_info(3) */
+
+    #include <sys/auxv.h>
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 features = 0;
+
+            elf_aux_info(AT_HWCAP, &features, sizeof(features));
+
+            if (features & CPUID_AARCH64_FEAT_AES)
+                cpuid_flags |= CPUID_AES;
+            if (features & CPUID_AARCH64_FEAT_AES_PMULL) {
+                cpuid_flags |= CPUID_AES;
+                cpuid_flags |= CPUID_PMULL;
+            }
+            if (features & CPUID_AARCH64_FEAT_SHA256)
+                cpuid_flags |= CPUID_SHA256;
+            if (features & CPUID_AARCH64_FEAT_SHA256_512)
+                cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
+            if (features & CPUID_AARCH64_FEAT_RDM)
+                cpuid_flags |= CPUID_RDM;
+            if (features & CPUID_AARCH64_FEAT_SHA3)
+                cpuid_flags |= CPUID_SHA3;
+            if (features & CPUID_AARCH64_FEAT_SM3)
+                cpuid_flags |= CPUID_SM3;
+            if (features & CPUID_AARCH64_FEAT_SM4)
+                cpuid_flags |= CPUID_SM4;
+
+            cpuid_check = 1;
+        }
+    }
+#else
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+        #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+            cpuid_flags |= CPUID_AES;
+            cpuid_flags |= CPUID_PMULL;
+            cpuid_flags |= CPUID_SHA256;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+            cpuid_flags |= CPUID_SHA512;
+        #endif
+        #ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+            cpuid_flags |= CPUID_RDM;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            cpuid_flags |= CPUID_SHA3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
+            cpuid_flags |= CPUID_SM3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
+            cpuid_flags |= CPUID_SM4;
+        #endif
+
+            cpuid_check = 1;
+        }
+    }
+#endif
 #elif defined(HAVE_CPUID)
     void cpuid_set_flags(void)
     {
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index ce49e4671..daf9cb99b 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -1,6 +1,6 @@
 /* cryptocb.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,7 +55,6 @@
 #ifdef WOLFSSL_CAAM
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
-
 /* TODO: Consider linked list with mutex */
 #ifndef MAX_CRYPTO_DEVID_CALLBACKS
 #define MAX_CRYPTO_DEVID_CALLBACKS 8
@@ -66,7 +65,7 @@ typedef struct CryptoCb {
     CryptoDevCallbackFunc cb;
     void* ctx;
 } CryptoCb;
-static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
+static WC_THREADSHARED CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
 
 #ifdef WOLF_CRYPTO_CB_FIND
 static CryptoDevCallbackFind CryptoCb_FindCb = NULL;
@@ -85,6 +84,8 @@ static const char* GetAlgoTypeStr(int algo)
         case WC_ALGO_TYPE_RNG:    return "RNG";
         case WC_ALGO_TYPE_SEED:   return "Seed";
         case WC_ALGO_TYPE_HMAC:   return "HMAC";
+        case WC_ALGO_TYPE_CMAC:   return "CMAC";
+        case WC_ALGO_TYPE_CERT:   return "Cert";
     }
     return NULL;
 }
@@ -104,6 +105,7 @@ static const char* GetPkTypeStr(int pk)
     }
     return NULL;
 }
+#if !defined(NO_AES) || !defined(NO_DES3)
 static const char* GetCipherTypeStr(int cipher)
 {
     switch (cipher) {
@@ -119,6 +121,7 @@ static const char* GetCipherTypeStr(int cipher)
     }
     return NULL;
 }
+#endif /* !NO_AES || !NO_DES3 */
 static const char* GetHashTypeStr(int hash)
 {
     switch (hash) {
@@ -141,6 +144,16 @@ static const char* GetHashTypeStr(int hash)
     return NULL;
 }
 
+#ifdef WOLFSSL_CMAC
+static const char* GetCmacTypeStr(int type)
+{
+    switch (type) {
+        case WC_CMAC_AES: return "AES";
+    }
+    return NULL;
+}
+#endif  /* WOLFSSL_CMAC */
+
 #ifndef NO_RSA
 static const char* GetRsaType(int type)
 {
@@ -186,12 +199,14 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
                 GetPkTypeStr(info->pk.type), info->pk.type);
         }
     }
+#if !defined(NO_AES) || !defined(NO_DES3)
     else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
         printf("Crypto CB: %s %s (%d) (%p ctx)\n",
             GetAlgoTypeStr(info->algo_type),
             GetCipherTypeStr(info->cipher.type),
             info->cipher.type, info->cipher.ctx);
     }
+#endif /* !NO_AES || !NO_DES3 */
     else if (info->algo_type == WC_ALGO_TYPE_HASH) {
         printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
             GetAlgoTypeStr(info->algo_type),
@@ -206,6 +221,17 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
             info->hmac.macType, info->hmac.hmac,
             (info->hmac.in != NULL) ? "Update" : "Final");
     }
+#ifdef WOLFSSL_CMAC
+    else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
+        printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n",
+            GetAlgoTypeStr(info->algo_type),
+            GetCmacTypeStr(info->cmac.type),
+            info->cmac.type, info->cmac.cmac,
+            (info->cmac.key != NULL) ? "Init " : "",
+            (info->cmac.in != NULL) ? "Update " : "",
+            (info->cmac.out != NULL) ? "Final" : "");
+    }
+#endif
 #ifdef WOLF_CRYPTO_CB_CMD
     else if (info->algo_type == WC_ALGO_TYPE_NONE) {
         printf("Crypto CB: %s %s (%d)\n",
@@ -260,9 +286,9 @@ static CryptoCb* wc_CryptoCb_FindDeviceByIndex(int startIdx)
 
 static WC_INLINE int wc_CryptoCb_TranslateErrorCode(int ret)
 {
-    if (ret == NOT_COMPILED_IN) {
+    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
         /* backwards compatibility for older NOT_COMPILED_IN syntax */
-        ret = CRYPTOCB_UNAVAILABLE;
+        ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     }
     return ret;
 }
@@ -344,8 +370,8 @@ int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx)
             /* Success.  Update dev->ctx */
             dev->ctx = info.cmd.ctx;
         }
-        else if ((rc == CRYPTOCB_UNAVAILABLE) ||
-                 (rc == NOT_COMPILED_IN)) {
+        else if ((rc == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) ||
+                 (rc == WC_NO_ERR_TRACE(NOT_COMPILED_IN))) {
             /* Not implemented.  Return success*/
             rc = 0;
         }
@@ -391,7 +417,7 @@ void wc_CryptoCb_UnRegisterDevice(int devId)
 int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     word32* outLen, int type, RsaKey* key, WC_RNG* rng)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -418,10 +444,64 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+                       word32* outLen, int type, RsaKey* key, WC_RNG* rng,
+                       RsaPadding *padding)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+    int pk_type;
+
+    if (key == NULL)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
+
+    if (padding != NULL) {
+        switch (padding->pad_type) {
+        case WC_RSA_PKCSV15_PAD:
+            pk_type = WC_PK_TYPE_RSA_PKCS;
+            break;
+        case WC_RSA_PSS_PAD:
+            pk_type = WC_PK_TYPE_RSA_PSS;
+            break;
+        case WC_RSA_OAEP_PAD:
+            pk_type = WC_PK_TYPE_RSA_OAEP;
+            break;
+        default:
+            pk_type = WC_PK_TYPE_RSA;
+        }
+    } else {
+        pk_type = WC_PK_TYPE_RSA;
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = pk_type;
+        cryptoInfo.pk.rsa.in = in;
+        cryptoInfo.pk.rsa.inLen = inLen;
+        cryptoInfo.pk.rsa.out = out;
+        cryptoInfo.pk.rsa.outLen = outLen;
+        cryptoInfo.pk.rsa.type = type;
+        cryptoInfo.pk.rsa.key = key;
+        cryptoInfo.pk.rsa.rng = rng;
+        cryptoInfo.pk.rsa.padding = padding;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+
 #ifdef WOLFSSL_KEY_GEN
 int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -449,7 +529,7 @@ int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey,
     word32 pubKeySz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -474,7 +554,7 @@ int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey,
 
 int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -500,7 +580,7 @@ int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize)
 #ifdef HAVE_ECC
 int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -527,7 +607,7 @@ int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId)
 int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key,
     byte* out, word32* outlen)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (private_key == NULL)
@@ -554,7 +634,7 @@ int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key,
 int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
     word32 *outlen, WC_RNG* rng, ecc_key* key)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -583,7 +663,7 @@ int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out,
 int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
     const byte* hash, word32 hashlen, int* res, ecc_key* key)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -612,7 +692,7 @@ int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen,
 int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
     word32 pubKeySz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -640,7 +720,7 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey,
 int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize,
     curve25519_key* key)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -666,7 +746,7 @@ int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize,
 int wc_CryptoCb_Curve25519(curve25519_key* private_key,
     curve25519_key* public_key, byte* out, word32* outlen, int endian)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (private_key == NULL)
@@ -696,7 +776,7 @@ int wc_CryptoCb_Curve25519(curve25519_key* private_key,
 int wc_CryptoCb_Ed25519Gen(WC_RNG* rng, int keySize,
     ed25519_key* key)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -723,7 +803,7 @@ int wc_CryptoCb_Ed25519Sign(const byte* in, word32 inLen, byte* out,
                             word32 *outLen, ed25519_key* key, byte type,
                             const byte* context, byte contextLen)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -755,7 +835,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
     const byte* msg, word32 msgLen, int* res, ed25519_key* key, byte type,
     const byte* context, byte contextLen)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (key == NULL)
@@ -785,6 +865,297 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
 }
 #endif /* HAVE_ED25519 */
 
+#if defined(WOLFSSL_HAVE_KYBER)
+int wc_CryptoCb_PqcKemGetDevId(int type, void* key)
+{
+    int devId = INVALID_DEVID;
+
+    if (key == NULL)
+        return devId;
+
+    /* get devId */
+    if (type == WC_PQC_KEM_TYPE_KYBER) {
+        devId = ((KyberKey*) key)->devId;
+    }
+
+    return devId;
+}
+
+int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type, int keySize, void* key)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcKemGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_KEM_KEYGEN;
+        cryptoInfo.pk.pqc_kem_kg.rng = rng;
+        cryptoInfo.pk.pqc_kem_kg.size = keySize;
+        cryptoInfo.pk.pqc_kem_kg.key = key;
+        cryptoInfo.pk.pqc_kem_kg.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcEncapsulate(byte* ciphertext, word32 ciphertextLen,
+    byte* sharedSecret, word32 sharedSecretLen, WC_RNG* rng, int type,
+    void* key)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcKemGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_KEM_ENCAPS;
+        cryptoInfo.pk.pqc_encaps.ciphertext = ciphertext;
+        cryptoInfo.pk.pqc_encaps.ciphertextLen = ciphertextLen;
+        cryptoInfo.pk.pqc_encaps.sharedSecret = sharedSecret;
+        cryptoInfo.pk.pqc_encaps.sharedSecretLen = sharedSecretLen;
+        cryptoInfo.pk.pqc_encaps.rng = rng;
+        cryptoInfo.pk.pqc_encaps.key = key;
+        cryptoInfo.pk.pqc_encaps.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
+    byte* sharedSecret, word32 sharedSecretLen, int type, void* key)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcKemGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_KEM_DECAPS;
+        cryptoInfo.pk.pqc_decaps.ciphertext = ciphertext;
+        cryptoInfo.pk.pqc_decaps.ciphertextLen = ciphertextLen;
+        cryptoInfo.pk.pqc_decaps.sharedSecret = sharedSecret;
+        cryptoInfo.pk.pqc_decaps.sharedSecretLen = sharedSecretLen;
+        cryptoInfo.pk.pqc_decaps.key = key;
+        cryptoInfo.pk.pqc_decaps.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* WOLFSSL_HAVE_KYBER */
+
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
+{
+    int devId = INVALID_DEVID;
+
+    if (key == NULL)
+        return devId;
+
+    /* get devId */
+#if defined(HAVE_DILITHIUM)
+    if (type == WC_PQC_SIG_TYPE_DILITHIUM) {
+        devId = ((dilithium_key*) key)->devId;
+    }
+#endif
+#if defined(HAVE_FALCON)
+    if (type == WC_PQC_SIG_TYPE_FALCON) {
+        devId = ((falcon_key*) key)->devId;
+    }
+#endif
+
+    return devId;
+}
+
+int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize,
+    void* key)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_KEYGEN;
+        cryptoInfo.pk.pqc_sig_kg.rng = rng;
+        cryptoInfo.pk.pqc_sig_kg.size = keySize;
+        cryptoInfo.pk.pqc_sig_kg.key = key;
+        cryptoInfo.pk.pqc_sig_kg.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
+    const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng,
+    int type, void* key)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_SIGN;
+        cryptoInfo.pk.pqc_sign.in = in;
+        cryptoInfo.pk.pqc_sign.inlen = inlen;
+        cryptoInfo.pk.pqc_sign.out = out;
+        cryptoInfo.pk.pqc_sign.outlen = outlen;
+        cryptoInfo.pk.pqc_sign.context = context;
+        cryptoInfo.pk.pqc_sign.contextLen = contextLen;
+        cryptoInfo.pk.pqc_sign.preHashType = preHashType;
+        cryptoInfo.pk.pqc_sign.rng = rng;
+        cryptoInfo.pk.pqc_sign.key = key;
+        cryptoInfo.pk.pqc_sign.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
+    word32 msglen, const byte* context, byte contextLen, word32 preHashType,
+    int* res, int type, void* key)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_VERIFY;
+        cryptoInfo.pk.pqc_verify.sig = sig;
+        cryptoInfo.pk.pqc_verify.siglen = siglen;
+        cryptoInfo.pk.pqc_verify.msg = msg;
+        cryptoInfo.pk.pqc_verify.msglen = msglen;
+        cryptoInfo.pk.pqc_verify.context = context;
+        cryptoInfo.pk.pqc_verify.contextLen = contextLen;
+        cryptoInfo.pk.pqc_verify.preHashType = preHashType;
+        cryptoInfo.pk.pqc_verify.res = res;
+        cryptoInfo.pk.pqc_verify.key = key;
+        cryptoInfo.pk.pqc_verify.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
+    const byte* pubKey, word32 pubKeySz)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    int devId = INVALID_DEVID;
+    CryptoCb* dev;
+
+    if (key == NULL)
+        return ret;
+
+    /* get devId */
+    devId = wc_CryptoCb_PqcSigGetDevId(type, key);
+    if (devId == INVALID_DEVID)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_PK);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY;
+        cryptoInfo.pk.pqc_sig_check.key = key;
+        cryptoInfo.pk.pqc_sig_check.pubKey = pubKey;
+        cryptoInfo.pk.pqc_sig_check.pubKeySz = pubKeySz;
+        cryptoInfo.pk.pqc_sig_check.type = type;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* HAVE_FALCON || HAVE_DILITHIUM */
+
 #ifndef NO_AES
 #ifdef HAVE_AESGCM
 int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
@@ -793,7 +1164,7 @@ int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
                                byte* authTag, word32 authTagSz,
                                const byte* authIn, word32 authInSz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -834,7 +1205,7 @@ int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out,
                                const byte* authTag, word32 authTagSz,
                                const byte* authIn, word32 authInSz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -877,7 +1248,7 @@ int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out,
                                byte* authTag, word32 authTagSz,
                                const byte* authIn, word32 authInSz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -918,7 +1289,7 @@ int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out,
                                const byte* authTag, word32 authTagSz,
                                const byte* authIn, word32 authInSz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -958,7 +1329,7 @@ int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out,
 int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -990,7 +1361,7 @@ int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
 int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1023,7 +1394,7 @@ int wc_CryptoCb_AesCbcDecrypt(Aes* aes, byte* out,
 int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1056,7 +1427,7 @@ int wc_CryptoCb_AesCtrEncrypt(Aes* aes, byte* out,
 int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1088,7 +1459,7 @@ int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out,
 int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1123,7 +1494,7 @@ int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
 int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1155,7 +1526,7 @@ int wc_CryptoCb_Des3Encrypt(Des3* des3, byte* out,
 int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out,
                                const byte* in, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1189,7 +1560,7 @@ int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out,
 int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
     word32 inSz, byte* digest)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1222,7 +1593,7 @@ int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
 int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
     word32 inSz, byte* digest)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1255,7 +1626,7 @@ int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
 int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
     word32 inSz, byte* digest)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1291,7 +1662,7 @@ int wc_CryptoCb_Sha384Hash(wc_Sha384* sha384, const byte* in,
 int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
     word32 inSz, byte* digest)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1323,11 +1694,45 @@ int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
 }
 #endif /* WOLFSSL_SHA512 */
 
+#if defined(WOLFSSL_SHA3) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0))
+int wc_CryptoCb_Sha3Hash(wc_Sha3* sha3, int type, const byte* in,
+    word32 inSz, byte* digest)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+
+    /* locate registered callback */
+    if (sha3) {
+        dev = wc_CryptoCb_FindDevice(sha3->devId, WC_ALGO_TYPE_HASH);
+    }
+    else
+    {
+        /* locate first callback and try using it */
+        dev = wc_CryptoCb_FindDeviceByIndex(0);
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_HASH;
+        cryptoInfo.hash.type = type;
+        cryptoInfo.hash.sha3 = sha3;
+        cryptoInfo.hash.in = in;
+        cryptoInfo.hash.inSz = inSz;
+        cryptoInfo.hash.digest = digest;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* WOLFSSL_SHA3 && (!HAVE_FIPS || FIPS_VERSION_GE(6, 0)) */
+
 #ifndef NO_HMAC
 int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz,
     byte* digest)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     if (hmac == NULL)
@@ -1355,7 +1760,7 @@ int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz,
 #ifndef WC_NO_RNG
 int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1383,7 +1788,7 @@ int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz)
 
 int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1402,12 +1807,44 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
 #endif /* !WC_NO_RNG */
-#ifdef WOLFSSL_CMAC
+
+#ifndef NO_CERTS
+int wc_CryptoCb_GetCert(int devId, const char *label, word32 labelLen,
+                        const byte *id, word32 idLen, byte** out,
+                        word32* outSz, int *format, void *heap)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_CERT);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_CERT;
+        cryptoInfo.cert.label = label;
+        cryptoInfo.cert.labelLen = labelLen;
+        cryptoInfo.cert.id = id;
+        cryptoInfo.cert.idLen = idLen;
+        cryptoInfo.cert.heap = heap;
+        cryptoInfo.cert.certDataOut = out;
+        cryptoInfo.cert.certSz = outSz;
+        cryptoInfo.cert.certFormatOut = format;
+        cryptoInfo.cert.heap = heap;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* ifndef NO_CERTS */
+
+#if defined(WOLFSSL_CMAC)
 int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         const byte* in, word32 inSz, byte* out, word32* outSz, int type,
         void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
 
     /* locate registered callback */
@@ -1418,7 +1855,6 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         /* locate first callback and try using it */
         dev = wc_CryptoCb_FindDeviceByIndex(0);
     }
-
     if (dev && dev->cb) {
         wc_CryptoInfo cryptoInfo;
         XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@@ -1439,7 +1875,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
-#endif
+#endif /* WOLFSSL_CMAC */
 
 /* returns the default dev id for the current build */
 int wc_CryptoCb_DefaultDevID(void)
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index e5c3593ba..f2f2a4352 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -1,6 +1,6 @@
 /* curve25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,6 +51,22 @@
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#if defined(WOLFSSL_CURVE25519_BLINDING)
+    #if defined(CURVE25519_SMALL)
+        #error "Blinding not needed nor available for small implementation"
+    #elif defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM)
+        #error "Blinding not needed nor available for assembly implementation"
+    #endif
+#endif
+
+#if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 const curve25519_set_type curve25519_sets[] = {
     {
         CURVE25519_KEYSIZE,
@@ -135,6 +151,7 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
         XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE);
     }
 #else
+#ifndef WOLFSSL_CURVE25519_BLINDING
     fe_init();
 
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
@@ -142,10 +159,119 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
     ret = curve25519(pub, priv, (byte*)kCurve25519BasePoint);
 
     RESTORE_VECTOR_REGISTERS();
+#else
+    {
+        WC_RNG rng;
+
+        ret = wc_InitRng(&rng);
+        if (ret == 0) {
+            ret = wc_curve25519_make_pub_blind(public_size, pub, private_size,
+                priv, &rng);
+
+            wc_FreeRng(&rng);
+        }
+    }
+#endif /* !WOLFSSL_CURVE25519_BLINDING */
+#endif /* FREESCALE_LTC_ECC */
+
+    return ret;
+}
+
+#ifdef WOLFSSL_CURVE25519_BLINDING
+#ifndef FREESCALE_LTC_ECC
+#ifndef WOLFSSL_CURVE25519_BLINDING_RAND_CNT
+    #define WOLFSSL_CURVE25519_BLINDING_RAND_CNT    10
+#endif
+static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p,
+    WC_RNG* rng)
+{
+    int ret;
+    byte a[CURVE25519_KEYSIZE];
+    byte n_a[CURVE25519_KEYSIZE];
+    byte rz[CURVE25519_KEYSIZE];
+    int i;
+    int cnt;
+
+    SAVE_VECTOR_REGISTERS(return _svr_ret;);
+
+    /* Generate random z. */
+    for (cnt = 0; cnt < WOLFSSL_CURVE25519_BLINDING_RAND_CNT; cnt++) {
+        ret = wc_RNG_GenerateBlock(rng, rz, sizeof(rz));
+        if (ret < 0) {
+            return ret;
+        }
+        for (i = CURVE25519_KEYSIZE; i > 0; i--) {
+            if (rz[i] != 0xff)
+                break;
+        }
+        if ((i != 0) || (rz[0] <= 0xec)) {
+            break;
+        }
+    }
+    if (cnt == WOLFSSL_CURVE25519_BLINDING_RAND_CNT) {
+        return RNG_FAILURE_E;
+    }
+
+    /* Generate 253 random bits. */
+    ret = wc_RNG_GenerateBlock(rng, a, sizeof(a));
+    if (ret != 0)
+        return ret;
+    a[CURVE25519_KEYSIZE-1] &= 0x7f;
+    /* k' = k ^ 2k ^ a */
+    n_a[0] = n[0] ^ (n[0] << 1) ^ a[0];
+    for (i = 1; i < CURVE25519_KEYSIZE; i++) {
+        byte b1, b2, b3;
+        b1 = n[i] ^ a[i];
+        b2 = (n[i] << 1) ^ a[i];
+        b3 = (n[i-1] >> 7) ^ a[i];
+        n_a[i] = b1 ^ b2 ^ b3;
+    }
+    /* Scalar multiple blinded scalar with blinding value. */
+    ret = curve25519_blind(rp, n_a, a, p, rz);
+
+    RESTORE_VECTOR_REGISTERS();
+
+    return ret;
+}
+#endif
+
+int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
+                                 const byte* priv, WC_RNG* rng)
+{
+    int ret;
+#ifdef FREESCALE_LTC_ECC
+    const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint();
+    ECPoint wc_pub;
+#endif
+
+    if ( (public_size != CURVE25519_KEYSIZE) ||
+        (private_size != CURVE25519_KEYSIZE)) {
+        return ECC_BAD_ARG_E;
+    }
+    if ((pub == NULL) || (priv == NULL)) {
+        return ECC_BAD_ARG_E;
+    }
+
+    /* check clamping */
+    ret = curve25519_priv_clamp_check(priv);
+    if (ret != 0)
+        return ret;
+
+#ifdef FREESCALE_LTC_ECC
+    /* input basepoint on Weierstrass curve */
+    ret = nxp_ltc_curve25519(&wc_pub, priv, basepoint, kLTC_Weierstrass);
+    if (ret == 0) {
+        XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE);
+    }
+#else
+    fe_init();
+
+    ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng);
 #endif
 
     return ret;
 }
+#endif
 
 /* compute the public key from an existing private key, with supplied basepoint,
  * using bare vectors.
@@ -162,6 +288,7 @@ int wc_curve25519_generic(int public_size, byte* pub,
      * nxp_ltc_curve25519_GetBasePoint() */
     return WC_HW_E;
 #else
+#ifndef WOLFSSL_CURVE25519_BLINDING
     int ret;
 
     if ((public_size != CURVE25519_KEYSIZE) ||
@@ -186,9 +313,64 @@ int wc_curve25519_generic(int public_size, byte* pub,
     RESTORE_VECTOR_REGISTERS();
 
     return ret;
+#else
+    WC_RNG rng;
+    int ret;
+
+    ret = wc_InitRng(&rng);
+    if (ret == 0) {
+        ret = wc_curve25519_generic_blind(public_size, pub, private_size, priv,
+            basepoint_size, basepoint, &rng);
+
+        wc_FreeRng(&rng);
+    }
+
+    return ret;
+#endif
 #endif /* FREESCALE_LTC_ECC */
 }
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+/* compute the public key from an existing private key, with supplied basepoint,
+ * using bare vectors.
+ *
+ * return value is propagated from curve25519() (0 on success),
+ * and the byte vectors are little endian.
+ */
+int wc_curve25519_generic_blind(int public_size, byte* pub,
+                                int private_size, const byte* priv,
+                                int basepoint_size, const byte* basepoint,
+                                WC_RNG* rng)
+{
+#ifdef FREESCALE_LTC_ECC
+    /* unsupported with NXP LTC, only supports single basepoint with
+     * nxp_ltc_curve25519_GetBasePoint() */
+    return WC_HW_E;
+#else
+    int ret;
+
+    if ((public_size != CURVE25519_KEYSIZE) ||
+        (private_size != CURVE25519_KEYSIZE) ||
+        (basepoint_size != CURVE25519_KEYSIZE)) {
+        return ECC_BAD_ARG_E;
+    }
+    if ((pub == NULL) || (priv == NULL) || (basepoint == NULL))
+        return ECC_BAD_ARG_E;
+
+    /* check clamping */
+    ret = curve25519_priv_clamp_check(priv);
+    if (ret != 0)
+        return ret;
+
+    fe_init();
+
+    ret = curve25519_smul_blind(pub, priv, basepoint, rng);
+
+    return ret;
+#endif /* FREESCALE_LTC_ECC */
+}
+#endif
+
 /* generate a new private key, as a bare vector.
  *
  * return value is propagated from wc_RNG_GenerateBlock(() (0 on success),
@@ -230,7 +412,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
 #ifdef WOLF_CRYPTO_CB
     if (key->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Curve25519Gen(rng, keysize, key);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -242,8 +424,14 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
     ret = wc_curve25519_make_priv(rng, keysize, key->k);
     if (ret == 0) {
         key->privSet = 1;
+#ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point),
+                                           key->p.point, (int)sizeof(key->k),
+                                           key->k, rng);
+#else
         ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                      (int)sizeof(key->k), key->k);
+#endif
         key->pubSet = (ret == 0);
     }
 #endif
@@ -291,7 +479,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
     if (private_key->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Curve25519(private_key, public_key, out, outlen,
             endian);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -312,11 +500,16 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
     else
     #endif
     {
+#ifndef WOLFSSL_CURVE25519_BLINDING
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
     ret = curve25519(o.point, private_key->k, public_key->p.point);
 
     RESTORE_VECTOR_REGISTERS();
+#else
+    ret = curve25519_smul_blind(o.point, private_key->k, public_key->p.point,
+                                private_key->rng);
+#endif
     }
 #endif
 #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO
@@ -371,8 +564,14 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
 
     /* calculate public if missing */
     if (!key->pubSet) {
+#ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point),
+                                           key->p.point, (int)sizeof(key->k),
+                                           key->k, key->rng);
+#else
         ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                      (int)sizeof(key->k), key->k);
+#endif
         key->pubSet = (ret == 0);
     }
     /* export public point with endianness */
@@ -631,6 +830,9 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
     }
 
 #ifdef WOLFSSL_SE050
+#ifdef WOLFSSL_SE050_AUTO_ERASE
+    wc_se050_erase_object(key->keyId);
+#endif
     /* release NXP resources if set */
     se050_curve25519_free_key(key);
 #endif
@@ -647,6 +849,40 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
 
 #endif /* HAVE_CURVE25519_KEY_IMPORT */
 
+#ifndef WC_NO_CONSTRUCTORS
+curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code)
+{
+    int ret;
+    curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap,
+                           DYNAMIC_TYPE_CURVE25519);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_curve25519_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_CURVE25519);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) {
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_curve25519_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId)
 {
     if (key == NULL)
@@ -690,16 +926,23 @@ void wc_curve25519_free(curve25519_key* key)
     se050_curve25519_free_key(key);
 #endif
 
-    key->dp = NULL;
-    ForceZero(key->k, sizeof(key->k));
-    XMEMSET(&key->p, 0, sizeof(key->p));
-    key->pubSet = 0;
-    key->privSet = 0;
+    ForceZero(key, sizeof(*key));
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(key, sizeof(curve25519_key));
 #endif
 }
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    key->rng = rng;
+    return 0;
+}
+#endif
+
 /* get key size */
 int wc_curve25519_size(curve25519_key* key)
 {
diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c
index dd320a8cc..a3e4dc2ed 100644
--- a/wolfcrypt/src/curve448.c
+++ b/wolfcrypt/src/curve448.c
@@ -1,6 +1,6 @@
 /* curve448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index 650c33a36..255ea625d 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -1,6 +1,6 @@
 /* des3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,8 +38,8 @@
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$i")
-        #pragma const_seg(".fipsB$i")
+        #pragma code_seg(".fipsA$d")
+        #pragma const_seg(".fipsB$d")
     #endif
 #endif
 
@@ -163,8 +163,13 @@
                 STM32_HAL_TIMEOUT);
         }
         /* save off IV */
-        des->reg[0] = hcryp.Instance->IV0LR;
-        des->reg[1] = hcryp.Instance->IV0RR;
+        #ifdef WOLFSSL_STM32MP13
+            des->reg[0] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0LR;
+            des->reg[1] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0RR;
+        #else
+            des->reg[0] = hcryp.Instance->IV0LR;
+            des->reg[1] = hcryp.Instance->IV0RR;
+        #endif
     #else
         while (sz > 0) {
             /* if input and output same will overwrite input iv */
@@ -324,8 +329,13 @@
                     STM32_HAL_TIMEOUT);
             }
             /* save off IV */
-            des->reg[0] = hcryp.Instance->IV0LR;
-            des->reg[1] = hcryp.Instance->IV0RR;
+            #ifdef WOLFSSL_STM32MP13
+                des->reg[0] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0LR;
+                des->reg[1] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0RR;
+            #else
+                des->reg[0] = hcryp.Instance->IV0LR;
+                des->reg[1] = hcryp.Instance->IV0RR;
+            #endif
         #else
             while (sz > 0) {
                 if (dir == DES_ENCRYPTION) {
@@ -1031,6 +1041,169 @@
     }
 
 
+#ifdef WOLFSSL_DES_ECB
+    /* One block, compatibility only */
+    int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+        byte temp_block[DES_BLOCK_SIZE];
+
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad cau_des_encrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_encrypt(temp_block, (byte*)des->key, out + offset);
+        #else
+            MMCAU_DES_EncryptEcb(temp_block, (byte*)des->key, out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+
+        }
+       return ret;
+
+    }
+
+    int wc_Des_EcbDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+        byte temp_block[DES_BLOCK_SIZE];
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad cau_des_decrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_decrypt(in + offset, (byte*)des->key, out + offset);
+        #else
+            MMCAU_DES_DecryptEcb(in + offset, (byte*)des->key, out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+        }
+
+        return ret;
+    }
+
+    int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+
+        byte temp_block[DES_BLOCK_SIZE];
+
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad 3ede cau_des_encrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+    #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_encrypt(temp_block,   (byte*)des->key[0], out + offset);
+            cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset);
+            cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset);
+    #else
+            MMCAU_DES_EncryptEcb(temp_block  , (byte*)des->key[0], out + offset);
+            MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[1], out + offset);
+            MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[2], out + offset);
+    #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+
+        }
+
+        return ret;
+    }
+
+    int wc_Des3_EcbDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+
+        byte temp_block[DES_BLOCK_SIZE];
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad 3ede cau_des_decrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_decrypt(in + offset,  (byte*)des->key[2], out + offset);
+            cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset);
+            cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset);
+        #else
+            MMCAU_DES_DecryptEcb(in + offset , (byte*)des->key[2], out + offset);
+            MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[1], out + offset);
+            MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[0], out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+        }
+
+        return ret;
+    }
+#endif /* WOLFSSL_DES_ECB */
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     /* PIC32MZ DES hardware requires size multiple of block size */
@@ -1602,7 +1775,7 @@
     #ifdef WOLF_CRYPTO_CB
         if (des->devId != INVALID_DEVID) {
             int ret = wc_CryptoCb_Des3Encrypt(des, out, in, sz);
-            if (ret != CRYPTOCB_UNAVAILABLE)
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
         }
@@ -1653,7 +1826,7 @@
     #ifdef WOLF_CRYPTO_CB
         if (des->devId != INVALID_DEVID) {
             int ret = wc_CryptoCb_Des3Decrypt(des, out, in, sz);
-            if (ret != CRYPTOCB_UNAVAILABLE)
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
         }
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index e638a51ce..69a71a514 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1,6 +1,6 @@
 /* dh.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,8 +35,8 @@
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$m")
-        #pragma const_seg(".fipsB$m")
+        #pragma code_seg(".fipsA$e")
+        #pragma const_seg(".fipsB$e")
     #endif
 #endif
 
@@ -55,6 +55,22 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_dh_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000004 };
+    int wolfCrypt_FIPS_DH_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
 
 /*
 Possible DH enable options:
@@ -1012,7 +1028,7 @@ static int _ffc_pairwise_consistency_test(DhKey* key,
         if (n < 5)
             return 0;
         else
-            return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
+            return (word32)((double)2.4 * XPOW((double)n, 1.0/3.0) *
                     XPOW(XLOG((double)n), 2.0/3.0) - 5);
     }
 #endif /* WOLFSSL_DH_CONST*/
@@ -1137,7 +1153,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
     }
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz);
+    wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz); /* cppcheck-suppress uninitvar */
     mp_memzero_add("GeneratePrivateDh186 tmpX", tmpX);
 #endif
     do {
@@ -1965,7 +1981,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
 
 #ifndef WOLFSSL_KCAPI_DH
 static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
-    const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
+    const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz, int ct)
 {
     int ret = 0;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -2020,19 +2036,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #ifndef WOLFSSL_SP_NO_2048
     if (mp_count_bits(&key->p) == 2048) {
         if (mp_init(y) != MP_OKAY)
-            return MP_INIT_E;
+            ret = MP_INIT_E;
 
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+        if (ret == 0) {
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
-            ret = MP_READ_E;
+            if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
+                ret = MP_READ_E;
 
-        if (ret == 0)
-            ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
+            if (ret == 0)
+                ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
 
-        mp_clear(y);
+            mp_clear(y);
 
-        RESTORE_VECTOR_REGISTERS();
+            RESTORE_VECTOR_REGISTERS();
+        }
 
         /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
         if ((ret == 0) &&
@@ -2054,19 +2072,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #ifndef WOLFSSL_SP_NO_3072
     if (mp_count_bits(&key->p) == 3072) {
         if (mp_init(y) != MP_OKAY)
-            return MP_INIT_E;
+            ret = MP_INIT_E;
 
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+        if (ret == 0) {
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
-            ret = MP_READ_E;
+            if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
+                ret = MP_READ_E;
 
-        if (ret == 0)
-            ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
+            if (ret == 0)
+                ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
 
-        mp_clear(y);
+            mp_clear(y);
 
-        RESTORE_VECTOR_REGISTERS();
+            RESTORE_VECTOR_REGISTERS();
+        }
 
         /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
         if ((ret == 0) &&
@@ -2088,19 +2108,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #ifdef WOLFSSL_SP_4096
     if (mp_count_bits(&key->p) == 4096) {
         if (mp_init(y) != MP_OKAY)
-            return MP_INIT_E;
+            ret = MP_INIT_E;
 
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+        if (ret == 0) {
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
-            ret = MP_READ_E;
+            if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
+                ret = MP_READ_E;
 
-        if (ret == 0)
-            ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
+            if (ret == 0)
+                ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
 
-        mp_clear(y);
+            mp_clear(y);
 
-        RESTORE_VECTOR_REGISTERS();
+            RESTORE_VECTOR_REGISTERS();
+        }
 
         /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
         if ((ret == 0) &&
@@ -2122,6 +2144,13 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #endif
 
 #if !defined(WOLFSSL_SP_MATH)
+    if (ct) {
+        /* for the constant-time variant, we will probably use more bits in x for
+         * the modexp than we read from the private key, and those extra bits need
+         * to be zeroed.
+         */
+        XMEMSET(x, 0, sizeof *x);
+    }
     if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(z, key->heap, DYNAMIC_TYPE_DH);
@@ -2143,8 +2172,17 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
         ret = MP_READ_E;
 
-    if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
-        ret = MP_EXPTMOD_E;
+    if (ret == 0) {
+        if (ct)
+            ret = mp_exptmod_ex(y, x,
+                                ((int)*agreeSz + DIGIT_BIT - 1) / DIGIT_BIT,
+                                &key->p, z);
+        else
+            ret = mp_exptmod(y, x, &key->p, z);
+        if (ret != MP_OKAY)
+            ret = MP_EXPTMOD_E;
+    }
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     if (ret == 0)
         mp_memzero_add("wc_DhAgree_Sync z", z);
@@ -2154,11 +2192,16 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
         ret = MP_VAL;
 
-    if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
-        ret = MP_TO_E;
-
-    if (ret == 0)
-        *agreeSz = (word32)mp_unsigned_bin_size(z);
+    if (ret == 0) {
+        if (ct) {
+            ret = mp_to_unsigned_bin_len_ct(z, agree, (int)*agreeSz);
+        }
+        else {
+            ret = mp_to_unsigned_bin(z, agree);
+            if (ret == MP_OKAY)
+                *agreeSz = (word32)mp_unsigned_bin_size(z);
+        }
+    }
 
     mp_forcezero(z);
     mp_clear(y);
@@ -2167,6 +2210,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     RESTORE_VECTOR_REGISTERS();
 
 #else
+    (void)ct;
     ret = WC_KEY_SIZE_E;
 #endif
 
@@ -2222,7 +2266,8 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
 #endif
 
     /* otherwise use software DH */
-    ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
+    ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz,
+                          0);
 
     return ret;
 }
@@ -2251,13 +2296,69 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
     else
 #endif
     {
-        ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
+        ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub,
+                              pubSz, 0);
     }
 #endif /* WOLFSSL_KCAPI_DH */
 
     return ret;
 }
 
+int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv,
+            word32 privSz, const byte* otherPub, word32 pubSz)
+{
+    int ret;
+    word32 requested_agreeSz;
+#ifndef WOLFSSL_NO_MALLOC
+    byte *agree_buffer = NULL;
+#else
+    byte agree_buffer[DH_MAX_SIZE / 8];
+#endif
+
+    if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
+                                                            otherPub == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    requested_agreeSz = *agreeSz;
+
+#ifndef WOLFSSL_NO_MALLOC
+    agree_buffer = (byte *)XMALLOC(requested_agreeSz, key->heap,
+                                   DYNAMIC_TYPE_DH);
+    if (agree_buffer == NULL)
+        return MEMORY_E;
+#endif
+
+    XMEMSET(agree_buffer, 0, requested_agreeSz);
+
+    ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub,
+                          pubSz, 1);
+
+    if (ret == 0) {
+        /* Arrange for correct fixed-length, right-justified key, even if the
+         * crypto back end doesn't support it.  This assures that the key is
+         * unconditionally agreed correctly.  With some crypto back ends,
+         * e.g. heapmath, there are no provisions for actual constant time, but
+         * with others the key computation and clamping is constant time, and
+         * the unclamping here is also constant time.
+         */
+        byte *agree_src = agree_buffer + *agreeSz - 1,
+            *agree_dst = agree + requested_agreeSz - 1;
+        while (agree_dst >= agree) {
+            word32 mask = (agree_src >= agree_buffer) - 1U;
+            agree_src += (mask & requested_agreeSz);
+            *agree_dst-- = *agree_src--;
+        }
+        *agreeSz = requested_agreeSz;
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    XFREE(agree_buffer, key->heap, DYNAMIC_TYPE_DH);
+#endif
+
+    return ret;
+}
+
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
 {
@@ -2449,10 +2550,56 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
 
     if (ret == 0 && !trusted) {
         int isPrime = 0;
-        if (rng != NULL)
-            ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
+
+        /* Short-circuit the primality check for p if it is one of the named
+         * public moduli (known primes) from RFC 7919.
+         */
+        #ifdef HAVE_FFDHE_2048
+        if ((pSz == sizeof(dh_ffdhe2048_p)) &&
+            (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0))
+        {
+            isPrime = 1;
+        }
         else
-            ret = mp_prime_is_prime(keyP, 8, &isPrime);
+        #endif
+        #ifdef HAVE_FFDHE_3072
+        if ((pSz == sizeof(dh_ffdhe3072_p)) &&
+            (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        #ifdef HAVE_FFDHE_4096
+        if ((pSz == sizeof(dh_ffdhe4096_p)) &&
+            (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        #ifdef HAVE_FFDHE_6144
+        if ((pSz == sizeof(dh_ffdhe6144_p)) &&
+            (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        #ifdef HAVE_FFDHE_8192
+        if ((pSz == sizeof(dh_ffdhe8192_p)) &&
+            (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        {
+            if (rng != NULL)
+                ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
+            else
+                ret = mp_prime_is_prime(keyP, 8, &isPrime);
+        }
 
         if (ret == 0 && isPrime == 0)
             ret = DH_CHECK_PUB_E;
@@ -2884,7 +3031,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
             primeCheckCount = 0;
     int     primeCheck = MP_NO,
             ret = 0;
+#ifdef WOLFSSL_NO_MALLOC
+    unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE];
+#else
     unsigned char *buf = NULL;
+#endif
 
 #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
     XMEMSET(tmp, 0, sizeof(tmp));
@@ -2924,13 +3075,26 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
     if (ret == 0) {
         /* modulus size in bytes */
         modSz /= WOLFSSL_BIT_SIZE;
+
+        if ((word32)modSz < groupSz) {
+            WOLFSSL_MSG("DH modSz was too small");
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    if (ret == 0) {
         bufSz = (word32)modSz - groupSz;
 
+#ifdef WOLFSSL_NO_MALLOC
+        if (bufSz > sizeof(buf))
+            ret = MEMORY_E;
+#else
         /* allocate ram */
         buf = (unsigned char *)XMALLOC(bufSz,
                                        dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (buf == NULL)
             ret = MEMORY_E;
+#endif
     }
 
     /* make a random string that will be multiplied against q */
@@ -3003,7 +3167,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 
     /* loop until p is prime */
     if (ret == 0) {
-        do {
+        for (;;) {
             if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
                 ret = PRIME_GEN_E;
 
@@ -3014,7 +3178,14 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
                 else
                     primeCheckCount++;
             }
-        } while (ret == 0 && primeCheck == MP_NO);
+
+            if (ret != 0 || primeCheck == MP_YES)
+                break;
+
+            /* linuxkm: release the kernel for a moment before iterating. */
+            RESTORE_VECTOR_REGISTERS();
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret; break;);
+        };
     }
 
     /* tmp2 += (2*loop_check_prime)
@@ -3057,11 +3228,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 
     RESTORE_VECTOR_REGISTERS();
 
-    if (buf != NULL) {
+#ifndef WOLFSSL_NO_MALLOC
+    if (buf != NULL)
+#endif
+    {
         ForceZero(buf, bufSz);
+#ifndef WOLFSSL_NO_MALLOC
         if (dh != NULL) {
             XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
+#endif
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -3118,7 +3294,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
             *pSz = pLen;
             *qSz = qLen;
             *gSz = gLen;
-            ret = LENGTH_ONLY_E;
+            ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
 
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index d50b6db37..2d623645e 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -1,6 +1,6 @@
 /* dilithium.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,7 +19,117 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* Based on ed448.c and Reworked for Dilithium by Anthony Hu. */
+/* Based on ed448.c and Reworked for Dilithium by Anthony Hu.
+ * WolfSSL implementation by Sean Parkinson.
+ */
+
+/* Possible Dilithium/ML-DSA options:
+ *
+ * HAVE_DILITHIUM                                             Default: OFF
+ *   Enables the code in this file to be compiled.
+ * WOLFSSL_WC_DILITHIUM                                       Default: OFF
+ *   Compiles the wolfSSL implementation of dilithium.
+ *
+ * WOLFSSL_NO_ML_DSA_44                                       Default: OFF
+ *   Does not compile in parameter set ML-DSA-44 and any code specific to that
+ *   parameter set.
+ * WOLFSSL_NO_ML_DSA_65                                       Default: OFF
+ *   Does not compile in parameter set ML-DSA-65 and any code specific to that
+ *   parameter set.
+ * WOLFSSL_NO_ML_DSA_87                                       Default: OFF
+ *   Does not compile in parameter set ML-DSA-87 and any code specific to that
+ *   parameter set.
+ *
+ * WOLFSSL_DILITHIUM_NO_LARGE_CODE                            Default: OFF
+ *   Compiles smaller, fast code with speed trade-off.
+ * WOLFSSL_DILITHIUM_SMALL                                    Default: OFF
+ *   Compiles to small code size with a speed trade-off.
+ * WOLFSSL_DILITHIUM_VERIFY_ONLY                              Default: OFF
+ *   Compiles in only the verification and public key operations.
+ * WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM                         Default: OFF
+ *   Compiles verification implementation that uses smaller amounts of memory.
+ * WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC                         Default: OFF
+ *   Only works with WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM.
+ *   Don't allocate memory with XMALLOC. Memory is pinned against key.
+ * WOLFSSL_DILITHIUM_ASSIGN_KEY                               Default: OFF
+ *   Key data is assigned into Dilithium key rather than copied.
+ *   Life of key data passed in is tightly coupled to life of Dilithium key.
+ *   Cannot be used when make key is enabled.
+ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM                           Default: OFF
+ *   Compiles signature implementation that uses smaller amounts of memory but
+ *   is considerably slower.
+ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC                   Default: OFF
+ *   Compiles signature implementation that uses smaller amounts of memory but
+ *   is considerably slower. Allocates vectors and decodes private key data
+ *   into them upfront.
+ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A                 Default: OFF
+ *   Compiles signature implementation that uses smaller amounts of memory but
+ *   is slower. Allocates matrix A and calculates it upfront.
+ * WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM                       Default: OFF
+ *   Compiles key generation implementation that uses smaller amounts of memory
+ *   but is slower.
+ * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64                         Default: OFF
+ *   Compiles the small memory implementations to use a 64-bit polynomial.
+ *   Uses 2KB of memory but is slightly quicker (2.75-7%).
+ *
+ * WOLFSSL_DILITHIUM_ALIGNMENT                                Default: 8
+ *   Use to indicate whether loading and storing of words needs to be aligned.
+ *   Default is to use WOLFSSL_GENERAL_ALIGNMENT - should be 4 on some ARM CPUs.
+ *   Set this value explicitly if specific Dilithium implementation alignment is
+ *   needed.
+ *
+ * WOLFSSL_DILITHIUM_NO_ASN1                                  Default: OFF
+ *   Disables any ASN.1 encoding or decoding code.
+ * WOLFSSL_DILITHIUM_REVERSE_HASH_OID                         Default: OFF
+ *   Reverse the DER encoded hash oid when signing and verifying a pre-hashed
+ *   message.
+ *
+ * WC_DILITHIUM_CACHE_MATRIX_A                                Default: OFF
+ *   Enable caching of the A matrix on import.
+ *   Less work is required in sign and verify operations.
+ * WC_DILITHIUM_CACHE_PRIV_VECTORS                            Default: OFF
+ *   Enable caching of private key vectors on import.
+ *   Enables WC_DILITHIUM_CACHE_MATRIX_A.
+ *   Less work is required in sign operations.
+ * WC_DILITHIUM_CACHE_PUB_VECTORS                             Default: OFF
+ *   Enable caching of public key vectors on import.
+ *   Enables WC_DILITHIUM_CACHE_MATRIX_A.
+ *   Less work is required in sign operations.
+ * WC_DILITHIUM_FIXED_ARRAY                                   Default: OFF
+ *   Make the matrix and vectors of cached data fixed arrays that have
+ *   maximumal sizes for the configured parameters.
+ *   Useful in low dynamic memory situations.
+ *
+ * WOLFSSL_DILITHIUM_SIGN_CHECK_Y                             Default: OFF
+ *   Check vector y is in required range as an early check on valid vector z.
+ *   Falsely reports invalid in approximately 1-2% of checks.
+ *   All valid reports are true.
+ *   Fast fail gives faster signing times on average.
+ *   DO NOT enable this if implementation must be conformant to FIPS 204.
+ * WOLFSSL_DILITHIUM_SIGN_CHECK_W0                            Default: OFF
+ *   Check vector w0 is in required range as an early check on valid vector r0.
+ *   Falsely reports invalid in approximately 3-5% of checks.
+ *   All valid reports are true.
+ *   Fast fail gives faster signing times on average.
+ *   DO NOT enable this if implementation must be conformant to FIPS 204.
+ *
+ * DILITHIUM_MUL_SLOW                                         Default: OFF
+ *   Define when multiplying by Q / 44 is slower than masking.
+ *   Only applies to ML-DSA-44.
+ * DILITHIUM_MUL_44_SLOW                                      Default: OFF
+ *   Define when multiplying by 44 is slower than by 11.
+ *   Only applies to ML-DSA-44.
+ * DILITHIUM_MUL_11_SLOW                                      Default: OFF
+ *   Define when multiplying by 11 is slower than adding and shifting.
+ *   Only applies to ML-DSA-44.
+ * DILITHIUM_MUL_QINV_SLOW                                    Default: OFF
+ *   Define when multiplying by QINV 0x3802001 is slower than add, subtract and
+ *   shift equivalent.
+ * DILITHIUM_MUL_Q_SLOW                                       Default: OFF
+ *   Define when multiplying by Q 0x7fe001 is slower than add, subtract and
+ *   shift equivalent.
+ */
+
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -28,15 +138,19 @@
 /* in case user set HAVE_PQC there */
 #include <wolfssl/wolfcrypt/settings.h>
 
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
 #include <wolfssl/wolfcrypt/asn.h>
+#endif
 
-#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+#if defined(HAVE_DILITHIUM)
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
 #endif
 
 #include <wolfssl/wolfcrypt/dilithium.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/sha3.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -45,84 +159,8193 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-/* Sign the message using the dilithium private key.
- *
- *  in          [in]      Message to sign.
- *  inLen       [in]      Length of the message in bytes.
- *  out         [in]      Buffer to write signature into.
- *  outLen      [in/out]  On in, size of buffer.
- *                        On out, the length of the signature in bytes.
- *  key         [in]      Dilithium key to use when signing
- *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
- *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
- *          0 otherwise.
+#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) && \
+        !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)
+    #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+#endif
+#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) && \
+        !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)
+    #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+    #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+        #error "PRECALC and PRECALC_A is equivalent to non small mem"
+    #endif
+#endif
+
+#ifdef WOLFSSL_WC_DILITHIUM
+
+#ifdef DEBUG_DILITHIUM
+void print_polys(const char* name, const sword32* a, int d1, int d2);
+void print_polys(const char* name, const sword32* a, int d1, int d2)
+{
+    int i;
+    int j;
+    int k;
+
+    fprintf(stderr, "%s\n", name);
+    for (i = 0; i < d1; i++) {
+        for (j = 0; j < d2; j++) {
+            for (k = 0; k < 256; k++) {
+                fprintf(stderr, "%9d,", a[(i*d2*256) + (j*256) + k]);
+                if ((k % 8) == 7) fprintf(stderr, "\n");
+            }
+            fprintf(stderr, "\n");
+        }
+    }
+}
+
+void print_data(const char* name, const byte* d, int len);
+void print_data(const char* name, const byte* d, int len)
+{
+    int i;
+
+    fprintf(stderr, "%s\n", name);
+    for (i = 0; i < len; i++) {
+        fprintf(stderr, "0x%02x,", d[i]);
+        if ((i % 16) == 15) fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "\n");
+}
+#endif
+
+#if defined(WOLFSSL_NO_ML_DSA_44) && defined(WOLFSSL_NO_ML_DSA_65) && \
+    defined(WOLFSSL_NO_ML_DSA_87)
+    #error "No Dilithium parameters chosen"
+#endif
+
+#if defined(WOLFSSL_DILITHIUM_ASSIGN_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    #error "Cannot use assign key when making keys"
+#endif
+
+
+/* Number of bytes from first block to use for sign. */
+#define DILITHIUM_SIGN_BYTES            8
+
+
+/* Length of seed in bytes when generating y. */
+#define DILITHIUM_Y_SEED_SZ             (DILITHIUM_PRIV_RAND_SEED_SZ + 2)
+
+
+/* Length of seed in bytes used in generating matrix a. */
+#define DILITHIUM_GEN_A_SEED_SZ         (DILITHIUM_PUB_SEED_SZ + 2)
+/* Length of seed in bytes used in generating vectors s1 and s2. */
+#define DILITHIUM_GEN_S_SEED_SZ         (DILITHIUM_PRIV_SEED_SZ + 2)
+
+
+/* MAX: (256 * 8 / (17 + 1)) = 576, or ((256 * 8 / (19 + 1)) = 640
+ * but need blocks of 17 * 8 bytes: 5 * 17 * 8 = 680 */
+#define DILITHIUM_MAX_V_BLOCKS          5
+/* Maximum number of bytes to generate into v to make y. */
+#define DILITHIUM_MAX_V                 (DILITHIUM_MAX_V_BLOCKS * 8 * 17)
+
+
+/* 2 blocks, each block 136 bytes = 272 bytes.
+ * ETA 2: Min req is 128 but reject rate is 2 in 16 so we need 146.3 on average.
+ * ETA 4: Min req is 128 but reject rate is 7 in 16 so we need 227.6 on average.
  */
-int wc_dilithium_sign_msg(const byte* in, word32 inLen,
-                          byte* out, word32 *outLen,
-                          dilithium_key* key)
+#define DILITHIUM_GEN_S_NBLOCKS         2
+/* Number of bytes to generate with SHAKE-256 when generating s1 and s2. */
+#define DILITHIUM_GEN_S_BYTES           \
+    (DILITHIUM_GEN_S_NBLOCKS * WC_SHA3_256_COUNT * 8)
+/* Number of bytes to a block of SHAKE-256 when generating s1 and s2. */
+#define DILITHIUM_GEN_S_BLOCK_BYTES    (WC_SHA3_256_COUNT * 8)
+
+/* Length of the hash OID to include in pre-hash message. */
+#define DILITHIUM_HASH_OID_LEN         11
+
+
+/* The ML-DSA parameters sets. */
+static const wc_dilithium_params dilithium_params[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+    { WC_ML_DSA_44, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L,
+      PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS,
+      PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA,
+      PARAMS_ML_DSA_44_LAMBDA,
+      PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2,
+      PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE,
+      PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE,
+      PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE,
+      PARAMS_ML_DSA_44_Z_ENC_SIZE,
+      PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    { WC_ML_DSA_65, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L,
+      PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS,
+      PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA,
+      PARAMS_ML_DSA_65_LAMBDA,
+      PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2,
+      PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE,
+      PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE,
+      PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE,
+      PARAMS_ML_DSA_65_Z_ENC_SIZE,
+      PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    { WC_ML_DSA_87, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L,
+      PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS,
+      PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA,
+      PARAMS_ML_DSA_87_LAMBDA,
+      PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2,
+      PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE,
+      PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE,
+      PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE,
+      PARAMS_ML_DSA_87_Z_ENC_SIZE,
+      PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE },
+#endif
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+#ifndef WOLFSSL_NO_ML_DSA_44
+    { WC_ML_DSA_44_DRAFT, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L,
+      PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS,
+      PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA,
+      PARAMS_ML_DSA_44_LAMBDA,
+      PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2,
+      PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE,
+      PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE,
+      PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE,
+      PARAMS_ML_DSA_44_Z_ENC_SIZE,
+      PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    { WC_ML_DSA_65_DRAFT, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L,
+      PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS,
+      PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA,
+      PARAMS_ML_DSA_65_LAMBDA,
+      PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2,
+      PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE,
+      PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE,
+      PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE,
+      PARAMS_ML_DSA_65_Z_ENC_SIZE,
+      PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    { WC_ML_DSA_87_DRAFT, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L,
+      PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS,
+      PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA,
+      PARAMS_ML_DSA_87_LAMBDA,
+      PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2,
+      PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE,
+      PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE,
+      PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE,
+      PARAMS_ML_DSA_87_Z_ENC_SIZE,
+      PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE },
+#endif
+#endif
+};
+/* Number of ML-DSA parameter sets compiled in. */
+#define DILITHIUM_PARAMS_CNT \
+    ((unsigned int)(sizeof(dilithium_params) / sizeof(wc_dilithium_params)))
+
+/* Get the ML-DSA parameters that match the level.
+ *
+ * @param [in]  level   Level required.
+ * @param [out] params  Parameter set.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when parameters at level are not compiled in.
+ */
+static int dilithium_get_params(int level, const wc_dilithium_params** params)
+{
+    unsigned int i;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+
+    for (i = 0; i < DILITHIUM_PARAMS_CNT; i++) {
+        if (dilithium_params[i].level == level) {
+            *params = &dilithium_params[i];
+            ret = 0;
+        }
+    }
+
+    return ret;
+}
+
+/******************************************************************************
+ * Hash operations
+ ******************************************************************************/
+
+/* 256-bit hash using SHAKE-256.
+ *
+ * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d)
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      data      Buffer holding data to hash.
+ * @param [in]      dataLen   Length of data to hash in bytes.
+ * @param [out]     hash      Buffer to hold hash result.
+ * @param [in]      hashLen   Number of bytes of hash to return.
+ * @return  0 on success.
+ * @return  Negative on error.
+ */
+static int dilithium_shake256(wc_Shake* shake256, const byte* data,
+    word32 dataLen, byte* hash, word32 hashLen)
+{
+    int ret;
+
+    /* Initialize SHAKE-256 operation. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Update with data. */
+        ret = wc_Shake256_Update(shake256, data, dataLen);
+    }
+    if (ret == 0) {
+        /* Compute hash of data. */
+        ret = wc_Shake256_Final(shake256, hash, hashLen);
+    }
+
+    return ret;
+}
+
+/* 256-bit hash using SHAKE-256.
+ *
+ * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d)
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      data1     First block of data to hash.
+ * @param [in]      data1Len  Length of first block in bytes.
+ * @param [in]      data2     Second block of data to hash.
+ * @param [in]      data2Len  Length of second block in bytes.
+ * @param [out]     hash      Buffer to hold hash result.
+ * @param [in]      hashLen   Number of bytes of hash to return.
+ * @return  0 on success.
+ * @return  Negative on error.
+ */
+static int dilithium_hash256(wc_Shake* shake256, const byte* data1,
+    word32 data1Len, const byte* data2, word32 data2Len, byte* hash,
+    word32 hashLen)
+{
+    int ret;
+
+    /* Initialize SHAKE-256 operation. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Update with first data. */
+        ret = wc_Shake256_Update(shake256, data1, data1Len);
+    }
+    if (ret == 0) {
+        /* Update with second data. */
+        ret = wc_Shake256_Update(shake256, data2, data2Len);
+    }
+    if (ret == 0) {
+        /* Compute hash of data. */
+        ret = wc_Shake256_Final(shake256, hash, hashLen);
+    }
+
+    return ret;
+}
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+/* 256-bit hash of context and message using SHAKE-256.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                         ctx) || M
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.Sign_internal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64))
+ *   ...
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      tr        Public key hash.
+ * @param [in]      trLen     Length of public key hash in bytes.
+ * @param [in]      preHash   0 when message was not hashed,
+ *                            1 when message was hashed.
+ * @param [in]      ctx       Context of signature.
+ * @param [in]      ctxLen    Length of context of signature in bytes.
+ * @param [in]      ctx       Message to sign.
+ * @param [in]      ctxLen    Length of message to sign in bytes.
+ * @param [out]     hash      Buffer to hold hash result.
+ * @param [in]      hashLen   Number of bytes of hash to return.
+ * @return  0 on success.
+ * @return  Negative on error.
+ */
+static int dilithium_hash256_ctx_msg(wc_Shake* shake256, const byte* tr,
+    byte trLen, byte preHash, const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* hash, word32 hashLen)
+{
+    int ret;
+    byte prefix[2];
+
+    prefix[0] = preHash;
+    prefix[1] = ctxLen;
+
+    /* Initialize SHAKE-256 operation. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Update with public key hash. */
+        ret = wc_Shake256_Update(shake256, tr, trLen);
+    }
+    if (ret == 0) {
+        /* Update with context prefix - 0 | ctxLen. */
+        ret = wc_Shake256_Update(shake256, prefix, (word32)sizeof(prefix));
+    }
+    if (ret == 0) {
+        /* Update with context. */
+        ret = wc_Shake256_Update(shake256, ctx, ctxLen);
+    }
+    if (ret == 0) {
+        /* Update with message. */
+        ret = wc_Shake256_Update(shake256, msg, msgLen);
+    }
+    if (ret == 0) {
+        /* Compute hash of data. */
+        ret = wc_Shake256_Final(shake256, hash, hashLen);
+    }
+
+    return ret;
+}
+
+/* Get the OID for the digest hash.
+ *
+ * @param [in]  hash         Hash algorithm.
+ * @param [out] oidBuffer   Buffer to hold OID.
+ * @param [out] oidLen      Length of OID in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG if hash algorithm not known.
+ */
+static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
-    size_t localOutLen = 0;
+    const byte* oid;
 
-    /* sanity check on arguments */
-    if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) {
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
+    oid = OidFromId(wc_HashGetOID((enum wc_HashType)hash), oidHashType, oidLen);
+    if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN - 2)) {
+#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+        oidBuffer[0] = 0x06;   /* ObjectID */
+        oidBuffer[1] = *oidLen;   /* ObjectID */
+        oidBuffer += 2;
+        XMEMCPY(oidBuffer, oid, *oidLen);
+#else
+        int i;
+        for (i = (int)*oidLen - 1; i >= 0; i--) {
+            *(oidBuffer++) = oid[i];
+        }
+        *(oidBuffer++) = *oidLen;   /* ObjectID */
+        * oidBuffer    = 0x06;   /* ObjectID */
+#endif
+        *oidLen += 2;
+     }
+     else {
         ret = BAD_FUNC_ARG;
     }
 
-    if ((ret == 0) && (!key->prvKeySet)) {
+#else
+
+    *oidLen = DILITHIUM_HASH_OID_LEN;
+#ifndef NO_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+        static byte sha256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
+        };
+        oid = sha256Oid;
+    }
+    else
+#endif
+#ifdef WOLFSSL_SHA384
+    if (hash == WC_HASH_TYPE_SHA384) {
+        static byte sha384Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
+        };
+        oid = sha384Oid;
+    }
+    else
+#endif
+#ifdef WOLFSSL_SHA512
+    if (hash == WC_HASH_TYPE_SHA512) {
+        static byte sha512Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
+        };
+        oid = sha512Oid;
+    }
+    else
+#ifndef WOLFSSL_NOSHA512_256
+    if (hash == WC_HASH_TYPE_SHA512_256) {
+        static byte sha512_256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06
+        };
+        oid = sha512_256Oid;
+    }
+    else
+#endif
+#endif
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+        static byte shake128Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0B
+        };
+        oid = shake128Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHAKE256) {
+        static byte shake256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0C
+        };
+        oid = shake256Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_256) {
+        static byte sha3_256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08
+        };
+        oid = sha3_256Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_384) {
+        static byte sha3_384Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09
+        };
+        oid = sha3_384Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_512) {
+        static byte sha3_512Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A
+        };
+        oid = sha3_512Oid;
+    }
+    else {
+        oid = NULL;
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN)) {
+#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+        XMEMCPY(oidBuffer, oid, *oidLen);
+#else
+        int i;
+        for (i = (int)*oidLen - 1; i >= 0; i--) {
+            *(oidBuffer++) = oid[i];
+        }
+#endif
+    }
+#endif
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_SMALL
+/* 128-bit hash using SHAKE-128.
+ *
+ * FIPS 204. 8.3: H128(v,d) <- SHAKE128(v,d)
+ *
+ * @param [in, out] shake128  SHAKE-128 object.
+ * @param [in]      in        Block of data to hash.
+ * @param [in]      inLen     Length of data in bytes.
+ * @param [out]     out       Buffer to hold hash result.
+ * @param [in]      outLen    Number of hash blocks to return.
+ * @return  0 on success.
+ * @return  Negative on error.
+ */
+static int dilithium_squeeze128(wc_Shake* shake128, const byte* in,
+    word32 inLen, byte* out, word32 outBlocks)
+{
+    int ret;
+
+    /* Initialize SHAKE-128 operation. */
+    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Absorb data - update plus final. */
+        ret = wc_Shake128_Absorb(shake128, in, inLen);
+    }
+    if (ret == 0) {
+        /* Squeeze out hash data. */
+        ret = wc_Shake128_SqueezeBlocks(shake128, out, outBlocks);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_SMALL */
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+    (!defined(WOLFSSL_DILITHIUM_SMALL) && \
+     !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY))
+/* 256-bit hash using SHAKE-256.
+ *
+ * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d)
+ * Using SqueezeBlocks interface to get larger amounts of output.
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      in        Block of data to hash.
+ * @param [in]      inLen     Length of data in bytes.
+ * @param [out]     out       Buffer to hold hash result.
+ * @param [in]      outLen    Number of hash blocks to return.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_squeeze256(wc_Shake* shake256, const byte* in,
+    word32 inLen, byte* out, word32 outBlocks)
+{
+    int ret;
+
+    /* Initialize SHAKE-256 operation. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Absorb data - update plus final. */
+        ret = wc_Shake256_Absorb(shake256, in, inLen);
+    }
+    if (ret == 0) {
+        /* Squeeze out hash data. */
+        ret = wc_Shake256_SqueezeBlocks(shake256, out, outBlocks);
+    }
+
+    return ret;
+}
+#endif
+
+/******************************************************************************
+ * Encode/Decode operations
+ ******************************************************************************/
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+/* Encode vector of polynomials with range -ETA..ETA.
+ *
+ * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s1, s2, t0)
+ *   ...
+ *   2: for i from 0 to l - 1 do
+ *   3:     sk <- sk || BitPack(s1[i], eta, eta)
+ *   4: end for
+ *   ...
+ *   OR
+ *   ...
+ *   5: for i from 0 to k - 1 do
+ *   6:     sk <- sk || BitPack(s2[i], eta, eta)
+ *   7: end for
+ *   ...
+ *
+ * FIPS 204. 8.2: Algorithm 11 BitPack(w, a, b)
+ *   1: z <- ()
+ *   2: for i from 0 to 255 do
+ *   3:     z <- z||IntegerToBits(b - wi, bitlen(a + b))
+ *   4: end for
+ *   5: return BitsToBytes(z)
+ *
+ *   IntegerToBits makes bit array with width specified from integer.
+ *   BitToBytes make a byte array from a bit array.
+ *
+ * @param [in]  s    Vector of polynomials to encode.
+ * @param [in]  d    Dimension of vector.
+ * @param [in]  eta  Range specifier of each value.
+ * @param [out] p    Buffer to encode into.
+ */
+static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta,
+    byte* p)
+{
+    unsigned int i;
+    unsigned int j;
+
+#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87)
+    /* -2..2 */
+    if (eta == DILITHIUM_ETA_2) {
+        /* Setp 2 or 5: For each polynomial of vector. */
+        for (i = 0; i < d; i++) {
+            /* Step 3 or 6.
+             * 3 bits to encode each number.
+             * 8 numbers become 3 bytes. (8 * 3 bits = 3 * 8 bits) */
+            for (j = 0; j < DILITHIUM_N; j += 8) {
+                /* Make value a positive integer. */
+                byte s0 = 2 - s[j + 0];
+                byte s1 = 2 - s[j + 1];
+                byte s2 = 2 - s[j + 2];
+                byte s3 = 2 - s[j + 3];
+                byte s4 = 2 - s[j + 4];
+                byte s5 = 2 - s[j + 5];
+                byte s6 = 2 - s[j + 6];
+                byte s7 = 2 - s[j + 7];
+
+                /* Pack 8 3-bit values into 3 bytes. */
+                p[0] = (s0 >> 0) | (s1 << 3) | (s2 << 6);
+                p[1] = (s2 >> 2) | (s3 << 1) | (s4 << 4) | (s5 << 7);
+                p[2] = (s5 >> 1) | (s6 << 2) | (s7 << 5);
+                /* Move to next place to encode into. */
+                p += DILITHIUM_ETA_2_BITS;
+            }
+            /* Next polynomial. */
+            s += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    /* -4..4 */
+    if (eta == DILITHIUM_ETA_4) {
+        for (i = 0; i < d; i++) {
+        #ifdef WOLFSSL_DILITHIUM_SMALL
+            /* Step 3 or 6.
+             * 4 bits to encode each number.
+             * 2 numbers become 1 bytes. (2 * 4 bits = 1 * 8 bits) */
+            for (j = 0; j < DILITHIUM_N / 2; j++) {
+                /* Make values positive and pack 2 4-bit values into 1 byte. */
+                p[j] = (((byte)(4 - s[j * 2 + 0])) << 0) |
+                       (((byte)(4 - s[j * 2 + 1])) << 4);
+            }
+        #else
+            /* Step 3 or 6.
+             * 4 bits to encode each number.
+             * 8 numbers become 4 bytes. (8 * 4 bits = 4 * 8 bits) */
+            for (j = 0; j < DILITHIUM_N / 2; j += 4) {
+                /* Make values positive and pack 2 4-bit values into 1 byte. */
+                p[j + 0] = (((byte)(4 - s[j * 2 + 0])) << 0) |
+                           (((byte)(4 - s[j * 2 + 1])) << 4);
+                p[j + 1] = (((byte)(4 - s[j * 2 + 2])) << 0) |
+                           (((byte)(4 - s[j * 2 + 3])) << 4);
+                p[j + 2] = (((byte)(4 - s[j * 2 + 4])) << 0) |
+                           (((byte)(4 - s[j * 2 + 5])) << 4);
+                p[j + 3] = (((byte)(4 - s[j * 2 + 6])) << 0) |
+                           (((byte)(4 - s[j * 2 + 7])) << 4);
+            }
+        #endif
+            /* Move to next place to encode into. */
+            p += DILITHIUM_N / 2;
+            /* Next polynomial. */
+            s += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+    {
+    }
+}
+#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+
+#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Decode polynomial with range -2..2.
+ *
+ * FIPS 204. 8.2: Algorithm 19 skDecode(sk)
+ *   ...
+ *   5: for i from 0 to l - 1 do
+ *   6:     s1[i] <- BitUnpack(yi, eta, eta)
+ *   7: end for
+ *   ...
+ *   OR
+ *   ...
+ *   8: for i from 0 to k - 1 do
+ *   9:     s2[i] <- BitUnpack(zi, eta, eta)
+ *  10: end for
+ *   ...
+ *  Where y and z are arrays of bit arrays.
+ *
+ * @param [in]  p    Buffer of data to decode.
+ * @param [in]  s    Vector of decoded polynomials.
+ */
+static void dilithium_decode_eta_2_bits(const byte* p, sword32* s)
+{
+    unsigned int j;
+
+    /* Step 6 or 9.
+     * 3 bits to encode each number.
+     * 8 numbers from 3 bytes. (8 * 3 bits = 3 * 8 bits) */
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        /* Get 3 bits and put in range of -2..2. */
+        s[j + 0] = 2 - ((p[0] >> 0) & 0x7                      );
+        s[j + 1] = 2 - ((p[0] >> 3) & 0x7                      );
+        s[j + 2] = 2 - ((p[0] >> 6)       | ((p[1] << 2) & 0x7));
+        s[j + 3] = 2 - ((p[1] >> 1) & 0x7                      );
+        s[j + 4] = 2 - ((p[1] >> 4) & 0x7                      );
+        s[j + 5] = 2 - ((p[1] >> 7)       | ((p[2] << 1) & 0x7));
+        s[j + 6] = 2 - ((p[2] >> 2) & 0x7                      );
+        s[j + 7] = 2 - ((p[2] >> 5) & 0x7                      );
+        /* Move to next place to decode from. */
+        p += DILITHIUM_ETA_2_BITS;
+    }
+}
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+/* Decode polynomial with range -4..4.
+ *
+ * FIPS 204. 8.2: Algorithm 19 skDecode(sk)
+ *   ...
+ *   5: for i from 0 to l - 1 do
+ *   6:     s1[i] <- BitUnpack(yi, eta, eta)
+ *   7: end for
+ *   ...
+ *   OR
+ *   ...
+ *   8: for i from 0 to k - 1 do
+ *   9:     s2[i] <- BitUnpack(zi, eta, eta)
+ *  10: end for
+ *   ...
+ *  Where y and z are arrays of bit arrays.
+ *
+ * @param [in]  p    Buffer of data to decode.
+ * @param [in]  s    Vector of decoded polynomials.
+ */
+static void dilithium_decode_eta_4_bits(const byte* p, sword32* s)
+{
+    unsigned int j;
+
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    /* Step 6 or 9.
+     * 4 bits to encode each number.
+     * 2 numbers from 1 bytes. (2 * 4 bits = 1 * 8 bits) */
+    for (j = 0; j < DILITHIUM_N / 2; j++) {
+        /* Get 4 bits and put in range of -4..4. */
+        s[j * 2 + 0] = 4 - (p[j] & 0xf);
+        s[j * 2 + 1] = 4 - (p[j] >> 4);
+    }
+#else
+    /* Step 6 or 9.
+     * 4 bits to encode each number.
+     * 8 numbers from 4 bytes. (8 * 4 bits = 4 * 8 bits) */
+    for (j = 0; j < DILITHIUM_N / 2; j += 4) {
+        /* Get 4 bits and put in range of -4..4. */
+        s[j * 2 + 0] = 4 - (p[j + 0] & 0xf);
+        s[j * 2 + 1] = 4 - (p[j + 0] >> 4);
+        s[j * 2 + 2] = 4 - (p[j + 1] & 0xf);
+        s[j * 2 + 3] = 4 - (p[j + 1] >> 4);
+        s[j * 2 + 4] = 4 - (p[j + 2] & 0xf);
+        s[j * 2 + 5] = 4 - (p[j + 2] >> 4);
+        s[j * 2 + 6] = 4 - (p[j + 3] & 0xf);
+        s[j * 2 + 7] = 4 - (p[j + 3] >> 4);
+    }
+#endif /* WOLFSSL_DILITHIUM_SMALL */
+}
+#endif
+
+#if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
+      !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)))
+/* Decode vector of polynomials with range -ETA..ETA.
+ *
+ * FIPS 204. 8.2: Algorithm 19 skDecode(sk)
+ *   ...
+ *   5: for i from 0 to l - 1 do
+ *   6:     s1[i] <- BitUnpack(yi, eta, eta)
+ *   7: end for
+ *   ...
+ *   OR
+ *   ...
+ *   8: for i from 0 to k - 1 do
+ *   9:     s2[i] <- BitUnpack(zi, eta, eta)
+ *  10: end for
+ *   ...
+ *  Where y and z are arrays of bit arrays.
+ *
+ * @param [in]  p    Buffer of data to decode.
+ * @param [in]  eta  Range specifier of each value.
+ * @param [in]  s    Vector of decoded polynomials.
+ * @param [in]  d    Dimension of vector.
+ */
+static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s,
+    byte d)
+{
+    unsigned int i;
+
+#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87)
+    /* -2..2 */
+    if (eta == DILITHIUM_ETA_2) {
+        /* Step 5 or 8: For each polynomial of vector */
+        for (i = 0; i < d; i++) {
+            dilithium_decode_eta_2_bits(p, s);
+            /* Move to next place to decode from. */
+            p += DILITHIUM_ETA_2_BITS * DILITHIUM_N / 8;
+            /* Next polynomial. */
+            s += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    /* -4..4 */
+    if (eta == DILITHIUM_ETA_4) {
+        /* Step 5 or 8: For each polynomial of vector */
+        for (i = 0; i < d; i++) {
+            dilithium_decode_eta_4_bits(p, s);
+            /* Move to next place to decode from. */
+            p += DILITHIUM_N / 2;
+            /* Next polynomial. */
+            s += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+    {
+    }
+}
+#endif
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN || WOLFSSL_DILITHIUM_CHECK_KEY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+/* Encode t into t0 and t1.
+ *
+ * FIPS 204. 8.4: Algorithm 29 Power2Round(r)
+ *   1: r+ <- r mod q
+ *   2: r0 <- r+ mod +/- 2^d
+ *   3: return ((r+ - r0) / 2^d, r0)
+ *
+ * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s1, s2, t0)
+ *   ...
+ *   8: for i form 0 to k - 1 do
+ *   9:     sk <- sk || BitPack(t0[i], s^(d-1) - 1, 2^(d-1))
+ *  10: end for
+ *
+ * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1)
+ *   ...
+ *   2: for i from 0 to k - 1 do
+ *   3:     pk <- pk || SimpleBitPack(t1[i], 2^bitlen(q-1) - d - 1)
+ *   4: end for
+ *
+ * @param [in]  t    Vector of polynomials.
+ * @param [in]  d    Dimension of vector.
+ * @param [out] t0   Buffer to encode bottom part of value of t into.
+ * @param [out] t1   Buffer to encode top part of value of t into.
+ */
+static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1)
+{
+    unsigned int i;
+    unsigned int j;
+
+    /* Alg 24, Step 8 and Alg 22, Step 2. For each polynomial of vector. */
+    for (i = 0; i < d; i++) {
+        /* Alg 24, Step 9 and Alg 22, Step 3.
+         * Do all polynomial values - 8 at a time. */
+        for (j = 0; j < DILITHIUM_N; j += 8) {
+            /* Take 8 values of t and take top bits and make positive. */
+            word16 n1_0 = (t[j + 0] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_1 = (t[j + 1] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_2 = (t[j + 2] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_3 = (t[j + 3] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_4 = (t[j + 4] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_5 = (t[j + 5] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_6 = (t[j + 6] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            word16 n1_7 = (t[j + 7] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D;
+            /* Take 8 values of t and take bottom bits and make positive. */
+            word16 n0_0 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 0] - (n1_0 << DILITHIUM_D));
+            word16 n0_1 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 1] - (n1_1 << DILITHIUM_D));
+            word16 n0_2 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 2] - (n1_2 << DILITHIUM_D));
+            word16 n0_3 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 3] - (n1_3 << DILITHIUM_D));
+            word16 n0_4 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 4] - (n1_4 << DILITHIUM_D));
+            word16 n0_5 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 5] - (n1_5 << DILITHIUM_D));
+            word16 n0_6 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 6] - (n1_6 << DILITHIUM_D));
+            word16 n0_7 = DILITHIUM_D_MAX_HALF -
+                          (t[j + 7] - (n1_7 << DILITHIUM_D));
+
+            /* 13 bits per number.
+             * 8 numbers become 13 bytes. (8 * 13 bits = 13 * 8 bits) */
+        #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2)
+            word32* tp;
+        #endif
+        #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+            tp = (word32*)t0;
+            tp[0] =  (n0_0      ) | ((word32)n0_1 << 13) | ((word32)n0_2 << 26);
+            tp[1] =  (n0_2 >>  6) | ((word32)n0_3 <<  7) | ((word32)n0_4 << 20);
+            tp[2] =  (n0_4 >> 12) | ((word32)n0_5 <<  1) |
+                                    ((word32)n0_6 << 14) | ((word32)n0_7 << 27);
+        #else
+            t0[ 0] =                (n0_0 <<  0);
+            t0[ 1] = (n0_0 >>  8) | (n0_1 <<  5);
+            t0[ 2] = (n0_1 >>  3)               ;
+            t0[ 3] = (n0_1 >> 11) | (n0_2 <<  2);
+            t0[ 4] = (n0_2 >>  6) | (n0_3 <<  7);
+            t0[ 5] = (n0_3 >>  1)               ;
+            t0[ 6] = (n0_3 >>  9) | (n0_4 <<  4);
+            t0[ 7] = (n0_4 >>  4)               ;
+            t0[ 8] = (n0_4 >> 12) | (n0_5 <<  1);
+            t0[ 9] = (n0_5 >>  7) | (n0_6 <<  6);
+            t0[10] = (n0_6 >>  2)               ;
+            t0[11] = (n0_6 >> 10) | (n0_7 <<  3);
+        #endif
+            t0[12] = (n0_7 >>  5)               ;
+
+            /* 10 bits per number.
+             * 8 bytes become 10 bytes. (8 * 10 bits = 10 * 8 bits) */
+        #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2)
+            tp = (word32*)t1;
+            tp[0] =  (n1_0      ) | ((word32)n1_1 << 10) |
+                     ((word32)n1_2 << 20) | ((word32)n1_3 << 30);
+            tp[1] =  (n1_3 >>  2) | ((word32)n1_4 <<  8) |
+                     ((word32)n1_5 << 18) | ((word32)n1_6 << 28);
+        #else
+            t1[0] =                (n1_0 << 0);
+            t1[1] = (n1_0 >> 8) |  (n1_1 << 2);
+            t1[2] = (n1_1 >> 6) |  (n1_2 << 4);
+            t1[3] = (n1_2 >> 4) |  (n1_3 << 6);
+            t1[4] = (n1_3 >> 2)               ;
+            t1[5] =                (n1_4 << 0);
+            t1[6] = (n1_4 >> 8) |  (n1_5 << 2);
+            t1[7] = (n1_5 >> 6) |  (n1_6 << 4);
+        #endif
+            t1[8] = (n1_6 >> 4) |  (n1_7 << 6);
+            t1[9] = (n1_7 >> 2)               ;
+
+            /* Move to next place to encode bottom bits to. */
+            t0 += DILITHIUM_D;
+            /* Move to next place to encode top bits to. */
+            t1 += DILITHIUM_U;
+        }
+        /* Next polynomial. */
+        t += DILITHIUM_N;
+    }
+}
+#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+/* Decode bottom D bits of t as t0.
+ *
+ * FIPS 204. 8.2: Algorithm 19 skDecode(sk)
+ *   ...
+ *   12:     t0[i] <- BitUnpack(wi, 2^(d-1) - 1, 2^(d-1)
+ *   ...
+ *
+ * @param [in]  t0  Encoded values of t0.
+ * @param [in]  d   Dimensions of vector t0.
+ * @param [out] t   Vector of polynomials.
+ */
+static void dilithium_decode_t0(const byte* t0, sword32* t)
+{
+    unsigned int j;
+
+    /* Step 12. Get 13 bits and convert to range (2^(d-1)-1)..2^(d-1). */
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        /* 13 bits used per number.
+         * 8 numbers from 13 bytes. (8 * 13 bits = 13 * 8 bits) */
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+        word32 t32_2 = ((const word32*)t0)[2];
+    #ifdef WC_64BIT_CPU
+        word64 t64 = *(const word64*)t0;
+        t[j + 0] = DILITHIUM_D_MAX_HALF - ( t64        & 0x1fff);
+        t[j + 1] = DILITHIUM_D_MAX_HALF - ((t64 >> 13) & 0x1fff);
+        t[j + 2] = DILITHIUM_D_MAX_HALF - ((t64 >> 26) & 0x1fff);
+        t[j + 3] = DILITHIUM_D_MAX_HALF - ((t64 >> 39) & 0x1fff);
+        t[j + 4] = DILITHIUM_D_MAX_HALF -
+                   ((t64 >> 52) | ((t32_2 & 0x0001) << 12));
+    #else
+        word32 t32_0 = ((const word32*)t0)[0];
+        word32 t32_1 = ((const word32*)t0)[1];
+        t[j + 0] = DILITHIUM_D_MAX_HALF -
+                    ( t32_0        & 0x1fff);
+        t[j + 1] = DILITHIUM_D_MAX_HALF -
+                    ((t32_0 >> 13) & 0x1fff);
+        t[j + 2] = DILITHIUM_D_MAX_HALF -
+                   (( t32_0 >> 26          ) | ((t32_1 & 0x007f) <<  6));
+        t[j + 3] = DILITHIUM_D_MAX_HALF -
+                    ((t32_1 >>  7) & 0x1fff);
+        t[j + 4] = DILITHIUM_D_MAX_HALF -
+                   (( t32_1 >> 20          ) | ((t32_2 & 0x0001) << 12));
+    #endif
+        t[j + 5] = DILITHIUM_D_MAX_HALF -
+                    ((t32_2 >>  1) & 0x1fff);
+        t[j + 6] = DILITHIUM_D_MAX_HALF -
+                    ((t32_2 >> 14) & 0x1fff);
+        t[j + 7] = DILITHIUM_D_MAX_HALF -
+                   (( t32_2 >> 27          ) | ((word32)t0[12] ) <<  5 );
+#else
+        t[j + 0] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 0]     ) | (((word16)(t0[ 1] & 0x1f)) <<  8));
+        t[j + 1] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 1] >> 5) | (((word16)(t0[ 2]       )) <<  3) |
+                                    (((word16)(t0[ 3] & 0x03)) << 11));
+        t[j + 2] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 3] >> 2) | (((word16)(t0[ 4] & 0x7f)) <<  6));
+        t[j + 3] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 4] >> 7) | (((word16)(t0[ 5]       )) <<  1) |
+                                    (((word16)(t0[ 6] & 0x0f)) <<  9));
+        t[j + 4] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 6] >> 4) | (((word16)(t0[ 7]       )) <<  4) |
+                                    (((word16)(t0[ 8] & 0x01)) << 12));
+        t[j + 5] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 8] >> 1) | (((word16)(t0[ 9] & 0x3f)) <<  7));
+        t[j + 6] = DILITHIUM_D_MAX_HALF -
+                   ((t0[ 9] >> 6) | (((word16)(t0[10]       )) <<  2) |
+                                    (((word16)(t0[11] & 0x07)) << 10));
+        t[j + 7] = DILITHIUM_D_MAX_HALF -
+                   ((t0[11] >> 3) | (((word16)(t0[12]       )) <<  5));
+#endif
+        /* Move to next place to decode from. */
+        t0 += DILITHIUM_D;
+    }
+}
+
+#if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
+      !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)))
+/* Decode bottom D bits of t as t0.
+ *
+ * FIPS 204. 8.2: Algorithm 19 skDecode(sk)
+ *   ...
+ *   11: for i from 0 to k - 1 do
+ *   12:     t0[i] <- BitUnpack(wi, 2^(d-1) - 1, 2^(d-1)
+ *   13: end for
+ *   ...
+ *
+ * @param [in]  t0  Encoded values of t0.
+ * @param [in]  d   Dimensions of vector t0.
+ * @param [out] t   Vector of polynomials.
+ */
+static void dilithium_vec_decode_t0(const byte* t0, byte d, sword32* t)
+{
+    unsigned int i;
+
+    /* Step 11. For each polynomial of vector. */
+    for (i = 0; i < d; i++) {
+        dilithium_decode_t0(t0, t);
+        t0 += DILITHIUM_D * DILITHIUM_N / 8;
+        /* Next polynomial. */
+        t += DILITHIUM_N;
+    }
+}
+#endif
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN || WOLFSSL_DILITHIUM_CHECK_KEY */
+
+#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+/* Decode top bits of t as t1.
+ *
+ * FIPS 204. 8.2: Algorithm 17 pkDecode(pk)
+ *   ...
+ *   4:     t1[i] <- SimpleBitUnpack(zi, 2^(bitlen(q-1)-d) - 1)
+ *   ...
+ *
+ * @param [in]  t1  Encoded values of t1.
+ * @param [out] t   Polynomials.
+ */
+static void dilithium_decode_t1(const byte* t1, sword32* t)
+{
+    unsigned int j;
+    /* Step 4. Get 10 bits as a number. */
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        /* 10 bits used per number.
+         * 8 numbers from 10 bytes. (8 * 10 bits = 10 * 8 bits) */
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+    #ifdef WC_64BIT_CPU
+        word64 t64 = *(const word64*) t1;
+        word16 t16 = *(const word16*)(t1 + 8);
+        t[j+0] = (sword32)( ( t64                     & 0x03ff) << DILITHIUM_D);
+        t[j+1] = (sword32)( ((t64 >> 10)              & 0x03ff) << DILITHIUM_D);
+        t[j+2] = (sword32)( ((t64 >> 20)              & 0x03ff) << DILITHIUM_D);
+        t[j+3] = (sword32)( ((t64 >> 30)              & 0x03ff) << DILITHIUM_D);
+        t[j+4] = (sword32)( ((t64 >> 40)              & 0x03ff) << DILITHIUM_D);
+        t[j+5] = (sword32)( ((t64 >> 50)              & 0x03ff) << DILITHIUM_D);
+        t[j+6] = (sword32)((((t64 >> 60)| (t16 << 4)) & 0x03ff) << DILITHIUM_D);
+        t[j+7] = (sword32)( ((t16 >>  6)              & 0x03ff) << DILITHIUM_D);
+    #else
+        word32 t32 = *((const word32*)t1);
+        t[j + 0] = ( t32        & 0x03ff                         ) <<
+                   DILITHIUM_D;
+        t[j + 1] = ((t32 >> 10) & 0x03ff                         ) <<
+                   DILITHIUM_D;
+        t[j + 2] = ((t32 >> 20) & 0x03ff                         ) <<
+                   DILITHIUM_D;
+        t[j + 3] = ((t32 >> 30)          | (((word16)t1[4]) << 2)) <<
+                   DILITHIUM_D;
+        t32 = *((const word32*)(t1 + 5));
+        t[j + 4] = ( t32        & 0x03ff                         ) <<
+                   DILITHIUM_D;
+        t[j + 5] = ((t32 >> 10) & 0x03ff                         ) <<
+                   DILITHIUM_D;
+        t[j + 6] = ((t32 >> 20) & 0x03ff                         ) <<
+                   DILITHIUM_D;
+        t[j + 7] = ((t32 >> 30)          | (((word16)t1[9]) << 2)) <<
+                   DILITHIUM_D;
+    #endif
+#else
+        t[j + 0] = (sword32)((t1[0] >> 0) | (((word16)(t1[1] & 0x03)) << 8))
+                   << DILITHIUM_D;
+        t[j + 1] = (sword32)((t1[1] >> 2) | (((word16)(t1[2] & 0x0f)) << 6))
+                   << DILITHIUM_D;
+        t[j + 2] = (sword32)((t1[2] >> 4) | (((word16)(t1[3] & 0x3f)) << 4))
+                   << DILITHIUM_D;
+        t[j + 3] = (sword32)((t1[3] >> 6) | (((word16)(t1[4]       )) << 2))
+                   << DILITHIUM_D;
+        t[j + 4] = (sword32)((t1[5] >> 0) | (((word16)(t1[6] & 0x03)) << 8))
+                   << DILITHIUM_D;
+        t[j + 5] = (sword32)((t1[6] >> 2) | (((word16)(t1[7] & 0x0f)) << 6))
+                   << DILITHIUM_D;
+        t[j + 6] = (sword32)((t1[7] >> 4) | (((word16)(t1[8] & 0x3f)) << 4))
+                   << DILITHIUM_D;
+        t[j + 7] = (sword32)((t1[8] >> 6) | (((word16)(t1[9]       )) << 2))
+                   << DILITHIUM_D;
+#endif
+        /* Move to next place to decode from. */
+        t1 += DILITHIUM_U;
+    }
+}
+#endif
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+/* Decode top bits of t as t1.
+ *
+ * FIPS 204. 8.2: Algorithm 17 pkDecode(pk)
+ *   ...
+ *   3: for i from 0 to k - 1 do
+ *   4:     t1[i] <- SimpleBitUnpack(zi, 2^(bitlen(q-1)-d) - 1)
+ *   5: end for
+ *   ...
+ *
+ * @param [in]  t1  Encoded values of t1.
+ * @param [in]  d   Dimensions of vector t1.
+ * @param [out] t   Vector of polynomials.
+ */
+static void dilithium_vec_decode_t1(const byte* t1, byte d, sword32* t)
+{
+    unsigned int i;
+
+    /* Step 3. For each polynomial of vector. */
+    for (i = 0; i < d; i++) {
+        dilithium_decode_t1(t1, t);
+        /* Next polynomial. */
+        t1 += DILITHIUM_U * DILITHIUM_N / 8;
+        t += DILITHIUM_N;
+    }
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Encode z with range of -(GAMMA1-1)...GAMMA1
+ *
+ * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h)
+ *   ...
+ *   3:     sigma <- sigma || BitPack(z[i], GAMMA1 - 1, GAMMA1)
+ *   ...
+ *
+ * @param [in]  z     Polynomial to encode.
+ * @param [out] s     Buffer to encode into.
+ */
+static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s)
+{
+    unsigned int j;
+
+    /* Step 3. Get 18 bits as a number. */
+    for (j = 0; j < DILITHIUM_N; j += 4) {
+        word32 z0 = DILITHIUM_GAMMA1_17 - z[j + 0];
+        word32 z1 = DILITHIUM_GAMMA1_17 - z[j + 1];
+        word32 z2 = DILITHIUM_GAMMA1_17 - z[j + 2];
+        word32 z3 = DILITHIUM_GAMMA1_17 - z[j + 3];
+
+        /* 18 bits per number.
+         * 8 numbers become 9 bytes. (8 * 9 bits = 9 * 8 bits) */
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+    #ifdef WC_64BIT_CPU
+        word64* s64p = (word64*)s;
+        s64p[0] =           z0        | ((word64)z1 << 18) |
+                   ((word64)z2 << 36) | ((word64)z3 << 54);
+    #else
+        word32* s32p = (word32*)s;
+        s32p[0] =  z0        | (z1 << 18)             ;
+        s32p[1] = (z1 >> 14) | (z2 <<  4) | (z3 << 22);
+    #endif
+#else
+        s[0] =  z0                   ;
+        s[1] =  z0 >>  8             ;
+        s[2] = (z0 >> 16) | (z1 << 2);
+        s[3] =  z1 >>  6             ;
+        s[4] = (z1 >> 14) | (z2 << 4);
+        s[5] =  z2 >>  4             ;
+        s[6] = (z2 >> 12) | (z3 << 6);
+        s[7] =  z3 >>  2             ;
+#endif
+        s[8] =  z3 >> 10             ;
+        /* Move to next place to encode to. */
+        s += DILITHIUM_GAMMA1_17_ENC_BITS / 2;
+    }
+}
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Encode z with range of -(GAMMA1-1)...GAMMA1
+ *
+ * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h)
+ *   ...
+ *   3:     sigma <- sigma || BitPack(z[i], GAMMA1 - 1, GAMMA1)
+ *   ...
+ *
+ * @param [in]  z     Polynomial to encode.
+ * @param [out] s     Buffer to encode into.
+ */
+static void dilithium_encode_gamma1_19_bits(const sword32* z, byte* s)
+{
+    unsigned int j;
+
+    /* Step 3. Get 20 bits as a number. */
+    for (j = 0; j < DILITHIUM_N; j += 4) {
+        sword32 z0 = DILITHIUM_GAMMA1_19 - z[j + 0];
+        sword32 z1 = DILITHIUM_GAMMA1_19 - z[j + 1];
+        sword32 z2 = DILITHIUM_GAMMA1_19 - z[j + 2];
+        sword32 z3 = DILITHIUM_GAMMA1_19 - z[j + 3];
+
+        /* 20 bits per number.
+         * 4 numbers become 10 bytes. (4 * 20 bits = 10 * 8 bits) */
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2)
+        word16* s16p = (word16*)s;
+    #ifdef WC_64BIT_CPU
+        word64* s64p = (word64*)s;
+        s64p[0] =           z0        | ((word64)z1 << 20) |
+                   ((word64)z2 << 40) | ((word64)z3 << 60);
+    #else
+        word32* s32p = (word32*)s;
+        s32p[0] =  z0        | (z1 << 20)             ;
+        s32p[1] = (z1 >> 12) | (z2 <<  8) | (z3 << 28);
+    #endif
+        s16p[4] = (z3 >>  4)                          ;
+#else
+        s[0] =  z0                   ;
+        s[1] = (z0 >>  8)            ;
+        s[2] = (z0 >> 16) | (z1 << 4);
+        s[3] = (z1 >>  4)            ;
+        s[4] = (z1 >> 12)            ;
+        s[5] =  z2                   ;
+        s[6] = (z2 >>  8)            ;
+        s[7] = (z2 >> 16) | (z3 << 4);
+        s[8] = (z3 >>  4)            ;
+        s[9] = (z3 >> 12)            ;
+#endif
+        /* Move to next place to encode to. */
+        s += DILITHIUM_GAMMA1_19_ENC_BITS / 2;
+    }
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+/* Encode z with range of -(GAMMA1-1)...GAMMA1
+ *
+ * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h)
+ *   ...
+ *   2: for i form 0 to l - 1 do
+ *   3:     sigma <- sigma || BitPack(z[i], GAMMA1 - 1, GAMMA1)
+ *   4: end for
+ *   ...
+ *
+ * @param [in]  z     Vector of polynomials to encode.
+ * @param [in]  l     Dimension of vector.
+ * @param [in]  bits  Number of bits used in encoding - GAMMA1 bits.
+ * @param [out] s     Buffer to encode into.
+ */
+static void dilithium_vec_encode_gamma1(const sword32* z, byte l, int bits,
+    byte* s)
+{
+    unsigned int i;
+
+    (void)l;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (bits == DILITHIUM_GAMMA1_BITS_17) {
+        /* Step 2. For each polynomial of vector. */
+        for (i = 0; i < PARAMS_ML_DSA_44_L; i++) {
+            dilithium_encode_gamma1_17_bits(z, s);
+            /* Move to next place to encode to. */
+            s += DILITHIUM_GAMMA1_17_ENC_BITS / 2 * DILITHIUM_N / 4;
+            /* Next polynomial. */
+            z += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+    if (bits == DILITHIUM_GAMMA1_BITS_19) {
+        /* Step 2. For each polynomial of vector. */
+        for (i = 0; i < l; i++) {
+            dilithium_encode_gamma1_19_bits(z, s);
+            /* Move to next place to encode to. */
+            s += DILITHIUM_GAMMA1_19_ENC_BITS / 2 * DILITHIUM_N / 4;
+            /* Next polynomial. */
+            z += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+    {
+    }
+}
+#endif /* WOLFSSL_DILITHIUM_SIGN_SMALL_MEM */
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+/* Decode polynomial with range -(GAMMA1-1)..GAMMA1.
+ *
+ * FIPS 204. 8.2: Algorithm 21 sigDecode(sigma)
+ *   ...
+ *   4:     z[i] <- BitUnpack(xi, GAMMA1 - 1, GAMMA1)
+ *   ...
+ *
+ * @param [in]  s     Encoded values of z.
+ * @param [in]  bits  Number of bits used in encoding - GAMMA1 bits.
+ * @param [out] z     Polynomial to fill.
+ */
+static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z)
+{
+    unsigned int i;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (bits == DILITHIUM_GAMMA1_BITS_17) {
+#if defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) || defined(WOLFSSL_DILITHIUM_SMALL)
+        /* Step 4: Get 18 bits as a number. */
+        for (i = 0; i < DILITHIUM_N; i += 4) {
+            /* 18 bits per number.
+             * 4 numbers from 9 bytes. (4 * 18 bits = 9 * 8 bits) */
+    #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+        #ifdef WC_64BIT_CPU
+            word64 s64_0 = *(const word64*)(s+0);
+            z[i+0] = (word32)DILITHIUM_GAMMA1_17 -
+                             ( s64_0        & 0x3ffff                   );
+            z[i+1] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_0 >> 18) & 0x3ffff                   );
+            z[i+2] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_0 >> 36) & 0x3ffff                   );
+            z[i+3] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_0 >> 54) | (((word32)s[8])     << 10));
+        #else
+            word32 s32_0 = ((const word32*)(s+0))[0];
+            word32 s32_1 = ((const word32*)(s+0))[1];
+            z[i+0] = (word32)DILITHIUM_GAMMA1_17 -
+                             ( s32_0        & 0x3ffff                    );
+            z[i+1] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14)));
+            z[i+2] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_1 >>  4) & 0x3ffff);
+            z[i+3] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_1 >> 22) | (((word32)s[8])     << 10 ));
+        #endif
+    #else
+            z[i+0] = DILITHIUM_GAMMA1_17 -
+                     ( s[ 0]       | ((sword32)(s[ 1] << 8) |
+                      (sword32)(s[ 2] & 0x03) << 16));
+            z[i+1] = DILITHIUM_GAMMA1_17 -
+                     ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) |
+                      (sword32)(s[ 4] & 0x0f) << 14));
+            z[i+2] = DILITHIUM_GAMMA1_17 -
+                     ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) |
+                      (sword32)(s[ 6] & 0x3f) << 12));
+            z[i+3] = DILITHIUM_GAMMA1_17 -
+                     ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) |
+                      (sword32)(s[ 8]       ) << 10));
+    #endif
+            /* Move to next place to decode from. */
+            s += DILITHIUM_GAMMA1_17_ENC_BITS / 2;
+        }
+#else
+        /* Step 4: Get 18 bits as a number. */
+        for (i = 0; i < DILITHIUM_N; i += 8) {
+            /* 18 bits per number.
+             * 8 numbers from 9 bytes. (8 * 18 bits = 18 * 8 bits) */
+    #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+        #ifdef WC_64BIT_CPU
+            word64 s64_0 = *(const word64*)(s+0);
+            word64 s64_1 = *(const word64*)(s+9);
+            z[i+0] = (word32)DILITHIUM_GAMMA1_17 -
+                             ( s64_0        & 0x3ffff                   );
+            z[i+1] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_0 >> 18) & 0x3ffff                   );
+            z[i+2] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_0 >> 36) & 0x3ffff                   );
+            z[i+3] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_0 >> 54) | (((word32)s[8])     << 10));
+            z[i+4] = (word32)DILITHIUM_GAMMA1_17 -
+                             ( s64_1        & 0x3ffff                   );
+            z[i+5] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_1 >> 18) & 0x3ffff                   );
+            z[i+6] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_1 >> 36) & 0x3ffff                   );
+            z[i+7] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s64_1 >> 54) | (((word32)s[17])    << 10));
+        #else
+            word32 s32_0 = ((const word32*)(s+0))[0];
+            word32 s32_1 = ((const word32*)(s+0))[1];
+            word32 s32_2 = ((const word32*)(s+9))[0];
+            word32 s32_3 = ((const word32*)(s+9))[1];
+            z[i+0] = (word32)DILITHIUM_GAMMA1_17 -
+                             ( s32_0        & 0x3ffff                    );
+            z[i+1] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14)));
+            z[i+2] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_1 >>  4) & 0x3ffff);
+            z[i+3] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_1 >> 22) | (((word32)s[8])     << 10 ));
+            z[i+4] = (word32)DILITHIUM_GAMMA1_17 -
+                             ( s32_2        & 0x3ffff                    );
+            z[i+5] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_2 >> 18) | (((s32_3 & 0x0000f) << 14)));
+            z[i+6] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_3 >>  4) & 0x3ffff);
+            z[i+7] = (word32)DILITHIUM_GAMMA1_17 -
+                             ((s32_3 >> 22) | (((word32)s[17])    << 10 ));
+        #endif
+    #else
+            z[i+0] = DILITHIUM_GAMMA1_17 -
+                     ( s[ 0]       | ((sword32)(s[ 1] << 8) |
+                      (sword32)(s[ 2] & 0x03) << 16));
+            z[i+1] = DILITHIUM_GAMMA1_17 -
+                     ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) |
+                      (sword32)(s[ 4] & 0x0f) << 14));
+            z[i+2] = DILITHIUM_GAMMA1_17 -
+                     ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) |
+                      (sword32)(s[ 6] & 0x3f) << 12));
+            z[i+3] = DILITHIUM_GAMMA1_17 -
+                     ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) |
+                      (sword32)(s[ 8]       ) << 10));
+            z[i+4] = DILITHIUM_GAMMA1_17 -
+                     ( s[ 9]       | ((sword32)(s[10] << 8) |
+                      (sword32)(s[11] & 0x03) << 16));
+            z[i+5] = DILITHIUM_GAMMA1_17 -
+                     ((s[11] >> 2) | ((sword32)(s[12] << 6) |
+                      (sword32)(s[13] & 0x0f) << 14));
+            z[i+6] = DILITHIUM_GAMMA1_17 -
+                     ((s[13] >> 4) | ((sword32)(s[14] << 4) |
+                      (sword32)(s[15] & 0x3f) << 12));
+            z[i+7] = DILITHIUM_GAMMA1_17 -
+                     ((s[15] >> 6) | ((sword32)(s[16] << 2) |
+                      (sword32)(s[17]       ) << 10));
+    #endif
+            /* Move to next place to decode from. */
+            s += DILITHIUM_GAMMA1_17_ENC_BITS;
+        }
+#endif
+    }
+    else
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+    if (bits == DILITHIUM_GAMMA1_BITS_19) {
+#if defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE) || defined(WOLFSSL_DILITHIUM_SMALL)
+        /* Step 4: Get 20 bits as a number. */
+        for (i = 0; i < DILITHIUM_N; i += 4) {
+            /* 20 bits per number.
+             * 4 numbers from 10 bytes. (4 * 20 bits = 10 * 8 bits) */
+    #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2)
+            word16 s16_0 = ((const word16*)s)[4];
+        #ifdef WC_64BIT_CPU
+            word64 s64_0 = *(const word64*)s;
+            z[i+0] = DILITHIUM_GAMMA1_19 - (  s64_0        & 0xfffff)   ;
+            z[i+1] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 20) & 0xfffff)   ;
+            z[i+2] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 40) & 0xfffff)   ;
+            z[i+3] = DILITHIUM_GAMMA1_19 - (((s64_0 >> 60) & 0xfffff)   |
+                                            ((sword32)s16_0      <<  4));
+        #else
+            word32 s32_0 = ((const word32*)s)[0];
+            word32 s32_1 = ((const word32*)s)[1];
+            z[i+0] = DILITHIUM_GAMMA1_19 - (  s32_0       & 0xfffff);
+            z[i+1] = DILITHIUM_GAMMA1_19 - (( s32_0            >> 20) |
+                                            ((s32_1 & 0x000ff) << 12));
+            z[i+2] = DILITHIUM_GAMMA1_19 - ( (s32_1 >>  8) & 0xfffff);
+            z[i+3] = DILITHIUM_GAMMA1_19 - (( s32_1            >> 28) |
+                                            ((sword32)s16_0    <<  4));
+        #endif
+    #else
+            z[i+0] = DILITHIUM_GAMMA1_19 - ( s[0]       | ((sword32)s[1] << 8) |
+                                            ((sword32)(s[2] & 0x0f) << 16));
+            z[i+1] = DILITHIUM_GAMMA1_19 - ((s[2] >> 4) | ((sword32)s[3] << 4) |
+                                            ((sword32)(s[4]       ) << 12));
+            z[i+2] = DILITHIUM_GAMMA1_19 - ( s[5]       | ((sword32)s[6] << 8) |
+                                            ((sword32)(s[7] & 0x0f) << 16));
+            z[i+3] = DILITHIUM_GAMMA1_19 - ((s[7] >> 4) | ((sword32)s[8] << 4) |
+                                            ((sword32)(s[9]       ) << 12));
+    #endif
+            /* Move to next place to decode from. */
+            s += DILITHIUM_GAMMA1_19_ENC_BITS / 2;
+        }
+#else
+        /* Step 4: Get 20 bits as a number. */
+        for (i = 0; i < DILITHIUM_N; i += 8) {
+            /* 20 bits per number.
+             * 8 numbers from 10 bytes. (8 * 20 bits = 20 * 8 bits) */
+    #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2)
+            word16 s16_0 = ((const word16*)s)[4];
+            word16 s16_1 = ((const word16*)s)[9];
+        #ifdef WC_64BIT_CPU
+            word64 s64_0 = *(const word64*)(s+0);
+            word64 s64_1 = *(const word64*)(s+10);
+            z[i+0] = DILITHIUM_GAMMA1_19 - (  s64_0        & 0xfffff)   ;
+            z[i+1] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 20) & 0xfffff)   ;
+            z[i+2] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 40) & 0xfffff)   ;
+            z[i+3] = DILITHIUM_GAMMA1_19 - (((s64_0 >> 60) & 0xfffff)   |
+                                            ((sword32)s16_0      <<  4));
+            z[i+4] = DILITHIUM_GAMMA1_19 - (  s64_1        & 0xfffff)   ;
+            z[i+5] = DILITHIUM_GAMMA1_19 - ( (s64_1 >> 20) & 0xfffff)   ;
+            z[i+6] = DILITHIUM_GAMMA1_19 - ( (s64_1 >> 40) & 0xfffff)   ;
+            z[i+7] = DILITHIUM_GAMMA1_19 - (((s64_1 >> 60) & 0xfffff)   |
+                                            ((sword32)s16_1      <<  4));
+        #else
+            word32 s32_0 = ((const word32*)(s+ 0))[0];
+            word32 s32_1 = ((const word32*)(s+ 0))[1];
+            word32 s32_2 = ((const word32*)(s+10))[0];
+            word32 s32_3 = ((const word32*)(s+10))[1];
+            z[i+0] = DILITHIUM_GAMMA1_19 - (  s32_0       & 0xfffff);
+            z[i+1] = DILITHIUM_GAMMA1_19 - (( s32_0            >> 20) |
+                                            ((s32_1 & 0x000ff) << 12));
+            z[i+2] = DILITHIUM_GAMMA1_19 - ( (s32_1 >>  8) & 0xfffff);
+            z[i+3] = DILITHIUM_GAMMA1_19 - (( s32_1            >> 28) |
+                                            ((sword32)s16_0    <<  4));
+            z[i+4] = DILITHIUM_GAMMA1_19 - (  s32_2       & 0xfffff);
+            z[i+5] = DILITHIUM_GAMMA1_19 - (( s32_2            >> 20) |
+                                            ((s32_3 & 0x000ff) << 12));
+            z[i+6] = DILITHIUM_GAMMA1_19 - ( (s32_3 >>  8) & 0xfffff);
+            z[i+7] = DILITHIUM_GAMMA1_19 - (( s32_3            >> 28) |
+                                            ((sword32)s16_1    <<  4));
+        #endif
+    #else
+            z[i+0] = DILITHIUM_GAMMA1_19 - ( s[ 0]       |
+                                            ((sword32)s[ 1] << 8) |
+                                            ((sword32)(s[ 2] & 0x0f) << 16));
+            z[i+1] = DILITHIUM_GAMMA1_19 - ((s[ 2] >> 4) |
+                                            ((sword32) s[ 3] << 4) |
+                                            ((sword32)(s[ 4]       ) << 12));
+            z[i+2] = DILITHIUM_GAMMA1_19 - ( s[ 5]       |
+                                            ((sword32) s[ 6] << 8) |
+                                            ((sword32)(s[ 7] & 0x0f) << 16));
+            z[i+3] = DILITHIUM_GAMMA1_19 - ((s[ 7] >> 4) |
+                                            ((sword32) s[ 8] << 4) |
+                                            ((sword32)(s[ 9]       ) << 12));
+            z[i+4] = DILITHIUM_GAMMA1_19 - ( s[10]       |
+                                            ((sword32) s[11] << 8) |
+                                            ((sword32)(s[12] & 0x0f) << 16));
+            z[i+5] = DILITHIUM_GAMMA1_19 - ((s[12] >> 4) |
+                                            ((sword32) s[13] << 4) |
+                                            ((sword32)(s[14]       ) << 12));
+            z[i+6] = DILITHIUM_GAMMA1_19 - ( s[15]       |
+                                            ((sword32) s[16] << 8) |
+                                            ((sword32)(s[17] & 0x0f) << 16));
+            z[i+7] = DILITHIUM_GAMMA1_19 - ((s[17] >> 4) |
+                                            ((sword32) s[18] << 4) |
+                                            ((sword32)(s[19]       ) << 12));
+    #endif
+            /* Move to next place to decode from. */
+            s += DILITHIUM_GAMMA1_19_ENC_BITS;
+        }
+#endif
+    }
+    else
+#endif
+    {
+    }
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+/* Decode polynomial with range -(GAMMA1-1)..GAMMA1.
+ *
+ * FIPS 204. 8.2: Algorithm 21 sigDecode(sigma)
+ *   ...
+ *   3: for i from 0 to l - 1 do
+ *   4:     z[i] <- BitUnpack(xi, GAMMA1 - 1, GAMMA1)
+ *   5: end for
+ *   ...
+ *
+ * @param [in]  x  Encoded values of t0.
+ * @param [in]  l  Dimensions of vector z.
+ * @param [in]  bits  Number of bits used in encoding - GAMMA1 bits.
+ * @param [out] z  Vector of polynomials.
+ */
+static void dilithium_vec_decode_gamma1(const byte* x, byte l, int bits,
+    sword32* z)
+{
+    unsigned int i;
+
+    /* Step 3: For each polynomial of vector. */
+    for (i = 0; i < l; i++) {
+        /* Step 4: Unpack a polynomial. */
+        dilithium_decode_gamma1(x, bits, z);
+        /* Move pointers on to next polynomial. */
+        x += DILITHIUM_N / 8 * (bits + 1);
+        z += DILITHIUM_N;
+    }
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1).
+ *
+ * FIPS 204. 8.2: Algorithm 22 w1Encode(w1)
+ *   ...
+ *   3:     w1_tilde <- w1_tilde ||
+ *                      ByteToBits(SimpleBitPack(w1[i], (q-1)/(2*GAMMA2)-1))
+ *   ...
+ *
+ * @param [in]  w1      Vector of polynomials to encode.
+ * @param [in]  gamma2  Maximum value in range.
+ * @param [out] w1e     Buffer to encode into.
+ */
+static void dilithium_encode_w1_88(const sword32* w1, byte* w1e)
+{
+    unsigned int j;
+
+    /* Step 3: Encode a polynomial values 6 bits at a time. */
+    for (j = 0; j < DILITHIUM_N; j += 16) {
+        /* 6 bits per number.
+         * 16 numbers in 12 bytes. (16 * 6 bits = 12 * 8 bits) */
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 4)
+        word32* w1e32 = (word32*)w1e;
+        w1e32[0] =  w1[j+ 0]        | (w1[j+ 1] <<  6) |
+                   (w1[j+ 2] << 12) | (w1[j+ 3] << 18) |
+                   (w1[j+ 4] << 24) | (w1[j+ 5] << 30);
+        w1e32[1] = (w1[j+ 5] >>  2) | (w1[j+ 6] <<  4) |
+                   (w1[j+ 7] << 10) | (w1[j+ 8] << 16) |
+                   (w1[j+ 9] << 22) | (w1[j+10] << 28);
+        w1e32[2] = (w1[j+10] >>  4) | (w1[j+11] <<  2) |
+                   (w1[j+12] <<  8) | (w1[j+13] << 14) |
+                   (w1[j+14] << 20) | (w1[j+15] << 26);
+#else
+        w1e[ 0] =  w1[j+ 0]       | (w1[j+ 1] << 6);
+        w1e[ 1] = (w1[j+ 1] >> 2) | (w1[j+ 2] << 4);
+        w1e[ 2] = (w1[j+ 2] >> 4) | (w1[j+ 3] << 2);
+        w1e[ 3] =  w1[j+ 4]       | (w1[j+ 5] << 6);
+        w1e[ 4] = (w1[j+ 5] >> 2) | (w1[j+ 6] << 4);
+        w1e[ 5] = (w1[j+ 6] >> 4) | (w1[j+ 7] << 2);
+        w1e[ 6] =  w1[j+ 8]       | (w1[j+ 9] << 6);
+        w1e[ 7] = (w1[j+ 9] >> 2) | (w1[j+10] << 4);
+        w1e[ 8] = (w1[j+10] >> 4) | (w1[j+11] << 2);
+        w1e[ 9] =  w1[j+12]       | (w1[j+13] << 6);
+        w1e[10] = (w1[j+13] >> 2) | (w1[j+14] << 4);
+        w1e[11] = (w1[j+14] >> 4) | (w1[j+15] << 2);
+#endif
+        /* Move to next place to encode to. */
+        w1e += DILITHIUM_Q_HI_88_ENC_BITS * 2;
+    }
+}
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1).
+ *
+ * FIPS 204. 8.2: Algorithm 22 w1Encode(w1)
+ *   ...
+ *   3:     w1_tilde <- w1_tilde ||
+ *                      ByteToBits(SimpleBitPack(w1[i], (q-1)/(2*GAMMA2)-1))
+ *   ...
+ *
+ * @param [in]  w1      Vector of polynomials to encode.
+ * @param [in]  gamma2  Maximum value in range.
+ * @param [out] w1e     Buffer to encode into.
+ */
+static void dilithium_encode_w1_32(const sword32* w1, byte* w1e)
+{
+    unsigned int j;
+
+    /* Step 3: Encode a polynomial values 4 bits at a time. */
+    for (j = 0; j < DILITHIUM_N; j += 16) {
+        /* 4 bits per number.
+         * 16 numbers in 8 bytes. (16 * 4 bits = 8 * 8 bits) */
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 8)
+        word32* w1e32 = (word32*)w1e;
+        w1e32[0] = (w1[j +  0] <<  0) | (w1[j +  1] <<  4) |
+                   (w1[j +  2] <<  8) | (w1[j +  3] << 12) |
+                   (w1[j +  4] << 16) | (w1[j +  5] << 20) |
+                   (w1[j +  6] << 24) | (w1[j +  7] << 28);
+        w1e32[1] = (w1[j +  8] <<  0) | (w1[j +  9] <<  4) |
+                   (w1[j + 10] <<  8) | (w1[j + 11] << 12) |
+                   (w1[j + 12] << 16) | (w1[j + 13] << 20) |
+                   (w1[j + 14] << 24) | (w1[j + 15] << 28);
+#else
+        w1e[0] = w1[j +  0] | (w1[j +  1] << 4);
+        w1e[1] = w1[j +  2] | (w1[j +  3] << 4);
+        w1e[2] = w1[j +  4] | (w1[j +  5] << 4);
+        w1e[3] = w1[j +  6] | (w1[j +  7] << 4);
+        w1e[4] = w1[j +  8] | (w1[j +  9] << 4);
+        w1e[5] = w1[j + 10] | (w1[j + 11] << 4);
+        w1e[6] = w1[j + 12] | (w1[j + 13] << 4);
+        w1e[7] = w1[j + 14] | (w1[j + 15] << 4);
+#endif
+        /* Move to next place to encode to. */
+        w1e += DILITHIUM_Q_HI_32_ENC_BITS * 2;
+    }
+}
+#endif
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+     (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+      !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1).
+ *
+ * FIPS 204. 8.2: Algorithm 22 w1Encode(w1)
+ *   1: w1_tilde = ()
+ *   2: for i form 0 to k - 1 do
+ *   3:     w1_tilde <- w1_tilde ||
+ *                      ByteToBits(SimpleBitPack(w1[i], (q-1)/(2*GAMMA2)-1))
+ *   4: end for
+ *   5: return w1_tilde
+ *
+ * @param [in]  w1      Vector of polynomials to encode.
+ * @param [in]  k       Dimension of vector.
+ * @param [in]  gamma2  Maximum value in range.
+ * @param [out] w1e     Buffer to encode into.
+ */
+static void dilithium_vec_encode_w1(const sword32* w1, byte k, sword32 gamma2,
+    byte* w1e)
+{
+    unsigned int i;
+
+    (void)k;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (gamma2 == DILITHIUM_Q_LOW_88) {
+        /* Step 2. For each polynomial of vector. */
+        for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
+            dilithium_encode_w1_88(w1, w1e);
+            /* Next polynomial. */
+            w1 += DILITHIUM_N;
+            w1e += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16;
+        }
+    }
+    else
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+    if (gamma2 == DILITHIUM_Q_LOW_32) {
+        /* Step 2. For each polynomial of vector. */
+        for (i = 0; i < k; i++) {
+            dilithium_encode_w1_32(w1, w1e);
+            /* Next polynomial. */
+            w1 += DILITHIUM_N;
+            w1e += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16;
+        }
+    }
+    else
+#endif
+    {
+    }
+}
+#endif
+
+/******************************************************************************
+ * Expand operations
+ ******************************************************************************/
+
+/* Generate a random polynomial by rejection.
+ *
+ * FIPS 204. 8.3: Algorithm 24 RejNTTPoly(rho)
+ *   1: j <- 0
+ *   2: c <- 0
+ *   3: while j < 256 do
+ *   4:    a_hat[j] <- CoeffFromThreeBytes(H128(rho)[[c]], H128(rho)[[c+1]],
+ *                                         H128(rho)[[c+2]])
+ *   5:    c <- c + 3
+ *   6:    if a_hat[j] != falsam then
+ *   7:       j <- j + 1
+ *   8:    end if
+ *   9: end while
+ *  10: return a_hat
+ *
+ * FIPS 204. 8.1: Algorithm 8 CoeffFromThreeBytes(b0,b1,b2)
+ *   1: if b2 > 127 then
+ *   2:    b2 <- b2 - 128
+ *   3. end if
+ *   4. z <- 2^16.b2 + s^8.b1 + b0
+ *   5. if z < q then return z
+ *   6. else return falsam
+ *   7. end if
+ *
+ * @param [in, out] shake128  SHAKE-128 object.
+ * @param [in]      seed      Seed to hash to generate values.
+ * @param [out]     a         Polynomial.
+ * @param [in]      h         Buffer to hold hashes.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a,
+    byte* h)
+{
+    int ret = 0;
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    int j = 0;
+
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+    /* Reading 4 bytes for 3 so need to set 1 past for last read. */
+    h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0;
+#endif
+
+    /* Initialize SHAKE-128 object for new hash. */
+    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Absorb the seed. */
+        ret = wc_Shake128_Absorb(shake128, seed, DILITHIUM_GEN_A_SEED_SZ);
+    }
+    /* Keep generating more blocks and using triplets until we have enough.
+     */
+    while ((ret == 0) && (j < DILITHIUM_N)) {
+         /* Squeeze out a block - 168 bytes = 56 values. */
+        ret = wc_Shake128_SqueezeBlocks(shake128, h, 1);
+        if (ret == 0) {
+            int c;
+            /* Use triplets until run out or have enough for polynomial. */
+            for (c = 0; c < DILITHIUM_GEN_A_BLOCK_BYTES; c += 3) {
+            #if defined(LITTLE_ENDIAN_ORDER) && \
+                (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+                /* Load 32-bit value and mask out 23 bits. */
+                sword32 t = *((sword32*)(h + c)) & 0x7fffff;
+            #else
+                /* Load 24-bit value and mask out 23 bits. */
+                sword32 t = (h[c] + ((sword32)h[c+1] << 8) +
+                             ((sword32)h[c+2] << 16)) & 0x7fffff;
+            #endif
+                /* Check if value is in valid range. */
+                if (t < DILITHIUM_Q) {
+                    /* Store value in polynomial and increment count of values.
+                     */
+                    a[j++] = t;
+                    /* Check we whether we have enough yet. */
+                    if (j == DILITHIUM_N) {
+                        break;
+                    }
+                }
+            }
+        }
+    }
+#else
+    unsigned int j = 0;
+    unsigned int c;
+
+    /* Generate enough SHAKE-128 output blocks to give high probability of
+     * being able to get 256 valid 3-byte, 23-bit values from it. */
+    ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h,
+        DILITHIUM_GEN_A_NBLOCKS);
+    if (ret == 0) {
+    #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+        /* Reading 4 bytes for 3 so need to set 1 past for last read. */
+        h[DILITHIUM_GEN_A_BYTES] = 0;
+    #endif
+
+        /* Use the first 256 triplets and know we won't exceed required. */
+    #ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE
+        for (c = 0; c < (DILITHIUM_N - 1) * 3; c += 3) {
+        #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+            /* Load 32-bit value and mask out 23 bits. */
+            sword32 t = *((sword32*)(h + c)) & 0x7fffff;
+        #else
+            /* Load 24-bit value and mask out 23 bits. */
+            sword32 t = (h[c] + ((sword32)h[c+1] << 8) +
+                         ((sword32)h[c+2] << 16)) & 0x7fffff;
+        #endif
+            /* Check if value is in valid range. */
+            if (t < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t;
+            }
+        }
+        /* Use the remaining triplets, checking we have enough. */
+        for (; c < DILITHIUM_GEN_A_BYTES; c += 3) {
+        #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+            /* Load 32-bit value and mask out 23 bits. */
+            sword32 t = *((sword32*)(h + c)) & 0x7fffff;
+        #else
+            /* Load 24-bit value and mask out 23 bits. */
+            sword32 t = (h[c] + ((sword32)h[c+1] << 8) +
+                         ((sword32)h[c+2] << 16)) & 0x7fffff;
+        #endif
+            /* Check if value is in valid range. */
+            if (t < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t;
+                /* Check we whether we have enough yet. */
+                if (j == DILITHIUM_N) {
+                    break;
+                }
+            }
+        }
+    #else
+        /* Do 15 bytes at a time: 255 * 3 / 15 = 51 */
+        for (c = 0; c < DILITHIUM_N * 3; c += 24) {
+        #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+            /* Load 32-bit value and mask out 23 bits. */
+            sword32 t0 = *((sword32*)(h + c +  0)) & 0x7fffff;
+            sword32 t1 = *((sword32*)(h + c +  3)) & 0x7fffff;
+            sword32 t2 = *((sword32*)(h + c +  6)) & 0x7fffff;
+            sword32 t3 = *((sword32*)(h + c +  9)) & 0x7fffff;
+            sword32 t4 = *((sword32*)(h + c + 12)) & 0x7fffff;
+            sword32 t5 = *((sword32*)(h + c + 15)) & 0x7fffff;
+            sword32 t6 = *((sword32*)(h + c + 18)) & 0x7fffff;
+            sword32 t7 = *((sword32*)(h + c + 21)) & 0x7fffff;
+        #else
+            /* Load 24-bit value and mask out 23 bits. */
+            sword32 t0 = (h[c +  0] + ((sword32)h[c +  1] << 8) +
+                          ((sword32)h[c +  2] << 16)) & 0x7fffff;
+            sword32 t1 = (h[c +  3] + ((sword32)h[c +  4] << 8) +
+                          ((sword32)h[c +  5] << 16)) & 0x7fffff;
+            sword32 t2 = (h[c +  6] + ((sword32)h[c +  7] << 8) +
+                          ((sword32)h[c +  8] << 16)) & 0x7fffff;
+            sword32 t3 = (h[c +  9] + ((sword32)h[c + 10] << 8) +
+                          ((sword32)h[c + 11] << 16)) & 0x7fffff;
+            sword32 t4 = (h[c + 12] + ((sword32)h[c + 13] << 8) +
+                          ((sword32)h[c + 14] << 16)) & 0x7fffff;
+            sword32 t5 = (h[c + 15] + ((sword32)h[c + 16] << 8) +
+                          ((sword32)h[c + 17] << 16)) & 0x7fffff;
+            sword32 t6 = (h[c + 18] + ((sword32)h[c + 19] << 8) +
+                          ((sword32)h[c + 20] << 16)) & 0x7fffff;
+            sword32 t7 = (h[c + 21] + ((sword32)h[c + 22] << 8) +
+                          ((sword32)h[c + 23] << 16)) & 0x7fffff;
+        #endif
+            /* Check if value is in valid range. */
+            if (t0 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t0;
+            }
+            /* Check if value is in valid range. */
+            if (t1 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t1;
+            }
+            /* Check if value is in valid range. */
+            if (t2 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t2;
+            }
+            /* Check if value is in valid range. */
+            if (t3 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t3;
+            }
+            /* Check if value is in valid range. */
+            if (t4 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t4;
+            }
+            /* Check if value is in valid range. */
+            if (t5 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t5;
+            }
+            /* Check if value is in valid range. */
+            if (t6 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t6;
+            }
+            /* Check if value is in valid range. */
+            if (t7 < DILITHIUM_Q) {
+                /* Store value in polynomial and increment count of values. */
+                a[j++] = t7;
+            }
+        }
+        if (j < DILITHIUM_N) {
+            /* Use the remaining triplets, checking we have enough. */
+            for (; c < DILITHIUM_GEN_A_BYTES; c += 3) {
+            #if defined(LITTLE_ENDIAN_ORDER) && \
+                (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+                /* Load 32-bit value and mask out 23 bits. */
+                sword32 t = *((sword32*)(h + c)) & 0x7fffff;
+            #else
+                /* Load 24-bit value and mask out 23 bits. */
+                sword32 t = (h[c] + ((sword32)h[c+1] << 8) +
+                             ((sword32)h[c+2] << 16)) & 0x7fffff;
+            #endif
+                /* Check if value is in valid range. */
+                if (t < DILITHIUM_Q) {
+                    /* Store value in polynomial and increment count of values.
+                     */
+                    a[j++] = t;
+                    /* Check we whether we have enough yet. */
+                    if (j == DILITHIUM_N) {
+                        break;
+                    }
+                }
+            }
+        }
+    #endif
+        /* Keep generating more blocks and using triplets until we have enough.
+         */
+        while (j < DILITHIUM_N) {
+            /* Squeeze out a block - 168 bytes = 56 values. */
+            ret = wc_Shake128_SqueezeBlocks(shake128, h, 1);
+            if (ret != 0) {
+                break;
+            }
+            /* Use triplets until run out or have enough for polynomial. */
+            for (c = 0; c < DILITHIUM_GEN_A_BLOCK_BYTES; c += 3) {
+            #if defined(LITTLE_ENDIAN_ORDER) && \
+                (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+                /* Load 32-bit value and mask out 23 bits. */
+                sword32 t = *((sword32*)(h + c)) & 0x7fffff;
+            #else
+                /* Load 24-bit value and mask out 23 bits. */
+                sword32 t = (h[c] + ((sword32)h[c+1] << 8) +
+                             ((sword32)h[c+2] << 16)) & 0x7fffff;
+            #endif
+                /* Check if value is in valid range. */
+                if (t < DILITHIUM_Q) {
+                    /* Store value in polynomial and increment count of values.
+                     */
+                    a[j++] = t;
+                    /* Check we whether we have enough yet. */
+                    if (j == DILITHIUM_N) {
+                        break;
+                    }
+                }
+            }
+        }
+    }
+#endif
+
+    return ret;
+}
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Generate a random polynomial by rejection.
+ *
+ * @param [in, out] shake128  SHAKE-128 object.
+ * @param [in]      seed      Seed to hash to generate values.
+ * @param [out]     a         Polynomial.
+ * @param [in]      heap      Dynamic memory hint.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  Negative on hash error.
+ */
+static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
+    void* heap)
+{
+    int ret = 0;
+#if defined(WOLFSSL_SMALL_STACK)
+    byte* h = NULL;
+#else
+    byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
+#endif
+
+    (void)heap;
+
+#if defined(WOLFSSL_SMALL_STACK)
+    h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, heap,
+        DYNAMIC_TYPE_DILITHIUM);
+    if (h == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    if (ret == 0)
+        ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h);
+
+#if defined(WOLFSSL_SMALL_STACK)
+    XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM);
+#endif
+
+    return ret;
+}
+#endif
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+      defined(WC_DILITHIUM_CACHE_MATRIX_A)))
+/* Expand the seed to create matrix a.
+ *
+ * FIPS 204. 8.3: Algorithm 26 ExpandA(rho)
+ *   1: for r from 0 to k - 1 do
+ *   2:     for s from 0 to l - 1 do
+ *   3:         A_hat[r,s] <- RejNTTPoly(rho||IntegerToBits(s,8)||
+ *                                       IntegerToBits(r,8))
+ *   4:     end for
+ *   5: end for
+ *   6: return A_hat
+ *
+ * @param [in, out] shake128  SHAKE-128 object.
+ * @param [in]      pub_seed  Seed to generate stream of data.
+ * @param [in]      k         First dimension of matrix a.
+ * @param [in]      l         Second dimension of matrix a.
+ * @param [out]     a         Matrix of polynomials.
+ * @param [in]      heap      Dynamic memory hint.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k,
+    byte l, sword32* a, void* heap)
+{
+    int ret = 0;
+    byte r;
+    byte s;
+    byte seed[DILITHIUM_GEN_A_SEED_SZ];
+
+    /* Copy the seed into a buffer that has space for s and r. */
+    XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+    /* Step 1: Loop over first dimension of matrix. */
+    for (r = 0; (ret == 0) && (r < k); r++) {
+        /* Put r into buffer to be hashed. */
+        seed[DILITHIUM_PUB_SEED_SZ + 1] = r;
+        /* Step 2: Loop over second dimension of matrix. */
+        for (s = 0; (ret == 0) && (s < l); s++) {
+            /* Put s into buffer to be hashed. */
+            seed[DILITHIUM_PUB_SEED_SZ + 0] = s;
+            /* Step 3: Create polynomial from hashing seed. */
+            ret = dilithium_rej_ntt_poly(shake128, seed, a, heap);
+            /* Next polynomial. */
+            a += DILITHIUM_N;
+        }
+    }
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+
+#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Check random value is in valid range.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   1: if             b < 15
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 2 - unused.
+ * @return  1 when value less than 9.
+ * @return  0 when value greater than or equal to 9.
+ */
+#define DILITHIUM_COEFF_S_VALID_ETA2(b) \
+    ((b) < DILITHIUM_ETA_2_MOD)
+
+static const char dilithium_coeff_eta2[] = {
+    2, 1, 0, -1, -2,
+    2, 1, 0, -1, -2,
+    2, 1, 0, -1, -2
+};
+/* Convert random value 0..15 to a value in range of -2..2.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   1:                            return 2 - (b mod 5)
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @return  Value in range of -2..2 on success.
+ */
+#define DILITHIUM_COEFF_S_ETA2(b)       \
+    (dilithium_coeff_eta2[b])
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+/* Check random value is in valid range.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   3:     if             b < 9
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 4 - unused.
+ * @return  1 when value less than 9.
+ * @return  0 when value greater than or equal to 9.
+ */
+#define DILITHIUM_COEFF_S_VALID_ETA4(b) \
+    ((b) < DILITHIUM_ETA_4_MOD)
+
+/* Convert random value 0..15 to a value in range of -4..4.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   3:                               return 4 - b
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 4 - unused.
+ * @return  Value in range of -4..4 on success.
+ */
+#define DILITHIUM_COEFF_S_ETA4(b)       \
+    (4 - (b))
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87)
+#ifndef WOLFSSL_NO_ML_DSA_65
+
+/* Check random value is in valid range.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   1: if eta = 2 and b < 15
+ *   2: else
+ *   3:     if eta = 4 and b < 9
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result.
+ * @return  Value in range of -ETA..ETA on success.
+ */
+#define DILITHIUM_COEFF_S_VALID(b, eta)                             \
+    (((eta) == DILITHIUM_ETA_2) ? DILITHIUM_COEFF_S_VALID_ETA2(b) : \
+                                  DILITHIUM_COEFF_S_VALID_ETA4(b))
+
+/* Convert random value 0..15 to a value in range of -ETA..ETA.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   1: if eta = 2            then return 2 - (b mod 5)
+ *   2: else
+ *   3:     if eta = 4           then return 4 - b
+ *   ...
+ *   6: end if
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result.
+ * @return  Value in range of -ETA..ETA on success.
+ */
+#define DILITHIUM_COEFF_S(b, eta)                               \
+    (((eta) == DILITHIUM_ETA_2) ? DILITHIUM_COEFF_S_ETA2(b)     \
+                                : DILITHIUM_COEFF_S_ETA4(b))
+
+#else
+
+/* Check random value is in valid range.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   1: if             b < 15
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 2 - unused.
+ * @return  1 when value less than 9.
+ * @return  0 when value greater than or equal to 9.
+ */
+#define DILITHIUM_COEFF_S_VALID(b, eta) \
+    DILITHIUM_COEFF_S_VALID_ETA2(b)
+
+/* Convert random value 0..15 to a value in range of -2..2.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   1:                            return 2 - (b mod 5)
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 2 - unused.
+ * @return  Value in range of -2..2 on success.
+ */
+#define DILITHIUM_COEFF_S(b, eta)   \
+    DILITHIUM_COEFF_S_ETA2(b)
+
+#endif /*  WOLFSSL_NO_ML_DSA_65 */
+
+#else
+
+/* Check random value is in valid range.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   3:     if             b < 9
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 4 - unused.
+ * @return  1 when value less than 9.
+ * @return  0 when value greater than or equal to 9.
+ */
+#define DILITHIUM_COEFF_S_VALID(b, eta) \
+    DILITHIUM_COEFF_S_VALID_ETA4(b)
+
+/* Convert random value 0..15 to a value in range of -4..4.
+ *
+ * FIPS 204. 8.1: Algorithm 9 CoeffFromHalfByte(b)
+ *   3:                               return 4 - b
+ *
+ * @param [in] b    Random half-byte (nibble) value.
+ * @param [in] eta  Range specifier of result. Will always be 4 - unused.
+ * @return  Value in range of -4..4 on success.
+ */
+#define DILITHIUM_COEFF_S(b, eta)   \
+    DILITHIUM_COEFF_S_ETA4(b)
+
+#endif /* !WOLFSSL_NO_ML_DSA_44 || !WOLFSSL_NO_ML_DSA_87 */
+
+/* Extract a coefficient from a nibble of z.
+ *
+ * Breaks out of loop when we have enough coefficients.
+ *
+ * @param [in] z    A random value.
+ * @param [in] rs   Amount to shift right.
+ * @param [in] t    Temporary result.
+ * @param [in] eta  ETA value from parameters.
+ * @return  Value in range -eta..eta on success.
+ * @return  Falsam (0x10) when random value out of range.
+ */
+#define EXTRACT_COEFF_NIBBLE_CHECK_J(z, rs, t, eta)                     \
+        (t) = (sword8)(((z) >> (rs)) & 0xf);                            \
+        /* Step 7: Check we have a valid coefficient. */                \
+        if (DILITHIUM_COEFF_S_VALID(t, eta)) {                          \
+            (t) = DILITHIUM_COEFF_S(t, eta);                            \
+            /* Step 8: Store coefficient as next polynomial value.      \
+             * Step 9: Increment count of polynomial values set. */     \
+            s[j++] = (sword32)(t);                                      \
+            if (j == DILITHIUM_N) {                                     \
+                break;                                                  \
+            }                                                           \
+        }
+
+/* Extract a coefficient from a nibble of z.
+ *
+ * @param [in] z    A random value.
+ * @param [in] rs   Amount to shift right.
+ * @param [in] t    Temporary result.
+ * @param [in] eta  ETA value from parameters.
+ * @return  Value in range -eta..eta on success.
+ * @return  Falsam (0x10) when random value out of range.
+ */
+#define EXTRACT_COEFF_NIBBLE(z, rs, t, eta)                             \
+        (t) = (sword8)(((z) >> (rs)) & 0xf);                            \
+        /* Step 7: Check we have a valid coefficient. */                \
+        if (DILITHIUM_COEFF_S_VALID(t, eta)) {                          \
+            (t) = DILITHIUM_COEFF_S(t, eta);                            \
+            /* Step 8: Store coefficient as next polynomial value.      \
+             * Step 9: Increment count of polynomial values set. */     \
+            s[j++] = (sword32)(t);                                      \
+        }
+
+
+/* Extract coefficients from hash - z.
+ *
+ * FIPS 204. 8.3: Algorithm 25 RejBoundedPoly(rho)
+ *   2: c <- 0
+ *   5:    z0 <- CoeffFromHalfByte(z mod 16, eta)
+ *   6:    z1 <- CoeffFromHalfByte(lower(z / 16), eta)
+ *   7:    if z0 != falsam then
+ *   8:         aj <- z0
+ *   9:         j <- j + 1
+ *  10:    end if
+ *  11:    if z1 != falsam then
+ *  12:         aj <- z1
+ *  13:         j <- j + 1
+ *  14:    end if
+ *  15:    c <- c + 1
+ *
+ * @param [in]      z     Hash data to extract coefficients from.
+ * @param [in]      zLen  Length of z in bytes.
+ * @param [in]      eta   Range specifier of each value.
+ * @param [out]     s     Polynomial to fill with coefficients.
+ * @param [in, out] cnt   Current count of coefficients in polynomial.
+ */
+static void dilithium_extract_coeffs(byte* z, unsigned int zLen, byte eta,
+    sword32* s, unsigned int* cnt)
+{
+#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE
+    unsigned int j = *cnt;
+    unsigned int c;
+
+    (void)eta;
+
+    /* Extract values from the squeezed data. */
+    for (c = 0; c < zLen; c++) {
+        sword8 t;
+
+        /* Step 5: Get coefficient from bottom nibble. */
+        EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 0, t, eta);
+        /* Step 6: Get coefficient from top nibble. */
+        EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 4, t, eta);
+    }
+
+    *cnt = j;
+#else
+    unsigned int j = *cnt;
+    unsigned int c;
+    unsigned int min = (DILITHIUM_N - j) / 2;
+
+    (void)eta;
+
+#if defined(LITTLE_ENDIAN_ORDER)
+#ifdef WC_64BIT_CPU
+    min &= ~(unsigned int)7;
+    /* Extract values from the squeezed data. */
+    for (c = 0; c < min; c += 8) {
+        word64 z64 = *(word64*)(z + c);
+        sword8 t;
+
+        /* Do each nibble from lowest to highest 16 at a time. */
+        EXTRACT_COEFF_NIBBLE(z64,  0, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64,  4, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64,  8, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 12, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 16, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 20, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 24, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 28, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 32, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 36, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 40, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 44, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 48, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 52, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 56, t, eta);
+        EXTRACT_COEFF_NIBBLE(z64, 60, t, eta);
+    }
+#else
+    min &= ~(unsigned int)3;
+    /* Extract values from the squeezed data. */
+    for (c = 0; c < min; c += 4) {
+        word32 z32 = *(word32*)(z + c);
+        sword8 t;
+
+        /* Do each nibble from lowest to highest 8 at a time. */
+        EXTRACT_COEFF_NIBBLE(z32,  0, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32,  4, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32,  8, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32, 12, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32, 16, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32, 20, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32, 24, t, eta);
+        EXTRACT_COEFF_NIBBLE(z32, 28, t, eta);
+    }
+#endif
+#else
+    /* Extract values from the squeezed data. */
+    for (c = 0; c < min; c++) {
+        sword8 t;
+
+        /* Step 5: Get coefficient from bottom nibble. */
+        EXTRACT_COEFF_NIBBLE(z[c], 0, t, eta);
+        EXTRACT_COEFF_NIBBLE(z[c], 4, t, eta);
+    }
+#endif
+    if (j != DILITHIUM_N) {
+        /* Extract values from the squeezed data. */
+        for (; c < zLen; c++) {
+            sword8 t;
+
+            EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 0, t, eta);
+            EXTRACT_COEFF_NIBBLE_CHECK_J(z[c], 4, t, eta);
+        }
+    }
+
+    *cnt = j;
+#endif
+}
+
+/* Create polynomial from hashing the seed with bounded values.
+ *
+ * FIPS 204. 8.3: Algorithm 25 RejBoundedPoly(rho)
+ *   1: j <- 0
+ *      ...
+ *   3: while j < 256 do
+ *   4:    z <- H(rho)[[c]]
+ *         ... [Extract coefficients into polynomial from z]
+ *  16: end while
+ *  17: return a
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      seed      Seed, rho, to hash to generate values.
+ * @param [in]      eta       Range specifier of each value.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_rej_bound_poly(wc_Shake* shake256, byte* seed, sword32* s,
+    byte eta)
+{
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    int ret;
+    unsigned int j = 0;
+    byte z[DILITHIUM_GEN_S_BLOCK_BYTES];
+
+    /* Initialize SHAKE-256 object for new hash. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Absorb the seed. */
+        ret = wc_Shake256_Absorb(shake256, seed, DILITHIUM_GEN_S_SEED_SZ);
+    }
+    if (ret == 0) {
+        do {
+            /* Squeeze out another block. */
+            ret = wc_Shake256_SqueezeBlocks(shake256, z, 1);
+            if (ret != 0) {
+                break;
+            }
+            /* Extract up to the 256 valid coefficients for polynomial. */
+            dilithium_extract_coeffs(z, DILITHIUM_GEN_S_BLOCK_BYTES, eta, s,
+                &j);
+        }
+        /* Check we got enough values to fill polynomial. */
+        while (j < DILITHIUM_N);
+    }
+
+    return ret;
+#else
+    int ret;
+    unsigned int j = 0;
+    byte z[DILITHIUM_GEN_S_BYTES];
+
+    /* Absorb seed and squeeze out some blocks. */
+    ret = dilithium_squeeze256(shake256, seed, DILITHIUM_GEN_S_SEED_SZ, z,
+        DILITHIUM_GEN_S_NBLOCKS);
+    if (ret == 0) {
+        /* Extract up to 256 valid coefficients for polynomial. */
+        dilithium_extract_coeffs(z, DILITHIUM_GEN_S_BYTES, eta, s, &j);
+        /* Check we got enough values to fill polynomial. */
+        while (j < DILITHIUM_N) {
+            /* Squeeze out another block. */
+            ret = wc_Shake256_SqueezeBlocks(shake256, z, 1);
+            if (ret != 0) {
+                break;
+            }
+            /* Extract up to the 256 valid coefficients for polynomial. */
+            dilithium_extract_coeffs(z, DILITHIUM_GEN_S_BLOCK_BYTES, eta, s,
+                &j);
+        }
+    }
+
+    return ret;
+#endif
+}
+
+/* Expand private seed into vectors s1 and s2.
+ *
+ * FIPS 204. 8.3: Algorithm 27 ExpandS(rho)
+ *   1: for r from 0 to l - 1 do
+ *   2:     s1[r] <- RejBoundedPoly(rho||IntegerToBits(r,16))
+ *   3: end for
+ *   4: for r from 0 to k - 1 do
+ *   5:     s2[r] <- RejBoundedPoly(rho||IntegerToBits(r + l,16))
+ *   6: end for
+ *   7: return (s1,s2)
+ *
+ * @param [in, out] shake256   SHAKE-256 object.
+ * @param [in]      priv_seed  Private seed, rho, to expand.
+ * @param [in]      eta        Range specifier of each value.
+ * @param [out]     s1         First vector of polynomials.
+ * @param [in]      s1Len      Dimension of first vector.
+ * @param [out]     s2         Second vector of polynomials.
+ * @param [in]      s2Len      Dimension of second vector.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_expand_s(wc_Shake* shake256, byte* priv_seed, byte eta,
+    sword32* s1, byte s1Len, sword32* s2, byte s2Len)
+{
+    int ret = 0;
+    byte r;
+    byte seed[DILITHIUM_GEN_S_SEED_SZ];
+
+    /* Copy the seed into a buffer that has space for r. */
+    XMEMCPY(seed, priv_seed, DILITHIUM_PRIV_SEED_SZ);
+    /* Set top 8-bits of r in buffer to 0. */
+    seed[DILITHIUM_PRIV_SEED_SZ + 1] = 0;
+    /* Step 1: Each polynomial in s1. */
+    for (r = 0; (ret == 0) && (r < s1Len); r++) {
+        /* Set bottom 8-bits of r into buffer - little endian. */
+        seed[DILITHIUM_PRIV_SEED_SZ] = r;
+
+        /* Step 2: Generate polynomial for s1. */
+        ret = dilithium_rej_bound_poly(shake256, seed, s1, eta);
+        /* Next polynomial in s1. */
+        s1 += DILITHIUM_N;
+    }
+    /* Step 4: Each polynomial in s2. */
+    for (r = 0; (ret == 0) && (r < s2Len); r++) {
+        /* Set bottom 8-bits of r + l into buffer - little endian. */
+        seed[DILITHIUM_PRIV_SEED_SZ] = r + s1Len;
+        /* Step 5: Generate polynomial for s1. */
+        ret = dilithium_rej_bound_poly(shake256, seed, s2, eta);
+        /* Next polynomial in s2. */
+        s2 += DILITHIUM_N;
+    }
+
+    return ret;
+}
+
+#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+/* Expand the private random seed into vector y.
+ *
+ * FIPS 204. 8.3: Algorithm 28 ExpandMask(rho, mu)
+ *   1: c <- 1 + bitlen(GAMMA1 - 1)
+ *   2: for r from 0 to l - 1 do
+ *   3:     n <- IntegerToBits(mu + r, 16)
+ *   4:     v <- (H(rho||n)[[32rc]], H(rho||n)[[32rc + 1]], ...,
+ *                H(rho||n)[[32rc + 32c - 1]])
+ *   5:     s[r] <- BitUnpack(v, GAMMA-1, GAMMA1)
+ *   6: end for
+ *   7: return s
+ *
+ * @param [in, out] shake256     SHAKE-256 object.
+ * @param [in, out] seed         Buffer containing seed to expand.
+ *                               Has space for two bytes to be appended.
+ * @param [in]      kappa        Base value to append to seed.
+ * @param [in]      gamma1_bits  Number of bits per value.
+ * @param [out]     y            Vector of polynomials.
+ * @param [in]      l            Dimension of vector.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
+    word16 kappa, byte gamma1_bits, sword32* y, byte l)
+{
+    int ret = 0;
+    byte r;
+    byte v[DILITHIUM_MAX_V];
+
+    /* Step 2: For each polynomial of vector. */
+    for (r = 0; (ret == 0) && (r < l); r++) {
+        /* Step 3: Calculate value to append to seed. */
+        word16 n = kappa + r;
+
+        /* Step 4: Append to seed and squeeze out data. */
+        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)n;
+        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = (byte)(n >> 8);
+        ret = dilithium_squeeze256(shake256, seed, DILITHIUM_Y_SEED_SZ, v,
+            DILITHIUM_MAX_V_BLOCKS);
+        if (ret == 0) {
+            /* Decode v into polynomial. */
+            dilithium_decode_gamma1(v, gamma1_bits, y);
+            /* Next polynomial. */
+            y += DILITHIUM_N;
+        }
+    }
+
+    return ret;
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+
+/* Expand commit to a polynomial.
+ *
+ * FIPS 204. 8.3: Algorithm 23 SampleInBall(rho)
+ *   1: c <- 0
+ *   2: k <- 8
+ *   3: for i from 256 - TAU to 255 do
+ *   4:     while H(rho)[[k]] > i do
+ *   5:        k <- k + 1
+ *   6:     end while
+ *   7:     j <- H(rho)[[k]]
+ *   8:     c[i] <- c[j]
+ *   9:     c[j] <- (-1)^H(rho)[i+TAU-256]
+ *  10:     k <- k + 1
+ *  11: end for
+ *  12: return c
+ *
+ * @param [in]  shake256  SHAKE-256 object.
+ * @param [in]  seed      Buffer containing seed to expand.
+ * @param [in]  seedLen   Length of seed in bytes.
+ * @param [in]  tau       Number of +/- 1s in polynomial.
+ * @param [out] c         Commit polynomial.
+ * @param [in]  block     Memory to use for block from key.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
+   const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block)
+{
+    int ret = 0;
+    unsigned int k;
+    unsigned int i;
+    unsigned int s;
+    byte signs[DILITHIUM_SIGN_BYTES];
+
+    if (ret == 0) {
+        /* Set polynomial to all zeros. */
+        XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
+
+        /* Generate a block of data from seed. */
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (level >= WC_ML_DSA_DRAFT) {
+            ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
+                DILITHIUM_GEN_C_BLOCK_BYTES);
+        }
+        else
+#endif
+        {
+            (void)level;
+            ret = dilithium_shake256(shake256, seed, seedLen, block,
+                DILITHIUM_GEN_C_BLOCK_BYTES);
+        }
+    }
+    if (ret == 0) {
+        /* Copy first 8 bytes of first hash block as random sign bits. */
+        XMEMCPY(signs, block, DILITHIUM_SIGN_BYTES);
+        /* Step 1: Initialize sign bit index. */
+        s = 0;
+        /* Step 2: First 8 bytes are used for sign. */
+        k = DILITHIUM_SIGN_BYTES;
+    }
+
+    /* Step 3: Put in TAU +/- 1s. */
+    for (i = DILITHIUM_N - tau; (ret == 0) && (i < DILITHIUM_N); i++) {
+        unsigned int j;
+        do {
+            /* Check whether block is exhausted. */
+            if (k == DILITHIUM_GEN_C_BLOCK_BYTES) {
+                /* Generate a new block. */
+                ret = wc_Shake256_SqueezeBlocks(shake256, block, 1);
+                /* Restart hash block index. */
+                k = 0;
+            }
+            /* Step 7: Get random byte from block as index.
+             * Step 5 and 10: Increment hash block index.
+             */
+            j = block[k++];
+        }
+        /* Step 4: Get another random if random index is a future swap index. */
+        while ((ret == 0) && (j > i));
+
+        /* Step 8: Move value from random index to current index. */
+        c[i] = c[j];
+        /* Step 9: Set value at random index to +/- 1. */
+        c[j] = 1 - ((((signs[s >> 3]) >> (s & 0x7)) & 0x1) << 1);
+        /* Next sign bit index. */
+        s++;
+    }
+
+    return ret;
+}
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Expand commit to a polynomial.
+ *
+ * @param [in]  shake256  SHAKE-256 object.
+ * @param [in]  seed      Buffer containing seed to expand.
+ * @param [in]  seedLen   Length of seed in bytes.
+ * @param [in]  tau       Number of +/- 1s in polynomial.
+ * @param [out] c         Commit polynomial.
+ * @param [in]  heap      Dynamic memory hint.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  Negative on hash error.
+ */
+static int dilithium_sample_in_ball(int level, wc_Shake* shake256,
+   const byte* seed, word32 seedLen, byte tau, sword32* c, void* heap)
+{
+    int ret = 0;
+#if defined(WOLFSSL_SMALL_STACK)
+    byte* block = NULL;
+#else
+    byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
+#endif
+
+    (void)heap;
+
+#if defined(WOLFSSL_SMALL_STACK)
+    block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, heap,
+        DYNAMIC_TYPE_DILITHIUM);
+    if (block == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+    if (ret == 0) {
+        ret = dilithium_sample_in_ball_ex(level, shake256, seed, seedLen, tau,
+            c, block);
+    }
+
+#if defined(WOLFSSL_SMALL_STACK)
+    XFREE(block, heap, DYNAMIC_TYPE_DILITHIUM);
+#endif
+    return ret;
+}
+#endif
+
+#endif
+
+/******************************************************************************
+ * Decompose operations
+ ******************************************************************************/
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Decompose value into high and low based on GAMMA2 being ((q-1) / 88).
+ *
+ * FIPS 204. 8.4: Algorithm 30 Decompose(r)
+ *   1: r+ <- r mod q
+ *   2: r0 <- r+ mod+/- (2 * GAMMA2)
+ *   3: if r+ - r0 = q - 1 then
+ *   4:     r1 <- 0
+ *   5:     r0 <- r0 - 1
+ *   6: else r1 <- (r+ - r0) / (2 * GAMMA2)
+ *   7: end if
+ *   8: return (r1, r0)
+ *
+ * DILITHIUM_Q_LOW_88_2 = 0x2e800 = 0b101110100000000000
+ * t1 * DILITHIUM_Q_LOW_88_2 = (t1 << 18) - (t1 << 16) - (t1 << 12) - (t1 << 11)
+ *                           = ((93 * t1) << 11)
+ * Nothing faster than straight multiply.
+ *
+ * Implementation using Barrett Reduction.
+ *
+ * @param [in]  r   Value to decompose.
+ * @param [out] r0  Low bits.
+ * @param [out] r1  High bits.
+ */
+static void dilithium_decompose_q88(sword32 r, sword32* r0, sword32* r1)
+{
+    sword32 t0;
+    sword32 t1;
+#ifdef DILITHIUM_MUL_SLOW
+    sword32 t2;
+#endif
+
+    /* Roundup r and calculate approx high value. */
+#if !defined(DILITHIUM_MUL_44_SLOW)
+    t1 = ((r * 44) + ((DILITHIUM_Q_LOW_88 - 1) * 44)) >> 23;
+#elif !defined(DILITHIUM_MUL_11_SLOW)
+    t1 = ((r * 11) + ((DILITHIUM_Q_LOW_88 - 1) * 11)) >> 21;
+#else
+    t0 = r + DILITHIUM_Q_LOW_88 - 1;
+    t1 = ((t0 << 3) + (t0 << 1) + t0) >> 21;
+#endif
+    /* Calculate approx low value. */
+    t0 = r - (t1 * DILITHIUM_Q_LOW_88_2);
+#ifndef DILITHIUM_MUL_SLOW
+    /* Calculate real high value, When t0 > modulus, +1 to approx high value. */
+    t1 += ((word32)(DILITHIUM_Q_LOW_88 - t0)) >> 31;
+    /* Calculate real low value. */
+    t0 = r - (t1 * DILITHIUM_Q_LOW_88_2);
+#else
+    /* Calculate real high value, When t0 > modulus, +1 to approx high value. */
+    t2 = ((word32)(DILITHIUM_Q_LOW_88 - t0)) >> 31;
+    t1 += t2;
+    /* Calculate real low value. */
+    t0 -= (0 - t2) & DILITHIUM_Q_LOW_88_2;
+#endif
+    /* -1 from low value if high value is 44. Was 43 but low is negative. */
+    t0 -= ((word32)(43 - t1)) >> 31;
+    /* When high value is 44, too large, set to 0. */
+    t1 &= 0 - (((word32)(t1 - 44)) >> 31);
+
+    *r0 = t0;
+    *r1 = t1;
+}
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Decompose value into high and low based on GAMMA2 being ((q-1) / 32).
+ *
+ * FIPS 204. 8.4: Algorithm 30 Decompose(r)
+ *   1: r+ <- r mod q
+ *   2: r0 <- r+ mod+/- (2 * GAMMA2)
+ *   3: if r+ - r0 = q - 1 then
+ *   4:     r1 <- 0
+ *   5:     r0 <- r0 - 1
+ *   6: else r1 <- (r+ - r0) / (2 * GAMMA2)
+ *   7: end if
+ *   8: return (r1, r0)
+ *
+ * DILITHIUM_Q_LOW_32_2 = 0x7fe00 = 0b1111111111000000000
+ * t1 * DILITHIUM_Q_LOW_32_2 = (t1 << 19) - (t1 << 9)
+ *
+ * Implementation using Barrett Reduction.
+ *
+ * @param [in]  r   Value to decompose.
+ * @param [out] r0  Low bits.
+ * @param [out] r1  High bits.
+ */
+static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1)
+{
+    sword32 t0;
+    sword32 t1;
+
+    /* Roundup r and calculate approx high value. */
+    t1 = (r + DILITHIUM_Q_LOW_32 - 1) >> 19;
+    /* Calculate approx low value. */
+    t0 = r - (t1 << 19) + (t1 << 9);
+    /* Calculate real high value, When t0 > modulus, +1 to approx high value. */
+    t1 += ((word32)(DILITHIUM_Q_LOW_32 - t0)) >> 31;
+    /* Calculate real low value. */
+    t0 = r - (t1 << 19) + (t1 << 9);
+    /* -1 from low value if high value is 16. Was 15 but low is negative. */
+    t0 -= t1 >> 4;
+    /* When high value is 16, too large, set to 0. */
+    t1 &= 0xf;
+
+    *r0 = t0;
+    *r1 = t1;
+}
+#endif
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+    defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
+/* Decompose vector of polynomials into high and low based on GAMMA2.
+ *
+ * @param [in]  r       Vector of polynomials to decompose.
+ * @param [in]  k       Dimension of vector.
+ * @param [in]  gamma2  Low-order rounding range, GAMMA2.
+ * @param [out] r0      Low parts in vector of polynomials.
+ * @param [out] r1      High parts in vector of polynomials.
+ */
+static void dilithium_vec_decompose(const sword32* r, byte k, sword32 gamma2,
+    sword32* r0, sword32* r1)
+{
+    unsigned int i;
+    unsigned int j;
+
+    (void)k;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (gamma2 == DILITHIUM_Q_LOW_88) {
+        /* For each polynomial of vector. */
+        for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
+            /* For each value of polynomial. */
+            for (j = 0; j < DILITHIUM_N; j++) {
+                /* Decompose value into two vectors. */
+                dilithium_decompose_q88(r[j], &r0[j], &r1[j]);
+            }
+            /* Next polynomial of vectors. */
+            r += DILITHIUM_N;
+            r0 += DILITHIUM_N;
+            r1 += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+    if (gamma2 == DILITHIUM_Q_LOW_32) {
+        /* For each polynomial of vector. */
+        for (i = 0; i < k; i++) {
+            /* For each value of polynomial. */
+            for (j = 0; j < DILITHIUM_N; j++) {
+                /* Decompose value into two vectors. */
+                dilithium_decompose_q32(r[j], &r0[j], &r1[j]);
+            }
+            /* Next polynomial of vectors. */
+            r += DILITHIUM_N;
+            r0 += DILITHIUM_N;
+            r1 += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+    {
+    }
+}
+#endif
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+/******************************************************************************
+ * Range check operation
+ ******************************************************************************/
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+/* Check that the values of the polynomial are in range.
+ *
+ * Many places in FIPS 204. One example from Algorithm 2:
+ *   23:    if ||z||inf >= GAMMA1 - BETA or ..., then (z, h) = falsam
+ *
+ * @param [in] a   Polynomial.
+ * @param [in] hi  Largest value in range.
+ */
+static int dilithium_check_low(const sword32* a, sword32 hi)
+{
+    int ret = 1;
+    unsigned int j;
+    /* Calculate lowest range value. */
+    sword32 nhi = -hi;
+
+    /* For each value of polynomial. */
+    for (j = 0; j < DILITHIUM_N; j++) {
+        /* Check range is -(hi-1)..(hi-1). */
+        if ((a[j] <= nhi) || (a[j] >= hi)) {
+            /* Check failed. */
+            ret = 0;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+/* Check that the values of the vector are in range.
+ *
+ * Many places in FIPS 204. One example from Algorithm 2:
+ *   23:    if ||z||inf >= GAMMA1 - BETA or ..., then (z, h) = falsam
+ *
+ * @param [in] a   Vector of polynomials.
+ * @param [in] l   Dimension of vector.
+ * @param [in] hi  Largest value in range.
+ */
+static int dilithium_vec_check_low(const sword32* a, byte l, sword32 hi)
+{
+    int ret = 1;
+    unsigned int i;
+
+    /* For each polynomial of vector. */
+    for (i = 0; (ret == 1) && (i < l); i++) {
+        ret = dilithium_check_low(a, hi);
+        if (ret == 0) {
+            break;
+        }
+        /* Next polynomial. */
+        a += DILITHIUM_N;
+    }
+
+    return ret;
+}
+#endif
+#endif
+
+/******************************************************************************
+ * Hint operations
+ ******************************************************************************/
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Compute hints indicating whether adding ct0 to w alters high bits of w.
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
+ *   ...
+ *  26: h <- MakeHint(-<<ct0>>, w - <<sc2>> + <<ct0>>)
+ *  27: if ... or the number of 1's in h is greater than OMEGA, then
+ *      (z, h) <- falsam
+ *   ...
+ *  32: sigma <- sigEncode(c_tilda, z mod+/- q, h)
+ *   ...
+ *
+ * FIPS 204. 8.4: Algorithm 33 MakeHint(z, r)
+ *   1: r1 <- HighBits(r)
+ *   2: v1 <- HightBits(r+z)
+ *   3: return [[r1 != v1]]
+ *
+ * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h)
+ *   ...
+ *   5: sigma <- sigma || HintBitPack(h)
+ *   ...
+ *
+ * FIPS 204. 8.1: Algorithm 14 HintBitPack(h)
+ *   ...
+ *   4:     for j from 0 to 255 do
+ *   5:         if h[i]j != 0 then
+ *   6:             y[Index] <- j
+ *   7:             Index <- Index + 1
+ *   8:         end if
+ *   9:     end for
+ *   ...
+ *
+ * @param [in]      s       Vector of polynomials that is sum of ct0 and w0.
+ * @param [in]      w1      Vector of polynomials that is high part of w.
+ * @param [out]     h       Encoded hints.
+ * @param [in, out] idxp    Index to write next hint into.
+ * return  Number of hints on success.
+ * return  Falsam of -1 when too many hints.
+ */
+static int dilithium_make_hint_88(const sword32* s, const sword32* w1, byte* h,
+    byte *idxp)
+{
+    unsigned int j;
+    byte idx = *idxp;
+
+    /* Alg 14, Step 3: For each value of polynomial. */
+    for (j = 0; j < DILITHIUM_N; j++) {
+        /* Alg 14, Step 4: Check whether hint is required.
+         * Did sum end up greater than low modulus or
+         * sum end up less than the negative of low modulus or
+         * sum is the negative of the low modulus and w1 is not zero,
+         * then w1 will be modified.
+         */
+        if ((s[j] > (sword32)DILITHIUM_Q_LOW_88) ||
+                (s[j] < -(sword32)DILITHIUM_Q_LOW_88) ||
+                ((s[j] == -(sword32)DILITHIUM_Q_LOW_88) &&
+                 (w1[j] != 0))) {
+            /* Alg 14, Step 6, 7: Put index as hint modifier. */
+            h[idx++] = (byte)j;
+            /* Alg 2, Step 27: If there are too many hints, return
+             *                 falsam of -1. */
+            if (idx > PARAMS_ML_DSA_44_OMEGA) {
+                return -1;
+            }
+        }
+    }
+
+    *idxp = idx;
+    return 0;
+}
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Compute hints indicating whether adding ct0 to w alters high bits of w.
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
+ *   ...
+ *  26: h <- MakeHint(-<<ct0>>, w - <<sc2>> + <<ct0>>)
+ *  27: if ... or the number of 1's in h is greater than OMEGA, then
+ *      (z, h) <- falsam
+ *   ...
+ *  32: sigma <- sigEncode(c_tilda, z mod+/- q, h)
+ *   ...
+ *
+ * FIPS 204. 8.4: Algorithm 33 MakeHint(z, r)
+ *   1: r1 <- HighBits(r)
+ *   2: v1 <- HightBits(r+z)
+ *   3: return [[r1 != v1]]
+ *
+ * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h)
+ *   ...
+ *   5: sigma <- sigma || HintBitPack(h)
+ *   ...
+ *
+ * FIPS 204. 8.1: Algorithm 14 HintBitPack(h)
+ *   ...
+ *   4:     for j from 0 to 255 do
+ *   5:         if h[i]j != 0 then
+ *   6:             y[Index] <- j
+ *   7:             Index <- Index + 1
+ *   8:         end if
+ *   9:     end for
+ *   ...
+ *
+ * @param [in]      s       Vector of polynomials that is sum of ct0 and w0.
+ * @param [in]      w1      Vector of polynomials that is high part of w.
+ * @param [in]      omega   Maximum number of hints allowed.
+ * @param [out]     h       Encoded hints.
+ * @param [in, out] idxp    Index to write next hint into.
+ * return  Number of hints on success.
+ * return  Falsam of -1 when too many hints.
+ */
+static int dilithium_make_hint_32(const sword32* s, const sword32* w1,
+    byte omega, byte* h, byte *idxp)
+{
+    unsigned int j;
+    byte idx = *idxp;
+
+    (void)omega;
+
+    /* Alg 14, Step 3: For each value of polynomial. */
+    for (j = 0; j < DILITHIUM_N; j++) {
+        /* Alg 14, Step 4: Check whether hint is required.
+         * Did sum end up greater than low modulus or
+         * sum end up less than the negative of low modulus or
+         * sum is the negative of the low modulus and w1 is not zero,
+         * then w1 will be modified.
+         */
+        if ((s[j] > (sword32)DILITHIUM_Q_LOW_32) ||
+                (s[j] < -(sword32)DILITHIUM_Q_LOW_32) ||
+                ((s[j] == -(sword32)DILITHIUM_Q_LOW_32) &&
+                 (w1[j] != 0))) {
+            /* Alg 14, Step 6, 7: Put index as hint modifier. */
+            h[idx++] = (byte)j;
+            /* Alg 2, Step 27: If there are too many hints, return
+             *                 falsam of -1. */
+            if (idx > omega) {
+                return -1;
+            }
+        }
+    }
+
+    *idxp = idx;
+    return 0;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+/* Compute hints indicating whether adding ct0 to w alters high bits of w.
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
+ *   ...
+ *  26: h <- MakeHint(-<<ct0>>, w - <<sc2>> + <<ct0>>)
+ *  27: if ... or the number of 1's in h is greater than OMEGA, then
+ *      (z, h) <- falsam
+ *   ...
+ *  32: sigma <- sigEncode(c_tilda, z mod+/- q, h)
+ *   ...
+ *
+ * FIPS 204. 8.4: Algorithm 33 MakeHint(z, r)
+ *   1: r1 <- HighBits(r)
+ *   2: v1 <- HightBits(r+z)
+ *   3: return [[r1 != v1]]
+ *
+ * FIPS 204. 8.2: Algorithm 20 sigEncode(c_tilde, z, h)
+ *   ...
+ *   5: sigma <- sigma || HintBitPack(h)
+ *   ...
+ *
+ * FIPS 204. 8.1: Algorithm 14 HintBitPack(h)
+ *   ...
+ *   2: Index <- 0
+ *   3. for i from 0 to k - 1 do
+ *   4:     for j from 0 to 255 do
+ *   5:         if h[i]j != 0 then
+ *   6:             y[Index] <- j
+ *   7:             Index <- Index + 1
+ *   8:         end if
+ *   9:     end for
+ *  10:     y[OMEGA + i] <- Index
+ *  11: end for
+ *  12: return y
+ *
+ * @param [in]  s       Vector of polynomials that is sum of ct0 and w0.
+ * @param [in]  w1      Vector of polynomials that is high part of w.
+ * @param [in]  k       Dimension of vectors.
+ * @param [in]  gamma2  Low-order rounding range, GAMMA2.
+ * @param [in]  omega   Maximum number of hints allowed.
+ * @param [out] h       Encoded hints.
+ * return  Number of hints on success.
+ * return  Falsam of -1 when too many hints.
+ */
+static int dilithium_make_hint(const sword32* s, const sword32* w1, byte k,
+    word32 gamma2, byte omega, byte* h)
+{
+    unsigned int i;
+    byte idx = 0;
+
+    (void)k;
+    (void)omega;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (gamma2 == DILITHIUM_Q_LOW_88) {
+        /* Alg 14, Step 2: For each polynomial of vector. */
+        for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
+            if (dilithium_make_hint_88(s, w1, h, &idx) == -1) {
+                return -1;
+            }
+            /* Alg 14, Step 10: Store count of hints for polynomial at end of
+             *                  list. */
+            h[PARAMS_ML_DSA_44_OMEGA + i] = idx;
+            /* Next polynomial. */
+            s  += DILITHIUM_N;
+            w1 += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+    if (gamma2 == DILITHIUM_Q_LOW_32) {
+        /* Alg 14, Step 2: For each polynomial of vector. */
+        for (i = 0; i < k; i++) {
+            if (dilithium_make_hint_32(s, w1, omega, h, &idx) == -1) {
+                return -1;
+            }
+            /* Alg 14, Step 10: Store count of hints for polynomial at end of
+             *                  list. */
+            h[omega + i] = idx;
+            /* Next polynomial. */
+            s  += DILITHIUM_N;
+            w1 += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+    {
+    }
+
+    /* Set remaining hints to zero. */
+    XMEMSET(h + idx, 0, omega - idx);
+    return idx;
+}
+#endif /* !WOLFSSL_DILITHIUM_SIGN_SMALL_MEM */
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+/* Check that the hints are valid.
+ *
+ * @param [in] h      Hints to check
+ * @param [in] k      Dimension of vector.
+ * @param [in] omega  Maximum number of hints. Hint counts after this index.
+ * @return  0 when hints valid.
+ * @return  SIG_VERIFY_E when hints invalid.
+ */
+static int dilithium_check_hint(const byte* h, byte k, byte omega)
+{
+    int ret = 0;
+    unsigned int o = 0;
+    unsigned int i;
+
+    /* Skip polynomial index while count is 0. */
+    while ((o < k) && (h[omega + o] == 0)) {
+        o++;
+    }
+    /* Check all possible hints. */
+    for (i = 1; (o < k) && (i < omega); i++) {
+        /* Done with polynomial if index equals count of hints. */
+        if (i == h[omega + o]) {
+            /* Next polynomial index while count is index. */
+            do {
+                o++;
+            }
+            while ((o < k) && (i == h[omega + o]));
+            /* Stop if hints for all polynomials checked. */
+            if (o == k) {
+                break;
+            }
+        }
+        /* Ensure the last hint is less than the current hint. */
+        else if (h[i - 1] >= h[i]) {
+            ret = SIG_VERIFY_E;
+            break;
+        }
+    }
+    if (ret == 0) {
+        /* Use up any sizes that are the last element. */
+        while ((o < k) && (i == h[omega + o])) {
+            o++;
+        }
+        /* Ensure all sizes were used. */
+        if (o != k) {
+            ret = SIG_VERIFY_E;
+        }
+    }
+    /* Check remaining hints are 0. */
+    for (; (ret == 0) && (i < omega); i++) {
+        if (h[i] != 0) {
+           ret = SIG_VERIFY_E;
+        }
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Use hints to modify w1.
+ *
+ * FIPS 204. 8.4: Algorithm 34 UseHint(h, r)
+ *   1: m <- (q - 1) / (2 * GAMMA2)
+ *   2: (r1, r0) <- Decompose(r)
+ *   3: if h == 1 and r0 > 0 return (r1 + 1) mod m
+ *   4: if h == 1 and r0 <= 0 return (r1 - 1) mod m
+ *   5: return r1
+ *
+ * @param [in, out] w1  Vector of polynomials needing hints applied to.
+ * @param [in]      h   Hints to apply. In signature encoding.
+ * @param [in]      i   Dimension index.
+ * @param [in, out] op  Pointer to current offset into hints.
+ */
+static void dilithium_use_hint_88(sword32* w1, const byte* h, unsigned int i,
+    byte* op)
+{
+    byte o = *op;
+    unsigned int j;
+
+    /* For each value of polynomial. */
+    for (j = 0; j < DILITHIUM_N; j++) {
+        sword32 r;
+        sword32 r0;
+        sword32 r1;
+#ifdef DILITHIUM_USE_HINT_CT
+        /* Hint is 1 when index is next in hint list. */
+        sword32 hint = ((o < h[PARAMS_ML_DSA_44_OMEGA + i]) &
+                        (h[o] == (byte)j));
+
+        /* Increment hint offset if this index has hint. */
+        o += hint;
+        /* Convert value to positive only range. */
+        r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q);
+        /* Decompose value into low and high parts. */
+        dilithium_decompose_q88(r, &r0, &r1);
+        /* Make hint positive or negative based on sign of r0. */
+        hint = (1 - (2 * (((word32)r0) >> 31))) & (0 - hint);
+        /* Make w1 only the top part plus the hint. */
+        w1[j] = r1 + hint;
+
+        /* Fix up w1 to not be 44 but 0. */
+        w1[j] &= 0 - (((word32)(w1[j] - 44)) >> 31);
+        /* Hint may have reduced 0 to -1 which is actually 43. */
+        w1[j] += (0 - (((word32)w1[j]) >> 31)) & 44;
+#else
+        /* Convert value to positive only range. */
+        r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q);
+        /* Decompose value into low and high parts. */
+        dilithium_decompose_q88(r, &r0, &r1);
+        /* Check for hint. */
+        if ((o < h[PARAMS_ML_DSA_44_OMEGA + i]) && (h[o] == (byte)j)) {
+            /* Add or subtrac hint based on sign of r0. */
+            r1 += 1 - (2 * (((word32)r0) >> 31));
+            /* Go to next hint offset. */
+            o++;
+        }
+        /* Fix up w1 to not be 44 but 0. */
+        r1 &= 0 - (((word32)(r1 - 44)) >> 31);
+        /* Hint may have reduced 0 to -1 which is actually 43. */
+        r1 += (0 - (((word32)r1) >> 31)) & 44;
+        /* Make w1 only the top part plus any hint. */
+        w1[j] = r1;
+#endif
+    }
+    *op = o;
+}
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+/* Use hints to modify w1.
+ *
+ * FIPS 204. 8.4: Algorithm 34 UseHint(h, r)
+ *   1: m <- (q - 1) / (2 * GAMMA2)
+ *   2: (r1, r0) <- Decompose(r)
+ *   3: if h == 1 and r0 > 0 return (r1 + 1) mod m
+ *   4: if h == 1 and r0 <= 0 return (r1 - 1) mod m
+ *   5: return r1
+ *
+ * @param [in, out] w1     Vector of polynomials needing hints applied to.
+ * @param [in]      h      Hints to apply. In signature encoding.
+ * @param [in]      omega  Max number of hints. Hint counts after this index.
+ * @param [in]      i      Dimension index.
+ * @param [in, out] op     Pointer to current offset into hints.
+ */
+static void dilithium_use_hint_32(sword32* w1, const byte* h, byte omega,
+    unsigned int i, byte* op)
+{
+    byte o = *op;
+    unsigned int j;
+
+    /* For each value of polynomial. */
+    for (j = 0; j < DILITHIUM_N; j++) {
+        sword32 r;
+        sword32 r0;
+        sword32 r1;
+#ifdef DILITHIUM_USE_HINT_CT
+        /* Hint is 1 when index is next in hint list. */
+        sword32 hint = ((o < h[omega + i]) & (h[o] == (byte)j));
+
+        /* Increment hint offset if this index has hint. */
+        o += hint;
+        /* Convert value to positive only range. */
+        r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q);
+        /* Decompose value into low and high parts. */
+        dilithium_decompose_q32(r, &r0, &r1);
+        /* Make hint positive or negative based on sign of r0. */
+        hint = (1 - (2 * (((word32)r0) >> 31))) & (0 - hint);
+        /* Make w1 only the top part plus the hint. */
+        w1[j] = r1 + hint;
+
+        /* Fix up w1 not be 16 (-> 0) or -1 (-> 15). */
+        w1[j] &= 0xf;
+#else
+        /* Convert value to positive only range. */
+        r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q);
+        /* Decompose value into low and high parts. */
+        dilithium_decompose_q32(r, &r0, &r1);
+        /* Check for hint. */
+        if ((o < h[omega + i]) && (h[o] == (byte)j)) {
+            /* Add or subtract hint based on sign of r0. */
+            r1 += 1 - (2 * (((word32)r0) >> 31));
+            /* Go to next hint offset. */
+            o++;
+        }
+        /* Fix up w1 not be 16 (-> 0) or -1 (-> 15). */
+        w1[j] = r1 & 0xf;
+#endif
+    }
+    *op = o;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
+/* Use hints to modify w1.
+ *
+ * FIPS 204. 8.4: Algorithm 34 UseHint(h, r)
+ *   1: m <- (q - 1) / (2 * GAMMA2)
+ *   2: (r1, r0) <- Decompose(r)
+ *   3: if h == 1 and r0 > 0 return (r1 + 1) mod m
+ *   4: if h == 1 and r0 <= 0 return (r1 - 1) mod m
+ *   5: return r1
+ *
+ * @param [in, out] w1      Vector of polynomials needing hints applied to.
+ * @param [in]      k       Dimension of vector.
+ * @param [in]      gamma2  Low-order rounding range, GAMMA2.
+ * @param [in]      omega   Max number of hints. Hint counts after this index.
+ * @param [in]      h       Hints to apply. In signature encoding.
+ */
+static void dilithium_vec_use_hint(sword32* w1, byte k, word32 gamma2,
+    byte omega, const byte* h)
+{
+    unsigned int i;
+    byte o = 0;
+
+    (void)k;
+    (void)omega;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (gamma2 == DILITHIUM_Q_LOW_88) {
+        /* For each polynomial of vector. */
+        for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
+            dilithium_use_hint_88(w1, h, i, &o);
+            w1 += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+    if (gamma2 == DILITHIUM_Q_LOW_32) {
+        /* For each polynomial of vector. */
+        for (i = 0; i < k; i++) {
+            dilithium_use_hint_32(w1, h, omega, i, &o);
+            w1 += DILITHIUM_N;
+        }
+    }
+    else
+#endif
+    {
+    }
+}
+#endif
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+/******************************************************************************
+ * Maths operations
+ ******************************************************************************/
+
+/* q^-1 mod 2^32 (inverse of 8380417 mod 2^32 = 58728449 = 0x3802001) */
+#define DILITHIUM_QINV          58728449
+
+/* Montgomery reduce a.
+ *
+ * @param  [in]  a  64-bit value to be reduced.
+ * @return  Montgomery reduction result.
+ */
+static sword32 dilithium_mont_red(sword64 a)
+{
+#ifndef DILITHIUM_MUL_QINV_SLOW
+    sword64 t = (sword32)((sword32)a * (sword32)DILITHIUM_QINV);
+#else
+    sword64 t = (sword32)((sword32)a + (sword32)((sword32)a << 13) -
+        (sword32)((sword32)a << 23) + (sword32)((sword32)a << 26));
+#endif
+#ifndef DILITHIUM_MUL_Q_SLOW
+    return (sword32)((a - ((sword32)t * (sword64)DILITHIUM_Q)) >> 32);
+#else
+    return (sword32)((a - (t << 23) + (t << 13) - t) >> 32);
+#endif
+}
+
+#if !defined(WOLFSSL_DILITHIUM_SMALL) || !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+
+/* Reduce 32-bit a modulo q. r = a mod q.
+ *
+ * @param  [in]  a  32-bit value to be reduced to range of q.
+ * @return  Modulo result.
+ */
+static sword32 dilithium_red(sword32 a)
+{
+    sword32 t = (sword32)((a + (1 << 22)) >> 23);
+#ifndef DILITHIUM_MUL_Q_SLOW
+    return (sword32)(a - (t * DILITHIUM_Q));
+#else
+    return (sword32)(a - (t << 23) + (t << 13) - t);
+#endif
+}
+
+#endif /* !WOLFSSL_DILITHIUM_SMALL || !WOLFSSL_DILITHIUM_NO_SIGN */
+
+/* Zetas for NTT. */
+static const sword32 zetas[DILITHIUM_N] = {
+   -41978,    25847, -2608894,  -518909,   237124,  -777960,  -876248,   466468,
+  1826347,  2353451,  -359251, -2091905,  3119733, -2884855,  3111497,  2680103,
+  2725464,  1024112, -1079900,  3585928,  -549488, -1119584,  2619752, -2108549,
+ -2118186, -3859737, -1399561, -3277672,  1757237,   -19422,  4010497,   280005,
+  2706023,    95776,  3077325,  3530437, -1661693, -3592148, -2537516,  3915439,
+ -3861115, -3043716,  3574422, -2867647,  3539968,  -300467,  2348700,  -539299,
+ -1699267, -1643818,  3505694, -3821735,  3507263, -2140649, -1600420,  3699596,
+   811944,   531354,   954230,  3881043,  3900724, -2556880,  2071892, -2797779,
+ -3930395, -1528703, -3677745, -3041255, -1452451,  3475950,  2176455, -1585221,
+ -1257611,  1939314, -4083598, -1000202, -3190144, -3157330, -3632928,   126922,
+  3412210,  -983419,  2147896,  2715295, -2967645, -3693493,  -411027, -2477047,
+  -671102, -1228525,   -22981, -1308169,  -381987,  1349076,  1852771, -1430430,
+ -3343383,   264944,   508951,  3097992,    44288, -1100098,   904516,  3958618,
+ -3724342,    -8578,  1653064, -3249728,  2389356,  -210977,   759969, -1316856,
+   189548, -3553272,  3159746, -1851402, -2409325,  -177440,  1315589,  1341330,
+  1285669, -1584928,  -812732, -1439742, -3019102, -3881060, -3628969,  3839961,
+  2091667,  3407706,  2316500,  3817976, -3342478,  2244091, -2446433, -3562462,
+   266997,  2434439, -1235728,  3513181, -3520352, -3759364, -1197226, -3193378,
+   900702,  1859098,   909542,   819034,   495491, -1613174,   -43260,  -522500,
+  -655327, -3122442,  2031748,  3207046, -3556995,  -525098,  -768622, -3595838,
+   342297,   286988, -2437823,  4108315,  3437287, -3342277,  1735879,   203044,
+  2842341,  2691481, -2590150,  1265009,  4055324,  1247620,  2486353,  1595974,
+ -3767016,  1250494,  2635921, -3548272, -2994039,  1869119,  1903435, -1050970,
+ -1333058,  1237275, -3318210, -1430225,  -451100,  1312455,  3306115, -1962642,
+ -1279661,  1917081, -2546312, -1374803,  1500165,   777191,  2235880,  3406031,
+  -542412, -2831860, -1671176, -1846953, -2584293, -3724270,   594136, -3776993,
+ -2013608,  2432395,  2454455,  -164721,  1957272,  3369112,   185531, -1207385,
+ -3183426,   162844,  1616392,  3014001,   810149,  1652634, -3694233, -1799107,
+ -3038916,  3523897,  3866901,   269760,  2213111,  -975884,  1717735,   472078,
+  -426683,  1723600, -1803090,  1910376, -1667432, -1104333,  -260646, -3833893,
+ -2939036, -2235985,  -420899, -2286327,   183443,  -976891,  1612842, -3545687,
+  -554416,  3919660,   -48306, -1362209,  3937738,  1400424,  -846154,  1976782
+};
+
+#ifndef WOLFSSL_DILITHIUM_SMALL
+/* Zetas for inverse NTT. */
+static const sword32 zetas_inv[DILITHIUM_N] = {
+ -1976782,   846154, -1400424, -3937738,  1362209,    48306, -3919660,   554416,
+  3545687, -1612842,   976891,  -183443,  2286327,   420899,  2235985,  2939036,
+  3833893,   260646,  1104333,  1667432, -1910376,  1803090, -1723600,   426683,
+  -472078, -1717735,   975884, -2213111,  -269760, -3866901, -3523897,  3038916,
+  1799107,  3694233, -1652634,  -810149, -3014001, -1616392,  -162844,  3183426,
+  1207385,  -185531, -3369112, -1957272,   164721, -2454455, -2432395,  2013608,
+  3776993,  -594136,  3724270,  2584293,  1846953,  1671176,  2831860,   542412,
+ -3406031, -2235880,  -777191, -1500165,  1374803,  2546312, -1917081,  1279661,
+  1962642, -3306115, -1312455,   451100,  1430225,  3318210, -1237275,  1333058,
+  1050970, -1903435, -1869119,  2994039,  3548272, -2635921, -1250494,  3767016,
+ -1595974, -2486353, -1247620, -4055324, -1265009,  2590150, -2691481, -2842341,
+  -203044, -1735879,  3342277, -3437287, -4108315,  2437823,  -286988,  -342297,
+  3595838,   768622,   525098,  3556995, -3207046, -2031748,  3122442,   655327,
+   522500,    43260,  1613174,  -495491,  -819034,  -909542, -1859098,  -900702,
+  3193378,  1197226,  3759364,  3520352, -3513181,  1235728, -2434439,  -266997,
+  3562462,  2446433, -2244091,  3342478, -3817976, -2316500, -3407706, -2091667,
+ -3839961,  3628969,  3881060,  3019102,  1439742,   812732,  1584928, -1285669,
+ -1341330, -1315589,   177440,  2409325,  1851402, -3159746,  3553272,  -189548,
+  1316856,  -759969,   210977, -2389356,  3249728, -1653064,     8578,  3724342,
+ -3958618,  -904516,  1100098,   -44288, -3097992,  -508951,  -264944,  3343383,
+  1430430, -1852771, -1349076,   381987,  1308169,    22981,  1228525,   671102,
+  2477047,   411027,  3693493,  2967645, -2715295, -2147896,   983419, -3412210,
+  -126922,  3632928,  3157330,  3190144,  1000202,  4083598, -1939314,  1257611,
+  1585221, -2176455, -3475950,  1452451,  3041255,  3677745,  1528703,  3930395,
+  2797779, -2071892,  2556880, -3900724, -3881043,  -954230,  -531354,  -811944,
+ -3699596,  1600420,  2140649, -3507263,  3821735, -3505694,  1643818,  1699267,
+   539299, -2348700,   300467, -3539968,  2867647, -3574422,  3043716,  3861115,
+ -3915439,  2537516,  3592148,  1661693, -3530437, -3077325,   -95776, -2706023,
+  -280005, -4010497,    19422, -1757237,  3277672,  1399561,  3859737,  2118186,
+  2108549, -2619752,  1119584,   549488, -3585928,  1079900, -1024112, -2725464,
+ -2680103, -3111497,  2884855, -3119733,  2091905,   359251, -2353451, -1826347,
+  -466468,   876248,   777960,  -237124,   518909,  2608894,   -25847,    41978
+};
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_MAKE) && defined(WOLFSSL_DILITHIUM_SMALL))
+
+/* One iteration of Number-Theoretic Transform.
+ *
+ * @param [in] len  Length of sequence.
+ */
+#define NTT(len)                                                            \
+do {                                                                        \
+    for (start = 0; start < DILITHIUM_N; start += 2 * (len)) {              \
+        zeta = zetas[++k];                                                  \
+        for (j = 0; j < (len); ++j) {                                       \
+            sword32 t =                                                     \
+                dilithium_mont_red((sword64)zeta * r[start + j + (len)]);   \
+            sword32 rj = r[start + j];                                      \
+            r[start + j + (len)] = rj - t;                                  \
+            r[start + j] = rj + t;                                          \
+        }                                                                   \
+    }                                                                       \
+}                                                                           \
+while (0)
+
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_ntt(sword32* r)
+{
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+
+    k = 0;
+    for (len = DILITHIUM_N / 2; len >= 1; len >>= 1) {
+        unsigned int start;
+        for (start = 0; start < DILITHIUM_N; start = j + len) {
+            sword32 zeta = zetas[++k];
+            for (j = start; j < start + len; ++j) {
+                sword32 t = dilithium_mont_red((sword64)zeta * r[j + len]);
+                sword32 rj = r[j];
+                r[j + len] = rj - t;
+                r[j] = rj + t;
+            }
+        }
+    }
+#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE)
+    unsigned int j;
+    unsigned int k;
+    unsigned int start;
+    sword32 zeta;
+
+    zeta = zetas[1];
+    for (j = 0; j < DILITHIUM_N / 2; j++) {
+        sword32 t =
+            dilithium_mont_red((sword64)zeta * r[j + DILITHIUM_N / 2]);
+        sword32 rj = r[j];
+        r[j + DILITHIUM_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+
+    k = 1;
+    NTT(64);
+    NTT(32);
+    NTT(16);
+    NTT(8);
+    NTT(4);
+    NTT(2);
+
+    for (j = 0; j < DILITHIUM_N; j += 2) {
+        sword32 t = dilithium_mont_red((sword64)zetas[++k] * r[j + 1]);
+        sword32 rj = r[j];
+        r[j + 1] = rj - t;
+        r[j] = rj + t;
+    }
+#elif defined(WC_32BIT_CPU)
+    unsigned int j;
+    unsigned int k;
+    sword32 t0;
+    sword32 t2;
+
+    sword32 zeta128 = zetas[1];
+    sword32 zeta640 = zetas[2];
+    sword32 zeta641 = zetas[3];
+    for (j = 0; j < DILITHIUM_N / 4; j++) {
+        sword32 r0 = r[j +   0];
+        sword32 r2 = r[j +  64];
+        sword32 r4 = r[j + 128];
+        sword32 r6 = r[j + 192];
+
+        t0 = dilithium_mont_red((sword64)zeta128 * r4);
+        t2 = dilithium_mont_red((sword64)zeta128 * r6);
+        r4 = r0 - t0;
+        r6 = r2 - t2;
+        r0 += t0;
+        r2 += t2;
+
+        t0 = dilithium_mont_red((sword64)zeta640 * r2);
+        t2 = dilithium_mont_red((sword64)zeta641 * r6);
+        r2 = r0 - t0;
+        r6 = r4 - t2;
+        r0 += t0;
+        r4 += t2;
+
+        r[j +   0] = r0;
+        r[j +  64] = r2;
+        r[j + 128] = r4;
+        r[j + 192] = r6;
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 64) {
+        int i;
+        sword32 zeta32  = zetas[ 4 + j / 64 + 0];
+        sword32 zeta160 = zetas[ 8 + j / 32 + 0];
+        sword32 zeta161 = zetas[ 8 + j / 32 + 1];
+        for (i = 0; i < 16; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r2 = r[j + i + 16];
+            sword32 r4 = r[j + i + 32];
+            sword32 r6 = r[j + i + 48];
+
+            t0 = dilithium_mont_red((sword64)zeta32 * r4);
+            t2 = dilithium_mont_red((sword64)zeta32 * r6);
+            r4 = r0 - t0;
+            r6 = r2 - t2;
+            r0 += t0;
+            r2 += t2;
+
+            t0 = dilithium_mont_red((sword64)zeta160 * r2);
+            t2 = dilithium_mont_red((sword64)zeta161 * r6);
+            r2 = r0 - t0;
+            r6 = r4 - t2;
+            r0 += t0;
+            r4 += t2;
+
+            r[j + i +  0] = r0;
+            r[j + i + 16] = r2;
+            r[j + i + 32] = r4;
+            r[j + i + 48] = r6;
+        }
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 16) {
+        int i;
+        sword32 zeta8   = zetas[16 + j / 16];
+        sword32 zeta40  = zetas[32 + j / 8 + 0];
+        sword32 zeta41  = zetas[32 + j / 8 + 1];
+        for (i = 0; i < 4; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r2 = r[j + i +  4];
+            sword32 r4 = r[j + i +  8];
+            sword32 r6 = r[j + i + 12];
+
+            t0 = dilithium_mont_red((sword64)zeta8 * r4);
+            t2 = dilithium_mont_red((sword64)zeta8 * r6);
+            r4 = r0 - t0;
+            r6 = r2 - t2;
+            r0 += t0;
+            r2 += t2;
+
+            t0 = dilithium_mont_red((sword64)zeta40 * r2);
+            t2 = dilithium_mont_red((sword64)zeta41 * r6);
+            r2 = r0 - t0;
+            r6 = r4 - t2;
+            r0 += t0;
+            r4 += t2;
+
+            r[j + i +  0] = r0;
+            r[j + i +  4] = r2;
+            r[j + i +  8] = r4;
+            r[j + i + 12] = r6;
+        }
+    }
+
+    k = 128;
+    for (j = 0; j < DILITHIUM_N; j += 4) {
+        sword32 zeta2 = zetas[64 + j / 4];
+        sword32 r0 = r[j + 0];
+        sword32 r2 = r[j + 1];
+        sword32 r4 = r[j + 2];
+        sword32 r6 = r[j + 3];
+
+        t0 = dilithium_mont_red((sword64)zeta2 * r4);
+        t2 = dilithium_mont_red((sword64)zeta2 * r6);
+        r4 = r0 - t0;
+        r6 = r2 - t2;
+        r0 += t0;
+        r2 += t2;
+
+        t0 = dilithium_mont_red((sword64)zetas[k++] * r2);
+        t2 = dilithium_mont_red((sword64)zetas[k++] * r6);
+        r2 = r0 - t0;
+        r6 = r4 - t2;
+        r0 += t0;
+        r4 += t2;
+
+        r[j + 0] = r0;
+        r[j + 1] = r2;
+        r[j + 2] = r4;
+        r[j + 3] = r6;
+    }
+#else
+    unsigned int j;
+    unsigned int k;
+    sword32 t0;
+    sword32 t1;
+    sword32 t2;
+    sword32 t3;
+
+    sword32 zeta128 = zetas[1];
+    sword32 zeta640 = zetas[2];
+    sword32 zeta641 = zetas[3];
+    for (j = 0; j < DILITHIUM_N / 8; j++) {
+        sword32 r0 = r[j +   0];
+        sword32 r1 = r[j +  32];
+        sword32 r2 = r[j +  64];
+        sword32 r3 = r[j +  96];
+        sword32 r4 = r[j + 128];
+        sword32 r5 = r[j + 160];
+        sword32 r6 = r[j + 192];
+        sword32 r7 = r[j + 224];
+
+        t0 = dilithium_mont_red((sword64)zeta128 * r4);
+        t1 = dilithium_mont_red((sword64)zeta128 * r5);
+        t2 = dilithium_mont_red((sword64)zeta128 * r6);
+        t3 = dilithium_mont_red((sword64)zeta128 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = dilithium_mont_red((sword64)zeta640 * r2);
+        t1 = dilithium_mont_red((sword64)zeta640 * r3);
+        t2 = dilithium_mont_red((sword64)zeta641 * r6);
+        t3 = dilithium_mont_red((sword64)zeta641 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 64) {
+        int i;
+        sword32 zeta32  = zetas[ 4 + j / 64 + 0];
+        sword32 zeta160 = zetas[ 8 + j / 32 + 0];
+        sword32 zeta161 = zetas[ 8 + j / 32 + 1];
+        sword32 zeta80  = zetas[16 + j / 16 + 0];
+        sword32 zeta81  = zetas[16 + j / 16 + 1];
+        sword32 zeta82  = zetas[16 + j / 16 + 2];
+        sword32 zeta83  = zetas[16 + j / 16 + 3];
+        for (i = 0; i < 8; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r1 = r[j + i +  8];
+            sword32 r2 = r[j + i + 16];
+            sword32 r3 = r[j + i + 24];
+            sword32 r4 = r[j + i + 32];
+            sword32 r5 = r[j + i + 40];
+            sword32 r6 = r[j + i + 48];
+            sword32 r7 = r[j + i + 56];
+
+            t0 = dilithium_mont_red((sword64)zeta32 * r4);
+            t1 = dilithium_mont_red((sword64)zeta32 * r5);
+            t2 = dilithium_mont_red((sword64)zeta32 * r6);
+            t3 = dilithium_mont_red((sword64)zeta32 * r7);
+            r4 = r0 - t0;
+            r5 = r1 - t1;
+            r6 = r2 - t2;
+            r7 = r3 - t3;
+            r0 += t0;
+            r1 += t1;
+            r2 += t2;
+            r3 += t3;
+
+            t0 = dilithium_mont_red((sword64)zeta160 * r2);
+            t1 = dilithium_mont_red((sword64)zeta160 * r3);
+            t2 = dilithium_mont_red((sword64)zeta161 * r6);
+            t3 = dilithium_mont_red((sword64)zeta161 * r7);
+            r2 = r0 - t0;
+            r3 = r1 - t1;
+            r6 = r4 - t2;
+            r7 = r5 - t3;
+            r0 += t0;
+            r1 += t1;
+            r4 += t2;
+            r5 += t3;
+
+            t0 = dilithium_mont_red((sword64)zeta80 * r1);
+            t1 = dilithium_mont_red((sword64)zeta81 * r3);
+            t2 = dilithium_mont_red((sword64)zeta82 * r5);
+            t3 = dilithium_mont_red((sword64)zeta83 * r7);
+            r1 = r0 - t0;
+            r3 = r2 - t1;
+            r5 = r4 - t2;
+            r7 = r6 - t3;
+            r0 += t0;
+            r2 += t1;
+            r4 += t2;
+            r6 += t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    k = 128;
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        sword32 zeta4  = zetas[32 + j / 8 + 0];
+        sword32 zeta20 = zetas[64 + j / 4 + 0];
+        sword32 zeta21 = zetas[64 + j / 4 + 1];
+        sword32 r0 = r[j + 0];
+        sword32 r1 = r[j + 1];
+        sword32 r2 = r[j + 2];
+        sword32 r3 = r[j + 3];
+        sword32 r4 = r[j + 4];
+        sword32 r5 = r[j + 5];
+        sword32 r6 = r[j + 6];
+        sword32 r7 = r[j + 7];
+
+        t0 = dilithium_mont_red((sword64)zeta4 * r4);
+        t1 = dilithium_mont_red((sword64)zeta4 * r5);
+        t2 = dilithium_mont_red((sword64)zeta4 * r6);
+        t3 = dilithium_mont_red((sword64)zeta4 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = dilithium_mont_red((sword64)zeta20 * r2);
+        t1 = dilithium_mont_red((sword64)zeta20 * r3);
+        t2 = dilithium_mont_red((sword64)zeta21 * r6);
+        t3 = dilithium_mont_red((sword64)zeta21 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        t0 = dilithium_mont_red((sword64)zetas[k++] * r1);
+        t1 = dilithium_mont_red((sword64)zetas[k++] * r3);
+        t2 = dilithium_mont_red((sword64)zetas[k++] * r5);
+        t3 = dilithium_mont_red((sword64)zetas[k++] * r7);
+        r1 = r0 - t0;
+        r3 = r2 - t1;
+        r5 = r4 - t2;
+        r7 = r6 - t3;
+        r0 += t0;
+        r2 += t1;
+        r4 += t2;
+        r6 += t3;
+
+        r[j + 0] = r0;
+        r[j + 1] = r1;
+        r[j + 2] = r2;
+        r[j + 3] = r3;
+        r[j + 4] = r4;
+        r[j + 5] = r5;
+        r[j + 6] = r6;
+        r[j + 7] = r7;
+    }
+#endif
+}
+
+#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
+      !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)))
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+static void dilithium_vec_ntt(sword32* r, byte l)
+{
+    unsigned int i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_ntt(r);
+        r += DILITHIUM_N;
+    }
+}
+#endif
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_SMALL
+
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_ntt_small(sword32* r)
+{
+    unsigned int k;
+    unsigned int j;
+#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE
+    unsigned int start;
+    sword32 zeta;
+
+    for (j = 0; j < DILITHIUM_N / 2; ++j) {
+        sword32 t = dilithium_red((sword32)-3572223 * r[j + DILITHIUM_N / 2]);
+        sword32 rj = r[j];
+        r[j + DILITHIUM_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+
+    k = 1;
+    NTT(64);
+    NTT(32);
+    NTT(16);
+    NTT(8);
+    NTT(4);
+    NTT(2);
+
+    for (j = 0; j < DILITHIUM_N; j += 2) {
+        sword32 t = dilithium_mont_red((sword64)zetas[++k] * r[j + 1]);
+        sword32 rj = r[j];
+        r[j + 1] = rj - t;
+        r[j] = rj + t;
+    }
+#elif defined(WC_32BIT_CPU)
+    sword32 t0;
+    sword32 t2;
+
+    sword32 zeta640 = zetas[2];
+    sword32 zeta641 = zetas[3];
+    for (j = 0; j < DILITHIUM_N / 4; j++) {
+        sword32 r0 = r[j +   0];
+        sword32 r2 = r[j +  64];
+        sword32 r4 = r[j + 128];
+        sword32 r6 = r[j + 192];
+
+        t0 = dilithium_red((sword32)-3572223 * r4);
+        t2 = dilithium_red((sword32)-3572223 * r6);
+        r4 = r0 - t0;
+        r6 = r2 - t2;
+        r0 += t0;
+        r2 += t2;
+
+        t0 = dilithium_mont_red((sword64)zeta640 * r2);
+        t2 = dilithium_mont_red((sword64)zeta641 * r6);
+        r2 = r0 - t0;
+        r6 = r4 - t2;
+        r0 += t0;
+        r4 += t2;
+
+        r[j +   0] = r0;
+        r[j +  64] = r2;
+        r[j + 128] = r4;
+        r[j + 192] = r6;
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 64) {
+        int i;
+        sword32 zeta32  = zetas[ 4 + j / 64 + 0];
+        sword32 zeta160 = zetas[ 8 + j / 32 + 0];
+        sword32 zeta161 = zetas[ 8 + j / 32 + 1];
+        for (i = 0; i < 16; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r2 = r[j + i + 16];
+            sword32 r4 = r[j + i + 32];
+            sword32 r6 = r[j + i + 48];
+
+            t0 = dilithium_mont_red((sword64)zeta32 * r4);
+            t2 = dilithium_mont_red((sword64)zeta32 * r6);
+            r4 = r0 - t0;
+            r6 = r2 - t2;
+            r0 += t0;
+            r2 += t2;
+
+            t0 = dilithium_mont_red((sword64)zeta160 * r2);
+            t2 = dilithium_mont_red((sword64)zeta161 * r6);
+            r2 = r0 - t0;
+            r6 = r4 - t2;
+            r0 += t0;
+            r4 += t2;
+
+            r[j + i +  0] = r0;
+            r[j + i + 16] = r2;
+            r[j + i + 32] = r4;
+            r[j + i + 48] = r6;
+        }
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 16) {
+        int i;
+        sword32 zeta8   = zetas[16 + j / 16];
+        sword32 zeta40  = zetas[32 + j / 8 + 0];
+        sword32 zeta41  = zetas[32 + j / 8 + 1];
+        for (i = 0; i < 4; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r2 = r[j + i +  4];
+            sword32 r4 = r[j + i +  8];
+            sword32 r6 = r[j + i + 12];
+
+            t0 = dilithium_mont_red((sword64)zeta8 * r4);
+            t2 = dilithium_mont_red((sword64)zeta8 * r6);
+            r4 = r0 - t0;
+            r6 = r2 - t2;
+            r0 += t0;
+            r2 += t2;
+
+            t0 = dilithium_mont_red((sword64)zeta40 * r2);
+            t2 = dilithium_mont_red((sword64)zeta41 * r6);
+            r2 = r0 - t0;
+            r6 = r4 - t2;
+            r0 += t0;
+            r4 += t2;
+
+            r[j + i +  0] = r0;
+            r[j + i +  4] = r2;
+            r[j + i +  8] = r4;
+            r[j + i + 12] = r6;
+        }
+    }
+
+    k = 128;
+    for (j = 0; j < DILITHIUM_N; j += 4) {
+        sword32 zeta2 = zetas[64 + j / 4];
+        sword32 r0 = r[j + 0];
+        sword32 r2 = r[j + 1];
+        sword32 r4 = r[j + 2];
+        sword32 r6 = r[j + 3];
+
+        t0 = dilithium_mont_red((sword64)zeta2 * r4);
+        t2 = dilithium_mont_red((sword64)zeta2 * r6);
+        r4 = r0 - t0;
+        r6 = r2 - t2;
+        r0 += t0;
+        r2 += t2;
+
+        t0 = dilithium_mont_red((sword64)zetas[k++] * r2);
+        t2 = dilithium_mont_red((sword64)zetas[k++] * r6);
+        r2 = r0 - t0;
+        r6 = r4 - t2;
+        r0 += t0;
+        r4 += t2;
+
+        r[j + 0] = r0;
+        r[j + 1] = r2;
+        r[j + 2] = r4;
+        r[j + 3] = r6;
+    }
+#else
+    sword32 t0;
+    sword32 t1;
+    sword32 t2;
+    sword32 t3;
+    sword32 zeta640 = zetas[2];
+    sword32 zeta641 = zetas[3];
+    for (j = 0; j < DILITHIUM_N / 8; j++) {
+        sword32 r0 = r[j +   0];
+        sword32 r1 = r[j +  32];
+        sword32 r2 = r[j +  64];
+        sword32 r3 = r[j +  96];
+        sword32 r4 = r[j + 128];
+        sword32 r5 = r[j + 160];
+        sword32 r6 = r[j + 192];
+        sword32 r7 = r[j + 224];
+
+        t0 = dilithium_red((sword32)-3572223 * r4);
+        t1 = dilithium_red((sword32)-3572223 * r5);
+        t2 = dilithium_red((sword32)-3572223 * r6);
+        t3 = dilithium_red((sword32)-3572223 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = dilithium_mont_red((sword64)zeta640 * r2);
+        t1 = dilithium_mont_red((sword64)zeta640 * r3);
+        t2 = dilithium_mont_red((sword64)zeta641 * r6);
+        t3 = dilithium_mont_red((sword64)zeta641 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 64) {
+        int i;
+        sword32 zeta32  = zetas[ 4 + j / 64 + 0];
+        sword32 zeta160 = zetas[ 8 + j / 32 + 0];
+        sword32 zeta161 = zetas[ 8 + j / 32 + 1];
+        sword32 zeta80  = zetas[16 + j / 16 + 0];
+        sword32 zeta81  = zetas[16 + j / 16 + 1];
+        sword32 zeta82  = zetas[16 + j / 16 + 2];
+        sword32 zeta83  = zetas[16 + j / 16 + 3];
+        for (i = 0; i < 8; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r1 = r[j + i +  8];
+            sword32 r2 = r[j + i + 16];
+            sword32 r3 = r[j + i + 24];
+            sword32 r4 = r[j + i + 32];
+            sword32 r5 = r[j + i + 40];
+            sword32 r6 = r[j + i + 48];
+            sword32 r7 = r[j + i + 56];
+
+            t0 = dilithium_mont_red((sword64)zeta32 * r4);
+            t1 = dilithium_mont_red((sword64)zeta32 * r5);
+            t2 = dilithium_mont_red((sword64)zeta32 * r6);
+            t3 = dilithium_mont_red((sword64)zeta32 * r7);
+            r4 = r0 - t0;
+            r5 = r1 - t1;
+            r6 = r2 - t2;
+            r7 = r3 - t3;
+            r0 += t0;
+            r1 += t1;
+            r2 += t2;
+            r3 += t3;
+
+            t0 = dilithium_mont_red((sword64)zeta160 * r2);
+            t1 = dilithium_mont_red((sword64)zeta160 * r3);
+            t2 = dilithium_mont_red((sword64)zeta161 * r6);
+            t3 = dilithium_mont_red((sword64)zeta161 * r7);
+            r2 = r0 - t0;
+            r3 = r1 - t1;
+            r6 = r4 - t2;
+            r7 = r5 - t3;
+            r0 += t0;
+            r1 += t1;
+            r4 += t2;
+            r5 += t3;
+
+            t0 = dilithium_mont_red((sword64)zeta80 * r1);
+            t1 = dilithium_mont_red((sword64)zeta81 * r3);
+            t2 = dilithium_mont_red((sword64)zeta82 * r5);
+            t3 = dilithium_mont_red((sword64)zeta83 * r7);
+            r1 = r0 - t0;
+            r3 = r2 - t1;
+            r5 = r4 - t2;
+            r7 = r6 - t3;
+            r0 += t0;
+            r2 += t1;
+            r4 += t2;
+            r6 += t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    k = 128;
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        sword32 zeta4  = zetas[32 + j / 8 + 0];
+        sword32 zeta20 = zetas[64 + j / 4 + 0];
+        sword32 zeta21 = zetas[64 + j / 4 + 1];
+        sword32 r0 = r[j + 0];
+        sword32 r1 = r[j + 1];
+        sword32 r2 = r[j + 2];
+        sword32 r3 = r[j + 3];
+        sword32 r4 = r[j + 4];
+        sword32 r5 = r[j + 5];
+        sword32 r6 = r[j + 6];
+        sword32 r7 = r[j + 7];
+
+        t0 = dilithium_mont_red((sword64)zeta4 * r4);
+        t1 = dilithium_mont_red((sword64)zeta4 * r5);
+        t2 = dilithium_mont_red((sword64)zeta4 * r6);
+        t3 = dilithium_mont_red((sword64)zeta4 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = dilithium_mont_red((sword64)zeta20 * r2);
+        t1 = dilithium_mont_red((sword64)zeta20 * r3);
+        t2 = dilithium_mont_red((sword64)zeta21 * r6);
+        t3 = dilithium_mont_red((sword64)zeta21 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        t0 = dilithium_mont_red((sword64)zetas[k++] * r1);
+        t1 = dilithium_mont_red((sword64)zetas[k++] * r3);
+        t2 = dilithium_mont_red((sword64)zetas[k++] * r5);
+        t3 = dilithium_mont_red((sword64)zetas[k++] * r7);
+        r1 = r0 - t0;
+        r3 = r2 - t1;
+        r5 = r4 - t2;
+        r7 = r6 - t3;
+        r0 += t0;
+        r2 += t1;
+        r4 += t2;
+        r6 += t3;
+
+        r[j + 0] = r0;
+        r[j + 1] = r1;
+        r[j + 2] = r2;
+        r[j + 3] = r3;
+        r[j + 4] = r4;
+        r[j + 5] = r5;
+        r[j + 6] = r6;
+        r[j + 7] = r7;
+    }
+#endif
+}
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
+      !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)))
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+static void dilithium_vec_ntt_small(sword32* r, byte l)
+{
+    unsigned int i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_ntt_small(r);
+        r += DILITHIUM_N;
+    }
+}
+#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */
+
+#else
+
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+#define dilithium_ntt_small          dilithium_ntt
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+#define dilithium_vec_ntt_small      dilithium_vec_ntt
+
+#endif /* WOLFSSL_DILITHIUM_SMALL */
+
+
+/* One iteration of Inverse Number-Theoretic Transform.
+ *
+ * @param [in] len  Length of sequence.
+ */
+#define INVNTT(len)                                                         \
+do {                                                                        \
+    for (start = 0; start < DILITHIUM_N; start += 2 * (len)) {              \
+        zeta = zetas_inv[k++];                                              \
+        for (j = 0; j < (len); ++j) {                                       \
+            sword32 rj = r[start + j];                                      \
+            sword32 rjl = r[start + j + (len)];                             \
+            sword32 t = rj + rjl;                                           \
+            r[start + j] = t;                                               \
+            rjl = rj - rjl;                                                 \
+            r[start + j + (len)] = dilithium_mont_red((sword64)zeta * rjl); \
+        }                                                                   \
+    }                                                                       \
+}                                                                           \
+while (0)
+
+/* Inverse Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_invntt(sword32* r)
+{
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+    sword32 zeta;
+
+    k = 256;
+    for (len = 1; len <= DILITHIUM_N / 2; len <<= 1) {
+        unsigned int start;
+        for (start = 0; start < DILITHIUM_N; start = j + len) {
+            zeta = -zetas[--k];
+            for (j = start; j < start + len; ++j) {
+                sword32 rj = r[j];
+                sword32 rjl = r[j + len];
+                sword32 t = rj + rjl;
+                r[j] = t;
+                rjl = rj - rjl;
+                r[j + len] = dilithium_mont_red((sword64)zeta * rjl);
+            }
+        }
+    }
+
+    zeta = -zetas[0];
+    for (j = 0; j < DILITHIUM_N; ++j) {
+        r[j] = dilithium_mont_red((sword64)zeta * r[j]);
+    }
+#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE)
+    unsigned int j;
+    unsigned int k = 0;
+    unsigned int start;
+    sword32 zeta;
+
+    for (j = 0; j < DILITHIUM_N; j += 2) {
+        sword32 rj = r[j];
+        sword32 rjl = r[j + 1];
+        sword32 t = rj + rjl;
+        r[j] = t;
+        rjl = rj - rjl;
+        r[j + 1] = dilithium_mont_red((sword64)zetas_inv[k++] * rjl);
+    }
+
+    INVNTT(2);
+    INVNTT(4);
+    INVNTT(8);
+    INVNTT(16);
+    INVNTT(32);
+    INVNTT(64);
+    INVNTT(128);
+
+    zeta = zetas_inv[255];
+    for (j = 0; j < DILITHIUM_N; ++j) {
+        r[j] = dilithium_mont_red((sword64)zeta * r[j]);
+    }
+#elif defined(WC_32BIT_CPU)
+    unsigned int j;
+    unsigned int k = 0;
+    sword32 t0;
+    sword32 t2;
+
+    sword32 zeta640;
+    sword32 zeta641;
+    sword32 zeta128;
+    sword32 zeta256;
+    for (j = 0; j < DILITHIUM_N; j += 4) {
+        sword32 zeta2 = zetas_inv[128 + j / 4];
+        sword32 r0 = r[j + 0];
+        sword32 r2 = r[j + 1];
+        sword32 r4 = r[j + 2];
+        sword32 r6 = r[j + 3];
+
+        t0 = dilithium_mont_red((sword64)zetas_inv[k++] * (r0 - r2));
+        t2 = dilithium_mont_red((sword64)zetas_inv[k++] * (r4 - r6));
+        r0 += r2;
+        r4 += r6;
+        r2 = t0;
+        r6 = t2;
+
+        t0 = dilithium_mont_red((sword64)zeta2 * (r0 - r4));
+        t2 = dilithium_mont_red((sword64)zeta2 * (r2 - r6));
+        r0 += r4;
+        r2 += r6;
+        r4 = t0;
+        r6 = t2;
+
+        r[j + 0] = r0;
+        r[j + 1] = r2;
+        r[j + 2] = r4;
+        r[j + 3] = r6;
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 16) {
+        int i;
+        sword32 zeta40 = zetas_inv[192 + j / 8 + 0];
+        sword32 zeta41 = zetas_inv[192 + j / 8 + 1];
+        sword32 zeta8  = zetas_inv[224 + j / 16 + 0];
+        for (i = 0; i < 4; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r2 = r[j + i +  4];
+            sword32 r4 = r[j + i +  8];
+            sword32 r6 = r[j + i + 12];
+
+            t0 = dilithium_mont_red((sword64)zeta40 * (r0 - r2));
+            t2 = dilithium_mont_red((sword64)zeta41 * (r4 - r6));
+            r0 += r2;
+            r4 += r6;
+            r2 = t0;
+            r6 = t2;
+
+            t0 = dilithium_mont_red((sword64)zeta8 * (r0 - r4));
+            t2 = dilithium_mont_red((sword64)zeta8 * (r2 - r6));
+            r0 += r4;
+            r2 += r6;
+            r4 = t0;
+            r6 = t2;
+
+            r[j + i +  0] = r0;
+            r[j + i +  4] = r2;
+            r[j + i +  8] = r4;
+            r[j + i + 12] = r6;
+        }
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 64) {
+        int i;
+        sword32 zeta160 = zetas_inv[240 + j / 32 + 0];
+        sword32 zeta161 = zetas_inv[240 + j / 32 + 1];
+        sword32 zeta32  = zetas_inv[248 + j / 64 + 0];
+        for (i = 0; i < 16; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r2 = r[j + i + 16];
+            sword32 r4 = r[j + i + 32];
+            sword32 r6 = r[j + i + 48];
+
+            t0 = dilithium_mont_red((sword64)zeta160 * (r0 - r2));
+            t2 = dilithium_mont_red((sword64)zeta161 * (r4 - r6));
+            r0 += r2;
+            r4 += r6;
+            r2 = t0;
+            r6 = t2;
+
+            t0 = dilithium_mont_red((sword64)zeta32 * (r0 - r4));
+            t2 = dilithium_mont_red((sword64)zeta32 * (r2 - r6));
+            r0 += r4;
+            r2 += r6;
+            r4 = t0;
+            r6 = t2;
+
+            r[j + i +  0] = r0;
+            r[j + i + 16] = r2;
+            r[j + i + 32] = r4;
+            r[j + i + 48] = r6;
+        }
+    }
+
+    zeta640 = zetas_inv[252];
+    zeta641 = zetas_inv[253];
+    zeta128 = zetas_inv[254];
+    zeta256 = zetas_inv[255];
+    for (j = 0; j < DILITHIUM_N / 4; j++) {
+        sword32 r0 = r[j +   0];
+        sword32 r2 = r[j +  64];
+        sword32 r4 = r[j + 128];
+        sword32 r6 = r[j + 192];
+
+        t0 = dilithium_mont_red((sword64)zeta640 * (r0 - r2));
+        t2 = dilithium_mont_red((sword64)zeta641 * (r4 - r6));
+        r0 += r2;
+        r4 += r6;
+        r2 = t0;
+        r6 = t2;
+
+        t0 = dilithium_mont_red((sword64)zeta128 * (r0 - r4));
+        t2 = dilithium_mont_red((sword64)zeta128 * (r2 - r6));
+        r0 += r4;
+        r2 += r6;
+        r4 = t0;
+        r6 = t2;
+
+        r0 = dilithium_mont_red((sword64)zeta256 * r0);
+        r2 = dilithium_mont_red((sword64)zeta256 * r2);
+        r4 = dilithium_mont_red((sword64)zeta256 * r4);
+        r6 = dilithium_mont_red((sword64)zeta256 * r6);
+
+        r[j +   0] = r0;
+        r[j +  64] = r2;
+        r[j + 128] = r4;
+        r[j + 192] = r6;
+    }
+#else
+    unsigned int j;
+    unsigned int k = 0;
+    sword32 t0;
+    sword32 t1;
+    sword32 t2;
+    sword32 t3;
+
+    sword32 zeta640;
+    sword32 zeta641;
+    sword32 zeta128;
+    sword32 zeta256;
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        sword32 zeta20 = zetas_inv[128 + j / 4 + 0];
+        sword32 zeta21 = zetas_inv[128 + j / 4 + 1];
+        sword32 zeta4  = zetas_inv[192 + j / 8 + 0];
+        sword32 r0 = r[j + 0];
+        sword32 r1 = r[j + 1];
+        sword32 r2 = r[j + 2];
+        sword32 r3 = r[j + 3];
+        sword32 r4 = r[j + 4];
+        sword32 r5 = r[j + 5];
+        sword32 r6 = r[j + 6];
+        sword32 r7 = r[j + 7];
+
+        t0 = dilithium_mont_red((sword64)zetas_inv[k++] * (r0 - r1));
+        t1 = dilithium_mont_red((sword64)zetas_inv[k++] * (r2 - r3));
+        t2 = dilithium_mont_red((sword64)zetas_inv[k++] * (r4 - r5));
+        t3 = dilithium_mont_red((sword64)zetas_inv[k++] * (r6 - r7));
+        r0 += r1;
+        r2 += r3;
+        r4 += r5;
+        r6 += r7;
+        r1 = t0;
+        r3 = t1;
+        r5 = t2;
+        r7 = t3;
+
+        t0 = dilithium_mont_red((sword64)zeta20 * (r0 - r2));
+        t1 = dilithium_mont_red((sword64)zeta20 * (r1 - r3));
+        t2 = dilithium_mont_red((sword64)zeta21 * (r4 - r6));
+        t3 = dilithium_mont_red((sword64)zeta21 * (r5 - r7));
+        r0 += r2;
+        r1 += r3;
+        r4 += r6;
+        r5 += r7;
+        r2 = t0;
+        r3 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        t0 = dilithium_mont_red((sword64)zeta4 * (r0 - r4));
+        t1 = dilithium_mont_red((sword64)zeta4 * (r1 - r5));
+        t2 = dilithium_mont_red((sword64)zeta4 * (r2 - r6));
+        t3 = dilithium_mont_red((sword64)zeta4 * (r3 - r7));
+        r0 += r4;
+        r1 += r5;
+        r2 += r6;
+        r3 += r7;
+        r4 = t0;
+        r5 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        r[j + 0] = r0;
+        r[j + 1] = r1;
+        r[j + 2] = r2;
+        r[j + 3] = r3;
+        r[j + 4] = r4;
+        r[j + 5] = r5;
+        r[j + 6] = r6;
+        r[j + 7] = r7;
+    }
+
+    for (j = 0; j < DILITHIUM_N; j += 64) {
+        int i;
+        sword32 zeta80  = zetas_inv[224 + j / 16 + 0];
+        sword32 zeta81  = zetas_inv[224 + j / 16 + 1];
+        sword32 zeta82  = zetas_inv[224 + j / 16 + 2];
+        sword32 zeta83  = zetas_inv[224 + j / 16 + 3];
+        sword32 zeta160 = zetas_inv[240 + j / 32 + 0];
+        sword32 zeta161 = zetas_inv[240 + j / 32 + 1];
+        sword32 zeta32  = zetas_inv[248 + j / 64 + 0];
+        for (i = 0; i < 8; i++) {
+            sword32 r0 = r[j + i +  0];
+            sword32 r1 = r[j + i +  8];
+            sword32 r2 = r[j + i + 16];
+            sword32 r3 = r[j + i + 24];
+            sword32 r4 = r[j + i + 32];
+            sword32 r5 = r[j + i + 40];
+            sword32 r6 = r[j + i + 48];
+            sword32 r7 = r[j + i + 56];
+
+            t0 = dilithium_mont_red((sword64)zeta80 * (r0 - r1));
+            t1 = dilithium_mont_red((sword64)zeta81 * (r2 - r3));
+            t2 = dilithium_mont_red((sword64)zeta82 * (r4 - r5));
+            t3 = dilithium_mont_red((sword64)zeta83 * (r6 - r7));
+            r0 += r1;
+            r2 += r3;
+            r4 += r5;
+            r6 += r7;
+            r1 = t0;
+            r3 = t1;
+            r5 = t2;
+            r7 = t3;
+
+            t0 = dilithium_mont_red((sword64)zeta160 * (r0 - r2));
+            t1 = dilithium_mont_red((sword64)zeta160 * (r1 - r3));
+            t2 = dilithium_mont_red((sword64)zeta161 * (r4 - r6));
+            t3 = dilithium_mont_red((sword64)zeta161 * (r5 - r7));
+            r0 += r2;
+            r1 += r3;
+            r4 += r6;
+            r5 += r7;
+            r2 = t0;
+            r3 = t1;
+            r6 = t2;
+            r7 = t3;
+
+            t0 = dilithium_mont_red((sword64)zeta32 * (r0 - r4));
+            t1 = dilithium_mont_red((sword64)zeta32 * (r1 - r5));
+            t2 = dilithium_mont_red((sword64)zeta32 * (r2 - r6));
+            t3 = dilithium_mont_red((sword64)zeta32 * (r3 - r7));
+            r0 += r4;
+            r1 += r5;
+            r2 += r6;
+            r3 += r7;
+            r4 = t0;
+            r5 = t1;
+            r6 = t2;
+            r7 = t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    zeta640 = zetas_inv[252];
+    zeta641 = zetas_inv[253];
+    zeta128 = zetas_inv[254];
+    zeta256 = zetas_inv[255];
+    for (j = 0; j < DILITHIUM_N / 8; j++) {
+        sword32 r0 = r[j +   0];
+        sword32 r1 = r[j +  32];
+        sword32 r2 = r[j +  64];
+        sword32 r3 = r[j +  96];
+        sword32 r4 = r[j + 128];
+        sword32 r5 = r[j + 160];
+        sword32 r6 = r[j + 192];
+        sword32 r7 = r[j + 224];
+
+        t0 = dilithium_mont_red((sword64)zeta640 * (r0 - r2));
+        t1 = dilithium_mont_red((sword64)zeta640 * (r1 - r3));
+        t2 = dilithium_mont_red((sword64)zeta641 * (r4 - r6));
+        t3 = dilithium_mont_red((sword64)zeta641 * (r5 - r7));
+        r0 += r2;
+        r1 += r3;
+        r4 += r6;
+        r5 += r7;
+        r2 = t0;
+        r3 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        t0 = dilithium_mont_red((sword64)zeta128 * (r0 - r4));
+        t1 = dilithium_mont_red((sword64)zeta128 * (r1 - r5));
+        t2 = dilithium_mont_red((sword64)zeta128 * (r2 - r6));
+        t3 = dilithium_mont_red((sword64)zeta128 * (r3 - r7));
+        r0 += r4;
+        r1 += r5;
+        r2 += r6;
+        r3 += r7;
+        r4 = t0;
+        r5 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        r0 = dilithium_mont_red((sword64)zeta256 * r0);
+        r1 = dilithium_mont_red((sword64)zeta256 * r1);
+        r2 = dilithium_mont_red((sword64)zeta256 * r2);
+        r3 = dilithium_mont_red((sword64)zeta256 * r3);
+        r4 = dilithium_mont_red((sword64)zeta256 * r4);
+        r5 = dilithium_mont_red((sword64)zeta256 * r5);
+        r6 = dilithium_mont_red((sword64)zeta256 * r6);
+        r7 = dilithium_mont_red((sword64)zeta256 * r7);
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+#endif
+}
+
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+/* Inverse Number-Theoretic Transform.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+static void dilithium_vec_invntt(sword32* r, byte l)
+{
+    unsigned int i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_invntt(r);
+        r += DILITHIUM_N;
+    }
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+/* Matrix multiplication.
+ *
+ * @param [out] r  Vector of polynomials that is result.
+ * @param [in]  m  Matrix of polynomials.
+ * @param [in]  v  Vector of polynomials.
+ * @param [in]  k  First dimension of matrix and dimension of result.
+ * @param [in]  l  Second dimension of matrix and dimension of v.
+ */
+static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
+     byte k, byte l)
+{
+    byte i;
+
+    for (i = 0; i < k; i++) {
+        byte j;
+        unsigned int e;
+        const sword32* vt = v;
+
+#ifdef WOLFSSL_DILITHIUM_SMALL
+        for (e = 0; e < DILITHIUM_N; e++) {
+            r[e] = dilithium_mont_red((sword64)m[e] * vt[e]);
+        }
+        m += DILITHIUM_N;
+        vt += DILITHIUM_N;
+        for (j = 1; j < l; j++) {
+            for (e = 0; e < DILITHIUM_N; e++) {
+                r[e] += dilithium_mont_red((sword64)m[e] * vt[e]);
+            }
+            m += DILITHIUM_N;
+            vt += DILITHIUM_N;
+        }
+#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE)
+        (void)j;
+        if (l == 4) {
+            for (e = 0; e < DILITHIUM_N; e++) {
+                sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) +
+                            ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) +
+                            ((sword64)m[e + 2 * 256] * vt[e + 2 * 256]) +
+                            ((sword64)m[e + 3 * 256] * vt[e + 3 * 256]);
+                r[e] = dilithium_mont_red(t);
+            }
+            m += DILITHIUM_N * 4;
+        }
+        else if (l == 5) {
+            for (e = 0; e < DILITHIUM_N; e++) {
+                sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) +
+                            ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) +
+                            ((sword64)m[e + 2 * 256] * vt[e + 2 * 256]) +
+                            ((sword64)m[e + 3 * 256] * vt[e + 3 * 256]) +
+                            ((sword64)m[e + 4 * 256] * vt[e + 4 * 256]);
+                r[e] = dilithium_mont_red(t);
+            }
+            m += DILITHIUM_N * 5;
+        }
+        else if (l == 7) {
+            for (e = 0; e < DILITHIUM_N; e++) {
+                sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) +
+                            ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) +
+                            ((sword64)m[e + 2 * 256] * vt[e + 2 * 256]) +
+                            ((sword64)m[e + 3 * 256] * vt[e + 3 * 256]) +
+                            ((sword64)m[e + 4 * 256] * vt[e + 4 * 256]) +
+                            ((sword64)m[e + 5 * 256] * vt[e + 5 * 256]) +
+                            ((sword64)m[e + 6 * 256] * vt[e + 6 * 256]);
+                r[e] = dilithium_mont_red(t);
+            }
+            m += DILITHIUM_N * 7;
+        }
+#else
+        sword64 t0;
+        sword64 t1;
+#if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_65)
+        sword64 t2;
+        sword64 t3;
+#endif
+
+        (void)j;
+#ifndef WOLFSSL_NO_ML_DSA_44
+        if (l == 4) {
+            for (e = 0; e < DILITHIUM_N; e += 4) {
+                t0 = ((sword64)m[e + 0 + 0 * 256] * vt[e + 0 + 0 * 256]) +
+                     ((sword64)m[e + 0 + 1 * 256] * vt[e + 0 + 1 * 256]) +
+                     ((sword64)m[e + 0 + 2 * 256] * vt[e + 0 + 2 * 256]) +
+                     ((sword64)m[e + 0 + 3 * 256] * vt[e + 0 + 3 * 256]);
+                t1 = ((sword64)m[e + 1 + 0 * 256] * vt[e + 1 + 0 * 256]) +
+                     ((sword64)m[e + 1 + 1 * 256] * vt[e + 1 + 1 * 256]) +
+                     ((sword64)m[e + 1 + 2 * 256] * vt[e + 1 + 2 * 256]) +
+                     ((sword64)m[e + 1 + 3 * 256] * vt[e + 1 + 3 * 256]);
+                t2 = ((sword64)m[e + 2 + 0 * 256] * vt[e + 2 + 0 * 256]) +
+                     ((sword64)m[e + 2 + 1 * 256] * vt[e + 2 + 1 * 256]) +
+                     ((sword64)m[e + 2 + 2 * 256] * vt[e + 2 + 2 * 256]) +
+                     ((sword64)m[e + 2 + 3 * 256] * vt[e + 2 + 3 * 256]);
+                t3 = ((sword64)m[e + 3 + 0 * 256] * vt[e + 3 + 0 * 256]) +
+                     ((sword64)m[e + 3 + 1 * 256] * vt[e + 3 + 1 * 256]) +
+                     ((sword64)m[e + 3 + 2 * 256] * vt[e + 3 + 2 * 256]) +
+                     ((sword64)m[e + 3 + 3 * 256] * vt[e + 3 + 3 * 256]);
+                r[e + 0] = dilithium_mont_red(t0);
+                r[e + 1] = dilithium_mont_red(t1);
+                r[e + 2] = dilithium_mont_red(t2);
+                r[e + 3] = dilithium_mont_red(t3);
+            }
+            m += DILITHIUM_N * 4;
+        }
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+        if (l == 5) {
+            for (e = 0; e < DILITHIUM_N; e += 4) {
+                t0 = ((sword64)m[e + 0 + 0 * 256] * vt[e + 0 + 0 * 256]) +
+                     ((sword64)m[e + 0 + 1 * 256] * vt[e + 0 + 1 * 256]) +
+                     ((sword64)m[e + 0 + 2 * 256] * vt[e + 0 + 2 * 256]) +
+                     ((sword64)m[e + 0 + 3 * 256] * vt[e + 0 + 3 * 256]) +
+                     ((sword64)m[e + 0 + 4 * 256] * vt[e + 0 + 4 * 256]);
+                t1 = ((sword64)m[e + 1 + 0 * 256] * vt[e + 1 + 0 * 256]) +
+                     ((sword64)m[e + 1 + 1 * 256] * vt[e + 1 + 1 * 256]) +
+                     ((sword64)m[e + 1 + 2 * 256] * vt[e + 1 + 2 * 256]) +
+                     ((sword64)m[e + 1 + 3 * 256] * vt[e + 1 + 3 * 256]) +
+                     ((sword64)m[e + 1 + 4 * 256] * vt[e + 1 + 4 * 256]);
+                t2 = ((sword64)m[e + 2 + 0 * 256] * vt[e + 2 + 0 * 256]) +
+                     ((sword64)m[e + 2 + 1 * 256] * vt[e + 2 + 1 * 256]) +
+                     ((sword64)m[e + 2 + 2 * 256] * vt[e + 2 + 2 * 256]) +
+                     ((sword64)m[e + 2 + 3 * 256] * vt[e + 2 + 3 * 256]) +
+                     ((sword64)m[e + 2 + 4 * 256] * vt[e + 2 + 4 * 256]);
+                t3 = ((sword64)m[e + 3 + 0 * 256] * vt[e + 3 + 0 * 256]) +
+                     ((sword64)m[e + 3 + 1 * 256] * vt[e + 3 + 1 * 256]) +
+                     ((sword64)m[e + 3 + 2 * 256] * vt[e + 3 + 2 * 256]) +
+                     ((sword64)m[e + 3 + 3 * 256] * vt[e + 3 + 3 * 256]) +
+                     ((sword64)m[e + 3 + 4 * 256] * vt[e + 3 + 4 * 256]);
+                r[e + 0] = dilithium_mont_red(t0);
+                r[e + 1] = dilithium_mont_red(t1);
+                r[e + 2] = dilithium_mont_red(t2);
+                r[e + 3] = dilithium_mont_red(t3);
+            }
+            m += DILITHIUM_N * 5;
+        }
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+        if (l == 7) {
+            for (e = 0; e < DILITHIUM_N; e += 2) {
+                t0 = ((sword64)m[e + 0 + 0 * 256] * vt[e + 0 + 0 * 256]) +
+                     ((sword64)m[e + 0 + 1 * 256] * vt[e + 0 + 1 * 256]) +
+                     ((sword64)m[e + 0 + 2 * 256] * vt[e + 0 + 2 * 256]) +
+                     ((sword64)m[e + 0 + 3 * 256] * vt[e + 0 + 3 * 256]) +
+                     ((sword64)m[e + 0 + 4 * 256] * vt[e + 0 + 4 * 256]) +
+                     ((sword64)m[e + 0 + 5 * 256] * vt[e + 0 + 5 * 256]) +
+                     ((sword64)m[e + 0 + 6 * 256] * vt[e + 0 + 6 * 256]);
+                t1 = ((sword64)m[e + 1 + 0 * 256] * vt[e + 1 + 0 * 256]) +
+                     ((sword64)m[e + 1 + 1 * 256] * vt[e + 1 + 1 * 256]) +
+                     ((sword64)m[e + 1 + 2 * 256] * vt[e + 1 + 2 * 256]) +
+                     ((sword64)m[e + 1 + 3 * 256] * vt[e + 1 + 3 * 256]) +
+                     ((sword64)m[e + 1 + 4 * 256] * vt[e + 1 + 4 * 256]) +
+                     ((sword64)m[e + 1 + 5 * 256] * vt[e + 1 + 5 * 256]) +
+                     ((sword64)m[e + 1 + 6 * 256] * vt[e + 1 + 6 * 256]);
+                r[e + 0] = dilithium_mont_red(t0);
+                r[e + 1] = dilithium_mont_red(t1);
+            }
+            m += DILITHIUM_N * 7;
+        }
+        else
+#endif
+        {
+        }
+#endif
+        r += DILITHIUM_N;
+    }
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Polynomial multiplication.
+ *
+ * @param [out] r  Polynomial result.
+ * @param [in]  a  Polynomial
+ * @param [in]  b  Polynomial.
+ */
+static void dilithium_mul(sword32* r, sword32* a, sword32* b)
+{
+    unsigned int e;
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    for (e = 0; e < DILITHIUM_N; e++) {
+        r[e] = dilithium_mont_red((sword64)a[e] * b[e]);
+    }
+#elif defined(WOLFSSL_DILITHIUM_NO_LARGE_CODE)
+    for (e = 0; e < DILITHIUM_N; e += 8) {
+        r[e+0] = dilithium_mont_red((sword64)a[e+0] * b[e+0]);
+        r[e+1] = dilithium_mont_red((sword64)a[e+1] * b[e+1]);
+        r[e+2] = dilithium_mont_red((sword64)a[e+2] * b[e+2]);
+        r[e+3] = dilithium_mont_red((sword64)a[e+3] * b[e+3]);
+        r[e+4] = dilithium_mont_red((sword64)a[e+4] * b[e+4]);
+        r[e+5] = dilithium_mont_red((sword64)a[e+5] * b[e+5]);
+        r[e+6] = dilithium_mont_red((sword64)a[e+6] * b[e+6]);
+        r[e+7] = dilithium_mont_red((sword64)a[e+7] * b[e+7]);
+    }
+#else
+    for (e = 0; e < DILITHIUM_N; e += 16) {
+        r[e+ 0] = dilithium_mont_red((sword64)a[e+ 0] * b[e+ 0]);
+        r[e+ 1] = dilithium_mont_red((sword64)a[e+ 1] * b[e+ 1]);
+        r[e+ 2] = dilithium_mont_red((sword64)a[e+ 2] * b[e+ 2]);
+        r[e+ 3] = dilithium_mont_red((sword64)a[e+ 3] * b[e+ 3]);
+        r[e+ 4] = dilithium_mont_red((sword64)a[e+ 4] * b[e+ 4]);
+        r[e+ 5] = dilithium_mont_red((sword64)a[e+ 5] * b[e+ 5]);
+        r[e+ 6] = dilithium_mont_red((sword64)a[e+ 6] * b[e+ 6]);
+        r[e+ 7] = dilithium_mont_red((sword64)a[e+ 7] * b[e+ 7]);
+        r[e+ 8] = dilithium_mont_red((sword64)a[e+ 8] * b[e+ 8]);
+        r[e+ 9] = dilithium_mont_red((sword64)a[e+ 9] * b[e+ 9]);
+        r[e+10] = dilithium_mont_red((sword64)a[e+10] * b[e+10]);
+        r[e+11] = dilithium_mont_red((sword64)a[e+11] * b[e+11]);
+        r[e+12] = dilithium_mont_red((sword64)a[e+12] * b[e+12]);
+        r[e+13] = dilithium_mont_red((sword64)a[e+13] * b[e+13]);
+        r[e+14] = dilithium_mont_red((sword64)a[e+14] * b[e+14]);
+        r[e+15] = dilithium_mont_red((sword64)a[e+15] * b[e+15]);
+    }
+#endif
+}
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+/* Vector multiplication.
+ *
+ * @param [out] r  Vector of polynomials that is result.
+ * @param [in]  a  Polynomials
+ * @param [in]  b  Vector of polynomials.
+ * @param [in]  l  Dimension of vectors.
+ */
+static void dilithium_vec_mul(sword32* r, sword32* a, sword32* b, byte l)
+{
+    byte i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_mul(r, a, b);
+        r += DILITHIUM_N;
+        b += DILITHIUM_N;
+    }
+}
+#endif
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+/* Modulo reduce values in polynomial. Range (-2^31)..(2^31-1).
+ *
+ * @param [in, out] a  Polynomial.
+ */
+static void dilithium_poly_red(sword32* a)
+{
+    word16 j;
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    for (j = 0; j < DILITHIUM_N; j++) {
+        a[j] = dilithium_red(a[j]);
+    }
+#else
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        a[j+0] = dilithium_red(a[j+0]);
+        a[j+1] = dilithium_red(a[j+1]);
+        a[j+2] = dilithium_red(a[j+2]);
+        a[j+3] = dilithium_red(a[j+3]);
+        a[j+4] = dilithium_red(a[j+4]);
+        a[j+5] = dilithium_red(a[j+5]);
+        a[j+6] = dilithium_red(a[j+6]);
+        a[j+7] = dilithium_red(a[j+7]);
+    }
+#endif
+}
+
+#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+/* Modulo reduce values in polynomials of vector. Range (-2^31)..(2^31-1).
+ *
+ * @param [in, out] a  Vector of polynomials.
+ * @param [in]      l  Dimension of vector.
+ */
+static void dilithium_vec_red(sword32* a, byte l)
+{
+    byte i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_poly_red(a);
+        a += DILITHIUM_N;
+    }
+}
+#endif /*  WOLFSSL_DILITHIUM_SIGN_SMALL_MEM*/
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+     (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+      !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+/* Subtract polynomials a from r. r -= a.
+ *
+ * @param [out] r  Polynomial to subtract from.
+ * @param [in]  a  Polynomial to subtract.
+ */
+static void dilithium_sub(sword32* r, const sword32* a)
+{
+    word16 j;
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    for (j = 0; j < DILITHIUM_N; j++) {
+        r[j] -= a[j];
+    }
+#else
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        r[j+0] -= a[j+0];
+        r[j+1] -= a[j+1];
+        r[j+2] -= a[j+2];
+        r[j+3] -= a[j+3];
+        r[j+4] -= a[j+4];
+        r[j+5] -= a[j+5];
+        r[j+6] -= a[j+6];
+        r[j+7] -= a[j+7];
+    }
+#endif
+}
+
+#if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+   (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+    !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+/* Subtract vector a from r. r -= a.
+ *
+ * @param [out] r  Vector of polynomials that is result.
+ * @param [in]  a  Vector of polynomials to subtract.
+ * @param [in]  l  Dimension of vectors.
+ */
+static void dilithium_vec_sub(sword32* r, const sword32* a, byte l)
+{
+    byte i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_sub(r, a);
+        r += DILITHIUM_N;
+        a += DILITHIUM_N;
+    }
+}
+#endif
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
+/* Add polynomials a to r. r += a.
+ *
+ * @param [out] r  Polynomial to add to.
+ * @param [in]  a  Polynomial to add.
+ */
+static void dilithium_add(sword32* r, const sword32* a)
+{
+    word16 j;
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    for (j = 0; j < DILITHIUM_N; j++) {
+        r[j] += a[j];
+    }
+#else
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        r[j+0] += a[j+0];
+        r[j+1] += a[j+1];
+        r[j+2] += a[j+2];
+        r[j+3] += a[j+3];
+        r[j+4] += a[j+4];
+        r[j+5] += a[j+5];
+        r[j+6] += a[j+6];
+        r[j+7] += a[j+7];
+    }
+#endif
+}
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+/* Add vector a to r. r += a.
+ *
+ * @param [out] r  Vector of polynomials that is result.
+ * @param [in]  a  Vector of polynomials to add.
+ * @param [in]  l  Dimension of vectors.
+ */
+static void dilithium_vec_add(sword32* r, const sword32* a, byte l)
+{
+    byte i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_add(r, a);
+        r += DILITHIUM_N;
+        a += DILITHIUM_N;
+    }
+}
+#endif
+
+/* Make values in polynomial be in positive range.
+ *
+ * @param [in, out] a  Polynomial.
+ */
+static void dilithium_make_pos(sword32* a)
+{
+    word16 j;
+#ifdef WOLFSSL_DILITHIUM_SMALL
+    for (j = 0; j < DILITHIUM_N; j++) {
+        a[j] += (0 - (((word32)a[j]) >> 31)) & DILITHIUM_Q;
+    }
+#else
+    for (j = 0; j < DILITHIUM_N; j += 8) {
+        a[j+0] += (0 - (((word32)a[j+0]) >> 31)) & DILITHIUM_Q;
+        a[j+1] += (0 - (((word32)a[j+1]) >> 31)) & DILITHIUM_Q;
+        a[j+2] += (0 - (((word32)a[j+2]) >> 31)) & DILITHIUM_Q;
+        a[j+3] += (0 - (((word32)a[j+3]) >> 31)) & DILITHIUM_Q;
+        a[j+4] += (0 - (((word32)a[j+4]) >> 31)) & DILITHIUM_Q;
+        a[j+5] += (0 - (((word32)a[j+5]) >> 31)) & DILITHIUM_Q;
+        a[j+6] += (0 - (((word32)a[j+6]) >> 31)) & DILITHIUM_Q;
+        a[j+7] += (0 - (((word32)a[j+7]) >> 31)) & DILITHIUM_Q;
+    }
+#endif
+}
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
+    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+/* Make values in polynomials of vector be in positive range.
+ *
+ * @param [in, out] a  Vector of polynomials.
+ * @param [in]      l  Dimension of vector.
+ */
+static void dilithium_vec_make_pos(sword32* a, byte l)
+{
+    byte i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_make_pos(a);
+        a += DILITHIUM_N;
+    }
+}
+#endif
+
+#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */
+
+/******************************************************************************/
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+
+/* Make a key from a random seed.
+ *
+ * xi is seed passed in.
+ * FIPS 204. 6.1: Algorithm 6 ML-DSA.KeyGen_internal(xi)
+ *   1: (rho, rho', K) E B32 x B64 x B32 <- H(xi||k||l, 1024)
+ *   2:
+ *   3: A_circum <- ExpandA(rho)
+ *   4: (s1,s2) <- ExpandS(rho')
+ *   5: t <- NTT-1(A_circum o NTT(s1)) + s2
+ *   6: (t1, t0) <- Power2Round(t, d)
+ *   7: pk <- pkEncode(rho, t1)
+ *   8: tr <- H(pk, 64)
+ *   9: sk <- skEncode(rho, K, tr, s1, s2, t0)
+ *  10: return (pk, sk)
+ *
+ * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1)
+ *   1: pk <- rho
+ *   2: for i from 0 to k - 1 do
+ *   3:     pk <- pk || SimpleBitPack(t1[i], 2^(bitlen(q-1)-d) - 1)
+ *   4: end for
+ *   5: return pk
+ *
+ * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s, s2, t0)
+ *   1: sk <- rho || K || tr
+ *   2: for i from 0 to l - 1 do
+ *   3:     sk <- sk || BitPack(s1[i], eta, eta)
+ *   4: end for
+ *   5: for i from 0 to k - 1 do
+ *   6:     sk <- sk || BitPack(s2[i], eta, eta)
+ *   7: end for
+ *   8: for i from 0 to k - 1 do
+ *   9:     sk <- sk || BitPack(t0[i], 2^(d-1)-1, 2^(d-1))
+ *  10: end for
+ *  11: return sk
+ *
+ * Public and private key store in key.
+ *
+ * @param [in, out] key   Dilithium key.
+ * @param [in]      seed  Seed to hash to generate values.
+ * @return  0 on success.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
+{
+#ifndef WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    sword32* a = NULL;
+    sword32* s1 = NULL;
+    sword32* s2 = NULL;
+    sword32* t = NULL;
+    byte* pub_seed = key->k;
+    byte kl[2];
+
+    /* Allocate memory for large intermediates. */
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if (key->a == NULL) {
+        key->a = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->a == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        a = key->a;
+    }
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if ((ret == 0) && (key->s1 == NULL)) {
+        key->s1 = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            key->s2 = key->s1  + params->s1Sz / sizeof(*s1);
+            key->t0 = key->s2  + params->s2Sz / sizeof(*s2);
+        }
+    }
+#endif
+    if (ret == 0) {
+        s1 = key->s1;
+        s2 = key->s2;
+        t  = key->t0;
+    }
+#else
+    if (ret == 0) {
+        unsigned int allocSz;
+
+        allocSz = params->s1Sz + params->s2Sz + params->s2Sz;
+#ifndef WC_DILITHIUM_CACHE_MATRIX_A
+        allocSz += params->aSz;
+#endif
+
+        /* s1, s2, t, a */
+        s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            s2 = s1 + params->s1Sz / sizeof(*s1);
+            t  = s2 + params->s2Sz / sizeof(*s2);
+#ifndef WC_DILITHIUM_CACHE_MATRIX_A
+            a  = t  + params->s2Sz / sizeof(*t);
+#endif
+        }
+    }
+#endif
+
+    if (ret == 0) {
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (key->params->level >= WC_ML_DSA_DRAFT) {
+            /* Step 2: Create public seed, private seed and K from seed.
+             * Step 9; Alg 18, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+        else
+#endif
+        {
+            kl[0] = params->k;
+            kl[1] = params->l;
+            /* Step 1: Create public seed, private seed and K from seed.
+             * Step 9; Alg 24, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+    }
+    if (ret == 0) {
+        /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
+        XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ);
+
+        /* Step 3: Expand public seed into a matrix of polynomials. */
+        ret = dilithium_expand_a(&key->shake, pub_seed, params->k, params->l,
+            a, key->heap);
+    }
+    if (ret == 0) {
+        byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ;
+
+        /* Step 4: Expand private seed into to vectors of polynomials. */
+        ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1,
+            params->l, s2, params->k);
+    }
+    if (ret == 0) {
+        byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+        byte* tr = k + DILITHIUM_K_SZ;
+        byte* s1p = tr + DILITHIUM_TR_SZ;
+        byte* s2p = s1p + params->s1EncSz;
+        byte* t0 = s2p + params->s2EncSz;
+        byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ;
+
+        /* Step 9: Move k down to after public seed. */
+        XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ);
+        /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */
+        dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p);
+        /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */
+        dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
+
+        /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
+        dilithium_vec_ntt_small(s1, params->l);
+        dilithium_matrix_mul(t, a, s1, params->k, params->l);
+        dilithium_vec_invntt(t, params->k);
+        dilithium_vec_add(t, s2, params->k);
+
+        /* Make positive for decomposing. */
+        dilithium_vec_make_pos(t, params->k);
+        /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10.
+         * Decompose t in t0 and t1 and encode into public and private key.
+         */
+        dilithium_vec_encode_t0_t1(t, params->k, t0, t1);
+        /* Step 8. Alg 24, Step 1: Hash public key into private key. */
+        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Public key and private key are available. */
+        key->prvKeySet = 1;
+        key->pubKeySet = 1;
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+        /* Matrix A is available. */
+        key->aSet = 1;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+        /* Private vectors are not available as they were overwritten. */
+        key->privVecsSet = 0;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+        /* Public vector, t1, is not available as it was not created. */
+        key->pubVecSet = 0;
+#endif
+    }
+
+#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS
+    XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+#endif
+    return ret;
+#else
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    sword32* a = NULL;
+    sword32* s1 = NULL;
+    sword32* s2 = NULL;
+    sword32* t = NULL;
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64* t64 = NULL;
+#endif
+    byte* h = NULL;
+    byte* pub_seed = key->k;
+    unsigned int r;
+    unsigned int s;
+    byte kl[2];
+
+    /* Allocate memory for large intermediates. */
+    if (ret == 0) {
+        unsigned int allocSz;
+
+        /* s1-l, s2-k, t-k, a-1 */
+        allocSz  = params->s1Sz + params->s2Sz + params->s2Sz +
+            DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE;
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        /* t64 */
+        allocSz += DILITHIUM_POLY_SIZE * 2;
+    #endif
+        s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            s2 = s1 + params->s1Sz / sizeof(*s1);
+            t  = s2 + params->s2Sz / sizeof(*s2);
+            h  = (byte*)(t  + params->s2Sz / sizeof(*t));
+            a  = (sword32*)(h + DILITHIUM_REJ_NTT_POLY_H_SIZE);
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64 = (sword64*)(a + DILITHIUM_N);
+        #endif
+        }
+    }
+
+    if (ret == 0) {
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (key->params->level >= WC_ML_DSA_DRAFT) {
+            /* Step 2: Create public seed, private seed and K from seed.
+             * Step 9; Alg 18, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+        else
+#endif
+        {
+            kl[0] = params->k;
+            kl[1] = params->l;
+            /* Step 1: Create public seed, private seed and K from seed.
+             * Step 9; Alg 24, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+    }
+    if (ret == 0) {
+        byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ;
+
+        /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
+        XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ);
+
+        /* Step 4: Expand private seed into to vectors of polynomials. */
+        ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1,
+            params->l, s2, params->k);
+    }
+    if (ret == 0) {
+        byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+        byte* tr = k + DILITHIUM_K_SZ;
+        byte* s1p = tr + DILITHIUM_TR_SZ;
+        byte* s2p = s1p + params->s1EncSz;
+        byte* t0 = s2p + params->s2EncSz;
+        byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ;
+        byte aseed[DILITHIUM_GEN_A_SEED_SZ];
+        sword32* s2t = s2;
+        sword32* tt = t;
+
+        /* Step 9: Move k down to after public seed. */
+        XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ);
+        /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */
+        dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p);
+        /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */
+        dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
+
+        /* Step 5: NTT(s1) */
+        dilithium_vec_ntt_small(s1, params->l);
+        /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
+        XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        for (r = 0; (ret == 0) && (r < params->k); r++) {
+            sword32* s1t = s1;
+            unsigned int e;
+
+            /* Put r/i into buffer to be hashed. */
+            aseed[DILITHIUM_PUB_SEED_SZ + 1] = r;
+            for (s = 0; (ret == 0) && (s < params->l); s++) {
+
+                /* Put s into buffer to be hashed. */
+                aseed[DILITHIUM_PUB_SEED_SZ + 0] = s;
+                /* Step 3: Expand public seed into a matrix of polynomials. */
+                ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, a, h);
+                if (ret != 0) {
+                    break;
+                }
+                /* Matrix multiply. */
+            #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+                if (s == 0) {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        tt[e] = dilithium_mont_red((sword64)a[e] * s1t[e]);
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        tt[e+0] = dilithium_mont_red((sword64)a[e+0]*s1t[e+0]);
+                        tt[e+1] = dilithium_mont_red((sword64)a[e+1]*s1t[e+1]);
+                        tt[e+2] = dilithium_mont_red((sword64)a[e+2]*s1t[e+2]);
+                        tt[e+3] = dilithium_mont_red((sword64)a[e+3]*s1t[e+3]);
+                        tt[e+4] = dilithium_mont_red((sword64)a[e+4]*s1t[e+4]);
+                        tt[e+5] = dilithium_mont_red((sword64)a[e+5]*s1t[e+5]);
+                        tt[e+6] = dilithium_mont_red((sword64)a[e+6]*s1t[e+6]);
+                        tt[e+7] = dilithium_mont_red((sword64)a[e+7]*s1t[e+7]);
+                    }
+                #endif
+                }
+                else {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        tt[e] += dilithium_mont_red((sword64)a[e] * s1t[e]);
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        tt[e+0] += dilithium_mont_red((sword64)a[e+0]*s1t[e+0]);
+                        tt[e+1] += dilithium_mont_red((sword64)a[e+1]*s1t[e+1]);
+                        tt[e+2] += dilithium_mont_red((sword64)a[e+2]*s1t[e+2]);
+                        tt[e+3] += dilithium_mont_red((sword64)a[e+3]*s1t[e+3]);
+                        tt[e+4] += dilithium_mont_red((sword64)a[e+4]*s1t[e+4]);
+                        tt[e+5] += dilithium_mont_red((sword64)a[e+5]*s1t[e+5]);
+                        tt[e+6] += dilithium_mont_red((sword64)a[e+6]*s1t[e+6]);
+                        tt[e+7] += dilithium_mont_red((sword64)a[e+7]*s1t[e+7]);
+                    }
+                #endif
+                }
+            #else
+                if (s == 0) {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        t64[e] = (sword64)a[e] * s1t[e];
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        t64[e+0] = (sword64)a[e+0] * s1t[e+0];
+                        t64[e+1] = (sword64)a[e+1] * s1t[e+1];
+                        t64[e+2] = (sword64)a[e+2] * s1t[e+2];
+                        t64[e+3] = (sword64)a[e+3] * s1t[e+3];
+                        t64[e+4] = (sword64)a[e+4] * s1t[e+4];
+                        t64[e+5] = (sword64)a[e+5] * s1t[e+5];
+                        t64[e+6] = (sword64)a[e+6] * s1t[e+6];
+                        t64[e+7] = (sword64)a[e+7] * s1t[e+7];
+                    }
+                #endif
+                }
+                else {
+                #ifdef WOLFSSL_DILITHIUM_SMALL
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        t64[e] += (sword64)a[e] * s1t[e];
+                    }
+                #else
+                    for (e = 0; e < DILITHIUM_N; e += 8) {
+                        t64[e+0] += (sword64)a[e+0] * s1t[e+0];
+                        t64[e+1] += (sword64)a[e+1] * s1t[e+1];
+                        t64[e+2] += (sword64)a[e+2] * s1t[e+2];
+                        t64[e+3] += (sword64)a[e+3] * s1t[e+3];
+                        t64[e+4] += (sword64)a[e+4] * s1t[e+4];
+                        t64[e+5] += (sword64)a[e+5] * s1t[e+5];
+                        t64[e+6] += (sword64)a[e+6] * s1t[e+6];
+                        t64[e+7] += (sword64)a[e+7] * s1t[e+7];
+                    }
+                #endif
+                }
+            #endif
+                /* Next polynomial. */
+                s1t += DILITHIUM_N;
+            }
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            for (e = 0; e < DILITHIUM_N; e++) {
+                tt[e] = dilithium_mont_red(t64[e]);
+            }
+        #endif
+            dilithium_invntt(tt);
+            dilithium_add(tt, s2t);
+            /* Make positive for decomposing. */
+            dilithium_make_pos(tt);
+
+            tt += DILITHIUM_N;
+            s2t += DILITHIUM_N;
+        }
+
+        /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10.
+         * Decompose t in t0 and t1 and encode into public and private key.
+         */
+        dilithium_vec_encode_t0_t1(t, params->k, t0, t1);
+        /* Step 8. Alg 24, Step 1: Hash public key into private key. */
+        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Public key and private key are available. */
+        key->prvKeySet = 1;
+        key->pubKeySet = 1;
+    }
+
+    XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+#endif
+}
+
+/* Make a key from a random seed.
+ *
+ * FIPS 204. 5.1: Algorithm 1 ML-DSA.KeyGen()
+ *   1: xi <- B32  [Choose random seed]
+ *   2: if xi = NULL then
+ *   3:   return falsam
+ *   4: end if
+ *   5: return ML-DSA.KeyGen_internal(xi)
+ *
+ * @param [in, out] key  Dilithium key.
+ * @param [in]      rng  Random number generator.
+ * @return  0 on success.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
+{
+    int ret;
+    byte seed[DILITHIUM_SEED_SZ];
+
+    /* Step 1: Generate a 32 byte random seed. */
+    ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_SEED_SZ);
+    /* Step 2: Check for error. */
+    if (ret == 0) {
+        /* Step 5: Make key with random seed. */
+        ret = wc_dilithium_make_key_from_seed(key, seed);
+    }
+
+    return ret;
+}
+#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+    defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \
+    defined(WC_DILITHIUM_CACHE_PRIV_VECTORS)
+/* Decode, from private key, and NTT private key vectors s1, s2, and t0.
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
+ *   1: (rho, K, tr, s1, s2, t0) <- skDecode(sk)
+ *   2: s1_circum <- NTT(s1)
+ *   3: s2_circum <- NTT(s2)
+ *   4: t0_circum <- NTT(t0)
+ *
+ * @param [in, out] key  Dilithium key.
+ * @param [out]     s1   Vector of polynomials s1.
+ * @param [out]     s2   Vector of polynomials s2.
+ * @param [out]     t0   Vector of polynomials t0.
+ */
+static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1,
+    sword32* s2, sword32* t0)
+{
+    const wc_dilithium_params* params = key->params;
+    const byte* pubSeed = key->k;
+    const byte* k = pubSeed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    const byte* s1p = tr + DILITHIUM_TR_SZ;
+    const byte* s2p = s1p + params->s1EncSz;
+    const byte* t0p = s2p + params->s2EncSz;
+
+    /* Step 1: Decode s1, s2, t0. */
+    dilithium_vec_decode_eta_bits(s1p, params->eta, s1, params->l);
+    dilithium_vec_decode_eta_bits(s2p, params->eta, s2, params->k);
+    dilithium_vec_decode_t0(t0p, params->k, t0);
+
+    /* Step 2: NTT s1. */
+    dilithium_vec_ntt_small(s1, params->l);
+    /* Step 3: NTT s2. */
+    dilithium_vec_ntt_small(s2, params->k);
+    /* Step 4: NTT t0. */
+    dilithium_vec_ntt(t0, params->k);
+
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+    /* Private key vectors have been created. */
+    key->privVecsSet = 1;
+#endif
+}
+#endif
+
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- ByyesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx) || M
+ *   ...
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
+ *   1: (rho, K, tr, s1, s2, t0) <- skDecode(sk)
+ *   2: s1_circum <- NTT(s1)
+ *   3: s2_circum <- NTT(s2)
+ *   4: t0_circum <- NTT(t0)
+ *   5: A_circum <- ExpandA(rho)
+ *   6: mu <- H(tr||M, 512)
+ *   7: rnd <- {0,1}256
+ *   8: rho' <- H(K||rnd||mu, 512)
+ *   9: kappa <- 0
+ *  10: (z, h) <- falsam
+ *  11: while (z, h) = falsam do
+ *  12:    y <- ExpandMask(rho', kappa)
+ *  13:    w <- NTT-1(A_circum o NTT(y))
+ *  14:    w1 <- HighBits(w)
+ *  15:    c_tilde E {0,1}2*lambda <- H(mu|w1Encode(w1), 2 * lambda)
+ *  16:    (c1_tilde, c2_tilde) E {0,1}256 x {0,1}2*lambda-256 <- c_tilde
+ *  17:     c < SampleInBall(c1_tilde)
+ *  18:     c_circum <- NTT(c)
+ *  19:     <<cs1>> <- NTT-1(c_circum o s1_circum)
+ *  20:     <<cs2>> <- NTT-1(c_circum o s2_circum)
+ *  21:     z <- y + <<cs1>>
+ *  22:     r0 <- LowBits(w - <<cs2>>
+ *  23:     if ||z||inf >= GAMMA1 - BETA or ||r0||inf GAMMA2 - BETA then
+ *                                                             (z, h) <- falsam
+ *  24:     else
+ *  25:         <<ct0>> <- NTT-1(c_circum o t0_circum)
+ *  26:         h < MakeHint(-<<ct0>>, w - <<sc2>> + <<ct0>>)
+ *  27:         if (||<<ct>>||inf >= GAMMMA1 or
+ *                 the number of 1's in h is greater than OMEGA, then
+ *                                                             (z, h) <- falsam
+ *  28:         end if
+ *  29:     end if
+ *  30:     kappa <- kappa + l
+ *  31: end while
+ *  32: sigma <- sigEncode(c_tilde, z mod +/- q, h)
+ *  33: return sigma
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      seedMu  Random seed || mu.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_with_seed_mu(dilithium_key* key,
+    const byte* seedMu, byte* sig, word32 *sigLen)
+{
+#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* mu = seedMu + DILITHIUM_RND_SZ;
+    sword32* a = NULL;
+    sword32* s1 = NULL;
+    sword32* s2 = NULL;
+    sword32* t0 = NULL;
+    sword32* y = NULL;
+    sword32* w0 = NULL;
+    sword32* w1 = NULL;
+    sword32* c = NULL;
+    sword32* z = NULL;
+    sword32* ct0 = NULL;
+    byte priv_rand_seed[DILITHIUM_Y_SEED_SZ];
+    byte* h = sig + params->lambda / 4 + params->zEncSz;
+
+    /* Check the signature buffer isn't too small. */
+    if (*sigLen < params->sigSz) {
+        ret = BUFFER_E;
+    }
+    if (ret == 0) {
+        /* Return the size of the signature. */
+        *sigLen = params->sigSz;
+    }
+
+    /* Allocate memory for large intermediates. */
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if ((ret == 0) && (key->a == NULL)) {
+        a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (a == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        a = key->a;
+    }
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if ((ret == 0) && (key->s1 == NULL)) {
+        key->s1 = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(key->s1, 0, params->aSz);
+            key->s2 = key->s1  + params->s1Sz / sizeof(*s1);
+            key->t0 = key->s2  + params->s2Sz / sizeof(*s2);
+        }
+    }
+#endif
+    if (ret == 0) {
+        s1 = key->s1;
+        s2 = key->s2;
+        t0 = key->t0;
+    }
+#endif
+    if (ret == 0) {
+        unsigned int allocSz;
+
+        /* y-l, w0-k, w1-k, c-1, z-l, ct0-k */
+        allocSz = params->s1Sz + params->s2Sz + params->s2Sz +
+            DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz;
+#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS
+        /* s1-l, s2-k, t0-k */
+        allocSz += params->s1Sz + params->s2Sz + params->s2Sz;
+#endif
+#ifndef WC_DILITHIUM_CACHE_MATRIX_A
+        /* A */
+        allocSz += params->aSz;
+#endif
+        y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (y == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            w0  = y   + params->s1Sz / sizeof(*y);
+            w1  = w0  + params->s2Sz / sizeof(*w0);
+            c   = w1  + params->s2Sz / sizeof(*w1);
+            z   = c   + DILITHIUM_N;
+            ct0 = z   + params->s1Sz / sizeof(*z);
+#ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS
+            s1  = ct0 + params->s2Sz / sizeof(*ct0);
+            s2  = s1  + params->s1Sz / sizeof(*s1);
+            t0  = s2  + params->s2Sz / sizeof(*s2);
+#endif
+#ifndef WC_DILITHIUM_CACHE_MATRIX_A
+            a   = t0  + params->s2Sz / sizeof(*s2);
+#endif
+        }
+    }
+
+    if (ret == 0) {
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+        /* Check that we haven't already cached the private vectors. */
+        if (!key->privVecsSet)
+#endif
+        {
+            /* Steps 1-4: Decode and NTT vectors s1, s2, and t0. */
+            dilithium_make_priv_vecs(key, s1, s2, t0);
+        }
+
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+        /* Check that we haven't already cached the matrix A. */
+        if (!key->aSet)
+#endif
+        {
+            /* Step 5: Create the matrix A from the public seed. */
+            ret = dilithium_expand_a(&key->shake, pub_seed, params->k,
+                params->l, a, key->heap);
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+            key->aSet = (ret == 0);
+#endif
+        }
+    }
+    if (ret == 0) {
+        /* Step 9: Compute private random using hash. */
+        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu,
+            DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed,
+            DILITHIUM_PRIV_RAND_SEED_SZ);
+    }
+    if (ret == 0) {
+        word16 kappa = 0;
+        int valid = 0;
+
+        /* Step 11: Start rejection sampling loop */
+        do {
+            byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
+            sword32* w = w1;
+            sword32* y_ntt = z;
+            sword32* cs2 = ct0;
+            byte* commit = sig;
+
+            /* Step 12: Compute vector y from private random seed and kappa. */
+            dilithium_vec_expand_mask(&key->shake, priv_rand_seed, kappa,
+                params->gamma1_bits, y, params->l);
+        #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_Y
+            valid = dilithium_vec_check_low(y, params->l,
+                (1 << params->gamma1_bits) - params->beta);
+            if (valid)
+        #endif
+            {
+                /* Step 13: NTT-1(A o NTT(y)) */
+                XMEMCPY(y_ntt, y, params->s1Sz);
+                dilithium_vec_ntt(y_ntt, params->l);
+                dilithium_matrix_mul(w, a, y_ntt, params->k, params->l);
+                dilithium_vec_invntt(w, params->k);
+                /* Step 14, Step 22: Make values positive and decompose. */
+                dilithium_vec_make_pos(w, params->k);
+                dilithium_vec_decompose(w, params->k, params->gamma2, w0, w1);
+        #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_W0
+                valid = dilithium_vec_check_low(w0, params->k,
+                    params->gamma2 - params->beta);
+            }
+            if (valid) {
+        #endif
+                /* Step 15: Encode w1. */
+                dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e);
+                /* Step 15: Hash mu and encoded w1.
+                 * Step 32: Hash is stored in signature. */
+                ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ,
+                    w1e, params->w1EncSz, commit, params->lambda / 4);
+                if (ret == 0) {
+                    /* Step 17: Compute c from first 256 bits of commit. */
+                    ret = dilithium_sample_in_ball(params->level, &key->shake,
+                        commit, params->lambda / 4, params->tau, c, key->heap);
+                }
+                if (ret == 0) {
+                    sword32 hi;
+
+                    /* Step 18: NTT(c). */
+                    dilithium_ntt_small(c);
+                    /* Step 20: cs2 = NTT-1(c o s2) */
+                    dilithium_vec_mul(cs2, c, s2, params->k);
+                    dilithium_vec_invntt(cs2, params->k);
+                    /* Step 22: w0 - cs2 */
+                    dilithium_vec_sub(w0, cs2, params->k);
+                    dilithium_vec_red(w0, params->k);
+                    /* Step 23: Check w0 - cs2 has low enough values. */
+                    hi = params->gamma2 - params->beta;
+                    valid = dilithium_vec_check_low(w0, params->k, hi);
+                    if (valid) {
+                        /* Step 19: cs1 = NTT-1(c o s1) */
+                        dilithium_vec_mul(z, c, s1, params->l);
+                        dilithium_vec_invntt(z, params->l);
+                        /* Step 21: z = y + cs1 */
+                        dilithium_vec_add(z, y, params->l);
+                        dilithium_vec_red(z, params->l);
+                        /* Step 23: Check z has low enough values. */
+                        hi = (1 << params->gamma1_bits) - params->beta;
+                        valid = dilithium_vec_check_low(z, params->l, hi);
+                    }
+                    if (valid) {
+                        /* Step 25: ct0 = NTT-1(c o t0) */
+                        dilithium_vec_mul(ct0, c, t0, params->k);
+                        dilithium_vec_invntt(ct0, params->k);
+                        /* Step 27: Check ct0 has low enough values. */
+                        hi = params->gamma2;
+                        valid = dilithium_vec_check_low(ct0, params->k, hi);
+                    }
+                    if (valid) {
+                        /* Step 26: ct0 = ct0 + w0 */
+                        dilithium_vec_add(ct0, w0, params->k);
+                        dilithium_vec_red(ct0, params->k);
+                        /* Step 26, 27: Make hint from ct0 and w1 and check
+                         * number of hints is valid.
+                         * Step 32: h is encoded into signature.
+                         */
+                        valid = (dilithium_make_hint(ct0, w1, params->k,
+                            params->gamma2, params->omega, h) >= 0);
+                    }
+                }
+            }
+
+            if (!valid) {
+                /* Too many attempts - something wrong with implementation. */
+                if ((kappa > (word16)(kappa + params->l))) {
+                    ret = BAD_COND_E;
+                }
+
+                /* Step 30: increment value to append to seed to unique value.
+                 */
+                kappa += params->l;
+            }
+        }
+        /* Step 11: Check we have a valid signature. */
+        while ((ret == 0) && (!valid));
+    }
+    if (ret == 0) {
+        byte* ze = sig + params->lambda / 4;
+        /* Step 32: Encode z into signature.
+         * Commit (c) and h already encoded into signature. */
+        dilithium_vec_encode_gamma1(z, params->l, params->gamma1_bits, ze);
+    }
+
+    XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+#else
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    const byte* s1p = tr + DILITHIUM_TR_SZ;
+    const byte* s2p = s1p + params->s1EncSz;
+    const byte* t0p = s2p + params->s2EncSz;
+    const byte* mu = seedMu + DILITHIUM_RND_SZ;
+    sword32* a = NULL;
+    sword32* s1 = NULL;
+    sword32* s2 = NULL;
+    sword32* t0 = NULL;
+    sword32* y = NULL;
+    sword32* y_ntt = NULL;
+    sword32* w0 = NULL;
+    sword32* w1 = NULL;
+    sword32* c = NULL;
+    sword32* z = NULL;
+    sword32* ct0 = NULL;
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64* t64 = NULL;
+#endif
+    byte* blocks = NULL;
+    byte priv_rand_seed[DILITHIUM_Y_SEED_SZ];
+    byte* h = sig + params->lambda / 4 + params->zEncSz;
+#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+    byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A,
+        params->k);
+#endif
+
+    /* Check the signature buffer isn't too small. */
+    if ((ret == 0) && (*sigLen < params->sigSz)) {
+        ret = BUFFER_E;
+    }
+    if (ret == 0) {
+        /* Return the size of the signature. */
+        *sigLen = params->sigSz;
+    }
+
+    /* Allocate memory for large intermediates. */
+    if (ret == 0) {
+        unsigned int allocSz;
+
+        /* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */
+        allocSz  = params->s1Sz + params->s2Sz + params->s2Sz +
+            DILITHIUM_REJ_NTT_POLY_H_SIZE +
+            DILITHIUM_POLY_SIZE +  DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE;
+    #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+        allocSz += params->s1Sz + params->s2Sz + params->s2Sz;
+    #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
+        allocSz += maxK * params->l * DILITHIUM_POLY_SIZE;
+    #endif
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        allocSz += DILITHIUM_POLY_SIZE * 2;
+    #endif
+        y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (y == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            w0     = y  + params->s1Sz / sizeof(*y_ntt);
+            w1     = w0 + params->s2Sz / sizeof(*w0);
+            blocks = (byte*)(w1 + params->s2Sz / sizeof(*w1));
+            c      = (sword32*)(blocks + DILITHIUM_REJ_NTT_POLY_H_SIZE);
+            z      = c  + DILITHIUM_N;
+            a      = z  + DILITHIUM_N;
+            ct0    = z;
+    #if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A)
+            y_ntt  = w0;
+            s1     = z;
+            s2     = z;
+            t0     = z;
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64    = (sword64*)(a + (1 + maxK * params->l) * DILITHIUM_N);
+        #endif
+    #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC)
+            y_ntt  = z;
+            s1     = a  + DILITHIUM_N;
+            s2     = s1 + params->s1Sz / sizeof(*s1);
+            t0     = s2 + params->s2Sz / sizeof(*s2);
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64    = (sword64*)(t0 + params->s2Sz / sizeof(*t0));
+        #endif
+    #else
+            y_ntt  = z;
+            s1     = z;
+            s2     = z;
+            t0     = z;
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64    = (sword64*)(a + DILITHIUM_N);
+        #endif
+    #endif
+        }
+    }
+
+    if (ret == 0) {
+        /* Step 9: Compute private random using hash. */
+        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu,
+            DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed,
+            DILITHIUM_PRIV_RAND_SEED_SZ);
+    }
+#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+    if (ret == 0) {
+        dilithium_make_priv_vecs(key, s1, s2, t0);
+    }
+#endif
+#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+    if (ret == 0) {
+        /* Step 5: Create the matrix A from the public seed. */
+        ret = dilithium_expand_a(&key->shake, pub_seed, maxK, params->l, a,
+            key->heap);
+    }
+#endif
+    if (ret == 0) {
+        word16 kappa = 0;
+        int valid;
+
+        /* Step 11: Start rejection sampling loop */
+        do {
+            byte aseed[DILITHIUM_GEN_A_SEED_SZ];
+            byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
+            sword32* w = w1;
+            byte* commit = sig;
+            byte r;
+            byte s;
+            sword32 hi;
+            sword32* wt = w;
+            sword32* w0t = w0;
+            sword32* w1t = w1;
+            sword32* at = a;
+
+        #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+            w0t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N;
+            w1t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N;
+            wt += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N;
+            at += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * params->l *
+                DILITHIUM_N;
+        #endif
+
+            valid = 1;
+            /* Step 12: Compute vector y from private random seed and kappa. */
+            dilithium_vec_expand_mask(&key->shake, priv_rand_seed, kappa,
+                params->gamma1_bits, y, params->l);
+        #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_Y
+            valid = dilithium_vec_check_low(y, params->l,
+                (1 << params->gamma1_bits) - params->beta);
+        #endif
+
+        #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+            /* Step 13: NTT-1(A o NTT(y)) */
+            XMEMCPY(y_ntt, y, params->s1Sz);
+            dilithium_vec_ntt(y_ntt, params->l);
+            dilithium_matrix_mul(w, a, y_ntt, maxK, params->l);
+            dilithium_vec_invntt(w, maxK);
+            /* Step 14, Step 22: Make values positive and decompose. */
+            dilithium_vec_make_pos(w, maxK);
+            dilithium_vec_decompose(w, maxK, params->gamma2, w0, w1);
+        #endif
+            /* Step 5: Create the matrix A from the public seed. */
+            /* Copy the seed into a buffer that has space for s and r. */
+            XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+            r = WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A;
+        #else
+            r = 0;
+        #endif
+            /* Alg 26. Step 1: Loop over first dimension of matrix. */
+            for (; (ret == 0) && valid && (r < params->k); r++) {
+                unsigned int e;
+                sword32* yt = y;
+            #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+                sword32* y_ntt_t = z;
+            #else
+                sword32* y_ntt_t = y_ntt;
+            #endif
+
+                /* Put r/i into buffer to be hashed. */
+                aseed[DILITHIUM_PUB_SEED_SZ + 1] = r;
+                /* Alg 26. Step 2: Loop over second dimension of matrix. */
+                for (s = 0; (ret == 0) && (s < params->l); s++) {
+                    /* Put s into buffer to be hashed. */
+                    aseed[DILITHIUM_PUB_SEED_SZ + 0] = s;
+                    /* Alg 26. Step 3: Create polynomial from hashing seed. */
+                    ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, at,
+                        blocks);
+                    if (ret != 0) {
+                        break;
+                    }
+                    XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE);
+                    dilithium_ntt(y_ntt_t);
+                    /* Matrix multiply. */
+                #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+                    if (s == 0) {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
+                        for (e = 0; e < DILITHIUM_N; e++) {
+                            wt[e] = dilithium_mont_red((sword64)at[e] *
+                                y_ntt_t[e]);
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            wt[e + 0] = dilithium_mont_red((sword64)at[e + 0] *
+                                y_ntt_t[e + 0]);
+                            wt[e + 1] = dilithium_mont_red((sword64)at[e + 1] *
+                                y_ntt_t[e + 1]);
+                            wt[e + 2] = dilithium_mont_red((sword64)at[e + 2] *
+                                y_ntt_t[e + 2]);
+                            wt[e + 3] = dilithium_mont_red((sword64)at[e + 3] *
+                                y_ntt_t[e + 3]);
+                            wt[e + 4] = dilithium_mont_red((sword64)at[e + 4] *
+                                y_ntt_t[e + 4]);
+                            wt[e + 5] = dilithium_mont_red((sword64)at[e + 5] *
+                                y_ntt_t[e + 5]);
+                            wt[e + 6] = dilithium_mont_red((sword64)at[e + 6] *
+                                y_ntt_t[e + 6]);
+                            wt[e + 7] = dilithium_mont_red((sword64)at[e + 7] *
+                                y_ntt_t[e + 7]);
+                        }
+                    #endif
+                    }
+                    else {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
+                        for (e = 0; e < DILITHIUM_N; e++) {
+                            wt[e] += dilithium_mont_red((sword64)at[e] *
+                                y_ntt_t[e]);
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            wt[e + 0] += dilithium_mont_red((sword64)at[e + 0] *
+                                y_ntt_t[e + 0]);
+                            wt[e + 1] += dilithium_mont_red((sword64)at[e + 1] *
+                                y_ntt_t[e + 1]);
+                            wt[e + 2] += dilithium_mont_red((sword64)at[e + 2] *
+                                y_ntt_t[e + 2]);
+                            wt[e + 3] += dilithium_mont_red((sword64)at[e + 3] *
+                                y_ntt_t[e + 3]);
+                            wt[e + 4] += dilithium_mont_red((sword64)at[e + 4] *
+                                y_ntt_t[e + 4]);
+                            wt[e + 5] += dilithium_mont_red((sword64)at[e + 5] *
+                                y_ntt_t[e + 5]);
+                            wt[e + 6] += dilithium_mont_red((sword64)at[e + 6] *
+                                y_ntt_t[e + 6]);
+                            wt[e + 7] += dilithium_mont_red((sword64)at[e + 7] *
+                                y_ntt_t[e + 7]);
+                        }
+                    #endif
+                    }
+                #else
+                    if (s == 0) {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
+                        for (e = 0; e < DILITHIUM_N; e++) {
+                            t64[e] = (sword64)at[e] * y_ntt_t[e];
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            t64[e+0] = (sword64)at[e+0] * y_ntt_t[e+0];
+                            t64[e+1] = (sword64)at[e+1] * y_ntt_t[e+1];
+                            t64[e+2] = (sword64)at[e+2] * y_ntt_t[e+2];
+                            t64[e+3] = (sword64)at[e+3] * y_ntt_t[e+3];
+                            t64[e+4] = (sword64)at[e+4] * y_ntt_t[e+4];
+                            t64[e+5] = (sword64)at[e+5] * y_ntt_t[e+5];
+                            t64[e+6] = (sword64)at[e+6] * y_ntt_t[e+6];
+                            t64[e+7] = (sword64)at[e+7] * y_ntt_t[e+7];
+                        }
+                    #endif
+                    }
+                    else {
+                    #ifdef WOLFSSL_DILITHIUM_SMALL
+                        for (e = 0; e < DILITHIUM_N; e++) {
+                            t64[e] += (sword64)at[e] * y_ntt_t[e];
+                        }
+                    #else
+                        for (e = 0; e < DILITHIUM_N; e += 8) {
+                            t64[e+0] += (sword64)at[e+0] * y_ntt_t[e+0];
+                            t64[e+1] += (sword64)at[e+1] * y_ntt_t[e+1];
+                            t64[e+2] += (sword64)at[e+2] * y_ntt_t[e+2];
+                            t64[e+3] += (sword64)at[e+3] * y_ntt_t[e+3];
+                            t64[e+4] += (sword64)at[e+4] * y_ntt_t[e+4];
+                            t64[e+5] += (sword64)at[e+5] * y_ntt_t[e+5];
+                            t64[e+6] += (sword64)at[e+6] * y_ntt_t[e+6];
+                            t64[e+7] += (sword64)at[e+7] * y_ntt_t[e+7];
+                        }
+                    #endif
+                    }
+                #endif
+                    /* Next polynomial. */
+                    yt += DILITHIUM_N;
+                }
+            #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+                for (e = 0; e < DILITHIUM_N; e++) {
+                    wt[e] = dilithium_mont_red(t64[e]);
+                }
+            #endif
+                dilithium_invntt(wt);
+                /* Step 14, Step 22: Make values positive and decompose. */
+                dilithium_make_pos(wt);
+            #ifndef WOLFSSL_NO_ML_DSA_44
+                if (params->gamma2 == DILITHIUM_Q_LOW_88) {
+                    /* For each value of polynomial. */
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        /* Decompose value into two vectors. */
+                        dilithium_decompose_q88(wt[e], &w0t[e], &w1t[e]);
+                    }
+                }
+            #endif
+            #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+                if (params->gamma2 == DILITHIUM_Q_LOW_32) {
+                    /* For each value of polynomial. */
+                    for (e = 0; e < DILITHIUM_N; e++) {
+                        /* Decompose value into two vectors. */
+                        dilithium_decompose_q32(wt[e], &w0t[e], &w1t[e]);
+                    }
+                }
+            #endif
+            #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_W0
+                valid = dilithium_vec_check_low(w0t,
+                    params->gamma2 - params->beta);
+            #endif
+                wt  += DILITHIUM_N;
+                w0t += DILITHIUM_N;
+                w1t += DILITHIUM_N;
+            }
+            if ((ret == 0) && valid) {
+                sword32* yt = y;
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+                const byte* s1pt = s1p;
+            #endif
+                byte* ze = sig + params->lambda / 4;
+
+                /* Step 15: Encode w1. */
+                dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e);
+                /* Step 15: Hash mu and encoded w1.
+                 * Step 32: Hash is stored in signature. */
+                ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ,
+                    w1e, params->w1EncSz, commit, params->lambda / 4);
+                if (ret == 0) {
+                    /* Step 17: Compute c from first 256 bits of commit. */
+                    ret = dilithium_sample_in_ball_ex(params->level,
+                        &key->shake, commit, params->lambda / 4, params->tau, c,
+                        blocks);
+                }
+                if (ret == 0) {
+                    /* Step 18: NTT(c). */
+                    dilithium_ntt_small(c);
+                }
+
+                for (s = 0; (ret == 0) && valid && (s < params->l); s++) {
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+                #if !defined(WOLFSSL_NO_ML_DSA_44) || \
+                    !defined(WOLFSSL_NO_ML_DSA_87)
+                    /* -2..2 */
+                    if (params->eta == DILITHIUM_ETA_2) {
+                        dilithium_decode_eta_2_bits(s1pt, s1);
+                        s1pt += DILITHIUM_ETA_2_BITS * DILITHIUM_N / 8;
+                    }
+                #endif
+                #ifndef WOLFSSL_NO_ML_DSA_65
+                    /* -4..4 */
+                    if (params->eta == DILITHIUM_ETA_4) {
+                        dilithium_decode_eta_4_bits(s1pt, s1);
+                        s1pt += DILITHIUM_N / 2;
+                    }
+                #endif
+                    dilithium_ntt_small(s1);
+                    dilithium_mul(z, c, s1);
+            #else
+                    dilithium_mul(z, c, s1 + s * DILITHIUM_N);
+            #endif
+                    /* Step 19: cs1 = NTT-1(c o s1) */
+                    dilithium_invntt(z);
+                    /* Step 21: z = y + cs1 */
+                    dilithium_add(z, yt);
+                    dilithium_poly_red(z);
+                    /* Step 23: Check z has low enough values. */
+                    hi = (1 << params->gamma1_bits) - params->beta;
+                    valid = dilithium_check_low(z, hi);
+                    if (valid) {
+                        /* Step 32: Encode z into signature.
+                         * Commit (c) and h already encoded into signature. */
+                    #if !defined(WOLFSSL_NO_ML_DSA_44)
+                        if (params->gamma1_bits == DILITHIUM_GAMMA1_BITS_17) {
+                            dilithium_encode_gamma1_17_bits(z, ze);
+                            /* Move to next place to encode to. */
+                            ze += DILITHIUM_GAMMA1_17_ENC_BITS / 2 *
+                                  DILITHIUM_N / 4;
+                        }
+                        else
+                    #endif
+                    #if !defined(WOLFSSL_NO_ML_DSA_65) || \
+                        !defined(WOLFSSL_NO_ML_DSA_87)
+                        if (params->gamma1_bits == DILITHIUM_GAMMA1_BITS_19) {
+                            dilithium_encode_gamma1_19_bits(z, ze);
+                            /* Move to next place to encode to. */
+                            ze += DILITHIUM_GAMMA1_19_ENC_BITS / 2 *
+                                  DILITHIUM_N / 4;
+                        }
+                    #endif
+                    }
+
+                    yt += DILITHIUM_N;
+                }
+            }
+            if ((ret == 0) && valid) {
+                const byte* t0pt = t0p;
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+                const byte* s2pt = s2p;
+            #endif
+                sword32* cs2 = ct0;
+                w0t = w0;
+                w1t = w1;
+                byte idx = 0;
+
+                for (r = 0; valid && (r < params->k); r++) {
+            #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+                #if !defined(WOLFSSL_NO_ML_DSA_44) || \
+                    !defined(WOLFSSL_NO_ML_DSA_87)
+                    /* -2..2 */
+                    if (params->eta == DILITHIUM_ETA_2) {
+                        dilithium_decode_eta_2_bits(s2pt, s2);
+                        s2pt += DILITHIUM_ETA_2_BITS * DILITHIUM_N / 8;
+                    }
+                #endif
+                #ifndef WOLFSSL_NO_ML_DSA_65
+                    /* -4..4 */
+                    if (params->eta == DILITHIUM_ETA_4) {
+                        dilithium_decode_eta_4_bits(s2pt, s2);
+                        s2pt += DILITHIUM_N / 2;
+                    }
+                #endif
+                    dilithium_ntt_small(s2);
+                    /* Step 20: cs2 = NTT-1(c o s2) */
+                    dilithium_mul(cs2, c, s2);
+            #else
+                    /* Step 20: cs2 = NTT-1(c o s2) */
+                    dilithium_mul(cs2, c, s2 + r * DILITHIUM_N);
+            #endif
+                    dilithium_invntt(cs2);
+                    /* Step 22: w0 - cs2 */
+                    dilithium_sub(w0t, cs2);
+                    dilithium_poly_red(w0t);
+                    /* Step 23: Check w0 - cs2 has low enough values. */
+                    hi = params->gamma2 - params->beta;
+                    valid = dilithium_check_low(w0t, hi);
+                    if (valid) {
+                    #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+                        dilithium_decode_t0(t0pt, t0);
+                        dilithium_ntt(t0);
+
+                        /* Step 25: ct0 = NTT-1(c o t0) */
+                        dilithium_mul(ct0, c, t0);
+                    #else
+                        /* Step 25: ct0 = NTT-1(c o t0) */
+                        dilithium_mul(ct0, c, t0 + r * DILITHIUM_N);
+                    #endif
+                        dilithium_invntt(ct0);
+                        /* Step 27: Check ct0 has low enough values. */
+                        valid = dilithium_check_low(ct0, params->gamma2);
+                    }
+                    if (valid) {
+                        /* Step 26: ct0 = ct0 + w0 */
+                        dilithium_add(ct0, w0t);
+                        dilithium_poly_red(ct0);
+
+                        /* Step 26, 27: Make hint from ct0 and w1 and check
+                         * number of hints is valid.
+                         * Step 32: h is encoded into signature.
+                         */
+                    #ifndef WOLFSSL_NO_ML_DSA_44
+                        if (params->gamma2 == DILITHIUM_Q_LOW_88) {
+                            valid = (dilithium_make_hint_88(ct0, w1t, h,
+                                &idx) == 0);
+                            /* Alg 14, Step 10: Store count of hints for
+                             *                  polynomial at end of list. */
+                            h[PARAMS_ML_DSA_44_OMEGA + r] = idx;
+                        }
+                    #endif
+                    #if !defined(WOLFSSL_NO_ML_DSA_65) || \
+                        !defined(WOLFSSL_NO_ML_DSA_87)
+                        if (params->gamma2 == DILITHIUM_Q_LOW_32) {
+                            valid = (dilithium_make_hint_32(ct0, w1t,
+                                params->omega, h, &idx) == 0);
+                            /* Alg 14, Step 10: Store count of hints for
+                             *                  polynomial at end of list. */
+                            h[params->omega + r] = idx;
+                        }
+                    #endif
+                    }
+
+                    t0pt += DILITHIUM_D * DILITHIUM_N / 8;
+                    w0t += DILITHIUM_N;
+                    w1t += DILITHIUM_N;
+                }
+                /* Set remaining hints to zero. */
+                XMEMSET(h + idx, 0, params->omega - idx);
+            }
+
+            if (!valid) {
+                /* Too many attempts - something wrong with implementation. */
+                if ((kappa > (word16)(kappa + params->l))) {
+                    ret = BAD_COND_E;
+                }
+
+                /* Step 30: increment value to append to seed to unique value.
+                 */
+                kappa += params->l;
+            }
+        }
+        /* Step 11: Check we have a valid signature. */
+        while ((ret == 0) && (!valid));
+    }
+
+    XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+#endif
+}
+
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *  11: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  12: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      seed    Random seed.
+ * @param [in]      ctx     Context of signature.
+ * @param [in]      ctxLen  Length of context in bytes.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key,
+    const byte* seed, const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32 *sigLen)
+{
+    int ret;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+    /* Step 6. Calculate mu. */
+    ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+        ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *  11: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  12: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      seed    Random seed.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
+{
+    int ret;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+    /* Step 6. Calculate mu. */
+    ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, mu,
+        DILITHIUM_MU_SZ);
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a message with the key and a random number generator.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   9:
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in, out] rng     Random number generator.
+ * @param [in]      ctx     Context of signature.
+ * @param [in]      ctxLen  Length of context.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng,
+    const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
         ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-        if (key->level == 2) {
-            oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+            ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a message with the key and a random number generator.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   9:
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in, out] rng     Random number generator.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
+            mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a pre-hashed message with the key and a seed.
+ *
+ * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
+ *   ...
+ *  10: switch PH do
+ *  11:    case SHA-256:
+ *  12:       OID <-  IntegerToBytes(0x0609608648016503040201, 11)
+ *  13:       PHm <- SHA256(M)    (not done here as hash is passed in)
+ *   ...
+ *  22: end switch
+ *  23: M' <- BytesToBits(IntegerToBytes(1, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || OID || PHm)
+ *  24: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  25: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key      Dilithium key.
+ * @param [in]      seed     Random seed.
+ * @param [in]      ctx      Context of signature.
+ * @param [in]      ctxLen   Length of context.
+ * @param [in]      hashAlg  Hash algorithm used on message.
+ * @param [in]      hash     Message hash to sign.
+ * @param [in]      hashLen  Length of message hash in bytes.
+ * @param [out]     sig      Buffer to hold signature.
+ * @param [in, out] sigLen   On in, length of buffer in bytes.
+ *                           On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key,
+    const byte* seed, const byte* ctx, byte ctxLen, int hashAlg,
+    const byte* hash, word32 hashLen, byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+    byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
+    word32 oidMsgHashLen;
+
+    if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+
+        ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen);
+    }
+    if (ret == 0) {
+        XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen);
+        oidMsgHashLen += hashLen;
+
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1,
+            ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a pre-hashed message with the key and a random number generator.
+ *
+ * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   ...
+ *
+ * @param [in, out] key      Dilithium key.
+ * @param [in, out] rng      Random number generator.
+ * @param [in]      ctx      Context of signature.
+ * @param [in]      ctxLen   Length of context.
+ * @param [in]      hashAlg  Hash algorithm used on message.
+ * @param [in]      hash     Message hash to sign.
+ * @param [in]      hashLen  Length of message hash in bytes.
+ * @param [out]     sig      Buffer to hold signature.
+ * @param [in, out] sigLen   On in, length of buffer in bytes.
+ *                           On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng,
+    const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen,
+    byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    byte seed[DILITHIUM_RND_SZ];
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_RND_SZ);
+    }
+
+    if (ret == 0) {
+        ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen, hashAlg,
+            hash, hashLen, sig, sigLen);
+    }
+
+    return ret;
+}
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+#if !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) || \
+     defined(WC_DILITHIUM_CACHE_PUB_VECTORS)
+/* Make public vector from public key data.
+ *
+ * @param [in, out] key  Key with public key data.
+ * @param [out]     t1   Vector in NTT form.
+ */
+static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
+{
+    const wc_dilithium_params* params = key->params;
+    const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ;
+
+    dilithium_vec_decode_t1(t1p, params->k, t1);
+    dilithium_vec_ntt(t1, params->k);
+
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    key->pubVecSet = 1;
+#endif
+}
+#endif
+
+/* Verify signature of message using public key.
+ *
+ * FIPS 204. 6: Algorithm 3 ML-DSA.Verify(pk, M, sigma)
+ *  1: (rho, t1) <- pkDecode(pk)
+ *  2: (c_tilde, z, h) <- sigDecode(sigma)
+ *  3: if h = falsam then return false
+ *  4: end if
+ *  5: A_circum <- ExpandS(rho)
+ *  6: tr <- H(BytesToBits(pk), 512)
+ *  7: mu <- H(tr||M, 512)
+ *  8: (c1_tilde, c2_tilde) E {0,1}256 x {0,1)2*lambda-256 <- c_tilde
+ *  9: c <- SampleInBall(c1_tilde)
+ * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.2^d))
+ * 11: w1' <- UseHint(h, w'approx)
+ * 12: c'_tilde < H(mu||w1Encode(w1'), 2*lambda)
+ * 13: return [[ ||z||inf < GAMMA1 - BETA]] and [[c_tilde = c'_tilde]] and
+ *             [[number of 1's in h is <= OMEGA
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      mu      Data to verify.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
+    const byte* sig, word32 sigLen, int* res)
+{
+#ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    const byte* pub_seed = key->p;
+    const byte* commit = sig;
+    const byte* ze = sig + params->lambda / 4;
+    const byte* h = ze + params->zEncSz;
+    sword32* a = NULL;
+    sword32* t1 = NULL;
+    sword32* c = NULL;
+    sword32* z = NULL;
+    sword32* w = NULL;
+    sword32* t1c = NULL;
+    byte commit_calc[DILITHIUM_TR_SZ];
+    byte* w1e = NULL;
+    int valid = 0;
+    sword32 hi;
+
+    /* Ensure the signature is the right size for the parameters. */
+    if (sigLen != params->sigSz) {
+        ret = BUFFER_E;
+    }
+    if (ret == 0) {
+        /* Step 13: Verify the hint is well-formed. */
+        ret = dilithium_check_hint(h, params->k, params->omega);
+    }
+
+    /* Allocate memory for large intermediates. */
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if ((ret == 0) && (key->a == NULL)) {
+        key->a = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->a == NULL) {
+            ret = MEMORY_E;
         }
-        else if (key->level == 3) {
-            oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
+        else {
+            XMEMSET(key->a, 0, params->aSz);
         }
-        else if (key->level == 5) {
-            oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5);
+    }
+#endif
+    if (ret == 0) {
+        a = key->a;
+    }
+#endif
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if ((ret == 0) && (key->t1 == NULL)) {
+        key->t1 = (sword32*)XMALLOC(params->s2Sz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->t1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(key->t1, 0, params->s2Sz);
+        }
+    }
+#endif
+    if (ret == 0) {
+        t1 = key->t1;
+    }
+#endif
+    if (ret == 0) {
+        unsigned int allocSz;
+
+        /* z, c, w, t1/t1c */
+        allocSz = DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz +
+            params->s2Sz;
+#ifndef WC_DILITHIUM_CACHE_MATRIX_A
+        /* a */
+        allocSz += params->aSz;
+#endif
+
+        z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (z == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(z, 0, allocSz);
+            c   = z  + params->s1Sz / sizeof(*z);
+            w   = c  + DILITHIUM_N;
+#ifndef WC_DILITHIUM_CACHE_PUB_VECTORS
+            t1  = w  + params->s2Sz / sizeof(*w);
+            t1c = t1;
+#else
+            t1c = w  + params->s2Sz / sizeof(*w);
+#endif
+#ifndef WC_DILITHIUM_CACHE_MATRIX_A
+            a   = t1 + params->s2Sz / sizeof(*t1);
+#endif
+            w1e = (byte*)c;
+        }
+    }
+
+    if (ret == 0) {
+        /* Step 2: Decode z from signature. */
+        dilithium_vec_decode_gamma1(ze, params->l, params->gamma1_bits, z);
+        /* Step 13: Check z is valid - values are low enough. */
+        hi = (1 << params->gamma1_bits) - params->beta;
+        valid = dilithium_vec_check_low(z, params->l, hi);
+    }
+    if ((ret == 0) && valid) {
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+        /* Check that we haven't already cached the public vector. */
+        if (!key->pubVecSet)
+#endif
+        {
+            /* Step 1: Decode and NTT vector t1. */
+            dilithium_make_pub_vec(key, t1);
+        }
+
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+        /* Check that we haven't already cached the matrix A. */
+        if (!key->aSet)
+#endif
+        {
+            /* Step 5: Expand pub seed to compute matrix A. */
+            ret = dilithium_expand_a(&key->shake, pub_seed, params->k,
+                params->l, a, key->heap);
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+            /* Whether we have cached A is dependent on success of operation. */
+            key->aSet = (ret == 0);
+#endif
+        }
+    }
+    if ((ret == 0) && valid) {
+        /* Step 9: Compute c from commit. */
+        ret = dilithium_sample_in_ball(params->level, &key->shake, commit,
+            params->lambda / 4, params->tau, c, key->heap);
+    }
+    if ((ret == 0) && valid) {
+        /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
+        dilithium_vec_ntt(z, params->l);
+        dilithium_matrix_mul(w, a, z, params->k, params->l);
+        dilithium_ntt_small(c);
+        dilithium_vec_mul(t1c, c, t1, params->k);
+        dilithium_vec_sub(w, t1c, params->k);
+        dilithium_vec_invntt(w, params->k);
+        /* Step 11: Use hint to give full w1. */
+        dilithium_vec_use_hint(w, params->k, params->gamma2, params->omega, h);
+        /* Step 12: Encode w1. */
+        dilithium_vec_encode_w1(w, params->k, params->gamma2, w1e);
+        /* Step 12: Hash mu and encoded w1. */
+        ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e,
+            params->w1EncSz, commit_calc, params->lambda / 4);
+    }
+    if ((ret == 0) && valid) {
+        /* Step 13: Compare commit. */
+        valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0);
+    }
+
+    *res = valid;
+    XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    return ret;
+#else
+    int ret = 0;
+    const wc_dilithium_params* params = key->params;
+    const byte* pub_seed = key->p;
+    const byte* t1p = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* commit = sig;
+    const byte* ze = sig + params->lambda / 4;
+    const byte* h = ze + params->zEncSz;
+    sword32* t1 = NULL;
+    sword32* a = NULL;
+    sword32* c = NULL;
+    sword32* z = NULL;
+    sword32* w = NULL;
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64* t64 = NULL;
+#endif
+#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+    byte*    block = NULL;
+#endif
+    byte* w1e = NULL;
+    byte commit_calc[DILITHIUM_TR_SZ];
+    int valid = 0;
+    sword32 hi;
+    unsigned int r;
+    byte o;
+    byte* encW1;
+    byte* seed = commit_calc;
+
+    /* Ensure the signature is the right size for the parameters. */
+    if (sigLen != params->sigSz) {
+        ret = BUFFER_E;
+    }
+    if (ret == 0) {
+        /* Step 13: Verify the hint is well-formed. */
+        ret = dilithium_check_hint(h, params->k, params->omega);
+    }
+
+#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+    /* Allocate memory for large intermediates. */
+    if (ret == 0) {
+        /* z, c, w, t1, w1e. */
+        unsigned int allocSz;
+
+        allocSz  = params->s1Sz + 3 * DILITHIUM_POLY_SIZE +
+            DILITHIUM_REJ_NTT_POLY_H_SIZE + params->w1EncSz;
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        allocSz += DILITHIUM_POLY_SIZE * 2;
+    #endif
+        z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (z == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(z, 0, allocSz);
+            c     = z + params->s1Sz / sizeof(*t1);
+            w     = c + DILITHIUM_N;
+            t1    = w + DILITHIUM_N;
+            block = (byte*)(t1 + DILITHIUM_N);
+            w1e   = block + DILITHIUM_REJ_NTT_POLY_H_SIZE;
+            a     = t1;
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            t64   = (sword64*)(w1e + params->w1EncSz);
+        #endif
+        }
+    }
+#else
+    if (ret == 0) {
+        z = key->z;
+        c = key->c;
+        w = key->w;
+        t1 = key->t1;
+        w1e = key->w1e;
+        a = t1;
+    #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        t64 = key->t64;
+    #endif
+    }
+#endif
+
+    if (ret == 0) {
+        /* Step 2: Decode z from signature. */
+        dilithium_vec_decode_gamma1(ze, params->l, params->gamma1_bits, z);
+        /* Step 13: Check z is valid - values are low enough. */
+        hi = (1 << params->gamma1_bits) - params->beta;
+        valid = dilithium_vec_check_low(z, params->l, hi);
+    }
+    if ((ret == 0) && valid) {
+        /* Step 10: NTT(z) */
+        dilithium_vec_ntt(z, params->l);
+
+         /* Step 9: Compute c from first 256 bits of commit. */
+#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+         ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit,
+             params->lambda / 4, params->tau, c, key->block);
+#else
+         ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit,
+             params->lambda / 4, params->tau, c, block);
+#endif
+    }
+    if ((ret == 0) && valid) {
+        dilithium_ntt_small(c);
+
+        o = 0;
+        encW1 = w1e;
+
+        /* Copy the seed into a buffer that has space for s and r. */
+        XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        /* Step 1: Loop over first dimension of matrix. */
+        for (r = 0; (ret == 0) && (r < params->k); r++) {
+            unsigned int s;
+            unsigned int e;
+            const sword32* zt = z;
+
+            /* Step 1: Decode and NTT vector t1. */
+            dilithium_decode_t1(t1p, w);
+            /* Next polynomial. */
+            t1p += DILITHIUM_U * DILITHIUM_N / 8;
+
+            /* Step 10: - NTT(c) o NTT(t1)) */
+            dilithium_ntt(w);
+    #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+        #ifdef WOLFSSL_DILITHIUM_SMALL
+            for (e = 0; e < DILITHIUM_N; e++) {
+                w[e] = -dilithium_mont_red((sword64)c[e] * w[e]);
+            }
+        #else
+            for (e = 0; e < DILITHIUM_N; e += 8) {
+                w[e+0] = -dilithium_mont_red((sword64)c[e+0] * w[e+0]);
+                w[e+1] = -dilithium_mont_red((sword64)c[e+1] * w[e+1]);
+                w[e+2] = -dilithium_mont_red((sword64)c[e+2] * w[e+2]);
+                w[e+3] = -dilithium_mont_red((sword64)c[e+3] * w[e+3]);
+                w[e+4] = -dilithium_mont_red((sword64)c[e+4] * w[e+4]);
+                w[e+5] = -dilithium_mont_red((sword64)c[e+5] * w[e+5]);
+                w[e+6] = -dilithium_mont_red((sword64)c[e+6] * w[e+6]);
+                w[e+7] = -dilithium_mont_red((sword64)c[e+7] * w[e+7]);
+            }
+        #endif
+    #else
+        #ifdef WOLFSSL_DILITHIUM_SMALL
+            for (e = 0; e < DILITHIUM_N; e++) {
+                t64[e] = -(sword64)c[e] * w[e];
+            }
+        #else
+            for (e = 0; e < DILITHIUM_N; e += 8) {
+                t64[e+0] = -(sword64)c[e+0] * w[e+0];
+                t64[e+1] = -(sword64)c[e+1] * w[e+1];
+                t64[e+2] = -(sword64)c[e+2] * w[e+2];
+                t64[e+3] = -(sword64)c[e+3] * w[e+3];
+                t64[e+4] = -(sword64)c[e+4] * w[e+4];
+                t64[e+5] = -(sword64)c[e+5] * w[e+5];
+                t64[e+6] = -(sword64)c[e+6] * w[e+6];
+                t64[e+7] = -(sword64)c[e+7] * w[e+7];
+            }
+        #endif
+    #endif
+
+            /* Step 5: Expand pub seed to compute matrix A. */
+            /* Put r into buffer to be hashed. */
+            seed[DILITHIUM_PUB_SEED_SZ + 1] = r;
+            for (s = 0; (ret == 0) && (s < params->l); s++) {
+                /* Put s into buffer to be hashed. */
+                seed[DILITHIUM_PUB_SEED_SZ + 0] = s;
+                /* Step 3: Create polynomial from hashing seed. */
+            #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+                ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, key->h);
+            #else
+                ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, block);
+            #endif
+
+                /* Step 10: w = A o NTT(z) - NTT(c) o NTT(t1) */
+        #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            #ifdef WOLFSSL_DILITHIUM_SMALL
+                for (e = 0; e < DILITHIUM_N; e++) {
+                    w[e] += dilithium_mont_red((sword64)a[e] * zt[e]);
+                }
+            #else
+                for (e = 0; e < DILITHIUM_N; e += 8) {
+                    w[e+0] += dilithium_mont_red((sword64)a[e+0] * zt[e+0]);
+                    w[e+1] += dilithium_mont_red((sword64)a[e+1] * zt[e+1]);
+                    w[e+2] += dilithium_mont_red((sword64)a[e+2] * zt[e+2]);
+                    w[e+3] += dilithium_mont_red((sword64)a[e+3] * zt[e+3]);
+                    w[e+4] += dilithium_mont_red((sword64)a[e+4] * zt[e+4]);
+                    w[e+5] += dilithium_mont_red((sword64)a[e+5] * zt[e+5]);
+                    w[e+6] += dilithium_mont_red((sword64)a[e+6] * zt[e+6]);
+                    w[e+7] += dilithium_mont_red((sword64)a[e+7] * zt[e+7]);
+                }
+            #endif
+        #else
+            #ifdef WOLFSSL_DILITHIUM_SMALL
+                for (e = 0; e < DILITHIUM_N; e++) {
+                    t64[e] += (sword64)a[e] * zt[e];
+                }
+            #else
+                for (e = 0; e < DILITHIUM_N; e += 8) {
+                    t64[e+0] += (sword64)a[e+0] * zt[e+0];
+                    t64[e+1] += (sword64)a[e+1] * zt[e+1];
+                    t64[e+2] += (sword64)a[e+2] * zt[e+2];
+                    t64[e+3] += (sword64)a[e+3] * zt[e+3];
+                    t64[e+4] += (sword64)a[e+4] * zt[e+4];
+                    t64[e+5] += (sword64)a[e+5] * zt[e+5];
+                    t64[e+6] += (sword64)a[e+6] * zt[e+6];
+                    t64[e+7] += (sword64)a[e+7] * zt[e+7];
+                }
+            #endif
+        #endif
+                /* Next polynomial. */
+                zt += DILITHIUM_N;
+            }
+        #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+            for (e = 0; e < DILITHIUM_N; e++) {
+                w[e] = dilithium_mont_red(t64[e]);
+            }
+        #endif
+
+            /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
+            dilithium_invntt(w);
+
+        #ifndef WOLFSSL_NO_ML_DSA_44
+            if (params->gamma2 == DILITHIUM_Q_LOW_88) {
+                /* Step 11: Use hint to give full w1. */
+                dilithium_use_hint_88(w, h, r, &o);
+                /* Step 12: Encode w1. */
+                dilithium_encode_w1_88(w, encW1);
+                encW1 += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+            if (params->gamma2 == DILITHIUM_Q_LOW_32) {
+                /* Step 11: Use hint to give full w1. */
+                dilithium_use_hint_32(w, h, params->omega, r, &o);
+                /* Step 12: Encode w1. */
+                dilithium_encode_w1_32(w, encW1);
+                encW1 += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16;
+            }
+            else
+        #endif
+            {
+            }
+        }
+    }
+    if ((ret == 0) && valid) {
+        /* Step 12: Hash mu and encoded w1. */
+        ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e,
+            params->w1EncSz, commit_calc, params->lambda / 4);
+    }
+    if ((ret == 0) && valid) {
+        /* Step 13: Compare commit. */
+        valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0);
+    }
+
+    *res = valid;
+#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+    XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM);
+#endif
+    return ret;
+#endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */
+}
+
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      ctx     Context of verification.
+ * @param [in]      ctxLen  Length of context in bytes.
+ * @param [in]      msg     Message to verify.
+ * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, const byte* sig,
+    word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+            ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      msg     Message to verify.
+ * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
+    word32 msgLen, const byte* sig, word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
+            mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key       Dilithium key.
+ * @param [in]      ctx       Context of verification.
+ * @param [in]      ctxLen    Length of context in bytes.
+ * @param [iu]      hashAlg   Hash algorithm used on message.
+ * @param [in]      hash      Hash of message to verify.
+ * @param [in]      hashLen   Length of message hash in bytes.
+ * @param [in]      sig       Signature to verify message.
+ * @param [in]      sigLen    Length of message in bytes.
+ * @param [out]     res       Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx,
+    word32 ctxLen, int hashAlg, const byte* hash, word32 hashLen,
+    const byte* sig, word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+    byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
+    word32 oidMsgHashLen;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen);
+    }
+    if (ret == 0) {
+        XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen);
+        oidMsgHashLen += hashLen;
+
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1,
+            ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#elif defined(HAVE_LIBOQS)
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+static int oqs_dilithium_make_key(dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+    OQS_SIG *oqssig = NULL;
+
+    if (key->level == WC_ML_DSA_44) {
+        oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd);
+    }
+    else if (key->level == WC_ML_DSA_65) {
+        oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd);
+    }
+    else if (key->level == WC_ML_DSA_87) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd);
+    }
+    else {
+        ret = SIG_TYPE_E;
+    }
+
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+        if (ret == 0) {
+            if (OQS_SIG_keypair(oqssig, key->p, key->k) != OQS_SUCCESS) {
+                ret = BUFFER_E;
+            }
+        }
+        wolfSSL_liboqsRngMutexUnlock();
+    }
+    if (ret == 0) {
+        key->prvKeySet = 1;
+        key->pubKeySet = 1;
+    }
+
+    if (oqssig != NULL) {
+        OQS_SIG_free(oqssig);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+    OQS_SIG *oqssig = NULL;
+    size_t localOutLen = 0;
+
+    if (!key->prvKeySet) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        if (key->level == WC_ML_DSA_44) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd);
         }
         else {
             ret = SIG_TYPE_E;
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     /* check and set up out length */
     if (ret == 0) {
-        if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_SIG_SIZE)) {
-            *outLen = DILITHIUM_LEVEL2_SIG_SIZE;
+        if ((key->level == WC_ML_DSA_44) &&
+                (*sigLen < ML_DSA_LEVEL2_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL2_SIG_SIZE;
             ret = BUFFER_E;
         }
-        else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_SIG_SIZE)) {
-            *outLen = DILITHIUM_LEVEL3_SIG_SIZE;
+        else if ((key->level == WC_ML_DSA_65) &&
+                 (*sigLen < ML_DSA_LEVEL3_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL3_SIG_SIZE;
             ret = BUFFER_E;
         }
-        else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_SIG_SIZE)) {
-            *outLen = DILITHIUM_LEVEL5_SIG_SIZE;
+        else if ((key->level == WC_ML_DSA_87) &&
+                 (*sigLen < ML_DSA_LEVEL5_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL5_SIG_SIZE;
             ret = BUFFER_E;
         }
-        localOutLen = *outLen;
+        localOutLen = *sigLen;
+    }
+
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
     }
 
     if ((ret == 0) &&
-        (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
+        (OQS_SIG_sign(oqssig, sig, &localOutLen, msg, msgLen, key->k)
          == OQS_ERROR)) {
         ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-        *outLen = (word32)localOutLen;
+        *sigLen = (word32)localOutLen;
+    }
+
+    wolfSSL_liboqsRngMutexUnlock();
+
+    if (oqssig != NULL) {
+        OQS_SIG_free(oqssig);
+    }
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen,
+    const byte* msg, word32 msgLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+    OQS_SIG *oqssig = NULL;
+
+    if (!key->pubKeySet) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        if (key->level == WC_ML_DSA_44) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd);
+        }
+        else {
+            ret = SIG_TYPE_E;
+        }
+    }
+
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
+    if ((ret == 0) &&
+        (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p)
+         == OQS_ERROR)) {
+         ret = SIG_VERIFY_E;
+    }
+
+    if (ret == 0) {
+        *res = 1;
     }
 
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
+
 #else
-    ret = NOT_COMPILED_IN;
+    #error "No dilithium implementation chosen."
 #endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_MakePqcSignatureKey(rng,
+                WC_PQC_SIG_TYPE_DILITHIUM, key->level, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+#ifdef WOLFSSL_WC_DILITHIUM
+        /* Check the level or parameters have been set. */
+        if (key->params == NULL) {
+            ret = BAD_STATE_E;
+        }
+        else {
+            /* Make the key. */
+            ret = dilithium_make_key(key, rng);
+        }
+#elif defined(HAVE_LIBOQS)
+        /* Make the key. */
+        ret = oqs_dilithium_make_key(key, rng);
+#endif
+    }
+
+    return ret;
+}
+
+int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (seed == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+#ifdef WOLFSSL_WC_DILITHIUM
+        /* Check the level or parameters have been set. */
+        if (key->params == NULL) {
+            ret = BAD_STATE_E;
+        }
+        else {
+            /* Make the key. */
+            ret = dilithium_make_key_from_seed(key, seed);
+        }
+#elif defined(HAVE_LIBOQS)
+        /* Make the key. */
+        ret = NOT_COMPILED_IN;
+#endif
+    }
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen,
+                    WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_msg(key, rng, ctx, ctxLen, msg, msgLen, sig,
+            sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message using the dilithium private key.
+ *
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0,
+                    WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_msg(key, rng, msg, msgLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message hash using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  hashAlg     [in]      Hash algorithm used on message.
+ *  hash        [in]      Hash of message to sign.
+ *  hashLen     [in]      Length of the message hash in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
+   const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+   dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen,
+                    hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_hash(key, rng, ctx, ctxLen, hashAlg, hash,
+            hashLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+        (void)rng;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_msg_with_seed(key, seed, ctx, ctxLen, msg,
+            msgLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)msgLen;
+        (void)seed;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message using the dilithium private key.
+ *
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_msg_with_seed(key, seed, msg, msgLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)msgLen;
+        (void)seed;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  hashAlg     [in]      Hash algorithm used on message.
+ *  hash        [in]      Hash of message to sign.
+ *  hashLen     [in]      Length of the message hash in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
+    int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen,
+            hashAlg, hash, hashLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+        (void)seed;
+    #endif
+    }
+
+    return ret;
+}
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+/* Verify the message using the dilithium public key.
+ *
+ *  sig         [in]  Signature to verify.
+ *  sigLen      [in]  Size of signature in bytes.
+ *  ctx         [in]  Context of signature.
+ *  ctxLen      [in]  Length of context in bytes.
+ *  msg         [in]  Message to verify.
+ *  msgLen      [in]  Length of the message in bytes.
+ *  res         [out] *res is set to 1 on successful verification.
+ *  key         [in]  Dilithium key to use to verify.
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (msg == NULL) || (res == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen,
+                    WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig,
+            sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)sigLen;
+        (void)msgLen;
+        (void)res;
+    #endif
+    }
+
     return ret;
 }
 
@@ -139,55 +8362,107 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
  *          0 otherwise.
  */
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                            word32 msgLen, int* res, dilithium_key* key)
+    word32 msgLen, int* res, dilithium_key* key)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
 
-    if (key == NULL || sig == NULL || msg == NULL || res == NULL) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if ((ret == 0) && (!key->pubKeySet)) {
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (msg == NULL) || (res == NULL)) {
         ret = BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
     if (ret == 0) {
-        if (key->level == 2) {
-            oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
-        }
-        else if (key->level == 3) {
-            oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
-        }
-        else if (key->level == 5) {
-            oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5);
-        }
-        else {
-            ret = SIG_TYPE_E;
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
+                    WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
         }
     }
-
-    if ((ret == 0) &&
-        (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p)
-         == OQS_ERROR)) {
-         ret = SIG_VERIFY_E;
-    }
-
-    if (ret == 0) {
-        *res = 1;
-    }
-
-    if (oqssig != NULL) {
-        OQS_SIG_free(oqssig);
-    }
-#else
-    ret = NOT_COMPILED_IN;
 #endif
 
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_msg(key, msg, msgLen, sig, sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = oqs_dilithium_verify_msg(sig, sigLen, msg, msgLen, res, key);
+    #endif
+    }
+
     return ret;
 }
 
+/* Verify the message using the dilithium public key.
+ *
+ *  sig         [in]  Signature to verify.
+ *  sigLen      [in]  Size of signature in bytes.
+ *  ctx         [in]  Context of signature.
+ *  ctxLen      [in]  Length of context in bytes.
+ *  hashAlg     [in]  Hash algorithm used on message.
+ *  hash        [in]  Hash of message to verify.
+ *  hashLen     [in]  Length of the message hash in bytes.
+ *  res         [out] *res is set to 1 on successful verification.
+ *  key         [in]  Dilithium key to use to verify.
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
+    const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
+    word32 hashLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (hash == NULL) || (res == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen,
+                    hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_ctx_hash(key, ctx, ctxLen, hashAlg, hash,
+            hashLen, sig, sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)sigLen;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+    #endif
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
+
 /* Initialize the dilithium private/public key.
  *
  * key  [in]  Dilithium key.
@@ -195,14 +8470,103 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
  */
 int wc_dilithium_init(dilithium_key* key)
 {
+    return wc_dilithium_init_ex(key, NULL, INVALID_DEVID);
+}
+
+/* Initialize the dilithium private/public key.
+ *
+ * key  [in]  Dilithium key.
+ * heap [in]  Heap hint.
+ * devId[in]  Device ID.
+ * returns BAD_FUNC_ARG when key is NULL
+ */
+int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId)
+{
+    int ret = 0;
+
+    (void)devId;
+
+    /* Validate parameters. */
     if (key == NULL) {
-        return BAD_FUNC_ARG;
+        ret = BAD_FUNC_ARG;
     }
 
-    ForceZero(key, sizeof(key));
-    return 0;
+    if (ret == 0) {
+        /* Ensure all fields reset. */
+        XMEMSET(key, 0, sizeof(*key));
+
+    #ifdef WOLF_CRYPTO_CB
+        key->devCtx = NULL;
+        key->devId = devId;
+    #endif
+    #ifdef WOLF_PRIVATE_KEY_ID
+        key->idLen = 0;
+        key->labelLen = 0;
+    #endif
+        key->heap = heap;
+    }
+
+    return ret;
 }
 
+#ifdef WOLF_PRIVATE_KEY_ID
+int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len,
+    void* heap, int devId)
+{
+    int ret = 0;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && ((len < 0) || (len > DILITHIUM_MAX_ID_LEN))) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        ret = wc_dilithium_init_ex(key, heap, devId);
+    }
+    if ((ret == 0) && (id != NULL) && (len != 0)) {
+        XMEMCPY(key->id, id, (size_t)len);
+        key->idLen = len;
+    }
+
+    /* Set the maximum level here */
+    wc_dilithium_set_level(key, WC_ML_DSA_87);
+
+    return ret;
+}
+
+int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap,
+    int devId)
+{
+    int ret = 0;
+    int labelLen = 0;
+
+    if ((key == NULL) || (label == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        labelLen = (int)XSTRLEN(label);
+        if ((labelLen == 0) || (labelLen > DILITHIUM_MAX_LABEL_LEN)) {
+            ret = BUFFER_E;
+        }
+    }
+
+    if (ret == 0) {
+        ret = wc_dilithium_init_ex(key, heap, devId);
+    }
+    if (ret == 0) {
+        XMEMCPY(key->label, label, (size_t)labelLen);
+        key->labelLen = labelLen;
+    }
+
+    /* Set the maximum level here */
+    wc_dilithium_set_level(key, WC_ML_DSA_87);
+
+    return ret;
+}
+#endif
+
 /* Set the level of the dilithium private/public key.
  *
  * key   [out]  Dilithium key.
@@ -211,18 +8575,61 @@ int wc_dilithium_init(dilithium_key* key)
  */
 int wc_dilithium_set_level(dilithium_key* key, byte level)
 {
+    int ret = 0;
+
+    /* Validate parameters. */
     if (key == NULL) {
-        return BAD_FUNC_ARG;
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && ((level == WC_ML_DSA_44) || (level == WC_ML_DSA_65) ||
+            (level == WC_ML_DSA_87))) {
+        /* Nothing to do. */
+    }
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+    else if ((ret == 0) && ((level == WC_ML_DSA_44_DRAFT) ||
+             (level == WC_ML_DSA_65_DRAFT) || (level == WC_ML_DSA_87_DRAFT))) {
+        /* Nothing to do. */
+    }
+#endif
+    else {
+        ret = BAD_FUNC_ARG;
     }
 
-    if (level != 2 && level != 3 && level != 5) {
-        return BAD_FUNC_ARG;
+    if (ret == 0) {
+#ifdef WOLFSSL_WC_DILITHIUM
+        /* Get the parameters for level into key. */
+        ret = dilithium_get_params(level, &key->params);
+    }
+    if (ret == 0) {
+        /* Clear any cached items. */
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+        XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        key->a = NULL;
+        key->aSet = 0;
+    #endif
+    #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+        XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        key->s1 = NULL;
+        key->s2 = NULL;
+        key->t0 = NULL;
+        key->privVecsSet = 0;
+    #endif
+    #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+        XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        key->t1 = NULL;
+        key->pubVecSet = 0;
+    #endif
+#endif
+#endif /* WOLFSSL_WC_DILITHIUM */
+
+        /* Store level and indicate public and private key are not set. */
+        key->level = level % WC_ML_DSA_DRAFT;
+        key->pubKeySet = 0;
+        key->prvKeySet = 0;
     }
 
-    key->level = level;
-    key->pubKeySet = 0;
-    key->prvKeySet = 0;
-    return 0;
+    return ret;
 }
 
 /* Get the level of the dilithium private/public key.
@@ -233,16 +8640,23 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
  */
 int wc_dilithium_get_level(dilithium_key* key, byte* level)
 {
-    if (key == NULL || level == NULL) {
-        return BAD_FUNC_ARG;
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (level == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (key->level != WC_ML_DSA_44) &&
+            (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) {
+        ret = BAD_FUNC_ARG;
     }
 
-    if (key->level != 2 && key->level != 3 && key->level != 5) {
-        return BAD_FUNC_ARG;
+    if (ret == 0) {
+        /* Return level. */
+        *level = key->level;
     }
 
-    *level = key->level;
-    return 0;
+    return ret;
 }
 
 /* Clears the dilithium key data
@@ -252,676 +8666,1605 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level)
 void wc_dilithium_free(dilithium_key* key)
 {
     if (key != NULL) {
-        ForceZero(key, sizeof(key));
+#ifdef WOLFSSL_WC_DILITHIUM
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+        /* Dispose of cached items. */
+    #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+        XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    #endif
+    #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+        XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    #endif
+    #ifdef WC_DILITHIUM_CACHE_MATRIX_A
+        XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    #endif
+#endif
+        /* Free the SHAKE-128/256 object. */
+        wc_Shake256_Free(&key->shake);
+#endif
+        /* Ensure all private data is zeroized. */
+        ForceZero(key, sizeof(*key));
     }
 }
 
-/* Export the dilithium public key.
- *
- * key     [in]      Dilithium public key.
- * out     [in]      Array to hold public key.
- * outLen  [in/out]  On in, the number of bytes in array.
- *                   On out, the number bytes put into array.
- * returns BAD_FUNC_ARG when a parameter is NULL,
- *         BUFFER_E when outLen is less than DILITHIUM_LEVEL2_PUB_KEY_SIZE,
- *         0 otherwise.
- */
-int wc_dilithium_export_public(dilithium_key* key,
-                               byte* out, word32* outLen)
-{
-    /* sanity check on arguments */
-    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level != 1) && (key->level != 5)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (!key->pubKeySet) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* check and set up out length */
-    if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_PUB_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
-        return BUFFER_E;
-    }
-    else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_PUB_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
-        return BUFFER_E;
-    }
-    else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_PUB_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
-        return BUFFER_E;
-    }
-
-    if (key->level == 2) {
-        *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
-        XMEMCPY(out, key->p, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
-    }
-    else if (key->level == 3) {
-        *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
-        XMEMCPY(out, key->p, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
-    }
-    else if (key->level == 5) {
-        *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
-        XMEMCPY(out, key->p, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
-    }
-
-    return 0;
-}
-
-/* Import a dilithium public key from a byte array.
- * Public key encoded in big-endian.
- *
- * in      [in]  Array holding public key.
- * inLen   [in]  Number of bytes of data in array.
- * key     [in]  Dilithium public key.
- * returns BAD_FUNC_ARG when a parameter is NULL or key format is not supported,
- *         0 otherwise.
- */
-int wc_dilithium_import_public(const byte* in, word32 inLen,
-                               dilithium_key* key)
-{
-    /* sanity check on arguments */
-    if ((in == NULL) || (key == NULL)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level != 2) && (key->level != 3) && (key->level != 5)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level == 2) && (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-    else if ((key->level == 3) && (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-    else if ((key->level == 5) && (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-
-    XMEMCPY(key->p, in, inLen);
-    key->pubKeySet = 1;
-
-    return 0;
-}
-
-static int parse_private_key(const byte* priv, word32 privSz,
-                             byte** out, word32 *outSz,
-                             dilithium_key* key) {
-    word32 idx = 0;
-    int ret = 0;
-    int length = 0;
-
-    /* sanity check on arguments */
-    if ((priv == NULL) || (key == NULL)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level != 2) && (key->level != 3) && (key->level != 5)) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* At this point, it is still a PKCS8 private key. */
-    if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) {
-        return ret;
-    }
-
-    /* Now it is a octet_string(concat(priv,pub)) */
-    if ((ret = GetOctetString(priv, &idx, &length, privSz)) < 0) {
-        return ret;
-    }
-
-    *out = (byte *)priv + idx;
-    *outSz = privSz - idx;
-
-    /* And finally it is concat(priv,pub). Key size check. */
-    if ((key->level == 2) && (*outSz != DILITHIUM_LEVEL2_KEY_SIZE +
-                                        DILITHIUM_LEVEL2_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-    else if ((key->level == 3) && (*outSz != DILITHIUM_LEVEL3_KEY_SIZE +
-                                             DILITHIUM_LEVEL3_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-    else if ((key->level == 5) && (*outSz != DILITHIUM_LEVEL5_KEY_SIZE +
-                                             DILITHIUM_LEVEL5_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-
-    return 0;
-}
-
-/* Import a dilithium private key from a byte array.
- *
- * priv    [in]  Array holding private key.
- * privSz  [in]  Number of bytes of data in array.
- * key     [in]  Dilithium private key.
- * returns BAD_FUNC_ARG when a parameter is NULL or privSz is less than
- *         DILITHIUM_LEVEL2_KEY_SIZE,
- *         0 otherwise.
- */
-int wc_dilithium_import_private_only(const byte* priv, word32 privSz,
-                                     dilithium_key* key)
-{
-    int ret = 0;
-    byte *newPriv = NULL;
-    word32 newPrivSz = 0;
-
-    if ((ret = parse_private_key(priv, privSz, &newPriv, &newPrivSz, key))
-        != 0) {
-         return ret;
-    }
-
-    if (key->level == 2) {
-        XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL2_KEY_SIZE);
-    }
-    else if (key->level == 3) {
-        XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL3_KEY_SIZE);
-    }
-    else if (key->level == 5) {
-        XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL5_KEY_SIZE);
-    }
-    key->prvKeySet = 1;
-
-    return 0;
-}
-
-/* Import a dilithium private and public keys from byte array(s).
- *
- * priv    [in]  Array holding private key or private+public keys
- * privSz  [in]  Number of bytes of data in private key array.
- * pub     [in]  Array holding public key (or NULL).
- * pubSz   [in]  Number of bytes of data in public key array (or 0).
- * key     [in]  Dilithium private/public key.
- * returns BAD_FUNC_ARG when a required parameter is NULL or an invalid
- *         combination of keys/lengths is supplied, 0 otherwise.
- */
-int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
-                                    const byte* pub, word32 pubSz,
-                                    dilithium_key* key)
-{
-    int ret = 0;
-    byte *newPriv = NULL;
-    word32 newPrivSz = 0;
-
-    if ((ret = parse_private_key(priv, privSz, &newPriv, &newPrivSz, key))
-        != 0) {
-         return ret;
-    }
-
-    if (pub == NULL) {
-        if (pubSz != 0) {
-            return BAD_FUNC_ARG;
-        }
-
-        if ((newPrivSz != DILITHIUM_LEVEL2_PRV_KEY_SIZE) &&
-            (newPrivSz != DILITHIUM_LEVEL3_PRV_KEY_SIZE) &&
-            (newPrivSz != DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (key->level == 2) {
-            pub = newPriv + DILITHIUM_LEVEL2_KEY_SIZE;
-            pubSz = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
-        }
-        else if (key->level == 3) {
-            pub = newPriv + DILITHIUM_LEVEL3_KEY_SIZE;
-            pubSz = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
-        }
-        else if (key->level == 5) {
-            pub = newPriv + DILITHIUM_LEVEL5_KEY_SIZE;
-            pubSz = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
-        }
-    }
-    else if ((pubSz != DILITHIUM_LEVEL2_PUB_KEY_SIZE) &&
-             (pubSz != DILITHIUM_LEVEL3_PUB_KEY_SIZE) &&
-             (pubSz != DILITHIUM_LEVEL5_PUB_KEY_SIZE)) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* import public key */
-    ret = wc_dilithium_import_public(pub, pubSz, key);
-
-    if (ret == 0) {
-        /* make the private key (priv + pub) */
-        if (key->level == 2) {
-            XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL2_KEY_SIZE);
-        }
-        else if (key->level == 3) {
-            XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL3_KEY_SIZE);
-        }
-        else if (key->level == 5) {
-            XMEMCPY(key->k, newPriv, DILITHIUM_LEVEL5_KEY_SIZE);
-        }
-        key->prvKeySet = 1;
-    }
-
-    return ret;
-}
-
-/* Export the dilithium private key.
- *
- * key     [in]      Dilithium private key.
- * out     [in]      Array to hold private key.
- * outLen  [in/out]  On in, the number of bytes in array.
- *                   On out, the number bytes put into array.
- * returns BAD_FUNC_ARG when a parameter is NULL,
- *         BUFFER_E when outLen is less than DILITHIUM_LEVEL2_KEY_SIZE,
- *         0 otherwise.
- */
-int wc_dilithium_export_private_only(dilithium_key* key, byte* out,
-    word32* outLen)
-{
-    /* sanity checks on arguments */
-    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level != 2) && (key->level != 3) && (key->level != 5)) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* check and set up out length */
-    if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL2_KEY_SIZE;
-        return BUFFER_E;
-    }
-    else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL3_KEY_SIZE;
-        return BUFFER_E;
-    }
-    else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL5_KEY_SIZE;
-        return BUFFER_E;
-    }
-
-    if (key->level == 2) {
-        *outLen = DILITHIUM_LEVEL2_KEY_SIZE;
-    }
-    else if (key->level == 3) {
-        *outLen = DILITHIUM_LEVEL3_KEY_SIZE;
-    }
-    else if (key->level == 5) {
-        *outLen = DILITHIUM_LEVEL5_KEY_SIZE;
-    }
-
-    XMEMCPY(out, key->k, *outLen);
-
-    return 0;
-}
-
-/* Export the dilithium private and public key.
- *
- * key     [in]      Dilithium private/public key.
- * out     [in]      Array to hold private and public key.
- * outLen  [in/out]  On in, the number of bytes in array.
- *                   On out, the number bytes put into array.
- * returns BAD_FUNC_ARG when a parameter is NULL,
- *         BUFFER_E when outLen is less than DILITHIUM_LEVEL2_PRV_KEY_SIZE,
- *         0 otherwise.
- */
-int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen)
-{
-    /* sanity checks on arguments */
-    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level != 2) && (key->level != 3) && (key->level != 5)) {
-        return BAD_FUNC_ARG;
-    }
-
-    if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
-        return BUFFER_E;
-    }
-    else if ((key->level == 3) && (*outLen < DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
-        return BUFFER_E;
-    }
-    else if ((key->level == 5) && (*outLen < DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
-        *outLen = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
-        return BUFFER_E;
-    }
-
-
-    if (key->level == 2) {
-        *outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, DILITHIUM_LEVEL2_PRV_KEY_SIZE);
-        XMEMCPY(out + DILITHIUM_LEVEL2_PRV_KEY_SIZE, key->p,
-                DILITHIUM_LEVEL2_PUB_KEY_SIZE);
-    }
-    else if (key->level == 3) {
-        *outLen = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, DILITHIUM_LEVEL3_PRV_KEY_SIZE);
-        XMEMCPY(out + DILITHIUM_LEVEL3_PRV_KEY_SIZE, key->p,
-                DILITHIUM_LEVEL3_PUB_KEY_SIZE);
-    }
-    else if (key->level == 5) {
-        *outLen = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, DILITHIUM_LEVEL5_PRV_KEY_SIZE);
-        XMEMCPY(out + DILITHIUM_LEVEL5_PRV_KEY_SIZE, key->p,
-                DILITHIUM_LEVEL5_PUB_KEY_SIZE);
-    }
-
-    return 0;
-}
-
-/* Export the dilithium private and public key.
- *
- * key     [in]      Dilithium private/public key.
- * priv    [in]      Array to hold private key.
- * privSz  [in/out]  On in, the number of bytes in private key array.
- * pub     [in]      Array to hold  public key.
- * pubSz   [in/out]  On in, the number of bytes in public key array.
- *                   On out, the number bytes put into array.
- * returns BAD_FUNC_ARG when a parameter is NULL,
- *         BUFFER_E when privSz is less than DILITHIUM_LEVEL2_PRV_KEY_SIZE or pubSz is less
- *         than DILITHIUM_LEVEL2_PUB_KEY_SIZE,
- *         0 otherwise.
- */
-int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
-                            byte* pub, word32 *pubSz)
-{
-    int ret = 0;
-
-    /* export private part */
-    ret = wc_dilithium_export_private(key, priv, privSz);
-    if (ret == 0) {
-        /* export public part */
-        ret = wc_dilithium_export_public(key, pub, pubSz);
-    }
-
-    return ret;
-}
-
-/* Check the public key of the dilithium key matches the private key.
- *
- * key     [in]      Dilithium private/public key.
- * returns BAD_FUNC_ARG when key is NULL,
- *         PUBLIC_KEY_E when the public key is not set or doesn't match,
- *         other -ve value on hash failure,
- *         0 otherwise.
- */
-int wc_dilithium_check_key(dilithium_key* key)
-{
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* Assume everything is fine. */
-    return 0;
-}
-
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 /* Returns the size of a dilithium private key.
  *
- * key     [in]      Dilithium private/public key.
- * returns BAD_FUNC_ARG when key is NULL,
- *         DILITHIUM_LEVEL2_KEY_SIZE otherwise.
+ * @param [in] key  Dilithium private/public key.
+ * @return  Private key size on success for set level.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
  */
 int wc_dilithium_size(dilithium_key* key)
 {
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    if (key != NULL) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            ret = DILITHIUM_LEVEL2_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            ret = DILITHIUM_LEVEL3_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            ret = DILITHIUM_LEVEL5_KEY_SIZE;
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_KEY_SIZE;
+        }
     }
 
-    if (key->level == 2) {
-        return DILITHIUM_LEVEL2_KEY_SIZE;
-    }
-    else if (key->level == 3) {
-        return DILITHIUM_LEVEL3_KEY_SIZE;
-    }
-    else if (key->level == 5) {
-        return DILITHIUM_LEVEL5_KEY_SIZE;
+    return ret;
+}
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+/* Returns the size of a dilithium private plus public key.
+ *
+ * @param [in] key  Dilithium private/public key.
+ * @return  Private key size on success for set level.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
+ */
+int wc_dilithium_priv_size(dilithium_key* key)
+{
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    if (key != NULL) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
+        }
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_PRV_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_PRV_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_PRV_KEY_SIZE;
+        }
     }
 
-    return BAD_FUNC_ARG;
+    return ret;
 }
 
 /* Returns the size of a dilithium private plus public key.
  *
- * key     [in]      Dilithium private/public key.
- * returns BAD_FUNC_ARG when key is NULL,
- *         DILITHIUM_LEVEL2_PRV_KEY_SIZE otherwise.
+ * @param [in]  key  Dilithium private/public key.
+ * @param [out] len  Private key size for set level.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
  */
-int wc_dilithium_priv_size(dilithium_key* key)
+int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len)
 {
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
+    int ret = 0;
+
+    *len = wc_dilithium_priv_size(key);
+    if (*len < 0) {
+        ret = *len;
     }
 
-    if (key->level == 2) {
-        return DILITHIUM_LEVEL2_PRV_KEY_SIZE;
-    }
-    else if (key->level == 3) {
-        return DILITHIUM_LEVEL3_PRV_KEY_SIZE;
-    }
-    else if (key->level == 5) {
-        return DILITHIUM_LEVEL5_PRV_KEY_SIZE;
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+/* Returns the size of a dilithium public key.
+ *
+ * @param [in] key  Dilithium private/public key.
+ * @return  Public key size on success for set level.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
+ */
+int wc_dilithium_pub_size(dilithium_key* key)
+{
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    if (key != NULL) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
     }
 
-    return BAD_FUNC_ARG;
+    return ret;
 }
 
 /* Returns the size of a dilithium public key.
  *
- * key     [in]      Dilithium private/public key.
- * returns BAD_FUNC_ARG when key is NULL,
- *         DILITHIUM_LEVEL2_PUB_KEY_SIZE otherwise.
+ * @param [in]  key  Dilithium private/public key.
+ * @param [out] len  Public key size for set level.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
  */
-int wc_dilithium_pub_size(dilithium_key* key)
-{
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (key->level == 2) {
-        return DILITHIUM_LEVEL2_PUB_KEY_SIZE;
-    }
-    else if (key->level == 3) {
-        return DILITHIUM_LEVEL3_PUB_KEY_SIZE;
-    }
-    else if (key->level == 5) {
-        return DILITHIUM_LEVEL5_PUB_KEY_SIZE;
-    }
-
-    return BAD_FUNC_ARG;
-}
-
-/* Returns the size of a dilithium signature.
- *
- * key     [in]      Dilithium private/public key.
- * returns BAD_FUNC_ARG when key is NULL,
- *         DILITHIUM_LEVEL2_SIG_SIZE otherwise.
- */
-int wc_dilithium_sig_size(dilithium_key* key)
-{
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (key->level == 2) {
-        return DILITHIUM_LEVEL2_SIG_SIZE;
-    }
-    else if (key->level == 3) {
-        return DILITHIUM_LEVEL3_SIG_SIZE;
-    }
-    else if (key->level == 5) {
-        return DILITHIUM_LEVEL5_SIG_SIZE;
-    }
-
-    return BAD_FUNC_ARG;
-}
-
-int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                  dilithium_key* key, word32 inSz)
+int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len)
 {
     int ret = 0;
-    byte privKey[DILITHIUM_MAX_KEY_SIZE], pubKey[DILITHIUM_MAX_PUB_KEY_SIZE];
-    word32 privKeyLen = (word32)sizeof(privKey);
-    word32 pubKeyLen = (word32)sizeof(pubKey);
-    int keytype = 0;
 
-    if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (key->level == 2) {
-        keytype = DILITHIUM_LEVEL2k;
-    }
-    else if (key->level == 3) {
-        keytype = DILITHIUM_LEVEL3k;
-    }
-    else if (key->level == 5) {
-        keytype = DILITHIUM_LEVEL5k;
-    }
-    else {
-        return BAD_FUNC_ARG;
-    }
-
-    ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
-                        pubKey, &pubKeyLen, keytype);
-    if (ret == 0) {
-        if (pubKeyLen == 0) {
-            ret = wc_dilithium_import_private_only(input, inSz, key);
-        }
-        else {
-            ret = wc_dilithium_import_private_key(privKey, privKeyLen,
-                                               pubKey, pubKeyLen, key);
-        }
-    }
-    return ret;
-}
-
-int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
-                                 dilithium_key* key, word32 inSz)
-{
-    int ret = 0;
-    byte pubKey[DILITHIUM_MAX_PUB_KEY_SIZE];
-    word32 pubKeyLen = (word32)sizeof(pubKey);
-    int keytype = 0;
-
-    if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (key->level == 2) {
-        keytype = DILITHIUM_LEVEL2k;
-    }
-    else if (key->level == 3) {
-        keytype = DILITHIUM_LEVEL3k;
-    }
-    else if (key->level == 5) {
-        keytype = DILITHIUM_LEVEL5k;
-    }
-    else {
-        return BAD_FUNC_ARG;
-    }
-
-    ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, pubKey, &pubKeyLen,
-                              keytype);
-    if (ret == 0) {
-        ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
-    }
-    return ret;
-}
-
-#ifdef WC_ENABLE_ASYM_KEY_EXPORT
-/* Encode the public part of an Dilithium key in DER.
- *
- * Pass NULL for output to get the size of the encoding.
- *
- * @param [in]  key       Dilithium key object.
- * @param [out] output    Buffer to put encoded data in.
- * @param [in]  outLen    Size of buffer in bytes.
- * @param [in]  withAlg   Whether to use SubjectPublicKeyInfo format.
- * @return  Size of encoded data in bytes on success.
- * @return  BAD_FUNC_ARG when key is NULL.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 inLen,
-                                int withAlg)
-{
-    int    ret;
-    byte   pubKey[DILITHIUM_MAX_PUB_KEY_SIZE];
-    word32 pubKeyLen = (word32)sizeof(pubKey);
-    int    keytype = 0;
-
-    if (key == NULL || output == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (key->level == 2) {
-        keytype = DILITHIUM_LEVEL2k;
-    }
-    else if (key->level == 3) {
-        keytype = DILITHIUM_LEVEL3k;
-    }
-    else if (key->level == 5) {
-        keytype = DILITHIUM_LEVEL5k;
-    }
-    else {
-        return BAD_FUNC_ARG;
-    }
-
-    ret = wc_dilithium_export_public(key, pubKey, &pubKeyLen);
-    if (ret == 0) {
-        ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen, keytype,
-                                  withAlg);
+    *len = wc_dilithium_pub_size(key);
+    if (*len < 0) {
+        ret = *len;
     }
 
     return ret;
 }
 #endif
 
-int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 inLen)
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+/* Returns the size of a dilithium signature.
+ *
+ * @param [in] key  Dilithium private/public key.
+ * @return  Signature size on success for set level.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
+ */
+int wc_dilithium_sig_size(dilithium_key* key)
 {
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    if (key != NULL) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            ret = DILITHIUM_LEVEL2_SIG_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            ret = DILITHIUM_LEVEL3_SIG_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            ret = DILITHIUM_LEVEL5_SIG_SIZE;
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_SIG_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_SIG_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_SIG_SIZE;
+        }
     }
 
-    if (key->level == 2) {
-        return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
-                             DILITHIUM_LEVEL2_KEY_SIZE, output, inLen,
-                             DILITHIUM_LEVEL2k);
-    }
-    else if (key->level == 3) {
-        return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
-                             DILITHIUM_LEVEL3_KEY_SIZE, output, inLen,
-                             DILITHIUM_LEVEL3k);
-    }
-    else if (key->level == 5) {
-        return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
-                             DILITHIUM_LEVEL5_KEY_SIZE, output, inLen,
-                             DILITHIUM_LEVEL5k);
-    }
-
-    return BAD_FUNC_ARG;
+    return ret;
 }
 
-int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 inLen)
+/* Returns the size of a dilithium signature.
+ *
+ * @param [in]  key  Dilithium private/public key.
+ * @param [out] len  Signature size for set level.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or level not set,
+ */
+int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len)
 {
-    if (key == NULL) {
-        return BAD_FUNC_ARG;
+    int ret = 0;
+
+    *len = wc_dilithium_sig_size(key);
+    if (*len < 0) {
+        ret = *len;
     }
 
-    if (key->level == 2) {
-        return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output,
-                             inLen, DILITHIUM_LEVEL2k);
-    }
-    else if (key->level == 3) {
-        return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output,
-                             inLen, DILITHIUM_LEVEL3k);
-    }
-    else if (key->level == 5) {
-        return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output,
-                             inLen, DILITHIUM_LEVEL5k);
-    }
-
-    return BAD_FUNC_ARG;
+    return ret;
 }
-#endif /* HAVE_PQC && HAVE_DILITHIUM */
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
+/* Check the public key of the dilithium key matches the private key.
+ *
+ * @param [in] key  Dilithium private/public key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or no private key available,
+ * @return  PUBLIC_KEY_E when the public key is not set or doesn't match,
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+int wc_dilithium_check_key(dilithium_key* key)
+{
+    int ret = 0;
+#ifdef WOLFSSL_WC_DILITHIUM
+    const wc_dilithium_params* params;
+    sword32* a  = NULL;
+    sword32* s1 = NULL;
+    sword32* s2 = NULL;
+    sword32* t  = NULL;
+    sword32* t0 = NULL;
+    sword32* t1 = NULL;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (!key->prvKeySet)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (!key->pubKeySet)) {
+        ret = PUBLIC_KEY_E;
+    }
+
+    /* Any value in public key are valid.
+     * Public seed is hashed to generate matrix A.
+     * t1 is the top 10 bits of a number in range of 0..(Q-1).
+     * Q >> 13 = 0x3ff so all encoded values are valid.
+     */
+
+    if (ret == 0) {
+        params = key->params;
+        unsigned int allocSz;
+
+        /* s1-L, s2-K, t0-K, t-K, t1-K */
+        allocSz = params->s1Sz + 4 * params->s2Sz;
+#if !defined(WC_DILITHIUM_CACHE_MATRIX_A)
+        /* A-KxL */
+        allocSz += params->aSz;
+#endif
+
+        /* Allocate memory for large intermediates. */
+        s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(s1, 0, allocSz);
+            s2 = s1 + params->s1Sz / sizeof(*s1);
+            t0 = s2 + params->s2Sz / sizeof(*s2);
+            t  = t0 + params->s2Sz / sizeof(*t0);
+            t1 = t  + params->s2Sz / sizeof(*t);
+#if !defined(WC_DILITHIUM_CACHE_MATRIX_A)
+            a  = t1 + params->s2Sz / sizeof(*t1);
+#else
+            a = key->a;
+#endif
+        }
+    }
+
+    if (ret == 0) {
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+        /* Check that we haven't already cached the matrix A. */
+        if (!key->aSet)
+#endif
+        {
+            const byte* pub_seed = key->p;
+
+            ret = dilithium_expand_a(&key->shake, pub_seed, params->k,
+                params->l, a, key->heap);
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+            key->aSet = (ret == 0);
+#endif
+        }
+    }
+    if (ret == 0) {
+        const byte* s1p = key->k + DILITHIUM_PUB_SEED_SZ + DILITHIUM_K_SZ +
+                                   DILITHIUM_TR_SZ;
+        const byte* s2p = s1p + params->s1EncSz;
+        const byte* t0p = s2p + params->s2EncSz;
+        const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ;
+        sword32* tt = t;
+        unsigned int i;
+        unsigned int j;
+        sword32 x = 0;
+
+        /* Get s1, s2 and t0 from private key. */
+        dilithium_vec_decode_eta_bits(s1p, params->eta, s1, params->l);
+        dilithium_vec_decode_eta_bits(s2p, params->eta, s2, params->k);
+        dilithium_vec_decode_t0(t0p, params->k, t0);
+
+        /* Get t1 from public key. */
+        dilithium_vec_decode_t1(t1p, params->k, t1);
+
+        /* Calcaluate t = NTT-1(A o NTT(s1)) + s2 */
+        dilithium_vec_ntt_small(s1, params->l);
+        dilithium_matrix_mul(t, a, s1, params->k, params->l);
+        dilithium_vec_invntt(t, params->k);
+        dilithium_vec_add(t, s2, params->k);
+        /* Subtract t0 from t. */
+        dilithium_vec_sub(t, t0, params->k);
+        /* Make t positive to match t1. */
+        dilithium_vec_make_pos(t, params->k);
+
+        /* Check t - t0 and t1 are the same. */
+        for (i = 0; i < params->k; i++) {
+            for (j = 0; j < DILITHIUM_N; j++) {
+                x |= tt[j] ^ t1[j];
+            }
+            tt += DILITHIUM_N;
+            t1 += DILITHIUM_N;
+        }
+        /* Check the public seed is the same in private and public key. */
+        for (i = 0; i < DILITHIUM_PUB_SEED_SZ; i++) {
+            x |= key->p[i] ^ key->k[i];
+        }
+
+        if ((ret == 0) && (x != 0)) {
+            ret = PUBLIC_KEY_E;
+        }
+    }
+
+    if (key != NULL) {
+        /* Dispose of allocated memory. */
+        XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    }
+#else
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (!key->prvKeySet)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (!key->pubKeySet)) {
+        ret = PUBLIC_KEY_E;
+    }
+
+    if (ret == 0) {
+        int i;
+        sword32 x = 0;
+
+        /* Check the public seed is the same in private and public key. */
+        for (i = 0; i < 32; i++) {
+            x |= key->p[i] ^ key->k[i];
+        }
+
+        if (x != 0) {
+            ret = PUBLIC_KEY_E;
+        }
+    }
+#endif /* WOLFSSL_WC_DILITHIUM */
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_CHECK_KEY */
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+
+/* Export the dilithium public key.
+ *
+ * @param [in]      key     Dilithium public key.
+ * @param [out]     out     Array to hold public key.
+ * @param [in, out] outLen  On in, the number of bytes in array.
+ *                          On out, the number bytes put into array.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BUFFER_E when outLen is less than DILITHIUM_LEVEL2_PUB_KEY_SIZE.
+ */
+int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
+{
+    int ret = 0;
+    word32 inLen;
+
+    /* Validate parameters */
+    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Get length passed in for checking. */
+        inLen = *outLen;
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            /* Set out length. */
+            *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < DILITHIUM_LEVEL2_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            /* Set out length. */
+            *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < DILITHIUM_LEVEL3_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            /* Set out length. */
+            *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < DILITHIUM_LEVEL5_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL2_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL3_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL5_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else {
+            /* Level not set. */
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    /* Check public key available. */
+    if ((ret == 0) && (!key->pubKeySet)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Copy public key out. */
+        XMEMCPY(out, key->p, *outLen);
+    }
+
+    return ret;
+}
+
+/* Import a dilithium public key from a byte array.
+ *
+ * Public key encoded in big-endian.
+ *
+ * @param [in]      in     Array holding public key.
+ * @param [in]      inLen  Number of bytes of data in array.
+ * @param [in, out] key    Dilithium public key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when in or key is NULL or key format is not supported.
+ */
+int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((in == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            /* Check length. */
+            if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            /* Check length. */
+            if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            /* Check length. */
+            if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL2_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL3_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL5_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else {
+            /* Level not set. */
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    if (ret == 0) {
+        /* Copy the private key data in or copy pointer. */
+    #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
+        XMEMCPY(key->p, in, inLen);
+    #else
+        key->p = in;
+    #endif
+
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    #ifndef WC_DILITHIUM_FIXED_ARRAY
+        /* Allocate t1 if required. */
+        if (key->t1 == NULL) {
+            key->t1 = (sword32*)XMALLOC(key->params->s2Sz, key->heap,
+                DYNAMIC_TYPE_DILITHIUM);
+            if (key->t1 == NULL) {
+                ret = MEMORY_E;
+            }
+            else {
+                XMEMSET(key->t1, 0, key->params->s2Sz);
+            }
+        }
+    #endif
+    }
+    if (ret == 0) {
+        /* Compute t1 from public key data. */
+        dilithium_make_pub_vec(key, key->t1);
+#endif
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+    #ifndef WC_DILITHIUM_FIXED_ARRAY
+        /* Allocate matrix a if required. */
+        if (key->a == NULL) {
+            key->a = (sword32*)XMALLOC(key->params->aSz, key->heap,
+                DYNAMIC_TYPE_DILITHIUM);
+            if (key->a == NULL) {
+                ret = MEMORY_E;
+            }
+            else {
+                XMEMSET(key->a, 0, key->params->aSz);
+            }
+        }
+    #endif
+    }
+    if (ret == 0) {
+        /* Compute matrix a from public key data. */
+        ret = dilithium_expand_a(&key->shake, key->p, key->params->k,
+            key->params->l, key->a, key->heap);
+        if (ret == 0) {
+            key->aSet = 1;
+        }
+    }
+    if (ret == 0) {
+#endif
+        /* Public key is set. */
+        key->pubKeySet = 1;
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+
+/* Set the private key data into key.
+ *
+ * @param [in]     priv    Private key data.
+ * @param [in]     privSz  Size of private key data in bytes.
+ * @param in, out] key     Dilithium key to set into.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when private key size is invalid.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * @return  Other negative on hash error.
+ */
+static int dilithium_set_priv_key(const byte* priv, word32 privSz,
+    dilithium_key* key)
+{
+    int ret = 0;
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+    const wc_dilithium_params* params = key->params;
+#endif
+
+    /* Validate parameters. */
+    if ((privSz != ML_DSA_LEVEL2_KEY_SIZE) &&
+            (privSz != ML_DSA_LEVEL3_KEY_SIZE) &&
+            (privSz != ML_DSA_LEVEL5_KEY_SIZE)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Copy the private key data in or copy pointer. */
+    #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
+        XMEMCPY(key->k, priv, privSz);
+    #else
+        key->k = priv;
+    #endif
+    }
+
+        /* Allocate and create cached values. */
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if (ret == 0) {
+        /* Allocate matrix a if required. */
+        if (key->a == NULL) {
+            key->a = (sword32*)XMALLOC(params->aSz, key->heap,
+                DYNAMIC_TYPE_DILITHIUM);
+            if (key->a == NULL) {
+                ret = MEMORY_E;
+            }
+            else {
+                XMEMSET(key->a, 0, params->aSz);
+            }
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Compute matrix a from private key data. */
+        ret = dilithium_expand_a(&key->shake, key->k, params->k, params->l,
+            key->a, key->heap);
+        if (ret == 0) {
+            key->aSet = 1;
+        }
+    }
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+    if ((ret == 0) && (key->s1 == NULL)) {
+        /* Allocate L vector s1, K vector s2 and K vector t0 if required. */
+        key->s1 = (sword32*)XMALLOC(params->s1Sz + params->s2Sz + params->s2Sz,
+            key->heap, DYNAMIC_TYPE_DILITHIUM);
+        if (key->s1 == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(key->s1, 0, params->s1Sz + params->s2Sz + params->s2Sz);
+        }
+        if (ret == 0) {
+            /* Set pointers into allocated memory. */
+            key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1);
+            key->t0 = key->s2 + params->s2Sz / sizeof(*key->s2);
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Compute vectors from private key. */
+        dilithium_make_priv_vecs(key, key->s1, key->s2, key->t0);
+    }
+#endif
+    if (ret == 0) {
+        /* Private key is set. */
+        key->prvKeySet = 1;
+    }
+
+    return ret;
+}
+
+/* Import a dilithium private key from a byte array.
+ *
+ * @param [in]      priv    Array holding private key.
+ * @param [in]      privSz  Number of bytes of data in array.
+ * @param [in, out] key     Dilithium private key.
+ * @return  0 otherwise.
+ * @return  BAD_FUNC_ARG when a parameter is NULL or privSz is less than size
+ *          required for level,
+ */
+int wc_dilithium_import_private(const byte* priv, word32 privSz,
+    dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (key->level != WC_ML_DSA_44) &&
+            (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Set the private key data. */
+        ret = dilithium_set_priv_key(priv, privSz, key);
+    }
+
+    return ret;
+}
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+/* Import a dilithium private and public keys from byte array(s).
+ *
+ * @param [in] priv    Array holding private key or private+public keys
+ * @param [in] privSz  Number of bytes of data in private key array.
+ * @param [in] pub     Array holding public key (or NULL).
+ * @param [in] pubSz   Number of bytes of data in public key array (or 0).
+ * @param [in] key     Dilithium private/public key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a required parameter is NULL an invalid
+ *          combination of keys/lengths is supplied.
+ */
+int wc_dilithium_import_key(const byte* priv, word32 privSz,
+    const byte* pub, word32 pubSz, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((priv == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((pub == NULL) && (pubSz != 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (key->level != WC_ML_DSA_44) &&
+            (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && (pub != NULL)) {
+        /* Import public key. */
+        ret = wc_dilithium_import_public(pub, pubSz, key);
+    }
+    if (ret == 0) {
+        ret = dilithium_set_priv_key(priv, privSz, key);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+
+/* Export the dilithium private key.
+ *
+ * @param [in]      key     Dilithium private key.
+ * @param [out]     out     Array to hold private key.
+ * @param [in, out] outLen  On in, the number of bytes in array.
+ *                          On out, the number bytes put into array.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BUFFER_E when outLen is less than DILITHIUM_LEVEL2_KEY_SIZE.
+ */
+int wc_dilithium_export_private(dilithium_key* key, byte* out,
+    word32* outLen)
+{
+    int ret = 0;
+    word32 inLen;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Check private key available. */
+    if ((ret == 0) && (!key->prvKeySet)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        inLen = *outLen;
+        /* check and set up out length */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            *outLen = DILITHIUM_LEVEL2_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            *outLen = DILITHIUM_LEVEL3_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            *outLen = DILITHIUM_LEVEL5_KEY_SIZE;
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            *outLen = ML_DSA_LEVEL2_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            *outLen = ML_DSA_LEVEL3_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            *outLen = ML_DSA_LEVEL5_KEY_SIZE;
+        }
+        else {
+            /* Level not set. */
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    /* Check array length. */
+    if ((ret == 0) && (inLen < *outLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Copy private key out key. */
+        XMEMCPY(out, key->k, *outLen);
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+/* Export the dilithium private and public key.
+ *
+ * @param [in]      key     Dilithium private/public key.
+ * @param [out]     priv    Array to hold private key.
+ * @param [in, out] privSz  On in, the number of bytes in private key array.
+ *                          On out, the number bytes put into private key.
+ * @param [out]     pub     Array to hold  public key.
+ * @param [in, out] pubSz   On in, the number of bytes in public key array.
+ *                          On out, the number bytes put into public key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a key, priv, privSz, pub or pubSz is NULL.
+ * @return  BUFFER_E when privSz or pubSz is less than required size.
+ */
+int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
+    byte* pub, word32 *pubSz)
+{
+    int ret;
+
+    /* Export private key only. */
+    ret = wc_dilithium_export_private(key, priv, privSz);
+    if (ret == 0) {
+        /* Export public key. */
+        ret = wc_dilithium_export_public(key, pub, pubSz);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
+/* Maps ASN.1 OID to wolfCrypt security level macros */
+static int mapOidToSecLevel(word32 oid)
+{
+    switch (oid) {
+        case ML_DSA_LEVEL2k:
+            return WC_ML_DSA_44;
+        case ML_DSA_LEVEL3k:
+            return WC_ML_DSA_65;
+        case ML_DSA_LEVEL5k:
+            return WC_ML_DSA_87;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2k:
+            return WC_ML_DSA_44_DRAFT;
+        case DILITHIUM_LEVEL3k:
+            return WC_ML_DSA_65_DRAFT;
+        case DILITHIUM_LEVEL5k:
+            return WC_ML_DSA_87_DRAFT;
+#endif
+        default:
+            return ASN_UNKNOWN_OID_E;
+    }
+}
+
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
+
+/* Decode the DER encoded Dilithium key.
+ *
+ * @param [in]      input     Array holding DER encoded data.
+ * @param [in, out] inOutIdx  On in, index into array of start of DER encoding.
+ *                            On out, index into array after DER encoding.
+ * @param [in, out] key       Dilithium key structure to hold the decoded key.
+ *                            If the security level is set in the key structure
+ *                            on input, the DER key will be decoded as such and
+ *                            will fail if there is a mismatch. If the level
+ *                            and parameters are not set in the key structure on
+ *                            input, the level will be detected from the DER
+ *                            file based on the algorithm OID, appropriately
+ *                            decoded, then updated in the key structure on
+ *                            output. Auto-detection of the security level is
+ *                            not supported if compiled for FIPS 204 draft mode.
+ * @param [in]      inSz      Total size of the input DER buffer array.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
+ * @return  Other negative on parse error.
+ */
+int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
+    dilithium_key* key, word32 inSz)
+{
+    int ret = 0;
+    const byte* privKey = NULL;
+    const byte* pubKey = NULL;
+    word32 privKeyLen = 0;
+    word32 pubKeyLen = 0;
+    int keytype = 0;
+
+    /* Validate parameters. */
+    if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Get OID sum for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            keytype = DILITHIUM_LEVEL2k;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            keytype = DILITHIUM_LEVEL3k;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            keytype = DILITHIUM_LEVEL5k;
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            keytype = ML_DSA_LEVEL2k;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            keytype = ML_DSA_LEVEL3k;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            keytype = ML_DSA_LEVEL5k;
+        }
+        else {
+            /* Level not set by caller, decode from DER */
+            keytype = ANONk; /* 0, not a valid key type in this situation*/
+        }
+    }
+
+    if (ret == 0) {
+        /* Decode the asymmetric key and get out private and public key data. */
+        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz,
+                                   &privKey, &privKeyLen,
+                                   &pubKey, &pubKeyLen, &keytype);
+        if (ret == 0
+#ifdef WOLFSSL_WC_DILITHIUM
+            && key->params == NULL
+#endif
+        ) {
+            /* Set the security level based on the decoded key. */
+            ret = mapOidToSecLevel(keytype);
+            if (ret > 0) {
+                ret = wc_dilithium_set_level(key, ret);
+            }
+        }
+    }
+    if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) {
+        /* Check if the public key is included in the private key. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if ((key->params->level == WC_ML_DSA_44_DRAFT) &&
+            (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
+            pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE;
+            pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+            privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if ((key->params->level == WC_ML_DSA_65_DRAFT) &&
+                 (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
+            pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE;
+            pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+            privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if ((key->params->level == WC_ML_DSA_87_DRAFT) &&
+                 (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
+            pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE;
+            pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+            privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+        }
+        else
+    #endif
+        if ((key->level == WC_ML_DSA_44) &&
+            (privKeyLen == ML_DSA_LEVEL2_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL2_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if ((key->level == WC_ML_DSA_65) &&
+                 (privKeyLen == ML_DSA_LEVEL3_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL3_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if ((key->level == WC_ML_DSA_87) &&
+                 (privKeyLen == ML_DSA_LEVEL5_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL5_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
+    }
+
+    if (ret == 0) {
+        /* Check whether public key data was found. */
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+        if (pubKeyLen == 0)
+#endif
+        {
+            /* No public key data, only import private key data. */
+            ret = wc_dilithium_import_private(privKey, privKeyLen, key);
+        }
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+        else {
+            /* Import private and public key data. */
+            ret = wc_dilithium_import_key(privKey, privKeyLen, pubKey,
+                pubKeyLen, key);
+        }
+#endif
+    }
+
+    (void)pubKey;
+    (void)pubKeyLen;
+
+    return ret;
+}
+
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+
+#if defined(WOLFSSL_DILITHIUM_NO_ASN1)
+#ifndef WOLFSSL_NO_ML_DSA_44
+static unsigned char ml_dsa_oid_44[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+static unsigned char dilithium_oid_44[] = {
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x04, 0x04
+};
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+static unsigned char ml_dsa_oid_65[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+static unsigned char dilithium_oid_65[] = {
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x06, 0x05
+};
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+static unsigned char ml_dsa_oid_87[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+static unsigned char dilithium_oid_87[] = {
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x08, 0x07
+};
+#endif
+#endif
+
+static int dilitihium_get_der_length(const byte* input, word32* inOutIdx,
+    int *length, word32 inSz)
+{
+    int ret = 0;
+    word32 idx = *inOutIdx;
+    word32 len = 0;
+
+    if (idx >= inSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if (input[idx] < 0x80) {
+        len = input[idx];
+        idx++;
+    }
+    else if ((input[idx] == 0x80) || (input[idx] >= 0x83)) {
+        ret = ASN_PARSE_E;
+    }
+    else if (input[idx] == 0x81) {
+        if (idx + 1 >= inSz) {
+            ret = ASN_PARSE_E;
+        }
+        else if (input[idx + 1] < 0x80) {
+            ret = ASN_PARSE_E;
+        }
+        else {
+            len = input[idx + 1];
+            idx += 2;
+        }
+    }
+    else if (input[idx] == 0x82) {
+        if (idx + 2 >= inSz) {
+            ret = ASN_PARSE_E;
+        }
+        else {
+            len = ((word16)input[idx + 1] << 8) + input[idx + 2];
+            idx += 3;
+            if (len < 0x100) {
+                ret = ASN_PARSE_E;
+            }
+        }
+    }
+
+    if ((ret == 0) && ((idx + len) > inSz)) {
+        ret = ASN_PARSE_E;
+    }
+
+    *length = (int)len;
+    *inOutIdx = idx;
+    return ret;
+}
+
+static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type,
+    word32 inSz)
+{
+    int ret = 0;
+    word32 idx = *inOutIdx;
+
+    if (idx >= inSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if (input[idx] != type){
+        ret = ASN_PARSE_E;
+    }
+    else {
+        idx++;
+    }
+
+    *inOutIdx = idx;
+    return ret;
+}
+
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
+/* Decode the DER encoded Dilithium public key.
+ *
+ * @param [in]      input     Array holding DER encoded data.
+ * @param [in, out] inOutIdx  On in, index into array of start of DER encoding.
+ *                            On out, index into array after DER encoding.
+ * @param [in, out] key       Dilithium key structure to hold the decoded key.
+ *                            If the security level is set in the key structure
+ *                            on input, the DER key will be decoded as such
+ *                            and will fail if there is a mismatch. If the level
+ *                            and parameters are not set in the key structure on
+ *                            input, the level will be detected from the DER
+ *                            file based on the algorithm OID, appropriately
+ *                            decoded, then updated in the key structure on
+ *                            output. Auto-detection of the security level is
+ *                            not supported if compiled for FIPS 204
+ *                            draft mode.
+ * @param [in]      inSz      Total size of data in array.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
+ * @return  BAD_FUNC_ARG when level not set.
+ * @return  Other negative on parse error.
+ */
+int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
+    dilithium_key* key, word32 inSz)
+{
+    int ret = 0;
+    const byte* pubKey;
+    word32 pubKeyLen = 0;
+
+    /* Validate parameters. */
+    if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Try to import the key directly. */
+        ret = wc_dilithium_import_public(input, inSz, key);
+        if (ret != 0) {
+        #if !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+            int keytype = 0;
+        #else
+            int length;
+            unsigned char* oid;
+            int oidLen;
+            word32 idx = 0;
+        #endif
+
+            /* Start again. */
+            ret = 0;
+
+    #if !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+            /* Get OID sum for level. */
+        #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+            if (key->params == NULL) {
+                ret = BAD_FUNC_ARG;
+            }
+            else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+                keytype = DILITHIUM_LEVEL2k;
+            }
+            else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+                keytype = DILITHIUM_LEVEL3k;
+            }
+            else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+                keytype = DILITHIUM_LEVEL5k;
+            }
+            else
+        #endif
+            if (key->level == WC_ML_DSA_44) {
+                keytype = ML_DSA_LEVEL2k;
+            }
+            else if (key->level == WC_ML_DSA_65) {
+                keytype = ML_DSA_LEVEL3k;
+            }
+            else if (key->level == WC_ML_DSA_87) {
+                keytype = ML_DSA_LEVEL5k;
+            }
+            else {
+                /* Level not set by caller, decode from DER */
+                keytype = ANONk; /* 0, not a valid key type in this situation*/
+            }
+            if (ret == 0) {
+                /* Decode the asymmetric key and get out public key data. */
+                ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz,
+                                                 &pubKey, &pubKeyLen,
+                                                 &keytype);
+                if (ret == 0
+#ifdef WOLFSSL_WC_DILITHIUM
+                    && key->params == NULL
+#endif
+                ) {
+                    /* Set the security level based on the decoded key. */
+                    ret = mapOidToSecLevel(keytype);
+                    if (ret > 0) {
+                        ret = wc_dilithium_set_level(key, ret);
+                    }
+                }
+            }
+    #else
+            /* Get OID sum for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+            if (key->params == NULL) {
+                ret = BAD_FUNC_ARG;
+            }
+            else
+        #ifndef WOLFSSL_NO_ML_DSA_44
+            if (key->params->level == WC_ML_DSA_44_DRAFT) {
+                oid = dilithium_oid_44;
+                oidLen = (int)sizeof(dilithium_oid_44);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_65
+            if (key->params->level == WC_ML_DSA_65_DRAFT) {
+                oid = dilithium_oid_65;
+                oidLen = (int)sizeof(dilithium_oid_65);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_87
+            if (key->params->level == WC_ML_DSA_87_DRAFT) {
+                oid = dilithium_oid_87;
+                oidLen = (int)sizeof(dilithium_oid_87);
+            }
+            else
+        #endif
+    #endif
+        #ifndef WOLFSSL_NO_ML_DSA_44
+            if (key->level == WC_ML_DSA_44) {
+                oid = ml_dsa_oid_44;
+                oidLen = (int)sizeof(ml_dsa_oid_44);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_65
+            if (key->level == WC_ML_DSA_65) {
+                oid = ml_dsa_oid_65;
+                oidLen = (int)sizeof(ml_dsa_oid_65);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_87
+            if (key->level == WC_ML_DSA_87) {
+                oid = ml_dsa_oid_87;
+                oidLen = (int)sizeof(ml_dsa_oid_87);
+            }
+            else
+        #endif
+            {
+                /* Level not set. */
+                ret = BAD_FUNC_ARG;
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x30, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x30, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x06, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                if ((length != oidLen) ||
+                        (XMEMCMP(input + idx, oid, oidLen) != 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                idx += oidLen;
+            }
+            if (ret == 0) {
+                ret = dilithium_check_type(input, &idx, 0x03, inSz);
+            }
+            if (ret == 0) {
+                ret = dilitihium_get_der_length(input, &idx, &length, inSz);
+            }
+            if (ret == 0) {
+                if ((input[idx] != 0) || (length == 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                idx++;
+                length--;
+            }
+            if (ret == 0) {
+                /* This is the raw point data compressed or uncompressed. */
+                pubKeyLen = (word32)length;
+                pubKey = input + idx;
+            }
+    #endif
+            if (ret == 0) {
+                /* Import public key data. */
+                ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
+            }
+        }
+    }
+    return ret;
+}
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
+#ifdef WC_ENABLE_ASYM_KEY_EXPORT
+/* Encode the public part of a Dilithium key in DER.
+ *
+ * Pass NULL for output to get the size of the encoding.
+ *
+ * @param [in]  key      Dilithium key object.
+ * @param [out] output   Buffer to put encoded data in.
+ * @param [in]  len      Size of buffer in bytes.
+ * @param [in]  withAlg  Whether to use SubjectPublicKeyInfo format.
+ * @return  Size of encoded data in bytes on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
+    int withAlg)
+{
+    int ret = 0;
+    int keytype = 0;
+    int pubKeyLen = 0;
+
+    /* Validate parameters. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check we have a public key to encode. */
+    if ((ret == 0) && (!key->pubKeySet)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Get OID and length for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            keytype = DILITHIUM_LEVEL2k;
+            pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            keytype = DILITHIUM_LEVEL3k;
+            pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            keytype = DILITHIUM_LEVEL5k;
+            pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            keytype = ML_DSA_LEVEL2k;
+            pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            keytype = ML_DSA_LEVEL3k;
+            pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            keytype = ML_DSA_LEVEL5k;
+            pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
+        else {
+            /* Level not set. */
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    if (ret == 0) {
+        ret = SetAsymKeyDerPublic(key->p, pubKeyLen, output, len, keytype,
+            withAlg);
+    }
+
+    return ret;
+}
+#endif /* WC_ENABLE_ASYM_KEY_EXPORT */
+
+#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 */
+
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+/* Encode the private and public data of a Dilithium key in DER.
+ *
+ * Pass NULL for output to get the size of the encoding.
+ *
+ * @param [in]  key     Dilithium key object.
+ * @param [out] output  Buffer to put encoded data in.
+ * @param [in]  len     Size of buffer in bytes.
+ * @return  Size of encoded data in bytes on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len)
+{
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    /* Validate parameters and check public and private key set. */
+    if ((key != NULL) && key->prvKeySet && key->pubKeySet) {
+        /* Create DER for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
+                DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k);
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
+                DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k);
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
+                DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k);
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, key->p,
+                ML_DSA_LEVEL2_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, key->p,
+                ML_DSA_LEVEL3_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, key->p,
+                ML_DSA_LEVEL5_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k);
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+
+/* Encode the private data of a Dilithium key in DER.
+ *
+ * Pass NULL for output to get the size of the encoding.
+ *
+ * @param [in]  key     Dilithium key object.
+ * @param [out] output  Buffer to put encoded data in.
+ * @param [in]  len     Size of buffer in bytes.
+ * @return  Size of encoded data in bytes on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len)
+{
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    /* Validate parameters and check private key set. */
+    if ((key != NULL) && key->prvKeySet) {
+        /* Create DER for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
+            ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0,
+                output, len, DILITHIUM_LEVEL2k);
+        }
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
+            ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0,
+                output, len, DILITHIUM_LEVEL3k);
+        }
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
+            ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0,
+                output, len, DILITHIUM_LEVEL5k);
+        }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL2k);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL3k);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL5k);
+        }
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#endif /* HAVE_DILITHIUM */
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index 3cdcffe3c..bcd31c2a7 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -1,6 +1,6 @@
 /* dsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,6 +42,14 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #ifdef _MSC_VER
     /* disable for while(0) cases (MSVC bug) */
     #pragma warning(disable:4127)
@@ -165,7 +173,7 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
         return MEMORY_E;
     }
 
-    SAVE_VECTOR_REGISTERS();
+    SAVE_VECTOR_REGISTERS(;);
 
 #ifdef WOLFSSL_SMALL_STACK
     if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)
@@ -534,7 +542,7 @@ int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz,
         *pSz = pLen;
         *qSz = qLen;
         *gSz = gLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (p == NULL || q == NULL || g == NULL)
@@ -608,7 +616,7 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz)
     if (x == NULL && y == NULL) {
         *xSz = xLen;
         *ySz = yLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (x == NULL || y == NULL)
@@ -922,33 +930,39 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
 
 #ifdef WOLFSSL_SMALL_STACK
     if (k) {
-        if ((ret != MP_INIT_E) && (ret != MEMORY_E))
+        if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+            (ret != WC_NO_ERR_TRACE(MEMORY_E)))
             mp_forcezero(k);
         XFREE(k, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (kInv) {
-        if ((ret != MP_INIT_E) && (ret != MEMORY_E))
+        if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+            (ret != WC_NO_ERR_TRACE(MEMORY_E)))
             mp_forcezero(kInv);
         XFREE(kInv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (r) {
-        if ((ret != MP_INIT_E) && (ret != MEMORY_E))
+        if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+            (ret != WC_NO_ERR_TRACE(MEMORY_E)))
             mp_clear(r);
         XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (s) {
-        if ((ret != MP_INIT_E) && (ret != MEMORY_E))
+        if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+            (ret != WC_NO_ERR_TRACE(MEMORY_E)))
             mp_clear(s);
         XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (H) {
-        if ((ret != MP_INIT_E) && (ret != MEMORY_E))
+        if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+            (ret != WC_NO_ERR_TRACE(MEMORY_E)))
             mp_clear(H);
         XFREE(H, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME
     if (b) {
-        if ((ret != MP_INIT_E) && (ret != MEMORY_E))
+        if ((ret != WC_NO_ERR_TRACE(MP_INIT_E)) &&
+            (ret != WC_NO_ERR_TRACE(MEMORY_E)))
             mp_forcezero(b);
         XFREE(b, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
@@ -958,7 +972,7 @@ int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, DsaKey* key,
         XFREE(buffer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #else /* !WOLFSSL_SMALL_STACK */
-    if (ret != MP_INIT_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) {
         ForceZero(buffer, halfSz);
         mp_forcezero(kInv);
         mp_forcezero(k);
@@ -1098,37 +1112,37 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig,
 
 #ifdef WOLFSSL_SMALL_STACK
     if (s) {
-        if (ret != MP_INIT_E)
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(s);
         XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (r) {
-        if (ret != MP_INIT_E)
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(r);
         XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (u1) {
-        if (ret != MP_INIT_E)
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(u1);
         XFREE(u1, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (u2) {
-        if (ret != MP_INIT_E)
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(u2);
         XFREE(u2, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (w) {
-        if (ret != MP_INIT_E)
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(w);
         XFREE(w, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (v) {
-        if (ret != MP_INIT_E)
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(v);
         XFREE(v, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #else
-    if (ret != MP_INIT_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) {
         mp_clear(s);
         mp_clear(r);
         mp_clear(u1);
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 72ab563bf..37f0260be 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1,6 +1,6 @@
 /* ecc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -98,6 +98,15 @@ Possible ECC enable options:
  *                      Use this when CPU state can be closely observed by
  *                      attacker.
  *                                                              default: off
+ * WOLFSSL_ECC_BLIND_K
+ *                      Blind the private key k by using a random mask.
+ *                      The private key is never stored unprotected but an
+ *                      unmasked copy is computed and stored each time it is
+ *                      needed.
+ *                                                              default: off
+ * WOLFSSL_CHECK_VER_FAULTS
+ *                      Sanity check on verification steps in case of faults.
+ *                                                              default: off
  */
 
 /*
@@ -180,6 +189,15 @@ ECC Curve Sizes:
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_ecc_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000005 };
+    int wolfCrypt_FIPS_ECC_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
 #if defined(FREESCALE_LTC_ECC)
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
@@ -213,12 +231,12 @@ ECC Curve Sizes:
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
 
-#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    #define GEN_MEM_ERR MP_MEM
-#elif defined(USE_FAST_MATH)
-    #define GEN_MEM_ERR FP_MEM
-#else
-    #define GEN_MEM_ERR MP_MEM
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
@@ -237,11 +255,17 @@ ECC Curve Sizes:
     #define HAVE_ECC_MAKE_PUB
 #endif
 
+
+/* macro guard for ecc_check_pubkey_order functionality */
 #if !defined(WOLFSSL_SP_MATH) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_IMXRT1170_CAAM) || \
+      defined(WOLFSSL_QNX_CAAM))
+
+    /* CAAM builds use public key validation as a means to check if an
+     * imported private key is an encrypted black key or not */
     #undef  HAVE_ECC_CHECK_PUBKEY_ORDER
     #define HAVE_ECC_CHECK_PUBKEY_ORDER
 #endif
@@ -274,6 +298,53 @@ ECC Curve Sizes:
 
 #endif
 
+#ifdef WOLFSSL_ECC_BLIND_K
+mp_int* ecc_get_k(ecc_key* key)
+{
+    mp_xor_ct(key->k, key->kb, key->dp->size, key->ku);
+    return key->ku;
+}
+void ecc_blind_k(ecc_key* key, mp_int* b)
+{
+    mp_xor_ct(key->k, b, key->dp->size, key->k);
+    mp_xor_ct(key->kb, b, key->dp->size, key->kb);
+}
+int ecc_blind_k_rng(ecc_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+    WC_RNG local_rng;
+
+#ifdef ECC_TIMING_RESISTANT
+    if (rng == NULL) {
+        rng = key->rng;
+    }
+#endif
+    if (rng == NULL) {
+        ret = wc_InitRng(&local_rng);
+        if (ret == 0) {
+            rng = &local_rng;
+        }
+    }
+    if (ret == 0) {
+        ret = mp_rand(key->kb, (key->dp->size + sizeof(mp_digit) - 1) /
+            sizeof(mp_digit), rng);
+        if (ret == 0) {
+            mp_xor_ct(key->k, key->kb, key->dp->size, key->k);
+        }
+    }
+
+    if (rng == &local_rng) {
+        wc_FreeRng(&local_rng);
+    }
+    return ret;
+}
+
+mp_int* wc_ecc_key_get_priv(ecc_key* key)
+{
+    return ecc_get_k(key);
+}
+#endif
+
 /* forward declarations */
 static int  wc_ecc_new_point_ex(ecc_point** point, void* heap);
 static void wc_ecc_del_point_ex(ecc_point* p, void* heap);
@@ -788,6 +859,14 @@ enum {
 /* This holds the key settings.
    ***MUST*** be organized by size from smallest to largest. */
 
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+    #undef ecc_sets
+    #undef ecc_sets_count
+#endif
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+static
+#endif
 const ecc_set_type ecc_sets[] = {
 #ifdef ECC112
     #ifndef NO_ECC_SECP
@@ -1331,8 +1410,17 @@ const ecc_set_type ecc_sets[] = {
     }
 };
 #define ECC_SET_COUNT   (sizeof(ecc_sets)/sizeof(ecc_set_type))
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+static
+#endif
 const size_t ecc_sets_count = ECC_SET_COUNT - 1;
 
+const ecc_set_type *wc_ecc_get_sets(void) {
+    return ecc_sets;
+}
+size_t wc_ecc_get_sets_count(void) {
+    return ecc_sets_count;
+}
 
 #ifdef HAVE_OID_ENCODING
     /* encoded OID cache */
@@ -1341,7 +1429,13 @@ const size_t ecc_sets_count = ECC_SET_COUNT - 1;
         byte oid[ECC_MAX_OID_LEN];
     } oid_cache_t;
     static oid_cache_t ecc_oid_cache[ECC_SET_COUNT];
+
+    static wolfSSL_Mutex ecc_oid_cache_lock
+        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    static volatile int eccOidLockInit = 0;
 #endif
+#endif /* HAVE_OID_ENCODING */
 
 /* Forward declarations */
 #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT)
@@ -1472,13 +1566,17 @@ static int xil_mpi_import(mp_int *mpi,
 
 #ifdef ECC_CACHE_CURVE
     /* cache (mp_int) of the curve parameters */
+    #ifdef WOLFSSL_NO_MALLOC
+    static ecc_curve_spec ecc_curve_spec_cache[ECC_SET_COUNT];
+    #else
     static ecc_curve_spec* ecc_curve_spec_cache[ECC_SET_COUNT];
+    #endif
     #ifndef SINGLE_THREADED
-        static wolfSSL_Mutex ecc_curve_cache_mutex;
+        static wolfSSL_Mutex ecc_curve_cache_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_curve_cache_mutex);
     #endif
 
     #define DECLARE_CURVE_SPECS(intcount) ecc_curve_spec* curve = NULL
-    #define ALLOC_CURVE_SPECS(intcount, err) WC_DO_NOTHING
+    #define ALLOC_CURVE_SPECS(intcount, err) (err) = MP_OKAY
     #define FREE_CURVE_SPECS() WC_DO_NOTHING
 #elif defined(WOLFSSL_SMALL_STACK)
 #ifdef WOLFSSL_SP_MATH_ALL
@@ -1490,13 +1588,17 @@ static int xil_mpi_import(mp_int *mpi,
         curve->spec_count = intcount
 
     #define ALLOC_CURVE_SPECS(intcount, err)                            \
+    do {                                                                \
         spec_ints = (unsigned char*)XMALLOC(MP_INT_SIZEOF(MP_BITS_CNT(  \
             MAX_ECC_BITS_USE)) * (intcount), NULL,                      \
             DYNAMIC_TYPE_ECC);                                          \
         if (spec_ints == NULL)                                          \
             (err) = MEMORY_E;                                           \
-        else                                                            \
-            curve->spec_ints = spec_ints
+        else {                                                          \
+            curve->spec_ints = spec_ints;                               \
+            (err) = MP_OKAY;                                            \
+        }                                                               \
+    } while (0)
 #else
     #define DECLARE_CURVE_SPECS(intcount)                               \
         mp_int* spec_ints = NULL;                                       \
@@ -1506,12 +1608,16 @@ static int xil_mpi_import(mp_int *mpi,
         curve->spec_count = intcount
 
     #define ALLOC_CURVE_SPECS(intcount, err)                            \
+    do {                                                                \
         spec_ints = (mp_int*)XMALLOC(sizeof(mp_int) * (intcount), NULL, \
                             DYNAMIC_TYPE_ECC);                          \
         if (spec_ints == NULL)                                          \
             (err) = MEMORY_E;                                           \
-        else                                                            \
-            curve->spec_ints = spec_ints
+        else {                                                          \
+            curve->spec_ints = spec_ints;                               \
+            (err) = MP_OKAY;                                            \
+        }                                                               \
+    } while (0)
 #endif
     #define FREE_CURVE_SPECS()                                          \
         XFREE(spec_ints, NULL, DYNAMIC_TYPE_ECC)
@@ -1534,7 +1640,7 @@ static int xil_mpi_import(mp_int *mpi,
         curve->spec_ints = spec_ints;                                   \
         curve->spec_count = (intcount)
 #endif
-    #define ALLOC_CURVE_SPECS(intcount, err) WC_DO_NOTHING
+    #define ALLOC_CURVE_SPECS(intcount, err) (err) = MP_OKAY
     #define FREE_CURVE_SPECS() WC_DO_NOTHING
 #endif /* ECC_CACHE_CURVE */
 
@@ -1547,7 +1653,7 @@ static void wc_ecc_curve_cache_free_spec_item(ecc_curve_spec* curve, mp_int* ite
     #endif
         mp_clear(item);
     }
-    curve->load_mask &= ~mask;
+    curve->load_mask = (byte)(curve->load_mask & ~mask);
 }
 static void wc_ecc_curve_cache_free_spec(ecc_curve_spec* curve)
 {
@@ -1652,6 +1758,9 @@ static int wc_ecc_curve_load(const ecc_set_type* dp, ecc_curve_spec** pCurve,
     }
 #endif
 
+#ifdef WOLFSSL_NO_MALLOC
+    curve = &ecc_curve_spec_cache[x];
+#else
     /* make sure cache has been allocated */
     if (ecc_curve_spec_cache[x] == NULL
     #ifdef WOLFSSL_CUSTOM_CURVES
@@ -1678,6 +1787,8 @@ static int wc_ecc_curve_load(const ecc_set_type* dp, ecc_curve_spec** pCurve,
     else {
         curve = ecc_curve_spec_cache[x];
     }
+#endif /* WOLFSSL_NO_MALLOC */
+
     /* return new or cached curve */
     *pCurve = curve;
 #else
@@ -1744,7 +1855,8 @@ static int wc_ecc_curve_load(const ecc_set_type* dp, ecc_curve_spec** pCurve,
 int wc_ecc_curve_cache_init(void)
 {
     int ret = 0;
-#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED)
+#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED) && \
+        !defined(WOLFSSL_MUTEX_INITIALIZER)
     ret = wc_InitMutex(&ecc_curve_cache_mutex);
 #endif
     return ret;
@@ -1756,14 +1868,20 @@ void wc_ecc_curve_cache_free(void)
 
     /* free all ECC curve caches */
     for (x = 0; x < (int)ECC_SET_COUNT; x++) {
+    #ifdef WOLFSSL_NO_MALLOC
+        wc_ecc_curve_cache_free_spec(&ecc_curve_spec_cache[x]);
+        XMEMSET(&ecc_curve_spec_cache[x], 0, sizeof(ecc_curve_spec_cache[x]));
+    #else
         if (ecc_curve_spec_cache[x]) {
             wc_ecc_curve_cache_free_spec(ecc_curve_spec_cache[x]);
             XFREE(ecc_curve_spec_cache[x], NULL, DYNAMIC_TYPE_ECC);
             ecc_curve_spec_cache[x] = NULL;
         }
+    #endif /* WOLFSSL_NO_MALLOC */
     }
 
-#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED)
+#if defined(ECC_CACHE_CURVE) && !defined(SINGLE_THREADED) && \
+        !defined(WOLFSSL_MUTEX_INITIALIZER)
     wc_FreeMutex(&ecc_curve_cache_mutex);
 #endif
 }
@@ -1834,7 +1952,9 @@ static void alt_fp_init(mp_int* a)
 
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && \
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
 
 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_PUBLIC_ECC_ADD_DBL)
 static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
@@ -2397,8 +2517,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
    }
    if (err == MP_OKAY && mp_iszero((MP_INT_SIZE*)t2)) {
       /* T2 = X * X */
-      if (err == MP_OKAY)
-          err = mp_sqr(x, t2);
+      err = mp_sqr(x, t2);
       if (err == MP_OKAY)
           err = mp_montgomery_reduce(t2, modulus, mp);
       /* T1 = T2 + T1 */
@@ -2412,8 +2531,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
       /* use "a" in calc */
 
       /* T2 = T1 * T1 */
-      if (err == MP_OKAY)
-          err = mp_sqr(t1, t2);
+      err = mp_sqr(t1, t2);
       if (err == MP_OKAY)
           err = mp_montgomery_reduce(t2, modulus, mp);
       /* T1 = T2 * a */
@@ -2599,6 +2717,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
 */
 int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct)
 {
+   int err = MP_OKAY;
 #if !defined(WOLFSSL_SP_MATH)
    DECL_MP_INT_SIZE_DYN(t1, mp_bitsused(modulus), MAX_ECC_BITS_USE);
    DECL_MP_INT_SIZE_DYN(t2, mp_bitsused(modulus), MAX_ECC_BITS_USE);
@@ -2608,7 +2727,6 @@ int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct)
    DECL_MP_INT_SIZE_DYN(rz, mp_bitsused(modulus), MAX_ECC_BITS_USE);
 #endif
    mp_int *x, *y, *z;
-   int    err;
 
    (void)ct;
 
@@ -2796,7 +2914,10 @@ done:
    }
 
    return err;
+   /* end !defined(WOLFSSL_SP_MATH) */
+
 #else
+   /* begin defined(WOLFSSL_SP_MATH) */
    if (P == NULL || modulus == NULL)
        return ECC_BAD_ARG_E;
 
@@ -2805,26 +2926,27 @@ done:
 
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
    if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
-       return sp_ecc_map_sm2_256(P->x, P->y, P->z);
+       err = sp_ecc_map_sm2_256(P->x, P->y, P->z);
    }
-#endif
-#ifndef WOLFSSL_SP_NO_256
+#elif !defined(WOLFSSL_SP_NO_256)
    if (mp_count_bits(modulus) == 256) {
-       return sp_ecc_map_256(P->x, P->y, P->z);
+       err = sp_ecc_map_256(P->x, P->y, P->z);
    }
-#endif
-#ifdef WOLFSSL_SP_384
+#elif defined(WOLFSSL_SP_384)
    if (mp_count_bits(modulus) == 384) {
-       return sp_ecc_map_384(P->x, P->y, P->z);
+       err = sp_ecc_map_384(P->x, P->y, P->z);
    }
-#endif
-#ifdef WOLFSSL_SP_521
+#elif defined(WOLFSSL_SP_521)
    if (mp_count_bits(modulus) == 521) {
-       return sp_ecc_map_521(P->x, P->y, P->z);
+       err = sp_ecc_map_521(P->x, P->y, P->z);
    }
+#else
+   err = ECC_BAD_ARG_E;
 #endif
-   return ECC_BAD_ARG_E;
-#endif
+
+   WOLFSSL_LEAVE("ecc_map_ex (SP Math)", err);
+   return err;
+#endif /* WOLFSSL_SP_MATH */
 }
 #endif /* !FREESCALE_LTC_ECC && !WOLFSSL_STM32_PKA */
 
@@ -3555,17 +3677,12 @@ static void ecc_key_tmp_final(ecc_key* key, void* heap)
    FREE_MP_INT_SIZE(key->t1, heap, DYNAMIC_TYPE_ECC);
 #else
 #ifdef ALT_ECC_SIZE
-   if (key->z != NULL)
-      XFREE(key->z, heap, DYNAMIC_TYPE_ECC);
-   if (key->y != NULL)
-      XFREE(key->y, heap, DYNAMIC_TYPE_ECC);
-   if (key->x != NULL)
-      XFREE(key->x, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->z, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->y, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->x, heap, DYNAMIC_TYPE_ECC);
 #endif
-   if (key->t2 != NULL)
-      XFREE(key->t2, heap, DYNAMIC_TYPE_ECC);
-   if (key->t1 != NULL)
-      XFREE(key->t1, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->t2, heap, DYNAMIC_TYPE_ECC);
+   XFREE(key->t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 }
 #endif /* WOLFSSL_SMALL_STACK_CACHE */
@@ -3828,6 +3945,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
 #endif
    /* k can't have more bits than order */
    if (mp_count_bits(k) > mp_count_bits(order)) {
+      WOLFSSL_MSG("Private key length is greater than order in bits.");
       return ECC_OUT_OF_RANGE_E;
    }
 
@@ -3959,10 +4077,16 @@ exit:
 int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
                   mp_int* modulus, int map)
 {
+    if ((k != NULL) && (R != NULL) && (mp_iszero(k))) {
+        mp_zero(R->x);
+        mp_zero(R->y);
+        mp_set(R->z, 1);
+        return MP_OKAY;
+    }
     return wc_ecc_mulmod_ex(k, G, R, a, modulus, map, NULL);
 }
 
-#endif /* !WOLFSSL_ATECC508A */
+#endif
 
 /**
  * Allocate a new ECC point (if one not provided)
@@ -3979,23 +4103,24 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
    }
 
    p = *point;
-#ifndef WOLFSSL_NO_MALLOC
    if (p == NULL) {
       p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC);
    }
-#endif
    if (p == NULL) {
       return MEMORY_E;
    }
    XMEMSET(p, 0, sizeof(ecc_point));
 
+   if (*point == NULL)
+       p->isAllocated = 1;
+
 #ifndef ALT_ECC_SIZE
    err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL);
    if (err != MP_OKAY) {
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
-      return err;
+      WOLFSSL_MSG("mp_init_multi failed.");
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
+      p = NULL;
    }
 #else
    p->x = (mp_int*)&p->xyz[0];
@@ -4009,13 +4134,15 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
    *point = p;
    (void)heap;
    return err;
-}
+} /* wc_ecc_new_point_ex */
+
 ecc_point* wc_ecc_new_point_h(void* heap)
 {
     ecc_point* p = NULL;
     (void)wc_ecc_new_point_ex(&p, heap);
     return p;
 }
+
 ecc_point* wc_ecc_new_point(void)
 {
    ecc_point* p = NULL;
@@ -4032,9 +4159,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap)
       mp_clear(p->x);
       mp_clear(p->y);
       mp_clear(p->z);
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
    }
    (void)heap;
 }
@@ -4147,7 +4273,7 @@ int wc_ecc_get_curve_idx(int curve_id)
 
 int wc_ecc_get_curve_id(int curve_idx)
 {
-    if (wc_ecc_is_valid_idx(curve_idx)) {
+    if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) {
         return ecc_sets[curve_idx].id;
     }
     return ECC_CURVE_INVALID;
@@ -4253,8 +4379,11 @@ static int wc_ecc_cmp_param(const char* curveParam,
     if (param == NULL || curveParam == NULL)
         return BAD_FUNC_ARG;
 
-    if (encType == WC_TYPE_HEX_STR)
-        return XSTRNCMP(curveParam, (char*) param, paramSz);
+    if (encType == WC_TYPE_HEX_STR) {
+        if ((word32)XSTRLEN(curveParam) != paramSz)
+            return -1;
+        return (XSTRNCMP(curveParam, (char*) param, paramSz) == 0) ? 0 : -1;
+    }
 
 #ifdef WOLFSSL_SMALL_STACK
     a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC);
@@ -4436,13 +4565,11 @@ int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len)
     }
 #endif
 
-#if !defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING)
     if (len == 0) {
         /* SAKKE has zero oidSz and will otherwise match with len==0. */
         WOLFSSL_MSG("zero oidSz");
         return ECC_CURVE_INVALID;
     }
-#endif
 
     for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) {
     #if defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING)
@@ -4570,20 +4697,15 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
     #endif
     {
         err = wc_CryptoCb_Ecdh(private_key, public_key, out, outlen);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err != CRYPTOCB_UNAVAILABLE)
+        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            err = NO_VALID_DEVID;
-        }
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
    /* type valid? */
    if (private_key->type != ECC_PRIVATEKEY &&
            private_key->type != ECC_PRIVATEKEY_ONLY) {
@@ -4632,7 +4754,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
 #else
    err = wc_ecc_shared_secret_ex(private_key, &public_key->pubkey, out, outlen);
 #endif /* WOLFSSL_ATECC508A */
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 
    return err;
 }
@@ -4646,7 +4768,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
                                byte* out, word32* outlen)
 {
     int err = MP_OKAY;
-    mp_int* k = private_key->k;
+    mp_int* k = ecc_get_k(private_key);
 #ifdef HAVE_ECC_CDH
 #ifdef WOLFSSL_SMALL_STACK
     mp_int *k_lcl = NULL;
@@ -4676,7 +4798,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
                 goto errout;
             }
             /* multiply cofactor times private key "k" */
-            err = mp_mul_d(private_key->k, cofactor, k);
+            err = mp_mul_d(ecc_get_k(private_key), cofactor, k);
             if (err != MP_OKAY)
                 goto errout;
         }
@@ -4875,8 +4997,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
     if (k == k_lcl)
         mp_clear(k);
 #ifdef WOLFSSL_SMALL_STACK
-    if (k_lcl != NULL)
-        XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER);
 #endif
 #endif
 
@@ -4917,7 +5038,8 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
         word32 keySz = private_key->dp->size;
 
         /* sync public key x/y */
-        err = wc_mp_to_bigint_sz(private_key->k, &private_key->k->raw, keySz);
+        err = wc_mp_to_bigint_sz(ecc_get_k(private_key),
+            &ecc_get_k(private_key)->raw, keySz);
         if (err == MP_OKAY)
             err = wc_mp_to_bigint_sz(point->x, &point->x->raw, keySz);
         if (err == MP_OKAY)
@@ -4931,7 +5053,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
                 NitroxEccGetSize(private_key)*2);
         if (err == MP_OKAY)
             err = NitroxEcdh(private_key,
-                &private_key->k->raw, &point->x->raw, &point->y->raw,
+                &ecc_get_k(private_key)->raw, &point->x->raw, &point->y->raw,
                 private_key->e->raw.buf, &private_key->e->raw.len,
                 &curve->prime->raw);
     #else
@@ -4939,7 +5061,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
             err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF);
         if (err == MP_OKAY)
             err = IntelQaEcdh(&private_key->asyncDev,
-                &private_key->k->raw, &point->x->raw, &point->y->raw,
+                &ecc_get_k(private_key)->raw, &point->x->raw, &point->y->raw,
                 out, outlen,
                 &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw,
                 private_key->dp->cofactor);
@@ -4962,7 +5084,7 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
         err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen);
     }
 
-    if (err == WC_PENDING_E) {
+    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         private_key->state++;
     }
 
@@ -5055,7 +5177,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
     RESTORE_VECTOR_REGISTERS();
 
     /* if async pending then return and skip done cleanup below */
-    if (err == WC_PENDING_E) {
+    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         return err;
     }
 
@@ -5077,11 +5199,33 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
 
     err = wc_ecc_init_ex(&public_key, private_key->heap, INVALID_DEVID);
     if (err == MP_OKAY) {
+        #if FIPS_VERSION3_GE(6,0,0)
+        /* Since we are allowing a pass-through of ecc_make_key_ex_fips when
+         * both keysize == 0 and curve_id == 0 ensure we select an appropriate
+         * keysize here when relying on default selection */
+        if (private_key->dp->size < WC_ECC_FIPS_GEN_MIN) {
+            if (private_key->dp->size == 0 &&
+                (private_key->dp->id == ECC_SECP256R1 ||
+                private_key->dp->id == ECC_SECP224R1 ||
+                private_key->dp->id == ECC_SECP384R1 ||
+                private_key->dp->id == ECC_SECP521R1)) {
+                WOLFSSL_MSG("ECC dp->size zero but dp->id sufficient for FIPS");
+                err = 0;
+            } else {
+                WOLFSSL_MSG("ECC curve too small for FIPS mode");
+                err = ECC_CURVE_OID_E;
+            }
+        }
+        if (err == 0) { /* FIPS specific check */
+        #endif
         err = wc_ecc_set_curve(&public_key, private_key->dp->size,
                                private_key->dp->id);
         if (err == MP_OKAY) {
             err = mp_copy(point->x, public_key.pubkey.x);
         }
+        #if FIPS_VERSION3_GE(6,0,0)
+        } /* end FIPS specific check */
+        #endif
         if (err == MP_OKAY) {
             err = mp_copy(point->y, public_key.pubkey.y);
         }
@@ -5135,7 +5279,9 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
 #endif /* USE_ECC_B_PARAM */
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && \
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
 /* return 1 if point is at infinity, 0 if not, < 0 on error */
 int wc_ecc_point_is_at_infinity(ecc_point* p)
 {
@@ -5146,7 +5292,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p)
 
     return 0;
 }
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL */
+#endif
 
 /* generate random and ensure its greater than 0 and less than order */
 int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
@@ -5300,9 +5446,9 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
         key->type = ECC_PRIVATEKEY_ONLY;
     }
 
-    if ((err == MP_OKAY) && (mp_iszero(key->k) || mp_isneg(key->k) ||
-                                      (mp_cmp(key->k, curve->order) != MP_LT)))
-    {
+    if ((err == MP_OKAY) && (mp_iszero(ecc_get_k(key)) ||
+            mp_isneg(ecc_get_k(key)) ||
+            (mp_cmp(ecc_get_k(key), curve->order) != MP_LT))) {
         err = ECC_PRIV_KEY_E;
     }
 
@@ -5324,10 +5470,10 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
     if (err == MP_OKAY && key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
         word32 keySz = key->dp->size;
         /* sync private key to raw */
-        err = wc_mp_to_bigint_sz(key->k, &key->k->raw, keySz);
+        err = wc_mp_to_bigint_sz(ecc_get_k(key), &ecc_get_k(key)->raw, keySz);
         if (err == MP_OKAY) {
             err = IntelQaEccPointMul(&key->asyncDev,
-                &key->k->raw, pub->x, pub->y, pub->z,
+                &ecc_get_k(key)->raw, pub->x, pub->y, pub->z,
                 &curve->Gx->raw, &curve->Gy->raw,
                 &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw,
                 key->dp->cofactor);
@@ -5343,25 +5489,25 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
     else
 #ifndef WOLFSSL_SP_NO_256
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
-        err = sp_ecc_mulmod_base_256(key->k, pub, 1, key->heap);
+        err = sp_ecc_mulmod_base_256(ecc_get_k(key), pub, 1, key->heap);
     }
     else
 #endif /* WOLFSSL_SP_NO_256 */
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SM2P256V1) {
-        err = sp_ecc_mulmod_base_sm2_256(key->k, pub, 1, key->heap);
+        err = sp_ecc_mulmod_base_sm2_256(ecc_get_k(key), pub, 1, key->heap);
     }
     else
 #endif
 #ifdef WOLFSSL_SP_384
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) {
-        err = sp_ecc_mulmod_base_384(key->k, pub, 1, key->heap);
+        err = sp_ecc_mulmod_base_384(ecc_get_k(key), pub, 1, key->heap);
     }
     else
 #endif
 #ifdef WOLFSSL_SP_521
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) {
-        err = sp_ecc_mulmod_base_521(key->k, pub, 1, key->heap);
+        err = sp_ecc_mulmod_base_521(ecc_get_k(key), pub, 1, key->heap);
     }
     else
 #endif
@@ -5393,9 +5539,9 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
         /* make the public key */
         if (err == MP_OKAY) {
             /* Map in a separate call as this should be constant time */
-            err = wc_ecc_mulmod_ex2(key->k, base, pub, curve->Af, curve->prime,
-                                               curve->order, rng, 0, key->heap);
-            if (err == MP_MEM) {
+            err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, pub, curve->Af,
+                                 curve->prime, curve->order, rng, 0, key->heap);
+            if (err == WC_NO_ERR_TRACE(MP_MEM)) {
                err = MEMORY_E;
             }
         }
@@ -5411,7 +5557,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
 
     if (err != MP_OKAY
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && err != WC_PENDING_E
+        && err != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         /* clean up if failed */
@@ -5516,11 +5662,30 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
     /* make sure required variables are reset */
     wc_ecc_reset(key);
 
+    #if FIPS_VERSION3_GE(6,0,0)
+    /* Since we are allowing a pass-through of ecc_make_key_ex_fips when
+     * both keysize == 0 and curve_id == 0 ensure we select an appropriate
+     * keysize here when relying on default selection */
+    if (keysize < WC_ECC_FIPS_GEN_MIN) {
+        if (keysize == 0 && (curve_id == ECC_SECP256R1 ||
+             curve_id == ECC_SECP224R1 || curve_id == ECC_SECP384R1 ||
+             curve_id == ECC_SECP521R1)) {
+            WOLFSSL_MSG("ECC keysize zero but curve_id sufficient for FIPS");
+            err = 0;
+        } else {
+            WOLFSSL_MSG("ECC curve too small for FIPS mode");
+            err = ECC_CURVE_OID_E;
+        }
+    }
+    if (err == 0) { /* FIPS specific check */
+    #endif
     err = wc_ecc_set_curve(key, keysize, curve_id);
     if (err != 0) {
         return err;
     }
-
+    #if FIPS_VERSION3_GE(6,0,0)
+    } /* end FIPS specific check */
+    #endif
     key->flags = (byte)flags;
 
 #ifdef WOLF_CRYPTO_CB
@@ -5529,21 +5694,15 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
     #endif
     {
         err = wc_CryptoCb_MakeEccKey(rng, keysize, key, curve_id);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err != CRYPTOCB_UNAVAILABLE)
+        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            return NO_VALID_DEVID;
-        }
-        return err;
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
     #ifdef HAVE_CAVIUM
@@ -5636,6 +5795,11 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
 
     if (err == SA_SILIB_RET_OK) {
         err = mp_read_unsigned_bin(key->k, ucompressed_key, raw_size);
+#ifdef WOLFSSL_ECC_BLIND_K
+        if (err == MP_OKAY) {
+            err = ecc_blind_k_rng(key, rng);
+        }
+#endif
     }
 
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
@@ -5687,7 +5851,12 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
         err = xil_mpi_import(key->pubkey.y, key->keyRaw + key->dp->size,
                              key->dp->size, key->heap);
     if (err == 0)
-        err = xil_mpi_import(key->k, key->privKey, key->dp->size, key->heap);
+        err = xil_mpi_import(key->k, key->privKey, key->dp->size,
+                             key->heap);
+#ifdef WOLFSSL_ECC_BLIND_K
+    if (err == 0)
+        err = ecc_blind_k_rng(key, rng);
+#endif
     if (err == 0)
         err = mp_set(key->pubkey.z, 1);
     if (err) {
@@ -5812,24 +5981,37 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
         /* load curve info */
         if (err == MP_OKAY) {
             ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT, err);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("ALLOC_CURVE_SPECS failed");
+            }
         }
+
         if (err == MP_OKAY) {
             err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("wc_ecc_curve_load failed");
+            }
         }
 
         /* generate k */
         if (err == MP_OKAY) {
             err = wc_ecc_gen_k(rng, key->dp->size, key->k, curve->order);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("wc_ecc_gen_k failed");
+            }
         }
 
         /* generate public key from k */
         if (err == MP_OKAY) {
             err = ecc_make_pub_ex(key, curve, NULL, rng);
+            if (err != MP_OKAY) {
+                WOLFSSL_MSG("ecc_make_pub_ex failed");
+            }
         }
 
         if (err == MP_OKAY
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || err == WC_PENDING_E
+            || err == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             key->type = ECC_PRIVATEKEY;
@@ -5856,10 +6038,15 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
          err = wc_mp_to_bigint(key->pubkey.z, &key->pubkey.z->raw);
 #endif
 
+#ifdef WOLFSSL_ECC_BLIND_K
+    if (err == MP_OKAY)
+        err = ecc_blind_k_rng(key, rng);
+#endif
+
 #endif /* HAVE_ECC_MAKE_PUB */
 
     return err;
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
 
 
@@ -6011,20 +6198,11 @@ WOLFSSL_ABI
 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 {
     int ret      = 0;
-#if defined(HAVE_PKCS11)
-    int isPkcs11 = 0;
-#endif
 
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-#if defined(HAVE_PKCS11)
-    if (key->isPkcs11) {
-        isPkcs11 = 1;
-    }
-#endif
-
 #ifdef ECC_DUMP_OID
     wc_ecc_dump_oids();
 #endif
@@ -6052,13 +6230,27 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
     alt_fp_init(key->pubkey.z);
     key->k = (mp_int*)key->ka;
     alt_fp_init(key->k);
+#ifdef WOLFSSL_ECC_BLIND_K
+    key->kb = (mp_int*)key->kba;
+    key->ku = (mp_int*)key->kia;
+    alt_fp_init(key->kb);
+    alt_fp_init(key->ku);
+#endif
 #else
     ret = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z,
-                                                                    NULL, NULL);
+#ifndef WOLFSSL_ECC_BLIND_K
+                                                                      NULL, NULL
+#else
+                                                                key->kb, key->ku
+#endif
+                        );
     if (ret != MP_OKAY) {
         return MEMORY_E;
     }
 #endif /* ALT_ECC_SIZE */
+#ifdef WOLFSSL_ECC_BLIND_K
+    mp_forcezero(key->kb);
+#endif
 #endif /* WOLFSSL_ATECC508A */
 #if (defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
      defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
@@ -6071,22 +6263,24 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 #endif
 
 #ifdef WOLFSSL_HEAP_TEST
+    (void)heap;
     key->heap = (void*)WOLFSSL_HEAP_TEST;
 #else
     key->heap = heap;
 #endif
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
-    #if defined(HAVE_PKCS11)
-        if (!isPkcs11)
+    #ifdef WOLF_CRYPTO_CB
+    /* prefer crypto callback */
+    if (key->devId != INVALID_DEVID)
     #endif
-        {
-            /* handle as async */
-            ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
-                                                            key->heap, devId);
-        }
-#elif defined(HAVE_PKCS11)
-    (void)isPkcs11;
+    {
+        /* handle as async */
+        ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
+                                                        key->heap, devId);
+    }
+    if (ret != 0)
+        return ret;
 #endif
 
 #if defined(WOLFSSL_DSP)
@@ -6100,6 +6294,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     mp_memzero_add("ECC k", key->k);
+#ifdef WOLFSSL_ECC_BLIND_K
+    mp_memzero_add("ECC kb", key->kb);
+    mp_memzero_add("ECC ku", key->ku);
+#endif
 #endif
 
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
@@ -6138,12 +6336,6 @@ int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
         ret = BAD_FUNC_ARG;
     if (ret == 0 && (len < 0 || len > ECC_MAX_ID_LEN))
         ret = BUFFER_E;
-
-#if defined(HAVE_PKCS11)
-    XMEMSET(key, 0, sizeof(ecc_key));
-    key->isPkcs11 = 1;
-#endif
-
     if (ret == 0)
         ret = wc_ecc_init_ex(key, heap, devId);
     if (ret == 0 && id != NULL && len != 0) {
@@ -6173,12 +6365,6 @@ int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId)
         if (labelLen == 0 || labelLen > ECC_MAX_LABEL_LEN)
             ret = BUFFER_E;
     }
-
-#if defined(HAVE_PKCS11)
-    XMEMSET(key, 0, sizeof(ecc_key));
-    key->isPkcs11 = 1;
-#endif
-
     if (ret == 0)
         ret = wc_ecc_init_ex(key, heap, devId);
     if (ret == 0) {
@@ -6224,9 +6410,6 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp)
 
 #ifdef HAVE_ECC_SIGN
 
-#ifndef NO_ASN
-
-
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) ||  \
     defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \
     defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \
@@ -6478,6 +6661,10 @@ static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out,
                 #if !defined(WOLFSSL_ASYNC_CRYPT_SW) && defined(HAVE_ECC_CDH)
                     DECLARE_CURVE_SPECS(1);
                     ALLOC_CURVE_SPECS(1, err);
+                    if (err != MP_OKAY) {
+                        WOLFSSL_MSG("ALLOC_CURVE_SPECS failed");
+                        break;
+                    }
 
                     /* get curve order */
                     err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ORDER);
@@ -6520,7 +6707,7 @@ static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (err == WC_PENDING_E) {
+    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         key->state++;
         return err;
     }
@@ -6551,6 +6738,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     DECL_MP_INT_SIZE_DYN(r, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
     DECL_MP_INT_SIZE_DYN(s, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
 #endif
+#ifdef NO_ASN
+    word32 keySz;
+#endif
 
     if (in == NULL || out == NULL || outlen == NULL || key == NULL) {
         return ECC_BAD_ARG_E;
@@ -6562,20 +6752,20 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     #endif
     {
         err = wc_CryptoCb_EccSign(in, inlen, out, outlen, rng, key);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err != CRYPTOCB_UNAVAILABLE)
+        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            err = NO_VALID_DEVID;
-        }
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    (void)rng;
+    (void)inlen;
+    (void)s;
+    (void)r;
+    (void)err;
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
     if (rng == NULL) {
         WOLFSSL_MSG("ECC sign RNG missing");
         return ECC_BAD_ARG_E;
@@ -6587,17 +6777,17 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 #else
 
     NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (r == NULL)
         return MEMORY_E;
-#endif
+    #endif
     NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (s == NULL) {
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return MEMORY_E;
     }
-#endif
+    #endif
 
     err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
@@ -6629,8 +6819,26 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
         return err;
     }
 
+#ifndef NO_ASN
     /* encoded with DSA header */
     err = StoreECC_DSA_Sig(out, outlen, r, s);
+#else
+    /* No support for DSA ASN.1 header.
+     * Signature will be r+s directly. */
+    keySz = 0;
+    if (key->dp != NULL) {
+        keySz = (word32)key->dp->size;
+    }
+    if (keySz <= 0) {
+        WOLFSSL_MSG("Error: ECDSA sign raw signature size");
+        return WC_NO_ERR_TRACE(ECC_BAD_ARG_E);
+    }
+    *outlen = keySz * 2;
+
+    /* Export signature into r,s */
+    mp_to_unsigned_bin_len(r, out, keySz);
+    mp_to_unsigned_bin_len(s, out + keySz, keySz);
+#endif /* !NO_ASN */
 
     /* cleanup */
     mp_clear(r);
@@ -6639,17 +6847,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
     FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
     FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
 #endif /* WOLFSSL_ASYNC_CRYPT */
-#else
-    (void)rng;
-    (void)inlen;
-    (void)s;
-    (void)r;
-    (void)err;
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
-
     return err;
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
-#endif /* !NO_ASN */
 
 #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
@@ -6673,13 +6873,17 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
         if (key->sign_k == NULL) {
             key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap,
                                                             DYNAMIC_TYPE_ECC);
+            if (key->sign_k != NULL) {
+                err = mp_init(key->sign_k);
+                if (err != MP_OKAY) {
+                    XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
+                    key->sign_k = NULL;
+                }
+            }
         }
-
         if (key->sign_k != NULL) {
-            /* currently limiting to SHA256 for auto create */
-            if (mp_init(key->sign_k) != MP_OKAY ||
-                wc_ecc_gen_deterministic_k(in, inlen,
-                        WC_HASH_TYPE_SHA256, key->k, key->sign_k,
+            if (wc_ecc_gen_deterministic_k(in, inlen,
+                        key->hashType, ecc_get_k(key), key->sign_k,
                         curve->order, key->heap) != 0) {
                 mp_free(key->sign_k);
                 XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
@@ -6697,9 +6901,8 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
         }
     #else
         key->sign_k_set = 0;
-        /* currently limiting to SHA256 for auto create */
-        if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256, key->k,
-                key->sign_k, curve->order, key->heap) != 0) {
+        if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType,
+                ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) {
             err = ECC_PRIV_KEY_E;
         }
         else {
@@ -6759,7 +6962,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
 
             err = wc_ecc_gen_k(rng, key->dp->size, b, curve->order);
         }
-        while (err == MP_ZERO_E);
+        while (err == WC_NO_ERR_TRACE(MP_ZERO_E));
         loop_check = 0;
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -6837,15 +7040,18 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
         if (err != MP_OKAY) break;
 
         if (mp_iszero(r) == MP_NO) {
-            mp_int* ep = pubkey->k;
-            mp_int* kp = pubkey->k;
-            mp_int* x  = key->k;
+            mp_int* kp = ecc_get_k(pubkey);
+            mp_int* ep = kp;
+            mp_int* x  = ecc_get_k(key);
+
+            /* Blind after getting. */
+            ecc_blind_k(key, b);
 
             /* find s = (e + xr)/k
                       = b.(e/k.b + x.r/k.b) */
 
             /* k' = k.b */
-            err = mp_mulmod(pubkey->k, b, curve->order, kp);
+            err = mp_mulmod(kp, b, curve->order, kp);
             if (err != MP_OKAY) break;
 
             /* k' = 1/k.b
@@ -6924,12 +7130,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
             #endif
             if (key->nb_ctx) {
                 return sp_ecc_sign_256_nb(&key->nb_ctx->sp_ctx, in, inlen, rng,
-                    key->k, r, s, sign_k, key->heap);
+                    ecc_get_k(key), r, s, sign_k, key->heap);
             }
             #ifdef WC_ECC_NONBLOCK_ONLY
             do { /* perform blocking call to non-blocking function */
                 err = sp_ecc_sign_256_nb(&nb_ctx.sp_ctx, in, inlen, rng,
-                    key->k, r, s, sign_k, key->heap);
+                    ecc_get_k(key), r, s, sign_k, key->heap);
             } while (err == FP_WOULDBLOCK);
             return err;
             #endif
@@ -6938,8 +7144,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
             {
                 int ret;
                 SAVE_VECTOR_REGISTERS(return _svr_ret;);
-                ret = sp_ecc_sign_256(in, inlen, rng, key->k, r, s, sign_k,
-                                      key->heap);
+                ret = sp_ecc_sign_256(in, inlen, rng, ecc_get_k(key), r, s,
+                                      sign_k, key->heap);
                 RESTORE_VECTOR_REGISTERS();
                 return ret;
             }
@@ -6950,8 +7156,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
         if (ecc_sets[key->idx].id == ECC_SM2P256V1) {
             int ret;
             SAVE_VECTOR_REGISTERS(return _svr_ret;);
-            ret = sp_ecc_sign_sm2_256(in, inlen, rng, key->k, r, s, sign_k,
-                key->heap);
+            ret = sp_ecc_sign_sm2_256(in, inlen, rng, ecc_get_k(key), r, s,
+                                      sign_k, key->heap);
             RESTORE_VECTOR_REGISTERS();
             return ret;
         }
@@ -6964,12 +7170,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
             #endif
             if (key->nb_ctx) {
                 return sp_ecc_sign_384_nb(&key->nb_ctx->sp_ctx, in, inlen, rng,
-                    key->k, r, s, sign_k, key->heap);
+                    ecc_get_k(key), r, s, sign_k, key->heap);
             }
             #ifdef WC_ECC_NONBLOCK_ONLY
             do { /* perform blocking call to non-blocking function */
                 err = sp_ecc_sign_384_nb(&nb_ctx.sp_ctx, in, inlen, rng,
-                    key->k, r, s, sign_k, key->heap);
+                    ecc_get_k(key), r, s, sign_k, key->heap);
             } while (err == FP_WOULDBLOCK);
             return err;
             #endif
@@ -6978,8 +7184,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
             {
                 int ret;
                 SAVE_VECTOR_REGISTERS(return _svr_ret;);
-                ret = sp_ecc_sign_384(in, inlen, rng, key->k, r, s, sign_k,
-                                      key->heap);
+                ret = sp_ecc_sign_384(in, inlen, rng, ecc_get_k(key), r, s,
+                                      sign_k, key->heap);
                 RESTORE_VECTOR_REGISTERS();
                 return ret;
             }
@@ -6994,12 +7200,12 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
             #endif
             if (key->nb_ctx) {
                 return sp_ecc_sign_521_nb(&key->nb_ctx->sp_ctx, in, inlen, rng,
-                    key->k, r, s, sign_k, key->heap);
+                    ecc_get_k(key), r, s, sign_k, key->heap);
             }
             #ifdef WC_ECC_NONBLOCK_ONLY
             do { /* perform blocking call to non-blocking function */
                 err = sp_ecc_sign_521_nb(&nb_ctx.sp_ctx, in, inlen, rng,
-                    key->k, r, s, sign_k, key->heap);
+                    ecc_get_k(key), r, s, sign_k, key->heap);
             } while (err == FP_WOULDBLOCK);
             return err;
             #endif
@@ -7008,8 +7214,8 @@ static int ecc_sign_hash_sp(const byte* in, word32 inlen, WC_RNG* rng,
             {
                 int ret;
                 SAVE_VECTOR_REGISTERS(return _svr_ret;);
-                ret = sp_ecc_sign_521(in, inlen, rng, key->k, r, s, sign_k,
-                                      key->heap);
+                ret = sp_ecc_sign_521(in, inlen, rng, ecc_get_k(key), r, s,
+                                      sign_k, key->heap);
                 RESTORE_VECTOR_REGISTERS();
                 return ret;
             }
@@ -7100,7 +7306,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
-       defined(WOLFSSL_ASYNC_CRYPT_SW)
+    defined(WOLFSSL_ASYNC_CRYPT_SW)
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
         if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_SIGN)) {
             WC_ASYNC_SW* sw = &key->asyncDev.sw;
@@ -7117,7 +7323,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 
 #if defined(WOLFSSL_HAVE_SP_ECC)
    err = ecc_sign_hash_sp(in, inlen, rng, key, r, s);
-   if (err != WC_KEY_SIZE_E) {
+   if (err != WC_NO_ERR_TRACE(WC_KEY_SIZE_E)) {
        return err;
    }
 #else
@@ -7232,7 +7438,8 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
            if (err == MP_OKAY)
                err = wc_mp_to_bigint_sz(e, &e->raw, keySz);
            if (err == MP_OKAY)
-               err = wc_mp_to_bigint_sz(key->k, &key->k->raw, keySz);
+               err = wc_mp_to_bigint_sz(ecc_get_k(key), &ecc_get_k(key)->raw,
+                  keySz);
            if (err == MP_OKAY)
                err = wc_ecc_gen_k(rng, key->dp->size, k, curve->order);
            if (err == MP_OKAY)
@@ -7240,14 +7447,15 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 
        #ifdef HAVE_CAVIUM_V
            if (err == MP_OKAY)
-               err = NitroxEcdsaSign(key, &e->raw, &key->k->raw, &k->raw,
-                &r->raw, &s->raw, &curve->prime->raw, &curve->order->raw);
+               err = NitroxEcdsaSign(key, &e->raw, &ecc_get_k(key)->raw,
+                  &k->raw, &r->raw, &s->raw, &curve->prime->raw,
+                  &curve->order->raw);
        #else
            if (err == MP_OKAY)
-               err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k->raw,
-                  &k->raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw,
-                  &curve->prime->raw, &curve->order->raw, &curve->Gx->raw,
-                  &curve->Gy->raw);
+               err = IntelQaEcdsaSign(&key->asyncDev, &e->raw,
+                  &ecc_get_k(key)->raw, &k->raw, &r->raw, &s->raw,
+                  &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw,
+                  &curve->order->raw, &curve->Gx->raw, &curve->Gy->raw);
        #endif
 
        #ifndef HAVE_CAVIUM_V
@@ -7310,9 +7518,9 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz,
     Hmac hmac;
     int  ret, init;
 
-    ret = init = wc_HmacInit(&hmac, heap, 0);
+    ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID);
     if (ret == 0)
-        ret = wc_HmacSetKey(&hmac, hashType, K, KSz);
+        ret = wc_HmacSetKey(&hmac, (int)hashType, K, KSz);
 
     if (ret == 0)
         ret = wc_HmacUpdate(&hmac, V, VSz);
@@ -7350,7 +7558,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
         void* heap)
 {
-    int ret = 0, qbits = 0;
+    int ret = 0;
 #ifndef WOLFSSL_SMALL_STACK
     byte h1[MAX_ECC_BYTES];
     byte V[WC_MAX_DIGEST_SIZE];
@@ -7366,6 +7574,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 #endif
     word32 xSz, VSz, KSz, h1len, qLen;
     byte intOct;
+    int qbits = 0;
 
     if (hash == NULL || k == NULL || order == NULL) {
         return BAD_FUNC_ARG;
@@ -7376,9 +7585,20 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         return BAD_FUNC_ARG;
     }
 
-    if (hashSz != WC_SHA256_DIGEST_SIZE) {
-        WOLFSSL_MSG("Currently only SHA256 digest is supported");
-        return BAD_FUNC_ARG;
+    /* if none is provided then detect has type based on hash size */
+    if (hashType == WC_HASH_TYPE_NONE) {
+        if (hashSz == 64) {
+            hashType = WC_HASH_TYPE_SHA512;
+        }
+        else if (hashSz == 48) {
+            hashType = WC_HASH_TYPE_SHA384;
+        }
+        else if (hashSz == 32) {
+            hashType = WC_HASH_TYPE_SHA256;
+        }
+        else {
+            return BAD_FUNC_ARG;
+        }
     }
 
     if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) {
@@ -7418,14 +7638,10 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 
     /* bail out if any error has been hit at this point */
     if (ret != 0) {
-        if (x != NULL)
-            XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        if (K != NULL)
-            XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
-        if (V != NULL)
-            XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
-        if (h1 != NULL)
-            XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
+        XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
+        XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
+        XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
         return ret;
     }
 #endif
@@ -7446,6 +7662,16 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen);
     #endif
         qbits = mp_count_bits(order);
+        if (qbits < 0)
+            ret = MP_VAL;
+    }
+
+    if (ret == 0) {
+         /* hash truncate if too long */
+        if (((WOLFSSL_BIT_SIZE) * hashSz) > (word32)qbits) {
+            /* calculate truncated hash size using bits rounded up byte */
+            hashSz = ((word32)qbits + (WOLFSSL_BIT_SIZE - 1)) / WOLFSSL_BIT_SIZE;
+        }
         ret = mp_read_unsigned_bin(z1, hash, hashSz);
     }
 
@@ -7467,7 +7693,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
                 ret = BUFFER_E;
             }
             else {
-                ret = mp_to_unsigned_bin_len(z1, h1, h1len);
+                ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len);
             }
         }
         else
@@ -7536,7 +7762,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
                 ret = mp_read_unsigned_bin(k, x, xSz);
             }
 
-            if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) {
+            if ((ret == 0) && ((xSz * WOLFSSL_BIT_SIZE) != (word32)qbits)) {
                 /* handle odd case where shift of 'k' is needed with RFC 6979
                  *  k = bits2int(T) in section 3.2 h.3 */
                 mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits);
@@ -7568,16 +7794,11 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 
     ForceZero(x, MAX_ECC_BYTES);
 #ifdef WOLFSSL_SMALL_STACK
-    if (z1 != NULL)
-        XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER);
-    if (x != NULL)
-        XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-    if (K != NULL)
-        XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
-    if (V != NULL)
-        XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
-    if (h1 != NULL)
-        XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
+    XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER);
+    XFREE(h1, heap, DYNAMIC_TYPE_DIGEST);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     wc_MemZero_Check(x, MAX_ECC_BYTES);
 #endif
@@ -7589,15 +7810,23 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
 /* Sets the deterministic flag for 'k' generation with sign.
  * returns 0 on success
  */
-int wc_ecc_set_deterministic(ecc_key* key, byte flag)
+int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag,
+                                enum wc_HashType hashType)
 {
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
     key->deterministic = flag ? 1 : 0;
+    key->hashType = hashType;
     return 0;
 }
+
+int wc_ecc_set_deterministic(ecc_key* key, byte flag)
+{
+    return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE);
+}
+
 #endif /* end sign_ex and deterministic sign */
 
 
@@ -7690,7 +7919,9 @@ int wc_ecc_free(ecc_key* key)
         return 0;
     }
 
-#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP)
+#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+    defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
 #ifndef WOLFSSL_NO_MALLOC
     if (key->sign_k != NULL)
 #endif
@@ -7719,6 +7950,9 @@ int wc_ecc_free(ecc_key* key)
 #endif
 
 #ifdef WOLFSSL_SE050
+#ifdef WOLFSSL_SE050_AUTO_ERASE
+    wc_se050_erase_object(key->keyId);
+#endif
     se050_ecc_free_key(key);
 #endif
 
@@ -7749,6 +7983,16 @@ int wc_ecc_free(ecc_key* key)
     if (key->k)
 #endif
         mp_forcezero(key->k);
+#ifdef WOLFSSL_ECC_BLIND_K
+#ifdef ALT_ECC_SIZE
+    if (key->kb)
+#endif
+        mp_forcezero(key->kb);
+#ifdef ALT_ECC_SIZE
+    if (key->ku)
+#endif
+        mp_forcezero(key->ku);
+#endif
 
 #ifdef WOLFSSL_CUSTOM_CURVES
     if (key->deallocSet && key->dp != NULL)
@@ -7764,7 +8008,9 @@ int wc_ecc_free(ecc_key* key)
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SP_MATH) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
+
 /* Handles add failure cases:
  *
  * Before add:
@@ -7878,8 +8124,11 @@ int ecc_projective_dbl_point_safe(ecc_point *P, ecc_point *R, mp_int* a,
 
     return err;
 }
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A
-          && !WOLFSSL_CRYPTOCELL && !WOLFSSL_SP_MATH */
+#endif /* !(WOLFSSL_ATECC508A) && !(WOLFSSL_ATECC608A) && \
+          !(WOLFSSL_CRYPTOCELL) && !(WOLFSSL_SP_MATH) && \
+          (!(WOLF_CRYPTO_CB_ONLY_ECC) || (WOLFSSL_QNX_CAAM) || \
+            (WOLFSSL_IMXRT1170_CAAM))
+        */
 
 #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) && \
     !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_CRYPTOCELL) && \
@@ -7985,12 +8234,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   /* allocate memory */
   tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
   if (tA == NULL) {
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
   tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
   if (tB == NULL) {
      XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 
@@ -7999,7 +8248,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   if (key == NULL) {
      XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER);
      XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 #ifdef WOLFSSL_SMALL_STACK
@@ -8011,7 +8260,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   #ifdef WOLFSSL_SMALL_STACK_CACHE
      XFREE(key, heap, DYNAMIC_TYPE_ECC_BUFFER);
   #endif
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 #ifdef WOLFSSL_SMALL_STACK_CACHE
@@ -8239,7 +8488,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
 
 
 #ifdef HAVE_ECC_VERIFY
-#ifndef NO_ASN
 /* verify
  *
  * w  = s^-1 mod n
@@ -8277,6 +8525,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 #ifdef WOLFSSL_ASYNC_CRYPT
     int isPrivateKeyOnly = 0;
 #endif
+#ifdef NO_ASN
+    word32 keySz;
+#endif
 
     if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
         return ECC_BAD_ARG_E;
@@ -8288,21 +8539,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     #endif
     {
         err = wc_CryptoCb_EccVerify(sig, siglen, hash, hashlen, res, key);
-        #ifndef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err != CRYPTOCB_UNAVAILABLE)
+        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return err;
         /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-        if (err == CRYPTOCB_UNAVAILABLE) {
-            err = NO_VALID_DEVID;
-        }
-        #endif
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
-
+#ifdef WOLF_CRYPTO_CB_ONLY_ECC
+    (void)siglen;
+    (void)hashlen;
+    (void)s;
+    (void)r;
+    (void)err;
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_ECC */
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
     err = wc_ecc_alloc_async(key);
     if (err != 0)
@@ -8310,18 +8560,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
     r = key->r;
     s = key->s;
 #else
-    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap,
+        DYNAMIC_TYPE_ECC);
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (r == NULL)
         return MEMORY_E;
-#endif
-    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
-#ifdef MP_INT_SIZE_CHECK_NULL
+    #endif
+    NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap,
+        DYNAMIC_TYPE_ECC);
+    #ifdef MP_INT_SIZE_CHECK_NULL
     if (s == NULL) {
         FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
         return MEMORY_E;
     }
-#endif
+    #endif
     err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
     if (err != 0) {
         FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
@@ -8344,6 +8596,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
             /* default to invalid signature */
             *res = 0;
 
+    #ifndef NO_ASN
             /* Decode ASN.1 ECDSA signature. */
         #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
             /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
@@ -8358,6 +8611,24 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
             if (err < 0) {
                 break;
             }
+    #else
+            /* No support for DSA ASN.1 header.
+             * Signature must be r+s directly. */
+            keySz = 0;
+            if (key->dp != NULL) {
+                keySz = (word32)key->dp->size;
+            }
+            if (siglen != keySz * 2) {
+                WOLFSSL_MSG("Error: ECDSA Verify raw signature size");
+                return WC_NO_ERR_TRACE(ECC_BAD_ARG_E);
+            }
+
+            /* Import signature into r,s */
+            mp_init(r);
+            mp_init(s);
+            mp_read_unsigned_bin(r, sig, keySz);
+            mp_read_unsigned_bin(s, sig + keySz, keySz);
+    #endif /* !NO_ASN */
             FALL_THROUGH;
 
         case ECC_STATE_VERIFY_DO:
@@ -8397,7 +8668,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* if async pending then return and skip done cleanup below */
-    if (err == WC_PENDING_E) {
+    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
         if (!isPrivateKeyOnly) /* do not advance state if doing make pub key */
             key->state++;
         return err;
@@ -8414,17 +8685,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
     /* make sure required variables are reset */
     wc_ecc_reset(key);
-#else
-    (void)siglen;
-    (void)hashlen;
-    (void)s;
-    (void)r;
-    (void)err;
-#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
-
     return err;
+#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
 }
-#endif /* !NO_ASN */
 
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 
@@ -8635,9 +8898,12 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #endif
    mp_int*    e;
    mp_int*    v = NULL;      /* Will be w. */
+#if defined(WOLFSSL_CHECK_VER_FAULTS) && defined(WOLFSSL_NO_MALLOC)
+   mp_int     u1tmp[1];
+   mp_int     u2tmp[1];
+#endif
    mp_int*    u1 = NULL;     /* Will be e. */
    mp_int*    u2 = NULL;     /* Will be w. */
-
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V)
    err = wc_ecc_alloc_mpint(key, &key->e);
    if (err != 0) {
@@ -8725,13 +8991,33 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #endif
 
    if (err == MP_OKAY) {
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    #ifndef WOLFSSL_NO_MALLOC
+        u1 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
+        u2 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
+       if (u1 == NULL || u2 == NULL)
+            err = MEMORY_E;
+    #else
+        u1 = u1tmp;
+        u2 = u2tmp;
+    #endif
+#else
        u1 = e;
        u2 = w;
+#endif
        v = w;
    }
    if (err == MP_OKAY) {
        err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+   if (err == MP_OKAY) {
+       err = INIT_MP_INT_SIZE(u1, ECC_KEY_MAX_BITS_NONULLCHECK(key));
+   }
+   if (err == MP_OKAY) {
+       err = INIT_MP_INT_SIZE(u2, ECC_KEY_MAX_BITS_NONULLCHECK(key));
+   }
+#endif
 
    /* allocate points */
    if (err == MP_OKAY) {
@@ -8755,10 +9041,22 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    if (err == MP_OKAY)
        err = mp_mulmod(e, w, curve->order, u1);
 
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (err == MP_OKAY && mp_iszero(e) != MP_YES && mp_cmp(u1, e) == MP_EQ) {
+        err = BAD_STATE_E;
+    }
+#endif
+
    /* u2 = rw */
    if (err == MP_OKAY)
        err = mp_mulmod(r, w, curve->order, u2);
 
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (err == MP_OKAY && mp_cmp(u2, w) == MP_EQ) {
+        err = BAD_STATE_E;
+    }
+#endif
+
    /* find mG and mQ */
    if (err == MP_OKAY)
        err = mp_copy(curve->Gx, mG->x);
@@ -8786,16 +9084,35 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #ifndef ECC_SHAMIR
     if (err == MP_OKAY)
     {
+     #ifdef WOLFSSL_CHECK_VER_FAULTS
+        ecc_point mG1, mQ1;
+        wc_ecc_copy_point(mQ, &mQ1);
+        wc_ecc_copy_point(mG, &mG1);
+     #endif
+
         mp_digit mp = 0;
 
         if (!mp_iszero((MP_INT_SIZE*)u1)) {
             /* compute u1*mG + u2*mQ = mG */
             err = wc_ecc_mulmod_ex(u1, mG, mG, curve->Af, curve->prime, 0,
                                                                      key->heap);
+        #ifdef WOLFSSL_CHECK_VER_FAULTS
+            if (err == MP_OKAY && wc_ecc_cmp_point(mG, &mG1) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+
+            /* store new value for comparing with after add operation */
+           wc_ecc_copy_point(mG, &mG1);
+        #endif
             if (err == MP_OKAY) {
                 err = wc_ecc_mulmod_ex(u2, mQ, mQ, curve->Af, curve->prime, 0,
                                                                      key->heap);
             }
+        #ifdef WOLFSSL_CHECK_VER_FAULTS
+            if (err == MP_OKAY && wc_ecc_cmp_point(mQ, &mQ1) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+        #endif
 
             /* find the montgomery mp */
             if (err == MP_OKAY)
@@ -8805,6 +9122,14 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
             if (err == MP_OKAY)
                 err = ecc_projective_add_point_safe(mQ, mG, mG, curve->Af,
                                                         curve->prime, mp, NULL);
+        #ifdef WOLFSSL_CHECK_VER_FAULTS
+            if (err == MP_OKAY && wc_ecc_cmp_point(mG, &mG1) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+            if (err == MP_OKAY && wc_ecc_cmp_point(mG, mQ) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+        #endif
         }
         else {
             /* compute 0*mG + u2*mQ = mG */
@@ -8827,6 +9152,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
     }
 #endif /* ECC_SHAMIR */
 #endif /* FREESCALE_LTC_ECC */
+
    /* v = X_x1 mod n */
    if (err == MP_OKAY)
        err = mp_mod(mG->x, curve->order, v);
@@ -8835,6 +9161,11 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    if (err == MP_OKAY) {
        if (mp_cmp(v, r) == MP_EQ)
            *res = 1;
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+       /* redundant comparison as sanity check that first one happened */
+       if (*res == 1 && mp_cmp(r, v) != MP_EQ)
+           *res = 0;
+#endif
    }
 
    /* cleanup */
@@ -8844,6 +9175,14 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    mp_clear(e);
    mp_clear(w);
    FREE_MP_INT_SIZE(w, key->heap, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+   mp_clear(u1);
+   mp_clear(u2);
+#ifndef WOLFSSL_NO_MALLOC
+   XFREE(u1, key->heap, DYNAMIC_TYPE_ECC);
+   XFREE(u2, key->heap, DYNAMIC_TYPE_ECC);
+#endif
+#endif
 #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
    FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC);
 #endif
@@ -8889,6 +9228,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
    byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
    byte hashcopy[ECC_MAX_CRYPTO_HW_SIZE] = {0};
+#elif defined(WOLFSSL_SE050)
 #else
    int curveLoaded = 0;
    DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT);
@@ -8913,7 +9253,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
    keySz = (word32)key->dp->size;
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
-       defined(WOLFSSL_ASYNC_CRYPT_SW)
+    defined(WOLFSSL_ASYNC_CRYPT_SW)
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
         if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_VERIFY)) {
             WC_ASYNC_SW* sw = &key->asyncDev.sw;
@@ -9046,7 +9386,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
   }
 
   err = ecc_verify_hash_sp(r, s, hash, hashlen, res, key);
-  if (err != NOT_COMPILED_IN) {
+  if (err != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
       if (curveLoaded) {
            wc_ecc_curve_free(curve);
            FREE_CURVE_SPECS();
@@ -9056,7 +9396,6 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 
 #if !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC)
    if (!curveLoaded) {
-       err = 0; /* potential for NOT_COMPILED_IN error from SP attempt */
        ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT, err);
        if (err != 0) {
           return err;
@@ -9290,12 +9629,8 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
             }
 
         #ifdef WOLFSSL_SMALL_STACK
-            if (t1 != NULL) {
-                XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
-            }
-            if (t2 != NULL) {
-                XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
-            }
+            XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
+            XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
         #endif
 
             wc_ecc_curve_free(curve);
@@ -9372,7 +9707,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
     /* return length needed only */
     if (point != NULL && out == NULL && outLen != NULL) {
         *outLen = 1 + 2*numlen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (point == NULL || out == NULL || outLen == NULL)
@@ -9448,7 +9783,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
     /* return length needed only */
     if (point != NULL && out == NULL && outLen != NULL) {
         *outLen = output_len;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (point == NULL || out == NULL || outLen == NULL)
@@ -9512,7 +9847,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
       /* if key hasn't been setup assume max bytes for size estimation */
       numlen = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES;
       *outLen = 1 + 2 * numlen;
-      return LENGTH_ONLY_E;
+      return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
    }
 
    if (key == NULL || out == NULL || outLen == NULL)
@@ -9611,7 +9946,9 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
+    !defined(WOLFSSL_STM32_PKA) && \
+    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
+      defined(WOLFSSL_IMXRT1170_CAAM))
 
 /* is ecc point on curve described by dp ? */
 static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@@ -9812,6 +10149,10 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
         return BAD_FUNC_ARG;
 
     ALLOC_CURVE_SPECS(3, err);
+    if (err != MP_OKAY) {
+        WOLFSSL_MSG("ALLOC_CURVE_SPECS failed");
+        return err;
+    }
 
 #ifdef WOLFSSL_NO_MALLOC
     res = &lcl_res;
@@ -9822,7 +10163,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
 #ifndef WOLFSSL_SP_NO_256
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
         if (err == MP_OKAY) {
-            err = sp_ecc_mulmod_base_256(key->k, res, 1, key->heap);
+            err = sp_ecc_mulmod_base_256(ecc_get_k(key), res, 1, key->heap);
         }
     }
     else
@@ -9830,7 +10171,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SM2P256V1) {
         if (err == MP_OKAY) {
-            err = sp_ecc_mulmod_base_sm2_256(key->k, res, 1, key->heap);
+            err = sp_ecc_mulmod_base_sm2_256(ecc_get_k(key), res, 1, key->heap);
         }
     }
     else
@@ -9838,7 +10179,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
 #ifdef WOLFSSL_SP_384
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) {
         if (err == MP_OKAY) {
-            err = sp_ecc_mulmod_base_384(key->k, res, 1, key->heap);
+            err = sp_ecc_mulmod_base_384(ecc_get_k(key), res, 1, key->heap);
         }
     }
     else
@@ -9846,7 +10187,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
 #ifdef WOLFSSL_SP_521
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) {
         if (err == MP_OKAY) {
-            err = sp_ecc_mulmod_base_521(key->k, res, 1, key->heap);
+            err = sp_ecc_mulmod_base_521(ecc_get_k(key), res, 1, key->heap);
         }
     }
     else
@@ -9899,12 +10240,12 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
 #else
 #ifdef ECC_TIMING_RESISTANT
         if (err == MP_OKAY)
-            err = wc_ecc_mulmod_ex2(key->k, base, res, a, prime, curve->order,
-                                                        key->rng, 1, key->heap);
+            err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, res, a, prime,
+                                          curve->order, key->rng, 1, key->heap);
 #else
         if (err == MP_OKAY)
-            err = wc_ecc_mulmod_ex2(key->k, base, res, a, prime, curve->order,
-                                                            NULL, 1, key->heap);
+            err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, res, a, prime,
+                                              curve->order, NULL, 1, key->heap);
 #endif
 #endif /* WOLFSSL_KCAPI_ECC */
     }
@@ -9953,7 +10294,6 @@ static int ecc_check_privkey_gen_helper(ecc_key* key)
     /* Hardware based private key, so this operation is not supported */
     err = MP_OKAY; /* just report success */
 #else
-    err = MP_OKAY;
     ALLOC_CURVE_SPECS(2, err);
 
     /* load curve info */
@@ -9988,23 +10328,32 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
     }
 
     if (!err && (flags & WC_ECC_FLAG_DEC_SIGN)) {
+#ifndef WOLFSSL_SMALL_STACK
+        #define SIG_SZ ((MAX_ECC_BYTES * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)
+        byte sig[SIG_SZ + WC_SHA256_DIGEST_SIZE];
+#else
         byte* sig;
+#endif
         byte* digest;
         word32 sigLen, digestLen;
         int dynRng = 0, res = 0;
 
         sigLen = (word32)wc_ecc_sig_size(key);
         digestLen = WC_SHA256_DIGEST_SIZE;
-        sig = (byte*)XMALLOC(sigLen + digestLen, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+        sig = (byte*)XMALLOC(sigLen + digestLen, key->heap, DYNAMIC_TYPE_ECC);
         if (sig == NULL)
             return MEMORY_E;
+#endif
         digest = sig + sigLen;
 
         if (rng == NULL) {
             dynRng = 1;
-            rng = wc_rng_new(NULL, 0, NULL);
+            rng = wc_rng_new(NULL, 0, key->heap);
             if (rng == NULL) {
-                XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+                XFREE(sig, key->heap, DYNAMIC_TYPE_ECC);
+#endif
                 return MEMORY_E;
             }
         }
@@ -10025,7 +10374,9 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
             wc_rng_free(rng);
         }
         ForceZero(sig, sigLen + digestLen);
-        XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(sig, key->heap, DYNAMIC_TYPE_ECC);
+#endif
     }
     (void)rng;
 
@@ -10110,7 +10461,11 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
 }
 #endif /* !WOLFSSL_SP_MATH */
 
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL*/
+#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A &&
+          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 && !WOLFSSL_STM32_PKA &&
+          (!WOLF_CRYPTO_CB_ONLY_ECC || WOLFSSL_QNX_CAAM ||
+            WOLFSSL_IMXRT1170_CAAM)
+       */
 
 #ifdef OPENSSL_EXTRA
 int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
@@ -10150,11 +10505,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
 static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 {
     int err = MP_OKAY;
-#ifndef WOLFSSL_SP_MATH
-#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
-    !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
+#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
     mp_int* b = NULL;
     #ifdef USE_ECC_B_PARAM
         DECLARE_CURVE_SPECS(4);
@@ -10164,9 +10515,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
         #endif
         DECLARE_CURVE_SPECS(3);
     #endif /* USE_ECC_B_PARAM */
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A &&
-          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SILABS_SE_ACCEL && !WOLFSSL_SE050 */
-#endif /* !WOLFSSL_SP_MATH */
+#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
 
     ASSERT_SAVED_VECTOR_REGISTERS();
 
@@ -10177,31 +10526,31 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 #ifndef WOLFSSL_SP_NO_256
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
         return sp_ecc_check_key_256(key->pubkey.x, key->pubkey.y,
-            key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap);
+            key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap);
     }
 #endif
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2)
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SM2P256V1) {
         return sp_ecc_check_key_sm2_256(key->pubkey.x, key->pubkey.y,
-            key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap);
+            key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap);
     }
 #endif
 #ifdef WOLFSSL_SP_384
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) {
         return sp_ecc_check_key_384(key->pubkey.x, key->pubkey.y,
-            key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap);
+            key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap);
     }
 #endif
 #ifdef WOLFSSL_SP_521
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP521R1) {
         return sp_ecc_check_key_521(key->pubkey.x, key->pubkey.y,
-            key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap);
+            key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap);
     }
 #endif
 #if defined(WOLFSSL_SP_1024) && defined(WOLFCRYPT_HAVE_SAKKE)
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SAKKE_1) {
         return sp_ecc_check_key_1024(key->pubkey.x, key->pubkey.y,
-            key->type == ECC_PRIVATEKEY ? key->k : NULL, key->heap);
+            key->type == ECC_PRIVATEKEY ? ecc_get_k(key) : NULL, key->heap);
     }
 #endif
 #endif
@@ -10211,7 +10560,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
     /* consider key check success on HW crypto
      * ex: ATECC508/608A, CryptoCell and Silabs
      *
-     * consider key check success on Crypt Cb
+     * consider key check success on most Crypt Cb only builds
      */
     err = MP_OKAY;
 
@@ -10312,8 +10661,8 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
         /* SP 800-56Ar3, section 5.6.2.1.2 */
         /* private keys must be in the range [1, n-1] */
         if ((err == MP_OKAY) && (key->type == ECC_PRIVATEKEY) &&
-            (mp_iszero(key->k) || mp_isneg(key->k) ||
-            (mp_cmp(key->k, curve->order) != MP_LT))
+            (mp_iszero(ecc_get_k(key)) || mp_isneg(ecc_get_k(key)) ||
+            (mp_cmp(ecc_get_k(key), curve->order) != MP_LT))
         #ifdef WOLFSSL_KCAPI_ECC
             && key->handle == NULL
         #endif
@@ -10398,12 +10747,26 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
         alt_fp_init(key->pubkey.z);
         key->k = (mp_int*)key->ka;
         alt_fp_init(key->k);
+    #ifdef WOLFSSL_ECC_BLIND_K
+        key->kb = (mp_int*)key->kba;
+        key->ku = (mp_int*)key->kua;
+        alt_fp_init(key->kb);
+        alt_fp_init(key->ku);
+    #endif
     #else
-        err = mp_init_multi(key->k,
-                    key->pubkey.x, key->pubkey.y, key->pubkey.z, NULL, NULL);
+        err = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z,
+    #ifndef WOLFSSL_ECC_BLIND_K
+                                                                      NULL, NULL
+    #else
+                                                                key->kb, key->ku
+    #endif
+                            );
     #endif
     if (err != MP_OKAY)
         return MEMORY_E;
+#ifdef WOLFSSL_ECC_BLIND_K
+    mp_forcezero(key->kb);
+#endif
 
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
@@ -10447,6 +10810,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
 
         /* determine key size */
         keysize = (int)(inLen>>1);
+        /* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only
+         *       on created keys or signatures */
         err = wc_ecc_set_curve(key, keysize, curve_id);
         key->type = ECC_PUBLICKEY;
     }
@@ -10545,12 +10910,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
             mp_clear(t1);
         }
     #ifdef WOLFSSL_SMALL_STACK
-        if (t1 != NULL) {
-            XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (t2 != NULL) {
-            XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT);
     #endif
 
         wc_ecc_curve_free(curve);
@@ -10710,7 +11071,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
                 return BUFFER_E;
             }
 
-            err = wc_export_int(key->k, d, dLen, keySz + WC_CAAM_MAC_SZ,
+            err = wc_export_int(ecc_get_k(key), d, dLen, keySz + WC_CAAM_MAC_SZ,
                 encType);
             *dLen = keySz + WC_CAAM_MAC_SZ;
         }
@@ -10732,7 +11093,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
         else
     #endif
         {
-            err = wc_export_int(key->k, d, dLen, keySz, encType);
+            err = wc_export_int(ecc_get_k(key), d, dLen, keySz, encType);
             if (err != MP_OKAY)
                 return err;
         }
@@ -10841,6 +11202,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
         wc_ecc_reset(key);
 
         /* set key size */
+        /* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only
+         *       on created keys or signatures */
         ret = wc_ecc_set_curve(key, (int)privSz, curve_id);
         key->type = ECC_PRIVATEKEY_ONLY;
     }
@@ -10865,6 +11228,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
         }
 
         ret = mp_read_unsigned_bin(key->k, priv, privSz);
+    #ifdef WOLFSSL_ECC_BLIND_K
+        if (ret == MP_OKAY) {
+            err = ecc_blind_k_rng(key, NULL);
+        }
+    #endif
     }
 #elif defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
     if ((wc_ecc_size(key) + WC_CAAM_MAC_SZ) == (int)privSz) {
@@ -10896,11 +11264,21 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
     #else
         key->blackKey = CAAM_BLACK_KEY_CCM;
         ret = mp_read_unsigned_bin(key->k, priv, privSz);
+    #ifdef WOLFSSL_ECC_BLIND_K
+        if (ret == MP_OKAY) {
+            err = ecc_blind_k_rng(key, NULL);
+        }
+    #endif
     #endif
     }
     else {
         key->blackKey = 0;
         ret = mp_read_unsigned_bin(key->k, priv, privSz);
+    #ifdef WOLFSSL_ECC_BLIND_K
+        if (ret == MP_OKAY) {
+            err = ecc_blind_k_rng(key, NULL);
+        }
+    #endif
 
         /* If using AES-ECB encrypted black keys check here if key is valid,
          * if not valid than assume is an encrypted key. A public key is needed
@@ -10929,8 +11307,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
 
     ret = mp_read_unsigned_bin(key->k, priv, privSz);
 #ifdef HAVE_WOLF_BIGINT
-    if (ret == 0 &&
-                  wc_bigint_from_unsigned_bin(&key->k->raw, priv, privSz) != 0) {
+    if (ret == 0 && wc_bigint_from_unsigned_bin(&key->k->raw, priv,
+                                                                 privSz) != 0) {
         mp_clear(key->k);
         ret = ASN_GETINT_E;
     }
@@ -10972,6 +11350,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
     #endif
     }
 #endif /* WOLFSSL_VALIDATE_ECC_IMPORT */
+#ifdef WOLFSSL_ECC_BLIND_K
+    if (ret == 0) {
+        ret = ecc_blind_k_rng(key, NULL);
+    }
+#endif
 
 #endif /* WOLFSSL_CRYPTOCELL */
 
@@ -10987,7 +11370,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
 #endif
 
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
-    if (ret == 0) {
+    if ((ret == 0) && (key->devId != INVALID_DEVID)) {
         ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
     }
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
@@ -11147,6 +11530,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
     wc_ecc_reset(key);
 
     /* set curve type and index */
+    /* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only
+     *       on created keys or signatures */
     err = wc_ecc_set_curve(key, 0, curve_id);
     if (err != 0) {
         return err;
@@ -11162,12 +11547,26 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
     alt_fp_init(key->pubkey.z);
     key->k = (mp_int*)key->ka;
     alt_fp_init(key->k);
+#ifdef WOLFSSL_ECC_BLIND_K
+    key->kb = (mp_int*)key->kba;
+    key->ku = (mp_int*)key->kua;
+    alt_fp_init(key->kb);
+    alt_fp_init(key->ku);
+#endif
 #else
     err = mp_init_multi(key->k, key->pubkey.x, key->pubkey.y, key->pubkey.z,
-                                                                  NULL, NULL);
+#ifndef WOLFSSL_ECC_BLIND_K
+                                                                      NULL, NULL
+#else
+                                                                key->kb, key->ku
+#endif
+                        );
 #endif
     if (err != MP_OKAY)
         return MEMORY_E;
+#ifdef WOLFSSL_ECC_BLIND_K
+    mp_forcezero(key->kb);
+#endif
 
     /* read Qx */
     if (err == MP_OKAY) {
@@ -11314,6 +11713,11 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
                 err = wc_export_int(key->k, &keyRaw[0], &keySz, keySz,
                     WC_TYPE_UNSIGNED_BIN);
             }
+        #ifdef WOLFSSL_ECC_BLIND_K
+            if (err == 0) {
+                err = ecc_blind_k_rng(key, NULL);
+            }
+        #endif
 
             if (err == MP_OKAY) {
                 /* Create private key from external key buffer*/
@@ -11345,12 +11749,17 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
                         (word32)key->dp->size);
                 }
             }
+        #ifdef WOLFSSL_ECC_BLIND_K
+            if (err == 0) {
+                err = ecc_blind_k_rng(key, NULL);
+            }
+        #endif
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
             if (err == MP_OKAY) {
                 const word32 key_size = key->dp->size;
                 word32 buf_size = key_size;
-                err = wc_export_int(key->k, key->privKey,
-                                    &buf_size, key_size, WC_TYPE_UNSIGNED_BIN);
+                err = wc_export_int(key, key->privKey, &buf_size, key_size,
+                                    WC_TYPE_UNSIGNED_BIN);
                 mp_reverse(key->privKey, key_size);
             }
 #endif
@@ -11368,7 +11777,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
 #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
     if (err == MP_OKAY) {
         err = wc_ecc_check_key(key);
-        if (err == IS_POINT_E && (mp_iszero(key->pubkey.x) ||
+        if (err == WC_NO_ERR_TRACE(IS_POINT_E) && (mp_iszero(key->pubkey.x) ||
                                   mp_iszero(key->pubkey.y))) {
             err = BAD_FUNC_ARG;
         }
@@ -11586,8 +11995,10 @@ typedef struct {
 static THREAD_LS_T fp_cache_t fp_cache[FP_ENTRIES];
 
 #ifndef HAVE_THREAD_LS
+    static wolfSSL_Mutex ecc_fp_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_fp_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initMutex = 0;  /* prevent multiple mutex inits */
-    static wolfSSL_Mutex ecc_fp_lock;
+#endif
 #endif /* HAVE_THREAD_LS */
 
 /* simple table to help direct the generation of the LUT */
@@ -12124,6 +12535,9 @@ static const struct {
 /* find a hole and free as required, return -1 if no hole found */
 static int find_hole(void)
 {
+#ifdef WOLFSSL_NO_MALLOC
+   return -1;
+#else
    int      x, y, z;
    for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) {
        if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) {
@@ -12152,6 +12566,7 @@ static int find_hole(void)
       fp_cache[z].lru_count = 0;
    }
    return z;
+#endif /* !WOLFSSL_NO_MALLOC */
 }
 
 /* determine if a base is already in the cache and if so, where */
@@ -12180,7 +12595,7 @@ static int add_entry(int idx, ecc_point *g)
    /* allocate base and LUT */
    fp_cache[idx].g = wc_ecc_new_point();
    if (fp_cache[idx].g == NULL) {
-      return GEN_MEM_ERR;
+      return MP_MEM;
    }
 
    /* copy x and y */
@@ -12189,7 +12604,7 @@ static int add_entry(int idx, ecc_point *g)
        (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
       wc_ecc_del_point(fp_cache[idx].g);
       fp_cache[idx].g = NULL;
-      return GEN_MEM_ERR;
+      return MP_MEM;
    }
 
    for (x = 0; x < (1U<<FP_LUT); x++) {
@@ -12202,7 +12617,7 @@ static int add_entry(int idx, ecc_point *g)
          wc_ecc_del_point(fp_cache[idx].g);
          fp_cache[idx].g         = NULL;
          fp_cache[idx].lru_count = 0;
-         return GEN_MEM_ERR;
+         return MP_MEM;
       }
    }
 
@@ -12238,7 +12653,7 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
 
    err = mp_init(tmp);
    if (err != MP_OKAY) {
-       err = GEN_MEM_ERR;
+       err = MP_MEM;
        goto errout;
    }
 
@@ -12275,20 +12690,22 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
 
    /* make all single bit entries */
    for (x = 1; x < FP_LUT; x++) {
-      if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x,
-                   fp_cache[idx].LUT[1<<x]->x) != MP_OKAY) ||
-          (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y,
-                   fp_cache[idx].LUT[1<<x]->y) != MP_OKAY) ||
-          (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z,
-                   fp_cache[idx].LUT[1<<x]->z) != MP_OKAY)){
+      if ((mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->x,
+                   fp_cache[idx].LUT[(unsigned int)(1 <<  x   )]->x) != MP_OKAY) ||
+          (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->y,
+                   fp_cache[idx].LUT[(unsigned int)(1 <<  x   )]->y) != MP_OKAY) ||
+          (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->z,
+                   fp_cache[idx].LUT[(unsigned int)(1 <<  x   )]->z) != MP_OKAY)) {
           err = MP_INIT_E;
           goto errout;
       } else {
 
          /* now double it bitlen/FP_LUT times */
          for (y = 0; y < lut_gap; y++) {
-             if ((err = ecc_projective_dbl_point_safe(fp_cache[idx].LUT[1<<x],
-                            fp_cache[idx].LUT[1<<x], a, modulus, mp)) != MP_OKAY) {
+             if ((err = ecc_projective_dbl_point_safe(
+                                      fp_cache[idx].LUT[(unsigned int)(1<<x)],
+                                      fp_cache[idx].LUT[(unsigned int)(1<<x)],
+                                      a, modulus, mp)) != MP_OKAY) {
                  goto errout;
              }
          }
@@ -12491,7 +12908,7 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a,
              by x bits from the start */
           bitpos = (unsigned)x;
           for (y = z = 0; y < FP_LUT; y++) {
-             z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y;
+             z |= (((word32)kb[bitpos>>3U] >> (bitpos&7U)) & 1U) << y;
              bitpos += lut_gap;  /* it's y*lut_gap + x, but here we can avoid
                                     the mult in each loop */
           }
@@ -12514,7 +12931,7 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a,
              if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != MP_OKAY) ||
                  (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != MP_OKAY) ||
                  (mp_copy(&fp_cache[idx].mu,       R->z) != MP_OKAY)) {
-                 err = GEN_MEM_ERR;
+                 err = MP_MEM;
                  break;
              }
              first = 0;
@@ -12744,8 +13161,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
              offset by x bits from the start */
           bitpos = (unsigned)x;
           for (y = zA = zB = 0; y < FP_LUT; y++) {
-             zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y;
-             zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y;
+             zA |= (((word32)kb[0][bitpos>>3U] >> (bitpos&7U)) & 1U) << y;
+             zB |= (((word32)kb[1][bitpos>>3U] >> (bitpos&7U)) & 1U) << y;
              bitpos += lut_gap;    /* it's y*lut_gap + x, but here we can avoid
                                       the mult in each loop */
           }
@@ -12778,7 +13195,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
                  if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != MP_OKAY) ||
                      (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != MP_OKAY) ||
                      (mp_copy(&fp_cache[idx1].mu,        R->z) != MP_OKAY)) {
-                     err = GEN_MEM_ERR;
+                     err = MP_MEM;
                      break;
                  }
                     first = 0;
@@ -12793,7 +13210,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
                  if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) ||
                      (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != MP_OKAY) ||
                      (mp_copy(&fp_cache[idx2].mu,        R->z) != MP_OKAY)) {
-                     err = GEN_MEM_ERR;
+                     err = MP_MEM;
                      break;
                  }
                     first = 0;
@@ -12855,7 +13272,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
                 ecc_point* C, mp_int* a, mp_int* modulus, void* heap)
 {
    int  idx1 = -1, idx2 = -1, err, mpInit = 0;
-   mp_digit mp;
+   mp_digit mp = 0;
 #ifdef WOLFSSL_SMALL_STACK
    mp_int   *mu = (mp_int *)XMALLOC(sizeof *mu, NULL, DYNAMIC_TYPE_ECC_BUFFER);
 
@@ -12874,10 +13291,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
    }
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) != 0) {
 #ifdef WOLFSSL_SMALL_STACK
@@ -13001,7 +13420,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 {
 #if !defined(WOLFSSL_SP_MATH)
    int   idx, err = MP_OKAY;
-   mp_digit mp;
+   mp_digit mp = 0;
 #ifdef WOLFSSL_SMALL_STACK
    mp_int   *mu = NULL;
 #else
@@ -13032,10 +13451,12 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
    }
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) != 0) {
       err = BAD_MUTEX_E;
@@ -13175,7 +13596,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 {
 #if !defined(WOLFSSL_SP_MATH)
    int   idx, err = MP_OKAY;
-   mp_digit mp;
+   mp_digit mp = 0;
 #ifdef WOLFSSL_SMALL_STACK
    mp_int   *mu = NULL;
 #else
@@ -13207,10 +13628,12 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
    }
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) != 0) {
       err = BAD_MUTEX_E;
@@ -13367,12 +13790,14 @@ void wc_ecc_fp_init(void)
 {
 #ifndef WOLFSSL_SP_MATH
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) {
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
 #endif
 #endif
+#endif
 }
 
 
@@ -13382,10 +13807,12 @@ void wc_ecc_fp_free(void)
 {
 #if !defined(WOLFSSL_SP_MATH)
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
    if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */
         wc_InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
+#endif
 
    if (wc_LockMutex(&ecc_fp_lock) == 0) {
 #endif /* HAVE_THREAD_LS */
@@ -13394,8 +13821,10 @@ void wc_ecc_fp_free(void)
 
 #ifndef HAVE_THREAD_LS
        wc_UnLockMutex(&ecc_fp_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
        wc_FreeMutex(&ecc_fp_lock);
        initMutex = 0;
+#endif
    }
 #endif /* HAVE_THREAD_LS */
 #endif
@@ -13576,31 +14005,69 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
  *
  * @param  [in, out]  ctx   ECIES context object.
  * @param  [in]       salt  Salt to use with KDF.
- * @param  [in]       len   Length of salt in bytes.
+ * @param  [in]       sz    Length of salt in bytes.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0.
  */
-int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 len)
+int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz)
 {
-    if (ctx == NULL || (salt == NULL && len != 0))
+    if (ctx == NULL || (salt == NULL && sz != 0))
         return BAD_FUNC_ARG;
 
-    ctx->kdfSalt   = salt;
-    ctx->kdfSaltSz = len;
+    /* truncate salt if exceeds max */
+    if (sz > EXCHANGE_SALT_SZ)
+        sz = EXCHANGE_SALT_SZ;
 
+    /* using a custom kdf salt, so borrow clientSalt/serverSalt for it,
+     * since wc_ecc_ctx_set_peer_salt will set kdf and mac salts */
     if (ctx->protocol == REQ_RESP_CLIENT) {
         ctx->cliSt = ecCLI_SALT_SET;
+        ctx->kdfSalt = ctx->clientSalt;
     }
     else if (ctx->protocol == REQ_RESP_SERVER) {
         ctx->srvSt = ecSRV_SALT_SET;
+        ctx->kdfSalt = ctx->serverSalt;
     }
 
+    if (salt != NULL) {
+        XMEMCPY((byte*)ctx->kdfSalt, salt, sz);
+    }
+    ctx->kdfSaltSz = sz;
+
     return 0;
 }
 
+/* Set your own salt. By default we generate a random salt for ourselves.
+ * This allows overriding that after init or reset.
+ *
+ * @param  [in, out]  ctx   ECIES context object.
+ * @param  [in]       salt  Salt to use for ourselves
+ * @param  [in]       sz    Length of salt in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx is NULL or salt is NULL and len is not 0.
+ */
+int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, word32 sz)
+{
+    byte* saltBuffer;
+
+    if (ctx == NULL || ctx->protocol == 0 || salt == NULL)
+        return BAD_FUNC_ARG;
+
+    if (sz > EXCHANGE_SALT_SZ)
+        sz = EXCHANGE_SALT_SZ;
+    saltBuffer = (ctx->protocol == REQ_RESP_CLIENT) ?
+        ctx->clientSalt :
+        ctx->serverSalt;
+    XMEMSET(saltBuffer, 0, EXCHANGE_SALT_SZ);
+    XMEMCPY(saltBuffer, salt, sz);
+
+    return 0;
+}
+
+
 static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags)
 {
-    byte* saltBuffer = NULL;
+    byte* saltBuffer;
 
     if (ctx == NULL || flags == 0)
         return BAD_FUNC_ARG;
@@ -13610,7 +14077,6 @@ static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags)
     return wc_RNG_GenerateBlock(ctx->rng, saltBuffer, EXCHANGE_SALT_SZ);
 }
 
-
 static void ecc_ctx_init(ecEncCtx* ctx, int flags, WC_RNG* rng)
 {
     if (ctx) {
@@ -13706,12 +14172,12 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
             case ecAES_128_CBC:
                 *encKeySz = KEY_SIZE_128;
                 *ivSz     = IV_SIZE_128;
-                *blockSz  = AES_BLOCK_SIZE;
+                *blockSz  = WC_AES_BLOCK_SIZE;
                 break;
             case ecAES_256_CBC:
                 *encKeySz = KEY_SIZE_256;
                 *ivSz     = IV_SIZE_128;
-                *blockSz  = AES_BLOCK_SIZE;
+                *blockSz  = WC_AES_BLOCK_SIZE;
                 break;
         #endif
         #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
@@ -13903,7 +14369,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                                                                      &sharedSz);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
 
     if (ret == 0) {
     #ifdef WOLFSSL_ECIES_ISO18033
@@ -14008,7 +14474,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
             case ecAES_256_CTR:
             {
         #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
-                byte ctr_iv[AES_BLOCK_SIZE];
+                byte ctr_iv[WC_AES_BLOCK_SIZE];
             #ifndef WOLFSSL_SMALL_STACK
                 Aes aes[1];
             #else
@@ -14023,7 +14489,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                 /* Include 4 byte counter starting at all zeros. */
                 XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE);
                 XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0,
-                    AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
+                    WC_AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
 
                 ret = wc_AesInit(aes, NULL, INVALID_DEVID);
                 if (ret == 0) {
@@ -14322,7 +14788,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
             ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret +
                                                           pubKeySz, &sharedSz);
         #endif
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
     if (ret == 0) {
     #ifdef WOLFSSL_ECIES_ISO18033
@@ -14414,8 +14880,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                     if (ret == 0)
                         ret = wc_HmacFinal(hmac, verify);
                     if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz,
-                                                              digestSz) != 0)) {
-                        ret = -1;
+                                                             digestSz) != 0)) {
+                        ret = HASH_TYPE_E;
+                        WOLFSSL_MSG("ECC Decrypt HMAC Check failed!");
                     }
 
                     wc_HmacFree(hmac);
@@ -14484,11 +14951,11 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
              #endif
                 ret = wc_AesInit(aes, NULL, INVALID_DEVID);
                 if (ret == 0) {
-                    byte ctr_iv[AES_BLOCK_SIZE];
+                    byte ctr_iv[WC_AES_BLOCK_SIZE];
                     /* Make a 16 byte IV from the bytes passed in. */
                     XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE);
                     XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0,
-                        AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
+                        WC_AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
                     ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, ctr_iv,
                                                                 AES_ENCRYPTION);
                     if (ret == 0) {
@@ -14524,9 +14991,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 #endif
 #ifdef WOLFSSL_SMALL_STACK
 #ifndef WOLFSSL_ECIES_OLD
-    if (peerKey != NULL) {
-        XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
-    }
+    XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
 #endif
     XFREE(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
     XFREE(keys, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER);
@@ -14955,57 +15420,57 @@ static int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
 
 #ifdef WOLFSSL_SMALL_STACK
   if (t1) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(t1);
     XFREE(t1, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (C) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(C);
     XFREE(C, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (Q) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(Q);
     XFREE(Q, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (S) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(S);
     XFREE(S, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (Z) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(Z);
     XFREE(Z, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (M) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(M);
     XFREE(M, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (T) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(T);
     XFREE(T, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (R) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(R);
     XFREE(R, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (N) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(N);
     XFREE(N, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
   if (two) {
-    if (res != MP_INIT_E)
+    if (res != WC_NO_ERR_TRACE(MP_INIT_E))
       mp_clear(two);
     XFREE(two, NULL, DYNAMIC_TYPE_ECC_BUFFER);
   }
 #else
-  if (res != MP_INIT_E) {
+  if (res != WC_NO_ERR_TRACE(MP_INIT_E)) {
     mp_clear(t1);
     mp_clear(C);
     mp_clear(Q);
@@ -15046,7 +15511,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
 
    if (*outLen < (1 + numlen)) {
       *outLen = 1 + numlen;
-      return LENGTH_ONLY_E;
+      return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
    }
 
    if (out == NULL)
@@ -15070,23 +15535,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
 #endif /* HAVE_ECC_KEY_EXPORT */
 #endif /* HAVE_COMP_KEY */
 
+#ifdef HAVE_OID_ENCODING
+int wc_ecc_oid_cache_init(void)
+{
+    int ret = 0;
+#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
+    ret = wc_InitMutex(&ecc_oid_cache_lock);
+#endif
+    return ret;
+}
+
+void wc_ecc_oid_cache_free(void)
+{
+#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
+    wc_FreeMutex(&ecc_oid_cache_lock);
+#endif
+}
+#endif /* HAVE_OID_ENCODING */
 
 int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
 {
     int x;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+#ifdef HAVE_OID_ENCODING
+    oid_cache_t* o = NULL;
+#endif
 
     if (oidSum == 0) {
         return BAD_FUNC_ARG;
     }
 
+#ifdef HAVE_OID_ENCODING
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
+        /* extra sanity check if wolfCrypt_Init not called */
+        if (eccOidLockInit == 0) {
+            wc_InitMutex(&ecc_oid_cache_lock);
+            eccOidLockInit = 1;
+        }
+    #endif
+
+    if (wc_LockMutex(&ecc_oid_cache_lock) != 0) {
+        return BAD_MUTEX_E;
+    }
+#endif
+
     /* find matching OID sum (based on encoded value) */
     for (x = 0; ecc_sets[x].size != 0; x++) {
         if (ecc_sets[x].oidSum == oidSum) {
-            int ret;
         #ifdef HAVE_OID_ENCODING
-            ret = 0;
             /* check cache */
-            oid_cache_t* o = &ecc_oid_cache[x];
+            ret = 0;
+            o = &ecc_oid_cache[x];
             if (o->oidSz == 0) {
                 o->oidSz = sizeof(o->oid);
                 ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz,
@@ -15098,10 +15597,12 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (oid) {
                 *oid = o->oid;
             }
+
             /* on success return curve id */
             if (ret == 0) {
                 ret = ecc_sets[x].id;
             }
+            break;
         #else
             if (oidSz) {
                 *oidSz = ecc_sets[x].oidSz;
@@ -15110,12 +15611,16 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
                 *oid = ecc_sets[x].oid;
             }
             ret = ecc_sets[x].id;
+            break;
         #endif
-            return ret;
         }
     }
 
-    return NOT_COMPILED_IN;
+#ifdef HAVE_OID_ENCODING
+    wc_UnLockMutex(&ecc_oid_cache_lock);
+#endif
+
+    return ret;
 }
 
 #ifdef WOLFSSL_CUSTOM_CURVES
diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c
index 836243bed..562dedc8b 100644
--- a/wolfcrypt/src/eccsi.c
+++ b/wolfcrypt/src/eccsi.c
@@ -1,6 +1,6 @@
 /* eccsi.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -43,6 +43,14 @@
     #include <wolfssl/wolfcrypt/sp.h>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
     #define wc_ecc_key_get_priv(key) (&((key)->k))
@@ -508,7 +516,7 @@ static int eccsi_encode_point(ecc_point* point, word32 size, byte* data,
 
     if (data == NULL) {
         *sz = size * 2 + !raw;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < size * 2 + !raw)) {
         err = BUFFER_E;
@@ -647,7 +655,7 @@ int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)(key->ecc.dp->size * 3);
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size * 3) {
             err = BUFFER_E;
@@ -769,7 +777,7 @@ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)key->ecc.dp->size;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size) {
             err = BUFFER_E;
@@ -1008,7 +1016,7 @@ int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk, ecc_point* pvt,
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(key->ecc.dp->size * 3);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < (word32)(key->ecc.dp->size * 3))) {
         err = BUFFER_E;
@@ -1069,7 +1077,7 @@ int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)key->ecc.dp->size;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size) {
             err = BUFFER_E;
@@ -1439,7 +1447,7 @@ static int eccsi_mulmod_point_add(EccsiKey* key, const mp_int* n,
         ecc_point* point, ecc_point* a, ecc_point* res, mp_digit mp, int map)
 {
 #if defined(WOLFSSL_HAVE_SP_ECC) && !defined(WOLFSSL_SP_NO_256)
-    int err = NOT_COMPILED_IN;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
             (ecc_sets[key->ecc.idx].id == ECC_SECP256R1)) {
@@ -1992,7 +2000,7 @@ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType,
         sz = (word32)key->ecc.dp->size;
         if (sig == NULL) {
             *sigSz = sz * 4 + 1;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
     if ((err == 0) && (*sigSz < sz * 4 + 1)) {
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 6dfb7a0f2..eb2b02f3b 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -1,6 +1,6 @@
 /* ed25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,6 +22,12 @@
 
  /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
 
+
+/* Possible Ed25519 enable options:
+ *   WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN                               Default: OFF
+ *     Check that the private key didn't change during the signing operations.
+ */
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -30,8 +36,19 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef HAVE_ED25519
+#if FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+       #ifdef USE_WINDOWS_API
+               #pragma code_seg(".fipsA$f")
+               #pragma const_seg(".fipsB$f")
+       #endif
+#endif
 
 #include <wolfssl/wolfcrypt/ed25519.h>
+#include <wolfssl/wolfcrypt/ge_operations.h>
+#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
@@ -41,6 +58,15 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_ed25519_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000006 };
+    int wolfCrypt_FIPS_ED25519_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
 #ifdef FREESCALE_LTC_ECC
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
@@ -183,6 +209,56 @@ static int ed25519_hash(ed25519_key* key, const byte* in, word32 inLen,
 }
 
 #ifdef HAVE_ED25519_MAKE_KEY
+#if FIPS_VERSION3_GE(6,0,0)
+/* Performs a Pairwise Consistency Test on an Ed25519 key pair.
+ *
+ * @param [in] key  Ed25519 key to test.
+ * @param [in] rng  Random number generator to use to create random digest.
+ * @return  0 on success.
+ * @return  ECC_PCT_E when signing or verification fail.
+ * @return  Other -ve when random number generation fails.
+ */
+static int ed25519_pairwise_consistency_test(ed25519_key* key, WC_RNG* rng)
+{
+    int err = 0;
+    byte digest[WC_SHA512_DIGEST_SIZE];
+    word32 digestLen = WC_SHA512_DIGEST_SIZE;
+    byte sig[ED25519_SIG_SIZE];
+    word32 sigLen = ED25519_SIG_SIZE;
+    int res = 0;
+
+    /* Generate a random digest to sign. */
+    err = wc_RNG_GenerateBlock(rng, digest, digestLen);
+    if (err == 0) {
+        /* Sign digest without context. */
+        err = wc_ed25519_sign_msg_ex(digest, digestLen, sig, &sigLen, key,
+            (byte)Ed25519, NULL, 0);
+        if (err != 0) {
+            /* Any sign failure means test failed. */
+            err = ECC_PCT_E;
+        }
+    }
+    if (err == 0) {
+        /* Verify digest without context. */
+        err = wc_ed25519_verify_msg_ex(sig, sigLen, digest, digestLen, &res,
+            key, (byte)Ed25519, NULL, 0);
+        if (err != 0) {
+            /* Any verification operation failure means test failed. */
+            err = ECC_PCT_E;
+        }
+        /* Check whether the signature verified. */
+        else if (res == 0) {
+            /* Test failed. */
+            err = ECC_PCT_E;
+        }
+    }
+
+    ForceZero(sig, sigLen);
+
+    return err;
+}
+#endif
+
 int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
                            word32 pubKeySz)
 {
@@ -245,7 +321,7 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
 #ifdef WOLF_CRYPTO_CB
     if (key->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Ed25519Gen(rng, keySz, key);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -266,6 +342,13 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
     /* put public key after private key, on the same buffer */
     XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE);
 
+#if FIPS_VERSION3_GE(6,0,0)
+    ret = wc_ed25519_check_key(key);
+    if (ret == 0) {
+        ret = ed25519_pairwise_consistency_test(key, rng);
+    }
+#endif
+
     return ret;
 }
 #endif /* HAVE_ED25519_MAKE_KEY */
@@ -304,6 +387,9 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     ALIGN16 byte nonce[WC_SHA512_DIGEST_SIZE];
     ALIGN16 byte hram[WC_SHA512_DIGEST_SIZE];
     ALIGN16 byte az[ED25519_PRV_KEY_SIZE];
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    byte orig_k[ED25519_KEY_SIZE];
+#endif
 
     /* sanity check on arguments */
     if (in == NULL || out == NULL || outLen == NULL || key == NULL ||
@@ -315,7 +401,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     if (key->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type,
             context, contextLen);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -331,6 +417,10 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     }
     *outLen = ED25519_SIG_SIZE;
 
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    XMEMCPY(orig_k, key->k, ED25519_KEY_SIZE);
+#endif
+
     /* step 1: create nonce to use where nonce is r in
        r = H(h_b, ... ,h_2b-1,M) */
     ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az);
@@ -441,6 +531,18 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
 #endif
 #endif /* WOLFSSL_SE050 */
+
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    {
+        int  i;
+        byte c = 0;
+        for (i = 0; i < ED25519_KEY_SIZE; i++) {
+            c |= key->k[i] ^ orig_k[i];
+        }
+        ret = ctMaskGT(c, 0) & SIG_VERIFY_E;
+    }
+#endif
+
     return ret;
 }
 
@@ -527,6 +629,35 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
 
 #ifdef HAVE_ED25519_VERIFY
 #ifndef WOLFSSL_SE050
+
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+static const byte sha512_empty[] = {
+    0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+    0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+    0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+    0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+    0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+    0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+    0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+    0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e
+};
+
+/* sanity check that hash operation happened
+ * returns 0 on success */
+static int ed25519_hash_check(ed25519_key* key, byte* h)
+{
+    (void)key; /* passing in key in case other hash algroithms are used */
+
+    if (XMEMCMP(h, sha512_empty, WC_SHA512_DIGEST_SIZE) != 0) {
+        return 0;
+    }
+    else {
+        return BAD_STATE_E;
+    }
+}
+#endif
+
+
 /*
    sig        is array of bytes containing the signature
    sigLen     is the length of sig byte array
@@ -574,6 +705,22 @@ static int ed25519_verify_msg_init_with_sha(const byte* sig, word32 sigLen,
     }
     if (ret == 0)
         ret = ed25519_hash_update(key, sha, sig, ED25519_SIG_SIZE/2);
+
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    /* sanity check that hash operation happened */
+    if (ret == 0) {
+        byte h[WC_MAX_DIGEST_SIZE];
+
+        ret = wc_Sha512GetHash(sha, h);
+        if (ret == 0) {
+            ret = ed25519_hash_check(key, h);
+            if (ret != 0) {
+                WOLFSSL_MSG("Unexpected initial state of hash found");
+            }
+        }
+    }
+#endif
+
     if (ret == 0)
         ret = ed25519_hash_update(key, sha, key->p, ED25519_PUB_KEY_SIZE);
 
@@ -597,15 +744,14 @@ static int ed25519_verify_msg_update_with_sha(const byte* msgSegment,
     return ed25519_hash_update(key, sha, msgSegment, msgSegmentLen);
 }
 
-/* Low part of order in big endian. */
-static const byte ed25519_low_order[] = {
-    0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6,
-    0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed
+/* ed25519 order in little endian. */
+static const byte ed25519_order[] = {
+    0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+    0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
 };
 
-#define ED25519_SIG_LOW_ORDER_IDX \
-    ((int)(ED25519_SIG_SIZE/2 + sizeof(ed25519_low_order) - 1))
-
 /*
    sig     is array of bytes containing the signature
    sigLen  is the length of sig byte array
@@ -624,6 +770,7 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
     ge_p2  R;
 #endif
     int    ret;
+    int    i;
 
     /* sanity check on arguments */
     if (sig == NULL || res == NULL || key == NULL)
@@ -639,33 +786,19 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
      *     2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed
      *   = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed
      */
-    if (sig[ED25519_SIG_SIZE-1] > 0x10)
-        return BAD_FUNC_ARG;
-    if (sig[ED25519_SIG_SIZE-1] == 0x10) {
-        int i = ED25519_SIG_SIZE-1;
-        int j;
 
-        /* Check high zeros. */
-        for (--i; i > ED25519_SIG_LOW_ORDER_IDX; i--) {
-            if (sig[i] > 0x00)
-                break;
-        }
-        /* Did we see all zeros up to lower order index? */
-        if (i == ED25519_SIG_LOW_ORDER_IDX) {
-            /* Check lower part. */
-            for (j = 0; j < (int)sizeof(ed25519_low_order); j++, i--) {
-                /* Check smaller. */
-                if (sig[i] < ed25519_low_order[j])
-                    break;
-                /* Check bigger. */
-                if (sig[i] > ed25519_low_order[j])
-                    return BAD_FUNC_ARG;
-            }
-            /* Check equal - all bytes match. */
-            if (i == ED25519_SIG_SIZE/2 - 1)
-                return BAD_FUNC_ARG;
-        }
+    /* Check S is not larger than or equal to order. */
+    for (i = (int)sizeof(ed25519_order) - 1; i >= 0; i--) {
+        /* Bigger than order. */
+        if (sig[ED25519_SIG_SIZE/2 + i] > ed25519_order[i])
+            return BAD_FUNC_ARG;
+        /* Less than order. */
+        if (sig[ED25519_SIG_SIZE/2 + i] < ed25519_order[i])
+            break;
     }
+    /* Check equal - all bytes match. */
+    if (i == -1)
+        return BAD_FUNC_ARG;
 
     /* uncompress A (public key), test if valid, and negate it */
 #ifndef FREESCALE_LTC_ECC
@@ -704,7 +837,16 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
     ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2);
     if (ret != 0) {
         ret = SIG_VERIFY_E;
-    } else {
+    }
+
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    /* redundant comparison as sanity check that first one happened */
+    if (ret == 0 && ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2) != 0) {
+        ret = SIG_VERIFY_E;
+    }
+#endif
+
+    if (ret == 0) {
         /* set the verification status */
         *res = 1;
     }
@@ -771,7 +913,7 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
     if (key->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key,
             type, context, contextLen);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -881,6 +1023,39 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 }
 #endif /* HAVE_ED25519_VERIFY */
 
+#ifndef WC_NO_CONSTRUCTORS
+ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code)
+{
+    int ret;
+    ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
+                        DYNAMIC_TYPE_ED25519);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_ed25519_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_ED25519);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) {
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_ed25519_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_ED25519);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
 
 /* initialize information and memory for key */
 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId)
@@ -929,6 +1104,9 @@ void wc_ed25519_free(ed25519_key* key)
 #endif
 
 #ifdef WOLFSSL_SE050
+#ifdef WOLFSSL_SE050_AUTO_ERASE
+    wc_se050_erase_object(key->keyId);
+#endif
     se050_ed25519_free_key(key);
 #endif
 
@@ -1033,7 +1211,7 @@ int wc_ed25519_import_public_ex(const byte* in, word32 inLen, ed25519_key* key,
 
     if (ret == 0) {
         key->pubKeySet = 1;
-        if (key->privKeySet && (!trusted)) {
+        if (!trusted) {
             ret = wc_ed25519_check_key(key);
         }
     }
@@ -1234,23 +1412,84 @@ int wc_ed25519_export_key(ed25519_key* key,
 
 #endif /* HAVE_ED25519_KEY_EXPORT */
 
-/* check the private and public keys match */
+/* Check the public key is valid.
+ *
+ * When private key available, check the calculated public key matches.
+ * When no private key, check Y is in range and an X is able to be calculated.
+ *
+ * @param [in] key  Ed25519 private/public key.
+ * @return  0 otherwise.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  PUBLIC_KEY_E when the public key is not set, doesn't match or is
+ *          invalid.
+ * @return  other -ve value on hash failure.
+ */
 int wc_ed25519_check_key(ed25519_key* key)
 {
     int ret = 0;
-#ifdef HAVE_ED25519_MAKE_KEY
-    ALIGN16 unsigned char pubKey[ED25519_PUB_KEY_SIZE];
 
-    if (!key->pubKeySet)
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Check we have a public key to check. */
+    if ((ret == 0) && (!key->pubKeySet)) {
         ret = PUBLIC_KEY_E;
-    if (ret == 0)
+    }
+
+#ifdef HAVE_ED25519_MAKE_KEY
+    /* If we have a private key just make the public key and compare. */
+    if ((ret == 0) && (key->privKeySet)) {
+        ALIGN16 unsigned char pubKey[ED25519_PUB_KEY_SIZE];
+
         ret = wc_ed25519_make_public(key, pubKey, sizeof(pubKey));
-    if (ret == 0 && XMEMCMP(pubKey, key->p, ED25519_PUB_KEY_SIZE) != 0)
-        ret = PUBLIC_KEY_E;
+        if (ret == 0 && XMEMCMP(pubKey, key->p, ED25519_PUB_KEY_SIZE) != 0)
+            ret = PUBLIC_KEY_E;
+    }
 #else
-     (void)key;
+    (void)key;
 #endif /* HAVE_ED25519_MAKE_KEY */
 
+    /* No private key (or ability to make a public key), check Y is valid. */
+    if ((ret == 0)
+#ifdef HAVE_ED25519_MAKE_KEY
+        && (!key->privKeySet)
+#endif
+        ) {
+        /* Verify that Q is not identity element 0.
+         * 0 has no representation for Ed25519. */
+
+        /* Verify that xQ and yQ are integers in the interval [0, p - 1].
+         * Only have yQ so check that ordinate. p = 2^255 - 19 */
+        if ((key->p[ED25519_PUB_KEY_SIZE - 1] & 0x7f) == 0x7f) {
+            int i;
+
+            ret = PUBLIC_KEY_E;
+            /* Check up to last byte. */
+            for (i = ED25519_PUB_KEY_SIZE - 2; i > 0; i--) {
+                if (key->p[i] != 0xff) {
+                    ret = 0;
+                    break;
+                }
+            }
+            /* Bits are all one up to last byte - check less than -19. */
+            if ((ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) && (key->p[0] < 0xed)) {
+                ret = 0;
+            }
+        }
+
+        if (ret == 0) {
+            /* Verify that Q is on the curve.
+             * Uncompressing the public key will validate yQ. */
+            ge_p3 A;
+
+            if (ge_frombytes_negate_vartime(&A, key->p) != 0) {
+                ret = PUBLIC_KEY_E;
+            }
+        }
+    }
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c
index 8eb83372d..0ef1757d9 100644
--- a/wolfcrypt/src/ed448.c
+++ b/wolfcrypt/src/ed448.c
@@ -1,6 +1,6 @@
 /* ed448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,6 +25,11 @@
  * Reworked for curve448 by Sean Parkinson.
  */
 
+/* Possible Ed448 enable options:
+ *   WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN                               Default: OFF
+ *     Check that the private key didn't change during the signing operations.
+ */
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -33,6 +38,15 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef HAVE_ED448
+#if FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+       #ifdef USE_WINDOWS_API
+               #pragma code_seg(".fipsA$f")
+               #pragma const_seg(".fipsB$f")
+       #endif
+#endif
 
 #include <wolfssl/wolfcrypt/ed448.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -51,6 +65,14 @@
 static const byte ed448Ctx[ED448CTX_SIZE+1] = "SigEd448";
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_ed448_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000007 };
+    int wolfCrypt_FIPS_ED448_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 static int ed448_hash_init(ed448_key* key, wc_Shake *sha)
 {
@@ -165,6 +187,56 @@ static int ed448_hash(ed448_key* key, const byte* in, word32 inLen,
     return ret;
 }
 
+#if FIPS_VERSION3_GE(6,0,0)
+/* Performs a Pairwise Consistency Test on an Ed448 key pair.
+ *
+ * @param [in] key  Ed448 key to test.
+ * @param [in] rng  Random number generator to use to create random digest.
+ * @return  0 on success.
+ * @return  ECC_PCT_E when signing or verification fail.
+ * @return  Other -ve when random number generation fails.
+ */
+static int ed448_pairwise_consistency_test(ed448_key* key, WC_RNG* rng)
+{
+    int err = 0;
+    byte digest[WC_SHA256_DIGEST_SIZE];
+    word32 digestLen = WC_SHA256_DIGEST_SIZE;
+    byte sig[ED448_SIG_SIZE];
+    word32 sigLen = ED448_SIG_SIZE;
+    int res = 0;
+
+    /* Generate a random digest to sign. */
+    err = wc_RNG_GenerateBlock(rng, digest, digestLen);
+    if (err == 0) {
+        /* Sign digest without context. */
+        err = wc_ed448_sign_msg_ex(digest, digestLen, sig, &sigLen, key, Ed448,
+            NULL, 0);
+        if (err != 0) {
+            /* Any sign failure means test failed. */
+            err = ECC_PCT_E;
+        }
+    }
+    if (err == 0) {
+        /* Verify digest without context. */
+        err = wc_ed448_verify_msg_ex(sig, sigLen, digest, digestLen, &res, key,
+            Ed448, NULL, 0);
+        if (err != 0) {
+            /* Any verification operation failure means test failed. */
+            err = ECC_PCT_E;
+        }
+        /* Check whether the signature verified. */
+        else if (res == 0) {
+            /* Test failed. */
+            err = ECC_PCT_E;
+        }
+    }
+
+    ForceZero(sig, sigLen);
+
+    return err;
+}
+#endif
+
 /* Derive the public key for the private key.
  *
  * key       [in]  Ed448 key object.
@@ -198,7 +270,10 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey, word32 pubKeySz)
         az[55] |= 0x80;
         az[56]  = 0x00;
 
-        ge448_scalarmult_base(&A, az);
+        ret = ge448_scalarmult_base(&A, az);
+    }
+
+    if (ret == 0) {
         ge448_to_bytes(pubKey, &A);
 
         key->pubKeySet = 1;
@@ -247,6 +322,13 @@ int wc_ed448_make_key(WC_RNG* rng, int keySz, ed448_key* key)
     if (ret == 0) {
         /* put public key after private key, on the same buffer */
         XMEMMOVE(key->k + ED448_KEY_SIZE, key->p, ED448_PUB_KEY_SIZE);
+
+    #if FIPS_VERSION3_GE(6,0,0)
+        ret = wc_ed448_check_key(key);
+        if (ret == 0) {
+            ret = ed448_pairwise_consistency_test(key, rng);
+        }
+    #endif
     }
 
     return ret;
@@ -279,6 +361,9 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     byte     hram[ED448_SIG_SIZE];
     byte     az[ED448_PRV_KEY_SIZE];
     int      ret = 0;
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    byte     orig_k[ED448_KEY_SIZE];
+#endif
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL) ||
@@ -298,6 +383,10 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
     if (ret == 0) {
         *outLen = ED448_SIG_SIZE;
 
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+        XMEMCPY(orig_k, key->k, ED448_KEY_SIZE);
+#endif
+
         /* step 1: create nonce to use where nonce is r in
            r = H(h_b, ... ,h_2b-1,M) */
         ret = ed448_hash(key, key->k, ED448_KEY_SIZE, az, sizeof(az));
@@ -353,13 +442,15 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
 
         /* step 2: computing R = rB where rB is the scalar multiplication of
            r and B */
-        ge448_scalarmult_base(&R,nonce);
-        ge448_to_bytes(out,&R);
+        ret = ge448_scalarmult_base(&R,nonce);
 
         /* step 3: hash R + public key + message getting H(R,A,M) then
            creating S = (r + H(R,A,M)a) mod l */
+        if (ret == 0) {
+            ge448_to_bytes(out,&R);
 
-        ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
+            ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
+        }
         if (ret == 0) {
             ret = ed448_hash_update(key, sha, &type, sizeof(type));
         }
@@ -391,6 +482,17 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
         sc448_muladd(out + (ED448_SIG_SIZE/2), hram, az, nonce);
     }
 
+#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+    if (ret == 0) {
+        int  i;
+        byte c = 0;
+        for (i = 0; i < ED448_KEY_SIZE; i++) {
+            c |= key->k[i] ^ orig_k[i];
+        }
+        ret = ctMaskGT(c, 0) & SIG_VERIFY_E;
+    }
+#endif
+
     return ret;
 }
 
@@ -921,7 +1023,7 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key,
         ret = BAD_FUNC_ARG;
     }
 
-    if (inLen != ED448_PUB_KEY_SIZE) {
+    if ((inLen != ED448_PUB_KEY_SIZE) && (inLen != ED448_PUB_KEY_SIZE + 1)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -950,7 +1052,7 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key,
 
     if (ret == 0) {
         key->pubKeySet = 1;
-        if (key->privKeySet && (!trusted)) {
+        if (!trusted) {
             /* Check untrusted public key data matches private key. */
             ret = wc_ed448_check_key(key);
         }
@@ -1198,31 +1300,91 @@ int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz,
 
 #endif /* HAVE_ED448_KEY_EXPORT */
 
-/* Check the public key of the ed448 key matches the private key.
+/* Check the public key is valid.
  *
- * key     [in]      Ed448 private/public key.
- * returns BAD_FUNC_ARG when key is NULL,
- *         PUBLIC_KEY_E when the public key is not set or doesn't match,
- *         other -ve value on hash failure,
- *         0 otherwise.
+ * When private key available, check the calculated public key matches.
+ * When no private key, check Y is in range and an X is able to be calculated.
+ *
+ * @param [in] key  Ed448 private/public key.
+ * @return  0 otherwise.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  PUBLIC_KEY_E when the public key is not set, doesn't match or is
+ *          invalid.
+ * @return  other -ve value on hash failure.
  */
 int wc_ed448_check_key(ed448_key* key)
 {
     int ret = 0;
     unsigned char pubKey[ED448_PUB_KEY_SIZE];
 
+    /* Validate parameter. */
     if (key == NULL) {
         ret = BAD_FUNC_ARG;
     }
 
+    /* Check we have a public key to check. */
     if (ret == 0 && !key->pubKeySet) {
         ret = PUBLIC_KEY_E;
     }
-    if (ret == 0) {
+
+    /* If we have a private key just make the public key and compare. */
+    if ((ret == 0) && key->privKeySet) {
         ret = wc_ed448_make_public(key, pubKey, sizeof(pubKey));
+        if ((ret == 0) && (XMEMCMP(pubKey, key->p, ED448_PUB_KEY_SIZE) != 0)) {
+            ret = PUBLIC_KEY_E;
+        }
     }
-    if ((ret == 0) && (XMEMCMP(pubKey, key->p, ED448_PUB_KEY_SIZE) != 0)) {
-        ret = PUBLIC_KEY_E;
+    /* No private key, check Y is valid. */
+    else if ((ret == 0) && (!key->privKeySet)) {
+        /* Verify that Q is not identity element 0.
+         * 0 has no representation for Ed448. */
+
+        /* Verify that xQ and yQ are integers in the interval [0, p - 1].
+         * Only have yQ so check that ordinate.
+         * p = 2^448-2^224-1 = 0xff..fe..ff
+         */
+        {
+            int i;
+            ret = PUBLIC_KEY_E;
+
+            /* Check top part before 0xFE. */
+            for (i = ED448_PUB_KEY_SIZE - 1; i > ED448_PUB_KEY_SIZE/2; i--) {
+                if (key->p[i] < 0xff) {
+                    ret = 0;
+                    break;
+                }
+            }
+            if (ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+                /* Check against 0xFE. */
+                if (key->p[ED448_PUB_KEY_SIZE/2] < 0xfe) {
+                    ret = 0;
+                }
+                else if (key->p[ED448_PUB_KEY_SIZE/2] == 0xfe) {
+                    /* Check bottom part before last byte. */
+                    for (i = ED448_PUB_KEY_SIZE/2 - 1; i > 0; i--) {
+                        if (key->p[i] != 0xff) {
+                            ret = 0;
+                            break;
+                        }
+                    }
+                    /* Check last byte. */
+                    if ((ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) &&
+                        (key->p[0] < 0xff)) {
+                        ret = 0;
+                    }
+                }
+            }
+        }
+
+        if (ret == 0) {
+            /* Verify that Q is on the curve.
+             * Uncompressing the public key will validate yQ. */
+            ge448_p2 A;
+
+            if (ge448_from_bytes_negate_vartime(&A, key->p) != 0) {
+                ret = PUBLIC_KEY_E;
+            }
+        }
     }
 
     return ret;
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 929e0bfd0..b2a43803d 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -1,6 +1,6 @@
 /* error.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,10 +34,30 @@
 #endif
 
 #ifndef NO_ERROR_STRINGS
+
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
+
 WOLFSSL_ABI
 const char* wc_GetErrorString(int error)
 {
-    switch (error) {
+    switch ((enum wolfCrypt_ErrorCodes)error) {
+
+    case WC_FAILURE:
+        return "wolfCrypt generic failure";
+
+    case MP_MEM :
+        return "MP integer dynamic memory allocation failed";
+
+    case MP_VAL :
+        return "MP integer invalid argument";
+
+    case MP_WOULDBLOCK :
+        return "MP integer non-blocking operation would block";
+
+    case MP_NOT_INF:
+        return "MP point not at infinity";
 
     case OPEN_RAN_E :
         return "opening random device error";
@@ -347,13 +367,13 @@ const char* wc_GetErrorString(int error)
         return "ECC is point on curve failed";
 
     case ECC_INF_E:
-        return " ECC point at infinity error";
+        return "ECC point at infinity error";
 
     case ECC_OUT_OF_RANGE_E:
-        return " ECC Qx or Qy out of range error";
+        return "ECC Qx or Qy out of range error";
 
     case ECC_PRIV_KEY_E:
-        return " ECC private key is not valid error";
+        return "ECC private key is not valid error";
 
     case SRP_CALL_ORDER_E:
         return "SRP function called in the wrong order error";
@@ -601,16 +621,54 @@ const char* wc_GetErrorString(int error)
     case AES_EAX_AUTH_E:
         return "AES-EAX Authentication check fail";
 
+    case KEY_EXHAUSTED_E:
+        return "Key no longer usable for operation";
+
+    case FIPS_INVALID_VER_E:
+        return "Invalid FIPS version defined, check length";
+
+    case FIPS_DATA_SZ_E:
+        return "FIPS Module Data too large adjust MAX_FIPS_DATA_SZ";
+
+    case FIPS_CODE_SZ_E:
+        return "FIPS Module Code too large adjust MAX_FIPS_CODE_SZ";
+
+    case KDF_SRTP_KAT_FIPS_E:
+        return "wolfCrypt FIPS SRTP-KDF Known Answer Test Failure";
+
+    case ED25519_KAT_FIPS_E:
+        return "wolfCrypt FIPS Ed25519 Known Answer Test Failure";
+
+    case ED448_KAT_FIPS_E:
+        return "wolfCrypt FIPS Ed448 Known Answer Test Failure";
+
+    case PBKDF2_KAT_FIPS_E:
+        return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure";
+
+    case WC_KEY_MISMATCH_E:
+        return "key values mismatch";
+
+    case DEADLOCK_AVERTED_E:
+        return "Deadlock averted -- retry the call";
+
+    case ASCON_AUTH_E:
+        return "ASCON Authentication check fail";
+
+    case MAX_CODE_E:
+    case WC_SPAN1_MIN_CODE_E:
+    case MIN_CODE_E:
     default:
         return "unknown error number";
-
     }
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#include <wolfssl/debug-trace-error-codes.h>
+#endif
+
 void wc_ErrorString(int error, char* buffer)
 {
     XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ);
     buffer[WOLFSSL_MAX_ERROR_SZ-1] = 0;
 }
 #endif /* !NO_ERROR_STRINGS */
-
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index cdda39478..d41beb846 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -1,6 +1,6 @@
 /* evp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,7 +41,6 @@
     #include <wolfssl/wolfcrypt/aes.h>
 #endif
 
-
 #include <wolfssl/openssl/ecdsa.h>
 #include <wolfssl/openssl/evp.h>
 #include <wolfssl/openssl/kdf.h>
@@ -53,67 +52,67 @@ static const struct s_ent {
     const char *name;
 } md_tbl[] = {
 #ifndef NO_MD4
-    {WC_HASH_TYPE_MD4, NID_md4, "MD4"},
+    {WC_HASH_TYPE_MD4, WC_NID_md4, WC_SN_md4},
 #endif /* NO_MD4 */
 
 #ifndef NO_MD5
-    {WC_HASH_TYPE_MD5, NID_md5, "MD5"},
+    {WC_HASH_TYPE_MD5, WC_NID_md5, WC_SN_md5},
 #endif /* NO_MD5 */
 
 #ifndef NO_SHA
-    {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"},
-    {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */
+    {WC_HASH_TYPE_SHA, WC_NID_sha1, WC_SN_sha1},
+    {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */
 #endif /* NO_SHA */
 
 #ifdef WOLFSSL_SHA224
-    {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"},
+    {WC_HASH_TYPE_SHA224, WC_NID_sha224, WC_SN_sha224},
 #endif /* WOLFSSL_SHA224 */
 #ifndef NO_SHA256
-    {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"},
+    {WC_HASH_TYPE_SHA256, WC_NID_sha256, WC_SN_sha256},
 #endif
 
 #ifdef WOLFSSL_SHA384
-    {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"},
+    {WC_HASH_TYPE_SHA384, WC_NID_sha384, WC_SN_sha384},
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
-    {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"},
+    {WC_HASH_TYPE_SHA512, WC_NID_sha512, WC_SN_sha512},
 #endif /* WOLFSSL_SHA512 */
 
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    {WC_HASH_TYPE_SHA512_224, NID_sha512_224, "SHA512_224"},
+    {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, WC_SN_sha512_224},
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
 
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    {WC_HASH_TYPE_SHA512_256, NID_sha512_256, "SHA512_256"},
+    {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, WC_SN_sha512_256},
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
 
 #ifndef WOLFSSL_NOSHA3_224
-    {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"},
+    {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, WC_SN_sha3_224},
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"},
+    {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, WC_SN_sha3_256},
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"},
+    {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, WC_SN_sha3_384},
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"},
+    {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, WC_SN_sha3_512},
 #endif
 #ifdef WOLFSSL_SM3
-    {WC_HASH_TYPE_SM3, NID_sm3, "SM3"},
+    {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3},
 #endif /* WOLFSSL_SHA512 */
 #ifdef HAVE_BLAKE2
-    {WC_HASH_TYPE_BLAKE2B, NID_blake2b512, "BLAKE2B512"},
+    {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512},
 #endif
 #ifdef HAVE_BLAKE2S
-    {WC_HASH_TYPE_BLAKE2S, NID_blake2s256, "BLAKE2S256"},
+    {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, WC_SN_blake2s256},
 #endif
 #ifdef WOLFSSL_SHAKE128
-    {WC_HASH_TYPE_SHAKE128, NID_shake128, "SHAKE128"},
+    {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, WC_SN_shake128},
 #endif
 #ifdef WOLFSSL_SHAKE256
-    {WC_HASH_TYPE_SHAKE256, NID_shake256, "SHAKE256"},
+    {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, WC_SN_shake256},
 #endif
     {WC_HASH_TYPE_NONE, 0, NULL}
 };
@@ -158,6 +157,7 @@ static const struct s_ent {
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB1[] = "AES-128-CFB1";
     #endif
@@ -177,6 +177,7 @@ static const struct s_ent {
     #ifdef WOLFSSL_AES_256
         static const char EVP_AES_256_CFB8[] = "AES-256-CFB8";
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB128[] = "AES-128-CFB128";
@@ -283,10 +284,44 @@ static const struct s_ent {
 
 static const char EVP_NULL[] = "NULL";
 
+static const struct pkey_type_name_ent {
+    int type;
+    const char *name;
+} pkey_type_names[] = {
+    { WC_EVP_PKEY_RSA,     "RSA" },
+    { WC_EVP_PKEY_EC,      "EC" },
+    { WC_EVP_PKEY_DH,      "DH" },
+    { WC_EVP_PKEY_DSA,     "DSA" }
+};
+
+static int pkey_type_by_name(const char *name) {
+    unsigned int i;
+    if (name == NULL)
+        return WC_EVP_PKEY_NONE;
+    for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) {
+        if (XSTRCMP(name, pkey_type_names[i].name) == 0)
+            return pkey_type_names[i].type;
+    }
+    return WC_EVP_PKEY_NONE;
+}
+
+int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
+    int type;
+
+    if (pkey == NULL)
+        return WOLFSSL_FAILURE;
+
+    type = pkey_type_by_name(name);
+    if (type == WC_EVP_PKEY_NONE)
+        return WOLFSSL_FAILURE;
+
+    return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
 #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0)
 
-#define EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
-#define EVP_PKEY_PRINT_DIGITS_PER_LINE 15
+#define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
+#define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15
 
 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
 
@@ -312,78 +347,81 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
     switch (cipherType(c)) {
 #if !defined(NO_AES)
   #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-      case AES_128_CBC_TYPE: return 16;
-      case AES_192_CBC_TYPE: return 24;
-      case AES_256_CBC_TYPE: return 32;
+      case WC_AES_128_CBC_TYPE: return 16;
+      case WC_AES_192_CBC_TYPE: return 24;
+      case WC_AES_256_CBC_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_CFB)
-      case AES_128_CFB1_TYPE: return 16;
-      case AES_192_CFB1_TYPE: return 24;
-      case AES_256_CFB1_TYPE: return 32;
-      case AES_128_CFB8_TYPE: return 16;
-      case AES_192_CFB8_TYPE: return 24;
-      case AES_256_CFB8_TYPE: return 32;
-      case AES_128_CFB128_TYPE: return 16;
-      case AES_192_CFB128_TYPE: return 24;
-      case AES_256_CFB128_TYPE: return 32;
+      case WC_AES_128_CFB1_TYPE: return 16;
+      case WC_AES_192_CFB1_TYPE: return 24;
+      case WC_AES_256_CFB1_TYPE: return 32;
+      case WC_AES_128_CFB8_TYPE: return 16;
+      case WC_AES_192_CFB8_TYPE: return 24;
+      case WC_AES_256_CFB8_TYPE: return 32;
+      case WC_AES_128_CFB128_TYPE: return 16;
+      case WC_AES_192_CFB128_TYPE: return 24;
+      case WC_AES_256_CFB128_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_OFB)
-      case AES_128_OFB_TYPE: return 16;
-      case AES_192_OFB_TYPE: return 24;
-      case AES_256_OFB_TYPE: return 32;
+      case WC_AES_128_OFB_TYPE: return 16;
+      case WC_AES_192_OFB_TYPE: return 24;
+      case WC_AES_256_OFB_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
       /* Two keys for XTS. */
-      case AES_128_XTS_TYPE: return 16 * 2;
-      case AES_256_XTS_TYPE: return 32 * 2;
+      case WC_AES_128_XTS_TYPE: return 16 * 2;
+      case WC_AES_256_XTS_TYPE: return 32 * 2;
   #endif
   #if defined(HAVE_AESGCM)
-      case AES_128_GCM_TYPE: return 16;
-      case AES_192_GCM_TYPE: return 24;
-      case AES_256_GCM_TYPE: return 32;
+      case WC_AES_128_GCM_TYPE: return 16;
+      case WC_AES_192_GCM_TYPE: return 24;
+      case WC_AES_256_GCM_TYPE: return 32;
   #endif
   #if defined(HAVE_AESCCM)
-      case AES_128_CCM_TYPE: return 16;
-      case AES_192_CCM_TYPE: return 24;
-      case AES_256_CCM_TYPE: return 32;
+      case WC_AES_128_CCM_TYPE: return 16;
+      case WC_AES_192_CCM_TYPE: return 24;
+      case WC_AES_256_CCM_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_COUNTER)
-      case AES_128_CTR_TYPE: return 16;
-      case AES_192_CTR_TYPE: return 24;
-      case AES_256_CTR_TYPE: return 32;
+      case WC_AES_128_CTR_TYPE: return 16;
+      case WC_AES_192_CTR_TYPE: return 24;
+      case WC_AES_256_CTR_TYPE: return 32;
   #endif
   #if defined(HAVE_AES_ECB)
-      case AES_128_ECB_TYPE: return 16;
-      case AES_192_ECB_TYPE: return 24;
-      case AES_256_ECB_TYPE: return 32;
+      case WC_AES_128_ECB_TYPE: return 16;
+      case WC_AES_192_ECB_TYPE: return 24;
+      case WC_AES_256_ECB_TYPE: return 32;
   #endif
 #endif /* !NO_AES */
   #ifndef NO_DES3
-      case DES_CBC_TYPE:      return 8;
-      case DES_EDE3_CBC_TYPE: return 24;
-      case DES_ECB_TYPE:      return 8;
-      case DES_EDE3_ECB_TYPE: return 24;
+      case WC_DES_CBC_TYPE:      return 8;
+      case WC_DES_EDE3_CBC_TYPE: return 24;
+      case WC_DES_ECB_TYPE:      return 8;
+      case WC_DES_EDE3_ECB_TYPE: return 24;
+  #endif
+  #ifndef NO_RC4
+      case WC_ARC4_TYPE:         return 16;
   #endif
   #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-      case CHACHA20_POLY1305_TYPE: return 32;
+      case WC_CHACHA20_POLY1305_TYPE: return 32;
   #endif
   #ifdef HAVE_CHACHA
-      case CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
+      case WC_CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
   #endif
   #ifdef WOLFSSL_SM4_ECB
-      case SM4_ECB_TYPE:      return 16;
+      case WC_SM4_ECB_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CBC
-      case SM4_CBC_TYPE:      return 16;
+      case WC_SM4_CBC_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CTR
-      case SM4_CTR_TYPE:      return 16;
+      case WC_SM4_CTR_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_GCM
-      case SM4_GCM_TYPE:      return 16;
+      case WC_SM4_GCM_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CCM
-      case SM4_CCM_TYPE:      return 16;
+      case WC_SM4_CCM_TYPE:      return 16;
   #endif
       default:
           return 0;
@@ -452,7 +490,7 @@ void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx)
 
 int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (ctx != NULL) {
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset");
@@ -566,9 +604,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
     switch (ctx->cipherType) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -576,16 +614,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
             break;
     #endif
     #if defined(HAVE_AES_ECB)
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             if (ctx->enc)
                 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -593,9 +631,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             if (ctx->enc)
                 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -603,10 +641,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-    #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
+    #if !defined(WOLFSSL_NO_AES_CFB_1_8)
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in,
                         inl * WOLFSSL_BIT_SIZE);
@@ -615,19 +653,19 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
                         inl * WOLFSSL_BIT_SIZE);
             break;
 
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl);
             else
                 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl);
             break;
-    #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -635,8 +673,8 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    case AES_128_XTS_TYPE:
-    case AES_256_XTS_TYPE:
+    case WC_AES_128_XTS_TYPE:
+    case WC_AES_256_XTS_TYPE:
         if (ctx->enc)
             ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl,
                     ctx->iv, (word32)ctx->ivSz);
@@ -647,34 +685,34 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
 #endif
 #endif /* !NO_AES */
     #ifndef NO_DES3
-        case DES_CBC_TYPE:
+        case WC_DES_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
             else
                 ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
             break;
-        case DES_EDE3_CBC_TYPE:
+        case WC_DES_EDE3_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
             else
                 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
             break;
         #if defined(WOLFSSL_DES_ECB)
-        case DES_ECB_TYPE:
+        case WC_DES_ECB_TYPE:
             ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
             break;
-        case DES_EDE3_ECB_TYPE:
+        case WC_DES_EDE3_ECB_TYPE:
             ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
             break;
         #endif
     #endif
     #ifndef NO_RC4
-        case ARC4_TYPE:
+        case WC_ARC4_TYPE:
             wc_Arc4Process(&ctx->cipher.arc4, out, in, inl);
             break;
     #endif
 #if defined(WOLFSSL_SM4_ECB)
-        case SM4_ECB_TYPE:
+        case WC_SM4_ECB_TYPE:
             if (ctx->enc)
                 wc_Sm4EcbEncrypt(&ctx->cipher.sm4, out, in, inl);
             else
@@ -682,7 +720,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
 #endif
 #if defined(WOLFSSL_SM4_CBC)
-        case SM4_CBC_TYPE:
+        case WC_SM4_CBC_TYPE:
             if (ctx->enc)
                 wc_Sm4CbcEncrypt(&ctx->cipher.sm4, out, in, inl);
             else
@@ -690,7 +728,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
 #endif
 #if defined(WOLFSSL_SM4_CTR)
-        case SM4_CTR_TYPE:
+        case WC_SM4_CTR_TYPE:
             wc_Sm4CtrEncrypt(&ctx->cipher.sm4, out, in, inl);
             break;
 #endif
@@ -711,8 +749,19 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
 static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
         const unsigned char *in, int inl) {
     if (in && inl > 0) {
-        byte* tmp = (byte*)XREALLOC(ctx->authIn,
+        byte* tmp;
+    #ifdef WOLFSSL_NO_REALLOC
+        tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL,
+                DYNAMIC_TYPE_OPENSSL);
+        if (tmp != NULL) {
+            XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz);
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
+        }
+    #else
+        tmp = (byte*)XREALLOC(ctx->authIn,
                 (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL);
+    #endif
         if (tmp) {
             ctx->authIn = tmp;
             XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl);
@@ -735,7 +784,7 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 #if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM)
 #if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM)
-    if (ctx->cipherType == SM4_GCM_TYPE)
+    if (ctx->cipherType == WC_SM4_GCM_TYPE)
 #endif
     {
         int ret = 0;
@@ -745,9 +794,19 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
             /* Buffer input for one-shot API */
             if (inl > 0) {
                 byte* tmp;
+            #ifdef WOLFSSL_NO_REALLOC
+                tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL,
+                        DYNAMIC_TYPE_OPENSSL);
+                if (tmp != NULL) {
+                    XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen);
+                    XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
+                    ctx->authBuffer = NULL;
+                }
+            #else
                 tmp = (byte*)XREALLOC(ctx->authBuffer,
                         (size_t)(ctx->authBufferLen + inl), NULL,
                         DYNAMIC_TYPE_OPENSSL);
+            #endif
                 if (tmp) {
                     XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl);
                     ctx->authBufferLen += inl;
@@ -817,8 +876,19 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
 static int wolfSSL_EVP_CipherUpdate_CCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
         const unsigned char *in, int inl) {
     if (in && inl > 0) {
-        byte* tmp = (byte*)XREALLOC(ctx->authIn,
+        byte* tmp;
+    #ifdef WOLFSSL_NO_REALLOC
+        tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL,
+                DYNAMIC_TYPE_OPENSSL);
+        if (tmp != NULL) {
+            XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz);
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
+        }
+    #else
+        tmp = (byte*)XREALLOC(ctx->authIn,
                 (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL);
+    #endif
         if (tmp) {
             ctx->authIn = tmp;
             XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl);
@@ -843,9 +913,19 @@ static int wolfSSL_EVP_CipherUpdate_CCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
         /* Buffer input for one-shot API */
         if (inl > 0) {
             byte* tmp;
+        #ifdef WOLFSSL_NO_REALLOC
+            tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL,
+                    DYNAMIC_TYPE_OPENSSL);
+            if (tmp != NULL) {
+                XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen);
+                XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
+                ctx->authBuffer = NULL;
+            }
+        #else
             tmp = (byte*)XREALLOC(ctx->authBuffer,
                     (size_t)(ctx->authBufferLen + inl), NULL,
                     DYNAMIC_TYPE_OPENSSL);
+        #endif
             if (tmp) {
                 XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl);
                 ctx->authBufferLen += inl;
@@ -875,8 +955,19 @@ static int wolfSSL_EVP_CipherUpdate_AriaGCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
         const unsigned char *in, int inl)
 {
     if (in && inl > 0) {
-        byte* tmp = (byte*)XREALLOC(ctx->authIn,
+        byte* tmp;
+    #ifdef WOLFSSL_NO_REALLOC
+        tmp = (byte*)XMALLOC((size_t)ctx->authInSz + inl, NULL,
+                DYNAMIC_TYPE_OPENSSL);
+        if (tmp != NULL) {
+            XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz);
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
+        }
+    #else
+        tmp = (byte*)XREALLOC(ctx->authIn,
                 (size_t)ctx->authInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL);
+    #endif
         if (tmp) {
             ctx->authIn = tmp;
             XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl);
@@ -905,9 +996,18 @@ static int wolfSSL_EVP_CipherUpdate_AriaGCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
             if (ctx->enc == 0) { /* Append extra space for the tag */
                 size = WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(size);
             }
-            tmp = (byte*)XREALLOC(ctx->authBuffer,
-                    (size_t)size, NULL,
-                    DYNAMIC_TYPE_OPENSSL);
+        #ifdef WOLFSSL_NO_REALLOC
+            tmp = (byte*)XMALLOC((size_t)size, NULL,
+                DYNAMIC_TYPE_OPENSSL);
+            if (tmp != NULL) {
+                XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen);
+                XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
+                ctx->authBuffer = NULL;
+            }
+        #else
+            tmp = (byte*)XREALLOC(ctx->authBuffer, (size_t)size, NULL,
+                DYNAMIC_TYPE_OPENSSL);
+        #endif
             if (tmp) {
                 XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl);
                 ctx->authBufferLen += inl;
@@ -959,30 +1059,38 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
     }
 
     switch (ctx->cipherType) {
+        case WC_NULL_CIPHER_TYPE:
+            if (out == NULL) {
+                WOLFSSL_MSG("Bad argument");
+                return WOLFSSL_FAILURE;
+            }
+            XMEMCPY(out, in, inl);
+            *outl = inl;
+            return WOLFSSL_SUCCESS;
 #if !defined(NO_AES) && defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
 #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
 #if !defined(NO_AES) && defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             /* if out == NULL, in/inl contains the
              * additional auth data */
             return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
 #endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */
 #if defined(HAVE_ARIA)
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl);
 #endif /* defined(HAVE_ARIA) */
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             if (out == NULL) {
                 if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in,
                                                   (word32)inl) != 0) {
@@ -1007,7 +1115,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
             }
 #endif
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             if (wc_Chacha_Process(&ctx->cipher.chacha, out, in, (word32)inl) !=
                     0) {
                 WOLFSSL_MSG("wc_ChaCha_Process failed");
@@ -1017,12 +1125,12 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
             return WOLFSSL_SUCCESS;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             /* if out == NULL, in/inl contains the
              * additional auth data */
             return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
@@ -1175,9 +1283,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
     switch (ctx->cipherType) {
 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
 #ifndef WOLFSSL_AESGCM_STREAM
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
@@ -1248,7 +1356,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
                 }
                 else {
                     /* Clear IV, since IV reuse is not recommended for AES GCM. */
-                    XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                    XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
                 }
                 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
                     ret = WOLFSSL_FAILURE;
@@ -1259,9 +1367,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
                 if (ctx->enc) {
@@ -1307,7 +1415,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
                 else {
                     /* Clear IV, since IV reuse is not recommended
                      * for AES CCM. */
-                    XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                    XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
                 }
                 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
                     ret = WOLFSSL_FAILURE;
@@ -1318,9 +1426,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1372,7 +1480,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
 #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly,
                                           ctx->authTag) != 0) {
                 WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed");
@@ -1385,7 +1493,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
             break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
                      (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1436,7 +1544,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
             break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
                     (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1561,20 +1669,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
          */
         if (FALSE
         #ifdef HAVE_AESGCM
-            || ctx->cipherType == AES_128_GCM_TYPE ||
-            ctx->cipherType == AES_192_GCM_TYPE ||
-            ctx->cipherType == AES_256_GCM_TYPE
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
+            ctx->cipherType == WC_AES_192_GCM_TYPE ||
+            ctx->cipherType == WC_AES_256_GCM_TYPE
         #endif
         #ifdef HAVE_AESCCM
-            || ctx->cipherType == AES_128_CCM_TYPE ||
-            ctx->cipherType == AES_192_CCM_TYPE ||
-            ctx->cipherType == AES_256_CCM_TYPE
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
+            ctx->cipherType == WC_AES_192_CCM_TYPE ||
+            ctx->cipherType == WC_AES_256_CCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_GCM
-            || ctx->cipherType == SM4_GCM_TYPE
+            || ctx->cipherType == WC_SM4_GCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_CCM
-            || ctx->cipherType == SM4_CCM_TYPE
+            || ctx->cipherType == WC_SM4_CCM_TYPE
         #endif
             ) {
             tmp = ctx->authIvGenEnable;
@@ -1589,20 +1697,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
     ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef HAVE_AESGCM
-            || ctx->cipherType == AES_128_GCM_TYPE ||
-            ctx->cipherType == AES_192_GCM_TYPE ||
-            ctx->cipherType == AES_256_GCM_TYPE
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
+            ctx->cipherType == WC_AES_192_GCM_TYPE ||
+            ctx->cipherType == WC_AES_256_GCM_TYPE
         #endif
         #ifdef HAVE_AESCCM
-            || ctx->cipherType == AES_128_CCM_TYPE ||
-            ctx->cipherType == AES_192_CCM_TYPE ||
-            ctx->cipherType == AES_256_CCM_TYPE
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
+            ctx->cipherType == WC_AES_192_CCM_TYPE ||
+            ctx->cipherType == WC_AES_256_CCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_GCM
-            || ctx->cipherType == SM4_GCM_TYPE
+            || ctx->cipherType == WC_SM4_GCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_CCM
-            || ctx->cipherType == SM4_CCM_TYPE
+            || ctx->cipherType == WC_SM4_CCM_TYPE
         #endif
             ) {
             ctx->authIvGenEnable = (tmp == 1);
@@ -1626,7 +1734,7 @@ int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 {
     int fl;
     if (ctx == NULL || out == NULL || outl == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy");
     if (ctx->block_size == 1) {
@@ -1665,80 +1773,80 @@ int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
 {
-    if (ctx == NULL) return BAD_FUNC_ARG;
+    if (ctx == NULL) return WOLFSSL_FAILURE;
     switch (ctx->cipherType) {
 #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4)
 #if !defined(NO_AES)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-    case AES_128_CBC_TYPE:
-    case AES_192_CBC_TYPE:
-    case AES_256_CBC_TYPE:
+    case WC_AES_128_CBC_TYPE:
+    case WC_AES_192_CBC_TYPE:
+    case WC_AES_256_CBC_TYPE:
 #endif
 #if defined(HAVE_AESGCM)
-    case AES_128_GCM_TYPE:
-    case AES_192_GCM_TYPE:
-    case AES_256_GCM_TYPE:
+    case WC_AES_128_GCM_TYPE:
+    case WC_AES_192_GCM_TYPE:
+    case WC_AES_256_GCM_TYPE:
 #endif
 #if defined(HAVE_AESCCM)
-    case AES_128_CCM_TYPE:
-    case AES_192_CCM_TYPE:
-    case AES_256_CCM_TYPE:
+    case WC_AES_128_CCM_TYPE:
+    case WC_AES_192_CCM_TYPE:
+    case WC_AES_256_CCM_TYPE:
 #endif
 #if defined(WOLFSSL_AES_COUNTER)
-    case AES_128_CTR_TYPE:
-    case AES_192_CTR_TYPE:
-    case AES_256_CTR_TYPE:
+    case WC_AES_128_CTR_TYPE:
+    case WC_AES_192_CTR_TYPE:
+    case WC_AES_256_CTR_TYPE:
 #endif
 #if defined(WOLFSSL_AES_CFB)
-    case AES_128_CFB1_TYPE:
-    case AES_192_CFB1_TYPE:
-    case AES_256_CFB1_TYPE:
-    case AES_128_CFB8_TYPE:
-    case AES_192_CFB8_TYPE:
-    case AES_256_CFB8_TYPE:
-    case AES_128_CFB128_TYPE:
-    case AES_192_CFB128_TYPE:
-    case AES_256_CFB128_TYPE:
+    case WC_AES_128_CFB1_TYPE:
+    case WC_AES_192_CFB1_TYPE:
+    case WC_AES_256_CFB1_TYPE:
+    case WC_AES_128_CFB8_TYPE:
+    case WC_AES_192_CFB8_TYPE:
+    case WC_AES_256_CFB8_TYPE:
+    case WC_AES_128_CFB128_TYPE:
+    case WC_AES_192_CFB128_TYPE:
+    case WC_AES_256_CFB128_TYPE:
 #endif
 #if defined(WOLFSSL_AES_OFB)
-    case AES_128_OFB_TYPE:
-    case AES_192_OFB_TYPE:
-    case AES_256_OFB_TYPE:
+    case WC_AES_128_OFB_TYPE:
+    case WC_AES_192_OFB_TYPE:
+    case WC_AES_256_OFB_TYPE:
 #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    case AES_128_XTS_TYPE:
-    case AES_256_XTS_TYPE:
+    case WC_AES_128_XTS_TYPE:
+    case WC_AES_256_XTS_TYPE:
 #endif
 #if defined(HAVE_ARIA)
-    case ARIA_128_GCM_TYPE:
-    case ARIA_192_GCM_TYPE:
-    case ARIA_256_GCM_TYPE:
+    case WC_ARIA_128_GCM_TYPE:
+    case WC_ARIA_192_GCM_TYPE:
+    case WC_ARIA_256_GCM_TYPE:
 #endif
 
-    case AES_128_ECB_TYPE:
-    case AES_192_ECB_TYPE:
-    case AES_256_ECB_TYPE:
+    case WC_AES_128_ECB_TYPE:
+    case WC_AES_192_ECB_TYPE:
+    case WC_AES_256_ECB_TYPE:
 #endif /* !NO_AES */
 #ifndef NO_DES3
-    case DES_CBC_TYPE:
-    case DES_ECB_TYPE:
-    case DES_EDE3_CBC_TYPE:
-    case DES_EDE3_ECB_TYPE:
+    case WC_DES_CBC_TYPE:
+    case WC_DES_ECB_TYPE:
+    case WC_DES_EDE3_CBC_TYPE:
+    case WC_DES_EDE3_ECB_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_ECB
-    case SM4_ECB_TYPE:
+    case WC_SM4_ECB_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CBC
-    case SM4_CBC_TYPE:
+    case WC_SM4_CBC_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CTR
-    case SM4_CTR_TYPE:
+    case WC_SM4_CTR_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_GCM
-    case SM4_GCM_TYPE:
+    case WC_SM4_GCM_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CCM
-    case SM4_CCM_TYPE:
+    case WC_SM4_CCM_TYPE:
 #endif
         return ctx->block_size;
 #endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */
@@ -1752,193 +1860,195 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     if (cipher == NULL) return 0; /* dummy for #ifdef */
 #ifndef NO_DES3
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC))
-        return DES_CBC_TYPE;
+        return WC_DES_CBC_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC))
-        return DES_EDE3_CBC_TYPE;
+        return WC_DES_EDE3_CBC_TYPE;
 #if !defined(NO_DES3)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB))
-        return DES_ECB_TYPE;
+        return WC_DES_ECB_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB))
-        return DES_EDE3_ECB_TYPE;
+        return WC_DES_EDE3_ECB_TYPE;
 #endif /* NO_DES3 && HAVE_AES_ECB */
 #endif
 #if !defined(NO_AES)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC))
-        return AES_128_CBC_TYPE;
+        return WC_AES_128_CBC_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC))
-        return AES_192_CBC_TYPE;
+        return WC_AES_192_CBC_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC))
-        return AES_256_CBC_TYPE;
+        return WC_AES_256_CBC_TYPE;
     #endif
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
 #if defined(HAVE_AESGCM)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM))
-        return AES_128_GCM_TYPE;
+        return WC_AES_128_GCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM))
-        return AES_192_GCM_TYPE;
+        return WC_AES_192_GCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM))
-        return AES_256_GCM_TYPE;
+        return WC_AES_256_GCM_TYPE;
     #endif
 #endif /* HAVE_AESGCM */
 #if defined(HAVE_AESCCM)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CCM))
-        return AES_128_CCM_TYPE;
+        return WC_AES_128_CCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CCM))
-        return AES_192_CCM_TYPE;
+        return WC_AES_192_CCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CCM))
-        return AES_256_CCM_TYPE;
+        return WC_AES_256_CCM_TYPE;
     #endif
 #endif /* HAVE_AESCCM */
 #if defined(WOLFSSL_AES_COUNTER)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR))
-        return AES_128_CTR_TYPE;
+        return WC_AES_128_CTR_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR))
-        return AES_192_CTR_TYPE;
+        return WC_AES_192_CTR_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR))
-        return AES_256_CTR_TYPE;
+        return WC_AES_256_CTR_TYPE;
     #endif
 #endif /* HAVE_AES_CBC */
 #if defined(HAVE_AES_ECB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB))
-        return AES_128_ECB_TYPE;
+        return WC_AES_128_ECB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB))
-        return AES_192_ECB_TYPE;
+        return WC_AES_192_ECB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB))
-        return AES_256_ECB_TYPE;
+        return WC_AES_256_ECB_TYPE;
     #endif
 #endif /*HAVE_AES_CBC */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS))
-        return AES_128_XTS_TYPE;
+        return WC_AES_128_XTS_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS))
-        return AES_256_XTS_TYPE;
+        return WC_AES_256_XTS_TYPE;
     #endif
 #endif /* WOLFSSL_AES_XTS */
 #if defined(WOLFSSL_AES_CFB)
+#ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1))
-        return AES_128_CFB1_TYPE;
+        return WC_AES_128_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1))
-        return AES_192_CFB1_TYPE;
+        return WC_AES_192_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1))
-        return AES_256_CFB1_TYPE;
+        return WC_AES_256_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8))
-        return AES_128_CFB8_TYPE;
+        return WC_AES_128_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8))
-        return AES_192_CFB8_TYPE;
+        return WC_AES_192_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8))
-        return AES_256_CFB8_TYPE;
+        return WC_AES_256_CFB8_TYPE;
     #endif
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128))
-        return AES_128_CFB128_TYPE;
+        return WC_AES_128_CFB128_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128))
-        return AES_192_CFB128_TYPE;
+        return WC_AES_192_CFB128_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128))
-        return AES_256_CFB128_TYPE;
+        return WC_AES_256_CFB128_TYPE;
     #endif
 #endif /*HAVE_AES_CBC */
 #if defined(WOLFSSL_AES_OFB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB))
-      return AES_128_OFB_TYPE;
+      return WC_AES_128_OFB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB))
-      return AES_192_OFB_TYPE;
+      return WC_AES_192_OFB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB))
-      return AES_256_OFB_TYPE;
+      return WC_AES_256_OFB_TYPE;
     #endif
 #endif
 #endif /* !NO_AES */
 #if defined(HAVE_ARIA)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM))
-        return ARIA_128_GCM_TYPE;
+        return WC_ARIA_128_GCM_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM))
-        return ARIA_192_GCM_TYPE;
+        return WC_ARIA_192_GCM_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM))
-        return ARIA_256_GCM_TYPE;
+        return WC_ARIA_256_GCM_TYPE;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_RC4
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4))
-      return ARC4_TYPE;
+      return WC_ARC4_TYPE;
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20_POLY1305))
-        return CHACHA20_POLY1305_TYPE;
+        return WC_CHACHA20_POLY1305_TYPE;
 #endif
 
 #ifdef HAVE_CHACHA
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20))
-        return CHACHA20_TYPE;
+        return WC_CHACHA20_TYPE;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_ECB))
-        return SM4_ECB_TYPE;
+        return WC_SM4_ECB_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CBC
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CBC))
-        return SM4_CBC_TYPE;
+        return WC_SM4_CBC_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CTR))
-        return SM4_CTR_TYPE;
+        return WC_SM4_CTR_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_GCM
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_GCM))
-        return SM4_GCM_TYPE;
+        return WC_SM4_GCM_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CCM
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CCM))
-        return SM4_CCM_TYPE;
+        return WC_SM4_CCM_TYPE;
 #endif
 
       else return 0;
@@ -1947,112 +2057,112 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
 {
     if (cipher == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
-            return AES_BLOCK_SIZE;
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
+            return WC_AES_BLOCK_SIZE;
     #endif
     #if defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             return 1;
     #endif
     #if defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             return 1;
     #endif
     #if defined(HAVE_AES_ECB)
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
-            return AES_BLOCK_SIZE;
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
+            return WC_AES_BLOCK_SIZE;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             return 1;
     #endif
   #endif /* NO_AES */
 
   #ifndef NO_RC4
-        case ARC4_TYPE:
+        case WC_ARC4_TYPE:
             return 1;
   #endif
 #if defined(HAVE_ARIA)
-    case ARIA_128_GCM_TYPE:
-    case ARIA_192_GCM_TYPE:
-    case ARIA_256_GCM_TYPE:
+    case WC_ARIA_128_GCM_TYPE:
+    case WC_ARIA_192_GCM_TYPE:
+    case WC_ARIA_256_GCM_TYPE:
         return 1;
 #endif
 
 #ifndef NO_DES3
-        case DES_CBC_TYPE: return 8;
-        case DES_EDE3_CBC_TYPE: return 8;
-        case DES_ECB_TYPE: return 8;
-        case DES_EDE3_ECB_TYPE: return 8;
+        case WC_DES_CBC_TYPE: return 8;
+        case WC_DES_EDE3_CBC_TYPE: return 8;
+        case WC_DES_ECB_TYPE: return 8;
+        case WC_DES_EDE3_ECB_TYPE: return 8;
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             return 1;
 #endif
 
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             return 1;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-       case SM4_ECB_TYPE:
+       case WC_SM4_ECB_TYPE:
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-       case SM4_CBC_TYPE:
+       case WC_SM4_CBC_TYPE:
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-       case SM4_CTR_TYPE:
+       case WC_SM4_CTR_TYPE:
             return 1;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-       case SM4_GCM_TYPE:
+       case WC_SM4_GCM_TYPE:
             return 1;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-       case SM4_CCM_TYPE:
+       case WC_SM4_CCM_TYPE:
             return 1;
 #endif
 
@@ -2066,107 +2176,107 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
     #endif
     #if defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #if defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             return WOLFSSL_EVP_CIPH_CCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             return WOLFSSL_EVP_CIPH_CTR_MODE;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             return WOLFSSL_EVP_CIPH_CFB_MODE;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             return WOLFSSL_EVP_CIPH_OFB_MODE;
     #endif
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             return WOLFSSL_EVP_CIPH_XTS_MODE;
     #endif
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
 #endif /* !NO_AES */
     #if defined(HAVE_ARIA)
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifndef NO_DES3
-        case DES_CBC_TYPE:
-        case DES_EDE3_CBC_TYPE:
+        case WC_DES_CBC_TYPE:
+        case WC_DES_EDE3_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
-        case DES_ECB_TYPE:
-        case DES_EDE3_ECB_TYPE:
+        case WC_DES_ECB_TYPE:
+        case WC_DES_EDE3_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
     #endif
     #ifndef NO_RC4
-        case ARC4_TYPE:
-            return EVP_CIPH_STREAM_CIPHER;
+        case WC_ARC4_TYPE:
+            return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
     #endif
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             return WOLFSSL_EVP_CIPH_STREAM_CIPHER |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
     #endif
     #ifdef WOLFSSL_SM4_ECB
-        case SM4_ECB_TYPE:
+        case WC_SM4_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
     #endif
     #ifdef WOLFSSL_SM4_CBC
-        case SM4_CBC_TYPE:
+        case WC_SM4_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
     #endif
     #ifdef WOLFSSL_SM4_CTR
-        case SM4_CTR_TYPE:
+        case WC_SM4_CTR_TYPE:
             return WOLFSSL_EVP_CIPH_CTR_MODE;
     #endif
     #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             return WOLFSSL_EVP_CIPH_CCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
@@ -2207,7 +2317,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
     int padding)
 {
     if (ctx == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     if (padding) {
         ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING;
     }
@@ -2219,9 +2329,10 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
 {
-    (void)digest;
     /* nothing to do */
-    return 0;
+    if (digest == NULL)
+        return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
 
 
@@ -2273,8 +2384,8 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
     if (ctx == NULL) return NULL;
     XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
     ctx->pkey = pkey;
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    ctx->padding = RSA_PKCS1_PADDING;
+#if !defined(NO_RSA)
+    ctx->padding = WC_RSA_PKCS1_PADDING;
     ctx->md = NULL;
 #endif
 #ifdef HAVE_ECC
@@ -2316,7 +2427,7 @@ int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
  * returns WOLFSSL_SUCCESS on success.
  */
 int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx,
-    const EVP_MD* md)
+    const WOLFSSL_EVP_MD* md)
 {
     if (ctx == NULL) return 0;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_signature_md");
@@ -2368,7 +2479,7 @@ int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return WOLFSSL_FAILURE;
     }
     wolfSSL_EVP_PKEY_free(ctx->peerKey);
-    ctx->op = EVP_PKEY_OP_DERIVE;
+    ctx->op = WC_EVP_PKEY_OP_DERIVE;
     ctx->padding = 0;
     ctx->nbits = 0;
     return WOLFSSL_SUCCESS;
@@ -2378,7 +2489,7 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY
 {
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) {
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE) {
         return WOLFSSL_FAILURE;
     }
     wolfSSL_EVP_PKEY_free(ctx->peerKey);
@@ -2413,14 +2524,14 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
 
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
-        && ctx->pkey->type != EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
-        != EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
+        && ctx->pkey->type != WC_EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
+        != WC_EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
         return WOLFSSL_FAILURE;
     }
     switch (ctx->pkey->type) {
 #ifndef NO_DH
-    case EVP_PKEY_DH:
+    case WC_EVP_PKEY_DH:
         /* Use DH */
         if (!ctx->pkey->dh || !ctx->peerKey->dh) {
             return WOLFSSL_FAILURE;
@@ -2453,7 +2564,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
         break;
 #endif
 #if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         /* Use ECDH */
         if (!ctx->pkey->ecc || !ctx->peerKey->ecc) {
             return WOLFSSL_FAILURE;
@@ -2497,9 +2608,9 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
 #endif
                 return WOLFSSL_FAILURE;
             }
-            if (wc_ecc_shared_secret_ssh((ecc_key*)ctx->pkey->ecc->internal,
-                                         (ecc_point*)ctx->peerKey->ecc->pub_key->internal,
-                                         key, &len32) != MP_OKAY) {
+            if (wc_ecc_shared_secret((ecc_key*)ctx->pkey->ecc->internal,
+                    (ecc_key*)ctx->peerKey->ecc->internal, key, &len32)
+                    != MP_OKAY) {
                 WOLFSSL_MSG("wc_ecc_shared_secret failed");
 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
     && (!defined(HAVE_FIPS) || \
@@ -2521,7 +2632,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
         break;
 #endif
 #ifdef HAVE_HKDF
-    case EVP_PKEY_HKDF:
+    case WC_EVP_PKEY_HKDF:
         (void)len;
 
         hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd);
@@ -2529,8 +2640,8 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
             WOLFSSL_MSG("Invalid hash type for HKDF.");
             return WOLFSSL_FAILURE;
         }
-        if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
-            if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
+        if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
+            if (wc_HKDF((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
                         ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz,
                         ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key,
                         (word32)*keylen) != 0) {
@@ -2538,8 +2649,8 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
                 return WOLFSSL_FAILURE;
             }
         }
-        else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
-            if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt,
+        else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
+            if (wc_HKDF_Extract((int)hkdfHashType, ctx->pkey->hkdfSalt,
                                 ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey,
                                 ctx->pkey->hkdfKeySz, key) != 0) {
                 WOLFSSL_MSG("wc_HKDF_Extract failed.");
@@ -2555,8 +2666,8 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
                 *keylen = (size_t)hkdfHashSz;
             }
         }
-        else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
-            if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey,
+        else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
+            if (wc_HKDF_Expand((int)hkdfHashType, ctx->pkey->hkdfKey,
                                ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo,
                                ctx->pkey->hkdfInfoSz, key,
                                (word32)*keylen) != 0) {
@@ -2611,15 +2722,13 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
 
     if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) {
-        if (ctx->pkey->hkdfSalt != NULL) {
-            XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
-        }
+        XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
         ctx->pkey->hkdfSalt = (byte*)XMALLOC((size_t)saltSz, NULL,
             DYNAMIC_TYPE_SALT);
         if (ctx->pkey->hkdfSalt == NULL) {
@@ -2648,15 +2757,13 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
 
     if (ret == WOLFSSL_SUCCESS) {
-        if (ctx->pkey->hkdfKey != NULL) {
-            XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
-        }
+        XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
         ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL,
             DYNAMIC_TYPE_KEY);
         if (ctx->pkey->hkdfKey == NULL) {
@@ -2685,7 +2792,7 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2693,9 +2800,19 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
     if (ret == WOLFSSL_SUCCESS && info != NULL && infoSz > 0) {
         unsigned char* p;
         /* If there's already info in the buffer, append. */
+    #ifdef WOLFSSL_NO_REALLOC
+        p = (byte*)XMALLOC((size_t)(ctx->pkey->hkdfInfoSz + (word32)infoSz), NULL,
+            DYNAMIC_TYPE_INFO);
+        if (p != NULL) {
+            XMEMCPY(p, ctx->pkey->hkdfInfo, (size_t)ctx->pkey->hkdfInfoSz);
+            XFREE(ctx->pkey->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
+            ctx->pkey->hkdfInfo = NULL;
+        }
+    #else
         p = (byte*)XREALLOC(ctx->pkey->hkdfInfo,
             (size_t)(ctx->pkey->hkdfInfoSz + (word32)infoSz), NULL,
             DYNAMIC_TYPE_INFO);
+    #endif
         if (p == NULL) {
             WOLFSSL_MSG("Failed to reallocate larger HKDF info buffer.");
             ret = WOLFSSL_FAILURE;
@@ -2725,9 +2842,10 @@ int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode)
     }
 
     if (ret == WOLFSSL_SUCCESS &&
-        mode != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
-        mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
-        mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
+    {
         WOLFSSL_MSG("Invalid HKDF mode.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2774,8 +2892,8 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
     (void)len;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    case EVP_PKEY_RSA:
+#if !defined(NO_RSA)
+    case WC_EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
                 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
@@ -2804,8 +2922,8 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         }
 #endif /* NO_RSA */
 
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("EVP_PKEY_EC not implemented.");
+    case WC_EVP_PKEY_EC:
+        WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented.");
         FALL_THROUGH;
     default:
         break;
@@ -2826,10 +2944,10 @@ int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
     if (ctx == NULL) return WOLFSSL_FAILURE;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init");
     switch (ctx->pkey->type) {
-    case EVP_PKEY_RSA:
-        ctx->op = EVP_PKEY_OP_DECRYPT;
+    case WC_EVP_PKEY_RSA:
+        ctx->op = WC_EVP_PKEY_OP_DECRYPT;
         return WOLFSSL_SUCCESS;
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -2864,8 +2982,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         return 0;
     }
 
-    if (ctx->op != EVP_PKEY_OP_ENCRYPT) {
-        WOLFSSL_MSG("ctx->op must be set to EVP_PKEY_OP_ENCRYPT. Use "
+    if (ctx->op != WC_EVP_PKEY_OP_ENCRYPT) {
+        WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_ENCRYPT. Use "
             "wolfSSL_EVP_PKEY_encrypt_init.");
         return WOLFSSL_FAILURE;
     }
@@ -2877,8 +2995,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
     (void)len;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    case EVP_PKEY_RSA:
+#if !defined(NO_RSA)
+    case WC_EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
                 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
@@ -2908,8 +3026,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         }
 #endif /* NO_RSA */
 
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("EVP_PKEY_EC not implemented");
+    case WC_EVP_PKEY_EC:
+        WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented");
         FALL_THROUGH;
     default:
         break;
@@ -2931,10 +3049,10 @@ int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init");
 
     switch (ctx->pkey->type) {
-    case EVP_PKEY_RSA:
-        ctx->op = EVP_PKEY_OP_ENCRYPT;
+    case WC_EVP_PKEY_RSA:
+        ctx->op = WC_EVP_PKEY_OP_ENCRYPT;
         return WOLFSSL_SUCCESS;
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -2958,23 +3076,23 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return ret;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-        case EVP_PKEY_RSA:
-            ctx->op = EVP_PKEY_OP_SIGN;
+#if !defined(NO_RSA)
+        case WC_EVP_PKEY_RSA:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_DSA:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_EC:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* HAVE_ECC */
@@ -2997,7 +3115,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
         return WOLFSSL_FAILURE;
 
     (void)sig;
@@ -3006,8 +3124,8 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
     (void)tbslen;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    case EVP_PKEY_RSA: {
+#if !defined(NO_RSA)
+    case WC_EVP_PKEY_RSA: {
         unsigned int usiglen = (unsigned int)*siglen;
         if (!sig) {
             int len;
@@ -3032,13 +3150,13 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-    case EVP_PKEY_DSA: {
+    case WC_EVP_PKEY_DSA: {
         int bytes;
         int ret;
         if (!ctx->pkey->dsa)
             return WOLFSSL_FAILURE;
         bytes = wolfSSL_BN_num_bytes(ctx->pkey->dsa->q);
-        if (bytes == WOLFSSL_FAILURE)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WOLFSSL_FAILURE;
         bytes *= 2;
         if (!sig) {
@@ -3051,7 +3169,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
         /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
         if (ret != WOLFSSL_SUCCESS)
             return ret;
-        if (bytes == WOLFSSL_FAILURE)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WOLFSSL_FAILURE;
         *siglen = (size_t)bytes;
         return WOLFSSL_SUCCESS;
@@ -3059,7 +3177,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         int ret;
         WOLFSSL_ECDSA_SIG *ecdsaSig;
         if (!sig) {
@@ -3120,21 +3238,21 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-        case EVP_PKEY_RSA:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+#if !defined(NO_RSA)
+        case WC_EVP_PKEY_RSA:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_DSA:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_EC:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* HAVE_ECC */
 
@@ -3158,19 +3276,19 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_VERIFY || !ctx->pkey)
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_VERIFY || !ctx->pkey)
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    case EVP_PKEY_RSA:
+#if !defined(NO_RSA)
+    case WC_EVP_PKEY_RSA:
         return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs,
             (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa,
             ctx->padding);
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-     case EVP_PKEY_DSA: {
+     case WC_EVP_PKEY_DSA: {
         int dsacheck = 0;
         if (wolfSSL_DSA_do_verify(tbs, (unsigned char *)sig, ctx->pkey->dsa,
             &dsacheck) != WOLFSSL_SUCCESS || dsacheck != 1)
@@ -3180,7 +3298,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         int ret;
         WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
             NULL, (const unsigned char **)&sig, (long)siglen);
@@ -3211,6 +3329,8 @@ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey)
     if (pkey == NULL) return 0;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits");
     if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0;
+    if (bytes < 0)
+        return 0;
     return bytes*8;
 }
 
@@ -3226,7 +3346,7 @@ int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
 {
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
 #ifdef HAVE_ECC
-    if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) {
+    if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == WC_EVP_PKEY_EC) {
         ctx->curveNID = nid;
         return WOLFSSL_SUCCESS;
     }
@@ -3259,7 +3379,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
 
     if (ret == WOLFSSL_SUCCESS && *pkey == NULL) {
         /* Only ECC is supported currently. */
-        if (ctx->pkey == NULL || ctx->pkey->type != EVP_PKEY_EC) {
+        if (ctx->pkey == NULL || ctx->pkey->type != WC_EVP_PKEY_EC) {
             WOLFSSL_MSG("Key not set or key type not supported.");
             ret = WOLFSSL_FAILURE;
         }
@@ -3280,7 +3400,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
         #ifdef HAVE_ECC
             /* For ECC parameter generation we just need to set the group, which
              * wolfSSL_EC_KEY_new_by_curve_name will do. */
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 (*pkey)->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
                 if ((*pkey)->ecc == NULL) {
                     WOLFSSL_MSG("Failed to create WOLFSSL_EC_KEY.");
@@ -3330,24 +3450,24 @@ int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
   WOLFSSL_EVP_PKEY **ppkey)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int ownPkey = 0;
     WOLFSSL_EVP_PKEY* pkey;
 
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
 
     if (ctx == NULL || ppkey == NULL) {
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
     pkey = *ppkey;
     if (pkey == NULL) {
         if (ctx->pkey == NULL ||
-                (ctx->pkey->type != EVP_PKEY_EC &&
-                 ctx->pkey->type != EVP_PKEY_RSA &&
-                 ctx->pkey->type != EVP_PKEY_DH)) {
+                (ctx->pkey->type != WC_EVP_PKEY_EC &&
+                 ctx->pkey->type != WC_EVP_PKEY_RSA &&
+                 ctx->pkey->type != WC_EVP_PKEY_DH)) {
             WOLFSSL_MSG("Key not set or key type not supported");
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
         pkey = wolfSSL_EVP_PKEY_new();
         if (pkey == NULL) {
@@ -3358,9 +3478,8 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
     }
 
     switch (pkey->type) {
-#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-        case EVP_PKEY_RSA:
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+        case WC_EVP_PKEY_RSA:
             pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
                 NULL, NULL);
             if (pkey->rsa) {
@@ -3372,7 +3491,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             break;
 #endif
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             /* pkey->ecc may not be NULL, if, for example, it was populated by a
              * prior call to wolfSSL_EVP_PKEY_paramgen. */
             if (pkey->ecc == NULL) {
@@ -3387,7 +3506,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             break;
 #endif
 #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
             pkey->dh = wolfSSL_DH_new();
             if (pkey->dh) {
                 pkey->ownDh = 1;
@@ -3433,12 +3552,12 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
 
     switch (pkey->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (pkey->dsa == NULL ||
                 (!pkey->dsa->exSet &&
                         SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS))
@@ -3447,7 +3566,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
 #endif
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
             WOLFSSL_MSG("No ECC key has been set");
             break;
@@ -3472,7 +3591,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         return WOLFSSL_FAILURE;
     }
 
-    if (to->type == EVP_PKEY_NONE) {
+    if (to->type == WC_EVP_PKEY_NONE) {
         to->type = from->type;
     }
     else if (to->type != from->type) {
@@ -3482,7 +3601,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
 
     switch(from->type) {
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (from->ecc) {
             if (!to->ecc) {
                 if ((to->ecc = wolfSSL_EC_KEY_new()) == NULL) {
@@ -3502,7 +3621,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (from->dsa) {
             WOLFSSL_BIGNUM* cpy;
             if (!to->dsa) {
@@ -3544,7 +3663,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_DH
-    case EVP_PKEY_DH:
+    case WC_EVP_PKEY_DH:
         if (from->dh) {
             WOLFSSL_BIGNUM* cpy;
             if (!to->dh) {
@@ -3586,7 +3705,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
 #endif
     default:
         WOLFSSL_MSG("Copy parameters not available for this key type");
@@ -3633,13 +3752,13 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
     /* get size based on key type */
     switch (a->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa));
         b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa));
         break;
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (a->ecc == NULL || a->ecc->internal == NULL ||
             b->ecc == NULL || b->ecc->internal == NULL) {
             return ret;
@@ -3684,18 +3803,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
 static int DH_param_check(WOLFSSL_DH* dh_key)
 {
     int ret = WOLFSSL_SUCCESS;
-    WOLFSSL_BN_CTX* ctx = NULL;
     WOLFSSL_BIGNUM *num1 = NULL;
     WOLFSSL_BIGNUM *num2 = NULL;
 
     WOLFSSL_ENTER("DH_param_check");
 
-    ctx = wolfSSL_BN_CTX_new();
-    if (ctx == NULL) {
-        WOLFSSL_MSG("failed to allocate memory");
-        return WOLFSSL_FAILURE;
-    }
-
     num1 = wolfSSL_BN_new();
     num2 = wolfSSL_BN_new();
     if (num1 == NULL || num2 == NULL) {
@@ -3729,21 +3841,22 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
         dh_key->q != NULL)
     {
         if (ret == WOLFSSL_SUCCESS &&
-            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) ==
-            WOLFSSL_FAILURE) {
+            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL)
+               == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             WOLFSSL_MSG("BN_mod_exp failed");
             ret = WOLFSSL_FAILURE;
         }
         else
             if (ret == WOLFSSL_SUCCESS &&
-                wolfSSL_BN_is_one(num1) == WOLFSSL_FAILURE) {
+                wolfSSL_BN_is_one(num1) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("dh_key->g is not suitable generator");
                 ret = WOLFSSL_FAILURE;
             }
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
         /* test if the number q is prime. */
         if (ret == WOLFSSL_SUCCESS &&
-            (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) {
+            (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) {
             WOLFSSL_MSG("dh_key->q is not prime or error during check.");
             ret = WOLFSSL_FAILURE;
         } /* else TODO check q div q - 1. need BN_div */
@@ -3751,7 +3864,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
     }
 
     /* clean up */
-    wolfSSL_BN_CTX_free(ctx);
     wolfSSL_BN_free(num1);
     wolfSSL_BN_free(num2);
 
@@ -3777,23 +3889,23 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
     type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey));
     switch (type) {
         #if !defined(NO_RSA)
-            case EVP_PKEY_RSA:
-                WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented");
+            case WC_EVP_PKEY_RSA:
+                WOLFSSL_MSG("WC_EVP_PKEY_RSA not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if defined(HAVE_ECC)
-            case EVP_PKEY_EC:
-                WOLFSSL_MSG("EVP_PKEY_EC not yet implemented");
+            case WC_EVP_PKEY_EC:
+                WOLFSSL_MSG("WC_EVP_PKEY_EC not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if !defined(NO_DSA)
-            case EVP_PKEY_DSA:
-                WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented");
+            case WC_EVP_PKEY_DSA:
+                WOLFSSL_MSG("WC_EVP_PKEY_DSA not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
         #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey);
                 if (dh_key != NULL) {
                     ret = DH_param_check(dh_key);
@@ -3884,7 +3996,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     (void)siglen;
 
     WOLFSSL_ENTER("EVP_SignFinal");
-    if (ctx == NULL)
+    if (ctx == NULL || sigret == NULL || siglen == NULL || pkey == NULL)
         return WOLFSSL_FAILURE;
 
     ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
@@ -3892,8 +4004,8 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
         return ret;
 
     switch (pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    case EVP_PKEY_RSA: {
+#if !defined(NO_RSA)
+    case WC_EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd;
 
@@ -3909,22 +4021,43 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     }
 #endif /* NO_RSA */
 #ifndef NO_DSA
-    case EVP_PKEY_DSA: {
+    case WC_EVP_PKEY_DSA: {
         int bytes;
         ret = wolfSSL_DSA_do_sign(md, sigret, pkey->dsa);
         /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
         if (ret != WOLFSSL_SUCCESS)
             return ret;
         bytes = wolfSSL_BN_num_bytes(pkey->dsa->q);
-        if (bytes == WOLFSSL_FAILURE || (int)*siglen < bytes * 2)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) ||
+            (int)*siglen < bytes * 2)
+        {
             return WOLFSSL_FAILURE;
+        }
         *siglen = (unsigned int)(bytes * 2);
         return WOLFSSL_SUCCESS;
     }
 #endif
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("not implemented");
-        FALL_THROUGH;
+#ifdef HAVE_ECC
+    case WC_EVP_PKEY_EC: {
+        WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize,
+                pkey->ecc);
+        if (ecdsaSig == NULL)
+            return WOLFSSL_FAILURE;
+        /* get signature length only */
+        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
+        if (ret <= 0 || ret > (int)*siglen) {
+            wolfSSL_ECDSA_SIG_free(ecdsaSig);
+            return WOLFSSL_FAILURE;
+        }
+        /* perform validation of signature */
+        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret);
+        wolfSSL_ECDSA_SIG_free(ecdsaSig);
+        if (ret <= 0 || ret > (int)*siglen)
+            return WOLFSSL_FAILURE;
+        *siglen = (unsigned int)ret;
+        return WOLFSSL_SUCCESS;
+    }
+#endif
     default:
         break;
     }
@@ -3982,14 +4115,15 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     if (ctx == NULL) return WOLFSSL_FAILURE;
     WOLFSSL_ENTER("EVP_VerifyFinal");
     ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
-    if (ret <= 0) return ret;
+    if (ret <= 0)
+        return ret;
 
     (void)sig;
     (void)siglen;
 
     switch (pkey->type) {
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    case EVP_PKEY_RSA: {
+#if !defined(NO_RSA)
+    case WC_EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
         if (ctxmd == NULL) break;
@@ -3999,9 +4133,19 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
                 (unsigned int)siglen, pkey->rsa);
     }
 #endif /* NO_RSA */
-
-    case EVP_PKEY_DSA:
-    case EVP_PKEY_EC:
+#ifdef HAVE_ECC
+    case WC_EVP_PKEY_EC: {
+        WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
+            NULL, (const unsigned char **)&sig, (long)siglen);
+        if (ecdsaSig == NULL)
+            return WOLFSSL_FAILURE;
+        ret = wolfSSL_ECDSA_do_verify(md, (int)mdsize, ecdsaSig,
+            pkey->ecc);
+        wolfSSL_ECDSA_SIG_free(ecdsaSig);
+        return ret;
+    }
+#endif
+    case WC_EVP_PKEY_DSA:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -4012,9 +4156,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 
 int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher)
 {
-    (void)cipher;
     /* nothing to do */
-    return 0;
+    if (cipher == NULL)
+        return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
 
 
@@ -4025,7 +4170,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e,
 
     (void)e;
 
-    if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0))
+    if (type != WC_EVP_PKEY_HMAC || (key == NULL && keylen != 0))
         return NULL;
 
     pkey = wolfSSL_EVP_PKEY_new();
@@ -4071,7 +4216,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
     }
 
     ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e);
-    if (ret == WOLFSSL_FAILURE) {
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
         wolfSSL_CMAC_CTX_free(ctx);
         WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0);
         return NULL;
@@ -4091,7 +4236,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
                 XMEMCPY(pkey->pkey.ptr, priv, (size_t)len);
             }
             pkey->pkey_sz = (int)len;
-            pkey->type = pkey->save_type = EVP_PKEY_CMAC;
+            pkey->type = pkey->save_type = WC_EVP_PKEY_CMAC;
             pkey->cmacCtx = ctx;
         }
     }
@@ -4121,69 +4266,69 @@ static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type,
     int ret = 0;
 
 #ifndef NO_SHA256
-    if (XSTRCMP(type, "SHA256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha256) == 0) {
         *hashType = WC_SHA256;
     }
     else
 #endif
 #ifndef NO_SHA
-    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
+    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
         *hashType = WC_SHA;
     }
     else
 #endif /* NO_SHA */
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP(type, "SHA224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha224) == 0) {
         *hashType = WC_SHA224;
     }
     else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP(type, "SHA384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha384) == 0) {
         *hashType = WC_SHA384;
     }
     else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP(type, "SHA512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512) == 0) {
         *hashType = WC_SHA512;
     }
     else
 #endif
 #ifdef WOLFSSL_SHA3
     #ifndef WOLFSSL_NOSHA3_224
-        if (XSTRCMP(type, "SHA3_224") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
             *hashType = WC_SHA3_224;
         }
         else
     #endif
     #ifndef WOLFSSL_NOSHA3_256
-        if (XSTRCMP(type, "SHA3_256") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
             *hashType = WC_SHA3_256;
         }
         else
     #endif
     #ifndef WOLFSSL_NOSHA3_384
-        if (XSTRCMP(type, "SHA3_384") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
             *hashType = WC_SHA3_384;
         }
         else
     #endif
     #ifndef WOLFSSL_NOSHA3_512
-        if (XSTRCMP(type, "SHA3_512") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
             *hashType = WC_SHA3_512;
         }
         else
     #endif
 #endif
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP(type, "SM3") == 0) {
+    if (XSTRCMP(type, WC_SN_sm3) == 0) {
         *hashType = WC_SM3;
     }
     else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP(type, "MD5") == 0) {
+    if (XSTRCMP(type, WC_SN_md5) == 0) {
         *hashType = WC_MD5;
     }
     else
@@ -4213,11 +4358,11 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
         }
         type = wolfSSL_EVP_get_digestbynid(default_digest);
         if (type == NULL) {
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
     }
 
-    if (pkey->type == EVP_PKEY_HMAC) {
+    if (pkey->type == WC_EVP_PKEY_HMAC) {
         int hashType;
         int ret;
         size_t keySz = 0;
@@ -4276,23 +4421,39 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx,
     int  ret;
 
     if (ctx->isHMAC) {
-        Hmac hmacCopy;
-
-        if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS)
+#ifdef WOLFSSL_SMALL_STACK
+        Hmac *hmacCopy = (Hmac *)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_OPENSSL);
+        if (hmacCopy == NULL)
             return WOLFSSL_FAILURE;
-        ret = wc_HmacFinal(&hmacCopy, md) == 0;
-        wc_HmacFree(&hmacCopy);
+#else
+        Hmac hmacCopy[1];
+#endif
+        ret = wolfSSL_HmacCopy(hmacCopy, &ctx->hash.hmac);
+        if (ret == WOLFSSL_SUCCESS)
+            ret = wc_HmacFinal(hmacCopy, md) == 0;
+        wc_HmacFree(hmacCopy);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(hmacCopy, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
         return ret;
     }
     else {
-        WOLFSSL_EVP_MD_CTX ctxCopy;
-        wolfSSL_EVP_MD_CTX_init(&ctxCopy);
-
-        if (wolfSSL_EVP_MD_CTX_copy_ex(&ctxCopy, ctx) != WOLFSSL_SUCCESS)
+#ifdef WOLFSSL_SMALL_STACK
+        WOLFSSL_EVP_MD_CTX *ctxCopy = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ctxCopy == NULL)
             return WOLFSSL_FAILURE;
+#else
+        WOLFSSL_EVP_MD_CTX ctxCopy[1];
+#endif
+        wolfSSL_EVP_MD_CTX_init(ctxCopy);
 
-        ret = wolfSSL_EVP_DigestFinal(&ctxCopy, md, mdlen);
-        wolfSSL_EVP_MD_CTX_cleanup(&ctxCopy);
+        ret = wolfSSL_EVP_MD_CTX_copy_ex(ctxCopy, ctx);
+        if (ret == WOLFSSL_SUCCESS)
+            ret = wolfSSL_EVP_DigestFinal(ctxCopy, md, mdlen);
+        wolfSSL_EVP_MD_CTX_cleanup(ctxCopy);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(ctxCopy, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
         return ret;
     }
 }
@@ -4389,7 +4550,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
     WOLFSSL_ENTER("EVP_DigestSignInit");
 
     if (ctx == NULL || pkey == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
 }
@@ -4401,7 +4562,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
     WOLFSSL_ENTER("EVP_DigestSignUpdate");
 
     if (ctx == NULL || d == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfssl_evp_digest_pk_update(ctx, d, cnt);
 }
@@ -4411,7 +4572,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
 {
     unsigned char digest[WC_MAX_DIGEST_SIZE];
     unsigned int  hashLen;
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("EVP_DigestSignFinal");
 
@@ -4428,7 +4589,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
         }
     }
 #ifndef NO_RSA
-    else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) {
+    else if (ctx->pctx->pkey->type == WC_EVP_PKEY_RSA) {
         if (sig == NULL) {
             *siglen = (size_t)wolfSSL_RSA_size(ctx->pctx->pkey->rsa);
             return WOLFSSL_SUCCESS;
@@ -4436,7 +4597,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     }
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-    else if (ctx->pctx->pkey->type == EVP_PKEY_EC) {
+    else if (ctx->pctx->pkey->type == WC_EVP_PKEY_EC) {
         if (sig == NULL) {
             /* SEQ + INT + INT */
             *siglen = (size_t)ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx].
@@ -4461,8 +4622,8 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     else {
         /* Sign the digest. */
         switch (ctx->pctx->pkey->type) {
-    #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-        case EVP_PKEY_RSA: {
+    #if !defined(NO_RSA)
+        case WC_EVP_PKEY_RSA: {
             unsigned int sigSz = (unsigned int)*siglen;
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -4480,7 +4641,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     #endif /* NO_RSA */
 
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC: {
+        case WC_EVP_PKEY_EC: {
             int len;
             WOLFSSL_ECDSA_SIG *ecdsaSig;
             ecdsaSig = wolfSSL_ECDSA_do_sign(digest, (int)hashLen,
@@ -4514,7 +4675,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
     WOLFSSL_ENTER("EVP_DigestVerifyInit");
 
     if (ctx == NULL || type == NULL || pkey == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
 }
@@ -4526,7 +4687,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
     WOLFSSL_ENTER("EVP_DigestVerifyUpdate");
 
     if (ctx == NULL || d == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt);
 }
@@ -4564,8 +4725,8 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     else {
         /* Verify the signature with the digest. */
         switch (ctx->pctx->pkey->type) {
-    #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-        case EVP_PKEY_RSA: {
+    #if !defined(NO_RSA)
+        case WC_EVP_PKEY_RSA: {
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
             if (md == NULL)
@@ -4580,7 +4741,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     #endif /* NO_RSA */
 
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC: {
+        case WC_EVP_PKEY_EC: {
             int ret;
             WOLFSSL_ECDSA_SIG *ecdsaSig;
             ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen);
@@ -4667,7 +4828,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v)
 {
     printf("%s", banner);
-    if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) {
+    if (XGETPASSWD(buf, bufSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
         return -1;
     }
     (void)v; /* fgets always sanity checks size of input vs buffer */
@@ -4710,6 +4871,7 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 {
     const char *nostring = "";
     int ret = 0;
+    enum wc_HashType pbkdf2HashType;
 
     if (pass == NULL) {
         passlen = 0;
@@ -4718,8 +4880,10 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         passlen = (int)XSTRLEN(pass);
     }
 
+    pbkdf2HashType = EvpMd2MacType(digest);
+
     ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
-                    iter, keylen, EvpMd2MacType(digest));
+                    iter, keylen, pbkdf2HashType);
     if (ret == 0)
         return WOLFSSL_SUCCESS;
     else
@@ -4802,159 +4966,161 @@ static const struct cipher{
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
-    {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
+    {WC_AES_128_CBC_TYPE, EVP_AES_128_CBC, WC_NID_aes_128_cbc},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc},
+    {WC_AES_192_CBC_TYPE, EVP_AES_192_CBC, WC_NID_aes_192_cbc},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc},
+    {WC_AES_256_CBC_TYPE, EVP_AES_256_CBC, WC_NID_aes_256_cbc},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1},
+    {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1},
+    {WC_AES_192_CFB1_TYPE, EVP_AES_192_CFB1, WC_NID_aes_192_cfb1},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1},
+    {WC_AES_256_CFB1_TYPE, EVP_AES_256_CFB1, WC_NID_aes_256_cfb1},
     #endif
 
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8},
+    {WC_AES_128_CFB8_TYPE, EVP_AES_128_CFB8, WC_NID_aes_128_cfb8},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8},
+    {WC_AES_192_CFB8_TYPE, EVP_AES_192_CFB8, WC_NID_aes_192_cfb8},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8},
+    {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8},
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128},
+    {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128},
+    {WC_AES_192_CFB128_TYPE, EVP_AES_192_CFB128, WC_NID_aes_192_cfb128},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128},
-    #endif
+    {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128},
     #endif
+    #endif /* WOLFSSL_AES_CFB */
 
     #ifdef WOLFSSL_AES_OFB
     #ifdef WOLFSSL_AES_128
-    {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb},
+    {WC_AES_128_OFB_TYPE, EVP_AES_128_OFB, WC_NID_aes_128_ofb},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb},
+    {WC_AES_192_OFB_TYPE, EVP_AES_192_OFB, WC_NID_aes_192_ofb},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb},
+    {WC_AES_256_OFB_TYPE, EVP_AES_256_OFB, WC_NID_aes_256_ofb},
     #endif
     #endif
 
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
-    {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts},
+    {WC_AES_128_XTS_TYPE, EVP_AES_128_XTS, WC_NID_aes_128_xts},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts},
+    {WC_AES_256_XTS_TYPE, EVP_AES_256_XTS, WC_NID_aes_256_xts},
     #endif
     #endif
 
     #ifdef HAVE_AESGCM
     #ifdef WOLFSSL_AES_128
-    {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm},
+    {WC_AES_128_GCM_TYPE, EVP_AES_128_GCM, WC_NID_aes_128_gcm},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm},
+    {WC_AES_192_GCM_TYPE, EVP_AES_192_GCM, WC_NID_aes_192_gcm},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm},
+    {WC_AES_256_GCM_TYPE, EVP_AES_256_GCM, WC_NID_aes_256_gcm},
     #endif
     #endif
 
     #ifdef HAVE_AESCCM
     #ifdef WOLFSSL_AES_128
-    {AES_128_CCM_TYPE, EVP_AES_128_CCM, NID_aes_128_ccm},
+    {WC_AES_128_CCM_TYPE, EVP_AES_128_CCM, WC_NID_aes_128_ccm},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CCM_TYPE, EVP_AES_192_CCM, NID_aes_192_ccm},
+    {WC_AES_192_CCM_TYPE, EVP_AES_192_CCM, WC_NID_aes_192_ccm},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CCM_TYPE, EVP_AES_256_CCM, NID_aes_256_ccm},
+    {WC_AES_256_CCM_TYPE, EVP_AES_256_CCM, WC_NID_aes_256_ccm},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_COUNTER
     #ifdef WOLFSSL_AES_128
-        {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr},
+        {WC_AES_128_CTR_TYPE, EVP_AES_128_CTR, WC_NID_aes_128_ctr},
     #endif
     #ifdef WOLFSSL_AES_192
-        {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr},
+        {WC_AES_192_CTR_TYPE, EVP_AES_192_CTR, WC_NID_aes_192_ctr},
     #endif
     #ifdef WOLFSSL_AES_256
-        {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr},
+        {WC_AES_256_CTR_TYPE, EVP_AES_256_CTR, WC_NID_aes_256_ctr},
     #endif
     #endif
 
     #ifdef HAVE_AES_ECB
     #ifdef WOLFSSL_AES_128
-        {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb},
+        {WC_AES_128_ECB_TYPE, EVP_AES_128_ECB, WC_NID_aes_128_ecb},
     #endif
     #ifdef WOLFSSL_AES_192
-        {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb},
+        {WC_AES_192_ECB_TYPE, EVP_AES_192_ECB, WC_NID_aes_192_ecb},
     #endif
     #ifdef WOLFSSL_AES_256
-        {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb},
+        {WC_AES_256_ECB_TYPE, EVP_AES_256_ECB, WC_NID_aes_256_ecb},
     #endif
     #endif
 #endif
 
 #ifdef HAVE_ARIA
-    {ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, NID_aria_128_gcm},
-    {ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, NID_aria_192_gcm},
-    {ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, NID_aria_256_gcm},
+    {WC_ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, WC_NID_aria_128_gcm},
+    {WC_ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, WC_NID_aria_192_gcm},
+    {WC_ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, WC_NID_aria_256_gcm},
 #endif
 
 #ifndef NO_DES3
-    {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc},
-    {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb},
+    {WC_DES_CBC_TYPE, EVP_DES_CBC, WC_NID_des_cbc},
+    {WC_DES_ECB_TYPE, EVP_DES_ECB, WC_NID_des_ecb},
 
-    {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc},
-    {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb},
+    {WC_DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, WC_NID_des_ede3_cbc},
+    {WC_DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, WC_NID_des_ede3_ecb},
 #endif
 
 #ifndef NO_RC4
-    {ARC4_TYPE, EVP_ARC4, NID_undef},
+    {WC_ARC4_TYPE, EVP_ARC4, WC_NID_undef},
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    {CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, NID_chacha20_poly1305},
+    {WC_CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, WC_NID_chacha20_poly1305},
 #endif
 
 #ifdef HAVE_CHACHA
-    {CHACHA20_TYPE, EVP_CHACHA20, NID_chacha20},
+    {WC_CHACHA20_TYPE, EVP_CHACHA20, WC_NID_chacha20},
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-    {SM4_ECB_TYPE, EVP_SM4_ECB, NID_sm4_ecb},
+    {WC_SM4_ECB_TYPE, EVP_SM4_ECB, WC_NID_sm4_ecb},
 #endif
 #ifdef WOLFSSL_SM4_CBC
-    {SM4_CBC_TYPE, EVP_SM4_CBC, NID_sm4_cbc},
+    {WC_SM4_CBC_TYPE, EVP_SM4_CBC, WC_NID_sm4_cbc},
 #endif
 #ifdef WOLFSSL_SM4_CTR
-    {SM4_CTR_TYPE, EVP_SM4_CTR, NID_sm4_ctr},
+    {WC_SM4_CTR_TYPE, EVP_SM4_CTR, WC_NID_sm4_ctr},
 #endif
 #ifdef WOLFSSL_SM4_GCM
-    {SM4_GCM_TYPE, EVP_SM4_GCM, NID_sm4_gcm},
+    {WC_SM4_GCM_TYPE, EVP_SM4_GCM, WC_NID_sm4_gcm},
 #endif
 #ifdef WOLFSSL_SM4_CCM
-    {SM4_CCM_TYPE, EVP_SM4_CCM, NID_sm4_ccm},
+    {WC_SM4_CCM_TYPE, EVP_SM4_CCM, WC_NID_sm4_ccm},
 #endif
 
     { 0, NULL, 0}
@@ -5140,128 +5306,128 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_cbc:
+        case WC_NID_aes_128_cbc:
             return wolfSSL_EVP_aes_128_cbc();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_cbc:
+        case WC_NID_aes_192_cbc:
             return wolfSSL_EVP_aes_192_cbc();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_cbc:
+        case WC_NID_aes_256_cbc:
             return wolfSSL_EVP_aes_256_cbc();
         #endif
     #endif
     #ifdef WOLFSSL_AES_COUNTER
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ctr:
+        case WC_NID_aes_128_ctr:
             return wolfSSL_EVP_aes_128_ctr();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ctr:
+        case WC_NID_aes_192_ctr:
             return wolfSSL_EVP_aes_192_ctr();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ctr:
+        case WC_NID_aes_256_ctr:
             return wolfSSL_EVP_aes_256_ctr();
         #endif
     #endif /* WOLFSSL_AES_COUNTER */
     #ifdef HAVE_AES_ECB
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ecb:
+        case WC_NID_aes_128_ecb:
             return wolfSSL_EVP_aes_128_ecb();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ecb:
+        case WC_NID_aes_192_ecb:
             return wolfSSL_EVP_aes_192_ecb();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ecb:
+        case WC_NID_aes_256_ecb:
             return wolfSSL_EVP_aes_256_ecb();
         #endif
     #endif /* HAVE_AES_ECB */
     #ifdef HAVE_AESGCM
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_gcm:
+        case WC_NID_aes_128_gcm:
             return wolfSSL_EVP_aes_128_gcm();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_gcm:
+        case WC_NID_aes_192_gcm:
             return wolfSSL_EVP_aes_192_gcm();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_gcm:
+        case WC_NID_aes_256_gcm:
             return wolfSSL_EVP_aes_256_gcm();
         #endif
     #endif
     #ifdef HAVE_AESCCM
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ccm:
+        case WC_NID_aes_128_ccm:
             return wolfSSL_EVP_aes_128_ccm();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ccm:
+        case WC_NID_aes_192_ccm:
             return wolfSSL_EVP_aes_192_ccm();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ccm:
+        case WC_NID_aes_256_ccm:
             return wolfSSL_EVP_aes_256_ccm();
         #endif
     #endif
 #endif
 
 #ifdef HAVE_ARIA
-    case NID_aria_128_gcm:
+    case WC_NID_aria_128_gcm:
         return wolfSSL_EVP_aria_128_gcm();
-    case NID_aria_192_gcm:
+    case WC_NID_aria_192_gcm:
         return wolfSSL_EVP_aria_192_gcm();
-    case NID_aria_256_gcm:
+    case WC_NID_aria_256_gcm:
         return wolfSSL_EVP_aria_256_gcm();
 #endif
 
 #ifndef NO_DES3
-        case NID_des_cbc:
+        case WC_NID_des_cbc:
             return wolfSSL_EVP_des_cbc();
 #ifdef WOLFSSL_DES_ECB
-        case NID_des_ecb:
+        case WC_NID_des_ecb:
             return wolfSSL_EVP_des_ecb();
 #endif
-        case NID_des_ede3_cbc:
+        case WC_NID_des_ede3_cbc:
             return wolfSSL_EVP_des_ede3_cbc();
 #ifdef WOLFSSL_DES_ECB
-        case NID_des_ede3_ecb:
+        case WC_NID_des_ede3_ecb:
             return wolfSSL_EVP_des_ede3_ecb();
 #endif
 #endif /*NO_DES3*/
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case NID_chacha20_poly1305:
+        case WC_NID_chacha20_poly1305:
             return wolfSSL_EVP_chacha20_poly1305();
 #endif
 
 #ifdef HAVE_CHACHA
-        case NID_chacha20:
+        case WC_NID_chacha20:
             return wolfSSL_EVP_chacha20();
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-        case NID_sm4_ecb:
+        case WC_NID_sm4_ecb:
             return wolfSSL_EVP_sm4_ecb();
 #endif
 #ifdef WOLFSSL_SM4_CBC
-        case NID_sm4_cbc:
+        case WC_NID_sm4_cbc:
             return wolfSSL_EVP_sm4_cbc();
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        case NID_sm4_ctr:
+        case WC_NID_sm4_ctr:
             return wolfSSL_EVP_sm4_ctr();
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case NID_sm4_gcm:
+        case WC_NID_sm4_gcm:
             return wolfSSL_EVP_sm4_gcm();
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case NID_sm4_ccm:
+        case WC_NID_sm4_ccm:
             return wolfSSL_EVP_sm4_ccm();
 #endif
 
@@ -5469,7 +5635,7 @@ void wolfSSL_EVP_init(void)
     #endif /* HAVE_AES_CBC */
 
     #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void)
     {
@@ -5517,7 +5683,7 @@ void wolfSSL_EVP_init(void)
         return EVP_AES_256_CFB8;
     }
     #endif /* WOLFSSL_AES_256 */
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void)
@@ -5824,7 +5990,7 @@ void wolfSSL_EVP_init(void)
     int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \
                                     int arg, void *ptr)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 #ifndef WC_NO_RNG
         WC_RNG rng;
@@ -5839,22 +6005,22 @@ void wolfSSL_EVP_init(void)
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_ctrl");
 
         switch(type) {
-            case EVP_CTRL_INIT:
+            case WOLFSSL_EVP_CTRL_INIT:
                 wolfSSL_EVP_CIPHER_CTX_init(ctx);
                 if(ctx)
                     ret = WOLFSSL_SUCCESS;
                 break;
-            case EVP_CTRL_SET_KEY_LENGTH:
+            case WOLFSSL_EVP_CTRL_SET_KEY_LENGTH:
                 ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
                 break;
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
         defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
         (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-            case EVP_CTRL_AEAD_SET_IVLEN:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
             #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) {
                         break;
                     }
@@ -5862,7 +6028,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif /* HAVE_CHACHA && HAVE_POLY1305 */
             #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -5870,7 +6036,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif
             #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -5878,7 +6044,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif
                 {
-                    if (arg <= 0 || arg > AES_BLOCK_SIZE)
+                    if (arg <= 0 || arg > WC_AES_BLOCK_SIZE)
                         break;
                 }
                 ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg);
@@ -5886,7 +6052,7 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM) || \
     (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-            case EVP_CTRL_AEAD_SET_IV_FIXED:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
                 if (arg == -1) {
@@ -5945,7 +6111,7 @@ void wolfSSL_EVP_init(void)
              * EVP_CipherInit between each iteration. The IV is incremented for
              * each subsequent EVP_Cipher call to prevent IV reuse.
              */
-            case EVP_CTRL_GCM_IV_GEN:
+            case WOLFSSL_EVP_CTRL_GCM_IV_GEN:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
                 if (!ctx->authIvGenEnable) {
@@ -5981,11 +6147,11 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* (HAVE_AESGCM || WOLFSSL_SM4_GCM) && !_WIN32 && !HAVE_SELFTEST &&
         * !HAVE_FIPS || FIPS_VERSION >= 2)*/
-            case EVP_CTRL_AEAD_SET_TAG:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_TAG:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
                         break;
                     }
@@ -5999,7 +6165,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
                         break;
                     }
@@ -6012,7 +6178,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
 #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
                         break;
                     }
@@ -6033,12 +6199,12 @@ void wolfSSL_EVP_init(void)
                     ret = WOLFSSL_SUCCESS;
                     break;
                 }
-            case EVP_CTRL_AEAD_GET_TAG:
+            case WOLFSSL_EVP_CTRL_AEAD_GET_TAG:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
                         break;
                     }
@@ -6046,7 +6212,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6054,7 +6220,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
 #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6062,7 +6228,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
                 {
-                    if (arg <= 0 || arg > AES_BLOCK_SIZE)
+                    if (arg <= 0 || arg > WC_AES_BLOCK_SIZE)
                         break;
                 }
 
@@ -6099,62 +6265,64 @@ void wolfSSL_EVP_init(void)
     defined(WOLFSSL_AES_XTS)
 
     #if defined(HAVE_AESGCM)
-                case AES_128_GCM_TYPE:
-                case AES_192_GCM_TYPE:
-                case AES_256_GCM_TYPE:
+                case WC_AES_128_GCM_TYPE:
+                case WC_AES_192_GCM_TYPE:
+                case WC_AES_256_GCM_TYPE:
     #endif /* HAVE_AESGCM */
     #if defined(HAVE_AESCCM)
-                case AES_128_CCM_TYPE:
-                case AES_192_CCM_TYPE:
-                case AES_256_CCM_TYPE:
+                case WC_AES_128_CCM_TYPE:
+                case WC_AES_192_CCM_TYPE:
+                case WC_AES_256_CCM_TYPE:
     #endif /* HAVE_AESCCM */
     #ifdef HAVE_AES_CBC
-                case AES_128_CBC_TYPE:
-                case AES_192_CBC_TYPE:
-                case AES_256_CBC_TYPE:
+                case WC_AES_128_CBC_TYPE:
+                case WC_AES_192_CBC_TYPE:
+                case WC_AES_256_CBC_TYPE:
     #endif
     #ifdef WOLFSSL_AES_COUNTER
-                case AES_128_CTR_TYPE:
-                case AES_192_CTR_TYPE:
-                case AES_256_CTR_TYPE:
+                case WC_AES_128_CTR_TYPE:
+                case WC_AES_192_CTR_TYPE:
+                case WC_AES_256_CTR_TYPE:
     #endif
     #ifdef HAVE_AES_ECB
-                case AES_128_ECB_TYPE:
-                case AES_192_ECB_TYPE:
-                case AES_256_ECB_TYPE:
+                case WC_AES_128_ECB_TYPE:
+                case WC_AES_192_ECB_TYPE:
+                case WC_AES_256_ECB_TYPE:
     #endif
     #ifdef WOLFSSL_AES_CFB
-                case AES_128_CFB1_TYPE:
-                case AES_192_CFB1_TYPE:
-                case AES_256_CFB1_TYPE:
-                case AES_128_CFB8_TYPE:
-                case AES_192_CFB8_TYPE:
-                case AES_256_CFB8_TYPE:
-                case AES_128_CFB128_TYPE:
-                case AES_192_CFB128_TYPE:
-                case AES_256_CFB128_TYPE:
+                case WC_AES_128_CFB1_TYPE:
+                case WC_AES_192_CFB1_TYPE:
+                case WC_AES_256_CFB1_TYPE:
+                case WC_AES_128_CFB8_TYPE:
+                case WC_AES_192_CFB8_TYPE:
+                case WC_AES_256_CFB8_TYPE:
+                case WC_AES_128_CFB128_TYPE:
+                case WC_AES_192_CFB128_TYPE:
+                case WC_AES_256_CFB128_TYPE:
     #endif
     #ifdef WOLFSSL_AES_OFB
-                case AES_128_OFB_TYPE:
-                case AES_192_OFB_TYPE:
-                case AES_256_OFB_TYPE:
+                case WC_AES_128_OFB_TYPE:
+                case WC_AES_192_OFB_TYPE:
+                case WC_AES_256_OFB_TYPE:
     #endif
                     wc_AesFree(&ctx->cipher.aes);
-                    ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
+                    ctx->flags &=
+                        (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
                     break;
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-                case AES_128_XTS_TYPE:
-                case AES_256_XTS_TYPE:
+                case WC_AES_128_XTS_TYPE:
+                case WC_AES_256_XTS_TYPE:
                     wc_AesXtsFree(&ctx->cipher.xts);
-                    ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
+                    ctx->flags &=
+                        (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
                     break;
     #endif
 #endif /* AES */
     #ifdef HAVE_ARIA
-                case ARIA_128_GCM_TYPE:
-                case ARIA_192_GCM_TYPE:
-                case ARIA_256_GCM_TYPE:
+                case WC_ARIA_128_GCM_TYPE:
+                case WC_ARIA_192_GCM_TYPE:
+                case WC_ARIA_256_GCM_TYPE:
                     {
                         int result = wc_AriaFreeCrypt(&ctx->cipher.aria);
                         if (result != 0) {
@@ -6171,19 +6339,19 @@ void wolfSSL_EVP_init(void)
 #ifdef WOLFSSL_SM4
             switch (ctx->cipherType) {
     #ifdef WOLFSSL_SM4_ECB
-                case SM4_ECB_TYPE:
+                case WC_SM4_ECB_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CBC
-                case SM4_CBC_TYPE:
+                case WC_SM4_CBC_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CTR
-                case SM4_CTR_TYPE:
+                case WC_SM4_CTR_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_GCM
-                case SM4_GCM_TYPE:
+                case WC_SM4_GCM_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CCM
-                case SM4_CCM_TYPE:
+                case WC_SM4_CCM_TYPE:
     #endif
                     wc_Sm4Free(&ctx->cipher.sm4);
             }
@@ -6209,15 +6377,11 @@ void wolfSSL_EVP_init(void)
             ctx->keyLen     = 0;
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-            if (ctx->authBuffer) {
-                XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authBuffer = NULL;
-            }
+            XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authBuffer = NULL;
             ctx->authBufferLen = 0;
-            if (ctx->authIn) {
-                XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authIn = NULL;
-            }
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
             ctx->authInSz = 0;
             ctx->authIvGenEnable = 0;
             ctx->authIncIv = 0;
@@ -6272,7 +6436,7 @@ void wolfSSL_EVP_init(void)
         }
 
         ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
-        if (ret == WOLFSSL_FAILURE)
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             goto end;
 
         ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz,
@@ -6313,7 +6477,7 @@ void wolfSSL_EVP_init(void)
         /* wc_AesSetKey clear aes.reg if iv == NULL.
            Keep IV for openSSL compatibility */
         if (iv == NULL)
-            XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE);
+            XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, WC_AES_BLOCK_SIZE);
         if (direct) {
         #if defined(WOLFSSL_AES_DIRECT)
             ret = wc_AesSetKeyDirect(aes, key, len, iv, dir);
@@ -6325,7 +6489,7 @@ void wolfSSL_EVP_init(void)
             ret = wc_AesSetKey(aes, key, len, iv, dir);
         }
         if (iv == NULL)
-            XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, WC_AES_BLOCK_SIZE);
         return ret;
     }
 #endif /* AES_ANY_SIZE && AES_SET_KEY */
@@ -6339,14 +6503,12 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->authIn) {
-            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->authIn = NULL;
-        }
+        XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+        ctx->authIn = NULL;
         ctx->authInSz = 0;
 
-        ctx->block_size = AES_BLOCK_SIZE;
-        ctx->authTagSz = AES_BLOCK_SIZE;
+        ctx->block_size = WC_AES_BLOCK_SIZE;
+        ctx->authTagSz = WC_AES_BLOCK_SIZE;
         if (ctx->ivSz == 0) {
             ctx->ivSz = GCM_NONCE_MID_SZ;
         }
@@ -6358,26 +6520,26 @@ void wolfSSL_EVP_init(void)
         }
 
     #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) {
             WOLFSSL_MSG("EVP_AES_128_GCM");
-            ctx->cipherType = AES_128_GCM_TYPE;
+            ctx->cipherType = WC_AES_128_GCM_TYPE;
             ctx->keyLen = AES_128_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) {
             WOLFSSL_MSG("EVP_AES_192_GCM");
-            ctx->cipherType = AES_192_GCM_TYPE;
+            ctx->cipherType = WC_AES_192_GCM_TYPE;
             ctx->keyLen = AES_192_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) {
             WOLFSSL_MSG("EVP_AES_256_GCM");
-            ctx->cipherType = AES_256_GCM_TYPE;
+            ctx->cipherType = WC_AES_256_GCM_TYPE;
             ctx->keyLen = AES_256_KEY_SIZE;
         }
     #endif
@@ -6431,7 +6593,7 @@ void wolfSSL_EVP_init(void)
     static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
                                byte* src, word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     #ifndef WOLFSSL_AESGCM_STREAM
         /* No destination means only AAD. */
@@ -6546,14 +6708,12 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->authIn) {
-            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->authIn = NULL;
-        }
+        XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+        ctx->authIn = NULL;
         ctx->authInSz = 0;
 
-        ctx->block_size = AES_BLOCK_SIZE;
-        ctx->authTagSz = AES_BLOCK_SIZE;
+        ctx->block_size = WC_AES_BLOCK_SIZE;
+        ctx->authTagSz = WC_AES_BLOCK_SIZE;
         if (ctx->ivSz == 0) {
             ctx->ivSz = GCM_NONCE_MID_SZ;
         }
@@ -6565,26 +6725,26 @@ void wolfSSL_EVP_init(void)
         }
 
     #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))) {
             WOLFSSL_MSG("EVP_AES_128_CCM");
-            ctx->cipherType = AES_128_CCM_TYPE;
+            ctx->cipherType = WC_AES_128_CCM_TYPE;
             ctx->keyLen = AES_128_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))) {
             WOLFSSL_MSG("EVP_AES_192_CCM");
-            ctx->cipherType = AES_192_CCM_TYPE;
+            ctx->cipherType = WC_AES_192_CCM_TYPE;
             ctx->keyLen = AES_192_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))) {
             WOLFSSL_MSG("EVP_AES_256_CCM");
-            ctx->cipherType = AES_256_CCM_TYPE;
+            ctx->cipherType = WC_AES_256_CCM_TYPE;
             ctx->keyLen = AES_256_KEY_SIZE;
         }
     #endif
@@ -6625,7 +6785,7 @@ void wolfSSL_EVP_init(void)
     static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
                                byte* src, word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         /* No destination means only AAD. */
         if (src != NULL && dst == NULL) {
@@ -6677,34 +6837,32 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->cipherType == ARIA_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_128_GCM");
-            ctx->cipherType = ARIA_128_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_128_GCM_TYPE;
             ctx->keyLen = ARIA_128_KEY_SIZE;
-        } else if (ctx->cipherType == ARIA_192_GCM_TYPE ||
+        } else if (ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
                    (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_192_GCM");
-            ctx->cipherType = ARIA_192_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_192_GCM_TYPE;
             ctx->keyLen = ARIA_192_KEY_SIZE;
-        } else if (ctx->cipherType == ARIA_256_GCM_TYPE ||
+        } else if (ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
                    (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_256_GCM");
-            ctx->cipherType = ARIA_256_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_256_GCM_TYPE;
             ctx->keyLen = ARIA_256_KEY_SIZE;
         } else {
             WOLFSSL_MSG("Unrecognized cipher type");
             return WOLFSSL_FAILURE;
         }
 
-        if (ctx->authIn) {
-            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->authIn = NULL;
-        }
+        XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+        ctx->authIn = NULL;
         ctx->authInSz = 0;
 
-        ctx->block_size = AES_BLOCK_SIZE;
-        ctx->authTagSz = AES_BLOCK_SIZE;
+        ctx->block_size = WC_AES_BLOCK_SIZE;
+        ctx->authTagSz = WC_AES_BLOCK_SIZE;
         if (ctx->ivSz == 0) {
             ctx->ivSz = GCM_NONCE_MID_SZ;
         }
@@ -6716,17 +6874,17 @@ void wolfSSL_EVP_init(void)
         }
 
         switch(ctx->cipherType) {
-            case ARIA_128_GCM_TYPE:
+            case WC_ARIA_128_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY);
                 break;
-            case ARIA_192_GCM_TYPE:
+            case WC_ARIA_192_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY);
                 break;
-            case ARIA_256_GCM_TYPE:
+            case WC_ARIA_256_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY);
                 break;
             default:
-                WOLFSSL_MSG("Not implemented cipherType");
+                WOLFSSL_MSG("Unimplemented cipherType");
                 return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */
         }
         if (ret != 0) {
@@ -6788,15 +6946,15 @@ void wolfSSL_EVP_init(void)
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CBC_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) {
             WOLFSSL_MSG("EVP_AES_128_CBC");
-            ctx->cipherType = AES_128_CBC_TYPE;
+            ctx->cipherType = WC_AES_128_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = AES_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -6818,15 +6976,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) {
             WOLFSSL_MSG("EVP_AES_192_CBC");
-            ctx->cipherType = AES_192_CBC_TYPE;
+            ctx->cipherType = WC_AES_192_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = AES_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -6848,15 +7006,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) {
             WOLFSSL_MSG("EVP_AES_256_CBC");
-            ctx->cipherType = AES_256_CBC_TYPE;
+            ctx->cipherType = WC_AES_256_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = AES_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -6886,15 +7044,15 @@ void wolfSSL_EVP_init(void)
         || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef WOLFSSL_AES_128
-            || ctx->cipherType == AES_128_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))
         #endif
         #ifdef WOLFSSL_AES_192
-            || ctx->cipherType == AES_192_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))
         #endif
         #ifdef WOLFSSL_AES_256
-            || ctx->cipherType == AES_256_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))
         #endif
           ) {
@@ -6910,15 +7068,15 @@ void wolfSSL_EVP_init(void)
             || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef WOLFSSL_AES_128
-            || ctx->cipherType == AES_128_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))
         #endif
         #ifdef WOLFSSL_AES_192
-            || ctx->cipherType == AES_192_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_192_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))
         #endif
         #ifdef WOLFSSL_AES_256
-            || ctx->cipherType == AES_256_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_256_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))
         #endif
           )
@@ -6932,15 +7090,15 @@ void wolfSSL_EVP_init(void)
             * HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) {
             WOLFSSL_MSG("EVP_AES_128_CTR");
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
-            ctx->cipherType = AES_128_CTR_TYPE;
+            ctx->cipherType = WC_AES_128_CTR_TYPE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
 #endif
@@ -6965,15 +7123,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) {
             WOLFSSL_MSG("EVP_AES_192_CTR");
-            ctx->cipherType = AES_192_CTR_TYPE;
+            ctx->cipherType = WC_AES_192_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
 #endif
@@ -6998,15 +7156,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) {
             WOLFSSL_MSG("EVP_AES_256_CTR");
-            ctx->cipherType = AES_256_CTR_TYPE;
+            ctx->cipherType = WC_AES_256_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
 #endif
@@ -7033,14 +7191,14 @@ void wolfSSL_EVP_init(void)
 #endif /* WOLFSSL_AES_COUNTER */
     #ifdef HAVE_AES_ECB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_128_ECB_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) {
             WOLFSSL_MSG("EVP_AES_128_ECB");
-            ctx->cipherType = AES_128_ECB_TYPE;
+            ctx->cipherType = WC_AES_128_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -7057,14 +7215,14 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_192_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) {
             WOLFSSL_MSG("EVP_AES_192_ECB");
-            ctx->cipherType = AES_192_ECB_TYPE;
+            ctx->cipherType = WC_AES_192_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -7081,14 +7239,14 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_256_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) {
             WOLFSSL_MSG("EVP_AES_256_ECB");
-            ctx->cipherType = AES_256_ECB_TYPE;
+            ctx->cipherType = WC_AES_256_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -7106,11 +7264,12 @@ void wolfSSL_EVP_init(void)
         #endif /* WOLFSSL_AES_256 */
     #endif /* HAVE_AES_ECB */
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB1_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) {
             WOLFSSL_MSG("EVP_AES_128_CFB1");
-            ctx->cipherType = AES_128_CFB1_TYPE;
+            ctx->cipherType = WC_AES_128_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7136,10 +7295,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB1_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) {
             WOLFSSL_MSG("EVP_AES_192_CFB1");
-            ctx->cipherType = AES_192_CFB1_TYPE;
+            ctx->cipherType = WC_AES_192_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7165,10 +7324,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB1_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) {
             WOLFSSL_MSG("EVP_AES_256_CFB1");
-            ctx->cipherType = AES_256_CFB1_TYPE;
+            ctx->cipherType = WC_AES_256_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7198,10 +7357,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_256 */
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB8_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) {
             WOLFSSL_MSG("EVP_AES_128_CFB8");
-            ctx->cipherType = AES_128_CFB8_TYPE;
+            ctx->cipherType = WC_AES_128_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7227,10 +7386,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB8_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) {
             WOLFSSL_MSG("EVP_AES_192_CFB8");
-            ctx->cipherType = AES_192_CFB8_TYPE;
+            ctx->cipherType = WC_AES_192_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7256,10 +7415,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB8_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) {
             WOLFSSL_MSG("EVP_AES_256_CFB8");
-            ctx->cipherType = AES_256_CFB8_TYPE;
+            ctx->cipherType = WC_AES_256_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7288,11 +7447,12 @@ void wolfSSL_EVP_init(void)
             }
         }
         #endif /* WOLFSSL_AES_256 */
+        #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB128_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) {
             WOLFSSL_MSG("EVP_AES_128_CFB128");
-            ctx->cipherType = AES_128_CFB128_TYPE;
+            ctx->cipherType = WC_AES_128_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7318,10 +7478,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB128_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) {
             WOLFSSL_MSG("EVP_AES_192_CFB128");
-            ctx->cipherType = AES_192_CFB128_TYPE;
+            ctx->cipherType = WC_AES_192_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7347,10 +7507,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB128_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) {
             WOLFSSL_MSG("EVP_AES_256_CFB128");
-            ctx->cipherType = AES_256_CFB128_TYPE;
+            ctx->cipherType = WC_AES_256_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7382,10 +7542,10 @@ void wolfSSL_EVP_init(void)
     #endif /* WOLFSSL_AES_CFB */
     #ifdef WOLFSSL_AES_OFB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_128_OFB_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) {
             WOLFSSL_MSG("EVP_AES_128_OFB");
-            ctx->cipherType = AES_128_OFB_TYPE;
+            ctx->cipherType = WC_AES_128_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 16;
@@ -7411,10 +7571,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_192_OFB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) {
             WOLFSSL_MSG("EVP_AES_192_OFB");
-            ctx->cipherType = AES_192_OFB_TYPE;
+            ctx->cipherType = WC_AES_192_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 24;
@@ -7440,10 +7600,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_256_OFB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) {
             WOLFSSL_MSG("EVP_AES_256_OFB");
-            ctx->cipherType = AES_256_OFB_TYPE;
+            ctx->cipherType = WC_AES_256_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 32;
@@ -7476,22 +7636,22 @@ void wolfSSL_EVP_init(void)
         #if defined(WOLFSSL_AES_XTS) && \
             (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_XTS_TYPE ||
+        if (ctx->cipherType == WC_AES_128_XTS_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) {
             WOLFSSL_MSG("EVP_AES_128_XTS");
-            ctx->cipherType = AES_128_XTS_TYPE;
+            ctx->cipherType = WC_AES_128_XTS_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 32;
             ctx->block_size = 1;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 
             if (iv != NULL) {
                 if (iv != ctx->iv) /* Valgrind error when src == dst */
                     XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
             }
             else
-                XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
 
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7517,22 +7677,22 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_XTS_TYPE ||
+        if (ctx->cipherType == WC_AES_256_XTS_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) {
             WOLFSSL_MSG("EVP_AES_256_XTS");
-            ctx->cipherType = AES_256_XTS_TYPE;
+            ctx->cipherType = WC_AES_256_XTS_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 64;
             ctx->block_size = 1;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 
             if (iv != NULL) {
                 if (iv != ctx->iv) /* Valgrind error when src == dst */
                     XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
             }
             else
-                XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
 
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7561,11 +7721,11 @@ void wolfSSL_EVP_init(void)
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 #endif /* NO_AES */
     #if defined(HAVE_ARIA)
-        if (ctx->cipherType == ARIA_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))
-            || ctx->cipherType == ARIA_192_GCM_TYPE ||
+            || ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))
-            || ctx->cipherType == ARIA_256_GCM_TYPE ||
+            || ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))
           ) {
             if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc)
@@ -7578,10 +7738,10 @@ void wolfSSL_EVP_init(void)
 
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        if (ctx->cipherType == CHACHA20_POLY1305_TYPE ||
+        if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) {
             WOLFSSL_MSG("EVP_CHACHA20_POLY1305");
-            ctx->cipherType = CHACHA20_POLY1305_TYPE;
+            ctx->cipherType = WC_CHACHA20_POLY1305_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
             ctx->keyLen     = CHACHA20_POLY1305_AEAD_KEYSIZE;
@@ -7615,10 +7775,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef HAVE_CHACHA
-        if (ctx->cipherType == CHACHA20_TYPE ||
+        if (ctx->cipherType == WC_CHACHA20_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20))) {
             WOLFSSL_MSG("EVP_CHACHA20");
-            ctx->cipherType = CHACHA20_TYPE;
+            ctx->cipherType = WC_CHACHA20_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->keyLen     = CHACHA_MAX_KEY_SZ;
             ctx->block_size = 1;
@@ -7648,10 +7808,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_ECB
-        if (ctx->cipherType == SM4_ECB_TYPE ||
+        if (ctx->cipherType == WC_SM4_ECB_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_ECB))) {
             WOLFSSL_MSG("EVP_SM4_ECB");
-            ctx->cipherType = SM4_ECB_TYPE;
+            ctx->cipherType = WC_SM4_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
@@ -7667,10 +7827,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CBC
-        if (ctx->cipherType == SM4_CBC_TYPE ||
+        if (ctx->cipherType == WC_SM4_CBC_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CBC))) {
             WOLFSSL_MSG("EVP_SM4_CBC");
-            ctx->cipherType = SM4_CBC_TYPE;
+            ctx->cipherType = WC_SM4_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
@@ -7693,14 +7853,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        if (ctx->cipherType == SM4_CTR_TYPE ||
+        if (ctx->cipherType == WC_SM4_CTR_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CTR))) {
             WOLFSSL_MSG("EVP_SM4_CTR");
-            ctx->cipherType = SM4_CTR_TYPE;
+            ctx->cipherType = WC_SM4_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->ivSz       = SM4_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7719,23 +7879,21 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        if (ctx->cipherType == SM4_GCM_TYPE ||
+        if (ctx->cipherType == WC_SM4_GCM_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_GCM))) {
             WOLFSSL_MSG("EVP_SM4_GCM");
-            ctx->cipherType = SM4_GCM_TYPE;
+            ctx->cipherType = WC_SM4_GCM_TYPE;
             ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
                           WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->keyLen     = SM4_KEY_SIZE;
             if (ctx->ivSz == 0) {
                 ctx->ivSz = GCM_NONCE_MID_SZ;
             }
             ctx->authTagSz  = SM4_BLOCK_SIZE;
-            if (ctx->authIn) {
-                XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authIn = NULL;
-            }
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
             ctx->authInSz = 0;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7751,23 +7909,21 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        if (ctx->cipherType == SM4_CCM_TYPE ||
+        if (ctx->cipherType == WC_SM4_CCM_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CCM))) {
             WOLFSSL_MSG("EVP_SM4_CCM");
-            ctx->cipherType = SM4_CCM_TYPE;
+            ctx->cipherType = WC_SM4_CCM_TYPE;
             ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE |
                           WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->keyLen     = SM4_KEY_SIZE;
             if (ctx->ivSz == 0) {
                 ctx->ivSz = GCM_NONCE_MID_SZ;
             }
             ctx->authTagSz  = SM4_BLOCK_SIZE;
-            if (ctx->authIn) {
-                XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
-                ctx->authIn = NULL;
-            }
+            XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->authIn = NULL;
             ctx->authInSz = 0;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7783,10 +7939,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifndef NO_DES3
-        if (ctx->cipherType == DES_CBC_TYPE ||
+        if (ctx->cipherType == WC_DES_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) {
             WOLFSSL_MSG("EVP_DES_CBC");
-            ctx->cipherType = DES_CBC_TYPE;
+            ctx->cipherType = WC_DES_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 8;
@@ -7805,10 +7961,10 @@ void wolfSSL_EVP_init(void)
                 wc_Des_SetIV(&ctx->cipher.des, iv);
         }
 #ifdef WOLFSSL_DES_ECB
-        else if (ctx->cipherType == DES_ECB_TYPE ||
+        else if (ctx->cipherType == WC_DES_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) {
             WOLFSSL_MSG("EVP_DES_ECB");
-            ctx->cipherType = DES_ECB_TYPE;
+            ctx->cipherType = WC_DES_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 8;
@@ -7824,11 +7980,11 @@ void wolfSSL_EVP_init(void)
             }
         }
 #endif
-        else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
+        else if (ctx->cipherType == WC_DES_EDE3_CBC_TYPE ||
                  (type &&
                   EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) {
             WOLFSSL_MSG("EVP_DES_EDE3_CBC");
-            ctx->cipherType = DES_EDE3_CBC_TYPE;
+            ctx->cipherType = WC_DES_EDE3_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 24;
@@ -7849,11 +8005,11 @@ void wolfSSL_EVP_init(void)
                     return WOLFSSL_FAILURE;
             }
         }
-        else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
+        else if (ctx->cipherType == WC_DES_EDE3_ECB_TYPE ||
                  (type &&
                   EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) {
             WOLFSSL_MSG("EVP_DES_EDE3_ECB");
-            ctx->cipherType = DES_EDE3_ECB_TYPE;
+            ctx->cipherType = WC_DES_EDE3_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 24;
@@ -7869,10 +8025,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif /* NO_DES3 */
 #ifndef NO_RC4
-        if (ctx->cipherType == ARC4_TYPE ||
+        if (ctx->cipherType == WC_ARC4_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) {
             WOLFSSL_MSG("ARC4");
-            ctx->cipherType = ARC4_TYPE;
+            ctx->cipherType = WC_ARC4_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_STREAM_CIPHER;
             ctx->block_size = 1;
@@ -7882,10 +8038,10 @@ void wolfSSL_EVP_init(void)
                 wc_Arc4SetKey(&ctx->cipher.arc4, key, (word32)ctx->keyLen);
         }
 #endif /* NO_RC4 */
-        if (ctx->cipherType == NULL_CIPHER_TYPE ||
+        if (ctx->cipherType == WC_NULL_CIPHER_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) {
             WOLFSSL_MSG("NULL cipher");
-            ctx->cipherType = NULL_CIPHER_TYPE;
+            ctx->cipherType = WC_NULL_CIPHER_TYPE;
             ctx->keyLen = 0;
             ctx->block_size = 16;
         }
@@ -7906,120 +8062,120 @@ void wolfSSL_EVP_init(void)
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_nid");
         if (ctx == NULL) {
             WOLFSSL_ERROR_MSG("Bad parameters");
-            return NID_undef;
+            return WC_NID_undef;
         }
 
         switch (ctx->cipherType) {
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-                return NID_aes_128_cbc;
-            case AES_192_CBC_TYPE :
-                return NID_aes_192_cbc;
-            case AES_256_CBC_TYPE :
-                return NID_aes_256_cbc;
+            case WC_AES_128_CBC_TYPE :
+                return WC_NID_aes_128_cbc;
+            case WC_AES_192_CBC_TYPE :
+                return WC_NID_aes_192_cbc;
+            case WC_AES_256_CBC_TYPE :
+                return WC_NID_aes_256_cbc;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-                return NID_aes_128_gcm;
-            case AES_192_GCM_TYPE :
-                return NID_aes_192_gcm;
-            case AES_256_GCM_TYPE :
-                return NID_aes_256_gcm;
+            case WC_AES_128_GCM_TYPE :
+                return WC_NID_aes_128_gcm;
+            case WC_AES_192_GCM_TYPE :
+                return WC_NID_aes_192_gcm;
+            case WC_AES_256_GCM_TYPE :
+                return WC_NID_aes_256_gcm;
 #endif
 #ifdef HAVE_AESCCM
-            case AES_128_CCM_TYPE :
-                return NID_aes_128_ccm;
-            case AES_192_CCM_TYPE :
-                return NID_aes_192_ccm;
-            case AES_256_CCM_TYPE :
-                return NID_aes_256_ccm;
+            case WC_AES_128_CCM_TYPE :
+                return WC_NID_aes_128_ccm;
+            case WC_AES_192_CCM_TYPE :
+                return WC_NID_aes_192_ccm;
+            case WC_AES_256_CCM_TYPE :
+                return WC_NID_aes_256_ccm;
 #endif
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-                return NID_aes_128_ecb;
-            case AES_192_ECB_TYPE :
-                return NID_aes_192_ecb;
-            case AES_256_ECB_TYPE :
-                return NID_aes_256_ecb;
+            case WC_AES_128_ECB_TYPE :
+                return WC_NID_aes_128_ecb;
+            case WC_AES_192_ECB_TYPE :
+                return WC_NID_aes_192_ecb;
+            case WC_AES_256_ECB_TYPE :
+                return WC_NID_aes_256_ecb;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-                return NID_aes_128_ctr;
-            case AES_192_CTR_TYPE :
-                return NID_aes_192_ctr;
-            case AES_256_CTR_TYPE :
-                return NID_aes_256_ctr;
+            case WC_AES_128_CTR_TYPE :
+                return WC_NID_aes_128_ctr;
+            case WC_AES_192_CTR_TYPE :
+                return WC_NID_aes_192_ctr;
+            case WC_AES_256_CTR_TYPE :
+                return WC_NID_aes_256_ctr;
 #endif
 
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-                return NID_aria_128_gcm;
-            case ARIA_192_GCM_TYPE :
-                return NID_aria_192_gcm;
-            case ARIA_256_GCM_TYPE :
-                return NID_aria_256_gcm;
+            case WC_ARIA_128_GCM_TYPE :
+                return WC_NID_aria_128_gcm;
+            case WC_ARIA_192_GCM_TYPE :
+                return WC_NID_aria_192_gcm;
+            case WC_ARIA_256_GCM_TYPE :
+                return WC_NID_aria_256_gcm;
 #endif
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
-                return NID_des_cbc;
+            case WC_DES_CBC_TYPE :
+                return WC_NID_des_cbc;
 
-            case DES_EDE3_CBC_TYPE :
-                return NID_des_ede3_cbc;
+            case WC_DES_EDE3_CBC_TYPE :
+                return WC_NID_des_ede3_cbc;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
-                return NID_des_ecb;
-            case DES_EDE3_ECB_TYPE :
-                return NID_des_ede3_ecb;
+            case WC_DES_ECB_TYPE :
+                return WC_NID_des_ecb;
+            case WC_DES_EDE3_ECB_TYPE :
+                return WC_NID_des_ede3_ecb;
 #endif
 
-            case ARC4_TYPE :
-                return NID_rc4;
+            case WC_ARC4_TYPE :
+                return WC_NID_rc4;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
-                return NID_chacha20_poly1305;
+            case WC_CHACHA20_POLY1305_TYPE:
+                return WC_NID_chacha20_poly1305;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
-                return NID_chacha20;
+            case WC_CHACHA20_TYPE:
+                return WC_NID_chacha20;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
-                return NID_sm4_ecb;
+            case WC_SM4_ECB_TYPE:
+                return WC_NID_sm4_ecb;
 #endif
 
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
-                return NID_sm4_cbc;
+            case WC_SM4_CBC_TYPE:
+                return WC_NID_sm4_cbc;
 #endif
 
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
-                return NID_sm4_ctr;
+            case WC_SM4_CTR_TYPE:
+                return WC_NID_sm4_ctr;
 #endif
 
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
-                return NID_sm4_gcm;
+            case WC_SM4_GCM_TYPE:
+                return WC_NID_sm4_gcm;
 #endif
 
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
-                return NID_sm4_ccm;
+            case WC_SM4_CCM_TYPE:
+                return WC_NID_sm4_ccm;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_ERROR_MSG("Null cipher has no NID");
                 FALL_THROUGH;
             default:
-                return NID_undef;
+                return WC_NID_undef;
         }
     }
 
@@ -8111,42 +8267,49 @@ void wolfSSL_EVP_init(void)
     }
 #endif /* !NO_AES || !NO_DES3 */
 
+    static int IsCipherTypeAEAD(unsigned int type)
+    {
+        switch (type) {
+            case WC_AES_128_GCM_TYPE:
+            case WC_AES_192_GCM_TYPE:
+            case WC_AES_256_GCM_TYPE:
+            case WC_AES_128_CCM_TYPE:
+            case WC_AES_192_CCM_TYPE:
+            case WC_AES_256_CCM_TYPE:
+            case WC_ARIA_128_GCM_TYPE:
+            case WC_ARIA_192_GCM_TYPE:
+            case WC_ARIA_256_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
+            case WC_SM4_CCM_TYPE:
+                return 1;
+            default:
+                return 0;
+        }
+    }
+
     /* Return length on ok */
     int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
                            word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
 
-        if (ctx == NULL || ((src == NULL || dst == NULL) &&
-            (TRUE
-        #ifdef HAVE_AESGCM
-            && ctx->cipherType != AES_128_GCM_TYPE &&
-             ctx->cipherType != AES_192_GCM_TYPE &&
-             ctx->cipherType != AES_256_GCM_TYPE
-        #endif
-        #ifdef HAVE_AESCCM
-            && ctx->cipherType != AES_128_CCM_TYPE &&
-             ctx->cipherType != AES_192_CCM_TYPE &&
-             ctx->cipherType != AES_256_CCM_TYPE
-        #endif
-        #ifdef HAVE_ARIA
-            && ctx->cipherType != ARIA_128_GCM_TYPE &&
-             ctx->cipherType != ARIA_192_GCM_TYPE &&
-             ctx->cipherType != ARIA_256_GCM_TYPE
-        #endif
-        #ifdef WOLFSSL_SM4_GCM
-            && ctx->cipherType != SM4_GCM_TYPE
-        #endif
-        #ifdef WOLFSSL_SM4_CCM
-            && ctx->cipherType != SM4_CCM_TYPE
-        #endif
-            ))) {
+        if (ctx == NULL) {
             WOLFSSL_MSG("Bad argument.");
             return WOLFSSL_FATAL_ERROR;
         }
 
+        if (!IsCipherTypeAEAD(ctx->cipherType)) {
+            /* No-op for non-AEAD ciphers */
+            if (src == NULL && dst == NULL && len == 0)
+                return 0;
+            if (src == NULL || dst == NULL) {
+                WOLFSSL_MSG("Bad argument.");
+                return WOLFSSL_FATAL_ERROR;
+            }
+        }
+
         if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
             WOLFSSL_MSG("Cipher operation not initialized. Call "
                         "wolfSSL_EVP_CipherInit.");
@@ -8157,24 +8320,24 @@ void wolfSSL_EVP_init(void)
 
 #ifndef NO_AES
 #ifdef HAVE_AES_CBC
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 if (ctx->enc)
                     ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
                 else
                     ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
-                    ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
+                    ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE);
                 break;
 #endif /* HAVE_AES_CBC */
 
 #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-            case AES_128_CFB1_TYPE:
-            case AES_192_CFB1_TYPE:
-            case AES_256_CFB1_TYPE:
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
+            case WC_AES_128_CFB1_TYPE:
+            case WC_AES_192_CFB1_TYPE:
+            case WC_AES_256_CFB1_TYPE:
                 WOLFSSL_MSG("AES CFB1");
                 if (ctx->enc)
                     ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len);
@@ -8183,9 +8346,9 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-            case AES_128_CFB8_TYPE:
-            case AES_192_CFB8_TYPE:
-            case AES_256_CFB8_TYPE:
+            case WC_AES_128_CFB8_TYPE:
+            case WC_AES_192_CFB8_TYPE:
+            case WC_AES_256_CFB8_TYPE:
                 WOLFSSL_MSG("AES CFB8");
                 if (ctx->enc)
                     ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len);
@@ -8194,10 +8357,10 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-            case AES_128_CFB128_TYPE:
-            case AES_192_CFB128_TYPE:
-            case AES_256_CFB128_TYPE:
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
+            case WC_AES_128_CFB128_TYPE:
+            case WC_AES_192_CFB128_TYPE:
+            case WC_AES_256_CFB128_TYPE:
                 WOLFSSL_MSG("AES CFB128");
                 if (ctx->enc)
                     ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8208,9 +8371,9 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-            case AES_128_OFB_TYPE:
-            case AES_192_OFB_TYPE:
-            case AES_256_OFB_TYPE:
+            case WC_AES_128_OFB_TYPE:
+            case WC_AES_192_OFB_TYPE:
+            case WC_AES_256_OFB_TYPE:
                 WOLFSSL_MSG("AES OFB");
                 if (ctx->enc)
                     ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8221,8 +8384,8 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* WOLFSSL_AES_OFB */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-            case AES_128_XTS_TYPE:
-            case AES_256_XTS_TYPE:
+            case WC_AES_128_XTS_TYPE:
+            case WC_AES_256_XTS_TYPE:
                 WOLFSSL_MSG("AES XTS");
                 if (ctx->enc)
                     ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len,
@@ -8237,9 +8400,9 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 ret = EvpCipherAesGCM(ctx, dst, src, len);
                 break;
@@ -8247,31 +8410,31 @@ void wolfSSL_EVP_init(void)
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case AES_128_CCM_TYPE :
-            case AES_192_CCM_TYPE :
-            case AES_256_CCM_TYPE :
+            case WC_AES_128_CCM_TYPE :
+            case WC_AES_192_CCM_TYPE :
+            case WC_AES_256_CCM_TYPE :
                 WOLFSSL_MSG("AES CCM");
                 ret = EvpCipherAesCCM(ctx, dst, src, len);
                 break;
 #endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
         * HAVE_FIPS_VERSION >= 2 */
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 if (ctx->enc)
                     ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
                 else
                     ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
-                    ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
+                    ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
@@ -8282,9 +8445,9 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 if (ctx->enc) {
                     ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len,
@@ -8301,7 +8464,7 @@ void wolfSSL_EVP_init(void)
         * HAVE_FIPS_VERSION >= 2 */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 if (ctx->enc)
                     wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
@@ -8310,7 +8473,7 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES3 CBC");
                 if (ctx->enc)
                     ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
@@ -8320,13 +8483,13 @@ void wolfSSL_EVP_init(void)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
                 if (ret == 0)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
                 if (ret == 0)
@@ -8336,7 +8499,7 @@ void wolfSSL_EVP_init(void)
 #endif /* !NO_DES3 */
 
 #ifndef NO_RC4
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
                 if (ret == 0)
@@ -8347,7 +8510,7 @@ void wolfSSL_EVP_init(void)
             /* TODO: Chacha??? */
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE :
+            case WC_SM4_ECB_TYPE :
                 WOLFSSL_MSG("Sm4 ECB");
                 if (ctx->enc)
                     ret = wc_Sm4EcbEncrypt(&ctx->cipher.sm4, dst, src, len);
@@ -8358,7 +8521,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE :
+            case WC_SM4_CBC_TYPE :
                 WOLFSSL_MSG("Sm4 CBC");
                 if (ctx->enc)
                     ret = wc_Sm4CbcEncrypt(&ctx->cipher.sm4, dst, src, len);
@@ -8369,7 +8532,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE :
+            case WC_SM4_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 ret = wc_Sm4CtrEncrypt(&ctx->cipher.sm4, dst, src, len);
                 if (ret == 0)
@@ -8377,7 +8540,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE :
+            case WC_SM4_GCM_TYPE :
                 WOLFSSL_MSG("SM4 GCM");
                 /* No destination means only AAD. */
                 if (src != NULL && dst == NULL) {
@@ -8405,7 +8568,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE :
+            case WC_SM4_CCM_TYPE :
                 WOLFSSL_MSG("SM4 CCM");
                 /* No destination means only AAD. */
                 if (src != NULL && dst == NULL) {
@@ -8446,7 +8609,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL CIPHER");
                 XMEMCPY(dst, src, (size_t)len);
                 ret = (int)len;
@@ -8459,7 +8622,7 @@ void wolfSSL_EVP_init(void)
         }
 
         if (ret < 0) {
-            if (ret == AES_GCM_AUTH_E) {
+            if (ret == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
                 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag.");
             }
             WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
@@ -8510,7 +8673,7 @@ static void clearEVPPkeyKeys(WOLFSSL_EVP_PKEY *pkey)
 }
 
 #ifndef NO_RSA
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
 static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
 {
     int ret = 0;
@@ -8537,7 +8700,7 @@ static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
             if (key->pkcs8HeaderSz) {
                 ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, NULL, (word32)derSz,
                     RSAk, NULL, 0);
-                if (ret == LENGTH_ONLY_E)
+                if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
                     ret = 0;
             }
         #endif
@@ -8659,7 +8822,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
     clearEVPPkeyKeys(pkey);
     pkey->rsa    = key;
     pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
-    pkey->type   = EVP_PKEY_RSA;
+    pkey->type   = WC_EVP_PKEY_RSA;
     pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
     if (key->inSet == 0) {
         if (SetRsaInternal(key) != WOLFSSL_SUCCESS) {
@@ -8668,12 +8831,12 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
         }
     }
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN)
     if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
         return WOLFSSL_FAILURE;
     }
-#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
+#endif /* WOLFSSL_KEY_GEN */
 
 #ifdef WC_RSA_BLINDING
     if (key->ownRng == 0) {
@@ -8705,7 +8868,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
     clearEVPPkeyKeys(pkey);
     pkey->dsa    = key;
     pkey->ownDsa = 0; /* pkey does not own DSA */
-    pkey->type   = EVP_PKEY_DSA;
+    pkey->type   = WC_EVP_PKEY_DSA;
     if (key->inSet == 0) {
         if (SetDsaInternal(key) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("SetDsaInternal failed");
@@ -8715,7 +8878,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
     dsa = (DsaKey*)key->internal;
 
     /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
-    derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE;
+    derMax = 4 * wolfSSL_BN_num_bytes(key->g) + WC_AES_BLOCK_SIZE;
 
     derBuf = (byte*)XMALLOC((size_t)derMax, pkey->heap,
         DYNAMIC_TYPE_TMP_BUFFER);
@@ -8783,13 +8946,13 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
         return NULL;
     }
 
-    if (key->type == EVP_PKEY_DSA) {
+    if (key->type == WC_EVP_PKEY_DSA) {
         if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
-                    key->pkey_sz) != SSL_SUCCESS) {
+                    key->pkey_sz) != WOLFSSL_SUCCESS) {
             /* now try public key */
             if (wolfSSL_DSA_LoadDer_ex(local,
                         (const unsigned char*)key->pkey.ptr, key->pkey_sz,
-                        WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
+                        WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
                 wolfSSL_DSA_free(local);
                 local = NULL;
             }
@@ -8808,7 +8971,7 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
 WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
 {
     WOLFSSL_EC_KEY *eckey = NULL;
-    if (pkey && pkey->type == EVP_PKEY_EC) {
+    if (pkey && pkey->type == WC_EVP_PKEY_EC) {
 #ifdef HAVE_ECC
         eckey = pkey->ecc;
 #endif
@@ -8821,10 +8984,10 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
     WOLFSSL_EC_KEY* local = NULL;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY");
 
-    if (key == NULL || key->type != EVP_PKEY_EC) {
+    if (key == NULL || key->type != WC_EVP_PKEY_EC) {
         return NULL;
     }
-    if (key->type == EVP_PKEY_EC) {
+    if (key->type == WC_EVP_PKEY_EC) {
         if (key->ecc != NULL) {
             if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) {
                 return NULL;
@@ -8889,7 +9052,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
 
     pkey->dh    = key;
     pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */
-    pkey->type  = EVP_PKEY_DH;
+    pkey->type  = WC_EVP_PKEY_DH;
     if (key->inSet == 0) {
         if (SetDhInternal(key) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("SetDhInternal failed");
@@ -8905,13 +9068,13 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
     /* Get size of DER buffer only */
     if (havePublic && !havePrivate) {
         ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
         ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
     } else {
         ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
     }
 
-    if (derSz == 0 || ret != LENGTH_ONLY_E) {
+    if (derSz == 0 || ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
        WOLFSSL_MSG("Failed to get size of DH Key");
        return WOLFSSL_FAILURE;
     }
@@ -8925,7 +9088,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
     /* Fill DER buffer */
     if (havePublic && !havePrivate) {
         ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
         ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
     } else {
         ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
@@ -8963,7 +9126,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
         return NULL;
     }
 
-    if (key->type == EVP_PKEY_DH) {
+    if (key->type == WC_EVP_PKEY_DH) {
         /* if key->dh already exists copy instead of re-importing from DER */
         if (key->dh != NULL) {
             if (wolfSSL_DH_up_ref(key->dh) != WOLFSSL_SUCCESS) {
@@ -8980,7 +9143,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
                 return NULL;
             }
             if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
-                        key->pkey_sz) != SSL_SUCCESS) {
+                        key->pkey_sz) != WOLFSSL_SUCCESS) {
                 wolfSSL_DH_free(local);
                 WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
                 local = NULL;
@@ -9010,22 +9173,22 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
     /* pkey and key checked if NULL in subsequent assign functions */
     switch(type) {
     #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key);
             break;
     #endif
     #ifndef NO_DSA
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key);
             break;
     #endif
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key);
             break;
     #endif
     #ifndef NO_DH
-         case EVP_PKEY_DH:
+         case WC_EVP_PKEY_DH:
             ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key);
             break;
     #endif
@@ -9040,7 +9203,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
 
 #if defined(HAVE_ECC)
 /* try and populate public pkey_sz and pkey.ptr */
-static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
+static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
 {
     int derSz = 0;
     byte* derBuf = NULL;
@@ -9054,7 +9217,7 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
 #ifdef HAVE_PKCS8
         if (key->pkcs8HeaderSz) {
             /* when key has pkcs8 header the pkey should too */
-            if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == LENGTH_ONLY_E) {
+            if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
                 derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap,
                     DYNAMIC_TYPE_OPENSSL);
                 if (derBuf) {
@@ -9106,8 +9269,17 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
     }
     else if (ecc->type == ECC_PUBLICKEY) {
         if ((derSz = wc_EccPublicKeyDerSize(ecc, 1)) > 0) {
-            derBuf = (byte*)XREALLOC(pkey->pkey.ptr, (size_t)derSz, NULL,
+        #ifdef WOLFSSL_NO_REALLOC
+            derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL);
+            if (derBuf != NULL) {
+                XMEMCPY(derBuf, pkey->pkey.ptr, (size_t)pkey->pkey_sz);
+                XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL);
+                pkey->pkey.ptr = NULL;
+            }
+        #else
+            derBuf = (byte*)XREALLOC(pkey->pkey.ptr, (size_t)derSz, pkey->heap,
                     DYNAMIC_TYPE_OPENSSL);
+        #endif
             if (derBuf != NULL) {
                 pkey->pkey.ptr = (char*)derBuf;
                 if ((derSz = wc_EccPublicKeyToDer(ecc, derBuf, (word32)derSz,
@@ -9140,7 +9312,7 @@ int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
     }
     pkey->ecc    = key;
     pkey->ownEcc = 1; /* pkey needs to call free on key */
-    pkey->type   = EVP_PKEY_EC;
+    pkey->type   = WC_EVP_PKEY_EC;
     return ECC_populate_EVP_PKEY(pkey, key);
 #else
     (void)pkey;
@@ -9155,7 +9327,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     if (ctx) {
         switch (ctx->cipherType) {
-            case ARC4_TYPE:
+            case WC_ARC4_TYPE:
                 WOLFSSL_MSG("returning arc4 state");
                 return (void*)&ctx->cipher.arc4.x;
 
@@ -9167,7 +9339,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     return NULL;
 }
-int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
+int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
 {
     int ret;
 
@@ -9179,7 +9351,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
     if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */
         clearEVPPkeyKeys(pkey); /* clear out any previous keys */
 
-        pkey->type = EVP_PKEY_EC;
+        pkey->type = WC_EVP_PKEY_EC;
         pkey->ecc = key;
         pkey->ownEcc = 1;
     }
@@ -9199,30 +9371,33 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
 
 int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
 
     if (type != NULL) {
-        if (XSTRCMP(type, "MD5") == 0) {
-            ret = NID_md5WithRSAEncryption;
+        if (XSTRCMP(type, WC_SN_md5) == 0) {
+            ret = WC_NID_md5WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA1") == 0) {
-            ret = NID_sha1WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha1) == 0) {
+            ret = WC_NID_sha1WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA224") == 0) {
-            ret = NID_sha224WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha224) == 0) {
+            ret = WC_NID_sha224WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA256") == 0) {
-            ret = NID_sha256WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha256) == 0) {
+            ret = WC_NID_sha256WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA384") == 0) {
-            ret = NID_sha384WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha384) == 0) {
+            ret = WC_NID_sha384WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA512") == 0) {
-            ret = NID_sha512WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha512) == 0) {
+            ret = WC_NID_sha512WithRSAEncryption;
         }
     }
+    else {
+        ret = WOLFSSL_FAILURE;
+    }
 
     WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
 
@@ -9243,18 +9418,18 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
     switch (ctx->cipherType) {
 
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE :
-        case AES_192_CBC_TYPE :
-        case AES_256_CBC_TYPE :
+        case WC_AES_128_CBC_TYPE :
+        case WC_AES_192_CBC_TYPE :
+        case WC_AES_256_CBC_TYPE :
             WOLFSSL_MSG("AES CBC");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif
 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
 #ifdef HAVE_AESGCM
-        case AES_128_GCM_TYPE :
-        case AES_192_GCM_TYPE :
-        case AES_256_GCM_TYPE :
+        case WC_AES_128_GCM_TYPE :
+        case WC_AES_192_GCM_TYPE :
+        case WC_AES_256_GCM_TYPE :
             WOLFSSL_MSG("AES GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9262,9 +9437,9 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #ifdef HAVE_AESCCM
-        case AES_128_CCM_TYPE :
-        case AES_192_CCM_TYPE :
-        case AES_256_CCM_TYPE :
+        case WC_AES_128_CCM_TYPE :
+        case WC_AES_192_CCM_TYPE :
+        case WC_AES_256_CCM_TYPE :
             WOLFSSL_MSG("AES CCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9273,62 +9448,62 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 #endif
 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
-        case AES_128_CTR_TYPE :
-        case AES_192_CTR_TYPE :
-        case AES_256_CTR_TYPE :
+        case WC_AES_128_CTR_TYPE :
+        case WC_AES_192_CTR_TYPE :
+        case WC_AES_256_CTR_TYPE :
             WOLFSSL_MSG("AES CTR");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif
 #ifndef NO_DES3
-        case DES_CBC_TYPE :
+        case WC_DES_CBC_TYPE :
             WOLFSSL_MSG("DES CBC");
             return DES_BLOCK_SIZE;
 
-        case DES_EDE3_CBC_TYPE :
+        case WC_DES_EDE3_CBC_TYPE :
             WOLFSSL_MSG("DES EDE3 CBC");
             return DES_BLOCK_SIZE;
 #endif
 #ifndef NO_RC4
-        case ARC4_TYPE :
+        case WC_ARC4_TYPE :
             WOLFSSL_MSG("ARC4");
             return 0;
 #endif
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
             WOLFSSL_MSG("AES CFB1");
-            return AES_BLOCK_SIZE;
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
+            return WC_AES_BLOCK_SIZE;
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
             WOLFSSL_MSG("AES CFB8");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             WOLFSSL_MSG("AES CFB128");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             WOLFSSL_MSG("AES OFB");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_OFB */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             WOLFSSL_MSG("AES XTS");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 #ifdef HAVE_ARIA
-        case ARIA_128_GCM_TYPE :
-        case ARIA_192_GCM_TYPE :
-        case ARIA_256_GCM_TYPE :
+        case WC_ARIA_128_GCM_TYPE :
+        case WC_ARIA_192_GCM_TYPE :
+        case WC_ARIA_256_GCM_TYPE :
             WOLFSSL_MSG("ARIA GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9336,27 +9511,27 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             WOLFSSL_MSG("CHACHA20 POLY1305");
             return CHACHA20_POLY1305_AEAD_IV_SIZE;
 #endif /* HAVE_CHACHA HAVE_POLY1305 */
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             WOLFSSL_MSG("CHACHA20");
             return WOLFSSL_EVP_CHACHA_IV_BYTES;
 #endif /* HAVE_CHACHA */
 #ifdef WOLFSSL_SM4_CBC
-        case SM4_CBC_TYPE :
+        case WC_SM4_CBC_TYPE :
             WOLFSSL_MSG("SM4 CBC");
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        case SM4_CTR_TYPE :
+        case WC_SM4_CTR_TYPE :
             WOLFSSL_MSG("SM4 CTR");
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE :
+        case WC_SM4_GCM_TYPE :
             WOLFSSL_MSG("SM4 GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9364,7 +9539,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE :
+        case WC_SM4_CCM_TYPE :
             WOLFSSL_MSG("SM4 CCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9372,7 +9547,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return CCM_NONCE_MIN_SZ;
 #endif
 
-        case NULL_CIPHER_TYPE :
+        case WC_NULL_CIPHER_TYPE :
             WOLFSSL_MSG("NULL");
             return 0;
 
@@ -9392,15 +9567,15 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_CBC) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_192
     if (XSTRCMP(name, EVP_AES_192_CBC) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_CBC) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
@@ -9437,26 +9612,26 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
 #ifdef WOLFSSL_AES_COUNTER
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_CTR) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_192
     if (XSTRCMP(name, EVP_AES_192_CTR) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_CTR) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
 #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_XTS) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif /* WOLFSSL_AES_128 */
 
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_XTS) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif /* WOLFSSL_AES_256 */
 #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 
@@ -9516,7 +9691,7 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     if (ctx) {
         switch (ctx->cipherType) {
-            case ARC4_TYPE:
+            case WC_ARC4_TYPE:
                 WOLFSSL_MSG("returning arc4 state size");
                 return sizeof(Arc4);
 
@@ -9530,27 +9705,27 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 }
 
 
-/* return of pkey->type which will be EVP_PKEY_RSA for example.
+/* return of pkey->type which will be WC_EVP_PKEY_RSA for example.
  *
  * type  type of EVP_PKEY
  *
- * returns type or if type is not found then NID_undef
+ * returns type or if type is not found then WC_NID_undef
  */
 int wolfSSL_EVP_PKEY_type(int type)
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_type");
 
     switch (type) {
-        case EVP_PKEY_RSA:
-            return EVP_PKEY_RSA;
-        case EVP_PKEY_DSA:
-            return EVP_PKEY_DSA;
-        case EVP_PKEY_EC:
-            return EVP_PKEY_EC;
-        case EVP_PKEY_DH:
-            return EVP_PKEY_DH;
+        case WC_EVP_PKEY_RSA:
+            return WC_EVP_PKEY_RSA;
+        case WC_EVP_PKEY_DSA:
+            return WC_EVP_PKEY_DSA;
+        case WC_EVP_PKEY_EC:
+            return WC_EVP_PKEY_EC;
+        case WC_EVP_PKEY_DH:
+            return WC_EVP_PKEY_DH;
         default:
-            return NID_undef;
+            return WC_NID_undef;
     }
 }
 
@@ -9566,7 +9741,7 @@ int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey)
 int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey)
 {
     if (pkey == NULL)
-        return NID_undef;
+        return WC_NID_undef;
     return wolfSSL_EVP_PKEY_type(pkey->type);
 }
 
@@ -9580,17 +9755,17 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
     }
 
     switch (pkey->type) {
-    case EVP_PKEY_HMAC:
+    case WC_EVP_PKEY_HMAC:
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
 #endif
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
 #endif
-        *pnid = NID_sha256;
+        *pnid = WC_NID_sha256;
         return WOLFSSL_SUCCESS;
     default:
         return WOLFSSL_FAILURE;
@@ -9612,7 +9787,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
 /* this function just casts and returns pointer */
 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
 {
-    return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
+    if (pkey == NULL || pkey->pkey.ptr == NULL) {
+        return NULL;
+    }
+
+    return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr,
+        pkey->pkey_sz);
 }
 #endif
 
@@ -9637,13 +9817,13 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
 }
 
 #ifndef NO_RSA
-int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
+int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_RSA;
+    pkey->type = WC_EVP_PKEY_RSA;
     pkey->rsa = key;
     pkey->ownRsa = 1;
 
@@ -9674,13 +9854,13 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
+int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_DSA;
+    pkey->type = WC_EVP_PKEY_DSA;
     pkey->dsa = key;
     pkey->ownDsa = 1;
 
@@ -9689,13 +9869,13 @@ int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
 #endif /* !NO_DSA */
 
 #ifndef NO_DH
-int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key)
+int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_DH;
+    pkey->type = WC_EVP_PKEY_DH;
     pkey->dh = key;
     pkey->ownDh = 1;
 
@@ -9765,40 +9945,44 @@ static const struct alias {
             const char *alias;
 } digest_alias_tbl[] =
 {
-    {"MD4", "ssl3-md4"},
-    {"MD5", "ssl3-md5"},
-    {"SHA1", "ssl3-sha1"},
-    {"SHA1", "SHA"},
+    {WC_SN_md4, "md4"},
+    {WC_SN_md5, "md5"},
+    {WC_SN_sha1, "sha1"},
+    {WC_SN_sha1, "SHA"},
+    {WC_SN_sha224, "sha224"},
+    {WC_SN_sha256, "sha256"},
+    {WC_SN_sha384, "sha384"},
+    {WC_SN_sha512, "sha512"},
+    {WC_SN_sha512_224, "sha512_224"},
+    {WC_SN_sha3_224, "sha3_224"},
+    {WC_SN_sha3_256, "sha3_256"},
+    {WC_SN_sha3_384, "sha3_384"},
+    {WC_SN_sha3_512, "sha3_512"},
+    {WC_SN_sm3, "sm3"},
+    {WC_SN_blake2b512, "blake2b512"},
+    {WC_SN_blake2s256, "blake2s256"},
+    {WC_SN_shake128, "shake128"},
+    {WC_SN_shake256, "shake256"},
     { NULL, NULL}
 };
 
 const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
 {
-    char nameUpper[15]; /* 15 bytes should be enough for any name */
-    size_t i;
-
     const struct alias  *al;
     const struct s_ent *ent;
 
-    for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) {
-        nameUpper[i] = (char)XTOUPPER((unsigned char) name[i]);
-    }
-    if (i < sizeof(nameUpper))
-        nameUpper[i] = '\0';
-    else
-        return NULL;
-
-    name = nameUpper;
-    for (al = digest_alias_tbl; al->name != NULL; al++)
+    for (al = digest_alias_tbl; al->name != NULL; al++) {
         if(XSTRCMP(name, al->alias) == 0) {
             name = al->name;
             break;
         }
+    }
 
-    for (ent = md_tbl; ent->name != NULL; ent++)
+    for (ent = md_tbl; ent->name != NULL; ent++) {
         if(XSTRCMP(name, ent->name) == 0) {
-            return (EVP_MD *)ent->name;
+            return (WOLFSSL_EVP_MD *)ent->name;
         }
+    }
     return NULL;
 }
 
@@ -9806,7 +9990,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
  *
  * type - pointer to WOLFSSL_EVP_MD for which to return NID value
  *
- * Returns NID on success, or NID_undef if none exists.
+ * Returns NID on success, or WC_NID_undef if none exists.
  */
 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 {
@@ -9815,7 +9999,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("MD type arg is NULL");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     for( ent = md_tbl; ent->name != NULL; ent++){
@@ -9823,7 +10007,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             return ent->nid;
         }
     }
-    return NID_undef;
+    return WC_NID_undef;
 }
 
 #ifndef NO_MD4
@@ -9832,7 +10016,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void)
     {
         WOLFSSL_ENTER("EVP_md4");
-        return EVP_get_digestbyname("MD4");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_md4);
     }
 
 #endif /* !NO_MD4 */
@@ -9843,7 +10027,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
     {
         WOLFSSL_ENTER("EVP_md5");
-        return EVP_get_digestbyname("MD5");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_md5);
     }
 
 #endif /* !NO_MD5 */
@@ -9855,8 +10039,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
      */
     const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void)
     {
-        WOLFSSL_ENTER("EVP_blake2b512");
-        return EVP_get_digestbyname("BLAKE2b512");
+        WOLFSSL_ENTER("wolfSSL_EVP_blake2b512");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_blake2b512);
     }
 
 #endif
@@ -9869,7 +10053,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void)
     {
         WOLFSSL_ENTER("EVP_blake2s256");
-        return EVP_get_digestbyname("BLAKE2s256");
+        return wolfSSL_EVP_get_digestbyname("BLAKE2s256");
     }
 
 #endif
@@ -9895,7 +10079,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
     {
         WOLFSSL_ENTER("EVP_sha1");
-        return EVP_get_digestbyname("SHA1");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha1);
     }
 #endif /* NO_SHA */
 
@@ -9904,7 +10088,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
     {
         WOLFSSL_ENTER("EVP_sha224");
-        return EVP_get_digestbyname("SHA224");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha224);
     }
 
 #endif /* WOLFSSL_SHA224 */
@@ -9913,7 +10097,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
     {
         WOLFSSL_ENTER("EVP_sha256");
-        return EVP_get_digestbyname("SHA256");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha256);
     }
 
 #ifdef WOLFSSL_SHA384
@@ -9921,7 +10105,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
     {
         WOLFSSL_ENTER("EVP_sha384");
-        return EVP_get_digestbyname("SHA384");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha384);
     }
 
 #endif /* WOLFSSL_SHA384 */
@@ -9931,7 +10115,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
     {
         WOLFSSL_ENTER("EVP_sha512");
-        return EVP_get_digestbyname("SHA512");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha512);
     }
 
 #ifndef WOLFSSL_NOSHA512_224
@@ -9939,7 +10123,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void)
     {
         WOLFSSL_ENTER("EVP_sha512_224");
-        return EVP_get_digestbyname("SHA512_224");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_224);
     }
 
 #endif /* !WOLFSSL_NOSHA512_224 */
@@ -9948,7 +10132,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void)
     {
         WOLFSSL_ENTER("EVP_sha512_256");
-        return EVP_get_digestbyname("SHA512_256");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_256);
     }
 
 #endif /* !WOLFSSL_NOSHA512_224 */
@@ -9960,7 +10144,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void)
     {
         WOLFSSL_ENTER("EVP_sha3_224");
-        return EVP_get_digestbyname("SHA3_224");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_224);
     }
 #endif /* WOLFSSL_NOSHA3_224 */
 
@@ -9969,7 +10153,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void)
     {
         WOLFSSL_ENTER("EVP_sha3_256");
-        return EVP_get_digestbyname("SHA3_256");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_256);
     }
 #endif /* WOLFSSL_NOSHA3_256 */
 
@@ -9977,7 +10161,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void)
     {
         WOLFSSL_ENTER("EVP_sha3_384");
-        return EVP_get_digestbyname("SHA3_384");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_384);
     }
 #endif /* WOLFSSL_NOSHA3_384 */
 
@@ -9985,7 +10169,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void)
     {
         WOLFSSL_ENTER("EVP_sha3_512");
-        return EVP_get_digestbyname("SHA3_512");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_512);
     }
 #endif /* WOLFSSL_NOSHA3_512 */
 
@@ -9993,7 +10177,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void)
     {
         WOLFSSL_ENTER("EVP_shake128");
-        return EVP_get_digestbyname("SHAKE128");
+        return wolfSSL_EVP_get_digestbyname("SHAKE128");
     }
 #endif /* WOLFSSL_SHAKE128 */
 
@@ -10001,7 +10185,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void)
     {
         WOLFSSL_ENTER("EVP_shake256");
-        return EVP_get_digestbyname("SHAKE256");
+        return wolfSSL_EVP_get_digestbyname("SHAKE256");
     }
 #endif /* WOLFSSL_SHAKE256 */
 
@@ -10011,7 +10195,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void)
     {
         WOLFSSL_ENTER("EVP_sm3");
-        return EVP_get_digestbyname("SM3");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sm3);
     }
 #endif /* WOLFSSL_SM3 */
 
@@ -10046,7 +10230,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             const struct s_ent *ent;
 
             if (ctx->isHMAC) {
-                return NID_hmac;
+                return WC_NID_hmac;
             }
 
             for(ent = md_tbl; ent->name != NULL; ent++) {
@@ -10097,7 +10281,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
      * @param n message digest type name
      * @return alias name, otherwise NULL
      */
-    static const char* hasAliasName(const char* n)
+    static const char* getMdAliasName(const char* n)
     {
 
         const char* aliasnm = NULL;
@@ -10128,23 +10312,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     {
         struct do_all_md *md = (struct do_all_md*)arg;
 
-        const struct s_ent *ent;
-
         /* sanity check */
         if (md == NULL || nm == NULL || md->fn == NULL ||
             nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH)
             return;
 
-        /* loop all md */
-        for (ent = md_tbl; ent->name != NULL; ent++){
-            /* check if the md has alias */
-            if(hasAliasName(ent->name) != NULL) {
-                md->fn(NULL, ent->name, ent->name, md->arg);
-            }
-            else {
-                md->fn(ent->name, ent->name, NULL, md->arg);
-            }
-        }
+        if (nm->alias)
+            md->fn(NULL, nm->name, nm->data, md->arg);
+        else
+            md->fn((const WOLFSSL_EVP_MD *)nm->data, nm->name, NULL, md->arg);
     }
 
     /* call md_do_all function to do all md algorithm via a callback function
@@ -10179,11 +10355,30 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         if (!fn)
             return;
 
-        objnm.type = type;
-
         switch(type) {
             case WOLFSSL_OBJ_NAME_TYPE_MD_METH:
-                fn(&objnm, arg);
+                {
+                    const struct s_ent *ent;
+                    /* loop all md */
+                    for (ent = md_tbl; ent->name != NULL; ent++){
+                        XMEMSET(&objnm, 0, sizeof(objnm));
+
+                        /* populate objnm with info about the md */
+                        objnm.type = WOLFSSL_OBJ_NAME_TYPE_MD_METH;
+                        objnm.name = ent->name;
+                        objnm.data = (const char*)
+                                wolfSSL_EVP_get_digestbyname(ent->name);
+                        fn(&objnm, arg);
+
+                        /* check if the md has alias and also call fn with it */
+                        objnm.name = getMdAliasName(ent->name);
+                        if (objnm.name != NULL) {
+                            objnm.alias |= WOLFSSL_OBJ_NAME_ALIAS;
+                            objnm.data = ent->name;
+                            fn(&objnm, arg);
+                        }
+                    }
+                }
                 break;
             case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH:
             case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH:
@@ -10286,17 +10481,21 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                     /* Not an error since an unused struct could be free'd or
                      * reset. */
                     break;
+            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+                case WC_HASH_TYPE_SHAKE128:
+                    wc_Shake128_Free(&ctx->hash.digest.shake);
+                    break;
+            #endif
+            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+                case WC_HASH_TYPE_SHAKE256:
+                    wc_Shake256_Free(&ctx->hash.digest.shake);
+                    break;
+            #endif
                 case WC_HASH_TYPE_MD2:
                 case WC_HASH_TYPE_MD4:
                 case WC_HASH_TYPE_MD5_SHA:
                 case WC_HASH_TYPE_BLAKE2B:
                 case WC_HASH_TYPE_BLAKE2S:
-            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
-                case WC_HASH_TYPE_SHAKE128:
-            #endif
-            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
-                case WC_HASH_TYPE_SHAKE256:
-            #endif
                 default:
                     ret = WOLFSSL_FAILURE;
                     break;
@@ -10312,20 +10511,17 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                                const WOLFSSL_EVP_MD* md)
     {
         int ret = WOLFSSL_SUCCESS;
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV));
+    #endif
 
         WOLFSSL_ENTER("EVP_DigestInit");
 
         if (ctx == NULL) {
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
 
-
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        /* compile-time validation of ASYNC_CTX_SIZE */
-        typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ?
-                                                                        1 : -1];
-        (void)sizeof(async_test);
-    #endif
+        wolfSSL_EVP_MD_CTX_init(ctx);
 
         /* Set to 0 if no match */
         ctx->macType = EvpMd2MacType(md);
@@ -10333,76 +10529,92 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
              XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher));
         } else
     #ifndef NO_SHA
-        if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, "SHA1") == 0)) {
+        if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, WC_SN_sha1) == 0)) {
              ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha));
         } else
     #endif
     #ifndef NO_SHA256
-        if (XSTRCMP(md, "SHA256") == 0) {
+        if (XSTRCMP(md, WC_SN_sha256) == 0) {
              ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256));
         } else
     #endif
     #ifdef WOLFSSL_SHA224
-        if (XSTRCMP(md, "SHA224") == 0) {
+        if (XSTRCMP(md, WC_SN_sha224) == 0) {
              ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224));
         } else
     #endif
     #ifdef WOLFSSL_SHA384
-        if (XSTRCMP(md, "SHA384") == 0) {
+        if (XSTRCMP(md, WC_SN_sha384) == 0) {
              ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384));
         } else
     #endif
     #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
         defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-        if (XSTRCMP(md, "SHA512_224") == 0) {
+        if (XSTRCMP(md, WC_SN_sha512_224) == 0) {
              ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512));
         } else
     #endif
     #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
         defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-        if (XSTRCMP(md, "SHA512_256") == 0) {
+        if (XSTRCMP(md, WC_SN_sha512_256) == 0) {
              ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512));
         } else
     #endif
     #ifdef WOLFSSL_SHA512
-        if (XSTRCMP(md, "SHA512") == 0) {
+        if (XSTRCMP(md, WC_SN_sha512) == 0) {
              ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512));
         } else
     #endif
     #ifndef NO_MD4
-        if (XSTRCMP(md, "MD4") == 0) {
+        if (XSTRCMP(md, WC_SN_md4) == 0) {
             wolfSSL_MD4_Init(&(ctx->hash.digest.md4));
         } else
     #endif
     #ifndef NO_MD5
-        if (XSTRCMP(md, "MD5") == 0) {
+        if (XSTRCMP(md, WC_SN_md5) == 0) {
             ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5));
         } else
     #endif
 #ifdef WOLFSSL_SHA3
     #ifndef WOLFSSL_NOSHA3_224
-        if (XSTRCMP(md, "SHA3_224") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_224) == 0) {
              ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224));
         } else
     #endif
     #ifndef WOLFSSL_NOSHA3_256
-        if (XSTRCMP(md, "SHA3_256") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_256) == 0) {
              ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256));
         } else
     #endif
     #ifndef WOLFSSL_NOSHA3_384
-        if (XSTRCMP(md, "SHA3_384") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_384) == 0) {
              ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384));
         } else
     #endif
     #ifndef WOLFSSL_NOSHA3_512
-        if (XSTRCMP(md, "SHA3_512") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_512) == 0) {
              ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512));
         } else
     #endif
+    #ifdef WOLFSSL_SHAKE128
+        if (XSTRCMP(md, WC_SN_shake128) == 0) {
+            if (wc_InitShake128(&(ctx->hash.digest.shake), NULL,
+                INVALID_DEVID) != 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+        } else
+    #endif
+    #ifdef WOLFSSL_SHAKE256
+        if (XSTRCMP(md, WC_SN_shake256) == 0) {
+            if (wc_InitShake256(&(ctx->hash.digest.shake), NULL,
+                INVALID_DEVID) != 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+        } else
+    #endif
 #endif
     #ifdef WOLFSSL_SM3
-        if (XSTRCMP(md, "SM3") == 0) {
+        if (XSTRCMP(md, WC_SN_sm3) == 0) {
              ret = wc_InitSm3(&ctx->hash.digest.sm3, NULL, INVALID_DEVID);
              if (ret == 0) {
                 ret = WOLFSSL_SUCCESS;
@@ -10414,7 +10626,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     #endif
         {
              ctx->macType = WC_HASH_TYPE_NONE;
-             return BAD_FUNC_ARG;
+             return WOLFSSL_FAILURE;
         }
 
         return ret;
@@ -10424,53 +10636,53 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
                                 size_t sz)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         enum wc_HashType macType;
 
         WOLFSSL_ENTER("EVP_DigestUpdate");
 
-        macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
         switch (macType) {
             case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-                wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data,
+                wolfSSL_MD4_Update((WOLFSSL_MD4_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
                 ret = WOLFSSL_SUCCESS;
         #endif
                 break;
             case WC_HASH_TYPE_MD5:
         #ifndef NO_MD5
-                ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
+                ret = wolfSSL_MD5_Update((WOLFSSL_MD5_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA:
         #ifndef NO_SHA
-                ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA_Update((WOLFSSL_SHA_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA224:
         #ifdef WOLFSSL_SHA224
-                ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA224_Update((WOLFSSL_SHA224_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA256:
         #ifndef NO_SHA256
-                ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA256_Update((WOLFSSL_SHA256_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* !NO_SHA256 */
                 break;
             case WC_HASH_TYPE_SHA384:
         #ifdef WOLFSSL_SHA384
-                ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA384_Update((WOLFSSL_SHA384_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA512:
         #ifdef WOLFSSL_SHA512
-                ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10479,7 +10691,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_224:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
@@ -10489,7 +10701,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_256:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10497,25 +10709,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
             case WC_HASH_TYPE_SHA3_224:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-                ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_224_Update((WOLFSSL_SHA3_224_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_256:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-                ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_256_Update((WOLFSSL_SHA3_256_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_384:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-                ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_384_Update((WOLFSSL_SHA3_384_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_512:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-                ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_512_Update((WOLFSSL_SHA3_512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
@@ -10529,18 +10741,29 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                     ret = WOLFSSL_FAILURE;
                 }
                 break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+            case WC_HASH_TYPE_SHAKE128:
+                if (wc_Shake128_Update(&ctx->hash.digest.shake,
+                        (const byte*)data, (word32)sz) == 0) {
+
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+            case WC_HASH_TYPE_SHAKE256:
+                if (wc_Shake256_Update(&ctx->hash.digest.shake,
+                        (const byte*)data, (word32)sz) == 0) {
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
         #endif
             case WC_HASH_TYPE_NONE:
             case WC_HASH_TYPE_MD2:
             case WC_HASH_TYPE_MD5_SHA:
             case WC_HASH_TYPE_BLAKE2B:
             case WC_HASH_TYPE_BLAKE2S:
-        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
-            case WC_HASH_TYPE_SHAKE128:
-        #endif
-        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
-            case WC_HASH_TYPE_SHAKE256:
-        #endif
             default:
                 return WOLFSSL_FAILURE;
         }
@@ -10549,55 +10772,52 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     }
 
     /* WOLFSSL_SUCCESS on ok */
-    int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
-                               unsigned int* s)
+    static int wolfSSL_EVP_DigestFinal_Common(WOLFSSL_EVP_MD_CTX* ctx,
+            unsigned char* md, unsigned int* s, enum wc_HashType macType)
     {
-        int ret = WOLFSSL_FAILURE;
-        enum wc_HashType macType;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
-        WOLFSSL_ENTER("EVP_DigestFinal");
-        macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
         switch (macType) {
             case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-                wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash);
-                if (s) *s = MD4_DIGEST_SIZE;
+                wolfSSL_MD4_Final(md, (WOLFSSL_MD4_CTX*)&ctx->hash);
+                if (s) *s = WC_MD4_DIGEST_SIZE;
                 ret = WOLFSSL_SUCCESS;
         #endif
                 break;
             case WC_HASH_TYPE_MD5:
         #ifndef NO_MD5
-                ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
+                ret = wolfSSL_MD5_Final(md, (WOLFSSL_MD5_CTX*)&ctx->hash);
                 if (s) *s = WC_MD5_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA:
         #ifndef NO_SHA
-                ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA_Final(md, (WOLFSSL_SHA_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA224:
         #ifdef WOLFSSL_SHA224
-                ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA224_Final(md, (WOLFSSL_SHA224_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA224_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA256:
         #ifndef NO_SHA256
-                ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA256_Final(md, (WOLFSSL_SHA256_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA256_DIGEST_SIZE;
         #endif /* !NO_SHA256 */
                 break;
             case WC_HASH_TYPE_SHA384:
         #ifdef WOLFSSL_SHA384
-                ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA384_Final(md, (WOLFSSL_SHA384_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA384_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA512:
         #ifdef WOLFSSL_SHA512
-                ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_DIGEST_SIZE;
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10605,7 +10825,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_224:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_224_DIGEST_SIZE;
         #endif
                 break;
@@ -10614,32 +10834,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_256:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_256_DIGEST_SIZE;
         #endif
                 break;
         #endif /* !WOLFSSL_NOSHA512_256 */
             case WC_HASH_TYPE_SHA3_224:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-                ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_224_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_256:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-                ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_256_Final(md, (WOLFSSL_SHA3_256_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_256_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_384:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-                ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_384_Final(md, (WOLFSSL_SHA3_384_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_384_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_512:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-                ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_512_Final(md, (WOLFSSL_SHA3_512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_512_DIGEST_SIZE;
         #endif
                 break;
@@ -10654,32 +10874,133 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                 }
                 if (s) *s = WC_SM3_DIGEST_SIZE;
                 break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+            case WC_HASH_TYPE_SHAKE128:
+                if (wc_Shake128_Final(&ctx->hash.digest.shake, md, *s) == 0) {
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+            case WC_HASH_TYPE_SHAKE256:
+                if (wc_Shake256_Final(&ctx->hash.digest.shake, md, *s) == 0) {
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
         #endif
             case WC_HASH_TYPE_NONE:
             case WC_HASH_TYPE_MD2:
             case WC_HASH_TYPE_MD5_SHA:
             case WC_HASH_TYPE_BLAKE2B:
             case WC_HASH_TYPE_BLAKE2S:
+            default:
+                return WOLFSSL_FAILURE;
+        }
+
+        return ret;
+    }
+
+    int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
+                               unsigned int* s)
+    {
+        enum wc_HashType macType;
+
+        WOLFSSL_ENTER("wolfSSL_EVP_DigestFinal");
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
+        switch (macType) {
+            case WC_HASH_TYPE_MD4:
+            case WC_HASH_TYPE_MD5:
+            case WC_HASH_TYPE_SHA:
+            case WC_HASH_TYPE_SHA224:
+            case WC_HASH_TYPE_SHA256:
+            case WC_HASH_TYPE_SHA384:
+            case WC_HASH_TYPE_SHA512:
+        #ifndef WOLFSSL_NOSHA512_224
+            case WC_HASH_TYPE_SHA512_224:
+        #endif /* !WOLFSSL_NOSHA512_224 */
+        #ifndef WOLFSSL_NOSHA512_256
+            case WC_HASH_TYPE_SHA512_256:
+        #endif /* !WOLFSSL_NOSHA512_256 */
+            case WC_HASH_TYPE_SHA3_224:
+            case WC_HASH_TYPE_SHA3_256:
+            case WC_HASH_TYPE_SHA3_384:
+            case WC_HASH_TYPE_SHA3_512:
+        #ifdef WOLFSSL_SM3
+            case WC_HASH_TYPE_SM3:
+        #endif
+            case WC_HASH_TYPE_NONE:
+            case WC_HASH_TYPE_MD2:
+            case WC_HASH_TYPE_MD5_SHA:
+            case WC_HASH_TYPE_BLAKE2B:
+            case WC_HASH_TYPE_BLAKE2S:
+                break;
+
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+            case WC_HASH_TYPE_SHAKE128:
+                *s = 16; /* if mixing up XOF with plain digest 128 bit is
+                          * default for SHAKE128 */
+                break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+            case WC_HASH_TYPE_SHAKE256:
+                *s = 32; /* if mixing up XOF with plain digest 256 bit is
+                          * default for SHAKE256 */
+                break;
+        #endif
+            default:
+                return WOLFSSL_FAILURE;
+        }
+        return wolfSSL_EVP_DigestFinal_Common(ctx, md, s, macType);
+    }
+
+    /* WOLFSSL_SUCCESS on ok */
+    int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
+                                   unsigned int* s)
+    {
+        WOLFSSL_ENTER("EVP_DigestFinal_ex");
+        return wolfSSL_EVP_DigestFinal(ctx, md, s);
+    }
+
+
+    /* XOF stands for extendable-output functions. This is used for algos such
+     * as SHAKE256.
+     *
+     * returns 1 (WOLFSSL_SUCCESS) on success and 0 (WOLFSSL_FAILURE) on fail */
+    int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *md,
+        size_t sz)
+    {
+        unsigned int len;
+        enum wc_HashType macType;
+
+        WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF");
+        len = (unsigned int)sz;
+
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
+        return wolfSSL_EVP_DigestFinal_Common(ctx, md, &len, macType);
+    }
+
+
+    unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md)
+    {
+        enum wc_HashType macType;
+
+        macType = EvpMd2MacType(md);
+        switch ((int)macType) {
+            case WC_HASH_TYPE_BLAKE2B:
+            case WC_HASH_TYPE_BLAKE2S:
         #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
             case WC_HASH_TYPE_SHAKE128:
         #endif
         #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
             case WC_HASH_TYPE_SHAKE256:
         #endif
+                return WOLFSSL_EVP_MD_FLAG_XOF;
             default:
-                return WOLFSSL_FAILURE;
+                return 0;
         }
-
-        return ret;
     }
 
-    /* WOLFSSL_SUCCESS on ok */
-    int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
-                                   unsigned int* s)
-    {
-        WOLFSSL_ENTER("EVP_DigestFinal_ex");
-        return EVP_DigestFinal(ctx, md, s);
-    }
 
     void wolfSSL_EVP_cleanup(void)
     {
@@ -10691,32 +11012,36 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
     WOLFSSL_MSG("wolfSSL_get_digestbynid");
 
     switch(id) {
+#ifndef NO_MD4
+        case WC_NID_md4:
+            return wolfSSL_EVP_md4();
+#endif
 #ifndef NO_MD5
-        case NID_md5:
+        case WC_NID_md5:
             return wolfSSL_EVP_md5();
 #endif
 #ifndef NO_SHA
-        case NID_sha1:
+        case WC_NID_sha1:
             return wolfSSL_EVP_sha1();
 #endif
 #ifdef WOLFSSL_SHA224
-        case NID_sha224:
+        case WC_NID_sha224:
             return wolfSSL_EVP_sha224();
 #endif
 #ifndef NO_SHA256
-        case NID_sha256:
+        case WC_NID_sha256:
             return wolfSSL_EVP_sha256();
 #endif
 #ifdef WOLFSSL_SHA384
-        case NID_sha384:
+        case WC_NID_sha384:
             return wolfSSL_EVP_sha384();
 #endif
 #ifdef WOLFSSL_SHA512
-        case NID_sha512:
+        case WC_NID_sha512:
             return wolfSSL_EVP_sha512();
 #endif
 #ifdef WOLFSSL_SM3
-        case NID_sm3:
+        case WC_NID_sm3:
             return wolfSSL_EVP_sm3();
 #endif
         default:
@@ -10731,73 +11056,73 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("No md type arg");
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
 #ifndef NO_SHA
-    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
+    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
         return WC_SHA_BLOCK_SIZE;
     } else
 #endif
 #ifndef NO_SHA256
-    if (XSTRCMP(type, "SHA256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha256) == 0) {
         return WC_SHA256_BLOCK_SIZE;
     } else
 #endif
 #ifndef NO_MD4
-    if (XSTRCMP(type, "MD4") == 0) {
-        return MD4_BLOCK_SIZE;
+    if (XSTRCMP(type, WC_SN_md4) == 0) {
+        return WC_MD4_BLOCK_SIZE;
     } else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP(type, "MD5") == 0) {
+    if (XSTRCMP(type, WC_SN_md5) == 0) {
         return WC_MD5_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP(type, "SHA224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha224) == 0) {
         return WC_SHA224_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP(type, "SHA384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha384) == 0) {
         return WC_SHA384_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP(type, "SHA512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512) == 0) {
         return WC_SHA512_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-    if (XSTRCMP(type, "SHA3_224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
         return WC_SHA3_224_BLOCK_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    if (XSTRCMP(type, "SHA3_256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
         return WC_SHA3_256_BLOCK_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    if (XSTRCMP(type, "SHA3_384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
         return WC_SHA3_384_BLOCK_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    if (XSTRCMP(type, "SHA3_512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
         return WC_SHA3_512_BLOCK_SIZE;
-    }
+    } else
 #endif
 #endif /* WOLFSSL_SHA3 */
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP(type, "SM3") == 0) {
+    if (XSTRCMP(type, WC_SN_sm3) == 0) {
         return WC_SM3_BLOCK_SIZE;
     } else
 #endif
 
-    return BAD_FUNC_ARG;
+    return WOLFSSL_FAILURE;
 }
 
 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
@@ -10806,83 +11131,83 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("No md type arg");
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
 #ifndef NO_SHA
-    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
+    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
         return WC_SHA_DIGEST_SIZE;
     } else
 #endif
 #ifndef NO_SHA256
-    if (XSTRCMP(type, "SHA256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha256) == 0) {
         return WC_SHA256_DIGEST_SIZE;
     } else
 #endif
 #ifndef NO_MD4
-    if (XSTRCMP(type, "MD4") == 0) {
-        return MD4_DIGEST_SIZE;
+    if (XSTRCMP(type, WC_SN_md4) == 0) {
+        return WC_MD4_DIGEST_SIZE;
     } else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP(type, "MD5") == 0) {
+    if (XSTRCMP(type, WC_SN_md5) == 0) {
         return WC_MD5_DIGEST_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP(type, "SHA224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha224) == 0) {
         return WC_SHA224_DIGEST_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP(type, "SHA384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha384) == 0) {
         return WC_SHA384_DIGEST_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP(type, "SHA512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512) == 0) {
         return WC_SHA512_DIGEST_SIZE;
     } else
 #ifndef WOLFSSL_NOSHA512_224
-    if (XSTRCMP(type, "SHA512_224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512_224) == 0) {
         return WC_SHA512_224_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA512_256
-    if (XSTRCMP(type, "SHA512_256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512_256) == 0) {
         return WC_SHA512_256_DIGEST_SIZE;
     } else
 #endif
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-    if (XSTRCMP(type, "SHA3_224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
         return WC_SHA3_224_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    if (XSTRCMP(type, "SHA3_256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
         return WC_SHA3_256_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    if (XSTRCMP(type, "SHA3_384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
         return WC_SHA3_384_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    if (XSTRCMP(type, "SHA3_512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
         return WC_SHA3_512_DIGEST_SIZE;
     } else
 #endif
 #endif /* WOLFSSL_SHA3 */
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP(type, "SM3") == 0) {
+    if (XSTRCMP(type, WC_SN_sm3) == 0) {
         return WC_SM3_DIGEST_SIZE;
     }
 #endif
 
-    return BAD_FUNC_ARG;
+    return WOLFSSL_FAILURE;
 }
 
 #endif /* OPENSSL_EXTRA  || HAVE_CURL */
@@ -10962,7 +11287,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
             switch(key->type)
             {
                 #ifndef NO_RSA
-                case EVP_PKEY_RSA:
+                case WC_EVP_PKEY_RSA:
                     if (key->rsa != NULL && key->ownRsa == 1) {
                         wolfSSL_RSA_free(key->rsa);
                         key->rsa = NULL;
@@ -10971,7 +11296,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* NO_RSA */
 
                 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-                case EVP_PKEY_EC:
+                case WC_EVP_PKEY_EC:
                     if (key->ecc != NULL && key->ownEcc == 1) {
                         wolfSSL_EC_KEY_free(key->ecc);
                         key->ecc = NULL;
@@ -10980,7 +11305,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* HAVE_ECC && OPENSSL_EXTRA */
 
                 #ifndef NO_DSA
-                case EVP_PKEY_DSA:
+                case WC_EVP_PKEY_DSA:
                     if (key->dsa != NULL && key->ownDsa == 1) {
                         wolfSSL_DSA_free(key->dsa);
                         key->dsa = NULL;
@@ -10990,7 +11315,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || \
                        defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
-                case EVP_PKEY_DH:
+                case WC_EVP_PKEY_DH:
                     if (key->dh != NULL && key->ownDh == 1) {
                         wolfSSL_DH_free(key->dh);
                         key->dh = NULL;
@@ -10999,19 +11324,13 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* ! NO_DH ... */
 
                 #ifdef HAVE_HKDF
-                case EVP_PKEY_HKDF:
-                    if (key->hkdfSalt != NULL) {
-                        XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
-                        key->hkdfSalt = NULL;
-                    }
-                    if (key->hkdfKey != NULL) {
-                        XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
-                        key->hkdfKey = NULL;
-                    }
-                    if (key->hkdfInfo != NULL) {
-                        XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
-                        key->hkdfInfo = NULL;
-                    }
+                case WC_EVP_PKEY_HKDF:
+                    XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
+                    key->hkdfSalt = NULL;
+                    XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
+                    key->hkdfKey = NULL;
+                    XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
+                    key->hkdfInfo = NULL;
                     key->hkdfSaltSz = 0;
                     key->hkdfKeySz = 0;
                     key->hkdfInfoSz = 0;
@@ -11020,7 +11339,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
                     defined(WOLFSSL_AES_DIRECT)
-                case EVP_PKEY_CMAC:
+                case WC_EVP_PKEY_CMAC:
                     if (key->cmacCtx != NULL) {
                         wolfSSL_CMAC_CTX_free(key->cmacCtx);
                         key->cmacCtx = NULL;
@@ -11051,8 +11370,8 @@ static int Indent(WOLFSSL_BIO* out, int indents)
     if (out == NULL) {
         return 0;
     }
-    if (indents > EVP_PKEY_PRINT_INDENT_MAX) {
-        indents = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indents > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indents = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
     for (i = 0; i < indents; i++) {
         if (wolfSSL_BIO_write(out, &space, 1) < 0) {
@@ -11080,7 +11399,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
 #ifdef WOLFSSL_SMALL_STACK
     byte*  buff = NULL;
 #else
-    byte   buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
+    byte   buff[WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
 #endif /* WOLFSSL_SMALL_STACK */
     int    ret = WOLFSSL_SUCCESS;
     word32 in = 0;
@@ -11097,14 +11416,14 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     data = input;
 
 #ifdef WOLFSSL_SMALL_STACK
-    buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
+    buff = (byte*)XMALLOC(WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (!buff) {
         return WOLFSSL_FAILURE;
@@ -11115,9 +11434,9 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
     idx = 0;
 
     for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in +=
-                                        EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
+             WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
         Indent(out, indent);
-        for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
+        for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
                                         (in + i < (word32)inlen); i++) {
 
             if (ret == WOLFSSL_SUCCESS) {
@@ -11146,7 +11465,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
             ret = wolfSSL_BIO_write(out, "\n", 1) > 0;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX);
+            XMEMSET(buff, 0, WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX);
             idx = 0;
         }
     }
@@ -11168,10 +11487,10 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
     byte   buff[8] = { 0 };
-    int    res = WOLFSSL_FAILURE;
+    int    res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32 inOutIdx = 0;
     word32 nSz;             /* size of modulus */
     word32 eSz;             /* size of public exponent */
@@ -11204,8 +11523,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11322,7 +11641,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
     byte*   pub = NULL;
     word32  pubSz = 0;
@@ -11384,8 +11703,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    else if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    else if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     if (res == WOLFSSL_SUCCESS) {
@@ -11490,10 +11809,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
         res = wolfSSL_BIO_write(out, "\n", 1) > 0;
     }
 
-    if (pub != NULL) {
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER);
-        pub = NULL;
-    }
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER);
+    pub = NULL;
 
     wc_ecc_free(key);
     mp_free(a);
@@ -11520,12 +11837,12 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
     byte    buff[8] = { 0 };
     int     length;
-    int     res = WOLFSSL_FAILURE;
+    int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  inOutIdx = 0;
     word32  oid;
     byte    tagFound;
@@ -11556,8 +11873,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11739,11 +12056,11 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
     byte    buff[8] = { 0 };
-    int     res = WOLFSSL_FAILURE;
+    int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  length;
     word32  inOutIdx;
     word32  oid;
@@ -11780,8 +12097,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11970,7 +12287,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Can handle RSA, ECC, DSA and DH public keys.
  */
 int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
-    const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx)
+    const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx)
 {
     int res;
 #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
@@ -11988,13 +12305,13 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 #endif
 
     switch (pkey->type) {
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
 
 #if !defined(NO_RSA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12010,7 +12327,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
 
 #if defined(HAVE_ECC)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12026,7 +12343,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
 
 #if !defined(NO_DSA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12042,7 +12359,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
 
 #if defined(WOLFSSL_DH_EXTRA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12078,64 +12395,64 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
     }
 
 #ifndef NO_SHA
-    if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP("SHA1", evp) == 0)) {
+    if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP(WC_SN_sha1, evp) == 0)) {
         hash = WC_HASH_TYPE_SHA;
     } else
 #endif
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP("SHA224", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha224, evp) == 0) {
         hash = WC_HASH_TYPE_SHA224;
     } else
 #endif
 #ifndef NO_SHA256
-    if (XSTRCMP("SHA256", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha256, evp) == 0) {
         hash = WC_HASH_TYPE_SHA256;
     } else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP("SHA384", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha384, evp) == 0) {
         hash = WC_HASH_TYPE_SHA384;
     } else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP("SHA512", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha512, evp) == 0) {
         hash = WC_HASH_TYPE_SHA512;
     } else
 #ifndef WOLFSSL_NOSHA512_224
-    if (XSTRCMP("SHA512_224", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha512_224, evp) == 0) {
         hash = WC_HASH_TYPE_SHA512_224;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA512_256
-    if (XSTRCMP("SHA512_256", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha512_256, evp) == 0) {
         hash = WC_HASH_TYPE_SHA512_256;
     } else
 #endif
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-    if (XSTRCMP("SHA3_224", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_224, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_224;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    if (XSTRCMP("SHA3_256", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_256, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_256;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    if (XSTRCMP("SHA3_384", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_384, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_384;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    if (XSTRCMP("SHA3_512", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_512, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_512;
     } else
 #endif
 #endif /* WOLFSSL_SHA3 */
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP("SM3", evp) == 0) {
+    if (XSTRCMP(WC_SN_sm3, evp) == 0) {
         hash = WC_HASH_TYPE_SM3;
     } else
 #endif
@@ -12145,12 +12462,12 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
     } else
 #endif
 #ifndef NO_MD4
-    if (XSTRCMP("MD4", evp) == 0) {
+    if (XSTRCMP(WC_SN_md4, evp) == 0) {
         hash = WC_HASH_TYPE_MD4;
     } else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP("MD5", evp) == 0) {
+    if (XSTRCMP(WC_SN_md5, evp) == 0) {
         hash = WC_HASH_TYPE_MD5;
     } else
 #endif
@@ -12426,7 +12743,7 @@ int  wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
             (word32)(BASE64_DECODE_BLOCK_SIZE - ctx->remaining), (word32)inl);
 
         for ( i = 0; cpySz > 0 && inLen > 0; i++) {
-            if (Base64_SkipNewline(in, &inLen, &j) == ASN_INPUT_E) {
+            if (Base64_SkipNewline(in, &inLen, &j) == WC_NO_ERR_TRACE(ASN_INPUT_E)) {
                 return -1;  /* detected an illegal char in input */
             }
             c = in[j++];
@@ -12466,7 +12783,7 @@ int  wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
      */
     while (inLen > 3) {
         if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
-            if (res == BUFFER_E) {
+            if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
                 break;
             }
             else {
@@ -12480,7 +12797,7 @@ int  wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
         }
         inLen--;
         if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
-            if (res == BUFFER_E) {
+            if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
                 break;
             }
             else {
@@ -12491,7 +12808,7 @@ int  wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
         e[1] = in[j++];
         inLen--;
         if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
-            if (res == BUFFER_E) {
+            if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
                 break;
             }
             else {
@@ -12502,7 +12819,7 @@ int  wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
         e[2] = in[j++];
         inLen--;
         if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
-            if (res == BUFFER_E) {
+            if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
                 break;
             }
             else {
@@ -12609,8 +12926,10 @@ int  wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
         inLen = (word32)ctx->remaining;
         if ((res = Base64_SkipNewline(ctx->data, &inLen, &j)) != 0) {
             *outl = 0;
-            if (res == BUFFER_E) /* means no valid data to decode in buffer */
+            if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
+                /* means no valid data to decode in buffer */
                 return  1; /* returns as success with no output */
+            }
             else
                 return -1;
         }
diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c
index 834d98903..50196d444 100644
--- a/wolfcrypt/src/ext_kyber.c
+++ b/wolfcrypt/src/ext_kyber.c
@@ -1,6 +1,6 @@
 /* ext_kyber.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_WC_KYBER)
 #include <wolfssl/wolfcrypt/ext_kyber.h>
 
 #ifdef NO_INLINE
@@ -39,11 +39,20 @@
 
 #if defined (HAVE_LIBOQS)
 
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+
 static const char* OQS_ID2name(int id) {
     switch (id) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:  return OQS_KEM_alg_ml_kem_512;
+        case WC_ML_KEM_768:  return OQS_KEM_alg_ml_kem_768;
+        case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
         case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768;
         case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024;
+    #endif
         default:           break;
     }
     return NULL;
@@ -81,11 +90,20 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
     if (ret == 0) {
         /* Validate type. */
         switch (type) {
+#ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+    #ifdef HAVE_LIBOQS
+        case WC_ML_KEM_768:
+        case WC_ML_KEM_1024:
+    #endif /* HAVE_LIBOQS */
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
-#ifdef HAVE_LIBOQS
+    #ifdef HAVE_LIBOQS
         case KYBER_LEVEL3:
         case KYBER_LEVEL5:
-#endif /* HAVE_LIBOQS */
+    #endif /* HAVE_LIBOQS */
+#endif
             break;
         default:
             /* No other values supported. */
@@ -99,10 +117,15 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
 
         /* Keep type for parameters. */
         key->type = type;
+
+#ifdef WOLF_CRYPTO_CB
+        key->devCtx = NULL;
+        key->devId = devId;
+#endif
     }
 
-    (void)devId;
     (void)heap;
+    (void)devId;
 
     return ret;
 }
@@ -145,6 +168,18 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length private key. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_secret_key;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_secret_key;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_secret_key;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_secret_key;
             break;
@@ -154,6 +189,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_secret_key;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -161,12 +197,6 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_PRIVATE_KEY_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -193,6 +223,18 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length public key. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_public_key;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_public_key;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_public_key;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_public_key;
             break;
@@ -202,6 +244,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_public_key;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -209,12 +252,6 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_PUBLIC_KEY_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -241,6 +278,18 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length ciphertext. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_ciphertext;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_ciphertext;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_ciphertext;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_ciphertext;
             break;
@@ -250,6 +299,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_ciphertext;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -257,12 +307,6 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_CIPHERTEXT_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -294,7 +338,7 @@ int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
 /**
  * Make a Kyber key object using a random number generator.
  *
- * NOTE: rng is ignored. OQS and PQM4 don't use our RNG.
+ * NOTE: rng is ignored. OQS doesn't use our RNG.
  *
  * @param  [in, out]  key   Kyber key ovject.
  * @param  [in]       rng   Random number generator.
@@ -310,13 +354,25 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
     OQS_KEM *kem = NULL;
 #endif
 
-    (void)rng;
-
     /* Validate parameter. */
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_MakePqcKemKey(rng, WC_PQC_KEM_TYPE_KYBER,
+                                        key->type, key);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
 #ifdef HAVE_LIBOQS
     if (ret == 0) {
         algName = OQS_ID2name(key->type);
@@ -325,34 +381,24 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
         }
     }
 
-    if (ret == 0) {
-        algName = OQS_ID2name(key->type);
-        if (algName == NULL) {
-            ret = BAD_FUNC_ARG;
-        }
-    }
     if (ret == 0) {
         kem = OQS_KEM_new(algName);
         if (kem == NULL) {
             ret = BAD_FUNC_ARG;
         }
     }
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
     if (ret == 0) {
         if (OQS_KEM_keypair(kem, key->pub, key->priv) !=
             OQS_SUCCESS) {
             ret = BAD_FUNC_ARG;
         }
     }
+    wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_keypair(key->pub, key->priv) != 0) {
-            WOLFSSL_MSG("PQM4 keygen failure");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     if (ret != 0) {
         ForceZero(key, sizeof(*key));
@@ -377,7 +423,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
 {
     (void)rand;
     (void)len;
-    /* OQS and PQM4 don't support external randomness. */
+    /* OQS doesn't support external randomness. */
     return wc_KyberKey_MakeKey(key, NULL);
 }
 
@@ -397,6 +443,9 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
     WC_RNG* rng)
 {
     int ret = 0;
+#ifdef WOLF_CRYPTO_CB
+    word32 ctlen = 0;
+#endif
 #ifdef HAVE_LIBOQS
     const char * algName = NULL;
     OQS_KEM *kem = NULL;
@@ -409,6 +458,24 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
         ret = BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+        ret = wc_KyberKey_CipherTextSize(key, &ctlen);
+    }
+    if ((ret == 0)
+    #ifndef WOLF_CRYPTO_CB_FIND
+        && (key->devId != INVALID_DEVID)
+    #endif
+    ) {
+        ret = wc_CryptoCb_PqcEncapsulate(ct, ctlen, ss, KYBER_SS_SZ, rng,
+                                         WC_PQC_KEM_TYPE_KYBER, key);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
 #ifdef HAVE_LIBOQS
     if (ret == 0) {
         algName = OQS_ID2name(key->type);
@@ -422,22 +489,17 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
             ret = BAD_FUNC_ARG;
         }
     }
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
     if (ret == 0) {
         if (OQS_KEM_encaps(kem, ct, ss, key->pub) != OQS_SUCCESS) {
             ret = BAD_FUNC_ARG;
         }
     }
-
+    wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_enc(ct, ss, key->pub) != 0) {
-            WOLFSSL_MSG("PQM4 Encapsulation failure.");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -460,7 +522,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
 {
     (void)rand;
     (void)len;
-    /* OQS and PQM4 don't support external randomness. */
+    /* OQS doesn't support external randomness. */
     return wc_KyberKey_Encapsulate(key, ct, ss, NULL);
 }
 
@@ -500,6 +562,21 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
         ret = BUFFER_E;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    if ((ret == 0)
+    #ifndef WOLF_CRYPTO_CB_FIND
+        && (key->devId != INVALID_DEVID)
+    #endif
+    ) {
+        ret = wc_CryptoCb_PqcDecapsulate(ct, ctlen, ss, KYBER_SS_SZ,
+                                         WC_PQC_KEM_TYPE_KYBER, key);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
 #ifdef HAVE_LIBOQS
     if (ret == 0) {
         algName = OQS_ID2name(key->type);
@@ -521,14 +598,6 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
 
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_dec(ss, ct, key->priv) != 0) {
-            WOLFSSL_MSG("PQM4 Decapsulation failure.");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 
@@ -552,7 +621,8 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  BUFFER_E when len is not the correct size.
  */
-int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len)
+int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
+    word32 len)
 {
     int ret = 0;
     word32 privLen = 0;
@@ -591,7 +661,8 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in, word32 len)
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  BUFFER_E when len is not the correct size.
  */
-int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, word32 len)
+int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
+    word32 len)
 {
     int ret = 0;
     word32 pubLen = 0;
@@ -692,4 +763,4 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
     return ret;
 }
 
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_WC_KYBER */
diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c
index a5155076b..b9f00d5bc 100644
--- a/wolfcrypt/src/ext_lms.c
+++ b/wolfcrypt/src/ext_lms.c
@@ -1,6 +1,6 @@
 /* ext_lms.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,8 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
-#ifdef WOLFSSL_HAVE_LMS
+#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
+
 #include <wolfssl/wolfcrypt/ext_lms.h>
 
 #ifdef NO_INLINE
@@ -160,38 +161,77 @@ const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm)
 {
     switch (lmsParm) {
     case WC_LMS_PARM_NONE:
-        return "LMS_NONE";
-
+        return "LMS/HSS NONE";
+    case WC_LMS_PARM_L1_H5_W1:
+        return "LMS/HSS L1_H5_W1";
+    case WC_LMS_PARM_L1_H5_W2:
+        return "LMS/HSS L1_H5_W2";
+    case WC_LMS_PARM_L1_H5_W4:
+        return "LMS/HSS L1_H5_W4";
+    case WC_LMS_PARM_L1_H5_W8:
+        return "LMS/HSS L1_H5_W8";
+    case WC_LMS_PARM_L1_H10_W2:
+        return "LMS/HSS L1_H10_W2";
+    case WC_LMS_PARM_L1_H10_W4:
+        return "LMS/HSS L1_H10_W4";
+    case WC_LMS_PARM_L1_H10_W8:
+        return "LMS/HSS L1_H10_W8";
     case WC_LMS_PARM_L1_H15_W2:
         return "LMS/HSS L1_H15_W2";
-
     case WC_LMS_PARM_L1_H15_W4:
         return "LMS/HSS L1_H15_W4";
-
+    case WC_LMS_PARM_L1_H15_W8:
+        return "LMS/HSS L1_H15_W8";
+    case WC_LMS_PARM_L1_H20_W2:
+        return "LMS/HSS L1_H20_W2";
+    case WC_LMS_PARM_L1_H20_W4:
+        return "LMS/HSS L1_H20_W4";
+    case WC_LMS_PARM_L1_H20_W8:
+        return "LMS/HSS L1_H20_W8";
+    case WC_LMS_PARM_L2_H5_W2:
+        return "LMS/HSS L2_H5_W2";
+    case WC_LMS_PARM_L2_H5_W4:
+        return "LMS/HSS L2_H5_W4";
+    case WC_LMS_PARM_L2_H5_W8:
+        return "LMS/HSS L2_H5_W8";
     case WC_LMS_PARM_L2_H10_W2:
         return "LMS/HSS L2_H10_W2";
-
     case WC_LMS_PARM_L2_H10_W4:
         return "LMS/HSS L2_H10_W4";
-
     case WC_LMS_PARM_L2_H10_W8:
         return "LMS/HSS L2_H10_W8";
-
+    case WC_LMS_PARM_L2_H15_W2:
+        return "LMS/HSS L2_H15_W2";
+    case WC_LMS_PARM_L2_H15_W4:
+        return "LMS/HSS L2_H15_W4";
+    case WC_LMS_PARM_L2_H15_W8:
+        return "LMS/HSS L2_H15_W8";
+    case WC_LMS_PARM_L2_H20_W2:
+        return "LMS/HSS L2_H20_W2";
+    case WC_LMS_PARM_L2_H20_W4:
+        return "LMS/HSS L2_H20_W4";
+    case WC_LMS_PARM_L2_H20_W8:
+        return "LMS/HSS L2_H20_W8";
     case WC_LMS_PARM_L3_H5_W2:
         return "LMS/HSS L3_H5_W2";
-
     case WC_LMS_PARM_L3_H5_W4:
         return "LMS/HSS L3_H5_W4";
-
     case WC_LMS_PARM_L3_H5_W8:
         return "LMS/HSS L3_H5_W8";
-
     case WC_LMS_PARM_L3_H10_W4:
         return "LMS/HSS L3_H10_W4";
-
+    case WC_LMS_PARM_L3_H10_W8:
+        return "LMS/HSS L3_H10_W8";
+    case WC_LMS_PARM_L4_H5_W2:
+        return "LMS/HSS L4_H5_W2";
+    case WC_LMS_PARM_L4_H5_W4:
+        return "LMS/HSS L4_H5_W4";
     case WC_LMS_PARM_L4_H5_W8:
         return "LMS/HSS L4_H5_W8";
-
+    case WC_LMS_PARM_L4_H10_W4:
+        return "LMS/HSS L4_H10_W4";
+    case WC_LMS_PARM_L4_H10_W8:
+        return "LMS/HSS L4_H10_W8";
     default:
         WOLFSSL_MSG("error: invalid LMS parameter");
         break;
@@ -279,36 +319,76 @@ int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm)
     /* If NONE is passed, default to the lowest predefined set. */
     switch (lmsParm) {
     case WC_LMS_PARM_NONE:
+    case WC_LMS_PARM_L1_H5_W1:
+        return wc_LmsKey_SetParameters(key, 1, 5, 1);
+    case WC_LMS_PARM_L1_H5_W2:
+        return wc_LmsKey_SetParameters(key, 1, 5, 2);
+    case WC_LMS_PARM_L1_H5_W4:
+        return wc_LmsKey_SetParameters(key, 1, 5, 4);
+    case WC_LMS_PARM_L1_H5_W8:
+        return wc_LmsKey_SetParameters(key, 1, 5, 8);
+    case WC_LMS_PARM_L1_H10_W2:
+        return wc_LmsKey_SetParameters(key, 1, 10, 2);
+    case WC_LMS_PARM_L1_H10_W4:
+        return wc_LmsKey_SetParameters(key, 1, 10, 4);
+    case WC_LMS_PARM_L1_H10_W8:
+        return wc_LmsKey_SetParameters(key, 1, 10, 8);
     case WC_LMS_PARM_L1_H15_W2:
         return wc_LmsKey_SetParameters(key, 1, 15, 2);
-
     case WC_LMS_PARM_L1_H15_W4:
         return wc_LmsKey_SetParameters(key, 1, 15, 4);
-
+    case WC_LMS_PARM_L1_H15_W8:
+        return wc_LmsKey_SetParameters(key, 1, 15, 8);
+    case WC_LMS_PARM_L1_H20_W2:
+        return wc_LmsKey_SetParameters(key, 1, 20, 2);
+    case WC_LMS_PARM_L1_H20_W4:
+        return wc_LmsKey_SetParameters(key, 1, 20, 4);
+    case WC_LMS_PARM_L1_H20_W8:
+        return wc_LmsKey_SetParameters(key, 1, 20, 8);
+    case WC_LMS_PARM_L2_H5_W2:
+        return wc_LmsKey_SetParameters(key, 2, 5, 2);
+    case WC_LMS_PARM_L2_H5_W4:
+        return wc_LmsKey_SetParameters(key, 2, 5, 4);
+    case WC_LMS_PARM_L2_H5_W8:
+        return wc_LmsKey_SetParameters(key, 2, 5, 8);
     case WC_LMS_PARM_L2_H10_W2:
         return wc_LmsKey_SetParameters(key, 2, 10, 2);
-
     case WC_LMS_PARM_L2_H10_W4:
         return wc_LmsKey_SetParameters(key, 2, 10, 4);
-
     case WC_LMS_PARM_L2_H10_W8:
         return wc_LmsKey_SetParameters(key, 2, 10, 8);
-
+    case WC_LMS_PARM_L2_H15_W2:
+        return wc_LmsKey_SetParameters(key, 2, 15, 2);
+    case WC_LMS_PARM_L2_H15_W4:
+        return wc_LmsKey_SetParameters(key, 2, 15, 4);
+    case WC_LMS_PARM_L2_H15_W8:
+        return wc_LmsKey_SetParameters(key, 2, 15, 8);
+    case WC_LMS_PARM_L2_H20_W2:
+        return wc_LmsKey_SetParameters(key, 2, 20, 2);
+    case WC_LMS_PARM_L2_H20_W4:
+        return wc_LmsKey_SetParameters(key, 2, 20, 4);
+    case WC_LMS_PARM_L2_H20_W8:
+        return wc_LmsKey_SetParameters(key, 2, 20, 8);
     case WC_LMS_PARM_L3_H5_W2:
         return wc_LmsKey_SetParameters(key, 3, 5, 2);
-
     case WC_LMS_PARM_L3_H5_W4:
         return wc_LmsKey_SetParameters(key, 3, 5, 4);
-
     case WC_LMS_PARM_L3_H5_W8:
         return wc_LmsKey_SetParameters(key, 3, 5, 8);
-
     case WC_LMS_PARM_L3_H10_W4:
         return wc_LmsKey_SetParameters(key, 3, 10, 4);
-
+    case WC_LMS_PARM_L3_H10_W8:
+        return wc_LmsKey_SetParameters(key, 3, 10, 8);
+    case WC_LMS_PARM_L4_H5_W2:
+        return wc_LmsKey_SetParameters(key, 4, 5, 2);
+    case WC_LMS_PARM_L4_H5_W4:
+        return wc_LmsKey_SetParameters(key, 4, 5, 4);
     case WC_LMS_PARM_L4_H5_W8:
         return wc_LmsKey_SetParameters(key, 4, 5, 8);
-
+    case WC_LMS_PARM_L4_H10_W4:
+        return wc_LmsKey_SetParameters(key, 4, 10, 4);
+    case WC_LMS_PARM_L4_H10_W8:
+        return wc_LmsKey_SetParameters(key, 4, 10, 8);
     default:
         WOLFSSL_MSG("error: invalid LMS parameter set");
         break;
@@ -507,7 +587,7 @@ void wc_LmsKey_Free(LmsKey* key)
  *
  * Returns 0 on success.
  * */
-int wc_LmsKey_SetWriteCb(LmsKey * key, write_private_key_cb write_cb)
+int wc_LmsKey_SetWriteCb(LmsKey * key, wc_lms_write_private_key_cb write_cb)
 {
     if (key == NULL || write_cb == NULL) {
         return BAD_FUNC_ARG;
@@ -531,7 +611,7 @@ int wc_LmsKey_SetWriteCb(LmsKey * key, write_private_key_cb write_cb)
  *
  * Returns 0 on success.
  * */
-int wc_LmsKey_SetReadCb(LmsKey * key, read_private_key_cb read_cb)
+int wc_LmsKey_SetReadCb(LmsKey * key, wc_lms_read_private_key_cb read_cb)
 {
     if (key == NULL || read_cb == NULL) {
         return BAD_FUNC_ARG;
@@ -969,4 +1049,4 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
     return 0;
 }
 
-#endif /* WOLFSSL_HAVE_LMS */
+#endif /* WOLFSSL_HAVE_LMS && HAVE_LIBLMS */
diff --git a/wolfcrypt/src/ext_xmss.c b/wolfcrypt/src/ext_xmss.c
index b1e5e46dd..31293a162 100644
--- a/wolfcrypt/src/ext_xmss.c
+++ b/wolfcrypt/src/ext_xmss.c
@@ -1,6 +1,6 @@
 /* ext_xmss.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,7 +28,8 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 
-#ifdef WOLFSSL_HAVE_XMSS
+#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
+
 #include <wolfssl/wolfcrypt/ext_xmss.h>
 
 #ifdef NO_INLINE
@@ -39,6 +40,7 @@
 #endif
 
 #include <xmss_callbacks.h>
+#include <utils.h>
 
 #ifndef WOLFSSL_XMSS_VERIFY_ONLY
 static THREAD_LS_T WC_RNG * xmssRng = NULL;
@@ -177,6 +179,11 @@ static int wc_XmssKey_SetOid(XmssKey * key, uint32_t oid, int is_xmssmt)
         WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set");
         return -1;
     }
+    if ((key->params.full_height < WOLFSSL_XMSS_MIN_HEIGHT) ||
+        (key->params.full_height > WOLFSSL_XMSS_MAX_HEIGHT)) {
+        WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set - height");
+        return -1;
+    }
 
     ret = xmss_set_sha_cb(sha256_cb);
     if (ret != 0) {
@@ -301,7 +308,7 @@ void wc_XmssKey_Free(XmssKey* key)
  *  returns     BAD_FUNC_ARG when a parameter is NULL.
  *  returns     -1 on failure.
  * */
-int wc_XmssKey_SetWriteCb(XmssKey * key, write_private_key_cb write_cb)
+int wc_XmssKey_SetWriteCb(XmssKey * key, wc_xmss_write_private_key_cb write_cb)
 {
     if (key == NULL || write_cb == NULL) {
         return BAD_FUNC_ARG;
@@ -330,7 +337,7 @@ int wc_XmssKey_SetWriteCb(XmssKey * key, write_private_key_cb write_cb)
  *  returns     BAD_FUNC_ARG when a parameter is NULL.
  *  returns     -1 on failure.
  * */
-int wc_XmssKey_SetReadCb(XmssKey * key, read_private_key_cb read_cb)
+int wc_XmssKey_SetReadCb(XmssKey * key, wc_xmss_read_private_key_cb read_cb)
 {
     if (key == NULL || read_cb == NULL) {
         return BAD_FUNC_ARG;
@@ -747,6 +754,64 @@ int wc_XmssKey_Sign(XmssKey* key, byte * sig, word32 * sigLen, const byte * msg,
 
     return (key->state == WC_XMSS_STATE_OK) ? 0 : -1;
 }
+
+
+/* Check if more signatures are possible with key.
+ *
+ * @param [in] key  XMSS key to check.
+ * @return  1 when signatures possible.
+ * @return  0 when key exhausted.
+ */
+int  wc_XmssKey_SigsLeft(XmssKey* key)
+{
+    int ret = 0;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = 0;
+    }
+    /* Validate state. */
+    else if (key->state == WC_XMSS_STATE_NOSIGS) {
+        WOLFSSL_MSG("error: XMSS signatures exhausted");
+        ret = 0;
+    }
+    else if (key->state != WC_XMSS_STATE_OK) {
+        WOLFSSL_MSG("error: can't sign, XMSS key not in good state");
+        ret = 0;
+    }
+    /* Read the current secret key from NV storage.*/
+    else if (key->read_private_key(key->sk, key->sk_len, key->context) !=
+             WC_XMSS_RC_READ_TO_MEMORY) {
+        WOLFSSL_MSG("error: XMSS read_private_key failed");
+        ret = 0;
+    }
+    else {
+        /* The following assumes core_fast implementation is used
+         * from patched xmss-reference. */
+        const unsigned char* sk = (key->sk + XMSS_OID_LEN);
+        const xmss_params*   params = &key->params;
+        unsigned long long   idx = 0;
+
+        if (key->is_xmssmt) {
+            for (uint64_t i = 0; i < params->index_bytes; i++) {
+                idx |= ((unsigned long long)sk[i])
+                       << 8 * (params->index_bytes - 1 - i);
+            }
+        }
+        else {
+            idx = ((unsigned long)sk[0] << 24) |
+                  ((unsigned long)sk[1] << 16) |
+                  ((unsigned long)sk[2] <<  8) | sk[3];
+        }
+
+        ret = idx < ((1ULL << params->full_height) - 1);
+
+        /* Force zero the secret key from memory always. */
+        ForceZero(key->sk, key->sk_len);
+    }
+
+    return ret;
+}
 #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY*/
 
 /* Get the XMSS/XMSS^MT public key length. The public key
@@ -978,4 +1043,4 @@ int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigLen,
     return ret;
 }
 
-#endif /* WOLFSSL_HAVE_XMSS */
+#endif /* WOLFSSL_HAVE_XMSS && HAVE_LIBXMSS */
diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c
index ea722a20b..ab529f7e2 100644
--- a/wolfcrypt/src/falcon.c
+++ b/wolfcrypt/src/falcon.c
@@ -1,6 +1,6 @@
 /* falcon.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -59,18 +59,33 @@
  */
 int wc_falcon_sign_msg(const byte* in, word32 inLen,
                               byte* out, word32 *outLen,
-                              falcon_key* key)
+                              falcon_key* key, WC_RNG* rng)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
-    size_t localOutLen = 0;
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) {
-        ret = BAD_FUNC_ARG;
+        return  BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0,
+                WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+    size_t localOutLen = 0;
+
     if ((ret == 0) && (!key->prvKeySet)) {
         ret = BAD_FUNC_ARG;
     }
@@ -88,6 +103,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     /* check and set up out length */
     if (ret == 0) {
         if ((key->level == 1) && (*outLen < FALCON_LEVEL1_SIG_SIZE)) {
@@ -101,6 +120,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -111,6 +134,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
@@ -136,13 +161,28 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                         word32 msgLen, int* res, falcon_key* key)
 {
     int ret = 0;
-#ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
 
     if (key == NULL || sig == NULL || msg == NULL || res == NULL) {
-        ret = BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (key->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
+                WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+        ret = 0;
+    }
+#endif
+
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+
     if ((ret == 0) && (!key->pubKeySet)) {
         ret = BAD_FUNC_ARG;
     }
@@ -160,6 +200,10 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
         }
     }
 
+    if ((ret == 0) && (oqssig == NULL)) {
+        ret = BUFFER_E;
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p)
          == OQS_ERROR)) {
@@ -186,15 +230,92 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
  * returns BAD_FUNC_ARG when key is NULL
  */
 int wc_falcon_init(falcon_key* key)
+{
+    return wc_falcon_init_ex(key, NULL, INVALID_DEVID);
+}
+
+/* Initialize the falcon private/public key.
+ *
+ * key  [in]  Falcon key.
+ * heap [in]  Heap hint.
+ * devId[in]  Device ID.
+ * returns BAD_FUNC_ARG when key is NULL
+ */
+int wc_falcon_init_ex(falcon_key* key, void* heap, int devId)
 {
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    ForceZero(key, sizeof(key));
+    ForceZero(key, sizeof(*key));
+
+#ifdef WOLF_CRYPTO_CB
+    key->devCtx = NULL;
+    key->devId = devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    key->idLen = 0;
+    key->labelLen = 0;
+#endif
+
+    (void) heap;
+    (void) devId;
+
     return 0;
 }
 
+#ifdef WOLF_PRIVATE_KEY_ID
+int wc_falcon_init_id(falcon_key* key, const unsigned char* id, int len,
+                         void* heap, int devId)
+{
+    int ret = 0;
+
+    if (key == NULL)
+        ret = BAD_FUNC_ARG;
+    if (ret == 0 && (len < 0 || len > FALCON_MAX_ID_LEN))
+        ret = BUFFER_E;
+
+    if (ret == 0)
+        ret = wc_falcon_init_ex(key, heap, devId);
+    if (ret == 0 && id != NULL && len != 0) {
+        XMEMCPY(key->id, id, (size_t)len);
+        key->idLen = len;
+    }
+
+    /* Set the maximum level here */
+    wc_falcon_set_level(key, 5);
+
+    return ret;
+}
+
+int wc_falcon_init_label(falcon_key* key, const char* label, void* heap,
+                            int devId)
+{
+    int ret = 0;
+    int labelLen = 0;
+
+    if (key == NULL || label == NULL)
+        ret = BAD_FUNC_ARG;
+    if (ret == 0) {
+        labelLen = (int)XSTRLEN(label);
+        if (labelLen == 0 || labelLen > FALCON_MAX_LABEL_LEN)
+            ret = BUFFER_E;
+    }
+
+    if (ret == 0)
+        ret = wc_falcon_init_ex(key, heap, devId);
+    if (ret == 0) {
+        XMEMCPY(key->label, label, (size_t)labelLen);
+        key->labelLen = labelLen;
+    }
+
+    /* Set the maximum level here */
+    wc_falcon_set_level(key, 5);
+
+    return ret;
+}
+#endif
+
 /* Set the level of the falcon private/public key.
  *
  * key   [out]  Falcon key.
@@ -244,7 +365,7 @@ int wc_falcon_get_level(falcon_key* key, byte* level)
 void wc_falcon_free(falcon_key* key)
 {
     if (key != NULL) {
-        ForceZero(key, sizeof(key));
+        ForceZero(key, sizeof(*key));
     }
 }
 
@@ -348,7 +469,8 @@ static int parse_private_key(const byte* priv, word32 privSz,
 
     /* At this point, it is still a PKCS8 private key. */
     if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) {
-        return ret;
+        /* ignore error, did not have PKCS8 header */
+        (void)ret;
     }
 
     /* Now it is a octet_string(concat(priv,pub)) */
@@ -393,12 +515,7 @@ int wc_falcon_import_private_only(const byte* priv, word32 privSz,
          return ret;
     }
 
-    if (key->level == 1) {
-        XMEMCPY(key->k, newPriv, FALCON_LEVEL1_KEY_SIZE);
-    }
-    else if (key->level == 5) {
-        XMEMCPY(key->k, newPriv, FALCON_LEVEL5_KEY_SIZE);
-    }
+    XMEMCPY(key->k, newPriv, newPrivSz);
     key->prvKeySet = 1;
 
     return 0;
@@ -456,12 +573,7 @@ int wc_falcon_import_private_key(const byte* priv, word32 privSz,
 
     if (ret == 0) {
         /* make the private key (priv + pub) */
-        if (key->level == 1) {
-            XMEMCPY(key->k, newPriv, FALCON_LEVEL1_KEY_SIZE);
-        }
-        else if (key->level == 5) {
-            XMEMCPY(key->k, newPriv, FALCON_LEVEL5_KEY_SIZE);
-        }
+        XMEMCPY(key->k, newPriv, newPrivSz);
         key->prvKeySet = 1;
     }
 
@@ -544,14 +656,14 @@ int wc_falcon_export_private(falcon_key* key, byte* out, word32* outLen)
 
     if (key->level == 1) {
         *outLen = FALCON_LEVEL1_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, FALCON_LEVEL1_PRV_KEY_SIZE);
-        XMEMCPY(out + FALCON_LEVEL1_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, FALCON_LEVEL1_KEY_SIZE);
+        XMEMCPY(out + FALCON_LEVEL1_KEY_SIZE, key->p,
                 FALCON_LEVEL1_PUB_KEY_SIZE);
     }
     else if (key->level == 5) {
         *outLen = FALCON_LEVEL5_PRV_KEY_SIZE;
-        XMEMCPY(out, key->k, FALCON_LEVEL5_PRV_KEY_SIZE);
-        XMEMCPY(out + FALCON_LEVEL5_PRV_KEY_SIZE, key->p,
+        XMEMCPY(out, key->k, FALCON_LEVEL5_KEY_SIZE);
+        XMEMCPY(out + FALCON_LEVEL5_KEY_SIZE, key->p,
                 FALCON_LEVEL5_PUB_KEY_SIZE);
     }
 
@@ -600,8 +712,24 @@ int wc_falcon_check_key(falcon_key* key)
         return BAD_FUNC_ARG;
     }
 
-    /* Assume everything is fine. */
-    return 0;
+    int ret = 0;
+
+    /* The public key is also decoded and stored within the private key buffer
+     * behind the private key. Hence, we can compare both stored public keys. */
+    if (key->level == 1) {
+        ret = XMEMCMP(key->p, key->k + FALCON_LEVEL1_KEY_SIZE,
+                      FALCON_LEVEL1_PUB_KEY_SIZE);
+    }
+    else if (key->level == 5) {
+        ret = XMEMCMP(key->p, key->k + FALCON_LEVEL5_KEY_SIZE,
+                      FALCON_LEVEL5_PUB_KEY_SIZE);
+    }
+
+    if (ret != 0) {
+        ret = PUBLIC_KEY_E;
+    }
+
+    return ret;
 }
 
 /* Returns the size of a falcon private key.
@@ -696,7 +824,7 @@ int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
                                      falcon_key* key, word32 inSz)
 {
     int ret = 0;
-    byte privKey[FALCON_MAX_KEY_SIZE], pubKey[FALCON_MAX_PUB_KEY_SIZE];
+    byte privKey[FALCON_MAX_PRV_KEY_SIZE], pubKey[FALCON_MAX_PUB_KEY_SIZE];
     word32 privKeyLen = (word32)sizeof(privKey);
     word32 pubKeyLen = (word32)sizeof(pubKey);
     int keytype = 0;
@@ -719,11 +847,11 @@ int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
                         pubKey, &pubKeyLen, keytype);
     if (ret == 0) {
         if (pubKeyLen == 0) {
-            ret = wc_falcon_import_private_only(input, inSz, key);
+            ret = wc_falcon_import_private_key(input, inSz, NULL, 0, key);
         }
         else {
-            ret = wc_falcon_import_private_key(privKey, privKeyLen,
-                                               pubKey, pubKeyLen, key);
+            ret = wc_falcon_import_private_key(input, inSz, pubKey,
+                                               pubKeyLen, key);
         }
     }
     return ret;
@@ -741,6 +869,11 @@ int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
         return BAD_FUNC_ARG;
     }
 
+    ret = wc_falcon_import_public(input, inSz, key);
+    if (ret == 0) {
+        return 0;
+    }
+
     if (key->level == 1) {
         keytype = FALCON_LEVEL1k;
     }
@@ -780,7 +913,7 @@ int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output, word32 inLen,
     word32 pubKeyLen = (word32)sizeof(pubKey);
     int    keytype = 0;
 
-    if (key == NULL || output == NULL) {
+    if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c
index 73853b79e..d375735e2 100644
--- a/wolfcrypt/src/fe_448.c
+++ b/wolfcrypt/src/fe_448.c
@@ -1,6 +1,6 @@
 /* fe_448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1437,56 +1437,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a)
     b[ 0] = (byte)(in0  >>  0);
     b[ 1] = (byte)(in0  >>  8);
     b[ 2] = (byte)(in0  >> 16);
-    b[ 3] = (byte)(in0  >> 24) + ((in1  >>  0) <<  4);
+    b[ 3] = (byte)((byte)(in0  >> 24) + (byte)((in1  >>  0) <<  4));
     b[ 4] = (byte)(in1  >>  4);
     b[ 5] = (byte)(in1  >> 12);
     b[ 6] = (byte)(in1  >> 20);
     b[ 7] = (byte)(in2  >>  0);
     b[ 8] = (byte)(in2  >>  8);
     b[ 9] = (byte)(in2  >> 16);
-    b[10] = (byte)(in2  >> 24) + ((in3  >>  0) <<  4);
+    b[10] = (byte)((byte)(in2  >> 24) + (byte)((in3  >>  0) <<  4));
     b[11] = (byte)(in3  >>  4);
     b[12] = (byte)(in3  >> 12);
     b[13] = (byte)(in3  >> 20);
     b[14] = (byte)(in4  >>  0);
     b[15] = (byte)(in4  >>  8);
     b[16] = (byte)(in4  >> 16);
-    b[17] = (byte)(in4  >> 24) + ((in5  >>  0) <<  4);
+    b[17] = (byte)((byte)(in4  >> 24) + (byte)((in5  >>  0) <<  4));
     b[18] = (byte)(in5  >>  4);
     b[19] = (byte)(in5  >> 12);
     b[20] = (byte)(in5  >> 20);
     b[21] = (byte)(in6  >>  0);
     b[22] = (byte)(in6  >>  8);
     b[23] = (byte)(in6  >> 16);
-    b[24] = (byte)(in6  >> 24) + ((in7  >>  0) <<  4);
+    b[24] = (byte)((byte)(in6  >> 24) + (byte)((in7  >>  0) <<  4));
     b[25] = (byte)(in7  >>  4);
     b[26] = (byte)(in7  >> 12);
     b[27] = (byte)(in7  >> 20);
     b[28] = (byte)(in8  >>  0);
     b[29] = (byte)(in8  >>  8);
     b[30] = (byte)(in8  >> 16);
-    b[31] = (byte)(in8  >> 24) + ((in9  >>  0) <<  4);
+    b[31] = (byte)((byte)(in8  >> 24) + (byte)((in9  >>  0) <<  4));
     b[32] = (byte)(in9  >>  4);
     b[33] = (byte)(in9  >> 12);
     b[34] = (byte)(in9  >> 20);
     b[35] = (byte)(in10 >>  0);
     b[36] = (byte)(in10 >>  8);
     b[37] = (byte)(in10 >> 16);
-    b[38] = (byte)(in10 >> 24) + ((in11 >>  0) <<  4);
+    b[38] = (byte)((byte)(in10 >> 24) + (byte)((in11 >>  0) <<  4));
     b[39] = (byte)(in11 >>  4);
     b[40] = (byte)(in11 >> 12);
     b[41] = (byte)(in11 >> 20);
     b[42] = (byte)(in12 >>  0);
     b[43] = (byte)(in12 >>  8);
     b[44] = (byte)(in12 >> 16);
-    b[45] = (byte)(in12 >> 24) + ((in13 >>  0) <<  4);
+    b[45] = (byte)((byte)(in12 >> 24) + (byte)((in13 >>  0) <<  4));
     b[46] = (byte)(in13 >>  4);
     b[47] = (byte)(in13 >> 12);
     b[48] = (byte)(in13 >> 20);
     b[49] = (byte)(in14 >>  0);
     b[50] = (byte)(in14 >>  8);
     b[51] = (byte)(in14 >> 16);
-    b[52] = (byte)(in14 >> 24) + ((in15 >>  0) <<  4);
+    b[52] = (byte)((byte)(in14 >> 24) + (byte)((in15 >>  0) <<  4));
     b[53] = (byte)(in15 >>  4);
     b[54] = (byte)(in15 >> 12);
     b[55] = (byte)(in15 >> 20);
@@ -1770,6 +1770,8 @@ void fe448_mul39081(sword32* r, const sword32* a)
 static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b)
 {
     sword64 t;
+    sword64 o;
+    sword64 t15;
     sword64 t0   = (sword64)a[ 0] * b[ 0];
     sword64 t1   = (sword64)a[ 0] * b[ 1];
     sword64 t101 = (sword64)a[ 1] * b[ 0];
@@ -1850,8 +1852,8 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b
     t11 += t111; t11 += t211; t11 += t311;
     t12 += t112; t12 += t212;
     t13 += t113;
-    sword64 o = t14 >> 28;
-    sword64 t15 = o;
+    o = t14 >> 28;
+    t15 = o;
     t14 -= o << 28;
     o = (t0  >> 28); t1  += o; t = o << 28; t0  -= t;
     o = (t1  >> 28); t2  += o; t = o << 28; t1  -= t;
diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c
index 355663960..473cc70d9 100644
--- a/wolfcrypt/src/fe_low_mem.c
+++ b/wolfcrypt/src/fe_low_mem.c
@@ -1,6 +1,6 @@
 /* fe_low_mem.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 18e2b05e8..e129618a7 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -1,6 +1,6 @@
 /* fe_operations.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,7 @@
 #elif defined(WOLFSSL_ARMASM)
 /* Assembly code in fe_armv[78]_x25519.* */
 #elif defined(CURVED25519_128BIT)
-#include "fe_x25519_128.i"
+#include "fe_x25519_128.h"
 #else
 
 #if defined(HAVE_CURVE25519) || \
@@ -58,24 +58,24 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
 Bounds on each t[i] vary depending on context.
 */
 
-word64 load_3(const unsigned char *in)
+sword64 load_3(const unsigned char *in)
 {
   word64 result;
   result = (word64) in[0];
   result |= ((word64) in[1]) << 8;
   result |= ((word64) in[2]) << 16;
-  return result;
+  return (sword64)result;
 }
 
 
-word64 load_4(const unsigned char *in)
+sword64 load_4(const unsigned char *in)
 {
   word64 result;
   result = (word64) in[0];
   result |= ((word64) in[1]) << 8;
   result |= ((word64) in[2]) << 16;
   result |= ((word64) in[3]) << 24;
-  return result;
+  return (sword64)result;
 }
 #endif
 
@@ -128,11 +128,9 @@ void fe_init(void)
 
 #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
     !defined(FREESCALE_LTC_ECC)
+#ifndef WOLFSSL_CURVE25519_BLINDING
 int curve25519(byte* q, const byte* n, const byte* p)
 {
-#if 0
-  unsigned char e[32];
-#endif
   fe x1 = {0};
   fe x2 = {0};
   fe z2 = {0};
@@ -143,17 +141,6 @@ int curve25519(byte* q, const byte* n, const byte* p)
   int pos = 0;
   unsigned int swap = 0;
 
-  /* Clamp already done during key generation and import */
-#if 0
-  {
-    unsigned int i;
-    for (i = 0;i < 32;++i) e[i] = n[i];
-    e[0] &= 248;
-    e[31] &= 127;
-    e[31] |= 64;
-  }
-#endif
-
   fe_frombytes(x1,p);
   fe_1(x2);
   fe_0(z2);
@@ -163,15 +150,11 @@ int curve25519(byte* q, const byte* n, const byte* p)
   swap = 0;
   for (pos = 254;pos >= 0;--pos) {
     unsigned int b;
-#if 0
-    b = e[pos / 8] >> (pos & 7);
-#else
-    b = n[pos / 8] >> (pos & 7);
-#endif
+    b = (unsigned int)(n[pos / 8]) >> (pos & 7);
     b &= 1;
     swap ^= b;
-    fe_cswap(x2,x3,swap);
-    fe_cswap(z2,z3,swap);
+    fe_cswap(x2,x3,(int)swap);
+    fe_cswap(z2,z3,(int)swap);
     swap = b;
 
     /* montgomery */
@@ -194,8 +177,8 @@ int curve25519(byte* q, const byte* n, const byte* p)
     fe_mul(z3,x1,z2);
     fe_mul(z2,tmp1,tmp0);
   }
-  fe_cswap(x2,x3,swap);
-  fe_cswap(z2,z3,swap);
+  fe_cswap(x2,x3,(int)swap);
+  fe_cswap(z2,z3,(int)swap);
 
   fe_invert(z2,z2);
   fe_mul(x2,x2,z2);
@@ -203,6 +186,74 @@ int curve25519(byte* q, const byte* n, const byte* p)
 
   return 0;
 }
+#else
+int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
+    const byte* rz)
+{
+  fe x1 = {0};
+  fe x2 = {0};
+  fe z2 = {0};
+  fe x3 = {0};
+  fe z3 = {0};
+  fe tmp0 = {0};
+  fe tmp1 = {0};
+  int pos = 0;
+  unsigned int b;
+
+  fe_frombytes(x1,p);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3,x1);
+  fe_frombytes(z3, rz);
+  fe_mul(x3, x3, z3);
+
+  /* mask_bits[252] */
+  b = mask[31] >> 7;
+  b &= 1;
+  fe_cswap(x2,x3,(int)b);
+  fe_cswap(z2,z3,(int)b);
+  for (pos = 255;pos >= 1;--pos) {
+    b = n[pos / 8] >> (pos & 7);
+    b &= 1;
+    fe_cswap(x2,x3,(int)b);
+    fe_cswap(z2,z3,(int)b);
+
+    /* montgomery */
+    fe_sub(tmp0,x3,z3);
+    fe_sub(tmp1,x2,z2);
+    fe_add(x2,x2,z2);
+    fe_add(z2,x3,z3);
+    fe_mul(z3,tmp0,x2);
+    fe_mul(z2,z2,tmp1);
+    fe_sq(tmp0,tmp1);
+    fe_sq(tmp1,x2);
+    fe_add(x3,z3,z2);
+    fe_sub(z2,z3,z2);
+    fe_mul(x2,tmp1,tmp0);
+    fe_sub(tmp1,tmp1,tmp0);
+    fe_sq(z2,z2);
+    fe_mul121666(z3,tmp1);
+    fe_sq(x3,x3);
+    fe_add(tmp0,tmp0,z3);
+    fe_mul(z3,x1,z2);
+    fe_mul(z2,tmp1,tmp0);
+
+    b = mask[(pos-1) / 8] >> ((pos-1) & 7);
+    b &= 1;
+    fe_cswap(x2,x3,(int)b);
+    fe_cswap(z2,z3,(int)b);
+  }
+  b = n[0] & 1;
+  fe_cswap(x2,x3,(int)b);
+  fe_cswap(z2,z3,(int)b);
+
+  fe_invert(z2,z2);
+  fe_mul(x2,x2,z2);
+  fe_tobytes(q,x2);
+
+  return 0;
+}
+#endif
 #endif /* HAVE_CURVE25519 && !CURVE25519_SMALL && !FREESCALE_LTC_ECC */
 
 
diff --git a/wolfcrypt/src/fe_x25519_128.i b/wolfcrypt/src/fe_x25519_128.h
similarity index 88%
rename from wolfcrypt/src/fe_x25519_128.i
rename to wolfcrypt/src/fe_x25519_128.h
index eff2d408e..089d8474c 100644
--- a/wolfcrypt/src/fe_x25519_128.i
+++ b/wolfcrypt/src/fe_x25519_128.h
@@ -1,6 +1,6 @@
-/* fe_x25519_128.i
+/* fe_x25519_128.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,7 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/fe_x25519_128_gen.rb > ../wolfssl/wolfcrypt/src/fe_x25519_128.i
+ *   ruby ./x25519/fe_x25519_128_gen.rb > ../wolfssl/wolfcrypt/src/fe_x25519_128.h
  */
 
 void fe_init(void)
@@ -120,30 +120,30 @@ void fe_tobytes(unsigned char *out, const fe n)
     out[ 3] = (((byte)((in[0] >> 24)       ))      );
     out[ 4] = (((byte)((in[0] >> 32)       ))      );
     out[ 5] = (((byte)((in[0] >> 40)       ))      );
-    out[ 6] = (((byte)((in[0] >> 48) & 0x07))      )
-            | (((byte)((in[1]      ) & 0x1f)) <<  3);
+    out[ 6] = (byte)((((byte)((in[0] >> 48) & 0x07))      )
+                   | (((byte)((in[1]      ) & 0x1f)) <<  3));
     out[ 7] = (((byte)((in[1] >>  5)       ))      );
     out[ 8] = (((byte)((in[1] >> 13)       ))      );
     out[ 9] = (((byte)((in[1] >> 21)       ))      );
     out[10] = (((byte)((in[1] >> 29)       ))      );
     out[11] = (((byte)((in[1] >> 37)       ))      );
-    out[12] = (((byte)((in[1] >> 45) & 0x3f))      )
-            | (((byte)((in[2]      ) & 0x03)) <<  6);
+    out[12] = (byte)((((byte)((in[1] >> 45) & 0x3f))      )
+                   | (((byte)((in[2]      ) & 0x03)) <<  6));
     out[13] = (((byte)((in[2] >>  2)       ))      );
     out[14] = (((byte)((in[2] >> 10)       ))      );
     out[15] = (((byte)((in[2] >> 18)       ))      );
     out[16] = (((byte)((in[2] >> 26)       ))      );
     out[17] = (((byte)((in[2] >> 34)       ))      );
     out[18] = (((byte)((in[2] >> 42)       ))      );
-    out[19] = (((byte)((in[2] >> 50) & 0x01))      )
-            | (((byte)((in[3]      ) & 0x7f)) <<  1);
+    out[19] = (byte)((((byte)((in[2] >> 50) & 0x01))      )
+                   | (((byte)((in[3]      ) & 0x7f)) <<  1));
     out[20] = (((byte)((in[3] >>  7)       ))      );
     out[21] = (((byte)((in[3] >> 15)       ))      );
     out[22] = (((byte)((in[3] >> 23)       ))      );
     out[23] = (((byte)((in[3] >> 31)       ))      );
     out[24] = (((byte)((in[3] >> 39)       ))      );
-    out[25] = (((byte)((in[3] >> 47) & 0x0f))      )
-            | (((byte)((in[4]      ) & 0x0f)) <<  4);
+    out[25] = (byte)((((byte)((in[3] >> 47) & 0x0f))      )
+                   | (((byte)((in[4]      ) & 0x0f)) <<  4));
     out[26] = (((byte)((in[4] >>  4)       ))      );
     out[27] = (((byte)((in[4] >> 12)       ))      );
     out[28] = (((byte)((in[4] >> 20)       ))      );
@@ -404,6 +404,7 @@ void fe_invert(fe r, const fe a)
 }
 
 #ifndef CURVE25519_SMALL
+#ifndef WOLFSSL_CURVE25519_BLINDING
 /* Scalar multiply the field element a by n using Montgomery Ladder and places
  * result in r.
  *
@@ -427,7 +428,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
 
     swap = 0;
     for (pos = 254;pos >= 0;--pos) {
-        b = n[pos / 8] >> (pos & 7);
+        b = (unsigned int)(n[pos / 8] >> (pos & 7));
         b &= 1;
         swap ^= b;
         fe_cswap(x2, x3, (int)swap);
@@ -462,6 +463,69 @@ int curve25519(byte* r, const byte* n, const byte* a)
 
     return 0;
 }
+#else
+int curve25519_blind(byte* r, const byte* n, const byte* mask, const byte* a,
+    const byte* rz)
+{
+    fe           x1, x2, z2, x3, z3;
+    fe           t0, t1;
+    int          pos;
+    unsigned int b;
+
+    fe_frombytes(x1, a);
+    fe_1(x2);
+    fe_0(z2);
+    fe_copy(x3, x1);
+    fe_frombytes(z3, rz);
+    fe_mul(x3, x3, z3);
+
+    /* mask_bits[252] */
+    b = (unsigned int)(mask[31] >> 7);
+    b &= 1;
+    fe_cswap(x2,x3,(int)b);
+    fe_cswap(z2,z3,(int)b);
+    for (pos = 255;pos >= 1;--pos) {
+        b = (unsigned int)(n[pos / 8] >> (pos & 7));
+        b &= 1;
+        fe_cswap(x2, x3, (int)b);
+        fe_cswap(z2, z3, (int)b);
+
+        /* montgomery */
+        fe_sub(t0, x3, z3);
+        fe_sub(t1, x2, z2);
+        fe_add(x2, x2, z2);
+        fe_add(z2, x3, z3);
+        fe_mul(z3, t0, x2);
+        fe_mul(z2, z2, t1);
+        fe_sq(t0, t1);
+        fe_sq(t1, x2);
+        fe_add(x3, z3, z2);
+        fe_sub(z2, z3, z2);
+        fe_mul(x2, t1, t0);
+        fe_sub(t1, t1, t0);
+        fe_sq(z2, z2);
+        fe_mul121666(z3, t1);
+        fe_sq(x3, x3);
+        fe_add(t0, t0, z3);
+        fe_mul(z3, x1, z2);
+        fe_mul(z2, t1, t0);
+
+        b = (unsigned int)(mask[(pos - 1) / 8] >> ((pos - 1) & 7));
+        b &= 1;
+        fe_cswap(x2, x3, (int)b);
+        fe_cswap(z2, z3, (int)b);
+    }
+    b = (unsigned int)(n[0] & 1);
+    fe_cswap(x2, x3, (int)b);
+    fe_cswap(z2, z3, (int)b);
+
+    fe_invert(z2, z2);
+    fe_mul(x2, x2, z2);
+    fe_tobytes(r, x2);
+
+    return 0;
+}
+#endif /* WOLFSSL_CURVE25519_BLINDING */
 #endif /* !CURVE25519_SMALL */
 
 /* The field element value 0 as an array of bytes. */
@@ -600,7 +664,7 @@ void fe_sq2(fe r, const fe a)
  * in  An array of bytes.
  * returns a 64-bit word.
  */
-word64 load_3(const unsigned char *in)
+sword64 load_3(const unsigned char *in)
 {
     word64 result;
 
@@ -608,7 +672,7 @@ word64 load_3(const unsigned char *in)
               (((word64)in[1]) <<  8) |
               (((word64)in[2]) << 16));
 
-    return result;
+    return (sword64)result;
 }
 
 /* Load 4 little endian bytes into a 64-bit word.
@@ -616,7 +680,7 @@ word64 load_3(const unsigned char *in)
  * in  An array of bytes.
  * returns a 64-bit word.
  */
-word64 load_4(const unsigned char *in)
+sword64 load_4(const unsigned char *in)
 {
     word64 result;
 
@@ -625,6 +689,6 @@ word64 load_4(const unsigned char *in)
               (((word64)in[2]) << 16) |
               (((word64)in[3]) << 24));
 
-    return result;
+    return (sword64)result;
 }
 
diff --git a/wolfcrypt/src/fe_x25519_asm.S b/wolfcrypt/src/fe_x25519_asm.S
index 7f6192acd..2e71571d5 100644
--- a/wolfcrypt/src/fe_x25519_asm.S
+++ b/wolfcrypt/src/fe_x25519_asm.S
@@ -1,6 +1,6 @@
 /* fe_x25519_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1254,7 +1254,7 @@ cpuFlagsSet:
 	.long	0
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _cpuFlagsSet:
 	.long	0
 #endif /* __APPLE__ */
@@ -1266,7 +1266,7 @@ intelFlags:
 	.long	0
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _intelFlags:
 	.long	0
 #endif /* __APPLE__ */
@@ -1278,7 +1278,7 @@ fe_mul_p:
 	.quad	fe_mul_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_mul_p:
 	.quad	_fe_mul_x64
 #endif /* __APPLE__ */
@@ -1290,7 +1290,7 @@ fe_sq_p:
 	.quad	fe_sq_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_sq_p:
 	.quad	_fe_sq_x64
 #endif /* __APPLE__ */
@@ -1302,7 +1302,7 @@ fe_mul121666_p:
 	.quad	fe_mul121666_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_mul121666_p:
 	.quad	_fe_mul121666_x64
 #endif /* __APPLE__ */
@@ -1314,7 +1314,7 @@ fe_invert_p:
 	.quad	fe_invert_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_invert_p:
 	.quad	_fe_invert_x64
 #endif /* __APPLE__ */
@@ -1326,7 +1326,7 @@ curve25519_p:
 	.quad	curve25519_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _curve25519_p:
 	.quad	_curve25519_x64
 #endif /* __APPLE__ */
@@ -1339,7 +1339,7 @@ fe_sq2_p:
 	.quad	fe_sq2_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_sq2_p:
 	.quad	_fe_sq2_x64
 #endif /* __APPLE__ */
@@ -1351,7 +1351,7 @@ fe_pow22523_p:
 	.quad	fe_pow22523_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _fe_pow22523_p:
 	.quad	_fe_pow22523_x64
 #endif /* __APPLE__ */
@@ -1363,7 +1363,7 @@ ge_p1p1_to_p2_p:
 	.quad	ge_p1p1_to_p2_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_p1p1_to_p2_p:
 	.quad	_ge_p1p1_to_p2_x64
 #endif /* __APPLE__ */
@@ -1375,7 +1375,7 @@ ge_p1p1_to_p3_p:
 	.quad	ge_p1p1_to_p3_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_p1p1_to_p3_p:
 	.quad	_ge_p1p1_to_p3_x64
 #endif /* __APPLE__ */
@@ -1387,7 +1387,7 @@ ge_p2_dbl_p:
 	.quad	ge_p2_dbl_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_p2_dbl_p:
 	.quad	_ge_p2_dbl_x64
 #endif /* __APPLE__ */
@@ -1399,7 +1399,7 @@ ge_madd_p:
 	.quad	ge_madd_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_madd_p:
 	.quad	_ge_madd_x64
 #endif /* __APPLE__ */
@@ -1411,7 +1411,7 @@ ge_msub_p:
 	.quad	ge_msub_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_msub_p:
 	.quad	_ge_msub_x64
 #endif /* __APPLE__ */
@@ -1423,7 +1423,7 @@ ge_add_p:
 	.quad	ge_add_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_add_p:
 	.quad	_ge_add_x64
 #endif /* __APPLE__ */
@@ -1435,7 +1435,7 @@ ge_sub_p:
 	.quad	ge_sub_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _ge_sub_p:
 	.quad	_ge_sub_x64
 #endif /* __APPLE__ */
@@ -1447,7 +1447,7 @@ sc_reduce_p:
 	.quad	sc_reduce_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _sc_reduce_p:
 	.quad	_sc_reduce_x64
 #endif /* __APPLE__ */
@@ -1459,7 +1459,7 @@ sc_muladd_p:
 	.quad	sc_muladd_x64
 #else
 .section	__DATA,__data
-.p2align	2
+.p2align	3
 _sc_muladd_p:
 	.quad	_sc_muladd_x64
 #endif /* __APPLE__ */
@@ -4140,7 +4140,7 @@ _fe_sq2_x64:
         adcq	%r11, %r8
         adcq	%r12, %r9
         adcq	%r13, %r10
-        mov	%r10, %rax
+        movq	%r10, %rax
         shldq	$0x01, %r9, %r10
         shldq	$0x01, %r8, %r9
         shldq	$0x01, %rcx, %r8
@@ -5946,7 +5946,7 @@ _ge_p2_dbl_x64:
         adcq	%r13, %r10
         adcq	%r14, %r11
         adcq	%r15, %r12
-        mov	%r12, %rax
+        movq	%r12, %rax
         shldq	$0x01, %r11, %r12
         shldq	$0x01, %r10, %r11
         shldq	$0x01, %r9, %r10
@@ -8676,7 +8676,7 @@ _sc_reduce_x64:
         movq	$0xa7ed9ce5a30a2c13, %rcx
         movq	%r12, %rax
         mulq	%rcx
-        mov	$0x00, %rbp
+        movq	$0x00, %rbp
         addq	%rax, %r8
         adcq	%rdx, %rbp
         movq	%r13, %rax
@@ -8689,7 +8689,7 @@ _sc_reduce_x64:
         addq	%rbp, %r9
         adcq	%rax, %r10
         adcq	%rdx, %r11
-        mov	$0x00, %rbx
+        movq	$0x00, %rbx
         adcq	$0x00, %rbx
         movq	%r15, %rax
         mulq	%rcx
@@ -8699,7 +8699,7 @@ _sc_reduce_x64:
         movq	$0xeb2106215d086329, %rcx
         movq	%r12, %rax
         mulq	%rcx
-        mov	$0x00, %rbp
+        movq	$0x00, %rbp
         addq	%rax, %r9
         adcq	%rdx, %rbp
         movq	%r13, %rax
@@ -8712,7 +8712,7 @@ _sc_reduce_x64:
         addq	%rbp, %r10
         adcq	%rax, %r11
         adcq	%rdx, %rbx
-        mov	$0x00, %rbp
+        movq	$0x00, %rbp
         adcq	$0x00, %rbp
         movq	%r15, %rax
         mulq	%rcx
@@ -8962,7 +8962,7 @@ _sc_muladd_x64:
         movq	$0xa7ed9ce5a30a2c13, %rbx
         movq	%r12, %rax
         mulq	%rbx
-        mov	$0x00, %rbp
+        movq	$0x00, %rbp
         addq	%rax, %r8
         adcq	%rdx, %rbp
         movq	%r13, %rax
@@ -8975,7 +8975,7 @@ _sc_muladd_x64:
         addq	%rbp, %r9
         adcq	%rax, %r10
         adcq	%rdx, %r11
-        mov	$0x00, %rsi
+        movq	$0x00, %rsi
         adcq	$0x00, %rsi
         movq	%r15, %rax
         mulq	%rbx
@@ -8985,7 +8985,7 @@ _sc_muladd_x64:
         movq	$0xeb2106215d086329, %rbx
         movq	%r12, %rax
         mulq	%rbx
-        mov	$0x00, %rbp
+        movq	$0x00, %rbp
         addq	%rax, %r9
         adcq	%rdx, %rbp
         movq	%r13, %rax
@@ -8998,7 +8998,7 @@ _sc_muladd_x64:
         addq	%rbp, %r10
         adcq	%rax, %r11
         adcq	%rdx, %rsi
-        mov	$0x00, %rbp
+        movq	$0x00, %rbp
         adcq	$0x00, %rbp
         movq	%r15, %rax
         mulq	%rbx
@@ -11371,7 +11371,7 @@ _fe_sq2_avx2:
         adcxq	%rax, %r10
         adoxq	%r14, %r11
         adcxq	%rcx, %r11
-        mov	%r11, %rax
+        movq	%r11, %rax
         shldq	$0x01, %r10, %r11
         shldq	$0x01, %r9, %r10
         shldq	$0x01, %r8, %r9
@@ -12862,7 +12862,7 @@ _ge_p2_dbl_avx2:
         adcxq	%r9, %r12
         adoxq	%rbx, %r13
         adcxq	%rcx, %r13
-        mov	%r13, %r9
+        movq	%r13, %r9
         shldq	$0x01, %r12, %r13
         shldq	$0x01, %r11, %r12
         shldq	$0x01, %r10, %r11
@@ -15206,33 +15206,33 @@ _sc_reduce_avx2:
         adcq	$0x00, %r15
         # Sub product of top 4 words and order
         movq	$0xa7ed9ce5a30a2c13, %rdx
-        mulx	%r12, %rcx, %rax
+        mulxq	%r12, %rcx, %rax
         addq	%rcx, %r8
         adcq	%rax, %r9
-        mulx	%r14, %rcx, %rax
+        mulxq	%r14, %rcx, %rax
         adcq	%rcx, %r10
         adcq	%rax, %r11
-        mov	$0x00, %rsi
+        movq	$0x00, %rsi
         adcq	$0x00, %rsi
-        mulx	%r13, %rcx, %rax
+        mulxq	%r13, %rcx, %rax
         addq	%rcx, %r9
         adcq	%rax, %r10
-        mulx	%r15, %rcx, %rax
+        mulxq	%r15, %rcx, %rax
         adcq	%rcx, %r11
         adcq	%rax, %rsi
         movq	$0xeb2106215d086329, %rdx
-        mulx	%r12, %rcx, %rax
+        mulxq	%r12, %rcx, %rax
         addq	%rcx, %r9
         adcq	%rax, %r10
-        mulx	%r14, %rcx, %rax
+        mulxq	%r14, %rcx, %rax
         adcq	%rcx, %r11
         adcq	%rax, %rsi
-        mov	$0x00, %rbx
+        movq	$0x00, %rbx
         adcq	$0x00, %rbx
-        mulx	%r13, %rcx, %rax
+        mulxq	%r13, %rcx, %rax
         addq	%rcx, %r10
         adcq	%rax, %r11
-        mulx	%r15, %rcx, %rax
+        mulxq	%r15, %rcx, %rax
         adcq	%rcx, %rsi
         adcq	%rax, %rbx
         subq	%r12, %r10
@@ -15265,21 +15265,21 @@ _sc_reduce_avx2:
         # Sub product of top 2 words and order
         #   * -5812631a5cf5d3ed
         movq	$0xa7ed9ce5a30a2c13, %rdx
-        mulx	%r12, %rbp, %rax
+        mulxq	%r12, %rbp, %rax
         movq	$0x00, %rsi
         addq	%rbp, %r8
         adcq	%rax, %r9
-        mulx	%r13, %rbp, %rax
+        mulxq	%r13, %rbp, %rax
         adcq	$0x00, %rsi
         addq	%rbp, %r9
         adcq	%rax, %rsi
         #   * -14def9dea2f79cd7
         movq	$0xeb2106215d086329, %rdx
-        mulx	%r12, %rbp, %rax
+        mulxq	%r12, %rbp, %rax
         movq	$0x00, %rbx
         addq	%rbp, %r9
         adcq	%rax, %r10
-        mulx	%r13, %rbp, %rax
+        mulxq	%r13, %rbp, %rax
         adcq	$0x00, %rbx
         addq	%rbp, %r10
         adcq	%rax, %rbx
@@ -15450,33 +15450,33 @@ _sc_muladd_avx2:
         adcq	$0x00, %rbp
         # Sub product of top 4 words and order
         movq	$0xa7ed9ce5a30a2c13, %rdx
-        mulx	%r14, %rcx, %rax
+        mulxq	%r14, %rcx, %rax
         addq	%rcx, %r10
         adcq	%rax, %r11
-        mulx	%rbx, %rcx, %rax
+        mulxq	%rbx, %rcx, %rax
         adcq	%rcx, %r12
         adcq	%rax, %r13
-        mov	$0x00, %rsi
+        movq	$0x00, %rsi
         adcq	$0x00, %rsi
-        mulx	%r15, %rcx, %rax
+        mulxq	%r15, %rcx, %rax
         addq	%rcx, %r11
         adcq	%rax, %r12
-        mulx	%rbp, %rcx, %rax
+        mulxq	%rbp, %rcx, %rax
         adcq	%rcx, %r13
         adcq	%rax, %rsi
         movq	$0xeb2106215d086329, %rdx
-        mulx	%r14, %rcx, %rax
+        mulxq	%r14, %rcx, %rax
         addq	%rcx, %r11
         adcq	%rax, %r12
-        mulx	%rbx, %rcx, %rax
+        mulxq	%rbx, %rcx, %rax
         adcq	%rcx, %r13
         adcq	%rax, %rsi
-        mov	$0x00, %r8
+        movq	$0x00, %r8
         adcq	$0x00, %r8
-        mulx	%r15, %rcx, %rax
+        mulxq	%r15, %rcx, %rax
         addq	%rcx, %r12
         adcq	%rax, %r13
-        mulx	%rbp, %rcx, %rax
+        mulxq	%rbp, %rcx, %rax
         adcq	%rcx, %rsi
         adcq	%rax, %r8
         subq	%r14, %r12
@@ -15509,21 +15509,21 @@ _sc_muladd_avx2:
         # Sub product of top 2 words and order
         #   * -5812631a5cf5d3ed
         movq	$0xa7ed9ce5a30a2c13, %rdx
-        mulx	%r14, %r9, %rax
+        mulxq	%r14, %r9, %rax
         movq	$0x00, %rsi
         addq	%r9, %r10
         adcq	%rax, %r11
-        mulx	%r15, %r9, %rax
+        mulxq	%r15, %r9, %rax
         adcq	$0x00, %rsi
         addq	%r9, %r11
         adcq	%rax, %rsi
         #   * -14def9dea2f79cd7
         movq	$0xeb2106215d086329, %rdx
-        mulx	%r14, %r9, %rax
+        mulxq	%r14, %r9, %rax
         movq	$0x00, %r8
         addq	%r9, %r11
         adcq	%rax, %r12
-        mulx	%r15, %r9, %rax
+        mulxq	%r15, %r9, %rax
         adcq	$0x00, %r8
         addq	%r9, %r12
         adcq	%rax, %r8
diff --git a/wolfcrypt/src/fp_mont_small.i b/wolfcrypt/src/fp_mont_small.i
index c0f909248..c6a11b4f3 100644
--- a/wolfcrypt/src/fp_mont_small.i
+++ b/wolfcrypt/src/fp_mont_small.i
@@ -1,6 +1,6 @@
 /* fp_mont_small.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_12.i b/wolfcrypt/src/fp_mul_comba_12.i
index b5840a5d7..0da18245c 100644
--- a/wolfcrypt/src/fp_mul_comba_12.i
+++ b/wolfcrypt/src/fp_mul_comba_12.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_12.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_17.i b/wolfcrypt/src/fp_mul_comba_17.i
index 8092e4549..2dd0ce43e 100644
--- a/wolfcrypt/src/fp_mul_comba_17.i
+++ b/wolfcrypt/src/fp_mul_comba_17.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_17.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_20.i b/wolfcrypt/src/fp_mul_comba_20.i
index cec9e46e8..982c64260 100644
--- a/wolfcrypt/src/fp_mul_comba_20.i
+++ b/wolfcrypt/src/fp_mul_comba_20.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_20.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_24.i b/wolfcrypt/src/fp_mul_comba_24.i
index 299ebc41d..9b38273bc 100644
--- a/wolfcrypt/src/fp_mul_comba_24.i
+++ b/wolfcrypt/src/fp_mul_comba_24.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_24.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_28.i b/wolfcrypt/src/fp_mul_comba_28.i
index 13af28df8..d1754d47b 100644
--- a/wolfcrypt/src/fp_mul_comba_28.i
+++ b/wolfcrypt/src/fp_mul_comba_28.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_28.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_3.i b/wolfcrypt/src/fp_mul_comba_3.i
index 1ac5622e2..10879a2b6 100644
--- a/wolfcrypt/src/fp_mul_comba_3.i
+++ b/wolfcrypt/src/fp_mul_comba_3.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_3.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_32.i b/wolfcrypt/src/fp_mul_comba_32.i
index c8d3b6c0c..dd1008e4f 100644
--- a/wolfcrypt/src/fp_mul_comba_32.i
+++ b/wolfcrypt/src/fp_mul_comba_32.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_32.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_4.i b/wolfcrypt/src/fp_mul_comba_4.i
index d4e400224..f5773a760 100644
--- a/wolfcrypt/src/fp_mul_comba_4.i
+++ b/wolfcrypt/src/fp_mul_comba_4.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_4.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_48.i b/wolfcrypt/src/fp_mul_comba_48.i
index a81cec53a..500bb328e 100644
--- a/wolfcrypt/src/fp_mul_comba_48.i
+++ b/wolfcrypt/src/fp_mul_comba_48.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_48.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_6.i b/wolfcrypt/src/fp_mul_comba_6.i
index 67ee87377..736da8834 100644
--- a/wolfcrypt/src/fp_mul_comba_6.i
+++ b/wolfcrypt/src/fp_mul_comba_6.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_6.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_64.i b/wolfcrypt/src/fp_mul_comba_64.i
index 8f75cddaf..475281ed3 100644
--- a/wolfcrypt/src/fp_mul_comba_64.i
+++ b/wolfcrypt/src/fp_mul_comba_64.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_64.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_7.i b/wolfcrypt/src/fp_mul_comba_7.i
index a50d30d86..0edd76ba1 100644
--- a/wolfcrypt/src/fp_mul_comba_7.i
+++ b/wolfcrypt/src/fp_mul_comba_7.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_7.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_8.i b/wolfcrypt/src/fp_mul_comba_8.i
index a0a4d38fc..7260b4737 100644
--- a/wolfcrypt/src/fp_mul_comba_8.i
+++ b/wolfcrypt/src/fp_mul_comba_8.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_8.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_9.i b/wolfcrypt/src/fp_mul_comba_9.i
index cf63f82ca..adcc6e73e 100644
--- a/wolfcrypt/src/fp_mul_comba_9.i
+++ b/wolfcrypt/src/fp_mul_comba_9.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_9.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_small_set.i b/wolfcrypt/src/fp_mul_comba_small_set.i
index 1ece3cc46..ed18ab41c 100644
--- a/wolfcrypt/src/fp_mul_comba_small_set.i
+++ b/wolfcrypt/src/fp_mul_comba_small_set.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_small_set.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_12.i b/wolfcrypt/src/fp_sqr_comba_12.i
index f542b9129..920c43594 100644
--- a/wolfcrypt/src/fp_sqr_comba_12.i
+++ b/wolfcrypt/src/fp_sqr_comba_12.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_12.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_17.i b/wolfcrypt/src/fp_sqr_comba_17.i
index 6987c5757..4b85f7ba4 100644
--- a/wolfcrypt/src/fp_sqr_comba_17.i
+++ b/wolfcrypt/src/fp_sqr_comba_17.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_17.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_20.i b/wolfcrypt/src/fp_sqr_comba_20.i
index bd388d5fd..1f5a6a075 100644
--- a/wolfcrypt/src/fp_sqr_comba_20.i
+++ b/wolfcrypt/src/fp_sqr_comba_20.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_20.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_24.i b/wolfcrypt/src/fp_sqr_comba_24.i
index e57148a3c..f5080661c 100644
--- a/wolfcrypt/src/fp_sqr_comba_24.i
+++ b/wolfcrypt/src/fp_sqr_comba_24.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_24.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_28.i b/wolfcrypt/src/fp_sqr_comba_28.i
index 78fb8e016..9c80c4a7a 100644
--- a/wolfcrypt/src/fp_sqr_comba_28.i
+++ b/wolfcrypt/src/fp_sqr_comba_28.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_28.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_3.i b/wolfcrypt/src/fp_sqr_comba_3.i
index bab8996dd..ed2b9ad35 100644
--- a/wolfcrypt/src/fp_sqr_comba_3.i
+++ b/wolfcrypt/src/fp_sqr_comba_3.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_3.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_32.i b/wolfcrypt/src/fp_sqr_comba_32.i
index 9ee96c52f..e3ca3fe1d 100644
--- a/wolfcrypt/src/fp_sqr_comba_32.i
+++ b/wolfcrypt/src/fp_sqr_comba_32.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_32.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_4.i b/wolfcrypt/src/fp_sqr_comba_4.i
index d0bae9802..90a891035 100644
--- a/wolfcrypt/src/fp_sqr_comba_4.i
+++ b/wolfcrypt/src/fp_sqr_comba_4.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_4.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_48.i b/wolfcrypt/src/fp_sqr_comba_48.i
index a9fa4f8e1..6c7773ec8 100644
--- a/wolfcrypt/src/fp_sqr_comba_48.i
+++ b/wolfcrypt/src/fp_sqr_comba_48.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_48.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_6.i b/wolfcrypt/src/fp_sqr_comba_6.i
index 2e91e69b1..a9cb954b1 100644
--- a/wolfcrypt/src/fp_sqr_comba_6.i
+++ b/wolfcrypt/src/fp_sqr_comba_6.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_6.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_64.i b/wolfcrypt/src/fp_sqr_comba_64.i
index a072269cb..c270c40ab 100644
--- a/wolfcrypt/src/fp_sqr_comba_64.i
+++ b/wolfcrypt/src/fp_sqr_comba_64.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_64.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_7.i b/wolfcrypt/src/fp_sqr_comba_7.i
index 9ae37801d..689377577 100644
--- a/wolfcrypt/src/fp_sqr_comba_7.i
+++ b/wolfcrypt/src/fp_sqr_comba_7.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_7.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_8.i b/wolfcrypt/src/fp_sqr_comba_8.i
index c0be97bb5..997eb305d 100644
--- a/wolfcrypt/src/fp_sqr_comba_8.i
+++ b/wolfcrypt/src/fp_sqr_comba_8.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_8.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_9.i b/wolfcrypt/src/fp_sqr_comba_9.i
index 92369de40..c4a199c9d 100644
--- a/wolfcrypt/src/fp_sqr_comba_9.i
+++ b/wolfcrypt/src/fp_sqr_comba_9.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_9.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_small_set.i b/wolfcrypt/src/fp_sqr_comba_small_set.i
index f8e0a4dc1..231708c5a 100644
--- a/wolfcrypt/src/fp_sqr_comba_small_set.i
+++ b/wolfcrypt/src/fp_sqr_comba_small_set.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_small_set.i
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c
index 7065b9af1..e36f1e1ee 100644
--- a/wolfcrypt/src/ge_448.c
+++ b/wolfcrypt/src/ge_448.c
@@ -1,6 +1,6 @@
 /* ge_448.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -77,6 +77,14 @@ static const ge448_p2 ed448_base = {
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
 };
 
+static const word8 ed448_order[56] = {
+    0xf3, 0x44, 0x58, 0xab, 0x92, 0xc2, 0x78, 0x23, 0x55, 0x8f, 0xc5, 0x8d,
+    0x72, 0xc2, 0x6c, 0x21, 0x90, 0x36, 0xd6, 0xae, 0x49, 0xdb, 0x4e, 0xc4,
+    0xe9, 0x23, 0xca, 0x7c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f,
+};
+
 /* Part of order of ed448 that needs tp be multiplied when reducing */
 static const word8 ed448_order_mul[56] = {
     0x0d, 0xbb, 0xa7, 0x54, 0x6d, 0x3d, 0x87, 0xdc, 0xaa, 0x70, 0x3a, 0x72,
@@ -87,6 +95,8 @@ static const word8 ed448_order_mul[56] = {
 /* Reduce scalar mod the order of the curve.
  * Scalar Will be 114 bytes.
  *
+ * Only performs a weak reduce.
+ *
  * b  [in]  Scalar to reduce.
  */
 void sc448_reduce(byte* b)
@@ -149,6 +159,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     int i, j;
     word32 t[112];
     word8 o;
+    sword16 u;
 
     /* a * b + d */
     for (i = 0; i < 56; i++)
@@ -200,6 +211,16 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     }
     r[i] = t[i] & 0xff;
     r[i+1] = 0;
+    /* Reduce to mod order. */
+    u = 0;
+    for (i = 0; i < 56; i++) {
+        u += r[i] - ed448_order[i]; u >>= 8;
+    }
+    o = 0 - (u >= 0);
+    u = 0;
+    for (i = 0; i < 56; i++) {
+        u += r[i] - (ed448_order[i] & o); r[i] = u & 0xff; u >>= 8;
+    }
 }
 
 /* Double the point on the Twisted Edwards curve. r = 2.p
@@ -342,12 +363,13 @@ static void ge448_scalarmult(ge448_p2* h, const ge448_p2* p, const byte* a)
  * r  [in]  Point to hold result.
  * a  [in]  Scalar to multiply by.
  */
-void ge448_scalarmult_base(ge448_p2* h, const byte* a)
+int ge448_scalarmult_base(ge448_p2* h, const byte* a)
 {
     ge448_scalarmult(h, &ed448_base, a);
+    return 0;
 }
 
-/* Perform a scalar multplication of the base point and public point.
+/* Perform a scalar multiplication of the base point and public point.
  *   r = a * p + b * base
  * Uses a sliding window of 5 bits.
  * Not constant time.
@@ -430,6 +452,8 @@ int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b)
 /* Reduce scalar mod the order of the curve.
  * Scalar Will be 114 bytes.
  *
+ * Only performs a weak reduce.
+ *
  * b  [in]  Scalar to reduce.
  */
 void sc448_reduce(byte* b)
@@ -440,120 +464,120 @@ void sc448_reduce(byte* b)
     word64 o;
 
     /* Load from bytes */
-    t[ 0] =  ((sword64) (b[ 0]) <<  0)
-          |  ((sword64) (b[ 1]) <<  8)
-          |  ((sword64) (b[ 2]) << 16)
-          |  ((sword64) (b[ 3]) << 24)
-          |  ((sword64) (b[ 4]) << 32)
-          |  ((sword64) (b[ 5]) << 40)
-          |  ((sword64) (b[ 6]) << 48);
-    t[ 1] =  ((sword64) (b[ 7]) <<  0)
-          |  ((sword64) (b[ 8]) <<  8)
-          |  ((sword64) (b[ 9]) << 16)
-          |  ((sword64) (b[10]) << 24)
-          |  ((sword64) (b[11]) << 32)
-          |  ((sword64) (b[12]) << 40)
-          |  ((sword64) (b[13]) << 48);
-    t[ 2] =  ((sword64) (b[14]) <<  0)
-          |  ((sword64) (b[15]) <<  8)
-          |  ((sword64) (b[16]) << 16)
-          |  ((sword64) (b[17]) << 24)
-          |  ((sword64) (b[18]) << 32)
-          |  ((sword64) (b[19]) << 40)
-          |  ((sword64) (b[20]) << 48);
-    t[ 3] =  ((sword64) (b[21]) <<  0)
-          |  ((sword64) (b[22]) <<  8)
-          |  ((sword64) (b[23]) << 16)
-          |  ((sword64) (b[24]) << 24)
-          |  ((sword64) (b[25]) << 32)
-          |  ((sword64) (b[26]) << 40)
-          |  ((sword64) (b[27]) << 48);
-    t[ 4] =  ((sword64) (b[28]) <<  0)
-          |  ((sword64) (b[29]) <<  8)
-          |  ((sword64) (b[30]) << 16)
-          |  ((sword64) (b[31]) << 24)
-          |  ((sword64) (b[32]) << 32)
-          |  ((sword64) (b[33]) << 40)
-          |  ((sword64) (b[34]) << 48);
-    t[ 5] =  ((sword64) (b[35]) <<  0)
-          |  ((sword64) (b[36]) <<  8)
-          |  ((sword64) (b[37]) << 16)
-          |  ((sword64) (b[38]) << 24)
-          |  ((sword64) (b[39]) << 32)
-          |  ((sword64) (b[40]) << 40)
-          |  ((sword64) (b[41]) << 48);
-    t[ 6] =  ((sword64) (b[42]) <<  0)
-          |  ((sword64) (b[43]) <<  8)
-          |  ((sword64) (b[44]) << 16)
-          |  ((sword64) (b[45]) << 24)
-          |  ((sword64) (b[46]) << 32)
-          |  ((sword64) (b[47]) << 40)
-          |  ((sword64) (b[48]) << 48);
-    t[ 7] =  ((sword64) (b[49]) <<  0)
-          |  ((sword64) (b[50]) <<  8)
-          |  ((sword64) (b[51]) << 16)
-          |  ((sword64) (b[52]) << 24)
-          |  ((sword64) (b[53]) << 32)
-          |  ((sword64) (b[54]) << 40)
-          |  ((sword64) (b[55]) << 48);
-    t[ 8] =  ((sword64) (b[56]) <<  0)
-          |  ((sword64) (b[57]) <<  8)
-          |  ((sword64) (b[58]) << 16)
-          |  ((sword64) (b[59]) << 24)
-          |  ((sword64) (b[60]) << 32)
-          |  ((sword64) (b[61]) << 40)
-          |  ((sword64) (b[62]) << 48);
-    t[ 9] =  ((sword64) (b[63]) <<  0)
-          |  ((sword64) (b[64]) <<  8)
-          |  ((sword64) (b[65]) << 16)
-          |  ((sword64) (b[66]) << 24)
-          |  ((sword64) (b[67]) << 32)
-          |  ((sword64) (b[68]) << 40)
-          |  ((sword64) (b[69]) << 48);
-    t[10] =  ((sword64) (b[70]) <<  0)
-          |  ((sword64) (b[71]) <<  8)
-          |  ((sword64) (b[72]) << 16)
-          |  ((sword64) (b[73]) << 24)
-          |  ((sword64) (b[74]) << 32)
-          |  ((sword64) (b[75]) << 40)
-          |  ((sword64) (b[76]) << 48);
-    t[11] =  ((sword64) (b[77]) <<  0)
-          |  ((sword64) (b[78]) <<  8)
-          |  ((sword64) (b[79]) << 16)
-          |  ((sword64) (b[80]) << 24)
-          |  ((sword64) (b[81]) << 32)
-          |  ((sword64) (b[82]) << 40)
-          |  ((sword64) (b[83]) << 48);
-    t[12] =  ((sword64) (b[84]) <<  0)
-          |  ((sword64) (b[85]) <<  8)
-          |  ((sword64) (b[86]) << 16)
-          |  ((sword64) (b[87]) << 24)
-          |  ((sword64) (b[88]) << 32)
-          |  ((sword64) (b[89]) << 40)
-          |  ((sword64) (b[90]) << 48);
-    t[13] =  ((sword64) (b[91]) <<  0)
-          |  ((sword64) (b[92]) <<  8)
-          |  ((sword64) (b[93]) << 16)
-          |  ((sword64) (b[94]) << 24)
-          |  ((sword64) (b[95]) << 32)
-          |  ((sword64) (b[96]) << 40)
-          |  ((sword64) (b[97]) << 48);
-    t[14] =  ((sword64) (b[98]) <<  0)
-          |  ((sword64) (b[99]) <<  8)
-          |  ((sword64) (b[100]) << 16)
-          |  ((sword64) (b[101]) << 24)
-          |  ((sword64) (b[102]) << 32)
-          |  ((sword64) (b[103]) << 40)
-          |  ((sword64) (b[104]) << 48);
-    t[15] =  ((sword64) (b[105]) <<  0)
-          |  ((sword64) (b[106]) <<  8)
-          |  ((sword64) (b[107]) << 16)
-          |  ((sword64) (b[108]) << 24)
-          |  ((sword64) (b[109]) << 32)
-          |  ((sword64) (b[110]) << 40)
-          |  ((sword64) (b[111]) << 48);
-    t[16] =  ((sword64) (b[112]) <<  0)
-          |  ((sword64) (b[113]) <<  8);
+    t[ 0] =  (word64)((sword64) (b[ 0]) <<  0)
+          |  (word64)((sword64) (b[ 1]) <<  8)
+          |  (word64)((sword64) (b[ 2]) << 16)
+          |  (word64)((sword64) (b[ 3]) << 24)
+          |  (word64)((sword64) (b[ 4]) << 32)
+          |  (word64)((sword64) (b[ 5]) << 40)
+          |  (word64)((sword64) (b[ 6]) << 48);
+    t[ 1] =  (word64)((sword64) (b[ 7]) <<  0)
+          |  (word64)((sword64) (b[ 8]) <<  8)
+          |  (word64)((sword64) (b[ 9]) << 16)
+          |  (word64)((sword64) (b[10]) << 24)
+          |  (word64)((sword64) (b[11]) << 32)
+          |  (word64)((sword64) (b[12]) << 40)
+          |  (word64)((sword64) (b[13]) << 48);
+    t[ 2] =  (word64)((sword64) (b[14]) <<  0)
+          |  (word64)((sword64) (b[15]) <<  8)
+          |  (word64)((sword64) (b[16]) << 16)
+          |  (word64)((sword64) (b[17]) << 24)
+          |  (word64)((sword64) (b[18]) << 32)
+          |  (word64)((sword64) (b[19]) << 40)
+          |  (word64)((sword64) (b[20]) << 48);
+    t[ 3] =  (word64)((sword64) (b[21]) <<  0)
+          |  (word64)((sword64) (b[22]) <<  8)
+          |  (word64)((sword64) (b[23]) << 16)
+          |  (word64)((sword64) (b[24]) << 24)
+          |  (word64)((sword64) (b[25]) << 32)
+          |  (word64)((sword64) (b[26]) << 40)
+          |  (word64)((sword64) (b[27]) << 48);
+    t[ 4] =  (word64)((sword64) (b[28]) <<  0)
+          |  (word64)((sword64) (b[29]) <<  8)
+          |  (word64)((sword64) (b[30]) << 16)
+          |  (word64)((sword64) (b[31]) << 24)
+          |  (word64)((sword64) (b[32]) << 32)
+          |  (word64)((sword64) (b[33]) << 40)
+          |  (word64)((sword64) (b[34]) << 48);
+    t[ 5] =  (word64)((sword64) (b[35]) <<  0)
+          |  (word64)((sword64) (b[36]) <<  8)
+          |  (word64)((sword64) (b[37]) << 16)
+          |  (word64)((sword64) (b[38]) << 24)
+          |  (word64)((sword64) (b[39]) << 32)
+          |  (word64)((sword64) (b[40]) << 40)
+          |  (word64)((sword64) (b[41]) << 48);
+    t[ 6] =  (word64)((sword64) (b[42]) <<  0)
+          |  (word64)((sword64) (b[43]) <<  8)
+          |  (word64)((sword64) (b[44]) << 16)
+          |  (word64)((sword64) (b[45]) << 24)
+          |  (word64)((sword64) (b[46]) << 32)
+          |  (word64)((sword64) (b[47]) << 40)
+          |  (word64)((sword64) (b[48]) << 48);
+    t[ 7] =  (word64)((sword64) (b[49]) <<  0)
+          |  (word64)((sword64) (b[50]) <<  8)
+          |  (word64)((sword64) (b[51]) << 16)
+          |  (word64)((sword64) (b[52]) << 24)
+          |  (word64)((sword64) (b[53]) << 32)
+          |  (word64)((sword64) (b[54]) << 40)
+          |  (word64)((sword64) (b[55]) << 48);
+    t[ 8] =  (word64)((sword64) (b[56]) <<  0)
+          |  (word64)((sword64) (b[57]) <<  8)
+          |  (word64)((sword64) (b[58]) << 16)
+          |  (word64)((sword64) (b[59]) << 24)
+          |  (word64)((sword64) (b[60]) << 32)
+          |  (word64)((sword64) (b[61]) << 40)
+          |  (word64)((sword64) (b[62]) << 48);
+    t[ 9] =  (word64)((sword64) (b[63]) <<  0)
+          |  (word64)((sword64) (b[64]) <<  8)
+          |  (word64)((sword64) (b[65]) << 16)
+          |  (word64)((sword64) (b[66]) << 24)
+          |  (word64)((sword64) (b[67]) << 32)
+          |  (word64)((sword64) (b[68]) << 40)
+          |  (word64)((sword64) (b[69]) << 48);
+    t[10] =  (word64)((sword64) (b[70]) <<  0)
+          |  (word64)((sword64) (b[71]) <<  8)
+          |  (word64)((sword64) (b[72]) << 16)
+          |  (word64)((sword64) (b[73]) << 24)
+          |  (word64)((sword64) (b[74]) << 32)
+          |  (word64)((sword64) (b[75]) << 40)
+          |  (word64)((sword64) (b[76]) << 48);
+    t[11] =  (word64)((sword64) (b[77]) <<  0)
+          |  (word64)((sword64) (b[78]) <<  8)
+          |  (word64)((sword64) (b[79]) << 16)
+          |  (word64)((sword64) (b[80]) << 24)
+          |  (word64)((sword64) (b[81]) << 32)
+          |  (word64)((sword64) (b[82]) << 40)
+          |  (word64)((sword64) (b[83]) << 48);
+    t[12] =  (word64)((sword64) (b[84]) <<  0)
+          |  (word64)((sword64) (b[85]) <<  8)
+          |  (word64)((sword64) (b[86]) << 16)
+          |  (word64)((sword64) (b[87]) << 24)
+          |  (word64)((sword64) (b[88]) << 32)
+          |  (word64)((sword64) (b[89]) << 40)
+          |  (word64)((sword64) (b[90]) << 48);
+    t[13] =  (word64)((sword64) (b[91]) <<  0)
+          |  (word64)((sword64) (b[92]) <<  8)
+          |  (word64)((sword64) (b[93]) << 16)
+          |  (word64)((sword64) (b[94]) << 24)
+          |  (word64)((sword64) (b[95]) << 32)
+          |  (word64)((sword64) (b[96]) << 40)
+          |  (word64)((sword64) (b[97]) << 48);
+    t[14] =  (word64)((sword64) (b[98]) <<  0)
+          |  (word64)((sword64) (b[99]) <<  8)
+          |  (word64)((sword64) (b[100]) << 16)
+          |  (word64)((sword64) (b[101]) << 24)
+          |  (word64)((sword64) (b[102]) << 32)
+          |  (word64)((sword64) (b[103]) << 40)
+          |  (word64)((sword64) (b[104]) << 48);
+    t[15] =  (word64)((sword64) (b[105]) <<  0)
+          |  (word64)((sword64) (b[106]) <<  8)
+          |  (word64)((sword64) (b[107]) << 16)
+          |  (word64)((sword64) (b[108]) << 24)
+          |  (word64)((sword64) (b[109]) << 32)
+          |  (word64)((sword64) (b[110]) << 40)
+          |  (word64)((sword64) (b[111]) << 48);
+    t[16] =  (word64)((sword64) (b[112]) <<  0)
+          |  (word64)((sword64) (b[113]) <<  8);
 
     /* Mod curve order */
     /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */
@@ -720,244 +744,245 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     word128 t[16];
     word128 c;
     word64 o;
+    sword64 u;
 
     /* Load from bytes */
-    ad[ 0] =  ((sword64) (a[ 0]) <<  0)
-           |  ((sword64) (a[ 1]) <<  8)
-           |  ((sword64) (a[ 2]) << 16)
-           |  ((sword64) (a[ 3]) << 24)
-           |  ((sword64) (a[ 4]) << 32)
-           |  ((sword64) (a[ 5]) << 40)
-           |  ((sword64) (a[ 6]) << 48);
-    ad[ 1] =  ((sword64) (a[ 7]) <<  0)
-           |  ((sword64) (a[ 8]) <<  8)
-           |  ((sword64) (a[ 9]) << 16)
-           |  ((sword64) (a[10]) << 24)
-           |  ((sword64) (a[11]) << 32)
-           |  ((sword64) (a[12]) << 40)
-           |  ((sword64) (a[13]) << 48);
-    ad[ 2] =  ((sword64) (a[14]) <<  0)
-           |  ((sword64) (a[15]) <<  8)
-           |  ((sword64) (a[16]) << 16)
-           |  ((sword64) (a[17]) << 24)
-           |  ((sword64) (a[18]) << 32)
-           |  ((sword64) (a[19]) << 40)
-           |  ((sword64) (a[20]) << 48);
-    ad[ 3] =  ((sword64) (a[21]) <<  0)
-           |  ((sword64) (a[22]) <<  8)
-           |  ((sword64) (a[23]) << 16)
-           |  ((sword64) (a[24]) << 24)
-           |  ((sword64) (a[25]) << 32)
-           |  ((sword64) (a[26]) << 40)
-           |  ((sword64) (a[27]) << 48);
-    ad[ 4] =  ((sword64) (a[28]) <<  0)
-           |  ((sword64) (a[29]) <<  8)
-           |  ((sword64) (a[30]) << 16)
-           |  ((sword64) (a[31]) << 24)
-           |  ((sword64) (a[32]) << 32)
-           |  ((sword64) (a[33]) << 40)
-           |  ((sword64) (a[34]) << 48);
-    ad[ 5] =  ((sword64) (a[35]) <<  0)
-           |  ((sword64) (a[36]) <<  8)
-           |  ((sword64) (a[37]) << 16)
-           |  ((sword64) (a[38]) << 24)
-           |  ((sword64) (a[39]) << 32)
-           |  ((sword64) (a[40]) << 40)
-           |  ((sword64) (a[41]) << 48);
-    ad[ 6] =  ((sword64) (a[42]) <<  0)
-           |  ((sword64) (a[43]) <<  8)
-           |  ((sword64) (a[44]) << 16)
-           |  ((sword64) (a[45]) << 24)
-           |  ((sword64) (a[46]) << 32)
-           |  ((sword64) (a[47]) << 40)
-           |  ((sword64) (a[48]) << 48);
-    ad[ 7] =  ((sword64) (a[49]) <<  0)
-           |  ((sword64) (a[50]) <<  8)
-           |  ((sword64) (a[51]) << 16)
-           |  ((sword64) (a[52]) << 24)
-           |  ((sword64) (a[53]) << 32)
-           |  ((sword64) (a[54]) << 40)
-           |  ((sword64) (a[55]) << 48);
+    ad[ 0] =  (word64)((sword64) (a[ 0]) <<  0)
+           |  (word64)((sword64) (a[ 1]) <<  8)
+           |  (word64)((sword64) (a[ 2]) << 16)
+           |  (word64)((sword64) (a[ 3]) << 24)
+           |  (word64)((sword64) (a[ 4]) << 32)
+           |  (word64)((sword64) (a[ 5]) << 40)
+           |  (word64)((sword64) (a[ 6]) << 48);
+    ad[ 1] =  (word64)((sword64) (a[ 7]) <<  0)
+           |  (word64)((sword64) (a[ 8]) <<  8)
+           |  (word64)((sword64) (a[ 9]) << 16)
+           |  (word64)((sword64) (a[10]) << 24)
+           |  (word64)((sword64) (a[11]) << 32)
+           |  (word64)((sword64) (a[12]) << 40)
+           |  (word64)((sword64) (a[13]) << 48);
+    ad[ 2] =  (word64)((sword64) (a[14]) <<  0)
+           |  (word64)((sword64) (a[15]) <<  8)
+           |  (word64)((sword64) (a[16]) << 16)
+           |  (word64)((sword64) (a[17]) << 24)
+           |  (word64)((sword64) (a[18]) << 32)
+           |  (word64)((sword64) (a[19]) << 40)
+           |  (word64)((sword64) (a[20]) << 48);
+    ad[ 3] =  (word64)((sword64) (a[21]) <<  0)
+           |  (word64)((sword64) (a[22]) <<  8)
+           |  (word64)((sword64) (a[23]) << 16)
+           |  (word64)((sword64) (a[24]) << 24)
+           |  (word64)((sword64) (a[25]) << 32)
+           |  (word64)((sword64) (a[26]) << 40)
+           |  (word64)((sword64) (a[27]) << 48);
+    ad[ 4] =  (word64)((sword64) (a[28]) <<  0)
+           |  (word64)((sword64) (a[29]) <<  8)
+           |  (word64)((sword64) (a[30]) << 16)
+           |  (word64)((sword64) (a[31]) << 24)
+           |  (word64)((sword64) (a[32]) << 32)
+           |  (word64)((sword64) (a[33]) << 40)
+           |  (word64)((sword64) (a[34]) << 48);
+    ad[ 5] =  (word64)((sword64) (a[35]) <<  0)
+           |  (word64)((sword64) (a[36]) <<  8)
+           |  (word64)((sword64) (a[37]) << 16)
+           |  (word64)((sword64) (a[38]) << 24)
+           |  (word64)((sword64) (a[39]) << 32)
+           |  (word64)((sword64) (a[40]) << 40)
+           |  (word64)((sword64) (a[41]) << 48);
+    ad[ 6] =  (word64)((sword64) (a[42]) <<  0)
+           |  (word64)((sword64) (a[43]) <<  8)
+           |  (word64)((sword64) (a[44]) << 16)
+           |  (word64)((sword64) (a[45]) << 24)
+           |  (word64)((sword64) (a[46]) << 32)
+           |  (word64)((sword64) (a[47]) << 40)
+           |  (word64)((sword64) (a[48]) << 48);
+    ad[ 7] =  (word64)((sword64) (a[49]) <<  0)
+           |  (word64)((sword64) (a[50]) <<  8)
+           |  (word64)((sword64) (a[51]) << 16)
+           |  (word64)((sword64) (a[52]) << 24)
+           |  (word64)((sword64) (a[53]) << 32)
+           |  (word64)((sword64) (a[54]) << 40)
+           |  (word64)((sword64) (a[55]) << 48);
     /* Load from bytes */
-    bd[ 0] =  ((sword64) (b[ 0]) <<  0)
-           |  ((sword64) (b[ 1]) <<  8)
-           |  ((sword64) (b[ 2]) << 16)
-           |  ((sword64) (b[ 3]) << 24)
-           |  ((sword64) (b[ 4]) << 32)
-           |  ((sword64) (b[ 5]) << 40)
-           |  ((sword64) (b[ 6]) << 48);
-    bd[ 1] =  ((sword64) (b[ 7]) <<  0)
-           |  ((sword64) (b[ 8]) <<  8)
-           |  ((sword64) (b[ 9]) << 16)
-           |  ((sword64) (b[10]) << 24)
-           |  ((sword64) (b[11]) << 32)
-           |  ((sword64) (b[12]) << 40)
-           |  ((sword64) (b[13]) << 48);
-    bd[ 2] =  ((sword64) (b[14]) <<  0)
-           |  ((sword64) (b[15]) <<  8)
-           |  ((sword64) (b[16]) << 16)
-           |  ((sword64) (b[17]) << 24)
-           |  ((sword64) (b[18]) << 32)
-           |  ((sword64) (b[19]) << 40)
-           |  ((sword64) (b[20]) << 48);
-    bd[ 3] =  ((sword64) (b[21]) <<  0)
-           |  ((sword64) (b[22]) <<  8)
-           |  ((sword64) (b[23]) << 16)
-           |  ((sword64) (b[24]) << 24)
-           |  ((sword64) (b[25]) << 32)
-           |  ((sword64) (b[26]) << 40)
-           |  ((sword64) (b[27]) << 48);
-    bd[ 4] =  ((sword64) (b[28]) <<  0)
-           |  ((sword64) (b[29]) <<  8)
-           |  ((sword64) (b[30]) << 16)
-           |  ((sword64) (b[31]) << 24)
-           |  ((sword64) (b[32]) << 32)
-           |  ((sword64) (b[33]) << 40)
-           |  ((sword64) (b[34]) << 48);
-    bd[ 5] =  ((sword64) (b[35]) <<  0)
-           |  ((sword64) (b[36]) <<  8)
-           |  ((sword64) (b[37]) << 16)
-           |  ((sword64) (b[38]) << 24)
-           |  ((sword64) (b[39]) << 32)
-           |  ((sword64) (b[40]) << 40)
-           |  ((sword64) (b[41]) << 48);
-    bd[ 6] =  ((sword64) (b[42]) <<  0)
-           |  ((sword64) (b[43]) <<  8)
-           |  ((sword64) (b[44]) << 16)
-           |  ((sword64) (b[45]) << 24)
-           |  ((sword64) (b[46]) << 32)
-           |  ((sword64) (b[47]) << 40)
-           |  ((sword64) (b[48]) << 48);
-    bd[ 7] =  ((sword64) (b[49]) <<  0)
-           |  ((sword64) (b[50]) <<  8)
-           |  ((sword64) (b[51]) << 16)
-           |  ((sword64) (b[52]) << 24)
-           |  ((sword64) (b[53]) << 32)
-           |  ((sword64) (b[54]) << 40)
-           |  ((sword64) (b[55]) << 48);
+    bd[ 0] =  (word64)((sword64) (b[ 0]) <<  0)
+           |  (word64)((sword64) (b[ 1]) <<  8)
+           |  (word64)((sword64) (b[ 2]) << 16)
+           |  (word64)((sword64) (b[ 3]) << 24)
+           |  (word64)((sword64) (b[ 4]) << 32)
+           |  (word64)((sword64) (b[ 5]) << 40)
+           |  (word64)((sword64) (b[ 6]) << 48);
+    bd[ 1] =  (word64)((sword64) (b[ 7]) <<  0)
+           |  (word64)((sword64) (b[ 8]) <<  8)
+           |  (word64)((sword64) (b[ 9]) << 16)
+           |  (word64)((sword64) (b[10]) << 24)
+           |  (word64)((sword64) (b[11]) << 32)
+           |  (word64)((sword64) (b[12]) << 40)
+           |  (word64)((sword64) (b[13]) << 48);
+    bd[ 2] =  (word64)((sword64) (b[14]) <<  0)
+           |  (word64)((sword64) (b[15]) <<  8)
+           |  (word64)((sword64) (b[16]) << 16)
+           |  (word64)((sword64) (b[17]) << 24)
+           |  (word64)((sword64) (b[18]) << 32)
+           |  (word64)((sword64) (b[19]) << 40)
+           |  (word64)((sword64) (b[20]) << 48);
+    bd[ 3] =  (word64)((sword64) (b[21]) <<  0)
+           |  (word64)((sword64) (b[22]) <<  8)
+           |  (word64)((sword64) (b[23]) << 16)
+           |  (word64)((sword64) (b[24]) << 24)
+           |  (word64)((sword64) (b[25]) << 32)
+           |  (word64)((sword64) (b[26]) << 40)
+           |  (word64)((sword64) (b[27]) << 48);
+    bd[ 4] =  (word64)((sword64) (b[28]) <<  0)
+           |  (word64)((sword64) (b[29]) <<  8)
+           |  (word64)((sword64) (b[30]) << 16)
+           |  (word64)((sword64) (b[31]) << 24)
+           |  (word64)((sword64) (b[32]) << 32)
+           |  (word64)((sword64) (b[33]) << 40)
+           |  (word64)((sword64) (b[34]) << 48);
+    bd[ 5] =  (word64)((sword64) (b[35]) <<  0)
+           |  (word64)((sword64) (b[36]) <<  8)
+           |  (word64)((sword64) (b[37]) << 16)
+           |  (word64)((sword64) (b[38]) << 24)
+           |  (word64)((sword64) (b[39]) << 32)
+           |  (word64)((sword64) (b[40]) << 40)
+           |  (word64)((sword64) (b[41]) << 48);
+    bd[ 6] =  (word64)((sword64) (b[42]) <<  0)
+           |  (word64)((sword64) (b[43]) <<  8)
+           |  (word64)((sword64) (b[44]) << 16)
+           |  (word64)((sword64) (b[45]) << 24)
+           |  (word64)((sword64) (b[46]) << 32)
+           |  (word64)((sword64) (b[47]) << 40)
+           |  (word64)((sword64) (b[48]) << 48);
+    bd[ 7] =  (word64)((sword64) (b[49]) <<  0)
+           |  (word64)((sword64) (b[50]) <<  8)
+           |  (word64)((sword64) (b[51]) << 16)
+           |  (word64)((sword64) (b[52]) << 24)
+           |  (word64)((sword64) (b[53]) << 32)
+           |  (word64)((sword64) (b[54]) << 40)
+           |  (word64)((sword64) (b[55]) << 48);
     /* Load from bytes */
-    dd[ 0] =  ((sword64) (d[ 0]) <<  0)
-           |  ((sword64) (d[ 1]) <<  8)
-           |  ((sword64) (d[ 2]) << 16)
-           |  ((sword64) (d[ 3]) << 24)
-           |  ((sword64) (d[ 4]) << 32)
-           |  ((sword64) (d[ 5]) << 40)
-           |  ((sword64) (d[ 6]) << 48);
-    dd[ 1] =  ((sword64) (d[ 7]) <<  0)
-           |  ((sword64) (d[ 8]) <<  8)
-           |  ((sword64) (d[ 9]) << 16)
-           |  ((sword64) (d[10]) << 24)
-           |  ((sword64) (d[11]) << 32)
-           |  ((sword64) (d[12]) << 40)
-           |  ((sword64) (d[13]) << 48);
-    dd[ 2] =  ((sword64) (d[14]) <<  0)
-           |  ((sword64) (d[15]) <<  8)
-           |  ((sword64) (d[16]) << 16)
-           |  ((sword64) (d[17]) << 24)
-           |  ((sword64) (d[18]) << 32)
-           |  ((sword64) (d[19]) << 40)
-           |  ((sword64) (d[20]) << 48);
-    dd[ 3] =  ((sword64) (d[21]) <<  0)
-           |  ((sword64) (d[22]) <<  8)
-           |  ((sword64) (d[23]) << 16)
-           |  ((sword64) (d[24]) << 24)
-           |  ((sword64) (d[25]) << 32)
-           |  ((sword64) (d[26]) << 40)
-           |  ((sword64) (d[27]) << 48);
-    dd[ 4] =  ((sword64) (d[28]) <<  0)
-           |  ((sword64) (d[29]) <<  8)
-           |  ((sword64) (d[30]) << 16)
-           |  ((sword64) (d[31]) << 24)
-           |  ((sword64) (d[32]) << 32)
-           |  ((sword64) (d[33]) << 40)
-           |  ((sword64) (d[34]) << 48);
-    dd[ 5] =  ((sword64) (d[35]) <<  0)
-           |  ((sword64) (d[36]) <<  8)
-           |  ((sword64) (d[37]) << 16)
-           |  ((sword64) (d[38]) << 24)
-           |  ((sword64) (d[39]) << 32)
-           |  ((sword64) (d[40]) << 40)
-           |  ((sword64) (d[41]) << 48);
-    dd[ 6] =  ((sword64) (d[42]) <<  0)
-           |  ((sword64) (d[43]) <<  8)
-           |  ((sword64) (d[44]) << 16)
-           |  ((sword64) (d[45]) << 24)
-           |  ((sword64) (d[46]) << 32)
-           |  ((sword64) (d[47]) << 40)
-           |  ((sword64) (d[48]) << 48);
-    dd[ 7] =  ((sword64) (d[49]) <<  0)
-           |  ((sword64) (d[50]) <<  8)
-           |  ((sword64) (d[51]) << 16)
-           |  ((sword64) (d[52]) << 24)
-           |  ((sword64) (d[53]) << 32)
-           |  ((sword64) (d[54]) << 40)
-           |  ((sword64) (d[55]) << 48);
+    dd[ 0] =  (word64)((sword64) (d[ 0]) <<  0)
+           |  (word64)((sword64) (d[ 1]) <<  8)
+           |  (word64)((sword64) (d[ 2]) << 16)
+           |  (word64)((sword64) (d[ 3]) << 24)
+           |  (word64)((sword64) (d[ 4]) << 32)
+           |  (word64)((sword64) (d[ 5]) << 40)
+           |  (word64)((sword64) (d[ 6]) << 48);
+    dd[ 1] =  (word64)((sword64) (d[ 7]) <<  0)
+           |  (word64)((sword64) (d[ 8]) <<  8)
+           |  (word64)((sword64) (d[ 9]) << 16)
+           |  (word64)((sword64) (d[10]) << 24)
+           |  (word64)((sword64) (d[11]) << 32)
+           |  (word64)((sword64) (d[12]) << 40)
+           |  (word64)((sword64) (d[13]) << 48);
+    dd[ 2] =  (word64)((sword64) (d[14]) <<  0)
+           |  (word64)((sword64) (d[15]) <<  8)
+           |  (word64)((sword64) (d[16]) << 16)
+           |  (word64)((sword64) (d[17]) << 24)
+           |  (word64)((sword64) (d[18]) << 32)
+           |  (word64)((sword64) (d[19]) << 40)
+           |  (word64)((sword64) (d[20]) << 48);
+    dd[ 3] =  (word64)((sword64) (d[21]) <<  0)
+           |  (word64)((sword64) (d[22]) <<  8)
+           |  (word64)((sword64) (d[23]) << 16)
+           |  (word64)((sword64) (d[24]) << 24)
+           |  (word64)((sword64) (d[25]) << 32)
+           |  (word64)((sword64) (d[26]) << 40)
+           |  (word64)((sword64) (d[27]) << 48);
+    dd[ 4] =  (word64)((sword64) (d[28]) <<  0)
+           |  (word64)((sword64) (d[29]) <<  8)
+           |  (word64)((sword64) (d[30]) << 16)
+           |  (word64)((sword64) (d[31]) << 24)
+           |  (word64)((sword64) (d[32]) << 32)
+           |  (word64)((sword64) (d[33]) << 40)
+           |  (word64)((sword64) (d[34]) << 48);
+    dd[ 5] =  (word64)((sword64) (d[35]) <<  0)
+           |  (word64)((sword64) (d[36]) <<  8)
+           |  (word64)((sword64) (d[37]) << 16)
+           |  (word64)((sword64) (d[38]) << 24)
+           |  (word64)((sword64) (d[39]) << 32)
+           |  (word64)((sword64) (d[40]) << 40)
+           |  (word64)((sword64) (d[41]) << 48);
+    dd[ 6] =  (word64)((sword64) (d[42]) <<  0)
+           |  (word64)((sword64) (d[43]) <<  8)
+           |  (word64)((sword64) (d[44]) << 16)
+           |  (word64)((sword64) (d[45]) << 24)
+           |  (word64)((sword64) (d[46]) << 32)
+           |  (word64)((sword64) (d[47]) << 40)
+           |  (word64)((sword64) (d[48]) << 48);
+    dd[ 7] =  (word64)((sword64) (d[49]) <<  0)
+           |  (word64)((sword64) (d[50]) <<  8)
+           |  (word64)((sword64) (d[51]) << 16)
+           |  (word64)((sword64) (d[52]) << 24)
+           |  (word64)((sword64) (d[53]) << 32)
+           |  (word64)((sword64) (d[54]) << 40)
+           |  (word64)((sword64) (d[55]) << 48);
 
     /* a * b + d */
-    t[ 0] = (word128)dd[ 0] + (sword128)ad[ 0] * bd[ 0];
-    t[ 1] = (word128)dd[ 1] + (sword128)ad[ 0] * bd[ 1]
-                            + (sword128)ad[ 1] * bd[ 0];
-    t[ 2] = (word128)dd[ 2] + (sword128)ad[ 0] * bd[ 2]
-                            + (sword128)ad[ 1] * bd[ 1]
-                            + (sword128)ad[ 2] * bd[ 0];
-    t[ 3] = (word128)dd[ 3] + (sword128)ad[ 0] * bd[ 3]
-                            + (sword128)ad[ 1] * bd[ 2]
-                            + (sword128)ad[ 2] * bd[ 1]
-                            + (sword128)ad[ 3] * bd[ 0];
-    t[ 4] = (word128)dd[ 4] + (sword128)ad[ 0] * bd[ 4]
-                            + (sword128)ad[ 1] * bd[ 3]
-                            + (sword128)ad[ 2] * bd[ 2]
-                            + (sword128)ad[ 3] * bd[ 1]
-                            + (sword128)ad[ 4] * bd[ 0];
-    t[ 5] = (word128)dd[ 5] + (sword128)ad[ 0] * bd[ 5]
-                            + (sword128)ad[ 1] * bd[ 4]
-                            + (sword128)ad[ 2] * bd[ 3]
-                            + (sword128)ad[ 3] * bd[ 2]
-                            + (sword128)ad[ 4] * bd[ 1]
-                            + (sword128)ad[ 5] * bd[ 0];
-    t[ 6] = (word128)dd[ 6] + (sword128)ad[ 0] * bd[ 6]
-                            + (sword128)ad[ 1] * bd[ 5]
-                            + (sword128)ad[ 2] * bd[ 4]
-                            + (sword128)ad[ 3] * bd[ 3]
-                            + (sword128)ad[ 4] * bd[ 2]
-                            + (sword128)ad[ 5] * bd[ 1]
-                            + (sword128)ad[ 6] * bd[ 0];
-    t[ 7] = (word128)dd[ 7] + (sword128)ad[ 0] * bd[ 7]
-                            + (sword128)ad[ 1] * bd[ 6]
-                            + (sword128)ad[ 2] * bd[ 5]
-                            + (sword128)ad[ 3] * bd[ 4]
-                            + (sword128)ad[ 4] * bd[ 3]
-                            + (sword128)ad[ 5] * bd[ 2]
-                            + (sword128)ad[ 6] * bd[ 1]
-                            + (sword128)ad[ 7] * bd[ 0];
-    t[ 8] = (word128)          (sword128)ad[ 1] * bd[ 7]
-                            + (sword128)ad[ 2] * bd[ 6]
-                            + (sword128)ad[ 3] * bd[ 5]
-                            + (sword128)ad[ 4] * bd[ 4]
-                            + (sword128)ad[ 5] * bd[ 3]
-                            + (sword128)ad[ 6] * bd[ 2]
-                            + (sword128)ad[ 7] * bd[ 1];
-    t[ 9] = (word128)          (sword128)ad[ 2] * bd[ 7]
-                            + (sword128)ad[ 3] * bd[ 6]
-                            + (sword128)ad[ 4] * bd[ 5]
-                            + (sword128)ad[ 5] * bd[ 4]
-                            + (sword128)ad[ 6] * bd[ 3]
-                            + (sword128)ad[ 7] * bd[ 2];
-    t[10] = (word128)          (sword128)ad[ 3] * bd[ 7]
-                            + (sword128)ad[ 4] * bd[ 6]
-                            + (sword128)ad[ 5] * bd[ 5]
-                            + (sword128)ad[ 6] * bd[ 4]
-                            + (sword128)ad[ 7] * bd[ 3];
-    t[11] = (word128)          (sword128)ad[ 4] * bd[ 7]
-                            + (sword128)ad[ 5] * bd[ 6]
-                            + (sword128)ad[ 6] * bd[ 5]
-                            + (sword128)ad[ 7] * bd[ 4];
-    t[12] = (word128)          (sword128)ad[ 5] * bd[ 7]
-                            + (sword128)ad[ 6] * bd[ 6]
-                            + (sword128)ad[ 7] * bd[ 5];
-    t[13] = (word128)          (sword128)ad[ 6] * bd[ 7]
-                            + (sword128)ad[ 7] * bd[ 6];
-    t[14] = (word128)          (sword128)ad[ 7] * bd[ 7];
+    t[ 0] = (word128)(dd[ 0] + (word128)((sword128)ad[ 0] * bd[ 0]));
+    t[ 1] = (word128)(dd[ 1] + (word128)((sword128)ad[ 0] * bd[ 1]
+                                       + (sword128)ad[ 1] * bd[ 0]));
+    t[ 2] = (word128)(dd[ 2] + (word128)((sword128)ad[ 0] * bd[ 2]
+                                       + (sword128)ad[ 1] * bd[ 1]
+                                       + (sword128)ad[ 2] * bd[ 0]));
+    t[ 3] = (word128)(dd[ 3] + (word128)((sword128)ad[ 0] * bd[ 3]
+                                       + (sword128)ad[ 1] * bd[ 2]
+                                       + (sword128)ad[ 2] * bd[ 1]
+                                       + (sword128)ad[ 3] * bd[ 0]));
+    t[ 4] = (word128)(dd[ 4] + (word128)((sword128)ad[ 0] * bd[ 4]
+                                       + (sword128)ad[ 1] * bd[ 3]
+                                       + (sword128)ad[ 2] * bd[ 2]
+                                       + (sword128)ad[ 3] * bd[ 1]
+                                       + (sword128)ad[ 4] * bd[ 0]));
+    t[ 5] = (word128)(dd[ 5] + (word128)((sword128)ad[ 0] * bd[ 5]
+                                       + (sword128)ad[ 1] * bd[ 4]
+                                       + (sword128)ad[ 2] * bd[ 3]
+                                       + (sword128)ad[ 3] * bd[ 2]
+                                       + (sword128)ad[ 4] * bd[ 1]
+                                       + (sword128)ad[ 5] * bd[ 0]));
+    t[ 6] = (word128)(dd[ 6] + (word128)((sword128)ad[ 0] * bd[ 6]
+                                       + (sword128)ad[ 1] * bd[ 5]
+                                       + (sword128)ad[ 2] * bd[ 4]
+                                       + (sword128)ad[ 3] * bd[ 3]
+                                       + (sword128)ad[ 4] * bd[ 2]
+                                       + (sword128)ad[ 5] * bd[ 1]
+                                       + (sword128)ad[ 6] * bd[ 0]));
+    t[ 7] = (word128)(dd[ 7] + (word128)((sword128)ad[ 0] * bd[ 7]
+                                       + (sword128)ad[ 1] * bd[ 6]
+                                       + (sword128)ad[ 2] * bd[ 5]
+                                       + (sword128)ad[ 3] * bd[ 4]
+                                       + (sword128)ad[ 4] * bd[ 3]
+                                       + (sword128)ad[ 5] * bd[ 2]
+                                       + (sword128)ad[ 6] * bd[ 1]
+                                       + (sword128)ad[ 7] * bd[ 0]));
+    t[ 8] = (word128)(                   (sword128)ad[ 1] * bd[ 7]
+                                       + (sword128)ad[ 2] * bd[ 6]
+                                       + (sword128)ad[ 3] * bd[ 5]
+                                       + (sword128)ad[ 4] * bd[ 4]
+                                       + (sword128)ad[ 5] * bd[ 3]
+                                       + (sword128)ad[ 6] * bd[ 2]
+                                       + (sword128)ad[ 7] * bd[ 1]);
+    t[ 9] = (word128)(                   (sword128)ad[ 2] * bd[ 7]
+                                       + (sword128)ad[ 3] * bd[ 6]
+                                       + (sword128)ad[ 4] * bd[ 5]
+                                       + (sword128)ad[ 5] * bd[ 4]
+                                       + (sword128)ad[ 6] * bd[ 3]
+                                       + (sword128)ad[ 7] * bd[ 2]);
+    t[10] = (word128)(                   (sword128)ad[ 3] * bd[ 7]
+                                       + (sword128)ad[ 4] * bd[ 6]
+                                       + (sword128)ad[ 5] * bd[ 5]
+                                       + (sword128)ad[ 6] * bd[ 4]
+                                       + (sword128)ad[ 7] * bd[ 3]);
+    t[11] = (word128)(                   (sword128)ad[ 4] * bd[ 7]
+                                       + (sword128)ad[ 5] * bd[ 6]
+                                       + (sword128)ad[ 6] * bd[ 5]
+                                       + (sword128)ad[ 7] * bd[ 4]);
+    t[12] = (word128)(                   (sword128)ad[ 5] * bd[ 7]
+                                       + (sword128)ad[ 6] * bd[ 6]
+                                       + (sword128)ad[ 7] * bd[ 5]);
+    t[13] = (word128)(                   (sword128)ad[ 6] * bd[ 7]
+                                       + (sword128)ad[ 7] * bd[ 6]);
+    t[14] = (word128)(                   (sword128)ad[ 7] * bd[ 7]);
     t[15] = 0;
 
     /* Mod curve order */
@@ -1043,6 +1068,41 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     o = rd[ 4] >> 56; rd[ 5] += o; rd[ 4] = rd[ 4] & 0xffffffffffffff;
     o = rd[ 5] >> 56; rd[ 6] += o; rd[ 5] = rd[ 5] & 0xffffffffffffff;
     o = rd[ 6] >> 56; rd[ 7] += o; rd[ 6] = rd[ 6] & 0xffffffffffffff;
+    /* Reduce to mod order. */
+    u = 0;
+    u += (sword64)rd[0] - (sword64)0x078c292ab5844f3L; u >>= 56;
+    u += (sword64)rd[1] - (sword64)0x0c2728dc58f5523L; u >>= 56;
+    u += (sword64)rd[2] - (sword64)0x049aed63690216cL; u >>= 56;
+    u += (sword64)rd[3] - (sword64)0x07cca23e9c44edbL; u >>= 56;
+    u += (sword64)rd[4] - (sword64)0x0ffffffffffffffL; u >>= 56;
+    u += (sword64)rd[5] - (sword64)0x0ffffffffffffffL; u >>= 56;
+    u += (sword64)rd[6] - (sword64)0x0ffffffffffffffL; u >>= 56;
+    u += (sword64)rd[7] - (sword64)0x03fffffffffffffL; u >>= 56;
+    o = (word64)0 - (u >= 0);
+    u = 0;
+    u += (sword64)rd[0] - (sword64)((word64)0x078c292ab5844f3L & o);
+    rd[0] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[1] - (sword64)((word64)0x0c2728dc58f5523L & o);
+    rd[1] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[2] - (sword64)((word64)0x049aed63690216cL & o);
+    rd[2] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[3] - (sword64)((word64)0x07cca23e9c44edbL & o);
+    rd[3] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[4] - (sword64)((word64)0x0ffffffffffffffL & o);
+    rd[4] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[5] - (sword64)((word64)0x0ffffffffffffffL & o);
+    rd[5] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[6] - (sword64)((word64)0x0ffffffffffffffL & o);
+    rd[6] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[7] - (sword64)((word64)0x03fffffffffffffL & o);
+    rd[7] = u & 0xffffffffffffff;
 
     /* Convert to bytes */
     r[ 0] = (byte)(rd[0 ] >>  0);
@@ -5071,6 +5131,8 @@ static const ge448_precomp base_i[16] = {
 /* Reduce scalar mod the order of the curve.
  * Scalar Will be 114 bytes.
  *
+ * Only performs a weak reduce.
+ *
  * b  [in]  Scalar to reduce.
  */
 void sc448_reduce(byte* b)
@@ -5081,136 +5143,169 @@ void sc448_reduce(byte* b)
     word32 o;
 
     /* Load from bytes */
-    t[ 0] =  (((sword32)((b[ 0]        ) >>  0)) <<  0)
+    t[ 0] = (word64)(
+             (((sword32)((b[ 0]        ) >>  0)) <<  0)
           |  (((sword32)((b[ 1]        ) >>  0)) <<  8)
           |  (((sword32)((b[ 2]        ) >>  0)) << 16)
-          | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24);
-    t[ 1] =  (((sword32)((b[ 3]        ) >>  4)) <<  0)
+          | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24));
+    t[ 1] = (word64)(
+             (((sword32)((b[ 3]        ) >>  4)) <<  0)
           |  (((sword32)((b[ 4]        ) >>  0)) <<  4)
           |  (((sword32)((b[ 5]        ) >>  0)) << 12)
-          |  (((sword32)((b[ 6]        ) >>  0)) << 20);
-    t[ 2] =  (((sword32)((b[ 7]        ) >>  0)) <<  0)
+          |  (((sword32)((b[ 6]        ) >>  0)) << 20));
+    t[ 2] = (word64)(
+             (((sword32)((b[ 7]        ) >>  0)) <<  0)
           |  (((sword32)((b[ 8]        ) >>  0)) <<  8)
           |  (((sword32)((b[ 9]        ) >>  0)) << 16)
-          | ((((sword32)((b[10] & 0xf )) >>  0)) << 24);
-    t[ 3] =  (((sword32)((b[10]        ) >>  4)) <<  0)
+          | ((((sword32)((b[10] & 0xf )) >>  0)) << 24));
+    t[ 3] = (word64)(
+             (((sword32)((b[10]        ) >>  4)) <<  0)
           |  (((sword32)((b[11]        ) >>  0)) <<  4)
           |  (((sword32)((b[12]        ) >>  0)) << 12)
-          |  (((sword32)((b[13]        ) >>  0)) << 20);
-    t[ 4] =  (((sword32)((b[14]        ) >>  0)) <<  0)
+          |  (((sword32)((b[13]        ) >>  0)) << 20));
+    t[ 4] = (word64)(
+             (((sword32)((b[14]        ) >>  0)) <<  0)
           |  (((sword32)((b[15]        ) >>  0)) <<  8)
           |  (((sword32)((b[16]        ) >>  0)) << 16)
-          | ((((sword32)((b[17] & 0xf )) >>  0)) << 24);
-    t[ 5] =  (((sword32)((b[17]        ) >>  4)) <<  0)
+          | ((((sword32)((b[17] & 0xf )) >>  0)) << 24));
+    t[ 5] = (word64)(
+             (((sword32)((b[17]        ) >>  4)) <<  0)
           |  (((sword32)((b[18]        ) >>  0)) <<  4)
           |  (((sword32)((b[19]        ) >>  0)) << 12)
-          |  (((sword32)((b[20]        ) >>  0)) << 20);
-    t[ 6] =  (((sword32)((b[21]        ) >>  0)) <<  0)
+          |  (((sword32)((b[20]        ) >>  0)) << 20));
+    t[ 6] = (word64)(
+             (((sword32)((b[21]        ) >>  0)) <<  0)
           |  (((sword32)((b[22]        ) >>  0)) <<  8)
           |  (((sword32)((b[23]        ) >>  0)) << 16)
-          | ((((sword32)((b[24] & 0xf )) >>  0)) << 24);
-    t[ 7] =  (((sword32)((b[24]        ) >>  4)) <<  0)
+          | ((((sword32)((b[24] & 0xf )) >>  0)) << 24));
+    t[ 7] = (word64)(
+             (((sword32)((b[24]        ) >>  4)) <<  0)
           |  (((sword32)((b[25]        ) >>  0)) <<  4)
           |  (((sword32)((b[26]        ) >>  0)) << 12)
-          |  (((sword32)((b[27]        ) >>  0)) << 20);
-    t[ 8] =  (((sword32)((b[28]        ) >>  0)) <<  0)
+          |  (((sword32)((b[27]        ) >>  0)) << 20));
+    t[ 8] = (word64)(
+             (((sword32)((b[28]        ) >>  0)) <<  0)
           |  (((sword32)((b[29]        ) >>  0)) <<  8)
           |  (((sword32)((b[30]        ) >>  0)) << 16)
-          | ((((sword32)((b[31] & 0xf )) >>  0)) << 24);
-    t[ 9] =  (((sword32)((b[31]        ) >>  4)) <<  0)
+          | ((((sword32)((b[31] & 0xf )) >>  0)) << 24));
+    t[ 9] = (word64)(
+             (((sword32)((b[31]        ) >>  4)) <<  0)
           |  (((sword32)((b[32]        ) >>  0)) <<  4)
           |  (((sword32)((b[33]        ) >>  0)) << 12)
-          |  (((sword32)((b[34]        ) >>  0)) << 20);
-    t[10] =  (((sword32)((b[35]        ) >>  0)) <<  0)
+          |  (((sword32)((b[34]        ) >>  0)) << 20));
+    t[10] = (word64)(
+             (((sword32)((b[35]        ) >>  0)) <<  0)
           |  (((sword32)((b[36]        ) >>  0)) <<  8)
           |  (((sword32)((b[37]        ) >>  0)) << 16)
-          | ((((sword32)((b[38] & 0xf )) >>  0)) << 24);
-    t[11] =  (((sword32)((b[38]        ) >>  4)) <<  0)
+          | ((((sword32)((b[38] & 0xf )) >>  0)) << 24));
+    t[11] = (word64)(
+             (((sword32)((b[38]        ) >>  4)) <<  0)
           |  (((sword32)((b[39]        ) >>  0)) <<  4)
           |  (((sword32)((b[40]        ) >>  0)) << 12)
-          |  (((sword32)((b[41]        ) >>  0)) << 20);
-    t[12] =  (((sword32)((b[42]        ) >>  0)) <<  0)
+          |  (((sword32)((b[41]        ) >>  0)) << 20));
+    t[12] = (word64)(
+             (((sword32)((b[42]        ) >>  0)) <<  0)
           |  (((sword32)((b[43]        ) >>  0)) <<  8)
           |  (((sword32)((b[44]        ) >>  0)) << 16)
-          | ((((sword32)((b[45] & 0xf )) >>  0)) << 24);
-    t[13] =  (((sword32)((b[45]        ) >>  4)) <<  0)
+          | ((((sword32)((b[45] & 0xf )) >>  0)) << 24));
+    t[13] = (word64)(
+             (((sword32)((b[45]        ) >>  4)) <<  0)
           |  (((sword32)((b[46]        ) >>  0)) <<  4)
           |  (((sword32)((b[47]        ) >>  0)) << 12)
-          |  (((sword32)((b[48]        ) >>  0)) << 20);
-    t[14] =  (((sword32)((b[49]        ) >>  0)) <<  0)
+          |  (((sword32)((b[48]        ) >>  0)) << 20));
+    t[14] = (word64)(
+             (((sword32)((b[49]        ) >>  0)) <<  0)
           |  (((sword32)((b[50]        ) >>  0)) <<  8)
           |  (((sword32)((b[51]        ) >>  0)) << 16)
-          | ((((sword32)((b[52] & 0xf )) >>  0)) << 24);
-    t[15] =  (((sword32)((b[52]        ) >>  4)) <<  0)
+          | ((((sword32)((b[52] & 0xf )) >>  0)) << 24));
+    t[15] = (word64)(
+             (((sword32)((b[52]        ) >>  4)) <<  0)
           |  (((sword32)((b[53]        ) >>  0)) <<  4)
           |  (((sword32)((b[54]        ) >>  0)) << 12)
-          |  (((sword32)((b[55]        ) >>  0)) << 20);
-    t[16] =  (((sword32)((b[56]        ) >>  0)) <<  0)
+          |  (((sword32)((b[55]        ) >>  0)) << 20));
+    t[16] = (word64)(
+             (((sword32)((b[56]        ) >>  0)) <<  0)
           |  (((sword32)((b[57]        ) >>  0)) <<  8)
           |  (((sword32)((b[58]        ) >>  0)) << 16)
-          | ((((sword32)((b[59] & 0xf )) >>  0)) << 24);
-    t[17] =  (((sword32)((b[59]        ) >>  4)) <<  0)
+          | ((((sword32)((b[59] & 0xf )) >>  0)) << 24));
+    t[17] = (word64)(
+             (((sword32)((b[59]        ) >>  4)) <<  0)
           |  (((sword32)((b[60]        ) >>  0)) <<  4)
           |  (((sword32)((b[61]        ) >>  0)) << 12)
-          |  (((sword32)((b[62]        ) >>  0)) << 20);
-    t[18] =  (((sword32)((b[63]        ) >>  0)) <<  0)
+          |  (((sword32)((b[62]        ) >>  0)) << 20));
+    t[18] = (word64)(
+             (((sword32)((b[63]        ) >>  0)) <<  0)
           |  (((sword32)((b[64]        ) >>  0)) <<  8)
           |  (((sword32)((b[65]        ) >>  0)) << 16)
-          | ((((sword32)((b[66] & 0xf )) >>  0)) << 24);
-    t[19] =  (((sword32)((b[66]        ) >>  4)) <<  0)
+          | ((((sword32)((b[66] & 0xf )) >>  0)) << 24));
+    t[19] = (word64)(
+             (((sword32)((b[66]        ) >>  4)) <<  0)
           |  (((sword32)((b[67]        ) >>  0)) <<  4)
           |  (((sword32)((b[68]        ) >>  0)) << 12)
-          |  (((sword32)((b[69]        ) >>  0)) << 20);
-    t[20] =  (((sword32)((b[70]        ) >>  0)) <<  0)
+          |  (((sword32)((b[69]        ) >>  0)) << 20));
+    t[20] = (word64)(
+             (((sword32)((b[70]        ) >>  0)) <<  0)
           |  (((sword32)((b[71]        ) >>  0)) <<  8)
           |  (((sword32)((b[72]        ) >>  0)) << 16)
-          | ((((sword32)((b[73] & 0xf )) >>  0)) << 24);
-    t[21] =  (((sword32)((b[73]        ) >>  4)) <<  0)
+          | ((((sword32)((b[73] & 0xf )) >>  0)) << 24));
+    t[21] = (word64)(
+             (((sword32)((b[73]        ) >>  4)) <<  0)
           |  (((sword32)((b[74]        ) >>  0)) <<  4)
           |  (((sword32)((b[75]        ) >>  0)) << 12)
-          |  (((sword32)((b[76]        ) >>  0)) << 20);
-    t[22] =  (((sword32)((b[77]        ) >>  0)) <<  0)
+          |  (((sword32)((b[76]        ) >>  0)) << 20));
+    t[22] = (word64)(
+             (((sword32)((b[77]        ) >>  0)) <<  0)
           |  (((sword32)((b[78]        ) >>  0)) <<  8)
           |  (((sword32)((b[79]        ) >>  0)) << 16)
-          | ((((sword32)((b[80] & 0xf )) >>  0)) << 24);
-    t[23] =  (((sword32)((b[80]        ) >>  4)) <<  0)
+          | ((((sword32)((b[80] & 0xf )) >>  0)) << 24));
+    t[23] = (word64)(
+             (((sword32)((b[80]        ) >>  4)) <<  0)
           |  (((sword32)((b[81]        ) >>  0)) <<  4)
           |  (((sword32)((b[82]        ) >>  0)) << 12)
-          |  (((sword32)((b[83]        ) >>  0)) << 20);
-    t[24] =  (((sword32)((b[84]        ) >>  0)) <<  0)
+          |  (((sword32)((b[83]        ) >>  0)) << 20));
+    t[24] = (word64)(
+             (((sword32)((b[84]        ) >>  0)) <<  0)
           |  (((sword32)((b[85]        ) >>  0)) <<  8)
           |  (((sword32)((b[86]        ) >>  0)) << 16)
-          | ((((sword32)((b[87] & 0xf )) >>  0)) << 24);
-    t[25] =  (((sword32)((b[87]        ) >>  4)) <<  0)
+          | ((((sword32)((b[87] & 0xf )) >>  0)) << 24));
+    t[25] = (word64)(
+             (((sword32)((b[87]        ) >>  4)) <<  0)
           |  (((sword32)((b[88]        ) >>  0)) <<  4)
           |  (((sword32)((b[89]        ) >>  0)) << 12)
-          |  (((sword32)((b[90]        ) >>  0)) << 20);
-    t[26] =  (((sword32)((b[91]        ) >>  0)) <<  0)
+          |  (((sword32)((b[90]        ) >>  0)) << 20));
+    t[26] = (word64)(
+             (((sword32)((b[91]        ) >>  0)) <<  0)
           |  (((sword32)((b[92]        ) >>  0)) <<  8)
           |  (((sword32)((b[93]        ) >>  0)) << 16)
-          | ((((sword32)((b[94] & 0xf )) >>  0)) << 24);
-    t[27] =  (((sword32)((b[94]        ) >>  4)) <<  0)
+          | ((((sword32)((b[94] & 0xf )) >>  0)) << 24));
+    t[27] = (word64)(
+             (((sword32)((b[94]        ) >>  4)) <<  0)
           |  (((sword32)((b[95]        ) >>  0)) <<  4)
           |  (((sword32)((b[96]        ) >>  0)) << 12)
-          |  (((sword32)((b[97]        ) >>  0)) << 20);
-    t[28] =  (((sword32)((b[98]        ) >>  0)) <<  0)
+          |  (((sword32)((b[97]        ) >>  0)) << 20));
+    t[28] = (word64)(
+             (((sword32)((b[98]        ) >>  0)) <<  0)
           |  (((sword32)((b[99]        ) >>  0)) <<  8)
           |  (((sword32)((b[100]        ) >>  0)) << 16)
-          | ((((sword32)((b[101] & 0xf )) >>  0)) << 24);
-    t[29] =  (((sword32)((b[101]        ) >>  4)) <<  0)
+          | ((((sword32)((b[101] & 0xf )) >>  0)) << 24));
+    t[29] = (word64)(
+             (((sword32)((b[101]        ) >>  4)) <<  0)
           |  (((sword32)((b[102]        ) >>  0)) <<  4)
           |  (((sword32)((b[103]        ) >>  0)) << 12)
-          |  (((sword32)((b[104]        ) >>  0)) << 20);
-    t[30] =  (((sword32)((b[105]        ) >>  0)) <<  0)
+          |  (((sword32)((b[104]        ) >>  0)) << 20));
+    t[30] = (word64)(
+             (((sword32)((b[105]        ) >>  0)) <<  0)
           |  (((sword32)((b[106]        ) >>  0)) <<  8)
           |  (((sword32)((b[107]        ) >>  0)) << 16)
-          | ((((sword32)((b[108] & 0xf )) >>  0)) << 24);
-    t[31] =  (((sword32)((b[108]        ) >>  4)) <<  0)
+          | ((((sword32)((b[108] & 0xf )) >>  0)) << 24));
+    t[31] = (word64)(
+             (((sword32)((b[108]        ) >>  4)) <<  0)
           |  (((sword32)((b[109]        ) >>  0)) <<  4)
           |  (((sword32)((b[110]        ) >>  0)) << 12)
-          |  (((sword32)((b[111]        ) >>  0)) << 20);
-    t[32] =  (((sword32)((b[112]        ) >>  0)) <<  0)
-          |  (((sword32)((b[113]        ) >>  0)) <<  8);
+          |  (((sword32)((b[111]        ) >>  0)) << 20));
+    t[32] = (word64)(
+             (((sword32)((b[112]        ) >>  0)) <<  0)
+          |  (((sword32)((b[113]        ) >>  0)) <<  8));
 
     /* Mod curve order */
     /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */
@@ -5452,56 +5547,56 @@ void sc448_reduce(byte* b)
     b[ 0] = (byte)(d[0 ] >>  0);
     b[ 1] = (byte)(d[0 ] >>  8);
     b[ 2] = (byte)(d[0 ] >> 16);
-    b[ 3] = (byte)(d[0 ] >> 24) + ((d[1 ] >>  0) <<  4);
+    b[ 3] = (byte)((byte)(d[0 ] >> 24) + (byte)((d[1 ] >>  0) <<  4));
     b[ 4] = (byte)(d[1 ] >>  4);
     b[ 5] = (byte)(d[1 ] >> 12);
     b[ 6] = (byte)(d[1 ] >> 20);
     b[ 7] = (byte)(d[2 ] >>  0);
     b[ 8] = (byte)(d[2 ] >>  8);
     b[ 9] = (byte)(d[2 ] >> 16);
-    b[10] = (byte)(d[2 ] >> 24) + ((d[3 ] >>  0) <<  4);
+    b[10] = (byte)((byte)(d[2 ] >> 24) + (byte)((d[3 ] >>  0) <<  4));
     b[11] = (byte)(d[3 ] >>  4);
     b[12] = (byte)(d[3 ] >> 12);
     b[13] = (byte)(d[3 ] >> 20);
     b[14] = (byte)(d[4 ] >>  0);
     b[15] = (byte)(d[4 ] >>  8);
     b[16] = (byte)(d[4 ] >> 16);
-    b[17] = (byte)(d[4 ] >> 24) + ((d[5 ] >>  0) <<  4);
+    b[17] = (byte)((byte)(d[4 ] >> 24) + (byte)((d[5 ] >>  0) <<  4));
     b[18] = (byte)(d[5 ] >>  4);
     b[19] = (byte)(d[5 ] >> 12);
     b[20] = (byte)(d[5 ] >> 20);
     b[21] = (byte)(d[6 ] >>  0);
     b[22] = (byte)(d[6 ] >>  8);
     b[23] = (byte)(d[6 ] >> 16);
-    b[24] = (byte)(d[6 ] >> 24) + ((d[7 ] >>  0) <<  4);
+    b[24] = (byte)((byte)(d[6 ] >> 24) + (byte)((d[7 ] >>  0) <<  4));
     b[25] = (byte)(d[7 ] >>  4);
     b[26] = (byte)(d[7 ] >> 12);
     b[27] = (byte)(d[7 ] >> 20);
     b[28] = (byte)(d[8 ] >>  0);
     b[29] = (byte)(d[8 ] >>  8);
     b[30] = (byte)(d[8 ] >> 16);
-    b[31] = (byte)(d[8 ] >> 24) + ((d[9 ] >>  0) <<  4);
+    b[31] = (byte)((byte)(d[8 ] >> 24) + (byte)((d[9 ] >>  0) <<  4));
     b[32] = (byte)(d[9 ] >>  4);
     b[33] = (byte)(d[9 ] >> 12);
     b[34] = (byte)(d[9 ] >> 20);
     b[35] = (byte)(d[10] >>  0);
     b[36] = (byte)(d[10] >>  8);
     b[37] = (byte)(d[10] >> 16);
-    b[38] = (byte)(d[10] >> 24) + ((d[11] >>  0) <<  4);
+    b[38] = (byte)((byte)(d[10] >> 24) + (byte)((d[11] >>  0) <<  4));
     b[39] = (byte)(d[11] >>  4);
     b[40] = (byte)(d[11] >> 12);
     b[41] = (byte)(d[11] >> 20);
     b[42] = (byte)(d[12] >>  0);
     b[43] = (byte)(d[12] >>  8);
     b[44] = (byte)(d[12] >> 16);
-    b[45] = (byte)(d[12] >> 24) + ((d[13] >>  0) <<  4);
+    b[45] = (byte)((byte)(d[12] >> 24) + (byte)((d[13] >>  0) <<  4));
     b[46] = (byte)(d[13] >>  4);
     b[47] = (byte)(d[13] >> 12);
     b[48] = (byte)(d[13] >> 20);
     b[49] = (byte)(d[14] >>  0);
     b[50] = (byte)(d[14] >>  8);
     b[51] = (byte)(d[14] >> 16);
-    b[52] = (byte)(d[14] >> 24) + ((d[15] >>  0) <<  4);
+    b[52] = (byte)((byte)(d[14] >> 24) + (byte)((d[15] >>  0) <<  4));
     b[53] = (byte)(d[15] >>  4);
     b[54] = (byte)(d[15] >> 12);
     b[55] = (byte)(d[15] >> 20);
@@ -5521,460 +5616,509 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     word64 t[32];
     word64 c;
     word32 o;
+    sword32 u;
 
     /* Load from bytes */
-    ad[ 0] =  (((sword32)((a[ 0]        ) >>  0)) <<  0)
+    ad[ 0] = (word32)(
+              (((sword32)((a[ 0]        ) >>  0)) <<  0)
            |  (((sword32)((a[ 1]        ) >>  0)) <<  8)
            |  (((sword32)((a[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((a[ 3] & 0xf )) >>  0)) << 24);
-    ad[ 1] =  (((sword32)((a[ 3]        ) >>  4)) <<  0)
+           | ((((sword32)((a[ 3] & 0xf )) >>  0)) << 24));
+    ad[ 1] = (word32)(
+              (((sword32)((a[ 3]        ) >>  4)) <<  0)
            |  (((sword32)((a[ 4]        ) >>  0)) <<  4)
            |  (((sword32)((a[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((a[ 6]        ) >>  0)) << 20);
-    ad[ 2] =  (((sword32)((a[ 7]        ) >>  0)) <<  0)
+           |  (((sword32)((a[ 6]        ) >>  0)) << 20));
+    ad[ 2] = (word32)(
+              (((sword32)((a[ 7]        ) >>  0)) <<  0)
            |  (((sword32)((a[ 8]        ) >>  0)) <<  8)
            |  (((sword32)((a[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((a[10] & 0xf )) >>  0)) << 24);
-    ad[ 3] =  (((sword32)((a[10]        ) >>  4)) <<  0)
+           | ((((sword32)((a[10] & 0xf )) >>  0)) << 24));
+    ad[ 3] = (word32)(
+              (((sword32)((a[10]        ) >>  4)) <<  0)
            |  (((sword32)((a[11]        ) >>  0)) <<  4)
            |  (((sword32)((a[12]        ) >>  0)) << 12)
-           |  (((sword32)((a[13]        ) >>  0)) << 20);
-    ad[ 4] =  (((sword32)((a[14]        ) >>  0)) <<  0)
+           |  (((sword32)((a[13]        ) >>  0)) << 20));
+    ad[ 4] = (word32)(
+              (((sword32)((a[14]        ) >>  0)) <<  0)
            |  (((sword32)((a[15]        ) >>  0)) <<  8)
            |  (((sword32)((a[16]        ) >>  0)) << 16)
-           | ((((sword32)((a[17] & 0xf )) >>  0)) << 24);
-    ad[ 5] =  (((sword32)((a[17]        ) >>  4)) <<  0)
+           | ((((sword32)((a[17] & 0xf )) >>  0)) << 24));
+    ad[ 5] = (word32)(
+              (((sword32)((a[17]        ) >>  4)) <<  0)
            |  (((sword32)((a[18]        ) >>  0)) <<  4)
            |  (((sword32)((a[19]        ) >>  0)) << 12)
-           |  (((sword32)((a[20]        ) >>  0)) << 20);
-    ad[ 6] =  (((sword32)((a[21]        ) >>  0)) <<  0)
+           |  (((sword32)((a[20]        ) >>  0)) << 20));
+    ad[ 6] = (word32)(
+              (((sword32)((a[21]        ) >>  0)) <<  0)
            |  (((sword32)((a[22]        ) >>  0)) <<  8)
            |  (((sword32)((a[23]        ) >>  0)) << 16)
-           | ((((sword32)((a[24] & 0xf )) >>  0)) << 24);
-    ad[ 7] =  (((sword32)((a[24]        ) >>  4)) <<  0)
+           | ((((sword32)((a[24] & 0xf )) >>  0)) << 24));
+    ad[ 7] = (word32)(
+              (((sword32)((a[24]        ) >>  4)) <<  0)
            |  (((sword32)((a[25]        ) >>  0)) <<  4)
            |  (((sword32)((a[26]        ) >>  0)) << 12)
-           |  (((sword32)((a[27]        ) >>  0)) << 20);
-    ad[ 8] =  (((sword32)((a[28]        ) >>  0)) <<  0)
+           |  (((sword32)((a[27]        ) >>  0)) << 20));
+    ad[ 8] = (word32)(
+              (((sword32)((a[28]        ) >>  0)) <<  0)
            |  (((sword32)((a[29]        ) >>  0)) <<  8)
            |  (((sword32)((a[30]        ) >>  0)) << 16)
-           | ((((sword32)((a[31] & 0xf )) >>  0)) << 24);
-    ad[ 9] =  (((sword32)((a[31]        ) >>  4)) <<  0)
+           | ((((sword32)((a[31] & 0xf )) >>  0)) << 24));
+    ad[ 9] = (word32)(
+              (((sword32)((a[31]        ) >>  4)) <<  0)
            |  (((sword32)((a[32]        ) >>  0)) <<  4)
            |  (((sword32)((a[33]        ) >>  0)) << 12)
-           |  (((sword32)((a[34]        ) >>  0)) << 20);
-    ad[10] =  (((sword32)((a[35]        ) >>  0)) <<  0)
+           |  (((sword32)((a[34]        ) >>  0)) << 20));
+    ad[10] = (word32)(
+              (((sword32)((a[35]        ) >>  0)) <<  0)
            |  (((sword32)((a[36]        ) >>  0)) <<  8)
            |  (((sword32)((a[37]        ) >>  0)) << 16)
-           | ((((sword32)((a[38] & 0xf )) >>  0)) << 24);
-    ad[11] =  (((sword32)((a[38]        ) >>  4)) <<  0)
+           | ((((sword32)((a[38] & 0xf )) >>  0)) << 24));
+    ad[11] = (word32)(
+              (((sword32)((a[38]        ) >>  4)) <<  0)
            |  (((sword32)((a[39]        ) >>  0)) <<  4)
            |  (((sword32)((a[40]        ) >>  0)) << 12)
-           |  (((sword32)((a[41]        ) >>  0)) << 20);
-    ad[12] =  (((sword32)((a[42]        ) >>  0)) <<  0)
+           |  (((sword32)((a[41]        ) >>  0)) << 20));
+    ad[12] = (word32)(
+              (((sword32)((a[42]        ) >>  0)) <<  0)
            |  (((sword32)((a[43]        ) >>  0)) <<  8)
            |  (((sword32)((a[44]        ) >>  0)) << 16)
-           | ((((sword32)((a[45] & 0xf )) >>  0)) << 24);
-    ad[13] =  (((sword32)((a[45]        ) >>  4)) <<  0)
+           | ((((sword32)((a[45] & 0xf )) >>  0)) << 24));
+    ad[13] = (word32)(
+              (((sword32)((a[45]        ) >>  4)) <<  0)
            |  (((sword32)((a[46]        ) >>  0)) <<  4)
            |  (((sword32)((a[47]        ) >>  0)) << 12)
-           |  (((sword32)((a[48]        ) >>  0)) << 20);
-    ad[14] =  (((sword32)((a[49]        ) >>  0)) <<  0)
+           |  (((sword32)((a[48]        ) >>  0)) << 20));
+    ad[14] = (word32)(
+              (((sword32)((a[49]        ) >>  0)) <<  0)
            |  (((sword32)((a[50]        ) >>  0)) <<  8)
            |  (((sword32)((a[51]        ) >>  0)) << 16)
-           | ((((sword32)((a[52] & 0xf )) >>  0)) << 24);
-    ad[15] =  (((sword32)((a[52]        ) >>  4)) <<  0)
+           | ((((sword32)((a[52] & 0xf )) >>  0)) << 24));
+    ad[15] = (word32)(
+              (((sword32)((a[52]        ) >>  4)) <<  0)
            |  (((sword32)((a[53]        ) >>  0)) <<  4)
            |  (((sword32)((a[54]        ) >>  0)) << 12)
-           |  (((sword32)((a[55]        ) >>  0)) << 20);
+           |  (((sword32)((a[55]        ) >>  0)) << 20));
     /* Load from bytes */
-    bd[ 0] =  (((sword32)((b[ 0]        ) >>  0)) <<  0)
+    bd[ 0] = (word32)(
+              (((sword32)((b[ 0]        ) >>  0)) <<  0)
            |  (((sword32)((b[ 1]        ) >>  0)) <<  8)
            |  (((sword32)((b[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24);
-    bd[ 1] =  (((sword32)((b[ 3]        ) >>  4)) <<  0)
+           | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24));
+    bd[ 1] = (word32)(
+              (((sword32)((b[ 3]        ) >>  4)) <<  0)
            |  (((sword32)((b[ 4]        ) >>  0)) <<  4)
            |  (((sword32)((b[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((b[ 6]        ) >>  0)) << 20);
-    bd[ 2] =  (((sword32)((b[ 7]        ) >>  0)) <<  0)
+           |  (((sword32)((b[ 6]        ) >>  0)) << 20));
+    bd[ 2] = (word32)(
+              (((sword32)((b[ 7]        ) >>  0)) <<  0)
            |  (((sword32)((b[ 8]        ) >>  0)) <<  8)
            |  (((sword32)((b[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((b[10] & 0xf )) >>  0)) << 24);
-    bd[ 3] =  (((sword32)((b[10]        ) >>  4)) <<  0)
+           | ((((sword32)((b[10] & 0xf )) >>  0)) << 24));
+    bd[ 3] = (word32)(
+              (((sword32)((b[10]        ) >>  4)) <<  0)
            |  (((sword32)((b[11]        ) >>  0)) <<  4)
            |  (((sword32)((b[12]        ) >>  0)) << 12)
-           |  (((sword32)((b[13]        ) >>  0)) << 20);
-    bd[ 4] =  (((sword32)((b[14]        ) >>  0)) <<  0)
+           |  (((sword32)((b[13]        ) >>  0)) << 20));
+    bd[ 4] = (word32)(
+              (((sword32)((b[14]        ) >>  0)) <<  0)
            |  (((sword32)((b[15]        ) >>  0)) <<  8)
            |  (((sword32)((b[16]        ) >>  0)) << 16)
-           | ((((sword32)((b[17] & 0xf )) >>  0)) << 24);
-    bd[ 5] =  (((sword32)((b[17]        ) >>  4)) <<  0)
+           | ((((sword32)((b[17] & 0xf )) >>  0)) << 24));
+    bd[ 5] = (word32)(
+              (((sword32)((b[17]        ) >>  4)) <<  0)
            |  (((sword32)((b[18]        ) >>  0)) <<  4)
            |  (((sword32)((b[19]        ) >>  0)) << 12)
-           |  (((sword32)((b[20]        ) >>  0)) << 20);
-    bd[ 6] =  (((sword32)((b[21]        ) >>  0)) <<  0)
+           |  (((sword32)((b[20]        ) >>  0)) << 20));
+    bd[ 6] = (word32)(
+              (((sword32)((b[21]        ) >>  0)) <<  0)
            |  (((sword32)((b[22]        ) >>  0)) <<  8)
            |  (((sword32)((b[23]        ) >>  0)) << 16)
-           | ((((sword32)((b[24] & 0xf )) >>  0)) << 24);
-    bd[ 7] =  (((sword32)((b[24]        ) >>  4)) <<  0)
+           | ((((sword32)((b[24] & 0xf )) >>  0)) << 24));
+    bd[ 7] = (word32)(
+              (((sword32)((b[24]        ) >>  4)) <<  0)
            |  (((sword32)((b[25]        ) >>  0)) <<  4)
            |  (((sword32)((b[26]        ) >>  0)) << 12)
-           |  (((sword32)((b[27]        ) >>  0)) << 20);
-    bd[ 8] =  (((sword32)((b[28]        ) >>  0)) <<  0)
+           |  (((sword32)((b[27]        ) >>  0)) << 20));
+    bd[ 8] = (word32)(
+              (((sword32)((b[28]        ) >>  0)) <<  0)
            |  (((sword32)((b[29]        ) >>  0)) <<  8)
            |  (((sword32)((b[30]        ) >>  0)) << 16)
-           | ((((sword32)((b[31] & 0xf )) >>  0)) << 24);
-    bd[ 9] =  (((sword32)((b[31]        ) >>  4)) <<  0)
+           | ((((sword32)((b[31] & 0xf )) >>  0)) << 24));
+    bd[ 9] = (word32)(
+              (((sword32)((b[31]        ) >>  4)) <<  0)
            |  (((sword32)((b[32]        ) >>  0)) <<  4)
            |  (((sword32)((b[33]        ) >>  0)) << 12)
-           |  (((sword32)((b[34]        ) >>  0)) << 20);
-    bd[10] =  (((sword32)((b[35]        ) >>  0)) <<  0)
+           |  (((sword32)((b[34]        ) >>  0)) << 20));
+    bd[10] = (word32)(
+              (((sword32)((b[35]        ) >>  0)) <<  0)
            |  (((sword32)((b[36]        ) >>  0)) <<  8)
            |  (((sword32)((b[37]        ) >>  0)) << 16)
-           | ((((sword32)((b[38] & 0xf )) >>  0)) << 24);
-    bd[11] =  (((sword32)((b[38]        ) >>  4)) <<  0)
+           | ((((sword32)((b[38] & 0xf )) >>  0)) << 24));
+    bd[11] = (word32)(
+              (((sword32)((b[38]        ) >>  4)) <<  0)
            |  (((sword32)((b[39]        ) >>  0)) <<  4)
            |  (((sword32)((b[40]        ) >>  0)) << 12)
-           |  (((sword32)((b[41]        ) >>  0)) << 20);
-    bd[12] =  (((sword32)((b[42]        ) >>  0)) <<  0)
+           |  (((sword32)((b[41]        ) >>  0)) << 20));
+    bd[12] = (word32)(
+              (((sword32)((b[42]        ) >>  0)) <<  0)
            |  (((sword32)((b[43]        ) >>  0)) <<  8)
            |  (((sword32)((b[44]        ) >>  0)) << 16)
-           | ((((sword32)((b[45] & 0xf )) >>  0)) << 24);
-    bd[13] =  (((sword32)((b[45]        ) >>  4)) <<  0)
+           | ((((sword32)((b[45] & 0xf )) >>  0)) << 24));
+    bd[13] = (word32)(
+              (((sword32)((b[45]        ) >>  4)) <<  0)
            |  (((sword32)((b[46]        ) >>  0)) <<  4)
            |  (((sword32)((b[47]        ) >>  0)) << 12)
-           |  (((sword32)((b[48]        ) >>  0)) << 20);
-    bd[14] =  (((sword32)((b[49]        ) >>  0)) <<  0)
+           |  (((sword32)((b[48]        ) >>  0)) << 20));
+    bd[14] = (word32)(
+              (((sword32)((b[49]        ) >>  0)) <<  0)
            |  (((sword32)((b[50]        ) >>  0)) <<  8)
            |  (((sword32)((b[51]        ) >>  0)) << 16)
-           | ((((sword32)((b[52] & 0xf )) >>  0)) << 24);
-    bd[15] =  (((sword32)((b[52]        ) >>  4)) <<  0)
+           | ((((sword32)((b[52] & 0xf )) >>  0)) << 24));
+    bd[15] = (word32)(
+              (((sword32)((b[52]        ) >>  4)) <<  0)
            |  (((sword32)((b[53]        ) >>  0)) <<  4)
            |  (((sword32)((b[54]        ) >>  0)) << 12)
-           |  (((sword32)((b[55]        ) >>  0)) << 20);
+           |  (((sword32)((b[55]        ) >>  0)) << 20));
     /* Load from bytes */
-    dd[ 0] =  (((sword32)((d[ 0]        ) >>  0)) <<  0)
+    dd[ 0] = (word32)(
+              (((sword32)((d[ 0]        ) >>  0)) <<  0)
            |  (((sword32)((d[ 1]        ) >>  0)) <<  8)
            |  (((sword32)((d[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((d[ 3] & 0xf )) >>  0)) << 24);
-    dd[ 1] =  (((sword32)((d[ 3]        ) >>  4)) <<  0)
+           | ((((sword32)((d[ 3] & 0xf )) >>  0)) << 24));
+    dd[ 1] = (word32)(
+              (((sword32)((d[ 3]        ) >>  4)) <<  0)
            |  (((sword32)((d[ 4]        ) >>  0)) <<  4)
            |  (((sword32)((d[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((d[ 6]        ) >>  0)) << 20);
-    dd[ 2] =  (((sword32)((d[ 7]        ) >>  0)) <<  0)
+           |  (((sword32)((d[ 6]        ) >>  0)) << 20));
+    dd[ 2] = (word32)(
+              (((sword32)((d[ 7]        ) >>  0)) <<  0)
            |  (((sword32)((d[ 8]        ) >>  0)) <<  8)
            |  (((sword32)((d[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((d[10] & 0xf )) >>  0)) << 24);
-    dd[ 3] =  (((sword32)((d[10]        ) >>  4)) <<  0)
+           | ((((sword32)((d[10] & 0xf )) >>  0)) << 24));
+    dd[ 3] = (word32)(
+              (((sword32)((d[10]        ) >>  4)) <<  0)
            |  (((sword32)((d[11]        ) >>  0)) <<  4)
            |  (((sword32)((d[12]        ) >>  0)) << 12)
-           |  (((sword32)((d[13]        ) >>  0)) << 20);
-    dd[ 4] =  (((sword32)((d[14]        ) >>  0)) <<  0)
+           |  (((sword32)((d[13]        ) >>  0)) << 20));
+    dd[ 4] = (word32)(
+              (((sword32)((d[14]        ) >>  0)) <<  0)
            |  (((sword32)((d[15]        ) >>  0)) <<  8)
            |  (((sword32)((d[16]        ) >>  0)) << 16)
-           | ((((sword32)((d[17] & 0xf )) >>  0)) << 24);
-    dd[ 5] =  (((sword32)((d[17]        ) >>  4)) <<  0)
+           | ((((sword32)((d[17] & 0xf )) >>  0)) << 24));
+    dd[ 5] = (word32)(
+              (((sword32)((d[17]        ) >>  4)) <<  0)
            |  (((sword32)((d[18]        ) >>  0)) <<  4)
            |  (((sword32)((d[19]        ) >>  0)) << 12)
-           |  (((sword32)((d[20]        ) >>  0)) << 20);
-    dd[ 6] =  (((sword32)((d[21]        ) >>  0)) <<  0)
+           |  (((sword32)((d[20]        ) >>  0)) << 20));
+    dd[ 6] = (word32)(
+              (((sword32)((d[21]        ) >>  0)) <<  0)
            |  (((sword32)((d[22]        ) >>  0)) <<  8)
            |  (((sword32)((d[23]        ) >>  0)) << 16)
-           | ((((sword32)((d[24] & 0xf )) >>  0)) << 24);
-    dd[ 7] =  (((sword32)((d[24]        ) >>  4)) <<  0)
+           | ((((sword32)((d[24] & 0xf )) >>  0)) << 24));
+    dd[ 7] = (word32)(
+              (((sword32)((d[24]        ) >>  4)) <<  0)
            |  (((sword32)((d[25]        ) >>  0)) <<  4)
            |  (((sword32)((d[26]        ) >>  0)) << 12)
-           |  (((sword32)((d[27]        ) >>  0)) << 20);
-    dd[ 8] =  (((sword32)((d[28]        ) >>  0)) <<  0)
+           |  (((sword32)((d[27]        ) >>  0)) << 20));
+    dd[ 8] = (word32)(
+              (((sword32)((d[28]        ) >>  0)) <<  0)
            |  (((sword32)((d[29]        ) >>  0)) <<  8)
            |  (((sword32)((d[30]        ) >>  0)) << 16)
-           | ((((sword32)((d[31] & 0xf )) >>  0)) << 24);
-    dd[ 9] =  (((sword32)((d[31]        ) >>  4)) <<  0)
+           | ((((sword32)((d[31] & 0xf )) >>  0)) << 24));
+    dd[ 9] = (word32)(
+              (((sword32)((d[31]        ) >>  4)) <<  0)
            |  (((sword32)((d[32]        ) >>  0)) <<  4)
            |  (((sword32)((d[33]        ) >>  0)) << 12)
-           |  (((sword32)((d[34]        ) >>  0)) << 20);
-    dd[10] =  (((sword32)((d[35]        ) >>  0)) <<  0)
+           |  (((sword32)((d[34]        ) >>  0)) << 20));
+    dd[10] = (word32)(
+              (((sword32)((d[35]        ) >>  0)) <<  0)
            |  (((sword32)((d[36]        ) >>  0)) <<  8)
            |  (((sword32)((d[37]        ) >>  0)) << 16)
-           | ((((sword32)((d[38] & 0xf )) >>  0)) << 24);
-    dd[11] =  (((sword32)((d[38]        ) >>  4)) <<  0)
+           | ((((sword32)((d[38] & 0xf )) >>  0)) << 24));
+    dd[11] = (word32)(
+              (((sword32)((d[38]        ) >>  4)) <<  0)
            |  (((sword32)((d[39]        ) >>  0)) <<  4)
            |  (((sword32)((d[40]        ) >>  0)) << 12)
-           |  (((sword32)((d[41]        ) >>  0)) << 20);
-    dd[12] =  (((sword32)((d[42]        ) >>  0)) <<  0)
+           |  (((sword32)((d[41]        ) >>  0)) << 20));
+    dd[12] = (word32)(
+              (((sword32)((d[42]        ) >>  0)) <<  0)
            |  (((sword32)((d[43]        ) >>  0)) <<  8)
            |  (((sword32)((d[44]        ) >>  0)) << 16)
-           | ((((sword32)((d[45] & 0xf )) >>  0)) << 24);
-    dd[13] =  (((sword32)((d[45]        ) >>  4)) <<  0)
+           | ((((sword32)((d[45] & 0xf )) >>  0)) << 24));
+    dd[13] = (word32)(
+              (((sword32)((d[45]        ) >>  4)) <<  0)
            |  (((sword32)((d[46]        ) >>  0)) <<  4)
            |  (((sword32)((d[47]        ) >>  0)) << 12)
-           |  (((sword32)((d[48]        ) >>  0)) << 20);
-    dd[14] =  (((sword32)((d[49]        ) >>  0)) <<  0)
+           |  (((sword32)((d[48]        ) >>  0)) << 20));
+    dd[14] = (word32)(
+              (((sword32)((d[49]        ) >>  0)) <<  0)
            |  (((sword32)((d[50]        ) >>  0)) <<  8)
            |  (((sword32)((d[51]        ) >>  0)) << 16)
-           | ((((sword32)((d[52] & 0xf )) >>  0)) << 24);
-    dd[15] =  (((sword32)((d[52]        ) >>  4)) <<  0)
+           | ((((sword32)((d[52] & 0xf )) >>  0)) << 24));
+    dd[15] = (word32)(
+              (((sword32)((d[52]        ) >>  4)) <<  0)
            |  (((sword32)((d[53]        ) >>  0)) <<  4)
            |  (((sword32)((d[54]        ) >>  0)) << 12)
-           |  (((sword32)((d[55]        ) >>  0)) << 20);
+           |  (((sword32)((d[55]        ) >>  0)) << 20));
 
     /* a * b + d */
-    t[ 0] = (word64)dd[ 0] + (sword64)ad[ 0] * bd[ 0];
-    t[ 1] = (word64)dd[ 1] + (sword64)ad[ 0] * bd[ 1]
-                           + (sword64)ad[ 1] * bd[ 0];
-    t[ 2] = (word64)dd[ 2] + (sword64)ad[ 0] * bd[ 2]
-                           + (sword64)ad[ 1] * bd[ 1]
-                           + (sword64)ad[ 2] * bd[ 0];
-    t[ 3] = (word64)dd[ 3] + (sword64)ad[ 0] * bd[ 3]
-                           + (sword64)ad[ 1] * bd[ 2]
-                           + (sword64)ad[ 2] * bd[ 1]
-                           + (sword64)ad[ 3] * bd[ 0];
-    t[ 4] = (word64)dd[ 4] + (sword64)ad[ 0] * bd[ 4]
-                           + (sword64)ad[ 1] * bd[ 3]
-                           + (sword64)ad[ 2] * bd[ 2]
-                           + (sword64)ad[ 3] * bd[ 1]
-                           + (sword64)ad[ 4] * bd[ 0];
-    t[ 5] = (word64)dd[ 5] + (sword64)ad[ 0] * bd[ 5]
-                           + (sword64)ad[ 1] * bd[ 4]
-                           + (sword64)ad[ 2] * bd[ 3]
-                           + (sword64)ad[ 3] * bd[ 2]
-                           + (sword64)ad[ 4] * bd[ 1]
-                           + (sword64)ad[ 5] * bd[ 0];
-    t[ 6] = (word64)dd[ 6] + (sword64)ad[ 0] * bd[ 6]
-                           + (sword64)ad[ 1] * bd[ 5]
-                           + (sword64)ad[ 2] * bd[ 4]
-                           + (sword64)ad[ 3] * bd[ 3]
-                           + (sword64)ad[ 4] * bd[ 2]
-                           + (sword64)ad[ 5] * bd[ 1]
-                           + (sword64)ad[ 6] * bd[ 0];
-    t[ 7] = (word64)dd[ 7] + (sword64)ad[ 0] * bd[ 7]
-                           + (sword64)ad[ 1] * bd[ 6]
-                           + (sword64)ad[ 2] * bd[ 5]
-                           + (sword64)ad[ 3] * bd[ 4]
-                           + (sword64)ad[ 4] * bd[ 3]
-                           + (sword64)ad[ 5] * bd[ 2]
-                           + (sword64)ad[ 6] * bd[ 1]
-                           + (sword64)ad[ 7] * bd[ 0];
-    t[ 8] = (word64)dd[ 8] + (sword64)ad[ 0] * bd[ 8]
-                           + (sword64)ad[ 1] * bd[ 7]
-                           + (sword64)ad[ 2] * bd[ 6]
-                           + (sword64)ad[ 3] * bd[ 5]
-                           + (sword64)ad[ 4] * bd[ 4]
-                           + (sword64)ad[ 5] * bd[ 3]
-                           + (sword64)ad[ 6] * bd[ 2]
-                           + (sword64)ad[ 7] * bd[ 1]
-                           + (sword64)ad[ 8] * bd[ 0];
-    t[ 9] = (word64)dd[ 9] + (sword64)ad[ 0] * bd[ 9]
-                           + (sword64)ad[ 1] * bd[ 8]
-                           + (sword64)ad[ 2] * bd[ 7]
-                           + (sword64)ad[ 3] * bd[ 6]
-                           + (sword64)ad[ 4] * bd[ 5]
-                           + (sword64)ad[ 5] * bd[ 4]
-                           + (sword64)ad[ 6] * bd[ 3]
-                           + (sword64)ad[ 7] * bd[ 2]
-                           + (sword64)ad[ 8] * bd[ 1]
-                           + (sword64)ad[ 9] * bd[ 0];
-    t[10] = (word64)dd[10] + (sword64)ad[ 0] * bd[10]
-                           + (sword64)ad[ 1] * bd[ 9]
-                           + (sword64)ad[ 2] * bd[ 8]
-                           + (sword64)ad[ 3] * bd[ 7]
-                           + (sword64)ad[ 4] * bd[ 6]
-                           + (sword64)ad[ 5] * bd[ 5]
-                           + (sword64)ad[ 6] * bd[ 4]
-                           + (sword64)ad[ 7] * bd[ 3]
-                           + (sword64)ad[ 8] * bd[ 2]
-                           + (sword64)ad[ 9] * bd[ 1]
-                           + (sword64)ad[10] * bd[ 0];
-    t[11] = (word64)dd[11] + (sword64)ad[ 0] * bd[11]
-                           + (sword64)ad[ 1] * bd[10]
-                           + (sword64)ad[ 2] * bd[ 9]
-                           + (sword64)ad[ 3] * bd[ 8]
-                           + (sword64)ad[ 4] * bd[ 7]
-                           + (sword64)ad[ 5] * bd[ 6]
-                           + (sword64)ad[ 6] * bd[ 5]
-                           + (sword64)ad[ 7] * bd[ 4]
-                           + (sword64)ad[ 8] * bd[ 3]
-                           + (sword64)ad[ 9] * bd[ 2]
-                           + (sword64)ad[10] * bd[ 1]
-                           + (sword64)ad[11] * bd[ 0];
-    t[12] = (word64)dd[12] + (sword64)ad[ 0] * bd[12]
-                           + (sword64)ad[ 1] * bd[11]
-                           + (sword64)ad[ 2] * bd[10]
-                           + (sword64)ad[ 3] * bd[ 9]
-                           + (sword64)ad[ 4] * bd[ 8]
-                           + (sword64)ad[ 5] * bd[ 7]
-                           + (sword64)ad[ 6] * bd[ 6]
-                           + (sword64)ad[ 7] * bd[ 5]
-                           + (sword64)ad[ 8] * bd[ 4]
-                           + (sword64)ad[ 9] * bd[ 3]
-                           + (sword64)ad[10] * bd[ 2]
-                           + (sword64)ad[11] * bd[ 1]
-                           + (sword64)ad[12] * bd[ 0];
-    t[13] = (word64)dd[13] + (sword64)ad[ 0] * bd[13]
-                           + (sword64)ad[ 1] * bd[12]
-                           + (sword64)ad[ 2] * bd[11]
-                           + (sword64)ad[ 3] * bd[10]
-                           + (sword64)ad[ 4] * bd[ 9]
-                           + (sword64)ad[ 5] * bd[ 8]
-                           + (sword64)ad[ 6] * bd[ 7]
-                           + (sword64)ad[ 7] * bd[ 6]
-                           + (sword64)ad[ 8] * bd[ 5]
-                           + (sword64)ad[ 9] * bd[ 4]
-                           + (sword64)ad[10] * bd[ 3]
-                           + (sword64)ad[11] * bd[ 2]
-                           + (sword64)ad[12] * bd[ 1]
-                           + (sword64)ad[13] * bd[ 0];
-    t[14] = (word64)dd[14] + (sword64)ad[ 0] * bd[14]
-                           + (sword64)ad[ 1] * bd[13]
-                           + (sword64)ad[ 2] * bd[12]
-                           + (sword64)ad[ 3] * bd[11]
-                           + (sword64)ad[ 4] * bd[10]
-                           + (sword64)ad[ 5] * bd[ 9]
-                           + (sword64)ad[ 6] * bd[ 8]
-                           + (sword64)ad[ 7] * bd[ 7]
-                           + (sword64)ad[ 8] * bd[ 6]
-                           + (sword64)ad[ 9] * bd[ 5]
-                           + (sword64)ad[10] * bd[ 4]
-                           + (sword64)ad[11] * bd[ 3]
-                           + (sword64)ad[12] * bd[ 2]
-                           + (sword64)ad[13] * bd[ 1]
-                           + (sword64)ad[14] * bd[ 0];
-    t[15] = (word64)dd[15] + (sword64)ad[ 0] * bd[15]
-                           + (sword64)ad[ 1] * bd[14]
-                           + (sword64)ad[ 2] * bd[13]
-                           + (sword64)ad[ 3] * bd[12]
-                           + (sword64)ad[ 4] * bd[11]
-                           + (sword64)ad[ 5] * bd[10]
-                           + (sword64)ad[ 6] * bd[ 9]
-                           + (sword64)ad[ 7] * bd[ 8]
-                           + (sword64)ad[ 8] * bd[ 7]
-                           + (sword64)ad[ 9] * bd[ 6]
-                           + (sword64)ad[10] * bd[ 5]
-                           + (sword64)ad[11] * bd[ 4]
-                           + (sword64)ad[12] * bd[ 3]
-                           + (sword64)ad[13] * bd[ 2]
-                           + (sword64)ad[14] * bd[ 1]
-                           + (sword64)ad[15] * bd[ 0];
-    t[16] = (word64)          (sword64)ad[ 1] * bd[15]
-                           + (sword64)ad[ 2] * bd[14]
-                           + (sword64)ad[ 3] * bd[13]
-                           + (sword64)ad[ 4] * bd[12]
-                           + (sword64)ad[ 5] * bd[11]
-                           + (sword64)ad[ 6] * bd[10]
-                           + (sword64)ad[ 7] * bd[ 9]
-                           + (sword64)ad[ 8] * bd[ 8]
-                           + (sword64)ad[ 9] * bd[ 7]
-                           + (sword64)ad[10] * bd[ 6]
-                           + (sword64)ad[11] * bd[ 5]
-                           + (sword64)ad[12] * bd[ 4]
-                           + (sword64)ad[13] * bd[ 3]
-                           + (sword64)ad[14] * bd[ 2]
-                           + (sword64)ad[15] * bd[ 1];
-    t[17] = (word64)          (sword64)ad[ 2] * bd[15]
-                           + (sword64)ad[ 3] * bd[14]
-                           + (sword64)ad[ 4] * bd[13]
-                           + (sword64)ad[ 5] * bd[12]
-                           + (sword64)ad[ 6] * bd[11]
-                           + (sword64)ad[ 7] * bd[10]
-                           + (sword64)ad[ 8] * bd[ 9]
-                           + (sword64)ad[ 9] * bd[ 8]
-                           + (sword64)ad[10] * bd[ 7]
-                           + (sword64)ad[11] * bd[ 6]
-                           + (sword64)ad[12] * bd[ 5]
-                           + (sword64)ad[13] * bd[ 4]
-                           + (sword64)ad[14] * bd[ 3]
-                           + (sword64)ad[15] * bd[ 2];
-    t[18] = (word64)          (sword64)ad[ 3] * bd[15]
-                           + (sword64)ad[ 4] * bd[14]
-                           + (sword64)ad[ 5] * bd[13]
-                           + (sword64)ad[ 6] * bd[12]
-                           + (sword64)ad[ 7] * bd[11]
-                           + (sword64)ad[ 8] * bd[10]
-                           + (sword64)ad[ 9] * bd[ 9]
-                           + (sword64)ad[10] * bd[ 8]
-                           + (sword64)ad[11] * bd[ 7]
-                           + (sword64)ad[12] * bd[ 6]
-                           + (sword64)ad[13] * bd[ 5]
-                           + (sword64)ad[14] * bd[ 4]
-                           + (sword64)ad[15] * bd[ 3];
-    t[19] = (word64)          (sword64)ad[ 4] * bd[15]
-                           + (sword64)ad[ 5] * bd[14]
-                           + (sword64)ad[ 6] * bd[13]
-                           + (sword64)ad[ 7] * bd[12]
-                           + (sword64)ad[ 8] * bd[11]
-                           + (sword64)ad[ 9] * bd[10]
-                           + (sword64)ad[10] * bd[ 9]
-                           + (sword64)ad[11] * bd[ 8]
-                           + (sword64)ad[12] * bd[ 7]
-                           + (sword64)ad[13] * bd[ 6]
-                           + (sword64)ad[14] * bd[ 5]
-                           + (sword64)ad[15] * bd[ 4];
-    t[20] = (word64)          (sword64)ad[ 5] * bd[15]
-                           + (sword64)ad[ 6] * bd[14]
-                           + (sword64)ad[ 7] * bd[13]
-                           + (sword64)ad[ 8] * bd[12]
-                           + (sword64)ad[ 9] * bd[11]
-                           + (sword64)ad[10] * bd[10]
-                           + (sword64)ad[11] * bd[ 9]
-                           + (sword64)ad[12] * bd[ 8]
-                           + (sword64)ad[13] * bd[ 7]
-                           + (sword64)ad[14] * bd[ 6]
-                           + (sword64)ad[15] * bd[ 5];
-    t[21] = (word64)          (sword64)ad[ 6] * bd[15]
-                           + (sword64)ad[ 7] * bd[14]
-                           + (sword64)ad[ 8] * bd[13]
-                           + (sword64)ad[ 9] * bd[12]
-                           + (sword64)ad[10] * bd[11]
-                           + (sword64)ad[11] * bd[10]
-                           + (sword64)ad[12] * bd[ 9]
-                           + (sword64)ad[13] * bd[ 8]
-                           + (sword64)ad[14] * bd[ 7]
-                           + (sword64)ad[15] * bd[ 6];
-    t[22] = (word64)          (sword64)ad[ 7] * bd[15]
-                           + (sword64)ad[ 8] * bd[14]
-                           + (sword64)ad[ 9] * bd[13]
-                           + (sword64)ad[10] * bd[12]
-                           + (sword64)ad[11] * bd[11]
-                           + (sword64)ad[12] * bd[10]
-                           + (sword64)ad[13] * bd[ 9]
-                           + (sword64)ad[14] * bd[ 8]
-                           + (sword64)ad[15] * bd[ 7];
-    t[23] = (word64)          (sword64)ad[ 8] * bd[15]
-                           + (sword64)ad[ 9] * bd[14]
-                           + (sword64)ad[10] * bd[13]
-                           + (sword64)ad[11] * bd[12]
-                           + (sword64)ad[12] * bd[11]
-                           + (sword64)ad[13] * bd[10]
-                           + (sword64)ad[14] * bd[ 9]
-                           + (sword64)ad[15] * bd[ 8];
-    t[24] = (word64)          (sword64)ad[ 9] * bd[15]
-                           + (sword64)ad[10] * bd[14]
-                           + (sword64)ad[11] * bd[13]
-                           + (sword64)ad[12] * bd[12]
-                           + (sword64)ad[13] * bd[11]
-                           + (sword64)ad[14] * bd[10]
-                           + (sword64)ad[15] * bd[ 9];
-    t[25] = (word64)          (sword64)ad[10] * bd[15]
-                           + (sword64)ad[11] * bd[14]
-                           + (sword64)ad[12] * bd[13]
-                           + (sword64)ad[13] * bd[12]
-                           + (sword64)ad[14] * bd[11]
-                           + (sword64)ad[15] * bd[10];
-    t[26] = (word64)          (sword64)ad[11] * bd[15]
-                           + (sword64)ad[12] * bd[14]
-                           + (sword64)ad[13] * bd[13]
-                           + (sword64)ad[14] * bd[12]
-                           + (sword64)ad[15] * bd[11];
-    t[27] = (word64)          (sword64)ad[12] * bd[15]
-                           + (sword64)ad[13] * bd[14]
-                           + (sword64)ad[14] * bd[13]
-                           + (sword64)ad[15] * bd[12];
-    t[28] = (word64)          (sword64)ad[13] * bd[15]
-                           + (sword64)ad[14] * bd[14]
-                           + (sword64)ad[15] * bd[13];
-    t[29] = (word64)          (sword64)ad[14] * bd[15]
-                           + (sword64)ad[15] * bd[14];
-    t[30] = (word64)          (sword64)ad[15] * bd[15];
+    t[ 0] = (word64)(dd[ 0] + (word64)((sword64)ad[ 0] * bd[ 0]));
+    t[ 1] = (word64)(dd[ 1] + (word64)((sword64)ad[ 0] * bd[ 1]
+                                      + (sword64)ad[ 1] * bd[ 0]));
+    t[ 2] = (word64)(dd[ 2] + (word64)((sword64)ad[ 0] * bd[ 2]
+                                      + (sword64)ad[ 1] * bd[ 1]
+                                      + (sword64)ad[ 2] * bd[ 0]));
+    t[ 3] = (word64)(dd[ 3] + (word64)((sword64)ad[ 0] * bd[ 3]
+                                      + (sword64)ad[ 1] * bd[ 2]
+                                      + (sword64)ad[ 2] * bd[ 1]
+                                      + (sword64)ad[ 3] * bd[ 0]));
+    t[ 4] = (word64)(dd[ 4] + (word64)((sword64)ad[ 0] * bd[ 4]
+                                      + (sword64)ad[ 1] * bd[ 3]
+                                      + (sword64)ad[ 2] * bd[ 2]
+                                      + (sword64)ad[ 3] * bd[ 1]
+                                      + (sword64)ad[ 4] * bd[ 0]));
+    t[ 5] = (word64)(dd[ 5] + (word64)((sword64)ad[ 0] * bd[ 5]
+                                      + (sword64)ad[ 1] * bd[ 4]
+                                      + (sword64)ad[ 2] * bd[ 3]
+                                      + (sword64)ad[ 3] * bd[ 2]
+                                      + (sword64)ad[ 4] * bd[ 1]
+                                      + (sword64)ad[ 5] * bd[ 0]));
+    t[ 6] = (word64)(dd[ 6] + (word64)((sword64)ad[ 0] * bd[ 6]
+                                      + (sword64)ad[ 1] * bd[ 5]
+                                      + (sword64)ad[ 2] * bd[ 4]
+                                      + (sword64)ad[ 3] * bd[ 3]
+                                      + (sword64)ad[ 4] * bd[ 2]
+                                      + (sword64)ad[ 5] * bd[ 1]
+                                      + (sword64)ad[ 6] * bd[ 0]));
+    t[ 7] = (word64)(dd[ 7] + (word64)((sword64)ad[ 0] * bd[ 7]
+                                      + (sword64)ad[ 1] * bd[ 6]
+                                      + (sword64)ad[ 2] * bd[ 5]
+                                      + (sword64)ad[ 3] * bd[ 4]
+                                      + (sword64)ad[ 4] * bd[ 3]
+                                      + (sword64)ad[ 5] * bd[ 2]
+                                      + (sword64)ad[ 6] * bd[ 1]
+                                      + (sword64)ad[ 7] * bd[ 0]));
+    t[ 8] = (word64)(dd[ 8] + (word64)((sword64)ad[ 0] * bd[ 8]
+                                      + (sword64)ad[ 1] * bd[ 7]
+                                      + (sword64)ad[ 2] * bd[ 6]
+                                      + (sword64)ad[ 3] * bd[ 5]
+                                      + (sword64)ad[ 4] * bd[ 4]
+                                      + (sword64)ad[ 5] * bd[ 3]
+                                      + (sword64)ad[ 6] * bd[ 2]
+                                      + (sword64)ad[ 7] * bd[ 1]
+                                      + (sword64)ad[ 8] * bd[ 0]));
+    t[ 9] = (word64)(dd[ 9] + (word64)((sword64)ad[ 0] * bd[ 9]
+                                      + (sword64)ad[ 1] * bd[ 8]
+                                      + (sword64)ad[ 2] * bd[ 7]
+                                      + (sword64)ad[ 3] * bd[ 6]
+                                      + (sword64)ad[ 4] * bd[ 5]
+                                      + (sword64)ad[ 5] * bd[ 4]
+                                      + (sword64)ad[ 6] * bd[ 3]
+                                      + (sword64)ad[ 7] * bd[ 2]
+                                      + (sword64)ad[ 8] * bd[ 1]
+                                      + (sword64)ad[ 9] * bd[ 0]));
+    t[10] = (word64)(dd[10] + (word64)((sword64)ad[ 0] * bd[10]
+                                      + (sword64)ad[ 1] * bd[ 9]
+                                      + (sword64)ad[ 2] * bd[ 8]
+                                      + (sword64)ad[ 3] * bd[ 7]
+                                      + (sword64)ad[ 4] * bd[ 6]
+                                      + (sword64)ad[ 5] * bd[ 5]
+                                      + (sword64)ad[ 6] * bd[ 4]
+                                      + (sword64)ad[ 7] * bd[ 3]
+                                      + (sword64)ad[ 8] * bd[ 2]
+                                      + (sword64)ad[ 9] * bd[ 1]
+                                      + (sword64)ad[10] * bd[ 0]));
+    t[11] = (word64)(dd[11] + (word64)((sword64)ad[ 0] * bd[11]
+                                      + (sword64)ad[ 1] * bd[10]
+                                      + (sword64)ad[ 2] * bd[ 9]
+                                      + (sword64)ad[ 3] * bd[ 8]
+                                      + (sword64)ad[ 4] * bd[ 7]
+                                      + (sword64)ad[ 5] * bd[ 6]
+                                      + (sword64)ad[ 6] * bd[ 5]
+                                      + (sword64)ad[ 7] * bd[ 4]
+                                      + (sword64)ad[ 8] * bd[ 3]
+                                      + (sword64)ad[ 9] * bd[ 2]
+                                      + (sword64)ad[10] * bd[ 1]
+                                      + (sword64)ad[11] * bd[ 0]));
+    t[12] = (word64)(dd[12] + (word64)((sword64)ad[ 0] * bd[12]
+                                      + (sword64)ad[ 1] * bd[11]
+                                      + (sword64)ad[ 2] * bd[10]
+                                      + (sword64)ad[ 3] * bd[ 9]
+                                      + (sword64)ad[ 4] * bd[ 8]
+                                      + (sword64)ad[ 5] * bd[ 7]
+                                      + (sword64)ad[ 6] * bd[ 6]
+                                      + (sword64)ad[ 7] * bd[ 5]
+                                      + (sword64)ad[ 8] * bd[ 4]
+                                      + (sword64)ad[ 9] * bd[ 3]
+                                      + (sword64)ad[10] * bd[ 2]
+                                      + (sword64)ad[11] * bd[ 1]
+                                      + (sword64)ad[12] * bd[ 0]));
+    t[13] = (word64)(dd[13] + (word64)((sword64)ad[ 0] * bd[13]
+                                      + (sword64)ad[ 1] * bd[12]
+                                      + (sword64)ad[ 2] * bd[11]
+                                      + (sword64)ad[ 3] * bd[10]
+                                      + (sword64)ad[ 4] * bd[ 9]
+                                      + (sword64)ad[ 5] * bd[ 8]
+                                      + (sword64)ad[ 6] * bd[ 7]
+                                      + (sword64)ad[ 7] * bd[ 6]
+                                      + (sword64)ad[ 8] * bd[ 5]
+                                      + (sword64)ad[ 9] * bd[ 4]
+                                      + (sword64)ad[10] * bd[ 3]
+                                      + (sword64)ad[11] * bd[ 2]
+                                      + (sword64)ad[12] * bd[ 1]
+                                      + (sword64)ad[13] * bd[ 0]));
+    t[14] = (word64)(dd[14] + (word64)((sword64)ad[ 0] * bd[14]
+                                      + (sword64)ad[ 1] * bd[13]
+                                      + (sword64)ad[ 2] * bd[12]
+                                      + (sword64)ad[ 3] * bd[11]
+                                      + (sword64)ad[ 4] * bd[10]
+                                      + (sword64)ad[ 5] * bd[ 9]
+                                      + (sword64)ad[ 6] * bd[ 8]
+                                      + (sword64)ad[ 7] * bd[ 7]
+                                      + (sword64)ad[ 8] * bd[ 6]
+                                      + (sword64)ad[ 9] * bd[ 5]
+                                      + (sword64)ad[10] * bd[ 4]
+                                      + (sword64)ad[11] * bd[ 3]
+                                      + (sword64)ad[12] * bd[ 2]
+                                      + (sword64)ad[13] * bd[ 1]
+                                      + (sword64)ad[14] * bd[ 0]));
+    t[15] = (word64)(dd[15] + (word64)((sword64)ad[ 0] * bd[15]
+                                      + (sword64)ad[ 1] * bd[14]
+                                      + (sword64)ad[ 2] * bd[13]
+                                      + (sword64)ad[ 3] * bd[12]
+                                      + (sword64)ad[ 4] * bd[11]
+                                      + (sword64)ad[ 5] * bd[10]
+                                      + (sword64)ad[ 6] * bd[ 9]
+                                      + (sword64)ad[ 7] * bd[ 8]
+                                      + (sword64)ad[ 8] * bd[ 7]
+                                      + (sword64)ad[ 9] * bd[ 6]
+                                      + (sword64)ad[10] * bd[ 5]
+                                      + (sword64)ad[11] * bd[ 4]
+                                      + (sword64)ad[12] * bd[ 3]
+                                      + (sword64)ad[13] * bd[ 2]
+                                      + (sword64)ad[14] * bd[ 1]
+                                      + (sword64)ad[15] * bd[ 0]));
+    t[16] = (word64)(                   (sword64)ad[ 1] * bd[15]
+                                      + (sword64)ad[ 2] * bd[14]
+                                      + (sword64)ad[ 3] * bd[13]
+                                      + (sword64)ad[ 4] * bd[12]
+                                      + (sword64)ad[ 5] * bd[11]
+                                      + (sword64)ad[ 6] * bd[10]
+                                      + (sword64)ad[ 7] * bd[ 9]
+                                      + (sword64)ad[ 8] * bd[ 8]
+                                      + (sword64)ad[ 9] * bd[ 7]
+                                      + (sword64)ad[10] * bd[ 6]
+                                      + (sword64)ad[11] * bd[ 5]
+                                      + (sword64)ad[12] * bd[ 4]
+                                      + (sword64)ad[13] * bd[ 3]
+                                      + (sword64)ad[14] * bd[ 2]
+                                      + (sword64)ad[15] * bd[ 1]);
+    t[17] = (word64)(                   (sword64)ad[ 2] * bd[15]
+                                      + (sword64)ad[ 3] * bd[14]
+                                      + (sword64)ad[ 4] * bd[13]
+                                      + (sword64)ad[ 5] * bd[12]
+                                      + (sword64)ad[ 6] * bd[11]
+                                      + (sword64)ad[ 7] * bd[10]
+                                      + (sword64)ad[ 8] * bd[ 9]
+                                      + (sword64)ad[ 9] * bd[ 8]
+                                      + (sword64)ad[10] * bd[ 7]
+                                      + (sword64)ad[11] * bd[ 6]
+                                      + (sword64)ad[12] * bd[ 5]
+                                      + (sword64)ad[13] * bd[ 4]
+                                      + (sword64)ad[14] * bd[ 3]
+                                      + (sword64)ad[15] * bd[ 2]);
+    t[18] = (word64)(                   (sword64)ad[ 3] * bd[15]
+                                      + (sword64)ad[ 4] * bd[14]
+                                      + (sword64)ad[ 5] * bd[13]
+                                      + (sword64)ad[ 6] * bd[12]
+                                      + (sword64)ad[ 7] * bd[11]
+                                      + (sword64)ad[ 8] * bd[10]
+                                      + (sword64)ad[ 9] * bd[ 9]
+                                      + (sword64)ad[10] * bd[ 8]
+                                      + (sword64)ad[11] * bd[ 7]
+                                      + (sword64)ad[12] * bd[ 6]
+                                      + (sword64)ad[13] * bd[ 5]
+                                      + (sword64)ad[14] * bd[ 4]
+                                      + (sword64)ad[15] * bd[ 3]);
+    t[19] = (word64)(                   (sword64)ad[ 4] * bd[15]
+                                      + (sword64)ad[ 5] * bd[14]
+                                      + (sword64)ad[ 6] * bd[13]
+                                      + (sword64)ad[ 7] * bd[12]
+                                      + (sword64)ad[ 8] * bd[11]
+                                      + (sword64)ad[ 9] * bd[10]
+                                      + (sword64)ad[10] * bd[ 9]
+                                      + (sword64)ad[11] * bd[ 8]
+                                      + (sword64)ad[12] * bd[ 7]
+                                      + (sword64)ad[13] * bd[ 6]
+                                      + (sword64)ad[14] * bd[ 5]
+                                      + (sword64)ad[15] * bd[ 4]);
+    t[20] = (word64)(                   (sword64)ad[ 5] * bd[15]
+                                      + (sword64)ad[ 6] * bd[14]
+                                      + (sword64)ad[ 7] * bd[13]
+                                      + (sword64)ad[ 8] * bd[12]
+                                      + (sword64)ad[ 9] * bd[11]
+                                      + (sword64)ad[10] * bd[10]
+                                      + (sword64)ad[11] * bd[ 9]
+                                      + (sword64)ad[12] * bd[ 8]
+                                      + (sword64)ad[13] * bd[ 7]
+                                      + (sword64)ad[14] * bd[ 6]
+                                      + (sword64)ad[15] * bd[ 5]);
+    t[21] = (word64)(                   (sword64)ad[ 6] * bd[15]
+                                      + (sword64)ad[ 7] * bd[14]
+                                      + (sword64)ad[ 8] * bd[13]
+                                      + (sword64)ad[ 9] * bd[12]
+                                      + (sword64)ad[10] * bd[11]
+                                      + (sword64)ad[11] * bd[10]
+                                      + (sword64)ad[12] * bd[ 9]
+                                      + (sword64)ad[13] * bd[ 8]
+                                      + (sword64)ad[14] * bd[ 7]
+                                      + (sword64)ad[15] * bd[ 6]);
+    t[22] = (word64)(                   (sword64)ad[ 7] * bd[15]
+                                      + (sword64)ad[ 8] * bd[14]
+                                      + (sword64)ad[ 9] * bd[13]
+                                      + (sword64)ad[10] * bd[12]
+                                      + (sword64)ad[11] * bd[11]
+                                      + (sword64)ad[12] * bd[10]
+                                      + (sword64)ad[13] * bd[ 9]
+                                      + (sword64)ad[14] * bd[ 8]
+                                      + (sword64)ad[15] * bd[ 7]);
+    t[23] = (word64)(                   (sword64)ad[ 8] * bd[15]
+                                      + (sword64)ad[ 9] * bd[14]
+                                      + (sword64)ad[10] * bd[13]
+                                      + (sword64)ad[11] * bd[12]
+                                      + (sword64)ad[12] * bd[11]
+                                      + (sword64)ad[13] * bd[10]
+                                      + (sword64)ad[14] * bd[ 9]
+                                      + (sword64)ad[15] * bd[ 8]);
+    t[24] = (word64)(                   (sword64)ad[ 9] * bd[15]
+                                      + (sword64)ad[10] * bd[14]
+                                      + (sword64)ad[11] * bd[13]
+                                      + (sword64)ad[12] * bd[12]
+                                      + (sword64)ad[13] * bd[11]
+                                      + (sword64)ad[14] * bd[10]
+                                      + (sword64)ad[15] * bd[ 9]);
+    t[25] = (word64)(                   (sword64)ad[10] * bd[15]
+                                      + (sword64)ad[11] * bd[14]
+                                      + (sword64)ad[12] * bd[13]
+                                      + (sword64)ad[13] * bd[12]
+                                      + (sword64)ad[14] * bd[11]
+                                      + (sword64)ad[15] * bd[10]);
+    t[26] = (word64)(                   (sword64)ad[11] * bd[15]
+                                      + (sword64)ad[12] * bd[14]
+                                      + (sword64)ad[13] * bd[13]
+                                      + (sword64)ad[14] * bd[12]
+                                      + (sword64)ad[15] * bd[11]);
+    t[27] = (word64)(                   (sword64)ad[12] * bd[15]
+                                      + (sword64)ad[13] * bd[14]
+                                      + (sword64)ad[14] * bd[13]
+                                      + (sword64)ad[15] * bd[12]);
+    t[28] = (word64)(                   (sword64)ad[13] * bd[15]
+                                      + (sword64)ad[14] * bd[14]
+                                      + (sword64)ad[15] * bd[13]);
+    t[29] = (word64)(                   (sword64)ad[14] * bd[15]
+                                      + (sword64)ad[15] * bd[14]);
+    t[30] = (word64)(                   (sword64)ad[15] * bd[15]);
     t[31] = 0;
 
     /* Mod curve order */
@@ -6200,61 +6344,128 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     o = rd[12] >> 28; rd[13] += o; rd[12] = rd[12] & 0xfffffff;
     o = rd[13] >> 28; rd[14] += o; rd[13] = rd[13] & 0xfffffff;
     o = rd[14] >> 28; rd[15] += o; rd[14] = rd[14] & 0xfffffff;
+    /* Reduce to mod order. */
+    u = 0;
+    u += (sword32)rd[0] - (sword32)0x0b5844f3L; u >>= 28;
+    u += (sword32)rd[1] - (sword32)0x078c292aL; u >>= 28;
+    u += (sword32)rd[2] - (sword32)0x058f5523L; u >>= 28;
+    u += (sword32)rd[3] - (sword32)0x0c2728dcL; u >>= 28;
+    u += (sword32)rd[4] - (sword32)0x0690216cL; u >>= 28;
+    u += (sword32)rd[5] - (sword32)0x049aed63L; u >>= 28;
+    u += (sword32)rd[6] - (sword32)0x09c44edbL; u >>= 28;
+    u += (sword32)rd[7] - (sword32)0x07cca23eL; u >>= 28;
+    u += (sword32)rd[8] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[9] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[10] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[11] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[12] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[13] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[14] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[15] - (sword32)0x03ffffffL; u >>= 28;
+    o = (word32)0 - (u >= 0);
+    u = 0;
+    u += (sword32)rd[0] - (sword32)((word32)0x0b5844f3L & o);
+    rd[0] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[1] - (sword32)((word32)0x078c292aL & o);
+    rd[1] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[2] - (sword32)((word32)0x058f5523L & o);
+    rd[2] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[3] - (sword32)((word32)0x0c2728dcL & o);
+    rd[3] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[4] - (sword32)((word32)0x0690216cL & o);
+    rd[4] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[5] - (sword32)((word32)0x049aed63L & o);
+    rd[5] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[6] - (sword32)((word32)0x09c44edbL & o);
+    rd[6] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[7] - (sword32)((word32)0x07cca23eL & o);
+    rd[7] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[8] - (sword32)((word32)0x0fffffffL & o);
+    rd[8] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[9] - (sword32)((word32)0x0fffffffL & o);
+    rd[9] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[10] - (sword32)((word32)0x0fffffffL & o);
+    rd[10] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[11] - (sword32)((word32)0x0fffffffL & o);
+    rd[11] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[12] - (sword32)((word32)0x0fffffffL & o);
+    rd[12] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[13] - (sword32)((word32)0x0fffffffL & o);
+    rd[13] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[14] - (sword32)((word32)0x0fffffffL & o);
+    rd[14] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[15] - (sword32)((word32)0x03ffffffL & o);
+    rd[15] = u & 0xfffffff;
 
     /* Convert to bytes */
     r[ 0] = (byte)(rd[0 ] >>  0);
     r[ 1] = (byte)(rd[0 ] >>  8);
     r[ 2] = (byte)(rd[0 ] >> 16);
-    r[ 3] = (byte)(rd[0 ] >> 24) + ((rd[1 ] >>  0) <<  4);
+    r[ 3] = (byte)((byte)(rd[0 ] >> 24) + (byte)((rd[1 ] >>  0) <<  4));
     r[ 4] = (byte)(rd[1 ] >>  4);
     r[ 5] = (byte)(rd[1 ] >> 12);
     r[ 6] = (byte)(rd[1 ] >> 20);
     r[ 7] = (byte)(rd[2 ] >>  0);
     r[ 8] = (byte)(rd[2 ] >>  8);
     r[ 9] = (byte)(rd[2 ] >> 16);
-    r[10] = (byte)(rd[2 ] >> 24) + ((rd[3 ] >>  0) <<  4);
+    r[10] = (byte)((byte)(rd[2 ] >> 24) + (byte)((rd[3 ] >>  0) <<  4));
     r[11] = (byte)(rd[3 ] >>  4);
     r[12] = (byte)(rd[3 ] >> 12);
     r[13] = (byte)(rd[3 ] >> 20);
     r[14] = (byte)(rd[4 ] >>  0);
     r[15] = (byte)(rd[4 ] >>  8);
     r[16] = (byte)(rd[4 ] >> 16);
-    r[17] = (byte)(rd[4 ] >> 24) + ((rd[5 ] >>  0) <<  4);
+    r[17] = (byte)((byte)(rd[4 ] >> 24) + (byte)((rd[5 ] >>  0) <<  4));
     r[18] = (byte)(rd[5 ] >>  4);
     r[19] = (byte)(rd[5 ] >> 12);
     r[20] = (byte)(rd[5 ] >> 20);
     r[21] = (byte)(rd[6 ] >>  0);
     r[22] = (byte)(rd[6 ] >>  8);
     r[23] = (byte)(rd[6 ] >> 16);
-    r[24] = (byte)(rd[6 ] >> 24) + ((rd[7 ] >>  0) <<  4);
+    r[24] = (byte)((byte)(rd[6 ] >> 24) + (byte)((rd[7 ] >>  0) <<  4));
     r[25] = (byte)(rd[7 ] >>  4);
     r[26] = (byte)(rd[7 ] >> 12);
     r[27] = (byte)(rd[7 ] >> 20);
     r[28] = (byte)(rd[8 ] >>  0);
     r[29] = (byte)(rd[8 ] >>  8);
     r[30] = (byte)(rd[8 ] >> 16);
-    r[31] = (byte)(rd[8 ] >> 24) + ((rd[9 ] >>  0) <<  4);
+    r[31] = (byte)((byte)(rd[8 ] >> 24) + (byte)((rd[9 ] >>  0) <<  4));
     r[32] = (byte)(rd[9 ] >>  4);
     r[33] = (byte)(rd[9 ] >> 12);
     r[34] = (byte)(rd[9 ] >> 20);
     r[35] = (byte)(rd[10] >>  0);
     r[36] = (byte)(rd[10] >>  8);
     r[37] = (byte)(rd[10] >> 16);
-    r[38] = (byte)(rd[10] >> 24) + ((rd[11] >>  0) <<  4);
+    r[38] = (byte)((byte)(rd[10] >> 24) + (byte)((rd[11] >>  0) <<  4));
     r[39] = (byte)(rd[11] >>  4);
     r[40] = (byte)(rd[11] >> 12);
     r[41] = (byte)(rd[11] >> 20);
     r[42] = (byte)(rd[12] >>  0);
     r[43] = (byte)(rd[12] >>  8);
     r[44] = (byte)(rd[12] >> 16);
-    r[45] = (byte)(rd[12] >> 24) + ((rd[13] >>  0) <<  4);
+    r[45] = (byte)((byte)(rd[12] >> 24) + (byte)((rd[13] >>  0) <<  4));
     r[46] = (byte)(rd[13] >>  4);
     r[47] = (byte)(rd[13] >> 12);
     r[48] = (byte)(rd[13] >> 20);
     r[49] = (byte)(rd[14] >>  0);
     r[50] = (byte)(rd[14] >>  8);
     r[51] = (byte)(rd[14] >> 16);
-    r[52] = (byte)(rd[14] >> 24) + ((rd[15] >>  0) <<  4);
+    r[52] = (byte)((byte)(rd[14] >> 24) + (byte)((rd[15] >>  0) <<  4));
     r[53] = (byte)(rd[15] >>  4);
     r[54] = (byte)(rd[15] >> 12);
     r[55] = (byte)(rd[15] >> 20);
@@ -10455,7 +10666,7 @@ void ge448_to_bytes(byte *b, const ge448_p2 *p)
     fe448_mul(x, p->X, recip);
     fe448_mul(y, p->Y, recip);
     fe448_to_bytes(b, y);
-    b[56] = (byte)fe448_isnegative(x) << 7;
+    b[56] = (byte)((byte)fe448_isnegative(x) << 7);
 }
 
 /* Convert point to byte array assuming z is 1.
@@ -10466,7 +10677,7 @@ void ge448_to_bytes(byte *b, const ge448_p2 *p)
 static void ge448_p2z1_to_bytes(byte *b, const ge448_p2 *p)
 {
     fe448_to_bytes(b, p->Y);
-    b[56] = (byte)fe448_isnegative(p->X) << 7;
+    b[56] = (byte)((byte)fe448_isnegative(p->X) << 7);
 }
 
 /* Compress the point to y-ordinate and negative bit.
@@ -10563,36 +10774,52 @@ static void ge448_select(ge448_precomp* r, int pos, byte b)
  * r  [in]  Point to hold result.
  * a  [in]  Scalar to multiply by.
  */
-void ge448_scalarmult_base(ge448_p2* r, const byte* a)
+int ge448_scalarmult_base(ge448_p2* r, const byte* a)
 {
     byte          carry;
-    ge448_precomp t;
-    int           i;
+#ifdef WOLFSSL_SMALL_STACK
+    ge448_precomp *t = NULL;
+    byte          *e = NULL;
+#else
+    ge448_precomp t[1];
     byte          e[113];
+#endif
+    int           i;
+
+#ifdef WOLFSSL_SMALL_STACK
+    t = (ge448_precomp *)XMALLOC(sizeof(*t), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (t == NULL)
+        return MEMORY_E;
+    e = (byte *)XMALLOC(113, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (e == NULL) {
+        XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
 
     carry = 0;
     for (i = 0; i < 56; ++i) {
-        e[2 * i + 0] = ((a[i] >> 0) & 0xf) + carry;
-        carry = e[2 * i + 0] + 8;
+        e[2 * i + 0] = (byte)(((a[i] >> 0) & 0xf) + carry);
+        carry = (byte)(e[2 * i + 0] + 8);
         carry >>= 4;
-        e[2 * i + 0] -= (byte)(carry << 4);
+        e[2 * i + 0] = (byte)(e[2 * i + 0] - (byte)(carry << 4));
 
-        e[2 * i + 1] = ((a[i] >> 4) & 0xf) + carry;
-        carry = e[2 * i + 1] + 8;
-        carry >>= 4;
-        e[2 * i + 1] -= (byte)(carry << 4);
+        e[2 * i + 1] = (byte)(((a[i] >> 4) & 0xf) + carry);
+        carry = (byte)(e[2 * i + 1] + 8);
+        carry = (byte)(carry >> 4);
+        e[2 * i + 1] = (byte)(e[2 * i + 1] - (carry << 4));
     }
     e[112] = carry;
     /* each e[i] is between -8 and 8 */
 
-    /* Odd indeces first - sum based on even index so multiply by 16 */
-    ge448_select(&t, 0, e[1]);
-    fe448_copy(r->X, t.x);
-    fe448_copy(r->Y, t.y);
+    /* Odd indices first - sum based on even index so multiply by 16 */
+    ge448_select(t, 0, e[1]);
+    fe448_copy(r->X, t->x);
+    fe448_copy(r->Y, t->y);
     fe448_1(r->Z);
     for (i = 3; i < 112; i += 2) {
-        ge448_select(&t, i / 2, e[i]);
-        ge448_madd(r, r, &t);
+        ge448_select(t, i / 2, e[i]);
+        ge448_madd(r, r, t);
     }
 
     ge448_dbl(r, r);
@@ -10600,16 +10827,23 @@ void ge448_scalarmult_base(ge448_p2* r, const byte* a)
     ge448_dbl(r, r);
     ge448_dbl(r, r);
 
-    /* Add even indeces */
+    /* Add even indices */
     for (i = 0; i <= 112; i += 2) {
-        ge448_select(&t, i / 2, e[i]);
-        ge448_madd(r, r, &t);
+        ge448_select(t, i / 2, e[i]);
+        ge448_madd(r, r, t);
     }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
 }
 
 /* Create to a sliding window for the scalar multiplicaton.
  *
- * r  [in]  Array of indeces.
+ * r  [in]  Array of indices.
  * a  [in]  Scalar to break up.
  */
 static void slide(sword8 *r, const byte *a)
@@ -10633,11 +10867,11 @@ static void slide(sword8 *r, const byte *a)
             }
 
             if (r[i] + (r[i + b] << b) <= 31) {
-                r[i] += (sword8)(r[i + b] << b);
+                r[i] = (sword8)(r[i] + (r[i + b] << b));
                 r[i + b] = 0;
             }
             else if (r[i] - (r[i + b] << b) >= -31) {
-                r[i] -= (sword8)(r[i + b] << b);
+                r[i] = (sword8)(r[i] - (r[i + b] << b));
                 for (k = i + b; k < 448; ++k) {
                     if (!r[k]) {
                         r[k] = 1;
@@ -10757,18 +10991,10 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) ||                                                           defined(XMALLOC_USER))
-    if (p2 != NULL) {
-        XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (pi != NULL) {
-        XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (bslide != NULL) {
-        XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (aslide != NULL) {
-        XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c
index abe6ea697..f36c1c5b2 100644
--- a/wolfcrypt/src/ge_low_mem.c
+++ b/wolfcrypt/src/ge_low_mem.c
@@ -1,6 +1,6 @@
 /* ge_low_mem.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -512,6 +512,33 @@ int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s)
     return ret;
 }
 
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+/* return 0 if equal and -1 if not equal */
+static int ge_equal(ge a, ge b)
+{
+    if (XMEMCMP(a, b, sizeof(ge)) == 0) {
+        return 0;
+    }
+    else {
+        return -1;
+    }
+}
+
+/* returns 0 if a == b */
+static int ge_p3_equal(ge_p3* a, ge_p3* b)
+{
+    int ret = 0;
+
+    ret |= ge_equal(a->X, b->X);
+    ret |= ge_equal(a->Y, b->Y);
+    ret |= ge_equal(a->Z, b->Z);
+    ret |= ge_equal(a->T, b->T);
+
+    return ret;
+}
+#endif
+
+
 
 int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
                                  const ge_p3 *inA,const unsigned char *sig)
@@ -526,9 +553,19 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
 
     /* find H(R,A,M) * -A */
     ed25519_smult(&A, &A, h);
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (ge_p3_equal(&A, (ge_p3*)inA) == 0) {
+        ret = BAD_STATE_E;
+    }
+#endif
 
     /* SB + -H(R,A,M)A */
     ed25519_add(&A, &p, &A);
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (ge_p3_equal(&A, &p) == 0) {
+        ret = BAD_STATE_E;
+    }
+#endif
 
     lm_copy(R->X, A.X);
     lm_copy(R->Y, A.Y);
diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c
index 57a838cda..3f7f01b3e 100644
--- a/wolfcrypt/src/ge_operations.c
+++ b/wolfcrypt/src/ge_operations.c
@@ -1,6 +1,6 @@
 /* ge_operations.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -9125,12 +9125,12 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
 
   carry = 0;
   for (i = 0;i < 63;++i) {
-    e[i] += carry;
-    carry = e[i] + 8;
-    carry >>= 4;
-    e[i] -= (signed char)(carry << 4);
+    e[i] = (signed char)(e[i] + carry);
+    carry = (signed char)(e[i] + 8);
+    carry = (signed char)(carry >> 4);
+    e[i] = (signed char)(e[i] - (carry << 4));
   }
-  e[63] += carry;
+  e[63] = (signed char)(e[63] + carry);
   /* each e[i] is between -8 and 8 */
 
 #ifndef CURVED25519_ASM
@@ -9190,9 +9190,10 @@ static void slide(signed char *r,const unsigned char *a)
       for (b = 1;b <= 6 && i + b < SLIDE_SIZE;++b) {
         if (r[i + b]) {
           if (r[i] + (r[i + b] << b) <= 15) {
-            r[i] += (signed char)(r[i + b] << b); r[i + b] = 0;
+              r[i] = (signed char)(r[i] + (r[i + b] << b));
+              r[i + b] = 0;
           } else if (r[i] - (r[i + b] << b) >= -15) {
-            r[i] -= (signed char)(r[i + b] << b);
+            r[i] = (signed char)(r[i] - (r[i + b] << b));
             for (k = i + b;k < SLIDE_SIZE;++k) {
               if (!r[k]) {
                 r[k] = 1;
@@ -9391,7 +9392,7 @@ B is the Ed25519 base point (x,4/5) with x positive.
 int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
                                  const ge_p3 *A, const unsigned char *b)
 {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   signed char *aslide = NULL;
   signed char *bslide = NULL;
   ge_cached *Ai = NULL; /* A,3A,5A,7A,9A,11A,13A,15A */
@@ -9412,7 +9413,7 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
 #endif
   int i;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   if (((aslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) ||
       ((bslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) ||
       ((Ai = (ge_cached *)XMALLOC(8 * sizeof(*Ai), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) ||
@@ -9467,21 +9468,22 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
     ge_p1p1_to_p2(r,t);
   }
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+  if (i != -1) {
+      /* did not go through whole loop */
+      return BAD_STATE_E;
+  }
+#endif
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   out:
 
-  if (aslide != NULL)
-      XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (bslide != NULL)
-      XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (Ai != NULL)
-      XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (t != NULL)
-      XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (u != NULL)
-      XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-  if (A2 != NULL)
-      XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+  XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
   return ret;
 #else
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index 62f9980e1..93964e879 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -1,6 +1,6 @@
 /* hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -145,7 +145,7 @@ enum wc_HashType wc_HashTypeConvert(int hashType)
 
 int wc_HashGetOID(enum wc_HashType hash_type)
 {
-    int oid = HASH_TYPE_E; /* Default to hash type error */
+    int oid = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
     switch(hash_type)
     {
         case WC_HASH_TYPE_MD2:
@@ -317,17 +317,17 @@ enum wc_HashType wc_OidGetHash(int oid)
 /* Get Hash digest size */
 int wc_HashGetDigestSize(enum wc_HashType hash_type)
 {
-    int dig_size = HASH_TYPE_E; /* Default to hash type error */
+    int dig_size = WC_NO_ERR_TRACE(HASH_TYPE_E);
     switch(hash_type)
     {
         case WC_HASH_TYPE_MD2:
         #ifdef WOLFSSL_MD2
-            dig_size = MD2_DIGEST_SIZE;
+            dig_size = WC_MD2_DIGEST_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-            dig_size = MD4_DIGEST_SIZE;
+            dig_size = WC_MD4_DIGEST_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD5:
@@ -436,17 +436,17 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type)
 /* Get Hash block size */
 int wc_HashGetBlockSize(enum wc_HashType hash_type)
 {
-    int block_size = HASH_TYPE_E; /* Default to hash type error */
+    int block_size = WC_NO_ERR_TRACE(HASH_TYPE_E);
     switch (hash_type)
     {
         case WC_HASH_TYPE_MD2:
         #ifdef WOLFSSL_MD2
-            block_size = MD2_BLOCK_SIZE;
+            block_size = WC_MD2_BLOCK_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-            block_size = MD4_BLOCK_SIZE;
+            block_size = WC_MD4_BLOCK_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD5:
@@ -555,7 +555,7 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type)
 int wc_Hash_ex(enum wc_HashType hash_type, const byte* data,
     word32 data_len, byte* hash, word32 hash_len, void* heap, int devId)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
     int dig_size;
 
     /* Validate hash buffer size */
@@ -686,50 +686,96 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
         NULL, INVALID_DEVID);
 }
 
+#ifndef WC_NO_CONSTRUCTORS
+wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId,
+                       int *result_code)
+{
+    int ret;
+    wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap,
+                        DYNAMIC_TYPE_HASHES);
+    if (hash == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_HashInit_ex(hash, type, heap, devId);
+        if (ret != 0) {
+            XFREE(hash, heap, DYNAMIC_TYPE_HASHES);
+            hash = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return hash;
+}
+
+int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) {
+    int ret;
+    if (hash == NULL)
+        return BAD_FUNC_ARG;
+    ret = wc_HashFree(hash, hash->type);
+    if (ret < 0)
+        return ret;
+    XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES);
+    if (hash_p != NULL)
+        *hash_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
     int devId)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
 
     if (hash == NULL)
         return BAD_FUNC_ARG;
 
+    hash->type = type;
+
+#ifdef WC_NO_CONSTRUCTORS
+    (void)heap;
+#else
+    hash->heap = heap;
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_InitMd5_ex(&hash->md5, heap, devId);
+            ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_InitSha_ex(&hash->sha, heap, devId);
+            ret = wc_InitSha_ex(&hash->alg.sha, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_InitSha224_ex(&hash->sha224, heap, devId);
+            ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_InitSha256_ex(&hash->sha256, heap, devId);
+            ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_InitSha384_ex(&hash->sha384, heap, devId);
+            ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_InitSha512_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -738,35 +784,35 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_InitSha3_224(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_InitSha3_256(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_InitSha3_384(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_InitSha3_512(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_InitSm3(&hash->sm3, heap, devId);
+            ret = wc_InitSm3(&hash->alg.sm3, heap, devId);
             break;
     #endif
 
@@ -787,7 +833,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
             ret = BAD_FUNC_ARG;
     };
 
-    (void)heap;
     (void)devId;
 
     return ret;
@@ -801,47 +846,54 @@ int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type)
 int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
                   word32 dataSz)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
 
     if (hash == NULL || (data == NULL && dataSz > 0))
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash update type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Update(&hash->md5, data, dataSz);
+            ret = wc_Md5Update(&hash->alg.md5, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaUpdate(&hash->sha, data, dataSz);
+            ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Update(&hash->sha224, data, dataSz);
+            ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Update(&hash->sha256, data, dataSz);
+            ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Update(&hash->sha384, data, dataSz);
+            ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -850,35 +902,35 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_Sha512_256Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Update(&hash->sm3, data, dataSz);
+            ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz);
             break;
     #endif
 
@@ -904,47 +956,54 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
 
 int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
 
     if (hash == NULL || out == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash final type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Final(&hash->md5, out);
+            ret = wc_Md5Final(&hash->alg.md5, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaFinal(&hash->sha, out);
+            ret = wc_ShaFinal(&hash->alg.sha, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Final(&hash->sha224, out);
+            ret = wc_Sha224Final(&hash->alg.sha224, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Final(&hash->sha256, out);
+            ret = wc_Sha256Final(&hash->alg.sha256, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Final(&hash->sha384, out);
+            ret = wc_Sha384Final(&hash->alg.sha384, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Final(&hash->sha512, out);
+            ret = wc_Sha512Final(&hash->alg.sha512, out);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Final(&hash->sha512, out);
+            ret = wc_Sha512_224Final(&hash->alg.sha512, out);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -953,35 +1012,35 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_Sha512_256Final(&hash->sha512, out);
+            ret = wc_Sha512_256Final(&hash->alg.sha512, out);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224_Final(&hash->sha3, out);
+            ret = wc_Sha3_224_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256_Final(&hash->sha3, out);
+            ret = wc_Sha3_256_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384_Final(&hash->sha3, out);
+            ret = wc_Sha3_384_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512_Final(&hash->sha3, out);
+            ret = wc_Sha3_512_Final(&hash->alg.sha3, out);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Final(&hash->sm3, out);
+            ret = wc_Sm3Final(&hash->alg.sm3, out);
             break;
     #endif
 
@@ -1007,45 +1066,52 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
 
 int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
 
     if (hash == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash free type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            wc_Md5Free(&hash->md5);
+            wc_Md5Free(&hash->alg.md5);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            wc_ShaFree(&hash->sha);
+            wc_ShaFree(&hash->alg.sha);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            wc_Sha224Free(&hash->sha224);
+            wc_Sha224Free(&hash->alg.sha224);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            wc_Sha256Free(&hash->sha256);
+            wc_Sha256Free(&hash->alg.sha256);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            wc_Sha384Free(&hash->sha384);
+            wc_Sha384Free(&hash->alg.sha384);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            wc_Sha512Free(&hash->sha512);
+            wc_Sha512Free(&hash->alg.sha512);
             ret = 0;
 #endif
             break;
@@ -1053,7 +1119,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            wc_Sha512_224Free(&hash->sha512);
+            wc_Sha512_224Free(&hash->alg.sha512);
             ret = 0;
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1063,7 +1129,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            wc_Sha512_256Free(&hash->sha512);
+            wc_Sha512_256Free(&hash->alg.sha512);
             ret = 0;
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1071,32 +1137,32 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            wc_Sha3_224_Free(&hash->sha3);
+            wc_Sha3_224_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            wc_Sha3_256_Free(&hash->sha3);
+            wc_Sha3_256_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            wc_Sha3_384_Free(&hash->sha3);
+            wc_Sha3_384_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            wc_Sha3_512_Free(&hash->sha3);
+            wc_Sha3_512_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            wc_Sm3Free(&hash->sm3);
+            wc_Sm3Free(&hash->alg.sm3);
             ret = 0;
             break;
     #endif
@@ -1124,7 +1190,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
 #ifdef WOLFSSL_HASH_FLAGS
 int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
 
     if (hash == NULL)
         return BAD_FUNC_ARG;
@@ -1132,27 +1198,27 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5SetFlags(&hash->md5, flags);
+            ret = wc_Md5SetFlags(&hash->alg.md5, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaSetFlags(&hash->sha, flags);
+            ret = wc_ShaSetFlags(&hash->alg.sha, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224SetFlags(&hash->sha224, flags);
+            ret = wc_Sha224SetFlags(&hash->alg.sha224, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256SetFlags(&hash->sha256, flags);
+            ret = wc_Sha256SetFlags(&hash->alg.sha256, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384SetFlags(&hash->sha384, flags);
+            ret = wc_Sha384SetFlags(&hash->alg.sha384, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
@@ -1163,7 +1229,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
         case WC_HASH_TYPE_SHA512_256:
     #endif
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512SetFlags(&hash->sha512, flags);
+            ret = wc_Sha512SetFlags(&hash->alg.sha512, flags);
 #endif
             break;
 
@@ -1172,13 +1238,13 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
         case WC_HASH_TYPE_SHA3_384:
         case WC_HASH_TYPE_SHA3_512:
 #ifdef WOLFSSL_SHA3
-            ret = wc_Sha3_SetFlags(&hash->sha3, flags);
+            ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3SetFlags(&hash->sm3, flags);
+            ret = wc_Sm3SetFlags(&hash->alg.sm3, flags);
             break;
     #endif
 
@@ -1203,7 +1269,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
 }
 int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
 {
-    int ret = HASH_TYPE_E; /* Default to hash type error */
+    int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */
 
     if (hash == NULL)
         return BAD_FUNC_ARG;
@@ -1211,27 +1277,27 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5GetFlags(&hash->md5, flags);
+            ret = wc_Md5GetFlags(&hash->alg.md5, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaGetFlags(&hash->sha, flags);
+            ret = wc_ShaGetFlags(&hash->alg.sha, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224GetFlags(&hash->sha224, flags);
+            ret = wc_Sha224GetFlags(&hash->alg.sha224, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256GetFlags(&hash->sha256, flags);
+            ret = wc_Sha256GetFlags(&hash->alg.sha256, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384GetFlags(&hash->sha384, flags);
+            ret = wc_Sha384GetFlags(&hash->alg.sha384, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
@@ -1242,7 +1308,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         case WC_HASH_TYPE_SHA512_256:
     #endif
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512GetFlags(&hash->sha512, flags);
+            ret = wc_Sha512GetFlags(&hash->alg.sha512, flags);
 #endif
             break;
 
@@ -1251,13 +1317,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         case WC_HASH_TYPE_SHA3_384:
         case WC_HASH_TYPE_SHA3_512:
 #ifdef WOLFSSL_SHA3
-            ret = wc_Sha3_GetFlags(&hash->sha3, flags);
+            ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3GetFlags(&hash->sm3, flags);
+            ret = wc_Sm3GetFlags(&hash->alg.sm3, flags);
             break;
     #endif
 
@@ -1302,13 +1368,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitMd5_ex(md5, heap, devId)) != 0) {
             WOLFSSL_MSG("InitMd5 failed");
         }
@@ -1330,7 +1389,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Md5Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Md5Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Md5Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !NO_MD5 */
 
@@ -1351,13 +1417,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha_ex(sha, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha failed");
         }
@@ -1379,7 +1438,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_ShaHash(const byte* data, word32 len, byte* hash)
     {
-        return wc_ShaHash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_ShaHash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !NO_SHA */
 
@@ -1401,13 +1467,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha224_ex(sha224, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha224 failed");
         }
@@ -1429,7 +1488,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha224Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha224Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha224Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* WOLFSSL_SHA224 */
 
@@ -1451,13 +1517,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha256_ex(sha256, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha256 failed");
         }
@@ -1480,7 +1539,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha256Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha256Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !NO_SHA256 */
 
@@ -1505,13 +1571,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha512_ex(sha512, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha512 failed");
         }
@@ -1533,7 +1592,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha512Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha512Hash_ex(data, len, hash, NULL, devId);
     }
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #ifndef WOLFSSL_NOSHA512_224
@@ -1554,13 +1620,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha512_224_ex(sha512, heap, devId)) != 0) {
             WOLFSSL_MSG("wc_InitSha512_224 failed");
         }
@@ -1582,7 +1641,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha512_224Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha512_224Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha512_224Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA512_224 */
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1606,13 +1672,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha512_256_ex(sha512, heap, devId)) != 0) {
             WOLFSSL_MSG("wc_InitSha512_256 failed");
         }
@@ -1634,7 +1693,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha512_256Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha512_256Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha512_256Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA512_256 */
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1659,13 +1725,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha384_ex(sha384, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha384 failed");
         }
@@ -1687,7 +1746,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha384Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha384Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* WOLFSSL_SHA384 */
 
@@ -1710,13 +1776,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha3_224(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_224 failed");
         }
@@ -1738,7 +1797,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha3_224Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_224Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA3_224 */
 
@@ -1760,13 +1826,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha3_256(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_256 failed");
         }
@@ -1788,7 +1847,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha3_256Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_256Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA3_256 */
 
@@ -1810,13 +1876,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha3_384(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_384 failed");
         }
@@ -1838,7 +1897,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha3_384Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_384Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA3_384 */
 
@@ -1860,13 +1926,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSha3_512(sha3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSha3_512 failed");
         }
@@ -1888,7 +1947,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sha3_512Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sha3_512Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA3_512 */
 
@@ -1910,13 +1976,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitShake128(shake, heap, devId)) != 0) {
             WOLFSSL_MSG("InitShake128 failed");
         }
@@ -1939,8 +1998,15 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     int wc_Shake128Hash(const byte* data, word32 len, byte* hash,
                         word32 hashLen)
     {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
         return wc_Shake128Hash_ex(data, len, hash, hashLen,
-            NULL, INVALID_DEVID);
+            NULL, devId);
     }
 #endif /* WOLFSSL_SHAKE_128 */
 
@@ -1962,13 +2028,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitShake256(shake, heap, devId)) != 0) {
             WOLFSSL_MSG("InitShake256 failed");
         }
@@ -1991,8 +2050,15 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     int wc_Shake256Hash(const byte* data, word32 len, byte* hash,
                         word32 hashLen)
     {
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
         return wc_Shake256Hash_ex(data, len, hash, hashLen,
-            NULL, INVALID_DEVID);
+            NULL, devId);
     }
 #endif /* WOLFSSL_SHAKE_256 */
 #endif /* WOLFSSL_SHA3 */
@@ -2014,13 +2080,6 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
             return MEMORY_E;
     #endif
 
-    #ifdef WOLF_CRYPTO_CB
-        /* find devId if its not an empty hash */
-        if (devId == INVALID_DEVID && data != NULL && len > 0) {
-            devId = wc_CryptoCb_DefaultDevID();
-        }
-    #endif
-
         if ((ret = wc_InitSm3(sm3, heap, devId)) != 0) {
             WOLFSSL_MSG("InitSm3 failed");
         }
@@ -2042,7 +2101,14 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     }
     int wc_Sm3Hash(const byte* data, word32 len, byte* hash)
     {
-        return wc_Sm3Hash_ex(data, len, hash, NULL, INVALID_DEVID);
+        int devId = INVALID_DEVID;
+    #ifdef WOLF_CRYPTO_CB
+        /* find devId if its not an empty hash */
+        if (data != NULL && len > 0) {
+            devId = wc_CryptoCb_DefaultDevID();
+        }
+    #endif
+        return wc_Sm3Hash_ex(data, len, hash, NULL, devId);
     }
 #endif /* !WOLFSSL_NOSHA3_224 */
 
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 9a80cb1e2..9a7b82384 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -1,6 +1,6 @@
 /* hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,21 +24,20 @@
     #include <config.h>
 #endif
 
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
 #ifndef NO_HMAC
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-
+#if FIPS_VERSION3_GE(2,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$b")
-        #pragma const_seg(".fipsB$b")
+        #pragma code_seg(".fipsA$g")
+        #pragma const_seg(".fipsB$g")
     #endif
 #endif
 
@@ -64,6 +63,14 @@
     #define wc_HmacFinal   wc_HmacFinal_Software
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_hmac_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000008 };
+    int wolfCrypt_FIPS_HMAC_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 int wc_HmacSizeByType(int type)
 {
@@ -148,76 +155,72 @@ int wc_HmacSizeByType(int type)
     return ret;
 }
 
-int _InitHmac(Hmac* hmac, int type, void* heap)
+static int HmacKeyInitHash(wc_HmacHash* hash, int type, void* heap, int devId)
 {
     int ret = 0;
-#ifdef WOLF_CRYPTO_CB
-    int devId = hmac->devId;
-#else
-    int devId = INVALID_DEVID;
-#endif
+
     switch (type) {
     #ifndef NO_MD5
         case WC_MD5:
-            ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId);
+            ret = wc_InitMd5_ex(&hash->md5, heap, devId);
             break;
     #endif /* !NO_MD5 */
 
     #ifndef NO_SHA
         case WC_SHA:
-            ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId);
+            ret = wc_InitSha_ex(&hash->sha, heap, devId);
             break;
     #endif /* !NO_SHA */
 
     #ifdef WOLFSSL_SHA224
         case WC_SHA224:
-            ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId);
+            ret = wc_InitSha224_ex(&hash->sha224, heap, devId);
             break;
     #endif /* WOLFSSL_SHA224 */
 
     #ifndef NO_SHA256
         case WC_SHA256:
-            ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId);
+            ret = wc_InitSha256_ex(&hash->sha256, heap, devId);
             break;
     #endif /* !NO_SHA256 */
 
     #ifdef WOLFSSL_SHA384
         case WC_SHA384:
-            ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId);
+            ret = wc_InitSha384_ex(&hash->sha384, heap, devId);
             break;
     #endif /* WOLFSSL_SHA384 */
     #ifdef WOLFSSL_SHA512
         case WC_SHA512:
-            ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId);
+            ret = wc_InitSha512_ex(&hash->sha512, heap, devId);
             break;
     #endif /* WOLFSSL_SHA512 */
 
     #ifdef WOLFSSL_SHA3
     #ifndef WOLFSSL_NOSHA3_224
         case WC_SHA3_224:
-            ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_224(&hash->sha3, heap, devId);
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_256
         case WC_SHA3_256:
-            ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_256(&hash->sha3, heap, devId);
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_384
         case WC_SHA3_384:
-            ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_384(&hash->sha3, heap, devId);
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_512
         case WC_SHA3_512:
-            ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_512(&hash->sha3, heap, devId);
             break;
     #endif
     #endif
 
     #ifdef WOLFSSL_SM3
         case WC_SM3:
-            ret = wc_InitSm3(&hmac->hash.sm3, heap, devId);
+            ret = wc_InitSm3(&hash->sm3, heap, devId);
             break;
     #endif
 
@@ -226,6 +229,22 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
             break;
     }
 
+    return ret;
+}
+
+int _InitHmac(Hmac* hmac, int type, void* heap)
+{
+    int ret;
+#ifdef WOLF_CRYPTO_CB
+    int devId = hmac->devId;
+#else
+    int devId = INVALID_DEVID;
+#endif
+
+    ret = HmacKeyInitHash(&hmac->hash, type, heap, devId);
+    if (ret != 0)
+        return ret;
+
     /* default to NULL heap hint or test value */
 #ifdef WOLFSSL_HEAP_TEST
     hmac->heap = (void*)WOLFSSL_HEAP_TEST;
@@ -236,8 +255,161 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
     return ret;
 }
 
+#ifdef WOLFSSL_HMAC_COPY_HASH
+static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
+{
+    int ret = 0;
 
-int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
+    switch (macType) {
+    #ifndef NO_MD5
+        case WC_MD5:
+            ret = wc_Md5Copy(&src->md5, &dst->md5);
+            break;
+    #endif /* !NO_MD5 */
+
+    #ifndef NO_SHA
+        case WC_SHA:
+            ret = wc_ShaCopy(&src->sha, &dst->sha);
+            break;
+    #endif /* !NO_SHA */
+
+    #ifdef WOLFSSL_SHA224
+        case WC_SHA224:
+            ret = wc_Sha224Copy(&src->sha224, &dst->sha224);
+            break;
+    #endif /* WOLFSSL_SHA224 */
+    #ifndef NO_SHA256
+        case WC_SHA256:
+            ret = wc_Sha256Copy(&src->sha256, &dst->sha256);
+            break;
+    #endif /* !NO_SHA256 */
+
+    #ifdef WOLFSSL_SHA384
+        case WC_SHA384:
+            ret = wc_Sha384Copy(&src->sha384, &dst->sha384);
+            break;
+    #endif /* WOLFSSL_SHA384 */
+    #ifdef WOLFSSL_SHA512
+        case WC_SHA512:
+            ret = wc_Sha512Copy(&src->sha512, &dst->sha512);
+            break;
+    #endif /* WOLFSSL_SHA512 */
+
+    #ifdef WOLFSSL_SHA3
+    #ifndef WOLFSSL_NOSHA3_224
+        case WC_SHA3_224:
+            ret = wc_Sha3_224_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_256
+        case WC_SHA3_256:
+            ret = wc_Sha3_256_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_384
+        case WC_SHA3_384:
+            ret = wc_Sha3_384_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_512
+        case WC_SHA3_512:
+            ret = wc_Sha3_512_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #endif /* WOLFSSL_SHA3 */
+
+    #ifdef WOLFSSL_SM3
+        case WC_SM3:
+            ret = wc_Sm3Copy(&src->sm3, &dst->sm3);
+            break;
+    #endif
+
+        default:
+            break;
+    }
+
+    return ret;
+}
+#endif
+
+static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad)
+{
+    int ret = 0;
+
+    switch (macType) {
+    #ifndef NO_MD5
+        case WC_MD5:
+            ret = wc_Md5Update(&hash->md5, pad, WC_MD5_BLOCK_SIZE);
+            break;
+    #endif /* !NO_MD5 */
+
+    #ifndef NO_SHA
+        case WC_SHA:
+            ret = wc_ShaUpdate(&hash->sha, pad, WC_SHA_BLOCK_SIZE);
+            break;
+    #endif /* !NO_SHA */
+
+    #ifdef WOLFSSL_SHA224
+        case WC_SHA224:
+            ret = wc_Sha224Update(&hash->sha224, pad, WC_SHA224_BLOCK_SIZE);
+            break;
+    #endif /* WOLFSSL_SHA224 */
+    #ifndef NO_SHA256
+        case WC_SHA256:
+            ret = wc_Sha256Update(&hash->sha256, pad, WC_SHA256_BLOCK_SIZE);
+            break;
+    #endif /* !NO_SHA256 */
+
+    #ifdef WOLFSSL_SHA384
+        case WC_SHA384:
+            ret = wc_Sha384Update(&hash->sha384, pad, WC_SHA384_BLOCK_SIZE);
+            break;
+    #endif /* WOLFSSL_SHA384 */
+    #ifdef WOLFSSL_SHA512
+        case WC_SHA512:
+            ret = wc_Sha512Update(&hash->sha512, pad, WC_SHA512_BLOCK_SIZE);
+            break;
+    #endif /* WOLFSSL_SHA512 */
+
+    #ifdef WOLFSSL_SHA3
+    #ifndef WOLFSSL_NOSHA3_224
+        case WC_SHA3_224:
+            ret = wc_Sha3_224_Update(&hash->sha3, pad, WC_SHA3_224_BLOCK_SIZE);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_256
+        case WC_SHA3_256:
+            ret = wc_Sha3_256_Update(&hash->sha3, pad, WC_SHA3_256_BLOCK_SIZE);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_384
+        case WC_SHA3_384:
+            ret = wc_Sha3_384_Update(&hash->sha3, pad, WC_SHA3_384_BLOCK_SIZE);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_512
+        case WC_SHA3_512:
+            ret = wc_Sha3_512_Update(&hash->sha3, pad, WC_SHA3_512_BLOCK_SIZE);
+            break;
+    #endif
+    #endif /* WOLFSSL_SHA3 */
+
+    #ifdef WOLFSSL_SM3
+        case WC_SM3:
+            ret = wc_Sm3Update(&hash->sm3, pad, WC_SM3_BLOCK_SIZE);
+            break;
+    #endif
+
+        default:
+            break;
+    }
+
+    return ret;
+}
+
+
+int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
+                     int allowFlag)
 {
 #ifndef WOLFSSL_MAXQ108X
     byte*  ip;
@@ -259,14 +431,21 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
         return BAD_FUNC_ARG;
     }
 
-#ifndef HAVE_FIPS
+    heap = hmac->heap;
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     /* if set key has already been run then make sure and free existing */
     /* This is for async and PIC32MZ situations, and just normally OK,
        provided the user calls wc_HmacInit() first. That function is not
        available in FIPS builds. In current FIPS builds, the hashes are
        not allocating resources. */
     if (hmac->macType != WC_HASH_TYPE_NONE) {
+    #ifdef WOLF_CRYPTO_CB
+        int devId = hmac->devId;
+    #endif
         wc_HmacFree(hmac);
+    #ifdef WOLF_CRYPTO_CB
+        hmac->devId = devId;
+    #endif
     }
 #endif
 
@@ -277,12 +456,40 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
     if (ret != 0)
         return ret;
 
-#ifdef HAVE_FIPS
-    if (length < HMAC_FIPS_MIN_KEY) {
-        WOLFSSL_ERROR_VERBOSE(HMAC_MIN_KEYLEN_E);
-        return HMAC_MIN_KEYLEN_E;
+    /* Regarding the password length:
+     * SP800-107r1 ss 5.3.2 states: "An HMAC key shall have a security strength
+     * that meets or exceeds the security strength required to protect the data
+     * over which the HMAC is computed" then refers to SP800-133 for HMAC keys
+     * generation.
+     *
+     * SP800-133r2 ss 6.2.3 states: "When a key is generated from a password,
+     * the entropy provided (and thus, the maximum security strength that can be
+     * supported by the generated key) shall be considered to be zero unless the
+     * password is generated using an approved RBG"
+     *
+     * wolfSSL Notes: The statement from SP800-133r2 applies to
+     * all password lengths. Any human generated password is considered to have
+     * 0 security strength regardless of length, there is no minimum length that
+     * is OK or will provide any amount of security strength other than 0. If
+     * a security strength is required users shall generate random passwords
+     * using a FIPS approved RBG of sufficient length that any HMAC key
+     * generated from that password can claim to inherit the needed security
+     * strength from that input.
+     */
+
+    /* In light of the above, Loosen past restriction that limited passwords to
+     * no less than 14-bytes to allow for shorter Passwords.
+     * User needs to pass true (non-zero) to override historical behavior that
+     * prevented use of any password less than 14-bytes. ALL non-RBG generated
+     * passwords shall inherit a security strength of zero
+     * (no security strength)
+     */
+    if (!allowFlag) {
+        if (length < HMAC_FIPS_MIN_KEY) {
+            WOLFSSL_ERROR_VERBOSE(HMAC_MIN_KEYLEN_E);
+            return HMAC_MIN_KEYLEN_E;
+        }
     }
-#endif
 
 #ifdef WOLF_CRYPTO_CB
     hmac->keyRaw = key; /* use buffer directly */
@@ -560,101 +767,44 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
         }
     }
 
+#ifdef WOLFSSL_HMAC_COPY_HASH
+    if ( ret == 0) {
+    #ifdef WOLF_CRYPTO_CB
+        int devId = hmac->devId;
+    #else
+        int devId = INVALID_DEVID;
+    #endif
+
+        ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, heap, devId);
+        if (ret != 0)
+            return ret;
+        ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, heap, devId);
+        if (ret != 0)
+            return ret;
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash, ip);
+        if (ret != 0)
+            return ret;
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash, op);
+        if (ret != 0)
+            return ret;
+    }
+#endif
+
     return ret;
 #endif /* WOLFSSL_MAXQ108X */
 }
 
-
-static int HmacKeyInnerHash(Hmac* hmac)
+int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 {
-    int ret = 0;
-
-    switch (hmac->macType) {
-    #ifndef NO_MD5
-        case WC_MD5:
-            ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->ipad,
-                                                             WC_MD5_BLOCK_SIZE);
-            break;
-    #endif /* !NO_MD5 */
-
-    #ifndef NO_SHA
-        case WC_SHA:
-            ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->ipad,
-                                                             WC_SHA_BLOCK_SIZE);
-            break;
-    #endif /* !NO_SHA */
-
-    #ifdef WOLFSSL_SHA224
-        case WC_SHA224:
-            ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->ipad,
-                                                          WC_SHA224_BLOCK_SIZE);
-            break;
-    #endif /* WOLFSSL_SHA224 */
-    #ifndef NO_SHA256
-        case WC_SHA256:
-            ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->ipad,
-                                                          WC_SHA256_BLOCK_SIZE);
-            break;
-    #endif /* !NO_SHA256 */
-
-    #ifdef WOLFSSL_SHA384
-        case WC_SHA384:
-            ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->ipad,
-                                                          WC_SHA384_BLOCK_SIZE);
-            break;
-    #endif /* WOLFSSL_SHA384 */
-    #ifdef WOLFSSL_SHA512
-        case WC_SHA512:
-            ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->ipad,
-                                                          WC_SHA512_BLOCK_SIZE);
-            break;
-    #endif /* WOLFSSL_SHA512 */
-
-    #ifdef WOLFSSL_SHA3
-    #ifndef WOLFSSL_NOSHA3_224
-        case WC_SHA3_224:
-            ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_224_BLOCK_SIZE);
-            break;
+    int allowFlag;
+    #if defined(HAVE_FIPS)
+        allowFlag = 0; /* default false for FIPS cases */
+    #else
+        allowFlag = 1; /* default true for all non-FIPS cases */
     #endif
-    #ifndef WOLFSSL_NOSHA3_256
-        case WC_SHA3_256:
-            ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_256_BLOCK_SIZE);
-            break;
-    #endif
-    #ifndef WOLFSSL_NOSHA3_384
-        case WC_SHA3_384:
-            ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_384_BLOCK_SIZE);
-            break;
-    #endif
-    #ifndef WOLFSSL_NOSHA3_512
-        case WC_SHA3_512:
-            ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_512_BLOCK_SIZE);
-            break;
-    #endif
-    #endif /* WOLFSSL_SHA3 */
-
-    #ifdef WOLFSSL_SM3
-        case WC_SM3:
-            ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->ipad,
-                                                             WC_SM3_BLOCK_SIZE);
-            break;
-    #endif
-
-        default:
-            break;
-    }
-
-    if (ret == 0)
-        hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
-
-    return ret;
+    return wc_HmacSetKey_ex(hmac, type, key, length, allowFlag);
 }
 
-
 int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
 {
     int ret = 0;
@@ -666,7 +816,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
 #ifdef WOLF_CRYPTO_CB
     if (hmac->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Hmac(hmac, hmac->macType, msg, length, NULL);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
         ret = 0; /* reset error code */
@@ -686,9 +836,14 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     if (!hmac->innerHashKeyed) {
-        ret = HmacKeyInnerHash(hmac);
+#ifndef WOLFSSL_HMAC_COPY_HASH
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad);
+#else
+        ret = HmacKeyCopyHash(hmac->macType, &hmac->i_hash, &hmac->hash);
+#endif
         if (ret != 0)
             return ret;
+        hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
     }
 
     switch (hmac->macType) {
@@ -775,7 +930,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
 #ifdef WOLF_CRYPTO_CB
     if (hmac->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_Hmac(hmac, hmac->macType, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -798,9 +953,14 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     if (!hmac->innerHashKeyed) {
-        ret = HmacKeyInnerHash(hmac);
+#ifndef WOLFSSL_HMAC_COPY_HASH
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad);
+#else
+        ret = HmacKeyCopyHash(hmac->macType, &hmac->i_hash, &hmac->hash);
+#endif
         if (ret != 0)
             return ret;
+        hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
     }
 
     switch (hmac->macType) {
@@ -809,8 +969,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad,
                                                              WC_MD5_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_MD5, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash,
@@ -826,8 +990,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
                                                              WC_SHA_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
@@ -843,8 +1011,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad,
                                                           WC_SHA224_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA224, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash,
@@ -861,8 +1033,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
                                                           WC_SHA256_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA256, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash,
@@ -878,8 +1054,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
                                                           WC_SHA384_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA384, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash,
@@ -894,8 +1074,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad,
                                                           WC_SHA512_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA512, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash,
@@ -912,8 +1096,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_224_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_224, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -928,8 +1116,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_256_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_256, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -944,8 +1136,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_384_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_384, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -960,8 +1156,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_512_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_512, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -978,8 +1178,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sm3Final(&hmac->hash.sm3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->opad,
                                                              WC_SM3_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SM3, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->innerHash,
@@ -1110,34 +1314,58 @@ void wc_HmacFree(Hmac* hmac)
     #ifndef NO_MD5
         case WC_MD5:
             wc_Md5Free(&hmac->hash.md5);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Md5Free(&hmac->i_hash.md5);
+            wc_Md5Free(&hmac->o_hash.md5);
+        #endif
             break;
     #endif /* !NO_MD5 */
 
     #ifndef NO_SHA
         case WC_SHA:
             wc_ShaFree(&hmac->hash.sha);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_ShaFree(&hmac->i_hash.sha);
+            wc_ShaFree(&hmac->o_hash.sha);
+        #endif
             break;
     #endif /* !NO_SHA */
 
     #ifdef WOLFSSL_SHA224
         case WC_SHA224:
             wc_Sha224Free(&hmac->hash.sha224);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha224Free(&hmac->i_hash.sha224);
+            wc_Sha224Free(&hmac->o_hash.sha224);
+        #endif
             break;
     #endif /* WOLFSSL_SHA224 */
     #ifndef NO_SHA256
         case WC_SHA256:
             wc_Sha256Free(&hmac->hash.sha256);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha256Free(&hmac->i_hash.sha256);
+            wc_Sha256Free(&hmac->o_hash.sha256);
+        #endif
             break;
     #endif /* !NO_SHA256 */
 
     #ifdef WOLFSSL_SHA384
         case WC_SHA384:
             wc_Sha384Free(&hmac->hash.sha384);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha384Free(&hmac->i_hash.sha384);
+            wc_Sha384Free(&hmac->o_hash.sha384);
+        #endif
             break;
     #endif /* WOLFSSL_SHA384 */
     #ifdef WOLFSSL_SHA512
         case WC_SHA512:
             wc_Sha512Free(&hmac->hash.sha512);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha512Free(&hmac->i_hash.sha512);
+            wc_Sha512Free(&hmac->o_hash.sha512);
+        #endif
             break;
     #endif /* WOLFSSL_SHA512 */
 
@@ -1145,21 +1373,37 @@ void wc_HmacFree(Hmac* hmac)
     #ifndef WOLFSSL_NOSHA3_224
         case WC_SHA3_224:
             wc_Sha3_224_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_224_Free(&hmac->i_hash.sha3);
+            wc_Sha3_224_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_256
         case WC_SHA3_256:
             wc_Sha3_256_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_256_Free(&hmac->i_hash.sha3);
+            wc_Sha3_256_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_384
         case WC_SHA3_384:
             wc_Sha3_384_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_384_Free(&hmac->i_hash.sha3);
+            wc_Sha3_384_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_512
         case WC_SHA3_512:
             wc_Sha3_512_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_512_Free(&hmac->i_hash.sha3);
+            wc_Sha3_512_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #endif /* WOLFSSL_SHA3 */
@@ -1167,6 +1411,10 @@ void wc_HmacFree(Hmac* hmac)
     #ifdef WOLFSSL_SM3
         case WC_SM3:
             wc_Sm3Free(&hmac->hash.sm3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sm3Free(&hmac->i_hash.sm3);
+            wc_Sm3Free(&hmac->i_hash.sm3);
+        #endif
             break;
     #endif
 
@@ -1230,7 +1478,12 @@ int wolfSSL_GetHmacMaxSize(void)
 
         ret = wc_HmacInit(myHmac, heap, devId);
         if (ret == 0) {
+        #if FIPS_VERSION3_GE(6,0,0)
+            ret = wc_HmacSetKey_ex(myHmac, type, localSalt, saltSz,
+                                   FIPS_ALLOW_SHORT);
+        #else
             ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
+        #endif
             if (ret == 0)
                 ret = wc_HmacUpdate(myHmac, inKey, inKeySz);
             if (ret == 0)
@@ -1311,7 +1564,12 @@ int wolfSSL_GetHmacMaxSize(void)
             word32 tmpSz = (n == 1) ? 0 : hashSz;
             word32 left = outSz - outIdx;
 
+        #if FIPS_VERSION3_GE(6,0,0)
+            ret = wc_HmacSetKey_ex(myHmac, type, inKey, inKeySz,
+                                   FIPS_ALLOW_SHORT);
+        #else
             ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz);
+        #endif
             if (ret != 0)
                 break;
             ret = wc_HmacUpdate(myHmac, tmp, tmpSz);
diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c
index 6502d3bd8..cef2ab83d 100644
--- a/wolfcrypt/src/hpke.c
+++ b/wolfcrypt/src/hpke.c
@@ -1,6 +1,6 @@
 /* hpke.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -256,13 +256,13 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
         case HPKE_AES_128_GCM:
             hpke->Nk = AES_128_KEY_SIZE;
             hpke->Nn = GCM_NONCE_MID_SZ;
-            hpke->Nt = AES_BLOCK_SIZE;
+            hpke->Nt = WC_AES_BLOCK_SIZE;
             break;
 
         case HPKE_AES_256_GCM:
             hpke->Nk = AES_256_KEY_SIZE;
             hpke->Nn = GCM_NONCE_MID_SZ;
-            hpke->Nt = AES_BLOCK_SIZE;
+            hpke->Nt = WC_AES_BLOCK_SIZE;
             break;
 
         default:
@@ -1035,8 +1035,10 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey,
 #ifdef ECC_TIMING_RESISTANT
                 rng = wc_rng_new(NULL, 0, hpke->heap);
 
-                if (rng == NULL)
-                    return RNG_FAILURE_E;
+                if (rng == NULL) {
+                    ret = RNG_FAILURE_E;
+                    break;
+                }
 
                 wc_ecc_set_rng((ecc_key*)receiverKey, rng);
 #endif
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index 2a501411f..1cdaf4282 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -15,6 +15,9 @@ EXTRA_DIST += wolfcrypt/src/evp.c
 EXTRA_DIST += wolfcrypt/src/asm.c
 EXTRA_DIST += wolfcrypt/src/aes_asm.asm
 EXTRA_DIST += wolfcrypt/src/aes_gcm_asm.asm
+EXTRA_DIST += wolfcrypt/src/aes_xts_asm.asm
+EXTRA_DIST += wolfcrypt/src/chacha_asm.asm
+EXTRA_DIST += wolfcrypt/src/poly1305_asm.asm
 EXTRA_DIST += wolfcrypt/src/wc_dsp.c
 EXTRA_DIST += wolfcrypt/src/sp_dsp32.c
 EXTRA_DIST += wolfcrypt/src/sp_x86_64_asm.asm
@@ -52,7 +55,7 @@ EXTRA_DIST += \
               wolfcrypt/src/fp_sqr_comba_8.i \
               wolfcrypt/src/fp_sqr_comba_9.i \
               wolfcrypt/src/fp_sqr_comba_small_set.i \
-              wolfcrypt/src/fe_x25519_128.i
+              wolfcrypt/src/fe_x25519_128.h
 
 EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/ti/ti-des3.c \
@@ -100,6 +103,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/st/stm32.c \
               wolfcrypt/src/port/st/stsafe.c \
               wolfcrypt/src/port/st/README.md \
+              wolfcrypt/src/port/st/STM32MP13.md \
               wolfcrypt/src/port/af_alg/afalg_aes.c \
               wolfcrypt/src/port/af_alg/afalg_hash.c \
               wolfcrypt/src/port/kcapi/kcapi_aes.c \
@@ -117,6 +121,15 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Espressif/esp32_sha.c \
               wolfcrypt/src/port/Espressif/esp32_util.c \
               wolfcrypt/src/port/Espressif/esp32_mp.c \
+              wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \
+              wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \
+              wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem \
               wolfcrypt/src/port/Espressif/README.md \
               wolfcrypt/src/port/arm/cryptoCell.c \
               wolfcrypt/src/port/arm/cryptoCellHash.c \
@@ -132,7 +145,12 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
               wolfcrypt/src/port/Renesas/README.md \
-              wolfcrypt/src/port/cypress/psoc6_crypto.c
+              wolfcrypt/src/port/cypress/psoc6_crypto.c \
+              wolfcrypt/src/port/liboqs/liboqs.c \
+              wolfcrypt/src/port/maxim/max3266x.c \
+              wolfcrypt/src/ASN_TEMPLATE.md \
+              wolfcrypt/src/port/rpi_pico/pico.c \
+              wolfcrypt/src/port/rpi_pico/README.md
 
 $(ASYNC_FILES):
 	$(AM_V_at)touch $(srcdir)/$@
@@ -213,3 +231,6 @@ if BUILD_MAXQ10XX
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/maxim/maxq10xx.c
 endif
 EXTRA_DIST += wolfcrypt/src/port/maxim/README.md
+
+include wolfcrypt/src/port/autosar/include.am
+
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 21ae2353a..8ecabf552 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -1,6 +1,6 @@
 /* integer.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -409,11 +409,10 @@ int mp_copy (const mp_int * a, mp_int * b)
 /* grow as required */
 int mp_grow (mp_int * a, int size)
 {
-  int     i;
   mp_digit *tmp;
 
   /* if the alloc size is smaller alloc more ram */
-  if (a->alloc < size || size == 0) {
+  if ((a->alloc < size) || (size == 0) || (a->alloc == 0)) {
     /* ensure there are always at least MP_PREC digits extra on top */
     size += (MP_PREC * 2) - (size % MP_PREC);
 
@@ -434,11 +433,12 @@ int mp_grow (mp_int * a, int size)
     a->dp = tmp;
 
     /* zero excess digits */
-    i        = a->alloc;
+    XMEMSET(&a->dp[a->alloc], 0, sizeof (mp_digit) * (size - a->alloc));
     a->alloc = size;
-    for (; i < a->alloc; i++) {
-      a->dp[i] = 0;
-    }
+  }
+  else if (a->dp == NULL) {
+      /* opportunistic sanity check for null a->dp with nonzero a->alloc */
+      return MP_VAL;
   }
   return MP_OKAY;
 }
@@ -1758,6 +1758,13 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
     /* destination */
     tmpc = c->dp;
 
+    /* sanity-check dp pointers. */
+    if ((min_ab > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL) || (tmpc == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* zero the carry */
     u = 0;
     for (i = 0; i < min_ab; i++) {
@@ -1833,6 +1840,13 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
     tmpb = b->dp;
     tmpc = c->dp;
 
+    /* sanity-check dp pointers from a and b. */
+    if ((min_b > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* set carry to zero */
     u = 0;
     for (i = 0; i < min_b; i++) {
@@ -3290,6 +3304,10 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
   q.used = a->used;
   q.sign = a->sign;
   w = 0;
+
+  if (a->used == 0)
+      return MP_VAL;
+
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
 
@@ -3332,8 +3350,6 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
 /* init an mp_init for a given size */
 int mp_init_size (mp_int * a, int size)
 {
-  int x;
-
   /* pad size so there are always extra digits */
   size += (MP_PREC * 2) - (size % MP_PREC);
 
@@ -3353,9 +3369,7 @@ int mp_init_size (mp_int * a, int size)
 #endif
 
   /* zero the digits */
-  for (x = 0; x < size; x++) {
-      a->dp[x] = 0;
-  }
+  XMEMSET(a->dp, 0, sizeof (mp_digit) * size);
 
   return MP_OKAY;
 }
@@ -4681,8 +4695,11 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
       }
   }
 
-
   w = 0;
+
+  if (a->used == 0)
+      return MP_VAL;
+
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
 
@@ -5358,6 +5375,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
     ++str;
   }
 
+  /* Skip whitespace at end of str */
+  while (CharIsWhiteSpace(*str))
+    ++str;
   /* if digit in isn't null term, then invalid character was found */
   if (*str != '\0') {
      mp_zero (a);
diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c
index 2bda46ef7..9ee2791ac 100644
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@@ -1,6 +1,6 @@
 /* kdf.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,21 +24,20 @@
     #include <config.h>
 #endif
 
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
 #ifndef NO_KDF
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-
+#if FIPS_VERSION3_GE(5,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$m")
-        #pragma const_seg(".fipsB$m")
+        #pragma code_seg(".fipsA$h")
+        #pragma const_seg(".fipsB$h")
     #endif
 #endif
 
@@ -56,6 +55,14 @@
 #include <wolfssl/wolfcrypt/aes.h>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_kdf_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000009 };
+    int wolfCrypt_FIPS_KDF_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC)
 
@@ -78,11 +85,9 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
     word32 lastTime;
     int    ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    byte*  previous;
     byte*  current;
     Hmac*  hmac;
 #else
-    byte   previous[P_HASH_MAX_SIZE];  /* max size */
     byte   current[P_HASH_MAX_SIZE];   /* max size */
     Hmac   hmac[1];
 #endif
@@ -147,19 +152,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
     lastTime = times - 1;
 
 #ifdef WOLFSSL_SMALL_STACK
-    previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
-    current  = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
-    hmac     = (Hmac*)XMALLOC(sizeof(Hmac),    heap, DYNAMIC_TYPE_HMAC);
-    if (previous == NULL || current == NULL || hmac == NULL) {
-        if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
-        if (current)  XFREE(current,  heap, DYNAMIC_TYPE_DIGEST);
-        if (hmac)     XFREE(hmac,     heap, DYNAMIC_TYPE_HMAC);
+    current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
+    hmac    = (Hmac*)XMALLOC(sizeof(Hmac),    heap, DYNAMIC_TYPE_HMAC);
+    if (current == NULL || hmac == NULL) {
+        XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
+        XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
         return MEMORY_E;
     }
 #endif
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    XMEMSET(previous, 0xff, P_HASH_MAX_SIZE);
-    wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
+    XMEMSET(current, 0xff, P_HASH_MAX_SIZE);
     wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
     wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
 #endif
@@ -170,53 +172,53 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
         if (ret == 0)
             ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */
         if (ret == 0)
-            ret = wc_HmacFinal(hmac, previous);       /* A1 */
+            ret = wc_HmacFinal(hmac, current);        /* A1 */
         if (ret == 0) {
             word32 i;
             word32 idx = 0;
 
             for (i = 0; i < times; i++) {
-                ret = wc_HmacUpdate(hmac, previous, len);
+                ret = wc_HmacUpdate(hmac, current, len);
                 if (ret != 0)
                     break;
                 ret = wc_HmacUpdate(hmac, seed, seedLen);
                 if (ret != 0)
                     break;
-                ret = wc_HmacFinal(hmac, current);
-                if (ret != 0)
-                    break;
+                if ((i != lastTime) || !lastLen) {
+                    ret = wc_HmacFinal(hmac, &result[idx]);
+                    if (ret != 0)
+                        break;
+                    idx += len;
 
-                if ((i == lastTime) && lastLen)
+                    ret = wc_HmacUpdate(hmac, current, len);
+                    if (ret != 0)
+                        break;
+                    ret = wc_HmacFinal(hmac, current);
+                    if (ret != 0)
+                        break;
+                }
+                else {
+                    ret = wc_HmacFinal(hmac, current);
+                    if (ret != 0)
+                        break;
                     XMEMCPY(&result[idx], current,
                                              min(lastLen, P_HASH_MAX_SIZE));
-                else {
-                    XMEMCPY(&result[idx], current, len);
-                    idx += len;
-                    ret = wc_HmacUpdate(hmac, previous, len);
-                    if (ret != 0)
-                        break;
-                    ret = wc_HmacFinal(hmac, previous);
-                    if (ret != 0)
-                        break;
                 }
             }
         }
         wc_HmacFree(hmac);
     }
 
-    ForceZero(previous,  P_HASH_MAX_SIZE);
-    ForceZero(current,   P_HASH_MAX_SIZE);
-    ForceZero(hmac,      sizeof(Hmac));
+    ForceZero(current, P_HASH_MAX_SIZE);
+    ForceZero(hmac,    sizeof(Hmac));
 
 #if defined(WOLFSSL_CHECK_MEM_ZERO)
-    wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
-    wc_MemZero_Check(current,  P_HASH_MAX_SIZE);
-    wc_MemZero_Check(hmac,     sizeof(Hmac));
+    wc_MemZero_Check(current, P_HASH_MAX_SIZE);
+    wc_MemZero_Check(hmac,    sizeof(Hmac));
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
-    XFREE(current,  heap, DYNAMIC_TYPE_DIGEST);
+    XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
     XFREE(hmac,     heap, DYNAMIC_TYPE_HMAC);
 #endif
 
@@ -300,6 +302,16 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 {
     int ret = 0;
 
+#ifdef WOLFSSL_DEBUG_TLS
+    WOLFSSL_MSG("  secret");
+    WOLFSSL_BUFFER(secret, secLen);
+    WOLFSSL_MSG("  label");
+    WOLFSSL_BUFFER(label, labLen);
+    WOLFSSL_MSG("  seed");
+    WOLFSSL_BUFFER(seed, seedLen);
+#endif
+
+
     if (useAtLeastSha256) {
     #ifdef WOLFSSL_SMALL_STACK
         byte* labelSeed;
@@ -344,6 +356,12 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 #endif
     }
 
+#ifdef WOLFSSL_DEBUG_TLS
+    WOLFSSL_MSG("  digest");
+    WOLFSSL_BUFFER(digest, digLen);
+    WOLFSSL_MSG_EX("hash_type %d", hash_type);
+#endif
+
     return ret;
 }
 #endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */
@@ -542,14 +560,14 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         const byte* info, word32 infoLen, int digest, void* heap)
     {
         int    ret = 0;
-        int    idx = 0;
-        int    len;
+        word32 idx = 0;
+        size_t len;
         byte   *data;
 
         (void)heap;
         /* okmLen (2) + protocol|label len (1) + info len(1) + protocollen +
          * labellen + infolen */
-        len = 4 + protocolLen + labelLen + infoLen;
+        len = 4U + protocolLen + labelLen + infoLen;
 
         data = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (data == NULL)
@@ -637,7 +655,7 @@ typedef union {
 static
 int _HashInit(byte hashId, _hash* hash)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (hashId) {
     #ifndef NO_SHA
@@ -662,6 +680,9 @@ int _HashInit(byte hashId, _hash* hash)
             ret = wc_InitSha512(&hash->sha512);
             break;
     #endif /* WOLFSSL_SHA512 */
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
     }
 
     return ret;
@@ -671,7 +692,7 @@ static
 int _HashUpdate(byte hashId, _hash* hash,
         const byte* data, word32 dataSz)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (hashId) {
     #ifndef NO_SHA
@@ -696,6 +717,9 @@ int _HashUpdate(byte hashId, _hash* hash,
             ret = wc_Sha512Update(&hash->sha512, data, dataSz);
             break;
     #endif /* WOLFSSL_SHA512 */
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
     }
 
     return ret;
@@ -704,7 +728,7 @@ int _HashUpdate(byte hashId, _hash* hash,
 static
 int _HashFinal(byte hashId, _hash* hash, byte* digest)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (hashId) {
     #ifndef NO_SHA
@@ -729,6 +753,9 @@ int _HashFinal(byte hashId, _hash* hash, byte* digest)
             ret = wc_Sha512Final(&hash->sha512, digest);
             break;
     #endif /* WOLFSSL_SHA512 */
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
     }
 
     return ret;
@@ -787,7 +814,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_HmacSizeByType(enmhashId);
+    ret = wc_HmacSizeByType((int)enmhashId);
     if (ret <= 0) {
         return BAD_FUNC_ARG;
     }
@@ -888,12 +915,12 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
  * @param [out] block    First block to encrypt.
  */
 static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
-        const byte* index, byte indexSz, unsigned char* block)
+        const byte* index, int indexSz, unsigned char* block)
 {
-    word32 i;
+    int i;
 
     /* XOR salt into zeroized buffer. */
-    for (i = 0; i < WC_SRTP_MAX_SALT - saltSz; i++) {
+    for (i = 0; i < WC_SRTP_MAX_SALT - (int)saltSz; i++) {
         block[i] = 0;
     }
     XMEMCPY(block + WC_SRTP_MAX_SALT - saltSz, salt, saltSz);
@@ -915,11 +942,11 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
         }
         else {
             /* XOR in as bit shifted index. */
-            block[WC_SRTP_MAX_SALT - indexSz] ^= index[0] >> bits;
+            block[WC_SRTP_MAX_SALT - indexSz] ^= (byte)(index[0] >> bits);
             for (i = 1; i < indexSz; i++) {
                 block[i + WC_SRTP_MAX_SALT - indexSz] ^=
-                    (index[i-1] << (8 - bits)) |
-                    (index[i+0] >>      bits );
+                    (byte)((index[i-1] << (8 - bits)) |
+                           (index[i+0] >>      bits ));
             }
         }
     }
@@ -936,33 +963,33 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
  * @param [in]      aes      AES object to encrypt with.
  * @return  0 on success.
  */
-static int wc_srtp_kdf_derive_key(byte* block, byte indexSz, byte label,
+static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label,
         byte* key, word32 keySz, Aes* aes)
 {
     int i;
     int ret = 0;
     /* Calculate the number of full blocks needed for derived key. */
-    int blocks = keySz / AES_BLOCK_SIZE;
+    int blocks = (int)(keySz / WC_AES_BLOCK_SIZE);
 
     /* XOR in label. */
     block[WC_SRTP_MAX_SALT - indexSz - 1] ^= label;
     for (i = 0; (ret == 0) && (i < blocks); i++) {
         /* Set counter. */
-        block[15] = i;
+        block[15] = (byte)i;
         /* Encrypt block into key buffer. */
-        ret = wc_AesEcbEncrypt(aes, key, block, AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE);
         /* Reposition for more derived key. */
-        key += AES_BLOCK_SIZE;
+        key += WC_AES_BLOCK_SIZE;
         /* Reduce the count of key bytes required. */
-        keySz -= AES_BLOCK_SIZE;
+        keySz -= WC_AES_BLOCK_SIZE;
     }
     /* Do any partial blocks. */
     if ((ret == 0) && (keySz > 0)) {
-        byte enc[AES_BLOCK_SIZE];
+        byte enc[WC_AES_BLOCK_SIZE];
         /* Set counter. */
-        block[15] = i;
+        block[15] = (byte)i;
         /* Encrypt block into temporary. */
-        ret = wc_AesEcbEncrypt(aes, enc, block, AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE);
         if (ret == 0) {
             /* Copy into key required amount. */
             XMEMCPY(key, enc, keySz);
@@ -1003,7 +1030,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
         word32 key2Sz, byte* key3, word32 key3Sz)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1093,18 +1120,27 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
  * @return  MEMORY_E on dynamic memory allocation failure.
  * @return  0 on success.
  */
-int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
+int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
         int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2,
-        word32 key2Sz, byte* key3, word32 key3Sz)
+        word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
     Aes aes[1];
 #endif
     int aes_inited = 0;
+    int idxLen;
+
+    if (idxLenIndicator == WC_SRTCP_32BIT_IDX) {
+        idxLen = WC_SRTCP_INDEX_LEN;
+    } else if (idxLenIndicator == WC_SRTCP_48BIT_IDX) {
+        idxLen = WC_SRTP_INDEX_LEN;
+    } else {
+        return BAD_FUNC_ARG; /* bad or invalid idxLenIndicator */
+    }
 
     /* Validate parameters. */
     if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
@@ -1136,23 +1172,22 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
 
     /* Calculate first block that can be used in each derivation. */
     if (ret == 0) {
-        wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, WC_SRTCP_INDEX_LEN,
-            block);
+        wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, idxLen, block);
     }
 
     /* Calculate first key if required. */
     if ((ret == 0) && (key1 != NULL)) {
-        ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN,
+        ret = wc_srtp_kdf_derive_key(block, idxLen,
             WC_SRTCP_LABEL_ENCRYPTION, key1, key1Sz, aes);
     }
     /* Calculate second key if required. */
     if ((ret == 0) && (key2 != NULL)) {
-        ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN,
+        ret = wc_srtp_kdf_derive_key(block, idxLen,
             WC_SRTCP_LABEL_MSG_AUTH, key2, key2Sz, aes);
     }
     /* Calculate third key if required. */
     if ((ret == 0) && (key3 != NULL)) {
-        ret = wc_srtp_kdf_derive_key(block, WC_SRTCP_INDEX_LEN,
+        ret = wc_srtp_kdf_derive_key(block, idxLen,
             WC_SRTCP_LABEL_SALT, key3, key3Sz, aes);
     }
 
@@ -1164,6 +1199,15 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
     return ret;
 }
 
+int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
+        int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2,
+        word32 key2Sz, byte* key3, word32 key3Sz)
+{
+    /* The default 32-bit IDX expected by many implementations */
+    return wc_SRTCP_KDF_ex(key, keySz, salt, saltSz, kdrIdx, index,
+                           key1, key1Sz, key2, key2Sz, key3, key3Sz,
+                           WC_SRTCP_32BIT_IDX);
+}
 /* Derive key with label using SRTP KDF algorithm.
  *
  * SP 800-135 (RFC 3711).
@@ -1190,7 +1234,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
         word32 outKeySz)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1273,7 +1317,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt,
         word32 outKeySz)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1350,4 +1394,104 @@ int wc_SRTP_KDF_kdr_to_idx(word32 kdr)
 }
 #endif /* WC_SRTP_KDF */
 
+#ifdef WC_KDF_NIST_SP_800_56C
+static int wc_KDA_KDF_iteration(const byte* z, word32 zSz, word32 counter,
+    const byte* fixedInfo, word32 fixedInfoSz, enum wc_HashType hashType,
+    byte* output)
+{
+    byte counterBuf[4];
+    wc_HashAlg hash;
+    int ret;
+
+    ret = wc_HashInit(&hash, hashType);
+    if (ret != 0)
+        return ret;
+    c32toa(counter, counterBuf);
+    ret = wc_HashUpdate(&hash, hashType, counterBuf, 4);
+    if (ret == 0) {
+        ret = wc_HashUpdate(&hash, hashType, z, zSz);
+    }
+    if (ret == 0 && fixedInfoSz > 0) {
+        ret = wc_HashUpdate(&hash, hashType, fixedInfo, fixedInfoSz);
+    }
+    if (ret == 0) {
+        ret = wc_HashFinal(&hash, hashType, output);
+    }
+    wc_HashFree(&hash, hashType);
+    return ret;
+}
+
+/**
+ * \brief Performs the single-step key derivation function (KDF) as specified in
+ * SP800-56C option 1.
+ *
+ * \param [in] z The input keying material.
+ * \param [in] zSz The size of the input keying material.
+ * \param [in] fixedInfo The fixed information to be included in the KDF.
+ * \param [in] fixedInfoSz The size of the fixed information.
+ * \param [in] derivedSecretSz The desired size of the derived secret.
+ * \param [in] hashType The hash algorithm to be used in the KDF.
+ * \param [out] output The buffer to store the derived secret.
+ * \param [in] outputSz The size of the output buffer.
+ *
+ * \return 0 if the KDF operation is successful.
+ * \return BAD_FUNC_ARG if the input parameters are invalid.
+ * \return negative error code if the KDF operation fails.
+ */
+int wc_KDA_KDF_onestep(const byte* z, word32 zSz, const byte* fixedInfo,
+    word32 fixedInfoSz, word32 derivedSecretSz, enum wc_HashType hashType,
+    byte* output, word32 outputSz)
+{
+    byte hashTempBuf[WC_MAX_DIGEST_SIZE];
+    word32 counter, outIdx;
+    int hashOutSz;
+    int ret;
+
+    if (output == NULL || outputSz < derivedSecretSz)
+        return BAD_FUNC_ARG;
+    if (z == NULL || zSz == 0 || (fixedInfoSz > 0 && fixedInfo == NULL))
+        return BAD_FUNC_ARG;
+    if (derivedSecretSz == 0)
+        return BAD_FUNC_ARG;
+
+    hashOutSz = wc_HashGetDigestSize(hashType);
+    if (hashOutSz == WC_NO_ERR_TRACE(HASH_TYPE_E))
+        return BAD_FUNC_ARG;
+
+    /* According to SP800_56C, table 1, the max input size (max_H_inputBits)
+     * depends on the HASH algo. The smaller value in the table is (2**64-1)/8.
+     * This is larger than the possible length using word32 integers. */
+
+    counter = 1;
+    outIdx = 0;
+    ret = 0;
+
+    /* According to SP800_56C the number of iterations shall not be greater than
+     * 2**32-1. This is not possible using word32 integers.*/
+    while (outIdx + hashOutSz <= derivedSecretSz) {
+        ret = wc_KDA_KDF_iteration(z, zSz, counter, fixedInfo, fixedInfoSz,
+            hashType, output + outIdx);
+        if (ret != 0)
+            break;
+        counter++;
+        outIdx += hashOutSz;
+    }
+
+    if (ret == 0 && outIdx < derivedSecretSz) {
+        ret = wc_KDA_KDF_iteration(z, zSz, counter, fixedInfo, fixedInfoSz,
+            hashType, hashTempBuf);
+        if (ret == 0) {
+            XMEMCPY(output + outIdx, hashTempBuf, derivedSecretSz - outIdx);
+        }
+        ForceZero(hashTempBuf, hashOutSz);
+    }
+
+    if (ret != 0) {
+        ForceZero(output, derivedSecretSz);
+    }
+
+    return ret;
+}
+#endif /* WC_KDF_NIST_SP_800_56C */
+
 #endif /* NO_KDF */
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index afa0c6f01..f64ec177a 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -1,6 +1,6 @@
 /* logging.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -126,7 +126,10 @@ THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0;
 
 /* Set these to default values initially. */
 static wolfSSL_Logging_cb log_function = NULL;
-static int loggingEnabled = 0;
+#ifndef WOLFSSL_LOGGINGENABLED_DEFAULT
+#define WOLFSSL_LOGGINGENABLED_DEFAULT 0
+#endif
+static int loggingEnabled = WOLFSSL_LOGGINGENABLED_DEFAULT;
 THREAD_LS_T const char* log_prefix = NULL;
 
 #if defined(WOLFSSL_APACHE_MYNEWT)
@@ -234,7 +237,9 @@ void WOLFSSL_TIME(int count)
 
 #ifdef DEBUG_WOLFSSL
 
-#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+#if defined(ARDUINO)
+    /* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     /* see wc_port.h for fio.h and nio.h includes */
 #elif defined(WOLFSSL_SGX)
     /* Declare sprintf for ocall */
@@ -274,55 +279,116 @@ void WOLFSSL_TIME(int count)
 #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static void wolfssl_log(const int logLevel, const char *const logMessage)
+static void wolfssl_log(const int logLevel, const char* const file_name,
+                        int line_number, const char* const logMessage)
 {
+    (void)file_name;
+    (void)line_number;
     if (log_function)
         log_function(logLevel, logMessage);
     else {
 #if defined(WOLFSSL_USER_LOG)
         WOLFSSL_USER_LOG(logMessage);
+#elif defined(ARDUINO)
+        wolfSSL_Arduino_Serial_Print(logMessage);
 #elif defined(WOLFSSL_LOG_PRINTF)
-        printf("%s\n", logMessage);
-
+        if (file_name != NULL)
+            printf("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            printf("%s\n", logMessage);
 #elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
-        dc_log_printf("%s\n", logMessage);
+        if (file_name != NULL)
+            dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            dc_log_printf("%s\n", logMessage);
 #elif defined(WOLFSSL_DEOS)
-        printf("%s\r\n", logMessage);
+        if (file_name != NULL)
+            printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
+        else
+            printf("%s\r\n", logMessage);
 #elif defined(MICRIUM)
-        BSP_Ser_Printf("%s\r\n", logMessage);
+        if (file_name != NULL)
+            BSP_Ser_Printf("[%s L %d] %s\r\n",
+                           file_name, line_number, logMessage);
+        else
+            BSP_Ser_Printf("%s\r\n", logMessage);
 #elif defined(WOLFSSL_MDK_ARM)
         fflush(stdout) ;
-        printf("%s\n", logMessage);
+        if (file_name != NULL)
+            printf("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            printf("%s\n", logMessage);
         fflush(stdout) ;
 #elif defined(WOLFSSL_UTASKER)
         fnDebugMsg((char*)logMessage);
         fnDebugMsg("\r\n");
 #elif defined(MQX_USE_IO_OLD)
-        fprintf(_mqxio_stderr, "%s\n", logMessage);
+        if (file_name != NULL)
+            fprintf(_mqxio_stderr, "[%s L %d] %s\n",
+                    file_name, line_number, logMessage);
+        else
+            fprintf(_mqxio_stderr, "%s\n", logMessage);
 #elif defined(WOLFSSL_APACHE_MYNEWT)
-        LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage);
+        if (file_name != NULL)
+            LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n",
+                      file_name, line_number, logMessage);
+        else
+            LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage);
 #elif defined(WOLFSSL_ESPIDF)
-        ESP_LOGI("wolfssl", "%s", logMessage);
+        if (file_name != NULL)
+            ESP_LOGI("wolfssl", "[%s L %d] %s",
+                     file_name, line_number, logMessage);
+        else
+            ESP_LOGI("wolfssl", "%s", logMessage);
 #elif defined(WOLFSSL_ZEPHYR)
-        printk("%s\n", logMessage);
+        if (file_name != NULL)
+            printk("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            printk("%s\n", logMessage);
 #elif defined(WOLFSSL_TELIT_M2MB)
-        M2M_LOG_INFO("%s\n", logMessage);
+        if (file_name != NULL)
+            M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            M2M_LOG_INFO("%s\n", logMessage);
 #elif defined(WOLFSSL_ANDROID_DEBUG)
-        __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s", logMessage);
+        if (file_name != NULL)
+            __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s",
+                                file_name, line_number, logMessage);
+        else
+            __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s",
+                                logMessage);
 #elif defined(WOLFSSL_XILINX)
-        xil_printf("%s\r\n", logMessage);
+        if (file_name != NULL)
+            xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
+        else
+            xil_printf("%s\r\n", logMessage);
 #elif defined(WOLFSSL_LINUXKM)
-        printk("%s\n", logMessage);
+        if (file_name != NULL)
+            printk("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            printk("%s\n", logMessage);
 #elif defined(WOLFSSL_RENESAS_RA6M4)
-        myprintf("%s\n", logMessage);
+        if (file_name != NULL)
+            myprintf("[%s L %d] %s\n", file_name, line_number, logMessage);
+        else
+            myprintf("%s\n", logMessage);
 #elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
       defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
         STACK_SIZE_CHECKPOINT_MSG(logMessage);
 #else
-        if (log_prefix != NULL)
-            fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage);
-        else
-            fprintf(stderr, "%s\n", logMessage);
+        if (log_prefix != NULL) {
+            if (file_name != NULL)
+                fprintf(stderr, "[%s]: [%s L %d] %s\n",
+                        log_prefix, file_name, line_number, logMessage);
+            else
+                fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage);
+        } else {
+            if (file_name != NULL)
+                fprintf(stderr, "[%s L %d] %s\n",
+                        file_name, line_number, logMessage);
+            else
+                fprintf(stderr, "%s\n", logMessage);
+        }
 #endif
     }
 }
@@ -334,6 +400,7 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
 #ifndef WOLFSSL_MSG_EX_BUF_SZ
 #define WOLFSSL_MSG_EX_BUF_SZ 100
 #endif
+#undef WOLFSSL_MSG_EX /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
 #ifdef __clang__
 /* tell clang argument 1 is format */
 __attribute__((__format__ (__printf__, 1, 0)))
@@ -348,17 +415,43 @@ void WOLFSSL_MSG_EX(const char* fmt, ...)
         written = XVSNPRINTF(msg, sizeof(msg), fmt, args);
         va_end(args);
         if (written > 0)
-            wolfssl_log(INFO_LOG , msg);
+            wolfssl_log(INFO_LOG, NULL, 0, msg);
+    }
+}
+
+#ifdef WOLFSSL_DEBUG_CODEPOINTS
+void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
+{
+    if (loggingEnabled) {
+        char msg[WOLFSSL_MSG_EX_BUF_SZ];
+        int written;
+        va_list args;
+        va_start(args, fmt);
+        written = XVSNPRINTF(msg, sizeof(msg), fmt, args);
+        va_end(args);
+        if (written > 0)
+            wolfssl_log(INFO_LOG, file, line, msg);
     }
 }
 #endif
 
+#endif
+
+#undef WOLFSSL_MSG /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
 void WOLFSSL_MSG(const char* msg)
 {
     if (loggingEnabled)
-        wolfssl_log(INFO_LOG , msg);
+        wolfssl_log(INFO_LOG, NULL, 0, msg);
 }
 
+#ifdef WOLFSSL_DEBUG_CODEPOINTS
+void WOLFSSL_MSG2(const char *file, int line, const char* msg)
+{
+    if (loggingEnabled)
+        wolfssl_log(INFO_LOG, file, line, msg);
+}
+#endif
+
 #ifndef LINE_LEN
 #define LINE_LEN 16
 #endif
@@ -372,63 +465,141 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length)
     }
 
     if (!buffer) {
-        wolfssl_log(INFO_LOG, "\tNULL");
+        wolfssl_log(INFO_LOG, NULL, 0, "\tNULL");
         return;
     }
 
     while (buflen > 0) {
         int bufidx = 0;
-        XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t");
+        if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t")
+            >= (int)sizeof(line) - bufidx)
+        {
+            goto errout;
+        }
         bufidx++;
 
         for (i = 0; i < LINE_LEN; i++) {
             if (i < buflen) {
-                XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ", buffer[i]);
+                if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ",
+                              buffer[i]) >= (int)sizeof(line) - bufidx)
+                {
+                    goto errout;
+                }
             }
             else {
-                XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "   ");
+                if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "   ")
+                    >= (int)sizeof(line) - bufidx)
+                {
+                    goto errout;
+                }
             }
             bufidx += 3;
         }
 
-        XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| ");
+        if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| ")
+            >= (int)sizeof(line) - bufidx)
+        {
+            goto errout;
+        }
         bufidx++;
 
         for (i = 0; i < LINE_LEN; i++) {
             if (i < buflen) {
-                XSNPRINTF(&line[bufidx], sizeof(line)-bufidx,
-                     "%c", 31 < buffer[i] && buffer[i] < 127 ? buffer[i] : '.');
+                if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx,
+                              "%c", 31 < buffer[i] && buffer[i] < 127
+                              ? buffer[i]
+                              : '.')
+                    >= (int)sizeof(line) - bufidx)
+                {
+                    goto errout;
+                }
                 bufidx++;
             }
         }
 
-        wolfssl_log(INFO_LOG, line);
+        wolfssl_log(INFO_LOG, NULL, 0, line);
         buffer += LINE_LEN;
         buflen -= LINE_LEN;
     }
+
+    return;
+
+errout:
+
+    wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]");
 }
 
-
+#undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
 void WOLFSSL_ENTER(const char* msg)
 {
     if (loggingEnabled) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg);
-        wolfssl_log(ENTER_LOG , buffer);
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
+        wolfssl_log(ENTER_LOG, NULL, 0, buffer);
     }
 }
 
+#ifdef WOLFSSL_DEBUG_CODEPOINTS
+void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
+{
+    if (loggingEnabled) {
+        char buffer[WOLFSSL_MAX_ERROR_SZ];
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
+        wolfssl_log(ENTER_LOG, file, line, buffer);
+    }
+}
+#endif
 
+#undef WOLFSSL_LEAVE /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
 void WOLFSSL_LEAVE(const char* msg, int ret)
 {
     if (loggingEnabled) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
-                msg, ret);
-        wolfssl_log(LEAVE_LOG , buffer);
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
+                      msg, ret)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
+        wolfssl_log(LEAVE_LOG, NULL, 0, buffer);
     }
 }
 
+#ifdef WOLFSSL_DEBUG_CODEPOINTS
+void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
+{
+    if (loggingEnabled) {
+        char buffer[WOLFSSL_MAX_ERROR_SZ];
+        if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
+                      msg, ret)
+            >= (int)sizeof(buffer))
+        {
+            buffer[sizeof(buffer) - 1] = 0;
+        }
+        wolfssl_log(LEAVE_LOG, file, line, buffer);
+    }
+}
+#endif
+
+#ifdef WOLFSSL_DEBUG_CODEPOINTS
+    /* restore the wrappers */
+    #define WOLFSSL_MSG(msg) WOLFSSL_MSG2(__FILE__, __LINE__, msg)
+    #define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg)
+    #define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret)
+    #ifdef XVSNPRINTF
+        #define WOLFSSL_MSG_EX(fmt, args...) \
+                WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
+    #endif
+#endif
+
 WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void)
 {
     return loggingEnabled;
@@ -711,7 +882,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
 
     while (1) {
         int ret = wc_PeekErrorNode(0, file, NULL, line);
-        if (ret == BAD_STATE_E) {
+        if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) {
             WOLFSSL_MSG("Issue peeking at error node in queue");
             return 0;
         }
@@ -733,7 +904,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
  * Get the error value at the HEAD of the ERR queue or 0 if the queue
  * is empty. The HEAD entry is removed by this call.
  */
-unsigned long wc_GetErrorNodeErr(void)
+int wc_GetErrorNodeErr(void)
 {
     int ret;
 
@@ -741,7 +912,7 @@ unsigned long wc_GetErrorNodeErr(void)
 
     ret = wc_PullErrorNode(NULL, NULL, NULL);
     if (ret < 0) {
-        if (ret == BAD_STATE_E) {
+        if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) {
             ret = 0; /* no errors in queue */
         }
         else {
@@ -752,7 +923,7 @@ unsigned long wc_GetErrorNodeErr(void)
             wc_ClearErrorNodes();
         }
     }
-    return (unsigned long)ret;
+    return ret;
 }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
@@ -818,7 +989,7 @@ static struct wc_error_queue* wc_current_node;
 static void* wc_error_heap;
 
 /* mutex for list operation protection */
-static wolfSSL_Mutex wc_error_mutex;
+static wolfSSL_Mutex wc_error_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wc_error_mutex);
 #define ERRQ_MUTEX_INIT()      wc_InitMutex(&wc_error_mutex)
 #define ERRQ_MUTEX_FREE()      wc_FreeMutex(&wc_error_mutex)
 #define ERRQ_LOCK()            wc_LockMutex(&wc_error_mutex)
@@ -827,10 +998,12 @@ static wolfSSL_Mutex wc_error_mutex;
 /* Internal function that is called by wolfCrypt_Init() */
 int wc_LoggingInit(void)
 {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (ERRQ_MUTEX_INIT() != 0) {
         WOLFSSL_MSG("Bad Init Mutex");
         return BAD_MUTEX_E;
     }
+#endif
     wc_errors_count = 0;
     wc_errors          = NULL;
     wc_current_node    = NULL;
@@ -845,10 +1018,12 @@ int wc_LoggingCleanup(void)
     /* clear logging entries */
     wc_ClearErrorNodes();
     /* free mutex */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (ERRQ_MUTEX_FREE() != 0) {
         WOLFSSL_MSG("Bad Mutex free");
         return BAD_MUTEX_E;
     }
+#endif
     return 0;
 }
 
@@ -996,7 +1171,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
             sz = WOLFSSL_MAX_ERROR_SZ - 1;
         }
         if (sz > 0) {
-            XMEMCPY(err->error, buf, sz);
+            XMEMCPY(err->error, buf, (size_t)sz);
         }
 
         sz = (int)XSTRLEN(file);
@@ -1004,7 +1179,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
             sz = WOLFSSL_MAX_ERROR_SZ - 1;
         }
         if (sz > 0) {
-            XMEMCPY(err->file, file, sz);
+            XMEMCPY(err->file, file, (size_t)sz);
         }
 
         err->value = error;
@@ -1223,7 +1398,9 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
     idx = getErrorNodeCurrentIdx();
     while (1) {
         int ret = peekErrorNode(idx, file, NULL, line);
-        if (ret == BAD_MUTEX_E || ret == BAD_FUNC_ARG || ret == BAD_STATE_E) {
+        if (ret == WC_NO_ERR_TRACE(BAD_MUTEX_E) ||
+            ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) ||
+            ret == WC_NO_ERR_TRACE(BAD_STATE_E)) {
             ERRQ_UNLOCK();
             WOLFSSL_MSG("Issue peeking at error node in queue");
             return 0;
@@ -1243,7 +1420,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
     }
 }
 
-unsigned long wc_GetErrorNodeErr(void)
+int wc_GetErrorNodeErr(void)
 {
     int ret;
 
@@ -1251,12 +1428,12 @@ unsigned long wc_GetErrorNodeErr(void)
 
     if (ERRQ_LOCK() != 0) {
         WOLFSSL_MSG("Lock debug mutex failed");
-        return (unsigned long)(0 - BAD_MUTEX_E);
+        return (0 - BAD_MUTEX_E);
     }
 
     ret = pullErrorNode(NULL, NULL, NULL);
     if (ret < 0) {
-        if (ret == BAD_STATE_E) {
+        if (ret == WC_NO_ERR_TRACE(BAD_STATE_E)) {
             ret = 0; /* no errors in queue */
         }
         else {
@@ -1418,10 +1595,10 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
     return (unsigned long)(0 - NOT_COMPILED_IN);
 }
 
-unsigned long wc_GetErrorNodeErr(void)
+int wc_GetErrorNodeErr(void)
 {
     WOLFSSL_ENTER("wc_GetErrorNodeErr");
-    return (unsigned long)(0 - NOT_COMPILED_IN);
+    return (0 - NOT_COMPILED_IN);
 }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
@@ -1476,7 +1653,7 @@ void WOLFSSL_ERROR(int error)
 #endif
 {
 #ifdef WOLFSSL_ASYNC_CRYPT
-    if (error != WC_PENDING_E)
+    if (error != WC_NO_ERR_TRACE(WC_PENDING_E))
 #endif
     {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
@@ -1494,7 +1671,8 @@ void WOLFSSL_ERROR(int error)
             #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
             /* If running in compatibility mode do not add want read and
                want right to error queue */
-            if (error != WANT_READ && error != WANT_WRITE) {
+            if (error != WC_NO_ERR_TRACE(WANT_READ) &&
+                error != WC_NO_ERR_TRACE(WANT_WRITE)) {
             #endif
             if (error < 0)
                 error = error - (2 * error); /* get absolute value */
@@ -1524,7 +1702,7 @@ void WOLFSSL_ERROR(int error)
 
     #ifdef DEBUG_WOLFSSL
         if (loggingEnabled)
-            wolfssl_log(ERROR_LOG , buffer);
+            wolfssl_log(ERROR_LOG, NULL, 0, buffer);
     #endif
     }
 }
@@ -1533,10 +1711,151 @@ void WOLFSSL_ERROR_MSG(const char* msg)
 {
 #ifdef DEBUG_WOLFSSL
     if (loggingEnabled)
-        wolfssl_log(ERROR_LOG , msg);
+        wolfssl_log(ERROR_LOG, NULL, 0, msg);
 #else
     (void)msg;
 #endif
 }
 
 #endif  /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+
+#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+
+#ifdef WOLFSSL_LINUXKM
+
+void wc_backtrace_render(void) {
+    dump_stack();
+}
+
+#else /* !WOLFSSL_LINUXKM */
+
+#include <backtrace-supported.h>
+
+#if BACKTRACE_SUPPORTED != 1
+    #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES is defined but BACKTRACE_SUPPORTED is 0.
+#endif
+
+#if !defined(WOLFSSL_MUTEX_INITIALIZER) && defined(WOLFSSL_NO_ATOMICS)
+    #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES requires WOLFSSL_MUTEX_INITIALIZER or wolfSSL_Atomic_Ints.
+#endif
+
+#include <backtrace.h>
+
+static int backtrace_callback(void *data, uintptr_t pc, const char *filename,
+                              int lineno, const char *function)
+{
+    if (function == NULL)
+        return 0;
+    /* the first callback is for the call to wc_print_backtrace() -- skip it. */
+    if (*(int *)data == 0) {
+        *(int *)data = 1;
+        return 0;
+    }
+#ifdef NO_STDIO_FILESYSTEM
+    printf("    #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc,
+           function, filename, lineno);
+#else
+    fprintf(stderr, "    #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc,
+            function, filename, lineno);
+#endif
+    return 0;
+}
+
+static void backtrace_error(void *data, const char *msg, int errnum) {
+    (void)data;
+#ifdef NO_STDIO_FILESYSTEM
+    printf("ERR TRACE: error %d while backtracing: %s", errnum, msg);
+#else
+    fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg);
+#endif
+}
+
+static void backtrace_creation_error(void *data, const char *msg, int errnum) {
+    (void)data;
+#ifdef NO_STDIO_FILESYSTEM
+    printf("ERR TRACE: internal error %d "
+            "while initializing backtrace facility: %s", errnum, msg);
+    printf("ERR TRACE: internal error "
+           "while initializing backtrace facility");
+#else
+    fprintf(stderr, "ERR TRACE: internal error %d "
+            "while initializing backtrace facility: %s", errnum, msg);
+#endif
+}
+
+static int backtrace_init(struct backtrace_state **backtrace_state) {
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    static wolfSSL_Mutex backtrace_create_state_mutex =
+        WOLFSSL_MUTEX_INITIALIZER(backtrace_create_state_mutex);
+    if (wc_LockMutex(&backtrace_create_state_mutex) != 0)
+        return -1;
+#elif defined(WOLFSSL_ATOMIC_OPS)
+    static wolfSSL_Atomic_Int init_count = 0;
+    if (wolfSSL_Atomic_Int_FetchAdd(&init_count, 1) != 1)
+        return -1;
+#endif
+    if (*backtrace_state == NULL) {
+        /* passing a NULL filename to backtrace_create_state() tells
+         * libbacktrace to use a target-specific strategy to determine the
+         * executable.  "libbacktrace supports ELF, PE/COFF, Mach-O, and XCOFF
+         * executables with DWARF debugging information.  In other words, it
+         * supports GNU/Linux, *BSD, macOS, Windows, and AIX."
+         */
+        *backtrace_state = backtrace_create_state(
+            NULL, 0, backtrace_creation_error, NULL);
+    }
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    wc_UnLockMutex(&backtrace_create_state_mutex);
+#endif
+    if (*backtrace_state == NULL)
+        return -1;
+    return 0;
+}
+
+void wc_backtrace_render(void) {
+    static wolfSSL_Mutex backtrace_mutex
+        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex);
+    static struct backtrace_state *backtrace_state = NULL;
+    int depth = 0;
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    static wolfSSL_Atomic_Int init_count = 0;
+    if (init_count != 1) {
+        int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1);
+        if (cur_init_count != 0) {
+            (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1);
+            return;
+        }
+        if (wc_InitMutex(&backtrace_mutex) != 0)
+            return;
+        /* set init_count to 1, race-free: (-1) - (0-2) = 1 */
+        (void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2);
+    }
+#endif
+
+    /* backtrace_state can't be shared between threads even when
+     * BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op.  this
+     * helpfully mutexes the initialization too.
+     */
+    if (wc_LockMutex(&backtrace_mutex) != 0)
+        return;
+
+    if (backtrace_state == NULL) {
+        if (backtrace_init(&backtrace_state) < 0) {
+            wc_UnLockMutex(&backtrace_mutex);
+            return;
+        }
+    }
+
+    /* note that the optimizer can produce misleading backtraces, even with
+     * -funwind-tables.  in contrast, the macro-generated "ERR TRACE" message
+     * from WC_ERR_TRACE() always accurately identifies the error code point.
+     */
+    backtrace_full(backtrace_state, 0, backtrace_callback, backtrace_error,
+                   (void *)&depth);
+
+    wc_UnLockMutex(&backtrace_mutex);
+}
+#endif /* !WOLFSSL_LINUXKM */
+
+#endif /* WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES */
diff --git a/wolfcrypt/src/md2.c b/wolfcrypt/src/md2.c
index 789704e67..955133599 100644
--- a/wolfcrypt/src/md2.c
+++ b/wolfcrypt/src/md2.c
@@ -1,6 +1,6 @@
 /* md2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,16 +40,16 @@
 #endif
 
 
-void wc_InitMd2(Md2* md2)
+void wc_InitMd2(wc_Md2* md2)
 {
-    XMEMSET(md2->X, 0, MD2_X_SIZE);
-    XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
-    XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
+    XMEMSET(md2->X, 0, WC_MD2_X_SIZE);
+    XMEMSET(md2->C, 0, WC_MD2_BLOCK_SIZE);
+    XMEMSET(md2->buffer, 0, WC_MD2_BLOCK_SIZE);
     md2->count = 0;
 }
 
 
-void wc_Md2Update(Md2* md2, const byte* data, word32 len)
+void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len)
 {
     static const byte S[256] =
     {
@@ -74,30 +74,30 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len)
     };
 
     while (len) {
-        word32 L = (MD2_PAD_SIZE - md2->count) < len ?
-                   (MD2_PAD_SIZE - md2->count) : len;
+        word32 L = (WC_MD2_PAD_SIZE - md2->count) < len ?
+                   (WC_MD2_PAD_SIZE - md2->count) : len;
         XMEMCPY(md2->buffer + md2->count, data, L);
         md2->count += L;
         data += L;
         len  -= L;
 
-        if (md2->count == MD2_PAD_SIZE) {
+        if (md2->count == WC_MD2_PAD_SIZE) {
             int  i;
             byte t;
 
             md2->count = 0;
-            XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
+            XMEMCPY(md2->X + WC_MD2_PAD_SIZE, md2->buffer, WC_MD2_PAD_SIZE);
             t = md2->C[15];
 
-            for(i = 0; i < MD2_PAD_SIZE; i++) {
-                md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
+            for(i = 0; i < WC_MD2_PAD_SIZE; i++) {
+                md2->X[32 + i] = md2->X[WC_MD2_PAD_SIZE + i] ^ md2->X[i];
                 t = md2->C[i] ^= S[md2->buffer[i] ^ t];
             }
 
             t=0;
             for(i = 0; i < 18; i++) {
                 int j;
-                for(j = 0; j < MD2_X_SIZE; j += 8) {
+                for(j = 0; j < WC_MD2_X_SIZE; j += 8) {
                     t = md2->X[j+0] ^= S[t];
                     t = md2->X[j+1] ^= S[t];
                     t = md2->X[j+2] ^= S[t];
@@ -114,19 +114,19 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len)
 }
 
 
-void wc_Md2Final(Md2* md2, byte* hash)
+void wc_Md2Final(wc_Md2* md2, byte* hash)
 {
-    byte   padding[MD2_BLOCK_SIZE];
-    word32 padLen = MD2_PAD_SIZE - md2->count;
+    byte   padding[WC_MD2_BLOCK_SIZE];
+    word32 padLen = WC_MD2_PAD_SIZE - md2->count;
     word32 i;
 
     for (i = 0; i < padLen; i++)
         padding[i] = (byte)padLen;
 
-    wc_Md2Update(md2, padding, padLen);
-    wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
+    wc_Md2Update(md2, padding, padLen); /* cppcheck-suppress uninitvar */
+    wc_Md2Update(md2, md2->C, WC_MD2_BLOCK_SIZE);
 
-    XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
+    XMEMCPY(hash, md2->X, WC_MD2_DIGEST_SIZE);
 
     wc_InitMd2(md2);
 }
@@ -135,13 +135,13 @@ void wc_Md2Final(Md2* md2, byte* hash)
 int wc_Md2Hash(const byte* data, word32 len, byte* hash)
 {
 #ifdef WOLFSSL_SMALL_STACK
-    Md2* md2;
+    wc_Md2* md2;
 #else
-    Md2 md2[1];
+    wc_Md2 md2[1];
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    md2 = (Md2*)XMALLOC(sizeof(Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    md2 = (wc_Md2*)XMALLOC(sizeof(wc_Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (md2 == NULL)
         return MEMORY_E;
 #endif
diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c
index 68eab5fb2..3eb3b4d3c 100644
--- a/wolfcrypt/src/md4.c
+++ b/wolfcrypt/src/md4.c
@@ -1,6 +1,6 @@
 /* md4.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@
 #endif
 
 
-void wc_InitMd4(Md4* md4)
+void wc_InitMd4(wc_Md4* md4)
 {
     md4->digest[0] = 0x67452301L;
     md4->digest[1] = 0xefcdab89L;
@@ -50,7 +50,7 @@ void wc_InitMd4(Md4* md4)
 }
 
 
-static void Transform(Md4* md4)
+static void Transform(wc_Md4* md4)
 {
 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
@@ -130,7 +130,7 @@ static void Transform(Md4* md4)
 }
 
 
-static WC_INLINE void AddLength(Md4* md4, word32 len)
+static WC_INLINE void AddLength(wc_Md4* md4, word32 len)
 {
     word32 tmp = md4->loLen;
     if ( (md4->loLen += len) < tmp)
@@ -138,32 +138,32 @@ static WC_INLINE void AddLength(Md4* md4, word32 len)
 }
 
 
-void wc_Md4Update(Md4* md4, const byte* data, word32 len)
+void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len)
 {
     /* do block size increments */
     byte* local = (byte*)md4->buffer;
 
     while (len) {
-        word32 add = min(len, MD4_BLOCK_SIZE - md4->buffLen);
+        word32 add = min(len, WC_MD4_BLOCK_SIZE - md4->buffLen);
         XMEMCPY(&local[md4->buffLen], data, add);
 
         md4->buffLen += add;
         data         += add;
         len          -= add;
 
-        if (md4->buffLen == MD4_BLOCK_SIZE) {
+        if (md4->buffLen == WC_MD4_BLOCK_SIZE) {
             #ifdef BIG_ENDIAN_ORDER
-                ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
+                ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE);
             #endif
             Transform(md4);
-            AddLength(md4, MD4_BLOCK_SIZE);
+            AddLength(md4, WC_MD4_BLOCK_SIZE);
             md4->buffLen = 0;
         }
     }
 }
 
 
-void wc_Md4Final(Md4* md4, byte* hash)
+void wc_Md4Final(wc_Md4* md4, byte* hash)
 {
     byte* local = (byte*)md4->buffer;
 
@@ -172,17 +172,17 @@ void wc_Md4Final(Md4* md4, byte* hash)
     local[md4->buffLen++] = 0x80;  /* add 1 */
 
     /* pad with zeros */
-    if (md4->buffLen > MD4_PAD_SIZE) {
-        XMEMSET(&local[md4->buffLen], 0, MD4_BLOCK_SIZE - md4->buffLen);
-        md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
+    if (md4->buffLen > WC_MD4_PAD_SIZE) {
+        XMEMSET(&local[md4->buffLen], 0, WC_MD4_BLOCK_SIZE - md4->buffLen);
+        md4->buffLen += WC_MD4_BLOCK_SIZE - md4->buffLen;
 
         #ifdef BIG_ENDIAN_ORDER
-            ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
+            ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE);
         #endif
         Transform(md4);
         md4->buffLen = 0;
     }
-    XMEMSET(&local[md4->buffLen], 0, MD4_PAD_SIZE - md4->buffLen);
+    XMEMSET(&local[md4->buffLen], 0, WC_MD4_PAD_SIZE - md4->buffLen);
 
     /* put lengths in bits */
     md4->hiLen = (md4->loLen >> (8*sizeof(md4->loLen) - 3)) +
@@ -191,17 +191,17 @@ void wc_Md4Final(Md4* md4, byte* hash)
 
     /* store lengths */
     #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
+        ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE);
     #endif
     /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
-    XMEMCPY(&local[MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32));
+    XMEMCPY(&local[WC_MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
+    XMEMCPY(&local[WC_MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32));
 
     Transform(md4);
     #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(md4->digest, md4->digest, MD4_DIGEST_SIZE);
+        ByteReverseWords(md4->digest, md4->digest, WC_MD4_DIGEST_SIZE);
     #endif
-    XMEMCPY(hash, md4->digest, MD4_DIGEST_SIZE);
+    XMEMCPY(hash, md4->digest, WC_MD4_DIGEST_SIZE);
 
     wc_InitMd4(md4);  /* reset state */
 }
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index 1f6130264..0f4533e57 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -1,6 +1,6 @@
 /* md5.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,7 +48,7 @@
 
 
 /* Hardware Acceleration */
-#if defined(STM32_HASH)
+#if defined(STM32_HASH) && !defined(STM32_NOMD5)
 
 /* Supports CubeMX HAL or Standard Peripheral Library */
 #define HAVE_MD5_CUST_API
@@ -454,6 +454,7 @@ int wc_Md5Final(wc_Md5* md5, byte* hash)
 
     /* ensure we have a valid buffer length; (-1 to append a byte to length) */
     if (md5->buffLen > WC_MD5_BLOCK_SIZE - 1) {
+        /* some places consider this BAD_STATE_E */
         return BUFFER_E;
     }
 
@@ -461,7 +462,9 @@ int wc_Md5Final(wc_Md5* md5, byte* hash)
 
     /* pad with zeros */
     if (md5->buffLen > WC_MD5_PAD_SIZE) {
-        XMEMSET(&local[md5->buffLen], 0, WC_MD5_BLOCK_SIZE - md5->buffLen);
+        if (md5->buffLen < WC_MD5_BLOCK_SIZE) {
+            XMEMSET(&local[md5->buffLen], 0, WC_MD5_BLOCK_SIZE - md5->buffLen);
+        }
         md5->buffLen += WC_MD5_BLOCK_SIZE - md5->buffLen;
 
 #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 565d91075..452ca8b66 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -1,6 +1,6 @@
 /* memory.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,12 +32,23 @@
 #endif
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 /*
 Possible memory options:
  * NO_WOLFSSL_MEMORY:               Disables wolf memory callback support. When not defined settings.h defines USE_WOLFSSL_MEMORY.
  * WOLFSSL_STATIC_MEMORY:           Turns on the use of static memory buffers and functions.
                                         This allows for using static memory instead of dynamic.
+ * WOLFSSL_STATIC_MEMORY_LEAN:      Requires WOLFSSL_STATIC_MEMORY be defined.
+ *                                  Uses smaller type sizes for structs
+ *                                  requiring that memory pool sizes be less
+ *                                  then 65k and limits features available like
+ *                                  IO buffers to reduce footprint size.
+ * WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK:
+ *                                  Enables option to register a debugging
+ *                                  callback function, useful for
+ *                                  WOLFSSL_STATIC_MEMORY builds where XMALLOC
+ *                                  and XFREE are not user defined.
  * WOLFSSL_STATIC_ALIGN:            Define defaults to 16 to indicate static memory alignment.
  * HAVE_IO_POOL:                    Enables use of static thread safe memory pool for input/output buffers.
  * XMALLOC_OVERRIDE:                Allows override of the XMALLOC, XFREE and XREALLOC macros.
@@ -58,9 +69,9 @@ Possible memory options:
 void *z_realloc(void *ptr, size_t size)
 {
     if (ptr == NULL)
-        ptr = malloc(size);
+        ptr = malloc(size); /* native heap */
     else
-        ptr = realloc(ptr, size);
+        ptr = realloc(ptr, size); /* native heap */
 
     return ptr;
 }
@@ -120,7 +131,7 @@ int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*  mf,
 }
 
 #ifdef WOLFSSL_MEM_FAIL_COUNT
-static wolfSSL_Mutex memFailMutex;
+static wolfSSL_Mutex memFailMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(memFailMutex);
 int mem_fail_allocs = 0;
 int mem_fail_frees = 0;
 int mem_fail_cnt = 0;
@@ -128,7 +139,9 @@ int mem_fail_cnt = 0;
 void wc_MemFailCount_Init()
 {
     char* cnt;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_InitMutex(&memFailMutex);
+#endif
     cnt = getenv("MEM_FAIL_CNT");
     if (cnt != NULL) {
         fprintf(stderr, "MemFailCount At: %d\n", mem_fail_cnt);
@@ -158,7 +171,9 @@ static void wc_MemFailCount_FreeMem(void)
 }
 void wc_MemFailCount_Free()
 {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_FreeMutex(&memFailMutex);
+#endif
     fprintf(stderr, "MemFailCount Total: %d\n", mem_fail_allocs);
     fprintf(stderr, "MemFailCount Frees: %d\n", mem_fail_frees);
 }
@@ -196,7 +211,7 @@ static MemZero memZero[WOLFSSL_MEM_CHECK_ZERO_CACHE_LEN];
  */
 static int nextIdx = -1;
 /* Mutex to protect modifying list of addresses to check. */
-static wolfSSL_Mutex zeroMutex;
+static wolfSSL_Mutex zeroMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(zeroMutex);
 
 /* Initialize the table of addresses and the mutex.
  */
@@ -205,7 +220,9 @@ void wc_MemZero_Init()
     /* Clear the table to more easily see what is valid. */
     XMEMSET(memZero, 0, sizeof(memZero));
     /* Initialize mutex. */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_InitMutex(&zeroMutex);
+#endif
     /* Next index is first entry. */
     nextIdx = 0;
 }
@@ -215,7 +232,9 @@ void wc_MemZero_Init()
 void wc_MemZero_Free()
 {
     /* Free mutex. */
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_FreeMutex(&zeroMutex);
+#endif
     /* Make sure we checked all addresses. */
     if (nextIdx > 0) {
         int i;
@@ -341,7 +360,7 @@ void* wolfSSL_Malloc(size_t size)
         }
         #endif
 
-        res = malloc(size);
+        res = malloc(size); /* native heap */
     #else
         WOLFSSL_MSG("No malloc available");
     #endif
@@ -382,7 +401,7 @@ void* wolfSSL_Malloc(size_t size)
         #endif
         }
         else {
-            free(res); /* clear */
+            free(res); /* native heap */
         }
         gMemFailCount = gMemFailCountSeed; /* reset */
         return NULL;
@@ -426,7 +445,7 @@ void wolfSSL_Free(void *ptr)
     }
     else {
     #ifndef WOLFSSL_NO_MALLOC
-        free(ptr);
+        free(ptr); /* native heap */
     #else
         WOLFSSL_MSG("No free available");
     #endif
@@ -484,7 +503,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size)
     }
     else {
     #ifndef WOLFSSL_NO_MALLOC
-        res = realloc(ptr, size);
+        res = realloc(ptr, size); /* native heap */
     #else
         WOLFSSL_MSG("No realloc available");
     #endif
@@ -506,20 +525,39 @@ void* wolfSSL_Realloc(void *ptr, size_t size)
 struct wc_Memory {
     byte*  buffer;
     struct wc_Memory* next;
+#ifdef WOLFSSL_STATIC_MEMORY_LEAN
+    /* lean static memory is assumed to be under 65k */
+    word16 sz;
+#else
     word32 sz;
+#endif
+#ifdef WOLFSSL_DEBUG_MEMORY
+    word16 szUsed;
+#endif
 };
 
 
+#ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
+static DebugMemoryCb DebugCb = NULL;
+
+/* Used to set a debug memory callback. Helpful in cases where
+ * printf is not available. */
+void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb)
+{
+    DebugCb = cb;
+}
+#endif
+
 /* returns amount of memory used on success. On error returns negative value
    wc_Memory** list is the list that new buckets are prepended to
  */
-static int create_memory_buckets(byte* buffer, word32 bufSz,
-                              word32 buckSz, word32 buckNum, wc_Memory** list) {
-    word32 i;
+static int wc_create_memory_buckets(byte* buffer, word32 bufSz,
+                              word32 buckSz, byte buckNum, wc_Memory** list) {
     byte*  pt  = buffer;
     int    ret = 0;
-    word32 memSz = (word32)sizeof(wc_Memory);
-    word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1);
+    byte memSz   = (byte)sizeof(wc_Memory);
+    word16 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1);
+    word16 i;
 
     /* if not enough space available for bucket size then do not try */
     if (buckSz + memSz + padSz > bufSz) {
@@ -534,6 +572,12 @@ static int create_memory_buckets(byte* buffer, word32 bufSz,
             mem->buffer = (byte*)pt + padSz + memSz;
             mem->next = NULL;
 
+        #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
+            if (DebugCb) {
+                DebugCb(buckSz, buckSz, WOLFSSL_DEBUG_MEMORY_INIT, 0);
+            }
+        #endif
+
             /* add the newly created struct to front of list */
             if (*list == NULL) {
                 *list = mem;
@@ -554,41 +598,126 @@ static int create_memory_buckets(byte* buffer, word32 bufSz,
     return ret;
 }
 
-int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
+static int wc_partition_static_memory(byte* buffer, word32 sz, int flag,
+                                                             WOLFSSL_HEAP* heap)
 {
-    word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
-    word32 wc_Dist[WOLFMEM_DEF_BUCKETS]  = { WOLFMEM_DIST };
+    word32 ava = sz;
+    byte*  pt  = buffer;
+    int    ret = 0;
+    byte   memSz = (word32)sizeof(wc_Memory);
+    byte   padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1);
 
-    if (heap == NULL) {
-        return BAD_FUNC_ARG;
+    WOLFSSL_ENTER("wc_partition_static_memory");
+
+    /* align pt */
+    while ((wc_ptr_t)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) {
+        *pt = 0x00;
+        pt++;
+        ava--;
     }
 
+#ifdef WOLFSSL_DEBUG_MEMORY
+    fprintf(stderr, "Allocated %d bytes for static memory @ %p\n", ava, pt);
+#endif
+
+    /* divide into chunks of memory and add them to available list */
+    while (ava >= (word32)(heap->sizeList[0] + padSz + memSz)) {
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
+        /* creating only IO buffers from memory passed in, max TLS is 16k */
+        if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
+            if ((ret = wc_create_memory_buckets(pt, ava,
+                            WOLFMEM_IO_SZ, 1, &(heap->io))) < 0) {
+                WOLFSSL_LEAVE("wc_partition_static_memory", ret);
+                return ret;
+            }
+
+            /* check if no more room left for creating IO buffers */
+            if (ret == 0) {
+                break;
+            }
+
+            /* advance pointer in buffer for next buckets and keep track
+               of how much memory is left available */
+            pt  += ret;
+            ava -= ret;
+        }
+        else
+    #endif
+        {
+            int i;
+            /* start at largest and move to smaller buckets */
+            for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
+                if ((word32)(heap->sizeList[i] + padSz + memSz) <= ava) {
+                    if ((ret = wc_create_memory_buckets(pt, ava,
+                                    heap->sizeList[i], heap->distList[i],
+                                    &(heap->ava[i]))) < 0) {
+                        WOLFSSL_LEAVE("wc_partition_static_memory", ret);
+                        return ret;
+                    }
+
+                    /* advance pointer in buffer for next buckets and keep track
+                       of how much memory is left available */
+                    pt  += ret;
+                    ava -= ret;
+                }
+            }
+        }
+    }
+
+    (void)flag;
+    return 1;
+}
+
+static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz,
+        const word32 *sizeList, const word32 *distList)
+{
+    unsigned int i;
+
     XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
 
-    XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz));
-    XMEMCPY(heap->distList, wc_Dist,  sizeof(wc_Dist));
+    /* avoid XMEMCPY for LEAN static memory build */
+    for (i = 0; i < listSz; i++) {
+        heap->sizeList[i] = sizeList[i];
+    }
 
+    for (i = 0; i < listSz; i++) {
+        heap->distList[i] = distList[i];
+    }
+
+#ifndef SINGLE_THREADED
     if (wc_InitMutex(&(heap->memory_mutex)) != 0) {
         WOLFSSL_MSG("Error creating heap memory mutex");
         return BAD_MUTEX_E;
     }
+#endif
 
     return 0;
 }
 
-int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
-    unsigned char* buf, unsigned int sz, int flag, int maxSz)
+int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
+        unsigned int listSz, const word32 *sizeList,
+        const word32 *distList, unsigned char *buf,
+        unsigned int sz, int flag, int maxSz)
 {
+    WOLFSSL_HEAP*      heap = NULL;
+    WOLFSSL_HEAP_HINT* hint = NULL;
+    word16 idx = 0;
     int ret;
-    WOLFSSL_HEAP*      heap;
-    WOLFSSL_HEAP_HINT* hint;
-    word32 idx = 0;
 
-    if (pHint == NULL || buf == NULL) {
+    WOLFSSL_ENTER("wc_LoadStaticMemory_ex");
+
+    if (pHint == NULL || buf == NULL || sizeList == NULL || distList == NULL) {
         return BAD_FUNC_ARG;
     }
 
+    /* Cap the listSz to the actual number of items allocated in the list. */
+    if (listSz > WOLFMEM_MAX_BUCKETS) {
+        WOLFSSL_MSG("Truncating the list of memory buckets");
+        listSz = WOLFMEM_MAX_BUCKETS;
+    }
+
     if ((sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) > sz - idx) {
+        WOLFSSL_MSG("Not enough memory for partition tracking");
         return BUFFER_E; /* not enough memory for structures */
     }
 
@@ -599,7 +728,7 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
         hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
         idx += sizeof(WOLFSSL_HEAP_HINT);
 
-        ret = wolfSSL_init_memory_heap(heap);
+        ret = wc_init_memory_heap(heap, listSz, sizeList, distList);
         if (ret != 0) {
             return ret;
         }
@@ -619,12 +748,13 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
         heap = hint->memory;
     }
 
-    ret = wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap);
+    ret = wc_partition_static_memory(buf + idx, sz - idx, flag, heap);
     if (ret != 1) {
         WOLFSSL_MSG("Error partitioning memory");
-        return -1;
+        return MEMORY_E;
     }
 
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
     /* determine what max applies too */
     if ((flag & WOLFMEM_IO_POOL) || (flag & WOLFMEM_IO_POOL_FIXED)) {
         heap->maxIO = maxSz;
@@ -632,85 +762,43 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
     else { /* general memory used in handshakes */
         heap->maxHa = maxSz;
     }
-
     heap->flag |= flag;
+#endif
     *pHint = hint;
 
     (void)maxSz;
-
     return 0;
 }
 
-int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag,
-                                                             WOLFSSL_HEAP* heap)
+int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
+    unsigned char* buf, unsigned int sz, int flag, int maxSz)
 {
-    word32 ava = sz;
-    byte*  pt  = buffer;
-    int    ret = 0;
-    word32 memSz = (word32)sizeof(wc_Memory);
-    word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1);
+    word32 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
+    word32 distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
+    int ret = 0;
 
-    WOLFSSL_ENTER("wolfSSL_load_static_memory");
-
-    if (buffer == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* align pt */
-    while ((wc_ptr_t)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) {
-        *pt = 0x00;
-        pt++;
-        ava--;
-    }
-
-#ifdef WOLFSSL_DEBUG_MEMORY
-    fprintf(stderr, "Allocated %d bytes for static memory @ %p\n", ava, pt);
-#endif
-
-    /* divide into chunks of memory and add them to available list */
-    while (ava >= (heap->sizeList[0] + padSz + memSz)) {
-        /* creating only IO buffers from memory passed in, max TLS is 16k */
-        if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
-            if ((ret = create_memory_buckets(pt, ava,
-                                          WOLFMEM_IO_SZ, 1, &(heap->io))) < 0) {
-                WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret);
-                return ret;
-            }
-
-            /* check if no more room left for creating IO buffers */
-            if (ret == 0) {
-                break;
-            }
-
-            /* advance pointer in buffer for next buckets and keep track
-               of how much memory is left available */
-            pt  += ret;
-            ava -= ret;
-        }
-        else {
-            int i;
-            /* start at largest and move to smaller buckets */
-            for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
-                if ((heap->sizeList[i] + padSz + memSz) <= ava) {
-                    if ((ret = create_memory_buckets(pt, ava, heap->sizeList[i],
-                                     heap->distList[i], &(heap->ava[i]))) < 0) {
-                        WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret);
-                        return ret;
-                    }
-
-                    /* advance pointer in buffer for next buckets and keep track
-                       of how much memory is left available */
-                    pt  += ret;
-                    ava -= ret;
-                }
-            }
-        }
-    }
-
-    return 1;
+    WOLFSSL_ENTER("wc_LoadStaticMemory");
+    ret = wc_LoadStaticMemory_ex(pHint,
+            WOLFMEM_DEF_BUCKETS, sizeList, distList,
+            buf, sz, flag, maxSz);
+    WOLFSSL_LEAVE("wc_LoadStaticMemory", ret);
+    return ret;
 }
 
 
+void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap)
+{
+    WOLFSSL_ENTER("wc_UnloadStaticMemory");
+#ifndef SINGLE_THREADED
+    if (heap != NULL && heap->memory != NULL) {
+        wc_FreeMutex(&heap->memory->memory_mutex);
+    }
+#else
+    (void)heap;
+#endif
+}
+
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
 /* returns the size of management memory needed for each bucket.
  * This is memory that is used to keep track of and align memory buckets. */
 int wolfSSL_MemoryPaddingSz(void)
@@ -723,28 +811,34 @@ int wolfSSL_MemoryPaddingSz(void)
 
 /* Used to calculate memory size for optimum use with buckets.
    returns the suggested size rounded down to the nearest bucket. */
-int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag)
+int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
+        const word32 *sizeList, const word32 *distList,
+        byte* buffer, word32 sz, int flag)
 {
-    word32 bucketSz[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_BUCKETS};
-    word32 distList[WOLFMEM_MAX_BUCKETS] = {WOLFMEM_DIST};
-
     word32 ava = sz;
     byte*  pt  = buffer;
     word32 memSz = (word32)sizeof(wc_Memory);
     word32 padSz = -(int)memSz & (WOLFSSL_STATIC_ALIGN - 1);
 
-    WOLFSSL_ENTER("wolfSSL_static_size");
+    WOLFSSL_ENTER("wolfSSL_StaticBufferSz_ex");
 
-    if (buffer == NULL) {
+    if (buffer == NULL || sizeList == NULL || distList == NULL) {
         return BAD_FUNC_ARG;
     }
 
+    /* Cap the listSz to the actual number of items allocated in the list. */
+    if (listSz > WOLFMEM_MAX_BUCKETS) {
+        WOLFSSL_MSG("Truncating the list of memory buckets");
+        listSz = WOLFMEM_MAX_BUCKETS;
+    }
+
     /* align pt */
     while ((wc_ptr_t)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) {
         pt++;
         ava--;
     }
 
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
     /* creating only IO buffers from memory passed in, max TLS is 16k */
     if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
         if (ava < (memSz + padSz + WOLFMEM_IO_SZ)) {
@@ -753,29 +847,44 @@ int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag)
 
         ava = ava % (memSz + padSz + WOLFMEM_IO_SZ);
     }
-    else {
+    else
+#endif
+    {
         int i, k;
 
-        if (ava < (bucketSz[0] + padSz + memSz)) {
+        if (ava < (sizeList[0] + padSz + memSz)) {
             return 0; /* not enough room for even one bucket */
         }
 
-        while ((ava >= (bucketSz[0] + padSz + memSz)) && (ava > 0)) {
+        while ((ava >= (sizeList[0] + padSz + memSz)) && (ava > 0)) {
             /* start at largest and move to smaller buckets */
-            for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
+            for (i = (listSz - 1); i >= 0; i--) {
                 for (k = distList[i]; k > 0; k--) {
-                    if ((bucketSz[i] + padSz + memSz) <= ava) {
-                        ava -= bucketSz[i] + padSz + memSz;
+                    if ((sizeList[i] + padSz + memSz) <= ava) {
+                        ava -= sizeList[i] + padSz + memSz;
                     }
                 }
             }
         }
     }
 
+    WOLFSSL_LEAVE("wolfSSL_StaticBufferSz_ex", sz - ava);
     return sz - ava; /* round down */
 }
 
 
+/* Calls wolfSSL_StaticBufferSz_ex with the static memory pool config
+ * used by wolfSSL by default. */
+int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag)
+{
+    word32 bucketSz[WOLFMEM_DEF_BUCKETS] = {WOLFMEM_BUCKETS};
+    word32 distList[WOLFMEM_DEF_BUCKETS] = {WOLFMEM_DIST};
+
+    return wolfSSL_StaticBufferSz_ex(WOLFMEM_DEF_BUCKETS, bucketSz, distList,
+        buffer, sz, flag);
+}
+
+
 int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io)
 {
     WOLFSSL_MSG("Freeing fixed IO buffer");
@@ -847,6 +956,32 @@ int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats)
 
     return 1;
 }
+#endif /* !WOLFSSL_STATIC_MEMORY_LEAN */
+
+
+/* global heap hint to fall back on when no heap hint is passed to
+ * XMALLOC/XFREE
+ * NOT thread safe, should be set once before any expected XMALLOC XFREE calls
+ */
+static void* globalHeapHint = NULL;
+
+
+/* Used to set a new global heap hint. Returns a pointer to the current global
+ * heap hint before being set. */
+void* wolfSSL_SetGlobalHeapHint(void* heap)
+{
+    void *oldHint = globalHeapHint;
+
+    globalHeapHint = heap;
+    return oldHint;
+}
+
+
+/* returns a pointer to the current global heap hint */
+void* wolfSSL_GetGlobalHeapHint(void)
+{
+    return globalHeapHint;
+}
 
 
 #ifdef WOLFSSL_DEBUG_MEMORY
@@ -862,18 +997,18 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
     /* check for testing heap hint was set */
 #ifdef WOLFSSL_HEAP_TEST
     if (heap == (void*)WOLFSSL_HEAP_TEST) {
-        return malloc(size);
+        return malloc(size); /* native heap */
     }
 #endif
 
     /* if no heap hint then use dynamic memory*/
-    if (heap == NULL) {
+    if (heap == NULL && globalHeapHint == NULL) {
         #ifdef WOLFSSL_HEAP_TEST
             /* allow using malloc for creating ctx and method */
             if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD ||
                                             type == DYNAMIC_TYPE_CERT_MANAGER) {
                 WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method");
-                res = malloc(size);
+                res = malloc(size); /* native heap */
             }
             else {
                 WOLFSSL_MSG("ERROR null heap hint passed into XMALLOC");
@@ -882,15 +1017,16 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
         #else
         #ifndef WOLFSSL_NO_MALLOC
             #ifdef FREERTOS
-                res = pvPortMalloc(size);
+                res = pvPortMalloc(size); /* native heap */
             #elif defined(WOLFSSL_EMBOS)
                 res = OS_HEAP_malloc(size);
             #else
-                res = malloc(size);
+                res = malloc(size); /* native heap */
             #endif
 
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line);
+                fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%d\n", heap,
+                    res, (word32)size, func, line);
             #endif
         #else
             WOLFSSL_MSG("No heap hint found to use and no malloc");
@@ -902,13 +1038,24 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
     }
     else {
         WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
-        WOLFSSL_HEAP*      mem  = hint->memory;
+        WOLFSSL_HEAP*      mem;
 
+        if (hint == NULL) {
+            hint = (WOLFSSL_HEAP_HINT*)globalHeapHint;
+        #ifdef WOLFSSL_DEBUG_MEMORY
+            fprintf(stderr, "(Using global heap hint %p) ", hint);
+        #endif
+        }
+        mem = hint->memory;
+
+    #ifndef SINGLE_THREADED
         if (wc_LockMutex(&(mem->memory_mutex)) != 0) {
             WOLFSSL_MSG("Bad memory_mutex lock");
             return NULL;
         }
+    #endif
 
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         /* case of using fixed IO buffers */
         if (mem->flag & WOLFMEM_IO_POOL_FIXED &&
                                              (type == DYNAMIC_TYPE_OUT_BUFFER ||
@@ -920,7 +1067,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                 pt = hint->inBuf;
             }
         }
-        else {
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_STATIC_MEMORY_LEAN
             /* check if using IO pool flag */
             if (mem->flag & WOLFMEM_IO_POOL &&
                                              (type == DYNAMIC_TYPE_OUT_BUFFER ||
@@ -930,6 +1080,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                     mem->io = pt->next;
                 }
             }
+         #endif
 
             /* general static memory */
             if (pt == NULL) {
@@ -942,8 +1093,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                         }
                     #ifdef WOLFSSL_DEBUG_STATIC_MEMORY
                         else {
-                            fprintf(stderr, "Size: %ld, Empty: %d\n", size,
-                                                              mem->sizeList[i]);
+                            fprintf(stderr, "Size: %lu, Empty: %d\n",
+                                (unsigned long) size, mem->sizeList[i]);
                         }
                     #endif
                     }
@@ -952,14 +1103,22 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
         }
 
         if (pt != NULL) {
-            mem->inUse += pt->sz;
+        #ifndef WOLFSSL_STATIC_MEMORY_LEAN
             mem->alloc += 1;
+        #endif
             res = pt->buffer;
 
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line);
+            pt->szUsed = size;
+            fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%d\n", heap,
+                pt->buffer, size, func, line);
         #endif
-
+        #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
+            if (DebugCb) {
+                DebugCb(size, pt->sz, WOLFSSL_DEBUG_MEMORY_ALLOC, type);
+            }
+        #endif
+        #ifndef WOLFSSL_STATIC_MEMORY_LEAN
             /* keep track of connection statistics if flag is set */
             if (mem->flag & WOLFMEM_TRACK_STATS) {
                 WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
@@ -975,15 +1134,24 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                     stats->totalAlloc++;
                 }
             }
+        #endif
         }
         else {
             WOLFSSL_MSG("ERROR ran out of static memory");
+            res = NULL;
             #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Looking for %lu bytes at %s:%d\n", size, func, line);
+                fprintf(stderr, "Looking for %lu bytes at %s:%d\n",
+                    (unsigned long) size, func, line);
+            #endif
+            #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
+            if (DebugCb) {
+                DebugCb(size, 0, WOLFSSL_DEBUG_MEMORY_FAIL, type);
+            }
             #endif
         }
-
+    #ifndef SINGLE_THREADED
         wc_UnLockMutex(&(mem->memory_mutex));
+    #endif
     }
 
     #ifdef WOLFSSL_MALLOC_CHECK
@@ -1016,13 +1184,14 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
     #ifdef WOLFSSL_HEAP_TEST
         if (heap == (void*)WOLFSSL_HEAP_TEST) {
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Free: %p at %s:%d\n", pt, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+                line);
         #endif
-            return free(ptr);
+            return free(ptr); /* native heap */
         }
     #endif
 
-        if (heap == NULL) {
+        if (heap == NULL && globalHeapHint == NULL) {
         #ifdef WOLFSSL_HEAP_TEST
             /* allow using malloc for creating ctx and method */
             if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD ||
@@ -1034,12 +1203,16 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
             }
         #endif
         #ifndef WOLFSSL_NO_MALLOC
+            #ifdef WOLFSSL_DEBUG_MEMORY
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+                line);
+            #endif
             #ifdef FREERTOS
-                vPortFree(ptr);
+                vPortFree(ptr); /* native heap */
             #elif defined(WOLFSSL_EMBOS)
-                OS_HEAP_free(ptr);
+                OS_HEAP_free(ptr); /* native heap */
             #else
-                free(ptr);
+                free(ptr); /* native heap */
             #endif
         #else
             WOLFSSL_MSG("Error trying to call free when turned off");
@@ -1047,16 +1220,31 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
         }
         else {
             WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
-            WOLFSSL_HEAP*      mem  = hint->memory;
+            WOLFSSL_HEAP*      mem;
             word32 padSz = -(int)sizeof(wc_Memory) & (WOLFSSL_STATIC_ALIGN - 1);
 
+            if (hint == NULL) {
+                hint = (WOLFSSL_HEAP_HINT*)globalHeapHint;
+            #ifdef WOLFSSL_DEBUG_MEMORY
+                fprintf(stderr, "(Using global heap hint %p) ", hint);
+            #endif
+            }
+            mem = hint->memory;
+            if (mem == NULL) {
+                WOLFSSL_MSG("Bad hint pointer to memory");
+                return;
+            }
+
             /* get memory struct and add it to available list */
             pt = (wc_Memory*)((byte*)ptr - sizeof(wc_Memory) - padSz);
+        #ifndef SINGLE_THREADED
             if (wc_LockMutex(&(mem->memory_mutex)) != 0) {
                 WOLFSSL_MSG("Bad memory_mutex lock");
                 return;
             }
+        #endif
 
+        #ifndef WOLFSSL_STATIC_MEMORY_LEAN
             /* case of using fixed IO buffers */
             if (mem->flag & WOLFMEM_IO_POOL_FIXED &&
                                              (type == DYNAMIC_TYPE_OUT_BUFFER ||
@@ -1070,22 +1258,38 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
                 pt->next = mem->io;
                 mem->io  = pt;
             }
-            else { /* general memory free */
+            else
+       #endif
+            { /* general memory free */
                 for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
                     if (pt->sz == mem->sizeList[i]) {
                         pt->next = mem->ava[i];
                         mem->ava[i] = pt;
+
+                    #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
+                        if (DebugCb) {
+                        #ifdef WOLFSSL_DEBUG_MEMORY
+                            DebugCb(pt->szUsed, pt->sz, WOLFSSL_DEBUG_MEMORY_FREE, type);
+                        #else
+                            DebugCb(pt->sz, pt->sz, WOLFSSL_DEBUG_MEMORY_FREE, type);
+                        #endif
+                        }
+                    #endif
                         break;
                     }
                 }
             }
+        #ifndef WOLFSSL_STATIC_MEMORY_LEAN
             mem->inUse -= pt->sz;
             mem->frAlc += 1;
-
-        #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Free: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line);
         #endif
 
+        #ifdef WOLFSSL_DEBUG_MEMORY
+            fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%d\n", heap,
+                pt->buffer, pt->szUsed, func, line);
+        #endif
+
+        #ifndef WOLFSSL_STATIC_MEMORY_LEAN
             /* keep track of connection statistics if flag is set */
             if (mem->flag & WOLFMEM_TRACK_STATS) {
                 WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
@@ -1104,7 +1308,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
                     stats->totalFr++;
                 }
             }
+        #endif
+        #ifndef SINGLE_THREADED
             wc_UnLockMutex(&(mem->memory_mutex));
+        #endif
         }
     }
 
@@ -1113,6 +1320,7 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
     (void)type;
 }
 
+#ifndef WOLFSSL_NO_REALLOC
 #ifdef WOLFSSL_DEBUG_MEMORY
 void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line)
 #else
@@ -1126,25 +1334,33 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
     /* check for testing heap hint was set */
 #ifdef WOLFSSL_HEAP_TEST
     if (heap == (void*)WOLFSSL_HEAP_TEST) {
-        return realloc(ptr, size);
+        return realloc(ptr, size); /* native heap */
     }
 #endif
 
-    if (heap == NULL) {
+    if (heap == NULL && globalHeapHint == NULL) {
         #ifdef WOLFSSL_HEAP_TEST
             WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC");
         #endif
         #ifndef WOLFSSL_NO_MALLOC
-            res = realloc(ptr, size);
+            res = realloc(ptr, size); /* native heap */
         #else
             WOLFSSL_MSG("NO heap found to use for realloc");
         #endif /* WOLFSSL_NO_MALLOC */
     }
     else {
         WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
-        WOLFSSL_HEAP*      mem  = hint->memory;
+        WOLFSSL_HEAP*      mem;
         word32 padSz = -(int)sizeof(wc_Memory) & (WOLFSSL_STATIC_ALIGN - 1);
 
+        if (hint == NULL) {
+            hint = (WOLFSSL_HEAP_HINT*)globalHeapHint;
+        #ifdef WOLFSSL_DEBUG_MEMORY
+            fprintf(stderr, "(Using global heap hint %p) ", hint);
+        #endif
+        }
+        mem = hint->memory;
+
         if (ptr == NULL) {
         #ifdef WOLFSSL_DEBUG_MEMORY
             return wolfSSL_Malloc(size, heap, type, func, line);
@@ -1152,12 +1368,14 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
             return wolfSSL_Malloc(size, heap, type);
         #endif
         }
-
+    #ifndef SINGLE_THREADED
         if (wc_LockMutex(&(mem->memory_mutex)) != 0) {
             WOLFSSL_MSG("Bad memory_mutex lock");
             return NULL;
         }
+    #endif
 
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         /* case of using fixed IO buffers or IO pool */
         if (((mem->flag & WOLFMEM_IO_POOL)||(mem->flag & WOLFMEM_IO_POOL_FIXED))
                                           && (type == DYNAMIC_TYPE_OUT_BUFFER ||
@@ -1170,7 +1388,9 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
             }
             res = pt->buffer;
         }
-        else {
+        else
+    #endif
+        {
         /* general memory */
             for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
                 if ((word32)size <= mem->sizeList[i]) {
@@ -1183,30 +1403,40 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
             }
 
             if (pt != NULL && res == NULL) {
+                word32 prvSz;
+
                 res = pt->buffer;
 
                 /* copy over original information and free ptr */
-                word32 prvSz = ((wc_Memory*)((byte*)ptr - padSz -
+                prvSz = ((wc_Memory*)((byte*)ptr - padSz -
                                                sizeof(wc_Memory)))->sz;
                 prvSz = (prvSz > pt->sz)? pt->sz: prvSz;
                 XMEMCPY(pt->buffer, ptr, prvSz);
+            #ifndef WOLFSSL_STATIC_MEMORY_LEAN
                 mem->inUse += pt->sz;
                 mem->alloc += 1;
+            #endif
 
                 /* free memory that was previously being used */
+            #ifndef SINGLE_THREADED
                 wc_UnLockMutex(&(mem->memory_mutex));
+            #endif
                 wolfSSL_Free(ptr, heap, type
             #ifdef WOLFSSL_DEBUG_MEMORY
                     , func, line
             #endif
                 );
+            #ifndef SINGLE_THREADED
                 if (wc_LockMutex(&(mem->memory_mutex)) != 0) {
                     WOLFSSL_MSG("Bad memory_mutex lock");
                     return NULL;
                 }
+            #endif
             }
         }
+    #ifndef SINGLE_THREADED
         wc_UnLockMutex(&(mem->memory_mutex));
+    #endif
     }
 
     #ifdef WOLFSSL_MALLOC_CHECK
@@ -1223,7 +1453,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
     return res;
 }
 #endif /* WOLFSSL_STATIC_MEMORY */
-
+#endif /* WOLFSSL_NO_REALLOC */
 #endif /* USE_WOLFSSL_MEMORY */
 
 
@@ -1262,7 +1492,7 @@ void* XMALLOC(size_t n, void* heap, int type)
             return NULL;
     }
 
-    return malloc(n);
+    return malloc(n); /* native heap */
 }
 
 void* XREALLOC(void *p, size_t n, void* heap, int type)
@@ -1283,7 +1513,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type)
             return NULL;
     }
 
-    return realloc(p, n);
+    return realloc(p, n); /* native heap */
 }
 
 void XFREE(void *p, void* heap, int type)
@@ -1296,7 +1526,7 @@ void XFREE(void *p, void* heap, int type)
     if (type == DYNAMIC_TYPE_OUT_BUFFER)
         return;  /* do nothing, static pool */
 
-    free(p);
+    free(p); /* native heap */
 }
 
 #endif /* HAVE_IO_POOL */
@@ -1323,7 +1553,7 @@ void *xmalloc(size_t n, void* heap, int type, const char* func,
 #endif
     }
     else
-        p32 = malloc(n + sizeof(word32) * 4);
+        p32 = malloc(n + sizeof(word32) * 4); /* native heap */
 
     if (p32 != NULL) {
         p32[0] = (word32)n;
@@ -1366,7 +1596,7 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
 #endif
     }
     else
-        p32 = realloc(oldp32, n + sizeof(word32) * 4);
+        p32 = realloc(oldp32, n + sizeof(word32) * 4); /* native heap */
 
     if (p32 != NULL) {
         p32[0] = (word32)n;
@@ -1412,7 +1642,7 @@ void xfree(void *p, void* heap, int type, const char* func, const char* file,
 #endif
         }
         else
-            free(p32);
+            free(p32); /* native heap */
     }
 
     (void)heap;
@@ -1508,16 +1738,21 @@ THREAD_LS_T const char *wc_svr_last_file = NULL;
 THREAD_LS_T int wc_svr_last_line = -1;
 THREAD_LS_T int wc_debug_vector_registers_retval =
     WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL;
+#endif
 
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
 
+#ifdef HAVE_THREAD_LS
+
 WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
     static THREAD_LS_T struct drand48_data wc_svr_fuzzing_state;
     static THREAD_LS_T int wc_svr_fuzzing_seeded = 0;
     long result;
 
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS
     if (wc_debug_vector_registers_retval)
         return wc_debug_vector_registers_retval;
+#endif
 
     if (wc_svr_fuzzing_seeded == 0) {
         long seed = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
@@ -1534,9 +1769,47 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
         return 0;
 }
 
+#else /* !HAVE_THREAD_LS */
+
+/* alternate implementation useful for testing in the kernel module build, where
+ * glibc and thread-local storage are unavailable.
+ *
+ * note this is not a well-behaved PRNG, but is adequate for fuzzing purposes.
+ * the prn sequence is incompressible according to ent and xz, and does not
+ * cycle within 10M iterations with various seeds including zero, but the Chi
+ * square distribution is poor, and the unconditioned lsb bit balance is ~54%
+ * regardless of seed.
+ *
+ * deterministic only if access is single-threaded, but never degenerate.
+ */
+
+WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) {
+    static unsigned long prn = WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED;
+    static int balance_bit = 0;
+    unsigned long new_prn = prn ^ 0xba86943da66ee701ul; /* note this magic
+                                                         * random number is
+                                                         * bit-balanced.
+                                                         */
+
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS
+    if (wc_debug_vector_registers_retval)
+        return wc_debug_vector_registers_retval;
 #endif
 
-#endif
+    /* barrel-roll using the bottom 6 bits. */
+    if (new_prn & 0x3f)
+        new_prn = (new_prn << (new_prn & 0x3f)) |
+            (new_prn >> (0x40 - (new_prn & 0x3f)));
+    prn = new_prn;
+
+    balance_bit = !balance_bit;
+
+    return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0;
+}
+
+#endif /* !HAVE_THREAD_LS */
+
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */
 
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_memory.c"
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 62cd9b409..1d5b06740 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -1,6 +1,6 @@
 /* misc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -115,23 +115,19 @@ masking and clearing memory logic.
 
 #endif
 
-#ifdef WC_RC2
-
 /* This routine performs a left circular arithmetic shift of <x> by <y> value */
 WC_MISC_STATIC WC_INLINE word16 rotlFixed16(word16 x, word16 y)
 {
-    return (x << y) | (x >> (sizeof(x) * 8 - y));
+    return (word16)((x << y) | (x >> (sizeof(x) * 8U - y)));
 }
 
 
 /* This routine performs a right circular arithmetic shift of <x> by <y> value */
 WC_MISC_STATIC WC_INLINE word16 rotrFixed16(word16 x, word16 y)
 {
-    return (x >> y) | (x << (sizeof(x) * 8 - y));
+    return (word16)((x >> y) | (x << (sizeof(x) * 8U - y)));
 }
 
-#endif /* WC_RC2 */
-
 /* This routine performs a byte swap of 32-bit word value. */
 #if defined(__CCRX__) && !defined(NO_INLINE) /* shortest version for CC-RX */
     #define ByteReverseWord32(value) _builtin_revl(value)
@@ -193,6 +189,28 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
             out[i] = ByteReverseWord32(in[i]);
     }
 #ifdef WOLFSSL_USE_ALIGN
+    else if (((size_t)in & 0x3) == 0) {
+        byte *out_bytes = (byte *)out;
+        word32 scratch;
+
+        byteCount &= ~0x3U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
+            scratch = ByteReverseWord32(*in++);
+            XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
+        }
+    }
+    else if (((size_t)out & 0x3) == 0) {
+        byte *in_bytes = (byte *)in;
+        word32 scratch;
+
+        byteCount &= ~0x3U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
+            XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
+            *out++ = ByteReverseWord32(scratch);
+        }
+    }
     else {
         byte *in_bytes = (byte *)in;
         byte *out_bytes = (byte *)out;
@@ -200,7 +218,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
 
         byteCount &= ~0x3U;
 
-        for (i = 0; i < byteCount; i += sizeof(word32)) {
+        for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
             XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
             scratch = ByteReverseWord32(scratch);
             XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
@@ -209,8 +227,101 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
 #endif
 }
 
+WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+        return *(word32 *)in;
+    else {
+        word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
+        XMEMCPY(&out, in, sizeof(out));
+        return out;
+    }
+}
+
+WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+        *(word32 *)out = in;
+    else {
+        XMEMCPY(out, &in, sizeof(in));
+    }
+    return in;
+}
+
+WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in,
+                                                   size_t count)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+        const word32 *in_word32 = (const word32 *)in;
+        while (count-- > 0)
+            *out++ = *in_word32++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*out));
+    }
+}
+
+WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
+                                                    size_t count)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+        word32 *out_word32 = (word32 *)out;
+        while (count-- > 0)
+            *out_word32++ = *in++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*in));
+    }
+}
+
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
 
+WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+        return *(word64 *)in;
+    else {
+        word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
+        XMEMCPY(&out, in, sizeof(out));
+        return out;
+    }
+}
+
+WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+        *(word64 *)out = in;
+    else {
+        XMEMCPY(out, &in, sizeof(in));
+    }
+    return in;
+}
+
+WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
+                                                   size_t count)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+        const word64 *in_word64 = (const word64 *)in;
+        while (count-- > 0)
+            *out++ = *in_word64++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*out));
+    }
+}
+
+WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
+                                                    size_t count)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+        word64 *out_word64 = (word64 *)out;
+        while (count-- > 0)
+            *out_word64++ = *in++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*in));
+    }
+}
 
 WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
 {
@@ -246,22 +357,68 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
 {
     word32 count = byteCount/(word32)sizeof(word64), i;
 
-    for (i = 0; i < count; i++)
-        out[i] = ByteReverseWord64(in[i]);
+#ifdef WOLFSSL_USE_ALIGN
+    if ((((size_t)in & 0x7) == 0) &&
+        (((size_t)out & 0x7) == 0))
+#endif
+    {
+        for (i = 0; i < count; i++)
+            out[i] = ByteReverseWord64(in[i]);
+    }
+#ifdef WOLFSSL_USE_ALIGN
+    else if (((size_t)in & 0x7) == 0) {
+        byte *out_bytes = (byte *)out;
+        word64 scratch;
 
+        byteCount &= ~0x7U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
+            scratch = ByteReverseWord64(*in++);
+            XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
+        }
+    }
+    else if (((size_t)out & 0x7) == 0) {
+        byte *in_bytes = (byte *)in;
+        word64 scratch;
+
+        byteCount &= ~0x7U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
+            XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
+            *out++ = ByteReverseWord64(scratch);
+        }
+    }
+    else {
+        byte *in_bytes = (byte *)in;
+        byte *out_bytes = (byte *)out;
+        word64 scratch;
+
+        byteCount &= ~0x7U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
+            XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
+            scratch = ByteReverseWord64(scratch);
+            XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
+        }
+    }
+#endif
 }
 
 #endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
 
 #ifndef WOLFSSL_NO_XOR_OPS
+
+/* Leave no doubt that WOLFSSL_WORD_SIZE is a power of 2. */
+wc_static_assert((WOLFSSL_WORD_SIZE & (WOLFSSL_WORD_SIZE - 1)) == 0);
+
 /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
 of wolfssl_words, placing the result in <*r>. */
 WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r,
                        const wolfssl_word** a, const wolfssl_word** b, word32 n)
 {
-    word32 i;
+    const wolfssl_word *e = *a + n;
 
-    for (i = 0; i < n; i++)
+    while (*a < e)
         *((*r)++) = *((*a)++) ^ *((*b)++);
 }
 
@@ -271,48 +428,68 @@ counts, placing the result in <*buf>. */
 WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf,
                                         const void* mask, word32 count)
 {
-    word32      i;
-    byte*       o;
-    const byte* b;
-    const byte* m;
+    byte*       o = (byte*)out;
+    const byte* b = (const byte*)buf;
+    const byte* m = (const byte*)mask;
 
-    o = (byte*)out;
-    b = (const byte*)buf;
-    m = (const byte*)mask;
+    /* type-punning helpers */
+    union {
+        byte* bp;
+        wolfssl_word* wp;
+    } tpo;
+    union {
+        const byte* bp;
+        const wolfssl_word* wp;
+    } tpb, tpm;
 
+    if (((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
+        ((((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
+        ((((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)) == 0))
+    {
+        /* All buffers are already aligned.  Possible to XOR by words without
+         * fixup.
+         */
 
-    if (((wc_ptr_t)o) % WOLFSSL_WORD_SIZE ==
-            ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE &&
-            ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
-                        ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
-        /* type-punning helpers */
-        union {
-            byte* bp;
-            wolfssl_word* wp;
-        } tpo;
-        union {
-            const byte* bp;
-            const wolfssl_word* wp;
-        } tpb, tpm;
-        /* Alignment checks out. Possible to XOR words. */
-        /* Move alignment so that it lines up with a
-         * WOLFSSL_WORD_SIZE boundary */
-        while (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
-            *(o++) = (byte)(*(b++) ^ *(m++));
-            count--;
-        }
         tpo.bp = o;
         tpb.bp = b;
         tpm.bp = m;
-        XorWordsOut( &tpo.wp, &tpb.wp, &tpm.wp, count / WOLFSSL_WORD_SIZE);
+        XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
         o = tpo.bp;
         b = tpb.bp;
         m = tpm.bp;
-        count %= WOLFSSL_WORD_SIZE;
+        count &= (WOLFSSL_WORD_SIZE - 1);
+    }
+    else if ((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) ==
+             (((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) &&
+             (((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) ==
+             (((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)))
+    {
+        /* Alignment can be fixed up to allow XOR by words. */
+
+        /* Perform bytewise xor until pointers are aligned to
+         * WOLFSSL_WORD_SIZE.
+         */
+        while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0))
+        {
+            *o++ = (byte)(*b++ ^ *m++);
+            count--;
+        }
+
+        tpo.bp = o;
+        tpb.bp = b;
+        tpm.bp = m;
+        XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
+        o = tpo.bp;
+        b = tpb.bp;
+        m = tpm.bp;
+        count &= (WOLFSSL_WORD_SIZE - 1);
+    }
+
+    while (count > 0) {
+        *o++ = (byte)(*b++ ^ *m++);
+        count--;
     }
 
-    for (i = 0; i < count; i++)
-        o[i] = (byte)(b[i] ^ m[i]);
 }
 
 /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
@@ -320,9 +497,9 @@ of wolfssl_words, placing the result in <*r>. */
 WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a,
                                        word32 n)
 {
-    word32 i;
+    const wolfssl_word *e = *a + n;
 
-    for (i = 0; i < n; i++)
+    while (*a < e)
         *((*r)++) ^= *((*a)++);
 }
 
@@ -331,47 +508,82 @@ counts, placing the result in <*buf>. */
 
 WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
 {
-    word32      i;
-    byte*       b;
-    const byte* m;
+    byte*       b = (byte*)buf;
+    const byte* m = (const byte*)mask;
 
-    b = (byte*)buf;
-    m = (const byte*)mask;
+    /* type-punning helpers */
+    union {
+        byte* bp;
+        wolfssl_word* wp;
+    } tpb;
+    union {
+        const byte* bp;
+        const wolfssl_word* wp;
+    } tpm;
 
-    if (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
-            ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
-        /* type-punning helpers */
-        union {
-            byte* bp;
-            wolfssl_word* wp;
-        } tpb;
-        union {
-            const byte* bp;
-            const wolfssl_word* wp;
-        } tpm;
-        /* Alignment checks out. Possible to XOR words. */
-        /* Move alignment so that it lines up with a
-         * WOLFSSL_WORD_SIZE boundary */
-        while (((wc_ptr_t)buf) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
+    if ((((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
+        (((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)) == 0))
+    {
+        /* Both buffers are already aligned.  Possible to XOR by words without
+         * fixup.
+         */
+
+        tpb.bp = b;
+        tpm.bp = m;
+        /* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_PUSH;
+            PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+        #endif
+        XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_POP;
+        #endif
+        b = tpb.bp;
+        m = tpm.bp;
+        count &= (WOLFSSL_WORD_SIZE - 1);
+    }
+    else if (((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) ==
+             ((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)))
+    {
+        /* Alignment can be fixed up to allow XOR by words. */
+
+        /* Perform bytewise xor until pointers are aligned to
+         * WOLFSSL_WORD_SIZE.
+         */
+        while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0))
+        {
             *(b++) ^= *(m++);
             count--;
         }
+
         tpb.bp = b;
         tpm.bp = m;
-        XorWords( &tpb.wp, &tpm.wp, count / WOLFSSL_WORD_SIZE);
+        /* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_PUSH;
+            PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+        #endif
+        XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_POP;
+        #endif
         b = tpb.bp;
         m = tpm.bp;
-        count %= WOLFSSL_WORD_SIZE;
+        count &= (WOLFSSL_WORD_SIZE - 1);
     }
 
-    for (i = 0; i < count; i++)
-        b[i] ^= m[i];
+    while (count > 0) {
+        *b++ ^= *m++;
+        count--;
+    }
 }
-#endif
+
+#endif /* !WOLFSSL_NO_XOR_OPS */
 
 #ifndef WOLFSSL_NO_FORCE_ZERO
 /* This routine fills the first len bytes of the memory area pointed by mem
-   with zeros. It ensures compiler optimizations doesn't skip it  */
+   with zeros. It ensures compiler optimization doesn't skip it  */
 WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, word32 len)
 {
     volatile byte* z = (volatile byte*)mem;
@@ -417,134 +629,6 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b,
 }
 #endif
 
-
-#ifndef WOLFSSL_HAVE_MIN
-    #define WOLFSSL_HAVE_MIN
-    #if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
-        #define min min
-    #endif
-    /* returns the smaller of a and b */
-    WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-#endif /* !WOLFSSL_HAVE_MIN */
-
-#ifndef WOLFSSL_HAVE_MAX
-    #define WOLFSSL_HAVE_MAX
-    #if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
-        #define max max
-    #endif
-    WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b)
-    {
-        return a > b ? a : b;
-    }
-#endif /* !WOLFSSL_HAVE_MAX */
-
-#ifndef WOLFSSL_NO_INT_ENCODE
-/* converts a 32 bit integer to 24 bit */
-WC_MISC_STATIC WC_INLINE void c32to24(word32 in, word24 out)
-{
-    out[0] = (byte)((in >> 16) & 0xff);
-    out[1] = (byte)((in >>  8) & 0xff);
-    out[2] =  (byte)(in        & 0xff);
-}
-
-/* convert 16 bit integer to opaque */
-WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c)
-{
-    c[0] = (byte)((wc_u16 >> 8) & 0xff);
-    c[1] =  (byte)(wc_u16       & 0xff);
-}
-
-/* convert 32 bit integer to opaque */
-WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
-{
-    c[0] = (byte)((wc_u32 >> 24) & 0xff);
-    c[1] = (byte)((wc_u32 >> 16) & 0xff);
-    c[2] = (byte)((wc_u32 >>  8) & 0xff);
-    c[3] =  (byte)(wc_u32        & 0xff);
-}
-#endif
-
-#ifndef WOLFSSL_NO_INT_DECODE
-/* convert a 24 bit integer into a 32 bit one */
-WC_MISC_STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
-{
-    *wc_u32 = ((word32)wc_u24[0] << 16) |
-              ((word32)wc_u24[1] << 8) |
-               (word32)wc_u24[2];
-}
-
-
-/* convert opaque to 24 bit integer */
-WC_MISC_STATIC WC_INLINE void ato24(const byte* c, word32* wc_u24)
-{
-    *wc_u24 = ((word32)c[0] << 16) | ((word32)c[1] << 8) | c[2];
-}
-
-/* convert opaque to 16 bit integer */
-WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16)
-{
-    *wc_u16 = (word16) ((c[0] << 8) | (c[1]));
-}
-
-/* convert opaque to 32 bit integer */
-WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
-{
-    *wc_u32 = ((word32)c[0] << 24) |
-              ((word32)c[1] << 16) |
-              ((word32)c[2] << 8) |
-               (word32)c[3];
-}
-
-/* convert opaque to 32 bit integer. Interpret as little endian. */
-WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32)
-{
-    *wc_u32 =  (word32)c[0] |
-              ((word32)c[1] << 8) |
-              ((word32)c[2] << 16) |
-              ((word32)c[3] << 24);
-}
-
-
-WC_MISC_STATIC WC_INLINE word32 btoi(byte b)
-{
-    return (word32)(b - 0x30);
-}
-#endif
-
-WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch)
-{
-    signed char ret = (signed char)ch;
-    if (ret >= '0' && ret <= '9')
-        ret -= '0';
-    else if (ret >= 'A' && ret <= 'F')
-        ret -= 'A' - 10;
-    else if (ret >= 'a' && ret <= 'f')
-        ret -= 'a' - 10;
-    else
-        ret = -1; /* error case - return code must be signed */
-    return ret;
-}
-
-WC_MISC_STATIC WC_INLINE char ByteToHex(byte in)
-{
-    static const char kHexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
-                                     '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
-    return (char)(kHexChar[in & 0xF]);
-}
-
-WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
-{
-    if (out == NULL)
-        return -1;
-
-    out[0] = ByteToHex((byte)(in >> 4));
-    out[1] = ByteToHex((byte)(in & 0xf));
-    return 0;
-}
-
 #ifndef WOLFSSL_NO_CT_OPS
 /* Constant time - mask set when a > b. */
 WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
@@ -564,6 +648,14 @@ WC_MISC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b)
     return (int)((((word32)a - (word32)b) >> 31) - 1);
 }
 
+#ifdef WORD64_AVAILABLE
+/* Constant time - mask set when a >= b. */
+WC_MISC_STATIC WC_INLINE word32 ctMaskWord32GTE(word32 a, word32 b)
+{
+  return (word32)((((word64)a - (word64)b) >> 63) - 1);
+}
+#endif
+
 /* Constant time - mask set when a < b. */
 WC_MISC_STATIC WC_INLINE byte ctMaskLT(int a, int b)
 {
@@ -655,7 +747,176 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
     }
 }
 
+#endif /* !WOLFSSL_NO_CT_OPS */
+
+#ifndef WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MIN
+    #if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
+        #define min min
+    #endif
+    /* returns the smaller of a and b */
+    WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b)
+    {
+#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE)
+        word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
+        return (a & ~gte_mask) | (b & gte_mask);
+#else /* WOLFSSL_NO_CT_OPS */
+        return a > b ? b : a;
+#endif /* WOLFSSL_NO_CT_OPS */
+    }
+#endif /* !WOLFSSL_HAVE_MIN */
+
+#ifndef WOLFSSL_HAVE_MAX
+    #define WOLFSSL_HAVE_MAX
+    #if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
+        #define max max
+    #endif
+    WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b)
+    {
+#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE)
+        word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
+        return (a & gte_mask) | (b & ~gte_mask);
+#else /* WOLFSSL_NO_CT_OPS */
+        return a > b ? a : b;
+#endif /* WOLFSSL_NO_CT_OPS */
+    }
+#endif /* !WOLFSSL_HAVE_MAX */
+
+#ifndef WOLFSSL_NO_INT_ENCODE
+/* converts a 32 bit integer to 24 bit */
+WC_MISC_STATIC WC_INLINE void c32to24(word32 in, word24 out)
+{
+    out[0] = (byte)((in >> 16) & 0xff);
+    out[1] = (byte)((in >>  8) & 0xff);
+    out[2] =  (byte)(in        & 0xff);
+}
+
+/* convert 16 bit integer to opaque */
+WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c)
+{
+    c[0] = (byte)((wc_u16 >> 8) & 0xff);
+    c[1] =  (byte)(wc_u16       & 0xff);
+}
+
+/* convert 32 bit integer to opaque */
+WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
+{
+#ifdef WOLFSSL_USE_ALIGN
+    c[0] = (byte)((wc_u32 >> 24) & 0xff);
+    c[1] = (byte)((wc_u32 >> 16) & 0xff);
+    c[2] = (byte)((wc_u32 >>  8) & 0xff);
+    c[3] =  (byte)(wc_u32        & 0xff);
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *(word32*)c = ByteReverseWord32(wc_u32);
+#else
+    *(word32*)c = wc_u32;
 #endif
+}
+#endif
+
+#ifndef WOLFSSL_NO_INT_DECODE
+/* convert a 24 bit integer into a 32 bit one */
+WC_MISC_STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
+{
+    *wc_u32 = ((word32)wc_u24[0] << 16) |
+              ((word32)wc_u24[1] << 8) |
+               (word32)wc_u24[2];
+}
+
+
+/* convert opaque to 24 bit integer */
+WC_MISC_STATIC WC_INLINE void ato24(const byte* c, word32* wc_u24)
+{
+    *wc_u24 = ((word32)c[0] << 16) | ((word32)c[1] << 8) | c[2];
+}
+
+/* convert opaque to 16 bit integer */
+WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16)
+{
+    *wc_u16 = (word16) ((c[0] << 8) | (c[1]));
+}
+
+/* convert opaque to 32 bit integer */
+WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
+{
+#ifdef WOLFSSL_USE_ALIGN
+    *wc_u32 = ((word32)c[0] << 24) |
+              ((word32)c[1] << 16) |
+              ((word32)c[2] << 8) |
+               (word32)c[3];
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *wc_u32 = ByteReverseWord32(*(word32*)c);
+#else
+    *wc_u32 = *(word32*)c;
+#endif
+}
+
+/* convert opaque to 32 bit integer. Interpret as little endian. */
+WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32)
+{
+    *wc_u32 =  (word32)c[0] |
+              ((word32)c[1] << 8) |
+              ((word32)c[2] << 16) |
+              ((word32)c[3] << 24);
+}
+
+
+WC_MISC_STATIC WC_INLINE word32 btoi(byte b)
+{
+    return (word32)(b - 0x30);
+}
+#endif
+
+WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch)
+{
+    signed char ret = (signed char)ch;
+    if (ret >= '0' && ret <= '9')
+        ret = (signed char)(ret - '0');
+    else if (ret >= 'A' && ret <= 'F')
+        ret = (signed char)(ret - ('A' - 10));
+    else if (ret >= 'a' && ret <= 'f')
+        ret = (signed char)(ret - ('a' - 10));
+    else
+        ret = -1; /* error case - return code must be signed */
+    return ret;
+}
+
+WC_MISC_STATIC WC_INLINE char ByteToHex(byte in)
+{
+    static ALIGN64 const char kHexChar[] = {
+        '0', '1', '2', '3', '4', '5', '6', '7',
+        '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+    };
+    return (char)(kHexChar[in & 0xF]);
+}
+
+WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
+{
+    if (out == NULL)
+        return -1;
+
+    out[0] = ByteToHex((byte)(in >> 4));
+    out[1] = ByteToHex((byte)(in & 0xf));
+    return 0;
+}
+
+WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch)
+{
+#ifndef WOLFSSL_NO_CT_OPS
+    return (ctMaskEq(ch, ' ') |
+            ctMaskEq(ch, '\t') |
+            ctMaskEq(ch, '\n')) & 1;
+#else /* WOLFSSL_NO_CT_OPS */
+    switch (ch) {
+        case ' ':
+        case '\t':
+        case '\n':
+            return 1;
+        default:
+            return 0;
+    }
+#endif /* WOLFSSL_NO_CT_OPS */
+}
 
 #if defined(WOLFSSL_W64_WRAPPER)
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_W64_WRAPPER_TEST)
@@ -685,13 +946,23 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) {
 
 WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
 {
-    a.n = a.n + b;
+    a.n += b;
     if (a.n < b && wrap != NULL)
         *wrap = 1;
 
     return a;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b,
+    byte *wrap)
+{
+    a.n += b.n;
+    if (a.n < b.n && wrap != NULL)
+        *wrap = 1;
+
+    return a;
+}
+
 WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap)
 {
     if (a.n < b && wrap != NULL)
@@ -760,7 +1031,27 @@ WC_MISC_STATIC WC_INLINE void w64Zero(w64wrapper *a)
     a->n = 0;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
+{
+    a.n >>= shift;
+    return a;
+}
+
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
+{
+    a.n <<= shift;
+    return a;
+}
+
+WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b)
+{
+    w64wrapper ret;
+    ret.n = (word64)a * (word64)b;
+    return ret;
+}
+
 #else
+
 WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n)
 {
     n->n[1]++;
@@ -794,7 +1085,7 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low)
 
 WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
 {
-    a.n[1] = a.n[1] + b;
+    a.n[1] += b;
     if (a.n[1] < b) {
         a.n[0]++;
         if (wrap != NULL && a.n[0] == 0)
@@ -804,6 +1095,24 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
     return a;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b,
+    byte *wrap)
+{
+    a.n[1] += b.n[1];
+    if (a.n[1] < b.n[1]) {
+        a.n[0]++;
+        if (wrap != NULL && a.n[0] == 0)
+                *wrap = 1;
+    }
+
+    a.n[0] += b.n[0];
+    if (wrap != NULL && a.n[0] < b.n[0]) {
+        *wrap = 1;
+    }
+
+    return a;
+}
+
 WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap)
 {
     byte _underflow = 0;
@@ -857,7 +1166,7 @@ WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a)
     return a.n[0] == 0 && a.n[1] == 0;
 }
 
-WC_MISC_STATIC WC_INLINE void c64toa(w64wrapper *a, byte *out)
+WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out)
 {
 #ifdef BIG_ENDIAN_ORDER
     word32 *_out = (word32*)(out);
@@ -899,6 +1208,55 @@ WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b)
     return 0;
 }
 
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
+{
+     if (shift < 32) {
+         a.n[1] = (a.n[1] >> shift) | (a.n[0] << (32 - shift));
+         a.n[0] >>= shift;
+     }
+     else {
+         a.n[1] = a.n[0] >> (shift - 32);
+         a.n[0] = 0;
+     }
+     return a;
+}
+WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
+{
+     if (shift < 32) {
+         a.n[0] = (a.n[0] << shift) | (a.n[1] >> (32 - shift));
+         a.n[1] <<= shift;
+     }
+     else {
+         a.n[0] = a.n[1] << (shift - 32);
+         a.n[1] = 0;
+     }
+     return a;
+}
+
+WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b)
+{
+    w64wrapper ret;
+    word16 ltlA, ltlB, ltlC, ltlD;
+    word32 bigA, bigB, bigC, bigD;
+
+    ltlA = a & 0xFFFF;
+    ltlB = (a >> 16) & 0xFFFF;
+    ltlC = b & 0xFFFF;
+    ltlD = (b >> 16) & 0xFFFF;
+
+    bigA = (word32)ltlA * (word32)ltlC;
+    bigC = (word32)ltlB * (word32)ltlC;
+    bigD = (word32)ltlA * (word32)ltlD;
+    bigB = (word32)ltlB * (word32)ltlD;
+
+    ret = w64From32(0, bigB);
+    ret = w64ShiftLeft(ret, 16);
+    ret = w64Add32(ret, bigD, NULL);
+    ret = w64Add32(ret, bigC, NULL);
+    ret = w64ShiftLeft(ret, 16);
+    return w64Add32(ret, bigA, NULL);
+}
+
 #endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */
 #endif /* WOLFSSL_W64_WRAPPER */
 
@@ -939,6 +1297,25 @@ WC_MISC_STATIC WC_INLINE word32 HashObject(const byte* o, word32 len,
 #endif /* WOLFCRYPT_ONLY && !NO_HASH_WRAPPER &&
         * (!NO_SESSION_CACHE || HAVE_SESSION_TICKET) */
 
+WC_MISC_STATIC WC_INLINE char* CopyString(const char* src, int srcLen,
+        void* heap, int type) {
+    char* dst = NULL;
+
+    if (src == NULL)
+        return NULL;
+
+    if (srcLen <= 0)
+        srcLen = (int)XSTRLEN(src);
+
+    dst = (char*)XMALLOC((size_t)srcLen + 1, heap, type);
+    if (dst != NULL) {
+        XMEMCPY(dst, src, (size_t)srcLen);
+        dst[srcLen] = '\0';
+    }
+
+    return dst;
+}
+
 #endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */
 
 #endif /* WOLF_CRYPT_MISC_C */
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index 22e641508..42f8074b5 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -1,6 +1,6 @@
 /* pkcs12.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -130,15 +130,22 @@ typedef struct WC_PKCS12_ATTRIBUTE {
 
 
 WC_PKCS12* wc_PKCS12_new(void)
+{
+    return wc_PKCS12_new_ex(NULL);
+}
+
+
+WC_PKCS12* wc_PKCS12_new_ex(void* heap)
 {
     WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12),
-                                                      NULL, DYNAMIC_TYPE_PKCS);
+                                                      heap, DYNAMIC_TYPE_PKCS);
     if (pkcs12 == NULL) {
         WOLFSSL_MSG("Memory issue when creating WC_PKCS12 struct");
         return NULL;
     }
 
     XMEMSET(pkcs12, 0, sizeof(WC_PKCS12));
+    pkcs12->heap = heap;
 
     return pkcs12;
 }
@@ -158,9 +165,7 @@ static void freeSafe(AuthenticatedSafe* safe, void* heap)
         safe->CI = ci->next;
         XFREE(ci, heap, DYNAMIC_TYPE_PKCS);
     }
-    if (safe->data != NULL) {
-        XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS);
-    }
+    XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS);
     XFREE(safe, heap, DYNAMIC_TYPE_PKCS);
 
     (void)heap;
@@ -184,25 +189,17 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
 
     /* free mac data */
     if (pkcs12->signData != NULL) {
-        if (pkcs12->signData->digest != NULL) {
-            XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
-        }
-        if (pkcs12->signData->salt != NULL) {
-            XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
-        }
+        XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
+        XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
         XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS);
     }
 
 #ifdef ASN_BER_TO_DER
-    if (pkcs12->der != NULL) {
-        XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-    }
-    if (pkcs12->safeDer != NULL) {
-        XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-    }
+    XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+    XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS);
 #endif
 
-    XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS);
+    XFREE(pkcs12, heap, DYNAMIC_TYPE_PKCS);
 }
 
 
@@ -290,8 +287,9 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
 #ifdef ASN_BER_TO_DER
      if (pkcs12->indefinite) {
         if (wc_BerToDer(input, safe->dataSz, NULL,
-                        &pkcs12->safeDersz) != LENGTH_ONLY_E) {
+                        &pkcs12->safeDersz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             WOLFSSL_MSG("Not BER sequence");
+            freeSafe(safe, pkcs12->heap);
             return ASN_PARSE_E;
         }
 
@@ -526,8 +524,7 @@ exit_gsd:
     /* failure cleanup */
     if (ret != 0) {
         if (mac) {
-            if (mac->digest)
-                XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST);
+            XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST);
             XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
         }
     }
@@ -704,7 +701,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
     #ifdef ASN_BER_TO_DER
      if (size == 0) {
          if (wc_BerToDer(der, totalSz, NULL,
-                         (word32*)&size) != LENGTH_ONLY_E) {
+                         (word32*)&size) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
              WOLFSSL_MSG("Not BER sequence");
              return ASN_PARSE_E;
          }
@@ -849,9 +846,7 @@ int wc_d2i_PKCS12_fp(const char* file, WC_PKCS12** pkcs12)
         wc_PKCS12_free(*pkcs12);
         *pkcs12 = NULL;
     }
-    if (buf != NULL) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     WOLFSSL_LEAVE("wc_d2i_PKCS12_fp", ret);
 
@@ -984,7 +979,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
 
         totalSz += 4; /* Element */
 
-        totalSz += 2 + sizeof(WC_PKCS12_DATA_OID);
+        totalSz += 2U + (word32)sizeof(WC_PKCS12_DATA_OID);
 
         totalSz += 4; /* Seq */
 
@@ -1001,7 +996,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
             if (der == NULL && derSz != NULL) {
                 *derSz = (int)totalSz;
                 XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if (*der == NULL) {
@@ -1043,7 +1038,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
         /* OID */
         idx += (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), &buf[idx]);
         XMEMCPY(&buf[idx], WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
-        idx += sizeof(WC_PKCS12_DATA_OID);
+        idx += (word32)sizeof(WC_PKCS12_DATA_OID);
 
         /* Element */
         buf[idx++] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC;
@@ -1092,9 +1087,7 @@ void wc_FreeCertList(WC_DerCertList* list, void* heap)
 
     while (current != NULL) {
         next = current->next;
-        if (current->buffer != NULL) {
-            XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
-        }
+        XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
         XFREE(current, heap, DYNAMIC_TYPE_PKCS);
         current = next;
     }
@@ -1119,8 +1112,8 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
     while (current != NULL) {
 
         InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
-        if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
-            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert) == 1) {
+        if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
+            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) {
                 WOLFSSL_MSG("Key Pair found");
                 *cert = current->buffer;
                 *certSz = current->bufferSz;
@@ -1152,7 +1145,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
 #ifdef ASN_BER_TO_DER
 /* append data to encrypted content cache in PKCS12 structure
  * return buffer on success, NULL on error */
-static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData,
+static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData,
         word32* mergedSz, byte* in, word32 inSz)
 {
     byte* oldContent;
@@ -1265,7 +1258,7 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
                     ret = MEMORY_E;
                 }
             }
-            mergedData = PKCS12_ConcatonateContent(pkcs12, mergedData,
+            mergedData = PKCS12_ConcatenateContent(pkcs12, mergedData,
                     &mergedSz, &data[*idx], (word32)encryptedContentSz);
             if (mergedData == NULL) {
                 ret = MEMORY_E;
@@ -1277,17 +1270,19 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
         *idx += (word32)encryptedContentSz;
     }
 
-    *idx = saveIdx;
+    if (ret == 0) {
+        *idx = saveIdx;
 
-    *idx += SetLength(mergedSz, &data[*idx]);
+        *idx += SetLength(mergedSz, &data[*idx]);
 
-    if (mergedSz > 0) {
-        /* Copy over concatenated octet strings into data buffer */
-        XMEMCPY(&data[*idx], mergedData, mergedSz);
-
-        XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        if (mergedSz > 0) {
+            /* Copy over concatenated octet strings into data buffer */
+            XMEMCPY(&data[*idx], mergedData, mergedSz);
+        }
     }
 
+    XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+
     return ret;
 }
 #endif
@@ -1700,10 +1695,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
         }
 
         /* free temporary buffer */
-        if (buf != NULL) {
-            XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-            buf = NULL;
-        }
+        XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        buf = NULL;
 
         ci = ci->next;
         WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container");
@@ -1737,10 +1730,8 @@ exit_pk12par:
             XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
             *pkey = NULL;
         }
-        if (buf) {
-            XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-            buf = NULL;
-        }
+        XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        buf = NULL;
 
         wc_FreeCertList(certList, pkcs12->heap);
     }
@@ -1819,9 +1810,9 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
         ret = UnTraditionalEnc(key, keySz, pkcs8Key, &sz, pass, passSz,
                 vPKCS, vAlgo, NULL, 0, itt, rng, heap);
     }
-    if (ret == LENGTH_ONLY_E) {
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         *outSz =  sz + MAX_LENGTH_SZ + 1;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (ret < 0) {
         return ret;
@@ -1836,7 +1827,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
 
     /* rewind index and set tag and length */
     tmpIdx -= MAX_LENGTH_SZ + 1;
-    sz = (word32)SetExplicit(0, (word32)ret, out + tmpIdx);
+    sz = (word32)SetExplicit(0, (word32)ret, out + tmpIdx, 0);
     tmpIdx += sz; totalSz += sz;
     XMEMMOVE(out + tmpIdx, out + MAX_LENGTH_SZ + 1, (size_t)ret);
 
@@ -1876,14 +1867,14 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng,
     /* get max size for shrouded key */
     ret =  wc_PKCS12_shroud_key(pkcs12, rng, NULL, &length, key, keySz,
             algo, pass, passSz, iter);
-    if (ret != LENGTH_ONLY_E && ret < 0) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) && ret < 0) {
         return ret;
     }
 
     if (out == NULL) {
         *outSz = MAX_SEQ_SZ + WC_PKCS12_DATA_OBJ_SZ + 1 + MAX_LENGTH_SZ +
             length;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     heap = wc_PKCS12_GetHeap(pkcs12);
@@ -1960,7 +1951,7 @@ static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12,
         *outSz = (word32)(MAX_SEQ_SZ + WC_CERTBAG_OBJECT_ID + 1 + MAX_LENGTH_SZ +
             MAX_SEQ_SZ + WC_CERTBAG1_OBJECT_ID + 1 + MAX_LENGTH_SZ + 1 +
             MAX_LENGTH_SZ + (int)certSz);
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* check buffer size able to handle max size */
@@ -2085,19 +2076,19 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
         encSz = contentSz;
         if ((ret = EncryptContent(NULL, contentSz, NULL, &encSz,
                    pass, passSz, vPKCS, vAlgo, NULL, 0, iter, rng, heap)) < 0) {
-            if (ret != LENGTH_ONLY_E) {
+            if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
                 return ret;
             }
         }
 
         /* calculate size */
         totalSz  = (word32)SetObjectId(sizeof(WC_PKCS12_ENCRYPTED_OID), seq);
-        totalSz += sizeof(WC_PKCS12_ENCRYPTED_OID);
+        totalSz += (word32)sizeof(WC_PKCS12_ENCRYPTED_OID);
         totalSz += ASN_TAG_SZ;
 
         length  = (word32)SetMyVersion(0, seq, 0);
         tmpSz   = (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), seq);
-        tmpSz  += sizeof(WC_PKCS12_DATA_OID);
+        tmpSz  += (word32)sizeof(WC_PKCS12_DATA_OID);
         tmpSz  += encSz;
         length += SetSequence(tmpSz, seq) + tmpSz;
         outerSz = SetSequence(length, seq) + length;
@@ -2105,7 +2096,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
         totalSz += SetLength(outerSz, seq) + outerSz;
         if (out == NULL) {
             *outSz = totalSz + SetSequence(totalSz, seq);
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
 
         if (*outSz < totalSz + SetSequence(totalSz, seq)) {
@@ -2120,7 +2111,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
         }
         XMEMCPY(out + idx, WC_PKCS12_ENCRYPTED_OID,
                 sizeof(WC_PKCS12_ENCRYPTED_OID));
-        idx += sizeof(WC_PKCS12_ENCRYPTED_OID);
+        idx += (word32)sizeof(WC_PKCS12_ENCRYPTED_OID);
 
         if (idx + 1 > *outSz){
             return BUFFER_E;
@@ -2161,7 +2152,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
             return BUFFER_E;
         }
         XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
-        idx += sizeof(WC_PKCS12_DATA_OID);
+        idx += (word32)sizeof(WC_PKCS12_DATA_OID);
 
         /* copy over encrypted data */
         if (idx + encSz > *outSz){
@@ -2183,7 +2174,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
     if (type == WC_PKCS12_DATA) {
         /* calculate size */
         totalSz = (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), seq);
-        totalSz += sizeof(WC_PKCS12_DATA_OID);
+        totalSz += (word32)sizeof(WC_PKCS12_DATA_OID);
         totalSz += ASN_TAG_SZ;
 
         length   = SetOctetString(contentSz, seq);
@@ -2193,7 +2184,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
 
         if (out == NULL) {
             *outSz = totalSz + SetSequence(totalSz, seq);
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
 
         if (*outSz < (totalSz + SetSequence(totalSz, seq))) {
@@ -2209,7 +2200,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
             return BUFFER_E;
         }
         XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
-        idx += sizeof(WC_PKCS12_DATA_OID);
+        idx += (word32)sizeof(WC_PKCS12_DATA_OID);
 
         if (idx + 1 > *outSz){
             return BUFFER_E;
@@ -2275,7 +2266,7 @@ static byte* PKCS12_create_key_content(WC_PKCS12* pkcs12, int nidKey,
     /* get max size for key bag */
     ret = wc_PKCS12_create_key_bag(pkcs12, rng, NULL, &keyBufSz, key, keySz,
             algo, iter, pass, (int)passSz);
-    if (ret != LENGTH_ONLY_E && ret < 0) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) && ret < 0) {
         WOLFSSL_MSG("Error getting key bag size");
         return NULL;
     }
@@ -2312,7 +2303,7 @@ static byte* PKCS12_create_key_content(WC_PKCS12* pkcs12, int nidKey,
     #endif
     ret = wc_PKCS12_encrypt_content(pkcs12, rng, NULL, keyCiSz,
             NULL, keyBufSz, algo, pass, (int)passSz, iter, WC_PKCS12_DATA);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         XFREE(keyBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
         WOLFSSL_MSG("Error getting key encrypt content size");
         return NULL;
@@ -2397,7 +2388,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert,
 
     /* get max size of buffer needed */
     ret = wc_PKCS12_create_cert_bag(pkcs12, NULL, &certBufSz, cert, certSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         return NULL;
     }
 
@@ -2409,7 +2400,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert,
         while (current != NULL) {
             ret = wc_PKCS12_create_cert_bag(pkcs12, NULL, &curBufSz,
                     current->buffer, current->bufferSz);
-            if (ret != LENGTH_ONLY_E) {
+            if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
                 return NULL;
             }
             certBufSz += curBufSz;
@@ -2461,7 +2452,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert,
     /* get buffer size needed for content info */
     ret = wc_PKCS12_encrypt_content(pkcs12, rng, NULL, certCiSz,
             NULL, certBufSz, algo, pass, (int)passSz, iter, type);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         XFREE(certBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
         WOLFSSL_LEAVE("wc_PKCS12_create()", ret);
         return NULL;
@@ -2517,7 +2508,7 @@ static int PKCS12_create_safe(WC_PKCS12* pkcs12, byte* certCi, word32 certCiSz,
     /* add Content Info structs to safe, key first then cert */
     ret = wc_PKCS12_encrypt_content(pkcs12, rng, NULL, &safeDataSz,
             NULL, innerDataSz, 0, NULL, 0, 0, WC_PKCS12_DATA);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         return ret;
     }
 
@@ -2604,20 +2595,12 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name,
         return NULL;
     }
 
-    if ((pkcs12 = wc_PKCS12_new()) == NULL) {
+    if ((pkcs12 = wc_PKCS12_new_ex(heap)) == NULL) {
         wc_FreeRng(&rng);
         WOLFSSL_LEAVE("wc_PKCS12_create", MEMORY_E);
         return NULL;
     }
 
-    if ((ret = wc_PKCS12_SetHeap(pkcs12, heap)) != 0) {
-        wc_PKCS12_free(pkcs12);
-        wc_FreeRng(&rng);
-        WOLFSSL_LEAVE("wc_PKCS12_create", ret);
-        (void)ret;
-        return NULL;
-    }
-
     if (iter <= 0) {
         iter = WC_PKCS12_ITT_DEFAULT;
     }
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 507d9eeeb..90e0a7738 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1,6 +1,6 @@
 /* pkcs7.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -88,6 +88,10 @@ struct PKCS7State {
     byte* content;
     byte* buffer;   /* main internal read buffer */
 
+    wc_HashAlg  hashAlg;
+    enum wc_HashType hashType;
+    int   cntIdfCnt; /* count of in-definite length in content info */
+
     /* stack variables to store for when returning */
     word32 varOne;
     int    varTwo;
@@ -105,19 +109,26 @@ struct PKCS7State {
     word32 aadSz;    /* size of additional AEAD data */
     word32 tagSz;    /* size of tag for AEAD */
     word32 contentSz;
+    word32 currContIdx;   /* index of current content */
+    word32 currContSz;    /* size of current content */
+    word32 currContRmnSz; /* remaining size of current content */
+    word32 accumContSz;   /* size of accumulated content size */
     byte tmpIv[MAX_CONTENT_IV_SIZE]; /* store IV if needed */
 #ifdef WC_PKCS7_STREAM_DEBUG
     word32 peakUsed; /* most bytes used for struct at any one time */
     word32 peakRead; /* most bytes used by read buffer */
 #endif
-    byte   multi:1;  /* flag for if content is in multiple parts */
-    byte   flagOne:1;
-    byte   detached:1; /* flag to indicate detached signature is present */
+    WC_BITFIELD multi:1;  /* flag for if content is in multiple parts */
+    WC_BITFIELD flagOne:1;
+    WC_BITFIELD detached:1; /* flag to indicate detached signature is present */
+    WC_BITFIELD noContent:1;/* indicates content isn't included in bundle */
+    WC_BITFIELD degenerate:1;
+    WC_BITFIELD indefLen:1; /* flag to indicate indef-length encoding used */
 };
 
 
 /* creates a PKCS7State structure and returns 0 on success */
-static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
+static int wc_PKCS7_CreateStream(wc_PKCS7* pkcs7)
 {
     WOLFSSL_MSG("creating PKCS7 stream structure");
     pkcs7->stream = (PKCS7State*)XMALLOC(sizeof(PKCS7State), pkcs7->heap,
@@ -133,7 +144,7 @@ static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
+static void wc_PKCS7_ResetStream(wc_PKCS7* pkcs7)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
 #ifdef WC_PKCS7_STREAM_DEBUG
@@ -187,11 +198,20 @@ static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
         pkcs7->stream->varOne   = 0;
         pkcs7->stream->varTwo   = 0;
         pkcs7->stream->varThree = 0;
+        pkcs7->stream->noContent    = 0;
+        pkcs7->stream->indefLen     = 0;
+        pkcs7->stream->cntIdfCnt    = 0;
+        pkcs7->stream->currContIdx  = 0;
+        pkcs7->stream->currContSz   = 0;
+        pkcs7->stream->currContRmnSz= 0;
+        pkcs7->stream->accumContSz  = 0;
+        pkcs7->stream->contentSz    = 0;
+        pkcs7->stream->hashType     = WC_HASH_TYPE_NONE;
     }
 }
 
 
-static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
+static void wc_PKCS7_FreeStream(wc_PKCS7* pkcs7)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
         wc_PKCS7_ResetStream(pkcs7);
@@ -200,7 +220,6 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
         XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->stream->content = NULL;
         pkcs7->stream->tmpCert = NULL;
-
         XFREE(pkcs7->stream, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->stream = NULL;
     }
@@ -209,7 +228,7 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
 
 /* used to increase the max size for internal buffer
  * returns 0 on success  */
-static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
+static int wc_PKCS7_GrowStream(wc_PKCS7* pkcs7, word32 newSz)
 {
     byte* pt;
     pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -238,7 +257,7 @@ static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
  * Sets idx to be the current offset into "pt" buffer
  * returns 0 on success
  */
-static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_AddDataToStream(wc_PKCS7* pkcs7, byte* in, word32 inSz,
         word32 expected, byte** pt, word32* idx)
 {
     word32 rdSz = pkcs7->stream->idx;
@@ -265,12 +284,12 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
     if (rdSz >= inSz) {
         /* no more input to read, reset input index and request more data */
         pkcs7->stream->idx = 0;
-        return WC_PKCS7_WANT_READ_E;
+        return WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E);
     }
 
     /* try to store input data into stream buffer */
     if (inSz - rdSz > 0 && pkcs7->stream->length < expected) {
-        int len = min(inSz - rdSz, expected - pkcs7->stream->length);
+        word32 len = min(inSz - rdSz, expected - pkcs7->stream->length);
 
         /* sanity check that the input buffer is not internal buffer */
         if (in == pkcs7->stream->buffer) {
@@ -278,7 +297,9 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
         }
 
         /* check if internal buffer size needs to be increased */
-        if (len + pkcs7->stream->length > pkcs7->stream->bufferSz) {
+        if ((len + pkcs7->stream->length > pkcs7->stream->bufferSz) ||
+            (pkcs7->stream->buffer == NULL))
+        {
             int ret = wc_PKCS7_GrowStream(pkcs7, expected);
             if (ret < 0) {
                 return ret;
@@ -305,7 +326,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
     /* if not enough data was read in then request more */
     if (pkcs7->stream->length < expected) {
         pkcs7->stream->idx = 0;
-        return WC_PKCS7_WANT_READ_E;
+        return WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E);
     }
 
     /* adjust pointer to read from stored buffer */
@@ -316,7 +337,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
 
 
 /* setter function for stored variables */
-static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
+static void wc_PKCS7_StreamStoreVar(wc_PKCS7* pkcs7, word32 var1, int var2,
         int var3)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
@@ -329,7 +350,7 @@ static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
 /* Tries to peek at the SEQ and get the length
  * returns 0 on success
  */
-static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
+static int wc_PKCS7_SetMaxStream(wc_PKCS7* pkcs7, byte* in, word32 defSz)
 {
     /* check there is a buffer to read from */
     if (pkcs7) {
@@ -338,11 +359,11 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
         byte*   pt;
 
         if (pkcs7->stream->length > 0) {
-            length = pkcs7->stream->length;
+            length = (int)pkcs7->stream->length;
             pt     = pkcs7->stream->buffer;
         }
         else {
-            length = defSz;
+            length = (int)defSz;
             pt     = in;
         }
         maxIdx = (word32)length;
@@ -357,16 +378,12 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
             return ret;
         }
 
-    #ifdef ASN_BER_TO_DER
         if (length == 0 && ret == 0) {
             idx = 0;
-            if ((ret = wc_BerToDer(pt, maxIdx, NULL,
-                            (word32*)&length)) != LENGTH_ONLY_E) {
-                return ret;
-            }
+            WOLFSSL_MSG("PKCS7 found indef SEQ with peek");
         }
-    #endif /* ASN_BER_TO_DER */
-        pkcs7->stream->maxLen = length + idx;
+
+        pkcs7->stream->maxLen = (word32)length + idx;
 
         if (pkcs7->stream->maxLen == 0) {
             pkcs7->stream->maxLen = defSz;
@@ -378,7 +395,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
 
 
 /* getter function for stored variables */
-static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
+static void wc_PKCS7_StreamGetVar(wc_PKCS7* pkcs7, word32* var1, int* var2,
         int* var3)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
@@ -391,7 +408,7 @@ static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
 
 /* common update of index and total read after section complete
  * returns 0 on success */
-static int wc_PKCS7_StreamEndCase(PKCS7* pkcs7, word32* tmpIdx, word32* idx)
+static int wc_PKCS7_StreamEndCase(wc_PKCS7* pkcs7, word32* tmpIdx, word32* idx)
 {
     int ret = 0;
 
@@ -468,6 +485,7 @@ static const char* wc_PKCS7_GetStateName(int in)
         case WC_PKCS7_VERIFY_STAGE4: return "WC_PKCS7_VERIFY_STAGE4";
         case WC_PKCS7_VERIFY_STAGE5: return "WC_PKCS7_VERIFY_STAGE5";
         case WC_PKCS7_VERIFY_STAGE6: return "WC_PKCS7_VERIFY_STAGE6";
+        case WC_PKCS7_VERIFY_STAGE7: return "WC_PKCS7_VERIFY_STAGE7";
 
         default:
             return "Unknown state";
@@ -477,14 +495,14 @@ static const char* wc_PKCS7_GetStateName(int in)
 
 /* Used to change the PKCS7 state. Having state change as a function allows
  * for easier debugging */
-static void wc_PKCS7_ChangeState(PKCS7* pkcs7, int newState)
+static void wc_PKCS7_ChangeState(wc_PKCS7* pkcs7, int newState)
 {
 #ifdef WC_PKCS7_STREAM_DEBUG
     printf("\tChanging from state [%02d] %s to [%02d] %s\n",
             pkcs7->state, wc_PKCS7_GetStateName(pkcs7->state),
             newState, wc_PKCS7_GetStateName(newState));
 #endif
-    pkcs7->state = newState;
+    pkcs7->state = (word32)newState;
 }
 
 #define MAX_PKCS7_DIGEST_SZ (MAX_SEQ_SZ + MAX_ALGO_SZ + \
@@ -530,7 +548,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz)
        { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C };
 #endif
 
-    int idSz, idx = 0;
+    word32 idSz, idx = 0;
     word32 typeSz = 0;
     const byte* typeName = 0;
     byte ID_Length[MAX_LENGTH_SZ];
@@ -617,7 +635,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz)
     XMEMCPY(output + idx, typeName, typeSz);
     idx += typeSz;
 
-    return idx;
+    return (int)idx;
 }
 
 
@@ -675,7 +693,7 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
         case AES256CCMb:
         #endif
     #endif
-            blockSz = AES_BLOCK_SIZE;
+            blockSz = WC_AES_BLOCK_SIZE;
             break;
 #endif /* !NO_AES */
 
@@ -762,11 +780,11 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
 }
 
 
-PKCS7* wc_PKCS7_New(void* heap, int devId)
+wc_PKCS7* wc_PKCS7_New(void* heap, int devId)
 {
-    PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7);
+    wc_PKCS7* pkcs7 = (wc_PKCS7*)XMALLOC(sizeof(wc_PKCS7), heap, DYNAMIC_TYPE_PKCS7);
     if (pkcs7) {
-        XMEMSET(pkcs7, 0, sizeof(PKCS7));
+        XMEMSET(pkcs7, 0, sizeof(wc_PKCS7));
         if (wc_PKCS7_Init(pkcs7, heap, devId) == 0) {
             pkcs7->isDynamic = 1;
         }
@@ -787,7 +805,7 @@ PKCS7* wc_PKCS7_New(void* heap, int devId)
  *
  * returns 0 on success or a negative value for failure
  */
-int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
+int wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId)
 {
     word16 isDynamic;
 
@@ -798,8 +816,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
     }
 
     isDynamic = pkcs7->isDynamic;
-    XMEMSET(pkcs7, 0, sizeof(PKCS7));
-    pkcs7->isDynamic = isDynamic;
+    XMEMSET(pkcs7, 0, sizeof(wc_PKCS7));
+    pkcs7->isDynamic = (isDynamic != 0);
 #ifdef WOLFSSL_HEAP_TEST
     pkcs7->heap = (void*)WOLFSSL_HEAP_TEST;
 #else
@@ -810,6 +828,14 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
     return 0;
 }
 
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7, wc_UnknownExtCallback cb)
+{
+    if (pkcs7 != NULL) {
+        pkcs7->unknownExtCallback = cb;
+    }
+}
+#endif
 
 /* Certificate structure holding der pointer, size, and pointer to next
  * Pkcs7Cert struct. Used when creating SignedData types with multiple
@@ -832,7 +858,7 @@ struct Pkcs7EncodedRecip {
 
 
 /* free all members of Pkcs7Cert linked list */
-static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
+static void wc_PKCS7_FreeCertSet(wc_PKCS7* pkcs7)
 {
     Pkcs7Cert* curr = NULL;
     Pkcs7Cert* next = NULL;
@@ -857,9 +883,9 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
 /* Get total size of all recipients in recipient list.
  *
  * Returns total size of recipients, or negative upon error */
-static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
+static int wc_PKCS7_GetRecipientListSize(wc_PKCS7* pkcs7)
 {
-    int totalSz = 0;
+    word32 totalSz = 0;
     Pkcs7EncodedRecip* tmp = NULL;
 
     if (pkcs7 == NULL)
@@ -872,12 +898,12 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
         tmp = tmp->next;
     }
 
-    return totalSz;
+    return (int)totalSz;
 }
 
 
 /* free all members of Pkcs7EncodedRecip linked list */
-static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7)
+static void wc_PKCS7_FreeEncodedRecipientSet(wc_PKCS7* pkcs7)
 {
     Pkcs7EncodedRecip* curr = NULL;
     Pkcs7EncodedRecip* next = NULL;
@@ -902,7 +928,7 @@ static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7)
 /* search through RecipientInfo list for specific type.
  * return 1 if ANY recipient of type specified is present, otherwise
  * return 0 */
-static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type)
+static int wc_PKCS7_RecipientListIncludesType(wc_PKCS7* pkcs7, int type)
 {
     Pkcs7EncodedRecip* tmp = NULL;
 
@@ -924,7 +950,7 @@ static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type)
 
 /* searches through RecipientInfo list, returns 1 if all structure
  * versions are set to 0, otherwise returns 0 */
-static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7)
+static int wc_PKCS7_RecipientListVersionsAllZero(wc_PKCS7* pkcs7)
 {
     Pkcs7EncodedRecip* tmp = NULL;
 
@@ -951,7 +977,7 @@ static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7)
  * keySz  - size of key, octets
  *
  * Returns 0 on success, negative on error */
-static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
+static int wc_PKCS7_CheckPublicKeyDer(wc_PKCS7* pkcs7, int keyOID,
                                       const byte* key, word32 keySz)
 {
     int ret = 0;
@@ -1021,9 +1047,11 @@ static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
 
             /* Try to decode public key and check with wc_ecc_check_key() */
             ret = wc_EccPublicKeyDecode(key, &scratch, ecc, keySz);
+        #if defined(WOLFSSL_VALIDATE_ECC_IMPORT)
             if (ret == 0) {
                 ret = wc_ecc_check_key(ecc);
             }
+        #endif
             wc_ecc_free(ecc);
 
             break;
@@ -1045,13 +1073,16 @@ static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
 
 /* Init PKCS7 struct with recipient cert, decode into DecodedCert
  * NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */
-int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
+int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
 {
     int ret = 0;
     void* heap;
     int devId;
     Pkcs7Cert* cert;
     Pkcs7Cert* lastCert;
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    wc_UnknownExtCallback cb;
+#endif
 
     if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) {
         return BAD_FUNC_ARG;
@@ -1060,9 +1091,16 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
     heap = pkcs7->heap;
     devId = pkcs7->devId;
     cert = pkcs7->certList;
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    cb = pkcs7->unknownExtCallback; /* save / restore callback */
+#endif
     ret = wc_PKCS7_Init(pkcs7, heap, devId);
     if (ret != 0)
         return ret;
+
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    pkcs7->unknownExtCallback = cb;
+#endif
     pkcs7->certList = cert;
 
     if (derCert != NULL && derCertSz > 0) {
@@ -1111,6 +1149,10 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         }
 
         InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap);
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+        if (pkcs7->unknownExtCallback != NULL)
+            wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback);
+#endif
         ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
         if (ret < 0) {
             FreeDecodedCert(dCert);
@@ -1121,7 +1163,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         }
 
         /* verify extracted public key is valid before storing */
-        ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, dCert->keyOID,
+        ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID,
                                          dCert->publicKey, dCert->pubKeySize);
         if (ret != 0) {
             WOLFSSL_MSG("Invalid public key, check pkcs7->cert");
@@ -1147,9 +1189,9 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         pkcs7->publicKeyOID = dCert->keyOID;
         XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
         pkcs7->issuer = dCert->issuerRaw;
-        pkcs7->issuerSz = dCert->issuerRawLen;
-        XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
-        pkcs7->issuerSnSz = dCert->serialSz;
+        pkcs7->issuerSz = (word32)dCert->issuerRawLen;
+        XMEMCPY(pkcs7->issuerSn, dCert->serial, (word32)dCert->serialSz);
+        pkcs7->issuerSnSz = (word32)dCert->serialSz;
         XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
 
         /* default to IssuerAndSerialNumber for SignerIdentifier */
@@ -1182,7 +1224,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
  * This API does not currently validate certificates.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
+int wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
 {
     Pkcs7Cert* cert;
 
@@ -1221,12 +1263,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
     current = attrib;
     while (current != NULL) {
         PKCS7DecodedAttrib* next = current->next;
-        if (current->oid != NULL)  {
-            XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7);
-        }
-        if (current->value != NULL) {
-            XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7);
-        }
+        XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7);
         XFREE(current, heap, DYNAMIC_TYPE_PKCS7);
         current = next;
     }
@@ -1236,12 +1274,10 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
 
 
 /* return 0 on success */
-static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
+static int wc_PKCS7_SignerInfoNew(wc_PKCS7* pkcs7)
 {
-    if (pkcs7->signerInfo != NULL) {
-        XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->signerInfo = NULL;
-    }
+    XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->signerInfo = NULL;
 
     pkcs7->signerInfo = (PKCS7SignerInfo*)XMALLOC(sizeof(PKCS7SignerInfo),
             pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1254,13 +1290,11 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
+static void wc_PKCS7_SignerInfoFree(wc_PKCS7* pkcs7)
 {
     if (pkcs7->signerInfo != NULL) {
-        if (pkcs7->signerInfo->sid != NULL) {
-            XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            pkcs7->signerInfo->sid = NULL;
-        }
+        XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->signerInfo->sid = NULL;
         XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->signerInfo = NULL;
     }
@@ -1270,29 +1304,27 @@ static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
 /* free's any current SID and sets it to "in"
  * returns 0 on success
  */
-static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz)
+static int wc_PKCS7_SignerInfoSetSID(wc_PKCS7* pkcs7, byte* in, int inSz)
 {
     if (pkcs7 == NULL || in == NULL || inSz < 0) {
         return BAD_FUNC_ARG;
     }
 
-    if (pkcs7->signerInfo->sid != NULL) {
-        XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->signerInfo->sid = NULL;
-    }
-    pkcs7->signerInfo->sid = (byte*)XMALLOC(inSz, pkcs7->heap,
+    XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->signerInfo->sid = NULL;
+    pkcs7->signerInfo->sid = (byte*)XMALLOC((word32)inSz, pkcs7->heap,
             DYNAMIC_TYPE_PKCS7);
     if (pkcs7->signerInfo->sid == NULL) {
         return MEMORY_E;
     }
-    XMEMCPY(pkcs7->signerInfo->sid, in, inSz);
-    pkcs7->signerInfo->sidSz = inSz;
+    XMEMCPY(pkcs7->signerInfo->sid, in, (word32)inSz);
+    pkcs7->signerInfo->sidSz = (word32)inSz;
     return 0;
 }
 
 
 /* releases any memory allocated by a PKCS7 initializer */
-void wc_PKCS7_Free(PKCS7* pkcs7)
+void wc_PKCS7_Free(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL)
         return;
@@ -1307,15 +1339,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
     wc_PKCS7_FreeCertSet(pkcs7);
 
 #ifdef ASN_BER_TO_DER
-    if (pkcs7->der != NULL) {
-        XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->der = NULL;
-    }
+    XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->der = NULL;
 #endif
-    if (pkcs7->contentDynamic != NULL) {
-        XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        pkcs7->contentDynamic = NULL;
-    }
+    XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->contentDynamic = NULL;
 
     if (pkcs7->cek != NULL) {
         ForceZero(pkcs7->cek, pkcs7->cekSz);
@@ -1346,6 +1374,12 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
         pkcs7->cachedEncryptedContentSz = 0;
     }
 
+    if (pkcs7->customSKID) {
+        XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->customSKID = NULL;
+        pkcs7->customSKIDSz = 0;
+    }
+
     if (pkcs7->isDynamic) {
         pkcs7->isDynamic = 0;
         XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1355,7 +1389,7 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
 
 /* helper function for parsing through attributes and finding a specific one.
  * returns PKCS7DecodedAttrib pointer on success */
-static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidSz)
+static PKCS7DecodedAttrib* findAttrib(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz)
 {
     PKCS7DecodedAttrib* list;
 
@@ -1410,7 +1444,7 @@ static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidS
  *
  * returns size of value on success
  */
-int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
+int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz,
         byte* out, word32* outSz)
 {
     PKCS7DecodedAttrib* attrib;
@@ -1426,7 +1460,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
 
     if (out == NULL) {
         *outSz = attrib->valueSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*outSz < attrib->valueSz) {
@@ -1434,12 +1468,12 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
     }
 
     XMEMCPY(out, attrib->value, attrib->valueSz);
-    return attrib->valueSz;
+    return (int)attrib->valueSz;
 }
 
 
 /* build PKCS#7 data content type */
-int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     static const byte oid[] =
         { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
@@ -1449,7 +1483,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
     word32 seqSz;
     word32 octetStrSz;
     word32 oidSz = (word32)sizeof(oid);
-    int idx = 0;
+    word32 idx = 0;
 
     if (pkcs7 == NULL || output == NULL) {
         return BAD_FUNC_ARG;
@@ -1470,7 +1504,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
     XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
     idx += pkcs7->contentSz;
 
-    return idx;
+    return (int)idx;
 }
 
 
@@ -1487,6 +1521,7 @@ typedef struct ESD {
     wc_HashAlg  hash;
     enum wc_HashType hashType;
     byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
+    WC_BITFIELD contentDigestSet:1;
     byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
     byte encContentDigest[MAX_ENCRYPTED_KEY_SZ];
 
@@ -1533,12 +1568,12 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
                                             PKCS7Attrib* attribs, int attribsSz)
 {
     int i;
-    int maxSz = min(eaSz, attribsSz);
+    int maxSz = (int)min((word32)eaSz, (word32)attribsSz);
     int allAttribsSz = 0;
 
     for (i = 0; i < maxSz; i++)
     {
-        int attribSz = 0;
+        word32 attribSz = 0;
 
         ea[i].value = attribs[i].value;
         ea[i].valueSz = attribs[i].valueSz;
@@ -1552,7 +1587,7 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
         attribSz += ea[i].valueSeqSz;
         ea[i].totalSz = attribSz;
 
-        allAttribsSz += attribSz;
+        allAttribsSz += (int)attribSz;
     }
     return allAttribsSz;
 }
@@ -1578,7 +1613,7 @@ static FlatAttrib* NewAttrib(void* heap)
 }
 
 /* Free FlatAttrib array and memory allocated to internal struct members */
-static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows)
+static void FreeAttribArray(wc_PKCS7* pkcs7, FlatAttrib** arr, int rows)
 {
     int i;
 
@@ -1593,7 +1628,7 @@ static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows)
                 XFREE(arr[i], pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
             }
         }
-        ForceZero(arr, rows);
+        ForceZero(arr, (word32)rows);
         XFREE(arr, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     (void)pkcs7;
@@ -1616,12 +1651,12 @@ static int SortAttribArray(FlatAttrib** arr, int rows)
     for (i = 0; i < rows; i++) {
         a = arr[i];
         minSz = a->dataSz;
-        minIdx = i;
+        minIdx = (word32)i;
         for (j = i+1; j < rows; j++) {
             b = arr[j];
             if (b->dataSz < minSz) {
                 minSz = b->dataSz;
-                minIdx = j;
+                minIdx = (word32)j;
             }
         }
         if (minSz < a->dataSz) {
@@ -1638,10 +1673,11 @@ static int SortAttribArray(FlatAttrib** arr, int rows)
 
 /* Build up array of FlatAttrib structs from EncodedAttrib ones. FlatAttrib
  * holds flattened DER encoding of each attribute */
-static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
+static int FlattenEncodedAttribs(wc_PKCS7* pkcs7, FlatAttrib** derArr, int rows,
                                  EncodedAttrib* ea, int eaSz)
 {
-    int i, idx, sz;
+    int i;
+    word32 idx, sz;
     byte* output   = NULL;
     FlatAttrib* fa = NULL;
 
@@ -1682,10 +1718,11 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
 
 
 /* Sort and Flatten EncodedAttrib attributes into output buffer */
-static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
+static int FlattenAttributes(wc_PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
                              int eaSz)
 {
-    int i, idx, ret;
+    int i, ret;
+    word32 idx;
     FlatAttrib** derArr = NULL;
     FlatAttrib*  fa     = NULL;
 
@@ -1694,12 +1731,12 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
     }
 
     /* create array of FlatAttrib struct pointers to hold DER attribs */
-    derArr = (FlatAttrib**) XMALLOC(eaSz * sizeof(FlatAttrib*), pkcs7->heap,
-                                    DYNAMIC_TYPE_TMP_BUFFER);
+    derArr = (FlatAttrib**) XMALLOC((unsigned long)eaSz * sizeof(FlatAttrib*),
+        pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (derArr == NULL) {
         return MEMORY_E;
     }
-    XMEMSET(derArr, 0, eaSz * sizeof(FlatAttrib*));
+    XMEMSET(derArr, 0, (unsigned long)eaSz * sizeof(FlatAttrib*));
 
     for (i = 0; i < eaSz; i++) {
         derArr[i] = NewAttrib(pkcs7->heap);
@@ -1740,27 +1777,10 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
 
 #ifndef NO_RSA
 
-/* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_ImportRSA(wc_PKCS7* pkcs7, RsaKey* privKey)
 {
     int ret;
     word32 idx;
-#ifdef WOLFSSL_SMALL_STACK
-    RsaKey* privKey;
-#else
-    RsaKey  privKey[1];
-#endif
-
-    if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    if (privKey == NULL)
-        return MEMORY_E;
-#endif
 
     ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId);
     if (ret == 0) {
@@ -1781,7 +1801,8 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         #endif
             }
         #ifdef WOLF_CRYPTO_CB
-            else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) {
+            else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) &&
+                     pkcs7->devId != INVALID_DEVID) {
                 /* if using crypto callbacks, try public key decode */
                 idx = 0;
                 ret = wc_RsaPublicKeyDecode(pkcs7->privateKey, &idx, privKey,
@@ -1794,6 +1815,32 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         }
     }
 
+    return ret;
+}
+
+
+/* returns size of signature put into out, negative on error */
+static int wc_PKCS7_RsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+{
+    int ret;
+#ifdef WOLFSSL_SMALL_STACK
+    RsaKey* privKey;
+#else
+    RsaKey  privKey[1];
+#endif
+
+    if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (privKey == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_PKCS7_ImportRSA(pkcs7, privKey);
     if (ret == 0) {
     #ifdef WOLFSSL_ASYNC_CRYPT
         do {
@@ -1807,7 +1854,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
                                      privKey, pkcs7->rng);
             }
     #ifdef WOLFSSL_ASYNC_CRYPT
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
 
@@ -1824,11 +1871,49 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 
 #ifdef HAVE_ECC
 
-/* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_ImportECC(wc_PKCS7* pkcs7, ecc_key* privKey)
 {
     int ret;
-    word32 outSz, idx;
+    word32 idx;
+
+    ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId);
+    if (ret == 0) {
+        if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
+            idx = 0;
+            ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
+                                         pkcs7->privateKeySz);
+            /* verify imported private key is a valid key before using it */
+            if (ret == 0) {
+                ret = wc_ecc_check_key(privKey);
+                if (ret != 0) {
+                    WOLFSSL_MSG("Invalid ECC private key, check "
+                                "pkcs7->privateKey");
+                }
+            }
+        #ifdef WOLF_CRYPTO_CB
+            else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) &&
+                     pkcs7->devId != INVALID_DEVID) {
+                /* if using crypto callbacks, try public key decode */
+                idx = 0;
+                ret = wc_EccPublicKeyDecode(pkcs7->privateKey, &idx, privKey,
+                                            pkcs7->privateKeySz);
+            }
+        #endif
+        }
+        else if (pkcs7->devId == INVALID_DEVID) {
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    return ret;
+}
+
+
+/* returns size of signature put into out, negative on error */
+static int wc_PKCS7_EcdsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+{
+    int ret;
+    word32 outSz;
 #ifdef WOLFSSL_SMALL_STACK
     ecc_key* privKey;
 #else
@@ -1846,34 +1931,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         return MEMORY_E;
 #endif
 
-    ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId);
-    if (ret == 0) {
-        if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) {
-            idx = 0;
-            ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey,
-                                         pkcs7->privateKeySz);
-            /* verify imported private key is a valid key before using it */
-            if (ret == 0) {
-                ret = wc_ecc_check_key(privKey);
-                if (ret != 0) {
-                    WOLFSSL_MSG("Invalid ECC private key, check "
-                                "pkcs7->privateKey");
-                }
-            }
-        #ifdef WOLF_CRYPTO_CB
-            else if (ret == ASN_PARSE_E && pkcs7->devId != INVALID_DEVID) {
-                /* if using crypto callbacks, try public key decode */
-                idx = 0;
-                ret = wc_EccPublicKeyDecode(pkcs7->privateKey, &idx, privKey,
-                                            pkcs7->privateKeySz);
-            }
-        #endif
-        }
-        else if (pkcs7->devId == INVALID_DEVID) {
-            ret = BAD_FUNC_ARG;
-        }
-    }
-
+    ret = wc_PKCS7_ImportECC(pkcs7, privKey);
     if (ret == 0) {
         outSz = sizeof(esd->encContentDigest);
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -1887,7 +1945,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
                                        &outSz, pkcs7->rng, privKey);
             }
     #ifdef WOLFSSL_ASYNC_CRYPT
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         if (ret == 0)
             ret = (int)outSz;
@@ -1903,6 +1961,67 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 
 #endif /* HAVE_ECC */
 
+/* returns encContentDigestSz based on the signature set to be used */
+static int wc_PKCS7_GetSignSize(wc_PKCS7* pkcs7)
+{
+    int ret = 0;
+
+    switch (pkcs7->publicKeyOID) {
+
+    #ifndef NO_RSA
+        case RSAk:
+        {
+        #ifndef WOLFSSL_SMALL_STACK
+            RsaKey  privKey[1];
+        #else
+            RsaKey* privKey;
+            privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (privKey == NULL)
+                return MEMORY_E;
+        #endif
+
+            ret = wc_PKCS7_ImportRSA(pkcs7, privKey);
+            if (ret == 0) {
+                ret = wc_RsaEncryptSize(privKey);
+            }
+            wc_FreeRsaKey(privKey);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+        break;
+    #endif
+
+    #ifdef HAVE_ECC
+        case ECDSAk:
+        {
+        #ifndef WOLFSSL_SMALL_STACK
+            ecc_key  privKey[1];
+        #else
+            ecc_key* privKey;
+            privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (privKey == NULL)
+                return MEMORY_E;
+        #endif
+
+            ret = wc_PKCS7_ImportECC(pkcs7, privKey);
+            if (ret == 0) {
+                ret = wc_ecc_sig_size(privKey);
+            }
+            wc_ecc_free(privKey);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+        break;
+    #endif
+    }
+
+    return ret;
+}
+
 
 /* builds up SignedData signed attributes, including default ones.
  *
@@ -1910,7 +2029,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
  * esd   - pointer to initialized ESD structure, used for output
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
+static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
                     const byte* contentType, word32 contentTypeSz,
                     const byte* contentTypeOid, word32 contentTypeOidSz,
                     const byte* messageDigestOid, word32 messageDigestOidSz,
@@ -1952,6 +2071,8 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
 
         cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
 
+        XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx]));
+
         if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) ||
             pkcs7->defaultSignedAttribs == 0) {
             cannedAttribs[idx].oid     = contentTypeOid;
@@ -1967,7 +2088,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
             cannedAttribs[idx].oid     = signingTimeOid;
             cannedAttribs[idx].oidSz   = signingTimeOidSz;
             cannedAttribs[idx].value   = signingTime;
-            cannedAttribs[idx].valueSz = timeSz;
+            cannedAttribs[idx].valueSz = (word32)timeSz;
             idx++;
         }
     #endif
@@ -1977,13 +2098,14 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
             cannedAttribs[idx].oid     = messageDigestOid;
             cannedAttribs[idx].oidSz   = messageDigestOidSz;
             cannedAttribs[idx].value   = esd->contentDigest;
-            cannedAttribs[idx].valueSz = hashSz + 2;  /* ASN.1 heading */
+            cannedAttribs[idx].valueSz = (word32)hashSz + 2;  /* ASN.1 heading */
             idx++;
         }
 
         esd->signedAttribsCount += cannedAttribsCount;
-        esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx],
-            idx, cannedAttribs, cannedAttribsCount);
+        esd->signedAttribsSz += (word32)EncodeAttributes(
+            &esd->signedAttribs[atrIdx], (int)idx, cannedAttribs,
+            (int)cannedAttribsCount);
         atrIdx += idx;
     } else {
         esd->signedAttribsCount = 0;
@@ -1993,9 +2115,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
     /* add custom signed attributes if set */
     if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) {
         esd->signedAttribsCount += pkcs7->signedAttribsSz;
-        esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx],
-                                  esd->signedAttribsCount,
-                                  pkcs7->signedAttribs, pkcs7->signedAttribsSz);
+        esd->signedAttribsSz += (word32)EncodeAttributes(
+            &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount,
+            pkcs7->signedAttribs, (int)pkcs7->signedAttribsSz);
     }
 
 #ifdef NO_ASN_TIME
@@ -2016,7 +2138,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
  * digEncAlgoType - [OUT] output for algo ID type
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
+static int wc_PKCS7_SignedDataGetEncAlgoId(wc_PKCS7* pkcs7, int* digEncAlgoId,
                                            int* digEncAlgoType)
 {
     int algoId   = 0;
@@ -2159,16 +2281,16 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
  * digestInfoSz - [IN/OUT] - input size of array, size of digestInfo
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
+static int wc_PKCS7_BuildDigestInfo(wc_PKCS7* pkcs7, byte* flatSignedAttribs,
                                     word32 flatSignedAttribsSz, ESD* esd,
                                     byte* digestInfo, word32* digestInfoSz)
 {
-    int ret, hashSz, digIdx = 0;
+    int ret, digIdx = 0;
     byte digestInfoSeq[MAX_SEQ_SZ];
     byte digestStr[MAX_OCTET_STR_SZ];
     byte attribSet[MAX_SET_SZ];
     byte algoId[MAX_ALGO_SZ];
-    word32 digestInfoSeqSz, digestStrSz, algoIdSz;
+    word32 digestInfoSeqSz, digestStrSz, algoIdSz, dgstInfoSz, hashSz;
     word32 attribSetSz;
 
     if (pkcs7 == NULL || esd == NULL || digestInfo == NULL ||
@@ -2176,9 +2298,10 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
         return BAD_FUNC_ARG;
     }
 
-    hashSz = wc_HashGetDigestSize(esd->hashType);
-    if (hashSz < 0)
-        return hashSz;
+    ret = wc_HashGetDigestSize(esd->hashType);
+    if (ret < 0)
+        return ret;
+    hashSz = (word32)ret;
 
     if (flatSignedAttribsSz != 0) {
 
@@ -2209,27 +2332,28 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
         XMEMCPY(esd->contentAttribsDigest, esd->contentDigest + 2, hashSz);
     }
 
-    /* set algoID, with NULL attributes */
-    algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0);
+    /* Set algoID, allow absent hash params */
+    algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType,
+                           0, pkcs7->hashParamsAbsent);
 
     digestStrSz = SetOctetString(hashSz, digestStr);
-    digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
-                                  digestInfoSeq);
+    dgstInfoSz = algoIdSz + digestStrSz + hashSz;
+    digestInfoSeqSz = SetSequence(dgstInfoSz, digestInfoSeq);
 
-    if (*digestInfoSz < (digestInfoSeqSz + algoIdSz + digestStrSz + hashSz)) {
+    if (*digestInfoSz < (digestInfoSeqSz + dgstInfoSz)) {
         return BUFFER_E;
     }
 
     XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
-    digIdx += digestInfoSeqSz;
+    digIdx += (int)digestInfoSeqSz;
     XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
-    digIdx += algoIdSz;
+    digIdx += (int)algoIdSz;
     XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
-    digIdx += digestStrSz;
+    digIdx += (int)digestStrSz;
     XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz);
-    digIdx += hashSz;
+    digIdx += (int)hashSz;
 
-    *digestInfoSz = digIdx;
+    *digestInfoSz = (word32)digIdx;
 
     return 0;
 }
@@ -2243,7 +2367,7 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
  * esd - pointer to initialized ESD struct
  *
  * returns length of signature on success, negative on error */
-static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
+static int wc_PKCS7_SignedDataBuildSignature(wc_PKCS7* pkcs7,
                                              byte* flatSignedAttribs,
                                              word32 flatSignedAttribsSz,
                                              ESD* esd)
@@ -2325,7 +2449,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
             /* CMS with ECDSA does not sign DigestInfo structure
              * like PKCS#7 with RSA does */
             ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest,
-                                     hashSz, esd);
+                                     (word32)hashSz, esd);
             break;
 #endif
 
@@ -2345,10 +2469,287 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
     return ret;
 }
 
+#ifndef BER_OCTET_LENGTH
+    #define BER_OCTET_LENGTH 4096
+#endif
+
+/**
+ * This helper function encodes a chunk of content stream and writes it out.
+ *
+ * @param pkcs7 Pointer to a PKCS7 structure.
+ * @param cipherType The type of cipher to use for encryption.
+ * @param aes Optional pointer to an Aes structure for AES encryption.
+ * @param encContentOut Buffer to hold the encrypted content.
+ * @param contentData Buffer holding the content to be encrypted.
+ * @param contentDataSz Size of the content to be encrypted.
+ * @param out Buffer to hold the output data.
+ * @param outIdx Pointer to an index into the output buffer.
+ * @param esd Pointer to an ESD structure for digest calculation.
+ * @return Returns 0 on success, and a negative value on failure.
+ */
+static int wc_PKCS7_EncodeContentStreamHelper(wc_PKCS7* pkcs7, int cipherType,
+    Aes* aes, byte* encContentOut, byte* contentData, int contentDataSz,
+    byte* out, word32* outIdx, ESD* esd)
+{
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+    byte   encContentOutOct[MAX_OCTET_STR_SZ];
+    word32 encContentOutOctSz = 0;
+
+    switch (cipherType) {
+        case WC_CIPHER_NONE:
+            XMEMCPY(encContentOut, contentData, (word32)contentDataSz);
+            if (esd && esd->contentDigestSet != 1) {
+                ret = wc_HashUpdate(&esd->hash, esd->hashType,
+                    contentData, (word32)contentDataSz);
+            }
+            break;
+
+    #ifndef NO_AES
+        case WC_CIPHER_AES_CBC:
+            ret = wc_AesCbcEncrypt(aes, encContentOut,
+                contentData, (word32)contentDataSz);
+            break;
+    #endif
+
+    #ifdef WOLFSSL_AESGCM_STREAM
+        case WC_CIPHER_AES_GCM:
+            ret = wc_AesGcmEncryptUpdate(aes, encContentOut,
+                    contentData, (word32)contentDataSz, NULL, 0);
+            break;
+    #endif
+    }
+
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        /* async encrypt not available here, so block till done */
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) &&
+            cipherType != WC_CIPHER_NONE) {
+            ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
+        }
+    #endif
+
+    if (ret == 0) {
+        encContentOutOctSz = SetOctetString((word32)contentDataSz, encContentOutOct);
+        wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx: NULL,
+                          encContentOutOct, encContentOutOctSz);
+        *outIdx += encContentOutOctSz;
+        wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL,
+                                            encContentOut, (word32)contentDataSz);
+        *outIdx += (word32)contentDataSz;
+    }
+
+    return ret;
+}
+
+
+/* Used for encoding the content, potentially one octet chunk at a time if
+ * in streaming mode with IO callbacks set.
+ * Can handle the cipher types:
+ *      - WC_CIPHER_NONE, used for encoding signed bundle where no encryption is
+ *                        done.
+ *      - WC_CIPHER_AES_CBC
+ *      - WC_CIPHER_AES_GCM, requires WOLFSSL_AESGCM_STREAM for streaming
+ *                           encryption
+ * If ESD is passed in then hash of the conentet is collected as processed.
+ *
+ * Returns 0 on success */
+#ifndef NO_AES
+static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, Aes* aes,
+    byte* in, int inSz, byte* out, int cipherType)
+#else
+static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
+    byte* in, int inSz, byte* out, int cipherType)
+#endif
+{
+    int ret = 0;
+    int devId  = pkcs7->devId;
+    void* heap = pkcs7->heap;
+
+    if (pkcs7->encodeStream) {
+        int    sz;
+        word32 totalSz = 0;
+        byte*  buf;
+        byte*  encContentOut;
+        byte*  contentData;
+        word32 idx = 0, outIdx = 0;
+        word32 padSz = 0;
+
+        if (cipherType != WC_CIPHER_NONE) {
+            padSz = (word32)wc_PKCS7_GetPadSize(pkcs7->contentSz,
+                   (word32)wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID));
+        }
+
+        if (cipherType == WC_CIPHER_NONE && esd && esd->contentDigestSet != 1) {
+            /* calculate hash for content */
+            ret = wc_HashInit(&esd->hash, esd->hashType);
+            if (ret != 0) {
+                return ret;
+            }
+        }
+
+        encContentOut = (byte *)XMALLOC(BER_OCTET_LENGTH + MAX_OCTET_STR_SZ,
+                heap, DYNAMIC_TYPE_PKCS7);
+        contentData = (byte *)XMALLOC(BER_OCTET_LENGTH + padSz,
+                heap, DYNAMIC_TYPE_PKCS7);
+
+        if (encContentOut == NULL || contentData == NULL) {
+            XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+            WOLFSSL_MSG("Memory allocation failed for content data");
+            return MEMORY_E;
+        }
+
+        /* keep pulling from content until empty */
+        do {
+            int contentDataRead = 0;
+
+        #ifdef ASN_BER_TO_DER
+            if (pkcs7->getContentCb) {
+                contentDataRead = pkcs7->getContentCb(pkcs7,
+                                                      &buf, pkcs7->streamCtx);
+
+                if (buf == NULL) {
+                    WOLFSSL_MSG("Get content callback returned null "
+                        "buffer pointer");
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    return BAD_FUNC_ARG;
+                }
+            }
+            else
+        #endif
+            {
+                int szLeft = BER_OCTET_LENGTH;
+
+                if (in == NULL) {
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    return BAD_FUNC_ARG;
+                }
+
+                if ((word32)szLeft + totalSz > (word32)inSz)
+                    szLeft = inSz - (int)totalSz;
+
+                contentDataRead = szLeft;
+                buf = in + totalSz;
+            }
+
+            if (contentDataRead <= 0) {
+                /* no more data returned from callback */
+                break;
+            }
+            totalSz += (word32)contentDataRead;
+
+            /* check and handle octet boundary */
+            sz = contentDataRead;
+            if ((int)idx + sz > BER_OCTET_LENGTH) {
+                sz = BER_OCTET_LENGTH - (int)idx;
+                contentDataRead -= sz;
+
+                XMEMCPY(contentData + idx, buf, (word32)sz);
+                ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
+                    aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
+                    &outIdx, esd);
+                if (ret != 0) {
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    return ret;
+                }
+
+                /* copy over any remaining data */
+                XMEMCPY(contentData, buf + sz, (word32)contentDataRead);
+                idx = (word32)contentDataRead;
+            }
+            else {
+                /* was not on an octet boundary, copy full
+                 * amount over */
+                XMEMCPY(contentData + idx, buf, (word32)sz);
+                idx += (word32)sz;
+            }
+        } while (totalSz < pkcs7->contentSz);
+
+        /* add in padding to the end */
+        if ((cipherType != WC_CIPHER_NONE) && (totalSz == pkcs7->contentSz)) {
+            word32 i;
+
+            if (BER_OCTET_LENGTH < idx) {
+                XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                return BAD_FUNC_ARG;
+            }
+
+            for (i = 0; i < padSz; i++) {
+                contentData[idx + i] = (byte)padSz;
+            }
+            idx += (word32)padSz;
+        }
+
+        /* encrypt and flush out remainder of content data */
+        ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, aes,
+                    encContentOut, contentData, (int)idx, out, &outIdx, esd);
+        if (ret == 0) {
+            if (cipherType == WC_CIPHER_NONE && esd &&
+                    esd->contentDigestSet != 1) {
+                ret = wc_HashFinal(&esd->hash, esd->hashType,
+                    esd->contentDigest + 2);
+                wc_HashFree(&esd->hash, esd->hashType);
+            }
+        }
+
+        XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+    }
+    else {
+        if (in == NULL || out == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        switch (cipherType) {
+            case WC_CIPHER_NONE:
+                if (!pkcs7->detached) {
+                    XMEMCPY(out, in, (word32)inSz);
+                }
+                if (esd && esd->contentDigestSet != 1) {
+                    ret = wc_HashInit(&esd->hash, esd->hashType);
+                    if (ret == 0)
+                        ret = wc_HashUpdate(&esd->hash, esd->hashType, in,
+                                            (word32)inSz);
+                    if (ret == 0)
+                        ret = wc_HashFinal(&esd->hash, esd->hashType,
+                                           esd->contentDigest + 2);
+                    wc_HashFree(&esd->hash, esd->hashType);
+                }
+                break;
+
+        #ifndef NO_AES
+            case WC_CIPHER_AES_CBC:
+                ret = wc_AesCbcEncrypt(aes, out, in, (word32)inSz);
+                break;
+        #endif
+
+        #ifdef WOLFSSL_AESGCM_STREAM
+            case WC_CIPHER_AES_GCM:
+                ret = wc_AesGcmEncryptUpdate(aes, out, in, (word32)inSz, NULL, 0);
+                break;
+        #endif
+        }
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        /* async encrypt not available here, so block till done */
+        if (cipherType != WC_CIPHER_NONE) {
+            ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
+        }
+    #endif
+    }
+
+    (void)devId;
+    (void)heap;
+
+    return ret;
+}
+
 
 /* build PKCS#7 signedData content type */
 /* To get the output size then set output = 0 and *outputSz = 0 */
-static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
+static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7,
     const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
     byte* output2, word32* output2Sz)
 {
@@ -2378,6 +2779,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
     byte* flatSignedAttribs = NULL;
     word32 flatSignedAttribsSz = 0;
 
+#ifdef WOLFSSL_SMALL_STACK
+    ESD* esd = NULL;
+#else
+    ESD  esd[1];
+#endif
+#ifdef ASN_BER_TO_DER
+    word32 streamSz = 0;
+#endif
 #ifdef WOLFSSL_SMALL_STACK
     byte *signedDataOid = NULL;
 #else
@@ -2388,8 +2797,21 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
     byte signingTime[MAX_TIME_STRING_SZ];
 
     if (pkcs7 == NULL || pkcs7->hashOID == 0 ||
-        outputSz == NULL || hashSz == 0 ||
-        hashBuf == NULL) {
+        outputSz == NULL) {
+        WOLFSSL_MSG("PKCS7 struct / outputSz null, or hashOID is 0");
+        return BAD_FUNC_ARG;
+    }
+
+    if (hashSz == 0 && hashBuf != NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* signature size varies with ECDSA, with a varying sign size the content
+     * hash must be known in order to create the surrounding ASN1 syntax
+     * properly before writing out the content and generating the hash on the
+     * fly and then creating the signature */
+    if (hashBuf == NULL && pkcs7->publicKeyOID == ECDSAk) {
+        WOLFSSL_MSG("Pre-calculated content hash is needed in this case");
         return BAD_FUNC_ARG;
     }
 
@@ -2400,6 +2822,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
     keyIdSize = KEYID_SIZE;
 #endif
 
+    /* use custom SKID if set */
+    if (pkcs7->customSKIDSz > 0) {
+        if (pkcs7->customSKID == NULL) {
+            WOLFSSL_MSG("Bad custom SKID setup, size > 0 and was NULL");
+            return BAD_FUNC_ARG;
+        }
+        keyIdSize = pkcs7->customSKIDSz;
+    }
+
 #ifdef WOLFSSL_SMALL_STACK
     signedDataOid = (byte *)XMALLOC(MAX_OID_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (signedDataOid == NULL) {
@@ -2431,7 +2862,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
             idx = ret;
             goto out;
         }
-        pkcs7->contentTypeSz = ret;
+        pkcs7->contentTypeSz = (word32)ret;
     }
 
     /* set signedData outer content type */
@@ -2440,20 +2871,28 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         idx = ret;
         goto out;
     }
-    signedDataOidSz = ret;
+    signedDataOidSz = (word32)ret;
 
     if (pkcs7->sidType != DEGENERATE_SID) {
         esd->hashType = wc_OidGetHash(pkcs7->hashOID);
-        if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
+        if (hashBuf != NULL &&
+                wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
             WOLFSSL_MSG("hashSz did not match hashOID");
             idx = BUFFER_E;
             goto out;
         }
 
-        /* include hash */
+        /* include hash if provided, otherwise create hash when processing
+         * content data */
         esd->contentDigest[0] = ASN_OCTET_STRING;
-        esd->contentDigest[1] = (byte)hashSz;
-        XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
+        if (hashBuf != NULL) {
+            esd->contentDigestSet = 1;
+            esd->contentDigest[1] = (byte)hashSz;
+            XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
+        }
+        else {
+            esd->contentDigest[1] = (byte)wc_HashGetDigestSize(esd->hashType);
+        }
     }
 
     if (pkcs7->detached == 1) {
@@ -2462,20 +2901,29 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         esd->innerContSeqSz = 0;
         esd->contentInfoSeqSz = SetSequence(pkcs7->contentTypeSz,
                                             esd->contentInfoSeq);
-    } else {
-        esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets);
+    }
+    else {
+        esd->innerOctetsSz = SetOctetStringEx(pkcs7->contentSz, esd->innerOctets,
+                                    pkcs7->encodeStream);
         esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz +
-                                    pkcs7->contentSz, esd->innerContSeq);
-        esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz +
+                                    pkcs7->contentSz, esd->innerContSeq,
+                                    pkcs7->encodeStream);
+        esd->contentInfoSeqSz = SetSequenceEx(pkcs7->contentSz +
                                     esd->innerOctetsSz + pkcs7->contentTypeSz +
-                                    esd->innerContSeqSz, esd->contentInfoSeq);
+                                    esd->innerContSeqSz, esd->contentInfoSeq,
+                                    pkcs7->encodeStream);
     }
 
     /* SignerIdentifier */
     if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
         /* IssuerAndSerialNumber */
-        esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
+        ret = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
                                           esd->issuerSn, MAX_SN_SZ, MAX_SN_SZ);
+        if (ret < 0) {
+            idx = ret;
+            goto out;
+        }
+        esd->issuerSnSz = (word32)ret;
         signerInfoSz += esd->issuerSnSz;
         esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
         signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
@@ -2484,22 +2932,24 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
         if (pkcs7->version == 3) {
             /* RFC 4108 version MUST be 3 for firmware package signer */
-            esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0);
+            esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0);
         }
         else {
             /* version MUST be 1 otherwise*/
-            esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0);
+            esd->signerVersionSz = (word32)SetMyVersion(1, esd->signerVersion, 0);
         }
 
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
-        esd->issuerSKIDSz = SetOctetString(keyIdSize, esd->issuerSKID);
-        esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize,
-                                           esd->issuerSKIDSeq);
-        signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize);
+        esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID);
+        esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz +
+                                           (word32)keyIdSize,
+                                           esd->issuerSKIDSeq, 0);
+        signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz +
+                         (word32)keyIdSize);
 
         /* version MUST be 3 */
-        esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0);
+        esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0);
     } else if (pkcs7->sidType == DEGENERATE_SID) {
         /* no signer info added */
     } else {
@@ -2509,8 +2959,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
     if (pkcs7->sidType != DEGENERATE_SID) {
         signerInfoSz += esd->signerVersionSz;
-        esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
-                                          oidHashType, 0);
+        esd->signerDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->signerDigAlgoId,
+                                          oidHashType, 0, pkcs7->hashParamsAbsent);
         signerInfoSz += esd->signerDigAlgoIdSz;
 
         /* set signatureAlgorithm */
@@ -2520,8 +2970,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
             idx = ret;
             goto out;
         }
-        esd->digEncAlgoIdSz = SetAlgoID(digEncAlgoId, esd->digEncAlgoId,
-                                        digEncAlgoType, 0);
+        esd->digEncAlgoIdSz = SetAlgoIDEx(digEncAlgoId, esd->digEncAlgoId,
+                                        digEncAlgoType, 0, pkcs7->hashParamsAbsent);
         signerInfoSz += esd->digEncAlgoIdSz;
 
         /* build up signed attributes, include contentType, signingTime, and
@@ -2547,17 +2997,22 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
             flatSignedAttribsSz = esd->signedAttribsSz;
 
-            FlattenAttributes(pkcs7, flatSignedAttribs,
-                                       esd->signedAttribs, esd->signedAttribsCount);
+            FlattenAttributes(pkcs7, flatSignedAttribs, esd->signedAttribs,
+                                                  (int)esd->signedAttribsCount);
             esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
-                                                              esd->signedAttribSet);
+                                                              esd->signedAttribSet, 0);
         } else {
             esd->signedAttribSetSz = 0;
         }
 
-        /* Calculate the final hash and encrypt it. */
-        ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
-                                                flatSignedAttribsSz, esd);
+        if (pkcs7->publicKeyOID != ECDSAk && hashBuf == NULL) {
+            ret = wc_PKCS7_GetSignSize(pkcs7);
+            esd->encContentDigestSz = (word32)ret;
+        }
+        else {
+            ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
+                                            flatSignedAttribsSz, esd);
+        }
         if (ret < 0) {
             idx = ret;
             goto out;
@@ -2577,45 +3032,76 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
 
     /* certificates [0] IMPLICIT CertificateSet */
     /* get total certificates size */
-    certPtr = pkcs7->certList;
-    while (certPtr != NULL) {
-        certSetSz += certPtr->derSz;
-        certPtr = certPtr->next;
+    if (pkcs7->noCerts != 1) {
+        certPtr = pkcs7->certList;
+        while (certPtr != NULL) {
+            certSetSz += certPtr->derSz;
+            certPtr = certPtr->next;
+        }
     }
     certPtr = NULL;
 
     if (certSetSz > 0)
-        esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet);
+        esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet, 0);
 
     if (pkcs7->sidType != DEGENERATE_SID) {
-        esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
-                                      oidHashType, 0);
+        esd->singleDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->singleDigAlgoId,
+                                      oidHashType, 0, pkcs7->hashParamsAbsent);
     }
     esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
 
     if (pkcs7->version == 3) {
         /* RFC 4108 version MUST be 3 for firmware package signer */
-        esd->versionSz = SetMyVersion(3, esd->version, 0);
+        esd->versionSz = (word32)SetMyVersion(3, esd->version, 0);
     }
     else {
-        esd->versionSz = SetMyVersion(1, esd->version, 0);
+        esd->versionSz = (word32)SetMyVersion(1, esd->version, 0);
     }
 
     totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz +
               esd->contentInfoSeqSz + pkcs7->contentTypeSz +
-              esd->innerContSeqSz + esd->innerOctetsSz + pkcs7->contentSz;
+              esd->innerContSeqSz + esd->innerOctetsSz;
+
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        word32 tmpIdx = 0;
+        totalSz += (3 * ASN_INDEF_END_SZ) ; /* 00's for BER with inner content */
+
+        StreamOctetString(pkcs7->content, pkcs7->contentSz, NULL, &streamSz,
+            &tmpIdx);
+        totalSz += streamSz + (3 * ASN_INDEF_END_SZ);
+    }
+    else
+#endif
+    {
+        totalSz += pkcs7->contentSz;
+    }
     total2Sz = esd->certsSetSz + certSetSz + signerInfoSz;
 
     if (pkcs7->detached) {
         totalSz -= pkcs7->contentSz;
     }
 
-    esd->innerSeqSz = SetSequence(totalSz + total2Sz, esd->innerSeq);
+    esd->innerSeqSz = SetSequenceEx(totalSz + total2Sz, esd->innerSeq,
+        pkcs7->encodeStream);
     totalSz += esd->innerSeqSz;
-    esd->outerContentSz = SetExplicit(0, totalSz + total2Sz, esd->outerContent);
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+
+    esd->outerContentSz = SetExplicit(0, totalSz + total2Sz,
+        esd->outerContent, pkcs7->encodeStream);
     totalSz += esd->outerContentSz + signedDataOidSz;
-    esd->outerSeqSz = SetSequence(totalSz + total2Sz, esd->outerSeq);
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+
+    esd->outerSeqSz = SetSequenceEx(totalSz + total2Sz, esd->outerSeq,
+        pkcs7->encodeStream);
     totalSz += esd->outerSeqSz;
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
 
     /* if using header/footer, we are not returning the content */
     if (output2 && output2Sz) {
@@ -2639,7 +3125,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         totalSz += total2Sz;
     }
 
-    if (totalSz > *outputSz) {
+    if (totalSz > *outputSz
+    #ifdef ASN_BER_TO_DER
+        && pkcs7->streamOutCb == NULL
+    #endif
+    ) {
         if (*outputSz == 0) {
         #ifdef HAVE_ECC
             if (pkcs7->publicKeyOID == ECDSAk) {
@@ -2647,90 +3137,162 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
             }
         #endif
             *outputSz = totalSz;
-            idx = totalSz;
+            idx = (int)totalSz;
             goto out;
         }
         idx = BUFFER_E;
         goto out;
     }
 
+#ifdef ASN_BER_TO_DER
+    if (output == NULL && pkcs7->streamOutCb == NULL) {
+#else
     if (output == NULL) {
+#endif
         idx = BUFFER_E;
         goto out;
     }
 
     idx = 0;
-    XMEMCPY(output + idx, esd->outerSeq, esd->outerSeqSz);
-    idx += esd->outerSeqSz;
-    XMEMCPY(output + idx, signedDataOid, signedDataOidSz);
-    idx += signedDataOidSz;
-    XMEMCPY(output + idx, esd->outerContent, esd->outerContentSz);
-    idx += esd->outerContentSz;
-    XMEMCPY(output + idx, esd->innerSeq, esd->innerSeqSz);
-    idx += esd->innerSeqSz;
-    XMEMCPY(output + idx, esd->version, esd->versionSz);
-    idx += esd->versionSz;
-    XMEMCPY(output + idx, esd->digAlgoIdSet, esd->digAlgoIdSetSz);
-    idx += esd->digAlgoIdSetSz;
-    XMEMCPY(output + idx, esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
-    idx += esd->singleDigAlgoIdSz;
-    XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz);
-    idx += esd->contentInfoSeqSz;
-    XMEMCPY(output + idx, pkcs7->contentType, pkcs7->contentTypeSz);
-    idx += pkcs7->contentTypeSz;
-    XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz);
-    idx += esd->innerContSeqSz;
-    XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz);
-    idx += esd->innerOctetsSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->outerSeq, esd->outerSeqSz);
+    idx += (int)esd->outerSeqSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            signedDataOid, signedDataOidSz);
+    idx += (int)signedDataOidSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->outerContent, esd->outerContentSz);
+    idx += (int)esd->outerContentSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->innerSeq, esd->innerSeqSz);
+    idx += (int)esd->innerSeqSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->version, esd->versionSz);
+    idx += (int)esd->versionSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->digAlgoIdSet, esd->digAlgoIdSetSz);
+    idx += (int)esd->digAlgoIdSetSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
+    idx += (int)esd->singleDigAlgoIdSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->contentInfoSeq, esd->contentInfoSeqSz);
+    idx += (int)esd->contentInfoSeqSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            pkcs7->contentType, pkcs7->contentTypeSz);
+    idx += (int)pkcs7->contentTypeSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->innerContSeq, esd->innerContSeqSz);
+    idx += (int)esd->innerContSeqSz;
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            esd->innerOctets, esd->innerOctetsSz);
+    idx += (int)esd->innerOctetsSz;
 
     /* support returning header and footer without content */
     if (output2 && output2Sz) {
-        *outputSz = idx;
+        *outputSz = (word32)idx;
         idx = 0;
     }
     else {
-        if (!pkcs7->detached && pkcs7->content != NULL && pkcs7->contentSz > 0) {
-            XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
-            idx += pkcs7->contentSz;
+        if (
+        #ifdef ASN_BER_TO_DER
+            (pkcs7->content != NULL || pkcs7->getContentCb != NULL)
+        #else
+            pkcs7->content != NULL
+        #endif
+             && pkcs7->contentSz > 0) {
+            wc_PKCS7_EncodeContentStream(pkcs7, esd, NULL, pkcs7->content,
+                (int)pkcs7->contentSz, (output)? output + idx : NULL,
+                WC_CIPHER_NONE);
+            if (!pkcs7->detached) {
+            #ifdef ASN_BER_TO_DER
+                if (pkcs7->encodeStream) {
+                    byte indefEnd[ASN_INDEF_END_SZ * 3];
+                    word32 localIdx = 0;
+
+                    idx += (int)streamSz;
+
+                    /* end of content octet string */
+                    localIdx += SetIndefEnd(indefEnd + localIdx);
+
+                    /* end of inner content seq */
+                    localIdx += SetIndefEnd(indefEnd + localIdx);
+
+                    /* end of inner content info seq */
+                    localIdx += SetIndefEnd(indefEnd + localIdx);
+
+                    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+                        indefEnd, localIdx);
+                    idx += (int)localIdx;
+                }
+                else
+            #endif
+                {
+                        idx += (int)pkcs7->contentSz;
+                }
+            }
         }
         output2 = output;
     }
 
     /* certificates */
-    XMEMCPY(output2 + idx, esd->certsSet, esd->certsSetSz);
-    idx += esd->certsSetSz;
-    certPtr = pkcs7->certList;
-    while (certPtr != NULL) {
-        XMEMCPY(output2 + idx, certPtr->der, certPtr->derSz);
-        idx += certPtr->derSz;
-        certPtr = certPtr->next;
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+        esd->certsSet, esd->certsSetSz);
+    idx += (int)esd->certsSetSz;
+
+    if (pkcs7->noCerts != 1) {
+        certPtr = pkcs7->certList;
+        while (certPtr != NULL) {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                certPtr->der, certPtr->derSz);
+            idx += (int)certPtr->derSz;
+            certPtr = certPtr->next;
+        }
     }
+
     wc_PKCS7_FreeCertSet(pkcs7);
 
-    XMEMCPY(output2 + idx, esd->signerInfoSet, esd->signerInfoSetSz);
-    idx += esd->signerInfoSetSz;
-    XMEMCPY(output2 + idx, esd->signerInfoSeq, esd->signerInfoSeqSz);
-    idx += esd->signerInfoSeqSz;
-    XMEMCPY(output2 + idx, esd->signerVersion, esd->signerVersionSz);
-    idx += esd->signerVersionSz;
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerInfoSet, esd->signerInfoSetSz);
+    idx += (int)esd->signerInfoSetSz;
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerInfoSeq, esd->signerInfoSeqSz);
+    idx += (int)esd->signerInfoSeqSz;
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerVersion, esd->signerVersionSz);
+    idx += (int)esd->signerVersionSz;
     /* SignerIdentifier */
     if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
         /* IssuerAndSerialNumber */
-        XMEMCPY(output2 + idx, esd->issuerSnSeq, esd->issuerSnSeqSz);
-        idx += esd->issuerSnSeqSz;
-        XMEMCPY(output2 + idx, esd->issuerName, esd->issuerNameSz);
-        idx += esd->issuerNameSz;
-        XMEMCPY(output2 + idx, pkcs7->issuer, pkcs7->issuerSz);
-        idx += pkcs7->issuerSz;
-        XMEMCPY(output2 + idx, esd->issuerSn, esd->issuerSnSz);
-        idx += esd->issuerSnSz;
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSnSeq, esd->issuerSnSeqSz);
+        idx += (int)esd->issuerSnSeqSz;
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerName, esd->issuerNameSz);
+        idx += (int)esd->issuerNameSz;
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->issuer, pkcs7->issuerSz);
+        idx += (int)pkcs7->issuerSz;
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSn, esd->issuerSnSz);
+        idx += (int)esd->issuerSnSz;
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
-        XMEMCPY(output2 + idx, esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
-        idx += esd->issuerSKIDSeqSz;
-        XMEMCPY(output2 + idx, esd->issuerSKID, esd->issuerSKIDSz);
-        idx += esd->issuerSKIDSz;
-        XMEMCPY(output2 + idx, pkcs7->issuerSubjKeyId, keyIdSize);
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
+        idx += (int)esd->issuerSKIDSeqSz;
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->issuerSKID, esd->issuerSKIDSz);
+        idx += (int)esd->issuerSKIDSz;
+
+        if (pkcs7->customSKID) {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->customSKID, (word32)keyIdSize);
+        }
+        else {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        }
         idx += keyIdSize;
     } else if (pkcs7->sidType == DEGENERATE_SID) {
         /* no signer infos in degenerate case */
@@ -2738,42 +3300,111 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
         idx = SKID_E;
         goto out;
     }
-    XMEMCPY(output2 + idx, esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
-    idx += esd->signerDigAlgoIdSz;
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
+    idx += (int)esd->signerDigAlgoIdSz;
 
     /* SignerInfo:Attributes */
     if (flatSignedAttribsSz > 0) {
-        XMEMCPY(output2 + idx, esd->signedAttribSet, esd->signedAttribSetSz);
-        idx += esd->signedAttribSetSz;
-        XMEMCPY(output2 + idx, flatSignedAttribs, flatSignedAttribsSz);
-        idx += flatSignedAttribsSz;
+        /* if the original hash buffer passed in was null then recreate the
+        * signature */
+        if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) {
+            /* recreate flat attribs after the content hash is known if needed
+             * build up signed attributes, include contentType, signingTime, and
+               messageDigest by default */
+            esd->signedAttribsCount = 0;
+            esd->signedAttribsSz = 0;
+            ret = wc_PKCS7_BuildSignedAttributes(pkcs7, esd, pkcs7->contentType,
+                                     pkcs7->contentTypeSz,
+                                     contentTypeOid, sizeof(contentTypeOid),
+                                     messageDigestOid, sizeof(messageDigestOid),
+                                     signingTimeOid, sizeof(signingTimeOid),
+                                     signingTime, sizeof(signingTime));
+            if (ret < 0) {
+                idx = ret;
+                goto out;
+            }
+
+            if (esd->signedAttribsSz > 0) {
+                if (flatSignedAttribs == NULL) {
+                    idx = MEMORY_E;
+                    goto out;
+                }
+
+                flatSignedAttribsSz = esd->signedAttribsSz;
+                FlattenAttributes(pkcs7, flatSignedAttribs,
+                                  esd->signedAttribs,
+                                  (int)esd->signedAttribsCount);
+            } else {
+                esd->signedAttribSetSz = 0;
+            }
+        }
+
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signedAttribSet, esd->signedAttribSetSz);
+        idx += (int)esd->signedAttribSetSz;
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                flatSignedAttribs, flatSignedAttribsSz);
+        idx += (int)flatSignedAttribsSz;
     }
 
-    XMEMCPY(output2 + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
-    idx += esd->digEncAlgoIdSz;
-    XMEMCPY(output2 + idx, esd->signerDigest, esd->signerDigestSz);
-    idx += esd->signerDigestSz;
-    XMEMCPY(output2 + idx, esd->encContentDigest, esd->encContentDigestSz);
-    idx += esd->encContentDigestSz;
+    if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) {
+        /* Calculate the final hash and encrypt it. */
+        WOLFSSL_MSG("Recreating signature with new hash");
+        ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
+                                                flatSignedAttribsSz, esd);
+        if (ret < 0) {
+            idx = ret;
+            goto out;
+        }
+    }
+
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->digEncAlgoId, esd->digEncAlgoIdSz);
+    idx += (int)esd->digEncAlgoIdSz;
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->signerDigest, esd->signerDigestSz);
+    idx += (int)esd->signerDigestSz;
+
+    wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                esd->encContentDigest, esd->encContentDigestSz);
+    idx += (int)esd->encContentDigestSz;
+
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        byte indefEnd[ASN_INDEF_END_SZ * 3];
+        word32 localIdx = 0;
+
+        /* end of signedData seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content set */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content info seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                    indefEnd, localIdx);
+        idx += (int)localIdx;
+    }
+#endif
 
     if (output2Sz) {
-        *output2Sz = idx;
+        *output2Sz = (word32)idx;
         idx = 0; /* success */
     }
     else {
-        *outputSz = idx;
+        *outputSz = (word32)idx;
     }
 
   out:
 
-    if (flatSignedAttribs != NULL)
-        XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (esd)
-        XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (signedDataOid)
-        XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return idx;
@@ -2787,40 +3418,67 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
  * pkcs7->contentSz: Must be provided as actual sign of raw data
  * return codes: 0=success, negative=error
  */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz)
 {
     int ret;
-#ifdef WOLFSSL_SMALL_STACK
-    ESD* esd;
-#else
-    ESD  esd[1];
-#endif
 
     /* other args checked in wc_PKCS7_EncodeSigned_ex */
-    if (pkcs7 == NULL || outputFoot == NULL || outputFootSz == NULL) {
+    if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_SMALL_STACK
-    esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (esd == NULL)
-        return MEMORY_E;
+#ifndef ASN_BER_TO_DER
+    if (outputFoot == NULL || outputFootSz == NULL)
+#else
+    if (pkcs7->getContentCb == NULL &&
+        (outputFoot == NULL || outputFootSz == NULL))
 #endif
+    {
+        return BAD_FUNC_ARG;
+    }
 
-    XMEMSET(esd, 0, sizeof(ESD));
-
-    ret = PKCS7_EncodeSigned(pkcs7, esd, hashBuf, hashSz,
+    ret = PKCS7_EncodeSigned(pkcs7, hashBuf, hashSz,
         outputHead, outputHeadSz, outputFoot, outputFootSz);
 
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
     return ret;
 }
 
+
+/* Sets a custom SKID in PKCS7 struct, used before calling an encode operation
+ * Returns 0 on success, negative upon error. */
+int wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in, word16 inSz)
+{
+    int ret = 0;
+
+    if (pkcs7 == NULL || (in == NULL && inSz > 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (in == NULL) {
+        if (pkcs7->customSKID != NULL) {
+            XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        }
+        pkcs7->customSKIDSz = 0;
+        pkcs7->customSKID   = NULL;
+    }
+    else {
+        pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap,
+            DYNAMIC_TYPE_PKCS7);
+        if (pkcs7->customSKID == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(pkcs7->customSKID, in, inSz);
+            pkcs7->customSKIDSz = inSz;
+        }
+    }
+
+    return ret;
+}
+
+
 /* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type.
  * By default wolfCrypt includes the data to be signed in the SignedData
  * bundle. This data can be omitted in the case when a detached signature is
@@ -2834,12 +3492,12 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
  * flag  - turn on/off detached signature generation (1 or 0)
  *
  * Returns 0 on success, negative upon error. */
-int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
+int wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7 == NULL || (flag != 0 && flag != 1))
         return BAD_FUNC_ARG;
 
-    pkcs7->detached = flag;
+    pkcs7->detached = (flag != 0);
 
     return 0;
 }
@@ -2855,7 +3513,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
  * pkcs7 - pointer to initialized PKCS7 structure
  *
  * Returns 0 on success, negative upon error. */
-int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7)
+int wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7)
 {
     return wc_PKCS7_SetDefaultSignedAttribs(pkcs7, WOLFSSL_NO_ATTRIBUTES);
 }
@@ -2872,7 +3530,7 @@ int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7)
  * pkcs7 - pointer to initialized PKCS7 structure
  *
  * Returns 0 on success, negative upon error. */
-int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
+int  wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -2901,58 +3559,53 @@ int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
 
 
 /* return codes: >0: Size of signed PKCS7 output buffer, negative: error */
-int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret;
-    int hashSz;
-    enum wc_HashType hashType;
-    byte hashBuf[WC_MAX_DIGEST_SIZE];
-#ifdef WOLFSSL_SMALL_STACK
-    ESD* esd;
-#else
-    ESD  esd[1];
-#endif
 
     /* other args checked in wc_PKCS7_EncodeSigned_ex */
-    if (pkcs7 == NULL || (pkcs7->contentSz > 0 && pkcs7->content == NULL)) {
+    if (pkcs7 == NULL || (pkcs7->contentSz > 0 &&
+    #ifdef ASN_BER_TO_DER
+        (pkcs7->content == NULL && pkcs7->getContentCb == NULL))
+    #else
+        pkcs7->content == NULL)
+    #endif
+    ) {
         return BAD_FUNC_ARG;
     }
 
-    /* get hash type and size, validate hashOID */
-    hashType = wc_OidGetHash(pkcs7->hashOID);
-    hashSz = wc_HashGetDigestSize(hashType);
-    if (hashSz < 0)
-        return hashSz;
+    /* pre-calculate hash for ECC signatures */
+    if (pkcs7->publicKeyOID == ECDSAk) {
+        int hashSz;
+        enum wc_HashType hashType;
+        byte hashBuf[WC_MAX_DIGEST_SIZE];
+        wc_HashAlg hash;
 
-#ifdef WOLFSSL_SMALL_STACK
-    esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (esd == NULL)
-        return MEMORY_E;
-#endif
+        /* get hash type and size, validate hashOID */
+        hashType = wc_OidGetHash(pkcs7->hashOID);
+        hashSz = wc_HashGetDigestSize(hashType);
+        if (hashSz < 0)
+            return hashSz;
 
-    XMEMSET(esd, 0, sizeof(ESD));
-    esd->hashType = hashType;
-
-    /* calculate hash for content */
-    ret = wc_HashInit(&esd->hash, esd->hashType);
-    if (ret == 0) {
-        ret = wc_HashUpdate(&esd->hash, esd->hashType,
-                            pkcs7->content, pkcs7->contentSz);
+        /* calculate hash for content */
+        ret = wc_HashInit(&hash, hashType);
         if (ret == 0) {
-            ret = wc_HashFinal(&esd->hash, esd->hashType, hashBuf);
+            ret = wc_HashUpdate(&hash, hashType,
+                            pkcs7->content, pkcs7->contentSz);
+            if (ret == 0) {
+                ret = wc_HashFinal(&hash, hashType, hashBuf);
+            }
+            wc_HashFree(&hash, hashType);
+        }
+        if (ret == 0) {
+            ret = PKCS7_EncodeSigned(pkcs7, hashBuf, (word32)hashSz,
+                output, &outputSz, NULL, NULL);
         }
-        wc_HashFree(&esd->hash, esd->hashType);
     }
-
-    if (ret == 0) {
-        ret = PKCS7_EncodeSigned(pkcs7, esd, hashBuf, hashSz,
-            output, &outputSz, NULL, NULL);
+    else {
+        ret = PKCS7_EncodeSigned(pkcs7, NULL, 0, output, &outputSz,
+            NULL, NULL);
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
     return ret;
 }
 
@@ -2975,7 +3628,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+int wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                              word32 privateKeySz, int signOID, int hashOID,
                              byte* content, word32 contentSz,
                              PKCS7Attrib* signedAttribs, word32 signedAttribsSz,
@@ -3044,7 +3697,7 @@ int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
+int wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7, byte* encryptKey,
                                       word32 encryptKeySz, byte* privateKey,
                                       word32 privateKeySz, int encryptOID,
                                       int signOID, int hashOID,
@@ -3086,18 +3739,19 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
     }
 
     /* save encryptedData, reset output buffer and struct */
-    encrypted = (byte*)XMALLOC(encryptedSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    encrypted = (byte*)XMALLOC((word32)encryptedSz, pkcs7->heap,
+                               DYNAMIC_TYPE_PKCS7);
     if (encrypted == NULL) {
         ForceZero(output, outputSz);
         return MEMORY_E;
     }
 
-    XMEMCPY(encrypted, output, encryptedSz);
+    XMEMCPY(encrypted, output, (word32)encryptedSz);
     ForceZero(output, outputSz);
 
     ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
     if (ret != 0) {
-        ForceZero(encrypted, encryptedSz);
+        ForceZero(encrypted, (word32)encryptedSz);
         XFREE(encrypted, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
@@ -3105,7 +3759,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
     /* 2: build up SignedData, encapsulating EncryptedData */
     pkcs7->rng = &rng;
     pkcs7->content = encrypted;
-    pkcs7->contentSz = encryptedSz;
+    pkcs7->contentSz = (word32)encryptedSz;
     pkcs7->contentOID = ENCRYPTED_DATA;
     pkcs7->hashOID = hashOID;
     pkcs7->encryptOID = signOID;
@@ -3119,7 +3773,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
         WOLFSSL_MSG("Error encoding CMS SignedData content type");
     }
 
-    ForceZero(encrypted, encryptedSz);
+    ForceZero(encrypted, (word32)encryptedSz);
     XFREE(encrypted, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     pkcs7->rng = NULL;
     wc_FreeRng(&rng);
@@ -3151,7 +3805,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey,
+int wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                                        word32 privateKeySz, int signOID,
                                        int hashOID, byte* content,
                                        word32 contentSz,
@@ -3255,7 +3909,7 @@ int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
+int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7, byte* encryptKey,
                                        word32 encryptKeySz, byte* privateKey,
                                        word32 privateKeySz, int encryptOID,
                                        int signOID, int hashOID, byte* content,
@@ -3369,7 +4023,7 @@ int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
 
 #ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
 /* register raw RSA sign digest callback */
-int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
+int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
 {
     if (pkcs7 == NULL || cb == NULL) {
         return BAD_FUNC_ARG;
@@ -3382,7 +4036,7 @@ int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
 #endif
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
+static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
                               byte* hash, word32 hashSz)
 {
     int ret = 0, i;
@@ -3391,8 +4045,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
     byte* digest;
     RsaKey* key;
     DecodedCert* dCert;
+#else
+#ifdef WOLFSSL_NO_MALLOC
+    byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size
+                                                   * key->dataLen
+                                                   */
 #else
     byte digest[MAX_PKCS7_DIGEST_SZ];
+#endif
     RsaKey key[1];
     DecodedCert stack_dCert;
     DecodedCert* dCert = &stack_dCert;
@@ -3469,11 +4129,11 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
                 WC_ASYNC_FLAG_CALL_AGAIN);
     #endif
             if (ret >= 0) {
-                ret = wc_RsaSSL_Verify(sig, sigSz, digest, MAX_PKCS7_DIGEST_SZ,
+                ret = wc_RsaSSL_Verify(sig, (word32)sigSz, digest, MAX_PKCS7_DIGEST_SZ,
                     key);
             }
     #ifdef WOLFSSL_ASYNC_CRYPT
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         FreeDecodedCert(dCert);
         wc_FreeRsaKey(key);
@@ -3508,7 +4168,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
 #ifdef HAVE_ECC
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
+static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
                                 byte* hash, word32 hashSz)
 {
     int ret = 0, i;
@@ -3597,20 +4257,24 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
                 WC_ASYNC_FLAG_CALL_AGAIN);
     #endif
             if (ret >= 0) {
-                ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &res, key);
+                ret = wc_ecc_verify_hash(sig, (word32)sigSz, hash, hashSz, &res, key);
             }
     #ifdef WOLFSSL_ASYNC_CRYPT
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
 
-        FreeDecodedCert(dCert);
-        wc_ecc_free(key);
-
         if (ret == 0 && res == 1) {
             /* found signer that successfully verified signature */
             verified = 1;
+            XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
             pkcs7->verifyCert   = pkcs7->cert[i];
             pkcs7->verifyCertSz = pkcs7->certSz[i];
+        }
+
+        wc_ecc_free(key);
+        FreeDecodedCert(dCert);
+
+        if (ret == 0 && res == 1) {
             break;
         }
     }
@@ -3643,7 +4307,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
  * plainDigestSz  - [OUT] size of digest at plainDigest
  *
  * returns 0 on success, negative on error */
-static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
+static int wc_PKCS7_BuildSignedDataDigest(wc_PKCS7* pkcs7, byte* signedAttrib,
                                       word32 signedAttribSz, byte* pkcs7Digest,
                                       word32* pkcs7DigestSz, byte** plainDigest,
                                       word32* plainDigestSz,
@@ -3676,7 +4340,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
     ret = wc_HashGetDigestSize(hashType);
     if (ret < 0)
         return ret;
-    hashSz = ret;
+    hashSz = (word32)ret;
 
     if (signedAttribSz > 0) {
         if (signedAttrib == NULL)
@@ -3740,24 +4404,25 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
         }
     }
 
-    /* Set algoID, with NULL attributes */
-    algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0);
+    /* Set algoID, match whatever was input to match either NULL or absent */
+    algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType,
+                            0, pkcs7->hashParamsAbsent);
 
     digestStrSz = SetOctetString(hashSz, digestStr);
     digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
                                   digestInfoSeq);
 
     XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
-    digIdx += digestInfoSeqSz;
+    digIdx += (int)digestInfoSeqSz;
     XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
-    digIdx += algoIdSz;
+    digIdx += (int)algoIdSz;
     XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
-    digIdx += digestStrSz;
+    digIdx += (int)digestStrSz;
     XMEMCPY(digestInfo + digIdx, digest, hashSz);
-    digIdx += hashSz;
+    digIdx += (int)hashSz;
 
-    XMEMCPY(pkcs7Digest, digestInfo, digIdx);
-    *pkcs7DigestSz = digIdx;
+    XMEMCPY(pkcs7Digest, digestInfo, (word32)digIdx);
+    *pkcs7DigestSz = (word32)digIdx;
 
     /* set plain digest pointer */
     *plainDigest = pkcs7Digest + digIdx - hashSz;
@@ -3781,7 +4446,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
  * hashBufSz      - size of hashBuf, octets
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
+static int wc_PKCS7_VerifyContentMessageDigest(wc_PKCS7* pkcs7,
                                                const byte* hashBuf,
                                                word32 hashSz)
 {
@@ -3849,7 +4514,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
         XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
 
         content = pkcs7->content;
-        contentLen = pkcs7->contentSz;
+        contentLen = (int)pkcs7->contentSz;
 
         if (pkcs7->contentIsPkcs7Type == 1) {
             /* Content follows PKCS#7 RFC, which defines type as ANY. CMS
@@ -3862,7 +4527,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
             }
 
             if (GetLength_ex(content, &contentIdx, &contentLen,
-                    contentLen, 1) < 0) {
+                    (word32)contentLen, 1) < 0) {
                 #ifdef WOLFSSL_SMALL_STACK
                     XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                 #endif
@@ -3870,7 +4535,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
             }
         }
 
-        ret = wc_Hash(hashType, content + contentIdx, contentLen, digest,
+        ret = wc_Hash(hashType, content + contentIdx, (word32)contentLen, digest,
                       MAX_PKCS7_DIGEST_SZ);
         if (ret < 0) {
             WOLFSSL_MSG("Error hashing PKCS7 content for verification");
@@ -3926,7 +4591,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
  * signedAttribSz - size of signedAttributes
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
+static int wc_PKCS7_SignedDataVerifySignature(wc_PKCS7* pkcs7, byte* sig,
                                              word32 sigSz, byte* signedAttrib,
                                              word32 signedAttribSz,
                                              const byte* hashBuf, word32 hashSz)
@@ -4051,11 +4716,11 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
 
 #ifndef NO_RSA
         case RSAk:
-            ret = wc_PKCS7_RsaVerify(pkcs7, sig, sigSz, pkcs7Digest,
+            ret = wc_PKCS7_RsaVerify(pkcs7, sig, (int)sigSz, pkcs7Digest,
                                      pkcs7DigestSz);
             if (ret < 0) {
                 WOLFSSL_MSG("PKCS#7 verification failed, trying CMS");
-                ret = wc_PKCS7_RsaVerify(pkcs7, sig, sigSz, plainDigest,
+                ret = wc_PKCS7_RsaVerify(pkcs7, sig, (int)sigSz, plainDigest,
                                          plainDigestSz);
             }
             break;
@@ -4063,7 +4728,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
 
 #ifdef HAVE_ECC
         case ECDSAk:
-            ret = wc_PKCS7_EcdsaVerify(pkcs7, sig, sigSz, plainDigest,
+            ret = wc_PKCS7_EcdsaVerify(pkcs7, sig, (int)sigSz, plainDigest,
                                        plainDigestSz);
             break;
 #endif
@@ -4082,7 +4747,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
 
 /* set correct public key OID based on signature OID, stores in
  * pkcs7->publicKeyOID and returns same value */
-static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
+static int wc_PKCS7_SetPublicKeyOID(wc_PKCS7* pkcs7, int sigOID)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -4109,7 +4774,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
 
         /* if sigOID is already RSAk */
         case RSAk:
-            pkcs7->publicKeyOID = sigOID;
+            pkcs7->publicKeyOID = (word32)sigOID;
             break;
     #endif
 
@@ -4121,7 +4786,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
 
         /* if sigOID is already DSAk */
         case DSAk:
-            pkcs7->publicKeyOID = sigOID;
+            pkcs7->publicKeyOID = (word32)sigOID;
             break;
     #endif
 
@@ -4141,7 +4806,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
 
         /* if sigOID is already ECDSAk */
         case ECDSAk:
-            pkcs7->publicKeyOID = sigOID;
+            pkcs7->publicKeyOID = (word32)sigOID;
             break;
     #endif
 
@@ -4150,7 +4815,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
             return ASN_SIG_KEY_E;
     }
 
-    return pkcs7->publicKeyOID;
+    return (int)pkcs7->publicKeyOID;
 }
 
 
@@ -4170,7 +4835,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
  *
  * returns the number of attributes parsed on success
  */
-static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
+static int wc_PKCS7_ParseAttribs(wc_PKCS7* pkcs7, byte* in, int inSz)
 {
     int    found = 0;
     word32 idx   = 0;
@@ -4182,10 +4847,10 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
 
     while (idx < (word32)inSz) {
         int length  = 0;
-        int oidIdx;
+        word32 oidIdx;
         PKCS7DecodedAttrib* attrib;
 
-        if (GetSequence(in, &idx, &length, inSz) < 0)
+        if (GetSequence(in, &idx, &length, (word32)inSz) < 0)
             return ASN_PARSE_E;
 
         attrib = (PKCS7DecodedAttrib*)XMALLOC(sizeof(PKCS7DecodedAttrib),
@@ -4196,7 +4861,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
         XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib));
 
         oidIdx = idx;
-        if (GetObjectId(in, &idx, &oid, oidIgnoreType, inSz)
+        if (GetObjectId(in, &idx, &oid, oidIgnoreType, (word32)inSz)
                 < 0) {
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return ASN_PARSE_E;
@@ -4211,13 +4876,13 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
         XMEMCPY(attrib->oid, in + oidIdx, attrib->oidSz);
 
         /* Get Set that contains the printable string value */
-        if (GetSet(in, &idx, &length, inSz) < 0) {
+        if (GetSet(in, &idx, &length, (word32)inSz) < 0) {
             XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return ASN_PARSE_E;
         }
 
-        if ((inSz - idx) < (word32)length) {
+        if ((inSz - (int)idx) < length) {
             XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return ASN_PARSE_E;
@@ -4232,7 +4897,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
             return MEMORY_E;
         }
         XMEMCPY(attrib->value, in + idx, attrib->valueSz);
-        idx += length;
+        idx += (word32)length;
 
         /* store attribute in linked list */
         if (pkcs7->decodedAttrib != NULL) {
@@ -4254,7 +4919,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
  *
  * by default support for SignedData degenerate cases is on
  */
-void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag)
+void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7) {
         if (flag) { /* flag of 1 turns on support for degenerate */
@@ -4276,15 +4941,16 @@ void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag)
  *
  * returns 0 on success
  */
-static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_ParseSignerInfo(wc_PKCS7* pkcs7, byte* in, word32 inSz,
         word32* idxIn, int degenerate, byte** signedAttrib, int* signedAttribSz)
 {
     int ret = 0;
-    int length;
-    int version;
+    int length = 0;
+    int version = 0;
     word32 sigOID = 0, hashOID = 0;
     word32 idx = *idxIn, localIdx;
     byte tag;
+    byte absentParams = FALSE;
 
     WOLFSSL_ENTER("wc_PKCS7_ParseSignerInfo");
     /* require a signer if degenerate case not allowed */
@@ -4321,7 +4987,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
             if (ret == 0) {
                 ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length);
-                idx += length;
+                idx += (word32)length;
             }
 
         } else if (ret == 0 && version == 3) {
@@ -4377,7 +5043,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
             if (ret == 0) {
                 ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length);
-                idx += length;
+                idx += (word32)length;
             }
 
         } else {
@@ -4386,10 +5052,12 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
         }
 
         /* Get the sequence of digestAlgorithm */
-        if (ret == 0 && GetAlgoId(in, &idx, &hashOID, oidHashType, inSz) < 0) {
+        if (ret == 0 && GetAlgoIdEx(in, &idx, &hashOID, oidHashType,
+                                    inSz, &absentParams) < 0) {
             ret = ASN_PARSE_E;
         }
         pkcs7->hashOID = (int)hashOID;
+        pkcs7->hashParamsAbsent = (absentParams != 0);
 
         /* Get the IMPLICIT[0] SET OF signedAttributes */
         localIdx = idx;
@@ -4410,7 +5078,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = ASN_PARSE_E;
             }
 
-            idx += length;
+            idx += (word32)length;
         }
 
         /* Get digestEncryptionAlgorithm - key type or signature type */
@@ -4420,7 +5088,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
         /* store public key type based on digestEncryptionAlgorithm */
         if (ret == 0) {
-            ret = wc_PKCS7_SetPublicKeyOID(pkcs7, sigOID);
+            ret = wc_PKCS7_SetPublicKeyOID(pkcs7, (int)sigOID);
             if (ret < 0) {
                 WOLFSSL_MSG("Failed to set public key OID from signature");
             }
@@ -4439,7 +5107,254 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
     return ret;
 }
 
+/* parse input to get single/multiple octet strings.
+ * get each octet string from stream up to the size defined by
+ * MAX_PKCS7_STREAM_BUFFER then hash and store them to the content buffer.
+ * hash is stored to pkcs7->stream->hashBuf and its size in
+ * pkcs7->stream->hashBufSz if keepContent is true, accumulates content into
+ * pkcs7->stream->content and stores its size in pkcs7->stream->contentSz.
+ */
+#ifndef NO_PKCS7_STREAM
+static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
+                                word32* tmpIdx, word32* idx, int keepContent)
+{
+    int ret, length = 0;
+    word32 msgSz, i, contBufSz;
+    byte tag;
+    byte* msg = NULL;
+    byte* tempBuf = NULL;
 
+    /* allow 0 for inSz in streaming */
+    if (inSz == 0) {
+        return WC_PKCS7_WANT_READ_E;
+    }
+
+    if (pkcs7 == NULL || in == NULL || idx == NULL)
+        return BAD_FUNC_ARG;
+
+    /* no content case, do nothing */
+    if (pkcs7->stream->noContent) {
+        if (pkcs7->content && pkcs7->contentSz > 0) {
+            XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            pkcs7->stream->content = NULL;
+
+            pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz,
+                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            if (pkcs7->stream->content == NULL) {
+                WOLFSSL_MSG("Failed to grow content buffer.");
+                return MEMORY_E;
+            }
+            XMEMCPY(pkcs7->stream->content, pkcs7->content, pkcs7->contentSz);
+            pkcs7->stream->contentSz = pkcs7->contentSz;
+        }
+        return 0;
+    }
+
+    /* free pkcs7->contentDynamic buffer */
+    XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    pkcs7->contentDynamic = NULL;
+
+    while(1) {
+        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx)) != 0) {
+            break;
+        }
+
+        msgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:inSz;
+
+        if (pkcs7->stream->currContRmnSz == 0) {
+
+            /* processed single OCTET STRING, try to find another one. */
+            if ((ret = GetASNTag(msg, idx, &tag, msgSz)) < 0) {
+                break;
+            }
+
+            /* if another OCTET STRING is found, get its length */
+            if (ret == 0 && tag == ASN_OCTET_STRING) {
+
+                if (ret == 0 && GetLength_ex(msg, idx, &length, msgSz,
+                                                            NO_USER_CHECK) < 0){
+                    ret = ASN_PARSE_E;
+                    break;
+                }
+
+                /* set up for next octet string */
+                pkcs7->stream->currContSz    = (word32)length;
+                pkcs7->stream->currContRmnSz = (word32)length;
+                pkcs7->stream->expected      = min(pkcs7->stream->currContRmnSz,
+                                                   MAX_PKCS7_STREAM_BUFFER);
+
+                /* advance read index */
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                /* check if expected data is available in stream */
+                ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx);
+                if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                    break;  /* ask user more input */
+                }
+
+                /* data available, continue processing */
+                continue;
+            }
+            /* reached to the end of contents. trailing zeros may follow. */
+            else if (ret == 0 && tag == ASN_EOC) {
+
+                /* ASN_EOC tag and one zero follows to show the end of
+                 * in-definite length encoding.
+                 * number of indef is stored in pkcs7->stream->cntIdfCnt.
+                 */
+                pkcs7->stream->expected = (word32)(ASN_TAG_SZ + TRAILING_ZERO) *
+                                               (word32)pkcs7->stream->cntIdfCnt;
+
+                /* dec idx by one since already consumed to get ASN_EOC */
+                (*idx)--;
+
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                /* check if expected data is available in stream */
+                ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx);
+                if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                    break;  /* ask user more input */
+                }
+
+                /* data available, continue processing trailing zeros */
+                for (i = 0; i < pkcs7->stream->expected; i++) {
+                    if (msg[*idx + i] != 0) {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                }
+                /* reset indef-length count */
+                pkcs7->stream->cntIdfCnt = 0;
+
+                /* advance read index */
+                *idx += pkcs7->stream->expected;
+
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                /* handled OCTET STRINGs successfully */
+                ret = 0;
+                break;
+            }
+            /* reached to the end of contents without trailing zeros */
+            else if (ret == 0) {
+
+                /* dec idx by one since already consumed to get ASN_EOC */
+                (*idx)--;
+
+                if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                    break;
+                }
+
+                ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &msg, idx);
+                if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                    break;
+                }
+
+                /* handled OCTET STRINGs successfully */
+                ret = 0;
+                break;
+            }
+            else {
+                break;
+            }
+        }
+        else {
+            /* got partial octet string data */
+            /* accumulate partial octet string to buffer */
+            if (keepContent) {
+            #ifdef ASN_BER_TO_DER
+                if (pkcs7->streamOutCb) {
+                    ret = wc_HashUpdate(&pkcs7->stream->hashAlg,
+                        pkcs7->stream->hashType,
+                        msg + *idx, pkcs7->stream->expected);
+                    if (ret != 0)
+                        break;
+                    pkcs7->streamOutCb(pkcs7, msg + *idx,
+                        pkcs7->stream->expected, pkcs7->streamCtx);
+                }
+                else
+            #endif /* ASN_BER_TO_DER */
+                {
+                    /* store current content buffer temporarily */
+                    tempBuf = pkcs7->stream->content;
+                    pkcs7->stream->content = NULL;
+
+                    /* grow content buffer */
+                    contBufSz = pkcs7->stream->accumContSz;
+                    pkcs7->stream->accumContSz += pkcs7->stream->expected;
+
+                    pkcs7->stream->content =
+                                    (byte*)XMALLOC(pkcs7->stream->accumContSz,
+                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+
+                    if (pkcs7->stream->content == NULL) {
+                        WOLFSSL_MSG("failed to grow content buffer.");
+                            if (tempBuf != NULL) {
+                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                        tempBuf = NULL;
+                            }
+                        ret = MEMORY_E;
+                        break;
+                    }
+                    else {
+                        /* accumulate content */
+                        if (tempBuf != NULL && contBufSz != 0) {
+                            XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz);
+                        }
+                        XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
+                                                       pkcs7->stream->expected);
+                        if (tempBuf != NULL) {
+                            XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                            tempBuf = NULL;
+                        }
+                    }
+                }
+            }
+
+            *idx                         += pkcs7->stream->expected;
+            pkcs7->stream->currContRmnSz -= pkcs7->stream->expected;
+            pkcs7->stream->contentSz     += pkcs7->stream->expected;
+
+            if (wc_PKCS7_StreamEndCase(pkcs7, tmpIdx, idx) != 0) {
+                break;
+            }
+
+            if (pkcs7->stream->currContRmnSz > 0) {
+                pkcs7->stream->expected = min(pkcs7->stream->currContRmnSz,
+                                              MAX_PKCS7_STREAM_BUFFER);
+            }
+            else {
+                /* Processed current OCTET STRING. Proceed to the next one. */
+                pkcs7->stream->currContRmnSz = 0;
+                pkcs7->stream->currContSz    = 0;
+                pkcs7->stream->expected= ASN_TAG_SZ + MAX_LENGTH_SZ;
+
+                if (pkcs7->stream->maxLen > 0 &&
+                    (pkcs7->stream->maxLen - pkcs7->stream->totalRd)
+                                                < ASN_TAG_SZ + MAX_LENGTH_SZ) {
+                    /* seems reached to end of content */
+                    ret = 0;
+                    break;
+                }
+            }
+
+            /* data available */
+            continue;
+        }
+    }
+    return ret;
+}
+#endif /* !NO_PKCS7_STREAM */
 /* Finds the certificates in the message and saves it. By default allows
  * degenerate cases which can have no signer.
  *
@@ -4448,11 +5363,11 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
  * When adding support for the case of SignedAndEnvelopedData content types a
  * signer is required. In this case the PKCS7 flag noDegenerate could be set.
  */
-static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
+static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* in, word32 inSz,
     byte* in2, word32 in2Sz)
 {
-    word32 idx, maxIdx = inSz, outerContentType, contentTypeSz = 0, totalSz = 0;
+    word32 idx, maxIdx = inSz, outerContentType = 0, contentTypeSz = 0, totalSz = 0;
     int length = 0, version = 0, ret = 0;
     byte* content = NULL;
     byte* contentDynamic = NULL;
@@ -4463,6 +5378,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
     int encapContentInfoLen = 0;
     int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
     word32 localIdx, start;
+    word32 certIdx, certIdx2;
     byte degenerate = 0;
     byte detached = 0;
     byte tag = 0;
@@ -4477,11 +5393,14 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
     word32 pkiMsgSz = inSz;
 #ifndef NO_PKCS7_STREAM
     word32 stateIdx = 0;
+    word32 hashOID = 0;
+    enum wc_HashType hashType = WC_HASH_TYPE_NONE;
+    byte*   src = NULL;
+    word32  srcSz;
 #endif
-
     byte* pkiMsg2 = in2;
     word32 pkiMsg2Sz = in2Sz;
-
+    (void)keepContent;
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
 
@@ -4517,18 +5436,28 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ +
+            /* The expected size calculation originally assumed digest OID
+             * with NULL params, -2 to also accept with absent params */
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, (MAX_SEQ_SZ +
                             MAX_VERSION_SZ + MAX_SEQ_SZ + MAX_LENGTH_SZ +
-                            ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ,
+                            ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ) - 2,
                             &pkiMsg, &idx)) != 0) {
                 break;
             }
 
-            if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, inSz)) != 0) {
+            pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
+
+            /* get content info size */
+            localIdx = 0;
+            if (GetSequence_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
+                                        NO_USER_CHECK) < 0) {
                 break;
             }
-            pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
-                                                    inSz;
+            if (ret == 0 && length > 0)
+                pkcs7->stream->maxLen = (word32)length + localIdx;
+            else
+                pkcs7->stream->maxLen = inSz;
+
         #endif
 
             /* determine total message size */
@@ -4543,13 +5472,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 ret = ASN_PARSE_E;
 
             if (ret == 0 && length == 0 && pkiMsg[idx-1] == ASN_INDEF_LENGTH) {
+
+    #if defined(NO_PKCS7_STREAM)
         #ifdef ASN_BER_TO_DER
                 word32 len = 0;
 
                 ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len);
-                if (ret != LENGTH_ONLY_E)
+                if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
                     return ret;
-                pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap,
+                                                        DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->der == NULL)
                     return MEMORY_E;
                 ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len);
@@ -4588,6 +5520,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
         #else
                 ret = BER_INDEF_E;
         #endif
+    #else
+                /* the bundle has indefinite length encoding */
+                pkcs7->stream->indefLen = 1;
+
+    #endif /* NO_PKCS7_STREAM */
             }
 
             /* Get the contentInfo contentType */
@@ -4633,10 +5570,48 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             if (ret == 0 && GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
 
+            localIdx = idx;
+
+        #ifndef NO_PKCS7_STREAM
+            /* initialize hashType*/
+            pkcs7->stream->hashType = WC_HASH_TYPE_NONE;
+
+            /* Get the first DigestAlgorithmIdentifier from the SET */
+            if (ret == 0 && length > 0) {
+                if (GetAlgoId(pkiMsg, &idx, &hashOID, oidHashType, pkiMsgSz)
+                                                                          < 0)
+                    ret = ASN_PARSE_E;
+
+                pkcs7->hashOID = (int)hashOID;
+                /* get hash type */
+                hashType = wc_OidGetHash(pkcs7->hashOID);
+
+                if (hashType == WC_HASH_TYPE_NONE) {
+                    WOLFSSL_MSG("Error getting hash type for PKCS7 content"
+                                                            " verification");
+                    ret = ASN_PARSE_E;
+                }
+                if (wc_HashGetDigestSize(hashType) < 0) {
+                    WOLFSSL_MSG("Error getting digest size");
+                    ret = ASN_PARSE_E;
+                }
+                /* store hashType for later hashing */
+                pkcs7->stream->hashType = hashType;
+
+                /* restore idx */
+                idx = localIdx;
+
+                WOLFSSL_MSG("DigestAlgorithmIdentifier found in bundle");
+            }
+        #endif /* !NO_PKCS7_STREAM */
+
             /* Skip the set. */
-            idx += length;
+            idx += (word32)length;
             degenerate = (length == 0) ? 1 : 0;
-            if (pkcs7->noDegenerate == 1 && degenerate == 1) {
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->degenerate = (degenerate != 0);
+        #endif /* !NO_PKCS7_STREAM */
+            if (pkcs7->noDegenerate == 1 && degenerate != 0) {
                 ret = PKCS7_NO_SIGNER_E;
             }
 
@@ -4651,18 +5626,24 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->stream->maxLen += pkiMsg2Sz + pkcs7->contentSz;
             }
             wc_PKCS7_StreamStoreVar(pkcs7, totalSz, 0, 0);
+
         #endif
 
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE2);
+
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->expected = MAX_SEQ_SZ + MAX_OID_SZ + ASN_TAG_SZ +
+                                    MAX_LENGTH_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ;
+        #endif /* !NO_PKCS7_STREAM */
             FALL_THROUGH;
 
         case WC_PKCS7_VERIFY_STAGE2:
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                           MAX_SEQ_SZ + MAX_OID_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ
-                           + ASN_TAG_SZ + MAX_LENGTH_SZ, &pkiMsg, &idx)) != 0) {
+                           pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 break;
             }
+            degenerate = pkcs7->stream->degenerate;
 
             wc_PKCS7_StreamGetVar(pkcs7, &totalSz, 0, 0);
             if (pkcs7->stream->length > 0)
@@ -4687,11 +5668,15 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 if (encapContentInfoLen == 0 &&
                     pkiMsg[idx-1] == ASN_INDEF_LENGTH) {
                     isIndef = 1;
+            #ifndef NO_PKCS7_STREAM
+                    /* count up indef-length count  */
+                    pkcs7->stream->cntIdfCnt++;
+            #endif
                 }
                 if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) {
                     contentType = pkiMsg + tmpIdx;
-                    contentTypeSz = length + (idx - tmpIdx);
-                    idx += length;
+                    contentTypeSz = (word32)length + (idx - tmpIdx);
+                    idx += (word32)length;
                 }
                 else {
                     ret = ASN_PARSE_E;
@@ -4703,6 +5688,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     }
                     else if (pkiMsg[idx] == ASN_EOC && pkiMsg[idx+1] == 0) {
                         idx += 2; /* skip EOF + zero byte */
+            #ifndef NO_PKCS7_STREAM
+                        pkcs7->stream->cntIdfCnt--;
+            #endif
                     }
                 }
             }
@@ -4721,8 +5709,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* Set error state if no more data left in ContentInfo, meaning
              * no content - may be detached. Will recover from error below */
             if ((encapContentInfoLen != 0) &&
-                (encapContentInfoLen - contentTypeSz == 0)) {
+                ((word32)encapContentInfoLen - contentTypeSz == 0)) {
                 ret = ASN_PARSE_E;
+            #ifndef NO_PKCS7_STREAM
+                pkcs7->stream->noContent = 1;
+            #endif
             }
 
             /* PKCS#7 spec:
@@ -4740,13 +5731,26 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
              * OCTET_STRING will be next. If so, we use the length retrieved
              * there. PKCS#7 spec defines ANY as eContent type. In this case
              * we fall back and save this content length for use later */
-            if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
+            if (ret == 0 && pkiMsg[localIdx] != ASN_INDEF_LENGTH) {
+                if (GetLength_ex(pkiMsg, &localIdx, &length, pkiMsgSz,
                         NO_USER_CHECK) <= 0) {
-                ret = ASN_PARSE_E;
-            }
+                    ret = ASN_PARSE_E;
+                }
 
-            if (localIdx >= pkiMsgSz) {
-                ret = BUFFER_E;
+                if (localIdx >= pkiMsgSz) {
+                    ret = BUFFER_E;
+                }
+            }
+            else if (ret == 0 && pkiMsg[localIdx] == ASN_INDEF_LENGTH) {
+        #ifndef NO_PKCS7_STREAM
+                pkcs7->stream->cntIdfCnt++;    /* count up indef-length count */
+        #endif
+                length = 0;
+                localIdx++;
+            }
+            else {
+                length = 0;
+                localIdx++;
             }
 
             /* Save idx to back up in case of PKCS#7 eContent */
@@ -4781,7 +5785,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (GetLength_ex(pkiMsg, &localIdx, &contentLen, pkiMsgSz,
                                 NO_USER_CHECK) < 0)
                         ret = ASN_PARSE_E;
-
+                #ifndef NO_PKCS7_STREAM
+                    if (ret == 0 && pkiMsg[localIdx - 1] == ASN_INDEF_LENGTH) {
+                        pkcs7->stream->cntIdfCnt++;  /* indef-length count  */
+                    }
+                #endif
                     /* Check whether there is one OCTET_STRING inside. */
                     start = localIdx;
                     if (localIdx >= pkiMsgSz) {
@@ -4801,9 +5809,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                     if (ret == 0) {
                         /* Use single OCTET_STRING directly, or reset length. */
-                        if (localIdx - start + length == (word32)contentLen) {
+                        if (localIdx - start + (word32)length ==
+                                                           (word32)contentLen) {
                             multiPart = 0;
                         } else {
+                        #ifndef NO_PKCS7_STREAM
+                            pkcs7->stream->multi         = (multiPart != 0);
+                            pkcs7->stream->currContIdx   = localIdx;
+                            pkcs7->stream->currContSz    = (word32)length;
+                            pkcs7->stream->currContRmnSz = (word32)length;
+                        #endif
                             /* reset length to outer OCTET_STRING for bundle
                              * size check below */
                             length = contentLen;
@@ -4825,6 +5840,14 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
                                 &length, pkiMsgSz, NO_USER_CHECK) < 0)
                         ret = ASN_PARSE_E;
+                #ifndef NO_PKCS7_STREAM
+                    if (ret == 0) {
+                        pkcs7->stream->multi         = (multiPart != 0);
+                        pkcs7->stream->currContIdx   = localIdx;
+                        pkcs7->stream->currContSz    = (word32)length;
+                        pkcs7->stream->currContRmnSz = (word32)length;
+                    }
+                #endif
                 }
             }
 
@@ -4833,16 +5856,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 /* support using header and footer without content */
                 if (pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0) {
                     localIdx = 0;
+            #ifndef NO_PKCS7_STREAM
+                    pkcs7->stream->noContent = 1;
+            #endif
 
-                } else if (pkiMsg2 == NULL && hashBuf == NULL) {
-                    /* header/footer not separate, check content length is
-                     * not larger than total bundle size */
-                    if ((localIdx + length) > pkiMsgSz) {
-                        WOLFSSL_MSG("Content length detected is larger than "
-                                    "total bundle size");
-                        ret = BUFFER_E;
-                        break;
-                    }
                 }
                 idx = localIdx;
             }
@@ -4877,7 +5894,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
         #ifndef NO_PKCS7_STREAM
             /* save detached flag value */
-            pkcs7->stream->detached = detached;
+            pkcs7->stream->detached = (detached != 0);
 
             /* save contentType */
             pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap,
@@ -4890,58 +5907,91 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->stream->nonceSz = contentTypeSz;
                 XMEMCPY(pkcs7->stream->nonce, contentType, contentTypeSz);
             }
+            if (ret < 0)
+                break;
 
-            /* content expected? */
-            if ((ret == 0 && length > 0) &&
-                !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0)) {
-                pkcs7->stream->expected = length + ASN_TAG_SZ + MAX_LENGTH_SZ;
+            if (pkcs7->stream->noContent) {
+                pkcs7->stream->expected = 0;
             }
             else {
-                pkcs7->stream->expected = ASN_TAG_SZ + MAX_LENGTH_SZ;
-            }
-
-            if (pkcs7->stream->expected > (pkcs7->stream->maxLen - idx)) {
-                pkcs7->stream->expected = pkcs7->stream->maxLen - idx;
+                if (multiPart) {
+                    idx = pkcs7->stream->currContIdx;
+                }
+                if (in2Sz > 0 && hashSz > 0) {
+                    /* seems no content included */
+                    pkcs7->stream->expected = + ASN_TAG_SZ + MAX_LENGTH_SZ;
+                }
+                else {
+                    pkcs7->stream->expected = pkcs7->stream->currContSz;
+                }
             }
 
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) {
                 break;
             }
-            wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, localIdx, length);
+            wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, (int)localIdx, length);
 
-            /* content length is in multiple parts */
-            if (multiPart) {
-                pkcs7->stream->expected = contentLen + ASN_TAG_SZ;
-            }
-            pkcs7->stream->multi = (byte)multiPart;
 
-        #endif
+        #endif /* !NO_PKCS7_STREAM */
+
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
+
+        #ifndef NO_PKCS7_STREAM
+        #ifdef ASN_BER_TO_DER
+            /* setup hash struct for creating hash of content if needed */
+            if (pkcs7->streamOutCb) {
+                ret = wc_HashInit_ex(&pkcs7->stream->hashAlg,
+                    pkcs7->stream->hashType, pkcs7->heap, pkcs7->devId);
+                if (ret != 0)
+                    break;
+            }
+        #endif /* ASN_BER_TO_DER */
+
+        /* free pkcs7->stream->content buffer */
+        XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->stream->content = NULL;
+        #endif /* !NO_PKCS7_STREAM */
+
             FALL_THROUGH;
 
         case WC_PKCS7_VERIFY_STAGE3:
+            keepContent = !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0);
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+            ret = wc_PKCS7_HandleOctetStrings(pkcs7, in, inSz,
+                                                &stateIdx, &idx, keepContent);
+            if (ret != 0)
+                break;
+
+            /* copy content to pkcs7->contentDynamic */
+            if (keepContent && pkcs7->stream->content &&
+                                            pkcs7->stream->contentSz >0) {
+                pkcs7->contentDynamic = (byte*)XMALLOC(pkcs7->stream->contentSz,
+                                              pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                if (pkcs7->contentDynamic == NULL) {
+                    ret = MEMORY_E;
+                    break;
+                }
+                XMEMCPY(pkcs7->contentDynamic, pkcs7->stream->content,
+                                               pkcs7->stream->contentSz);
+
+                pkcs7->contentSz = pkcs7->stream->contentSz;
+                pkcs7->content   = pkcs7->contentDynamic;
+            }
+
+            /* check if bundle has more elements or footer, if not, set content
+             * to pkcs7->content and hash to pkcs7->hash.
+             */
+            if (ret == 0 && pkcs7->stream->maxLen > 0 &&
+                    (pkcs7->stream->maxLen - pkcs7->stream->totalRd)
+                                                < ASN_TAG_SZ + MAX_LENGTH_SZ) {
+
+                ret = 0;
                 break;
             }
-        #ifdef ASN_BER_TO_DER
-            if (pkcs7->derSz != 0)
-                pkiMsgSz = pkcs7->derSz;
-            else
-        #endif
-                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
-                    inSz;
-            wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, (int*)&localIdx, &length);
-
-            if (pkcs7->stream->length > 0) {
-                localIdx = 0;
-            }
-            multiPart = pkcs7->stream->multi;
-            detached  = pkcs7->stream->detached;
-            maxIdx = idx + pkcs7->stream->expected;
-        #endif
+            /* expect data length to be enough to check set and seq of certs */
+            pkcs7->stream->expected = (ASN_TAG_SZ + MAX_LENGTH_SZ) * 2;
 
+        #else
             /* Break out before content because it can be optional in degenerate
              * cases. */
             if (ret != 0 && !degenerate)
@@ -4950,12 +6000,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* get parts of content */
             if (ret == 0 && multiPart) {
                 int i = 0;
-                keepContent = !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0);
+                keepContent = !(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf &&
+                                                                hashSz > 0);
 
                 if (keepContent) {
                     /* Create a buffer to hold content of OCTET_STRINGs. */
-                    pkcs7->contentDynamic = (byte*)XMALLOC(contentLen, pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
+                    pkcs7->contentDynamic = (byte*)XMALLOC(contentLen,
+                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                     if (pkcs7->contentDynamic == NULL)
                         ret = MEMORY_E;
                 }
@@ -4968,15 +6019,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (ret == 0 && tag != ASN_OCTET_STRING)
                         ret = ASN_PARSE_E;
 
-                    if (ret == 0 && GetLength(pkiMsg, &localIdx, &length, totalSz) < 0)
+                    if (ret == 0 && GetLength(pkiMsg, &localIdx, &length,
+                                                                totalSz) < 0)
                         ret = ASN_PARSE_E;
                     if (ret == 0 && length + localIdx > start + contentLen)
                         ret = ASN_PARSE_E;
 
                     if (ret == 0) {
                         if (keepContent) {
-                            XMEMCPY(pkcs7->contentDynamic + i, pkiMsg + localIdx,
-                                                                        length);
+                            XMEMCPY(pkcs7->contentDynamic + i,
+                                                    pkiMsg + localIdx, length);
                         }
                         i += length;
                         localIdx += length;
@@ -4996,7 +6048,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     content = NULL;
                     localIdx = 0;
                     if (contentSz != (int)pkcs7->contentSz) {
-                        WOLFSSL_MSG("Data signed does not match contentSz provided");
+                        WOLFSSL_MSG("Data signed does not match contentSz"
+                                                                " provided");
                         ret = BUFFER_E;
                     }
                 }
@@ -5019,26 +6072,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                     pkiMsg2   = pkiMsg;
                     pkiMsg2Sz = pkiMsgSz;
-                #ifndef NO_PKCS7_STREAM
-                    pkiMsg2Sz = pkcs7->stream->maxLen;
-                    pkcs7->stream->varOne = pkiMsg2Sz;
-                    pkcs7->stream->flagOne = 1;
-                #endif
                 }
             }
             else {
                 pkiMsg2 = pkiMsg;
                 pkiMsg2Sz = pkiMsgSz;
-            #ifndef NO_PKCS7_STREAM
-                pkiMsg2Sz = pkcs7->stream->maxLen;
-                pkcs7->stream->varOne = pkiMsg2Sz;
-                pkcs7->stream->flagOne = 1;
-            #endif
             }
 
-            /* If getting the content info failed with non degenerate then return the
-             * error case. Otherwise with a degenerate it is ok if the content
-             * info was omitted */
+            /* If getting the content info failed with non degenerate then
+             * return the error case. Otherwise with a degenerate it is ok
+             * if the content info was omitted */
             if (!degenerate && !detached && (ret != 0)) {
                 break;
             }
@@ -5052,22 +6095,47 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 content = pkcs7->content;
                 contentSz = pkcs7->contentSz;
             }
-
-        #ifndef NO_PKCS7_STREAM
-            if (content != NULL) {
-                XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                pkcs7->stream->content = (byte*)XMALLOC(contentSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
-                if (pkcs7->stream->content == NULL) {
-                    ret = MEMORY_E;
-                    break;
-                }
-                else {
-                    XMEMCPY(pkcs7->stream->content, content, contentSz);
-                    pkcs7->stream->contentSz = contentSz;
-                }
-            }
         #endif /* !NO_PKCS7_STREAM */
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE4);
+
+            FALL_THROUGH;
+
+       case WC_PKCS7_VERIFY_STAGE4:
+        #ifndef NO_PKCS7_STREAM
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
+                break;
+            }
+
+        #ifdef ASN_BER_TO_DER
+            if (pkcs7->derSz != 0)
+                pkiMsg2Sz = pkcs7->derSz;
+            else
+        #endif
+                pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                    srcSz;
+
+            if (pkcs7->stream->length > 0) {
+                localIdx = 0;
+            }
+
+            maxIdx = idx + pkcs7->stream->expected;
+        #endif /* !NO_PKCS7_STREAM */
+
+            if (pkiMsg2 == NULL || pkiMsg2Sz == 0) {
+                pkiMsg2Sz = pkiMsgSz;
+                pkiMsg2   = pkiMsg;
+            }
 
             /* Certificates begin "footer" section (ie pkiMsg2) if being used */
             /* Get the implicit[0] set of certificates */
@@ -5076,12 +6144,44 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             length = 0; /* set length to 0 to check if reading in any certs */
             localIdx = idx;
+
             if (ret == 0 && GetASNTag(pkiMsg2, &localIdx, &tag, pkiMsg2Sz) == 0
                     && tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
                 idx++;
-                if (GetLength_ex(pkiMsg2, &idx, &length, maxIdx, NO_USER_CHECK)
-                        < 0)
+
+                /* if certificates set has indefinite length, try to get
+                 * the first certificate length of the set.
+                 */
+                if (ret == 0 && pkiMsg2[localIdx] == ASN_INDEF_LENGTH) {
+
+                    localIdx++;
+                    certIdx = localIdx;
+                #ifndef NO_PKCS7_STREAM
+                /* set indef-length count. used for skipping trailing zeros */
+                    pkcs7->stream->cntIdfCnt = 1;
+                #endif
+                    ret = GetASNTag(pkiMsg2, &localIdx, &tag, pkiMsg2Sz);
+                    if (ret == 0 && tag == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
+                        if (GetLength_ex(pkiMsg2, &localIdx, &length, maxIdx,
+                                                NO_USER_CHECK) < 0)
                     ret = ASN_PARSE_E;
+
+                        WOLFSSL_MSG("certificate set found");
+
+                        /* adjust cert length */
+                        length += (int)(localIdx - certIdx);
+                        idx = certIdx;
+                    }
+                }
+                /* in case certificates set has definite length  */
+                else {
+
+                    if (GetLength_ex(pkiMsg2, &localIdx, &length, maxIdx,
+                                                NO_USER_CHECK) < 0)
+                        ret = ASN_PARSE_E;
+
+                    idx = localIdx;
+                }
             }
 
             if (ret != 0) {
@@ -5097,54 +6197,69 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             }
             wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, 0, length);
             if (length > 0) {
-                pkcs7->stream->expected = length;
+                pkcs7->stream->expected = (word32)length;
             }
             else {
                 pkcs7->stream->expected = MAX_SEQ_SZ;
                 if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
-                                pkcs7->stream->totalRd) + pkcs7->stream->length) {
+                            pkcs7->stream->totalRd) + pkcs7->stream->length) {
                     pkcs7->stream->expected = (pkcs7->stream->maxLen -
                                 pkcs7->stream->totalRd) + pkcs7->stream->length;
                 }
             }
         #endif
-            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE4);
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE5);
             FALL_THROUGH;
 
-        case WC_PKCS7_VERIFY_STAGE4:
+        case WC_PKCS7_VERIFY_STAGE5:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
-                break;
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
             }
 
-            wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
-            if (pkcs7->stream->flagOne) {
-                pkiMsg2 = pkiMsg;
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
+                break;
             }
+            pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                                        srcSz;
+
+            wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
 
             /* restore content */
             content   = pkcs7->stream->content;
-            contentSz = pkcs7->stream->contentSz;
+            contentSz = (int)pkcs7->stream->contentSz;
 
             /* restore detached flag */
             detached = pkcs7->stream->detached;
 
+            /* store current index to get the signerInfo index later  */
+            certIdx2 = idx;
             /* store certificate if needed */
             if (length > 0 && in2Sz == 0) {
                 /* free tmpCert if not NULL */
                 XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                pkcs7->stream->tmpCert = (byte*)XMALLOC(length,
+                pkcs7->stream->tmpCert = (byte*)XMALLOC((word32)length,
                         pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) {
                     ret = MEMORY_E;
                     break;
                 }
-                XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, length);
+                XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, (word32)length);
                 pkiMsg2 = pkcs7->stream->tmpCert;
-                pkiMsg2Sz = length;
+                pkiMsg2Sz = (word32)length;
                 idx = 0;
             }
+        #else
+            /* store current index to get the signerInfo index later  */
+            certIdx2 = idx;
         #endif
 
                 if (length > 0) {
@@ -5154,7 +6269,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                      * certificate. We want to save the first cert if it
                      * is X.509. */
 
-                    word32 certIdx = idx;
+                    certIdx = idx;
 
                     if (length < MAX_LENGTH_SZ + ASN_TAG_SZ)
                         ret = BUFFER_E;
@@ -5163,11 +6278,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         ret = GetASNTag(pkiMsg2, &certIdx, &tag, pkiMsg2Sz);
 
                     if (ret == 0 && tag == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
-                        if (GetLength(pkiMsg2, &certIdx, &certSz, pkiMsg2Sz) < 0)
+                        if (GetLength_ex(pkiMsg2, &certIdx, &certSz, pkiMsg2Sz,
+                                                        NO_USER_CHECK) < 0)
                             ret = ASN_PARSE_E;
 
                         cert = &pkiMsg2[idx];
-                        certSz += (certIdx - idx);
+                        certSz += (int)(certIdx - idx);
                         if (certSz > length) {
                             ret = BUFFER_E;
                             break;
@@ -5189,23 +6305,26 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                         /* Save dynamic content before freeing PKCS7 struct */
                         if (pkcs7->contentDynamic != NULL) {
-                            contentDynamic = (byte*)XMALLOC(contentSz,
+                            contentDynamic = (byte*)XMALLOC((word32)contentSz,
                                                pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                             if (contentDynamic == NULL) {
+                            #ifndef NO_PKCS7_STREAM
+                                pkcs7->stream = stream;
+                            #endif
                                 ret = MEMORY_E;
                                 break;
                             }
                             XMEMCPY(contentDynamic, pkcs7->contentDynamic,
-                                    contentSz);
+                                    (word32)contentSz);
                         }
 
                         /* Free pkcs7 resources but not the structure itself */
                         pkcs7->isDynamic = 0;
                         wc_PKCS7_Free(pkcs7);
-                        pkcs7->isDynamic = isDynamic;
+                        pkcs7->isDynamic = (isDynamic != 0);
                         /* This will reset PKCS7 structure and then set the
                          * certificate */
-                        ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
+                        ret = wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz);
 
                         /* Restore pkcs7->contentDynamic from above, will be
                          * freed by application with wc_PKCS7_Free() */
@@ -5215,7 +6334,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         }
 
                         /* Restore content is PKCS#7 flag */
-                        pkcs7->contentIsPkcs7Type = contentIsPkcs7Type;
+                        pkcs7->contentIsPkcs7Type = (contentIsPkcs7Type != 0);
 
                     #ifndef NO_PKCS7_STREAM
                         pkcs7->stream = stream;
@@ -5234,8 +6353,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         int i;
 
                         pkcs7->cert[0]   = cert;
-                        pkcs7->certSz[0] = certSz;
-                        certIdx = idx + certSz;
+                        pkcs7->certSz[0] = (word32)certSz;
+                        certIdx = idx + (word32)certSz;
 
                         for (i = 1; i < MAX_PKCS7_CERTS &&
                                 certIdx + 1 < pkiMsg2Sz &&
@@ -5257,40 +6376,22 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                                 }
 
                                 pkcs7->cert[i]   = &pkiMsg2[localIdx];
-                                pkcs7->certSz[i] = sz + (certIdx - localIdx);
-                                certIdx += sz;
+                                pkcs7->certSz[i] = (word32)sz +
+                                                   (certIdx - localIdx);
+                                certIdx += (word32)sz;
                             }
                         }
                     }
                 }
-                idx += length;
+                idx += (word32)length;
 
             if (!detached) {
                 /* set content and size after init of PKCS7 structure */
                 pkcs7->content   = content;
-                pkcs7->contentSz = contentSz;
+                pkcs7->contentSz = (word32)contentSz;
             }
-        #ifndef NO_PKCS7_STREAM
-            else {
-                /* save content if detached and using streaming API */
-                if (pkcs7->content != NULL) {
-                    XFREE(pkcs7->stream->content, pkcs7->heap,
-                          DYNAMIC_TYPE_PKCS7);
-                    pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz,
-                                                            pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
-                    if (pkcs7->stream->content == NULL) {
-                        ret = MEMORY_E;
-                        break;
-                    }
-                    else {
-                        XMEMCPY(pkcs7->stream->content, pkcs7->content,
-                                contentSz);
-                        pkcs7->stream->contentSz = pkcs7->contentSz;
-                    }
-                }
-            }
-        #endif
+
+            idx = certIdx2 + (word32)length;
 
             if (ret != 0) {
                 break;
@@ -5307,19 +6408,17 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     break;
                 }
             }
-            else {
-                stateIdx = idx; /* didn't read any from internal buffer */
-            }
-
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) {
                 break;
             }
-            if (pkcs7->stream->flagOne && pkcs7->stream->length > 0) {
-                idx = stateIdx + idx;
-            }
 
             pkcs7->stream->expected = MAX_OID_SZ + ASN_TAG_SZ + MAX_LENGTH_SZ +
                                       MAX_SET_SZ;
+            /* if certificate set has indef-length, there maybe trailing zeros.
+             * add expected size to include size of zeros. */
+            if (pkcs7->stream->cntIdfCnt > 0) {
+                pkcs7->stream->expected += (word32)pkcs7->stream->cntIdfCnt * 2;
+            }
 
             if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
                                 pkcs7->stream->totalRd) + pkcs7->stream->length)
@@ -5329,24 +6428,31 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz,  0, 0);
             wc_PKCS7_StreamStoreVar(pkcs7, pkiMsg2Sz, 0, length);
         #endif
-            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE5);
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE6);
             FALL_THROUGH;
 
-        case WC_PKCS7_VERIFY_STAGE5:
+        case WC_PKCS7_VERIFY_STAGE6:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
                 break;
             }
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
-            if (pkcs7->stream->flagOne) {
-                pkiMsg2 = pkiMsg;
 
-                /* check if using internal stream buffer and should adjust sz */
-                if (pkiMsg != in && pkcs7->stream->length > 0) {
-                    pkiMsg2Sz = pkcs7->stream->length;
-                }
-            }
+            /* check if using internal stream buffer and should adjust sz */
+            pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                                        srcSz;
 
             /* restore content type */
             contentType   = pkcs7->stream->nonce;
@@ -5367,7 +6473,27 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             if (ret == 0 && wc_PKCS7_SetContentType(pkcs7, contentType,
                         contentTypeSz) < 0)
                 ret = ASN_PARSE_E;
-
+        #ifndef NO_PKCS7_STREAM
+            /* prior to find set of crls, remove trailing zeros of
+             * set of certificates */
+            if (ret == 0 && pkcs7->stream->cntIdfCnt > 0) {
+                word32 i;
+                word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                localIdx = idx;
+                for (i = 0; i < sz; i++) {
+                    if (pkiMsg2[localIdx + i] == 0)
+                        continue;
+                    else {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                }
+                if (ret == 0) {
+                    idx += (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                    pkcs7->stream->cntIdfCnt = 0;
+                }
+            }
+        #endif /* !NO_PKCS7_STREAM */
             /* Get the implicit[1] set of crls */
             if (ret == 0 && idx >= maxIdx)
                 ret = BUFFER_E;
@@ -5380,7 +6506,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     ret = ASN_PARSE_E;
 
                 /* Skip the set */
-                idx += length;
+                idx += (word32)length;
             }
 
             /* Get the set of signerInfos */
@@ -5401,7 +6527,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             if (in2 && in2Sz > 0 && hashBuf && hashSz > 0) {
                 if (length > 0) {
-                    pkcs7->stream->expected = length;
+                    pkcs7->stream->expected = (word32)length;
                 }
                 else {
                     pkcs7->stream->expected = 0;
@@ -5412,36 +6538,45 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 pkcs7->stream->expected = (pkcs7->stream->maxLen -
                     pkcs7->stream->totalRd) + pkcs7->stream->length;
             }
+            /* In case of indefinite length used in the bundle, terminating
+             * zero's should exist at the end of the bundle.
+             */
+            if (pkcs7->stream->indefLen == 1) {
+                pkcs7->stream->expected = (word32)length + 3 * ASN_INDEF_END_SZ;
+            }
+            else  {
+                pkcs7->stream->expected = (word32)length;
+            }
 
-        #endif
-            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE6);
+            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE7);
+        #endif /* !NO_PKCS7_STREAM */
             FALL_THROUGH;
 
-        case WC_PKCS7_VERIFY_STAGE6:
+        case WC_PKCS7_VERIFY_STAGE7:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz + in2Sz,
-                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+            if (in2 && in2Sz > 0) {
+                src     = in2;
+                srcSz   = in2Sz;
+                pkiMsg2 = in2;
+            }
+            else {
+                src     = in;
+                srcSz   = inSz;
+                pkiMsg2 = in;
+            }
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, src, srcSz,
+                            pkcs7->stream->expected, &pkiMsg2, &idx)) != 0) {
                 break;
             }
 
             wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
-            if (pkcs7->stream->flagOne) {
-                pkiMsg2 = pkiMsg;
-
-                /* check if using internal stream buffer and should adjust sz */
-                if (pkiMsg != in && pkcs7->stream->length > 0) {
-                    pkiMsg2Sz = pkcs7->stream->length;
-                }
-                else {
-                    /* if pkiMsg2 is pkiMsg and not using an internal stream
-                     * buffer then the size is limited by inSz */
-                    pkiMsg2Sz = inSz;
-                }
-            }
+            pkiMsg2Sz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                                        srcSz;
+            degenerate = pkcs7->stream->degenerate;
 
             /* restore content */
             content   = pkcs7->stream->content;
-            contentSz = pkcs7->stream->contentSz;
+            contentSz = (int)pkcs7->stream->contentSz;
         #endif
 
             ret = wc_PKCS7_ParseSignerInfo(pkcs7, pkiMsg2, pkiMsg2Sz, &idx,
@@ -5466,22 +6601,60 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     sig = &pkiMsg2[idx];
                     sigSz = length;
 
-                    idx += length;
+                    idx += (word32)length;
                 }
 
                 pkcs7->content = content;
-                pkcs7->contentSz = contentSz;
+                pkcs7->contentSz = (word32)contentSz;
 
                 if (ret == 0) {
-                    ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, sigSz,
-                                                   signedAttrib, signedAttribSz,
+                #if !defined(NO_PKCS7_STREAM) && defined(ASN_BER_TO_DER)
+                    byte streamHash[WC_MAX_DIGEST_SIZE];
+
+                    /* get final hash if having done hash updates while
+                     * streaming out the content */
+                    if (pkcs7->streamOutCb) {
+                        ret = wc_HashFinal(&pkcs7->stream->hashAlg,
+                            pkcs7->stream->hashType, streamHash);
+                        hashBuf = streamHash;
+                        length  = wc_HashGetDigestSize(pkcs7->stream->hashType);
+                        if (length < 0) {
+                            WOLFSSL_MSG("Error getting digest size");
+                            ret = ASN_PARSE_E;
+                        }
+                        else {
+                            hashSz = (word32)length;
+                        }
+                        wc_HashFree(&pkcs7->stream->hashAlg,
+                            pkcs7->stream->hashType);
+                        if (ret != 0)
+                            break;
+                    }
+                #endif /* !NO_PKCS7_STREAM && ASN_BER_TO_DER */
+                    ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig,
+                            (word32)sigSz, signedAttrib, (word32)signedAttribSz,
                                                    hashBuf, hashSz);
                 }
             }
 
+        #ifndef NO_PKCS7_STREAM
+            /* make sure that terminating zero's follow */
+            if ((ret == WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK) || ret >= 0) &&
+                    pkcs7->stream->indefLen == 1) {
+                word32 i;
+                for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) {
+                    if (pkiMsg2[idx + i] != 0) {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                }
+            }
+        #endif /* NO_PKCS7_STREAM */
+
             if (ret < 0)
                 break;
 
+
             ret = 0; /* success */
         #ifndef NO_PKCS7_STREAM
             wc_PKCS7_ResetStream(pkcs7);
@@ -5494,7 +6667,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             ret = BAD_FUNC_ARG;
     }
 
-    if (ret != 0 && ret != WC_PKCS7_WANT_READ_E) {
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
     #ifndef NO_PKCS7_STREAM
         wc_PKCS7_ResetStream(pkcs7);
     #endif
@@ -5511,7 +6684,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
  * return 0 on success and LENGTH_ONLY_E if just setting "outSz" for buffer
  *  length needed.
  */
-int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
+int wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz)
 {
     if (outSz == NULL || pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -5530,7 +6703,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
 
     if (out == NULL) {
         *outSz = pkcs7->signerInfo->sidSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*outSz < pkcs7->signerInfo->sidSz) {
@@ -5564,7 +6737,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
  * Returns 0 on success, negative upon error.
  *
  */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz)
 {
@@ -5572,7 +6745,7 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
         pkiMsgHead, pkiMsgHeadSz, pkiMsgFoot, pkiMsgFootSz);
 }
 
-int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
+int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
 {
     return PKCS7_VerifySignedData(pkcs7, NULL, 0, pkiMsg, pkiMsgSz, NULL, 0);
 }
@@ -5585,7 +6758,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
  * len   - length of key to be generated
  *
  * Returns 0 on success, negative upon error */
-static int PKCS7_GenerateContentEncryptionKey(PKCS7* pkcs7, word32 len)
+static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len)
 {
     int ret;
     WC_RNG rng;
@@ -5710,15 +6883,15 @@ typedef struct WC_PKCS7_KARI {
     word32   sharedInfoSz;         /* size of ECC-CMS-SharedInfo encoded */
     byte     ukmOwner;             /* do we own ukm buffer? 1:yes, 0:no */
     byte     direction;            /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
-    byte     decodedInit : 1;      /* indicates decoded was initialized */
-    byte     recipKeyInit : 1;     /* indicates recipKey was initialized */
-    byte     senderKeyInit : 1;    /* indicates senderKey was initialized */
+    WC_BITFIELD decodedInit:1;     /* indicates decoded was initialized */
+    WC_BITFIELD recipKeyInit:1;    /* indicates recipKey was initialized */
+    WC_BITFIELD senderKeyInit:1;   /* indicates senderKey was initialized */
 } WC_PKCS7_KARI;
 
 
 /* allocate and create new WC_PKCS7_KARI struct,
  * returns struct pointer on success, NULL on failure */
-static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction)
+static WC_PKCS7_KARI* wc_PKCS7_KariNew(wc_PKCS7* pkcs7, byte direction)
 {
     WC_PKCS7_KARI* kari = NULL;
 
@@ -6003,57 +7176,58 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
         return BAD_FUNC_ARG;
 
     /* kekOctet */
-    kekOctetSz = SetOctetString(sizeof(word32), kekOctet);
-    sharedInfoSz += (kekOctetSz + sizeof(word32));
+    kekOctetSz = (int)SetOctetString(sizeof(word32), kekOctet);
+    sharedInfoSz += (kekOctetSz + (int)sizeof(word32));
 
     /* suppPubInfo */
-    suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2,
-                                   kekOctetSz + sizeof(word32),
-                                   suppPubInfoSeq);
+    suppPubInfoSeqSz = (int)SetImplicit(ASN_SEQUENCE, 2,
+                                        (word32)kekOctetSz + (word32)sizeof(word32),
+                                        suppPubInfoSeq, 0);
     sharedInfoSz += suppPubInfoSeqSz;
 
     /* optional ukm/entityInfo */
     if (kari->ukmSz > 0) {
-        entityUInfoOctetSz = SetOctetString(kari->ukmSz, entityUInfoOctet);
-        sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz);
+        entityUInfoOctetSz = (int)SetOctetString(kari->ukmSz, entityUInfoOctet);
+        sharedInfoSz += (entityUInfoOctetSz + (int)kari->ukmSz);
 
-        entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz +
-                                            kari->ukmSz,
-                                            entityUInfoExplicitSeq);
+        entityUInfoExplicitSz = (int)SetExplicit(0,
+                                       (word32)entityUInfoOctetSz + kari->ukmSz,
+                                       entityUInfoExplicitSeq, 0);
         sharedInfoSz += entityUInfoExplicitSz;
     }
 
     /* keyInfo */
-    keyInfoSz = SetAlgoID(keyWrapOID, keyInfo, oidKeyWrapType, 0);
+    keyInfoSz = (int)SetAlgoID(keyWrapOID, keyInfo, oidKeyWrapType, 0);
     sharedInfoSz += keyInfoSz;
 
     /* sharedInfo */
-    sharedInfoSeqSz = SetSequence(sharedInfoSz, sharedInfoSeq);
+    sharedInfoSeqSz = (int)SetSequence((word32)sharedInfoSz, sharedInfoSeq);
     sharedInfoSz += sharedInfoSeqSz;
 
-    kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap,
+    kari->sharedInfo = (byte*)XMALLOC((word32)sharedInfoSz, kari->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (kari->sharedInfo == NULL)
         return MEMORY_E;
 
-    kari->sharedInfoSz = sharedInfoSz;
+    kari->sharedInfoSz = (word32)sharedInfoSz;
 
-    XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz);
+    XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, (word32)sharedInfoSeqSz);
     idx += sharedInfoSeqSz;
-    XMEMCPY(kari->sharedInfo + idx, keyInfo, keyInfoSz);
+    XMEMCPY(kari->sharedInfo + idx, keyInfo, (word32)keyInfoSz);
     idx += keyInfoSz;
     if (kari->ukmSz > 0) {
         XMEMCPY(kari->sharedInfo + idx, entityUInfoExplicitSeq,
-                entityUInfoExplicitSz);
+                (word32)entityUInfoExplicitSz);
         idx += entityUInfoExplicitSz;
-        XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, entityUInfoOctetSz);
+        XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet,
+                (word32)entityUInfoOctetSz);
         idx += entityUInfoOctetSz;
         XMEMCPY(kari->sharedInfo + idx, kari->ukm, kari->ukmSz);
-        idx += kari->ukmSz;
+        idx += (int)kari->ukmSz;
     }
-    XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, suppPubInfoSeqSz);
+    XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, (word32)suppPubInfoSeqSz);
     idx += suppPubInfoSeqSz;
-    XMEMCPY(kari->sharedInfo + idx, kekOctet, kekOctetSz);
+    XMEMCPY(kari->sharedInfo + idx, kekOctet, (word32)kekOctetSz);
     idx += kekOctetSz;
 
     kekBitSz = (kari->kekSz) * 8;              /* convert to bits */
@@ -6086,7 +7260,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
     if (kSz < 0)
         return kSz;
 
-    kari->kek = (byte*)XMALLOC(kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
+    kari->kek = (byte*)XMALLOC((word32)kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
     if (kari->kek == NULL)
         return MEMORY_E;
 
@@ -6098,7 +7272,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
         return ret;
 
     /* generate shared secret */
-    secretSz = kari->senderKey->dp->size;
+    secretSz = (word32)kari->senderKey->dp->size;
     secret = (byte*)XMALLOC(secretSz, kari->heap, DYNAMIC_TYPE_PKCS7);
     if (secret == NULL)
         return MEMORY_E;
@@ -6192,7 +7366,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
+int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int keyWrapOID, int keyAgreeOID, byte* ukm,
                                word32 ukmSz, int options)
 {
@@ -6287,7 +7461,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     }
 
     /* generate random content encryption key, if needed */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz);
     if (ret < 0) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -6386,45 +7560,47 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     /* Start of RecipientEncryptedKeys */
 
     /* EncryptedKey */
-    encryptedKeyOctetSz = SetOctetString(encryptedKeySz, encryptedKeyOctet);
-    totalSz += (encryptedKeyOctetSz + encryptedKeySz);
+    encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz,
+                                              encryptedKeyOctet);
+    totalSz += (encryptedKeyOctetSz + (int)encryptedKeySz);
 
     /* SubjectKeyIdentifier */
-    subjKeyIdOctetSz = SetOctetString(keyIdSize, subjKeyIdOctet);
+    subjKeyIdOctetSz = (int)SetOctetString((word32)keyIdSize, subjKeyIdOctet);
     totalSz += (subjKeyIdOctetSz + keyIdSize);
 
     /* RecipientKeyIdentifier IMPLICIT [0] */
-    recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz +
-                                  keyIdSize, recipKeyIdSeq);
+    recipKeyIdSeqSz = (int)SetImplicit(ASN_SEQUENCE, 0,
+                                       (word32)(subjKeyIdOctetSz + keyIdSize),
+                                       recipKeyIdSeq, 0);
     totalSz += recipKeyIdSeqSz;
 
     /* RecipientEncryptedKey */
-    recipEncKeySeqSz = SetSequence(totalSz, recipEncKeySeq);
+    recipEncKeySeqSz = (int)SetSequence((word32)totalSz, recipEncKeySeq);
     totalSz += recipEncKeySeqSz;
 
     /* RecipientEncryptedKeys */
-    recipEncKeysSeqSz = SetSequence(totalSz, recipEncKeysSeq);
+    recipEncKeysSeqSz = (int)SetSequence((word32)totalSz, recipEncKeysSeq);
     totalSz += recipEncKeysSeqSz;
 
     /* Start of optional UserKeyingMaterial */
 
     if (kari->ukmSz > 0) {
-        ukmOctetSz = SetOctetString(kari->ukmSz, ukmOctetStr);
-        totalSz += (ukmOctetSz + kari->ukmSz);
+        ukmOctetSz = (int)SetOctetString(kari->ukmSz, ukmOctetStr);
+        totalSz += (ukmOctetSz + (int)kari->ukmSz);
 
-        ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz,
-                                    ukmExplicitSeq);
+        ukmExplicitSz = (int)SetExplicit(1, (word32)ukmOctetSz + kari->ukmSz,
+                                    ukmExplicitSeq, 0);
         totalSz += ukmExplicitSz;
     }
 
     /* Start of KeyEncryptionAlgorithmIdentifier */
 
     /* KeyWrapAlgorithm */
-    keyWrapAlgSz = SetAlgoID(keyWrapOID, keyWrapAlg, oidKeyWrapType, 0);
+    keyWrapAlgSz = (int)SetAlgoID(keyWrapOID, keyWrapAlg, oidKeyWrapType, 0);
     totalSz += keyWrapAlgSz;
 
     /* KeyEncryptionAlgorithmIdentifier */
-    keyEncryptAlgoIdSz = SetAlgoID(keyAgreeOID, keyEncryptAlgoId,
+    keyEncryptAlgoIdSz = (int)SetAlgoID(keyAgreeOID, keyEncryptAlgoId,
                                    oidCmsKeyAgreeType, keyWrapAlgSz);
     totalSz += keyEncryptAlgoIdSz;
 
@@ -6433,28 +7609,28 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     /* recipient ECPoint, public key */
     XMEMSET(origPubKeyStr, 0, sizeof(origPubKeyStr)); /* no unused bits */
     origPubKeyStr[0] = ASN_BIT_STRING;
-    origPubKeyStrSz = SetLength(kari->senderKeyExportSz + 1,
+    origPubKeyStrSz = (int)SetLength(kari->senderKeyExportSz + 1,
                                 origPubKeyStr + 1) + 2;
-    totalSz += (origPubKeyStrSz + kari->senderKeyExportSz);
+    totalSz += (origPubKeyStrSz + (int)kari->senderKeyExportSz);
 
     /* Originator AlgorithmIdentifier, params set to NULL for interop
        compatibility */
-    origAlgIdSz = SetAlgoID(ECDSAk, origAlgId, oidKeyType, 2);
+    origAlgIdSz = (int)SetAlgoID(ECDSAk, origAlgId, oidKeyType, 2);
     origAlgId[origAlgIdSz++] = ASN_TAG_NULL;
     origAlgId[origAlgIdSz++] = 0;
     totalSz += origAlgIdSz;
 
     /* outer OriginatorPublicKey IMPLICIT [1] */
-    origPubKeySeqSz = SetImplicit(ASN_SEQUENCE, 1,
-                                  origAlgIdSz + origPubKeyStrSz +
-                                  kari->senderKeyExportSz, origPubKeySeq);
+    origPubKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 1,
+                               (word32)(origAlgIdSz + origPubKeyStrSz +
+                               (int)kari->senderKeyExportSz), origPubKeySeq, 0);
     totalSz += origPubKeySeqSz;
 
     /* outer OriginatorIdentifierOrKey IMPLICIT [0] */
-    origIdOrKeySeqSz = SetImplicit(ASN_SEQUENCE, 0,
-                                   origPubKeySeqSz + origAlgIdSz +
-                                   origPubKeyStrSz + kari->senderKeyExportSz,
-                                   origIdOrKeySeq);
+    origIdOrKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 0,
+                                (word32)(origPubKeySeqSz + origAlgIdSz +
+                                origPubKeyStrSz + (int)kari->senderKeyExportSz),
+                                origIdOrKeySeq, 0);
     totalSz += origIdOrKeySeqSz;
 
     /* version, always 3 */
@@ -6463,7 +7639,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     recip->recipVersion = 3;
 
     /* outer IMPLICIT [1] kari */
-    kariSeqSz = SetImplicit(ASN_SEQUENCE, 1, totalSz, kariSeq);
+    kariSeqSz = (int)SetImplicit(ASN_SEQUENCE, 1, (word32)totalSz, kariSeq, 0);
     totalSz += kariSeqSz;
 
     if (totalSz > MAX_RECIP_SZ) {
@@ -6476,53 +7652,53 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         return BUFFER_E;
     }
 
-    XMEMCPY(recip->recip + idx, kariSeq, kariSeqSz);
-    idx += kariSeqSz;
-    XMEMCPY(recip->recip + idx, ver, verSz);
-    idx += verSz;
+    XMEMCPY(recip->recip + idx, kariSeq, (word32)kariSeqSz);
+    idx += (word32)kariSeqSz;
+    XMEMCPY(recip->recip + idx, ver, (word32)verSz);
+    idx += (word32)verSz;
 
-    XMEMCPY(recip->recip + idx, origIdOrKeySeq, origIdOrKeySeqSz);
-    idx += origIdOrKeySeqSz;
-    XMEMCPY(recip->recip + idx, origPubKeySeq, origPubKeySeqSz);
-    idx += origPubKeySeqSz;
+    XMEMCPY(recip->recip + idx, origIdOrKeySeq, (word32)origIdOrKeySeqSz);
+    idx += (word32)origIdOrKeySeqSz;
+    XMEMCPY(recip->recip + idx, origPubKeySeq, (word32)origPubKeySeqSz);
+    idx += (word32)origPubKeySeqSz;
 
     /* AlgorithmIdentifier with NULL parameter */
-    XMEMCPY(recip->recip + idx, origAlgId, origAlgIdSz);
-    idx += origAlgIdSz;
+    XMEMCPY(recip->recip + idx, origAlgId, (word32)origAlgIdSz);
+    idx += (word32)origAlgIdSz;
 
-    XMEMCPY(recip->recip + idx, origPubKeyStr, origPubKeyStrSz);
-    idx += origPubKeyStrSz;
+    XMEMCPY(recip->recip + idx, origPubKeyStr, (word32)origPubKeyStrSz);
+    idx += (word32)origPubKeyStrSz;
     /* ephemeral public key */
     XMEMCPY(recip->recip + idx, kari->senderKeyExport, kari->senderKeyExportSz);
     idx += kari->senderKeyExportSz;
 
     if (kari->ukmSz > 0) {
-        XMEMCPY(recip->recip + idx, ukmExplicitSeq, ukmExplicitSz);
-        idx += ukmExplicitSz;
-        XMEMCPY(recip->recip + idx, ukmOctetStr, ukmOctetSz);
-        idx += ukmOctetSz;
+        XMEMCPY(recip->recip + idx, ukmExplicitSeq, (word32)ukmExplicitSz);
+        idx += (word32)ukmExplicitSz;
+        XMEMCPY(recip->recip + idx, ukmOctetStr, (word32)ukmOctetSz);
+        idx += (word32)ukmOctetSz;
         XMEMCPY(recip->recip + idx, kari->ukm, kari->ukmSz);
         idx += kari->ukmSz;
     }
 
-    XMEMCPY(recip->recip + idx, keyEncryptAlgoId, keyEncryptAlgoIdSz);
-    idx += keyEncryptAlgoIdSz;
-    XMEMCPY(recip->recip + idx, keyWrapAlg, keyWrapAlgSz);
-    idx += keyWrapAlgSz;
+    XMEMCPY(recip->recip + idx, keyEncryptAlgoId, (word32)keyEncryptAlgoIdSz);
+    idx += (word32)keyEncryptAlgoIdSz;
+    XMEMCPY(recip->recip + idx, keyWrapAlg, (word32)keyWrapAlgSz);
+    idx += (word32)keyWrapAlgSz;
 
-    XMEMCPY(recip->recip + idx, recipEncKeysSeq, recipEncKeysSeqSz);
-    idx += recipEncKeysSeqSz;
-    XMEMCPY(recip->recip + idx, recipEncKeySeq, recipEncKeySeqSz);
-    idx += recipEncKeySeqSz;
-    XMEMCPY(recip->recip + idx, recipKeyIdSeq, recipKeyIdSeqSz);
-    idx += recipKeyIdSeqSz;
-    XMEMCPY(recip->recip + idx, subjKeyIdOctet, subjKeyIdOctetSz);
-    idx += subjKeyIdOctetSz;
+    XMEMCPY(recip->recip + idx, recipEncKeysSeq, (word32)recipEncKeysSeqSz);
+    idx += (word32)recipEncKeysSeqSz;
+    XMEMCPY(recip->recip + idx, recipEncKeySeq, (word32)recipEncKeySeqSz);
+    idx += (word32)recipEncKeySeqSz;
+    XMEMCPY(recip->recip + idx, recipKeyIdSeq, (word32)recipKeyIdSeqSz);
+    idx += (word32)recipKeyIdSeqSz;
+    XMEMCPY(recip->recip + idx, subjKeyIdOctet, (word32)subjKeyIdOctetSz);
+    idx += (word32)subjKeyIdOctetSz;
     /* subject key id */
-    XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, keyIdSize);
-    idx += keyIdSize;
-    XMEMCPY(recip->recip + idx, encryptedKeyOctet, encryptedKeyOctetSz);
-    idx += encryptedKeyOctetSz;
+    XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, (word32)keyIdSize);
+    idx += (word32)keyIdSize;
+    XMEMCPY(recip->recip + idx, encryptedKeyOctet, (word32)encryptedKeyOctetSz);
+    idx += (word32)encryptedKeyOctetSz;
     /* encrypted CEK */
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
@@ -6549,7 +7725,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     (void)options;
 
-    return idx;
+    return (int)idx;
 }
 
 #endif /* HAVE_ECC */
@@ -6560,7 +7736,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
+int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int options)
 {
     Pkcs7EncodedRecip* recip = NULL;
@@ -6670,7 +7846,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     }
 
     /* generate random content encryption key, if needed */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz);
     if (ret < 0) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(serial,       pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -6723,7 +7899,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             return -1;
         }
         issuerSz    = decoded->issuerRawLen;
-        issuerSeqSz = SetSequence(issuerSz, issuerSeq);
+        issuerSeqSz = (int)SetSequence((word32)issuerSz, issuerSeq);
 
         if (decoded->serialSz == 0) {
             WOLFSSL_MSG("DecodedCert missing serial number");
@@ -6737,8 +7913,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return -1;
         }
-        snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial,
-                               MAX_SN_SZ, MAX_SN_SZ);
+        snSz = SetSerialNumber(decoded->serial, (word32)decoded->serialSz,
+                               serial, MAX_SN_SZ, MAX_SN_SZ);
         if (snSz < 0) {
             WOLFSSL_MSG("Error setting the serial number");
             FreeDecodedCert(decoded);
@@ -6751,15 +7927,15 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return -1;
         }
-        issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
-                                        issuerSerialSeq);
+        issuerSerialSeqSz = (int)SetSequence((word32)(issuerSeqSz + issuerSz +
+                                             snSz), issuerSerialSeq);
     } else if (sidType == CMS_SKID) {
 
         /* version, must be 2 for SubjectKeyIdentifier */
         verSz = SetMyVersion(2, ver, 0);
         recip->recipVersion = 2;
 
-        issuerSKIDSz = SetLength(keyIdSize, issuerSKID);
+        issuerSKIDSz = SetLength((word32)keyIdSize, issuerSKID);
     } else {
         FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -6787,7 +7963,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         return ALGO_ID_E;
     }
 
-    keyEncAlgSz = SetAlgoID(pkcs7->publicKeyOID, keyAlgArray, oidKeyType, 0);
+    keyEncAlgSz = (int)SetAlgoID((int)pkcs7->publicKeyOID, keyAlgArray,
+                                 oidKeyType, 0);
     if (keyEncAlgSz == 0) {
         FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -6872,7 +8049,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
                               encryptedKeySz, pubKey, &rng);
         }
 #ifdef WOLFSSL_ASYNC_CRYPT
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
 #endif
     wc_FreeRsaKey(pubKey);
     wc_FreeRng(&rng);
@@ -6893,18 +8070,18 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
-    encryptedKeySz = ret;
+    encryptedKeySz = (word32)ret;
 
-    encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr);
+    encKeyOctetStrSz = (int)SetOctetString(encryptedKeySz, encKeyOctetStr);
 
     /* RecipientInfo */
     if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
-        recipSeqSz = SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz +
-                                 issuerSz + snSz + keyEncAlgSz +
-                                 encKeyOctetStrSz + encryptedKeySz, recipSeq);
+        int recipLen =  verSz + (int)issuerSerialSeqSz + issuerSeqSz +
+            issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz +
+            (int)encryptedKeySz;
+        recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq);
 
-        if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
-            keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) {
+        if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) {
             WOLFSSL_MSG("RecipientInfo output buffer too small");
             FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -6918,12 +8095,10 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         }
 
     } else {
-        recipSeqSz = SetSequence(verSz + ASN_TAG_SZ + issuerSKIDSz +
-                                 keyIdSize + keyEncAlgSz + encKeyOctetStrSz +
-                                 encryptedKeySz, recipSeq);
-
-        if (recipSeqSz + verSz + ASN_TAG_SZ + issuerSKIDSz + keyIdSize +
-            keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) {
+        int recipLen =  verSz + ASN_TAG_SZ + (int)issuerSKIDSz + keyIdSize +
+                keyEncAlgSz + encKeyOctetStrSz + (int)encryptedKeySz;
+        recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq);
+        if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) {
             WOLFSSL_MSG("RecipientInfo output buffer too small");
             FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -6938,31 +8113,31 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     }
 
     idx = 0;
-    XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
-    idx += recipSeqSz;
-    XMEMCPY(recip->recip + idx, ver, verSz);
-    idx += verSz;
+    XMEMCPY(recip->recip + idx, recipSeq, (word32)recipSeqSz);
+    idx += (word32)recipSeqSz;
+    XMEMCPY(recip->recip + idx, ver, (word32)verSz);
+    idx += (word32)verSz;
     if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
-        XMEMCPY(recip->recip + idx, issuerSerialSeq, issuerSerialSeqSz);
-        idx += issuerSerialSeqSz;
-        XMEMCPY(recip->recip + idx, issuerSeq, issuerSeqSz);
-        idx += issuerSeqSz;
-        XMEMCPY(recip->recip + idx, decoded->issuerRaw, issuerSz);
-        idx += issuerSz;
-        XMEMCPY(recip->recip + idx, serial, snSz);
-        idx += snSz;
+        XMEMCPY(recip->recip + idx, issuerSerialSeq, (word32)issuerSerialSeqSz);
+        idx += (word32)issuerSerialSeqSz;
+        XMEMCPY(recip->recip + idx, issuerSeq, (word32)issuerSeqSz);
+        idx += (word32)issuerSeqSz;
+        XMEMCPY(recip->recip + idx, decoded->issuerRaw, (word32)issuerSz);
+        idx += (word32)issuerSz;
+        XMEMCPY(recip->recip + idx, serial, (word32)snSz);
+        idx += (word32)snSz;
     } else {
         recip->recip[idx] = ASN_CONTEXT_SPECIFIC;
         idx += ASN_TAG_SZ;
         XMEMCPY(recip->recip + idx, issuerSKID, issuerSKIDSz);
         idx += issuerSKIDSz;
-        XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, keyIdSize);
-        idx += keyIdSize;
+        XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        idx += (word32)keyIdSize;
     }
-    XMEMCPY(recip->recip + idx, keyAlgArray, keyEncAlgSz);
-    idx += keyEncAlgSz;
-    XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
-    idx += encKeyOctetStrSz;
+    XMEMCPY(recip->recip + idx, keyAlgArray, (word32)keyEncAlgSz);
+    idx += (word32)keyEncAlgSz;
+    XMEMCPY(recip->recip + idx, encKeyOctetStr, (word32)encKeyOctetStrSz);
+    idx += (word32)encKeyOctetStrSz;
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
 
@@ -6990,17 +8165,57 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         lastRecip->next = recip;
     }
 
-    return idx;
+    return (int)idx;
 }
 
 #endif /* !NO_RSA */
 
+/* abstraction for writing out PKCS7 bundle during creation
+   returns 0 on success
+ */
+int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input,
+    word32 inputSz)
+{
+    int ret = 0;
+
+    if (inputSz == 0)
+        return 0;
+
+    if (input == NULL) {
+        WOLFSSL_MSG("Internal error, trying to write out NULL buffer");
+        return -1;
+    }
+
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->streamOutCb) {
+        ret = pkcs7->streamOutCb(pkcs7, input, inputSz, pkcs7->streamCtx);
+        /* sanity check on user provided ret value */
+        if (ret < 0) {
+            WOLFSSL_MSG("Return value error from stream out callback");
+            ret = BUFFER_E;
+        }
+    }
+    else
+#endif
+    if (output) {
+        XMEMCPY(output, input, inputSz);
+    }
+    else {
+        WOLFSSL_MSG("No way provided to output bundle");
+        ret = BUFFER_E;
+    }
+
+    (void)pkcs7;
+    return ret;
+}
+
 
 /* encrypt content using encryptOID algo */
-static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
+static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
+                                   int keySz,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
-                                   int inSz, byte* out, int devId, void* heap)
+                                   int inSz, byte* out)
 {
     int ret;
 #ifndef NO_AES
@@ -7014,10 +8229,23 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
     Des  des;
     Des3 des3;
 #endif
+    int devId  = pkcs7->devId;
+    void* heap = pkcs7->heap;
 
-    if (key == NULL || iv == NULL || in == NULL || out == NULL)
+    if (key == NULL || iv == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef ASN_BER_TO_DER
+    if ((in == NULL && pkcs7->getContentCb == NULL) ||
+        (out == NULL && pkcs7->streamOutCb == NULL)) {
+        WOLFSSL_MSG("No input or output set for encrypt");
+        return BAD_FUNC_ARG;
+    }
+#else
+    if (in == NULL || out == NULL)
+        return BAD_FUNC_ARG;
+#endif
+
     switch (encryptOID) {
 #ifndef NO_AES
     #ifdef HAVE_AES_CBC
@@ -7040,7 +8268,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
                 #ifdef WOLFSSL_AES_256
                     (encryptOID == AES256CBCb && keySz != 32 ) ||
                 #endif
-                    (ivSz  != AES_BLOCK_SIZE) )
+                    (ivSz  != WC_AES_BLOCK_SIZE) )
                 return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -7050,13 +8278,10 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
 #endif
             ret = wc_AesInit(aes, heap, devId);
             if (ret == 0) {
-                ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
+                ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_ENCRYPTION);
                 if (ret == 0) {
-                    ret = wc_AesCbcEncrypt(aes, out, in, inSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async encrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
+                    ret = wc_PKCS7_EncodeContentStream(pkcs7, NULL, aes, in,
+                        inSz, out, WC_CIPHER_AES_CBC);
                 }
                 wc_AesFree(aes);
             }
@@ -7087,13 +8312,38 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
 #endif
             ret = wc_AesInit(aes, heap, devId);
             if (ret == 0) {
-                ret = wc_AesGcmSetKey(aes, key, keySz);
+                ret = wc_AesGcmSetKey(aes, key, (word32)keySz);
                 if (ret == 0) {
-                    ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async encrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
+                #ifndef WOLFSSL_AESGCM_STREAM
+                    if (pkcs7->encodeStream) {
+                        WOLFSSL_MSG("Not AES-GCM stream support compiled in");
+                        ret = NOT_COMPILED_IN;
+                    }
+                    else {
+                        ret = wc_AesGcmEncrypt(aes, out, in, (word32)inSz, iv,
+                                  (word32)ivSz, authTag, authTagSz, aad, aadSz);
+                    #ifdef WOLFSSL_ASYNC_CRYPT
+                        /* async encrypt not available here, so block till done
+                         */
+                        ret = wc_AsyncWait(ret, &aes->asyncDev,
+                            WC_ASYNC_FLAG_NONE);
+                    #endif
+                    }
+                #else
+                    ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv,
+                        (word32)ivSz);
+                    if (ret == 0) {
+                        ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad,
+                            aadSz);
+                    }
+                    if (ret == 0) {
+                        ret = wc_PKCS7_EncodeContentStream(pkcs7, NULL, aes, in,
+                            inSz, out, WC_CIPHER_AES_GCM);
+                    }
+
+                    if (ret == 0) {
+                        ret = wc_AesGcmEncryptFinal(aes, authTag, authTagSz);
+                    }
                 #endif
                 }
                 wc_AesFree(aes);
@@ -7119,6 +8369,11 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (authTag == NULL)
                 return BAD_FUNC_ARG;
 
+            if (pkcs7->encodeStream) {
+                WOLFSSL_MSG("Streaming encoding not supported with AES-CCM");
+                return BAD_FUNC_ARG;
+            }
+
 #ifdef WOLFSSL_SMALL_STACK
             if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
                                       DYNAMIC_TYPE_AES)) == NULL)
@@ -7126,10 +8381,11 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
 #endif
             ret = wc_AesInit(aes, heap, devId);
             if (ret == 0) {
-                ret = wc_AesCcmSetKey(aes, key, keySz);
+                ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
                 if (ret == 0) {
-                    ret = wc_AesCcmEncrypt(aes, out, in, inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                    ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv,
+                                           (word32)ivSz, authTag, authTagSz,
+                                           aad, aadSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* async encrypt not available here, so block till done */
                     ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -7149,9 +8405,14 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
                 return BAD_FUNC_ARG;
 
+            if (pkcs7->encodeStream) {
+                WOLFSSL_MSG("Streaming encoding not supported with DES3");
+                return BAD_FUNC_ARG;
+            }
+
             ret = wc_Des_SetKey(&des, key, iv, DES_ENCRYPTION);
             if (ret == 0)
-                ret = wc_Des_CbcEncrypt(&des, out, in, inSz);
+                ret = wc_Des_CbcEncrypt(&des, out, in, (word32)inSz);
 
             break;
 
@@ -7159,11 +8420,16 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
             if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
                 return BAD_FUNC_ARG;
 
+            if (pkcs7->encodeStream) {
+                WOLFSSL_MSG("Streaming encoding not supported with DES3");
+                return BAD_FUNC_ARG;
+            }
+
             ret = wc_Des3Init(&des3, heap, devId);
             if (ret == 0) {
                 ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
                 if (ret == 0) {
-                    ret = wc_Des3_CbcEncrypt(&des3, out, in, inSz);
+                    ret = wc_Des3_CbcEncrypt(&des3, out, in, (word32)inSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* async encrypt not available here, so block till done */
                     ret = wc_AsyncWait(ret, &des3.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -7188,34 +8454,21 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
 }
 
 
-/* decrypt content using encryptOID algo
- * returns 0 on success */
-static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
-        int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
-        word32 authTagSz, byte* in, int inSz, byte* out, int devId, void* heap)
+static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, word32 encryptOID,
+    byte* key, word32 keySz, byte* iv, int ivSz, int devId, void* heap)
 {
     int ret;
 #ifndef NO_AES
-#ifdef WOLFSSL_SMALL_STACK
     Aes  *aes;
-#else
-    Aes  aes[1];
-#endif
 #endif
 #ifndef NO_DES3
-    Des  des;
-    Des3 des3;
+    Des  *des;
+    Des3 *des3;
 #endif
 
-    if (iv == NULL || in == NULL || out == NULL)
+    if (iv == NULL)
         return BAD_FUNC_ARG;
 
-    if (pkcs7->decryptionCb != NULL) {
-        return pkcs7->decryptionCb(pkcs7, encryptOID, iv, ivSz,
-                                      aad, aadSz, authTag, authTagSz, in,
-                                      inSz, out, pkcs7->decryptionCtx);
-    }
-
     if (key == NULL)
         return BAD_FUNC_ARG;
 
@@ -7241,28 +8494,144 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
                 #ifdef WOLFSSL_AES_256
                     (encryptOID == AES256CBCb && keySz != 32 ) ||
                 #endif
-                    (ivSz  != AES_BLOCK_SIZE) )
+                    (ivSz  != WC_AES_BLOCK_SIZE) )
                 return BAD_FUNC_ARG;
-#ifdef WOLFSSL_SMALL_STACK
-            if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                                      DYNAMIC_TYPE_AES)) == NULL)
+
+            pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                                      DYNAMIC_TYPE_AES);
+            aes = pkcs7->decryptKey.aes;
+            if (aes == NULL)
                 return MEMORY_E;
-#endif
             ret = wc_AesInit(aes, heap, devId);
             if (ret == 0) {
-                ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
-                if (ret == 0) {
-                    ret = wc_AesCbcDecrypt(aes, out, in, inSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_AesFree(aes);
+                ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION);
             }
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(aes, NULL, DYNAMIC_TYPE_AES);
-#endif
+            break;
+
+    #endif /* HAVE_AES_CBC */
+    #ifdef HAVE_AESGCM
+        #ifdef WOLFSSL_AES_128
+        case AES128GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256GCMb:
+        #endif
+        #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
+            defined(WOLFSSL_AES_256)
+            pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                                      DYNAMIC_TYPE_AES);
+            aes = pkcs7->decryptKey.aes;
+            if (aes == NULL)
+                return MEMORY_E;
+            ret = wc_AesInit(aes, heap, devId);
+            if (ret == 0) {
+                ret = wc_AesGcmSetKey(aes, key, (word32)keySz);
+            }
+            break;
+        #endif
+    #endif /* HAVE_AESGCM */
+    #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+        case AES128CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256CCMb:
+        #endif
+        #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
+            defined(WOLFSSL_AES_256)
+            pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                                      DYNAMIC_TYPE_AES);
+            aes = pkcs7->decryptKey.aes;
+            if (aes == NULL)
+                return MEMORY_E;
+            ret = wc_AesInit(aes, heap, devId);
+            if (ret == 0) {
+                ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
+            }
+            break;
+        #endif
+    #endif /* HAVE_AESCCM */
+#endif /* !NO_AES */
+#ifndef NO_DES3
+        case DESb:
+            if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
+                return BAD_FUNC_ARG;
+
+            pkcs7->decryptKey.des = (Des *)XMALLOC(sizeof *des, NULL,
+                                      DYNAMIC_TYPE_PKCS7);
+            des = pkcs7->decryptKey.des;
+            if (des == NULL) {
+                return MEMORY_E;
+            }
+            ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
+            break;
+        case DES3b:
+            if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
+                return BAD_FUNC_ARG;
+
+            pkcs7->decryptKey.des3 = (Des3 *)XMALLOC(sizeof *des3, NULL,
+                                      DYNAMIC_TYPE_PKCS7);
+            des3 = pkcs7->decryptKey.des3;
+            if (des3 == NULL) {
+                return MEMORY_E;
+            }
+            ret = wc_Des3Init(des3, heap, devId);
+            if (ret == 0) {
+                ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
+            }
+
+            break;
+#endif /* !NO_DES3 */
+        default:
+            WOLFSSL_MSG("Unsupported content cipher type");
+            return ALGO_ID_E;
+    };
+
+    return ret;
+}
+
+
+/* Only does decryption of content using encryptOID algo and already set keys
+ * returns 0 on success */
+static int wc_PKCS7_DecryptContentEx(wc_PKCS7* pkcs7, word32 encryptOID,
+    byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
+    word32 authTagSz, byte* in, int inSz, byte* out)
+{
+    int ret;
+
+    if (in == NULL
+    #ifdef ASN_BER_TO_DER
+        && pkcs7->getContentCb == NULL
+    #endif
+    ) {
+        return BAD_FUNC_ARG;
+    }
+
+    switch (encryptOID) {
+#ifndef NO_AES
+    #ifdef HAVE_AES_CBC
+    #ifdef WOLFSSL_AES_128
+        case AES128CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_192
+        case AES192CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_256
+        case AES256CBCb:
+    #endif
+            ret = wc_AesCbcDecrypt(pkcs7->decryptKey.aes, out, in,
+                (word32)inSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev,
+                WC_ASYNC_FLAG_NONE);
+        #endif
             break;
     #endif /* HAVE_AES_CBC */
     #ifdef HAVE_AESGCM
@@ -7280,27 +8649,14 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
             if (authTag == NULL)
                 return BAD_FUNC_ARG;
 
-#ifdef WOLFSSL_SMALL_STACK
-            if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                                      DYNAMIC_TYPE_AES)) == NULL)
-                return MEMORY_E;
-#endif
-            ret = wc_AesInit(aes, heap, devId);
-            if (ret == 0) {
-                ret = wc_AesGcmSetKey(aes, key, keySz);
-                if (ret == 0) {
-                    ret = wc_AesGcmDecrypt(aes, out, in, inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_AesFree(aes);
-            }
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(aes, NULL, DYNAMIC_TYPE_AES);
-#endif
+            ret = wc_AesGcmDecrypt(pkcs7->decryptKey.aes, out, in,
+                    (word32)inSz, iv, (word32)ivSz, authTag, authTagSz,
+                    aad, aadSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev,
+                WC_ASYNC_FLAG_NONE);
+        #endif
             break;
         #endif
     #endif /* HAVE_AESGCM */
@@ -7314,63 +8670,31 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
         #ifdef WOLFSSL_AES_256
         case AES256CCMb:
         #endif
-        #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
-            defined(WOLFSSL_AES_256)
-            if (authTag == NULL)
-                return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
-            if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                                      DYNAMIC_TYPE_AES)) == NULL)
-                return MEMORY_E;
-#endif
-            ret = wc_AesInit(aes, heap, devId);
-            if (ret == 0) {
-                ret = wc_AesCcmSetKey(aes, key, keySz);
-                if (ret == 0) {
-                    ret = wc_AesCcmDecrypt(aes, out, in, inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_AesFree(aes);
-            }
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(aes, NULL, DYNAMIC_TYPE_AES);
-#endif
-            break;
+            ret = wc_AesCcmDecrypt(pkcs7->decryptKey.aes, out, in,
+                (word32)inSz, iv, (word32)ivSz, authTag, authTagSz,
+                aad, aadSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev,
+                WC_ASYNC_FLAG_NONE);
         #endif
+            break;
     #endif /* HAVE_AESCCM */
 #endif /* !NO_AES */
 #ifndef NO_DES3
         case DESb:
-            if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
-                return BAD_FUNC_ARG;
-
-            ret = wc_Des_SetKey(&des, key, iv, DES_DECRYPTION);
-            if (ret == 0)
-                ret = wc_Des_CbcDecrypt(&des, out, in, inSz);
-
+            ret = wc_Des_CbcDecrypt(pkcs7->decryptKey.des, out, in,
+                (word32)inSz);
             break;
+
         case DES3b:
-            if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
-                return BAD_FUNC_ARG;
-
-            ret = wc_Des3Init(&des3, heap, devId);
-            if (ret == 0) {
-                ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION);
-                if (ret == 0) {
-                    ret = wc_Des3_CbcDecrypt(&des3, out, in, inSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &des3.asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_Des3Free(&des3);
-            }
-
+            ret = wc_Des3_CbcDecrypt(pkcs7->decryptKey.des3, out, in,
+                (word32)inSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret,
+              &pkcs7->decryptKey.des3->asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
             break;
 #endif /* !NO_DES3 */
         default:
@@ -7389,9 +8713,106 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
 }
 
 
+/* clears up struct for algo used and free's memory */
+static void wc_PKCS7_DecryptContentFree(wc_PKCS7* pkcs7, word32 encryptOID,
+    void* heap)
+{
+    switch (encryptOID) {
+#ifndef NO_AES
+    #ifdef HAVE_AES_CBC
+    #ifdef WOLFSSL_AES_128
+        case AES128CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_192
+        case AES192CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_256
+        case AES256CBCb:
+    #endif
+    #endif /* HAVE_AES_CBC */
+    #ifdef HAVE_AESGCM
+        #ifdef WOLFSSL_AES_128
+        case AES128GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256GCMb:
+        #endif
+    #endif /* HAVE_AESGCM */
+    #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+        case AES128CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256CCMb:
+        #endif
+    #endif /* HAVE_AESCCM */
+            if (pkcs7->decryptKey.aes != NULL) {
+                wc_AesFree(pkcs7->decryptKey.aes);
+                XFREE(pkcs7->decryptKey.aes, heap, DYNAMIC_TYPE_AES);
+                pkcs7->decryptKey.aes = NULL;
+            }
+            break;
+#endif /* !NO_AES */
+#ifndef NO_DES3
+        case DESb:
+            if (pkcs7->decryptKey.des != NULL) {
+                XFREE(pkcs7->decryptKey.des, heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->decryptKey.des = NULL;
+            }
+            break;
+        case DES3b:
+            if (pkcs7->decryptKey.des3 != NULL) {
+                wc_Des3Free(pkcs7->decryptKey.des3);
+                XFREE(pkcs7->decryptKey.des3, heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->decryptKey.des3 = NULL;
+            }
+            break;
+#endif /* !NO_DES3 */
+        default:
+            WOLFSSL_MSG("Unsupported content cipher type");
+    };
+}
+
+
+/* decrypts the content in one shot, doing init / decrypt / free
+ * returns 0 on success
+ */
+static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, word32 encryptOID,
+        byte* key, word32 keySz, byte* iv, int ivSz, byte* aad, word32 aadSz,
+        byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out,
+        int devId, void* heap)
+{
+    int ret;
+
+    if (pkcs7->decryptionCb != NULL) {
+        return pkcs7->decryptionCb(pkcs7, (int)encryptOID, iv, ivSz,
+                                      aad, aadSz, authTag, authTagSz, in,
+                                      inSz, out, pkcs7->decryptionCtx);
+    }
+
+    ret = wc_PKCS7_DecryptContentInit(pkcs7, encryptOID, key, keySz, iv, ivSz,
+        devId, heap);
+
+    if (ret == 0) {
+        ret = wc_PKCS7_DecryptContentEx(pkcs7, encryptOID, iv, ivSz, aad,
+            aadSz, authTag, authTagSz, in, inSz, out);
+    }
+
+    wc_PKCS7_DecryptContentFree(pkcs7, encryptOID, heap);
+
+    return ret;
+}
+
+
 /* Generate random block, place in out, return 0 on success negative on error.
  * Used for generation of IV, nonce, etc */
-static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
+static int wc_PKCS7_GenerateBlock(wc_PKCS7* pkcs7, WC_RNG* rng, byte* out,
                                   word32 outSz)
 {
     int ret;
@@ -7439,7 +8860,7 @@ static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
  * type  - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID
  *
  * return 0 on success, negative upon error */
-int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
+int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -7463,7 +8884,7 @@ int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
  * sz          - length of contentType array, octets
  *
  * return 0 on success, negative upon error */
-int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
+int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz)
 {
     if (pkcs7 == NULL || contentType == NULL || sz == 0)
         return BAD_FUNC_ARG;
@@ -7483,14 +8904,10 @@ int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
 /* return size of padded data, padded to blockSz chunks, or negative on error */
 int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 {
-    int padSz;
-
     if (blockSz == 0)
         return BAD_FUNC_ARG;
 
-    padSz = blockSz - (inputSz % blockSz);
-
-    return padSz;
+    return (int)(blockSz - (inputSz % blockSz));
 }
 
 
@@ -7499,24 +8916,16 @@ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
                      word32 blockSz)
 {
-    int i, padSz;
-
     if (in == NULL  || inSz == 0 ||
-        out == NULL || outSz == 0)
+        out == NULL || outSz == 0 || blockSz == 0)
         return BAD_FUNC_ARG;
 
-    padSz = wc_PKCS7_GetPadSize(inSz, blockSz);
-
-    if (outSz < (inSz + padSz))
+    if (outSz < wc_PkcsPad(NULL, inSz, blockSz))
         return BAD_FUNC_ARG;
 
     XMEMCPY(out, in, inSz);
 
-    for (i = 0; i < padSz; i++) {
-        out[inSz + i] = (byte)padSz;
-    }
-
-    return inSz + padSz;
+    return (int)wc_PkcsPad(out, inSz, blockSz);
 }
 
 
@@ -7524,7 +8933,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Return 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
+int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
                               int options)
 {
     int oriTypeLenSz, blockKeySz, ret;
@@ -7560,7 +8969,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
     }
 
     /* generate random content encryption key, if needed */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz);
     if (ret < 0) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
@@ -7575,10 +8984,10 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
         return ret;
     }
 
-    oriTypeLenSz = SetLength(oriTypeSz, oriTypeLen);
+    oriTypeLenSz = (int)SetLength(oriTypeSz, oriTypeLen);
 
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz +
-                             oriValueSz, recipSeq);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + (word32)oriTypeLenSz +
+                             oriTypeSz + oriValueSz, recipSeq, 0);
 
     idx = 0;
     XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
@@ -7586,8 +8995,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
     /* oriType */
     recip->recip[idx] = ASN_OBJECT_ID;
     idx += 1;
-    XMEMCPY(recip->recip + idx, oriTypeLen, oriTypeLenSz);
-    idx += oriTypeLenSz;
+    XMEMCPY(recip->recip + idx, oriTypeLen, (word32)oriTypeLenSz);
+    idx += (word32)oriTypeLenSz;
     XMEMCPY(recip->recip + idx, oriType, oriTypeSz);
     idx += oriTypeSz;
     /* oriValue, input MUST already be ASN.1 encoded */
@@ -7612,13 +9021,13 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
 
     (void)options;
 
-    return idx;
+    return (int)idx;
 }
 
 #if !defined(NO_PWDBASED) && !defined(NO_SHA)
 
 
-static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
+static int wc_PKCS7_GenerateKEK_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
                                      byte* salt, word32 saltSz, int kdfOID,
                                      int prfOID, int iterations, byte* out,
                                      word32 outSz)
@@ -7632,8 +9041,8 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
         case PBKDF2_OID:
 
-            ret = wc_PBKDF2(out, passwd, pLen, salt, saltSz, iterations,
-                            outSz, prfOID);
+            ret = wc_PBKDF2(out, passwd, (int)pLen, salt, (int)saltSz,
+                            iterations, (int)outSz, prfOID);
             if (ret != 0) {
                 return ret;
             }
@@ -7652,10 +9061,9 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 /* RFC3211 (Section 2.3.1) key wrap algorithm (id-alg-PWRI-KEK).
  *
  * Returns output size on success, negative upon error */
-static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
-                                    const byte* cek, word32 cekSz,
-                                    byte* out, word32 *outSz,
-                                    const byte* iv, word32 ivSz, int algID)
+static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek,
+        word32 kekSz, const byte* cek, word32 cekSz,
+        byte* out, word32 *outSz, const byte* iv, word32 ivSz, int algID)
 {
     WC_RNG rng;
     int blockSz, outLen, ret;
@@ -7675,17 +9083,17 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
     }
 
     /* get pad bytes needed to block boundary */
-    padSz = blockSz - ((4 + cekSz) % blockSz);
-    outLen = 4 + cekSz + padSz;
+    padSz = (word32)blockSz - ((4 + cekSz) % (word32)blockSz);
+    outLen = (int)(4 + cekSz + padSz);
 
     /* must be at least two blocks long */
     if (outLen < 2 * blockSz)
-        padSz += blockSz;
+        padSz += (word32)blockSz;
 
     /* if user set out to NULL, give back required length */
     if (out == NULL) {
-        *outSz = outLen;
-        return LENGTH_ONLY_E;
+        *outSz = (word32)outLen;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* verify output buffer is large enough */
@@ -7693,9 +9101,9 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
         return BUFFER_E;
 
     out[0] = (byte)cekSz;
-    out[1] = ~cek[0];
-    out[2] = ~cek[1];
-    out[3] = ~cek[2];
+    out[1] = (byte)~cek[0];
+    out[2] = (byte)~cek[1];
+    out[3] = (byte)~cek[2];
     XMEMCPY(out + 4, cek, cekSz);
 
     /* random padding of size padSz */
@@ -7707,21 +9115,21 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
 
     if (ret == 0) {
         /* encrypt, normal */
-        ret = wc_PKCS7_EncryptContent(algID, (byte*)kek, kekSz, (byte*)iv,
-                                      ivSz, NULL, 0, NULL, 0, out, outLen, out,
-                                      pkcs7->devId, pkcs7->heap);
+        ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
+                                    (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out,
+                                    outLen, out);
     }
 
     if (ret == 0) {
         /* encrypt again, using last ciphertext block as IV */
         lastBlock = out + (((outLen / blockSz) - 1) * blockSz);
-        ret = wc_PKCS7_EncryptContent(algID, (byte*)kek, kekSz, lastBlock,
-                                      blockSz, NULL, 0, NULL, 0, out,
-                                      outLen, out, pkcs7->devId, pkcs7->heap);
+        ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
+                                      lastBlock, blockSz, NULL, 0, NULL, 0, out,
+                                      outLen, out);
     }
 
     if (ret == 0) {
-        *outSz = outLen;
+        *outSz = (word32)outLen;
     } else {
         outLen = ret;
     }
@@ -7735,10 +9143,10 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
 /* RFC3211 (Section 2.3.2) key unwrap algorithm (id-alg-PWRI-KEK).
  *
  * Returns cek size on success, negative upon error */
-static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
+static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek,
                                       word32 kekSz, const byte* in, word32 inSz,
                                       byte* out, word32 outSz, const byte* iv,
-                                      word32 ivSz, int algID)
+                                      word32 ivSz, word32 algID)
 {
     int blockSz, cekLen, ret;
     byte* tmpIv     = NULL;
@@ -7755,7 +9163,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
         return MEMORY_E;
 
     /* get encryption algorithm block size */
-    blockSz = wc_PKCS7_GetOIDBlockSize(algID);
+    blockSz = wc_PKCS7_GetOIDBlockSize((int)algID);
     if (blockSz <= 0) {
         XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (blockSz < 0)
@@ -7765,7 +9173,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
     }
 
     /* input needs to be blockSz multiple and at least 2 * blockSz */
-    if (((inSz % blockSz) != 0) || (inSz < (2 * (word32)blockSz))) {
+    if (((inSz % (word32)blockSz) != 0) || (inSz < (2 * (word32)blockSz))) {
         WOLFSSL_MSG("PWRI-KEK unwrap input must of block size and >= 2 "
                     "times block size");
         XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -7785,15 +9193,15 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
         /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */
         lastBlock = outTmp + inSz - blockSz;
         ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz,
-                lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz,
-                outTmp, pkcs7->devId, pkcs7->heap);
+                lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in,
+                (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap);
     }
 
     if (ret == 0) {
         /* decrypt using original kek and iv */
         ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz,
-                (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp,
-                pkcs7->devId, pkcs7->heap);
+                (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz,
+                outTmp, pkcs7->devId, pkcs7->heap);
     }
 
     if (ret != 0) {
@@ -7838,7 +9246,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Return 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
+int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
                                byte* salt, word32 saltSz, int kdfOID,
                                int hashOID, int iterations, int kekEncryptOID,
                                int options)
@@ -7913,12 +9321,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
         return kekBlockSz;
 
     /* generate random CEK */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, cekKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)cekKeySz);
     if (ret < 0)
         return ret;
 
     /* generate random IV */
-    ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, kekBlockSz);
+    ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, (word32)kekBlockSz);
     if (ret != 0)
         return ret;
 
@@ -7928,7 +9336,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     if (recip == NULL)
         return MEMORY_E;
 
-    kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     if (kek == NULL) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
@@ -7944,13 +9352,13 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
     XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip));
-    XMEMSET(kek, 0, kekKeySz);
+    XMEMSET(kek, 0, (word32)kekKeySz);
     XMEMSET(encryptedKey, 0, encryptedKeySz);
 
     /* generate KEK: expand password into KEK */
     ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, passwd, pLen, salt, saltSz,
                                     kdfOID, hashOID, iterations, kek,
-                                    kekKeySz);
+                                    (word32)kekKeySz);
     if (ret < 0) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -7959,29 +9367,29 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     }
 
     /* generate encrypted key: encrypt CEK with KEK */
-    ret = wc_PKCS7_PwriKek_KeyWrap(pkcs7, kek, kekKeySz, pkcs7->cek,
+    ret = wc_PKCS7_PwriKek_KeyWrap(pkcs7, kek, (word32)kekKeySz, pkcs7->cek,
                                    pkcs7->cekSz, encryptedKey, &encryptedKeySz,
-                                   tmpIv, kekBlockSz, encryptOID);
+                                   tmpIv, (word32)kekBlockSz, encryptOID);
     if (ret < 0) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
-    encryptedKeySz = ret;
+    encryptedKeySz = (word32)ret;
 
     /* put together encrypted key OCTET STRING */
     encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr);
     totalSz += (encKeyOctetStrSz + encryptedKeySz);
 
     /* put together IV OCTET STRING */
-    ivOctetStringSz = SetOctetString(kekBlockSz, ivOctetString);
-    totalSz += (ivOctetStringSz + kekBlockSz);
+    ivOctetStringSz = SetOctetString((word32)kekBlockSz, ivOctetString);
+    totalSz += (ivOctetStringSz + (word32)kekBlockSz);
 
     /* set PWRIAlgorithms AlgorithmIdentifier, adding (ivOctetStringSz +
        blockKeySz) for IV OCTET STRING */
     pwriEncAlgoIdSz = SetAlgoID(encryptOID, pwriEncAlgoId,
-                                oidBlkType, ivOctetStringSz + kekBlockSz);
+                                oidBlkType, (int)ivOctetStringSz + kekBlockSz);
     totalSz += pwriEncAlgoIdSz;
 
     /* set KeyEncryptionAlgorithms OID */
@@ -7992,12 +9400,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
-    keyEncAlgoIdSz = ret;
+    keyEncAlgoIdSz = (word32)ret;
     totalSz += keyEncAlgoIdSz;
 
     /* KeyEncryptionAlgorithm SEQ */
     keyEncAlgoIdSeqSz = SetSequence(keyEncAlgoIdSz + pwriEncAlgoIdSz +
-                                    ivOctetStringSz + kekBlockSz,
+                                    ivOctetStringSz + (word32)kekBlockSz,
                                     keyEncAlgoIdSeq);
     totalSz += keyEncAlgoIdSeqSz;
 
@@ -8006,7 +9414,8 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     totalSz += (kdfSaltOctetStrSz + saltSz);
 
     /* set KDF iteration count */
-    kdfIterationsSz = SetMyVersion(iterations, kdfIterations, 0);
+    kdfIterationsSz = (word32)SetMyVersion((word32)iterations, kdfIterations,
+        0);
     totalSz += kdfIterationsSz;
 
     /* set KDF params SEQ */
@@ -8022,22 +9431,22 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
-    kdfAlgoIdSz = ret;
+    kdfAlgoIdSz = (word32)ret;
     totalSz += kdfAlgoIdSz;
 
     /* set KeyDerivationAlgorithmIdentifier EXPLICIT [0] SEQ */
     kdfAlgoIdSeqSz = SetExplicit(0, kdfAlgoIdSz + kdfParamsSeqSz +
                                  kdfSaltOctetStrSz + saltSz + kdfIterationsSz,
-                                 kdfAlgoIdSeq);
+                                 kdfAlgoIdSeq, 0);
     totalSz += kdfAlgoIdSeqSz;
 
     /* set PasswordRecipientInfo CMSVersion, MUST be 0 */
-    verSz = SetMyVersion(0, ver, 0);
+    verSz = (word32)SetMyVersion(0, ver, 0);
     totalSz += verSz;
     recip->recipVersion = 0;
 
     /* set PasswordRecipientInfo SEQ */
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 3, totalSz, recipSeq);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 3, totalSz, recipSeq, 0);
     totalSz += recipSeqSz;
 
     if (totalSz > MAX_RECIP_SZ) {
@@ -8073,14 +9482,14 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     idx += pwriEncAlgoIdSz;
     XMEMCPY(recip->recip + idx, ivOctetString, ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(recip->recip + idx, tmpIv, kekBlockSz);
-    idx += kekBlockSz;
+    XMEMCPY(recip->recip + idx, tmpIv, (word32)kekBlockSz);
+    idx += (word32)kekBlockSz;
     XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
     idx += encKeyOctetStrSz;
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
 
-    ForceZero(kek, kekBlockSz);
+    ForceZero(kek, (word32)kekBlockSz);
     ForceZero(encryptedKey, encryptedKeySz);
     XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -8102,14 +9511,14 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     (void)options;
 
-    return idx;
+    return (int)idx;
 }
 
 /* Import password and KDF settings into a PKCS7 structure. Used for setting
  * the password info for decryption a EnvelopedData PWRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen)
+int wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen)
 {
     if (pkcs7 == NULL || passwd == NULL || pLen == 0)
         return BAD_FUNC_ARG;
@@ -8139,7 +9548,7 @@ int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen)
  * otherSz    - size of other (OPTIONAL)
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
+int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek,
                                 word32 kekSz, byte* keyId, word32 keyIdSz,
                                 void* timePtr, byte* otherOID,
                                 word32 otherOIDSz, byte* other, word32 otherSz,
@@ -8193,7 +9602,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 
     /* generate random content encryption key, if needed */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz);
     if (ret < 0) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
@@ -8209,7 +9618,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 #endif
     encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
-    XMEMSET(encryptedKey, 0, encryptedKeySz);
+    XMEMSET(encryptedKey, 0, (word32)encryptedKeySz);
 
     #ifndef NO_AES
         direction = AES_ENCRYPTION;
@@ -8218,8 +9627,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     #endif
 
     encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz,
-                                      encryptedKey, encryptedKeySz, keyWrapOID,
-                                      direction);
+                               encryptedKey, (word32)encryptedKeySz, keyWrapOID,
+                               direction);
     if (encryptedKeySz < 0) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -8236,8 +9645,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
         return WC_KEY_SIZE_E;
     }
 
-    encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr);
-    totalSz += (encKeyOctetStrSz + encryptedKeySz);
+    encKeyOctetStrSz = SetOctetString((word32)encryptedKeySz, encKeyOctetStr);
+    totalSz += (encKeyOctetStrSz + (word32)encryptedKeySz);
 
     /* KeyEncryptionAlgorithmIdentifier */
     encAlgoIdSz = SetAlgoID(keyWrapOID, encAlgoId, oidKeyWrapType, 0);
@@ -8259,7 +9668,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
         #endif
             return timeSz;
         }
-        totalSz += timeSz;
+        totalSz += (word32)timeSz;
     }
 #endif
 
@@ -8270,17 +9679,17 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 
     /* KEKIdentifier SEQ */
-    kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + timeSz +
+    kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + (word32)timeSz +
                              otherAttSeqSz + otherOIDSz + otherSz, kekIdSeq);
     totalSz += kekIdSeqSz;
 
     /* version */
-    verSz = SetMyVersion(4, ver, 0);
+    verSz = (word32)SetMyVersion(4, ver, 0);
     totalSz += verSz;
     recip->recipVersion = 4;
 
     /* KEKRecipientInfo SEQ */
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 2, totalSz, recipSeq);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 2, totalSz, recipSeq, 0);
     totalSz += recipSeqSz;
 
     if (totalSz > MAX_RECIP_SZ) {
@@ -8303,8 +9712,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     XMEMCPY(recip->recip + idx, keyId, keyIdSz);
     idx += keyIdSz;
     if (timePtr != NULL) {
-        XMEMCPY(recip->recip + idx, genTime, timeSz);
-        idx += timeSz;
+        XMEMCPY(recip->recip + idx, genTime, (word32)timeSz);
+        idx += (word32)timeSz;
     }
     if (other != NULL && otherSz > 0) {
         XMEMCPY(recip->recip + idx, otherAttSeq, otherAttSeqSz);
@@ -8318,8 +9727,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     idx += encAlgoIdSz;
     XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
     idx += encKeyOctetStrSz;
-    XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
-    idx += encryptedKeySz;
+    XMEMCPY(recip->recip + idx, encryptedKey, (word32)encryptedKeySz);
+    idx += (word32)encryptedKeySz;
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -8342,11 +9751,11 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
 
     (void)options;
 
-    return idx;
+    return (int)idx;
 }
 
 
-static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType)
+static int wc_PKCS7_GetCMSVersion(wc_PKCS7* pkcs7, int cmsContentType)
 {
     int version = -1;
 
@@ -8388,7 +9797,7 @@ static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType)
 
 
 /* build PKCS#7 envelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret, idx = 0;
     int totalSz, padSz, encryptedOutSz;
@@ -8405,8 +9814,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     WC_RNG rng;
     int blockSz, blockKeySz;
-    byte* plain;
-    byte* encryptedContent;
+    byte* plain            = NULL;
+    byte* encryptedContent = NULL;
 
     Pkcs7EncodedRecip* tmpRecip = NULL;
     int recipSz, recipSetSz;
@@ -8420,12 +9829,28 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     byte tmpIv[MAX_CONTENT_IV_SIZE];
     byte ivOctetString[MAX_OCTET_STR_SZ];
     byte encContentOctet[MAX_OCTET_STR_SZ];
+#ifdef ASN_BER_TO_DER
+    word32 streamSz = 0;
+#endif
 
-    if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0)
+    if (pkcs7 == NULL
+        #ifndef ASN_BER_TO_DER
+            || pkcs7->content == NULL
+        #endif
+            || pkcs7->contentSz == 0) {
         return BAD_FUNC_ARG;
+    }
 
-    if (output == NULL || outputSz == 0)
+#ifndef ASN_BER_TO_DER
+    if (output == NULL || outputSz == 0) {
         return BAD_FUNC_ARG;
+    }
+#else
+    /* if both output and callback are not set then error out */
+    if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+#endif
 
     blockKeySz = wc_PKCS7_GetOIDKeySize(pkcs7->encryptOID);
     if (blockKeySz < 0)
@@ -8446,7 +9871,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
     /* generate random content encryption key */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz);
     if (ret != 0) {
         return ret;
     }
@@ -8489,7 +9914,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         WOLFSSL_MSG("You must add at least one CMS recipient");
         return PKCS7_RECIP_E;
     }
-    recipSetSz = SetSet(recipSz, recipSet);
+    recipSetSz = (int)SetSet((word32)recipSz, recipSet);
 
     /* version, defined in Section 6.1 of RFC 5652 */
     kariVersion = wc_PKCS7_GetCMSVersion(pkcs7, ENVELOPED_DATA);
@@ -8499,7 +9924,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return PKCS7_RECIP_E;
     }
 
-    verSz = SetMyVersion(kariVersion, ver, 0);
+    verSz = SetMyVersion((word32)kariVersion, ver, 0);
 
     ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
     if (ret != 0) {
@@ -8508,7 +9933,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
     /* generate IV for block cipher */
-    ret = wc_PKCS7_GenerateBlock(pkcs7, &rng, tmpIv, blockSz);
+    ret = wc_PKCS7_GenerateBlock(pkcs7, &rng, tmpIv, (word32)blockSz);
     wc_FreeRng(&rng);
     if (ret != 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -8526,42 +9951,54 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     contentTypeSz = ret;
 
     /* allocate encrypted content buffer and PKCS#7 padding */
-    padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, blockSz);
+    padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, (word32)blockSz);
     if (padSz < 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
         return padSz;
     }
 
-    encryptedOutSz = pkcs7->contentSz + padSz;
+    encryptedOutSz = (int)pkcs7->contentSz + padSz;
+
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->getContentCb == NULL)
+#endif
+    {
+        plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
+                               DYNAMIC_TYPE_PKCS7);
+        if (plain == NULL) {
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return MEMORY_E;
+        }
+
+        ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
+                               (word32)encryptedOutSz, (word32)blockSz);
+        if (ret < 0) {
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return ret;
+        }
 
-    plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    if (plain == NULL) {
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return MEMORY_E;
     }
 
-    ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                           encryptedOutSz, blockSz);
-    if (ret < 0) {
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return ret;
-    }
-
-    encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
-                                      DYNAMIC_TYPE_PKCS7);
-    if (encryptedContent == NULL) {
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return MEMORY_E;
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->streamOutCb == NULL)
+#endif
+    {
+        encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
+                                          DYNAMIC_TYPE_PKCS7);
+        if (encryptedContent == NULL) {
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            return MEMORY_E;
+        }
     }
 
     /* put together IV OCTET STRING */
-    ivOctetStringSz = SetOctetString(blockSz, ivOctetString);
+    ivOctetStringSz = (int)SetOctetString((word32)blockSz, ivOctetString);
 
     /* build up our ContentEncryptionAlgorithmIdentifier sequence,
      * adding (ivOctetStringSz + blockSz) for IV OCTET STRING */
-    contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
+    contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
                                  oidBlkType, ivOctetStringSz + blockSz);
 
     if (contentEncAlgoSz == 0) {
@@ -8571,26 +10008,12 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BAD_FUNC_ARG;
     }
 
-    /* encrypt content */
-    ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
-            encryptedOutSz, encryptedContent,
-            pkcs7->devId, pkcs7->heap);
-
-    if (ret != 0) {
-        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        return ret;
-    }
-
-    encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
-                                    encContentOctet);
-
-    encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  ivOctetStringSz + blockSz +
-                                  encContentOctetSz + encryptedOutSz,
-                                  encContentSeq);
+    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
+            (word32)encryptedOutSz, encContentOctet, pkcs7->encodeStream);
+    encContentSeqSz = (int)SetSequenceEx((word32)(contentTypeSz +
+                              contentEncAlgoSz + ivOctetStringSz + blockSz +
+                              encContentOctetSz + encryptedOutSz),
+                              encContentSeq, pkcs7->encodeStream);
 
     /* keep track of sizes for outer wrapper layering */
     totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
@@ -8598,21 +10021,71 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
               encContentOctetSz + encryptedOutSz;
 
     /* EnvelopedData */
-    envDataSeqSz = SetSequence(totalSz, envDataSeq);
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        word32 tmpIdx = 0;
+
+        /* account for ending of encContentOctet */
+        totalSz += ASN_INDEF_END_SZ;
+
+        /* account for ending of encContentSeq */
+        totalSz += ASN_INDEF_END_SZ;
+
+        /* account for asn1 syntax around octet strings */
+        StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz,
+                                                                       &tmpIdx);
+        totalSz += ((int)streamSz - encryptedOutSz);
+
+        /* resize encrypted content buffer */
+        if (encryptedContent != NULL) {
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = (byte*)XMALLOC(streamSz, pkcs7->heap,
+                                              DYNAMIC_TYPE_PKCS7);
+            if (encryptedContent == NULL) {
+                XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+                return MEMORY_E;
+            }
+        }
+    }
+#endif
+    envDataSeqSz = (int)SetSequenceEx((word32)totalSz, envDataSeq,
+        pkcs7->encodeStream);
     totalSz += envDataSeqSz;
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+#endif
 
     /* outer content */
-    outerContentSz = SetExplicit(0, totalSz, outerContent);
+    outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent,
+        pkcs7->encodeStream);
+#ifdef ASN_BER_TO_DER
+    if (pkcs7->encodeStream) {
+        totalSz += ASN_INDEF_END_SZ;
+    }
+#endif
     totalSz += outerContentTypeSz;
     totalSz += outerContentSz;
 
     if (pkcs7->contentOID != FIRMWARE_PKG_DATA) {
         /* ContentInfo */
-        contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
+        contentInfoSeqSz = (int)SetSequenceEx((word32)totalSz, contentInfoSeq,
+            pkcs7->encodeStream);
         totalSz += contentInfoSeqSz;
+    #ifdef ASN_BER_TO_DER
+        if (pkcs7->encodeStream) {
+            totalSz += ASN_INDEF_END_SZ;
+        }
+    #endif
     }
 
-    if (totalSz > (int)outputSz) {
+    if ((totalSz > (int)outputSz)
+    #ifdef ASN_BER_TO_DER
+         && (pkcs7->streamOutCb == NULL)
+    #endif
+    ) {
         WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -8620,44 +10093,112 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BUFFER_E;
     }
 
+    /* begin writing out PKCS7 bundle */
     if (pkcs7->contentOID != FIRMWARE_PKG_DATA) {
-        XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            contentInfoSeq, (word32)contentInfoSeqSz);
         idx += contentInfoSeqSz;
-        XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            outerContentType, (word32)outerContentTypeSz);
         idx += outerContentTypeSz;
-        XMEMCPY(output + idx, outerContent, outerContentSz);
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            outerContent, (word32)outerContentSz);
         idx += outerContentSz;
     }
-    XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
+
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            envDataSeq, (word32)envDataSeqSz);
     idx += envDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, recipSet, recipSetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            recipSet, (word32)recipSetSz);
     idx += recipSetSz;
     /* copy in recipients from list */
     tmpRecip = pkcs7->recipList;
     while (tmpRecip != NULL) {
-        XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz);
-        idx += tmpRecip->recipSz;
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            tmpRecip->recip, tmpRecip->recipSz);
+        idx += (int)tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
-    XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            ivOctetString, (word32)ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(output + idx, tmpIv, blockSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            tmpIv, (word32)blockSz);
     idx += blockSz;
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
-    idx += encryptedOutSz;
+
+    /* encrypt content */
+    ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
+            (int)pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
+            encryptedOutSz, encryptedContent);
+    if (ret != 0) {
+        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+
+        XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+
+        wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+        return ret;
+    }
+
+#ifdef ASN_BER_TO_DER
+    /* stream the content (octet string with multiple octet elements) */
+    if (pkcs7->encodeStream) {
+        byte indefEnd[ASN_INDEF_END_SZ * 5];
+        word32 localIdx = 0;
+
+        /* advance index past encrypted content */
+        if (!pkcs7->streamOutCb) {
+            wc_PKCS7_WriteOut(pkcs7, (output)? output + idx : NULL,
+                encryptedContent, streamSz);
+        }
+        idx += (int)streamSz;
+
+        /* end of encrypted content */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of encrypted content info */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of Enveloped Data seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content set */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        /* end of outer content info seq */
+        localIdx += SetIndefEnd(indefEnd + localIdx);
+
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            indefEnd, localIdx);
+        idx += (int)localIdx;
+    }
+    else
+#endif
+    {
+        wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
+            encryptedContent, (word32)encryptedOutSz);
+        idx += encryptedOutSz;
+    }
 
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+
     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
     return idx;
@@ -8665,7 +10206,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
 #ifndef NO_RSA
 /* decode KeyTransRecipientInfo (ktri), return 0 on success, <0 on error */
-static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -8739,8 +10280,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = BUFFER_E;
                 break;
             }
-            pkcs7->stream->expected = (pkcs7->stream->maxLen -
-                                pkcs7->stream->totalRd) + pkcs7->stream->length;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_2);
             FALL_THROUGH;
@@ -8778,8 +10317,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                         return ret;
                 }
 
-                pkcs7->stream->expected = sz + MAX_ALGO_SZ + ASN_TAG_SZ +
-                                          MAX_LENGTH_SZ;
+                pkcs7->stream->expected = (word32)sz + MAX_ALGO_SZ + ASN_TAG_SZ +
+                                          MAX_LENGTH_SZ + 512;
                 if (pkcs7->stream->length > 0 &&
                         pkcs7->stream->length < pkcs7->stream->expected) {
                     return WC_PKCS7_WANT_READ_E;
@@ -8793,12 +10332,13 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
                     return ASN_PARSE_E;
 
-                if (GetNameHash_ex(pkiMsg, idx, issuerHash, pkiMsgSz,
+                if (GetNameHash_ex(pkiMsg, idx, issuerHash, (int)pkiMsgSz,
                                    pkcs7->publicKeyOID) < 0)
                     return ASN_PARSE_E;
 
                 /* if we found correct recipient, issuer hashes will match */
-                if (XMEMCMP(issuerHash, pkcs7->issuerHash, keyIdSize) == 0) {
+                if (XMEMCMP(issuerHash, pkcs7->issuerHash,
+                            (word32)keyIdSize) == 0) {
                     *recipFound = 1;
                 }
 
@@ -8851,10 +10391,10 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
 
                 /* if we found correct recipient, SKID will match */
                 if (XMEMCMP(pkiMsg + (*idx), pkcs7->issuerSubjKeyId,
-                            keyIdSize) == 0) {
+                            (word32)keyIdSize) == 0) {
                     *recipFound = 1;
                 }
-                (*idx) += keyIdSize;
+                (*idx) += (word32)keyIdSize;
             }
 
             if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
@@ -8899,8 +10439,9 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                     break;
             }
-            wc_PKCS7_StreamStoreVar(pkcs7, encryptedKeySz, sidType, version);
-            pkcs7->stream->expected = encryptedKeySz;
+            wc_PKCS7_StreamStoreVar(pkcs7, (word32)encryptedKeySz, sidType,
+                version);
+            pkcs7->stream->expected = (word32)encryptedKeySz;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_3);
             FALL_THROUGH;
@@ -8911,18 +10452,18 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                             pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
                 return ret;
             }
-            encryptedKeySz = pkcs7->stream->expected;
+            encryptedKeySz = (int)pkcs7->stream->expected;
         #endif
 
             /* Always allocate to ensure aligned use with RSA */
-            encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap,
+            encryptedKey = (byte*)XMALLOC((word32)encryptedKeySz, pkcs7->heap,
                                           DYNAMIC_TYPE_WOLF_BIGINT);
             if (encryptedKey == NULL)
                 return MEMORY_E;
 
             if (*recipFound == 1)
-                XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz);
-            *idx += encryptedKeySz;
+                XMEMCPY(encryptedKey, &pkiMsg[*idx], (word32)encryptedKeySz);
+            *idx += (word32)encryptedKeySz;
 
             /* load private key */
         #ifdef WOLFSSL_SMALL_STACK
@@ -8982,12 +10523,12 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                     if (encOID != RSAESOAEPk) {
             #endif
                         keySz = wc_RsaPrivateDecryptInline(encryptedKey,
-                                                        encryptedKeySz, &outKey,
-                                                        privKey);
+                                                (word32)encryptedKeySz, &outKey,
+                                                privKey);
             #ifndef WC_NO_RSA_OAEP
                     }
                     else {
-                        word32 outLen = wc_RsaEncryptSize(privKey);
+                        word32 outLen = (word32)wc_RsaEncryptSize(privKey);
                         outKey = (byte*)XMALLOC(outLen, pkcs7->heap,
                                                     DYNAMIC_TYPE_TMP_BUFFER);
                         if (!outKey) {
@@ -9004,14 +10545,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                         }
 
                         keySz = wc_RsaPrivateDecrypt_ex(encryptedKey,
-                                encryptedKeySz, outKey, outLen, privKey,
+                                (word32)encryptedKeySz, outKey, outLen, privKey,
                                 WC_RSA_OAEP_PAD,
                                 WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
                     }
             #endif
                 }
             #ifdef WOLFSSL_ASYNC_CRYPT
-                } while (keySz == WC_PENDING_E);
+                } while (keySz == WC_NO_ERR_TRACE(WC_PENDING_E));
             #endif
                 #ifdef WC_RSA_BLINDING
                     wc_FreeRng(&rng);
@@ -9022,7 +10563,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             wc_FreeRsaKey(privKey);
 
             if (keySz <= 0 || outKey == NULL) {
-                ForceZero(encryptedKey, encryptedKeySz);
+                ForceZero(encryptedKey, (word32)encryptedKeySz);
                 XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
         #ifdef WOLFSSL_SMALL_STACK
                 XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9036,9 +10577,9 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
         #endif
                 return keySz;
             } else {
-                *decryptedKeySz = keySz;
-                XMEMCPY(decryptedKey, outKey, keySz);
-                ForceZero(encryptedKey, encryptedKeySz);
+                *decryptedKeySz = (word32)keySz;
+                XMEMCPY(decryptedKey, outKey, (word32)keySz);
+                ForceZero(encryptedKey, (word32)encryptedKeySz);
             }
 
             XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
@@ -9143,15 +10684,16 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari,
     kari->senderKeyInit = 1;
 
     /* length-1 for unused bits counter */
-    ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), length - 1, kari->senderKey,
-            curve_id);
+    ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), (word32)length - 1,
+            kari->senderKey, curve_id);
     if (ret != 0) {
-        ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, *idx + length - 1);
+        ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey,
+            *idx + (word32)length - 1);
         if (ret != 0)
             return ret;
     }
     else {
-        (*idx) += length - 1;
+        (*idx) += (word32)(length - 1);
     }
 
     return 0;
@@ -9204,16 +10746,17 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari,
 
     kari->ukm = NULL;
     if (length > 0) {
-        kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7);
+        kari->ukm = (byte*)XMALLOC((word32)length, kari->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
         if (kari->ukm == NULL)
             return MEMORY_E;
 
-        XMEMCPY(kari->ukm, pkiMsg + (*idx), length);
+        XMEMCPY(kari->ukm, pkiMsg + (*idx), (word32)length);
         kari->ukmOwner = 1;
     }
 
-    (*idx) += length;
-    kari->ukmSz = length;
+    (*idx) += (word32)length;
+    kari->ukmSz = (word32)length;
 
     return 0;
 }
@@ -9244,7 +10787,7 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari,
         return ASN_PARSE_E;
     }
 
-    if (localIdx < *idx + length) {
+    if (localIdx < *idx + (word32)length) {
         *idx = localIdx;
     }
     /* remove KeyWrapAlgorithm, stored in parameter of KeyEncAlgoId */
@@ -9303,11 +10846,11 @@ static int wc_PKCS7_KariGetSubjectKeyIdentifier(WC_PKCS7_KARI* kari,
     if (length != keyIdSize)
         return ASN_PARSE_E;
 
-    XMEMCPY(rid, pkiMsg + (*idx), keyIdSize);
-    (*idx) += length;
+    XMEMCPY(rid, pkiMsg + (*idx), (word32)keyIdSize);
+    (*idx) += (word32)length;
 
     /* subject key id should match if recipient found */
-    if (XMEMCMP(rid, kari->decoded->extSubjKeyId, keyIdSize) == 0) {
+    if (XMEMCMP(rid, kari->decoded->extSubjKeyId, (word32)keyIdSize) == 0) {
         *recipFound = 1;
     }
 
@@ -9346,14 +10889,14 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
     if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
         return ASN_PARSE_E;
 
-    if (GetNameHash_ex(pkiMsg, idx, rid, pkiMsgSz,
+    if (GetNameHash_ex(pkiMsg, idx, rid, (int)pkiMsgSz,
                        kari->decoded->signatureOID) < 0) {
         return ASN_PARSE_E;
     }
 
     /* if we found correct recipient, issuer hashes will match */
     if (kari->decodedInit == 1) {
-        if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) {
+        if (XMEMCMP(rid, kari->decoded->issuerHash, (word32)keyIdSize) == 0) {
             *recipFound = 1;
         }
     }
@@ -9388,7 +10931,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
     ret = mp_init(recipSerial);
     if (ret == MP_OKAY)
         ret = mp_read_unsigned_bin(recipSerial, kari->decoded->serial,
-                             kari->decoded->serialSz);
+                             (word32)kari->decoded->serialSz);
     if (ret != MP_OKAY) {
         mp_clear(serial);
         WOLFSSL_MSG("Failed to parse CMS recipient serial number");
@@ -9480,9 +11023,9 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
     if (length > *encryptedKeySz)
         return BUFFER_E;
 
-    XMEMCPY(encryptedKey, pkiMsg + (*idx), length);
+    XMEMCPY(encryptedKey, pkiMsg + (*idx), (word32)length);
     *encryptedKeySz = length;
-    (*idx) += length;
+    (*idx) += (word32)length;
 
     return 0;
 }
@@ -9490,7 +11033,7 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
 #endif /* HAVE_ECC */
 
 
-int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -9501,7 +11044,7 @@ int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx)
 }
 
 
-int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx)
 {
 
     if (pkcs7 == NULL)
@@ -9513,7 +11056,7 @@ int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx)
 }
 
 
-int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb)
+int wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -9525,7 +11068,7 @@ int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb)
 
 
 /* return 0 on success */
-int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb)
+int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -9551,7 +11094,7 @@ int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb)
  *
  * Return 0 on success, negative upon error.
  */
-static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptOri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -9593,12 +11136,12 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetASNObjectId(pkiMsg, idx, &oriOIDSz, pkiMsgSz) != 0)
                 return ASN_PARSE_E;
 
-            XMEMCPY(oriOID, pkiMsg + *idx, oriOIDSz);
-            *idx += oriOIDSz;
+            XMEMCPY(oriOID, pkiMsg + *idx, (word32)oriOIDSz);
+            *idx += (word32)oriOIDSz;
 
             /* get oriValue, increment idx */
             oriValue = pkiMsg + *idx;
-            oriValueSz = seqSz - (*idx - tmpIdx);
+            oriValueSz = (word32)seqSz - (*idx - tmpIdx);
             *idx += oriValueSz;
 
             /* pass oriOID and oriValue to user callback, expect back
@@ -9613,7 +11156,8 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
                 return PKCS7_RECIP_E;
             }
 
-            /* mark recipFound, since we only support one RecipientInfo for now */
+            /* mark recipFound, since we only support one RecipientInfo for
+             * now */
             *recipFound = 1;
 
         #ifndef NO_PKCS7_STREAM
@@ -9637,7 +11181,7 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 PasswordRecipientInfo (pwri), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -9706,12 +11250,13 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetLength(pkiMsg, idx, &saltSz, pkiMsgSz) < 0)
                 return ASN_PARSE_E;
 
-            salt = (byte*)XMALLOC(saltSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            salt = (byte*)XMALLOC((word32)saltSz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
             if (salt == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(salt, pkiMsg + (*idx), saltSz);
-            *idx += saltSz;
+            XMEMCPY(salt, pkiMsg + (*idx), (word32)saltSz);
+            *idx += (word32)saltSz;
 
             /* get KDF iterations */
             if (GetMyVersion(pkiMsg, idx, &iterations, pkiMsgSz) < 0) {
@@ -9732,19 +11277,20 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* get pwriEncAlgoId */
-            if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, pkiMsgSz) < 0) {
+            if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType,
+                                                                pkiMsgSz) < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ASN_PARSE_E;
             }
 
-            blockSz = wc_PKCS7_GetOIDBlockSize(pwriEncAlgoId);
+            blockSz = wc_PKCS7_GetOIDBlockSize((int)pwriEncAlgoId);
             if (blockSz < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return blockSz;
             }
 
             /* get content-encryption key size, based on algorithm */
-            kekKeySz = wc_PKCS7_GetOIDKeySize(pwriEncAlgoId);
+            kekKeySz = wc_PKCS7_GetOIDKeySize((int)pwriEncAlgoId);
             if (kekKeySz < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return kekKeySz;
@@ -9767,13 +11313,14 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             if (length != blockSz) {
-                WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
+                WOLFSSL_MSG("Incorrect IV length, must be of content alg block "
+                            "size");
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ASN_PARSE_E;
             }
 
-            XMEMCPY(tmpIv, pkiMsg + (*idx), length);
-            *idx += length;
+            XMEMCPY(tmpIv, pkiMsg + (*idx), (word32)length);
+            *idx += (word32)length;
 
             /* get EncryptedKey */
             if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) {
@@ -9792,7 +11339,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* allocate temporary space for decrypted key */
-            cekSz = length;
+            cekSz = (word32)length;
             cek = (byte*)XMALLOC(cekSz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
             if (cek == NULL) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9800,7 +11347,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* generate KEK */
-            kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
             if (kek == NULL) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9808,8 +11356,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz,
-                                            salt, saltSz, kdfAlgoId, hashOID,
-                                            iterations, kek, kekKeySz);
+                                  salt, (word32)saltSz, (int)kdfAlgoId, hashOID,
+                                  iterations, kek, (word32)kekKeySz);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9818,9 +11366,9 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* decrypt CEK with KEK */
-            ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, kekKeySz,
-                                             pkiMsg + (*idx), length, cek,
-                                             cekSz, tmpIv, blockSz,
+            ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz,
+                                             pkiMsg + (*idx), (word32)length,
+                                             cek, cekSz, tmpIv, (word32)blockSz,
                                              pwriEncAlgoId);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9828,7 +11376,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
                 XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ret;
             }
-            cekSz = ret;
+            cekSz = (word32)ret;
 
             if (*decryptedKeySz < cekSz) {
                 WOLFSSL_MSG("Decrypted key buffer too small for CEK");
@@ -9847,7 +11395,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* mark recipFound, since we only support one RecipientInfo for now */
             *recipFound = 1;
-            *idx += length;
+            *idx += (word32)length;
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                 break;
@@ -9868,7 +11416,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 KEKRecipientInfo (kekri), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -9901,7 +11449,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
                 return ASN_PARSE_E;
 
-            kekIdSz = length;
+            kekIdSz = (word32)length;
 
             if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0)
                 return ASN_PARSE_E;
@@ -9914,18 +11462,18 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* save keyIdentifier and length */
             keyId = pkiMsg + *idx;
-            keyIdSz = length;
+            keyIdSz = (word32)length;
             *idx += keyIdSz;
 
             /* may have OPTIONAL GeneralizedTime */
             localIdx = *idx;
             if ((*idx < kekIdSz) && GetASNTag(pkiMsg, &localIdx, &tag,
                         pkiMsgSz) == 0 && tag == ASN_GENERALIZED_TIME) {
-                if (wc_GetDateInfo(pkiMsg + *idx, pkiMsgSz, &datePtr, &dateFormat,
-                                   &dateLen) != 0) {
+                if (wc_GetDateInfo(pkiMsg + *idx, (int)pkiMsgSz, &datePtr,
+                        &dateFormat, &dateLen) != 0) {
                     return ASN_PARSE_E;
                 }
-                *idx += (dateLen + 1);
+                *idx += (word32)(dateLen + 1);
             }
 
             if (*idx > pkiMsgSz) {
@@ -9941,7 +11489,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
                     return ASN_PARSE_E;
 
                 /* skip it */
-                *idx += length;
+                *idx += (word32)length;
             }
 
             if (*idx > pkiMsgSz) {
@@ -9949,7 +11497,8 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* get KeyEncryptionAlgorithmIdentifier */
-            if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz) < 0)
+            if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz)
+                    < 0)
                 return ASN_PARSE_E;
 
             /* get EncryptedKey */
@@ -9970,24 +11519,26 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* decrypt CEK with KEK */
             if (pkcs7->wrapCEKCb) {
-                keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, length, keyId,
-                                     keyIdSz, NULL, 0, decryptedKey,
-                                     *decryptedKeySz, keyWrapOID,
-                                     (int)PKCS7_KEKRI, direction);
+                keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, (word32)length,
+                                    keyId, keyIdSz, NULL, 0, decryptedKey,
+                                    *decryptedKeySz, (int)keyWrapOID,
+                                    (int)PKCS7_KEKRI, direction);
             }
             else {
-                keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, length, pkcs7->privateKey,
-                                     pkcs7->privateKeySz, decryptedKey, *decryptedKeySz,
-                                     keyWrapOID, direction);
+                keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length,
+                                    pkcs7->privateKey, pkcs7->privateKeySz,
+                                    decryptedKey, *decryptedKeySz,
+                                    (int)keyWrapOID, direction);
             }
             if (keySz <= 0)
                 return keySz;
 
             *decryptedKeySz = (word32)keySz;
 
-            /* mark recipFound, since we only support one RecipientInfo for now */
+            /* mark recipFound, since we only support one RecipientInfo for
+             * now */
             *recipFound = 1;
-            *idx += length;
+            *idx += (word32)length;
 
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
@@ -10010,7 +11561,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 KeyAgreeRecipientInfo (kari), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -10033,7 +11584,6 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 #ifndef NO_PKCS7_STREAM
     word32 tmpIdx = (idx) ? *idx : 0;
 #endif
-
     WOLFSSL_ENTER("wc_PKCS7_DecryptKari");
     if (pkcs7 == NULL || pkiMsg == NULL ||
         idx == NULL || decryptedKey == NULL || decryptedKeySz == NULL) {
@@ -10077,9 +11627,10 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* parse cert and key */
             ret = wc_PKCS7_KariParseRecipCert(kari, (byte*)pkcs7->singleCert,
-                                          pkcs7->singleCertSz, pkcs7->privateKey,
-                                          pkcs7->privateKeySz);
-            if (ret != 0) {
+                                         pkcs7->singleCertSz, pkcs7->privateKey,
+                                         pkcs7->privateKeySz);
+
+             if (ret != 0) {
                 wc_PKCS7_KariFree(kari);
             #ifdef WOLFSSL_SMALL_STACK
                 XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -10099,7 +11650,8 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* try and remove optional UserKeyingMaterial */
-            ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz, idx);
+            ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz,
+                idx);
             if (ret != 0) {
                 wc_PKCS7_KariFree(kari);
                 #ifdef WOLFSSL_SMALL_STACK
@@ -10119,9 +11671,10 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 return ret;
             }
 
-            /* if user has not explicitly set keyAgreeOID, set from one in bundle */
+            /* if user has not explicitly set keyAgreeOID, set from one in
+             * bundle */
             if (pkcs7->keyAgreeOID == 0)
-                pkcs7->keyAgreeOID = keyAgreeOID;
+                pkcs7->keyAgreeOID = (int)keyAgreeOID;
 
             /* set direction based on key wrap algorithm */
             switch (keyWrapOID) {
@@ -10173,7 +11726,11 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 PRIVATE_KEY_UNLOCK();
                 ret = wc_ecc_export_x963(kari->senderKey, NULL, &tmpKeySz);
                 PRIVATE_KEY_LOCK();
-                if (ret != LENGTH_ONLY_E) {
+                if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+                    wc_PKCS7_KariFree(kari);
+                    #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    #endif
                     return ret;
                 }
 
@@ -10188,21 +11745,29 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 tmpKeyDer = (byte*)XMALLOC(tmpKeySz, pkcs7->heap,
                         DYNAMIC_TYPE_TMP_BUFFER);
                 if (tmpKeyDer == NULL) {
+                    wc_PKCS7_KariFree(kari);
+                    #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    #endif
                     return MEMORY_E;
                 }
 
                 ret = wc_EccPublicKeyToDer(kari->senderKey, tmpKeyDer,
                                          tmpKeySz, 1);
                 if (ret < 0) {
+                    wc_PKCS7_KariFree(kari);
+                    #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    #endif
                     XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                     return ret;
                 }
                 tmpKeySz = (word32)ret;
 
-                keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey, encryptedKeySz,
-                        rid, keyIdSize, tmpKeyDer, tmpKeySz,
-                        decryptedKey, *decryptedKeySz,
-                        keyWrapOID, (int)PKCS7_KARI, direction);
+                keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey,
+                    (word32)encryptedKeySz, rid, (word32)keyIdSize, tmpKeyDer,
+                    tmpKeySz, decryptedKey, *decryptedKeySz,
+                    (int)keyWrapOID, (int)PKCS7_KARI, direction);
                 XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
                 if (keySz  > 0) {
@@ -10215,8 +11780,8 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
             }
             else {
                 /* create KEK */
-                ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, keyWrapOID,
-                                               pkcs7->keyAgreeOID);
+                ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng,
+                    (int)keyWrapOID, pkcs7->keyAgreeOID);
                 if (ret != 0) {
                     wc_PKCS7_KariFree(kari);
                     #ifdef WOLFSSL_SMALL_STACK
@@ -10226,9 +11791,9 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 /* decrypt CEK with KEK */
-                keySz = wc_PKCS7_KeyWrap(encryptedKey, encryptedKeySz, kari->kek,
-                                         kari->kekSz, decryptedKey, *decryptedKeySz,
-                                         keyWrapOID, direction);
+                keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz,
+                    kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz,
+                    (int)keyWrapOID, direction);
             }
             if (keySz <= 0) {
                 wc_PKCS7_KariFree(kari);
@@ -10277,7 +11842,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 
 
 /* decode ASN.1 RecipientInfos SET, return 0 on success, < 0 on error */
-static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
+static int wc_PKCS7_DecryptRecipientInfos(wc_PKCS7* pkcs7, byte* in,
                             word32  inSz, word32* idx, byte* decryptedKey,
                             word32* decryptedKeySz, int* recipFound)
 {
@@ -10356,7 +11921,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
 
     /* when looking for next recipient, use first sequence and version to
      * indicate there is another, if not, move on */
-    while(*recipFound == 0) {
+    while (*recipFound == 0) {
 
         /* remove RecipientInfo, if we don't have a SEQUENCE, back up idx to
          * last good saved one */
@@ -10514,15 +12079,15 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
 /* Parse encoded EnvelopedData bundle up to RecipientInfo set.
  *
  * return size of RecipientInfo SET on success, negative upon error */
-static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
+static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in,
                                             word32 inSz, word32* idx,
                                             int type)
 {
-    int version = 0, length, ret = 0;
-    word32 contentType;
-    byte* pkiMsg = in;
+    int version = 0, length = 0, ret = 0;
+    word32 contentType= 0;
     word32 pkiMsgSz = inSz;
-    byte  tag;
+    byte*  pkiMsg = in;
+    byte   tag = 0;
 #ifndef NO_PKCS7_STREAM
     word32 tmpIdx = 0;
 #endif
@@ -10548,7 +12113,6 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
 
     switch (pkcs7->state) {
         case WC_PKCS7_INFOSET_START:
-        case WC_PKCS7_INFOSET_BER:
         case WC_PKCS7_INFOSET_STAGE1:
         case WC_PKCS7_INFOSET_STAGE2:
         case WC_PKCS7_INFOSET_END:
@@ -10580,41 +12144,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
 
             if (ret == 0 && length == 0 && pkiMsg[(*idx)-1] == 0x80) {
         #ifdef ASN_BER_TO_DER
-                word32 len;
-
-                wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_INFOSET_BER);
-                FALL_THROUGH;
-
-                /* full buffer is needed for conversion */
-                case WC_PKCS7_INFOSET_BER:
-                #ifndef NO_PKCS7_STREAM
-                if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
-                            pkcs7->stream->maxLen - pkcs7->stream->length,
-                            &pkiMsg, idx)) != 0) {
-                    return ret;
-                }
-                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
-                    inSz;
-                #endif
-
-                len = 0;
-
-                ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len);
-                if (ret != LENGTH_ONLY_E)
-                    return ret;
-                pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                if (pkcs7->der == NULL)
-                    return MEMORY_E;
-                ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len);
-                if (ret < 0)
-                    return ret;
-
-                pkiMsg = in = pkcs7->der;
-                pkiMsgSz = pkcs7->derSz = inSz = len;
-                *idx = 0;
-
-                if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
-                    return ASN_PARSE_E;
+                pkcs7->indefDepth++;
         #else
                 return BER_INDEF_E;
         #endif
@@ -10643,7 +12173,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                     ret = ASN_PARSE_E;
 
                 if (ret == 0) {
-                    if (type == ENVELOPED_DATA && contentType != ENVELOPED_DATA) {
+                    if (type == ENVELOPED_DATA && contentType !=
+                            ENVELOPED_DATA) {
                         WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData");
                         ret = PKCS7_OID_E;
                     } else if (type == AUTH_ENVELOPED_DATA &&
@@ -10703,7 +12234,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                 break;
             }
 
-            pkcs7->stream->varOne = version;
+            pkcs7->stream->varOne = (word32)version;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_INFOSET_END);
             FALL_THROUGH;
@@ -10715,7 +12246,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                 return ret;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
-            version = pkcs7->stream->varOne;
+            version = (int)pkcs7->stream->varOne;
         #endif
 
             if (type == ENVELOPED_DATA) {
@@ -10733,7 +12264,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
             } else {
                 /* AuthEnvelopedData version MUST be 0 */
                 if (version != 0) {
-                    WOLFSSL_MSG("PKCS#7 AuthEnvelopedData needs to be of version 0");
+                    WOLFSSL_MSG(
+                           "PKCS#7 AuthEnvelopedData needs to be of version 0");
                     ret = ASN_VERSION_E;
                 }
             }
@@ -10747,6 +12279,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                 break;
 
         #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->expected = (word32)length;
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                 break;
             }
@@ -10771,7 +12304,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
  * the secret key for decryption a EnvelopedData KEKRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz)
+WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     if (pkcs7 == NULL || key == NULL || keySz == 0)
         return BAD_FUNC_ARG;
@@ -10783,9 +12316,10 @@ WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz)
 }
 
 
+#if 0
 /* append data to encrypted content cache in PKCS7 structure
  * return 0 on success, negative on error */
-static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz)
+static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz)
 {
     byte* oldCache;
     word32 oldCacheSz;
@@ -10816,10 +12350,11 @@ static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz)
 
     return 0;
 }
+#endif
 
 
 /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
+WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                          word32 inSz, byte* output,
                                          word32 outputSz)
 {
@@ -10844,16 +12379,23 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
     byte padLen;
     byte* encryptedContent = NULL;
     int explicitOctet = 0;
-    word32 localIdx;
+    word32 localIdx = 0;
     byte   tag = 0;
 
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
 
-    if (pkiMsg == NULL || pkiMsgSz == 0 ||
-        output == NULL || outputSz == 0)
+    if (pkiMsg == NULL || pkiMsgSz == 0)
         return BAD_FUNC_ARG;
 
+    if ((output == NULL || outputSz == 0)
+    #ifdef ASN_BER_TO_DER
+        && pkcs7->streamOutCb == NULL
+    #endif
+    ) {
+        return BAD_FUNC_ARG;
+    }
+
 #ifndef NO_PKCS7_STREAM
     (void)tmpIv; /* help out static analysis */
     if (pkcs7->stream == NULL) {
@@ -10866,7 +12408,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         case WC_PKCS7_INFOSET_START:
-        case WC_PKCS7_INFOSET_BER:
         case WC_PKCS7_INFOSET_STAGE1:
         case WC_PKCS7_INFOSET_STAGE2:
         case WC_PKCS7_INFOSET_END:
@@ -10876,17 +12417,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
 
-        #ifdef ASN_BER_TO_DER
-            /* check if content was BER and has been converted to DER */
-            if (pkcs7->derSz > 0) {
-                pkiMsg = in = pkcs7->der;
-                inSz = pkcs7->derSz;
-            #ifdef NO_PKCS7_STREAM
-                pkiMsgSz = pkcs7->derSz;
-            #endif
-            }
-        #endif
-
             decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
                                                        DYNAMIC_TYPE_PKCS7);
             if (decryptedKey == NULL)
@@ -10924,7 +12454,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                                         decryptedKey, &decryptedKeySz,
                                         &recipFound);
             if (ret == 0 && recipFound == 0) {
-                WOLFSSL_MSG("No recipient found in envelopedData that matches input");
+                WOLFSSL_MSG(
+                      "No recipient found in envelopedData that matches input");
                 ret = PKCS7_RECIP_E;
             }
 
@@ -10933,6 +12464,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
         #ifndef NO_PKCS7_STREAM
             tmpIdx               = idx;
             pkcs7->stream->aadSz = decryptedKeySz;
+            pkcs7->stream->expected = MAX_LENGTH_SZ + MAX_VERSION_SZ +
+                ASN_TAG_SZ + MAX_LENGTH_SZ;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3);
             FALL_THROUGH;
@@ -10940,10 +12473,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
         case WC_PKCS7_ENV_3:
 
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
-                                                MAX_VERSION_SZ + ASN_TAG_SZ +
-                                                MAX_LENGTH_SZ, &pkiMsg, &idx))
-                                                != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 return ret;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
@@ -10957,13 +12488,47 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = ASN_PARSE_E;
             }
 
+        #ifndef NO_PKCS7_STREAM
+            if (length == 0) {
+                /* if indefinite length, assume worst case size
+                 * - Content Type OID + tag/length
+                 * - Algorithm ID structure (OID + parameters)
+                 * - Version
+                 */
+                pkcs7->stream->expected = MAX_SEQ_SZ +    /* outer sequence */
+                                          MAX_OID_SZ +    /* content type OID */
+                                          MAX_ALGO_SZ +   /* algo identifier */
+                                          MAX_VERSION_SZ +/* version */
+                                          ASN_TAG_SZ +    /* tag */
+                                          MAX_LENGTH_SZ;  /* length */
+            }
+            else {
+                /* revize expected size if known */
+                pkcs7->stream->expected = (word32)length + ASN_TAG_SZ;
+            }
+
+            /* Did we get enough for the expected length? */
+            if (pkcs7->stream->expected > pkiMsgSz) {
+                localIdx = idx;
+                if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                        pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                    return ret;
+                }
+                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                        inSz;
+                if (pkcs7->stream->length > 0) {
+                    idx = localIdx; /* account for byte used with seq read */
+                }
+            }
+        #endif
+
             if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
                         pkiMsgSz) < 0) {
                 ret = ASN_PARSE_E;
             }
 
             if (ret == 0) {
-                pkcs7->contentOID = contentType;
+                pkcs7->contentOID = (int)contentType;
             }
 
             if (ret == 0 && GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType,
@@ -10971,12 +12536,12 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = ASN_PARSE_E;
             }
 
-            blockKeySz = wc_PKCS7_GetOIDKeySize(encOID);
+            blockKeySz = wc_PKCS7_GetOIDKeySize((int)encOID);
             if (ret == 0 && blockKeySz < 0) {
                 ret = blockKeySz;
             }
 
-            expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID);
+            expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID);
             if (ret == 0 && expBlockSz < 0) {
                 ret = expBlockSz;
             }
@@ -10996,7 +12561,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0 && length != expBlockSz) {
-                WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
+                WOLFSSL_MSG(
+                      "Incorrect IV length, must be of content alg block size");
                 ret = ASN_PARSE_E;
             }
 
@@ -11007,9 +12573,9 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
             wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, length);
-            pkcs7->stream->contentSz = blockKeySz;
-            pkcs7->stream->expected = length + MAX_LENGTH_SZ + MAX_LENGTH_SZ +
-                ASN_TAG_SZ + ASN_TAG_SZ;
+            pkcs7->stream->contentSz = (word32)blockKeySz;
+            pkcs7->stream->expected = (word32)length + MAX_LENGTH_SZ +
+                MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_4);
             FALL_THROUGH;
@@ -11034,8 +12600,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             ret = 0;
         #endif
 
-            XMEMCPY(tmpIv, &pkiMsg[idx], length);
-            idx += length;
+            XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length);
+            idx += (word32)length;
 
             explicitOctet = 0;
             localIdx = idx;
@@ -11051,8 +12617,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             }
             idx++;
 
-            if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentTotalSz,
-                                                               pkiMsgSz) <= 0) {
+            if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentTotalSz,
+                                                            pkiMsgSz, 0) < 0) {
                 ret = ASN_PARSE_E;
             }
 
@@ -11063,9 +12629,25 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                 break;
             }
-            pkcs7->stream->expected = encryptedContentTotalSz;
+            pkcs7->stream->expected = (word32)encryptedContentTotalSz;
+            if (explicitOctet) {
+                pkcs7->stream->expected = MAX_OCTET_STR_SZ;
+            }
             wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, 0);
             wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, explicitOctet);
+
+            if (explicitOctet) {
+                /* initialize decryption state in preparation */
+                if (pkcs7->decryptionCb == NULL) {
+                    ret = wc_PKCS7_DecryptContentInit(pkcs7, encOID,
+                        pkcs7->stream->aad, pkcs7->stream->aadSz,
+                        pkcs7->stream->tmpIv, expBlockSz,
+                        pkcs7->devId, pkcs7->heap);
+                    if (ret != 0)
+                        break;
+                }
+            }
+
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_5);
             FALL_THROUGH;
@@ -11080,12 +12662,14 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
 
             wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, &explicitOctet);
             tmpIv = pkcs7->stream->tmpIv;
-            encryptedContentTotalSz = pkcs7->stream->expected;
+            encryptedContentTotalSz = (int)pkcs7->stream->expected;
+
+            pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
 
             /* restore decrypted key */
             decryptedKey   = pkcs7->stream->aad;
             decryptedKeySz = pkcs7->stream->aadSz;
-            blockKeySz = pkcs7->stream->contentSz;
+            blockKeySz = (int)pkcs7->stream->contentSz;
         #else
             ret = 0;
         #endif
@@ -11093,11 +12677,27 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             if (explicitOctet) {
                 /* encrypted content may be fragmented into multiple
                  * consecutive OCTET STRINGs, if so loop through
-                 * collecting and caching encrypted content bytes */
-                localIdx = idx;
-                while (idx < (localIdx + encryptedContentTotalSz)) {
+                 * decrypting and outputting or caching contents until the indef
+                 * ending tag is found */
 
-                    if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
+                while (1) {
+                    encryptedContentSz = 0;
+                    if (pkiMsgSz <= localIdx + MAX_OCTET_STR_SZ) {
+                    #ifndef NO_PKCS7_STREAM
+                        /* ran out of data to parse */
+                        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                            break;
+                        }
+                        pkiMsgSz = (pkcs7->stream->length > 0) ?
+                            pkcs7->stream->length : inSz;
+                    #else
+                        ret = BUFFER_E;
+                    #endif
+                    }
+
+                    localIdx = idx;
+                    if (GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) < 0) {
                         ret = ASN_PARSE_E;
                     }
 
@@ -11105,60 +12705,175 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                         ret = ASN_PARSE_E;
                     }
 
-                    if (ret == 0 && GetLength(pkiMsg, &idx,
-                                &encryptedContentSz, pkiMsgSz) <= 0) {
+                    if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
+                                &encryptedContentSz, pkiMsgSz, 0) <= 0) {
                         ret = ASN_PARSE_E;
                     }
+                #ifndef NO_PKCS7_STREAM
+                    if (ret == 0) {
+                        /* always try to get 2 extra bytes to catch indef ending */
+                        pkcs7->stream->expected = (word32)encryptedContentSz +
+                            (localIdx - idx) + ASN_INDEF_END_SZ;
+                    }
+                #endif
+
+                    if (ret == 0 &&
+                         pkcs7->cachedEncryptedContentSz <
+                         (word32)encryptedContentSz) {
+                        if (pkcs7->cachedEncryptedContent != NULL) {
+                            XFREE(pkcs7->cachedEncryptedContent, pkcs7->heap,
+                                DYNAMIC_TYPE_PKCS7);
+                        }
+                        pkcs7->cachedEncryptedContent = (byte*)XMALLOC(
+                            (word32)encryptedContentSz, pkcs7->heap,
+                            DYNAMIC_TYPE_PKCS7);
+                        if (pkcs7->cachedEncryptedContent == NULL) {
+                            ret = MEMORY_E;
+                        }
+                    }
+                    pkcs7->cachedEncryptedContentSz =
+                        (word32)encryptedContentSz;
+
+                    /* sanity check that the buffer has all of the data */
+                    if (ret == 0 && (localIdx + (word32)encryptedContentSz) >
+                            pkiMsgSz) {
+                    #ifndef NO_PKCS7_STREAM
+                        word32 ofsetIdx = localIdx - idx;
+                        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &localIdx))
+                                != 0) {
+                            return ret;
+                        }
+                        localIdx += ofsetIdx;
+                        pkiMsgSz = (pkcs7->stream->length > 0)?
+                            pkcs7->stream->length: inSz;
+                    #else
+                        ret = BUFFER_E;
+                    #endif
+                    }
+
+                    /* Use callback for decryption still, if set */
+                    if (ret == 0 && pkcs7->decryptionCb != NULL) {
+                        ret = pkcs7->decryptionCb(pkcs7, (int)encOID, tmpIv,
+                            expBlockSz, NULL, 0, NULL, 0, &pkiMsg[localIdx],
+                            encryptedContentSz, pkcs7->cachedEncryptedContent,
+                            pkcs7->decryptionCtx);
+                    }
 
                     if (ret == 0) {
-                        ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],
-                                                          encryptedContentSz);
+                        ret = wc_PKCS7_DecryptContentEx(pkcs7, encOID,
+                            tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                            &pkiMsg[localIdx], encryptedContentSz,
+                            pkcs7->cachedEncryptedContent);
                     }
 
+                #ifndef NO_PKCS7_STREAM
                     if (ret != 0) {
+                        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                            wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &idx);
+                        }
                         break;
                     }
+                #endif
 
                     /* advance idx past encrypted content */
-                    idx += encryptedContentSz;
+                    localIdx += (word32)encryptedContentSz;
+
+                    if (localIdx + ASN_INDEF_END_SZ <= pkiMsgSz) {
+                        if (pkiMsg[localIdx] == ASN_EOC &&
+                                pkiMsg[localIdx+1] == ASN_EOC) {
+                            /* found the end of encrypted content */
+                            localIdx += ASN_INDEF_END_SZ;
+                            break;
+                        }
+                    }
+                #ifndef NO_PKCS7_STREAM
+                    pkcs7->stream->expected = MAX_OCTET_STR_SZ;
+                    if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx,
+                            &localIdx)) != 0) {
+                        break;
+                    }
+                #endif
+
+                    /* save last decrypted string to handle padding (this output
+                     * flush happens outside of the while loop in the case that
+                     * the indef end was found) */
+                    if (ret == 0) {
+                    #ifdef ASN_BER_TO_DER
+                        if (pkcs7->streamOutCb) {
+                            ret = pkcs7->streamOutCb(pkcs7,
+                                pkcs7->cachedEncryptedContent,
+                                (word32)encryptedContentSz, pkcs7->streamCtx);
+                        }
+                    #endif /* ASN_BER_TO_DER */
+                    }
+
+                    idx = localIdx;
                 }
 
                 if (ret != 0) {
+                    if (ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                        /* free up in an error case if not looking for more
+                         * data */
+                        wc_PKCS7_DecryptContentFree(pkcs7, encOID,
+                            pkcs7->heap);
+                    }
                     break;
                 }
-
+                wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap);
             } else {
-                /* cache encrypted content, no OCTET STRING */
-                ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],
-                                                  encryptedContentTotalSz);
+                pkcs7->cachedEncryptedContentSz =
+                    (word32)encryptedContentTotalSz;
+                pkcs7->cachedEncryptedContent = (byte*)XMALLOC(
+                        pkcs7->cachedEncryptedContentSz, pkcs7->heap,
+                    DYNAMIC_TYPE_PKCS7);
+
+                /* decrypt encryptedContent */
+                ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey,
+                        (word32)blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                        &pkiMsg[idx], encryptedContentTotalSz,
+                        pkcs7->cachedEncryptedContent,
+                        pkcs7->devId, pkcs7->heap);
                 if (ret != 0) {
                     break;
                 }
-                idx += encryptedContentTotalSz;
+
+                idx += (word32)encryptedContentTotalSz;
             }
 
             /* use cached content */
             encryptedContent = pkcs7->cachedEncryptedContent;
-            encryptedContentSz = pkcs7->cachedEncryptedContentSz;
-
-            /* decrypt encryptedContent */
-            ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey,
-                    blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0,
-                    encryptedContent, encryptedContentSz, encryptedContent,
-                    pkcs7->devId, pkcs7->heap);
-            if (ret != 0) {
-                break;
-            }
-
+            encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz;
             padLen = encryptedContent[encryptedContentSz-1];
 
             /* copy plaintext to output */
-            if (padLen > encryptedContentSz ||
-                    (word32)(encryptedContentSz - padLen) > outputSz) {
+            if (padLen > encryptedContentSz) {
                 ret = BUFFER_E;
                 break;
             }
-            XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
+
+        #ifdef ASN_BER_TO_DER
+            if (pkcs7->streamOutCb) {
+                ret = pkcs7->streamOutCb(pkcs7, encryptedContent,
+                                (word32)encryptedContentSz - padLen,
+                                pkcs7->streamCtx);
+                if (ret != 0) {
+                    WOLFSSL_MSG("Stream out callback returned failure");
+                    ret = BUFFER_E;
+                    break;
+                }
+            }
+            else
+        #endif /* ASN_BER_TO_DER */
+            {
+                if (output == NULL || (word32)(encryptedContentSz - padLen) >
+                        outputSz) {
+                    ret = BUFFER_E;
+                    break;
+                }
+                XMEMCPY(output, encryptedContent,
+                                           (word32)encryptedContentSz - padLen);
+            }
 
             /* free memory, zero out keys */
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
@@ -11185,7 +12900,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
     }
 
 #ifndef NO_PKCS7_STREAM
-    if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
+    if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         wc_PKCS7_ResetStream(pkcs7);
         wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_START);
         if (pkcs7->cachedEncryptedContent != NULL) {
@@ -11211,7 +12926,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
 
 
 /* build PKCS#7 authEnvelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
+int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
                                      word32 outputSz)
 {
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
@@ -11245,7 +12960,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     byte encContentOctet[MAX_OCTET_STR_SZ];
     byte macOctetString[MAX_OCTET_STR_SZ];
 
-    byte authTag[AES_BLOCK_SIZE];
+    byte authTag[WC_AES_BLOCK_SIZE];
     byte nonce[GCM_NONCE_MID_SZ];   /* GCM nonce is larger than CCM */
     byte macInt[MAX_VERSION_SZ];
     byte algoParamSeq[MAX_SEQ_SZ];
@@ -11337,7 +13052,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     verSz = SetMyVersion(0, ver, 0);
 
     /* generate random content encryption key */
-    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, blockKeySz);
+    ret = PKCS7_GenerateContentEncryptionKey(pkcs7, (word32)blockKeySz);
     if (ret != 0) {
         return ret;
     }
@@ -11380,7 +13095,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
         WOLFSSL_MSG("You must add at least one CMS recipient");
         return PKCS7_RECIP_E;
     }
-    recipSetSz = SetSet(recipSz, recipSet);
+    recipSetSz = (int)SetSet((word32)recipSz, recipSet);
 
     /* generate random nonce and IV for encryption */
     switch (pkcs7->encryptOID) {
@@ -11452,7 +13167,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
                                 sizeof(contentTypeValue));
         if (ret > 0) {
             contentTypeAttrib.value = contentTypeValue;
-            contentTypeAttrib.valueSz = ret;
+            contentTypeAttrib.valueSz = (word32)ret;
 
         /* otherwise, try to set from custom content type */
         } else {
@@ -11466,17 +13181,18 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
             contentTypeAttrib.valueSz = pkcs7->contentTypeSz;
         }
 
-        authAttribsSz += EncodeAttributes(authAttribs, 1,
-                                          &contentTypeAttrib, 1);
+        authAttribsSz += (word32)EncodeAttributes(authAttribs, 1,
+                                                         &contentTypeAttrib, 1);
         authAttribsCount += 1;
     }
 
     /* authAttribs: add in user authenticated attributes */
     if (pkcs7->authAttribs != NULL && pkcs7->authAttribsSz > 0) {
-        authAttribsSz += EncodeAttributes(authAttribs + authAttribsCount,
-                                 MAX_AUTH_ATTRIBS_SZ - authAttribsCount,
+        authAttribsSz += (word32)EncodeAttributes(
+                                 authAttribs + authAttribsCount,
+                                 (int)(MAX_AUTH_ATTRIBS_SZ - authAttribsCount),
                                  pkcs7->authAttribs,
-                                 pkcs7->authAttribsSz);
+                                 (int)pkcs7->authAttribsSz);
         authAttribsCount += pkcs7->authAttribsSz;
     }
 
@@ -11489,11 +13205,16 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
             return MEMORY_E;
         }
 
-        FlattenAttributes(pkcs7, flatAuthAttribs, authAttribs,
-                          authAttribsCount);
+        ret = FlattenAttributes(pkcs7, flatAuthAttribs, authAttribs,
+                          (int)authAttribsCount);
+        if (ret != 0) {
+            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            return ret;
+        }
 
         authAttribsSetSz = SetImplicit(ASN_SET, 1, authAttribsSz,
-                                       authAttribSet);
+                                       authAttribSet, 0);
 
         /* From RFC5083, "For the purpose of constructing the AAD, the
          * IMPLICIT [1] tag in the authAttrs field is not used for the
@@ -11519,33 +13240,35 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* build up unauthenticated attributes (unauthAttrs) */
     if (pkcs7->unauthAttribsSz > 0) {
-        unauthAttribsSz = EncodeAttributes(unauthAttribs + unauthAttribsCount,
-                                     MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount,
-                                     pkcs7->unauthAttribs,
-                                     pkcs7->unauthAttribsSz);
+        unauthAttribsSz = (word32)EncodeAttributes(
+                              unauthAttribs + unauthAttribsCount,
+                              (int)(MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount),
+                              pkcs7->unauthAttribs,
+                              (int)pkcs7->unauthAttribsSz);
         unauthAttribsCount = pkcs7->unauthAttribsSz;
 
-        flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap,
-                                            DYNAMIC_TYPE_PKCS7);
-        if (flatUnauthAttribs == NULL) {
-            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-            if (aadBuffer)
+        if (unauthAttribsSz > 0) {
+            flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap,
+                                               DYNAMIC_TYPE_PKCS7);
+            if (flatUnauthAttribs == NULL) {
+                wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
                 XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            if (flatAuthAttribs)
                 XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            return MEMORY_E;
+                return MEMORY_E;
+            }
+
+            FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs,
+                              (int)unauthAttribsCount);
         }
 
-        FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs,
-                          unauthAttribsCount);
         unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz,
-                                         unauthAttribSet);
+                                         unauthAttribSet, 0);
     }
 
     /* AES-GCM/CCM does NOT require padding for plaintext content or
      * AAD inputs RFC 5084 section 3.1 and 3.2, but we must alloc
      * full blocks to ensure crypto only gets full blocks */
-    encryptedOutSz = pkcs7->contentSz;
+    encryptedOutSz = (int)pkcs7->contentSz;
     encryptedAllocSz = (encryptedOutSz % blockSz) ?
                            encryptedOutSz + blockSz -
                            (encryptedOutSz % blockSz) :
@@ -11553,57 +13276,48 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* Copy content to plain buffer (zero-padded) to encrypt in full,
      * contiguous blocks */
-    plain = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    plain = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap,
+        DYNAMIC_TYPE_PKCS7);
     if (plain == NULL) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (aadBuffer)
-            XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
     }
 
     XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
     if ((encryptedAllocSz - encryptedOutSz) > 0) {
-        XMEMSET(plain + encryptedOutSz, 0, encryptedAllocSz - encryptedOutSz);
+        XMEMSET(plain + encryptedOutSz, 0,
+            (word32)(encryptedAllocSz - encryptedOutSz));
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap,
+    encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (encryptedContent == NULL) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (aadBuffer)
-            XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
     }
 
     /* encrypt content */
-    ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag,
-            sizeof(authTag), plain, encryptedOutSz, encryptedContent,
-            pkcs7->devId, pkcs7->heap);
+    ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
+            (int)pkcs7->cekSz, nonce, (int)nonceSz, aadBuffer, aadBufferSz,
+            authTag, sizeof(authTag), plain, encryptedOutSz, encryptedContent);
 
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     plain = NULL;
 
-    if (aadBuffer) {
-        XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        aadBuffer = NULL;
-    }
+    XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    aadBuffer = NULL;
 
     if (ret != 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
@@ -11613,10 +13327,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
                             sizeof(contentType));
     if (ret < 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
@@ -11624,137 +13336,134 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     contentTypeSz = ret;
 
     /* put together nonce OCTET STRING */
-    nonceOctetStringSz = SetOctetString(nonceSz, nonceOctetString);
+    nonceOctetStringSz = (int)SetOctetString(nonceSz, nonceOctetString);
 
     /* put together aes-ICVlen INTEGER */
-    macIntSz = SetMyVersion(sizeof(authTag), macInt, 0);
+    macIntSz = (word32)SetMyVersion(sizeof(authTag), macInt, 0);
 
     /* add nonce and icv len into parameters string RFC5084 */
-    algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz,
-            algoParamSeq);
+    algoParamSeqSz = SetSequence((word32)nonceOctetStringSz + nonceSz +
+            macIntSz, algoParamSeq);
 
     /* build up our ContentEncryptionAlgorithmIdentifier sequence,
      * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING
      * and tag size */
-    contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
-                                 oidBlkType, nonceOctetStringSz + nonceSz +
-                                 macIntSz + algoParamSeqSz);
+    contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
+                                 oidBlkType, nonceOctetStringSz + (int)nonceSz +
+                                 (int)macIntSz + (int)algoParamSeqSz);
 
     if (contentEncAlgoSz == 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return BAD_FUNC_ARG;
     }
 
-    encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, encryptedOutSz,
-                                    encContentOctet);
+    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
+                                (word32)encryptedOutSz, encContentOctet, 0);
+    encContentSeqSz = (int)SetSequence((word32)contentTypeSz +
+                               (word32)contentEncAlgoSz +
+                               (word32)nonceOctetStringSz + nonceSz + macIntSz +
+                               algoParamSeqSz + (word32)encContentOctetSz +
+                               (word32)encryptedOutSz, encContentSeq);
 
-    encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  nonceOctetStringSz + nonceSz + macIntSz +
-                                  algoParamSeqSz + encContentOctetSz +
-                                  encryptedOutSz, encContentSeq);
-
-    macOctetStringSz = SetOctetString(sizeof(authTag), macOctetString);
+    macOctetStringSz = (int)SetOctetString(sizeof(authTag), macOctetString);
 
     /* keep track of sizes for outer wrapper layering */
-    totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
-              contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz +
-              algoParamSeqSz + encContentOctetSz + encryptedOutSz +
-              authAttribsSz + authAttribsSetSz + macOctetStringSz +
-              sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz;
+    totalSz = verSz + recipSetSz + recipSz + encContentSeqSz +
+              contentTypeSz + contentEncAlgoSz + nonceOctetStringSz +
+              (int)nonceSz + (int)macIntSz + (int)algoParamSeqSz +
+              encContentOctetSz + encryptedOutSz + (int)authAttribsSz +
+              (int)authAttribsSetSz + macOctetStringSz + (int)sizeof(authTag) +
+              (int)unauthAttribsSz + (int)unauthAttribsSetSz;
 
     /* EnvelopedData */
-    envDataSeqSz = SetSequence(totalSz, envDataSeq);
+    envDataSeqSz = (int)SetSequence((word32)totalSz, envDataSeq);
     totalSz += envDataSeqSz;
 
     /* outer content */
-    outerContentSz = SetExplicit(0, totalSz, outerContent);
+    outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, 0);
     totalSz += outerContentTypeSz;
     totalSz += outerContentSz;
 
     /* ContentInfo */
-    contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
+    contentInfoSeqSz = (int)SetSequence((word32)totalSz, contentInfoSeq);
     totalSz += contentInfoSeqSz;
 
     if (totalSz > (int)outputSz) {
         WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-        if (flatUnauthAttribs)
-            XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAuthAttribs)
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return BUFFER_E;
     }
 
-    XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+    XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz);
     idx += contentInfoSeqSz;
-    XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+    XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz);
     idx += outerContentTypeSz;
-    XMEMCPY(output + idx, outerContent, outerContentSz);
+    XMEMCPY(output + idx, outerContent, (word32)outerContentSz);
     idx += outerContentSz;
-    XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
+    XMEMCPY(output + idx, envDataSeq, (word32)envDataSeqSz);
     idx += envDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    XMEMCPY(output + idx, ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, recipSet, recipSetSz);
+    XMEMCPY(output + idx, recipSet, (word32)recipSetSz);
     idx += recipSetSz;
     /* copy in recipients from list */
     tmpRecip = pkcs7->recipList;
     while (tmpRecip != NULL) {
         XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz);
-        idx += tmpRecip->recipSz;
+        idx += (int)tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+    XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    XMEMCPY(output + idx, contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
     XMEMCPY(output + idx, algoParamSeq, algoParamSeqSz);
-    idx += algoParamSeqSz;
-    XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz);
+    idx += (int)algoParamSeqSz;
+    XMEMCPY(output + idx, nonceOctetString, (word32)nonceOctetStringSz);
     idx += nonceOctetStringSz;
     XMEMCPY(output + idx, nonce, nonceSz);
-    idx += nonceSz;
+    idx += (int)nonceSz;
     XMEMCPY(output + idx, macInt, macIntSz);
-    idx += macIntSz;
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    idx += (int)macIntSz;
+
+
+    XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
+    XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz);
     idx += encryptedOutSz;
 
     /* authenticated attributes */
     if (flatAuthAttribs && authAttribsSz > 0) {
         XMEMCPY(output + idx, authAttribSet, authAttribsSetSz);
-        idx += authAttribsSetSz;
+        idx += (int)authAttribsSetSz;
         XMEMCPY(output + idx, flatAuthAttribs, authAttribsSz);
-        idx += authAttribsSz;
+        idx += (int)authAttribsSz;
         XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
 
-    XMEMCPY(output + idx, macOctetString, macOctetStringSz);
+    XMEMCPY(output + idx, macOctetString, (word32)macOctetStringSz);
     idx += macOctetStringSz;
     XMEMCPY(output + idx, authTag, sizeof(authTag));
-    idx += sizeof(authTag);
+    idx += (int)sizeof(authTag);
 
     /* unauthenticated attributes */
     if (unauthAttribsSz > 0) {
         XMEMCPY(output + idx, unauthAttribSet, unauthAttribsSetSz);
-        idx += unauthAttribsSetSz;
+        idx += (int)unauthAttribsSetSz;
         XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz);
-        idx += unauthAttribsSz;
+        idx += (int)unauthAttribsSz;
     }
 
-    if (flatUnauthAttribs != NULL) {
-        XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    }
+    XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
@@ -11772,7 +13481,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
 
 /* unwrap and decrypt PKCS#7 AuthEnvelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
+WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                                  word32 inSz, byte* output,
                                                  word32 outputSz)
 {
@@ -11789,27 +13498,22 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
     word32 pkiMsgSz = inSz;
 
     int expBlockSz = 0, blockKeySz = 0;
-    byte authTag[AES_BLOCK_SIZE];
+    byte authTag[WC_AES_BLOCK_SIZE];
     byte nonce[GCM_NONCE_MID_SZ];       /* GCM nonce is larger than CCM */
-    int nonceSz = 0, authTagSz = 0, macSz = 0;
-
-#ifdef WOLFSSL_SMALL_STACK
+    int nonceSz = 0, macSz = 0;
+    word32 authTagSz = 0;
     byte* decryptedKey = NULL;
-#else
-    byte  decryptedKey[MAX_ENCRYPTED_KEY_SZ];
-#endif
     int encryptedContentSz = 0;
     int encryptedAllocSz = 0;
     byte* encryptedContent = NULL;
     int explicitOctet = 0;
 
-    byte authAttribSetByte = 0;
     byte* encodedAttribs = NULL;
     word32 encodedAttribIdx = 0, encodedAttribSz = 0;
     byte* authAttrib = NULL;
     int authAttribSz = 0;
     word32 localIdx;
-    byte tag;
+    byte tag = 0;
 
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -11825,10 +13529,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
     }
 #endif
 
-#ifndef WOLFSSL_SMALL_STACK
-    XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
-#endif
-
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         case WC_PKCS7_INFOSET_START:
@@ -11853,9 +13553,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
         #endif
-        #ifdef WOLFSSL_SMALL_STACK
             decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
-                                                               DYNAMIC_TYPE_PKCS7);
+                                                            DYNAMIC_TYPE_PKCS7);
             if (decryptedKey == NULL) {
                 ret = MEMORY_E;
                 break;
@@ -11866,7 +13565,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         #ifndef NO_PKCS7_STREAM
             pkcs7->stream->key = decryptedKey;
         #endif
-        #endif
+            XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
             FALL_THROUGH;
 
         case WC_PKCS7_DECRYPT_KTRI:
@@ -11878,10 +13577,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         case WC_PKCS7_DECRYPT_ORI:
 
             decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
-        #ifdef WOLFSSL_SMALL_STACK
-            #ifndef NO_PKCS7_STREAM
+        #ifndef NO_PKCS7_STREAM
             decryptedKey = pkcs7->stream->key;
-            #endif
         #endif
 
             ret = wc_PKCS7_DecryptRecipientInfos(pkcs7, in, inSz, &idx,
@@ -11892,39 +13589,55 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (recipFound == 0) {
-                WOLFSSL_MSG("No recipient found in envelopedData that matches input");
+                WOLFSSL_MSG(
+                      "No recipient found in envelopedData that matches input");
                 ret = PKCS7_RECIP_E;
                 break;
             }
 
         #ifndef NO_PKCS7_STREAM
             tmpIdx = idx;
+            pkcs7->stream->expected = MAX_SEQ_SZ;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_3);
             FALL_THROUGH;
 
         case WC_PKCS7_AUTHENV_3:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ +
-                            MAX_ALGO_SZ + MAX_ALGO_SZ + ASN_TAG_SZ,
-                            &pkiMsg, &idx)) != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 break;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
         #endif
 
             /* remove EncryptedContentInfo */
-            if (ret == 0 && GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
+            if (ret == 0 && GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz, 0)
+                    < 0) {
                 ret = ASN_PARSE_E;
             }
 
+        #ifndef NO_PKCS7_STREAM
+            /* check that the expected size was accurate */
+            if (ret == 0) {
+                if (length > (int)pkcs7->stream->expected && length >
+                        (int)pkiMsgSz) {
+                    pkcs7->stream->expected = (word32)length + 1;
+                    if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                        break;
+                    }
+                }
+            }
+        #endif
+
             if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
                         pkiMsgSz) < 0) {
                 ret = ASN_PARSE_E;
             }
 
             if (ret == 0) {
-                pkcs7->contentOID = contentType;
+                pkcs7->contentOID = (int)contentType;
             }
 
             if (ret == 0 && GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType,
@@ -11933,14 +13646,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0) {
-                blockKeySz = wc_PKCS7_GetOIDKeySize(encOID);
+                blockKeySz = wc_PKCS7_GetOIDKeySize((int)encOID);
                 if (blockKeySz < 0) {
                     ret = blockKeySz;
                 }
             }
 
             if (ret == 0) {
-                expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID);
+                expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID);
                 if (expBlockSz < 0) {
                     ret = expBlockSz;
                 }
@@ -12001,8 +13714,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0) {
-                XMEMCPY(nonce, &pkiMsg[idx], nonceSz);
-                idx += nonceSz;
+                XMEMCPY(nonce, &pkiMsg[idx], (word32)nonceSz);
+                idx += (word32)nonceSz;
             }
 
             /* get mac size, also stored in OPTIONAL parameter of AlgoID */
@@ -12027,8 +13740,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = ASN_PARSE_E;
             }
 
-            if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentSz,
-                        pkiMsgSz) <= 0) {
+            if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentSz,
+                        pkiMsgSz, 0) <= 0) {
                 ret = ASN_PARSE_E;
             }
 
@@ -12056,19 +13769,20 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
 
             /* store nonce for later */
             if (nonceSz > 0) {
-                pkcs7->stream->nonceSz = nonceSz;
-                pkcs7->stream->nonce = (byte*)XMALLOC(nonceSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->nonceSz = (word32)nonceSz;
+                pkcs7->stream->nonce = (byte*)XMALLOC((word32)nonceSz,
+                        pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->stream->nonce == NULL) {
                     ret = MEMORY_E;
                     break;
                 }
                 else {
-                    XMEMCPY(pkcs7->stream->nonce, nonce, nonceSz);
+                    XMEMCPY(pkcs7->stream->nonce, nonce, (word32)nonceSz);
                 }
             }
 
-            pkcs7->stream->expected = encryptedContentSz;
+            pkcs7->stream->expected = (word32)encryptedContentSz +
+                    MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ;
             wc_PKCS7_StreamStoreVar(pkcs7, encOID, blockKeySz,
                     encryptedContentSz);
         #endif
@@ -12078,26 +13792,25 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
 
         case WC_PKCS7_AUTHENV_5:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
-                            ASN_TAG_SZ + ASN_TAG_SZ + pkcs7->stream->expected,
-                            &pkiMsg, &idx)) != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 break;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
 
-            encryptedContentSz = pkcs7->stream->expected;
+            wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz,
+                &encryptedContentSz);
         #else
             pkiMsgSz = inSz;
         #endif
 
             if (expBlockSz == 0) {
         #ifndef NO_PKCS7_STREAM
-                wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL);
         #endif
                 if (encOID == 0)
                     expBlockSz = 1;
                 else {
-                    expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID);
+                    expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID);
                     if (expBlockSz < 0) {
                         ret = expBlockSz;
                         break;
@@ -12113,18 +13826,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                                    encryptedContentSz + expBlockSz -
                                    (encryptedContentSz % expBlockSz) :
                                    encryptedContentSz;
-            encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
+            encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz,
+                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             if (ret == 0 && encryptedContent == NULL) {
                 ret = MEMORY_E;
             }
 
             if (ret == 0) {
-                XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-                idx += encryptedContentSz;
+                XMEMCPY(encryptedContent, &pkiMsg[idx],
+                                                    (word32)encryptedContentSz);
+                idx += (word32)encryptedContentSz;
             }
         #ifndef NO_PKCS7_STREAM
-                pkcs7->stream->bufferPt = encryptedContent;
+            pkcs7->stream->bufferPt = encryptedContent;
         #endif
 
             /* may have IMPLICIT [1] authenticatedAttributes */
@@ -12132,32 +13846,32 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             if (ret == 0 && GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 &&
                     tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
                 encodedAttribIdx = idx;
-                encodedAttribs = pkiMsg + idx;
                 idx++;
 
-                if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0)
+                if (GetLength_ex(pkiMsg, &idx, &length, pkiMsgSz, 0) <= 0) {
                     ret = ASN_PARSE_E;
+                }
             #ifndef NO_PKCS7_STREAM
-                pkcs7->stream->expected = length;
+                pkcs7->stream->expected = (word32)length;
             #endif
-                encodedAttribSz = length + (idx - encodedAttribIdx);
+                encodedAttribSz = (word32)length + (idx - encodedAttribIdx);
 
                 if (ret != 0)
                     break;
 
-            #ifndef NO_PKCS7_STREAM
                 if (encodedAttribSz > 0) {
-                    pkcs7->stream->aadSz = encodedAttribSz;
-                    pkcs7->stream->aad = (byte*)XMALLOC(encodedAttribSz,
+                    encodedAttribs = (byte*)XMALLOC(encodedAttribSz,
                             pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                    if (pkcs7->stream->aad == NULL) {
+                    if (encodedAttribs == NULL) {
                         ret = MEMORY_E;
                         break;
                     }
-                    else {
-                        XMEMCPY(pkcs7->stream->aad, encodedAttribs,
-                                (idx - encodedAttribIdx));
-                    }
+                }
+
+            #ifndef NO_PKCS7_STREAM
+                if (encodedAttribSz > 0) {
+                    pkcs7->stream->aadSz = encodedAttribSz;
+                    pkcs7->stream->aad   = encodedAttribs;
                 }
 
                 if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
@@ -12171,7 +13885,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                     break;
                 }
+                pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ;
             #endif
+                wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
                 goto authenv_atrbend; /* jump over attribute cases */
             }
             FALL_THROUGH;
@@ -12183,7 +13899,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 return ret;
             }
 
-            length = pkcs7->stream->expected;
+            length = (int)pkcs7->stream->expected;
             encodedAttribs = pkcs7->stream->aad;
     #endif
 
@@ -12191,23 +13907,40 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             authAttrib = &pkiMsg[idx];
             authAttribSz = length;
 
-            if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) {
+            {
+                word32 ofst;
+
+                /* From RFC5083, "For the purpose of constructing the
+                * AAD, the IMPLICIT [1] tag in the authAttrs field is
+                * not used for the DER encoding: rather a universal SET
+                * OF tag is used. */
+                ofst = SetSet((word32)length, encodedAttribs);
+
+                XMEMCPY(encodedAttribs + ofst, authAttrib,
+                    (word32)authAttribSz);
+            }
+
+            /* ignoring the size returned, we know it is
+                * idx - encodedAttribIdx from parsing what's given */
+
+            if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib,
+                    authAttribSz) < 0) {
                 WOLFSSL_MSG("Error parsing authenticated attributes");
                 ret = ASN_PARSE_E;
                 break;
             }
 
-            idx += length;
+            idx += (word32)length;
 
     #ifndef NO_PKCS7_STREAM
-            if (encodedAttribSz > 0) {
-                XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - length),
-                        authAttrib, authAttribSz);
+            if (pkcs7->stream->aadSz > 0) {
+                XMEMCPY(pkcs7->stream->aad + (pkcs7->stream->aadSz -
+                        (word32)length), authAttrib, (word32)authAttribSz);
             }
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                 break;
             }
-
+            pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ;
     #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
             FALL_THROUGH;
@@ -12215,8 +13948,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         case WC_PKCS7_AUTHENV_ATRBEND:
 authenv_atrbend:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
-                            ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 return ret;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
@@ -12228,19 +13961,37 @@ authenv_atrbend:
         #endif
 
 
-            /* get authTag OCTET STRING */
-            if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
-                ret = ASN_PARSE_E;
-            }
-            if (ret == 0 && tag != ASN_OCTET_STRING) {
-                ret = ASN_PARSE_E;
-            }
+            localIdx = idx;
 
-            if (ret == 0 && GetLength(pkiMsg, &idx, &authTagSz, pkiMsgSz) < 0) {
+            /* Get authTag OCTET STRING */
+            if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
                 ret = ASN_PARSE_E;
             }
+            localIdx++; /* move past ASN_OCTET_STRING */
 
-            if (ret == 0 && authTagSz > (int)sizeof(authTag)) {
+            if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &length,
+                    pkiMsgSz, 0) < 0) {
+                ret = ASN_PARSE_E;
+            }
+            authTagSz = (word32)length;
+
+        #ifndef NO_PKCS7_STREAM
+            /* there might not be enough data for the auth tag too */
+            if (ret == 0) {
+                if ((authTagSz + (localIdx - idx)) > pkcs7->stream->expected &&
+                    (authTagSz + (localIdx - idx)) > pkiMsgSz) {
+                        pkcs7->stream->expected = authTagSz +
+                            (localIdx - idx);
+                        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                            return ret;
+                        }
+                }
+            }
+        #endif
+            idx = localIdx;
+
+            if (ret == 0 && authTagSz > (word32)sizeof(authTag)) {
                 WOLFSSL_MSG("AuthEnvelopedData authTag too large for buffer");
                 ret = ASN_PARSE_E;
             }
@@ -12250,14 +14001,6 @@ authenv_atrbend:
                 idx += authTagSz;
             }
 
-            if (ret == 0 && authAttrib != NULL) {
-                /* temporarily swap authAttribs byte[0] to SET OF instead of
-                 * IMPLICIT [1], for aad calculation */
-                authAttribSetByte = encodedAttribs[0];
-
-                encodedAttribs[0] = ASN_SET | ASN_CONSTRUCTED;
-            }
-
             if (ret < 0)
                 break;
 
@@ -12272,8 +14015,8 @@ authenv_atrbend:
             /* store tag for later */
             if (authTagSz > 0) {
                 pkcs7->stream->tagSz = authTagSz;
-                pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->tag = (byte*)XMALLOC(authTagSz,
+                        pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->stream->tag == NULL) {
                     ret = MEMORY_E;
                     break;
@@ -12296,20 +14039,20 @@ authenv_atrbend:
 
             /* restore all variables needed */
             if (pkcs7->stream->nonceSz > 0) {
-                nonceSz = pkcs7->stream->nonceSz;
+                nonceSz = (int)pkcs7->stream->nonceSz;
                 if (nonceSz > GCM_NONCE_MID_SZ) {
                     WOLFSSL_MSG("PKCS7 saved nonce is too large");
                     ret = BUFFER_E;
                     break;
                 }
                 else {
-                    XMEMCPY(nonce, pkcs7->stream->nonce, nonceSz);
+                    XMEMCPY(nonce, pkcs7->stream->nonce, (word32)nonceSz);
                 }
             }
 
             if (pkcs7->stream->tagSz > 0) {
                 authTagSz = pkcs7->stream->tagSz;
-                if (authTagSz > AES_BLOCK_SIZE) {
+                if (authTagSz > WC_AES_BLOCK_SIZE) {
                     WOLFSSL_MSG("PKCS7 saved tag is too large");
                     ret = BUFFER_E;
                     break;
@@ -12327,39 +14070,40 @@ authenv_atrbend:
             wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz,
                                   &encryptedContentSz);
             encryptedContent   = pkcs7->stream->bufferPt;
-        #ifdef WOLFSSL_SMALL_STACK
             decryptedKey = pkcs7->stream->key;
-        #endif
         #endif
 
             /* decrypt encryptedContent */
             ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey,
-                    blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz,
-                    authTag, authTagSz, encryptedContent, encryptedContentSz,
-                    encryptedContent, pkcs7->devId, pkcs7->heap);
+                    (word32)blockKeySz, nonce, nonceSz, encodedAttribs,
+                    encodedAttribSz, authTag, authTagSz,
+                    encryptedContent, encryptedContentSz, encryptedContent,
+                    pkcs7->devId, pkcs7->heap);
             if (ret != 0) {
                 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ret;
             }
 
-            if (authAttrib != NULL) {
-                /* restore authAttrib IMPLICIT [1] */
-                encodedAttribs[0] = authAttribSetByte;
+            if (encodedAttribs != NULL) {
+                XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                encodedAttribs = NULL;
+            #ifndef NO_PKCS7_STREAM
+                pkcs7->stream->aad = NULL;
+            #endif
             }
 
             /* copy plaintext to output */
-            XMEMCPY(output, encryptedContent, encryptedContentSz);
+            XMEMCPY(output, encryptedContent, (word32)encryptedContentSz);
 
             /* free memory, zero out keys */
-            ForceZero(encryptedContent, encryptedContentSz);
+            ForceZero(encryptedContent, (word32)encryptedContentSz);
             XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
-        #ifdef WOLFSSL_SMALL_STACK
             XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             decryptedKey = NULL;
-            #ifndef NO_PKCS7_STREAM
+        #ifndef NO_PKCS7_STREAM
             pkcs7->stream->key = NULL;
-            #endif
         #endif
             ret = encryptedContentSz;
         #ifndef NO_PKCS7_STREAM
@@ -12372,16 +14116,36 @@ authenv_atrbend:
             ret = BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_SMALL_STACK
-    if (ret != 0 && ret != WC_PKCS7_WANT_READ_E) {
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         if (decryptedKey != NULL) {
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
+            XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            decryptedKey = NULL;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->key = NULL;
+        #endif
+        }
+
+        if (encryptedContent != NULL) {
+            ForceZero(encryptedContent, (word32)encryptedContentSz);
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->bufferPt = NULL;
+        #endif
+        }
+
+        if (encodedAttribs != NULL) {
+            XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encodedAttribs = NULL;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->aad = NULL;
+        #endif
         }
-        XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
-#endif
+
 #ifndef NO_PKCS7_STREAM
-    if (ret != 0 && ret != WC_PKCS7_WANT_READ_E) {
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         wc_PKCS7_ResetStream(pkcs7);
     }
 #endif
@@ -12404,7 +14168,7 @@ authenv_atrbend:
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 
 /* build PKCS#7 encryptedData content type, return encrypted size */
-int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret, idx = 0;
     int totalSz, padSz, encryptedOutSz;
@@ -12480,25 +14244,25 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (blockSz < 0)
         return blockSz;
 
-    padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, blockSz);
+    padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, (word32)blockSz);
     if (padSz < 0)
         return padSz;
 
-    encryptedOutSz = pkcs7->contentSz + padSz;
+    encryptedOutSz = (int)pkcs7->contentSz + padSz;
 
-    plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+    plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                            DYNAMIC_TYPE_PKCS7);
     if (plain == NULL)
         return MEMORY_E;
 
     ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                           encryptedOutSz, blockSz);
+                           (word32)encryptedOutSz, (word32)blockSz);
     if (ret < 0) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+    encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (encryptedContent == NULL) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -12506,11 +14270,11 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
     /* put together IV OCTET STRING */
-    ivOctetStringSz = SetOctetString(blockSz, ivOctetString);
+    ivOctetStringSz = (int)SetOctetString((word32)blockSz, ivOctetString);
 
     /* build up ContentEncryptionAlgorithmIdentifier sequence,
        adding (ivOctetStringSz + blockSz) for IV OCTET STRING */
-    contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
+    contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
                                  oidBlkType, ivOctetStringSz + blockSz);
     if (contentEncAlgoSz == 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -12520,29 +14284,28 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     /* encrypt content */
     WOLFSSL_MSG("Encrypting the content");
-    ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, blockSz);
+    ret = wc_PKCS7_GenerateBlock(pkcs7, NULL, tmpIv, (word32)blockSz);
     if (ret != 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
 
-    ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->encryptionKey,
-            pkcs7->encryptionKeySz, tmpIv, blockSz, NULL, 0, NULL, 0,
-            plain, encryptedOutSz, encryptedContent,
-            pkcs7->devId, pkcs7->heap);
+    ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID,
+            pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, tmpIv, blockSz,
+            NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent);
     if (ret != 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
 
-    encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0,
-                                    encryptedOutSz, encContentOctet);
+    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
+                                    (word32)encryptedOutSz, encContentOctet, 0);
 
-    encContentSeqSz = SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  ivOctetStringSz + blockSz +
-                                  encContentOctetSz + encryptedOutSz,
+    encContentSeqSz = (int)SetSequence((word32)(contentTypeSz +
+                                  contentEncAlgoSz + ivOctetStringSz + blockSz +
+                                  encContentOctetSz + encryptedOutSz),
                                   encContentSeq);
 
     /* optional UnprotectedAttributes */
@@ -12564,20 +14327,33 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         }
 
         attribsCount = pkcs7->unprotectedAttribsSz;
-        attribsSz = EncodeAttributes(attribs, pkcs7->unprotectedAttribsSz,
+        attribsSz = (word32)EncodeAttributes(attribs,
+                                     (int)pkcs7->unprotectedAttribsSz,
                                      pkcs7->unprotectedAttribs,
-                                     pkcs7->unprotectedAttribsSz);
+                                     (int)pkcs7->unprotectedAttribsSz);
 
-        flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAttribs == NULL) {
-            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            return MEMORY_E;
+        if (attribsSz > 0) {
+            flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap,
+                                         DYNAMIC_TYPE_PKCS7);
+            if (flatAttribs == NULL) {
+                XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                return MEMORY_E;
+            }
+
+            ret = FlattenAttributes(pkcs7, flatAttribs, attribs,
+                                    (int)attribsCount);
+            if (ret != 0) {
+                XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                return ret;
+            }
         }
 
-        FlattenAttributes(pkcs7, flatAttribs, attribs, attribsCount);
-        attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet);
+        attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet, 0);
 
     } else {
         attribsSz = 0;
@@ -12587,19 +14363,19 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     /* keep track of sizes for outer wrapper layering */
     totalSz = verSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz +
               ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz +
-              attribsSz + attribsSetSz;
+              (int)attribsSz + (int)attribsSetSz;
 
     /* EncryptedData */
-    encDataSeqSz = SetSequence(totalSz, encDataSeq);
+    encDataSeqSz = (int)SetSequence((word32)totalSz, encDataSeq);
     totalSz += encDataSeqSz;
 
     if (pkcs7->version != 3) {
         /* outer content */
-        outerContentSz = SetExplicit(0, totalSz, outerContent);
+        outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, 0);
         totalSz += outerContentTypeSz;
         totalSz += outerContentSz;
         /* ContentInfo */
-        contentInfoSeqSz = SetSequence(totalSz, contentInfoSeq);
+        contentInfoSeqSz = (int)SetSequence((word32)totalSz, contentInfoSeq);
         totalSz += contentInfoSeqSz;
     } else {
         contentInfoSeqSz = 0;
@@ -12608,51 +14384,49 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     if (totalSz > (int)outputSz) {
         WOLFSSL_MSG("PKCS#7 output buffer too small");
-        if (attribs != NULL)
-            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAttribs != NULL)
-            XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return BUFFER_E;
     }
 
-    XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+    XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz);
     idx += contentInfoSeqSz;
-    XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+    XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz);
     idx += outerContentTypeSz;
-    XMEMCPY(output + idx, outerContent, outerContentSz);
+    XMEMCPY(output + idx, outerContent, (word32)outerContentSz);
     idx += outerContentSz;
-    XMEMCPY(output + idx, encDataSeq, encDataSeqSz);
+    XMEMCPY(output + idx, encDataSeq, (word32)encDataSeqSz);
     idx += encDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    XMEMCPY(output + idx, ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+    XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    XMEMCPY(output + idx, contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
-    XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
+    XMEMCPY(output + idx, ivOctetString, (word32)ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(output + idx, tmpIv, blockSz);
+    XMEMCPY(output + idx, tmpIv, (word32)blockSz);
     idx += blockSz;
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
+    XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz);
     idx += encryptedOutSz;
 
     if (pkcs7->unprotectedAttribsSz != 0) {
         XMEMCPY(output + idx, attribSet, attribsSetSz);
-        idx += attribsSetSz;
-        XMEMCPY(output + idx, flatAttribs, attribsSz);
-        idx += attribsSz;
+        idx += (int)attribsSetSz;
+        if (attribsSz > 0) {
+            XMEMCPY(output + idx, flatAttribs, attribsSz);
+            idx += (int)attribsSz;
+        }
     }
 
-    if (attribs != NULL)
-        XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    if (flatAttribs != NULL)
-        XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
@@ -12662,7 +14436,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
 /* decode and store unprotected attributes in PKCS7->decodedAttrib. Return
  * 0 on success, negative on error. User must call wc_PKCS7_Free(). */
-static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
+static int wc_PKCS7_DecodeUnprotectedAttributes(wc_PKCS7* pkcs7, byte* pkiMsg,
                                              word32 pkiMsgSz, word32* inOutIdx)
 {
     int ret, attribLen;
@@ -12696,10 +14470,10 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
 
 
 /* unwrap and decrypt PKCS#7/CMS encrypted-data object, returned decoded size */
-int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
+int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                  byte* output, word32 outputSz)
 {
-    int ret = 0, version, length = 0, haveAttribs = 0;
+    int ret = 0, version = 0, length = 0, haveAttribs = 0;
     word32 idx = 0;
 
 #ifndef NO_PKCS7_STREAM
@@ -12717,7 +14491,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
 
     byte* pkiMsg = in;
     word32 pkiMsgSz = inSz;
-    byte  tag;
+    byte  tag = 0;
 
     if (pkcs7 == NULL ||
             ((pkcs7->encryptionKey == NULL || pkcs7->encryptionKeySz == 0) &&
@@ -12836,27 +14610,28 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = ASN_PARSE_E;
 
             if (ret == 0) {
-                pkcs7->contentOID = contentType;
+                pkcs7->contentOID = (int)contentType;
             }
 
             if (ret == 0 && (ret = GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType,
                         pkiMsgSz)) < 0)
                 ret = ASN_PARSE_E;
-            if (ret == 0 && (expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID)) < 0)
+            if (ret == 0 && (expBlockSz =
+                    wc_PKCS7_GetOIDBlockSize((int)encOID)) < 0)
                 ret = expBlockSz;
 
             if (ret != 0) break;
 #ifndef NO_PKCS7_STREAM
             /* store expBlockSz for later */
-            pkcs7->stream->varOne = expBlockSz;
-            pkcs7->stream->varTwo = encOID;
+            pkcs7->stream->varOne = (word32)expBlockSz;
+            pkcs7->stream->varTwo = (int)encOID;
 
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                 break;
             }
 
             /* store version for later */
-            pkcs7->stream->vers = version;
+            pkcs7->stream->vers = (word32)version;
 #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_STAGE4);
             FALL_THROUGH;
@@ -12872,7 +14647,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
 
             /* restore saved variables */
-            expBlockSz = pkcs7->stream->varOne;
+            expBlockSz = (int)pkcs7->stream->varOne;
 #endif
             if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
@@ -12883,14 +14658,15 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = ASN_PARSE_E;
 
             if (ret == 0 && length != expBlockSz) {
-                WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
+                WOLFSSL_MSG(
+                      "Incorrect IV length, must be of content alg block size");
                 ret = ASN_PARSE_E;
             }
 
             if (ret != 0) break;
 #ifndef NO_PKCS7_STREAM
             /* next chunk of data expected should have the IV */
-            pkcs7->stream->expected = length;
+            pkcs7->stream->expected = (word32)length;
 
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                 break;
@@ -12911,10 +14687,10 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* use IV buffer from stream structure */
             tmpIv  = pkcs7->stream->tmpIv;
-            length = pkcs7->stream->expected;
+            length = (int)pkcs7->stream->expected;
 #endif
-            XMEMCPY(tmpIv, &pkiMsg[idx], length);
-            idx += length;
+            XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length);
+            idx += (word32)length;
             /* read encryptedContent, cont[0] */
             if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
@@ -12934,7 +14710,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 break;
             }
 
-            if (pkcs7->stream->totalRd +  encryptedContentSz <
+            if (pkcs7->stream->totalRd + (word32)encryptedContentSz <
                     pkcs7->stream->maxLen) {
                 pkcs7->stream->flagOne = 1;
             }
@@ -12956,28 +14732,35 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
 
             /* restore saved variables */
-            expBlockSz = pkcs7->stream->varOne;
-            encOID     = pkcs7->stream->varTwo;
+            expBlockSz = (int)pkcs7->stream->varOne;
+            encOID     = (word32)pkcs7->stream->varTwo;
             encryptedContentSz = pkcs7->stream->varThree;
-            version    = pkcs7->stream->vers;
+            version    = (int)pkcs7->stream->vers;
             tmpIv      = pkcs7->stream->tmpIv;
 #endif
+            if (encryptedContentSz <= 0) {
+                ret = BUFFER_E;
+                break;
+            }
+
             if (ret == 0 && (encryptedContent = (byte*)XMALLOC(
-                encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7)) == NULL) {
+                                  (unsigned int)encryptedContentSz, pkcs7->heap,
+                                  DYNAMIC_TYPE_PKCS7)) == NULL) {
                 ret = MEMORY_E;
                 break;
             }
 
             if (ret == 0) {
-                XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-                idx += encryptedContentSz;
+                XMEMCPY(encryptedContent, &pkiMsg[idx],
+                    (unsigned int)encryptedContentSz);
+                idx += (word32)encryptedContentSz;
 
                 /* decrypt encryptedContent */
                 ret = wc_PKCS7_DecryptContent(pkcs7, encOID,
-                            pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv,
-                            expBlockSz, NULL, 0, NULL, 0, encryptedContent,
-                            encryptedContentSz, encryptedContent,
-                            pkcs7->devId, pkcs7->heap);
+                              pkcs7->encryptionKey, pkcs7->encryptionKeySz,
+                              tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                              encryptedContent, encryptedContentSz,
+                              encryptedContent, pkcs7->devId, pkcs7->heap);
                 if (ret != 0) {
                     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 }
@@ -12994,7 +14777,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 /* copy plaintext to output */
-                XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
+                XMEMCPY(output, encryptedContent,
+                    (unsigned int)(encryptedContentSz - padLen));
 
                 /* get implicit[1] unprotected attributes, optional */
                 wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap);
@@ -13010,18 +14794,20 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                     ret = wc_PKCS7_DecodeUnprotectedAttributes(pkcs7, pkiMsg,
                                                        pkiMsgSz, &idx);
                     if (ret != 0) {
-                        ForceZero(encryptedContent, encryptedContentSz);
-                        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                        ForceZero(encryptedContent, (word32)encryptedContentSz);
+                        XFREE(encryptedContent, pkcs7->heap,
+                            DYNAMIC_TYPE_PKCS7);
                         ret = ASN_PARSE_E;
                     }
                 }
             }
 
             if (ret == 0) {
-                ForceZero(encryptedContent, encryptedContentSz);
+                ForceZero(encryptedContent, (word32)encryptedContentSz);
                 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
-                /* go back and check the version now that attribs have been processed */
+                /* go back and check the version now that attribs have been
+                 * processed */
                 if (pkcs7->version == 3 && version != 0) {
                     WOLFSSL_MSG("Wrong PKCS#7 FirmwareEncryptedData version");
                     return ASN_VERSION_E;
@@ -13064,7 +14850,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
  * on the parsed bundle so far.
  * returns 0 on success
  */
-int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7,
         CallbackDecryptContent decryptionCb)
 {
     if (pkcs7 != NULL) {
@@ -13077,7 +14863,7 @@ int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
 /* Set an optional user context that gets passed to callback
  * returns 0 on success
  */
-int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx)
 {
     if (pkcs7 != NULL) {
         pkcs7->decryptionCtx = ctx;
@@ -13086,10 +14872,73 @@ int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
 }
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 
+
+/* set stream mode for encoding and signing
+ * returns 0 on success */
+int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag,
+    CallbackGetContent getContentCb,
+    CallbackStreamOut streamOutCb, void* ctx)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+#ifdef ASN_BER_TO_DER
+    pkcs7->encodeStream = (flag != 0);
+    pkcs7->getContentCb = getContentCb;
+    pkcs7->streamOutCb  = streamOutCb;
+    pkcs7->streamCtx    = ctx;
+    return 0;
+#else
+    (void)flag;
+    (void)getContentCb;
+    (void)streamOutCb;
+    (void)ctx;
+    return NOT_COMPILED_IN;
+#endif
+}
+
+
+/* returns to current stream mode flag on success, negative values on fail */
+int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+#ifdef ASN_BER_TO_DER
+    return pkcs7->encodeStream;
+#else
+    return 0;
+#endif
+}
+
+
+/* set option to not include certificates when creating a bundle
+ * returns 0 on success */
+int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    pkcs7->noCerts = (flag != 0);
+    return 0;
+}
+
+
+/* returns the current noCerts flag value on success, negative values on fail */
+int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7)
+{
+    if (pkcs7 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return pkcs7->noCerts;
+}
+
+
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 
 /* build PKCS#7 compressedData content type, return encrypted size */
-int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output,
+    word32 outputSz)
 {
     byte contentInfoSeq[MAX_SEQ_SZ];
     byte contentInfoTypeOid[MAX_OID_SZ];
@@ -13140,7 +14989,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     totalSz = contentOctetStrSz + compressedSz;
 
     /* EXPLICIT [0] eContentType */
-    contentSeqSz = SetExplicit(0, totalSz, contentSeq);
+    contentSeqSz = SetExplicit(0, totalSz, contentSeq, 0);
     totalSz += contentSeqSz;
 
     /* eContentType OBJECT IDENTIFIER */
@@ -13200,7 +15049,8 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
          */
 
         /* ContentInfo content EXPLICIT SEQUENCE */
-        contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq);
+        contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq,
+            0);
         totalSz += contentInfoContentSeqSz;
 
         ret = wc_SetContentType(COMPRESSED_DATA, contentInfoTypeOid,
@@ -13261,8 +15111,8 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 /* unwrap and decompress PKCS#7/CMS compressedData object,
  * Handles content wrapped compressed data and raw compressed data packet
  * returned decoded size */
-int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
-                                  byte* output, word32 outputSz)
+int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
+    word32 pkiMsgSz, byte* output, word32 outputSz)
 {
     int length, version, ret;
     word32 idx = 0, algOID, contentType;
diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c
index f56b3fdad..10a1c5048 100644
--- a/wolfcrypt/src/poly1305.c
+++ b/wolfcrypt/src/poly1305.c
@@ -1,6 +1,6 @@
 /* poly1305.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,6 +29,13 @@ and Daniel J. Bernstein
 */
 
 
+/*
+ * WOLFSSL_W64_WRAPPER Uses wrappers around word64 types for a system that does
+ *                     not have word64 available. As expected it reduces
+ *                     performance. Benchmarks collected July 2024 show
+ *                     303.004 MiB/s with and 1874.194 MiB/s without.
+ */
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -55,7 +62,7 @@ and Daniel J. Bernstein
     #pragma warning(disable: 4127)
 #endif
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     #include <emmintrin.h>
     #include <immintrin.h>
 
@@ -70,6 +77,10 @@ and Daniel J. Bernstein
     #elif defined(__clang__) && defined(NO_AVX2_SUPPORT)
         #undef NO_AVX2_SUPPORT
     #endif
+    #if defined(_MSC_VER) && (_MSC_VER <= 1900)
+        #undef  NO_AVX2_SUPPORT
+        #define NO_AVX2_SUPPORT
+    #endif
 
     #define HAVE_INTEL_AVX1
     #ifndef NO_AVX2_SUPPORT
@@ -77,13 +88,12 @@ and Daniel J. Bernstein
     #endif
 #endif
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
 static word32 intel_flags = 0;
 static word32 cpu_flags_set = 0;
 #endif
 
-#if (defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)) || \
-        defined(POLY130564)
+#if defined(USE_INTEL_POLY1305_SPEEDUP) || defined(POLY130564)
     #if defined(_MSC_VER)
         #define POLY1305_NOINLINE __declspec(noinline)
     #elif defined(__GNUC__)
@@ -123,7 +133,7 @@ static word32 cpu_flags_set = 0;
     #endif
 #endif
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -196,7 +206,7 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
 #endif
 
 #elif defined(POLY130564)
-#ifndef WOLFSSL_ARMASM
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
     static word64 U8TO64(const byte* p)
     {
         return
@@ -220,8 +230,9 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
         p[6] = (byte)(v >> 48);
         p[7] = (byte)(v >> 56);
     }
-#endif/* WOLFSSL_ARMASM */
-#else /* if not 64 bit then use 32 bit */
+#endif/* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
+/* if not 64 bit then use 32 bit */
+#elif !defined(WOLFSSL_ARMASM)
 
     static word32 U8TO32(const byte *p)
     {
@@ -258,7 +269,7 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
 }
 
 
-#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
 /*
 This local function operates on a message with a given number of bytes
 with a given ctx pointer to a Poly1305 structure.
@@ -266,7 +277,7 @@ with a given ctx pointer to a Poly1305 structure.
 static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
                      size_t bytes)
 {
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     /* AVX2 is handled in wc_Poly1305Update. */
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
     poly1305_blocks_avx(ctx, m, bytes);
@@ -329,8 +340,22 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
     word32 r0,r1,r2,r3,r4;
     word32 s1,s2,s3,s4;
     word32 h0,h1,h2,h3,h4;
-    word64 d0,d1,d2,d3,d4;
     word32 c;
+#ifdef WOLFSSL_W64_WRAPPER
+    #ifdef WOLFSSL_SMALL_STACK
+    w64wrapper* d;
+
+    d = (w64wrapper*)XMALLOC(5 * sizeof(w64wrapper), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (d == NULL) {
+        return MEMORY_E;
+    }
+    #else
+    w64wrapper d[5];
+    #endif
+#else
+    word64 d0,d1,d2,d3,d4;
+#endif
 
 
     r0 = ctx->r[0];
@@ -359,6 +384,41 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         h4 += (U8TO32(m+12) >> 8) | hibit;
 
         /* h *= r */
+#ifdef WOLFSSL_W64_WRAPPER
+        {
+            w64wrapper tmp;
+
+            d[0] = w64Mul(h0, r0); tmp = w64Mul(h1, s4);
+            d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h2, s3);
+            d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h3, s2);
+            d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h4, s1);
+            d[0] = w64Add(d[0], tmp, NULL);
+
+            d[1] = w64Mul(h0, r1); tmp = w64Mul(h1, r0);
+            d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h2, s4);
+            d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h3, s3);
+            d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h4, s2);
+            d[1] = w64Add(d[1], tmp, NULL);
+
+            d[2] = w64Mul(h0, r2); tmp = w64Mul(h1, r1);
+            d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h2, r0);
+            d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h3, s4);
+            d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h4, s3);
+            d[2] = w64Add(d[2], tmp, NULL);
+
+            d[3] = w64Mul(h0, r3); tmp = w64Mul(h1, r2);
+            d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h2, r1);
+            d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h3, r0);
+            d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h4, s4);
+            d[3] = w64Add(d[3], tmp, NULL);
+
+            d[4] = w64Mul(h0, r4); tmp = w64Mul(h1, r3);
+            d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h2, r2);
+            d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h3, r1);
+            d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h4, r0);
+            d[4] = w64Add(d[4], tmp, NULL);
+        }
+#else
         d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) +
              ((word64)h3 * s2) + ((word64)h4 * s1);
         d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) +
@@ -369,13 +429,31 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
              ((word64)h3 * r0) + ((word64)h4 * s4);
         d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) +
              ((word64)h3 * r1) + ((word64)h4 * r0);
+#endif
 
         /* (partial) h %= p */
+#ifdef WOLFSSL_W64_WRAPPER
+        c = w64GetLow32(w64ShiftRight(d[0], 26));
+        h0 = w64GetLow32(d[0]) & 0x3ffffff;
+        d[1] = w64Add32(d[1], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[1], 26));
+        h1 = w64GetLow32(d[1]) & 0x3ffffff;
+        d[2] = w64Add32(d[2], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[2], 26));
+        h2 = w64GetLow32(d[2]) & 0x3ffffff;
+        d[3] = w64Add32(d[3], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[3], 26));
+        h3 = w64GetLow32(d[3]) & 0x3ffffff;
+        d[4] = w64Add32(d[4], c, NULL);
+        c = w64GetLow32(w64ShiftRight(d[4], 26));
+        h4 = w64GetLow32(d[4]) & 0x3ffffff;
+#else
                       c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff;
         d1 += c;      c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff;
         d2 += c;      c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff;
         d3 += c;      c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff;
         d4 += c;      c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff;
+#endif
         h0 += c * 5;  c =  (h0 >> 26); h0 =                h0 & 0x3ffffff;
         h1 += c;
 
@@ -389,6 +467,10 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m,
     ctx->h[3] = h3;
     ctx->h[4] = h4;
 
+#if defined(WOLFSSL_W64_WRAPPER) && defined(WOLFSSL_SMALL_STACK)
+    XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return 0;
 
 #endif /* end of 64 bit cpu blocks or 32 bit cpu */
@@ -400,7 +482,7 @@ number of bytes is less than the block size.
 */
 static int poly1305_block(Poly1305* ctx, const unsigned char *m)
 {
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     /* No call to poly1305_block when AVX2, AVX2 does 4 blocks at a time. */
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
     poly1305_block_avx(ctx, m);
@@ -410,13 +492,10 @@ static int poly1305_block(Poly1305* ctx, const unsigned char *m)
     return poly1305_blocks(ctx, m, POLY1305_BLOCK_SIZE);
 #endif
 }
-#endif /* !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) */
 
-#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
 int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
 {
-#if defined(POLY130564) && \
-    !(defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP))
+#if defined(POLY130564) && !defined(USE_INTEL_POLY1305_SPEEDUP)
     word64 t0,t1;
 #endif
 
@@ -437,7 +516,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
     if (keySz != 32 || ctx == NULL)
         return BAD_FUNC_ARG;
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     if (!cpu_flags_set) {
         intel_flags = cpuid_get_flags();
         cpu_flags_set = 1;
@@ -450,6 +529,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
     #endif
         poly1305_setkey_avx(ctx, key);
     RESTORE_VECTOR_REGISTERS();
+    ctx->started = 0;
 #elif defined(POLY130564)
 
     /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
@@ -504,7 +584,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
 
 int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 {
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
 #elif defined(POLY130564)
 
     word64 h0,h1,h2,c;
@@ -515,7 +595,11 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 
     word32 h0,h1,h2,h3,h4,c;
     word32 g0,g1,g2,g3,g4;
+#ifdef WOLFSSL_W64_WRAPPER
+    w64wrapper f;
+#else
     word64 f;
+#endif
     word32 mask;
 
 #endif
@@ -523,7 +607,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
     if (ctx == NULL || mac == NULL)
         return BAD_FUNC_ARG;
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
     #ifdef HAVE_INTEL_AVX2
     if (IS_INTEL_AVX2(intel_flags))
@@ -654,10 +738,31 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
     h3 = ((h3 >> 18) | (h4 <<  8)) & 0xffffffff;
 
     /* mac = (h + pad) % (2^128) */
+#ifdef WOLFSSL_W64_WRAPPER
+    f = w64From32(0, h0);
+    f = w64Add32(f, ctx->pad[0], NULL);
+    h0 = w64GetLow32(f);
+
+    f = w64ShiftRight(f, 32);
+    f = w64Add32(f, h1, NULL);
+    f = w64Add32(f, ctx->pad[1], NULL);
+    h1 = w64GetLow32(f);
+
+    f = w64ShiftRight(f, 32);
+    f = w64Add32(f, h2, NULL);
+    f = w64Add32(f, ctx->pad[2], NULL);
+    h2 = w64GetLow32(f);
+
+    f = w64ShiftRight(f, 32);
+    f = w64Add32(f, h3, NULL);
+    f = w64Add32(f, ctx->pad[3], NULL);
+    h3 = w64GetLow32(f);
+#else
     f = (word64)h0 + ctx->pad[0]            ; h0 = (word32)f;
     f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f;
     f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f;
     f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f;
+#endif
 
     U32TO8(mac + 0, h0);
     U32TO8(mac + 4, h1);
@@ -684,7 +789,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 
     return 0;
 }
-#endif /* !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) */
+#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
 
 int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
@@ -709,13 +814,49 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
     printf("\n");
 #endif
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_THUMB2) && \
+    !defined(WOLFSSL_ARMASM_NO_NEON)
+    /* handle leftover */
+    if (ctx->leftover) {
+        size_t want = sizeof(ctx->buffer) - ctx->leftover;
+        if (want > bytes)
+            want = bytes;
+
+        for (i = 0; i < want; i++)
+            ctx->buffer[ctx->leftover + i] = m[i];
+        bytes -= (word32)want;
+        m += want;
+        ctx->leftover += want;
+        if (ctx->leftover < sizeof(ctx->buffer)) {
+            return 0;
+        }
+
+        poly1305_blocks(ctx, ctx->buffer, sizeof(ctx->buffer));
+        ctx->leftover = 0;
+    }
+
+    /* process full blocks */
+    if (bytes >= sizeof(ctx->buffer)) {
+        size_t want = bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1);
+
+        poly1305_blocks(ctx, m, want);
+        m += want;
+        bytes -= (word32)want;
+    }
+
+    /* store leftover */
+    if (bytes) {
+        for (i = 0; i < bytes; i++)
+            ctx->buffer[ctx->leftover + i] = m[i];
+        ctx->leftover += bytes;
+    }
+#else
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     #ifdef HAVE_INTEL_AVX2
     if (IS_INTEL_AVX2(intel_flags)) {
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
         /* handle leftover */
-
         if (ctx->leftover) {
             size_t want = sizeof(ctx->buffer) - ctx->leftover;
             if (want > bytes)
@@ -731,8 +872,10 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
                 return 0;
             }
 
-            if (!ctx->started)
+            if (!ctx->started) {
                 poly1305_calc_powers_avx2(ctx);
+                ctx->started = 1;
+            }
             poly1305_blocks_avx2(ctx, ctx->buffer, sizeof(ctx->buffer));
             ctx->leftover = 0;
         }
@@ -741,8 +884,10 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
         if (bytes >= sizeof(ctx->buffer)) {
             size_t want = bytes & ~(sizeof(ctx->buffer) - 1);
 
-            if (!ctx->started)
+            if (!ctx->started) {
                 poly1305_calc_powers_avx2(ctx);
+                ctx->started = 1;
+            }
             poly1305_blocks_avx2(ctx, m, want);
             m += want;
             bytes -= (word32)want;
@@ -779,7 +924,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
         /* process full blocks */
         if (bytes >= POLY1305_BLOCK_SIZE) {
             size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1));
-#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
             int ret;
             ret = poly1305_blocks(ctx, m, want);
             if (ret != 0)
@@ -798,6 +943,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
             ctx->leftover += bytes;
         }
     }
+#endif
 
     return 0;
 }
diff --git a/wolfcrypt/src/poly1305_asm.S b/wolfcrypt/src/poly1305_asm.S
index ba1d29449..5d62d9505 100644
--- a/wolfcrypt/src/poly1305_asm.S
+++ b/wolfcrypt/src/poly1305_asm.S
@@ -1,6 +1,6 @@
 /* poly1305_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -699,7 +699,11 @@ _poly1305_blocks_avx2:
 #endif /* __APPLE__ */
         pushq	%r12
         pushq	%rbx
+        pushq	%r13
+        pushq	%r14
         subq	$0x140, %rsp
+        leaq	L_poly1305_avx2_blocks_mask(%rip), %r13
+        leaq	L_poly1305_avx2_blocks_hibit(%rip), %r14
         movq	%rsp, %rcx
         andq	$-32, %rcx
         addq	$32, %rcx
@@ -720,11 +724,11 @@ _poly1305_blocks_avx2:
         vpunpckhdq	%ymm15, %ymm1, %ymm1
         vpunpckldq	%ymm15, %ymm3, %ymm2
         vpunpckhdq	%ymm15, %ymm3, %ymm3
-        vmovdqu	L_poly1305_avx2_blocks_hibit(%rip), %ymm4
+        vmovdqu	(%r14), %ymm4
         vpsllq	$6, %ymm1, %ymm1
         vpsllq	$12, %ymm2, %ymm2
         vpsllq	$18, %ymm3, %ymm3
-        vmovdqu	L_poly1305_avx2_blocks_mask(%rip), %ymm14
+        vmovdqu	(%r13), %ymm14
         # Reduce, in place, the message data
         vpsrlq	$26, %ymm0, %ymm10
         vpsrlq	$26, %ymm3, %ymm11
@@ -811,7 +815,7 @@ L_poly1305_avx2_blocks_mul_5:
         vmovdqa	%ymm7, 64(%rcx)
         vmovdqa	%ymm8, 96(%rcx)
         vmovdqa	%ymm9, 128(%rcx)
-        vmovdqu	L_poly1305_avx2_blocks_mask(%rip), %ymm14
+        vmovdqu	(%r13), %ymm14
         # If not finished then loop over data
         cmpb	$0x01, 616(%rdi)
         jne	L_poly1305_avx2_blocks_start
@@ -922,7 +926,7 @@ L_poly1305_avx2_blocks_start:
         vpunpckhdq	%ymm15, %ymm6, %ymm6
         vpunpckldq	%ymm15, %ymm8, %ymm7
         vpunpckhdq	%ymm15, %ymm8, %ymm8
-        vmovdqu	L_poly1305_avx2_blocks_hibit(%rip), %ymm9
+        vmovdqu	(%r14), %ymm9
         vpsllq	$6, %ymm6, %ymm6
         vpsllq	$12, %ymm7, %ymm7
         vpsllq	$18, %ymm8, %ymm8
@@ -1038,7 +1042,10 @@ L_poly1305_avx2_blocks_end_calc:
         movq	%rcx, 40(%rdi)
 L_poly1305_avx2_blocks_complete:
         movb	$0x01, 617(%rdi)
+        vzeroupper
         addq	$0x140, %rsp
+        popq	%r14
+        popq	%r13
         popq	%rbx
         popq	%r12
         repz retq
@@ -1099,7 +1106,7 @@ L_poly1305_avx2_final_start_copy:
         incb	%cl
         incb	%dl
 L_poly1305_avx2_final_cmp_copy:
-        cmp	%rcx, %rax
+        cmpb	%cl, %al
         jne	L_poly1305_avx2_final_start_copy
 #ifndef __APPLE__
         callq	poly1305_final_avx@plt
@@ -1118,6 +1125,7 @@ L_poly1305_avx2_final_cmp_copy:
         vmovdqu	%ymm0, 320(%rdi)
         movq	$0x00, 608(%rdi)
         movw	$0x00, 616(%rdi)
+        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	poly1305_final_avx2,.-poly1305_final_avx2
diff --git a/wolfcrypt/src/poly1305_asm.asm b/wolfcrypt/src/poly1305_asm.asm
new file mode 100644
index 000000000..5c408fe78
--- /dev/null
+++ b/wolfcrypt/src/poly1305_asm.asm
@@ -0,0 +1,1060 @@
+; /* poly1305_asm.asm */
+; /*
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
+;  *
+;  * This file is part of wolfSSL.
+;  *
+;  * wolfSSL is free software; you can redistribute it and/or modify
+;  * it under the terms of the GNU General Public License as published by
+;  * the Free Software Foundation; either version 2 of the License, or
+;  * (at your option) any later version.
+;  *
+;  * wolfSSL is distributed in the hope that it will be useful,
+;  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+;  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;  * GNU General Public License for more details.
+;  *
+;  * You should have received a copy of the GNU General Public License
+;  * along with this program; if not, write to the Free Software
+;  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+;  */
+IF @Version LT 1200
+; AVX2 instructions not recognized by old versions of MASM
+IFNDEF NO_AVX2_SUPPORT
+NO_AVX2_SUPPORT = 1
+ENDIF
+; MOVBE instruction not recognized by old versions of MASM
+IFNDEF NO_MOVBE_SUPPORT
+NO_MOVBE_SUPPORT = 1
+ENDIF
+ENDIF
+
+IFNDEF HAVE_INTEL_AVX1
+HAVE_INTEL_AVX1 = 1
+ENDIF
+IFNDEF NO_AVX2_SUPPORT
+HAVE_INTEL_AVX2 = 1
+ENDIF
+
+IFNDEF _WIN64
+_WIN64 = 1
+ENDIF
+
+IFDEF HAVE_INTEL_AVX1
+_text SEGMENT READONLY PARA
+poly1305_setkey_avx PROC
+        push	r12
+        push	r13
+        mov	r12, 1152921487695413247
+        mov	r13, 1152921487695413244
+        mov	rax, QWORD PTR [rdx]
+        mov	r8, QWORD PTR [rdx+8]
+        mov	r9, QWORD PTR [rdx+16]
+        mov	r10, QWORD PTR [rdx+24]
+        and	rax, r12
+        and	r8, r13
+        mov	r12, rax
+        mov	r13, r8
+        xor	r11, r11
+        mov	QWORD PTR [rcx], rax
+        mov	QWORD PTR [rcx+8], r8
+        mov	QWORD PTR [rcx+24], r11
+        mov	QWORD PTR [rcx+32], r11
+        mov	QWORD PTR [rcx+40], r11
+        mov	QWORD PTR [rcx+48], r9
+        mov	QWORD PTR [rcx+56], r10
+        mov	QWORD PTR [rcx+352], r11
+        mov	QWORD PTR [rcx+408], r11
+        mov	QWORD PTR [rcx+360], rax
+        mov	QWORD PTR [rcx+416], r8
+        add	r12, rax
+        add	r13, r8
+        mov	QWORD PTR [rcx+368], r12
+        mov	QWORD PTR [rcx+424], r13
+        add	r12, rax
+        add	r13, r8
+        mov	QWORD PTR [rcx+376], r12
+        mov	QWORD PTR [rcx+432], r13
+        add	r12, rax
+        add	r13, r8
+        mov	QWORD PTR [rcx+384], r12
+        mov	QWORD PTR [rcx+440], r13
+        add	r12, rax
+        add	r13, r8
+        mov	QWORD PTR [rcx+392], r12
+        mov	QWORD PTR [rcx+448], r13
+        add	r12, rax
+        add	r13, r8
+        mov	QWORD PTR [rcx+400], r12
+        mov	QWORD PTR [rcx+456], r13
+        mov	QWORD PTR [rcx+608], r11
+        mov	BYTE PTR [rcx+616], 1
+        pop	r13
+        pop	r12
+        ret
+poly1305_setkey_avx ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+poly1305_block_avx PROC
+        push	r15
+        push	rbx
+        push	r12
+        push	r13
+        push	r14
+        mov	r15, QWORD PTR [rcx]
+        mov	rbx, QWORD PTR [rcx+8]
+        mov	r8, QWORD PTR [rcx+24]
+        mov	r9, QWORD PTR [rcx+32]
+        mov	r10, QWORD PTR [rcx+40]
+        xor	r14, r14
+        mov	r14b, BYTE PTR [rcx+616]
+        ; h += m
+        mov	r11, QWORD PTR [rdx]
+        mov	r12, QWORD PTR [rdx+8]
+        add	r8, r11
+        adc	r9, r12
+        mov	rax, rbx
+        adc	r10, r14
+        ; r[1] * h[0] => rdx, rax ==> t2, t1
+        mul	r8
+        mov	r12, rax
+        mov	r13, rdx
+        ; r[0] * h[1] => rdx, rax ++> t2, t1
+        mov	rax, r15
+        mul	r9
+        add	r12, rax
+        mov	rax, r15
+        adc	r13, rdx
+        ; r[0] * h[0] => rdx, rax ==> t4, t0
+        mul	r8
+        mov	r11, rax
+        mov	r8, rdx
+        ; r[1] * h[1] => rdx, rax =+> t3, t2
+        mov	rax, rbx
+        mul	r9
+        ;   r[0] * h[2] +> t2
+        add	r13, QWORD PTR [rcx+8*r10+352]
+        mov	r14, rdx
+        add	r12, r8
+        adc	r13, rax
+        ;   r[1] * h[2] +> t3
+        adc	r14, QWORD PTR [rcx+8*r10+408]
+        ; r * h in r14, r13, r12, r11
+        ; h = (r * h) mod 2^130 - 5
+        mov	r10, r13
+        and	r13, -4
+        and	r10, 3
+        add	r11, r13
+        mov	r8, r13
+        adc	r12, r14
+        adc	r10, 0
+        shrd	r8, r14, 2
+        shr	r14, 2
+        add	r8, r11
+        adc	r12, r14
+        mov	r9, r12
+        adc	r10, 0
+        ; h in r10, r9, r8
+        ; Store h to ctx
+        mov	QWORD PTR [rcx+24], r8
+        mov	QWORD PTR [rcx+32], r9
+        mov	QWORD PTR [rcx+40], r10
+        pop	r14
+        pop	r13
+        pop	r12
+        pop	rbx
+        pop	r15
+        ret
+poly1305_block_avx ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+poly1305_blocks_avx PROC
+        push	rdi
+        push	rsi
+        push	r15
+        push	rbx
+        push	r12
+        push	r13
+        push	r14
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rcx, r8
+        mov	r15, QWORD PTR [rdi]
+        mov	rbx, QWORD PTR [rdi+8]
+        mov	r8, QWORD PTR [rdi+24]
+        mov	r9, QWORD PTR [rdi+32]
+        mov	r10, QWORD PTR [rdi+40]
+L_poly1305_avx_blocks_start:
+        ; h += m
+        mov	r11, QWORD PTR [rsi]
+        mov	r12, QWORD PTR [rsi+8]
+        add	r8, r11
+        adc	r9, r12
+        mov	rax, rbx
+        adc	r10, 0
+        ; r[1] * h[0] => rdx, rax ==> t2, t1
+        mul	r8
+        mov	r12, rax
+        mov	r13, rdx
+        ; r[0] * h[1] => rdx, rax ++> t2, t1
+        mov	rax, r15
+        mul	r9
+        add	r12, rax
+        mov	rax, r15
+        adc	r13, rdx
+        ; r[0] * h[0] => rdx, rax ==> t4, t0
+        mul	r8
+        mov	r11, rax
+        mov	r8, rdx
+        ; r[1] * h[1] => rdx, rax =+> t3, t2
+        mov	rax, rbx
+        mul	r9
+        ;   r[0] * h[2] +> t2
+        add	r13, QWORD PTR [rdi+8*r10+360]
+        mov	r14, rdx
+        add	r12, r8
+        adc	r13, rax
+        ;   r[1] * h[2] +> t3
+        adc	r14, QWORD PTR [rdi+8*r10+416]
+        ; r * h in r14, r13, r12, r11
+        ; h = (r * h) mod 2^130 - 5
+        mov	r10, r13
+        and	r13, -4
+        and	r10, 3
+        add	r11, r13
+        mov	r8, r13
+        adc	r12, r14
+        adc	r10, 0
+        shrd	r8, r14, 2
+        shr	r14, 2
+        add	r8, r11
+        adc	r12, r14
+        mov	r9, r12
+        adc	r10, 0
+        ; h in r10, r9, r8
+        ; Next block from message
+        add	rsi, 16
+        sub	rcx, 16
+        jg	L_poly1305_avx_blocks_start
+        ; Store h to ctx
+        mov	QWORD PTR [rdi+24], r8
+        mov	QWORD PTR [rdi+32], r9
+        mov	QWORD PTR [rdi+40], r10
+        pop	r14
+        pop	r13
+        pop	r12
+        pop	rbx
+        pop	r15
+        pop	rsi
+        pop	rdi
+        ret
+poly1305_blocks_avx ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+poly1305_final_avx PROC
+        push	rdi
+        push	rbx
+        push	r12
+        mov	rdi, rcx
+        mov	rbx, rdx
+        mov	rax, QWORD PTR [rdi+608]
+        test	rax, rax
+        je	L_poly1305_avx_final_no_more
+        mov	BYTE PTR [rdi+rax+480], 1
+        jmp	L_poly1305_avx_final_cmp_rem
+L_poly1305_avx_final_zero_rem:
+        mov	BYTE PTR [rdi+rax+480], 0
+L_poly1305_avx_final_cmp_rem:
+        inc	al
+        cmp	rax, 16
+        jl	L_poly1305_avx_final_zero_rem
+        mov	BYTE PTR [rdi+616], 0
+        lea	rdx, QWORD PTR [rdi+480]
+        call	poly1305_block_avx
+L_poly1305_avx_final_no_more:
+        mov	rax, QWORD PTR [rdi+24]
+        mov	rdx, QWORD PTR [rdi+32]
+        mov	rcx, QWORD PTR [rdi+40]
+        mov	r11, QWORD PTR [rdi+48]
+        mov	r12, QWORD PTR [rdi+56]
+        ; h %= p
+        ; h = (h + pad)
+        ; mod 2^130 - 5
+        mov	r8, rcx
+        and	rcx, 3
+        shr	r8, 2
+        ;   Multiply by 5
+        lea	r8, QWORD PTR [r8+4*r8+0]
+        add	rax, r8
+        adc	rdx, 0
+        adc	rcx, 0
+        ; Fixup when between (1 << 130) - 1 and (1 << 130) - 5
+        mov	r8, rax
+        mov	r9, rdx
+        mov	r10, rcx
+        add	r8, 5
+        adc	r9, 0
+        adc	r10, 0
+        cmp	r10, 4
+        cmove	rax, r8
+        cmove	rdx, r9
+        ; h += pad
+        add	rax, r11
+        adc	rdx, r12
+        mov	QWORD PTR [rbx], rax
+        mov	QWORD PTR [rbx+8], rdx
+        ; Zero out r
+        mov	QWORD PTR [rdi], 0
+        mov	QWORD PTR [rdi+8], 0
+        ; Zero out h
+        mov	QWORD PTR [rdi+24], 0
+        mov	QWORD PTR [rdi+32], 0
+        mov	QWORD PTR [rdi+40], 0
+        ; Zero out pad
+        mov	QWORD PTR [rdi+48], 0
+        mov	QWORD PTR [rdi+56], 0
+        pop	r12
+        pop	rbx
+        pop	rdi
+        ret
+poly1305_final_avx ENDP
+_text ENDS
+ENDIF
+IFDEF HAVE_INTEL_AVX2
+_text SEGMENT READONLY PARA
+poly1305_calc_powers_avx2 PROC
+        push	r12
+        push	r13
+        push	r14
+        push	r15
+        push	rdi
+        push	rsi
+        push	rbx
+        push	rbp
+        mov	r8, QWORD PTR [rcx]
+        mov	r9, QWORD PTR [rcx+8]
+        xor	r10, r10
+        ; Convert to 26 bits in 32
+        mov	rax, r8
+        mov	rdx, r8
+        mov	rsi, r8
+        mov	rbx, r9
+        mov	rbp, r9
+        shr	rdx, 26
+        shrd	rsi, r9, 52
+        shr	rbx, 14
+        shrd	rbp, r10, 40
+        and	rax, 67108863
+        and	rdx, 67108863
+        and	rsi, 67108863
+        and	rbx, 67108863
+        and	rbp, 67108863
+        mov	DWORD PTR [rcx+224], eax
+        mov	DWORD PTR [rcx+228], edx
+        mov	DWORD PTR [rcx+232], esi
+        mov	DWORD PTR [rcx+236], ebx
+        mov	DWORD PTR [rcx+240], ebp
+        mov	DWORD PTR [rcx+244], 0
+        ; Square 128-bit
+        mov	rax, r9
+        mul	r8
+        xor	r14, r14
+        mov	r12, rax
+        mov	r13, rdx
+        add	r12, rax
+        adc	r13, rdx
+        adc	r14, 0
+        mov	rax, r8
+        mul	rax
+        mov	r11, rax
+        mov	rdi, rdx
+        mov	rax, r9
+        mul	rax
+        add	r12, rdi
+        adc	r13, rax
+        adc	r14, rdx
+        ; Reduce 256-bit to 130-bit
+        mov	rax, r13
+        mov	rdx, r14
+        and	rax, -4
+        and	r13, 3
+        add	r11, rax
+        adc	r12, rdx
+        adc	r13, 0
+        shrd	rax, rdx, 2
+        shr	rdx, 2
+        add	r11, rax
+        adc	r12, rdx
+        adc	r13, 0
+        mov	rax, r13
+        shr	rax, 2
+        lea	rax, QWORD PTR [rax+4*rax+0]
+        and	r13, 3
+        add	r11, rax
+        adc	r12, 0
+        adc	r13, 0
+        ; Convert to 26 bits in 32
+        mov	rax, r11
+        mov	rdx, r11
+        mov	rsi, r11
+        mov	rbx, r12
+        mov	rbp, r12
+        shr	rdx, 26
+        shrd	rsi, r12, 52
+        shr	rbx, 14
+        shrd	rbp, r13, 40
+        and	rax, 67108863
+        and	rdx, 67108863
+        and	rsi, 67108863
+        and	rbx, 67108863
+        and	rbp, 67108863
+        mov	DWORD PTR [rcx+256], eax
+        mov	DWORD PTR [rcx+260], edx
+        mov	DWORD PTR [rcx+264], esi
+        mov	DWORD PTR [rcx+268], ebx
+        mov	DWORD PTR [rcx+272], ebp
+        mov	DWORD PTR [rcx+276], 0
+        ; Multiply 128-bit by 130-bit
+        ;   r1[0] * r2[0]
+        mov	rax, r8
+        mul	r11
+        mov	r14, rax
+        mov	r15, rdx
+        ;   r1[0] * r2[1]
+        mov	rax, r8
+        mul	r12
+        mov	rdi, 0
+        add	r15, rax
+        adc	rdi, rdx
+        ;   r1[1] * r2[0]
+        mov	rax, r9
+        mul	r11
+        mov	rsi, 0
+        add	r15, rax
+        adc	rdi, rdx
+        adc	rsi, 0
+        ;   r1[0] * r2[2]
+        mov	rax, r8
+        mul	r13
+        add	rdi, rax
+        adc	rsi, rdx
+        ;   r1[1] * r2[1]
+        mov	rax, r9
+        mul	r12
+        mov	rbx, 0
+        add	rdi, rax
+        adc	rsi, rdx
+        adc	rbx, 0
+        ;   r1[1] * r2[2]
+        mov	rax, r9
+        mul	r13
+        add	rsi, rax
+        adc	rbx, rdx
+        ; Reduce 260-bit to 130-bit
+        mov	rax, rdi
+        mov	rdx, rsi
+        mov	rbx, rbx
+        and	rax, -4
+        and	rdi, 3
+        add	r14, rax
+        adc	r15, rdx
+        adc	rdi, rbx
+        shrd	rax, rdx, 2
+        shrd	rdx, rbx, 2
+        shr	rbx, 2
+        add	r14, rax
+        adc	r15, rdx
+        adc	rdi, rbx
+        mov	rax, rdi
+        and	rdi, 3
+        shr	rax, 2
+        lea	rax, QWORD PTR [rax+4*rax+0]
+        add	r14, rax
+        adc	r15, 0
+        adc	rdi, 0
+        ; Convert to 26 bits in 32
+        mov	rax, r14
+        mov	rdx, r14
+        mov	rsi, r14
+        mov	rbx, r15
+        mov	rbp, r15
+        shr	rdx, 26
+        shrd	rsi, r15, 52
+        shr	rbx, 14
+        shrd	rbp, rdi, 40
+        and	rax, 67108863
+        and	rdx, 67108863
+        and	rsi, 67108863
+        and	rbx, 67108863
+        and	rbp, 67108863
+        mov	DWORD PTR [rcx+288], eax
+        mov	DWORD PTR [rcx+292], edx
+        mov	DWORD PTR [rcx+296], esi
+        mov	DWORD PTR [rcx+300], ebx
+        mov	DWORD PTR [rcx+304], ebp
+        mov	DWORD PTR [rcx+308], 0
+        ; Square 130-bit
+        mov	rax, r12
+        mul	r11
+        xor	r14, r14
+        mov	r9, rax
+        mov	r10, rdx
+        add	r9, rax
+        adc	r10, rdx
+        adc	r14, 0
+        mov	rax, r11
+        mul	rax
+        mov	r8, rax
+        mov	rdi, rdx
+        mov	rax, r12
+        mul	rax
+        add	r9, rdi
+        adc	r10, rax
+        adc	r14, rdx
+        mov	rax, r13
+        mul	rax
+        mov	r15, rax
+        mov	rax, r13
+        mul	r11
+        add	r10, rax
+        adc	r14, rdx
+        adc	r15, 0
+        add	r10, rax
+        adc	r14, rdx
+        adc	r15, 0
+        mov	rax, r13
+        mul	r12
+        add	r14, rax
+        adc	r15, rdx
+        add	r14, rax
+        adc	r15, rdx
+        ; Reduce 260-bit to 130-bit
+        mov	rax, r10
+        mov	rdx, r14
+        mov	rdi, r15
+        and	rax, -4
+        and	r10, 3
+        add	r8, rax
+        adc	r9, rdx
+        adc	r10, rdi
+        shrd	rax, rdx, 2
+        shrd	rdx, rdi, 2
+        shr	rdi, 2
+        add	r8, rax
+        adc	r9, rdx
+        adc	r10, rdi
+        mov	rax, r10
+        and	r10, 3
+        shr	rax, 2
+        lea	rax, QWORD PTR [rax+4*rax+0]
+        add	r8, rax
+        adc	r9, 0
+        adc	r10, 0
+        ; Convert to 26 bits in 32
+        mov	rax, r8
+        mov	rdx, r8
+        mov	rsi, r8
+        mov	rbx, r9
+        mov	rbp, r9
+        shr	rdx, 26
+        shrd	rsi, r9, 52
+        shr	rbx, 14
+        shrd	rbp, r10, 40
+        and	rax, 67108863
+        and	rdx, 67108863
+        and	rsi, 67108863
+        and	rbx, 67108863
+        and	rbp, 67108863
+        mov	DWORD PTR [rcx+320], eax
+        mov	DWORD PTR [rcx+324], edx
+        mov	DWORD PTR [rcx+328], esi
+        mov	DWORD PTR [rcx+332], ebx
+        mov	DWORD PTR [rcx+336], ebp
+        mov	DWORD PTR [rcx+340], 0
+        pop	rbp
+        pop	rbx
+        pop	rsi
+        pop	rdi
+        pop	r15
+        pop	r14
+        pop	r13
+        pop	r12
+        ret
+poly1305_calc_powers_avx2 ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+poly1305_setkey_avx2 PROC
+        call	poly1305_setkey_avx
+        vpxor	ymm0, ymm0, ymm0
+        vmovdqu	YMMWORD PTR [rcx+64], ymm0
+        vmovdqu	YMMWORD PTR [rcx+96], ymm0
+        vmovdqu	YMMWORD PTR [rcx+128], ymm0
+        vmovdqu	YMMWORD PTR [rcx+160], ymm0
+        vmovdqu	YMMWORD PTR [rcx+192], ymm0
+        mov	QWORD PTR [rcx+608], 0
+        mov	WORD PTR [rcx+616], 0
+        ret
+poly1305_setkey_avx2 ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
+L_poly1305_avx2_blocks_mask QWORD 67108863, 67108863,
+    67108863, 67108863
+ptr_L_poly1305_avx2_blocks_mask QWORD L_poly1305_avx2_blocks_mask
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_poly1305_avx2_blocks_hibit QWORD 16777216, 16777216,
+    16777216, 16777216
+ptr_L_poly1305_avx2_blocks_hibit QWORD L_poly1305_avx2_blocks_hibit
+_DATA ENDS
+_text SEGMENT READONLY PARA
+poly1305_blocks_avx2 PROC
+        push	r12
+        push	rdi
+        push	rsi
+        push	rbx
+        push	r13
+        push	r14
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	rdx, r8
+        sub	rsp, 480
+        vmovdqu	OWORD PTR [rsp+320], xmm6
+        vmovdqu	OWORD PTR [rsp+336], xmm7
+        vmovdqu	OWORD PTR [rsp+352], xmm8
+        vmovdqu	OWORD PTR [rsp+368], xmm9
+        vmovdqu	OWORD PTR [rsp+384], xmm10
+        vmovdqu	OWORD PTR [rsp+400], xmm11
+        vmovdqu	OWORD PTR [rsp+416], xmm12
+        vmovdqu	OWORD PTR [rsp+432], xmm13
+        vmovdqu	OWORD PTR [rsp+448], xmm14
+        vmovdqu	OWORD PTR [rsp+464], xmm15
+        mov	r13, QWORD PTR [ptr_L_poly1305_avx2_blocks_mask]
+        mov	r14, QWORD PTR [ptr_L_poly1305_avx2_blocks_hibit]
+        mov	rcx, rsp
+        and	rcx, -32
+        add	rcx, 32
+        vpxor	ymm15, ymm15, ymm15
+        mov	rbx, rcx
+        lea	rax, QWORD PTR [rdi+64]
+        add	rbx, 160
+        cmp	WORD PTR [rdi+616], 0
+        jne	L_poly1305_avx2_blocks_begin_h
+        ; Load the message data
+        vmovdqu	ymm0, YMMWORD PTR [rsi]
+        vmovdqu	ymm1, YMMWORD PTR [rsi+32]
+        vperm2i128	ymm2, ymm0, ymm1, 32
+        vperm2i128	ymm0, ymm0, ymm1, 49
+        vpunpckldq	ymm1, ymm2, ymm0
+        vpunpckhdq	ymm3, ymm2, ymm0
+        vpunpckldq	ymm0, ymm1, ymm15
+        vpunpckhdq	ymm1, ymm1, ymm15
+        vpunpckldq	ymm2, ymm3, ymm15
+        vpunpckhdq	ymm3, ymm3, ymm15
+        vmovdqu	ymm4, YMMWORD PTR [r14]
+        vpsllq	ymm1, ymm1, 6
+        vpsllq	ymm2, ymm2, 12
+        vpsllq	ymm3, ymm3, 18
+        vmovdqu	ymm14, YMMWORD PTR [r13]
+        ; Reduce, in place, the message data
+        vpsrlq	ymm10, ymm0, 26
+        vpsrlq	ymm11, ymm3, 26
+        vpand	ymm0, ymm0, ymm14
+        vpand	ymm3, ymm3, ymm14
+        vpaddq	ymm1, ymm10, ymm1
+        vpaddq	ymm4, ymm11, ymm4
+        vpsrlq	ymm10, ymm1, 26
+        vpsrlq	ymm11, ymm4, 26
+        vpand	ymm1, ymm1, ymm14
+        vpand	ymm4, ymm4, ymm14
+        vpaddq	ymm2, ymm10, ymm2
+        vpslld	ymm12, ymm11, 2
+        vpaddd	ymm12, ymm11, ymm12
+        vpsrlq	ymm10, ymm2, 26
+        vpaddq	ymm0, ymm12, ymm0
+        vpsrlq	ymm11, ymm0, 26
+        vpand	ymm2, ymm2, ymm14
+        vpand	ymm0, ymm0, ymm14
+        vpaddq	ymm3, ymm10, ymm3
+        vpaddq	ymm1, ymm11, ymm1
+        vpsrlq	ymm10, ymm3, 26
+        vpand	ymm3, ymm3, ymm14
+        vpaddq	ymm4, ymm10, ymm4
+        add	rsi, 64
+        sub	rdx, 64
+        jz	L_poly1305_avx2_blocks_store
+        jmp	L_poly1305_avx2_blocks_load_r4
+L_poly1305_avx2_blocks_begin_h:
+        ; Load the H values.
+        vmovdqu	ymm0, YMMWORD PTR [rax]
+        vmovdqu	ymm1, YMMWORD PTR [rax+32]
+        vmovdqu	ymm2, YMMWORD PTR [rax+64]
+        vmovdqu	ymm3, YMMWORD PTR [rax+96]
+        vmovdqu	ymm4, YMMWORD PTR [rax+128]
+        ; Check if there is a power of r to load - otherwise use r^4.
+        cmp	BYTE PTR [rdi+616], 0
+        je	L_poly1305_avx2_blocks_load_r4
+        ; Load the 4 powers of r - r^4, r^3, r^2, r^1.
+        vmovdqu	ymm8, YMMWORD PTR [rdi+224]
+        vmovdqu	ymm7, YMMWORD PTR [rdi+256]
+        vmovdqu	ymm6, YMMWORD PTR [rdi+288]
+        vmovdqu	ymm5, YMMWORD PTR [rdi+320]
+        vpermq	ymm5, ymm5, 216
+        vpermq	ymm6, ymm6, 216
+        vpermq	ymm7, ymm7, 216
+        vpermq	ymm8, ymm8, 216
+        vpunpcklqdq	ymm10, ymm5, ymm6
+        vpunpckhqdq	ymm11, ymm5, ymm6
+        vpunpcklqdq	ymm12, ymm7, ymm8
+        vpunpckhqdq	ymm13, ymm7, ymm8
+        vperm2i128	ymm5, ymm10, ymm12, 32
+        vperm2i128	ymm7, ymm10, ymm12, 49
+        vperm2i128	ymm9, ymm11, ymm13, 32
+        vpsrlq	ymm6, ymm5, 32
+        vpsrlq	ymm8, ymm7, 32
+        jmp	L_poly1305_avx2_blocks_mul_5
+L_poly1305_avx2_blocks_load_r4:
+        ; Load r^4 into all four positions.
+        vmovdqu	ymm13, YMMWORD PTR [rdi+320]
+        vpermq	ymm5, ymm13, 0
+        vpsrlq	ymm14, ymm13, 32
+        vpermq	ymm7, ymm13, 85
+        vpermq	ymm9, ymm13, 170
+        vpermq	ymm6, ymm14, 0
+        vpermq	ymm8, ymm14, 85
+L_poly1305_avx2_blocks_mul_5:
+        ; Multiply top 4 26-bit values of all four H by 5
+        vpslld	ymm10, ymm6, 2
+        vpslld	ymm11, ymm7, 2
+        vpslld	ymm12, ymm8, 2
+        vpslld	ymm13, ymm9, 2
+        vpaddq	ymm10, ymm6, ymm10
+        vpaddq	ymm11, ymm7, ymm11
+        vpaddq	ymm12, ymm8, ymm12
+        vpaddq	ymm13, ymm9, ymm13
+        ; Store powers of r and multiple of 5 for use in multiply.
+        vmovdqa	YMMWORD PTR [rbx], ymm10
+        vmovdqa	YMMWORD PTR [rbx+32], ymm11
+        vmovdqa	YMMWORD PTR [rbx+64], ymm12
+        vmovdqa	YMMWORD PTR [rbx+96], ymm13
+        vmovdqa	YMMWORD PTR [rcx], ymm5
+        vmovdqa	YMMWORD PTR [rcx+32], ymm6
+        vmovdqa	YMMWORD PTR [rcx+64], ymm7
+        vmovdqa	YMMWORD PTR [rcx+96], ymm8
+        vmovdqa	YMMWORD PTR [rcx+128], ymm9
+        vmovdqu	ymm14, YMMWORD PTR [r13]
+        ; If not finished then loop over data
+        cmp	BYTE PTR [rdi+616], 1
+        jne	L_poly1305_avx2_blocks_start
+        ; Do last multiply, reduce, add the four H together and move to
+        ; 32-bit registers
+        vpmuludq	ymm5, ymm4, [rbx]
+        vpmuludq	ymm10, ymm3, [rbx+32]
+        vpmuludq	ymm6, ymm4, [rbx+32]
+        vpmuludq	ymm11, ymm3, [rbx+64]
+        vpmuludq	ymm7, ymm4, [rbx+64]
+        vpaddq	ymm5, ymm10, ymm5
+        vpmuludq	ymm12, ymm2, [rbx+64]
+        vpmuludq	ymm8, ymm4, [rbx+96]
+        vpaddq	ymm6, ymm11, ymm6
+        vpmuludq	ymm13, ymm1, [rbx+96]
+        vpmuludq	ymm10, ymm2, [rbx+96]
+        vpaddq	ymm5, ymm12, ymm5
+        vpmuludq	ymm11, ymm3, [rbx+96]
+        vpmuludq	ymm12, ymm3, [rcx]
+        vpaddq	ymm5, ymm13, ymm5
+        vpmuludq	ymm9, ymm4, [rcx]
+        vpaddq	ymm6, ymm10, ymm6
+        vpmuludq	ymm13, ymm0, [rcx]
+        vpaddq	ymm7, ymm11, ymm7
+        vpmuludq	ymm10, ymm1, [rcx]
+        vpaddq	ymm8, ymm12, ymm8
+        vpmuludq	ymm11, ymm2, [rcx]
+        vpmuludq	ymm12, ymm2, [rcx+32]
+        vpaddq	ymm5, ymm13, ymm5
+        vpmuludq	ymm13, ymm3, [rcx+32]
+        vpaddq	ymm6, ymm10, ymm6
+        vpmuludq	ymm10, ymm0, [rcx+32]
+        vpaddq	ymm7, ymm11, ymm7
+        vpmuludq	ymm11, ymm1, [rcx+32]
+        vpaddq	ymm8, ymm12, ymm8
+        vpmuludq	ymm12, ymm1, [rcx+64]
+        vpaddq	ymm9, ymm13, ymm9
+        vpmuludq	ymm13, ymm2, [rcx+64]
+        vpaddq	ymm6, ymm10, ymm6
+        vpmuludq	ymm10, ymm0, [rcx+64]
+        vpaddq	ymm7, ymm11, ymm7
+        vpmuludq	ymm11, ymm0, [rcx+96]
+        vpaddq	ymm8, ymm12, ymm8
+        vpmuludq	ymm12, ymm1, [rcx+96]
+        vpaddq	ymm9, ymm13, ymm9
+        vpaddq	ymm7, ymm10, ymm7
+        vpmuludq	ymm13, ymm0, [rcx+128]
+        vpaddq	ymm8, ymm11, ymm8
+        vpaddq	ymm9, ymm12, ymm9
+        vpaddq	ymm9, ymm13, ymm9
+        vpsrlq	ymm10, ymm5, 26
+        vpsrlq	ymm11, ymm8, 26
+        vpand	ymm5, ymm5, ymm14
+        vpand	ymm8, ymm8, ymm14
+        vpaddq	ymm6, ymm10, ymm6
+        vpaddq	ymm9, ymm11, ymm9
+        vpsrlq	ymm10, ymm6, 26
+        vpsrlq	ymm11, ymm9, 26
+        vpand	ymm1, ymm6, ymm14
+        vpand	ymm4, ymm9, ymm14
+        vpaddq	ymm7, ymm10, ymm7
+        vpslld	ymm12, ymm11, 2
+        vpaddd	ymm12, ymm11, ymm12
+        vpsrlq	ymm10, ymm7, 26
+        vpaddq	ymm5, ymm12, ymm5
+        vpsrlq	ymm11, ymm5, 26
+        vpand	ymm2, ymm7, ymm14
+        vpand	ymm0, ymm5, ymm14
+        vpaddq	ymm8, ymm10, ymm8
+        vpaddq	ymm1, ymm11, ymm1
+        vpsrlq	ymm10, ymm8, 26
+        vpand	ymm3, ymm8, ymm14
+        vpaddq	ymm4, ymm10, ymm4
+        vpsrldq	ymm5, ymm0, 8
+        vpsrldq	ymm6, ymm1, 8
+        vpsrldq	ymm7, ymm2, 8
+        vpsrldq	ymm8, ymm3, 8
+        vpsrldq	ymm9, ymm4, 8
+        vpaddq	ymm0, ymm5, ymm0
+        vpaddq	ymm1, ymm6, ymm1
+        vpaddq	ymm2, ymm7, ymm2
+        vpaddq	ymm3, ymm8, ymm3
+        vpaddq	ymm4, ymm9, ymm4
+        vpermq	ymm5, ymm0, 2
+        vpermq	ymm6, ymm1, 2
+        vpermq	ymm7, ymm2, 2
+        vpermq	ymm8, ymm3, 2
+        vpermq	ymm9, ymm4, 2
+        vpaddq	ymm0, ymm5, ymm0
+        vpaddq	ymm1, ymm6, ymm1
+        vpaddq	ymm2, ymm7, ymm2
+        vpaddq	ymm3, ymm8, ymm3
+        vpaddq	ymm4, ymm9, ymm4
+        vmovd	r8d, xmm0
+        vmovd	r9d, xmm1
+        vmovd	r10d, xmm2
+        vmovd	r11d, xmm3
+        vmovd	r12d, xmm4
+        jmp	L_poly1305_avx2_blocks_end_calc
+L_poly1305_avx2_blocks_start:
+        vmovdqu	ymm5, YMMWORD PTR [rsi]
+        vmovdqu	ymm6, YMMWORD PTR [rsi+32]
+        vperm2i128	ymm7, ymm5, ymm6, 32
+        vperm2i128	ymm5, ymm5, ymm6, 49
+        vpunpckldq	ymm6, ymm7, ymm5
+        vpunpckhdq	ymm8, ymm7, ymm5
+        vpunpckldq	ymm5, ymm6, ymm15
+        vpunpckhdq	ymm6, ymm6, ymm15
+        vpunpckldq	ymm7, ymm8, ymm15
+        vpunpckhdq	ymm8, ymm8, ymm15
+        vmovdqu	ymm9, YMMWORD PTR [r14]
+        vpsllq	ymm6, ymm6, 6
+        vpsllq	ymm7, ymm7, 12
+        vpsllq	ymm8, ymm8, 18
+        vpmuludq	ymm10, ymm4, [rbx]
+        vpaddq	ymm5, ymm10, ymm5
+        vpmuludq	ymm10, ymm3, [rbx+32]
+        vpmuludq	ymm11, ymm4, [rbx+32]
+        vpaddq	ymm6, ymm11, ymm6
+        vpmuludq	ymm11, ymm3, [rbx+64]
+        vpmuludq	ymm12, ymm4, [rbx+64]
+        vpaddq	ymm7, ymm12, ymm7
+        vpaddq	ymm5, ymm10, ymm5
+        vpmuludq	ymm12, ymm2, [rbx+64]
+        vpmuludq	ymm13, ymm4, [rbx+96]
+        vpaddq	ymm8, ymm13, ymm8
+        vpaddq	ymm6, ymm11, ymm6
+        vpmuludq	ymm13, ymm1, [rbx+96]
+        vpmuludq	ymm10, ymm2, [rbx+96]
+        vpaddq	ymm5, ymm12, ymm5
+        vpmuludq	ymm11, ymm3, [rbx+96]
+        vpmuludq	ymm12, ymm3, [rcx]
+        vpaddq	ymm5, ymm13, ymm5
+        vpmuludq	ymm13, ymm4, [rcx]
+        vpaddq	ymm9, ymm13, ymm9
+        vpaddq	ymm6, ymm10, ymm6
+        vpmuludq	ymm13, ymm0, [rcx]
+        vpaddq	ymm7, ymm11, ymm7
+        vpmuludq	ymm10, ymm1, [rcx]
+        vpaddq	ymm8, ymm12, ymm8
+        vpmuludq	ymm11, ymm2, [rcx]
+        vpmuludq	ymm12, ymm2, [rcx+32]
+        vpaddq	ymm5, ymm13, ymm5
+        vpmuludq	ymm13, ymm3, [rcx+32]
+        vpaddq	ymm6, ymm10, ymm6
+        vpmuludq	ymm10, ymm0, [rcx+32]
+        vpaddq	ymm7, ymm11, ymm7
+        vpmuludq	ymm11, ymm1, [rcx+32]
+        vpaddq	ymm8, ymm12, ymm8
+        vpmuludq	ymm12, ymm1, [rcx+64]
+        vpaddq	ymm9, ymm13, ymm9
+        vpmuludq	ymm13, ymm2, [rcx+64]
+        vpaddq	ymm6, ymm10, ymm6
+        vpmuludq	ymm10, ymm0, [rcx+64]
+        vpaddq	ymm7, ymm11, ymm7
+        vpmuludq	ymm11, ymm0, [rcx+96]
+        vpaddq	ymm8, ymm12, ymm8
+        vpmuludq	ymm12, ymm1, [rcx+96]
+        vpaddq	ymm9, ymm13, ymm9
+        vpaddq	ymm7, ymm10, ymm7
+        vpmuludq	ymm13, ymm0, [rcx+128]
+        vpaddq	ymm8, ymm11, ymm8
+        vpaddq	ymm9, ymm12, ymm9
+        vpaddq	ymm9, ymm13, ymm9
+        vpsrlq	ymm10, ymm5, 26
+        vpsrlq	ymm11, ymm8, 26
+        vpand	ymm5, ymm5, ymm14
+        vpand	ymm8, ymm8, ymm14
+        vpaddq	ymm6, ymm10, ymm6
+        vpaddq	ymm9, ymm11, ymm9
+        vpsrlq	ymm10, ymm6, 26
+        vpsrlq	ymm11, ymm9, 26
+        vpand	ymm1, ymm6, ymm14
+        vpand	ymm4, ymm9, ymm14
+        vpaddq	ymm7, ymm10, ymm7
+        vpslld	ymm12, ymm11, 2
+        vpaddd	ymm12, ymm11, ymm12
+        vpsrlq	ymm10, ymm7, 26
+        vpaddq	ymm5, ymm12, ymm5
+        vpsrlq	ymm11, ymm5, 26
+        vpand	ymm2, ymm7, ymm14
+        vpand	ymm0, ymm5, ymm14
+        vpaddq	ymm8, ymm10, ymm8
+        vpaddq	ymm1, ymm11, ymm1
+        vpsrlq	ymm10, ymm8, 26
+        vpand	ymm3, ymm8, ymm14
+        vpaddq	ymm4, ymm10, ymm4
+        add	rsi, 64
+        sub	rdx, 64
+        jnz	L_poly1305_avx2_blocks_start
+L_poly1305_avx2_blocks_store:
+        ; Store four H values - state
+        vmovdqu	YMMWORD PTR [rax], ymm0
+        vmovdqu	YMMWORD PTR [rax+32], ymm1
+        vmovdqu	YMMWORD PTR [rax+64], ymm2
+        vmovdqu	YMMWORD PTR [rax+96], ymm3
+        vmovdqu	YMMWORD PTR [rax+128], ymm4
+L_poly1305_avx2_blocks_end_calc:
+        cmp	BYTE PTR [rdi+616], 0
+        je	L_poly1305_avx2_blocks_complete
+        mov	rax, r8
+        mov	rdx, r10
+        mov	rcx, r12
+        shr	rdx, 12
+        shr	rcx, 24
+        shl	r9, 26
+        shl	r10, 52
+        shl	r11, 14
+        shl	r12, 40
+        add	rax, r9
+        adc	rax, r10
+        adc	rdx, r11
+        adc	rdx, r12
+        adc	rcx, 0
+        mov	r8, rcx
+        and	rcx, 3
+        shr	r8, 2
+        lea	r8, QWORD PTR [r8+4*r8+0]
+        add	rax, r8
+        adc	rdx, 0
+        adc	rcx, 0
+        mov	QWORD PTR [rdi+24], rax
+        mov	QWORD PTR [rdi+32], rdx
+        mov	QWORD PTR [rdi+40], rcx
+L_poly1305_avx2_blocks_complete:
+        mov	BYTE PTR [rdi+617], 1
+        vzeroupper
+        vmovdqu	xmm6, OWORD PTR [rsp+320]
+        vmovdqu	xmm7, OWORD PTR [rsp+336]
+        vmovdqu	xmm8, OWORD PTR [rsp+352]
+        vmovdqu	xmm9, OWORD PTR [rsp+368]
+        vmovdqu	xmm10, OWORD PTR [rsp+384]
+        vmovdqu	xmm11, OWORD PTR [rsp+400]
+        vmovdqu	xmm12, OWORD PTR [rsp+416]
+        vmovdqu	xmm13, OWORD PTR [rsp+432]
+        vmovdqu	xmm14, OWORD PTR [rsp+448]
+        vmovdqu	xmm15, OWORD PTR [rsp+464]
+        add	rsp, 480
+        pop	r14
+        pop	r13
+        pop	rbx
+        pop	rsi
+        pop	rdi
+        pop	r12
+        ret
+poly1305_blocks_avx2 ENDP
+_text ENDS
+_text SEGMENT READONLY PARA
+poly1305_final_avx2 PROC
+        push	rdi
+        push	rsi
+        mov	rdi, rcx
+        mov	rsi, rdx
+        mov	BYTE PTR [rdi+616], 1
+        mov	cl, BYTE PTR [rdi+617]
+        cmp	cl, 0
+        je	L_poly1305_avx2_final_done_blocks_X4
+        push	rsi
+        mov	r8, 64
+        xor	rdx, rdx
+        mov	rcx, rdi
+        call	poly1305_blocks_avx2
+        pop	rsi
+L_poly1305_avx2_final_done_blocks_X4:
+        mov	rax, QWORD PTR [rdi+608]
+        mov	rcx, rax
+        and	rcx, -16
+        cmp	cl, 0
+        je	L_poly1305_avx2_final_done_blocks
+        push	rcx
+        push	rax
+        push	rsi
+        mov	r8, rcx
+        lea	rdx, QWORD PTR [rdi+480]
+        mov	rcx, rdi
+        call	poly1305_blocks_avx
+        pop	rsi
+        pop	rax
+        pop	rcx
+L_poly1305_avx2_final_done_blocks:
+        sub	QWORD PTR [rdi+608], rcx
+        xor	rdx, rdx
+        jmp	L_poly1305_avx2_final_cmp_copy
+L_poly1305_avx2_final_start_copy:
+        mov	r8b, BYTE PTR [rdi+rcx+480]
+        mov	BYTE PTR [rdi+rdx+480], r8b
+        inc	cl
+        inc	dl
+L_poly1305_avx2_final_cmp_copy:
+        cmp	al, cl
+        jne	L_poly1305_avx2_final_start_copy
+        mov	rcx, rdi
+        mov	rdx, rsi
+        call	poly1305_final_avx
+        vpxor	ymm0, ymm0, ymm0
+        vmovdqu	YMMWORD PTR [rdi+64], ymm0
+        vmovdqu	YMMWORD PTR [rdi+96], ymm0
+        vmovdqu	YMMWORD PTR [rdi+128], ymm0
+        vmovdqu	YMMWORD PTR [rdi+160], ymm0
+        vmovdqu	YMMWORD PTR [rdi+192], ymm0
+        vmovdqu	YMMWORD PTR [rdi+224], ymm0
+        vmovdqu	YMMWORD PTR [rdi+256], ymm0
+        vmovdqu	YMMWORD PTR [rdi+288], ymm0
+        vmovdqu	YMMWORD PTR [rdi+320], ymm0
+        mov	QWORD PTR [rdi+608], 0
+        mov	WORD PTR [rdi+616], 0
+        vzeroupper
+        pop	rsi
+        pop	rdi
+        ret
+poly1305_final_avx2 ENDP
+_text ENDS
+ENDIF
+END
diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md
index 5d2fa27e0..3c27d8373 100644
--- a/wolfcrypt/src/port/Espressif/README.md
+++ b/wolfcrypt/src/port/Espressif/README.md
@@ -12,20 +12,20 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric
 
 ## ESP32 Acceleration
 
-More details about ESP32 HW Accelerationcan be found in:
+More details about ESP32 HW Acceleration can be found in:
 
-* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf)
-* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf)
-* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf)
-* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf)
-* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf)
-* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf)
-* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf)
+* `esp32_technical_reference_manual_en.pdf`
+* `esp32-s2_technical_reference_manual_en.pdf`
+* `esp32-s3_technical_reference_manual_en.pdf`
+* `esp8684_technical_reference_manual_en.pdf`
+* `esp32-c3_technical_reference_manual_en.pdf`
+* `esp32-c6_technical_reference_manual_en.pdf`
+* `esp32-h2_technical_reference_manual_en.pdf`
 
 ### Building
 
 Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples).
-See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl).
+See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
 
 Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component
 `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h).
@@ -70,6 +70,29 @@ To view disassembly, add `__attribute__((section(".iram1")))` decorator. Foe exa
 static int __attribute__((section(".iram1"))) memblock_peek(volatile u_int32_t mem_address)
 ```
 
+### VisualGDB
+
+Each project example has a `VisuaGDB` directory with sample project files for [Sysprogs VisualGDB](https://visualgdb.com).
+
+For installing multiple toolchains, see the [documentation](https://visualgdb.com/documentation/espidf/).
+
+The library naming format used at wolfSSL:
+
+```
+HKEY_CURRENT_USER\Software\Sysprogs\GNUToolchains
+```
+
+| Registry String Value Name       | Value Data             |
+| -------------------------------- |----------------------- |
+| `SysGCC-xtensa-lx106-elf-8.4.0`  | `C:\SysGCC\esp8266`    |
+| `SysGCC-xtensa-esp32-elf-8.4.0`  | `C:\SysGCC\esp32-8.4`  |
+| `SysGCC-xtensa-esp32-elf-13.2.0` | `C:\SysGCC\esp32`      |
+| `SysGCC-xtensa-esp32-elf-12.4.0` | `C:\SysGCC\esp32-12.4` |
+| `SysGCC-xtensa-esp32-elf-11.2.0` | `C:\SysGCC\esp32-11.2` |
+
+Note the latest toolchain value is the default install name of `C:\SysGCC\esp32`.
+
+
 ### Benchmarks
 
 w/ `USE_FAST_MATH` and `WOLFSSL_SMALL_STACK` options
@@ -137,10 +160,10 @@ ECDSA    256 sign            4 ops took 1.101 sec, avg 275.250 ms, 3.633 ops/sec
 ECDSA    256 verify          2 ops took 1.092 sec, avg 546.000 ms, 1.832 ops/sec
 ```
 
-Condition  :  
-- Model    : ESP32-WROOM-32  
-- CPU Speed: 240Mhz  
-- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+Condition  :
+- Model    : ESP32-WROOM-32
+- CPU Speed: 240Mhz
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)
 - OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)
 
 ## Support
diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c
index 84211ee26..b1479de33 100644
--- a/wolfcrypt/src/port/Espressif/esp32_aes.c
+++ b/wolfcrypt/src/port/Espressif/esp32_aes.c
@@ -1,6 +1,6 @@
 /* esp32_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,6 +48,9 @@ static const char* TAG = "wolf_hw_aes";
 /* mutex */
 static wolfSSL_Mutex aes_mutex;
 
+/* Maximum time to wait for AES HW in FreeRTOS ticks */
+#define WOLFSSL_AES_MUTEX_WAIT 5000
+
 /* keep track as to whether esp aes is initialized */
 static int espaes_CryptHwMutexInit = 0;
 
@@ -86,7 +89,13 @@ static int esp_aes_hw_InUse(void)
          * of esp_CryptHwMutexLock(&aes_mutex ...) in code  */
         /* TODO - do we really want to wait?
          *    probably not */
-        ret = esp_CryptHwMutexLock(&aes_mutex, portMAX_DELAY);
+        ret = esp_CryptHwMutexLock(&aes_mutex, WOLFSSL_AES_MUTEX_WAIT);
+        if (ret == ESP_OK) {
+            ESP_LOGV(TAG, "esp_CryptHwMutexLock aes success");
+        }
+        else {
+            ESP_LOGW(TAG, "esp_CryptHwMutexLock aes timeout! %d", ret);
+        }
     }
     else {
         ESP_LOGE(TAG, "aes engine lock failed.");
@@ -505,9 +514,9 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     int ret;
     int i;
     int offset = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     byte *iv;
-    byte temp_block[AES_BLOCK_SIZE];
+    byte temp_block[WC_AES_BLOCK_SIZE];
 
     ESP_LOGV(TAG, "enter wc_esp32AesCbcEncrypt");
 
@@ -524,19 +533,19 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if (ret == ESP_OK) {
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             /* XOR block with IV for CBC */
-            for (i = 0; i < AES_BLOCK_SIZE; i++) {
+            for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
                 temp_block[i] ^= iv[i];
             }
 
             esp_aes_bk(temp_block, (out + offset));
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
 
             /* store IV for next block */
-            XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(iv, out + offset - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         } /* while (blocks--) */
     } /* if Set Mode successful (ret == ESP_OK) */
 
@@ -564,9 +573,9 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     int i;
     int offset = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     byte* iv;
-    byte temp_block[AES_BLOCK_SIZE];
+    byte temp_block[WC_AES_BLOCK_SIZE];
 
     ESP_LOGV(TAG, "enter wc_esp32AesCbcDecrypt");
 
@@ -583,23 +592,23 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if (ret == ESP_OK) {
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             esp_aes_bk((in + offset), (out + offset));
 
             /* XOR block with IV for CBC */
-            for (i = 0; i < AES_BLOCK_SIZE; i++) {
+            for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
                 (out + offset)[i] ^= iv[i];
             }
 
             /* store IV for next block */
-            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
         } /* while (blocks--) */
+        esp_aes_hw_Leave();
     } /* if Set Mode was successful (ret == ESP_OK) */
 
-    esp_aes_hw_Leave();
     ESP_LOGV(TAG, "leave wc_esp32AesCbcDecrypt");
     return ret;
 } /* wc_esp32AesCbcDecrypt */
@@ -628,7 +637,7 @@ int esp_hw_show_aes_metrics(void)
 #if defined(WOLFSSL_HW_METRICS)
 
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics----------------");
+    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW AES Metrics  -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
     ESP_LOGI(TAG, "esp_aes_unsupported_length_usage_ct = %lu",
diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c
index 20fb4ee9e..dbfd13342 100644
--- a/wolfcrypt/src/port/Espressif/esp32_mp.c
+++ b/wolfcrypt/src/port/Espressif/esp32_mp.c
@@ -1,6 +1,6 @@
 /* esp32_mp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,19 +23,18 @@
  * See ESP32 Technical Reference Manual - RSA Accelerator Chapter
  *
  * esp_mp_exptmod()  Large Number Modular Exponentiation Z = X^Y mod M
- * esp_mp_mulmod()   Large Number Modular Multiplication Z = X × Y mod M
- * esp_mp_mul()      Large Number Multiplication         Z = X × Y
+ * esp_mp_mulmod()   Large Number Modular Multiplication Z = X * Y mod M
+ * esp_mp_mul()      Large Number Multiplication         Z = X * Y
  *
  * The ESP32 RSA Accelerator supports operand lengths of:
- * N ∈ {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits. The bit length
+ * N in {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits. The bit length
  * of arguments Z, X, Y , M, and r can be any one from the N set, but all
  * numbers in a calculation must be of the same length.
  *
- * The bit length of M′ is always 32.
+ * The bit length of M' is always 32.
  *
  * Also, beware: "we have uint32_t == unsigned long for both Xtensa and RISC-V"
  * see https://github.com/espressif/esp-idf/issues/9511#issuecomment-1207342464
- * https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/release-5.x/5.0/gcc.html
  */
 
 #ifdef HAVE_CONFIG_H
@@ -69,9 +68,70 @@
     #include <freertos/semphr.h>
 #endif
 
-#define ESP_HW_RSAMAX_BIT           4096
-#define ESP_HW_MULTI_RSAMAX_BITS    2048
 #define ESP_HW_RSAMIN_BIT           512
+#define ESP_HW_RSAMAX_BIT           4096
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* See 24.3.2 Large Number Modular Exponentiation:
+     *     esp32_technical_reference_manual_en.pdf
+     * The RSA Accelerator supports specific operand lengths of N
+     * {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits
+     *
+     * 24.3.4 Large Number Multiplication
+     * The length of Z is twice that of X and Y . Therefore, the RSA Accelerator
+     * supports large-number multiplication with only four operand lengths of
+     * N in {512, 1024, 1536, 2048} */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* See 18.3.1 Large Number Modular Exponentiation
+     *     esp32-s2_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 128 = 4096 */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* See 20.3.1 Large Number Modular Exponentiation
+     *     esp32-s3_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 128 = 4096 */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* See 20.3.1 Large Number Modular Exponentiation
+     *     esp32-c3_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 96 = 3072 */
+    #define ESP_HW_MOD_RSAMAX_BITS      3072
+    /* The length of result Z is twice that of operand X and operand Y.
+     * Therefore, the RSA accelerator only supports large-number multiplication
+     * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}.
+     * 32 * (96/2) = 32 * (48/2) = 1536 */
+    #define ESP_HW_MULTI_RSAMAX_BITS    1536
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* See 22.3.1 Large-number Modular Exponentiation
+     *   esp32-c6_technical_reference_manual_en.pdf
+     * The RSA accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 96 = 3072 */
+    #define ESP_HW_MOD_RSAMAX_BITS      3072
+    /* The length of result Z is twice that of operand X and operand Y.
+     * Therefore, the RSA accelerator only supports large-number multiplication
+     * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}.
+     * 32 * (96/2) = 32 * (48/2) = 1536 */
+    #define ESP_HW_MULTI_RSAMAX_BITS    1536
+#else
+    /* No HW on ESP8266, but then we'll not even use this lib.
+     * Other ESP32 devices not implemented: */
+    #define ESP_HW_MOD_RSAMAX_BITS      0
+    #define ESP_HW_MULTI_RSAMAX_BITS    0
+#endif
 
 /* (s+(4-1))/ 4    */
 #define BYTE_TO_WORDS(s)            (((s+3)>>2))
@@ -81,6 +141,7 @@
 
 #define BITS_IN_ONE_WORD            32
 
+/* Some minimum operand sizes, fall back to SW if too small: */
 #ifndef ESP_RSA_MULM_BITS
     #define ESP_RSA_MULM_BITS 16
 #endif
@@ -93,8 +154,18 @@
     #define ESP_RSA_EXPT_YBITS 8
 #endif
 
+/* RSA math calculation timeout */
+#ifndef ESP_RSA_TIMEOUT_CNT
+    #define ESP_RSA_TIMEOUT_CNT 0x5000000
+#endif
 #define ESP_TIMEOUT(cnt)         (cnt >= ESP_RSA_TIMEOUT_CNT)
 
+/* Hardware Ready Timeout */
+#ifndef ESP_RSA_WAIT_TIMEOUT_CNT
+    #define ESP_RSA_WAIT_TIMEOUT_CNT 0x20
+#endif
+#define ESP_WAIT_TIMEOUT(cnt)    (cnt >= ESP_RSA_WAIT_TIMEOUT_CNT)
+
 #if defined(CONFIG_IDF_TARGET_ESP32C3)
     #include <soc/system_reg.h>
     #include <soc/hwcrypto_reg.h>
@@ -142,33 +213,42 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED;
 #ifdef WOLFSSL_HW_METRICS
         static unsigned long esp_mp_max_used = 0;
 
-        static unsigned long esp_mp_mulmod_small_x_ct = 0;
-        static unsigned long esp_mp_mulmod_small_y_ct = 0;
-
-        static unsigned long esp_mp_max_timeout = 0;
+        static unsigned long esp_mp_max_timeout = 0; /* Calc duration */
+        static unsigned long esp_mp_max_wait_timeout; /* HW wait duration */
 
+    /* HW Multiplication Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
         static unsigned long esp_mp_mul_usage_ct = 0;
         static unsigned long esp_mp_mul_error_ct = 0;
+        static unsigned long esp_mp_mul_tiny_ct = 0;
+        static unsigned long esp_mp_mul_max_exceeded_ct = 0;
     #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
 
+    /* HW Modular Multiplication Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+        static unsigned long esp_mp_mulmod_small_x_ct = 0;
+        static unsigned long esp_mp_mulmod_small_y_ct = 0;
+        static unsigned long esp_mp_mulmod_max_exceeded_ct = 0;
         static unsigned long esp_mp_mulmod_usage_ct = 0;
         static unsigned long esp_mp_mulmod_fallback_ct = 0;
         static unsigned long esp_mp_mulmod_even_mod_ct = 0;
         static unsigned long esp_mp_mulmod_error_ct = 0;
-    #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
+     #endif
 
+    /* HW Modular Exponentiation Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
         static unsigned long esp_mp_exptmod_usage_ct = 0;
         static unsigned long esp_mp_exptmod_error_ct = 0;
+        static unsigned long esp_mp_exptmod_max_exceeded_ct = 0;
         static unsigned long esp_mp_exptmod_fallback_ct = 0;
     #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
-#endif
+#endif /* WOLFSSL_HW_METRICS */
 
 /* mutex */
 #ifdef SINGLE_THREADED
-    int single_thread_locked = 0;
+    /* Although freeRTOS is multithreaded, if we know we'll only be in
+     * a single thread for wolfSSL, we can avoid the complexity of mutexes. */
+    static int single_thread_locked = 0;
 #else
     static wolfSSL_Mutex mp_mutex;
     static int espmp_CryptHwMutexInit = 0;
@@ -185,7 +265,7 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED;
 * check if the HW is ready before accessing it
 *
 * See 24.3.1 Initialization of ESP32 Technical Reference Manual
-* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
+*   esp32_technical_reference_manual_en.pdf
 *
 * The RSA Accelerator is activated by enabling the corresponding peripheral
 * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG
@@ -238,14 +318,23 @@ static int esp_mp_hw_wait_clean(void)
     /* no HW timeout if we don't know the platform. assumes no HW */
 #endif
 
-    #if defined(WOLFSSL_HW_METRICS)
-    {
-        esp_mp_max_timeout = (timeout > esp_mp_max_timeout) ? timeout :
-                                                        esp_mp_max_timeout;
+#if defined(WOLFSSL_HW_METRICS)
+    /* The wait timeout is separate from the overall max calc timeout. */
+    if (timeout > esp_mp_max_wait_timeout) {
+        esp_mp_max_wait_timeout = timeout;
     }
-    #endif
+    /* Also see if the overall timeout has been increased. */
+    if (timeout > esp_mp_max_timeout) {
+        esp_mp_max_timeout = timeout;
+    }
+#endif
 
     if (ESP_TIMEOUT(timeout)) {
+        /* This is highly unusual and will likely only occur in multi-threaded
+         * application. wolfSSL ctx is not thread safe. */
+    #ifndef SINGLE_THREADED
+        ESP_LOGI(TAG, "Consider #define SINGLE_THREADED. See docs");
+    #endif
         ESP_LOGE(TAG, "esp_mp_hw_wait_clean waiting HW ready timed out.");
         ret = WC_HW_WAIT_E; /* hardware is busy, MP_HW_BUSY; */
     }
@@ -293,7 +382,7 @@ static int esp_mp_hw_islocked(void)
 * Returns 0 (ESP_OK) if the HW lock was initialized and mutex lock.
 *
 * See Chapter 24:
-*  https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
+*   esp32_technical_reference_manual_en.pdf
 *
 * The RSA Accelerator is activated by enabling the corresponding peripheral
 * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG
@@ -332,8 +421,7 @@ static int esp_mp_hw_lock(void)
     if (ret == ESP_OK) {
         /* lock hardware; there should be exactly one instance
          * of esp_CryptHwMutexLock(&mp_mutex ...) in code  */
-        /* TODO - do we really want to wait?
-         *    probably not */
+
         ret = esp_CryptHwMutexLock(&mp_mutex, ESP_MP_HW_LOCK_MAX_DELAY);
         if (ret != ESP_OK) {
             ESP_LOGE(TAG, "mp engine lock failed.");
@@ -413,7 +501,7 @@ static int esp_mp_hw_lock(void)
         {
             /* Note these names are different from those in the documentation!
              *
-             * Documenation lists the same names as the ESP32-C3:
+             * Documentation lists the same names as the ESP32-C3:
              *
              * DPORT_REG_SET_BIT((volatile void *)(SYSTEM_PERIP_CLK_EN1_REG),
              *                   SYSTEM_CRYPTO_RSA_CLK_EN );
@@ -529,7 +617,9 @@ static int esp_mp_hw_unlock(void)
         ESP_LOGV(TAG, "exit esp_mp_hw_unlock");
     }
     else {
+#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         ESP_LOGW(TAG, "Warning: esp_mp_hw_unlock called when not locked.");
+#endif
     }
 
     return ret;
@@ -736,6 +826,12 @@ static int wait_until_done(word32 reg)
 
 #endif
 
+#if defined(WOLFSSL_HW_METRICS)
+    if (timeout > esp_mp_max_timeout) {
+        esp_mp_max_timeout = timeout;
+    }
+#endif
+
     if (ESP_TIMEOUT(timeout)) {
         ESP_LOGE(TAG, "rsa operation timed out.");
         ret = WC_HW_E; /* MP_HW_ERROR; */
@@ -1084,12 +1180,17 @@ int esp_mp_montgomery_init(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M,
                 mph->hwWords_sz  = words2hwords(mph->maxWords_sz);
 
                 if ((mph->hwWords_sz << 5) > ESP_HW_RSAMAX_BIT) {
+            #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) || \
+                defined(WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS)
                     ESP_LOGW(TAG, "Warning: hwWords_sz = %d (%d bits)"
                                   " exceeds HW maximum bits (%d), "
                                   " falling back to SW.",
                         mph->hwWords_sz,
                         mph->hwWords_sz << 5,
                         ESP_HW_RSAMAX_BIT);
+            #endif
+                    /* The fallback error code is expected to be handled by
+                     * caller to perform software instead. */
                     ret = MP_HW_FALLBACK;
                 } /* hwWords_sz check  */
             } /* X and Y size ok */
@@ -1285,17 +1386,34 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
     Zs = Xs + Ys;
 
     /* RSA Accelerator only supports Large Number Multiplication
-     * with operand length N = 32 × x,
-     * where x ∈ {1, 2, 3, . . . , 64} */
-    if (Xs > 64 || Ys > 64) {
-        return MP_HW_FALLBACK; /* TODO add count metric on size fallback */
+     * with certain operand lengths N = (32 * x); See above. */
+    if (Xs > ESP_HW_MULTI_RSAMAX_BITS) {
+#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+        ESP_LOGW(TAG, "mp-mul X %d bits exceeds max bit length (%d)",
+                        Xs, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
+        esp_mp_mul_max_exceeded_ct++;
+        return MP_HW_FALLBACK;
+    }
+    if (Ys > ESP_HW_MULTI_RSAMAX_BITS) {
+#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+        ESP_LOGW(TAG, "mp-mul Y %d bits exceeds max bit length (%d)",
+                        Ys, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
+        esp_mp_mul_max_exceeded_ct++;
+        return MP_HW_FALLBACK;
     }
 
-    if (Zs <= sizeof(mp_digit)*8) {
+    /* sizeof(mp_digit) is typically 4 bytes.
+     * If the total Zs fits into a 4 * 8 = 32 bit word, just do regular math: */
+    if (Zs <= sizeof(mp_digit) * 8) {
         Z->dp[0] = X->dp[0] * Y->dp[0];
         Z->used = 1;
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
         Z->sign = res_sign; /* See above mp_isneg() for negative detection */
+#endif
+#if defined(WOLFSSL_HW_METRICS)
+        esp_mp_mul_tiny_ct++;
 #endif
         return MP_OKAY;
     }
@@ -1306,13 +1424,21 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
         hwWords_sz  = words2hwords(maxWords_sz);
 
         resultWords_sz = bits2words(Xs + Ys);
-        /* sanity check */
+
+        /* Final parameter sanity check */
         if ( (hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "exceeds max bit length(2048) (a)");
-            ret = MP_HW_FALLBACK; /*  Error: value is not able to be used. */
+    #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+            ESP_LOGW(TAG, "mp-mul exceeds max bit length (%d)",
+                           ESP_HW_MULTI_RSAMAX_BITS);
+    #endif
+    #if defined(WOLFSSL_HW_METRICS)
+            esp_mp_mul_max_exceeded_ct++;
+    #endif
+            return MP_HW_FALLBACK; /*  Fallback to use SW */
         }
     }
 
+    /* If no initial exit, proceed to hardware multiplication calculations: */
 #if defined(CONFIG_IDF_TARGET_ESP32)
     /* assumed to be regular ESP32 Xtensa here */
 
@@ -1334,7 +1460,7 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Y (left-extend)
      * Accelerator supports large-number multiplication with only
-     * four operand lengths of N ∈ {512, 1024, 1536, 2048} */
+     * four operand lengths of N in {512, 1024, 1536, 2048} */
     left_pad_offset = maxWords_sz << 2;
     if (left_pad_offset <= 512 >> 3) {
         left_pad_offset = 512 >> 3; /* 64 bytes (16 words) */
@@ -1440,11 +1566,17 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Make sure we are within capabilities of hardware. */
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
-        ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "exceeds max bit length(%d)",
+                       ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
-        ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "result exceeds max bit length(%d) * 2",
+                       ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1517,21 +1649,30 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
     /* Unlike the ESP32 that is limited to only four operand lengths,
      * the ESP32-C6 The RSA Accelerator supports large-number modular
-     * multiplication with operands of 128 different lengths.
+     * multiplication with operands of 96 different lengths. (1 .. 96 words)
      *
      * X & Y must be represented by the same number of bits. Must be
-     * enough to represent the larger one. */
+     * enough to represent the larger one.
+     *
+     * Multiplication is limited to 48 different lengths (1 .. 48 words) */
 
     /* Figure out how many words we need to
      * represent each operand & the result. */
 
     /* Make sure we are within capabilities of hardware. */
+
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
-        ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "RSA mul result hwWords_sz %d exceeds max bit length %d",
+                       hwWords_sz, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
-        ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "RSA max result hwWords_sz %d exceeds max bit length %d",
+                       hwWords_sz, ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1583,10 +1724,10 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
          *    0 => no interrupt; 1 => interrupt on completion. */
         DPORT_REG_WRITE(RSA_INT_ENA_REG, 0);
         /* 2. Write number of words required for result. */
-        /* see 21.3.3 Write (/N16 − 1) to the RSA_MODE_REG register */
+        /* see 21.3.3 Write (/N16 - 1) to the RSA_MODE_REG register */
         DPORT_REG_WRITE(RSA_MODE_REG, (hwWords_sz * 2 - 1));
 
-        /* 3. Write Xi and Yi for ∈ {0, 1, . . . , n − 1} to memory blocks
+        /* 3. Write Xi and Yi for {0, 1, . . . , n - 1} to memory blocks
          * RSA_X_MEM and RSA_Z_MEM
          * Maximum is 64 words (64*8*4 = 2048 bits) */
         esp_mpint_to_memblock(RSA_X_MEM,
@@ -1627,11 +1768,15 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Make sure we are within capabilities of hardware. */
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
         ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
         ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1796,7 +1941,7 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
  *
  * See 24.3.3 of the ESP32 Technical Reference Manual
  *
- * Z = X × Y mod M */
+ * Z = X * Y mod M */
 int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 {
     struct esp_mp_helper mph[1]; /* we'll save some values in this mp helper */
@@ -1839,8 +1984,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     /* do we have an even moduli? */
     if ((M->dp[0] & 1) == 0) {
 #ifndef NO_ESP_MP_MUL_EVEN_ALT_CALC
-        /*  Z = X × Y mod M in mixed HW & SW*/
+        /*  Z = X * Y mod M in mixed HW & SW */
+    #if defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL)
+        ret = mp_mul(X, Y, tmpZ);     /* SW X * Y */
+    #else
         ret = esp_mp_mul(X, Y, tmpZ); /* HW X * Y */
+    #endif
         if (ret == MP_OKAY) {
             /* z = tmpZ mod M, 0 <= Z < M */
             ret = mp_mod(tmpZ, M, Z); /* SW mod M */
@@ -1930,17 +2079,15 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         }
         #endif
         ret = MP_HW_FALLBACK;
-        /* TODO add debug metrics */
         #ifdef WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
         {
-            ESP_LOGV(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!");
+            ESP_LOGW(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!");
         }
         #endif
     }
 
     /* lock HW for use, enable peripheral clock */
     if (ret == MP_OKAY) {
-        mulmod_lock_called = TRUE; /* Don't try to unlock unless we locked */
         #ifdef WOLFSSL_HW_METRICS
         {
             /* Only track max values when using HW */
@@ -1954,6 +2101,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         #endif
 
         ret = esp_mp_hw_lock();
+        if (ret == ESP_OK) {
+            mulmod_lock_called = TRUE; /* Don't try to unlock unless locked */
+        }
+        else {
+            ret = WC_HW_WAIT_E;
+        }
     }
 
 #if defined(CONFIG_IDF_TARGET_ESP32)
@@ -1973,13 +2126,13 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     *    or until the RSA_INTR interrupt is generated.
     *    (Or until the INTER interrupt is generated.)
     * 6. Write 1 to RSA_INTERRUPT_REG to clear the interrupt.
-    * 7. Write Yi (i ∈ [0, n) ∩ N) to RSA_X_MEM
+    * 7. Write Yi (i in [0, n) intersect N) to RSA_X_MEM
     *    Users need to write to the memory block only according to the length
     *    of the number. Data beyond this length is ignored.
     * 8. Write 1 to RSA_MULT_START_REG
     * 9. Wait for the second operation to be completed.
     *    Poll INTERRUPT_REG until it reads 1.
-    * 10. Read the Zi (i ∈ [0, n) ∩ N) from RSA_Z_MEM
+    * 10. Read the Zi (i in [0, n) intersect N) from RSA_Z_MEM
     * 11. Write 1 to RSA_INTERUPT_REG to clear the interrupt.
     *
     * post: Release the HW engine
@@ -2092,9 +2245,11 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
             ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+    #endif
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2181,9 +2336,16 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "mulmod OperandBits = %d "
+                          "result exceeds max bit length %d",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            if (mulmod_lock_called) {
+                ret = esp_mp_hw_unlock();
+            }
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2273,9 +2435,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "mp_mulmod OperandBits %d exceeds max bit length %d.",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2337,7 +2502,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
             ESP_LOGV(TAG, "Lock not called due to no-lock MP_HW_FALLBACK");
         }
         else {
-            ESP_LOGW(TAG, "Lock unexpectedly not called");
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+            ESP_LOGW(TAG, "Lock unexpectedly not called for mp_mulmod");
+    #endif
         }
     }
 
@@ -2441,14 +2608,14 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
                            esp_mp_mulmod_usage_ct);
             ESP_LOGI(TAG, "esp_mp_mulmod_error_ct = %lu failures",
                            esp_mp_mulmod_error_ct);
-            ESP_LOGI(TAG, "");
+            ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             esp_show_mp("HW Z", Z); /* this is the HW result */
             esp_show_mp("SW Z2", Z2); /* this is the SW result */
             ESP_LOGI(TAG, "esp_mp_mulmod_usage_ct = %lu tries",
                            esp_mp_mulmod_usage_ct);
             ESP_LOGI(TAG, "esp_mp_mulmod_error_ct = %lu failures",
                            esp_mp_mulmod_error_ct);
-            ESP_LOGI(TAG, "");
+            ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
 
             #ifndef NO_RECOVER_SOFTWARE_CALC
@@ -2496,19 +2663,19 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
  *
  *    Z = X^Y mod M
  *
- *  ESP32, Section 24.3.2  https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
- *  ESP32S3, Section 20.3.1, https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf
+ *  ESP32, Section 24.3.2  esp32_technical_reference_manual_en.pdf
+ *  ESP32S3, Section 20.3.1, esp32-s3_technical_reference_manual_en.pdf
  *
  * The operation is based on Montgomery multiplication. Aside from the
- * arguments X, Y , and M, two additional ones are needed —r and M′
+ * arguments X, Y , and M, two additional ones are needed -r and M'
 .* These arguments are calculated in advance by software.
 .*
-.* The RSA Accelerator supports operand lengths of N ∈ {512, 1024, 1536, 2048,
-.* 2560, 3072, 3584, 4096} bits on the ESP32 and N ∈ [32, 4096] bits
+.* The RSA Accelerator supports operand lengths of N in {512, 1024, 1536, 2048,
+.* 2560, 3072, 3584, 4096} bits on the ESP32 and N in [32, 4096] bits
  * on the ESP32s3.
 .* The bit length of arguments Z, X, Y , M, and r can be any one from
  * the N set, but all numbers in a calculation must be of the same length.
-.* The bit length of M′ is always 32.
+.* The bit length of M' is always 32.
 .*
  * Z = (X ^ Y) mod M   : Espressif generic notation
  * Y = (G ^ X) mod P   : wolfSSL DH reference notation */
@@ -2614,6 +2781,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
             #ifdef DEBUG_WOLFSSL
                 esp_mp_exptmod_depth_counter--;
             #endif
+            return MP_HW_FALLBACK; /* If we can't lock HW, fall back to SW */
         }
     } /* the only thing we expect is success or busy */
 
@@ -2691,6 +2859,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     }
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
+    if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_HW_METRICS
+        ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                       OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+        esp_mp_mulmod_max_exceeded_ct++;
+    #endif
+       if (exptmod_lock_called) {
+            ret = esp_mp_hw_unlock();
+        }
+        ESP_LOGV(TAG, "Return esp_mp_exptmod fallback");
+
+        /* HW not capable for this size, return error to fall back to SW: */
+        return MP_HW_FALLBACK;
+    }
+    else {
+        WordsForOperand = bits2words(OperandBits);
+    }
+
     /* Steps to perform large number modular exponentiation.
      * Calculates Z = (X ^ Y) modulo M.
      * The number of bits in the operands (X, Y) is N. N can be 32x,
@@ -2716,17 +2903,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         ret = esp_mp_hw_wait_clean();
     }
 
-    if (ret == MP_OKAY) {
-        OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
-        }
-        else {
-            WordsForOperand = bits2words(OperandBits);
-        }
-    }
-
     if (ret == MP_OKAY) {
         /* 2. Disable completion interrupt signal; we don't use.
         **    0 => no interrupt; 1 => interrupt on completion. */
@@ -2777,6 +2953,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     /* end if CONFIG_IDF_TARGET_ESP32C3 */
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
+    if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_HW_METRICS
+        ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                       OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+        esp_mp_mulmod_max_exceeded_ct++;
+    #endif
+       if (exptmod_lock_called) {
+            ret = esp_mp_hw_unlock();
+        }
+        ESP_LOGV(TAG, "Return esp_mp_exptmod fallback");
+
+        /* HW not capable for this size, return error to fall back to SW: */
+        return MP_HW_FALLBACK;
+    }
+    else {
+        WordsForOperand = bits2words(OperandBits);
+    }
+
     /* Steps to perform large number modular exponentiation.
      * Calculates Z = (X ^ Y) modulo M.
      * The number of bits in the operands (X, Y) is N. N can be 32x,
@@ -2802,17 +2997,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         ret = esp_mp_hw_wait_clean();
     }
 
-    if (ret == MP_OKAY) {
-        OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
-        }
-        else {
-            WordsForOperand = bits2words(OperandBits);
-        }
-    }
-
     if (ret == MP_OKAY) {
         /* 2. Disable completion interrupt signal; we don't use.
         **    0 => no interrupt; 1 => interrupt on completion. */
@@ -2855,11 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     }
 
     /* 8. clear and release HW                    */
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+        ESP_LOGI(TAG, "Unlock esp_mp_exptmod");
+    #endif
     if (exptmod_lock_called) {
         ret = esp_mp_hw_unlock();
     }
     else {
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         ESP_LOGV(TAG, "Lock not called");
+    #endif
     }
     /* end if CONFIG_IDF_TARGET_ESP32C6 */
 
@@ -2891,9 +3080,12 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
     if (ret == MP_OKAY) {
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            ret = MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         else {
             WordsForOperand = bits2words(OperandBits);
@@ -2969,6 +3161,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 #ifdef WOLFSSL_HW_METRICS
     esp_mp_max_used = (Z->used > esp_mp_max_used) ? Z->used : esp_mp_max_used;
 #endif
+    ESP_LOGV(TAG, "Return esp_mp_exptmod %d", ret);
 
     return ret;
 } /* esp_mp_exptmod */
@@ -2979,6 +3172,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
 #endif /* !NO_RSA || HAVE_ECC */
 
+/* Some optional metrics when using RSA HW Acceleration */
 #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
 int esp_hw_show_mp_metrics(void)
 {
@@ -2991,10 +3185,14 @@ int esp_hw_show_mp_metrics(void)
                   "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL");
 #else
     /* Metrics: esp_mp_mul() */
-    ESP_LOGI(TAG, ""); /* mul follows */
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mul follows */
     ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled.");
     ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu",
                    esp_mp_mul_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mul with tiny operands: %lu",
+                   esp_mp_mul_tiny_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mul HW operand exceeded: %lu",
+                   esp_mp_mul_max_exceeded_ct);
     if (esp_mp_mul_error_ct == 0) {
         ESP_LOGI(TAG, "Success: no esp_mp_mul() errors.");
     }
@@ -3010,12 +3208,14 @@ int esp_hw_show_mp_metrics(void)
                   "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD");
 #else
     /* Metrics: esp_mp_mulmod() */
-    ESP_LOGI(TAG, ""); /* mulmod follows */
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* mulmod follows */
 
     ESP_LOGI(TAG, "esp_mp_mulmod HW acceleration enabled.");
     /* Metrics: esp_mp_mulmod() */
     ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod: %lu",
                    esp_mp_mulmod_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod HW operand exceeded: %lu",
+                   esp_mp_mulmod_max_exceeded_ct);
     ESP_LOGI(TAG, "Number of fallback to SW mp_mulmod: %lu",
                    esp_mp_mulmod_fallback_ct);
 
@@ -3052,10 +3252,12 @@ int esp_hw_show_mp_metrics(void)
                   "NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD");
 #else
     /* Metrics: sp_mp_exptmod() */
-    ESP_LOGI(TAG, ""); /* exptmod follows */
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); /* exptmod follows */
 
     ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu",
                    esp_mp_exptmod_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod HW operand exceeded: %lu",
+                   esp_mp_exptmod_max_exceeded_ct);
     ESP_LOGI(TAG, "Number of fallback to SW mp_exptmod: %lu",
                    esp_mp_exptmod_fallback_ct);
     if (esp_mp_exptmod_error_ct == 0) {
@@ -3069,7 +3271,10 @@ int esp_hw_show_mp_metrics(void)
 #endif /* EXPTMOD not disabled !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
 
     ESP_LOGI(TAG, "Max N->used: esp_mp_max_used = %lu", esp_mp_max_used);
-    ESP_LOGI(TAG, "Max timeout: esp_mp_max_timeout = %lu", esp_mp_max_timeout);
+    ESP_LOGI(TAG, "Max hw wait timeout: esp_mp_max_wait_timeout = %lu",
+                   esp_mp_max_wait_timeout);
+    ESP_LOGI(TAG, "Max calc timeout: esp_mp_max_timeout = 0x%08lx",
+                   esp_mp_max_timeout);
 
 #else
     /* no HW math, no HW math metrics */
diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c
index 30ba0e7bb..f9f8d9095 100644
--- a/wolfcrypt/src/port/Espressif/esp32_sha.c
+++ b/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -1,6 +1,6 @@
 /* esp32_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,7 +20,7 @@
  */
 
 /*
- * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf
+ * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf
  *  see page 335: no SHA-512
  *
  */
@@ -43,9 +43,6 @@
 #if !defined(NO_SHA) || !defined(NO_SHA256) || defined(WC_SHA384) || \
      defined(WC_SHA512)
 
-#include "wolfssl/wolfcrypt/logging.h"
-
-
 /* this entire file content is excluded if not using HW hash acceleration */
 #if defined(WOLFSSL_ESP32_CRYPT) && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
@@ -58,9 +55,16 @@
 
     #include <hal/sha_ll.h>
     #include <hal/clk_gate_ll.h>
+#elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+      defined(CONFIG_IDF_TARGET_ESP32S2) || \
+      defined(CONFIG_IDF_TARGET_ESP32S3)
+    #include <hal/clk_gate_ll.h>
 #else
     #include <hal/clk_gate_ll.h> /* ESP32-WROOM */
 #endif
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/sha512.h>
@@ -75,13 +79,18 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+/* A value for an initialized, but not-yet-known SHA: */
+#define WC_UNKNOWN_SHA (-1)
+
+#define WC_ESP_MAX_IDLE_WAIT 10000
+
 static const char* TAG = "wolf_hw_sha";
 
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684) || \
     defined(CONFIG_IDF_TARGET_ESP32C3) || \
     defined(CONFIG_IDF_TARGET_ESP32C6)
-    /* keep track of the currently active SHA hash object for interleaving */
+    /* Keep track of the currently active SHA hash object for interleaving. */
     const static word32 ** _active_digest_address = 0;
 #endif
 
@@ -90,7 +99,7 @@ static const char* TAG = "wolf_hw_sha";
 #endif
 
 #if defined(DEBUG_WOLFSSL)
-    /* Only when debugging, we'll keep tracking of block numbers. */
+    /* Only when debugging, we'll keep tracking of SHA block numbers. */
     static int this_block_num = 0;
 #endif
 
@@ -102,9 +111,12 @@ static const char* TAG = "wolf_hw_sha";
 #endif
 
 #ifdef WOLFSSL_DEBUG_MUTEX
-    #ifndef WOLFSSL_TEST_STRAY
+    #ifdef WOLFSSL_TEST_STRAY
+        #define WOLFSSL_TEST_STRAY_INJECT (esp_sha_call_count() == 10)
+    #else
         /* unless turned on, we won't be testing for strays */
         #define WOLFSSL_TEST_STRAY 0
+        #define WOLFSSL_TEST_STRAY_INJECT 0
     #endif
 #endif
 
@@ -122,13 +134,64 @@ static const char* TAG = "wolf_hw_sha";
     static unsigned long esp_byte_reversal_needed_ct = 0;
 #endif
 
-#if defined(ESP_MONITOR_HW_TASK_LOCK)
-    static void * mutex_ctx_owner = 0;
-    static TaskHandle_t mutex_ctx_task = 0;
+    static uintptr_t mutex_ctx_owner = NULLPTR;
+
+#if (defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)) \
+    || defined(WOLFSSL_DEBUG_MUTEX)
+    static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
+#endif
+
+#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED)
+    #ifdef SINGLE_THREADED
+        uintptr_t esp_sha_mutex_ctx_owner(void)
+        {
+            return mutex_ctx_owner;
+        }
+
+        uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner) {
+            mutex_ctx_owner = new_mutex_ctx_owner;
+            return new_mutex_ctx_owner;
+        }
+
+        uintptr_t esp_sha_mutex_ctx_owner_clear(void) {
+            return esp_sha_mutex_ctx_owner_set(NULLPTR);
+        }
+    #else
+        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
+
+            static TaskHandle_t mutex_ctx_task = NULL;
+        #endif
+
+        uintptr_t esp_sha_mutex_ctx_owner(void)
+        {
+            uintptr_t ret = 0;
+            taskENTER_CRITICAL(&sha_crit_sect);
+            {
+                ret = mutex_ctx_owner;
+            }
+            taskEXIT_CRITICAL(&sha_crit_sect);
+            return ret;
+        };
+
+        uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner)
+        {
+            taskENTER_CRITICAL(&sha_crit_sect);
+            {
+                mutex_ctx_owner = new_mutex_ctx_owner;
+            }
+            taskEXIT_CRITICAL(&sha_crit_sect);
+            return new_mutex_ctx_owner;
+        };
+
+        uintptr_t esp_sha_mutex_ctx_owner_clear(void) {
+            return esp_sha_mutex_ctx_owner_set(NULLPTR);
+        }
+    #endif /* ! SINGLE_THREADED */
+
+
     #ifdef WOLFSSL_DEBUG_MUTEX
-        static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
         WC_ESP32SHA* stray_ctx;
-        /* each ctx keeps track of the intializer for HW. when debugging
+        /* each ctx keeps track of the initializer for HW. when debugging
          * we'll have a global variable to indicate which has the lock. */
         static int _sha_lock_count = 0;
         static int _sha_call_count = 0;
@@ -143,40 +206,54 @@ static const char* TAG = "wolf_hw_sha";
             return _sha_lock_count;
         }
 
-        void* esp_sha_mutex_ctx_owner(void)
-        {
-            void* ret = 0;
-            taskENTER_CRITICAL(&sha_crit_sect);
-            {
-                ret = mutex_ctx_owner;
-            }
-            taskEXIT_CRITICAL(&sha_crit_sect);
-            return ret;
-        };
-    #else
-        int esp_sha_mutex_ctx_owner(void)
-        {
-            return (int)sha_mutex;
-        }
     #endif
 #endif
 
+/* esp_set_hw - set hardware lock, but only if there's no other known
+ * current mutex owner. */
+int esp_set_hw(WC_ESP32SHA* ctx)
+{
+    int ret = ESP_FAIL;
+    if ((uintptr_t)ctx == mutex_ctx_owner || mutex_ctx_owner == NULLPTR) {
+        ESP_LOGV(TAG, "Initializing current mutext owner!");
+        if (esp_sha_hw_islocked(ctx)) {
+             ESP_LOGV(TAG, "esp_set_hw already locked: 0x%x", (intptr_t)ctx);
+        }
+        ctx->mode = ESP32_SHA_HW;
+#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED)
+        mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx);
+#else
+        mutex_ctx_owner = (uintptr_t)ctx;
+#endif
+        ret = ESP_OK;
+    }
+    else {
+        ESP_LOGV(TAG, "esp_sha_init_ctx HW for non-owner 0x%x", (intptr_t)ctx);
+    }
+    return ret;
+}
+
 /*
 ** The wolfCrypt functions for LITTLE_ENDIAN_ORDER typically
 ** reverse the byte order. Except when the hardware doesn't expect it.
 **
+** For SoC devices with no HW (Hardware Acceleration) support:
+**    ctx->sha_type will be SHA_INVALID
+**    ctx->mode     will be ESP32_SHA_SW
+**
 ** Returns 0 (FALSE) or 1 (TRUE); see wolfSSL types.h
 */
 int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx)
 {
-    int ret = TRUE; /* assume we'll need reversal, look for exceptions */
+    int ret = 1; /* Assume we'll need reversal, look for exceptions. */
+    CTX_STACK_CHECK(ctx);
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684) || \
     defined(CONFIG_IDF_TARGET_ESP32C3) || \
     defined(CONFIG_IDF_TARGET_ESP32C6)
     if (ctx == NULL) {
         ESP_LOGE(TAG, " ctx is null");
-        /* return true for bad params */
+        /* Return true for bad params */
     }
     else {
         #ifdef WOLFSSL_HW_METRICS
@@ -186,12 +263,12 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx)
         #endif
         if (ctx->mode == ESP32_SHA_HW) {
             ESP_LOGV(TAG, " No reversal, ESP32_SHA_HW");
-            ret = FALSE;
+            ret = 0;
         }
         else {
-            ret = TRUE;
+            ret = 1;
             ESP_LOGV(TAG, " Need byte reversal, %d", ctx->mode);
-            /* return true for SW; only HW C3 skips reversal at this time. */
+            /* Return true for SW; only HW C3 skips reversal at this time. */
             #ifdef WOLFSSL_HW_METRICS
             {
                 esp_byte_reversal_needed_ct++;
@@ -204,8 +281,10 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx)
         }
     }
 #else
-    /* other platforms always return true */
+    /* Other platforms always return true. */
 #endif
+    CTX_STACK_CHECK(ctx);
+
     return ret;
 }
 
@@ -218,25 +297,49 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx)
 ** Active HW states, such as from during a copy operation, are demoted to SW.
 ** For hash_type not available in HW, set SW mode.
 **
-** See esp_sha_init_ctx(ctx)
+** For ctx, mode will be
+**     ESP32_SHA_INIT  - For initialized, hardware-ready
+**     ESP32_SHA_SW    - Software only
+**
+** See esp_sha_init_ctx(ctx) for common initialization of ctx.
 */
 int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type)
 {
-    int ret = 0;
+    int ret = ESP_OK;
 
-#if defined(CONFIG_IDF_TARGET_ESP32) || \
-    defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
+#ifdef DEBUG_WOLFSSL_SHA_MUTEX
+    ESP_LOGV(TAG, "\n\nesp_sha_init for ctx %p\n\n", ctx);
+#endif
+
+    if (ctx == NULL) {
+        return ESP_FAIL;
+    }
+
+#if defined(WOLFSSL_STACK_CHECK)
+    ctx->first_word = 0;
+    ctx->last_word = 0;
+#endif
+    CTX_STACK_CHECK(ctx);
+
+    ret = esp_sha_init_ctx(ctx);
+
+#if defined(CONFIG_IDF_TARGET_ESP32)   || \
+    defined(CONFIG_IDF_TARGET_ESP32S2) || \
+    defined(CONFIG_IDF_TARGET_ESP32S3)
+
+    /* ESP32 Xtensa Architecture SoC. Each has different features: */
     switch (hash_type) { /* check each wolfSSL hash type WC_[n] */
+
+        #ifndef NO_SHA
         case WC_HASH_TYPE_SHA:
             ctx->sha_type = SHA1; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
+        #endif
 
         case WC_HASH_TYPE_SHA224:
         #if defined(CONFIG_IDF_TARGET_ESP32S2) || \
             defined(CONFIG_IDF_TARGET_ESP32S3)
             ctx->sha_type = SHA2_224; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
         #else
             /* Don't call init, always SW as there's no HW. */
             ctx->mode = ESP32_SHA_SW;
@@ -245,32 +348,27 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type)
 
         case WC_HASH_TYPE_SHA256:
             ctx->sha_type = SHA2_256; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
 
     #if defined(CONFIG_IDF_TARGET_ESP32S2) || \
         defined(CONFIG_IDF_TARGET_ESP32S3)
         case  WC_HASH_TYPE_SHA384:
             ctx->mode = ESP32_SHA_SW;
-            ctx->sha_type = SHA2_384; /* Espressif type, but we won't use HW */
             break;
     #else
         case  WC_HASH_TYPE_SHA384:
             ctx->sha_type = SHA2_384; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
     #endif
 
         case WC_HASH_TYPE_SHA512:
             ctx->sha_type = SHA2_512; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
 
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
             /* Don't call init, always SW as there's no HW. */
             ctx->mode = ESP32_SHA_SW;
-            ctx->sha_type = SHA2_512; /* Espressif type, but we won't use HW */
             break;
     #endif
 
@@ -278,250 +376,89 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type)
         case WC_HASH_TYPE_SHA512_256:
             /* Don't call init, always SW as there's no HW. */
             ctx->mode = ESP32_SHA_SW;
-            ctx->sha_type = SHA2_512; /* Espressif type, but we won't use HW */
             break;
     #endif
 
         default:
-           ret = esp_sha_init_ctx(ctx);
-           ESP_LOGW(TAG, "Unexpected hash_type in esp_sha_init");
-           break;
+            ctx->mode = ESP32_SHA_SW;
+            ESP_LOGW(TAG, "Unexpected hash_type in esp_sha_init");
+            break;
     }
 #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
       defined(CONFIG_IDF_TARGET_ESP8684) || \
       defined(CONFIG_IDF_TARGET_ESP32C3) || \
       defined(CONFIG_IDF_TARGET_ESP32C6)
+
+    /* ESP32 RISC-V Architecture SoC. Each has different features: */
+
     switch (hash_type) { /* check each wolfSSL hash type WC_[n] */
-    #ifndef NO_SHA
+        #ifndef NO_SHA
         case WC_HASH_TYPE_SHA:
             ctx->sha_type = SHA1; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
-    #endif
+        #endif
 
         case WC_HASH_TYPE_SHA224:
             ctx->sha_type = SHA2_224; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
 
         case WC_HASH_TYPE_SHA256:
             ctx->sha_type = SHA2_256; /* assign Espressif SHA HW type */
-            ret = esp_sha_init_ctx(ctx);
             break;
 
         default:
             /* We fall through to SW when there's no enabled HW, above. */
             ctx->mode = ESP32_SHA_SW;
-            ret = 0;
-            /* If there's no HW, the ctx reference should cause build error.
-            ** The type should be gated away when there's no HW at all! */
-            ctx->isfirstblock = true;
-            ctx->sha_type = hash_type;
             ESP_LOGW(TAG, "Unsupported hash_type = %d in esp_sha_init, "
                           "falling back to SW", hash_type);
             break;
     }
 
 #else
-    /* other chipsets will be implemented here */
+    /* Other chipsets will be implemented here, fallback to SW for now: */
     ESP_LOGW(TAG, "SW Fallback; CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET);
     ctx->mode = ESP32_SHA_SW;
-#endif /* CONFIG_IDF_TARGET_ESP32   ||
-        * CONFIG_IDF_TARGET_ESP32S2 ||
-        * CONFIG_IDF_TARGET_ESP32S3 */
+#endif /* CONFIG_IDF_TARGET_[nnn] */
+    CTX_STACK_CHECK(ctx);
 
     return ret;
 }
 
-#ifndef NO_SHAx /* TODO cannot currently turn off SHA */
-/* we'll call a separate init as there's only 1 HW acceleration */
+/* we'll call a common init for non-chip-specific settings */
 int esp_sha_init_ctx(WC_ESP32SHA* ctx)
 {
-    if (ctx->initializer == NULL) {
-        ESP_LOGV(TAG, "regular init of blank WC_ESP32SHA ctx");
+    CTX_STACK_CHECK(ctx);
 
-        /* we'll keep track of who initialized this */
-        ctx->initializer = ctx; /* save our address in the initializer */
-        #ifdef ESP_MONITOR_HW_TASK_LOCK
-        {
-            /* Keep track of which freeRTOS task actually locks HW */
-            ctx->task_owner = xTaskGetCurrentTaskHandle();
-        }
-        #endif
-        ctx->mode = ESP32_SHA_INIT;
-    }
-    else {
-        /* things may be more interesting when previously initialized */
-        if (ctx->initializer == ctx) {
-            /* We're likely re-using an existing object previously initialized.
-            ** There's of course a non-zero probability that garbage data is
-            ** the same pointer value, but that's highly unlikely; We'd need
-            ** to discard, then re-init to same memory location for a matching
-            ** initializer. */
-            ESP_LOGV(TAG, "re-using existing WC_ESP32SHA ctx");
+    ctx->mode = ESP32_SHA_INIT;
 
-            /* we should never have an unexpected mode in a known ctx */
-            switch (ctx->mode) {
-                case ESP32_SHA_FREED:
-                    ESP_LOGW(TAG, "Warning: ESP32_SHA_FREED status");
+    /* This is a generic init; we don't yet know SHA type. */
+    ctx->sha_type = WC_UNKNOWN_SHA;
 
-                #ifdef ESP_MONITOR_HW_TASK_LOCK
-                    if (ctx->task_owner == xTaskGetCurrentTaskHandle()) {
-                        esp_sha_hw_unlock(ctx);
-                    }
-                    else {
-                        ESP_LOGW(TAG, "Warning: unable to unlock ctx mutex ");
-                    }
-                #else
-                    esp_sha_hw_unlock(ctx);
-                #endif
-                    ctx->mode = ESP32_SHA_INIT;
-                    /* fall through to init */
-
-                case ESP32_SHA_INIT:
-                case ESP32_SHA_SW:
-                    /* nothing interesting here */
-                    break;
-
-                case ESP32_SHA_HW:
-                    /* This will be dealt with below: likely demote to SW */
-                    break;
-
-                case ESP32_SHA_HW_COPY:
-                    /* This is an interesting mode, caller gave HW mode hint */
-                    ESP_LOGI(TAG, "ALERT: ESP32_SHA_HW_COPY?");
-                    break;
-
-                default:
-                    /* This should almost never occur. We'd need to have an
-                    ** uninitialized ctx that just happens to include the
-                    ** breadcrumb initializer with the same address. */
-                    ESP_LOGW(TAG, "ALERT: unexpected WC_ESP32SHA ctx mode: "
-                                  "%d. ", ctx->mode);
-                    ctx->mode = ESP32_SHA_INIT;
-                    break;
-            }
-            /* We don't need to do anything here,
-            ** this section for diagnostics only.
-            ** May need to unlock HW, below. */
-        } /* ctx->initializer == ctx */
-        else {
-            /* We may end up here with either dirty memory
-            ** or copied SHA ctx.
-            **
-            ** Any copy function should have already set mode = ESP32_SHA_INIT.
-            **
-            ** In either case, initialize: */
-            ctx->initializer = ctx; /* set a new address */
-        #ifdef ESP_MONITOR_HW_TASK_LOCK
-        {
-            /* not HW mode, so we are not interested in task owner */
-            ctx->task_owner = 0;
-        }
-        #endif
-
-            /* Always set to ESP32_SHA_INIT, but give debug info as to why: */
-            switch (ctx->mode) {
-                case ESP32_SHA_FREED:
-                    ESP_LOGE(TAG, "ERROR: unexpected ESP32_SHA_FREED");
-                    ctx->mode = ESP32_SHA_INIT;
-                    break;
-
-                case ESP32_SHA_INIT:
-                    /* if we are already in init mode, nothing to do. */
-                    break;
-
-                case ESP32_SHA_SW:
-                    /* this should rarely, if ever occur */
-                    ESP_LOGW(TAG, "ALERT: unexpected SW WC_ESP32SHA ctx mode. "
-                                  "Copied? Revert to ESP32_SHA_INIT.");
-                    ctx->mode = ESP32_SHA_INIT;
-                    break;
-
-                case ESP32_SHA_HW:
-                    /* this should rarely, if ever occur. */
-                    ESP_LOGW(TAG, "ALERT: unexpected HW WC_ESP32SHA ctx mode. "
-                                  "Copied?");
-                    ctx->mode = ESP32_SHA_INIT;
-                    break;
-
-                case ESP32_SHA_HW_COPY:
-                    /* This is an interesting but acceptable situation:
-                    ** an anticipated active HW copy that will demote to SW. */
-                    ESP_LOGV(TAG, "HW WC_ESP32SHA ctx mode = "
-                                  "ESP32_SHA_HW_COPY.");
-                    break;
-
-                default:
-                    /* this will frequently occur during new init */
-                    ESP_LOGV(TAG, "ALERT: unexpected WC_ESP32SHA ctx mode. "
-                                  "Uninitialized?");
-                    ctx->mode = ESP32_SHA_INIT;
-                    break;
-            } /* switch */
-        } /* ctx->initializer != ctx */
-    } /* ctx->initializer != NULL */
-
-    /*
-    ** After possibly changing the mode (above) handle current mode:
-    */
-    switch (ctx->mode) {
-        case ESP32_SHA_INIT:
-            /* Likely a fresh, new SHA, as desired. */
-            ESP_LOGV(TAG, "Normal ESP32_SHA_INIT");
-            break;
-
-        case ESP32_SHA_HW:
-            /* We're already in hardware mode, so release. */
-            /* Interesting, but normal. */
-            ESP_LOGV(TAG, ">> HW unlock.");
-
-            /* During init is the ONLY TIME we call unlock.
-            ** If there's a problem, likely some undesired operation
-            ** outside of wolfSSL.
-            */
-            /* TODO debug check if HW actually locked;  */
-            esp_sha_hw_unlock(ctx);
-            ctx->mode = ESP32_SHA_INIT;
-            break;
-
-        case ESP32_SHA_HW_COPY:
-            /* When we init during a known active HW copy, revert to SW. */
-            ESP_LOGV(TAG, "Planned revert to SW during copy.");
-            ctx->mode = ESP32_SHA_SW;
-            break;
-
-        case ESP32_SHA_SW:
-            /* This is an interesting situation: likely a call when
-            ** another SHA in progress, but copied. */
-            ESP_LOGV(TAG, ">> SW Set to init.");
-            ctx->mode = ESP32_SHA_INIT;
-            break;
-
-        case ESP32_SHA_FAIL_NEED_UNROLL:
-            /* Oh, how did we get here? likely uninitialized SHA memory.
-            ** User code logic may need attention. */
-            ESP_LOGW(TAG, "ALERT: \nESP32_SHA_FAIL_NEED_UNROLL\n");
-            ctx->mode = ESP32_SHA_INIT;
-            break;
-
-        default:
-            /* Most likely corrupted memory. */
-            ESP_LOGW(TAG, "ALERT: \nunexpected mode value: "
-                          "%d \n", ctx->mode);
-            ctx->mode = ESP32_SHA_INIT;
-            break;
-    } /* switch (ctx->mode)  */
-
-    /* reminder: always start isfirstblock = 1 (true) when using HW engine */
-    /* we're always on the first block at init time (not zero-based!) */
-    ctx->isfirstblock = true;
+    /* Reminder: always start isfirstblock = 1 (true) when using HW engine. */
+    /* We're always on the first block at init time. (not zero-based!) */
+    ctx->isfirstblock = 1;
     ctx->lockDepth = 0; /* new objects will always start with lock depth = 0 */
 
+#if defined(MUTEX_DURING_INIT)
+    if ((uintptr_t)ctx == mutex_ctx_owner || mutex_ctx_owner == NULLPTR) {
+        ESP_LOGV(TAG, "Initializing current mutext owner!");
+        if (esp_sha_hw_islocked(ctx)) {
+            esp_sha_hw_unlock(ctx);
+        }
+        mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx);
+    }
+    else {
+        ESP_LOGI(TAG, "MUTEX_DURING_INIT esp_sha_init_ctx for non-owner: "
+                      "0x%x", (intptr_t)ctx);
+    }
+#endif
+
+    CTX_STACK_CHECK(ctx);
     return ESP_OK; /* Always return success.
                     * We assume all issues handled, above. */
 } /* esp_sha_init_ctx */
 
+#ifndef NO_SHA
 /*
 ** internal SHA ctx copy for ESP HW
 */
@@ -539,17 +476,14 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst)
         /* Get a copy of the HW digest, but don't process it. */
         ret = esp_sha_digest_process(dst, 0);
         if (ret == 0) {
-            /* Note we arrived here only because
-             * the src is already in HW mode.
-             * provide init hint to SW revert: */
-            dst->ctx.mode = ESP32_SHA_HW_COPY;
-
             /* initializer will be set during init */
             ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA);
             if (ret != 0) {
                 ESP_LOGE(TAG, "Error during esp_sha_ctx_copy "
                               "in esp_sha_init.");
             }
+            /* As src is HW, the copy will be SW. TODO: Future interleave. */
+            dst->ctx.mode = ESP32_SHA_SW;
         }
         else {
             ESP_LOGE(TAG, "Error during esp_sha_ctx_copy "
@@ -574,7 +508,7 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst)
         else {
             /* However NOT reverting to SW is not right.
             ** This should never happen. */
-            ESP_LOGW(TAG, "SHA Copy NOT set to SW");
+            ESP_LOGW(TAG, "SHA Copy NOT set to SW from %d", dst->ctx.mode);
         }
     } /* (src->ctx.mode == ESP32_SHA_HW */
     else { /* src not in HW mode, ok to copy. */
@@ -582,8 +516,8 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst)
         ** reminder XMEMCOPY, above: dst->ctx = src->ctx;
         ** No special HW init needed in SW mode.
         ** but we need to set our initializer breadcrumb: */
-        dst->ctx.initializer = &(dst->ctx); /* assign new breadcrumb to dst */
-        #ifdef ESP_MONITOR_HW_TASK_LOCK
+        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
+        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
         {
             /* not HW mode for copy, so we are not interested in task owner */
             dst->ctx.task_owner = 0;
@@ -597,18 +531,18 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst)
 } /* esp_sha_ctx_copy */
 #endif
 
-
 /*
-** internal sha224 ctx copy (no ESP HW)
+** Internal sha224 ctx copy (no ESP HW)
 */
 #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224
 int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
 {
-    /* There's no 224 hardware on ESP32 */
-    dst->ctx.initializer = &dst->ctx; /* assign the initializer to dst */
-    #ifdef ESP_MONITOR_HW_TASK_LOCK
+    /* There's no 224 hardware on ESP32.
+     * Initializer for dst is this ctx address for use as a breadcrumb. */
+    dst->ctx.initializer = (uintptr_t)&dst->ctx;
+    #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
     {
-        /* not HW mode for copy, so we are not interested in task owner */
+        /* Not HW mode for copy, so we are not interested in task owner: */
         dst->ctx.task_owner = 0;
     }
     #endif
@@ -632,14 +566,16 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
             ESP_LOGI(TAG, "esp_sha256_ctx_copy esp_sha512_digest_process");
         }
         #endif
-        ret = esp_sha256_digest_process(dst, 0); /* TODO Use FALSE*/
-
-        if (ret == 0) {
-            /* provide init hint to possibly SW revert */
-            dst->ctx.mode = ESP32_SHA_HW_COPY;
+        ret = esp_sha256_digest_process(dst, FALSE);
 
+        if (ret == ESP_OK) {
             /* initializer breadcrumb will be set during init */
-            ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA256 );
+            ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA256);
+            /* As src is HW, the copy will be SW. TODO: Future interleave. */
+            dst->ctx.mode = ESP32_SHA_SW;
+        }
+        else {
+            ESP_LOGE(TAG, "Unexpected error during sha256 ctx copy: %d", ret);
         }
 
         if (dst->ctx.mode == ESP32_SHA_SW) {
@@ -657,17 +593,19 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
             ESP_LOGV(TAG, "Confirmed wc_Sha256 Copy set to SW");
         }
         else {
-            ESP_LOGW(TAG, "wc_Sha256 Copy NOT set to SW");
+            ESP_LOGW(TAG, "wc_Sha256 Copy (mode = %d) set to SW",
+                          dst->ctx.mode);
+            dst->ctx.mode = ESP32_SHA_SW;
         }
     } /* (src->ctx.mode == ESP32_SHA_HW) */
     else {
-        ret = 0;
+        ret = ESP_OK;
         /*
         ** reminder this happened in XMEMCOPY: dst->ctx = src->ctx;
         ** No special HW init needed in SW mode.
-        ** but we need to set our initializer: */
-        dst->ctx.initializer = &dst->ctx; /* assign the initializer to dst */
-        #ifdef ESP_MONITOR_HW_TASK_LOCK
+        ** but we need to set our initializer (helpful in multi-task RTOS) */
+        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
+        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
         {
             /* not HW mode, so we are not interested in task owner */
             dst->ctx.task_owner = 0;
@@ -679,7 +617,10 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
 } /* esp_sha256_ctx_copy */
 #endif
 
-#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
+     ) && \
+    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
 /*
 ** internal sha384 ctx copy for ESP HW
 */
@@ -699,7 +640,7 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
 #else
     if (src->ctx.mode == ESP32_SHA_HW) {
         /* Get a copy of the HW digest, but don't process it. */
-        ESP_LOGI(TAG, "esp_sha384_ctx_copy esp_sha512_digest_process");
+        ESP_LOGV(TAG, "esp_sha384_ctx_copy esp_sha512_digest_process");
         ret = esp_sha512_digest_process(dst, 0);
         if (ret == 0) {
             /* provide init hint to SW revert */
@@ -728,11 +669,11 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
     else {
         ret = 0;
         /*
-        ** reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx;
+        ** Reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx;
         ** No special HW init needed in SW mode.
-        ** but we need to set our initializer: */
-        dst->ctx.initializer = &dst->ctx; /* assign the initializer to dst */
-        #ifdef ESP_MONITOR_HW_TASK_LOCK
+        ** But we need to set our initializer in dst as a breadcrumb: */
+        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
+        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
         {
             /* not HW mode for copy, so we are not interested in task owner */
             dst->ctx.task_owner = 0;
@@ -744,7 +685,10 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
 } /* esp_sha384_ctx_copy */
 #endif
 
-#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
+#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
+     ) && \
+    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
 /*
 ** Internal sha512 ctx copy for ESP HW.
 ** If HW already active, fall back to SW for this ctx.
@@ -757,16 +701,17 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
     defined(CONFIG_IDF_TARGET_ESP8684)   || \
     defined(CONFIG_IDF_TARGET_ESP32C3)   || \
     defined(CONFIG_IDF_TARGET_ESP32C6)
-    /* there's no SHA512 HW on the RISC-V SoC so there's nothing to do. */
+    /* There's no SHA512 HW on these RISC-V SoC so there's nothing to do.
+     * (perhaps a future one will?) */
 #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
       defined(CONFIG_IDF_TARGET_ESP32S2) || \
       defined(CONFIG_IDF_TARGET_ESP32S3)
     if (src->ctx.mode == ESP32_SHA_HW) {
         /* Get a copy of the HW digest, but don't process it. */
-        ESP_LOGI(TAG, "esp_sha512_ctx_copy esp_sha512_digest_process");
-        ret = esp_sha512_digest_process(dst, 0);
+        ESP_LOGV(TAG, "esp_sha512_ctx_copy esp_sha512_digest_process");
+        ret = esp_sha512_digest_process(dst, FALSE);
 
-        if (ret == 0) {
+        if (ret == ESP_OK) {
             /* provide init hint to SW revert */
             dst->ctx.mode = ESP32_SHA_HW_COPY;
 
@@ -780,27 +725,27 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
             ESP_LOGV(TAG, "Confirmed wc_Sha512 Copy set to SW");
         }
         else {
-            ESP_LOGW(TAG, "wc_Sha512 Copy NOT set to SW");
+            ESP_LOGW(TAG, "wc_Sha512 Copy set to SW");
+            dst->ctx.mode = ESP32_SHA_SW;
         }
     } /* src->ctx.mode == ESP32_SHA_HW */
     else {
-        ret = 0;
+        ret = ESP_OK;
         /* reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx;
         ** No special HW init needed when not in active HW mode.
         ** but we need to set our initializer breadcrumb: */
-    /* TODO: instead of what is NOT supported, gate on what IS known to be supported */
     #if !defined(CONFIG_IDF_TARGET_ESP32C2) && \
         !defined(CONFIG_IDF_TARGET_ESP32C3) && \
         !defined(CONFIG_IDF_TARGET_ESP32C6)
-        dst->ctx.initializer = &dst->ctx; /*breadcrumb is this ctx address */
+        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
     #endif
-    #ifdef ESP_MONITOR_HW_TASK_LOCK
+    #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
         {
             /* not HW mode for copy, so we are not interested in task owner */
             dst->ctx.task_owner = 0;
         }
-        #endif
-    }
+    #endif
+    } /* else src->ctx.mode != ESP32_SHA_HW */
 #endif
 
     return ret;
@@ -812,14 +757,14 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
 **
 ** See FIPS PUB 180-4, Instruction Section 1.
 **
-** See ESP32 shah.h for values:
+** See ESP32 sha.h for values:
 **
 **  enum SHA_TYPE {
 **      SHA1 = 0,
 **      SHA2_256,
 **      SHA2_384,
 **      SHA2_512,
-**      SHA_INVALID = -1,
+**      SHA_TYPE_MAX = -1,
 **  };
 **
 ** given the SHA_TYPE (see Espressif sha.h) return WC digest size.
@@ -908,14 +853,14 @@ static word32 wc_esp_sha_digest_size(WC_ESP_SHA_TYPE type)
 static int wc_esp_wait_until_idle(void)
 {
     int ret = 0; /* assume success */
-    int loop_ct = 10000;
+    int loop_ct = WC_ESP_MAX_IDLE_WAIT;
 
 #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
     defined(CONFIG_IDF_TARGET_ESP8684) || \
     defined(CONFIG_IDF_TARGET_ESP32C3) || \
     defined(CONFIG_IDF_TARGET_ESP32C6)
     /* ESP32-C3 and ESP32-C6 RISC-V */
-    while ((sha_ll_busy() == true) && (loop_ct > 0)) {
+    while ((sha_ll_busy() == 1) && (loop_ct > 0)) {
         loop_ct--;
         /* do nothing while waiting. */
     }
@@ -933,7 +878,7 @@ static int wc_esp_wait_until_idle(void)
 #endif
     if (loop_ct <= 0)
     {
-        ESP_LOGI(TAG, "too long to exit wc_esp_wait_until_idle");
+        ESP_LOGW(TAG, "Too long to exit wc_esp_wait_until_idle");
     }
     return ret;
 } /* wc_esp_wait_until_idle */
@@ -961,6 +906,7 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx)
 #if defined(CONFIG_IDF_TARGET_ESP32)
     word32 this_sha_mask; /* this is the bit-mask for our SHA CLK_EN_REG */
 #endif
+    CTX_STACK_CHECK(ctx);
 
     if (ctx == NULL) {
         ESP_LOGE(TAG, "esp_unroll_sha_module_enable called with null ctx.");
@@ -997,7 +943,7 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx)
         periph_module_disable(PERIPH_SHA_MODULE);
         asm volatile("memw");
         actual_unroll_count++;
-        ESP_LOGI(TAG, "unroll not yet successful. try #%d",
+        ESP_LOGW(TAG, "unroll not yet successful. try #%d",
                  actual_unroll_count);
 
         /* we'll only try this some unreasonable number of times
@@ -1016,7 +962,11 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx)
             ** This should never happen unless someone else called
             ** periph_module_disable() or threading not working properly.
             **/
-            ESP_LOGW(TAG, "warning lockDepth mismatch.");
+            ESP_LOGW(TAG, "warning lockDepth mismatch: %d", ctx->lockDepth);
+            if (actual_unroll_count == 0 && ctx->lockDepth > 2) {
+                ESP_LOGW(TAG, "Large lockDepth discrepancy often indicates "
+                              "stack overflow or memory corruption");
+            }
         }
         ctx->lockDepth = 0;
         ctx->mode = ESP32_SHA_INIT;
@@ -1030,16 +980,36 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx)
         ESP_LOGI(TAG, "Setting ctx->mode = ESP32_SHA_SW");
         ctx->mode = ESP32_SHA_SW;
     }
+    CTX_STACK_CHECK(ctx);
     return ret;
 } /* esp_unroll_sha_module_enable */
 
-int esp_sha_set_stray(WC_ESP32SHA* ctx)
+/* Set and return a stray ctx value stray_ctx. Useful for multi-task debugging.
+ * Returns zero if not debugging. */
+uintptr_t esp_sha_set_stray(WC_ESP32SHA* ctx)
 {
-    int ret = 0;
+    uintptr_t ret = 0;
+    CTX_STACK_CHECK(ctx);
+
 #ifdef WOLFSSL_DEBUG_MUTEX
     stray_ctx = ctx;
-    ret= (int)stray_ctx;
+    ret = (uintptr_t)stray_ctx;
 #endif
+    CTX_STACK_CHECK(ctx);
+    return ret;
+}
+
+/* Return 1 if the SHA HW is in use, 0 otherwise. */
+int esp_sha_hw_in_use()
+{
+    int ret;
+#ifdef SINGLE_THREADED
+    ret = InUse;
+#else
+    ret = (mutex_ctx_owner != NULLPTR);
+    ESP_LOGV(TAG, "mutex_ctx_owner is 0x%x", mutex_ctx_owner);
+#endif
+    ESP_LOGV(TAG, "esp_sha_hw_in_use is %d", ret);
     return ret;
 }
 
@@ -1049,26 +1019,29 @@ int esp_sha_set_stray(WC_ESP32SHA* ctx)
 ** When WOLFSSL_DEBUG_MUTEX is defined, additional
 ** debugging capabilities are available.
 */
-int esp_sha_hw_islocked(WC_ESP32SHA* ctx)
+uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx)
 {
-    int ret = 0;
+    uintptr_t ret = 0;
+    #if !defined(WOLFSSL_DEBUG_MUTEX) && !defined(SINGLE_THREADED)
+        TaskHandle_t mutexHolder;
+    #endif
+    CTX_STACK_CHECK(ctx);
+
 #ifdef WOLFSSL_DEBUG_MUTEX
-    taskENTER_CRITICAL(&sha_crit_sect);
-    {
-        ret = (int)mutex_ctx_owner;
-        if (ctx == 0) {
-            /* we are not checking if a given ctx has the lock */
+    ret = esp_sha_mutex_ctx_owner();
+    if (ctx == 0) {
+        ESP_LOGV(TAG, "ctx == 0; Not checking if a given ctx has the lock");
+    }
+    else {
+        if (ret == (uintptr_t)ctx->initializer) {
+            ESP_LOGV(TAG, "confirmed this object is the owner");
         }
         else {
-            if (ret == (int)ctx->initializer) {
-                /* confirmed this object is the owner */
-            }
-            else {
-                /* this object is not the lock owner */
-            }
+            ESP_LOGV(TAG, "this object is not the lock owner");
+
         }
-    }
-    taskEXIT_CRITICAL(&sha_crit_sect);
+    } /* ctx != 0 */
+
 #else
     #ifdef SINGLE_THREADED
     {
@@ -1076,7 +1049,30 @@ int esp_sha_hw_islocked(WC_ESP32SHA* ctx)
     }
     #else
     {
-        ret = (int)sha_mutex;
+        if (sha_mutex == NULL) {
+            mutexHolder = NULL;
+        }
+        else {
+            mutexHolder = xSemaphoreGetMutexHolder(sha_mutex);
+        }
+
+        if (mutexHolder == NULL) {
+            /* Mutex is not in use */
+            ESP_LOGV(TAG, "multi-threaded esp_mp_hw_islocked = false");
+            ret = 0;
+        }
+        else {
+            ESP_LOGV(TAG, "multi-threaded esp_mp_hw_islocked = true");
+            ret = mutex_ctx_owner;
+        }
+
+        /* Verbose debug diagnostics */
+        if (NULLPTR == mutex_ctx_owner) {
+            ESP_LOGV(TAG, "not esp_sha_hw_islocked, mutex_ctx_owner is Null");
+        }
+        else {
+            ESP_LOGV(TAG, "esp_sha_hw_islocked for 0x%x", mutex_ctx_owner);
+        }
     }
     #endif
     return ret;
@@ -1092,57 +1088,104 @@ int esp_sha_hw_islocked(WC_ESP32SHA* ctx)
                       (int)esp_sha_mutex_ctx_owner());
     }
 #endif
+    CTX_STACK_CHECK(ctx);
     return ret;
 }
 
 /*
  * The HW is typically unlocked when the SHA hash wc_Sha[nn]Final() is called.
- * However, in the case of TS connections, the in progress hash may at times be
+ * However, in the case of TLS connections the in-progress hash may at times be
  * abandoned. Thus this function should be called at free time. See internal.c
+ *
+ * Returns the owner of the current lock, typically used for debugging.
+ * Returns zero if there was no unfinished lock found to clean up.
  */
-int esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
+uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
 {
-    int ret = 0;
+    uintptr_t ret = 0;
+    CTX_STACK_CHECK(ctx);
+
     ret = esp_sha_hw_islocked(ctx); /* get the owner of the current lock */
     if (ret == 0) {
-        /* no lock */
+        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+            ESP_LOGV(TAG, "No unfinished lock to clean up for ctx %p.", ctx);
+        #endif
     }
     else {
-        if (ret == (int)ctx) {
+        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+            ESP_LOGI(TAG, "Unfinished lock clean up: %p.", ctx);
+        #endif
+        if (ret == (uintptr_t)ctx) {
             /* found a match for this object */
-            if (ret == (int)(ctx->initializer)) {
+            if (ret == ctx->initializer) {
                 /* confirmed match*/
+                ESP_LOGW(TAG, "New mutex_ctx_owner = NULL");
+                #ifdef ESP_MONITOR_HW_TASK_LOCK
+                {
+                    esp_sha_mutex_ctx_owner_clear();
+                }
+                #endif
             }
             else {
-                /* the only mismatch expected may be in a mullti-thread RTOS */
-                ESP_LOGE(TAG, "ERROR: esp_sha_release_unfinished_lock for %x"
-                              " but found %x", ret, (int)(ctx->initializer));
-            }
-        #ifdef WOLFSSL_DEBUG_MUTEX
-            ESP_LOGE(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret);
+        #if defined(WOLFSSL_DEBUG_MUTEX) || defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
+                if (ctx->initializer == 0) {
+                    /* A zero likely indicates prior cleanup for abandoned hash.
+                     * Check the calling code to confirm this is the case. */
+                    ESP_LOGW(TAG, "Release already finished lock for %x ?",
+                                   ctx->initializer);
+                    }
+                else {
+                    /* Mismatch expected may be in a multi-thread RTOS. */
+                    ESP_LOGW(TAG, "ERROR: Release unfinished lock for %x but "
+                                  "found %x", ret, ctx->initializer);
+                }
         #endif
-            /* unlock only if this ctx is the intializer of the lock */
+            }  /* ret != ctx->initializer */
+        #ifdef WOLFSSL_DEBUG_MUTEX
+            ESP_LOGW(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret);
+        #endif
+
+            /* unlock only if this ctx is the initializer of the lock */
         #ifdef SINGLE_THREADED
         {
             ret = esp_sha_hw_unlock(ctx);
         }
         #else
-        {
-            if (ctx->task_owner == xTaskGetCurrentTaskHandle()) {
+            #if defined(ESP_MONITOR_HW_TASK_LOCK)
+            {
+                if (ctx->task_owner == xTaskGetCurrentTaskHandle()) {
+                    ESP_LOGV(TAG, "esp_sha_hw_unlock!");
+                }
+                else {
+                    /* We cannot free a SHA object lock from a different task.
+                     * So give the ctx a hint for other task to clean it up. */
+                    ctx->mode = ESP32_SHA_FREED;
+                    ESP_LOGV(TAG, "ESP32_SHA_FREED");
+                }
+            }
+            #else
+                /* Here we assume only 1 task, so no ESP32_SHA_FREED hint. */
                 ret = esp_sha_hw_unlock(ctx);
-            }
-            else {
-                /* We cannot free a SHA onbject locks from a different task.
-                 * So give the ctx a hint for the other task to clean it up. */
-                ctx->mode = ESP32_SHA_FREED;
-            }
-        }
-        #endif
+            #endif /* ESP_MONITOR_HW_TASK_LOCK */
+        #endif /* SINGLE_THREADED or not */
 
+        } /* ret == ctx */
+    } /* else not locked */
+
+    CTX_STACK_CHECK(ctx);
+    if (ctx->mode != ESP32_SHA_INIT) {
+#if defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
+        ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode);
+#endif
+        if (ctx->mode == ESP32_SHA_HW) {
+#if defined(DEBUG_WOLFSSL_ESP32_UNFINISHED_HW)
+            ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!");
+#endif
         }
     }
     return ret;
-}
+} /* esp_sha_release_unfinished_lock */
+
 /*
 ** lock HW engine.
 ** this should be called before using engine.
@@ -1151,8 +1194,21 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
 {
     int ret = 0;
 
+#if defined(SINGLE_THREADED)
+    /* no mutex monitoring available in single thread mode */
+#else
+    /* thread safe get of global static mutex_ctx_owner: */
+    uintptr_t this_mutex_owner;
+
+    /* mutex_ctx_owner could change in multiple threads, assign once here: */
+    this_mutex_owner = esp_sha_mutex_ctx_owner();
+#endif
+
+    CTX_STACK_CHECK(ctx);
+
 #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
-    ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x", (int)ctx->initializer);
+    ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x, initializer %x",
+                   (uintptr_t)ctx, (uintptr_t)ctx->initializer);
 #endif
 
     #ifdef WOLFSSL_DEBUG_MUTEX
@@ -1171,26 +1227,32 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
 
     /* Init mutex
      *
-     * Note that even single thread mode may calculate hashes
-     * concurrently, so we still need to keep track of the
-     * engine being busy or not.
-     **/
+     * Note that even single thread mode may calculate separate hashes
+     * concurrently, so we still need to keep track of the engine being
+     * busy or not.
+     */
 #if defined(SINGLE_THREADED)
     if (ctx->mode == ESP32_SHA_INIT) {
-        if (!InUse) {
-            ctx->mode = ESP32_SHA_HW;
-            InUse = 1;
-        }
-        else {
+        if (InUse) {
+            /* Revert to SW when HW is busy */
             ctx->mode = ESP32_SHA_SW;
         }
+        else {
+            /* Set single-threaded hardware mode. */
+            ctx->mode = ESP32_SHA_HW;
+            InUse = 1;
+            #ifdef WOLFSSL_DEBUG_MUTEX
+                ESP_LOGW(TAG, "\n\nHW in use\n\n");
+            #endif
+        }
+        ret = ESP_OK;
     }
     else {
-         /* this should not happens */
+        /* this should not happen */
         ESP_LOGE(TAG, "unexpected error in esp_sha_try_hw_lock.");
         return ESP_FAIL;
     }
-#else /* not ESP_FAILfined(SINGLE_THREADED) */
+#else /* not SINGLE_THREADED */
     /*
     ** there's only one SHA engine for all the hash types
     ** so when any hash is in use, no others can use it.
@@ -1214,21 +1276,35 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         /* created, but not yet locked */
         ret = esp_CryptHwMutexInit(&sha_mutex);
         if (ret == 0) {
-        #ifdef WOLFSSL_DEBUG_MUTEX
-            ESP_LOGI(TAG, "esp_CryptHwMutexInit sha_mutex init success.");
-            mutex_ctx_owner = 0;
-        #endif
-        }
+            ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success.");
+            esp_sha_mutex_ctx_owner_clear(); /* No one has the mutex yet. */
+            #ifdef WOLFSSL_DEBUG_MUTEX
+            {
+                /* Take mutex for lock/unlock test drive to ensure it works: */
+                ret = esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0);
+                if (ret == ESP_OK) {
+                    ret = esp_CryptHwMutexUnLock(&sha_mutex);
+                    if (ret != ESP_OK) {
+                        ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init lock.");
+                    }
+                }
+                else {
+                    ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init unlock.");
+                }
+            }
+            #endif
+        } /* ret == 0 for esp_CryptHwMutexInit */
         else {
             ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed.");
-            sha_mutex = 0;
+            #ifdef WOLFSSL_DEBUG_MUTEX
+            {
+                ESP_LOGV(TAG, "Current mutext owner = %x", this_mutex_owner);
+            }
+            #endif
 
-            ESP_LOGI(TAG, "Revert to ctx->mode = ESP32_SHA_SW.");
+            sha_mutex = NULL;
 
-        #ifdef WOLFSSL_DEBUG_MUTEX
-            ESP_LOGI(TAG, "Current mutext owner = %x",
-                          (int)esp_sha_mutex_ctx_owner());
-        #endif
+            ESP_LOGV(TAG, "Revert to ctx->mode = ESP32_SHA_SW.");
 
             ctx->mode = ESP32_SHA_SW;
             return ESP_OK; /* success, just not using HW */
@@ -1236,32 +1312,45 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
     }
 
 #ifdef ESP_MONITOR_HW_TASK_LOCK
+    /* Nothing happening here other than messages based on mutex states */
     if (mutex_ctx_task == 0 || mutex_ctx_owner == 0) {
         /* no known stray mutex task owner */
     }
     else {
         if (mutex_ctx_task ==  xTaskGetCurrentTaskHandle()) {
-            ESP_LOGI(TAG, "Found mutex_ctx_task");
+            ESP_LOGV(TAG, "Found mutex_ctx_task");
             if (((WC_ESP32SHA*)mutex_ctx_owner)->mode == ESP32_SHA_FREED) {
                 ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking mutex_ctx_task = %x"
                               " for mutex_ctx_owner = %x",
-                              (int)mutex_ctx_task, (int)mutex_ctx_owner );
-                esp_CryptHwMutexUnLock(&sha_mutex);
-                ((WC_ESP32SHA*)mutex_ctx_owner)->mode = ESP32_SHA_INIT;
-                mutex_ctx_task = 0;
-                mutex_ctx_owner = 0;
+                              (uintptr_t)mutex_ctx_task,
+                              (uintptr_t)this_mutex_owner);
             }
             else {
                 if (ctx->mode == ESP32_SHA_FREED) {
-                    ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking ctx = %x"
-                              " for ctx.initializer = %x",
-                              (int)ctx, (int)ctx->initializer );
-                    esp_CryptHwMutexUnLock(&sha_mutex);
-                    ctx->mode = ESP32_SHA_INIT;
-                    mutex_ctx_task = 0;
-                    mutex_ctx_owner = 0;
+                    ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking (disabled) "
+                                  "ctx = %x for ctx.initializer = %x",
+                                  (uintptr_t)ctx,
+                                  (uintptr_t)ctx->initializer);
                 }
-            }
+                else {
+                    /* Not very interesting during init. */
+                    if (ctx->mode == ESP32_SHA_INIT) {
+                        ESP_LOGV(TAG, "mutex_ctx_owner = 0x%x",
+                                       this_mutex_owner);
+                        ESP_LOGV(TAG, "This ctx = 0x%x is ESP32_SHA_INIT",
+                                      (uintptr_t)ctx);
+                    }
+                    else {
+                        ESP_LOGW(TAG, "Not Freed!");
+                    }
+                } /* ctx ESP32_SHA_FREED check */
+            } /* mutex owner ESP32_SHA_FREED check */
+        } /* mutex_ctx_task is current task */
+        else {
+            ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task.");
+            ESP_LOGW(TAG, "Locking task: 0x%x", (word32)mutex_ctx_task);
+            ESP_LOGW(TAG, "This xTaskGetCurrentTaskHandle: 0x%x",
+                          (word32)xTaskGetCurrentTaskHandle());
         }
     }
 #endif /* ESP_MONITOR_HW_TASK_LOCK */
@@ -1270,8 +1359,13 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
     if (ctx->mode == ESP32_SHA_INIT) {
         /* try to lock the HW engine */
 #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
-        ESP_LOGI(TAG, "ESP32_SHA_INIT for %x\n", (int)ctx->initializer);
+        ESP_LOGI(TAG, "ESP32_SHA_INIT for %x, initializer %x\n",
+                       (uintptr_t)ctx, (uintptr_t)ctx->initializer);
 #endif
+        ESP_LOGV(TAG, "Init; release unfinished ESP32_SHA_INIT lock "
+                       "for ctx 0x%x", (uintptr_t)ctx);
+        esp_sha_release_unfinished_lock(ctx);
+
         /* lock hardware; there should be exactly one instance
          * of esp_CryptHwMutexLock(&sha_mutex ...) in code.
          *
@@ -1281,16 +1375,21 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
          * TODO: allow for SHA interleave on chips that support it.
          */
 
-        if (esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == 0) {
+        if ((mutex_ctx_owner == NULLPTR) &&
+            esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == ESP_OK) {
             /* we've successfully locked */
+            this_mutex_owner = (uintptr_t)ctx;
+            esp_sha_mutex_ctx_owner_set(this_mutex_owner);
+            ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", this_mutex_owner);
         #ifdef ESP_MONITOR_HW_TASK_LOCK
             mutex_ctx_task = xTaskGetCurrentTaskHandle();
         #endif
 
         #ifdef WOLFSSL_DEBUG_MUTEX
-            if (esp_sha_call_count() == 8 && WOLFSSL_TEST_STRAY) {
-                /* Once we've locked 10 times here,
-                * we'll force a fallback to SW until other thread unlocks. */
+            if (WOLFSSL_TEST_STRAY_INJECT) {
+                ESP_LOGW(TAG, "Introducing SHA stray for testing");
+                /* Once we've locked [n] times here,
+                 * we'll force a fallback to SW until other thread unlocks. */
                 taskENTER_CRITICAL(&sha_crit_sect);
                 {
                     (void)stray_ctx;
@@ -1298,8 +1397,9 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                         /* no peek task */
                     }
                     else {
-                        stray_ctx->initializer = stray_ctx;
-                        mutex_ctx_owner = (void*)stray_ctx->initializer;
+                        stray_ctx->initializer = (intptr_t)stray_ctx;
+                        mutex_ctx_owner = (intptr_t)stray_ctx->initializer;
+                        this_mutex_owner = mutex_ctx_owner;
                     }
                 }
                 taskEXIT_CRITICAL(&sha_crit_sect);
@@ -1309,14 +1409,17 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                                   "set the stay test?");
                 }
                 else {
-                    ESP_LOGI(TAG, "%x", (int)stray_ctx->initializer);
-                    ESP_LOGI(TAG, "%x", (int)&stray_ctx);
+                    ESP_LOGI(TAG, "%x", (uintptr_t)stray_ctx->initializer);
+                    ESP_LOGI(TAG, "%x", (uintptr_t)&stray_ctx);
                     ESP_LOGW(TAG,
                              "\n\nLocking with stray\n\n"
                              "WOLFSSL_DEBUG_MUTEX call count 8, "
                              "ctx->mode = ESP32_SHA_SW %x\n\n",
-                             (int)mutex_ctx_owner);
+                             this_mutex_owner);
+            #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
+                    /* ctx->task_owner is only available for multi-threaded */
                     ctx->task_owner = xTaskGetCurrentTaskHandle();
+            #endif
                     ctx->mode = ESP32_SHA_SW;
                     return ESP_OK; /* success, but revert to SW */
                 }
@@ -1326,17 +1429,22 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             /* check to see if we had a prior fail and need to unroll enables */
         #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
             ESP_LOGW(TAG, "Locking for ctx %x, current mutex_ctx_owner = %x",
-                           (int)&ctx, (int)esp_sha_mutex_ctx_owner());
+                           (uintptr_t)&ctx, this_mutex_owner);
+            ESP_LOGI(TAG, "ctx->lockDepth = %d", ctx->lockDepth);
         #endif
-            ret = esp_unroll_sha_module_enable(ctx);
+            if (ctx->mode == ESP32_SHA_INIT) {
+                /* Set non-single-threaded hardware mode */
+                esp_set_hw(ctx);
+            }
+
         #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
             ESP_LOGI(TAG, "Hardware Mode Active, lock depth = %d, for %x",
-                          ctx->lockDepth, (int)ctx->initializer);
+                          ctx->lockDepth, (uintptr_t)ctx->initializer);
         #endif
         #ifdef WOLFSSL_DEBUG_MUTEX
             taskENTER_CRITICAL(&sha_crit_sect);
             {
-                mutex_ctx_owner = (void*)ctx->initializer;
+                mutex_ctx_owner = (uintptr_t)ctx->initializer;
                 /* let's keep track of how many times we lock this */
                 _sha_lock_count++;
             }
@@ -1348,23 +1456,42 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                 ** as the mutex should be gate keeping */
                 ESP_LOGW(TAG, "WARNING: Hardware Mode "
                               "interesting lock depth = %d, for this %x",
-                              ctx->lockDepth, (int)ctx->initializer);
+                              ctx->lockDepth, (uintptr_t)ctx->initializer);
             }
         }
         else {
-            /* We should have otherwise anticipated this; how did we get here?
-            ** This code should rarely, ideally never be reached. */
-        #ifdef WOLFSSL_DEBUG_MUTEX
-            ESP_LOGI(TAG, "\nHardware in use by %x; "
-                           "Mode REVERT to ESP32_SHA_SW for %x\n",
-                           (int)esp_sha_mutex_ctx_owner(),
-                           (int)ctx->initializer);
-            ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x",
-                          ctx->lockDepth, (int)ctx->initializer);
-            ESP_LOGI(TAG, "Current mutext owner = %x",
-                           (int)esp_sha_mutex_ctx_owner());
-        #endif
-            ctx->mode = ESP32_SHA_SW;
+            /* When the lock is already in use: is it for this ctx? */
+            if ((uintptr_t)ctx == this_mutex_owner) {
+                ESP_LOGV(TAG, "I'm the owner! 0x%x", (uintptr_t)ctx);
+                ctx->mode = ESP32_SHA_SW;
+            }
+            else {
+            #ifdef WOLFSSL_DEBUG_MUTEX
+                ESP_LOGW(TAG, "\nHardware in use by %x; "
+                               "Mode REVERT to ESP32_SHA_SW for %x\n",
+                               this_mutex_owner,
+                               (uintptr_t)ctx->initializer);
+                ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x",
+                               ctx->lockDepth, (uintptr_t)ctx->initializer);
+                ESP_LOGI(TAG, "Current mutext owner = %x",
+                               this_mutex_owner);
+            #endif
+                ESP_LOGV(TAG, "I'm not owner! 0x%x; owner = 0x%x",
+                              (uintptr_t)ctx, mutex_ctx_owner);
+                if (this_mutex_owner) {
+                #ifdef WOLFSSL_DEBUG_MUTEX
+                    ESP_LOGW(TAG, "revert to SW since mutex_ctx_owner = %x"
+                                    " but we are currently ctx = %x",
+                                    this_mutex_owner, (intptr_t)ctx);
+                #endif
+                }
+                else {
+                    /* No ctx mutex owner, so hardware must be free. */
+                }
+                ESP_LOGV(TAG, "Set update ctx->mode = SW (from %d) for 0x%x",
+                              ctx->mode, (uintptr_t)ctx );
+                ctx->mode = ESP32_SHA_SW;
+            }
             return ESP_OK; /* success, but revert to SW */
         }
     } /* (ctx->mode == ESP32_SHA_INIT) */
@@ -1375,33 +1502,44 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
     }
 #endif /* not defined(SINGLE_THREADED) */
 
-#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
-    defined(CONFIG_IDF_TARGET_ESP8684) || \
-    defined(CONFIG_IDF_TARGET_ESP32C3) || \
-    defined(CONFIG_IDF_TARGET_ESP32C6)
-    {
-        ESP_LOGV(TAG, "ets_sha_enable for RISC-V");
-        ets_sha_enable();
-        ctx->mode = ESP32_SHA_HW;
-    }
-#else
-    if (ret == 0) {
+    ESP_LOGV(TAG, "ctx->mode = %d", ctx->mode);
+    if ((ret == ESP_OK) && (ctx->mode == ESP32_SHA_HW)) {
         ctx->lockDepth++; /* depth for THIS ctx (there could be others!) */
         #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         {
-            printf("1) Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n",
-                   __LINE__, ctx->lockDepth, (unsigned)ctx);
+            ESP_LOGI(TAG, "1) Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n",
+                          __LINE__, ctx->lockDepth, (unsigned)ctx);
         }
         #endif
-        periph_module_enable(PERIPH_SHA_MODULE);
-        ctx->mode = ESP32_SHA_HW;
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP32C3) || \
+            defined(CONFIG_IDF_TARGET_ESP32C6)
+        {
+            ESP_LOGV(TAG, "ets_sha_enable for RISC-V");
+            ets_sha_enable();
+        }
+        #else
+            ESP_LOGV(TAG, "ets_sha_enable for Xtensa");
+            periph_module_enable(PERIPH_SHA_MODULE);
+        #endif
     }
     else {
-        ESP_LOGW(TAG, ">>>> Other problem; Mode REVERT to ESP32_SHA_SW");
+        /* Set to SW */
+        #ifdef WOLFSSL_ESP32_CRYPT_DEBUG
+            if (ret == ESP_OK) {
+                ESP_LOGW(TAG, "Normal SHA Software fallback mode.");
+            }
+            else {
+                ESP_LOGW(TAG, "Warning: Unexpected Mode REVERT to ESP32_SHA_SW"
+                              ", err = %d", ret);
+            }
+        #endif
         ctx->mode = ESP32_SHA_SW;
     }
-#endif
+
     ESP_LOGV(TAG, "leave esp_sha_hw_lock");
+    CTX_STACK_CHECK(ctx);
 
     return ret;
 } /* esp_sha_try_hw_lock */
@@ -1413,61 +1551,80 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
 int esp_sha_hw_unlock(WC_ESP32SHA* ctx)
 {
     int ret = ESP_OK; /* assume success (zero) */
+    CTX_STACK_CHECK(ctx);
 #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
     ESP_LOGV(TAG, "enter esp_sha_hw_unlock");
 #endif
 
-#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
-    defined(CONFIG_IDF_TARGET_ESP8684) || \
-    defined(CONFIG_IDF_TARGET_ESP32C3) || \
-    defined(CONFIG_IDF_TARGET_ESP32C6)
-    ets_sha_disable(); /* disable also resets active, ongoing hash */
-    ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()");
-#else
-    /* Disable AES hardware */
-    periph_module_disable(PERIPH_SHA_MODULE);
-#endif
     /* we'll keep track of our lock depth.
      * in case of unexpected results, all the periph_module_disable() calls
      * and periph_module_disable() need to be unwound.
      *
      * see ref_counts[periph] in file: periph_ctrl.c */
 #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
-    printf("2) esp_sha_hw_unlock Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n",
-           __LINE__, ctx->lockDepth, (unsigned)ctx);
+    ESP_LOGI(TAG, "2) esp_sha_hw_unlock Lock depth @ %d = %d "
+                  "for WC_ESP32SHA ctx @ %p\n",
+                  __LINE__, ctx->lockDepth, ctx);
 #endif
+
+
     if (ctx->lockDepth > 0) {
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP32C3) || \
+        defined(CONFIG_IDF_TARGET_ESP32C6)
+        ets_sha_disable(); /* disable also resets active, ongoing hash */
+        ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()");
+    #else
+        periph_module_disable(PERIPH_SHA_MODULE);
+    #endif
         ctx->lockDepth--;
     }
     else {
+        ESP_LOGW(TAG, "lockDepth <= 0; Disable SHA module skipped for %x",
+                      (uintptr_t)ctx->initializer);
         ctx->lockDepth = 0;
     }
 
 #if defined(ESP_MONITOR_HW_TASK_LOCK) && defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
-    printf("3) esp_sha_hw_unlock Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n",
-           __LINE__, ctx->lockDepth, (unsigned)ctx);
+   ESP_LOGI(TAG, "3) esp_sha_hw_unlock Lock depth @ %d = %d "
+                 "for WC_ESP32SHA @ %0x\n",
+                 __LINE__, ctx->lockDepth, (uintptr_t)ctx);
 #endif
-    if (0 == ctx->lockDepth)
-    {
+
+    if (0 != ctx->lockDepth) {
+        /* If the lockdepth is not zero, unlock success unknown. */
+        ESP_LOGE(TAG, "ERROR Non-zero lockDepth. Stray code lock?");
+        ret = ESP_FAIL;
+    }
+    else {
     #if defined(SINGLE_THREADED)
-        InUse = 0;
-    #else
-        /* unlock HW engine for next use */
         #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         {
-            ESP_LOGW(TAG, "Unlocking for %x, from ctx %x, & = %x, "
-                          "mutex_ctx_owner = %x",
-                           (int)esp_sha_mutex_ctx_owner(),
-                           (int)ctx,
-                           (int)&ctx,
-                           (int)esp_sha_mutex_ctx_owner());
-            ESP_LOGW(TAG, "&sha_mutex = %x", (int)&sha_mutex);
+            ESP_LOGW(TAG, "HW released, not in use.");
+        }
+        #endif
+        InUse = 0;
+    #else
+        /* Hardware was unlocked above, now update semaphores. */
+        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+        {
+            ESP_LOGW(TAG, "Unlocking for mutex_ctx_owner %x, from ctx 0x%x",
+                           esp_sha_mutex_ctx_owner(),  (uintptr_t)ctx);
+            ESP_LOGV(TAG, "&sha_mutex = %x", (intptr_t)&sha_mutex);
         }
         #endif /* WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
+        /* There should be exactly 1 instance of SHA unlock, and it's here: */
         esp_CryptHwMutexUnLock(&sha_mutex);
+        /* We don't set owner to zero here. The HW is not in use,
+         * but there may be a WIP hash calc (e.g. sha update).
+         * NO: mutex_ctx_owner = NULLPTR; */
+
         #ifdef ESP_MONITOR_HW_TASK_LOCK
             mutex_ctx_task = 0;
         #endif
+
     #endif
 
     #ifdef WOLFSSL_DEBUG_MUTEX
@@ -1478,14 +1635,12 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx)
         taskEXIT_CRITICAL(&sha_crit_sect);
     #endif
     }
-    else
-    {
-        ESP_LOGE(TAG, "ERROR unlock lockDepth not zero");
-        ret = ESP_FAIL;
-    }
+
     #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
-        ESP_LOGI(TAG, "leave esp_sha_hw_unlock, %x", (int)ctx->initializer);
+        ESP_LOGI(TAG, "leave esp_sha_hw_unlock, %x",
+                      (uintptr_t)ctx->initializer);
     #endif
+    CTX_STACK_CHECK(ctx);
 
     return ret;
 } /* esp_sha_hw_unlock */
@@ -1504,7 +1659,7 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx)
     /* Everything else uses esp_sha_start_process() */
 static int esp_sha_start_process(WC_ESP32SHA* sha)
 {
-    int ret = 0;
+    int ret = ESP_OK;
 #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
     uint8_t HardwareAlgorithm;
 #endif
@@ -1512,6 +1667,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha)
     if (sha == NULL) {
         return BAD_FUNC_ARG;
     }
+    CTX_STACK_CHECK(sha);
 
     ESP_LOGV(TAG, "    enter esp_sha_start_process");
 
@@ -1522,7 +1678,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha)
     ESP_LOGV(TAG, "SHA1 SHA_START_REG");
     if (sha->isfirstblock) {
         sha_ll_start_block(SHA2_256);
-        sha->isfirstblock = false;
+        sha->isfirstblock = 0;
 
         ESP_LOGV(TAG, "      set sha->isfirstblock = 0");
 
@@ -1575,7 +1731,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha)
 
     if (sha->isfirstblock) {
         REG_WRITE(SHA_START_REG, 1);
-        sha->isfirstblock = false;
+        sha->isfirstblock = 0;
 
         ESP_LOGV(TAG, "      set sha->isfirstblock = 0");
 
@@ -1626,7 +1782,7 @@ static int esp_sha_start_process(WC_ESP32SHA* sha)
                 break;
         }
 
-        sha->isfirstblock = false;
+        sha->isfirstblock = 0;
         ESP_LOGV(TAG, "      set sha->isfirstblock = 0");
 
     #if defined(DEBUG_WOLFSSL)
@@ -1678,9 +1834,10 @@ static int esp_sha_start_process(WC_ESP32SHA* sha)
             ESP_LOGV(TAG, "      continue block #%d", this_block_num);
         #endif
 
-   ESP_LOGV(TAG, "    leave esp_sha_start_process");
+    ESP_LOGV(TAG, "    leave esp_sha_start_process");
+    CTX_STACK_CHECK(sha);
 
-   return ret;
+    return ret;
 }
 #endif /* esp_sha_start_process !CONFIG_IDF_TARGET_ESP32C3/C6  */
 
@@ -1696,12 +1853,22 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */
 #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
     word32* MessageSource;
     word32* AcceleratorMessage;
+    #define MAX_SHA_VALUE SHA_TYPE_MAX
 #elif CONFIG_IDF_TARGET_ESP32
     int i;
+    /* Only values 0 .. 3 are valid for ESP32; SHA_INVALID = -1 */
+    #define MAX_SHA_VALUE 4
 #else
-    /* not used */
+    /* Newer SoC devices have a different value: SHA_TYPE_MAX */
+    #define MAX_SHA_VALUE SHA_TYPE_MAX
 #endif
     ESP_LOGV(TAG, "  enter esp_process_block");
+
+    if ((ctx->sha_type < 0) || (ctx->sha_type > MAX_SHA_VALUE)) {
+        ESP_LOGE(TAG, "Unexpected sha_type: %d", ctx->sha_type);
+    }
+    CTX_STACK_CHECK(ctx);
+
     if (word32_to_save > 0x31) {
         word32_to_save = 0x31;
         ESP_LOGE(TAG, "  ERROR esp_process_block length exceeds 0x31 words.");
@@ -1713,10 +1880,10 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */
 #if defined(CONFIG_IDF_TARGET_ESP32)
     /* load [len] words of message data into HW */
     for (i = 0; i < word32_to_save; i++) {
-        /* by using DPORT_REG_WRITE, we avoid the need
+        /* By using DPORT_REG_WRITE, we avoid the need
          * to call __builtin_bswap32 to address endianness.
          *
-         * a useful watch array cast to watch at runtime:
+         * A useful watch array cast to watch at runtime:
          *   ((word32[32])  (*(volatile word32 *)(SHA_TEXT_BASE)))
          *
          * Write value to DPORT register (does not require protecting)
@@ -1724,7 +1891,7 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */
         DPORT_REG_WRITE(SHA_TEXT_BASE + (i*sizeof(word32)), *(data + i));
         /* memw confirmed auto inserted by compiler here */
     }
-    /* notify HW to start process
+    /* Notify HW to start process
      * see ctx->sha_type
      * reg data does not change until we are ready to read */
     ret = esp_sha_start_process(ctx);
@@ -1750,7 +1917,7 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */
     *  ((word32[16])  (*(volatile uint32_t *)(SHA_TEXT_BASE)))
     */
     if (&data != _active_digest_address) {
-        ESP_LOGV(TAG, "TODO Moving alternate ctx->for_digest");
+        ESP_LOGV(TAG, "Moving alternate ctx->for_digest");
         /* move last known digest into HW reg during interleave */
         /* sha_ll_write_digest(ctx->sha_type, ctx->for_digest,
                                WC_SHA256_BLOCK_SIZE); */
@@ -1829,6 +1996,7 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */
     }
 #endif
 
+    CTX_STACK_CHECK(ctx);
     ESP_LOGV(TAG, "  leave esp_process_block");
     return ret;
 } /* wc_esp_process_block */
@@ -1848,6 +2016,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
 #endif
 
     ESP_LOGV(TAG, "enter esp_digest_state");
+    CTX_STACK_CHECK(ctx);
 
     if (ctx == NULL) {
         return BAD_FUNC_ARG;
@@ -1862,7 +2031,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
       defined(CONFIG_IDF_TARGET_ESP32S2) || \
       defined(CONFIG_IDF_TARGET_ESP32S3) || \
       defined(CONFIG_IDF_TARGET_ESP32C6)
-    if (ctx->sha_type == SHA_TYPE_MAX) {
+    if (ctx->sha_type >= SHA_TYPE_MAX) {
 #else
     ESP_LOGE(TAG, "unexpected target for wc_esp_digest_state");
     {
@@ -1880,7 +2049,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
     }
 
 #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
-    if (ctx->isfirstblock == true) {
+    if (ctx->isfirstblock == 1) {
         /* no hardware use yet. Nothing to do yet */
         return ESP_OK;
     }
@@ -1928,7 +2097,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
         wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32)
     );
 #else
-    /* not CONFIG_IDF_TARGET_ESP32S3 */
+    /* Not CONFIG_IDF_TARGET_ESP32S3  */
     /* wait until idle */
     wc_esp_wait_until_idle();
 
@@ -1937,9 +2106,11 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
     defined(CONFIG_IDF_TARGET_ESP8684) || \
     defined(CONFIG_IDF_TARGET_ESP32C3) || \
     defined(CONFIG_IDF_TARGET_ESP32C6)
+
 #elif  defined(CONFIG_IDF_TARGET_ESP32S2)
-    /* nothing here for S2 */
+
 #else
+
     switch (ctx->sha_type) {
         case SHA1:
             DPORT_REG_WRITE(SHA_1_LOAD_REG, 1);
@@ -1966,7 +2137,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
             return ESP_FAIL;
     }
 
-    if (ctx->isfirstblock == true) {
+    if (ctx->isfirstblock == 1) {
         /* no hardware use yet. Nothing to do yet */
         return ESP_OK;
     }
@@ -1990,7 +2161,9 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
      *  example:
      *    DPORT_SEQUENCE_REG_READ(address + i * 4);
      */
-
+    #ifdef WOLFSSL_ESP32_CRYPT_DEBUG
+        ESP_LOGW(TAG, "SHA HW read...");
+    #endif
     esp_dport_access_read_buffer(
     #if ESP_IDF_VERSION_MAJOR >= 4
         (uint32_t*)(hash), /* the result will be found in hash upon exit */
@@ -2013,8 +2186,9 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
             pwrd1[i]     ^= pwrd1[i + 1];
         }
     }
-#endif
+#endif /* SHA512 or SHA384*/
 #endif /* not CONFIG_IDF_TARGET_ESP32S3, C3, else... */
+    CTX_STACK_CHECK(ctx);
 
     ESP_LOGV(TAG, "leave esp_digest_state");
     return ESP_OK;
@@ -2052,13 +2226,19 @@ int esp_sha_digest_process(struct wc_Sha* sha, byte blockprocess)
 
     ret = wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
 
+    if (blockprocess) {
+        ESP_LOGV(TAG, "esp_sha_digest_process NEW UNLOCK");
+        esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */
+        ESP_LOGV(TAG, "sha blockprocess mutex_ctx_owner = NULLPTR");
+        mutex_ctx_owner = NULLPTR;
+    }
+
     ESP_LOGV(TAG, "leave esp_sha_digest_process");
 
     return ret;
 } /* esp_sha_digest_process */
 #endif /* NO_SHA */
 
-
 #if !defined(NO_SHA256) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
 /*
 ** sha256 process
@@ -2069,8 +2249,6 @@ int esp_sha256_process(struct wc_Sha256* sha, const byte* data)
 {
     int ret = 0;
 
-    ESP_LOGV(TAG, "  enter esp_sha256_process");
-
     switch ((&sha->ctx)->sha_type) {
     case SHA2_256:
 #if defined(DEBUG_WOLFSSL_VERBOSE)
@@ -2122,6 +2300,16 @@ int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess)
     }
 
     wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
+
+    if (blockprocess) {
+        ESP_LOGV(TAG, "esp_sha256_digest_process blockprocess UNLOCK");
+        esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */
+        ESP_LOGV(TAG, "blockprocess mutex_ctx_owner = NULLPTR");
+        mutex_ctx_owner = NULLPTR;
+    }
+#else
+    ESP_LOGE(TAG, "Call esp_sha256_digest_process with "
+                  "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 ");
 #endif
     ESP_LOGV(TAG, "leave esp_sha256_digest_process");
     return ret;
@@ -2130,7 +2318,10 @@ int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess)
 
 #endif /* NO_SHA256 */
 
-#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
+     ) && \
+    (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384))
 /*
 ** sha512 process. this is used for sha384 too.
 */
@@ -2183,7 +2374,7 @@ int esp_sha512_block(struct wc_Sha512* sha, const word32* data, byte isfinal)
 */
 int esp_sha512_process(struct wc_Sha512* sha)
 {
-    int ret = 0; /* assume success */
+    int ret = ESP_OK; /* assume success */
     word32 *data = (word32*)sha->buffer;
 
     ESP_LOGV(TAG, "enter esp_sha512_process");
@@ -2215,6 +2406,7 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc)
 
         ret = esp_sha512_block(sha, data, 1);
     }
+
     if (sha->ctx.mode == ESP32_SHA_HW) {
         ret = wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
     }
@@ -2222,6 +2414,12 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc)
         ESP_LOGW(TAG, "Call esp_sha512_digest_process in non-HW mode?");
     }
 
+    if (blockproc) {
+        ESP_LOGV(TAG, "esp_sha512_digest_process NEW UNLOCK");
+        esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */
+        ESP_LOGV(TAG, "mutex_ctx_owner = NULLPTR");
+        mutex_ctx_owner = NULLPTR;
+    }
     ESP_LOGV(TAG, "leave esp_sha512_digest_process");
 #endif
     return ret;
@@ -2232,16 +2430,20 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc)
 
 #if defined(WOLFSSL_ESP32_CRYPT) && defined(WOLFSSL_HW_METRICS)
 int esp_sw_sha256_count_add(void) {
+    int ret = 0;
+#if !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     esp_sha256_sw_fallback_usage_ct++;
-    return esp_sha256_sw_fallback_usage_ct;
+    ret = esp_sha256_sw_fallback_usage_ct;
+#endif
+    return ret;
 }
 
 int esp_hw_show_sha_metrics(void)
 {
     int ret = 0;
-#ifdef WOLFSSL_ESP32_CRYPT
+#if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------");
+    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW SHA Metrics  -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
     ESP_LOGI(TAG, "esp_sha_hw_copy_ct            = %lu",
@@ -2268,9 +2470,26 @@ int esp_hw_show_sha_metrics(void)
     ret = 0;
 #endif /* HW_MATH_ENABLED */
 
-
     return ret;
 }
+
 #endif /* WOLFSSL_ESP32_CRYPT and WOLFSSL_HW_METRICS */
 
-#endif /* WOLFSSL_ESPIDF (exclude entire contents for non-Espressif projects */
+#if defined(WOLFSSL_STACK_CHECK)
+int esp_sha_stack_check(WC_ESP32SHA* sha) {
+    int ret = ESP_OK;
+
+    if (sha == NULL) {
+        ESP_LOGW(TAG, "esp_sha_stack_check; sha is NULL");
+    }
+    else {
+        if (sha->first_word != 0 || sha->last_word != 0) {
+            ESP_LOGE(TAG, "esp_sha_stack_check warning");
+            ret = ESP_FAIL;
+        }
+    }
+    return ret;
+}
+#endif /* WOLFSSL_STACK_CHECK */
+
+#endif /* WOLFSSL_ESPIDF (exclude entire contents for non-Espressif projects. */
diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c
index 027fdedde..62f40a3d8 100644
--- a/wolfcrypt/src/port/Espressif/esp32_util.c
+++ b/wolfcrypt/src/port/Espressif/esp32_util.c
@@ -1,6 +1,6 @@
 /* esp32_util.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,7 +36,10 @@
 #include <esp_err.h>
 #if ESP_IDF_VERSION_MAJOR > 4
     #include <hal/efuse_hal.h>
+    #include <rtc_wdt.h>
+    #include <esp_task_wdt.h>
 #endif
+
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/wolfmath.h> /* needed to print MATH_INT_T value */
 #include <wolfssl/wolfcrypt/types.h>
@@ -76,7 +79,7 @@ static int esp_ShowMacroStatus_need_header = 0;
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
-/* big nums can be very long, perhaps unitialized, so limit displayed words */
+/* big nums can be very long, perhaps uninitialized, so limit displayed words */
 #define MAX_WORDS_ESP_SHOW_MP 32
 
 /*
@@ -97,39 +100,81 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) {
 }
 
 /*
- * call the ESP-IDF mutex lock; xSemaphoreTake
+ * Call the ESP-IDF mutex lock; xSemaphoreTake
  * this is a general mutex locker, used for different mutex objects for
- * different HW acclerators or other single-use HW features.
+ * different HW accelerators or other single-use HW features.
+ *
+ * We should already have known if the resource is in use or not.
+ *
+ * Return 0 (ESP_OK) on success, otherwise BAD_MUTEX_E
  */
 int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) {
+    int ret;
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
     }
 
 #ifdef SINGLE_THREADED
-    return wc_LockMutex(mutex); /* xSemaphoreTake take with portMAX_DELAY */
+    /* does nothing in single thread mode, always return 0 */
+    ret = wc_LockMutex(mutex);
 #else
-    return ((xSemaphoreTake(*mutex, block_time) == pdTRUE) ? 0 : BAD_MUTEX_E);
+    ret = xSemaphoreTake(*mutex, block_time);
+    ESP_LOGV(TAG, "xSemaphoreTake 0x%x = %d", (intptr_t)*mutex, ret);
+    if (ret == pdTRUE) {
+        ret = ESP_OK;
+    }
+    else {
+        if (ret == pdFALSE) {
+            ESP_LOGW(TAG, "xSemaphoreTake failed for 0x%x. Still busy?",
+                           (intptr_t)*mutex);
+            ret = ESP_ERR_NOT_FINISHED;
+        }
+        else {
+            ESP_LOGE(TAG, "xSemaphoreTake 0x%x unexpected = %d",
+                           (intptr_t)*mutex, ret);
+            ret = BAD_MUTEX_E;
+        }
+    }
 #endif
+    return ret;
 }
 
 /*
  * call the ESP-IDF mutex UNlock; xSemaphoreGive
  *
  */
-int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
+esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
+    int ret = pdTRUE;
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
     }
 
 #ifdef SINGLE_THREADED
-    return wc_UnLockMutex(mutex);
+    ret = wc_UnLockMutex(mutex);
 #else
-    xSemaphoreGive(*mutex);
-    return ESP_OK;
+    ESP_LOGV(TAG, ">> xSemaphoreGive 0x%x", (intptr_t)*mutex);
+    TaskHandle_t mutexHolder = xSemaphoreGetMutexHolder(*mutex);
+
+    if (mutexHolder == NULL) {
+        ESP_LOGW(TAG, "esp_CryptHwMutexUnLock with no lock owner 0x%x",
+                        (intptr_t)*mutex);
+        ret = ESP_OK;
+    }
+    else {
+        ret = xSemaphoreGive(*mutex);
+        if (ret == pdTRUE) {
+            ESP_LOGV(TAG, "Success: give mutex 0x%x", (intptr_t)*mutex);
+            ret = ESP_OK;
+        }
+        else {
+            ESP_LOGV(TAG, "Failed: give mutex 0x%x", (intptr_t)*mutex);
+            ret = ESP_FAIL;
+        }
+    }
 #endif
+    return ret;
 }
 #endif /* WOLFSSL_ESP32_CRYPT, etc. */
 
@@ -151,6 +196,13 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
 #if defined(WOLFSSL_ESPIDF)
 static int ShowExtendedSystemInfo_platform_espressif(void)
 {
+#ifdef WOLFSSL_ESP_NO_WATCHDOG
+    ESP_LOGI(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG");
+#else
+    ESP_LOGW(TAG, "Watchdog active; "
+                  "missing WOLFSSL_ESP_NO_WATCHDOG definition.");
+#endif
+
 #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
     WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz",
                            CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ);
@@ -160,6 +212,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 
     WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u",
                            Xthal_have_ccount);
+#endif
 
     /* this is the legacy stack size */
 #if defined(CONFIG_MAIN_TASK_STACK_SIZE)
@@ -197,30 +250,43 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 
 #endif
 
-#elif CONFIG_IDF_TARGET_ESP32S2
-    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u",
+/* Platform-specific attributes of interest*/
+#if CONFIG_IDF_TARGET_ESP32
+    #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+        WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz",
+                               CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ);
+    #endif
+    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u",
                            Xthal_have_ccount);
-#elif CONFIG_IDF_TARGET_ESP32C6
-  /* TODO find Xthal for C6 */
+
 #elif CONFIG_IDF_TARGET_ESP32C2
-  /* TODO find Xthal for C6 */
-#elif defined(CONFIG_IDF_TARGET_ESP8684)
-  /* TODO find Xthal for C6 */
+    /* TODO find Xthal for C2 */
 #elif CONFIG_IDF_TARGET_ESP32C3
     /* not supported at this time */
-#elif CONFIG_IDF_TARGET_ESP32S3
-    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u",
-                           Xthal_have_ccount);
+#elif CONFIG_IDF_TARGET_ESP32C6
+    /* TODO find Xthal for C6 */
 #elif CONFIG_IDF_TARGET_ESP32H2
-    /* not supported at this time */
-#elif CONFIG_IDF_TARGET_ESP32C2
-    /* not supported at this time */
+    /* TODO find Xthal for H2 */
+#elif CONFIG_IDF_TARGET_ESP32S2
+    ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+             );
+    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+             );
+    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /* TODO find Xthal for ESP8684 */
 #else
     /* not supported at this time */
 #endif
 
-    /* check to see if we are using hardware encryption */
-#if defined(NO_ESP32_CRYPT)
+/* check to see if we are using hardware encryption */
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    WOLFSSL_VERSION_PRINTF("No HW acceleration on ESP8266.");
+#elif defined(NO_ESP32_CRYPT)
     WOLFSSL_VERSION_PRINTF("NO_ESP32_CRYPT defined! "
                            "HW acceleration DISABLED.");
 #else
@@ -246,7 +312,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
         #error "ESP32_CRYPT not yet supported on this IDF TARGET"
     #endif
 
-        /* Even though enabled, some specifics may be disabled */
+    /* Even though enabled, some specifics may be disabled */
     #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
         WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_HASH is defined!"
                                "(disabled HW SHA).");
@@ -385,11 +451,11 @@ int esp_current_boot_count(void)
 /* See macro helpers above; not_defined is macro name when *not* defined */
 static int show_macro(char* s, char* not_defined)
 {
-    char hd1[] = "Macro Name                 Defined   Not Defined";
-    char hd2[] = "------------------------- --------- -------------";
-    char msg[] = ".........................                        ";
-        /*        012345678901234567890123456789012345678901234567890    */
-        /*                  1         2         3         4         5    */
+    const char hd1[] = "Macro Name                 Defined   Not Defined";
+          char hd2[] = "------------------------- --------- -------------";
+          char msg[] = ".........................                        ";
+             /*        012345678901234567890123456789012345678901234567890 */
+             /*                  1         2         3         4         5 */
     size_t i = 0;
     #define MAX_STATUS_NAME_LENGTH 25
     #define ESP_SMS_ENA_POS 30
@@ -424,10 +490,11 @@ static int show_macro(char* s, char* not_defined)
 }
 
 /* Show some interesting settings */
-int ShowExtendedSystemInfo_config(void)
+esp_err_t ShowExtendedSystemInfo_config(void)
 {
     esp_ShowMacroStatus_need_header = 1;
 
+    show_macro("NO_ESP32_CRYPT",            STR_IFNDEF(NO_ESP32_CRYPT));
     show_macro("NO_ESPIDF_DEFAULT",         STR_IFNDEF(NO_ESPIDF_DEFAULT));
 
     show_macro("HW_MATH_ENABLED",           STR_IFNDEF(HW_MATH_ENABLED));
@@ -454,6 +521,7 @@ int ShowExtendedSystemInfo_config(void)
 
     /* Optimizations */
     show_macro("RSA_LOW_MEM",               STR_IFNDEF(RSA_LOW_MEM));
+    show_macro("SMALL_SESSION_CACHE",       STR_IFNDEF(SMALL_SESSION_CACHE));
 
     /* Security Hardening */
     show_macro("WC_NO_HARDEN",              STR_IFNDEF(WC_NO_HARDEN));
@@ -473,6 +541,8 @@ int ShowExtendedSystemInfo_config(void)
     show_macro("WOLFSSL_AES_NO_UNROLL",     STR_IFNDEF(WOLFSSL_AES_NO_UNROLL));
     show_macro("TFM_TIMING_RESISTANT",      STR_IFNDEF(TFM_TIMING_RESISTANT));
     show_macro("ECC_TIMING_RESISTANT",      STR_IFNDEF(ECC_TIMING_RESISTANT));
+
+    /* WC_RSA_BLINDING takes up additional space: */
     show_macro("WC_RSA_BLINDING",           STR_IFNDEF(WC_RSA_BLINDING));
     show_macro("NO_WRITEV",                 STR_IFNDEF(NO_WRITEV));
 
@@ -482,7 +552,7 @@ int ShowExtendedSystemInfo_config(void)
     show_macro("WOLFSSL_NO_CURRDIR",        STR_IFNDEF(WOLFSSL_NO_CURRDIR));
     show_macro("WOLFSSL_LWIP",              STR_IFNDEF(WOLFSSL_LWIP));
 
-    ESP_LOGI(TAG, "");
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
     ESP_LOGI(TAG, "Compiler Optimization: Default");
 #elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE)
@@ -494,7 +564,7 @@ int ShowExtendedSystemInfo_config(void)
 #else
     ESP_LOGI(TAG, "Compiler Optimization: Unknown");
 #endif
-    ESP_LOGI(TAG, "");
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
     return ESP_OK;
 }
@@ -549,11 +619,11 @@ int ShowExtendedSystemInfo(void)
 
 #if defined(WOLFSSL_MULTI_INSTALL_WARNING)
     /* CMake may have detected undesired multiple installs, so give warning. */
-    WOLFSSL_VERSION_PRINTF("");
+    WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
     WOLFSSL_VERSION_PRINTF("WARNING: Multiple wolfSSL installs found.");
     WOLFSSL_VERSION_PRINTF("Check ESP-IDF components and "
                            "local project [components] directory.");
-    WOLFSSL_VERSION_PRINTF("");
+    WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #else
     #ifdef WOLFSSL_USER_SETTINGS_DIR
     {
@@ -629,7 +699,7 @@ int ShowExtendedSystemInfo(void)
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
     ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 #endif
-    ESP_LOGI(TAG, "");
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 
     ShowExtendedSystemInfo_config();
     ShowExtendedSystemInfo_git();
@@ -643,29 +713,125 @@ int ShowExtendedSystemInfo(void)
     return ESP_OK;
 }
 
-int esp_ShowExtendedSystemInfo(void)
+esp_err_t esp_ShowExtendedSystemInfo(void)
 {
     /* Someday the ShowExtendedSystemInfo may be global.
      * See https://github.com/wolfSSL/wolfssl/pull/6149 */
     return ShowExtendedSystemInfo();
 }
 
+/*
+ *  Disable the watchdog timer (use with caution)
+ */
+
+esp_err_t esp_DisableWatchdog(void)
+{
+    esp_err_t ret = ESP_OK;
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    /* magic bit twiddle to disable WDT on ESP8266 */
+    *((volatile uint32_t*) 0x60000900) &= ~(1);
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGW(TAG, "esp_DisableWatchdog TODO S3");
+#else
+    #if ESP_IDF_VERSION_MAJOR >= 5
+    {
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            rtc_wdt_protect_off();
+            rtc_wdt_disable();
+        #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+              defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32C6) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            #if ESP_IDF_VERSION_MINOR >= 3
+                #if CONFIG_ESP_TASK_WDT
+                    ret = esp_task_wdt_deinit();
+                #else
+                    /* CONFIG_ESP_TASK_WDT=y needed in sdkconfig */
+                    ESP_LOGW(TAG, "esp_task_wdt_deinit not available");
+                #endif
+            #else
+                    ESP_LOGW(TAG, "esp_task_wdt_deinit not implemented");
+            #endif
+        #else
+            rtc_wdt_protect_off();
+            rtc_wdt_disable();
+        #endif
+    }
+    #else
+        ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_IDF v%d",
+                      ESP_IDF_VERSION_MAJOR);
+    #endif
+#endif
+
+#ifdef DEBUG_WOLFSSL
+    ESP_LOGI(TAG, "Watchdog disabled.");
+#endif
+
+    return ret;
+}
+
+/*
+ *  Enable the watchdog timer.
+ */
+
+esp_err_t esp_EnabledWatchdog(void)
+{
+    esp_err_t ret = ESP_OK;
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+     /* magic bit twiddle to enable WDT on ESP8266 */
+     *((volatile uint32_t*) 0x60000900) |= 1;
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGW(TAG, "esp_EnableWatchdog TODO S3");
+#else
+    #if ESP_IDF_VERSION_MAJOR >= 5
+    {
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            rtc_wdt_protect_on();
+            rtc_wdt_enable();
+        #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+              defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32C6) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+            esp_task_wdt_config_t twdt_config = {
+                .timeout_ms = 5000,     /* Timeout in milliseconds  */
+                .trigger_panic = true,  /* trigger panic on timeout */
+                .idle_core_mask = (1 << 0), /*  Enable on Core 0    */
+            };
+            ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+            esp_task_wdt_init(&twdt_config);
+            esp_task_wdt_add(NULL);
+        #else
+            rtc_wdt_protect_on();
+            rtc_wdt_enable();
+        #endif
+    }
+    #else
+        ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d",
+                      ESP_IDF_VERSION_MAJOR);
+    #endif
+#endif
+    return ret;
+}
+
+
+
 /* Print a MATH_INT_T attribute list.
  *
  * Note with the right string parameters, the result can be pasted as
  * initialization code.
  */
-int esp_show_mp_attributes(char* c, MATH_INT_T* X)
+esp_err_t esp_show_mp_attributes(char* c, MATH_INT_T* X)
 {
     static const char* MP_TAG = "MATH_INT_T";
-    int ret = ESP_OK;
+    esp_err_t ret = ESP_OK;
 
     if (X == NULL) {
         ret = ESP_FAIL;
         ESP_LOGV(MP_TAG, "esp_show_mp_attributes called with X == NULL");
     }
     else {
-        ESP_LOGI(MP_TAG, "");
+        ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
         ESP_LOGI(MP_TAG, "%s.used = %d;", c, X->used);
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
         ESP_LOGI(MP_TAG, "%s.sign = %d;", c, X->sign);
@@ -679,10 +845,10 @@ int esp_show_mp_attributes(char* c, MATH_INT_T* X)
  * Note with the right string parameters, the result can be pasted as
  * initialization code.
  */
-int esp_show_mp(char* c, MATH_INT_T* X)
+esp_err_t esp_show_mp(char* c, MATH_INT_T* X)
 {
     static const char* MP_TAG = "MATH_INT_T";
-    int ret = MP_OKAY;
+    esp_err_t ret = ESP_OK;
     int words_to_show = 0;
 
     if (X == NULL) {
@@ -717,16 +883,16 @@ int esp_show_mp(char* c, MATH_INT_T* X)
                                    i  /* the index, again, for comment   */
                      );
         }
-        ESP_LOGI(MP_TAG, "");
+        ESP_LOGI(MP_TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
     }
     return ret;
 }
 
 /* Perform a full mp_cmp and binary compare.
  * (typically only used during debugging) */
-int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
+esp_err_t esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
 {
-    int ret = MP_OKAY;
+    esp_err_t ret = ESP_OK;
     int e = memcmp(A, B, sizeof(mp_int));
     if (mp_cmp(A, B) == MP_EQ) {
         if (e == 0) {
@@ -769,6 +935,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
     }
 
     if (ret == MP_OKAY) {
+        ret = ESP_OK;
         ESP_LOGV(TAG, "esp_mp_cmp equal for %s and %s!",
                        name_A, name_B);
     }
@@ -779,7 +946,7 @@ int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B)
     return ret;
 }
 
-int esp_hw_show_metrics(void)
+esp_err_t esp_hw_show_metrics(void)
 {
 #if  defined(WOLFSSL_HW_METRICS)
     #if defined(WOLFSSL_ESP32_CRYPT)
@@ -808,4 +975,49 @@ int esp_hw_show_metrics(void)
     return ESP_OK;
 }
 
+int show_binary(byte* theVar, size_t dataSz) {
+    printf("*****************************************************\n");
+    word32 i;
+    for (i = 0; i < dataSz; i++)
+        printf("%02X", theVar[i]);
+    printf("\n");
+    printf("******************************************************\n");
+    return 0;
+}
+
+int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) {
+    int ret = 0;
+    /* Calculate the actual binary length of the hex string */
+    size_t byteLen = szHexString / 2;
+
+    if (toVar == NULL || fromHexString == NULL) {
+        ESP_LOGE("ssh", " error");
+        return -1;
+    }
+    if ((szHexString % 2 != 0)) {
+        ESP_LOGE("ssh", "fromHexString length not even!");
+    }
+
+    ESP_LOGW(TAG, "Replacing %d bytes at %x", byteLen, (word32)toVar);
+    memset(toVar, 0, byteLen);
+    /* Iterate through the hex string and convert to binary */
+    for (size_t i = 0; i < szHexString; i += 2) {
+        /* Convert hex character to decimal */
+        int decimalValue;
+        sscanf(&fromHexString[i], "%2x", &decimalValue);
+        size_t index = i / 2;
+#if (0)
+        /* Optionally peek at new values */
+        byte new_val =  (decimalValue & 0x0F) << ((i % 2) * 4);
+        ESP_LOGI("hex", "Current char = %d", toVar[index]);
+        ESP_LOGI("hex", "New val = %d", decimalValue);
+#endif
+        toVar[index]  = decimalValue;
+    }
+
+    return ret;
+}
+
+
+
 #endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md
new file mode 100644
index 000000000..00f898eef
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md
@@ -0,0 +1,287 @@
+# wolfSSL Support for ESP-IDF Certificate Bundles
+
+These files are typically only used when integrating wolfSSL with the ESP-IDF
+and with the intention of using Certificate Bundles in the esp-tls component.
+
+See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig)
+file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template)
+can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl)
+when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+## Getting Started
+
+Use the `idf.py menuconfig`,
+
+When in doubt, delete the `./build` directory. This is particularly important when changing Certificate Bundle PEM files.
+
+## Certificate Inspection
+
+The certificates in the bundle are in PEM format. The [gen_crt_bundle.py script](./gen_crt_bundle.py)
+converts them to DER format to load into the `x509_crt_imported_bundle_wolfssl_bin_start` binary
+array.
+
+To convert a PEM to DER from command-line:
+
+```
+MY_CERT_NAME=ISRG_ROOT_X1
+openssl x509 -outform der -in "$MY_CERT_NAME".pem -out "$MY_CERT_NAME".der
+```
+
+To inspect a DER file:
+
+```
+openssl x509 -inform der -in "$MY_CERT_NAME".der -text -noout
+```
+
+
+## Known Problems and Issues
+
+Here are the areas that may need attention. Most are related to older published versions of the ESP-IDF
+that may not yet have wolfSSL integration. An updated ESP-IDF is required to use wolfSSL component _in_ the ESP-IDF.
+There's a [gojimmypi V5.2.2 WIP Branch](https://github.com/gojimmypi/esp-idf/tree/my_522/components/lwip) for reference
+until a PR is created for upstream support.
+
+### Time
+
+The wolfSSL libraries are by default considerably more robust and strict. As such, it is important to have an accurate
+time and date setting for the certificate date ranges.. The wolfssL libraries include some
+[time helper functions](https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h).
+These can be enabled with `#define USE_WOLFSSL_ESP_SDK_TIME` in the `user_settings.h`.
+
+Alternatively, the `WOLFSSL_DEBUG_IGNORE_ASN_TIME` can be used to ignore the time. This is strongly discouraged in anything
+other than a development / test environment where the time is known to be incorrect.
+
+### Examples may need to have wolfSSL Certificate Bundles enabled.
+
+In cases where [some examples are gated out](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L419),
+the "or" needs to be added for `CONFIG_WOLFSSL_CERTIFICATE_BUNDLE` option like this:
+
+```
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE || CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+```
+
+### Adding Embedded Certificates
+
+The `main` app directory has a [CMakeLists.txt](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/CMakeLists.txt#L10)
+with the `idf_component_register` function:
+
+```
+idf_component_register(SRCS "esp_http_client_example.c"
+                      INCLUDE_DIRS "."
+                      REQUIRES ${requires}
+                      EMBED_TXTFILES howsmyssl_com_root_cert.pem
+                                     postman_root_cert.pem)
+```
+
+This data ends up in the [extern const char](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45)
+arrays:
+
+```
+extern const char howsmyssl_com_root_cert_pem_start[] asm("_binary_howsmyssl_com_root_cert_pem_start");
+extern const char howsmyssl_com_root_cert_pem_end[]   asm("_binary_howsmyssl_com_root_cert_pem_end");
+
+extern const char postman_root_cert_pem_start[] asm("_binary_postman_root_cert_pem_start");
+extern const char postman_root_cert_pem_end[]   asm("_binary_postman_root_cert_pem_end");
+```
+
+When changing the source files (also located in the `main` directory) - it is usually best to
+delete the `./build` directory to ensure fresh contents get parsed in as desired.
+
+VS Code / PlatformIO users can consider deleting the `./pio` and `./vscode` directories.
+
+Visual Studio/VisualGDB users can remove the `./vs` and `.visualgdb`.
+
+### TLS 1.3 issues with howsmyssl.com
+
+Espressif is using the well known https://www.howsmyssl.com/ in the
+[examples](https://github.com/espressif/esp-idf/tree/master/examples/protocols/), for instance in
+the [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client).
+
+It was recently observed that TLS 1.3 is _not_ currently configured properly on that web site.
+See [howsmyssl #716](https://github.com/jmhodges/howsmyssl/issues/716).
+
+As such, when configuring wolfSSL for _only_ TLS 1.3, a `fatal error -313` may occur.
+
+Additionally, not that there's a [cert in the app](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45)
+in `howsmyssl_com_root_cert_pem_start`, separate from the bundle certificate data. Take note of this when
+attempting to simply change `www.howsmyssl.com` to `www.google.com`.
+
+
+### postman
+
+Beware there's a hard-coded PEM certificate for the [postman root cert](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L48)
+(not in the bundle). If you see a failure, the data may need to be updated.
+
+See the comments for adding certificate data, copied here for reference:
+
+>Root cert for howsmyssl.com, taken from howsmyssl_com_root_cert.pem
+
+>The PEM file was extracted from the output of this command:
+   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
+
+>The CA root cert is the last cert given in the chain of certs.
+
+>To embed it in the app binary, the PEM file is named
+   in the component.mk COMPONENT_EMBED_TXTFILES variable.
+
+## Timeout
+
+Occasionally there may be connection timeouts. This is not specific to wolfSSL. The root cause is likely CDN related.
+
+See the `.timeout_ms` and make adjustments as necessary in the `esp_http_client_config_t`:.
+
+```
+    esp_http_client_config_t config = {
+        .url = "https://postman-echo.com/post",
+        .event_handler = _http_event_handler,
+        .cert_pem = postman_root_cert_pem_start,
+        .is_async = true,
+        .timeout_ms = 5000,
+    };
+```
+
+## Failed to load CA
+
+This is expected to be a common error to encounter:
+
+```
+E (28454) esp_crt_bundle-wolfssl: Failed to load CA
+W (28454) esp_crt_bundle-wolfssl: Warning: found a matching cert, but not added to the Certificate Manager. error: 0
+E (28454) esp_crt_bundle-wolfssl: Did not find a matching crt
+E (28464) internal.c: ssl != NULL; no callback, verifyFail = 1
+W (28474) internal.c: CleanupStoreCtxCallback
+E (28474) internal.c: DoCertFatalAlert = -188
+E (28484) esp-tls-wolfssl: wolfSSL_connect returned -1, error code: -188
+E (28484) esp-tls-wolfssl: Failed to verify peer certificate , returned 24
+E (28494) esp-tls: Failed to open new connection
+E (28504) transport_base: Failed to open a new connection
+E (28514) HTTP_CLIENT: Connection failed, sock < 0
+E (28514) HTTP_CLIENT: HTTP request failed: ESP_ERR_HTTP_CONNECT
+```
+
+The problem here is that the example [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client)
+app _does not work_ immediately out of the box unless changes are made to the source:
+
+```
+#ifdef CONFIG_ESP_TLS_USING_WOLFSSL
+    #include <wolfssl/wolfcrypt/settings.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+    /* TODO: conditional bundle */
+    #include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
+#endif
+```
+
+` openssl s_client -connect postman-echo.com:443 -CAfile ./postman.pem`
+
+### Component esp-wolfssl needs to be installed
+
+The wrong ESP-IDF toolchain is being used. Use the [gojimmypi my_522 branch](https://github.com/gojimmypi/esp-idf/tree/my_522).
+
+```
+-- Component esp-wolfssl needs to be installed. See api-reference/protocols/esp_tls docs.
+CMake Error at /mnt/c/SysGCC/esp32/esp-idf/v5.2/tools/cmake/component.cmake:382 (message):
+  Component esp-wolfssl not found
+Call Stack (most recent call first):
+  /mnt/c/SysGCC/esp32/esp-idf/v5.2/components/esp-tls/CMakeLists.txt:26 (idf_component_get_property)
+
+
+-- Configuring incomplete, errors occurred!
+```
+
+## x509_crt_bundle_wolfssl.S not found
+
+It is important to note that PlatformIO components can NOT be used for esp-tls.
+
+The wolfSSL library MUST be used from either the local project `components` or from the ESP-IDF.
+
+```
+*** [.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o]
+Source `.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S' not found,
+needed by target `.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o'.
+```
+
+
+## Error couldn't get hostname for not.existent.url
+
+This error is as desired, showing that a bad URL will fail.
+
+```
+E (50613) esp-tls: couldn't get hostname for :not.existent.url: getaddrinfo() returns 202, addrinfo=0x0
+E (50613) esp-tls: Failed to open new connection
+E (50613) transport_base: Failed to open a new connection
+E (50623) HTTP_CLIENT: Connection failed, sock < 0
+E (50623) HTTP_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
+```
+
+## Tool doesn't match supported version from list
+
+Edit the `C:\Users\%USER%\.platformio\packages\framework-espidf\tools\tools.json` and replace
+`13.2.0_20230928` with the desired version, such as `esp-13.2.0_20240530`.
+
+```
+  Tool doesn't match supported version from list ['esp-13.2.0_20230928']:
+  C:/Users/gojimmypi/.platformio/packages/toolchain-xtensa-esp-elf/bin/xtensa-esp32-elf-gcc.exe
+```
+
+## ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60
+
+This is a generic `ESP_ERROR_CHECK` result, in this case the default WiFi SSID and password could not connect:
+
+
+```
+I (25970) example_connect: Wi-Fi disconnected, trying to reconnect...
+I (28380) example_connect: WiFi Connect failed 7 times, stop reconnect.
+ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60
+file: "main/esp_http_client_example.c" line 936
+func: app_main
+expression: example_connect()
+
+abort() was called at PC 0x400890e3 on core 0
+```
+
+## Manual Testing
+
+To test if the `howsmyssl` web site has TLS 1.3 working, use the [wolfSSL client example](https://github.com/wolfSSL/wolfssl/tree/master/examples/client):
+
+```bash
+./examples/client/client -v 4 -h www.howsmyssl.com -p 443 -g -j
+```
+
+Or OpenSSL:
+
+```bash
+openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384'
+```
+
+Returns this unintuitive error:
+
+```text
+$ openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384'
+CONNECTED(00000003)
+4007DA6C617F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40
+---
+no peer certificate available
+---
+No client certificate CA names sent
+---
+SSL handshake has read 7 bytes and written 247 bytes
+Verification: OK
+---
+New, (NONE), Cipher is (NONE)
+Secure Renegotiation IS NOT supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+Early data was not sent
+Verify return code: 0 (ok)
+---
+```
+
+
+
+Or OpenSSL,
+
+```bash
+openssl s_client -tls1_3 -host www.howsmyssl.com -port 443
+```
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem
new file mode 100644
index 000000000..4ea6c1ead
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem
@@ -0,0 +1,3602 @@
+##
+## Bundle of CA Root Certificates
+##
+## Certificate data from Mozilla as of: Tue Jul  2 03:12:04 2024 GMT
+##
+## This is a bundle of X.509 certificates of public Certificate Authorities
+## (CA). These were automatically extracted from Mozilla's root certificates
+## file (certdata.txt).  This file can be found in the mozilla source tree:
+## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
+##
+## It contains the certificates in PEM format and therefore
+## can be directly used with curl / libcurl / php_curl, or with
+## an Apache+mod_ssl webserver for SSL client authentication.
+## Just configure this file as the SSLCACertificateFile.
+##
+## Conversion done with mk-ca-bundle.pl version 1.29.
+## SHA256: 456ff095dde6dd73354c5c28c73d9c06f53b61a803963414cb91a1d92945cdd3
+##
+
+
+Google Trust Services LLC, CN = GTS Root R1
+-----BEGIN CERTIFICATE-----
+MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX
+MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
+CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx
+OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
+GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63
+ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS
+iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k
+KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ
+DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk
+j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5
+cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW
+CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499
+iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei
+Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap
+sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b
+9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf
+BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw
+JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH
+MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al
+oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy
+MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF
+AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9
+NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9
+WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw
+9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy
++qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi
+d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=
+-----END CERTIFICATE-----
+
+
+GlobalSign Root CA
+==================
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
+GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
+b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
+VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
+DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
+THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
+Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
+c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
+gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
+AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
+Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
+j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
+hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
+X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+
+Entrust.net Premium 2048 Secure Server CA
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
+ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
+bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
+NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
+d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
+ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
+Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
+hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
+nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
+VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
+KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
+T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
+J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
+nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
+
+Baltimore CyberTrust Root
+=========================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE
+ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li
+ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC
+SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs
+dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME
+uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB
+UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C
+G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9
+XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr
+l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI
+VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh
+cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5
+hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa
+Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
+RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority
+====================================
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw
+b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG
+A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0
+MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
+MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu
+Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz
+A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww
+Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68
+j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN
+rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1
+MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
+hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM
+Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa
+v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS
+W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
+tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+
+Comodo AAA Services root
+========================
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
+R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
+TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
+MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
+c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
+BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
+C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
+i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
+Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
+Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
+Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
+cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
+LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
+7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
+8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
+12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 2
+==================
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
+ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
+XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
+lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
+lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
+lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
+66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
+wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
+D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
+BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
+J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
+DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
+a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
+UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
+VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
+IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
+WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
+f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
+4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
+VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 3
+==================
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
+DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
+KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
+DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
+BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
+p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
+nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
+MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
+Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
+uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
+BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
+YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
+VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
+ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
+qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
+hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
+POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
+Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
+8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
+bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
+g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
+vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
+qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+
+XRamp Global CA Root
+====================
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
+BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
+dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
+HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
+U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
+IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
+foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
+zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
+AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
+xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
+oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
+AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
+/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
+nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
+8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+
+Go Daddy Class 2 CA
+===================
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
+VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
+A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
+ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
+qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
+YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
+vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
+BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
+atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
+MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
+PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
+I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
+Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
+vZ8=
+-----END CERTIFICATE-----
+
+Starfield Class 2 CA
+====================
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
+U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
+MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
+A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
+SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
+bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
+JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
+epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
+MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
+hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
+bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
+afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
+PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
+KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
+QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root CA
+===========================
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
+MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
+9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
+UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
+/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
+oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
+GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
+66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
+EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
+SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
+8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+
+DigiCert Global Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
+MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
+TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
+BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
+4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
+7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
+o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
+8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
+BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
+EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
+tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
+UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+
+DigiCert High Assurance EV Root CA
+==================================
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
+KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
+MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
+MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
+Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
+Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
+OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
+MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
+NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
+h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
+JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
+V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
+myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
+mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
+-----END CERTIFICATE-----
+
+SwissSign Gold CA - G2
+======================
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
+EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
+MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
+c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
+t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
+jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
+vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
+ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
+AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
+jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
+peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
+7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
+GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
+OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
+5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
+44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
+Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
+Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
+mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
+vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
+KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
+NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
+viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+
+SwissSign Silver CA - G2
+========================
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
+BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
+DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
+aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
+N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
+6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
+MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
+qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
+FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
+ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
+celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
+CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
+tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
+4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
+kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
+3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
+/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
+DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
+e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
+WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
+DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
+DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+
+SecureTrust CA
+==============
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
+dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
+OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
+DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
+GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
+01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
+ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
+aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
+SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
+mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
+nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+
+Secure Global CA
+================
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
+bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
+YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
+8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
+HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
+0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
+oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
+MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
+CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
+3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+
+COMODO Certification Authority
+==============================
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
+MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
+T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
+xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
+4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
+1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
+rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
+b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
+AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
+OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
+IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
+-----END CERTIFICATE-----
+
+COMODO ECC Certification Authority
+==================================
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
+GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
+4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
+wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
+FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
+U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+
+Certigna
+========
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
+MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
+Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
+XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
+GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
+ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
+DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
+Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
+tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
+BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
+SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
+hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
+PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
+1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+
+ePKI Root Certification Authority
+=================================
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
+MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
+MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
+IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
+lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
+qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
+12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
+WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
+lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
+vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
+Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
+MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
+1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
+KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
+xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
+GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
+xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
+gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
+sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
+BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+
+certSIGN ROOT CA
+================
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
+VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
+Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
+CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
+JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
+rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
+ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
+0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
+AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
+AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
+SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
+x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
+vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
+TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+
+NetLock Arany (Class Gold) Főtanúsítvány
+========================================
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
+A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
+dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
+cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
+MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
+ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
+c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
+0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
+H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
+fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
+neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
+qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
+YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
+NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
+dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+
+SecureSign RootCA11
+===================
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
+SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
+b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
+KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
+cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
+TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
+wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
+g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
+O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
+bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
+t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
+OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
+bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
+Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
+y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
+lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+
+Microsec e-Szigno Root CA 2009
+==============================
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
+MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
+c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
+BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
+U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
+fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
+0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
+pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
+1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
+AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
+QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
+FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
+lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
+I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
+yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
+LXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+
+GlobalSign Root CA - R3
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
+YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
+bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
+aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
+iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
+0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
+OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
+xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
+lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
+EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
+bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
+YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
+kpeDMdmztcpHWD9f
+-----END CERTIFICATE-----
+
+Izenpe.com
+==========
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
+EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
+MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
+QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
+03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
+ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
+PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
+F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
+0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
+leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
+AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
+NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
+Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
+kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
+hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
+g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
+aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
+nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
+ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
+Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
+
+Go Daddy Root Certificate Authority - G2
+========================================
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
+MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
+A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
+9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
+fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
+NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
+BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
+vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
+5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
+N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
+-----END CERTIFICATE-----
+
+Starfield Root Certificate Authority - G2
+=========================================
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
+eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
+DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
+VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
+W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
+bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
+N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
+ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
+JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
+TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
+4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
+F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
+c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+
+Starfield Services Root Certificate Authority - G2
+==================================================
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
+IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
+dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
+h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
+hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
+LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
+rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
+SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
+E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
+xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
+-----END CERTIFICATE-----
+
+AffirmTrust Commercial
+======================
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
+MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
+DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
+C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
+BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
+MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
+HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
+hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
+qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
+0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
+sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+
+AffirmTrust Networking
+======================
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
+MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
+Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
+dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
+/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
+h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
+HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
+UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
+12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
+WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
+/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+
+AffirmTrust Premium
+===================
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
+OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
+dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
+BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
+5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
+GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
+p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
+S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
+6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
+/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
+MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
+6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
+L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
+BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
+IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
+g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
+zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+
+AffirmTrust Premium ECC
+=======================
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
+BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
+MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
+cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
+N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
+BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
+BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
+57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
+eQ==
+-----END CERTIFICATE-----
+
+Certum Trusted Network CA
+=========================
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
+ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
+MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
+ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
+J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
+fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
+cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
+jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
+mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
+Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+
+TWCA Root Certification Authority
+=================================
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
+VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
+IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
+QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
+oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
+4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
+y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
+9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
+mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
+QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
+T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
+Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+
+Security Communication RootCA2
+==============================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
+dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
+SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
+aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
+3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
+spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
+EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
+QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
+u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
+3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
+mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
+
+Actalis Authentication Root CA
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
+BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
+AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
+MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
+wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
+by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
+zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
+YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
+oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
+EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
+hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
+EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
+jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
+iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
+WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
+JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
+K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
+Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
+4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
+lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
+OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
+vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
+
+Buypass Class 2 Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
+DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
+g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
+9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
+/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
+CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
+awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
+zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
+Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
+Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
+M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
+osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
+aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
+DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
+LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
+oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
+wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
+CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
+rJgWVqA=
+-----END CERTIFICATE-----
+
+Buypass Class 3 Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
+DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
+sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
+5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
+7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
+ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
+2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
+/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
+RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
+Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
+j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
+uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
+Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
+ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
+KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
+6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
+UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
+eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
+Cp/HuZc=
+-----END CERTIFICATE-----
+
+T-TeleSec GlobalRoot Class 3
+============================
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
+MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
+9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
+NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
+iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
+0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
+AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
+fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
+ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
+P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
+-----END CERTIFICATE-----
+
+D-TRUST Root Class 3 CA 2 2009
+==============================
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
+Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
+LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
+ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
+BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
+KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
+p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
+AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
+4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
+eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
+MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
+PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
+OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
+2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
+dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
+X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
+-----END CERTIFICATE-----
+
+D-TRUST Root Class 3 CA 2 EV 2009
+=================================
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
+egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
+zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
+7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
+sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
+11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
+cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
+ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
+MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
+b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
+c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
+ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
+NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
+w9y4AyHqnxbxLFS1
+-----END CERTIFICATE-----
+
+CA Disig Root R2
+================
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw
+EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
+ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx
+EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
+c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC
+w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia
+xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7
+A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S
+GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV
+g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa
+5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE
+koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A
+Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i
+Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u
+Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV
+sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je
+dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8
+1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx
+mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01
+utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0
+sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg
+UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV
+7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+-----END CERTIFICATE-----
+
+ACCVRAIZ1
+=========
+-----BEGIN CERTIFICATE-----
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB
+SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1
+MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH
+UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM
+jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0
+RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD
+aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ
+0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG
+WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7
+8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J
+9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK
+Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw
+Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu
+Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM
+Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA
+QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh
+AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA
+YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj
+AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA
+IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk
+aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0
+dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2
+MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI
+hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E
+R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN
+YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ
+TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3
+sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg
+Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd
+3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p
+EfbRD0tVNEYqi4Y7
+-----END CERTIFICATE-----
+
+TWCA Global Root CA
+===================
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT
+CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD
+QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK
+EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C
+nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV
+r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR
+Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV
+tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W
+KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99
+sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p
+yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn
+kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI
+zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M
+8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg
+/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg
+lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP
+A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m
+i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8
+EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3
+zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=
+-----END CERTIFICATE-----
+
+TeliaSonera Root CA v1
+======================
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE
+CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4
+MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW
+VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+
+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA
+3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k
+B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn
+Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH
+oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3
+F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ
+oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7
+gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc
+TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB
+AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW
+DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm
+zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW
+pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV
+G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc
+c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT
+JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2
+qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6
+Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems
+WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+-----END CERTIFICATE-----
+
+T-TeleSec GlobalRoot Class 2
+============================
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx
+MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ
+SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F
+vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970
+2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV
+WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
+YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4
+r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf
+vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR
+3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
+-----END CERTIFICATE-----
+
+Atos TrustedRoot 2011
+=====================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU
+cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4
+MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG
+A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV
+hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr
+54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+
+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320
+HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR
+z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R
+l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ
+bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h
+k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh
+TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9
+61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G
+3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 1 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE
+PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm
+PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6
+Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN
+ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l
+g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV
+7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX
+9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f
+iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg
+t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI
+hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3
+GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct
+Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP
++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh
+3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa
+wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6
+O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0
+FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV
+hMJKzRwuJIczYOXD
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 2 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY
+NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t
+oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o
+MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l
+V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo
+L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ
+sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD
+6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh
+lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI
+hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K
+pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9
+x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz
+dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X
+U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw
+mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD
+zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr
+O3jtZsSOeWmD3n+M
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 3 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286
+IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL
+Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe
+6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3
+I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U
+VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7
+5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi
+Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM
+dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt
+rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI
+hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS
+t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ
+TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
+DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib
+Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD
+hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX
+0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW
+dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2
+PpxxVJkES/1Y+Zj0
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root G2
+===========================
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
+35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq
+bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw
+VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP
+YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn
+lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO
+w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv
+0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz
+d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW
+hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M
+jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root G3
+===========================
+-----BEGIN CERTIFICATE-----
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb
+RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs
+KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF
+UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy
+YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy
+1vUhZscv6pZjamVFkpUBtA==
+-----END CERTIFICATE-----
+
+DigiCert Global Root G2
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx
+MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ
+kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO
+3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV
+BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
+UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu
+5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr
+F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U
+WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH
+QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/
+iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
+
+DigiCert Global Root G3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD
+VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw
+MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k
+aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y
+3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34
+VOKa5Vt8sycX
+-----END CERTIFICATE-----
+
+DigiCert Trusted Root G4
+========================
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw
+HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp
+pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o
+k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
+vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY
+QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6
+MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm
+mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7
+f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH
+dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8
+oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY
+ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr
+yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy
+7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah
+ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN
+5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb
+/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa
+5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK
+G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
+82Z+
+-----END CERTIFICATE-----
+
+COMODO RSA Certification Authority
+==================================
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
+
+USERTrust RSA Certification Authority
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz
+0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j
+Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn
+RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O
++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq
+/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE
+Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM
+lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8
+yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+
+eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW
+FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ
+7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ
+Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM
+8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi
+FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi
+yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c
+J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw
+sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx
+Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+
+USERTrust ECC Certification Authority
+=====================================
+-----BEGIN CERTIFICATE-----
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2
+0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez
+nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB
+HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu
+9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+-----END CERTIFICATE-----
+
+GlobalSign ECC Root CA - R5
+===========================
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS
+h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx
+uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
+yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
+-----END CERTIFICATE-----
+
+IdenTrust Commercial Root CA 1
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES
+MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB
+IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld
+hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/
+mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi
+1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C
+XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl
+3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy
+NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV
+WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg
+xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix
+uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI
+hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg
+ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt
+ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV
+YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
+feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro
+kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe
+2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz
+Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R
+cGzM7vRX+Bi6hG6H
+-----END CERTIFICATE-----
+
+IdenTrust Public Sector Root CA 1
+=================================
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv
+ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS
+b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy
+P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6
+Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI
+rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf
+qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS
+mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
+ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh
+LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL
+4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B
+Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw
+DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A
+mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt
+GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt
+m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx
+NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4
+Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI
+ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC
+ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ
+3Wl9af0AVqW3rLatt8o+Ae+c
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - G2
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy
+bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug
+b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx
+OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP
+/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz
+HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU
+s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y
+TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx
+AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6
+0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z
+iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi
+nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+
+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO
+e4pIb4tF9g==
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - EC1
+==========================================
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn
+YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw
+FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs
+LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
+dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy
+AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef
+9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h
+vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8
+kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+-----END CERTIFICATE-----
+
+CFCA EV ROOT
+============
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE
+CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB
+IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw
+MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD
+DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV
+BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD
+7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN
+uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW
+ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7
+xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f
+py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K
+gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol
+hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ
+tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf
+BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q
+ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua
+4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG
+E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX
+BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn
+aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy
+PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX
+kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C
+ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+-----END CERTIFICATE-----
+
+OISTE WISeKey Global Root GB CA
+===============================
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG
+EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw
+MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds
+b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX
+scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP
+rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk
+9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o
+Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg
+GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
+hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD
+dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0
+VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui
+HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+-----END CERTIFICATE-----
+
+SZAFIR ROOT CA2
+===============
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
+A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
+BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
+BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
+VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
+qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
+DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
+2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
+ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
+ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
+O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
+oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
+4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+-----END CERTIFICATE-----
+
+Certum Trusted Network CA 2
+===========================
+-----BEGIN CERTIFICATE-----
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
+BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
+bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
+ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
+TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
+IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
+7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
+CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
+Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
+uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
+GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
+9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
+Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
+hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
+BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
+Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
+L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
+clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
+pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
+w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
+J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
+ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
+is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
+zAYspsbiDrW5viSP
+-----END CERTIFICATE-----
+
+Hellenic Academic and Research Institutions RootCA 2015
+=======================================================
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
+BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
+YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
+MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
+QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
+MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
+bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
+iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
+6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
+i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
+GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
+fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
+iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
+Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
+hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
+d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
+d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
+82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
+davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
+Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
+J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
+JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
+p/UsQu0yrbYhnr68
+-----END CERTIFICATE-----
+
+Hellenic Academic and Research Institutions ECC RootCA 2015
+===========================================================
+-----BEGIN CERTIFICATE-----
+MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
+aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
+aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
+MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
+IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
+VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
+Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
+dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
+Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
+GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
+dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
+-----END CERTIFICATE-----
+
+ISRG Root X1
+============
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE
+BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD
+EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG
+EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT
+DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r
+Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1
+3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K
+b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN
+Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ
+4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf
+1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu
+hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH
+usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r
+OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY
+9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV
+0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt
+hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw
+TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx
+e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA
+JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD
+YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n
+JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ
+m+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM
+================
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT
+AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw
+MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD
+TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf
+qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr
+btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL
+j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou
+08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw
+WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT
+tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ
+47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC
+ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa
+i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o
+dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
+nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s
+D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ
+j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT
+Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW
++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7
+Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d
+8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm
+5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG
+rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
+-----END CERTIFICATE-----
+
+Amazon Root CA 1
+================
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1
+MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH
+FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ
+gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t
+dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce
+VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3
+DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM
+CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy
+8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa
+2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2
+xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
+
+Amazon Root CA 2
+================
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1
+MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4
+kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp
+N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9
+AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd
+fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx
+kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS
+btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0
+Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN
+c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+
+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw
+DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA
+A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE
+YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW
+xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ
+gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW
+aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV
+Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3
+KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi
+JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=
+-----END CERTIFICATE-----
+
+Amazon Root CA 3
+================
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB
+f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr
+Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43
+rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc
+eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw==
+-----END CERTIFICATE-----
+
+Amazon Root CA 4
+================
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN
+/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri
+83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA
+MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1
+AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+-----END CERTIFICATE-----
+
+TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT
+D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr
+IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g
+TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp
+ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD
+VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt
+c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth
+bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11
+IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8
+6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc
+wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0
+3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9
+WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU
+ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
+AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc
+lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
+e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
+q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
+-----END CERTIFICATE-----
+
+GDCA TrustAUTH R5 ROOT
+======================
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
+BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
+DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
+YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
+IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
+AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
+pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
+9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
+xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
+R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
+D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
+oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
+9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
+p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
+H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
+6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
+HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
+F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
+8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
+/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
+aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
+-----END CERTIFICATE-----
+
+SSL.com Root Certification Authority RSA
+========================================
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
+MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
+MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
+LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
+Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
+P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
+k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
+fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
+gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
+UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
+1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
+bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
+dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
+ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
+u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
+erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
+MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
+vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
+Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
+wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
+WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
+-----END CERTIFICATE-----
+
+SSL.com Root Certification Authority ECC
+========================================
+-----BEGIN CERTIFICATE-----
+MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
+BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
+MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
+BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
+bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
+hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
+jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
+e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
+5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
+-----END CERTIFICATE-----
+
+SSL.com EV Root Certification Authority RSA R2
+==============================================
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
+DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
+MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
+MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
+DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
+VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
+hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
+cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
+Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
+B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
+CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
+9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
+RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
+JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
+HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
+qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
+++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
+Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
+guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
+OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
+CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
+lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
+rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
+hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
+9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
+-----END CERTIFICATE-----
+
+SSL.com EV Root Certification Authority ECC
+===========================================
+-----BEGIN CERTIFICATE-----
+MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
+BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
+MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
+LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
+3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
+BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
+5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
+N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
+m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
+-----END CERTIFICATE-----
+
+GlobalSign Root CA - R6
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX
+R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i
+YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
+U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss
+grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE
+3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF
+vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM
+PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+
+azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O
+WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy
+CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP
+0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN
+b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV
+HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0
+lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY
+BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym
+Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr
+3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1
+0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T
+uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK
+oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t
+JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
+-----END CERTIFICATE-----
+
+OISTE WISeKey Global Root GC CA
+===============================
+-----BEGIN CERTIFICATE-----
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD
+SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo
+MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa
+Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL
+ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr
+VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab
+NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E
+AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk
+AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
+-----END CERTIFICATE-----
+
+UCA Global G2 Root
+==================
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x
+NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU
+cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT
+oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV
+8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS
+h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o
+LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/
+R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe
+KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa
+4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc
+OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97
+8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo
+5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A
+Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9
+yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX
+c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo
+jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk
+bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x
+ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn
+RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A==
+-----END CERTIFICATE-----
+
+UCA Extended Validation Root
+============================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u
+IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G
+A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs
+iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu
+eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR
+59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH
+0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR
+el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv
+B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth
+WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS
+NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS
+3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
+BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM
+aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4
+dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb
++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW
+F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi
+GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc
+GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi
+djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1ax
+-----END CERTIFICATE-----
+
+Certigna Root CA
+================
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
+BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ
+MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda
+MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz
+MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX
+stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz
+KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8
+JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq
+4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej
+wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ
+lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI
+jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/
+/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy
+dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h
+LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl
+cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt
+OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP
+TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq
+7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3
+4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd
+8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS
+6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY
+tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde
+E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
+
+emSign Root CA - G1
+===================
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET
+MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl
+ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx
+ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk
+aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN
+LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1
+cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW
+DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ
+6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH
+hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2
+vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q
+NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q
++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih
+U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
+-----END CERTIFICATE-----
+
+emSign ECC Root CA - G3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG
+A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg
+MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4
+MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11
+ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc
+58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr
+MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D
+CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7
+jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj
+-----END CERTIFICATE-----
+
+emSign Root CA - C1
+===================
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx
+EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp
+Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD
+ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up
+ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/
+Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX
+OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V
+I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms
+lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+
+XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp
+/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1
+NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9
+wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ
+BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
+-----END CERTIFICATE-----
+
+emSign ECC Root CA - C3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG
+A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF
+Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD
+ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd
+6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9
+SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA
+B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA
+MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU
+ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
+-----END CERTIFICATE-----
+
+Hongkong Post Root CA 3
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG
+A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK
+Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2
+MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX
+SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz
+iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf
+jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim
+5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe
+sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj
+0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/
+JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u
+y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h
++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG
+xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID
+AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN
+AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw
+W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld
+y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov
++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc
+eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw
+9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7
+nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY
+hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB
+60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq
+dBb9HxEGmpv0
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - G4
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
+bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D
+umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds
+8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ
+e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7
+ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X
+xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV
+7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW
+Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n
+MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q
+jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht
+7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK
+YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt
+jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+
+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW
+RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA
+JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G
++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHw==
+-----END CERTIFICATE-----
+
+Microsoft ECC Root Certificate Authority 2017
+=============================================
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND
+IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4
+MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw
+NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6
+thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB
+eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM
++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf
+Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR
+eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M=
+-----END CERTIFICATE-----
+
+Microsoft RSA Root Certificate Authority 2017
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG
+EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg
+UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw
+NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
+MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml
+7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e
+S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7
+1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+
+dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F
+yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS
+MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr
+lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ
+0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ
+ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og
+6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80
+dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk
++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex
+/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy
+AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW
+ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE
+7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT
+c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D
+5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E
+-----END CERTIFICATE-----
+
+e-Szigno Root CA 2017
+=====================
+-----BEGIN CERTIFICATE-----
+MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw
+DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt
+MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa
+Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE
+CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp
+Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx
+s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv
+vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA
+tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO
+svxyqltZ+efcMQ==
+-----END CERTIFICATE-----
+
+certSIGN Root CA G2
+===================
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw
+EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy
+MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH
+TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05
+N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk
+abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg
+wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp
+dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh
+ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732
+jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf
+95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc
+z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL
+iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
+DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB
+ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC
+b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB
+/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5
+8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5
+BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW
+atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU
+Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M
+NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N
+0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc=
+-----END CERTIFICATE-----
+
+Trustwave Global Certification Authority
+========================================
+-----BEGIN CERTIFICATE-----
+MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2
+ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2
+ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29
+zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf
+LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq
+stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o
+WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+
+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40
+Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE
+uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm
++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj
+ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB
+BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H
+PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H
+ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla
+4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R
+vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd
+zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O
+856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH
+Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu
+3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP
+29FpHOTKyeC2nOnOcXHebD8WpHk=
+-----END CERTIFICATE-----
+
+Trustwave Global ECC P256 Certification Authority
+=================================================
+-----BEGIN CERTIFICATE-----
+MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy
+dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1
+NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj
+43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm
+P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt
+0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz
+RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7
+-----END CERTIFICATE-----
+
+Trustwave Global ECC P384 Certification Authority
+=================================================
+-----BEGIN CERTIFICATE-----
+MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy
+dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4
+NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH
+Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr
+/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV
+HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn
+ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl
+CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw==
+-----END CERTIFICATE-----
+
+NAVER Global Root Certification Authority
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG
+A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD
+DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4
+NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT
+UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb
+UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW
++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7
+XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2
+aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4
+Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z
+VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B
+A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy
+YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV
+HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK
+21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB
+jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx
+hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg
+E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH
+D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ
+A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY
+qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
+I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
+kpzNNIaRkPpkUZ3+/uul9XXeifdy
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+===================================
+-----BEGIN CERTIFICATE-----
+MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF
+UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy
+NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4
+MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB
+QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2
+LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG
+SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD
+zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c=
+-----END CERTIFICATE-----
+
+GlobalSign Root R46
+===================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv
+b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX
+BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es
+CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/
+r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje
+2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt
+bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj
+K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4
+12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on
+ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls
+eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9
+vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM
+BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
+JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy
+gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92
+CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm
+OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq
+JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye
+qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz
+nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7
+DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3
+QEUxeCp6
+-----END CERTIFICATE-----
+
+GlobalSign Root E46
+===================
+-----BEGIN CERTIFICATE-----
+MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT
+AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg
+RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV
+BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB
+jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj
+QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL
+gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk
+vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
+CAezNIm8BZ/3Hobui3A=
+-----END CERTIFICATE-----
+
+ANF Secure Server Root CA
+=========================
+-----BEGIN CERTIFICATE-----
+MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4
+NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv
+bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg
+Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw
+MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw
+EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz
+BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv
+T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv
+B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse
+zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM
+VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j
+7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z
+JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe
+8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO
+Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj
+o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E
+BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ
+UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx
+j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt
+dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM
+5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb
+5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54
+EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H
+hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy
+g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3
+r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw=
+-----END CERTIFICATE-----
+
+Certum EC-384 CA
+================
+-----BEGIN CERTIFICATE-----
+MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ
+TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2
+MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh
+dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
+GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq
+vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn
+iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo
+ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0
+QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k=
+-----END CERTIFICATE-----
+
+Certum Trusted Root CA
+======================
+-----BEGIN CERTIFICATE-----
+MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG
+EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
+HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY
+QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p
+fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52
+HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2
+fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt
+g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4
+NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk
+fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ
+P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY
+njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK
+HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1
+vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL
+LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s
+ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K
+h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8
+CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
+4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo
+WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj
+6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT
+OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck
+bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb
+-----END CERTIFICATE-----
+
+TunTrust Root CA
+================
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG
+A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj
+dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw
+NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD
+ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz
+2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b
+bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7
+NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd
+gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW
+VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f
+Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ
+juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas
+DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS
+VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI
+04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0
+90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl
+0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd
+Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY
+YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp
+adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x
+xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP
+jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM
+MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z
+ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r
+AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o=
+-----END CERTIFICATE-----
+
+HARICA TLS RSA Root CA 2021
+===========================
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG
+EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz
+OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl
+bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB
+IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN
+JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu
+a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y
+Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K
+5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv
+dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR
+0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH
+GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm
+haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ
+CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU
+EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq
+QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD
+QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR
+j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5
+vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0
+qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6
+Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/
+PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn
+kf3/W9b3raYvAwtt41dU63ZTGI0RmLo=
+-----END CERTIFICATE-----
+
+HARICA TLS ECC Root CA 2021
+===========================
+-----BEGIN CERTIFICATE-----
+MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH
+UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD
+QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX
+DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj
+IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv
+b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l
+AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b
+ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW
+0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi
+rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw
+CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps
+-----END CERTIFICATE-----
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+=========================================================
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud
+DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w
+gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j
+b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A
+bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL
+4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb
+LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il
+I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP
+cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA
+LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A
+lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH
+9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf
+NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE
+ZycPvEJdvSRUDewdcAZfpLz6IHxV
+-----END CERTIFICATE-----
+
+vTrus ECC Root CA
+=================
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE
+BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS
+b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa
+BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c
+ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n
+TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT
+QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL
+YgmRWAD5Tfs0aNoJrSEGGJTO
+-----END CERTIFICATE-----
+
+vTrus Root CA
+=============
+-----BEGIN CERTIFICATE-----
+MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG
+A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv
+b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG
+A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots
+SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI
+ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF
+XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA
+YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70
+kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2
+AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu
+/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu
+1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO
+9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg
+scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd
+nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr
+jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4
+8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn
+xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg
+icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4
+sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW
+nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc
+SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H
+l3s=
+-----END CERTIFICATE-----
+
+ISRG Root X2
+============
+-----BEGIN CERTIFICATE-----
+MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV
+UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT
+UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT
+MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS
+RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H
+ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb
+d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF
+cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5
+U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn
+-----END CERTIFICATE-----
+
+HiPKI Root CA - G1
+==================
+-----BEGIN CERTIFICATE-----
+MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ
+IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT
+AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg
+Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0
+o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k
+wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE
+YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA
+GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd
+hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj
+1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4
+9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/
+Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF
+8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi
+7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl
+tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE
+wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q
+JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv
+5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz
+jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg
+hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb
+yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/
+yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ==
+-----END CERTIFICATE-----
+
+GlobalSign ECC Root CA - R4
+===========================
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i
+YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i
+YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW
+ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E
+BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI
+KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg
+UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm
+-----END CERTIFICATE-----
+
+GTS Root R1
+===========
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM
+f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0
+xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w
+B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW
+nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk
+9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq
+kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A
+K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX
+V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW
+cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD
+ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
+QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi
+ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar
+J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci
+NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me
+LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF
+fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+
+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3
+FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3
+gm3c
+-----END CERTIFICATE-----
+
+GTS Root R2
+===========
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv
+CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl
+e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb
+a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS
++LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M
+kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG
+r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q
+S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV
+J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL
+dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD
+ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8
+0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh
+swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel
+/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn
+jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5
+9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M
+7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8
+0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR
+WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW
+HYbL
+-----END CERTIFICATE-----
+
+GTS Root R3
+===========
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw
+HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ
+R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout
+736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA
+MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq
+Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT
+L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV
+11RZt+cRLInUue4X
+-----END CERTIFICATE-----
+
+GTS Root R4
+===========
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw
+HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ
+R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu
+hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA
+MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1
+PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C
+r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh
+4rsUecrNIdSUtUlD
+-----END CERTIFICATE-----
+
+Telia Root CA v2
+================
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT
+AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2
+MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK
+DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7
+6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q
+9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn
+pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl
+tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW
+5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr
+RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E
+BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4
+M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau
+BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W
+xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ
+8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5
+tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H
+eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C
+y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC
+QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15
+h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70
+sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9
+xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ
+raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc=
+-----END CERTIFICATE-----
+
+D-TRUST BR Root CA 1 2020
+=========================
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE
+RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy
+MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV
+BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7
+dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu
+QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t
+MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu
+bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP
+PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD
+AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom
+AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87
+-----END CERTIFICATE-----
+
+D-TRUST EV Root CA 1 2020
+=========================
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE
+RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy
+MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV
+BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8
+ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ
+raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL
+MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu
+bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP
+PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD
+AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR
+AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW
+-----END CERTIFICATE-----
+
+DigiCert TLS ECC P384 Root G5
+=============================
+-----BEGIN CERTIFICATE-----
+MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4
+NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx
+FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg
+Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd
+lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj
+n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB
+/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds
+Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx
+AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA==
+-----END CERTIFICATE-----
+
+DigiCert TLS RSA4096 Root G5
+============================
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG
+EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0
+MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2
+IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8
+7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU
+AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces
+tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa
+zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV
+DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q
+TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy
+z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/
+MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk
+wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E
+FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw
+GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN
+lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN
+MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/
+u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G
+OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh
+47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU
+FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ
+yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP
+bEtoL8pU9ozaMv7Da4M/OMZ+
+-----END CERTIFICATE-----
+
+Certainly Root R1
+=================
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN
+MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy
+dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O
+5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl
+8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl
+DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI
+XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN
+KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ
+AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb
+rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1
+VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS
+p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz
+HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d
+8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v
+MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB
+GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+
+gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH
+JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7
+fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw
+x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S
+X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8=
+-----END CERTIFICATE-----
+
+Certainly Root E1
+=================
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0
+MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu
+bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4
+fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9
+YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E
+AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8
+rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR
+-----END CERTIFICATE-----
+
+Security Communication RootCA3
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNVBAYTAkpQMSUw
+IwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQDEx5TZWN1cml0eSBD
+b21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQsw
+CQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UE
+AxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4rCmDvu20r
+hvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzAlrenfna84xtSGc4RHwsE
+NPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MGTfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2
+/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF79+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGm
+npjKIG58u4iFW/vAEGK78vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtY
+XLVqAvO4g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3weGVPK
+p7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst+3A7caoreyYn8xrC
+3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M0V9hvqG8OmpI6iZVIhZdXw3/JzOf
+GAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQT9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0Vcw
+CBEF/VfR2ccCAwEAAaNCMEAwHQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS
+YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PAFNr0Y/Dq9HHu
+Tofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd9XbXv8S2gVj/yP9kaWJ5rW4O
+H3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQIUYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASx
+YfQAW0q3nHE3GYV5v4GwxxMOdnE+OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZ
+XSEIx2C/pHF7uNkegr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml
++LLfiAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUVnuiZIesn
+KwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD2NCcnWXL0CsnMQMeNuE9
+dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm
+6Vwdp6POXiUyK+OVrCoHzrQoeIY8LaadTdJ0MN1kURXbg4NR16/9M51NZg==
+-----END CERTIFICATE-----
+
+Security Communication ECC RootCA1
+==================================
+-----BEGIN CERTIFICATE-----
+MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD
+VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t
+dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL
+MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV
+BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo
+5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW
+BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK
+BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L
+snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e
+N9k=
+-----END CERTIFICATE-----
+
+BJCA Global Root CA1
+====================
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG
+EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK
+Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG
+A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD
+DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm
+CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS
+sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn
+P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW
+yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj
+eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn
+MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b
+OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh
+GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK
+H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB
+AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
+YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ
+dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8
+60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh
+TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW
+4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp
+GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx
+4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps
+3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S
+SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI=
+-----END CERTIFICATE-----
+
+BJCA Global Root CA2
+====================
+-----BEGIN CERTIFICATE-----
+MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD
+TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg
+R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE
+BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC
+SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl
+SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK
+/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI
+1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8
+W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g
+UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
+-----END CERTIFICATE-----
+
+Sectigo Public Server Authentication Root E46
+=============================================
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH
+QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2
+ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5
+WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0
+aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0
+NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud
+DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH
+lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U
+SAGKcw==
+-----END CERTIFICATE-----
+
+Sectigo Public Server Authentication Root R46
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG
+EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT
+ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1
+OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T
+ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k
+1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf
+GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP
+FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu
+ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz
+Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A
+wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF
+plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ
+EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW
+6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI
+IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c
+mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp
+E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4
+exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M
+0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI
+84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m
+pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd
+Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b
+E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm
+J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL
+-----END CERTIFICATE-----
+
+SSL.com TLS RSA Root CA 2022
+============================
+-----BEGIN CERTIFICATE-----
+MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG
+EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg
+Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC
+VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv
+b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u
+9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y
+7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac
+oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M
+R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG
+D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW
+TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk
+8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq
+g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk
+7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud
+EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu
+N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
+hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN
+j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by
+iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU
+o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo
+ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib
+MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi
+vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7
+P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0
+9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
+-----END CERTIFICATE-----
+
+SSL.com TLS ECC Root CA 2022
+============================
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV
+UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v
+dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg
+Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy
+JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1
+5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7
+81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w
+7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5
+Zn6g6g==
+-----END CERTIFICATE-----
+
+Atos TrustedRoot Root CA ECC TLS 2021
+=====================================
+-----BEGIN CERTIFICATE-----
+MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB
+dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD
+VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg
+VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT
+AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K
+DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS
+b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX
+NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+
+uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY
+a3cpetskz2VAv9LcjBHo9H1/IISpQuQo
+-----END CERTIFICATE-----
+
+Atos TrustedRoot Root CA RSA TLS 2021
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD
+DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw
+CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0
+b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV
+BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB
+l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG
+vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK
+ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt
+0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK
+PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY
+sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY
+Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+
+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa
+fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS
+4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl
+Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX
+AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G
+slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt
+afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q
+TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj
+1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l
+PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W
+HYMfRsCbvUOZ58SWLs5fyQ==
+-----END CERTIFICATE-----
+
+TrustAsia Global Root CA G3
+===========================
+-----BEGIN CERTIFICATE-----
+MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG
+A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM
+G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw
+MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu
+MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz
+lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ
+Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V
+P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag
+dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm
+9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc
+D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg
+WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea
+mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF
+TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj
+7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E
+BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1
+D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T
+G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj
+duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl
+cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys
++TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli
+2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y
+aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS
+ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR
+JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH
+-----END CERTIFICATE-----
+
+TrustAsia Global Root CA G4
+===========================
+-----BEGIN CERTIFICATE-----
+MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE
+BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry
+dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa
+MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw
+IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8
+m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/
+pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA
+bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk
+dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA==
+-----END CERTIFICATE-----
+
+CommScope Public Trust ECC Root-01
+==================================
+-----BEGIN CERTIFICATE-----
+MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz
+dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT
+AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg
+RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx
+eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot
+6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2
+Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW
+pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE=
+-----END CERTIFICATE-----
+
+CommScope Public Trust ECC Root-02
+==================================
+-----BEGIN CERTIFICATE-----
+MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz
+dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT
+AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg
+RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M
+MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE
+SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9
+Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7
+3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag==
+-----END CERTIFICATE-----
+
+CommScope Public Trust RSA Root-01
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG
+A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU
+cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1
+c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft
+nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6
+uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq
+ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs
+vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c
+Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif
+BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9
+lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo
+KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH
++VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4
+5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6
+NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM
+3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck
+jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf
+Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W
+NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+
+o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/
+oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc
+1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM
+6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw
+-----END CERTIFICATE-----
+
+CommScope Public Trust RSA Root-02
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG
+A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU
+cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1
+c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V
+rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx
+7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC
+e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W
+Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp
+M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf
+hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr
+eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE
+VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t
+Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx
+cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB
+KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF
+1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa
+MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd
+gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O
+HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm
+YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr
+dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ
+iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN
+lM47ni3niAIi9G7oyOzWPPO5std3eqx7
+-----END CERTIFICATE-----
+
+Telekom Security TLS ECC Root 2020
+==================================
+-----BEGIN CERTIFICATE-----
+MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE
+RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl
+a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz
+NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg
+R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG
+SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1
+2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC
+MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ
+Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU
+ga/sf+Rn27iQ7t0l
+-----END CERTIFICATE-----
+
+Telekom Security TLS RSA Root 2023
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG
+EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU
+ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy
+NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp
+dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC
+KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP
+GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx
+UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo
+l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9
+FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v
+zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg
+rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML
+KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S
+WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2
+p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+
+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp
+kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy
+/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4
+mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz
+aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa
+oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8
+wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE
+HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0
+o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A=
+-----END CERTIFICATE-----
+
+FIRMAPROFESIONAL CA ROOT-A WEB
+==============================
+-----BEGIN CERTIFICATE-----
+MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF
+UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4
+MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2
+WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h
+bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM
+IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6
+iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg
+st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD
+Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB
+/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL
+cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ
+pYXFuXqUPoeovQA=
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem
new file mode 100644
index 000000000..2c2f6d9fb
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem
@@ -0,0 +1,198 @@
+##
+## Deprecated CA Root Certificates
+## Deprecated CA Root Certificates that get appended to 'cacrt_all.pem'
+
+## These certificates have been removed from the newer Mozilla CA certificate store.
+## Refer to https://wiki.mozilla.org/CA/Removed_Certificates for more information.
+
+## These certificates might be removed from ESP-IDF during every major release.
+
+## The current deprecated certificate bundle is up-to-date with the Mozilla cert bundle (cacrt_all.pem) dated Tue Jul  2 03:12:04 2024 GMT
+
+
+Hongkong Post Root CA 1
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
+DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
+NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
+IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
+ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
+auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
+qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
+V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
+HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
+h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
+IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
+T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
+c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
+-----END CERTIFICATE-----
+
+E-Tugra Certification Authority
+===============================
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w
+DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls
+ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw
+NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx
+QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl
+cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD
+DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd
+hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K
+CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g
+ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ
+BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0
+E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz
+rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq
+jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5
+dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK
+kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO
+XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807
+VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo
+a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc
+dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV
+KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT
+Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0
+8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G
+C7TbO6Orb1wdtn7os4I07QZcJA==
+-----END CERTIFICATE-----
+
+E-Tugra Global Root CA RSA v3
+=============================
+-----BEGIN CERTIFICATE-----
+MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQELBQAwgYAxCzAJ
+BgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAb
+BgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290
+IENBIFJTQSB2MzAeFw0yMDAzMTgwOTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRF
+LVR1Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBSU0Eg
+djMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J77gnJY9LTQ91ew6aEOErx
+jYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscxuj7X/iWpKo429NEvx7epXTPcMHD4QGxL
+sqYxYdE0PD0xesevxKenhOGXpOhL9hd87jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF
+/YP9f4RtNGx/ardLAQO/rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8q
+QedmCeFLl+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bGwzrw
+bMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4znKS4iicvObpCdg6
+04nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBOM/J+JjKsBY04pOZ2PJ8QaQ5tndLB
+eSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiM
+bIedBi3x7+PmBvrFZhNb/FAHnnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbg
+h3cXTJ2w2AmoDVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSytK7mLfcm1ap1
+LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAImocn+M684uGMQQ
+gC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN4
+38o2Fi+CiJ+8EUdPdk3ILY7r3y18Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/q
+ln0F7psTpURs+APQ3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3s
+SdPkvmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn99t2HVhjY
+sCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQmhty3QUBjYZgv6Rn7rWl
+DdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YAVSgU7NbHEqIbZULpkejLPoeJVF3Zr52X
+nGnnCv8PWniLYypMfUeUP95L6VPQMPHF9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFH
+IK+WEj5jlB0E5y67hscMmoi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiX
+YY60MGo8bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ
+-----END CERTIFICATE-----
+
+E-Tugra Global Root CA ECC v3
+=============================
+-----BEGIN CERTIFICATE-----
+MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMwgYAxCzAJBgNV
+BAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAbBgNV
+BAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENB
+IEVDQyB2MzAeFw0yMDAzMTgwOTQ2NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEP
+MA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1
+Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBFQ0MgdjMw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQKczLWYHMjLiSF4mDKpL2
+w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YKfWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31
+Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQ
+zPUwHQYDVR0OBBYEFP+CMXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjO
+PQQDAwNpADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/67W4W
+Aie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFxvmjkI6TZraE3
+-----END CERTIFICATE-----
+
+Security Communication Root CA
+==============================
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
+8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
+DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
+5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
+DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
+JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
+0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
+mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
+s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
+6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
+FL39vmwLAw==
+-----END CERTIFICATE-----
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+=========================================================
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
+DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
+bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
+ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
+51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
+R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
+T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
+Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
+osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
+crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
+saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
+KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
+6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+
+GLOBALTRUST 2020
+================
+-----BEGIN CERTIFICATE-----
+MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx
+IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT
+VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh
+BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy
+MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi
+D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO
+VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM
+CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm
+fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA
+A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR
+JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG
+DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU
+clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ
+mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud
+IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
+VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw
+4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9
+iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS
+8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2
+HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS
+vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918
+oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF
+YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl
+gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem
new file mode 100644
index 000000000..3633ed161
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem
@@ -0,0 +1,33 @@
+##
+## Local CA Root Certificates
+##
+## Local CA Root Certificates that gets appended to "cacrt_all.pem"
+
+
+## letsencrypt has generated a cross signed certificate with DST ROOT CA X3
+## for compatibility after the expiry of the certificate.
+## The new certificate has the ISSUER name as DST Root CA X3.
+## Thus, the handshake fails if esp_crt_bundle does not find the
+## respective name in the crt_bundle.
+## Keeping this certificate for compatibility reasons.
+## This will be removed once the cross-signed certificate expires in Sep 2024.
+
+DST Root CA X3
+==============
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
+ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
+DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
+cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
+rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
+UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
+xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
+utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
+dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
+GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
+RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
+fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c
new file mode 100644
index 000000000..6e7b625c4
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c
@@ -0,0 +1,1572 @@
+/* esp_crt_bundle.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/* Espressif */
+#include <esp_log.h>
+
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+#include <wolfssl/wolfcrypt/logging.h>
+
+static const char *TAG = "esp_crt_bundle-wolfssl";
+
+
+#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \
+    (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1)
+
+/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer.
+ * When there's no bundle selected, but a call is made, return a warning: */
+esp_err_t esp_crt_bundle_attach(void *conf)
+{
+    esp_err_t ret = ESP_OK;
+    ESP_LOGW(TAG, "No certificate bundle was selected");
+    return ret;
+}
+#else
+/* Certificate Bundles are enabled, and something other than NONE selected. */
+#include <wolfssl/internal.h>
+#include <wolfssl/ssl.h>
+
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+    /* We're already here since CONFIG_ESP_TLS_USING_WOLFSSL is enabled,    */
+    /* but do we have a recent version of wolfSSL CMakeLists.txt to support */
+    /* using wolfSSL in ESP-IDF? If so, include the esp-tls component here: */
+    #include <esp_tls.h> /* needed only for esp_tls_free_global_ca_store()  */
+#endif
+
+/* There's a minimum version of wolfSSL needed for Certificate Bundle Support.
+ *
+ * See the latest code at:
+ * https://github.com/wolfSSL/wolfssl or Managed Components at
+ * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
+ */
+#if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION)
+    #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0)
+        #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 1
+    #else
+        #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 0
+        #warning "This library depends on a recent version of wolfSSL config"
+    #endif
+#else
+    #warning "This library depends on a recent version of wolfSSL config"
+    #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID -1
+#endif
+
+#include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
+
+/* Bundle debug may come from user_settings.h and/or sdkconfig.h */
+#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
+    defined(       WOLFSSL_DEBUG_CERT_BUNDLE)
+    /* We'll only locally check this one: */
+    #undef         WOLFSSL_DEBUG_CERT_BUNDLE
+    #define        WOLFSSL_DEBUG_CERT_BUNDLE
+    /* Only display certificate bundle debugging messages when enabled: */
+    #define ESP_LOGCBI ESP_LOGI
+    #define ESP_LOGCBW ESP_LOGW
+    #define ESP_LOGCBV ESP_LOGV
+    /* Always show bundle name debugging when cert bundle debugging. */
+    #define ESP_LOGCBNI ESP_LOGI
+    #define ESP_LOGCBNW ESP_LOGW
+    #define ESP_LOGCBNV ESP_LOGV
+#else
+    /* Only display certificate bundle messages for most verbose setting.
+     * Note that the delays will likely cause TLS connection failures. */
+    #define ESP_LOGCBI ESP_LOGV
+    #define ESP_LOGCBW ESP_LOGV
+    #define ESP_LOGCBV ESP_LOGV
+    /* Optionally debug only certificate bundle names: */
+    /* #define WOLFSSL_DEBUG_CERT_BUNDLE_NAME          */
+    #ifdef WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+        #define ESP_LOGCBNI ESP_LOGI
+        #define ESP_LOGCBNW ESP_LOGW
+        #define ESP_LOGCBNV ESP_LOGV
+    #else
+        #define ESP_LOGCBNI ESP_LOGV
+        #define ESP_LOGCBNW ESP_LOGV
+        #define ESP_LOGCBNV ESP_LOGV
+    #endif
+#endif
+
+#if defined(WOLFSSL_EXAMPLE_VERBOSITY)
+    #define ESP_LOGXI ESP_LOGI
+    #define ESP_LOGXW ESP_LOGW
+    #define ESP_LOGXV ESP_LOGW
+#else
+    #define ESP_LOGXI ESP_LOGV
+    #define ESP_LOGXI ESP_LOGV
+    #define ESP_LOGXI ESP_LOGV
+#endif
+
+#ifndef X509_MAX_SUBJECT_LEN
+    #define X509_MAX_SUBJECT_LEN 255
+#endif
+
+#ifndef CTC_DATE_SIZE
+    #define CTC_DATE_SIZE 32
+#endif
+
+#define IS_WOLFSSL_CERT_BUNDLE_FORMAT
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+    /* For reference only, the other cert bundles are structured differently!
+     * The others contain only a PARTIAL certificate, along with a name. */
+    #define BUNDLE_HEADER_OFFSET 2
+    #define CRT_HEADER_OFFSET 4
+#else
+    /* Note these are also set in [ESP-IDF]/components/esp-tls/esp_tls_wolfssl.c
+     * to avoid conflicts with other cert bundles that may, in theory,
+     * be enabled concurrently (NOT recommended).
+     *
+     * Ensure they exactly match here: */
+    #define BUNDLE_HEADER_OFFSET 2
+    #define CRT_HEADER_OFFSET 2
+#endif
+
+/* NOTE: Manually edit sort order in gen_crt_bundle.py
+ *
+ * The default is having the bundle pre-sorted in the python script
+ * to allow for rapid binary cert match search at runtime. The unsorted
+ * search ALWAYS works, but when expecting a sorted search the python
+ * script MUST presort the data, otherwise the connection will likely fail.
+ *
+ * When debugging and using an unsorted bundle, define CERT_BUNDLE_UNSORTED
+ * Reminder: the actual sort occurs in gen_crt_bundly.py call from CMake. */
+/* #define CERT_BUNDLE_UNSORTED */
+
+/* Inline cert bundle functions performance hint unless otherwise specified. */
+#ifndef CB_INLINE
+    #define CB_INLINE inline
+#endif
+
+/* A "Certificate Bundle" is this array of [size] + [x509 CA List]
+ * certs that the client trusts: */
+extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
+                     asm("_binary_x509_crt_bundle_wolfssl_start");
+
+extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
+                     asm("_binary_x509_crt_bundle_wolfssl_end");
+
+/* This crt_bundle_t type must match other providers in esp-tls from ESP-IDF.
+ * TODO: Move to common header in ESP-IDF. (requires ESP-IDF modification).
+ * For now, it is here: */
+typedef struct crt_bundle_t {
+    const uint8_t **crts;
+    uint16_t num_certs;
+    size_t x509_crt_bundle_wolfssl_len;
+} crt_bundle_t;
+
+static WOLFSSL_X509* store_cert = NULL; /* will point to existing param values*/
+static WOLFSSL_X509* bundle_cert = NULL; /* the iterating cert being reviewed.*/
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    static const uint8_t **crts = NULL;
+    static uint16_t num_certs = 0;
+#endif
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
+                                             size_t bundle_size);
+static esp_err_t _esp_crt_bundle_is_valid = ESP_FAIL;
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+static crt_bundle_t s_crt_bundle = { 0 };
+static esp_err_t _wolfssl_found_zero_serial = ESP_OK;
+
+static int _cert_bundle_loaded = 0;
+
+static int _crt_found = 0;
+
+static int _added_cert = 0;
+
+static int _need_bundle_cert = 0;
+
+
+/* Returns ESP_OK if there are no zero serial numbers in the bundle,
+ * OR there may be zeros, but */
+static CB_INLINE int wolfssl_found_zero_serial(void)
+{
+    return _wolfssl_found_zero_serial;
+}
+
+/* Returns:
+ *   1 if the cert has a zero serial number
+ *   0 if the cert has a non-zero serial number
+ * < 0 for error wolfssl\wolfcrypt\error-crypt.h values  */
+static CB_INLINE int wolfssl_is_zero_serial_number(const uint8_t *der_cert,
+                                                             int sz)
+{
+    DecodedCert cert;
+    int ret = 0;
+
+    wc_InitDecodedCert(&cert, der_cert, sz, NULL);
+
+    ret = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
+
+    /* Check the special case of parse error with strict checking. */
+    if ((cert.serialSz == 1) && (cert.serial[0] == 0x0)) {
+        /* If we find a zero serial number, a parse error may still occur. */
+        if (ret == ASN_PARSE_E) {
+            /* Issuer amd subject will only be non-blank with relaxed check */
+            ESP_LOGW(TAG, "Encountered ASN Parse error with zero serial");
+            ESP_LOGCBI(TAG, "Issuer: %s", cert.issuer);
+            ESP_LOGCBI(TAG, "Subject: %s", cert.subject);
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \
+    defined(       WOLFSSL_NO_ASN_STRICT)
+            ESP_LOGW(TAG, "WOLFSSL_NO_ASN_STRICT enabled. Ignoring error.");
+
+            /* We'll force the return result to one for a "valid"
+             * parsing result, but not strict and found zero serial num. */
+            ret = 1;
+#else
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+        defined(       WOLFSSL_ASN_ALLOW_0_SERIAL)
+            /* Issuer amd subject will only be non-blank with relaxed check */
+            ESP_LOGCBW(TAG, "WOLFSSL_ASN_ALLOW_0_SERIAL enabled. "
+                            "Ignoring error.");
+
+            /* We'll force the return result for a "valid" parsing result,
+             * not strict and found zero serial num. */
+            ret = 1;
+    #else
+            ESP_LOGE(TAG, "ERROR: Certificate must have a Serial Number.");
+            ESP_LOGE(TAG, "Define WOLFSSL_NO_ASN_STRICT or "
+                          "WOLFSSL_ASN_ALLOW_0_SERIALto relax checks.");
+            /* ret (Keep ASN_PARSE_E)  */
+    #endif
+#endif
+        } /* special ASN_PARSE_E handling */
+        else {
+            /* Not an ASN Parse Error; the zero configured to be allowed. */
+            ESP_LOGV(TAG, "WARNING: Certificate has no Serial Number.");
+
+            /* If we found a zero, and the result of wc_ParseCert is zero,
+             * we'll return that zero as "cert has a zero serial number". */
+        }
+    }
+    else {
+        ESP_LOGV(TAG, "Not a special case zero serial number.");
+    }
+
+    if (ret > -1) {
+        ESP_LOGV(TAG, "Issuer: %s", cert.issuer);
+        ESP_LOGV(TAG, "Subject: %s", cert.subject);
+        ESP_LOGV(TAG, "Serial Number: %.*s", cert.serialSz, cert.serial);
+    }
+    else {
+        ESP_LOGCBV(TAG, "wolfssl_is_zero_serial_number exit  = %d", ret);
+    }
+
+    /* Clean up and exit */
+    wc_FreeDecodedCert(&cert);
+
+    return ret;
+}
+
+/* API for determining if the wolfSSL cert bundle is loaded. */
+int wolfssl_cert_bundle_loaded(void)
+{
+    return _cert_bundle_loaded;
+}
+
+/* API for determining if the wolfSSL cert bundle is needed. */
+int wolfssl_need_bundle_cert(void)
+{
+    return _need_bundle_cert;
+}
+
+/* Public API wolfSSL_X509_get_cert_items() */
+int wolfSSL_X509_get_cert_items(char* CERT_TAG,
+                                WOLFSSL_X509* cert,
+                                WOLFSSL_X509_NAME** issuer,
+                                WOLFSSL_X509_NAME** subject)
+{
+    char stringVaue[X509_MAX_SUBJECT_LEN + 1];
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    char before_str[CTC_DATE_SIZE];
+    char after_str[CTC_DATE_SIZE];
+    WOLFSSL_ASN1_TIME *notBefore = NULL, *notAfter = NULL;
+#endif
+    int ret = WOLFSSL_SUCCESS; /* Not ESP value! Success = 1, fail = 0 */
+
+    *issuer  = wolfSSL_X509_get_issuer_name(cert);
+    if (wolfSSL_X509_NAME_oneline(*issuer,
+                                  stringVaue, sizeof(stringVaue)) == NULL) {
+        ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG);
+        ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Store Cert Issuer: %s", CERT_TAG, stringVaue);
+    }
+
+    *subject = wolfSSL_X509_get_subject_name(cert);
+    if (wolfSSL_X509_NAME_oneline(*subject,
+                                  stringVaue, sizeof(stringVaue)) == NULL) {
+        ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG);
+        ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Store Cert Subject: %s", CERT_TAG, stringVaue );
+    }
+
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    notBefore = wolfSSL_X509_get_notBefore(cert);
+    if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str,
+                                    sizeof(before_str)) == NULL) {
+        ESP_LOGCBW(TAG, "%s Not Before value not valid", CERT_TAG);
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Not Before: %s", CERT_TAG, before_str);
+    }
+
+    esp_show_current_datetime();
+
+    notAfter = wolfSSL_X509_get_notAfter(cert);
+    if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str,
+                                    sizeof(after_str)) == NULL) {
+        ESP_LOGCBW(TAG, "%s Not After value not valid", CERT_TAG);
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Not After: %s", CERT_TAG, after_str);
+    }
+
+#endif
+
+    return ret;
+} /* wolfSSL_X509_show_cert */
+
+
+/*
+ * cert_manager_load()
+ *
+ * returns preverify value.
+ *
+ * WARNING: It is the caller's responsibility to confirm the der cert should be
+ *          added. (Typically during a callback error override).
+ *
+ * Verify Callback Arguments:
+ * preverify:           1=Verify Okay, 0=Failure
+ * store->error:        Failure error code (0 indicates no failure)
+ * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
+ * store->error_depth:  Current Index
+ * store->domain:       Subject CN as string (null term)
+ * store->totalCerts:   Number of certs presented by peer
+ * store->certs[i]:     A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
+ * store->store:        WOLFSSL_X509_STORE with CA cert chain
+ * store->store->cm:    WOLFSSL_CERT_MANAGER
+ * store->ex_data:      The WOLFSSL object pointer
+ * store->discardSessionCerts: When set to non-zero value session certs
+                               will be discarded (only with SESSION_CERTS) */
+static CB_INLINE int cert_manager_load(int preverify,
+                                       WOLFSSL_X509_STORE_CTX* store,
+                                       const unsigned char * der, long derSz)
+{
+    int ret;
+    WOLFSSL_CERT_MANAGER* cm = NULL; /* points to wolfSSL cm, no cleanup need */
+    WOLFSSL_X509_NAME *issuer = NULL;
+    WOLFSSL_X509_NAME *subject = NULL;
+
+    WOLFSSL_X509* peer = NULL; /* points to wolfSSL cm store, no cleanup need */
+
+    if (der == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load der is null");
+        return 0; /* preverify */
+    }
+
+    if (store == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load store is null");
+        return 0; /* preverify */
+    }
+
+    if (store->current_cert == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load store->current_cert is null");
+        return 0; /* preverify */
+    }
+
+    cm = store->store->cm;
+    peer = store->current_cert;
+    wolfSSL_X509_get_cert_items("peer", peer, &issuer, &subject);
+
+    /* It is the caller's responsibility to check conditions to add cert. */
+    if ((preverify == 0)  && (store->error == ASN_NO_SIGNER_E)) {
+        ESP_LOGCBI(TAG, "Confirmed call for ASN_NO_SIGNER_E");
+    }
+    else {
+        ESP_LOGW(TAG, "Warning: calling for non ASN_NO_SIGNER_E error.");
+    }
+
+    /* Some interesting cert bundle debug details: */
+    ESP_LOGCBI(TAG, "Cert %d:\n\tIssuer: %s\n\tSubject: %s\n",
+        store->error_depth,
+        issuer->name != NULL ? issuer->name : "[none]",
+        subject->name != NULL ? subject->name : "[none]");
+
+    /* Load the der cert to Certificate Manager:*/
+    ret = wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
+                                          WOLFSSL_FILETYPE_ASN1);
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Attempt to validate the certificate again */
+        ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
+            WOLFSSL_FILETYPE_ASN1);
+
+        if (ret == WOLFSSL_SUCCESS) {
+            ESP_LOGCBI(TAG, "Successfully validated cert: %s\n", subject->name);
+
+            /* If verification is successful then override error. */
+            preverify = 1;
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to verify cert after loading new CA. "
+                          "err = %d", ret);
+        }
+    }
+    else {
+        ESP_LOGE(TAG, "Failed to load CA");
+    }
+
+    /* We don't free the issue and subject, as they are
+     * pointers to current store->current_cert values. */
+    return preverify;
+}
+
+/* Not a Best Practice, but in dev one can ignore cert date/time: */
+#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME)
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_before_date(int preverify,
+                                                WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store == NULL) {
+        ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_before_date store is null");
+        preverify = 0;
+    }
+    else if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) {
+        ESP_LOGW(TAG, "Overriding ASN_BEFORE_DATE_E!");
+        preverify = 1;
+    }
+
+    return preverify;
+}
+
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_after_date(int preverify,
+                                                WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store == NULL) {
+        ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_after_date store is null");
+        preverify = 0;
+    }
+    else if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) {
+        ESP_LOGW(TAG, "Overriding ASN_AFTER_DATE_E!");
+        preverify = 1;
+    }
+
+    return preverify;
+}
+#endif /* WOLFSSL_DEBUG_CERT_BUNDLE && WOLFSSL_DEBUG_IGNORE_ASN_TIME */
+
+#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+void print_cert_subject_and_issuer(WOLFSSL_X509_STORE_CTX* store)
+{
+    char subjectStr[X509_MAX_SUBJECT_LEN + 1];
+    char issuerStr[X509_MAX_SUBJECT_LEN + 1];
+    WOLFSSL_BUFFER_INFO buffer;
+    WOLFSSL_X509_NAME* subject;
+    WOLFSSL_X509_NAME* issuer;
+    WOLFSSL_X509* cert;
+    int totalCerts;
+    int i;
+
+    if (store == NULL) {
+        ESP_LOGCBI(TAG, "store is NULL");
+        totalCerts = 0;
+    }
+    else {
+        totalCerts = store->totalCerts;
+    }
+
+    for (i = 0; i < totalCerts; i++) {
+        buffer = store->certs[i];
+        cert = wolfSSL_X509_d2i(NULL,
+                                            (const unsigned char*)buffer.buffer,
+                                              buffer.length);
+        if (cert == NULL) {
+            ESP_LOGCBI(TAG, "Failed to parse certificate at index %d\n", i);
+            continue;
+        }
+
+        subject = wolfSSL_X509_get_subject_name(cert);
+        issuer = wolfSSL_X509_get_issuer_name(cert);
+
+        if (subject != NULL && issuer != NULL) {
+            wolfSSL_X509_NAME_oneline(subject, subjectStr, sizeof(subjectStr));
+            wolfSSL_X509_NAME_oneline(issuer, issuerStr, sizeof(issuerStr));
+
+            ESP_LOGCBI(TAG, "Certificate at index %d:\n", i);
+            ESP_LOGCBI(TAG, "  Subject: %s\n", subjectStr);
+            ESP_LOGCBI(TAG, "  Issuer: %s\n", issuerStr);
+        }
+        else {
+            ESP_LOGCBI(TAG, "Failed to extract subject or issuer at index "
+                            "%d\n", i);
+        }
+
+        /* Clean up and exit */
+        wolfSSL_X509_free(cert);
+    }
+} /* print_cert_subject_and_issuer */
+#endif
+
+/* wolfssl_ssl_conf_verify_cb_no_signer() should only be called
+ *  from wolfssl_ssl_conf_verify_cb, handling the special case of
+ *  TLS handshake preverify failure for the "No Signer" condition. */
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify,
+                                                 WOLFSSL_X509_STORE_CTX* store)
+{
+    char subjectName[X509_MAX_SUBJECT_LEN + 1];
+
+    const unsigned char* cert_data = NULL;
+    const unsigned char* cert_bundle_data = NULL;
+
+    WOLFSSL_X509_NAME* store_cert_subject = NULL; /* part of store_cert*/
+    WOLFSSL_X509_NAME* store_cert_issuer = NULL;  /* part of store_cert*/
+    WOLFSSL_X509_NAME* this_subject = NULL;     /* part of bundle_cert.*/
+    WOLFSSL_X509_NAME* this_issuer = NULL;      /* part of bundle_cert.*/
+
+    intptr_t this_addr = 0; /* Beginning of the bundle object: [size][cert]  */
+    int derCertLength = 0; /* The [size] value: length of [cert] budnle item */
+    int cmp_res = 0;
+    int last_cmp = -1;
+
+    int start = 0;  /* Beginning of search; only changes if binary search.   */
+    int end = 0;    /* End of bunndle search; only changes if binary search. */
+    int middle = 0; /* Middle value for binary search, otherwise increments. */
+
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+    WOLFSSL_BUFFER_INFO buffer;
+#endif
+#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+    WOLFSSL_STACK* chain;
+    int numCerts;
+#endif
+
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfssl_ssl_conf_verify_cb_no_signer");
+    ESP_LOGCBI(TAG, "\n\nBegin callback: "
+                    "wolfssl_ssl_conf_verify_cb_no_signer\n");
+
+    /* Debugging section for viewing preverify values. */
+#ifndef NO_SKIP_PREVIEW
+    if (preverify == WOLFSSL_SUCCESS) {
+        ESP_LOGCBI(TAG, "Success: Detected prior Pre-verification == 1.");
+        /* So far, so good... we need to now check cert against alt */
+    }
+    else {
+        ESP_LOGCBW(TAG, "Detected prior Pre-verification Failure.");
+    }
+#else
+    /* Skip pre-verification, so we'll start with success. */
+    ret = WOLFSSL_SUCCESS;
+#endif
+
+    /* Check how many CA Certs in our bundle. Need at least one to proceed. */
+    if (ret == WOLFSSL_SUCCESS) {
+        if (s_crt_bundle.crts == NULL) {
+            ESP_LOGE(TAG, "No certificates in bundle.");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBI(TAG, "%d certificates in bundle.",
+                            s_crt_bundle.num_certs);
+            ret = WOLFSSL_SUCCESS;
+        }
+    }
+
+    /* Get the current cert from the store. */
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Get the current certificate being verified during the certificate
+         * chain validation process. */
+#ifdef OPENSSL_EXTRA
+    #ifdef WOLFSSL_ALT_CERT_CHAINS
+            /*  Retrieve the last WOLFSSL_BUFFER_INFO struct with alt chains */
+            buffer = store->certs[store->totalCerts - 1];
+            store_cert = wolfSSL_X509_d2i(NULL,
+                                          (const unsigned char*)buffer.buffer,
+                                          buffer.length);
+    #else
+            store_cert = wolfSSL_X509_STORE_CTX_get_current_cert(store);
+    #endif
+
+    #ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+        chain = wolfSSL_X509_STORE_CTX_get_chain(store);
+        numCerts = wolfSSL_sk_X509_num(chain);
+        if (!chain) {
+            numCerts = 0; /* Verification failed. */
+        }
+        ESP_LOGI(TAG, "Number of certificates in chain: %d", numCerts);
+        print_cert_subject_and_issuer(store);
+    #endif
+#else
+        store_cert = store->current_cert;
+#endif
+        if (store_cert == NULL) {
+            ESP_LOGE(TAG, "Failed to get current certificate.\n");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ret = WOLFSSL_SUCCESS;
+        }
+    } /* this (ret == WOLFSSL_SUCCESS) step to get cert from store */
+
+
+    /* Get the target name and subject from the current_cert(store) */
+    if (ret == WOLFSSL_SUCCESS) {
+        store_cert_subject = wolfSSL_X509_get_subject_name(store_cert);
+        if (wolfSSL_X509_NAME_oneline(store_cert_subject, subjectName,
+                                      sizeof(subjectName)) == NULL) {
+            ESP_LOGE(TAG, "Error converting subject name to string.");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBNI(TAG, "Store Cert Subject: %s", subjectName );
+        }
+        store_cert_issuer = wolfSSL_X509_get_issuer_name(store_cert);
+        if (store_cert_issuer == NULL) {
+            ESP_LOGE(TAG, "Error converting Store Cert Issuer to string");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBI(TAG, "Store Cert Issuer:  %s", store_cert_issuer->name );
+        }
+    }
+
+    /* When the server presents its certificate, the client checks if this
+     * certificate can be traced back to one of the CA certificates in the
+     * bundle.
+     *
+     * NOTE: To save memory, the store `cert` from above is overwritten below.
+     * Any details needed from the store `cert` should have been saved.
+     *
+     * We'll proceed by assigning `cert` to each of the respective items in
+     * bundle as we attempt to find the desired cert: */
+    if (ret == WOLFSSL_SUCCESS) {
+        _cert_bundle_loaded = 1;
+        start = 0;
+        if (s_crt_bundle.num_certs > 0) {
+            end = s_crt_bundle.num_certs - 1;
+        }
+        else {
+            ESP_LOGCBW(TAG, "The certificate bundle is empty.");
+            end = -1;
+        }
+
+#ifndef CERT_BUNDLE_UNSORTED
+        /* When sorted (not unsorted), binary search: */
+        middle = (end - start) / 2;
+#else
+        /* When not sorted, we start at beginning and look at each: */
+        ESP_LOGCBW(TAG, "Looking at CA indexed. Start = %d, end = %d",
+                         start, end);
+        middle = 0;
+#endif
+        /* Look for the certificate searching on subject name: */
+        while (start <= end) {
+#ifndef CERT_BUNDLE_UNSORTED
+            ESP_LOGCBNW(TAG, "Looking at CA #%d; Binary Search start = %d,"
+                            "end = %d", middle, start, end);
+#else
+            ESP_LOGCBNW(TAG, "Looking at CA index #%d", middle);
+#endif
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+            /* For reference only */
+            name_len = s_crt_bundle.crts[middle][0] << 8 |
+                       s_crt_bundle.crts[middle][1];
+            crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
+            ESP_LOGI(TAG, "String: %.*s", name_len, crt_name);
+            int cmp_res =  memcmp(subject, crt_name, name_len);
+#else
+            /* Each cert length should have been saved via python script: */
+            derCertLength = (s_crt_bundle.crts[middle][0] << 8) |
+                             s_crt_bundle.crts[middle][1];
+            this_addr = (intptr_t)s_crt_bundle.crts[middle];
+            ESP_LOGCBI(TAG, "This addr = 0x%x", this_addr);
+
+            cert_data = (const unsigned char*)(this_addr + CRT_HEADER_OFFSET);
+
+            if (wolfssl_is_zero_serial_number(cert_data, derCertLength)) {
+                ESP_LOGW(TAG, "Warning: No Certificate Serial Number: "
+                              "for Certificate #%d", middle);
+            }
+
+            ESP_LOGCBI(TAG, "s_crt_bundle ptr = 0x%x", (intptr_t)cert_data);
+            ESP_LOGCBI(TAG, "derCertLength    = %d", derCertLength);
+
+            /* Convert the DER format in the Cert Bundle to x509.
+             * Reminder: Cert PEM files converted to DER by gen_crt_bundle.py */
+            cert_bundle_data = cert_data; /* wolfSSL_d2i_X509 changes address */
+
+            /* Ensure we don't keep adding new bundle_certs to the heap. */
+            if (bundle_cert != NULL) {
+                wolfSSL_X509_free(bundle_cert);
+            }
+            bundle_cert = wolfSSL_d2i_X509(NULL, &cert_bundle_data,
+                                                  derCertLength);
+
+            if (bundle_cert == NULL) {
+                ESP_LOGE(TAG, "Error loading DER Certificate Authority (CA)"
+                              "from bundle #%d.", middle);
+        #if !defined(WOLFSSL_NO_ASN_STRICT) && \
+            !defined(WOLFSSL_ASN_ALLOW_0_SERIAL)
+                /* Suggestion only when relevant: */
+                if (wolfssl_found_zero_serial()) {
+                    ESP_LOGE(TAG, "Try turning on WOLFSSL_NO_ASN_STRICT "
+                                  "or WOLFSSL_ASN_ALLOW_0_SERIAL");
+                }
+        #endif
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                ESP_LOGCBI(TAG, "Successfully loaded DER certificate!");
+                ret = WOLFSSL_SUCCESS;
+            }
+
+            if (ret == WOLFSSL_SUCCESS) {
+                this_issuer = wolfSSL_X509_get_issuer_name(bundle_cert);
+                if (this_issuer == NULL) {
+                    ESP_LOGE(TAG, "Error getting issuer name.");
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    ESP_LOGCBNI(TAG, "This Bundle Item Issuer Name:  %s",
+                                  this_issuer->name);
+                }
+
+                this_subject = wolfSSL_X509_get_subject_name(bundle_cert);
+                if (this_subject == NULL) {
+                    ESP_LOGE(TAG, "Error getting subject name.");
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    if (wolfSSL_X509_NAME_oneline(this_subject, subjectName,
+                                                 sizeof(subjectName)) == NULL) {
+                        ESP_LOGE(TAG, "Error converting subject name "
+                                      "to string.");
+                        ret = WOLFSSL_FAILURE;
+                    }
+                    ESP_LOGCBI(TAG, "This Bundle Item Subject Name: %s",
+                                   subjectName);
+                }
+            }
+
+            /* subject == issuer */
+            if (ret == WOLFSSL_SUCCESS) {
+                /* Compare the current store cert issuer saved above, to the
+                 * current one being inspected in the bundle loop. We want to
+                 * match this bundle item issuer with the store certificate
+                 * subject name, as later we'll call wolfSSL_X509_check_issued()
+                 * which compares these fields. */
+
+                cmp_res = strcmp(this_subject->name,
+                                 store_cert_issuer->name);
+                last_cmp = cmp_res; /* in case we have to skip an item, save */
+            }
+            else {
+                ESP_LOGCBW(TAG, "Skipping CA #%d due to failure", middle);
+                cmp_res = last_cmp;
+            }
+    #ifdef CERT_BUNDLE_UNSORTED
+            if (cmp_res != last_cmp) {
+                ESP_LOGE(TAG, "Warning: unsorted!");
+            }
+    #endif
+#endif
+            ESP_LOGCBV(TAG, "This cmp_res = %d", cmp_res);
+            if (cmp_res == 0) {
+                ESP_LOGCBI(TAG, "Found a cert issuer match: %s",
+                                this_issuer->name);
+                _crt_found = 1;
+                break;
+            }
+
+            /* The next indexed cert item to look at: [middle] value: */
+#ifndef CERT_BUNDLE_UNSORTED
+            /* If the list is presorted, we can use a binary search. */
+            else if (cmp_res < 0) {
+                start = middle + 1;
+            }
+            else {
+                end = middle - 1;
+            }
+            middle = start + ((end - start) / 2);
+#else
+            /* When the list is NOT presorted, typically during debugging,
+             * just step though in the order found until one is found: */
+            else {
+                middle++;
+                start = middle;
+            }
+#endif
+            ESP_LOGCBV(TAG, "Item = %d; start: %d, end: %d",
+                             middle, start, end);
+            if (!_crt_found) {
+                /* this_issuer and this_subject are parts of this bundle_cert
+                 * so we don't need to clean them up explicitly.
+                 *
+                 * However, we'll start over with a freash bundle_cert for the
+                 * next search iteration. */
+                if (bundle_cert != NULL) {
+                    wolfSSL_X509_free(bundle_cert);
+                }
+                bundle_cert = wolfSSL_X509_new();
+            }
+        } /* while (start <= end) */
+
+        /************************* END Bundle Search. *************************/
+
+        /* After searching the bundle for an appropriate CA, if found then
+         * load into the provided cert manager. */
+        if (_crt_found) {
+            ESP_LOGCBW(TAG, "Found a Matching Certificate Name in the bundle!");
+            ret = cert_manager_load(preverify, store, cert_data, derCertLength);
+            if (ret == WOLFSSL_FAILURE) {
+                ESP_LOGW(TAG, "Warning: found a matching cert, but not added "
+                              "to the Certificate Manager. error: %d", ret);
+            }
+            else {
+                ESP_LOGCBI(TAG, "New CA added to the Certificate Manager.");
+            }
+        }
+        else {
+            ESP_LOGCBW(TAG, "Matching Certificate Name not found in bundle!");
+            ret = WOLFSSL_FAILURE;
+        } /* crt search result */
+
+        if ((_crt_found == 1) && (ret == WOLFSSL_SUCCESS)) {
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+            /* Store verify will fail when alt certs enabled. */
+            ESP_LOGCBI(TAG, "Skipping pre-update store verify with "
+                            "WOLFSSL_ALT_CERT_CHAINS enabled.");
+#else
+            /* Unlikely to work without alt cert chains, try to verify: */
+            ret = wolfSSL_X509_verify_cert(store);
+            if (ret == WOLFSSL_SUCCESS) {
+                ESP_LOGCBI(TAG, "Successfully verified store before "
+                                "making changes");
+            }
+            else {
+                ESP_LOGE(TAG, "Failed to verify store before making changes! "
+                              "ret = %d", ret);
+            }
+#endif
+
+#if defined(OPENSSL_EXTRA)
+            ESP_LOGCBI(TAG, "Checking wolfSSL_X509_check_issued(bundle_cert, "
+                            "store_cert)");
+            if (store_cert && wolfSSL_X509_check_issued(bundle_cert,
+                                                     store_cert) == X509_V_OK) {
+                ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued == X509_V_OK");
+
+            }
+            else {
+                /* This is ok, we may have others */
+                ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued failed. "
+                                "(there may be others)");
+            }
+#else
+            ESP_LOGW(TAG, "Warning: skipping wolfSSL_X509_check_issued, "
+                          "OPENSSL_EXTRA not enabled.");
+#endif
+
+            if (_added_cert == 0) {
+                /* Is this a CA or Leaf? */
+                if (bundle_cert->isCa == 1) {
+                        ESP_LOGCBI(TAG, "Adding Certificate Authority.");
+                    }
+                else {
+                        ESP_LOGCBW(TAG, "Warning: Adding end-entity leaf "
+                                        "certificate.");
+                }
+
+                /* Note that although we are adding a certificate to the store
+                 * now, it is too late to be used in the current TLS connection
+                 * that caused the callback. See the Cerfiicate Manager for
+                 * validation and possible overriding of preverify values. */
+                ESP_LOGCBI(TAG, "\n\nAdding Cert for Certificate Store!\n");
+                ret = wolfSSL_X509_STORE_add_cert(store->store, bundle_cert);
+                if (ret == WOLFSSL_SUCCESS) {
+                    ESP_LOGCBI(TAG, "Successfully added cert to wolfSSL "
+                                    "Certificate Store!");
+                    _added_cert = 1;
+                }
+                else {
+                    ESP_LOGE(TAG, "Failed to add cert to store! ret = %d", ret);
+                    ret = WOLFSSL_FAILURE;
+                }
+            }
+            else {
+                ESP_LOGCBI(TAG, "Already added a matching cert!");
+            } /* _added_cert */
+
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+            /* Store verify will fail when alt certs enabled. */
+            ESP_LOGCBI(TAG, "Skipping post-update store verify with "
+                            "WOLFSSL_ALT_CERT_CHAINS enabled.");
+#else
+            ESP_LOGCBI(TAG, "wolfSSL_X509_verify_cert(store)");
+            ret = wolfSSL_X509_verify_cert(store);
+            if (ret == WOLFSSL_SUCCESS) {
+                ESP_LOGCBI(TAG, "Successfully verified cert in updated store!");
+            }
+            else {
+                ESP_LOGE(TAG, "Failed to verify cert in updated store! "
+                              "ret = %d", ret);
+                ret = WOLFSSL_FAILURE;
+            }
+#endif
+        } /* crt_found */
+        else {
+            ESP_LOGE(TAG, "Did not find a matching crt");
+            ret = WOLFSSL_FAILURE;
+        }
+    } /* Did not find a cert */
+    else {
+        /* not successful, so return zero for failure. */
+        ret = WOLFSSL_FAILURE;
+    } /* Failed to init, didn't even try to search. */
+
+
+    /* Clean up and exit */
+    if ((_crt_found == 0) && (bundle_cert != NULL)) {
+        ESP_LOGW(TAG, "Cert not found, free bundle_cert");
+        wolfSSL_X509_free(bundle_cert);
+        bundle_cert = NULL;
+        /* this_subject and this_issuer are pointers into cert used.
+         * Don't free if the cert was found. */
+        wolfSSL_X509_NAME_free(this_subject);
+        this_subject = NULL;
+        wolfSSL_X509_NAME_free(this_issuer);
+        this_issuer = NULL;
+    }
+
+    /* We don't clean up the store_cert and x509 as we are in a callback,
+     * and it is just a pointer into the actual ctx store cert.
+     *
+     * See wolfSSL_bundle_cleanup() called after connection completed. */
+    ESP_LOGCBI(TAG, "Exit wolfssl_ssl_conf_verify_cb ret = %d", ret);
+
+    WOLFSSL_LEAVE( "wolfssl_ssl_conf_verify_cb complete", ret);
+
+    return ret; /* preverify */
+}
+
+/* wolfssl_ssl_conf_verify_cb()
+ *   for reference:
+ *     typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
+ *
+ * This is the callback for TLS handshake verify / validation. See related:
+ *   wolfssl_ssl_conf_verify_cb_no_signer
+ *   wolfssl_ssl_conf_verify_cb_before_date
+ *   wolfssl_ssl_conf_verify_cb_after_date
+ *
+ * This callback is called FOR EACH cert in the store.
+ * Not all certs in the store will have a match for a cert in the bundle,
+ * but we NEED ONE to match when a preverify error occurs.
+ *
+ * See wolfssl_ssl_conf_verify() for setting callback to this function.
+ * Typically set when calling esp_crt_bundle_attach(). Specifically:
+ *    cfg->crt_bundle_attach(&tls->conf) in esp_tls_wolfssl.c
+ *    from the ESP-IDF esp-tls component.
+ *
+ * See esp_tls.h file: esp_err_t (*crt_bundle_attach)(void *conf)
+ *   and initialization in esp_transport_ssl_crt_bundle_attach
+ *       from the tcp_transport component: (transport_ssl.c)
+ *
+ * Functions in esp_crt_bundle are same names as other providers and
+ * gated in as appropriate when enabling CONFIG_ESP_TLS_USING_WOLFSSL.
+ *
+ * Note the wolfSSL component CMakeLists.txt *MUST* be properly linked in the
+ * file to be used within the ESP-IDF. Something like this:
+ *
+ *   target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
+ *
+ * Returns:
+ * 0 if the verification process should stop immediately with an error.
+ * 1 if the verification process should continue with the rest of handshake. */
+static CB_INLINE int wolfssl_ssl_conf_verify_cb(int preverify,
+                                      WOLFSSL_X509_STORE_CTX* store)
+{
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    char before_str[CTC_DATE_SIZE];
+    char after_str[CTC_DATE_SIZE];
+    WOLFSSL_ASN1_TIME *notBefore = NULL;
+    WOLFSSL_ASN1_TIME *notAfter = NULL;
+
+    int initial_preverify;
+    initial_preverify = preverify;
+
+    if (store == NULL) {
+        ESP_LOGCBW(TAG, "wolfssl_ssl_conf_verify_cb store is Null. Abort");
+        return initial_preverify;
+    }
+
+    /* Show the interesting preverify & error state upon entry to callback. */
+    if (preverify == 1) {
+        ESP_LOGCBI(TAG, "preverify == 1\n");
+    }
+    else {
+        ESP_LOGCBW(TAG, "preverify == %d\n", preverify);
+    }
+
+    if (store->error == 0) {
+        ESP_LOGCBI(TAG, "store->error == 0");
+    }
+    else {
+        ESP_LOGCBW(TAG, "store->error: %d", store->error);
+    }
+
+    notBefore = wolfSSL_X509_get_notBefore(store->current_cert);
+    if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str,
+                                    sizeof(before_str)) == NULL) {
+        ESP_LOGCBW(TAG, "Not Before value not valid");
+    }
+    else {
+        ESP_LOGCBI(TAG, "Not Before: %s", before_str);
+    }
+
+    esp_show_current_datetime();
+
+    notAfter = wolfSSL_X509_get_notAfter(store->current_cert);
+    if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str,
+                                    sizeof(after_str)) == NULL) {
+        ESP_LOGCBW(TAG, "Not After value not valid");
+    }
+    else {
+        ESP_LOGCBI(TAG, "Not After: %s", after_str);
+    }
+#endif
+
+    /* One possible condition is the error "Failed to find signer".
+     * This is where we search the bundle for a matching needed CA cert. */
+    if ((preverify == 0) && (store->error == ASN_NO_SIGNER_E)) {
+        ESP_LOGCBW(TAG, "Setting _need_bundle_cert!");
+        _need_bundle_cert = 1;
+
+        preverify = wolfssl_ssl_conf_verify_cb_no_signer(preverify, store);
+    }
+
+    /* Another common issue is the date/timestamp.
+     * During debugging, we can ignore cert ASN before/after limits: */
+#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME)
+    esp_show_current_datetime();
+
+    if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) {
+        preverify = wolfssl_ssl_conf_verify_cb_before_date(preverify, store);
+    }
+
+    if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) {
+        preverify = wolfssl_ssl_conf_verify_cb_after_date(preverify, store);
+    }
+#endif
+
+    /* Insert any other callback handlers here. */
+
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    /* When debugging, show if have we resolved any error. */
+    if (preverify == 1) {
+        ESP_LOGCBI(TAG, "Returning preverify == 1\n");
+        if (preverify != initial_preverify) {
+            /* Here we assume wolfssl_ssl_conf_verify_cb_no_signer
+             * properly found and validated the problem: such as
+             * a new cert from the bundled needed for signing. */
+            ESP_LOGCBW(TAG, "Callback overriding error initial preverify = %d, "
+                            "returning preverify = %d",
+                            initial_preverify, preverify );
+        }
+    }
+    else {
+        ESP_LOGCBW(TAG, "Warning; returning preverify == %d\n", preverify);
+    }
+#endif
+
+    return preverify;
+} /* wolfssl_ssl_conf_verify_cb */
+
+/* wolfssl_ssl_conf_verify() patterned after ESP-IDF.
+ * Used locally here only. Not used directly by esp-tls.
+ *
+ * This is typically called during esp_crt_bundle_attach() in
+ * *this* file, which has same-name functions gated with the macro:
+ *   CONFIG_ESP_TLS_USING_WOLFSSL
+ *
+ * See also ESP-IDF transport_ssl component. */
+void CB_INLINE wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf,
+                             int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK,
+                             void (*p_vrfy) )
+{
+    /* Other Cryptographic providers for reference:
+    conf->f_vrfy      = f_vrfy;  (verification function callback)
+    conf->p_vrfy      = p_vrfy;  (pre-verification value)
+    */
+
+    /* typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); */
+    wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)(conf->priv_ctx),
+                            WOLFSSL_VERIFY_PEER, wolfssl_ssl_conf_verify_cb);
+}
+
+/* esp_crt_verify_callback() patterned after ESP-IDF.
+ * Used locally here only. Not used directly by esp-tls.
+ *
+ * This callback is called for every certificate in the chain. If the chain
+ * is proper each intermediate certificate is validated through its parent
+ * in the x509_crt_verify_chain() function. So this callback should
+ * only verify the first untrusted link in the chain is signed by the
+ * root certificate in the trusted bundle
+*/
+int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt, int depth,
+                            uint32_t *flags)
+{
+    WOLFSSL_X509 *child;
+    const uint8_t *crt_name;
+    int start = 0;
+    int middle = 0;
+    int end  = 0;
+    int crt_found = 0;
+    int ret = -1;
+    size_t name_len = 0;
+    size_t key_len  = 0;
+
+    child = crt;
+
+    if (s_crt_bundle.crts == NULL) {
+        ESP_LOGE(TAG, "No certificates in bundle");
+        return -1;
+    }
+
+    ESP_LOGCBI(TAG, "esp_crt_verify_callback: %d certificates in bundle",
+                  s_crt_bundle.num_certs);
+
+    name_len = 0;
+
+    crt_found = false;
+    start = 0;
+    if (s_crt_bundle.num_certs > 0) {
+        end = s_crt_bundle.num_certs - 1;
+        middle = (end - start) / 2;
+    }
+    else {
+        end = -1;
+        middle = -1;
+    }
+    /* Look for the certificate using binary search on subject name */
+    while (start <= end) {
+        name_len = (s_crt_bundle.crts[middle][0] << 8) |
+                   (s_crt_bundle.crts[middle][1]);
+        crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
+
+        int cmp_res = memcmp(child->altNames, crt_name, name_len);
+        if (cmp_res == 0) {
+            ESP_LOGCBI(TAG, "crt found %s", crt_name);
+            crt_found = true;
+            break;
+        }
+        else if (cmp_res < 0) {
+            end = middle + 1;
+        }
+        else {
+            start = middle - 1;
+        }
+        middle = (start + end) / 2;
+    }
+
+    ret = -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */
+    if (crt_found) {
+        key_len = (s_crt_bundle.crts[middle][2] << 8) |
+                  (s_crt_bundle.crts[middle][3]);
+        /* This is the wolfssl_ssl_conf_verify callback to attach bundle.
+         * We'll verify at certificate attachment time. */
+        ESP_LOGV(TAG, "Found key. Len = %d", key_len);
+        /* Optional validation not implemented at this time. */
+        /* See wolfssl_ssl_conf_verify_cb() */
+    }
+    else {
+        ESP_LOGW(TAG, "crt not found!");
+    }
+
+    if (ret == 0) {
+        ESP_LOGCBI(TAG, "Certificate validated (2)");
+        *flags = 0;
+        return 0;
+    }
+
+    ESP_LOGW(TAG, "Deprecated; this API for compiler compatibility only.");
+    ESP_LOGW(TAG, "Please use wolfssl_ssl_conf_verify_cb() .");
+    ESP_LOGE(TAG, "Failed to verify certificate");
+    return -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */
+} /* esp_crt_verify_callback */
+
+/* wolfssl_ssl_conf_authmode() patterned after ESP-IDF. */
+void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf, int authmode)
+{
+    wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)conf->priv_ctx, authmode, NULL);
+}
+
+/* API wolfssl_x509_crt_init */
+void wolfssl_x509_crt_init(WOLFSSL_X509 *crt)
+{
+    InitX509(crt, 0, NULL);
+}
+
+/* cert buffer compatibility helper */
+void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf,
+                               WOLFSSL_X509       *ca_chain,
+                               WOLFSSL_X509_CRL   *ca_crl)
+{
+    conf->ca_chain   = ca_chain;
+    conf->ca_crl     = ca_crl;
+
+#if defined(WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK)
+    /* wolfssl_ssl_conf_ca_chain() and wolfsslssl_ssl_conf_ca_cb()
+     * cannot be used together. */
+    conf->f_ca_cb = NULL;
+    conf->p_ca_cb = NULL;
+#endif /* WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK */
+}
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+esp_err_t esp_crt_bundle_is_valid(void)
+{
+    return _esp_crt_bundle_is_valid;
+}
+
+/* Initialize the bundle into an array so we can do binary
+ * search for certs; the bundle generated by the python utility is
+ * normally already presorted by subject name attributes in ARBITRARY order!
+ *
+ * See gen_crt_bundle.py regarding element extraction sort.
+ *
+ * To used as unsorted list, see above:
+ *    `#define CERT_BUNDLE_UNSORTED`
+ */
+static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
+                                             size_t bundle_size)
+{
+    const uint8_t *bundle_end = NULL;
+    const uint8_t *cur_crt = NULL;
+    uint16_t i;
+    size_t cert_len;
+    int ret = ESP_OK;
+
+    WOLFSSL_ENTER("wolfssl_esp_crt_bundle_init");
+    _esp_crt_bundle_is_valid = ESP_OK; /* Assume valid until proven otherwise. */
+
+    _cert_bundle_loaded = 0;
+    _crt_found = 0;
+    _added_cert = 0;
+    _need_bundle_cert = 0;
+
+    /* Basic check of bundle size. */
+    if (ret == ESP_OK) {
+        if (bundle_size < BUNDLE_HEADER_OFFSET + CRT_HEADER_OFFSET) {
+            ESP_LOGE(TAG, "Invalid certificate bundle size");
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_INVALID_ARG;
+        }
+    }
+
+    /* Number of certificates pre-calculated in python script, extract value: */
+    if (ret == ESP_OK) {
+        num_certs = (x509_bundle[0] << 8) | x509_bundle[1];
+        if (num_certs > CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS) {
+            ESP_LOGE(TAG, "Number of certs in the certificate bundle = %d "
+                          "exceeds\nMax allowed certificates in certificate "
+                          "bundle = %d\nPlease update the menuconfig option",
+                          num_certs,
+                          CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS);
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_INVALID_ARG;
+        }
+        else {
+            ESP_LOGCBI(TAG, "No. of certs in certificate bundle = % d",
+                            num_certs);
+            ESP_LOGCBI(TAG, "Max allowed certificates in certificate bundle = "
+                            "%d", CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS);
+        }
+    } /* ret == ESP_OK */
+
+    if (ret == ESP_OK) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGW(TAG, "calloc certs: %d bytes", (uint)sizeof(x509_bundle));
+#endif
+        /* Contiguous allocation is important to our cert extraction. */
+        crts = calloc(num_certs, sizeof(x509_bundle));
+        if (crts == NULL) {
+            ESP_LOGE(TAG, "Unable to allocate memory for bundle pointers");
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_NO_MEM;
+        }
+    } /* ret == ESP_OK */
+
+    /* If all is ok, proceed with initialization of Certificate Bundle */
+    if (ret == ESP_OK) {
+        /* This is the maximum region that is allowed to access */
+        ESP_LOGV(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
+        ESP_LOGV(TAG, "Bundle Size  %d", bundle_size);
+        bundle_end = x509_bundle + bundle_size;
+        ESP_LOGV(TAG, "Bundle End   0x%x", (intptr_t)bundle_end);
+        cur_crt = x509_bundle + BUNDLE_HEADER_OFFSET;
+
+        for (i = 0; i < num_certs; i++) {
+            ESP_LOGV(TAG, "Init Cert %d", i);
+            if (cur_crt + CRT_HEADER_OFFSET > bundle_end) {
+                ESP_LOGE(TAG, "Invalid certificate bundle current offset");
+                _esp_crt_bundle_is_valid = ESP_FAIL;
+                ret = ESP_ERR_INVALID_ARG;
+                break;
+            }
+
+            crts[i] = cur_crt;
+
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+            /* For reference only */
+            size_t name_len = cur_crt[0] << 8 | cur_crt[1];
+            size_t key_len = cur_crt[2] << 8 | cur_crt[3];
+            cur_crt = cur_crt + CRT_HEADER_OFFSET + name_len + key_len;
+#else
+            cert_len = cur_crt[0] << 8 | cur_crt[1];
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+            defined(       WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+            defined(CONFIG_WOLFSSL_NO_ASN_STRICT)      || \
+            defined(       WOLFSSL_NO_ASN_STRICT)
+            if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
+                                                 cert_len) > 0) {
+                ESP_LOGW(TAG, "Warning: found zero value for serial number in "
+                              "certificate #%d", i);
+                ESP_LOGW(TAG, "Enable WOLFSSL_NO_ASN_STRICT to allow zero in "
+                              "serial number.");
+            }
+    #endif
+            cur_crt = cur_crt + (CRT_HEADER_OFFSET + cert_len);
+#endif
+        } /* for certs 0 to num_certs - 1 in the order found */
+    } /* ret == ESP_OK */
+
+    /* One final validation check. */
+    if (cur_crt > bundle_end) {
+        ESP_LOGE(TAG, "Invalid certificate bundle after end");
+        _esp_crt_bundle_is_valid = ESP_FAIL;
+        ret = ESP_ERR_INVALID_ARG;
+    }
+
+    if (_esp_crt_bundle_is_valid ==  ESP_FAIL) {
+        if (crts == NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+            ESP_LOGW(TAG, "Free certs after invalid bundle");
+#endif
+            free(crts);
+            crts = NULL;
+            s_crt_bundle.num_certs = 0;
+            s_crt_bundle.crts = NULL;
+        }
+    }
+    else {
+        /* The previous crt bundle is only updated when initialization of the
+         * current crt_bundle is successful */
+        /* Free previous crt_bundle */
+        if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+            ESP_LOGI(TAG, "Free crts");
+#endif
+            free(s_crt_bundle.crts);
+        }
+        s_crt_bundle.num_certs = num_certs;
+        s_crt_bundle.crts = crts;
+    }
+
+    /* Consider using WOLFSSL_ASN_ALLOW_0_SERIAL or WOLFSSL_NO_ASN_STRICT
+     * to relax checks. Use with caution. See wolfSSL documentation. */
+    if (wolfssl_found_zero_serial()) {
+        ESP_LOGCBW(TAG, "Warning: At least one certificate in the bundle "
+                        "is missing a serial number.");
+    }
+
+    WOLFSSL_LEAVE("wolfssl_esp_crt_bundle_init", ret);
+    return ret;
+} /* esp_crt_bundle_init */
+
+/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer. */
+esp_err_t esp_crt_bundle_attach(void *conf)
+{
+    esp_err_t ret = ESP_OK;
+    ESP_LOGCBI(TAG, "Enter esp_crt_bundle_attach");
+    /* If no bundle has been set by the user,
+     * then use the bundle embedded in the binary */
+    if (s_crt_bundle.crts == NULL) {
+        ESP_LOGCBI(TAG, "No bundle set by user; using the embedded binary.");
+        ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_start 0x%x",
+               (intptr_t)x509_crt_imported_bundle_wolfssl_bin_start);
+        ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
+               (intptr_t)x509_crt_imported_bundle_wolfssl_bin_end);
+        ret = wolfssl_esp_crt_bundle_init(
+                         x509_crt_imported_bundle_wolfssl_bin_start,
+                        (x509_crt_imported_bundle_wolfssl_bin_end
+                       - x509_crt_imported_bundle_wolfssl_bin_start));
+    }
+    else {
+        ESP_LOGCBI(TAG, "Cert bundle set by user at 0x%x.",
+                       (intptr_t)s_crt_bundle.crts);
+    }
+
+    if (ret == ESP_OK) {
+        if (conf) {
+            wolfssl_ssl_config *ssl_conf = (wolfssl_ssl_config *)conf;
+            wolfssl_ssl_conf_verify(ssl_conf, esp_crt_verify_callback, NULL);
+        }
+        else {
+            ESP_LOGCBI(TAG, "esp_crt_bundle_attach no conf object supplied");
+        }
+    }
+    else {
+        ESP_LOGE(TAG, "Failed to attach bundle");
+    }
+    ESP_LOGCBI(TAG, "esp_crt_bundle_attach completed for wolfSSL");
+
+    _esp_crt_bundle_is_valid = ret;
+    return ret;
+} /* esp_crt_bundle_attach */
+
+/* esp_crt_bundle_detach() used by ESP-IDF esp-tls layer. */
+void esp_crt_bundle_detach(wolfssl_ssl_config *conf)
+{
+    ESP_LOGI(TAG, "esp_crt_bundle_detach");
+    _wolfssl_found_zero_serial = ESP_OK;
+    _cert_bundle_loaded = 0;
+    _crt_found = 0;
+    _added_cert = 0;
+    _need_bundle_cert = 0;
+
+    if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free s_crt_bundle.crts");
+#endif
+        free(s_crt_bundle.crts);
+        s_crt_bundle.crts = NULL;
+    }
+    if (conf) {
+        wolfssl_ssl_conf_verify(conf, NULL, NULL);
+        ESP_LOGE(TAG, "esp_crt_bundle_detach not implemented for wolfSSL");
+    }
+    ESP_LOGE(TAG, "Not implemented: esp_crt_bundle_detach");
+
+    /* If there's no cert bundle attached, it is not valid: */
+    _esp_crt_bundle_is_valid = ESP_FAIL;
+}
+
+/* The name esp_crt_bundle_set() used by ESP-IDF esp-tls layer,
+ * but called wolfssl_esp_crt_bundle_init here. */
+esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size)
+{
+    return wolfssl_esp_crt_bundle_init(x509_bundle, bundle_size);
+}
+
+/* Clean up bundle when closing connection from ESP-TLS layer. */
+esp_err_t wolfSSL_bundle_cleanup(void)
+{
+#ifdef DEBUG_WOLFSSL_MALLOC
+    size_t free_heap_size;
+    size_t min_free_heap_size;
+    size_t free_internal_heap_size;
+#endif
+
+    ESP_LOGV(TAG, "Enter wolfSSL_bundle_cleanup");
+
+    if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free s_crt_bundle.crts in wolfSSL_bundle_cleanup");
+#endif
+        free(s_crt_bundle.crts);
+        s_crt_bundle.crts = NULL;
+    }
+
+#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+    /* When the esp-tls is linked as a requirement in CMake and used by the
+     * ESP-IDF in the esp-tls component, call at cleanup time: */
+    esp_tls_free_global_ca_store();
+#endif
+
+    /* Be sure to free the bundle_cert first, as it may be part of store. */
+    if (bundle_cert != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free bundle_cert in wolfSSL_bundle_cleanup");
+#endif
+        wolfSSL_X509_free(bundle_cert);
+        bundle_cert = NULL;
+    }
+
+    if (store_cert != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free store_cert in wolfSSL_bundle_cleanup");
+#endif
+        wolfSSL_X509_free(store_cert);
+        store_cert = NULL;
+    }
+
+    memset(&s_crt_bundle, 0, sizeof(s_crt_bundle));
+
+#ifdef DEBUG_WOLFSSL_MALLOC
+    /* Get total free heap size */
+    free_heap_size = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Free heap size: %u bytes", free_heap_size);
+
+    /* Get minimum ever free heap size (since boot) */
+    min_free_heap_size = esp_get_minimum_free_heap_size();
+    ESP_LOGI(TAG, "Minimum ever free heap size: %u bytes", min_free_heap_size);
+
+    /* Get the amount of free memory in internal RAM */
+    free_internal_heap_size = heap_caps_get_free_size(MALLOC_CAP_INTERNAL);
+    ESP_LOGI(TAG, "Free internal heap size: %u bytes", free_internal_heap_size);
+#endif /* DEBUG_WOLFSSL_MALLOC */
+
+    return ESP_OK;
+}
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+/* Sanity checks: */
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
+    /* The settings.h and/or user_settings.h should have detected config
+     * values from Kconfig and set the appropriate wolfSSL macro: */
+    #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
+#endif /* CONFIG_WOLFSSL_NO_ASN_STRICT && ! WOLFSSL_NO_ASN_STRICT */
+
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE && !(NONE cert) */
+#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */
+#endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
new file mode 100644
index 000000000..5763e8820
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
@@ -0,0 +1,360 @@
+#!/usr/bin/env python
+#
+#  gen_crt_bundle.py
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+# ESP32 x509 certificate bundle generation utility
+#
+# Converts PEM and DER certificates to a custom bundle format which stores just the
+# subject name and public key to reduce space
+#
+# The bundle will have the format:
+# number of certificates;
+# crt 1 subject name length;
+# crt 1 public key length;
+# crt 1 subject name;
+# crt 1 public key;
+# crt 2...
+
+
+from __future__ import with_statement
+
+import argparse
+import csv
+import os
+import re
+import unicodedata
+import struct
+import sys
+from io import open
+
+try:
+    from cryptography import x509
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import serialization
+    from cryptography.x509.oid import NameOID
+
+except ImportError:
+    print('The cryptography package is not installed.'
+          'Please refer to the Get Started section of the ESP-IDF Programming Guide for '
+          'setting up the required packages.')
+    raise
+
+ca_bundle_bin_file = 'x509_crt_bundle_wolfssl'
+
+quiet = False
+
+
+def status(msg):
+    """ Print status message to stderr """
+    if not quiet:
+        critical(msg)
+
+
+def critical(msg):
+    """ Print critical message to stderr """
+    sys.stderr.write('gen_crt_bundle.py: ')
+    sys.stderr.write(msg)
+    sys.stderr.write('\n')
+
+
+class CertificateBundle:
+    def __init__(self):
+        self.certificates = []
+        self.compressed_crts = []
+
+        if os.path.isfile(ca_bundle_bin_file):
+            os.remove(ca_bundle_bin_file)
+
+    def add_from_path(self, crts_path):
+
+        found = False
+        for file_path in os.listdir(crts_path):
+            found |= self.add_from_file(os.path.join(crts_path, file_path))
+
+        if found is False:
+            raise InputError('No valid x509 certificates found in %s' % crts_path)
+
+    def add_from_file(self, file_path):
+        try:
+            if file_path.endswith('.pem'):
+                status('Parsing certificates from %s' % file_path)
+                with open(file_path, 'r', encoding='utf-8') as f:
+                    crt_str = f.read()
+                    self.add_from_pem(crt_str)
+                    return True
+
+            elif file_path.endswith('.der'):
+                status('Parsing certificates from %s' % file_path)
+                with open(file_path, 'rb') as f:
+                    crt_str = f.read()
+                    self.add_from_der(crt_str)
+                    return True
+
+        except ValueError:
+            critical('Invalid certificate in %s' % file_path)
+            raise InputError('Invalid certificate')
+
+        return False
+
+    def add_from_pem(self, crt_str):
+        """ A single PEM file may have multiple certificates """
+
+        crt = ''
+        count = 0
+        start = False
+
+        for strg in crt_str.splitlines(True):
+            if strg == '-----BEGIN CERTIFICATE-----\n' and start is False:
+                crt = ''
+                start = True
+            elif strg == '-----END CERTIFICATE-----\n' and start is True:
+                crt += strg + '\n'
+                start = False
+                self.certificates.append(x509.load_pem_x509_certificate(crt.encode(), default_backend()))
+                count += 1
+            if start is True:
+                crt += strg
+
+        if count == 0:
+            raise InputError('No certificate found')
+
+        status('Successfully added %d certificates' % count)
+
+    def add_from_der(self, crt_str):
+        self.certificates.append(x509.load_der_x509_certificate(crt_str, default_backend()))
+        status('Successfully added 1 certificate')
+
+    def get_subject_text(self, cert):
+        # Extract subject as a string in the desired format
+        return ", ".join(
+            f"/{attribute.oid._name}={attribute.value}"  # Adjust as necessary to format as "/C=US/O=..."
+            for attribute in cert.subject
+        )
+
+    # We are currently sorting in AS FOUND order. wolfSSL does this in wolfSSL_X509_NAME_oneline()
+    # But for reference, if desired:
+    #
+    # /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA
+    # /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave
+    desired_dn_order = ["/C=", "/ST=", "/L=", "/O=", "/OU=", "/CN="]
+
+    def extract_dn_components(self, cert):
+        """
+        Extract the DN components based on the desired order and return the assembled string.
+        """
+        #dn_dict = {"/C=": "/C=", "/ST=": "/ST=", "/L=": "/L=", "/O=": "/O=", "/OU=": "/OU=", "/CN=": "/CN="}
+        dn_dict = {"/C=": "", "/ST=": "", "/L=": "", "/O=": "", "/OU=": "", "/CN=": ""}
+
+        # Map the actual DN elements to the correct keys in the desired order
+        for attribute in cert.subject:
+            if attribute.oid == x509.NameOID.COUNTRY_NAME:
+                dn_dict["/C="] = attribute.value
+            elif attribute.oid == x509.NameOID.ORGANIZATIONAL_UNIT_NAME:
+                dn_dict["/OU="] = attribute.value
+            elif attribute.oid == x509.NameOID.ORGANIZATION_NAME:
+                dn_dict["/O="] = attribute.value
+            elif attribute.oid == x509.NameOID.COMMON_NAME:
+                dn_dict["/CN="] = attribute.value
+            elif attribute.oid == x509.NameOID.LOCALITY_NAME:
+                dn_dict["/L="] = attribute.value
+            elif attribute.oid == x509.NameOID.STATE_OR_PROVINCE_NAME:
+                dn_dict["/ST="] = attribute.value
+
+        #return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order])
+        return dn_dict
+
+    def sorting_key(self, cert):
+        """
+        Create a tuple for sorting, where each component is sorted in the order defined by `desired_dn_order`.
+        If a component is missing, it is replaced with a value that will ensure proper sorting (empty string).
+        """
+        dn_dict = self.extract_dn_components(cert)
+
+        return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order if dn_dict[key]])
+
+    def sort_certificates_by_dn_order(self, certificates):
+        """
+        Sort the list of certificates based on the DN string assembled in the specified order.
+        """
+        return sorted(certificates, key=self.sorting_key)
+
+    def extract_dn_components_as_is(self, cert):
+        """
+        Extract the DN components exactly as they appear in the certificate.
+        """
+        # dn_string = ', '.join([f"{attribute.oid._name}={attribute.value}" for attribute in cert.subject])
+        dn_string = ""
+        result_string = ""
+
+        # Mapping of known OIDs to their short names
+        oid_short_names = {
+            'commonName': '/CN',
+            'countryName': '/C',
+            'stateOrProvinceName': '/ST',
+            'localityName': '/L',
+            'organizationName': '/O',
+            'organizationalUnitName': '/OU'
+        }
+
+        with open("cert_bundle.log", "a") as file:
+            # Write to the file
+            file.write("\nNew cert\n\n")
+            for attribute in cert.subject:
+                # Use a predefined map for known OIDs, and fallback to the dotted string if not found
+                oid_full_name  = attribute.oid._name if attribute.oid._name else attribute.oid.dotted_string
+
+                # The common string uses "/CN" and not "commonName", so we need to swap out keywords such as commonName:
+                oid_name = oid_short_names.get(oid_full_name, oid_full_name)
+                file.write(f"oid_name={oid_name}\n")
+
+                # Strip unicode
+                normalized_string = unicodedata.normalize('NFKD', attribute.value)
+
+                # Encode to ASCII bytes, ignoring any characters that can't be converted
+                ascii_bytes = normalized_string.encode('ascii', 'ignore')
+
+                # Decode back to ASCII string
+                ascii_string = ascii_bytes.decode('ascii')
+                file.write(f"attribute_value={ascii_string}\n")
+
+                # assemble the dn string for this cert
+                dn_string += f"/{oid_name}={ascii_string}"
+                file.write(f"dn_string={dn_string}\n")
+
+            # Remove any unprintable characters
+            cleaned_string = re.sub(r'[^\x20-\x7E]', ' ', dn_string)
+            file.write(f"cleaned_string={cleaned_string}\n")
+            result_string = cleaned_string.replace("=", " ")
+            file.write(f"result_string={result_string}\n")
+
+        # Reminder this is a sort order only; cert NOT modified.
+        return result_string
+
+    def sorting_key_as_is(self, cert):
+        """
+        Use the DN string as found in the certificate as the sorting key.
+        """
+        dn_string = self.extract_dn_components_as_is(cert)
+        return dn_string
+
+    def sort_certificates_by_as_is(self, certificates):
+        """
+        Sort the list of certificates based on the DN string assembled in the specified order.
+        """
+        return sorted(certificates, key=self.sorting_key_as_is)
+
+    def create_bundle(self):
+        # Sort certificates in order to do binary search when looking up certificates
+        # NOTE: When sorting, see `esp_crt_bundle.c`;
+        #       Use `#define CERT_BUNDLE_UNSORTED` when not sorting.
+        #
+        with open("cert_bundle.log", "w") as file:
+            # Write to the file
+            file.write("init.\n")
+        self.certificates = self.sort_certificates_by_as_is(self.certificates)
+
+
+        bundle = struct.pack('>H', len(self.certificates))
+
+        for crt in self.certificates:
+            cert_der = crt.public_bytes(serialization.Encoding.DER)
+            cert_der_len = len(cert_der)
+
+            len_data = struct.pack('>H', cert_der_len)
+            bundle += len_data
+            bundle += cert_der
+
+        return bundle
+
+    def add_with_filter(self, crts_path, filter_path):
+
+        filter_set = set()
+        with open(filter_path, 'r', encoding='utf-8') as f:
+            csv_reader = csv.reader(f, delimiter=',')
+
+            # Skip header
+            next(csv_reader)
+            for row in csv_reader:
+                filter_set.add(row[1])
+
+        status('Parsing certificates from %s' % crts_path)
+        crt_str = []
+        with open(crts_path, 'r', encoding='utf-8') as f:
+            crt_str = f.read()
+
+            # Split all certs into a list of (name, certificate string) tuples
+            pem_crts = re.findall(r'(^.+?)\n(=+\n[\s\S]+?END CERTIFICATE-----\n)', crt_str, re.MULTILINE)
+
+            filtered_crts = ''
+            for name, crt in pem_crts:
+                if name in filter_set:
+                    filtered_crts += crt
+
+        self.add_from_pem(filtered_crts)
+
+
+class InputError(RuntimeError):
+    def __init__(self, e):
+        super(InputError, self).__init__(e)
+
+
+def main():
+    global quiet
+
+    parser = argparse.ArgumentParser(description='ESP-IDF x509 certificate bundle utility')
+
+    parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true')
+    parser.add_argument('--input', '-i', nargs='+', required=True,
+                        help='Paths to the custom certificate folders or files to parse, parses all .pem or .der files')
+    parser.add_argument('--filter', '-f', help='Path to CSV-file where the second columns contains the name of the certificates \
+                        that should be included from cacrt_all.pem')
+
+    args = parser.parse_args()
+
+    quiet = args.quiet
+
+    bundle = CertificateBundle()
+
+    for path in args.input:
+        if os.path.isfile(path):
+            if os.path.basename(path) == 'cacrt_all.pem' and args.filter:
+                bundle.add_with_filter(path, args.filter)
+            else:
+                bundle.add_from_file(path)
+        elif os.path.isdir(path):
+            bundle.add_from_path(path)
+        else:
+            raise InputError('Invalid --input=%s, is neither file nor folder' % args.input)
+
+    status('Successfully added %d certificates in total' % len(bundle.certificates))
+
+    crt_bundle = bundle.create_bundle()
+
+    with open(ca_bundle_bin_file, 'wb') as f:
+        f.write(crt_bundle)
+
+
+if __name__ == '__main__':
+    try:
+        main()
+    except InputError as e:
+        print(e)
+        sys.exit(2)
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
new file mode 100644
index 000000000..5bd7a649d
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
@@ -0,0 +1,303 @@
+/* esp_sdk_mem_lib.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/types.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
+#ifndef SINGLE_THREADED
+    #ifdef PLATFORMIO
+        #include <freertos/semphr.h>
+    #else
+        #include "semphr.h"
+    #endif
+#endif
+
+/* Espressif */
+#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+#include <esp_log.h>
+#include <esp_err.h>
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+static const char* TAG = "mem lib";
+static intptr_t _starting_stack_pointer = 0;
+static int _stack_used = 0;
+
+
+/* see
+ * C:\SysGCC\esp8266\rtos-sdk\v3.4\components\esp8266\ld\esp8266.project.ld.in
+ */
+extern wc_ptr_t _data_start[];
+extern wc_ptr_t _data_end[];
+extern wc_ptr_t _rodata_start[];
+extern wc_ptr_t _rodata_end[];
+extern wc_ptr_t _bss_start[];
+extern wc_ptr_t _bss_end[];
+extern wc_ptr_t _rtc_bss_start[];
+extern wc_ptr_t _rtc_bss_end[];
+extern wc_ptr_t _iram_start[];
+extern wc_ptr_t _iram_end[];
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+extern wc_ptr_t _init_start[];
+extern wc_ptr_t _init_end[];
+#endif
+extern wc_ptr_t _iram_text_start[];
+extern wc_ptr_t _iram_text_end[];
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* TODO: Find ESP32-S2 equivalent */
+#else
+    extern wc_ptr_t _iram_bss_start[];
+    extern wc_ptr_t _iram_bss_end[];
+#endif
+extern wc_ptr_t _noinit_start[];
+extern wc_ptr_t _noinit_end[];
+extern wc_ptr_t _text_start[];
+extern wc_ptr_t _text_end[];
+extern wc_ptr_t _heap_start[];
+extern wc_ptr_t _heap_end[];
+#ifdef CONFIG_IDF_TARGET_ESP32C2
+    /* no rtc_data on ESP32-C2*/
+#else
+    extern wc_ptr_t _rtc_data_start[];
+    extern wc_ptr_t _rtc_data_end[];
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1
+    extern void* _thread_local_start;
+    extern void* _thread_local_end;
+#endif
+
+/* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */
+#define MEM_MAP_IO_START  ((void*)(0x3FF00000))
+#define MEM_MAP_IO_END    ((void*)(0x3FF0FFFF))
+#define USER_DATA_START   ((void*)(0x3FFE8000))
+#define USER_DATA_END     ((void*)(0x3FFE8000 + 0x14000))
+#define ETS_SYS_START     ((void*)(0x3FFFC000))
+#define ETS_SYS_END       ((void*)(0x3FFFC000 + 0x4000))
+#define IRAM1_START       ((void*)(0x40100000))
+#define IRAM1_END         ((void*)(0x40100000 + 0x8000))
+#define IRAMF1_START      ((void*)(0x40108000))
+#define IRAMF1_END        ((void*)(0x40108000 + 0x4000))
+#define IRAMF2_START      ((void*)(0x4010C000))
+#define IRAMF2_END        ((void*)(0x4010C000 + 0x4000))
+
+enum sdk_memory_segment
+{
+    /* Ensure this list exactly matches order in sdk_memory_segment_text */
+    mem_map_io = 0,
+    thread_local,
+    data,
+    user_data_ram,
+    bss,
+    noinit,
+    ets_system,
+    iram1,
+    iramf1,
+    iramf2,
+    iram,
+    iram_text,
+    iram_bss,
+    init,
+    text,
+    rodata,
+    rtc_data,
+    SDK_MEMORY_SEGMENT_COUNT
+};
+
+static void*      sdk_memory_segment_start[SDK_MEMORY_SEGMENT_COUNT + 1] = {};
+static void*        sdk_memory_segment_end[SDK_MEMORY_SEGMENT_COUNT + 1] = {};
+static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = {
+    "C memory map io ",
+    "* thread_local  ",
+    "C data          ",
+    "* user data ram ",
+    "* bss           ",
+    "* noinit        ",
+    "C ets system    ",
+    "C iram1         ",
+    "C iramf1        ",
+    "C iramf2        ",
+    "* iram          ",
+    "* iram_text     ",
+    "* iram_bss      ",
+    "* init          ",
+    "* text          ",
+    "* rodata        ",
+    "* rtc data      ",
+    "last item",
+};
+
+/* Given a given memory segment [m]: assign text names, starting and ending
+ * addresses. See also sdk_var_whereis() that requires this initialization. */
+int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
+{
+    const char* str;
+    word32 len = 0;
+    str = sdk_memory_segment_text[m];
+    sdk_memory_segment_start[m] = start;
+    sdk_memory_segment_end[m] = end;
+    /* For ESP8266 See ./build/[Debug|Release]/esp8266/esp8266.project.ld */
+    /* For ESP32   See ./build/VisualGDB/Debug/esp-idf/esp_system/ld/     */
+    if (m == SDK_MEMORY_SEGMENT_COUNT) {
+        ESP_LOGI(TAG, "                    Linker Memory Map");
+        ESP_LOGI(TAG, "-----------------------------------------------------");
+        ESP_LOGI(TAG, "                  Start         End          Length");
+    }
+    else {
+        len = (word32)end - (word32)start;
+        ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len );
+    }
+    return ESP_OK;
+}
+
+/* Show all known linker memory segment names, starting & ending addresses. */
+int sdk_init_meminfo(void) {
+    void* sample_heap_var;
+    int sample_stack_var = 0;
+
+    sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */
+    sdk_log_meminfo(mem_map_io,    MEM_MAP_IO_START,    MEM_MAP_IO_END);
+#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1
+    sdk_log_meminfo(thread_local,  _thread_local_start, _thread_local_end);
+#endif
+    sdk_log_meminfo(data,          _data_start,         _data_end);
+    sdk_log_meminfo(user_data_ram, USER_DATA_START,     USER_DATA_END);
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* TODO: Find ESP32-S2 equivalent of bss */
+#else
+    sdk_log_meminfo(bss,           _bss_start,          _bss_end);
+#endif
+    sdk_log_meminfo(noinit,        _noinit_start,       _noinit_end);
+    sdk_log_meminfo(ets_system,    ETS_SYS_START,       ETS_SYS_END);
+    sdk_log_meminfo(rodata,        _rodata_start,       _rodata_end);
+    sdk_log_meminfo(iram1,         IRAM1_START,         IRAM1_END);
+    sdk_log_meminfo(iramf1,        IRAMF1_START,        IRAMF1_END);
+    sdk_log_meminfo(iramf2,        IRAMF2_START,        IRAMF2_END);
+    sdk_log_meminfo(iram,          _iram_start,         _iram_end);
+    sdk_log_meminfo(iram_text,     _iram_text_start,    _iram_text_end);
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* No iram_bss on ESP32-C2 at this time. TODO: something equivalent? */
+#else
+    sdk_log_meminfo(iram_bss,      _iram_bss_start,     _iram_bss_end);
+#endif
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    sdk_log_meminfo(init,          _init_start,         _init_end);
+#endif
+    sdk_log_meminfo(text,          _text_start,         _text_end);
+#if defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* No rtc_data on ESP32-C2 at this time. TODO: something equivalent? */
+#else
+    sdk_log_meminfo(rtc_data,      _rtc_data_start,     _rtc_data_end);
+#endif
+    ESP_LOGI(TAG, "-----------------------------------------------------");
+    sample_heap_var = malloc(1);
+    if (sample_heap_var == NULL) {
+        ESP_LOGE(TAG, "Unable to allocate heap memory in sdk_var_whereis().");
+    }
+    else {
+        sdk_var_whereis("sample_stack_var", (void*)&sample_stack_var);
+        sdk_var_whereis("sample_heap_var", sample_heap_var);
+        free(sample_heap_var);
+    }
+    return ESP_OK;
+}
+
+/* Returns ESP_OK if found in known memory map, ESP_FAIL otherwise */
+esp_err_t sdk_var_whereis(const char* v_name, void* v) {
+    esp_err_t ret = ESP_FAIL;
+
+    for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) {
+        if (v >= sdk_memory_segment_start[m] &&
+            v <= sdk_memory_segment_end[m]) {
+                ret = ESP_OK;
+                ESP_LOGI(TAG, "Variable [%s] found at %p in %s", v_name, v,
+                              sdk_memory_segment_text[m]);
+                if (m == user_data_ram) {
+
+                }
+            }
+    }
+
+    if (ret == ESP_FAIL) {
+        ESP_LOGW(TAG, "%s not found in known memory map: %p", v_name, v);
+    }
+    return ret;
+}
+
+intptr_t esp_sdk_stack_pointer(void)
+{
+    intptr_t sp = 0;
+#if defined(CONFIG_IDF_TARGET_ARCH_RISCV)
+    if (CONFIG_IDF_TARGET_ARCH_RISCV == 1) {
+        __asm volatile("mv %0, sp" : "=r" (sp));
+    }
+#elif defined(CONFIG_IDF_TARGET_ARCH_XTENSA)
+    if (CONFIG_IDF_TARGET_ARCH_XTENSA == 1) {
+        __asm volatile("mov %0, sp" : "=r"(sp));
+    }
+#endif
+    if (_starting_stack_pointer == 0) {
+        _starting_stack_pointer = sp;
+    }
+    _stack_used = _starting_stack_pointer - sp;
+    return sp;
+}
+
+esp_err_t esp_sdk_mem_lib_init(void)
+{
+    int ret = ESP_OK;
+    sdk_init_meminfo();
+    ESP_LOGI(TAG, "esp_sdk_mem_lib_init Ver %d", ESP_SDK_MEM_LIB_VERSION);
+    return ret;
+}
+
+void* wc_debug_pvPortMalloc(size_t size,
+                           const char* file, int line, const char* fname) {
+    void* ret = NULL;
+    ret = pvPortMalloc(size);
+    if (ret == NULL) {
+        ESP_LOGE("malloc", "%s:%d (%s)", file, line, fname);
+        ESP_LOGE("malloc", "Failed Allocating memory of size: %d bytes", size);
+    }
+    return ret;
+}
+
+#endif
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
new file mode 100644
index 000000000..036174e73
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
@@ -0,0 +1,480 @@
+/* esp_sdk_time_lib.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.     */
+/* Reminder: settings.h pulls in user_settings.h                          */
+/*   Do not explicitly include user_settings.h here.                      */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF. */
+#include "sdkconfig.h"      /* programmatically generated from sdkconfig. */
+
+#if defined(USE_WOLFSSL_ESP_SDK_TIME)
+/* Espressif */
+#include <esp_log.h>
+#include <esp_err.h>
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+#define ESP_SDK_TIME_LIB_VERSION 1
+
+static const char* TAG = "time lib";
+
+esp_err_t esp_sdk_time_lib_init(void)
+{
+    int ret = ESP_OK;
+    ESP_LOGI(TAG, "esp_sdk_time_lib_init Ver %d", ESP_SDK_TIME_LIB_VERSION);
+    return ret;
+}
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    #include <time.h>
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+    #if (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR == 1)
+        #define HAS_ESP_NETIF_SNTP 1
+        #include <lwip/apps/sntp.h>
+        #include <esp_netif_sntp.h>
+    #elif (ESP_IDF_VERSION_MAJOR == 5) && (ESP_IDF_VERSION_MINOR > 1)
+        #define HAS_ESP_NETIF_SNTP 1
+        #include <lwip/apps/sntp.h>
+        #include <esp_netif_sntp.h>
+    #else
+        #include <string.h>
+        #include <esp_sntp.h>
+    #endif
+
+#else
+    /* TODO Consider non ESP-IDF environments */
+#endif
+
+/* ESP-IDF uses a 64-bit signed integer to represent time_t
+ * starting from release v5.0
+ * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues)
+ */
+
+/* see gnu TZ-Variable */
+#ifndef TIME_ZONE
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time),
+     *   indicating that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0)
+     *   of November (11)
+     */
+    #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
+#endif /* not defined: TIME_ZONE, so we are setting our own */
+
+#define NTP_RETRY_COUNT 10
+
+/* NELEMS(x) number of elements
+ * To determine the number of elements in the array, we can divide the total
+ * size of the array by the size of the array element.
+ * See https://stackoverflow.com/questions/37538/how-do-i-determine-the-size-of-my-array-in-c
+ **/
+#define NELEMS(x)  ( (int)(sizeof(x) / sizeof((x)[0])) )
+
+/* See also CONFIG_LWIP_SNTP_MAX_SERVERS in sdkconfig */
+#define NTP_SERVER_LIST ( (char*[]) {                        \
+                                     "pool.ntp.org",         \
+                                     "time.nist.gov",        \
+                                     "utcnist.colorado.edu"  \
+                                     }                       \
+                        )
+/* #define NTP_SERVER_COUNT using NELEMS:
+ *
+ *  (int)(sizeof(NTP_SERVER_LIST) / sizeof(NTP_SERVER_LIST[0]))
+ */
+#define NTP_SERVER_COUNT NELEMS(NTP_SERVER_LIST)
+
+#ifndef CONFIG_LWIP_SNTP_MAX_SERVERS
+    /* We should find max value in sdkconfig, if not set it to our count:*/
+    #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT
+#endif
+
+/* When reproducible builds are enabled in ESP-IDF
+ * (starting from version 4.0 and above),
+ * the __DATE__ and __TIME__ macros are deliberately disabled. */
+#ifndef  __DATE__
+    #define YEAR  2024
+    #define MONTH 9
+    #define DAY   25
+#else
+    /* e.g. __DATE__ "Sep 25 2024" */
+    #define YEAR  ( \
+        ((__DATE__)[7]  - '0') * 1000 + \
+        ((__DATE__)[8]  - '0') * 100  + \
+        ((__DATE__)[9]  - '0') * 10   + \
+        ((__DATE__)[10] - '0') * 1      \
+    )
+
+    #define MONTH ( \
+        __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+      : __DATE__[2] == 'b' ? 2 \
+      : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+      : __DATE__[2] == 'y' ? 5 \
+      : __DATE__[2] == 'l' ? 7 \
+      : __DATE__[2] == 'g' ? 8 \
+      : __DATE__[2] == 'p' ? 9 \
+      : __DATE__[2] == 't' ? 10 \
+      : __DATE__[2] == 'v' ? 11 \
+      : 12 \
+    )
+
+    #define DAY ( \
+        ((__DATE__)[4]  - '0') * 10 + \
+        ((__DATE__)[5]  - '0') * 1   \
+    )
+#endif
+
+/* our NTP server list is global info */
+extern char* ntpServerList[NTP_SERVER_COUNT];
+
+char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
+
+/* Show the current date and time */
+int esp_show_current_datetime(void)
+{
+    time_t now;
+    char strftime_buf[64];
+    struct tm timeinfo;
+
+    time(&now);
+    setenv("TZ", TIME_ZONE, 1);
+    tzset();
+
+    localtime_r(&now, &timeinfo);
+    strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
+    ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
+    return ESP_OK;
+}
+
+/* the worst-case scenario is a hard-coded date/time */
+int set_fixed_default_time(void)
+{
+    /* ideally, we'd like to set time from network,
+     * but let's set a default time, just in case */
+    struct tm timeinfo = {
+        .tm_year = YEAR,
+        .tm_mon  = MONTH, /* Month, where 0 = Jan */
+        .tm_mday = DAY,   /* Numeric decimal day of the month */
+        .tm_hour = 13,
+        .tm_min  =  1,
+        .tm_sec  =  5
+    };
+    struct timeval now;
+    time_t interim_time;
+    int ret = -1;
+
+    /* set interim static time */
+    interim_time = mktime(&timeinfo);
+
+    ESP_LOGI(TAG, "Adjusting time from fixed value");
+    now = (struct timeval){ .tv_sec = interim_time };
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    (void)now;
+#else
+    ret = settimeofday(&now, NULL);
+#endif
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
+
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
+    return ret;
+}
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+/* TODO implement time functions for ESP8266 */
+int set_time_from_string(const char* time_buffer)
+{
+    ESP_LOGE(TAG, "set_time_from_string not implemented for ESP8266");
+    return ESP_FAIL;
+}
+
+int set_time(void)
+{
+    ESP_LOGE(TAG, "set_time not implemented for ESP8266");
+    return ESP_FAIL;
+}
+
+int set_time_wait_for_ntp(void)
+{
+    ESP_LOGE(TAG, "set_time_wait_for_ntp not implemented for ESP8266");
+    return ESP_FAIL;
+}
+
+#else
+/* ESP32 Time Helpers */
+
+/* set_time_from_string(s)
+ *
+ * returns 0 = success if able to set the time from the provided string
+ * error for any other value, typically -1 */
+int set_time_from_string(const char* time_buffer)
+{
+    /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
+    const char *format = "%3s %3s %d %d:%d:%d %d %s";
+    struct tm this_timeinfo;
+    struct timeval now;
+    time_t interim_time;
+    int day, year, hour, minute, second;
+    int quote_offset = 0;
+    int ret = 0;
+
+    /* perform some basic sanity checks */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
+        }
+
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
+
+        if (ret == 8) {
+            /* we found a match for all components */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
+    }
+
+    return ret;
+}
+
+/* set time; returns 0 if succecssfully configured with NTP */
+int set_time(void)
+{
+#ifndef NTP_SERVER_COUNT
+    ESP_LOGW(TAG, "Warning: no sntp server names defined. "
+                  "Setting to empty list");
+    #define NTP_SERVER_COUNT 0
+    #warning "NTP not properly configured"
+#endif /* not defined: NTP_SERVER_COUNT */
+
+#ifdef HAS_ESP_NETIF_SNTP
+    #if CONFIG_LWIP_SNTP_MAX_SERVERS > 1
+        esp_sntp_config_t config = ESP_NETIF_SNTP_DEFAULT_CONFIG_MULTIPLE(
+                                       NTP_SERVER_COUNT,
+                                       ESP_SNTP_SERVER_LIST(ntpServerList[0])
+                                   );
+    #else
+        esp_sntp_config_t config =
+            ESP_NETIF_SNTP_DEFAULT_CONFIG(ntpServerList[0]);
+    #endif /* CONFIG_LWIP_SNTP_MAX_SERVERS > 1 */
+#endif /* HAS_ESP_NETIF_SNTP */
+
+    int ret = 0;
+    int i = 0; /* counter for time servers */
+
+    ESP_LOGI(TAG, "Setting the time. Startup time:");
+    esp_show_current_datetime();
+
+#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
+    /* initially set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
+    esp_show_current_datetime();
+
+    ret = -4;
+#else
+    /* otherwise set a fixed time that was hard coded */
+    set_fixed_default_time();
+    esp_show_current_datetime();
+    ret = -3;
+#endif
+
+#ifdef CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
+    config.smooth_sync = true;
+#endif
+
+    if (NTP_SERVER_COUNT) {
+        /* next, let's setup NTP time servers
+         *
+         * see Espressif api-reference system_time (sntp-time-synchronization)
+         *
+         * WARNING: do not set operating mode while SNTP client is running!
+         */
+        /* TODO Consider esp_sntp_setoperatingmode(SNTP_OPMODE_POLL);  */
+        sntp_setoperatingmode(SNTP_OPMODE_POLL);
+        if (NTP_SERVER_COUNT > CONFIG_LWIP_SNTP_MAX_SERVERS) {
+            ESP_LOGW(TAG, "WARNING: %d NTP Servers defined, but "
+                          "CONFIG_LWIP_SNTP_MAX_SERVERS = %d",
+                           NTP_SERVER_COUNT,CONFIG_LWIP_SNTP_MAX_SERVERS);
+        }
+        ESP_LOGI(TAG, "sntp_setservername:");
+        for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) {
+            const char* thisServer = ntpServerList[i];
+            if (strncmp(thisServer, "\x00", 1) == 0) {
+                /* just in case we run out of NTP servers */
+                break;
+            }
+            ESP_LOGI(TAG, "%s", thisServer);
+            sntp_setservername(i, thisServer);
+            ret = ESP_OK;
+        }
+    #ifdef HAS_ESP_NETIF_SNTP
+        ret = esp_netif_sntp_init(&config);
+    #else
+        ESP_LOGW(TAG,"Warning: Consider upgrading ESP-IDF to take advantage "
+                     "of updated SNTP libraries");
+    #endif
+        if (ret == ESP_OK) {
+            ESP_LOGV(TAG, "Successfully called esp_netif_sntp_init");
+        }
+        else {
+            ESP_LOGE(TAG, "ERROR: esp_netif_sntp_init return = %d", ret);
+        }
+
+        sntp_init();
+        switch (ret) {
+            case ESP_ERR_INVALID_STATE:
+                break;
+            default:
+                break;
+        }
+        ESP_LOGI(TAG, "sntp_init done.");
+    }
+    else {
+        ESP_LOGW(TAG, "No sntp time servers found.");
+        ret = -1;
+    }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
+    return ret;
+}
+
+/* wait for NTP to actually set the time */
+int set_time_wait_for_ntp(void)
+{
+    int ret = 0;
+#ifdef HAS_ESP_NETIF_SNTP
+    int ntp_retry = 0;
+    const int ntp_retry_count = NTP_RETRY_COUNT;
+
+    ret = esp_netif_sntp_start();
+
+    ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGE(TAG, "HAS_ESP_NETIF_SNTP not defined");
+#endif /* HAS_ESP_NETIF_SNTP */
+    esp_show_current_datetime();
+
+#ifdef HAS_ESP_NETIF_SNTP
+    while (ret == ESP_ERR_TIMEOUT && (ntp_retry++ < ntp_retry_count)) {
+        ret = esp_netif_sntp_sync_wait(1000 / portTICK_PERIOD_MS);
+        ESP_LOGI(TAG, "Waiting for NTP to sync time... (%d/%d)",
+                       ntp_retry,
+                       ntp_retry_count);
+        esp_show_current_datetime();
+    }
+#endif /* HAS_ESP_NETIF_SNTP */
+
+#ifdef TIME_ZONE
+    setenv("TZ", TIME_ZONE, 1);
+    tzset();
+#endif
+
+    if (ret == ESP_OK) {
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
+        }
+    else {
+        ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
+                      "result = 0x%0x: %s",
+                       ret, esp_err_to_name(ret));
+    }
+    return ret;
+}
+#endif /* ESP32 or ESP8266 time helpers */
+
+#endif /* USE_WOLFSSL_ESP_SDK_TIME */
+#endif /* WOLFSSL_ESPIDF*/
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
new file mode 100644
index 000000000..db7c95435
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
@@ -0,0 +1,471 @@
+/* esp_sdk_wifi_lib.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4
+
+/* Espressif */
+#include "sdkconfig.h" /* programmatically generated from sdkconfig */
+#include <esp_log.h>
+#include <esp_err.h>
+#include <esp_wifi.h>
+
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+#define ESP_SDK_WIFI_LIB_VERSION 1
+
+static const char* TAG = "wifi lib";
+
+esp_err_t esp_sdk_wifi_lib_init(void)
+{
+    int ret = ESP_OK;
+    ESP_LOGI(TAG, "esp_sdk_wifi_lib_init Ver %d", ESP_SDK_WIFI_LIB_VERSION);
+    return ret;
+}
+
+
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR)
+    /* example path set in cmake file */
+#elif ESP_IDF_VERSION_MAJOR > 4
+/*    #include "protocol_examples_common.h" */
+#else
+    const static int CONNECTED_BIT = BIT0;
+    static EventGroupHandle_t wifi_event_group;
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+    #if ESP_IDF_VERSION_MAJOR >= 4
+        /* likely using examples, see wifi_connect.h */
+    #else
+        /* TODO - still supporting pre V4 ? */
+        const static int CONNECTED_BIT = BIT0;
+        static EventGroupHandle_t wifi_event_group;
+    #endif
+    #if (ESP_IDF_VERSION_MAJOR == 5)
+        #define HAS_WPA3_FEATURES
+    #else
+        #undef HAS_WPA3_FEATURES
+    #endif
+#else
+    /* TODO Consider pre IDF v5? */
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+
+#if 0
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+#else
+static void event_handler(void* arg, esp_event_base_t event_base,
+                          int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT) {
+        if (event_id == WIFI_EVENT_STA_START) {
+            esp_wifi_connect();
+            ESP_LOGV(TAG, "Connect event!!");
+        }
+        else {
+            if (event_id == WIFI_EVENT_STA_DISCONNECTED) {
+                if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+                    esp_wifi_connect();
+                    s_retry_num++;
+                    ESP_LOGI(TAG, ">> Retry to connect to the AP");
+                }
+                else {
+                    xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+                }
+                ESP_LOGI(TAG, ">> Connect to the AP fail");
+            } /* WIFI_EVENT_STA_DISCONNECTED */
+            else if(event_id == IP_EVENT_STA_GOT_IP) {
+                ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+                ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->ip_info.ip));
+                s_retry_num = 0;
+                xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+            } /* IP_EVENT_STA_GOT_IP */
+        } /* not WIFI_EVENT_STA_START */
+    } /* event_base == WIFI_EVENT */
+} /* event_handler */
+
+#endif
+esp_err_t esp_sdk_wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID,
+                                               &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP,
+                                               &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes
+     * including WEP/WPA. However these modes are deprecated and not advisable
+     * to be used. In case your Access point doesn't support WPA2, these mode
+     * can be enabled by commenting below line */
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT)
+     * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT).
+     * The bits are set by event_handler()
+     * (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+#if 0
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+#else
+    /* xEventGroupWaitBits() returns the bits before the call returned,
+     * hence we can test which event actually happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "Connected to AP SSID: %s",
+                       EXAMPLE_ESP_WIFI_SSID);
+    }
+    else {
+        if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID: %s, password:%s",
+                       EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+        }
+        else {
+            ESP_LOGE(TAG, "UNEXPECTED EVENT");
+        }
+    }
+
+#endif
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP,
+                                                 &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID,
+                                                 &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
+/* event handler for wifi events */
+static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
+{
+    switch (event->event_id)
+    {
+    case SYSTEM_EVENT_STA_START:
+        esp_wifi_connect();
+        break;
+    case SYSTEM_EVENT_STA_GOT_IP:
+    #if ESP_IDF_VERSION_MAJOR >= 4
+        ESP_LOGI(TAG, "got ip:" IPSTR "\n",
+                 IP2STR(&event->event_info.got_ip.ip_info.ip));
+    #else
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
+    #endif
+        /* see Espressif api-reference freertos_idf */
+        xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
+        break;
+    case SYSTEM_EVENT_STA_DISCONNECTED:
+        esp_wifi_connect();
+        xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
+        break;
+    default:
+        break;
+    }
+    return ESP_OK;
+}
+#else
+
+#ifdef CONFIG_ESP_MAXIMUM_RETRY
+    #define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+#else
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+
+#if CONFIG_ESP_WIFI_AUTH_OPEN
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN
+#elif CONFIG_ESP_WIFI_AUTH_WEP
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WEP
+#elif CONFIG_ESP_WIFI_AUTH_WPA_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA2_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA_WPA2_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA_WPA2_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA3_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA3_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WPA2_WPA3_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WPA2_WPA3_PSK
+#elif CONFIG_ESP_WIFI_AUTH_WAPI_PSK
+#define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_WAPI_PSK
+#endif
+
+#ifndef ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD
+    #define CONFIG_ESP_WIFI_AUTH_WPA2_PSK 1
+    #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD CONFIG_ESP_WIFI_AUTH_WPA2_PSK
+#endif
+
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+
+/* The event group allows multiple bits for each event,
+ * but we only care about two events:
+ *   - we are connected to the AP with an IP
+ *   - we failed to connect after the maximum amount of retries */
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+
+
+static int s_retry_num = 0;
+ip_event_got_ip_t* event;
+
+
+static void event_handler(void* arg,
+                          esp_event_base_t event_base,
+                          int32_t event_id,
+                          void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    }
+    else if (event_base == WIFI_EVENT &&
+             event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        }
+        else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG, "connect to the AP fail");
+    }
+    else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        event = (ip_event_got_ip_t*) event_data;
+        /* wifi_show_ip(); */
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+esp_err_t wc_wifi_init_sta(void)
+{
+    esp_err_t ret = ESP_OK;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    ESP_ERROR_CHECK(esp_netif_init());
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+    esp_netif_create_default_wifi_sta();
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    esp_event_handler_instance_t instance_any_id;
+    esp_event_handler_instance_t instance_got_ip;
+    ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT,
+                                                        ESP_EVENT_ANY_ID,
+                                                        &event_handler,
+                                                        NULL,
+                                                        &instance_any_id));
+    ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT,
+                                                        IP_EVENT_STA_GOT_IP,
+                                                        &event_handler,
+                                                        NULL,
+                                                        &instance_got_ip));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS,
+            /* Authmode threshold resets to WPA2 as default if password matches
+             * WPA2 standards (password len => 8). If you want to connect the
+             * device to deprecated WEP/WPA networks, Please set the threshold
+             * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
+             * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
+             * standards. */
+            .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD,
+        #ifdef HAS_WPA3_FEATURES
+            .sae_pwe_h2e = WPA3_SAE_PWE_BOTH,
+        #endif
+        },
+    };
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+
+#ifdef CONFIG_EXAMPLE_WIFI_SSID
+    if (XSTRCMP(CONFIG_EXAMPLE_WIFI_SSID, "myssid") == 0) {
+        ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID is \"myssid\".");
+        ESP_LOGW(TAG, "  Do you have a WiFi AP called \"myssid\", ");
+        ESP_LOGW(TAG, "  or did you forget the ESP-IDF configuration?");
+    }
+#else
+    ESP_LOGW(TAG, "WARNING: CONFIG_EXAMPLE_WIFI_SSID not defined.");
+#endif
+
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished.");
+
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT)
+     * or connection failed for the maximum number of re-tries (WIFI_FAIL_BIT).
+     * The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    /* xEventGroupWaitBits() returns the bits before the call returned,
+     * hence we can test which event actually happened. */
+#if defined(SHOW_SSID_AND_PASSWORD)
+    ESP_LOGW(TAG, "Undefine SHOW_SSID_AND_PASSWORD to not show SSID/password");
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s password:%s",
+                       EXAMPLE_ESP_WIFI_SSID,
+                       EXAMPLE_ESP_WIFI_PASS);
+    }
+    else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                       EXAMPLE_ESP_WIFI_SSID,
+                       EXAMPLE_ESP_WIFI_PASS);
+    }
+    else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+#else
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "Connected to AP");
+    }
+    else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to AP");
+        ret = -1;
+    }
+    else {
+        ESP_LOGE(TAG, "AP UNEXPECTED EVENT");
+        ret = -2;
+    }
+#endif
+    return ret;
+}
+
+esp_err_t wc_wifi_show_ip(void)
+{
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
+}
+
+#endif
+
+
+#endif /* USE_WOLFSSL_ESP_SDK_WIFI */
+#endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index 00deff3df..5e81b2f42 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -1,6 +1,6 @@
 /* renesas_common.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,39 +19,50 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \
-    || defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \
-    || defined(WOLFSSL_RENESAS_TSIP_TLS) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
+    defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
-  #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
-  #define cmn_hw_lock    wc_fspsm_hw_lock
-  #define cmn_hw_unlock  wc_fspsm_hw_unlock
-#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-  #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
-  #define cmn_hw_lock    tsip_hw_lock
-  #define cmn_hw_unlock  tsip_hw_unlock
 
-  #define FSPSM_ST       TsipUserCtx;
-  #define MAX_FSPSM_CBINDEX 5
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+    #define cmn_hw_lock    wc_fspsm_hw_lock
+    #define cmn_hw_unlock  wc_fspsm_hw_unlock
+
+#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #define cmn_hw_lock    tsip_hw_lock
+    #define cmn_hw_unlock  tsip_hw_unlock
+
+    #define FSPSM_ST       TsipUserCtx;
+    #define MAX_FSPSM_CBINDEX 5
 #endif
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/asn.h>
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #include <wolfssl/internal.h>
+#endif
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/port/renesas/renesas_cmn.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
+
+#define INITIAL_DEVID 7890
 
 uint32_t   g_CAscm_Idx = (uint32_t)-1; /* index of CM table    */
-static int gdevId = 7890;           /* initial dev Id for Crypt Callback */
+static int gdevId = INITIAL_DEVID;     /* initial dev Id for Crypt Callback */
 
 #ifdef WOLF_CRYPTO_CB
 /* store callback ctx by devId */
@@ -59,7 +70,7 @@ static int gdevId = 7890;           /* initial dev Id for Crypt Callback */
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 FSPSM_ST    *gCbCtx[MAX_FSPSM_CBINDEX];
 #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-	    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 #define FSPSM_ST       TsipUserCtx;
 #define MAX_FSPSM_CBINDEX 5
 TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
@@ -68,7 +79,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
 #include <wolfssl/wolfcrypt/cryptocb.h>
 
 
-WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
+WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
 {
     int ret = 0;
     WOLFSSL_ENTER("Renesas_cmn_Cleanup");
@@ -89,7 +100,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
                                 const unsigned char* keyDer, unsigned int keySz,
                                 void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     WOLFSSL_ENTER("Renesas_cmn_RsaSignCb");
 
     /* This is just a stub function that provides no logic */
@@ -108,14 +119,12 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl,
                                 const unsigned char* keyDer, unsigned int keySz,
                                 void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb");
 
-    #if defined(WOLFSSL_RENESAS_TSIP)
-
-    return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
-
-    #endif /* WOLFSSL_RENESAS_TSIP */
+#if defined(WOLFSSL_RENESAS_TSIP)
+    ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
+#endif /* WOLFSSL_RENESAS_TSIP */
 
     WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret);
     return ret;
@@ -127,7 +136,7 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
                                 const unsigned char* keyDer, unsigned int keySz,
                                 void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     WOLFSSL_ENTER("Renesas_cmn_EccSignCb");
 
     /* This is just a stub function that provides no logic */
@@ -147,33 +156,35 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
  */
 static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and use SW */
 
     WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb");
 
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-    TsipUserCtx*      cbInfo = (TsipUserCtx*)ctx;
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+    TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
-        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
     FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
 #endif
 
     if (info == NULL || ctx == NULL)
         return BAD_FUNC_ARG;
 
-#ifdef DEBUG_WOLFSSL
+#if defined(DEBUG_WOLFSSL)
     printf("CryptoDevCb: Algo Type %d session key set: %d\n",
                                     info->algo_type, cbInfo->session_key_set);
 #endif
+#if defined(DEBUG_CRYPTOCB)
+    wc_CryptoCb_InfoString(info);
+#endif
 
-#if defined(WOLFSSL_RENESAS_TSIP) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#if defined(WOLFSSL_RENESAS_TSIP) || \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
     ret = CRYPTOCB_UNAVAILABLE;
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
-
-    #if !defined(NO_AES) || !defined(NO_DES3)
+    #if !defined(NO_AES)
     #ifdef HAVE_AESGCM
         if (info->cipher.type == WC_CIPHER_AES_GCM
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
@@ -236,44 +247,70 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
             }
         }
     #endif /* HAVE_AES_CBC */
-    #endif /* !NO_AES || !NO_DES3 */
+    #endif /* !NO_AES */
     }
-    #if defined(WOLFSSL_KEY_GEN)
-    if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
-            (info->pk.rsakg.size == 1024 ||
-            info->pk.rsakg.size == 2048)) {
-        ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
-    }
-  #endif
 
-    /* Is called for signing
-     * Can handle only RSA PkCS#1v1.5 padding scheme here.
-    */
     if (info->algo_type == WC_ALGO_TYPE_PK) {
-        #if !defined(NO_RSA)
-        if (info->pk.type == WC_PK_TYPE_RSA) {
-            if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
-                ret = tsip_SignRsaPkcs(info, ctx);
-            }
-            #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-            else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
-                    ret = wc_tsip_RsaVerifyPkcs(info, ctx);
-            }
+    #if !defined(NO_RSA)
+    #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
+            ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
+        }
+    #endif
+        /* tsip only supports PKCSV15 padding scheme */
+        if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
+            RsaPadding* pad = info->pk.rsa.padding;
+            if (pad && pad->pad_value == RSA_BLOCK_TYPE_1) {
+                /* sign / verify */
+                if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT ||
+                    info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
+                    ret = tsip_SignRsaPkcs(info, cbInfo);
+                }
+            #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+                else {
+                    ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
+                }
             #endif
+            }
+        #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+            else if (pad && pad->pad_value == RSA_BLOCK_TYPE_2) {
+                /* encrypt/decrypt */
+                ret = wc_tsip_RsaFunction(info, cbInfo);
+            }
+        #endif
         }
-        #endif /* NO_RSA */
-        #if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
-        else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
-            ret = tsip_SignEcdsa(info, ctx);
+        if (info->pk.type == WC_PK_TYPE_RSA_GET_SIZE) {
+            if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA2048) {
+                *info->pk.rsa_get_size.keySize = 256;
+                ret = 0;
+            }
+        #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+            else if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA1024) {
+                *info->pk.rsa_get_size.keySize = 128;
+                ret = 0;
+            }
+        #endif
         }
-        #endif /* HAVE_ECC */
+    #endif /* !NO_RSA */
+    #if defined(HAVE_ECC)
+        #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+        if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
+            ret = tsip_SignEcdsa(info, cbInfo);
+        }
+        #endif
+        #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
+            ret = tsip_VerifyEcdsa(info, cbInfo);
+        }
+        #endif
+    #endif /* HAVE_ECC */
     }
-#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
-        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+
+#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
-
-    #if !defined(NO_AES) || !defined(NO_DES3)
+    #if !defined(NO_AES)
     #ifdef HAVE_AESGCM
         if (info->cipher.type == WC_CIPHER_AES_GCM) {
 
@@ -342,27 +379,32 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 }
         }
     #endif /* HAVE_AES_CBC */
-    #endif /* !NO_AES || !NO_DES3 */
+    #endif /* !NO_AES */
     }
-    #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
-    else if (info->algo_type == WC_ALGO_TYPE_PK) {
 
-       #if !defined(NO_RSA)
-       #if defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+    else if (info->algo_type == WC_ALGO_TYPE_PK) {
+    #if defined(WOLFSSL_KEY_GEN)
         if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
             (info->pk.rsakg.size == 1024 ||
              info->pk.rsakg.size == 2048)) {
             ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
                     info->pk.rsakg.size, (void*)ctx);
         }
-       #endif
+    #endif
         if (info->pk.type == WC_PK_TYPE_RSA) {
             /* to perform RSA on SCE, wrapped keys should be installed
              * in advance. SCE supports 1024 or 2048 bits key size.
              * otherwise, falls-through happens.
              */
-            if (info->pk.rsa.key->ctx.keySz == 1024 ||
-                info->pk.rsa.key->ctx.keySz == 2048) {
+            if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) {
+
+                ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo);
+                if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                    return ret;
 
                 if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
                     info->pk.rsa.type == RSA_PUBLIC_ENCRYPT  )
@@ -370,7 +412,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                         ret = wc_fspsm_RsaFunction(info->pk.rsa.in,
                                         info->pk.rsa.inLen,
                                         info->pk.rsa.out,
-                                        &info->pk.rsa.outLen,
+                                        info->pk.rsa.outLen,
                                         info->pk.rsa.type,
                                         info->pk.rsa.key,
                                         info->pk.rsa.rng);
@@ -400,9 +442,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     "RSA operation falls through to SW operation.");
             }
         }
-       #endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
     }
-    #endif /* NO_RSA */
+    #endif /* !NO_RSA */
 #endif /* TSIP or SCE */
 
     (void)devIdArg;
@@ -418,17 +459,20 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
  * session_key_generated : if session key has been generated
  * return  1 for usable, 0 for unusable
  */
-int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
+int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
 {
-    int ret;
+    int ret = 0;
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         ret = tsip_usable(ssl, session_key_generated);
     #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
-            defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+          defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
         ret = wc_fspsm_usable(ssl, session_key_generated);
     #endif
 
+    (void)ssl;
+    (void)session_key_generated;
+
     return ret;
 }
 
@@ -436,13 +480,13 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
  * Get Callback ctx by devId
  *
  * devId   : devId to get its CTX
- * return  asocciated CTX when the method is successfully called.
+ * return  associated CTX when the method is successfully called.
  *         otherwise, NULL
  */
 WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
 {
-    if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890))
-        return gCbCtx[devId - 7890];
+    if (devId >= INITIAL_DEVID && devId <= (MAX_FSPSM_CBINDEX + INITIAL_DEVID))
+        return gCbCtx[devId - INITIAL_DEVID];
     else
         return NULL;
 }
@@ -456,13 +500,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
  *         device Id starts from 7890, and increases + 1 its number
  *         when the method is successfully called.
  */
-int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
+int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
 {
     (void)ssl;
     (void)ctx;
 
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) \
-    || defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
+     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
  #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
@@ -470,18 +514,21 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
  #endif
 
     if (cbInfo == NULL
-   #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\
+   #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
         !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
-       !defined(HAVE_RENESAS_SYNC)
-        || ssl == NULL) {
-   #else
-     ) {
+        !defined(HAVE_RENESAS_SYNC)
+        || ssl == NULL
    #endif
-        printf("Invalid devId\n");
+    ) {
+        WOLFSSL_MSG("Invalid devId\n");
         return INVALID_DEVID;
     }
     /* need exclusive control because of static variable */
     if ((cmn_hw_lock()) == 0) {
+        /* sanity check for overflow */
+        if (gdevId < 0) {
+            gdevId = INITIAL_DEVID;
+        }
         cbInfo->devId = gdevId++;
         cmn_hw_unlock();
     }
@@ -503,12 +550,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
     if (ssl)
         wolfSSL_SetDevId(ssl, cbInfo->devId);
    #endif
-    /* sanity check for overflow */
-    if (gdevId < 0) {
-        gdevId = 7890;
-    }
 
-    gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo;
+    gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo;
 
     return cbInfo->devId;
 }
@@ -526,8 +569,8 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
 }
 
 #endif /* WOLF_CRYPTO_CB */
-#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY
-          WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY
+          WOLFSSL_RENESAS_TSIP_TLS  || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
 
@@ -799,7 +842,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
     WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
     if (Renesas_cmn_usable(ssl, 0)) {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-        ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
+        ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
         ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
 #endif
@@ -876,7 +919,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
  */
 WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(struct WOLFSSL* ssl, void* ctx)
 {
-    int ret = WOLFSSL_NOT_IMPLEMENTED;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_NOT_IMPLEMENTED);
 
     (void) ret;
     (void) ctx;
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
index cb0535735..e25afa43c 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -72,7 +72,7 @@ typedef fsp_err_t (*aesGcmDecFinalFn)
 
 #if defined(WOLFSSL_RENESAS_RSIP)
 /* wrapper for Gcm encrypt init */
-static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h, 
+static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h,
                                         FSPSM_AES_PWKEY k, uint8_t* iv,
                                         uint32_t iv_l)
 {
@@ -81,8 +81,8 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h,
                                             (uint8_t* const)iv, iv_l);
 }
 /* wrapper for Gcm encrypt update */
-static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h, 
-        uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length, 
+static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h,
+        uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length,
         uint8_t* p_add, uint32_t add_len)
 {
     (void) h;
@@ -93,8 +93,8 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h,
                                       (uint32_t const) add_len);
 }
 /* wrapper for Gcm encrypt final */
-static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h, 
-                                        uint8_t* p_cipher, uint32_t* c_len, 
+static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h,
+                                        uint8_t* p_cipher, uint32_t* c_len,
                                         uint8_t* p_atag)
 {
     (void) h;
@@ -103,7 +103,7 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h,
                                       (uint8_t* const) p_atag);
 }
 /* wrapper for Gcm decrypt init */
-static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h, 
+static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h,
                                 FSPSM_AES_PWKEY k, uint8_t* iv, uint32_t iv_l)
 {
     (void) h;
@@ -111,8 +111,8 @@ static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h,
                                                     (uint8_t* const)iv, iv_l);
 }
 /* wrapper for Gcm decrypt update */
-static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h, 
-        uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length, 
+static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h,
+        uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length,
         uint8_t* p_add, uint32_t add_len)
 {
     (void) h;
@@ -123,8 +123,8 @@ static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h,
                                       (uint32_t const) add_len);
 }
 /* wrapper for Gcm decrypt final */
-static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h, 
-                                        uint8_t* p_plain, uint32_t* plain_len, 
+static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h,
+                                        uint8_t* p_plain, uint32_t* plain_len,
                                         uint8_t* p_atag, uint32_t atag_len)
 {
     (void) h;
@@ -241,9 +241,9 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
     FSPSM_AES_PWKEY      key_client_aes = NULL;
     FSPSM_AES_PWKEY      key_server_aes = NULL;
     (void) key_server_aes;
-    
+
     /* sanity check */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -275,14 +275,14 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
         /* allocate buffers for plain text, cipher text and authTag to make sure
          * those buffers 32bit aligned as SCE requests.
          */
-         delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
-                             (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE));
+         delta = ((sz % WC_AES_BLOCK_SIZE) == 0) ? 0 :
+                             (byte)(WC_AES_BLOCK_SIZE - (sz % WC_AES_BLOCK_SIZE));
         plainBuf  = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
         cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
         aTagBuf   = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
                                                         DYNAMIC_TYPE_AES);
 
-        if ((sz > 0 && plainBuf == NULL) || 
+        if ((sz > 0 && plainBuf == NULL) ||
             ((sz + delta) > 0 && cipherBuf == NULL) || aTagBuf == NULL) {
             WOLFSSL_MSG("wc_fspsm_AesGcmEncrypt: buffer allocation failed");
             ret = -1;
@@ -293,7 +293,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
             XMEMSET((void*)cipherBuf, 0, sz + delta);
             XMEMSET((void*)authTag,   0, authTagSz);
         }
-        
+
       #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
        if (ret == 0 &&
            info->keyflgs_tls.bits.session_key_set == 1) {
@@ -301,16 +301,16 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
              * Aes.ctx.tsip_keyIdx is not used here.
              */
             key_client_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             if (key_client_aes == NULL || key_server_aes == NULL) {
                 XFREE(plainBuf,  aes->heap, DYNAMIC_TYPE_AES);
                 XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
                 XFREE(aTagBuf,   aes->heap, DYNAMIC_TYPE_AES);
                 return MEMORY_E;
             }
-            
+
             ret = FSPSM_SESSIONKEY_GEN_FUNC(
                     info->cipher,
                     (uint32_t*)info->masterSecret,
@@ -371,7 +371,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
                 */
                 dataLen = 0;
                 ret = finalFn(&_handle,
-                           cipherBuf + (sz + delta - AES_BLOCK_SIZE),
+                           cipherBuf + (sz + delta - WC_AES_BLOCK_SIZE),
                               &dataLen,
                               aTagBuf);
 
@@ -452,7 +452,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
     FSPSM_AES_PWKEY      key_server_aes = NULL;
     (void) key_client_aes;
     /* sanity check */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -482,8 +482,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
        /* allocate buffers for plain-text, cipher-text, authTag and AAD.
          * TSIP requests those buffers 32bit aligned.
          */
-         delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
-                            (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE));
+         delta = ((sz % WC_AES_BLOCK_SIZE) == 0) ? 0 :
+                            (byte)(WC_AES_BLOCK_SIZE - (sz % WC_AES_BLOCK_SIZE));
         cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
         plainBuf  = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
         aTagBuf   = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
@@ -505,16 +505,16 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
              * Aes.ctx.tsip_keyIdx is not used here.
              */
             key_client_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             if (key_client_aes == NULL || key_server_aes == NULL) {
                 XFREE(plainBuf,  aes->heap, DYNAMIC_TYPE_AES);
                 XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
                 XFREE(aTagBuf,   aes->heap, DYNAMIC_TYPE_AES);
                 return MEMORY_E;
             }
-            
+
             ret = FSPSM_SESSIONKEY_GEN_FUNC(
                     info->cipher,
                     (uint32_t*)info->masterSecret,
@@ -547,7 +547,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
                 ret = -1;
             }
         }
-        
+
         if (ret == 0) {
             /* since key_index has iv and ivSz in it, no need to pass them init
              * func. Pass NULL and 0 as 3rd and 4th parameter respectively.
@@ -571,7 +571,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
             if (ret == FSP_SUCCESS) {
                 dataLen = 0;
                 ret = finalFn(&_handle,
-                                  plainBuf + (sz + delta - AES_BLOCK_SIZE),
+                                  plainBuf + (sz + delta - WC_AES_BLOCK_SIZE),
                             &dataLen,
                             aTagBuf,
                             min(16, authTagSz));
@@ -620,7 +620,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
 {
     FSPSM_AES_HANDLE _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -656,13 +656,13 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
 
         if (aes->ctx.keySize == 16)
             ret = FSPSM_AES128CBCEnc_Up(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = FSPSM_AES256CBCEnc_Up(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == FSP_SUCCESS) {
@@ -694,7 +694,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
 {
     FSPSM_AES_HANDLE _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -727,13 +727,13 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
 
         if (aes->ctx.keySize == 16)
             ret = FSPSM_AES128CBCDec_Up(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = FSPSM_AES256CBCDec_Up(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == FSP_SUCCESS) {
@@ -769,7 +769,7 @@ WOLFSSL_LOCAL void wc_fspsm_Aesfree(Aes* aes)
     }
 #else
     if (aes->ctx.wrapped_key) {
-        /* aes ctx just points user created wrapped key 
+        /* aes ctx just points user created wrapped key
          * in the case of CryptOnly Mode
          * therefore, it just sets pointing to NULL.
          * user key should be freed by owner(user)
@@ -785,8 +785,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
 {
     (void) userKey;
     (void) dir;
-    
-    if (aes == NULL || userKey == NULL || 
+
+    if (aes == NULL || userKey == NULL ||
             !((keylen == 16) || (keylen == 32))) {
         return BAD_FUNC_ARG;
     }
@@ -795,7 +795,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         return BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
 
@@ -806,7 +807,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)userKey;
     aes->keylen = (int)keylen;
     aes->ctx.keySize = keylen;
-    
+
     return wc_AesSetIV(aes, iv);
 }
 #endif
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
index 5db4435d5..bd38b75ef 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@
 extern FSPSM_INSTANCE   gFSPSM_ctrl;
 #endif
 
-/* Set Ctx pointer to NULL. 
+/* Set Ctx pointer to NULL.
  * A created wrapped key should be freed by user
  *
  * key    RsaKey object
@@ -67,7 +67,7 @@ WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key)
 /* Set Rsa key by pre-created wrapped user key
  *
  * key    RsaKey object
- * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * size   desired key length, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
@@ -99,6 +99,33 @@ WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(RsaKey *key, int size, void* ctx)
         key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048;
         key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048;
         key->ctx.keySz = 2048;
+    } else if (size == 0) {
+        if((info->keyflgs_crypt.bits.rsapri2048_installedkey_set != 1) &&
+           (info->keyflgs_crypt.bits.rsapub2048_installedkey_set != 1) &&
+           (info->keyflgs_crypt.bits.rsapri1024_installedkey_set != 1) &&
+           (info->keyflgs_crypt.bits.rsapub1024_installedkey_set != 1)) {
+                WOLFSSL_MSG("Caller should create user key in advance.");
+                WOLFSSL_MSG("Caller also need to installedkey to 1.");
+                return BAD_FUNC_ARG;
+        }
+
+        if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1) {
+            key->ctx.wrapped_pri1024_key = info->wrapped_key_rsapri1024;
+            key->ctx.keySz = 1024;
+        }
+        if (info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1) {
+            key->ctx.wrapped_pub1024_key = info->wrapped_key_rsapub1024;
+            key->ctx.keySz = 1024;
+        }
+
+        if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1) {
+            key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048;
+            key->ctx.keySz = 2048;
+        }
+        if (info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1) {
+            key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048;
+            key->ctx.keySz = 2048;
+        }
     } else
         return CRYPTOCB_UNAVAILABLE;
 
@@ -122,23 +149,22 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
                     struct WC_RNG* rng)
 {
     int ret;
-    
+
     FSPSM_RSA_DATA plain;
     FSPSM_RSA_DATA cipher;
-    
+
     int keySize;
-    
+
     (void) key;
     (void) rng;
-    
+
     /* sanity check */
-    if (in == NULL || out == NULL ||
-      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
+    if (in == NULL || out == NULL || key == NULL){
         return BAD_FUNC_ARG;
     }
-    
+
     keySize = (int)key->ctx.keySz;
-    
+
     if (keySize == 0) {
         WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
                                                         "1024 or 2048 bits.");
@@ -147,7 +173,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
 
     if ((ret = wc_fspsm_hw_lock()) == 0) {
         if (type == RSA_PUBLIC_ENCRYPT) {
-            
+
             plain.pdata = (byte*)in;
             plain.data_length = inLen;
             cipher.pdata = out;
@@ -169,7 +195,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
             plain.data_length = *outLen;
             cipher.pdata = (byte*)in;
             cipher.data_length = inLen;
-            
+
             if (keySize == 1024) {
                 ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain,
                             (FSPSM_RSA1024_WPI_KEY*)
@@ -181,7 +207,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
                                 key->ctx.wrapped_pri2048_key, &outLen);
             }
         }
-        
+
         wc_fspsm_hw_unlock();
     }
     return ret;
@@ -189,7 +215,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
 
 /* Perform Rsa sign by FSP SM
  * Assumes to be called by Crypt Callback
- * 
+ *
  * in     Buffer to hold plaintext
  * inLen  Length of plaintext in bytes
  * out    Buffer to hold generated signature
@@ -198,40 +224,40 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
  * ctx    The callback context
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
- 
+
 WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
                     word32* outLen, struct RsaKey* key, void* ctx)
 {
     int ret;
-    
+
     FSPSM_RSA_DATA message_hash;
     FSPSM_RSA_DATA signature;
     FSPSM_ST    *info = (FSPSM_ST*)ctx;
     int keySize;
-    
+
     /* sanity check */
-    if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL ||
-      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
+    if (in == NULL || out == NULL || *outLen <= 0 || info == NULL ||
+       key == NULL){
         return BAD_FUNC_ARG;
     }
-    
+
     keySize = (int)key->ctx.keySz;
-    
+
     message_hash.pdata = (byte *)in;
     message_hash.data_length = inLen;
-    message_hash.data_type = 
+    message_hash.data_type =
             info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
     signature.pdata = out;
     signature.data_length = (word32*)outLen;
-    
+
     #if defined(WOLFSSL_RENESAS_RSIP)
-    message_hash.hash_type = signature.hash_type = 
+    message_hash.hash_type = signature.hash_type =
                 info->hash_type;   /* hash type */
     #endif
-    
+
     if ((ret = wc_fspsm_hw_lock()) == 0) {
         if (keySize == 1024) {
-            
+
             ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash,
                         &signature,
                         (FSPSM_RSA1024_WPI_KEY *)
@@ -239,23 +265,23 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
                         HW_SCE_RSA_HASH_SHA256);
         }
         else {
-            
+
             ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash,
                         &signature,
                         (FSPSM_RSA2048_WPI_KEY *)
                                     key->ctx.wrapped_pri2048_key,
                         HW_SCE_RSA_HASH_SHA256);
         }
-        
+
         wc_fspsm_hw_unlock();
     }
-    
+
     return ret;
 }
 
 /* Perform Rsa verify by FSP SM
  * Assumes to be called by Crypt Callback
- * 
+ *
  * in     Buffer to hold plaintext
  * inLen  Length of plaintext in bytes
  * out    Buffer to hold generated signature
@@ -264,40 +290,40 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
  * ctx    The callback context
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
- 
+
 WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
                     word32* outLen,struct RsaKey* key, void* ctx)
 {
     int ret;
-    
+
     FSPSM_RSA_DATA message_hash;
     FSPSM_RSA_DATA signature;
     FSPSM_ST    *info = (FSPSM_ST*)ctx;
     int keySize;
-    
+
     (void) key;
-    
+
     /* sanity check */
-    if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL ||
-      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
+    if (in == NULL || out == NULL || *outLen <= 0 || info == NULL ||
+       key == NULL){
         return BAD_FUNC_ARG;
     }
-    
+
     keySize = (int)key->ctx.keySz;
-    
-    
+
+
     message_hash.pdata =(byte*)in;
     message_hash.data_length = inLen;
-    message_hash.data_type = 
+    message_hash.data_type =
             info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
-    
+
     signature.pdata = out;
-    signature.data_length = (word32*)outLen;
+    signature.data_length = (word32)*outLen;
     #if defined(WOLFSSL_RENESAS_RSIP)
-    message_hash.hash_type = signature.hash_type = 
+    message_hash.hash_type = signature.hash_type =
                 info->hash_type;   /* hash type */
     #endif
-    
+
     if ((ret = wc_fspsm_hw_lock()) == 0) {
         if (keySize == 1024) {
             ret = FSPSM_RSA1024_VRY_FUNC(&signature,
@@ -307,7 +333,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
                   HW_SCE_RSA_HASH_SHA256);
         }
         else {
-                ret = FSPSM_RSA2048_VRY_FUNC(&signature, 
+                ret = FSPSM_RSA2048_VRY_FUNC(&signature,
                     &message_hash,
                     (FSPSM_RSA2048_WPB_KEY *)
                          key->ctx.wrapped_pub2048_key,
@@ -315,7 +341,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
         }
         wc_fspsm_hw_unlock();
     }
-    
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
index 52df6da3d..dc6612595 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,10 +100,8 @@ static void FSPSM_HashFree(wolfssl_FSPSM_Hash* hash)
         return;
 
 #if defined(WOLFSSL_RENESAS_SCEPROTECT)
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
 #endif
 
 }
@@ -149,14 +147,14 @@ static int FSPSM_HashInit(wolfssl_FSPSM_Hash* hash, void* heap, int devId,
     XMEMSET(hash, 0, sizeof(wolfssl_FSPSM_Hash));
     hash->sha_type = sha_type;
     hash->heap = heap;
-    
+
 #if defined(WOLFSSL_RENESAS_SCEPROTECT)
     hash->len  = 0;
     hash->used = 0;
     hash->msg  = NULL;
-    
+
 #elif defined(WOLFSSL_RENESAS_RSIP)
-    
+
     switch(hash->sha_type) {
     case FSPSM_SHA1:
         Init = FSPSM_SHA1_Init;
@@ -244,7 +242,7 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
     XMEMCPY(hash->msg + hash->used, data , sz);
     hash->used += sz;
 #elif defined(WOLFSSL_RENESAS_RSIP)
-    
+
     switch(hash->sha_type) {
     case FSPSM_SHA1:
         Update = FSPSM_SHA1_Up;
@@ -271,7 +269,7 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
         return BAD_FUNC_ARG;
     }
     wc_fspsm_hw_lock();
-    ret = Update(&hash->handle, data, sz);
+    ret = Update(&hash->handle, (byte*)data, sz);
     wc_fspsm_hw_unlock();
     return ret;
 #endif
@@ -309,7 +307,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         Final = FSPSM_SHA256_Final;
     } else
         return BAD_FUNC_ARG;
-    
+
     wc_fspsm_hw_lock();
 
     if (Init(&handle) == FSP_SUCCESS) {
@@ -328,7 +326,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         }
     }
     wc_fspsm_hw_unlock();
-    
+
 #elif defined(WOLFSSL_RENESAS_RSIP)
     switch(hash->sha_type) {
     case FSPSM_SHA1:
@@ -355,7 +353,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
     default:
         return BAD_FUNC_ARG;
     }
-    
+
     wc_fspsm_hw_lock();
     ret = Final(&hash->handle, out, (uint32_t*)&sz);
     if (ret != FSP_SUCCESS) {
@@ -380,7 +378,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
     fsp_err_t (*Final )(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t*);
     uint32_t sz = 0;
     (void) outSz;
-    
+
 #if defined(WOLFSSL_RENESAS_SCEPROTECT)
     FSPSM_SHA_HANDLE handle;
     fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
@@ -401,7 +399,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         Final = FSPSM_SHA256_Final;
     } else
         return BAD_FUNC_ARG;
-    
+
     wc_fspsm_hw_lock();
     if (Init(&handle) == FSP_SUCCESS) {
         ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
@@ -419,7 +417,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         }
     }
     wc_fspsm_hw_unlock();
-    
+
 #elif defined(WOLFSSL_RENESAS_RSIP)
     switch(hash->sha_type) {
     case FSPSM_SHA1:
@@ -446,8 +444,8 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
     default:
         return BAD_FUNC_ARG;
     }
-    
-    
+
+
     if(FSPSM_HashCopy(hash, &hashCopy) != 0) {
         WOLFSSL_MSG("ShaCopy operation failed");
         WOLFSSL_ERROR(WC_HW_E);
@@ -461,7 +459,7 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         ret = WC_HW_E;
     }
     wc_fspsm_hw_unlock();
-    
+
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
index 1ecf750ea..2300d21a5 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_util.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,8 +18,12 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#include <wolfssl/wolfcrypt/types.h>
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/types.h>
 
 #if defined(WOLFSSL_RENESAS_RSIP) || \
     defined(WOLFSSL_RENESAS_SCEPROTECT)
@@ -52,7 +56,7 @@ extern FSPSM_CONFIG     gFSPSM_cfg;
 #endif
 
 #if defined(WOLFSSL_RENESAS_FSPSM_ECC)
-WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo;
+WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo;
 #endif
 
 
@@ -135,7 +139,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open()
         if (ret != FSP_SUCCESS) {
             WOLFSSL_MSG("RENESAS SCE Open failed");
         }
-        
+
     #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
         if (ret == FSP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
 
@@ -184,11 +188,11 @@ WOLFSSL_LOCAL void wc_fspsm_Close()
 }
 
 #define RANDGEN_WORDS  4
-WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz) 
+WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
 {
     /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
     int ret = 0;
-    word32 buffer[RANDGEN_WORDS];
+    word32 fspbuf[RANDGEN_WORDS];
 
     while (sz > 0) {
         word32 len = sizeof(buffer);
@@ -197,9 +201,9 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
             len = sz;
         }
         /* return 4 words random number*/
-        ret = R_RANDOM_GEN(buffer);
+        ret = R_RANDOM_GEN((uint8_t* const)fspbuf);
         if(ret == FSP_SUCCESS) {
-            XMEMCPY(output, &buffer, len);
+            XMEMCPY(output, &fspbuf, len);
             output += len;
             sz -= len;
          } else {
@@ -332,7 +336,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
     }
 
     if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL,
-                                                  DYNAMIC_TYPE_TEMP)) == NULL) {
+                                                  DYNAMIC_TYPE_TMP_BUFFER)) == NULL) {
         WOLFSSL_MSG("failed to malloc memory");
         return MEMORY_E;
     }
@@ -367,8 +371,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
 
     ret = fspsm_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
 
-    if (sigforSCE)
-        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
+    XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (ret == WOLFSSL_SUCCESS) {
         *result = 1;
@@ -384,7 +387,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
-    
+
 /* Callback for ECC shared secret */
 WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         uint8_t* pubKeyDer, unsigned int* pubKeySz,
@@ -723,7 +726,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
     Ciphers *dec;
     FSPSM_HMAC_WKEY key_client_mac;
     FSPSM_HMAC_WKEY key_server_mac;
-    
+
     FSPSM_AES_PWKEY key_client_aes = NULL;
     FSPSM_AES_PWKEY key_server_aes = NULL;
 
@@ -746,13 +749,13 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
         }
         else {
             key_client_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
             key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
             if (key_client_aes == NULL || key_server_aes == NULL) {
                 return MEMORY_E;
             }
-            
+
             ret = FSPSM_SESSIONKEY_GEN_FUNC(
                     GetSceCipherSuite(
                         ssl->options.cipherSuite0,
@@ -787,7 +790,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
                 XMEMSET(enc->aes, 0, sizeof(Aes));
                 enc->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC
                                             (sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
                 if (enc->aes->ctx.wrapped_key == NULL)
                     return MEMORY_E;
             }
@@ -802,10 +805,10 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
                         return MEMORY_E;
                     }
                     XMEMSET(dec->aes, 0, sizeof(Aes));
-                    
+
                     dec->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC
                                             (sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
                     if (dec->aes->ctx.wrapped_key == NULL)
                         return MEMORY_E;
                     }
@@ -853,15 +856,13 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
             /* marked as session key is set */
             cbInfo->keyflgs_tls.bits.session_key_set = 1;
         }
-        
-        if (key_client_aes)
-            XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
-        if (key_server_aes)
-            XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
-        
+
+        XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
+        XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
+
         /* unlock hw */
         wc_fspsm_hw_unlock();
-        
+
     }
     else {
         WOLFSSL_LEAVE("hw lock failed", ret);
@@ -1018,7 +1019,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
                                 SCE_TLS_PUBLIC_KEY_TYPE_ECDSA_P256/*ECDSA*/) {
 
       if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL,
-                                                  DYNAMIC_TYPE_TEMP)) == NULL) {
+                                                  DYNAMIC_TYPE_TMP_BUFFER)) == NULL) {
         WOLFSSL_MSG("failed to malloc memory");
         return MEMORY_E;
       }
@@ -1070,9 +1071,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
         if (ret != FSP_SUCCESS) {
             WOLFSSL_MSG(" R_XXX_TlsCertificateVerification() failed");
         }
-        if (sigforSCE) {
-          XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
-        }
+        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         wc_fspsm_hw_unlock();
     }
     else {
diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
index 170ebb5e4..d39e9de74 100644
--- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Use of this Software is subject to the GPLv2 License
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -13,7 +13,7 @@
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
@@ -159,10 +159,8 @@ static void RX64_HashFree(wolfssl_RX64_HW_Hash* hash)
     if (hash == NULL)
         return;
 
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
 }
 
 /**
diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
index 2d995d99f..fc168bb4d 100644
--- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Use of this Software is subject to the GPLv2 License
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -13,7 +13,7 @@
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
index d4f474195..54dc6f5f8 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -86,9 +86,9 @@ typedef e_tsip_err_t (*Tls13AesDecFinalFn)
 
 
 /*  encrypt plain data.
- *  
+ *
  *  return cipher data size on success, negative value on failure.
- *         CRYPTOCB_UNAVAILABLE may be returned.   
+ *         CRYPTOCB_UNAVAILABLE may be returned.
  */
 WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
                             struct WOLFSSL* ssl,
@@ -100,9 +100,9 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
     e_tsip_err_t    err = TSIP_SUCCESS;
     TsipUserCtx*    tuc = NULL;
     e_tsip_tls13_cipher_suite_t cs;
-    word32  cipher[(AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
+    word32  cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
                                                              sizeof(word32)];
-    word32  plain[AES_BLOCK_SIZE / sizeof(word32)];
+    word32  plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
     int             idxIn,idxOut;
     uint32_t        remain;
     uint32_t        dataSz, finalSz;
@@ -166,7 +166,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
                                     cs,
                                     key,
                                     sz);
- 
+
         if (err != TSIP_SUCCESS) {
             WOLFSSL_MSG("R_TSIP_Tls13DecryptUpdate error");
             ret = WC_HW_E;
@@ -177,7 +177,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
 
         while (err == TSIP_SUCCESS && remain > 0) {
 
-            dataSz = min(remain, AES_BLOCK_SIZE);
+            dataSz = min(remain, WC_AES_BLOCK_SIZE);
             ForceZero(plain, sizeof(plain));
             ForceZero(cipher, sizeof(cipher));
             XMEMCPY(plain, input + idxIn, dataSz);
@@ -190,7 +190,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
                                     dataSz);
 
             if (err == TSIP_SUCCESS) {
-                if (dataSz >= AES_BLOCK_SIZE) {
+                if (dataSz >= WC_AES_BLOCK_SIZE) {
                     XMEMCPY(output + idxOut, cipher, dataSz);
                     idxOut += dataSz;
                 }
@@ -236,7 +236,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
 /* decrypt encrypted handshake data for TLSv1.3
  * AES-GCM or AES-CCM can be used
  * return 0 on success, otherwise on error.
- */ 
+ */
 WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
                             struct WOLFSSL* ssl,
                             byte* output,
@@ -247,8 +247,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
     e_tsip_err_t    err = TSIP_SUCCESS;
     TsipUserCtx*    tuc = NULL;
     e_tsip_tls13_cipher_suite_t cs;
-    word32          cipher[AES_BLOCK_SIZE / sizeof(word32)];
-    word32          plain[AES_BLOCK_SIZE / sizeof(word32)];
+    word32          cipher[WC_AES_BLOCK_SIZE / sizeof(word32)];
+    word32          plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
     int             idxIn,idxOut;
     int             blocks;
     uint32_t        remain,conRemain;
@@ -302,7 +302,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
         return CRYPTOCB_UNAVAILABLE;
 
 
-    blocks    = sz / AES_BLOCK_SIZE;
+    blocks    = sz / WC_AES_BLOCK_SIZE;
     remain    = sz;
     conRemain = sz - TSIP_AES_GCM_AUTH_TAG_SIZE;
 
@@ -326,9 +326,9 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
 
         while (err == TSIP_SUCCESS && (blocks--) >= 0) {
 
-            dataSz = min(remain, AES_BLOCK_SIZE);
+            dataSz = min(remain, WC_AES_BLOCK_SIZE);
             XMEMCPY(cipher, input + idxIn, dataSz);
-            ForceZero(plain, AES_BLOCK_SIZE);
+            ForceZero(plain, WC_AES_BLOCK_SIZE);
 
             err = R_TSIP_Tls13DecryptUpdate(
                                     &(tuc->handle13),
@@ -337,7 +337,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
                                     dataSz);
 
             if (err == TSIP_SUCCESS) {
-                if (dataSz >= AES_BLOCK_SIZE && conRemain >= AES_BLOCK_SIZE) {
+                if (dataSz >= WC_AES_BLOCK_SIZE && conRemain >= WC_AES_BLOCK_SIZE) {
                     XMEMCPY(output + idxOut, plain, dataSz);
                     idxOut += dataSz;
                     conRemain -= min(conRemain, dataSz);
@@ -384,7 +384,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
 WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info,
                                                                     void* ctx)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
 
     WOLFSSL_ENTER("wc_tsip_AesCipher");
@@ -472,7 +472,7 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 {
     tsip_aes_handle_t _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -502,13 +502,13 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
     while (ret == TSIP_SUCCESS && blocks--) {
         if (aes->ctx.keySize == 16)
             ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = R_TSIP_Aes256CbcEncryptUpdate(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == TSIP_SUCCESS) {
@@ -532,7 +532,7 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 {
    tsip_aes_handle_t _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -561,13 +561,13 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 
         if (aes->ctx.keySize == 16)
             ret = R_TSIP_Aes128CbcDecryptUpdate(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = R_TSIP_Aes256CbcDecryptUpdate(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == TSIP_SUCCESS) {
@@ -627,7 +627,7 @@ int wc_tsip_AesGcmEncrypt(
     uint8_t* aadBuf    = NULL;
     const uint8_t* iv_l = NULL;
     uint32_t ivSz_l = 0;
-    
+
     tsip_aes_key_index_t key_client_aes;
     TsipUserCtx *userCtx;
 
@@ -660,8 +660,8 @@ int wc_tsip_AesGcmEncrypt(
 
     userCtx = (TsipUserCtx*)ctx;
 
-    /* buffer for cipher data output must be multiple of AES_BLOCK_SIZE */
-    cipherBufSz = ((sz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
+    /* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */
+    cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
 
     if ((ret = tsip_hw_lock()) == 0) {
 
@@ -722,10 +722,10 @@ int wc_tsip_AesGcmEncrypt(
                  XMEMCPY(&key_client_aes, &userCtx->user_aes128_key_index,
                         sizeof(tsip_aes_key_index_t));
             }
-            
+
             iv_l = iv;
             ivSz_l = ivSz;
-            
+
         }
 
         if (ret == 0) {
@@ -754,7 +754,7 @@ int wc_tsip_AesGcmEncrypt(
             */
             dataLen = 0;
             err = finalFn(&hdl,
-                          cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
+                          cipherBuf + (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE,
                           &dataLen,
                           aTagBuf); /* aad of 16 bytes will be output */
 
@@ -859,8 +859,8 @@ int wc_tsip_AesGcmDecrypt(
 
     userCtx = (TsipUserCtx *)ctx;
 
-    /* buffer for plain data output must be multiple of AES_BLOCK_SIZE */
-    plainBufSz = ((sz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
+    /* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */
+    plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
 
     if ((ret = tsip_hw_lock()) == 0) {
 
@@ -950,7 +950,7 @@ int wc_tsip_AesGcmDecrypt(
             if (err == TSIP_SUCCESS) {
                 dataLen = 0;
                 err = finalFn(&hdl,
-                        plainBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
+                        plainBuf + (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE,
                         &dataLen,
                         aTagBuf,
                         min(16, authTagSz)); /* TSIP accepts upto 16 byte */
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
index 1a77b4020..9b926d926 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
@@ -1,6 +1,6 @@
 /* renesas_sce_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,12 +18,11 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- 
+
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if !defined(NO_RSA) && \
-    (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
+     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
 #include <string.h>
 #include <stdio.h>
@@ -40,14 +39,14 @@
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-/* Make Rsa key for TSIP and set it to callback ctx
+/* Make RSA key for TSIP and set it to callback ctx
  * Assumes to be called by Crypt Callback
  *
- * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * size   desired key length, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return TSIP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
+int wc_tsip_MakeRsaKey(int size, void* ctx)
 {
     e_tsip_err_t     ret;
     TsipUserCtx     *info = (TsipUserCtx*)ctx;
@@ -59,185 +58,142 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
+    if (size != 1024 && size != 2048) {
+        WOLFSSL_MSG("Failed to generate key pair by TSIP");
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
     if ((ret = tsip_hw_lock()) == 0) {
         if (size == 1024) {
             tsip_pair1024_key =
             (tsip_rsa1024_key_pair_index_t*)XMALLOC(
-                sizeof(tsip_rsa1024_key_pair_index_t), NULL, 
+                sizeof(tsip_rsa1024_key_pair_index_t), NULL,
                                                 DYNAMIC_TYPE_RSA_BUFFER);
             if (tsip_pair1024_key == NULL)
                 return MEMORY_E;
-                
+
             ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key);
         }
         else if (size == 2048) {
             tsip_pair2048_key =
             (tsip_rsa2048_key_pair_index_t*)XMALLOC(
-                sizeof(tsip_rsa2048_key_pair_index_t), NULL, 
+                sizeof(tsip_rsa2048_key_pair_index_t), NULL,
                                                 DYNAMIC_TYPE_RSA_BUFFER);
             if (tsip_pair2048_key == NULL)
                 return MEMORY_E;
-                
+
             ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
         }
-        else
-            return CRYPTOCB_UNAVAILABLE;
-            
+
         if (ret == TSIP_SUCCESS) {
             if (size == 1024) {
-                if (info->rsa1024pri_keyIdx != NULL) {
-                    XFREE(info->rsa1024pri_keyIdx, NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                if (info->rsa1024pub_keyIdx != NULL) {
-                    XFREE(info->rsa1024pub_keyIdx, NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                info->rsa1024pri_keyIdx = 
+                XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                info->rsa1024pri_keyIdx =
                 (tsip_rsa1024_private_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa1024_private_key_index_t), NULL, 
+                    sizeof(tsip_rsa1024_private_key_index_t), NULL,
                                                 DYNAMIC_TYPE_RSA_BUFFER);
-                    
+
                 if (info->rsa1024pri_keyIdx == NULL) {
-                    XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
-                
+
                 info->rsa1024pub_keyIdx =
                 (tsip_rsa1024_public_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa1024_public_key_index_t), NULL, 
+                    sizeof(tsip_rsa1024_public_key_index_t), NULL,
                                                 DYNAMIC_TYPE_RSA_BUFFER);
-                    
+
                 if (info->rsa1024pub_keyIdx == NULL) {
-                    XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    XFREE(info->rsa1024pri_keyIdx, 0, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
                 /* copy generated key pair and free malloced key */
                 XMEMCPY(info->rsa1024pri_keyIdx,
                                     &tsip_pair1024_key->private,
                                     sizeof(tsip_rsa1024_private_key_index_t));
-                XMEMCPY(info->rsa1024pub_keyIdx, 
+                XMEMCPY(info->rsa1024pub_keyIdx,
                                     &tsip_pair1024_key->public,
                                     sizeof(tsip_rsa1024_public_key_index_t));
-                XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                
+                XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+
                 info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
                 info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
+                info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
             }
             else if (size == 2048) {
-                if (info->rsa2048pri_keyIdx != NULL) {
-                    XFREE(info->rsa2048pri_keyIdx, NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                if (info->rsa2048pub_keyIdx != NULL) {
-                    XFREE(info->rsa2048pub_keyIdx, NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                info->rsa2048pri_keyIdx = 
+                XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                info->rsa2048pri_keyIdx =
                 (tsip_rsa2048_private_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa2048_private_key_index_t), NULL, 
+                    sizeof(tsip_rsa2048_private_key_index_t), NULL,
                                     DYNAMIC_TYPE_RSA_BUFFER);
-                    
+
                 if (info->rsa2048pri_keyIdx == NULL) {
-                    XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
-                
+
                 info->rsa2048pub_keyIdx =
                 (tsip_rsa2048_public_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa2048_public_key_index_t), NULL, 
+                    sizeof(tsip_rsa2048_public_key_index_t), NULL,
                                     DYNAMIC_TYPE_RSA_BUFFER);
-                    
+
                 if (info->rsa2048pub_keyIdx == NULL) {
-                    XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    XFREE(info->rsa2048pri_keyIdx, 0, 
+                    XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(info->rsa2048pri_keyIdx, NULL,
                                     DYNAMIC_TYPE_RSA_BUFFER);
                     return MEMORY_E;
                 }
+
                 /* copy generated key pair and free malloced key */
-                XMEMCPY(info->rsa2048pri_keyIdx, 
+                XMEMCPY(info->rsa2048pri_keyIdx,
                             &tsip_pair2048_key->private,
                             sizeof(tsip_rsa2048_private_key_index_t));
-                XMEMCPY(info->rsa2048pub_keyIdx, 
+                XMEMCPY(info->rsa2048pub_keyIdx,
                             &tsip_pair2048_key->public,
                             sizeof(tsip_rsa2048_public_key_index_t));
-                XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                
+                XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+
                 info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
                 info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
-                
+                info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
             }
         }
-        else {
-            WOLFSSL_MSG("Failed to generate key pair by TSIP");
-            return CRYPTOCB_UNAVAILABLE;
-        }
-        
+
         tsip_hw_unlock();
     }
 
+
     return 0;
 }
-
-
-/* Perform Rsa verify by TSIP
- * Assumes to be called by Crypt Callback
- * 
- * in     Buffer to hold plaintext
- * inLen  Length of plaintext in bytes
- * out    Buffer to hold generated signature
- * outLen Length of signature in bytes
- * key    rsa key object
- * ctx    The callback context
- * return FSP_SUCCESS(0) on Success, otherwise negative value
+/* Generate TSIP key index if needed
+ *
+ * tuc    struct pointer of TsipUserCtx
+ * return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
  */
- 
-WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
+static int tsip_RsakeyImport(TsipUserCtx* tuc)
 {
     int ret = 0;
-    e_tsip_err_t    err = TSIP_SUCCESS;
-    tsip_rsa_byte_data_t hashData, sigData;
 
-    uint8_t  tsip_hash_type;
-    
-    
-    /* sanity check */
-    if (info == NULL || tuc == NULL){
-        return BAD_FUNC_ARG;
-    }
-    
-    if (ret == 0) {
-       if (tuc->sing_hash_type == md5_mac)
-           tsip_hash_type = R_TSIP_RSA_HASH_MD5;
-       else if (tuc->sing_hash_type == sha_mac)
-           tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
-       else if (tuc->sing_hash_type == sha256_mac)
-           tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
-       else
-           ret = CRYPTOCB_UNAVAILABLE;
-    }
-    
     switch (tuc->wrappedKeyType) {
         case TSIP_KEY_TYPE_RSA1024:
-            if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1)
-            {
-                ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+            if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
+                ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
 
                 WOLFSSL_MSG("tsip rsa private key 1024 not set");
-                if (ret != 0) 
+                if (ret != 0)
                     ret = CRYPTOCB_UNAVAILABLE;
 
             }
             break;
         case TSIP_KEY_TYPE_RSA2048:
-            if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1)
-            {
-                ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+            if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
+                ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
 
-                WOLFSSL_MSG("tsip rsa private key 1024 not set");
-                if (ret != 0) 
+                WOLFSSL_MSG("tsip rsa private key 2048 not set");
+                if (ret != 0)
                     ret = CRYPTOCB_UNAVAILABLE;
             }
             break;
@@ -247,14 +203,124 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
             break;
     }
 
+    return ret;
+}
+
+/* Perform rsa encryption/decryption by TSIP
+ * Assumes to be called by Crypt Callback
+ *
+ * info struct pointer of wc_CryptoInfo including necessary info
+ * tuc  struct pointer of TsipUserCtx including TSIP key info
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
+{
+    int ret;
+    int keySize;
+    int type;
+    tsip_rsa_byte_data_t plain, cipher;
+
+
+    if (info == NULL || tuc == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (tsip_RsakeyImport(tuc) == 0) {
+        type = info->pk.rsa.type;
+        keySize = (int)tuc->wrappedKeyType;
+
+        if ((ret = tsip_hw_lock()) == 0) {
+            if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
+                plain.pdata = (uint8_t*)info->pk.rsa.in;
+                plain.data_length = info->pk.rsa.inLen;
+                cipher.pdata = (uint8_t*)info->pk.rsa.out;
+                cipher.data_length = *(info->pk.rsa.outLen);
+
+                if (keySize == TSIP_KEY_TYPE_RSA1024) {
+                    ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
+                            tuc->rsa1024pub_keyIdx);
+                }
+                else if (keySize == TSIP_KEY_TYPE_RSA2048) {
+                    ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
+                            tuc->rsa2048pub_keyIdx);
+                }
+                else {
+                    WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
+                                                          "1024 or 2048 bits.");
+                    return BAD_FUNC_ARG;
+                }
+                if (ret == 0) {
+                    *(info->pk.rsa.outLen) = cipher.data_length;
+                }
+            }
+            else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
+            {
+                plain.pdata = (uint8_t*)info->pk.rsa.out;
+                plain.data_length = *(info->pk.rsa.outLen);
+                cipher.pdata = (uint8_t*)info->pk.rsa.in;
+                cipher.data_length = info->pk.rsa.inLen;
+
+                if (keySize == TSIP_KEY_TYPE_RSA1024) {
+                    ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
+                            tuc->rsa1024pri_keyIdx);
+                }
+                else if (keySize == TSIP_KEY_TYPE_RSA2048) {
+                    ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
+                            tuc->rsa2048pri_keyIdx);
+                }
+                else {
+                    WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
+                                                          "1024 or 2048 bits.");
+                    return BAD_FUNC_ARG;
+                }
+                if (ret == 0) {
+                    *(info->pk.rsa.outLen) = plain.data_length;
+                }
+            }
+            tsip_hw_unlock();
+        }
+    }
+    return ret;
+}
+/* Perform Rsa verify by TSIP
+ * Assumes to be called by Crypt Callback
+ *
+ * info struct pointer of wc_CryptoInfo including necessary info
+ * tuc  struct pointer of TsipUserCtx including TSIP key info
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+
+int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
+{
+    int ret = 0;
+    e_tsip_err_t    err = TSIP_SUCCESS;
+    tsip_rsa_byte_data_t hashData, sigData;
+    uint8_t  tsip_hash_type;
+
+    /* sanity check */
+    if (info == NULL || tuc == NULL){
+        return BAD_FUNC_ARG;
+    }
+
     if (ret == 0) {
-        hashData.pdata = (uint8_t*)info->pk.rsa.in;
-        hashData.data_length = info->pk.rsa.inLen;
+       if (tuc->sign_hash_type == md5_mac)
+           tsip_hash_type = R_TSIP_RSA_HASH_MD5;
+       else if (tuc->sign_hash_type == sha_mac)
+           tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
+       else if (tuc->sign_hash_type == sha256_mac)
+           tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
+       else
+           ret = CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (tsip_RsakeyImport(tuc) == 0) {
+        hashData.pdata = (uint8_t*)info->pk.rsa.out;
+        hashData.data_length = *(info->pk.rsa.outLen);
         hashData.data_type =
             tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
 
-        sigData.pdata = (uint8_t*)info->pk.rsa.out;
-        sigData.data_length = info->pk.rsa.outLen;
+        sigData.pdata = (uint8_t*)info->pk.rsa.in;
+        sigData.data_length = info->pk.rsa.inLen;
 
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
@@ -294,7 +360,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
             tsip_hw_unlock();
         }
     }
-    
+
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
index a1a02f3b4..f85553834 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,23 +18,25 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#include <string.h>
-#include <stdio.h>
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_SHA) || !defined(NO_SHA256)
+#include <string.h>
+#include <stdio.h>
+
 #include <wolfssl/internal.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
     #define WOLFSSL_MISC_INCLUDED
     #include <wolfcrypt/src/misc.c>
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA256)
-
-#include <wolfssl/wolfcrypt/logging.h>
 
 #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
@@ -64,7 +66,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR)
             isTLS13 = 1;
 
@@ -136,8 +138,8 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
 
 
 
-/* store handshake message for later hash or hmac operation. 
- * 
+/* store handshake message for later hash or hmac operation.
+ *
  */
 WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
                                                                 int sz)
@@ -154,7 +156,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR)
             isTLS13 = 1;
 
@@ -164,7 +166,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
             ret = CRYPTOCB_UNAVAILABLE;
         }
     }
-    /* should work until handshake is done */ 
+    /* should work until handshake is done */
     if (ret == 0) {
         if (ssl->options.handShakeDone) {
             WOLFSSL_MSG("handshake is done.");
@@ -195,12 +197,12 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
 
         bag = &(tuc->messageBag);
 
-        if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES || 
+        if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
             bag->buffIdx + sz > MSGBAG_SIZE) {
             WOLFSSL_MSG("Capacity over error in tsip_StoreMessage");
             ret = MEMORY_E;
         }
-    
+
         XMEMCPY(bag->buff + bag->buffIdx, data, sz);
         bag->msgTypes[bag->msgIdx++] = *data;   /* store message type */
         bag->buffIdx += sz;
@@ -229,7 +231,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR)
             isTLS13 = 1;
 
@@ -246,14 +248,14 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
         }
         bag = &(tuc->messageBag);
     }
-    
+
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
             err = R_TSIP_Sha256Init(&handle);
 
             if (err == TSIP_SUCCESS) {
-                err = R_TSIP_Sha256Update(&handle, (uint8_t*)bag->buff, 
+                err = R_TSIP_Sha256Update(&handle, (uint8_t*)bag->buff,
                                                                 bag->buffIdx);
             }
             if (err == TSIP_SUCCESS) {
@@ -287,10 +289,8 @@ static void TSIPHashFree(wolfssl_TSIP_Hash* hash)
     if (hash == NULL)
         return;
 
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
 }
 
 static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId,
@@ -309,7 +309,7 @@ static int TSIPHashInit(wolfssl_TSIP_Hash* hash, void* heap, int devId,
     else {
         hash->heap = heap;
     }
-    
+
     hash->len  = 0;
     hash->used = 0;
     hash->msg  = NULL;
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index 8c98ffb78..0a12ddc6f 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_util.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,6 +18,11 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_RENESAS_TSIP)
@@ -34,11 +39,15 @@
     #define WOLFSSL_MISC_INCLUDED
     #include <wolfcrypt/src/misc.c>
 #endif
-#include <wolfssl/ssl.h>
-#include <wolfssl/internal.h>
-#include <wolfssl/error-ssl.h>
+
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+    #include <wolfssl/ssl.h>
+    #include <wolfssl/internal.h>
+    #include <wolfssl/error-ssl.h>
+#endif
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
+
 #include <stdio.h>
 
 #define TSIP_SIGNING_DATA_PREFIX_SZ     64
@@ -171,6 +180,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
 #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
 /* Set client encrypted public key data.
@@ -189,8 +199,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
 
     WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
 
-    if (uc == NULL
-    || keyBuf == NULL || keyBufLen == 0) {
+    if (uc == NULL || keyBuf == NULL || keyBufLen == 0) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -239,7 +248,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
 /* Obsolete function. Use tsip_use_PrivateKey_buffer instead.
  * Set client encrypted private key data.
  * parameters:
- * key      Renesas Secure Flash Programmer generated key. 
+ * key      Renesas Secure Flash Programmer generated key.
  * keyType  0: RSA 2048bit, 1: RSA 4096bit, 2 ECC P256
  * return   0 on success, others on failure.
  */
@@ -253,7 +262,7 @@ WOLFSSL_API int  tsip_set_clientPrivateKeyEnc(const byte* encKey, int keyType)
         g_user_key_info.encrypted_user_private_key      = (uint8_t*)encKey;
         g_user_key_info.encrypted_user_private_key_type = keyType;
     }
-    
+
     WOLFSSL_LEAVE("tsip_set_clientPrivateKeyEnc", ret);
     return ret;
 }
@@ -299,7 +308,7 @@ WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl)
 
     /* free stored messages */
     tsipFlushMessages(ssl);
-    
+
     return ret;
 }
 
@@ -322,12 +331,12 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
     TsipUserCtx*    tuc = NULL;
 
     WOLFSSL_ENTER("tsip_Tls13GenEccKeyPair");
-    
+
     if (ssl == NULL || kse == NULL)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -383,7 +392,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
         ecckey = (ecc_key*)kse->key;
         ret = wc_ecc_set_curve(ecckey, kse->keyLen, curveId);
     }
-    
+
     kse->pubKey[0] = ECC_POINT_UNCOMP;
 
     /* generate ecc key pair with TSIP */
@@ -412,25 +421,21 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
         }
     }
 
-    if (ret != 0) {
-        if (kse->key != NULL)
-            XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-        if (kse->pubKey != NULL)
-            XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    if ((ret != 0) && (ret != CRYPTOCB_UNAVAILABLE)) {
+        XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
     }
     WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* generate shared secret(pre-master secret)
  * get peer's raw ECDHE public key from KeyShareEntry.
- * The pre-master secret generated by TSIP is stored into 
+ * The pre-master secret generated by TSIP is stored into
  * TsipUserCtx.sharedSecret13Idx as TSIP specific format.
- * 
+ *
  * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
  * expecting to fallback to S/W, other negative values on error.
  */
@@ -448,7 +453,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -468,7 +473,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -514,11 +519,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -530,7 +531,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -539,20 +540,16 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
             tuc->EarlySecret_set = 1;
         }
     }
-    
+
     WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* derive handshake secret.
  * get pre-master secret stored in TsipUserCtx.sharedSecret13Idx.
  * Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx
  * as tsip specific format.
- * 
+ *
  * return 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
  * expecting to fallback to S/W, other negative values on error.
  */
@@ -568,7 +565,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -580,7 +577,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -597,7 +594,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
- 
+
             tuc->HandshakeSecret_set = 0;
 
             err = R_TSIP_Tls13GenerateHandshakeSecret(
@@ -621,11 +618,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -640,7 +633,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -651,7 +644,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -673,9 +666,9 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
- 
+
             tuc->HandshakeClientTrafficKey_set = 0;
-           
+
             err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
                     &(tuc->handle13),
                     TSIP_TLS13_MODE_FULL_HANDSHAKE,
@@ -687,7 +680,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG(
                     "R_TSIP_Tls13GenerateClientHandshakeTrafficKey error");
-                ret = WC_HW_E;                    
+                ret = WC_HW_E;
             }
 
             /* key derivation succeeded */
@@ -705,11 +698,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -724,7 +713,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -735,7 +724,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -757,7 +746,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
- 
+
             tuc->HandshakeServerTrafficKey_set = 0;
 
             err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
@@ -773,7 +762,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
                     "R_TSIP_Tls13GenerateServerHandshakeTrafficKey error");
                 ret = WC_HW_E;
             }
-            
+
             /* key derivation succeeded */
             if (ret == 0) {
                 tuc->HandshakeServerTrafficKey_set = 1;
@@ -789,11 +778,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -808,7 +793,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -819,7 +804,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -841,7 +826,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
- 
+
             tuc->ServerTrafficSecret_set   = 0;
             tuc->ClientTrafficSecret_set   = 0;
             tuc->ServerWriteTrafficKey_set = 0;
@@ -862,7 +847,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
                     "R_TSIP_Tls13GenerateApplicationTrafficKey error");
                 ret = WC_HW_E;
             }
-            
+
             /* key derivation succeeded */
             if (ret == 0) {
                 tuc->ServerTrafficSecret_set   = 1;
@@ -881,11 +866,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
 {
     int ret     = 0;
@@ -899,7 +880,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -910,7 +891,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -953,11 +934,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
 {
     int ret     = 0;
@@ -971,7 +948,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -982,7 +959,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -1025,11 +1002,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* Derive the keys for TLS v1.3.
  *
  * ssl    The WOLFSSL object.
@@ -1042,7 +1015,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
  * side   ENCRYPT_SIDE_ONLY: when only encryption secret needs to be derived.
  *        DECRYPT_SIDE_ONLY: when only decryption secret needs to be derived.
  *        ENCRYPT_AND_DECRYPT_SIDE: when both secret needs to be derived.
- * 
+ *
  * returns 0 on success, CRYPTOCB_UNAVAILABLE when tsip can not handle and is
  * expecting to fallback to S/W, other negative values on error.
  */
@@ -1124,11 +1097,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
 {
     int ret = 0;
@@ -1142,7 +1111,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -1152,7 +1121,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     }
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -1160,7 +1129,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     }
     if (ret == 0) {
         /* make sure handshake secret and verify data has been set by TSIP */
-        if (!tuc->HandshakeSecret_set || 
+        if (!tuc->HandshakeSecret_set ||
             !tuc->HandshakeVerifiedData_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -1168,7 +1137,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     }
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
- 
+
             tuc->MasterSecret_set = 0;
 
             err = R_TSIP_Tls13GenerateMasterSecret(
@@ -1183,7 +1152,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
                     "R_TSIP_Tls13GenerateMasterSecret( error");
                 ret = WC_HW_E;
             }
-            
+
             if (ret == 0) {
                 tuc->MasterSecret_set = 1;
             }
@@ -1198,15 +1167,11 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* verify handshake
  * ssl     WOLFSSL object
  * hash    buffer holding decrypted finished message content from server.
- * 
+ *
  */
 static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
                                     const byte* hash)/*finished message*/
@@ -1223,7 +1188,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -1234,7 +1199,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -1255,7 +1220,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
 
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
-            
+
             tuc->HandshakeVerifiedData_set = 0;
 
             err = R_TSIP_Tls13ServerHandshakeVerification(
@@ -1271,7 +1236,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
             }
             else if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("R_TSIP_Tls13ServerHandshakeVerification error");
-                ret = WC_HW_E;                    
+                ret = WC_HW_E;
             }
             if (ret == 0) {
                 WOLFSSL_MSG("Verified handshake");
@@ -1288,15 +1253,11 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* handles finished message from server.
- * verify hmac in the message. Also output verify data to 
+ * verify hmac in the message. Also output verify data to
  * TsipUserCtx.verifyDataIdx, which is used for deriving master secret.
- * 
+ *
  *  ssl       WOLFSSL object
  *  input     the buffer holding decrypted finished message, type and padding
  *  inOutIdx  On entry, the index into the message content of Finished.
@@ -1334,11 +1295,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished(
     WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* Build TLS v1.3 Message and make it encrypted with AEAD algorithm.
  * TSIP supports AES-GCM and AES-CCM.
  * ssl         The WOLFSSL object.
@@ -1348,7 +1305,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished(
  * inSz        The size of the handshake message (including message header).
  * type        The real content type being put after the message data.
  * hashOutput  Whether to hash the unencrypted record data.
- * returns     the size of the record including header, CRYPTOCB_UNAVAILABLE 
+ * returns     the size of the record including header, CRYPTOCB_UNAVAILABLE
  *             when tsip can not handle and is expecting to fallback to S/W,
  *             other negative values on error.
  */
@@ -1365,7 +1322,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
     int isTLS13 = 0;
     RecordLayerHeader* rl = NULL;
     (void)outSz;
-    
+
     WOLFSSL_ENTER("tsip_Tls13BuildMessage");
 
     if (ssl == NULL || output == NULL || input == NULL) {
@@ -1373,7 +1330,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
     }
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
             isTLS13 = 1;
         }
@@ -1421,7 +1378,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
         /* The real record content type goes at the end of the data. */
         output[RECORD_HEADER_SZ + inSz] = (byte)type;
 
-        ret = tsip_Tls13AesEncrypt(ssl, 
+        ret = tsip_Tls13AesEncrypt(ssl,
                            output + RECORD_HEADER_SZ, /* output */
                            output + RECORD_HEADER_SZ, /* plain message */
                            inSz + 1); /* plain data size(= inSz + 1 for type) */
@@ -1434,13 +1391,9 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-
-
-#if defined(WOLFSSL_TLS13)
 /* Send finished message to the server.
- * 
+ *
  * ssl     WOLFSSL object
  * output  buffer to output packet, including packet header and finished message
  * outSz   buffer size of output
@@ -1466,7 +1419,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
     if (ssl == NULL || output == NULL || input == NULL || outSz == 0) {
         ret  = BAD_FUNC_ARG;
     }
-    
+
     if (ret == 0) {
         finishedSz  = ssl->specs.hash_size;
 
@@ -1485,7 +1438,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
                                      output, outSz,
                                      input, headerSz + finishedSz,
                                      handshake, hashOut);
-    
+
         if (recordSz > 0) {
             ssl->options.clientState    = CLIENT_FINISHED_COMPLETE;
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -1501,9 +1454,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
     WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-#if defined(WOLFSSL_TLS13)
 /* Parse and handle a TLS v1.3 CertificateVerify message sent from a server.
  *
  * ssl       WOLFSSL object
@@ -1515,7 +1466,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
  * return    0 on success, CRYPTOCB_UNAVAILABLE when TSIP can not handle,
  *           other negative values on error.
  */
-WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, 
+WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
                                             const byte* input, word32* inOutIdx,
                                             word32 totalSz)
 {
@@ -1528,7 +1479,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
     e_tsip_err_t  err = TSIP_SUCCESS;
     TsipUserCtx*  tuc = NULL;
     e_tsip_tls13_signature_scheme_type_t sig_scheme;
-    
+
     WOLFSSL_ENTER("tsip_Tls13CertificateVerify");
 
 
@@ -1576,7 +1527,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
 
     if (ret == 0) {
         /* get user context for TSIP */
-        tuc = ssl->RenesasUserCtx;    
+        tuc = ssl->RenesasUserCtx;
         if (tuc == NULL) {
             WOLFSSL_MSG("TsipUserCtx is not set to ssl.");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -1596,7 +1547,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
 
         idx = 0;
         ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
-        XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, 
+        XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
                                                 TSIP_SIGNING_DATA_PREFIX_SZ);
 
         idx += TSIP_SIGNING_DATA_PREFIX_SZ;
@@ -1605,7 +1556,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
         idx += TSIP_CERT_VFY_LABEL_SZ;
         ret = tsip_GetMessageSha256(ssl, &sigData[idx], &messageSz);
     }
- 
+
     if (ret == 0) {
 
         if ((ret = tsip_hw_lock()) == 0) {
@@ -1617,7 +1568,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
                         totalSz);
 
             if (err == TSIP_SUCCESS) {
-                
+
                 *inOutIdx += totalSz;
                 *inOutIdx += ssl->keys.padSz;
                 ssl->options.peerAuthGood = 1;
@@ -1644,23 +1595,21 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
     WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret);
     return ret;
 }
-#endif /* WOLFSSL_TLS13 */
 
-#if defined(WOLFSSL_TLS13)
 /* Send the TLS v1.3 CertificateVerify message. A part of the message is
  * processed by TSIP for acceleration.
  *
- * Prior to this function call, the appropriate key-pair should be set via 
- * tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs. 
- * Those key pair can be generated by the tool named 
+ * Prior to this function call, the appropriate key-pair should be set via
+ * tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS APIs.
+ * Those key pair can be generated by the tool named
  * "Renesas secure flash programmer".
  * When RSA certificate is used, both public and private keys should be set.
  * The public key is used for self-verify the generated certificateVerify
  * message. When ECC certificate is used, the self-verify will be performed only
  * WOLFSSL_CHECK_SIG_FAULTS is defined.
- * 
- * Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not 
- * provided or unsupported algo is specified and otherwise failure. 
+ *
+ * Returns 0 on success, CRYPTOCB_UNAVAILABLE when the required key is not
+ * provided or unsupported algo is specified and otherwise failure.
  */
 WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 {
@@ -1693,7 +1642,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        if (ssl->version.major == SSLv3_MAJOR && 
+        if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR)
             isTLS13 = 1;
 
@@ -1702,7 +1651,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
             ret = CRYPTOCB_UNAVAILABLE;
         }
     }
-    
+
     if (ret == 0) {
         /* get user context for TSIP */
         tuc = ssl->RenesasUserCtx;
@@ -1712,10 +1661,10 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        #if !defined(NO_RSA) 
+        #if !defined(NO_RSA)
         if (ssl->options.haveRSA)
             isRsa = 1;
-        else 
+        else
         #endif
         #ifdef HAVE_ECC
         if (ssl->options.haveECC)
@@ -1730,7 +1679,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
@@ -1740,20 +1689,20 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
             }
         }
         else {
-            if (!tuc->ClientEccP256PrivKey_set) {
+            if (!tuc->ClientEccPrivKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
         }
     }
 
-    if (ret == 0) {    
+    if (ret == 0) {
         /* get message hash */
         ForceZero(hash, sizeof(hash));
         ret = tsip_GetMessageSha256(ssl, hash, (int*)&hashSz);
     }
 
     if (ret == 0) {
-        recordSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
+        recordSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
         /* check for available size */
         ret = CheckAvailableSize(ssl, recordSz);
         recordSz = 0;
@@ -1777,15 +1726,15 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
                             TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
                                                 hash,
                                                 message + HANDSHAKE_HEADER_SZ,
-                                                &messageSz); 
+                                                &messageSz);
             }
             else {
                 err = R_TSIP_Tls13CertificateVerifyGenerate(
-                            (uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx),
+                            (uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
                             TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
                                                 hash,
                                                 message + HANDSHAKE_HEADER_SZ,
-                                                &messageSz); 
+                                                &messageSz);
             }
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("failed to make certificate verify message");
@@ -1800,11 +1749,11 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
     if (ret == 0) {
         if (isRsa) {
-            ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+            ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
         }
         else {
 #if defined(WOLFSSL_CHECK_SIG_FAULTS)
-            ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+            ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
 #endif
         }
     }
@@ -1816,8 +1765,8 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
             }
         }
         else {
-#if defined(WOLFSSL_CHECK_SIG_FAULTS)    
-            if (!tuc->ClientEccP256PubKey_set) {
+#if defined(WOLFSSL_CHECK_SIG_FAULTS)
+            if (!tuc->ClientEccPubKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
@@ -1829,7 +1778,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
         idx = 0;
         ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
-        XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE, 
+        XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
                                                 TSIP_SIGNING_DATA_PREFIX_SZ);
 
         idx += TSIP_SIGNING_DATA_PREFIX_SZ;
@@ -1842,9 +1791,9 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     if (ret == 0) {
         /* extract signature data from generated CertificateVerify message */
         if (!isRsa) {
-#if defined(WOLFSSL_CHECK_SIG_FAULTS)            
-            idx = 4; 
-            derSig = message + 
+#if defined(WOLFSSL_CHECK_SIG_FAULTS)
+            idx = 4;
+            derSig = message +
                         HANDSHAKE_HEADER_SZ + HASH_SIG_SIZE + VERIFY_HEADER;
             if (derSig[idx] == 0x00)
                 idx++;
@@ -1886,7 +1835,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
                 err = R_TSIP_EcdsaP256SignatureVerification(
                             &ecdsa_sig, &ecdsa_hash,
-                            &tuc->EcdsaP256PublicKeyIdx);
+                            &tuc->EcdsaPublicKeyIdx);
                 WOLFSSL_MSG("Perform self-verify for ecc signature");
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
             }
@@ -1907,8 +1856,8 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
         ((HandShakeHeader*)message)->type = certificate_verify;
 
         c32to24(messageSz, ((HandShakeHeader*)message)->length);
-        
-        recordSz = tsip_Tls13BuildMessage(ssl, output, 0, message, 
+
+        recordSz = tsip_Tls13BuildMessage(ssl, output, 0, message,
                                           messageSz + HANDSHAKE_HEADER_SZ,
                                                              handshake, 1);
 
@@ -1927,6 +1876,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 #endif /* WOLFSSL_TLS13 */
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
 
 static uint32_t GetTsipCipherSuite(
@@ -2072,7 +2022,7 @@ static int tsip_ServerKeyExVerify(
         WOLFSSL_MSG("Failed to lock tsip hw");
     }
 
-    XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
     return ret;
@@ -2114,8 +2064,8 @@ int wc_tsip_RsaVerify(
  *   key    buffer holding peer's public key (NOT used in this function)
  *   keySz  public key size((NOT used in this function))
  *   result address of the variable to output result
- *   ctx    context 
- *  return 0 on success, CRYPTOCB_UNAVAILABLE in case TSIP cannot handle 
+ *   ctx    context
+ *  return 0 on success, CRYPTOCB_UNAVAILABLE in case TSIP cannot handle
  */
 int wc_tsip_EccVerify(
         WOLFSSL*  ssl,
@@ -2138,14 +2088,14 @@ int wc_tsip_EccVerify(
         return CRYPTOCB_UNAVAILABLE;
     }
 
-    /* in TLS1.3 */ 
-    if (ssl->version.major == SSLv3_MAJOR && 
+    /* in TLS1.3 */
+    if (ssl->version.major == SSLv3_MAJOR &&
         ssl->version.minor == TLSv1_3_MINOR) {
         WOLFSSL_LEAVE("wc_tsip_EccVerify", CRYPTOCB_UNAVAILABLE);
         return CRYPTOCB_UNAVAILABLE;
     }
 
-    /* concatenate r and s parts of the signature so that TSIP can handle it*/
+    /* concatenate r and s parts of the signature so that TSIP can handle it */
     /* r */
     if (sig[offset] == 0x20) {
         XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
@@ -2261,7 +2211,7 @@ WOLFSSL_API void tsip_set_callbacks(WOLFSSL_CTX* ctx)
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
     wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
     /* Set ssl-> options.sendVerify to SEND_CERT by the following two
-     * registrations. This will allow the client certificate to be sent to 
+     * registrations. This will allow the client certificate to be sent to
      * the server even if the private key is empty. The two callbacks do
      * virtually nothing.
      */
@@ -2307,7 +2257,7 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
     wolfSSL_SetRsaSignCtx(ssl, user_ctx);
     wolfSSL_SetGenPreMasterCtx(ssl, user_ctx);
     wolfSSL_SetEccSharedSecretCtx(ssl, NULL);
-#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)    
+#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
     wolfSSL_SetVerifyMacCtx(ssl, user_ctx);
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
     /* set up crypt callback */
@@ -2346,10 +2296,12 @@ static byte _tls2tsipdef(byte cipher)
  * The target key should be set with tsip_use_PrivateKey_buffer in advance.
  * Acceptable key types are:
  *   TSIP_KEY_TYPE_RSA2048     rsa 2048 bit key
- *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key(Not supported as of now)
+ *   TSIP_KEY_TYPE_RSA3072     rsa 3072 bit key
+ *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key
  *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
+ *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
  */
-static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
+int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
 {
     int          ret = 0;
     e_tsip_err_t err = TSIP_SUCCESS;
@@ -2357,7 +2309,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
     uint8_t* iv               = g_user_key_info.iv;
     uint8_t* encPrivKey;
 
-    WOLFSSL_ENTER("tsipImportPrivateKey");
+    WOLFSSL_ENTER("tsip_ImportPrivateKey");
 
     if (tuc == NULL)
         return BAD_FUNC_ARG;
@@ -2367,7 +2319,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
     if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
         WOLFSSL_MSG("Missing some key materials used for import" );
         return CRYPTOCB_UNAVAILABLE;
-    } 
+    }
 
     if (ret == 0) {
         if (keyType != tuc->wrappedKeyType) {
@@ -2381,7 +2333,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
 
             #if !defined(NO_RSA)
             case TSIP_KEY_TYPE_RSA2048:
-                
+
                 tuc->ClientRsa2048PrivKey_set = 0;
                 err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPrivKey,
@@ -2396,19 +2348,19 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
             #endif
 
             case TSIP_KEY_TYPE_RSA4096:
-                /* not supported as of TSIPv1.15 */ 
+                /* not supported as of TSIPv1.15 */
                 ret = CRYPTOCB_UNAVAILABLE;
                 break;
 
             #if defined(HAVE_ECC)
             case TSIP_KEY_TYPE_ECDSAP256:
 
-                tuc->ClientEccP256PrivKey_set = 0;
+                tuc->ClientEccPrivKey_set = 0;
                 err = R_TSIP_GenerateEccP256PrivateKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPrivKey,
-                                    &(tuc->EcdsaP256PrivateKeyIdx));
+                                    &(tuc->EcdsaPrivateKeyIdx));
                 if (err == TSIP_SUCCESS) {
-                    tuc->ClientEccP256PrivKey_set = 1;
+                    tuc->ClientEccPrivKey_set = 1;
                 }
                 else {
                     ret = WC_HW_E;
@@ -2425,7 +2377,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
     else {
         WOLFSSL_MSG("mutex locking error");
     }
-    WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
+    WOLFSSL_LEAVE("tsip_ImportPrivateKey", ret);
     return ret;
 }
 
@@ -2436,10 +2388,12 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
  * The target key should be set with tsip_use_PublicKey_buffer in advance.
  * Acceptable key types are:
  *   TSIP_KEY_TYPE_RSA2048     rsa 2048 bit key
- *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key(Not supported as of now)
+ *   TSIP_KEY_TYPE_RSA3072     rsa 3072 bit key
+ *   TSIP_KEY_TYPE_RSA4096     rsa 4096 bit key
  *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
+ *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
  */
-WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
+WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
 {
     int          ret = 0;
     e_tsip_err_t err = TSIP_SUCCESS;
@@ -2447,7 +2401,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     uint8_t* iv               = g_user_key_info.iv;
     uint8_t* encPubKey;
 
-    WOLFSSL_ENTER("tsipImportPublicKey");
+    WOLFSSL_ENTER("tsip_ImportPublicKey");
 
     if (tuc == NULL ) {
         return BAD_FUNC_ARG;
@@ -2458,7 +2412,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
         WOLFSSL_MSG("Missing some key materials used for import" );
         return CRYPTOCB_UNAVAILABLE;
-    } 
+    }
 
     if (ret == 0) {
         if (keyType != tuc->wrappedKeyType) {
@@ -2468,22 +2422,19 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     }
 
     if ((ret = tsip_hw_lock()) == 0) {
-        switch(keyType) {
-            
+        switch (keyType) {
+
         #if !defined(NO_RSA)
             case TSIP_KEY_TYPE_RSA2048:
             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
                 tuc->ClientRsa2048PubKey_set = 0;
             #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-                if (tuc->rsa2048pub_keyIdx != NULL) {
-                    XFREE(tuc->rsa2048pub_keyIdx, NULL,
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                
+                XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
                 tuc->rsa2048pub_keyIdx =
-                (tsip_rsa2048_public_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa2048_public_key_index_t), NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
+                    (tsip_rsa2048_public_key_index_t*)XMALLOC(
+                        sizeof(tsip_rsa2048_public_key_index_t), NULL,
+                        DYNAMIC_TYPE_RSA_BUFFER);
                 if (tuc->rsa2048pub_keyIdx == NULL) {
                     return MEMORY_E;
                 }
@@ -2507,25 +2458,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
                     ret = WC_HW_E;
                 }
                 break;
-        #endif
-            
-        #if !defined(NO_RSA)
+
             case TSIP_KEY_TYPE_RSA4096:
-                /* not supported as of TSIPv1.15 */ 
+                /* not supported as of TSIPv1.15 */
                 ret = CRYPTOCB_UNAVAILABLE;
                 break;
-        #endif
-            
-        #if defined(HAVE_ECC) && \
-            defined(WOLFSSL_RENESAS_TSIP_TLS)
-            case TSIP_KEY_TYPE_ECDSAP256:
+        #endif /* !NO_RSA */
 
-                tuc->ClientEccP256PubKey_set = 0;
-                err = R_TSIP_GenerateEccP256PublicKeyIndex(
+        #if defined(HAVE_ECC)
+            case TSIP_KEY_TYPE_ECDSAP256:
+            case TSIP_KEY_TYPE_ECDSAP384:
+            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                tuc->ClientEccPubKey_set = 0;
+            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
+            #endif
+                if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
+                    err = R_TSIP_GenerateEccP256PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
-                                    &(tuc->EcdsaP256PublicKeyIdx));
+                            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                                    &(tuc->EcdsaPublicKeyIdx)
+                            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                                    &tuc->eccpub_keyIdx
+                            #endif
+                    );
+                }
+                else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
+                    err = R_TSIP_GenerateEccP384PublicKeyIndex(
+                                    provisioning_key, iv, (uint8_t*)encPubKey,
+                            #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                                    &(tuc->EcdsaPublicKeyIdx)
+                            #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                                    &tuc->eccpub_keyIdx
+                            #endif
+                    );
+                }
                 if (err == TSIP_SUCCESS) {
-                    tuc->ClientEccP256PubKey_set = 1;
+                #if defined(WOLFSSL_RENESAS_TSIP_TLS)
+                    tuc->ClientEccPubKey_set = 1;
+                #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+                    tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
+                #endif
                 }
                 else {
                     ret = WC_HW_E;
@@ -2542,44 +2515,10 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     else {
         WOLFSSL_MSG("mutex locking error");
     }
-    WOLFSSL_LEAVE("tsipImportPublicKey", ret);
-    return ret;
-}
-/*
-* lock hw engine.
-* this should be called before using engine.
-*/
-WOLFSSL_LOCAL int tsip_hw_lock(void)
-{
-    int ret = 0;
-
-    if (tsip_CryptHwMutexInit_ == 0) {
-
-        ret = tsip_CryptHwMutexInit(&tsip_mutex);
-
-        if (ret == 0) {
-            tsip_CryptHwMutexInit_ = 1;
-        }
-        else {
-            WOLFSSL_MSG(" mutex initialization failed.");
-            return -1;
-        }
-    }
-    if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
-        /* this should not happens */
-        return -1;
-    }
-
+    WOLFSSL_LEAVE("tsip_ImportPublicKey", ret);
     return ret;
 }
 
-/*
-* release hw engine
-*/
-WOLFSSL_LOCAL void tsip_hw_unlock(void)
-{
-    tsip_CryptHwMutexUnLock(&tsip_mutex);
-}
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
 /* check if tsip tls functions can be used for the cipher      */
 /* return  :1 when tsip can be used , 0 not be used.           */
@@ -2678,6 +2617,41 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+/*
+* lock hw engine.
+* this should be called before using engine.
+*/
+WOLFSSL_LOCAL int tsip_hw_lock(void)
+{
+    int ret = 0;
+
+    if (tsip_CryptHwMutexInit_ == 0) {
+
+        ret = tsip_CryptHwMutexInit(&tsip_mutex);
+
+        if (ret == 0) {
+            tsip_CryptHwMutexInit_ = 1;
+        }
+        else {
+            WOLFSSL_MSG(" mutex initialization failed.");
+            return -1;
+        }
+    }
+    if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
+        /* this should not happens */
+        return -1;
+    }
+
+    return ret;
+}
+
+/*
+* release hw engine
+*/
+WOLFSSL_LOCAL void tsip_hw_unlock(void)
+{
+    tsip_CryptHwMutexUnLock(&tsip_mutex);
+}
 
 /* open TSIP driver
  * return 0 on success.
@@ -2696,6 +2670,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
         if (ret != TSIP_SUCCESS) {
             WOLFSSL_MSG("RENESAS TSIP Open failed");
         }
+
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
 
@@ -2722,11 +2697,13 @@ WOLFSSL_LOCAL int tsip_Open(void)
                 if (ret != TSIP_SUCCESS) {
                     WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
                 }
-                    /* init vars */
+
+                /* init vars */
                 g_CAscm_Idx = (uint32_t)-1;
             }
         }
     #endif
+
 #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
 
         ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
@@ -2756,7 +2733,8 @@ WOLFSSL_LOCAL int tsip_Open(void)
                 if (ret != TSIP_SUCCESS) {
                     WOLFSSL_MSG("R_TSIP_(Re)Open failed");
                 }
-                 /* init vars */
+
+                /* init vars */
                 g_CAscm_Idx = (uint32_t)-1;
             }
         }
@@ -2832,7 +2810,8 @@ void tsip_inform_user_keys_ex(
     word32    encrypted_user_tls_key_type)
 {
     WOLFSSL_ENTER("tsip_inform_user_keys_ex");
-    ForceZero(&g_user_key_info, sizeof(g_user_key_info));
+
+    XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info));
     g_user_key_info.encrypted_provisioning_key = NULL;
     g_user_key_info.iv = NULL;
 
@@ -3036,13 +3015,25 @@ int wc_tsip_ShaXHmacVerify(
     }
     wrapped_key = ssl->keys.tsip_server_write_MAC_secret;
 
-    if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS) {
+    if (wrapped_key.type ==
+#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
+        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA1_FOR_CLIENT
+#else
+        TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS
+#endif
+     ){
         WOLFSSL_MSG("perform Sha1-Hmac verification");
         initFn   = R_TSIP_Sha1HmacVerifyInit;
         updateFn = R_TSIP_Sha1HmacVerifyUpdate;
         finalFn  = R_TSIP_Sha1HmacVerifyFinal;
     }
-    else if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS) {
+    else if (wrapped_key.type ==
+#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
+        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA256_FOR_CLIENT
+#else
+        TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS
+#endif
+    ) {
         WOLFSSL_MSG("perform Sha256-Hmac verification");
         initFn   = R_TSIP_Sha256HmacVerifyInit;
         updateFn = R_TSIP_Sha256HmacVerifyUpdate;
@@ -3101,7 +3092,7 @@ int wc_tsip_generateVerifyData(
         WOLFSSL_LEAVE("tsip_generateVerifyData", BAD_FUNC_ARG);
         return BAD_FUNC_ARG;
     }
-    if (XSTRNCMP((const char*)side, (const char*)kTlsServerFinStr, 
+    if (XSTRNCMP((const char*)side, (const char*)kTlsServerFinStr,
                                                 FINISHED_LABEL_SZ) == 0) {
         l_side = R_TSIP_TLS_GENERATE_SERVER_VERIFY;
     }
@@ -3567,9 +3558,7 @@ int wc_tsip_tls_CertVerify(
         if (ret != TSIP_SUCCESS) {
             WOLFSSL_MSG(" R_TSIP_TlsCertificateVerification failed");
         }
-        if (sigforSCE) {
-            XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
-        }
+        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_ECC);
         tsip_hw_unlock();
     }
     else {
@@ -3643,6 +3632,7 @@ int wc_tsip_tls_RootCertVerify(
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
 #if !defined(NO_RSA)
 /*  Perform signing with the client's RSA private key on hash value of messages
  *  exchanged with server.
@@ -3657,7 +3647,7 @@ int wc_tsip_tls_RootCertVerify(
  *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
  *
  */
-WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
+int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
@@ -3667,14 +3657,14 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     WOLFSSL_ENTER("tsip_SignRsaPkcs");
 
-    if (info == NULL || tuc == NULL 
+    if (info == NULL || tuc == NULL
     #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
     || tuc->ssl == NULL
     #endif
     ) {
             ret = BAD_FUNC_ARG;
     }
-    
+
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
     if (ret == 0) {
         ssl = tuc->ssl;
@@ -3687,10 +3677,9 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     if (ret == 0) {
         /* import private key_index from wrapped key */
-        ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
 
-    
     if (ret == 0) {
         if (ssl->options.hashAlgo == md5_mac)
             tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@@ -3703,29 +3692,27 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
     }
 #else
     (void)ssl;
-    
+
     if (ret == 0) {
-       if (tuc->sing_hash_type == md5_mac)
+       if (tuc->sign_hash_type == md5_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_MD5;
-       else if (tuc->sing_hash_type == sha_mac)
+       else if (tuc->sign_hash_type == sha_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
-       else if (tuc->sing_hash_type == sha256_mac)
+       else if (tuc->sign_hash_type == sha256_mac)
            tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
        else
            ret = CRYPTOCB_UNAVAILABLE;
     }
-    
+
     switch (tuc->wrappedKeyType) {
         case TSIP_KEY_TYPE_RSA1024:
-            if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1)
-            {
-                WOLFSSL_MSG("tsip rsa private key 2048 not set");
+            if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
+                WOLFSSL_MSG("tsip rsa private key 1024 not set");
                     ret = CRYPTOCB_UNAVAILABLE;
             }
             break;
         case TSIP_KEY_TYPE_RSA2048:
-            if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1)
-            {
+            if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
                 WOLFSSL_MSG("tsip rsa private key 2048 not set");
                     ret = CRYPTOCB_UNAVAILABLE;
             }
@@ -3735,22 +3722,21 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
             ret = CRYPTOCB_UNAVAILABLE;
             break;
     }
-    
 #endif
-    
+
     if (ret == 0) {
-       #ifdef WOLFSSL_RENESAS_TSIP_TLS
+    #ifdef WOLFSSL_RENESAS_TSIP_TLS
         hashData.pdata      = (uint8_t*)ssl->buffers.digest.buffer;
         hashData.data_type  = 1;
         sigData.pdata       = (uint8_t*)info->pk.rsa.in;
         sigData.data_length = 0; /* signature size will be returned here */
-       #else
+    #else
         hashData.pdata      = (uint8_t*)info->pk.rsa.in;
         hashData.data_length= info->pk.rsa.inLen;
         hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
         sigData.pdata       = (uint8_t*)info->pk.rsa.out;
         sigData.data_length = 0;
-       #endif
+    #endif
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
             #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
@@ -3762,12 +3748,11 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                                                 tsip_hash_type);
 
                     if (err != TSIP_SUCCESS) {
-                        ret = WC_HW_E; 
+                        ret = WC_HW_E;
                     }
                     break;
             #endif
                 case TSIP_KEY_TYPE_RSA2048:
-
                     err = R_TSIP_RsassaPkcs2048SignatureGenerate(
                                                 &hashData, &sigData,
                                    #ifdef WOLFSSL_RENESAS_TSIP_TLS
@@ -3779,7 +3764,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                                                 tsip_hash_type);
 
                     if (err != TSIP_SUCCESS) {
-                        ret = WC_HW_E; 
+                        ret = WC_HW_E;
                     }
                     break;
 
@@ -3807,7 +3792,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
 #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_TSIP_TLS)
 WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
-                        WOLFSSL* ssl, 
+                        WOLFSSL* ssl,
                         unsigned char* sig, unsigned int sigSz,
                         unsigned char** out,
                         const unsigned char* keyDer, unsigned int keySz,
@@ -3840,9 +3825,9 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
 
     if (ret == 0) {
         /* import public key_index from wrapped key */
-        ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
     }
-    
+
     if (ret == 0) {
         if (ssl->options.hashAlgo == md5_mac)
             tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@@ -3852,7 +3837,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
             tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
         else {
             ret = CRYPTOCB_UNAVAILABLE;
-        } 
+        }
     }
 
     if (ret == 0) {
@@ -3863,7 +3848,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
         if ((ret = tsip_hw_lock()) == 0) {
 
             switch (tuc->wrappedKeyType) {
-                
+
                 case TSIP_KEY_TYPE_RSA2048:
                     sigData.data_length = 256;
                     err = R_TSIP_RsassaPkcs2048SignatureVerification(
@@ -3902,9 +3887,10 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
 }
 #endif /* !NO_RSA && TSIP_TLS */
 
-#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
+#if defined(HAVE_ECC)
+#if defined(WOLFSSL_RENESAS_TSIP_TLS)
 /*   Perform signing with the client's ECC private key on hash value of messages
- *   exchanged with server. 
+ *   exchanged with server.
  *
  * parameters
  *   info->pk.eccsign.in    : the buffer holding hash value of messages
@@ -3922,7 +3908,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
-    tsip_rsa_byte_data_t hashData, sigData;
+    tsip_ecdsa_byte_data_t hashData, sigData;
     byte  offsetForWork;
     byte* out = NULL;
     byte* sig = NULL;
@@ -3949,35 +3935,35 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     if (ret == 0) {
         /* import private key_index from wrapped key */
-        ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
- 
+
     if (ret == 0) {
         hashData.pdata      = (uint8_t*)info->pk.eccsign.in;
         hashData.data_type  = 1;
         sigData.pdata       = (uint8_t*)info->pk.eccsign.out;
         sigData.data_length = 0; /* signature size will be returned here */
 
-        if ((ret = tsip_hw_lock()) == 0) {        
+        if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
 
-                #if defined(HAVE_ECC)
+                #if !defined(NO_ECC256)
                 case TSIP_KEY_TYPE_ECDSAP256:
                     offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32;
-                    if (*(info->pk.eccsign.outlen) < 
+                    if (*(info->pk.eccsign.outlen) <
                                 R_TSIP_ECDSA_DATA_BYTE_SIZE + offsetForWork) {
                         ret = BUFFER_E;
                         break;
                     }
 
-                    sigData.pdata = (uint8_t*)info->pk.eccsign.out + 
+                    sigData.pdata = (uint8_t*)info->pk.eccsign.out +
                                                             offsetForWork;
                     err = R_TSIP_EcdsaP256SignatureGenerate(
                                                 &hashData, &sigData,
-                                                &tuc->EcdsaP256PrivateKeyIdx);
+                                                &tuc->EcdsaPrivateKeyIdx);
                     if (err != TSIP_SUCCESS) {
                         ret = WC_HW_E;
-                        break; 
+                        break;
                     }
 
                     out = info->pk.eccsign.out;
@@ -3991,7 +3977,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     /* encode ASN sequence */
                     out[idx++] = ASN_SEQUENCE | ASN_CONSTRUCTED;
                     out[idx++] = sz;
-                    
+
                     /* copy r part */
                     out[idx++] = ASN_INTEGER;
                     out[idx++] = rSz;
@@ -4006,22 +3992,12 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     if (sSz > R_TSIP_ECDSA_DATA_BYTE_SIZE / 2)
                         out[idx++] = 0x00;
                     XMEMCPY(&out[idx], sig, R_TSIP_ECDSA_DATA_BYTE_SIZE / 2);
-                
+
                     /* out size */
                     *(info->pk.eccsign.outlen) = ASN_TAG_SZ + 1 + sz;
                     break;
                 #endif
 
-                #if defined(HAVE_ECC192)
-                case TSIP_KEY_TYPE_ECDSAP192:
-                    ret = CRYPTOCB_UNAVAILABLE;
-                    break;
-                #endif
-                #if defined(HAVE_ECC224)
-                case TSIP_KEY_TYPE_ECDSAP224:
-                    ret = CRYPTOCB_UNAVAILABLE;
-                    break;
-                #endif
                 #if defined(HAVE_ECC384)
                 case TSIP_KEY_TYPE_ECDSAP384:
                     ret = CRYPTOCB_UNAVAILABLE;
@@ -4042,25 +4018,134 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
     WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
     return ret;
 }
-#endif /* HAVE_ECC && TSIP_TLS */
+#endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+/* zero pad or truncate hash */
+static int tsip_HashPad(int curveSz, uint8_t* hash,
+    const uint8_t* hashIn, int hashSz)
+{
+    if (hashSz > curveSz)
+        hashSz = curveSz;
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+    return curveSz;
+}
+
+/* Perform verify with the wrapped public key, provided hash and signature r+s
+ *
+ * parameters
+ *   info->pk.eccverify.in    : the buffer holding hash value of messages
+ *   info->pk.eccverify.inlen : hash data size
+ *   info->pk.eccverify.out   : the buffer where the signature data is output to
+ *   info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out
+ *   tuc:  the pointer to the TsipUserCtx structure
+ * returns
+ *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
+ */
+WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
+{
+    int ret = 0;
+    e_tsip_err_t    err = TSIP_SUCCESS;
+    tsip_ecdsa_byte_data_t hashData, sigData;
+    /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
+     * if using SHA2-256 with ECDSA SECP384R1 */
+    uint8_t hash[TSIP_MAX_ECC_BYTES];
+
+    WOLFSSL_ENTER("tsip_VerifyEcdsa");
+
+    if (info == NULL || tuc == NULL) {
+        ret = CRYPTOCB_UNAVAILABLE;
+    }
+
+    XMEMSET(hash, 0, sizeof(hash));
+
+    if (ret == 0) {
+        /* import public key_index from wrapped key */
+        ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
+    }
+
+    if (ret == 0) {
+        int curveSz = info->pk.eccverify.key->dp->size;
+        hashData.pdata      = (uint8_t*)hash;
+        hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
+        sigData.pdata       = (uint8_t*)info->pk.eccverify.sig;
+        sigData.data_length = info->pk.eccverify.siglen;
+
+        if ((ret = tsip_hw_lock()) == 0) {
+            switch (tuc->wrappedKeyType) {
+            #if !defined(NO_ECC256)
+                case TSIP_KEY_TYPE_ECDSAP256:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(curveSz,
+                        hash, info->pk.eccverify.hash,
+                        info->pk.eccverify.hashlen);
+
+                    err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
+                        &hashData, &tuc->eccpub_keyIdx);
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
+                        ret = WC_HW_E;
+                    }
+                    break;
+                    break;
+            #endif
+
+            #if defined(HAVE_ECC384)
+                case TSIP_KEY_TYPE_ECDSAP384:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(curveSz,
+                        hash, info->pk.eccverify.hash,
+                        info->pk.eccverify.hashlen);
+
+                    err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
+                        &hashData, &tuc->eccpub_keyIdx);
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
+                        ret = WC_HW_E;
+                    }
+                    break;
+            #endif
+
+                default:
+                    WOLFSSL_MSG("ECDSA public key size not available");
+                    ret = CRYPTOCB_UNAVAILABLE;
+                    break;
+            }
+            tsip_hw_unlock();
+        }
+        else {
+            WOLFSSL_MSG("mutex locking error");
+        }
+    }
+    WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret);
+    return ret;
+}
+#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+#endif /* HAVE_ECC */
 
 
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG
 
-/* err
- * e_tsip_err
+#if 0
+   /* this is here for documentation purposes. */
+   enum e_tsip_err {
     TSIP_SUCCESS = 0,
-    TSIP_ERR_SELF_CHECK1,  // Self-check 1 fail or TSIP function internal err.
-    TSIP_ERR_RESOURCE_CONFLICT, // A resource conflict occurred.
-    TSIP_ERR_SELF_CHECK2,       // Self-check 2 fail.
-    TSIP_ERR_KEY_SET,           // setting the invalid key.
-    TSIP_ERR_AUTHENTICATION,    // Authentication failed.
-    TSIP_ERR_CALLBACK_UNREGIST, // Callback function is not registered.
-    TSIP_ERR_PARAMETER,         // Illegal Input data.
-    TSIP_ERR_PROHIBIT_FUNCTION, // An invalid function call occurred.
- *  TSIP_RESUME_FIRMWARE_GENERATE_MAC,
-                  // There is a continuation of R_TSIP_GenerateFirmwareMAC.
-*/
+    TSIP_ERR_SELF_CHECK1,       /* Self-check 1 fail or TSIP function internal err. */
+    TSIP_ERR_RESOURCE_CONFLICT, /* A resource conflict occurred. */
+    TSIP_ERR_SELF_CHECK2,       /* Self-check 2 fail. */
+    TSIP_ERR_KEY_SET,           /* setting the invalid key. */
+    TSIP_ERR_AUTHENTICATION,    /* Authentication failed. */
+    TSIP_ERR_CALLBACK_UNREGIST, /* Callback function is not registered. */
+    TSIP_ERR_PARAMETER,         /* Illegal Input data. */
+    TSIP_ERR_PROHIBIT_FUNCTION, /* An invalid function call occurred. */
+    TSIP_RESUME_FIRMWARE_GENERATE_MAC
+                  /* There is a continuation of R_TSIP_GenerateFirmwareMAC. */
+   };
+#endif
 
 static void hexdump(const uint8_t* in, uint32_t len)
 {
diff --git a/wolfcrypt/src/port/af_alg/afalg_aes.c b/wolfcrypt/src/port/af_alg/afalg_aes.c
index 27ee88f61..a521eb6f4 100644
--- a/wolfcrypt/src/port/af_alg/afalg_aes.c
+++ b/wolfcrypt/src/port/af_alg/afalg_aes.c
@@ -1,6 +1,6 @@
 /* afalg_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -177,7 +177,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         }
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -190,8 +190,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             }
         }
 
-        sz = sz - (sz % AES_BLOCK_SIZE);
-        if ((sz / AES_BLOCK_SIZE) > 0) {
+        sz = sz - (sz % WC_AES_BLOCK_SIZE);
+        if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
@@ -218,7 +218,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             }
 
             /* set IV for next CBC call */
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return 0;
@@ -235,7 +235,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             return BAD_FUNC_ARG;
         }
 
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -250,7 +250,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             }
         }
 
-        if ((sz / AES_BLOCK_SIZE) > 0) {
+        if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
@@ -267,7 +267,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             aes->msg.msg_iovlen = 1; /* # of iov structures */
 
             /* set IV for next CBC call */
-            XMEMCPY(aes->reg, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
             ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
             if (ret < 0) {
@@ -336,13 +336,13 @@ static int wc_Afalg_AesDirect(Aes* aes, byte* out, const byte* in, word32 sz)
 #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AFALG)
 int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE);
+    return wc_Afalg_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE);
 }
 
 
 int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE);
+    return wc_Afalg_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE);
 }
 
 
@@ -363,7 +363,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
         {
             /* in network byte order so start at end and work back */
             int i;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                 if (++inOutCtr[i])  /* we're done unless we overflow */
                     return;
             }
@@ -381,7 +381,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
             }
 
             /* consume any unused bytes left in aes->tmp */
-            tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+            tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
             while (aes->left && sz) {
                *(out++) = *(in++) ^ *(tmp++);
                aes->left--;
@@ -397,11 +397,11 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
             }
 
             if (sz > 0) {
-                aes->left = sz % AES_BLOCK_SIZE;
+                aes->left = sz % WC_AES_BLOCK_SIZE;
 
                 /* clear previously leftover data */
                 tmp = (byte*)aes->tmp;
-                XMEMSET(tmp, 0, AES_BLOCK_SIZE);
+                XMEMSET(tmp, 0, WC_AES_BLOCK_SIZE);
 
                 /* update IV */
                 cmsg = CMSG_FIRSTHDR(&(aes->msg));
@@ -419,7 +419,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
                 iov[1].iov_base = tmp;
                 if (aes->left > 0) {
                     XMEMCPY(tmp, in + sz - aes->left, aes->left);
-                    iov[1].iov_len  = AES_BLOCK_SIZE;
+                    iov[1].iov_len  = WC_AES_BLOCK_SIZE;
                 }
                 else {
                     iov[1].iov_len  = 0;
@@ -440,7 +440,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 
                 iov[1].iov_base = tmp;
                 if (aes->left > 0) {
-                    iov[1].iov_len  = AES_BLOCK_SIZE;
+                    iov[1].iov_len  = WC_AES_BLOCK_SIZE;
                 }
                 else {
                     iov[1].iov_len  = 0;
@@ -453,14 +453,14 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 
                 if (aes->left > 0) {
                     XMEMCPY(out + sz - aes->left, tmp, aes->left);
-                    aes->left = AES_BLOCK_SIZE - aes->left;
+                    aes->left = WC_AES_BLOCK_SIZE - aes->left;
                 }
             }
 
             /* adjust counter after call to hardware */
-            while (sz >= AES_BLOCK_SIZE) {
+            while (sz >= WC_AES_BLOCK_SIZE) {
                 IncrementAesCounter((byte*)aes->reg);
-                sz  -= AES_BLOCK_SIZE;
+                sz  -= WC_AES_BLOCK_SIZE;
             }
 
             if (aes->left > 0) {
@@ -566,10 +566,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     struct iovec    iov[3];
     int ret;
     struct msghdr* msg;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -639,7 +639,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         #ifndef NO_WOLFSSL_ALLOC_ALIGN
             byte* tmp_align;
             tmp = (byte*)XMALLOC(sz + WOLFSSL_XILINX_ALIGN +
-                    AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                    WC_AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
             if (tmp == NULL) {
                 return MEMORY_E;
             }
@@ -655,7 +655,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         else {
             iov[0].iov_base = (byte*)in;
         }
-        iov[0].iov_len  = sz + AES_BLOCK_SIZE;
+        iov[0].iov_len  = sz + WC_AES_BLOCK_SIZE;
 
         msg->msg_iov    = iov;
         msg->msg_iovlen = 1; /* # of iov structures */
@@ -668,7 +668,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             return WC_AFALG_SOCK_E;
         }
 
-        ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE);
+        ret = read(aes->rdFd, out, sz + WC_AES_BLOCK_SIZE);
         if (ret < 0) {
             return WC_AFALG_SOCK_E;
         }
@@ -677,10 +677,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     /* handle completing tag with using software if additional data added */
     if (authIn != NULL && authInSz > 0) {
-        byte initalCounter[AES_BLOCK_SIZE];
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        byte initalCounter[WC_AES_BLOCK_SIZE];
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0) {
@@ -756,19 +756,19 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     struct cmsghdr* cmsg;
     struct msghdr* msg;
     struct iovec    iov[3];
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     int ret;
 #ifdef WOLFSSL_AFALG_XILINX_AES
     byte* tag = (byte*)authTag;
-    byte buf[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE];
+    byte buf[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE];
 #ifndef NO_WOLFSSL_ALLOC_ALIGN
     byte* tmp = NULL;
 #endif
 #endif
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -830,33 +830,33 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* check for and handle additional data */
     if (authIn != NULL && authInSz > 0) {
 
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         tag = buf;
-        GHASH(&aes->gcm, NULL, 0, in, sz, tag, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, in, sz, tag, WC_AES_BLOCK_SIZE);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0)
             return ret;
-        xorbuf(tag, scratch, AES_BLOCK_SIZE);
+        xorbuf(tag, scratch, WC_AES_BLOCK_SIZE);
         if (ret != 0) {
             return AES_GCM_AUTH_E;
         }
     }
 
     /* it is assumed that in buffer size is large enough to hold TAG */
-    XMEMCPY((byte*)in + sz, tag, AES_BLOCK_SIZE);
+    XMEMCPY((byte*)in + sz, tag, WC_AES_BLOCK_SIZE);
     if ((wc_ptr_t)in % WOLFSSL_XILINX_ALIGN) {
     #ifndef NO_WOLFSSL_ALLOC_ALIGN
         byte* tmp_align;
         tmp = (byte*)XMALLOC(sz + WOLFSSL_XILINX_ALIGN +
-                AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                WC_AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             return MEMORY_E;
         }
         tmp_align = tmp + (WOLFSSL_XILINX_ALIGN -
                 ((size_t)tmp % WOLFSSL_XILINX_ALIGN));
-        XMEMCPY(tmp_align, in, sz + AES_BLOCK_SIZE);
+        XMEMCPY(tmp_align, in, sz + WC_AES_BLOCK_SIZE);
         iov[0].iov_base = tmp_align;
     #else
         WOLFSSL_MSG("Buffer expected to be word aligned");
@@ -866,7 +866,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     else {
         iov[0].iov_base = (byte*)in;
     }
-    iov[0].iov_len = sz + AES_BLOCK_SIZE;
+    iov[0].iov_len = sz + WC_AES_BLOCK_SIZE;
 
     msg->msg_iov = iov;
     msg->msg_iovlen = 1;
@@ -879,18 +879,18 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return WC_AFALG_SOCK_E;
     }
 
-    ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE);
+    ret = read(aes->rdFd, out, sz + WC_AES_BLOCK_SIZE);
     if (ret < 0) {
         return AES_GCM_AUTH_E;
     }
 
     /* check on tag */
     if (authIn != NULL && authInSz > 0) {
-        GHASH(&aes->gcm, authIn, authInSz, in, sz, tag, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, authIn, authInSz, in, sz, tag, WC_AES_BLOCK_SIZE);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0)
             return ret;
-        xorbuf(tag, scratch, AES_BLOCK_SIZE);
+        xorbuf(tag, scratch, WC_AES_BLOCK_SIZE);
         if (ConstantCompare(tag, authTag, authTagSz) != 0) {
             return AES_GCM_AUTH_E;
         }
diff --git a/wolfcrypt/src/port/af_alg/afalg_hash.c b/wolfcrypt/src/port/af_alg/afalg_hash.c
index ee5599480..35ee97368 100644
--- a/wolfcrypt/src/port/af_alg/afalg_hash.c
+++ b/wolfcrypt/src/port/af_alg/afalg_hash.c
@@ -1,6 +1,6 @@
 /* afalg_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,10 +53,8 @@ static void AfalgHashFree(wolfssl_AFALG_Hash* hash)
     }
 
     #if defined(WOLFSSL_AFALG_HASH_KEEP)
-    if (hash->msg != NULL) {
-        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        hash->msg = NULL;
-    }
+    XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    hash->msg = NULL;
     #endif
 }
 
diff --git a/wolfcrypt/src/port/af_alg/wc_afalg.c b/wolfcrypt/src/port/af_alg/wc_afalg.c
index 37ced88c8..ed71131ff 100644
--- a/wolfcrypt/src/port/af_alg/wc_afalg.c
+++ b/wolfcrypt/src/port/af_alg/wc_afalg.c
@@ -1,6 +1,6 @@
 /* wc_afalg.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ void wc_Afalg_SockAddr(struct sockaddr_alg* in, const char* type, const char* na
     int nameSz = (int)XSTRLEN(name) + 1; /* +1 for null terminator */
 
     if (typeSz > (int)sizeof(in->salg_type) ||
-		    nameSz > (int)sizeof(in->salg_name)) {
+                    nameSz > (int)sizeof(in->salg_name)) {
         WOLFSSL_MSG("type or name was too large");
         return;
     }
diff --git a/wolfcrypt/src/port/aria/aria-crypt.c b/wolfcrypt/src/port/aria/aria-crypt.c
index 202ae8b3a..1568f4e7f 100644
--- a/wolfcrypt/src/port/aria/aria-crypt.c
+++ b/wolfcrypt/src/port/aria/aria-crypt.c
@@ -1,6 +1,6 @@
 /* aria-crypt.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -114,6 +114,11 @@ int wc_AriaSetKey(wc_Aria* aria, byte* key)
 {
     MC_RV rv = MC_OK;
     MC_UINT keylen;
+
+    if (aria == NULL || key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
     if (aria->algo == MC_ALGID_ARIA_128BITKEY) {
         keylen = ARIA_128_KEY_SIZE;
     } else if (aria->algo == MC_ALGID_ARIA_192BITKEY) {
diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index e52c83387..d88683fd5 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -1,6 +1,6 @@
 /* aria-cryptocb.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -447,7 +447,7 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
 
     int wc_AriaCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     {
-        int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
+        int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* return this to bypass HW and use SW */
         (void)ctx;
 
         if (info == NULL)
@@ -544,19 +544,24 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                     ret = wc_AriaInitSha(&(info->hash.sha256->hSession), MC_ALGID_SHA256);
                 }
 
-                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
+                if ((ret == 0) ||
+                    (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) {
                     ret = wc_AriaShaUpdate(info->hash.sha256->hSession,
                                         (byte *) info->hash.in, info->hash.inSz);
                 }
-                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
+                if ((ret == 0) ||
+                    (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) {
                     MC_UINT digestSz = 32;
                     ret = wc_AriaShaFinal(info->hash.sha256->hSession,
                                         info->hash.digest, &digestSz);
-                    if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
+                    if ((ret == 0) ||
+                        (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)))
                         ret = wc_AriaFree(&(info->hash.sha256->hSession),NULL);
                 }
-                if (ret != 0)
+                if (ret != 0) {
+                    wc_AriaFree(&(info->hash.sha256->hSession),NULL);
                     ret = CRYPTOCB_UNAVAILABLE;
+                }
                 /* reset devId */
                 info->hash.sha256->devId = devIdArg;
             }
@@ -571,18 +576,26 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                     ret = wc_AriaInitSha(&(info->hash.sha384->hSession), MC_ALGID_SHA384);
                 }
 
-                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
+                if ((ret == 0) ||
+                    (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) {
                     ret = wc_AriaShaUpdate(info->hash.sha384->hSession,
                                         (byte *) info->hash.in, info->hash.inSz);
                 }
-                if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE)) {
+                if ((ret == 0) ||
+                    (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))) {
                     MC_UINT digestSz = 48;
                     ret = wc_AriaShaFinal(info->hash.sha384->hSession,
                                         info->hash.digest, &digestSz);
-                    if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
+                    if ((ret == 0) ||
+                        (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)))
+                    {
                         ret = wc_AriaFree(&(info->hash.sha384->hSession),NULL);
+                    }
+                }
+                if (ret != 0) {
+                    wc_AriaFree(&(info->hash.sha384->hSession),NULL);
+                    ret = CRYPTOCB_UNAVAILABLE;
                 }
-                if (ret != 0) ret = CRYPTOCB_UNAVAILABLE;
                 /* reset devId */
                 info->hash.sha384->devId = devIdArg;
             }
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
index 12578411f..5b0da2fe3 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+ *   ruby ./aes/aes.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifndef NO_AES
 #ifdef HAVE_AES_DECRYPT
@@ -807,8 +808,7 @@ AES_set_encrypt_key:
 	cmp	r1, #0xc0
 	beq	L_AES_set_encrypt_key_start_192
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1037,8 +1037,7 @@ L_AES_set_encrypt_key_loop_256:
 	b	L_AES_set_encrypt_key_end
 L_AES_set_encrypt_key_start_192:
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1202,8 +1201,7 @@ L_AES_set_encrypt_key_loop_192:
 	b	L_AES_set_encrypt_key_end
 L_AES_set_encrypt_key_start_128:
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -3951,8 +3949,7 @@ L_AES_CBC_decrypt_loop_block_256:
 	ldr	r7, [lr, #12]
 	ldr	lr, [sp, #16]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [lr]
-	str	r5, [lr, #4]
+	stm	lr, {r4, r5}
 #else
 	strd	r4, r5, [lr]
 #endif
@@ -4140,8 +4137,7 @@ L_AES_CBC_decrypt_loop_block_192:
 	ldr	r7, [lr, #12]
 	ldr	lr, [sp, #16]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [lr]
-	str	r5, [lr, #4]
+	stm	lr, {r4, r5}
 #else
 	strd	r4, r5, [lr]
 #endif
@@ -4329,8 +4325,7 @@ L_AES_CBC_decrypt_loop_block_128:
 	ldr	r7, [lr, #12]
 	ldr	lr, [sp, #16]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [lr]
-	str	r5, [lr, #4]
+	stm	lr, {r4, r5}
 #else
 	strd	r4, r5, [lr]
 #endif
@@ -4437,8 +4432,7 @@ L_AES_CBC_decrypt_end_odd:
 	ldrd	r10, r11, [r4, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r4]
-	str	r9, [r4, #4]
+	stm	r4, {r8, r9}
 #else
 	strd	r8, r9, [r4]
 #endif
@@ -5304,7 +5298,7 @@ L_AES_GCM_encrypt_end:
 	.size	AES_GCM_encrypt,.-AES_GCM_encrypt
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
index fbc60fbdf..21dcb0d23 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c
+ *   ruby ./aes/aes.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -55,7 +53,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t L_AES_ARM32_td_data[] = {
+static const word32 L_AES_ARM32_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -123,8 +121,10 @@ static const uint32_t L_AES_ARM32_td_data[] = {
 };
 
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t L_AES_ARM32_te_data[] = {
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+        defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+        defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32 L_AES_ARM32_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -191,21 +191,25 @@ static const uint32_t L_AES_ARM32_te_data[] = {
     0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
 };
 
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t* L_AES_ARM32_td = L_AES_ARM32_td_data;
+static const word32* L_AES_ARM32_td = L_AES_ARM32_td_data;
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_ARM32_te = L_AES_ARM32_te_data;
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+        defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+        defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_ARM32_te = L_AES_ARM32_te_data;
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-void AES_invert_key(unsigned char* ks, word32 rounds);
+void AES_invert_key(unsigned char* ks_p, word32 rounds_p);
 void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
 {
     register unsigned char* ks asm ("r0") = (unsigned char*)ks_p;
     register word32 rounds asm ("r1") = (word32)rounds_p;
-    register uint32_t* L_AES_ARM32_te_c asm ("r2") = (uint32_t*)L_AES_ARM32_te;
-    register uint32_t* L_AES_ARM32_td_c asm ("r3") = (uint32_t*)L_AES_ARM32_td;
+    register word32* L_AES_ARM32_te_c asm ("r2") = (word32*)L_AES_ARM32_te;
+    register word32* L_AES_ARM32_td_c asm ("r3") = (word32*)L_AES_ARM32_td;
 
     __asm__ __volatile__ (
         "mov	r12, %[L_AES_ARM32_te]\n\t"
@@ -401,27 +405,33 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
         "str	r8, [%[ks]], #4\n\t"
         "subs	r11, r11, #1\n\t"
         "bne	L_AES_invert_key_mix_loop_%=\n\t"
-        : [ks] "+r" (ks), [rounds] "+r" (rounds), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c)
+        : [ks] "+r" (ks), [rounds] "+r" (rounds),
+          [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_DECRYPT */
-static const uint32_t L_AES_ARM32_rcon[] = {
+static const word32 L_AES_ARM32_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
-    0x1b000000, 0x36000000, 
+    0x1b000000, 0x36000000
 };
 
-void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks);
-void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char* ks_p)
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p);
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p)
 {
     register const unsigned char* key asm ("r0") = (const unsigned char*)key_p;
     register word32 len asm ("r1") = (word32)len_p;
     register unsigned char* ks asm ("r2") = (unsigned char*)ks_p;
-    register uint32_t* L_AES_ARM32_te_c asm ("r3") = (uint32_t*)L_AES_ARM32_te;
-    register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = (uint32_t*)&L_AES_ARM32_rcon;
+    register word32* L_AES_ARM32_te_c asm ("r3") = (word32*)L_AES_ARM32_te;
+    register word32* L_AES_ARM32_rcon_c asm ("r4") =
+        (word32*)&L_AES_ARM32_rcon;
 
     __asm__ __volatile__ (
         "mov	r8, %[L_AES_ARM32_te]\n\t"
@@ -431,8 +441,7 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "cmp	%[len], #0xc0\n\t"
         "beq	L_AES_set_encrypt_key_start_192_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[key]]\n\t"
-        "ldr	r5, [%[key], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[key]]\n\t"
 #endif
@@ -663,8 +672,7 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "\n"
     "L_AES_set_encrypt_key_start_192_%=: \n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[key]]\n\t"
-        "ldr	r5, [%[key], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[key]]\n\t"
 #endif
@@ -830,8 +838,7 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "\n"
     "L_AES_set_encrypt_key_start_128_%=: \n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[key]]\n\t"
-        "ldr	r5, [%[key], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[key]]\n\t"
 #endif
@@ -922,19 +929,23 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "bne	L_AES_set_encrypt_key_loop_128_%=\n\t"
         "\n"
     "L_AES_set_encrypt_key_end_%=: \n\t"
-        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c)
+        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
+          [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8"
     );
 }
 
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks);
-void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p)
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p);
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p)
 {
-    register const uint32_t* te asm ("r0") = (const uint32_t*)te_p;
+    register const word32* te asm ("r0") = (const word32*)te_p;
     register int nr asm ("r1") = (int)nr_p;
     register int len asm ("r2") = (int)len_p;
-    register const uint32_t* ks asm ("r3") = (const uint32_t*)ks_p;
+    register const word32* ks asm ("r3") = (const word32*)ks_p;
 
     __asm__ __volatile__ (
         "\n"
@@ -1575,21 +1586,25 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t
         "eor	r7, r7, r11\n\t"
         : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data;
-void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+        defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data;
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p);
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
-    register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_te_ecb;
+    register word32* L_AES_ARM32_te_ecb_c asm ("r5") =
+        (word32*)L_AES_ARM32_te_ecb;
 
     __asm__ __volatile__ (
         "mov	lr, %[in]\n\t"
@@ -1822,17 +1837,23 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "\n"
     "L_AES_ECB_encrypt_end_%=: \n\t"
         "pop	{%[ks]}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c)
         :
-        : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
-#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
-static const uint32_t* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data;
-void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+static const word32* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data;
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p);
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -1840,7 +1861,8 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* iv asm ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_cbc;
+    register word32* L_AES_ARM32_te_cbc_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_cbc;
 
     __asm__ __volatile__ (
         "mov	r8, r4\n\t"
@@ -2088,17 +2110,23 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     "L_AES_CBC_encrypt_end_%=: \n\t"
         "pop	{%[ks], r9}\n\t"
         "stm	r9, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_CBC */
 #ifdef WOLFSSL_AES_COUNTER
-static const uint32_t* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data;
-void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+static const word32* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data;
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p);
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -2106,7 +2134,8 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_ctr;
+    register word32* L_AES_ARM32_te_ctr_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_ctr;
 
     __asm__ __volatile__ (
         "mov	r12, r4\n\t"
@@ -2356,21 +2385,24 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "rev	r7, r7\n\t"
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
         "stm	r8, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
+          [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4);
-void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
+#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+        defined(HAVE_AES_CBC)
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p);
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p)
 {
-    register const uint32_t* td asm ("r0") = (const uint32_t*)td_p;
+    register const word32* td asm ("r0") = (const word32*)td_p;
     register int nr asm ("r1") = (int)nr_p;
-    register const uint8_t* td4 asm ("r2") = (const uint8_t*)td4_p;
+    register const byte* td4 asm ("r2") = (const byte*)td4_p;
 
     __asm__ __volatile__ (
         "\n"
@@ -3011,12 +3043,12 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
         "eor	r7, r7, r11\n\t"
         : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-static const uint32_t* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data;
-static const unsigned char L_AES_ARM32_td4[] = {
+static const word32* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data;
+static const byte L_AES_ARM32_td4[] = {
     0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
     0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
     0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -3052,16 +3084,19 @@ static const unsigned char L_AES_ARM32_td4[] = {
 };
 
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p);
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
-    register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_td_ecb;
-    register unsigned char* L_AES_ARM32_td4_c asm ("r6") = (unsigned char*)&L_AES_ARM32_td4;
+    register word32* L_AES_ARM32_td_ecb_c asm ("r5") =
+        (word32*)L_AES_ARM32_td_ecb;
+    register byte* L_AES_ARM32_td4_c asm ("r6") = (byte*)&L_AES_ARM32_td4;
 
     __asm__ __volatile__ (
         "mov	r8, r4\n\t"
@@ -3291,16 +3326,22 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "bne	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
         "\n"
     "L_AES_ECB_decrypt_end_%=: \n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
-void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p);
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -3308,8 +3349,9 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* iv asm ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = (uint32_t*)L_AES_ARM32_td_ecb;
-    register unsigned char* L_AES_ARM32_td4_c asm ("r7") = (unsigned char*)&L_AES_ARM32_td4;
+    register word32* L_AES_ARM32_td_ecb_c asm ("r6") =
+        (word32*)L_AES_ARM32_td_ecb;
+    register byte* L_AES_ARM32_td4_c asm ("r7") = (byte*)&L_AES_ARM32_td4;
 
     __asm__ __volatile__ (
         "mov	r8, r4\n\t"
@@ -3420,8 +3462,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r7, [lr, #12]\n\t"
         "ldr	lr, [sp, #16]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [lr]\n\t"
-        "str	r5, [lr, #4]\n\t"
+        "stm	lr, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [lr]\n\t"
 #endif
@@ -3610,8 +3651,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r7, [lr, #12]\n\t"
         "ldr	lr, [sp, #16]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [lr]\n\t"
-        "str	r5, [lr, #4]\n\t"
+        "stm	lr, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [lr]\n\t"
 #endif
@@ -3800,8 +3840,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r7, [lr, #12]\n\t"
         "ldr	lr, [sp, #16]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [lr]\n\t"
-        "str	r5, [lr, #4]\n\t"
+        "stm	lr, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [lr]\n\t"
 #endif
@@ -3909,8 +3948,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldrd	r10, r11, [r4, #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [r4]\n\t"
-        "str	r9, [r4, #4]\n\t"
+        "stm	r4, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [r4]\n\t"
 #endif
@@ -3923,9 +3961,12 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "\n"
     "L_AES_CBC_decrypt_end_%=: \n\t"
         "pop	{%[ks]-r4}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
         :
-        : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11"
     );
 }
 
@@ -3933,21 +3974,25 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-static const uint32_t L_GCM_gmult_len_r[] = {
+static const word32 L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
     0x91800000, 0x8da00000, 0xa9c00000, 0xb5e00000,
 };
 
-void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned char* data, unsigned long len);
-void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned char* data_p, unsigned long len_p)
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p);
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p)
 {
     register unsigned char* x asm ("r0") = (unsigned char*)x_p;
     register const unsigned char** m asm ("r1") = (const unsigned char**)m_p;
-    register const unsigned char* data asm ("r2") = (const unsigned char*)data_p;
+    register const unsigned char* data asm ("r2") =
+        (const unsigned char*)data_p;
     register unsigned long len asm ("r3") = (unsigned long)len_p;
-    register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = (uint32_t*)&L_GCM_gmult_len_r;
+    register word32* L_GCM_gmult_len_r_c asm ("r4") =
+        (word32*)&L_GCM_gmult_len_r;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_GCM_gmult_len_r]\n\t"
@@ -4521,15 +4566,21 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned
         "subs	%[len], %[len], #16\n\t"
         "add	%[data], %[data], #16\n\t"
         "bne	L_GCM_gmult_len_start_block_%=\n\t"
-        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
+        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
+          [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11"
     );
 }
 
-static const uint32_t* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data;
-void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+static const word32* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data;
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p);
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
 {
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
@@ -4537,7 +4588,8 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_gcm;
+    register word32* L_AES_ARM32_te_gcm_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_gcm;
 
     __asm__ __volatile__ (
         "mov	r12, r4\n\t"
@@ -4778,17 +4830,17 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "rev	r7, r7\n\t"
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
         "stm	r8, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
+          [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
new file mode 100644
index 000000000..f20416864
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
@@ -0,0 +1,523 @@
+/* armv8-32-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef HAVE_CHACHA
+	.text
+	.align	4
+	.globl	wc_chacha_setiv
+	.type	wc_chacha_setiv, %function
+wc_chacha_setiv:
+	push	{r4, lr}
+	add	r3, r0, #52
+	ldr	r4, [r1]
+	ldr	r12, [r1, #4]
+	ldr	lr, [r1, #8]
+	str	r2, [r0, #48]
+#ifdef BIG_ENDIAN_ORDER
+	rev	r4, r4
+	rev	r12, r12
+	rev	lr, lr
+#endif /* BIG_ENDIAN_ORDER */
+	stm	r3, {r4, r12, lr}
+	pop	{r4, pc}
+	.size	wc_chacha_setiv,.-wc_chacha_setiv
+	.text
+	.type	L_chacha_arm32_constants, %object
+	.size	L_chacha_arm32_constants, 32
+	.align	4
+L_chacha_arm32_constants:
+	.word	0x61707865
+	.word	0x3120646e
+	.word	0x79622d36
+	.word	0x6b206574
+	.word	0x61707865
+	.word	0x3320646e
+	.word	0x79622d32
+	.word	0x6b206574
+	.text
+	.align	4
+	.globl	wc_chacha_setkey
+	.type	wc_chacha_setkey, %function
+wc_chacha_setkey:
+	push	{r4, r5, lr}
+	adr	r3, L_chacha_arm32_constants
+	subs	r2, r2, #16
+	add	r3, r3, r2
+	# Start state with constants
+	ldm	r3, {r4, r5, r12, lr}
+	stm	r0!, {r4, r5, r12, lr}
+	# Next is first 16 bytes of key.
+	ldr	r4, [r1]
+	ldr	r5, [r1, #4]
+	ldr	r12, [r1, #8]
+	ldr	lr, [r1, #12]
+#ifdef BIG_ENDIAN_ORDER
+	rev	r4, r4
+	rev	r5, r5
+	rev	r12, r12
+	rev	lr, lr
+#endif /* BIG_ENDIAN_ORDER */
+	stm	r0!, {r4, r5, r12, lr}
+	# Next 16 bytes of key.
+	beq	L_chacha_arm32_setkey_same_keyb_ytes
+	# Update key pointer for next 16 bytes.
+	add	r1, r1, r2
+	ldr	r4, [r1]
+	ldr	r5, [r1, #4]
+	ldr	r12, [r1, #8]
+	ldr	lr, [r1, #12]
+L_chacha_arm32_setkey_same_keyb_ytes:
+	stm	r0, {r4, r5, r12, lr}
+	pop	{r4, r5, pc}
+	.size	wc_chacha_setkey,.-wc_chacha_setkey
+#ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.align	4
+	.globl	wc_chacha_crypt_bytes
+	.type	wc_chacha_crypt_bytes, %function
+wc_chacha_crypt_bytes:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #52
+	mov	lr, r0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r0, [sp, #32]
+	str	r1, [sp, #36]
+#else
+	strd	r0, r1, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r2, [sp, #40]
+	str	r3, [sp, #44]
+#else
+	strd	r2, r3, [sp, #40]
+#endif
+L_chacha_arm32_crypt_block:
+	# Put x[12]..x[15] onto stack.
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [lr, #48]
+	ldr	r5, [lr, #52]
+#else
+	ldrd	r4, r5, [lr, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [lr, #56]
+	ldr	r7, [lr, #60]
+#else
+	ldrd	r6, r7, [lr, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #16]
+	str	r5, [sp, #20]
+#else
+	strd	r4, r5, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #24]
+	str	r7, [sp, #28]
+#else
+	strd	r6, r7, [sp, #24]
+#endif
+	# Load x[0]..x[12] into registers.
+	ldm	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}
+	# 10x 2 full rounds to perform.
+	mov	lr, #10
+	str	lr, [sp, #48]
+L_chacha_arm32_crypt_loop:
+	# 0, 4,  8, 12
+	# 1, 5,  9, 13
+	ldr	lr, [sp, #20]
+	add	r0, r0, r4
+	add	r1, r1, r5
+	eor	r12, r12, r0
+	eor	lr, lr, r1
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r8, r8, r12
+	add	r9, r9, lr
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	ror	r4, r4, #20
+	ror	r5, r5, #20
+	add	r0, r0, r4
+	add	r1, r1, r5
+	eor	r12, r12, r0
+	eor	lr, lr, r1
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r8, r8, r12
+	add	r9, r9, lr
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	ror	r4, r4, #25
+	ror	r5, r5, #25
+	str	r12, [sp, #16]
+	str	lr, [sp, #20]
+	# 2, 6, 10, 14
+	# 3, 7, 11, 15
+	ldr	r12, [sp, #24]
+	ldr	lr, [sp, #28]
+	add	r2, r2, r6
+	add	r3, r3, r7
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r10, r10, r12
+	add	r11, r11, lr
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	ror	r6, r6, #20
+	ror	r7, r7, #20
+	add	r2, r2, r6
+	add	r3, r3, r7
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r10, r10, r12
+	add	r11, r11, lr
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	ror	r6, r6, #25
+	ror	r7, r7, #25
+	# 3, 4,  9, 14
+	# 0, 5, 10, 15
+	add	r3, r3, r4
+	add	r0, r0, r5
+	eor	r12, r12, r3
+	eor	lr, lr, r0
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r9, r9, r12
+	add	r10, r10, lr
+	eor	r4, r4, r9
+	eor	r5, r5, r10
+	ror	r4, r4, #20
+	ror	r5, r5, #20
+	add	r3, r3, r4
+	add	r0, r0, r5
+	eor	r12, r12, r3
+	eor	lr, lr, r0
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r9, r9, r12
+	add	r10, r10, lr
+	eor	r4, r4, r9
+	eor	r5, r5, r10
+	ror	r4, r4, #25
+	ror	r5, r5, #25
+	str	r12, [sp, #24]
+	str	lr, [sp, #28]
+	ldr	r12, [sp, #16]
+	ldr	lr, [sp, #20]
+	# 1, 6, 11, 12
+	# 2, 7,  8, 13
+	add	r1, r1, r6
+	add	r2, r2, r7
+	eor	r12, r12, r1
+	eor	lr, lr, r2
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r11, r11, r12
+	add	r8, r8, lr
+	eor	r6, r6, r11
+	eor	r7, r7, r8
+	ror	r6, r6, #20
+	ror	r7, r7, #20
+	add	r1, r1, r6
+	add	r2, r2, r7
+	eor	r12, r12, r1
+	eor	lr, lr, r2
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r11, r11, r12
+	add	r8, r8, lr
+	eor	r6, r6, r11
+	eor	r7, r7, r8
+	ror	r6, r6, #25
+	ror	r7, r7, #25
+	str	lr, [sp, #20]
+	# Check if we have done enough rounds.
+	ldr	lr, [sp, #48]
+	subs	lr, lr, #1
+	str	lr, [sp, #48]
+	bgt	L_chacha_arm32_crypt_loop
+	stm	sp, {r8, r9, r10, r11, r12}
+	ldr	lr, [sp, #32]
+	mov	r12, sp
+	# Add in original state
+	ldm	lr!, {r8, r9, r10, r11}
+	add	r0, r0, r8
+	add	r1, r1, r9
+	add	r2, r2, r10
+	add	r3, r3, r11
+	ldm	lr!, {r8, r9, r10, r11}
+	add	r4, r4, r8
+	add	r5, r5, r9
+	add	r6, r6, r10
+	add	r7, r7, r11
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12!, {r8, r9}
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12!, {r8, r9}
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	add	r10, r10, #1
+	stm	r12!, {r8, r9}
+	str	r10, [lr, #-8]
+	ldm	r12, {r8, r9}
+	ldm	lr, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12, {r8, r9}
+	ldr	r12, [sp, #44]
+	cmp	r12, #0x40
+	blt	L_chacha_arm32_crypt_lt_block
+	ldr	r12, [sp, #40]
+	ldr	lr, [sp, #36]
+	# XOR state into 64 bytes.
+	ldr	r8, [r12]
+	ldr	r9, [r12, #4]
+	ldr	r10, [r12, #8]
+	ldr	r11, [r12, #12]
+	eor	r0, r0, r8
+	eor	r1, r1, r9
+	eor	r2, r2, r10
+	eor	r3, r3, r11
+	str	r0, [lr]
+	str	r1, [lr, #4]
+	str	r2, [lr, #8]
+	str	r3, [lr, #12]
+	ldr	r8, [r12, #16]
+	ldr	r9, [r12, #20]
+	ldr	r10, [r12, #24]
+	ldr	r11, [r12, #28]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #16]
+	str	r5, [lr, #20]
+	str	r6, [lr, #24]
+	str	r7, [lr, #28]
+	ldr	r4, [sp]
+	ldr	r5, [sp, #4]
+	ldr	r6, [sp, #8]
+	ldr	r7, [sp, #12]
+	ldr	r8, [r12, #32]
+	ldr	r9, [r12, #36]
+	ldr	r10, [r12, #40]
+	ldr	r11, [r12, #44]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #32]
+	str	r5, [lr, #36]
+	str	r6, [lr, #40]
+	str	r7, [lr, #44]
+	ldr	r4, [sp, #16]
+	ldr	r5, [sp, #20]
+	ldr	r6, [sp, #24]
+	ldr	r7, [sp, #28]
+	ldr	r8, [r12, #48]
+	ldr	r9, [r12, #52]
+	ldr	r10, [r12, #56]
+	ldr	r11, [r12, #60]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #48]
+	str	r5, [lr, #52]
+	str	r6, [lr, #56]
+	str	r7, [lr, #60]
+	ldr	r3, [sp, #44]
+	add	r12, r12, #0x40
+	add	lr, lr, #0x40
+	str	r12, [sp, #40]
+	str	lr, [sp, #36]
+	subs	r3, r3, #0x40
+	ldr	lr, [sp, #32]
+	str	r3, [sp, #44]
+	bne	L_chacha_arm32_crypt_block
+	b	L_chacha_arm32_crypt_done
+L_chacha_arm32_crypt_lt_block:
+	# Store in over field of ChaCha.
+	ldr	lr, [sp, #32]
+	add	r12, lr, #0x44
+	stm	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}
+	ldm	sp, {r0, r1, r2, r3, r4, r5, r6, r7}
+	stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #40]
+	ldr	r3, [sp, #44]
+#else
+	ldrd	r2, r3, [sp, #40]
+#endif
+	ldr	r1, [sp, #36]
+	rsb	r12, r3, #0x40
+	str	r12, [lr, #64]
+	add	lr, lr, #0x44
+L_chacha_arm32_crypt_16byte_loop:
+	cmp	r3, #16
+	blt	L_chacha_arm32_crypt_word_loop
+	# 16 bytes of state XORed into message.
+	ldm	lr!, {r4, r5, r6, r7}
+	ldr	r8, [r2]
+	ldr	r9, [r2, #4]
+	ldr	r10, [r2, #8]
+	ldr	r11, [r2, #12]
+	eor	r8, r8, r4
+	eor	r9, r9, r5
+	eor	r10, r10, r6
+	eor	r11, r11, r7
+	subs	r3, r3, #16
+	str	r8, [r1]
+	str	r9, [r1, #4]
+	str	r10, [r1, #8]
+	str	r11, [r1, #12]
+	beq	L_chacha_arm32_crypt_done
+	add	r2, r2, #16
+	add	r1, r1, #16
+	b	L_chacha_arm32_crypt_16byte_loop
+L_chacha_arm32_crypt_word_loop:
+	cmp	r3, #4
+	blt	L_chacha_arm32_crypt_byte_start
+	# 4 bytes of state XORed into message.
+	ldr	r4, [lr]
+	ldr	r8, [r2]
+	eor	r8, r8, r4
+	subs	r3, r3, #4
+	str	r8, [r1]
+	beq	L_chacha_arm32_crypt_done
+	add	lr, lr, #4
+	add	r2, r2, #4
+	add	r1, r1, #4
+	b	L_chacha_arm32_crypt_word_loop
+L_chacha_arm32_crypt_byte_start:
+	ldr	r4, [lr]
+L_chacha_arm32_crypt_byte_loop:
+	ldrb	r8, [r2]
+	eor	r8, r8, r4
+	subs	r3, r3, #1
+	strb	r8, [r1]
+	beq	L_chacha_arm32_crypt_done
+	lsr	r4, r4, #8
+	add	r2, r2, #1
+	add	r1, r1, #1
+	b	L_chacha_arm32_crypt_byte_loop
+L_chacha_arm32_crypt_done:
+	add	sp, sp, #52
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes
+	.text
+	.align	4
+	.globl	wc_chacha_use_over
+	.type	wc_chacha_use_over, %function
+wc_chacha_use_over:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+L_chacha_arm32_over_16byte_loop:
+	cmp	r3, #16
+	blt	L_chacha_arm32_over_word_loop
+	# 16 bytes of state XORed into message.
+	ldr	r12, [r0]
+	ldr	lr, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r2]
+	ldr	r7, [r2, #4]
+	ldr	r8, [r2, #8]
+	ldr	r9, [r2, #12]
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	subs	r3, r3, #16
+	str	r12, [r1]
+	str	lr, [r1, #4]
+	str	r4, [r1, #8]
+	str	r5, [r1, #12]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #16
+	add	r2, r2, #16
+	add	r1, r1, #16
+	b	L_chacha_arm32_over_16byte_loop
+L_chacha_arm32_over_word_loop:
+	cmp	r3, #4
+	blt	L_chacha_arm32_over_byte_loop
+	# 4 bytes of state XORed into message.
+	ldr	r12, [r0]
+	ldr	r6, [r2]
+	eor	r12, r12, r6
+	subs	r3, r3, #4
+	str	r12, [r1]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #4
+	add	r2, r2, #4
+	add	r1, r1, #4
+	b	L_chacha_arm32_over_word_loop
+L_chacha_arm32_over_byte_loop:
+	# 4 bytes of state XORed into message.
+	ldrb	r12, [r0]
+	ldrb	r6, [r2]
+	eor	r12, r12, r6
+	subs	r3, r3, #1
+	strb	r12, [r1]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #1
+	add	r2, r2, #1
+	add	r1, r1, #1
+	b	L_chacha_arm32_over_byte_loop
+L_chacha_arm32_over_done:
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	wc_chacha_use_over,.-wc_chacha_use_over
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
new file mode 100644
index 000000000..01281af89
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
@@ -0,0 +1,571 @@
+/* armv8-32-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_CHACHA
+#include <wolfssl/wolfcrypt/chacha.h>
+
+void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p)
+{
+    register word32* x asm ("r0") = (word32*)x_p;
+    register const byte* iv asm ("r1") = (const byte*)iv_p;
+    register word32 counter asm ("r2") = (word32)counter_p;
+
+    __asm__ __volatile__ (
+        "add	r3, %[x], #52\n\t"
+        "ldr	r4, [%[iv]]\n\t"
+        "ldr	r12, [%[iv], #4]\n\t"
+        "ldr	lr, [%[iv], #8]\n\t"
+        "str	%[counter], [%[x], #48]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "rev	r4, r4\n\t"
+        "rev	r12, r12\n\t"
+        "rev	lr, lr\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "stm	r3, {r4, r12, lr}\n\t"
+        : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter)
+        :
+        : "memory", "cc", "r3", "r12", "lr", "r4"
+    );
+}
+
+static const word32 L_chacha_arm32_constants[] = {
+    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
+    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
+};
+
+void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p)
+{
+    register word32* x asm ("r0") = (word32*)x_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32 keySz asm ("r2") = (word32)keySz_p;
+    register word32* L_chacha_arm32_constants_c asm ("r3") =
+        (word32*)&L_chacha_arm32_constants;
+
+    __asm__ __volatile__ (
+        "subs	%[keySz], %[keySz], #16\n\t"
+        "add	r3, r3, %[keySz]\n\t"
+        /* Start state with constants */
+        "ldm	r3, {r4, r5, r12, lr}\n\t"
+        "stm	%[x]!, {r4, r5, r12, lr}\n\t"
+        /* Next is first 16 bytes of key. */
+        "ldr	r4, [%[key]]\n\t"
+        "ldr	r5, [%[key], #4]\n\t"
+        "ldr	r12, [%[key], #8]\n\t"
+        "ldr	lr, [%[key], #12]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "rev	r4, r4\n\t"
+        "rev	r5, r5\n\t"
+        "rev	r12, r12\n\t"
+        "rev	lr, lr\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "stm	%[x]!, {r4, r5, r12, lr}\n\t"
+        /* Next 16 bytes of key. */
+        "beq	L_chacha_arm32_setkey_same_keyb_ytes_%=\n\t"
+        /* Update key pointer for next 16 bytes. */
+        "add	%[key], %[key], %[keySz]\n\t"
+        "ldr	r4, [%[key]]\n\t"
+        "ldr	r5, [%[key], #4]\n\t"
+        "ldr	r12, [%[key], #8]\n\t"
+        "ldr	lr, [%[key], #12]\n\t"
+        "\n"
+    "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t"
+        "stm	%[x], {r4, r5, r12, lr}\n\t"
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz),
+          [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5"
+    );
+}
+
+#ifdef WOLFSSL_ARMASM_NO_NEON
+void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p,
+    word32 len_p)
+{
+    register ChaCha* ctx asm ("r0") = (ChaCha*)ctx_p;
+    register byte* c asm ("r1") = (byte*)c_p;
+    register const byte* m asm ("r2") = (const byte*)m_p;
+    register word32 len asm ("r3") = (word32)len_p;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #52\n\t"
+        "mov	lr, %[ctx]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	%[ctx], [sp, #32]\n\t"
+        "str	%[c], [sp, #36]\n\t"
+#else
+        "strd	%[ctx], %[c], [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	%[m], [sp, #40]\n\t"
+        "str	%[len], [sp, #44]\n\t"
+#else
+        "strd	%[m], %[len], [sp, #40]\n\t"
+#endif
+        "\n"
+    "L_chacha_arm32_crypt_block_%=: \n\t"
+        /* Put x[12]..x[15] onto stack. */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [lr, #48]\n\t"
+        "ldr	r5, [lr, #52]\n\t"
+#else
+        "ldrd	r4, r5, [lr, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [lr, #56]\n\t"
+        "ldr	r7, [lr, #60]\n\t"
+#else
+        "ldrd	r6, r7, [lr, #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #16]\n\t"
+        "str	r5, [sp, #20]\n\t"
+#else
+        "strd	r4, r5, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #24]\n\t"
+        "str	r7, [sp, #28]\n\t"
+#else
+        "strd	r6, r7, [sp, #24]\n\t"
+#endif
+        /* Load x[0]..x[12] into registers. */
+        "ldm	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
+        /* 10x 2 full rounds to perform. */
+        "mov	lr, #10\n\t"
+        "str	lr, [sp, #48]\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_loop_%=: \n\t"
+        /* 0, 4,  8, 12 */
+        /* 1, 5,  9, 13 */
+        "ldr	lr, [sp, #20]\n\t"
+        "add	%[ctx], %[ctx], r4\n\t"
+        "add	%[c], %[c], r5\n\t"
+        "eor	r12, r12, %[ctx]\n\t"
+        "eor	lr, lr, %[c]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r8, r8, r12\n\t"
+        "add	r9, r9, lr\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "ror	r4, r4, #20\n\t"
+        "ror	r5, r5, #20\n\t"
+        "add	%[ctx], %[ctx], r4\n\t"
+        "add	%[c], %[c], r5\n\t"
+        "eor	r12, r12, %[ctx]\n\t"
+        "eor	lr, lr, %[c]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r8, r8, r12\n\t"
+        "add	r9, r9, lr\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "ror	r4, r4, #25\n\t"
+        "ror	r5, r5, #25\n\t"
+        "str	r12, [sp, #16]\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* 2, 6, 10, 14 */
+        /* 3, 7, 11, 15 */
+        "ldr	r12, [sp, #24]\n\t"
+        "ldr	lr, [sp, #28]\n\t"
+        "add	%[m], %[m], r6\n\t"
+        "add	%[len], %[len], r7\n\t"
+        "eor	r12, r12, %[m]\n\t"
+        "eor	lr, lr, %[len]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r10, r10, r12\n\t"
+        "add	r11, r11, lr\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "ror	r6, r6, #20\n\t"
+        "ror	r7, r7, #20\n\t"
+        "add	%[m], %[m], r6\n\t"
+        "add	%[len], %[len], r7\n\t"
+        "eor	r12, r12, %[m]\n\t"
+        "eor	lr, lr, %[len]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r10, r10, r12\n\t"
+        "add	r11, r11, lr\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "ror	r6, r6, #25\n\t"
+        "ror	r7, r7, #25\n\t"
+        /* 3, 4,  9, 14 */
+        /* 0, 5, 10, 15 */
+        "add	%[len], %[len], r4\n\t"
+        "add	%[ctx], %[ctx], r5\n\t"
+        "eor	r12, r12, %[len]\n\t"
+        "eor	lr, lr, %[ctx]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r9, r9, r12\n\t"
+        "add	r10, r10, lr\n\t"
+        "eor	r4, r4, r9\n\t"
+        "eor	r5, r5, r10\n\t"
+        "ror	r4, r4, #20\n\t"
+        "ror	r5, r5, #20\n\t"
+        "add	%[len], %[len], r4\n\t"
+        "add	%[ctx], %[ctx], r5\n\t"
+        "eor	r12, r12, %[len]\n\t"
+        "eor	lr, lr, %[ctx]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r9, r9, r12\n\t"
+        "add	r10, r10, lr\n\t"
+        "eor	r4, r4, r9\n\t"
+        "eor	r5, r5, r10\n\t"
+        "ror	r4, r4, #25\n\t"
+        "ror	r5, r5, #25\n\t"
+        "str	r12, [sp, #24]\n\t"
+        "str	lr, [sp, #28]\n\t"
+        "ldr	r12, [sp, #16]\n\t"
+        "ldr	lr, [sp, #20]\n\t"
+        /* 1, 6, 11, 12 */
+        /* 2, 7,  8, 13 */
+        "add	%[c], %[c], r6\n\t"
+        "add	%[m], %[m], r7\n\t"
+        "eor	r12, r12, %[c]\n\t"
+        "eor	lr, lr, %[m]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r11, r11, r12\n\t"
+        "add	r8, r8, lr\n\t"
+        "eor	r6, r6, r11\n\t"
+        "eor	r7, r7, r8\n\t"
+        "ror	r6, r6, #20\n\t"
+        "ror	r7, r7, #20\n\t"
+        "add	%[c], %[c], r6\n\t"
+        "add	%[m], %[m], r7\n\t"
+        "eor	r12, r12, %[c]\n\t"
+        "eor	lr, lr, %[m]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r11, r11, r12\n\t"
+        "add	r8, r8, lr\n\t"
+        "eor	r6, r6, r11\n\t"
+        "eor	r7, r7, r8\n\t"
+        "ror	r6, r6, #25\n\t"
+        "ror	r7, r7, #25\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* Check if we have done enough rounds. */
+        "ldr	lr, [sp, #48]\n\t"
+        "subs	lr, lr, #1\n\t"
+        "str	lr, [sp, #48]\n\t"
+        "bgt	L_chacha_arm32_crypt_loop_%=\n\t"
+        "stm	sp, {r8, r9, r10, r11, r12}\n\t"
+        "ldr	lr, [sp, #32]\n\t"
+        "mov	r12, sp\n\t"
+        /* Add in original state */
+        "ldm	lr!, {r8, r9, r10, r11}\n\t"
+        "add	%[ctx], %[ctx], r8\n\t"
+        "add	%[c], %[c], r9\n\t"
+        "add	%[m], %[m], r10\n\t"
+        "add	%[len], %[len], r11\n\t"
+        "ldm	lr!, {r8, r9, r10, r11}\n\t"
+        "add	r4, r4, r8\n\t"
+        "add	r5, r5, r9\n\t"
+        "add	r6, r6, r10\n\t"
+        "add	r7, r7, r11\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "add	r10, r10, #1\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "str	r10, [lr, #-8]\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12, {r8, r9}\n\t"
+        "ldr	r12, [sp, #44]\n\t"
+        "cmp	r12, #0x40\n\t"
+        "blt	L_chacha_arm32_crypt_lt_block_%=\n\t"
+        "ldr	r12, [sp, #40]\n\t"
+        "ldr	lr, [sp, #36]\n\t"
+        /* XOR state into 64 bytes. */
+        "ldr	r8, [r12]\n\t"
+        "ldr	r9, [r12, #4]\n\t"
+        "ldr	r10, [r12, #8]\n\t"
+        "ldr	r11, [r12, #12]\n\t"
+        "eor	%[ctx], %[ctx], r8\n\t"
+        "eor	%[c], %[c], r9\n\t"
+        "eor	%[m], %[m], r10\n\t"
+        "eor	%[len], %[len], r11\n\t"
+        "str	%[ctx], [lr]\n\t"
+        "str	%[c], [lr, #4]\n\t"
+        "str	%[m], [lr, #8]\n\t"
+        "str	%[len], [lr, #12]\n\t"
+        "ldr	r8, [r12, #16]\n\t"
+        "ldr	r9, [r12, #20]\n\t"
+        "ldr	r10, [r12, #24]\n\t"
+        "ldr	r11, [r12, #28]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #16]\n\t"
+        "str	r5, [lr, #20]\n\t"
+        "str	r6, [lr, #24]\n\t"
+        "str	r7, [lr, #28]\n\t"
+        "ldr	r4, [sp]\n\t"
+        "ldr	r5, [sp, #4]\n\t"
+        "ldr	r6, [sp, #8]\n\t"
+        "ldr	r7, [sp, #12]\n\t"
+        "ldr	r8, [r12, #32]\n\t"
+        "ldr	r9, [r12, #36]\n\t"
+        "ldr	r10, [r12, #40]\n\t"
+        "ldr	r11, [r12, #44]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #32]\n\t"
+        "str	r5, [lr, #36]\n\t"
+        "str	r6, [lr, #40]\n\t"
+        "str	r7, [lr, #44]\n\t"
+        "ldr	r4, [sp, #16]\n\t"
+        "ldr	r5, [sp, #20]\n\t"
+        "ldr	r6, [sp, #24]\n\t"
+        "ldr	r7, [sp, #28]\n\t"
+        "ldr	r8, [r12, #48]\n\t"
+        "ldr	r9, [r12, #52]\n\t"
+        "ldr	r10, [r12, #56]\n\t"
+        "ldr	r11, [r12, #60]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #48]\n\t"
+        "str	r5, [lr, #52]\n\t"
+        "str	r6, [lr, #56]\n\t"
+        "str	r7, [lr, #60]\n\t"
+        "ldr	%[len], [sp, #44]\n\t"
+        "add	r12, r12, #0x40\n\t"
+        "add	lr, lr, #0x40\n\t"
+        "str	r12, [sp, #40]\n\t"
+        "str	lr, [sp, #36]\n\t"
+        "subs	%[len], %[len], #0x40\n\t"
+        "ldr	lr, [sp, #32]\n\t"
+        "str	%[len], [sp, #44]\n\t"
+        "bne	L_chacha_arm32_crypt_block_%=\n\t"
+        "b	L_chacha_arm32_crypt_done_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_lt_block_%=: \n\t"
+        /* Store in over field of ChaCha. */
+        "ldr	lr, [sp, #32]\n\t"
+        "add	r12, lr, #0x44\n\t"
+        "stm	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	%[m], [sp, #40]\n\t"
+        "ldr	%[len], [sp, #44]\n\t"
+#else
+        "ldrd	%[m], %[len], [sp, #40]\n\t"
+#endif
+        "ldr	%[c], [sp, #36]\n\t"
+        "rsb	r12, %[len], #0x40\n\t"
+        "str	r12, [lr, #64]\n\t"
+        "add	lr, lr, #0x44\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_16byte_loop_%=: \n\t"
+        "cmp	%[len], #16\n\t"
+        "blt	L_chacha_arm32_crypt_word_loop_%=\n\t"
+        /* 16 bytes of state XORed into message. */
+        "ldm	lr!, {r4, r5, r6, r7}\n\t"
+        "ldr	r8, [%[m]]\n\t"
+        "ldr	r9, [%[m], #4]\n\t"
+        "ldr	r10, [%[m], #8]\n\t"
+        "ldr	r11, [%[m], #12]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "eor	r9, r9, r5\n\t"
+        "eor	r10, r10, r6\n\t"
+        "eor	r11, r11, r7\n\t"
+        "subs	%[len], %[len], #16\n\t"
+        "str	r8, [%[c]]\n\t"
+        "str	r9, [%[c], #4]\n\t"
+        "str	r10, [%[c], #8]\n\t"
+        "str	r11, [%[c], #12]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "add	%[c], %[c], #16\n\t"
+        "b	L_chacha_arm32_crypt_16byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_word_loop_%=: \n\t"
+        "cmp	%[len], #4\n\t"
+        "blt	L_chacha_arm32_crypt_byte_start_%=\n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldr	r4, [lr]\n\t"
+        "ldr	r8, [%[m]]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "subs	%[len], %[len], #4\n\t"
+        "str	r8, [%[c]]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "add	lr, lr, #4\n\t"
+        "add	%[m], %[m], #4\n\t"
+        "add	%[c], %[c], #4\n\t"
+        "b	L_chacha_arm32_crypt_word_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_byte_start_%=: \n\t"
+        "ldr	r4, [lr]\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_byte_loop_%=: \n\t"
+        "ldrb	r8, [%[m]]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "strb	r8, [%[c]]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "lsr	r4, r4, #8\n\t"
+        "add	%[m], %[m], #1\n\t"
+        "add	%[c], %[c], #1\n\t"
+        "b	L_chacha_arm32_crypt_byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_done_%=: \n\t"
+        "add	sp, sp, #52\n\t"
+        : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p,
+    word32 len_p)
+{
+    register byte* over asm ("r0") = (byte*)over_p;
+    register byte* output asm ("r1") = (byte*)output_p;
+    register const byte* input asm ("r2") = (const byte*)input_p;
+    register word32 len asm ("r3") = (word32)len_p;
+
+    __asm__ __volatile__ (
+        "\n"
+    "L_chacha_arm32_over_16byte_loop_%=: \n\t"
+        "cmp	%[len], #16\n\t"
+        "blt	L_chacha_arm32_over_word_loop_%=\n\t"
+        /* 16 bytes of state XORed into message. */
+        "ldr	r12, [%[over]]\n\t"
+        "ldr	lr, [%[over], #4]\n\t"
+        "ldr	r4, [%[over], #8]\n\t"
+        "ldr	r5, [%[over], #12]\n\t"
+        "ldr	r6, [%[input]]\n\t"
+        "ldr	r7, [%[input], #4]\n\t"
+        "ldr	r8, [%[input], #8]\n\t"
+        "ldr	r9, [%[input], #12]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "subs	%[len], %[len], #16\n\t"
+        "str	r12, [%[output]]\n\t"
+        "str	lr, [%[output], #4]\n\t"
+        "str	r4, [%[output], #8]\n\t"
+        "str	r5, [%[output], #12]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #16\n\t"
+        "add	%[input], %[input], #16\n\t"
+        "add	%[output], %[output], #16\n\t"
+        "b	L_chacha_arm32_over_16byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_word_loop_%=: \n\t"
+        "cmp	%[len], #4\n\t"
+        "blt	L_chacha_arm32_over_byte_loop_%=\n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldr	r12, [%[over]]\n\t"
+        "ldr	r6, [%[input]]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "subs	%[len], %[len], #4\n\t"
+        "str	r12, [%[output]]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #4\n\t"
+        "add	%[input], %[input], #4\n\t"
+        "add	%[output], %[output], #4\n\t"
+        "b	L_chacha_arm32_over_word_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_byte_loop_%=: \n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldrb	r12, [%[over]]\n\t"
+        "ldrb	r6, [%[input]]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "strb	r12, [%[output]]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #1\n\t"
+        "add	%[input], %[input], #1\n\t"
+        "add	%[output], %[output], #1\n\t"
+        "b	L_chacha_arm32_over_byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_done_%=: \n\t"
+        : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input),
+          [len] "+r" (len)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
index 52cdcf41a..241180751 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
@@ -1,6 +1,6 @@
 /* armv8-32-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+ *   ruby ./x25519/x25519.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
@@ -50,14 +51,12 @@ fe_add_sub_op:
 	push	{lr}
 	# Add-Sub
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r2]
-	ldr	r5, [r2, #4]
+	ldm	r2, {r4, r5}
 #else
 	ldrd	r4, r5, [r2]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r3]
-	ldr	r7, [r3, #4]
+	ldm	r3, {r6, r7}
 #else
 	ldrd	r6, r7, [r3]
 #endif
@@ -67,8 +66,7 @@ fe_add_sub_op:
 	adcs	r9, r5, r7
 	adc	r12, r12, #0
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -76,8 +74,7 @@ fe_add_sub_op:
 	subs	r10, r4, r6
 	sbcs	r11, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r10, [r1]
-	str	r11, [r1, #4]
+	stm	r1, {r10, r11}
 #else
 	strd	r10, r11, [r1]
 #endif
@@ -176,8 +173,7 @@ fe_add_sub_op:
 	mul	r12, r3, r12
 	#   Add -x*modulus (if overflow)
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -192,8 +188,7 @@ fe_add_sub_op:
 	adcs	r6, r6, #0
 	adcs	r7, r7, #0
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -467,8 +462,7 @@ fe_copy:
 	push	{r4, r5, lr}
 	# Copy
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [r1]
-	ldr	r3, [r1, #4]
+	ldm	r1, {r2, r3}
 #else
 	ldrd	r2, r3, [r1]
 #endif
@@ -479,8 +473,7 @@ fe_copy:
 	ldrd	r4, r5, [r1, #8]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r2, [r0]
-	str	r3, [r0, #4]
+	stm	r0, {r2, r3}
 #else
 	strd	r2, r3, [r0]
 #endif
@@ -616,7 +609,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -628,19 +621,12 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -675,19 +661,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -722,19 +701,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -769,19 +741,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -816,19 +781,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -863,19 +821,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -910,19 +861,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -957,19 +901,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -1025,8 +962,7 @@ fe_cmov_table:
 	and	r11, r11, r12
 	eor	r9, r9, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -1044,7 +980,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1056,13 +992,7 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1103,13 +1033,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1150,13 +1074,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1197,13 +1115,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1244,13 +1156,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1291,13 +1197,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1338,13 +1238,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1385,13 +1279,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1473,7 +1361,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1485,13 +1373,7 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1532,13 +1414,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1579,13 +1455,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1626,13 +1496,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1673,13 +1537,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1720,13 +1578,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1767,13 +1619,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1814,13 +1660,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1902,7 +1742,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1914,13 +1754,7 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1961,13 +1795,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2008,13 +1836,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2055,13 +1877,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2102,13 +1918,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2149,13 +1959,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2196,13 +2000,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2243,13 +2041,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2345,7 +2137,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -3404,20 +3196,21 @@ fe_mul121666:
 	# Multiply by 121666
 	ldm	r1, {r2, r3, r4, r5, r6, r7, r8, r9}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #1
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xdb
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x42
+	mov	r10, #0x42
+	orr	r10, r10, #0x10000
+	orr	r10, r10, #0xdb00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xdb
-	lsl	r10, r10, #8
-	add	r10, r10, #0x42
+	mov	r10, #0x42
+	orr	r10, r10, #0xdb00
 #else
 	mov	r10, #0xdb42
 #endif
-	movt	r10, #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x10000
+#else
+	movt	r10, #0x1
+#endif
 #endif
 	umull	r2, r12, r10, r2
 	umull	r3, lr, r10, r3
@@ -3471,20 +3264,21 @@ fe_mul121666:
 	# Multiply by 121666
 	ldm	r1, {r2, r3, r4, r5, r6, r7, r8, r9}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #1
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xdb
-	lsl	lr, lr, #8
-	orr	lr, lr, #0x42
+	mov	lr, #0x42
+	orr	lr, lr, #0x10000
+	orr	lr, lr, #0xdb00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xdb
-	lsl	lr, lr, #8
-	add	lr, lr, #0x42
+	mov	lr, #0x42
+	orr	lr, lr, #0xdb00
 #else
 	mov	lr, #0xdb42
 #endif
-	movt	lr, #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x10000
+#else
+	movt	lr, #0x1
+#endif
 #endif
 	umull	r2, r10, lr, r2
 	sub	r12, lr, #1
@@ -5463,40 +5257,42 @@ sc_reduce:
 	sub	r0, r0, #28
 	# Add order times bits 504..511
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -5505,40 +5301,42 @@ sc_reduce:
 	adc	r1, r1, #0
 	umlal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	adds	r4, r4, r1
 	mov	r1, #0
@@ -5559,22 +5357,23 @@ sc_reduce:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -5622,22 +5421,23 @@ sc_reduce:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5679,22 +5479,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5736,22 +5537,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5812,92 +5614,84 @@ sc_reduce:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -5946,22 +5740,23 @@ sc_reduce:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -5982,22 +5777,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6018,22 +5814,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6054,22 +5851,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6108,76 +5906,80 @@ sc_reduce:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -6240,79 +6042,83 @@ sc_reduce:
 	sub	r0, r0, #28
 	# Add order times bits 504..511
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
 	umaal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	umaal	r4, r1, r10, lr
 	umaal	r5, r1, r11, lr
@@ -6327,22 +6133,23 @@ sc_reduce:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -6369,22 +6176,23 @@ sc_reduce:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6405,22 +6213,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6441,22 +6250,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6496,92 +6306,84 @@ sc_reduce:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -6630,22 +6432,23 @@ sc_reduce:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6657,22 +6460,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6684,22 +6488,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6711,22 +6516,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6756,76 +6562,80 @@ sc_reduce:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -7240,40 +7050,42 @@ sc_muladd:
 #endif
 	# Add order times bits 504..507
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -7282,40 +7094,42 @@ sc_muladd:
 	adc	r1, r1, #0
 	umlal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	adds	r4, r4, r1
 	mov	r1, #0
@@ -7336,22 +7150,23 @@ sc_muladd:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -7399,22 +7214,23 @@ sc_muladd:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7456,22 +7272,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7513,22 +7330,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7589,92 +7407,84 @@ sc_muladd:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -7723,22 +7533,23 @@ sc_muladd:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7759,22 +7570,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7795,22 +7607,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7831,22 +7644,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7885,76 +7699,80 @@ sc_muladd:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -8147,79 +7965,83 @@ sc_muladd:
 #endif
 	# Add order times bits 504..507
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
 	umaal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	umaal	r4, r1, r10, lr
 	umaal	r5, r1, r11, lr
@@ -8234,22 +8056,23 @@ sc_muladd:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -8276,22 +8099,23 @@ sc_muladd:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8312,22 +8136,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8348,22 +8173,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8403,92 +8229,84 @@ sc_muladd:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -8537,22 +8355,23 @@ sc_muladd:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8564,22 +8383,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8591,22 +8411,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8618,22 +8439,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8663,76 +8485,80 @@ sc_muladd:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -8771,7 +8597,7 @@ sc_muladd:
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
index 8981d4f0e..40462097e 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
+ *   ruby ./x25519/x25519.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -78,14 +76,12 @@ void fe_add_sub_op()
     __asm__ __volatile__ (
         /* Add-Sub */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [r2]\n\t"
-        "ldr	r5, [r2, #4]\n\t"
+        "ldm	r2, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [r2]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [r3]\n\t"
-        "ldr	r7, [r3, #4]\n\t"
+        "ldm	r3, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [r3]\n\t"
 #endif
@@ -95,8 +91,7 @@ void fe_add_sub_op()
         "adcs	r9, r5, r7\n\t"
         "adc	r12, r12, #0\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [r0]\n\t"
-        "str	r9, [r0, #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [r0]\n\t"
 #endif
@@ -104,8 +99,7 @@ void fe_add_sub_op()
         "subs	r10, r4, r6\n\t"
         "sbcs	r11, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r10, [r1]\n\t"
-        "str	r11, [r1, #4]\n\t"
+        "stm	r1, {r10, r11}\n\t"
 #else
         "strd	r10, r11, [r1]\n\t"
 #endif
@@ -204,8 +198,7 @@ void fe_add_sub_op()
         "mul	r12, r3, r12\n\t"
         /*   Add -x*modulus (if overflow) */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [r0]\n\t"
-        "ldr	r5, [r0, #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [r0]\n\t"
 #endif
@@ -220,8 +213,7 @@ void fe_add_sub_op()
         "adcs	r6, r6, #0\n\t"
         "adcs	r7, r7, #0\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [r0]\n\t"
-        "str	r5, [r0, #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [r0]\n\t"
 #endif
@@ -282,7 +274,7 @@ void fe_add_sub_op()
         /* Done Add-Sub */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -324,7 +316,7 @@ void fe_sub_op()
         /* Done Sub */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -338,7 +330,8 @@ void fe_sub(fe r_p, const fe a_p, const fe b_p)
         "bl	fe_sub_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -381,7 +374,7 @@ void fe_add_op()
         /* Done Add */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -395,7 +388,8 @@ void fe_add(fe r_p, const fe a_p, const fe b_p)
         "bl	fe_add_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -429,7 +423,7 @@ void fe_frombytes(fe out_p, const unsigned char* in_p)
         "str	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [in] "+r" (in)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -473,7 +467,7 @@ void fe_tobytes(unsigned char* out_p, const fe n_p)
         "str	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12"
     );
 }
 
@@ -494,7 +488,7 @@ void fe_1(fe n_p)
         "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -515,7 +509,7 @@ void fe_0(fe n_p)
         "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -527,8 +521,7 @@ void fe_copy(fe r_p, const fe a_p)
     __asm__ __volatile__ (
         /* Copy */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [%[a]]\n\t"
-        "ldr	r3, [%[a], #4]\n\t"
+        "ldm	r1, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [%[a]]\n\t"
 #endif
@@ -539,8 +532,7 @@ void fe_copy(fe r_p, const fe a_p)
         "ldrd	r4, r5, [%[a], #8]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r2, [%[r]]\n\t"
-        "str	r3, [%[r], #4]\n\t"
+        "stm	r0, {r2, r3}\n\t"
 #else
         "strd	r2, r3, [%[r]]\n\t"
 #endif
@@ -576,7 +568,7 @@ void fe_copy(fe r_p, const fe a_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5"
     );
 }
 
@@ -603,7 +595,7 @@ void fe_neg(fe r_p, const fe a_p)
         "stm	%[r]!, {r2, r3, r4, r5}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r12", "lr"
     );
 }
 
@@ -645,9 +637,10 @@ int fe_isnonzero(const fe a_p)
         "orr	%[a], r2, r4\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r12"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 int fe_isnegative(const fe a_p)
@@ -671,9 +664,9 @@ int fe_isnegative(const fe a_p)
         "eor	%[a], %[a], r1\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
@@ -693,7 +686,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -705,19 +698,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -752,19 +738,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -799,19 +778,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -846,19 +818,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -893,19 +858,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -940,19 +898,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -987,19 +938,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -1034,19 +978,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -1102,8 +1039,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "and	r11, r11, r12\n\t"
         "eor	r9, r9, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[r]]\n\t"
-        "str	r5, [%[r], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[r]]\n\t"
 #endif
@@ -1121,7 +1057,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1133,13 +1069,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1180,13 +1110,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1227,13 +1151,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1274,13 +1192,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1321,13 +1233,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1368,13 +1274,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1415,13 +1315,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1462,13 +1356,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1550,7 +1438,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1562,13 +1450,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1609,13 +1491,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1656,13 +1532,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1703,13 +1573,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1750,13 +1614,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1797,13 +1655,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1844,13 +1696,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1891,13 +1737,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1979,7 +1819,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1991,13 +1831,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2038,13 +1872,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2085,13 +1913,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2132,13 +1954,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2179,13 +1995,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2226,13 +2036,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2273,13 +2077,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2320,13 +2118,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2407,7 +2199,8 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2427,7 +2220,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -2527,7 +2320,8 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "sub	%[base], %[base], %[b]\n\t"
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2914,7 +2708,7 @@ void fe_mul_op()
         "add	sp, sp, #40\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3057,7 +2851,7 @@ void fe_mul_op()
         "add	sp, sp, #16\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3072,7 +2866,8 @@ void fe_mul(fe r_p, const fe a_p, const fe b_p)
         "bl	fe_mul_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -3349,7 +3144,7 @@ void fe_sq_op()
         "add	sp, sp, #0x44\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3478,7 +3273,7 @@ void fe_sq_op()
         "stm	lr, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -3492,7 +3287,8 @@ void fe_sq(fe r_p, const fe a_p)
         "bl	fe_sq_op\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "r11", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10", "r11"
     );
 }
 
@@ -3507,20 +3303,21 @@ void fe_mul121666(fe r_p, fe a_p)
         /* Multiply by 121666 */
         "ldm	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #1\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xdb\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x42\n\t"
+        "mov	r10, #0x42\n\t"
+        "orr	r10, r10, #0x10000\n\t"
+        "orr	r10, r10, #0xdb00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xdb\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x42\n\t"
+        "mov	r10, #0x42\n\t"
+        "orr	r10, r10, #0xdb00\n\t"
 #else
         "mov	r10, #0xdb42\n\t"
 #endif
-        "movt	r10, #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x10000\n\t"
+#else
+        "movt	r10, #0x1\n\t"
+#endif
 #endif
         "umull	r2, r12, r10, r2\n\t"
         "umull	r3, lr, r10, r3\n\t"
@@ -3564,7 +3361,8 @@ void fe_mul121666(fe r_p, fe a_p)
         "stm	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -3578,20 +3376,21 @@ void fe_mul121666(fe r_p, fe a_p)
         /* Multiply by 121666 */
         "ldm	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #1\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xdb\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0x42\n\t"
+        "mov	lr, #0x42\n\t"
+        "orr	lr, lr, #0x10000\n\t"
+        "orr	lr, lr, #0xdb00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xdb\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0x42\n\t"
+        "mov	lr, #0x42\n\t"
+        "orr	lr, lr, #0xdb00\n\t"
 #else
         "mov	lr, #0xdb42\n\t"
 #endif
-        "movt	lr, #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x10000\n\t"
+#else
+        "movt	lr, #0x1\n\t"
+#endif
 #endif
         "umull	r2, r10, lr, r2\n\t"
         "sub	r12, lr, #1\n\t"
@@ -3622,7 +3421,8 @@ void fe_mul121666(fe r_p, fe a_p)
         "stm	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -4012,9 +3812,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "add	sp, sp, #0xbc\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -4325,9 +4126,10 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "add	sp, sp, #0xc0\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
@@ -4499,7 +4301,8 @@ void fe_invert(fe r_p, const fe a_p)
         "add	sp, sp, #0x88\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -4819,7 +4622,7 @@ void fe_sq2(fe r_p, const fe a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -4998,7 +4801,7 @@ void fe_sq2(fe r_p, const fe a_p)
         "mov	r1, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -5169,7 +4972,8 @@ void fe_pow22523(fe r_p, const fe a_p)
         "add	sp, sp, #0x68\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -5199,7 +5003,8 @@ void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p)
         "add	sp, sp, #8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -5234,7 +5039,8 @@ void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p)
         "add	sp, sp, #8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -5281,7 +5087,8 @@ void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p)
         "add	sp, sp, #8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5367,7 +5174,8 @@ void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
         "add	sp, sp, #12\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5454,7 +5262,8 @@ void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
         "add	sp, sp, #12\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5541,7 +5350,8 @@ void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5628,7 +5438,8 @@ void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5668,40 +5479,42 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #28\n\t"
         /* Add order times bits 504..511 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r1, #0\n\t"
         "umlal	r2, r1, r10, lr\n\t"
@@ -5710,40 +5523,42 @@ void sc_reduce(byte* s_p)
         "adc	r1, r1, #0\n\t"
         "umlal	r3, r1, r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "adds	r4, r4, r1\n\t"
         "mov	r1, #0\n\t"
@@ -5764,22 +5579,23 @@ void sc_reduce(byte* s_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -5827,22 +5643,23 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -5884,22 +5701,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -5941,22 +5759,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6017,92 +5836,84 @@ void sc_reduce(byte* s_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa00000\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x0\n\t"
-#else
         "mov	r1, #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x4b\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x9e\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
         "mov	r2, #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+#else
         "movt	r2, #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0xcb\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #2\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
         "mov	r3, #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+#else
         "movt	r3, #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	r1, r1, lr\n\t"
         "and	r2, r2, lr\n\t"
         "and	r3, r3, lr\n\t"
@@ -6151,22 +5962,23 @@ void sc_reduce(byte* s_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6187,22 +5999,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6223,22 +6036,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6259,22 +6073,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6313,76 +6128,80 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, r1\n\t"
         "and	r11, r11, r1\n\t"
@@ -6408,7 +6227,8 @@ void sc_reduce(byte* s_p)
         "add	sp, sp, #56\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
@@ -6448,79 +6268,83 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #28\n\t"
         /* Add order times bits 504..511 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r1, #0\n\t"
         "umlal	r2, r1, r10, lr\n\t"
         "umaal	r3, r1, r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "umaal	r4, r1, r10, lr\n\t"
         "umaal	r5, r1, r11, lr\n\t"
@@ -6535,22 +6359,23 @@ void sc_reduce(byte* s_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -6577,22 +6402,23 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6613,22 +6439,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6649,22 +6476,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6704,92 +6532,84 @@ void sc_reduce(byte* s_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa00000\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x0\n\t"
-#else
         "mov	r1, #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x4b\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x9e\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
         "mov	r2, #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+#else
         "movt	r2, #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0xcb\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #2\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
         "mov	r3, #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+#else
         "movt	r3, #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	r1, r1, lr\n\t"
         "and	r2, r2, lr\n\t"
         "and	r3, r3, lr\n\t"
@@ -6838,22 +6658,23 @@ void sc_reduce(byte* s_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6865,22 +6686,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6892,22 +6714,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6919,22 +6742,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6964,76 +6788,80 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, r1\n\t"
         "and	r11, r11, r1\n\t"
@@ -7059,7 +6887,8 @@ void sc_reduce(byte* s_p)
         "add	sp, sp, #56\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
@@ -7076,7 +6905,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #0x50\n\t"
         "add	lr, sp, #0x44\n\t"
-        "stm	lr, {%[s], %[a], %[c]}\n\t"
+        "stm	lr, {r0, r1, r3}\n\t"
         "mov	%[s], #0\n\t"
         "ldr	r12, [%[a]]\n\t"
         /* A[0] * B[0] */
@@ -7402,24 +7231,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "adc	r10, %[s], #0\n\t"
         "umlal	r9, r10, r12, lr\n\t"
         "add	lr, sp, #32\n\t"
-        "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "mov	%[s], sp\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adds	%[b], %[b], %[a]\n\t"
         "adcs	%[c], %[c], r10\n\t"
         "adcs	r4, r4, r11\n\t"
         "adcs	r5, r5, r12\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adcs	r6, r6, %[a]\n\t"
         "adcs	r7, r7, r10\n\t"
         "adcs	r8, r8, r11\n\t"
         "adcs	r9, r9, r12\n\t"
         "mov	%[a], r9\n\t"
-        "stm	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "stm	%[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "adcs	%[b], %[b], #0\n\t"
         "adcs	%[c], %[c], #0\n\t"
         "adcs	r4, r4, #0\n\t"
@@ -7454,40 +7283,42 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #endif
         /* Add order times bits 504..507 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	%[a], #0\n\t"
         "umlal	%[b], %[a], r10, lr\n\t"
@@ -7496,40 +7327,42 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "adc	%[a], %[a], #0\n\t"
         "umlal	%[c], %[a], r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "adds	r4, r4, %[a]\n\t"
         "mov	%[a], #0\n\t"
@@ -7550,22 +7383,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -7613,22 +7447,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7670,22 +7505,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7727,22 +7563,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7803,92 +7640,84 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa00000\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x0\n\t"
-#else
         "mov	%[a], #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0x4b\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x9e\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "add	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
         "mov	%[b], #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+#else
         "movt	%[b], #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0xcb\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #2\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "add	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
         "mov	%[c], #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+#else
         "movt	%[c], #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	%[a], %[a], lr\n\t"
         "and	%[b], %[b], lr\n\t"
         "and	%[c], %[c], lr\n\t"
@@ -7918,7 +7747,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	r12, sp\n\t"
         /* Load bits 252-376 */
         "add	r12, r12, #28\n\t"
-        "ldm	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm	r12, {r1, r2, r3, r4, r5}\n\t"
         "lsl	r5, r5, #4\n\t"
         "orr	r5, r5, r4, lsr #28\n\t"
         "lsl	r4, r4, #4\n\t"
@@ -7937,22 +7766,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -7973,22 +7803,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8009,22 +7840,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8045,22 +7877,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8097,78 +7930,82 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sbcs	r9, r9, r5\n\t"
         "sbc	%[a], %[a], %[a]\n\t"
         "sub	%[s], %[s], #16\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, %[a]\n\t"
         "and	r11, r11, %[a]\n\t"
@@ -8201,7 +8038,8 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	sp, sp, #0x50\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
@@ -8216,9 +8054,9 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #0x50\n\t"
         "add	lr, sp, #0x44\n\t"
-        "stm	lr, {%[s], %[a], %[c]}\n\t"
+        "stm	lr, {r0, r1, r3}\n\t"
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[s], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -8263,7 +8101,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, %[c], r7\n\t"
-        "ldm	%[s], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm	%[s], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #64]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -8315,24 +8153,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "umaal	r9, r10, %[c], lr\n\t"
         "mov	%[c], r12\n\t"
         "add	lr, sp, #32\n\t"
-        "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "mov	%[s], sp\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adds	%[b], %[b], %[a]\n\t"
         "adcs	%[c], %[c], r10\n\t"
         "adcs	r4, r4, r11\n\t"
         "adcs	r5, r5, r12\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adcs	r6, r6, %[a]\n\t"
         "adcs	r7, r7, r10\n\t"
         "adcs	r8, r8, r11\n\t"
         "adcs	r9, r9, r12\n\t"
         "mov	%[a], r9\n\t"
-        "stm	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "stm	%[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "adcs	%[b], %[b], #0\n\t"
         "adcs	%[c], %[c], #0\n\t"
         "adcs	r4, r4, #0\n\t"
@@ -8367,79 +8205,83 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #endif
         /* Add order times bits 504..507 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	%[a], #0\n\t"
         "umlal	%[b], %[a], r10, lr\n\t"
         "umaal	%[c], %[a], r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "umaal	r4, %[a], r10, lr\n\t"
         "umaal	r5, %[a], r11, lr\n\t"
@@ -8454,22 +8296,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -8496,22 +8339,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8532,22 +8376,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8568,22 +8413,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8623,92 +8469,84 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa00000\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x0\n\t"
-#else
         "mov	%[a], #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0x4b\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x9e\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "add	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
         "mov	%[b], #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+#else
         "movt	%[b], #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0xcb\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #2\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "add	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
         "mov	%[c], #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+#else
         "movt	%[c], #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	%[a], %[a], lr\n\t"
         "and	%[b], %[b], lr\n\t"
         "and	%[c], %[c], lr\n\t"
@@ -8738,7 +8576,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	r12, sp\n\t"
         /* Load bits 252-376 */
         "add	r12, r12, #28\n\t"
-        "ldm	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm	r12, {r1, r2, r3, r4, r5}\n\t"
         "lsl	r5, r5, #4\n\t"
         "orr	r5, r5, r4, lsr #28\n\t"
         "lsl	r4, r4, #4\n\t"
@@ -8757,22 +8595,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8784,22 +8623,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8811,22 +8651,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8838,22 +8679,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8881,78 +8723,82 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sbcs	r9, r9, r5\n\t"
         "sbc	%[a], %[a], %[a]\n\t"
         "sub	%[s], %[s], #16\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, %[a]\n\t"
         "and	r11, r11, %[a]\n\t"
@@ -8985,7 +8831,8 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	sp, sp, #0x50\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
@@ -8995,9 +8842,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
new file mode 100644
index 000000000..2f29f52b8
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
@@ -0,0 +1,8829 @@
+/* armv8-32-kyber-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef WOLFSSL_WC_KYBER
+	.text
+	.type	L_kyber_arm32_ntt_zetas, %object
+	.size	L_kyber_arm32_ntt_zetas, 256
+	.align	4
+L_kyber_arm32_ntt_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_arm32_ntt
+	.type	kyber_arm32_ntt, %function
+kyber_arm32_ntt:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #8
+	adr	r1, L_kyber_arm32_ntt_zetas
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r2, #16
+L_kyber_arm32_ntt_loop_123:
+	str	r2, [sp]
+	ldrh	r11, [r1, #2]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #64]
+	ldr	r4, [r0, #128]
+	ldr	r5, [r0, #192]
+	ldr	r6, [r0, #256]
+	ldr	r7, [r0, #320]
+	ldr	r8, [r0, #384]
+	ldr	r9, [r0, #448]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	lr, r10, lr, r6
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r6, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r6, r6, #16
+	mul	r12, lr, r12
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r6
+	sub	r6, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, lr, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r5, r12
+	sadd16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r5, lr
+	add	r5, r5, lr
+	sub	lr, r5, r12, lsr #16
+	add	r12, r5, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #8]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	lr, r10, lr, r3
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r3, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r3, r3, #16
+	mul	r12, lr, r12
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r3
+	sub	r3, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, lr, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r5
+	smultt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #12]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r8, r12
+	sadd16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r8, lr
+	add	r8, r8, lr
+	sub	lr, r8, r12, lsr #16
+	add	r12, r8, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #64]
+	str	r4, [r0, #128]
+	str	r5, [r0, #192]
+	str	r6, [r0, #256]
+	str	r7, [r0, #320]
+	str	r8, [r0, #384]
+	str	r9, [r0, #448]
+	ldr	r2, [sp]
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_ntt_loop_123
+	sub	r0, r0, #0x40
+	mov	r3, #0
+L_kyber_arm32_ntt_loop_4_j:
+	str	r3, [sp, #4]
+	add	r11, r1, r3, lsr #4
+	mov	r2, #4
+	ldr	r11, [r11, #16]
+L_kyber_arm32_ntt_loop_4_i:
+	str	r2, [sp]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #16]
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #48]
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #80]
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #16]
+	str	r4, [r0, #32]
+	str	r5, [r0, #48]
+	str	r6, [r0, #64]
+	str	r7, [r0, #80]
+	str	r8, [r0, #96]
+	str	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r2, r3}
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_ntt_loop_4_i
+	add	r3, r3, #0x40
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #0x70
+	bne	L_kyber_arm32_ntt_loop_4_j
+	sub	r0, r0, #0x200
+	mov	r3, #0
+L_kyber_arm32_ntt_loop_567:
+	add	r11, r1, r3, lsr #3
+	str	r3, [sp, #4]
+	ldrh	r11, [r11, #32]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r0, #16]
+	ldr	r7, [r0, #20]
+	ldr	r8, [r0, #24]
+	ldr	r9, [r0, #28]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	lr, r10, lr, r6
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r6, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r6, r6, #16
+	mul	r12, lr, r12
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r6
+	sub	r6, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, lr, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r5, r12
+	sadd16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r5, lr
+	add	r5, r5, lr
+	sub	lr, r5, r12, lsr #16
+	add	r12, r5, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #2
+	ldr	r11, [r11, #64]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #128]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	lr, r10, lr, r3
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r3, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r3, r3, #16
+	mul	r12, lr, r12
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r3
+	sub	r3, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, lr, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r5
+	smultt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #132]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r8, r12
+	sadd16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r8, lr
+	add	r8, r8, lr
+	sub	lr, r8, r12, lsr #16
+	add	r12, r8, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xc0
+	orr	r11, r11, #0xaf00
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xbf
+	orr	r11, r11, #0x4e00
+#else
+	mov	r11, #0x4ebf
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r6
+	smulwt	lr, r11, r6
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r6, #16
+#else
+	sbfx	lr, r6, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r6, lr, lsl #16
+	sub	r6, r6, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff0000
+	bic	r6, r6, #0xff000000
+	orr	r6, r6, lr, lsl #16
+#else
+	bfi	r6, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r7
+	smulwt	lr, r11, r7
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r7, #16
+#else
+	sbfx	lr, r7, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r7, lr, lsl #16
+	sub	r7, r7, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0000
+	bic	r7, r7, #0xff000000
+	orr	r7, r7, lr, lsl #16
+#else
+	bfi	r7, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r8
+	smulwt	lr, r11, r8
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r8, #16
+#else
+	sbfx	lr, r8, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r8, lr, lsl #16
+	sub	r8, r8, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff0000
+	bic	r8, r8, #0xff000000
+	orr	r8, r8, lr, lsl #16
+#else
+	bfi	r8, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r9
+	smulwt	lr, r11, r9
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r9, r9, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r9, #16
+#else
+	sbfx	lr, r9, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r9, lr, lsl #16
+	sub	r9, r9, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff0000
+	bic	r9, r9, #0xff000000
+	orr	r9, r9, lr, lsl #16
+#else
+	bfi	r9, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	ldr	r3, [sp, #4]
+	add	r3, r3, #16
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #32
+	bne	L_kyber_arm32_ntt_loop_567
+	add	sp, sp, #8
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_ntt,.-kyber_arm32_ntt
+	.text
+	.type	L_kyber_arm32_invntt_zetas_inv, %object
+	.size	L_kyber_arm32_invntt_zetas_inv, 256
+	.align	4
+L_kyber_arm32_invntt_zetas_inv:
+	.short	0x6a5
+	.short	0x70f
+	.short	0x5b4
+	.short	0x943
+	.short	0x922
+	.short	0x91d
+	.short	0x134
+	.short	0x6c
+	.short	0xb23
+	.short	0x366
+	.short	0x356
+	.short	0x5e6
+	.short	0x9e7
+	.short	0x4fe
+	.short	0x5fa
+	.short	0x4a1
+	.short	0x67b
+	.short	0x4a3
+	.short	0xc25
+	.short	0x36a
+	.short	0x537
+	.short	0x83f
+	.short	0x88
+	.short	0x4bf
+	.short	0xb81
+	.short	0x5b9
+	.short	0x505
+	.short	0x7d7
+	.short	0xa9f
+	.short	0xaa6
+	.short	0x8b8
+	.short	0x9d0
+	.short	0x4b
+	.short	0x9c
+	.short	0xbb8
+	.short	0xb5f
+	.short	0xba4
+	.short	0x368
+	.short	0xa7d
+	.short	0x636
+	.short	0x8a2
+	.short	0x25a
+	.short	0x736
+	.short	0x309
+	.short	0x93
+	.short	0x87a
+	.short	0x9f7
+	.short	0xf6
+	.short	0x68c
+	.short	0x6db
+	.short	0x1cc
+	.short	0x123
+	.short	0xeb
+	.short	0xc50
+	.short	0xab6
+	.short	0xb5b
+	.short	0xc98
+	.short	0x6f3
+	.short	0x99a
+	.short	0x4e3
+	.short	0x9b6
+	.short	0xad6
+	.short	0xb53
+	.short	0x44f
+	.short	0x4fb
+	.short	0xa5c
+	.short	0x429
+	.short	0xb41
+	.short	0x2d5
+	.short	0x5e4
+	.short	0x940
+	.short	0x18e
+	.short	0x3b7
+	.short	0xf7
+	.short	0x58d
+	.short	0xc96
+	.short	0x9c3
+	.short	0x10f
+	.short	0x5a
+	.short	0x355
+	.short	0x744
+	.short	0xc83
+	.short	0x48a
+	.short	0x652
+	.short	0x29a
+	.short	0x140
+	.short	0x8
+	.short	0xafd
+	.short	0x608
+	.short	0x11a
+	.short	0x72e
+	.short	0x50d
+	.short	0x90a
+	.short	0x228
+	.short	0xa75
+	.short	0x83a
+	.short	0x623
+	.short	0xcd
+	.short	0xb66
+	.short	0x606
+	.short	0xaa1
+	.short	0xa25
+	.short	0x908
+	.short	0x2a9
+	.short	0x82
+	.short	0x642
+	.short	0x74f
+	.short	0x33d
+	.short	0xb82
+	.short	0xbf9
+	.short	0x52d
+	.short	0xac4
+	.short	0x745
+	.short	0x5c2
+	.short	0x4b2
+	.short	0x93f
+	.short	0xc4b
+	.short	0x6d8
+	.short	0xa93
+	.short	0xab
+	.short	0xc37
+	.short	0xbe2
+	.short	0x773
+	.short	0x72c
+	.short	0x5ed
+	.short	0x167
+	.short	0x2f6
+	.short	0x5a1
+	.text
+	.align	4
+	.globl	kyber_arm32_invntt
+	.type	kyber_arm32_invntt, %function
+kyber_arm32_invntt:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #8
+	adr	r1, L_kyber_arm32_invntt_zetas_inv
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r3, #0
+L_kyber_arm32_invntt_loop_765:
+	add	r11, r1, r3, lsr #1
+	str	r3, [sp, #4]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r0, #16]
+	ldr	r7, [r0, #20]
+	ldr	r8, [r0, #24]
+	ldr	r9, [r0, #28]
+	ldr	r11, [r11]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r3
+	sadd16	r2, r2, r3
+	smulbt	r3, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+	sub	lr, r2, r3
+	add	r10, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r3
+	add	r2, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r3, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r5
+	sadd16	r4, r4, r5
+	smultt	r5, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r4, r5
+	add	r10, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r5
+	add	r4, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r7
+	sadd16	r6, r6, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r6, r7
+	add	r10, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r7
+	add	r6, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r8, r9
+	sadd16	r8, r8, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r8, r9
+	add	r10, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	sub	r12, r8, r9
+	add	r8, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r10, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #2
+	ldr	r11, [r11, #128]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #3
+	ldr	r11, [r11, #192]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r6
+	sadd16	r2, r2, r6
+	smulbt	r6, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+	sub	lr, r2, r6
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r6
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r6, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r7
+	sadd16	r3, r3, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r3, r7
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r7
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r8
+	sadd16	r4, r4, r8
+	smulbt	r8, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r4, r8
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r8
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r5, r9
+	sadd16	r5, r5, r9
+	smulbt	r9, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r5, r9
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+	sub	r12, r5, r9
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xc0
+	orr	r11, r11, #0xaf00
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xbf
+	orr	r11, r11, #0x4e00
+#else
+	mov	r11, #0x4ebf
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	ldr	r3, [sp, #4]
+	add	r3, r3, #16
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #32
+	bne	L_kyber_arm32_invntt_loop_765
+	sub	r0, r0, #0x200
+	mov	r3, #0
+L_kyber_arm32_invntt_loop_4_j:
+	str	r3, [sp, #4]
+	add	r11, r1, r3, lsr #4
+	mov	r2, #4
+	ldr	r11, [r11, #224]
+L_kyber_arm32_invntt_loop_4_i:
+	str	r2, [sp]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #16]
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #48]
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #80]
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #16]
+	str	r4, [r0, #32]
+	str	r5, [r0, #48]
+	str	r6, [r0, #64]
+	str	r7, [r0, #80]
+	str	r8, [r0, #96]
+	str	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r2, r3}
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_invntt_loop_4_i
+	add	r3, r3, #0x40
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #0x70
+	bne	L_kyber_arm32_invntt_loop_4_j
+	sub	r0, r0, #0x200
+	mov	r2, #16
+L_kyber_arm32_invntt_loop_321:
+	str	r2, [sp]
+	ldrh	r11, [r1, #2]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #64]
+	ldr	r4, [r0, #128]
+	ldr	r5, [r0, #192]
+	ldr	r6, [r0, #256]
+	ldr	r7, [r0, #320]
+	ldr	r8, [r0, #384]
+	ldr	r9, [r0, #448]
+	ldr	r11, [r1, #240]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r3
+	sadd16	r2, r2, r3
+	smulbt	r3, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+	sub	lr, r2, r3
+	add	r10, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r3
+	add	r2, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r3, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r5
+	sadd16	r4, r4, r5
+	smultt	r5, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r4, r5
+	add	r10, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r5
+	add	r4, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #244]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r7
+	sadd16	r6, r6, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r6, r7
+	add	r10, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r7
+	add	r6, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r8, r9
+	sadd16	r8, r8, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r8, r9
+	add	r10, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	sub	r12, r8, r9
+	add	r8, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r10, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #248]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xc0
+	orr	r11, r11, #0xaf00
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xbf
+	orr	r11, r11, #0x4e00
+#else
+	mov	r11, #0x4ebf
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #252]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r6
+	sadd16	r2, r2, r6
+	smulbt	r6, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+	sub	lr, r2, r6
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r6
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r6, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r7
+	sadd16	r3, r3, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r3, r7
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r7
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r8
+	sadd16	r4, r4, r8
+	smulbt	r8, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r4, r8
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r8
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r5, r9
+	sadd16	r5, r5, r9
+	smulbt	r9, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r5, r9
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+	sub	r12, r5, r9
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #254]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r2
+	smulbt	r2, r11, r2
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r2
+	smlabb	r2, r10, lr, r2
+	pkhtb	r2, r2, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r2, r2, #16
+#else
+	sbfx	r2, r2, #16, #16
+#endif
+	mul	r2, lr, r2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r2, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r2, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r2, r10, lr, r2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r3, r3, #16
+#else
+	sbfx	r3, r3, #16, #16
+#endif
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r4, #16, #16
+#endif
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r5, #16, #16
+#endif
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r6, #16, #16
+#endif
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r7, #16, #16
+#endif
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r8, r8, #16
+#else
+	sbfx	r8, r8, #16, #16
+#endif
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #16, #16
+#endif
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #64]
+	str	r4, [r0, #128]
+	str	r5, [r0, #192]
+	str	r6, [r0, #256]
+	str	r7, [r0, #320]
+	str	r8, [r0, #384]
+	str	r9, [r0, #448]
+	ldr	r2, [sp]
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_kyber_arm32_invntt_loop_321
+	add	sp, sp, #8
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_invntt,.-kyber_arm32_invntt
+	.text
+	.type	L_kyber_arm32_basemul_mont_zetas, %object
+	.size	L_kyber_arm32_basemul_mont_zetas, 256
+	.align	4
+L_kyber_arm32_basemul_mont_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_arm32_basemul_mont
+	.type	kyber_arm32_basemul_mont, %function
+kyber_arm32_basemul_mont:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	adr	r3, L_kyber_arm32_basemul_mont_zetas
+	add	r3, r3, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xc000000
+	orr	r12, r12, #0xff0000
+#else
+	movt	r12, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r8, #0
+L_kyber_arm32_basemul_mont_loop:
+	ldm	r1!, {r4, r5}
+	ldm	r2!, {r6, r7}
+	ldr	lr, [r3, r8]
+	add	r8, r8, #2
+	push	{r8}
+	cmp	r8, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultt	r8, r4, r6
+	smultt	r10, r5, r7
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	rsb	r11, lr, #0
+	smulbt	r8, lr, r8
+	smulbt	r10, r11, r10
+	smlabb	r8, r4, r6, r8
+	smlabb	r10, r5, r7, r10
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	smulbt	r9, r4, r6
+	smulbt	r11, r5, r7
+	smlatb	r9, r4, r6, r9
+	smlatb	r11, r5, r7, r11
+	smultb	r6, r12, r9
+	smultb	r7, r12, r11
+	smlabb	r9, r12, r6, r9
+	smlabb	r11, r12, r7, r11
+	pkhtb	r4, r9, r8, ASR #16
+	pkhtb	r5, r11, r10, ASR #16
+#else
+	asr	r8, r4, #16
+	asr	r10, r5, #16
+	asr	r9, r6, #16
+	asr	r11, r7, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r8
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+	rsb	r11, lr, #0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, lr, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	asr	r10, r10, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r8, r9, r12, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r10, r11, r12, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r9
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+	asr	r12, r6, #16
+	mul	r9, r12, r9
+	asr	r12, r7, #16
+	mul	r11, r12, r11
+	asr	r4, r4, #16
+	asr	r5, r5, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r9, r4, r12, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r11, r5, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r6, r9, #16
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r11, #16
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r11, #0, #16
+#endif
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r4, r6, #16
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r5, r7, #16
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r7, #0, #16
+#endif
+	mla	r9, r12, r4, r9
+	mla	r11, r12, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	orr	r4, r9, r8, lsr #16
+	orr	r5, r11, r10, lsr #16
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r4, r5}
+	pop	{r8}
+	bne	L_kyber_arm32_basemul_mont_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_basemul_mont,.-kyber_arm32_basemul_mont
+	.text
+	.align	4
+	.globl	kyber_arm32_basemul_mont_add
+	.type	kyber_arm32_basemul_mont_add, %function
+kyber_arm32_basemul_mont_add:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	adr	r3, L_kyber_arm32_basemul_mont_zetas
+	add	r3, r3, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xc000000
+	orr	r12, r12, #0xff0000
+#else
+	movt	r12, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r8, #0
+L_kyber_arm32_basemul_mont_add_loop:
+	ldm	r1!, {r4, r5}
+	ldm	r2!, {r6, r7}
+	ldr	lr, [r3, r8]
+	add	r8, r8, #2
+	push	{r8}
+	cmp	r8, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultt	r8, r4, r6
+	smultt	r10, r5, r7
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	rsb	r11, lr, #0
+	smulbt	r8, lr, r8
+	smulbt	r10, r11, r10
+	smlabb	r8, r4, r6, r8
+	smlabb	r10, r5, r7, r10
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	smulbt	r9, r4, r6
+	smulbt	r11, r5, r7
+	smlatb	r9, r4, r6, r9
+	smlatb	r11, r5, r7, r11
+	smultb	r6, r12, r9
+	smultb	r7, r12, r11
+	smlabb	r9, r12, r6, r9
+	smlabb	r11, r12, r7, r11
+	ldm	r0, {r4, r5}
+	pkhtb	r9, r9, r8, ASR #16
+	pkhtb	r11, r11, r10, ASR #16
+	sadd16	r4, r4, r9
+	sadd16	r5, r5, r11
+#else
+	asr	r8, r4, #16
+	asr	r10, r5, #16
+	asr	r9, r6, #16
+	asr	r11, r7, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r8
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+	rsb	r11, lr, #0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, lr, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	asr	r10, r10, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r8, r9, r12, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r10, r11, r12, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r9
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+	asr	r12, r6, #16
+	mul	r9, r12, r9
+	asr	r12, r7, #16
+	mul	r11, r12, r11
+	asr	r4, r4, #16
+	asr	r5, r5, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r9, r4, r12, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r11, r5, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r6, r9, #16
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r11, #16
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r11, #0, #16
+#endif
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r4, r6, #16
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r5, r7, #16
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r7, #0, #16
+#endif
+	mla	r9, r12, r4, r9
+	mla	r11, r12, r5, r11
+	ldm	r0, {r4, r5}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	orr	r9, r9, r8, lsr #16
+	orr	r11, r11, r10, lsr #16
+	add	r8, r4, r9
+	add	r10, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	add	r4, r4, r9
+	add	r5, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r8, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r4, r5}
+	pop	{r8}
+	bne	L_kyber_arm32_basemul_mont_add_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_basemul_mont_add,.-kyber_arm32_basemul_mont_add
+	.text
+	.align	4
+	.globl	kyber_arm32_csubq
+	.type	kyber_arm32_csubq, %function
+kyber_arm32_csubq:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	lr, #0x1
+	orr	lr, lr, #0xd00
+#else
+	mov	lr, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0xd000000
+	orr	lr, lr, #0x10000
+#else
+	movt	lr, #0xd01
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r11, #0x8000
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x80000000
+#else
+	movt	r11, #0x8000
+#endif
+	mov	r1, #0x100
+L_kyber_arm32_csubq_loop:
+	ldm	r0, {r2, r3, r4, r5}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r2, r2, lr
+	ssub16	r3, r3, lr
+	ssub16	r4, r4, lr
+	ssub16	r5, r5, lr
+	and	r6, r2, r11
+	and	r7, r3, r11
+	and	r8, r4, r11
+	and	r9, r5, r11
+	lsr	r6, r6, #15
+	lsr	r7, r7, #15
+	lsr	r8, r8, #15
+	lsr	r9, r9, #15
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+	mul	r8, r12, r8
+	mul	r9, r12, r9
+	sadd16	r2, r2, r6
+	sadd16	r3, r3, r7
+	sadd16	r4, r4, r8
+	sadd16	r5, r5, r9
+#else
+	sub	r6, r2, lr
+	sub	r2, r2, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r6, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r6, #0, #16
+#endif
+	sub	r7, r3, lr
+	sub	r3, r3, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r7, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r7, #0, #16
+#endif
+	sub	r8, r4, lr
+	sub	r4, r4, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r8, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r8, #0, #16
+#endif
+	sub	r9, r5, lr
+	sub	r5, r5, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r9, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r9, #0, #16
+#endif
+	and	r6, r2, r11
+	and	r7, r3, r11
+	and	r8, r4, r11
+	and	r9, r5, r11
+	lsr	r6, r6, #15
+	lsr	r7, r7, #15
+	lsr	r8, r8, #15
+	lsr	r9, r9, #15
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+	mul	r8, r12, r8
+	mul	r9, r12, r9
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r2, r3, r4, r5}
+	subs	r1, r1, #8
+	bne	L_kyber_arm32_csubq_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	kyber_arm32_csubq,.-kyber_arm32_csubq
+	.text
+	.align	4
+	.globl	kyber_arm32_rej_uniform
+	.type	kyber_arm32_rej_uniform, %function
+kyber_arm32_rej_uniform:
+	push	{r4, r5, r6, r7, r8, lr}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r8, #0x1
+	orr	r8, r8, #0xd00
+#else
+	mov	r8, #0xd01
+#endif
+	mov	r12, #0
+L_kyber_arm32_rej_uniform_loop_no_fail:
+	cmp	r1, #8
+	blt	L_kyber_arm32_rej_uniform_done_no_fail
+	ldm	r2!, {r4, r5, r6}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #20
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #0, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #8
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #12, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r4, #24
+#else
+	ubfx	r7, r4, #24, #8
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xf00
+	ror	r7, r7, #12
+	orr	r7, r7, r5, lsl #28
+	ror	r7, r7, #20
+#else
+	bfi	r7, r5, #8, #4
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #16
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #4, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #4
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #16, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r5, #28
+#else
+	ubfx	r7, r5, #28, #4
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0
+	ror	r7, r7, #12
+	orr	r7, r7, r6, lsl #24
+	ror	r7, r7, #20
+#else
+	bfi	r7, r6, #4, #8
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r6, #12
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r6, #8, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r6, #20
+#else
+	ubfx	r7, r6, #20, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+	subs	r3, r3, #12
+	bne	L_kyber_arm32_rej_uniform_loop_no_fail
+	b	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_done_no_fail:
+	cmp	r1, #0
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_loop:
+	ldm	r2!, {r4, r5, r6}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #20
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #0, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_0
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_0:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #8
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #12, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_1
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_1:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r4, #24
+#else
+	ubfx	r7, r4, #24, #8
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xf00
+	ror	r7, r7, #12
+	orr	r7, r7, r5, lsl #28
+	ror	r7, r7, #20
+#else
+	bfi	r7, r5, #8, #4
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_2
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_2:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #16
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #4, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_3
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_3:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #4
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #16, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_4
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_4:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r5, #28
+#else
+	ubfx	r7, r5, #28, #4
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0
+	ror	r7, r7, #12
+	orr	r7, r7, r6, lsl #24
+	ror	r7, r7, #20
+#else
+	bfi	r7, r6, #4, #8
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_5
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_5:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r6, #12
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r6, #8, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_6
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_6:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r6, #20
+#else
+	ubfx	r7, r6, #20, #12
+#endif
+	cmp	r7, r8
+	bge	L_kyber_arm32_rej_uniform_fail_7
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_kyber_arm32_rej_uniform_done
+L_kyber_arm32_rej_uniform_fail_7:
+	subs	r3, r3, #12
+	bgt	L_kyber_arm32_rej_uniform_loop
+L_kyber_arm32_rej_uniform_done:
+	lsr	r0, r12, #1
+	pop	{r4, r5, r6, r7, r8, pc}
+	.size	kyber_arm32_rej_uniform,.-kyber_arm32_rej_uniform
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c
new file mode 100644
index 000000000..e514604f8
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c
@@ -0,0 +1,8621 @@
+/* armv8-32-kyber-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+
+#ifdef WOLFSSL_WC_KYBER
+static const word16 L_kyber_arm32_ntt_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714,
+    0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6,
+    0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f,
+    0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260,
+    0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7,
+    0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67,
+    0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e,
+    0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c,
+    0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b,
+    0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16,
+    0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e,
+    0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d,
+    0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262,
+    0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca,
+    0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a,
+    0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df,
+    0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+void kyber_arm32_ntt(sword16* r_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register word16* L_kyber_arm32_ntt_zetas_c asm ("r1") =
+        (word16*)&L_kyber_arm32_ntt_zetas;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r2, #16\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_123_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldrh	r11, [r1, #2]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #64]\n\t"
+        "ldr	r4, [%[r], #128]\n\t"
+        "ldr	r5, [%[r], #192]\n\t"
+        "ldr	r6, [%[r], #256]\n\t"
+        "ldr	r7, [%[r], #320]\n\t"
+        "ldr	r8, [%[r], #384]\n\t"
+        "ldr	r9, [%[r], #448]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	lr, r10, lr, r6\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r6, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r6, r6, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r6\n\t"
+        "sub	r6, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r5, r12\n\t"
+        "sadd16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r5, lr\n\t"
+        "add	r5, r5, lr\n\t"
+        "sub	lr, r5, r12, lsr #16\n\t"
+        "add	r12, r5, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #4]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #8]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	lr, r10, lr, r3\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r3, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r3, r3, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r3\n\t"
+        "sub	r3, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r5\n\t"
+        "smultt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #12]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r8, r12\n\t"
+        "sadd16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r8, lr\n\t"
+        "add	r8, r8, lr\n\t"
+        "sub	lr, r8, r12, lsr #16\n\t"
+        "add	r12, r8, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #64]\n\t"
+        "str	r4, [%[r], #128]\n\t"
+        "str	r5, [%[r], #192]\n\t"
+        "str	r6, [%[r], #256]\n\t"
+        "str	r7, [%[r], #320]\n\t"
+        "str	r8, [%[r], #384]\n\t"
+        "str	r9, [%[r], #448]\n\t"
+        "ldr	r2, [sp]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_ntt_loop_123_%=\n\t"
+        "sub	%[r], %[r], #0x40\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_4_j_%=: \n\t"
+        "str	r3, [sp, #4]\n\t"
+        "add	r11, r1, r3, lsr #4\n\t"
+        "mov	r2, #4\n\t"
+        "ldr	r11, [r11, #16]\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_4_i_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #16]\n\t"
+        "ldr	r4, [%[r], #32]\n\t"
+        "ldr	r5, [%[r], #48]\n\t"
+        "ldr	r6, [%[r], #64]\n\t"
+        "ldr	r7, [%[r], #80]\n\t"
+        "ldr	r8, [%[r], #96]\n\t"
+        "ldr	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #16]\n\t"
+        "str	r4, [%[r], #32]\n\t"
+        "str	r5, [%[r], #48]\n\t"
+        "str	r6, [%[r], #64]\n\t"
+        "str	r7, [%[r], #80]\n\t"
+        "str	r8, [%[r], #96]\n\t"
+        "str	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_ntt_loop_4_i_%=\n\t"
+        "add	r3, r3, #0x40\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #0x70\n\t"
+        "bne	L_kyber_arm32_ntt_loop_4_j_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_ntt_loop_567_%=: \n\t"
+        "add	r11, r1, r3, lsr #3\n\t"
+        "str	r3, [sp, #4]\n\t"
+        "ldrh	r11, [r11, #32]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #4]\n\t"
+        "ldr	r4, [%[r], #8]\n\t"
+        "ldr	r5, [%[r], #12]\n\t"
+        "ldr	r6, [%[r], #16]\n\t"
+        "ldr	r7, [%[r], #20]\n\t"
+        "ldr	r8, [%[r], #24]\n\t"
+        "ldr	r9, [%[r], #28]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	lr, r10, lr, r6\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r6, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r6, r6, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r6\n\t"
+        "sub	r6, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r5, r12\n\t"
+        "sadd16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r5, lr\n\t"
+        "add	r5, r5, lr\n\t"
+        "sub	lr, r5, r12, lsr #16\n\t"
+        "add	r12, r5, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #2\n\t"
+        "ldr	r11, [r11, #64]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #128]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	lr, r10, lr, r3\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r3, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r3, r3, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r3\n\t"
+        "sub	r3, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r5\n\t"
+        "smultt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #132]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r8, r12\n\t"
+        "sadd16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r8, lr\n\t"
+        "add	r8, r8, lr\n\t"
+        "sub	lr, r8, r12, lsr #16\n\t"
+        "add	r12, r8, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xc0\n\t"
+        "orr	r11, r11, #0xaf00\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xbf\n\t"
+        "orr	r11, r11, #0x4e00\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r6\n\t"
+        "smulwt	lr, r11, r6\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r6, #16\n\t"
+#else
+        "sbfx	lr, r6, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r6, lr, lsl #16\n\t"
+        "sub	r6, r6, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff0000\n\t"
+        "bic	r6, r6, #0xff000000\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+#else
+        "bfi	r6, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r7\n\t"
+        "smulwt	lr, r11, r7\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r7, #16\n\t"
+#else
+        "sbfx	lr, r7, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r7, lr, lsl #16\n\t"
+        "sub	r7, r7, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0000\n\t"
+        "bic	r7, r7, #0xff000000\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+#else
+        "bfi	r7, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r8\n\t"
+        "smulwt	lr, r11, r8\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r8, #16\n\t"
+#else
+        "sbfx	lr, r8, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r8, lr, lsl #16\n\t"
+        "sub	r8, r8, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff0000\n\t"
+        "bic	r8, r8, #0xff000000\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+#else
+        "bfi	r8, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r9\n\t"
+        "smulwt	lr, r11, r9\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r9, r9, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r9, #16\n\t"
+#else
+        "sbfx	lr, r9, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r9, lr, lsl #16\n\t"
+        "sub	r9, r9, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff0000\n\t"
+        "bic	r9, r9, #0xff000000\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+#else
+        "bfi	r9, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #4]\n\t"
+        "str	r4, [%[r], #8]\n\t"
+        "str	r5, [%[r], #12]\n\t"
+        "str	r6, [%[r], #16]\n\t"
+        "str	r7, [%[r], #20]\n\t"
+        "str	r8, [%[r], #24]\n\t"
+        "str	r9, [%[r], #28]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+        "add	r3, r3, #16\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #32\n\t"
+        "bne	L_kyber_arm32_ntt_loop_567_%=\n\t"
+        "add	sp, sp, #8\n\t"
+        : [r] "+r" (r),
+          [L_kyber_arm32_ntt_zetas] "+r" (L_kyber_arm32_ntt_zetas_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+static const word16 L_kyber_arm32_invntt_zetas_inv[] = {
+    0x06a5, 0x070f, 0x05b4, 0x0943,
+    0x0922, 0x091d, 0x0134, 0x006c,
+    0x0b23, 0x0366, 0x0356, 0x05e6,
+    0x09e7, 0x04fe, 0x05fa, 0x04a1,
+    0x067b, 0x04a3, 0x0c25, 0x036a,
+    0x0537, 0x083f, 0x0088, 0x04bf,
+    0x0b81, 0x05b9, 0x0505, 0x07d7,
+    0x0a9f, 0x0aa6, 0x08b8, 0x09d0,
+    0x004b, 0x009c, 0x0bb8, 0x0b5f,
+    0x0ba4, 0x0368, 0x0a7d, 0x0636,
+    0x08a2, 0x025a, 0x0736, 0x0309,
+    0x0093, 0x087a, 0x09f7, 0x00f6,
+    0x068c, 0x06db, 0x01cc, 0x0123,
+    0x00eb, 0x0c50, 0x0ab6, 0x0b5b,
+    0x0c98, 0x06f3, 0x099a, 0x04e3,
+    0x09b6, 0x0ad6, 0x0b53, 0x044f,
+    0x04fb, 0x0a5c, 0x0429, 0x0b41,
+    0x02d5, 0x05e4, 0x0940, 0x018e,
+    0x03b7, 0x00f7, 0x058d, 0x0c96,
+    0x09c3, 0x010f, 0x005a, 0x0355,
+    0x0744, 0x0c83, 0x048a, 0x0652,
+    0x029a, 0x0140, 0x0008, 0x0afd,
+    0x0608, 0x011a, 0x072e, 0x050d,
+    0x090a, 0x0228, 0x0a75, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606,
+    0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d,
+    0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f,
+    0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c,
+    0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+void kyber_arm32_invntt(sword16* r_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register word16* L_kyber_arm32_invntt_zetas_inv_c asm ("r1") =
+        (word16*)&L_kyber_arm32_invntt_zetas_inv;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_765_%=: \n\t"
+        "add	r11, r1, r3, lsr #1\n\t"
+        "str	r3, [sp, #4]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #4]\n\t"
+        "ldr	r4, [%[r], #8]\n\t"
+        "ldr	r5, [%[r], #12]\n\t"
+        "ldr	r6, [%[r], #16]\n\t"
+        "ldr	r7, [%[r], #20]\n\t"
+        "ldr	r8, [%[r], #24]\n\t"
+        "ldr	r9, [%[r], #28]\n\t"
+        "ldr	r11, [r11]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r3\n\t"
+        "sadd16	r2, r2, r3\n\t"
+        "smulbt	r3, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r3\n\t"
+        "add	r10, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r3\n\t"
+        "add	r2, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r3, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r5\n\t"
+        "sadd16	r4, r4, r5\n\t"
+        "smultt	r5, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r5\n\t"
+        "add	r10, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r5\n\t"
+        "add	r4, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #4]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r7\n\t"
+        "sadd16	r6, r6, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r7\n\t"
+        "add	r10, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r7\n\t"
+        "add	r6, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r8, r9\n\t"
+        "sadd16	r8, r8, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r8, r9\n\t"
+        "add	r10, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "sub	r12, r8, r9\n\t"
+        "add	r8, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r10, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #2\n\t"
+        "ldr	r11, [r11, #128]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #3\n\t"
+        "ldr	r11, [r11, #192]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r6\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "smulbt	r6, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r6\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r6\n\t"
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r6, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r7\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r7\n\t"
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r7\n\t"
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r8\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "smulbt	r8, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r8\n\t"
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r8\n\t"
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r5, r9\n\t"
+        "sadd16	r5, r5, r9\n\t"
+        "smulbt	r9, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r5, r9\n\t"
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+        "sub	r12, r5, r9\n\t"
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xc0\n\t"
+        "orr	r11, r11, #0xaf00\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xbf\n\t"
+        "orr	r11, r11, #0x4e00\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #4]\n\t"
+        "str	r4, [%[r], #8]\n\t"
+        "str	r5, [%[r], #12]\n\t"
+        "str	r6, [%[r], #16]\n\t"
+        "str	r7, [%[r], #20]\n\t"
+        "str	r8, [%[r], #24]\n\t"
+        "str	r9, [%[r], #28]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+        "add	r3, r3, #16\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #32\n\t"
+        "bne	L_kyber_arm32_invntt_loop_765_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_4_j_%=: \n\t"
+        "str	r3, [sp, #4]\n\t"
+        "add	r11, r1, r3, lsr #4\n\t"
+        "mov	r2, #4\n\t"
+        "ldr	r11, [r11, #224]\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_4_i_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #16]\n\t"
+        "ldr	r4, [%[r], #32]\n\t"
+        "ldr	r5, [%[r], #48]\n\t"
+        "ldr	r6, [%[r], #64]\n\t"
+        "ldr	r7, [%[r], #80]\n\t"
+        "ldr	r8, [%[r], #96]\n\t"
+        "ldr	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #16]\n\t"
+        "str	r4, [%[r], #32]\n\t"
+        "str	r5, [%[r], #48]\n\t"
+        "str	r6, [%[r], #64]\n\t"
+        "str	r7, [%[r], #80]\n\t"
+        "str	r8, [%[r], #96]\n\t"
+        "str	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_invntt_loop_4_i_%=\n\t"
+        "add	r3, r3, #0x40\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #0x70\n\t"
+        "bne	L_kyber_arm32_invntt_loop_4_j_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r2, #16\n\t"
+        "\n"
+    "L_kyber_arm32_invntt_loop_321_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldrh	r11, [r1, #2]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #64]\n\t"
+        "ldr	r4, [%[r], #128]\n\t"
+        "ldr	r5, [%[r], #192]\n\t"
+        "ldr	r6, [%[r], #256]\n\t"
+        "ldr	r7, [%[r], #320]\n\t"
+        "ldr	r8, [%[r], #384]\n\t"
+        "ldr	r9, [%[r], #448]\n\t"
+        "ldr	r11, [r1, #240]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r3\n\t"
+        "sadd16	r2, r2, r3\n\t"
+        "smulbt	r3, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r3\n\t"
+        "add	r10, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r3\n\t"
+        "add	r2, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r3, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r5\n\t"
+        "sadd16	r4, r4, r5\n\t"
+        "smultt	r5, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r5\n\t"
+        "add	r10, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r5\n\t"
+        "add	r4, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #244]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r7\n\t"
+        "sadd16	r6, r6, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r7\n\t"
+        "add	r10, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r7\n\t"
+        "add	r6, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r8, r9\n\t"
+        "sadd16	r8, r8, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r8, r9\n\t"
+        "add	r10, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "sub	r12, r8, r9\n\t"
+        "add	r8, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r10, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #248]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xc0\n\t"
+        "orr	r11, r11, #0xaf00\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xbf\n\t"
+        "orr	r11, r11, #0x4e00\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #252]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r6\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "smulbt	r6, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r6\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r6\n\t"
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r6, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r7\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r7\n\t"
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r7\n\t"
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r8\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "smulbt	r8, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r8\n\t"
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r8\n\t"
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r5, r9\n\t"
+        "sadd16	r5, r5, r9\n\t"
+        "smulbt	r9, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r5, r9\n\t"
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+        "sub	r12, r5, r9\n\t"
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #254]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r2\n\t"
+        "smulbt	r2, r11, r2\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r2\n\t"
+        "smlabb	r2, r10, lr, r2\n\t"
+        "pkhtb	r2, r2, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r2, r2, #16\n\t"
+#else
+        "sbfx	r2, r2, #16, #16\n\t"
+#endif
+        "mul	r2, lr, r2\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r2, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r2, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r2, r10, lr, r2\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r3, r3, #16\n\t"
+#else
+        "sbfx	r3, r3, #16, #16\n\t"
+#endif
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r4, #16, #16\n\t"
+#endif
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r5, #16, #16\n\t"
+#endif
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r6, #16, #16\n\t"
+#endif
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r7, #16, #16\n\t"
+#endif
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r8, r8, #16\n\t"
+#else
+        "sbfx	r8, r8, #16, #16\n\t"
+#endif
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #16, #16\n\t"
+#endif
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #64]\n\t"
+        "str	r4, [%[r], #128]\n\t"
+        "str	r5, [%[r], #192]\n\t"
+        "str	r6, [%[r], #256]\n\t"
+        "str	r7, [%[r], #320]\n\t"
+        "str	r8, [%[r], #384]\n\t"
+        "str	r9, [%[r], #448]\n\t"
+        "ldr	r2, [sp]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_kyber_arm32_invntt_loop_321_%=\n\t"
+        "add	sp, sp, #8\n\t"
+        : [r] "+r" (r),
+          [L_kyber_arm32_invntt_zetas_inv] "+r" (L_kyber_arm32_invntt_zetas_inv_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+static const word16 L_kyber_arm32_basemul_mont_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714,
+    0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6,
+    0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f,
+    0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260,
+    0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7,
+    0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67,
+    0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e,
+    0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c,
+    0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b,
+    0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16,
+    0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e,
+    0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d,
+    0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262,
+    0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca,
+    0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a,
+    0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df,
+    0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+void kyber_arm32_basemul_mont(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register const sword16* a asm ("r1") = (const sword16*)a_p;
+    register const sword16* b asm ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+        "add	r3, r3, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xc000000\n\t"
+        "orr	r12, r12, #0xff0000\n\t"
+#else
+        "movt	r12, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r8, #0\n\t"
+        "\n"
+    "L_kyber_arm32_basemul_mont_loop_%=: \n\t"
+        "ldm	%[a]!, {r4, r5}\n\t"
+        "ldm	%[b]!, {r6, r7}\n\t"
+        "ldr	lr, [r3, r8]\n\t"
+        "add	r8, r8, #2\n\t"
+        "push	{r8}\n\t"
+        "cmp	r8, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultt	r8, r4, r6\n\t"
+        "smultt	r10, r5, r7\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+        "smulbt	r8, lr, r8\n\t"
+        "smulbt	r10, r11, r10\n\t"
+        "smlabb	r8, r4, r6, r8\n\t"
+        "smlabb	r10, r5, r7, r10\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "smulbt	r9, r4, r6\n\t"
+        "smulbt	r11, r5, r7\n\t"
+        "smlatb	r9, r4, r6, r9\n\t"
+        "smlatb	r11, r5, r7, r11\n\t"
+        "smultb	r6, r12, r9\n\t"
+        "smultb	r7, r12, r11\n\t"
+        "smlabb	r9, r12, r6, r9\n\t"
+        "smlabb	r11, r12, r7, r11\n\t"
+        "pkhtb	r4, r9, r8, ASR #16\n\t"
+        "pkhtb	r5, r11, r10, ASR #16\n\t"
+#else
+        "asr	r8, r4, #16\n\t"
+        "asr	r10, r5, #16\n\t"
+        "asr	r9, r6, #16\n\t"
+        "asr	r11, r7, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r8\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, lr, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "asr	r10, r10, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r8, r9, r12, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r10, r11, r12, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r9\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+        "asr	r12, r6, #16\n\t"
+        "mul	r9, r12, r9\n\t"
+        "asr	r12, r7, #16\n\t"
+        "mul	r11, r12, r11\n\t"
+        "asr	r4, r4, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r9, r4, r12, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r11, r5, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r6, r9, #16\n\t"
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r11, #16\n\t"
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r11, #0, #16\n\t"
+#endif
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r4, r6, #16\n\t"
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r5, r7, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r7, #0, #16\n\t"
+#endif
+        "mla	r9, r12, r4, r9\n\t"
+        "mla	r11, r12, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "orr	r4, r9, r8, lsr #16\n\t"
+        "orr	r5, r11, r10, lsr #16\n\t"
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[r]!, {r4, r5}\n\t"
+        "pop	{r8}\n\t"
+        "bne	L_kyber_arm32_basemul_mont_loop_%=\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+{
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register const sword16* a asm ("r1") = (const sword16*)a_p;
+    register const sword16* b asm ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+        "add	r3, r3, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xc000000\n\t"
+        "orr	r12, r12, #0xff0000\n\t"
+#else
+        "movt	r12, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r8, #0\n\t"
+        "\n"
+    "L_kyber_arm32_basemul_mont_add_loop_%=: \n\t"
+        "ldm	%[a]!, {r4, r5}\n\t"
+        "ldm	%[b]!, {r6, r7}\n\t"
+        "ldr	lr, [r3, r8]\n\t"
+        "add	r8, r8, #2\n\t"
+        "push	{r8}\n\t"
+        "cmp	r8, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultt	r8, r4, r6\n\t"
+        "smultt	r10, r5, r7\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+        "smulbt	r8, lr, r8\n\t"
+        "smulbt	r10, r11, r10\n\t"
+        "smlabb	r8, r4, r6, r8\n\t"
+        "smlabb	r10, r5, r7, r10\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "smulbt	r9, r4, r6\n\t"
+        "smulbt	r11, r5, r7\n\t"
+        "smlatb	r9, r4, r6, r9\n\t"
+        "smlatb	r11, r5, r7, r11\n\t"
+        "smultb	r6, r12, r9\n\t"
+        "smultb	r7, r12, r11\n\t"
+        "smlabb	r9, r12, r6, r9\n\t"
+        "smlabb	r11, r12, r7, r11\n\t"
+        "ldm	%[r], {r4, r5}\n\t"
+        "pkhtb	r9, r9, r8, ASR #16\n\t"
+        "pkhtb	r11, r11, r10, ASR #16\n\t"
+        "sadd16	r4, r4, r9\n\t"
+        "sadd16	r5, r5, r11\n\t"
+#else
+        "asr	r8, r4, #16\n\t"
+        "asr	r10, r5, #16\n\t"
+        "asr	r9, r6, #16\n\t"
+        "asr	r11, r7, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r8\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, lr, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "asr	r10, r10, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r8, r9, r12, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r10, r11, r12, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r9\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+        "asr	r12, r6, #16\n\t"
+        "mul	r9, r12, r9\n\t"
+        "asr	r12, r7, #16\n\t"
+        "mul	r11, r12, r11\n\t"
+        "asr	r4, r4, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r9, r4, r12, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r11, r5, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r6, r9, #16\n\t"
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r11, #16\n\t"
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r11, #0, #16\n\t"
+#endif
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r4, r6, #16\n\t"
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r5, r7, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r7, #0, #16\n\t"
+#endif
+        "mla	r9, r12, r4, r9\n\t"
+        "mla	r11, r12, r5, r11\n\t"
+        "ldm	%[r], {r4, r5}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "orr	r9, r9, r8, lsr #16\n\t"
+        "orr	r11, r11, r10, lsr #16\n\t"
+        "add	r8, r4, r9\n\t"
+        "add	r10, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "add	r4, r4, r9\n\t"
+        "add	r5, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r8, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[r]!, {r4, r5}\n\t"
+        "pop	{r8}\n\t"
+        "bne	L_kyber_arm32_basemul_mont_add_loop_%=\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void kyber_arm32_csubq(sword16* p_p)
+{
+    register sword16* p asm ("r0") = (sword16*)p_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r1") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	lr, #0x1\n\t"
+        "orr	lr, lr, #0xd00\n\t"
+#else
+        "mov	lr, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0xd000000\n\t"
+        "orr	lr, lr, #0x10000\n\t"
+#else
+        "movt	lr, #0xd01\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r11, #0x8000\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x80000000\n\t"
+#else
+        "movt	r11, #0x8000\n\t"
+#endif
+        "mov	r1, #0x100\n\t"
+        "\n"
+    "L_kyber_arm32_csubq_loop_%=: \n\t"
+        "ldm	%[p], {r2, r3, r4, r5}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r2, r2, lr\n\t"
+        "ssub16	r3, r3, lr\n\t"
+        "ssub16	r4, r4, lr\n\t"
+        "ssub16	r5, r5, lr\n\t"
+        "and	r6, r2, r11\n\t"
+        "and	r7, r3, r11\n\t"
+        "and	r8, r4, r11\n\t"
+        "and	r9, r5, r11\n\t"
+        "lsr	r6, r6, #15\n\t"
+        "lsr	r7, r7, #15\n\t"
+        "lsr	r8, r8, #15\n\t"
+        "lsr	r9, r9, #15\n\t"
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+        "mul	r8, r12, r8\n\t"
+        "mul	r9, r12, r9\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "sadd16	r5, r5, r9\n\t"
+#else
+        "sub	r6, r2, lr\n\t"
+        "sub	r2, r2, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r6, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r6, #0, #16\n\t"
+#endif
+        "sub	r7, r3, lr\n\t"
+        "sub	r3, r3, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r7, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r7, #0, #16\n\t"
+#endif
+        "sub	r8, r4, lr\n\t"
+        "sub	r4, r4, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r8, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r8, #0, #16\n\t"
+#endif
+        "sub	r9, r5, lr\n\t"
+        "sub	r5, r5, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r9, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r9, #0, #16\n\t"
+#endif
+        "and	r6, r2, r11\n\t"
+        "and	r7, r3, r11\n\t"
+        "and	r8, r4, r11\n\t"
+        "and	r9, r5, r11\n\t"
+        "lsr	r6, r6, #15\n\t"
+        "lsr	r7, r7, #15\n\t"
+        "lsr	r8, r8, #15\n\t"
+        "lsr	r9, r9, #15\n\t"
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+        "mul	r8, r12, r8\n\t"
+        "mul	r9, r12, r9\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[p]!, {r2, r3, r4, r5}\n\t"
+        "subs	r1, r1, #8\n\t"
+        "bne	L_kyber_arm32_csubq_loop_%=\n\t"
+        : [p] "+r" (p),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p,
+    const byte* r_p, unsigned int rLen_p)
+{
+    register sword16* p asm ("r0") = (sword16*)p_p;
+    register unsigned int len asm ("r1") = (unsigned int)len_p;
+    register const byte* r asm ("r2") = (const byte*)r_p;
+    register unsigned int rLen asm ("r3") = (unsigned int)rLen_p;
+    register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r4") =
+        (word16*)&L_kyber_arm32_basemul_mont_zetas;
+
+    __asm__ __volatile__ (
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r8, #0x1\n\t"
+        "orr	r8, r8, #0xd00\n\t"
+#else
+        "mov	r8, #0xd01\n\t"
+#endif
+        "mov	r12, #0\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_loop_no_fail_%=: \n\t"
+        "cmp	%[len], #8\n\t"
+        "blt	L_kyber_arm32_rej_uniform_done_no_fail_%=\n\t"
+        "ldm	%[r]!, {r4, r5, r6}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #20\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #0, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #8\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #12, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r4, #24\n\t"
+#else
+        "ubfx	r7, r4, #24, #8\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xf00\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r5, lsl #28\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r5, #8, #4\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #16\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #4, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #4\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #16, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r5, #28\n\t"
+#else
+        "ubfx	r7, r5, #28, #4\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r6, lsl #24\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r6, #4, #8\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r6, #12\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r6, #8, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r6, #20\n\t"
+#else
+        "ubfx	r7, r6, #20, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+        "subs	%[rLen], %[rLen], #12\n\t"
+        "bne	L_kyber_arm32_rej_uniform_loop_no_fail_%=\n\t"
+        "b	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_done_no_fail_%=: \n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_loop_%=: \n\t"
+        "ldm	%[r]!, {r4, r5, r6}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #20\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #0, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_0_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_0_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #8\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #12, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_1_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_1_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r4, #24\n\t"
+#else
+        "ubfx	r7, r4, #24, #8\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xf00\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r5, lsl #28\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r5, #8, #4\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_2_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_2_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #16\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #4, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_3_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_3_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #4\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #16, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_4_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_4_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r5, #28\n\t"
+#else
+        "ubfx	r7, r5, #28, #4\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r6, lsl #24\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r6, #4, #8\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_5_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_5_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r6, #12\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r6, #8, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_6_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_6_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r6, #20\n\t"
+#else
+        "ubfx	r7, r6, #20, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_kyber_arm32_rej_uniform_fail_7_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_kyber_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_fail_7_%=: \n\t"
+        "subs	%[rLen], %[rLen], #12\n\t"
+        "bgt	L_kyber_arm32_rej_uniform_loop_%=\n\t"
+        "\n"
+    "L_kyber_arm32_rej_uniform_done_%=: \n\t"
+        "lsr	r0, r12, #1\n\t"
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen),
+          [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8"
+    );
+    return (word32)(size_t)p;
+}
+
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
new file mode 100644
index 000000000..1f229d7b7
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
@@ -0,0 +1,1293 @@
+/* armv8-32-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef HAVE_POLY1305
+#ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.align	4
+	.globl	poly1305_arm32_blocks_16
+	.type	poly1305_arm32_blocks_16, %function
+poly1305_arm32_blocks_16:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #28
+	cmp	r2, #0
+	beq	L_poly1305_arm32_16_done
+	add	lr, sp, #12
+	stm	lr, {r0, r1, r2, r3}
+	# Get h pointer
+	add	lr, r0, #16
+	ldm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_loop:
+	# Add m to h
+	ldr	r1, [sp, #16]
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r9, [r1, #8]
+	ldr	r10, [r1, #12]
+	ldr	r11, [sp, #24]
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r9
+	adcs	r7, r7, r10
+	add	r1, r1, #16
+	adc	r8, r8, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r4, r5, r6, r7, r8}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r7, [lr, #12]
+	str	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	str	r1, [sp, #16]
+	ldr	r1, [sp, #12]
+	# Multiply h by r
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r4, r5, r3, r4
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r6, r7, r3, r6
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r8, r3, r8
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r6, r6, r12
+	adc	r7, r7, r0
+	umlal	r7, r8, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r6, r6, r12
+	adc	r12, r0, r0
+	umlal	r6, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r8, r8, r12
+	adc	r9, r0, r0
+	umlal	r8, r9, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r9, r3, r2, r9
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r6, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r0, r0
+	umlal	r9, r10, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r10, r3, r2, r10
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r7, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r9, r10, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r11, r0
+	umlal	r10, r11, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r11, r3, r2, r11
+#else
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r10, r11, r0, r4
+	# r[1] * h[0]
+	umull	r12, r7, r1, r4
+	# r[0] * h[1]
+	umaal	r11, r12, r0, r5
+	# r[2] * h[0]
+	umull	r8, r9, r2, r4
+	# r[1] * h[1]
+	umaal	r12, r8, r1, r5
+	# r[0] * h[2]
+	umaal	r12, r7, r0, r6
+	# r[3] * h[0]
+	umaal	r8, r9, r3, r4
+	stm	sp, {r10, r11, r12}
+	# r[2] * h[1]
+	umaal	r7, r8, r2, r5
+	# Replace h[0] with h[3]
+	ldr	r4, [lr, #12]
+	# r[1] * h[2]
+	umull	r10, r11, r1, r6
+	# r[2] * h[2]
+	umaal	r8, r9, r2, r6
+	# r[0] * h[3]
+	umaal	r7, r10, r0, r4
+	# r[3] * h[1]
+	umaal	r8, r11, r3, r5
+	# r[1] * h[3]
+	umaal	r8, r10, r1, r4
+	# r[3] * h[2]
+	umaal	r9, r11, r3, r6
+	# r[2] * h[3]
+	umaal	r9, r10, r2, r4
+	# Replace h[1] with h[4]
+	ldr	r5, [lr, #16]
+	# r[3] * h[3]
+	umaal	r10, r11, r3, r4
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r8, r12, r0, r5
+	# r[1] * h[4]
+	umaal	r9, r12, r1, r5
+	# r[2] * h[4]
+	umaal	r10, r12, r2, r5
+	# r[3] * h[4]
+	umaal	r11, r12, r3, r5
+	# DONE
+	ldm	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# r12 will be zero because r is masked.
+	# Load length
+	ldr	r2, [sp, #20]
+	# Reduce mod 2^130 - 5
+	bic	r3, r8, #0x3
+	and	r8, r8, #3
+	adds	r4, r4, r3
+	lsr	r3, r3, #2
+	adcs	r5, r5, r9
+	orr	r3, r3, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r4, r4, r3
+	orr	r10, r10, r11, LSL #30
+	adcs	r5, r5, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	# Sub 16 from length.
+	subs	r2, r2, #16
+	# Store length.
+	str	r2, [sp, #20]
+	# Loop again if more message to do.
+	bgt	L_poly1305_arm32_16_loop
+	stm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_done:
+	add	sp, sp, #28
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_arm32_blocks_16,.-poly1305_arm32_blocks_16
+	.text
+	.type	L_poly1305_arm32_clamp, %object
+	.size	L_poly1305_arm32_clamp, 16
+	.align	4
+L_poly1305_arm32_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	push	{r4, r5, r6, r7, r8, lr}
+	# Load mask.
+	adr	lr, L_poly1305_arm32_clamp
+	ldm	lr, {r6, r7, r8, r12}
+	# Load and cache padding.
+	ldr	r2, [r1, #16]
+	ldr	r3, [r1, #20]
+	ldr	r4, [r1, #24]
+	ldr	r5, [r1, #28]
+	add	lr, r0, #36
+	stm	lr, {r2, r3, r4, r5}
+	# Load, mask and store r.
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	and	r2, r2, r6
+	and	r3, r3, r7
+	and	r4, r4, r8
+	and	r5, r5, r12
+	add	lr, r0, #0
+	stm	lr, {r2, r3, r4, r5}
+	# h (accumulator) = 0
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	eor	r12, r12, r12
+	add	lr, r0, #16
+	eor	r5, r5, r5
+	stm	lr, {r5, r6, r7, r8, r12}
+	# Zero leftover
+	str	r5, [r0, #52]
+	pop	{r4, r5, r6, r7, r8, pc}
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+	add	r9, r0, #16
+	ldm	r9, {r4, r5, r6, r7, r8}
+	# Add 5 and check for h larger than p.
+	adds	r2, r4, #5
+	adcs	r2, r5, #0
+	adcs	r2, r6, #0
+	adcs	r2, r7, #0
+	adc	r2, r8, #0
+	sub	r2, r2, #4
+	lsr	r2, r2, #31
+	sub	r2, r2, #1
+	and	r2, r2, #5
+	# Add 0/5 to h.
+	adds	r4, r4, r2
+	adcs	r5, r5, #0
+	adcs	r6, r6, #0
+	adc	r7, r7, #0
+	# Add padding
+	add	r9, r0, #36
+	ldm	r9, {r2, r3, r12, lr}
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r12
+	adc	r7, r7, lr
+	# Store MAC
+	str	r4, [r1]
+	str	r5, [r1, #4]
+	str	r6, [r1, #8]
+	str	r7, [r1, #12]
+	# Zero out h.
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	add	r9, r0, #16
+	stm	r9, {r4, r5, r6, r7, r8}
+	# Zero out r.
+	add	r9, r0, #0
+	stm	r9, {r4, r5, r6, r7}
+	# Zero out padding.
+	add	r9, r0, #36
+	stm	r9, {r4, r5, r6, r7}
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	poly1305_final,.-poly1305_final
+#else
+	.text
+	.align	4
+	.globl	poly1305_arm32_blocks_16
+	.type	poly1305_arm32_blocks_16, %function
+poly1305_arm32_blocks_16:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #28
+	cmp	r2, #0
+	beq	L_poly1305_arm32_16_done
+	add	lr, sp, #12
+	stm	lr, {r0, r1, r2, r3}
+	# Get h pointer
+	add	lr, r0, #16
+	ldm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_loop:
+	# Add m to h
+	ldr	r1, [sp, #16]
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r9, [r1, #8]
+	ldr	r10, [r1, #12]
+	ldr	r11, [sp, #24]
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r9
+	adcs	r7, r7, r10
+	add	r1, r1, #16
+	adc	r8, r8, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r4, r5, r6, r7, r8}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r7, [lr, #12]
+	str	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	str	r1, [sp, #16]
+	ldr	r1, [sp, #12]
+	# Multiply h by r
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r4, r5, r3, r4
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r6, r7, r3, r6
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r8, r3, r8
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r6, r6, r12
+	adc	r7, r7, r0
+	umlal	r7, r8, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r6, r6, r12
+	adc	r12, r0, r0
+	umlal	r6, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r8, r8, r12
+	adc	r9, r0, r0
+	umlal	r8, r9, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r9, r3, r2, r9
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r6, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r0, r0
+	umlal	r9, r10, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r10, r3, r2, r10
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r7, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r9, r10, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r11, r0
+	umlal	r10, r11, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r11, r3, r2, r11
+#else
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r10, r11, r0, r4
+	# r[1] * h[0]
+	umull	r12, r7, r1, r4
+	# r[0] * h[1]
+	umaal	r11, r12, r0, r5
+	# r[2] * h[0]
+	umull	r8, r9, r2, r4
+	# r[1] * h[1]
+	umaal	r12, r8, r1, r5
+	# r[0] * h[2]
+	umaal	r12, r7, r0, r6
+	# r[3] * h[0]
+	umaal	r8, r9, r3, r4
+	stm	sp, {r10, r11, r12}
+	# r[2] * h[1]
+	umaal	r7, r8, r2, r5
+	# Replace h[0] with h[3]
+	ldr	r4, [lr, #12]
+	# r[1] * h[2]
+	umull	r10, r11, r1, r6
+	# r[2] * h[2]
+	umaal	r8, r9, r2, r6
+	# r[0] * h[3]
+	umaal	r7, r10, r0, r4
+	# r[3] * h[1]
+	umaal	r8, r11, r3, r5
+	# r[1] * h[3]
+	umaal	r8, r10, r1, r4
+	# r[3] * h[2]
+	umaal	r9, r11, r3, r6
+	# r[2] * h[3]
+	umaal	r9, r10, r2, r4
+	# Replace h[1] with h[4]
+	ldr	r5, [lr, #16]
+	# r[3] * h[3]
+	umaal	r10, r11, r3, r4
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r8, r12, r0, r5
+	# r[1] * h[4]
+	umaal	r9, r12, r1, r5
+	# r[2] * h[4]
+	umaal	r10, r12, r2, r5
+	# r[3] * h[4]
+	umaal	r11, r12, r3, r5
+	# DONE
+	ldm	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# r12 will be zero because r is masked.
+	# Load length
+	ldr	r2, [sp, #20]
+	# Reduce mod 2^130 - 5
+	bic	r3, r8, #0x3
+	and	r8, r8, #3
+	adds	r4, r4, r3
+	lsr	r3, r3, #2
+	adcs	r5, r5, r9
+	orr	r3, r3, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r4, r4, r3
+	orr	r10, r10, r11, LSL #30
+	adcs	r5, r5, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	# Sub 16 from length.
+	subs	r2, r2, #16
+	# Store length.
+	str	r2, [sp, #20]
+	# Loop again if more message to do.
+	bgt	L_poly1305_arm32_16_loop
+	stm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_done:
+	add	sp, sp, #28
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_arm32_blocks_16,.-poly1305_arm32_blocks_16
+	.text
+	.align	4
+	.globl	poly1305_arm32_blocks
+	.type	poly1305_arm32_blocks, %function
+poly1305_arm32_blocks:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	vpush	{d8-d15}
+	cmp	r2, #16
+	add	r12, r0, #16
+	bgt	L_poly1305_arm32_blocks_begin_neon
+	ldm	r12, {r7, r8, r9, r10, r11}
+	b	L_poly1305_arm32_blocks_start_1
+L_poly1305_arm32_blocks_begin_neon:
+	vmov.i16	q15, #0xffff
+	vshr.u64	q15, q15, #38
+	vld1.64	{d0-d2}, [r12]
+	vshl.u64	d4, d2, #24
+	vsri.u64	d4, d1, #40
+	vshr.u64	d3, d1, #14
+	vshl.u64	d2, d1, #12
+	vsri.u64	d1, d0, #26
+	vsri.u64	d2, d0, #52
+	vand.u64	d0, d0, d31
+	vand.u64	d3, d3, d31
+	vand.u64	d2, d2, d31
+	vand.u64	d1, d1, d31
+	add	r3, r0, #0x7c
+	vldm.32	r3, {d20-d24}
+	cmp	r2, #0x40
+	bge	L_poly1305_arm32_blocks_begin_4
+	vshl.u32	d6, d21, #2
+	vshl.u32	d7, d22, #2
+	vshl.u32	d8, d23, #2
+	vshl.u32	d9, d24, #2
+	vadd.u32	d6, d6, d21
+	vadd.u32	d7, d7, d22
+	vadd.u32	d8, d8, d23
+	vadd.u32	d9, d9, d24
+	b	L_poly1305_arm32_blocks_start_2
+L_poly1305_arm32_blocks_begin_4:
+	add	r3, r0, #0xa4
+	vldm.32	r3, {d26-d30}
+L_poly1305_arm32_blocks_start_4:
+	sub	r2, #0x40
+	vld4.32	{d10-d13}, [r1]!
+	vshl.u32	d6, d27, #2
+	vshl.u32	d7, d28, #2
+	vshl.u32	d8, d29, #2
+	vshl.u32	d9, d30, #2
+	vadd.u32	d6, d6, d27
+	vadd.u32	d7, d7, d28
+	vadd.u32	d8, d8, d29
+	vadd.u32	d9, d9, d30
+	vshr.u32	d14, d13, #8
+	vshl.u32	d13, d13, #18
+	vorr.i32	d14, d14, #0x1000000
+	vsri.u32	d13, d12, #14
+	vshl.u32	d12, d12, #12
+	vand.i32	d13, d13, #0x3ffffff
+	vsri.u32	d12, d11, #20
+	vshl.u32	d11, d11, #6
+	vand.i32	d12, d12, #0x3ffffff
+	vsri.u32	d11, d10, #26
+	vand.i32	d10, d10, #0x3ffffff
+	vand.i32	d11, d11, #0x3ffffff
+	vadd.u32	d4, d4, d14
+	vadd.u32	q1, q1, q6
+	vadd.u32	q0, q0, q5
+	vmull.u32	q5, d0, d26
+	vmull.u32	q6, d0, d27
+	vmull.u32	q7, d0, d28
+	vmull.u32	q8, d0, d29
+	vmull.u32	q9, d0, d30
+	vmlal.u32	q5, d1, d9
+	vmlal.u32	q6, d1, d26
+	vmlal.u32	q7, d1, d27
+	vmlal.u32	q8, d1, d28
+	vmlal.u32	q9, d1, d29
+	vmlal.u32	q5, d2, d8
+	vmlal.u32	q6, d2, d9
+	vmlal.u32	q7, d2, d26
+	vmlal.u32	q8, d2, d27
+	vmlal.u32	q9, d2, d28
+	vmlal.u32	q5, d3, d7
+	vmlal.u32	q6, d3, d8
+	vmlal.u32	q7, d3, d9
+	vmlal.u32	q8, d3, d26
+	vmlal.u32	q9, d3, d27
+	vmlal.u32	q5, d4, d6
+	vmlal.u32	q6, d4, d7
+	vmlal.u32	q7, d4, d8
+	vmlal.u32	q8, d4, d9
+	vmlal.u32	q9, d4, d26
+	vld4.32	{d0-d3}, [r1]!
+	vshl.u32	d6, d21, #2
+	vshl.u32	d7, d22, #2
+	vshl.u32	d8, d23, #2
+	vshl.u32	d9, d24, #2
+	vadd.u32	d6, d6, d21
+	vadd.u32	d7, d7, d22
+	vadd.u32	d8, d8, d23
+	vadd.u32	d9, d9, d24
+	vshr.u32	d4, d3, #8
+	vshl.u32	d3, d3, #18
+	vorr.i32	d4, d4, #0x1000000
+	vsri.u32	d3, d2, #14
+	vshl.u32	d2, d2, #12
+	vand.i32	d3, d3, #0x3ffffff
+	vsri.u32	d2, d1, #20
+	vshl.u32	d1, d1, #6
+	vand.i32	d2, d2, #0x3ffffff
+	vsri.u32	d1, d0, #26
+	vand.i32	d0, d0, #0x3ffffff
+	vand.i32	d1, d1, #0x3ffffff
+	vmlal.u32	q5, d0, d20
+	vmlal.u32	q6, d0, d21
+	vmlal.u32	q7, d0, d22
+	vmlal.u32	q8, d0, d23
+	vmlal.u32	q9, d0, d24
+	vmlal.u32	q5, d1, d9
+	vmlal.u32	q6, d1, d20
+	vmlal.u32	q7, d1, d21
+	vmlal.u32	q8, d1, d22
+	vmlal.u32	q9, d1, d23
+	vmlal.u32	q5, d2, d8
+	vmlal.u32	q6, d2, d9
+	vmlal.u32	q7, d2, d20
+	vmlal.u32	q8, d2, d21
+	vmlal.u32	q9, d2, d22
+	vmlal.u32	q5, d3, d7
+	vmlal.u32	q6, d3, d8
+	vmlal.u32	q7, d3, d9
+	vmlal.u32	q8, d3, d20
+	vmlal.u32	q9, d3, d21
+	vmlal.u32	q5, d4, d6
+	vmlal.u32	q6, d4, d7
+	vmlal.u32	q7, d4, d8
+	vmlal.u32	q8, d4, d9
+	vmlal.u32	q9, d4, d20
+	vadd.u64	d0, d10, d11
+	vadd.u64	d1, d12, d13
+	vadd.u64	d2, d14, d15
+	vadd.u64	d3, d16, d17
+	vadd.u64	d4, d18, d19
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+	vsra.u64	d2, d1, #26
+	vand.u64	d1, d1, d31
+	vsra.u64	d3, d2, #26
+	vand.u64	d2, d2, d31
+	vsra.u64	d4, d3, #26
+	vand.u64	d3, d3, d31
+	vshr.u64	d15, d4, #26
+	vand.u64	d4, d4, d31
+	vadd.u64	d0, d0, d15
+	vshl.u64	d15, d15, #2
+	vadd.u64	d0, d0, d15
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+	cmp	r2, #0x40
+	bge	L_poly1305_arm32_blocks_start_4
+	cmp	r2, #32
+	blt	L_poly1305_arm32_blocks_done_neon
+L_poly1305_arm32_blocks_start_2:
+	sub	r2, #32
+	vld4.32	{d10-d13}, [r1]!
+	vshr.u32	d14, d13, #8
+	vshl.u32	d13, d13, #18
+	vorr.i32	d14, d14, #0x1000000
+	vsri.u32	d13, d12, #14
+	vshl.u32	d12, d12, #12
+	vand.i32	d13, d13, #0x3ffffff
+	vsri.u32	d12, d11, #20
+	vshl.u32	d11, d11, #6
+	vand.i32	d12, d12, #0x3ffffff
+	vsri.u32	d11, d10, #26
+	vand.i32	d10, d10, #0x3ffffff
+	vand.i32	d11, d11, #0x3ffffff
+	vadd.u32	d4, d4, d14
+	vadd.u32	q1, q1, q6
+	vadd.u32	q0, q0, q5
+	vmull.u32	q5, d0, d20
+	vmull.u32	q6, d0, d21
+	vmull.u32	q7, d0, d22
+	vmull.u32	q8, d0, d23
+	vmull.u32	q9, d0, d24
+	vmlal.u32	q5, d1, d9
+	vmlal.u32	q6, d1, d20
+	vmlal.u32	q7, d1, d21
+	vmlal.u32	q8, d1, d22
+	vmlal.u32	q9, d1, d23
+	vmlal.u32	q5, d2, d8
+	vmlal.u32	q6, d2, d9
+	vmlal.u32	q7, d2, d20
+	vmlal.u32	q8, d2, d21
+	vmlal.u32	q9, d2, d22
+	vmlal.u32	q5, d3, d7
+	vmlal.u32	q6, d3, d8
+	vmlal.u32	q7, d3, d9
+	vmlal.u32	q8, d3, d20
+	vmlal.u32	q9, d3, d21
+	vmlal.u32	q5, d4, d6
+	vmlal.u32	q6, d4, d7
+	vmlal.u32	q7, d4, d8
+	vmlal.u32	q8, d4, d9
+	vmlal.u32	q9, d4, d20
+	vadd.u64	d0, d10, d11
+	vadd.u64	d1, d12, d13
+	vadd.u64	d2, d14, d15
+	vadd.u64	d3, d16, d17
+	vadd.u64	d4, d18, d19
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+	vsra.u64	d2, d1, #26
+	vand.u64	d1, d1, d31
+	vsra.u64	d3, d2, #26
+	vand.u64	d2, d2, d31
+	vsra.u64	d4, d3, #26
+	vand.u64	d3, d3, d31
+	vshr.u64	d5, d4, #26
+	vand.u64	d4, d4, d31
+	vadd.u64	d0, d0, d5
+	vshl.u64	d5, d5, #2
+	vadd.u64	d0, d0, d5
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+L_poly1305_arm32_blocks_done_neon:
+	cmp	r2, #16
+	beq	L_poly1305_arm32_blocks_begin_1
+	add	r12, r0, #16
+	vsli.u64	d0, d1, #26
+	vsli.u64	d0, d2, #52
+	vshr.u64	d1, d2, #12
+	vsli.u64	d1, d3, #14
+	vsli.u64	d1, d4, #40
+	vshr.u64	d2, d4, #24
+	vst1.64	{d0-d2}, [r12]
+	b	L_poly1305_arm32_blocks_done
+L_poly1305_arm32_blocks_begin_1:
+	vsli.u64	d0, d1, #26
+	vsli.u64	d0, d2, #52
+	vshr.u64	d1, d2, #12
+	vsli.u64	d1, d3, #14
+	vsli.u64	d1, d4, #40
+	vshr.u64	d2, d4, #24
+	vmov	r7, r8, d0
+	vmov	r9, r10, d1
+	vmov	r11, d2[0]
+L_poly1305_arm32_blocks_start_1:
+	mov	r12, #1
+	push	{r2}
+	# Load message
+	ldm	r1, {r2, r3, r4, r5}
+	# Add message
+	adds	r7, r7, r2
+	adcs	r8, r8, r3
+	adcs	r9, r9, r4
+	adcs	r10, r10, r5
+	adc	r11, r11, r12
+	push	{r0, r1}
+	add	r1, r0, #0
+	add	lr, r0, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r7, r8, r9, r10, r11}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r10, [lr, #12]
+	str	r11, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r7, r8, r3, r7
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r9, r10, r3, r9
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r11, r3, r11
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r8, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r10, r11, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r8, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r9, r9, r12
+	adc	r12, r0, r0
+	umlal	r9, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r10, r10, r12
+	adc	r12, r0, r0
+	umlal	r10, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r11, r11, r12
+	adc	r4, r0, r0
+	umlal	r11, r4, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r4, r3, r2, r4
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r9, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r10, r10, r12
+	adc	r12, r0, r0
+	umlal	r10, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r11, r11, r12
+	adc	r12, r0, r0
+	umlal	r11, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r4, r4, r12
+	adc	r5, r0, r0
+	umlal	r4, r5, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r5, r3, r2, r5
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r10, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r11, r11, r12
+	adc	r12, r0, r0
+	umlal	r11, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r4, r4, r12
+	adc	r5, r5, r0
+	umlal	r4, r5, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r6, r0
+	umlal	r5, r6, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r6, r3, r2, r6
+#else
+	sub	sp, sp, #12
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r5, r6, r0, r7
+	# r[1] * h[0]
+	umull	r12, r10, r1, r7
+	# r[0] * h[1]
+	umaal	r6, r12, r0, r8
+	# r[2] * h[0]
+	umull	r11, r4, r2, r7
+	# r[1] * h[1]
+	umaal	r12, r11, r1, r8
+	# r[0] * h[2]
+	umaal	r12, r10, r0, r9
+	# r[3] * h[0]
+	umaal	r11, r4, r3, r7
+	stm	sp, {r5, r6, r12}
+	# r[2] * h[1]
+	umaal	r10, r11, r2, r8
+	# Replace h[0] with h[3]
+	ldr	r7, [lr, #12]
+	# r[1] * h[2]
+	umull	r5, r6, r1, r9
+	# r[2] * h[2]
+	umaal	r11, r4, r2, r9
+	# r[0] * h[3]
+	umaal	r10, r5, r0, r7
+	# r[3] * h[1]
+	umaal	r11, r6, r3, r8
+	# r[1] * h[3]
+	umaal	r11, r5, r1, r7
+	# r[3] * h[2]
+	umaal	r4, r6, r3, r9
+	# r[2] * h[3]
+	umaal	r4, r5, r2, r7
+	# Replace h[1] with h[4]
+	ldr	r8, [lr, #16]
+	# r[3] * h[3]
+	umaal	r5, r6, r3, r7
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r11, r12, r0, r8
+	# r[1] * h[4]
+	umaal	r4, r12, r1, r8
+	# r[2] * h[4]
+	umaal	r5, r12, r2, r8
+	# r[3] * h[4]
+	umaal	r6, r12, r3, r8
+	# DONE
+	ldm	sp, {r7, r8, r9}
+	add	sp, sp, #12
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# Reduce mod 2^130 - 5
+	bic	r3, r11, #0x3
+	and	r11, r11, #3
+	adds	r7, r7, r3
+	lsr	r3, r3, #2
+	adcs	r8, r8, r4
+	orr	r3, r3, r4, LSL #30
+	adcs	r9, r9, r5
+	lsr	r4, r4, #2
+	adcs	r10, r10, r6
+	orr	r4, r4, r5, LSL #30
+	adc	r11, r11, r12
+	lsr	r5, r5, #2
+	adds	r7, r7, r3
+	orr	r5, r5, r6, LSL #30
+	adcs	r8, r8, r4
+	lsr	r6, r6, #2
+	adcs	r9, r9, r5
+	adcs	r10, r10, r6
+	adc	r11, r11, r12
+	pop	{r0, r1}
+	pop	{r2}
+	add	r12, r0, #16
+	stm	r12, {r7, r8, r9, r10, r11}
+L_poly1305_arm32_blocks_done:
+	vpop	{d8-d15}
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_arm32_blocks,.-poly1305_arm32_blocks
+	.text
+	.type	L_poly1305_arm32_clamp, %object
+	.size	L_poly1305_arm32_clamp, 16
+	.align	4
+L_poly1305_arm32_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	vpush	{d8-d15}
+	# Load mask.
+	adr	lr, L_poly1305_arm32_clamp
+	ldm	lr, {r6, r7, r8, r9}
+	# Load and cache padding.
+	ldr	r2, [r1, #16]
+	ldr	r3, [r1, #20]
+	ldr	r4, [r1, #24]
+	ldr	r5, [r1, #28]
+	add	lr, r0, #40
+	stm	lr, {r2, r3, r4, r5}
+	# Load, mask and store r.
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	and	r2, r2, r6
+	and	r3, r3, r7
+	and	r4, r4, r8
+	and	r5, r5, r9
+	add	lr, r0, #0
+	stm	lr, {r2, r3, r4, r5}
+	vmov.i16	q10, #0xffff
+	vshr.u64	q10, q10, #38
+	lsr	r8, r2, #26
+	lsr	r9, r3, #20
+	lsr	r10, r4, #14
+	lsr	r11, r5, #8
+	eor	r8, r8, r3, lsl #6
+	eor	r9, r9, r4, lsl #12
+	eor	r10, r10, r5, lsl #18
+	and	r7, r2, #0x3ffffff
+	and	r8, r8, #0x3ffffff
+	and	r9, r9, #0x3ffffff
+	and	r10, r10, #0x3ffffff
+	vmov.i32	s1, r7
+	vmov.i32	s3, r8
+	vmov.i32	s5, r9
+	vmov.i32	s7, r10
+	vmov.i32	s9, r11
+	push	{r0, r1}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# Square r
+	umull	r1, r6, r2, r3
+	mov	r12, #0
+	umull	r7, r8, r2, r5
+	mov	lr, r12
+	umlal	r6, lr, r2, r4
+	adds	r7, r7, lr
+	adc	lr, r12, r12
+	umlal	r7, lr, r3, r4
+	mov	r9, r12
+	umlal	lr, r9, r3, r5
+	adds	r8, r8, lr
+	adcs	r9, r9, r12
+	adc	r10, r12, r12
+	umlal	r9, r10, r4, r5
+	adds	r1, r1, r1
+	adcs	r6, r6, r6
+	adcs	r7, r7, r7
+	adcs	r8, r8, r8
+	adcs	r9, r9, r9
+	adcs	r10, r10, r10
+	adc	r11, r12, r12
+	umull	r0, lr, r2, r2
+	adds	r1, r1, lr
+	adcs	r6, r6, r12
+	adc	lr, r12, r12
+	umlal	r6, lr, r3, r3
+	adds	r7, r7, lr
+	adcs	r8, r8, r12
+	adc	lr, r12, r12
+	umlal	r8, lr, r4, r4
+	adds	r9, r9, lr
+	adcs	r10, r10, r12
+	adc	r11, r11, r12
+	umlal	r10, r11, r5, r5
+#else
+	umull	r0, r1, r2, r2
+	umull	r6, r7, r2, r3
+	adds	r6, r6, r6
+	mov	r12, #0
+	umaal	r1, r6, r12, r12
+	mov	r8, r12
+	umaal	r8, r7, r2, r4
+	adcs	r8, r8, r8
+	umaal	r6, r8, r3, r3
+	umull	r9, r10, r2, r5
+	umaal	r7, r9, r3, r4
+	adcs	r7, r7, r7
+	umaal	r7, r8, r12, r12
+	umaal	r10, r9, r3, r5
+	adcs	r10, r10, r10
+	umaal	r8, r10, r4, r4
+	mov	r11, r12
+	umaal	r9, r11, r4, r5
+	adcs	r9, r9, r9
+	umaal	r9, r10, r12, r12
+	adcs	r11, r11, r11
+	umaal	r10, r11, r5, r5
+	adc	r11, r11, r12
+#endif /* defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) */
+	# Reduce mod 2^130 - 5
+	bic	r2, r8, #0x3
+	and	r8, r8, #3
+	adds	r0, r0, r2
+	lsr	r2, r2, #2
+	adcs	r1, r1, r9
+	orr	r2, r2, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r0, r0, r2
+	orr	r10, r10, r11, LSL #30
+	adcs	r1, r1, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	lsr	r3, r0, #26
+	lsr	r4, r1, #20
+	lsr	r5, r6, #14
+	lsr	r10, r7, #8
+	eor	r3, r3, r1, lsl #6
+	eor	r4, r4, r6, lsl #12
+	eor	r5, r5, r7, lsl #18
+	eor	r10, r10, r8, lsl #24
+	and	r2, r0, #0x3ffffff
+	and	r3, r3, #0x3ffffff
+	and	r4, r4, #0x3ffffff
+	and	r5, r5, #0x3ffffff
+	vmov.i32	s0, r2
+	vmov.i32	s2, r3
+	vmov.i32	s4, r4
+	vmov.i32	s6, r5
+	vmov.i32	s8, r10
+	pop	{r0, r1}
+	add	lr, r0, #0x7c
+	vstm.32	lr, {d0-d4}
+	# Multiply r^2, r by r^2
+	vshl.u32	d6, d1, #2
+	vshl.u32	d7, d2, #2
+	vshl.u32	d8, d3, #2
+	vshl.u32	d9, d4, #2
+	vadd.u32	d6, d6, d1
+	vadd.u32	d7, d7, d2
+	vadd.u32	d8, d8, d3
+	vadd.u32	d9, d9, d4
+	vmull.u32	q5, d0, d0[0]
+	vmull.u32	q6, d0, d1[0]
+	vmull.u32	q7, d0, d2[0]
+	vmull.u32	q8, d0, d3[0]
+	vmull.u32	q9, d0, d4[0]
+	vmlal.u32	q5, d1, d9[0]
+	vmlal.u32	q6, d1, d0[0]
+	vmlal.u32	q7, d1, d1[0]
+	vmlal.u32	q8, d1, d2[0]
+	vmlal.u32	q9, d1, d3[0]
+	vmlal.u32	q5, d2, d8[0]
+	vmlal.u32	q6, d2, d9[0]
+	vmlal.u32	q7, d2, d0[0]
+	vmlal.u32	q8, d2, d1[0]
+	vmlal.u32	q9, d2, d2[0]
+	vmlal.u32	q5, d3, d7[0]
+	vmlal.u32	q6, d3, d8[0]
+	vmlal.u32	q7, d3, d9[0]
+	vmlal.u32	q8, d3, d0[0]
+	vmlal.u32	q9, d3, d1[0]
+	vmlal.u32	q5, d4, d6[0]
+	vmlal.u32	q6, d4, d7[0]
+	vmlal.u32	q7, d4, d8[0]
+	vmlal.u32	q8, d4, d9[0]
+	vmlal.u32	q9, d4, d0[0]
+	vsra.u64	q6, q5, #26
+	vand.u64	q5, q5, q10
+	vsra.u64	q7, q6, #26
+	vand.u64	q6, q6, q10
+	vsra.u64	q8, q7, #26
+	vand.u64	q7, q7, q10
+	vsra.u64	q9, q8, #26
+	vand.u64	q8, q8, q10
+	vshr.u64	q3, q9, #26
+	vand.u64	q9, q9, q10
+	vadd.u64	q5, q5, q3
+	vshl.u64	q3, q3, #2
+	vadd.u64	q5, q5, q3
+	vsra.u64	q6, q5, #26
+	vand.u64	q5, q5, q10
+	vmovn.i64	d10, q5
+	vmovn.i64	d11, q6
+	vmovn.i64	d12, q7
+	vmovn.i64	d13, q8
+	vmovn.i64	d14, q9
+	add	lr, r0, #0xa4
+	vstm.32	lr, {d10-d14}
+	# h (accumulator) = 0
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	eor	r9, r9, r9
+	add	lr, r0, #16
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	stm	lr, {r4, r5, r6, r7, r8, r9}
+	# Zero leftover
+	str	r5, [r0, #56]
+	vpop	{d8-d15}
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+	add	r9, r0, #16
+	ldm	r9, {r4, r5, r6, r7, r8}
+	# Add 5 and check for h larger than p.
+	adds	r2, r4, #5
+	adcs	r2, r5, #0
+	adcs	r2, r6, #0
+	adcs	r2, r7, #0
+	adc	r2, r8, #0
+	sub	r2, r2, #4
+	lsr	r2, r2, #31
+	sub	r2, r2, #1
+	and	r2, r2, #5
+	# Add 0/5 to h.
+	adds	r4, r4, r2
+	adcs	r5, r5, #0
+	adcs	r6, r6, #0
+	adc	r7, r7, #0
+	# Add padding
+	add	r9, r0, #40
+	ldm	r9, {r2, r3, r12, lr}
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r12
+	adc	r7, r7, lr
+	# Store MAC
+	str	r4, [r1]
+	str	r5, [r1, #4]
+	str	r6, [r1, #8]
+	str	r7, [r1, #12]
+	# Zero out h.
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	add	r9, r0, #16
+	stm	r9, {r4, r5, r6, r7, r8}
+	# Zero out r.
+	add	r9, r0, #0
+	stm	r9, {r4, r5, r6, r7}
+	# Zero out padding.
+	add	r9, r0, #40
+	stm	r9, {r4, r5, r6, r7}
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	poly1305_final,.-poly1305_final
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
new file mode 100644
index 000000000..ca961e60c
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
@@ -0,0 +1,1361 @@
+/* armv8-32-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+#ifdef WOLFSSL_ARMASM_NO_NEON
+void poly1305_arm32_blocks_16(Poly1305* ctx_p, const byte* m_p, word32 len_p,
+    int notLast_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* m asm ("r1") = (const byte*)m_p;
+    register word32 len asm ("r2") = (word32)len_p;
+    register int notLast asm ("r3") = (int)notLast_p;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #28\n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_poly1305_arm32_16_done_%=\n\t"
+        "add	lr, sp, #12\n\t"
+        "stm	lr, {r0, r1, r2, r3}\n\t"
+        /* Get h pointer */
+        "add	lr, %[ctx], #16\n\t"
+        "ldm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_loop_%=: \n\t"
+        /* Add m to h */
+        "ldr	%[m], [sp, #16]\n\t"
+        "ldr	%[len], [%[m]]\n\t"
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	r9, [%[m], #8]\n\t"
+        "ldr	r10, [%[m], #12]\n\t"
+        "ldr	r11, [sp, #24]\n\t"
+        "adds	r4, r4, %[len]\n\t"
+        "adcs	r5, r5, %[notLast]\n\t"
+        "adcs	r6, r6, r9\n\t"
+        "adcs	r7, r7, r10\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "adc	r8, r8, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r7, [lr, #12]\n\t"
+        "str	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        "str	%[m], [sp, #16]\n\t"
+        "ldr	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	%[notLast], [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r7, r7, %[ctx]\n\t"
+        "umlal	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r9, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "ldr	%[notLast], [%[m], #8]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "ldr	%[notLast], [%[m], #12]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "mov	r11, %[ctx]\n\t"
+        "umlal	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r11, %[notLast], %[len], r11\n\t"
+#else
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "umaal	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "umull	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "umaal	r8, r9, %[notLast], r4\n\t"
+        "stm	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "umaal	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "umaal	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "umaal	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "umaal	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "umaal	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "umaal	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r10, r11, %[notLast], r4\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "umaal	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "umaal	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "umaal	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "ldm	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "ldr	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "bic	%[notLast], r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "lsr	%[notLast], %[notLast], #2\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "orr	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "subs	%[len], %[len], #16\n\t"
+        /* Store length. */
+        "str	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+        "bgt	L_poly1305_arm32_16_loop_%=\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_done_%=: \n\t"
+        "add	sp, sp, #28\n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len),
+          [notLast] "+r" (notLast)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+static const word32 L_poly1305_arm32_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_arm32_clamp_c asm ("r2") =
+        (word32*)&L_poly1305_arm32_clamp;
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "mov	lr, %[L_poly1305_arm32_clamp]\n\t"
+        "ldm	lr, {r6, r7, r8, r12}\n\t"
+        /* Load and cache padding. */
+        "ldr	r2, [%[key], #16]\n\t"
+        "ldr	r3, [%[key], #20]\n\t"
+        "ldr	r4, [%[key], #24]\n\t"
+        "ldr	r5, [%[key], #28]\n\t"
+        "add	lr, %[ctx], #36\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "ldr	r2, [%[key]]\n\t"
+        "ldr	r3, [%[key], #4]\n\t"
+        "ldr	r4, [%[key], #8]\n\t"
+        "ldr	r5, [%[key], #12]\n\t"
+        "and	r2, r2, r6\n\t"
+        "and	r3, r3, r7\n\t"
+        "and	r4, r4, r8\n\t"
+        "and	r5, r5, r12\n\t"
+        "add	lr, %[ctx], #0\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* h (accumulator) = 0 */
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "eor	r12, r12, r12\n\t"
+        "add	lr, %[ctx], #16\n\t"
+        "eor	r5, r5, r5\n\t"
+        "stm	lr, {r5, r6, r7, r8, r12}\n\t"
+        /* Zero leftover */
+        "str	r5, [%[ctx], #52]\n\t"
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c)
+        :
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
+    );
+}
+
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register byte* mac asm ("r1") = (byte*)mac_p;
+
+    __asm__ __volatile__ (
+        "add	r9, %[ctx], #16\n\t"
+        "ldm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "adds	r2, r4, #5\n\t"
+        "adcs	r2, r5, #0\n\t"
+        "adcs	r2, r6, #0\n\t"
+        "adcs	r2, r7, #0\n\t"
+        "adc	r2, r8, #0\n\t"
+        "sub	r2, r2, #4\n\t"
+        "lsr	r2, r2, #31\n\t"
+        "sub	r2, r2, #1\n\t"
+        "and	r2, r2, #5\n\t"
+        /* Add 0/5 to h. */
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, #0\n\t"
+        "adcs	r6, r6, #0\n\t"
+        "adc	r7, r7, #0\n\t"
+        /* Add padding */
+        "add	r9, %[ctx], #36\n\t"
+        "ldm	r9, {r2, r3, r12, lr}\n\t"
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, r3\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	r7, r7, lr\n\t"
+        /* Store MAC */
+        "str	r4, [%[mac]]\n\t"
+        "str	r5, [%[mac], #4]\n\t"
+        "str	r6, [%[mac], #8]\n\t"
+        "str	r7, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "add	r9, %[ctx], #16\n\t"
+        "stm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Zero out r. */
+        "add	r9, %[ctx], #0\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        /* Zero out padding. */
+        "add	r9, %[ctx], #36\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9"
+    );
+}
+
+#else
+void poly1305_arm32_blocks_16(Poly1305* ctx_p, const byte* m_p, word32 len_p,
+    int notLast_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* m asm ("r1") = (const byte*)m_p;
+    register word32 len asm ("r2") = (word32)len_p;
+    register int notLast asm ("r3") = (int)notLast_p;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #28\n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_poly1305_arm32_16_done_%=\n\t"
+        "add	lr, sp, #12\n\t"
+        "stm	lr, {r0, r1, r2, r3}\n\t"
+        /* Get h pointer */
+        "add	lr, %[ctx], #16\n\t"
+        "ldm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_loop_%=: \n\t"
+        /* Add m to h */
+        "ldr	%[m], [sp, #16]\n\t"
+        "ldr	%[len], [%[m]]\n\t"
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	r9, [%[m], #8]\n\t"
+        "ldr	r10, [%[m], #12]\n\t"
+        "ldr	r11, [sp, #24]\n\t"
+        "adds	r4, r4, %[len]\n\t"
+        "adcs	r5, r5, %[notLast]\n\t"
+        "adcs	r6, r6, r9\n\t"
+        "adcs	r7, r7, r10\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "adc	r8, r8, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r7, [lr, #12]\n\t"
+        "str	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        "str	%[m], [sp, #16]\n\t"
+        "ldr	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	%[notLast], [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r7, r7, %[ctx]\n\t"
+        "umlal	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r9, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "ldr	%[notLast], [%[m], #8]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "ldr	%[notLast], [%[m], #12]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "mov	r11, %[ctx]\n\t"
+        "umlal	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r11, %[notLast], %[len], r11\n\t"
+#else
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "umaal	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "umull	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "umaal	r8, r9, %[notLast], r4\n\t"
+        "stm	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "umaal	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "umaal	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "umaal	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "umaal	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "umaal	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "umaal	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r10, r11, %[notLast], r4\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "umaal	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "umaal	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "umaal	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "ldm	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "ldr	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "bic	%[notLast], r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "lsr	%[notLast], %[notLast], #2\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "orr	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "subs	%[len], %[len], #16\n\t"
+        /* Store length. */
+        "str	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+        "bgt	L_poly1305_arm32_16_loop_%=\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_done_%=: \n\t"
+        "add	sp, sp, #28\n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len),
+          [notLast] "+r" (notLast)
+        :
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+void poly1305_arm32_blocks(Poly1305* ctx_p, const unsigned char* m_p,
+    size_t bytes_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const unsigned char* m asm ("r1") = (const unsigned char*)m_p;
+    register size_t bytes asm ("r2") = (size_t)bytes_p;
+
+    __asm__ __volatile__ (
+        "cmp	%[bytes], #16\n\t"
+        "add	r12, %[ctx], #16\n\t"
+        "bgt	L_poly1305_arm32_blocks_begin_neon_%=\n\t"
+        "ldm	r12, {r7, r8, r9, r10, r11}\n\t"
+        "b	L_poly1305_arm32_blocks_start_1_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_begin_neon_%=: \n\t"
+        "vmov.i16	q15, #0xffff\n\t"
+        "vshr.u64	q15, q15, #38\n\t"
+        "vld1.64	{d0-d2}, [r12]\n\t"
+        "vshl.u64	d4, d2, #24\n\t"
+        "vsri.u64	d4, d1, #40\n\t"
+        "vshr.u64	d3, d1, #14\n\t"
+        "vshl.u64	d2, d1, #12\n\t"
+        "vsri.u64	d1, d0, #26\n\t"
+        "vsri.u64	d2, d0, #52\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "vand.u64	d3, d3, d31\n\t"
+        "vand.u64	d2, d2, d31\n\t"
+        "vand.u64	d1, d1, d31\n\t"
+        "add	r3, %[ctx], #0x7c\n\t"
+        "vldm.32	r3, {d20-d24}\n\t"
+        "cmp	%[bytes], #0x40\n\t"
+        "bge	L_poly1305_arm32_blocks_begin_4_%=\n\t"
+        "vshl.u32	d6, d21, #2\n\t"
+        "vshl.u32	d7, d22, #2\n\t"
+        "vshl.u32	d8, d23, #2\n\t"
+        "vshl.u32	d9, d24, #2\n\t"
+        "vadd.u32	d6, d6, d21\n\t"
+        "vadd.u32	d7, d7, d22\n\t"
+        "vadd.u32	d8, d8, d23\n\t"
+        "vadd.u32	d9, d9, d24\n\t"
+        "b	L_poly1305_arm32_blocks_start_2_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_begin_4_%=: \n\t"
+        "add	r3, %[ctx], #0xa4\n\t"
+        "vldm.32	r3, {d26-d30}\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_start_4_%=: \n\t"
+        "sub	%[bytes], #0x40\n\t"
+        "vld4.32	{d10-d13}, [%[m]]!\n\t"
+        "vshl.u32	d6, d27, #2\n\t"
+        "vshl.u32	d7, d28, #2\n\t"
+        "vshl.u32	d8, d29, #2\n\t"
+        "vshl.u32	d9, d30, #2\n\t"
+        "vadd.u32	d6, d6, d27\n\t"
+        "vadd.u32	d7, d7, d28\n\t"
+        "vadd.u32	d8, d8, d29\n\t"
+        "vadd.u32	d9, d9, d30\n\t"
+        "vshr.u32	d14, d13, #8\n\t"
+        "vshl.u32	d13, d13, #18\n\t"
+        "vorr.i32	d14, d14, #0x1000000\n\t"
+        "vsri.u32	d13, d12, #14\n\t"
+        "vshl.u32	d12, d12, #12\n\t"
+        "vand.i32	d13, d13, #0x3ffffff\n\t"
+        "vsri.u32	d12, d11, #20\n\t"
+        "vshl.u32	d11, d11, #6\n\t"
+        "vand.i32	d12, d12, #0x3ffffff\n\t"
+        "vsri.u32	d11, d10, #26\n\t"
+        "vand.i32	d10, d10, #0x3ffffff\n\t"
+        "vand.i32	d11, d11, #0x3ffffff\n\t"
+        "vadd.u32	d4, d4, d14\n\t"
+        "vadd.u32	q1, q1, q6\n\t"
+        "vadd.u32	q0, q0, q5\n\t"
+        "vmull.u32	q5, d0, d26\n\t"
+        "vmull.u32	q6, d0, d27\n\t"
+        "vmull.u32	q7, d0, d28\n\t"
+        "vmull.u32	q8, d0, d29\n\t"
+        "vmull.u32	q9, d0, d30\n\t"
+        "vmlal.u32	q5, d1, d9\n\t"
+        "vmlal.u32	q6, d1, d26\n\t"
+        "vmlal.u32	q7, d1, d27\n\t"
+        "vmlal.u32	q8, d1, d28\n\t"
+        "vmlal.u32	q9, d1, d29\n\t"
+        "vmlal.u32	q5, d2, d8\n\t"
+        "vmlal.u32	q6, d2, d9\n\t"
+        "vmlal.u32	q7, d2, d26\n\t"
+        "vmlal.u32	q8, d2, d27\n\t"
+        "vmlal.u32	q9, d2, d28\n\t"
+        "vmlal.u32	q5, d3, d7\n\t"
+        "vmlal.u32	q6, d3, d8\n\t"
+        "vmlal.u32	q7, d3, d9\n\t"
+        "vmlal.u32	q8, d3, d26\n\t"
+        "vmlal.u32	q9, d3, d27\n\t"
+        "vmlal.u32	q5, d4, d6\n\t"
+        "vmlal.u32	q6, d4, d7\n\t"
+        "vmlal.u32	q7, d4, d8\n\t"
+        "vmlal.u32	q8, d4, d9\n\t"
+        "vmlal.u32	q9, d4, d26\n\t"
+        "vld4.32	{d0-d3}, [%[m]]!\n\t"
+        "vshl.u32	d6, d21, #2\n\t"
+        "vshl.u32	d7, d22, #2\n\t"
+        "vshl.u32	d8, d23, #2\n\t"
+        "vshl.u32	d9, d24, #2\n\t"
+        "vadd.u32	d6, d6, d21\n\t"
+        "vadd.u32	d7, d7, d22\n\t"
+        "vadd.u32	d8, d8, d23\n\t"
+        "vadd.u32	d9, d9, d24\n\t"
+        "vshr.u32	d4, d3, #8\n\t"
+        "vshl.u32	d3, d3, #18\n\t"
+        "vorr.i32	d4, d4, #0x1000000\n\t"
+        "vsri.u32	d3, d2, #14\n\t"
+        "vshl.u32	d2, d2, #12\n\t"
+        "vand.i32	d3, d3, #0x3ffffff\n\t"
+        "vsri.u32	d2, d1, #20\n\t"
+        "vshl.u32	d1, d1, #6\n\t"
+        "vand.i32	d2, d2, #0x3ffffff\n\t"
+        "vsri.u32	d1, d0, #26\n\t"
+        "vand.i32	d0, d0, #0x3ffffff\n\t"
+        "vand.i32	d1, d1, #0x3ffffff\n\t"
+        "vmlal.u32	q5, d0, d20\n\t"
+        "vmlal.u32	q6, d0, d21\n\t"
+        "vmlal.u32	q7, d0, d22\n\t"
+        "vmlal.u32	q8, d0, d23\n\t"
+        "vmlal.u32	q9, d0, d24\n\t"
+        "vmlal.u32	q5, d1, d9\n\t"
+        "vmlal.u32	q6, d1, d20\n\t"
+        "vmlal.u32	q7, d1, d21\n\t"
+        "vmlal.u32	q8, d1, d22\n\t"
+        "vmlal.u32	q9, d1, d23\n\t"
+        "vmlal.u32	q5, d2, d8\n\t"
+        "vmlal.u32	q6, d2, d9\n\t"
+        "vmlal.u32	q7, d2, d20\n\t"
+        "vmlal.u32	q8, d2, d21\n\t"
+        "vmlal.u32	q9, d2, d22\n\t"
+        "vmlal.u32	q5, d3, d7\n\t"
+        "vmlal.u32	q6, d3, d8\n\t"
+        "vmlal.u32	q7, d3, d9\n\t"
+        "vmlal.u32	q8, d3, d20\n\t"
+        "vmlal.u32	q9, d3, d21\n\t"
+        "vmlal.u32	q5, d4, d6\n\t"
+        "vmlal.u32	q6, d4, d7\n\t"
+        "vmlal.u32	q7, d4, d8\n\t"
+        "vmlal.u32	q8, d4, d9\n\t"
+        "vmlal.u32	q9, d4, d20\n\t"
+        "vadd.u64	d0, d10, d11\n\t"
+        "vadd.u64	d1, d12, d13\n\t"
+        "vadd.u64	d2, d14, d15\n\t"
+        "vadd.u64	d3, d16, d17\n\t"
+        "vadd.u64	d4, d18, d19\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "vsra.u64	d2, d1, #26\n\t"
+        "vand.u64	d1, d1, d31\n\t"
+        "vsra.u64	d3, d2, #26\n\t"
+        "vand.u64	d2, d2, d31\n\t"
+        "vsra.u64	d4, d3, #26\n\t"
+        "vand.u64	d3, d3, d31\n\t"
+        "vshr.u64	d15, d4, #26\n\t"
+        "vand.u64	d4, d4, d31\n\t"
+        "vadd.u64	d0, d0, d15\n\t"
+        "vshl.u64	d15, d15, #2\n\t"
+        "vadd.u64	d0, d0, d15\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "cmp	%[bytes], #0x40\n\t"
+        "bge	L_poly1305_arm32_blocks_start_4_%=\n\t"
+        "cmp	%[bytes], #32\n\t"
+        "blt	L_poly1305_arm32_blocks_done_neon_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_start_2_%=: \n\t"
+        "sub	%[bytes], #32\n\t"
+        "vld4.32	{d10-d13}, [%[m]]!\n\t"
+        "vshr.u32	d14, d13, #8\n\t"
+        "vshl.u32	d13, d13, #18\n\t"
+        "vorr.i32	d14, d14, #0x1000000\n\t"
+        "vsri.u32	d13, d12, #14\n\t"
+        "vshl.u32	d12, d12, #12\n\t"
+        "vand.i32	d13, d13, #0x3ffffff\n\t"
+        "vsri.u32	d12, d11, #20\n\t"
+        "vshl.u32	d11, d11, #6\n\t"
+        "vand.i32	d12, d12, #0x3ffffff\n\t"
+        "vsri.u32	d11, d10, #26\n\t"
+        "vand.i32	d10, d10, #0x3ffffff\n\t"
+        "vand.i32	d11, d11, #0x3ffffff\n\t"
+        "vadd.u32	d4, d4, d14\n\t"
+        "vadd.u32	q1, q1, q6\n\t"
+        "vadd.u32	q0, q0, q5\n\t"
+        "vmull.u32	q5, d0, d20\n\t"
+        "vmull.u32	q6, d0, d21\n\t"
+        "vmull.u32	q7, d0, d22\n\t"
+        "vmull.u32	q8, d0, d23\n\t"
+        "vmull.u32	q9, d0, d24\n\t"
+        "vmlal.u32	q5, d1, d9\n\t"
+        "vmlal.u32	q6, d1, d20\n\t"
+        "vmlal.u32	q7, d1, d21\n\t"
+        "vmlal.u32	q8, d1, d22\n\t"
+        "vmlal.u32	q9, d1, d23\n\t"
+        "vmlal.u32	q5, d2, d8\n\t"
+        "vmlal.u32	q6, d2, d9\n\t"
+        "vmlal.u32	q7, d2, d20\n\t"
+        "vmlal.u32	q8, d2, d21\n\t"
+        "vmlal.u32	q9, d2, d22\n\t"
+        "vmlal.u32	q5, d3, d7\n\t"
+        "vmlal.u32	q6, d3, d8\n\t"
+        "vmlal.u32	q7, d3, d9\n\t"
+        "vmlal.u32	q8, d3, d20\n\t"
+        "vmlal.u32	q9, d3, d21\n\t"
+        "vmlal.u32	q5, d4, d6\n\t"
+        "vmlal.u32	q6, d4, d7\n\t"
+        "vmlal.u32	q7, d4, d8\n\t"
+        "vmlal.u32	q8, d4, d9\n\t"
+        "vmlal.u32	q9, d4, d20\n\t"
+        "vadd.u64	d0, d10, d11\n\t"
+        "vadd.u64	d1, d12, d13\n\t"
+        "vadd.u64	d2, d14, d15\n\t"
+        "vadd.u64	d3, d16, d17\n\t"
+        "vadd.u64	d4, d18, d19\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "vsra.u64	d2, d1, #26\n\t"
+        "vand.u64	d1, d1, d31\n\t"
+        "vsra.u64	d3, d2, #26\n\t"
+        "vand.u64	d2, d2, d31\n\t"
+        "vsra.u64	d4, d3, #26\n\t"
+        "vand.u64	d3, d3, d31\n\t"
+        "vshr.u64	d5, d4, #26\n\t"
+        "vand.u64	d4, d4, d31\n\t"
+        "vadd.u64	d0, d0, d5\n\t"
+        "vshl.u64	d5, d5, #2\n\t"
+        "vadd.u64	d0, d0, d5\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_done_neon_%=: \n\t"
+        "cmp	%[bytes], #16\n\t"
+        "beq	L_poly1305_arm32_blocks_begin_1_%=\n\t"
+        "add	r12, %[ctx], #16\n\t"
+        "vsli.u64	d0, d1, #26\n\t"
+        "vsli.u64	d0, d2, #52\n\t"
+        "vshr.u64	d1, d2, #12\n\t"
+        "vsli.u64	d1, d3, #14\n\t"
+        "vsli.u64	d1, d4, #40\n\t"
+        "vshr.u64	d2, d4, #24\n\t"
+        "vst1.64	{d0-d2}, [r12]\n\t"
+        "b	L_poly1305_arm32_blocks_done_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_begin_1_%=: \n\t"
+        "vsli.u64	d0, d1, #26\n\t"
+        "vsli.u64	d0, d2, #52\n\t"
+        "vshr.u64	d1, d2, #12\n\t"
+        "vsli.u64	d1, d3, #14\n\t"
+        "vsli.u64	d1, d4, #40\n\t"
+        "vshr.u64	d2, d4, #24\n\t"
+        "vmov	r7, r8, d0\n\t"
+        "vmov	r9, r10, d1\n\t"
+        "vmov	r11, d2[0]\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_start_1_%=: \n\t"
+        "mov	r12, #1\n\t"
+        "push	{r2}\n\t"
+        /* Load message */
+        "ldm	%[m], {r2, r3, r4, r5}\n\t"
+        /* Add message */
+        "adds	r7, r7, %[bytes]\n\t"
+        "adcs	r8, r8, r3\n\t"
+        "adcs	r9, r9, r4\n\t"
+        "adcs	r10, r10, r5\n\t"
+        "adc	r11, r11, r12\n\t"
+        "push	{r0-r1}\n\t"
+        "add	%[m], %[ctx], #0\n\t"
+        "add	lr, %[ctx], #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r7, r8, r9, r10, r11}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r10, [lr, #12]\n\t"
+        "str	r11, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	r3, [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r7, r8, r3, r7\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r9, r10, r3, r9\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r11, r3, r11\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r8, r12, r3, %[bytes]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r10, r11, r3, %[bytes]\n\t"
+        /* r[1] * h[0] */
+        "ldr	r3, [%[m], #4]\n\t"
+        "ldr	%[bytes], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r8, r12, r3, %[bytes]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r12, r3, %[bytes]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[bytes], [lr, #8]\n\t"
+        "adds	r10, r10, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r10, r12, r3, %[bytes]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "adds	r11, r11, r12\n\t"
+        "adc	r4, %[ctx], %[ctx]\n\t"
+        "umlal	r11, r4, r3, %[bytes]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[bytes], [lr, #16]\n\t"
+        "mla	r4, r3, %[bytes], r4\n\t"
+        /* r[2] * h[0] */
+        "ldr	r3, [%[m], #8]\n\t"
+        "ldr	%[bytes], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r9, r12, r3, %[bytes]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "adds	r10, r10, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r10, r12, r3, %[bytes]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[bytes], [lr, #8]\n\t"
+        "adds	r11, r11, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r11, r12, r3, %[bytes]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "adds	r4, r4, r12\n\t"
+        "adc	r5, %[ctx], %[ctx]\n\t"
+        "umlal	r4, r5, r3, %[bytes]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[bytes], [lr, #16]\n\t"
+        "mla	r5, r3, %[bytes], r5\n\t"
+        /* r[3] * h[0] */
+        "ldr	r3, [%[m], #12]\n\t"
+        "ldr	%[bytes], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r10, r12, r3, %[bytes]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "adds	r11, r11, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r11, r12, r3, %[bytes]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[bytes], [lr, #8]\n\t"
+        "adds	r4, r4, r12\n\t"
+        "adc	r5, r5, %[ctx]\n\t"
+        "umlal	r4, r5, r3, %[bytes]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "mov	r6, %[ctx]\n\t"
+        "umlal	r5, r6, r3, %[bytes]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[bytes], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r6, r3, %[bytes], r6\n\t"
+#else
+        "sub	sp, sp, #12\n\t"
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r5, r6, %[ctx], r7\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r10, %[m], r7\n\t"
+        /* r[0] * h[1] */
+        "umaal	r6, r12, %[ctx], r8\n\t"
+        /* r[2] * h[0] */
+        "umull	r11, r4, %[bytes], r7\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r11, %[m], r8\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r10, %[ctx], r9\n\t"
+        /* r[3] * h[0] */
+        "umaal	r11, r4, r3, r7\n\t"
+        "stm	sp, {r5, r6, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r10, r11, %[bytes], r8\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r7, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r5, r6, %[m], r9\n\t"
+        /* r[2] * h[2] */
+        "umaal	r11, r4, %[bytes], r9\n\t"
+        /* r[0] * h[3] */
+        "umaal	r10, r5, %[ctx], r7\n\t"
+        /* r[3] * h[1] */
+        "umaal	r11, r6, r3, r8\n\t"
+        /* r[1] * h[3] */
+        "umaal	r11, r5, %[m], r7\n\t"
+        /* r[3] * h[2] */
+        "umaal	r4, r6, r3, r9\n\t"
+        /* r[2] * h[3] */
+        "umaal	r4, r5, %[bytes], r7\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r8, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r5, r6, r3, r7\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r11, r12, %[ctx], r8\n\t"
+        /* r[1] * h[4] */
+        "umaal	r4, r12, %[m], r8\n\t"
+        /* r[2] * h[4] */
+        "umaal	r5, r12, %[bytes], r8\n\t"
+        /* r[3] * h[4] */
+        "umaal	r6, r12, r3, r8\n\t"
+        /* DONE */
+        "ldm	sp, {r7, r8, r9}\n\t"
+        "add	sp, sp, #12\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* Reduce mod 2^130 - 5 */
+        "bic	r3, r11, #0x3\n\t"
+        "and	r11, r11, #3\n\t"
+        "adds	r7, r7, r3\n\t"
+        "lsr	r3, r3, #2\n\t"
+        "adcs	r8, r8, r4\n\t"
+        "orr	r3, r3, r4, LSL #30\n\t"
+        "adcs	r9, r9, r5\n\t"
+        "lsr	r4, r4, #2\n\t"
+        "adcs	r10, r10, r6\n\t"
+        "orr	r4, r4, r5, LSL #30\n\t"
+        "adc	r11, r11, r12\n\t"
+        "lsr	r5, r5, #2\n\t"
+        "adds	r7, r7, r3\n\t"
+        "orr	r5, r5, r6, LSL #30\n\t"
+        "adcs	r8, r8, r4\n\t"
+        "lsr	r6, r6, #2\n\t"
+        "adcs	r9, r9, r5\n\t"
+        "adcs	r10, r10, r6\n\t"
+        "adc	r11, r11, r12\n\t"
+        "pop	{r0-r1}\n\t"
+        "pop	{r2}\n\t"
+        "add	r12, %[ctx], #16\n\t"
+        "stm	r12, {r7, r8, r9, r10, r11}\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_done_%=: \n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [bytes] "+r" (bytes)
+        :
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8",
+            "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18",
+            "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27",
+            "d28", "d29", "d30", "d31"
+    );
+}
+
+static const word32 L_poly1305_arm32_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_arm32_clamp_c asm ("r2") =
+        (word32*)&L_poly1305_arm32_clamp;
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "mov	lr, %[L_poly1305_arm32_clamp]\n\t"
+        "ldm	lr, {r6, r7, r8, r9}\n\t"
+        /* Load and cache padding. */
+        "ldr	r2, [%[key], #16]\n\t"
+        "ldr	r3, [%[key], #20]\n\t"
+        "ldr	r4, [%[key], #24]\n\t"
+        "ldr	r5, [%[key], #28]\n\t"
+        "add	lr, %[ctx], #40\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "ldr	r2, [%[key]]\n\t"
+        "ldr	r3, [%[key], #4]\n\t"
+        "ldr	r4, [%[key], #8]\n\t"
+        "ldr	r5, [%[key], #12]\n\t"
+        "and	r2, r2, r6\n\t"
+        "and	r3, r3, r7\n\t"
+        "and	r4, r4, r8\n\t"
+        "and	r5, r5, r9\n\t"
+        "add	lr, %[ctx], #0\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        "vmov.i16	q10, #0xffff\n\t"
+        "vshr.u64	q10, q10, #38\n\t"
+        "lsr	r8, r2, #26\n\t"
+        "lsr	r9, r3, #20\n\t"
+        "lsr	r10, r4, #14\n\t"
+        "lsr	r11, r5, #8\n\t"
+        "eor	r8, r8, r3, lsl #6\n\t"
+        "eor	r9, r9, r4, lsl #12\n\t"
+        "eor	r10, r10, r5, lsl #18\n\t"
+        "and	r7, r2, #0x3ffffff\n\t"
+        "and	r8, r8, #0x3ffffff\n\t"
+        "and	r9, r9, #0x3ffffff\n\t"
+        "and	r10, r10, #0x3ffffff\n\t"
+        "vmov.i32	s1, r7\n\t"
+        "vmov.i32	s3, r8\n\t"
+        "vmov.i32	s5, r9\n\t"
+        "vmov.i32	s7, r10\n\t"
+        "vmov.i32	s9, r11\n\t"
+        "push	{%[ctx]-%[key]}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* Square r */
+        "umull	%[key], r6, r2, r3\n\t"
+        "mov	r12, #0\n\t"
+        "umull	r7, r8, r2, r5\n\t"
+        "mov	lr, r12\n\t"
+        "umlal	r6, lr, r2, r4\n\t"
+        "adds	r7, r7, lr\n\t"
+        "adc	lr, r12, r12\n\t"
+        "umlal	r7, lr, r3, r4\n\t"
+        "mov	r9, r12\n\t"
+        "umlal	lr, r9, r3, r5\n\t"
+        "adds	r8, r8, lr\n\t"
+        "adcs	r9, r9, r12\n\t"
+        "adc	r10, r12, r12\n\t"
+        "umlal	r9, r10, r4, r5\n\t"
+        "adds	%[key], %[key], %[key]\n\t"
+        "adcs	r6, r6, r6\n\t"
+        "adcs	r7, r7, r7\n\t"
+        "adcs	r8, r8, r8\n\t"
+        "adcs	r9, r9, r9\n\t"
+        "adcs	r10, r10, r10\n\t"
+        "adc	r11, r12, r12\n\t"
+        "umull	%[ctx], lr, r2, r2\n\t"
+        "adds	%[key], %[key], lr\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	lr, r12, r12\n\t"
+        "umlal	r6, lr, r3, r3\n\t"
+        "adds	r7, r7, lr\n\t"
+        "adcs	r8, r8, r12\n\t"
+        "adc	lr, r12, r12\n\t"
+        "umlal	r8, lr, r4, r4\n\t"
+        "adds	r9, r9, lr\n\t"
+        "adcs	r10, r10, r12\n\t"
+        "adc	r11, r11, r12\n\t"
+        "umlal	r10, r11, r5, r5\n\t"
+#else
+        "umull	%[ctx], %[key], r2, r2\n\t"
+        "umull	r6, r7, r2, r3\n\t"
+        "adds	r6, r6, r6\n\t"
+        "mov	r12, #0\n\t"
+        "umaal	%[key], r6, r12, r12\n\t"
+        "mov	r8, r12\n\t"
+        "umaal	r8, r7, r2, r4\n\t"
+        "adcs	r8, r8, r8\n\t"
+        "umaal	r6, r8, r3, r3\n\t"
+        "umull	r9, r10, r2, r5\n\t"
+        "umaal	r7, r9, r3, r4\n\t"
+        "adcs	r7, r7, r7\n\t"
+        "umaal	r7, r8, r12, r12\n\t"
+        "umaal	r10, r9, r3, r5\n\t"
+        "adcs	r10, r10, r10\n\t"
+        "umaal	r8, r10, r4, r4\n\t"
+        "mov	r11, r12\n\t"
+        "umaal	r9, r11, r4, r5\n\t"
+        "adcs	r9, r9, r9\n\t"
+        "umaal	r9, r10, r12, r12\n\t"
+        "adcs	r11, r11, r11\n\t"
+        "umaal	r10, r11, r5, r5\n\t"
+        "adc	r11, r11, r12\n\t"
+#endif /* defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) */
+        /* Reduce mod 2^130 - 5 */
+        "bic	r2, r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	%[ctx], %[ctx], r2\n\t"
+        "lsr	r2, r2, #2\n\t"
+        "adcs	%[key], %[key], r9\n\t"
+        "orr	r2, r2, r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	%[ctx], %[ctx], r2\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	%[key], %[key], r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r3, %[ctx], #26\n\t"
+        "lsr	r4, %[key], #20\n\t"
+        "lsr	r5, r6, #14\n\t"
+        "lsr	r10, r7, #8\n\t"
+        "eor	r3, r3, %[key], lsl #6\n\t"
+        "eor	r4, r4, r6, lsl #12\n\t"
+        "eor	r5, r5, r7, lsl #18\n\t"
+        "eor	r10, r10, r8, lsl #24\n\t"
+        "and	r2, %[ctx], #0x3ffffff\n\t"
+        "and	r3, r3, #0x3ffffff\n\t"
+        "and	r4, r4, #0x3ffffff\n\t"
+        "and	r5, r5, #0x3ffffff\n\t"
+        "vmov.i32	s0, r2\n\t"
+        "vmov.i32	s2, r3\n\t"
+        "vmov.i32	s4, r4\n\t"
+        "vmov.i32	s6, r5\n\t"
+        "vmov.i32	s8, r10\n\t"
+        "pop	{%[ctx]-%[key]}\n\t"
+        "add	lr, %[ctx], #0x7c\n\t"
+        "vstm.32	lr, {d0-d4}\n\t"
+        /* Multiply r^2, r by r^2 */
+        "vshl.u32	d6, d1, #2\n\t"
+        "vshl.u32	d7, d2, #2\n\t"
+        "vshl.u32	d8, d3, #2\n\t"
+        "vshl.u32	d9, d4, #2\n\t"
+        "vadd.u32	d6, d6, d1\n\t"
+        "vadd.u32	d7, d7, d2\n\t"
+        "vadd.u32	d8, d8, d3\n\t"
+        "vadd.u32	d9, d9, d4\n\t"
+        "vmull.u32	q5, d0, d0[0]\n\t"
+        "vmull.u32	q6, d0, d1[0]\n\t"
+        "vmull.u32	q7, d0, d2[0]\n\t"
+        "vmull.u32	q8, d0, d3[0]\n\t"
+        "vmull.u32	q9, d0, d4[0]\n\t"
+        "vmlal.u32	q5, d1, d9[0]\n\t"
+        "vmlal.u32	q6, d1, d0[0]\n\t"
+        "vmlal.u32	q7, d1, d1[0]\n\t"
+        "vmlal.u32	q8, d1, d2[0]\n\t"
+        "vmlal.u32	q9, d1, d3[0]\n\t"
+        "vmlal.u32	q5, d2, d8[0]\n\t"
+        "vmlal.u32	q6, d2, d9[0]\n\t"
+        "vmlal.u32	q7, d2, d0[0]\n\t"
+        "vmlal.u32	q8, d2, d1[0]\n\t"
+        "vmlal.u32	q9, d2, d2[0]\n\t"
+        "vmlal.u32	q5, d3, d7[0]\n\t"
+        "vmlal.u32	q6, d3, d8[0]\n\t"
+        "vmlal.u32	q7, d3, d9[0]\n\t"
+        "vmlal.u32	q8, d3, d0[0]\n\t"
+        "vmlal.u32	q9, d3, d1[0]\n\t"
+        "vmlal.u32	q5, d4, d6[0]\n\t"
+        "vmlal.u32	q6, d4, d7[0]\n\t"
+        "vmlal.u32	q7, d4, d8[0]\n\t"
+        "vmlal.u32	q8, d4, d9[0]\n\t"
+        "vmlal.u32	q9, d4, d0[0]\n\t"
+        "vsra.u64	q6, q5, #26\n\t"
+        "vand.u64	q5, q5, q10\n\t"
+        "vsra.u64	q7, q6, #26\n\t"
+        "vand.u64	q6, q6, q10\n\t"
+        "vsra.u64	q8, q7, #26\n\t"
+        "vand.u64	q7, q7, q10\n\t"
+        "vsra.u64	q9, q8, #26\n\t"
+        "vand.u64	q8, q8, q10\n\t"
+        "vshr.u64	q3, q9, #26\n\t"
+        "vand.u64	q9, q9, q10\n\t"
+        "vadd.u64	q5, q5, q3\n\t"
+        "vshl.u64	q3, q3, #2\n\t"
+        "vadd.u64	q5, q5, q3\n\t"
+        "vsra.u64	q6, q5, #26\n\t"
+        "vand.u64	q5, q5, q10\n\t"
+        "vmovn.i64	d10, q5\n\t"
+        "vmovn.i64	d11, q6\n\t"
+        "vmovn.i64	d12, q7\n\t"
+        "vmovn.i64	d13, q8\n\t"
+        "vmovn.i64	d14, q9\n\t"
+        "add	lr, %[ctx], #0xa4\n\t"
+        "vstm.32	lr, {d10-d14}\n\t"
+        /* h (accumulator) = 0 */
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "eor	r9, r9, r9\n\t"
+        "add	lr, %[ctx], #16\n\t"
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8, r9}\n\t"
+        /* Zero leftover */
+        "str	r5, [%[ctx], #56]\n\t"
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c)
+        :
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8",
+            "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18",
+            "d19", "d20", "d21"
+    );
+}
+
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+{
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register byte* mac asm ("r1") = (byte*)mac_p;
+
+    __asm__ __volatile__ (
+        "add	r9, %[ctx], #16\n\t"
+        "ldm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "adds	r2, r4, #5\n\t"
+        "adcs	r2, r5, #0\n\t"
+        "adcs	r2, r6, #0\n\t"
+        "adcs	r2, r7, #0\n\t"
+        "adc	r2, r8, #0\n\t"
+        "sub	r2, r2, #4\n\t"
+        "lsr	r2, r2, #31\n\t"
+        "sub	r2, r2, #1\n\t"
+        "and	r2, r2, #5\n\t"
+        /* Add 0/5 to h. */
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, #0\n\t"
+        "adcs	r6, r6, #0\n\t"
+        "adc	r7, r7, #0\n\t"
+        /* Add padding */
+        "add	r9, %[ctx], #40\n\t"
+        "ldm	r9, {r2, r3, r12, lr}\n\t"
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, r3\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	r7, r7, lr\n\t"
+        /* Store MAC */
+        "str	r4, [%[mac]]\n\t"
+        "str	r5, [%[mac], #4]\n\t"
+        "str	r6, [%[mac], #8]\n\t"
+        "str	r7, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "add	r9, %[ctx], #16\n\t"
+        "stm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Zero out r. */
+        "add	r9, %[ctx], #0\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        /* Zero out padding. */
+        "add	r9, %[ctx], #40\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
index 65b475773..a79142f40 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+ *   ruby ./sha2/sha256.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,7 +31,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifndef NO_SHA256
 #ifdef WOLFSSL_ARMASM_NO_NEON
@@ -113,8 +114,7 @@ Transform_Sha256_Len:
 	adr	r3, L_SHA256_transform_len_k
 	# Copy digest to add in at end
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -185,8 +185,7 @@ L_SHA256_transform_len_begin:
 	eor	r6, r6, r10, lsr #8
 	eor	r7, r7, r11, lsr #8
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -310,8 +309,7 @@ L_SHA256_transform_len_begin:
 	rev	r10, r10
 	rev	r11, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -1649,8 +1647,7 @@ L_SHA256_transform_len_start:
 	str	r9, [r0]
 	# Add in digest from start
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1677,8 +1674,7 @@ L_SHA256_transform_len_start:
 	add	r6, r6, r10
 	add	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -1840,8 +1836,7 @@ Transform_Sha256_Len:
 	vpush	{d8-d11}
 	sub	sp, sp, #24
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r0, [sp]
-	str	r1, [sp, #4]
+	stm	sp, {r0, r1}
 #else
 	strd	r0, r1, [sp]
 #endif
@@ -1849,8 +1844,7 @@ Transform_Sha256_Len:
 	adr	r12, L_SHA256_transform_neon_len_k
 	# Load digest into registers
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [r0]
-	ldr	r3, [r0, #4]
+	ldm	r0, {r2, r3}
 #else
 	ldrd	r2, r3, [r0]
 #endif
@@ -2798,16 +2792,14 @@ L_SHA256_transform_neon_len_start:
 	ldr	r10, [sp]
 	# Add in digest from start
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r0, [r10]
-	ldr	r1, [r10, #4]
+	ldm	r10, {r0, r1}
 #else
 	ldrd	r0, r1, [r10]
 #endif
 	add	r2, r2, r0
 	add	r3, r3, r1
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r2, [r10]
-	str	r3, [r10, #4]
+	stm	r10, {r2, r3}
 #else
 	strd	r2, r3, [r10]
 #endif
@@ -2865,7 +2857,7 @@ L_SHA256_transform_neon_len_start:
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
index 3a5e200e6..bb7f1f86d 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c
+ *   ruby ./sha2/sha256.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -55,7 +53,7 @@
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_len_k[] = {
+static const word32 L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -74,20 +72,20 @@ static const uint32_t L_SHA256_transform_len_k[] = {
     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
 };
 
-void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len);
+void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p);
 void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_len_k;
+    register word32* L_SHA256_transform_len_k_c asm ("r3") =
+        (word32*)&L_SHA256_transform_len_k;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
         /* Copy digest to add in at end */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha256]]\n\t"
-        "ldr	r5, [%[sha256], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha256]]\n\t"
 #endif
@@ -159,8 +157,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r10, lsr #8\n\t"
         "eor	r7, r7, r11, lsr #8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -284,8 +281,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "rev	r10, r10\n\t"
         "rev	r11, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -1624,8 +1620,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "str	r9, [%[sha256]]\n\t"
         /* Add in digest from start */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha256]]\n\t"
-        "ldr	r5, [%[sha256], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha256]]\n\t"
 #endif
@@ -1652,8 +1647,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "add	r6, r6, r10\n\t"
         "add	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha256]]\n\t"
-        "str	r5, [%[sha256], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha256]]\n\t"
 #endif
@@ -1732,9 +1726,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "add	%[data], %[data], #0x40\n\t"
         "bne	L_SHA256_transform_len_begin_%=\n\t"
         "add	sp, sp, #0xc0\n\t"
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
+        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -1742,7 +1738,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifndef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_neon_len_k[] = {
+static const word32 L_SHA256_transform_neon_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -1761,19 +1757,19 @@ static const uint32_t L_SHA256_transform_neon_len_k[] = {
     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
 };
 
-void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len);
+void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p);
 void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_neon_len_k;
+    register word32* L_SHA256_transform_neon_len_k_c asm ("r3") =
+        (word32*)&L_SHA256_transform_neon_len_k;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #24\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	%[sha256], [sp]\n\t"
-        "str	%[data], [sp, #4]\n\t"
+        "stm	sp, {r0, r1}\n\t"
 #else
         "strd	%[sha256], %[data], [sp]\n\t"
 #endif
@@ -1781,8 +1777,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "mov	r12, %[L_SHA256_transform_neon_len_k]\n\t"
         /* Load digest into registers */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	%[len], [%[sha256]]\n\t"
-        "ldr	r3, [%[sha256], #4]\n\t"
+        "ldm	r0, {r2, r3}\n\t"
 #else
         "ldrd	%[len], r3, [%[sha256]]\n\t"
 #endif
@@ -2732,16 +2727,14 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "ldr	r10, [sp]\n\t"
         /* Add in digest from start */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	%[sha256], [r10]\n\t"
-        "ldr	%[data], [r10, #4]\n\t"
+        "ldm	r10, {r0, r1}\n\t"
 #else
         "ldrd	%[sha256], %[data], [r10]\n\t"
 #endif
         "add	%[len], %[len], %[sha256]\n\t"
         "add	r3, r3, %[data]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	%[len], [r10]\n\t"
-        "str	r3, [r10, #4]\n\t"
+        "stm	r10, {r2, r3}\n\t"
 #else
         "strd	%[len], r3, [r10]\n\t"
 #endif
@@ -2794,17 +2787,18 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "str	r10, [sp, #8]\n\t"
         "bne	L_SHA256_transform_neon_len_begin_%=\n\t"
         "add	sp, sp, #24\n\t"
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c)
+        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr",
+            "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9",
+            "d10", "d11"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
new file mode 100644
index 000000000..ac623304a
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
@@ -0,0 +1,2391 @@
+/* armv8-32-sha3-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./sha3/sha3.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef WOLFSSL_SHA3
+#ifndef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.type	L_sha3_arm2_neon_rt, %object
+	.size	L_sha3_arm2_neon_rt, 192
+	.align	4
+L_sha3_arm2_neon_rt:
+	.word	0x1
+	.word	0x0
+	.word	0x8082
+	.word	0x0
+	.word	0x808a
+	.word	0x80000000
+	.word	0x80008000
+	.word	0x80000000
+	.word	0x808b
+	.word	0x0
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8009
+	.word	0x80000000
+	.word	0x8a
+	.word	0x0
+	.word	0x88
+	.word	0x0
+	.word	0x80008009
+	.word	0x0
+	.word	0x8000000a
+	.word	0x0
+	.word	0x8000808b
+	.word	0x0
+	.word	0x8b
+	.word	0x80000000
+	.word	0x8089
+	.word	0x80000000
+	.word	0x8003
+	.word	0x80000000
+	.word	0x8002
+	.word	0x80000000
+	.word	0x80
+	.word	0x80000000
+	.word	0x800a
+	.word	0x0
+	.word	0x8000000a
+	.word	0x80000000
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8080
+	.word	0x80000000
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008008
+	.word	0x80000000
+	.text
+	.align	4
+	.globl	BlockSha3
+	.type	BlockSha3, %function
+BlockSha3:
+	vpush	{d8-d15}
+	sub	sp, sp, #16
+	adr	r1, L_sha3_arm2_neon_rt
+	mov	r2, #24
+	mov	r3, sp
+	vld1.8	{d0-d3}, [r0]!
+	vld1.8	{d4-d7}, [r0]!
+	vld1.8	{d8-d11}, [r0]!
+	vld1.8	{d12-d15}, [r0]!
+	vld1.8	{d16-d19}, [r0]!
+	vld1.8	{d20-d23}, [r0]!
+	vld1.8	{d24}, [r0]
+	sub	r0, r0, #0xc0
+L_sha3_arm32_neon_begin:
+	# Calc b[0..4]
+	veor	d26, d0, d5
+	veor	d27, d1, d6
+	veor	d28, d2, d7
+	veor	d29, d3, d8
+	veor	d25, d4, d9
+	veor	d26, d26, d10
+	veor	d27, d27, d11
+	veor	d28, d28, d12
+	veor	d29, d29, d13
+	veor	d25, d25, d14
+	veor	d26, d26, d15
+	veor	d27, d27, d16
+	veor	d28, d28, d17
+	veor	d29, d29, d18
+	veor	d25, d25, d19
+	veor	d26, d26, d20
+	veor	d27, d27, d21
+	veor	d28, d28, d22
+	veor	d29, d29, d23
+	veor	d25, d25, d24
+	vst1.8	{d25, d26}, [r3]
+	# Calc t[0..4] and XOR into s[i*5..i*5+4]
+	# t[0]
+	vshr.u64	d30, d27, #63
+	vshl.u64	d31, d27, #1
+	veor	d25, d25, d30
+	veor	d25, d25, d31
+	# t[1]
+	vshr.u64	d30, d28, #63
+	vshl.u64	d31, d28, #1
+	veor	d26, d26, d30
+	veor	d26, d26, d31
+	# t[2]
+	vshr.u64	d30, d29, #63
+	vshl.u64	d31, d29, #1
+	veor	d27, d27, d30
+	veor	d27, d27, d31
+	# t[3]
+	vldr.8	d31, [r3]
+	vshr.u64	d30, d31, #63
+	vshl.u64	d31, d31, #1
+	veor	d28, d28, d30
+	veor	d28, d28, d31
+	# t[4]
+	vldr.8	d31, [r3, #8]
+	vshr.u64	d30, d31, #63
+	vshl.u64	d31, d31, #1
+	veor	d29, d29, d30
+	veor	d29, d29, d31
+	sub	r3, r3, #16
+	veor	d0, d0, d25
+	# s[1] => s[10] (tmp)
+	veor	d30, d1, d26
+	vshr.u64	d31, d30, #63
+	vshl.u64	d30, d30, #1
+	veor	d30, d30, d31
+	# s[6] => s[1]
+	veor	d1, d6, d26
+	vshr.u64	d31, d1, #20
+	vshl.u64	d1, d1, #44
+	veor	d1, d1, d31
+	# s[9] => s[6]
+	veor	d6, d9, d29
+	vshr.u64	d31, d6, #44
+	vshl.u64	d6, d6, #20
+	veor	d6, d6, d31
+	# s[22] => s[9]
+	veor	d9, d22, d27
+	vshr.u64	d31, d9, #3
+	vshl.u64	d9, d9, #61
+	veor	d9, d9, d31
+	# s[14] => s[22]
+	veor	d22, d14, d29
+	vshr.u64	d31, d22, #25
+	vshl.u64	d22, d22, #39
+	veor	d22, d22, d31
+	# s[20] => s[14]
+	veor	d14, d20, d25
+	vshr.u64	d31, d14, #46
+	vshl.u64	d14, d14, #18
+	veor	d14, d14, d31
+	# s[2] => s[20]
+	veor	d20, d2, d27
+	vshr.u64	d31, d20, #2
+	vshl.u64	d20, d20, #62
+	veor	d20, d20, d31
+	# s[12] => s[2]
+	veor	d2, d12, d27
+	vshr.u64	d31, d2, #21
+	vshl.u64	d2, d2, #43
+	veor	d2, d2, d31
+	# s[13] => s[12]
+	veor	d12, d13, d28
+	vshr.u64	d31, d12, #39
+	vshl.u64	d12, d12, #25
+	veor	d12, d12, d31
+	# s[19] => s[13]
+	veor	d13, d19, d29
+	vshr.u64	d31, d13, #56
+	vshl.u64	d13, d13, #8
+	veor	d13, d13, d31
+	# s[23] => s[19]
+	veor	d19, d23, d28
+	vshr.u64	d31, d19, #8
+	vshl.u64	d19, d19, #56
+	veor	d19, d19, d31
+	# s[15] => s[23]
+	veor	d23, d15, d25
+	vshr.u64	d31, d23, #23
+	vshl.u64	d23, d23, #41
+	veor	d23, d23, d31
+	# s[4] => s[15]
+	veor	d15, d4, d29
+	vshr.u64	d31, d15, #37
+	vshl.u64	d15, d15, #27
+	veor	d15, d15, d31
+	# s[24] => s[4]
+	veor	d4, d24, d29
+	vshr.u64	d31, d4, #50
+	vshl.u64	d4, d4, #14
+	veor	d4, d4, d31
+	# s[21] => s[24]
+	veor	d24, d21, d26
+	vshr.u64	d31, d24, #62
+	vshl.u64	d24, d24, #2
+	veor	d24, d24, d31
+	# s[8] => s[21]
+	veor	d21, d8, d28
+	vshr.u64	d31, d21, #9
+	vshl.u64	d21, d21, #55
+	veor	d21, d21, d31
+	# s[16] => s[8]
+	veor	d8, d16, d26
+	vshr.u64	d31, d8, #19
+	vshl.u64	d8, d8, #45
+	veor	d8, d8, d31
+	# s[5] => s[16]
+	veor	d16, d5, d25
+	vshr.u64	d31, d16, #28
+	vshl.u64	d16, d16, #36
+	veor	d16, d16, d31
+	# s[3] => s[5]
+	veor	d5, d3, d28
+	vshr.u64	d31, d5, #36
+	vshl.u64	d5, d5, #28
+	veor	d5, d5, d31
+	# s[18] => s[3]
+	veor	d3, d18, d28
+	vshr.u64	d31, d3, #43
+	vshl.u64	d3, d3, #21
+	veor	d3, d3, d31
+	# s[17] => s[18]
+	veor	d18, d17, d27
+	vshr.u64	d31, d18, #49
+	vshl.u64	d18, d18, #15
+	veor	d18, d18, d31
+	# s[11] => s[17]
+	veor	d17, d11, d26
+	vshr.u64	d31, d17, #54
+	vshl.u64	d17, d17, #10
+	veor	d17, d17, d31
+	# s[7] => s[11]
+	veor	d11, d7, d27
+	vshr.u64	d31, d11, #58
+	vshl.u64	d11, d11, #6
+	veor	d11, d11, d31
+	# s[10] => s[7]
+	veor	d7, d10, d25
+	vshr.u64	d31, d7, #61
+	vshl.u64	d7, d7, #3
+	veor	d7, d7, d31
+	# Row Mix
+	vmov	d25, d0
+	vmov	d26, d1
+	vbic	d31, d2, d26
+	veor	d0, d25, d31
+	vbic	d31, d3, d2
+	veor	d1, d26, d31
+	vbic	d31, d4, d3
+	veor	d2, d2, d31
+	vbic	d31, d25, d4
+	veor	d3, d3, d31
+	vbic	d31, d26, d25
+	veor	d4, d4, d31
+	vmov	d25, d5
+	vmov	d26, d6
+	vbic	d31, d7, d26
+	veor	d5, d25, d31
+	vbic	d31, d8, d7
+	veor	d6, d26, d31
+	vbic	d31, d9, d8
+	veor	d7, d7, d31
+	vbic	d31, d25, d9
+	veor	d8, d8, d31
+	vbic	d31, d26, d25
+	veor	d9, d9, d31
+	vmov	d26, d11
+	vbic	d31, d12, d26
+	veor	d10, d30, d31
+	vbic	d31, d13, d12
+	veor	d11, d26, d31
+	vbic	d31, d14, d13
+	veor	d12, d12, d31
+	vbic	d31, d30, d14
+	veor	d13, d13, d31
+	vbic	d31, d26, d30
+	veor	d14, d14, d31
+	vmov	d25, d15
+	vmov	d26, d16
+	vbic	d31, d17, d26
+	veor	d15, d25, d31
+	vbic	d31, d18, d17
+	veor	d16, d26, d31
+	vbic	d31, d19, d18
+	veor	d17, d17, d31
+	vbic	d31, d25, d19
+	veor	d18, d18, d31
+	vbic	d31, d26, d25
+	veor	d19, d19, d31
+	vmov	d25, d20
+	vmov	d26, d21
+	vbic	d31, d22, d26
+	veor	d20, d25, d31
+	vbic	d31, d23, d22
+	veor	d21, d26, d31
+	vbic	d31, d24, d23
+	veor	d22, d22, d31
+	vbic	d31, d25, d24
+	veor	d23, d23, d31
+	vbic	d31, d26, d25
+	veor	d24, d24, d31
+	vld1.8	{d30}, [r1]!
+	subs	r2, r2, #1
+	veor	d0, d0, d30
+	bne	L_sha3_arm32_neon_begin
+	vst1.8	{d0-d3}, [r0]!
+	vst1.8	{d4-d7}, [r0]!
+	vst1.8	{d8-d11}, [r0]!
+	vst1.8	{d12-d15}, [r0]!
+	vst1.8	{d16-d19}, [r0]!
+	vst1.8	{d20-d23}, [r0]!
+	vst1.8	{d24}, [r0]
+	add	sp, sp, #16
+	vpop	{d8-d15}
+	bx	lr
+	.size	BlockSha3,.-BlockSha3
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.type	L_sha3_arm2_rt, %object
+	.size	L_sha3_arm2_rt, 192
+	.align	4
+L_sha3_arm2_rt:
+	.word	0x1
+	.word	0x0
+	.word	0x8082
+	.word	0x0
+	.word	0x808a
+	.word	0x80000000
+	.word	0x80008000
+	.word	0x80000000
+	.word	0x808b
+	.word	0x0
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8009
+	.word	0x80000000
+	.word	0x8a
+	.word	0x0
+	.word	0x88
+	.word	0x0
+	.word	0x80008009
+	.word	0x0
+	.word	0x8000000a
+	.word	0x0
+	.word	0x8000808b
+	.word	0x0
+	.word	0x8b
+	.word	0x80000000
+	.word	0x8089
+	.word	0x80000000
+	.word	0x8003
+	.word	0x80000000
+	.word	0x8002
+	.word	0x80000000
+	.word	0x80
+	.word	0x80000000
+	.word	0x800a
+	.word	0x0
+	.word	0x8000000a
+	.word	0x80000000
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8080
+	.word	0x80000000
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008008
+	.word	0x80000000
+	.text
+	.align	4
+	.globl	BlockSha3
+	.type	BlockSha3, %function
+BlockSha3:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #0xcc
+	adr	r1, L_sha3_arm2_rt
+	mov	r2, #12
+L_sha3_arm32_begin:
+	str	r2, [sp, #200]
+	# Round even
+	# Calc b[4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #36]
+#else
+	ldrd	r4, r5, [r0, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #72]
+	ldr	r7, [r0, #76]
+#else
+	ldrd	r6, r7, [r0, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #112]
+	ldr	r9, [r0, #116]
+#else
+	ldrd	r8, r9, [r0, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #152]
+	ldr	r11, [r0, #156]
+#else
+	ldrd	r10, r11, [r0, #152]
+#endif
+	ldr	r12, [r0, #192]
+	ldr	lr, [r0, #196]
+	eor	r2, r4, r6
+	eor	r3, r5, r7
+	eor	r2, r2, r8
+	eor	r3, r3, r9
+	eor	r2, r2, r10
+	eor	r3, r3, r11
+	eor	r2, r2, r12
+	eor	r3, r3, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r2, [sp, #32]
+	str	r3, [sp, #36]
+#else
+	strd	r2, r3, [sp, #32]
+#endif
+	# Calc b[1]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+#else
+	ldrd	r4, r5, [r0, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #48]
+	ldr	r7, [r0, #52]
+#else
+	ldrd	r6, r7, [r0, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #88]
+	ldr	r9, [r0, #92]
+#else
+	ldrd	r8, r9, [r0, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #128]
+	ldr	r11, [r0, #132]
+#else
+	ldrd	r10, r11, [r0, #128]
+#endif
+	ldr	r12, [r0, #168]
+	ldr	lr, [r0, #172]
+	eor	r4, r4, r6
+	eor	r5, r5, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r4, r4, r10
+	eor	r5, r5, r11
+	eor	r4, r4, r12
+	eor	r5, r5, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #8]
+	str	r5, [sp, #12]
+#else
+	strd	r4, r5, [sp, #8]
+#endif
+	# Calc t[0]
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# Calc b[0] and XOR t[0] into s[x*5+0]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	r0, {r4, r5}
+#else
+	ldrd	r4, r5, [r0]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #40]
+	ldr	r7, [r0, #44]
+#else
+	ldrd	r6, r7, [r0, #40]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #80]
+	ldr	r9, [r0, #84]
+#else
+	ldrd	r8, r9, [r0, #80]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #120]
+	ldr	r11, [r0, #124]
+#else
+	ldrd	r10, r11, [r0, #120]
+#endif
+	eor	r12, r4, r6
+	eor	lr, r5, r7
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	stm	r0, {r4, r5}
+#else
+	strd	r4, r5, [r0]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [r0, #40]
+	str	r7, [r0, #44]
+#else
+	strd	r6, r7, [r0, #40]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [r0, #80]
+	str	r9, [r0, #84]
+#else
+	strd	r8, r9, [r0, #80]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #120]
+	str	r11, [r0, #124]
+#else
+	strd	r10, r11, [r0, #120]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #160]
+	ldr	r11, [r0, #164]
+#else
+	ldrd	r10, r11, [r0, #160]
+#endif
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #160]
+	str	r11, [r0, #164]
+#else
+	strd	r10, r11, [r0, #160]
+#endif
+	str	r12, [sp]
+	str	lr, [sp, #4]
+	# Calc b[3]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #24]
+	ldr	r5, [r0, #28]
+#else
+	ldrd	r4, r5, [r0, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #68]
+#else
+	ldrd	r6, r7, [r0, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #104]
+	ldr	r9, [r0, #108]
+#else
+	ldrd	r8, r9, [r0, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #144]
+	ldr	r11, [r0, #148]
+#else
+	ldrd	r10, r11, [r0, #144]
+#endif
+	ldr	r12, [r0, #184]
+	ldr	lr, [r0, #188]
+	eor	r4, r4, r6
+	eor	r5, r5, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r4, r4, r10
+	eor	r5, r5, r11
+	eor	r4, r4, r12
+	eor	r5, r5, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #24]
+	str	r5, [sp, #28]
+#else
+	strd	r4, r5, [sp, #24]
+#endif
+	# Calc t[2]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #8]
+	ldr	r3, [sp, #12]
+#else
+	ldrd	r2, r3, [sp, #8]
+#endif
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# Calc b[2] and XOR t[2] into s[x*5+2]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #16]
+	ldr	r5, [r0, #20]
+#else
+	ldrd	r4, r5, [r0, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #56]
+	ldr	r7, [r0, #60]
+#else
+	ldrd	r6, r7, [r0, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #100]
+#else
+	ldrd	r8, r9, [r0, #96]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #136]
+	ldr	r11, [r0, #140]
+#else
+	ldrd	r10, r11, [r0, #136]
+#endif
+	eor	r12, r4, r6
+	eor	lr, r5, r7
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [r0, #16]
+	str	r5, [r0, #20]
+#else
+	strd	r4, r5, [r0, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [r0, #56]
+	str	r7, [r0, #60]
+#else
+	strd	r6, r7, [r0, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [r0, #96]
+	str	r9, [r0, #100]
+#else
+	strd	r8, r9, [r0, #96]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #136]
+	str	r11, [r0, #140]
+#else
+	strd	r10, r11, [r0, #136]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #176]
+	ldr	r11, [r0, #180]
+#else
+	ldrd	r10, r11, [r0, #176]
+#endif
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #176]
+	str	r11, [r0, #180]
+#else
+	strd	r10, r11, [r0, #176]
+#endif
+	str	r12, [sp, #16]
+	str	lr, [sp, #20]
+	# Calc t[1]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r2, r3}
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	eor	r2, r2, lr, lsr #31
+	eor	r3, r3, r12, lsr #31
+	eor	r2, r2, r12, lsl #1
+	eor	r3, r3, lr, lsl #1
+	# XOR t[1] into s[x*5+1]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+#else
+	ldrd	r4, r5, [r0, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #48]
+	ldr	r7, [r0, #52]
+#else
+	ldrd	r6, r7, [r0, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #88]
+	ldr	r9, [r0, #92]
+#else
+	ldrd	r8, r9, [r0, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #128]
+	ldr	r11, [r0, #132]
+#else
+	ldrd	r10, r11, [r0, #128]
+#endif
+	ldr	r12, [r0, #168]
+	ldr	lr, [r0, #172]
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+#else
+	strd	r4, r5, [r0, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [r0, #48]
+	str	r7, [r0, #52]
+#else
+	strd	r6, r7, [r0, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [r0, #88]
+	str	r9, [r0, #92]
+#else
+	strd	r8, r9, [r0, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #128]
+	str	r11, [r0, #132]
+#else
+	strd	r10, r11, [r0, #128]
+#endif
+	str	r12, [r0, #168]
+	str	lr, [r0, #172]
+	# Calc t[3]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #16]
+	ldr	r3, [sp, #20]
+#else
+	ldrd	r2, r3, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #32]
+	ldr	r5, [sp, #36]
+#else
+	ldrd	r4, r5, [sp, #32]
+#endif
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# XOR t[3] into s[x*5+3]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #24]
+	ldr	r5, [r0, #28]
+#else
+	ldrd	r4, r5, [r0, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #68]
+#else
+	ldrd	r6, r7, [r0, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #104]
+	ldr	r9, [r0, #108]
+#else
+	ldrd	r8, r9, [r0, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #144]
+	ldr	r11, [r0, #148]
+#else
+	ldrd	r10, r11, [r0, #144]
+#endif
+	ldr	r12, [r0, #184]
+	ldr	lr, [r0, #188]
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [r0, #24]
+	str	r5, [r0, #28]
+#else
+	strd	r4, r5, [r0, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [r0, #64]
+	str	r7, [r0, #68]
+#else
+	strd	r6, r7, [r0, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [r0, #104]
+	str	r9, [r0, #108]
+#else
+	strd	r8, r9, [r0, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #144]
+	str	r11, [r0, #148]
+#else
+	strd	r10, r11, [r0, #144]
+#endif
+	str	r12, [r0, #184]
+	str	lr, [r0, #188]
+	# Calc t[4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #24]
+	ldr	r3, [sp, #28]
+#else
+	ldrd	r2, r3, [sp, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r4, r5}
+#else
+	ldrd	r4, r5, [sp]
+#endif
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# XOR t[4] into s[x*5+4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #36]
+#else
+	ldrd	r4, r5, [r0, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #72]
+	ldr	r7, [r0, #76]
+#else
+	ldrd	r6, r7, [r0, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #112]
+	ldr	r9, [r0, #116]
+#else
+	ldrd	r8, r9, [r0, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #152]
+	ldr	r11, [r0, #156]
+#else
+	ldrd	r10, r11, [r0, #152]
+#endif
+	ldr	r12, [r0, #192]
+	ldr	lr, [r0, #196]
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [r0, #32]
+	str	r5, [r0, #36]
+#else
+	strd	r4, r5, [r0, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [r0, #72]
+	str	r7, [r0, #76]
+#else
+	strd	r6, r7, [r0, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [r0, #112]
+	str	r9, [r0, #116]
+#else
+	strd	r8, r9, [r0, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [r0, #152]
+	str	r11, [r0, #156]
+#else
+	strd	r10, r11, [r0, #152]
+#endif
+	str	r12, [r0, #192]
+	str	lr, [r0, #196]
+	# Row Mix
+	# Row 0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	r0, {r2, r3}
+#else
+	ldrd	r2, r3, [r0]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #48]
+	ldr	r5, [r0, #52]
+#else
+	ldrd	r4, r5, [r0, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #96]
+	ldr	r7, [r0, #100]
+#else
+	ldrd	r6, r7, [r0, #96]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #144]
+	ldr	r9, [r0, #148]
+#else
+	ldrd	r8, r9, [r0, #144]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #192]
+	ldr	r11, [r0, #196]
+#else
+	ldrd	r10, r11, [r0, #192]
+#endif
+	# s[1] <<< 44
+	mov	lr, r4
+	lsr	r12, r5, #20
+	lsr	r4, r4, #20
+	orr	r4, r4, r5, lsl #12
+	orr	r5, r12, lr, lsl #12
+	# s[2] <<< 43
+	mov	lr, r6
+	lsr	r12, r7, #21
+	lsr	r6, r6, #21
+	orr	r6, r6, r7, lsl #11
+	orr	r7, r12, lr, lsl #11
+	# s[3] <<< 21
+	lsr	r12, r9, #11
+	lsr	lr, r8, #11
+	orr	r8, r12, r8, lsl #21
+	orr	r9, lr, r9, lsl #21
+	# s[4] <<< 14
+	lsr	r12, r11, #18
+	lsr	lr, r10, #18
+	orr	r10, r12, r10, lsl #14
+	orr	r11, lr, r11, lsl #14
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [sp, #8]
+	str	lr, [sp, #12]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [sp, #16]
+	str	lr, [sp, #20]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [sp, #24]
+	str	lr, [sp, #28]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [sp, #32]
+	str	lr, [sp, #36]
+	# Get constant
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	r1, {r10, r11}
+#else
+	ldrd	r10, r11, [r1]
+#endif
+	add	r1, r1, #8
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	# XOR in constant
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [sp]
+	str	lr, [sp, #4]
+	# Row 1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #24]
+	ldr	r3, [r0, #28]
+#else
+	ldrd	r2, r3, [r0, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #72]
+	ldr	r5, [r0, #76]
+#else
+	ldrd	r4, r5, [r0, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #80]
+	ldr	r7, [r0, #84]
+#else
+	ldrd	r6, r7, [r0, #80]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #128]
+	ldr	r9, [r0, #132]
+#else
+	ldrd	r8, r9, [r0, #128]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #176]
+	ldr	r11, [r0, #180]
+#else
+	ldrd	r10, r11, [r0, #176]
+#endif
+	# s[0] <<< 28
+	lsr	r12, r3, #4
+	lsr	lr, r2, #4
+	orr	r2, r12, r2, lsl #28
+	orr	r3, lr, r3, lsl #28
+	# s[1] <<< 20
+	lsr	r12, r5, #12
+	lsr	lr, r4, #12
+	orr	r4, r12, r4, lsl #20
+	orr	r5, lr, r5, lsl #20
+	# s[2] <<< 3
+	lsr	r12, r7, #29
+	lsr	lr, r6, #29
+	orr	r6, r12, r6, lsl #3
+	orr	r7, lr, r7, lsl #3
+	# s[3] <<< 45
+	mov	lr, r8
+	lsr	r12, r9, #19
+	lsr	r8, r8, #19
+	orr	r8, r8, r9, lsl #13
+	orr	r9, r12, lr, lsl #13
+	# s[4] <<< 61
+	mov	lr, r10
+	lsr	r12, r11, #3
+	lsr	r10, r10, #3
+	orr	r10, r10, r11, lsl #29
+	orr	r11, r12, lr, lsl #29
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [sp, #48]
+	str	lr, [sp, #52]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [sp, #56]
+	str	lr, [sp, #60]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [sp, #64]
+	str	lr, [sp, #68]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [sp, #72]
+	str	lr, [sp, #76]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [sp, #40]
+	str	lr, [sp, #44]
+	# Row 2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #8]
+	ldr	r3, [r0, #12]
+#else
+	ldrd	r2, r3, [r0, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #56]
+	ldr	r5, [r0, #60]
+#else
+	ldrd	r4, r5, [r0, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #104]
+	ldr	r7, [r0, #108]
+#else
+	ldrd	r6, r7, [r0, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #152]
+	ldr	r9, [r0, #156]
+#else
+	ldrd	r8, r9, [r0, #152]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #160]
+	ldr	r11, [r0, #164]
+#else
+	ldrd	r10, r11, [r0, #160]
+#endif
+	# s[0] <<< 1
+	lsr	r12, r3, #31
+	lsr	lr, r2, #31
+	orr	r2, r12, r2, lsl #1
+	orr	r3, lr, r3, lsl #1
+	# s[1] <<< 6
+	lsr	r12, r5, #26
+	lsr	lr, r4, #26
+	orr	r4, r12, r4, lsl #6
+	orr	r5, lr, r5, lsl #6
+	# s[2] <<< 25
+	lsr	r12, r7, #7
+	lsr	lr, r6, #7
+	orr	r6, r12, r6, lsl #25
+	orr	r7, lr, r7, lsl #25
+	# s[3] <<< 8
+	lsr	r12, r9, #24
+	lsr	lr, r8, #24
+	orr	r8, r12, r8, lsl #8
+	orr	r9, lr, r9, lsl #8
+	# s[4] <<< 18
+	lsr	r12, r11, #14
+	lsr	lr, r10, #14
+	orr	r10, r12, r10, lsl #18
+	orr	r11, lr, r11, lsl #18
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [sp, #88]
+	str	lr, [sp, #92]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [sp, #96]
+	str	lr, [sp, #100]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [sp, #104]
+	str	lr, [sp, #108]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [sp, #112]
+	str	lr, [sp, #116]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [sp, #80]
+	str	lr, [sp, #84]
+	# Row 3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #32]
+	ldr	r3, [r0, #36]
+#else
+	ldrd	r2, r3, [r0, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #40]
+	ldr	r5, [r0, #44]
+#else
+	ldrd	r4, r5, [r0, #40]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #88]
+	ldr	r7, [r0, #92]
+#else
+	ldrd	r6, r7, [r0, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #136]
+	ldr	r9, [r0, #140]
+#else
+	ldrd	r8, r9, [r0, #136]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #184]
+	ldr	r11, [r0, #188]
+#else
+	ldrd	r10, r11, [r0, #184]
+#endif
+	# s[0] <<< 27
+	lsr	r12, r3, #5
+	lsr	lr, r2, #5
+	orr	r2, r12, r2, lsl #27
+	orr	r3, lr, r3, lsl #27
+	# s[1] <<< 36
+	mov	lr, r4
+	lsr	r12, r5, #28
+	lsr	r4, r4, #28
+	orr	r4, r4, r5, lsl #4
+	orr	r5, r12, lr, lsl #4
+	# s[2] <<< 10
+	lsr	r12, r7, #22
+	lsr	lr, r6, #22
+	orr	r6, r12, r6, lsl #10
+	orr	r7, lr, r7, lsl #10
+	# s[3] <<< 15
+	lsr	r12, r9, #17
+	lsr	lr, r8, #17
+	orr	r8, r12, r8, lsl #15
+	orr	r9, lr, r9, lsl #15
+	# s[4] <<< 56
+	mov	lr, r10
+	lsr	r12, r11, #8
+	lsr	r10, r10, #8
+	orr	r10, r10, r11, lsl #24
+	orr	r11, r12, lr, lsl #24
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [sp, #128]
+	str	lr, [sp, #132]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [sp, #136]
+	str	lr, [sp, #140]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [sp, #144]
+	str	lr, [sp, #148]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [sp, #152]
+	str	lr, [sp, #156]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [sp, #120]
+	str	lr, [sp, #124]
+	# Row 4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #16]
+	ldr	r3, [r0, #20]
+#else
+	ldrd	r2, r3, [r0, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #64]
+	ldr	r5, [r0, #68]
+#else
+	ldrd	r4, r5, [r0, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [r0, #112]
+	ldr	r7, [r0, #116]
+#else
+	ldrd	r6, r7, [r0, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [r0, #120]
+	ldr	r9, [r0, #124]
+#else
+	ldrd	r8, r9, [r0, #120]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [r0, #168]
+	ldr	r11, [r0, #172]
+#else
+	ldrd	r10, r11, [r0, #168]
+#endif
+	# s[0] <<< 62
+	mov	lr, r2
+	lsr	r12, r3, #2
+	lsr	r2, r2, #2
+	orr	r2, r2, r3, lsl #30
+	orr	r3, r12, lr, lsl #30
+	# s[1] <<< 55
+	mov	lr, r4
+	lsr	r12, r5, #9
+	lsr	r4, r4, #9
+	orr	r4, r4, r5, lsl #23
+	orr	r5, r12, lr, lsl #23
+	# s[2] <<< 39
+	mov	lr, r6
+	lsr	r12, r7, #25
+	lsr	r6, r6, #25
+	orr	r6, r6, r7, lsl #7
+	orr	r7, r12, lr, lsl #7
+	# s[3] <<< 41
+	mov	lr, r8
+	lsr	r12, r9, #23
+	lsr	r8, r8, #23
+	orr	r8, r8, r9, lsl #9
+	orr	r9, r12, lr, lsl #9
+	# s[4] <<< 2
+	lsr	r12, r11, #30
+	lsr	lr, r10, #30
+	orr	r10, r12, r10, lsl #2
+	orr	r11, lr, r11, lsl #2
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [sp, #168]
+	str	lr, [sp, #172]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [sp, #176]
+	str	lr, [sp, #180]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [sp, #184]
+	str	lr, [sp, #188]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [sp, #192]
+	str	lr, [sp, #196]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [sp, #160]
+	str	lr, [sp, #164]
+	# Round odd
+	# Calc b[4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #32]
+	ldr	r5, [sp, #36]
+#else
+	ldrd	r4, r5, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #72]
+	ldr	r7, [sp, #76]
+#else
+	ldrd	r6, r7, [sp, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #112]
+	ldr	r9, [sp, #116]
+#else
+	ldrd	r8, r9, [sp, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #152]
+	ldr	r11, [sp, #156]
+#else
+	ldrd	r10, r11, [sp, #152]
+#endif
+	ldr	r12, [sp, #192]
+	ldr	lr, [sp, #196]
+	eor	r2, r4, r6
+	eor	r3, r5, r7
+	eor	r2, r2, r8
+	eor	r3, r3, r9
+	eor	r2, r2, r10
+	eor	r3, r3, r11
+	eor	r2, r2, r12
+	eor	r3, r3, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r2, [r0, #32]
+	str	r3, [r0, #36]
+#else
+	strd	r2, r3, [r0, #32]
+#endif
+	# Calc b[1]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #8]
+	ldr	r5, [sp, #12]
+#else
+	ldrd	r4, r5, [sp, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #48]
+	ldr	r7, [sp, #52]
+#else
+	ldrd	r6, r7, [sp, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #88]
+	ldr	r9, [sp, #92]
+#else
+	ldrd	r8, r9, [sp, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #128]
+	ldr	r11, [sp, #132]
+#else
+	ldrd	r10, r11, [sp, #128]
+#endif
+	ldr	r12, [sp, #168]
+	ldr	lr, [sp, #172]
+	eor	r4, r4, r6
+	eor	r5, r5, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r4, r4, r10
+	eor	r5, r5, r11
+	eor	r4, r4, r12
+	eor	r5, r5, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+#else
+	strd	r4, r5, [r0, #8]
+#endif
+	# Calc t[0]
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# Calc b[0] and XOR t[0] into s[x*5+0]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r4, r5}
+#else
+	ldrd	r4, r5, [sp]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #40]
+	ldr	r7, [sp, #44]
+#else
+	ldrd	r6, r7, [sp, #40]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #80]
+	ldr	r9, [sp, #84]
+#else
+	ldrd	r8, r9, [sp, #80]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #120]
+	ldr	r11, [sp, #124]
+#else
+	ldrd	r10, r11, [sp, #120]
+#endif
+	eor	r12, r4, r6
+	eor	lr, r5, r7
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	stm	sp, {r4, r5}
+#else
+	strd	r4, r5, [sp]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #40]
+	str	r7, [sp, #44]
+#else
+	strd	r6, r7, [sp, #40]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [sp, #80]
+	str	r9, [sp, #84]
+#else
+	strd	r8, r9, [sp, #80]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #120]
+	str	r11, [sp, #124]
+#else
+	strd	r10, r11, [sp, #120]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #160]
+	ldr	r11, [sp, #164]
+#else
+	ldrd	r10, r11, [sp, #160]
+#endif
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #160]
+	str	r11, [sp, #164]
+#else
+	strd	r10, r11, [sp, #160]
+#endif
+	str	r12, [r0]
+	str	lr, [r0, #4]
+	# Calc b[3]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #24]
+	ldr	r5, [sp, #28]
+#else
+	ldrd	r4, r5, [sp, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #64]
+	ldr	r7, [sp, #68]
+#else
+	ldrd	r6, r7, [sp, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #104]
+	ldr	r9, [sp, #108]
+#else
+	ldrd	r8, r9, [sp, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #144]
+	ldr	r11, [sp, #148]
+#else
+	ldrd	r10, r11, [sp, #144]
+#endif
+	ldr	r12, [sp, #184]
+	ldr	lr, [sp, #188]
+	eor	r4, r4, r6
+	eor	r5, r5, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r4, r4, r10
+	eor	r5, r5, r11
+	eor	r4, r4, r12
+	eor	r5, r5, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [r0, #24]
+	str	r5, [r0, #28]
+#else
+	strd	r4, r5, [r0, #24]
+#endif
+	# Calc t[2]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #8]
+	ldr	r3, [r0, #12]
+#else
+	ldrd	r2, r3, [r0, #8]
+#endif
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# Calc b[2] and XOR t[2] into s[x*5+2]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #16]
+	ldr	r5, [sp, #20]
+#else
+	ldrd	r4, r5, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #56]
+	ldr	r7, [sp, #60]
+#else
+	ldrd	r6, r7, [sp, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #96]
+	ldr	r9, [sp, #100]
+#else
+	ldrd	r8, r9, [sp, #96]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #136]
+	ldr	r11, [sp, #140]
+#else
+	ldrd	r10, r11, [sp, #136]
+#endif
+	eor	r12, r4, r6
+	eor	lr, r5, r7
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #16]
+	str	r5, [sp, #20]
+#else
+	strd	r4, r5, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #56]
+	str	r7, [sp, #60]
+#else
+	strd	r6, r7, [sp, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [sp, #96]
+	str	r9, [sp, #100]
+#else
+	strd	r8, r9, [sp, #96]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #136]
+	str	r11, [sp, #140]
+#else
+	strd	r10, r11, [sp, #136]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #176]
+	ldr	r11, [sp, #180]
+#else
+	ldrd	r10, r11, [sp, #176]
+#endif
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #176]
+	str	r11, [sp, #180]
+#else
+	strd	r10, r11, [sp, #176]
+#endif
+	str	r12, [r0, #16]
+	str	lr, [r0, #20]
+	# Calc t[1]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	r0, {r2, r3}
+#else
+	ldrd	r2, r3, [r0]
+#endif
+	eor	r2, r2, lr, lsr #31
+	eor	r3, r3, r12, lsr #31
+	eor	r2, r2, r12, lsl #1
+	eor	r3, r3, lr, lsl #1
+	# XOR t[1] into s[x*5+1]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #8]
+	ldr	r5, [sp, #12]
+#else
+	ldrd	r4, r5, [sp, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #48]
+	ldr	r7, [sp, #52]
+#else
+	ldrd	r6, r7, [sp, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #88]
+	ldr	r9, [sp, #92]
+#else
+	ldrd	r8, r9, [sp, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #128]
+	ldr	r11, [sp, #132]
+#else
+	ldrd	r10, r11, [sp, #128]
+#endif
+	ldr	r12, [sp, #168]
+	ldr	lr, [sp, #172]
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #8]
+	str	r5, [sp, #12]
+#else
+	strd	r4, r5, [sp, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #48]
+	str	r7, [sp, #52]
+#else
+	strd	r6, r7, [sp, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [sp, #88]
+	str	r9, [sp, #92]
+#else
+	strd	r8, r9, [sp, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #128]
+	str	r11, [sp, #132]
+#else
+	strd	r10, r11, [sp, #128]
+#endif
+	str	r12, [sp, #168]
+	str	lr, [sp, #172]
+	# Calc t[3]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #16]
+	ldr	r3, [r0, #20]
+#else
+	ldrd	r2, r3, [r0, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #36]
+#else
+	ldrd	r4, r5, [r0, #32]
+#endif
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# XOR t[3] into s[x*5+3]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #24]
+	ldr	r5, [sp, #28]
+#else
+	ldrd	r4, r5, [sp, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #64]
+	ldr	r7, [sp, #68]
+#else
+	ldrd	r6, r7, [sp, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #104]
+	ldr	r9, [sp, #108]
+#else
+	ldrd	r8, r9, [sp, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #144]
+	ldr	r11, [sp, #148]
+#else
+	ldrd	r10, r11, [sp, #144]
+#endif
+	ldr	r12, [sp, #184]
+	ldr	lr, [sp, #188]
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #24]
+	str	r5, [sp, #28]
+#else
+	strd	r4, r5, [sp, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #64]
+	str	r7, [sp, #68]
+#else
+	strd	r6, r7, [sp, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [sp, #104]
+	str	r9, [sp, #108]
+#else
+	strd	r8, r9, [sp, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #144]
+	str	r11, [sp, #148]
+#else
+	strd	r10, r11, [sp, #144]
+#endif
+	str	r12, [sp, #184]
+	str	lr, [sp, #188]
+	# Calc t[4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [r0, #24]
+	ldr	r3, [r0, #28]
+#else
+	ldrd	r2, r3, [r0, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	r0, {r4, r5}
+#else
+	ldrd	r4, r5, [r0]
+#endif
+	eor	r2, r2, r5, lsr #31
+	eor	r3, r3, r4, lsr #31
+	eor	r2, r2, r4, lsl #1
+	eor	r3, r3, r5, lsl #1
+	# XOR t[4] into s[x*5+4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #32]
+	ldr	r5, [sp, #36]
+#else
+	ldrd	r4, r5, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #72]
+	ldr	r7, [sp, #76]
+#else
+	ldrd	r6, r7, [sp, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #112]
+	ldr	r9, [sp, #116]
+#else
+	ldrd	r8, r9, [sp, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #152]
+	ldr	r11, [sp, #156]
+#else
+	ldrd	r10, r11, [sp, #152]
+#endif
+	ldr	r12, [sp, #192]
+	ldr	lr, [sp, #196]
+	eor	r4, r4, r2
+	eor	r5, r5, r3
+	eor	r6, r6, r2
+	eor	r7, r7, r3
+	eor	r8, r8, r2
+	eor	r9, r9, r3
+	eor	r10, r10, r2
+	eor	r11, r11, r3
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #32]
+	str	r5, [sp, #36]
+#else
+	strd	r4, r5, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #72]
+	str	r7, [sp, #76]
+#else
+	strd	r6, r7, [sp, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r8, [sp, #112]
+	str	r9, [sp, #116]
+#else
+	strd	r8, r9, [sp, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r10, [sp, #152]
+	str	r11, [sp, #156]
+#else
+	strd	r10, r11, [sp, #152]
+#endif
+	str	r12, [sp, #192]
+	str	lr, [sp, #196]
+	# Row Mix
+	# Row 0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r2, r3}
+#else
+	ldrd	r2, r3, [sp]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #48]
+	ldr	r5, [sp, #52]
+#else
+	ldrd	r4, r5, [sp, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #96]
+	ldr	r7, [sp, #100]
+#else
+	ldrd	r6, r7, [sp, #96]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #144]
+	ldr	r9, [sp, #148]
+#else
+	ldrd	r8, r9, [sp, #144]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #192]
+	ldr	r11, [sp, #196]
+#else
+	ldrd	r10, r11, [sp, #192]
+#endif
+	# s[1] <<< 44
+	mov	lr, r4
+	lsr	r12, r5, #20
+	lsr	r4, r4, #20
+	orr	r4, r4, r5, lsl #12
+	orr	r5, r12, lr, lsl #12
+	# s[2] <<< 43
+	mov	lr, r6
+	lsr	r12, r7, #21
+	lsr	r6, r6, #21
+	orr	r6, r6, r7, lsl #11
+	orr	r7, r12, lr, lsl #11
+	# s[3] <<< 21
+	lsr	r12, r9, #11
+	lsr	lr, r8, #11
+	orr	r8, r12, r8, lsl #21
+	orr	r9, lr, r9, lsl #21
+	# s[4] <<< 14
+	lsr	r12, r11, #18
+	lsr	lr, r10, #18
+	orr	r10, r12, r10, lsl #14
+	orr	r11, lr, r11, lsl #14
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [r0, #8]
+	str	lr, [r0, #12]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [r0, #16]
+	str	lr, [r0, #20]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [r0, #24]
+	str	lr, [r0, #28]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [r0, #32]
+	str	lr, [r0, #36]
+	# Get constant
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	r1, {r10, r11}
+#else
+	ldrd	r10, r11, [r1]
+#endif
+	add	r1, r1, #8
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	# XOR in constant
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [r0]
+	str	lr, [r0, #4]
+	# Row 1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #24]
+	ldr	r3, [sp, #28]
+#else
+	ldrd	r2, r3, [sp, #24]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #72]
+	ldr	r5, [sp, #76]
+#else
+	ldrd	r4, r5, [sp, #72]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #80]
+	ldr	r7, [sp, #84]
+#else
+	ldrd	r6, r7, [sp, #80]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #128]
+	ldr	r9, [sp, #132]
+#else
+	ldrd	r8, r9, [sp, #128]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #176]
+	ldr	r11, [sp, #180]
+#else
+	ldrd	r10, r11, [sp, #176]
+#endif
+	# s[0] <<< 28
+	lsr	r12, r3, #4
+	lsr	lr, r2, #4
+	orr	r2, r12, r2, lsl #28
+	orr	r3, lr, r3, lsl #28
+	# s[1] <<< 20
+	lsr	r12, r5, #12
+	lsr	lr, r4, #12
+	orr	r4, r12, r4, lsl #20
+	orr	r5, lr, r5, lsl #20
+	# s[2] <<< 3
+	lsr	r12, r7, #29
+	lsr	lr, r6, #29
+	orr	r6, r12, r6, lsl #3
+	orr	r7, lr, r7, lsl #3
+	# s[3] <<< 45
+	mov	lr, r8
+	lsr	r12, r9, #19
+	lsr	r8, r8, #19
+	orr	r8, r8, r9, lsl #13
+	orr	r9, r12, lr, lsl #13
+	# s[4] <<< 61
+	mov	lr, r10
+	lsr	r12, r11, #3
+	lsr	r10, r10, #3
+	orr	r10, r10, r11, lsl #29
+	orr	r11, r12, lr, lsl #29
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [r0, #48]
+	str	lr, [r0, #52]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [r0, #56]
+	str	lr, [r0, #60]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [r0, #64]
+	str	lr, [r0, #68]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [r0, #72]
+	str	lr, [r0, #76]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [r0, #40]
+	str	lr, [r0, #44]
+	# Row 2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #8]
+	ldr	r3, [sp, #12]
+#else
+	ldrd	r2, r3, [sp, #8]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #56]
+	ldr	r5, [sp, #60]
+#else
+	ldrd	r4, r5, [sp, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #104]
+	ldr	r7, [sp, #108]
+#else
+	ldrd	r6, r7, [sp, #104]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #152]
+	ldr	r9, [sp, #156]
+#else
+	ldrd	r8, r9, [sp, #152]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #160]
+	ldr	r11, [sp, #164]
+#else
+	ldrd	r10, r11, [sp, #160]
+#endif
+	# s[0] <<< 1
+	lsr	r12, r3, #31
+	lsr	lr, r2, #31
+	orr	r2, r12, r2, lsl #1
+	orr	r3, lr, r3, lsl #1
+	# s[1] <<< 6
+	lsr	r12, r5, #26
+	lsr	lr, r4, #26
+	orr	r4, r12, r4, lsl #6
+	orr	r5, lr, r5, lsl #6
+	# s[2] <<< 25
+	lsr	r12, r7, #7
+	lsr	lr, r6, #7
+	orr	r6, r12, r6, lsl #25
+	orr	r7, lr, r7, lsl #25
+	# s[3] <<< 8
+	lsr	r12, r9, #24
+	lsr	lr, r8, #24
+	orr	r8, r12, r8, lsl #8
+	orr	r9, lr, r9, lsl #8
+	# s[4] <<< 18
+	lsr	r12, r11, #14
+	lsr	lr, r10, #14
+	orr	r10, r12, r10, lsl #18
+	orr	r11, lr, r11, lsl #18
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [r0, #88]
+	str	lr, [r0, #92]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [r0, #96]
+	str	lr, [r0, #100]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [r0, #104]
+	str	lr, [r0, #108]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [r0, #112]
+	str	lr, [r0, #116]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [r0, #80]
+	str	lr, [r0, #84]
+	# Row 3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #32]
+	ldr	r3, [sp, #36]
+#else
+	ldrd	r2, r3, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #40]
+	ldr	r5, [sp, #44]
+#else
+	ldrd	r4, r5, [sp, #40]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #88]
+	ldr	r7, [sp, #92]
+#else
+	ldrd	r6, r7, [sp, #88]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #136]
+	ldr	r9, [sp, #140]
+#else
+	ldrd	r8, r9, [sp, #136]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #184]
+	ldr	r11, [sp, #188]
+#else
+	ldrd	r10, r11, [sp, #184]
+#endif
+	# s[0] <<< 27
+	lsr	r12, r3, #5
+	lsr	lr, r2, #5
+	orr	r2, r12, r2, lsl #27
+	orr	r3, lr, r3, lsl #27
+	# s[1] <<< 36
+	mov	lr, r4
+	lsr	r12, r5, #28
+	lsr	r4, r4, #28
+	orr	r4, r4, r5, lsl #4
+	orr	r5, r12, lr, lsl #4
+	# s[2] <<< 10
+	lsr	r12, r7, #22
+	lsr	lr, r6, #22
+	orr	r6, r12, r6, lsl #10
+	orr	r7, lr, r7, lsl #10
+	# s[3] <<< 15
+	lsr	r12, r9, #17
+	lsr	lr, r8, #17
+	orr	r8, r12, r8, lsl #15
+	orr	r9, lr, r9, lsl #15
+	# s[4] <<< 56
+	mov	lr, r10
+	lsr	r12, r11, #8
+	lsr	r10, r10, #8
+	orr	r10, r10, r11, lsl #24
+	orr	r11, r12, lr, lsl #24
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [r0, #128]
+	str	lr, [r0, #132]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [r0, #136]
+	str	lr, [r0, #140]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [r0, #144]
+	str	lr, [r0, #148]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [r0, #152]
+	str	lr, [r0, #156]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [r0, #120]
+	str	lr, [r0, #124]
+	# Row 4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #16]
+	ldr	r3, [sp, #20]
+#else
+	ldrd	r2, r3, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [sp, #64]
+	ldr	r5, [sp, #68]
+#else
+	ldrd	r4, r5, [sp, #64]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [sp, #112]
+	ldr	r7, [sp, #116]
+#else
+	ldrd	r6, r7, [sp, #112]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r8, [sp, #120]
+	ldr	r9, [sp, #124]
+#else
+	ldrd	r8, r9, [sp, #120]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r10, [sp, #168]
+	ldr	r11, [sp, #172]
+#else
+	ldrd	r10, r11, [sp, #168]
+#endif
+	# s[0] <<< 62
+	mov	lr, r2
+	lsr	r12, r3, #2
+	lsr	r2, r2, #2
+	orr	r2, r2, r3, lsl #30
+	orr	r3, r12, lr, lsl #30
+	# s[1] <<< 55
+	mov	lr, r4
+	lsr	r12, r5, #9
+	lsr	r4, r4, #9
+	orr	r4, r4, r5, lsl #23
+	orr	r5, r12, lr, lsl #23
+	# s[2] <<< 39
+	mov	lr, r6
+	lsr	r12, r7, #25
+	lsr	r6, r6, #25
+	orr	r6, r6, r7, lsl #7
+	orr	r7, r12, lr, lsl #7
+	# s[3] <<< 41
+	mov	lr, r8
+	lsr	r12, r9, #23
+	lsr	r8, r8, #23
+	orr	r8, r8, r9, lsl #9
+	orr	r9, r12, lr, lsl #9
+	# s[4] <<< 2
+	lsr	r12, r11, #30
+	lsr	lr, r10, #30
+	orr	r10, r12, r10, lsl #2
+	orr	r11, lr, r11, lsl #2
+	bic	r12, r8, r6
+	bic	lr, r9, r7
+	eor	r12, r12, r4
+	eor	lr, lr, r5
+	str	r12, [r0, #168]
+	str	lr, [r0, #172]
+	bic	r12, r10, r8
+	bic	lr, r11, r9
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	str	r12, [r0, #176]
+	str	lr, [r0, #180]
+	bic	r12, r2, r10
+	bic	lr, r3, r11
+	eor	r12, r12, r8
+	eor	lr, lr, r9
+	str	r12, [r0, #184]
+	str	lr, [r0, #188]
+	bic	r12, r4, r2
+	bic	lr, r5, r3
+	eor	r12, r12, r10
+	eor	lr, lr, r11
+	str	r12, [r0, #192]
+	str	lr, [r0, #196]
+	bic	r12, r6, r4
+	bic	lr, r7, r5
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	str	r12, [r0, #160]
+	str	lr, [r0, #164]
+	ldr	r2, [sp, #200]
+	subs	r2, r2, #1
+	bne	L_sha3_arm32_begin
+	add	sp, sp, #0xcc
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	BlockSha3,.-BlockSha3
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* WOLFSSL_SHA3 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
new file mode 100644
index 000000000..0caad5e90
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
@@ -0,0 +1,2345 @@
+/* armv8-32-sha3-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./sha3/sha3.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef WOLFSSL_SHA3
+#ifndef WOLFSSL_ARMASM_NO_NEON
+static const word64 L_sha3_arm2_neon_rt[] = {
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL,
+};
+
+#include <wolfssl/wolfcrypt/sha3.h>
+
+void BlockSha3(word64* state_p)
+{
+    register word64* state asm ("r0") = (word64*)state_p;
+    register word64* L_sha3_arm2_neon_rt_c asm ("r1") =
+        (word64*)&L_sha3_arm2_neon_rt;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #16\n\t"
+        "mov	r2, #24\n\t"
+        "mov	r3, sp\n\t"
+        "vld1.8	{d0-d3}, [%[state]]!\n\t"
+        "vld1.8	{d4-d7}, [%[state]]!\n\t"
+        "vld1.8	{d8-d11}, [%[state]]!\n\t"
+        "vld1.8	{d12-d15}, [%[state]]!\n\t"
+        "vld1.8	{d16-d19}, [%[state]]!\n\t"
+        "vld1.8	{d20-d23}, [%[state]]!\n\t"
+        "vld1.8	{d24}, [%[state]]\n\t"
+        "sub	%[state], %[state], #0xc0\n\t"
+        "\n"
+    "L_sha3_arm32_neon_begin_%=: \n\t"
+        /* Calc b[0..4] */
+        "veor	d26, d0, d5\n\t"
+        "veor	d27, d1, d6\n\t"
+        "veor	d28, d2, d7\n\t"
+        "veor	d29, d3, d8\n\t"
+        "veor	d25, d4, d9\n\t"
+        "veor	d26, d26, d10\n\t"
+        "veor	d27, d27, d11\n\t"
+        "veor	d28, d28, d12\n\t"
+        "veor	d29, d29, d13\n\t"
+        "veor	d25, d25, d14\n\t"
+        "veor	d26, d26, d15\n\t"
+        "veor	d27, d27, d16\n\t"
+        "veor	d28, d28, d17\n\t"
+        "veor	d29, d29, d18\n\t"
+        "veor	d25, d25, d19\n\t"
+        "veor	d26, d26, d20\n\t"
+        "veor	d27, d27, d21\n\t"
+        "veor	d28, d28, d22\n\t"
+        "veor	d29, d29, d23\n\t"
+        "veor	d25, d25, d24\n\t"
+        "vst1.8	{d25-d26}, [r3]\n\t"
+        /* Calc t[0..4] and XOR into s[i*5..i*5+4] */
+        /* t[0] */
+        "vshr.u64	d30, d27, #63\n\t"
+        "vshl.u64	d31, d27, #1\n\t"
+        "veor	d25, d25, d30\n\t"
+        "veor	d25, d25, d31\n\t"
+        /* t[1] */
+        "vshr.u64	d30, d28, #63\n\t"
+        "vshl.u64	d31, d28, #1\n\t"
+        "veor	d26, d26, d30\n\t"
+        "veor	d26, d26, d31\n\t"
+        /* t[2] */
+        "vshr.u64	d30, d29, #63\n\t"
+        "vshl.u64	d31, d29, #1\n\t"
+        "veor	d27, d27, d30\n\t"
+        "veor	d27, d27, d31\n\t"
+        /* t[3] */
+        "vldr.8	d31, [r3]\n\t"
+        "vshr.u64	d30, d31, #63\n\t"
+        "vshl.u64	d31, d31, #1\n\t"
+        "veor	d28, d28, d30\n\t"
+        "veor	d28, d28, d31\n\t"
+        /* t[4] */
+        "vldr.8	d31, [r3, #8]\n\t"
+        "vshr.u64	d30, d31, #63\n\t"
+        "vshl.u64	d31, d31, #1\n\t"
+        "veor	d29, d29, d30\n\t"
+        "veor	d29, d29, d31\n\t"
+        "sub	r3, r3, #16\n\t"
+        "veor	d0, d0, d25\n\t"
+        /* s[1] => s[10] (tmp) */
+        "veor	d30, d1, d26\n\t"
+        "vshr.u64	d31, d30, #63\n\t"
+        "vshl.u64	d30, d30, #1\n\t"
+        "veor	d30, d30, d31\n\t"
+        /* s[6] => s[1] */
+        "veor	d1, d6, d26\n\t"
+        "vshr.u64	d31, d1, #20\n\t"
+        "vshl.u64	d1, d1, #44\n\t"
+        "veor	d1, d1, d31\n\t"
+        /* s[9] => s[6] */
+        "veor	d6, d9, d29\n\t"
+        "vshr.u64	d31, d6, #44\n\t"
+        "vshl.u64	d6, d6, #20\n\t"
+        "veor	d6, d6, d31\n\t"
+        /* s[22] => s[9] */
+        "veor	d9, d22, d27\n\t"
+        "vshr.u64	d31, d9, #3\n\t"
+        "vshl.u64	d9, d9, #61\n\t"
+        "veor	d9, d9, d31\n\t"
+        /* s[14] => s[22] */
+        "veor	d22, d14, d29\n\t"
+        "vshr.u64	d31, d22, #25\n\t"
+        "vshl.u64	d22, d22, #39\n\t"
+        "veor	d22, d22, d31\n\t"
+        /* s[20] => s[14] */
+        "veor	d14, d20, d25\n\t"
+        "vshr.u64	d31, d14, #46\n\t"
+        "vshl.u64	d14, d14, #18\n\t"
+        "veor	d14, d14, d31\n\t"
+        /* s[2] => s[20] */
+        "veor	d20, d2, d27\n\t"
+        "vshr.u64	d31, d20, #2\n\t"
+        "vshl.u64	d20, d20, #62\n\t"
+        "veor	d20, d20, d31\n\t"
+        /* s[12] => s[2] */
+        "veor	d2, d12, d27\n\t"
+        "vshr.u64	d31, d2, #21\n\t"
+        "vshl.u64	d2, d2, #43\n\t"
+        "veor	d2, d2, d31\n\t"
+        /* s[13] => s[12] */
+        "veor	d12, d13, d28\n\t"
+        "vshr.u64	d31, d12, #39\n\t"
+        "vshl.u64	d12, d12, #25\n\t"
+        "veor	d12, d12, d31\n\t"
+        /* s[19] => s[13] */
+        "veor	d13, d19, d29\n\t"
+        "vshr.u64	d31, d13, #56\n\t"
+        "vshl.u64	d13, d13, #8\n\t"
+        "veor	d13, d13, d31\n\t"
+        /* s[23] => s[19] */
+        "veor	d19, d23, d28\n\t"
+        "vshr.u64	d31, d19, #8\n\t"
+        "vshl.u64	d19, d19, #56\n\t"
+        "veor	d19, d19, d31\n\t"
+        /* s[15] => s[23] */
+        "veor	d23, d15, d25\n\t"
+        "vshr.u64	d31, d23, #23\n\t"
+        "vshl.u64	d23, d23, #41\n\t"
+        "veor	d23, d23, d31\n\t"
+        /* s[4] => s[15] */
+        "veor	d15, d4, d29\n\t"
+        "vshr.u64	d31, d15, #37\n\t"
+        "vshl.u64	d15, d15, #27\n\t"
+        "veor	d15, d15, d31\n\t"
+        /* s[24] => s[4] */
+        "veor	d4, d24, d29\n\t"
+        "vshr.u64	d31, d4, #50\n\t"
+        "vshl.u64	d4, d4, #14\n\t"
+        "veor	d4, d4, d31\n\t"
+        /* s[21] => s[24] */
+        "veor	d24, d21, d26\n\t"
+        "vshr.u64	d31, d24, #62\n\t"
+        "vshl.u64	d24, d24, #2\n\t"
+        "veor	d24, d24, d31\n\t"
+        /* s[8] => s[21] */
+        "veor	d21, d8, d28\n\t"
+        "vshr.u64	d31, d21, #9\n\t"
+        "vshl.u64	d21, d21, #55\n\t"
+        "veor	d21, d21, d31\n\t"
+        /* s[16] => s[8] */
+        "veor	d8, d16, d26\n\t"
+        "vshr.u64	d31, d8, #19\n\t"
+        "vshl.u64	d8, d8, #45\n\t"
+        "veor	d8, d8, d31\n\t"
+        /* s[5] => s[16] */
+        "veor	d16, d5, d25\n\t"
+        "vshr.u64	d31, d16, #28\n\t"
+        "vshl.u64	d16, d16, #36\n\t"
+        "veor	d16, d16, d31\n\t"
+        /* s[3] => s[5] */
+        "veor	d5, d3, d28\n\t"
+        "vshr.u64	d31, d5, #36\n\t"
+        "vshl.u64	d5, d5, #28\n\t"
+        "veor	d5, d5, d31\n\t"
+        /* s[18] => s[3] */
+        "veor	d3, d18, d28\n\t"
+        "vshr.u64	d31, d3, #43\n\t"
+        "vshl.u64	d3, d3, #21\n\t"
+        "veor	d3, d3, d31\n\t"
+        /* s[17] => s[18] */
+        "veor	d18, d17, d27\n\t"
+        "vshr.u64	d31, d18, #49\n\t"
+        "vshl.u64	d18, d18, #15\n\t"
+        "veor	d18, d18, d31\n\t"
+        /* s[11] => s[17] */
+        "veor	d17, d11, d26\n\t"
+        "vshr.u64	d31, d17, #54\n\t"
+        "vshl.u64	d17, d17, #10\n\t"
+        "veor	d17, d17, d31\n\t"
+        /* s[7] => s[11] */
+        "veor	d11, d7, d27\n\t"
+        "vshr.u64	d31, d11, #58\n\t"
+        "vshl.u64	d11, d11, #6\n\t"
+        "veor	d11, d11, d31\n\t"
+        /* s[10] => s[7] */
+        "veor	d7, d10, d25\n\t"
+        "vshr.u64	d31, d7, #61\n\t"
+        "vshl.u64	d7, d7, #3\n\t"
+        "veor	d7, d7, d31\n\t"
+        /* Row Mix */
+        "vmov	d25, d0\n\t"
+        "vmov	d26, d1\n\t"
+        "vbic	d31, d2, d26\n\t"
+        "veor	d0, d25, d31\n\t"
+        "vbic	d31, d3, d2\n\t"
+        "veor	d1, d26, d31\n\t"
+        "vbic	d31, d4, d3\n\t"
+        "veor	d2, d2, d31\n\t"
+        "vbic	d31, d25, d4\n\t"
+        "veor	d3, d3, d31\n\t"
+        "vbic	d31, d26, d25\n\t"
+        "veor	d4, d4, d31\n\t"
+        "vmov	d25, d5\n\t"
+        "vmov	d26, d6\n\t"
+        "vbic	d31, d7, d26\n\t"
+        "veor	d5, d25, d31\n\t"
+        "vbic	d31, d8, d7\n\t"
+        "veor	d6, d26, d31\n\t"
+        "vbic	d31, d9, d8\n\t"
+        "veor	d7, d7, d31\n\t"
+        "vbic	d31, d25, d9\n\t"
+        "veor	d8, d8, d31\n\t"
+        "vbic	d31, d26, d25\n\t"
+        "veor	d9, d9, d31\n\t"
+        "vmov	d26, d11\n\t"
+        "vbic	d31, d12, d26\n\t"
+        "veor	d10, d30, d31\n\t"
+        "vbic	d31, d13, d12\n\t"
+        "veor	d11, d26, d31\n\t"
+        "vbic	d31, d14, d13\n\t"
+        "veor	d12, d12, d31\n\t"
+        "vbic	d31, d30, d14\n\t"
+        "veor	d13, d13, d31\n\t"
+        "vbic	d31, d26, d30\n\t"
+        "veor	d14, d14, d31\n\t"
+        "vmov	d25, d15\n\t"
+        "vmov	d26, d16\n\t"
+        "vbic	d31, d17, d26\n\t"
+        "veor	d15, d25, d31\n\t"
+        "vbic	d31, d18, d17\n\t"
+        "veor	d16, d26, d31\n\t"
+        "vbic	d31, d19, d18\n\t"
+        "veor	d17, d17, d31\n\t"
+        "vbic	d31, d25, d19\n\t"
+        "veor	d18, d18, d31\n\t"
+        "vbic	d31, d26, d25\n\t"
+        "veor	d19, d19, d31\n\t"
+        "vmov	d25, d20\n\t"
+        "vmov	d26, d21\n\t"
+        "vbic	d31, d22, d26\n\t"
+        "veor	d20, d25, d31\n\t"
+        "vbic	d31, d23, d22\n\t"
+        "veor	d21, d26, d31\n\t"
+        "vbic	d31, d24, d23\n\t"
+        "veor	d22, d22, d31\n\t"
+        "vbic	d31, d25, d24\n\t"
+        "veor	d23, d23, d31\n\t"
+        "vbic	d31, d26, d25\n\t"
+        "veor	d24, d24, d31\n\t"
+        "vld1.8	{d30}, [r1]!\n\t"
+        "subs	r2, r2, #1\n\t"
+        "veor	d0, d0, d30\n\t"
+        "bne	L_sha3_arm32_neon_begin_%=\n\t"
+        "vst1.8	{d0-d3}, [%[state]]!\n\t"
+        "vst1.8	{d4-d7}, [%[state]]!\n\t"
+        "vst1.8	{d8-d11}, [%[state]]!\n\t"
+        "vst1.8	{d12-d15}, [%[state]]!\n\t"
+        "vst1.8	{d16-d19}, [%[state]]!\n\t"
+        "vst1.8	{d20-d23}, [%[state]]!\n\t"
+        "vst1.8	{d24}, [%[state]]\n\t"
+        "add	sp, sp, #16\n\t"
+        : [state] "+r" (state),
+          [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c)
+        :
+        : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6",
+            "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16",
+            "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25",
+            "d26", "d27", "d28", "d29", "d30", "d31"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#ifdef WOLFSSL_ARMASM_NO_NEON
+static const word64 L_sha3_arm2_rt[] = {
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL,
+};
+
+#include <wolfssl/wolfcrypt/sha3.h>
+
+void BlockSha3(word64* state_p)
+{
+    register word64* state asm ("r0") = (word64*)state_p;
+    register word64* L_sha3_arm2_rt_c asm ("r1") = (word64*)&L_sha3_arm2_rt;
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #0xcc\n\t"
+        "mov	r2, #12\n\t"
+        "\n"
+    "L_sha3_arm32_begin_%=: \n\t"
+        "str	r2, [sp, #200]\n\t"
+        /* Round even */
+        /* Calc b[4] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #32]\n\t"
+        "ldr	r5, [%[state], #36]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #72]\n\t"
+        "ldr	r7, [%[state], #76]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #112]\n\t"
+        "ldr	r9, [%[state], #116]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #152]\n\t"
+        "ldr	r11, [%[state], #156]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #152]\n\t"
+#endif
+        "ldr	r12, [%[state], #192]\n\t"
+        "ldr	lr, [%[state], #196]\n\t"
+        "eor	r2, r4, r6\n\t"
+        "eor	r3, r5, r7\n\t"
+        "eor	r2, r2, r8\n\t"
+        "eor	r3, r3, r9\n\t"
+        "eor	r2, r2, r10\n\t"
+        "eor	r3, r3, r11\n\t"
+        "eor	r2, r2, r12\n\t"
+        "eor	r3, r3, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r2, [sp, #32]\n\t"
+        "str	r3, [sp, #36]\n\t"
+#else
+        "strd	r2, r3, [sp, #32]\n\t"
+#endif
+        /* Calc b[1] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #8]\n\t"
+        "ldr	r5, [%[state], #12]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #48]\n\t"
+        "ldr	r7, [%[state], #52]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #88]\n\t"
+        "ldr	r9, [%[state], #92]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #128]\n\t"
+        "ldr	r11, [%[state], #132]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #128]\n\t"
+#endif
+        "ldr	r12, [%[state], #168]\n\t"
+        "ldr	lr, [%[state], #172]\n\t"
+        "eor	r4, r4, r6\n\t"
+        "eor	r5, r5, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r4, r4, r10\n\t"
+        "eor	r5, r5, r11\n\t"
+        "eor	r4, r4, r12\n\t"
+        "eor	r5, r5, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #8]\n\t"
+        "str	r5, [sp, #12]\n\t"
+#else
+        "strd	r4, r5, [sp, #8]\n\t"
+#endif
+        /* Calc t[0] */
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* Calc b[0] and XOR t[0] into s[x*5+0] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	r0, {r4, r5}\n\t"
+#else
+        "ldrd	r4, r5, [%[state]]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #40]\n\t"
+        "ldr	r7, [%[state], #44]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #40]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #80]\n\t"
+        "ldr	r9, [%[state], #84]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #80]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #120]\n\t"
+        "ldr	r11, [%[state], #124]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #120]\n\t"
+#endif
+        "eor	r12, r4, r6\n\t"
+        "eor	lr, r5, r7\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "stm	r0, {r4, r5}\n\t"
+#else
+        "strd	r4, r5, [%[state]]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [%[state], #40]\n\t"
+        "str	r7, [%[state], #44]\n\t"
+#else
+        "strd	r6, r7, [%[state], #40]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [%[state], #80]\n\t"
+        "str	r9, [%[state], #84]\n\t"
+#else
+        "strd	r8, r9, [%[state], #80]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #120]\n\t"
+        "str	r11, [%[state], #124]\n\t"
+#else
+        "strd	r10, r11, [%[state], #120]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #160]\n\t"
+        "ldr	r11, [%[state], #164]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #160]\n\t"
+#endif
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #160]\n\t"
+        "str	r11, [%[state], #164]\n\t"
+#else
+        "strd	r10, r11, [%[state], #160]\n\t"
+#endif
+        "str	r12, [sp]\n\t"
+        "str	lr, [sp, #4]\n\t"
+        /* Calc b[3] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #24]\n\t"
+        "ldr	r5, [%[state], #28]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #64]\n\t"
+        "ldr	r7, [%[state], #68]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #104]\n\t"
+        "ldr	r9, [%[state], #108]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #144]\n\t"
+        "ldr	r11, [%[state], #148]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #144]\n\t"
+#endif
+        "ldr	r12, [%[state], #184]\n\t"
+        "ldr	lr, [%[state], #188]\n\t"
+        "eor	r4, r4, r6\n\t"
+        "eor	r5, r5, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r4, r4, r10\n\t"
+        "eor	r5, r5, r11\n\t"
+        "eor	r4, r4, r12\n\t"
+        "eor	r5, r5, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #24]\n\t"
+        "str	r5, [sp, #28]\n\t"
+#else
+        "strd	r4, r5, [sp, #24]\n\t"
+#endif
+        /* Calc t[2] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #8]\n\t"
+        "ldr	r3, [sp, #12]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #8]\n\t"
+#endif
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* Calc b[2] and XOR t[2] into s[x*5+2] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #16]\n\t"
+        "ldr	r5, [%[state], #20]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #56]\n\t"
+        "ldr	r7, [%[state], #60]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #96]\n\t"
+        "ldr	r9, [%[state], #100]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #96]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #136]\n\t"
+        "ldr	r11, [%[state], #140]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #136]\n\t"
+#endif
+        "eor	r12, r4, r6\n\t"
+        "eor	lr, r5, r7\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [%[state], #16]\n\t"
+        "str	r5, [%[state], #20]\n\t"
+#else
+        "strd	r4, r5, [%[state], #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [%[state], #56]\n\t"
+        "str	r7, [%[state], #60]\n\t"
+#else
+        "strd	r6, r7, [%[state], #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [%[state], #96]\n\t"
+        "str	r9, [%[state], #100]\n\t"
+#else
+        "strd	r8, r9, [%[state], #96]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #136]\n\t"
+        "str	r11, [%[state], #140]\n\t"
+#else
+        "strd	r10, r11, [%[state], #136]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #176]\n\t"
+        "ldr	r11, [%[state], #180]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #176]\n\t"
+#endif
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #176]\n\t"
+        "str	r11, [%[state], #180]\n\t"
+#else
+        "strd	r10, r11, [%[state], #176]\n\t"
+#endif
+        "str	r12, [sp, #16]\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* Calc t[1] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "eor	r2, r2, lr, lsr #31\n\t"
+        "eor	r3, r3, r12, lsr #31\n\t"
+        "eor	r2, r2, r12, lsl #1\n\t"
+        "eor	r3, r3, lr, lsl #1\n\t"
+        /* XOR t[1] into s[x*5+1] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #8]\n\t"
+        "ldr	r5, [%[state], #12]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #48]\n\t"
+        "ldr	r7, [%[state], #52]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #88]\n\t"
+        "ldr	r9, [%[state], #92]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #128]\n\t"
+        "ldr	r11, [%[state], #132]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #128]\n\t"
+#endif
+        "ldr	r12, [%[state], #168]\n\t"
+        "ldr	lr, [%[state], #172]\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [%[state], #8]\n\t"
+        "str	r5, [%[state], #12]\n\t"
+#else
+        "strd	r4, r5, [%[state], #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [%[state], #48]\n\t"
+        "str	r7, [%[state], #52]\n\t"
+#else
+        "strd	r6, r7, [%[state], #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [%[state], #88]\n\t"
+        "str	r9, [%[state], #92]\n\t"
+#else
+        "strd	r8, r9, [%[state], #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #128]\n\t"
+        "str	r11, [%[state], #132]\n\t"
+#else
+        "strd	r10, r11, [%[state], #128]\n\t"
+#endif
+        "str	r12, [%[state], #168]\n\t"
+        "str	lr, [%[state], #172]\n\t"
+        /* Calc t[3] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #16]\n\t"
+        "ldr	r3, [sp, #20]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #32]\n\t"
+        "ldr	r5, [sp, #36]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #32]\n\t"
+#endif
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* XOR t[3] into s[x*5+3] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #24]\n\t"
+        "ldr	r5, [%[state], #28]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #64]\n\t"
+        "ldr	r7, [%[state], #68]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #104]\n\t"
+        "ldr	r9, [%[state], #108]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #144]\n\t"
+        "ldr	r11, [%[state], #148]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #144]\n\t"
+#endif
+        "ldr	r12, [%[state], #184]\n\t"
+        "ldr	lr, [%[state], #188]\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [%[state], #24]\n\t"
+        "str	r5, [%[state], #28]\n\t"
+#else
+        "strd	r4, r5, [%[state], #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [%[state], #64]\n\t"
+        "str	r7, [%[state], #68]\n\t"
+#else
+        "strd	r6, r7, [%[state], #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [%[state], #104]\n\t"
+        "str	r9, [%[state], #108]\n\t"
+#else
+        "strd	r8, r9, [%[state], #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #144]\n\t"
+        "str	r11, [%[state], #148]\n\t"
+#else
+        "strd	r10, r11, [%[state], #144]\n\t"
+#endif
+        "str	r12, [%[state], #184]\n\t"
+        "str	lr, [%[state], #188]\n\t"
+        /* Calc t[4] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #24]\n\t"
+        "ldr	r3, [sp, #28]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r4, r5}\n\t"
+#else
+        "ldrd	r4, r5, [sp]\n\t"
+#endif
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* XOR t[4] into s[x*5+4] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #32]\n\t"
+        "ldr	r5, [%[state], #36]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #72]\n\t"
+        "ldr	r7, [%[state], #76]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #112]\n\t"
+        "ldr	r9, [%[state], #116]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #152]\n\t"
+        "ldr	r11, [%[state], #156]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #152]\n\t"
+#endif
+        "ldr	r12, [%[state], #192]\n\t"
+        "ldr	lr, [%[state], #196]\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [%[state], #32]\n\t"
+        "str	r5, [%[state], #36]\n\t"
+#else
+        "strd	r4, r5, [%[state], #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [%[state], #72]\n\t"
+        "str	r7, [%[state], #76]\n\t"
+#else
+        "strd	r6, r7, [%[state], #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [%[state], #112]\n\t"
+        "str	r9, [%[state], #116]\n\t"
+#else
+        "strd	r8, r9, [%[state], #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [%[state], #152]\n\t"
+        "str	r11, [%[state], #156]\n\t"
+#else
+        "strd	r10, r11, [%[state], #152]\n\t"
+#endif
+        "str	r12, [%[state], #192]\n\t"
+        "str	lr, [%[state], #196]\n\t"
+        /* Row Mix */
+        /* Row 0 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	r0, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [%[state]]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #48]\n\t"
+        "ldr	r5, [%[state], #52]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #96]\n\t"
+        "ldr	r7, [%[state], #100]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #96]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #144]\n\t"
+        "ldr	r9, [%[state], #148]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #144]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #192]\n\t"
+        "ldr	r11, [%[state], #196]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #192]\n\t"
+#endif
+        /* s[1] <<< 44 */
+        "mov	lr, r4\n\t"
+        "lsr	r12, r5, #20\n\t"
+        "lsr	r4, r4, #20\n\t"
+        "orr	r4, r4, r5, lsl #12\n\t"
+        "orr	r5, r12, lr, lsl #12\n\t"
+        /* s[2] <<< 43 */
+        "mov	lr, r6\n\t"
+        "lsr	r12, r7, #21\n\t"
+        "lsr	r6, r6, #21\n\t"
+        "orr	r6, r6, r7, lsl #11\n\t"
+        "orr	r7, r12, lr, lsl #11\n\t"
+        /* s[3] <<< 21 */
+        "lsr	r12, r9, #11\n\t"
+        "lsr	lr, r8, #11\n\t"
+        "orr	r8, r12, r8, lsl #21\n\t"
+        "orr	r9, lr, r9, lsl #21\n\t"
+        /* s[4] <<< 14 */
+        "lsr	r12, r11, #18\n\t"
+        "lsr	lr, r10, #18\n\t"
+        "orr	r10, r12, r10, lsl #14\n\t"
+        "orr	r11, lr, r11, lsl #14\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [sp, #8]\n\t"
+        "str	lr, [sp, #12]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [sp, #16]\n\t"
+        "str	lr, [sp, #20]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [sp, #24]\n\t"
+        "str	lr, [sp, #28]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [sp, #32]\n\t"
+        "str	lr, [sp, #36]\n\t"
+        /* Get constant */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	r1, {r10, r11}\n\t"
+#else
+        "ldrd	r10, r11, [r1]\n\t"
+#endif
+        "add	r1, r1, #8\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        /* XOR in constant */
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [sp]\n\t"
+        "str	lr, [sp, #4]\n\t"
+        /* Row 1 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #24]\n\t"
+        "ldr	r3, [%[state], #28]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #72]\n\t"
+        "ldr	r5, [%[state], #76]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #80]\n\t"
+        "ldr	r7, [%[state], #84]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #80]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #128]\n\t"
+        "ldr	r9, [%[state], #132]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #128]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #176]\n\t"
+        "ldr	r11, [%[state], #180]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #176]\n\t"
+#endif
+        /* s[0] <<< 28 */
+        "lsr	r12, r3, #4\n\t"
+        "lsr	lr, r2, #4\n\t"
+        "orr	r2, r12, r2, lsl #28\n\t"
+        "orr	r3, lr, r3, lsl #28\n\t"
+        /* s[1] <<< 20 */
+        "lsr	r12, r5, #12\n\t"
+        "lsr	lr, r4, #12\n\t"
+        "orr	r4, r12, r4, lsl #20\n\t"
+        "orr	r5, lr, r5, lsl #20\n\t"
+        /* s[2] <<< 3 */
+        "lsr	r12, r7, #29\n\t"
+        "lsr	lr, r6, #29\n\t"
+        "orr	r6, r12, r6, lsl #3\n\t"
+        "orr	r7, lr, r7, lsl #3\n\t"
+        /* s[3] <<< 45 */
+        "mov	lr, r8\n\t"
+        "lsr	r12, r9, #19\n\t"
+        "lsr	r8, r8, #19\n\t"
+        "orr	r8, r8, r9, lsl #13\n\t"
+        "orr	r9, r12, lr, lsl #13\n\t"
+        /* s[4] <<< 61 */
+        "mov	lr, r10\n\t"
+        "lsr	r12, r11, #3\n\t"
+        "lsr	r10, r10, #3\n\t"
+        "orr	r10, r10, r11, lsl #29\n\t"
+        "orr	r11, r12, lr, lsl #29\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [sp, #48]\n\t"
+        "str	lr, [sp, #52]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [sp, #56]\n\t"
+        "str	lr, [sp, #60]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [sp, #64]\n\t"
+        "str	lr, [sp, #68]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [sp, #72]\n\t"
+        "str	lr, [sp, #76]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [sp, #40]\n\t"
+        "str	lr, [sp, #44]\n\t"
+        /* Row 2 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #8]\n\t"
+        "ldr	r3, [%[state], #12]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #56]\n\t"
+        "ldr	r5, [%[state], #60]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #104]\n\t"
+        "ldr	r7, [%[state], #108]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #152]\n\t"
+        "ldr	r9, [%[state], #156]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #152]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #160]\n\t"
+        "ldr	r11, [%[state], #164]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #160]\n\t"
+#endif
+        /* s[0] <<< 1 */
+        "lsr	r12, r3, #31\n\t"
+        "lsr	lr, r2, #31\n\t"
+        "orr	r2, r12, r2, lsl #1\n\t"
+        "orr	r3, lr, r3, lsl #1\n\t"
+        /* s[1] <<< 6 */
+        "lsr	r12, r5, #26\n\t"
+        "lsr	lr, r4, #26\n\t"
+        "orr	r4, r12, r4, lsl #6\n\t"
+        "orr	r5, lr, r5, lsl #6\n\t"
+        /* s[2] <<< 25 */
+        "lsr	r12, r7, #7\n\t"
+        "lsr	lr, r6, #7\n\t"
+        "orr	r6, r12, r6, lsl #25\n\t"
+        "orr	r7, lr, r7, lsl #25\n\t"
+        /* s[3] <<< 8 */
+        "lsr	r12, r9, #24\n\t"
+        "lsr	lr, r8, #24\n\t"
+        "orr	r8, r12, r8, lsl #8\n\t"
+        "orr	r9, lr, r9, lsl #8\n\t"
+        /* s[4] <<< 18 */
+        "lsr	r12, r11, #14\n\t"
+        "lsr	lr, r10, #14\n\t"
+        "orr	r10, r12, r10, lsl #18\n\t"
+        "orr	r11, lr, r11, lsl #18\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [sp, #88]\n\t"
+        "str	lr, [sp, #92]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [sp, #96]\n\t"
+        "str	lr, [sp, #100]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [sp, #104]\n\t"
+        "str	lr, [sp, #108]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [sp, #112]\n\t"
+        "str	lr, [sp, #116]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [sp, #80]\n\t"
+        "str	lr, [sp, #84]\n\t"
+        /* Row 3 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #32]\n\t"
+        "ldr	r3, [%[state], #36]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #40]\n\t"
+        "ldr	r5, [%[state], #44]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #40]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #88]\n\t"
+        "ldr	r7, [%[state], #92]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #136]\n\t"
+        "ldr	r9, [%[state], #140]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #136]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #184]\n\t"
+        "ldr	r11, [%[state], #188]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #184]\n\t"
+#endif
+        /* s[0] <<< 27 */
+        "lsr	r12, r3, #5\n\t"
+        "lsr	lr, r2, #5\n\t"
+        "orr	r2, r12, r2, lsl #27\n\t"
+        "orr	r3, lr, r3, lsl #27\n\t"
+        /* s[1] <<< 36 */
+        "mov	lr, r4\n\t"
+        "lsr	r12, r5, #28\n\t"
+        "lsr	r4, r4, #28\n\t"
+        "orr	r4, r4, r5, lsl #4\n\t"
+        "orr	r5, r12, lr, lsl #4\n\t"
+        /* s[2] <<< 10 */
+        "lsr	r12, r7, #22\n\t"
+        "lsr	lr, r6, #22\n\t"
+        "orr	r6, r12, r6, lsl #10\n\t"
+        "orr	r7, lr, r7, lsl #10\n\t"
+        /* s[3] <<< 15 */
+        "lsr	r12, r9, #17\n\t"
+        "lsr	lr, r8, #17\n\t"
+        "orr	r8, r12, r8, lsl #15\n\t"
+        "orr	r9, lr, r9, lsl #15\n\t"
+        /* s[4] <<< 56 */
+        "mov	lr, r10\n\t"
+        "lsr	r12, r11, #8\n\t"
+        "lsr	r10, r10, #8\n\t"
+        "orr	r10, r10, r11, lsl #24\n\t"
+        "orr	r11, r12, lr, lsl #24\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [sp, #128]\n\t"
+        "str	lr, [sp, #132]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [sp, #136]\n\t"
+        "str	lr, [sp, #140]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [sp, #144]\n\t"
+        "str	lr, [sp, #148]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [sp, #152]\n\t"
+        "str	lr, [sp, #156]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [sp, #120]\n\t"
+        "str	lr, [sp, #124]\n\t"
+        /* Row 4 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #16]\n\t"
+        "ldr	r3, [%[state], #20]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #64]\n\t"
+        "ldr	r5, [%[state], #68]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [%[state], #112]\n\t"
+        "ldr	r7, [%[state], #116]\n\t"
+#else
+        "ldrd	r6, r7, [%[state], #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [%[state], #120]\n\t"
+        "ldr	r9, [%[state], #124]\n\t"
+#else
+        "ldrd	r8, r9, [%[state], #120]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [%[state], #168]\n\t"
+        "ldr	r11, [%[state], #172]\n\t"
+#else
+        "ldrd	r10, r11, [%[state], #168]\n\t"
+#endif
+        /* s[0] <<< 62 */
+        "mov	lr, r2\n\t"
+        "lsr	r12, r3, #2\n\t"
+        "lsr	r2, r2, #2\n\t"
+        "orr	r2, r2, r3, lsl #30\n\t"
+        "orr	r3, r12, lr, lsl #30\n\t"
+        /* s[1] <<< 55 */
+        "mov	lr, r4\n\t"
+        "lsr	r12, r5, #9\n\t"
+        "lsr	r4, r4, #9\n\t"
+        "orr	r4, r4, r5, lsl #23\n\t"
+        "orr	r5, r12, lr, lsl #23\n\t"
+        /* s[2] <<< 39 */
+        "mov	lr, r6\n\t"
+        "lsr	r12, r7, #25\n\t"
+        "lsr	r6, r6, #25\n\t"
+        "orr	r6, r6, r7, lsl #7\n\t"
+        "orr	r7, r12, lr, lsl #7\n\t"
+        /* s[3] <<< 41 */
+        "mov	lr, r8\n\t"
+        "lsr	r12, r9, #23\n\t"
+        "lsr	r8, r8, #23\n\t"
+        "orr	r8, r8, r9, lsl #9\n\t"
+        "orr	r9, r12, lr, lsl #9\n\t"
+        /* s[4] <<< 2 */
+        "lsr	r12, r11, #30\n\t"
+        "lsr	lr, r10, #30\n\t"
+        "orr	r10, r12, r10, lsl #2\n\t"
+        "orr	r11, lr, r11, lsl #2\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [sp, #168]\n\t"
+        "str	lr, [sp, #172]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [sp, #176]\n\t"
+        "str	lr, [sp, #180]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [sp, #184]\n\t"
+        "str	lr, [sp, #188]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [sp, #192]\n\t"
+        "str	lr, [sp, #196]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [sp, #160]\n\t"
+        "str	lr, [sp, #164]\n\t"
+        /* Round odd */
+        /* Calc b[4] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #32]\n\t"
+        "ldr	r5, [sp, #36]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #72]\n\t"
+        "ldr	r7, [sp, #76]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #112]\n\t"
+        "ldr	r9, [sp, #116]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #152]\n\t"
+        "ldr	r11, [sp, #156]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #152]\n\t"
+#endif
+        "ldr	r12, [sp, #192]\n\t"
+        "ldr	lr, [sp, #196]\n\t"
+        "eor	r2, r4, r6\n\t"
+        "eor	r3, r5, r7\n\t"
+        "eor	r2, r2, r8\n\t"
+        "eor	r3, r3, r9\n\t"
+        "eor	r2, r2, r10\n\t"
+        "eor	r3, r3, r11\n\t"
+        "eor	r2, r2, r12\n\t"
+        "eor	r3, r3, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r2, [%[state], #32]\n\t"
+        "str	r3, [%[state], #36]\n\t"
+#else
+        "strd	r2, r3, [%[state], #32]\n\t"
+#endif
+        /* Calc b[1] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #8]\n\t"
+        "ldr	r5, [sp, #12]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #48]\n\t"
+        "ldr	r7, [sp, #52]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #88]\n\t"
+        "ldr	r9, [sp, #92]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #128]\n\t"
+        "ldr	r11, [sp, #132]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #128]\n\t"
+#endif
+        "ldr	r12, [sp, #168]\n\t"
+        "ldr	lr, [sp, #172]\n\t"
+        "eor	r4, r4, r6\n\t"
+        "eor	r5, r5, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r4, r4, r10\n\t"
+        "eor	r5, r5, r11\n\t"
+        "eor	r4, r4, r12\n\t"
+        "eor	r5, r5, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [%[state], #8]\n\t"
+        "str	r5, [%[state], #12]\n\t"
+#else
+        "strd	r4, r5, [%[state], #8]\n\t"
+#endif
+        /* Calc t[0] */
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* Calc b[0] and XOR t[0] into s[x*5+0] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r4, r5}\n\t"
+#else
+        "ldrd	r4, r5, [sp]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #40]\n\t"
+        "ldr	r7, [sp, #44]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #40]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #80]\n\t"
+        "ldr	r9, [sp, #84]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #80]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #120]\n\t"
+        "ldr	r11, [sp, #124]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #120]\n\t"
+#endif
+        "eor	r12, r4, r6\n\t"
+        "eor	lr, r5, r7\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "stm	sp, {r4, r5}\n\t"
+#else
+        "strd	r4, r5, [sp]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #40]\n\t"
+        "str	r7, [sp, #44]\n\t"
+#else
+        "strd	r6, r7, [sp, #40]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [sp, #80]\n\t"
+        "str	r9, [sp, #84]\n\t"
+#else
+        "strd	r8, r9, [sp, #80]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #120]\n\t"
+        "str	r11, [sp, #124]\n\t"
+#else
+        "strd	r10, r11, [sp, #120]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #160]\n\t"
+        "ldr	r11, [sp, #164]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #160]\n\t"
+#endif
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #160]\n\t"
+        "str	r11, [sp, #164]\n\t"
+#else
+        "strd	r10, r11, [sp, #160]\n\t"
+#endif
+        "str	r12, [%[state]]\n\t"
+        "str	lr, [%[state], #4]\n\t"
+        /* Calc b[3] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #24]\n\t"
+        "ldr	r5, [sp, #28]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #64]\n\t"
+        "ldr	r7, [sp, #68]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #104]\n\t"
+        "ldr	r9, [sp, #108]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #144]\n\t"
+        "ldr	r11, [sp, #148]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #144]\n\t"
+#endif
+        "ldr	r12, [sp, #184]\n\t"
+        "ldr	lr, [sp, #188]\n\t"
+        "eor	r4, r4, r6\n\t"
+        "eor	r5, r5, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r4, r4, r10\n\t"
+        "eor	r5, r5, r11\n\t"
+        "eor	r4, r4, r12\n\t"
+        "eor	r5, r5, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [%[state], #24]\n\t"
+        "str	r5, [%[state], #28]\n\t"
+#else
+        "strd	r4, r5, [%[state], #24]\n\t"
+#endif
+        /* Calc t[2] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #8]\n\t"
+        "ldr	r3, [%[state], #12]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #8]\n\t"
+#endif
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* Calc b[2] and XOR t[2] into s[x*5+2] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #16]\n\t"
+        "ldr	r5, [sp, #20]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #56]\n\t"
+        "ldr	r7, [sp, #60]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #96]\n\t"
+        "ldr	r9, [sp, #100]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #96]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #136]\n\t"
+        "ldr	r11, [sp, #140]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #136]\n\t"
+#endif
+        "eor	r12, r4, r6\n\t"
+        "eor	lr, r5, r7\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #16]\n\t"
+        "str	r5, [sp, #20]\n\t"
+#else
+        "strd	r4, r5, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #56]\n\t"
+        "str	r7, [sp, #60]\n\t"
+#else
+        "strd	r6, r7, [sp, #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [sp, #96]\n\t"
+        "str	r9, [sp, #100]\n\t"
+#else
+        "strd	r8, r9, [sp, #96]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #136]\n\t"
+        "str	r11, [sp, #140]\n\t"
+#else
+        "strd	r10, r11, [sp, #136]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #176]\n\t"
+        "ldr	r11, [sp, #180]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #176]\n\t"
+#endif
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #176]\n\t"
+        "str	r11, [sp, #180]\n\t"
+#else
+        "strd	r10, r11, [sp, #176]\n\t"
+#endif
+        "str	r12, [%[state], #16]\n\t"
+        "str	lr, [%[state], #20]\n\t"
+        /* Calc t[1] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	r0, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [%[state]]\n\t"
+#endif
+        "eor	r2, r2, lr, lsr #31\n\t"
+        "eor	r3, r3, r12, lsr #31\n\t"
+        "eor	r2, r2, r12, lsl #1\n\t"
+        "eor	r3, r3, lr, lsl #1\n\t"
+        /* XOR t[1] into s[x*5+1] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #8]\n\t"
+        "ldr	r5, [sp, #12]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #48]\n\t"
+        "ldr	r7, [sp, #52]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #88]\n\t"
+        "ldr	r9, [sp, #92]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #128]\n\t"
+        "ldr	r11, [sp, #132]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #128]\n\t"
+#endif
+        "ldr	r12, [sp, #168]\n\t"
+        "ldr	lr, [sp, #172]\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #8]\n\t"
+        "str	r5, [sp, #12]\n\t"
+#else
+        "strd	r4, r5, [sp, #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #48]\n\t"
+        "str	r7, [sp, #52]\n\t"
+#else
+        "strd	r6, r7, [sp, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [sp, #88]\n\t"
+        "str	r9, [sp, #92]\n\t"
+#else
+        "strd	r8, r9, [sp, #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #128]\n\t"
+        "str	r11, [sp, #132]\n\t"
+#else
+        "strd	r10, r11, [sp, #128]\n\t"
+#endif
+        "str	r12, [sp, #168]\n\t"
+        "str	lr, [sp, #172]\n\t"
+        /* Calc t[3] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #16]\n\t"
+        "ldr	r3, [%[state], #20]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [%[state], #32]\n\t"
+        "ldr	r5, [%[state], #36]\n\t"
+#else
+        "ldrd	r4, r5, [%[state], #32]\n\t"
+#endif
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* XOR t[3] into s[x*5+3] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #24]\n\t"
+        "ldr	r5, [sp, #28]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #64]\n\t"
+        "ldr	r7, [sp, #68]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #104]\n\t"
+        "ldr	r9, [sp, #108]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #144]\n\t"
+        "ldr	r11, [sp, #148]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #144]\n\t"
+#endif
+        "ldr	r12, [sp, #184]\n\t"
+        "ldr	lr, [sp, #188]\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #24]\n\t"
+        "str	r5, [sp, #28]\n\t"
+#else
+        "strd	r4, r5, [sp, #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #64]\n\t"
+        "str	r7, [sp, #68]\n\t"
+#else
+        "strd	r6, r7, [sp, #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [sp, #104]\n\t"
+        "str	r9, [sp, #108]\n\t"
+#else
+        "strd	r8, r9, [sp, #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #144]\n\t"
+        "str	r11, [sp, #148]\n\t"
+#else
+        "strd	r10, r11, [sp, #144]\n\t"
+#endif
+        "str	r12, [sp, #184]\n\t"
+        "str	lr, [sp, #188]\n\t"
+        /* Calc t[4] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [%[state], #24]\n\t"
+        "ldr	r3, [%[state], #28]\n\t"
+#else
+        "ldrd	r2, r3, [%[state], #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	r0, {r4, r5}\n\t"
+#else
+        "ldrd	r4, r5, [%[state]]\n\t"
+#endif
+        "eor	r2, r2, r5, lsr #31\n\t"
+        "eor	r3, r3, r4, lsr #31\n\t"
+        "eor	r2, r2, r4, lsl #1\n\t"
+        "eor	r3, r3, r5, lsl #1\n\t"
+        /* XOR t[4] into s[x*5+4] */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #32]\n\t"
+        "ldr	r5, [sp, #36]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #72]\n\t"
+        "ldr	r7, [sp, #76]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #112]\n\t"
+        "ldr	r9, [sp, #116]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #152]\n\t"
+        "ldr	r11, [sp, #156]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #152]\n\t"
+#endif
+        "ldr	r12, [sp, #192]\n\t"
+        "ldr	lr, [sp, #196]\n\t"
+        "eor	r4, r4, r2\n\t"
+        "eor	r5, r5, r3\n\t"
+        "eor	r6, r6, r2\n\t"
+        "eor	r7, r7, r3\n\t"
+        "eor	r8, r8, r2\n\t"
+        "eor	r9, r9, r3\n\t"
+        "eor	r10, r10, r2\n\t"
+        "eor	r11, r11, r3\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #32]\n\t"
+        "str	r5, [sp, #36]\n\t"
+#else
+        "strd	r4, r5, [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #72]\n\t"
+        "str	r7, [sp, #76]\n\t"
+#else
+        "strd	r6, r7, [sp, #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r8, [sp, #112]\n\t"
+        "str	r9, [sp, #116]\n\t"
+#else
+        "strd	r8, r9, [sp, #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r10, [sp, #152]\n\t"
+        "str	r11, [sp, #156]\n\t"
+#else
+        "strd	r10, r11, [sp, #152]\n\t"
+#endif
+        "str	r12, [sp, #192]\n\t"
+        "str	lr, [sp, #196]\n\t"
+        /* Row Mix */
+        /* Row 0 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #48]\n\t"
+        "ldr	r5, [sp, #52]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #96]\n\t"
+        "ldr	r7, [sp, #100]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #96]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #144]\n\t"
+        "ldr	r9, [sp, #148]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #144]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #192]\n\t"
+        "ldr	r11, [sp, #196]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #192]\n\t"
+#endif
+        /* s[1] <<< 44 */
+        "mov	lr, r4\n\t"
+        "lsr	r12, r5, #20\n\t"
+        "lsr	r4, r4, #20\n\t"
+        "orr	r4, r4, r5, lsl #12\n\t"
+        "orr	r5, r12, lr, lsl #12\n\t"
+        /* s[2] <<< 43 */
+        "mov	lr, r6\n\t"
+        "lsr	r12, r7, #21\n\t"
+        "lsr	r6, r6, #21\n\t"
+        "orr	r6, r6, r7, lsl #11\n\t"
+        "orr	r7, r12, lr, lsl #11\n\t"
+        /* s[3] <<< 21 */
+        "lsr	r12, r9, #11\n\t"
+        "lsr	lr, r8, #11\n\t"
+        "orr	r8, r12, r8, lsl #21\n\t"
+        "orr	r9, lr, r9, lsl #21\n\t"
+        /* s[4] <<< 14 */
+        "lsr	r12, r11, #18\n\t"
+        "lsr	lr, r10, #18\n\t"
+        "orr	r10, r12, r10, lsl #14\n\t"
+        "orr	r11, lr, r11, lsl #14\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [%[state], #8]\n\t"
+        "str	lr, [%[state], #12]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [%[state], #16]\n\t"
+        "str	lr, [%[state], #20]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [%[state], #24]\n\t"
+        "str	lr, [%[state], #28]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [%[state], #32]\n\t"
+        "str	lr, [%[state], #36]\n\t"
+        /* Get constant */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	r1, {r10, r11}\n\t"
+#else
+        "ldrd	r10, r11, [r1]\n\t"
+#endif
+        "add	r1, r1, #8\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        /* XOR in constant */
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [%[state]]\n\t"
+        "str	lr, [%[state], #4]\n\t"
+        /* Row 1 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #24]\n\t"
+        "ldr	r3, [sp, #28]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #24]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #72]\n\t"
+        "ldr	r5, [sp, #76]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #72]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #80]\n\t"
+        "ldr	r7, [sp, #84]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #80]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #128]\n\t"
+        "ldr	r9, [sp, #132]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #128]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #176]\n\t"
+        "ldr	r11, [sp, #180]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #176]\n\t"
+#endif
+        /* s[0] <<< 28 */
+        "lsr	r12, r3, #4\n\t"
+        "lsr	lr, r2, #4\n\t"
+        "orr	r2, r12, r2, lsl #28\n\t"
+        "orr	r3, lr, r3, lsl #28\n\t"
+        /* s[1] <<< 20 */
+        "lsr	r12, r5, #12\n\t"
+        "lsr	lr, r4, #12\n\t"
+        "orr	r4, r12, r4, lsl #20\n\t"
+        "orr	r5, lr, r5, lsl #20\n\t"
+        /* s[2] <<< 3 */
+        "lsr	r12, r7, #29\n\t"
+        "lsr	lr, r6, #29\n\t"
+        "orr	r6, r12, r6, lsl #3\n\t"
+        "orr	r7, lr, r7, lsl #3\n\t"
+        /* s[3] <<< 45 */
+        "mov	lr, r8\n\t"
+        "lsr	r12, r9, #19\n\t"
+        "lsr	r8, r8, #19\n\t"
+        "orr	r8, r8, r9, lsl #13\n\t"
+        "orr	r9, r12, lr, lsl #13\n\t"
+        /* s[4] <<< 61 */
+        "mov	lr, r10\n\t"
+        "lsr	r12, r11, #3\n\t"
+        "lsr	r10, r10, #3\n\t"
+        "orr	r10, r10, r11, lsl #29\n\t"
+        "orr	r11, r12, lr, lsl #29\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [%[state], #48]\n\t"
+        "str	lr, [%[state], #52]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [%[state], #56]\n\t"
+        "str	lr, [%[state], #60]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [%[state], #64]\n\t"
+        "str	lr, [%[state], #68]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [%[state], #72]\n\t"
+        "str	lr, [%[state], #76]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [%[state], #40]\n\t"
+        "str	lr, [%[state], #44]\n\t"
+        /* Row 2 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #8]\n\t"
+        "ldr	r3, [sp, #12]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #8]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #56]\n\t"
+        "ldr	r5, [sp, #60]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #104]\n\t"
+        "ldr	r7, [sp, #108]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #104]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #152]\n\t"
+        "ldr	r9, [sp, #156]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #152]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #160]\n\t"
+        "ldr	r11, [sp, #164]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #160]\n\t"
+#endif
+        /* s[0] <<< 1 */
+        "lsr	r12, r3, #31\n\t"
+        "lsr	lr, r2, #31\n\t"
+        "orr	r2, r12, r2, lsl #1\n\t"
+        "orr	r3, lr, r3, lsl #1\n\t"
+        /* s[1] <<< 6 */
+        "lsr	r12, r5, #26\n\t"
+        "lsr	lr, r4, #26\n\t"
+        "orr	r4, r12, r4, lsl #6\n\t"
+        "orr	r5, lr, r5, lsl #6\n\t"
+        /* s[2] <<< 25 */
+        "lsr	r12, r7, #7\n\t"
+        "lsr	lr, r6, #7\n\t"
+        "orr	r6, r12, r6, lsl #25\n\t"
+        "orr	r7, lr, r7, lsl #25\n\t"
+        /* s[3] <<< 8 */
+        "lsr	r12, r9, #24\n\t"
+        "lsr	lr, r8, #24\n\t"
+        "orr	r8, r12, r8, lsl #8\n\t"
+        "orr	r9, lr, r9, lsl #8\n\t"
+        /* s[4] <<< 18 */
+        "lsr	r12, r11, #14\n\t"
+        "lsr	lr, r10, #14\n\t"
+        "orr	r10, r12, r10, lsl #18\n\t"
+        "orr	r11, lr, r11, lsl #18\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [%[state], #88]\n\t"
+        "str	lr, [%[state], #92]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [%[state], #96]\n\t"
+        "str	lr, [%[state], #100]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [%[state], #104]\n\t"
+        "str	lr, [%[state], #108]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [%[state], #112]\n\t"
+        "str	lr, [%[state], #116]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [%[state], #80]\n\t"
+        "str	lr, [%[state], #84]\n\t"
+        /* Row 3 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #32]\n\t"
+        "ldr	r3, [sp, #36]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #40]\n\t"
+        "ldr	r5, [sp, #44]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #40]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #88]\n\t"
+        "ldr	r7, [sp, #92]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #88]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #136]\n\t"
+        "ldr	r9, [sp, #140]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #136]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #184]\n\t"
+        "ldr	r11, [sp, #188]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #184]\n\t"
+#endif
+        /* s[0] <<< 27 */
+        "lsr	r12, r3, #5\n\t"
+        "lsr	lr, r2, #5\n\t"
+        "orr	r2, r12, r2, lsl #27\n\t"
+        "orr	r3, lr, r3, lsl #27\n\t"
+        /* s[1] <<< 36 */
+        "mov	lr, r4\n\t"
+        "lsr	r12, r5, #28\n\t"
+        "lsr	r4, r4, #28\n\t"
+        "orr	r4, r4, r5, lsl #4\n\t"
+        "orr	r5, r12, lr, lsl #4\n\t"
+        /* s[2] <<< 10 */
+        "lsr	r12, r7, #22\n\t"
+        "lsr	lr, r6, #22\n\t"
+        "orr	r6, r12, r6, lsl #10\n\t"
+        "orr	r7, lr, r7, lsl #10\n\t"
+        /* s[3] <<< 15 */
+        "lsr	r12, r9, #17\n\t"
+        "lsr	lr, r8, #17\n\t"
+        "orr	r8, r12, r8, lsl #15\n\t"
+        "orr	r9, lr, r9, lsl #15\n\t"
+        /* s[4] <<< 56 */
+        "mov	lr, r10\n\t"
+        "lsr	r12, r11, #8\n\t"
+        "lsr	r10, r10, #8\n\t"
+        "orr	r10, r10, r11, lsl #24\n\t"
+        "orr	r11, r12, lr, lsl #24\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [%[state], #128]\n\t"
+        "str	lr, [%[state], #132]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [%[state], #136]\n\t"
+        "str	lr, [%[state], #140]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [%[state], #144]\n\t"
+        "str	lr, [%[state], #148]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [%[state], #152]\n\t"
+        "str	lr, [%[state], #156]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [%[state], #120]\n\t"
+        "str	lr, [%[state], #124]\n\t"
+        /* Row 4 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r2, [sp, #16]\n\t"
+        "ldr	r3, [sp, #20]\n\t"
+#else
+        "ldrd	r2, r3, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [sp, #64]\n\t"
+        "ldr	r5, [sp, #68]\n\t"
+#else
+        "ldrd	r4, r5, [sp, #64]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [sp, #112]\n\t"
+        "ldr	r7, [sp, #116]\n\t"
+#else
+        "ldrd	r6, r7, [sp, #112]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r8, [sp, #120]\n\t"
+        "ldr	r9, [sp, #124]\n\t"
+#else
+        "ldrd	r8, r9, [sp, #120]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r10, [sp, #168]\n\t"
+        "ldr	r11, [sp, #172]\n\t"
+#else
+        "ldrd	r10, r11, [sp, #168]\n\t"
+#endif
+        /* s[0] <<< 62 */
+        "mov	lr, r2\n\t"
+        "lsr	r12, r3, #2\n\t"
+        "lsr	r2, r2, #2\n\t"
+        "orr	r2, r2, r3, lsl #30\n\t"
+        "orr	r3, r12, lr, lsl #30\n\t"
+        /* s[1] <<< 55 */
+        "mov	lr, r4\n\t"
+        "lsr	r12, r5, #9\n\t"
+        "lsr	r4, r4, #9\n\t"
+        "orr	r4, r4, r5, lsl #23\n\t"
+        "orr	r5, r12, lr, lsl #23\n\t"
+        /* s[2] <<< 39 */
+        "mov	lr, r6\n\t"
+        "lsr	r12, r7, #25\n\t"
+        "lsr	r6, r6, #25\n\t"
+        "orr	r6, r6, r7, lsl #7\n\t"
+        "orr	r7, r12, lr, lsl #7\n\t"
+        /* s[3] <<< 41 */
+        "mov	lr, r8\n\t"
+        "lsr	r12, r9, #23\n\t"
+        "lsr	r8, r8, #23\n\t"
+        "orr	r8, r8, r9, lsl #9\n\t"
+        "orr	r9, r12, lr, lsl #9\n\t"
+        /* s[4] <<< 2 */
+        "lsr	r12, r11, #30\n\t"
+        "lsr	lr, r10, #30\n\t"
+        "orr	r10, r12, r10, lsl #2\n\t"
+        "orr	r11, lr, r11, lsl #2\n\t"
+        "bic	r12, r8, r6\n\t"
+        "bic	lr, r9, r7\n\t"
+        "eor	r12, r12, r4\n\t"
+        "eor	lr, lr, r5\n\t"
+        "str	r12, [%[state], #168]\n\t"
+        "str	lr, [%[state], #172]\n\t"
+        "bic	r12, r10, r8\n\t"
+        "bic	lr, r11, r9\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "str	r12, [%[state], #176]\n\t"
+        "str	lr, [%[state], #180]\n\t"
+        "bic	r12, r2, r10\n\t"
+        "bic	lr, r3, r11\n\t"
+        "eor	r12, r12, r8\n\t"
+        "eor	lr, lr, r9\n\t"
+        "str	r12, [%[state], #184]\n\t"
+        "str	lr, [%[state], #188]\n\t"
+        "bic	r12, r4, r2\n\t"
+        "bic	lr, r5, r3\n\t"
+        "eor	r12, r12, r10\n\t"
+        "eor	lr, lr, r11\n\t"
+        "str	r12, [%[state], #192]\n\t"
+        "str	lr, [%[state], #196]\n\t"
+        "bic	r12, r6, r4\n\t"
+        "bic	lr, r7, r5\n\t"
+        "eor	r12, r12, r2\n\t"
+        "eor	lr, lr, r3\n\t"
+        "str	r12, [%[state], #160]\n\t"
+        "str	lr, [%[state], #164]\n\t"
+        "ldr	r2, [sp, #200]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "bne	L_sha3_arm32_begin_%=\n\t"
+        "add	sp, sp, #0xcc\n\t"
+        : [state] "+r" (state), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
+        :
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* WOLFSSL_SHA3 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
index f06ae9284..4c23449ec 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+ *   ruby ./sha2/sha512.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
  */
 
 #ifdef HAVE_CONFIG_H
@@ -30,9 +31,9 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #ifdef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.type	L_SHA512_transform_len_k, %object
@@ -209,8 +210,7 @@ Transform_Sha512_Len:
 	adr	r3, L_SHA512_transform_len_k
 	# Copy digest to add in at end
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -684,16 +684,14 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [sp]
-	ldr	r9, [sp, #4]
+	ldm	sp, {r8, r9}
 #else
 	ldrd	r8, r9, [sp]
 #endif
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r3]
-	ldr	r7, [r3, #4]
+	ldm	r3, {r6, r7}
 #else
 	ldrd	r6, r7, [r3]
 #endif
@@ -716,8 +714,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -752,8 +749,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -814,8 +810,7 @@ L_SHA512_transform_len_start:
 	eor	r7, r7, r9
 	eor	r6, r6, r8
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -830,8 +825,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -857,16 +851,14 @@ L_SHA512_transform_len_start:
 	eor	r7, r7, r9
 	eor	r6, r6, r8
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -1012,8 +1004,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -1301,8 +1292,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Calc new W[2]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -1462,8 +1452,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -1484,8 +1473,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -1634,8 +1622,7 @@ L_SHA512_transform_len_start:
 #endif
 	# Round 4
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1670,8 +1657,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1930,8 +1916,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -2190,8 +2175,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -2416,8 +2400,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2426,8 +2409,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -2456,8 +2438,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2486,8 +2467,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -2520,8 +2500,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2542,8 +2521,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -2554,16 +2532,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -2598,8 +2574,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [sp, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [sp]
-	ldr	r9, [sp, #4]
+	ldm	sp, {r8, r9}
 #else
 	ldrd	r8, r9, [sp]
 #endif
@@ -2748,8 +2723,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2784,8 +2758,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -3044,8 +3017,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -3494,8 +3466,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -3516,8 +3487,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -3666,8 +3636,7 @@ L_SHA512_transform_len_start:
 #endif
 	# Round 12
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -3702,8 +3671,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -3962,8 +3930,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -4222,8 +4189,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -4448,8 +4414,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4458,8 +4423,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -4488,8 +4452,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4518,8 +4481,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -4552,8 +4514,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4574,8 +4535,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -4586,16 +4546,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -4646,8 +4604,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [sp, #120]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -4751,16 +4708,14 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [sp]
-	ldr	r9, [sp, #4]
+	ldm	sp, {r8, r9}
 #else
 	ldrd	r8, r9, [sp]
 #endif
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r3]
-	ldr	r7, [r3, #4]
+	ldm	r3, {r6, r7}
 #else
 	ldrd	r6, r7, [r3]
 #endif
@@ -4783,8 +4738,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4819,8 +4773,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -5000,8 +4953,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -5292,8 +5244,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -5314,8 +5265,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -5385,8 +5335,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Round 4
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -5421,8 +5370,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -5602,8 +5550,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -5783,8 +5730,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -5930,8 +5876,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -5940,8 +5885,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -5970,8 +5914,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6000,8 +5943,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -6034,8 +5976,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6056,8 +5997,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -6068,16 +6008,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -6183,8 +6121,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6219,8 +6156,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -6400,8 +6336,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -6692,8 +6627,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -6714,8 +6648,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -6785,8 +6718,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Round 12
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6821,8 +6753,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7002,8 +6933,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -7183,8 +7113,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -7330,8 +7259,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7340,8 +7268,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -7370,8 +7297,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7400,8 +7326,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -7434,8 +7359,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7456,8 +7380,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -7468,16 +7391,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -7485,8 +7406,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Add in digest from start
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7513,8 +7433,7 @@ L_SHA512_transform_len_start:
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -9365,8 +9284,8 @@ L_SHA512_transform_neon_len_start:
 	bx	lr
 	.size	Transform_Sha512_Len,.-Transform_Sha512_Len
 #endif /* !WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && !__thumb__ */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
index 32c54d102..007c81ff7 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,7 +21,8 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
+ *   ruby ./sha2/sha512.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
  */
 
 #ifdef HAVE_CONFIG_H
@@ -31,7 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -40,9 +41,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -51,11 +49,11 @@
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_len_k[] = {
+static const word64 L_SHA512_transform_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -98,20 +96,20 @@ static const uint64_t L_SHA512_transform_len_k[] = {
     0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL,
 };
 
-void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len);
+void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p);
 void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_len_k;
+    register word64* L_SHA512_transform_len_k_c asm ("r3") =
+        (word64*)&L_SHA512_transform_len_k;
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
         /* Copy digest to add in at end */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -587,16 +585,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [sp]\n\t"
-        "ldr	r9, [sp, #4]\n\t"
+        "ldm	sp, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [sp]\n\t"
 #endif
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [r3]\n\t"
-        "ldr	r7, [r3, #4]\n\t"
+        "ldm	r3, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [r3]\n\t"
 #endif
@@ -619,8 +615,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -655,8 +650,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -717,8 +711,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r7, r7, r9\n\t"
         "eor	r6, r6, r8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -733,8 +726,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -760,16 +752,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r7, r7, r9\n\t"
         "eor	r6, r6, r8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -915,8 +905,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -1204,8 +1193,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Calc new W[2] */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -1365,8 +1353,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -1387,8 +1374,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -1537,8 +1523,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #endif
         /* Round 4 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -1573,8 +1558,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -1833,8 +1817,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -2093,8 +2076,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -2319,8 +2301,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2329,8 +2310,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2359,8 +2339,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2389,8 +2368,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2423,8 +2401,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2445,8 +2422,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2457,16 +2433,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -2501,8 +2475,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [sp, #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [sp]\n\t"
-        "ldr	r9, [sp, #4]\n\t"
+        "ldm	sp, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [sp]\n\t"
 #endif
@@ -2651,8 +2624,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2687,8 +2659,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -2947,8 +2918,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -3397,8 +3367,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -3419,8 +3388,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -3569,8 +3537,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #endif
         /* Round 12 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -3605,8 +3572,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -3865,8 +3831,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -4125,8 +4090,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -4351,8 +4315,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4361,8 +4324,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4391,8 +4353,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4421,8 +4382,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4455,8 +4415,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4477,8 +4436,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4489,16 +4447,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -4549,8 +4505,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [sp, #120]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -4654,16 +4609,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [sp]\n\t"
-        "ldr	r9, [sp, #4]\n\t"
+        "ldm	sp, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [sp]\n\t"
 #endif
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [r3]\n\t"
-        "ldr	r7, [r3, #4]\n\t"
+        "ldm	r3, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [r3]\n\t"
 #endif
@@ -4686,8 +4639,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4722,8 +4674,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -4903,8 +4854,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -5195,8 +5145,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -5217,8 +5166,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -5288,8 +5236,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Round 4 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5324,8 +5271,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5505,8 +5451,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -5686,8 +5631,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -5833,8 +5777,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5843,8 +5786,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5873,8 +5815,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5903,8 +5844,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5937,8 +5877,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5959,8 +5898,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5971,16 +5909,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -6086,8 +6022,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -6122,8 +6057,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -6303,8 +6237,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -6595,8 +6528,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -6617,8 +6549,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -6688,8 +6619,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Round 12 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -6724,8 +6654,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -6905,8 +6834,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -7086,8 +7014,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -7233,8 +7160,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7243,8 +7169,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7273,8 +7198,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7303,8 +7227,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7337,8 +7260,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7359,8 +7281,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7371,16 +7292,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -7388,8 +7307,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Add in digest from start */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7416,8 +7334,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7601,9 +7518,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "bne	L_SHA512_transform_len_begin_%=\n\t"
         "eor	r0, r0, r0\n\t"
         "add	sp, sp, #0xc0\n\t"
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
+        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -7611,7 +7530,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifndef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_neon_len_k[] = {
+static const word64 L_SHA512_transform_neon_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -7654,13 +7573,14 @@ static const uint64_t L_SHA512_transform_neon_len_k[] = {
     0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL,
 };
 
-void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len);
+void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p);
 void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 {
     register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_neon_len_k;
+    register word64* L_SHA512_transform_neon_len_k_c asm ("r3") =
+        (word64*)&L_SHA512_transform_neon_len_k;
 
     __asm__ __volatile__ (
         /* Load digest into working vars */
@@ -9151,17 +9071,18 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "subs	%[len], %[len], #0x80\n\t"
         "sub	r3, r3, #0x280\n\t"
         "bne	L_SHA512_transform_neon_len_begin_%=\n\t"
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c)
+        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c)
         :
-        : "memory", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15", "cc"
+        : "memory", "cc", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7",
+            "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9",
+            "q10", "q11", "q12", "q13", "q14", "q15"
     );
 }
 
 #endif /* !WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c
index 455d30bba..a36af7ad8 100644
--- a/wolfcrypt/src/port/arm/armv8-aes.c
+++ b/wolfcrypt/src/port/arm/armv8-aes.c
@@ -1,6 +1,6 @@
 /* armv8-aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,14 +35,40 @@
 
 #if !defined(NO_AES) && defined(WOLFSSL_ARMASM)
 
-#if defined(HAVE_FIPS) && !defined(FIPS_NO_WRAPPERS)
-#define FIPS_NO_WRAPPERS
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+
+/* Enable Hardware Callback */
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] =
+                                             { 0x1a2b3c4d, 0x00000002 };
+    int wolfCrypt_FIPS_AES_sanity(void)
+    {
+        return 0;
+    }
 #endif
 
 #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
 
-#include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -60,8 +86,8 @@ static const byte rcon[] = {
     /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };
 
-/* get table value from hardware */
 #ifdef __aarch64__
+/* get table value from hardware */
     #define SBOX(x)                      \
         do {                             \
             __asm__ volatile (           \
@@ -122,7 +148,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
     int i;
 
     /* in network byte order so start at end and work back */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -149,6 +175,115 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
 
 #endif /* HAVE_AESGCM */
 
+#if defined(__aarch64__)
+
+int AES_set_key_AARCH64(const unsigned char *userKey, const int keylen,
+    Aes* aes, int dir)
+{
+    word32 temp;
+    word32* rk = aes->key;
+    unsigned int i = 0;
+
+    XMEMCPY(rk, userKey, keylen);
+
+    switch (keylen) {
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \
+        defined(WOLFSSL_AES_128)
+    case 16:
+        while (1) {
+            temp  = rk[3];
+            SBOX(temp);
+            temp = rotrFixed(temp, 8);
+            rk[4] = rk[0] ^ temp ^ rcon[i];
+            rk[5] = rk[4] ^ rk[1];
+            rk[6] = rk[5] ^ rk[2];
+            rk[7] = rk[6] ^ rk[3];
+            if (++i == 10)
+                break;
+            rk += 4;
+        }
+        break;
+#endif /* 128 */
+
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \
+        defined(WOLFSSL_AES_192)
+    case 24:
+        /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */
+        while (1) {
+            temp  = rk[5];
+            SBOX(temp);
+            temp = rotrFixed(temp, 8);
+            rk[ 6] = rk[ 0] ^ temp ^ rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8)
+                break;
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+        break;
+#endif /* 192 */
+
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \
+        defined(WOLFSSL_AES_256)
+    case 32:
+        while (1) {
+            temp  = rk[7];
+            SBOX(temp);
+            temp = rotrFixed(temp, 8);
+            rk[8] = rk[0] ^ temp ^ rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7)
+                break;
+            temp  = rk[11];
+            SBOX(temp);
+            rk[12] = rk[ 4] ^ temp;
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+        }
+        break;
+#endif /* 256 */
+
+    default:
+        return BAD_FUNC_ARG;
+    }
+
+    if (dir == AES_DECRYPTION) {
+#ifdef HAVE_AES_DECRYPT
+        unsigned int j;
+        rk = aes->key;
+
+        /* invert the order of the round keys: */
+        for (i = 0, j = 4* aes->rounds; i < j; i += 4, j -= 4) {
+            temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+            temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+            temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+            temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+        }
+        /* apply the inverse MixColumn transform to all round keys but the
+           first and the last: */
+        for (i = 1; i < aes->rounds; i++) {
+            rk += 4;
+            IMIX(rk);
+        }
+#else
+    WOLFSSL_MSG("AES Decryption not compiled in");
+    return BAD_FUNC_ARG;
+#endif /* HAVE_AES_DECRYPT */
+    }
+
+    return 0;
+}
+
+#else
+
 /* Similar to wolfSSL software implementation of expanding the AES key.
  * Changed out the locations of where table look ups where made to
  * use hardware instruction. Also altered decryption key to match. */
@@ -175,7 +310,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     }
 #endif
 
-    #ifdef WOLFSSL_AES_COUNTER
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif /* WOLFSSL_AES_COUNTER */
 
@@ -284,6 +420,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     return wc_AesSetIV(aes, iv);
 }
 
+
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
     int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
                         const byte* iv, int dir)
@@ -299,593 +436,528 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
 
+#endif /* __aarch64__ */
 
 #ifdef __aarch64__
 /* AES CCM/GCM use encrypt direct but not decrypt */
 #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
-    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
-    {
-            word32* keyPt = aes->key;
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+    defined(HAVE_AES_CBC)
 
-            /*
-              AESE exor's input with round key
-                   shift rows of exor'ed result
-                   sub bytes for shifted rows
-             */
+void AES_encrypt_AARCH64(const byte* inBlock, byte* outBlock, byte* key, int nr)
+{
+    /*
+      AESE exor's input with round key
+           shift rows of exor'ed result
+           sub bytes for shifted rows
+     */
 
-            __asm__ __volatile__ (
-                "LD1 {v0.16b}, [%[CtrIn]] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
+    __asm__ __volatile__ (
+        "LD1 {v0.16b}, [%[in]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
 
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
 
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
 
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
 
-                "#subtract rounds done so far and see if should continue\n"
-                "MOV w12, %w[R]    \n"
-                "SUB w12, w12, #10 \n"
-                "CBZ w12, 1f       \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
+        "#subtract rounds done so far and see if should continue\n"
+        "MOV w12, %w[nr]    \n"
+        "SUB w12, w12, #10 \n"
+        "CBZ w12, 1f       \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
 
-                "SUB w12, w12, #2 \n"
-                "CBZ w12, 1f      \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
+        "SUB w12, w12, #2 \n"
+        "CBZ w12, 1f      \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
 
-                "#Final AddRoundKey then store result \n"
-                "1: \n"
-                "LD1 {v1.2d}, [%[Key]], #16 \n"
-                "EOR v0.16b, v0.16b, v1.16b  \n"
-                "ST1 {v0.16b}, [%[CtrOut]]   \n"
+        "#Final AddRoundKey then store result \n"
+    "1: \n"
+        "LD1 {v1.2d}, [%[key]], #16 \n"
+        "EOR v0.16b, v0.16b, v1.16b  \n"
+        "ST1 {v0.16b}, [%[out]]   \n"
 
-                :[CtrOut] "=r" (outBlock), "=r" (keyPt), "=r" (aes->rounds),
-                 "=r" (inBlock)
-                :"0" (outBlock), [Key] "1" (keyPt), [R] "2" (aes->rounds),
-                 [CtrIn] "3" (inBlock)
-                : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
-            );
-
-        return 0;
-    }
-#endif /* AES_GCM, AES_CCM, DIRECT or COUNTER */
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-    #ifdef HAVE_AES_DECRYPT
-    static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
-    {
-            word32* keyPt = aes->key;
-
-            /*
-              AESE exor's input with round key
-                   shift rows of exor'ed result
-                   sub bytes for shifted rows
-             */
-
-            __asm__ __volatile__ (
-                "LD1 {v0.16b}, [%[CtrIn]] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-
-                "#subtract rounds done so far and see if should continue\n"
-                "MOV w12, %w[R]    \n"
-                "SUB w12, w12, #10 \n"
-                "CBZ w12, 1f       \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-
-                "SUB w12, w12, #2  \n"
-                "CBZ w12, 1f       \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-
-                "#Final AddRoundKey then store result \n"
-                "1: \n"
-                "LD1 {v1.2d}, [%[Key]], #16 \n"
-                "EOR v0.16b, v0.16b, v1.16b  \n"
-                "ST1 {v0.4s}, [%[CtrOut]]    \n"
-
-                :[CtrOut] "=r" (outBlock), "=r" (keyPt), "=r" (aes->rounds),
-                 "=r" (inBlock)
-                :[Key] "1" (aes->key), "0" (outBlock), [R] "2" (aes->rounds),
-                 [CtrIn] "3" (inBlock)
-                : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
-            );
-
-        return 0;
+        : [key] "+r" (key)
+        : [in] "r" (inBlock), [out] "r" (outBlock), [nr] "r" (nr)
+        : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
+    );
 }
-    #endif /* HAVE_AES_DECRYPT */
+#endif /* AES_GCM, AES_CCM, DIRECT or COUNTER */
+#if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT) || \
+    defined(WOLFSSL_AES_COUNTER)
+#ifdef HAVE_AES_DECRYPT
+void AES_decrypt_AARCH64(const byte* inBlock, byte* outBlock, byte* key, int nr)
+{
+    /*
+      AESE exor's input with round key
+           shift rows of exor'ed result
+           sub bytes for shifted rows
+     */
+
+    __asm__ __volatile__ (
+        "LD1 {v0.16b}, [%[in]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v3.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v4.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v3.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v4.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+
+        "#subtract rounds done so far and see if should continue\n"
+        "MOV w12, %w[nr]    \n"
+        "SUB w12, w12, #10 \n"
+        "CBZ w12, 1f       \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+
+        "SUB w12, w12, #2  \n"
+        "CBZ w12, 1f       \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+
+        "#Final AddRoundKey then store result \n"
+    "1: \n"
+        "LD1 {v1.2d}, [%[key]], #16 \n"
+        "EOR v0.16b, v0.16b, v1.16b  \n"
+        "ST1 {v0.4s}, [%[out]]    \n"
+
+        : [key] "+r" (key)
+        : [in] "r" (inBlock), [out] "r" (outBlock), [nr] "r" (nr)
+        : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
+    );
+}
+#endif /* HAVE_AES_DECRYPT */
 #endif /* DIRECT or COUNTER */
 
 /* AES-CBC */
 #ifdef HAVE_AES_CBC
-    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-    {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+void AES_CBC_encrypt_AARCH64(const byte* in, byte* out, word32 sz, byte* reg,
+    byte* key, int rounds)
+{
+    word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
-        if (aes == NULL || out == NULL || in == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (sz == 0) {
-            return 0;
-        }
-
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
-            return BAD_LENGTH_E;
-        }
-#endif
-
-        /* do as many block size ops as possible */
-        if (numBlocks > 0) {
-            word32* key = aes->key;
-            word32* reg = aes->reg;
-            /*
-            AESE exor's input with round key
-            shift rows of exor'ed result
+    /*
+    AESE exor's input with round key
+    shift rows of exor'ed result
             sub bytes for shifted rows
 
-            note: grouping AESE & AESMC together as pairs reduces latency
-            */
-            switch(aes->rounds) {
+    note: grouping AESE & AESMC together as pairs reduces latency
+    */
+    switch (rounds) {
 #ifdef WOLFSSL_AES_128
-            case 10: /* AES 128 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d}, [%[Key]], #64  \n"
-                "LD1 {v9.2d-v11.2d},[%[Key]], #48  \n"
-                "LD1 {v0.2d}, [%[reg]] \n"
+    case 10: /* AES 128 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v11.2d},[%[key]], #48  \n"
+            "LD1 {v0.2d}, [%[reg]] \n"
 
-                "LD1 {v12.2d}, [%[input]], #16 \n"
-                "1:\n"
-                "#CBC operations, xorbuf in with current aes->reg \n"
-                "EOR v0.16b, v0.16b, v12.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v5.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v6.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v7.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v8.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v9.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v10.16b  \n"
-                "SUB w11, w11, #1 \n"
-                "EOR v0.16b, v0.16b, v11.16b  \n"
-                "ST1 {v0.2d}, [%[out]], #16   \n"
+            "LD1 {v12.2d}, [%[in]], #16 \n"
+        "1:\n"
+            "#CBC operations, xorbuf in with current reg \n"
+            "EOR v0.16b, v0.16b, v12.16b \n"
+            "AESE v0.16b, v1.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v2.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v3.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v4.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v5.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v6.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v7.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v8.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v9.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v10.16b  \n"
+            "SUB w11, w11, #1 \n"
+            "EOR v0.16b, v0.16b, v11.16b  \n"
+            "ST1 {v0.2d}, [%[out]], #16   \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v12.2d}, [%[input]], #16 \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v12.2d}, [%[in]], #16 \n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v0.2d}, [%[regOut]] \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v0.2d}, [%[reg]] \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
+        );
+        break;
 #endif /* WOLFSSL_AES_128 */
 #ifdef WOLFSSL_AES_192
-            case 12: /* AES 192 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, %[Key], #64  \n"
-                "LD1 {v5.2d-v8.2d}, %[Key], #64  \n"
-                "LD1 {v9.2d-v12.2d},%[Key], #64  \n"
-                "LD1 {v13.2d}, %[Key], #16 \n"
-                "LD1 {v0.2d}, %[reg] \n"
+    case 12: /* AES 192 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v12.2d},[%[key]], #64  \n"
+            "LD1 {v13.2d}, [%[key]], #16 \n"
+            "LD1 {v0.2d}, [%[reg]] \n"
 
-                "LD1 {v14.2d}, [%[input]], #16  \n"
-                "1:\n"
-                "#CBC operations, xorbuf in with current aes->reg \n"
-                "EOR v0.16b, v0.16b, v14.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v5.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v6.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v7.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v8.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v9.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v10.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v11.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v12.16b \n"
-                "EOR v0.16b, v0.16b, v13.16b  \n"
-                "SUB w11, w11, #1 \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
+            "LD1 {v14.2d}, [%[in]], #16  \n"
+        "1:\n"
+            "#CBC operations, xorbuf in with current reg \n"
+            "EOR v0.16b, v0.16b, v14.16b \n"
+            "AESE v0.16b, v1.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v2.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v3.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v4.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v5.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v6.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v7.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v8.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v9.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v10.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v11.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v12.16b \n"
+            "EOR v0.16b, v0.16b, v13.16b  \n"
+            "SUB w11, w11, #1 \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v14.2d}, [%[input]], #16\n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v14.2d}, [%[in]], #16\n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v0.2d}, %[regOut]   \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v0.2d}, [%[reg]]   \n"
 
-
-                :[out] "=r" (out), [regOut] "=m" (aes->reg), "=r" (in)
-                :"0" (out), [Key] "m" (aes->key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "m" (aes->reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14"
+        );
+        break;
 #endif /* WOLFSSL_AES_192*/
 #ifdef WOLFSSL_AES_256
-            case 14: /* AES 256 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d},   %[Key], #64 \n"
+    case 14: /* AES 256 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d},   [%[key]], #64 \n"
 
-                "LD1 {v5.2d-v8.2d},   %[Key], #64 \n"
-                "LD1 {v9.2d-v12.2d},  %[Key], #64 \n"
-                "LD1 {v13.2d-v15.2d}, %[Key], #48 \n"
-                "LD1 {v0.2d}, %[reg] \n"
+            "LD1 {v5.2d-v8.2d},   [%[key]], #64 \n"
+            "LD1 {v9.2d-v12.2d},  [%[key]], #64 \n"
+            "LD1 {v13.2d-v15.2d}, [%[key]], #48 \n"
+            "LD1 {v0.2d}, [%[reg]] \n"
 
-                "LD1 {v16.2d}, [%[input]], #16  \n"
-                "1: \n"
-                "#CBC operations, xorbuf in with current aes->reg \n"
-                "EOR v0.16b, v0.16b, v16.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v5.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v6.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v7.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v8.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v9.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v10.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v11.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v12.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v13.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v14.16b \n"
-                "EOR v0.16b, v0.16b, v15.16b \n"
-                "SUB w11, w11, #1     \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
+            "LD1 {v16.2d}, [%[in]], #16  \n"
+        "1: \n"
+            "#CBC operations, xorbuf in with current reg \n"
+            "EOR v0.16b, v0.16b, v16.16b \n"
+            "AESE v0.16b, v1.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v2.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v3.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v4.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v5.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v6.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v7.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v8.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v9.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v10.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v11.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v12.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v13.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v14.16b \n"
+            "EOR v0.16b, v0.16b, v15.16b \n"
+            "SUB w11, w11, #1     \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v16.2d}, [%[input]], #16 \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v16.2d}, [%[in]], #16 \n"
+            "B 1b \n"
 
-                "2: \n"
-                "#store current counter value at the end \n"
-                "ST1 {v0.2d}, %[regOut]   \n"
+        "2: \n"
+            "#store current counter value at the end \n"
+            "ST1 {v0.2d}, [%[reg]]   \n"
 
-
-                :[out] "=r" (out), [regOut] "=m" (aes->reg), "=r" (in)
-                :"0" (out), [Key] "m" (aes->key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "m" (aes->reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
-                "v16"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
+            "v16"
+        );
+        break;
 #endif /* WOLFSSL_AES_256 */
-            default:
-                WOLFSSL_MSG("Bad AES-CBC round value");
-                return BAD_FUNC_ARG;
-            }
-        }
-
-        return 0;
     }
+}
 
-    #ifdef HAVE_AES_DECRYPT
-    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-    {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+#ifdef HAVE_AES_DECRYPT
+void AES_CBC_decrypt_AARCH64(const byte* in, byte* out, word32 sz,
+    byte* reg, byte* key, int rounds)
+{
+    word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
-        if (aes == NULL || out == NULL || in == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (sz == 0) {
-            return 0;
-        }
-
-        if (sz % AES_BLOCK_SIZE) {
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-            return BAD_LENGTH_E;
-#else
-            return BAD_FUNC_ARG;
-#endif
-        }
-
-        /* do as many block size ops as possible */
-        if (numBlocks > 0) {
-            word32* key = aes->key;
-            word32* reg = aes->reg;
-
-            switch(aes->rounds) {
+    switch (rounds) {
 #ifdef WOLFSSL_AES_128
-            case 10: /* AES 128 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d}, [%[Key]], #64  \n"
-                "LD1 {v9.2d-v11.2d},[%[Key]], #48  \n"
-                "LD1 {v13.2d}, [%[reg]] \n"
+    case 10: /* AES 128 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v11.2d},[%[key]], #48  \n"
+            "LD1 {v13.2d}, [%[reg]] \n"
 
-                "1:\n"
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "MOV v12.16b, v0.16b \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v5.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v6.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v7.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v8.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v9.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v10.16b  \n"
-                "EOR v0.16b, v0.16b, v11.16b \n"
+        "1:\n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+            "MOV v12.16b, v0.16b \n"
+            "AESD v0.16b, v1.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v2.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v3.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v4.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v5.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v6.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v7.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v8.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v9.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v10.16b  \n"
+            "EOR v0.16b, v0.16b, v11.16b \n"
 
-                "EOR v0.16b, v0.16b, v13.16b \n"
-                "SUB w11, w11, #1            \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
-                "MOV v13.16b, v12.16b        \n"
+            "EOR v0.16b, v0.16b, v13.16b \n"
+            "SUB w11, w11, #1            \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
+            "MOV v13.16b, v12.16b        \n"
 
-                "CBZ w11, 2f \n"
-                "B 1b      \n"
+            "CBZ w11, 2f \n"
+            "B 1b      \n"
 
-                "2: \n"
-                "#store current counter value at the end \n"
-                "ST1 {v13.2d}, [%[regOut]] \n"
+        "2: \n"
+            "#store current counter value at the end \n"
+            "ST1 {v13.2d}, [%[reg]] \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
+        );
+        break;
 #endif /* WOLFSSL_AES_128 */
 #ifdef WOLFSSL_AES_192
-            case 12: /* AES 192 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d}, [%[Key]], #64  \n"
-                "LD1 {v9.2d-v12.2d},[%[Key]], #64  \n"
-                "LD1 {v13.16b}, [%[Key]], #16 \n"
-                "LD1 {v15.2d}, [%[reg]]       \n"
+    case 12: /* AES 192 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v12.2d},[%[key]], #64  \n"
+            "LD1 {v13.16b}, [%[key]], #16 \n"
+            "LD1 {v15.2d}, [%[reg]]       \n"
 
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "1:    \n"
-                "MOV v14.16b, v0.16b   \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v5.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v6.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v7.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v8.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v9.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v10.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v11.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v12.16b  \n"
-                "EOR v0.16b, v0.16b, v13.16b \n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+        "1:    \n"
+            "MOV v14.16b, v0.16b   \n"
+            "AESD v0.16b, v1.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v2.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v3.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v4.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v5.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v6.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v7.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v8.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v9.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v10.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v11.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v12.16b  \n"
+            "EOR v0.16b, v0.16b, v13.16b \n"
 
-                "EOR v0.16b, v0.16b, v15.16b \n"
-                "SUB w11, w11, #1            \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
-                "MOV v15.16b, v14.16b        \n"
+            "EOR v0.16b, v0.16b, v15.16b \n"
+            "SUB w11, w11, #1            \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
+            "MOV v15.16b, v14.16b        \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v0.2d}, [%[input]], #16 \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v0.2d}, [%[in]], #16 \n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v15.2d}, [%[regOut]] \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v15.2d}, [%[reg]] \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15"
+        );
+        break;
 #endif /* WOLFSSL_AES_192 */
 #ifdef WOLFSSL_AES_256
-            case 14: /* AES 256 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d},   [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d},   [%[Key]], #64  \n"
-                "LD1 {v9.2d-v12.2d},  [%[Key]], #64  \n"
-                "LD1 {v13.2d-v15.2d}, [%[Key]], #48  \n"
-                "LD1 {v17.2d}, [%[reg]] \n"
+    case 14: /* AES 256 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d},   [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d},   [%[key]], #64  \n"
+            "LD1 {v9.2d-v12.2d},  [%[key]], #64  \n"
+            "LD1 {v13.2d-v15.2d}, [%[key]], #48  \n"
+            "LD1 {v17.2d}, [%[reg]] \n"
 
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "1:    \n"
-                "MOV v16.16b, v0.16b   \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v5.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v6.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v7.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v8.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v9.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v10.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v11.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v12.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v13.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v14.16b  \n"
-                "EOR v0.16b, v0.16b, v15.16b \n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+        "1:    \n"
+            "MOV v16.16b, v0.16b   \n"
+            "AESD v0.16b, v1.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v2.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v3.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v4.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v5.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v6.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v7.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v8.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v9.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v10.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v11.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v12.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v13.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v14.16b  \n"
+            "EOR v0.16b, v0.16b, v15.16b \n"
 
-                "EOR v0.16b, v0.16b, v17.16b \n"
-                "SUB w11, w11, #1            \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
-                "MOV v17.16b, v16.16b        \n"
+            "EOR v0.16b, v0.16b, v17.16b \n"
+            "SUB w11, w11, #1            \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
+            "MOV v17.16b, v16.16b        \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v17.2d}, [%[regOut]]   \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v17.2d}, [%[reg]]   \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
-                "v16", "v17"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
+            "v16", "v17"
+        );
+        break;
 #endif /* WOLFSSL_AES_256 */
-            default:
-                WOLFSSL_MSG("Bad AES-CBC round value");
-                return BAD_FUNC_ARG;
-            }
-        }
-
-        return 0;
     }
-    #endif
+}
+#endif
 
 #endif /* HAVE_AES_CBC */
 
@@ -1393,57 +1465,28 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in,
     }
 }
 
-int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+void AES_CTR_encrypt_AARCH64(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     byte* tmp;
     word32 numBlocks;
 
-    if (aes == NULL || out == NULL || in == NULL) {
-        return BAD_FUNC_ARG;
-    }
-    switch(aes->rounds) {
-    #ifdef WOLFSSL_AES_128
-        case 10: /* AES 128 BLOCK */
-    #endif /* WOLFSSL_AES_128 */
-    #ifdef WOLFSSL_AES_192
-        case 12: /* AES 192 BLOCK */
-    #endif /* WOLFSSL_AES_192 */
-    #ifdef WOLFSSL_AES_256
-        case 14: /* AES 256 BLOCK */
-    #endif /* WOLFSSL_AES_256 */
-            break;
-        default:
-            WOLFSSL_MSG("Bad AES-CTR round value");
-            return BAD_FUNC_ARG;
-    }
-
-
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
-
-    /* consume any unused bytes left in aes->tmp */
-    while ((aes->left != 0) && (sz != 0)) {
-       *(out++) = *(in++) ^ *(tmp++);
-       aes->left--;
-       sz--;
-    }
-
     /* do as many block size ops as possible */
-    numBlocks = sz / AES_BLOCK_SIZE;
+    numBlocks = sz / WC_AES_BLOCK_SIZE;
     if (numBlocks > 0) {
         wc_aes_ctr_encrypt_asm(aes, out, in, (byte*)aes->key, numBlocks);
 
-        sz  -= numBlocks * AES_BLOCK_SIZE;
-        out += numBlocks * AES_BLOCK_SIZE;
-        in  += numBlocks * AES_BLOCK_SIZE;
+        sz  -= numBlocks * WC_AES_BLOCK_SIZE;
+        out += numBlocks * WC_AES_BLOCK_SIZE;
+        in  += numBlocks * WC_AES_BLOCK_SIZE;
     }
 
     /* handle non block size remaining */
     if (sz) {
-        byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
+        byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
                                        0, 0, 0, 0, 0, 0, 0, 0 };
         wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, (byte*)aes->key, 1);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -1451,14 +1494,6 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             aes->left--;
         }
     }
-    return 0;
-}
-
-int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
-        const byte* iv, int dir)
-{
-    (void)dir;
-    return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
@@ -1473,7 +1508,7 @@ int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
 
 /* PMULL and RBIT only with AArch64 */
 /* Use ARM hardware for polynomial multiply */
-void GMULT(byte* X, byte* Y)
+void GMULT_AARCH64(byte* X, byte* Y)
 {
     __asm__ volatile (
         "LD1 {v0.16b}, [%[X]] \n"
@@ -1505,10 +1540,10 @@ void GMULT(byte* X, byte* Y)
     );
 }
 
-void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
-    word32 cSz, byte* s, word32 sSz)
+static void GHASH_AARCH64_EOR(Gcm* gcm, const byte* a, word32 aSz,
+    const byte* c, word32 cSz, byte* s, word32 sSz)
 {
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     __asm__ __volatile__ (
         "LD1 {v3.16b}, %[h] \n"
@@ -1517,6 +1552,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "USHR v7.2d, v7.2d, #56 \n"
 
         "# AAD \n"
+        "CBZ %[a], 20f \n"
         "CBZ %w[aSz], 20f \n"
         "MOV w12, %w[aSz] \n"
 
@@ -1580,12 +1616,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v9.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
-#else
         "EOR v12.16b, v12.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v8.1q, v11.1d, v5.1d \n"
         "PMULL2 v9.1q, v11.2d, v5.2d \n"
@@ -1594,12 +1626,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v11.16b, v11.16b, v11.16b, #8 \n"
         "PMULL  v9.1q, v11.1d, v5.1d \n"
         "PMULL2 v11.1q, v11.2d, v5.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
-#else
         "EOR v11.16b, v11.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v11.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v8.1q, v10.1d, v6.1d \n"
         "PMULL2 v9.1q, v10.2d, v6.2d \n"
@@ -1608,23 +1636,13 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v10.16b, v10.16b, v10.16b, #8 \n"
         "PMULL  v9.1q, v10.1d, v6.1d \n"
         "PMULL2 v10.1q, v10.2d, v6.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
-#else
         "EOR v10.16b, v10.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v10.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v9.16b, v0.16b, v1.16b, #8 \n"
         "PMULL2 v8.1q, v1.2d, v7.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
-#else
         "EOR v9.16b, v9.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v9.16b, v9.16b, v8.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v8.1q, v9.2d, v7.2d \n"
         "MOV v0.D[1], v9.D[0] \n"
         "EOR v0.16b, v0.16b, v8.16b \n"
@@ -1687,6 +1705,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 
         "20: \n"
         "# Cipher Text \n"
+        "CBZ %[c], 120f \n"
         "CBZ %w[cSz], 120f \n"
         "MOV w12, %w[cSz] \n"
 
@@ -1750,12 +1769,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v9.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
-#else
         "EOR v12.16b, v12.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v8.1q, v11.1d, v5.1d \n"
         "PMULL2 v9.1q, v11.2d, v5.2d \n"
@@ -1764,12 +1779,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v11.16b, v11.16b, v11.16b, #8 \n"
         "PMULL  v9.1q, v11.1d, v5.1d \n"
         "PMULL2 v11.1q, v11.2d, v5.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
-#else
         "EOR v11.16b, v11.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v11.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v8.1q, v10.1d, v6.1d \n"
         "PMULL2 v9.1q, v10.2d, v6.2d \n"
@@ -1778,23 +1789,13 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v10.16b, v10.16b, v10.16b, #8 \n"
         "PMULL  v9.1q, v10.1d, v6.1d \n"
         "PMULL2 v10.1q, v10.2d, v6.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
-#else
         "EOR v10.16b, v10.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v10.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v9.16b, v0.16b, v1.16b, #8 \n"
         "PMULL2 v8.1q, v1.2d, v7.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
-#else
         "EOR v9.16b, v9.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v9.16b, v9.16b, v8.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v8.1q, v9.2d, v7.2d \n"
         "MOV v0.D[1], v9.D[0] \n"
         "EOR v0.16b, v0.16b, v8.16b \n"
@@ -1872,15 +1873,642 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 
     XMEMCPY(s, scratch, sSz);
 }
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+
+static void GHASH_AARCH64_EOR3(Gcm* gcm, const byte* a, word32 aSz,
+    const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte scratch[WC_AES_BLOCK_SIZE];
+
+    __asm__ __volatile__ (
+        "LD1 {v3.16b}, %[h] \n"
+        "MOVI v7.16b, #0x87 \n"
+        "EOR v0.16b, v0.16b, v0.16b \n"
+        "USHR v7.2d, v7.2d, #56 \n"
+
+        "# AAD \n"
+        "CBZ %[a], 20f \n"
+        "CBZ %w[aSz], 20f \n"
+        "MOV w12, %w[aSz] \n"
+
+        "CMP x12, #64 \n"
+        "BLT 15f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v11.1q, v3.2d, v3.2d \n"
+        "PMULL  v10.1q, v3.1d, v3.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v4.16b, v10.16b, v11.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v10.1q, v4.1d, v3.1d \n"
+        "PMULL2 v11.1q, v4.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v4.1d, v12.1d \n"
+        "PMULL2 v12.1q, v4.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v5.16b, v10.16b, v12.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v11.1q, v4.2d, v4.2d \n"
+        "PMULL  v10.1q, v4.1d, v4.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v6.16b, v10.16b, v11.16b \n"
+        "14: \n"
+        "LD1 {v10.2d-v13.2d}, [%[a]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v10.16b, v10.16b \n"
+        "RBIT v11.16b, v11.16b \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "EOR v10.16b, v10.16b, v0.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v0.1q, v13.1d, v3.1d \n"
+        "PMULL2 v1.1q, v13.2d, v3.2d \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v2.1q, v13.1d, v3.1d \n"
+        "PMULL2 v9.1q, v13.2d, v3.2d \n"
+        "EOR v2.16b, v2.16b, v9.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v8.1q, v12.1d, v4.1d \n"
+        "PMULL2 v9.1q, v12.2d, v4.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v9.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v8.1q, v11.1d, v5.1d \n"
+        "PMULL2 v9.1q, v11.2d, v5.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v11.16b, v11.16b, v11.16b, #8 \n"
+        "PMULL  v9.1q, v11.1d, v5.1d \n"
+        "PMULL2 v11.1q, v11.2d, v5.2d \n"
+        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v8.1q, v10.1d, v6.1d \n"
+        "PMULL2 v9.1q, v10.2d, v6.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v10.16b, v10.16b, v10.16b, #8 \n"
+        "PMULL  v9.1q, v10.1d, v6.1d \n"
+        "PMULL2 v10.1q, v10.2d, v6.2d \n"
+        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v9.16b, v0.16b, v1.16b, #8 \n"
+        "PMULL2 v8.1q, v1.2d, v7.2d \n"
+        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
+        "PMULL2 v8.1q, v9.2d, v7.2d \n"
+        "MOV v0.D[1], v9.D[0] \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 14b \n"
+        "CBZ x12, 20f \n"
+        "15: \n"
+        "CMP x12, #16 \n"
+        "BLT 12f \n"
+        "11: \n"
+        "LD1 {v14.2d}, [%[a]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 11b \n"
+        "CBZ x12, 120f \n"
+        "12: \n"
+        "# Partial AAD \n"
+        "EOR v14.16b, v14.16b, v14.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v14.2d}, [%[scratch]] \n"
+        "13: \n"
+        "LDRB w13, [%[a]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 13b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v14.2d}, [%[scratch]] \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+
+        "20: \n"
+        "# Cipher Text \n"
+        "CBZ %[c], 120f \n"
+        "CBZ %w[cSz], 120f \n"
+        "MOV w12, %w[cSz] \n"
+
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v11.1q, v3.2d, v3.2d \n"
+        "PMULL  v10.1q, v3.1d, v3.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v4.16b, v10.16b, v11.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v10.1q, v4.1d, v3.1d \n"
+        "PMULL2 v11.1q, v4.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v4.1d, v12.1d \n"
+        "PMULL2 v12.1q, v4.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v5.16b, v10.16b, v12.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v11.1q, v4.2d, v4.2d \n"
+        "PMULL  v10.1q, v4.1d, v4.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v6.16b, v10.16b, v11.16b \n"
+        "114: \n"
+        "LD1 {v10.2d-v13.2d}, [%[c]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v10.16b, v10.16b \n"
+        "RBIT v11.16b, v11.16b \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "EOR v10.16b, v10.16b, v0.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v0.1q, v13.1d, v3.1d \n"
+        "PMULL2 v1.1q, v13.2d, v3.2d \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v2.1q, v13.1d, v3.1d \n"
+        "PMULL2 v9.1q, v13.2d, v3.2d \n"
+        "EOR v2.16b, v2.16b, v9.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v8.1q, v12.1d, v4.1d \n"
+        "PMULL2 v9.1q, v12.2d, v4.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v9.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v8.1q, v11.1d, v5.1d \n"
+        "PMULL2 v9.1q, v11.2d, v5.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v11.16b, v11.16b, v11.16b, #8 \n"
+        "PMULL  v9.1q, v11.1d, v5.1d \n"
+        "PMULL2 v11.1q, v11.2d, v5.2d \n"
+        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v8.1q, v10.1d, v6.1d \n"
+        "PMULL2 v9.1q, v10.2d, v6.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v10.16b, v10.16b, v10.16b, #8 \n"
+        "PMULL  v9.1q, v10.1d, v6.1d \n"
+        "PMULL2 v10.1q, v10.2d, v6.2d \n"
+        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v9.16b, v0.16b, v1.16b, #8 \n"
+        "PMULL2 v8.1q, v1.2d, v7.2d \n"
+        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
+        "PMULL2 v8.1q, v9.2d, v7.2d \n"
+        "MOV v0.D[1], v9.D[0] \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v14.2d}, [%[c]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial cipher text \n"
+        "EOR v14.16b, v14.16b, v14.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v14.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[c]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v14.2d}, [%[scratch]] \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+        "120: \n"
+        "RBIT v0.16b, v0.16b \n"
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[cSz], %x[cSz], #3 \n"
+        "MOV v10.D[0], %x[aSz] \n"
+        "MOV v10.D[1], %x[cSz] \n"
+        "REV64 v10.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v10.16b \n"
+        "ST1 {v0.16b}, [%[scratch]] \n"
+        : [cSz] "+r" (cSz), [c] "+r" (c), [aSz] "+r" (aSz), [a] "+r" (a)
+        : [scratch] "r" (scratch), [h] "m" (gcm->H)
+        : "cc", "memory", "w12", "w13", "x14",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14"
+    );
+
+    XMEMCPY(s, scratch, sSz);
+}
+#endif
+
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+
+#define GHASH_AARCH64(gcm, a, aSz, c, cSz, s, sSz)              \
+    do {                                                        \
+        if (aes->use_sha3_hw_crypto) {                          \
+            GHASH_AARCH64_EOR3(gcm, a, aSz, c, cSz, s, sSz);    \
+        }                                                       \
+        else {                                                  \
+            GHASH_AARCH64_EOR(gcm, a, aSz, c, cSz, s, sSz);     \
+        }                                                       \
+    }                                                           \
+    while (0)
+
+#else
+
+    #define GHASH_AARCH64(gcm, a, aSz, c, cSz, s, sSz)          \
+        GHASH_AARCH64_EOR(gcm, a, aSz, c, cSz, s, sSz)
+
+#endif
+
+#ifdef WOLFSSL_AESGCM_STREAM
+    /* Access initialization counter data. */
+    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE)
+    /* Access counter data. */
+    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE)
+    /* Access tag data. */
+    #define AES_TAG(aes)            ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE)
+    /* Access last GHASH block. */
+    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE)
+    /* Access last encrypted block. */
+    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE)
+
+/* GHASH one block of data.
+ *
+ * XOR block into tag and GMULT with H.
+ *
+ * @param [in, out] aes    AES GCM object.
+ * @param [in]      block  Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK_AARCH64(aes, block)             \
+    do {                                                \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
+        GMULT_AARCH64(AES_TAG(aes), aes->gcm.H);        \
+    }                                                   \
+    while (0)
+
+/* Hash in the lengths of the AAD and cipher text in bits.
+ *
+ * Default implementation.
+ *
+ * @param [in, out] aes  AES GCM object.
+ */
+#define GHASH_LEN_BLOCK_AARCH64(aes)            \
+    do {                                        \
+        byte scratch[WC_AES_BLOCK_SIZE];        \
+        FlattenSzInBits(&scratch[0], aes->aSz); \
+        FlattenSzInBits(&scratch[8], aes->cSz); \
+        GHASH_ONE_BLOCK_AARCH64(aes, scratch);  \
+    }                                           \
+    while (0)
+
+/* Update the GHASH with AAD and/or cipher text.
+ *
+ * @param [in,out] aes   AES GCM object.
+ * @param [in]     a     Additional authentication data buffer.
+ * @param [in]     aSz   Size of data in AAD buffer.
+ * @param [in]     c     Cipher text buffer.
+ * @param [in]     cSz   Size of data in cipher text buffer.
+ */
+void GHASH_UPDATE_AARCH64(Aes* aes, const byte* a, word32 aSz, const byte* c,
+    word32 cSz)
+{
+    word32 blocks;
+    word32 partial;
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        /* Update count of AAD we have hashed. */
+        aes->aSz += aSz;
+        /* Check if we have unprocessed data. */
+        if (aes->aOver > 0) {
+            /* Calculate amount we can use - fill up the block. */
+            byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
+            if (sz > aSz) {
+                sz = aSz;
+            }
+            /* Copy extra into last GHASH block array and update count. */
+            XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
+            aes->aOver += sz;
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
+                /* We have filled up the block and can process. */
+                GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+                /* Reset count. */
+                aes->aOver = 0;
+            }
+            /* Used up some data. */
+            aSz -= sz;
+            a += sz;
+        }
+
+        /* Calculate number of blocks of AAD and the leftover. */
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
+        /* GHASH full blocks now. */
+        while (blocks--) {
+            GHASH_ONE_BLOCK_AARCH64(aes, a);
+            a += WC_AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            /* Cache the partial block. */
+            XMEMCPY(AES_LASTGBLOCK(aes), a, partial);
+            aes->aOver = (byte)partial;
+        }
+    }
+    if (aes->aOver > 0 && cSz > 0 && c != NULL) {
+        /* No more AAD coming and we have a partial block. */
+        /* Fill the rest of the block with zeros. */
+        byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
+        XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
+        /* GHASH last AAD block. */
+        GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+        /* Clear partial count for next time through. */
+        aes->aOver = 0;
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        /* Update count of cipher text we have hashed. */
+        aes->cSz += cSz;
+        if (aes->cOver > 0) {
+            /* Calculate amount we can use - fill up the block. */
+            byte sz = WC_AES_BLOCK_SIZE - aes->cOver;
+            if (sz > cSz) {
+                sz = cSz;
+            }
+            XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
+            /* Update count of unused encrypted counter. */
+            aes->cOver += sz;
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
+                /* We have filled up the block and can process. */
+                GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+                /* Reset count. */
+                aes->cOver = 0;
+            }
+            /* Used up some data. */
+            cSz -= sz;
+            c += sz;
+        }
+
+        /* Calculate number of blocks of cipher text and the leftover. */
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
+        /* GHASH full blocks now. */
+        while (blocks--) {
+            GHASH_ONE_BLOCK_AARCH64(aes, c);
+            c += WC_AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            /* Cache the partial block. */
+            XMEMCPY(AES_LASTGBLOCK(aes), c, partial);
+            aes->cOver = (byte)partial;
+        }
+    }
+}
+
+/* Finalize the GHASH calculation.
+ *
+ * Complete hashing cipher text and hash the AAD and cipher text lengths.
+ *
+ * @param [in, out] aes  AES GCM object.
+ * @param [out]     s    Authentication tag.
+ * @param [in]      sSz  Size of authentication tag required.
+ */
+static void GHASH_FINAL_AARCH64(Aes* aes, byte* s, word32 sSz)
+{
+    /* AAD block incomplete when > 0 */
+    byte over = aes->aOver;
+
+    if (aes->cOver > 0) {
+        /* Cipher text block incomplete. */
+        over = aes->cOver;
+    }
+    if (over > 0) {
+        /* Zeroize the unused part of the block. */
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, WC_AES_BLOCK_SIZE - over);
+        /* Hash the last block of cipher text. */
+        GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+    }
+    /* Hash in the lengths of AAD and cipher text in bits */
+    GHASH_LEN_BLOCK_AARCH64(aes);
+    /* Copy the result into s. */
+    XMEMCPY(s, AES_TAG(aes), sSz);
+}
+
+void AES_GCM_init_AARCH64(Aes* aes, const byte* iv, word32 ivSz)
+{
+    ALIGN32 byte counter[WC_AES_BLOCK_SIZE];
+
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
+        XMEMCPY(counter, iv, ivSz);
+        XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
+                                      WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        /* Counter is GHASH of IV. */
+    #ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+    #endif
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    #ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+    #endif
+    }
+
+    /* Copy in the counter for use with cipher. */
+    XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE);
+    /* Encrypt initial counter into a buffer for GCM. */
+    AES_encrypt_AARCH64(counter, AES_INITCTR(aes), (byte*)aes->key,
+        (int)aes->rounds);
+}
+
+void AES_GCM_crypt_update_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz)
+{
+    word32 blocks;
+    word32 partial;
+
+    /* Check if previous encrypted block was not used up. */
+    if (aes->over > 0) {
+        byte pSz = WC_AES_BLOCK_SIZE - aes->over;
+        if (pSz > sz) pSz = sz;
+
+        /* Use some/all of last encrypted block. */
+        xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
+        aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1);
+
+        /* Some data used. */
+        sz  -= pSz;
+        in  += pSz;
+        out += pSz;
+    }
+
+    /* Calculate the number of blocks needing to be encrypted and any leftover.
+     */
+    blocks  = sz / WC_AES_BLOCK_SIZE;
+    partial = sz & (WC_AES_BLOCK_SIZE - 1);
+
+    /* Encrypt block by block. */
+    while (blocks--) {
+        ALIGN32 byte scratch[WC_AES_BLOCK_SIZE];
+        IncrementGcmCounter(AES_COUNTER(aes));
+        /* Encrypt counter into a buffer. */
+        AES_encrypt_AARCH64(AES_COUNTER(aes), scratch, (byte*)aes->key,
+            (int)aes->rounds);
+        /* XOR plain text into encrypted counter into cipher text buffer. */
+        xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE);
+        /* Data complete. */
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+    }
+
+    if (partial != 0) {
+        /* Generate an extra block and use up as much as needed. */
+        IncrementGcmCounter(AES_COUNTER(aes));
+        /* Encrypt counter into cache. */
+        AES_encrypt_AARCH64(AES_COUNTER(aes), AES_LASTBLOCK(aes),
+            (byte*)aes->key, (int)aes->rounds);
+        /* XOR plain text into encrypted counter into cipher text buffer. */
+        xorbufout(out, AES_LASTBLOCK(aes), in, partial);
+        /* Keep amount of encrypted block used. */
+        aes->over = partial;
+    }
+}
+
+/* Calculates authentication tag for AES GCM. C implementation.
+ *
+ * @param [in, out] aes        AES object.
+ * @param [out]     authTag    Buffer to store authentication tag in.
+ * @param [in]      authTagSz  Length of tag to create.
+ */
+void AES_GCM_final_AARCH64(Aes* aes, byte* authTag, word32 authTagSz)
+{
+    /* Calculate authentication tag. */
+    GHASH_FINAL_AARCH64(aes, authTag, authTagSz);
+    /* XOR in as much of encrypted counter as is required. */
+    xorbuf(authTag, AES_INITCTR(aes), authTagSz);
+#ifdef OPENSSL_EXTRA
+    /* store AAD size for next call */
+    aes->gcm.aadLen = aes->aSz;
+#endif
+    /* Zeroize last block to protect sensitive data. */
+    ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE);
+}
+#endif /* WOLFSSL_AESGCM_STREAM */
 
 #ifdef WOLFSSL_AES_128
-/* internal function : see wc_AesGcmEncrypt */
-static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-    const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -1889,14 +2517,14 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* keyPt = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -1970,12 +2598,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -1984,12 +2608,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -1998,23 +2618,13 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -2467,12 +3077,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -2491,12 +3097,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -2516,12 +3118,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -2541,12 +3139,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -2565,12 +3159,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -2590,12 +3180,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -2615,12 +3201,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -2630,16 +3212,10 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -2777,12 +3353,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -2791,12 +3363,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -2805,12 +3373,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v9.1d \n"
         "PMULL2 v3.1q, v15.2d, v9.2d \n"
@@ -2819,12 +3383,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v9.1d \n"
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v10.1d \n"
         "PMULL2 v3.1q, v14.2d, v10.2d \n"
@@ -2833,12 +3393,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v10.1d \n"
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v11.1d \n"
         "PMULL2 v3.1q, v13.2d, v11.2d \n"
@@ -2847,12 +3403,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v11.1d \n"
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v4.1d \n"
         "PMULL2 v3.1q, v12.2d, v4.2d \n"
@@ -2861,23 +3413,13 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -3066,12 +3608,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -3090,12 +3628,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -3114,12 +3648,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -3130,16 +3660,10 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -3210,12 +3734,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -3224,12 +3744,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -3238,23 +3754,13 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -3514,19 +4020,17 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
           "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
     );
-
-
-    return 0;
 }
 #endif /* WOLFSSL_AES_128 */
-#ifdef WOLFSSL_AES_192
-/* internal function : see wc_AesGcmEncrypt */
-static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-    const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_128
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes128GcmEncrypt_EOR3(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -3535,14 +4039,14 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* keyPt = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -3616,12 +4120,7 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -3630,12 +4129,7 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -3644,23 +4138,1509 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Encrypt plaintext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v10.1d, v16.1d \n"
+        "PMULL2 v19.1q, v10.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v10.1d, v20.1d \n"
+        "PMULL2 v20.1q, v10.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v19.16b \n"
+
+        "# First encrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First encrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Encrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to encrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+
+        "# Interweave GHASH and encrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "B 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "MOV x15, #16 \n"
+        "EOR w14, w14, w14 \n"
+        "SUB x15, x15, x11 \n"
+        "25: \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 25b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.2d}, [%[ctr]] \n"
+        "ST1 {v22.2d}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v15.d[0], %x[aSz] \n"
+        "MOV v15.d[1], %x[sz] \n"
+        "REV64 v15.16b, v15.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "ST1 {v0.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, %x[tagSz] \n"
+        "44: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[tag]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 44b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "41: \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+}
+#endif /* WOLFSSL_AES_128 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* keyPt = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -4147,12 +6127,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -4171,12 +6147,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -4196,12 +6168,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -4221,12 +6189,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -4245,12 +6209,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -4270,12 +6230,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -4295,12 +6251,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -4310,16 +6262,10 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -4491,12 +6437,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -4505,12 +6447,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -4519,12 +6457,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v9.1d \n"
         "PMULL2 v3.1q, v15.2d, v9.2d \n"
@@ -4533,12 +6467,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v9.1d \n"
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v10.1d \n"
         "PMULL2 v3.1q, v14.2d, v10.2d \n"
@@ -4547,12 +6477,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v10.1d \n"
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v11.1d \n"
         "PMULL2 v3.1q, v13.2d, v11.2d \n"
@@ -4561,12 +6487,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v11.1d \n"
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v4.1d \n"
         "PMULL2 v3.1q, v12.2d, v4.2d \n"
@@ -4575,23 +6497,13 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -4797,12 +6709,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -4821,12 +6729,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -4845,12 +6749,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -4861,16 +6761,10 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -4957,12 +6851,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -4971,12 +6861,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -4985,23 +6871,13 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -5277,19 +7153,17 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
           "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
     );
-
-
-    return 0;
 }
 #endif /* WOLFSSL_AES_192 */
-#ifdef WOLFSSL_AES_256
-/* internal function : see wc_AesGcmEncrypt */
-static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-    const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes192GcmEncrypt_EOR3(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -5298,14 +7172,14 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* keyPt = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -5379,12 +7253,7 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -5393,12 +7262,7 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -5407,23 +7271,1626 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Encrypt plaintext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v10.1d, v16.1d \n"
+        "PMULL2 v19.1q, v10.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v10.1d, v20.1d \n"
+        "PMULL2 v20.1q, v10.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v19.16b \n"
+
+        "# First encrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First encrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Encrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to encrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+
+        "# Interweave GHASH and encrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "B 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "MOV x15, #16 \n"
+        "EOR w14, w14, w14 \n"
+        "SUB x15, x15, x11 \n"
+        "25: \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 25b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.2d}, [%[ctr]] \n"
+        "ST1 {v22.2d}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v15.d[0], %x[aSz] \n"
+        "MOV v15.d[1], %x[sz] \n"
+        "REV64 v15.16b, v15.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "ST1 {v0.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, %x[tagSz] \n"
+        "44: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[tag]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 44b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "41: \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+}
+#endif /* WOLFSSL_AES_192 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* keyPt = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -5944,12 +9411,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -5968,12 +9431,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -5993,12 +9452,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -6018,12 +9473,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -6042,12 +9493,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -6067,12 +9514,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -6092,12 +9535,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -6107,16 +9546,10 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -6322,12 +9755,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -6336,12 +9765,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -6350,12 +9775,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v9.1d \n"
         "PMULL2 v3.1q, v15.2d, v9.2d \n"
@@ -6364,12 +9785,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v9.1d \n"
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v10.1d \n"
         "PMULL2 v3.1q, v14.2d, v10.2d \n"
@@ -6378,12 +9795,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v10.1d \n"
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v11.1d \n"
         "PMULL2 v3.1q, v13.2d, v11.2d \n"
@@ -6392,12 +9805,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v11.1d \n"
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v4.1d \n"
         "PMULL2 v3.1q, v12.2d, v4.2d \n"
@@ -6406,23 +9815,13 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -6645,12 +10044,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -6669,12 +10064,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -6693,12 +10084,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -6709,16 +10096,10 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -6822,12 +10203,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -6836,12 +10213,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -6850,23 +10223,13 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -7171,11 +10534,1751 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
           "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
     );
-
-
-    return 0;
 }
 #endif /* WOLFSSL_AES_256 */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes256GcmEncrypt_EOR3(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* keyPt = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Encrypt plaintext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v10.1d, v16.1d \n"
+        "PMULL2 v19.1q, v10.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v10.1d, v20.1d \n"
+        "PMULL2 v20.1q, v10.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v19.16b \n"
+
+        "# First encrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First encrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Encrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to encrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+
+        "# Interweave GHASH and encrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "B 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "MOV x15, #16 \n"
+        "EOR w14, w14, w14 \n"
+        "SUB x15, x15, x11 \n"
+        "25: \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 25b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.2d}, [%[ctr]] \n"
+        "ST1 {v22.2d}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v15.d[0], %x[aSz] \n"
+        "MOV v15.d[1], %x[sz] \n"
+        "REV64 v15.16b, v15.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "ST1 {v0.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, %x[tagSz] \n"
+        "44: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[tag]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 44b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "41: \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+}
+#endif /* WOLFSSL_AES_256 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
 
 /* aarch64 with PMULL and PMULL2
  * Encrypt and tag data using AES with GCM mode.
@@ -7198,65 +12301,80 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * by Conrado P.L. Gouvea and Julio Lopez reduction on 256bit value using
  * Algorithm 5
  */
-int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+void AES_GCM_encrypt_AARCH64(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    /* sanity checks */
-    if ((aes == NULL) || (iv == NULL && ivSz > 0) || (authTag == NULL) ||
-            ((authIn == NULL) && (authInSz > 0)) || (ivSz == 0)) {
-        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
-        return BAD_FUNC_ARG;
-    }
-
-    if ((authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) || (authTagSz > AES_BLOCK_SIZE)) {
-        WOLFSSL_MSG("GcmEncrypt authTagSz error");
-        return BAD_FUNC_ARG;
-    }
-
     switch (aes->rounds) {
 #ifdef WOLFSSL_AES_128
         case 10:
-            return Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                Aes128GcmEncrypt_EOR3(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                    authIn, authInSz);
+            }
+            break;
 #endif
 #ifdef WOLFSSL_AES_192
         case 12:
-            return Aes192GcmEncrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                Aes192GcmEncrypt_EOR3(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                Aes192GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                    authIn, authInSz);
+            }
+            break;
 #endif
 #ifdef WOLFSSL_AES_256
         case 14:
-            return Aes256GcmEncrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                Aes256GcmEncrypt_EOR3(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                Aes256GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                    authIn, authInSz);
+            }
+            break;
 #endif
-        default:
-            WOLFSSL_MSG("AES-GCM invalid round number");
-            return BAD_FUNC_ARG;
     }
 }
 
 #ifdef HAVE_AES_DECRYPT
 #ifdef WOLFSSL_AES_128
-/* internal function : see wc_AesGcmDecrypt */
+/* internal function : see AES_GCM_decrypt_AARCH64 */
 static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     byte *ctr = counter;
     byte* keyPt = (byte*)aes->key;
     int ret = 0;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -7330,12 +12448,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -7344,12 +12458,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -7358,23 +12468,13 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -7827,12 +12927,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -7851,12 +12947,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -7876,12 +12968,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -7901,12 +12989,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -7925,12 +13009,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -7950,12 +13030,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -7975,12 +13051,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -7990,16 +13062,10 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -8137,12 +13203,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -8151,12 +13213,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -8165,12 +13223,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v4.1d \n"
         "PMULL2 v3.1q, v15.2d, v4.2d \n"
@@ -8179,12 +13233,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v4.1d \n"
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v9.1d \n"
         "PMULL2 v3.1q, v14.2d, v9.2d \n"
@@ -8193,12 +13243,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v9.1d \n"
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v10.1d \n"
         "PMULL2 v3.1q, v13.2d, v10.2d \n"
@@ -8207,12 +13253,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v10.1d \n"
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v11.1d \n"
         "PMULL2 v3.1q, v12.2d, v11.2d \n"
@@ -8221,23 +13263,13 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v11.1d \n"
         "PMULL2 v12.1q, v12.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -8426,12 +13458,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -8450,12 +13478,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -8474,12 +13498,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -8490,16 +13510,10 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -8570,12 +13584,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -8584,12 +13594,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -8598,23 +13604,13 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -8888,26 +13884,27 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 #endif /* WOLFSSL_AES_128 */
-#ifdef WOLFSSL_AES_192
-/* internal function : see wc_AesGcmDecrypt */
-static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_128
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes128GcmDecrypt_EOR3(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     byte *ctr = counter;
     byte* keyPt = (byte*)aes->key;
     int ret = 0;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -8981,12 +13978,7 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -8995,12 +13987,7 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -9009,23 +13996,1517 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Decrypt ciphertext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v9.1d, v16.1d \n"
+        "PMULL2 v19.1q, v9.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v9.1d, v20.1d \n"
+        "PMULL2 v20.1q, v9.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v19.16b \n"
+
+        "# First decrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First decrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Decrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to decrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "# Interweave GHASH and decrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+        "CMP w11, #16 \n"
+        "BGE 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "RBIT v31.16b, v31.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v31.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "RBIT v31.16b, v31.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "EOR v0.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.16b}, [%[ctr]] \n"
+        "ST1 {v22.16b}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v28.d[0], %x[aSz] \n"
+        "MOV v28.d[1], %x[sz] \n"
+        "REV64 v28.16b, v28.16b \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "LD1 {v1.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "EOR v1.16b, v1.16b, v1.16b \n"
+        "MOV x15, %x[tagSz] \n"
+        "ST1 {v1.2d}, [%[scratch]] \n"
+        "43: \n"
+        "LDRB w14, [%[tag]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 43b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "LD1 {v1.2d}, [%[scratch]] \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV w14, #16 \n"
+        "SUB w14, w14, %w[tagSz] \n"
+        "ADD %[scratch], %[scratch], %x[tagSz] \n"
+        "44: \n"
+        "STRB wzr, [%[scratch]], #1 \n"
+        "SUB w14, w14, #1 \n"
+        "CBNZ w14, 44b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v0.2d}, [%[scratch]] \n"
+        "41: \n"
+        "EOR v0.16b, v0.16b, v1.16b \n"
+        "MOV v1.D[0], v0.D[1] \n"
+        "EOR v0.8b, v0.8b, v1.8b \n"
+        "MOV %x[ret], v0.D[0] \n"
+        "CMP %x[ret], #0 \n"
+        "MOV w11, #-180 \n"
+        "CSETM %w[ret], ne \n"
+        "AND %w[ret], %w[ret], w11 \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn),
+          [ret] "+r" (ret)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte *ctr = counter;
+    byte* keyPt = (byte*)aes->key;
+    int ret = 0;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -9512,12 +15993,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -9536,12 +16013,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -9561,12 +16034,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -9586,12 +16055,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -9610,12 +16075,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -9635,12 +16096,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -9660,12 +16117,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -9675,16 +16128,10 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -9856,12 +16303,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -9870,12 +16313,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -9884,12 +16323,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v4.1d \n"
         "PMULL2 v3.1q, v15.2d, v4.2d \n"
@@ -9898,12 +16333,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v4.1d \n"
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v9.1d \n"
         "PMULL2 v3.1q, v14.2d, v9.2d \n"
@@ -9912,12 +16343,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v9.1d \n"
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v10.1d \n"
         "PMULL2 v3.1q, v13.2d, v10.2d \n"
@@ -9926,12 +16353,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v10.1d \n"
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v11.1d \n"
         "PMULL2 v3.1q, v12.2d, v11.2d \n"
@@ -9940,23 +16363,13 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v11.1d \n"
         "PMULL2 v12.1q, v12.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -10162,12 +16575,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -10186,12 +16595,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -10210,12 +16615,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -10226,16 +16627,10 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -10322,12 +16717,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -10336,12 +16727,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -10350,23 +16737,13 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -10656,26 +17033,27 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 #endif /* WOLFSSL_AES_192 */
-#ifdef WOLFSSL_AES_256
-/* internal function : see wc_AesGcmDecrypt */
-static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes192GcmDecrypt_EOR3(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     byte *ctr = counter;
     byte* keyPt = (byte*)aes->key;
     int ret = 0;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -10749,12 +17127,7 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -10763,12 +17136,7 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -10777,23 +17145,1634 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Decrypt ciphertext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v9.1d, v16.1d \n"
+        "PMULL2 v19.1q, v9.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v9.1d, v20.1d \n"
+        "PMULL2 v20.1q, v9.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v19.16b \n"
+
+        "# First decrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First decrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Decrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to decrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "# Interweave GHASH and decrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+        "CMP w11, #16 \n"
+        "BGE 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "RBIT v31.16b, v31.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v31.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "RBIT v31.16b, v31.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v0.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.16b}, [%[ctr]] \n"
+        "ST1 {v22.16b}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v28.d[0], %x[aSz] \n"
+        "MOV v28.d[1], %x[sz] \n"
+        "REV64 v28.16b, v28.16b \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "LD1 {v1.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "EOR v1.16b, v1.16b, v1.16b \n"
+        "MOV x15, %x[tagSz] \n"
+        "ST1 {v1.2d}, [%[scratch]] \n"
+        "43: \n"
+        "LDRB w14, [%[tag]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 43b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "LD1 {v1.2d}, [%[scratch]] \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV w14, #16 \n"
+        "SUB w14, w14, %w[tagSz] \n"
+        "ADD %[scratch], %[scratch], %x[tagSz] \n"
+        "44: \n"
+        "STRB wzr, [%[scratch]], #1 \n"
+        "SUB w14, w14, #1 \n"
+        "CBNZ w14, 44b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v0.2d}, [%[scratch]] \n"
+        "41: \n"
+        "EOR v0.16b, v0.16b, v1.16b \n"
+        "MOV v1.D[0], v0.D[1] \n"
+        "EOR v0.8b, v0.8b, v1.8b \n"
+        "MOV %x[ret], v0.D[0] \n"
+        "CMP %x[ret], #0 \n"
+        "MOV w11, #-180 \n"
+        "CSETM %w[ret], ne \n"
+        "AND %w[ret], %w[ret], w11 \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn),
+          [ret] "+r" (ret)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_192 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte *ctr = counter;
+    byte* keyPt = (byte*)aes->key;
+    int ret = 0;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -11314,12 +19293,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -11338,12 +19313,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -11363,12 +19334,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -11388,12 +19355,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -11412,12 +19375,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -11437,12 +19396,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -11462,12 +19417,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -11477,16 +19428,10 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -11692,12 +19637,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -11706,12 +19647,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -11720,12 +19657,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v4.1d \n"
         "PMULL2 v3.1q, v15.2d, v4.2d \n"
@@ -11734,12 +19667,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v4.1d \n"
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v9.1d \n"
         "PMULL2 v3.1q, v14.2d, v9.2d \n"
@@ -11748,12 +19677,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v9.1d \n"
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v10.1d \n"
         "PMULL2 v3.1q, v13.2d, v10.2d \n"
@@ -11762,12 +19687,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v10.1d \n"
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v11.1d \n"
         "PMULL2 v3.1q, v12.2d, v11.2d \n"
@@ -11776,23 +19697,13 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v11.1d \n"
         "PMULL2 v12.1q, v12.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -12016,12 +19927,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -12040,12 +19947,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -12064,12 +19967,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -12080,16 +19979,10 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -12193,12 +20086,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -12207,12 +20096,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -12221,23 +20106,13 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -12545,6 +20420,1747 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 #endif /* WOLFSSL_AES_256 */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes256GcmDecrypt_EOR3(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte *ctr = counter;
+    byte* keyPt = (byte*)aes->key;
+    int ret = 0;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Decrypt ciphertext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v9.1d, v16.1d \n"
+        "PMULL2 v19.1q, v9.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v9.1d, v20.1d \n"
+        "PMULL2 v20.1q, v9.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v19.16b \n"
+
+        "# First decrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "LD1 {v14.2d-v15.2d}, [%[Key]] \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First decrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "# Decrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to decrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "# Interweave GHASH and decrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+        "CMP w11, #16 \n"
+        "BGE 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "RBIT v31.16b, v31.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v31.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "RBIT v31.16b, v31.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "EOR v0.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.16b}, [%[ctr]] \n"
+        "ST1 {v22.16b}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v28.d[0], %x[aSz] \n"
+        "MOV v28.d[1], %x[sz] \n"
+        "REV64 v28.16b, v28.16b \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "LD1 {v1.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "EOR v1.16b, v1.16b, v1.16b \n"
+        "MOV x15, %x[tagSz] \n"
+        "ST1 {v1.2d}, [%[scratch]] \n"
+        "43: \n"
+        "LDRB w14, [%[tag]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 43b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "LD1 {v1.2d}, [%[scratch]] \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV w14, #16 \n"
+        "SUB w14, w14, %w[tagSz] \n"
+        "ADD %[scratch], %[scratch], %x[tagSz] \n"
+        "44: \n"
+        "STRB wzr, [%[scratch]], #1 \n"
+        "SUB w14, w14, #1 \n"
+        "CBNZ w14, 44b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v0.2d}, [%[scratch]] \n"
+        "41: \n"
+        "EOR v0.16b, v0.16b, v1.16b \n"
+        "MOV v1.D[0], v0.D[1] \n"
+        "EOR v0.8b, v0.8b, v1.8b \n"
+        "MOV %x[ret], v0.D[0] \n"
+        "CMP %x[ret], #0 \n"
+        "MOV w11, #-180 \n"
+        "CSETM %w[ret], ne \n"
+        "AND %w[ret], %w[ret], w11 \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn),
+          [ret] "+r" (ret)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_256 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
 /*
  * Check tag and decrypt data using AES with GCM mode.
  * aes: Aes structure having already been set with set key function
@@ -12558,38 +22174,56 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * authIn:    additional data buffer
  * authInSz:  size of additional data buffer
  */
-int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+int AES_GCM_decrypt_AARCH64(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    /* sanity checks */
-    if ((aes == NULL) || (iv == NULL) || (authTag == NULL) ||
-            (authTagSz > AES_BLOCK_SIZE) || (authTagSz == 0) || (ivSz == 0) ||
-            ((sz != 0) && ((in == NULL) || (out == NULL)))) {
-        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
-        return BAD_FUNC_ARG;
-    }
-
     switch (aes->rounds) {
 #ifdef WOLFSSL_AES_128
         case 10:
-            return Aes128GcmDecrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                return Aes128GcmDecrypt_EOR3(aes, out, in, sz, iv, ivSz,
+                    authTag, authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                return Aes128GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
 #endif
 #ifdef WOLFSSL_AES_192
         case 12:
-            return Aes192GcmDecrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                return Aes192GcmDecrypt_EOR3(aes, out, in, sz, iv, ivSz,
+                    authTag, authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                return Aes192GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
 #endif
 #ifdef WOLFSSL_AES_256
         case 14:
-            return Aes256GcmDecrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                return Aes256GcmDecrypt_EOR3(aes, out, in, sz, iv, ivSz,
+                    authTag, authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                return Aes256GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
 #endif
-        default:
-            WOLFSSL_MSG("AES-GCM invalid round number");
-            return BAD_FUNC_ARG;
     }
+
+    return BAD_FUNC_ARG;
 }
 
 #endif /* HAVE_AES_DECRYPT */
@@ -12763,7 +22397,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #ifdef HAVE_AES_CBC
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+        word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
         if (aes == NULL || out == NULL || in == NULL) {
             return BAD_FUNC_ARG;
@@ -12774,7 +22408,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         }
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -13005,7 +22639,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     #ifdef HAVE_AES_DECRYPT
     int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+        word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
         if (aes == NULL || out == NULL || in == NULL) {
             return BAD_FUNC_ARG;
@@ -13015,7 +22649,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             return 0;
         }
 
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -13838,7 +23472,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
 
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
 
     /* consume any unused bytes left in aes->tmp */
     while ((aes->left != 0) && (sz != 0)) {
@@ -13848,22 +23482,22 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* do as many block size ops as possible */
-    numBlocks = sz / AES_BLOCK_SIZE;
+    numBlocks = sz / WC_AES_BLOCK_SIZE;
     if (numBlocks > 0) {
         wc_aes_ctr_encrypt_asm(aes, out, in, numBlocks);
 
-        sz  -= numBlocks * AES_BLOCK_SIZE;
-        out += numBlocks * AES_BLOCK_SIZE;
-        in  += numBlocks * AES_BLOCK_SIZE;
+        sz  -= numBlocks * WC_AES_BLOCK_SIZE;
+        out += numBlocks * WC_AES_BLOCK_SIZE;
+        in  += numBlocks * WC_AES_BLOCK_SIZE;
     }
 
     /* handle non block size remaining */
     if (sz) {
-        byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
+        byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
                                        0, 0, 0, 0, 0, 0, 0, 0 };
         wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -13951,43 +23585,43 @@ void GMULT(byte* X, byte* Y)
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
     byte* h = gcm->H;
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
@@ -13995,7 +23629,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, h);
 
     /* Copy the result into s. */
@@ -14021,14 +23655,14 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* p = in;
     byte* c = out;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
     byte *ctr ;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     ctr = counter ;
 
     /* sanity checks */
@@ -14040,28 +23674,28 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > AES_BLOCK_SIZE) {
+    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("GcmEncrypt authTagSz error");
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(ctr, initialCounter, WC_AES_BLOCK_SIZE);
 
     while (blocks--) {
         IncrementGcmCounter(ctr);
         wc_AesEncrypt(aes, ctr, scratch);
-        xorbuf(scratch, p, AES_BLOCK_SIZE);
-        XMEMCPY(c, scratch, AES_BLOCK_SIZE);
-        p += AES_BLOCK_SIZE;
-        c += AES_BLOCK_SIZE;
+        xorbuf(scratch, p, WC_AES_BLOCK_SIZE);
+        XMEMCPY(c, scratch, WC_AES_BLOCK_SIZE);
+        p += WC_AES_BLOCK_SIZE;
+        c += WC_AES_BLOCK_SIZE;
     }
 
     if (partial != 0) {
@@ -14074,8 +23708,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz);
     wc_AesEncrypt(aes, initialCounter, scratch);
-    if (authTagSz > AES_BLOCK_SIZE) {
-        xorbuf(authTag, scratch, AES_BLOCK_SIZE);
+    if (authTagSz > WC_AES_BLOCK_SIZE) {
+        xorbuf(authTag, scratch, WC_AES_BLOCK_SIZE);
     }
     else {
         xorbuf(authTag, scratch, authTagSz);
@@ -14104,39 +23738,39 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* c = in;
     byte* p = out;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
     byte *ctr ;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     ctr = counter ;
 
     /* sanity checks */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0) {
         WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(ctr, initialCounter, WC_AES_BLOCK_SIZE);
 
     /* Calculate the authTag again using the received auth data and the
      * cipher text. */
     {
-        byte Tprime[AES_BLOCK_SIZE];
-        byte EKY0[AES_BLOCK_SIZE];
+        byte Tprime[WC_AES_BLOCK_SIZE];
+        byte EKY0[WC_AES_BLOCK_SIZE];
 
         GHASH(&aes->gcm, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
         wc_AesEncrypt(aes, ctr, EKY0);
@@ -14150,10 +23784,11 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     while (blocks--) {
         IncrementGcmCounter(ctr);
         wc_AesEncrypt(aes, ctr, scratch);
-        xorbuf(scratch, c, AES_BLOCK_SIZE);
-        XMEMCPY(p, scratch, AES_BLOCK_SIZE);
-        p += AES_BLOCK_SIZE;
-        c += AES_BLOCK_SIZE;
+#endif
+        xorbuf(scratch, c, WC_AES_BLOCK_SIZE);
+        XMEMCPY(p, scratch, WC_AES_BLOCK_SIZE);
+        p += WC_AES_BLOCK_SIZE;
+        c += WC_AES_BLOCK_SIZE;
     }
     if (partial != 0) {
         IncrementGcmCounter(ctr);
@@ -14172,20 +23807,19 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #endif /* HAVE_AES_DECRYPT */
 #endif /* HAVE_AESGCM */
 
-#endif /* aarch64 */
-
 #ifdef HAVE_AESGCM
 #ifdef WOLFSSL_AESGCM_STREAM
+#ifndef __aarch64__
     /* Access initialization counter data. */
-    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * AES_BLOCK_SIZE)
+    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE)
     /* Access counter data. */
-    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * AES_BLOCK_SIZE)
+    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE)
     /* Access tag data. */
-    #define AES_TAG(aes)            ((aes)->streamData + 2 * AES_BLOCK_SIZE)
+    #define AES_TAG(aes)            ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE)
     /* Access last GHASH block. */
-    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * AES_BLOCK_SIZE)
+    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE)
     /* Access last encrypted block. */
-    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * AES_BLOCK_SIZE)
+    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE)
 
 /* GHASH one block of data.
  *
@@ -14196,7 +23830,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  */
 #define GHASH_ONE_BLOCK(aes, block)                     \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE);    \
         GMULT(AES_TAG(aes), aes->gcm.H);                \
     }                                                   \
     while (0)
@@ -14209,7 +23843,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  */
 #define GHASH_LEN_BLOCK(aes)                    \
     do {                                        \
-        byte scratch[AES_BLOCK_SIZE];           \
+        byte scratch[WC_AES_BLOCK_SIZE];           \
         FlattenSzInBits(&scratch[0], aes->aSz); \
         FlattenSzInBits(&scratch[8], aes->cSz); \
         GHASH_ONE_BLOCK(aes, scratch);          \
@@ -14231,7 +23865,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
  */
 static void GHASH_INIT(Aes* aes) {
     /* Set tag to all zeros as initial value. */
-    XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+    XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE);
     /* Reset counts of AAD and cipher text. */
     aes->aOver = 0;
     aes->cOver = 0;
@@ -14258,14 +23892,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         /* Check if we have unprocessed data. */
         if (aes->aOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->aOver;
+            byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
             if (sz > aSz) {
                 sz = aSz;
             }
             /* Copy extra into last GHASH block array and update count. */
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
             aes->aOver += sz;
-            if (aes->aOver == AES_BLOCK_SIZE) {
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -14277,12 +23911,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of AAD and the leftover. */
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, a);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -14293,7 +23927,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
     if (aes->aOver > 0 && cSz > 0 && c != NULL) {
         /* No more AAD coming and we have a partial block. */
         /* Fill the rest of the block with zeros. */
-        byte sz = AES_BLOCK_SIZE - aes->aOver;
+        byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
         XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
         /* GHASH last AAD block. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
@@ -14307,14 +23941,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = WC_AES_BLOCK_SIZE - aes->cOver;
             if (sz > cSz) {
                 sz = cSz;
             }
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
             /* Update count of unused encrypted counter. */
             aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -14326,12 +23960,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of cipher text and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, c);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -14360,7 +23994,7 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     }
     if (over > 0) {
         /* Zeroize the unused part of the block. */
-        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, WC_AES_BLOCK_SIZE - over);
         /* Hash the last block of cipher text. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
     }
@@ -14378,14 +24012,14 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
  */
 static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
 {
-    ALIGN32 byte counter[AES_BLOCK_SIZE];
+    ALIGN32 byte counter[WC_AES_BLOCK_SIZE];
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -14393,17 +24027,27 @@ static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
     #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+    #ifdef __aarch64__
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    #else
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
         GMULT(counter, aes->gcm.H);
+    #endif
     #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
     #endif
     }
 
     /* Copy in the counter for use with cipher. */
-    XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE);
+    XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE);
     /* Encrypt initial counter into a buffer for GCM. */
+#ifdef __aarch64__
+    AES_encrypt_AARCH64(counter, AES_INITCTR(aes), (byte*)aes->key,
+        aes->rounds);
+#else
     wc_AesEncrypt(aes, counter, AES_INITCTR(aes));
+#endif
     /* Reset state fields. */
     aes->over = 0;
     aes->aSz = 0;
@@ -14428,12 +24072,12 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz)
 
     /* Check if previous encrypted block was not used up. */
     if (aes->over > 0) {
-        byte pSz = AES_BLOCK_SIZE - aes->over;
+        byte pSz = WC_AES_BLOCK_SIZE - aes->over;
         if (pSz > sz) pSz = sz;
 
         /* Use some/all of last encrypted block. */
         xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
-        aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1);
+        aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1);
 
         /* Some data used. */
         sz  -= pSz;
@@ -14443,27 +24087,37 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz)
 
     /* Calculate the number of blocks needing to be encrypted and any leftover.
      */
-    blocks  = sz / AES_BLOCK_SIZE;
-    partial = sz & (AES_BLOCK_SIZE - 1);
+    blocks  = sz / WC_AES_BLOCK_SIZE;
+    partial = sz & (WC_AES_BLOCK_SIZE - 1);
 
     /* Encrypt block by block. */
     while (blocks--) {
-        ALIGN32 byte scratch[AES_BLOCK_SIZE];
+        ALIGN32 byte scratch[WC_AES_BLOCK_SIZE];
         IncrementGcmCounter(AES_COUNTER(aes));
         /* Encrypt counter into a buffer. */
+    #ifdef __aarch64__
+        AES_encrypt_AARCH64(AES_COUNTER(aes), scratch, (byte*)aes->key,
+             aes->rounds);
+    #else
         wc_AesEncrypt(aes, AES_COUNTER(aes), scratch);
+    #endif
         /* XOR plain text into encrypted counter into cipher text buffer. */
-        xorbufout(out, scratch, in, AES_BLOCK_SIZE);
+        xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE);
         /* Data complete. */
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (partial != 0) {
         /* Generate an extra block and use up as much as needed. */
         IncrementGcmCounter(AES_COUNTER(aes));
         /* Encrypt counter into cache. */
+    #ifdef __aarch64__
+        AES_encrypt_AARCH64(AES_COUNTER(aes), AES_LASTBLOCK(aes),
+            (byte*)aes->key, (int)aes->rounds);
+    #else
         wc_AesEncrypt(aes, AES_COUNTER(aes), AES_LASTBLOCK(aes));
+    #endif
         /* XOR plain text into encrypted counter into cipher text buffer. */
         xorbufout(out, AES_LASTBLOCK(aes), in, partial);
         /* Keep amount of encrypted block used. */
@@ -14488,7 +24142,7 @@ static void AesGcmFinal_C(Aes* aes, byte* authTag, word32 authTagSz)
     aes->gcm.aadLen = aes->aSz;
 #endif
     /* Zeroize last block to protect sensitive data. */
-    ForceZero(AES_LASTBLOCK(aes), AES_BLOCK_SIZE);
+    ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE);
 }
 
 /* Initialize an AES GCM cipher for encryption or decryption.
@@ -14519,7 +24173,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
     if ((ret == 0) && (aes->streamData == NULL)) {
         /* Allocate buffers for streaming. */
-        aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap,
+        aes->streamData = (byte*)XMALLOC(5 * WC_AES_BLOCK_SIZE, aes->heap,
                                                               DYNAMIC_TYPE_AES);
         if (aes->streamData == NULL) {
             ret = MEMORY_E;
@@ -14534,7 +24188,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 
     if (ret == 0) {
         /* Set the IV passed in if it is smaller than a block. */
-        if ((iv != NULL) && (ivSz <= AES_BLOCK_SIZE)) {
+        if ((iv != NULL) && (ivSz <= WC_AES_BLOCK_SIZE)) {
             XMEMMOVE((byte*)aes->reg, iv, ivSz);
             aes->nonceSz = ivSz;
         }
@@ -14668,7 +24322,7 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -14779,7 +24433,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -14795,7 +24449,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
 
     if (ret == 0) {
         /* Calculate authentication tag and compare with one passed in.. */
-        ALIGN32 byte calcTag[AES_BLOCK_SIZE];
+        ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE];
         /* Calculate authentication tag. */
         AesGcmFinal_C(aes, calcTag, authTagSz);
         /* Check calculated tag matches the one passed in. */
@@ -14807,21 +24461,23 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
     return ret;
 }
 #endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */
+#endif /* !__aarch64__ */
 #endif /* WOLFSSL_AESGCM_STREAM */
 #endif /* HAVE_AESGCM */
 
 
 #ifdef HAVE_AESCCM
+#ifndef __aarch64__
 /* Software version of AES-CCM from wolfcrypt/src/aes.c
  * Gets some speed up from hardware acceleration of wc_AesEncrypt */
 
 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
-        xorbuf(out, in, AES_BLOCK_SIZE);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf(out, in, WC_AES_BLOCK_SIZE);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         wc_AesEncrypt(aes, out, out);
     }
@@ -14860,7 +24516,7 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
         return;
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -14884,7 +24540,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -14895,8 +24551,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte lenSz;
     word32 i;
     byte mask     = 0xFF;
@@ -14911,15 +24567,29 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -14932,20 +24602,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
     xorbuf(authTag, A, authTagSz);
 
     B[15] = 1;
-    while (inSz >= AES_BLOCK_SIZE) {
+    while (inSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(out, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(out, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        inSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -14953,8 +24623,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         XMEMCPY(out, A, inSz);
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -14965,8 +24635,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte* o;
     byte lenSz;
     word32 i, oSz;
@@ -14983,25 +24653,39 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
+            authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
 
-    while (oSz >= AES_BLOCK_SIZE) {
+    while (oSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(o, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(o, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        oSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        o += AES_BLOCK_SIZE;
+        oSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        o += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -15010,7 +24694,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
 
     o = out;
@@ -15022,7 +24706,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -15034,7 +24718,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, B);
     xorbuf(A, B, authTagSz);
 
@@ -15046,27 +24730,46 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         result = AES_CCM_AUTH_E;
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
     o = NULL;
 
     return result;
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* !__aarch64__ */
 #endif /* HAVE_AESCCM */
 
 
 
 #ifdef HAVE_AESGCM /* common GCM functions 32 and 64 bit */
+#if defined(__aarch64__)
+void AES_GCM_set_key_AARCH64(Aes* aes, byte* iv)
+{
+
+    AES_encrypt_AARCH64(iv, aes->gcm.H, (byte*)aes->key, aes->rounds);
+    {
+        word32* pt = (word32*)aes->gcm.H;
+        __asm__ volatile (
+            "LD1 {v0.16b}, [%[h]] \n"
+            "RBIT v0.16b, v0.16b \n"
+            "ST1 {v0.16b}, [%[out]] \n"
+            : [out] "=r" (pt)
+            : [h] "0" (pt)
+            : "cc", "memory", "v0"
+        );
+    }
+}
+#else
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     if (!((len == 16) || (len == 24) || (len == 32)))
         return BAD_FUNC_ARG;
 
-    XMEMSET(iv, 0, AES_BLOCK_SIZE);
+    XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 
     if (ret == 0) {
@@ -15075,19 +24778,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 #endif
 
         wc_AesEncrypt(aes, iv, aes->gcm.H);
-    #if defined(__aarch64__)
-        {
-            word32* pt = (word32*)aes->gcm.H;
-            __asm__ volatile (
-                "LD1 {v0.16b}, [%[h]] \n"
-                "RBIT v0.16b, v0.16b \n"
-                "ST1 {v0.16b}, [%[out]] \n"
-                : [out] "=r" (pt)
-                : [h] "0" (pt)
-                : "cc", "memory", "v0"
-            );
-        }
-    #else
         {
             word32* pt = (word32*)aes->gcm.H;
             __asm__ volatile (
@@ -15100,14 +24790,15 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
                 : "cc", "memory", "q0"
             );
         }
-    #endif
     }
 
     return ret;
 }
+#endif
 
 #endif /* HAVE_AESGCM */
 
+#ifndef __aarch64__
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
         /* Allow direct access to one block encrypt */
@@ -15131,6 +24822,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         }
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_DIRECT */
+#endif /* !__aarch64__ */
 
 #ifdef WOLFSSL_AES_XTS
 
@@ -15309,30 +25001,16 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
  * in    input plain text buffer to encrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
  */
-int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
-        const byte* i, word32 iSz)
+void AES_XTS_encrypt_AARCH64(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+        const byte* i)
 {
-    int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
-
-    if (xaes == NULL || out == NULL || in == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (iSz < AES_BLOCK_SIZE) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (blocks == 0) {
-        WOLFSSL_MSG("Plain text input too small for encryption");
-        return BAD_FUNC_ARG;
-    }
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
 
     __asm__ __volatile__ (
         "MOV x19, 0x87 \n"
@@ -15634,8 +25312,6 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
           "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23"
     );
-
-    return ret;
 }
 
 /* Same process as encryption but Aes key is AES_DECRYPTION type.
@@ -15645,31 +25321,17 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
  */
-int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
-        const byte* i, word32 iSz)
+void AES_XTS_decrypt_AARCH64(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+     const byte* i)
 {
-    int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
-    byte stl = (sz % AES_BLOCK_SIZE);
-
-    if (xaes == NULL || out == NULL || in == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (iSz < AES_BLOCK_SIZE) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (blocks == 0) {
-        WOLFSSL_MSG("Plain text input too small for encryption");
-        return BAD_FUNC_ARG;
-    }
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
+    byte stl = (sz % WC_AES_BLOCK_SIZE);
 
     /* if Stealing then break out of loop one block early to handle special
      * case */
@@ -15982,8 +25644,6 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
           "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23"
     );
-
-    return ret;
 }
 #else
 
@@ -16182,7 +25842,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input plain text buffer to encrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -16191,15 +25851,15 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i, word32 iSz)
 {
     int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
     word32* key2 = xaes->tweak.key;
 
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -16316,7 +25976,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -16325,16 +25985,16 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i, word32 iSz)
 {
     int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
-    byte stl = (sz % AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
+    byte stl = (sz % WC_AES_BLOCK_SIZE);
     word32* key2 = xaes->tweak.key;
 
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -16471,8 +26131,6 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 
 #else /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/aes.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -16493,17 +26151,21 @@ extern void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
 extern void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
 /* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. */
-extern void GCM_gmult_len(byte* x, /* const */ byte m[32][AES_BLOCK_SIZE],
+extern void GCM_gmult_len(byte* x, /* const */ byte m[32][WC_AES_BLOCK_SIZE],
     const unsigned char* data, unsigned long len);
+#endif
 extern void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 
+#ifndef __aarch64__
 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             const byte* iv, int dir)
 {
 #if defined(AES_MAX_KEY_SIZE)
     const word32 max_key_len = (AES_MAX_KEY_SIZE / 8);
+    word32 userKey_aligned[AES_MAX_KEY_SIZE / WOLFSSL_BIT_SIZE / sizeof(word32)];
 #endif
 
     if (((keylen != 16) && (keylen != 24) && (keylen != 32)) ||
@@ -16518,14 +26180,40 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     }
 #endif
 
-#ifdef WOLFSSL_AES_COUNTER
+#if !defined(AES_MAX_KEY_SIZE)
+    /* Check alignment */
+    if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    if (aes->devId != INVALID_DEVID) {
+        if (keylen > sizeof(aes->devKey)) {
+            return BAD_FUNC_ARG;
+        }
+        XMEMCPY(aes->devKey, userKey, keylen);
+    }
+#endif
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
-#endif /* WOLFSSL_AES_COUNTER */
+#endif
 
     aes->keylen = keylen;
     aes->rounds = keylen/4 + 6;
 
-    AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
+#if defined(AES_MAX_KEY_SIZE)
+    if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) {
+        XMEMCPY(userKey_aligned, userKey, keylen);
+        AES_set_encrypt_key((byte *)userKey_aligned, keylen * 8, (byte*)aes->key);
+    }
+    else
+#endif
+    {
+        AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
+    }
+
 #ifdef HAVE_AES_DECRYPT
     if (dir == AES_DECRYPTION) {
         AES_invert_key((byte*)aes->key, aes->rounds);
@@ -16552,9 +26240,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -16567,7 +26255,21 @@ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
-    AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE,
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            return ret_cb;
+        }
+        /* fall-through when unavailable */
+    }
+#endif
+
+    AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
 }
@@ -16581,7 +26283,20 @@ static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
-    AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE,
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
+    AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
 }
@@ -16627,7 +26342,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (sz == 0) {
         return 0;
     }
-    if (sz % AES_BLOCK_SIZE) {
+    if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
         return BAD_LENGTH_E;
 #else
@@ -16635,6 +26350,18 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16656,7 +26383,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (sz == 0) {
         return 0;
     }
-    if (sz % AES_BLOCK_SIZE) {
+    if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
         return BAD_LENGTH_E;
 #else
@@ -16664,6 +26391,18 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
+
     AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16686,8 +26425,20 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E);
         return KEYUSAGE_E;
     }
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
 
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     /* consume any unused bytes left in aes->tmp */
     while ((aes->left != 0) && (sz != 0)) {
        *(out++) = *(in++) ^ *(tmp++);
@@ -16696,25 +26447,25 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* do as many block size ops as possible */
-    numBlocks = sz / AES_BLOCK_SIZE;
+    numBlocks = sz / WC_AES_BLOCK_SIZE;
     if (numBlocks > 0) {
-        AES_CTR_encrypt(in, out, numBlocks * AES_BLOCK_SIZE, (byte*)aes->key,
+        AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE, (byte*)aes->key,
             aes->rounds, (byte*)aes->reg);
 
-        sz  -= numBlocks * AES_BLOCK_SIZE;
-        out += numBlocks * AES_BLOCK_SIZE;
-        in  += numBlocks * AES_BLOCK_SIZE;
+        sz  -= numBlocks * WC_AES_BLOCK_SIZE;
+        out += numBlocks * WC_AES_BLOCK_SIZE;
+        in  += numBlocks * WC_AES_BLOCK_SIZE;
     }
 
     /* handle non block size remaining */
     if (sz) {
-        byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
+        byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
                                        0, 0, 0, 0, 0, 0, 0, 0 };
 
-        AES_CTR_encrypt(zeros, (byte*)aes->tmp, AES_BLOCK_SIZE, (byte*)aes->key,
+        AES_CTR_encrypt(zeros, (byte*)aes->tmp, WC_AES_BLOCK_SIZE, (byte*)aes->key,
             aes->rounds, (byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -16740,10 +26491,10 @@ int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
-        xorbuf(out, in, AES_BLOCK_SIZE);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf(out, in, WC_AES_BLOCK_SIZE);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         wc_AesEncrypt(aes, out, out);
     }
@@ -16782,7 +26533,7 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
         return;
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -16806,7 +26557,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -16817,31 +26568,33 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte lenSz;
     word32 i;
     byte mask     = 0xFF;
     word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
-    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    if (aes == NULL || out == NULL || ((inSz > 0) && (in == NULL)) ||
+        nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    {
         return BAD_FUNC_ARG;
+    }
 
     if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
         return BAD_FUNC_ARG;
     }
 
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -16854,20 +26607,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
     xorbuf(authTag, A, authTagSz);
 
     B[15] = 1;
-    while (inSz >= AES_BLOCK_SIZE) {
+    while (inSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(out, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(out, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        inSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -16875,8 +26628,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         XMEMCPY(out, A, inSz);
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -16887,8 +26640,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte* o;
     byte lenSz;
     word32 i, oSz;
@@ -16897,9 +26650,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
-    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    if (aes == NULL || out == NULL || ((inSz > 0) && (in == NULL)) ||
+        nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    {
         return BAD_FUNC_ARG;
+    }
 
     if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
         return BAD_FUNC_ARG;
@@ -16908,22 +26663,22 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
 
-    while (oSz >= AES_BLOCK_SIZE) {
+    while (oSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(o, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(o, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        oSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        o += AES_BLOCK_SIZE;
+        oSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        o += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -16932,7 +26687,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
 
     o = out;
@@ -16944,7 +26699,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -16956,7 +26711,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, B);
     xorbuf(A, B, authTagSz);
 
@@ -16968,8 +26723,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         result = AES_CCM_AUTH_E;
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
     o = NULL;
 
     return result;
@@ -16984,7 +26739,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
     int carryIn = 0;
     byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
 
-    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
         int carryOut = (x[i] & 0x01) << 7;
         x[i] = (byte) ((x[i] >> 1) | carryIn);
         carryIn = carryOut;
@@ -16992,53 +26747,68 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
     x[0] ^= borrow;
 }
 
-void GenerateM0(Gcm* gcm)
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+
+#if defined(__aarch64__) && !defined(BIG_ENDIAN_ORDER)
+static WC_INLINE void Shift4_M0(byte *r8, byte *z8)
 {
     int i;
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    for (i = 15; i > 0; i--)
+        r8[i] = (byte)(z8[i-1] << 4) | (byte)(z8[i] >> 4);
+    r8[0] = (byte)(z8[0] >> 4);
+}
+#endif
+
+void GenerateM0(Gcm* gcm)
+{
+#if !defined(__aarch64__) || !defined(BIG_ENDIAN_ORDER)
+    int i;
+#endif
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
     /* 0 times -> 0x0 */
-    XMEMSET(m[0x0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE);
     /* 1 times -> 0x8 */
-    XMEMCPY(m[0x8], gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(m[0x8], gcm->H, WC_AES_BLOCK_SIZE);
     /* 2 times -> 0x4 */
-    XMEMCPY(m[0x4], m[0x8], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x4], m[0x8], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x4]);
     /* 4 times -> 0x2 */
-    XMEMCPY(m[0x2], m[0x4], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x2], m[0x4], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x2]);
     /* 8 times -> 0x1 */
-    XMEMCPY(m[0x1], m[0x2], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x1], m[0x2], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x1]);
 
     /* 0x3 */
-    XMEMCPY(m[0x3], m[0x2], AES_BLOCK_SIZE);
-    xorbuf (m[0x3], m[0x1], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x3], m[0x2], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x3], m[0x1], WC_AES_BLOCK_SIZE);
 
     /* 0x5 -> 0x7 */
-    XMEMCPY(m[0x5], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x5], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x6], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x6], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x7], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x7], m[0x3], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x5], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x5], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x6], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x6], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x7], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x7], m[0x3], WC_AES_BLOCK_SIZE);
 
     /* 0x9 -> 0xf */
-    XMEMCPY(m[0x9], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0x9], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xa], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xa], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xb], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xb], m[0x3], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xc], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xc], m[0x4], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xd], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xd], m[0x5], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xe], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xe], m[0x6], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xf], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xf], m[0x7], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x9], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x9], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xa], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xa], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xb], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xb], m[0x3], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xc], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xc], m[0x4], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xd], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xd], m[0x5], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xe], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xe], m[0x6], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE);
 
+#ifndef __aarch64__
     for (i = 0; i < 16; i++) {
         word32* m32 = (word32*)gcm->M0[i];
         m32[0] = ByteReverseWord32(m32[0]);
@@ -17046,12 +26816,18 @@ void GenerateM0(Gcm* gcm)
         m32[2] = ByteReverseWord32(m32[2]);
         m32[3] = ByteReverseWord32(m32[3]);
     }
+#elif !defined(BIG_ENDIAN_ORDER)
+    for (i = 0; i < 16; i++) {
+        Shift4_M0(m[16+i], m[i]);
+    }
+#endif
 }
+#endif /* GCM_TABLE */
 
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     if (aes == NULL) {
         return BAD_FUNC_ARG;
@@ -17061,28 +26837,39 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(iv, 0, AES_BLOCK_SIZE);
+
+    #ifdef WOLF_CRYPTO_CB
+        if (aes->devId != INVALID_DEVID) {
+            XMEMCPY(aes->devKey, key, len);
+        }
+    #endif
+
+    XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 
     if (ret == 0) {
-        AES_ECB_encrypt(iv, aes->gcm.H, AES_BLOCK_SIZE,
+        AES_ECB_encrypt(iv, aes->gcm.H, WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds);
-        GenerateM0(&aes->gcm);
+        #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+            GenerateM0(&aes->gcm);
+        #endif /* GCM_TABLE */
     }
 
     return ret;
 }
 
+#ifndef __aarch64__
 static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
 {
     int i;
 
     /* in network byte order so start at end and work back */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
 }
+#endif
 
 static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
 {
@@ -17101,53 +26888,91 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
     buf[7] = sz & 0xff;
 }
 
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+    /* GCM_gmult_len implementation in armv8-32-aes-asm or thumb2-aes-asm */
+    #define GCM_GMULT_LEN(aes, x, a, len) GCM_gmult_len(x, aes->gcm.M0, a, len)
+#elif defined(GCM_SMALL)
+    static void GCM_gmult_len(byte* x, const byte* h,
+        const unsigned char* a, unsigned long len)
+    {
+        byte Z[WC_AES_BLOCK_SIZE];
+        byte V[WC_AES_BLOCK_SIZE];
+        int i, j;
+
+        while (len >= WC_AES_BLOCK_SIZE) {
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
+
+            XMEMSET(Z, 0, WC_AES_BLOCK_SIZE);
+            XMEMCPY(V, x, WC_AES_BLOCK_SIZE);
+            for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
+                byte y = h[i];
+                for (j = 0; j < 8; j++) {
+                    if (y & 0x80) {
+                        xorbuf(Z, V, WC_AES_BLOCK_SIZE);
+                    }
+
+                    RIGHTSHIFTX(V);
+                    y = y << 1;
+                }
+            }
+            XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
+
+            len -= WC_AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
+        }
+    }
+    #define GCM_GMULT_LEN(aes, x, a, len) GCM_gmult_len(x, aes->gcm.H, a, len)
+#else
+    #error ARMv8 AES only supports GCM_TABLE or GCM_TABLE_4BIT or GCM_SMALL
+#endif /* GCM_TABLE */
+
 static void gcm_ghash_arm32(Aes* aes, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
     if (aes == NULL) {
         return;
     }
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, a, blocks * AES_BLOCK_SIZE);
-            a += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, a, blocks * WC_AES_BLOCK_SIZE);
+            a += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, c, blocks * AES_BLOCK_SIZE);
-            c += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, c, blocks * WC_AES_BLOCK_SIZE);
+            c += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
 
     /* Copy the result into s. */
     XMEMCPY(s, x, sSz);
@@ -17160,10 +26985,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 {
     word32 blocks;
     word32 partial;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     /* sanity checks */
     if (aes == NULL || (iv == NULL && ivSz > 0) || (authTag == NULL) ||
@@ -17172,7 +26997,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > AES_BLOCK_SIZE) {
+    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("GcmEncrypt authTagSz error");
         return BAD_FUNC_ARG;
     }
@@ -17182,69 +27007,83 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return KEYUSAGE_E;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag,
+                                      authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter, WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(counter, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(counter, initialCounter, WC_AES_BLOCK_SIZE);
 
     /* Hash in the Additional Authentication Data */
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
     if (authInSz != 0 && authIn != NULL) {
-        blocks = authInSz / AES_BLOCK_SIZE;
-        partial = authInSz % AES_BLOCK_SIZE;
+        blocks = authInSz / WC_AES_BLOCK_SIZE;
+        partial = authInSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, authIn, blocks * AES_BLOCK_SIZE);
-            authIn += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, authIn, blocks * WC_AES_BLOCK_SIZE);
+            authIn += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, authIn, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
     /* do as many blocks as possible */
-    blocks = sz / AES_BLOCK_SIZE;
-    partial = sz % AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
+    partial = sz % WC_AES_BLOCK_SIZE;
     if (blocks > 0) {
-        AES_GCM_encrypt(in, out, blocks * AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
-        GCM_gmult_len(x, aes->gcm.M0, out, blocks * AES_BLOCK_SIZE);
-        in += blocks * AES_BLOCK_SIZE;
-        out += blocks * AES_BLOCK_SIZE;
+        GCM_GMULT_LEN(aes, x, out, blocks * WC_AES_BLOCK_SIZE);
+        in += blocks * WC_AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
     }
 
     /* take care of partial block sizes leftover */
     if (partial != 0) {
-        AES_GCM_encrypt(in, scratch, AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
         XMEMCPY(out, scratch, partial);
 
-        XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+        XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(scratch, out, partial);
-        GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
     }
 
     /* Hash in the lengths of A and C in bits */
-    XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+    XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
     FlattenSzInBits(&scratch[0], authInSz);
     FlattenSzInBits(&scratch[8], sz);
-    GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
-    if (authTagSz > AES_BLOCK_SIZE) {
-        XMEMCPY(authTag, x, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
+    if (authTagSz > WC_AES_BLOCK_SIZE) {
+        XMEMCPY(authTag, x, WC_AES_BLOCK_SIZE);
     }
     else {
-        /* authTagSz can be smaller than AES_BLOCK_SIZE */
+        /* authTagSz can be smaller than WC_AES_BLOCK_SIZE */
         XMEMCPY(authTag, x, authTagSz);
     }
 
     /* Auth tag calculation. */
-    AES_ECB_encrypt(initialCounter, scratch, AES_BLOCK_SIZE,
+    AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     xorbuf(authTag, scratch, authTagSz);
 
@@ -17257,71 +27096,85 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 {
     word32 blocks;
     word32 partial;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
-    byte x[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
 
     /* sanity checks */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0) {
         WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter, WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(counter, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(counter, initialCounter, WC_AES_BLOCK_SIZE);
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
     /* Hash in the Additional Authentication Data */
     if (authInSz != 0 && authIn != NULL) {
-        blocks = authInSz / AES_BLOCK_SIZE;
-        partial = authInSz % AES_BLOCK_SIZE;
+        blocks = authInSz / WC_AES_BLOCK_SIZE;
+        partial = authInSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_gmult_len(x, aes->gcm.M0, authIn, blocks * AES_BLOCK_SIZE);
-            authIn += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, authIn, blocks * WC_AES_BLOCK_SIZE);
+            authIn += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, authIn, partial);
-            GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
-    partial = sz % AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
+    partial = sz % WC_AES_BLOCK_SIZE;
     /* do as many blocks as possible */
     if (blocks > 0) {
-        GCM_gmult_len(x, aes->gcm.M0, in, blocks * AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, in, blocks * WC_AES_BLOCK_SIZE);
 
-        AES_GCM_encrypt(in, out, blocks * AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
-        in += blocks * AES_BLOCK_SIZE;
-        out += blocks * AES_BLOCK_SIZE;
+        in += blocks * WC_AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
     }
     if (partial != 0) {
-        XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+        XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(scratch, in, partial);
-        GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
 
-        AES_GCM_encrypt(in, scratch, AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
         XMEMCPY(out, scratch, partial);
     }
 
-    XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+    XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
     FlattenSzInBits(&scratch[0], authInSz);
     FlattenSzInBits(&scratch[8], sz);
-    GCM_gmult_len(x, aes->gcm.M0, scratch, AES_BLOCK_SIZE);
-    AES_ECB_encrypt(initialCounter, scratch, AES_BLOCK_SIZE,
+    GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
+    AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     xorbuf(x, scratch, authTagSz);
     if (authTag != NULL) {
@@ -17333,6 +27186,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return 0;
 }
 #endif /* HAVE_AESGCM */
+#endif /* !__aarch64__ */
 
 #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 #endif /* !NO_AES && WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c
index 94e645049..afb62c4fb 100644
--- a/wolfcrypt/src/port/arm/armv8-chacha.c
+++ b/wolfcrypt/src/port/arm/armv8-chacha.c
@@ -1,6 +1,6 @@
 /* armv8-chacha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,7 +29,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)
+#if defined(WOLFSSL_ARMASM)
 #ifdef HAVE_CHACHA
 
 #include <wolfssl/wolfcrypt/chacha.h>
@@ -73,15 +73,43 @@
   * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
   * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
   */
-int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter)
 {
+#ifndef __aarch64__
+    int ret = 0;
+#ifdef CHACHA_AEAD_TEST
+    word32 i;
+
+    printf("NONCE : ");
+    if (iv != NULL) {
+        for (i = 0; i < CHACHA_IV_BYTES; i++) {
+            printf("%02x", iv[i]);
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (iv == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* No unused bytes to XOR into input. */
+        ctx->left = 0;
+
+        /* Set counter and IV into state. */
+        wc_chacha_setiv(ctx->X, iv, counter);
+    }
+
+    return ret;
+#else
     word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
 
 #ifdef CHACHA_AEAD_TEST
     word32 i;
     printf("NONCE : ");
     for (i = 0; i < CHACHA_IV_BYTES; i++) {
-        printf("%02x", inIv[i]);
+        printf("%02x", iv[i]);
     }
     printf("\n\n");
 #endif
@@ -89,7 +117,7 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
-    XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
+    XMEMCPY(temp, iv, CHACHA_IV_BYTES);
 
     ctx->left = 0;
     ctx->X[CHACHA_IV_BYTES+0] = counter;           /* block counter */
@@ -98,18 +126,54 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
     ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */
 
     return 0;
+#endif
 }
 
+#ifdef __aarch64__
 /* "expand 32-byte k" as unsigned 32 byte */
 static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
 /* "expand 16-byte k" as unsigned 16 byte */
 static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
+#endif
 
 /**
   * Key setup. 8 word iv (nonce)
   */
 int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
 {
+#ifndef __aarch64__
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    printf("ChaCha key used :\n");
+    if (key != NULL) {
+        word32 i;
+        for (i = 0; i < keySz; i++) {
+            printf("%02x", key[i]);
+            if ((i % 8) == 7)
+               printf("\n");
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) &&
+             (keySz !=  CHACHA_MAX_KEY_SZ     )) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ctx->left = 0;
+
+        wc_chacha_setkey(ctx->X, key, keySz);
+    }
+
+    return ret;
+#else
     const word32* constants;
     const byte*   k;
 
@@ -169,8 +233,10 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     ctx->left = 0;
 
     return 0;
+#endif
 }
 
+#ifndef WOLFSSL_ARMASM_NO_NEON
 static const word32 L_chacha20_neon_inc_first_word[] = {
     0x1,
     0x0,
@@ -1666,7 +1732,10 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q6, q6, q12 \n\t"
         "VADD.I32 q7, q7, q13 \n\t"
 
-        "VLDM %[m], { q8-q15 } \n\t"
+        "VLD1.8 { q8, q9 }, [%[m]]! \n\t"
+        "VLD1.8 { q10, q11 }, [%[m]]! \n\t"
+        "VLD1.8 { q12, q13 }, [%[m]]! \n\t"
+        "VLD1.8 { q14, q15 }, [%[m]]! \n\t"
         "VEOR q0, q0, q8 \n\t"
         "VEOR q1, q1, q9 \n\t"
         "VEOR q2, q2, q10 \n\t"
@@ -1675,7 +1744,10 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VEOR q5, q5, q13 \n\t"
         "VEOR q6, q6, q14 \n\t"
         "VEOR q7, q7, q15 \n\t"
-        "VSTM %[c], { q0-q7 } \n\t"
+        "VST1.8 { q0, q1 }, [%[c]]! \n\t"
+        "VST1.8 { q2, q3 }, [%[c]]! \n\t"
+        "VST1.8 { q4, q5 }, [%[c]]! \n\t"
+        "VST1.8 { q6, q7 }, [%[c]]! \n\t"
 
         : [c] "+r" (c), [m] "+r" (m)
         : [rounds] "I" (ROUNDS/2), [input] "r" (input),
@@ -2725,14 +2797,14 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         "CMP        %[bytes], #64        \n\t"
         "BLT        L_chacha20_arm32_64_lt_64_%= \n\t"
         /* XOR full 64 byte block */
-        "VLDM       %[m], { q4-q7 }      \n\t"
-        "ADD        %[m], %[m], #64      \n\t"
+        "VLD1.8     { q4, q5 }, [%[m]]!  \n\t"
+        "VLD1.8     { q6, q7 }, [%[m]]!  \n\t"
         "VEOR       q0, q0, q4           \n\t"
         "VEOR       q1, q1, q5           \n\t"
         "VEOR       q2, q2, q6           \n\t"
         "VEOR       q3, q3, q7           \n\t"
-        "VSTM       %[c], { q0-q3 }      \n\t"
-        "ADD        %[c], %[c], #64      \n\t"
+        "VST1.8     { q0, q1 }, [%[c]]!  \n\t"
+        "VST1.8     { q2, q3 }, [%[c]]!  \n\t"
         "SUBS       %[bytes], %[bytes], #64 \n\t"
         "VADD.I32   q11, q11, q14        \n\t"
         "BNE        L_chacha20_arm32_64_outer_loop_%= \n\t"
@@ -2743,12 +2815,10 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         /* XOR 32 bytes */
         "CMP        %[bytes], #32        \n\t"
         "BLT        L_chacha20_arm32_64_lt_32_%= \n\t"
-        "VLDM       %[m], { q4-q5 }      \n\t"
-        "ADD        %[m], %[m], #32      \n\t"
+        "VLD1.8     { q4, q5 }, [%[m]]!  \n\t"
         "VEOR       q4, q4, q0           \n\t"
         "VEOR       q5, q5, q1           \n\t"
-        "VSTM       %[c], { q4-q5 }      \n\t"
-        "ADD        %[c], %[c], #32      \n\t"
+        "VST1.8     { q4, q5 }, [%[c]]!  \n\t"
         "SUBS       %[bytes], %[bytes], #32 \n\t"
         "VMOV       q0, q2               \n\t"
         "VMOV       q1, q3               \n\t"
@@ -2758,11 +2828,9 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         /* XOR 16 bytes */
         "CMP        %[bytes], #16        \n\t"
         "BLT        L_chacha20_arm32_64_lt_16_%= \n\t"
-        "VLDM       %[m], { q4 }         \n\t"
-        "ADD        %[m], %[m], #16      \n\t"
+        "VLD1.8     { q4 }, [%[m]]!      \n\t"
         "VEOR       q4, q4, q0           \n\t"
-        "VSTM       %[c], { q4 }         \n\t"
-        "ADD        %[c], %[c], #16      \n\t"
+        "VST1.8     { q4 }, [%[c]]!      \n\t"
         "SUBS       %[bytes], %[bytes], #16 \n\t"
         "VMOV       q0, q1               \n\t"
         "BEQ        L_chacha20_arm32_64_done_%= \n\t"
@@ -2771,9 +2839,9 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         /* XOR 8 bytes */
         "CMP        %[bytes], #8         \n\t"
         "BLT        L_chacha20_arm32_64_lt_8_%= \n\t"
-        "VLD1.64    { d8 }, [%[m]]!      \n\t"
+        "VLD1.8     { d8 }, [%[m]]!      \n\t"
         "VEOR       d8, d8, d0           \n\t"
-        "VST1.64    { d8 }, [%[c]]!      \n\t"
+        "VST1.8     { d8 }, [%[c]]!      \n\t"
         "SUBS       %[bytes], %[bytes], #8 \n\t"
         "VMOV       d0, d1               \n\t"
         "BEQ        L_chacha20_arm32_64_done_%= \n\t"
@@ -2813,7 +2881,6 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
 }
 
 
-
 /**
   * Encrypt a stream of bytes
   */
@@ -2860,40 +2927,68 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
     }
 }
+#endif
 
 /**
   * API to encrypt/decrypt a message of any size.
   */
 int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
-                      word32 msglen)
+    word32 len)
 {
+#ifdef WOLFSSL_ARMASM_NO_NEON
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Handle left over bytes from last block. */
+    if ((ret == 0) && (len > 0) && (ctx->left > 0)) {
+        byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;
+        word32 l = min(len, ctx->left);
+
+        wc_chacha_use_over(over, output, input, l);
+
+        ctx->left -= l;
+        input += l;
+        output += l;
+        len -= l;
+    }
+
+    if ((ret == 0) && (len != 0)) {
+        wc_chacha_crypt_bytes(ctx, output, input, len);
+    }
+
+    return ret;
+#else
     if (ctx == NULL || output == NULL || input == NULL)
         return BAD_FUNC_ARG;
 
     /* handle left overs */
-    if (msglen > 0 && ctx->left > 0) {
+    if (len > 0 && ctx->left > 0) {
         byte*  out;
         word32 i;
 
         out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
-        for (i = 0; i < msglen && i < ctx->left; i++) {
+        for (i = 0; i < len && i < ctx->left; i++) {
             output[i] = (byte)(input[i] ^ out[i]);
         }
         ctx->left -= i;
 
-        msglen -= i;
+        len -= i;
         output += i;
         input += i;
     }
 
-    if (msglen == 0) {
+    if (len == 0) {
         return 0;
     }
 
-    wc_Chacha_encrypt_bytes(ctx, input, output, msglen);
+    wc_Chacha_encrypt_bytes(ctx, input, output, len);
 
     return 0;
+#endif
 }
 
 #endif /* HAVE_CHACHA */
-#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
+#endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S
index 3f04ce87a..fdfcbec32 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-curve25519.S
@@ -1,6 +1,6 @@
 /* armv8-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -337,8 +337,7 @@ _fe_cmov_table:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -546,8 +545,7 @@ _fe_cmov_table:
 	stp	x10, x11, [x0, #48]
 	stp	x12, x13, [x0, #64]
 	stp	x14, x15, [x0, #80]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -573,8 +571,7 @@ _fe_mul:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-64]!
 	add	x29, sp, #0
-	str	x17, [x29, #24]
-	str	x19, [x29, #32]
+	stp	x17, x19, [x29, #24]
 	stp	x20, x21, [x29, #40]
 	str	x22, [x29, #56]
 	# Multiply
@@ -703,8 +700,7 @@ _fe_mul:
 	# Store
 	stp	x6, x7, [x0]
 	stp	x8, x9, [x0, #16]
-	ldr	x17, [x29, #24]
-	ldr	x19, [x29, #32]
+	ldp	x17, x19, [x29, #24]
 	ldp	x20, x21, [x29, #40]
 	ldr	x22, [x29, #56]
 	ldp	x29, x30, [sp], #0x40
@@ -835,8 +831,7 @@ _fe_invert:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-176]!
 	add	x29, sp, #0
-	str	x17, [x29, #160]
-	str	x20, [x29, #168]
+	stp	x17, x20, [x29, #160]
 	# Invert
 	str	x0, [x29, #144]
 	str	x1, [x29, #152]
@@ -1694,8 +1689,7 @@ L_fe_invert8:
 #else
 	bl	_fe_mul
 #endif /* __APPLE__ */
-	ldr	x17, [x29, #160]
-	ldr	x20, [x29, #168]
+	ldp	x17, x20, [x29, #160]
 	ldp	x29, x30, [sp], #0xb0
 	ret
 #ifndef __APPLE__
@@ -1715,8 +1709,7 @@ _curve25519:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-288]!
 	add	x29, sp, #0
-	str	x17, [x29, #200]
-	str	x19, [x29, #208]
+	stp	x17, x19, [x29, #200]
 	stp	x20, x21, [x29, #216]
 	stp	x22, x23, [x29, #232]
 	stp	x24, x25, [x29, #248]
@@ -3801,8 +3794,7 @@ L_curve25519_inv_8:
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
 	mov	x0, xzr
-	ldr	x17, [x29, #200]
-	ldr	x19, [x29, #208]
+	ldp	x17, x19, [x29, #200]
 	ldp	x20, x21, [x29, #216]
 	ldp	x22, x23, [x29, #232]
 	ldp	x24, x25, [x29, #248]
@@ -3828,8 +3820,7 @@ _fe_pow22523:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #128]
-	str	x23, [x29, #136]
+	stp	x17, x23, [x29, #128]
 	# pow22523
 	str	x0, [x29, #112]
 	str	x1, [x29, #120]
@@ -4619,8 +4610,7 @@ L_fe_pow22523_7:
 #else
 	bl	_fe_mul
 #endif /* __APPLE__ */
-	ldr	x17, [x29, #128]
-	ldr	x23, [x29, #136]
+	ldp	x17, x23, [x29, #128]
 	ldp	x29, x30, [sp], #0x90
 	ret
 #ifndef __APPLE__
@@ -4640,8 +4630,7 @@ _ge_p1p1_to_p2:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-80]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	str	x22, [x29, #72]
 	str	x0, [x29, #16]
@@ -5002,8 +4991,7 @@ _ge_p1p1_to_p2:
 	# Store
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldr	x22, [x29, #72]
 	ldp	x29, x30, [sp], #0x50
@@ -5025,8 +5013,7 @@ _ge_p1p1_to_p3:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-112]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -5505,8 +5492,7 @@ _ge_p1p1_to_p3:
 	# Store
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -5530,8 +5516,7 @@ _ge_p2_dbl:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -5986,8 +5971,7 @@ _ge_p2_dbl:
 	sbc	x7, x7, xzr
 	stp	x4, x5, [x0]
 	stp	x6, x7, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -6012,8 +5996,7 @@ _ge_madd:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -6503,8 +6486,7 @@ _ge_madd:
 	stp	x10, x11, [x0, #16]
 	stp	x4, x5, [x1]
 	stp	x6, x7, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -6529,8 +6511,7 @@ _ge_msub:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -7020,8 +7001,7 @@ _ge_msub:
 	stp	x10, x11, [x0, #16]
 	stp	x4, x5, [x1]
 	stp	x6, x7, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -7046,8 +7026,7 @@ _ge_add:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -7663,8 +7642,7 @@ _ge_add:
 	stp	x23, x24, [x0, #16]
 	stp	x12, x13, [x1]
 	stp	x14, x15, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -7689,8 +7667,7 @@ _ge_sub:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -8321,8 +8298,7 @@ _ge_sub:
 	stp	x14, x15, [x0, #16]
 	stp	x21, x22, [x1]
 	stp	x23, x24, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -8347,8 +8323,7 @@ _sc_reduce:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-64]!
 	add	x29, sp, #0
-	str	x17, [x29, #16]
-	str	x19, [x29, #24]
+	stp	x17, x19, [x29, #16]
 	stp	x20, x21, [x29, #32]
 	stp	x22, x23, [x29, #48]
 	ldp	x2, x3, [x0]
@@ -8525,8 +8500,7 @@ _sc_reduce:
 	# Store result
 	stp	x2, x3, [x0]
 	stp	x4, x5, [x0, #16]
-	ldr	x17, [x29, #16]
-	ldr	x19, [x29, #24]
+	ldp	x17, x19, [x29, #16]
 	ldp	x20, x21, [x29, #32]
 	ldp	x22, x23, [x29, #48]
 	ldp	x29, x30, [sp], #0x40
@@ -8548,8 +8522,7 @@ _sc_muladd:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-96]!
 	add	x29, sp, #0
-	str	x17, [x29, #24]
-	str	x19, [x29, #32]
+	stp	x17, x19, [x29, #24]
 	stp	x20, x21, [x29, #40]
 	stp	x22, x23, [x29, #56]
 	stp	x24, x25, [x29, #72]
@@ -8824,8 +8797,7 @@ _sc_muladd:
 	# Store result
 	stp	x4, x5, [x0]
 	stp	x6, x7, [x0, #16]
-	ldr	x17, [x29, #24]
-	ldr	x19, [x29, #32]
+	ldp	x17, x19, [x29, #24]
 	ldp	x20, x21, [x29, #40]
 	ldp	x22, x23, [x29, #56]
 	ldp	x24, x25, [x29, #72]
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
index c9a98222e..55023b26b 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
@@ -1,6 +1,6 @@
 /* armv8-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -234,7 +234,7 @@ int fe_isnonzero(const fe a)
         :
         : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 int fe_isnegative(const fe a)
@@ -253,7 +253,7 @@ int fe_isnegative(const fe a)
         :
         : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 void fe_cmov_table(fe* r, fe* base, signed char b)
@@ -3683,7 +3683,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         :
         : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #ifdef HAVE_ED25519
diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-kyber-asm.S
new file mode 100644
index 000000000..dee9a168a
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-kyber-asm.S
@@ -0,0 +1,12032 @@
+/* armv8-kyber-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-kyber-asm.S
+ */
+#ifdef WOLFSSL_ARMASM
+#ifdef __aarch64__
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_q, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_q, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_q:
+	.short	0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_consts, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_consts, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_consts:
+	.short	0x0d01,0xf301,0x4ebf,0x0549,0x5049,0x0000,0x0000,0x0000
+#ifndef __APPLE__
+	.text
+	.type	L_sha3_aarch64_r, %object
+	.section	.rodata
+	.size	L_sha3_aarch64_r, 192
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	3
+#else
+	.p2align	3
+#endif /* __APPLE__ */
+L_sha3_aarch64_r:
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
+	.xword	0x800000000000808a
+	.xword	0x8000000080008000
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
+	.xword	0x8000000080008081
+	.xword	0x8000000000008009
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
+	.xword	0x800000000000008b
+	.xword	0x8000000000008089
+	.xword	0x8000000000008003
+	.xword	0x8000000000008002
+	.xword	0x8000000000000080
+	.xword	0x000000000000800a
+	.xword	0x800000008000000a
+	.xword	0x8000000080008081
+	.xword	0x8000000000008080
+	.xword	0x0000000080000001
+	.xword	0x8000000080008008
+#ifdef WOLFSSL_WC_KYBER
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas:
+	.short	0x08ed,0x0a0b,0x0b9a,0x0714,0x05d5,0x058e,0x011f,0x00ca
+	.short	0x0c56,0x026e,0x0629,0x00b6,0x03c2,0x084f,0x073f,0x05bc
+	.short	0x023d,0x07d4,0x0108,0x017f,0x09c4,0x05b2,0x06bf,0x0c7f
+	.short	0x0a58,0x03f9,0x02dc,0x0260,0x06fb,0x019b,0x0c34,0x06de
+	.short	0x04c7,0x04c7,0x04c7,0x04c7,0x028c,0x028c,0x028c,0x028c
+	.short	0x0ad9,0x0ad9,0x0ad9,0x0ad9,0x03f7,0x03f7,0x03f7,0x03f7
+	.short	0x07f4,0x07f4,0x07f4,0x07f4,0x05d3,0x05d3,0x05d3,0x05d3
+	.short	0x0be7,0x0be7,0x0be7,0x0be7,0x06f9,0x06f9,0x06f9,0x06f9
+	.short	0x0204,0x0204,0x0204,0x0204,0x0cf9,0x0cf9,0x0cf9,0x0cf9
+	.short	0x0bc1,0x0bc1,0x0bc1,0x0bc1,0x0a67,0x0a67,0x0a67,0x0a67
+	.short	0x06af,0x06af,0x06af,0x06af,0x0877,0x0877,0x0877,0x0877
+	.short	0x007e,0x007e,0x007e,0x007e,0x05bd,0x05bd,0x05bd,0x05bd
+	.short	0x09ac,0x09ac,0x09ac,0x09ac,0x0ca7,0x0ca7,0x0ca7,0x0ca7
+	.short	0x0bf2,0x0bf2,0x0bf2,0x0bf2,0x033e,0x033e,0x033e,0x033e
+	.short	0x006b,0x006b,0x006b,0x006b,0x0774,0x0774,0x0774,0x0774
+	.short	0x0c0a,0x0c0a,0x0c0a,0x0c0a,0x094a,0x094a,0x094a,0x094a
+	.short	0x0b73,0x0b73,0x0b73,0x0b73,0x03c1,0x03c1,0x03c1,0x03c1
+	.short	0x071d,0x071d,0x071d,0x071d,0x0a2c,0x0a2c,0x0a2c,0x0a2c
+	.short	0x01c0,0x01c0,0x01c0,0x01c0,0x08d8,0x08d8,0x08d8,0x08d8
+	.short	0x02a5,0x02a5,0x02a5,0x02a5,0x0806,0x0806,0x0806,0x0806
+	.short	0x08b2,0x08b2,0x01ae,0x01ae,0x022b,0x022b,0x034b,0x034b
+	.short	0x081e,0x081e,0x0367,0x0367,0x060e,0x060e,0x0069,0x0069
+	.short	0x01a6,0x01a6,0x024b,0x024b,0x00b1,0x00b1,0x0c16,0x0c16
+	.short	0x0bde,0x0bde,0x0b35,0x0b35,0x0626,0x0626,0x0675,0x0675
+	.short	0x0c0b,0x0c0b,0x030a,0x030a,0x0487,0x0487,0x0c6e,0x0c6e
+	.short	0x09f8,0x09f8,0x05cb,0x05cb,0x0aa7,0x0aa7,0x045f,0x045f
+	.short	0x06cb,0x06cb,0x0284,0x0284,0x0999,0x0999,0x015d,0x015d
+	.short	0x01a2,0x01a2,0x0149,0x0149,0x0c65,0x0c65,0x0cb6,0x0cb6
+	.short	0x0331,0x0331,0x0449,0x0449,0x025b,0x025b,0x0262,0x0262
+	.short	0x052a,0x052a,0x07fc,0x07fc,0x0748,0x0748,0x0180,0x0180
+	.short	0x0842,0x0842,0x0c79,0x0c79,0x04c2,0x04c2,0x07ca,0x07ca
+	.short	0x0997,0x0997,0x00dc,0x00dc,0x085e,0x085e,0x0686,0x0686
+	.short	0x0860,0x0860,0x0707,0x0707,0x0803,0x0803,0x031a,0x031a
+	.short	0x071b,0x071b,0x09ab,0x09ab,0x099b,0x099b,0x01de,0x01de
+	.short	0x0c95,0x0c95,0x0bcd,0x0bcd,0x03e4,0x03e4,0x03df,0x03df
+	.short	0x03be,0x03be,0x074d,0x074d,0x05f2,0x05f2,0x065c,0x065c
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_qinv, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_qinv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_qinv:
+	.short	0xffed,0x7b0b,0x399a,0x0314,0x34d5,0xcf8e,0x6e1f,0xbeca
+	.short	0xae56,0x6c6e,0xf129,0xc2b6,0x29c2,0x054f,0xd43f,0x79bc
+	.short	0xe93d,0x43d4,0x9908,0x8e7f,0x15c4,0xfbb2,0x53bf,0x997f
+	.short	0x9258,0x5ef9,0xd6dc,0x2260,0x47fb,0x229b,0x6834,0xc0de
+	.short	0xe9c7,0xe9c7,0xe9c7,0xe9c7,0xe68c,0xe68c,0xe68c,0xe68c
+	.short	0x05d9,0x05d9,0x05d9,0x05d9,0x78f7,0x78f7,0x78f7,0x78f7
+	.short	0xa3f4,0xa3f4,0xa3f4,0xa3f4,0x4ed3,0x4ed3,0x4ed3,0x4ed3
+	.short	0x50e7,0x50e7,0x50e7,0x50e7,0x61f9,0x61f9,0x61f9,0x61f9
+	.short	0xce04,0xce04,0xce04,0xce04,0x67f9,0x67f9,0x67f9,0x67f9
+	.short	0x3ec1,0x3ec1,0x3ec1,0x3ec1,0xcf67,0xcf67,0xcf67,0xcf67
+	.short	0x23af,0x23af,0x23af,0x23af,0xfd77,0xfd77,0xfd77,0xfd77
+	.short	0x9a7e,0x9a7e,0x9a7e,0x9a7e,0x6cbd,0x6cbd,0x6cbd,0x6cbd
+	.short	0x4dac,0x4dac,0x4dac,0x4dac,0x91a7,0x91a7,0x91a7,0x91a7
+	.short	0xc1f2,0xc1f2,0xc1f2,0xc1f2,0xdd3e,0xdd3e,0xdd3e,0xdd3e
+	.short	0x916b,0x916b,0x916b,0x916b,0x2374,0x2374,0x2374,0x2374
+	.short	0x8a0a,0x8a0a,0x8a0a,0x8a0a,0x474a,0x474a,0x474a,0x474a
+	.short	0x3473,0x3473,0x3473,0x3473,0x36c1,0x36c1,0x36c1,0x36c1
+	.short	0x8e1d,0x8e1d,0x8e1d,0x8e1d,0xce2c,0xce2c,0xce2c,0xce2c
+	.short	0x41c0,0x41c0,0x41c0,0x41c0,0x10d8,0x10d8,0x10d8,0x10d8
+	.short	0xa1a5,0xa1a5,0xa1a5,0xa1a5,0xba06,0xba06,0xba06,0xba06
+	.short	0xfeb2,0xfeb2,0x2bae,0x2bae,0xd32b,0xd32b,0x344b,0x344b
+	.short	0x821e,0x821e,0xc867,0xc867,0x500e,0x500e,0xab69,0xab69
+	.short	0x93a6,0x93a6,0x334b,0x334b,0x03b1,0x03b1,0xee16,0xee16
+	.short	0xc5de,0xc5de,0x5a35,0x5a35,0x1826,0x1826,0x1575,0x1575
+	.short	0x7d0b,0x7d0b,0x810a,0x810a,0x2987,0x2987,0x766e,0x766e
+	.short	0x71f8,0x71f8,0xb6cb,0xb6cb,0x8fa7,0x8fa7,0x315f,0x315f
+	.short	0xb7cb,0xb7cb,0x4e84,0x4e84,0x4499,0x4499,0x485d,0x485d
+	.short	0xc7a2,0xc7a2,0x4c49,0x4c49,0xeb65,0xeb65,0xceb6,0xceb6
+	.short	0x8631,0x8631,0x4f49,0x4f49,0x635b,0x635b,0x0862,0x0862
+	.short	0xe32a,0xe32a,0x3bfc,0x3bfc,0x5f48,0x5f48,0x8180,0x8180
+	.short	0xae42,0xae42,0xe779,0xe779,0x2ac2,0x2ac2,0xc5ca,0xc5ca
+	.short	0x5e97,0x5e97,0xd4dc,0xd4dc,0x425e,0x425e,0x3886,0x3886
+	.short	0x2860,0x2860,0xac07,0xac07,0xe103,0xe103,0xb11a,0xb11a
+	.short	0xa81b,0xa81b,0x5aab,0x5aab,0x2a9b,0x2a9b,0xbbde,0xbbde
+	.short	0x7b95,0x7b95,0xa2cd,0xa2cd,0x6fe4,0x6fe4,0xb0df,0xb0df
+	.short	0x5dbe,0x5dbe,0x1e4d,0x1e4d,0xbbf2,0xbbf2,0x5a5c,0x5a5c
+#ifndef __APPLE__
+.text
+.globl	kyber_ntt
+.type	kyber_ntt,@function
+.align	2
+kyber_ntt:
+#else
+.section	__TEXT,__text
+.globl	_kyber_ntt
+.p2align	2
+_kyber_ntt:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_zetas
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas
+#else
+	adrp x2, L_kyber_aarch64_zetas@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_qinv
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_qinv
+#else
+	adrp x3, L_kyber_aarch64_zetas_qinv@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q4, [x4]
+	ldr	q5, [x0]
+	ldr	q6, [x0, #32]
+	ldr	q7, [x0, #64]
+	ldr	q8, [x0, #96]
+	ldr	q9, [x0, #128]
+	ldr	q10, [x0, #160]
+	ldr	q11, [x0, #192]
+	ldr	q12, [x0, #224]
+	ldr	q13, [x1]
+	ldr	q14, [x1, #32]
+	ldr	q15, [x1, #64]
+	ldr	q16, [x1, #96]
+	ldr	q17, [x1, #128]
+	ldr	q18, [x1, #160]
+	ldr	q19, [x1, #192]
+	ldr	q20, [x1, #224]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0]
+	str	q6, [x0, #32]
+	str	q7, [x0, #64]
+	str	q8, [x0, #96]
+	str	q9, [x0, #128]
+	str	q10, [x0, #160]
+	str	q11, [x0, #192]
+	str	q12, [x0, #224]
+	str	q13, [x1]
+	str	q14, [x1, #32]
+	str	q15, [x1, #64]
+	str	q16, [x1, #96]
+	str	q17, [x1, #128]
+	str	q18, [x1, #160]
+	str	q19, [x1, #192]
+	str	q20, [x1, #224]
+	ldr	q5, [x0, #16]
+	ldr	q6, [x0, #48]
+	ldr	q7, [x0, #80]
+	ldr	q8, [x0, #112]
+	ldr	q9, [x0, #144]
+	ldr	q10, [x0, #176]
+	ldr	q11, [x0, #208]
+	ldr	q12, [x0, #240]
+	ldr	q13, [x1, #16]
+	ldr	q14, [x1, #48]
+	ldr	q15, [x1, #80]
+	ldr	q16, [x1, #112]
+	ldr	q17, [x1, #144]
+	ldr	q18, [x1, #176]
+	ldr	q19, [x1, #208]
+	ldr	q20, [x1, #240]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0, #16]
+	str	q6, [x0, #48]
+	str	q7, [x0, #80]
+	str	q8, [x0, #112]
+	str	q9, [x0, #144]
+	str	q10, [x0, #176]
+	str	q11, [x0, #208]
+	str	q12, [x0, #240]
+	str	q13, [x1, #16]
+	str	q14, [x1, #48]
+	str	q15, [x1, #80]
+	str	q16, [x1, #112]
+	str	q17, [x1, #144]
+	str	q18, [x1, #176]
+	str	q19, [x1, #208]
+	str	q20, [x1, #240]
+	ldp	q5, q6, [x0]
+	ldp	q7, q8, [x0, #32]
+	ldp	q9, q10, [x0, #64]
+	ldp	q11, q12, [x0, #96]
+	ldp	q13, q14, [x0, #128]
+	ldp	q15, q16, [x0, #160]
+	ldp	q17, q18, [x0, #192]
+	ldp	q19, q20, [x0, #224]
+	ldr	q0, [x2, #32]
+	ldr	q1, [x3, #32]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #64]
+	ldr	q2, [x2, #80]
+	ldr	q1, [x3, #64]
+	ldr	q3, [x3, #80]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q2, [x2, #112]
+	ldr	q1, [x3, #96]
+	ldr	q3, [x3, #112]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #128]
+	ldr	q2, [x2, #144]
+	ldr	q1, [x3, #128]
+	ldr	q3, [x3, #144]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q2, [x2, #176]
+	ldr	q1, [x3, #160]
+	ldr	q3, [x3, #176]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #320]
+	ldr	q2, [x2, #336]
+	ldr	q1, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q2, [x2, #368]
+	ldr	q1, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q2, [x2, #400]
+	ldr	q1, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q2, [x2, #432]
+	ldr	q1, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x0]
+	stp	q7, q8, [x0, #32]
+	stp	q9, q10, [x0, #64]
+	stp	q11, q12, [x0, #96]
+	stp	q13, q14, [x0, #128]
+	stp	q15, q16, [x0, #160]
+	stp	q17, q18, [x0, #192]
+	stp	q19, q20, [x0, #224]
+	ldp	q5, q6, [x1]
+	ldp	q7, q8, [x1, #32]
+	ldp	q9, q10, [x1, #64]
+	ldp	q11, q12, [x1, #96]
+	ldp	q13, q14, [x1, #128]
+	ldp	q15, q16, [x1, #160]
+	ldp	q17, q18, [x1, #192]
+	ldp	q19, q20, [x1, #224]
+	ldr	q0, [x2, #48]
+	ldr	q1, [x3, #48]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #192]
+	ldr	q2, [x2, #208]
+	ldr	q1, [x3, #192]
+	ldr	q3, [x3, #208]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q2, [x2, #240]
+	ldr	q1, [x3, #224]
+	ldr	q3, [x3, #240]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q2, [x2, #272]
+	ldr	q1, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q2, [x2, #304]
+	ldr	q1, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #448]
+	ldr	q2, [x2, #464]
+	ldr	q1, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q2, [x2, #496]
+	ldr	q1, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x2, #528]
+	ldr	q1, [x3, #512]
+	ldr	q3, [x3, #528]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #544]
+	ldr	q2, [x2, #560]
+	ldr	q1, [x3, #544]
+	ldr	q3, [x3, #560]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x1]
+	stp	q7, q8, [x1, #32]
+	stp	q9, q10, [x1, #64]
+	stp	q11, q12, [x1, #96]
+	stp	q13, q14, [x1, #128]
+	stp	q15, q16, [x1, #160]
+	stp	q17, q18, [x1, #192]
+	stp	q19, q20, [x1, #224]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_ntt,.-kyber_ntt
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_inv, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_inv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_inv:
+	.short	0x06a5,0x06a5,0x070f,0x070f,0x05b4,0x05b4,0x0943,0x0943
+	.short	0x0922,0x0922,0x091d,0x091d,0x0134,0x0134,0x006c,0x006c
+	.short	0x0b23,0x0b23,0x0366,0x0366,0x0356,0x0356,0x05e6,0x05e6
+	.short	0x09e7,0x09e7,0x04fe,0x04fe,0x05fa,0x05fa,0x04a1,0x04a1
+	.short	0x067b,0x067b,0x04a3,0x04a3,0x0c25,0x0c25,0x036a,0x036a
+	.short	0x0537,0x0537,0x083f,0x083f,0x0088,0x0088,0x04bf,0x04bf
+	.short	0x0b81,0x0b81,0x05b9,0x05b9,0x0505,0x0505,0x07d7,0x07d7
+	.short	0x0a9f,0x0a9f,0x0aa6,0x0aa6,0x08b8,0x08b8,0x09d0,0x09d0
+	.short	0x004b,0x004b,0x009c,0x009c,0x0bb8,0x0bb8,0x0b5f,0x0b5f
+	.short	0x0ba4,0x0ba4,0x0368,0x0368,0x0a7d,0x0a7d,0x0636,0x0636
+	.short	0x08a2,0x08a2,0x025a,0x025a,0x0736,0x0736,0x0309,0x0309
+	.short	0x0093,0x0093,0x087a,0x087a,0x09f7,0x09f7,0x00f6,0x00f6
+	.short	0x068c,0x068c,0x06db,0x06db,0x01cc,0x01cc,0x0123,0x0123
+	.short	0x00eb,0x00eb,0x0c50,0x0c50,0x0ab6,0x0ab6,0x0b5b,0x0b5b
+	.short	0x0c98,0x0c98,0x06f3,0x06f3,0x099a,0x099a,0x04e3,0x04e3
+	.short	0x09b6,0x09b6,0x0ad6,0x0ad6,0x0b53,0x0b53,0x044f,0x044f
+	.short	0x04fb,0x04fb,0x04fb,0x04fb,0x0a5c,0x0a5c,0x0a5c,0x0a5c
+	.short	0x0429,0x0429,0x0429,0x0429,0x0b41,0x0b41,0x0b41,0x0b41
+	.short	0x02d5,0x02d5,0x02d5,0x02d5,0x05e4,0x05e4,0x05e4,0x05e4
+	.short	0x0940,0x0940,0x0940,0x0940,0x018e,0x018e,0x018e,0x018e
+	.short	0x03b7,0x03b7,0x03b7,0x03b7,0x00f7,0x00f7,0x00f7,0x00f7
+	.short	0x058d,0x058d,0x058d,0x058d,0x0c96,0x0c96,0x0c96,0x0c96
+	.short	0x09c3,0x09c3,0x09c3,0x09c3,0x010f,0x010f,0x010f,0x010f
+	.short	0x005a,0x005a,0x005a,0x005a,0x0355,0x0355,0x0355,0x0355
+	.short	0x0744,0x0744,0x0744,0x0744,0x0c83,0x0c83,0x0c83,0x0c83
+	.short	0x048a,0x048a,0x048a,0x048a,0x0652,0x0652,0x0652,0x0652
+	.short	0x029a,0x029a,0x029a,0x029a,0x0140,0x0140,0x0140,0x0140
+	.short	0x0008,0x0008,0x0008,0x0008,0x0afd,0x0afd,0x0afd,0x0afd
+	.short	0x0608,0x0608,0x0608,0x0608,0x011a,0x011a,0x011a,0x011a
+	.short	0x072e,0x072e,0x072e,0x072e,0x050d,0x050d,0x050d,0x050d
+	.short	0x090a,0x090a,0x090a,0x090a,0x0228,0x0228,0x0228,0x0228
+	.short	0x0a75,0x0a75,0x0a75,0x0a75,0x083a,0x083a,0x083a,0x083a
+	.short	0x0623,0x00cd,0x0b66,0x0606,0x0aa1,0x0a25,0x0908,0x02a9
+	.short	0x0082,0x0642,0x074f,0x033d,0x0b82,0x0bf9,0x052d,0x0ac4
+	.short	0x0745,0x05c2,0x04b2,0x093f,0x0c4b,0x06d8,0x0a93,0x00ab
+	.short	0x0c37,0x0be2,0x0773,0x072c,0x05ed,0x0167,0x02f6,0x05a1
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_inv_qinv, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_inv_qinv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_inv_qinv:
+	.short	0xa5a5,0xa5a5,0x440f,0x440f,0xe1b4,0xe1b4,0xa243,0xa243
+	.short	0x4f22,0x4f22,0x901d,0x901d,0x5d34,0x5d34,0x846c,0x846c
+	.short	0x4423,0x4423,0xd566,0xd566,0xa556,0xa556,0x57e6,0x57e6
+	.short	0x4ee7,0x4ee7,0x1efe,0x1efe,0x53fa,0x53fa,0xd7a1,0xd7a1
+	.short	0xc77b,0xc77b,0xbda3,0xbda3,0x2b25,0x2b25,0xa16a,0xa16a
+	.short	0x3a37,0x3a37,0xd53f,0xd53f,0x1888,0x1888,0x51bf,0x51bf
+	.short	0x7e81,0x7e81,0xa0b9,0xa0b9,0xc405,0xc405,0x1cd7,0x1cd7
+	.short	0xf79f,0xf79f,0x9ca6,0x9ca6,0xb0b8,0xb0b8,0x79d0,0x79d0
+	.short	0x314b,0x314b,0x149c,0x149c,0xb3b8,0xb3b8,0x385f,0x385f
+	.short	0xb7a4,0xb7a4,0xbb68,0xbb68,0xb17d,0xb17d,0x4836,0x4836
+	.short	0xcea2,0xcea2,0x705a,0x705a,0x4936,0x4936,0x8e09,0x8e09
+	.short	0x8993,0x8993,0xd67a,0xd67a,0x7ef7,0x7ef7,0x82f6,0x82f6
+	.short	0xea8c,0xea8c,0xe7db,0xe7db,0xa5cc,0xa5cc,0x3a23,0x3a23
+	.short	0x11eb,0x11eb,0xfc50,0xfc50,0xccb6,0xccb6,0x6c5b,0x6c5b
+	.short	0x5498,0x5498,0xaff3,0xaff3,0x379a,0x379a,0x7de3,0x7de3
+	.short	0xcbb6,0xcbb6,0x2cd6,0x2cd6,0xd453,0xd453,0x014f,0x014f
+	.short	0x45fb,0x45fb,0x45fb,0x45fb,0x5e5c,0x5e5c,0x5e5c,0x5e5c
+	.short	0xef29,0xef29,0xef29,0xef29,0xbe41,0xbe41,0xbe41,0xbe41
+	.short	0x31d5,0x31d5,0x31d5,0x31d5,0x71e4,0x71e4,0x71e4,0x71e4
+	.short	0xc940,0xc940,0xc940,0xc940,0xcb8e,0xcb8e,0xcb8e,0xcb8e
+	.short	0xb8b7,0xb8b7,0xb8b7,0xb8b7,0x75f7,0x75f7,0x75f7,0x75f7
+	.short	0xdc8d,0xdc8d,0xdc8d,0xdc8d,0x6e96,0x6e96,0x6e96,0x6e96
+	.short	0x22c3,0x22c3,0x22c3,0x22c3,0x3e0f,0x3e0f,0x3e0f,0x3e0f
+	.short	0x6e5a,0x6e5a,0x6e5a,0x6e5a,0xb255,0xb255,0xb255,0xb255
+	.short	0x9344,0x9344,0x9344,0x9344,0x6583,0x6583,0x6583,0x6583
+	.short	0x028a,0x028a,0x028a,0x028a,0xdc52,0xdc52,0xdc52,0xdc52
+	.short	0x309a,0x309a,0x309a,0x309a,0xc140,0xc140,0xc140,0xc140
+	.short	0x9808,0x9808,0x9808,0x9808,0x31fd,0x31fd,0x31fd,0x31fd
+	.short	0x9e08,0x9e08,0x9e08,0x9e08,0xaf1a,0xaf1a,0xaf1a,0xaf1a
+	.short	0xb12e,0xb12e,0xb12e,0xb12e,0x5c0d,0x5c0d,0x5c0d,0x5c0d
+	.short	0x870a,0x870a,0x870a,0x870a,0xfa28,0xfa28,0xfa28,0xfa28
+	.short	0x1975,0x1975,0x1975,0x1975,0x163a,0x163a,0x163a,0x163a
+	.short	0x3f23,0x97cd,0xdd66,0xb806,0xdda1,0x2925,0xa108,0x6da9
+	.short	0x6682,0xac42,0x044f,0xea3d,0x7182,0x66f9,0xbc2d,0x16c4
+	.short	0x8645,0x2bc2,0xfab2,0xd63f,0x3d4b,0x0ed8,0x9393,0x51ab
+	.short	0x4137,0x91e2,0x3073,0xcb2c,0xfced,0xc667,0x84f6,0xd8a1
+#ifndef __APPLE__
+.text
+.globl	kyber_invntt
+.type	kyber_invntt,@function
+.align	2
+kyber_invntt:
+#else
+.section	__TEXT,__text
+.globl	_kyber_invntt
+.p2align	2
+_kyber_invntt:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_zetas_inv
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas_inv
+#else
+	adrp x2, L_kyber_aarch64_zetas_inv@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas_inv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_inv_qinv
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv
+#else
+	adrp x3, L_kyber_aarch64_zetas_inv_qinv@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q8, [x4]
+	ldp	q9, q10, [x0]
+	ldp	q11, q12, [x0, #32]
+	ldp	q13, q14, [x0, #64]
+	ldp	q15, q16, [x0, #96]
+	ldp	q17, q18, [x0, #128]
+	ldp	q19, q20, [x0, #160]
+	ldp	q21, q22, [x0, #192]
+	ldp	q23, q24, [x0, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2]
+	ldr	q1, [x2, #16]
+	ldr	q2, [x3]
+	ldr	q3, [x3, #16]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #32]
+	ldr	q1, [x2, #48]
+	ldr	q2, [x3, #32]
+	ldr	q3, [x3, #48]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #64]
+	ldr	q1, [x2, #80]
+	ldr	q2, [x3, #64]
+	ldr	q3, [x3, #80]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q1, [x2, #112]
+	ldr	q2, [x3, #96]
+	ldr	q3, [x3, #112]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q1, [x2, #272]
+	ldr	q2, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q1, [x2, #304]
+	ldr	q2, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #320]
+	ldr	q1, [x2, #336]
+	ldr	q2, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q1, [x2, #368]
+	ldr	q2, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x3, #512]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x0]
+	stp	q11, q12, [x0, #32]
+	stp	q13, q14, [x0, #64]
+	stp	q15, q16, [x0, #96]
+	stp	q17, q18, [x0, #128]
+	stp	q19, q20, [x0, #160]
+	stp	q21, q22, [x0, #192]
+	stp	q23, q24, [x0, #224]
+	ldp	q9, q10, [x1]
+	ldp	q11, q12, [x1, #32]
+	ldp	q13, q14, [x1, #64]
+	ldp	q15, q16, [x1, #96]
+	ldp	q17, q18, [x1, #128]
+	ldp	q19, q20, [x1, #160]
+	ldp	q21, q22, [x1, #192]
+	ldp	q23, q24, [x1, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2, #128]
+	ldr	q1, [x2, #144]
+	ldr	q2, [x3, #128]
+	ldr	q3, [x3, #144]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q1, [x2, #176]
+	ldr	q2, [x3, #160]
+	ldr	q3, [x3, #176]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #192]
+	ldr	q1, [x2, #208]
+	ldr	q2, [x3, #192]
+	ldr	q3, [x3, #208]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q1, [x2, #240]
+	ldr	q2, [x3, #224]
+	ldr	q3, [x3, #240]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q1, [x2, #400]
+	ldr	q2, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q1, [x2, #432]
+	ldr	q2, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #448]
+	ldr	q1, [x2, #464]
+	ldr	q2, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q1, [x2, #496]
+	ldr	q2, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #528]
+	ldr	q2, [x3, #528]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x1]
+	stp	q11, q12, [x1, #32]
+	stp	q13, q14, [x1, #64]
+	stp	q15, q16, [x1, #96]
+	stp	q17, q18, [x1, #128]
+	stp	q19, q20, [x1, #160]
+	stp	q21, q22, [x1, #192]
+	stp	q23, q24, [x1, #224]
+	ldr	q4, [x2, #544]
+	ldr	q5, [x2, #560]
+	ldr	q6, [x3, #544]
+	ldr	q7, [x3, #560]
+	ldr	q9, [x0]
+	ldr	q10, [x0, #32]
+	ldr	q11, [x0, #64]
+	ldr	q12, [x0, #96]
+	ldr	q13, [x0, #128]
+	ldr	q14, [x0, #160]
+	ldr	q15, [x0, #192]
+	ldr	q16, [x0, #224]
+	ldr	q17, [x1]
+	ldr	q18, [x1, #32]
+	ldr	q19, [x1, #64]
+	ldr	q20, [x1, #96]
+	ldr	q21, [x1, #128]
+	ldr	q22, [x1, #160]
+	ldr	q23, [x1, #192]
+	ldr	q24, [x1, #224]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v27.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v27.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v9.8h, v9.8h, v25.8h
+	sub	v10.8h, v10.8h, v26.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v26.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v26.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v26.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v26.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v26.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v26.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v26.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0]
+	str	q10, [x0, #32]
+	str	q11, [x0, #64]
+	str	q12, [x0, #96]
+	str	q13, [x0, #128]
+	str	q14, [x0, #160]
+	str	q15, [x0, #192]
+	str	q16, [x0, #224]
+	str	q17, [x1]
+	str	q18, [x1, #32]
+	str	q19, [x1, #64]
+	str	q20, [x1, #96]
+	str	q21, [x1, #128]
+	str	q22, [x1, #160]
+	str	q23, [x1, #192]
+	str	q24, [x1, #224]
+	ldr	q9, [x0, #16]
+	ldr	q10, [x0, #48]
+	ldr	q11, [x0, #80]
+	ldr	q12, [x0, #112]
+	ldr	q13, [x0, #144]
+	ldr	q14, [x0, #176]
+	ldr	q15, [x0, #208]
+	ldr	q16, [x0, #240]
+	ldr	q17, [x1, #16]
+	ldr	q18, [x1, #48]
+	ldr	q19, [x1, #80]
+	ldr	q20, [x1, #112]
+	ldr	q21, [x1, #144]
+	ldr	q22, [x1, #176]
+	ldr	q23, [x1, #208]
+	ldr	q24, [x1, #240]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v27.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v27.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v9.8h, v9.8h, v25.8h
+	sub	v10.8h, v10.8h, v26.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v26.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v26.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v26.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v26.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v26.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v26.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v26.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0, #16]
+	str	q10, [x0, #48]
+	str	q11, [x0, #80]
+	str	q12, [x0, #112]
+	str	q13, [x0, #144]
+	str	q14, [x0, #176]
+	str	q15, [x0, #208]
+	str	q16, [x0, #240]
+	str	q17, [x1, #16]
+	str	q18, [x1, #48]
+	str	q19, [x1, #80]
+	str	q20, [x1, #112]
+	str	q21, [x1, #144]
+	str	q22, [x1, #176]
+	str	q23, [x1, #208]
+	str	q24, [x1, #240]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_invntt,.-kyber_invntt
+#endif /* __APPLE__ */
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+#ifndef __APPLE__
+.text
+.globl	kyber_ntt_sqrdmlsh
+.type	kyber_ntt_sqrdmlsh,@function
+.align	2
+kyber_ntt_sqrdmlsh:
+#else
+.section	__TEXT,__text
+.globl	_kyber_ntt_sqrdmlsh
+.p2align	2
+_kyber_ntt_sqrdmlsh:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_zetas
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas
+#else
+	adrp x2, L_kyber_aarch64_zetas@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_qinv
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_qinv
+#else
+	adrp x3, L_kyber_aarch64_zetas_qinv@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q4, [x4]
+	ldr	q5, [x0]
+	ldr	q6, [x0, #32]
+	ldr	q7, [x0, #64]
+	ldr	q8, [x0, #96]
+	ldr	q9, [x0, #128]
+	ldr	q10, [x0, #160]
+	ldr	q11, [x0, #192]
+	ldr	q12, [x0, #224]
+	ldr	q13, [x1]
+	ldr	q14, [x1, #32]
+	ldr	q15, [x1, #64]
+	ldr	q16, [x1, #96]
+	ldr	q17, [x1, #128]
+	ldr	q18, [x1, #160]
+	ldr	q19, [x1, #192]
+	ldr	q20, [x1, #224]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0]
+	str	q6, [x0, #32]
+	str	q7, [x0, #64]
+	str	q8, [x0, #96]
+	str	q9, [x0, #128]
+	str	q10, [x0, #160]
+	str	q11, [x0, #192]
+	str	q12, [x0, #224]
+	str	q13, [x1]
+	str	q14, [x1, #32]
+	str	q15, [x1, #64]
+	str	q16, [x1, #96]
+	str	q17, [x1, #128]
+	str	q18, [x1, #160]
+	str	q19, [x1, #192]
+	str	q20, [x1, #224]
+	ldr	q5, [x0, #16]
+	ldr	q6, [x0, #48]
+	ldr	q7, [x0, #80]
+	ldr	q8, [x0, #112]
+	ldr	q9, [x0, #144]
+	ldr	q10, [x0, #176]
+	ldr	q11, [x0, #208]
+	ldr	q12, [x0, #240]
+	ldr	q13, [x1, #16]
+	ldr	q14, [x1, #48]
+	ldr	q15, [x1, #80]
+	ldr	q16, [x1, #112]
+	ldr	q17, [x1, #144]
+	ldr	q18, [x1, #176]
+	ldr	q19, [x1, #208]
+	ldr	q20, [x1, #240]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0, #16]
+	str	q6, [x0, #48]
+	str	q7, [x0, #80]
+	str	q8, [x0, #112]
+	str	q9, [x0, #144]
+	str	q10, [x0, #176]
+	str	q11, [x0, #208]
+	str	q12, [x0, #240]
+	str	q13, [x1, #16]
+	str	q14, [x1, #48]
+	str	q15, [x1, #80]
+	str	q16, [x1, #112]
+	str	q17, [x1, #144]
+	str	q18, [x1, #176]
+	str	q19, [x1, #208]
+	str	q20, [x1, #240]
+	ldp	q5, q6, [x0]
+	ldp	q7, q8, [x0, #32]
+	ldp	q9, q10, [x0, #64]
+	ldp	q11, q12, [x0, #96]
+	ldp	q13, q14, [x0, #128]
+	ldp	q15, q16, [x0, #160]
+	ldp	q17, q18, [x0, #192]
+	ldp	q19, q20, [x0, #224]
+	ldr	q0, [x2, #32]
+	ldr	q1, [x3, #32]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #64]
+	ldr	q2, [x2, #80]
+	ldr	q1, [x3, #64]
+	ldr	q3, [x3, #80]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q2, [x2, #112]
+	ldr	q1, [x3, #96]
+	ldr	q3, [x3, #112]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #128]
+	ldr	q2, [x2, #144]
+	ldr	q1, [x3, #128]
+	ldr	q3, [x3, #144]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q2, [x2, #176]
+	ldr	q1, [x3, #160]
+	ldr	q3, [x3, #176]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #320]
+	ldr	q2, [x2, #336]
+	ldr	q1, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q2, [x2, #368]
+	ldr	q1, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q2, [x2, #400]
+	ldr	q1, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q2, [x2, #432]
+	ldr	q1, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x0]
+	stp	q7, q8, [x0, #32]
+	stp	q9, q10, [x0, #64]
+	stp	q11, q12, [x0, #96]
+	stp	q13, q14, [x0, #128]
+	stp	q15, q16, [x0, #160]
+	stp	q17, q18, [x0, #192]
+	stp	q19, q20, [x0, #224]
+	ldp	q5, q6, [x1]
+	ldp	q7, q8, [x1, #32]
+	ldp	q9, q10, [x1, #64]
+	ldp	q11, q12, [x1, #96]
+	ldp	q13, q14, [x1, #128]
+	ldp	q15, q16, [x1, #160]
+	ldp	q17, q18, [x1, #192]
+	ldp	q19, q20, [x1, #224]
+	ldr	q0, [x2, #48]
+	ldr	q1, [x3, #48]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #192]
+	ldr	q2, [x2, #208]
+	ldr	q1, [x3, #192]
+	ldr	q3, [x3, #208]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q2, [x2, #240]
+	ldr	q1, [x3, #224]
+	ldr	q3, [x3, #240]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q2, [x2, #272]
+	ldr	q1, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q2, [x2, #304]
+	ldr	q1, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #448]
+	ldr	q2, [x2, #464]
+	ldr	q1, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q2, [x2, #496]
+	ldr	q1, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x2, #528]
+	ldr	q1, [x3, #512]
+	ldr	q3, [x3, #528]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #544]
+	ldr	q2, [x2, #560]
+	ldr	q1, [x3, #544]
+	ldr	q3, [x3, #560]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x1]
+	stp	q7, q8, [x1, #32]
+	stp	q9, q10, [x1, #64]
+	stp	q11, q12, [x1, #96]
+	stp	q13, q14, [x1, #128]
+	stp	q15, q16, [x1, #160]
+	stp	q17, q18, [x1, #192]
+	stp	q19, q20, [x1, #224]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_ntt_sqrdmlsh,.-kyber_ntt_sqrdmlsh
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_invntt_sqrdmlsh
+.type	kyber_invntt_sqrdmlsh,@function
+.align	2
+kyber_invntt_sqrdmlsh:
+#else
+.section	__TEXT,__text
+.globl	_kyber_invntt_sqrdmlsh
+.p2align	2
+_kyber_invntt_sqrdmlsh:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_zetas_inv
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas_inv
+#else
+	adrp x2, L_kyber_aarch64_zetas_inv@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_zetas_inv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_inv_qinv
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv
+#else
+	adrp x3, L_kyber_aarch64_zetas_inv_qinv@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_inv_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q8, [x4]
+	ldp	q9, q10, [x0]
+	ldp	q11, q12, [x0, #32]
+	ldp	q13, q14, [x0, #64]
+	ldp	q15, q16, [x0, #96]
+	ldp	q17, q18, [x0, #128]
+	ldp	q19, q20, [x0, #160]
+	ldp	q21, q22, [x0, #192]
+	ldp	q23, q24, [x0, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2]
+	ldr	q1, [x2, #16]
+	ldr	q2, [x3]
+	ldr	q3, [x3, #16]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #32]
+	ldr	q1, [x2, #48]
+	ldr	q2, [x3, #32]
+	ldr	q3, [x3, #48]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #64]
+	ldr	q1, [x2, #80]
+	ldr	q2, [x3, #64]
+	ldr	q3, [x3, #80]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q1, [x2, #112]
+	ldr	q2, [x3, #96]
+	ldr	q3, [x3, #112]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q1, [x2, #272]
+	ldr	q2, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q1, [x2, #304]
+	ldr	q2, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #320]
+	ldr	q1, [x2, #336]
+	ldr	q2, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q1, [x2, #368]
+	ldr	q2, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x3, #512]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x0]
+	stp	q11, q12, [x0, #32]
+	stp	q13, q14, [x0, #64]
+	stp	q15, q16, [x0, #96]
+	stp	q17, q18, [x0, #128]
+	stp	q19, q20, [x0, #160]
+	stp	q21, q22, [x0, #192]
+	stp	q23, q24, [x0, #224]
+	ldp	q9, q10, [x1]
+	ldp	q11, q12, [x1, #32]
+	ldp	q13, q14, [x1, #64]
+	ldp	q15, q16, [x1, #96]
+	ldp	q17, q18, [x1, #128]
+	ldp	q19, q20, [x1, #160]
+	ldp	q21, q22, [x1, #192]
+	ldp	q23, q24, [x1, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2, #128]
+	ldr	q1, [x2, #144]
+	ldr	q2, [x3, #128]
+	ldr	q3, [x3, #144]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q1, [x2, #176]
+	ldr	q2, [x3, #160]
+	ldr	q3, [x3, #176]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #192]
+	ldr	q1, [x2, #208]
+	ldr	q2, [x3, #192]
+	ldr	q3, [x3, #208]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q1, [x2, #240]
+	ldr	q2, [x3, #224]
+	ldr	q3, [x3, #240]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q1, [x2, #400]
+	ldr	q2, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q1, [x2, #432]
+	ldr	q2, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #448]
+	ldr	q1, [x2, #464]
+	ldr	q2, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q1, [x2, #496]
+	ldr	q2, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #528]
+	ldr	q2, [x3, #528]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x1]
+	stp	q11, q12, [x1, #32]
+	stp	q13, q14, [x1, #64]
+	stp	q15, q16, [x1, #96]
+	stp	q17, q18, [x1, #128]
+	stp	q19, q20, [x1, #160]
+	stp	q21, q22, [x1, #192]
+	stp	q23, q24, [x1, #224]
+	ldr	q4, [x2, #544]
+	ldr	q5, [x2, #560]
+	ldr	q6, [x3, #544]
+	ldr	q7, [x3, #560]
+	ldr	q9, [x0]
+	ldr	q10, [x0, #32]
+	ldr	q11, [x0, #64]
+	ldr	q12, [x0, #96]
+	ldr	q13, [x0, #128]
+	ldr	q14, [x0, #160]
+	ldr	q15, [x0, #192]
+	ldr	q16, [x0, #224]
+	ldr	q17, [x1]
+	ldr	q18, [x1, #32]
+	ldr	q19, [x1, #64]
+	ldr	q20, [x1, #96]
+	ldr	q21, [x1, #128]
+	ldr	q22, [x1, #160]
+	ldr	q23, [x1, #192]
+	ldr	q24, [x1, #224]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v27.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v27.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmlsh	v9.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v10.8h, v26.8h, v8.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v26.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v26.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v26.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v26.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v26.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v26.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v26.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0]
+	str	q10, [x0, #32]
+	str	q11, [x0, #64]
+	str	q12, [x0, #96]
+	str	q13, [x0, #128]
+	str	q14, [x0, #160]
+	str	q15, [x0, #192]
+	str	q16, [x0, #224]
+	str	q17, [x1]
+	str	q18, [x1, #32]
+	str	q19, [x1, #64]
+	str	q20, [x1, #96]
+	str	q21, [x1, #128]
+	str	q22, [x1, #160]
+	str	q23, [x1, #192]
+	str	q24, [x1, #224]
+	ldr	q9, [x0, #16]
+	ldr	q10, [x0, #48]
+	ldr	q11, [x0, #80]
+	ldr	q12, [x0, #112]
+	ldr	q13, [x0, #144]
+	ldr	q14, [x0, #176]
+	ldr	q15, [x0, #208]
+	ldr	q16, [x0, #240]
+	ldr	q17, [x1, #16]
+	ldr	q18, [x1, #48]
+	ldr	q19, [x1, #80]
+	ldr	q20, [x1, #112]
+	ldr	q21, [x1, #144]
+	ldr	q22, [x1, #176]
+	ldr	q23, [x1, #208]
+	ldr	q24, [x1, #240]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v27.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v27.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmlsh	v9.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v10.8h, v26.8h, v8.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v26.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v26.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v26.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v26.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v26.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v26.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v26.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0, #16]
+	str	q10, [x0, #48]
+	str	q11, [x0, #80]
+	str	q12, [x0, #112]
+	str	q13, [x0, #144]
+	str	q14, [x0, #176]
+	str	q15, [x0, #208]
+	str	q16, [x0, #240]
+	str	q17, [x1, #16]
+	str	q18, [x1, #48]
+	str	q19, [x1, #80]
+	str	q20, [x1, #112]
+	str	q21, [x1, #144]
+	str	q22, [x1, #176]
+	str	q23, [x1, #208]
+	str	q24, [x1, #240]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_invntt_sqrdmlsh,.-kyber_invntt_sqrdmlsh
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_zetas_mul, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_zetas_mul, 256
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_zetas_mul:
+	.short	0x08b2,0xf74e,0x01ae,0xfe52,0x022b,0xfdd5,0x034b,0xfcb5
+	.short	0x081e,0xf7e2,0x0367,0xfc99,0x060e,0xf9f2,0x0069,0xff97
+	.short	0x01a6,0xfe5a,0x024b,0xfdb5,0x00b1,0xff4f,0x0c16,0xf3ea
+	.short	0x0bde,0xf422,0x0b35,0xf4cb,0x0626,0xf9da,0x0675,0xf98b
+	.short	0x0c0b,0xf3f5,0x030a,0xfcf6,0x0487,0xfb79,0x0c6e,0xf392
+	.short	0x09f8,0xf608,0x05cb,0xfa35,0x0aa7,0xf559,0x045f,0xfba1
+	.short	0x06cb,0xf935,0x0284,0xfd7c,0x0999,0xf667,0x015d,0xfea3
+	.short	0x01a2,0xfe5e,0x0149,0xfeb7,0x0c65,0xf39b,0x0cb6,0xf34a
+	.short	0x0331,0xfccf,0x0449,0xfbb7,0x025b,0xfda5,0x0262,0xfd9e
+	.short	0x052a,0xfad6,0x07fc,0xf804,0x0748,0xf8b8,0x0180,0xfe80
+	.short	0x0842,0xf7be,0x0c79,0xf387,0x04c2,0xfb3e,0x07ca,0xf836
+	.short	0x0997,0xf669,0x00dc,0xff24,0x085e,0xf7a2,0x0686,0xf97a
+	.short	0x0860,0xf7a0,0x0707,0xf8f9,0x0803,0xf7fd,0x031a,0xfce6
+	.short	0x071b,0xf8e5,0x09ab,0xf655,0x099b,0xf665,0x01de,0xfe22
+	.short	0x0c95,0xf36b,0x0bcd,0xf433,0x03e4,0xfc1c,0x03df,0xfc21
+	.short	0x03be,0xfc42,0x074d,0xf8b3,0x05f2,0xfa0e,0x065c,0xf9a4
+#ifndef __APPLE__
+.text
+.globl	kyber_basemul_mont
+.type	kyber_basemul_mont,@function
+.align	2
+kyber_basemul_mont:
+#else
+.section	__TEXT,__text
+.globl	_kyber_basemul_mont
+.p2align	2
+_kyber_basemul_mont:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_mul
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul
+#else
+	adrp x3, L_kyber_aarch64_zetas_mul@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q1, [x4]
+	ldp	q2, q3, [x1]
+	ldp	q4, q5, [x1, #32]
+	ldp	q6, q7, [x1, #64]
+	ldp	q8, q9, [x1, #96]
+	ldp	q10, q11, [x2]
+	ldp	q12, q13, [x2, #32]
+	ldp	q14, q15, [x2, #64]
+	ldp	q16, q17, [x2, #96]
+	ldr	q0, [x3]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0]
+	ldr	q0, [x3, #16]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #32]
+	ldr	q0, [x3, #32]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #64]
+	ldr	q0, [x3, #48]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #96]
+	ldp	q2, q3, [x1, #128]
+	ldp	q4, q5, [x1, #160]
+	ldp	q6, q7, [x1, #192]
+	ldp	q8, q9, [x1, #224]
+	ldp	q10, q11, [x2, #128]
+	ldp	q12, q13, [x2, #160]
+	ldp	q14, q15, [x2, #192]
+	ldp	q16, q17, [x2, #224]
+	ldr	q0, [x3, #64]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #128]
+	ldr	q0, [x3, #80]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #160]
+	ldr	q0, [x3, #96]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #192]
+	ldr	q0, [x3, #112]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #224]
+	ldp	q2, q3, [x1, #256]
+	ldp	q4, q5, [x1, #288]
+	ldp	q6, q7, [x1, #320]
+	ldp	q8, q9, [x1, #352]
+	ldp	q10, q11, [x2, #256]
+	ldp	q12, q13, [x2, #288]
+	ldp	q14, q15, [x2, #320]
+	ldp	q16, q17, [x2, #352]
+	ldr	q0, [x3, #128]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #256]
+	ldr	q0, [x3, #144]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #288]
+	ldr	q0, [x3, #160]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #320]
+	ldr	q0, [x3, #176]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #352]
+	ldp	q2, q3, [x1, #384]
+	ldp	q4, q5, [x1, #416]
+	ldp	q6, q7, [x1, #448]
+	ldp	q8, q9, [x1, #480]
+	ldp	q10, q11, [x2, #384]
+	ldp	q12, q13, [x2, #416]
+	ldp	q14, q15, [x2, #448]
+	ldp	q16, q17, [x2, #480]
+	ldr	q0, [x3, #192]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #384]
+	ldr	q0, [x3, #208]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #416]
+	ldr	q0, [x3, #224]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #448]
+	ldr	q0, [x3, #240]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #480]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_basemul_mont,.-kyber_basemul_mont
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_basemul_mont_add
+.type	kyber_basemul_mont_add,@function
+.align	2
+kyber_basemul_mont_add:
+#else
+.section	__TEXT,__text
+.globl	_kyber_basemul_mont_add
+.p2align	2
+_kyber_basemul_mont_add:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_zetas_mul
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul
+#else
+	adrp x3, L_kyber_aarch64_zetas_mul@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_zetas_mul@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_consts
+	add  x4, x4, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x4, L_kyber_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q1, [x4]
+	ldp	q2, q3, [x1]
+	ldp	q4, q5, [x1, #32]
+	ldp	q6, q7, [x1, #64]
+	ldp	q8, q9, [x1, #96]
+	ldp	q10, q11, [x2]
+	ldp	q12, q13, [x2, #32]
+	ldp	q14, q15, [x2, #64]
+	ldp	q16, q17, [x2, #96]
+	ldp	q28, q29, [x0]
+	ldr	q0, [x3]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0]
+	ldp	q28, q29, [x0, #32]
+	ldr	q0, [x3, #16]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #32]
+	ldp	q28, q29, [x0, #64]
+	ldr	q0, [x3, #32]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #64]
+	ldp	q28, q29, [x0, #96]
+	ldr	q0, [x3, #48]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #96]
+	ldp	q2, q3, [x1, #128]
+	ldp	q4, q5, [x1, #160]
+	ldp	q6, q7, [x1, #192]
+	ldp	q8, q9, [x1, #224]
+	ldp	q10, q11, [x2, #128]
+	ldp	q12, q13, [x2, #160]
+	ldp	q14, q15, [x2, #192]
+	ldp	q16, q17, [x2, #224]
+	ldp	q28, q29, [x0, #128]
+	ldr	q0, [x3, #64]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #128]
+	ldp	q28, q29, [x0, #160]
+	ldr	q0, [x3, #80]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #160]
+	ldp	q28, q29, [x0, #192]
+	ldr	q0, [x3, #96]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #192]
+	ldp	q28, q29, [x0, #224]
+	ldr	q0, [x3, #112]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #224]
+	ldp	q2, q3, [x1, #256]
+	ldp	q4, q5, [x1, #288]
+	ldp	q6, q7, [x1, #320]
+	ldp	q8, q9, [x1, #352]
+	ldp	q10, q11, [x2, #256]
+	ldp	q12, q13, [x2, #288]
+	ldp	q14, q15, [x2, #320]
+	ldp	q16, q17, [x2, #352]
+	ldp	q28, q29, [x0, #256]
+	ldr	q0, [x3, #128]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #256]
+	ldp	q28, q29, [x0, #288]
+	ldr	q0, [x3, #144]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #288]
+	ldp	q28, q29, [x0, #320]
+	ldr	q0, [x3, #160]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #320]
+	ldp	q28, q29, [x0, #352]
+	ldr	q0, [x3, #176]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #352]
+	ldp	q2, q3, [x1, #384]
+	ldp	q4, q5, [x1, #416]
+	ldp	q6, q7, [x1, #448]
+	ldp	q8, q9, [x1, #480]
+	ldp	q10, q11, [x2, #384]
+	ldp	q12, q13, [x2, #416]
+	ldp	q14, q15, [x2, #448]
+	ldp	q16, q17, [x2, #480]
+	ldp	q28, q29, [x0, #384]
+	ldr	q0, [x3, #192]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #384]
+	ldp	q28, q29, [x0, #416]
+	ldr	q0, [x3, #208]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #416]
+	ldp	q28, q29, [x0, #448]
+	ldr	q0, [x3, #224]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #448]
+	ldp	q28, q29, [x0, #480]
+	ldr	q0, [x3, #240]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #480]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_basemul_mont_add,.-kyber_basemul_mont_add
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_csubq_neon
+.type	kyber_csubq_neon,@function
+.align	2
+kyber_csubq_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_csubq_neon
+.p2align	2
+_kyber_csubq_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_kyber_aarch64_q
+	add  x1, x1, :lo12:L_kyber_aarch64_q
+#else
+	adrp x1, L_kyber_aarch64_q@PAGE
+	add  x1, x1, :lo12:L_kyber_aarch64_q@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q20, [x1]
+	ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	sub	v0.8h, v0.8h, v20.8h
+	sub	v1.8h, v1.8h, v20.8h
+	sub	v2.8h, v2.8h, v20.8h
+	sub	v3.8h, v3.8h, v20.8h
+	sub	v4.8h, v4.8h, v20.8h
+	sub	v5.8h, v5.8h, v20.8h
+	sub	v6.8h, v6.8h, v20.8h
+	sub	v7.8h, v7.8h, v20.8h
+	sub	v8.8h, v8.8h, v20.8h
+	sub	v9.8h, v9.8h, v20.8h
+	sub	v10.8h, v10.8h, v20.8h
+	sub	v11.8h, v11.8h, v20.8h
+	sub	v12.8h, v12.8h, v20.8h
+	sub	v13.8h, v13.8h, v20.8h
+	sub	v14.8h, v14.8h, v20.8h
+	sub	v15.8h, v15.8h, v20.8h
+	sshr	v16.8h, v0.8h, #15
+	sshr	v17.8h, v1.8h, #15
+	sshr	v18.8h, v2.8h, #15
+	sshr	v19.8h, v3.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v0.8h, v0.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	sshr	v16.8h, v4.8h, #15
+	sshr	v17.8h, v5.8h, #15
+	sshr	v18.8h, v6.8h, #15
+	sshr	v19.8h, v7.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v4.8h, v4.8h, v16.8h
+	add	v5.8h, v5.8h, v17.8h
+	add	v6.8h, v6.8h, v18.8h
+	add	v7.8h, v7.8h, v19.8h
+	sshr	v16.8h, v8.8h, #15
+	sshr	v17.8h, v9.8h, #15
+	sshr	v18.8h, v10.8h, #15
+	sshr	v19.8h, v11.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v8.8h, v8.8h, v16.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	add	v11.8h, v11.8h, v19.8h
+	sshr	v16.8h, v12.8h, #15
+	sshr	v17.8h, v13.8h, #15
+	sshr	v18.8h, v14.8h, #15
+	sshr	v19.8h, v15.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v12.8h, v12.8h, v16.8h
+	add	v13.8h, v13.8h, v17.8h
+	add	v14.8h, v14.8h, v18.8h
+	add	v15.8h, v15.8h, v19.8h
+	st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	sub	v0.8h, v0.8h, v20.8h
+	sub	v1.8h, v1.8h, v20.8h
+	sub	v2.8h, v2.8h, v20.8h
+	sub	v3.8h, v3.8h, v20.8h
+	sub	v4.8h, v4.8h, v20.8h
+	sub	v5.8h, v5.8h, v20.8h
+	sub	v6.8h, v6.8h, v20.8h
+	sub	v7.8h, v7.8h, v20.8h
+	sub	v8.8h, v8.8h, v20.8h
+	sub	v9.8h, v9.8h, v20.8h
+	sub	v10.8h, v10.8h, v20.8h
+	sub	v11.8h, v11.8h, v20.8h
+	sub	v12.8h, v12.8h, v20.8h
+	sub	v13.8h, v13.8h, v20.8h
+	sub	v14.8h, v14.8h, v20.8h
+	sub	v15.8h, v15.8h, v20.8h
+	sshr	v16.8h, v0.8h, #15
+	sshr	v17.8h, v1.8h, #15
+	sshr	v18.8h, v2.8h, #15
+	sshr	v19.8h, v3.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v0.8h, v0.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	sshr	v16.8h, v4.8h, #15
+	sshr	v17.8h, v5.8h, #15
+	sshr	v18.8h, v6.8h, #15
+	sshr	v19.8h, v7.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v4.8h, v4.8h, v16.8h
+	add	v5.8h, v5.8h, v17.8h
+	add	v6.8h, v6.8h, v18.8h
+	add	v7.8h, v7.8h, v19.8h
+	sshr	v16.8h, v8.8h, #15
+	sshr	v17.8h, v9.8h, #15
+	sshr	v18.8h, v10.8h, #15
+	sshr	v19.8h, v11.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v8.8h, v8.8h, v16.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	add	v11.8h, v11.8h, v19.8h
+	sshr	v16.8h, v12.8h, #15
+	sshr	v17.8h, v13.8h, #15
+	sshr	v18.8h, v14.8h, #15
+	sshr	v19.8h, v15.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v12.8h, v12.8h, v16.8h
+	add	v13.8h, v13.8h, v17.8h
+	add	v14.8h, v14.8h, v18.8h
+	add	v15.8h, v15.8h, v19.8h
+	st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_csubq_neon,.-kyber_csubq_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_add_reduce
+.type	kyber_add_reduce,@function
+.align	2
+kyber_add_reduce:
+#else
+.section	__TEXT,__text
+.globl	_kyber_add_reduce
+.p2align	2
+_kyber_add_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_consts
+	add  x2, x2, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x2, L_kyber_aarch64_consts@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_add_reduce,.-kyber_add_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_add3_reduce
+.type	kyber_add3_reduce,@function
+.align	2
+kyber_add3_reduce:
+#else
+.section	__TEXT,__text
+.globl	_kyber_add3_reduce
+.p2align	2
+_kyber_add3_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_consts
+	add  x3, x3, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x3, L_kyber_aarch64_consts@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x3]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_add3_reduce,.-kyber_add3_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_rsub_reduce
+.type	kyber_rsub_reduce,@function
+.align	2
+kyber_rsub_reduce:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rsub_reduce
+.p2align	2
+_kyber_rsub_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_consts
+	add  x2, x2, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x2, L_kyber_aarch64_consts@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_rsub_reduce,.-kyber_rsub_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_to_mont
+.type	kyber_to_mont,@function
+.align	2
+kyber_to_mont:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_mont
+.p2align	2
+_kyber_to_mont:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_kyber_aarch64_consts
+	add  x1, x1, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x1, L_kyber_aarch64_consts@PAGE
+	add  x1, x1, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x1]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v1.8h, v1.8h, v17.8h
+	sub	v2.8h, v2.8h, v18.8h
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v3.8h, v3.8h, v17.8h
+	sub	v4.8h, v4.8h, v18.8h
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v5.8h, v5.8h, v17.8h
+	sub	v6.8h, v6.8h, v18.8h
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v7.8h, v7.8h, v17.8h
+	sub	v8.8h, v8.8h, v18.8h
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v9.8h, v9.8h, v17.8h
+	sub	v10.8h, v10.8h, v18.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v11.8h, v11.8h, v17.8h
+	sub	v12.8h, v12.8h, v18.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v13.8h, v13.8h, v17.8h
+	sub	v14.8h, v14.8h, v18.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v15.8h, v15.8h, v17.8h
+	sub	v16.8h, v16.8h, v18.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v1.8h, v1.8h, v17.8h
+	sub	v2.8h, v2.8h, v18.8h
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v3.8h, v3.8h, v17.8h
+	sub	v4.8h, v4.8h, v18.8h
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v5.8h, v5.8h, v17.8h
+	sub	v6.8h, v6.8h, v18.8h
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v7.8h, v7.8h, v17.8h
+	sub	v8.8h, v8.8h, v18.8h
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v9.8h, v9.8h, v17.8h
+	sub	v10.8h, v10.8h, v18.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v11.8h, v11.8h, v17.8h
+	sub	v12.8h, v12.8h, v18.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v13.8h, v13.8h, v17.8h
+	sub	v14.8h, v14.8h, v18.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v15.8h, v15.8h, v17.8h
+	sub	v16.8h, v16.8h, v18.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_to_mont,.-kyber_to_mont
+#endif /* __APPLE__ */
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+#ifndef __APPLE__
+.text
+.globl	kyber_to_mont_sqrdmlsh
+.type	kyber_to_mont_sqrdmlsh,@function
+.align	2
+kyber_to_mont_sqrdmlsh:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_mont_sqrdmlsh
+.p2align	2
+_kyber_to_mont_sqrdmlsh:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_kyber_aarch64_consts
+	add  x1, x1, :lo12:L_kyber_aarch64_consts
+#else
+	adrp x1, L_kyber_aarch64_consts@PAGE
+	add  x1, x1, :lo12:L_kyber_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x1]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmlsh	v1.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v2.8h, v18.8h, v0.h[0]
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmlsh	v3.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v4.8h, v18.8h, v0.h[0]
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmlsh	v5.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v6.8h, v18.8h, v0.h[0]
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmlsh	v7.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v8.8h, v18.8h, v0.h[0]
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmlsh	v9.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v10.8h, v18.8h, v0.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v11.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v12.8h, v18.8h, v0.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmlsh	v13.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v14.8h, v18.8h, v0.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmlsh	v15.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v16.8h, v18.8h, v0.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmlsh	v1.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v2.8h, v18.8h, v0.h[0]
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmlsh	v3.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v4.8h, v18.8h, v0.h[0]
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmlsh	v5.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v6.8h, v18.8h, v0.h[0]
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmlsh	v7.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v8.8h, v18.8h, v0.h[0]
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmlsh	v9.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v10.8h, v18.8h, v0.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v11.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v12.8h, v18.8h, v0.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmlsh	v13.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v14.8h, v18.8h, v0.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmlsh	v15.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v16.8h, v18.8h, v0.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_to_mont_sqrdmlsh,.-kyber_to_mont_sqrdmlsh
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_to_msg_neon_low, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_to_msg_neon_low, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_to_msg_neon_low:
+	.short	0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_to_msg_neon_high, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_to_msg_neon_high, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_to_msg_neon_high:
+	.short	0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_to_msg_neon_bits, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_to_msg_neon_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_to_msg_neon_bits:
+	.short	0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080
+#ifndef __APPLE__
+.text
+.globl	kyber_to_msg_neon
+.type	kyber_to_msg_neon,@function
+.align	2
+kyber_to_msg_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_msg_neon
+.p2align	2
+_kyber_to_msg_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_to_msg_neon_low
+	add  x2, x2, :lo12:L_kyber_aarch64_to_msg_neon_low
+#else
+	adrp x2, L_kyber_aarch64_to_msg_neon_low@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_to_msg_neon_low@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_to_msg_neon_high
+	add  x3, x3, :lo12:L_kyber_aarch64_to_msg_neon_high
+#else
+	adrp x3, L_kyber_aarch64_to_msg_neon_high@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_to_msg_neon_high@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_to_msg_neon_bits
+	add  x4, x4, :lo12:L_kyber_aarch64_to_msg_neon_bits
+#else
+	adrp x4, L_kyber_aarch64_to_msg_neon_bits@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_to_msg_neon_bits@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	ldr	q26, [x4]
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	kyber_to_msg_neon,.-kyber_to_msg_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_from_msg_neon_q1half, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_from_msg_neon_q1half, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_from_msg_neon_q1half:
+	.short	0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_from_msg_neon_bits, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_from_msg_neon_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	1
+#else
+	.p2align	1
+#endif /* __APPLE__ */
+L_kyber_aarch64_from_msg_neon_bits:
+	.byte	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
+	.byte	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
+#ifndef __APPLE__
+.text
+.globl	kyber_from_msg_neon
+.type	kyber_from_msg_neon,@function
+.align	2
+kyber_from_msg_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_from_msg_neon
+.p2align	2
+_kyber_from_msg_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-48]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+#ifndef __APPLE__
+	adrp x2, L_kyber_aarch64_from_msg_neon_q1half
+	add  x2, x2, :lo12:L_kyber_aarch64_from_msg_neon_q1half
+#else
+	adrp x2, L_kyber_aarch64_from_msg_neon_q1half@PAGE
+	add  x2, x2, :lo12:L_kyber_aarch64_from_msg_neon_q1half@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_kyber_aarch64_from_msg_neon_bits
+	add  x3, x3, :lo12:L_kyber_aarch64_from_msg_neon_bits
+#else
+	adrp x3, L_kyber_aarch64_from_msg_neon_bits@PAGE
+	add  x3, x3, :lo12:L_kyber_aarch64_from_msg_neon_bits@PAGEOFF
+#endif /* __APPLE__ */
+	ld1	{v2.16b, v3.16b}, [x1]
+	ldr	q1, [x2]
+	ldr	q0, [x3]
+	dup	v4.8b, v2.b[0]
+	dup	v5.8b, v2.b[1]
+	dup	v6.8b, v2.b[2]
+	dup	v7.8b, v2.b[3]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[4]
+	dup	v5.8b, v2.b[5]
+	dup	v6.8b, v2.b[6]
+	dup	v7.8b, v2.b[7]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[8]
+	dup	v5.8b, v2.b[9]
+	dup	v6.8b, v2.b[10]
+	dup	v7.8b, v2.b[11]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[12]
+	dup	v5.8b, v2.b[13]
+	dup	v6.8b, v2.b[14]
+	dup	v7.8b, v2.b[15]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[0]
+	dup	v5.8b, v3.b[1]
+	dup	v6.8b, v3.b[2]
+	dup	v7.8b, v3.b[3]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[4]
+	dup	v5.8b, v3.b[5]
+	dup	v6.8b, v3.b[6]
+	dup	v7.8b, v3.b[7]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[8]
+	dup	v5.8b, v3.b[9]
+	dup	v6.8b, v3.b[10]
+	dup	v7.8b, v3.b[11]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[12]
+	dup	v5.8b, v3.b[13]
+	dup	v6.8b, v3.b[14]
+	dup	v7.8b, v3.b[15]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	x29, x30, [sp], #48
+	ret
+#ifndef __APPLE__
+	.size	kyber_from_msg_neon,.-kyber_from_msg_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_cmp_neon
+.type	kyber_cmp_neon,@function
+.align	2
+kyber_cmp_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cmp_neon
+.p2align	2
+_kyber_cmp_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-48]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v8.16b, v0.16b, v4.16b
+	eor	v9.16b, v1.16b, v5.16b
+	eor	v10.16b, v2.16b, v6.16b
+	eor	v11.16b, v3.16b, v7.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	subs	w2, w2, #0x300
+	beq	L_kyber_aarch64_cmp_neon_done
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	subs	w2, w2, #0x140
+	beq	L_kyber_aarch64_cmp_neon_done
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld2	{v0.16b, v1.16b}, [x0]
+	ld2	{v4.16b, v5.16b}, [x1]
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+L_kyber_aarch64_cmp_neon_done:
+	orr	v8.16b, v8.16b, v9.16b
+	orr	v10.16b, v10.16b, v11.16b
+	orr	v8.16b, v8.16b, v10.16b
+	ins	v9.b[0], v8.b[1]
+	orr	v8.16b, v8.16b, v9.16b
+	mov	x0, v8.d[0]
+	subs	x0, x0, xzr
+	csetm	w0, ne
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	x29, x30, [sp], #48
+	ret
+#ifndef __APPLE__
+	.size	kyber_cmp_neon,.-kyber_cmp_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_rej_uniform_neon_mask, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_rej_uniform_neon_mask, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_rej_uniform_neon_mask:
+	.short	0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_rej_uniform_neon_bits, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_rej_uniform_neon_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_kyber_aarch64_rej_uniform_neon_bits:
+	.short	0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080
+#ifndef __APPLE__
+	.text
+	.type	L_kyber_aarch64_rej_uniform_neon_indices, %object
+	.section	.rodata
+	.size	L_kyber_aarch64_rej_uniform_neon_indices, 4096
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	1
+#else
+	.p2align	1
+#endif /* __APPLE__ */
+L_kyber_aarch64_rej_uniform_neon_indices:
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+#ifndef __APPLE__
+.text
+.globl	kyber_rej_uniform_neon
+.type	kyber_rej_uniform_neon,@function
+.align	2
+kyber_rej_uniform_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rej_uniform_neon
+.p2align	2
+_kyber_rej_uniform_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-64]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+#ifndef __APPLE__
+	adrp x4, L_kyber_aarch64_rej_uniform_neon_mask
+	add  x4, x4, :lo12:L_kyber_aarch64_rej_uniform_neon_mask
+#else
+	adrp x4, L_kyber_aarch64_rej_uniform_neon_mask@PAGE
+	add  x4, x4, :lo12:L_kyber_aarch64_rej_uniform_neon_mask@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x5, L_kyber_aarch64_q
+	add  x5, x5, :lo12:L_kyber_aarch64_q
+#else
+	adrp x5, L_kyber_aarch64_q@PAGE
+	add  x5, x5, :lo12:L_kyber_aarch64_q@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x6, L_kyber_aarch64_rej_uniform_neon_bits
+	add  x6, x6, :lo12:L_kyber_aarch64_rej_uniform_neon_bits
+#else
+	adrp x6, L_kyber_aarch64_rej_uniform_neon_bits@PAGE
+	add  x6, x6, :lo12:L_kyber_aarch64_rej_uniform_neon_bits@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x7, L_kyber_aarch64_rej_uniform_neon_indices
+	add  x7, x7, :lo12:L_kyber_aarch64_rej_uniform_neon_indices
+#else
+	adrp x7, L_kyber_aarch64_rej_uniform_neon_indices@PAGE
+	add  x7, x7, :lo12:L_kyber_aarch64_rej_uniform_neon_indices@PAGEOFF
+#endif /* __APPLE__ */
+	eor	v1.16b, v1.16b, v1.16b
+	eor	v12.16b, v12.16b, v12.16b
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x12, x12, x12
+	eor	v10.16b, v10.16b, v10.16b
+	eor	v11.16b, v11.16b, v11.16b
+	mov	x13, #0xd01
+	ldr	q0, [x4]
+	ldr	q3, [x5]
+	ldr	q2, [x6]
+	subs	wzr, w1, #0
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	subs	wzr, w1, #16
+	blt	L_kyber_aarch64_rej_uniform_neon_loop_4
+L_kyber_aarch64_rej_uniform_neon_loop_16:
+	ld3	{v4.8b, v5.8b, v6.8b}, [x2], #24
+	zip1	v4.16b, v4.16b, v1.16b
+	zip1	v5.16b, v5.16b, v1.16b
+	zip1	v6.16b, v6.16b, v1.16b
+	shl	v7.8h, v5.8h, #8
+	ushr	v8.8h, v5.8h, #4
+	shl	v6.8h, v6.8h, #4
+	orr	v4.16b, v4.16b, v7.16b
+	orr	v5.16b, v8.16b, v6.16b
+	and	v7.16b, v4.16b, v0.16b
+	and	v8.16b, v5.16b, v0.16b
+	zip1	v4.8h, v7.8h, v8.8h
+	zip2	v5.8h, v7.8h, v8.8h
+	cmgt	v7.8h, v3.8h, v4.8h
+	cmgt	v8.8h, v3.8h, v5.8h
+	ushr	v12.8h, v7.8h, #15
+	ushr	v13.8h, v8.8h, #15
+	addv	h12, v12.8h
+	addv	h13, v13.8h
+	mov	x10, v12.d[0]
+	mov	x11, v13.d[0]
+	and	v10.16b, v7.16b, v2.16b
+	and	v11.16b, v8.16b, v2.16b
+	addv	h10, v10.8h
+	addv	h11, v11.8h
+	mov	w8, v10.s[0]
+	mov	w9, v11.s[0]
+	lsl	w8, w8, #4
+	lsl	w9, w9, #4
+	ldr	q10, [x7, x8]
+	ldr	q11, [x7, x9]
+	tbl	v7.16b, {v4.16b}, v10.16b
+	tbl	v8.16b, {v5.16b}, v11.16b
+	str	q7, [x0]
+	add	x0, x0, x10, lsl 1
+	add	x12, x12, x10
+	str	q8, [x0]
+	add	x0, x0, x11, lsl 1
+	add	x12, x12, x11
+	subs	w3, w3, #24
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	sub	w10, w1, w12
+	subs	x10, x10, #16
+	blt	L_kyber_aarch64_rej_uniform_neon_loop_4
+	b	L_kyber_aarch64_rej_uniform_neon_loop_16
+L_kyber_aarch64_rej_uniform_neon_loop_4:
+	subs	w10, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	subs	x10, x10, #4
+	blt	L_kyber_aarch64_rej_uniform_neon_loop_lt_4
+	ldr	x4, [x2], #6
+	lsr	x5, x4, #12
+	lsr	x6, x4, #24
+	lsr	x7, x4, #36
+	and	x4, x4, #0xfff
+	and	x5, x5, #0xfff
+	and	x6, x6, #0xfff
+	and	x7, x7, #0xfff
+	strh	w4, [x0]
+	subs	xzr, x4, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w5, [x0]
+	subs	xzr, x5, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w6, [x0]
+	subs	xzr, x6, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w7, [x0]
+	subs	xzr, x7, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	w3, w3, #6
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	b	L_kyber_aarch64_rej_uniform_neon_loop_4
+L_kyber_aarch64_rej_uniform_neon_loop_lt_4:
+	ldr	x4, [x2], #6
+	lsr	x5, x4, #12
+	lsr	x6, x4, #24
+	lsr	x7, x4, #36
+	and	x4, x4, #0xfff
+	and	x5, x5, #0xfff
+	and	x6, x6, #0xfff
+	and	x7, x7, #0xfff
+	strh	w4, [x0]
+	subs	xzr, x4, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	strh	w5, [x0]
+	subs	xzr, x5, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	strh	w6, [x0]
+	subs	xzr, x6, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	strh	w7, [x0]
+	subs	xzr, x7, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	subs	w3, w3, #6
+	beq	L_kyber_aarch64_rej_uniform_neon_done
+	b	L_kyber_aarch64_rej_uniform_neon_loop_lt_4
+L_kyber_aarch64_rej_uniform_neon_done:
+	mov	x0, x12
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	x29, x30, [sp], #0x40
+	ret
+#ifndef __APPLE__
+	.size	kyber_rej_uniform_neon,.-kyber_rej_uniform_neon
+#endif /* __APPLE__ */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_blocksx3_neon
+.type	kyber_sha3_blocksx3_neon,@function
+.align	2
+kyber_sha3_blocksx3_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_blocksx3_neon
+.p2align	2
+_kyber_sha3_blocksx3_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x27, L_sha3_aarch64_r
+	add  x27, x27, :lo12:L_sha3_aarch64_r
+#else
+	adrp x27, L_sha3_aarch64_r@PAGE
+	add  x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	ld4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	ld1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	ld4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	ld1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_blocksx3_neon_begin:
+	stp	x27, x28, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x5, x10
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x1, x6
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x3, x8
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x15
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x11
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x13
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x21
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x16
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x19
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x26
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x22
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x24
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x27, x2, x7
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x4, x9
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x27, x27, x12
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x14
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x27, x27, x17
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x20
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x27, x27, x23
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x25
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x27, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x27, x27, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x1, x1, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x6, x6, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x11, x11, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x16, x16, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x22, x22, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x3, x3, x27
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x8, x8, x27
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x13, x13, x27
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x19, x19, x27
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x24, x24, x27
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x27, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x27, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x27, x27, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x5, x5, x28
+	mov	v26.16b, v1.16b
+	eor	x10, x10, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x15, x15, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x21, x21, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x26, x26, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x2, x2, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x7, x7, x30
+	mov	v25.16b, v5.16b
+	eor	x12, x12, x30
+	mov	v26.16b, v6.16b
+	eor	x17, x17, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x23, x23, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x4, x4, x27
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x9, x9, x27
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x14, x14, x27
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x20, x20, x27
+	mov	v26.16b, v11.16b
+	eor	x25, x25, x27
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x2, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x2, x7, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x7, x10, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x10, x24, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x24, x15, #25
+	mov	v25.16b, v15.16b
+	ror	x15, x22, #46
+	mov	v26.16b, v16.16b
+	ror	x22, x3, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x3, x13, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x13, x14, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x14, x21, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x21, x25, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x25, x16, #23
+	mov	v25.16b, v20.16b
+	ror	x16, x5, #37
+	mov	v26.16b, v21.16b
+	ror	x5, x26, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x26, x23, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x23, x9, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x9, x17, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x17, x6, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x6, x4, #36
+	ror	x4, x20, #43
+	ror	x20, x19, #49
+	ror	x19, x12, #54
+	ror	x12, x8, #58
+	ror	x8, x11, #61
+	# Row Mix Base
+	bic	x11, x3, x2
+	bic	x27, x4, x3
+	bic	x28, x1, x5
+	bic	x30, x2, x1
+	eor	x1, x1, x11
+	eor	x2, x2, x27
+	bic	x11, x5, x4
+	eor	x4, x4, x28
+	eor	x3, x3, x11
+	eor	x5, x5, x30
+	bic	x11, x8, x7
+	bic	x27, x9, x8
+	bic	x28, x6, x10
+	bic	x30, x7, x6
+	eor	x6, x6, x11
+	eor	x7, x7, x27
+	bic	x11, x10, x9
+	eor	x9, x9, x28
+	eor	x8, x8, x11
+	eor	x10, x10, x30
+	bic	x11, x13, x12
+	bic	x27, x14, x13
+	bic	x28, x0, x15
+	bic	x30, x12, x0
+	eor	x11, x0, x11
+	eor	x12, x12, x27
+	bic	x0, x15, x14
+	eor	x14, x14, x28
+	eor	x13, x13, x0
+	eor	x15, x15, x30
+	bic	x0, x19, x17
+	bic	x27, x20, x19
+	bic	x28, x16, x21
+	bic	x30, x17, x16
+	eor	x16, x16, x0
+	eor	x17, x17, x27
+	bic	x0, x21, x20
+	eor	x20, x20, x28
+	eor	x19, x19, x0
+	eor	x21, x21, x30
+	bic	x0, x24, x23
+	bic	x27, x25, x24
+	bic	x28, x22, x26
+	bic	x30, x23, x22
+	eor	x22, x22, x0
+	eor	x23, x23, x27
+	bic	x0, x26, x25
+	eor	x25, x25, x28
+	eor	x24, x24, x0
+	eor	x26, x26, x30
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x1, x1, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_transform_blocksx3_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_sha3_blocksx3_neon,.-kyber_sha3_blocksx3_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake128_blocksx3_seed_neon
+.type	kyber_shake128_blocksx3_seed_neon,@function
+.align	2
+kyber_shake128_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake128_blocksx3_seed_neon
+.p2align	2
+_kyber_shake128_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	eor	v16.16b, v16.16b, v16.16b
+	eor	x19, x19, x19
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	movz	x23, #0x8000, lsl 48
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v20.2d, x23
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake128_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x6, x11
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x2, x7
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x4, x9
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x16
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x12
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x14
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x22
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x17
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x20
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x27
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x23
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x25
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x1, x3, x8
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x5, x10
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x1, x1, x13
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x15
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x1, x1, x19
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x21
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x1, x1, x24
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x26
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x1, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x1, x1, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x2, x2, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x7, x7, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x12, x12, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x17, x17, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x23, x23, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x4, x4, x1
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x9, x9, x1
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x14, x14, x1
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x20, x20, x1
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x25, x25, x1
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x1, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x1, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x1, x1, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x6, x6, x28
+	mov	v26.16b, v1.16b
+	eor	x11, x11, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x16, x16, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x22, x22, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x27, x27, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x3, x3, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x8, x8, x30
+	mov	v25.16b, v5.16b
+	eor	x13, x13, x30
+	mov	v26.16b, v6.16b
+	eor	x19, x19, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x24, x24, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x5, x5, x1
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x10, x10, x1
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x15, x15, x1
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x21, x21, x1
+	mov	v26.16b, v11.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x3, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x3, x8, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x8, x11, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x11, x25, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x25, x16, #25
+	mov	v25.16b, v15.16b
+	ror	x16, x23, #46
+	mov	v26.16b, v16.16b
+	ror	x23, x4, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x4, x14, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x14, x15, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x15, x22, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x22, x26, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x26, x17, #23
+	mov	v25.16b, v20.16b
+	ror	x17, x6, #37
+	mov	v26.16b, v21.16b
+	ror	x6, x27, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x27, x24, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x24, x10, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x10, x19, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x19, x7, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x7, x5, #36
+	ror	x5, x21, #43
+	ror	x21, x20, #49
+	ror	x20, x13, #54
+	ror	x13, x9, #58
+	ror	x9, x12, #61
+	# Row Mix Base
+	bic	x12, x4, x3
+	bic	x1, x5, x4
+	bic	x28, x2, x6
+	bic	x30, x3, x2
+	eor	x2, x2, x12
+	eor	x3, x3, x1
+	bic	x12, x6, x5
+	eor	x5, x5, x28
+	eor	x4, x4, x12
+	eor	x6, x6, x30
+	bic	x12, x9, x8
+	bic	x1, x10, x9
+	bic	x28, x7, x11
+	bic	x30, x8, x7
+	eor	x7, x7, x12
+	eor	x8, x8, x1
+	bic	x12, x11, x10
+	eor	x10, x10, x28
+	eor	x9, x9, x12
+	eor	x11, x11, x30
+	bic	x12, x14, x13
+	bic	x1, x15, x14
+	bic	x28, x0, x16
+	bic	x30, x13, x0
+	eor	x12, x0, x12
+	eor	x13, x13, x1
+	bic	x0, x16, x15
+	eor	x15, x15, x28
+	eor	x14, x14, x0
+	eor	x16, x16, x30
+	bic	x0, x20, x19
+	bic	x1, x21, x20
+	bic	x28, x17, x22
+	bic	x30, x19, x17
+	eor	x17, x17, x0
+	eor	x19, x19, x1
+	bic	x0, x22, x21
+	eor	x21, x21, x28
+	eor	x20, x20, x0
+	eor	x22, x22, x30
+	bic	x0, x25, x24
+	bic	x1, x26, x25
+	bic	x28, x23, x27
+	bic	x30, x24, x23
+	eor	x23, x23, x0
+	eor	x24, x24, x1
+	bic	x0, x27, x26
+	eor	x26, x26, x28
+	eor	x25, x25, x0
+	eor	x27, x27, x30
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake128_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake128_blocksx3_seed_neon,.-kyber_shake128_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake256_blocksx3_seed_neon
+.type	kyber_shake256_blocksx3_seed_neon,@function
+.align	2
+kyber_shake256_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake256_blocksx3_seed_neon
+.p2align	2
+_kyber_shake256_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	movz	x19, #0x8000, lsl 48
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	eor	v20.16b, v20.16b, v20.16b
+	eor	x23, x23, x23
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v16.2d, x19
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake256_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x6, x11
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x2, x7
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x4, x9
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x16
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x12
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x14
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x22
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x17
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x20
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x27
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x23
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x25
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x1, x3, x8
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x5, x10
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x1, x1, x13
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x15
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x1, x1, x19
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x21
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x1, x1, x24
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x26
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x1, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x1, x1, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x2, x2, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x7, x7, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x12, x12, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x17, x17, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x23, x23, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x4, x4, x1
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x9, x9, x1
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x14, x14, x1
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x20, x20, x1
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x25, x25, x1
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x1, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x1, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x1, x1, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x6, x6, x28
+	mov	v26.16b, v1.16b
+	eor	x11, x11, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x16, x16, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x22, x22, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x27, x27, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x3, x3, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x8, x8, x30
+	mov	v25.16b, v5.16b
+	eor	x13, x13, x30
+	mov	v26.16b, v6.16b
+	eor	x19, x19, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x24, x24, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x5, x5, x1
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x10, x10, x1
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x15, x15, x1
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x21, x21, x1
+	mov	v26.16b, v11.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x3, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x3, x8, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x8, x11, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x11, x25, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x25, x16, #25
+	mov	v25.16b, v15.16b
+	ror	x16, x23, #46
+	mov	v26.16b, v16.16b
+	ror	x23, x4, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x4, x14, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x14, x15, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x15, x22, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x22, x26, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x26, x17, #23
+	mov	v25.16b, v20.16b
+	ror	x17, x6, #37
+	mov	v26.16b, v21.16b
+	ror	x6, x27, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x27, x24, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x24, x10, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x10, x19, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x19, x7, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x7, x5, #36
+	ror	x5, x21, #43
+	ror	x21, x20, #49
+	ror	x20, x13, #54
+	ror	x13, x9, #58
+	ror	x9, x12, #61
+	# Row Mix Base
+	bic	x12, x4, x3
+	bic	x1, x5, x4
+	bic	x28, x2, x6
+	bic	x30, x3, x2
+	eor	x2, x2, x12
+	eor	x3, x3, x1
+	bic	x12, x6, x5
+	eor	x5, x5, x28
+	eor	x4, x4, x12
+	eor	x6, x6, x30
+	bic	x12, x9, x8
+	bic	x1, x10, x9
+	bic	x28, x7, x11
+	bic	x30, x8, x7
+	eor	x7, x7, x12
+	eor	x8, x8, x1
+	bic	x12, x11, x10
+	eor	x10, x10, x28
+	eor	x9, x9, x12
+	eor	x11, x11, x30
+	bic	x12, x14, x13
+	bic	x1, x15, x14
+	bic	x28, x0, x16
+	bic	x30, x13, x0
+	eor	x12, x0, x12
+	eor	x13, x13, x1
+	bic	x0, x16, x15
+	eor	x15, x15, x28
+	eor	x14, x14, x0
+	eor	x16, x16, x30
+	bic	x0, x20, x19
+	bic	x1, x21, x20
+	bic	x28, x17, x22
+	bic	x30, x19, x17
+	eor	x17, x17, x0
+	eor	x19, x19, x1
+	bic	x0, x22, x21
+	eor	x21, x21, x28
+	eor	x20, x20, x0
+	eor	x22, x22, x30
+	bic	x0, x25, x24
+	bic	x1, x26, x25
+	bic	x28, x23, x27
+	bic	x30, x24, x23
+	eor	x23, x23, x0
+	eor	x24, x24, x1
+	bic	x0, x27, x26
+	eor	x26, x26, x28
+	eor	x25, x25, x0
+	eor	x27, x27, x30
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake256_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake256_blocksx3_seed_neon,.-kyber_shake256_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#else
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_blocksx3_neon
+.type	kyber_sha3_blocksx3_neon,@function
+.align	2
+kyber_sha3_blocksx3_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_blocksx3_neon
+.p2align	2
+_kyber_sha3_blocksx3_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x27, L_sha3_aarch64_r
+	add  x27, x27, :lo12:L_sha3_aarch64_r
+#else
+	adrp x27, L_sha3_aarch64_r@PAGE
+	add  x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	ld4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	ld1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	ld4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	ld1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_blocksx3_neon_begin:
+	stp	x27, x28, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x5, x10
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x1, x6
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x3, x8
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x15
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x11
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x13
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x21
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x16
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x19
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x26
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x22
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x24
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x27, x2, x7
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x4, x9
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x27, x27, x12
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x14
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x27, x27, x17
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x20
+	ushr	v26.2d, v28.2d, #63
+	eor	x27, x27, x23
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x25
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x27, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x27, x27, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x1, x1, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x6, x6, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x11, x11, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x16, x16, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x22, x22, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x3, x3, x27
+	sli	v30.2d, v29.2d, #1
+	eor	x8, x8, x27
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x13, x13, x27
+	ushr	v30.2d, v31.2d, #63
+	eor	x19, x19, x27
+	sli	v30.2d, v31.2d, #1
+	eor	x24, x24, x27
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x27, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x27, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x27, x27, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x5, x5, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x10, x10, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x15, x15, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x21, x21, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x26, x26, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x2, x2, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x7, x7, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x12, x12, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x17, x17, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x23, x23, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x4, x4, x27
+	ushr	v14.2d, v20.2d, #46
+	eor	x9, x9, x27
+	sli	v22.2d, v31.2d, #39
+	eor	x14, x14, x27
+	sli	v14.2d, v20.2d, #18
+	eor	x20, x20, x27
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x25, x25, x27
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x2, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x2, x7, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x7, x10, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x10, x24, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x24, x15, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x15, x22, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x22, x3, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x3, x13, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x13, x14, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x14, x21, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x21, x25, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x25, x16, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x16, x5, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x5, x26, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x26, x23, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x23, x9, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x9, x17, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x17, x6, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x6, x4, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x4, x20, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x20, x19, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x19, x12, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x12, x8, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x8, x11, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x11, x3, x2
+	ushr	v24.2d, v31.2d, #62
+	bic	x27, x4, x3
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x1, x5
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x2, x1
+	sli	v21.2d, v8.2d, #55
+	eor	x1, x1, x11
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x2, x2, x27
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x11, x5, x4
+	ushr	v8.2d, v31.2d, #19
+	eor	x4, x4, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x3, x3, x11
+	sli	v8.2d, v31.2d, #45
+	eor	x5, x5, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x11, x8, x7
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x27, x9, x8
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x6, x10
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x7, x6
+	ushr	v3.2d, v18.2d, #43
+	eor	x6, x6, x11
+	sli	v5.2d, v31.2d, #28
+	eor	x7, x7, x27
+	sli	v3.2d, v18.2d, #21
+	bic	x11, x10, x9
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x9, x9, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x8, x8, x11
+	ushr	v18.2d, v31.2d, #49
+	eor	x10, x10, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x11, x13, x12
+	sli	v18.2d, v31.2d, #15
+	bic	x27, x14, x13
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x15
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x12, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x11, x0, x11
+	ushr	v11.2d, v31.2d, #58
+	eor	x12, x12, x27
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x15, x14
+	sli	v11.2d, v31.2d, #6
+	eor	x14, x14, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x13, x13, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x15, x15, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x19, x17
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x27, x20, x19
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x16, x21
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x17, x16
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x16, x16, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x17, x17, x27
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x21, x20
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x20, x20, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x19, x19, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x21, x21, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x24, x23
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x27, x25, x24
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x22, x26
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x23, x22
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x22, x22, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x23, x23, x27
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x26, x25
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x25, x25, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x24, x24, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x26, x26, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x1, x1, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_transform_blocksx3_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_sha3_blocksx3_neon,.-kyber_sha3_blocksx3_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake128_blocksx3_seed_neon
+.type	kyber_shake128_blocksx3_seed_neon,@function
+.align	2
+kyber_shake128_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake128_blocksx3_seed_neon
+.p2align	2
+_kyber_shake128_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	eor	v16.16b, v16.16b, v16.16b
+	eor	x19, x19, x19
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	movz	x23, #0x8000, lsl 48
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v20.2d, x23
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake128_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x6, x11
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x2, x7
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x4, x9
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x16
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x12
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x14
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x22
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x17
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x20
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x27
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x23
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x25
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x1, x3, x8
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x5, x10
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x1, x1, x13
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x15
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x1, x1, x19
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x21
+	ushr	v26.2d, v28.2d, #63
+	eor	x1, x1, x24
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x26
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x1, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x1, x1, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x2, x2, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x7, x7, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x12, x12, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x17, x17, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x23, x23, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x4, x4, x1
+	sli	v30.2d, v29.2d, #1
+	eor	x9, x9, x1
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x14, x14, x1
+	ushr	v30.2d, v31.2d, #63
+	eor	x20, x20, x1
+	sli	v30.2d, v31.2d, #1
+	eor	x25, x25, x1
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x1, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x1, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x1, x1, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x6, x6, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x11, x11, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x16, x16, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x22, x22, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x27, x27, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x3, x3, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x8, x8, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x13, x13, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x19, x19, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x24, x24, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x5, x5, x1
+	ushr	v14.2d, v20.2d, #46
+	eor	x10, x10, x1
+	sli	v22.2d, v31.2d, #39
+	eor	x15, x15, x1
+	sli	v14.2d, v20.2d, #18
+	eor	x21, x21, x1
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x3, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x3, x8, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x8, x11, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x11, x25, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x25, x16, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x16, x23, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x23, x4, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x4, x14, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x14, x15, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x15, x22, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x22, x26, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x26, x17, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x17, x6, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x6, x27, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x27, x24, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x24, x10, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x10, x19, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x19, x7, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x7, x5, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x5, x21, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x21, x20, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x20, x13, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x13, x9, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x9, x12, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x12, x4, x3
+	ushr	v24.2d, v31.2d, #62
+	bic	x1, x5, x4
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x2, x6
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x3, x2
+	sli	v21.2d, v8.2d, #55
+	eor	x2, x2, x12
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x3, x3, x1
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x12, x6, x5
+	ushr	v8.2d, v31.2d, #19
+	eor	x5, x5, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x4, x4, x12
+	sli	v8.2d, v31.2d, #45
+	eor	x6, x6, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x12, x9, x8
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x1, x10, x9
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x7, x11
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x8, x7
+	ushr	v3.2d, v18.2d, #43
+	eor	x7, x7, x12
+	sli	v5.2d, v31.2d, #28
+	eor	x8, x8, x1
+	sli	v3.2d, v18.2d, #21
+	bic	x12, x11, x10
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x10, x10, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x9, x9, x12
+	ushr	v18.2d, v31.2d, #49
+	eor	x11, x11, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x12, x14, x13
+	sli	v18.2d, v31.2d, #15
+	bic	x1, x15, x14
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x16
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x13, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x12, x0, x12
+	ushr	v11.2d, v31.2d, #58
+	eor	x13, x13, x1
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x16, x15
+	sli	v11.2d, v31.2d, #6
+	eor	x15, x15, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x14, x14, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x16, x16, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x20, x19
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x1, x21, x20
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x17, x22
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x19, x17
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x17, x17, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x19, x19, x1
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x22, x21
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x21, x21, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x20, x20, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x22, x22, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x25, x24
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x1, x26, x25
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x23, x27
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x24, x23
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x23, x23, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x24, x24, x1
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x27, x26
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x26, x26, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x25, x25, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x27, x27, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake128_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake128_blocksx3_seed_neon,.-kyber_shake128_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_shake256_blocksx3_seed_neon
+.type	kyber_shake256_blocksx3_seed_neon,@function
+.align	2
+kyber_shake256_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_kyber_shake256_blocksx3_seed_neon
+.p2align	2
+_kyber_shake256_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	movz	x19, #0x8000, lsl 48
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	eor	v20.16b, v20.16b, v20.16b
+	eor	x23, x23, x23
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v16.2d, x19
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake256_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x6, x11
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x2, x7
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x4, x9
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x16
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x12
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x14
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x22
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x17
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x20
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x27
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x23
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x25
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x1, x3, x8
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x5, x10
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x1, x1, x13
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x15
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x1, x1, x19
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x21
+	ushr	v26.2d, v28.2d, #63
+	eor	x1, x1, x24
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x26
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x1, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x1, x1, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x2, x2, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x7, x7, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x12, x12, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x17, x17, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x23, x23, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x4, x4, x1
+	sli	v30.2d, v29.2d, #1
+	eor	x9, x9, x1
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x14, x14, x1
+	ushr	v30.2d, v31.2d, #63
+	eor	x20, x20, x1
+	sli	v30.2d, v31.2d, #1
+	eor	x25, x25, x1
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x1, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x1, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x1, x1, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x6, x6, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x11, x11, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x16, x16, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x22, x22, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x27, x27, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x3, x3, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x8, x8, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x13, x13, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x19, x19, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x24, x24, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x5, x5, x1
+	ushr	v14.2d, v20.2d, #46
+	eor	x10, x10, x1
+	sli	v22.2d, v31.2d, #39
+	eor	x15, x15, x1
+	sli	v14.2d, v20.2d, #18
+	eor	x21, x21, x1
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x3, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x3, x8, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x8, x11, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x11, x25, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x25, x16, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x16, x23, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x23, x4, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x4, x14, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x14, x15, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x15, x22, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x22, x26, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x26, x17, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x17, x6, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x6, x27, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x27, x24, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x24, x10, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x10, x19, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x19, x7, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x7, x5, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x5, x21, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x21, x20, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x20, x13, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x13, x9, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x9, x12, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x12, x4, x3
+	ushr	v24.2d, v31.2d, #62
+	bic	x1, x5, x4
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x2, x6
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x3, x2
+	sli	v21.2d, v8.2d, #55
+	eor	x2, x2, x12
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x3, x3, x1
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x12, x6, x5
+	ushr	v8.2d, v31.2d, #19
+	eor	x5, x5, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x4, x4, x12
+	sli	v8.2d, v31.2d, #45
+	eor	x6, x6, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x12, x9, x8
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x1, x10, x9
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x7, x11
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x8, x7
+	ushr	v3.2d, v18.2d, #43
+	eor	x7, x7, x12
+	sli	v5.2d, v31.2d, #28
+	eor	x8, x8, x1
+	sli	v3.2d, v18.2d, #21
+	bic	x12, x11, x10
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x10, x10, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x9, x9, x12
+	ushr	v18.2d, v31.2d, #49
+	eor	x11, x11, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x12, x14, x13
+	sli	v18.2d, v31.2d, #15
+	bic	x1, x15, x14
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x16
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x13, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x12, x0, x12
+	ushr	v11.2d, v31.2d, #58
+	eor	x13, x13, x1
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x16, x15
+	sli	v11.2d, v31.2d, #6
+	eor	x15, x15, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x14, x14, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x16, x16, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x20, x19
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x1, x21, x20
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x17, x22
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x19, x17
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x17, x17, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x19, x19, x1
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x22, x21
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x21, x21, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x20, x20, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x22, x22, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x25, x24
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x1, x26, x25
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x23, x27
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x24, x23
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x23, x23, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x24, x24, x1
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x27, x26
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x26, x26, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x25, x25, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x27, x27, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake256_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	kyber_shake256_blocksx3_seed_neon,.-kyber_shake256_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c
new file mode 100644
index 000000000..bc184370c
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-kyber-asm_c.c
@@ -0,0 +1,11416 @@
+/* armv8-kyber-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-kyber-asm.c
+ */
+#ifdef WOLFSSL_ARMASM
+#ifdef __aarch64__
+#ifdef WOLFSSL_ARMASM_INLINE
+static const word16 L_kyber_aarch64_q[] = {
+    0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01,
+};
+
+static const word16 L_kyber_aarch64_consts[] = {
+    0x0d01, 0xf301, 0x4ebf, 0x0549, 0x5049, 0x0000, 0x0000, 0x0000,
+};
+
+static const word64 L_sha3_aarch64_r[] = {
+    0x0000000000000001, 0x0000000000008082,
+    0x800000000000808a, 0x8000000080008000,
+    0x000000000000808b, 0x0000000080000001,
+    0x8000000080008081, 0x8000000000008009,
+    0x000000000000008a, 0x0000000000000088,
+    0x0000000080008009, 0x000000008000000a,
+    0x000000008000808b, 0x800000000000008b,
+    0x8000000000008089, 0x8000000000008003,
+    0x8000000000008002, 0x8000000000000080,
+    0x000000000000800a, 0x800000008000000a,
+    0x8000000080008081, 0x8000000000008080,
+    0x0000000080000001, 0x8000000080008008,
+};
+
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+
+#ifdef WOLFSSL_WC_KYBER
+static const word16 L_kyber_aarch64_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x04c7, 0x04c7, 0x04c7, 0x028c, 0x028c, 0x028c, 0x028c,
+    0x0ad9, 0x0ad9, 0x0ad9, 0x0ad9, 0x03f7, 0x03f7, 0x03f7, 0x03f7,
+    0x07f4, 0x07f4, 0x07f4, 0x07f4, 0x05d3, 0x05d3, 0x05d3, 0x05d3,
+    0x0be7, 0x0be7, 0x0be7, 0x0be7, 0x06f9, 0x06f9, 0x06f9, 0x06f9,
+    0x0204, 0x0204, 0x0204, 0x0204, 0x0cf9, 0x0cf9, 0x0cf9, 0x0cf9,
+    0x0bc1, 0x0bc1, 0x0bc1, 0x0bc1, 0x0a67, 0x0a67, 0x0a67, 0x0a67,
+    0x06af, 0x06af, 0x06af, 0x06af, 0x0877, 0x0877, 0x0877, 0x0877,
+    0x007e, 0x007e, 0x007e, 0x007e, 0x05bd, 0x05bd, 0x05bd, 0x05bd,
+    0x09ac, 0x09ac, 0x09ac, 0x09ac, 0x0ca7, 0x0ca7, 0x0ca7, 0x0ca7,
+    0x0bf2, 0x0bf2, 0x0bf2, 0x0bf2, 0x033e, 0x033e, 0x033e, 0x033e,
+    0x006b, 0x006b, 0x006b, 0x006b, 0x0774, 0x0774, 0x0774, 0x0774,
+    0x0c0a, 0x0c0a, 0x0c0a, 0x0c0a, 0x094a, 0x094a, 0x094a, 0x094a,
+    0x0b73, 0x0b73, 0x0b73, 0x0b73, 0x03c1, 0x03c1, 0x03c1, 0x03c1,
+    0x071d, 0x071d, 0x071d, 0x071d, 0x0a2c, 0x0a2c, 0x0a2c, 0x0a2c,
+    0x01c0, 0x01c0, 0x01c0, 0x01c0, 0x08d8, 0x08d8, 0x08d8, 0x08d8,
+    0x02a5, 0x02a5, 0x02a5, 0x02a5, 0x0806, 0x0806, 0x0806, 0x0806,
+    0x08b2, 0x08b2, 0x01ae, 0x01ae, 0x022b, 0x022b, 0x034b, 0x034b,
+    0x081e, 0x081e, 0x0367, 0x0367, 0x060e, 0x060e, 0x0069, 0x0069,
+    0x01a6, 0x01a6, 0x024b, 0x024b, 0x00b1, 0x00b1, 0x0c16, 0x0c16,
+    0x0bde, 0x0bde, 0x0b35, 0x0b35, 0x0626, 0x0626, 0x0675, 0x0675,
+    0x0c0b, 0x0c0b, 0x030a, 0x030a, 0x0487, 0x0487, 0x0c6e, 0x0c6e,
+    0x09f8, 0x09f8, 0x05cb, 0x05cb, 0x0aa7, 0x0aa7, 0x045f, 0x045f,
+    0x06cb, 0x06cb, 0x0284, 0x0284, 0x0999, 0x0999, 0x015d, 0x015d,
+    0x01a2, 0x01a2, 0x0149, 0x0149, 0x0c65, 0x0c65, 0x0cb6, 0x0cb6,
+    0x0331, 0x0331, 0x0449, 0x0449, 0x025b, 0x025b, 0x0262, 0x0262,
+    0x052a, 0x052a, 0x07fc, 0x07fc, 0x0748, 0x0748, 0x0180, 0x0180,
+    0x0842, 0x0842, 0x0c79, 0x0c79, 0x04c2, 0x04c2, 0x07ca, 0x07ca,
+    0x0997, 0x0997, 0x00dc, 0x00dc, 0x085e, 0x085e, 0x0686, 0x0686,
+    0x0860, 0x0860, 0x0707, 0x0707, 0x0803, 0x0803, 0x031a, 0x031a,
+    0x071b, 0x071b, 0x09ab, 0x09ab, 0x099b, 0x099b, 0x01de, 0x01de,
+    0x0c95, 0x0c95, 0x0bcd, 0x0bcd, 0x03e4, 0x03e4, 0x03df, 0x03df,
+    0x03be, 0x03be, 0x074d, 0x074d, 0x05f2, 0x05f2, 0x065c, 0x065c,
+};
+
+static const word16 L_kyber_aarch64_zetas_qinv[] = {
+    0xffed, 0x7b0b, 0x399a, 0x0314, 0x34d5, 0xcf8e, 0x6e1f, 0xbeca,
+    0xae56, 0x6c6e, 0xf129, 0xc2b6, 0x29c2, 0x054f, 0xd43f, 0x79bc,
+    0xe93d, 0x43d4, 0x9908, 0x8e7f, 0x15c4, 0xfbb2, 0x53bf, 0x997f,
+    0x9258, 0x5ef9, 0xd6dc, 0x2260, 0x47fb, 0x229b, 0x6834, 0xc0de,
+    0xe9c7, 0xe9c7, 0xe9c7, 0xe9c7, 0xe68c, 0xe68c, 0xe68c, 0xe68c,
+    0x05d9, 0x05d9, 0x05d9, 0x05d9, 0x78f7, 0x78f7, 0x78f7, 0x78f7,
+    0xa3f4, 0xa3f4, 0xa3f4, 0xa3f4, 0x4ed3, 0x4ed3, 0x4ed3, 0x4ed3,
+    0x50e7, 0x50e7, 0x50e7, 0x50e7, 0x61f9, 0x61f9, 0x61f9, 0x61f9,
+    0xce04, 0xce04, 0xce04, 0xce04, 0x67f9, 0x67f9, 0x67f9, 0x67f9,
+    0x3ec1, 0x3ec1, 0x3ec1, 0x3ec1, 0xcf67, 0xcf67, 0xcf67, 0xcf67,
+    0x23af, 0x23af, 0x23af, 0x23af, 0xfd77, 0xfd77, 0xfd77, 0xfd77,
+    0x9a7e, 0x9a7e, 0x9a7e, 0x9a7e, 0x6cbd, 0x6cbd, 0x6cbd, 0x6cbd,
+    0x4dac, 0x4dac, 0x4dac, 0x4dac, 0x91a7, 0x91a7, 0x91a7, 0x91a7,
+    0xc1f2, 0xc1f2, 0xc1f2, 0xc1f2, 0xdd3e, 0xdd3e, 0xdd3e, 0xdd3e,
+    0x916b, 0x916b, 0x916b, 0x916b, 0x2374, 0x2374, 0x2374, 0x2374,
+    0x8a0a, 0x8a0a, 0x8a0a, 0x8a0a, 0x474a, 0x474a, 0x474a, 0x474a,
+    0x3473, 0x3473, 0x3473, 0x3473, 0x36c1, 0x36c1, 0x36c1, 0x36c1,
+    0x8e1d, 0x8e1d, 0x8e1d, 0x8e1d, 0xce2c, 0xce2c, 0xce2c, 0xce2c,
+    0x41c0, 0x41c0, 0x41c0, 0x41c0, 0x10d8, 0x10d8, 0x10d8, 0x10d8,
+    0xa1a5, 0xa1a5, 0xa1a5, 0xa1a5, 0xba06, 0xba06, 0xba06, 0xba06,
+    0xfeb2, 0xfeb2, 0x2bae, 0x2bae, 0xd32b, 0xd32b, 0x344b, 0x344b,
+    0x821e, 0x821e, 0xc867, 0xc867, 0x500e, 0x500e, 0xab69, 0xab69,
+    0x93a6, 0x93a6, 0x334b, 0x334b, 0x03b1, 0x03b1, 0xee16, 0xee16,
+    0xc5de, 0xc5de, 0x5a35, 0x5a35, 0x1826, 0x1826, 0x1575, 0x1575,
+    0x7d0b, 0x7d0b, 0x810a, 0x810a, 0x2987, 0x2987, 0x766e, 0x766e,
+    0x71f8, 0x71f8, 0xb6cb, 0xb6cb, 0x8fa7, 0x8fa7, 0x315f, 0x315f,
+    0xb7cb, 0xb7cb, 0x4e84, 0x4e84, 0x4499, 0x4499, 0x485d, 0x485d,
+    0xc7a2, 0xc7a2, 0x4c49, 0x4c49, 0xeb65, 0xeb65, 0xceb6, 0xceb6,
+    0x8631, 0x8631, 0x4f49, 0x4f49, 0x635b, 0x635b, 0x0862, 0x0862,
+    0xe32a, 0xe32a, 0x3bfc, 0x3bfc, 0x5f48, 0x5f48, 0x8180, 0x8180,
+    0xae42, 0xae42, 0xe779, 0xe779, 0x2ac2, 0x2ac2, 0xc5ca, 0xc5ca,
+    0x5e97, 0x5e97, 0xd4dc, 0xd4dc, 0x425e, 0x425e, 0x3886, 0x3886,
+    0x2860, 0x2860, 0xac07, 0xac07, 0xe103, 0xe103, 0xb11a, 0xb11a,
+    0xa81b, 0xa81b, 0x5aab, 0x5aab, 0x2a9b, 0x2a9b, 0xbbde, 0xbbde,
+    0x7b95, 0x7b95, 0xa2cd, 0xa2cd, 0x6fe4, 0x6fe4, 0xb0df, 0xb0df,
+    0x5dbe, 0x5dbe, 0x1e4d, 0x1e4d, 0xbbf2, 0xbbf2, 0x5a5c, 0x5a5c,
+};
+
+void kyber_ntt(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_zetas]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_zetas]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_zetas]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_zetas]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_qinv]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q4, [x4]\n\t"
+        "ldr	q5, [%x[r]]\n\t"
+        "ldr	q6, [%x[r], #32]\n\t"
+        "ldr	q7, [%x[r], #64]\n\t"
+        "ldr	q8, [%x[r], #96]\n\t"
+        "ldr	q9, [%x[r], #128]\n\t"
+        "ldr	q10, [%x[r], #160]\n\t"
+        "ldr	q11, [%x[r], #192]\n\t"
+        "ldr	q12, [%x[r], #224]\n\t"
+        "ldr	q13, [x1]\n\t"
+        "ldr	q14, [x1, #32]\n\t"
+        "ldr	q15, [x1, #64]\n\t"
+        "ldr	q16, [x1, #96]\n\t"
+        "ldr	q17, [x1, #128]\n\t"
+        "ldr	q18, [x1, #160]\n\t"
+        "ldr	q19, [x1, #192]\n\t"
+        "ldr	q20, [x1, #224]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r]]\n\t"
+        "str	q6, [%x[r], #32]\n\t"
+        "str	q7, [%x[r], #64]\n\t"
+        "str	q8, [%x[r], #96]\n\t"
+        "str	q9, [%x[r], #128]\n\t"
+        "str	q10, [%x[r], #160]\n\t"
+        "str	q11, [%x[r], #192]\n\t"
+        "str	q12, [%x[r], #224]\n\t"
+        "str	q13, [x1]\n\t"
+        "str	q14, [x1, #32]\n\t"
+        "str	q15, [x1, #64]\n\t"
+        "str	q16, [x1, #96]\n\t"
+        "str	q17, [x1, #128]\n\t"
+        "str	q18, [x1, #160]\n\t"
+        "str	q19, [x1, #192]\n\t"
+        "str	q20, [x1, #224]\n\t"
+        "ldr	q5, [%x[r], #16]\n\t"
+        "ldr	q6, [%x[r], #48]\n\t"
+        "ldr	q7, [%x[r], #80]\n\t"
+        "ldr	q8, [%x[r], #112]\n\t"
+        "ldr	q9, [%x[r], #144]\n\t"
+        "ldr	q10, [%x[r], #176]\n\t"
+        "ldr	q11, [%x[r], #208]\n\t"
+        "ldr	q12, [%x[r], #240]\n\t"
+        "ldr	q13, [x1, #16]\n\t"
+        "ldr	q14, [x1, #48]\n\t"
+        "ldr	q15, [x1, #80]\n\t"
+        "ldr	q16, [x1, #112]\n\t"
+        "ldr	q17, [x1, #144]\n\t"
+        "ldr	q18, [x1, #176]\n\t"
+        "ldr	q19, [x1, #208]\n\t"
+        "ldr	q20, [x1, #240]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r], #16]\n\t"
+        "str	q6, [%x[r], #48]\n\t"
+        "str	q7, [%x[r], #80]\n\t"
+        "str	q8, [%x[r], #112]\n\t"
+        "str	q9, [%x[r], #144]\n\t"
+        "str	q10, [%x[r], #176]\n\t"
+        "str	q11, [%x[r], #208]\n\t"
+        "str	q12, [%x[r], #240]\n\t"
+        "str	q13, [x1, #16]\n\t"
+        "str	q14, [x1, #48]\n\t"
+        "str	q15, [x1, #80]\n\t"
+        "str	q16, [x1, #112]\n\t"
+        "str	q17, [x1, #144]\n\t"
+        "str	q18, [x1, #176]\n\t"
+        "str	q19, [x1, #208]\n\t"
+        "str	q20, [x1, #240]\n\t"
+        "ldp	q5, q6, [%x[r]]\n\t"
+        "ldp	q7, q8, [%x[r], #32]\n\t"
+        "ldp	q9, q10, [%x[r], #64]\n\t"
+        "ldp	q11, q12, [%x[r], #96]\n\t"
+        "ldp	q13, q14, [%x[r], #128]\n\t"
+        "ldp	q15, q16, [%x[r], #160]\n\t"
+        "ldp	q17, q18, [%x[r], #192]\n\t"
+        "ldp	q19, q20, [%x[r], #224]\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x3, #32]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q2, [x2, #80]\n\t"
+        "ldr	q1, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q2, [x2, #112]\n\t"
+        "ldr	q1, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q2, [x2, #144]\n\t"
+        "ldr	q1, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q2, [x2, #176]\n\t"
+        "ldr	q1, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q2, [x2, #336]\n\t"
+        "ldr	q1, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q2, [x2, #368]\n\t"
+        "ldr	q1, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q2, [x2, #400]\n\t"
+        "ldr	q1, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q2, [x2, #432]\n\t"
+        "ldr	q1, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [%x[r]]\n\t"
+        "stp	q7, q8, [%x[r], #32]\n\t"
+        "stp	q9, q10, [%x[r], #64]\n\t"
+        "stp	q11, q12, [%x[r], #96]\n\t"
+        "stp	q13, q14, [%x[r], #128]\n\t"
+        "stp	q15, q16, [%x[r], #160]\n\t"
+        "stp	q17, q18, [%x[r], #192]\n\t"
+        "stp	q19, q20, [%x[r], #224]\n\t"
+        "ldp	q5, q6, [x1]\n\t"
+        "ldp	q7, q8, [x1, #32]\n\t"
+        "ldp	q9, q10, [x1, #64]\n\t"
+        "ldp	q11, q12, [x1, #96]\n\t"
+        "ldp	q13, q14, [x1, #128]\n\t"
+        "ldp	q15, q16, [x1, #160]\n\t"
+        "ldp	q17, q18, [x1, #192]\n\t"
+        "ldp	q19, q20, [x1, #224]\n\t"
+        "ldr	q0, [x2, #48]\n\t"
+        "ldr	q1, [x3, #48]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q2, [x2, #208]\n\t"
+        "ldr	q1, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q2, [x2, #240]\n\t"
+        "ldr	q1, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q2, [x2, #272]\n\t"
+        "ldr	q1, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q2, [x2, #304]\n\t"
+        "ldr	q1, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q2, [x2, #464]\n\t"
+        "ldr	q1, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q2, [x2, #496]\n\t"
+        "ldr	q1, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x2, #528]\n\t"
+        "ldr	q1, [x3, #512]\n\t"
+        "ldr	q3, [x3, #528]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #544]\n\t"
+        "ldr	q2, [x2, #560]\n\t"
+        "ldr	q1, [x3, #544]\n\t"
+        "ldr	q3, [x3, #560]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [x1]\n\t"
+        "stp	q7, q8, [x1, #32]\n\t"
+        "stp	q9, q10, [x1, #64]\n\t"
+        "stp	q11, q12, [x1, #96]\n\t"
+        "stp	q13, q14, [x1, #128]\n\t"
+        "stp	q15, q16, [x1, #160]\n\t"
+        "stp	q17, q18, [x1, #192]\n\t"
+        "stp	q19, q20, [x1, #224]\n\t"
+        : [r] "+r" (r)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv)
+        : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "cc"
+    );
+}
+
+static const word16 L_kyber_aarch64_zetas_inv[] = {
+    0x06a5, 0x06a5, 0x070f, 0x070f, 0x05b4, 0x05b4, 0x0943, 0x0943,
+    0x0922, 0x0922, 0x091d, 0x091d, 0x0134, 0x0134, 0x006c, 0x006c,
+    0x0b23, 0x0b23, 0x0366, 0x0366, 0x0356, 0x0356, 0x05e6, 0x05e6,
+    0x09e7, 0x09e7, 0x04fe, 0x04fe, 0x05fa, 0x05fa, 0x04a1, 0x04a1,
+    0x067b, 0x067b, 0x04a3, 0x04a3, 0x0c25, 0x0c25, 0x036a, 0x036a,
+    0x0537, 0x0537, 0x083f, 0x083f, 0x0088, 0x0088, 0x04bf, 0x04bf,
+    0x0b81, 0x0b81, 0x05b9, 0x05b9, 0x0505, 0x0505, 0x07d7, 0x07d7,
+    0x0a9f, 0x0a9f, 0x0aa6, 0x0aa6, 0x08b8, 0x08b8, 0x09d0, 0x09d0,
+    0x004b, 0x004b, 0x009c, 0x009c, 0x0bb8, 0x0bb8, 0x0b5f, 0x0b5f,
+    0x0ba4, 0x0ba4, 0x0368, 0x0368, 0x0a7d, 0x0a7d, 0x0636, 0x0636,
+    0x08a2, 0x08a2, 0x025a, 0x025a, 0x0736, 0x0736, 0x0309, 0x0309,
+    0x0093, 0x0093, 0x087a, 0x087a, 0x09f7, 0x09f7, 0x00f6, 0x00f6,
+    0x068c, 0x068c, 0x06db, 0x06db, 0x01cc, 0x01cc, 0x0123, 0x0123,
+    0x00eb, 0x00eb, 0x0c50, 0x0c50, 0x0ab6, 0x0ab6, 0x0b5b, 0x0b5b,
+    0x0c98, 0x0c98, 0x06f3, 0x06f3, 0x099a, 0x099a, 0x04e3, 0x04e3,
+    0x09b6, 0x09b6, 0x0ad6, 0x0ad6, 0x0b53, 0x0b53, 0x044f, 0x044f,
+    0x04fb, 0x04fb, 0x04fb, 0x04fb, 0x0a5c, 0x0a5c, 0x0a5c, 0x0a5c,
+    0x0429, 0x0429, 0x0429, 0x0429, 0x0b41, 0x0b41, 0x0b41, 0x0b41,
+    0x02d5, 0x02d5, 0x02d5, 0x02d5, 0x05e4, 0x05e4, 0x05e4, 0x05e4,
+    0x0940, 0x0940, 0x0940, 0x0940, 0x018e, 0x018e, 0x018e, 0x018e,
+    0x03b7, 0x03b7, 0x03b7, 0x03b7, 0x00f7, 0x00f7, 0x00f7, 0x00f7,
+    0x058d, 0x058d, 0x058d, 0x058d, 0x0c96, 0x0c96, 0x0c96, 0x0c96,
+    0x09c3, 0x09c3, 0x09c3, 0x09c3, 0x010f, 0x010f, 0x010f, 0x010f,
+    0x005a, 0x005a, 0x005a, 0x005a, 0x0355, 0x0355, 0x0355, 0x0355,
+    0x0744, 0x0744, 0x0744, 0x0744, 0x0c83, 0x0c83, 0x0c83, 0x0c83,
+    0x048a, 0x048a, 0x048a, 0x048a, 0x0652, 0x0652, 0x0652, 0x0652,
+    0x029a, 0x029a, 0x029a, 0x029a, 0x0140, 0x0140, 0x0140, 0x0140,
+    0x0008, 0x0008, 0x0008, 0x0008, 0x0afd, 0x0afd, 0x0afd, 0x0afd,
+    0x0608, 0x0608, 0x0608, 0x0608, 0x011a, 0x011a, 0x011a, 0x011a,
+    0x072e, 0x072e, 0x072e, 0x072e, 0x050d, 0x050d, 0x050d, 0x050d,
+    0x090a, 0x090a, 0x090a, 0x090a, 0x0228, 0x0228, 0x0228, 0x0228,
+    0x0a75, 0x0a75, 0x0a75, 0x0a75, 0x083a, 0x083a, 0x083a, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+static const word16 L_kyber_aarch64_zetas_inv_qinv[] = {
+    0xa5a5, 0xa5a5, 0x440f, 0x440f, 0xe1b4, 0xe1b4, 0xa243, 0xa243,
+    0x4f22, 0x4f22, 0x901d, 0x901d, 0x5d34, 0x5d34, 0x846c, 0x846c,
+    0x4423, 0x4423, 0xd566, 0xd566, 0xa556, 0xa556, 0x57e6, 0x57e6,
+    0x4ee7, 0x4ee7, 0x1efe, 0x1efe, 0x53fa, 0x53fa, 0xd7a1, 0xd7a1,
+    0xc77b, 0xc77b, 0xbda3, 0xbda3, 0x2b25, 0x2b25, 0xa16a, 0xa16a,
+    0x3a37, 0x3a37, 0xd53f, 0xd53f, 0x1888, 0x1888, 0x51bf, 0x51bf,
+    0x7e81, 0x7e81, 0xa0b9, 0xa0b9, 0xc405, 0xc405, 0x1cd7, 0x1cd7,
+    0xf79f, 0xf79f, 0x9ca6, 0x9ca6, 0xb0b8, 0xb0b8, 0x79d0, 0x79d0,
+    0x314b, 0x314b, 0x149c, 0x149c, 0xb3b8, 0xb3b8, 0x385f, 0x385f,
+    0xb7a4, 0xb7a4, 0xbb68, 0xbb68, 0xb17d, 0xb17d, 0x4836, 0x4836,
+    0xcea2, 0xcea2, 0x705a, 0x705a, 0x4936, 0x4936, 0x8e09, 0x8e09,
+    0x8993, 0x8993, 0xd67a, 0xd67a, 0x7ef7, 0x7ef7, 0x82f6, 0x82f6,
+    0xea8c, 0xea8c, 0xe7db, 0xe7db, 0xa5cc, 0xa5cc, 0x3a23, 0x3a23,
+    0x11eb, 0x11eb, 0xfc50, 0xfc50, 0xccb6, 0xccb6, 0x6c5b, 0x6c5b,
+    0x5498, 0x5498, 0xaff3, 0xaff3, 0x379a, 0x379a, 0x7de3, 0x7de3,
+    0xcbb6, 0xcbb6, 0x2cd6, 0x2cd6, 0xd453, 0xd453, 0x014f, 0x014f,
+    0x45fb, 0x45fb, 0x45fb, 0x45fb, 0x5e5c, 0x5e5c, 0x5e5c, 0x5e5c,
+    0xef29, 0xef29, 0xef29, 0xef29, 0xbe41, 0xbe41, 0xbe41, 0xbe41,
+    0x31d5, 0x31d5, 0x31d5, 0x31d5, 0x71e4, 0x71e4, 0x71e4, 0x71e4,
+    0xc940, 0xc940, 0xc940, 0xc940, 0xcb8e, 0xcb8e, 0xcb8e, 0xcb8e,
+    0xb8b7, 0xb8b7, 0xb8b7, 0xb8b7, 0x75f7, 0x75f7, 0x75f7, 0x75f7,
+    0xdc8d, 0xdc8d, 0xdc8d, 0xdc8d, 0x6e96, 0x6e96, 0x6e96, 0x6e96,
+    0x22c3, 0x22c3, 0x22c3, 0x22c3, 0x3e0f, 0x3e0f, 0x3e0f, 0x3e0f,
+    0x6e5a, 0x6e5a, 0x6e5a, 0x6e5a, 0xb255, 0xb255, 0xb255, 0xb255,
+    0x9344, 0x9344, 0x9344, 0x9344, 0x6583, 0x6583, 0x6583, 0x6583,
+    0x028a, 0x028a, 0x028a, 0x028a, 0xdc52, 0xdc52, 0xdc52, 0xdc52,
+    0x309a, 0x309a, 0x309a, 0x309a, 0xc140, 0xc140, 0xc140, 0xc140,
+    0x9808, 0x9808, 0x9808, 0x9808, 0x31fd, 0x31fd, 0x31fd, 0x31fd,
+    0x9e08, 0x9e08, 0x9e08, 0x9e08, 0xaf1a, 0xaf1a, 0xaf1a, 0xaf1a,
+    0xb12e, 0xb12e, 0xb12e, 0xb12e, 0x5c0d, 0x5c0d, 0x5c0d, 0x5c0d,
+    0x870a, 0x870a, 0x870a, 0x870a, 0xfa28, 0xfa28, 0xfa28, 0xfa28,
+    0x1975, 0x1975, 0x1975, 0x1975, 0x163a, 0x163a, 0x163a, 0x163a,
+    0x3f23, 0x97cd, 0xdd66, 0xb806, 0xdda1, 0x2925, 0xa108, 0x6da9,
+    0x6682, 0xac42, 0x044f, 0xea3d, 0x7182, 0x66f9, 0xbc2d, 0x16c4,
+    0x8645, 0x2bc2, 0xfab2, 0xd63f, 0x3d4b, 0x0ed8, 0x9393, 0x51ab,
+    0x4137, 0x91e2, 0x3073, 0xcb2c, 0xfced, 0xc667, 0x84f6, 0xd8a1,
+};
+
+void kyber_invntt(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_zetas_inv]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_zetas_inv]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_zetas_inv]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_zetas_inv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_inv_qinv]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q8, [x4]\n\t"
+        "ldp	q9, q10, [%x[r]]\n\t"
+        "ldp	q11, q12, [%x[r], #32]\n\t"
+        "ldp	q13, q14, [%x[r], #64]\n\t"
+        "ldp	q15, q16, [%x[r], #96]\n\t"
+        "ldp	q17, q18, [%x[r], #128]\n\t"
+        "ldp	q19, q20, [%x[r], #160]\n\t"
+        "ldp	q21, q22, [%x[r], #192]\n\t"
+        "ldp	q23, q24, [%x[r], #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x2, #16]\n\t"
+        "ldr	q2, [x3]\n\t"
+        "ldr	q3, [x3, #16]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x2, #48]\n\t"
+        "ldr	q2, [x3, #32]\n\t"
+        "ldr	q3, [x3, #48]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q1, [x2, #80]\n\t"
+        "ldr	q2, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q1, [x2, #112]\n\t"
+        "ldr	q2, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q1, [x2, #272]\n\t"
+        "ldr	q2, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q1, [x2, #304]\n\t"
+        "ldr	q2, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q1, [x2, #336]\n\t"
+        "ldr	q2, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q1, [x2, #368]\n\t"
+        "ldr	q2, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x3, #512]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [%x[r]]\n\t"
+        "stp	q11, q12, [%x[r], #32]\n\t"
+        "stp	q13, q14, [%x[r], #64]\n\t"
+        "stp	q15, q16, [%x[r], #96]\n\t"
+        "stp	q17, q18, [%x[r], #128]\n\t"
+        "stp	q19, q20, [%x[r], #160]\n\t"
+        "stp	q21, q22, [%x[r], #192]\n\t"
+        "stp	q23, q24, [%x[r], #224]\n\t"
+        "ldp	q9, q10, [x1]\n\t"
+        "ldp	q11, q12, [x1, #32]\n\t"
+        "ldp	q13, q14, [x1, #64]\n\t"
+        "ldp	q15, q16, [x1, #96]\n\t"
+        "ldp	q17, q18, [x1, #128]\n\t"
+        "ldp	q19, q20, [x1, #160]\n\t"
+        "ldp	q21, q22, [x1, #192]\n\t"
+        "ldp	q23, q24, [x1, #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q1, [x2, #144]\n\t"
+        "ldr	q2, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q1, [x2, #176]\n\t"
+        "ldr	q2, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q1, [x2, #208]\n\t"
+        "ldr	q2, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q1, [x2, #240]\n\t"
+        "ldr	q2, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q1, [x2, #400]\n\t"
+        "ldr	q2, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q1, [x2, #432]\n\t"
+        "ldr	q2, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q1, [x2, #464]\n\t"
+        "ldr	q2, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q1, [x2, #496]\n\t"
+        "ldr	q2, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #528]\n\t"
+        "ldr	q2, [x3, #528]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [x1]\n\t"
+        "stp	q11, q12, [x1, #32]\n\t"
+        "stp	q13, q14, [x1, #64]\n\t"
+        "stp	q15, q16, [x1, #96]\n\t"
+        "stp	q17, q18, [x1, #128]\n\t"
+        "stp	q19, q20, [x1, #160]\n\t"
+        "stp	q21, q22, [x1, #192]\n\t"
+        "stp	q23, q24, [x1, #224]\n\t"
+        "ldr	q4, [x2, #544]\n\t"
+        "ldr	q5, [x2, #560]\n\t"
+        "ldr	q6, [x3, #544]\n\t"
+        "ldr	q7, [x3, #560]\n\t"
+        "ldr	q9, [%x[r]]\n\t"
+        "ldr	q10, [%x[r], #32]\n\t"
+        "ldr	q11, [%x[r], #64]\n\t"
+        "ldr	q12, [%x[r], #96]\n\t"
+        "ldr	q13, [%x[r], #128]\n\t"
+        "ldr	q14, [%x[r], #160]\n\t"
+        "ldr	q15, [%x[r], #192]\n\t"
+        "ldr	q16, [%x[r], #224]\n\t"
+        "ldr	q17, [x1]\n\t"
+        "ldr	q18, [x1, #32]\n\t"
+        "ldr	q19, [x1, #64]\n\t"
+        "ldr	q20, [x1, #96]\n\t"
+        "ldr	q21, [x1, #128]\n\t"
+        "ldr	q22, [x1, #160]\n\t"
+        "ldr	q23, [x1, #192]\n\t"
+        "ldr	q24, [x1, #224]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v27.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v27.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v10.8h, v10.8h, v26.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v26.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v26.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v26.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v26.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v26.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v26.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v26.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r]]\n\t"
+        "str	q10, [%x[r], #32]\n\t"
+        "str	q11, [%x[r], #64]\n\t"
+        "str	q12, [%x[r], #96]\n\t"
+        "str	q13, [%x[r], #128]\n\t"
+        "str	q14, [%x[r], #160]\n\t"
+        "str	q15, [%x[r], #192]\n\t"
+        "str	q16, [%x[r], #224]\n\t"
+        "str	q17, [x1]\n\t"
+        "str	q18, [x1, #32]\n\t"
+        "str	q19, [x1, #64]\n\t"
+        "str	q20, [x1, #96]\n\t"
+        "str	q21, [x1, #128]\n\t"
+        "str	q22, [x1, #160]\n\t"
+        "str	q23, [x1, #192]\n\t"
+        "str	q24, [x1, #224]\n\t"
+        "ldr	q9, [%x[r], #16]\n\t"
+        "ldr	q10, [%x[r], #48]\n\t"
+        "ldr	q11, [%x[r], #80]\n\t"
+        "ldr	q12, [%x[r], #112]\n\t"
+        "ldr	q13, [%x[r], #144]\n\t"
+        "ldr	q14, [%x[r], #176]\n\t"
+        "ldr	q15, [%x[r], #208]\n\t"
+        "ldr	q16, [%x[r], #240]\n\t"
+        "ldr	q17, [x1, #16]\n\t"
+        "ldr	q18, [x1, #48]\n\t"
+        "ldr	q19, [x1, #80]\n\t"
+        "ldr	q20, [x1, #112]\n\t"
+        "ldr	q21, [x1, #144]\n\t"
+        "ldr	q22, [x1, #176]\n\t"
+        "ldr	q23, [x1, #208]\n\t"
+        "ldr	q24, [x1, #240]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v27.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v27.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v10.8h, v10.8h, v26.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v26.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v26.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v26.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v26.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v26.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v26.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v26.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r], #16]\n\t"
+        "str	q10, [%x[r], #48]\n\t"
+        "str	q11, [%x[r], #80]\n\t"
+        "str	q12, [%x[r], #112]\n\t"
+        "str	q13, [%x[r], #144]\n\t"
+        "str	q14, [%x[r], #176]\n\t"
+        "str	q15, [%x[r], #208]\n\t"
+        "str	q16, [%x[r], #240]\n\t"
+        "str	q17, [x1, #16]\n\t"
+        "str	q18, [x1, #48]\n\t"
+        "str	q19, [x1, #80]\n\t"
+        "str	q20, [x1, #112]\n\t"
+        "str	q21, [x1, #144]\n\t"
+        "str	q22, [x1, #176]\n\t"
+        "str	q23, [x1, #208]\n\t"
+        "str	q24, [x1, #240]\n\t"
+        : [r] "+r" (r)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv)
+        : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "cc"
+    );
+}
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+void kyber_ntt_sqrdmlsh(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_zetas]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_zetas]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_zetas]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_zetas]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_qinv]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q4, [x4]\n\t"
+        "ldr	q5, [%x[r]]\n\t"
+        "ldr	q6, [%x[r], #32]\n\t"
+        "ldr	q7, [%x[r], #64]\n\t"
+        "ldr	q8, [%x[r], #96]\n\t"
+        "ldr	q9, [%x[r], #128]\n\t"
+        "ldr	q10, [%x[r], #160]\n\t"
+        "ldr	q11, [%x[r], #192]\n\t"
+        "ldr	q12, [%x[r], #224]\n\t"
+        "ldr	q13, [x1]\n\t"
+        "ldr	q14, [x1, #32]\n\t"
+        "ldr	q15, [x1, #64]\n\t"
+        "ldr	q16, [x1, #96]\n\t"
+        "ldr	q17, [x1, #128]\n\t"
+        "ldr	q18, [x1, #160]\n\t"
+        "ldr	q19, [x1, #192]\n\t"
+        "ldr	q20, [x1, #224]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r]]\n\t"
+        "str	q6, [%x[r], #32]\n\t"
+        "str	q7, [%x[r], #64]\n\t"
+        "str	q8, [%x[r], #96]\n\t"
+        "str	q9, [%x[r], #128]\n\t"
+        "str	q10, [%x[r], #160]\n\t"
+        "str	q11, [%x[r], #192]\n\t"
+        "str	q12, [%x[r], #224]\n\t"
+        "str	q13, [x1]\n\t"
+        "str	q14, [x1, #32]\n\t"
+        "str	q15, [x1, #64]\n\t"
+        "str	q16, [x1, #96]\n\t"
+        "str	q17, [x1, #128]\n\t"
+        "str	q18, [x1, #160]\n\t"
+        "str	q19, [x1, #192]\n\t"
+        "str	q20, [x1, #224]\n\t"
+        "ldr	q5, [%x[r], #16]\n\t"
+        "ldr	q6, [%x[r], #48]\n\t"
+        "ldr	q7, [%x[r], #80]\n\t"
+        "ldr	q8, [%x[r], #112]\n\t"
+        "ldr	q9, [%x[r], #144]\n\t"
+        "ldr	q10, [%x[r], #176]\n\t"
+        "ldr	q11, [%x[r], #208]\n\t"
+        "ldr	q12, [%x[r], #240]\n\t"
+        "ldr	q13, [x1, #16]\n\t"
+        "ldr	q14, [x1, #48]\n\t"
+        "ldr	q15, [x1, #80]\n\t"
+        "ldr	q16, [x1, #112]\n\t"
+        "ldr	q17, [x1, #144]\n\t"
+        "ldr	q18, [x1, #176]\n\t"
+        "ldr	q19, [x1, #208]\n\t"
+        "ldr	q20, [x1, #240]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r], #16]\n\t"
+        "str	q6, [%x[r], #48]\n\t"
+        "str	q7, [%x[r], #80]\n\t"
+        "str	q8, [%x[r], #112]\n\t"
+        "str	q9, [%x[r], #144]\n\t"
+        "str	q10, [%x[r], #176]\n\t"
+        "str	q11, [%x[r], #208]\n\t"
+        "str	q12, [%x[r], #240]\n\t"
+        "str	q13, [x1, #16]\n\t"
+        "str	q14, [x1, #48]\n\t"
+        "str	q15, [x1, #80]\n\t"
+        "str	q16, [x1, #112]\n\t"
+        "str	q17, [x1, #144]\n\t"
+        "str	q18, [x1, #176]\n\t"
+        "str	q19, [x1, #208]\n\t"
+        "str	q20, [x1, #240]\n\t"
+        "ldp	q5, q6, [%x[r]]\n\t"
+        "ldp	q7, q8, [%x[r], #32]\n\t"
+        "ldp	q9, q10, [%x[r], #64]\n\t"
+        "ldp	q11, q12, [%x[r], #96]\n\t"
+        "ldp	q13, q14, [%x[r], #128]\n\t"
+        "ldp	q15, q16, [%x[r], #160]\n\t"
+        "ldp	q17, q18, [%x[r], #192]\n\t"
+        "ldp	q19, q20, [%x[r], #224]\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x3, #32]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q2, [x2, #80]\n\t"
+        "ldr	q1, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q2, [x2, #112]\n\t"
+        "ldr	q1, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q2, [x2, #144]\n\t"
+        "ldr	q1, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q2, [x2, #176]\n\t"
+        "ldr	q1, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q2, [x2, #336]\n\t"
+        "ldr	q1, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q2, [x2, #368]\n\t"
+        "ldr	q1, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q2, [x2, #400]\n\t"
+        "ldr	q1, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q2, [x2, #432]\n\t"
+        "ldr	q1, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [%x[r]]\n\t"
+        "stp	q7, q8, [%x[r], #32]\n\t"
+        "stp	q9, q10, [%x[r], #64]\n\t"
+        "stp	q11, q12, [%x[r], #96]\n\t"
+        "stp	q13, q14, [%x[r], #128]\n\t"
+        "stp	q15, q16, [%x[r], #160]\n\t"
+        "stp	q17, q18, [%x[r], #192]\n\t"
+        "stp	q19, q20, [%x[r], #224]\n\t"
+        "ldp	q5, q6, [x1]\n\t"
+        "ldp	q7, q8, [x1, #32]\n\t"
+        "ldp	q9, q10, [x1, #64]\n\t"
+        "ldp	q11, q12, [x1, #96]\n\t"
+        "ldp	q13, q14, [x1, #128]\n\t"
+        "ldp	q15, q16, [x1, #160]\n\t"
+        "ldp	q17, q18, [x1, #192]\n\t"
+        "ldp	q19, q20, [x1, #224]\n\t"
+        "ldr	q0, [x2, #48]\n\t"
+        "ldr	q1, [x3, #48]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q2, [x2, #208]\n\t"
+        "ldr	q1, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q2, [x2, #240]\n\t"
+        "ldr	q1, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q2, [x2, #272]\n\t"
+        "ldr	q1, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q2, [x2, #304]\n\t"
+        "ldr	q1, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q2, [x2, #464]\n\t"
+        "ldr	q1, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q2, [x2, #496]\n\t"
+        "ldr	q1, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x2, #528]\n\t"
+        "ldr	q1, [x3, #512]\n\t"
+        "ldr	q3, [x3, #528]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #544]\n\t"
+        "ldr	q2, [x2, #560]\n\t"
+        "ldr	q1, [x3, #544]\n\t"
+        "ldr	q3, [x3, #560]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [x1]\n\t"
+        "stp	q7, q8, [x1, #32]\n\t"
+        "stp	q9, q10, [x1, #64]\n\t"
+        "stp	q11, q12, [x1, #96]\n\t"
+        "stp	q13, q14, [x1, #128]\n\t"
+        "stp	q15, q16, [x1, #160]\n\t"
+        "stp	q17, q18, [x1, #192]\n\t"
+        "stp	q19, q20, [x1, #224]\n\t"
+        : [r] "+r" (r)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv)
+        : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "cc"
+    );
+}
+
+void kyber_invntt_sqrdmlsh(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_zetas_inv]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_zetas_inv]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_zetas_inv]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_zetas_inv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_inv_qinv]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_inv_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q8, [x4]\n\t"
+        "ldp	q9, q10, [%x[r]]\n\t"
+        "ldp	q11, q12, [%x[r], #32]\n\t"
+        "ldp	q13, q14, [%x[r], #64]\n\t"
+        "ldp	q15, q16, [%x[r], #96]\n\t"
+        "ldp	q17, q18, [%x[r], #128]\n\t"
+        "ldp	q19, q20, [%x[r], #160]\n\t"
+        "ldp	q21, q22, [%x[r], #192]\n\t"
+        "ldp	q23, q24, [%x[r], #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x2, #16]\n\t"
+        "ldr	q2, [x3]\n\t"
+        "ldr	q3, [x3, #16]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x2, #48]\n\t"
+        "ldr	q2, [x3, #32]\n\t"
+        "ldr	q3, [x3, #48]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q1, [x2, #80]\n\t"
+        "ldr	q2, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q1, [x2, #112]\n\t"
+        "ldr	q2, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q1, [x2, #272]\n\t"
+        "ldr	q2, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q1, [x2, #304]\n\t"
+        "ldr	q2, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q1, [x2, #336]\n\t"
+        "ldr	q2, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q1, [x2, #368]\n\t"
+        "ldr	q2, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x3, #512]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [%x[r]]\n\t"
+        "stp	q11, q12, [%x[r], #32]\n\t"
+        "stp	q13, q14, [%x[r], #64]\n\t"
+        "stp	q15, q16, [%x[r], #96]\n\t"
+        "stp	q17, q18, [%x[r], #128]\n\t"
+        "stp	q19, q20, [%x[r], #160]\n\t"
+        "stp	q21, q22, [%x[r], #192]\n\t"
+        "stp	q23, q24, [%x[r], #224]\n\t"
+        "ldp	q9, q10, [x1]\n\t"
+        "ldp	q11, q12, [x1, #32]\n\t"
+        "ldp	q13, q14, [x1, #64]\n\t"
+        "ldp	q15, q16, [x1, #96]\n\t"
+        "ldp	q17, q18, [x1, #128]\n\t"
+        "ldp	q19, q20, [x1, #160]\n\t"
+        "ldp	q21, q22, [x1, #192]\n\t"
+        "ldp	q23, q24, [x1, #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q1, [x2, #144]\n\t"
+        "ldr	q2, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q1, [x2, #176]\n\t"
+        "ldr	q2, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q1, [x2, #208]\n\t"
+        "ldr	q2, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q1, [x2, #240]\n\t"
+        "ldr	q2, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q1, [x2, #400]\n\t"
+        "ldr	q2, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q1, [x2, #432]\n\t"
+        "ldr	q2, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q1, [x2, #464]\n\t"
+        "ldr	q2, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q1, [x2, #496]\n\t"
+        "ldr	q2, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #528]\n\t"
+        "ldr	q2, [x3, #528]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [x1]\n\t"
+        "stp	q11, q12, [x1, #32]\n\t"
+        "stp	q13, q14, [x1, #64]\n\t"
+        "stp	q15, q16, [x1, #96]\n\t"
+        "stp	q17, q18, [x1, #128]\n\t"
+        "stp	q19, q20, [x1, #160]\n\t"
+        "stp	q21, q22, [x1, #192]\n\t"
+        "stp	q23, q24, [x1, #224]\n\t"
+        "ldr	q4, [x2, #544]\n\t"
+        "ldr	q5, [x2, #560]\n\t"
+        "ldr	q6, [x3, #544]\n\t"
+        "ldr	q7, [x3, #560]\n\t"
+        "ldr	q9, [%x[r]]\n\t"
+        "ldr	q10, [%x[r], #32]\n\t"
+        "ldr	q11, [%x[r], #64]\n\t"
+        "ldr	q12, [%x[r], #96]\n\t"
+        "ldr	q13, [%x[r], #128]\n\t"
+        "ldr	q14, [%x[r], #160]\n\t"
+        "ldr	q15, [%x[r], #192]\n\t"
+        "ldr	q16, [%x[r], #224]\n\t"
+        "ldr	q17, [x1]\n\t"
+        "ldr	q18, [x1, #32]\n\t"
+        "ldr	q19, [x1, #64]\n\t"
+        "ldr	q20, [x1, #96]\n\t"
+        "ldr	q21, [x1, #128]\n\t"
+        "ldr	q22, [x1, #160]\n\t"
+        "ldr	q23, [x1, #192]\n\t"
+        "ldr	q24, [x1, #224]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v9.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r]]\n\t"
+        "str	q10, [%x[r], #32]\n\t"
+        "str	q11, [%x[r], #64]\n\t"
+        "str	q12, [%x[r], #96]\n\t"
+        "str	q13, [%x[r], #128]\n\t"
+        "str	q14, [%x[r], #160]\n\t"
+        "str	q15, [%x[r], #192]\n\t"
+        "str	q16, [%x[r], #224]\n\t"
+        "str	q17, [x1]\n\t"
+        "str	q18, [x1, #32]\n\t"
+        "str	q19, [x1, #64]\n\t"
+        "str	q20, [x1, #96]\n\t"
+        "str	q21, [x1, #128]\n\t"
+        "str	q22, [x1, #160]\n\t"
+        "str	q23, [x1, #192]\n\t"
+        "str	q24, [x1, #224]\n\t"
+        "ldr	q9, [%x[r], #16]\n\t"
+        "ldr	q10, [%x[r], #48]\n\t"
+        "ldr	q11, [%x[r], #80]\n\t"
+        "ldr	q12, [%x[r], #112]\n\t"
+        "ldr	q13, [%x[r], #144]\n\t"
+        "ldr	q14, [%x[r], #176]\n\t"
+        "ldr	q15, [%x[r], #208]\n\t"
+        "ldr	q16, [%x[r], #240]\n\t"
+        "ldr	q17, [x1, #16]\n\t"
+        "ldr	q18, [x1, #48]\n\t"
+        "ldr	q19, [x1, #80]\n\t"
+        "ldr	q20, [x1, #112]\n\t"
+        "ldr	q21, [x1, #144]\n\t"
+        "ldr	q22, [x1, #176]\n\t"
+        "ldr	q23, [x1, #208]\n\t"
+        "ldr	q24, [x1, #240]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v9.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r], #16]\n\t"
+        "str	q10, [%x[r], #48]\n\t"
+        "str	q11, [%x[r], #80]\n\t"
+        "str	q12, [%x[r], #112]\n\t"
+        "str	q13, [%x[r], #144]\n\t"
+        "str	q14, [%x[r], #176]\n\t"
+        "str	q15, [%x[r], #208]\n\t"
+        "str	q16, [%x[r], #240]\n\t"
+        "str	q17, [x1, #16]\n\t"
+        "str	q18, [x1, #48]\n\t"
+        "str	q19, [x1, #80]\n\t"
+        "str	q20, [x1, #112]\n\t"
+        "str	q21, [x1, #144]\n\t"
+        "str	q22, [x1, #176]\n\t"
+        "str	q23, [x1, #208]\n\t"
+        "str	q24, [x1, #240]\n\t"
+        : [r] "+r" (r)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv)
+        : "memory", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "cc"
+    );
+}
+
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+static const word16 L_kyber_aarch64_zetas_mul[] = {
+    0x08b2, 0xf74e, 0x01ae, 0xfe52, 0x022b, 0xfdd5, 0x034b, 0xfcb5,
+    0x081e, 0xf7e2, 0x0367, 0xfc99, 0x060e, 0xf9f2, 0x0069, 0xff97,
+    0x01a6, 0xfe5a, 0x024b, 0xfdb5, 0x00b1, 0xff4f, 0x0c16, 0xf3ea,
+    0x0bde, 0xf422, 0x0b35, 0xf4cb, 0x0626, 0xf9da, 0x0675, 0xf98b,
+    0x0c0b, 0xf3f5, 0x030a, 0xfcf6, 0x0487, 0xfb79, 0x0c6e, 0xf392,
+    0x09f8, 0xf608, 0x05cb, 0xfa35, 0x0aa7, 0xf559, 0x045f, 0xfba1,
+    0x06cb, 0xf935, 0x0284, 0xfd7c, 0x0999, 0xf667, 0x015d, 0xfea3,
+    0x01a2, 0xfe5e, 0x0149, 0xfeb7, 0x0c65, 0xf39b, 0x0cb6, 0xf34a,
+    0x0331, 0xfccf, 0x0449, 0xfbb7, 0x025b, 0xfda5, 0x0262, 0xfd9e,
+    0x052a, 0xfad6, 0x07fc, 0xf804, 0x0748, 0xf8b8, 0x0180, 0xfe80,
+    0x0842, 0xf7be, 0x0c79, 0xf387, 0x04c2, 0xfb3e, 0x07ca, 0xf836,
+    0x0997, 0xf669, 0x00dc, 0xff24, 0x085e, 0xf7a2, 0x0686, 0xf97a,
+    0x0860, 0xf7a0, 0x0707, 0xf8f9, 0x0803, 0xf7fd, 0x031a, 0xfce6,
+    0x071b, 0xf8e5, 0x09ab, 0xf655, 0x099b, 0xf665, 0x01de, 0xfe22,
+    0x0c95, 0xf36b, 0x0bcd, 0xf433, 0x03e4, 0xfc1c, 0x03df, 0xfc21,
+    0x03be, 0xfc42, 0x074d, 0xf8b3, 0x05f2, 0xfa0e, 0x065c, 0xf9a4,
+};
+
+void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_mul]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_mul]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q1, [x4]\n\t"
+        "ldp	q2, q3, [%x[a]]\n\t"
+        "ldp	q4, q5, [%x[a], #32]\n\t"
+        "ldp	q6, q7, [%x[a], #64]\n\t"
+        "ldp	q8, q9, [%x[a], #96]\n\t"
+        "ldp	q10, q11, [%x[b]]\n\t"
+        "ldp	q12, q13, [%x[b], #32]\n\t"
+        "ldp	q14, q15, [%x[b], #64]\n\t"
+        "ldp	q16, q17, [%x[b], #96]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r]]\n\t"
+        "ldr	q0, [x3, #16]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #32]\n\t"
+        "ldr	q0, [x3, #32]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #64]\n\t"
+        "ldr	q0, [x3, #48]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #96]\n\t"
+        "ldp	q2, q3, [%x[a], #128]\n\t"
+        "ldp	q4, q5, [%x[a], #160]\n\t"
+        "ldp	q6, q7, [%x[a], #192]\n\t"
+        "ldp	q8, q9, [%x[a], #224]\n\t"
+        "ldp	q10, q11, [%x[b], #128]\n\t"
+        "ldp	q12, q13, [%x[b], #160]\n\t"
+        "ldp	q14, q15, [%x[b], #192]\n\t"
+        "ldp	q16, q17, [%x[b], #224]\n\t"
+        "ldr	q0, [x3, #64]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #128]\n\t"
+        "ldr	q0, [x3, #80]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #160]\n\t"
+        "ldr	q0, [x3, #96]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #192]\n\t"
+        "ldr	q0, [x3, #112]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #224]\n\t"
+        "ldp	q2, q3, [%x[a], #256]\n\t"
+        "ldp	q4, q5, [%x[a], #288]\n\t"
+        "ldp	q6, q7, [%x[a], #320]\n\t"
+        "ldp	q8, q9, [%x[a], #352]\n\t"
+        "ldp	q10, q11, [%x[b], #256]\n\t"
+        "ldp	q12, q13, [%x[b], #288]\n\t"
+        "ldp	q14, q15, [%x[b], #320]\n\t"
+        "ldp	q16, q17, [%x[b], #352]\n\t"
+        "ldr	q0, [x3, #128]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #256]\n\t"
+        "ldr	q0, [x3, #144]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #288]\n\t"
+        "ldr	q0, [x3, #160]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #320]\n\t"
+        "ldr	q0, [x3, #176]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #352]\n\t"
+        "ldp	q2, q3, [%x[a], #384]\n\t"
+        "ldp	q4, q5, [%x[a], #416]\n\t"
+        "ldp	q6, q7, [%x[a], #448]\n\t"
+        "ldp	q8, q9, [%x[a], #480]\n\t"
+        "ldp	q10, q11, [%x[b], #384]\n\t"
+        "ldp	q12, q13, [%x[b], #416]\n\t"
+        "ldp	q14, q15, [%x[b], #448]\n\t"
+        "ldp	q16, q17, [%x[b], #480]\n\t"
+        "ldr	q0, [x3, #192]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #384]\n\t"
+        "ldr	q0, [x3, #208]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #416]\n\t"
+        "ldr	q0, [x3, #224]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #448]\n\t"
+        "ldr	q0, [x3, #240]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #480]\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "cc"
+    );
+}
+
+void kyber_basemul_mont_add(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_zetas_mul]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_zetas_mul]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_zetas_mul]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q1, [x4]\n\t"
+        "ldp	q2, q3, [%x[a]]\n\t"
+        "ldp	q4, q5, [%x[a], #32]\n\t"
+        "ldp	q6, q7, [%x[a], #64]\n\t"
+        "ldp	q8, q9, [%x[a], #96]\n\t"
+        "ldp	q10, q11, [%x[b]]\n\t"
+        "ldp	q12, q13, [%x[b], #32]\n\t"
+        "ldp	q14, q15, [%x[b], #64]\n\t"
+        "ldp	q16, q17, [%x[b], #96]\n\t"
+        "ldp	q28, q29, [%x[r]]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r]]\n\t"
+        "ldp	q28, q29, [%x[r], #32]\n\t"
+        "ldr	q0, [x3, #16]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #32]\n\t"
+        "ldp	q28, q29, [%x[r], #64]\n\t"
+        "ldr	q0, [x3, #32]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #64]\n\t"
+        "ldp	q28, q29, [%x[r], #96]\n\t"
+        "ldr	q0, [x3, #48]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #96]\n\t"
+        "ldp	q2, q3, [%x[a], #128]\n\t"
+        "ldp	q4, q5, [%x[a], #160]\n\t"
+        "ldp	q6, q7, [%x[a], #192]\n\t"
+        "ldp	q8, q9, [%x[a], #224]\n\t"
+        "ldp	q10, q11, [%x[b], #128]\n\t"
+        "ldp	q12, q13, [%x[b], #160]\n\t"
+        "ldp	q14, q15, [%x[b], #192]\n\t"
+        "ldp	q16, q17, [%x[b], #224]\n\t"
+        "ldp	q28, q29, [%x[r], #128]\n\t"
+        "ldr	q0, [x3, #64]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #128]\n\t"
+        "ldp	q28, q29, [%x[r], #160]\n\t"
+        "ldr	q0, [x3, #80]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #160]\n\t"
+        "ldp	q28, q29, [%x[r], #192]\n\t"
+        "ldr	q0, [x3, #96]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #192]\n\t"
+        "ldp	q28, q29, [%x[r], #224]\n\t"
+        "ldr	q0, [x3, #112]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #224]\n\t"
+        "ldp	q2, q3, [%x[a], #256]\n\t"
+        "ldp	q4, q5, [%x[a], #288]\n\t"
+        "ldp	q6, q7, [%x[a], #320]\n\t"
+        "ldp	q8, q9, [%x[a], #352]\n\t"
+        "ldp	q10, q11, [%x[b], #256]\n\t"
+        "ldp	q12, q13, [%x[b], #288]\n\t"
+        "ldp	q14, q15, [%x[b], #320]\n\t"
+        "ldp	q16, q17, [%x[b], #352]\n\t"
+        "ldp	q28, q29, [%x[r], #256]\n\t"
+        "ldr	q0, [x3, #128]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #256]\n\t"
+        "ldp	q28, q29, [%x[r], #288]\n\t"
+        "ldr	q0, [x3, #144]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #288]\n\t"
+        "ldp	q28, q29, [%x[r], #320]\n\t"
+        "ldr	q0, [x3, #160]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #320]\n\t"
+        "ldp	q28, q29, [%x[r], #352]\n\t"
+        "ldr	q0, [x3, #176]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #352]\n\t"
+        "ldp	q2, q3, [%x[a], #384]\n\t"
+        "ldp	q4, q5, [%x[a], #416]\n\t"
+        "ldp	q6, q7, [%x[a], #448]\n\t"
+        "ldp	q8, q9, [%x[a], #480]\n\t"
+        "ldp	q10, q11, [%x[b], #384]\n\t"
+        "ldp	q12, q13, [%x[b], #416]\n\t"
+        "ldp	q14, q15, [%x[b], #448]\n\t"
+        "ldp	q16, q17, [%x[b], #480]\n\t"
+        "ldp	q28, q29, [%x[r], #384]\n\t"
+        "ldr	q0, [x3, #192]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #384]\n\t"
+        "ldp	q28, q29, [%x[r], #416]\n\t"
+        "ldr	q0, [x3, #208]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #416]\n\t"
+        "ldp	q28, q29, [%x[r], #448]\n\t"
+        "ldr	q0, [x3, #224]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #448]\n\t"
+        "ldp	q28, q29, [%x[r], #480]\n\t"
+        "ldr	q0, [x3, #240]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #480]\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "cc"
+    );
+}
+
+void kyber_csubq_neon(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_kyber_aarch64_q]\n\t"
+        "add  x1, x1, :lo12:%[L_kyber_aarch64_q]\n\t"
+#else
+        "adrp x1, %[L_kyber_aarch64_q]@PAGE\n\t"
+        "add  x1, x1, %[L_kyber_aarch64_q]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q20, [x1]\n\t"
+        "ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "sub	v0.8h, v0.8h, v20.8h\n\t"
+        "sub	v1.8h, v1.8h, v20.8h\n\t"
+        "sub	v2.8h, v2.8h, v20.8h\n\t"
+        "sub	v3.8h, v3.8h, v20.8h\n\t"
+        "sub	v4.8h, v4.8h, v20.8h\n\t"
+        "sub	v5.8h, v5.8h, v20.8h\n\t"
+        "sub	v6.8h, v6.8h, v20.8h\n\t"
+        "sub	v7.8h, v7.8h, v20.8h\n\t"
+        "sub	v8.8h, v8.8h, v20.8h\n\t"
+        "sub	v9.8h, v9.8h, v20.8h\n\t"
+        "sub	v10.8h, v10.8h, v20.8h\n\t"
+        "sub	v11.8h, v11.8h, v20.8h\n\t"
+        "sub	v12.8h, v12.8h, v20.8h\n\t"
+        "sub	v13.8h, v13.8h, v20.8h\n\t"
+        "sub	v14.8h, v14.8h, v20.8h\n\t"
+        "sub	v15.8h, v15.8h, v20.8h\n\t"
+        "sshr	v16.8h, v0.8h, #15\n\t"
+        "sshr	v17.8h, v1.8h, #15\n\t"
+        "sshr	v18.8h, v2.8h, #15\n\t"
+        "sshr	v19.8h, v3.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v0.8h, v0.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "sshr	v16.8h, v4.8h, #15\n\t"
+        "sshr	v17.8h, v5.8h, #15\n\t"
+        "sshr	v18.8h, v6.8h, #15\n\t"
+        "sshr	v19.8h, v7.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v4.8h, v4.8h, v16.8h\n\t"
+        "add	v5.8h, v5.8h, v17.8h\n\t"
+        "add	v6.8h, v6.8h, v18.8h\n\t"
+        "add	v7.8h, v7.8h, v19.8h\n\t"
+        "sshr	v16.8h, v8.8h, #15\n\t"
+        "sshr	v17.8h, v9.8h, #15\n\t"
+        "sshr	v18.8h, v10.8h, #15\n\t"
+        "sshr	v19.8h, v11.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "sshr	v16.8h, v12.8h, #15\n\t"
+        "sshr	v17.8h, v13.8h, #15\n\t"
+        "sshr	v18.8h, v14.8h, #15\n\t"
+        "sshr	v19.8h, v15.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v17.8h\n\t"
+        "add	v14.8h, v14.8h, v18.8h\n\t"
+        "add	v15.8h, v15.8h, v19.8h\n\t"
+        "st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "sub	v0.8h, v0.8h, v20.8h\n\t"
+        "sub	v1.8h, v1.8h, v20.8h\n\t"
+        "sub	v2.8h, v2.8h, v20.8h\n\t"
+        "sub	v3.8h, v3.8h, v20.8h\n\t"
+        "sub	v4.8h, v4.8h, v20.8h\n\t"
+        "sub	v5.8h, v5.8h, v20.8h\n\t"
+        "sub	v6.8h, v6.8h, v20.8h\n\t"
+        "sub	v7.8h, v7.8h, v20.8h\n\t"
+        "sub	v8.8h, v8.8h, v20.8h\n\t"
+        "sub	v9.8h, v9.8h, v20.8h\n\t"
+        "sub	v10.8h, v10.8h, v20.8h\n\t"
+        "sub	v11.8h, v11.8h, v20.8h\n\t"
+        "sub	v12.8h, v12.8h, v20.8h\n\t"
+        "sub	v13.8h, v13.8h, v20.8h\n\t"
+        "sub	v14.8h, v14.8h, v20.8h\n\t"
+        "sub	v15.8h, v15.8h, v20.8h\n\t"
+        "sshr	v16.8h, v0.8h, #15\n\t"
+        "sshr	v17.8h, v1.8h, #15\n\t"
+        "sshr	v18.8h, v2.8h, #15\n\t"
+        "sshr	v19.8h, v3.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v0.8h, v0.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "sshr	v16.8h, v4.8h, #15\n\t"
+        "sshr	v17.8h, v5.8h, #15\n\t"
+        "sshr	v18.8h, v6.8h, #15\n\t"
+        "sshr	v19.8h, v7.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v4.8h, v4.8h, v16.8h\n\t"
+        "add	v5.8h, v5.8h, v17.8h\n\t"
+        "add	v6.8h, v6.8h, v18.8h\n\t"
+        "add	v7.8h, v7.8h, v19.8h\n\t"
+        "sshr	v16.8h, v8.8h, #15\n\t"
+        "sshr	v17.8h, v9.8h, #15\n\t"
+        "sshr	v18.8h, v10.8h, #15\n\t"
+        "sshr	v19.8h, v11.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "sshr	v16.8h, v12.8h, #15\n\t"
+        "sshr	v17.8h, v13.8h, #15\n\t"
+        "sshr	v18.8h, v14.8h, #15\n\t"
+        "sshr	v19.8h, v15.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v17.8h\n\t"
+        "add	v14.8h, v14.8h, v18.8h\n\t"
+        "add	v15.8h, v15.8h, v19.8h\n\t"
+        "st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "cc"
+    );
+}
+
+void kyber_add_reduce(sword16* r, const sword16* a)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_consts]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+void kyber_add3_reduce(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_consts]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x3]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "cc"
+    );
+}
+
+void kyber_rsub_reduce(sword16* r, const sword16* a)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_consts]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+void kyber_to_mont(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_kyber_aarch64_consts]\n\t"
+        "add  x1, x1, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x1, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x1, x1, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x1]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v1.8h, v1.8h, v17.8h\n\t"
+        "sub	v2.8h, v2.8h, v18.8h\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v3.8h, v3.8h, v17.8h\n\t"
+        "sub	v4.8h, v4.8h, v18.8h\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v5.8h, v5.8h, v17.8h\n\t"
+        "sub	v6.8h, v6.8h, v18.8h\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v7.8h, v7.8h, v17.8h\n\t"
+        "sub	v8.8h, v8.8h, v18.8h\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v17.8h\n\t"
+        "sub	v10.8h, v10.8h, v18.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v17.8h\n\t"
+        "sub	v12.8h, v12.8h, v18.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v17.8h\n\t"
+        "sub	v14.8h, v14.8h, v18.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v17.8h\n\t"
+        "sub	v16.8h, v16.8h, v18.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v1.8h, v1.8h, v17.8h\n\t"
+        "sub	v2.8h, v2.8h, v18.8h\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v3.8h, v3.8h, v17.8h\n\t"
+        "sub	v4.8h, v4.8h, v18.8h\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v5.8h, v5.8h, v17.8h\n\t"
+        "sub	v6.8h, v6.8h, v18.8h\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v7.8h, v7.8h, v17.8h\n\t"
+        "sub	v8.8h, v8.8h, v18.8h\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v17.8h\n\t"
+        "sub	v10.8h, v10.8h, v18.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v17.8h\n\t"
+        "sub	v12.8h, v12.8h, v18.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v17.8h\n\t"
+        "sub	v14.8h, v14.8h, v18.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v17.8h\n\t"
+        "sub	v16.8h, v16.8h, v18.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+void kyber_to_mont_sqrdmlsh(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_kyber_aarch64_consts]\n\t"
+        "add  x1, x1, :lo12:%[L_kyber_aarch64_consts]\n\t"
+#else
+        "adrp x1, %[L_kyber_aarch64_consts]@PAGE\n\t"
+        "add  x1, x1, %[L_kyber_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x1]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v1.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v3.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v5.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v7.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v8.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v9.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v11.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v13.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v15.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v1.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v3.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v5.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v7.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v8.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v9.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v11.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v13.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v15.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul)
+        : "memory", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "cc"
+    );
+}
+
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+static const word16 L_kyber_aarch64_to_msg_neon_low[] = {
+    0x0373, 0x0373, 0x0373, 0x0373, 0x0373, 0x0373, 0x0373, 0x0373,
+};
+
+static const word16 L_kyber_aarch64_to_msg_neon_high[] = {
+    0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0,
+};
+
+static const word16 L_kyber_aarch64_to_msg_neon_bits[] = {
+    0x0001, 0x0002, 0x0004, 0x0008, 0x0010, 0x0020, 0x0040, 0x0080,
+};
+
+void kyber_to_msg_neon(byte* msg, sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_to_msg_neon_low]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_to_msg_neon_low]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_to_msg_neon_low]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_to_msg_neon_low]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_to_msg_neon_high]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_to_msg_neon_high]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_to_msg_neon_high]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_to_msg_neon_high]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_to_msg_neon_bits]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_to_msg_neon_bits]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_to_msg_neon_bits]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_to_msg_neon_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "ldr	q26, [x4]\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        : [msg] "+r" (msg), [p] "+r" (p)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits)
+        : "memory", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "cc"
+    );
+}
+
+static const word16 L_kyber_aarch64_from_msg_neon_q1half[] = {
+    0x0681, 0x0681, 0x0681, 0x0681, 0x0681, 0x0681, 0x0681, 0x0681,
+};
+
+static const word8 L_kyber_aarch64_from_msg_neon_bits[] = {
+    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
+    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
+};
+
+void kyber_from_msg_neon(sword16* p, const byte* msg)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_kyber_aarch64_from_msg_neon_q1half]\n\t"
+        "add  x2, x2, :lo12:%[L_kyber_aarch64_from_msg_neon_q1half]\n\t"
+#else
+        "adrp x2, %[L_kyber_aarch64_from_msg_neon_q1half]@PAGE\n\t"
+        "add  x2, x2, %[L_kyber_aarch64_from_msg_neon_q1half]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_kyber_aarch64_from_msg_neon_bits]\n\t"
+        "add  x3, x3, :lo12:%[L_kyber_aarch64_from_msg_neon_bits]\n\t"
+#else
+        "adrp x3, %[L_kyber_aarch64_from_msg_neon_bits]@PAGE\n\t"
+        "add  x3, x3, %[L_kyber_aarch64_from_msg_neon_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ld1	{v2.16b, v3.16b}, [%x[msg]]\n\t"
+        "ldr	q1, [x2]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "dup	v4.8b, v2.b[0]\n\t"
+        "dup	v5.8b, v2.b[1]\n\t"
+        "dup	v6.8b, v2.b[2]\n\t"
+        "dup	v7.8b, v2.b[3]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[4]\n\t"
+        "dup	v5.8b, v2.b[5]\n\t"
+        "dup	v6.8b, v2.b[6]\n\t"
+        "dup	v7.8b, v2.b[7]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[8]\n\t"
+        "dup	v5.8b, v2.b[9]\n\t"
+        "dup	v6.8b, v2.b[10]\n\t"
+        "dup	v7.8b, v2.b[11]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[12]\n\t"
+        "dup	v5.8b, v2.b[13]\n\t"
+        "dup	v6.8b, v2.b[14]\n\t"
+        "dup	v7.8b, v2.b[15]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[0]\n\t"
+        "dup	v5.8b, v3.b[1]\n\t"
+        "dup	v6.8b, v3.b[2]\n\t"
+        "dup	v7.8b, v3.b[3]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[4]\n\t"
+        "dup	v5.8b, v3.b[5]\n\t"
+        "dup	v6.8b, v3.b[6]\n\t"
+        "dup	v7.8b, v3.b[7]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[8]\n\t"
+        "dup	v5.8b, v3.b[9]\n\t"
+        "dup	v6.8b, v3.b[10]\n\t"
+        "dup	v7.8b, v3.b[11]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[12]\n\t"
+        "dup	v5.8b, v3.b[13]\n\t"
+        "dup	v6.8b, v3.b[14]\n\t"
+        "dup	v7.8b, v3.b[15]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p), [msg] "+r" (msg)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits)
+        : "memory", "x2", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc"
+    );
+}
+
+int kyber_cmp_neon(const byte* a, const byte* b, int sz)
+{
+    __asm__ __volatile__ (
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v8.16b, v0.16b, v4.16b\n\t"
+        "eor	v9.16b, v1.16b, v5.16b\n\t"
+        "eor	v10.16b, v2.16b, v6.16b\n\t"
+        "eor	v11.16b, v3.16b, v7.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "subs	%w[sz], %w[sz], #0x300\n\t"
+        "beq	L_kyber_aarch64_cmp_neon_done_%=\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "subs	%w[sz], %w[sz], #0x140\n\t"
+        "beq	L_kyber_aarch64_cmp_neon_done_%=\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld2	{v0.16b, v1.16b}, [%x[a]]\n\t"
+        "ld2	{v4.16b, v5.16b}, [%x[b]]\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "\n"
+    "L_kyber_aarch64_cmp_neon_done_%=: \n\t"
+        "orr	v8.16b, v8.16b, v9.16b\n\t"
+        "orr	v10.16b, v10.16b, v11.16b\n\t"
+        "orr	v8.16b, v8.16b, v10.16b\n\t"
+        "ins	v9.b[0], v8.b[1]\n\t"
+        "orr	v8.16b, v8.16b, v9.16b\n\t"
+        "mov	x0, v8.d[0]\n\t"
+        "subs	x0, x0, xzr\n\t"
+        "csetm	w0, ne\n\t"
+        : [a] "+r" (a), [b] "+r" (b), [sz] "+r" (sz)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits)
+        : "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc"
+    );
+    return (word32)(size_t)a;
+}
+
+static const word16 L_kyber_aarch64_rej_uniform_neon_mask[] = {
+    0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff,
+};
+
+static const word16 L_kyber_aarch64_rej_uniform_neon_bits[] = {
+    0x0001, 0x0002, 0x0004, 0x0008, 0x0010, 0x0020, 0x0040, 0x0080,
+};
+
+static const word8 L_kyber_aarch64_rej_uniform_neon_indices[] = {
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+};
+
+unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len, const byte* r, unsigned int rLen)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x4, %[L_kyber_aarch64_rej_uniform_neon_mask]\n\t"
+        "add  x4, x4, :lo12:%[L_kyber_aarch64_rej_uniform_neon_mask]\n\t"
+#else
+        "adrp x4, %[L_kyber_aarch64_rej_uniform_neon_mask]@PAGE\n\t"
+        "add  x4, x4, %[L_kyber_aarch64_rej_uniform_neon_mask]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x5, %[L_kyber_aarch64_q]\n\t"
+        "add  x5, x5, :lo12:%[L_kyber_aarch64_q]\n\t"
+#else
+        "adrp x5, %[L_kyber_aarch64_q]@PAGE\n\t"
+        "add  x5, x5, %[L_kyber_aarch64_q]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x6, %[L_kyber_aarch64_rej_uniform_neon_bits]\n\t"
+        "add  x6, x6, :lo12:%[L_kyber_aarch64_rej_uniform_neon_bits]\n\t"
+#else
+        "adrp x6, %[L_kyber_aarch64_rej_uniform_neon_bits]@PAGE\n\t"
+        "add  x6, x6, %[L_kyber_aarch64_rej_uniform_neon_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x7, %[L_kyber_aarch64_rej_uniform_neon_indices]\n\t"
+        "add  x7, x7, :lo12:%[L_kyber_aarch64_rej_uniform_neon_indices]\n\t"
+#else
+        "adrp x7, %[L_kyber_aarch64_rej_uniform_neon_indices]@PAGE\n\t"
+        "add  x7, x7, %[L_kyber_aarch64_rej_uniform_neon_indices]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "eor	v1.16b, v1.16b, v1.16b\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "mov	x13, #0xd01\n\t"
+        "ldr	q0, [x4]\n\t"
+        "ldr	q3, [x5]\n\t"
+        "ldr	q2, [x6]\n\t"
+        "subs	wzr, %w[len], #0\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "subs	wzr, %w[len], #16\n\t"
+        "blt	L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_loop_16_%=: \n\t"
+        "ld3	{v4.8b, v5.8b, v6.8b}, [%x[r]], #24\n\t"
+        "zip1	v4.16b, v4.16b, v1.16b\n\t"
+        "zip1	v5.16b, v5.16b, v1.16b\n\t"
+        "zip1	v6.16b, v6.16b, v1.16b\n\t"
+        "shl	v7.8h, v5.8h, #8\n\t"
+        "ushr	v8.8h, v5.8h, #4\n\t"
+        "shl	v6.8h, v6.8h, #4\n\t"
+        "orr	v4.16b, v4.16b, v7.16b\n\t"
+        "orr	v5.16b, v8.16b, v6.16b\n\t"
+        "and	v7.16b, v4.16b, v0.16b\n\t"
+        "and	v8.16b, v5.16b, v0.16b\n\t"
+        "zip1	v4.8h, v7.8h, v8.8h\n\t"
+        "zip2	v5.8h, v7.8h, v8.8h\n\t"
+        "cmgt	v7.8h, v3.8h, v4.8h\n\t"
+        "cmgt	v8.8h, v3.8h, v5.8h\n\t"
+        "ushr	v12.8h, v7.8h, #15\n\t"
+        "ushr	v13.8h, v8.8h, #15\n\t"
+        "addv	h12, v12.8h\n\t"
+        "addv	h13, v13.8h\n\t"
+        "mov	x10, v12.d[0]\n\t"
+        "mov	x11, v13.d[0]\n\t"
+        "and	v10.16b, v7.16b, v2.16b\n\t"
+        "and	v11.16b, v8.16b, v2.16b\n\t"
+        "addv	h10, v10.8h\n\t"
+        "addv	h11, v11.8h\n\t"
+        "mov	w8, v10.s[0]\n\t"
+        "mov	w9, v11.s[0]\n\t"
+        "lsl	w8, w8, #4\n\t"
+        "lsl	w9, w9, #4\n\t"
+        "ldr	q10, [x7, x8]\n\t"
+        "ldr	q11, [x7, x9]\n\t"
+        "tbl	v7.16b, {v4.16b}, v10.16b\n\t"
+        "tbl	v8.16b, {v5.16b}, v11.16b\n\t"
+        "str	q7, [%x[p]]\n\t"
+        "add	%x[p], %x[p], x10, lsl 1\n\t"
+        "add	x12, x12, x10\n\t"
+        "str	q8, [%x[p]]\n\t"
+        "add	%x[p], %x[p], x11, lsl 1\n\t"
+        "add	x12, x12, x11\n\t"
+        "subs	%w[rLen], %w[rLen], #24\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "sub	w10, %w[len], w12\n\t"
+        "subs	x10, x10, #16\n\t"
+        "blt	L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t"
+        "b	L_kyber_aarch64_rej_uniform_neon_loop_16_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_loop_4_%=: \n\t"
+        "subs	w10, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "subs	x10, x10, #4\n\t"
+        "blt	L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=\n\t"
+        "ldr	x4, [%x[r]], #6\n\t"
+        "lsr	x5, x4, #12\n\t"
+        "lsr	x6, x4, #24\n\t"
+        "lsr	x7, x4, #36\n\t"
+        "and	x4, x4, #0xfff\n\t"
+        "and	x5, x5, #0xfff\n\t"
+        "and	x6, x6, #0xfff\n\t"
+        "and	x7, x7, #0xfff\n\t"
+        "strh	w4, [%x[p]]\n\t"
+        "subs	xzr, x4, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w5, [%x[p]]\n\t"
+        "subs	xzr, x5, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w6, [%x[p]]\n\t"
+        "subs	xzr, x6, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w7, [%x[p]]\n\t"
+        "subs	xzr, x7, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	%w[rLen], %w[rLen], #6\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "b	L_kyber_aarch64_rej_uniform_neon_loop_4_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=: \n\t"
+        "ldr	x4, [%x[r]], #6\n\t"
+        "lsr	x5, x4, #12\n\t"
+        "lsr	x6, x4, #24\n\t"
+        "lsr	x7, x4, #36\n\t"
+        "and	x4, x4, #0xfff\n\t"
+        "and	x5, x5, #0xfff\n\t"
+        "and	x6, x6, #0xfff\n\t"
+        "and	x7, x7, #0xfff\n\t"
+        "strh	w4, [%x[p]]\n\t"
+        "subs	xzr, x4, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "strh	w5, [%x[p]]\n\t"
+        "subs	xzr, x5, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "strh	w6, [%x[p]]\n\t"
+        "subs	xzr, x6, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "strh	w7, [%x[p]]\n\t"
+        "subs	xzr, x7, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "subs	%w[rLen], %w[rLen], #6\n\t"
+        "beq	L_kyber_aarch64_rej_uniform_neon_done_%=\n\t"
+        "b	L_kyber_aarch64_rej_uniform_neon_loop_lt_4_%=\n\t"
+        "\n"
+    "L_kyber_aarch64_rej_uniform_neon_done_%=: \n\t"
+        "mov	x0, x12\n\t"
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "cc"
+    );
+    return (word32)(size_t)p;
+}
+
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+void kyber_sha3_blocksx3_neon(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_sha3_aarch64_r]\n\t"
+        "add  x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x16\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x19\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x22\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x24\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x4, x9\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	x27, x27, x12\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x14\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	x27, x27, x17\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x20\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	x27, x27, x23\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x25\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x3, x3, x27\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x8, x8, x27\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x13, x13, x27\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x19, x19, x27\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x24, x24, x27\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x5, x5, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x15, x15, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x2, x2, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x7, x7, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x12, x12, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x17, x17, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x23, x23, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x4, x4, x27\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x9, x9, x27\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x14, x14, x27\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x20, x20, x27\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x2, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x2, x7, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x7, x10, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x10, x24, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x24, x15, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x15, x22, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x22, x3, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x3, x13, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x13, x14, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x14, x21, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x21, x25, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x25, x16, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x16, x5, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x5, x26, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x26, x23, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x23, x9, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x9, x17, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x17, x6, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ror	x20, x19, #49\n\t"
+        "ror	x19, x12, #54\n\t"
+        "ror	x12, x8, #58\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix Base */
+        "bic	x11, x3, x2\n\t"
+        "bic	x27, x4, x3\n\t"
+        "bic	x28, x1, x5\n\t"
+        "bic	x30, x2, x1\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	x2, x2, x27\n\t"
+        "bic	x11, x5, x4\n\t"
+        "eor	x4, x4, x28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "eor	x5, x5, x30\n\t"
+        "bic	x11, x8, x7\n\t"
+        "bic	x27, x9, x8\n\t"
+        "bic	x28, x6, x10\n\t"
+        "bic	x30, x7, x6\n\t"
+        "eor	x6, x6, x11\n\t"
+        "eor	x7, x7, x27\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	x8, x8, x11\n\t"
+        "eor	x10, x10, x30\n\t"
+        "bic	x11, x13, x12\n\t"
+        "bic	x27, x14, x13\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "eor	x12, x12, x27\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "eor	x14, x14, x28\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x17, x17, x27\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x23, x23, x27\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "eor	x26, x26, x30\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_transform_blocksx3_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "eor	v16.16b, v16.16b, v16.16b\n\t"
+        "eor	x19, x19, x19\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "movz	x23, #0x8000, lsl 48\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v20.2d, x23\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x23\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x25\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x5, x10\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x15\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x21\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x26\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x6, x6, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x11, x11, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x27, x27, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x3, x3, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x8, x8, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x13, x13, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x3, x8, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x8, x11, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x11, x25, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x25, x16, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x4, x14, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x14, x15, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x15, x22, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x22, x26, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x6, x27, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x27, x24, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x24, x10, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x10, x19, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ror	x21, x20, #49\n\t"
+        "ror	x20, x13, #54\n\t"
+        "ror	x13, x9, #58\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "bic	x12, x4, x3\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "bic	x28, x2, x6\n\t"
+        "bic	x30, x3, x2\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "bic	x12, x6, x5\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "eor	x6, x6, x30\n\t"
+        "bic	x12, x9, x8\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "bic	x28, x7, x11\n\t"
+        "bic	x30, x8, x7\n\t"
+        "eor	x7, x7, x12\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x9, x9, x12\n\t"
+        "eor	x11, x11, x30\n\t"
+        "bic	x12, x14, x13\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "eor	x27, x27, x30\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "movz	x19, #0x8000, lsl 48\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "eor	v20.16b, v20.16b, v20.16b\n\t"
+        "eor	x23, x23, x23\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v16.2d, x19\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x23\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x25\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x5, x10\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x15\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x21\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x26\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x6, x6, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x11, x11, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x27, x27, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x3, x3, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x8, x8, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x13, x13, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x3, x8, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x8, x11, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x11, x25, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x25, x16, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x4, x14, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x14, x15, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x15, x22, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x22, x26, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x6, x27, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x27, x24, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x24, x10, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x10, x19, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ror	x21, x20, #49\n\t"
+        "ror	x20, x13, #54\n\t"
+        "ror	x13, x9, #58\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "bic	x12, x4, x3\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "bic	x28, x2, x6\n\t"
+        "bic	x30, x3, x2\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "bic	x12, x6, x5\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "eor	x6, x6, x30\n\t"
+        "bic	x12, x9, x8\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "bic	x28, x7, x11\n\t"
+        "bic	x30, x8, x7\n\t"
+        "eor	x7, x7, x12\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x9, x9, x12\n\t"
+        "eor	x11, x11, x30\n\t"
+        "bic	x12, x14, x13\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "eor	x27, x27, x30\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+#else
+void kyber_sha3_blocksx3_neon(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_sha3_aarch64_r]\n\t"
+        "add  x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x16\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x19\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x22\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x24\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	x27, x27, x12\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	x27, x27, x17\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	x27, x27, x23\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x25\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x3, x3, x27\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x8, x8, x27\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x13, x13, x27\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x19, x19, x27\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x24, x24, x27\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x5, x5, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x26, x26, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x2, x2, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x7, x7, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x12, x12, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x17, x17, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x23, x23, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x4, x4, x27\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x9, x9, x27\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x14, x14, x27\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x20, x20, x27\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x2, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x2, x7, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x7, x10, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x10, x24, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x24, x15, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x15, x22, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x22, x3, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x3, x13, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x13, x14, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x14, x21, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x21, x25, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x25, x16, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x16, x5, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x5, x26, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x26, x23, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x23, x9, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x9, x17, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x17, x6, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x20, x19, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x19, x12, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x12, x8, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x11, x3, x2\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	x27, x4, x3\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x1, x5\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x2, x1\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x2, x2, x27\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x11, x5, x4\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x4, x4, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x5, x5, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x11, x8, x7\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	x27, x9, x8\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x6, x10\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x7, x6\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x6, x6, x11\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x7, x7, x27\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x8, x8, x11\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x10, x10, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x11, x13, x12\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	x27, x14, x13\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x12, x12, x27\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x14, x14, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x17, x17, x27\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x23, x23, x27\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x26, x26, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_transform_blocksx3_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "eor	v16.16b, v16.16b, v16.16b\n\t"
+        "eor	x19, x19, x19\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "movz	x23, #0x8000, lsl 48\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v20.2d, x23\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x23\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x5, x10\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x15\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x21\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x26\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x6, x6, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x11, x11, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x27, x27, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x3, x3, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x8, x8, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x13, x13, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x3, x8, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x8, x11, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x11, x25, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x25, x16, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x4, x14, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x14, x15, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x15, x22, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x22, x26, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x6, x27, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x27, x24, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x24, x10, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x10, x19, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x21, x20, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x20, x13, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x13, x9, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x12, x4, x3\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x2, x6\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x3, x2\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x12, x6, x5\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x5, x5, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x6, x6, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x12, x9, x8\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x7, x11\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x8, x7\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x7, x7, x12\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x9, x9, x12\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x11, x11, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x12, x14, x13\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x15, x15, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x27, x27, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "movz	x19, #0x8000, lsl 48\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "eor	v20.16b, v20.16b, v20.16b\n\t"
+        "eor	x23, x23, x23\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v16.2d, x19\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x23\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x5, x10\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x15\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x21\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x26\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x6, x6, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x11, x11, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x27, x27, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x3, x3, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x8, x8, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x13, x13, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x3, x8, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x8, x11, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x11, x25, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x25, x16, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x4, x14, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x14, x15, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x15, x22, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x22, x26, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x6, x27, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x27, x24, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x24, x10, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x10, x19, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x21, x20, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x20, x13, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x13, x9, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x12, x4, x3\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x2, x6\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x3, x2\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x12, x6, x5\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x5, x5, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x6, x6, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x12, x9, x8\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x7, x11\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x8, x7\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x7, x7, x12\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x9, x9, x12\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x11, x11, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x12, x14, x13\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x15, x15, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x27, x27, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_kyber_aarch64_q] "S" (L_kyber_aarch64_q), [L_kyber_aarch64_consts] "S" (L_kyber_aarch64_consts), [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r), [L_kyber_aarch64_zetas] "S" (L_kyber_aarch64_zetas), [L_kyber_aarch64_zetas_qinv] "S" (L_kyber_aarch64_zetas_qinv), [L_kyber_aarch64_zetas_inv] "S" (L_kyber_aarch64_zetas_inv), [L_kyber_aarch64_zetas_inv_qinv] "S" (L_kyber_aarch64_zetas_inv_qinv), [L_kyber_aarch64_zetas_mul] "S" (L_kyber_aarch64_zetas_mul), [L_kyber_aarch64_to_msg_neon_low] "S" (L_kyber_aarch64_to_msg_neon_low), [L_kyber_aarch64_to_msg_neon_high] "S" (L_kyber_aarch64_to_msg_neon_high), [L_kyber_aarch64_to_msg_neon_bits] "S" (L_kyber_aarch64_to_msg_neon_bits), [L_kyber_aarch64_from_msg_neon_q1half] "S" (L_kyber_aarch64_from_msg_neon_q1half), [L_kyber_aarch64_from_msg_neon_bits] "S" (L_kyber_aarch64_from_msg_neon_bits), [L_kyber_aarch64_rej_uniform_neon_mask] "S" (L_kyber_aarch64_rej_uniform_neon_mask), [L_kyber_aarch64_rej_uniform_neon_bits] "S" (L_kyber_aarch64_rej_uniform_neon_bits), [L_kyber_aarch64_rej_uniform_neon_indices] "S" (L_kyber_aarch64_rej_uniform_neon_indices)
+        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c
index d0aab0234..9dc30d74a 100644
--- a/wolfcrypt/src/port/arm/armv8-poly1305.c
+++ b/wolfcrypt/src/port/arm/armv8-poly1305.c
@@ -1,6 +1,6 @@
 /* armv8-poly1305.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,7 +32,6 @@
 #include <wolfssl/wolfcrypt/types.h>
 
 #ifdef WOLFSSL_ARMASM
-#ifdef __aarch64__
 
 #ifdef HAVE_POLY1305
 #include <wolfssl/wolfcrypt/poly1305.h>
@@ -49,151 +48,127 @@
     #include <stdio.h>
 #endif
 
-static WC_INLINE void poly1305_blocks_16(Poly1305* ctx, const unsigned char *m,
-                                         size_t bytes)
+#ifdef __aarch64__
+
+static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
+    const unsigned char *m, size_t bytes)
 {
     __asm__ __volatile__ (
+        /* Check for zero bytes to do. */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE] \n\t"
-        "BLO        L_poly1305_16_64_done_%= \n\t"
-        /* Load r and h */
-        "LDP        x21, x23, %[ctx_r]   \n\t"
-        "LDR        w25, %[ctx_r_4]      \n\t"
-        "LDP        x2, x4, %[ctx_h]     \n\t"
-        "LDR        w6, %[ctx_h_4]       \n\t"
-        "LSR        x22, x21, #32        \n\t"
-        "LSR        x24, x23, #32        \n\t"
-        "LSR        x3, x2, #32          \n\t"
-        "LSR        x5, x4, #32          \n\t"
-        "AND        x21, x21, #0x3ffffff \n\t"
-        "AND        x23, x23, #0x3ffffff \n\t"
-        "AND        x2, x2, #0x3ffffff   \n\t"
-        "AND        x4, x4, #0x3ffffff   \n\t"
-        /* s1 = r1 * 5; */
-        /* s2 = r2 * 5; */
-        /* s3 = r3 * 5; */
-        /* s4 = r4 * 5; */
-        "MOV        x15, #5              \n\t"
-        "CMP        %[finished], #0      \n\t"
-        "MUL        w7, w22, w15         \n\t"
-        "CSET       %[finished], EQ      \n\t"
-        "MUL        w8, w23, w15         \n\t"
-        "LSL        %[finished], %[finished], #24 \n\t"
-        "MUL        w9, w24, w15         \n\t"
-        "MOV        x14, #0x3ffffff      \n\t"
-        "MUL        w10, w25, w15        \n\t"
+        "BLO        L_poly1305_aarch64_16_done_%= \n\t"
+
+        "MOV        x12, #1               \n\t"
+        /* Load h */
+        "LDP        w4, w5, [%[ctx_h], #0]   \n\t"
+        "LDP        w6, w7, [%[ctx_h], #8]   \n\t"
+        "LDR        w8, [%[ctx_h], #16]   \n\t"
+        /* Base 26 -> Base 64 */
+        "ORR        x4, x4, x5, LSL #26\n\t"
+        "ORR        x4, x4, x6, LSL #52\n\t"
+        "LSR        x5, x6, #12\n\t"
+        "ORR        x5, x5, x7, LSL #14\n\t"
+        "ORR        x5, x5, x8, LSL #40\n\t"
+        "LSR        x6, x8, #24\n\t"
+        /* Load r */
+        "LDP        x8, x9, %[ctx_r64]   \n\t"
+        "SUB        %[finished], x12, %[finished]\n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_16_64_loop_%=: \n\t"
-        /* t0 = U8TO64(&m[0]); */
-        /* t1 = U8TO64(&m[8]); */
-        "LDP        x16, x17, [%[m]], #16 \n\t"
-        /* h0 += (U8TO32(m + 0)) & 0x3ffffff; */
-        "AND        x26, x16, #0x3ffffff \n\t"
-        "ADD        x2, x2, x26          \n\t"
-        /* h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff; */
-        "AND        x26, x14, x16, LSR #26 \n\t"
-        "ADD        x3, x3, x26          \n\t"
-        /* h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff; */
-        "EXTR       x26, x17, x16, #52   \n\t"
-        "AND        x26, x26, #0x3ffffff \n\t"
-        "ADD        x4, x4, x26          \n\t"
-        /* h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff; */
-        "AND        x26, x14, x17, LSR #14 \n\t"
-        "ADD        x5, x5, x26          \n\t"
-        /* h4 += (U8TO32(m + 12) >> 8) | hibit; */
-        "ORR        x17, %[finished], x17, LSR #40 \n\t"
-        "ADD        x6, x6, x17          \n\t"
-        /* d0 = h0 * r0 + h1 * s4 + h2 * s3 + h3 * s2 + h4 * s1 */
-        /* d1 = h0 * r1 + h1 * r0 + h2 * s4 + h3 * s3 + h4 * s2 */
-        /* d2 = h0 * r2 + h1 * r1 + h2 * r0 + h3 * s4 + h4 * s3 */
-        /* d3 = h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * s4 */
-        /* d4 = h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0 */
-        "MUL        x16, x2, x21         \n\t"
-        "MUL        x17, x2, x22         \n\t"
-        "MUL        x26, x2, x23         \n\t"
-        "MUL        x19, x2, x24         \n\t"
-        "MUL        x20, x2, x25         \n\t"
-        "MADD       x16, x3, x10, x16    \n\t"
-        "MADD       x17, x3, x21, x17    \n\t"
-        "MADD       x26, x3, x22, x26    \n\t"
-        "MADD       x19, x3, x23, x19    \n\t"
-        "MADD       x20, x3, x24, x20    \n\t"
-        "MADD       x16, x4, x9, x16     \n\t"
-        "MADD       x17, x4, x10, x17    \n\t"
-        "MADD       x26, x4, x21, x26    \n\t"
-        "MADD       x19, x4, x22, x19    \n\t"
-        "MADD       x20, x4, x23, x20    \n\t"
-        "MADD       x16, x5, x8, x16     \n\t"
-        "MADD       x17, x5, x9, x17     \n\t"
-        "MADD       x26, x5, x10, x26    \n\t"
-        "MADD       x19, x5, x21, x19    \n\t"
-        "MADD       x20, x5, x22, x20    \n\t"
-        "MADD       x16, x6, x7, x16     \n\t"
-        "MADD       x17, x6, x8, x17     \n\t"
-        "MADD       x26, x6, x9, x26     \n\t"
-        "MADD       x19, x6, x10, x19    \n\t"
-        "MADD       x20, x6, x21, x20    \n\t"
-        /* d1 = d1 + d0 >> 26 */
-        /* d2 = d2 + d1 >> 26 */
-        /* d3 = d3 + d2 >> 26 */
-        /* d4 = d4 + d3 >> 26 */
-        /* h0 = d0 & 0x3ffffff */
-        /* h1 = d1 & 0x3ffffff */
-        /* h2 = d2 & 0x3ffffff */
-        /* h0 = h0 + (d4 >> 26) * 5 */
-        /* h1 = h1 + h0 >> 26 */
-        /* h3 = d3 & 0x3ffffff */
-        /* h4 = d4 & 0x3ffffff */
-        /* h0 = h0 & 0x3ffffff */
-        "ADD        x17, x17, x16, LSR #26 \n\t"
-        "ADD        x20, x20, x19, LSR #26 \n\t"
-        "AND        x16, x16, #0x3ffffff \n\t"
-        "LSR        x2, x20, #26         \n\t"
-        "AND        x19, x19, #0x3ffffff \n\t"
-        "MADD       x16, x2, x15, x16    \n\t"
-        "ADD        x26, x26, x17, LSR #26 \n\t"
-        "AND        x17, x17, #0x3ffffff \n\t"
-        "AND        x20, x20, #0x3ffffff \n\t"
-        "ADD        x19, x19, x26, LSR #26 \n\t"
-        "AND        x4, x26, #0x3ffffff  \n\t"
-        "ADD        x3, x17, x16, LSR #26 \n\t"
-        "AND        x2, x16, #0x3ffffff  \n\t"
-        "ADD        x6, x20, x19, LSR #26 \n\t"
-        "AND        x5, x19, #0x3ffffff  \n\t"
-        "SUB        %[bytes], %[bytes], %[POLY1305_BLOCK_SIZE] \n\t"
-        "CMP        %[bytes], %[POLY1305_BLOCK_SIZE] \n\t"
-        "BHS        L_poly1305_16_64_loop_%= \n\t"
-        /* Store h */
-        "ORR        x2, x2, x3, LSL #32  \n\t"
-        "ORR        x4, x4, x5, LSL #32  \n\t"
-        "STP        x2, x4, %[ctx_h]     \n\t"
-        "STR        w6, %[ctx_h_4]       \n\t"
+    "L_poly1305_aarch64_16_loop_%=: \n\t"
+        /* Load m */
+        "LDR        x10, [%[m]]          \n\t"
+        "LDR        x11, [%[m], 8]       \n\t"
+        /* Add m and !finished at bit 128. */
+        "ADDS       x4, x4, x10          \n\t"
+        "ADCS       x5, x5, x11          \n\t"
+        "ADC        x6, x6, %[finished]  \n\t"
+
+        /* r * h */
+        /* r0 * h0 */
+        "MUL        x12, x8, x4\n\t"
+        "UMULH      x13, x8, x4\n\t"
+        /* r0 * h1 */
+        "MUL        x16, x8, x5\n\t"
+        "UMULH      x14, x8, x5\n\t"
+        /* r1 * h0 */
+        "MUL        x15, x9, x4\n\t"
+        "ADDS       x13, x13, x16\n\t"
+        "UMULH      x17, x9, x4\n\t"
+        "ADC        x14, x14, xzr\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        /* r0 * h2 */
+        "MUL        x16, x8, x6\n\t"
+        "ADCS       x14, x14, x17\n\t"
+        "UMULH      x17, x8, x6\n\t"
+        "ADC        x15, xzr, xzr\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        /* r1 * h1 */
+        "MUL        x16, x9, x5\n\t"
+        "ADC        x15, x15, x17\n\t"
+        "UMULH      x19, x9, x5\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        /* r1 * h2 */
+        "MUL        x17, x9, x6\n\t"
+        "ADCS       x15, x15, x19\n\t"
+        "UMULH      x19, x9, x6\n\t"
+        "ADC        x16, xzr, xzr\n\t"
+        "ADDS       x15, x15, x17\n\t"
+        "ADC        x16, x16, x19\n\t"
+        /* h' = x12, x13, x14, x15, x16 */
+
+        /* h' mod 2^130 - 5 */
+        /* Get top two bits from h[2]. */
+        "AND        x6, x14, 3\n\t"
+        /* Get high bits from h[2]. */
+        "AND        x14, x14, -4\n\t"
+        /* Add top bits * 4. */
+        "ADDS       x4, x12, x14\n\t"
+        "ADCS       x5, x13, x15\n\t"
+        "ADC        x6, x6, x16\n\t"
+        /* Move down 2 bits. */
+        "EXTR       x14, x15, x14, 2\n\t"
+        "EXTR       x15, x16, x15, 2\n\t"
+        /* Add top bits. */
+        "ADDS       x4, x4, x14\n\t"
+        "ADCS       x5, x5, x15\n\t"
+        "ADC        x6, x6, xzr\n\t"
+
+        "SUBS       %[bytes], %[bytes], %[POLY1305_BLOCK_SIZE]\n\t"
+        "ADD        %[m], %[m], %[POLY1305_BLOCK_SIZE]\n\t"
+        "BGT        L_poly1305_aarch64_16_loop_%=\n\t"
+
+        /* Base 64 -> Base 26 */
+        "MOV        x10, #0x3ffffff\n\t"
+        "EXTR       x8, x6, x5, #40\n\t"
+        "AND        x7, x10, x5, LSR #14\n\t"
+        "EXTR       x6, x5, x4, #52\n\t"
+        "AND        x5, x10, x4, LSR #26\n\t"
+        "AND        x4, x4, x10\n\t"
+        "AND        x6, x6, x10\n\t"
+        "STP        w4, w5, [%[ctx_h], #0]   \n\t"
+        "STP        w6, w7, [%[ctx_h], #8]   \n\t"
+        "STR        w8, [%[ctx_h], #16]   \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_16_64_done_%=: \n\t"
-        : [ctx_h] "+m" (ctx->h[0]),
-          [ctx_h_4] "+m" (ctx->h[4]),
-          [bytes] "+r" (bytes),
-          [m] "+r" (m)
+    "L_poly1305_aarch64_16_done_%=: \n\t"
+        : [bytes] "+r" (bytes), [m] "+r" (m)
         : [POLY1305_BLOCK_SIZE] "I" (POLY1305_BLOCK_SIZE),
-          [ctx_r] "m" (ctx->r[0]),
-          [ctx_r_4] "m" (ctx->r[4]),
+          [ctx_r64] "m" (ctx->r64[0]), [ctx_h] "r" (ctx->h),
           [finished] "r" ((word64)ctx->finished)
         : "memory", "cc",
-          "w2", "w3", "w4", "w5", "w6", "w7", "w8", "w9", "w10", "w15",
-          "w21", "w22", "w23", "w24", "w25", "x2", "x3", "x4", "x5", "x6",
-          "x7", "x8", "x9", "x10", "x14", "x15", "x16", "x17", "x19", "x20",
-          "x21", "x22", "x23", "x24", "x25", "x26"
+          "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14",
+          "x15", "x16", "x17", "x19"
     );
 }
 
-void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
-                            size_t bytes)
+void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes)
 {
     __asm__ __volatile__ (
         /* If less than 4 blocks to process then use regular method */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*4 \n\t"
-        "BLO        L_poly1305_64_done_%= \n\t"
+        "BLO        L_poly1305_aarch64_64_done_%= \n\t"
         "MOV        x9, #0x3ffffff       \n\t"
         /* Load h */
         "LDP        x20, x22, [%[h]]     \n\t"
@@ -221,7 +196,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v26.D[1], x9         \n\t"
         "DUP        v30.4S, v26.S[0]     \n\t"
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*6 \n\t"
-        "BLO        L_poly1305_64_start_block_size_64_%= \n\t"
+        "BLO        L_poly1305_aarch64_64_start_block_size_64_%= \n\t"
         /* Load r^2 to NEON v0, v1, v2, v3, v4 */
         "LD4        { v0.S-v3.S }[2], [%[r_2]], #16 \n\t"
         "LD1        { v4.S }[2], [%[r_2]] \n\t"
@@ -284,7 +259,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "ADD        v19.2S, v19.2S, v14.2S \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_loop_128_%=: \n\t"
+    "L_poly1305_aarch64_64_loop_128_%=: \n\t"
         /* d0 = h0*r0 + h1*s4 + h2*s3 + h3*s2 + h4*s1 */
         /* d1 = h0*r1 + h1*r0 + h2*s4 + h3*s3 + h4*s2 */
         /* d2 = h0*r2 + h1*r1 + h2*r0 + h3*s4 + h4*s3 */
@@ -395,7 +370,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "UMLAL2     v25.2D, v14.4S, v0.4S \n\t"
         /* If less than six message blocks left then leave loop */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*6 \n\t"
-        "BLS        L_poly1305_64_loop_128_final_%= \n\t"
+        "BLS        L_poly1305_aarch64_64_loop_128_final_%= \n\t"
         /* Load m */
         /* Load four message blocks to NEON v10, v11, v12, v13, v14 */
         "LD4        { v10.4S-v13.4S }, [%[m]], #64 \n\t"
@@ -447,10 +422,10 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v17.S[1], v17.S[2]   \n\t"
         "MOV        v18.S[1], v18.S[2]   \n\t"
         "MOV        v19.S[1], v19.S[2]   \n\t"
-        "B          L_poly1305_64_loop_128_%= \n\t"
+        "B          L_poly1305_aarch64_64_loop_128_%= \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_loop_128_final_%=: \n\t"
+    "L_poly1305_aarch64_64_loop_128_final_%=: \n\t"
         /* Load m */
         /* Load two message blocks to NEON v10, v11, v12, v13, v14 */
         "LD2        { v10.2D-v11.2D }, [%[m]], #32 \n\t"
@@ -525,12 +500,12 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v19.S[1], v19.S[2]   \n\t"
         /* If less than 2 blocks left go straight to final multiplication. */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*2 \n\t"
-        "BLO        L_poly1305_64_last_mult_%= \n\t"
-        /* Else go to one loop of L_poly1305_64_loop_64 */
-        "B          L_poly1305_64_loop_64_%= \n\t"
+        "BLO        L_poly1305_aarch64_64_last_mult_%= \n\t"
+        /* Else go to one loop of L_poly1305_aarch64_64_loop_64 */
+        "B          L_poly1305_aarch64_64_loop_64_%= \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_start_block_size_64_%=: \n\t"
+    "L_poly1305_aarch64_64_start_block_size_64_%=: \n\t"
         /* Load r^2 to NEON v0, v1, v2, v3, v4 */
         "LD4R       { v0.2S-v3.2S }, [%[r_2]], #16 \n\t"
         "LD1R       { v4.2S }, [%[r_2]]  \n\t"
@@ -581,7 +556,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "ADD        v19.2S, v19.2S, v14.2S \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_loop_64_%=: \n\t"
+    "L_poly1305_aarch64_64_loop_64_%=: \n\t"
         /* d0 = h0*r0 + h1*s4 + h2*s3 + h3*s2 + h4*s1 */
         /* d1 = h0*r1 + h1*r0 + h2*s4 + h3*s3 + h4*s2 */
         /* d2 = h0*r2 + h1*r1 + h2*r0 + h3*s4 + h4*s3 */
@@ -709,10 +684,10 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "MOV        v19.S[1], v19.S[2]   \n\t"
         /* If at least two message blocks left then loop_64 */
         "CMP        %[bytes], %[POLY1305_BLOCK_SIZE]*2 \n\t"
-        "BHS        L_poly1305_64_loop_64_%= \n\t"
+        "BHS        L_poly1305_aarch64_64_loop_64_%= \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_last_mult_%=: \n\t"
+    "L_poly1305_aarch64_64_last_mult_%=: \n\t"
         /* Load r */
         "LD4        { v0.S-v3.S }[1], [%[r]], #16 \n\t"
         /* Compute h*r^2 */
@@ -849,7 +824,7 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
         "SUB        %[h], %[h], #16      \n\t"
         "\n"
         ".align 2 \n\t"
-    "L_poly1305_64_done_%=: \n\t"
+    "L_poly1305_aarch64_64_done_%=: \n\t"
         : [bytes] "+r" (bytes),
           [m] "+r" (m),
           [ctx] "+m" (ctx)
@@ -869,12 +844,12 @@ void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
           "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27",
           "x28", "x30"
     );
-    poly1305_blocks_16(ctx, m, bytes);
+    poly1305_blocks_aarch64_16(ctx, m, bytes);
 }
 
-void poly1305_block(Poly1305* ctx, const unsigned char *m)
+void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m)
 {
-    poly1305_blocks_16(ctx, m, POLY1305_BLOCK_SIZE);
+    poly1305_blocks_aarch64_16(ctx, m, POLY1305_BLOCK_SIZE);
 }
 
 #if defined(POLY130564)
@@ -910,151 +885,147 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
         "LDP        x10, x11, [%[key], #16] \n\t"
         /* Load clamp */
         "LDP        x12, x13, [%[clamp]] \n\t"
+        /* Save pad for later */
+        "STP        x10, x11, [%[ctx_pad]] \n\t"
         /* Apply clamp */
         /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
         "AND        x8, x8, x12          \n\t"
         "AND        x9, x9, x13          \n\t"
-        "MOV        x19, xzr             \n\t"
-        "MOV        x20, xzr             \n\t"
-        "MOV        x21, xzr             \n\t"
-        "MOV        x22, xzr             \n\t"
-        "MOV        x23, xzr             \n\t"
-        "BFI        x19, x8, #0, #26     \n\t"
-        "LSR        x8, x8, #26          \n\t"
-        "BFI        x20, x8, #0, #26     \n\t"
-        "LSR        x8, x8, #26          \n\t"
-        "BFI        x21, x8, #0, #12     \n\t"
-        "BFI        x21, x9, #12, #14    \n\t"
-        "LSR        x9, x9, #14          \n\t"
-        "BFI        x22, x9, #0, #26     \n\t"
-        "LSR        x9, x9, #26          \n\t"
-        "BFI        x23, x9, #0, #24     \n\t"
+        "STP        x8, x9, [%[ctx_r64]] \n\t"
+        /* 128-bits: Base 64 -> Base 26 */
+        "MOV        x20, #0x3ffffff\n\t"
+        "LSR        x15, x9, #40\n\t"
+        "AND        x14, x20, x9, LSR #14\n\t"
+        "EXTR       x13, x9, x8, #52\n\t"
+        "AND        x12, x20, x8, LSR #26\n\t"
+        "AND        x11, x8, x20\n\t"
+        "AND        x13, x13, x20\n\t"
+        "AND        x15, x15, x20\n\t"
+        "STP        w11, w12, [%[ctx_r], #0]   \n\t"
+        "STP        w13, w14, [%[ctx_r], #8]   \n\t"
+        "STR        w15, [%[ctx_r], #16]   \n\t"
+
         /* Compute r^2 */
-        /* r*5 */
-        "MOV        x8, #5               \n\t"
-        "MUL        x24, x20, x8         \n\t"
-        "MUL        x25, x21, x8         \n\t"
-        "MUL        x26, x22, x8         \n\t"
-        "MUL        x27, x23, x8         \n\t"
-        /* d = r*r */
-        /* d0 = h0 * r0 + h1 * s4 + h2 * s3 + h3 * s2 + h4 * s1 */
-        /* d1 = h0 * r1 + h1 * r0 + h2 * s4 + h3 * s3 + h4 * s2 */
-        /* d2 = h0 * r2 + h1 * r1 + h2 * r0 + h3 * s4 + h4 * s3 */
-        /* d3 = h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * s4 */
-        /* d4 = h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0 */
-        "MUL        x14, x19, x19        \n\t"
-        "MUL        x15, x19, x20        \n\t"
-        "MUL        x16, x19, x21        \n\t"
-        "MUL        x17, x19, x22        \n\t"
-        "MUL        x7, x19, x23         \n\t"
-        "MADD       x14, x20, x27, x14   \n\t"
-        "MADD       x15, x20, x19, x15   \n\t"
-        "MADD       x16, x20, x20, x16   \n\t"
-        "MADD       x17, x20, x21, x17   \n\t"
-        "MADD       x7, x20, x22, x7     \n\t"
-        "MADD       x14, x21, x26, x14   \n\t"
-        "MADD       x15, x21, x27, x15   \n\t"
-        "MADD       x16, x21, x19, x16   \n\t"
-        "MADD       x17, x21, x20, x17   \n\t"
-        "MADD       x7, x21, x21, x7     \n\t"
-        "MADD       x14, x22, x25, x14   \n\t"
-        "MADD       x15, x22, x26, x15   \n\t"
-        "MADD       x16, x22, x27, x16   \n\t"
-        "MADD       x17, x22, x19, x17   \n\t"
-        "MADD       x7, x22, x20, x7     \n\t"
-        "MADD       x14, x23, x24, x14   \n\t"
-        "MADD       x15, x23, x25, x15   \n\t"
-        "MADD       x16, x23, x26, x16   \n\t"
-        "MADD       x17, x23, x27, x17   \n\t"
-        "MADD       x7, x23, x19, x7     \n\t"
+        /* r0 * r0 */
+        "MUL        x12, x8, x8\n\t"
+        "UMULH      x13, x8, x8\n\t"
+        /* 2 * r0 * r1 */
+        "MUL        x15, x8, x9\n\t"
+        "UMULH      x16, x8, x9\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADC        x14, xzr, x16\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADCS       x14, x14, x16\n\t"
+        "ADC        x15, xzr, xzr\n\t"
+        /* r1 * r1 */
+        "MUL        x16, x9, x9\n\t"
+        "UMULH      x17, x9, x9\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADC        x15, x15, x17\n\t"
         /* r_2 = r^2 % P */
-        "ADD        x15, x15, x14, LSR #26 \n\t"
-        "ADD        x7, x7, x17, LSR #26 \n\t"
-        "AND        x14, x14, #0x3ffffff \n\t"
-        "LSR        x9, x7, #26          \n\t"
-        "AND        x17, x17, #0x3ffffff \n\t"
-        "MADD       x14, x9, x8, x14     \n\t"
-        "ADD        x16, x16, x15, LSR #26 \n\t"
-        "AND        x15, x15, #0x3ffffff \n\t"
-        "AND        x7, x7, #0x3ffffff   \n\t"
-        "ADD        x17, x17, x16, LSR #26 \n\t"
-        "AND        x16, x16, #0x3ffffff \n\t"
-        "ADD        x15, x15, x14, LSR #26 \n\t"
-        "AND        x14, x14, #0x3ffffff \n\t"
-        "ADD        x7, x7, x17, LSR #26 \n\t"
-        "AND        x17, x17, #0x3ffffff \n\t"
-        /* Store r */
-        "ORR        x19, x19, x20, LSL #32 \n\t"
-        "ORR        x21, x21, x22, LSL #32 \n\t"
-        "STP        x19, x21, [%[ctx_r]] \n\t"
-        "STR        w23, [%[ctx_r], #16] \n\t"
-        "MOV        x8, #5               \n\t"
-        "MUL        x24, x15, x8         \n\t"
-        "MUL        x25, x16, x8         \n\t"
-        "MUL        x26, x17, x8         \n\t"
-        "MUL        x27, x7, x8          \n\t"
-        /* Compute r^4 */
-        /* d0 = h0 * r0 + h1 * s4 + h2 * s3 + h3 * s2 + h4 * s1 */
-        /* d1 = h0 * r1 + h1 * r0 + h2 * s4 + h3 * s3 + h4 * s2 */
-        /* d2 = h0 * r2 + h1 * r1 + h2 * r0 + h3 * s4 + h4 * s3 */
-        /* d3 = h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * s4 */
-        /* d4 = h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0 */
-        "MUL        x19, x14, x14        \n\t"
-        "MUL        x20, x14, x15        \n\t"
-        "MUL        x21, x14, x16        \n\t"
-        "MUL        x22, x14, x17        \n\t"
-        "MUL        x23, x14, x7         \n\t"
-        "MADD       x19, x15, x27, x19   \n\t"
-        "MADD       x20, x15, x14, x20   \n\t"
-        "MADD       x21, x15, x15, x21   \n\t"
-        "MADD       x22, x15, x16, x22   \n\t"
-        "MADD       x23, x15, x17, x23   \n\t"
-        "MADD       x19, x16, x26, x19   \n\t"
-        "MADD       x20, x16, x27, x20   \n\t"
-        "MADD       x21, x16, x14, x21   \n\t"
-        "MADD       x22, x16, x15, x22   \n\t"
-        "MADD       x23, x16, x16, x23   \n\t"
-        "MADD       x19, x17, x25, x19   \n\t"
-        "MADD       x20, x17, x26, x20   \n\t"
-        "MADD       x21, x17, x27, x21   \n\t"
-        "MADD       x22, x17, x14, x22   \n\t"
-        "MADD       x23, x17, x15, x23   \n\t"
-        "MADD       x19, x7, x24, x19    \n\t"
-        "MADD       x20, x7, x25, x20    \n\t"
-        "MADD       x21, x7, x26, x21    \n\t"
-        "MADD       x22, x7, x27, x22    \n\t"
-        "MADD       x23, x7, x14, x23    \n\t"
-        /* r^4 % P */
-        "ADD        x20, x20, x19, LSR #26 \n\t"
-        "ADD        x23, x23, x22, LSR #26 \n\t"
-        "AND        x19, x19, #0x3ffffff \n\t"
-        "LSR        x9, x23, #26         \n\t"
-        "AND        x22, x22, #0x3ffffff \n\t"
-        "MADD       x19, x9, x8, x19     \n\t"
-        "ADD        x21, x21, x20, LSR #26 \n\t"
-        "AND        x20, x20, #0x3ffffff \n\t"
-        "AND        x23, x23, #0x3ffffff \n\t"
-        "ADD        x22, x22, x21, LSR #26 \n\t"
-        "AND        x21, x21, #0x3ffffff \n\t"
-        "ADD        x20, x20, x19, LSR #26 \n\t"
-        "AND        x19, x19, #0x3ffffff \n\t"
-        "ADD        x23, x23, x22, LSR #26 \n\t"
-        "AND        x22, x22, #0x3ffffff \n\t"
+        /* Get top two bits from r^2[2]. */
+        "AND        x10, x14, 3\n\t"
+        /* Get high bits from r^2[2]. */
+        "AND        x14, x14, -4\n\t"
+        /* Add top bits * 4. */
+        "ADDS       x8, x12, x14\n\t"
+        "ADCS       x9, x13, x15\n\t"
+        "ADC        x10, x10, xzr\n\t"
+        /* Move down 2 bits. */
+        "EXTR       x14, x15, x14, 2\n\t"
+        "LSR        x15, x15, 2\n\t"
+        /* Add top bits. */
+        "ADDS       x8, x8, x14\n\t"
+        "ADCS       x9, x9, x15\n\t"
+        "ADC        x10, x10, xzr\n\t"
+        /* 130-bits: Base 64 -> Base 26 */
+        "EXTR       x15, x10, x9, #40\n\t"
+        "AND        x14, x20, x9, LSR #14\n\t"
+        "EXTR       x13, x9, x8, #52\n\t"
+        "AND        x12, x20, x8, LSR #26\n\t"
+        "AND        x11, x8, x20\n\t"
+        "AND        x13, x13, x20\n\t"
+        "AND        x15, x15, x20\n\t"
         /* Store r^2 */
-        "ORR        x14, x14, x15, LSL #32 \n\t"
-        "ORR        x16, x16, x17, LSL #32 \n\t"
-        "STP        x14, x16, [%[ctx_r_2]] \n\t"
-        "STR        w7, [%[ctx_r_2], #16] \n\t"
+        "STP        w11, w12, [%[ctx_r_2], #0]   \n\t"
+        "STP        w13, w14, [%[ctx_r_2], #8]   \n\t"
+        "STR        w15, [%[ctx_r_2], #16]   \n\t"
+
+        /* Compute r^4 */
+        /* r0 * r0 */
+        "MUL        x12, x8, x8\n\t"
+        "UMULH      x13, x8, x8\n\t"
+        /* 2 * r0 * r1 */
+        "MUL        x15, x8, x9\n\t"
+        "UMULH      x16, x8, x9\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADC        x14, xzr, x16\n\t"
+        "ADDS       x13, x13, x15\n\t"
+        "ADCS       x14, x14, x16\n\t"
+        "ADC        x15, xzr, xzr\n\t"
+        /* 2 * r0 * r2 */
+        "MUL        x16, x8, x10\n\t"
+        "UMULH      x17, x8, x10\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADC        x15, x15, x17\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADC        x15, x15, x17\n\t"
+        /* r1 * r1 */
+        "MUL        x16, x9, x9\n\t"
+        "UMULH      x17, x9, x9\n\t"
+        "ADDS       x14, x14, x16\n\t"
+        "ADCS       x15, x15, x17\n\t"
+        "ADC        x16, xzr, xzr\n\t"
+        /* 2 * r1 * r2 */
+        "MUL        x17, x9, x10\n\t"
+        "UMULH      x19, x9, x10\n\t"
+        "ADDS       x15, x15, x17\n\t"
+        "ADC        x16, x16, x19\n\t"
+        "ADDS       x15, x15, x17\n\t"
+        "ADC        x16, x16, x19\n\t"
+        /* r2 * r2 */
+        "MUL        x17, x10, x10\n\t"
+        "ADD        x16, x16, x17\n\t"
+        /* r_4 = r^4 % P */
+        /* Get top two bits from r^4[2]. */
+        "AND        x10, x14, 3\n\t"
+        /* Get high bits from r^4[2]. */
+        "AND        x14, x14, -4\n\t"
+        /* Add top bits * 4. */
+        "ADDS       x8, x12, x14\n\t"
+        "ADCS       x9, x13, x15\n\t"
+        "ADC        x10, x10, x16\n\t"
+        /* Move down 2 bits. */
+        "EXTR       x14, x15, x14, 2\n\t"
+        "EXTR       x15, x16, x15, 2\n\t"
+        "LSR        x16, x16, 2\n\t"
+        /* Add top bits. */
+        "ADDS       x8, x8, x14\n\t"
+        "ADCS       x9, x9, x15\n\t"
+        "ADC        x10, x10, x16\n\t"
+        /* Top again as it was 260 bits mod less than 130 bits. */
+        "AND        x11, x10, -4\n\t"
+        "AND        x10, x10, 3\n\t"
+        "ADD        x11, x11, x11, LSR #2\n\t"
+        "ADDS       x8, x8, x11\n\t"
+        "ADCS       x9, x9, xzr\n\t"
+        "ADC        x10, x10, xzr\n\t"
+        /* 130-bits: Base 64 -> Base 26 */
+        "EXTR       x15, x10, x9, #40\n\t"
+        "AND        x14, x20, x9, LSR #14\n\t"
+        "EXTR       x13, x9, x8, #52\n\t"
+        "AND        x12, x20, x8, LSR #26\n\t"
+        "AND        x11, x8, x20\n\t"
+        "AND        x13, x13, x20\n\t"
+        "AND        x15, x15, x20\n\t"
         /* Store r^4 */
-        "ORR        x19, x19, x20, LSL #32 \n\t"
-        "ORR        x21, x21, x22, LSL #32 \n\t"
-        "STP        x19, x21, [%[ctx_r_4]] \n\t"
-        "STR        w23, [%[ctx_r_4], #16] \n\t"
+        "STP        w11, w12, [%[ctx_r_4], #0]   \n\t"
+        "STP        w13, w14, [%[ctx_r_4], #8]   \n\t"
+        "STR        w15, [%[ctx_r_4], #16]   \n\t"
+
         /* h (accumulator) = 0 */
         "STP        xzr, xzr, [%[ctx_h_0]] \n\t"
         "STR        wzr, [%[ctx_h_0], #16] \n\t"
-        /* Save pad for later */
-        "STP        x10, x11, [%[ctx_pad]] \n\t"
         /* Zero leftover */
         "STR        xzr, [%[ctx_leftover]] \n\t"
         /* Zero finished */
@@ -1062,6 +1033,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
         :
         : [clamp] "r" (clamp),
           [key] "r" (key),
+          [ctx_r64] "r" (ctx->r64),
           [ctx_r] "r" (ctx->r),
           [ctx_r_2] "r" (ctx->r_2),
           [ctx_r_4] "r" (ctx->r_4),
@@ -1070,9 +1042,8 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
           [ctx_leftover] "r" (&ctx->leftover),
           [ctx_finished] "r" (&ctx->finished)
         : "memory", "cc",
-          "w7", "w14", "w15", "w16", "w17", "w19", "w20", "w21", "w22", "w23",
-          "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16",
-          "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27"
+          "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17",
+          "x19", "x20"
     );
 
     return 0;
@@ -1081,7 +1052,6 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
 
 int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 {
-
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
@@ -1092,75 +1062,197 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
         for (; i < POLY1305_BLOCK_SIZE; i++)
             ctx->buffer[i] = 0;
         ctx->finished = 1;
-        poly1305_block(ctx, ctx->buffer);
+        poly1305_block_aarch64(ctx, ctx->buffer);
     }
 
     __asm__ __volatile__ (
-        /* Load raw h and zero h registers */
-        "LDP        x2, x3, %[h_addr]    \n\t"
-        "MOV        x5, xzr              \n\t"
-        "LDR        w4, %[h_4_addr]      \n\t"
-        "MOV        x6, xzr              \n\t"
-        "LDP        x16, x17, %[pad_addr] \n\t"
+        "LDP        x9, x10, %[ctx_pad] \n\t"
+        /* Load h */
+        "LDP        w4, w5, [%[ctx_h], #0]   \n\t"
+        "LDP        w6, w7, [%[ctx_h], #8]   \n\t"
+        "LDR        w8, [%[ctx_h], #16]   \n\t"
         /* Base 26 -> Base 64 */
-        "MOV        w5, w2               \n\t"
-        "LSR        x2, x2, #32          \n\t"
-        "ORR        x5, x5, x2, LSL #26  \n\t"
-        "ORR        x5, x5, x3, LSL #52  \n\t"
-        "LSR        w6, w3, #12          \n\t"
-        "LSR        x3, x3, #32          \n\t"
-        "ORR        x6, x6, x3, LSL #14  \n\t"
-        "ORR        x6, x6, x4, LSL #40  \n\t"
-        "LSR        x7, x4, #24          \n\t"
+        "ORR        x4, x4, x5, LSL #26\n\t"
+        "ORR        x4, x4, x6, LSL #52\n\t"
+        "LSR        x5, x6, #12\n\t"
+        "ORR        x5, x5, x7, LSL #14\n\t"
+        "ORR        x5, x5, x8, LSL #40\n\t"
+        "LSR        x6, x8, #24\n\t"
         /* Check if h is larger than p */
-        "ADDS       x2, x5, #5           \n\t"
-        "ADCS       x3, x6, xzr          \n\t"
-        "ADC        x4, x7, xzr          \n\t"
+        "ADDS       x1, x4, #5           \n\t"
+        "ADCS       x2, x5, xzr          \n\t"
+        "ADC        x3, x6, xzr          \n\t"
         /* Check if h+5 is larger than 2^130 */
-        "CMP        x4, #3               \n\t"
+        "CMP        x3, #3               \n\t"
+        "CSEL       x4, x1, x4, HI       \n\t"
         "CSEL       x5, x2, x5, HI       \n\t"
-        "CSEL       x6, x3, x6, HI       \n\t"
-        "ADDS       x5, x5, x16          \n\t"
-        "ADC        x6, x6, x17          \n\t"
-        "STP        x5, x6, [%[mac]]     \n\t"
-        : [mac] "+r" (mac)
-        : [pad_addr] "m" (ctx->pad),
-          [h_addr] "m" (ctx->h),
-          [h_4_addr] "m" (ctx->h[4])
-        : "memory", "cc",
-          "w2", "w3", "w4", "w5", "w6", "w7", "x2", "x3", "x4", "x5",
-          "x6", "x7", "x16", "x17"
-    );
+        "ADDS       x4, x4, x9           \n\t"
+        "ADC        x5, x5, x10          \n\t"
+        "STP        x4, x5, [%[mac]]     \n\t"
 
-    /* zero out the state */
-    ctx->h[0] = 0;
-    ctx->h[1] = 0;
-    ctx->h[2] = 0;
-    ctx->h[3] = 0;
-    ctx->h[4] = 0;
-    ctx->r[0] = 0;
-    ctx->r[1] = 0;
-    ctx->r[2] = 0;
-    ctx->r[3] = 0;
-    ctx->r[4] = 0;
-    ctx->r_2[0] = 0;
-    ctx->r_2[1] = 0;
-    ctx->r_2[2] = 0;
-    ctx->r_2[3] = 0;
-    ctx->r_2[4] = 0;
-    ctx->r_4[0] = 0;
-    ctx->r_4[1] = 0;
-    ctx->r_4[2] = 0;
-    ctx->r_4[3] = 0;
-    ctx->r_4[4] = 0;
-    ctx->pad[0] = 0;
-    ctx->pad[1] = 0;
-    ctx->pad[2] = 0;
-    ctx->pad[3] = 0;
+        /* Zero out h */
+        "STP        xzr, xzr, [%[ctx_h]] \n\t"
+        "STR        wzr, [%[ctx_h], #16] \n\t"
+        /* Zero out r64 */
+        "STP        xzr, xzr, [%[ctx_r64]] \n\t"
+        /* Zero out r */
+        "STP        xzr, xzr, [%[ctx_r]] \n\t"
+        "STR        wzr, [%[ctx_r], #16] \n\t"
+        /* Zero out r_2 */
+        "STP        xzr, xzr, [%[ctx_r_2]] \n\t"
+        "STR        wzr, [%[ctx_r_2], #16] \n\t"
+        /* Zero out r_4 */
+        "STP        xzr, xzr, [%[ctx_r_4]] \n\t"
+        "STR        wzr, [%[ctx_r_4], #16] \n\t"
+        /* Zero out pad */
+        "STP        xzr, xzr, %[ctx_pad] \n\t"
+        :
+        : [ctx_pad] "m" (ctx->pad), [ctx_h] "r" (ctx->h), [mac] "r" (mac),
+          [ctx_r64] "r" (ctx->r64), [ctx_r] "r" (ctx->r),
+          [ctx_r_2] "r" (ctx->r_2), [ctx_r_4] "r" (ctx->r_4)
+        : "memory", "cc",
+          "w4", "w5", "w6", "w7", "w8",
+          "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10"
+    );
 
     return 0;
 }
 
-#endif /* HAVE_POLY1305 */
+#else
+#ifdef WOLFSSL_ARMASM_THUMB2
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m,
+    size_t bytes)
+{
+    poly1305_blocks_thumb2_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+#else
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char* m, size_t bytes)
+{
+#ifndef WOLFSSL_ARMASM_NO_NEON
+    poly1305_arm32_blocks(ctx, m, bytes);
+#else
+    poly1305_arm32_blocks_16(ctx, m, bytes, 1);
+#endif
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_arm32(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_arm32_blocks_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+#endif
+
+/* Set the key for the Poly1305 operation.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] key    Key data to use.
+ * @param [in] keySz  Size of key in bytes. Must be 32.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32.
+ */
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    if (key != NULL) {
+        for (k = 0; k < keySz; k++) {
+            printf("%02x", key[k]);
+            if ((k+1) % 8 == 0)
+                printf("\n");
+        }
+    }
+    printf("\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL) || (keySz != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        poly1305_set_key(ctx, key);
+    }
+
+    return ret;
+}
+
+/* Finalize the Poly1305 operation calculating the MAC.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] mac    Buffer to hold the MAC. Myst be at least 16 bytes long.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or mac is NULL.
+ */
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (mac == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Process the remaining partial block - last block. */
+    if (ret == 0) {
+    #if !defined(WOLFSSL_ARMASM_THUMB2) && !defined(WOLFSSL_ARMASM_NO_NEON)
+        if (ctx->leftover >= POLY1305_BLOCK_SIZE) {
+             size_t len = ctx->leftover & (~(POLY1305_BLOCK_SIZE - 1));
+             poly1305_arm32_blocks(ctx, ctx->buffer, len);
+             ctx->leftover -= len;
+             if (ctx->leftover) {
+                 XMEMCPY(ctx->buffer, ctx->buffer + len, ctx->leftover);
+             }
+        }
+    #endif
+        if (ctx->leftover) {
+             size_t i = ctx->leftover;
+             ctx->buffer[i++] = 1;
+             for (; i < POLY1305_BLOCK_SIZE; i++) {
+                 ctx->buffer[i] = 0;
+             }
+        #ifdef WOLFSSL_ARMASM_THUMB2
+             poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE,
+                 0);
+        #else
+             poly1305_arm32_blocks_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0);
+        #endif
+        }
+
+        poly1305_final(ctx, mac);
+    }
+
+    return ret;
+}
+
 #endif /* __aarch64__ */
+#endif /* HAVE_POLY1305 */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c
index 55860d86b..33df2a2f0 100644
--- a/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -1,6 +1,6 @@
 /* armv8-sha256.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,13 +29,27 @@
 #ifdef WOLFSSL_ARMASM
 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA224)
 
-#ifdef HAVE_FIPS
-#undef HAVE_FIPS
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
 #endif
 
 #include <wolfssl/wolfcrypt/sha256.h>
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000014 };
+    int wolfCrypt_FIPS_SHA256_sanity(void)
+    {
+        return 0;
+    }
+#endif
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -44,6 +58,10 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(FREESCALE_MMCAU_SHA)
     #ifdef FREESCALE_MMCAU_CLASSIC_SHA
         #include "cau_api.h"
@@ -52,8 +70,8 @@
     #endif
 #endif
 
-#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
-static const ALIGN32 word32 K[64] = {
+#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
     0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
     0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
     0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
@@ -71,6 +89,202 @@ static const ALIGN32 word32 K[64] = {
 #endif
 
 
+#if defined(__aarch64__)
+/* Both versions of Ch and Maj are logically the same, but with the second set
+    the compilers can recognize them better for optimization */
+#ifdef WOLFSSL_SHA256_BY_SPEC
+    /* SHA256 math based on specification */
+    #define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
+    #define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
+#else
+    /* SHA256 math reworked for easier compiler optimization */
+    #define Ch(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+    #define Maj(x,y,z)      ((((x) ^ (y)) & ((y) ^ (z))) ^ (y))
+#endif
+    #define R(x, n)         (((x) & 0xFFFFFFFFU) >> (n))
+
+    #define S(x, n)         rotrFixed(x, n)
+    #define Sigma0(x)       (S(x, 2)  ^ S(x, 13) ^ S(x, 22))
+    #define Sigma1(x)       (S(x, 6)  ^ S(x, 11) ^ S(x, 25))
+    #define Gamma0(x)       (S(x, 7)  ^ S(x, 18) ^ R(x, 3))
+    #define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+
+    #define a(i) S[(0-(i)) & 7]
+    #define b(i) S[(1-(i)) & 7]
+    #define c(i) S[(2-(i)) & 7]
+    #define d(i) S[(3-(i)) & 7]
+    #define e(i) S[(4-(i)) & 7]
+    #define f(i) S[(5-(i)) & 7]
+    #define g(i) S[(6-(i)) & 7]
+    #define h(i) S[(7-(i)) & 7]
+
+    #ifndef XTRANSFORM
+         #define XTRANSFORM(S, D)         Transform_Sha256((S),(D))
+    #endif
+
+#ifndef SHA256_MANY_REGISTERS
+    #define RND(j) \
+         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+(j)] + \
+              W[i+(j)]; \
+         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
+         d(j) += t0; \
+         h(j)  = t0 + t1
+
+    static void Transform_Sha256(wc_Sha256* sha256, const byte* data)
+    {
+        word32 S[8], t0, t1;
+        int i;
+
+    #ifdef WOLFSSL_SMALL_STACK_CACHE
+        word32* W = sha256->W;
+        if (W == NULL) {
+            W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
+                                                           DYNAMIC_TYPE_DIGEST);
+            if (W == NULL)
+                return;
+            sha256->W = W;
+        }
+    #elif defined(WOLFSSL_SMALL_STACK)
+        word32* W;
+        W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+        if (W == NULL)
+            return;
+    #else
+        word32 W[WC_SHA256_BLOCK_SIZE];
+    #endif
+
+        /* Copy context->state[] to working vars */
+        for (i = 0; i < 8; i++)
+            S[i] = sha256->digest[i];
+
+        for (i = 0; i < 16; i++)
+            W[i] = *((const word32*)&data[i*(int)sizeof(word32)]);
+
+        for (i = 16; i < WC_SHA256_BLOCK_SIZE; i++)
+           W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
+
+    #ifdef USE_SLOW_SHA256
+        /* not unrolled - ~2k smaller and ~25% slower */
+        for (i = 0; i < WC_SHA256_BLOCK_SIZE; i += 8) {
+            int j;
+            for (j = 0; j < 8; j++) { /* braces needed here for macros {} */
+                RND(j);
+            }
+        }
+    #else
+        /* partially loop unrolled */
+        for (i = 0; i < WC_SHA256_BLOCK_SIZE; i += 8) {
+            RND(0); RND(1); RND(2); RND(3);
+            RND(4); RND(5); RND(6); RND(7);
+        }
+    #endif /* USE_SLOW_SHA256 */
+
+        /* Add the working vars back into digest state[] */
+        for (i = 0; i < 8; i++) {
+            sha256->digest[i] += S[i];
+        }
+
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
+        ForceZero(W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
+        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+    }
+#else
+    /* SHA256 version that keeps all data in registers */
+    #define SCHED1(j) (W[j] = *((word32*)&data[j*sizeof(word32)]))
+    #define SCHED(j) (               \
+                   W[ j     & 15] += \
+            Gamma1(W[(j-2)  & 15])+  \
+                   W[(j-7)  & 15] +  \
+            Gamma0(W[(j-15) & 15])   \
+        )
+
+    #define RND1(j) \
+         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+j] + SCHED1(j); \
+         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
+         d(j) += t0; \
+         h(j)  = t0 + t1
+    #define RNDN(j) \
+         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+j] + SCHED(j); \
+         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
+         d(j) += t0; \
+         h(j)  = t0 + t1
+
+    static void Transform_Sha256(wc_Sha256* sha256, const byte* data)
+    {
+        word32 S[8], t0, t1;
+        int i;
+    #ifdef USE_SLOW_SHA256
+        int j;
+    #endif
+        word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)];
+
+        /* Copy digest to working vars */
+        S[0] = sha256->digest[0];
+        S[1] = sha256->digest[1];
+        S[2] = sha256->digest[2];
+        S[3] = sha256->digest[3];
+        S[4] = sha256->digest[4];
+        S[5] = sha256->digest[5];
+        S[6] = sha256->digest[6];
+        S[7] = sha256->digest[7];
+
+        i = 0;
+    #ifdef USE_SLOW_SHA256
+        for (j = 0; j < 16; j++) {
+            RND1(j);
+        }
+        for (i = 16; i < 64; i += 16) {
+            for (j = 0; j < 16; j++) {
+                RNDN(j);
+            }
+        }
+    #else
+        RND1( 0); RND1( 1); RND1( 2); RND1( 3);
+        RND1( 4); RND1( 5); RND1( 6); RND1( 7);
+        RND1( 8); RND1( 9); RND1(10); RND1(11);
+        RND1(12); RND1(13); RND1(14); RND1(15);
+        /* 64 operations, partially loop unrolled */
+        for (i = 16; i < 64; i += 16) {
+            RNDN( 0); RNDN( 1); RNDN( 2); RNDN( 3);
+            RNDN( 4); RNDN( 5); RNDN( 6); RNDN( 7);
+            RNDN( 8); RNDN( 9); RNDN(10); RNDN(11);
+            RNDN(12); RNDN(13); RNDN(14); RNDN(15);
+        }
+    #endif
+
+        /* Add the working vars back into digest */
+        sha256->digest[0] += S[0];
+        sha256->digest[1] += S[1];
+        sha256->digest[2] += S[2];
+        sha256->digest[3] += S[3];
+        sha256->digest[4] += S[4];
+        sha256->digest[5] += S[5];
+        sha256->digest[6] += S[6];
+        sha256->digest[7] += S[7];
+    }
+#endif /* SHA256_MANY_REGISTERS */
+
+static void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
+    word32 len)
+{
+    while (len > 0) {
+        byte tmp[WC_SHA256_BLOCK_SIZE];
+        ByteReverseWords((word32*)tmp, (const word32*)data,
+            WC_SHA256_BLOCK_SIZE);
+        Transform_Sha256(sha256, tmp);
+        data += WC_SHA256_BLOCK_SIZE;
+        len  -= WC_SHA256_BLOCK_SIZE;
+    }
+}
+#endif
+
+#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+static word32 cpuid_flags = 0;
+static int cpuid_flags_set = 0;
+#endif
+
 static int InitSha256(wc_Sha256* sha256)
 {
     int ret = 0;
@@ -130,8 +344,8 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     word32* k = (word32*)K;
 
     __asm__ volatile (
-    "#load leftover data\n"
-    "LD1 {v0.2d-v3.2d}, %[buffer]   \n"
+    "# load first block of data\n"
+    "LD1 {v0.16b-v3.16b}, [%[dataIn]], #64   \n"
 
     "#load current digest\n"
     "LD1 {v12.2d-v13.2d}, %[digest] \n"
@@ -281,7 +495,7 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     "CBZ w8, 2f \n"
 
     "#load in message and schedule updates \n"
-    "LD1 {v0.2d-v3.2d}, [%[dataIn]], #64   \n"
+    "LD1 {v0.16b-v3.16b}, [%[dataIn]], #64   \n"
     "MOV v14.16b, v12.16b \n"
     "MOV v15.16b, v13.16b \n"
     "REV32 v0.16b, v0.16b \n"
@@ -291,12 +505,11 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     "B 1b \n" /* do another block */
 
     "2:\n"
-    "STP q12, q13, %[out] \n"
+    "ST1 {v12.2d-v13.2d}, %[out] \n"
 
-    : [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
-      "=r" (data), "=r" (k)
-    : [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
-      [blocks] "2" (numBlocks), [dataIn] "3" (data)
+    : [out] "=m" (sha256->digest), "=r" (numBlocks), "=r" (data), "=r" (k)
+    : [k] "3" (k), [digest] "m" (sha256->digest), [blocks] "1" (numBlocks),
+      [dataIn] "2" (data)
     : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
                       "v8",  "v9",  "v10", "v11", "v12", "v13", "v14",
                       "v15", "v16", "v17", "v18", "v19", "v20", "v21",
@@ -306,35 +519,56 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
 }
 
 /* ARMv8 hardware acceleration */
-static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
 {
     word32 add;
     word32 numBlocks;
 
     /* only perform actions if a buffer is passed in */
     if (len > 0) {
-        /* fill leftover buffer with data */
-        add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-        XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
-        sha256->buffLen += add;
-        data            += add;
-        len             -= add;
+        AddLength(sha256, len);
+
+        if (sha256->buffLen > 0) {
+            /* fill leftover buffer with data */
+            add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+            XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+            sha256->buffLen += add;
+            data            += add;
+            len             -= add;
+            if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                if (IS_AARCH64_SHA256(cpuid_flags)) {
+                    Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                }
+                else {
+                    ByteReverseWords(sha256->buffer, sha256->buffer,
+                        WC_SHA256_BLOCK_SIZE);
+                    Transform_Sha256(sha256, (const byte*)sha256->buffer);
+                }
+
+                 sha256->buffLen = 0;
+            }
+        }
 
         /* number of blocks in a row to complete */
-        numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
+        numBlocks = (len + sha256->buffLen) / WC_SHA256_BLOCK_SIZE;
 
         if (numBlocks > 0) {
-            /* get leftover amount after blocks */
-            add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
-
-            Sha256Transform(sha256, data, numBlocks);
-            data += numBlocks * WC_SHA256_BLOCK_SIZE - sha256->buffLen;
-
-            AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
+            if (IS_AARCH64_SHA256(cpuid_flags)) {
+                Sha256Transform(sha256, data, numBlocks);
+            }
+            else {
+                Transform_Sha256_Len(sha256, data,
+                    numBlocks * WC_SHA256_BLOCK_SIZE);
+            }
+            data += numBlocks * WC_SHA256_BLOCK_SIZE;
+            len  -= numBlocks * WC_SHA256_BLOCK_SIZE;
+        }
 
+        if (len > 0) {
             /* copy over any remaining data leftover */
-            XMEMCPY(sha256->buffer, data, add);
-            sha256->buffLen = add;
+            XMEMCPY(sha256->buffer, data, len);
+            sha256->buffLen = len;
         }
     }
 
@@ -352,164 +586,170 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
     const word32* k;
 
     local = (byte*)sha256->buffer;
-    AddLength(sha256, sha256->buffLen);  /* before adding pads */
-
     local[sha256->buffLen++] = 0x80;     /* add 1 */
 
     /* pad with zeros */
     if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
-
-        XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_BLOCK_SIZE -
+                                                               sha256->buffLen);
         sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
-        k = K;
-        __asm__ volatile (
-            "LD1 {v4.2d-v7.2d}, %[buffer]          \n"
-            "MOV v0.16b, v4.16b                    \n"
-            "MOV v1.16b, v5.16b                    \n"
-            "REV32 v0.16b, v0.16b                  \n"
-            "REV32 v1.16b, v1.16b                  \n"
-            "MOV v2.16b, v6.16b                    \n"
-            "MOV v3.16b, v7.16b                    \n"
-            "REV32 v2.16b, v2.16b                  \n"
-            "REV32 v3.16b, v3.16b                  \n"
-            "MOV v4.16b, v0.16b                    \n"
-            "MOV v5.16b, v1.16b                    \n"
-            "LD1 {v20.2d-v21.2d}, %[digest]        \n"
+        if (IS_AARCH64_SHA256(cpuid_flags)) {
+            k = K;
+            __asm__ volatile (
+                "LD1 {v4.2d-v7.2d}, %[buffer]          \n"
+                "MOV v0.16b, v4.16b                    \n"
+                "MOV v1.16b, v5.16b                    \n"
+                "REV32 v0.16b, v0.16b                  \n"
+                "REV32 v1.16b, v1.16b                  \n"
+                "MOV v2.16b, v6.16b                    \n"
+                "MOV v3.16b, v7.16b                    \n"
+                "REV32 v2.16b, v2.16b                  \n"
+                "REV32 v3.16b, v3.16b                  \n"
+                "MOV v4.16b, v0.16b                    \n"
+                "MOV v5.16b, v1.16b                    \n"
+                "LD1 {v20.2d-v21.2d}, %[digest]        \n"
 
-            "#SHA256 operation on updated message  \n"
-            "MOV v16.16b, v20.16b \n"
-            "MOV v17.16b, v21.16b \n"
+                "#SHA256 operation on updated message  \n"
+                "MOV v16.16b, v20.16b \n"
+                "MOV v17.16b, v21.16b \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
-            "SHA256SU0 v4.4s, v1.4s        \n"
-            "ADD v0.4s, v0.4s, v22.4s      \n"
-            "MOV v6.16b, v2.16b            \n"
-            "MOV v18.16b, v16.16b          \n"
-            "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
-            "SHA256H q16, q17, v0.4s       \n"
-            "SHA256H2 q17, q18, v0.4s      \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+                "SHA256SU0 v4.4s, v1.4s        \n"
+                "ADD v0.4s, v0.4s, v22.4s      \n"
+                "MOV v6.16b, v2.16b            \n"
+                "MOV v18.16b, v16.16b          \n"
+                "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
+                "SHA256H q16, q17, v0.4s       \n"
+                "SHA256H2 q17, q18, v0.4s      \n"
 
-            "SHA256SU0 v5.4s, v2.4s        \n"
-            "ADD v1.4s, v1.4s, v23.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v7.16b, v3.16b            \n"
-            "SHA256SU1 v5.4s, v3.4s, v4.4s \n"
-            "SHA256H q16, q17, v1.4s       \n"
-            "SHA256H2 q17, q18, v1.4s      \n"
+                "SHA256SU0 v5.4s, v2.4s        \n"
+                "ADD v1.4s, v1.4s, v23.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v7.16b, v3.16b            \n"
+                "SHA256SU1 v5.4s, v3.4s, v4.4s \n"
+                "SHA256H q16, q17, v1.4s       \n"
+                "SHA256H2 q17, q18, v1.4s      \n"
 
-            "SHA256SU0 v6.4s, v3.4s        \n"
-            "ADD v2.4s, v2.4s, v24.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v8.16b, v4.16b            \n"
-            "SHA256SU1 v6.4s, v4.4s, v5.4s \n"
-            "SHA256H q16, q17, v2.4s       \n"
-            "SHA256H2 q17, q18, v2.4s      \n"
+                "SHA256SU0 v6.4s, v3.4s        \n"
+                "ADD v2.4s, v2.4s, v24.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v8.16b, v4.16b            \n"
+                "SHA256SU1 v6.4s, v4.4s, v5.4s \n"
+                "SHA256H q16, q17, v2.4s       \n"
+                "SHA256H2 q17, q18, v2.4s      \n"
 
-            "SHA256SU0 v7.4s, v4.4s        \n"
-            "ADD v3.4s, v3.4s, v25.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v9.16b, v5.16b            \n"
-            "SHA256SU1 v7.4s, v5.4s, v6.4s \n"
-            "SHA256H q16, q17, v3.4s       \n"
-            "SHA256H2 q17, q18, v3.4s      \n"
+                "SHA256SU0 v7.4s, v4.4s        \n"
+                "ADD v3.4s, v3.4s, v25.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v9.16b, v5.16b            \n"
+                "SHA256SU1 v7.4s, v5.4s, v6.4s \n"
+                "SHA256H q16, q17, v3.4s       \n"
+                "SHA256H2 q17, q18, v3.4s      \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
-            "SHA256SU0 v8.4s, v5.4s        \n"
-            "ADD v4.4s, v4.4s, v22.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v10.16b, v6.16b           \n"
-            "SHA256SU1 v8.4s, v6.4s, v7.4s \n"
-            "SHA256H q16, q17, v4.4s       \n"
-            "SHA256H2 q17, q18, v4.4s      \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+                "SHA256SU0 v8.4s, v5.4s        \n"
+                "ADD v4.4s, v4.4s, v22.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v10.16b, v6.16b           \n"
+                "SHA256SU1 v8.4s, v6.4s, v7.4s \n"
+                "SHA256H q16, q17, v4.4s       \n"
+                "SHA256H2 q17, q18, v4.4s      \n"
 
-            "SHA256SU0 v9.4s, v6.4s        \n"
-            "ADD v5.4s, v5.4s, v23.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v11.16b, v7.16b           \n"
-            "SHA256SU1 v9.4s, v7.4s, v8.4s \n"
-            "SHA256H q16, q17, v5.4s       \n"
-            "SHA256H2 q17, q18, v5.4s      \n"
+                "SHA256SU0 v9.4s, v6.4s        \n"
+                "ADD v5.4s, v5.4s, v23.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v11.16b, v7.16b           \n"
+                "SHA256SU1 v9.4s, v7.4s, v8.4s \n"
+                "SHA256H q16, q17, v5.4s       \n"
+                "SHA256H2 q17, q18, v5.4s      \n"
 
-            "SHA256SU0 v10.4s, v7.4s        \n"
-            "ADD v6.4s, v6.4s, v24.4s       \n"
-            "MOV v18.16b, v16.16b           \n"
-            "MOV v12.16b, v8.16b            \n"
-            "SHA256SU1 v10.4s, v8.4s, v9.4s \n"
-            "SHA256H q16, q17, v6.4s        \n"
-            "SHA256H2 q17, q18, v6.4s       \n"
+                "SHA256SU0 v10.4s, v7.4s        \n"
+                "ADD v6.4s, v6.4s, v24.4s       \n"
+                "MOV v18.16b, v16.16b           \n"
+                "MOV v12.16b, v8.16b            \n"
+                "SHA256SU1 v10.4s, v8.4s, v9.4s \n"
+                "SHA256H q16, q17, v6.4s        \n"
+                "SHA256H2 q17, q18, v6.4s       \n"
 
-            "SHA256SU0 v11.4s, v8.4s         \n"
-            "ADD v7.4s, v7.4s, v25.4s        \n"
-            "MOV v18.16b, v16.16b            \n"
-            "MOV v13.16b, v9.16b             \n"
-            "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
-            "SHA256H q16, q17, v7.4s         \n"
-            "SHA256H2 q17, q18, v7.4s        \n"
+                "SHA256SU0 v11.4s, v8.4s         \n"
+                "ADD v7.4s, v7.4s, v25.4s        \n"
+                "MOV v18.16b, v16.16b            \n"
+                "MOV v13.16b, v9.16b             \n"
+                "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
+                "SHA256H q16, q17, v7.4s         \n"
+                "SHA256H2 q17, q18, v7.4s        \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
-            "SHA256SU0 v12.4s, v9.4s            \n"
-            "ADD v8.4s, v8.4s, v22.4s           \n"
-            "MOV v18.16b, v16.16b               \n"
-            "MOV v14.16b, v10.16b               \n"
-            "SHA256SU1 v12.4s, v10.4s, v11.4s   \n"
-            "SHA256H q16, q17, v8.4s            \n"
-            "SHA256H2 q17, q18, v8.4s           \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+                "SHA256SU0 v12.4s, v9.4s            \n"
+                "ADD v8.4s, v8.4s, v22.4s           \n"
+                "MOV v18.16b, v16.16b               \n"
+                "MOV v14.16b, v10.16b               \n"
+                "SHA256SU1 v12.4s, v10.4s, v11.4s   \n"
+                "SHA256H q16, q17, v8.4s            \n"
+                "SHA256H2 q17, q18, v8.4s           \n"
 
-            "SHA256SU0 v13.4s, v10.4s           \n"
-            "ADD v9.4s, v9.4s, v23.4s           \n"
-            "MOV v18.16b, v16.16b               \n"
-            "MOV v15.16b, v11.16b               \n"
-            "SHA256SU1 v13.4s, v11.4s, v12.4s   \n"
-            "SHA256H q16, q17, v9.4s            \n"
-            "SHA256H2 q17, q18, v9.4s           \n"
+                "SHA256SU0 v13.4s, v10.4s           \n"
+                "ADD v9.4s, v9.4s, v23.4s           \n"
+                "MOV v18.16b, v16.16b               \n"
+                "MOV v15.16b, v11.16b               \n"
+                "SHA256SU1 v13.4s, v11.4s, v12.4s   \n"
+                "SHA256H q16, q17, v9.4s            \n"
+                "SHA256H2 q17, q18, v9.4s           \n"
 
-            "SHA256SU0 v14.4s, v11.4s           \n"
-            "ADD v10.4s, v10.4s, v24.4s         \n"
-            "MOV v18.16b, v16.16b               \n"
-            "SHA256SU1 v14.4s, v12.4s, v13.4s   \n"
-            "SHA256H q16, q17, v10.4s           \n"
-            "SHA256H2 q17, q18, v10.4s          \n"
+                "SHA256SU0 v14.4s, v11.4s           \n"
+                "ADD v10.4s, v10.4s, v24.4s         \n"
+                "MOV v18.16b, v16.16b               \n"
+                "SHA256SU1 v14.4s, v12.4s, v13.4s   \n"
+                "SHA256H q16, q17, v10.4s           \n"
+                "SHA256H2 q17, q18, v10.4s          \n"
 
-            "SHA256SU0 v15.4s, v12.4s           \n"
-            "ADD v11.4s, v11.4s, v25.4s         \n"
-            "MOV v18.16b, v16.16b               \n"
-            "SHA256SU1 v15.4s, v13.4s, v14.4s   \n"
-            "SHA256H q16, q17, v11.4s           \n"
-            "SHA256H2 q17, q18, v11.4s          \n"
+                "SHA256SU0 v15.4s, v12.4s           \n"
+                "ADD v11.4s, v11.4s, v25.4s         \n"
+                "MOV v18.16b, v16.16b               \n"
+                "SHA256SU1 v15.4s, v13.4s, v14.4s   \n"
+                "SHA256H q16, q17, v11.4s           \n"
+                "SHA256H2 q17, q18, v11.4s          \n"
 
-            "LD1 {v22.16b-v25.16b}, [%[k]] \n"
-            "ADD v12.4s, v12.4s, v22.4s    \n"
-            "MOV v18.16b, v16.16b          \n"
-            "SHA256H q16, q17, v12.4s      \n"
-            "SHA256H2 q17, q18, v12.4s     \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]] \n"
+                "ADD v12.4s, v12.4s, v22.4s    \n"
+                "MOV v18.16b, v16.16b          \n"
+                "SHA256H q16, q17, v12.4s      \n"
+                "SHA256H2 q17, q18, v12.4s     \n"
 
-            "ADD v13.4s, v13.4s, v23.4s    \n"
-            "MOV v18.16b, v16.16b          \n"
-            "SHA256H q16, q17, v13.4s      \n"
-            "SHA256H2 q17, q18, v13.4s     \n"
+                "ADD v13.4s, v13.4s, v23.4s    \n"
+                "MOV v18.16b, v16.16b          \n"
+                "SHA256H q16, q17, v13.4s      \n"
+                "SHA256H2 q17, q18, v13.4s     \n"
 
-            "ADD v14.4s, v14.4s, v24.4s  \n"
-            "MOV v18.16b, v16.16b        \n"
-            "SHA256H q16, q17, v14.4s    \n"
-            "SHA256H2 q17, q18, v14.4s   \n"
+                "ADD v14.4s, v14.4s, v24.4s  \n"
+                "MOV v18.16b, v16.16b        \n"
+                "SHA256H q16, q17, v14.4s    \n"
+                "SHA256H2 q17, q18, v14.4s   \n"
 
-            "ADD v15.4s, v15.4s, v25.4s  \n"
-            "MOV v18.16b, v16.16b        \n"
-            "SHA256H q16, q17, v15.4s    \n"
-            "SHA256H2 q17, q18, v15.4s   \n"
+                "ADD v15.4s, v15.4s, v25.4s  \n"
+                "MOV v18.16b, v16.16b        \n"
+                "SHA256H q16, q17, v15.4s    \n"
+                "SHA256H2 q17, q18, v15.4s   \n"
 
-            "#Add working vars back into digest state \n"
-            "ADD v16.4s, v16.4s, v20.4s \n"
-            "ADD v17.4s, v17.4s, v21.4s \n"
-            "STP q16, q17, %[out] \n"
+                "#Add working vars back into digest state \n"
+                "ADD v16.4s, v16.4s, v20.4s \n"
+                "ADD v17.4s, v17.4s, v21.4s \n"
+                "ST1 {v16.2d-v17.2d}, %[out]        \n"
 
-            : [out] "=m" (sha256->digest), [k] "+r" (k)
-            : [digest] "m" (sha256->digest),
-              [buffer] "m" (sha256->buffer)
-            : "cc", "memory", "v0", "v1", "v2", "v3", "v8",  "v9",  "v10", "v11"
-                            , "v12", "v13", "v14", "v15", "v16", "v17", "v18"
-                            , "v19", "v20", "v21", "v22", "v23", "v24", "v25"
-        );
+                : [out] "=m" (sha256->digest), [k] "+r" (k)
+                : [digest] "m" (sha256->digest),
+                  [buffer] "m" (sha256->buffer)
+                : "cc", "memory", "v0", "v1", "v2", "v3", "v8",  "v9",  "v10"
+                                , "v11" , "v12", "v13", "v14", "v15", "v16"
+                                , "v17", "v18" , "v19", "v20", "v21", "v22"
+                                , "v23", "v24", "v25"
+            );
+        }
+        else {
+            ByteReverseWords(sha256->buffer, sha256->buffer,
+                WC_SHA256_BLOCK_SIZE);
+            Transform_Sha256(sha256, (const byte*)sha256->buffer);
+        }
 
         sha256->buffLen = 0;
     }
@@ -535,162 +775,173 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         );
     #endif
     /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
-    XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
-            sizeof(word32));
+        XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
+        XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
+                sizeof(word32));
 
-    k = K;
-    __asm__ volatile (
-        "#load in message and schedule updates \n"
-        "LD1 {v4.2d-v7.2d}, %[buffer]        \n"
-        "MOV v0.16b, v4.16b \n"
-        "MOV v1.16b, v5.16b \n"
-        "MOV v2.16b, v6.16b \n"
-        "MOV v3.16b, v7.16b \n"
-        "LD1 {v20.2d-v21.2d}, %[digest] \n"
+    if (IS_AARCH64_SHA256(cpuid_flags)) {
+        k = K;
+        __asm__ volatile (
+            "#load in message and schedule updates \n"
+            "LD1 {v4.2d-v7.2d}, %[buffer]        \n"
+            "MOV v0.16b, v4.16b \n"
+            "MOV v1.16b, v5.16b \n"
+            "MOV v2.16b, v6.16b \n"
+            "MOV v3.16b, v7.16b \n"
+            "LD1 {v20.2d-v21.2d}, %[digest] \n"
 
-        "MOV v16.16b, v20.16b      \n"
-        "MOV v17.16b, v21.16b      \n"
-        "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
-        "SHA256SU0 v4.4s, v1.4s          \n"
-        "ADD v0.4s, v0.4s, v22.4s        \n"
-        "MOV v6.16b, v2.16b              \n"
-        "MOV v18.16b, v16.16b            \n"
-        "SHA256SU1 v4.4s, v2.4s, v3.4s   \n"
-        "SHA256H q16, q17, v0.4s         \n"
-        "SHA256H2 q17, q18, v0.4s        \n"
+            "MOV v16.16b, v20.16b      \n"
+            "MOV v17.16b, v21.16b      \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+            "SHA256SU0 v4.4s, v1.4s          \n"
+            "ADD v0.4s, v0.4s, v22.4s        \n"
+            "MOV v6.16b, v2.16b              \n"
+            "MOV v18.16b, v16.16b            \n"
+            "SHA256SU1 v4.4s, v2.4s, v3.4s   \n"
+            "SHA256H q16, q17, v0.4s         \n"
+            "SHA256H2 q17, q18, v0.4s        \n"
 
-        "SHA256SU0 v5.4s, v2.4s          \n"
-        "ADD v1.4s, v1.4s, v23.4s        \n"
-        "MOV v7.16b, v3.16b              \n"
-        "MOV v18.16b, v16.16b            \n"
-        "SHA256SU1 v5.4s, v3.4s, v4.4s   \n"
-        "SHA256H q16, q17, v1.4s         \n"
-        "SHA256H2 q17, q18, v1.4s        \n"
+            "SHA256SU0 v5.4s, v2.4s          \n"
+            "ADD v1.4s, v1.4s, v23.4s        \n"
+            "MOV v7.16b, v3.16b              \n"
+            "MOV v18.16b, v16.16b            \n"
+            "SHA256SU1 v5.4s, v3.4s, v4.4s   \n"
+            "SHA256H q16, q17, v1.4s         \n"
+            "SHA256H2 q17, q18, v1.4s        \n"
 
-        "SHA256SU0 v6.4s, v3.4s          \n"
-        "ADD v2.4s, v2.4s, v24.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v8.16b, v4.16b              \n"
-        "SHA256SU1 v6.4s, v4.4s, v5.4s   \n"
-        "SHA256H q16, q17, v2.4s         \n"
-        "SHA256H2 q17, q18, v2.4s        \n"
+            "SHA256SU0 v6.4s, v3.4s          \n"
+            "ADD v2.4s, v2.4s, v24.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v8.16b, v4.16b              \n"
+            "SHA256SU1 v6.4s, v4.4s, v5.4s   \n"
+            "SHA256H q16, q17, v2.4s         \n"
+            "SHA256H2 q17, q18, v2.4s        \n"
 
-        "SHA256SU0 v7.4s, v4.4s          \n"
-        "ADD v3.4s, v3.4s, v25.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v9.16b, v5.16b              \n"
-        "SHA256SU1 v7.4s, v5.4s, v6.4s   \n"
-        "SHA256H q16, q17, v3.4s         \n"
-        "SHA256H2 q17, q18, v3.4s        \n"
+            "SHA256SU0 v7.4s, v4.4s          \n"
+            "ADD v3.4s, v3.4s, v25.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v9.16b, v5.16b              \n"
+            "SHA256SU1 v7.4s, v5.4s, v6.4s   \n"
+            "SHA256H q16, q17, v3.4s         \n"
+            "SHA256H2 q17, q18, v3.4s        \n"
 
-        "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
-        "SHA256SU0 v8.4s, v5.4s          \n"
-        "ADD v4.4s, v4.4s, v22.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v10.16b, v6.16b             \n"
-        "SHA256SU1 v8.4s, v6.4s, v7.4s   \n"
-        "SHA256H q16, q17, v4.4s         \n"
-        "SHA256H2 q17, q18, v4.4s        \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+            "SHA256SU0 v8.4s, v5.4s          \n"
+            "ADD v4.4s, v4.4s, v22.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v10.16b, v6.16b             \n"
+            "SHA256SU1 v8.4s, v6.4s, v7.4s   \n"
+            "SHA256H q16, q17, v4.4s         \n"
+            "SHA256H2 q17, q18, v4.4s        \n"
 
-        "SHA256SU0 v9.4s, v6.4s          \n"
-        "ADD v5.4s, v5.4s, v23.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v11.16b, v7.16b             \n"
-        "SHA256SU1 v9.4s, v7.4s, v8.4s   \n"
-        "SHA256H q16, q17, v5.4s         \n"
-        "SHA256H2 q17, q18, v5.4s        \n"
+            "SHA256SU0 v9.4s, v6.4s          \n"
+            "ADD v5.4s, v5.4s, v23.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v11.16b, v7.16b             \n"
+            "SHA256SU1 v9.4s, v7.4s, v8.4s   \n"
+            "SHA256H q16, q17, v5.4s         \n"
+            "SHA256H2 q17, q18, v5.4s        \n"
 
-        "SHA256SU0 v10.4s, v7.4s         \n"
-        "ADD v6.4s, v6.4s, v24.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v12.16b, v8.16b             \n"
-        "SHA256SU1 v10.4s, v8.4s, v9.4s  \n"
-        "SHA256H q16, q17, v6.4s         \n"
-        "SHA256H2 q17, q18, v6.4s        \n"
+            "SHA256SU0 v10.4s, v7.4s         \n"
+            "ADD v6.4s, v6.4s, v24.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v12.16b, v8.16b             \n"
+            "SHA256SU1 v10.4s, v8.4s, v9.4s  \n"
+            "SHA256H q16, q17, v6.4s         \n"
+            "SHA256H2 q17, q18, v6.4s        \n"
 
-        "SHA256SU0 v11.4s, v8.4s         \n"
-        "ADD v7.4s, v7.4s, v25.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v13.16b, v9.16b             \n"
-        "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
-        "SHA256H q16, q17, v7.4s         \n"
-        "SHA256H2 q17, q18, v7.4s        \n"
+            "SHA256SU0 v11.4s, v8.4s         \n"
+            "ADD v7.4s, v7.4s, v25.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v13.16b, v9.16b             \n"
+            "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
+            "SHA256H q16, q17, v7.4s         \n"
+            "SHA256H2 q17, q18, v7.4s        \n"
 
-        "LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
-        "SHA256SU0 v12.4s, v9.4s          \n"
-        "ADD v8.4s, v8.4s, v22.4s         \n"
-        "MOV v18.16b, v16.16b             \n"
-        "MOV v14.16b, v10.16b             \n"
-        "SHA256SU1 v12.4s, v10.4s, v11.4s \n"
-        "SHA256H q16, q17, v8.4s          \n"
-        "SHA256H2 q17, q18, v8.4s         \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+            "SHA256SU0 v12.4s, v9.4s          \n"
+            "ADD v8.4s, v8.4s, v22.4s         \n"
+            "MOV v18.16b, v16.16b             \n"
+            "MOV v14.16b, v10.16b             \n"
+            "SHA256SU1 v12.4s, v10.4s, v11.4s \n"
+            "SHA256H q16, q17, v8.4s          \n"
+            "SHA256H2 q17, q18, v8.4s         \n"
 
-        "SHA256SU0 v13.4s, v10.4s         \n"
-        "ADD v9.4s, v9.4s, v23.4s         \n"
-        "MOV v18.16b, v16.16b             \n"
-        "MOV v15.16b, v11.16b             \n"
-        "SHA256SU1 v13.4s, v11.4s, v12.4s \n"
-        "SHA256H q16, q17, v9.4s          \n"
-        "SHA256H2 q17, q18, v9.4s         \n"
+            "SHA256SU0 v13.4s, v10.4s         \n"
+            "ADD v9.4s, v9.4s, v23.4s         \n"
+            "MOV v18.16b, v16.16b             \n"
+            "MOV v15.16b, v11.16b             \n"
+            "SHA256SU1 v13.4s, v11.4s, v12.4s \n"
+            "SHA256H q16, q17, v9.4s          \n"
+            "SHA256H2 q17, q18, v9.4s         \n"
 
-        "SHA256SU0 v14.4s, v11.4s         \n"
-        "ADD v10.4s, v10.4s, v24.4s       \n"
-        "MOV v18.16b, v16.16b             \n"
-        "SHA256SU1 v14.4s, v12.4s, v13.4s \n"
-        "SHA256H q16, q17, v10.4s         \n"
-        "SHA256H2 q17, q18, v10.4s        \n"
+            "SHA256SU0 v14.4s, v11.4s         \n"
+            "ADD v10.4s, v10.4s, v24.4s       \n"
+            "MOV v18.16b, v16.16b             \n"
+            "SHA256SU1 v14.4s, v12.4s, v13.4s \n"
+            "SHA256H q16, q17, v10.4s         \n"
+            "SHA256H2 q17, q18, v10.4s        \n"
 
-        "SHA256SU0 v15.4s, v12.4s         \n"
-        "ADD v11.4s, v11.4s, v25.4s       \n"
-        "MOV v18.16b, v16.16b             \n"
-        "SHA256SU1 v15.4s, v13.4s, v14.4s \n"
-        "SHA256H q16, q17, v11.4s         \n"
-        "SHA256H2 q17, q18, v11.4s        \n"
+            "SHA256SU0 v15.4s, v12.4s         \n"
+            "ADD v11.4s, v11.4s, v25.4s       \n"
+            "MOV v18.16b, v16.16b             \n"
+            "SHA256SU1 v15.4s, v13.4s, v14.4s \n"
+            "SHA256H q16, q17, v11.4s         \n"
+            "SHA256H2 q17, q18, v11.4s        \n"
 
-        "LD1 {v22.16b-v25.16b}, [%[k]] \n"
-        "ADD v12.4s, v12.4s, v22.4s    \n"
-        "MOV v18.16b, v16.16b          \n"
-        "SHA256H q16, q17, v12.4s      \n"
-        "SHA256H2 q17, q18, v12.4s     \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]] \n"
+            "ADD v12.4s, v12.4s, v22.4s    \n"
+            "MOV v18.16b, v16.16b          \n"
+            "SHA256H q16, q17, v12.4s      \n"
+            "SHA256H2 q17, q18, v12.4s     \n"
 
-        "ADD v13.4s, v13.4s, v23.4s \n"
-        "MOV v18.16b, v16.16b       \n"
-        "SHA256H q16, q17, v13.4s   \n"
-        "SHA256H2 q17, q18, v13.4s  \n"
+            "ADD v13.4s, v13.4s, v23.4s \n"
+            "MOV v18.16b, v16.16b       \n"
+            "SHA256H q16, q17, v13.4s   \n"
+            "SHA256H2 q17, q18, v13.4s  \n"
 
-        "ADD v14.4s, v14.4s, v24.4s \n"
-        "MOV v18.16b, v16.16b       \n"
-        "SHA256H q16, q17, v14.4s   \n"
-        "SHA256H2 q17, q18, v14.4s  \n"
+            "ADD v14.4s, v14.4s, v24.4s \n"
+            "MOV v18.16b, v16.16b       \n"
+            "SHA256H q16, q17, v14.4s   \n"
+            "SHA256H2 q17, q18, v14.4s  \n"
 
-        "ADD v15.4s, v15.4s, v25.4s \n"
-        "MOV v18.16b, v16.16b       \n"
-        "SHA256H q16, q17, v15.4s   \n"
-        "SHA256H2 q17, q18, v15.4s  \n"
+            "ADD v15.4s, v15.4s, v25.4s \n"
+            "MOV v18.16b, v16.16b       \n"
+            "SHA256H q16, q17, v15.4s   \n"
+            "SHA256H2 q17, q18, v15.4s  \n"
 
-        "#Add working vars back into digest state \n"
-        "ADD v16.4s, v16.4s, v20.4s \n"
-        "ADD v17.4s, v17.4s, v21.4s \n"
+            "#Add working vars back into digest state \n"
+            "ADD v16.4s, v16.4s, v20.4s \n"
+            "ADD v17.4s, v17.4s, v21.4s \n"
 
-        "#Store value as hash output \n"
-    #if defined(LITTLE_ENDIAN_ORDER)
-        "REV32 v16.16b, v16.16b \n"
+            "#Store value as hash output \n"
+        #if defined(LITTLE_ENDIAN_ORDER)
+            "REV32 v16.16b, v16.16b \n"
+        #endif
+            "ST1 {v16.16b}, [%[hashOut]], #16 \n"
+        #if defined(LITTLE_ENDIAN_ORDER)
+            "REV32 v17.16b, v17.16b \n"
+        #endif
+            "ST1 {v17.16b}, [%[hashOut]] \n"
+            : [hashOut] "=r" (hash), [k] "+r" (k)
+            : [digest] "m" (sha256->digest),
+              [buffer] "m" (sha256->buffer),
+              "0" (hash)
+                : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+                                  "v8",  "v9",  "v10", "v11", "v12", "v13", "v14",
+                                  "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+                                  "v22", "v23", "v24", "v25"
+        );
+    }
+    else {
+        Transform_Sha256(sha256, (const byte*)sha256->buffer);
+
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords((word32*)hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+    #else
+        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
     #endif
-        "ST1 {v16.16b}, [%[hashOut]], #16 \n"
-    #if defined(LITTLE_ENDIAN_ORDER)
-        "REV32 v17.16b, v17.16b \n"
-    #endif
-        "ST1 {v17.16b}, [%[hashOut]] \n"
-        : [hashOut] "=r" (hash), [k] "+r" (k)
-        : [digest] "m" (sha256->digest),
-          [buffer] "m" (sha256->buffer),
-          "0" (hash)
-            : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
-                              "v8",  "v9",  "v10", "v11", "v12", "v13", "v14",
-                              "v15", "v16", "v17", "v18", "v19", "v20", "v21",
-                              "v22", "v23", "v24", "v25"
-    );
+    }
 
     return 0;
 }
@@ -704,8 +955,9 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     word32* digPt = sha256->digest;
 
     __asm__ volatile (
-    "#load leftover data\n"
-    "VLDM %[buffer]!, {q0-q3} \n"
+    "# load first block of data\n"
+    "VLD1.8 {d0-d3}, [%[dataIn]]! \n"
+    "VLD1.8 {d4-d7}, [%[dataIn]]! \n"
 
     "#load current digest\n"
     "VLDM %[digest], {q12-q13} \n"
@@ -865,10 +1117,8 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
     "BEQ 2f \n"
 
     "#load in message and schedule updates \n"
-    "VLD1.32 {q0}, [%[dataIn]]!   \n"
-    "VLD1.32 {q1}, [%[dataIn]]!   \n"
-    "VLD1.32 {q2}, [%[dataIn]]!   \n"
-    "VLD1.32 {q3}, [%[dataIn]]!   \n"
+    "VLD1.8 {d0-d3}, [%[dataIn]]! \n"
+    "VLD1.8 {d4-d7}, [%[dataIn]]! \n"
 
     /* reset K pointer */
     "SUB %[k], %[k], #160 \n"
@@ -894,35 +1144,42 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
 }
 
 /* ARMv8 hardware acceleration Aarch32 */
-static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
 {
     word32 add;
     word32 numBlocks;
 
     /* only perform actions if a buffer is passed in */
     if (len > 0) {
-        /* fill leftover buffer with data */
-        add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-        XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
-        sha256->buffLen += add;
-        data            += add;
-        len             -= add;
+        AddLength(sha256, len);
+
+        if (sha256->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+             XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+             sha256->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                 Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                 sha256->buffLen = 0;
+             }
+        }
 
         /* number of blocks in a row to complete */
         numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
 
         if (numBlocks > 0) {
-            /* get leftover amount after blocks */
-            add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
-
             Sha256Transform(sha256, data, numBlocks);
-            data += numBlocks * WC_SHA256_BLOCK_SIZE - sha256->buffLen;
-
-            AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
+            data += numBlocks * WC_SHA256_BLOCK_SIZE;
+            len  -= numBlocks * WC_SHA256_BLOCK_SIZE;
+        }
 
+        if (len > 0) {
             /* copy over any remaining data leftover */
-            XMEMCPY(sha256->buffer, data, add);
-            sha256->buffLen = add;
+            XMEMCPY(sha256->buffer, data, len);
+            sha256->buffLen = len;
         }
     }
 
@@ -943,8 +1200,6 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
     }
 
     local = (byte*)sha256->buffer;
-    AddLength(sha256, sha256->buffLen);  /* before adding pads */
-
     local[sha256->buffLen++] = 0x80;     /* add 1 */
 
     /* pad with zeros */
@@ -1382,7 +1637,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         return ret;
     }
 
-#else /* */
+#elif !defined(__aarch64__)
 
 extern void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
     word32 len);
@@ -1492,25 +1747,53 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
 
 int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
 {
+    int ret = 0;
     if (sha256 == NULL)
         return BAD_FUNC_ARG;
+    ret = InitSha256(sha256);
+    if (ret != 0)
+        return ret;
 
     sha256->heap = heap;
 #ifdef WOLF_CRYPTO_CB
     sha256->devId = devId;
+    sha256->devCtx = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
+#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    }
+#endif
+
     (void)devId;
 
-    return InitSha256(sha256);
+    return ret;
 }
 
 int wc_InitSha256(wc_Sha256* sha256)
 {
-    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha256_ex(sha256, NULL, devId);
 }
 
 void wc_Sha256Free(wc_Sha256* sha256)
 {
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
     (void)sha256;
 }
 
@@ -1520,6 +1803,18 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha256Update(sha256, data, len);
 }
 
@@ -1552,6 +1847,18 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha256Final(sha256, hash);
     if (ret != 0)
         return ret;
@@ -1600,6 +1907,17 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
 
     XMEMCPY(dst, src, sizeof(wc_Sha256));
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
+#ifdef WOLFSSL_HASH_FLAGS
+    dst->flags |= WC_HASH_FLAG_ISCOPY;
+#endif
+
     return ret;
 }
 
@@ -1615,14 +1933,86 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
     XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
 #endif
 #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
-    Sha256Transform(sha256, data, 1);
+    Sha256Transform(sha256, (byte*)sha256->buffer, 1);
 #else
-    Transform_Sha256_Len(sha256, data, WC_SHA256_BLOCK_SIZE);
+    Transform_Sha256_Len(sha256, (byte*)sha256->buffer, WC_SHA256_BLOCK_SIZE);
 #endif
     return 0;
 }
 #endif
 
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+/* One block will be used from data.
+ * hash must be big enough to hold all of digest output.
+ */
+int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
+    unsigned char* hash)
+{
+    int ret = 0;
+
+    if ((sha256 == NULL) || (data == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+    Sha256Transform(sha256, data, 1);
+#else
+    Transform_Sha256_Len(sha256, data, WC_SHA256_BLOCK_SIZE);
+#endif
+
+    if (hash != NULL) {
+#ifdef LITTLE_ENDIAN_ORDER
+    #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+        #ifdef __aarch64__
+            __asm__ __volatile__ (
+                "LD1 {v0.2d-v1.2d}, [%[digest]]   \n"
+                "REV32 v0.16b, v0.16b \n"
+                "REV32 v1.16b, v1.16b \n"
+                "ST1 {v0.16b-v1.16b}, [%[hash]]  \n"
+                :
+                : [digest] "r" (sha256->digest), [hash] "r" (hash)
+                : "memory", "v0", "v1"
+            );
+        #else
+            __asm__ __volatile__ (
+                "VLDM %[digest], {q0-q1} \n"
+                "VREV32.8 q0, q0 \n"
+                "VREV32.8 q1, q1 \n"
+                "VST1.8 {d0-d3}, [%[hash]] \n"
+                :
+                : [digest] "r" (sha256->digest), [hash] "r" (hash)
+                : "memory", "q0", "q1"
+            );
+        #endif
+    #else
+        word32* hash32 = (word32*)hash;
+        word32* digest = (word32*)sha256->digest;
+        hash32[0] = ByteReverseWord32(digest[0]);
+        hash32[1] = ByteReverseWord32(digest[1]);
+        hash32[2] = ByteReverseWord32(digest[2]);
+        hash32[3] = ByteReverseWord32(digest[3]);
+        hash32[4] = ByteReverseWord32(digest[4]);
+        hash32[5] = ByteReverseWord32(digest[5]);
+        hash32[6] = ByteReverseWord32(digest[6]);
+        hash32[7] = ByteReverseWord32(digest[7]);
+    #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
+#else
+        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+#endif
+        sha256->digest[0] = 0x6A09E667L;
+        sha256->digest[1] = 0xBB67AE85L;
+        sha256->digest[2] = 0x3C6EF372L;
+        sha256->digest[3] = 0xA54FF53AL;
+        sha256->digest[4] = 0x510E527FL;
+        sha256->digest[5] = 0x9B05688CL;
+        sha256->digest[6] = 0x1F83D9ABL;
+        sha256->digest[7] = 0x5BE0CD19L;
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
+
 #endif /* !NO_SHA256 */
 
 
@@ -1661,6 +2051,14 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
             return BAD_FUNC_ARG;
 
         sha224->heap = heap;
+
+    #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (!cpuid_flags_set) {
+            cpuid_flags = cpuid_get_flags();
+            cpuid_flags_set = 1;
+        }
+    #endif
+
         (void)devId;
 
         return InitSha224(sha224);
@@ -1749,6 +2147,10 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
 
         XMEMCPY(dst, src, sizeof(wc_Sha224));
 
+    #ifdef WOLFSSL_HASH_FLAGS
+        dst->flags |= WC_HASH_FLAG_ISCOPY;
+    #endif
+
         return ret;
     }
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
index 209ee0cf4..833051b20 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
@@ -1,6 +1,6 @@
 /* armv8-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -47,41 +47,41 @@
 	.p2align	3
 #endif /* __APPLE__ */
 L_SHA3_transform_crypto_r:
-	.xword	0x1
-	.xword	0x8082
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
 	.xword	0x800000000000808a
 	.xword	0x8000000080008000
-	.xword	0x808b
-	.xword	0x80000001
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
 	.xword	0x8000000080008081
 	.xword	0x8000000000008009
-	.xword	0x8a
-	.xword	0x88
-	.xword	0x80008009
-	.xword	0x8000000a
-	.xword	0x8000808b
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
 	.xword	0x800000000000008b
 	.xword	0x8000000000008089
 	.xword	0x8000000000008003
 	.xword	0x8000000000008002
 	.xword	0x8000000000000080
-	.xword	0x800a
+	.xword	0x000000000000800a
 	.xword	0x800000008000000a
 	.xword	0x8000000080008081
 	.xword	0x8000000000008080
-	.xword	0x80000001
+	.xword	0x0000000080000001
 	.xword	0x8000000080008008
 #ifndef __APPLE__
 .text
-.globl	BlockSha3
-.type	BlockSha3,@function
+.globl	BlockSha3_crypto
+.type	BlockSha3_crypto,@function
 .align	2
-BlockSha3:
+BlockSha3_crypto:
 #else
 .section	__TEXT,__text
-.globl	_BlockSha3
+.globl	_BlockSha3_crypto
 .p2align	2
-_BlockSha3:
+_BlockSha3_crypto:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-80]!
 	add	x29, sp, #0
@@ -204,9 +204,253 @@ L_sha3_crypto_begin:
 	ldp	x29, x30, [sp], #0x50
 	ret
 #ifndef __APPLE__
-	.size	BlockSha3,.-BlockSha3
+	.size	BlockSha3_crypto,.-BlockSha3_crypto
 #endif /* __APPLE__ */
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifndef __APPLE__
+	.text
+	.type	L_SHA3_transform_base_r, %object
+	.section	.rodata
+	.size	L_SHA3_transform_base_r, 192
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	3
+#else
+	.p2align	3
+#endif /* __APPLE__ */
+L_SHA3_transform_base_r:
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
+	.xword	0x800000000000808a
+	.xword	0x8000000080008000
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
+	.xword	0x8000000080008081
+	.xword	0x8000000000008009
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
+	.xword	0x800000000000008b
+	.xword	0x8000000000008089
+	.xword	0x8000000000008003
+	.xword	0x8000000000008002
+	.xword	0x8000000000000080
+	.xword	0x000000000000800a
+	.xword	0x800000008000000a
+	.xword	0x8000000080008081
+	.xword	0x8000000000008080
+	.xword	0x0000000080000001
+	.xword	0x8000000080008008
+#ifndef __APPLE__
+.text
+.globl	BlockSha3_base
+.type	BlockSha3_base,@function
+.align	2
+BlockSha3_base:
+#else
+.section	__TEXT,__text
+.globl	_BlockSha3_base
+.p2align	2
+_BlockSha3_base:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-160]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+#ifndef __APPLE__
+	adrp x27, L_SHA3_transform_base_r
+	add  x27, x27, :lo12:L_SHA3_transform_base_r
+#else
+	adrp x27, L_SHA3_transform_base_r@PAGE
+	add  x27, x27, :lo12:L_SHA3_transform_base_r@PAGEOFF
+#endif /* __APPLE__ */
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	str	x0, [x29, #40]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_base_begin:
+	stp	x27, x28, [x29, #48]
+	eor	x0, x5, x10
+	eor	x30, x1, x6
+	eor	x28, x3, x8
+	eor	x0, x0, x15
+	eor	x30, x30, x11
+	eor	x28, x28, x13
+	eor	x0, x0, x21
+	eor	x30, x30, x16
+	eor	x28, x28, x19
+	eor	x0, x0, x26
+	eor	x30, x30, x22
+	eor	x28, x28, x24
+	str	x0, [x29, #32]
+	str	x28, [x29, #24]
+	eor	x27, x2, x7
+	eor	x28, x4, x9
+	eor	x27, x27, x12
+	eor	x28, x28, x14
+	eor	x27, x27, x17
+	eor	x28, x28, x20
+	eor	x27, x27, x23
+	eor	x28, x28, x25
+	eor	x0, x0, x27, ror 63
+	eor	x27, x27, x28, ror 63
+	eor	x1, x1, x0
+	eor	x6, x6, x0
+	eor	x11, x11, x0
+	eor	x16, x16, x0
+	eor	x22, x22, x0
+	eor	x3, x3, x27
+	eor	x8, x8, x27
+	eor	x13, x13, x27
+	eor	x19, x19, x27
+	eor	x24, x24, x27
+	ldr	x0, [x29, #32]
+	ldr	x27, [x29, #24]
+	eor	x28, x28, x30, ror 63
+	eor	x30, x30, x27, ror 63
+	eor	x27, x27, x0, ror 63
+	eor	x5, x5, x28
+	eor	x10, x10, x28
+	eor	x15, x15, x28
+	eor	x21, x21, x28
+	eor	x26, x26, x28
+	eor	x2, x2, x30
+	eor	x7, x7, x30
+	eor	x12, x12, x30
+	eor	x17, x17, x30
+	eor	x23, x23, x30
+	eor	x4, x4, x27
+	eor	x9, x9, x27
+	eor	x14, x14, x27
+	eor	x20, x20, x27
+	eor	x25, x25, x27
+	# Swap Rotate
+	ror	x0, x2, #63
+	ror	x2, x7, #20
+	ror	x7, x10, #44
+	ror	x10, x24, #3
+	ror	x24, x15, #25
+	ror	x15, x22, #46
+	ror	x22, x3, #2
+	ror	x3, x13, #21
+	ror	x13, x14, #39
+	ror	x14, x21, #56
+	ror	x21, x25, #8
+	ror	x25, x16, #23
+	ror	x16, x5, #37
+	ror	x5, x26, #50
+	ror	x26, x23, #62
+	ror	x23, x9, #9
+	ror	x9, x17, #19
+	ror	x17, x6, #28
+	ror	x6, x4, #36
+	ror	x4, x20, #43
+	ror	x20, x19, #49
+	ror	x19, x12, #54
+	ror	x12, x8, #58
+	ror	x8, x11, #61
+	# Row Mix
+	bic	x11, x3, x2
+	bic	x27, x4, x3
+	bic	x28, x1, x5
+	bic	x30, x2, x1
+	eor	x1, x1, x11
+	eor	x2, x2, x27
+	bic	x11, x5, x4
+	eor	x4, x4, x28
+	eor	x3, x3, x11
+	eor	x5, x5, x30
+	bic	x11, x8, x7
+	bic	x27, x9, x8
+	bic	x28, x6, x10
+	bic	x30, x7, x6
+	eor	x6, x6, x11
+	eor	x7, x7, x27
+	bic	x11, x10, x9
+	eor	x9, x9, x28
+	eor	x8, x8, x11
+	eor	x10, x10, x30
+	bic	x11, x13, x12
+	bic	x27, x14, x13
+	bic	x28, x0, x15
+	bic	x30, x12, x0
+	eor	x11, x0, x11
+	eor	x12, x12, x27
+	bic	x0, x15, x14
+	eor	x14, x14, x28
+	eor	x13, x13, x0
+	eor	x15, x15, x30
+	bic	x0, x19, x17
+	bic	x27, x20, x19
+	bic	x28, x16, x21
+	bic	x30, x17, x16
+	eor	x16, x16, x0
+	eor	x17, x17, x27
+	bic	x0, x21, x20
+	eor	x20, x20, x28
+	eor	x19, x19, x0
+	eor	x21, x21, x30
+	bic	x0, x24, x23
+	bic	x27, x25, x24
+	bic	x28, x22, x26
+	bic	x30, x23, x22
+	eor	x22, x22, x0
+	eor	x23, x23, x27
+	bic	x0, x26, x25
+	eor	x25, x25, x28
+	eor	x24, x24, x0
+	eor	x26, x26, x30
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	eor	x1, x1, x0
+	bne	L_SHA3_transform_base_begin
+	ldr	x0, [x29, #40]
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	x29, x30, [sp], #0xa0
+	ret
+#ifndef __APPLE__
+	.size	BlockSha3_base,.-BlockSha3_base
+#endif /* __APPLE__ */
 #endif /* WOLFSSL_SHA3 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
index 1f2d04084..823724357 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-sha3-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,34 +36,22 @@
 
 #ifdef WOLFSSL_SHA3
 #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-static const uint64_t L_SHA3_transform_crypto_r[] = {
-    0x1UL,
-    0x8082UL,
-    0x800000000000808aUL,
-    0x8000000080008000UL,
-    0x808bUL,
-    0x80000001UL,
-    0x8000000080008081UL,
-    0x8000000000008009UL,
-    0x8aUL,
-    0x88UL,
-    0x80008009UL,
-    0x8000000aUL,
-    0x8000808bUL,
-    0x800000000000008bUL,
-    0x8000000000008089UL,
-    0x8000000000008003UL,
-    0x8000000000008002UL,
-    0x8000000000000080UL,
-    0x800aUL,
-    0x800000008000000aUL,
-    0x8000000080008081UL,
-    0x8000000000008080UL,
-    0x80000001UL,
-    0x8000000080008008UL,
+static const word64 L_SHA3_transform_crypto_r[] = {
+    0x0000000000000001, 0x0000000000008082,
+    0x800000000000808a, 0x8000000080008000,
+    0x000000000000808b, 0x0000000080000001,
+    0x8000000080008081, 0x8000000000008009,
+    0x000000000000008a, 0x0000000000000088,
+    0x0000000080008009, 0x000000008000000a,
+    0x000000008000808b, 0x800000000000008b,
+    0x8000000000008089, 0x8000000000008003,
+    0x8000000000008002, 0x8000000000000080,
+    0x000000000000800a, 0x800000008000000a,
+    0x8000000080008081, 0x8000000000008080,
+    0x0000000080000001, 0x8000000080008008,
 };
 
-void BlockSha3(unsigned long* state)
+void BlockSha3_crypto(word64* state)
 {
     __asm__ __volatile__ (
 #ifdef __APPLE__
@@ -182,6 +170,209 @@ void BlockSha3(unsigned long* state)
 }
 
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+static const word64 L_SHA3_transform_base_r[] = {
+    0x0000000000000001, 0x0000000000008082,
+    0x800000000000808a, 0x8000000080008000,
+    0x000000000000808b, 0x0000000080000001,
+    0x8000000080008081, 0x8000000000008009,
+    0x000000000000008a, 0x0000000000000088,
+    0x0000000080008009, 0x000000008000000a,
+    0x000000008000808b, 0x800000000000008b,
+    0x8000000000008089, 0x8000000000008003,
+    0x8000000000008002, 0x8000000000000080,
+    0x000000000000800a, 0x800000008000000a,
+    0x8000000080008081, 0x8000000000008080,
+    0x0000000080000001, 0x8000000080008008,
+};
+
+void BlockSha3_base(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_SHA3_transform_base_r]\n\t"
+        "add  x27, x27, :lo12:%[L_SHA3_transform_base_r]\n\t"
+#else
+        "adrp x27, %[L_SHA3_transform_base_r]@PAGE\n\t"
+        "add  x27, x27, %[L_SHA3_transform_base_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "str	%x[state], [x29, #40]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_base_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor	x30, x30, x16\n\t"
+        "eor	x28, x28, x19\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "eor	x30, x30, x22\n\t"
+        "eor	x28, x28, x24\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	x27, x27, x12\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	x27, x27, x17\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor	x27, x27, x23\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x3, x3, x27\n\t"
+        "eor	x8, x8, x27\n\t"
+        "eor	x13, x13, x27\n\t"
+        "eor	x19, x19, x27\n\t"
+        "eor	x24, x24, x27\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x2, x2, x30\n\t"
+        "eor	x7, x7, x30\n\t"
+        "eor	x12, x12, x30\n\t"
+        "eor	x17, x17, x30\n\t"
+        "eor	x23, x23, x30\n\t"
+        "eor	x4, x4, x27\n\t"
+        "eor	x9, x9, x27\n\t"
+        "eor	x14, x14, x27\n\t"
+        "eor	x20, x20, x27\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate */
+        "ror	%x[state], x2, #63\n\t"
+        "ror	x2, x7, #20\n\t"
+        "ror	x7, x10, #44\n\t"
+        "ror	x10, x24, #3\n\t"
+        "ror	x24, x15, #25\n\t"
+        "ror	x15, x22, #46\n\t"
+        "ror	x22, x3, #2\n\t"
+        "ror	x3, x13, #21\n\t"
+        "ror	x13, x14, #39\n\t"
+        "ror	x14, x21, #56\n\t"
+        "ror	x21, x25, #8\n\t"
+        "ror	x25, x16, #23\n\t"
+        "ror	x16, x5, #37\n\t"
+        "ror	x5, x26, #50\n\t"
+        "ror	x26, x23, #62\n\t"
+        "ror	x23, x9, #9\n\t"
+        "ror	x9, x17, #19\n\t"
+        "ror	x17, x6, #28\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ror	x20, x19, #49\n\t"
+        "ror	x19, x12, #54\n\t"
+        "ror	x12, x8, #58\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix */
+        "bic	x11, x3, x2\n\t"
+        "bic	x27, x4, x3\n\t"
+        "bic	x28, x1, x5\n\t"
+        "bic	x30, x2, x1\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	x2, x2, x27\n\t"
+        "bic	x11, x5, x4\n\t"
+        "eor	x4, x4, x28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "eor	x5, x5, x30\n\t"
+        "bic	x11, x8, x7\n\t"
+        "bic	x27, x9, x8\n\t"
+        "bic	x28, x6, x10\n\t"
+        "bic	x30, x7, x6\n\t"
+        "eor	x6, x6, x11\n\t"
+        "eor	x7, x7, x27\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	x8, x8, x11\n\t"
+        "eor	x10, x10, x30\n\t"
+        "bic	x11, x13, x12\n\t"
+        "bic	x27, x14, x13\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "eor	x12, x12, x27\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "eor	x14, x14, x28\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x17, x17, x27\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x23, x23, x27\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "eor	x26, x26, x30\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "bne	L_SHA3_transform_base_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_SHA3_transform_base_r] "S" (L_SHA3_transform_base_r)
+        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+    );
+}
+
 #endif /* WOLFSSL_SHA3 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
index 3ff015800..9f5530a76 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
@@ -1,6 +1,6 @@
 /* armv8-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,8 +31,7 @@
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
 #ifndef WOLFSSL_ARMASM_INLINE
-#ifdef WOLFSSL_SHA512
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #ifndef __APPLE__
 	.text
 	.type	L_SHA512_transform_neon_len_k, %object
@@ -65,7 +64,7 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xc19bf174cf692694
 	.xword	0xe49b69c19ef14ad2
 	.xword	0xefbe4786384f25e3
-	.xword	0xfc19dc68b8cd5b5
+	.xword	0x0fc19dc68b8cd5b5
 	.xword	0x240ca1cc77ac9c65
 	.xword	0x2de92c6f592b0275
 	.xword	0x4a7484aa6ea6e483
@@ -77,7 +76,7 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xbf597fc7beef0ee4
 	.xword	0xc6e00bf33da88fc2
 	.xword	0xd5a79147930aa725
-	.xword	0x6ca6351e003826f
+	.xword	0x06ca6351e003826f
 	.xword	0x142929670a0e6e70
 	.xword	0x27b70a8546d22ffc
 	.xword	0x2e1b21385c26c926
@@ -115,8 +114,8 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xd186b8c721c0c207
 	.xword	0xeada7dd6cde0eb1e
 	.xword	0xf57d4f7fee6ed178
-	.xword	0x6f067aa72176fba
-	.xword	0xa637dc5a2c898a6
+	.xword	0x06f067aa72176fba
+	.xword	0x0a637dc5a2c898a6
 	.xword	0x113f9804bef90dae
 	.xword	0x1b710b35131c471b
 	.xword	0x28db77f523047d84
@@ -156,8 +155,7 @@ _Transform_Sha512_Len_neon:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #16]
-	str	x19, [x29, #24]
+	stp	x17, x19, [x29, #16]
 	stp	x20, x21, [x29, #32]
 	stp	x22, x23, [x29, #48]
 	stp	x24, x25, [x29, #64]
@@ -1082,8 +1080,7 @@ L_sha512_len_neon_start:
 	stp	x6, x7, [x0, #16]
 	stp	x8, x9, [x0, #32]
 	stp	x10, x11, [x0, #48]
-	ldr	x17, [x29, #16]
-	ldr	x19, [x29, #24]
+	ldp	x17, x19, [x29, #16]
 	ldp	x20, x21, [x29, #32]
 	ldp	x22, x23, [x29, #48]
 	ldp	x24, x25, [x29, #64]
@@ -1095,7 +1092,7 @@ L_sha512_len_neon_start:
 #ifndef __APPLE__
 	.size	Transform_Sha512_Len_neon,.-Transform_Sha512_Len_neon
 #endif /* __APPLE__ */
-#else
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
 #ifndef __APPLE__
 	.text
 	.type	L_SHA512_transform_crypto_len_k, %object
@@ -1128,7 +1125,7 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xc19bf174cf692694
 	.xword	0xe49b69c19ef14ad2
 	.xword	0xefbe4786384f25e3
-	.xword	0xfc19dc68b8cd5b5
+	.xword	0x0fc19dc68b8cd5b5
 	.xword	0x240ca1cc77ac9c65
 	.xword	0x2de92c6f592b0275
 	.xword	0x4a7484aa6ea6e483
@@ -1140,7 +1137,7 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xbf597fc7beef0ee4
 	.xword	0xc6e00bf33da88fc2
 	.xword	0xd5a79147930aa725
-	.xword	0x6ca6351e003826f
+	.xword	0x06ca6351e003826f
 	.xword	0x142929670a0e6e70
 	.xword	0x27b70a8546d22ffc
 	.xword	0x2e1b21385c26c926
@@ -1178,8 +1175,8 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xd186b8c721c0c207
 	.xword	0xeada7dd6cde0eb1e
 	.xword	0xf57d4f7fee6ed178
-	.xword	0x6f067aa72176fba
-	.xword	0xa637dc5a2c898a6
+	.xword	0x06f067aa72176fba
+	.xword	0x0a637dc5a2c898a6
 	.xword	0x113f9804bef90dae
 	.xword	0x1b710b35131c471b
 	.xword	0x28db77f523047d84
@@ -1733,7 +1730,7 @@ L_sha512_len_crypto_begin:
 	.size	Transform_Sha512_Len_crypto,.-Transform_Sha512_Len_crypto
 #endif /* __APPLE__ */
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA512 */
-#endif /* WOLFSSL_SHA512 */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
index 027dc8a13..57e60354c 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,94 +34,52 @@
 #ifdef WOLFSSL_ARMASM_INLINE
 #include <wolfssl/wolfcrypt/sha512.h>
 
-#ifdef WOLFSSL_SHA512
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
-static const uint64_t L_SHA512_transform_neon_len_k[] = {
-    0x428a2f98d728ae22UL,
-    0x7137449123ef65cdUL,
-    0xb5c0fbcfec4d3b2fUL,
-    0xe9b5dba58189dbbcUL,
-    0x3956c25bf348b538UL,
-    0x59f111f1b605d019UL,
-    0x923f82a4af194f9bUL,
-    0xab1c5ed5da6d8118UL,
-    0xd807aa98a3030242UL,
-    0x12835b0145706fbeUL,
-    0x243185be4ee4b28cUL,
-    0x550c7dc3d5ffb4e2UL,
-    0x72be5d74f27b896fUL,
-    0x80deb1fe3b1696b1UL,
-    0x9bdc06a725c71235UL,
-    0xc19bf174cf692694UL,
-    0xe49b69c19ef14ad2UL,
-    0xefbe4786384f25e3UL,
-    0xfc19dc68b8cd5b5UL,
-    0x240ca1cc77ac9c65UL,
-    0x2de92c6f592b0275UL,
-    0x4a7484aa6ea6e483UL,
-    0x5cb0a9dcbd41fbd4UL,
-    0x76f988da831153b5UL,
-    0x983e5152ee66dfabUL,
-    0xa831c66d2db43210UL,
-    0xb00327c898fb213fUL,
-    0xbf597fc7beef0ee4UL,
-    0xc6e00bf33da88fc2UL,
-    0xd5a79147930aa725UL,
-    0x6ca6351e003826fUL,
-    0x142929670a0e6e70UL,
-    0x27b70a8546d22ffcUL,
-    0x2e1b21385c26c926UL,
-    0x4d2c6dfc5ac42aedUL,
-    0x53380d139d95b3dfUL,
-    0x650a73548baf63deUL,
-    0x766a0abb3c77b2a8UL,
-    0x81c2c92e47edaee6UL,
-    0x92722c851482353bUL,
-    0xa2bfe8a14cf10364UL,
-    0xa81a664bbc423001UL,
-    0xc24b8b70d0f89791UL,
-    0xc76c51a30654be30UL,
-    0xd192e819d6ef5218UL,
-    0xd69906245565a910UL,
-    0xf40e35855771202aUL,
-    0x106aa07032bbd1b8UL,
-    0x19a4c116b8d2d0c8UL,
-    0x1e376c085141ab53UL,
-    0x2748774cdf8eeb99UL,
-    0x34b0bcb5e19b48a8UL,
-    0x391c0cb3c5c95a63UL,
-    0x4ed8aa4ae3418acbUL,
-    0x5b9cca4f7763e373UL,
-    0x682e6ff3d6b2b8a3UL,
-    0x748f82ee5defb2fcUL,
-    0x78a5636f43172f60UL,
-    0x84c87814a1f0ab72UL,
-    0x8cc702081a6439ecUL,
-    0x90befffa23631e28UL,
-    0xa4506cebde82bde9UL,
-    0xbef9a3f7b2c67915UL,
-    0xc67178f2e372532bUL,
-    0xca273eceea26619cUL,
-    0xd186b8c721c0c207UL,
-    0xeada7dd6cde0eb1eUL,
-    0xf57d4f7fee6ed178UL,
-    0x6f067aa72176fbaUL,
-    0xa637dc5a2c898a6UL,
-    0x113f9804bef90daeUL,
-    0x1b710b35131c471bUL,
-    0x28db77f523047d84UL,
-    0x32caab7b40c72493UL,
-    0x3c9ebe0a15c9bebcUL,
-    0x431d67c49c100d4cUL,
-    0x4cc5d4becb3e42b6UL,
-    0x597f299cfc657e2aUL,
-    0x5fcb6fab3ad6faecUL,
-    0x6c44198c4a475817UL,
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+static const word64 L_SHA512_transform_neon_len_k[] = {
+    0x428a2f98d728ae22, 0x7137449123ef65cd,
+    0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
+    0x3956c25bf348b538, 0x59f111f1b605d019,
+    0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
+    0xd807aa98a3030242, 0x12835b0145706fbe,
+    0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
+    0x72be5d74f27b896f, 0x80deb1fe3b1696b1,
+    0x9bdc06a725c71235, 0xc19bf174cf692694,
+    0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
+    0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
+    0x2de92c6f592b0275, 0x4a7484aa6ea6e483,
+    0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
+    0x983e5152ee66dfab, 0xa831c66d2db43210,
+    0xb00327c898fb213f, 0xbf597fc7beef0ee4,
+    0xc6e00bf33da88fc2, 0xd5a79147930aa725,
+    0x06ca6351e003826f, 0x142929670a0e6e70,
+    0x27b70a8546d22ffc, 0x2e1b21385c26c926,
+    0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
+    0x650a73548baf63de, 0x766a0abb3c77b2a8,
+    0x81c2c92e47edaee6, 0x92722c851482353b,
+    0xa2bfe8a14cf10364, 0xa81a664bbc423001,
+    0xc24b8b70d0f89791, 0xc76c51a30654be30,
+    0xd192e819d6ef5218, 0xd69906245565a910,
+    0xf40e35855771202a, 0x106aa07032bbd1b8,
+    0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
+    0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
+    0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
+    0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
+    0x748f82ee5defb2fc, 0x78a5636f43172f60,
+    0x84c87814a1f0ab72, 0x8cc702081a6439ec,
+    0x90befffa23631e28, 0xa4506cebde82bde9,
+    0xbef9a3f7b2c67915, 0xc67178f2e372532b,
+    0xca273eceea26619c, 0xd186b8c721c0c207,
+    0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
+    0x06f067aa72176fba, 0x0a637dc5a2c898a6,
+    0x113f9804bef90dae, 0x1b710b35131c471b,
+    0x28db77f523047d84, 0x32caab7b40c72493,
+    0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
+    0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
+    0x5fcb6fab3ad6faec, 0x6c44198c4a475817,
 };
 
-static const uint64_t L_SHA512_transform_neon_len_ror8[] = {
-    0x7060504030201UL,
-    0x80f0e0d0c0b0a09UL,
+static const word64 L_SHA512_transform_neon_len_ror8[] = {
+    0x0007060504030201, 0x080f0e0d0c0b0a09,
 };
 
 void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len)
@@ -1053,88 +1011,48 @@ void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len)
     );
 }
 
-#else
-static const uint64_t L_SHA512_transform_crypto_len_k[] = {
-    0x428a2f98d728ae22UL,
-    0x7137449123ef65cdUL,
-    0xb5c0fbcfec4d3b2fUL,
-    0xe9b5dba58189dbbcUL,
-    0x3956c25bf348b538UL,
-    0x59f111f1b605d019UL,
-    0x923f82a4af194f9bUL,
-    0xab1c5ed5da6d8118UL,
-    0xd807aa98a3030242UL,
-    0x12835b0145706fbeUL,
-    0x243185be4ee4b28cUL,
-    0x550c7dc3d5ffb4e2UL,
-    0x72be5d74f27b896fUL,
-    0x80deb1fe3b1696b1UL,
-    0x9bdc06a725c71235UL,
-    0xc19bf174cf692694UL,
-    0xe49b69c19ef14ad2UL,
-    0xefbe4786384f25e3UL,
-    0xfc19dc68b8cd5b5UL,
-    0x240ca1cc77ac9c65UL,
-    0x2de92c6f592b0275UL,
-    0x4a7484aa6ea6e483UL,
-    0x5cb0a9dcbd41fbd4UL,
-    0x76f988da831153b5UL,
-    0x983e5152ee66dfabUL,
-    0xa831c66d2db43210UL,
-    0xb00327c898fb213fUL,
-    0xbf597fc7beef0ee4UL,
-    0xc6e00bf33da88fc2UL,
-    0xd5a79147930aa725UL,
-    0x6ca6351e003826fUL,
-    0x142929670a0e6e70UL,
-    0x27b70a8546d22ffcUL,
-    0x2e1b21385c26c926UL,
-    0x4d2c6dfc5ac42aedUL,
-    0x53380d139d95b3dfUL,
-    0x650a73548baf63deUL,
-    0x766a0abb3c77b2a8UL,
-    0x81c2c92e47edaee6UL,
-    0x92722c851482353bUL,
-    0xa2bfe8a14cf10364UL,
-    0xa81a664bbc423001UL,
-    0xc24b8b70d0f89791UL,
-    0xc76c51a30654be30UL,
-    0xd192e819d6ef5218UL,
-    0xd69906245565a910UL,
-    0xf40e35855771202aUL,
-    0x106aa07032bbd1b8UL,
-    0x19a4c116b8d2d0c8UL,
-    0x1e376c085141ab53UL,
-    0x2748774cdf8eeb99UL,
-    0x34b0bcb5e19b48a8UL,
-    0x391c0cb3c5c95a63UL,
-    0x4ed8aa4ae3418acbUL,
-    0x5b9cca4f7763e373UL,
-    0x682e6ff3d6b2b8a3UL,
-    0x748f82ee5defb2fcUL,
-    0x78a5636f43172f60UL,
-    0x84c87814a1f0ab72UL,
-    0x8cc702081a6439ecUL,
-    0x90befffa23631e28UL,
-    0xa4506cebde82bde9UL,
-    0xbef9a3f7b2c67915UL,
-    0xc67178f2e372532bUL,
-    0xca273eceea26619cUL,
-    0xd186b8c721c0c207UL,
-    0xeada7dd6cde0eb1eUL,
-    0xf57d4f7fee6ed178UL,
-    0x6f067aa72176fbaUL,
-    0xa637dc5a2c898a6UL,
-    0x113f9804bef90daeUL,
-    0x1b710b35131c471bUL,
-    0x28db77f523047d84UL,
-    0x32caab7b40c72493UL,
-    0x3c9ebe0a15c9bebcUL,
-    0x431d67c49c100d4cUL,
-    0x4cc5d4becb3e42b6UL,
-    0x597f299cfc657e2aUL,
-    0x5fcb6fab3ad6faecUL,
-    0x6c44198c4a475817UL,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+static const word64 L_SHA512_transform_crypto_len_k[] = {
+    0x428a2f98d728ae22, 0x7137449123ef65cd,
+    0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
+    0x3956c25bf348b538, 0x59f111f1b605d019,
+    0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
+    0xd807aa98a3030242, 0x12835b0145706fbe,
+    0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
+    0x72be5d74f27b896f, 0x80deb1fe3b1696b1,
+    0x9bdc06a725c71235, 0xc19bf174cf692694,
+    0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
+    0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
+    0x2de92c6f592b0275, 0x4a7484aa6ea6e483,
+    0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
+    0x983e5152ee66dfab, 0xa831c66d2db43210,
+    0xb00327c898fb213f, 0xbf597fc7beef0ee4,
+    0xc6e00bf33da88fc2, 0xd5a79147930aa725,
+    0x06ca6351e003826f, 0x142929670a0e6e70,
+    0x27b70a8546d22ffc, 0x2e1b21385c26c926,
+    0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
+    0x650a73548baf63de, 0x766a0abb3c77b2a8,
+    0x81c2c92e47edaee6, 0x92722c851482353b,
+    0xa2bfe8a14cf10364, 0xa81a664bbc423001,
+    0xc24b8b70d0f89791, 0xc76c51a30654be30,
+    0xd192e819d6ef5218, 0xd69906245565a910,
+    0xf40e35855771202a, 0x106aa07032bbd1b8,
+    0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
+    0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
+    0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
+    0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
+    0x748f82ee5defb2fc, 0x78a5636f43172f60,
+    0x84c87814a1f0ab72, 0x8cc702081a6439ec,
+    0x90befffa23631e28, 0xa4506cebde82bde9,
+    0xbef9a3f7b2c67915, 0xc67178f2e372532b,
+    0xca273eceea26619c, 0xd186b8c721c0c207,
+    0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
+    0x06f067aa72176fba, 0x0a637dc5a2c898a6,
+    0x113f9804bef90dae, 0x1b710b35131c471b,
+    0x28db77f523047d84, 0x32caab7b40c72493,
+    0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
+    0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
+    0x5fcb6fab3ad6faec, 0x6c44198c4a475817,
 };
 
 void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data, word32 len);
@@ -1664,7 +1582,7 @@ void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data, word32 len
 }
 
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA512 */
-#endif /* WOLFSSL_SHA512 */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c
index 45806249a..63f108aec 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512.c
@@ -1,6 +1,6 @@
 /* sha512.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,12 +28,27 @@
 #ifdef WOLFSSL_ARMASM
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 
-#ifdef HAVE_FIPS
-#undef HAVE_FIPS
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
 #endif
 
+
 #include <wolfssl/wolfcrypt/sha512.h>
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000015 };
+    int wolfCrypt_FIPS_SHA512_sanity(void)
+    {
+        return 0;
+    }
+#endif
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
 #include <wolfssl/wolfcrypt/logging.h>
@@ -48,6 +63,11 @@
 #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
+static word32 cpuid_flags = 0;
+static int cpuid_flags_set = 0;
+#endif
+
 #ifdef WOLFSSL_SHA512
 
 static int InitSha512(wc_Sha512* sha512)
@@ -158,6 +178,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha512->W = NULL;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    sha512->devId = devId;
+    sha512->devCtx = NULL;
+#endif
 
     if (type == WC_HASH_TYPE_SHA512) {
         ret = InitSha512(sha512);
@@ -180,6 +204,13 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
     if (ret != 0)
         return ret;
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    }
+#endif
+
     (void)devId;
 
     return ret;
@@ -187,6 +218,12 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 
 int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
 {
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, WC_HASH_TYPE_SHA512);
 }
 
@@ -408,6 +445,22 @@ static void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len
 }
 #undef DATA
 
+#elif defined(__aarch64__)
+
+static WC_INLINE void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
+    word32 len)
+{
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+    if (IS_AARCH64_SHA512(cpuid_flags)) {
+        Transform_Sha512_Len_crypto(sha512, data, len);
+    }
+    else
+#endif
+    {
+        Transform_Sha512_Len_neon(sha512, data, len);
+    }
+}
+
 #endif
 
 
@@ -494,6 +547,18 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update(sha512, data, len);
 }
 
@@ -556,7 +621,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 
 #ifdef WOLFSSL_SHA512
 
-int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
+static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
 {
 #ifdef LITTLE_ENDIAN_ORDER
     word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
@@ -568,15 +633,20 @@ int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
 
 #ifdef LITTLE_ENDIAN_ORDER
     ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
-                                                         WC_SHA512_DIGEST_SIZE);
-    XMEMCPY(hash, digest, WC_SHA512_DIGEST_SIZE);
+        WC_SHA512_DIGEST_SIZE);
+    XMEMCPY(hash, digest, digestSz);
 #else
-    XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE);
+    XMEMCPY(hash, sha512->digest, digestSz);
 #endif
 
     return 0;
 }
 
+int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
+}
+
 static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash,
                                                     enum wc_HashType type)
 {
@@ -612,13 +682,20 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash,
         return BAD_FUNC_ARG;
 
 #ifdef WOLF_CRYPTO_CB
-    if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            XMEMCPY(hash, localHash, digestSz);
             return ret;
+        }
         /* fall-through when unavailable */
     }
 #endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
     #if defined(HAVE_INTEL_QA)
@@ -647,7 +724,12 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 
 int wc_InitSha512(wc_Sha512* sha512)
 {
-    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha512_ex(sha512, NULL, devId);
 }
 
 void wc_Sha512Free(wc_Sha512* sha512)
@@ -656,11 +738,14 @@ void wc_Sha512Free(wc_Sha512* sha512)
         return;
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
-    if (sha512->W != NULL) {
-        XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        sha512->W = NULL;
-    }
+    XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    sha512->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 }
 
 #ifdef OPENSSL_EXTRA
@@ -712,6 +797,18 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update((wc_Sha512*)sha384, data, len);
 }
 
@@ -745,6 +842,18 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha512Final((wc_Sha512*)sha384);
     if (ret != 0)
         return ret;
@@ -770,6 +879,23 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha384->W = NULL;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    sha384->devId = devId;
+    sha384->devCtx = NULL;
+#endif
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    }
+#endif
 
     (void)devId;
 
@@ -778,7 +904,12 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 int wc_InitSha384(wc_Sha384* sha384)
 {
-    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha384_ex(sha384, NULL, devId);
 }
 
 void wc_Sha384Free(wc_Sha384* sha384)
@@ -787,11 +918,14 @@ void wc_Sha384Free(wc_Sha384* sha384)
         return;
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
-    if (sha384->W != NULL) {
-        XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        sha384->W = NULL;
-    }
+    XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    sha384->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
 }
 
 #endif /* WOLFSSL_SHA384 */
@@ -870,6 +1004,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -903,7 +1044,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
 }
 int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
 {
-    return wc_Sha512FinalRaw(sha, hash);
+    return Sha512FinalRaw(sha, hash, WC_SHA512_224_DIGEST_SIZE);
 }
 int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
 {
@@ -953,7 +1094,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
 }
 int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
 {
-    return wc_Sha512FinalRaw(sha, hash);
+    return Sha512FinalRaw(sha, hash, WC_SHA512_256_DIGEST_SIZE);
 }
 int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
 {
@@ -1027,6 +1168,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/arm/cryptoCell.c b/wolfcrypt/src/port/arm/cryptoCell.c
index 1c73349e1..d72241693 100644
--- a/wolfcrypt/src/port/arm/cryptoCell.c
+++ b/wolfcrypt/src/port/arm/cryptoCell.c
@@ -1,6 +1,6 @@
 /* cryptoCell.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/cryptoCellHash.c b/wolfcrypt/src/port/arm/cryptoCellHash.c
index cf567c287..6b467941d 100644
--- a/wolfcrypt/src/port/arm/cryptoCellHash.c
+++ b/wolfcrypt/src/port/arm/cryptoCellHash.c
@@ -1,6 +1,6 @@
 /* cryptoCellHash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
index 0badf8f97..e78d5324a 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -670,7 +670,7 @@ L_AES_invert_key_mix_loop:
 	EOR	r8, r8, r9, ROR #24
 	STR	r8, [r0], #4
 	SUBS	r11, r11, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_invert_key_mix_loop
 #else
 	BNE.W	L_AES_invert_key_mix_loop
@@ -703,26 +703,30 @@ AES_set_encrypt_key:
 	LDR	r10, L_AES_Thumb2_te
 	ADR	lr, L_AES_Thumb2_rcon
 	CMP	r1, #0x80
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_set_encrypt_key_start_128
 #else
 	BEQ.W	L_AES_set_encrypt_key_start_128
 #endif
 	CMP	r1, #0xc0
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_set_encrypt_key_start_192
 #else
 	BEQ.W	L_AES_set_encrypt_key_start_192
 #endif
-	LDRD	r4, r5, [r0]
-	LDRD	r6, r7, [r0, #8]
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
 	REV	r7, r7
 	STM	r2!, {r4, r5, r6, r7}
-	LDRD	r4, r5, [r0, #16]
-	LDRD	r6, r7, [r0, #24]
+	LDR	r4, [r0, #16]
+	LDR	r5, [r0, #20]
+	LDR	r6, [r0, #24]
+	LDR	r7, [r0, #28]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -805,9 +809,12 @@ L_AES_set_encrypt_key_loop_256:
 	B.N	L_AES_set_encrypt_key_end
 #endif
 L_AES_set_encrypt_key_start_192:
-	LDRD	r4, r5, [r0]
-	LDRD	r6, r7, [r0, #8]
-	LDRD	r8, r9, [r0, #16]
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
+	LDR	r8, [r0, #16]
+	LDR	r9, [r0, #20]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -871,8 +878,10 @@ L_AES_set_encrypt_key_loop_192:
 	B.N	L_AES_set_encrypt_key_end
 #endif
 L_AES_set_encrypt_key_start_128:
-	LDRD	r4, r5, [r0]
-	LDRD	r6, r7, [r0, #8]
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
 	REV	r4, r4
 	REV	r5, r5
 	REV	r6, r6
@@ -907,7 +916,7 @@ L_AES_set_encrypt_key_loop_128:
 #endif
 L_AES_set_encrypt_key_end:
 	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
-	/* Cycle Count = 331 */
+	/* Cycle Count = 340 */
 	.size	AES_set_encrypt_key,.-AES_set_encrypt_key
 	.text
 	.align	4
@@ -1017,7 +1026,7 @@ L_AES_encrypt_block_nr:
 	EOR	r6, r6, r10
 	EOR	r7, r7, r11
 	SUBS	r1, r1, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_encrypt_block_nr
 #else
 	BNE.W	L_AES_encrypt_block_nr
@@ -1145,13 +1154,13 @@ AES_ECB_encrypt:
 	LDR	r12, [sp, #36]
 	PUSH	{r3}
 	CMP	r12, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_ECB_encrypt_start_block_128
 #endif
 	CMP	r12, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_ECB_encrypt_start_block_192
@@ -1187,7 +1196,7 @@ L_AES_ECB_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_ECB_encrypt_loop_block_256
@@ -1229,7 +1238,7 @@ L_AES_ECB_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_ECB_encrypt_loop_block_192
@@ -1271,7 +1280,7 @@ L_AES_ECB_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_ECB_encrypt_loop_block_128
@@ -1296,13 +1305,13 @@ AES_CBC_encrypt:
 	LDM	r9, {r4, r5, r6, r7}
 	PUSH	{r3, r9}
 	CMP	r8, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_CBC_encrypt_start_block_128
 #endif
 	CMP	r8, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_CBC_encrypt_start_block_192
@@ -1342,7 +1351,7 @@ L_AES_CBC_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_CBC_encrypt_loop_block_256
@@ -1388,7 +1397,7 @@ L_AES_CBC_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_CBC_encrypt_loop_block_192
@@ -1434,7 +1443,7 @@ L_AES_CBC_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_CBC_encrypt_loop_block_128
@@ -1465,13 +1474,13 @@ AES_CTR_encrypt:
 	STM	r8, {r4, r5, r6, r7}
 	PUSH	{r3, r8}
 	CMP	r12, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CTR_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_CTR_encrypt_start_block_128
 #endif
 	CMP	r12, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CTR_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_CTR_encrypt_start_block_192
@@ -1515,12 +1524,12 @@ L_AES_CTR_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CTR_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_CTR_encrypt_loop_block_256
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CTR_encrypt_end
 #else
 	B.W	L_AES_CTR_encrypt_end
@@ -1565,12 +1574,12 @@ L_AES_CTR_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CTR_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_CTR_encrypt_loop_block_192
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CTR_encrypt_end
 #else
 	B.W	L_AES_CTR_encrypt_end
@@ -1615,7 +1624,7 @@ L_AES_CTR_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CTR_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_CTR_encrypt_loop_block_128
@@ -1741,7 +1750,7 @@ L_AES_decrypt_block_nr:
 	EOR	r6, r6, r10
 	EOR	r7, r7, r11
 	SUBS	r1, r1, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_decrypt_block_nr
 #else
 	BNE.W	L_AES_decrypt_block_nr
@@ -2129,13 +2138,13 @@ AES_ECB_decrypt:
 	MOV	r12, r2
 	ADR	r2, L_AES_Thumb2_td4
 	CMP	r8, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_decrypt_start_block_128
 #else
 	BEQ.W	L_AES_ECB_decrypt_start_block_128
 #endif
 	CMP	r8, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_ECB_decrypt_start_block_192
 #else
 	BEQ.W	L_AES_ECB_decrypt_start_block_192
@@ -2170,7 +2179,7 @@ L_AES_ECB_decrypt_loop_block_256:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_decrypt_loop_block_256
 #else
 	BNE.W	L_AES_ECB_decrypt_loop_block_256
@@ -2211,7 +2220,7 @@ L_AES_ECB_decrypt_loop_block_192:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_decrypt_loop_block_192
 #else
 	BNE.W	L_AES_ECB_decrypt_loop_block_192
@@ -2252,7 +2261,7 @@ L_AES_ECB_decrypt_loop_block_128:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_ECB_decrypt_loop_block_128
 #else
 	BNE.W	L_AES_ECB_decrypt_loop_block_128
@@ -2277,13 +2286,13 @@ AES_CBC_decrypt:
 	ADR	r2, L_AES_Thumb2_td4
 	PUSH	{r3, r4}
 	CMP	r8, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_loop_block_128
 #else
 	BEQ.W	L_AES_CBC_decrypt_loop_block_128
 #endif
 	CMP	r8, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_loop_block_192
 #else
 	BEQ.W	L_AES_CBC_decrypt_loop_block_192
@@ -2328,7 +2337,7 @@ L_AES_CBC_decrypt_loop_block_256:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_end_odd
 #else
 	BEQ.W	L_AES_CBC_decrypt_end_odd
@@ -2373,12 +2382,12 @@ L_AES_CBC_decrypt_loop_block_256:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_decrypt_loop_block_256
 #else
 	BNE.W	L_AES_CBC_decrypt_loop_block_256
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CBC_decrypt_end
 #else
 	B.W	L_AES_CBC_decrypt_end
@@ -2423,7 +2432,7 @@ L_AES_CBC_decrypt_loop_block_192:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_end_odd
 #else
 	BEQ.W	L_AES_CBC_decrypt_end_odd
@@ -2468,12 +2477,12 @@ L_AES_CBC_decrypt_loop_block_192:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_decrypt_loop_block_192
 #else
 	BNE.W	L_AES_CBC_decrypt_loop_block_192
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_CBC_decrypt_end
 #else
 	B.W	L_AES_CBC_decrypt_end
@@ -2518,7 +2527,7 @@ L_AES_CBC_decrypt_loop_block_128:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_CBC_decrypt_end_odd
 #else
 	BEQ.W	L_AES_CBC_decrypt_end_odd
@@ -2563,7 +2572,7 @@ L_AES_CBC_decrypt_loop_block_128:
 	SUBS	r12, r12, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_CBC_decrypt_loop_block_128
 #else
 	BNE.W	L_AES_CBC_decrypt_loop_block_128
@@ -3161,7 +3170,7 @@ L_GCM_gmult_len_start_block:
 	POP	{r3}
 	SUBS	r3, r3, #0x10
 	ADD	r2, r2, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_GCM_gmult_len_start_block
 #else
 	BNE.W	L_GCM_gmult_len_start_block
@@ -3193,13 +3202,13 @@ AES_GCM_encrypt:
 	STM	r8, {r4, r5, r6, r7}
 	PUSH	{r3, r8}
 	CMP	r12, #0xa
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_GCM_encrypt_start_block_128
 #else
 	BEQ.W	L_AES_GCM_encrypt_start_block_128
 #endif
 	CMP	r12, #0xc
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BEQ	L_AES_GCM_encrypt_start_block_192
 #else
 	BEQ.W	L_AES_GCM_encrypt_start_block_192
@@ -3240,12 +3249,12 @@ L_AES_GCM_encrypt_loop_block_256:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_GCM_encrypt_loop_block_256
 #else
 	BNE.W	L_AES_GCM_encrypt_loop_block_256
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_GCM_encrypt_end
 #else
 	B.W	L_AES_GCM_encrypt_end
@@ -3287,12 +3296,12 @@ L_AES_GCM_encrypt_loop_block_192:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_GCM_encrypt_loop_block_192
 #else
 	BNE.W	L_AES_GCM_encrypt_loop_block_192
 #endif
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	B	L_AES_GCM_encrypt_end
 #else
 	B.W	L_AES_GCM_encrypt_end
@@ -3334,7 +3343,7 @@ L_AES_GCM_encrypt_loop_block_128:
 	SUBS	r2, r2, #0x10
 	ADD	lr, lr, #0x10
 	ADD	r1, r1, #0x10
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_AES_GCM_encrypt_loop_block_128
 #else
 	BNE.W	L_AES_GCM_encrypt_loop_block_128
@@ -3351,7 +3360,7 @@ L_AES_GCM_encrypt_end:
 	.size	AES_GCM_encrypt,.-AES_GCM_encrypt
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
index 545313164..55436947e 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-aes-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,19 +28,12 @@
     #include <config.h>
 #endif /* HAVE_CONFIG_H */
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-#include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -54,7 +47,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t L_AES_Thumb2_td_data[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -123,7 +116,7 @@ static const uint32_t L_AES_Thumb2_td_data[] = {
 
 #endif /* HAVE_AES_DECRYPT */
 #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t L_AES_Thumb2_te_data[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -192,10 +185,10 @@ static const uint32_t L_AES_Thumb2_te_data[] = {
 
 #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t* L_AES_Thumb2_td = L_AES_Thumb2_td_data;
+static const word32* L_AES_Thumb2_td = L_AES_Thumb2_td_data;
 #endif /* HAVE_AES_DECRYPT */
 #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_Thumb2_te = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te = L_AES_Thumb2_te_data;
 #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 void AES_invert_key(unsigned char* ks, word32 rounds);
@@ -208,8 +201,8 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* ks __asm__ ("r0") = (unsigned char*)ks_p;
     register word32 rounds __asm__ ("r1") = (word32)rounds_p;
-    register uint32_t* L_AES_Thumb2_te_c __asm__ ("r2") = (uint32_t*)L_AES_Thumb2_te;
-    register uint32_t* L_AES_Thumb2_td_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_td;
+    register word32* L_AES_Thumb2_te_c __asm__ ("r2") = (word32*)L_AES_Thumb2_te;
+    register word32* L_AES_Thumb2_td_c __asm__ ("r3") = (word32*)L_AES_Thumb2_td;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -218,23 +211,33 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
         "ADD	r10, %[ks], %[rounds], LSL #4\n\t"
         "MOV	r11, %[rounds]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_invert_key_loop:\n\t"
+#else
+    "L_AES_invert_key_loop_%=:\n\t"
+#endif
         "LDM	%[ks], {r2, r3, r4, r5}\n\t"
         "LDM	r10, {r6, r7, r8, r9}\n\t"
         "STM	r10, {r2, r3, r4, r5}\n\t"
         "STM	%[ks]!, {r6, r7, r8, r9}\n\t"
         "SUBS	r11, r11, #0x2\n\t"
         "SUB	r10, r10, #0x10\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_invert_key_loop\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_invert_key_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_AES_invert_key_loop\n\t"
+#else
+        "BNE.N	L_AES_invert_key_loop_%=\n\t"
 #endif
         "SUB	%[ks], %[ks], %[rounds], LSL #3\n\t"
         "ADD	%[ks], %[ks], #0x10\n\t"
         "SUB	r11, %[rounds], #0x1\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_invert_key_mix_loop:\n\t"
+#else
+    "L_AES_invert_key_mix_loop_%=:\n\t"
+#endif
         "LDM	%[ks], {r2, r3, r4, r5}\n\t"
         "UBFX	r6, r2, #0, #8\n\t"
         "UBFX	r7, r2, #8, #8\n\t"
@@ -301,25 +304,28 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
         "EOR	r8, r8, r9, ROR #24\n\t"
         "STR	r8, [%[ks]], #4\n\t"
         "SUBS	r11, r11, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_invert_key_mix_loop\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_invert_key_mix_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_invert_key_mix_loop\n\t"
+#else
+        "BNE.W	L_AES_invert_key_mix_loop_%=\n\t"
 #endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [ks] "+r" (ks), [rounds] "+r" (rounds),
           [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_td] "+r" (L_AES_Thumb2_td_c)
         :
+        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
         : [ks] "+r" (ks), [rounds] "+r" (rounds)
         : [L_AES_Thumb2_te] "r" (L_AES_Thumb2_te), [L_AES_Thumb2_td] "r" (L_AES_Thumb2_td)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
 #endif /* HAVE_AES_DECRYPT */
-static const uint32_t L_AES_Thumb2_rcon[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
     0x1b000000, 0x36000000
@@ -337,34 +343,42 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
     register const unsigned char* key __asm__ ("r0") = (const unsigned char*)key_p;
     register word32 len __asm__ ("r1") = (word32)len_p;
     register unsigned char* ks __asm__ ("r2") = (unsigned char*)ks_p;
-    register uint32_t* L_AES_Thumb2_te_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_te;
-    register uint32_t* L_AES_Thumb2_rcon_c __asm__ ("r4") = (uint32_t*)&L_AES_Thumb2_rcon;
+    register word32* L_AES_Thumb2_te_c __asm__ ("r3") = (word32*)L_AES_Thumb2_te;
+    register word32* L_AES_Thumb2_rcon_c __asm__ ("r4") = (word32*)&L_AES_Thumb2_rcon;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "MOV	r10, %[L_AES_Thumb2_te]\n\t"
         "MOV	lr, %[L_AES_Thumb2_rcon]\n\t"
         "CMP	%[len], #0x80\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_set_encrypt_key_start_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_set_encrypt_key_start_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_set_encrypt_key_start_128\n\t"
+#else
+        "BEQ.W	L_AES_set_encrypt_key_start_128_%=\n\t"
 #endif
         "CMP	%[len], #0xc0\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_set_encrypt_key_start_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_set_encrypt_key_start_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_set_encrypt_key_start_192\n\t"
+#else
+        "BEQ.W	L_AES_set_encrypt_key_start_192_%=\n\t"
 #endif
-        "LDRD	r4, r5, [%[key]]\n\t"
-        "LDRD	r6, r7, [%[key], #8]\n\t"
+        "LDR	r4, [%[key]]\n\t"
+        "LDR	r5, [%[key], #4]\n\t"
+        "LDR	r6, [%[key], #8]\n\t"
+        "LDR	r7, [%[key], #12]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "STM	%[ks]!, {r4, r5, r6, r7}\n\t"
-        "LDRD	r4, r5, [%[key], #16]\n\t"
-        "LDRD	r6, r7, [%[key], #24]\n\t"
+        "LDR	r4, [%[key], #16]\n\t"
+        "LDR	r5, [%[key], #20]\n\t"
+        "LDR	r6, [%[key], #24]\n\t"
+        "LDR	r7, [%[key], #28]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -373,7 +387,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "SUB	%[ks], %[ks], #0x10\n\t"
         "MOV	r12, #0x6\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_set_encrypt_key_loop_256:\n\t"
+#else
+    "L_AES_set_encrypt_key_loop_256_%=:\n\t"
+#endif
         "UBFX	r4, r7, #0, #8\n\t"
         "UBFX	r5, r7, #8, #8\n\t"
         "UBFX	r6, r7, #16, #8\n\t"
@@ -416,10 +434,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "SUB	%[ks], %[ks], #0x10\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_set_encrypt_key_loop_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_set_encrypt_key_loop_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_AES_set_encrypt_key_loop_256\n\t"
+#else
+        "BNE.N	L_AES_set_encrypt_key_loop_256_%=\n\t"
 #endif
         "UBFX	r4, r7, #0, #8\n\t"
         "UBFX	r5, r7, #8, #8\n\t"
@@ -442,16 +462,25 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "ADD	%[ks], %[ks], #0x10\n\t"
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "SUB	%[ks], %[ks], #0x10\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_set_encrypt_key_end\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_AES_set_encrypt_key_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_set_encrypt_key_end\n\t"
+#else
+        "B.N	L_AES_set_encrypt_key_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_set_encrypt_key_start_192:\n\t"
-        "LDRD	r4, r5, [%[key]]\n\t"
-        "LDRD	r6, r7, [%[key], #8]\n\t"
-        "LDRD	r8, r9, [%[key], #16]\n\t"
+#else
+    "L_AES_set_encrypt_key_start_192_%=:\n\t"
+#endif
+        "LDR	r4, [%[key]]\n\t"
+        "LDR	r5, [%[key], #4]\n\t"
+        "LDR	r6, [%[key], #8]\n\t"
+        "LDR	r7, [%[key], #12]\n\t"
+        "LDR	r8, [%[key], #16]\n\t"
+        "LDR	r9, [%[key], #20]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -463,7 +492,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "MOV	r7, r9\n\t"
         "MOV	r12, #0x7\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_set_encrypt_key_loop_192:\n\t"
+#else
+    "L_AES_set_encrypt_key_loop_192_%=:\n\t"
+#endif
         "UBFX	r4, r9, #0, #8\n\t"
         "UBFX	r5, r9, #8, #8\n\t"
         "UBFX	r6, r9, #16, #8\n\t"
@@ -486,10 +519,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r9, r9, r8\n\t"
         "STM	%[ks], {r4, r5, r6, r7, r8, r9}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_set_encrypt_key_loop_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_set_encrypt_key_loop_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_AES_set_encrypt_key_loop_192\n\t"
+#else
+        "BNE.N	L_AES_set_encrypt_key_loop_192_%=\n\t"
 #endif
         "UBFX	r4, r9, #0, #8\n\t"
         "UBFX	r5, r9, #8, #8\n\t"
@@ -510,15 +545,23 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r6, r6, r5\n\t"
         "EOR	r7, r7, r6\n\t"
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_set_encrypt_key_end\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_AES_set_encrypt_key_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_set_encrypt_key_end\n\t"
+#else
+        "B.N	L_AES_set_encrypt_key_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_set_encrypt_key_start_128:\n\t"
-        "LDRD	r4, r5, [%[key]]\n\t"
-        "LDRD	r6, r7, [%[key], #8]\n\t"
+#else
+    "L_AES_set_encrypt_key_start_128_%=:\n\t"
+#endif
+        "LDR	r4, [%[key]]\n\t"
+        "LDR	r5, [%[key], #4]\n\t"
+        "LDR	r6, [%[key], #8]\n\t"
+        "LDR	r7, [%[key], #12]\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -526,7 +569,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_set_encrypt_key_loop_128:\n\t"
+#else
+    "L_AES_set_encrypt_key_loop_128_%=:\n\t"
+#endif
         "UBFX	r4, r7, #0, #8\n\t"
         "UBFX	r5, r7, #8, #8\n\t"
         "UBFX	r6, r7, #16, #8\n\t"
@@ -547,42 +594,53 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r7, r7, r6\n\t"
         "STM	%[ks], {r4, r5, r6, r7}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_AES_set_encrypt_key_loop_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_set_encrypt_key_loop_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_AES_set_encrypt_key_loop_128\n\t"
+#else
+        "BNE.N	L_AES_set_encrypt_key_loop_128_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_set_encrypt_key_end:\n\t"
+#else
+    "L_AES_set_encrypt_key_end_%=:\n\t"
+#endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
           [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c)
         :
+        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
 #else
         : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks)
         : [L_AES_Thumb2_te] "r" (L_AES_Thumb2_te), [L_AES_Thumb2_rcon] "r" (L_AES_Thumb2_rcon)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks);
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p)
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, const word32* ks_p)
 #else
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const uint32_t* te __asm__ ("r0") = (const uint32_t*)te_p;
+    register const word32* te __asm__ ("r0") = (const word32*)te_p;
     register int nr __asm__ ("r1") = (int)nr_p;
     register int len __asm__ ("r2") = (int)len_p;
-    register const uint32_t* ks __asm__ ("r3") = (const uint32_t*)ks_p;
+    register const word32* ks __asm__ ("r3") = (const word32*)ks_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_encrypt_block_nr:\n\t"
+#else
+    "L_AES_encrypt_block_nr_%=:\n\t"
+#endif
         "UBFX	r8, r5, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
         "UBFX	lr, r6, #8, #8\n\t"
@@ -684,10 +742,12 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "SUBS	%[nr], %[nr], #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_encrypt_block_nr\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_encrypt_block_nr_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_encrypt_block_nr\n\t"
+#else
+        "BNE.W	L_AES_encrypt_block_nr_%=\n\t"
 #endif
         "UBFX	r8, r5, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
@@ -796,7 +856,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
 }
 
 #if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data;
 #endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
@@ -813,7 +873,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_te_ecb;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -826,19 +886,27 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "PUSH	{%[ks]}\n\t"
         "CMP	r12, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_encrypt_start_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_ECB_encrypt_start_block_128\n\t"
+#else
+        "BEQ.W	L_AES_ECB_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r12, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_encrypt_start_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_ECB_encrypt_start_block_192\n\t"
+#else
+        "BEQ.W	L_AES_ECB_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_ECB_encrypt_loop_block_256_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -869,20 +937,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_encrypt_loop_block_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_ECB_encrypt_loop_block_256\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_ECB_encrypt_loop_block_256_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_ECB_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_ECB_encrypt_end\n\t"
+#else
+        "B.N	L_AES_ECB_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_ECB_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_ECB_encrypt_loop_block_192_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -913,20 +993,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_encrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_ECB_encrypt_loop_block_192\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_ECB_encrypt_loop_block_192_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_ECB_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_ECB_encrypt_end\n\t"
+#else
+        "B.N	L_AES_ECB_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_ECB_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_ECB_encrypt_loop_block_128_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -957,24 +1049,34 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_encrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_ECB_encrypt_loop_block_128\n\t"
+#else
+        "BNE.W	L_AES_ECB_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_encrypt_end:\n\t"
+#else
+    "L_AES_ECB_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks]}\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr)
-        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
+        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
+        : "memory", "r12", "lr", "r4", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
@@ -994,7 +1096,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1013,19 +1115,27 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDM	r9, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r9}\n\t"
         "CMP	r8, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_encrypt_start_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_encrypt_start_block_128\n\t"
+#else
+        "BEQ.W	L_AES_CBC_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r8, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_encrypt_start_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_encrypt_start_block_192\n\t"
+#else
+        "BEQ.W	L_AES_CBC_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_CBC_encrypt_loop_block_256_%=:\n\t"
+#endif
         "LDR	r8, [lr]\n\t"
         "LDR	r9, [lr, #4]\n\t"
         "LDR	r10, [lr, #8]\n\t"
@@ -1060,20 +1170,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_encrypt_loop_block_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CBC_encrypt_loop_block_256\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_CBC_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CBC_encrypt_loop_block_256_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CBC_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_CBC_encrypt_end\n\t"
+#else
+        "B.N	L_AES_CBC_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_CBC_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_CBC_encrypt_loop_block_192_%=:\n\t"
+#endif
         "LDR	r8, [lr]\n\t"
         "LDR	r9, [lr, #4]\n\t"
         "LDR	r10, [lr, #8]\n\t"
@@ -1108,20 +1230,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_encrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CBC_encrypt_loop_block_192\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_CBC_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CBC_encrypt_loop_block_192_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CBC_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_CBC_encrypt_end\n\t"
+#else
+        "B.N	L_AES_CBC_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_CBC_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_CBC_encrypt_loop_block_128_%=:\n\t"
+#endif
         "LDR	r8, [lr]\n\t"
         "LDR	r9, [lr, #4]\n\t"
         "LDR	r10, [lr, #8]\n\t"
@@ -1156,25 +1290,38 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_encrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CBC_encrypt_loop_block_128\n\t"
+#else
+        "BNE.W	L_AES_CBC_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_encrypt_end:\n\t"
+#else
+    "L_AES_CBC_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r9}\n\t"
         "STM	r9, {r4, r5, r6, r7}\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv)
-        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
+        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
+        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)iv;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AES_CBC */
@@ -1194,7 +1341,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1218,19 +1365,27 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STM	r8, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r8}\n\t"
         "CMP	r12, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CTR_encrypt_start_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CTR_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CTR_encrypt_start_block_128\n\t"
+#else
+        "BEQ.W	L_AES_CTR_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r12, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CTR_encrypt_start_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CTR_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CTR_encrypt_start_block_192\n\t"
+#else
+        "BEQ.W	L_AES_CTR_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CTR_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_CTR_encrypt_loop_block_256_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADDS	r11, r7, #0x1\n\t"
@@ -1269,20 +1424,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CTR_encrypt_loop_block_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CTR_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CTR_encrypt_loop_block_256\n\t"
-#endif
-#ifdef __GNUC__
-        "B	L_AES_CTR_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CTR_encrypt_loop_block_256_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CTR_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.W	L_AES_CTR_encrypt_end\n\t"
+#else
+        "B.W	L_AES_CTR_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CTR_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_CTR_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CTR_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_CTR_encrypt_loop_block_192_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADDS	r11, r7, #0x1\n\t"
@@ -1321,20 +1488,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CTR_encrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CTR_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CTR_encrypt_loop_block_192\n\t"
-#endif
-#ifdef __GNUC__
-        "B	L_AES_CTR_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CTR_encrypt_loop_block_192_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CTR_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.W	L_AES_CTR_encrypt_end\n\t"
+#else
+        "B.W	L_AES_CTR_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CTR_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_CTR_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CTR_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_CTR_encrypt_loop_block_128_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADDS	r11, r7, #0x1\n\t"
@@ -1373,13 +1552,19 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CTR_encrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CTR_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CTR_encrypt_loop_block_128\n\t"
+#else
+        "BNE.W	L_AES_CTR_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CTR_encrypt_end:\n\t"
+#else
+    "L_AES_CTR_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r8}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
@@ -1390,33 +1575,44 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr)
-        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
+        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
+        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)ctr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4);
+void AES_decrypt_block(const word32* td, int nr, const byte* td4);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p)
 #else
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
+void AES_decrypt_block(const word32* td, int nr, const byte* td4)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const uint32_t* td __asm__ ("r0") = (const uint32_t*)td_p;
+    register const word32* td __asm__ ("r0") = (const word32*)td_p;
     register int nr __asm__ ("r1") = (int)nr_p;
-    register const uint8_t* td4 __asm__ ("r2") = (const uint8_t*)td4_p;
+    register const byte* td4 __asm__ ("r2") = (const byte*)td4_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_decrypt_block_nr:\n\t"
+#else
+    "L_AES_decrypt_block_nr_%=:\n\t"
+#endif
         "UBFX	r8, r7, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
         "UBFX	r12, r6, #8, #8\n\t"
@@ -1518,10 +1714,12 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "SUBS	%[nr], %[nr], #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_decrypt_block_nr\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_decrypt_block_nr_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_decrypt_block_nr\n\t"
+#else
+        "BNE.W	L_AES_decrypt_block_nr_%=\n\t"
 #endif
         "UBFX	r8, r7, #16, #8\n\t"
         "LSR	r11, r4, #24\n\t"
@@ -1629,8 +1827,8 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
     );
 }
 
-static const uint32_t* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data;
-static const unsigned char L_AES_Thumb2_td4[] = {
+static const word32* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data;
+static const byte L_AES_Thumb2_td4[] = {
     0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
     0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
     0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -1680,8 +1878,8 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
-    register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_td_ecb;
-    register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r6") = (unsigned char*)&L_AES_Thumb2_td4;
+    register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_td_ecb;
+    register byte* L_AES_Thumb2_td4_c __asm__ ("r6") = (byte*)&L_AES_Thumb2_td4;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1695,19 +1893,27 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "MOV	r12, %[len]\n\t"
         "MOV	r2, %[L_AES_Thumb2_td4]\n\t"
         "CMP	r8, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_decrypt_start_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_decrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_ECB_decrypt_start_block_128\n\t"
+#else
+        "BEQ.W	L_AES_ECB_decrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r8, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_ECB_decrypt_start_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_ECB_decrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_ECB_decrypt_start_block_192\n\t"
+#else
+        "BEQ.W	L_AES_ECB_decrypt_start_block_192_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_decrypt_loop_block_256:\n\t"
+#else
+    "L_AES_ECB_decrypt_loop_block_256_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -1737,20 +1943,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_decrypt_loop_block_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_decrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_ECB_decrypt_loop_block_256\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_decrypt_end\n\t"
 #else
+        "BNE.W	L_AES_ECB_decrypt_loop_block_256_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_ECB_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_ECB_decrypt_end\n\t"
+#else
+        "B.N	L_AES_ECB_decrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_decrypt_start_block_192:\n\t"
+#else
+    "L_AES_ECB_decrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_decrypt_loop_block_192:\n\t"
+#else
+    "L_AES_ECB_decrypt_loop_block_192_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -1780,20 +1998,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_decrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_decrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_ECB_decrypt_loop_block_192\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_ECB_decrypt_end\n\t"
 #else
+        "BNE.W	L_AES_ECB_decrypt_loop_block_192_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_ECB_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_ECB_decrypt_end\n\t"
+#else
+        "B.N	L_AES_ECB_decrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_decrypt_start_block_128:\n\t"
+#else
+    "L_AES_ECB_decrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_decrypt_loop_block_128:\n\t"
+#else
+    "L_AES_ECB_decrypt_loop_block_128_%=:\n\t"
+#endif
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
         "LDR	r6, [lr, #8]\n\t"
@@ -1823,23 +2053,33 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_ECB_decrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_ECB_decrypt_loop_block_128\n\t"
+#else
+        "BNE.W	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_ECB_decrypt_end:\n\t"
+#else
+    "L_AES_ECB_decrypt_end_%=:\n\t"
+#endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
           [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
         :
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr)
-        : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
+        : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
+        : "memory", "r12", "lr", "r4", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
@@ -1859,8 +2099,8 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_td_ecb;
-    register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r7") = (unsigned char*)&L_AES_Thumb2_td4;
+    register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_td_ecb;
+    register byte* L_AES_Thumb2_td4_c __asm__ ("r7") = (byte*)&L_AES_Thumb2_td4;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1880,19 +2120,27 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "MOV	r2, %[L_AES_Thumb2_td4]\n\t"
         "PUSH	{%[ks], r4}\n\t"
         "CMP	r8, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_decrypt_loop_block_128\n\t"
+#else
+        "BEQ.W	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
 #endif
         "CMP	r8, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_decrypt_loop_block_192\n\t"
+#else
+        "BEQ.W	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_decrypt_loop_block_256:\n\t"
+#else
+    "L_AES_CBC_decrypt_loop_block_256_%=:\n\t"
+#endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
@@ -1932,10 +2180,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_end_odd\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_end_odd_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_decrypt_end_odd\n\t"
+#else
+        "BEQ.W	L_AES_CBC_decrypt_end_odd_%=\n\t"
 #endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
@@ -1977,18 +2227,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_decrypt_loop_block_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_decrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CBC_decrypt_loop_block_256\n\t"
-#endif
-#ifdef __GNUC__
-        "B	L_AES_CBC_decrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CBC_decrypt_loop_block_256_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CBC_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.W	L_AES_CBC_decrypt_end\n\t"
+#else
+        "B.W	L_AES_CBC_decrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_decrypt_loop_block_192:\n\t"
+#else
+    "L_AES_CBC_decrypt_loop_block_192_%=:\n\t"
+#endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
@@ -2028,10 +2286,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_end_odd\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_end_odd_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_decrypt_end_odd\n\t"
+#else
+        "BEQ.W	L_AES_CBC_decrypt_end_odd_%=\n\t"
 #endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
@@ -2073,18 +2333,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_decrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CBC_decrypt_loop_block_192\n\t"
-#endif
-#ifdef __GNUC__
-        "B	L_AES_CBC_decrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CBC_decrypt_loop_block_192_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CBC_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.W	L_AES_CBC_decrypt_end\n\t"
+#else
+        "B.W	L_AES_CBC_decrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_decrypt_loop_block_128:\n\t"
+#else
+    "L_AES_CBC_decrypt_loop_block_128_%=:\n\t"
+#endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
         "LDR	r5, [lr, #4]\n\t"
@@ -2124,10 +2392,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_CBC_decrypt_end_odd\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_CBC_decrypt_end_odd_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_CBC_decrypt_end_odd\n\t"
+#else
+        "BEQ.W	L_AES_CBC_decrypt_end_odd_%=\n\t"
 #endif
         "PUSH	{r1, r12, lr}\n\t"
         "LDR	r4, [lr]\n\t"
@@ -2169,43 +2439,62 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	r12, r12, #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_CBC_decrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_CBC_decrypt_loop_block_128\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_AES_CBC_decrypt_end\n\t"
 #else
+        "BNE.W	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_CBC_decrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_AES_CBC_decrypt_end\n\t"
+#else
+        "B.N	L_AES_CBC_decrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_decrypt_end_odd:\n\t"
+#else
+    "L_AES_CBC_decrypt_end_odd_%=:\n\t"
+#endif
         "LDR	r4, [sp, #4]\n\t"
         "LDRD	r8, r9, [r4, #16]\n\t"
         "LDRD	r10, r11, [r4, #24]\n\t"
         "STRD	r8, r9, [r4]\n\t"
         "STRD	r10, r11, [r4, #8]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_CBC_decrypt_end:\n\t"
+#else
+    "L_AES_CBC_decrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r4}\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
           [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
         :
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv)
-        : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
+#else
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
+        : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
+        : "memory", "r12", "lr", "r4", "r5", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)iv;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AES_CBC */
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-static const uint32_t L_GCM_gmult_len_r[] = {
+XALIGNED(16) static const word32 L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
@@ -2225,13 +2514,17 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
     register const unsigned char** m __asm__ ("r1") = (const unsigned char**)m_p;
     register const unsigned char* data __asm__ ("r2") = (const unsigned char*)data_p;
     register unsigned long len __asm__ ("r3") = (unsigned long)len_p;
-    register uint32_t* L_GCM_gmult_len_r_c __asm__ ("r4") = (uint32_t*)&L_GCM_gmult_len_r;
+    register word32* L_GCM_gmult_len_r_c __asm__ ("r4") = (word32*)&L_GCM_gmult_len_r;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "MOV	lr, %[L_GCM_gmult_len_r]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_GCM_gmult_len_start_block:\n\t"
+#else
+    "L_GCM_gmult_len_start_block_%=:\n\t"
+#endif
         "PUSH	{r3}\n\t"
         "LDR	r12, [r0, #12]\n\t"
         "LDR	%[len], [r2, #12]\n\t"
@@ -2776,24 +3069,27 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "POP	{r3}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	%[data], %[data], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_GCM_gmult_len_start_block\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_GCM_gmult_len_start_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_GCM_gmult_len_start_block\n\t"
+#else
+        "BNE.W	L_GCM_gmult_len_start_block_%=\n\t"
 #endif
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
           [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
         :
+        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
 #else
         : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len)
         : [L_GCM_gmult_len_r] "r" (L_GCM_gmult_len_r)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
-static const uint32_t* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data;
 void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -2809,7 +3105,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_gcm;
+    register word32* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_gcm;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -2833,19 +3129,27 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STM	r8, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r8}\n\t"
         "CMP	r12, #0xa\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_GCM_encrypt_start_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_GCM_encrypt_start_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_GCM_encrypt_start_block_128\n\t"
+#else
+        "BEQ.W	L_AES_GCM_encrypt_start_block_128_%=\n\t"
 #endif
         "CMP	r12, #0xc\n\t"
-#ifdef __GNUC__
-        "BEQ	L_AES_GCM_encrypt_start_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_AES_GCM_encrypt_start_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.W	L_AES_GCM_encrypt_start_block_192\n\t"
+#else
+        "BEQ.W	L_AES_GCM_encrypt_start_block_192_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_GCM_encrypt_loop_block_256:\n\t"
+#else
+    "L_AES_GCM_encrypt_loop_block_256_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
@@ -2881,20 +3185,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_GCM_encrypt_loop_block_256\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_GCM_encrypt_loop_block_256_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_GCM_encrypt_loop_block_256\n\t"
-#endif
-#ifdef __GNUC__
-        "B	L_AES_GCM_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_GCM_encrypt_loop_block_256_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_GCM_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.W	L_AES_GCM_encrypt_end\n\t"
+#else
+        "B.W	L_AES_GCM_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_GCM_encrypt_start_block_192:\n\t"
+#else
+    "L_AES_GCM_encrypt_start_block_192_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_GCM_encrypt_loop_block_192:\n\t"
+#else
+    "L_AES_GCM_encrypt_loop_block_192_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
@@ -2930,20 +3246,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_GCM_encrypt_loop_block_192\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_GCM_encrypt_loop_block_192_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_GCM_encrypt_loop_block_192\n\t"
-#endif
-#ifdef __GNUC__
-        "B	L_AES_GCM_encrypt_end\n\t"
 #else
+        "BNE.W	L_AES_GCM_encrypt_loop_block_192_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_AES_GCM_encrypt_end_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.W	L_AES_GCM_encrypt_end\n\t"
+#else
+        "B.W	L_AES_GCM_encrypt_end_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_GCM_encrypt_start_block_128:\n\t"
+#else
+    "L_AES_GCM_encrypt_start_block_128_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_GCM_encrypt_loop_block_128:\n\t"
+#else
+    "L_AES_GCM_encrypt_loop_block_128_%=:\n\t"
+#endif
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
@@ -2979,13 +3307,19 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
-#ifdef __GNUC__
-        "BNE	L_AES_GCM_encrypt_loop_block_128\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_AES_GCM_encrypt_loop_block_128_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_AES_GCM_encrypt_loop_block_128\n\t"
+#else
+        "BNE.W	L_AES_GCM_encrypt_loop_block_128_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_AES_GCM_encrypt_end:\n\t"
+#else
+    "L_AES_GCM_encrypt_end_%=:\n\t"
+#endif
         "POP	{%[ks], r8}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
@@ -2996,19 +3330,23 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr),
           [L_AES_Thumb2_te_gcm] "+r" (L_AES_Thumb2_te_gcm_c)
         :
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr)
-        : [L_AES_Thumb2_te_gcm] "r" (L_AES_Thumb2_te_gcm)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
+        : [L_AES_Thumb2_te_gcm] "r" (L_AES_Thumb2_te_gcm)
+        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)nr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
+    (void)ctr;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__thumb__) */
-#endif /* WOLFSSL_ARMASM */
-
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
new file mode 100644
index 000000000..5422a2f03
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
@@ -0,0 +1,575 @@
+/* thumb2-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef HAVE_CHACHA
+	.text
+	.align	4
+	.globl	wc_chacha_setiv
+	.type	wc_chacha_setiv, %function
+wc_chacha_setiv:
+	PUSH	{r4, r5, r6, lr}
+	ADD	r3, r0, #0x34
+	LDR	r4, [r1]
+	LDR	r5, [r1, #4]
+	LDR	r6, [r1, #8]
+	STR	r2, [r0, #48]
+#ifdef BIG_ENDIAN_ORDER
+	REV	r4, r4
+	REV	r5, r5
+	REV	r6, r6
+#endif /* BIG_ENDIAN_ORDER */
+	STM	r3, {r4, r5, r6}
+	POP	{r4, r5, r6, pc}
+	/* Cycle Count = 26 */
+	.size	wc_chacha_setiv,.-wc_chacha_setiv
+	.text
+	.type	L_chacha_thumb2_constants, %object
+	.size	L_chacha_thumb2_constants, 32
+	.align	4
+L_chacha_thumb2_constants:
+	.word	0x61707865
+	.word	0x3120646e
+	.word	0x79622d36
+	.word	0x6b206574
+	.word	0x61707865
+	.word	0x3320646e
+	.word	0x79622d32
+	.word	0x6b206574
+	.text
+	.align	4
+	.globl	wc_chacha_setkey
+	.type	wc_chacha_setkey, %function
+wc_chacha_setkey:
+	PUSH	{r4, r5, r6, r7, lr}
+	ADR	r7, L_chacha_thumb2_constants
+	SUBS	r2, r2, #0x10
+	ADD	r7, r7, r2
+	/* Start state with constants */
+	LDM	r7, {r3, r4, r5, r6}
+	STM	r0!, {r3, r4, r5, r6}
+	/* Next is first 16 bytes of key. */
+	LDR	r3, [r1]
+	LDR	r4, [r1, #4]
+	LDR	r5, [r1, #8]
+	LDR	r6, [r1, #12]
+#ifdef BIG_ENDIAN_ORDER
+	REV	r3, r3
+	REV	r4, r4
+	REV	r5, r5
+	REV	r6, r6
+#endif /* BIG_ENDIAN_ORDER */
+	STM	r0!, {r3, r4, r5, r6}
+	/* Next 16 bytes of key. */
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_setkey_same_keyb_ytes
+#else
+	BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes
+#endif
+	/* Update key pointer for next 16 bytes. */
+	ADD	r1, r1, r2
+	LDR	r3, [r1]
+	LDR	r4, [r1, #4]
+	LDR	r5, [r1, #8]
+	LDR	r6, [r1, #12]
+L_chacha_thumb2_setkey_same_keyb_ytes:
+	STM	r0, {r3, r4, r5, r6}
+	POP	{r4, r5, r6, r7, pc}
+	/* Cycle Count = 60 */
+	.size	wc_chacha_setkey,.-wc_chacha_setkey
+	.text
+	.align	4
+	.globl	wc_chacha_crypt_bytes
+	.type	wc_chacha_crypt_bytes, %function
+wc_chacha_crypt_bytes:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x34
+	MOV	lr, r0
+	STRD	r0, r1, [sp, #32]
+	STRD	r2, r3, [sp, #40]
+L_chacha_thumb2_crypt_block:
+	/* Put x[12]..x[15] onto stack. */
+	LDRD	r4, r5, [lr, #48]
+	LDRD	r6, r7, [lr, #56]
+	STRD	r4, r5, [sp, #16]
+	STRD	r6, r7, [sp, #24]
+	/* Load x[0]..x[12] into registers. */
+	LDM	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}
+	/* 10x 2 full rounds to perform. */
+	MOV	lr, #0xa
+	STR	lr, [sp, #48]
+L_chacha_thumb2_crypt_loop:
+	/* 0, 4,  8, 12 */
+	/* 1, 5,  9, 13 */
+	LDR	lr, [sp, #20]
+	ADD	r0, r0, r4
+	ADD	r1, r1, r5
+	EOR	r12, r12, r0
+	EOR	lr, lr, r1
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r8, r8, r12
+	ADD	r9, r9, lr
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	ROR	r4, r4, #20
+	ROR	r5, r5, #20
+	ADD	r0, r0, r4
+	ADD	r1, r1, r5
+	EOR	r12, r12, r0
+	EOR	lr, lr, r1
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r8, r8, r12
+	ADD	r9, r9, lr
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	ROR	r4, r4, #25
+	ROR	r5, r5, #25
+	STR	r12, [sp, #16]
+	STR	lr, [sp, #20]
+	/* 2, 6, 10, 14 */
+	/* 3, 7, 11, 15 */
+	LDR	r12, [sp, #24]
+	LDR	lr, [sp, #28]
+	ADD	r2, r2, r6
+	ADD	r3, r3, r7
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r10, r10, r12
+	ADD	r11, r11, lr
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	ROR	r6, r6, #20
+	ROR	r7, r7, #20
+	ADD	r2, r2, r6
+	ADD	r3, r3, r7
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r10, r10, r12
+	ADD	r11, r11, lr
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	ROR	r6, r6, #25
+	ROR	r7, r7, #25
+	/* 3, 4,  9, 14 */
+	/* 0, 5, 10, 15 */
+	ADD	r3, r3, r4
+	ADD	r0, r0, r5
+	EOR	r12, r12, r3
+	EOR	lr, lr, r0
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r9, r9, r12
+	ADD	r10, r10, lr
+	EOR	r4, r4, r9
+	EOR	r5, r5, r10
+	ROR	r4, r4, #20
+	ROR	r5, r5, #20
+	ADD	r3, r3, r4
+	ADD	r0, r0, r5
+	EOR	r12, r12, r3
+	EOR	lr, lr, r0
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r9, r9, r12
+	ADD	r10, r10, lr
+	EOR	r4, r4, r9
+	EOR	r5, r5, r10
+	ROR	r4, r4, #25
+	ROR	r5, r5, #25
+	STR	r12, [sp, #24]
+	STR	lr, [sp, #28]
+	LDR	r12, [sp, #16]
+	LDR	lr, [sp, #20]
+	/* 1, 6, 11, 12 */
+	/* 2, 7,  8, 13 */
+	ADD	r1, r1, r6
+	ADD	r2, r2, r7
+	EOR	r12, r12, r1
+	EOR	lr, lr, r2
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r11, r11, r12
+	ADD	r8, r8, lr
+	EOR	r6, r6, r11
+	EOR	r7, r7, r8
+	ROR	r6, r6, #20
+	ROR	r7, r7, #20
+	ADD	r1, r1, r6
+	ADD	r2, r2, r7
+	EOR	r12, r12, r1
+	EOR	lr, lr, r2
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r11, r11, r12
+	ADD	r8, r8, lr
+	EOR	r6, r6, r11
+	EOR	r7, r7, r8
+	ROR	r6, r6, #25
+	ROR	r7, r7, #25
+	STR	lr, [sp, #20]
+	/* Check if we have done enough rounds. */
+	LDR	lr, [sp, #48]
+	SUBS	lr, lr, #0x1
+	STR	lr, [sp, #48]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_chacha_thumb2_crypt_loop
+#else
+	BGT.N	L_chacha_thumb2_crypt_loop
+#endif
+	STM	sp, {r8, r9, r10, r11, r12}
+	LDR	lr, [sp, #32]
+	MOV	r12, sp
+	/* Add in original state */
+	LDM	lr!, {r8, r9, r10, r11}
+	ADD	r0, r0, r8
+	ADD	r1, r1, r9
+	ADD	r2, r2, r10
+	ADD	r3, r3, r11
+	LDM	lr!, {r8, r9, r10, r11}
+	ADD	r4, r4, r8
+	ADD	r5, r5, r9
+	ADD	r6, r6, r10
+	ADD	r7, r7, r11
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12!, {r8, r9}
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12!, {r8, r9}
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	ADD	r10, r10, #0x1
+	STM	r12!, {r8, r9}
+	STR	r10, [lr, #-8]
+	LDM	r12, {r8, r9}
+	LDM	lr, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12, {r8, r9}
+	LDR	r12, [sp, #44]
+	CMP	r12, #0x40
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_lt_block
+#else
+	BLT.N	L_chacha_thumb2_crypt_lt_block
+#endif
+	LDR	r12, [sp, #40]
+	LDR	lr, [sp, #36]
+	/* XOR state into 64 bytes. */
+	LDR	r8, [r12]
+	LDR	r9, [r12, #4]
+	LDR	r10, [r12, #8]
+	LDR	r11, [r12, #12]
+	EOR	r0, r0, r8
+	EOR	r1, r1, r9
+	EOR	r2, r2, r10
+	EOR	r3, r3, r11
+	STR	r0, [lr]
+	STR	r1, [lr, #4]
+	STR	r2, [lr, #8]
+	STR	r3, [lr, #12]
+	LDR	r8, [r12, #16]
+	LDR	r9, [r12, #20]
+	LDR	r10, [r12, #24]
+	LDR	r11, [r12, #28]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #16]
+	STR	r5, [lr, #20]
+	STR	r6, [lr, #24]
+	STR	r7, [lr, #28]
+	LDR	r4, [sp]
+	LDR	r5, [sp, #4]
+	LDR	r6, [sp, #8]
+	LDR	r7, [sp, #12]
+	LDR	r8, [r12, #32]
+	LDR	r9, [r12, #36]
+	LDR	r10, [r12, #40]
+	LDR	r11, [r12, #44]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #32]
+	STR	r5, [lr, #36]
+	STR	r6, [lr, #40]
+	STR	r7, [lr, #44]
+	LDR	r4, [sp, #16]
+	LDR	r5, [sp, #20]
+	LDR	r6, [sp, #24]
+	LDR	r7, [sp, #28]
+	LDR	r8, [r12, #48]
+	LDR	r9, [r12, #52]
+	LDR	r10, [r12, #56]
+	LDR	r11, [r12, #60]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #48]
+	STR	r5, [lr, #52]
+	STR	r6, [lr, #56]
+	STR	r7, [lr, #60]
+	LDR	r3, [sp, #44]
+	ADD	r12, r12, #0x40
+	ADD	lr, lr, #0x40
+	STR	r12, [sp, #40]
+	STR	lr, [sp, #36]
+	SUBS	r3, r3, #0x40
+	LDR	lr, [sp, #32]
+	STR	r3, [sp, #44]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_chacha_thumb2_crypt_block
+#else
+	BNE.N	L_chacha_thumb2_crypt_block
+#endif
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_done
+#else
+	B.N	L_chacha_thumb2_crypt_done
+#endif
+L_chacha_thumb2_crypt_lt_block:
+	/* Store in over field of ChaCha. */
+	LDR	lr, [sp, #32]
+	ADD	r12, lr, #0x44
+	STM	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}
+	LDM	sp, {r0, r1, r2, r3, r4, r5, r6, r7}
+	STM	r12, {r0, r1, r2, r3, r4, r5, r6, r7}
+	LDRD	r2, r3, [sp, #40]
+	LDR	r1, [sp, #36]
+	RSB	r12, r3, #0x40
+	STR	r12, [lr, #64]
+	ADD	lr, lr, #0x44
+L_chacha_thumb2_crypt_16byte_loop:
+	CMP	r3, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_word_loop
+#else
+	BLT.N	L_chacha_thumb2_crypt_word_loop
+#endif
+	/* 16 bytes of state XORed into message. */
+	LDM	lr!, {r4, r5, r6, r7}
+	LDR	r8, [r2]
+	LDR	r9, [r2, #4]
+	LDR	r10, [r2, #8]
+	LDR	r11, [r2, #12]
+	EOR	r8, r8, r4
+	EOR	r9, r9, r5
+	EOR	r10, r10, r6
+	EOR	r11, r11, r7
+	SUBS	r3, r3, #0x10
+	STR	r8, [r1]
+	STR	r9, [r1, #4]
+	STR	r10, [r1, #8]
+	STR	r11, [r1, #12]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	ADD	r2, r2, #0x10
+	ADD	r1, r1, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_16byte_loop
+#else
+	B.N	L_chacha_thumb2_crypt_16byte_loop
+#endif
+L_chacha_thumb2_crypt_word_loop:
+	CMP	r3, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_byte_start
+#else
+	BLT.N	L_chacha_thumb2_crypt_byte_start
+#endif
+	/* 4 bytes of state XORed into message. */
+	LDR	r4, [lr]
+	LDR	r8, [r2]
+	EOR	r8, r8, r4
+	SUBS	r3, r3, #0x4
+	STR	r8, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	ADD	lr, lr, #0x4
+	ADD	r2, r2, #0x4
+	ADD	r1, r1, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_word_loop
+#else
+	B.N	L_chacha_thumb2_crypt_word_loop
+#endif
+L_chacha_thumb2_crypt_byte_start:
+	LDR	r4, [lr]
+L_chacha_thumb2_crypt_byte_loop:
+	LDRB	r8, [r2]
+	EOR	r8, r8, r4
+	SUBS	r3, r3, #0x1
+	STRB	r8, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	LSR	r4, r4, #8
+	ADD	r2, r2, #0x1
+	ADD	r1, r1, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_byte_loop
+#else
+	B.N	L_chacha_thumb2_crypt_byte_loop
+#endif
+L_chacha_thumb2_crypt_done:
+	ADD	sp, sp, #0x34
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 508 */
+	.size	wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes
+	.text
+	.align	4
+	.globl	wc_chacha_use_over
+	.type	wc_chacha_use_over, %function
+wc_chacha_use_over:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+L_chacha_thumb2_over_16byte_loop:
+	CMP	r3, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_over_word_loop
+#else
+	BLT.N	L_chacha_thumb2_over_word_loop
+#endif
+	/* 16 bytes of state XORed into message. */
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
+	LDR	r8, [r2]
+	LDR	r9, [r2, #4]
+	LDR	r10, [r2, #8]
+	LDR	r11, [r2, #12]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	SUBS	r3, r3, #0x10
+	STR	r4, [r1]
+	STR	r5, [r1, #4]
+	STR	r6, [r1, #8]
+	STR	r7, [r1, #12]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x10
+	ADD	r2, r2, #0x10
+	ADD	r1, r1, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_16byte_loop
+#else
+	B.N	L_chacha_thumb2_over_16byte_loop
+#endif
+L_chacha_thumb2_over_word_loop:
+	CMP	r3, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_over_byte_loop
+#else
+	BLT.N	L_chacha_thumb2_over_byte_loop
+#endif
+	/* 4 bytes of state XORed into message. */
+	LDR	r4, [r0]
+	LDR	r8, [r2]
+	EOR	r4, r4, r8
+	SUBS	r3, r3, #0x4
+	STR	r4, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x4
+	ADD	r2, r2, #0x4
+	ADD	r1, r1, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_word_loop
+#else
+	B.N	L_chacha_thumb2_over_word_loop
+#endif
+L_chacha_thumb2_over_byte_loop:
+	/* 4 bytes of state XORed into message. */
+	LDRB	r4, [r0]
+	LDRB	r8, [r2]
+	EOR	r4, r4, r8
+	SUBS	r3, r3, #0x1
+	STRB	r4, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x1
+	ADD	r2, r2, #0x1
+	ADD	r1, r1, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_byte_loop
+#else
+	B.N	L_chacha_thumb2_over_byte_loop
+#endif
+L_chacha_thumb2_over_done:
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 108 */
+	.size	wc_chacha_use_over,.-wc_chacha_use_over
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
new file mode 100644
index 000000000..9707a9718
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
@@ -0,0 +1,731 @@
+/* thumb2-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_CHACHA
+#include <wolfssl/wolfcrypt/chacha.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p)
+#else
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x __asm__ ("r0") = (word32*)x_p;
+    register const byte* iv __asm__ ("r1") = (const byte*)iv_p;
+    register word32 counter __asm__ ("r2") = (word32)counter_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "ADD	r3, %[x], #0x34\n\t"
+        "LDR	r4, [%[iv]]\n\t"
+        "LDR	r5, [%[iv], #4]\n\t"
+        "LDR	r6, [%[iv], #8]\n\t"
+        "STR	%[counter], [%[x], #48]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "REV	r4, r4\n\t"
+        "REV	r5, r5\n\t"
+        "REV	r6, r6\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "STM	r3, {r4, r5, r6}\n\t"
+        : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter)
+        :
+        : "memory", "r3", "r4", "r5", "r6", "cc"
+    );
+}
+
+XALIGNED(16) static const word32 L_chacha_thumb2_constants[] = {
+    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
+    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p)
+#else
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x __asm__ ("r0") = (word32*)x_p;
+    register const byte* key __asm__ ("r1") = (const byte*)key_p;
+    register word32 keySz __asm__ ("r2") = (word32)keySz_p;
+    register word32* L_chacha_thumb2_constants_c __asm__ ("r3") = (word32*)&L_chacha_thumb2_constants;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r7, %[L_chacha_thumb2_constants]\n\t"
+        "SUBS	%[keySz], %[keySz], #0x10\n\t"
+        "ADD	r7, r7, %[keySz]\n\t"
+        /* Start state with constants */
+        "LDM	r7, {r3, r4, r5, r6}\n\t"
+        "STM	%[x]!, {r3, r4, r5, r6}\n\t"
+        /* Next is first 16 bytes of key. */
+        "LDR	r3, [%[key]]\n\t"
+        "LDR	r4, [%[key], #4]\n\t"
+        "LDR	r5, [%[key], #8]\n\t"
+        "LDR	r6, [%[key], #12]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "REV	r3, r3\n\t"
+        "REV	r4, r4\n\t"
+        "REV	r5, r5\n\t"
+        "REV	r6, r6\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "STM	%[x]!, {r3, r4, r5, r6}\n\t"
+        /* Next 16 bytes of key. */
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t"
+#endif
+        /* Update key pointer for next 16 bytes. */
+        "ADD	%[key], %[key], %[keySz]\n\t"
+        "LDR	r3, [%[key]]\n\t"
+        "LDR	r4, [%[key], #4]\n\t"
+        "LDR	r5, [%[key], #8]\n\t"
+        "LDR	r6, [%[key], #12]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_setkey_same_keyb_ytes:\n\t"
+#else
+    "L_chacha_thumb2_setkey_same_keyb_ytes_%=:\n\t"
+#endif
+        "STM	%[x], {r3, r4, r5, r6}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz),
+          [L_chacha_thumb2_constants] "+r" (L_chacha_thumb2_constants_c)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "cc"
+#else
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz)
+        : [L_chacha_thumb2_constants] "r" (L_chacha_thumb2_constants)
+        : "memory", "r4", "r5", "r6", "r7", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, word32 len_p)
+#else
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register ChaCha* ctx __asm__ ("r0") = (ChaCha*)ctx_p;
+    register byte* c __asm__ ("r1") = (byte*)c_p;
+    register const byte* m __asm__ ("r2") = (const byte*)m_p;
+    register word32 len __asm__ ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x34\n\t"
+        "MOV	lr, %[ctx]\n\t"
+        "STRD	%[ctx], %[c], [sp, #32]\n\t"
+        "STRD	%[m], %[len], [sp, #40]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_block:\n\t"
+#else
+    "L_chacha_thumb2_crypt_block_%=:\n\t"
+#endif
+        /* Put x[12]..x[15] onto stack. */
+        "LDRD	r4, r5, [lr, #48]\n\t"
+        "LDRD	r6, r7, [lr, #56]\n\t"
+        "STRD	r4, r5, [sp, #16]\n\t"
+        "STRD	r6, r7, [sp, #24]\n\t"
+        /* Load x[0]..x[12] into registers. */
+        "LDM	lr, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
+        /* 10x 2 full rounds to perform. */
+        "MOV	lr, #0xa\n\t"
+        "STR	lr, [sp, #48]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_loop_%=:\n\t"
+#endif
+        /* 0, 4,  8, 12 */
+        /* 1, 5,  9, 13 */
+        "LDR	lr, [sp, #20]\n\t"
+        "ADD	%[ctx], %[ctx], r4\n\t"
+        "ADD	%[c], %[c], r5\n\t"
+        "EOR	r12, r12, %[ctx]\n\t"
+        "EOR	lr, lr, %[c]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r8, r8, r12\n\t"
+        "ADD	r9, r9, lr\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "ROR	r4, r4, #20\n\t"
+        "ROR	r5, r5, #20\n\t"
+        "ADD	%[ctx], %[ctx], r4\n\t"
+        "ADD	%[c], %[c], r5\n\t"
+        "EOR	r12, r12, %[ctx]\n\t"
+        "EOR	lr, lr, %[c]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r8, r8, r12\n\t"
+        "ADD	r9, r9, lr\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "ROR	r4, r4, #25\n\t"
+        "ROR	r5, r5, #25\n\t"
+        "STR	r12, [sp, #16]\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* 2, 6, 10, 14 */
+        /* 3, 7, 11, 15 */
+        "LDR	r12, [sp, #24]\n\t"
+        "LDR	lr, [sp, #28]\n\t"
+        "ADD	%[m], %[m], r6\n\t"
+        "ADD	%[len], %[len], r7\n\t"
+        "EOR	r12, r12, %[m]\n\t"
+        "EOR	lr, lr, %[len]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r10, r10, r12\n\t"
+        "ADD	r11, r11, lr\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "ROR	r6, r6, #20\n\t"
+        "ROR	r7, r7, #20\n\t"
+        "ADD	%[m], %[m], r6\n\t"
+        "ADD	%[len], %[len], r7\n\t"
+        "EOR	r12, r12, %[m]\n\t"
+        "EOR	lr, lr, %[len]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r10, r10, r12\n\t"
+        "ADD	r11, r11, lr\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "ROR	r6, r6, #25\n\t"
+        "ROR	r7, r7, #25\n\t"
+        /* 3, 4,  9, 14 */
+        /* 0, 5, 10, 15 */
+        "ADD	%[len], %[len], r4\n\t"
+        "ADD	%[ctx], %[ctx], r5\n\t"
+        "EOR	r12, r12, %[len]\n\t"
+        "EOR	lr, lr, %[ctx]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r9, r9, r12\n\t"
+        "ADD	r10, r10, lr\n\t"
+        "EOR	r4, r4, r9\n\t"
+        "EOR	r5, r5, r10\n\t"
+        "ROR	r4, r4, #20\n\t"
+        "ROR	r5, r5, #20\n\t"
+        "ADD	%[len], %[len], r4\n\t"
+        "ADD	%[ctx], %[ctx], r5\n\t"
+        "EOR	r12, r12, %[len]\n\t"
+        "EOR	lr, lr, %[ctx]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r9, r9, r12\n\t"
+        "ADD	r10, r10, lr\n\t"
+        "EOR	r4, r4, r9\n\t"
+        "EOR	r5, r5, r10\n\t"
+        "ROR	r4, r4, #25\n\t"
+        "ROR	r5, r5, #25\n\t"
+        "STR	r12, [sp, #24]\n\t"
+        "STR	lr, [sp, #28]\n\t"
+        "LDR	r12, [sp, #16]\n\t"
+        "LDR	lr, [sp, #20]\n\t"
+        /* 1, 6, 11, 12 */
+        /* 2, 7,  8, 13 */
+        "ADD	%[c], %[c], r6\n\t"
+        "ADD	%[m], %[m], r7\n\t"
+        "EOR	r12, r12, %[c]\n\t"
+        "EOR	lr, lr, %[m]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r11, r11, r12\n\t"
+        "ADD	r8, r8, lr\n\t"
+        "EOR	r6, r6, r11\n\t"
+        "EOR	r7, r7, r8\n\t"
+        "ROR	r6, r6, #20\n\t"
+        "ROR	r7, r7, #20\n\t"
+        "ADD	%[c], %[c], r6\n\t"
+        "ADD	%[m], %[m], r7\n\t"
+        "EOR	r12, r12, %[c]\n\t"
+        "EOR	lr, lr, %[m]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r11, r11, r12\n\t"
+        "ADD	r8, r8, lr\n\t"
+        "EOR	r6, r6, r11\n\t"
+        "EOR	r7, r7, r8\n\t"
+        "ROR	r6, r6, #25\n\t"
+        "ROR	r7, r7, #25\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* Check if we have done enough rounds. */
+        "LDR	lr, [sp, #48]\n\t"
+        "SUBS	lr, lr, #0x1\n\t"
+        "STR	lr, [sp, #48]\n\t"
+#if defined(__GNUC__)
+        "BGT	L_chacha_thumb2_crypt_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_chacha_thumb2_crypt_loop\n\t"
+#else
+        "BGT.N	L_chacha_thumb2_crypt_loop_%=\n\t"
+#endif
+        "STM	sp, {r8, r9, r10, r11, r12}\n\t"
+        "LDR	lr, [sp, #32]\n\t"
+        "MOV	r12, sp\n\t"
+        /* Add in original state */
+        "LDM	lr!, {r8, r9, r10, r11}\n\t"
+        "ADD	%[ctx], %[ctx], r8\n\t"
+        "ADD	%[c], %[c], r9\n\t"
+        "ADD	%[m], %[m], r10\n\t"
+        "ADD	%[len], %[len], r11\n\t"
+        "LDM	lr!, {r8, r9, r10, r11}\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "ADD	r6, r6, r10\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "ADD	r10, r10, #0x1\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "STR	r10, [lr, #-8]\n\t"
+        "LDM	r12, {r8, r9}\n\t"
+        "LDM	lr, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12, {r8, r9}\n\t"
+        "LDR	r12, [sp, #44]\n\t"
+        "CMP	r12, #0x40\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_lt_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_lt_block\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_lt_block_%=\n\t"
+#endif
+        "LDR	r12, [sp, #40]\n\t"
+        "LDR	lr, [sp, #36]\n\t"
+        /* XOR state into 64 bytes. */
+        "LDR	r8, [r12]\n\t"
+        "LDR	r9, [r12, #4]\n\t"
+        "LDR	r10, [r12, #8]\n\t"
+        "LDR	r11, [r12, #12]\n\t"
+        "EOR	%[ctx], %[ctx], r8\n\t"
+        "EOR	%[c], %[c], r9\n\t"
+        "EOR	%[m], %[m], r10\n\t"
+        "EOR	%[len], %[len], r11\n\t"
+        "STR	%[ctx], [lr]\n\t"
+        "STR	%[c], [lr, #4]\n\t"
+        "STR	%[m], [lr, #8]\n\t"
+        "STR	%[len], [lr, #12]\n\t"
+        "LDR	r8, [r12, #16]\n\t"
+        "LDR	r9, [r12, #20]\n\t"
+        "LDR	r10, [r12, #24]\n\t"
+        "LDR	r11, [r12, #28]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #16]\n\t"
+        "STR	r5, [lr, #20]\n\t"
+        "STR	r6, [lr, #24]\n\t"
+        "STR	r7, [lr, #28]\n\t"
+        "LDR	r4, [sp]\n\t"
+        "LDR	r5, [sp, #4]\n\t"
+        "LDR	r6, [sp, #8]\n\t"
+        "LDR	r7, [sp, #12]\n\t"
+        "LDR	r8, [r12, #32]\n\t"
+        "LDR	r9, [r12, #36]\n\t"
+        "LDR	r10, [r12, #40]\n\t"
+        "LDR	r11, [r12, #44]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #32]\n\t"
+        "STR	r5, [lr, #36]\n\t"
+        "STR	r6, [lr, #40]\n\t"
+        "STR	r7, [lr, #44]\n\t"
+        "LDR	r4, [sp, #16]\n\t"
+        "LDR	r5, [sp, #20]\n\t"
+        "LDR	r6, [sp, #24]\n\t"
+        "LDR	r7, [sp, #28]\n\t"
+        "LDR	r8, [r12, #48]\n\t"
+        "LDR	r9, [r12, #52]\n\t"
+        "LDR	r10, [r12, #56]\n\t"
+        "LDR	r11, [r12, #60]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #48]\n\t"
+        "STR	r5, [lr, #52]\n\t"
+        "STR	r6, [lr, #56]\n\t"
+        "STR	r7, [lr, #60]\n\t"
+        "LDR	%[len], [sp, #44]\n\t"
+        "ADD	r12, r12, #0x40\n\t"
+        "ADD	lr, lr, #0x40\n\t"
+        "STR	r12, [sp, #40]\n\t"
+        "STR	lr, [sp, #36]\n\t"
+        "SUBS	%[len], %[len], #0x40\n\t"
+        "LDR	lr, [sp, #32]\n\t"
+        "STR	%[len], [sp, #44]\n\t"
+#if defined(__GNUC__)
+        "BNE	L_chacha_thumb2_crypt_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_chacha_thumb2_crypt_block\n\t"
+#else
+        "BNE.N	L_chacha_thumb2_crypt_block_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_lt_block:\n\t"
+#else
+    "L_chacha_thumb2_crypt_lt_block_%=:\n\t"
+#endif
+        /* Store in over field of ChaCha. */
+        "LDR	lr, [sp, #32]\n\t"
+        "ADD	r12, lr, #0x44\n\t"
+        "STM	r12!, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "LDM	sp, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "STM	r12, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "LDRD	%[m], %[len], [sp, #40]\n\t"
+        "LDR	%[c], [sp, #36]\n\t"
+        "RSB	r12, %[len], #0x40\n\t"
+        "STR	r12, [lr, #64]\n\t"
+        "ADD	lr, lr, #0x44\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_16byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_16byte_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x10\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_word_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#endif
+        /* 16 bytes of state XORed into message. */
+        "LDM	lr!, {r4, r5, r6, r7}\n\t"
+        "LDR	r8, [%[m]]\n\t"
+        "LDR	r9, [%[m], #4]\n\t"
+        "LDR	r10, [%[m], #8]\n\t"
+        "LDR	r11, [%[m], #12]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "EOR	r9, r9, r5\n\t"
+        "EOR	r10, r10, r6\n\t"
+        "EOR	r11, r11, r7\n\t"
+        "SUBS	%[len], %[len], #0x10\n\t"
+        "STR	r8, [%[c]]\n\t"
+        "STR	r9, [%[c], #4]\n\t"
+        "STR	r10, [%[c], #8]\n\t"
+        "STR	r11, [%[c], #12]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "ADD	%[m], %[m], #0x10\n\t"
+        "ADD	%[c], %[c], #0x10\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_16byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_16byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_16byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_word_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_word_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x4\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_byte_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_byte_start\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_byte_start_%=\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDR	r4, [lr]\n\t"
+        "LDR	r8, [%[m]]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "SUBS	%[len], %[len], #0x4\n\t"
+        "STR	r8, [%[c]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "ADD	lr, lr, #0x4\n\t"
+        "ADD	%[m], %[m], #0x4\n\t"
+        "ADD	%[c], %[c], #0x4\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_word_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_byte_start:\n\t"
+#else
+    "L_chacha_thumb2_crypt_byte_start_%=:\n\t"
+#endif
+        "LDR	r4, [lr]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_byte_loop_%=:\n\t"
+#endif
+        "LDRB	r8, [%[m]]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "STRB	r8, [%[c]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "LSR	r4, r4, #8\n\t"
+        "ADD	%[m], %[m], #0x1\n\t"
+        "ADD	%[c], %[c], #0x1\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_done:\n\t"
+#else
+    "L_chacha_thumb2_crypt_done_%=:\n\t"
+#endif
+        "ADD	sp, sp, #0x34\n\t"
+        : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, word32 len_p)
+#else
+void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register byte* over __asm__ ("r0") = (byte*)over_p;
+    register byte* output __asm__ ("r1") = (byte*)output_p;
+    register const byte* input __asm__ ("r2") = (const byte*)input_p;
+    register word32 len __asm__ ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_16byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_16byte_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x10\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_over_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_over_word_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_over_word_loop_%=\n\t"
+#endif
+        /* 16 bytes of state XORed into message. */
+        "LDR	r4, [%[over]]\n\t"
+        "LDR	r5, [%[over], #4]\n\t"
+        "LDR	r6, [%[over], #8]\n\t"
+        "LDR	r7, [%[over], #12]\n\t"
+        "LDR	r8, [%[input]]\n\t"
+        "LDR	r9, [%[input], #4]\n\t"
+        "LDR	r10, [%[input], #8]\n\t"
+        "LDR	r11, [%[input], #12]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "SUBS	%[len], %[len], #0x10\n\t"
+        "STR	r4, [%[output]]\n\t"
+        "STR	r5, [%[output], #4]\n\t"
+        "STR	r6, [%[output], #8]\n\t"
+        "STR	r7, [%[output], #12]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x10\n\t"
+        "ADD	%[input], %[input], #0x10\n\t"
+        "ADD	%[output], %[output], #0x10\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_16byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_16byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_16byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_word_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_word_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x4\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_over_byte_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDR	r4, [%[over]]\n\t"
+        "LDR	r8, [%[input]]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "SUBS	%[len], %[len], #0x4\n\t"
+        "STR	r4, [%[output]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x4\n\t"
+        "ADD	%[input], %[input], #0x4\n\t"
+        "ADD	%[output], %[output], #0x4\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_word_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_word_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_byte_loop_%=:\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDRB	r4, [%[over]]\n\t"
+        "LDRB	r8, [%[input]]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "STRB	r4, [%[output]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x1\n\t"
+        "ADD	%[input], %[input], #0x1\n\t"
+        "ADD	%[output], %[output], #0x1\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_done:\n\t"
+#else
+    "L_chacha_thumb2_over_done_%=:\n\t"
+#endif
+        : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), [len] "+r" (len)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+    );
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha.c b/wolfcrypt/src/port/arm/thumb2-chacha.c
new file mode 100644
index 000000000..58d23203b
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha.c
@@ -0,0 +1,178 @@
+/* thumb2-chacha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_THUMB2)
+#ifdef HAVE_CHACHA
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+#ifdef CHACHA_TEST
+    #include <stdio.h>
+#endif
+
+
+/* Set the Initialization Vector (IV) and counter into ChaCha context.
+ *
+ * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
+ * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
+ *
+ * @param [in] ctx      ChaCha context.
+ * @param [in] iv       IV to set.
+ * @param [in] counter  Starting value of counter.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or IV is NULL.
+ */
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter)
+{
+    int ret = 0;
+#ifdef CHACHA_AEAD_TEST
+    word32 i;
+
+    printf("NONCE : ");
+    if (iv != NULL) {
+        for (i = 0; i < CHACHA_IV_BYTES; i++) {
+            printf("%02x", iv[i]);
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (iv == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* No unused bytes to XOR into input. */
+        ctx->left = 0;
+
+        /* Set counter and IV into state. */
+        wc_chacha_setiv(ctx->X, iv, counter);
+    }
+
+    return ret;
+}
+
+/* Set the key into the ChaCha context.
+ *
+ * Key setup. 8 word iv (nonce)
+ *
+ * @param [in] ctx    ChaCha context.
+ * @param [in] key    Key to set.
+ * @param [in] keySz  Length of key in bytes. Valid values:
+ *                        CHACHA_MAX_KEY_SZ and (CHACHA_MAX_KEY_SZ / 2)
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL.
+ * @return  BAD_FUNC_ARG when keySz is invalid.
+ */
+int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    printf("ChaCha key used :\n");
+    if (key != NULL) {
+        word32 i;
+        for (i = 0; i < keySz; i++) {
+            printf("%02x", key[i]);
+            if ((i % 8) == 7)
+               printf("\n");
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) &&
+             (keySz !=  CHACHA_MAX_KEY_SZ     )) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ctx->left = 0;
+
+        wc_chacha_setkey(ctx->X, key, keySz);
+    }
+
+    return ret;
+}
+
+/* API to encrypt/decrypt a message of any size.
+ *
+ * @param [in]  ctx     ChaCha context.
+ * @param [out] output  Enciphered output.
+ * @param [in]  input   Input to encipher.
+ * @param [in]  len     Length of input in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx, output or input is NULL.
+ */
+int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 len)
+{
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Handle left over bytes from last block. */
+    if ((ret == 0) && (len > 0) && (ctx->left > 0)) {
+        byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;
+        word32 l = min(len, ctx->left);
+
+        wc_chacha_use_over(over, output, input, l);
+
+        ctx->left -= l;
+        input += l;
+        output += l;
+        len -= l;
+    }
+
+    if ((ret == 0) && (len != 0)) {
+        wc_chacha_crypt_bytes(ctx, output, input, len);
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S
index e6b5dcf5d..735fc58e1 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519.S
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S
@@ -1,6 +1,6 @@
 /* thumb2-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1511,7 +1511,7 @@ fe_cmov_table:
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_mul_op
@@ -2023,7 +2023,7 @@ fe_mul_op:
 	POP	{pc}
 	/* Cycle Count = 239 */
 	.size	fe_mul_op,.-fe_mul_op
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_mul
@@ -2034,7 +2034,7 @@ fe_mul:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 24 */
 	.size	fe_mul,.-fe_mul
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_sq_op
@@ -2425,7 +2425,7 @@ fe_sq_op:
 	POP	{pc}
 	/* Cycle Count = 179 */
 	.size	fe_sq_op,.-fe_sq_op
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_sq
@@ -2437,7 +2437,7 @@ fe_sq:
 	/* Cycle Count = 24 */
 	.size	fe_sq,.-fe_sq
 #ifdef HAVE_CURVE25519
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_mul121666
@@ -2524,7 +2524,7 @@ fe_mul121666:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 69 */
 	.size	fe_mul121666,.-fe_mul121666
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WC_NO_CACHE_RESISTANT
 	.text
 	.align	4
@@ -2741,7 +2741,7 @@ L_curve25519_bits:
 	LDR	r1, [sp, #180]
 	SUBS	r1, r1, #0x1
 	STR	r1, [sp, #180]
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BGE	L_curve25519_bits
 #else
 	BGE.W	L_curve25519_bits
@@ -2750,7 +2750,7 @@ L_curve25519_bits:
 	STR	r1, [sp, #180]
 	SUBS	r2, r2, #0x4
 	STR	r2, [sp, #176]
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BGE	L_curve25519_words
 #else
 	BGE.W	L_curve25519_words
@@ -3466,7 +3466,7 @@ L_fe_invert8:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 292 */
 	.size	fe_invert,.-fe_invert
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_sq2
@@ -3925,7 +3925,7 @@ fe_sq2:
 	POP	{pc}
 	/* Cycle Count = 213 */
 	.size	fe_sq2,.-fe_sq2
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_pow22523
@@ -4535,7 +4535,7 @@ ge_sub:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 138 */
 	.size	ge_sub,.-ge_sub
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	sc_reduce
@@ -5258,9 +5258,9 @@ sc_reduce:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 502 */
 	.size	sc_reduce,.-sc_reduce
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifdef HAVE_ED25519_SIGN
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	sc_muladd
@@ -6470,13 +6470,13 @@ sc_muladd:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 752 */
 	.size	sc_muladd,.-sc_muladd
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
index 0457266c0..455a26270 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
@@ -1,6 +1,6 @@
 /* thumb2-curve25519
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,19 +28,12 @@
     #include <config.h>
 #endif /* HAVE_CONFIG_H */
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-#include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -540,7 +533,7 @@ int fe_isnonzero(const fe a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -572,7 +565,7 @@ int fe_isnegative(const fe a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
@@ -1674,7 +1667,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 void fe_mul_op(void);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul_op()
@@ -2200,7 +2193,7 @@ void fe_mul_op()
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul(fe r_p, const fe a_p, const fe b_p)
 #else
@@ -2221,7 +2214,7 @@ void fe_mul(fe r, const fe a, const fe b)
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 void fe_sq_op(void);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq_op()
@@ -2626,7 +2619,7 @@ void fe_sq_op()
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq(fe r_p, const fe a_p)
 #else
@@ -2647,7 +2640,7 @@ void fe_sq(fe r, const fe a)
 }
 
 #ifdef HAVE_CURVE25519
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul121666(fe r_p, fe a_p)
 #else
@@ -2752,7 +2745,7 @@ void fe_mul121666(fe r, fe a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WC_NO_CACHE_RESISTANT
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
@@ -2796,9 +2789,17 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "MOV	%[a], #0x1c\n\t"
         "STR	%[a], [sp, #176]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_words:\n\t"
+#else
+    "L_curve25519_words_%=:\n\t"
+#endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_bits:\n\t"
+#else
+    "L_curve25519_bits_%=:\n\t"
+#endif
         "LDR	%[n], [sp, #164]\n\t"
         "LDR	%[a], [%[n], r2]\n\t"
         "LDR	%[n], [sp, #180]\n\t"
@@ -2978,19 +2979,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "LDR	%[n], [sp, #180]\n\t"
         "SUBS	%[n], %[n], #0x1\n\t"
         "STR	%[n], [sp, #180]\n\t"
-#ifdef __GNUC__
-        "BGE	L_curve25519_bits\n\t"
-#else
+#if defined(__GNUC__)
+        "BGE	L_curve25519_bits_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGE.W	L_curve25519_bits\n\t"
+#else
+        "BGE.W	L_curve25519_bits_%=\n\t"
 #endif
         "MOV	%[n], #0x1f\n\t"
         "STR	%[n], [sp, #180]\n\t"
         "SUBS	%[a], %[a], #0x4\n\t"
         "STR	%[a], [sp, #176]\n\t"
-#ifdef __GNUC__
-        "BGE	L_curve25519_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BGE	L_curve25519_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGE.W	L_curve25519_words\n\t"
+#else
+        "BGE.W	L_curve25519_words_%=\n\t"
 #endif
         /* Invert */
         "ADD	r1, sp, #0x0\n\t"
@@ -3022,17 +3027,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_1:\n\t"
+#else
+    "L_curve25519_inv_1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_1\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_1\n\t"
+#else
+        "BNE.N	L_curve25519_inv_1_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3043,17 +3054,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_2:\n\t"
+#else
+    "L_curve25519_inv_2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_2\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_2\n\t"
+#else
+        "BNE.N	L_curve25519_inv_2_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3064,17 +3081,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_3:\n\t"
+#else
+    "L_curve25519_inv_3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_3\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_3\n\t"
+#else
+        "BNE.N	L_curve25519_inv_3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3082,17 +3105,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_4:\n\t"
+#else
+    "L_curve25519_inv_4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_4\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_4\n\t"
+#else
+        "BNE.N	L_curve25519_inv_4_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3103,17 +3132,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_5:\n\t"
+#else
+    "L_curve25519_inv_5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_5\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_5\n\t"
+#else
+        "BNE.N	L_curve25519_inv_5_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3124,17 +3159,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_6:\n\t"
+#else
+    "L_curve25519_inv_6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_6\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_6\n\t"
+#else
+        "BNE.N	L_curve25519_inv_6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3142,17 +3183,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_7:\n\t"
+#else
+    "L_curve25519_inv_7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_7\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_7\n\t"
+#else
+        "BNE.N	L_curve25519_inv_7_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3160,17 +3207,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x5\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_8:\n\t"
+#else
+    "L_curve25519_inv_8_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_8\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_8\n\t"
+#else
+        "BNE.N	L_curve25519_inv_8_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3186,7 +3239,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -3234,7 +3287,11 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "STM	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "MOV	%[a], #0xfe\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_bits:\n\t"
+#else
+    "L_curve25519_bits_%=:\n\t"
+#endif
         "STR	%[a], [sp, #168]\n\t"
         "LDR	%[n], [sp, #160]\n\t"
         "AND	r4, %[a], #0x1f\n\t"
@@ -3319,10 +3376,12 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "LDR	%[a], [sp, #168]\n\t"
         "SUBS	%[a], %[a], #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGE	L_curve25519_bits\n\t"
-#else
+#if defined(__GNUC__)
+        "BGE	L_curve25519_bits_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGE.N	L_curve25519_bits\n\t"
+#else
+        "BGE.N	L_curve25519_bits_%=\n\t"
 #endif
         /*   Cycle Count: 171 */
         "LDR	%[n], [sp, #184]\n\t"
@@ -3359,17 +3418,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_1:\n\t"
+#else
+    "L_curve25519_inv_1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_1\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_1\n\t"
+#else
+        "BNE.N	L_curve25519_inv_1_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3380,17 +3445,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_2:\n\t"
+#else
+    "L_curve25519_inv_2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_2\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_2\n\t"
+#else
+        "BNE.N	L_curve25519_inv_2_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3401,17 +3472,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_3:\n\t"
+#else
+    "L_curve25519_inv_3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_3\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_3\n\t"
+#else
+        "BNE.N	L_curve25519_inv_3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3419,17 +3496,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_4:\n\t"
+#else
+    "L_curve25519_inv_4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_4\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_4\n\t"
+#else
+        "BNE.N	L_curve25519_inv_4_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3440,17 +3523,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_5:\n\t"
+#else
+    "L_curve25519_inv_5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_5\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_5\n\t"
+#else
+        "BNE.N	L_curve25519_inv_5_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3461,17 +3550,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_6:\n\t"
+#else
+    "L_curve25519_inv_6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x80\n\t"
         "ADD	r0, sp, #0x80\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_6\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_6\n\t"
+#else
+        "BNE.N	L_curve25519_inv_6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x60\n\t"
         "ADD	r1, sp, #0x80\n\t"
@@ -3479,17 +3574,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_7:\n\t"
+#else
+    "L_curve25519_inv_7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_7\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_7\n\t"
+#else
+        "BNE.N	L_curve25519_inv_7_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3497,17 +3598,23 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x5\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_curve25519_inv_8:\n\t"
+#else
+    "L_curve25519_inv_8_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_curve25519_inv_8\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_curve25519_inv_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_curve25519_inv_8\n\t"
+#else
+        "BNE.N	L_curve25519_inv_8_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3538,7 +3645,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
@@ -3589,17 +3696,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert1:\n\t"
+#else
+    "L_fe_invert1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert1\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert1\n\t"
+#else
+        "BNE.N	L_fe_invert1_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3610,17 +3723,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert2:\n\t"
+#else
+    "L_fe_invert2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert2\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert2\n\t"
+#else
+        "BNE.N	L_fe_invert2_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3631,17 +3750,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert3:\n\t"
+#else
+    "L_fe_invert3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert3\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert3\n\t"
+#else
+        "BNE.N	L_fe_invert3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3649,17 +3774,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert4:\n\t"
+#else
+    "L_fe_invert4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert4\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert4\n\t"
+#else
+        "BNE.N	L_fe_invert4_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3670,17 +3801,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert5:\n\t"
+#else
+    "L_fe_invert5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert5\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert5\n\t"
+#else
+        "BNE.N	L_fe_invert5_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3691,17 +3828,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert6:\n\t"
+#else
+    "L_fe_invert6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x60\n\t"
         "ADD	r0, sp, #0x60\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert6\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert6\n\t"
+#else
+        "BNE.N	L_fe_invert6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x40\n\t"
         "ADD	r1, sp, #0x60\n\t"
@@ -3709,17 +3852,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert7:\n\t"
+#else
+    "L_fe_invert7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert7\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert7\n\t"
+#else
+        "BNE.N	L_fe_invert7_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -3727,17 +3876,23 @@ void fe_invert(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x5\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_invert8:\n\t"
+#else
+    "L_fe_invert8_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_invert8\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_invert8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_invert8\n\t"
+#else
+        "BNE.N	L_fe_invert8_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -3752,7 +3907,7 @@ void fe_invert(fe r, const fe a)
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq2(fe r_p, const fe a_p)
 #else
@@ -4229,7 +4384,7 @@ void fe_sq2(fe r, const fe a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_pow22523(fe r_p, const fe a_p)
 #else
@@ -4275,17 +4430,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_1:\n\t"
+#else
+    "L_fe_pow22523_1_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_1\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_1\n\t"
+#else
+        "BNE.N	L_fe_pow22523_1_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4296,17 +4457,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x9\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_2:\n\t"
+#else
+    "L_fe_pow22523_2_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_2\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_2\n\t"
+#else
+        "BNE.N	L_fe_pow22523_2_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4317,17 +4484,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x13\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_3:\n\t"
+#else
+    "L_fe_pow22523_3_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_3\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_3\n\t"
+#else
+        "BNE.N	L_fe_pow22523_3_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -4335,17 +4508,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0xa\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_4:\n\t"
+#else
+    "L_fe_pow22523_4_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_4\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_4\n\t"
+#else
+        "BNE.N	L_fe_pow22523_4_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4356,17 +4535,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x31\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_5:\n\t"
+#else
+    "L_fe_pow22523_5_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_5\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_5\n\t"
+#else
+        "BNE.N	L_fe_pow22523_5_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4377,17 +4562,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         "MOV	r12, #0x63\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_6:\n\t"
+#else
+    "L_fe_pow22523_6_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x40\n\t"
         "ADD	r0, sp, #0x40\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_6\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_6\n\t"
+#else
+        "BNE.N	L_fe_pow22523_6_%=\n\t"
 #endif
         "ADD	r2, sp, #0x20\n\t"
         "ADD	r1, sp, #0x40\n\t"
@@ -4395,17 +4586,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x32\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_7:\n\t"
+#else
+    "L_fe_pow22523_7_%=:\n\t"
+#endif
         "ADD	r1, sp, #0x20\n\t"
         "ADD	r0, sp, #0x20\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_7\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_7\n\t"
+#else
+        "BNE.N	L_fe_pow22523_7_%=\n\t"
 #endif
         "MOV	r2, sp\n\t"
         "ADD	r1, sp, #0x20\n\t"
@@ -4413,17 +4610,23 @@ void fe_pow22523(fe r, const fe a)
         "BL	fe_mul_op\n\t"
         "MOV	r12, #0x2\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_fe_pow22523_8:\n\t"
+#else
+    "L_fe_pow22523_8_%=:\n\t"
+#endif
         "MOV	r1, sp\n\t"
         "MOV	r0, sp\n\t"
         "PUSH	{r12}\n\t"
         "BL	fe_sq_op\n\t"
         "POP	{r12}\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_fe_pow22523_8\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_fe_pow22523_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_fe_pow22523_8\n\t"
+#else
+        "BNE.N	L_fe_pow22523_8_%=\n\t"
 #endif
         "LDR	r2, [sp, #100]\n\t"
         "MOV	r1, sp\n\t"
@@ -4923,7 +5126,7 @@ void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_reduce(byte* s_p)
 #else
@@ -5662,9 +5865,9 @@ void sc_reduce(byte* s)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifdef HAVE_ED25519_SIGN
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
@@ -6896,15 +7099,12 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__thumb__) */
-#endif /* WOLFSSL_ARMASM */
-
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm.S b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S
new file mode 100644
index 000000000..1c3761d57
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S
@@ -0,0 +1,3903 @@
+/* thumb2-kyber-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef WOLFSSL_WC_KYBER
+	.text
+	.type	L_kyber_thumb2_ntt_zetas, %object
+	.size	L_kyber_thumb2_ntt_zetas, 256
+	.align	4
+L_kyber_thumb2_ntt_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_thumb2_ntt
+	.type	kyber_thumb2_ntt, %function
+kyber_thumb2_ntt:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x8
+	ADR	r1, L_kyber_thumb2_ntt_zetas
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r2, #0x10
+L_kyber_thumb2_ntt_loop_123:
+	STR	r2, [sp]
+	LDRH	lr, [r1, #2]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #64]
+	LDR	r4, [r0, #128]
+	LDR	r5, [r0, #192]
+	LDR	r6, [r0, #256]
+	LDR	r7, [r0, #320]
+	LDR	r8, [r0, #384]
+	LDR	r9, [r0, #448]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r11, r12, r11, r6
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r6, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r6, r6, #16
+	MUL	r10, r11, r10
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r6
+	SUB	r6, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r6, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r5, r10
+	SADD16	r5, r5, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r5, r11
+	ADD	r5, r5, r11
+	SUB	r11, r5, r10, LSR #16
+	ADD	r10, r5, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #4]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #8]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r11, r12, r11, r3
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r3, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r3, r3, #16
+	MUL	r10, r11, r10
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r3
+	SUB	r3, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r3, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r5
+	SMULTT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #12]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r8, r10
+	SADD16	r8, r8, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r8, r11
+	ADD	r8, r8, r11
+	SUB	r11, r8, r10, LSR #16
+	ADD	r10, r8, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #64]
+	STR	r4, [r0, #128]
+	STR	r5, [r0, #192]
+	STR	r6, [r0, #256]
+	STR	r7, [r0, #320]
+	STR	r8, [r0, #384]
+	STR	r9, [r0, #448]
+	LDR	r2, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_123
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_123
+#endif
+	SUB	r0, r0, #0x40
+	MOV	r3, #0x0
+L_kyber_thumb2_ntt_loop_4_j:
+	STR	r3, [sp, #4]
+	ADD	lr, r1, r3, LSR #4
+	MOV	r2, #0x4
+	LDR	lr, [lr, #16]
+L_kyber_thumb2_ntt_loop_4_i:
+	STR	r2, [sp]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #16]
+	LDR	r4, [r0, #32]
+	LDR	r5, [r0, #48]
+	LDR	r6, [r0, #64]
+	LDR	r7, [r0, #80]
+	LDR	r8, [r0, #96]
+	LDR	r9, [r0, #112]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #16]
+	STR	r4, [r0, #32]
+	STR	r5, [r0, #48]
+	STR	r6, [r0, #64]
+	STR	r7, [r0, #80]
+	STR	r8, [r0, #96]
+	STR	r9, [r0, #112]
+	LDRD	r2, r3, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_4_i
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_4_i
+#endif
+	ADD	r3, r3, #0x40
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x70
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_4_j
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_4_j
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r3, #0x0
+L_kyber_thumb2_ntt_loop_567:
+	ADD	lr, r1, r3, LSR #3
+	STR	r3, [sp, #4]
+	LDRH	lr, [lr, #32]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #4]
+	LDR	r4, [r0, #8]
+	LDR	r5, [r0, #12]
+	LDR	r6, [r0, #16]
+	LDR	r7, [r0, #20]
+	LDR	r8, [r0, #24]
+	LDR	r9, [r0, #28]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r11, r12, r11, r6
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r6, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r6, r6, #16
+	MUL	r10, r11, r10
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r6
+	SUB	r6, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r6, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r5, r10
+	SADD16	r5, r5, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r5, r11
+	ADD	r5, r5, r11
+	SUB	r11, r5, r10, LSR #16
+	ADD	r10, r5, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #2
+	LDR	lr, [lr, #64]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #128]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r11, r12, r11, r3
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r3, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r3, r3, #16
+	MUL	r10, r11, r10
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r3
+	SUB	r3, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r3, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r5
+	SMULTT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #132]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r8, r10
+	SADD16	r8, r8, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r8, r11
+	ADD	r8, r8, r11
+	SUB	r11, r8, r10, LSR #16
+	ADD	r10, r8, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+	MOV	r12, #0xd01
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r6
+	SMULWT	r11, lr, r6
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r6, r6, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, r6, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r6, r11, LSL #16
+	SUB	r6, r6, r10
+	LSR	r11, r11, #16
+	BFI	r6, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r7
+	SMULWT	r11, lr, r7
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r7, r7, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, r7, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r7, r11, LSL #16
+	SUB	r7, r7, r10
+	LSR	r11, r11, #16
+	BFI	r7, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r8
+	SMULWT	r11, lr, r8
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r8, r8, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, r8, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r8, r11, LSL #16
+	SUB	r8, r8, r10
+	LSR	r11, r11, #16
+	BFI	r8, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r9
+	SMULWT	r11, lr, r9
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r9, r9, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, r9, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r9, r11, LSL #16
+	SUB	r9, r9, r10
+	LSR	r11, r11, #16
+	BFI	r9, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #4]
+	STR	r4, [r0, #8]
+	STR	r5, [r0, #12]
+	STR	r6, [r0, #16]
+	STR	r7, [r0, #20]
+	STR	r8, [r0, #24]
+	STR	r9, [r0, #28]
+	LDR	r3, [sp, #4]
+	ADD	r3, r3, #0x10
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x20
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_ntt_loop_567
+#else
+	BNE.N	L_kyber_thumb2_ntt_loop_567
+#endif
+	ADD	sp, sp, #0x8
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1270 */
+	.size	kyber_thumb2_ntt,.-kyber_thumb2_ntt
+	.text
+	.type	L_kyber_thumb2_invntt_zetas_inv, %object
+	.size	L_kyber_thumb2_invntt_zetas_inv, 256
+	.align	4
+L_kyber_thumb2_invntt_zetas_inv:
+	.short	0x6a5
+	.short	0x70f
+	.short	0x5b4
+	.short	0x943
+	.short	0x922
+	.short	0x91d
+	.short	0x134
+	.short	0x6c
+	.short	0xb23
+	.short	0x366
+	.short	0x356
+	.short	0x5e6
+	.short	0x9e7
+	.short	0x4fe
+	.short	0x5fa
+	.short	0x4a1
+	.short	0x67b
+	.short	0x4a3
+	.short	0xc25
+	.short	0x36a
+	.short	0x537
+	.short	0x83f
+	.short	0x88
+	.short	0x4bf
+	.short	0xb81
+	.short	0x5b9
+	.short	0x505
+	.short	0x7d7
+	.short	0xa9f
+	.short	0xaa6
+	.short	0x8b8
+	.short	0x9d0
+	.short	0x4b
+	.short	0x9c
+	.short	0xbb8
+	.short	0xb5f
+	.short	0xba4
+	.short	0x368
+	.short	0xa7d
+	.short	0x636
+	.short	0x8a2
+	.short	0x25a
+	.short	0x736
+	.short	0x309
+	.short	0x93
+	.short	0x87a
+	.short	0x9f7
+	.short	0xf6
+	.short	0x68c
+	.short	0x6db
+	.short	0x1cc
+	.short	0x123
+	.short	0xeb
+	.short	0xc50
+	.short	0xab6
+	.short	0xb5b
+	.short	0xc98
+	.short	0x6f3
+	.short	0x99a
+	.short	0x4e3
+	.short	0x9b6
+	.short	0xad6
+	.short	0xb53
+	.short	0x44f
+	.short	0x4fb
+	.short	0xa5c
+	.short	0x429
+	.short	0xb41
+	.short	0x2d5
+	.short	0x5e4
+	.short	0x940
+	.short	0x18e
+	.short	0x3b7
+	.short	0xf7
+	.short	0x58d
+	.short	0xc96
+	.short	0x9c3
+	.short	0x10f
+	.short	0x5a
+	.short	0x355
+	.short	0x744
+	.short	0xc83
+	.short	0x48a
+	.short	0x652
+	.short	0x29a
+	.short	0x140
+	.short	0x8
+	.short	0xafd
+	.short	0x608
+	.short	0x11a
+	.short	0x72e
+	.short	0x50d
+	.short	0x90a
+	.short	0x228
+	.short	0xa75
+	.short	0x83a
+	.short	0x623
+	.short	0xcd
+	.short	0xb66
+	.short	0x606
+	.short	0xaa1
+	.short	0xa25
+	.short	0x908
+	.short	0x2a9
+	.short	0x82
+	.short	0x642
+	.short	0x74f
+	.short	0x33d
+	.short	0xb82
+	.short	0xbf9
+	.short	0x52d
+	.short	0xac4
+	.short	0x745
+	.short	0x5c2
+	.short	0x4b2
+	.short	0x93f
+	.short	0xc4b
+	.short	0x6d8
+	.short	0xa93
+	.short	0xab
+	.short	0xc37
+	.short	0xbe2
+	.short	0x773
+	.short	0x72c
+	.short	0x5ed
+	.short	0x167
+	.short	0x2f6
+	.short	0x5a1
+	.text
+	.align	4
+	.globl	kyber_thumb2_invntt
+	.type	kyber_thumb2_invntt, %function
+kyber_thumb2_invntt:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x8
+	ADR	r1, L_kyber_thumb2_invntt_zetas_inv
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r3, #0x0
+L_kyber_thumb2_invntt_loop_765:
+	ADD	lr, r1, r3, LSR #1
+	STR	r3, [sp, #4]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #4]
+	LDR	r4, [r0, #8]
+	LDR	r5, [r0, #12]
+	LDR	r6, [r0, #16]
+	LDR	r7, [r0, #20]
+	LDR	r8, [r0, #24]
+	LDR	r9, [r0, #28]
+	LDR	lr, [lr]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r3
+	SADD16	r2, r2, r3
+	SMULBT	r3, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SUB	r11, r2, r3
+	ADD	r12, r2, r3
+	BFC	r3, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r3
+	ADD	r2, r2, r3
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r3, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r5
+	SADD16	r4, r4, r5
+	SMULTT	r5, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r4, r5
+	ADD	r12, r4, r5
+	BFC	r5, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r5
+	ADD	r4, r4, r5
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #4]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r7
+	SADD16	r6, r6, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r6, r7
+	ADD	r12, r6, r7
+	BFC	r7, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r7
+	ADD	r6, r6, r7
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r8, r9
+	SADD16	r8, r8, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r8, r9
+	ADD	r12, r8, r9
+	BFC	r9, #0, #16
+	BFC	r8, #0, #16
+	SUB	r10, r8, r9
+	ADD	r8, r8, r9
+	BFI	r10, r11, #0, #16
+	BFI	r8, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #2
+	LDR	lr, [lr, #128]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #3
+	LDR	lr, [lr, #192]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r6
+	SADD16	r2, r2, r6
+	SMULBT	r6, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SUB	r11, r2, r6
+	ADD	r12, r2, r6
+	BFC	r6, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r6
+	ADD	r2, r2, r6
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r6, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r7
+	SADD16	r3, r3, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r3, r7
+	ADD	r12, r3, r7
+	BFC	r7, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r7
+	ADD	r3, r3, r7
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r8
+	SADD16	r4, r4, r8
+	SMULBT	r8, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r4, r8
+	ADD	r12, r4, r8
+	BFC	r8, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r8
+	ADD	r4, r4, r8
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r5, r9
+	SADD16	r5, r5, r9
+	SMULBT	r9, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r5, r9
+	ADD	r12, r5, r9
+	BFC	r9, #0, #16
+	BFC	r5, #0, #16
+	SUB	r10, r5, r9
+	ADD	r5, r5, r9
+	BFI	r10, r11, #0, #16
+	BFI	r5, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #4]
+	STR	r4, [r0, #8]
+	STR	r5, [r0, #12]
+	STR	r6, [r0, #16]
+	STR	r7, [r0, #20]
+	STR	r8, [r0, #24]
+	STR	r9, [r0, #28]
+	LDR	r3, [sp, #4]
+	ADD	r3, r3, #0x10
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x20
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_765
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_765
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r3, #0x0
+L_kyber_thumb2_invntt_loop_4_j:
+	STR	r3, [sp, #4]
+	ADD	lr, r1, r3, LSR #4
+	MOV	r2, #0x4
+	LDR	lr, [lr, #224]
+L_kyber_thumb2_invntt_loop_4_i:
+	STR	r2, [sp]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #16]
+	LDR	r4, [r0, #32]
+	LDR	r5, [r0, #48]
+	LDR	r6, [r0, #64]
+	LDR	r7, [r0, #80]
+	LDR	r8, [r0, #96]
+	LDR	r9, [r0, #112]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #16]
+	STR	r4, [r0, #32]
+	STR	r5, [r0, #48]
+	STR	r6, [r0, #64]
+	STR	r7, [r0, #80]
+	STR	r8, [r0, #96]
+	STR	r9, [r0, #112]
+	LDRD	r2, r3, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_4_i
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_4_i
+#endif
+	ADD	r3, r3, #0x40
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x70
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_4_j
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_4_j
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r2, #0x10
+L_kyber_thumb2_invntt_loop_321:
+	STR	r2, [sp]
+	LDRH	lr, [r1, #2]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #64]
+	LDR	r4, [r0, #128]
+	LDR	r5, [r0, #192]
+	LDR	r6, [r0, #256]
+	LDR	r7, [r0, #320]
+	LDR	r8, [r0, #384]
+	LDR	r9, [r0, #448]
+	LDR	lr, [r1, #240]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r3
+	SADD16	r2, r2, r3
+	SMULBT	r3, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SUB	r11, r2, r3
+	ADD	r12, r2, r3
+	BFC	r3, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r3
+	ADD	r2, r2, r3
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r3, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r5
+	SADD16	r4, r4, r5
+	SMULTT	r5, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r4, r5
+	ADD	r12, r4, r5
+	BFC	r5, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r5
+	ADD	r4, r4, r5
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #244]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r7
+	SADD16	r6, r6, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r6, r7
+	ADD	r12, r6, r7
+	BFC	r7, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r7
+	ADD	r6, r6, r7
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r8, r9
+	SADD16	r8, r8, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r8, r9
+	ADD	r12, r8, r9
+	BFC	r9, #0, #16
+	BFC	r8, #0, #16
+	SUB	r10, r8, r9
+	ADD	r8, r8, r9
+	BFI	r10, r11, #0, #16
+	BFI	r8, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #248]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #252]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r6
+	SADD16	r2, r2, r6
+	SMULBT	r6, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SUB	r11, r2, r6
+	ADD	r12, r2, r6
+	BFC	r6, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r6
+	ADD	r2, r2, r6
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r6, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r7
+	SADD16	r3, r3, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r3, r7
+	ADD	r12, r3, r7
+	BFC	r7, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r7
+	ADD	r3, r3, r7
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r8
+	SADD16	r4, r4, r8
+	SMULBT	r8, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r4, r8
+	ADD	r12, r4, r8
+	BFC	r8, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r8
+	ADD	r4, r4, r8
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r5, r9
+	SADD16	r5, r5, r9
+	SMULBT	r9, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r5, r9
+	ADD	r12, r5, r9
+	BFC	r9, #0, #16
+	BFC	r5, #0, #16
+	SUB	r10, r5, r9
+	ADD	r5, r5, r9
+	BFI	r10, r11, #0, #16
+	BFI	r5, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #254]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r2
+	SMULBT	r2, lr, r2
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r2
+	SMLABB	r2, r12, r11, r2
+	PKHTB	r2, r2, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r2, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r2, r2, #16, #16
+	MUL	r2, r11, r2
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r2, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r2, r12, r11, r2
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r3, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r3, r3, #16, #16
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r4, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r4, r4, #16, #16
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r5, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r5, r5, #16, #16
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r6, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r6, r6, #16, #16
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r7, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r7, r7, #16, #16
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r8, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r8, r8, #16, #16
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r9, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r9, r9, #16, #16
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #64]
+	STR	r4, [r0, #128]
+	STR	r5, [r0, #192]
+	STR	r6, [r0, #256]
+	STR	r7, [r0, #320]
+	STR	r8, [r0, #384]
+	STR	r9, [r0, #448]
+	LDR	r2, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_invntt_loop_321
+#else
+	BNE.N	L_kyber_thumb2_invntt_loop_321
+#endif
+	ADD	sp, sp, #0x8
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1629 */
+	.size	kyber_thumb2_invntt,.-kyber_thumb2_invntt
+	.text
+	.type	L_kyber_thumb2_basemul_mont_zetas, %object
+	.size	L_kyber_thumb2_basemul_mont_zetas, 256
+	.align	4
+L_kyber_thumb2_basemul_mont_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	kyber_thumb2_basemul_mont
+	.type	kyber_thumb2_basemul_mont, %function
+kyber_thumb2_basemul_mont:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADR	r3, L_kyber_thumb2_basemul_mont_zetas
+	ADD	r3, r3, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r8, #0x0
+L_kyber_thumb2_basemul_mont_loop:
+	LDM	r1!, {r4, r5}
+	LDM	r2!, {r6, r7}
+	LDR	lr, [r3, r8]
+	ADD	r8, r8, #0x2
+	PUSH	{r8}
+	CMP	r8, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTT	r8, r4, r6
+	SMULTT	r10, r5, r7
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SMULBT	r8, lr, r8
+	SMULBT	r10, r11, r10
+	SMLABB	r8, r4, r6, r8
+	SMLABB	r10, r5, r7, r10
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	SMULBT	r9, r4, r6
+	SMULBT	r11, r5, r7
+	SMLATB	r9, r4, r6, r9
+	SMLATB	r11, r5, r7, r11
+	SMULTB	r6, r12, r9
+	SMULTB	r7, r12, r11
+	SMLABB	r9, r12, r6, r9
+	SMLABB	r11, r12, r7, r11
+	PKHTB	r4, r9, r8, ASR #16
+	PKHTB	r5, r11, r10, ASR #16
+#else
+	ASR	r8, r4, #16
+	ASR	r10, r5, #16
+	ASR	r9, r6, #16
+	ASR	r11, r7, #16
+	MUL	r8, r8, r9
+	MUL	r10, r10, r11
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r8
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SBFX	r9, lr, #0, #16
+	SBFX	r11, r11, #0, #16
+	ASR	r8, r8, #16
+	ASR	r10, r10, #16
+	MUL	r8, r9, r8
+	MUL	r10, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r8, r9, r12, r8
+	SBFX	r12, r7, #0, #16
+	MLA	r10, r11, r12, r10
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r9
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	ASR	r12, r6, #16
+	MUL	r9, r9, r12
+	ASR	r12, r7, #16
+	MUL	r11, r11, r12
+	ASR	r4, r4, #16
+	ASR	r5, r5, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r9, r4, r12, r9
+	SBFX	r12, r7, #0, #16
+	MLA	r11, r5, r12, r11
+	MOV	r12, #0xcff
+	SBFX	r6, r9, #0, #16
+	SBFX	r7, r11, #0, #16
+	MUL	r6, r12, r6
+	MUL	r7, r12, r7
+	MOV	r12, #0xd01
+	SBFX	r4, r6, #0, #16
+	SBFX	r5, r7, #0, #16
+	MLA	r9, r12, r4, r9
+	MLA	r11, r12, r5, r11
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ORR	r4, r9, r8, LSR #16
+	ORR	r5, r11, r10, LSR #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r4, r5}
+	POP	{r8}
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_basemul_mont_loop
+#else
+	BNE.N	L_kyber_thumb2_basemul_mont_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 146 */
+	.size	kyber_thumb2_basemul_mont,.-kyber_thumb2_basemul_mont
+	.text
+	.align	4
+	.globl	kyber_thumb2_basemul_mont_add
+	.type	kyber_thumb2_basemul_mont_add, %function
+kyber_thumb2_basemul_mont_add:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADR	r3, L_kyber_thumb2_basemul_mont_zetas
+	ADD	r3, r3, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r8, #0x0
+L_kyber_thumb2_basemul_mont_add_loop:
+	LDM	r1!, {r4, r5}
+	LDM	r2!, {r6, r7}
+	LDR	lr, [r3, r8]
+	ADD	r8, r8, #0x2
+	PUSH	{r8}
+	CMP	r8, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTT	r8, r4, r6
+	SMULTT	r10, r5, r7
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SMULBT	r8, lr, r8
+	SMULBT	r10, r11, r10
+	SMLABB	r8, r4, r6, r8
+	SMLABB	r10, r5, r7, r10
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	SMULBT	r9, r4, r6
+	SMULBT	r11, r5, r7
+	SMLATB	r9, r4, r6, r9
+	SMLATB	r11, r5, r7, r11
+	SMULTB	r6, r12, r9
+	SMULTB	r7, r12, r11
+	SMLABB	r9, r12, r6, r9
+	SMLABB	r11, r12, r7, r11
+	LDM	r0, {r4, r5}
+	PKHTB	r9, r9, r8, ASR #16
+	PKHTB	r11, r11, r10, ASR #16
+	SADD16	r4, r4, r9
+	SADD16	r5, r5, r11
+#else
+	ASR	r8, r4, #16
+	ASR	r10, r5, #16
+	ASR	r9, r6, #16
+	ASR	r11, r7, #16
+	MUL	r8, r8, r9
+	MUL	r10, r10, r11
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r8
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SBFX	r9, lr, #0, #16
+	SBFX	r11, r11, #0, #16
+	ASR	r8, r8, #16
+	ASR	r10, r10, #16
+	MUL	r8, r9, r8
+	MUL	r10, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r8, r9, r12, r8
+	SBFX	r12, r7, #0, #16
+	MLA	r10, r11, r12, r10
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r9
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	ASR	r12, r6, #16
+	MUL	r9, r9, r12
+	ASR	r12, r7, #16
+	MUL	r11, r11, r12
+	ASR	r4, r4, #16
+	ASR	r5, r5, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r9, r4, r12, r9
+	SBFX	r12, r7, #0, #16
+	MLA	r11, r5, r12, r11
+	MOV	r12, #0xcff
+	SBFX	r6, r9, #0, #16
+	SBFX	r7, r11, #0, #16
+	MUL	r6, r12, r6
+	MUL	r7, r12, r7
+	MOV	r12, #0xd01
+	SBFX	r4, r6, #0, #16
+	SBFX	r5, r7, #0, #16
+	MLA	r9, r12, r4, r9
+	MLA	r11, r12, r5, r11
+	LDM	r0, {r4, r5}
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ORR	r9, r9, r8, LSR #16
+	ORR	r11, r11, r10, LSR #16
+	ADD	r8, r4, r9
+	ADD	r10, r5, r11
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ADD	r4, r4, r9
+	ADD	r5, r5, r11
+	BFI	r4, r8, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r4, r5}
+	POP	{r8}
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_basemul_mont_add_loop
+#else
+	BNE.N	L_kyber_thumb2_basemul_mont_add_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 162 */
+	.size	kyber_thumb2_basemul_mont_add,.-kyber_thumb2_basemul_mont_add
+	.text
+	.align	4
+	.globl	kyber_thumb2_csubq
+	.type	kyber_thumb2_csubq, %function
+kyber_thumb2_csubq:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	MOV	r11, #0xd01
+	MOV	r12, #0xd01
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOVT	r12, #0xd01
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	lr, #0x8000
+	MOVT	lr, #0x8000
+	MOV	r1, #0x100
+L_kyber_thumb2_csubq_loop:
+	LDM	r0, {r2, r3, r4, r5}
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r2, r2, r12
+	SSUB16	r3, r3, r12
+	SSUB16	r4, r4, r12
+	SSUB16	r5, r5, r12
+	AND	r6, r2, lr
+	AND	r7, r3, lr
+	AND	r8, r4, lr
+	AND	r9, r5, lr
+	LSR	r6, r6, #15
+	LSR	r7, r7, #15
+	LSR	r8, r8, #15
+	LSR	r9, r9, #15
+	MUL	r6, r6, r11
+	MUL	r7, r7, r11
+	MUL	r8, r8, r11
+	MUL	r9, r9, r11
+	SADD16	r2, r2, r6
+	SADD16	r3, r3, r7
+	SADD16	r4, r4, r8
+	SADD16	r5, r5, r9
+#else
+	SUB	r6, r2, r12
+	SUB	r2, r2, r12, LSL #16
+	BFI	r2, r6, #0, #16
+	SUB	r7, r3, r12
+	SUB	r3, r3, r12, LSL #16
+	BFI	r3, r7, #0, #16
+	SUB	r8, r4, r12
+	SUB	r4, r4, r12, LSL #16
+	BFI	r4, r8, #0, #16
+	SUB	r9, r5, r12
+	SUB	r5, r5, r12, LSL #16
+	BFI	r5, r9, #0, #16
+	AND	r6, r2, lr
+	AND	r7, r3, lr
+	AND	r8, r4, lr
+	AND	r9, r5, lr
+	LSR	r6, r6, #15
+	LSR	r7, r7, #15
+	LSR	r8, r8, #15
+	LSR	r9, r9, #15
+	MUL	r6, r6, r11
+	MUL	r7, r7, r11
+	MUL	r8, r8, r11
+	MUL	r9, r9, r11
+	ADD	r10, r2, r6
+	BFC	r6, #0, #16
+	ADD	r2, r2, r6
+	BFI	r2, r10, #0, #16
+	ADD	r10, r3, r7
+	BFC	r7, #0, #16
+	ADD	r3, r3, r7
+	BFI	r3, r10, #0, #16
+	ADD	r10, r4, r8
+	BFC	r8, #0, #16
+	ADD	r4, r4, r8
+	BFI	r4, r10, #0, #16
+	ADD	r10, r5, r9
+	BFC	r9, #0, #16
+	ADD	r5, r5, r9
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r2, r3, r4, r5}
+	SUBS	r1, r1, #0x8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_csubq_loop
+#else
+	BNE.N	L_kyber_thumb2_csubq_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 101 */
+	.size	kyber_thumb2_csubq,.-kyber_thumb2_csubq
+	.text
+	.align	4
+	.globl	kyber_thumb2_rej_uniform
+	.type	kyber_thumb2_rej_uniform, %function
+kyber_thumb2_rej_uniform:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, lr}
+	MOV	r8, #0xd01
+	MOV	r9, #0x0
+L_kyber_thumb2_rej_uniform_loop_no_fail:
+	CMP	r1, #0x8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_kyber_thumb2_rej_uniform_done_no_fail
+#else
+	BLT.N	L_kyber_thumb2_rej_uniform_done_no_fail
+#endif
+	LDM	r2!, {r4, r5, r6}
+	UBFX	r7, r4, #0, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r4, #12, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r4, #24, #8
+	BFI	r7, r5, #8, #4
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #4, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #16, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #28, #4
+	BFI	r7, r6, #4, #8
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r6, #8, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r6, #20, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	SUBS	r3, r3, #0xc
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_kyber_thumb2_rej_uniform_loop_no_fail
+#else
+	BNE.N	L_kyber_thumb2_rej_uniform_loop_no_fail
+#endif
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_kyber_thumb2_rej_uniform_done
+#else
+	B.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_done_no_fail:
+	CMP	r1, #0x0
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_loop:
+	LDM	r2!, {r4, r5, r6}
+	UBFX	r7, r4, #0, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_0
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_0
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_0:
+	UBFX	r7, r4, #12, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_1
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_1
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_1:
+	UBFX	r7, r4, #24, #8
+	BFI	r7, r5, #8, #4
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_2
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_2
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_2:
+	UBFX	r7, r5, #4, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_3
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_3
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_3:
+	UBFX	r7, r5, #16, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_4
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_4
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_4:
+	UBFX	r7, r5, #28, #4
+	BFI	r7, r6, #4, #8
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_5
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_5
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_5:
+	UBFX	r7, r6, #8, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_6
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_6
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_6:
+	UBFX	r7, r6, #20, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_kyber_thumb2_rej_uniform_fail_7
+#else
+	BGE.N	L_kyber_thumb2_rej_uniform_fail_7
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_kyber_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_kyber_thumb2_rej_uniform_done
+#endif
+L_kyber_thumb2_rej_uniform_fail_7:
+	SUBS	r3, r3, #0xc
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_kyber_thumb2_rej_uniform_loop
+#else
+	BGT.N	L_kyber_thumb2_rej_uniform_loop
+#endif
+L_kyber_thumb2_rej_uniform_done:
+	LSR	r0, r9, #1
+	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
+	/* Cycle Count = 225 */
+	.size	kyber_thumb2_rej_uniform,.-kyber_thumb2_rej_uniform
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c
new file mode 100644
index 000000000..9c4621110
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c
@@ -0,0 +1,3851 @@
+/* thumb2-kyber-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+
+#ifdef WOLFSSL_WC_KYBER
+XALIGNED(16) static const word16 L_kyber_thumb2_ntt_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_ntt(sword16* r_p)
+#else
+void kyber_thumb2_ntt(sword16* r)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register word16* L_kyber_thumb2_ntt_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_ntt_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x8\n\t"
+        "MOV	r1, %[L_kyber_thumb2_ntt_zetas]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r2, #0x10\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_123:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_123_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDRH	lr, [r1, #2]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #64]\n\t"
+        "LDR	r4, [%[r], #128]\n\t"
+        "LDR	r5, [%[r], #192]\n\t"
+        "LDR	r6, [%[r], #256]\n\t"
+        "LDR	r7, [%[r], #320]\n\t"
+        "LDR	r8, [%[r], #384]\n\t"
+        "LDR	r9, [%[r], #448]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r11, r12, r11, r6\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r6, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r6, r6, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r6\n\t"
+        "SUB	r6, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r6, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r5, r10\n\t"
+        "SADD16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r5, r11\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "SUB	r11, r5, r10, LSR #16\n\t"
+        "ADD	r10, r5, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #4]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #8]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r11, r12, r11, r3\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r3, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r3, r3, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r3\n\t"
+        "SUB	r3, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r3, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r5\n\t"
+        "SMULTT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #12]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r8, r10\n\t"
+        "SADD16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r8, r11\n\t"
+        "ADD	r8, r8, r11\n\t"
+        "SUB	r11, r8, r10, LSR #16\n\t"
+        "ADD	r10, r8, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #64]\n\t"
+        "STR	r4, [%[r], #128]\n\t"
+        "STR	r5, [%[r], #192]\n\t"
+        "STR	r6, [%[r], #256]\n\t"
+        "STR	r7, [%[r], #320]\n\t"
+        "STR	r8, [%[r], #384]\n\t"
+        "STR	r9, [%[r], #448]\n\t"
+        "LDR	r2, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_123_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_123\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_123_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x40\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_4_j:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_4_j_%=:\n\t"
+#endif
+        "STR	r3, [sp, #4]\n\t"
+        "ADD	lr, r1, r3, LSR #4\n\t"
+        "MOV	r2, #0x4\n\t"
+        "LDR	lr, [lr, #16]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_4_i:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_4_i_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #16]\n\t"
+        "LDR	r4, [%[r], #32]\n\t"
+        "LDR	r5, [%[r], #48]\n\t"
+        "LDR	r6, [%[r], #64]\n\t"
+        "LDR	r7, [%[r], #80]\n\t"
+        "LDR	r8, [%[r], #96]\n\t"
+        "LDR	r9, [%[r], #112]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #16]\n\t"
+        "STR	r4, [%[r], #32]\n\t"
+        "STR	r5, [%[r], #48]\n\t"
+        "STR	r6, [%[r], #64]\n\t"
+        "STR	r7, [%[r], #80]\n\t"
+        "STR	r8, [%[r], #96]\n\t"
+        "STR	r9, [%[r], #112]\n\t"
+        "LDRD	r2, r3, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_4_i_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_i\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_i_%=\n\t"
+#endif
+        "ADD	r3, r3, #0x40\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x70\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_4_j_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_j\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_4_j_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_ntt_loop_567:\n\t"
+#else
+    "L_kyber_thumb2_ntt_loop_567_%=:\n\t"
+#endif
+        "ADD	lr, r1, r3, LSR #3\n\t"
+        "STR	r3, [sp, #4]\n\t"
+        "LDRH	lr, [lr, #32]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #4]\n\t"
+        "LDR	r4, [%[r], #8]\n\t"
+        "LDR	r5, [%[r], #12]\n\t"
+        "LDR	r6, [%[r], #16]\n\t"
+        "LDR	r7, [%[r], #20]\n\t"
+        "LDR	r8, [%[r], #24]\n\t"
+        "LDR	r9, [%[r], #28]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r11, r12, r11, r6\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r6, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r6, r6, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r6\n\t"
+        "SUB	r6, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r6, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r5, r10\n\t"
+        "SADD16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r5, r11\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "SUB	r11, r5, r10, LSR #16\n\t"
+        "ADD	r10, r5, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #2\n\t"
+        "LDR	lr, [lr, #64]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #128]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r11, r12, r11, r3\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r3, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r3, r3, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r3\n\t"
+        "SUB	r3, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r3, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r5\n\t"
+        "SMULTT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #132]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r8, r10\n\t"
+        "SADD16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r8, r11\n\t"
+        "ADD	r8, r8, r11\n\t"
+        "SUB	r11, r8, r10, LSR #16\n\t"
+        "ADD	r10, r8, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+        "MOV	r12, #0xd01\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r6\n\t"
+        "SMULWT	r11, lr, r6\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, r6, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r6, r11, LSL #16\n\t"
+        "SUB	r6, r6, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r6, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r7\n\t"
+        "SMULWT	r11, lr, r7\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, r7, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r7, r11, LSL #16\n\t"
+        "SUB	r7, r7, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r7, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r8\n\t"
+        "SMULWT	r11, lr, r8\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, r8, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r8, r11, LSL #16\n\t"
+        "SUB	r8, r8, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r8, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r9\n\t"
+        "SMULWT	r11, lr, r9\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r9, r9, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, r9, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r9, r11, LSL #16\n\t"
+        "SUB	r9, r9, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r9, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #4]\n\t"
+        "STR	r4, [%[r], #8]\n\t"
+        "STR	r5, [%[r], #12]\n\t"
+        "STR	r6, [%[r], #16]\n\t"
+        "STR	r7, [%[r], #20]\n\t"
+        "STR	r8, [%[r], #24]\n\t"
+        "STR	r9, [%[r], #28]\n\t"
+        "LDR	r3, [sp, #4]\n\t"
+        "ADD	r3, r3, #0x10\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x20\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_ntt_loop_567_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_ntt_loop_567\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_ntt_loop_567_%=\n\t"
+#endif
+        "ADD	sp, sp, #0x8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r),
+          [L_kyber_thumb2_ntt_zetas] "+r" (L_kyber_thumb2_ntt_zetas_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r)
+        : [L_kyber_thumb2_ntt_zetas] "r" (L_kyber_thumb2_ntt_zetas)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+XALIGNED(16) static const word16 L_kyber_thumb2_invntt_zetas_inv[] = {
+    0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c,
+    0x0b23, 0x0366, 0x0356, 0x05e6, 0x09e7, 0x04fe, 0x05fa, 0x04a1,
+    0x067b, 0x04a3, 0x0c25, 0x036a, 0x0537, 0x083f, 0x0088, 0x04bf,
+    0x0b81, 0x05b9, 0x0505, 0x07d7, 0x0a9f, 0x0aa6, 0x08b8, 0x09d0,
+    0x004b, 0x009c, 0x0bb8, 0x0b5f, 0x0ba4, 0x0368, 0x0a7d, 0x0636,
+    0x08a2, 0x025a, 0x0736, 0x0309, 0x0093, 0x087a, 0x09f7, 0x00f6,
+    0x068c, 0x06db, 0x01cc, 0x0123, 0x00eb, 0x0c50, 0x0ab6, 0x0b5b,
+    0x0c98, 0x06f3, 0x099a, 0x04e3, 0x09b6, 0x0ad6, 0x0b53, 0x044f,
+    0x04fb, 0x0a5c, 0x0429, 0x0b41, 0x02d5, 0x05e4, 0x0940, 0x018e,
+    0x03b7, 0x00f7, 0x058d, 0x0c96, 0x09c3, 0x010f, 0x005a, 0x0355,
+    0x0744, 0x0c83, 0x048a, 0x0652, 0x029a, 0x0140, 0x0008, 0x0afd,
+    0x0608, 0x011a, 0x072e, 0x050d, 0x090a, 0x0228, 0x0a75, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_invntt(sword16* r_p)
+#else
+void kyber_thumb2_invntt(sword16* r)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register word16* L_kyber_thumb2_invntt_zetas_inv_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_invntt_zetas_inv;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x8\n\t"
+        "MOV	r1, %[L_kyber_thumb2_invntt_zetas_inv]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_765:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_765_%=:\n\t"
+#endif
+        "ADD	lr, r1, r3, LSR #1\n\t"
+        "STR	r3, [sp, #4]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #4]\n\t"
+        "LDR	r4, [%[r], #8]\n\t"
+        "LDR	r5, [%[r], #12]\n\t"
+        "LDR	r6, [%[r], #16]\n\t"
+        "LDR	r7, [%[r], #20]\n\t"
+        "LDR	r8, [%[r], #24]\n\t"
+        "LDR	r9, [%[r], #28]\n\t"
+        "LDR	lr, [lr]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r3\n\t"
+        "SADD16	r2, r2, r3\n\t"
+        "SMULBT	r3, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r3\n\t"
+        "ADD	r12, r2, r3\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r3\n\t"
+        "ADD	r2, r2, r3\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r3, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r5\n\t"
+        "SADD16	r4, r4, r5\n\t"
+        "SMULTT	r5, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r5\n\t"
+        "ADD	r12, r4, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r5\n\t"
+        "ADD	r4, r4, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #4]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r7\n\t"
+        "SADD16	r6, r6, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r7\n\t"
+        "ADD	r12, r6, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r7\n\t"
+        "ADD	r6, r6, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r8, r9\n\t"
+        "SADD16	r8, r8, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r8, r9\n\t"
+        "ADD	r12, r8, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "SUB	r10, r8, r9\n\t"
+        "ADD	r8, r8, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r8, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #2\n\t"
+        "LDR	lr, [lr, #128]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #3\n\t"
+        "LDR	lr, [lr, #192]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r6\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SMULBT	r6, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r6\n\t"
+        "ADD	r12, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r6\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r6, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r7\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r7\n\t"
+        "ADD	r12, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r7\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r8\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SMULBT	r8, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r8\n\t"
+        "ADD	r12, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r8\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r5, r9\n\t"
+        "SADD16	r5, r5, r9\n\t"
+        "SMULBT	r9, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r5, r9\n\t"
+        "ADD	r12, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "SUB	r10, r5, r9\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r5, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #4]\n\t"
+        "STR	r4, [%[r], #8]\n\t"
+        "STR	r5, [%[r], #12]\n\t"
+        "STR	r6, [%[r], #16]\n\t"
+        "STR	r7, [%[r], #20]\n\t"
+        "STR	r8, [%[r], #24]\n\t"
+        "STR	r9, [%[r], #28]\n\t"
+        "LDR	r3, [sp, #4]\n\t"
+        "ADD	r3, r3, #0x10\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x20\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_765_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_765\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_765_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_4_j:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_4_j_%=:\n\t"
+#endif
+        "STR	r3, [sp, #4]\n\t"
+        "ADD	lr, r1, r3, LSR #4\n\t"
+        "MOV	r2, #0x4\n\t"
+        "LDR	lr, [lr, #224]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_4_i:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_4_i_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #16]\n\t"
+        "LDR	r4, [%[r], #32]\n\t"
+        "LDR	r5, [%[r], #48]\n\t"
+        "LDR	r6, [%[r], #64]\n\t"
+        "LDR	r7, [%[r], #80]\n\t"
+        "LDR	r8, [%[r], #96]\n\t"
+        "LDR	r9, [%[r], #112]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #16]\n\t"
+        "STR	r4, [%[r], #32]\n\t"
+        "STR	r5, [%[r], #48]\n\t"
+        "STR	r6, [%[r], #64]\n\t"
+        "STR	r7, [%[r], #80]\n\t"
+        "STR	r8, [%[r], #96]\n\t"
+        "STR	r9, [%[r], #112]\n\t"
+        "LDRD	r2, r3, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_4_i_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_i\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_i_%=\n\t"
+#endif
+        "ADD	r3, r3, #0x40\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x70\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_4_j_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_j\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_4_j_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r2, #0x10\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_invntt_loop_321:\n\t"
+#else
+    "L_kyber_thumb2_invntt_loop_321_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDRH	lr, [r1, #2]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #64]\n\t"
+        "LDR	r4, [%[r], #128]\n\t"
+        "LDR	r5, [%[r], #192]\n\t"
+        "LDR	r6, [%[r], #256]\n\t"
+        "LDR	r7, [%[r], #320]\n\t"
+        "LDR	r8, [%[r], #384]\n\t"
+        "LDR	r9, [%[r], #448]\n\t"
+        "LDR	lr, [r1, #240]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r3\n\t"
+        "SADD16	r2, r2, r3\n\t"
+        "SMULBT	r3, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r3\n\t"
+        "ADD	r12, r2, r3\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r3\n\t"
+        "ADD	r2, r2, r3\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r3, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r5\n\t"
+        "SADD16	r4, r4, r5\n\t"
+        "SMULTT	r5, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r5\n\t"
+        "ADD	r12, r4, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r5\n\t"
+        "ADD	r4, r4, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #244]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r7\n\t"
+        "SADD16	r6, r6, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r7\n\t"
+        "ADD	r12, r6, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r7\n\t"
+        "ADD	r6, r6, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r8, r9\n\t"
+        "SADD16	r8, r8, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r8, r9\n\t"
+        "ADD	r12, r8, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "SUB	r10, r8, r9\n\t"
+        "ADD	r8, r8, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r8, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #248]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #252]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r6\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SMULBT	r6, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r6\n\t"
+        "ADD	r12, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r6\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r6, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r7\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r7\n\t"
+        "ADD	r12, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r7\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r8\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SMULBT	r8, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r8\n\t"
+        "ADD	r12, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r8\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r5, r9\n\t"
+        "SADD16	r5, r5, r9\n\t"
+        "SMULBT	r9, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r5, r9\n\t"
+        "ADD	r12, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "SUB	r10, r5, r9\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r5, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #254]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r2\n\t"
+        "SMULBT	r2, lr, r2\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r2\n\t"
+        "SMLABB	r2, r12, r11, r2\n\t"
+        "PKHTB	r2, r2, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r2, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r2, r2, #16, #16\n\t"
+        "MUL	r2, r11, r2\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r2, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r2, r12, r11, r2\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r3, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r3, r3, #16, #16\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r4, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r4, r4, #16, #16\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r5, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r5, r5, #16, #16\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r6, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r6, r6, #16, #16\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r7, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r7, r7, #16, #16\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r8, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r8, r8, #16, #16\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r9, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r9, #16, #16\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #64]\n\t"
+        "STR	r4, [%[r], #128]\n\t"
+        "STR	r5, [%[r], #192]\n\t"
+        "STR	r6, [%[r], #256]\n\t"
+        "STR	r7, [%[r], #320]\n\t"
+        "STR	r8, [%[r], #384]\n\t"
+        "STR	r9, [%[r], #448]\n\t"
+        "LDR	r2, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_invntt_loop_321_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_invntt_loop_321\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_invntt_loop_321_%=\n\t"
+#endif
+        "ADD	sp, sp, #0x8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r),
+          [L_kyber_thumb2_invntt_zetas_inv] "+r" (L_kyber_thumb2_invntt_zetas_inv_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r)
+        : [L_kyber_thumb2_invntt_zetas_inv] "r" (L_kyber_thumb2_invntt_zetas_inv)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+XALIGNED(16) static const word16 L_kyber_thumb2_basemul_mont_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_basemul_mont(sword16* r_p, const sword16* a_p, const sword16* b_p)
+#else
+void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register const sword16* a __asm__ ("r1") = (const sword16*)a_p;
+    register const sword16* b __asm__ ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t"
+        "ADD	r3, r3, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r8, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_basemul_mont_loop:\n\t"
+#else
+    "L_kyber_thumb2_basemul_mont_loop_%=:\n\t"
+#endif
+        "LDM	%[a]!, {r4, r5}\n\t"
+        "LDM	%[b]!, {r6, r7}\n\t"
+        "LDR	lr, [r3, r8]\n\t"
+        "ADD	r8, r8, #0x2\n\t"
+        "PUSH	{r8}\n\t"
+        "CMP	r8, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTT	r8, r4, r6\n\t"
+        "SMULTT	r10, r5, r7\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULBT	r10, r11, r10\n\t"
+        "SMLABB	r8, r4, r6, r8\n\t"
+        "SMLABB	r10, r5, r7, r10\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULBT	r9, r4, r6\n\t"
+        "SMULBT	r11, r5, r7\n\t"
+        "SMLATB	r9, r4, r6, r9\n\t"
+        "SMLATB	r11, r5, r7, r11\n\t"
+        "SMULTB	r6, r12, r9\n\t"
+        "SMULTB	r7, r12, r11\n\t"
+        "SMLABB	r9, r12, r6, r9\n\t"
+        "SMLABB	r11, r12, r7, r11\n\t"
+        "PKHTB	r4, r9, r8, ASR #16\n\t"
+        "PKHTB	r5, r11, r10, ASR #16\n\t"
+#else
+        "ASR	r8, r4, #16\n\t"
+        "ASR	r10, r5, #16\n\t"
+        "ASR	r9, r6, #16\n\t"
+        "ASR	r11, r7, #16\n\t"
+        "MUL	r8, r8, r9\n\t"
+        "MUL	r10, r10, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r8\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SBFX	r9, lr, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "ASR	r10, r10, #16\n\t"
+        "MUL	r8, r9, r8\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r8, r9, r12, r8\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r10, r11, r12, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r9\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "ASR	r12, r6, #16\n\t"
+        "MUL	r9, r9, r12\n\t"
+        "ASR	r12, r7, #16\n\t"
+        "MUL	r11, r11, r12\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r9, r4, r12, r9\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r11, r5, r12, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r6, r9, #0, #16\n\t"
+        "SBFX	r7, r11, #0, #16\n\t"
+        "MUL	r6, r12, r6\n\t"
+        "MUL	r7, r12, r7\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r4, r6, #0, #16\n\t"
+        "SBFX	r5, r7, #0, #16\n\t"
+        "MLA	r9, r12, r4, r9\n\t"
+        "MLA	r11, r12, r5, r11\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ORR	r4, r9, r8, LSR #16\n\t"
+        "ORR	r5, r11, r10, LSR #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[r]!, {r4, r5}\n\t"
+        "POP	{r8}\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_basemul_mont_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_basemul_mont_loop\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_basemul_mont_loop_%=\n\t"
+#endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_basemul_mont_add(sword16* r_p, const sword16* a_p, const sword16* b_p)
+#else
+void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, const sword16* b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register const sword16* a __asm__ ("r1") = (const sword16*)a_p;
+    register const sword16* b __asm__ ("r2") = (const sword16*)b_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t"
+        "ADD	r3, r3, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r8, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_basemul_mont_add_loop:\n\t"
+#else
+    "L_kyber_thumb2_basemul_mont_add_loop_%=:\n\t"
+#endif
+        "LDM	%[a]!, {r4, r5}\n\t"
+        "LDM	%[b]!, {r6, r7}\n\t"
+        "LDR	lr, [r3, r8]\n\t"
+        "ADD	r8, r8, #0x2\n\t"
+        "PUSH	{r8}\n\t"
+        "CMP	r8, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTT	r8, r4, r6\n\t"
+        "SMULTT	r10, r5, r7\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULBT	r10, r11, r10\n\t"
+        "SMLABB	r8, r4, r6, r8\n\t"
+        "SMLABB	r10, r5, r7, r10\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULBT	r9, r4, r6\n\t"
+        "SMULBT	r11, r5, r7\n\t"
+        "SMLATB	r9, r4, r6, r9\n\t"
+        "SMLATB	r11, r5, r7, r11\n\t"
+        "SMULTB	r6, r12, r9\n\t"
+        "SMULTB	r7, r12, r11\n\t"
+        "SMLABB	r9, r12, r6, r9\n\t"
+        "SMLABB	r11, r12, r7, r11\n\t"
+        "LDM	%[r], {r4, r5}\n\t"
+        "PKHTB	r9, r9, r8, ASR #16\n\t"
+        "PKHTB	r11, r11, r10, ASR #16\n\t"
+        "SADD16	r4, r4, r9\n\t"
+        "SADD16	r5, r5, r11\n\t"
+#else
+        "ASR	r8, r4, #16\n\t"
+        "ASR	r10, r5, #16\n\t"
+        "ASR	r9, r6, #16\n\t"
+        "ASR	r11, r7, #16\n\t"
+        "MUL	r8, r8, r9\n\t"
+        "MUL	r10, r10, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r8\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SBFX	r9, lr, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "ASR	r10, r10, #16\n\t"
+        "MUL	r8, r9, r8\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r8, r9, r12, r8\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r10, r11, r12, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r9\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "ASR	r12, r6, #16\n\t"
+        "MUL	r9, r9, r12\n\t"
+        "ASR	r12, r7, #16\n\t"
+        "MUL	r11, r11, r12\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r9, r4, r12, r9\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r11, r5, r12, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r6, r9, #0, #16\n\t"
+        "SBFX	r7, r11, #0, #16\n\t"
+        "MUL	r6, r12, r6\n\t"
+        "MUL	r7, r12, r7\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r4, r6, #0, #16\n\t"
+        "SBFX	r5, r7, #0, #16\n\t"
+        "MLA	r9, r12, r4, r9\n\t"
+        "MLA	r11, r12, r5, r11\n\t"
+        "LDM	%[r], {r4, r5}\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ORR	r9, r9, r8, LSR #16\n\t"
+        "ORR	r11, r11, r10, LSR #16\n\t"
+        "ADD	r8, r4, r9\n\t"
+        "ADD	r10, r5, r11\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ADD	r4, r4, r9\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "BFI	r4, r8, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[r]!, {r4, r5}\n\t"
+        "POP	{r8}\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_basemul_mont_add_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_basemul_mont_add_loop\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_basemul_mont_add_loop_%=\n\t"
+#endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void kyber_thumb2_csubq(sword16* p_p)
+#else
+void kyber_thumb2_csubq(sword16* p)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p __asm__ ("r0") = (sword16*)p_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r11, #0xd01\n\t"
+        "MOV	r12, #0xd01\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOVT	r12, #0xd01\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	lr, #0x8000\n\t"
+        "MOVT	lr, #0x8000\n\t"
+        "MOV	r1, #0x100\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_csubq_loop:\n\t"
+#else
+    "L_kyber_thumb2_csubq_loop_%=:\n\t"
+#endif
+        "LDM	%[p], {r2, r3, r4, r5}\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r2, r2, r12\n\t"
+        "SSUB16	r3, r3, r12\n\t"
+        "SSUB16	r4, r4, r12\n\t"
+        "SSUB16	r5, r5, r12\n\t"
+        "AND	r6, r2, lr\n\t"
+        "AND	r7, r3, lr\n\t"
+        "AND	r8, r4, lr\n\t"
+        "AND	r9, r5, lr\n\t"
+        "LSR	r6, r6, #15\n\t"
+        "LSR	r7, r7, #15\n\t"
+        "LSR	r8, r8, #15\n\t"
+        "LSR	r9, r9, #15\n\t"
+        "MUL	r6, r6, r11\n\t"
+        "MUL	r7, r7, r11\n\t"
+        "MUL	r8, r8, r11\n\t"
+        "MUL	r9, r9, r11\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SADD16	r5, r5, r9\n\t"
+#else
+        "SUB	r6, r2, r12\n\t"
+        "SUB	r2, r2, r12, LSL #16\n\t"
+        "BFI	r2, r6, #0, #16\n\t"
+        "SUB	r7, r3, r12\n\t"
+        "SUB	r3, r3, r12, LSL #16\n\t"
+        "BFI	r3, r7, #0, #16\n\t"
+        "SUB	r8, r4, r12\n\t"
+        "SUB	r4, r4, r12, LSL #16\n\t"
+        "BFI	r4, r8, #0, #16\n\t"
+        "SUB	r9, r5, r12\n\t"
+        "SUB	r5, r5, r12, LSL #16\n\t"
+        "BFI	r5, r9, #0, #16\n\t"
+        "AND	r6, r2, lr\n\t"
+        "AND	r7, r3, lr\n\t"
+        "AND	r8, r4, lr\n\t"
+        "AND	r9, r5, lr\n\t"
+        "LSR	r6, r6, #15\n\t"
+        "LSR	r7, r7, #15\n\t"
+        "LSR	r8, r8, #15\n\t"
+        "LSR	r9, r9, #15\n\t"
+        "MUL	r6, r6, r11\n\t"
+        "MUL	r7, r7, r11\n\t"
+        "MUL	r8, r8, r11\n\t"
+        "MUL	r9, r9, r11\n\t"
+        "ADD	r10, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+        "ADD	r10, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+        "ADD	r10, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+        "ADD	r10, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[p]!, {r2, r3, r4, r5}\n\t"
+        "SUBS	r1, r1, #0x8\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_csubq_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_csubq_loop\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_csubq_loop_%=\n\t"
+#endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [p] "+r" (p),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [p] "+r" (p)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+unsigned int kyber_thumb2_rej_uniform(sword16* p_p, unsigned int len_p, const byte* r_p, unsigned int rLen_p)
+#else
+unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* r, unsigned int rLen)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p __asm__ ("r0") = (sword16*)p_p;
+    register unsigned int len __asm__ ("r1") = (unsigned int)len_p;
+    register const byte* r __asm__ ("r2") = (const byte*)r_p;
+    register unsigned int rLen __asm__ ("r3") = (unsigned int)rLen_p;
+    register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r4") = (word16*)&L_kyber_thumb2_basemul_mont_zetas;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r8, #0xd01\n\t"
+        "MOV	r9, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_loop_no_fail:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_loop_no_fail_%=:\n\t"
+#endif
+        "CMP	%[len], #0x8\n\t"
+#if defined(__GNUC__)
+        "BLT	L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_kyber_thumb2_rej_uniform_done_no_fail\n\t"
+#else
+        "BLT.N	L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t"
+#endif
+        "LDM	%[r]!, {r4, r5, r6}\n\t"
+        "UBFX	r7, r4, #0, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r4, #12, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r4, #24, #8\n\t"
+        "BFI	r7, r5, #8, #4\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #4, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #16, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #28, #4\n\t"
+        "BFI	r7, r6, #4, #8\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r6, #8, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r6, #20, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "SUBS	%[rLen], %[rLen], #0xc\n\t"
+#if defined(__GNUC__)
+        "BNE	L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_kyber_thumb2_rej_uniform_loop_no_fail\n\t"
+#else
+        "BNE.N	L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "B.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_done_no_fail:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_done_no_fail_%=:\n\t"
+#endif
+        "CMP	%[len], #0x0\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_loop:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_loop_%=:\n\t"
+#endif
+        "LDM	%[r]!, {r4, r5, r6}\n\t"
+        "UBFX	r7, r4, #0, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_0_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_0\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_0_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_0:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_0_%=:\n\t"
+#endif
+        "UBFX	r7, r4, #12, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_1\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_1_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_1:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_1_%=:\n\t"
+#endif
+        "UBFX	r7, r4, #24, #8\n\t"
+        "BFI	r7, r5, #8, #4\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_2\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_2_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_2:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_2_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #4, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_3\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_3_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_3:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_3_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #16, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_4\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_4_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_4:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_4_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #28, #4\n\t"
+        "BFI	r7, r6, #4, #8\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_5\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_5_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_5:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_5_%=:\n\t"
+#endif
+        "UBFX	r7, r6, #8, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_6\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_6_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_6:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_6_%=:\n\t"
+#endif
+        "UBFX	r7, r6, #20, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_kyber_thumb2_rej_uniform_fail_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_7\n\t"
+#else
+        "BGE.N	L_kyber_thumb2_rej_uniform_fail_7_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_kyber_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_fail_7:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_fail_7_%=:\n\t"
+#endif
+        "SUBS	%[rLen], %[rLen], #0xc\n\t"
+#if defined(__GNUC__)
+        "BGT	L_kyber_thumb2_rej_uniform_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_kyber_thumb2_rej_uniform_loop\n\t"
+#else
+        "BGT.N	L_kyber_thumb2_rej_uniform_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_kyber_thumb2_rej_uniform_done:\n\t"
+#else
+    "L_kyber_thumb2_rej_uniform_done_%=:\n\t"
+#endif
+        "LSR	r0, r9, #1\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen),
+          [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c)
+        :
+        : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#else
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen)
+        : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas)
+        : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+    return (word32)(size_t)p;
+}
+
+#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
new file mode 100644
index 000000000..ae81b119d
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
@@ -0,0 +1,369 @@
+/* thumb2-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef HAVE_POLY1305
+	.text
+	.align	4
+	.globl	poly1305_blocks_thumb2_16
+	.type	poly1305_blocks_thumb2_16, %function
+poly1305_blocks_thumb2_16:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x1c
+	CMP	r2, #0x0
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_poly1305_thumb2_16_done
+#else
+	BEQ.N	L_poly1305_thumb2_16_done
+#endif
+	ADD	lr, sp, #0xc
+	STM	lr, {r0, r1, r2, r3}
+	/* Get h pointer */
+	ADD	lr, r0, #0x10
+	LDM	lr, {r4, r5, r6, r7, r8}
+L_poly1305_thumb2_16_loop:
+	/* Add m to h */
+	LDR	r1, [sp, #16]
+	LDR	r2, [r1]
+	LDR	r3, [r1, #4]
+	LDR	r9, [r1, #8]
+	LDR	r10, [r1, #12]
+	LDR	r11, [sp, #24]
+	ADDS	r4, r4, r2
+	ADCS	r5, r5, r3
+	ADCS	r6, r6, r9
+	ADCS	r7, r7, r10
+	ADD	r1, r1, #0x10
+	ADC	r8, r8, r11
+#ifdef WOLFSSL_ARM_ARCH_7M
+	STM	lr, {r4, r5, r6, r7, r8}
+#else
+	/* h[0]-h[2] in r4-r6 for multiplication. */
+	STR	r7, [lr, #12]
+	STR	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH_7M */
+	STR	r1, [sp, #16]
+	LDR	r1, [sp, #12]
+	/* Multiply h by r */
+#ifdef WOLFSSL_ARM_ARCH_7M
+	/* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+	LDR	r3, [r1]
+	EOR	r0, r0, r0
+	/* r[0] * h[0] */
+	/* h[0] in r4 */
+	UMULL	r4, r5, r3, r4
+	/* r[0] * h[2] */
+	/* h[2] in r6 */
+	UMULL	r6, r7, r3, r6
+	/* r[0] * h[4] */
+	/* h[4] in r8 */
+	MUL	r8, r3, r8
+	/* r[0] * h[1] */
+	LDR	r2, [lr, #4]
+	MOV	r12, r0
+	UMLAL	r5, r12, r3, r2
+	/* r[0] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r6, r6, r12
+	ADC	r7, r7, r0
+	UMLAL	r7, r8, r3, r2
+	/* r[1] * h[0] */
+	LDR	r3, [r1, #4]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r5, r12, r3, r2
+	/* r[1] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r6, r6, r12
+	ADC	r12, r0, r0
+	UMLAL	r6, r12, r3, r2
+	/* r[1] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r7, r7, r12
+	ADC	r12, r0, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[1] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r8, r8, r12
+	ADC	r9, r0, r0
+	UMLAL	r8, r9, r3, r2
+	/* r[1] * h[4] */
+	LDR	r2, [lr, #16]
+	MLA	r9, r3, r2, r9
+	/* r[2] * h[0] */
+	LDR	r3, [r1, #8]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r6, r12, r3, r2
+	/* r[2] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r7, r7, r12
+	ADC	r12, r0, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[2] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r8, r8, r12
+	ADC	r12, r0, r0
+	UMLAL	r8, r12, r3, r2
+	/* r[2] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r9, r9, r12
+	ADC	r10, r0, r0
+	UMLAL	r9, r10, r3, r2
+	/* r[2] * h[4] */
+	LDR	r2, [lr, #16]
+	MLA	r10, r3, r2, r10
+	/* r[3] * h[0] */
+	LDR	r3, [r1, #12]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[3] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r8, r8, r12
+	ADC	r12, r0, r0
+	UMLAL	r8, r12, r3, r2
+	/* r[3] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r9, r9, r12
+	ADC	r10, r10, r0
+	UMLAL	r9, r10, r3, r2
+	/* r[3] * h[3] */
+	LDR	r2, [lr, #12]
+	MOV	r11, r0
+	UMLAL	r10, r11, r3, r2
+	/* r[3] * h[4] */
+	LDR	r2, [lr, #16]
+	MOV	r12, r0
+	MLA	r11, r3, r2, r11
+#else
+	LDM	r1, {r0, r1, r2, r3}
+	/* r[0] * h[0] */
+	UMULL	r10, r11, r0, r4
+	/* r[1] * h[0] */
+	UMULL	r12, r7, r1, r4
+	/* r[0] * h[1] */
+	UMAAL	r11, r12, r0, r5
+	/* r[2] * h[0] */
+	UMULL	r8, r9, r2, r4
+	/* r[1] * h[1] */
+	UMAAL	r12, r8, r1, r5
+	/* r[0] * h[2] */
+	UMAAL	r12, r7, r0, r6
+	/* r[3] * h[0] */
+	UMAAL	r8, r9, r3, r4
+	STM	sp, {r10, r11, r12}
+	/* r[2] * h[1] */
+	UMAAL	r7, r8, r2, r5
+	/* Replace h[0] with h[3] */
+	LDR	r4, [lr, #12]
+	/* r[1] * h[2] */
+	UMULL	r10, r11, r1, r6
+	/* r[2] * h[2] */
+	UMAAL	r8, r9, r2, r6
+	/* r[0] * h[3] */
+	UMAAL	r7, r10, r0, r4
+	/* r[3] * h[1] */
+	UMAAL	r8, r11, r3, r5
+	/* r[1] * h[3] */
+	UMAAL	r8, r10, r1, r4
+	/* r[3] * h[2] */
+	UMAAL	r9, r11, r3, r6
+	/* r[2] * h[3] */
+	UMAAL	r9, r10, r2, r4
+	/* Replace h[1] with h[4] */
+	LDR	r5, [lr, #16]
+	/* r[3] * h[3] */
+	UMAAL	r10, r11, r3, r4
+	MOV	r12, #0x0
+	/* r[0] * h[4] */
+	UMAAL	r8, r12, r0, r5
+	/* r[1] * h[4] */
+	UMAAL	r9, r12, r1, r5
+	/* r[2] * h[4] */
+	UMAAL	r10, r12, r2, r5
+	/* r[3] * h[4] */
+	UMAAL	r11, r12, r3, r5
+	/* DONE */
+	LDM	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH_7M */
+	/* r12 will be zero because r is masked. */
+	/* Load length */
+	LDR	r2, [sp, #20]
+	/* Reduce mod 2^130 - 5 */
+	BIC	r3, r8, #0x3
+	AND	r8, r8, #0x3
+	ADDS	r4, r4, r3
+	LSR	r3, r3, #2
+	ADCS	r5, r5, r9
+	ORR	r3, r3, r9, LSL #30
+	ADCS	r6, r6, r10
+	LSR	r9, r9, #2
+	ADCS	r7, r7, r11
+	ORR	r9, r9, r10, LSL #30
+	ADC	r8, r8, r12
+	LSR	r10, r10, #2
+	ADDS	r4, r4, r3
+	ORR	r10, r10, r11, LSL #30
+	ADCS	r5, r5, r9
+	LSR	r11, r11, #2
+	ADCS	r6, r6, r10
+	ADCS	r7, r7, r11
+	ADC	r8, r8, r12
+	/* Sub 16 from length. */
+	SUBS	r2, r2, #0x10
+	/* Store length. */
+	STR	r2, [sp, #20]
+	/* Loop again if more message to do. */
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_poly1305_thumb2_16_loop
+#else
+	BGT.N	L_poly1305_thumb2_16_loop
+#endif
+	STM	lr, {r4, r5, r6, r7, r8}
+L_poly1305_thumb2_16_done:
+	ADD	sp, sp, #0x1c
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 250 */
+	.size	poly1305_blocks_thumb2_16,.-poly1305_blocks_thumb2_16
+	.text
+	.type	L_poly1305_thumb2_clamp, %object
+	.size	L_poly1305_thumb2_clamp, 16
+	.align	4
+L_poly1305_thumb2_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, lr}
+	/* Load mask. */
+	ADR	r10, L_poly1305_thumb2_clamp
+	LDM	r10, {r6, r7, r8, r9}
+	/* Load and cache padding. */
+	LDR	r2, [r1, #16]
+	LDR	r3, [r1, #20]
+	LDR	r4, [r1, #24]
+	LDR	r5, [r1, #28]
+	ADD	r10, r0, #0x24
+	STM	r10, {r2, r3, r4, r5}
+	/* Load, mask and store r. */
+	LDR	r2, [r1]
+	LDR	r3, [r1, #4]
+	LDR	r4, [r1, #8]
+	LDR	r5, [r1, #12]
+	AND	r2, r2, r6
+	AND	r3, r3, r7
+	AND	r4, r4, r8
+	AND	r5, r5, r9
+	ADD	r10, r0, #0x0
+	STM	r10, {r2, r3, r4, r5}
+	/* h (accumulator) = 0 */
+	EOR	r6, r6, r6
+	EOR	r7, r7, r7
+	EOR	r8, r8, r8
+	EOR	r9, r9, r9
+	ADD	r10, r0, #0x10
+	EOR	r5, r5, r5
+	STM	r10, {r5, r6, r7, r8, r9}
+	/* Zero leftover */
+	STR	r5, [r0, #52]
+	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
+	/* Cycle Count = 70 */
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADD	r11, r0, #0x10
+	LDM	r11, {r2, r3, r4, r5, r6}
+	/* Add 5 and check for h larger than p. */
+	ADDS	r7, r2, #0x5
+	ADCS	r7, r3, #0x0
+	ADCS	r7, r4, #0x0
+	ADCS	r7, r5, #0x0
+	ADC	r7, r6, #0x0
+	SUB	r7, r7, #0x4
+	LSR	r7, r7, #31
+	SUB	r7, r7, #0x1
+	AND	r7, r7, #0x5
+	/* Add 0/5 to h. */
+	ADDS	r2, r2, r7
+	ADCS	r3, r3, #0x0
+	ADCS	r4, r4, #0x0
+	ADC	r5, r5, #0x0
+	/* Add padding */
+	ADD	r11, r0, #0x24
+	LDM	r11, {r7, r8, r9, r10}
+	ADDS	r2, r2, r7
+	ADCS	r3, r3, r8
+	ADCS	r4, r4, r9
+	ADC	r5, r5, r10
+	/* Store MAC */
+	STR	r2, [r1]
+	STR	r3, [r1, #4]
+	STR	r4, [r1, #8]
+	STR	r5, [r1, #12]
+	/* Zero out h. */
+	EOR	r2, r2, r2
+	EOR	r3, r3, r3
+	EOR	r4, r4, r4
+	EOR	r5, r5, r5
+	EOR	r6, r6, r6
+	ADD	r11, r0, #0x10
+	STM	r11, {r2, r3, r4, r5, r6}
+	/* Zero out r. */
+	ADD	r11, r0, #0x0
+	STM	r11, {r2, r3, r4, r5}
+	/* Zero out padding. */
+	ADD	r11, r0, #0x24
+	STM	r11, {r2, r3, r4, r5}
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 82 */
+	.size	poly1305_final,.-poly1305_final
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
new file mode 100644
index 000000000..ac6ea4a1c
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
@@ -0,0 +1,422 @@
+/* thumb2-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_blocks_thumb2_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, int notLast_p)
+#else
+void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int notLast)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register const byte* m __asm__ ("r1") = (const byte*)m_p;
+    register word32 len __asm__ ("r2") = (word32)len_p;
+    register int notLast __asm__ ("r3") = (int)notLast_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x1c\n\t"
+        "CMP	%[len], #0x0\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_poly1305_thumb2_16_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_poly1305_thumb2_16_done\n\t"
+#else
+        "BEQ.N	L_poly1305_thumb2_16_done_%=\n\t"
+#endif
+        "ADD	lr, sp, #0xc\n\t"
+        "STM	lr, {%[ctx], %[m], %[len], %[notLast]}\n\t"
+        /* Get h pointer */
+        "ADD	lr, %[ctx], #0x10\n\t"
+        "LDM	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_poly1305_thumb2_16_loop:\n\t"
+#else
+    "L_poly1305_thumb2_16_loop_%=:\n\t"
+#endif
+        /* Add m to h */
+        "LDR	%[m], [sp, #16]\n\t"
+        "LDR	%[len], [%[m]]\n\t"
+        "LDR	%[notLast], [%[m], #4]\n\t"
+        "LDR	r9, [%[m], #8]\n\t"
+        "LDR	r10, [%[m], #12]\n\t"
+        "LDR	r11, [sp, #24]\n\t"
+        "ADDS	r4, r4, %[len]\n\t"
+        "ADCS	r5, r5, %[notLast]\n\t"
+        "ADCS	r6, r6, r9\n\t"
+        "ADCS	r7, r7, r10\n\t"
+        "ADD	%[m], %[m], #0x10\n\t"
+        "ADC	r8, r8, r11\n\t"
+#ifdef WOLFSSL_ARM_ARCH_7M
+        "STM	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "STR	r7, [lr, #12]\n\t"
+        "STR	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH_7M */
+        "STR	%[m], [sp, #16]\n\t"
+        "LDR	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#ifdef WOLFSSL_ARM_ARCH_7M
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "LDR	%[notLast], [%[m]]\n\t"
+        "EOR	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "UMULL	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "UMULL	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "MUL	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r6, r6, r12\n\t"
+        "ADC	r7, r7, %[ctx]\n\t"
+        "UMLAL	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "LDR	%[notLast], [%[m], #4]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r6, r6, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r7, r7, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r9, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MLA	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "LDR	%[notLast], [%[m], #8]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r7, r7, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r9, r9, r12\n\t"
+        "ADC	r10, %[ctx], %[ctx]\n\t"
+        "UMLAL	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MLA	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "LDR	%[notLast], [%[m], #12]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r9, r9, r12\n\t"
+        "ADC	r10, r10, %[ctx]\n\t"
+        "UMLAL	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "MOV	r11, %[ctx]\n\t"
+        "UMLAL	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "MLA	r11, %[notLast], %[len], r11\n\t"
+#else
+        "LDM	%[m], {%[ctx], %[m], %[len], %[notLast]}\n\t"
+        /* r[0] * h[0] */
+        "UMULL	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "UMULL	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "UMAAL	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "UMULL	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "UMAAL	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "UMAAL	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "UMAAL	r8, r9, %[notLast], r4\n\t"
+        "STM	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "UMAAL	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "LDR	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "UMULL	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "UMAAL	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "UMAAL	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "UMAAL	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "UMAAL	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "UMAAL	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "UMAAL	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "LDR	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "UMAAL	r10, r11, %[notLast], r4\n\t"
+        "MOV	r12, #0x0\n\t"
+        /* r[0] * h[4] */
+        "UMAAL	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "UMAAL	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "UMAAL	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "UMAAL	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "LDM	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH_7M */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "LDR	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "BIC	%[notLast], r8, #0x3\n\t"
+        "AND	r8, r8, #0x3\n\t"
+        "ADDS	r4, r4, %[notLast]\n\t"
+        "LSR	%[notLast], %[notLast], #2\n\t"
+        "ADCS	r5, r5, r9\n\t"
+        "ORR	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "ADCS	r6, r6, r10\n\t"
+        "LSR	r9, r9, #2\n\t"
+        "ADCS	r7, r7, r11\n\t"
+        "ORR	r9, r9, r10, LSL #30\n\t"
+        "ADC	r8, r8, r12\n\t"
+        "LSR	r10, r10, #2\n\t"
+        "ADDS	r4, r4, %[notLast]\n\t"
+        "ORR	r10, r10, r11, LSL #30\n\t"
+        "ADCS	r5, r5, r9\n\t"
+        "LSR	r11, r11, #2\n\t"
+        "ADCS	r6, r6, r10\n\t"
+        "ADCS	r7, r7, r11\n\t"
+        "ADC	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "SUBS	%[len], %[len], #0x10\n\t"
+        /* Store length. */
+        "STR	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+#if defined(__GNUC__)
+        "BGT	L_poly1305_thumb2_16_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_poly1305_thumb2_16_loop\n\t"
+#else
+        "BGT.N	L_poly1305_thumb2_16_loop_%=\n\t"
+#endif
+        "STM	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_poly1305_thumb2_16_done:\n\t"
+#else
+    "L_poly1305_thumb2_16_done_%=:\n\t"
+#endif
+        "ADD	sp, sp, #0x1c\n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), [notLast] "+r" (notLast)
+        :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+    );
+}
+
+XALIGNED(16) static const word32 L_poly1305_thumb2_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+#else
+void poly1305_set_key(Poly1305* ctx, const byte* key)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register const byte* key __asm__ ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (word32*)&L_poly1305_thumb2_clamp;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "MOV	r10, %[L_poly1305_thumb2_clamp]\n\t"
+        "LDM	r10, {r6, r7, r8, r9}\n\t"
+        /* Load and cache padding. */
+        "LDR	r2, [%[key], #16]\n\t"
+        "LDR	r3, [%[key], #20]\n\t"
+        "LDR	r4, [%[key], #24]\n\t"
+        "LDR	r5, [%[key], #28]\n\t"
+        "ADD	r10, %[ctx], #0x24\n\t"
+        "STM	r10, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "LDR	r2, [%[key]]\n\t"
+        "LDR	r3, [%[key], #4]\n\t"
+        "LDR	r4, [%[key], #8]\n\t"
+        "LDR	r5, [%[key], #12]\n\t"
+        "AND	r2, r2, r6\n\t"
+        "AND	r3, r3, r7\n\t"
+        "AND	r4, r4, r8\n\t"
+        "AND	r5, r5, r9\n\t"
+        "ADD	r10, %[ctx], #0x0\n\t"
+        "STM	r10, {r2, r3, r4, r5}\n\t"
+        /* h (accumulator) = 0 */
+        "EOR	r6, r6, r6\n\t"
+        "EOR	r7, r7, r7\n\t"
+        "EOR	r8, r8, r8\n\t"
+        "EOR	r9, r9, r9\n\t"
+        "ADD	r10, %[ctx], #0x10\n\t"
+        "EOR	r5, r5, r5\n\t"
+        "STM	r10, {r5, r6, r7, r8, r9}\n\t"
+        /* Zero leftover */
+        "STR	r5, [%[ctx], #52]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_thumb2_clamp] "+r" (L_poly1305_thumb2_clamp_c)
+        :
+        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#else
+        : [ctx] "+r" (ctx), [key] "+r" (key)
+        : [L_poly1305_thumb2_clamp] "r" (L_poly1305_thumb2_clamp)
+        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+#else
+void poly1305_final(Poly1305* ctx, byte* mac)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register byte* mac __asm__ ("r1") = (byte*)mac_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "ADD	r11, %[ctx], #0x10\n\t"
+        "LDM	r11, {r2, r3, r4, r5, r6}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "ADDS	r7, r2, #0x5\n\t"
+        "ADCS	r7, r3, #0x0\n\t"
+        "ADCS	r7, r4, #0x0\n\t"
+        "ADCS	r7, r5, #0x0\n\t"
+        "ADC	r7, r6, #0x0\n\t"
+        "SUB	r7, r7, #0x4\n\t"
+        "LSR	r7, r7, #31\n\t"
+        "SUB	r7, r7, #0x1\n\t"
+        "AND	r7, r7, #0x5\n\t"
+        /* Add 0/5 to h. */
+        "ADDS	r2, r2, r7\n\t"
+        "ADCS	r3, r3, #0x0\n\t"
+        "ADCS	r4, r4, #0x0\n\t"
+        "ADC	r5, r5, #0x0\n\t"
+        /* Add padding */
+        "ADD	r11, %[ctx], #0x24\n\t"
+        "LDM	r11, {r7, r8, r9, r10}\n\t"
+        "ADDS	r2, r2, r7\n\t"
+        "ADCS	r3, r3, r8\n\t"
+        "ADCS	r4, r4, r9\n\t"
+        "ADC	r5, r5, r10\n\t"
+        /* Store MAC */
+        "STR	r2, [%[mac]]\n\t"
+        "STR	r3, [%[mac], #4]\n\t"
+        "STR	r4, [%[mac], #8]\n\t"
+        "STR	r5, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "EOR	r2, r2, r2\n\t"
+        "EOR	r3, r3, r3\n\t"
+        "EOR	r4, r4, r4\n\t"
+        "EOR	r5, r5, r5\n\t"
+        "EOR	r6, r6, r6\n\t"
+        "ADD	r11, %[ctx], #0x10\n\t"
+        "STM	r11, {r2, r3, r4, r5, r6}\n\t"
+        /* Zero out r. */
+        "ADD	r11, %[ctx], #0x0\n\t"
+        "STM	r11, {r2, r3, r4, r5}\n\t"
+        /* Zero out padding. */
+        "ADD	r11, %[ctx], #0x24\n\t"
+        "STM	r11, {r2, r3, r4, r5}\n\t"
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+    );
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305.c b/wolfcrypt/src/port/arm/thumb2-poly1305.c
new file mode 100644
index 000000000..2fa5d03a0
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305.c
@@ -0,0 +1,142 @@
+/* armv8-poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m,
+    size_t bytes)
+{
+    poly1305_blocks_thumb2_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+
+/* Set the key for the Poly1305 operation.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] key    Key data to use.
+ * @param [in] keySz  Size of key in bytes. Must be 32.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32.
+ */
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    if (key != NULL) {
+        for (k = 0; k < keySz; k++) {
+            printf("%02x", key[k]);
+            if ((k+1) % 8 == 0)
+                printf("\n");
+        }
+    }
+    printf("\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL) || (keySz != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        poly1305_set_key(ctx, key);
+    }
+
+    return ret;
+}
+
+/* Finalize the Poly1305 operation calculating the MAC.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] mac    Buffer to hold the MAC. Myst be at least 16 bytes long.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or mac is NULL.
+ */
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (mac == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Process the remaining partial block - last block. */
+    if (ret == 0) {
+        if (ctx->leftover) {
+             size_t i = ctx->leftover;
+             ctx->buffer[i++] = 1;
+             for (; i < POLY1305_BLOCK_SIZE; i++) {
+                 ctx->buffer[i] = 0;
+             }
+             poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE,
+                 0);
+        }
+
+        poly1305_final(ctx, mac);
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
index 30d8dc76b..0cb34864f 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -925,7 +925,7 @@ L_SHA256_transform_len_start:
 	STR	r9, [sp, #60]
 	ADD	r3, r3, #0x40
 	SUBS	r12, r12, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA256_transform_len_start
 #else
 	BNE.W	L_SHA256_transform_len_start
@@ -1470,7 +1470,7 @@ L_SHA256_transform_len_start:
 	SUBS	r2, r2, #0x40
 	SUB	r3, r3, #0xc0
 	ADD	r1, r1, #0x40
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA256_transform_len_begin
 #else
 	BNE.W	L_SHA256_transform_len_begin
@@ -1481,7 +1481,7 @@ L_SHA256_transform_len_start:
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
index 4654dd215..fee0d9d23 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha256-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,19 +28,12 @@
     #include <config.h>
 #endif /* HAVE_CONFIG_H */
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-#include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -54,7 +47,7 @@
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_len_k[] = {
+XALIGNED(16) static const word32 L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -84,7 +77,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
     register wc_Sha256* sha256 __asm__ ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data __asm__ ("r1") = (const byte*)data_p;
     register word32 len __asm__ ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_len_k_c __asm__ ("r3") = (uint32_t*)&L_SHA256_transform_len_k;
+    register word32* L_SHA256_transform_len_k_c __asm__ ("r3") = (word32*)&L_SHA256_transform_len_k;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -101,7 +94,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "STRD	r10, r11, [sp, #88]\n\t"
         /* Start of loop processing a block */
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_SHA256_transform_len_begin:\n\t"
+#else
+    "L_SHA256_transform_len_begin_%=:\n\t"
+#endif
         /* Load, Reverse and Store W - 64 bytes */
         "LDR	r4, [%[data]]\n\t"
         "LDR	r5, [%[data], #4]\n\t"
@@ -149,7 +146,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "MOV	r12, #0x3\n\t"
         /* Start of 16 rounds */
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_SHA256_transform_len_start:\n\t"
+#else
+    "L_SHA256_transform_len_start_%=:\n\t"
+#endif
         /* Round 0 */
         "LDR	r5, [%[sha256], #16]\n\t"
         "LDR	r6, [%[sha256], #20]\n\t"
@@ -904,10 +905,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "STR	r9, [sp, #60]\n\t"
         "ADD	r3, r3, #0x40\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA256_transform_len_start\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_SHA256_transform_len_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_SHA256_transform_len_start\n\t"
+#else
+        "BNE.W	L_SHA256_transform_len_start_%=\n\t"
 #endif
         /* Round 0 */
         "LDR	r5, [%[sha256], #16]\n\t"
@@ -1449,29 +1452,29 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "SUBS	%[len], %[len], #0x40\n\t"
         "SUB	r3, r3, #0xc0\n\t"
         "ADD	%[data], %[data], #0x40\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA256_transform_len_begin\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_SHA256_transform_len_begin_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_SHA256_transform_len_begin\n\t"
+#else
+        "BNE.W	L_SHA256_transform_len_begin_%=\n\t"
 #endif
         "ADD	sp, sp, #0xc0\n\t"
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
           [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
         :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
 #else
         : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len)
         : [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__thumb__) */
-#endif /* WOLFSSL_ARMASM */
-
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
new file mode 100644
index 000000000..17c4d7d9c
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
@@ -0,0 +1,1176 @@
+/* thumb2-sha3-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./sha3/sha3.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef WOLFSSL_SHA3
+	.text
+	.type	L_sha3_thumb2_rt, %object
+	.size	L_sha3_thumb2_rt, 192
+	.align	8
+L_sha3_thumb2_rt:
+	.word	0x1
+	.word	0x0
+	.word	0x8082
+	.word	0x0
+	.word	0x808a
+	.word	0x80000000
+	.word	0x80008000
+	.word	0x80000000
+	.word	0x808b
+	.word	0x0
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8009
+	.word	0x80000000
+	.word	0x8a
+	.word	0x0
+	.word	0x88
+	.word	0x0
+	.word	0x80008009
+	.word	0x0
+	.word	0x8000000a
+	.word	0x0
+	.word	0x8000808b
+	.word	0x0
+	.word	0x8b
+	.word	0x80000000
+	.word	0x8089
+	.word	0x80000000
+	.word	0x8003
+	.word	0x80000000
+	.word	0x8002
+	.word	0x80000000
+	.word	0x80
+	.word	0x80000000
+	.word	0x800a
+	.word	0x0
+	.word	0x8000000a
+	.word	0x80000000
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8080
+	.word	0x80000000
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008008
+	.word	0x80000000
+	.text
+	.align	4
+	.globl	BlockSha3
+	.type	BlockSha3, %function
+BlockSha3:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0xcc
+	ADR	r1, L_sha3_thumb2_rt
+	MOV	r2, #0xc
+L_sha3_thumb2_begin:
+	STR	r2, [sp, #200]
+	/* Round even */
+	/* Calc b[4] */
+	LDRD	r4, r5, [r0, #32]
+	LDRD	r6, r7, [r0, #72]
+	LDRD	r8, r9, [r0, #112]
+	LDRD	r10, r11, [r0, #152]
+	LDR	r12, [r0, #192]
+	LDR	lr, [r0, #196]
+	EOR	r2, r4, r6
+	EOR	r3, r5, r7
+	EOR	r2, r2, r8
+	EOR	r3, r3, r9
+	EOR	r2, r2, r10
+	EOR	r3, r3, r11
+	EOR	r2, r2, r12
+	EOR	r3, r3, lr
+	STRD	r2, r3, [sp, #32]
+	/* Calc b[1] */
+	LDRD	r4, r5, [r0, #8]
+	LDRD	r6, r7, [r0, #48]
+	LDRD	r8, r9, [r0, #88]
+	LDRD	r10, r11, [r0, #128]
+	LDR	r12, [r0, #168]
+	LDR	lr, [r0, #172]
+	EOR	r4, r4, r6
+	EOR	r5, r5, r7
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r4, r4, r10
+	EOR	r5, r5, r11
+	EOR	r4, r4, r12
+	EOR	r5, r5, lr
+	STRD	r4, r5, [sp, #8]
+	/* Calc t[0] */
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* Calc b[0] and XOR t[0] into s[x*5+0] */
+	LDRD	r4, r5, [r0]
+	LDRD	r6, r7, [r0, #40]
+	LDRD	r8, r9, [r0, #80]
+	LDRD	r10, r11, [r0, #120]
+	EOR	r12, r4, r6
+	EOR	lr, r5, r7
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r4, r5, [r0]
+	STRD	r6, r7, [r0, #40]
+	STRD	r8, r9, [r0, #80]
+	STRD	r10, r11, [r0, #120]
+	LDRD	r10, r11, [r0, #160]
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r10, r11, [r0, #160]
+	STR	r12, [sp]
+	STR	lr, [sp, #4]
+	/* Calc b[3] */
+	LDRD	r4, r5, [r0, #24]
+	LDRD	r6, r7, [r0, #64]
+	LDRD	r8, r9, [r0, #104]
+	LDRD	r10, r11, [r0, #144]
+	LDR	r12, [r0, #184]
+	LDR	lr, [r0, #188]
+	EOR	r4, r4, r6
+	EOR	r5, r5, r7
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r4, r4, r10
+	EOR	r5, r5, r11
+	EOR	r4, r4, r12
+	EOR	r5, r5, lr
+	STRD	r4, r5, [sp, #24]
+	/* Calc t[2] */
+	LDRD	r2, r3, [sp, #8]
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* Calc b[2] and XOR t[2] into s[x*5+2] */
+	LDRD	r4, r5, [r0, #16]
+	LDRD	r6, r7, [r0, #56]
+	LDRD	r8, r9, [r0, #96]
+	LDRD	r10, r11, [r0, #136]
+	EOR	r12, r4, r6
+	EOR	lr, r5, r7
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r4, r5, [r0, #16]
+	STRD	r6, r7, [r0, #56]
+	STRD	r8, r9, [r0, #96]
+	STRD	r10, r11, [r0, #136]
+	LDRD	r10, r11, [r0, #176]
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r10, r11, [r0, #176]
+	STR	r12, [sp, #16]
+	STR	lr, [sp, #20]
+	/* Calc t[1] */
+	LDRD	r2, r3, [sp]
+	EOR	r2, r2, lr, LSR #31
+	EOR	r3, r3, r12, LSR #31
+	EOR	r2, r2, r12, LSL #1
+	EOR	r3, r3, lr, LSL #1
+	/* XOR t[1] into s[x*5+1] */
+	LDRD	r4, r5, [r0, #8]
+	LDRD	r6, r7, [r0, #48]
+	LDRD	r8, r9, [r0, #88]
+	LDRD	r10, r11, [r0, #128]
+	LDR	r12, [r0, #168]
+	LDR	lr, [r0, #172]
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STRD	r4, r5, [r0, #8]
+	STRD	r6, r7, [r0, #48]
+	STRD	r8, r9, [r0, #88]
+	STRD	r10, r11, [r0, #128]
+	STR	r12, [r0, #168]
+	STR	lr, [r0, #172]
+	/* Calc t[3] */
+	LDRD	r2, r3, [sp, #16]
+	LDRD	r4, r5, [sp, #32]
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* XOR t[3] into s[x*5+3] */
+	LDRD	r4, r5, [r0, #24]
+	LDRD	r6, r7, [r0, #64]
+	LDRD	r8, r9, [r0, #104]
+	LDRD	r10, r11, [r0, #144]
+	LDR	r12, [r0, #184]
+	LDR	lr, [r0, #188]
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STRD	r4, r5, [r0, #24]
+	STRD	r6, r7, [r0, #64]
+	STRD	r8, r9, [r0, #104]
+	STRD	r10, r11, [r0, #144]
+	STR	r12, [r0, #184]
+	STR	lr, [r0, #188]
+	/* Calc t[4] */
+	LDRD	r2, r3, [sp, #24]
+	LDRD	r4, r5, [sp]
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* XOR t[4] into s[x*5+4] */
+	LDRD	r4, r5, [r0, #32]
+	LDRD	r6, r7, [r0, #72]
+	LDRD	r8, r9, [r0, #112]
+	LDRD	r10, r11, [r0, #152]
+	LDR	r12, [r0, #192]
+	LDR	lr, [r0, #196]
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STRD	r4, r5, [r0, #32]
+	STRD	r6, r7, [r0, #72]
+	STRD	r8, r9, [r0, #112]
+	STRD	r10, r11, [r0, #152]
+	STR	r12, [r0, #192]
+	STR	lr, [r0, #196]
+	/* Row Mix */
+	/* Row 0 */
+	LDRD	r2, r3, [r0]
+	LDRD	r4, r5, [r0, #48]
+	LDRD	r6, r7, [r0, #96]
+	LDRD	r8, r9, [r0, #144]
+	LDRD	r10, r11, [r0, #192]
+	/* s[1] <<< 44 */
+	MOV	lr, r4
+	LSR	r12, r5, #20
+	LSR	r4, r4, #20
+	ORR	r4, r4, r5, LSL #12
+	ORR	r5, r12, lr, LSL #12
+	/* s[2] <<< 43 */
+	MOV	lr, r6
+	LSR	r12, r7, #21
+	LSR	r6, r6, #21
+	ORR	r6, r6, r7, LSL #11
+	ORR	r7, r12, lr, LSL #11
+	/* s[3] <<< 21 */
+	LSR	r12, r9, #11
+	LSR	lr, r8, #11
+	ORR	r8, r12, r8, LSL #21
+	ORR	r9, lr, r9, LSL #21
+	/* s[4] <<< 14 */
+	LSR	r12, r11, #18
+	LSR	lr, r10, #18
+	ORR	r10, r12, r10, LSL #14
+	ORR	r11, lr, r11, LSL #14
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [sp, #8]
+	STR	lr, [sp, #12]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [sp, #16]
+	STR	lr, [sp, #20]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [sp, #24]
+	STR	lr, [sp, #28]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [sp, #32]
+	STR	lr, [sp, #36]
+	/* Get constant */
+	LDRD	r10, r11, [r1]
+	ADD	r1, r1, #0x8
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	/* XOR in constant */
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [sp]
+	STR	lr, [sp, #4]
+	/* Row 1 */
+	LDRD	r2, r3, [r0, #24]
+	LDRD	r4, r5, [r0, #72]
+	LDRD	r6, r7, [r0, #80]
+	LDRD	r8, r9, [r0, #128]
+	LDRD	r10, r11, [r0, #176]
+	/* s[0] <<< 28 */
+	LSR	r12, r3, #4
+	LSR	lr, r2, #4
+	ORR	r2, r12, r2, LSL #28
+	ORR	r3, lr, r3, LSL #28
+	/* s[1] <<< 20 */
+	LSR	r12, r5, #12
+	LSR	lr, r4, #12
+	ORR	r4, r12, r4, LSL #20
+	ORR	r5, lr, r5, LSL #20
+	/* s[2] <<< 3 */
+	LSR	r12, r7, #29
+	LSR	lr, r6, #29
+	ORR	r6, r12, r6, LSL #3
+	ORR	r7, lr, r7, LSL #3
+	/* s[3] <<< 45 */
+	MOV	lr, r8
+	LSR	r12, r9, #19
+	LSR	r8, r8, #19
+	ORR	r8, r8, r9, LSL #13
+	ORR	r9, r12, lr, LSL #13
+	/* s[4] <<< 61 */
+	MOV	lr, r10
+	LSR	r12, r11, #3
+	LSR	r10, r10, #3
+	ORR	r10, r10, r11, LSL #29
+	ORR	r11, r12, lr, LSL #29
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [sp, #48]
+	STR	lr, [sp, #52]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [sp, #56]
+	STR	lr, [sp, #60]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [sp, #64]
+	STR	lr, [sp, #68]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [sp, #72]
+	STR	lr, [sp, #76]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [sp, #40]
+	STR	lr, [sp, #44]
+	/* Row 2 */
+	LDRD	r2, r3, [r0, #8]
+	LDRD	r4, r5, [r0, #56]
+	LDRD	r6, r7, [r0, #104]
+	LDRD	r8, r9, [r0, #152]
+	LDRD	r10, r11, [r0, #160]
+	/* s[0] <<< 1 */
+	LSR	r12, r3, #31
+	LSR	lr, r2, #31
+	ORR	r2, r12, r2, LSL #1
+	ORR	r3, lr, r3, LSL #1
+	/* s[1] <<< 6 */
+	LSR	r12, r5, #26
+	LSR	lr, r4, #26
+	ORR	r4, r12, r4, LSL #6
+	ORR	r5, lr, r5, LSL #6
+	/* s[2] <<< 25 */
+	LSR	r12, r7, #7
+	LSR	lr, r6, #7
+	ORR	r6, r12, r6, LSL #25
+	ORR	r7, lr, r7, LSL #25
+	/* s[3] <<< 8 */
+	LSR	r12, r9, #24
+	LSR	lr, r8, #24
+	ORR	r8, r12, r8, LSL #8
+	ORR	r9, lr, r9, LSL #8
+	/* s[4] <<< 18 */
+	LSR	r12, r11, #14
+	LSR	lr, r10, #14
+	ORR	r10, r12, r10, LSL #18
+	ORR	r11, lr, r11, LSL #18
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [sp, #88]
+	STR	lr, [sp, #92]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [sp, #96]
+	STR	lr, [sp, #100]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [sp, #104]
+	STR	lr, [sp, #108]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [sp, #112]
+	STR	lr, [sp, #116]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [sp, #80]
+	STR	lr, [sp, #84]
+	/* Row 3 */
+	LDRD	r2, r3, [r0, #32]
+	LDRD	r4, r5, [r0, #40]
+	LDRD	r6, r7, [r0, #88]
+	LDRD	r8, r9, [r0, #136]
+	LDRD	r10, r11, [r0, #184]
+	/* s[0] <<< 27 */
+	LSR	r12, r3, #5
+	LSR	lr, r2, #5
+	ORR	r2, r12, r2, LSL #27
+	ORR	r3, lr, r3, LSL #27
+	/* s[1] <<< 36 */
+	MOV	lr, r4
+	LSR	r12, r5, #28
+	LSR	r4, r4, #28
+	ORR	r4, r4, r5, LSL #4
+	ORR	r5, r12, lr, LSL #4
+	/* s[2] <<< 10 */
+	LSR	r12, r7, #22
+	LSR	lr, r6, #22
+	ORR	r6, r12, r6, LSL #10
+	ORR	r7, lr, r7, LSL #10
+	/* s[3] <<< 15 */
+	LSR	r12, r9, #17
+	LSR	lr, r8, #17
+	ORR	r8, r12, r8, LSL #15
+	ORR	r9, lr, r9, LSL #15
+	/* s[4] <<< 56 */
+	MOV	lr, r10
+	LSR	r12, r11, #8
+	LSR	r10, r10, #8
+	ORR	r10, r10, r11, LSL #24
+	ORR	r11, r12, lr, LSL #24
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [sp, #128]
+	STR	lr, [sp, #132]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [sp, #136]
+	STR	lr, [sp, #140]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [sp, #144]
+	STR	lr, [sp, #148]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [sp, #152]
+	STR	lr, [sp, #156]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [sp, #120]
+	STR	lr, [sp, #124]
+	/* Row 4 */
+	LDRD	r2, r3, [r0, #16]
+	LDRD	r4, r5, [r0, #64]
+	LDRD	r6, r7, [r0, #112]
+	LDRD	r8, r9, [r0, #120]
+	LDRD	r10, r11, [r0, #168]
+	/* s[0] <<< 62 */
+	MOV	lr, r2
+	LSR	r12, r3, #2
+	LSR	r2, r2, #2
+	ORR	r2, r2, r3, LSL #30
+	ORR	r3, r12, lr, LSL #30
+	/* s[1] <<< 55 */
+	MOV	lr, r4
+	LSR	r12, r5, #9
+	LSR	r4, r4, #9
+	ORR	r4, r4, r5, LSL #23
+	ORR	r5, r12, lr, LSL #23
+	/* s[2] <<< 39 */
+	MOV	lr, r6
+	LSR	r12, r7, #25
+	LSR	r6, r6, #25
+	ORR	r6, r6, r7, LSL #7
+	ORR	r7, r12, lr, LSL #7
+	/* s[3] <<< 41 */
+	MOV	lr, r8
+	LSR	r12, r9, #23
+	LSR	r8, r8, #23
+	ORR	r8, r8, r9, LSL #9
+	ORR	r9, r12, lr, LSL #9
+	/* s[4] <<< 2 */
+	LSR	r12, r11, #30
+	LSR	lr, r10, #30
+	ORR	r10, r12, r10, LSL #2
+	ORR	r11, lr, r11, LSL #2
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [sp, #168]
+	STR	lr, [sp, #172]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [sp, #176]
+	STR	lr, [sp, #180]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [sp, #184]
+	STR	lr, [sp, #188]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [sp, #192]
+	STR	lr, [sp, #196]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [sp, #160]
+	STR	lr, [sp, #164]
+	/* Round odd */
+	/* Calc b[4] */
+	LDRD	r4, r5, [sp, #32]
+	LDRD	r6, r7, [sp, #72]
+	LDRD	r8, r9, [sp, #112]
+	LDRD	r10, r11, [sp, #152]
+	LDR	r12, [sp, #192]
+	LDR	lr, [sp, #196]
+	EOR	r2, r4, r6
+	EOR	r3, r5, r7
+	EOR	r2, r2, r8
+	EOR	r3, r3, r9
+	EOR	r2, r2, r10
+	EOR	r3, r3, r11
+	EOR	r2, r2, r12
+	EOR	r3, r3, lr
+	STRD	r2, r3, [r0, #32]
+	/* Calc b[1] */
+	LDRD	r4, r5, [sp, #8]
+	LDRD	r6, r7, [sp, #48]
+	LDRD	r8, r9, [sp, #88]
+	LDRD	r10, r11, [sp, #128]
+	LDR	r12, [sp, #168]
+	LDR	lr, [sp, #172]
+	EOR	r4, r4, r6
+	EOR	r5, r5, r7
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r4, r4, r10
+	EOR	r5, r5, r11
+	EOR	r4, r4, r12
+	EOR	r5, r5, lr
+	STRD	r4, r5, [r0, #8]
+	/* Calc t[0] */
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* Calc b[0] and XOR t[0] into s[x*5+0] */
+	LDRD	r4, r5, [sp]
+	LDRD	r6, r7, [sp, #40]
+	LDRD	r8, r9, [sp, #80]
+	LDRD	r10, r11, [sp, #120]
+	EOR	r12, r4, r6
+	EOR	lr, r5, r7
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r4, r5, [sp]
+	STRD	r6, r7, [sp, #40]
+	STRD	r8, r9, [sp, #80]
+	STRD	r10, r11, [sp, #120]
+	LDRD	r10, r11, [sp, #160]
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r10, r11, [sp, #160]
+	STR	r12, [r0]
+	STR	lr, [r0, #4]
+	/* Calc b[3] */
+	LDRD	r4, r5, [sp, #24]
+	LDRD	r6, r7, [sp, #64]
+	LDRD	r8, r9, [sp, #104]
+	LDRD	r10, r11, [sp, #144]
+	LDR	r12, [sp, #184]
+	LDR	lr, [sp, #188]
+	EOR	r4, r4, r6
+	EOR	r5, r5, r7
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r4, r4, r10
+	EOR	r5, r5, r11
+	EOR	r4, r4, r12
+	EOR	r5, r5, lr
+	STRD	r4, r5, [r0, #24]
+	/* Calc t[2] */
+	LDRD	r2, r3, [r0, #8]
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* Calc b[2] and XOR t[2] into s[x*5+2] */
+	LDRD	r4, r5, [sp, #16]
+	LDRD	r6, r7, [sp, #56]
+	LDRD	r8, r9, [sp, #96]
+	LDRD	r10, r11, [sp, #136]
+	EOR	r12, r4, r6
+	EOR	lr, r5, r7
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r4, r5, [sp, #16]
+	STRD	r6, r7, [sp, #56]
+	STRD	r8, r9, [sp, #96]
+	STRD	r10, r11, [sp, #136]
+	LDRD	r10, r11, [sp, #176]
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	STRD	r10, r11, [sp, #176]
+	STR	r12, [r0, #16]
+	STR	lr, [r0, #20]
+	/* Calc t[1] */
+	LDRD	r2, r3, [r0]
+	EOR	r2, r2, lr, LSR #31
+	EOR	r3, r3, r12, LSR #31
+	EOR	r2, r2, r12, LSL #1
+	EOR	r3, r3, lr, LSL #1
+	/* XOR t[1] into s[x*5+1] */
+	LDRD	r4, r5, [sp, #8]
+	LDRD	r6, r7, [sp, #48]
+	LDRD	r8, r9, [sp, #88]
+	LDRD	r10, r11, [sp, #128]
+	LDR	r12, [sp, #168]
+	LDR	lr, [sp, #172]
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STRD	r4, r5, [sp, #8]
+	STRD	r6, r7, [sp, #48]
+	STRD	r8, r9, [sp, #88]
+	STRD	r10, r11, [sp, #128]
+	STR	r12, [sp, #168]
+	STR	lr, [sp, #172]
+	/* Calc t[3] */
+	LDRD	r2, r3, [r0, #16]
+	LDRD	r4, r5, [r0, #32]
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* XOR t[3] into s[x*5+3] */
+	LDRD	r4, r5, [sp, #24]
+	LDRD	r6, r7, [sp, #64]
+	LDRD	r8, r9, [sp, #104]
+	LDRD	r10, r11, [sp, #144]
+	LDR	r12, [sp, #184]
+	LDR	lr, [sp, #188]
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STRD	r4, r5, [sp, #24]
+	STRD	r6, r7, [sp, #64]
+	STRD	r8, r9, [sp, #104]
+	STRD	r10, r11, [sp, #144]
+	STR	r12, [sp, #184]
+	STR	lr, [sp, #188]
+	/* Calc t[4] */
+	LDRD	r2, r3, [r0, #24]
+	LDRD	r4, r5, [r0]
+	EOR	r2, r2, r5, LSR #31
+	EOR	r3, r3, r4, LSR #31
+	EOR	r2, r2, r4, LSL #1
+	EOR	r3, r3, r5, LSL #1
+	/* XOR t[4] into s[x*5+4] */
+	LDRD	r4, r5, [sp, #32]
+	LDRD	r6, r7, [sp, #72]
+	LDRD	r8, r9, [sp, #112]
+	LDRD	r10, r11, [sp, #152]
+	LDR	r12, [sp, #192]
+	LDR	lr, [sp, #196]
+	EOR	r4, r4, r2
+	EOR	r5, r5, r3
+	EOR	r6, r6, r2
+	EOR	r7, r7, r3
+	EOR	r8, r8, r2
+	EOR	r9, r9, r3
+	EOR	r10, r10, r2
+	EOR	r11, r11, r3
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STRD	r4, r5, [sp, #32]
+	STRD	r6, r7, [sp, #72]
+	STRD	r8, r9, [sp, #112]
+	STRD	r10, r11, [sp, #152]
+	STR	r12, [sp, #192]
+	STR	lr, [sp, #196]
+	/* Row Mix */
+	/* Row 0 */
+	LDRD	r2, r3, [sp]
+	LDRD	r4, r5, [sp, #48]
+	LDRD	r6, r7, [sp, #96]
+	LDRD	r8, r9, [sp, #144]
+	LDRD	r10, r11, [sp, #192]
+	/* s[1] <<< 44 */
+	MOV	lr, r4
+	LSR	r12, r5, #20
+	LSR	r4, r4, #20
+	ORR	r4, r4, r5, LSL #12
+	ORR	r5, r12, lr, LSL #12
+	/* s[2] <<< 43 */
+	MOV	lr, r6
+	LSR	r12, r7, #21
+	LSR	r6, r6, #21
+	ORR	r6, r6, r7, LSL #11
+	ORR	r7, r12, lr, LSL #11
+	/* s[3] <<< 21 */
+	LSR	r12, r9, #11
+	LSR	lr, r8, #11
+	ORR	r8, r12, r8, LSL #21
+	ORR	r9, lr, r9, LSL #21
+	/* s[4] <<< 14 */
+	LSR	r12, r11, #18
+	LSR	lr, r10, #18
+	ORR	r10, r12, r10, LSL #14
+	ORR	r11, lr, r11, LSL #14
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [r0, #8]
+	STR	lr, [r0, #12]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [r0, #16]
+	STR	lr, [r0, #20]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [r0, #24]
+	STR	lr, [r0, #28]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [r0, #32]
+	STR	lr, [r0, #36]
+	/* Get constant */
+	LDRD	r10, r11, [r1]
+	ADD	r1, r1, #0x8
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	/* XOR in constant */
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [r0]
+	STR	lr, [r0, #4]
+	/* Row 1 */
+	LDRD	r2, r3, [sp, #24]
+	LDRD	r4, r5, [sp, #72]
+	LDRD	r6, r7, [sp, #80]
+	LDRD	r8, r9, [sp, #128]
+	LDRD	r10, r11, [sp, #176]
+	/* s[0] <<< 28 */
+	LSR	r12, r3, #4
+	LSR	lr, r2, #4
+	ORR	r2, r12, r2, LSL #28
+	ORR	r3, lr, r3, LSL #28
+	/* s[1] <<< 20 */
+	LSR	r12, r5, #12
+	LSR	lr, r4, #12
+	ORR	r4, r12, r4, LSL #20
+	ORR	r5, lr, r5, LSL #20
+	/* s[2] <<< 3 */
+	LSR	r12, r7, #29
+	LSR	lr, r6, #29
+	ORR	r6, r12, r6, LSL #3
+	ORR	r7, lr, r7, LSL #3
+	/* s[3] <<< 45 */
+	MOV	lr, r8
+	LSR	r12, r9, #19
+	LSR	r8, r8, #19
+	ORR	r8, r8, r9, LSL #13
+	ORR	r9, r12, lr, LSL #13
+	/* s[4] <<< 61 */
+	MOV	lr, r10
+	LSR	r12, r11, #3
+	LSR	r10, r10, #3
+	ORR	r10, r10, r11, LSL #29
+	ORR	r11, r12, lr, LSL #29
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [r0, #48]
+	STR	lr, [r0, #52]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [r0, #56]
+	STR	lr, [r0, #60]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [r0, #64]
+	STR	lr, [r0, #68]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [r0, #72]
+	STR	lr, [r0, #76]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [r0, #40]
+	STR	lr, [r0, #44]
+	/* Row 2 */
+	LDRD	r2, r3, [sp, #8]
+	LDRD	r4, r5, [sp, #56]
+	LDRD	r6, r7, [sp, #104]
+	LDRD	r8, r9, [sp, #152]
+	LDRD	r10, r11, [sp, #160]
+	/* s[0] <<< 1 */
+	LSR	r12, r3, #31
+	LSR	lr, r2, #31
+	ORR	r2, r12, r2, LSL #1
+	ORR	r3, lr, r3, LSL #1
+	/* s[1] <<< 6 */
+	LSR	r12, r5, #26
+	LSR	lr, r4, #26
+	ORR	r4, r12, r4, LSL #6
+	ORR	r5, lr, r5, LSL #6
+	/* s[2] <<< 25 */
+	LSR	r12, r7, #7
+	LSR	lr, r6, #7
+	ORR	r6, r12, r6, LSL #25
+	ORR	r7, lr, r7, LSL #25
+	/* s[3] <<< 8 */
+	LSR	r12, r9, #24
+	LSR	lr, r8, #24
+	ORR	r8, r12, r8, LSL #8
+	ORR	r9, lr, r9, LSL #8
+	/* s[4] <<< 18 */
+	LSR	r12, r11, #14
+	LSR	lr, r10, #14
+	ORR	r10, r12, r10, LSL #18
+	ORR	r11, lr, r11, LSL #18
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [r0, #88]
+	STR	lr, [r0, #92]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [r0, #96]
+	STR	lr, [r0, #100]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [r0, #104]
+	STR	lr, [r0, #108]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [r0, #112]
+	STR	lr, [r0, #116]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [r0, #80]
+	STR	lr, [r0, #84]
+	/* Row 3 */
+	LDRD	r2, r3, [sp, #32]
+	LDRD	r4, r5, [sp, #40]
+	LDRD	r6, r7, [sp, #88]
+	LDRD	r8, r9, [sp, #136]
+	LDRD	r10, r11, [sp, #184]
+	/* s[0] <<< 27 */
+	LSR	r12, r3, #5
+	LSR	lr, r2, #5
+	ORR	r2, r12, r2, LSL #27
+	ORR	r3, lr, r3, LSL #27
+	/* s[1] <<< 36 */
+	MOV	lr, r4
+	LSR	r12, r5, #28
+	LSR	r4, r4, #28
+	ORR	r4, r4, r5, LSL #4
+	ORR	r5, r12, lr, LSL #4
+	/* s[2] <<< 10 */
+	LSR	r12, r7, #22
+	LSR	lr, r6, #22
+	ORR	r6, r12, r6, LSL #10
+	ORR	r7, lr, r7, LSL #10
+	/* s[3] <<< 15 */
+	LSR	r12, r9, #17
+	LSR	lr, r8, #17
+	ORR	r8, r12, r8, LSL #15
+	ORR	r9, lr, r9, LSL #15
+	/* s[4] <<< 56 */
+	MOV	lr, r10
+	LSR	r12, r11, #8
+	LSR	r10, r10, #8
+	ORR	r10, r10, r11, LSL #24
+	ORR	r11, r12, lr, LSL #24
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [r0, #128]
+	STR	lr, [r0, #132]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [r0, #136]
+	STR	lr, [r0, #140]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [r0, #144]
+	STR	lr, [r0, #148]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [r0, #152]
+	STR	lr, [r0, #156]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [r0, #120]
+	STR	lr, [r0, #124]
+	/* Row 4 */
+	LDRD	r2, r3, [sp, #16]
+	LDRD	r4, r5, [sp, #64]
+	LDRD	r6, r7, [sp, #112]
+	LDRD	r8, r9, [sp, #120]
+	LDRD	r10, r11, [sp, #168]
+	/* s[0] <<< 62 */
+	MOV	lr, r2
+	LSR	r12, r3, #2
+	LSR	r2, r2, #2
+	ORR	r2, r2, r3, LSL #30
+	ORR	r3, r12, lr, LSL #30
+	/* s[1] <<< 55 */
+	MOV	lr, r4
+	LSR	r12, r5, #9
+	LSR	r4, r4, #9
+	ORR	r4, r4, r5, LSL #23
+	ORR	r5, r12, lr, LSL #23
+	/* s[2] <<< 39 */
+	MOV	lr, r6
+	LSR	r12, r7, #25
+	LSR	r6, r6, #25
+	ORR	r6, r6, r7, LSL #7
+	ORR	r7, r12, lr, LSL #7
+	/* s[3] <<< 41 */
+	MOV	lr, r8
+	LSR	r12, r9, #23
+	LSR	r8, r8, #23
+	ORR	r8, r8, r9, LSL #9
+	ORR	r9, r12, lr, LSL #9
+	/* s[4] <<< 2 */
+	LSR	r12, r11, #30
+	LSR	lr, r10, #30
+	ORR	r10, r12, r10, LSL #2
+	ORR	r11, lr, r11, LSL #2
+	BIC	r12, r8, r6
+	BIC	lr, r9, r7
+	EOR	r12, r12, r4
+	EOR	lr, lr, r5
+	STR	r12, [r0, #168]
+	STR	lr, [r0, #172]
+	BIC	r12, r10, r8
+	BIC	lr, r11, r9
+	EOR	r12, r12, r6
+	EOR	lr, lr, r7
+	STR	r12, [r0, #176]
+	STR	lr, [r0, #180]
+	BIC	r12, r2, r10
+	BIC	lr, r3, r11
+	EOR	r12, r12, r8
+	EOR	lr, lr, r9
+	STR	r12, [r0, #184]
+	STR	lr, [r0, #188]
+	BIC	r12, r4, r2
+	BIC	lr, r5, r3
+	EOR	r12, r12, r10
+	EOR	lr, lr, r11
+	STR	r12, [r0, #192]
+	STR	lr, [r0, #196]
+	BIC	r12, r6, r4
+	BIC	lr, r7, r5
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	STR	r12, [r0, #160]
+	STR	lr, [r0, #164]
+	LDR	r2, [sp, #200]
+	SUBS	r2, r2, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_sha3_thumb2_begin
+#else
+	BNE.W	L_sha3_thumb2_begin
+#endif
+	ADD	sp, sp, #0xcc
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1505 */
+	.size	BlockSha3,.-BlockSha3
+#endif /* WOLFSSL_SHA3 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
new file mode 100644
index 000000000..64763b9eb
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
@@ -0,0 +1,1168 @@
+/* thumb2-sha3-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./sha3/sha3.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.c
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef WOLFSSL_SHA3
+static const word64 L_sha3_thumb2_rt[] = {
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL,
+};
+
+#include <wolfssl/wolfcrypt/sha3.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void BlockSha3(word64* state_p)
+#else
+void BlockSha3(word64* state)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word64* state __asm__ ("r0") = (word64*)state_p;
+    register word64* L_sha3_thumb2_rt_c __asm__ ("r1") = (word64*)&L_sha3_thumb2_rt;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0xcc\n\t"
+        "MOV	r1, %[L_sha3_thumb2_rt]\n\t"
+        "MOV	r2, #0xc\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_sha3_thumb2_begin:\n\t"
+#else
+    "L_sha3_thumb2_begin_%=:\n\t"
+#endif
+        "STR	r2, [sp, #200]\n\t"
+        /* Round even */
+        /* Calc b[4] */
+        "LDRD	r4, r5, [%[state], #32]\n\t"
+        "LDRD	r6, r7, [%[state], #72]\n\t"
+        "LDRD	r8, r9, [%[state], #112]\n\t"
+        "LDRD	r10, r11, [%[state], #152]\n\t"
+        "LDR	r12, [%[state], #192]\n\t"
+        "LDR	lr, [%[state], #196]\n\t"
+        "EOR	r2, r4, r6\n\t"
+        "EOR	r3, r5, r7\n\t"
+        "EOR	r2, r2, r8\n\t"
+        "EOR	r3, r3, r9\n\t"
+        "EOR	r2, r2, r10\n\t"
+        "EOR	r3, r3, r11\n\t"
+        "EOR	r2, r2, r12\n\t"
+        "EOR	r3, r3, lr\n\t"
+        "STRD	r2, r3, [sp, #32]\n\t"
+        /* Calc b[1] */
+        "LDRD	r4, r5, [%[state], #8]\n\t"
+        "LDRD	r6, r7, [%[state], #48]\n\t"
+        "LDRD	r8, r9, [%[state], #88]\n\t"
+        "LDRD	r10, r11, [%[state], #128]\n\t"
+        "LDR	r12, [%[state], #168]\n\t"
+        "LDR	lr, [%[state], #172]\n\t"
+        "EOR	r4, r4, r6\n\t"
+        "EOR	r5, r5, r7\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r4, r4, r10\n\t"
+        "EOR	r5, r5, r11\n\t"
+        "EOR	r4, r4, r12\n\t"
+        "EOR	r5, r5, lr\n\t"
+        "STRD	r4, r5, [sp, #8]\n\t"
+        /* Calc t[0] */
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* Calc b[0] and XOR t[0] into s[x*5+0] */
+        "LDRD	r4, r5, [%[state]]\n\t"
+        "LDRD	r6, r7, [%[state], #40]\n\t"
+        "LDRD	r8, r9, [%[state], #80]\n\t"
+        "LDRD	r10, r11, [%[state], #120]\n\t"
+        "EOR	r12, r4, r6\n\t"
+        "EOR	lr, r5, r7\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r4, r5, [%[state]]\n\t"
+        "STRD	r6, r7, [%[state], #40]\n\t"
+        "STRD	r8, r9, [%[state], #80]\n\t"
+        "STRD	r10, r11, [%[state], #120]\n\t"
+        "LDRD	r10, r11, [%[state], #160]\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r10, r11, [%[state], #160]\n\t"
+        "STR	r12, [sp]\n\t"
+        "STR	lr, [sp, #4]\n\t"
+        /* Calc b[3] */
+        "LDRD	r4, r5, [%[state], #24]\n\t"
+        "LDRD	r6, r7, [%[state], #64]\n\t"
+        "LDRD	r8, r9, [%[state], #104]\n\t"
+        "LDRD	r10, r11, [%[state], #144]\n\t"
+        "LDR	r12, [%[state], #184]\n\t"
+        "LDR	lr, [%[state], #188]\n\t"
+        "EOR	r4, r4, r6\n\t"
+        "EOR	r5, r5, r7\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r4, r4, r10\n\t"
+        "EOR	r5, r5, r11\n\t"
+        "EOR	r4, r4, r12\n\t"
+        "EOR	r5, r5, lr\n\t"
+        "STRD	r4, r5, [sp, #24]\n\t"
+        /* Calc t[2] */
+        "LDRD	r2, r3, [sp, #8]\n\t"
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* Calc b[2] and XOR t[2] into s[x*5+2] */
+        "LDRD	r4, r5, [%[state], #16]\n\t"
+        "LDRD	r6, r7, [%[state], #56]\n\t"
+        "LDRD	r8, r9, [%[state], #96]\n\t"
+        "LDRD	r10, r11, [%[state], #136]\n\t"
+        "EOR	r12, r4, r6\n\t"
+        "EOR	lr, r5, r7\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r4, r5, [%[state], #16]\n\t"
+        "STRD	r6, r7, [%[state], #56]\n\t"
+        "STRD	r8, r9, [%[state], #96]\n\t"
+        "STRD	r10, r11, [%[state], #136]\n\t"
+        "LDRD	r10, r11, [%[state], #176]\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r10, r11, [%[state], #176]\n\t"
+        "STR	r12, [sp, #16]\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* Calc t[1] */
+        "LDRD	r2, r3, [sp]\n\t"
+        "EOR	r2, r2, lr, LSR #31\n\t"
+        "EOR	r3, r3, r12, LSR #31\n\t"
+        "EOR	r2, r2, r12, LSL #1\n\t"
+        "EOR	r3, r3, lr, LSL #1\n\t"
+        /* XOR t[1] into s[x*5+1] */
+        "LDRD	r4, r5, [%[state], #8]\n\t"
+        "LDRD	r6, r7, [%[state], #48]\n\t"
+        "LDRD	r8, r9, [%[state], #88]\n\t"
+        "LDRD	r10, r11, [%[state], #128]\n\t"
+        "LDR	r12, [%[state], #168]\n\t"
+        "LDR	lr, [%[state], #172]\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STRD	r4, r5, [%[state], #8]\n\t"
+        "STRD	r6, r7, [%[state], #48]\n\t"
+        "STRD	r8, r9, [%[state], #88]\n\t"
+        "STRD	r10, r11, [%[state], #128]\n\t"
+        "STR	r12, [%[state], #168]\n\t"
+        "STR	lr, [%[state], #172]\n\t"
+        /* Calc t[3] */
+        "LDRD	r2, r3, [sp, #16]\n\t"
+        "LDRD	r4, r5, [sp, #32]\n\t"
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* XOR t[3] into s[x*5+3] */
+        "LDRD	r4, r5, [%[state], #24]\n\t"
+        "LDRD	r6, r7, [%[state], #64]\n\t"
+        "LDRD	r8, r9, [%[state], #104]\n\t"
+        "LDRD	r10, r11, [%[state], #144]\n\t"
+        "LDR	r12, [%[state], #184]\n\t"
+        "LDR	lr, [%[state], #188]\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STRD	r4, r5, [%[state], #24]\n\t"
+        "STRD	r6, r7, [%[state], #64]\n\t"
+        "STRD	r8, r9, [%[state], #104]\n\t"
+        "STRD	r10, r11, [%[state], #144]\n\t"
+        "STR	r12, [%[state], #184]\n\t"
+        "STR	lr, [%[state], #188]\n\t"
+        /* Calc t[4] */
+        "LDRD	r2, r3, [sp, #24]\n\t"
+        "LDRD	r4, r5, [sp]\n\t"
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* XOR t[4] into s[x*5+4] */
+        "LDRD	r4, r5, [%[state], #32]\n\t"
+        "LDRD	r6, r7, [%[state], #72]\n\t"
+        "LDRD	r8, r9, [%[state], #112]\n\t"
+        "LDRD	r10, r11, [%[state], #152]\n\t"
+        "LDR	r12, [%[state], #192]\n\t"
+        "LDR	lr, [%[state], #196]\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STRD	r4, r5, [%[state], #32]\n\t"
+        "STRD	r6, r7, [%[state], #72]\n\t"
+        "STRD	r8, r9, [%[state], #112]\n\t"
+        "STRD	r10, r11, [%[state], #152]\n\t"
+        "STR	r12, [%[state], #192]\n\t"
+        "STR	lr, [%[state], #196]\n\t"
+        /* Row Mix */
+        /* Row 0 */
+        "LDRD	r2, r3, [%[state]]\n\t"
+        "LDRD	r4, r5, [%[state], #48]\n\t"
+        "LDRD	r6, r7, [%[state], #96]\n\t"
+        "LDRD	r8, r9, [%[state], #144]\n\t"
+        "LDRD	r10, r11, [%[state], #192]\n\t"
+        /* s[1] <<< 44 */
+        "MOV	lr, r4\n\t"
+        "LSR	r12, r5, #20\n\t"
+        "LSR	r4, r4, #20\n\t"
+        "ORR	r4, r4, r5, LSL #12\n\t"
+        "ORR	r5, r12, lr, LSL #12\n\t"
+        /* s[2] <<< 43 */
+        "MOV	lr, r6\n\t"
+        "LSR	r12, r7, #21\n\t"
+        "LSR	r6, r6, #21\n\t"
+        "ORR	r6, r6, r7, LSL #11\n\t"
+        "ORR	r7, r12, lr, LSL #11\n\t"
+        /* s[3] <<< 21 */
+        "LSR	r12, r9, #11\n\t"
+        "LSR	lr, r8, #11\n\t"
+        "ORR	r8, r12, r8, LSL #21\n\t"
+        "ORR	r9, lr, r9, LSL #21\n\t"
+        /* s[4] <<< 14 */
+        "LSR	r12, r11, #18\n\t"
+        "LSR	lr, r10, #18\n\t"
+        "ORR	r10, r12, r10, LSL #14\n\t"
+        "ORR	r11, lr, r11, LSL #14\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [sp, #8]\n\t"
+        "STR	lr, [sp, #12]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [sp, #16]\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [sp, #24]\n\t"
+        "STR	lr, [sp, #28]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [sp, #32]\n\t"
+        "STR	lr, [sp, #36]\n\t"
+        /* Get constant */
+        "LDRD	r10, r11, [r1]\n\t"
+        "ADD	r1, r1, #0x8\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        /* XOR in constant */
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [sp]\n\t"
+        "STR	lr, [sp, #4]\n\t"
+        /* Row 1 */
+        "LDRD	r2, r3, [%[state], #24]\n\t"
+        "LDRD	r4, r5, [%[state], #72]\n\t"
+        "LDRD	r6, r7, [%[state], #80]\n\t"
+        "LDRD	r8, r9, [%[state], #128]\n\t"
+        "LDRD	r10, r11, [%[state], #176]\n\t"
+        /* s[0] <<< 28 */
+        "LSR	r12, r3, #4\n\t"
+        "LSR	lr, r2, #4\n\t"
+        "ORR	r2, r12, r2, LSL #28\n\t"
+        "ORR	r3, lr, r3, LSL #28\n\t"
+        /* s[1] <<< 20 */
+        "LSR	r12, r5, #12\n\t"
+        "LSR	lr, r4, #12\n\t"
+        "ORR	r4, r12, r4, LSL #20\n\t"
+        "ORR	r5, lr, r5, LSL #20\n\t"
+        /* s[2] <<< 3 */
+        "LSR	r12, r7, #29\n\t"
+        "LSR	lr, r6, #29\n\t"
+        "ORR	r6, r12, r6, LSL #3\n\t"
+        "ORR	r7, lr, r7, LSL #3\n\t"
+        /* s[3] <<< 45 */
+        "MOV	lr, r8\n\t"
+        "LSR	r12, r9, #19\n\t"
+        "LSR	r8, r8, #19\n\t"
+        "ORR	r8, r8, r9, LSL #13\n\t"
+        "ORR	r9, r12, lr, LSL #13\n\t"
+        /* s[4] <<< 61 */
+        "MOV	lr, r10\n\t"
+        "LSR	r12, r11, #3\n\t"
+        "LSR	r10, r10, #3\n\t"
+        "ORR	r10, r10, r11, LSL #29\n\t"
+        "ORR	r11, r12, lr, LSL #29\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [sp, #48]\n\t"
+        "STR	lr, [sp, #52]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [sp, #56]\n\t"
+        "STR	lr, [sp, #60]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [sp, #64]\n\t"
+        "STR	lr, [sp, #68]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [sp, #72]\n\t"
+        "STR	lr, [sp, #76]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [sp, #40]\n\t"
+        "STR	lr, [sp, #44]\n\t"
+        /* Row 2 */
+        "LDRD	r2, r3, [%[state], #8]\n\t"
+        "LDRD	r4, r5, [%[state], #56]\n\t"
+        "LDRD	r6, r7, [%[state], #104]\n\t"
+        "LDRD	r8, r9, [%[state], #152]\n\t"
+        "LDRD	r10, r11, [%[state], #160]\n\t"
+        /* s[0] <<< 1 */
+        "LSR	r12, r3, #31\n\t"
+        "LSR	lr, r2, #31\n\t"
+        "ORR	r2, r12, r2, LSL #1\n\t"
+        "ORR	r3, lr, r3, LSL #1\n\t"
+        /* s[1] <<< 6 */
+        "LSR	r12, r5, #26\n\t"
+        "LSR	lr, r4, #26\n\t"
+        "ORR	r4, r12, r4, LSL #6\n\t"
+        "ORR	r5, lr, r5, LSL #6\n\t"
+        /* s[2] <<< 25 */
+        "LSR	r12, r7, #7\n\t"
+        "LSR	lr, r6, #7\n\t"
+        "ORR	r6, r12, r6, LSL #25\n\t"
+        "ORR	r7, lr, r7, LSL #25\n\t"
+        /* s[3] <<< 8 */
+        "LSR	r12, r9, #24\n\t"
+        "LSR	lr, r8, #24\n\t"
+        "ORR	r8, r12, r8, LSL #8\n\t"
+        "ORR	r9, lr, r9, LSL #8\n\t"
+        /* s[4] <<< 18 */
+        "LSR	r12, r11, #14\n\t"
+        "LSR	lr, r10, #14\n\t"
+        "ORR	r10, r12, r10, LSL #18\n\t"
+        "ORR	r11, lr, r11, LSL #18\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [sp, #88]\n\t"
+        "STR	lr, [sp, #92]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [sp, #96]\n\t"
+        "STR	lr, [sp, #100]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [sp, #104]\n\t"
+        "STR	lr, [sp, #108]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [sp, #112]\n\t"
+        "STR	lr, [sp, #116]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [sp, #80]\n\t"
+        "STR	lr, [sp, #84]\n\t"
+        /* Row 3 */
+        "LDRD	r2, r3, [%[state], #32]\n\t"
+        "LDRD	r4, r5, [%[state], #40]\n\t"
+        "LDRD	r6, r7, [%[state], #88]\n\t"
+        "LDRD	r8, r9, [%[state], #136]\n\t"
+        "LDRD	r10, r11, [%[state], #184]\n\t"
+        /* s[0] <<< 27 */
+        "LSR	r12, r3, #5\n\t"
+        "LSR	lr, r2, #5\n\t"
+        "ORR	r2, r12, r2, LSL #27\n\t"
+        "ORR	r3, lr, r3, LSL #27\n\t"
+        /* s[1] <<< 36 */
+        "MOV	lr, r4\n\t"
+        "LSR	r12, r5, #28\n\t"
+        "LSR	r4, r4, #28\n\t"
+        "ORR	r4, r4, r5, LSL #4\n\t"
+        "ORR	r5, r12, lr, LSL #4\n\t"
+        /* s[2] <<< 10 */
+        "LSR	r12, r7, #22\n\t"
+        "LSR	lr, r6, #22\n\t"
+        "ORR	r6, r12, r6, LSL #10\n\t"
+        "ORR	r7, lr, r7, LSL #10\n\t"
+        /* s[3] <<< 15 */
+        "LSR	r12, r9, #17\n\t"
+        "LSR	lr, r8, #17\n\t"
+        "ORR	r8, r12, r8, LSL #15\n\t"
+        "ORR	r9, lr, r9, LSL #15\n\t"
+        /* s[4] <<< 56 */
+        "MOV	lr, r10\n\t"
+        "LSR	r12, r11, #8\n\t"
+        "LSR	r10, r10, #8\n\t"
+        "ORR	r10, r10, r11, LSL #24\n\t"
+        "ORR	r11, r12, lr, LSL #24\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [sp, #128]\n\t"
+        "STR	lr, [sp, #132]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [sp, #136]\n\t"
+        "STR	lr, [sp, #140]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [sp, #144]\n\t"
+        "STR	lr, [sp, #148]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [sp, #152]\n\t"
+        "STR	lr, [sp, #156]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [sp, #120]\n\t"
+        "STR	lr, [sp, #124]\n\t"
+        /* Row 4 */
+        "LDRD	r2, r3, [%[state], #16]\n\t"
+        "LDRD	r4, r5, [%[state], #64]\n\t"
+        "LDRD	r6, r7, [%[state], #112]\n\t"
+        "LDRD	r8, r9, [%[state], #120]\n\t"
+        "LDRD	r10, r11, [%[state], #168]\n\t"
+        /* s[0] <<< 62 */
+        "MOV	lr, r2\n\t"
+        "LSR	r12, r3, #2\n\t"
+        "LSR	r2, r2, #2\n\t"
+        "ORR	r2, r2, r3, LSL #30\n\t"
+        "ORR	r3, r12, lr, LSL #30\n\t"
+        /* s[1] <<< 55 */
+        "MOV	lr, r4\n\t"
+        "LSR	r12, r5, #9\n\t"
+        "LSR	r4, r4, #9\n\t"
+        "ORR	r4, r4, r5, LSL #23\n\t"
+        "ORR	r5, r12, lr, LSL #23\n\t"
+        /* s[2] <<< 39 */
+        "MOV	lr, r6\n\t"
+        "LSR	r12, r7, #25\n\t"
+        "LSR	r6, r6, #25\n\t"
+        "ORR	r6, r6, r7, LSL #7\n\t"
+        "ORR	r7, r12, lr, LSL #7\n\t"
+        /* s[3] <<< 41 */
+        "MOV	lr, r8\n\t"
+        "LSR	r12, r9, #23\n\t"
+        "LSR	r8, r8, #23\n\t"
+        "ORR	r8, r8, r9, LSL #9\n\t"
+        "ORR	r9, r12, lr, LSL #9\n\t"
+        /* s[4] <<< 2 */
+        "LSR	r12, r11, #30\n\t"
+        "LSR	lr, r10, #30\n\t"
+        "ORR	r10, r12, r10, LSL #2\n\t"
+        "ORR	r11, lr, r11, LSL #2\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [sp, #168]\n\t"
+        "STR	lr, [sp, #172]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [sp, #176]\n\t"
+        "STR	lr, [sp, #180]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [sp, #184]\n\t"
+        "STR	lr, [sp, #188]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [sp, #192]\n\t"
+        "STR	lr, [sp, #196]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [sp, #160]\n\t"
+        "STR	lr, [sp, #164]\n\t"
+        /* Round odd */
+        /* Calc b[4] */
+        "LDRD	r4, r5, [sp, #32]\n\t"
+        "LDRD	r6, r7, [sp, #72]\n\t"
+        "LDRD	r8, r9, [sp, #112]\n\t"
+        "LDRD	r10, r11, [sp, #152]\n\t"
+        "LDR	r12, [sp, #192]\n\t"
+        "LDR	lr, [sp, #196]\n\t"
+        "EOR	r2, r4, r6\n\t"
+        "EOR	r3, r5, r7\n\t"
+        "EOR	r2, r2, r8\n\t"
+        "EOR	r3, r3, r9\n\t"
+        "EOR	r2, r2, r10\n\t"
+        "EOR	r3, r3, r11\n\t"
+        "EOR	r2, r2, r12\n\t"
+        "EOR	r3, r3, lr\n\t"
+        "STRD	r2, r3, [%[state], #32]\n\t"
+        /* Calc b[1] */
+        "LDRD	r4, r5, [sp, #8]\n\t"
+        "LDRD	r6, r7, [sp, #48]\n\t"
+        "LDRD	r8, r9, [sp, #88]\n\t"
+        "LDRD	r10, r11, [sp, #128]\n\t"
+        "LDR	r12, [sp, #168]\n\t"
+        "LDR	lr, [sp, #172]\n\t"
+        "EOR	r4, r4, r6\n\t"
+        "EOR	r5, r5, r7\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r4, r4, r10\n\t"
+        "EOR	r5, r5, r11\n\t"
+        "EOR	r4, r4, r12\n\t"
+        "EOR	r5, r5, lr\n\t"
+        "STRD	r4, r5, [%[state], #8]\n\t"
+        /* Calc t[0] */
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* Calc b[0] and XOR t[0] into s[x*5+0] */
+        "LDRD	r4, r5, [sp]\n\t"
+        "LDRD	r6, r7, [sp, #40]\n\t"
+        "LDRD	r8, r9, [sp, #80]\n\t"
+        "LDRD	r10, r11, [sp, #120]\n\t"
+        "EOR	r12, r4, r6\n\t"
+        "EOR	lr, r5, r7\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r4, r5, [sp]\n\t"
+        "STRD	r6, r7, [sp, #40]\n\t"
+        "STRD	r8, r9, [sp, #80]\n\t"
+        "STRD	r10, r11, [sp, #120]\n\t"
+        "LDRD	r10, r11, [sp, #160]\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r10, r11, [sp, #160]\n\t"
+        "STR	r12, [%[state]]\n\t"
+        "STR	lr, [%[state], #4]\n\t"
+        /* Calc b[3] */
+        "LDRD	r4, r5, [sp, #24]\n\t"
+        "LDRD	r6, r7, [sp, #64]\n\t"
+        "LDRD	r8, r9, [sp, #104]\n\t"
+        "LDRD	r10, r11, [sp, #144]\n\t"
+        "LDR	r12, [sp, #184]\n\t"
+        "LDR	lr, [sp, #188]\n\t"
+        "EOR	r4, r4, r6\n\t"
+        "EOR	r5, r5, r7\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r4, r4, r10\n\t"
+        "EOR	r5, r5, r11\n\t"
+        "EOR	r4, r4, r12\n\t"
+        "EOR	r5, r5, lr\n\t"
+        "STRD	r4, r5, [%[state], #24]\n\t"
+        /* Calc t[2] */
+        "LDRD	r2, r3, [%[state], #8]\n\t"
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* Calc b[2] and XOR t[2] into s[x*5+2] */
+        "LDRD	r4, r5, [sp, #16]\n\t"
+        "LDRD	r6, r7, [sp, #56]\n\t"
+        "LDRD	r8, r9, [sp, #96]\n\t"
+        "LDRD	r10, r11, [sp, #136]\n\t"
+        "EOR	r12, r4, r6\n\t"
+        "EOR	lr, r5, r7\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r4, r5, [sp, #16]\n\t"
+        "STRD	r6, r7, [sp, #56]\n\t"
+        "STRD	r8, r9, [sp, #96]\n\t"
+        "STRD	r10, r11, [sp, #136]\n\t"
+        "LDRD	r10, r11, [sp, #176]\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "STRD	r10, r11, [sp, #176]\n\t"
+        "STR	r12, [%[state], #16]\n\t"
+        "STR	lr, [%[state], #20]\n\t"
+        /* Calc t[1] */
+        "LDRD	r2, r3, [%[state]]\n\t"
+        "EOR	r2, r2, lr, LSR #31\n\t"
+        "EOR	r3, r3, r12, LSR #31\n\t"
+        "EOR	r2, r2, r12, LSL #1\n\t"
+        "EOR	r3, r3, lr, LSL #1\n\t"
+        /* XOR t[1] into s[x*5+1] */
+        "LDRD	r4, r5, [sp, #8]\n\t"
+        "LDRD	r6, r7, [sp, #48]\n\t"
+        "LDRD	r8, r9, [sp, #88]\n\t"
+        "LDRD	r10, r11, [sp, #128]\n\t"
+        "LDR	r12, [sp, #168]\n\t"
+        "LDR	lr, [sp, #172]\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STRD	r4, r5, [sp, #8]\n\t"
+        "STRD	r6, r7, [sp, #48]\n\t"
+        "STRD	r8, r9, [sp, #88]\n\t"
+        "STRD	r10, r11, [sp, #128]\n\t"
+        "STR	r12, [sp, #168]\n\t"
+        "STR	lr, [sp, #172]\n\t"
+        /* Calc t[3] */
+        "LDRD	r2, r3, [%[state], #16]\n\t"
+        "LDRD	r4, r5, [%[state], #32]\n\t"
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* XOR t[3] into s[x*5+3] */
+        "LDRD	r4, r5, [sp, #24]\n\t"
+        "LDRD	r6, r7, [sp, #64]\n\t"
+        "LDRD	r8, r9, [sp, #104]\n\t"
+        "LDRD	r10, r11, [sp, #144]\n\t"
+        "LDR	r12, [sp, #184]\n\t"
+        "LDR	lr, [sp, #188]\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STRD	r4, r5, [sp, #24]\n\t"
+        "STRD	r6, r7, [sp, #64]\n\t"
+        "STRD	r8, r9, [sp, #104]\n\t"
+        "STRD	r10, r11, [sp, #144]\n\t"
+        "STR	r12, [sp, #184]\n\t"
+        "STR	lr, [sp, #188]\n\t"
+        /* Calc t[4] */
+        "LDRD	r2, r3, [%[state], #24]\n\t"
+        "LDRD	r4, r5, [%[state]]\n\t"
+        "EOR	r2, r2, r5, LSR #31\n\t"
+        "EOR	r3, r3, r4, LSR #31\n\t"
+        "EOR	r2, r2, r4, LSL #1\n\t"
+        "EOR	r3, r3, r5, LSL #1\n\t"
+        /* XOR t[4] into s[x*5+4] */
+        "LDRD	r4, r5, [sp, #32]\n\t"
+        "LDRD	r6, r7, [sp, #72]\n\t"
+        "LDRD	r8, r9, [sp, #112]\n\t"
+        "LDRD	r10, r11, [sp, #152]\n\t"
+        "LDR	r12, [sp, #192]\n\t"
+        "LDR	lr, [sp, #196]\n\t"
+        "EOR	r4, r4, r2\n\t"
+        "EOR	r5, r5, r3\n\t"
+        "EOR	r6, r6, r2\n\t"
+        "EOR	r7, r7, r3\n\t"
+        "EOR	r8, r8, r2\n\t"
+        "EOR	r9, r9, r3\n\t"
+        "EOR	r10, r10, r2\n\t"
+        "EOR	r11, r11, r3\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STRD	r4, r5, [sp, #32]\n\t"
+        "STRD	r6, r7, [sp, #72]\n\t"
+        "STRD	r8, r9, [sp, #112]\n\t"
+        "STRD	r10, r11, [sp, #152]\n\t"
+        "STR	r12, [sp, #192]\n\t"
+        "STR	lr, [sp, #196]\n\t"
+        /* Row Mix */
+        /* Row 0 */
+        "LDRD	r2, r3, [sp]\n\t"
+        "LDRD	r4, r5, [sp, #48]\n\t"
+        "LDRD	r6, r7, [sp, #96]\n\t"
+        "LDRD	r8, r9, [sp, #144]\n\t"
+        "LDRD	r10, r11, [sp, #192]\n\t"
+        /* s[1] <<< 44 */
+        "MOV	lr, r4\n\t"
+        "LSR	r12, r5, #20\n\t"
+        "LSR	r4, r4, #20\n\t"
+        "ORR	r4, r4, r5, LSL #12\n\t"
+        "ORR	r5, r12, lr, LSL #12\n\t"
+        /* s[2] <<< 43 */
+        "MOV	lr, r6\n\t"
+        "LSR	r12, r7, #21\n\t"
+        "LSR	r6, r6, #21\n\t"
+        "ORR	r6, r6, r7, LSL #11\n\t"
+        "ORR	r7, r12, lr, LSL #11\n\t"
+        /* s[3] <<< 21 */
+        "LSR	r12, r9, #11\n\t"
+        "LSR	lr, r8, #11\n\t"
+        "ORR	r8, r12, r8, LSL #21\n\t"
+        "ORR	r9, lr, r9, LSL #21\n\t"
+        /* s[4] <<< 14 */
+        "LSR	r12, r11, #18\n\t"
+        "LSR	lr, r10, #18\n\t"
+        "ORR	r10, r12, r10, LSL #14\n\t"
+        "ORR	r11, lr, r11, LSL #14\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [%[state], #8]\n\t"
+        "STR	lr, [%[state], #12]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [%[state], #16]\n\t"
+        "STR	lr, [%[state], #20]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [%[state], #24]\n\t"
+        "STR	lr, [%[state], #28]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [%[state], #32]\n\t"
+        "STR	lr, [%[state], #36]\n\t"
+        /* Get constant */
+        "LDRD	r10, r11, [r1]\n\t"
+        "ADD	r1, r1, #0x8\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        /* XOR in constant */
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [%[state]]\n\t"
+        "STR	lr, [%[state], #4]\n\t"
+        /* Row 1 */
+        "LDRD	r2, r3, [sp, #24]\n\t"
+        "LDRD	r4, r5, [sp, #72]\n\t"
+        "LDRD	r6, r7, [sp, #80]\n\t"
+        "LDRD	r8, r9, [sp, #128]\n\t"
+        "LDRD	r10, r11, [sp, #176]\n\t"
+        /* s[0] <<< 28 */
+        "LSR	r12, r3, #4\n\t"
+        "LSR	lr, r2, #4\n\t"
+        "ORR	r2, r12, r2, LSL #28\n\t"
+        "ORR	r3, lr, r3, LSL #28\n\t"
+        /* s[1] <<< 20 */
+        "LSR	r12, r5, #12\n\t"
+        "LSR	lr, r4, #12\n\t"
+        "ORR	r4, r12, r4, LSL #20\n\t"
+        "ORR	r5, lr, r5, LSL #20\n\t"
+        /* s[2] <<< 3 */
+        "LSR	r12, r7, #29\n\t"
+        "LSR	lr, r6, #29\n\t"
+        "ORR	r6, r12, r6, LSL #3\n\t"
+        "ORR	r7, lr, r7, LSL #3\n\t"
+        /* s[3] <<< 45 */
+        "MOV	lr, r8\n\t"
+        "LSR	r12, r9, #19\n\t"
+        "LSR	r8, r8, #19\n\t"
+        "ORR	r8, r8, r9, LSL #13\n\t"
+        "ORR	r9, r12, lr, LSL #13\n\t"
+        /* s[4] <<< 61 */
+        "MOV	lr, r10\n\t"
+        "LSR	r12, r11, #3\n\t"
+        "LSR	r10, r10, #3\n\t"
+        "ORR	r10, r10, r11, LSL #29\n\t"
+        "ORR	r11, r12, lr, LSL #29\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [%[state], #48]\n\t"
+        "STR	lr, [%[state], #52]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [%[state], #56]\n\t"
+        "STR	lr, [%[state], #60]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [%[state], #64]\n\t"
+        "STR	lr, [%[state], #68]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [%[state], #72]\n\t"
+        "STR	lr, [%[state], #76]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [%[state], #40]\n\t"
+        "STR	lr, [%[state], #44]\n\t"
+        /* Row 2 */
+        "LDRD	r2, r3, [sp, #8]\n\t"
+        "LDRD	r4, r5, [sp, #56]\n\t"
+        "LDRD	r6, r7, [sp, #104]\n\t"
+        "LDRD	r8, r9, [sp, #152]\n\t"
+        "LDRD	r10, r11, [sp, #160]\n\t"
+        /* s[0] <<< 1 */
+        "LSR	r12, r3, #31\n\t"
+        "LSR	lr, r2, #31\n\t"
+        "ORR	r2, r12, r2, LSL #1\n\t"
+        "ORR	r3, lr, r3, LSL #1\n\t"
+        /* s[1] <<< 6 */
+        "LSR	r12, r5, #26\n\t"
+        "LSR	lr, r4, #26\n\t"
+        "ORR	r4, r12, r4, LSL #6\n\t"
+        "ORR	r5, lr, r5, LSL #6\n\t"
+        /* s[2] <<< 25 */
+        "LSR	r12, r7, #7\n\t"
+        "LSR	lr, r6, #7\n\t"
+        "ORR	r6, r12, r6, LSL #25\n\t"
+        "ORR	r7, lr, r7, LSL #25\n\t"
+        /* s[3] <<< 8 */
+        "LSR	r12, r9, #24\n\t"
+        "LSR	lr, r8, #24\n\t"
+        "ORR	r8, r12, r8, LSL #8\n\t"
+        "ORR	r9, lr, r9, LSL #8\n\t"
+        /* s[4] <<< 18 */
+        "LSR	r12, r11, #14\n\t"
+        "LSR	lr, r10, #14\n\t"
+        "ORR	r10, r12, r10, LSL #18\n\t"
+        "ORR	r11, lr, r11, LSL #18\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [%[state], #88]\n\t"
+        "STR	lr, [%[state], #92]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [%[state], #96]\n\t"
+        "STR	lr, [%[state], #100]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [%[state], #104]\n\t"
+        "STR	lr, [%[state], #108]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [%[state], #112]\n\t"
+        "STR	lr, [%[state], #116]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [%[state], #80]\n\t"
+        "STR	lr, [%[state], #84]\n\t"
+        /* Row 3 */
+        "LDRD	r2, r3, [sp, #32]\n\t"
+        "LDRD	r4, r5, [sp, #40]\n\t"
+        "LDRD	r6, r7, [sp, #88]\n\t"
+        "LDRD	r8, r9, [sp, #136]\n\t"
+        "LDRD	r10, r11, [sp, #184]\n\t"
+        /* s[0] <<< 27 */
+        "LSR	r12, r3, #5\n\t"
+        "LSR	lr, r2, #5\n\t"
+        "ORR	r2, r12, r2, LSL #27\n\t"
+        "ORR	r3, lr, r3, LSL #27\n\t"
+        /* s[1] <<< 36 */
+        "MOV	lr, r4\n\t"
+        "LSR	r12, r5, #28\n\t"
+        "LSR	r4, r4, #28\n\t"
+        "ORR	r4, r4, r5, LSL #4\n\t"
+        "ORR	r5, r12, lr, LSL #4\n\t"
+        /* s[2] <<< 10 */
+        "LSR	r12, r7, #22\n\t"
+        "LSR	lr, r6, #22\n\t"
+        "ORR	r6, r12, r6, LSL #10\n\t"
+        "ORR	r7, lr, r7, LSL #10\n\t"
+        /* s[3] <<< 15 */
+        "LSR	r12, r9, #17\n\t"
+        "LSR	lr, r8, #17\n\t"
+        "ORR	r8, r12, r8, LSL #15\n\t"
+        "ORR	r9, lr, r9, LSL #15\n\t"
+        /* s[4] <<< 56 */
+        "MOV	lr, r10\n\t"
+        "LSR	r12, r11, #8\n\t"
+        "LSR	r10, r10, #8\n\t"
+        "ORR	r10, r10, r11, LSL #24\n\t"
+        "ORR	r11, r12, lr, LSL #24\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [%[state], #128]\n\t"
+        "STR	lr, [%[state], #132]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [%[state], #136]\n\t"
+        "STR	lr, [%[state], #140]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [%[state], #144]\n\t"
+        "STR	lr, [%[state], #148]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [%[state], #152]\n\t"
+        "STR	lr, [%[state], #156]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [%[state], #120]\n\t"
+        "STR	lr, [%[state], #124]\n\t"
+        /* Row 4 */
+        "LDRD	r2, r3, [sp, #16]\n\t"
+        "LDRD	r4, r5, [sp, #64]\n\t"
+        "LDRD	r6, r7, [sp, #112]\n\t"
+        "LDRD	r8, r9, [sp, #120]\n\t"
+        "LDRD	r10, r11, [sp, #168]\n\t"
+        /* s[0] <<< 62 */
+        "MOV	lr, r2\n\t"
+        "LSR	r12, r3, #2\n\t"
+        "LSR	r2, r2, #2\n\t"
+        "ORR	r2, r2, r3, LSL #30\n\t"
+        "ORR	r3, r12, lr, LSL #30\n\t"
+        /* s[1] <<< 55 */
+        "MOV	lr, r4\n\t"
+        "LSR	r12, r5, #9\n\t"
+        "LSR	r4, r4, #9\n\t"
+        "ORR	r4, r4, r5, LSL #23\n\t"
+        "ORR	r5, r12, lr, LSL #23\n\t"
+        /* s[2] <<< 39 */
+        "MOV	lr, r6\n\t"
+        "LSR	r12, r7, #25\n\t"
+        "LSR	r6, r6, #25\n\t"
+        "ORR	r6, r6, r7, LSL #7\n\t"
+        "ORR	r7, r12, lr, LSL #7\n\t"
+        /* s[3] <<< 41 */
+        "MOV	lr, r8\n\t"
+        "LSR	r12, r9, #23\n\t"
+        "LSR	r8, r8, #23\n\t"
+        "ORR	r8, r8, r9, LSL #9\n\t"
+        "ORR	r9, r12, lr, LSL #9\n\t"
+        /* s[4] <<< 2 */
+        "LSR	r12, r11, #30\n\t"
+        "LSR	lr, r10, #30\n\t"
+        "ORR	r10, r12, r10, LSL #2\n\t"
+        "ORR	r11, lr, r11, LSL #2\n\t"
+        "BIC	r12, r8, r6\n\t"
+        "BIC	lr, r9, r7\n\t"
+        "EOR	r12, r12, r4\n\t"
+        "EOR	lr, lr, r5\n\t"
+        "STR	r12, [%[state], #168]\n\t"
+        "STR	lr, [%[state], #172]\n\t"
+        "BIC	r12, r10, r8\n\t"
+        "BIC	lr, r11, r9\n\t"
+        "EOR	r12, r12, r6\n\t"
+        "EOR	lr, lr, r7\n\t"
+        "STR	r12, [%[state], #176]\n\t"
+        "STR	lr, [%[state], #180]\n\t"
+        "BIC	r12, r2, r10\n\t"
+        "BIC	lr, r3, r11\n\t"
+        "EOR	r12, r12, r8\n\t"
+        "EOR	lr, lr, r9\n\t"
+        "STR	r12, [%[state], #184]\n\t"
+        "STR	lr, [%[state], #188]\n\t"
+        "BIC	r12, r4, r2\n\t"
+        "BIC	lr, r5, r3\n\t"
+        "EOR	r12, r12, r10\n\t"
+        "EOR	lr, lr, r11\n\t"
+        "STR	r12, [%[state], #192]\n\t"
+        "STR	lr, [%[state], #196]\n\t"
+        "BIC	r12, r6, r4\n\t"
+        "BIC	lr, r7, r5\n\t"
+        "EOR	r12, r12, r2\n\t"
+        "EOR	lr, lr, r3\n\t"
+        "STR	r12, [%[state], #160]\n\t"
+        "STR	lr, [%[state], #164]\n\t"
+        "LDR	r2, [sp, #200]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+#if defined(__GNUC__)
+        "BNE	L_sha3_thumb2_begin_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.W	L_sha3_thumb2_begin\n\t"
+#else
+        "BNE.W	L_sha3_thumb2_begin_%=\n\t"
+#endif
+        "ADD	sp, sp, #0xcc\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [state] "+r" (state),
+          [L_sha3_thumb2_rt] "+r" (L_sha3_thumb2_rt_c)
+        :
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        : [state] "+r" (state)
+        : [L_sha3_thumb2_rt] "r" (L_sha3_thumb2_rt)
+        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+    );
+}
+
+#endif /* WOLFSSL_SHA3 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
index 6031b9240..b3e257cc8 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,16 +30,16 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #ifdef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.type	L_SHA512_transform_len_k, %object
 	.size	L_SHA512_transform_len_k, 640
-	.align	4
+	.align	8
 L_SHA512_transform_len_k:
 	.word	0xd728ae22
 	.word	0x428a2f98
@@ -2319,7 +2319,7 @@ L_SHA512_transform_len_start:
 	STRD	r4, r5, [sp, #120]
 	ADD	r3, r3, #0x80
 	SUBS	r12, r12, #0x1
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA512_transform_len_start
 #else
 	BNE.W	L_SHA512_transform_len_start
@@ -3656,7 +3656,7 @@ L_SHA512_transform_len_start:
 	SUBS	r2, r2, #0x80
 	SUB	r3, r3, #0x200
 	ADD	r1, r1, #0x80
-#ifdef __GNUC__
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
 	BNE	L_SHA512_transform_len_begin
 #else
 	BNE.W	L_SHA512_transform_len_begin
@@ -3667,8 +3667,8 @@ L_SHA512_transform_len_start:
 	/* Cycle Count = 5021 */
 	.size	Transform_Sha512_Len,.-Transform_Sha512_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
index d7fbd83e3..4968ab692 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha512-asm
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,19 +28,12 @@
     #include <config.h>
 #endif /* HAVE_CONFIG_H */
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-#include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
@@ -50,11 +43,11 @@
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_len_k[] = {
+static const word64 L_SHA512_transform_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -108,7 +101,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
     register wc_Sha512* sha512 __asm__ ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data __asm__ ("r1") = (const byte*)data_p;
     register word32 len __asm__ ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_len_k_c __asm__ ("r3") = (uint64_t*)&L_SHA512_transform_len_k;
+    register word64* L_SHA512_transform_len_k_c __asm__ ("r3") = (word64*)&L_SHA512_transform_len_k;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -133,7 +126,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "STRD	r10, r11, [sp, #184]\n\t"
         /* Start of loop processing a block */
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_SHA512_transform_len_begin:\n\t"
+#else
+    "L_SHA512_transform_len_begin_%=:\n\t"
+#endif
         /* Load, Reverse and Store W */
         "LDR	r4, [%[data]]\n\t"
         "LDR	r5, [%[data], #4]\n\t"
@@ -239,7 +236,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "MOV	r12, #0x4\n\t"
         /* Start of 16 rounds */
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_SHA512_transform_len_start:\n\t"
+#else
+    "L_SHA512_transform_len_start_%=:\n\t"
+#endif
         /* Round 0 */
         "LDRD	r4, r5, [%[sha512], #32]\n\t"
         "LSRS	r6, r4, #14\n\t"
@@ -2226,10 +2227,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "STRD	r4, r5, [sp, #120]\n\t"
         "ADD	r3, r3, #0x80\n\t"
         "SUBS	r12, r12, #0x1\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA512_transform_len_start\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_SHA512_transform_len_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_SHA512_transform_len_start\n\t"
+#else
+        "BNE.W	L_SHA512_transform_len_start_%=\n\t"
 #endif
         /* Round 0 */
         "LDRD	r4, r5, [%[sha512], #32]\n\t"
@@ -3563,10 +3566,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         "SUBS	%[len], %[len], #0x80\n\t"
         "SUB	r3, r3, #0x200\n\t"
         "ADD	%[data], %[data], #0x80\n\t"
-#ifdef __GNUC__
-        "BNE	L_SHA512_transform_len_begin\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_SHA512_transform_len_begin_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.W	L_SHA512_transform_len_begin\n\t"
+#else
+        "BNE.W	L_SHA512_transform_len_begin_%=\n\t"
 #endif
         "EOR	r0, r0, r0\n\t"
         "ADD	sp, sp, #0xc0\n\t"
@@ -3574,19 +3579,17 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
           [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
         :
+        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
 #else
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len)
         : [L_SHA512_transform_len_k] "r" (L_SHA512_transform_len_k)
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__thumb__) */
-#endif /* WOLFSSL_ARMASM */
-
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/atmel/README.md b/wolfcrypt/src/port/atmel/README.md
index 1a7664394..01b11a040 100644
--- a/wolfcrypt/src/port/atmel/README.md
+++ b/wolfcrypt/src/port/atmel/README.md
@@ -24,7 +24,7 @@ Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/por
 * `WOLFSSL_ATECC_TFLXTLS`: Enable support for Microchip TrustFLEX with custom PKI module configuration
 * `WOLFSSL_ATECC_DEBUG`: Enable wolfSSL ATECC debug messages.
 * `WOLFSSL_ATMEL`: Enables ASF hooks seeding random data using the `atmel_get_random_number` function.
-* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC. 
+* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC.
 * `ATECC_GET_ENC_KEY`: Macro to define your own function for getting the encryption key.
 * `ATECC_SLOT_I2C_ENC`: Macro for the default encryption key slot. Can also get via the slot callback with `ATMEL_SLOT_ENCKEY`.
 * `ATECC_MAX_SLOT`: Macro for the maximum dynamically allocated slots.
@@ -35,7 +35,7 @@ Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/por
 `#define HAVE_PK_CALLBACKS`
 `#define WOLFSSL_ATECC_PKCB`
 
-or 
+or
 
 `./configure CFLAGS="-DWOLFSSL_ATECC608A"`
 `#define WOLFSSL_ATECC608A`
diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
index 9a404d8b3..6aabe5dba 100644
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -1,6 +1,6 @@
 /* atmel.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -136,7 +136,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out)
 
 int atmel_get_random_block(unsigned char* output, unsigned int sz)
 {
-	return atmel_get_random_number((uint32_t)sz, (uint8_t*)output);
+        return atmel_get_random_number((uint32_t)sz, (uint8_t*)output);
 }
 
 #if defined(WOLFSSL_ATMEL) && defined(WOLFSSL_ATMEL_TIME)
@@ -148,12 +148,12 @@ long atmel_get_curr_time_and_date(long* tm)
 {
     long rt = 0;
 
-	/* Get current time */
+        /* Get current time */
     struct rtc_calendar_time rtcTime;
     const int monthDay[] = {0,31,59,90,120,151,181,212,243,273,304,334};
     int month, year, yearLeap;
 
-	rtc_calendar_get_time(_rtc_instance[0], &rtcTime);
+        rtc_calendar_get_time(_rtc_instance[0], &rtcTime);
 
     /* Convert rtc_calendar_time to seconds since UTC */
     month = rtcTime.month % 12;
@@ -359,7 +359,7 @@ int atmel_get_enc_key_default(byte* enckey, word16 keysize)
 static int atmel_init_enc_key(void)
 {
     int ret;
-	uint8_t read_key[ATECC_KEY_SIZE];
+        uint8_t read_key[ATECC_KEY_SIZE];
     uint8_t writeBlock = 0;
     uint8_t writeOffset = 0;
     int slotId;
@@ -388,7 +388,7 @@ static int atmel_init_enc_key(void)
     ForceZero(read_key, sizeof(read_key));
     ret = atmel_ecc_translate_err(ret);
 
-	return ret;
+        return ret;
 }
 #endif
 
@@ -497,7 +497,7 @@ int atmel_init(void)
     extern ATCAIfaceCfg atecc608_0_init_data;
     #endif
 #endif
-    
+
     if (!mAtcaInitDone) {
         ATCA_STATUS status;
         int i;
@@ -940,7 +940,7 @@ exit:
     return ret;
 }
 
-static int atcatls_set_certificates(WOLFSSL_CTX *ctx) 
+static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
 {
     #ifndef ATCATLS_SIGNER_CERT_MAX_SIZE
         #define ATCATLS_SIGNER_CERT_MAX_SIZE 0x250
@@ -966,7 +966,7 @@ static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
     uint8_t signerPubKeyBuffer[ATCATLS_PUBKEY_BUFF_MAX_SIZE];
 #endif
 
-#ifdef WOLFSSL_ATECC_TNGTLS	
+#ifdef WOLFSSL_ATECC_TNGTLS
     ret = tng_atcacert_max_signer_cert_size(&signerCertSize);
     if (ret != ATCACERT_E_SUCCESS) {
     #ifdef WOLFSSL_ATECC_DEBUG
diff --git a/wolfcrypt/src/port/autosar/README.md b/wolfcrypt/src/port/autosar/README.md
new file mode 100644
index 000000000..39fd501fa
--- /dev/null
+++ b/wolfcrypt/src/port/autosar/README.md
@@ -0,0 +1,45 @@
+## 1.0 Intro To Using wolfSSL with AutoSAR
+
+This readme covers building and using wolfSSL for AutoSAR applications. Currently AES-CBC and RNG are supported. The version of AutoSAR used for reference was 4.4. Currently there is no asynchronous support.
+
+
+## 2.0 Building wolfSSL
+
+### 2.1 wolfSSL Library
+To enable the use of AutoSAR with wolfSSL use the enable option --enable-autosar. In example “./configure --eanble-autosar�. If building without autotools then the macro WOLFSSL_AUTOSAR should be defined. This is usually defined in a user_settings.h file which gets included to the wolfSSL build when the macro WOLFSSL_USER_SETTINGS is defined.
+
+
+### 2.2 Key Redirection
+By default the next available key with the same key type desired is used. When specific keys are to be used then key input redirection is needed. This is done at compile time with setting specific macros. An example of key redirection would be as follows :
+
+/* set redirection of primary and secondary */
+#define REDIRECTION_CONFIG 0x03
+
+/* set primary key to keyId of 1 and element type CRYPTO_KE_CIPHER_KEY */
+#define REDIRECTION_IN1_KEYID 1
+#define REDIRECTION_IN1_KEYELMID 0x01
+
+
+/* set secondary key to keyId of 4 and element type CRYPTO_KE_CIPHER_IV */
+#define REDIRECTION_IN2_KEYID 4
+#define REDIRECTION_IN2_KEYELMID 0x05
+
+
+## 3.0 example
+
+There is an example test case located at wolfcrypt/src/port/autsar/example.c. After compiling with autotools (./configure --enable-autsar && make) the example can be ran by running the command ./wolfcrypt/src/port/autsar/example.test
+
+## 4.0 API Implemented
+
+- Std_ReturnType Csm_Decrypt(uint32 jobId,
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+         uint8* resultPtr, uint32* resultLengthPtr);
+- Std_ReturnType Csm_Encrypt(uint32 jobId,
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+         uint8* resultPtr, uint32* resultLengthPtr);
+- Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId,
+         const uint8* keyPtr, uint32 keyLength);
+- Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,
+         uint32* resultLengthPtr);
+
+Along with the structures necessary for these API.
diff --git a/wolfcrypt/src/port/autosar/cryif.c b/wolfcrypt/src/port/autosar/cryif.c
new file mode 100644
index 000000000..5909b3a2c
--- /dev/null
+++ b/wolfcrypt/src/port/autosar/cryif.c
@@ -0,0 +1,105 @@
+/* cryif.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* AutoSAR 4.4 */
+/* shim layer for use of wolfSSL crypto driver */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CRYIF
+
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/CryIf.h>
+#include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
+
+
+#include <wolfssl/wolfcrypt/logging.h>
+
+/* initialization function */
+void CryIf_Init(const CryIf_ConfigType* in)
+{
+    (void)in;
+    Crypto_Init(NULL);
+}
+
+
+void CryIf_GetVersionInfo(Std_VersionInfoType* ver)
+{
+    if (ver != NULL) {
+        ver->vendorID = 0; /* no vendor or module ID */
+        ver->moduleID = 0;
+        ver->sw_major_version = (LIBWOLFSSL_VERSION_HEX >> 24) & 0xFFF;
+        ver->sw_minor_version = (LIBWOLFSSL_VERSION_HEX >> 12) & 0xFFF;
+        ver->sw_patch_version = (LIBWOLFSSL_VERSION_HEX) & 0xFFF;
+    }
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType CryIf_ProcessJob(uint32 id, Crypto_JobType* job)
+{
+    WOLFSSL_ENTER("CryIf_ProcessJob");
+    if (job == NULL) {
+        return E_NOT_OK;
+    }
+
+    /* only handle synchronous jobs */
+    if (job->jobPrimitiveInfo->processingType != CRYPTO_PROCESSING_SYNC) {
+        WOLFSSL_MSG("Crypto Interface only supporting synchronous jobs");
+        return E_NOT_OK;
+    }
+
+    return Crypto_ProcessJob(id, job);
+}
+
+
+/* not implemented yet since async not supported */
+Std_ReturnType CryIf_CancelJob(uint32 id, Crypto_JobType* job)
+{
+    (void)id;
+    (void)job;
+    WOLFSSL_STUB("CryIf_CancelJob");
+
+    return E_NOT_OK;
+}
+
+
+/* return E_OK on success */
+Std_ReturnType CryIf_KeyElementSet(uint32 keyId, uint32 eId, const uint8* key,
+        uint32 keySz)
+{
+    if (key == NULL || keySz == 0) {
+        /* report CRYIF_E_PARAM_POINTER to the DET */
+        return E_NOT_OK;
+    }
+
+    return Crypto_KeyElementSet(keyId, eId, key, keySz);
+}
+#endif /* NO_WOLFSSL_AUTOSAR_CRYIF */
+#endif /* WOLFSSL_AUTOSAR */
+
diff --git a/wolfcrypt/src/port/autosar/crypto.c b/wolfcrypt/src/port/autosar/crypto.c
new file mode 100644
index 000000000..2f20aa5ba
--- /dev/null
+++ b/wolfcrypt/src/port/autosar/crypto.c
@@ -0,0 +1,495 @@
+/* crypto.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CRYPTO
+
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/Crypto.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* Low level crypto (software based driver) where wolfCrypt gets called */
+Std_ReturnType wolfSSL_Crypto_CBC(Crypto_JobType* job);
+Std_ReturnType wolfSSL_Crypto(Crypto_JobType* job);
+Std_ReturnType wolfSSL_Crypto_RNG(Crypto_JobType* job);
+
+
+#ifndef MAX_KEYSTORE
+    #define MAX_KEYSTORE 15
+#endif
+#ifndef MAX_JOBS
+    #define MAX_JOBS 10
+#endif
+
+static wolfSSL_Mutex crypto_mutex;
+struct Keys {
+    uint32 keyLen;
+    uint32 eId;
+
+    /* raw key */
+    uint8 key[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE];
+} Keys;
+
+
+struct Jobs {
+    uint32 jobId;
+    uint8  inUse; /* is the key available for use */
+    Aes aes;
+} Jobs;
+
+static struct Jobs activeJobs[MAX_JOBS];
+static struct Keys keyStore[MAX_KEYSTORE];
+
+
+/* tries to get a key of type eId
+ * returns 0 on success
+ */
+static int GetKey(Crypto_JobType* job, uint32 eId, uint8 **key, uint32 *keySz)
+{
+    int i, ret = 0;
+
+    if (key == NULL || keySz == NULL || *key != NULL) {
+        WOLFSSL_MSG("Bad parameter to GetKey");
+        return -1;
+    }
+
+    if (wc_LockMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Unable to lock crypto mutex");
+        return -1;
+    }
+
+#ifdef REDIRECTION_CONFIG
+    /* keys should be set... */
+    if (job->jobRedirectionInfoRef == NULL) {
+        WOLFSSL_MSG("Issue with getting key redirection");
+        wc_UnLockMutex(&crypto_mutex);
+        return -1;
+    }
+
+    /* @TODO sanity checks on setup... uint8 redirectionConfig; */
+    switch (eid) {
+        case job->jobRedirectionInfoRef->inputKeyElementId:
+            if (job->jobRedirectionInfoRef->inputKeyId >= MAX_KEYSTORE) {
+                WOLFSSL_MSG("Bogus input key ID redirection (too large)");
+                ret = -1;
+            }
+            else {
+                i = job->jobRedirectionInfoRef->inputKeyId;
+                *key   = keyStore[i].key;
+                *keySz = keyStore[i].keyLen;
+            }
+            break;
+        case job->jobRedirectionInfoRef->secondaryInputKeyElementId:
+            if (job->jobRedirectionInfoRef->secondaryInputKeyId >= MAX_KEYSTORE) {
+                WOLFSSL_MSG("Bogus input key ID redirection (too large)");
+                ret = -1;
+            }
+            else {
+                i = job->jobRedirectionInfoRef->secondaryInputKeyId;
+                *key   = keyStore[i].key;
+                *keySz = keyStore[i].keyLen;
+            }
+            break;
+        case job->jobRedirectionInfoRef->tertiaryInputKeyElementId:
+            if (job->jobRedirectionInfoRef->tertiaryInputKeyId >= MAX_KEYSTORE) {
+                WOLFSSL_MSG("Bogus input key ID redirection (too large)");
+                ret = -1;
+            }
+            else {
+                i = job->jobRedirectionInfoRef->tertiaryInputKeyId;
+                *key   = keyStore[i].key;
+                *keySz = keyStore[i].keyLen;
+            }
+            break;
+        default:
+            WOLFSSL_MSG("Unknown key element ID");
+            ret = -1;
+            break;
+    }
+#else
+    /* find first key of key element type */
+    for (i = 0; i < MAX_KEYSTORE; i++) {
+        if (keyStore[i].eId == eId && keyStore[i].keyLen ==
+                job->jobPrimitiveInfo->primitiveInfo->algorithm.keyLength) {
+            /* found matching key available, use it */
+            *key = keyStore[i].key;
+            *keySz = keyStore[i].keyLen;
+        }
+    }
+#endif
+
+    if (*key == NULL) {
+        WOLFSSL_MSG("Unable to find an available key");
+        ret = -1;
+    }
+
+    if (wc_UnLockMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Unable to unlock crypto mutex");
+        ret = -1;
+    }
+    return ret;
+}
+
+
+/* returns a pointer to the Aes struct on success, NULL on failure */
+static Aes* GetAesStruct(Crypto_JobType* job)
+{
+    int i;
+
+    for (i = 0; i < MAX_JOBS; i++) {
+        if (activeJobs[i].inUse == 1 && activeJobs[i].jobId == job->jobId) {
+            return &activeJobs[i].aes;
+        }
+    }
+    return NULL;
+}
+
+
+/* returns a pointer to the Aes struct on success, NULL on failure */
+static Aes* NewAesStruct(Crypto_JobType* job)
+{
+    int i;
+
+    for (i = 0; i < MAX_JOBS; i++) {
+        if (activeJobs[i].inUse == 0) {
+            int ret;
+
+            activeJobs[i].inUse = 1;
+            activeJobs[i].jobId = job->jobId;
+            ret = wc_AesInit(&activeJobs[i].aes, NULL, INVALID_DEVID);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error initializing AES structure");
+                return NULL;
+            }
+            return &activeJobs[i].aes;
+        }
+    }
+    return NULL;
+}
+
+
+/* free's up the use of an AES structure */
+static void FreeAesStruct(Crypto_JobType* job) {
+    int i;
+
+    for (i = 0; i < MAX_JOBS; i++) {
+        if (activeJobs[i].inUse == 1 && activeJobs[i].jobId == job->jobId) {
+            break;
+        }
+    }
+
+    if (i >= MAX_JOBS) {
+        WOLFSSL_MSG("Error finding AES structure");
+    }
+    else {
+        wc_AesFree(&activeJobs[i].aes);
+        activeJobs[i].inUse = 0;
+        activeJobs[i].jobId = 0;
+    }
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType wolfSSL_Crypto_CBC(Crypto_JobType* job)
+{
+    Std_ReturnType ret = E_OK;
+    int encrypt;
+    Aes* aes ;
+
+    encrypt = (job->jobPrimitiveInfo->primitiveInfo->service == CRYPTO_ENCRYPT)
+        ? AES_ENCRYPTION : AES_DECRYPTION;
+
+    /* check if key should be set */
+    if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_START) != 0) {
+        uint8 *key   = NULL;
+        uint8 *iv    = NULL;
+        uint32 keySz = 0;
+        uint32 ivSz  = 0;
+
+        if (GetKey(job, CRYPTO_KE_CIPHER_KEY, &key, &keySz) != 0) {
+            WOLFSSL_MSG("Crypto error with getting a key");
+            return E_NOT_OK;
+        }
+
+        if (GetKey(job, CRYPTO_KE_CIPHER_IV, &iv, &ivSz) != 0) {
+            WOLFSSL_MSG("Crypto error with getting an IV");
+            return E_NOT_OK;
+        }
+
+        if (iv != NULL && ivSz < WC_AES_BLOCK_SIZE) {
+            WOLFSSL_MSG("Error IV is too small");
+            return E_NOT_OK;
+        }
+
+        aes = NewAesStruct(job);
+        if (aes == NULL) {
+            WOLFSSL_MSG("Unable to get AES structure for use");
+            return E_NOT_OK;
+        }
+
+        if (wc_AesSetKey(aes, key, keySz, iv, encrypt) != 0) {
+            WOLFSSL_MSG("Crypto error setting up AES key");
+            return E_NOT_OK;
+        }
+        ForceZero(key, keySz);
+    }
+
+    if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_UPDATE)
+            != 0) {
+        aes = GetAesStruct(job);
+        if (aes == NULL) {
+            WOLFSSL_MSG("Error finding AES structure");
+            return E_NOT_OK;
+        }
+
+        if (encrypt == AES_ENCRYPTION) {
+            if (wc_AesCbcEncrypt(aes, job->jobPrimitiveInputOutput.outputPtr,
+                    job->jobPrimitiveInputOutput.inputPtr,
+                    job->jobPrimitiveInputOutput.inputLength) != 0) {
+                WOLFSSL_MSG("AES-CBC encrypt error");
+                return E_NOT_OK;
+            }
+        }
+        else {
+            if (wc_AesCbcDecrypt(aes, job->jobPrimitiveInputOutput.outputPtr,
+                    job->jobPrimitiveInputOutput.inputPtr,
+                    job->jobPrimitiveInputOutput.inputLength) != 0) {
+                WOLFSSL_MSG("AES-CBC decrypt error");
+                return E_NOT_OK;
+            }
+        }
+    }
+
+    if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_FINISH)
+            != 0) {
+        FreeAesStruct(job);
+    }
+
+    return ret;
+}
+
+
+/* returns E_OK on success and E_NOT_OK on failure */
+Std_ReturnType wolfSSL_Crypto(Crypto_JobType* job)
+{
+    Std_ReturnType ret = E_OK;
+
+    WOLFSSL_ENTER("wolfSSL_Crypto");
+
+    /* switch on encryption type */
+    switch (job->jobPrimitiveInfo->primitiveInfo->algorithm.mode) {
+        case CRYPTO_ALGOMODE_CBC:
+            ret = wolfSSL_Crypto_CBC(job);
+            break;
+
+        case CRYPTO_ALGOMODE_NOT_SET:
+            WOLFSSL_MSG("Encrypt algo mode not set!");
+            ret = E_NOT_OK;
+            break;
+
+        default:
+            WOLFSSL_MSG("Unsupported encryption mode");
+            ret = E_NOT_OK;
+            break;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_Crypto", ret);
+    return ret;
+}
+
+static WC_RNG rng;
+static wolfSSL_Mutex rngMutex;
+static volatile byte rngInit = 0;
+
+/* returns E_OK on success */
+Std_ReturnType wolfSSL_Crypto_RNG(Crypto_JobType* job)
+{
+    int ret;
+
+    uint8  *out   = job->jobPrimitiveInputOutput.outputPtr;
+    uint32 *outSz = job->jobPrimitiveInputOutput.outputLengthPtr;
+
+    if (outSz == NULL || out == NULL) {
+        WOLFSSL_MSG("Bad parameter passed into wolfSSL_Crypto_RNG");
+        return E_NOT_OK;
+    }
+
+    if (rngInit == 1) {
+        if (wc_LockMutex(&rngMutex) != 0) {
+            WOLFSSL_MSG("Error locking RNG mutex");
+            return E_NOT_OK;
+        }
+    }
+
+    if (rngInit == 0) {
+        if (wc_InitMutex(&rngMutex) != 0) {
+            WOLFSSL_MSG("Error initializing RNG mutex");
+            return E_NOT_OK;
+        }
+
+        if (wc_LockMutex(&rngMutex) != 0) {
+            WOLFSSL_MSG("Error locking RNG mutex");
+            return E_NOT_OK;
+        }
+
+        ret = wc_InitRng_ex(&rng, NULL, 0);
+        if (ret != 0) {
+            WOLFSSL_MSG("Error initializing RNG");
+            wc_UnLockMutex(&rngMutex);
+            return E_NOT_OK;
+        }
+        rngInit = 1;
+    }
+
+    ret = wc_RNG_GenerateBlock(&rng, out, *outSz);
+    if (ret != 0) {
+        WOLFSSL_MSG("Unable to generate random values");
+        ret = wc_FreeRng(&rng);
+        if (ret != 0) {
+            WOLFSSL_MSG("Error free'ing RNG");
+        }
+        rngInit = 0;
+        wc_UnLockMutex(&rngMutex);
+        return E_NOT_OK;
+    }
+
+    if (wc_UnLockMutex(&rngMutex) != 0) {
+        WOLFSSL_MSG("Error unlocking RNG mutex");
+        return E_NOT_OK;
+    }
+
+    return E_OK;
+}
+
+
+/* returns E_OK on success and E_NOT_OK on failure */
+Std_ReturnType Crypto_ProcessJob(uint32 objectId, Crypto_JobType* job)
+{
+    Std_ReturnType ret = E_OK;
+    (void)objectId;
+
+    WOLFSSL_ENTER("Crypto_ProcessJob");
+    if (job == NULL) {
+        WOLFSSL_MSG("Bad parameter passed to Crypto_ProcessJob");
+        ret = E_NOT_OK;
+    }
+
+    /* only handle synchronous jobs */
+    if (ret == E_OK &&
+            job->jobPrimitiveInfo->processingType != CRYPTO_PROCESSING_SYNC) {
+        WOLFSSL_MSG("Crypto only supporting synchronous jobs");
+        ret = E_NOT_OK;
+    }
+
+    if (ret == E_OK) {
+        job->jobState = CRYPTO_JOBSTATE_ACTIVE;
+        switch (job->jobPrimitiveInfo->primitiveInfo->service) {
+            case CRYPTO_ENCRYPT:
+                ret = wolfSSL_Crypto(job);
+                break;
+
+            case CRYPTO_DECRYPT:
+                ret = wolfSSL_Crypto(job);
+                break;
+
+            case CRYPTO_RANDOMGENERATE:
+                ret = wolfSSL_Crypto_RNG(job);
+                break;
+
+            default:
+                WOLFSSL_MSG("Unsupported Crypto service");
+                ret = E_NOT_OK;
+                break;
+        }
+        job->jobState = CRYPTO_JOBSTATE_IDLE;
+    }
+
+    WOLFSSL_LEAVE("Crypto_ProcessJob", ret);
+    return ret;
+}
+
+
+/* config currently not used, should always be null */
+void Crypto_Init(const Crypto_ConfigType* config)
+{
+    if (wc_InitMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Issues setting up crypto mutex");
+    }
+    XMEMSET(&keyStore, 0, MAX_KEYSTORE * sizeof(Keys));
+    XMEMSET(&activeJobs, 0, MAX_JOBS * sizeof(Jobs));
+    (void)config;
+}
+
+
+/* returns E_OK on success and E_NOT_OK on failure */
+Std_ReturnType Crypto_KeyElementSet(uint32 keyId, uint32 eId, const uint8* key,
+        uint32 keySz)
+{
+    Std_ReturnType ret = E_OK;
+
+    if (key == NULL || keySz == 0 || keyId >= MAX_KEYSTORE) {
+        WOLFSSL_MSG("Bad argument to Crypto_KeyElementSet");
+        ret = E_NOT_OK;
+    }
+
+    if (ret == E_OK && wc_LockMutex(&crypto_mutex) != 0) {
+        WOLFSSL_MSG("Unable to lock crypto mutex");
+        ret = E_NOT_OK;
+    }
+
+    if (ret == E_OK) {
+        if (keySz > sizeof(keyStore[keyId].key)) {
+            ret =  E_NOT_OK;
+        }
+        if (ret == E_OK) {
+            WOLFSSL_MSG("Setting new key");
+            keyStore[keyId].eId   = eId;
+            XMEMCPY(keyStore[keyId].key, key, keySz);
+            keyStore[keyId].keyLen = keySz;
+        }
+
+        if (wc_UnLockMutex(&crypto_mutex) != 0) {
+            WOLFSSL_MSG("Unable to unlock crypto mutex");
+            ret = E_NOT_OK;
+        }
+    }
+
+    return ret;
+}
+#endif /* NO_WOLFSSL_AUTOSAR_CRYPTO */
+#endif /* WOLFSSL_AUTOSAR */
+
diff --git a/wolfcrypt/src/port/autosar/csm.c b/wolfcrypt/src/port/autosar/csm.c
new file mode 100644
index 000000000..156121e42
--- /dev/null
+++ b/wolfcrypt/src/port/autosar/csm.c
@@ -0,0 +1,299 @@
+/* csm.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+#ifndef NO_WOLFSSL_AUTOSAR_CSM
+
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/version.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#include <wolfssl/wolfcrypt/port/autosar/CryIf.h>
+
+
+/* AutoSAR 4.4 */
+/* basic shim layer to plug in wolfSSL crypto */
+
+#ifndef REDIRECTION_CONFIG
+Crypto_JobRedirectionInfoType redirect = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+#else
+Crypto_JobRedirectionInfoType redirect = {
+    REDIRECTION_CONFIG,
+    #ifdef REDIRECTION_IN1_KEYID
+        REDIRECTION_IN1_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_IN1_KEYELMID
+        REDIRECTION_IN1_KEYELMID,
+    #else
+        0,
+    #endif
+
+
+    #ifdef REDIRECTION_IN2_KEYID
+        REDIRECTION_IN2_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_IN2_KEYELMID
+        REDIRECTION_IN2_KEYELMID,
+    #else
+        0,
+    #endif
+
+
+    #ifdef REDIRECTION_IN3_KEYID
+        REDIRECTION_IN3_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_IN3_KEYELMID
+        REDIRECTION_IN3_KEYELMID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_OUT1_KEYID
+        REDIRECTION_OUT1_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_OUT1_KEYELMID
+        REDIRECTION_OUT1_KEYELMID,
+    #else
+        0,
+    #endif
+
+
+    #ifdef REDIRECTION_OUT2_KEYID
+        REDIRECTION_OUT2_KEYID,
+    #else
+        0,
+    #endif
+
+    #ifdef REDIRECTION_OUT2_KEYELMID
+        REDIRECTION_OUT2_KEYELMID,
+    #else
+        0,
+    #endif
+};
+#endif
+
+static byte CsmDevErrorDetect = 1; /* flag for development error detection */
+
+enum {
+    CSM_E_PARAM_POINTER,
+    CSM_E_SMALL_BUFFER,
+    CSM_E_UNINT,
+    CSM_E_INIT_FAILED,
+    CSM_E_PROCESSING_MODE
+};
+
+
+/* development error reporting */
+void ReportToDET(int err)
+{
+    if (CsmDevErrorDetect == 1) {
+        switch (err) {
+            case CSM_E_PARAM_POINTER:
+                WOLFSSL_MSG("AutoSAR CSM_E_PARAM_POINTER error");
+                break;
+
+            case CSM_E_SMALL_BUFFER:
+                WOLFSSL_MSG("AutoSAR CSM_E_SMALL_BUFFER error");
+                break;
+
+            case CSM_E_UNINT:
+                WOLFSSL_MSG("AutoSAR CSM_E_UNINT error");
+                break;
+
+            case CSM_E_INIT_FAILED:
+                WOLFSSL_MSG("AutoSAR CSM_E_INIT_FAILED error");
+                break;
+
+            case CSM_E_PROCESSING_MODE:
+                WOLFSSL_MSG("AutoSAR CSM_E_PROCESSING_MODE error");
+                break;
+
+            default:
+                WOLFSSL_MSG("AutoSAR Unknown error");
+        }
+    }
+}
+
+
+void Csm_Init(const Csm_ConfigType* config)
+{
+    (void)config;
+    CryIf_Init(NULL);
+}
+
+
+/* getter function for CSM version info */
+void Csm_GetVersionInfo(Std_VersionInfoType* version)
+{
+    if (version != NULL) {
+        version->vendorID = 0; /* no vendor or module ID */
+        version->moduleID = 0;
+        version->sw_major_version = (LIBWOLFSSL_VERSION_HEX >> 24) & 0xFFF;
+        version->sw_minor_version = (LIBWOLFSSL_VERSION_HEX >> 12) & 0xFFF;
+        version->sw_patch_version = (LIBWOLFSSL_VERSION_HEX) & 0xFFF;
+    }
+}
+
+
+/* creates a new job type and passes it down to CryIf
+ *
+ * return E_OK on success
+ */
+static Std_ReturnType CreateAndRunJobType(uint32 id,
+        Crypto_JobPrimitiveInfoType* jobInfo, Crypto_JobInfoType* jobInfoType,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz,
+        Crypto_OperationModeType mode)
+{
+    WOLFSSL_JOBIO   jobIO;
+    WOLFSSL_JOBTYPE jobType;
+
+    XMEMSET(&jobIO, 0, sizeof(WOLFSSL_JOBIO));
+    jobIO.inputPtr    = data;
+    jobIO.inputLength = dataSz;
+    jobIO.outputPtr   = out;
+    jobIO.outputLengthPtr = outSz;
+    jobIO.mode  = mode;
+
+    jobType.jobId = id;
+    jobType.jobState = CRYPTO_JOBSTATE_IDLE;
+    jobType.jobPrimitiveInputOutput = jobIO;
+    jobType.jobPrimitiveInfo = jobInfo;
+    jobType.jobInfo = jobInfoType;
+    jobType.jobRedirectionInfoRef = &redirect;
+
+    return CryIf_ProcessJob(id, &jobType);
+}
+
+
+/* returns E_OK on success */
+static Std_ReturnType Csm_CBC_Operation(uint32 id, Crypto_OperationModeType mode,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz,
+        Crypto_ServiceInfoType service)
+{
+    Crypto_JobInfoType jobInfoType;
+    Crypto_PrimitiveInfoType pInfo;
+    Crypto_JobPrimitiveInfoType jobInfo;
+
+    Crypto_AlgorithmInfoType algorithm = {
+        CRYPTO_ALGOFAM_AES,
+        CRYPTO_ALGOFAM_NOT_SET,
+        16, /* 128 bit key length */
+        CRYPTO_ALGOMODE_CBC
+    };
+
+    jobInfoType.jobId = id;
+    jobInfoType.jobPriority = 0;
+
+    pInfo.resultLength = 16; /* 128 bit key length */
+    pInfo.service = service;
+    pInfo.algorithm = algorithm;
+
+    jobInfo.callbackId = 0;
+    jobInfo.primitiveInfo = &pInfo;
+    jobInfo.cryIfKeyId = 0;
+    jobInfo.processingType = CRYPTO_PROCESSING_SYNC;
+    jobInfo.callbackUpdateNotification = FALSE;
+
+    return CreateAndRunJobType(id, &jobInfo, &jobInfoType,
+                data, dataSz, out, outSz, mode);
+}
+
+
+/* single shot encrypt
+ * returns E_OK on success */
+Std_ReturnType Csm_Encrypt(uint32 id, Crypto_OperationModeType mode,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz)
+{
+    WOLFSSL_ENTER("Csm_Encrypt");
+    return Csm_CBC_Operation(id, mode, data, dataSz, out, outSz,CRYPTO_ENCRYPT);
+}
+
+
+/* single shot decrypt
+ * returns E_OK on success */
+Std_ReturnType Csm_Decrypt(uint32 id, Crypto_OperationModeType mode,
+        const uint8* data, uint32 dataSz, uint8* out, uint32* outSz)
+{
+    WOLFSSL_ENTER("Csm_Decrypt");
+    return Csm_CBC_Operation(id, mode, data, dataSz, out, outSz,CRYPTO_DECRYPT);
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType Csm_RandomGenerate(uint32 id, uint8* out, uint32* outSz)
+{
+    Crypto_JobInfoType jobInfoType;
+    Crypto_PrimitiveInfoType pInfo;
+    Crypto_JobPrimitiveInfoType jobInfo;
+
+    Crypto_AlgorithmInfoType algorithm = {
+        CRYPTO_ALGOFAM_DRBG,
+        CRYPTO_ALGOFAM_NOT_SET,
+        0, /* key length */
+        CRYPTO_ALGOMODE_NOT_SET
+    };
+
+    jobInfoType.jobId = id;
+    jobInfoType.jobPriority = 0;
+
+    pInfo.resultLength = 0;
+    pInfo.service = CRYPTO_RANDOMGENERATE;
+    pInfo.algorithm = algorithm;
+
+    jobInfo.callbackId = 0;
+    jobInfo.primitiveInfo = &pInfo;
+    jobInfo.cryIfKeyId = 0;
+    jobInfo.processingType = CRYPTO_PROCESSING_SYNC;
+    jobInfo.callbackUpdateNotification = FALSE;
+
+    return CreateAndRunJobType(id, &jobInfo, &jobInfoType,
+                NULL, 0, out, outSz, CRYPTO_OPERATIONMODE_SINGLECALL);
+}
+
+
+/* returns E_OK on success */
+Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 eId,
+        const uint8* key, uint32 keySz)
+{
+    return CryIf_KeyElementSet(keyId, eId, key, keySz);
+}
+
+#endif /* NO_WOLFSSL_AUTOSAR_CSM */
+#endif /* WOLFSSL_AUTOSAR */
+
diff --git a/wolfcrypt/src/port/autosar/include.am b/wolfcrypt/src/port/autosar/include.am
new file mode 100644
index 000000000..fe13f7dd4
--- /dev/null
+++ b/wolfcrypt/src/port/autosar/include.am
@@ -0,0 +1,23 @@
+
+EXTRA_DIST += wolfcrypt/src/port/autosar/csm.c \
+              wolfcrypt/src/port/autosar/crypto.c \
+              wolfcrypt/src/port/autosar/cryif.c \
+              wolfcrypt/src/port/autosar/README.md \
+              wolfcrypt/src/port/autosar/test.c
+
+if BUILD_AUTOSAR
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/autosar/csm.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/autosar/crypto.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/autosar/cryif.c
+
+if BUILD_TESTS
+check_PROGRAMS += wolfcrypt/src/port/autosar/test.test
+noinst_PROGRAMS += wolfcrypt/src/port/autosar/test.test
+
+wolfcrypt_src_port_autosar_test_test_SOURCES = \
+                        wolfcrypt/src/port/autosar/test.c
+wolfcrypt_src_port_autosar_test_test_LDADD = \
+                        src/libwolfssl.la $(LIB_STATIC_ADD)
+wolfcrypt_src_port_autosar_test_test_DEPENDENCIES = src/libwolfssl.la
+endif
+endif
diff --git a/wolfcrypt/src/port/autosar/test.c b/wolfcrypt/src/port/autosar/test.c
new file mode 100644
index 000000000..ecbb678c0
--- /dev/null
+++ b/wolfcrypt/src/port/autosar/test.c
@@ -0,0 +1,435 @@
+/* test.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_AUTOSAR
+
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/port/autosar/Csm.h>
+#define BLOCK_SIZE 16
+
+static int singleshot_test(void)
+{
+    Std_ReturnType ret;
+
+    uint8 cipher[BLOCK_SIZE * 2];
+    uint8 plain[BLOCK_SIZE * 2];
+
+    uint32 cipherSz = 0;
+    uint32 plainSz  = 0;
+    const uint8 msg[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
+    };
+    const uint8 verify[] =
+    {
+        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+    };
+    const uint8 key[] = "0123456789abcdef   ";
+    const uint8 iv[]  = "1234567890abcdef   ";
+
+    XMEMSET(cipher, 0, BLOCK_SIZE);
+    XMEMSET(plain, 0, BLOCK_SIZE);
+
+    /* set key that will be used for encryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(1U, CRYPTO_OPERATIONMODE_SINGLECALL, msg, BLOCK_SIZE,
+        cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(cipher, verify, BLOCK_SIZE) != 0) {
+        printf("Error with cipher data\n");
+        return -1;
+    }
+
+    /* set key that will be used for decryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* decrypt data using AES CBC */
+    ret = Csm_Decrypt(2U, CRYPTO_OPERATIONMODE_SINGLECALL, cipher, BLOCK_SIZE,
+        plain, &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(msg, plain, BLOCK_SIZE) != 0) {
+        printf("Error with plain data\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+
+static int update_test(void)
+{
+    Std_ReturnType ret;
+
+    uint8 cipher[BLOCK_SIZE * 3];
+    uint8 plain[BLOCK_SIZE * 3];
+
+    uint32 cipherSz = 0;
+    uint32 plainSz  = 0;
+    const uint8 msg[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
+    };
+    const uint8 key[] = "0123456789abcdef   ";
+    const uint8 iv[]  = "1234567890abcdef   ";
+
+    XMEMSET(cipher, 0, BLOCK_SIZE);
+    XMEMSET(plain, 0, BLOCK_SIZE);
+
+    /* set key that will be used for encryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(1U,
+            CRYPTO_OPERATIONMODE_START | CRYPTO_OPERATIONMODE_UPDATE,
+            msg, BLOCK_SIZE, cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Encrypt(1U, CRYPTO_OPERATIONMODE_UPDATE, msg, BLOCK_SIZE,
+            cipher + BLOCK_SIZE, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Encrypt(1U,
+            CRYPTO_OPERATIONMODE_UPDATE | CRYPTO_OPERATIONMODE_FINISH,
+            msg, BLOCK_SIZE, cipher + (BLOCK_SIZE * 2), &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    /* set key that will be used for decryption */
+    ret = Csm_KeyElementSet(0U, CRYPTO_KE_CIPHER_KEY, key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(1U, CRYPTO_KE_CIPHER_IV, iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* decrypt data using AES CBC */
+    ret = Csm_Decrypt(2U,
+            CRYPTO_OPERATIONMODE_START | CRYPTO_OPERATIONMODE_UPDATE,
+            cipher, BLOCK_SIZE, plain, &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Decrypt(2U, CRYPTO_OPERATIONMODE_UPDATE, cipher + BLOCK_SIZE,
+            BLOCK_SIZE, plain + BLOCK_SIZE, &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    ret = Csm_Decrypt(2U,
+            CRYPTO_OPERATIONMODE_UPDATE | CRYPTO_OPERATIONMODE_FINISH,
+            cipher + (BLOCK_SIZE * 2), BLOCK_SIZE,
+            plain + (BLOCK_SIZE * 2), &plainSz);
+    if (ret != E_OK) {
+        printf("Issue with decrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(msg, plain, BLOCK_SIZE) != 0 ||
+        XMEMCMP(msg, plain + BLOCK_SIZE, BLOCK_SIZE) != 0 ||
+        XMEMCMP(msg, plain + (BLOCK_SIZE * 2), BLOCK_SIZE) != 0) {
+        printf("Error with plain data\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+
+static int random_test(void)
+{
+    Std_ReturnType ret;
+
+    int i;
+    uint8 j;
+    uint8 data[BLOCK_SIZE * 3];
+    uint32 dataSz;
+    XMEMSET(data, 0, BLOCK_SIZE * 3);
+
+    /* make three calls, filling up data buffer */
+    for (i = 0; i < 3; i++) {
+        dataSz = BLOCK_SIZE;
+        ret = Csm_RandomGenerate(0U, data + (i * BLOCK_SIZE), &dataSz);
+        if (ret != E_OK) {
+            printf("Issue with getting random data block");
+            return -1;
+        }
+
+        if (dataSz != BLOCK_SIZE) {
+            printf("Did not get full block of random data");
+            return -1;
+        }
+    }
+
+    /* simple test that is not all 0's still after random generate */
+    j = 0;
+    dataSz = sizeof(data);
+    for (i = 0; i < (int)dataSz; i++) {
+        j |= data[i];
+    }
+    if (j == 0) {
+        printf("call to random generate produced all 0's");
+        return -1;
+    }
+
+    /* fill full data buffer all at once */
+    dataSz = sizeof(data);
+    ret = Csm_RandomGenerate(0U, data, &dataSz);
+    if (ret != E_OK) {
+        printf("Issue with getting random data block");
+        return -1;
+    }
+
+    if (dataSz != sizeof(data)) {
+        printf("Did not get full block of random data");
+        return -1;
+    }
+    return 0;
+}
+
+
+#ifndef MAX_KEYSTORE
+    /* default max key slots from crypto.c */
+    #define MAX_KEYSTORE 15
+#endif
+static int key_test(void)
+{
+    Std_ReturnType ret;
+
+    uint8 i;
+    uint8 max = MAX_KEYSTORE;
+    uint8 data[BLOCK_SIZE];
+    uint32 dataSz;
+    XMEMSET(data, 0, BLOCK_SIZE);
+
+    for (i = 0; i < max; i++) {
+        dataSz = BLOCK_SIZE;
+        ret = Csm_RandomGenerate(0U, data, &dataSz);
+        if (ret != E_OK) {
+            printf("Issue with getting random data block for key");
+            return -1;
+        }
+
+        if (dataSz != BLOCK_SIZE) {
+            printf("Did not get full block of random data");
+            return -1;
+        }
+
+        ret = Csm_KeyElementSet(i, CRYPTO_KE_CIPHER_KEY, data, BLOCK_SIZE);
+        if (ret != E_OK) {
+            printf("Issue with setting key id %d", i);
+            return -1;
+        }
+    }
+
+    /* try creating one more key for fail case */
+    ret = Csm_KeyElementSet(i, CRYPTO_KE_CIPHER_KEY, data, BLOCK_SIZE);
+    if (ret == E_OK) {
+        printf("Created more keys than should be possible");
+        return -1;
+    }
+
+    return 0;
+}
+
+#ifdef REDIRECTION_CONFIG
+static int redirect_test()
+{
+    Std_ReturnType ret;
+
+    uint8 cipher[BLOCK_SIZE * 2];
+    uint32 cipherSz = 0;
+    const uint8 msg[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
+    };
+    const uint8 verify[] =
+    {
+        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+    };
+    const uint8 key[] = "0123456789abcdef   ";  /* align */
+    const uint8 iv[]  = "1234567890abcdef   ";  /* align */
+    unsigned int i;
+
+    XMEMSET(cipher, 0, BLOCK_SIZE);
+
+    /* fill keystore with bad keys */
+    for (i = 0; i < MAX_KEYSTORE; i++) {
+        ret = Csm_KeyElementSet(i, CRYPTO_KE_CIPHER_KEY, verify, BLOCK_SIZE);
+        if (ret != E_OK) {
+            printf("Issue with setting key");
+            return -1;
+        }
+    }
+
+    /* set specific key that will be used for encryption */
+    ret = Csm_KeyElementSet(REDIRECTION_IN1_KEYID, REDIRECTION_IN1_KEYELMID,
+            key, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key");
+        return -1;
+    }
+
+    ret = Csm_KeyElementSet(REDIRECTION_IN2_KEYID, REDIRECTION_IN2_KEYELMID,
+            iv, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key IV");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(0U, CRYPTO_OPERATIONMODE_SINGLECALL, msg, BLOCK_SIZE,
+        cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg");
+        return -1;
+    }
+
+    if (XMEMCMP(cipher, verify, BLOCK_SIZE) != 0) {
+        printf("Error with cipher data ");
+        return -1;
+    }
+
+    /* now set bad key to be used for encryption */
+    ret = Csm_KeyElementSet(REDIRECTION_IN1_KEYID, REDIRECTION_IN1_KEYELMID,
+            verify, BLOCK_SIZE);
+    if (ret != E_OK) {
+        printf("Issue with setting key ");
+        return -1;
+    }
+
+    /* encrypt data using AES CBC */
+    ret = Csm_Encrypt(0U, CRYPTO_OPERATIONMODE_SINGLECALL, msg, BLOCK_SIZE,
+        cipher, &cipherSz);
+    if (ret != E_OK) {
+        printf("Issue with encrypting msg ");
+        return -1;
+    }
+
+    if (XMEMCMP(cipher, verify, BLOCK_SIZE) == 0) {
+        printf("Error with cipher data ");
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* REDIRECTION_CONFIG */
+
+/* takes in test function test() and name of test
+ * returns 1 if test failed and 0 if passed */
+static int run_test(int(test)(void), const char* name)
+{
+    printf("%s", name);
+    if (test() != 0) {
+        printf("fail\n");
+        return 1;
+    }
+    else {
+        printf("pass\n");
+    }
+    return 0;
+}
+
+
+/* AES block size */
+int main(int argc, char* argv[])
+{
+    int ret = 0;
+    (void)argv;
+    (void)argc;
+
+    wolfSSL_Debugging_ON();
+    Csm_Init(NULL);
+
+    ret |= run_test(singleshot_test, "singleshot_test ... ");
+    ret |= run_test(update_test, "update_test ... ");
+    ret |= run_test(random_test, "random_test ... ");
+    ret |= run_test(key_test, "key_test ... ");
+#ifdef REDIRECTION_CONFIG
+    ret |= run_test(redirect_test, "redirect_test ... ");
+#endif /* REDIRECTION_CONFIG */
+    return ret;
+}
+
+#endif /* WOLFSSL_AUTOSAR */
diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c
index 56efdacf1..70a1ad80c 100644
--- a/wolfcrypt/src/port/caam/caam_aes.c
+++ b/wolfcrypt/src/port/caam/caam_aes.c
@@ -1,6 +1,6 @@
 /* caam_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -93,7 +93,8 @@ int  wc_AesSetKey(Aes* aes, const byte* key, word32 len,
         return ret;
     }
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
 
@@ -111,7 +112,7 @@ int  wc_AesCbcEncrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (blocks > 0) {
         Buffer buf[4];
@@ -130,19 +131,19 @@ int  wc_AesCbcEncrypt(Aes* aes, byte* out,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (Address)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (Address)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (Address)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         arg[0] = CAAM_ENC;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
         if ((ret = wc_caamAddAndWait(buf, 4, arg, CAAM_AESCBC)) != 0) {
             WOLFSSL_MSG("Error with CAAM AES CBC encrypt");
@@ -164,7 +165,7 @@ int  wc_AesCbcDecrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (blocks > 0) {
         Buffer buf[4];
@@ -183,19 +184,19 @@ int  wc_AesCbcDecrypt(Aes* aes, byte* out,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (Address)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (Address)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (Address)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         arg[0] = CAAM_DEC;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
         if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESCBC)) != 0) {
             WOLFSSL_MSG("Error with CAAM AES CBC decrypt");
@@ -207,7 +208,7 @@ int  wc_AesCbcDecrypt(Aes* aes, byte* out,
 }
 
 #if defined(HAVE_AES_ECB)
-/* is assumed that input size is a multiple of AES_BLOCK_SIZE */
+/* is assumed that input size is a multiple of WC_AES_BLOCK_SIZE */
 int wc_AesEcbEncrypt(Aes* aes, byte* out,
                                   const byte* in, word32 sz)
 {
@@ -221,7 +222,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
         return ret;
@@ -234,15 +235,15 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)in;
-    buf[1].Length     = blocks * AES_BLOCK_SIZE;
+    buf[1].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer | LastBuffer;
     buf[2].TheAddress = (Address)out;
-    buf[2].Length     = blocks * AES_BLOCK_SIZE;
+    buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     arg[0] = CAAM_ENC;
     arg[1] = keySz;
-    arg[2] = blocks * AES_BLOCK_SIZE;
+    arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
         WOLFSSL_MSG("Error with CAAM AES ECB encrypt");
@@ -266,7 +267,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
         return ret;
@@ -279,15 +280,15 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)in;
-    buf[1].Length     = blocks * AES_BLOCK_SIZE;
+    buf[1].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer | LastBuffer;
     buf[2].TheAddress = (Address)out;
-    buf[2].Length     = blocks * AES_BLOCK_SIZE;
+    buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     arg[0] = CAAM_DEC;
     arg[1] = keySz;
-    arg[2] = blocks * AES_BLOCK_SIZE;
+    arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
         WOLFSSL_MSG("Error with CAAM AES ECB decrypt");
@@ -305,7 +306,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     /* in network byte order so start at end and work back */
     int i;
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -330,7 +331,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
     }
 
     /* consume any unused bytes left in aes->tmp */
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     while (aes->left && sz) {
         *(out++) = *(in++) ^ *(tmp++);
         aes->left--;
@@ -338,7 +339,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
     }
 
     /* do full blocks to then get potential left over amount */
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
     if (blocks > 0) {
         /* Set buffers for key, cipher text, and plain text */
         buf[0].BufferType = DataBuffer;
@@ -347,28 +348,28 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (Address)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (Address)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (Address)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         arg[0] = CAAM_ENC;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
         if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESCTR)) != 0) {
             WOLFSSL_MSG("Error with CAAM AES CTR encrypt");
             return ret;
         }
 
-        out += blocks * AES_BLOCK_SIZE;
-        in  += blocks * AES_BLOCK_SIZE;
-        sz  -= blocks * AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
+        in  += blocks * WC_AES_BLOCK_SIZE;
+        sz  -= blocks * WC_AES_BLOCK_SIZE;
     }
 
     if (sz) {
@@ -376,7 +377,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
             return ret;
         IncrementAesCounter((byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -414,15 +415,15 @@ int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 
      buf[1].BufferType = DataBuffer;
      buf[1].TheAddress = (Address)in;
-     buf[1].Length     = AES_BLOCK_SIZE;
+     buf[1].Length     = WC_AES_BLOCK_SIZE;
 
      buf[2].BufferType = DataBuffer | LastBuffer;
      buf[2].TheAddress = (Address)out;
-     buf[2].Length     = AES_BLOCK_SIZE;
+     buf[2].Length     = WC_AES_BLOCK_SIZE;
 
      arg[0] = CAAM_ENC;
      arg[1] = keySz;
-     arg[2] = AES_BLOCK_SIZE;
+     arg[2] = WC_AES_BLOCK_SIZE;
 
      if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
          WOLFSSL_MSG("Error with CAAM AES direct encrypt");
@@ -455,15 +456,15 @@ int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 
      buf[1].BufferType = DataBuffer;
      buf[1].TheAddress = (Address)in;
-     buf[1].Length     = AES_BLOCK_SIZE;
+     buf[1].Length     = WC_AES_BLOCK_SIZE;
 
      buf[2].BufferType = DataBuffer | LastBuffer;
      buf[2].TheAddress = (Address)out;
-     buf[2].Length     = AES_BLOCK_SIZE;
+     buf[2].Length     = WC_AES_BLOCK_SIZE;
 
      arg[0] = CAAM_DEC;
      arg[1] = keySz;
-     arg[2] = AES_BLOCK_SIZE;
+     arg[2] = WC_AES_BLOCK_SIZE;
 
      if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
          WOLFSSL_MSG("Error with CAAM AES direct decrypt");
@@ -492,7 +493,7 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
     word32 arg[4];
     word32 keySz;
     word32 i;
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
     int lenSz;
     byte mask = 0xFF;
     const word32 wordSz = (word32)sizeof(word32);
@@ -501,7 +502,7 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
     /* sanity check on arguments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
             || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     if ((ret = wc_AesCcmCheckTagSize(authTagSz)) != 0) {
@@ -514,18 +515,18 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
 
     /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
     XMEMCPY(B0Ctr0+1, nonce, nonceSz);
-    XMEMCPY(B0Ctr0+AES_BLOCK_SIZE+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    XMEMCPY(B0Ctr0+WC_AES_BLOCK_SIZE+1, nonce, nonceSz);
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B0Ctr0[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B0Ctr0[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
-        B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
+        B0Ctr0[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE - 1 - i] = 0;
     }
-    B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
+    B0Ctr0[WC_AES_BLOCK_SIZE] = lenSz - 1;
 
     /* Set buffers for key, cipher text, and plain text */
     buf[0].BufferType = DataBuffer;
@@ -534,7 +535,7 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)B0Ctr0;
-    buf[1].Length     = AES_BLOCK_SIZE + AES_BLOCK_SIZE;
+    buf[1].Length     = WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer;
     buf[2].TheAddress = (Address)authIn;
@@ -574,8 +575,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
     word32 arg[4];
     word32 keySz;
     word32 i;
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
-    byte tag[AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
+    byte tag[WC_AES_BLOCK_SIZE];
     int lenSz;
     byte mask = 0xFF;
     const word32 wordSz = (word32)sizeof(word32);
@@ -584,7 +585,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
     /* sanity check on arguments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
             || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     if ((ret = wc_AesCcmCheckTagSize(authTagSz)) != 0) {
@@ -597,19 +598,19 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
 
     /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
     XMEMCPY(B0Ctr0+1, nonce, nonceSz);
-    XMEMCPY(B0Ctr0+AES_BLOCK_SIZE+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    XMEMCPY(B0Ctr0+WC_AES_BLOCK_SIZE+1, nonce, nonceSz);
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B0Ctr0[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B0Ctr0[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
-        B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
+        B0Ctr0[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE - 1 - i] = 0;
     }
-    B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
-    if ((ret = wc_AesEncryptDirect(aes, tag, B0Ctr0 + AES_BLOCK_SIZE)) != 0)
+    B0Ctr0[WC_AES_BLOCK_SIZE] = lenSz - 1;
+    if ((ret = wc_AesEncryptDirect(aes, tag, B0Ctr0 + WC_AES_BLOCK_SIZE)) != 0)
         return ret;
 
     /* Set buffers for key, cipher text, and plain text */
@@ -619,7 +620,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)B0Ctr0;
-    buf[1].Length     = AES_BLOCK_SIZE + AES_BLOCK_SIZE;
+    buf[1].Length     = WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer;
     buf[2].TheAddress = (Address)authIn;
@@ -652,8 +653,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
         ret = AES_CCM_AUTH_E;
     }
 
-    ForceZero(tag, AES_BLOCK_SIZE);
-    ForceZero(B0Ctr0, AES_BLOCK_SIZE * 2);
+    ForceZero(tag, WC_AES_BLOCK_SIZE);
+    ForceZero(B0Ctr0, WC_AES_BLOCK_SIZE * 2);
 
     return ret;
 
diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c
index 4698d7a52..ccc7f29a9 100644
--- a/wolfcrypt/src/port/caam/caam_driver.c
+++ b/wolfcrypt/src/port/caam/caam_driver.c
@@ -1,6 +1,6 @@
 /* caam_driver.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #if (defined(__INTEGRITY) || defined(INTEGRITY)) || \
     (defined(__QNX__) || defined(__QNXNTO__))
 
@@ -129,7 +133,7 @@ static Error caamDebugDesc(struct DescStruct* desc)
     }
 
 
-    //D0JQCR_LS
+    /* D0JQCR_LS */
     printf("Next command to be executed = 0x%08X\n", CAAM_READ(0x8804));
     printf("Desc          = 0x%08X\n", desc->caam->ring.Desc);
 
diff --git a/wolfcrypt/src/port/caam/caam_error.c b/wolfcrypt/src/port/caam/caam_error.c
index 00830520f..0e0da2874 100644
--- a/wolfcrypt/src/port/caam/caam_error.c
+++ b/wolfcrypt/src/port/caam/caam_error.c
@@ -1,6 +1,6 @@
 /* caam_error.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #if (defined(__INTEGRITY) || defined(INTEGRITY)) || \
     (defined(__QNX__) || defined(__QNXNTO__))
 
diff --git a/wolfcrypt/src/port/caam/caam_integrity.c b/wolfcrypt/src/port/caam/caam_integrity.c
index b520d6146..abdb7d381 100644
--- a/wolfcrypt/src/port/caam/caam_integrity.c
+++ b/wolfcrypt/src/port/caam/caam_integrity.c
@@ -1,6 +1,6 @@
 /* caam_integrity.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c
index d6e94e8d3..f74a0c86c 100644
--- a/wolfcrypt/src/port/caam/caam_qnx.c
+++ b/wolfcrypt/src/port/caam/caam_qnx.c
@@ -1,6 +1,6 @@
 /* caam_qnx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1641,8 +1641,9 @@ int io_close_ocb(resmgr_context_t *ctp, void *reserved, RESMGR_OCB_T *ocb)
 #if 0
 static int getSupported(char* in)
 {
-        //printf("CAAM Status [0x%8.8x]   = 0x%8.8x\n",
-        //    CAAM_STATUS, WC_CAAM_READ(CAAM_STATUS));
+        /* printf("CAAM Status [0x%8.8x]   = 0x%8.8x\n",
+         *    CAAM_STATUS, WC_CAAM_READ(CAAM_STATUS));
+         */
         printf("CAAM Version MS Register [0x%8.8x]  = 0x%8.8x\n",
             CAAM_VERSION_MS, CAAM_READ(CAAM_VERSION_MS));
         printf("CAAM Version LS Register [0x%8.8x]  = 0x%8.8x\n",
diff --git a/wolfcrypt/src/port/caam/caam_sha.c b/wolfcrypt/src/port/caam/caam_sha.c
index 03ef6e0c5..a39484d59 100644
--- a/wolfcrypt/src/port/caam/caam_sha.c
+++ b/wolfcrypt/src/port/caam/caam_sha.c
@@ -1,6 +1,6 @@
 /* caam_sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_aes.c b/wolfcrypt/src/port/caam/wolfcaam_aes.c
index 73b82426d..794ce09d5 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_aes.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_aes.c
@@ -1,6 +1,6 @@
 /* wolfcaam_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -122,8 +122,8 @@ static word32 CreateB0CTR(byte* B0Ctr0, const byte* nonce, word32 nonceSz,
 
     /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
     XMEMCPY(B0Ctr0+1, nonce, nonceSz);
-    XMEMCPY(B0Ctr0+AES_BLOCK_SIZE+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    XMEMCPY(B0Ctr0+WC_AES_BLOCK_SIZE+1, nonce, nonceSz);
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B0Ctr0[0] = 0;
     if (authInSz > 0) {
         B0Ctr0[0] |= 0x40; /* set aad bit */
@@ -139,10 +139,10 @@ static word32 CreateB0CTR(byte* B0Ctr0, const byte* nonce, word32 nonceSz,
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B0Ctr0[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
-        B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
+        B0Ctr0[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE - 1 - i] = 0;
     }
-    B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
+    B0Ctr0[WC_AES_BLOCK_SIZE] = lenSz - 1;
 
     return 0;
 }
@@ -157,12 +157,12 @@ int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
         const byte* authIn, word32 authInSz)
 {
 #ifndef WOLFSSL_SECO_CAAM
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
 #endif
 
     if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-            authTagSz > AES_BLOCK_SIZE)
+            authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     /* sanity check on tag size */
@@ -172,7 +172,7 @@ int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
 
 #ifndef WOLFSSL_SECO_CAAM
     CreateB0CTR(B0Ctr0, nonce, nonceSz, authInSz, authTagSz, sz);
-    return wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*AES_BLOCK_SIZE,
+    return wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*WC_AES_BLOCK_SIZE,
         authTag, authTagSz, authIn, authInSz, CAAM_ENC, CAAM_AESCCM);
 #else
     return wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
@@ -190,13 +190,13 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
 {
     int ret;
 #ifndef WOLFSSL_SECO_CAAM
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
 #endif
 
     /* sanity check on arguments */
     if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     /* sanity check on tag size */
@@ -206,7 +206,7 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
 
 #ifndef WOLFSSL_SECO_CAAM
     CreateB0CTR(B0Ctr0, nonce, nonceSz, authInSz, authTagSz, sz);
-    ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*AES_BLOCK_SIZE,
+    ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*WC_AES_BLOCK_SIZE,
             (byte*)authTag, authTagSz, authIn, authInSz, CAAM_DEC, CAAM_AESCCM);
 #else
     ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
@@ -260,7 +260,7 @@ static int wc_CAAM_AesCbcCtrCommon(Aes* aes, byte* out, const byte* in,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (blocks > 0) {
         CAAM_BUFFER buf[5];
@@ -279,24 +279,24 @@ static int wc_CAAM_AesCbcCtrCommon(Aes* aes, byte* out, const byte* in,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (CAAM_ADDRESS)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (CAAM_ADDRESS)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (CAAM_ADDRESS)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         /* buffer for updated IV */
         buf[4].BufferType = DataBuffer;
         buf[4].TheAddress = (CAAM_ADDRESS)aes->reg;
-        buf[4].Length     = AES_BLOCK_SIZE;
+        buf[4].Length     = WC_AES_BLOCK_SIZE;
 
         arg[0] = dir;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
         arg[3] = aes->blackKey;
 
         if ((ret = wc_caamAddAndWait(buf, 5, arg, mode)) != 0) {
@@ -314,7 +314,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     /* in network byte order so start at end and work back */
     int i;
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -335,7 +335,7 @@ int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* consume any unused bytes left in aes->tmp */
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     while (aes->left && sz) {
         *(out++) = *(in++) ^ *(tmp++);
         aes->left--;
@@ -343,14 +343,14 @@ int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* do full blocks to then get potential left over amount */
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
     if (blocks > 0) {
-        ret = wc_CAAM_AesCbcCtrCommon(aes, out, in, blocks * AES_BLOCK_SIZE,
+        ret = wc_CAAM_AesCbcCtrCommon(aes, out, in, blocks * WC_AES_BLOCK_SIZE,
             CAAM_ENC, CAAM_AESCTR);
 
-        out += blocks * AES_BLOCK_SIZE;
-        in  += blocks * AES_BLOCK_SIZE;
-        sz  -= blocks * AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
+        in  += blocks * WC_AES_BLOCK_SIZE;
+        sz  -= blocks * WC_AES_BLOCK_SIZE;
     }
 
     if (sz) {
@@ -360,7 +360,7 @@ int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
         IncrementAesCounter((byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -399,7 +399,7 @@ static int wc_CAAM_AesEcbCommon(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (wc_AesGetKeySize(aes, &keySz) != 0 && aes->blackKey == 0) {
         return BAD_FUNC_ARG;
@@ -413,17 +413,17 @@ static int wc_CAAM_AesEcbCommon(Aes* aes, byte* out, const byte* in, word32 sz,
 
     buf[idx].BufferType = DataBuffer;
     buf[idx].TheAddress = (CAAM_ADDRESS)in;
-    buf[idx].Length     = blocks * AES_BLOCK_SIZE;
+    buf[idx].Length     = blocks * WC_AES_BLOCK_SIZE;
     idx++;
 
     buf[idx].BufferType = DataBuffer | LastBuffer;
     buf[idx].TheAddress = (CAAM_ADDRESS)out;
-    buf[idx].Length     = blocks * AES_BLOCK_SIZE;
+    buf[idx].Length     = blocks * WC_AES_BLOCK_SIZE;
     idx++;
 
     arg[0] = dir;
     arg[1] = keySz;
-    arg[2] = blocks * AES_BLOCK_SIZE;
+    arg[2] = blocks * WC_AES_BLOCK_SIZE;
     arg[3] = aes->blackKey;
 
     if ((ret = wc_caamAddAndWait(buf, idx, arg, CAAM_AESECB)) != 0) {
@@ -435,7 +435,7 @@ static int wc_CAAM_AesEcbCommon(Aes* aes, byte* out, const byte* in, word32 sz,
 }
 
 
-/* is assumed that input size is a multiple of AES_BLOCK_SIZE */
+/* is assumed that input size is a multiple of WC_AES_BLOCK_SIZE */
 int wc_CAAM_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     return wc_CAAM_AesEcbCommon(aes, out, in, sz, CAAM_ENC);
diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
index 737f19da0..7d041401d 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@@ -1,6 +1,6 @@
 /* wolfcaam_cmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,7 +39,7 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
     word32 args[4] = {0};
     CAAM_BUFFER buf[9];
     word32 idx = 0;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     int ret;
     int blocks = 0;
 
@@ -70,7 +70,7 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
         cmac->keylen = keySz;
         cmac->initialized = 0;
         cmac->bufferSz = 0;
-        XMEMSET(cmac->buffer, 0, AES_BLOCK_SIZE);
+        XMEMSET(cmac->buffer, 0, WC_AES_BLOCK_SIZE);
         return 0;
     }
 
@@ -95,12 +95,12 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
         if (cmac->bufferSz > 0) {
             word32 add;
 
-            if (cmac->bufferSz > AES_BLOCK_SIZE) {
+            if (cmac->bufferSz > WC_AES_BLOCK_SIZE) {
                 WOLFSSL_MSG("Error with CMAC buffer size");
                 return -1;
             }
-            add = (sz < ((int)(AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
-                   (int)(AES_BLOCK_SIZE - cmac->bufferSz);
+            add = (sz < ((int)(WC_AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
+                   (int)(WC_AES_BLOCK_SIZE - cmac->bufferSz);
             XMEMCPY(&cmac->buffer[cmac->bufferSz], pt, add);
 
             cmac->bufferSz += add;
@@ -110,33 +110,33 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
 
         /* flash out temporary storage for block size if full and more data
          * is coming, otherwise hold it until final operation */
-        if (cmac->bufferSz == AES_BLOCK_SIZE && (sz > 0)) {
+        if (cmac->bufferSz == WC_AES_BLOCK_SIZE && (sz > 0)) {
             buf[idx].TheAddress = (CAAM_ADDRESS)scratch;
             buf[idx].Length = cmac->bufferSz;
             idx++;
             blocks++;
             cmac->bufferSz = 0;
-            XMEMCPY(scratch, (byte*)cmac->buffer, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, (byte*)cmac->buffer, WC_AES_BLOCK_SIZE);
         }
 
         /* In order to trigger read of CTX state there needs to be some data
          * saved until final call */
-        if ((sz >= AES_BLOCK_SIZE) && (sz % AES_BLOCK_SIZE == 0)) {
+        if ((sz >= WC_AES_BLOCK_SIZE) && (sz % WC_AES_BLOCK_SIZE == 0)) {
 
             if (cmac->bufferSz > 0) {
                 /* this case should never be hit */
                 return BAD_FUNC_ARG;
             }
 
-            XMEMCPY(&cmac->buffer[0], pt + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-            cmac->bufferSz = AES_BLOCK_SIZE;
-            sz -= AES_BLOCK_SIZE;
+            XMEMCPY(&cmac->buffer[0], pt + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+            cmac->bufferSz = WC_AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
         }
 
-        if (sz >= AES_BLOCK_SIZE) {
+        if (sz >= WC_AES_BLOCK_SIZE) {
             buf[idx].TheAddress = (CAAM_ADDRESS)pt;
-            buf[idx].Length = sz - (sz % AES_BLOCK_SIZE);
-            blocks += sz / AES_BLOCK_SIZE;
+            buf[idx].Length = sz - (sz % WC_AES_BLOCK_SIZE);
+            blocks += sz / WC_AES_BLOCK_SIZE;
             sz -= buf[idx].Length;
             pt += buf[idx].Length;
             idx++;
@@ -186,9 +186,9 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
 
     /* store leftovers */
     if (sz > 0) {
-        word32 add = (sz < (int)(AES_BLOCK_SIZE - cmac->bufferSz))?
+        word32 add = (sz < (int)(WC_AES_BLOCK_SIZE - cmac->bufferSz))?
                                               (word32)sz :
-                                              (AES_BLOCK_SIZE - cmac->bufferSz);
+                                              (WC_AES_BLOCK_SIZE - cmac->bufferSz);
 
         if (pt == NULL) {
             return MEMORY_E;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
index c84b0807a..75d90c526 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
@@ -1,6 +1,6 @@
 /* wolfcaam_ecdsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
index 848d68259..d31aa2767 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
@@ -1,6 +1,6 @@
 /* wolfcaam_fsl_nxp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -160,9 +160,7 @@ static int wc_CAAM_CommonHash(caam_handle_t* hndl, caam_hash_ctx_t *ctx,
         }
 
         status = CAAM_HASH_Update(ctx, alignedIn, inSz);
-        if (tmpIn != NULL) {
-            XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (status != kStatus_Success) {
             return WC_HW_E;
         }
@@ -273,8 +271,8 @@ static int DoAesCBC(unsigned int args[4], CAAM_BUFFER *buf, int sz)
 
         /* store updated CBC state */
         XMEMCPY((byte*)buf[4].TheAddress,
-                (byte*)buf[2].TheAddress + buf[2].Length - AES_BLOCK_SIZE,
-                AES_BLOCK_SIZE);
+                (byte*)buf[2].TheAddress + buf[2].Length - WC_AES_BLOCK_SIZE,
+                WC_AES_BLOCK_SIZE);
     }
     else {
         status = CAAM_AES_EncryptCbc(CAAM, &hndl,
@@ -284,8 +282,8 @@ static int DoAesCBC(unsigned int args[4], CAAM_BUFFER *buf, int sz)
 
         /* store updated CBC state */
         XMEMCPY((byte*)buf[4].TheAddress,
-            (byte*)buf[3].TheAddress + buf[3].Length - AES_BLOCK_SIZE,
-            AES_BLOCK_SIZE);
+            (byte*)buf[3].TheAddress + buf[3].Length - WC_AES_BLOCK_SIZE,
+            WC_AES_BLOCK_SIZE);
     }
 
     if (status != kStatus_Success) {
@@ -339,9 +337,7 @@ static int DoAesCTR(unsigned int args[4], CAAM_BUFFER *buf, int sz)
         XMEMCPY((byte*)buf[3].TheAddress, alignedOut, buf[3].Length);
         XFREE(tmpOut, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (tmpIn != NULL) {
-        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (status != kStatus_Success) {
         return -1;
     }
@@ -491,9 +487,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
 
     status = CAAM_ECC_Sign(CAAM, &hndl, k, kSz, alignedIn, inlen, r, rSz, s,
         sSz, ecdsel, enc);
-    if (tmpIn != NULL) {
-        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (status != kStatus_Success) {
         ret = -1;
@@ -604,9 +598,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
 
     status = CAAM_ECC_Verify(CAAM, &hndl, qxy, qxLen+qyLen, rbuf,
         keySz, sbuf, keySz, alignedIn, hashlen, ecdsel);
-    if (tmpIn != NULL) {
-        XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(tmpIn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     *res = 0;
     if (status == kStatus_Success) {
         *res = 1;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hash.c b/wolfcrypt/src/port/caam/wolfcaam_hash.c
index d3155468f..722446e86 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hash.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hash.c
@@ -1,6 +1,6 @@
 /* wolfcaam_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,7 +26,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_CAAM) && defined(WOLFSSL_CAAM_HASH) \
-	&& !defined(WOLFSSL_IMXRT1170_CAAM)
+        && !defined(WOLFSSL_IMXRT1170_CAAM)
 
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hmac.c b/wolfcrypt/src/port/caam/wolfcaam_hmac.c
index 4a3129141..afdea0c02 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hmac.c
@@ -1,6 +1,6 @@
 /* wolfcaam_hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -59,7 +59,7 @@ int wc_CAAM_Hmac(Hmac* hmac, int macType, const byte* msg, int msgSz,
                     hmac->keyLen);
         if (ret != 0) {
             WOLFSSL_MSG("Error with set key");
-            if (ret == HASH_TYPE_E) {
+            if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) {
                 ret = CRYPTOCB_UNAVAILABLE; /* that hash type is not supported*/
             }
         }
diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c
index d6e93cf5a..81ae64ce0 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_init.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -79,7 +79,7 @@ int wc_caamSetResource(IODevice ioDev)
 /* used to route crypto operations through crypto callback */
 static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
 
     (void)ctx;
     (void)devId;
@@ -694,7 +694,7 @@ int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out, word32* outSz)
 }
 #endif /* WOLFSSL_CAAM_BLOB */
 
-/* outSz gets set to key size plus 16 for mac and padding 
+/* outSz gets set to key size plus 16 for mac and padding
  * return 0 on success
  */
 int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, int flag)
diff --git a/wolfcrypt/src/port/caam/wolfcaam_qnx.c b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
index 23db33c96..ee65d9067 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_qnx.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
@@ -1,6 +1,6 @@
 /* wolfcaam_qnx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_rsa.c b/wolfcrypt/src/port/caam/wolfcaam_rsa.c
index f035a0b70..80d11ce13 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_rsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_rsa.c
@@ -1,6 +1,6 @@
 /* wolfcaam_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c
index 8326f308f..7e57ef140 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_seco.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c
@@ -1,6 +1,6 @@
 /* wolfcaam_seco.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -829,8 +829,8 @@ static hsm_err_t wc_SECO_CMAC(unsigned int args[4], CAAM_BUFFER* buf, int sz)
         mac_args.payload_size = buf[2].Length;
 
         mac_args.mac      = (uint8_t*)buf[1].TheAddress;
-        mac_args.mac_size = (buf[1].Length < AES_BLOCK_SIZE)? buf[1].Length:
-                                                              AES_BLOCK_SIZE;
+        mac_args.mac_size = (buf[1].Length < WC_AES_BLOCK_SIZE)? buf[1].Length:
+                                                              WC_AES_BLOCK_SIZE;
     #ifdef DEBUG_SECO
         printf("CMAC arguments used:\n");
         printf("\tkey id       = %d\n", mac_args.key_identifier);
@@ -1105,7 +1105,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
     }
 
     /* iv + key + tag */
-    wrappedKeySz = GCM_NONCE_MID_SZ + inSz + AES_BLOCK_SIZE;
+    wrappedKeySz = GCM_NONCE_MID_SZ + inSz + WC_AES_BLOCK_SIZE;
     wrappedKey = (byte*)XMALLOC(wrappedKeySz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (wrappedKey == NULL) {
         WOLFSSL_MSG("Error malloc'ing buffer for wrapped key");
@@ -1155,7 +1155,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
 
     if (ret == 0) {
         ret = wc_AesGcmEncrypt(&aes, wrappedKey + ivSz, in, inSz,
-                wrappedKey, ivSz, wrappedKey + ivSz + inSz, AES_BLOCK_SIZE,
+                wrappedKey, ivSz, wrappedKey + ivSz + inSz, WC_AES_BLOCK_SIZE,
                 NULL, 0);
         if (ret != 0) {
             WOLFSSL_MSG("error with AES-GCM encrypt when wrapping key");
@@ -1215,9 +1215,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
         }
     }
 
-    if (wrappedKey != NULL) {
-        XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (wc_TranslateHSMError(0, err) != Success) {
         return 0;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_x25519.c b/wolfcrypt/src/port/caam/wolfcaam_x25519.c
index 614738025..61f22668d 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_x25519.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_x25519.c
@@ -1,6 +1,6 @@
 /* wolfcaam_x25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
index b6c954228..4b65111ed 100644
--- a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
+++ b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
@@ -1,6 +1,6 @@
 /* cavium_octeon_sync.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -506,12 +506,12 @@ static NOOPT int Octeon_AesGcm_SetIV(Aes* aes, byte* iv, word32 ivSz)
         }
         else {
             int blocks, remainder, i;
-            byte aesBlock[AES_BLOCK_SIZE];
+            byte aesBlock[WC_AES_BLOCK_SIZE];
 
-            blocks = ivSz / AES_BLOCK_SIZE;
-            remainder = ivSz % AES_BLOCK_SIZE;
+            blocks = ivSz / WC_AES_BLOCK_SIZE;
+            remainder = ivSz % WC_AES_BLOCK_SIZE;
 
-            for (i = 0; i < blocks; i++, iv += AES_BLOCK_SIZE)
+            for (i = 0; i < blocks; i++, iv += WC_AES_BLOCK_SIZE)
                 Octeon_GHASH_Update(iv);
 
             XMEMSET(aesBlock, 0, sizeof(aesBlock));
@@ -535,7 +535,7 @@ static NOOPT int Octeon_AesGcm_SetIV(Aes* aes, byte* iv, word32 ivSz)
 static NOOPT int Octeon_AesGcm_SetAAD(Aes* aes, byte* aad, word32 aadSz)
 {
     word64* p;
-    ALIGN16 byte aesBlock[AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlock[WC_AES_BLOCK_SIZE];
     int blocks, remainder, i;
 
     if (aes == NULL || (aadSz != 0 && aad == NULL))
@@ -544,14 +544,14 @@ static NOOPT int Octeon_AesGcm_SetAAD(Aes* aes, byte* aad, word32 aadSz)
     if (aadSz == 0)
         return 0;
 
-    blocks = aadSz / AES_BLOCK_SIZE;
-    remainder = aadSz % AES_BLOCK_SIZE;
+    blocks = aadSz / WC_AES_BLOCK_SIZE;
+    remainder = aadSz % WC_AES_BLOCK_SIZE;
 
     Octeon_GHASH_Restore(0xe100, aes->H);
 
     p = (word64*)aesBlock;
 
-    for (i = 0; i < blocks; i++, aad += AES_BLOCK_SIZE) {
+    for (i = 0; i < blocks; i++, aad += WC_AES_BLOCK_SIZE) {
         CVMX_LOADUNA_INT64(p[0], aad, 0);
         CVMX_LOADUNA_INT64(p[1], aad, 8);
         CVMX_MT_GFM_XOR0(p[0]);
@@ -574,8 +574,8 @@ static int Octeon_AesGcm_SetEncrypt(Aes* aes, byte* in, byte* out, word32 inSz,
         int encrypt)
 {
     word32 i, blocks, remainder;
-    ALIGN16 byte aesBlockIn[AES_BLOCK_SIZE];
-    ALIGN16 byte aesBlockOut[AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockIn[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockOut[WC_AES_BLOCK_SIZE];
     word64* pIn;
     word64* pOut;
     word64* pIv;
@@ -592,11 +592,11 @@ static int Octeon_AesGcm_SetEncrypt(Aes* aes, byte* in, byte* out, word32 inSz,
     CVMX_MT_AES_ENC0(pIv[0]);
     CVMX_MT_AES_ENC1(pIv[1]);
 
-    blocks = inSz / AES_BLOCK_SIZE;
-    remainder = inSz % AES_BLOCK_SIZE;
+    blocks = inSz / WC_AES_BLOCK_SIZE;
+    remainder = inSz % WC_AES_BLOCK_SIZE;
 
     for (i = 0; i < blocks;
-            i++, in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE) {
+            i++, in += WC_AES_BLOCK_SIZE, out += WC_AES_BLOCK_SIZE) {
         CVMX_PREFETCH128(in);
         aes->reg[3]++;
 
@@ -623,7 +623,7 @@ static int Octeon_AesGcm_SetEncrypt(Aes* aes, byte* in, byte* out, word32 inSz,
     }
 
     if (remainder > 0) {
-        ALIGN16 byte aesBlockMask[AES_BLOCK_SIZE];
+        ALIGN16 byte aesBlockMask[WC_AES_BLOCK_SIZE];
         word64* pMask = (word64*)aesBlockMask;
 
         XMEMSET(aesBlockOut, 0, sizeof(aesBlockOut));
@@ -676,8 +676,8 @@ static NOOPT int Octeon_AesGcm_Finalize(Aes* aes, word32 inSz, word32 aadSz,
     word64* pIn;
     word64* pOut;
     uint32_t countSave;
-    ALIGN16 byte aesBlockIn[AES_BLOCK_SIZE];
-    ALIGN16 byte aesBlockOut[AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockIn[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockOut[WC_AES_BLOCK_SIZE];
 
     countSave = aes->reg[3];
     aes->reg[3] = aes->y0;
@@ -775,7 +775,7 @@ static int Octeon_AesGcm_Decrypt(Aes* aes, byte* in, byte* out, word32 inSz,
 
 static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and use SW */
 
     if (info == NULL)
         return BAD_FUNC_ARG;
diff --git a/wolfcrypt/src/port/cuda/README.md b/wolfcrypt/src/port/cuda/README.md
new file mode 100644
index 000000000..e508b3d94
--- /dev/null
+++ b/wolfcrypt/src/port/cuda/README.md
@@ -0,0 +1,9 @@
+You will need to have the CUDA libraries and toolchains installed to be able to use this. For the simplest
+setup, I used the 'nvidia/cuda:12.3.2-devel-ubuntu22.04' container with the '--gpus=all' flag. Note that
+Docker must be set up to allow passing through the CUDA instructions to the host. The container only needs
+'automake' and 'libtool' installed: `apt update && apt install -y automake libtool`.
+
+This code was tested with the following:
+    ./configure --enable-all --disable-shared --disable-crl-monitor --enable-cuda CC=nvcc && make check
+
+There are still things that can be done to optimize, but the basic functionality is there.
diff --git a/wolfcrypt/src/port/cuda/aes-cuda.cu b/wolfcrypt/src/port/cuda/aes-cuda.cu
new file mode 100644
index 000000000..cec4c287d
--- /dev/null
+++ b/wolfcrypt/src/port/cuda/aes-cuda.cu
@@ -0,0 +1,1096 @@
+/* aes.cu
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+
+DESCRIPTION
+This library provides the interfaces to the Advanced Encryption Standard (AES)
+for encrypting and decrypting data. AES is the standard known for a symmetric
+block cipher mechanism that uses n-bit binary string parameter key with 128-bits,
+192-bits, and 256-bits of key sizes.
+
+*/
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/aes.h>
+
+#ifdef WOLFSSL_AESNI
+#include <wmmintrin.h>
+#include <emmintrin.h>
+#include <smmintrin.h>
+#endif /* WOLFSSL_AESNI */
+
+#include <wolfssl/wolfcrypt/cpuid.h>
+
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
+#ifdef WOLFSSL_SECO_CAAM
+#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
+#endif
+
+#ifdef WOLFSSL_IMXRT_DCP
+    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
+#endif
+#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
+    #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
+#endif
+
+#if defined(WOLFSSL_AES_SIV)
+    #include <wolfssl/wolfcrypt/cmac.h>
+#endif /* WOLFSSL_AES_SIV */
+
+#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
+    #include <wolfssl/wolfcrypt/port/psa/psa.h>
+#endif
+
+
+#include <wolfssl/wolfcrypt/logging.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #define WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MAX
+/*    #include <wolfcrypt/src/misc.c> */
+#endif
+/* This routine performs a left circular arithmetic shift of <x> by <y> value. */
+
+extern "C" {
+
+#if !defined(WOLFSSL_TI_CRYPT)
+
+#define rotlFixed(x, y) ( (x << y) | (x >> (sizeof(x) * 8 - y)) )
+
+/* This routine performs a right circular arithmetic shift of <x> by <y> value. */
+#define rotrFixed(x, y) ( (x >> y) | (x << (sizeof(x) * 8 - y)) )
+
+#ifdef WC_RC2
+
+/* This routine performs a left circular arithmetic shift of <x> by <y> value */
+static WC_INLINE word16 rotlFixed16(word16 x, word16 y)
+{
+    return (x << y) | (x >> (sizeof(x) * 8 - y));
+}
+
+
+/* This routine performs a right circular arithmetic shift of <x> by <y> value */
+static WC_INLINE word16 rotrFixed16(word16 x, word16 y)
+{
+    return (x >> y) | (x << (sizeof(x) * 8 - y));
+}
+
+#endif /* WC_RC2 */
+
+/* This routine performs a byte swap of 32-bit word value. */
+#if defined(__CCRX__) && !defined(NO_INLINE) /* shortest version for CC-RX */
+    #define ByteReverseWord32(value, outRef) ( *outRef = _builtin_revl(value) )
+#else
+__device__
+static WC_INLINE word32 ByteReverseWord32(word32 value)
+{
+#ifdef PPC_INTRINSICS
+    /* PPC: load reverse indexed instruction */
+    return (word32)__lwbrx(&value,0);
+#elif defined(__ICCARM__)
+    return (word32)__REV(value);
+#elif defined(KEIL_INTRINSICS)
+    return (word32)__rev(value);
+#elif defined(__CCRX__)
+    return (word32)_builtin_revl(value);
+#elif defined(WOLF_ALLOW_BUILTIN) && \
+        defined(__GNUC_PREREQ) && __GNUC_PREREQ(4, 3)
+    return (word32)__builtin_bswap32(value);
+#elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \
+      defined(__aarch64__)
+    __asm__ volatile (
+        "REV32 %0, %0  \n"
+        : "+r" (value)
+        :
+    );
+    return value;
+#elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \
+      (defined(__thumb__) || defined(__arm__))
+    __asm__ volatile (
+        "REV %0, %0  \n"
+        : "+r" (value)
+        :
+    );
+    return value;
+#elif defined(FAST_ROTATE)
+    /* 5 instructions with rotate instruction, 9 without */
+    return (rotrFixed(value, 8U) & 0xff00ff00) |
+           (rotlFixed(value, 8U) & 0x00ff00ff);
+#else
+    /* 6 instructions with rotate instruction, 8 without */
+    value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8);
+    return rotlFixed(value, 16U);
+#endif
+}
+#endif /* ! (__CCRX__ && !NO_INLINE) */
+
+#if defined(STM32_CRYPTO)
+#elif defined(HAVE_COLDFIRE_SEC)
+#elif defined(FREESCALE_LTC)
+#elif defined(FREESCALE_MMCAU)
+#elif defined(WOLFSSL_PIC32MZ_CRYPT)
+#elif defined(WOLFSSL_NRF51_AES)
+#elif defined(WOLFSSL_ESP32_CRYPT) && \
+     !defined(NO_WOLFSSL_ESP32_CRYPT_AES)
+#elif defined(WOLFSSL_AESNI)
+#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) \
+        && !defined(WOLFSSL_QNX_CAAM)) || \
+      ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
+        defined(HAVE_AESCCM))
+#elif defined(WOLFSSL_AFALG)
+    /* implemented in wolfcrypt/src/port/af_alg/afalg_aes.c */
+
+#elif defined(WOLFSSL_DEVCRYPTO_AES)
+    /* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */
+
+#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
+#elif defined(WOLFSSL_KCAPI_AES)
+#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
+/* implemented in wolfcrypt/src/port/psa/psa_aes.c */
+
+#else
+
+    /* using wolfCrypt software implementation */
+    #define NEED_AES_TABLES
+#endif
+
+#if !defined(NO_AES) && !defined(WOLFSSL_TI_CRYPT) && !defined(WOLFSSL_ARMASM) && \
+    defined(NEED_AES_TABLES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM)) && \
+    defined(HAVE_CUDA)
+
+#define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y))))
+
+#ifndef WC_CACHE_LINE_SZ
+    #if defined(__x86_64__) || defined(_M_X64) || \
+       (defined(__ILP32__) && (__ILP32__ >= 1))
+        #define WC_CACHE_LINE_SZ 64
+    #else
+        /* default cache line size */
+        #define WC_CACHE_LINE_SZ 32
+    #endif
+#endif
+
+#if WC_CACHE_LINE_SZ == 128
+    #define WC_CACHE_LINE_BITS      5
+    #define WC_CACHE_LINE_MASK_HI   0xe0
+    #define WC_CACHE_LINE_MASK_LO   0x1f
+    #define WC_CACHE_LINE_ADD       0x20
+#elif WC_CACHE_LINE_SZ == 64
+    #define WC_CACHE_LINE_BITS      4
+    #define WC_CACHE_LINE_MASK_HI   0xf0
+    #define WC_CACHE_LINE_MASK_LO   0x0f
+    #define WC_CACHE_LINE_ADD       0x10
+#elif WC_CACHE_LINE_SZ == 32
+    #define WC_CACHE_LINE_BITS      3
+    #define WC_CACHE_LINE_MASK_HI   0xf8
+    #define WC_CACHE_LINE_MASK_LO   0x07
+    #define WC_CACHE_LINE_ADD       0x08
+#elif WC_CACHE_LINE_SZ == 16
+    #define WC_CACHE_LINE_BITS      2
+    #define WC_CACHE_LINE_MASK_HI   0xfc
+    #define WC_CACHE_LINE_MASK_LO   0x03
+    #define WC_CACHE_LINE_ADD       0x04
+#else
+    #error Cache line size not supported
+#endif
+
+#ifndef WOLFSSL_AES_SMALL_TABLES
+__device__
+const FLASH_QUALIFIER word32 Te_CUDA[4][256] = {
+{
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+},
+{
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+},
+{
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+},
+{
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+}
+};
+
+
+__device__
+static word32 GetTable(const word32* t, byte o)
+{
+    word32 e = 0;
+#if WC_CACHE_LINE_SZ == 64
+  byte hi = o & 0xf0;
+  byte lo = o & 0x0f;
+
+  e  = t[lo + 0x00] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x10] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x20] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x30] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x40] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x50] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x60] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x70] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x80] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0x90] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0xa0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0xb0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0xc0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0xd0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0xe0] & ((word32)0 - (((word32)hi - 0x01) >> 31)); hi -= 0x10;
+  e |= t[lo + 0xf0] & ((word32)0 - (((word32)hi - 0x01) >> 31));
+#else
+  int i;
+  byte hi = o & WC_CACHE_LINE_MASK_HI;
+  byte lo = o & WC_CACHE_LINE_MASK_LO;
+
+  for (i = 0; i < 256; i += (1 << WC_CACHE_LINE_BITS)) {
+      e |= t[lo + i] & ((word32)0 - (((word32)hi - 0x01) >> 31));
+      hi -= WC_CACHE_LINE_ADD;
+  }
+#endif
+  return e;
+}
+
+__device__
+static void GetTable_Multi(const word32* t, word32* t0, byte o0,
+  word32* t1, byte o1, word32* t2, byte o2, word32* t3, byte o3)
+{
+  word32 e0 = 0;
+  word32 e1 = 0;
+  word32 e2 = 0;
+  word32 e3 = 0;
+  byte hi0 = o0 & WC_CACHE_LINE_MASK_HI;
+  byte lo0 = o0 & WC_CACHE_LINE_MASK_LO;
+  byte hi1 = o1 & WC_CACHE_LINE_MASK_HI;
+  byte lo1 = o1 & WC_CACHE_LINE_MASK_LO;
+  byte hi2 = o2 & WC_CACHE_LINE_MASK_HI;
+  byte lo2 = o2 & WC_CACHE_LINE_MASK_LO;
+  byte hi3 = o3 & WC_CACHE_LINE_MASK_HI;
+  byte lo3 = o3 & WC_CACHE_LINE_MASK_LO;
+  int i;
+
+  for (i = 0; i < 256; i += (1 << WC_CACHE_LINE_BITS)) {
+      e0 |= t[lo0 + i] & ((word32)0 - (((word32)hi0 - 0x01) >> 31));
+      hi0 -= WC_CACHE_LINE_ADD;
+      e1 |= t[lo1 + i] & ((word32)0 - (((word32)hi1 - 0x01) >> 31));
+      hi1 -= WC_CACHE_LINE_ADD;
+      e2 |= t[lo2 + i] & ((word32)0 - (((word32)hi2 - 0x01) >> 31));
+      hi2 -= WC_CACHE_LINE_ADD;
+      e3 |= t[lo3 + i] & ((word32)0 - (((word32)hi3 - 0x01) >> 31));
+      hi3 -= WC_CACHE_LINE_ADD;
+  }
+  *t0 = e0;
+  *t1 = e1;
+  *t2 = e2;
+  *t3 = e3;
+}
+
+/* load 4 Te Tables into cache by cache line stride */
+__device__
+static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTe(void)
+{
+#ifndef WOLFSSL_AES_TOUCH_LINES
+    word32 x = 0;
+    int i,j;
+
+    for (i = 0; i < 4; i++) {
+        /* 256 elements, each one is 4 bytes */
+        for (j = 0; j < 256; j += WC_CACHE_LINE_SZ/4) {
+            x &= Te_CUDA[i][j];
+        }
+    }
+    return x;
+#else
+    return 0;
+#endif
+}
+#else
+__device__ static const byte Tsbox[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+
+#define AES_XTIME(x)    ((byte)((byte)((x) << 1) ^ ((0 - ((x) >> 7)) & 0x1b)))
+
+#define col_mul(t, i2, i3, ia, ib) \
+  ( GETBYTE(t, ia) ^ GETBYTE(t, ib) ^ GETBYTE(t, i3) ^ AES_XTIME(GETBYTE(t, i2) ^ GETBYTE(t, i3)) )
+
+#define GetTable(t, o)  t[o]
+#define GetTable8(t, o) t[o]
+#define GetTable_Multi(t, t0, o0, t1, o1, t2, o2, t3, o3)  \
+  *(t0) = (t)[o0]; *(t1) = (t)[o1]; *(t2) = (t)[o2]; *(t3) = (t)[o3]
+#define XorTable_Multi(t, t0, o0, t1, o1, t2, o2, t3, o3)  \
+  *(t0) ^= (t)[o0]; *(t1) ^= (t)[o1]; *(t2) ^= (t)[o2]; *(t3) ^= (t)[o3]
+#define GetTable8_4(t, o0, o1, o2, o3) \
+  (((word32)(t)[o0] << 24) | ((word32)(t)[o1] << 16) |   \
+   ((word32)(t)[o2] <<  8) | ((word32)(t)[o3] <<  0))
+
+/* load sbox into cache by cache line stride */
+#ifndef WOLFSSL_AES_TOUCH_LINES
+    #define PreFetchSBox(x) { \
+    x = 0; \
+    int i; \
+    for (i = 0; i < 256; i += WC_CACHE_LINE_SZ/4) { \
+        x &= Tsbox[i]; \
+    } \
+    }
+#else
+    #define PreFetchSBox(x) ( x = 0 )
+#endif
+#endif
+
+#if !defined(WC_AES_BITSLICED)
+/* Encrypt a block using AES.
+ *
+ * @param [in]  aes       AES object.
+ * @param [in]  inBlock   Block to encrypt.
+ * @param [out] outBlock  Encrypted block.
+ * @param [in]  r         Rounds divided by 2.
+ * @param [in]  sz        Number of blocks to encrypt
+ */
+__global__ void AesEncrypt_C_CUDA(word32* rkBase, const byte* inBlockBase, byte* outBlockBase,
+        word32 r, word32 sz)
+{
+    word32 s0, s1, s2, s3;
+    word32 t0, t1, t2, t3;
+    word32 sBox;
+    int index = blockIdx.x * blockDim.x + threadIdx.x;
+    int stride = blockDim.x * gridDim.x;
+    const byte* inBlock = inBlockBase;
+    byte* outBlock = outBlockBase;
+    word32* rk;
+
+    for (int i = index; i < sz; i += stride) {
+        rk = rkBase;
+        inBlock = inBlockBase + i * 4 * sizeof(s0);
+        outBlock = outBlockBase + i * 4 * sizeof(s0);
+
+        /*
+         * map byte array block to cipher state
+         * and add initial round key:
+         */
+        XMEMCPY(&s0, inBlock,                  sizeof(s0));
+        XMEMCPY(&s1, inBlock +     sizeof(s0), sizeof(s1));
+        XMEMCPY(&s2, inBlock + 2 * sizeof(s0), sizeof(s2));
+        XMEMCPY(&s3, inBlock + 3 * sizeof(s0), sizeof(s3));
+
+#ifdef LITTLE_ENDIAN_ORDER
+        s0 = ByteReverseWord32(s0);
+        s1 = ByteReverseWord32(s1);
+        s2 = ByteReverseWord32(s2);
+        s3 = ByteReverseWord32(s3);
+#endif
+
+        /* AddRoundKey */
+        s0 ^= rk[0];
+        s1 ^= rk[1];
+        s2 ^= rk[2];
+        s3 ^= rk[3];
+
+#ifndef WOLFSSL_AES_SMALL_TABLES
+#ifndef WC_NO_CACHE_RESISTANT
+        s0 |= PreFetchTe();
+#endif
+
+#ifndef WOLFSSL_AES_TOUCH_LINES
+#define ENC_ROUND_T_S(o)                                                       \
+        t0 = GetTable(Te_CUDA[0], GETBYTE(s0, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s1, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(s2, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s3, 0)) ^   \
+             rk[(o)+4];                                                            \
+        t1 = GetTable(Te_CUDA[0], GETBYTE(s1, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s2, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(s3, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s0, 0)) ^   \
+             rk[(o)+5];                                                            \
+        t2 = GetTable(Te_CUDA[0], GETBYTE(s2, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s3, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(s0, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s1, 0)) ^   \
+             rk[(o)+6];                                                            \
+        t3 = GetTable(Te_CUDA[0], GETBYTE(s3, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(s0, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(s1, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(s2, 0)) ^   \
+             rk[(o)+7]
+#define ENC_ROUND_S_T(o)                                                       \
+        s0 = GetTable(Te_CUDA[0], GETBYTE(t0, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t1, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(t2, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t3, 0)) ^   \
+             rk[(o)+0];                                                            \
+        s1 = GetTable(Te_CUDA[0], GETBYTE(t1, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t2, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(t3, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t0, 0)) ^   \
+             rk[(o)+1];                                                            \
+        s2 = GetTable(Te_CUDA[0], GETBYTE(t2, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t3, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(t0, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t1, 0)) ^   \
+             rk[(o)+2];                                                            \
+        s3 = GetTable(Te_CUDA[0], GETBYTE(t3, 3)) ^ GetTable(Te_CUDA[1], GETBYTE(t0, 2)) ^   \
+             GetTable(Te_CUDA[2], GETBYTE(t1, 1)) ^ GetTable(Te_CUDA[3], GETBYTE(t2, 0)) ^   \
+             rk[(o)+3]
+#else
+#define ENC_ROUND_T_S(o)                                                       \
+        GetTable_Multi(Te_CUDA[0], &t0, GETBYTE(s0, 3), &t1, GETBYTE(s1, 3),            \
+                              &t2, GETBYTE(s2, 3), &t3, GETBYTE(s3, 3));           \
+        XorTable_Multi(Te_CUDA[1], &t0, GETBYTE(s1, 2), &t1, GETBYTE(s2, 2),            \
+                              &t2, GETBYTE(s3, 2), &t3, GETBYTE(s0, 2));           \
+        XorTable_Multi(Te_CUDA[2], &t0, GETBYTE(s2, 1), &t1, GETBYTE(s3, 1),            \
+                              &t2, GETBYTE(s0, 1), &t3, GETBYTE(s1, 1));           \
+        XorTable_Multi(Te_CUDA[3], &t0, GETBYTE(s3, 0), &t1, GETBYTE(s0, 0),            \
+                              &t2, GETBYTE(s1, 0), &t3, GETBYTE(s2, 0));           \
+        t0 ^= rk[(o)+4]; t1 ^= rk[(o)+5]; t2 ^= rk[(o)+6]; t3 ^= rk[(o)+7];
+
+#define ENC_ROUND_S_T(o)                                                       \
+        GetTable_Multi(Te_CUDA[0], &s0, GETBYTE(t0, 3), &s1, GETBYTE(t1, 3),            \
+                              &s2, GETBYTE(t2, 3), &s3, GETBYTE(t3, 3));           \
+        XorTable_Multi(Te_CUDA[1], &s0, GETBYTE(t1, 2), &s1, GETBYTE(t2, 2),            \
+                              &s2, GETBYTE(t3, 2), &s3, GETBYTE(t0, 2));           \
+        XorTable_Multi(Te_CUDA[2], &s0, GETBYTE(t2, 1), &s1, GETBYTE(t3, 1),            \
+                              &s2, GETBYTE(t0, 1), &s3, GETBYTE(t1, 1));           \
+        XorTable_Multi(Te_CUDA[3], &s0, GETBYTE(t3, 0), &s1, GETBYTE(t0, 0),            \
+                              &s2, GETBYTE(t1, 0), &s3, GETBYTE(t2, 0));           \
+        s0 ^= rk[(o)+0]; s1 ^= rk[(o)+1]; s2 ^= rk[(o)+2]; s3 ^= rk[(o)+3];
+#endif
+
+#ifndef WOLFSSL_AES_NO_UNROLL
+    /* Unroll the loop. */
+                           ENC_ROUND_T_S( 0);
+        ENC_ROUND_S_T( 8); ENC_ROUND_T_S( 8);
+        ENC_ROUND_S_T(16); ENC_ROUND_T_S(16);
+        ENC_ROUND_S_T(24); ENC_ROUND_T_S(24);
+        ENC_ROUND_S_T(32); ENC_ROUND_T_S(32);
+        if (r > 5) {
+            ENC_ROUND_S_T(40); ENC_ROUND_T_S(40);
+            if (r > 6) {
+                ENC_ROUND_S_T(48); ENC_ROUND_T_S(48);
+            }
+        }
+        rk += r * 8;
+#else
+        /*
+         * Nr - 1 full rounds:
+         */
+
+        for (;;) {
+            ENC_ROUND_T_S(0);
+
+            rk += 8;
+            if (--r == 0) {
+                break;
+            }
+
+            ENC_ROUND_S_T(0);
+        }
+#endif
+
+        /*
+         * apply last round and
+         * map cipher state to byte array block:
+         */
+
+#ifndef WOLFSSL_AES_TOUCH_LINES
+        s0 =
+            (GetTable(Te_CUDA[2], GETBYTE(t0, 3)) & 0xff000000) ^
+            (GetTable(Te_CUDA[3], GETBYTE(t1, 2)) & 0x00ff0000) ^
+            (GetTable(Te_CUDA[0], GETBYTE(t2, 1)) & 0x0000ff00) ^
+            (GetTable(Te_CUDA[1], GETBYTE(t3, 0)) & 0x000000ff) ^
+            rk[0];
+        s1 =
+            (GetTable(Te_CUDA[2], GETBYTE(t1, 3)) & 0xff000000) ^
+            (GetTable(Te_CUDA[3], GETBYTE(t2, 2)) & 0x00ff0000) ^
+            (GetTable(Te_CUDA[0], GETBYTE(t3, 1)) & 0x0000ff00) ^
+            (GetTable(Te_CUDA[1], GETBYTE(t0, 0)) & 0x000000ff) ^
+            rk[1];
+        s2 =
+            (GetTable(Te_CUDA[2], GETBYTE(t2, 3)) & 0xff000000) ^
+            (GetTable(Te_CUDA[3], GETBYTE(t3, 2)) & 0x00ff0000) ^
+            (GetTable(Te_CUDA[0], GETBYTE(t0, 1)) & 0x0000ff00) ^
+            (GetTable(Te_CUDA[1], GETBYTE(t1, 0)) & 0x000000ff) ^
+            rk[2];
+        s3 =
+            (GetTable(Te_CUDA[2], GETBYTE(t3, 3)) & 0xff000000) ^
+            (GetTable(Te_CUDA[3], GETBYTE(t0, 2)) & 0x00ff0000) ^
+            (GetTable(Te_CUDA[0], GETBYTE(t1, 1)) & 0x0000ff00) ^
+            (GetTable(Te_CUDA[1], GETBYTE(t2, 0)) & 0x000000ff) ^
+            rk[3];
+#else
+    {
+        word32 u0;
+        word32 u1;
+        word32 u2;
+        word32 u3;
+
+        s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3];
+        GetTable_Multi(Te_CUDA[2], &u0, GETBYTE(t0, 3), &u1, GETBYTE(t1, 3),
+                              &u2, GETBYTE(t2, 3), &u3, GETBYTE(t3, 3));
+        s0 ^= u0 & 0xff000000; s1 ^= u1 & 0xff000000;
+        s2 ^= u2 & 0xff000000; s3 ^= u3 & 0xff000000;
+        GetTable_Multi(Te_CUDA[3], &u0, GETBYTE(t1, 2), &u1, GETBYTE(t2, 2),
+                              &u2, GETBYTE(t3, 2), &u3, GETBYTE(t0, 2));
+        s0 ^= u0 & 0x00ff0000; s1 ^= u1 & 0x00ff0000;
+        s2 ^= u2 & 0x00ff0000; s3 ^= u3 & 0x00ff0000;
+        GetTable_Multi(Te_CUDA[0], &u0, GETBYTE(t2, 1), &u1, GETBYTE(t3, 1),
+                              &u2, GETBYTE(t0, 1), &u3, GETBYTE(t1, 1));
+        s0 ^= u0 & 0x0000ff00; s1 ^= u1 & 0x0000ff00;
+        s2 ^= u2 & 0x0000ff00; s3 ^= u3 & 0x0000ff00;
+        GetTable_Multi(Te_CUDA[1], &u0, GETBYTE(t3, 0), &u1, GETBYTE(t0, 0),
+                              &u2, GETBYTE(t1, 0), &u3, GETBYTE(t2, 0));
+        s0 ^= u0 & 0x000000ff; s1 ^= u1 & 0x000000ff;
+        s2 ^= u2 & 0x000000ff; s3 ^= u3 & 0x000000ff;
+    }
+#endif
+#else
+#ifndef WC_NO_CACHE_RESISTANT
+        s0 |= PreFetchSBox();
+#endif
+
+        r *= 2;
+        /* Two rounds at a time */
+        for (rk += 4; r > 1; r--, rk += 4) {
+            t0 =
+                ((word32)GetTable8(Tsbox, GETBYTE(s0, 3)) << 24) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s1, 2)) << 16) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s2, 1)) <<  8) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s3, 0)));
+            t1 =
+                ((word32)GetTable8(Tsbox, GETBYTE(s1, 3)) << 24) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s2, 2)) << 16) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s3, 1)) <<  8) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s0, 0)));
+            t2 =
+                ((word32)GetTable8(Tsbox, GETBYTE(s2, 3)) << 24) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s3, 2)) << 16) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s0, 1)) <<  8) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s1, 0)));
+            t3 =
+                ((word32)GetTable8(Tsbox, GETBYTE(s3, 3)) << 24) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s0, 2)) << 16) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s1, 1)) <<  8) ^
+                ((word32)GetTable8(Tsbox, GETBYTE(s2, 0)));
+
+            s0 =
+                (col_mul(t0, 3, 2, 0, 1) << 24) ^
+                (col_mul(t0, 2, 1, 0, 3) << 16) ^
+                (col_mul(t0, 1, 0, 2, 3) <<  8) ^
+                (col_mul(t0, 0, 3, 2, 1)      ) ^
+                rk[0];
+            s1 =
+                (col_mul(t1, 3, 2, 0, 1) << 24) ^
+                (col_mul(t1, 2, 1, 0, 3) << 16) ^
+                (col_mul(t1, 1, 0, 2, 3) <<  8) ^
+                (col_mul(t1, 0, 3, 2, 1)      ) ^
+                rk[1];
+            s2 =
+                (col_mul(t2, 3, 2, 0, 1) << 24) ^
+                (col_mul(t2, 2, 1, 0, 3) << 16) ^
+                (col_mul(t2, 1, 0, 2, 3) <<  8) ^
+                (col_mul(t2, 0, 3, 2, 1)      ) ^
+                rk[2];
+            s3 =
+                (col_mul(t3, 3, 2, 0, 1) << 24) ^
+                (col_mul(t3, 2, 1, 0, 3) << 16) ^
+                (col_mul(t3, 1, 0, 2, 3) <<  8) ^
+                (col_mul(t3, 0, 3, 2, 1)      ) ^
+                rk[3];
+        }
+
+        t0 =
+            ((word32)GetTable8(Tsbox, GETBYTE(s0, 3)) << 24) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s1, 2)) << 16) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s2, 1)) <<  8) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s3, 0)));
+        t1 =
+            ((word32)GetTable8(Tsbox, GETBYTE(s1, 3)) << 24) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s2, 2)) << 16) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s3, 1)) <<  8) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s0, 0)));
+        t2 =
+            ((word32)GetTable8(Tsbox, GETBYTE(s2, 3)) << 24) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s3, 2)) << 16) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s0, 1)) <<  8) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s1, 0)));
+        t3 =
+            ((word32)GetTable8(Tsbox, GETBYTE(s3, 3)) << 24) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s0, 2)) << 16) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s1, 1)) <<  8) ^
+            ((word32)GetTable8(Tsbox, GETBYTE(s2, 0)));
+        s0 = t0 ^ rk[0];
+        s1 = t1 ^ rk[1];
+        s2 = t2 ^ rk[2];
+        s3 = t3 ^ rk[3];
+#endif
+
+        /* write out */
+#ifdef LITTLE_ENDIAN_ORDER
+        s0 = ByteReverseWord32(s0);
+        s1 = ByteReverseWord32(s1);
+        s2 = ByteReverseWord32(s2);
+        s3 = ByteReverseWord32(s3);
+#endif
+
+        XMEMCPY(outBlock,                  &s0, sizeof(s0));
+        XMEMCPY(outBlock +     sizeof(s0), &s1, sizeof(s1));
+        XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
+        XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
+    }
+}
+
+void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
+        word32 r)
+{
+    byte *inBlock_GPU = NULL;
+    byte *outBlock_GPU = NULL;
+    word32* rk_GPU = NULL;
+    cudaError_t ret = cudaSuccess;
+
+#ifdef WC_C_DYNAMIC_FALLBACK
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&rk_GPU, sizeof(aes->key_C_fallback));
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(rk_GPU, aes->key_C_fallback, sizeof(aes->key_C_fallback), cudaMemcpyDefault);
+#else
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&rk_GPU, sizeof(aes->key));
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(rk_GPU, aes->key, sizeof(aes->key), cudaMemcpyDefault);
+#endif
+
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&inBlock_GPU, WC_AES_BLOCK_SIZE);
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(inBlock_GPU, inBlock, WC_AES_BLOCK_SIZE, cudaMemcpyDefault);
+
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&outBlock_GPU, WC_AES_BLOCK_SIZE);
+
+    if ( ret == cudaSuccess )
+        AesEncrypt_C_CUDA<<<1,1>>>(rk_GPU, inBlock_GPU, outBlock_GPU, r, 1);
+
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(outBlock, outBlock_GPU, WC_AES_BLOCK_SIZE, cudaMemcpyDefault);
+
+    cudaFree(inBlock_GPU);
+    cudaFree(outBlock_GPU);
+    cudaFree(rk_GPU);
+}
+
+#if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+/* Encrypt a number of blocks using AES.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to encrypt.
+ * @param [out] out  Encrypted block.
+ * @param [in]  sz   Number of blocks to encrypt.
+ */
+void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
+{
+    byte *in_GPU = NULL;
+    byte *out_GPU = NULL;
+    word32* rk_GPU = NULL;
+    cudaError_t ret = cudaSuccess;
+
+#ifdef WC_C_DYNAMIC_FALLBACK
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&rk_GPU, sizeof(aes->key_C_fallback));
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(rk_GPU, aes->key_C_fallback, sizeof(aes->key_C_fallback), cudaMemcpyDefault);
+#else
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&rk_GPU, sizeof(aes->key));
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(rk_GPU, aes->key, sizeof(aes->key), cudaMemcpyDefault);
+#endif
+
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&in_GPU, sz);
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(in_GPU, in, sz, cudaMemcpyDefault);
+
+    if ( ret == cudaSuccess )
+        ret = cudaMalloc(&out_GPU, sz);
+
+    if ( ret == cudaSuccess ) {
+        int blockSize = 256;
+        int numBlocks = (sz / WC_AES_BLOCK_SIZE + blockSize - 1) / blockSize;
+        AesEncrypt_C_CUDA<<<numBlocks,blockSize>>>(rk_GPU, in_GPU, out_GPU, aes->rounds >> 1, sz / WC_AES_BLOCK_SIZE);
+    }
+
+    if ( ret == cudaSuccess )
+        ret = cudaMemcpy(out, out_GPU, sz, cudaMemcpyDefault);
+
+    cudaFree(in_GPU);
+    cudaFree(out_GPU);
+    cudaFree(rk_GPU);
+}
+#endif
+
+#else
+
+/* Encrypt a block using AES.
+ *
+ * @param [in]  aes       AES object.
+ * @param [in]  inBlock   Block to encrypt.
+ * @param [out] outBlock  Encrypted block.
+ * @param [in]  r         Rounds divided by 2.
+ */
+__global__
+void AesEncrypt_C_CUDA(Aes* aes, const byte* inBlock, byte* outBlock,
+        word32 r)
+{
+    bs_word state[AES_BLOCK_BITS];
+
+    (void)r;
+
+    XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE);
+    XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE);
+
+    bs_encrypt(state, aes->bs_key, aes->rounds);
+
+    XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE);
+}
+
+void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
+        word32 r)
+{
+    AesEncrypt_C_CUDA<<<1,1>>>(aes, inBlock, outBlock, r);
+}
+
+#if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+/* Encrypt a number of blocks using AES.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to encrypt.
+ * @param [out] out  Encrypted block.
+ * @param [in]  sz   Number of blocks to encrypt.
+ */
+void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
+{
+    bs_word state[AES_BLOCK_BITS];
+
+    while (sz >= BS_BLOCK_SIZE) {
+        XMEMCPY(state, in, BS_BLOCK_SIZE);
+        bs_encrypt(state, aes->bs_key, aes->rounds);
+        XMEMCPY(out, state, BS_BLOCK_SIZE);
+        sz  -= BS_BLOCK_SIZE;
+        in  += BS_BLOCK_SIZE;
+        out += BS_BLOCK_SIZE;
+    }
+    if (sz > 0) {
+        XMEMCPY(state, in, sz);
+        XMEMSET(((byte*)state) + sz, 0, sizeof(state) - sz);
+        bs_encrypt(state, aes->bs_key, aes->rounds);
+        XMEMCPY(out, state, sz);
+    }
+}
+#endif
+
+#endif /* !WC_AES_BITSLICED */
+
+#endif /* HAVE_CUDA */
+
+#endif /* !WOLFSSL_TI_CRYPT */
+
+} /* extern "C" */
diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c
index 15f3d207c..c41513f8d 100644
--- a/wolfcrypt/src/port/cypress/psoc6_crypto.c
+++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c
@@ -1,6 +1,6 @@
 /* psoc6_crypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
index 18f5cd7a3..456c8469c 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
@@ -1,6 +1,6 @@
 /* devcrypto_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,7 +52,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* encrypt only up to AES block size of date */
-    sz = sz - (sz % AES_BLOCK_SIZE);
+    sz = sz - (sz % WC_AES_BLOCK_SIZE);
     if (aes->ctx.cfd == -1) {
             ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_CBC,
                     (byte*)aes->devKey, aes->keylen);
@@ -67,7 +67,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* store iv for next call */
-    XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -78,11 +78,11 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     struct crypt_op crt;
     int ret;
 
-    if (aes == NULL || out == NULL || in == NULL || sz % AES_BLOCK_SIZE != 0) {
+    if (aes == NULL || out == NULL || in == NULL || sz % WC_AES_BLOCK_SIZE != 0) {
         return BAD_FUNC_ARG;
     }
 
-    XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     if (aes->ctx.cfd == -1) {
         ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_CBC,
                     (byte*)aes->devKey, aes->keylen);
@@ -96,7 +96,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         return WC_DEVCRYPTO_E;
     }
 
-    XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+    XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
     return 0;
 }
 #endif /* HAVE_AES_DECRYPT */
@@ -125,7 +125,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     aes->keylen = keylen;
     aes->rounds = keylen/4 + 6;
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
     aes->ctx.cfd = -1;
@@ -171,13 +172,13 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
 #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
 int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
+    return wc_DevCrypto_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE, COP_ENCRYPT);
 }
 
 
 int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_DECRYPT);
+    return wc_DevCrypto_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE, COP_DECRYPT);
 }
 
 
@@ -197,7 +198,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     /* in network byte order so start at end and work back */
     int i;
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -214,7 +215,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* consume any unused bytes left in aes->tmp */
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     while (aes->left && sz) {
         *(out++) = *(in++) ^ *(tmp++);
         aes->left--;
@@ -231,7 +232,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (sz > 0) {
         /* clear previously leftover data */
         tmp = (byte*)aes->tmp;
-        XMEMSET(tmp, 0, AES_BLOCK_SIZE);
+        XMEMSET(tmp, 0, WC_AES_BLOCK_SIZE);
 
         /* update IV */
         wc_SetupCryptSym(&crt, &aes->ctx, (byte*)in, sz, out, (byte*)aes->reg,
@@ -242,11 +243,11 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
 
         /* adjust counter after call to hardware */
-        while (sz >= AES_BLOCK_SIZE) {
+        while (sz >= WC_AES_BLOCK_SIZE) {
             IncrementAesCounter((byte*)aes->reg);
-            sz  -= AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
-            in  += AES_BLOCK_SIZE;
+            sz  -= WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -262,7 +263,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         wc_AesFree(&tmpAes);
         IncrementAesCounter((byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
+        aes->left = WC_AES_BLOCK_SIZE - (sz % WC_AES_BLOCK_SIZE);
     }
 
     return 0;
@@ -288,10 +289,10 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
 {
     struct crypt_auth_op crt = {0};
     int ret;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -302,7 +303,7 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
     if (in == NULL)
         in = scratch;
 
-    XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+    XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
     if (aes->ctx.cfd == -1) {
         ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_GCM, (byte*)aes->devKey,
                 aes->keylen);
@@ -317,12 +318,17 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
     }
     else{
         /* get full tag from hardware */
-        authTagSz = AES_BLOCK_SIZE;
+        authTagSz = WC_AES_BLOCK_SIZE;
     }
     wc_SetupCryptAead(&crt, &aes->ctx, (byte*)in, sz, out, (byte*)iv, ivSz,
                       dir, (byte*)authIn, authInSz, authTag, authTagSz);
     ret = ioctl(aes->ctx.cfd, CIOCAUTHCRYPT, &crt);
     if (ret != 0) {
+        #ifdef WOLFSSL_DEBUG
+        if (authInSz > sysconf(_SC_PAGESIZE)) {
+            WOLFSSL_MSG("authIn Buffer greater than System Page Size");
+        }
+        #endif
         if (dir == COP_DECRYPT) {
             return AES_GCM_AUTH_E;
         }
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
index 7a8c1d174..a80bb54e4 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
@@ -1,6 +1,6 @@
 /* devcrypto_ecdsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
index e3268a5e6..00b3c7870 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
@@ -1,6 +1,6 @@
 /* devcrypto_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
index 70d428a96..67c917353 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
@@ -1,6 +1,6 @@
 /* devcrypto_hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
index f1239959e..23eee7136 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
@@ -1,6 +1,6 @@
 /* devcrypto_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -244,20 +244,13 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
         }
     }
 
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (q != NULL)
-        XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dp != NULL)
-        XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dq != NULL)
-        XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (u != NULL)
-        XFREE(u,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (n != NULL)
-        XFREE(n,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     wc_DevCryptoFree(dev);
     return ret;
@@ -311,10 +304,8 @@ static int _PublicOperation(const byte* in, word32 inlen, byte* out,
     }
     wc_DevCryptoFree(&key->ctx);
 
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (e != NULL)
-        XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -322,7 +313,7 @@ static int _PublicOperation(const byte* in, word32 inlen, byte* out,
 int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen,
         byte* out, word32 outlen, RsaKey* key, int type)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (type) {
         case RSA_PUBLIC_DECRYPT:
@@ -332,6 +323,9 @@ int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen,
         case RSA_PRIVATE_DECRYPT:
             ret = _PrivateOperation(in, inlen, out, outlen, key);
             break;
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
     }
 
     return ret;
@@ -341,7 +335,7 @@ int wc_DevCrypto_RsaDecrypt(const byte* in, word32 inlen,
 int wc_DevCrypto_RsaEncrypt(const byte* in, word32 inlen, byte* out,
         word32* outlen, RsaKey *key, int type)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     switch (type) {
         case RSA_PUBLIC_ENCRYPT:
@@ -351,6 +345,9 @@ int wc_DevCrypto_RsaEncrypt(const byte* in, word32 inlen, byte* out,
         case RSA_PRIVATE_ENCRYPT:
             ret = _PrivateOperation(in, inlen, out, *outlen, key);
             break;
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
     }
     if (ret == 0) {
         *outlen = inlen;
@@ -550,21 +547,13 @@ int wc_DevCrypto_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     #endif
     }
 
-    if (p != NULL)
-        XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (q != NULL)
-        XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dp != NULL)
-        XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (dq != NULL)
-        XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (c != NULL)
-        XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (n != NULL)
-        XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (d != NULL) {
-        XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     (void)rng;
     return ret;
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
index 66e3bdc39..0e2215f33 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
@@ -1,6 +1,6 @@
 /* devcrypto_x25519.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
index 0b3eedbf7..e8c747f47 100644
--- a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
+++ b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
@@ -1,6 +1,6 @@
 /* wc_devcrypto.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -175,8 +175,13 @@ int wc_DevCryptoCreate(WC_CRYPTODEV* ctx, int type, byte* key, word32 keySz)
         WOLFSSL_MSG("Error getting session info");
         return WC_DEVCRYPTO_E;
     }
-    printf("Using %s with driver %s\n", sesInfo.hash_info.cra_name,
-        sesInfo.hash_info.cra_driver_name);
+    if (ctx->sess.cipher == 0) {
+        printf("Using %s with driver %s\n", sesInfo.hash_info.cra_name,
+            sesInfo.hash_info.cra_driver_name);
+    } else {
+        printf("Using %s with driver %s\n", sesInfo.cipher_info.cra_name,
+            sesInfo.cipher_info.cra_driver_name);
+    }
 #endif
     (void)key;
     (void)keySz;
diff --git a/wolfcrypt/src/port/intel/quickassist_sync.c b/wolfcrypt/src/port/intel/quickassist_sync.c
index 4a68b337c..130549a3d 100644
--- a/wolfcrypt/src/port/intel/quickassist_sync.c
+++ b/wolfcrypt/src/port/intel/quickassist_sync.c
@@ -1,6 +1,6 @@
 /* quickassist_sync.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -144,9 +144,9 @@ typedef void (*IntelQaFreeFunc)(struct IntelQaDev*);
 
 /* QuickAssist device */
 typedef struct IntelQaDev {
-	CpaInstanceHandle handle;
+        CpaInstanceHandle handle;
     int devId;
-	void* heap;
+        void* heap;
 
     /* callback return info */
     int ret;
@@ -220,7 +220,7 @@ static int IntelQaGetCyInstanceCount(void);
 
 #ifdef WOLF_CRYPTO_CB
     static int IntelQaSymSync_CryptoDevCb(int, struct wc_CryptoInfo*,
-			void*);
+                        void*);
 #endif /* WOLF_CRYPTO_CB */
 
 
@@ -359,21 +359,15 @@ void IntelQaHardwareStop(void)
                 status);
     }
 
-    if (g_cyInstMap) {
-        XFREE(g_cyInstMap, NULL, DYNAMIC_TYPE_ASYNC);
-        g_cyInstMap = NULL;
-    }
+    XFREE(g_cyInstMap, NULL, DYNAMIC_TYPE_ASYNC);
+    g_cyInstMap = NULL;
 
-    if (g_cyInstanceInfo) {
-        XFREE(g_cyInstanceInfo, NULL, DYNAMIC_TYPE_ASYNC);
-        g_cyInstanceInfo = NULL;
-    }
+    XFREE(g_cyInstanceInfo, NULL, DYNAMIC_TYPE_ASYNC);
+    g_cyInstanceInfo = NULL;
 
 #ifdef QAT_USE_POLLING_CHECK
-    if (g_cyPolling) {
-        XFREE(g_cyPolling, NULL, DYNAMIC_TYPE_ASYNC);
-        g_cyPolling = NULL;
-    }
+    XFREE(g_cyPolling, NULL, DYNAMIC_TYPE_ASYNC);
+    g_cyPolling = NULL;
     if (g_PollLock) {
         for (i=0; i<g_numInstances; i++) {
             pthread_mutex_destroy(&g_PollLock[i]);
@@ -423,7 +417,7 @@ int IntelQaHardwareStart(const char* process_name, int limitDevAccess)
 
 #ifdef QAT_DEBUG
     /* optionally enable debugging */
-    //osalLogLevelSet(8);
+    /* osalLogLevelSet(8); */
 #endif
 
     status = cpaCyGetNumInstances(&g_numInstances);
@@ -674,7 +668,7 @@ int IntelQaPoll(IntelQaDev* dev)
     }
 
     {
-        if (dev->ret != WC_PENDING_E) {
+        if (dev->ret != WC_NO_ERR_TRACE(WC_PENDING_E)) {
             /* perform cleanup */
             IntelQaFreeFunc freeFunc = dev->freeFunc;
             QLOG("IntelQaOpFree: Dev %p, FreeFunc %p\n", dev, freeFunc);
@@ -881,31 +875,20 @@ static void IntelQaSymCipherFree(IntelQaDev* dev)
     CpaBufferList* pDstBuffer = &dev->op.cipher.bufferList;
 
     if (opData) {
-        if (opData->pAdditionalAuthData) {
-            XFREE(opData->pAdditionalAuthData, dev->heap,
-                    DYNAMIC_TYPE_ASYNC_NUMA);
-            opData->pAdditionalAuthData = NULL;
-        }
-        if (opData->pIv) {
-            XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
-            opData->pIv = NULL;
-        }
+        XFREE(opData->pAdditionalAuthData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+        opData->pAdditionalAuthData = NULL;
+        XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+        opData->pIv = NULL;
         XMEMSET(opData, 0, sizeof(CpaCySymOpData));
     }
     if (pDstBuffer) {
         if (pDstBuffer->pBuffers) {
-            if (pDstBuffer->pBuffers->pData) {
-                XFREE(pDstBuffer->pBuffers->pData, dev->heap,
-                        DYNAMIC_TYPE_ASYNC_NUMA);
-                pDstBuffer->pBuffers->pData = NULL;
-            }
+            XFREE(pDstBuffer->pBuffers->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+            pDstBuffer->pBuffers->pData = NULL;
             XMEMSET(pDstBuffer->pBuffers, 0, sizeof(CpaFlatBuffer));
         }
-        if (pDstBuffer->pPrivateMetaData) {
-            XFREE(pDstBuffer->pPrivateMetaData, dev->heap,
-                    DYNAMIC_TYPE_ASYNC_NUMA);
-            pDstBuffer->pPrivateMetaData = NULL;
-        }
+        XFREE(pDstBuffer->pPrivateMetaData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+        pDstBuffer->pPrivateMetaData = NULL;
         XMEMSET(pDstBuffer, 0, sizeof(CpaBufferList));
     }
 
@@ -987,7 +970,7 @@ static int IntelQaSymCipher(IntelQaDev* dev, byte* out, const byte* in,
     metaBuf = XMALLOC(metaSize, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
     dataBuf = XMALLOC(dataLen, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
     XMEMCPY(dataBuf, in, inOutSz);
-    ivBuf = XMALLOC(AES_BLOCK_SIZE, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+    ivBuf = XMALLOC(WC_AES_BLOCK_SIZE, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
     XMEMCPY(ivBuf, iv, ivSz);
     authTagBuf = XMALLOC(authTagSz, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
 
@@ -1000,9 +983,9 @@ static int IntelQaSymCipher(IntelQaDev* dev, byte* out, const byte* in,
     /* AAD */
     if (authIn && authInSz > 0) {
         /* make sure AAD is block aligned */
-        if (authInSzAligned % AES_BLOCK_SIZE) {
-            authInSzAligned += AES_BLOCK_SIZE -
-                (authInSzAligned % AES_BLOCK_SIZE);
+        if (authInSzAligned % WC_AES_BLOCK_SIZE) {
+            authInSzAligned += WC_AES_BLOCK_SIZE -
+                (authInSzAligned % WC_AES_BLOCK_SIZE);
         }
 
         authInBuf = XMALLOC(authInSzAligned, dev->heap,
@@ -1142,7 +1125,7 @@ int IntelQaSymAesCbcEncrypt(IntelQaDev* dev,
         CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT,
         CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0);
 
-    XMEMCPY((byte*)iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY((byte*)iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     return ret;
 }
 
@@ -1152,17 +1135,17 @@ int IntelQaSymAesCbcDecrypt(IntelQaDev* dev,
             const byte* key, word32 keySz,
             const byte* iv, word32 ivSz)
 {
-    byte nextIv[AES_BLOCK_SIZE];
+    byte nextIv[WC_AES_BLOCK_SIZE];
     int ret;
 
-    XMEMCPY(nextIv, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY(nextIv, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     ret = IntelQaSymCipher(dev, out, in, sz,
         key, keySz, iv, ivSz,
         CPA_CY_SYM_OP_CIPHER, CPA_CY_SYM_CIPHER_AES_CBC,
         CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT,
         CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0);
 
-    XMEMCPY((byte*)iv, nextIv, AES_BLOCK_SIZE);
+    XMEMCPY((byte*)iv, nextIv, WC_AES_BLOCK_SIZE);
     return ret;
 }
 #endif /* HAVE_AES_DECRYPT */
@@ -1258,7 +1241,7 @@ int IntelQaSymSync_CryptoDevCb(int devId, struct wc_CryptoInfo* info, void* ctx)
                         info->cipher.aescbc.in,
                         info->cipher.aescbc.sz,
                         (byte*)aes->devKey, aes->keylen,
-                        (byte*)aes->reg, AES_BLOCK_SIZE);
+                        (byte*)aes->reg, WC_AES_BLOCK_SIZE);
             }
             else {
                 rc = IntelQaSymAesCbcDecrypt(dev,
@@ -1266,7 +1249,7 @@ int IntelQaSymSync_CryptoDevCb(int devId, struct wc_CryptoInfo* info, void* ctx)
                         info->cipher.aescbc.in,
                         info->cipher.aescbc.sz,
                         (byte*)aes->devKey, aes->keylen,
-                        (byte*)aes->reg, AES_BLOCK_SIZE);
+                        (byte*)aes->reg, WC_AES_BLOCK_SIZE);
             }
         }
         #endif /* !NO_AES */
diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c
index 8a3af53d9..60ae3d756 100644
--- a/wolfcrypt/src/port/iotsafe/iotsafe.c
+++ b/wolfcrypt/src/port/iotsafe/iotsafe.c
@@ -1,6 +1,6 @@
 /* iotsafe.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -612,7 +612,7 @@ static int iotsafe_parse_public_key(char* resp, int len, ecc_key *key)
 /* Execute GEN_KEYPAIR on the IoT-SAFE applet.
  *
  * Return -1 on error; 0 if the operation is successful, but
- * the generated public key was not yet stored in `key`; 1 if 
+ * the generated public key was not yet stored in `key`; 1 if
  * the operation is successful and the public key was found in the
  * command response and copied to the `key` structure, if not NULL.
  */
@@ -620,7 +620,7 @@ static int iotsafe_gen_keypair(byte *wr_slot, unsigned long id_size,
                                ecc_key *key)
 {
     char *resp;
-    int ret = WC_HW_E;
+    int ret = WC_NO_ERR_TRACE(WC_HW_E);
     iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_GEN_KEYPAIR, 0, 0);
     iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PRIVKEY_ID, id_size, wr_slot);
     iotsafe_cmd_complete(csim_cmd);
@@ -749,43 +749,37 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
     int ret;
     char *resp;
     uint16_t hash_algo = 0;
-    int len;
+    int hash_len;
     uint16_t hash_algo_be = 0;
 
     WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
-     switch (digest) {
-        #ifndef NO_SHA256
+    switch (digest) {
+#ifndef NO_SHA256
         case WC_SHA256:
-        hash_algo = (uint16_t)1;
-        if (ikmLen == 0) {
-            len = WC_SHA256_DIGEST_SIZE;
-        }
+            hash_algo = (uint16_t)1;
+            hash_len = WC_SHA256_DIGEST_SIZE;
             break;
-        #endif
-        #ifdef WOLFSSL_SHA384
+#endif
+#ifdef WOLFSSL_SHA384
         case WC_SHA384:
-        hash_algo = (uint16_t)2;
-        if (ikmLen == 0) {
-            len = WC_SHA384_DIGEST_SIZE;
-        }
+            hash_algo = (uint16_t)2;
+            hash_len = WC_SHA384_DIGEST_SIZE;
             break;
-        #endif
-        #ifdef WOLFSSL_TLS13_SHA512
+#endif
+#ifdef WOLFSSL_SHA512
         case WC_SHA512:
-        hash_algo = (uint16_t)4;
-        if (ikmLen == 0) {
-            len = WC_SHA512_DIGEST_SIZE;
-        }
+            hash_algo = (uint16_t)4;
+            hash_len = WC_SHA512_DIGEST_SIZE;
             break;
-        #endif
+#endif
         default:
             return BAD_FUNC_ARG;
             break;
-     }
+    }
 
     if (ikmLen == 0) {
-        ikmLen = len;
-        XMEMSET(ikm, 0, len);
+        ikmLen = hash_len;
+        XMEMSET(ikm, 0, hash_len);
     }
 
 #ifdef DEBUG_IOTSAFE
@@ -812,14 +806,12 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
         WOLFSSL_MSG("Unexpected reply from HKDF extract");
         ret = WC_HW_E;
     } else {
-
-         ret = hexbuffer_conv(resp, prk, 32);
+        ret = hexbuffer_conv(resp, prk, hash_len);
         if (ret < 0)
             ret = WC_HW_E;
         else
             ret = 0;
     }
-
     return ret;
 }
 #endif
@@ -830,7 +822,7 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
 {
     byte mode_of_operation = IOTSAFE_MOO_SIGN_ONLY;
     uint16_t hash_algo_be = XHTONS(hash_algo);
-    int ret = WC_HW_E;
+    int ret = WC_NO_ERR_TRACE(WC_HW_E);
     char *resp;
     char R[2 * IOTSAFE_ECC_KSIZE + 1];
     char S[2 * IOTSAFE_ECC_KSIZE + 1];
@@ -1097,11 +1089,11 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
                 localSalt = tmp;
             }
     }
-    
-    ret = iotsafe_hkdf_extract(prk, localSalt, saltLen, ikm, ikmLen, digest);    
+
+    ret = iotsafe_hkdf_extract(prk, localSalt, saltLen, ikm, ikmLen, digest);
     (void)ctx;
     return ret;
-}       
+}
 #endif
 
 static int wolfIoT_ecc_sign(WOLFSSL* ssl,
@@ -1581,7 +1573,7 @@ int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx)
     WOLFSSL_MSG("ECC callbacks set to IoT_safe interface");
     #endif
     #ifndef NO_RSA
-    /* wolfSSL_CTX_SetRsaSignCb(wolfIoT_rsa_sign);  // TODO: RSA callbacks */
+    /* wolfSSL_CTX_SetRsaSignCb(wolfIoT_rsa_sign); */ /* TODO: RSA callbacks */
     #endif
 #else
     (void)ctx;
diff --git a/wolfcrypt/src/port/kcapi/README.md b/wolfcrypt/src/port/kcapi/README.md
index 459b0ec87..a325fe37b 100644
--- a/wolfcrypt/src/port/kcapi/README.md
+++ b/wolfcrypt/src/port/kcapi/README.md
@@ -27,7 +27,7 @@ cd libkcapi
 
 autoreconf -i
 
-./configure	--enable-kcapi-test \
+./configure --enable-kcapi-test \
     --enable-kcapi-speed \
     --enable-kcapi-hasher \
     --enable-kcapi-rngapp \
diff --git a/wolfcrypt/src/port/kcapi/kcapi_aes.c b/wolfcrypt/src/port/kcapi/kcapi_aes.c
index bf87340a3..a674aa6d6 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_aes.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_aes.c
@@ -1,6 +1,6 @@
 /* kcapi_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,8 +39,8 @@
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$g")
-        #pragma const_seg(".fipsB$g")
+        #pragma code_seg(".fipsA$ba")
+        #pragma const_seg(".fipsB$ba")
     #endif
 #endif
 
@@ -123,7 +123,7 @@
         struct iovec iov;
 
         if (aes == NULL || out == NULL || in == NULL || \
-                                                     sz % AES_BLOCK_SIZE != 0) {
+                                                     sz % WC_AES_BLOCK_SIZE != 0) {
             ret = BAD_FUNC_ARG;
         }
 
@@ -243,7 +243,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* argument checks */
     if ((aes == NULL) || ((sz != 0 && (in == NULL || out == NULL))) ||
         (iv == NULL) || ((authTag == NULL) && (authTagSz > 0)) ||
-        (authTagSz > AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
+        (authTagSz > WC_AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -356,7 +356,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* argument checks */
     if ((aes == NULL) || ((sz != 0 && (in == NULL || out == NULL))) ||
         (iv == NULL) || ((authTag == NULL) && (authTagSz > 0)) ||
-        (authTagSz > AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
+        (authTagSz > WC_AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
         ret = BAD_FUNC_ARG;
     }
 
diff --git a/wolfcrypt/src/port/kcapi/kcapi_dh.c b/wolfcrypt/src/port/kcapi/kcapi_dh.c
index cceaf2521..0f584dd96 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_dh.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_dh.c
@@ -1,6 +1,6 @@
 /* kcapi_dh.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,7 +52,7 @@ static int KcapiDh_SetParams(DhKey* key)
     word32 len;
 
     ret = wc_DhParamsToDer(key, NULL, &len);
-    if (ret == LENGTH_ONLY_E) {
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         ret = 0;
         pkcs3 = (unsigned char*)XMALLOC(len, key->heap,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
@@ -70,9 +70,7 @@ static int KcapiDh_SetParams(DhKey* key)
         }
     }
 
-    if (pkcs3 != NULL) {
-        XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(pkcs3, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/kcapi/kcapi_ecc.c b/wolfcrypt/src/port/kcapi/kcapi_ecc.c
index 1f66b5222..9bfc83cb4 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_ecc.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_ecc.c
@@ -1,6 +1,6 @@
 /* kcapi_ecc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/kcapi_hash.c b/wolfcrypt/src/port/kcapi/kcapi_hash.c
index f4a3b43c0..4141116bf 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_hash.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_hash.c
@@ -1,6 +1,6 @@
 /* kcapi_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,10 +51,8 @@ void KcapiHashFree(wolfssl_KCAPI_Hash* hash)
         }
 
     #if defined(WOLFSSL_KCAPI_HASH_KEEP)
-        if (hash->msg != NULL) {
-            XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            hash->msg = NULL;
-        }
+        XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        hash->msg = NULL;
     #endif
     }
 }
diff --git a/wolfcrypt/src/port/kcapi/kcapi_hmac.c b/wolfcrypt/src/port/kcapi/kcapi_hmac.c
index 0a5d46751..08b828207 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_hmac.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_hmac.c
@@ -1,6 +1,6 @@
 /* kcapi_hmac.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/kcapi_rsa.c b/wolfcrypt/src/port/kcapi/kcapi_rsa.c
index cafca14e7..caa357097 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_rsa.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_rsa.c
@@ -1,6 +1,6 @@
 /* kcapi_rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,9 +76,7 @@ static int KcapiRsa_SetPrivKey(RsaKey* key)
         }
     }
 
-    if (priv != NULL) {
-        XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -167,9 +165,7 @@ static int KcapiRsa_SetPubKey(RsaKey* key)
         }
     }
 
-    if (pub != NULL) {
-        XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/liboqs/liboqs.c b/wolfcrypt/src/port/liboqs/liboqs.c
new file mode 100644
index 000000000..520349ecf
--- /dev/null
+++ b/wolfcrypt/src/port/liboqs/liboqs.c
@@ -0,0 +1,132 @@
+/* liboqs.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+
+DESCRIPTION
+This library provides the support interfaces to the liboqs library providing
+implementations for Post-Quantum cryptography algorithms.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+
+#if defined(HAVE_LIBOQS)
+
+/* RNG for liboqs */
+static WC_RNG liboqsDefaultRNG;
+static WC_RNG* liboqsCurrentRNG;
+
+static wolfSSL_Mutex liboqsRNGMutex;
+
+static int liboqs_init = 0;
+
+
+static void wolfSSL_liboqsGetRandomData(uint8_t* buffer, size_t numOfBytes)
+{
+    int ret;
+    word32 numOfBytes_word32;
+
+    while (numOfBytes > 0) {
+        numOfBytes_word32 = (word32)numOfBytes;
+        numOfBytes -= numOfBytes_word32;
+        ret = wc_RNG_GenerateBlock(liboqsCurrentRNG, buffer,
+                                   numOfBytes_word32);
+        if (ret != 0) {
+            /* ToDo: liboqs exits program if RNG fails,
+             * not sure what to do here
+             */
+            WOLFSSL_MSG_EX(
+                "wc_RNG_GenerateBlock(..., %u) failed with ret %d "
+                "in wolfSSL_liboqsGetRandomData().", numOfBytes_word32, ret
+                );
+            abort();
+        }
+    }
+}
+
+int wolfSSL_liboqsInit(void)
+{
+    int ret = 0;
+
+    if (liboqs_init == 0) {
+        ret = wc_InitMutex(&liboqsRNGMutex);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = wc_LockMutex(&liboqsRNGMutex);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = wc_InitRng(&liboqsDefaultRNG);
+        if (ret == 0) {
+            OQS_init();
+            liboqs_init = 1;
+        }
+        liboqsCurrentRNG = &liboqsDefaultRNG;
+        wc_UnLockMutex(&liboqsRNGMutex);
+
+        OQS_randombytes_custom_algorithm(wolfSSL_liboqsGetRandomData);
+    }
+
+    return ret;
+}
+
+void wolfSSL_liboqsClose(void)
+{
+    wc_FreeRng(&liboqsDefaultRNG);
+}
+
+int wolfSSL_liboqsRngMutexLock(WC_RNG* rng)
+{
+    int ret = wolfSSL_liboqsInit();
+    if (ret == 0) {
+        ret = wc_LockMutex(&liboqsRNGMutex);
+    }
+    if (ret == 0 && rng != NULL) {
+        /* Update the pointer with the RNG to use. This is safe as we locked the mutex */
+        liboqsCurrentRNG = rng;
+    }
+    return ret;
+}
+
+int wolfSSL_liboqsRngMutexUnlock(void)
+{
+    liboqsCurrentRNG = &liboqsDefaultRNG;
+
+    if (liboqs_init) {
+        return wc_UnLockMutex(&liboqsRNGMutex);
+    }
+    else {
+        return BAD_MUTEX_E;
+    }
+}
+
+#endif /* HAVE_LIBOQS */
diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md
index 55cb2a04c..3919ffd0f 100644
--- a/wolfcrypt/src/port/maxim/README.md
+++ b/wolfcrypt/src/port/maxim/README.md
@@ -1,14 +1,144 @@
-wolfSSL using Analog Devices MAXQ1065 or MAX1080
+wolfSSL using Analog Devices MAXQ1065, MAX1080, MAX32665 or MAX32666
 ================================================
 
 ## Overview
 
 wolfSSL can be configured to use the MAXQ1065 or MAX1080 cryptographic
-controllers. Product datasheets, user guides and other resources can be found at
+controllers. wolfSSL can also be configure to utilize the TPU
+(crypto accelerator), MAA (math accelerator), and TRNG available on select
+MAX32665 and MAX32666 microcontroller.
+
+Product datasheets, user guides and other resources can be found at
 Analog Devices website:
 
 https://www.analog.com
 
+# MAX32665/MAX32666
+## Build and Usage
+
+wolfSSL supports the [Maxim SDK](https://github.com/analogdevicesinc/msdk), to
+utilize the TPU and MAA located on the devices.
+
+Building is supported by adding `#define WOLFSSL_MAX3266X` to `user_settings.h`.
+wolfSSL supports the usage of the older style API Maxim provides with the
+`#define WOLFSSL_MAX3266X_OLD` to `user_settings.h`.
+
+When using `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` you will also need to
+add `#define WOLFSSL_SP_MATH_ALL` to `user_settings.h`.
+
+If you want to be more specific on what hardware acceleration you want to use,
+this can be done by adding any combination of these defines:
+```
+#define MAX3266X_RNG    - Allows usage of TRNG device
+#define MAX3266X_AES    - Allows usage of TPU for AES Acceleration
+#define MAX3266X_SHA    - Allows usage of TPU for Hash Acceleration
+#define MAX3266X_MATH   - Allows usage of MAA for MOD based Math Acceleration
+```
+For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`.
+When you use a specific hardware define like `#define MAX3266X_RNG` this will
+mean only the TRNG device is being used, and all other operations will use the
+default software implementations.
+
+The other prerequisite is that a change needs to be made to the Maxim SDK. This
+is to use the MAA Math Accelerator, this change only needs to be made if you are
+using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves
+or you are specifying `#define MAX3266X_MATH`. This is only needed if you are
+not using the latest Maxim SDK.
+
+In the SDK you will need to find the underlying function that
+`MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the
+older SDK this function is called `MAA_Compute()` in `maa.h`. In the underlying
+function you will need to this:
+
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC, clc);
+```
+to
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC,
+                clc << MXC_F_TPU_REVA_MAA_CTRL_CLC_POS);
+```
+
+This bug has been reported to Analog Devices and a PR has been made
+[here](https://github.com/analogdevicesinc/msdk/pull/1104)
+if you want to know more details on the issue, or use a patch.
+
+
+## Supported Algos
+Using these defines will replace software implementations with a call to the
+hardware.
+
+`#define MAX3266X_RNG`
+- Uses entropy from TRNG to seed HASHDRBG
+
+`#define MAX3266X_AES`:
+
+- AES-CBC: 128, 192, 256
+- AES-ECB: 128, 192, 256
+
+`#define MAX3266X_SHA`:
+
+- SHA-1
+- SHA-224
+- SHA-256
+- SHA-384
+- SHA-512
+
+Please note that when using `MAX3266X_SHA` there will be a limitation when
+attempting to do a larger sized hash as the SDK for the hardware currently
+expects a the whole msg buffer to be given.
+
+`#define MAX3266X_MATH` (Replaces math operation calls for algos
+like RSA and ECC key generation):
+
+- mod:      `a mod m = r`
+- addmod:   `(a+b)mod m = r`
+- submod:   `(a-b)mod m = r`
+- mulmod:   `(a*b)mod m = r`
+- sqrmod:   `(b^2)mod m = r`
+- exptmod:  `(b^e)mod m = r`
+
+## Crypto Callback Support
+This port also supports using the Crypto Callback functionality in wolfSSL.
+When `WOLF_CRYPTO_CB` is defined in `user_settings.h` along with
+`WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` it will build the library to allow
+the ability to switch between hardware and software implementations.
+
+Crypto Callbacks only support using the hardware for these Algorithms:
+
+- AES ECB: 128, 192, 256
+- AES CBC: 128, 192, 256
+- SHA-1
+- SHA-256
+- SHA-384
+- SHA-512
+
+When using `WOLF_CRYPTO_CB` and `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD`,
+`MAX3266X_MATH` is turned off and is is currently not supported to use with
+`WOLF_CRYPTO_CB`.
+
+The Hardware of the port will be used by default when no devId is set.
+To use software versions of the support Callback Algorithms the devId will need
+to be set to `INVALID_DEVID`.
+
+For more information about Crypto Callbacks and how to use them please refer to
+the [wolfSSL manual](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter06.html).
+
+## Extra Information
+For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with
+`#define MAX3266X_VERBOSE` to see if errors are occurring during the hardware
+setup/
+
+To reproduce benchmark numbers you can use `#define MAX3266X_RTC`.
+Do note that this will only work with `#define WOLFSSL_MAX3266X` and not
+`#define WOLFSSL_MAX3266X_OLD`. This is only meant for benchmark reproduction
+and not for any other application. Please implement your own rtc/time code for
+anything else.
+
+For more information about the TPU, MAA, and TRNG please refer to the
+[MAX32665/MAX32666 User Guide: UG6971](https://www.analog.com/media/en/technical-documentation/user-guides/max32665max32666-user-guide.pdf)
+
+# MAXQ1065/MAX1080
 ## Build and Usage
 
 Please use the appropriate SDK or Evkit to build wolfSSL.
diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c
new file mode 100644
index 000000000..f47886fd1
--- /dev/null
+++ b/wolfcrypt/src/port/maxim/max3266x.c
@@ -0,0 +1,1552 @@
+/* max3266x.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+#include <stdint.h>
+#include <stdarg.h>
+
+#include <wolfssl/wolfcrypt/wolfmath.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+
+#if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH)
+    #error  MXC Not Compatible with Fast Math or Heap Math
+    #include <wolfssl/wolfcrypt/tfm.h>
+    #define MXC_WORD_SIZE               DIGIT_BIT
+#elif defined(WOLFSSL_SP_MATH_ALL)
+    #include <wolfssl/wolfcrypt/sp_int.h>
+    #define MXC_WORD_SIZE               SP_WORD_SIZE
+#else
+    #error MXC HW port needs #define WOLFSSL_SP_MATH_ALL
+#endif
+
+/* Max size MAA can handle */
+#define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE)
+
+int wc_MXC_TPU_Init(void)
+{
+    /* Initialize the TPU device */
+    if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not initialize");
+        return RNG_FAILURE_E;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_Shutdown(void)
+{
+    /* Shutdown the TPU device */
+#if defined(WOLFSSL_MAX3266X_OLD)
+    MXC_TPU_Shutdown(); /* Is a void return in older SDK */
+#else
+    if (MXC_TPU_Shutdown(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not shutdown");
+        return RNG_FAILURE_E;
+    }
+#endif
+    MAX3266X_MSG("TPU Hardware Shutdown");
+    return 0;
+}
+
+
+#ifdef WOLF_CRYPTO_CB
+int wc_MxcAesCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->cipher.type) {
+#ifdef HAVE_AES_CBC
+        case WC_CIPHER_AES_CBC:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesCbcEncrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesCbcDecrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+#ifdef HAVE_AES_ECB
+        case WC_CIPHER_AES_ECB:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesEcbEncrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesEcbDecrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+        default:
+            /* Is not ECB/CBC/GCM */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    /* Just in case code breaks of switch statement return error */
+    return BAD_FUNC_ARG;
+}
+
+#ifdef MAX3266X_SHA_CB
+
+int wc_MxcShaCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->hash.type) {
+    #ifndef NO_SHA
+        case WC_HASH_TYPE_SHA:
+            MAX3266X_MSG("SHA-1 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha1->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 1 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha1->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA1);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA224
+        case WC_HASH_TYPE_SHA224:
+            MAX3266X_MSG("SHA-224 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha224->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha224->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA224);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifndef NO_SHA256
+        case WC_HASH_TYPE_SHA256:
+            MAX3266X_MSG("SHA-256 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha256->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha256->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA256);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA384
+        case WC_HASH_TYPE_SHA384:
+            MAX3266X_MSG("SHA-384 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha384->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 384 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha384->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA384);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA512
+        case WC_HASH_TYPE_SHA512:
+            MAX3266X_MSG("SHA-512 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha512->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 512 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha512->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA512);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+        default:
+            /* Hash type not supported */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    if (info->hash.inSz == 0) {
+        return 0; /* Dont need to Update when Size is Zero */
+    }
+    return BAD_FUNC_ARG;
+}
+#endif /* MAX3266X_SHA_CB */
+
+/* Determines AES Type for Callback */
+/* General Callback Function to determine ALGO Type */
+int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
+{
+    int ret;
+    (void)ctx;
+
+    if (info == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef DEBUG_CRYPTOCB
+    wc_CryptoCb_InfoString(info);
+#endif
+
+    switch (info->algo_type) {
+        case WC_ALGO_TYPE_CIPHER:
+            MAX3266X_MSG("Using MXC AES HW Callback:");
+            ret = wc_MxcAesCryptoCb(info); /* Determine AES HW or SW */
+            break;
+#ifdef MAX3266X_SHA_CB
+        case WC_ALGO_TYPE_HASH:
+            MAX3266X_MSG("Using MXC SHA HW Callback:");
+            ret = wc_MxcShaCryptoCb(info); /* Determine SHA HW or SW */
+            break;
+#endif /* MAX3266X_SHA_CB */
+        default:
+            MAX3266X_MSG("Callback not support with MXC, using SW");
+            /* return this to bypass HW and use SW */
+            ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+
+    return ret;
+}
+#endif
+
+/* Convert Error Codes Correctly and Report HW error when */
+/* using #define MAX3266X_VERBOSE */
+int wc_MXC_error(int *ret)
+{
+    if (ret == NULL) {
+        /* In case somehow pointer to the return code is NULL */
+        return BAD_FUNC_ARG;
+    }
+    switch (*ret) {
+        case E_SUCCESS:
+            return 0;
+
+        case E_INVALID: /* Process Failed */
+            MAX3266X_MSG("HW Reported: E_INVALID Error");
+            *ret = WC_HW_E;
+            break;
+
+        case E_NULL_PTR:
+            MAX3266X_MSG("HW Reported: E_NULL_PTR Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_PARAM:
+            MAX3266X_MSG("HW Reported: E_BAD_PARAM Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_STATE:
+            MAX3266X_MSG("HW Reported: E_BAD_STATE Error");
+            *ret = WC_HW_E;
+            break;
+
+        default:
+            MAX3266X_MSG("HW Reported an Unknown Error");
+            *ret = WC_HW_E; /* If something else return HW Error */
+            break;
+    }
+    return *ret;
+}
+
+
+#if defined(MAX3266X_RNG)
+/* Simple call to SDK's TRNG HW */
+int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz)
+{
+    int status;
+    if (output == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwRngMutexLock(); /* Lock Mutex needed since */
+                                         /* calling TPU init */
+    if (status != 0) {
+        return status;
+    }
+    status = MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG);
+    if (status == 0) {
+        /* void return function */
+        MXC_TPU_TRNG_Read(MXC_TRNG, output, sz);
+        MAX3266X_MSG("TRNG Hardware Used");
+    }
+    else {
+        MAX3266X_MSG("TRNG Device did not initialize");
+        status = RNG_FAILURE_E;
+    }
+    wolfSSL_HwRngMutexUnLock(); /* Unlock Mutex no matter status value */
+    return status;
+}
+#endif /* MAX3266X_RNG */
+
+#if defined(MAX3266X_AES)
+/* Generic call to the SDK's AES 1 shot Encrypt based on inputs given */
+int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* enc_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    MAX3266X_MSG("AES HW Encryption");
+    if (status != 0) {
+        MAX3266X_MSG("Hardware Mutex Failure");
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+
+/* Encrypt AES Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % WC_AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    (unsigned int)keySize);
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+
+#ifdef HAVE_AES_DECRYPT
+/* Generic call to the SDK's AES 1 shot decrypt based on inputs given */
+int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* dec_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    if (status != 0) {
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+/* Decrypt Aes Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+    byte temp_block[WC_AES_BLOCK_SIZE];
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % WC_AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    /* get IV for next call */
+    XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+    status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    keySize);
+
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash)
+{
+    if (hash == NULL) {
+        return BAD_FUNC_ARG; /* Appropriate error handling for null argument */
+    }
+    hash->msg = NULL;
+    hash->used = 0;
+    hash->size = 0;
+    return 0;
+}
+
+/* Used to update the msg. Currently the SDK only supports 1 shots, so the */
+/* hash->msg buffer needs to be updated and resized. hash->msg will keep the */
+/* unhashed msg and produce a digest when wc_MXC_TPU_SHA_Final or */
+/* wc_MXC_TPU_SHA_GetHash is called */
+int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data,
+                            unsigned int size)
+{
+    void *p;
+    /* Only update if size is not 0 */
+    if (size == 0) {
+        return 0;
+    }
+    /* Check for NULL pointers After Size Check */
+    if (hash == NULL || data == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->size < hash->used+size) {
+        if (hash->msg == NULL) {
+            p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+        else {
+            #ifdef WOLFSSL_NO_REALLOC
+            p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (p != NULL) {
+                XMEMCPY(p, hash->msg, hash->used);
+                XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            }
+            #else
+            p = XREALLOC(hash->msg, hash->used+size, NULL,
+                            DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
+        }
+        if (p == NULL) {
+            return MEMORY_E;
+        }
+        hash->msg = p;
+        hash->size = hash->used+size;
+    }
+    XMEMCPY(hash->msg+hash->used, data, size);
+    hash->used += size;
+    if (hash->msg == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest,
+                                MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo);
+    /* True Case that msg is an empty string */
+    if (status == 1) {
+        /* Hardware cannot handle the case of an empty string */
+        /* so in the case of this we will provide the hash via software */
+        return 0;
+    }
+    /* False Case where msg needs to be processed */
+    else if (status == 0) {
+        status = wolfSSL_HwHashMutexLock(); /* Set Mutex */
+        if (status != 0) { /* Mutex Call Check */
+            return status;
+        }
+        MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU);
+        MXC_TPU_Hash_Config(algo);
+        status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size,
+                                         (char *)digest);
+        MAX3266X_MSG("SHA HW Acceleration Used");
+        wolfSSL_HwHashMutexUnLock(); /* Release Mutex */
+        if (wc_MXC_error(&status) != 0) {
+            MAX3266X_MSG("SHA HW Error Occurred");
+            return status;
+        }
+    }
+    /* Error Occurred */
+    return status;
+}
+
+/* Calls GetHash to determine the digest and then reinitialize the hash */
+/* struct */
+int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest,
+                                    MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo);
+    /* Free hash->msg no matter result */
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (status != 0) {
+        return status;
+    }
+    status = wc_MXC_TPU_SHA_Init(hash);
+    if (status != 0) {
+        return status;
+    }
+    return status;
+}
+
+/* Copies Struct values from SRC struct to DST struct */
+int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst)
+{
+    if (src == NULL || dst == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    dst->used = src->used;
+    dst->size = src->size;
+    if (dst->msg == src->msg && src->msg != 0) {
+        /* Allocate new memory for dst->msg if it points to the same location */
+        /* as src->msg */
+        dst->msg = (unsigned char*)XMALLOC(src->size, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
+        if (dst->msg == NULL) {
+            return MEMORY_E; /* Handle memory allocation failure */
+        }
+    }
+    XMEMCPY(dst->msg, src->msg, src->size);
+    return 0;
+}
+
+/* Free the given struct's msg buffer and then reinitialize the struct to 0 */
+/* returns void to match other wc_Sha*Free api */
+void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash)
+{
+    if (hash == NULL) {
+        return; /* Hash Struct is Null already, dont edit potentially */
+                /* undefined memory */
+    }
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */
+    return;
+}
+
+/* Acts as a True/False if true it will provide the stored digest */
+/* for the edge case of an empty string */
+int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest,
+                                        MXC_TPU_HASH_TYPE algo)
+{
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->msg == 0 && hash->size == 0) {
+        switch (algo) {
+            #ifndef NO_SHA
+            case MXC_TPU_HASH_SHA1:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA */
+            #ifdef WOLFSSL_SHA224
+            case MXC_TPU_HASH_SHA224:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA224 */
+            #ifndef NO_SHA256
+            case MXC_TPU_HASH_SHA256:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA256 */
+            #ifdef WOLFSSL_SHA384
+            case MXC_TPU_HASH_SHA384:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA384 */
+            #ifdef WOLFSSL_SHA512
+            case MXC_TPU_HASH_SHA512:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA512 */
+            default:
+                return BAD_FUNC_ARG;
+        }
+        return 1; /* True */
+    }
+    return 0; /* False */
+}
+
+#ifndef MAX3266X_SHA_CB
+#if !defined(NO_SHA)
+
+WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
+{
+    if (sha == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+}
+
+WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_ShaFree(wc_Sha* sha)
+{
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+    return;
+}
+
+#endif /* NO_SHA */
+
+#if defined(WOLFSSL_SHA224)
+
+WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
+{
+    if (sha224 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha224->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224)
+{
+    return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha224->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha224->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha224->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224)
+{
+    wc_MXC_TPU_SHA_Free(&(sha224->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA224 */
+
+#if !defined(NO_SHA256)
+
+WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    if (sha256 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha256->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha256->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha256->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256)
+{
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+    return;
+}
+
+#endif /* NO_SHA256 */
+
+#if defined(WOLFSSL_SHA384)
+
+WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+{
+    if (sha384 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384)
+{
+    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha384->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha384->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha384->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384)
+{
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512)
+
+WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512)
+{
+    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha512->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha512->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha512->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512)
+{
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA512 */
+#endif /* !MAX3266X_SHA_CB*/
+#endif /* MAX3266X_SHA || MAX3266X_SHA_CB */
+
+#if defined(MAX3266X_MATH)
+
+/* Sets mutex and initializes hardware according to needed operation size */
+int wc_MXC_MAA_init(unsigned int len)
+{
+    int status;
+    MAX3266X_MSG("Setting Hardware Mutex and Starting MAA");
+    status = wolfSSL_HwPkMutexLock();
+    if (status == 0) {
+        status = MXC_TPU_MAA_Init(len);
+    }
+    return wc_MXC_error(&status); /* Return Status of Init */
+}
+
+/* Unlocks mutex and performs graceful shutdown of hardware */
+int wc_MXC_MAA_Shutdown(void)
+{
+    int status;
+    MAX3266X_MSG("Unlocking Hardware Mutex and Shutting Down MAA");
+    status = MXC_TPU_MAA_Shutdown();
+    if (status == E_BAD_PARAM) { /* Miss leading, Send WC_HW_ERROR */
+                                /* This is returned when MAA cannot stop */
+        status = WC_HW_E;
+    }
+    wolfSSL_HwPkMutexUnLock(); /* Always call Unlock in shutdown */
+    return wc_MXC_error(&status);
+}
+
+/* Update used number for mp_int struct for results */
+int wc_MXC_MAA_adjustUsed(unsigned int *array, unsigned int length)
+{
+    int i, lastNonZeroIndex;
+    lastNonZeroIndex = -1; /* Track the last non-zero index */
+    for (i = 0; i < length; i++) {
+        if (array[i] != 0) {
+            lastNonZeroIndex = i;
+        }
+    }
+    return (lastNonZeroIndex + 1);
+}
+
+/* Determines the size of operation that needs to happen */
+unsigned int wc_MXC_MAA_Largest(unsigned int count, ...)
+{
+    va_list args;
+    int i;
+    unsigned int largest, num;
+    va_start(args, count);
+    largest = va_arg(args, unsigned int);
+    for (i = 1; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > largest) {
+            largest = num;
+        }
+    }
+    va_end(args);
+    return largest;
+}
+
+/* Determines if we need to fallback to Software */
+int wc_MXC_MAA_Fallback(unsigned int count, ...)
+{
+    va_list args;
+    int num, i;
+    va_start(args, count);
+    for (i = 0; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > MXC_MAA_MAX_SIZE) {
+            MAX3266X_MSG("HW Falling Back to Software");
+            return 1;
+        }
+    }
+    va_end(args);
+    MAX3266X_MSG("HW Can Handle Input");
+    return 0;
+}
+
+/* Have to zero pad the entire data array up to 256 bytes(2048 bits) */
+/* If length > 256 bytes then error */
+int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result,
+                            MXC_TPU_MAA_TYPE clc, unsigned int length)
+{
+    mp_digit* zero_tmp;
+    MAX3266X_MSG("Zero Padding Buffers for Hardware");
+    if (length > MXC_MAA_MAX_SIZE) {
+        MAX3266X_MSG("Hardware cannot exceed 2048 bit input");
+        return BAD_FUNC_ARG;
+    }
+    if ((result == NULL) || (multiplier == NULL) || (multiplicand == NULL) ||
+            ((exp == NULL) && (clc == MXC_TPU_MAA_EXP)) || (mod == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Create an array to compare values to to check edge for error edge case */
+    zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+    if (zero_tmp == NULL) {
+        MAX3266X_MSG("NULL pointer found after XMALLOC call");
+        return MEMORY_E;
+    }
+    XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit));
+
+    /* Check for invalid arguments before padding */
+    switch ((char)clc) {
+        case MXC_TPU_MAA_EXP:
+            /* Cannot be 0 for a^e mod m operation */
+            if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((exp != NULL) && (clc == MXC_TPU_MAA_EXP)) {
+                if ((exp->dp != NULL) && (exp->used < length)) {
+                    MAX3266X_MSG("Zero Padding Exp Buffer");
+                    XMEMSET(exp->dp + exp->used, 0x00,
+                            sizeof(int) *(length - exp->used));
+                }
+            }
+
+        /* Fall through to check mod is not 0 */
+        case MXC_TPU_MAA_SQ:
+        case MXC_TPU_MAA_MUL:
+        case MXC_TPU_MAA_SQMUL:
+        case MXC_TPU_MAA_ADD:
+        case MXC_TPU_MAA_SUB:
+            /* Cannot be 0 for mod m value */
+            if (XMEMCMP(zero_tmp, mod, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((multiplier->dp != NULL) && (multiplier->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplier Buffer");
+                XMEMSET(multiplier->dp + multiplier->used, 0x00,
+                    sizeof(int) * (length - multiplier->used));
+            }
+            if ((multiplicand->dp != NULL) && (multiplicand->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplicand Buffer");
+                XMEMSET(multiplicand->dp + multiplicand->used, 0x00,
+                    sizeof(int) * (length - multiplicand->used));
+            }
+            if ((mod->dp != NULL) && (mod->used < length)) {
+                MAX3266X_MSG("Zero Padding Mod Buffer");
+                XMEMSET(mod->dp + mod->used, 0x00,
+                            sizeof(int) *(length - mod->used));
+            }
+            break;
+        default:
+            /* Free the zero array used to check values */
+            XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return BAD_FUNC_ARG; /* Invalid clc given */
+    }
+    /* Free the zero array used to check values */
+    XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* Make sure result is 0 padded */
+    if (result->dp != NULL) {
+        ForceZero(result->dp, sizeof(int)*(length));
+        result->used = length;
+    }
+    else if (result == NULL) {
+        return BAD_FUNC_ARG; /* Cannot be null */
+    }
+    return 0;
+}
+
+
+
+/* General Control Over MAA Hardware to handle all needed Cases */
+int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp,
+                                mp_int* mod, mp_int* result,
+                                MXC_TPU_MAA_TYPE clc)
+{
+    int ret;
+    int length;
+    mp_int* result_tmp_ptr;
+    mp_int result_tmp;
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            (exp == NULL && clc == MXC_TPU_MAA_EXP) || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check if result shares struct pointer */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+            MAX3266X_MSG("Creating Temp Result Buffer for Hardware");
+            result_tmp_ptr = &result_tmp; /* Assign point to temp struct */
+    }
+    else {
+        result_tmp_ptr = result; /* No Shared Point to directly assign */
+    }
+    if (result_tmp_ptr == NULL) {
+        MAX3266X_MSG("tmp ptr is null");
+        return MP_VAL;
+    }
+
+    if (clc == MXC_TPU_MAA_EXP) {
+        length = wc_MXC_MAA_Largest(5, multiplier->used, multiplicand->used,
+                                           exp->used, mod->used, result->used);
+    }
+    else {
+        length = wc_MXC_MAA_Largest(4, multiplier->used, multiplicand->used,
+                                        mod->used, result->used);
+    }
+
+    /* Zero Pad everything if needed */
+    ret = wc_MXC_MAA_zeroPad(multiplier, multiplicand, exp, mod, result_tmp_ptr,
+                                clc, length);
+    if (ret != 0) {
+        MAX3266X_MSG("Zero Padding Failed");
+        return ret;
+    }
+
+    /* Init MAA HW */
+    ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8);
+    if (ret != 0) {
+        MAX3266X_MSG("HW Init Failed");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    /* Start Math And Cast to expect types for SDK */
+    MAX3266X_MSG("Starting Computation in MAA");
+    ret = MXC_TPU_MAA_Compute(clc, (char *)(multiplier->dp),
+                                    (char *)(multiplicand->dp),
+                                    (char *)(exp->dp), (char *)(mod->dp),
+                                    (int *)(result_tmp_ptr->dp),
+                                    (length*sizeof(mp_digit)));
+    MAX3266X_MSG("MAA Finished Computation");
+    if (wc_MXC_error(&ret) != 0) {
+        MAX3266X_MSG("HW Computation Error");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    ret = wc_MXC_MAA_Shutdown();
+    if (ret != 0) {
+        MAX3266X_MSG("HW Shutdown Failure");
+        /* Shutdown will always call wolfSSL_HwPkMutexUnLock(); */
+        /* before returning */
+        return ret;
+    }
+
+    /* Copy tmp result if needed */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+        mp_copy(result_tmp_ptr, result);
+        ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */
+    }
+
+    result->used = wc_MXC_MAA_adjustUsed(result->dp, length);
+    return ret;
+}
+
+
+
+int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod,
+                            mp_int* result)
+{
+    mp_int multiplicand;
+    if (base == NULL || exp == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing exptmod MAA HW Call");
+    return wc_MXC_MAA_math(base, &multiplicand, exp, mod, result,
+                            MXC_TPU_MAA_EXP);
+}
+
+int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result)
+{
+    mp_int multiplicand;
+    if (multiplier == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing sqrmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, &multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQ);
+}
+
+int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing mulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_MUL);
+}
+
+int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || exp == NULL ||
+            mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing sqrmulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQMUL);
+}
+
+int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing addmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_ADD);
+}
+
+int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing submod MAA HW Call");
+    if ((mod->used < multiplier->used) || (mod->used < multiplicand->used)) {
+            MAX3266X_MSG("HW Limitation: Defaulting back to software");
+            return mxc_submod(multiplier, multiplicand, mod, result);
+    }
+    else {
+        return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                             MXC_TPU_MAA_SUB);
+    }
+}
+
+/* General Function to call hardware control */
+int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                    mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return MP_VAL;
+    }
+    if ((multiplier->used == 0) || (multiplicand->used == 0)) {
+        mp_zero(result);
+        return 0;
+    }
+    else {
+        if (wc_MXC_MAA_Fallback(3, multiplier->used, mod->used,
+                                multiplicand->used) != 0) {
+                return mxc_mulmod(multiplier, multiplicand, mod, result);
+        }
+        else {
+            return wc_MXC_MAA_mulmod(multiplier, multiplicand, mod, result);
+        }
+    }
+}
+
+int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_addmod(a, b, mod, result);
+        }
+        else {
+            err = wc_MXC_MAA_addmod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+
+int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_submod(a, b, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_submod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((base == NULL) || (exp == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if ((mod->used < exp->used) || (mod->used < base->used)) {
+            err = mxc_exptmod(base, exp, mod, result);
+        }
+        else if (wc_MXC_MAA_Fallback(3, base->used, exp->used, mod->used)
+                    != 0) {
+            return mxc_exptmod(base, exp, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_expmod(base, exp, mod, result);
+        }
+    }
+    return err;
+}
+
+
+/* No mod function available with hardware, however perform a submod    */
+/* (a - 0) mod m will essentially perform the same operation as a mod m */
+int hw_mod(mp_int* a, mp_int* mod, mp_int* result)
+{
+    mp_int b;
+    if (a == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0) {
+        return mxc_mod(a, mod, result);
+    }
+    XMEMSET(&b, 0, sizeof(mp_int));
+    b.used = mod->used; /* assume mod is determining size */
+    return hw_submod(a, &b, mod, result);
+}
+
+int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result)
+{
+    if (base == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (base->used == 0) {
+        mp_zero(result);
+        return 0;
+    }
+    return wc_MXC_MAA_sqrmod(base, mod, result);
+}
+
+#endif /* MAX3266X_MATH */
+
+#if defined(MAX3266X_RTC)
+/* Initialize the RTC */
+int wc_MXC_RTC_Init(void)
+{
+    /* RTC Init for benchmark */
+    if (MXC_RTC_Init(0, 0) != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Disable the Interrupt */
+    if (MXC_RTC_DisableInt(MXC_RTC_INT_EN_LONG) == E_BUSY) {
+        return WC_HW_E;
+    }
+    /* Start Clock for RTC */
+    if (MXC_RTC_SquareWaveStart(MXC_RTC_F_512HZ) == E_BUSY) {
+        return E_BUSY;
+    }
+    /* Begin RTC count */
+    if (MXC_RTC_Start() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Reset the RTC */
+int wc_MXC_RTC_Reset(void)
+{
+    /* Stops Counts */
+    if (MXC_RTC_Stop() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Restart RTC via Init */
+    if (wc_MXC_RTC_Init() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Function to handle RTC read retries */
+void wc_MXC_RTC_GetRTCValue(int32_t (*rtcGetFunction)(uint32_t*),
+                                uint32_t* outValue, int32_t* err)
+{
+    *err = rtcGetFunction(outValue);  /* Initial attempt to get the value */
+    while (*err != E_NO_ERROR) {
+        *err = rtcGetFunction(outValue);  /* Retry if the error persists */
+    }
+}
+
+/* Function to provide the current time as a double */
+/* Returns seconds and millisecond */
+double wc_MXC_RTC_Time(void)
+{
+    int32_t err;
+    uint32_t rtc_seconds, rtc_subseconds;
+
+    /* Retrieve sub-seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSubSeconds,
+                                    &rtc_subseconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Retrieve seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSeconds,
+                                &rtc_seconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Per the device documentation, subsecond register holds up to 1 second */
+    /* subsecond register is size 2^12, so divide by 4096 to get milliseconds */
+    return ((double)rtc_seconds + ((double)rtc_subseconds / 4096));
+}
+
+#endif /* MAX3266X_RTC */
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
diff --git a/wolfcrypt/src/port/maxim/maxq10xx.c b/wolfcrypt/src/port/maxim/maxq10xx.c
index c0375fc51..bd491676f 100644
--- a/wolfcrypt/src/port/maxim/maxq10xx.c
+++ b/wolfcrypt/src/port/maxim/maxq10xx.c
@@ -1,6 +1,6 @@
 /* maxq10xx.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,7 +41,11 @@
 #include <wolfssl/wolfcrypt/cryptocb.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#ifdef USS_API
+#include <MXQ_API.h>
+#else
 #include <wolfssl/wolfcrypt/port/maxim/MXQ_API.h>
+#endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -56,7 +60,7 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen);
 #endif /* MAXQ_DEBUG */
 
 #if defined(USE_WINDOWS_API)
-# define maxq_CryptHwMutexTryLock()	(0)
+# define maxq_CryptHwMutexTryLock() 0
 #endif
 
 #define AES_KEY_ID_START      (0x2000)
@@ -72,9 +76,17 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen);
 #endif
 
 #define PUBKEY_IMPORT_OBJID    0x1000
+
+#if defined (TEST_SETUP)
+#define ROOT_CA_CERT_OBJ_ID    0x1006
+#define DEVICE_CERT_OBJ_ID     0x1005
+#define DEVICE_KEY_PAIR_OBJ_ID 0x1007
+#else
 #define ROOT_CA_CERT_OBJ_ID    0x1003
 #define DEVICE_CERT_OBJ_ID     0x1002
 #define DEVICE_KEY_PAIR_OBJ_ID 0x1004
+#endif
+
 #define PSK_OBJ_ID             0x1236
 #define K_CHUNKSIZE            2032
 #define K_CIPHER_BLOCKSIZE     16
@@ -85,7 +97,9 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen);
 #define MAX_SIGNKEY_DATASIZE   96
 #define MAX_SIG_DATASIZE       64
 #define ECC_KEYCOMPLEN         32
-
+#define ESTABLISH_OUT_MAX      128
+#define FIXED_INFO_LEN         32
+#define FIXED_INFO_VALUE       0xaa
 #ifdef WOLFSSL_MAXQ108X
 
 #define PSK_KID (0x1235)
@@ -120,7 +134,7 @@ static int tls13_server_key_len           = -1;
 
 /* Please define MAXQ10XX_PRODUCTION_KEY in your build scripts once you have a
  * production key. */
-#if defined(MAXQ10XX_PRODUCTION_KEY) || !defined(DEBUG_WOLFSSL)
+#if defined(MAXQ10XX_PRODUCTION_KEY)
 #include "maxq10xx_key.h"
 #else
 /* TEST KEY. This must be changed for production environments!! */
@@ -568,12 +582,14 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
         return BAD_FUNC_ARG;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     rc = maxq_CryptHwMutexTryLock();
     if (rc != 0) {
         WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired");
         rc = NOT_COMPILED_IN;
         return rc;
     }
+    #endif
 
     if (aes->maxq_ctx.key_obj_id) {
         wc_MAXQ10XX_AesFree(aes);
@@ -586,6 +602,9 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
         goto end_AesSetKey;
     }
 
+    /* Delete object if one already exists. Ignore error in case it doesn't
+     * exist. */
+    (void)MXQ_DeleteObject(obj_id);
     mxq_rc = MXQ_CreateObject(obj_id, keylen, MXQ_OBJTYPE_SECRETKEY,
                               OBJPROP_PERSISTENT,
                               (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
@@ -612,13 +631,26 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
     LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
                          &sign_key_type);
 
+    /* Unlock because signing operation will need to use the RNG. */
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+
     rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
                     sign_key_curve);
     if (rc) {
         WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
-        goto end_AesSetKey;
+        goto end_AesSetKey_noUnlock;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        goto end_AesSetKey_noUnlock;
+    }
+    #endif
     mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
                            PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
                            signature, signature_len);
@@ -633,6 +665,7 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
 
 end_AesSetKey:
     wolfSSL_CryptHwMutexUnLock();
+end_AesSetKey_noUnlock:
     return rc;
 }
 #endif /* MAXQ_AESGCM */
@@ -666,12 +699,14 @@ void wc_MAXQ10XX_AesFree(Aes* aes)
 }
 
 #ifdef MAXQ_ECC
-static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
+static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen,
+                       int for_ecdh)
 {
     mxq_err_t mxq_rc;
     int rc;
     word32 keylen;
     int objtype;
+    mxq_keyuse_t key_use;
     mxq_u1 key_buff[MAX_KEY_DATASIZE];
     mxq_length key_buff_len = sizeof(key_buff);
     unsigned char sign_key[MAX_SIGNKEY_DATASIZE];
@@ -694,12 +729,21 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
         objtype = MXQ_OBJTYPE_KEYPAIR;
     }
 
+    if (for_ecdh) {
+        key_use = MXQ_KEYUSE_KEY_EXCHAGE;
+    }
+    else {
+        key_use = MXQ_KEYUSE_DATASIGNATURE;
+    }
+
+    #if defined(MAXQ10XX_MUTEX)
     rc = maxq_CryptHwMutexTryLock();
     if (rc != 0) {
         WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
         rc = NOT_COMPILED_IN;
         return rc;
     }
+    #endif
 
     if (key->maxq_ctx.key_obj_id) {
         wc_MAXQ10XX_EccFree(key);
@@ -712,6 +756,9 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
         goto end_EccSetKey;
     }
 
+    /* Delete object if one already exists. Ignore error in case it doesn't
+     * exist. */
+    (void)MXQ_DeleteObject(obj_id);
     mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT,
                               (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
     if (mxq_rc) {
@@ -725,7 +772,7 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
 
     mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC,
                           MXQ_KEYPARAM_EC_P256R1, keycomplen, keylen,
-                          MXQ_KEYUSE_DATASIGNATURE, ALGO_ECDSA_SHA_256,
+                          key_use, ALGO_ECDSA_SHA_256,
                           MXQ_KEYUSE_NONE, ALGO_NONE, (mxq_u1 *)userKey);
     if (mxq_rc) {
         WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed");
@@ -736,13 +783,27 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
     LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
                          &sign_key_type);
 
+    /* Unlock because signing operation will need to use the RNG. */
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+
     rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
                     sign_key_curve);
     if (rc) {
         WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
-        goto end_EccSetKey;
+        goto end_EccSetKey_noUnlock;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        goto end_EccSetKey_noUnlock;
+    }
+    #endif
+
     mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
                            PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
                            signature, signature_len);
@@ -756,9 +817,207 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
     key->maxq_ctx.key_pending = 0;
 
 end_EccSetKey:
+    #if defined(MAXQ10XX_MUTEX)
     wolfSSL_CryptHwMutexUnLock();
+    #endif
+end_EccSetKey_noUnlock:
     return rc;
 }
+
+static int ecc_gen_key(ecc_key* key, word32 keycomplen)
+{
+    mxq_err_t mxq_rc;
+    int rc;
+    word32 keylen;
+    int objtype;
+    mxq_u1 key_buff[MAX_KEY_DATASIZE];
+    mxq_length key_buff_len = sizeof(key_buff);
+    unsigned char sign_key[MAX_SIGNKEY_DATASIZE];
+    int sign_key_len, sign_key_curve, sign_key_type;
+    mxq_u1 signature[MAX_SIG_DATASIZE];
+    int signature_len = (int)sizeof(signature);
+
+
+    if ((key->type != 0) && (key->type != ECC_PRIVATEKEY)
+        && (key->type != ECC_PRIVATEKEY_ONLY)) {
+        return BAD_FUNC_ARG;
+    }
+
+    key->type = ECC_PRIVATEKEY;
+    keylen = keycomplen * 3;
+    objtype = MXQ_OBJTYPE_KEYPAIR;
+
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        return rc;
+    }
+    #endif
+
+    if (key->maxq_ctx.key_obj_id) {
+        wc_MAXQ10XX_EccFree(key);
+    }
+
+    int obj_id = alloc_ecc_key_id();
+    if (!obj_id) {
+        WOLFSSL_ERROR_MSG("MAXQ: alloc_ecc_key_id() failed");
+        rc = NOT_COMPILED_IN;
+        goto end_EccGenKey;
+    }
+
+    /* Delete object if one already exists. Ignore error in case it doesn't
+     * exist. */
+    (void)MXQ_DeleteObject(obj_id);
+    mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT,
+                              (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_CreateObject() failed");
+        rc = NOT_COMPILED_IN;
+        goto end_EccGenKey;
+    }
+
+    /* store the object id in the context */
+    key->maxq_ctx.key_obj_id = obj_id;
+
+    /* Note that total_keylen is 0 and psrc is NULL. This ensures that when
+     * MXQ_ImportKey() is called, it does a keygen; not import. */
+    mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC,
+                          MXQ_KEYPARAM_EC_P256R1, keycomplen, 0,
+                          MXQ_KEYUSE_KEY_EXCHAGE, ALGO_ECDSA_SHA_256,
+                          MXQ_KEYUSE_NONE, ALGO_NONE, NULL);
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed");
+        rc = WC_HW_E;
+        goto end_EccGenKey;
+    }
+
+    LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
+                         &sign_key_type);
+
+    /* Unlock because signing operation will need to use the RNG. */
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+
+    rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
+                    sign_key_curve);
+    if (rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
+        goto end_EccGenKey_noUnlock;
+    }
+
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        goto end_EccGenKey_noUnlock;
+    }
+    #endif
+
+    mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
+                           PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
+                           signature, signature_len);
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_ImportKey() failed");
+        rc = WC_HW_E;
+        goto end_EccGenKey;
+    }
+
+    key->maxq_ctx.hw_ecc = 1;
+
+end_EccGenKey:
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+end_EccGenKey_noUnlock:
+    return rc;
+}
+
+static int ecc_establish(ecc_key* key, ecc_key* peer, byte *ss, word32 *ss_len)
+{
+    mxq_err_t mxq_rc;
+    int rc = 0;
+    byte fixed_info_len = FIXED_INFO_LEN;
+    byte fixed_info[FIXED_INFO_LEN];
+    mxq_length output_len = ESTABLISH_OUT_MAX;
+    byte output[ESTABLISH_OUT_MAX];
+
+    word32 peerKeySz = peer->dp->size;
+    uint8_t  peerKeyBuf[MAX_EC_KEY_SIZE];
+    uint8_t* peerKey = peerKeyBuf;
+    uint8_t* qx = peerKey;
+    uint8_t* qy = &peerKey[peerKeySz];
+    word32 qxLen = peerKeySz;
+    word32 qyLen = peerKeySz;
+
+    /* ECC P256 shared secret is 32 bytes. */
+    if (*ss_len != 32) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (peer == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (key->maxq_ctx.hw_ecc != 1) {
+        /* The key was not generated. Lets import it. */
+        if (key->maxq_ctx.hw_ecc == 0) {
+            rc = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
+            if (rc != 0) {
+                return rc;
+            }
+        }
+
+        if (key->maxq_ctx.hw_ecc == -1) {
+            return CRYPTOCB_UNAVAILABLE;
+        }
+
+        rc = ecc_set_key(key, key->maxq_ctx.ecc_key, key->dp->size, 1);
+    }
+
+    if (rc != 0) {
+        return rc;
+    }
+
+    if (key->maxq_ctx.key_obj_id == 0) {
+        return WC_HW_E;
+    }
+
+    wc_ecc_export_public_raw(peer, qx, &qxLen, qy, &qyLen);
+    if (rc != 0) {
+        return rc;
+    }
+
+    /* This follows what is done in other MAXQ10xx examples. */
+    XMEMSET(fixed_info, FIXED_INFO_VALUE, fixed_info_len);
+
+    /* 0xFFFF indicates that the peer's public key will be in the buffer; not
+     * referenced via key ID. */
+    mxq_rc = MXQ_EstablishKey(SHARE_SECRET, MXQ_KEYPARAM_EC_P256R1,
+                              key->maxq_ctx.key_obj_id, 0xFFFF, peerKey,
+                              0, NULL, 0, 0, 0, 0, fixed_info_len, fixed_info,
+                              0, 0, NULL, output, &output_len);
+
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_EstablishKey() failed");
+        rc = WC_HW_E;
+    }
+
+    /* Output contains the public key and shared secret concatenated. The public
+     * key is (0x04 || X || Y) which means its 65 bytes. The shared secret is
+     * in the 32 bytes after that. */
+    XMEMCPY(ss, &output[1 + ECC256_KEYSIZE + ECC256_KEYSIZE], *ss_len);
+
+    return rc;
+}
+
 #endif /* MAXQ_ECC */
 
 void wc_MAXQ10XX_EccFree(ecc_key* key)
@@ -878,12 +1137,14 @@ static int maxq10xx_cipher_do(mxq_algo_id_t algo_id, mxq_u1 encrypt,
     cparams.p_aad        = p_aad;
     cparams.aad_length   = aad_len;
 
-    if (encrypt) {
-        cparams.aead_tag_len = tag_len;
-    }
-    else {
-        XMEMCPY(cparams.aead_tag, p_tag, tag_len);
-        cparams.aead_tag_len = tag_len;
+    if ((algo_id == ALGO_CIPHER_AES_GCM) || (algo_id == ALGO_CIPHER_AES_CCM)) {
+        if (encrypt) {
+            cparams.aead_tag_len = tag_len;
+        }
+        else {
+            XMEMCPY(cparams.aead_tag, p_tag, tag_len);
+            cparams.aead_tag_len = tag_len;
+        }
     }
 
     mxq_rc = MXQ_Cipher_Init(encrypt, algo_id, key_id, &cparams, 0);
@@ -1074,24 +1335,20 @@ static int maxq10xx_ecc_verify_local(
 #endif /* MAXQ_ECC */
 
 #ifdef MAXQ_RNG
-static int maxq10xx_random(byte* output, unsigned short sz)
+int maxq10xx_random(byte* output, unsigned short sz)
 {
-#if defined(WOLFSSL_MAXQ108X)
-    if (!tls13active) {
-        return NOT_COMPILED_IN;
-    }
-#endif
-
     if (output == NULL) {
         return BUFFER_E;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     int ret = maxq_CryptHwMutexTryLock();
     if (ret != 0) {
         WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_random() lock could not be acquired");
         ret = NOT_COMPILED_IN;
         return ret;
     }
+    #endif
 
     if (MXQ_Get_Random_Ext(output, sz, 0)) {
         WOLFSSL_ERROR_MSG("MAXQ: MXQ_Get_Random_Ext() failed");
@@ -1210,6 +1467,173 @@ static int do_aesgcm(wc_CryptoInfo* info)
 }
 #endif /* !NO_AES && HAVE_AESGCM && MAXQ_AESGCM */
 
+static int do_aescbc(wc_CryptoInfo* info)
+{
+    int rc;
+    byte *out = info->cipher.aescbc.out;
+    const byte *in = info->cipher.aescbc.in;
+
+    if (info->cipher.aescbc.sz == 0) {
+        return CRYPTOCB_UNAVAILABLE;
+     }
+
+    if (info->cipher.aescbc.aes->reg == NULL) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    /* Cannot do in place decryption because we get the incoming IV and that
+     * would already get over written. */
+    if (in == out) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (info->cipher.aescbc.aes->maxq_ctx.key_pending) {
+        rc = aes_set_key(
+            info->cipher.aescbc.aes,
+            (const byte *)info->cipher.aescbc.aes->maxq_ctx.key,
+            info->cipher.aescbc.aes->keylen);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    rc = wolfSSL_CryptHwMutexLock();
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = maxq10xx_cipher_do(
+        ALGO_CIPHER_AES_CBC,
+        info->cipher.enc,
+        info->cipher.aescbc.aes->maxq_ctx.key_obj_id,
+        (byte *)info->cipher.aescbc.in,
+        (byte *)info->cipher.aescbc.out,
+        info->cipher.aescbc.sz,
+        (byte *)info->cipher.aescbc.aes->reg, WC_AES_BLOCK_SIZE,
+        NULL, 0,
+        NULL, 0);
+
+    wolfSSL_CryptHwMutexUnLock();
+
+    /* Take the last 16 bytes and throw them into reg. Then it will be ready in
+     * case Update() is called. For both encryption and decryption, we get it
+     * from the ciphertext. (Note in and out usage) */
+    if (info->cipher.enc) {
+        XMEMCPY(info->cipher.aescbc.aes->reg,
+               &out[info->cipher.aescbc.sz - WC_AES_BLOCK_SIZE],
+               WC_AES_BLOCK_SIZE);
+    }
+    else {
+        XMEMCPY(info->cipher.aescbc.aes->reg,
+               &in[info->cipher.aescbc.sz - WC_AES_BLOCK_SIZE],
+               WC_AES_BLOCK_SIZE);
+    }
+    /* done */
+    return rc;
+}
+
+#ifdef HAVE_AES_ECB
+static int do_aesecb(wc_CryptoInfo* info)
+{
+    int rc;
+
+    if (info->cipher.aesecb.sz == 0) {
+        return CRYPTOCB_UNAVAILABLE;
+     }
+
+    if (info->cipher.aesecb.aes->reg == NULL) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (info->cipher.aesecb.aes->maxq_ctx.key_pending) {
+        rc = aes_set_key(
+            info->cipher.aesecb.aes,
+            (const byte *)info->cipher.aesecb.aes->maxq_ctx.key,
+            info->cipher.aesecb.aes->keylen);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    rc = wolfSSL_CryptHwMutexLock();
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = maxq10xx_cipher_do(
+        ALGO_CIPHER_AES_ECB,
+        info->cipher.enc,
+        info->cipher.aesecb.aes->maxq_ctx.key_obj_id,
+        (byte *)info->cipher.aesecb.in,
+        (byte *)info->cipher.aesecb.out,
+        info->cipher.aesecb.sz,
+        NULL, 0,
+        NULL, 0,
+        NULL, 0);
+
+    wolfSSL_CryptHwMutexUnLock();
+
+    /* done */
+    return rc;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AESCCM
+static int do_aesccm(wc_CryptoInfo* info)
+{
+    int rc;
+    wc_CryptoCb_AesAuthEnc *aesccm = (info->cipher.enc) ?
+        (wc_CryptoCb_AesAuthEnc*)&info->cipher.aesccm_enc :
+        /* dec->enc cast is okay */
+        (wc_CryptoCb_AesAuthEnc*)&info->cipher.aesccm_dec;
+
+    if (aesccm->sz == 0) {
+        return CRYPTOCB_UNAVAILABLE;
+     }
+
+    if (aesccm->aes->reg == NULL) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    /* Cannot do in place decryption because we get the incoming IV and that
+     * would already get over written. */
+    if (aesccm->in == aesccm->out) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (aesccm->aes->maxq_ctx.key_pending) {
+        rc = aes_set_key(
+            aesccm->aes,
+            (const byte *)aesccm->aes->maxq_ctx.key,
+            aesccm->aes->keylen);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    rc = wolfSSL_CryptHwMutexLock();
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = maxq10xx_cipher_do(
+        ALGO_CIPHER_AES_CCM,
+        info->cipher.enc,
+        aesccm->aes->maxq_ctx.key_obj_id,
+        (byte *)aesccm->in,
+        (byte *)aesccm->out,
+        aesccm->sz,
+        (byte *)aesccm->nonce, aesccm->nonceSz,
+        (byte *)aesccm->authIn, aesccm->authInSz,
+        (byte *)aesccm->authTag, aesccm->authTagSz);
+
+    wolfSSL_CryptHwMutexUnLock();
+
+    /* done */
+    return rc;
+}
+#endif /* HAVE_AESCCM */
+
 #if !defined(NO_SHA) && !defined(NO_SHA256) && defined(MAXQ_SHA256)
 static int do_sha256(wc_CryptoInfo* info)
 {
@@ -1222,6 +1646,7 @@ static int do_sha256(wc_CryptoInfo* info)
         return WC_HW_E;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
     if (info->hash.sha256->maxq_ctx.hash_running == 0) {
         rc = maxq_CryptHwMutexTryLock();
         if (rc != 0) {
@@ -1229,6 +1654,7 @@ static int do_sha256(wc_CryptoInfo* info)
             return CRYPTOCB_UNAVAILABLE;
         }
     }
+    #endif
 
     if (info->hash.in != NULL) {
         /* wc_Sha256Update */
@@ -1282,10 +1708,11 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     (void)devId;
     (void)ctx;
 
+    /* In the case of MAXQ1065, this callback is always enabled. */
 #if defined(WOLFSSL_MAXQ108X)
     if (!tls13active)
-#endif
         return CRYPTOCB_UNAVAILABLE;
+#endif
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
 #if !defined(NO_AES) || !defined(NO_DES3)
@@ -1296,10 +1723,19 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     #endif /* HAVE_AESGCM && MAXQ_AESGCM */
     #ifdef HAVE_AES_CBC
         if (info->cipher.type == WC_CIPHER_AES_CBC) {
-            /* TODO */
-            return CRYPTOCB_UNAVAILABLE;
+            rc = do_aescbc(info);
         }
     #endif /* HAVE_AES_CBC */
+    #ifdef HAVE_AESCCM
+        if (info->cipher.type == WC_CIPHER_AES_CCM) {
+            rc = do_aesccm(info);
+        }
+    #endif /* HAVE_AESCCM */
+    #ifdef HAVE_AES_ECB
+        if (info->cipher.type == WC_CIPHER_AES_ECB) {
+            rc = do_aesecb(info);
+        }
+    #endif /* HAVE_AES_ECB */
 #endif /* !NO_AES || !NO_DES3 */
     }
 #if !defined(NO_SHA) || !defined(NO_SHA256)
@@ -1329,12 +1765,22 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     else if (info->algo_type == WC_ALGO_TYPE_PK) {
     #if defined(HAVE_ECC) && defined(MAXQ_ECC)
         if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
-            /* TODO */
-            return CRYPTOCB_UNAVAILABLE;
+            if (info->pk.eckg.key->maxq_ctx.hw_ecc == -1) {
+                return CRYPTOCB_UNAVAILABLE;
+            }
+
+            rc = ecc_gen_key(info->pk.eckg.key, info->pk.eckg.key->dp->size);
+            if (rc != 0) {
+                return rc;
+            }
         }
         else if (info->pk.type == WC_PK_TYPE_ECDH) {
-            /* TODO */
-            return CRYPTOCB_UNAVAILABLE;
+            rc = ecc_establish(info->pk.ecdh.private_key,
+                               info->pk.ecdh.public_key,
+                               info->pk.ecdh.out, info->pk.ecdh.outlen);
+            if (rc != 0) {
+                return rc;
+            }
         }
         else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
             if (info->pk.eccsign.key->maxq_ctx.hw_ecc == 0) {
@@ -1349,22 +1795,32 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 return CRYPTOCB_UNAVAILABLE;
             }
 
+#if defined(WOLFSSL_MAXQ108X)
+            /* This is not done for MAXQ1065 because we want to use the pre-
+             * provisioned key in the case of PKCS11. */
             if (info->pk.eccsign.key->maxq_ctx.key_pending) {
                 rc = ecc_set_key(info->pk.eccsign.key,
                                  info->pk.eccsign.key->maxq_ctx.ecc_key,
-                                 info->pk.eccsign.key->dp->size);
+                                 info->pk.eccsign.key->dp->size, 0);
                 if (rc != 0) {
                     return rc;
                 }
             }
+#endif
 
             rc = wolfSSL_CryptHwMutexLock();
             if (rc != 0) {
                 return rc;
             }
 
+            /* Note that we are using the DEVICE_KEY_PAIR_OBJ_ID; its the pre-
+             * provisioned key in the case of MAXQ1065. */
             rc = maxq10xx_ecc_sign_local(
+#if defined(WOLFSSL_MAXQ108X)
                      info->pk.eccsign.key->maxq_ctx.key_obj_id,
+#else
+                     DEVICE_KEY_PAIR_OBJ_ID,
+#endif
                      (byte *)info->pk.eccsign.in, info->pk.eccsign.inlen,
                      info->pk.eccsign.out, info->pk.eccsign.outlen,
                      info->pk.eccsign.key->dp->size);
@@ -1398,7 +1854,7 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             if (info->pk.eccverify.key->maxq_ctx.key_pending) {
                 rc = ecc_set_key(info->pk.eccverify.key,
                                  info->pk.eccverify.key->maxq_ctx.ecc_key,
-                                 info->pk.eccverify.key->dp->size);
+                                 info->pk.eccverify.key->dp->size, 0);
                 if (rc != 0) {
                     return rc;
                 }
@@ -1450,7 +1906,7 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     }
 #endif /* WOLFSSL_MAXQ108X */
 
-    if (rc != 0 && rc != CRYPTOCB_UNAVAILABLE) {
+    if (rc != 0 && rc != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         rc = WC_HW_E;
     }
 
@@ -1981,12 +2437,14 @@ int maxq10xx_port_init(void)
     }
     #endif
 
+    #if defined(MAXQ10XX_MUTEX)
     ret = maxq_CryptHwMutexTryLock();
     if (ret) {
         WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_port_init() -> device is busy "
                     "(switching to soft mode)");
         return 0;
     }
+    #endif
 
     mxq_rc = MXQ_Module_Init();
     if (mxq_rc) {
@@ -3290,7 +3748,7 @@ static int maxq10xx_perform_tls13_record_processing(WOLFSSL* ssl,
 {
     int rc;
     mxq_err_t mxq_rc;
-    mxq_u2 key_id;
+    mxq_u2 key_id = 0xFFFF;
 
     if (!tls13active) {
         return NOT_COMPILED_IN;
diff --git a/wolfcrypt/src/port/mynewt/mynewt_port.c b/wolfcrypt/src/port/mynewt/mynewt_port.c
index 0467773c4..f70e6390c 100644
--- a/wolfcrypt/src/port/mynewt/mynewt_port.c
+++ b/wolfcrypt/src/port/mynewt/mynewt_port.c
@@ -1,6 +1,6 @@
 /* mynewt_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,14 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#if defined(WOLFSSL_APACHE_MYNEWT)
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef WOLFSSL_APACHE_MYNEWT
+
 #ifndef NO_FILESYSTEM
+
 #include "fs/fs.h"
 #define FILE struct fs_file
 
@@ -142,5 +148,5 @@ int mynewt_fclose(FILE *stream)
     return 0;
 }
 
-#endif /* NO_FILESYSTEM*/
-#endif /* if defined(WOLFSSL_APACHE_MYNEWT) */
+#endif /* !NO_FILESYSTEM */
+#endif /* WOLFSSL_APACHE_MYNEWT */
diff --git a/wolfcrypt/src/port/nrf51.c b/wolfcrypt/src/port/nrf51.c
index 1ab5b7dfe..854265e0c 100644
--- a/wolfcrypt/src/port/nrf51.c
+++ b/wolfcrypt/src/port/nrf51.c
@@ -1,6 +1,6 @@
 /* nrf51.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/nxp/README_SE050.md b/wolfcrypt/src/port/nxp/README_SE050.md
index 5d5434bf1..ee94f5a49 100644
--- a/wolfcrypt/src/port/nxp/README_SE050.md
+++ b/wolfcrypt/src/port/nxp/README_SE050.md
@@ -34,21 +34,24 @@ Raspberry Pi, [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf).
 
 Summarizing the build steps for Raspberry Pi:
 
+In `raspi-config` go to "Interface Options" and enable I2C.
+
 ```sh
+$ sudo apt update
+$ sudo apt install cmake libssl-dev cmake-curses-gui git
 $ cd ~
 $ mkdir se_mw
 $ unzip SE-PLUG-TRUST-MW.zip -d se_mw
-$ cd se_mw/simw-top/scripts
+$ cd se_mw/se05x_mw_v04.05.01/simw-top/scripts
 $ python create_cmake_projects.py rpi
-$ cd ~/se_mw/simw-top_build/raspbian_native_se050_t1oi2c
+$ cd ~/se_mw/se05x_mw_v04.05.01/simw-top_build/raspbian_native_se050_t1oi2c
 $ ccmake .
 # Make sure the following are set:
-#    `Host OS` to `Raspbian`
-#    `Host Crypto` to `None` (see HostCrypto section below)
+#    `PTMW_Host` to `Raspbian`
+#    `PTMW_HostCrypto` to `User` (see HostCrypto section below)
 #    `SMCOM` to `T1oI2C`
 $ c # to configure
-$ g # to generate
-$ q
+$ g # to generate, this will exit upon completion
 $ cmake --build .
 $ sudo make install
 ```
@@ -56,7 +59,7 @@ $ sudo make install
 This will also compile several demo apps which can be run if wanted, ie:
 
 ```sh
-$ cd ~/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin
+$ cd ~/se_mw/se05x_mw_v04.05.01/simw-top_build/raspbian_native_se050_t1oi2c/bin
 $ ./ex_ecc  # (or, ./se05x_GetInfo, etc)
 ```
 
@@ -202,6 +205,10 @@ value based on an incrementing counter past the value defined by this define.
 
 If not defined, this value will default to **100**.
 
+**`WOLFSSL_SE050_AUTO_ERASE`**
+
+Automatically erases the key from the SE050 when `wc_*_free()` is called.
+
 **`WOLFSSL_SE050_FACTORY_RESET`**
 
 When defined, calls to `wolfSSL_Init()` or `wolfCrypt_Init()` will factory
@@ -234,6 +241,11 @@ a Raspberry Pi with SE05x EdgeLock dev kit. If `WOLFSSL_SE050_NO_TRNG` is
 defined, wolfCrypt will instead fall back to using `/dev/random` and
 `/dev/urandom` on the Raspberry Pi.
 
+**`WOLFSSL_SE050_NO_RSA`**
+
+Disables using the SE050 for RSA, useful for the SE050E which does not have
+RSA support.
+
 ## wolfSSL HostCrypto Support
 
 The NXP SE05x Plug & Trust Middleware by default can use either OpenSSL or
diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c
index f78f1d697..a3799b0a7 100644
--- a/wolfcrypt/src/port/nxp/dcp_port.c
+++ b/wolfcrypt/src/port/nxp/dcp_port.c
@@ -1,6 +1,6 @@
 /* dcp_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -255,7 +255,7 @@ int  DCPAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (ret)
         ret = WC_HW_E;
     else
-        XMEMCPY(aes->reg, out, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, out, WC_AES_BLOCK_SIZE);
     dcp_unlock();
     return ret;
 }
@@ -270,7 +270,7 @@ int  DCPAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (ret)
         ret = WC_HW_E;
     else
-        XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, in, WC_AES_BLOCK_SIZE);
     dcp_unlock();
     return ret;
 }
diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c
index 7cfa04771..e265c5d3f 100644
--- a/wolfcrypt/src/port/nxp/ksdk_port.c
+++ b/wolfcrypt/src/port/nxp/ksdk_port.c
@@ -1,6 +1,6 @@
 /* ksdk_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -105,7 +105,7 @@ static int ltc_get_lsb_bin_from_mp_int(uint8_t *dst, mp_int *A, uint16_t *psz)
 #else
     res = mp_to_unsigned_bin(A, dst);
     if (res == MP_OKAY) {
-        ltc_reverse_array(dst, sz); 
+        ltc_reverse_array(dst, sz);
     }
 #endif
     *psz = sz;
@@ -134,7 +134,7 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
     szA = mp_unsigned_bin_size(A);
     szB = mp_unsigned_bin_size(B);
 
-    /* if unsigned mul can fit into LTC PKHA let's use it, otherwise call 
+    /* if unsigned mul can fit into LTC PKHA let's use it, otherwise call
      * software mul */
     if ((szA <= LTC_MAX_INT_BYTES / 2) && (szB <= LTC_MAX_INT_BYTES / 2)) {
         uint8_t *ptrA = (uint8_t*)XMALLOC(LTC_MAX_INT_BYTES, NULL,
@@ -186,18 +186,10 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
             }
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrN) {
-            XFREE(ptrN, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrN, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #ifdef WOLFSSL_SP_MATH
@@ -264,7 +256,7 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
                 {
                     ltc_reverse_array(ptrC, sizeC);
                     res = mp_read_unsigned_bin(c, ptrC, sizeC);
-                
+
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
       defined(WOLFSSL_SP_INT_NEGATIVE)
                     /* fix sign */
@@ -280,15 +272,9 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
             res = MP_MEM;
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -341,10 +327,10 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
             res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
             if (res == MP_OKAY)
                 res = ltc_get_lsb_bin_from_mp_int(ptrB, b, &sizeB);
-            
+
             /* if a >= b then reduce */
             /* TODO: Perhaps always do mod reduce depending on hardware performance */
-            if (res == MP_OKAY && 
+            if (res == MP_OKAY &&
                         LTC_PKHA_CompareBigNum(ptrA, sizeA, ptrB, sizeB) >= 0) {
                 if (LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrB, sizeB,
                     ptrA, &sizeA, kLTC_PKHA_IntegerArith) != kStatus_Success) {
@@ -372,15 +358,9 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
             res = MP_MEM;
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -411,7 +391,7 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
     int res = MP_OKAY;
     status_t status;
     int szA, szB, szC;
-    
+
 #ifdef ENABLE_NXPLTC_TESTS
     mp_int t;
     mp_init(&t);
@@ -491,18 +471,10 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
             res = MP_MEM;
         }
 
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrC) {
-            XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrD) {
-            XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrD, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -543,8 +515,8 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime)
     szX = mp_unsigned_bin_size(X);
     szP = mp_unsigned_bin_size(P);
 
-    if ((szG <= LTC_MAX_INT_BYTES) && 
-        (szX <= LTC_MAX_INT_BYTES) && 
+    if ((szG <= LTC_MAX_INT_BYTES) &&
+        (szX <= LTC_MAX_INT_BYTES) &&
         (szP <= LTC_MAX_INT_BYTES))
     {
         uint16_t sizeG, sizeX, sizeP, sizeY;
@@ -563,9 +535,9 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime)
 
             /* if G >= P then reduce */
             /* TODO: Perhaps always do mod reduce depending on hardware performance */
-            if (res == MP_OKAY && 
+            if (res == MP_OKAY &&
                         LTC_PKHA_CompareBigNum(ptrG, sizeG, ptrP, sizeP) >= 0) {
-                res = LTC_PKHA_ModRed(LTC_BASE, 
+                res = LTC_PKHA_ModRed(LTC_BASE,
                     ptrG, sizeG,
                     ptrP, sizeP,
                     ptrG, &sizeG, kLTC_PKHA_IntegerArith);
@@ -591,18 +563,10 @@ int ltc_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int useConstTime)
             res = MP_MEM;
         }
 
-        if (ptrY) {
-            XFREE(ptrY, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrP) {
-            XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrX) {
-            XFREE(ptrX, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrG) {
-            XFREE(ptrG, NULL, DYNAMIC_TYPE_BIGINT);
-        }        
+        XFREE(ptrY, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrP, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrX, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrG, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -678,7 +642,7 @@ int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng)
             res = ltc_get_lsb_bin_from_mp_int(ptrA, a, &sizeA);
         }
         if (res == MP_OKAY) {
-            if (LTC_PKHA_PrimalityTest(LTC_BASE, 
+            if (LTC_PKHA_PrimalityTest(LTC_BASE,
                 ptrB, sizeB,             /* seed */
                 (uint8_t*)&t, sizeof(t), /* trials */
                 ptrA, sizeA,             /* candidate */
@@ -687,12 +651,8 @@ int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng)
             }
         }
 
-        if (ptrB) {
-            XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
-        }
-        if (ptrA) {
-            XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
-        }
+        XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT);
+        XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT);
     }
     else {
 #if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
@@ -726,7 +686,7 @@ int mp_prime_is_prime(mp_int* a, int t, int* result)
 #if defined(HAVE_ECC) && defined(FREESCALE_LTC_ECC)
 
 /* convert from mp_int to LTC integer, as array of bytes of size sz.
- * if mp_int has less bytes than sz, add zero bytes at most significant byte 
+ * if mp_int has less bytes than sz, add zero bytes at most significant byte
  *   positions.
  * This is when for example modulus is 32 bytes (P-256 curve)
  * and mp_int has only 31 bytes, we add leading zeros
@@ -763,7 +723,7 @@ static int ltc_get_from_mp_int(uint8_t *dst, mp_int *a, int sz)
     return res;
 }
 
-/* ECC specs in lsbyte at lowest address format for direct use by LTC PKHA 
+/* ECC specs in lsbyte at lowest address format for direct use by LTC PKHA
  * driver functions */
 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
 #define ECC192
@@ -1196,7 +1156,7 @@ static const uint8_t invThree[32] = {
 /*
  *
  * finds square root in finite field when modulus congruent to 5 modulo 8
- * this is fixed to curve25519 modulus 2^255 - 19 which is congruent to 
+ * this is fixed to curve25519 modulus 2^255 - 19 which is congruent to
  * 5 modulo 8.
  *
  * This function solves equation: res^2 = a mod (2^255 - 19)
@@ -1914,7 +1874,7 @@ status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey,
     return status;
 }
 
-/* LSByte first of Ed25519 parameter l = 2^252 + 
+/* LSByte first of Ed25519 parameter l = 2^252 +
  *   27742317777372353535851937790883648493 */
 static const uint8_t l_coefEdDSA[] = {
     0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c
index b2ada5773..697d2c8df 100644
--- a/wolfcrypt/src/port/nxp/se050_port.c
+++ b/wolfcrypt/src/port/nxp/se050_port.c
@@ -1,6 +1,6 @@
 /* se050_port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -54,7 +54,7 @@
     #define SE050_ECC_DER_MAX 256
     #endif
 #endif
-#ifndef NO_RSA
+#if !defined(NO_RSA) && !defined(WOLFSSL_SE050_NO_RSA)
     #include <wolfssl/wolfcrypt/rsa.h>
     struct RsaKey;
 #endif
@@ -266,7 +266,7 @@ int se050_hash_copy(SE050_HASH_Context* src, SE050_HASH_Context* dst)
 
 int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len)
 {
-	byte* tmp = NULL;
+        byte* tmp = NULL;
 
     if (se050Ctx == NULL || (len > 0 && data == NULL)) {
         return BAD_FUNC_ARG;
@@ -633,7 +633,7 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
         else {
             if (out == NULL) {
                 *outSz = ret;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
             if ((word32)ret > *outSz) {
                 WOLFSSL_MSG("Output buffer not large enough for object");
@@ -659,7 +659,7 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
     return ret;
 }
 
-#ifndef NO_RSA
+#if !defined(NO_RSA) && !defined(WOLFSSL_SE050_NO_RSA)
 
 /**
  * Use specified SE050 key ID with this RsaKey struct.
@@ -738,9 +738,7 @@ int se050_rsa_use_key_id(struct RsaKey* key, word32 keyId)
             status = kStatus_SSS_Fail;
         }
     }
-    if (derBuf != NULL) {
-        XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (status == kStatus_SSS_Success) {
         key->keyId = keyId;
@@ -884,9 +882,7 @@ int se050_rsa_create_key(struct RsaKey* key, int size, long e)
             status = kStatus_SSS_Fail;
         }
     }
-    if (derBuf != NULL) {
-        XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (status == kStatus_SSS_Success) {
         key->keyId = keyId;
@@ -1228,9 +1224,7 @@ int se050_rsa_sign(const byte* in, word32 inLen, byte* out,
                                                derSz, (keySz * 8), NULL, 0);
             }
 
-            if (derBuf != NULL) {
-                XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            }
+            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         else {
             status = sss_key_object_get_handle(&newKey, keyId);
@@ -1392,9 +1386,7 @@ int se050_rsa_verify(const byte* in, word32 inLen, byte* out, word32 outLen,
                                                derSz, (keySz * 8), NULL, 0);
             }
 
-            if (derBuf != NULL) {
-                XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            }
+            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         else {
             status = sss_key_object_get_handle(&newKey, keyId);
@@ -1579,9 +1571,7 @@ int se050_rsa_public_encrypt(const byte* in, word32 inLen, byte* out,
             status = sss_key_object_get_handle(&newKey, keyId);
         }
 
-        if (derBuf != NULL) {
-            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     if (status == kStatus_SSS_Success) {
@@ -1746,9 +1736,7 @@ int se050_rsa_private_decrypt(const byte* in, word32 inLen, byte* out,
             status = sss_key_object_get_handle(&newKey, keyId);
         }
 
-        if (derBuf != NULL) {
-            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        }
+        XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     if (status == kStatus_SSS_Success) {
@@ -2344,6 +2332,7 @@ void se050_ecc_free_key(struct ecc_key* key)
     if (status == kStatus_SSS_Success) {
         status = sss_key_object_get_handle(&keyObject, key->keyId);
     }
+
     if (status == kStatus_SSS_Success) {
         sss_key_object_free(&keyObject);
         key->keyId = 0;
@@ -2544,8 +2533,8 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
     wolfSSL_CryptHwMutexUnLock();
 
 #ifdef SE050_DEBUG
-    printf("se050_ecc_create_key: key %p, ret %d, keyId %d\n",
-        key, ret, key->keyId);
+    printf("se050_ecc_create_key: key %p, ret %d, status %d, keyId %d\n",
+        key, ret, status, key->keyId);
 #endif
 
     return ret;
@@ -2700,7 +2689,8 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
     wolfSSL_CryptHwMutexUnLock();
 
 #ifdef SE050_DEBUG
-    printf("se050_ecc_shared_secret: ret %d, outlen %d\n", ret, *outlen);
+    printf("se050_ecc_shared_secret: ret %d, status %d, outlen %d\n", ret,
+            status, *outlen);
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
index 32cf02ed0..aa887580c 100644
--- a/wolfcrypt/src/port/pic32/pic32mz-crypt.c
+++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
@@ -1,6 +1,6 @@
 /* pic32mz-crypt.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -365,7 +365,7 @@ static void reset_engine(int algo)
 static void update_engine(const byte *input, word32 len, word32 *hash)
 {
     int total;
-    
+
     gLHDesc.bd[gLHDesc.currBd].UPDPTR = KVA_TO_PA(hash);
 
     /* Add the data to the current buffer. If the buffer fills, start processing it
diff --git a/wolfcrypt/src/port/psa/psa.c b/wolfcrypt/src/port/psa/psa.c
index 860f5c489..907427a85 100644
--- a/wolfcrypt/src/port/psa/psa.c
+++ b/wolfcrypt/src/port/psa/psa.c
@@ -1,6 +1,6 @@
 /* psa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_aes.c b/wolfcrypt/src/port/psa/psa_aes.c
index a0881d451..6f0873ade 100644
--- a/wolfcrypt/src/port/psa/psa_aes.c
+++ b/wolfcrypt/src/port/psa/psa_aes.c
@@ -1,6 +1,6 @@
 /* psa_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -293,7 +293,7 @@ int wc_psa_aes_free(Aes *aes)
 int wc_AesEncrypt(Aes *aes, const byte *inBlock, byte *outBlock)
 {
     return wc_psa_aes_encrypt_decrypt(aes, inBlock, outBlock,
-                                      AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
+                                      WC_AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
                                       AES_ENCRYPTION);
 }
 
@@ -301,7 +301,7 @@ int wc_AesEncrypt(Aes *aes, const byte *inBlock, byte *outBlock)
 int wc_AesDecrypt(Aes *aes, const byte *inBlock, byte *outBlock)
 {
     return wc_psa_aes_encrypt_decrypt(aes, inBlock, outBlock,
-                                      AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
+                                      WC_AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
                                       AES_DECRYPTION);
 }
 #endif
@@ -319,7 +319,7 @@ int wc_AesCtrEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 int wc_AesCbcEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 {
 
-    if (sz % AES_BLOCK_SIZE != 0)
+    if (sz % WC_AES_BLOCK_SIZE != 0)
 #if defined (WOLFSSL_AES_CBC_LENGTH_CHECKS)
         return BAD_LENGTH_E;
 #else
@@ -334,7 +334,7 @@ int wc_AesCbcEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 int wc_AesCbcDecrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 {
 
-    if (sz % AES_BLOCK_SIZE != 0)
+    if (sz % WC_AES_BLOCK_SIZE != 0)
 #if defined (WOLFSSL_AES_CBC_LENGTH_CHECKS)
         return BAD_LENGTH_E;
 #else
diff --git a/wolfcrypt/src/port/psa/psa_hash.c b/wolfcrypt/src/port/psa/psa_hash.c
index 7de9776fb..df8bd1197 100644
--- a/wolfcrypt/src/port/psa/psa_hash.c
+++ b/wolfcrypt/src/port/psa/psa_hash.c
@@ -1,6 +1,6 @@
 /* psa_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_pkcbs.c b/wolfcrypt/src/port/psa/psa_pkcbs.c
index 6a7452cb3..4c9edec74 100644
--- a/wolfcrypt/src/port/psa/psa_pkcbs.c
+++ b/wolfcrypt/src/port/psa/psa_pkcbs.c
@@ -1,6 +1,6 @@
 /* psa_pkcbs.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c
new file mode 100644
index 000000000..c116f17da
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -0,0 +1,9283 @@
+/* riscv-64-aes.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#if !defined(NO_AES)
+
+#include <wolfssl/wolfcrypt/aes.h>
+
+#include <wolfssl/wolfcrypt/logging.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLFSSL_RISCV_ASM
+
+/* Copy a 16-byte value from in to out.
+ *
+ * @param [out] out  16-byte value destination.
+ * @param [in]  in   16-byte value source.
+ */
+static WC_INLINE void memcpy16(byte* out, const byte* in)
+{
+    word64* out64 = (word64*)out;
+    word64* in64  = (word64*)in;
+
+    out64[0] = in64[0];
+    out64[1] = in64[1];
+}
+
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+
+/* Reverse bits in each byte of 64-bit register. */
+#define BREV8(rd, rs)                                       \
+    ASM_WORD(0b01101000011100000101000000010011 |           \
+             (rs << 15) | (rd << 7))
+
+#endif /* WOLFSSL_RISCV_BIT_MANIPULATION */
+
+#ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+/* Reverse bits in each byte of 128-bit vector register. */
+#define VBREV8(vd, vs2) \
+    ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b1000 << 15) | \
+             (0b010 << 12) | (0b1010111 << 0) | \
+             (vs2 << 20) | (vd << 7))
+#endif
+
+
+/* Vector register set if equal: vd[i] = vs1[i] == vs2[i] ? 1 : 0 */
+#define VMSEQ_VV(vd, vs1, vs2)                      \
+    ASM_WORD((0b011000 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+/* Vector register set if equal: vd[i] = vs1[i] != vs2[i] ? 1 : 0 */
+#define VMSNE_VV(vd, vs1, vs2)                      \
+    ASM_WORD((0b011001 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+/* rd = Count of vs2[i] that has a value of 1. */
+#define VCPOP_M(rd, vs2)                            \
+    ASM_WORD((0b010000 << 26) | (0b1 << 25) |       \
+             (0b10000 << 15) |                      \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (rd << 7))
+
+#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+
+/*
+ * Vector crypto instruction implementation of base operations.
+ */
+
+/* Vector AES-128 forward key schedule computation. */
+#define VAESKF1_VI(rd, rs2, rnum)                   \
+    ASM_WORD((0b100010 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (rd << 7) | (rnum << 15) | (rs2 << 20))
+/* Vector AES-256 forward key schedule computation. */
+#define VAESKF2_VI(rd, rs2, rnum)                   \
+    ASM_WORD((0b101010 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (rd << 7) | (rnum << 15) | (rs2 << 20))
+
+/* Vector AES round zero encryption/decryption. */
+#define VAESZ_VS(rd, rs2)                           \
+    ASM_WORD((0b101001 << 26) | (0b1 << 25) |       \
+             (0b00111 << 15) | (0b010 << 12) |      \
+             (0b1110111 << 0) |                     \
+             (rd << 7) | (rs2 << 20))
+/* Vector AES middle-round encryption. */
+#define VAESEM_VS(rd, rs2)                          \
+    ASM_WORD((0b101001 << 26) | (0b1 << 25) |       \
+             (0b00010 << 15) | (0b010 << 12) |      \
+             (0b1110111 << 0) |                     \
+             (rd << 7) | (rs2 << 20))
+/* Vector AES final-round encryption. */
+#define VAESEF_VS(rd, rs2)                          \
+    ASM_WORD((0b101001 << 26) | (0b1 << 25) |       \
+             (0b00011 << 15) | (0b010 << 12) |      \
+             (0b1110111 << 0) |                     \
+             (rd << 7) | (rs2 << 20))
+/* Vector AES middle-round decryption. */
+#define VAESDM_VS(rd, rs2)                          \
+    ASM_WORD((0b101001 << 26) | (0b1 << 25) |       \
+             (0b00000 << 15) | (0b010 << 12) |      \
+             (0b1110111 << 0) |                     \
+             (rd << 7) | (rs2 << 20))
+/* Vector AES final-round decryption. */
+#define VAESDF_VS(rd, rs2)                          \
+    ASM_WORD((0b101001 << 26) | (0b1 << 25) |       \
+             (0b00001 << 15) | (0b010 << 12) |      \
+             (0b1110111 << 0) |                     \
+             (rd << 7) | (rs2 << 20))
+
+/* Set the key and/or IV into the AES object.
+ *
+ * Creates the key schedule from the key.
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in] aes     AES object.
+ * @param [in] key     Secret key to use.
+ * @param [in] keyLen  Length of key in bytes.
+ * @param [in] iv      Initialization Vector (IV) to use. May be NULL.
+ * @param [in] dir     Direction of crypt: AES_ENCRYPT, AES_DECRYPT.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes or key is NULL.
+ * @return  BAD_FUNC_ARG when keyLen/dir is not supported or valid.
+ */
+int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
+    int dir)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+#ifdef WOLFSSL_AES_128
+    else if ((keyLen == 16) && (dir == AES_ENCRYPTION)) {
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            "mv          t0, %[key]\n\t"
+            VL1RE32_V(REG_V0, REG_T0)
+            "mv          t0, %[ks]\n\t"
+            VAESKF1_VI(REG_V1,  REG_V0, 1)
+            VAESKF1_VI(REG_V2,  REG_V1, 2)
+            VAESKF1_VI(REG_V3,  REG_V2, 3)
+            VAESKF1_VI(REG_V4,  REG_V3, 4)
+            VAESKF1_VI(REG_V5,  REG_V4, 5)
+            VAESKF1_VI(REG_V6,  REG_V5, 6)
+            VAESKF1_VI(REG_V7,  REG_V6, 7)
+            VAESKF1_VI(REG_V8,  REG_V7, 8)
+            VAESKF1_VI(REG_V9,  REG_V8, 9)
+            VAESKF1_VI(REG_V10, REG_V9, 10)
+            VS8R_V(REG_V0, REG_T0)
+            "add        t0, t0, 128\n\t"
+            VS2R_V(REG_V8, REG_T0)
+            "add        t0, t0, 96\n\t"
+            VS1R_V(REG_V10, REG_T0)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2"
+        );
+        aes->rounds = 10;
+    }
+#ifdef HAVE_AES_DECRYPT
+    else if ((keyLen == 16) && (dir == AES_DECRYPTION)) {
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            "mv          t0, %[key]\n\t"
+            VL1RE32_V(REG_V10, REG_T0)
+            "mv          t0, %[ks]\n\t"
+            VAESKF1_VI(REG_V9, REG_V10, 1)
+            VAESKF1_VI(REG_V8, REG_V9 , 2)
+            VAESKF1_VI(REG_V7, REG_V8 , 3)
+            VAESKF1_VI(REG_V6, REG_V7 , 4)
+            VAESKF1_VI(REG_V5, REG_V6 , 5)
+            VAESKF1_VI(REG_V4, REG_V5 , 6)
+            VAESKF1_VI(REG_V3, REG_V4 , 7)
+            VAESKF1_VI(REG_V2, REG_V3 , 8)
+            VAESKF1_VI(REG_V1, REG_V2 , 9)
+            VAESKF1_VI(REG_V0, REG_V1 , 10)
+            VS8R_V(REG_V0, REG_T0)
+            "add        t0, t0, 128\n\t"
+            VS2R_V(REG_V8, REG_T0)
+            "add        t0, t0, 96\n\t"
+            VS1R_V(REG_V10, REG_T0)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2"
+        );
+        aes->rounds = 10;
+    }
+#endif
+#endif
+#ifdef WOLFSSL_AES_192
+
+/* One round of computing key schedule for AES-192. */
+#define AES_192_ROUND(d, s, r)                          \
+            /* Place key[3] in v16[3] */                \
+            VSLIDEDOWN_VI(REG_V17, s, 3)                \
+            VSLIDEUP_VI(REG_V16, REG_V17, 3)            \
+            /* Place key[5] in s[3] */                  \
+            VSLIDEUP_VI(s, REG_V14, 3)                  \
+            /* key'[0] = key[0] ^ ks1(key[5]) */        \
+            /* key'[1] = key[1] ^ key'[0]     */        \
+            /* key'[2] = key[2] ^ key'[1]     */        \
+            /* key'[3] = key[5] ^ key'[2]     */        \
+            VAESKF1_VI(d, s, r)                         \
+            /* key'[3] = key[3] ^ key[5] ^ key'[2] */   \
+            VXOR_VV(d, d, REG_V16)                      \
+            /* key'[3] = key[3] ^ key'[2] */            \
+            VSLIDEUP_VI(REG_V16, REG_V14, 3)            \
+            VXOR_VV(d, d, REG_V16)                      \
+            /* key'[4] = key[4] ^ key'[3] */            \
+            VSLIDEDOWN_VI(REG_V15, d, 3)                \
+            VXOR_VV(REG_V13, REG_V13, REG_V15)          \
+            /* key'[5] = key[5] ^ key'[4] */            \
+            VXOR_VV(REG_V14, REG_V14, REG_V13)          \
+
+/* Store 6 words.
+ * V13[0] and V14[0] contain last two words. */
+#define AES_192_STORE(d)                                \
+            VS1R_V(d, REG_T0)                           \
+            "addi        t0, t0, 16\n\t"                \
+            VSLIDEUP_VI(REG_V13, REG_V14, 1)            \
+            VSETIVLI(REG_X0, 2, 1, 1, 0b010, 0b000)     \
+            VS1R_V(REG_V13, REG_T0)                     \
+            "addi        t0, t0, 8\n\t"                 \
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+    else if ((keyLen == 24) && (dir == AES_ENCRYPTION)) {
+        /* Not supported with specific instructions - make it work anyway! */
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            "mv          t0, %[key]\n\t"
+            VL1RE32_V(REG_V0, REG_T0)
+            VSETIVLI(REG_X0, 1, 1, 1, 0b010, 0b000)
+            "addi        t0, t0, 16\n\t"
+            VL1RE32_V(REG_V13, REG_T0)
+            "addi        t0, t0, 4\n\t"
+            VL1RE32_V(REG_V14, REG_T0)
+            VXOR_VV(REG_V16, REG_V16, REG_V16)
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+            "mv          t0, %[ks]\n\t"
+
+            /* Round 0 */
+            AES_192_STORE(REG_V0)
+            /* Round 1 */
+            AES_192_ROUND(REG_V1, REG_V0, 1)
+            AES_192_STORE(REG_V1)
+            /* Round 2 */
+            AES_192_ROUND(REG_V0, REG_V1, 2)
+            AES_192_STORE(REG_V0)
+            /* Round 3 */
+            AES_192_ROUND(REG_V1, REG_V0, 3)
+            AES_192_STORE(REG_V1)
+            /* Round 4 */
+            AES_192_ROUND(REG_V0, REG_V1, 4)
+            AES_192_STORE(REG_V0)
+            /* Round 5 */
+            AES_192_ROUND(REG_V1, REG_V0, 5)
+            AES_192_STORE(REG_V1)
+            /* Round 6 */
+            AES_192_ROUND(REG_V0, REG_V1, 6)
+            AES_192_STORE(REG_V0)
+            /* Round 7 */
+            AES_192_ROUND(REG_V1, REG_V0, 7)
+            AES_192_STORE(REG_V1)
+            /* Round 8 */
+            AES_192_ROUND(REG_V0, REG_V1, 8)
+            "addi        t0, t0, 32\n\t"
+            VS1R_V(REG_V0, REG_T0)
+            /* Only need 52 32-bit words - 13 rounds x 4 32-bit words. */
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0"
+        );
+        aes->rounds = 12;
+    }
+#ifdef HAVE_AES_DECRYPT
+    else if ((keyLen == 24) && (dir == AES_DECRYPTION)) {
+        /* Not supported with specific instructions - make it work anyway! */
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            "mv          t0, %[key]\n\t"
+            VL1RE32_V(REG_V0, REG_T0)
+            VSETIVLI(REG_X0, 1, 1, 1, 0b010, 0b000)
+            "addi        t0, t0, 16\n\t"
+            VL1RE32_V(REG_V13, REG_T0)
+            "addi        t0, t0, 4\n\t"
+            VL1RE32_V(REG_V14, REG_T0)
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            VXOR_VV(REG_V16, REG_V16, REG_V16)
+
+            "addi        t0, %[ks], 224\n\t"
+            VS1R_V(REG_V0, REG_T0)
+
+            "mv          t0, %[ks]\n\t"
+
+            /* Round 0 */
+            AES_192_STORE(REG_V0)
+            /* Round 1 */
+            AES_192_ROUND(REG_V1, REG_V0, 1)
+            AES_192_STORE(REG_V1)
+            /* Round 2 */
+            AES_192_ROUND(REG_V0, REG_V1, 2)
+            AES_192_STORE(REG_V0)
+            /* Round 3 */
+            AES_192_ROUND(REG_V1, REG_V0, 3)
+            AES_192_STORE(REG_V1)
+            /* Round 4 */
+            AES_192_ROUND(REG_V0, REG_V1, 4)
+            AES_192_STORE(REG_V0)
+            /* Round 5 */
+            AES_192_ROUND(REG_V1, REG_V0, 5)
+            AES_192_STORE(REG_V1)
+            /* Round 6 */
+            AES_192_ROUND(REG_V0, REG_V1, 6)
+            AES_192_STORE(REG_V0)
+            /* Round 7 */
+            AES_192_ROUND(REG_V1, REG_V0, 7)
+            AES_192_STORE(REG_V1)
+            /* Round 8 */
+            AES_192_ROUND(REG_V0, REG_V1, 8)
+            VS1R_V(REG_V0, REG_T0)
+            /* Only need 52 32-bit words - 13 rounds x 4 32-bit words. */
+
+            /* Invert the order of the round keys. */
+            "mv          t0, %[ks]\n\t"
+            VL4RE32_V(REG_V0, REG_T0)
+            "addi        t0, %[ks], 64\n\t"
+            VL2RE32_V(REG_V4, REG_T0)
+            "addi        t1, %[ks], 112\n\t"
+            VL4RE32_V(REG_V8, REG_T1)
+            "addi        t1, %[ks], 176\n\t"
+            VL2RE32_V(REG_V12, REG_T1)
+            VMV_V_V(REG_V21, REG_V0 )
+            VMV_V_V(REG_V20, REG_V1 )
+            VMV_V_V(REG_V19, REG_V2 )
+            VMV_V_V(REG_V18, REG_V3 )
+            VMV_V_V(REG_V17, REG_V4 )
+            VMV_V_V(REG_V16, REG_V5 )
+            VMV_V_V(REG_V5 , REG_V8 )
+            VMV_V_V(REG_V4 , REG_V9 )
+            VMV_V_V(REG_V3 , REG_V10)
+            VMV_V_V(REG_V2 , REG_V11)
+            VMV_V_V(REG_V1 , REG_V12)
+            VMV_V_V(REG_V0 , REG_V13)
+            "mv          t0, %[ks]\n\t"
+            VS4R_V(REG_V0, REG_T0)
+            "addi        t0, %[ks], 64\n\t"
+            VS2R_V(REG_V4, REG_T0)
+            "addi        t1, %[ks], 112\n\t"
+            VS4R_V(REG_V16, REG_T1)
+            "addi        t1, %[ks], 176\n\t"
+            VS2R_V(REG_V20, REG_T1)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1"
+        );
+        aes->rounds = 12;
+    }
+#endif
+#endif
+#ifdef WOLFSSL_AES_256
+    else if ((keyLen == 32) && (dir == AES_ENCRYPTION)) {
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            "mv          t0, %[key]\n\t"
+            VL2RE32_V(REG_V0, REG_T0)
+            "mv          t0, %[ks]\n\t"
+            VMV_V_V(REG_V14, REG_V0)
+            VMV_V_V(REG_V13, REG_V1)
+            VAESKF2_VI(REG_V14, REG_V13, 2)
+            VMV_V_V(REG_V2, REG_V14)
+            VAESKF2_VI(REG_V13, REG_V14, 3)
+            VMV_V_V(REG_V3, REG_V13)
+            VAESKF2_VI(REG_V14, REG_V13, 4)
+            VMV_V_V(REG_V4, REG_V14)
+            VAESKF2_VI(REG_V13, REG_V14, 5)
+            VMV_V_V(REG_V5, REG_V13)
+            VAESKF2_VI(REG_V14, REG_V13, 6)
+            VMV_V_V(REG_V6, REG_V14)
+            VAESKF2_VI(REG_V13, REG_V14, 7)
+            VMV_V_V(REG_V7, REG_V13)
+            VAESKF2_VI(REG_V14, REG_V13, 8)
+            VMV_V_V(REG_V8, REG_V14)
+            VAESKF2_VI(REG_V13, REG_V14, 9)
+            VMV_V_V(REG_V9, REG_V13)
+            VAESKF2_VI(REG_V14, REG_V13, 10)
+            VMV_V_V(REG_V10, REG_V14)
+            VAESKF2_VI(REG_V13, REG_V14, 11)
+            VMV_V_V(REG_V11, REG_V13)
+            VAESKF2_VI(REG_V14, REG_V13, 12)
+            VMV_V_V(REG_V12, REG_V14)
+            VAESKF2_VI(REG_V13, REG_V14, 13)
+            VAESKF2_VI(REG_V14, REG_V13, 14)
+            VS8R_V(REG_V0, REG_T0)
+            "add        t0, t0, 128\n\t"
+            VSR_V(REG_V8, REG_T0, 4)
+            "add        t0, t0, 64\n\t"
+            VSR_V(REG_V12, REG_T0, 2)
+            "add        t0, t0, 32\n\t"
+            VSR_V(REG_V14, REG_T0, 1)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2"
+        );
+        aes->rounds = 14;
+    }
+#ifdef HAVE_AES_DECRYPT
+    else if ((keyLen == 32) && (dir == AES_DECRYPTION)) {
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+            "mv          t0, %[key]\n\t"
+            VL2RE32_V(REG_V0, REG_T0)
+            VMV_V_V(REG_V13, REG_V1)
+            VMV_V_V(REG_V14, REG_V0)
+            "mv          t0, %[ks]\n\t"
+            VAESKF2_VI(REG_V0, REG_V1, 2)
+            VMV_V_V(REG_V12, REG_V0)
+            VAESKF2_VI(REG_V1, REG_V0, 3)
+            VMV_V_V(REG_V11, REG_V1)
+            VAESKF2_VI(REG_V0, REG_V1, 4)
+            VMV_V_V(REG_V10, REG_V0)
+            VAESKF2_VI(REG_V1, REG_V0, 5)
+            VMV_V_V(REG_V9 , REG_V1)
+            VAESKF2_VI(REG_V0, REG_V1, 6)
+            VMV_V_V(REG_V8 , REG_V0)
+            VAESKF2_VI(REG_V1, REG_V0, 7)
+            VMV_V_V(REG_V7 , REG_V1)
+            VAESKF2_VI(REG_V0, REG_V1, 8)
+            VMV_V_V(REG_V6 , REG_V0)
+            VAESKF2_VI(REG_V1, REG_V0, 9)
+            VMV_V_V(REG_V5 , REG_V1)
+            VAESKF2_VI(REG_V0, REG_V1, 10)
+            VMV_V_V(REG_V4 , REG_V0)
+            VAESKF2_VI(REG_V1, REG_V0, 11)
+            VMV_V_V(REG_V3 , REG_V1)
+            VAESKF2_VI(REG_V0, REG_V1, 12)
+            VMV_V_V(REG_V2 , REG_V0)
+            VAESKF2_VI(REG_V1, REG_V0, 13)
+            VAESKF2_VI(REG_V0, REG_V1, 14)
+            VS8R_V(REG_V0, REG_T0)
+            "add        t0, t0, 128\n\t"
+            VSR_V(REG_V8, REG_T0, 4)
+            "add        t0, t0, 64\n\t"
+            VSR_V(REG_V12, REG_T0, 2)
+            "add        t0, t0, 32\n\t"
+            VSR_V(REG_V14, REG_T0, 1)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2"
+        );
+        aes->rounds = 14;
+    }
+#endif
+#endif
+    else {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Set the IV. */
+        ret = wc_AesSetIV(aes, iv);
+    }
+    if (ret == 0) {
+        /* Finish setting the AES object. */
+        aes->keylen = keyLen;
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
+        aes->left = 0;
+#endif
+    }
+
+    return ret;
+}
+
+#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+/* Encrypt a block using AES.
+ *
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to encrypt.
+ * @param [out] out  Encrypted block.
+ */
+static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
+{
+    word32* key = aes->key;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..9]. */
+        "addi       t0, t0, 128\n\t"
+        VL2RE32_V(REG_V8, REG_T0)
+        /* Check for 11 rounds. */
+        "li         t4, 11\n\t"
+        "ble        %[rounds], t4, L_aes_encrypt_loaded\n\t"
+        /* Load key[10..11]. */
+        "addi       t0, t0, 32\n\t"
+        VL2RE32_V(REG_V10, REG_T0)
+        /* Check for 13 rounds. */
+        "li         t4, 13\n\t"
+        "ble        %[rounds], t4, L_aes_encrypt_loaded\n\t"
+        /* Load key[12..13]. */
+        "addi       t0, t0, 32\n\t"
+        VL2RE32_V(REG_V12, REG_T0)
+      "L_aes_encrypt_loaded:\n\t"
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V14, REG_T0)
+
+        /* Load block. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+
+        /* Encrypt 10 rounds. */
+        VAESZ_VS(REG_V15, REG_V0)
+        VAESEM_VS(REG_V15, REG_V1)
+        VAESEM_VS(REG_V15, REG_V2)
+        VAESEM_VS(REG_V15, REG_V3)
+        VAESEM_VS(REG_V15, REG_V4)
+        VAESEM_VS(REG_V15, REG_V5)
+        VAESEM_VS(REG_V15, REG_V6)
+        VAESEM_VS(REG_V15, REG_V7)
+        VAESEM_VS(REG_V15, REG_V8)
+        VAESEM_VS(REG_V15, REG_V9)
+        /* Check for 11 rounds. */
+        "li         t4, 11\n\t"
+        "ble        %[rounds], t4, L_aes_encrypt_done\n\t"
+        VAESEM_VS(REG_V15, REG_V10)
+        VAESEM_VS(REG_V15, REG_V11)
+        /* Check for 13 rounds. */
+        "li         t4, 13\n\t"
+        "ble        %[rounds], t4, L_aes_encrypt_done\n\t"
+        VAESEM_VS(REG_V15, REG_V12)
+        VAESEM_VS(REG_V15, REG_V13)
+      "L_aes_encrypt_done:\n\t"
+        /* Last round. */
+        VAESEF_VS(REG_V15, REG_V14)
+
+        /* Store encrypted block. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V15, REG_T0)
+
+        :
+        : [in] "r" (in), [out] "r" (out), [key] "r" (key),
+          [rounds] "r" (aes->rounds)
+        : "memory", "t0", "t1", "t2", "t4"
+    );
+}
+#endif
+
+#ifdef HAVE_AES_DECRYPT
+#ifdef WOLFSSL_AES_DIRECT
+/* Decrypt a block using AES.
+ *
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to decrypt.
+ * @param [out] out  Decrypted block.
+ */
+static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
+{
+    word32* key = aes->key;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..9]. */
+        "addi       t0, t0, 128\n\t"
+        VL2RE32_V(REG_V8, REG_T0)
+        /* Check for 11 rounds. */
+        "li         t4, 11\n\t"
+        "ble        %[rounds], t4, L_aes_decrypt_loaded\n\t"
+        /* Load key[10..11]. */
+        "addi       t0, t0, 32\n\t"
+        VL2RE32_V(REG_V10, REG_T0)
+        /* Check for 13 rounds. */
+        "li         t4, 13\n\t"
+        "ble        %[rounds], t4, L_aes_decrypt_loaded\n\t"
+        /* Load key[12..13]. */
+        "addi       t0, t0, 32\n\t"
+        VL2RE32_V(REG_V12, REG_T0)
+      "L_aes_decrypt_loaded:\n\t"
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V14, REG_T0)
+
+        /* Load block. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+
+        /* Decrypt 10 rounds. */
+        VAESZ_VS(REG_V15, REG_V0)
+        VAESDM_VS(REG_V15, REG_V1)
+        VAESDM_VS(REG_V15, REG_V2)
+        VAESDM_VS(REG_V15, REG_V3)
+        VAESDM_VS(REG_V15, REG_V4)
+        VAESDM_VS(REG_V15, REG_V5)
+        VAESDM_VS(REG_V15, REG_V6)
+        VAESDM_VS(REG_V15, REG_V7)
+        VAESDM_VS(REG_V15, REG_V8)
+        VAESDM_VS(REG_V15, REG_V9)
+        /* Check for 11 rounds. */
+        "li         t4, 11\n\t"
+        "ble        %[rounds], t4, L_aes_decrypt_done\n\t"
+        VAESDM_VS(REG_V15, REG_V10)
+        VAESDM_VS(REG_V15, REG_V11)
+        /* Check for 13 rounds. */
+        "li         t4, 13\n\t"
+        "ble        %[rounds], t4, L_aes_decrypt_done\n\t"
+        VAESDM_VS(REG_V15, REG_V12)
+        VAESDM_VS(REG_V15, REG_V13)
+      "L_aes_decrypt_done:\n\t"
+        /* Last round. */
+        VAESDF_VS(REG_V15, REG_V14)
+
+        /* Store decrypted block. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V15, REG_T0)
+
+        :
+        : [in] "r" (in), [out] "r" (out), [key] "r" (key),
+          [rounds] "r" (aes->rounds)
+        : "memory", "t0", "t1", "t2", "t4"
+    );
+}
+#endif /* WOLFSSL_AES_DIRECT */
+#endif /* HAVE_AES_DECRYPT */
+
+/* AES-CBC */
+#ifdef HAVE_AES_CBC
+/* Encrypt blocks of data using AES-CBC.
+ *
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted blocks.
+ * @param [in]  in   Blocks to encrypt.
+ * @param pin]  sz   Number of bytes to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ */
+int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret = 0;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+    /* Ensure a multiple of blocks is to be encrypted.  */
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
+        ret = BAD_LENGTH_E;
+    }
+#endif
+
+    if ((ret == 0) && (sz > 0)) {
+        switch (aes->rounds) {
+#ifdef WOLFSSL_AES_128
+        case 10:
+            __asm__ __volatile__ (
+                VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+                /* Load key[0..7]. */
+                "mv         t0, %[key]\n\t"
+                VL8RE32_V(REG_V0, REG_T0)
+                /* Load key[8..9]. */
+                "addi       t0, t0, 128\n\t"
+                VL2RE32_V(REG_V8, REG_T0)
+                /* Load last round's key */
+                "addi       t0, %[key], 224\n\t"
+                VL1RE32_V(REG_V10, REG_T0)
+                /* Load the IV. */
+                "mv         t0, %[reg]\n\t"
+                VL1RE32_V(REG_V11, REG_T0)
+
+              "L_aes_cbc_128_encrypt_block_loop:\n\t"
+                /* Load input. */
+                "mv         t0, %[in]\n\t"
+                VL1RE32_V(REG_V15, REG_T0)
+                VXOR_VV(REG_V15, REG_V15, REG_V11)
+
+                VAESZ_VS(REG_V15, REG_V0)
+                VAESEM_VS(REG_V15, REG_V1)
+                VAESEM_VS(REG_V15, REG_V2)
+                VAESEM_VS(REG_V15, REG_V3)
+                VAESEM_VS(REG_V15, REG_V4)
+                VAESEM_VS(REG_V15, REG_V5)
+                VAESEM_VS(REG_V15, REG_V6)
+                VAESEM_VS(REG_V15, REG_V7)
+                VAESEM_VS(REG_V15, REG_V8)
+                VAESEM_VS(REG_V15, REG_V9)
+                VAESEF_VS(REG_V15, REG_V10)
+
+                "mv         t0, %[out]\n\t"
+                VS1R_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V11, REG_V15)
+
+                "addi        %[in], %[in], 16\n\t"
+                "addi        %[out], %[out], 16\n\t"
+                /* Loop if more elements to process. */
+                "addi       %[blocks], %[blocks], -1\n\t"
+                "bnez       %[blocks], L_aes_cbc_128_encrypt_block_loop\n\t"
+
+                "mv         t0, %[reg]\n\t"
+                VS1R_V(REG_V11, REG_T0)
+                : [blocks] "+r" (blocks)
+                : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+                  [reg] "r" (aes->reg)
+                : "memory", "t0", "t1", "t2", "t4"
+            );
+            break;
+#endif
+#ifdef WOLFSSL_AES_192
+        case 12:
+            __asm__ __volatile__ (
+                VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+                /* Load key[0..7]. */
+                "mv         t0, %[key]\n\t"
+                VL8RE32_V(REG_V0, REG_T0)
+                /* Load key[8..11]. */
+                "addi       t0, t0, 128\n\t"
+                VL4RE32_V(REG_V8, REG_T0)
+                /* Load last round's key */
+                "addi       t0, %[key], 224\n\t"
+                VL1RE32_V(REG_V12, REG_T0)
+                /* Load the IV. */
+                "mv         t0, %[reg]\n\t"
+                VL1RE32_V(REG_V13, REG_T0)
+
+              "L_aes_cbc_192_encrypt_block_loop:\n\t"
+                /* Load input. */
+                "mv         t0, %[in]\n\t"
+                VL1RE32_V(REG_V15, REG_T0)
+                VXOR_VV(REG_V15, REG_V15, REG_V13)
+
+                VAESZ_VS(REG_V15, REG_V0)
+                VAESEM_VS(REG_V15, REG_V1)
+                VAESEM_VS(REG_V15, REG_V2)
+                VAESEM_VS(REG_V15, REG_V3)
+                VAESEM_VS(REG_V15, REG_V4)
+                VAESEM_VS(REG_V15, REG_V5)
+                VAESEM_VS(REG_V15, REG_V6)
+                VAESEM_VS(REG_V15, REG_V7)
+                VAESEM_VS(REG_V15, REG_V8)
+                VAESEM_VS(REG_V15, REG_V9)
+                VAESEM_VS(REG_V15, REG_V10)
+                VAESEM_VS(REG_V15, REG_V11)
+                VAESEF_VS(REG_V15, REG_V12)
+
+                "mv         t0, %[out]\n\t"
+                VS1R_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V13, REG_V15)
+
+                "addi        %[in], %[in], 16\n\t"
+                "addi        %[out], %[out], 16\n\t"
+                /* Loop if more elements to process. */
+                "addi       %[blocks], %[blocks], -1\n\t"
+                "bnez       %[blocks], L_aes_cbc_192_encrypt_block_loop\n\t"
+
+                "mv         t0, %[reg]\n\t"
+                VS1R_V(REG_V13, REG_T0)
+                : [blocks] "+r" (blocks)
+                : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+                  [reg] "r" (aes->reg)
+                : "memory", "t0", "t1", "t2", "t4"
+            );
+            break;
+#endif
+#ifdef WOLFSSL_AES_256
+        case 14:
+            __asm__ __volatile__ (
+                VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+                /* Load key[0..7]. */
+                "mv         t0, %[key]\n\t"
+                VL8RE32_V(REG_V0, REG_T0)
+                /* Load key[8..11]. */
+                "addi       t0, t0, 128\n\t"
+                VL4RE32_V(REG_V8, REG_T0)
+                /* Load key[12..13]. */
+                "addi       t0, t0, 64\n\t"
+                VL2RE32_V(REG_V12, REG_T0)
+                /* Load last round's key */
+                "addi       t0, %[key], 224\n\t"
+                VL1RE32_V(REG_V14, REG_T0)
+                /* Load the IV. */
+                "mv         t0, %[reg]\n\t"
+                VL1RE32_V(REG_V16, REG_T0)
+
+              "L_aes_cbc_256_encrypt_block_loop:\n\t"
+                /* Load input. */
+                "mv         t0, %[in]\n\t"
+                VL1RE32_V(REG_V15, REG_T0)
+                VXOR_VV(REG_V15, REG_V15, REG_V16)
+
+                VAESZ_VS(REG_V15, REG_V0)
+                VAESEM_VS(REG_V15, REG_V1)
+                VAESEM_VS(REG_V15, REG_V2)
+                VAESEM_VS(REG_V15, REG_V3)
+                VAESEM_VS(REG_V15, REG_V4)
+                VAESEM_VS(REG_V15, REG_V5)
+                VAESEM_VS(REG_V15, REG_V6)
+                VAESEM_VS(REG_V15, REG_V7)
+                VAESEM_VS(REG_V15, REG_V8)
+                VAESEM_VS(REG_V15, REG_V9)
+                VAESEM_VS(REG_V15, REG_V10)
+                VAESEM_VS(REG_V15, REG_V11)
+                VAESEM_VS(REG_V15, REG_V12)
+                VAESEM_VS(REG_V15, REG_V13)
+                VAESEF_VS(REG_V15, REG_V14)
+
+                "mv         t0, %[out]\n\t"
+                VS1R_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V16, REG_V15)
+
+                "addi        %[in], %[in], 16\n\t"
+                "addi        %[out], %[out], 16\n\t"
+                /* Loop if more elements to process. */
+                "addi       %[blocks], %[blocks], -1\n\t"
+                "bnez       %[blocks], L_aes_cbc_256_encrypt_block_loop\n\t"
+
+                "mv         t0, %[reg]\n\t"
+                VS1R_V(REG_V16, REG_T0)
+                : [blocks] "+r" (blocks)
+                : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+                  [reg] "r" (aes->reg)
+                : "memory", "t0", "t1", "t2", "t4"
+            );
+            break;
+#endif
+        }
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_AES_DECRYPT
+/* Decrypt blocks of data using AES-CBC.
+ *
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Decrypted blocks.
+ * @param [in]  in   Blocks to decrypt.
+ * @param pin]  sz   Number of bytes to decrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_FUNC_ARG when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ */
+int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret = 0;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure a multiple of blocks is being decrypted.  */
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        ret = BAD_LENGTH_E;
+#else
+        ret = BAD_FUNC_ARG;
+#endif
+    }
+
+    if ((ret == 0) && (sz > 0)) {
+        switch (aes->rounds) {
+#ifdef WOLFSSL_AES_128
+        case 10:
+            __asm__ __volatile__ (
+                VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+                /* Load key[0..7]. */
+                "mv         t0, %[key]\n\t"
+                VL8RE32_V(REG_V0, REG_T0)
+                /* Load key[8..9]. */
+                "addi       t0, t0, 128\n\t"
+                VL2RE32_V(REG_V8, REG_T0)
+                /* Load last round's key */
+                "addi       t0, %[key], 224\n\t"
+                VL1RE32_V(REG_V10, REG_T0)
+                /* Load the IV. */
+                "mv         t0, %[reg]\n\t"
+                VL1RE32_V(REG_V11, REG_T0)
+
+              "L_aes_cbc_128_decrypt_block_loop:\n\t"
+                /* Load input. */
+                "mv         t0, %[in]\n\t"
+                VL1RE32_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V14, REG_V15)
+
+                VAESZ_VS(REG_V15, REG_V0)
+                VAESDM_VS(REG_V15, REG_V1)
+                VAESDM_VS(REG_V15, REG_V2)
+                VAESDM_VS(REG_V15, REG_V3)
+                VAESDM_VS(REG_V15, REG_V4)
+                VAESDM_VS(REG_V15, REG_V5)
+                VAESDM_VS(REG_V15, REG_V6)
+                VAESDM_VS(REG_V15, REG_V7)
+                VAESDM_VS(REG_V15, REG_V8)
+                VAESDM_VS(REG_V15, REG_V9)
+                VAESDF_VS(REG_V15, REG_V10)
+                VXOR_VV(REG_V15, REG_V15, REG_V11)
+
+                "mv         t0, %[out]\n\t"
+                VS1R_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V11, REG_V14)
+
+                "addi        %[in], %[in], 16\n\t"
+                "addi        %[out], %[out], 16\n\t"
+                /* Loop if more elements to process. */
+                "addi       %[blocks], %[blocks], -1\n\t"
+                "bnez       %[blocks], L_aes_cbc_128_decrypt_block_loop\n\t"
+
+                "mv         t0, %[reg]\n\t"
+                VS1R_V(REG_V11, REG_T0)
+                : [blocks] "+r" (blocks)
+                : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+                  [reg] "r" (aes->reg)
+                : "memory", "t0", "t1", "t2", "t4"
+            );
+            break;
+#endif
+#ifdef WOLFSSL_AES_192
+        case 12:
+            __asm__ __volatile__ (
+                VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+                /* Load key[0..7]. */
+                "mv         t0, %[key]\n\t"
+                VL8RE32_V(REG_V0, REG_T0)
+                /* Load key[8..11]. */
+                "addi       t0, t0, 128\n\t"
+                VL4RE32_V(REG_V8, REG_T0)
+                /* Load last round's key */
+                "addi       t0, %[key], 224\n\t"
+                VL1RE32_V(REG_V12, REG_T0)
+                /* Load the IV. */
+                "mv         t0, %[reg]\n\t"
+                VL1RE32_V(REG_V13, REG_T0)
+
+              "L_aes_cbc_192_decrypt_block_loop:\n\t"
+                /* Load input. */
+                "mv         t0, %[in]\n\t"
+                VL1RE32_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V14, REG_V15)
+
+                VAESZ_VS(REG_V15, REG_V0)
+                VAESDM_VS(REG_V15, REG_V1)
+                VAESDM_VS(REG_V15, REG_V2)
+                VAESDM_VS(REG_V15, REG_V3)
+                VAESDM_VS(REG_V15, REG_V4)
+                VAESDM_VS(REG_V15, REG_V5)
+                VAESDM_VS(REG_V15, REG_V6)
+                VAESDM_VS(REG_V15, REG_V7)
+                VAESDM_VS(REG_V15, REG_V8)
+                VAESDM_VS(REG_V15, REG_V9)
+                VAESDM_VS(REG_V15, REG_V10)
+                VAESDM_VS(REG_V15, REG_V11)
+                VAESDF_VS(REG_V15, REG_V12)
+                VXOR_VV(REG_V15, REG_V15, REG_V13)
+
+                "mv         t0, %[out]\n\t"
+                VS1R_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V13, REG_V14)
+
+                "addi        %[in], %[in], 16\n\t"
+                "addi        %[out], %[out], 16\n\t"
+                /* Loop if more elements to process. */
+                "addi       %[blocks], %[blocks], -1\n\t"
+                "bnez       %[blocks], L_aes_cbc_192_decrypt_block_loop\n\t"
+
+                "mv         t0, %[reg]\n\t"
+                VS1R_V(REG_V13, REG_T0)
+                : [blocks] "+r" (blocks)
+                : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+                  [reg] "r" (aes->reg)
+                : "memory", "t0", "t1", "t2", "t4"
+            );
+            break;
+#endif
+#ifdef WOLFSSL_AES_256
+        case 14:
+            __asm__ __volatile__ (
+                VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+                /* Load key[0..7]. */
+                "mv         t0, %[key]\n\t"
+                VL8RE32_V(REG_V0, REG_T0)
+                /* Load key[8..11]. */
+                "addi       t0, t0, 128\n\t"
+                VL4RE32_V(REG_V8, REG_T0)
+                /* Load key[12..13]. */
+                "addi       t0, t0, 64\n\t"
+                VL2RE32_V(REG_V12, REG_T0)
+                /* Load last round's key */
+                "addi       t0, %[key], 224\n\t"
+                VL1RE32_V(REG_V14, REG_T0)
+                /* Load the IV. */
+                "mv         t0, %[reg]\n\t"
+                VL1RE32_V(REG_V16, REG_T0)
+
+              "L_aes_cbc_256_decrypt_block_loop:\n\t"
+                /* Load input. */
+                "mv         t0, %[in]\n\t"
+                VL1RE32_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V17, REG_V15)
+
+                VAESZ_VS(REG_V15, REG_V0)
+                VAESDM_VS(REG_V15, REG_V1)
+                VAESDM_VS(REG_V15, REG_V2)
+                VAESDM_VS(REG_V15, REG_V3)
+                VAESDM_VS(REG_V15, REG_V4)
+                VAESDM_VS(REG_V15, REG_V5)
+                VAESDM_VS(REG_V15, REG_V6)
+                VAESDM_VS(REG_V15, REG_V7)
+                VAESDM_VS(REG_V15, REG_V8)
+                VAESDM_VS(REG_V15, REG_V9)
+                VAESDM_VS(REG_V15, REG_V10)
+                VAESDM_VS(REG_V15, REG_V11)
+                VAESDM_VS(REG_V15, REG_V12)
+                VAESDM_VS(REG_V15, REG_V13)
+                VAESDF_VS(REG_V15, REG_V14)
+                VXOR_VV(REG_V15, REG_V15, REG_V16)
+
+                "mv         t0, %[out]\n\t"
+                VS1R_V(REG_V15, REG_T0)
+                VMV_V_V(REG_V16, REG_V17)
+
+                "addi        %[in], %[in], 16\n\t"
+                "addi        %[out], %[out], 16\n\t"
+                /* Loop if more elements to process. */
+                "addi       %[blocks], %[blocks], -1\n\t"
+                "bnez       %[blocks], L_aes_cbc_256_decrypt_block_loop\n\t"
+
+                "mv         t0, %[reg]\n\t"
+                VS1R_V(REG_V16, REG_T0)
+                : [blocks] "+r" (blocks)
+                : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+                  [reg] "r" (aes->reg)
+                : "memory", "t0", "t1", "t2", "t4"
+            );
+            break;
+#endif
+        }
+    }
+
+    return ret;
+}
+#endif /* HAVE_AES_DECRYPT */
+
+/* Don't need generic implementation. */
+#define HAVE_AES_CBC_ENC_DEC
+
+#endif /* HAVE_AES_CBC */
+
+/* AES-CTR */
+#ifdef WOLFSSL_AES_COUNTER
+/* Encrypt blocks using AES-CTR.
+ *
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in]  aes     AES object.
+ * @param [out] out     Encrypted blocks.
+ * @param [in]  in      Blocks to encrypt.
+ * @param [in]  blocks  Number of blocks to encrypt.
+ */
+static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in,
+    word32 blocks)
+{
+    switch(aes->rounds) {
+#ifdef WOLFSSL_AES_128
+    case 10:
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+            /* Load key[0..7]. */
+            "mv         t0, %[key]\n\t"
+            VL8RE32_V(REG_V0, REG_T0)
+            /* Load key[8..9]. */
+            "addi       t0, t0, 128\n\t"
+            VL2RE32_V(REG_V8, REG_T0)
+            /* Load last round's key */
+            "addi       t0, %[key], 224\n\t"
+            VL1RE32_V(REG_V10, REG_T0)
+            /* Load the counter. */
+            "mv         t0, %[reg]\n\t"
+            VL1RE32_V(REG_V16, REG_T0)
+            "li         t2, 1 \n\t"
+
+          "L_aes_ctr_128_encrypt_block_loop:\n\t"
+            VMV_V_V(REG_V15, REG_V16)
+            VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000)
+            VREV8(REG_V16, REG_V16)
+            VSLIDEDOWN_VI(REG_V17, REG_V16, 1)
+            VXOR_VV(REG_V18, REG_V18, REG_V18)
+            VADD_VI(REG_V17, REG_V17, 1)
+            VMSEQ_VV(REG_V18, REG_V18, REG_V17)
+            VSLIDEUP_VI(REG_V16, REG_V17, 1)
+            VADD_VV(REG_V16, REG_V16, REG_V18)
+            VREV8(REG_V16, REG_V16)
+            VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+            VAESZ_VS(REG_V15, REG_V0)
+            VAESEM_VS(REG_V15, REG_V1)
+            VAESEM_VS(REG_V15, REG_V2)
+            VAESEM_VS(REG_V15, REG_V3)
+            VAESEM_VS(REG_V15, REG_V4)
+            VAESEM_VS(REG_V15, REG_V5)
+            VAESEM_VS(REG_V15, REG_V6)
+            VAESEM_VS(REG_V15, REG_V7)
+            VAESEM_VS(REG_V15, REG_V8)
+            VAESEM_VS(REG_V15, REG_V9)
+            VAESEF_VS(REG_V15, REG_V10)
+
+            /* Load input. */
+            "mv         t0, %[in]\n\t"
+            VL1RE32_V(REG_V17, REG_T0)
+            VXOR_VV(REG_V15, REG_V15, REG_V17)
+
+            "mv         t0, %[out]\n\t"
+            VS1R_V(REG_V15, REG_T0)
+
+            "addi        %[in], %[in], 16\n\t"
+            "addi        %[out], %[out], 16\n\t"
+            /* Loop if more elements to process. */
+            "addi       %[blocks], %[blocks], -1\n\t"
+            "bnez       %[blocks], L_aes_ctr_128_encrypt_block_loop\n\t"
+
+            "mv         t0, %[reg]\n\t"
+            VS1R_V(REG_V16, REG_T0)
+            : [blocks] "+r" (blocks)
+            : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+              [reg] "r" (aes->reg)
+            : "memory", "t0", "t1", "t2", "t4"
+        );
+        break;
+#endif
+#ifdef WOLFSSL_AES_192
+    case 12:
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000)
+
+            /* Load key[0..7]. */
+            "mv         t0, %[key]\n\t"
+            VL8RE32_V(REG_V0, REG_T0)
+            /* Load key[8..11]. */
+            "addi       t0, t0, 128\n\t"
+            VL4RE32_V(REG_V8, REG_T0)
+            /* Load last round's key */
+            "addi       t0, %[key], 224\n\t"
+            VL1RE32_V(REG_V12, REG_T0)
+            /* Load the counter. */
+            "mv         t0, %[reg]\n\t"
+            VL1RE32_V(REG_V16, REG_T0)
+            "li         t2, 1 \n\t"
+
+          "L_aes_ctr_192_encrypt_block_loop:\n\t"
+            VMV_V_V(REG_V15, REG_V16)
+            VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000)
+            VREV8(REG_V16, REG_V16)
+            VSLIDEDOWN_VI(REG_V17, REG_V16, 1)
+            VXOR_VV(REG_V18, REG_V18, REG_V18)
+            VADD_VI(REG_V17, REG_V17, 1)
+            VMSEQ_VV(REG_V18, REG_V18, REG_V17)
+            VSLIDEUP_VI(REG_V16, REG_V17, 1)
+            VADD_VV(REG_V16, REG_V16, REG_V18)
+            VREV8(REG_V16, REG_V16)
+            VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000)
+
+            VAESZ_VS(REG_V15, REG_V0)
+            VAESEM_VS(REG_V15, REG_V1)
+            VAESEM_VS(REG_V15, REG_V2)
+            VAESEM_VS(REG_V15, REG_V3)
+            VAESEM_VS(REG_V15, REG_V4)
+            VAESEM_VS(REG_V15, REG_V5)
+            VAESEM_VS(REG_V15, REG_V6)
+            VAESEM_VS(REG_V15, REG_V7)
+            VAESEM_VS(REG_V15, REG_V8)
+            VAESEM_VS(REG_V15, REG_V9)
+            VAESEM_VS(REG_V15, REG_V10)
+            VAESEM_VS(REG_V15, REG_V11)
+            VAESEF_VS(REG_V15, REG_V12)
+
+            /* Load input. */
+            "mv         t0, %[in]\n\t"
+            VL1RE32_V(REG_V17, REG_T0)
+            VXOR_VV(REG_V15, REG_V15, REG_V17)
+
+            "mv         t0, %[out]\n\t"
+            VS1R_V(REG_V15, REG_T0)
+
+            "addi        %[in], %[in], 16\n\t"
+            "addi        %[out], %[out], 16\n\t"
+            /* Loop if more elements to process. */
+            "addi       %[blocks], %[blocks], -1\n\t"
+            "bnez       %[blocks], L_aes_ctr_192_encrypt_block_loop\n\t"
+
+            "mv         t0, %[reg]\n\t"
+            VS1R_V(REG_V16, REG_T0)
+            : [blocks] "+r" (blocks)
+            : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+              [reg] "r" (aes->reg)
+            : "memory", "t0", "t1", "t2", "t4"
+        );
+        break;
+#endif
+#ifdef WOLFSSL_AES_256
+    case 14:
+        __asm__ __volatile__ (
+            VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000)
+
+            /* Load key[0..7]. */
+            "mv         t0, %[key]\n\t"
+            VL8RE32_V(REG_V0, REG_T0)
+            /* Load key[8..11]. */
+            "addi       t0, t0, 128\n\t"
+            VL4RE32_V(REG_V8, REG_T0)
+            /* Load key[12..13]. */
+            "addi       t0, t0, 64\n\t"
+            VL2RE32_V(REG_V12, REG_T0)
+            /* Load last round's key */
+            "addi       t0, %[key], 224\n\t"
+            VL1RE32_V(REG_V14, REG_T0)
+            /* Load the counter. */
+            "mv         t0, %[reg]\n\t"
+            VL1RE32_V(REG_V16, REG_T0)
+            "li         t2, 1 \n\t"
+
+          "L_aes_ctr_256_encrypt_block_loop:\n\t"
+            VMV_V_V(REG_V15, REG_V16)
+            VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000)
+            VREV8(REG_V16, REG_V16)
+            VSLIDEDOWN_VI(REG_V17, REG_V16, 1)
+            VXOR_VV(REG_V18, REG_V18, REG_V18)
+            VADD_VI(REG_V17, REG_V17, 1)
+            VMSEQ_VV(REG_V18, REG_V18, REG_V17)
+            VSLIDEUP_VI(REG_V16, REG_V17, 1)
+            VADD_VV(REG_V16, REG_V16, REG_V18)
+            VREV8(REG_V16, REG_V16)
+            VSETIVLI(REG_X0, 4, 0, 0, 0b010, 0b000)
+
+            VAESZ_VS(REG_V15, REG_V0)
+            VAESEM_VS(REG_V15, REG_V1)
+            VAESEM_VS(REG_V15, REG_V2)
+            VAESEM_VS(REG_V15, REG_V3)
+            VAESEM_VS(REG_V15, REG_V4)
+            VAESEM_VS(REG_V15, REG_V5)
+            VAESEM_VS(REG_V15, REG_V6)
+            VAESEM_VS(REG_V15, REG_V7)
+            VAESEM_VS(REG_V15, REG_V8)
+            VAESEM_VS(REG_V15, REG_V9)
+            VAESEM_VS(REG_V15, REG_V10)
+            VAESEM_VS(REG_V15, REG_V11)
+            VAESEM_VS(REG_V15, REG_V12)
+            VAESEM_VS(REG_V15, REG_V13)
+            VAESEF_VS(REG_V15, REG_V14)
+
+            /* Load input. */
+            "mv         t0, %[in]\n\t"
+            VL1RE32_V(REG_V17, REG_T0)
+            VXOR_VV(REG_V15, REG_V15, REG_V17)
+
+            "mv         t0, %[out]\n\t"
+            VS1R_V(REG_V15, REG_T0)
+
+            "addi        %[in], %[in], 16\n\t"
+            "addi        %[out], %[out], 16\n\t"
+            /* Loop if more elements to process. */
+            "addi       %[blocks], %[blocks], -1\n\t"
+            "bnez       %[blocks], L_aes_ctr_256_encrypt_block_loop\n\t"
+
+            "mv         t0, %[reg]\n\t"
+            VS1R_V(REG_V16, REG_T0)
+            "mv         t0, %[reg]\n\t"
+            : [blocks] "+r" (blocks)
+            : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+              [reg] "r" (aes->reg)
+            : "memory", "t0", "t1", "t2", "t4"
+        );
+        break;
+#endif
+    }
+}
+
+/* Encrypt blocks of data using AES-CTR.
+ *
+ * Uses Vector Cryptographic instructions.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted blocks.
+ * @param [in]  in   Blocks to encrypt.
+ * @param [in]  sz   Number of bytes to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_FUNC_ARG when key size in AES object is not supported.
+ */
+int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+   int ret = 0;
+   word32 processed;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Check key size is supported. */
+        switch (aes->rounds) {
+        #ifdef WOLFSSL_AES_128
+            case 10: /* AES 128 BLOCK */
+        #endif /* WOLFSSL_AES_128 */
+        #ifdef WOLFSSL_AES_192
+            case 12: /* AES 192 BLOCK */
+        #endif /* WOLFSSL_AES_192 */
+        #ifdef WOLFSSL_AES_256
+            case 14: /* AES 256 BLOCK */
+        #endif /* WOLFSSL_AES_256 */
+                break;
+            default:
+                WOLFSSL_MSG("Bad AES-CTR round value");
+                ret = BAD_FUNC_ARG;
+        }
+    }
+
+    if (ret == 0) {
+        /* Use up any unused bytes left in aes->tmp */
+        processed = min(aes->left, sz);
+        if (processed > 0) {
+            /* XOR in encrypted counter.  */
+            xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
+                processed);
+            out += processed;
+            in += processed;
+            aes->left -= processed;
+            sz -= processed;
+        }
+
+        /* Do whole blocks of data. */
+        while (sz >= WC_AES_BLOCK_SIZE) {
+            word32 blocks = sz / WC_AES_BLOCK_SIZE;
+
+            wc_aes_ctr_encrypt_asm(aes, out, in, blocks);
+
+            processed = blocks * WC_AES_BLOCK_SIZE;
+            out += processed;
+            in  += processed;
+            sz  -= processed;
+            aes->left = 0;
+        }
+
+        if (sz > 0) {
+            /* Encrypt counter and store in aes->tmp.
+             * Use up aes->tmp to encrypt data less than a block.
+             */
+            static const byte zeros[WC_AES_BLOCK_SIZE] = {
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+
+            wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1);
+            /* XOR in encrypted counter. */
+            xorbufout(out, in, aes->tmp, sz);
+            aes->left = WC_AES_BLOCK_SIZE - sz;
+        }
+    }
+
+    return ret;
+}
+
+/* Don't need generic implementation. */
+#define HAVE_AES_COUNTER_ENC
+
+#endif /* WOLFSSL_AES_COUNTER */
+
+#elif defined(WOLFSSL_RISCV_SCALAR_CRYPTO_ASM)
+
+/*
+ * Scalar crypto instruction implementation of base operations.
+ */
+
+/* AES key schedule SBox operation. */
+#define AES64KS1I(rd, rs1, rnum)                            \
+    ASM_WORD(0b00110001000000000001000000010011 |           \
+             (((rd) << 7) | ((rs1) << 15) | (rnum) << 20))
+/* AES key schedule operation. */
+#define AES64KS2(rd, rs1, rs2)                              \
+    ASM_WORD(0b01111110000000000000000000110011 |           \
+             (((rd) << 7) | ((rs1) << 15) | (rs2) << 20))
+/* AES inverse MixColums step. */
+#define AES64IM(rd, rs1)                                    \
+    ASM_WORD(0b00110000000000000001000000010011 |           \
+             ((rd) << 7) | ((rs1) << 15))
+
+/* Perform computation of one round of key schedule for AES-128 encryption. */
+#define AES64_128_KS_RND_INS(rnum, o1, o2)                  \
+            AES64KS1I(REG_T2, REG_T1, rnum)                 \
+            AES64KS2(REG_T0, REG_T2, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            "sd        t0, " #o1 "(%[ks])\n\t"              \
+            "sd        t1, " #o2 "(%[ks])\n\t"
+/* Perform computation of one round of key schedule for AES-128 decryption. */
+#define AES64_128_INV_KS_RND_INS(rnum, o1, o2)              \
+            AES64KS1I(REG_T2, REG_T1, rnum)                 \
+            AES64KS2(REG_T0, REG_T2, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            AES64IM(REG_T2, REG_T0)                         \
+            AES64IM(REG_T3, REG_T1)                         \
+            "sd        t2, " #o1 "(%[ks])\n\t"              \
+            "sd        t3, " #o2 "(%[ks])\n\t"
+
+/* Perform computation of numbered round of key schedule for AES-128 encryption.
+ */
+#define AES64_128_KS_RND(rnum)                              \
+    AES64_128_KS_RND_INS((rnum), ((rnum) + 1) * 16,         \
+        ((rnum) + 1) * 16 + 8)
+/* Perform computation of numbered round of key schedule for AES-128 decryption.
+ */
+#define AES64_128_INV_KS_RND(rnum, o)                       \
+    AES64_128_INV_KS_RND_INS((rnum), (o) * 16, (o) * 16 + 8)
+/* Perform computation of numbered last round of key schedule for AES-128
+ * decryption. */
+#define AES64_128_INV_KS_LRND(rnum, o)                      \
+    AES64_128_KS_RND_INS((rnum), (o) * 16, (o) * 16 + 8)
+
+
+/* Perform computation of one round of key schedule for AES-192 encryption. */
+#define AES64_192_KS_RND_INS(rnum, o1, o2, o3)              \
+            AES64KS1I(REG_T3, REG_T2, rnum)                 \
+            AES64KS2(REG_T0, REG_T3, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            AES64KS2(REG_T2, REG_T1, REG_T2)                \
+            "sd        t0, " #o1 "(%[ks])\n\t"              \
+            "sd        t1, " #o2 "(%[ks])\n\t"              \
+            "sd        t2, " #o3 "(%[ks])\n\t"
+/* Perform computation of one round of key schedule for AES-192 decryption. */
+#define AES64_192_INV_KS_RND_INS(rnum, o1, o2, o3)          \
+            AES64KS1I(REG_T3, REG_T2, rnum)                 \
+            AES64KS2(REG_T0, REG_T3, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            AES64KS2(REG_T2, REG_T1, REG_T2)                \
+            AES64IM(REG_T3, REG_T0)                         \
+            AES64IM(REG_T4, REG_T1)                         \
+            AES64IM(REG_T5, REG_T2)                         \
+            "sd        t3, " #o1 "(%[ks])\n\t"              \
+            "sd        t4, " #o2 "(%[ks])\n\t"              \
+            "sd        t5, " #o3 "(%[ks])\n\t"
+/* Perform computation of last round of key schedule for AES-192 decryption. */
+#define AES64_192_KS_LRND_INS(rnum, o1, o2)                 \
+            AES64KS1I(REG_T3, REG_T2, rnum)                 \
+            AES64KS2(REG_T0, REG_T3, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            "sd        t0, " #o1 "(%[ks])\n\t"              \
+            "sd        t1, " #o2 "(%[ks])\n\t"              \
+
+/* Perform computation of numbered round of key schedule for AES-192 encryption.
+ */
+#define AES64_192_KS_RND(rnum)                              \
+    AES64_192_KS_RND_INS((rnum), ((rnum) + 1) * 24,         \
+        ((rnum) + 1) * 24 + 8, ((rnum) + 1) * 24 + 16)
+/* Perform computation of numbered round of key schedule for AES-192 decryption.
+ */
+#define AES64_192_INV_KS_RND(rnum, o1, o2, o3)              \
+    AES64_192_INV_KS_RND_INS((rnum), (o1) * 8, (o2) * 8,    \
+        (o3) * 8)
+/* Perform computation of numbered last round of key schedule for AES-192
+ * encryption. */
+#define AES64_192_KS_LRND(rnum)                             \
+    AES64_192_KS_LRND_INS((rnum), ((rnum) + 1) * 24,        \
+        ((rnum) + 1) * 24 + 8)
+/* Perform computation of numbered last round of key schedule for AES-192
+ * decryption. */
+#define AES64_192_INV_KS_LRND(rnum)                         \
+    AES64_192_KS_LRND_INS((rnum), 0, 8)
+
+
+/* Perform computation of one round of key schedule for AES-256 encryption. */
+#define AES64_256_KS_RND_INS(rnum, o1, o2, o3, o4)          \
+            AES64KS1I(REG_T4, REG_T3, rnum)                 \
+            AES64KS2(REG_T0, REG_T4, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            AES64KS1I(REG_T4, REG_T1, 10)                   \
+            AES64KS2(REG_T2, REG_T4, REG_T2)                \
+            AES64KS2(REG_T3, REG_T2, REG_T3)                \
+            "sd        t0, " #o1 "(%[ks])\n\t"              \
+            "sd        t1, " #o2 "(%[ks])\n\t"              \
+            "sd        t2, " #o3 "(%[ks])\n\t"              \
+            "sd        t3, " #o4 "(%[ks])\n\t"
+/* Perform computation of one round of key schedule for AES-256 decryption. */
+#define AES64_256_INV_KS_RND_INS(rnum, o1, o2, o3, o4)      \
+            AES64KS1I(REG_T4, REG_T3, rnum)                 \
+            AES64KS2(REG_T0, REG_T4, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            AES64KS1I(REG_T4, REG_T1, 10)                   \
+            AES64KS2(REG_T2, REG_T4, REG_T2)                \
+            AES64KS2(REG_T3, REG_T2, REG_T3)                \
+            AES64IM(REG_T4, REG_T0)                         \
+            AES64IM(REG_T5, REG_T1)                         \
+            "sd        t4, " #o1 "(%[ks])\n\t"              \
+            "sd        t5, " #o2 "(%[ks])\n\t"              \
+            AES64IM(REG_T4, REG_T2)                         \
+            AES64IM(REG_T5, REG_T3)                         \
+            "sd        t4, " #o3 "(%[ks])\n\t"              \
+            "sd        t5, " #o4 "(%[ks])\n\t"
+/* Perform computation of last round of key schedule for AES-256 decryption. */
+#define AES64_256_KS_LRND_INS(rnum, o1, o2)                 \
+            AES64KS1I(REG_T4, REG_T3, rnum)                 \
+            AES64KS2(REG_T0, REG_T4, REG_T0)                \
+            AES64KS2(REG_T1, REG_T0, REG_T1)                \
+            "sd        t0, " #o1 "(%[ks])\n\t"              \
+            "sd        t1, " #o2 "(%[ks])\n\t"              \
+
+/* Perform computation of numbered round of key schedule for AES-256 encryption.
+ */
+#define AES64_256_KS_RND(rnum)                              \
+    AES64_256_KS_RND_INS((rnum), ((rnum) + 1) * 32,         \
+        ((rnum) + 1) * 32 + 8, ((rnum) + 1) * 32 + 16,      \
+        ((rnum) + 1) * 32 + 24)
+/* Perform computation of numbered round of key schedule for AES-256 decryption.
+ */
+#define AES64_256_INV_KS_RND(rnum, o)                       \
+    AES64_256_INV_KS_RND_INS((rnum), (o) * 32,              \
+        (o) * 32 + 8, (o) * 32 - 16, (o) * 32 - 8)
+/* Perform computation of numbered last round of key schedule for AES-256
+ * encryption. */
+#define AES64_256_KS_LRND(rnum)                             \
+    AES64_256_KS_LRND_INS((rnum), ((rnum) + 1) * 32,        \
+        ((rnum) + 1) * 32 + 8)
+/* Perform computation of numbered last round of key schedule for AES-256
+ * decryption. */
+#define AES64_256_INV_KS_LRND(rnum)                         \
+    AES64_256_KS_LRND_INS((rnum), 0, 8)
+
+/* Set the key and/or IV into the AES object.
+ *
+ * Creates the key schedule from the key.
+ * Uses Cryptographic instructions.
+ *
+ * @param [in] aes     AES object.
+ * @param [in] key     Secret key to use.
+ * @param [in] keyLen  Length of key in bytes.
+ * @param [in] iv      Initialization Vector (IV) to use. May be NULL.
+ * @param [in] dir     Direction of crypt: AES_ENCRYPT, AES_DECRYPT.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes or key is NULL.
+ * @return  BAD_FUNC_ARG when keyLen/dir is not supported or valid.
+ */
+int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
+    int dir)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+#ifdef WOLFSSL_AES_128
+    else if ((keyLen == 16) && (dir == AES_ENCRYPTION)) {
+        __asm__ __volatile__ (
+            "ld        t0, 0(%[key])\n\t"
+            "ld        t1, 8(%[key])\n\t"
+            "sd        t0, 0(%[ks])\n\t"
+            "sd        t1, 8(%[ks])\n\t"
+            AES64_128_KS_RND(0)
+            AES64_128_KS_RND(1)
+            AES64_128_KS_RND(2)
+            AES64_128_KS_RND(3)
+            AES64_128_KS_RND(4)
+            AES64_128_KS_RND(5)
+            AES64_128_KS_RND(6)
+            AES64_128_KS_RND(7)
+            AES64_128_KS_RND(8)
+            AES64_128_KS_RND(9)
+            "sd        t0, 224(%[ks])\n\t"
+            "sd        t1, 232(%[ks])\n\t"
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2"
+        );
+        aes->rounds = 10;
+    }
+#ifdef HAVE_AES_DECRYPT
+    else if ((keyLen == 16) && (dir == AES_DECRYPTION)) {
+        __asm__ __volatile__ (
+            "ld        t0, 0(%[key])\n\t"
+            "ld        t1, 8(%[key])\n\t"
+            "sd        t0, 160(%[ks])\n\t"
+            "sd        t1, 168(%[ks])\n\t"
+            AES64_128_INV_KS_RND(0, 9)
+            AES64_128_INV_KS_RND(1, 8)
+            AES64_128_INV_KS_RND(2, 7)
+            AES64_128_INV_KS_RND(3, 6)
+            AES64_128_INV_KS_RND(4, 5)
+            AES64_128_INV_KS_RND(5, 4)
+            AES64_128_INV_KS_RND(6, 3)
+            AES64_128_INV_KS_RND(7, 2)
+            AES64_128_INV_KS_RND(8, 1)
+            AES64_128_INV_KS_LRND(9, 0)
+            "sd        t4, 224(%[ks])\n\t"
+            "sd        t5, 232(%[ks])\n\t"
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2", "t3"
+        );
+        aes->rounds = 10;
+    }
+#endif
+#endif
+#ifdef WOLFSSL_AES_192
+    else if ((keyLen == 24) && (dir == AES_ENCRYPTION)) {
+        __asm__ __volatile__ (
+            "ld        t0,  0(%[key])\n\t"
+            "ld        t1,  8(%[key])\n\t"
+            "ld        t2, 16(%[key])\n\t"
+            "sd        t0,  0(%[ks])\n\t"
+            "sd        t1,  8(%[ks])\n\t"
+            "sd        t2, 16(%[ks])\n\t"
+            AES64_192_KS_RND(0)
+            AES64_192_KS_RND(1)
+            AES64_192_KS_RND(2)
+            AES64_192_KS_RND(3)
+            AES64_192_KS_RND(4)
+            AES64_192_KS_RND(5)
+            AES64_192_KS_RND(6)
+            AES64_192_KS_LRND(7)
+            "sd        t0, 224(%[ks])\n\t"
+            "sd        t1, 232(%[ks])\n\t"
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2", "t3"
+        );
+        aes->rounds = 12;
+    }
+#ifdef HAVE_AES_DECRYPT
+    else if ((keyLen == 24) && (dir == AES_DECRYPTION)) {
+        __asm__ __volatile__ (
+            "ld        t0,  0(%[key])\n\t"
+            "ld        t1,  8(%[key])\n\t"
+            "ld        t2, 16(%[key])\n\t"
+            AES64IM(REG_T3, REG_T2)
+            "sd        t0, 192(%[ks])\n\t"
+            "sd        t1, 200(%[ks])\n\t"
+            "sd        t3, 176(%[ks])\n\t"
+            AES64_192_INV_KS_RND(0, 23, 20, 21)
+            AES64_192_INV_KS_RND(1, 18, 19, 16)
+            AES64_192_INV_KS_RND(2, 17, 14, 15)
+            AES64_192_INV_KS_RND(3, 12, 13, 10)
+            AES64_192_INV_KS_RND(4, 11,  8,  9)
+            AES64_192_INV_KS_RND(5,  6,  7,  4)
+            AES64_192_INV_KS_RND(6,  5,  2,  3)
+            AES64_192_INV_KS_LRND(7)
+            "sd        t4, 224(%[ks])\n\t"
+            "sd        t5, 232(%[ks])\n\t"
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2", "t3", "t4", "t5"
+        );
+        aes->rounds = 12;
+    }
+#endif
+#endif
+#ifdef WOLFSSL_AES_256
+    else if ((keyLen == 32) && (dir == AES_ENCRYPTION)) {
+        __asm__ __volatile__ (
+            "ld        t0,  0(%[key])\n\t"
+            "ld        t1,  8(%[key])\n\t"
+            "ld        t2, 16(%[key])\n\t"
+            "ld        t3, 24(%[key])\n\t"
+            "sd        t0,  0(%[ks])\n\t"
+            "sd        t1,  8(%[ks])\n\t"
+            "sd        t2, 16(%[ks])\n\t"
+            "sd        t3, 24(%[ks])\n\t"
+            AES64_256_KS_RND(0)
+            AES64_256_KS_RND(1)
+            AES64_256_KS_RND(2)
+            AES64_256_KS_RND(3)
+            AES64_256_KS_RND(4)
+            AES64_256_KS_RND(5)
+            AES64_256_KS_LRND(6)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2", "t3", "t4"
+        );
+        aes->rounds = 14;
+    }
+#ifdef HAVE_AES_DECRYPT
+    else if ((keyLen == 32) && (dir == AES_DECRYPTION)) {
+        __asm__ __volatile__ (
+            "ld        t0,  0(%[key])\n\t"
+            "ld        t1,  8(%[key])\n\t"
+            "ld        t2, 16(%[key])\n\t"
+            "ld        t3, 24(%[key])\n\t"
+            "sd        t0, 224(%[ks])\n\t"
+            "sd        t1, 232(%[ks])\n\t"
+            AES64IM(REG_T4, REG_T2)
+            AES64IM(REG_T5, REG_T3)
+            "sd        t4, 208(%[ks])\n\t"
+            "sd        t5, 216(%[ks])\n\t"
+            AES64_256_INV_KS_RND(0, 6)
+            AES64_256_INV_KS_RND(1, 5)
+            AES64_256_INV_KS_RND(2, 4)
+            AES64_256_INV_KS_RND(3, 3)
+            AES64_256_INV_KS_RND(4, 2)
+            AES64_256_INV_KS_RND(5, 1)
+            AES64_256_INV_KS_LRND(6)
+            :
+            : [ks] "r" (aes->key), [key] "r" (key)
+            : "memory", "t0", "t1", "t2", "t3", "t4", "t5"
+        );
+        aes->rounds = 14;
+    }
+#endif
+#endif
+    else {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Set the IV. */
+        ret = wc_AesSetIV(aes, iv);
+    }
+    if (ret == 0) {
+        /* Finish setting the AES object. */
+        aes->keylen = keyLen;
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
+        aes->left = 0;
+#endif
+    }
+
+    return ret;
+}
+
+
+/* AES middle round encryption with 64-bit registers. */
+#define AES64ESM(rd, rs1, rs2)                      \
+    ASM_WORD(0b00110110000000000000000000110011 |   \
+             (rd << 7) | (rs1 << 15) | (rs2 << 20))
+/* AES final round encryption with 64-bit registers. */
+#define AES64ES(rd, rs1, rs2)                       \
+    ASM_WORD(0b00110010000000000000000000110011 |   \
+             (rd << 7) | (rs1 << 15) | (rs2 << 20))
+
+/* Two rounds of encryption.
+ * kr01 - offset of first half of key for second round.
+ * kr02 - offset of second half of key for second round.
+ * kr03 - offset of first half of key for next round.
+ * kr04 - offset of second half of key for next round.
+ */
+#define AESENC_2_ROUNDS(kro1, kro2, kro3, kro4)     \
+    "ld          a5, " #kro1 " (%[key])\n\t"        \
+    "ld          a6, " #kro2 " (%[key])\n\t"        \
+    AES64ESM(REG_T2, REG_T0, REG_T1)                \
+    AES64ESM(REG_T3, REG_T1, REG_T0)                \
+    "xor         t2, t2, a3\n\t"                    \
+    "xor         t3, t3, a4\n\t"                    \
+    AES64ESM(REG_T0, REG_T2, REG_T3)                \
+    AES64ESM(REG_T1, REG_T3, REG_T2)                \
+    "xor         t0, t0, a5\n\t"                    \
+    "xor         t1, t1, a6\n\t"                    \
+    "ld          a3, " #kro3 " (%[key])\n\t"        \
+    "ld          a4, " #kro4 " (%[key])\n\t"
+
+/* Last round of encryption. */
+#define AESENC_LAST_ROUND()                         \
+    AES64ES(REG_T2, REG_T0, REG_T1)                 \
+    AES64ES(REG_T3, REG_T1, REG_T0)                 \
+    "xor         t2, t2, a3\n\t"                    \
+    "xor         t3, t3, a4\n\t"
+
+/* AES middle round decryption with 64-bit registers. */
+#define AES64DSM(rd, rs1, rs2)                      \
+    ASM_WORD(0b00111110000000000000000000110011 |   \
+             (rd << 7) | (rs1 << 15) | (rs2 << 20))
+/* AES final round decryption with 64-bit registers. */
+#define AES64DS(rd, rs1, rs2) \
+    ASM_WORD(0b00111010000000000000000000110011 | \
+             (rd << 7) | (rs1 << 15) | (rs2 << 20))
+
+/* Two rounds of decryption.
+ * kr01 - offset of first half of key for second round.
+ * kr02 - offset of second half of key for second round.
+ * kr03 - offset of first half of key for next round.
+ * kr04 - offset of second half of key for next round.
+ */
+#define AESDEC_2_ROUNDS(kro1, kro2, kro3, kro4)     \
+    "ld          a5, " #kro1 " (%[key])\n\t"        \
+    "ld          a6, " #kro2 " (%[key])\n\t"        \
+    AES64DSM(REG_T2, REG_T0, REG_T1)                \
+    AES64DSM(REG_T3, REG_T1, REG_T0)                \
+    "xor         t2, t2, a3\n\t"                    \
+    "xor         t3, t3, a4\n\t"                    \
+    AES64DSM(REG_T0, REG_T2, REG_T3)                \
+    AES64DSM(REG_T1, REG_T3, REG_T2)                \
+    "xor         t0, t0, a5\n\t"                    \
+    "xor         t1, t1, a6\n\t"                    \
+    "ld          a3, " #kro3 " (%[key])\n\t"        \
+    "ld          a4, " #kro4 " (%[key])\n\t"
+
+/* Last round of decryption. */
+#define AESDEC_LAST_ROUND()                         \
+    AES64DS(REG_T2, REG_T0, REG_T1)                 \
+    AES64DS(REG_T3, REG_T1, REG_T0)                 \
+    "xor         t2, t2, a3\n\t"                    \
+    "xor         t3, t3, a4\n\t"                    \
+
+#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+/* Encrypt a block using AES.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to encrypt.
+ * @param [out] out  Encrypted block.
+ */
+static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
+{
+    __asm__ __volatile__ (
+        "ld          t2, 0(%[in])\n\t"
+        "ld          t3, 8(%[in])\n\t"
+        "ld          a3, 0(%[key])\n\t"
+        "ld          a4, 8(%[key])\n\t"
+        "ld          a5, 16(%[key])\n\t"
+        "ld          a6, 24(%[key])\n\t"
+        "xor         t2, t2, a3\n\t"
+        "xor         t3, t3, a4\n\t"
+        AES64ESM(REG_T0, REG_T2, REG_T3)
+        AES64ESM(REG_T1, REG_T3, REG_T2)
+        "xor         t0, t0, a5\n\t"
+        "xor         t1, t1, a6\n\t"
+        "ld          a3, 32(%[key])\n\t"
+        "ld          a4, 40(%[key])\n\t"
+        AESENC_2_ROUNDS(48, 56, 64, 72)
+        AESENC_2_ROUNDS(80, 88, 96, 104)
+        AESENC_2_ROUNDS(112, 120, 128, 136)
+        AESENC_2_ROUNDS(144, 152, 160, 168)
+        "li          t4, 11\n\t"
+        "ble         %[rounds], t4, L_aes_encrypt_done\n\t"
+        AESENC_2_ROUNDS(176, 184, 192, 200)
+        "li          t4, 13\n\t"
+        "ble         %[rounds], t4, L_aes_encrypt_done\n\t"
+        AESENC_2_ROUNDS(208, 216, 224, 232)
+      "L_aes_encrypt_done:\n\t"
+        AESENC_LAST_ROUND()
+        "sd          t2, 0(%[out])\n\t"
+        "sd          t3, 8(%[out])\n\t"
+        :
+        : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+          [rounds] "r" (aes->rounds)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "a3", "a4", "a5", "a6"
+    );
+}
+#endif
+
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC)
+/* Decrypt a block using AES.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to decrypt.
+ * @param [out] out  Decrypted block.
+ */
+static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
+{
+    __asm__ __volatile__ (
+        "ld          t2, 0(%[in])\n\t"
+        "ld          t3, 8(%[in])\n\t"
+        "ld          a3, 0(%[key])\n\t"
+        "ld          a4, 8(%[key])\n\t"
+        "ld          a5, 16(%[key])\n\t"
+        "ld          a6, 24(%[key])\n\t"
+        "xor         t2, t2, a3\n\t"
+        "xor         t3, t3, a4\n\t"
+        AES64DSM(REG_T0, REG_T2, REG_T3)
+        AES64DSM(REG_T1, REG_T3, REG_T2)
+        "xor         t0, t0, a5\n\t"
+        "xor         t1, t1, a6\n\t"
+        "ld          a3, 32(%[key])\n\t"
+        "ld          a4, 40(%[key])\n\t"
+        AESDEC_2_ROUNDS(48, 56, 64, 72)
+        AESDEC_2_ROUNDS(80, 88, 96, 104)
+        AESDEC_2_ROUNDS(112, 120, 128, 136)
+        AESDEC_2_ROUNDS(144, 152, 160, 168)
+        "li          t4, 11\n\t"
+        "ble         %[rounds], t4, L_aes_decrypt_done\n\t"
+        AESDEC_2_ROUNDS(176, 184, 192, 200)
+        "li          t4, 13\n\t"
+        "ble         %[rounds], t4, L_aes_decrypt_done\n\t"
+        AESDEC_2_ROUNDS(208, 216, 224, 232)
+      "L_aes_decrypt_done:\n\t"
+        AESDEC_LAST_ROUND()
+        "sd          t2, 0(%[out])\n\t"
+        "sd          t3, 8(%[out])\n\t"
+        :
+        : [in] "r" (in), [out] "r" (out), [key] "r" (aes->key),
+          [rounds] "r" (aes->rounds)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "a3", "a4", "a5", "a6"
+    );
+}
+#endif
+#endif /* HAVE_AES_DECRYPT */
+
+#else
+
+/*
+ * Standard instructions implementation of base operations.
+ */
+
+/* Load a word with bytes reversed. */
+#define LOAD_WORD_REV(r, o, p)                      \
+        "lbu        t4, " #o "(" #p ")\n\t"         \
+        "lbu        t5, " #o "+1(" #p ")\n\t"       \
+        "lbu        t6, " #o "+2(" #p ")\n\t"       \
+        "lbu        " #r ", " #o "+3(" #p ")\n\t"   \
+        "slli       t4, t4, 24\n\t"                 \
+        "slli       t5, t5, 16\n\t"                 \
+        "slli       t6, t6, 8\n\t"                  \
+        "or         " #r ", " #r ", t4\n\t"         \
+        "or         " #r ", " #r ", t5\n\t"         \
+        "or         " #r ", " #r ", t6\n\t"
+
+/* Store a word with bytes reversed. */
+#define STORE_WORD_REV(r, o, p)                     \
+        "srli       t0, " #r ", 24\n\t"             \
+        "srli       t1, " #r ", 16\n\t"             \
+        "srli       t2, " #r ", 8\n\t"              \
+        "sb         t0, " #o "+0(" #p ")\n\t"       \
+        "sb         t1, " #o "+1(" #p ")\n\t"       \
+        "sb         t2, " #o "+2(" #p ")\n\t"       \
+        "sb         " #r ", " #o "+3(" #p ")\n\t"
+
+/* AES encryption table. */
+static const FLASH_QUALIFIER word32 Te[4][256] = {
+{
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+},
+{
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+},
+{
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+},
+{
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+}
+};
+
+/* Round constant used in computing key schedule. */
+static const FLASH_QUALIFIER word32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000,
+    /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+#ifdef HAVE_AES_DECRYPT
+/* AES decryption table. */
+static const FLASH_QUALIFIER word32 Td[4][256] = {
+{
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+},
+{
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+},
+{
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+},
+{
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+}
+};
+
+#endif /* HAVE_AES_DECRYPT */
+
+/* AES substitute rotated word with round constant application. */
+#define AES_SUB_ROT_WORD_RCON(s)            \
+            "andi   t5, " #s ", 0xff\n\t"   \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[te]\n\t"      \
+            "lw     t5, (t5)\n\t"           \
+            "li     t6, 0x0000ff00\n\t"     \
+            "and    t5, t5, t6\n\t"         \
+            "xor    t0, t0, t5\n\t"         \
+                                            \
+            "srli   t5, " #s ", 22\n\t"     \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te]\n\t"      \
+            "addi   t5, t5, 0x400\n\t"      \
+            "lbu    t5, (t5)\n\t"           \
+            "xor    t0, t0, t5\n\t"         \
+                                            \
+            "srli   t5, " #s ", 14\n\t"     \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te]\n\t"      \
+            "li     t6, 0x800\n\t"          \
+            "add    t5, t5, t6\n\t"         \
+            "lw     t5, (t5)\n\t"           \
+            "li     t6, 0xff000000\n\t"     \
+            "and    t5, t5, t6\n\t"         \
+            "xor    t0, t0, t5\n\t"         \
+                                            \
+            "srli   t5, " #s ", 6\n\t"      \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te]\n\t"      \
+            "li     t6, 0xc00\n\t"          \
+            "add    t5, t5, t6\n\t"         \
+            "lw     t5, (t5)\n\t"           \
+            "li     t6, 0x00ff0000\n\t"     \
+            "and    t5, t5, t6\n\t"         \
+            "xor    t0, t0, t5\n\t"         \
+                                            \
+            "add    t5, %[rcon], a5\n\t"    \
+            "lw     t5, (t5)\n\t"           \
+            "xor    t0, t0, t5\n\t"
+
+/* AES substitute word. */
+#define AES_SUB_WORD(s)                     \
+            "srli   t5, " #s ", 6\n\t"      \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te]\n\t"      \
+            "lw     t5, (t5)\n\t"           \
+            "li     t6, 0x0000ff00\n\t"     \
+            "and    t5, t5, t6\n\t"         \
+            "xor    a6, a6, t5\n\t"         \
+                                            \
+            "andi   t5, " #s ", 0xff\n\t"   \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[te]\n\t"      \
+            "addi   t5, t5, 0x400\n\t"      \
+            "lbu    t5, (t5)\n\t"           \
+            "xor    a6, a6, t5\n\t"         \
+                                            \
+            "srli   t5, " #s ", 22\n\t"     \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te]\n\t"      \
+            "li     t6, 0x800\n\t"          \
+            "add    t5, t5, t6\n\t"         \
+            "lw     t5, (t5)\n\t"           \
+            "li     t6, 0xff000000\n\t"     \
+            "and    t5, t5, t6\n\t"         \
+            "xor    a6, a6, t5\n\t"         \
+                                            \
+            "srli   t5, " #s ", 14\n\t"     \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te]\n\t"      \
+            "li     t6, 0xc00\n\t"          \
+            "add    t5, t5, t6\n\t"         \
+            "lw     t5, (t5)\n\t"           \
+            "li     t6, 0x00ff0000\n\t"     \
+            "and    t5, t5, t6\n\t"         \
+            "xor    a6, a6, t5\n\t"
+
+/* Set the AES key and expand.
+ *
+ * @param [in]  aes    AES object.
+ * @param [in]  key    Block to encrypt.
+ * @param [in]  keySz  Number of bytes in key.
+ * @param [in]  dir    Direction of crypt: AES_ENCRYPTION or AES_DECRYPTION.
+ */
+static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
+{
+    word32* rk = aes->key;
+
+    switch (keySz) {
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \
+        defined(WOLFSSL_AES_128)
+    case 16:
+        __asm__ __volatile__ (
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+            /* Load 4 32-bit words in reverse byte order. */
+            LOAD_WORD_REV(t0, 0, %[key])
+            LOAD_WORD_REV(t1, 4, %[key])
+            LOAD_WORD_REV(t2, 8, %[key])
+            LOAD_WORD_REV(t3, 12, %[key])
+#else
+            "ld     t1, 0(%[key])\n\t"
+            "ld     t3, 8(%[key])\n\t"
+            REV8(REG_T1, REG_T1)
+            REV8(REG_T3, REG_T3)
+            "srli   t0, t1, 32\n\t"
+            "srli   t2, t3, 32\n\t"
+#endif
+            /* Store round 0 key. */
+            "sw     t0,  0(%[rk])\n\t"
+            "sw     t1,  4(%[rk])\n\t"
+            "sw     t2,  8(%[rk])\n\t"
+            "sw     t3, 12(%[rk])\n\t"
+
+            "li     a4, 10\n\t"
+            "mv     a5, x0\n\t"
+        "L_aes_set_key_c_16_loop:\n\t"
+            "addi   %[rk], %[rk], 16\n\t"
+            /* Permute key. */
+            AES_SUB_ROT_WORD_RCON(t3)
+            "xor    t1, t1, t0\n\t"
+            "xor    t2, t2, t1\n\t"
+            "xor    t3, t3, t2\n\t"
+            /* Store round key. */
+            "sw     t0,  0(%[rk])\n\t"
+            "sw     t1,  4(%[rk])\n\t"
+            "sw     t2,  8(%[rk])\n\t"
+            "sw     t3, 12(%[rk])\n\t"
+
+            "addi   a4, a4, -1\n\t"
+            "addi   a5, a5, 4\n\t"
+            "bnez   a4, L_aes_set_key_c_16_loop\n\t"
+            : [rk] "+r" (rk)
+            : [key] "r" (key), [te] "r" (Te), [rcon] "r" (rcon)
+            : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5"
+        );
+        break;
+#endif /* 128 */
+
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \
+        defined(WOLFSSL_AES_192)
+    case 24:
+        __asm__ __volatile__ (
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+            /* Load 6 32-bit words in reverse byte order. */
+            LOAD_WORD_REV(t0, 0, %[key])
+            LOAD_WORD_REV(t1, 4, %[key])
+            LOAD_WORD_REV(t2, 8, %[key])
+            LOAD_WORD_REV(t3, 12, %[key])
+            LOAD_WORD_REV(a6, 16, %[key])
+            LOAD_WORD_REV(a7, 20, %[key])
+#else
+            "ld     t1, 0(%[key])\n\t"
+            "ld     t3, 8(%[key])\n\t"
+            "ld     a7, 16(%[key])\n\t"
+            REV8(REG_T1, REG_T1)
+            REV8(REG_T3, REG_T3)
+            REV8(REG_A7, REG_A7)
+            "srli   t0, t1, 32\n\t"
+            "srli   t2, t3, 32\n\t"
+            "srli   a6, a7, 32\n\t"
+#endif
+            /* Store round 0 key. */
+            "sw     t0,  0(%[rk])\n\t"
+            "sw     t1,  4(%[rk])\n\t"
+            "sw     t2,  8(%[rk])\n\t"
+            "sw     t3, 12(%[rk])\n\t"
+            "sw     a6, 16(%[rk])\n\t"
+            "sw     a7, 20(%[rk])\n\t"
+
+            "li     a4, 8\n\t"
+            "mv     a5, x0\n\t"
+        "L_aes_set_key_c_24_loop:\n\t"
+            "addi   %[rk], %[rk], 24\n\t"
+            /* Permute key. */
+            AES_SUB_ROT_WORD_RCON(a7)
+            "xor    t1, t1, t0\n\t"
+            "xor    t2, t2, t1\n\t"
+            "xor    t3, t3, t2\n\t"
+            "xor    a6, a6, t3\n\t"
+            "xor    a7, a7, a6\n\t"
+            /* Store round key. */
+            "sw     t0,  0(%[rk])\n\t"
+            "sw     t1,  4(%[rk])\n\t"
+            "sw     t2,  8(%[rk])\n\t"
+            "sw     t3, 12(%[rk])\n\t"
+            "sw     a6, 16(%[rk])\n\t"
+            "sw     a7, 20(%[rk])\n\t"
+
+            "addi   a4, a4, -1\n\t"
+            "addi   a5, a5, 4\n\t"
+            "bnez   a4, L_aes_set_key_c_24_loop\n\t"
+
+            : [rk] "+r" (rk)
+            : [key] "r" (key), [te] "r" (Te), [rcon] "r" (rcon)
+            : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5",
+              "a6", "a7"
+        );
+        break;
+#endif /* 192 */
+
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \
+        defined(WOLFSSL_AES_256)
+    case 32:
+        __asm__ __volatile__ (
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+            /* Load 8 32-bit words in reverse byte order. */
+            LOAD_WORD_REV(t0, 0, %[key])
+            LOAD_WORD_REV(t1, 4, %[key])
+            LOAD_WORD_REV(t2, 8, %[key])
+            LOAD_WORD_REV(t3, 12, %[key])
+            LOAD_WORD_REV(a6, 16, %[key])
+            LOAD_WORD_REV(a7, 20, %[key])
+            LOAD_WORD_REV(s1, 24, %[key])
+            LOAD_WORD_REV(s2, 28, %[key])
+#else
+            "ld     t1, 0(%[key])\n\t"
+            "ld     t3, 8(%[key])\n\t"
+            "ld     a7, 16(%[key])\n\t"
+            "ld     s2, 24(%[key])\n\t"
+            REV8(REG_T1, REG_T1)
+            REV8(REG_T3, REG_T3)
+            REV8(REG_A7, REG_A7)
+            REV8(REG_S2, REG_S2)
+            "srli   t0, t1, 32\n\t"
+            "srli   t2, t3, 32\n\t"
+            "srli   a6, a7, 32\n\t"
+            "srli   s1, s2, 32\n\t"
+#endif
+            /* Store round 0 key. */
+            "sw     t0,  0(%[rk])\n\t"
+            "sw     t1,  4(%[rk])\n\t"
+            "sw     t2,  8(%[rk])\n\t"
+            "sw     t3, 12(%[rk])\n\t"
+            "sw     a6, 16(%[rk])\n\t"
+            "sw     a7, 20(%[rk])\n\t"
+            "sw     s1, 24(%[rk])\n\t"
+            "sw     s2, 28(%[rk])\n\t"
+
+            "li     a4, 7\n\t"
+            "mv     a5, x0\n\t"
+        "L_aes_set_key_c_32_loop:\n\t"
+            "addi   %[rk], %[rk], 32\n\t"
+            /* Permute key. */
+            AES_SUB_ROT_WORD_RCON(s2)
+            "xor    t1, t1, t0\n\t"
+            "xor    t2, t2, t1\n\t"
+            "xor    t3, t3, t2\n\t"
+            /* Store half round key. */
+            "sw     t0,  0(%[rk])\n\t"
+            "sw     t1,  4(%[rk])\n\t"
+            "sw     t2,  8(%[rk])\n\t"
+            "sw     t3, 12(%[rk])\n\t"
+
+            "addi   a5, a5, 4\n\t"
+            "addi   a4, a4, -1\n\t"
+            "beqz   a4, L_aes_set_key_c_32_done\n\t"
+
+            AES_SUB_WORD(t3)
+            "xor    a7, a7, a6\n\t"
+            "xor    s1, s1, a7\n\t"
+            "xor    s2, s2, s1\n\t"
+            /* Store second half round key. */
+            "sw     a6, 16(%[rk])\n\t"
+            "sw     a7, 20(%[rk])\n\t"
+            "sw     s1, 24(%[rk])\n\t"
+            "sw     s2, 28(%[rk])\n\t"
+
+            "beqz   x0, L_aes_set_key_c_32_loop\n\t"
+        "L_aes_set_key_c_32_done:\n\t"
+
+            : [rk] "+r" (rk)
+            : [key] "r" (key), [te] "r" (Te), [rcon] "r" (rcon)
+            : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5",
+              "a6", "a7", "s1", "s2"
+        );
+        break;
+#endif /* 256 */
+    }
+
+#if defined(HAVE_AES_DECRYPT)
+
+#define INV_MIXCOL(rki)                     \
+            "srli   t5, " #rki ", 22\n\t"   \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te1]\n\t"     \
+            "lbu    t5, (t5)\n\t"           \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[td]\n\t"      \
+            "lw     t6, (t5)\n\t"           \
+            "srli   t5, " #rki ", 14\n\t"   \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te1]\n\t"     \
+            "lbu    t5, (t5)\n\t"           \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[td]\n\t"      \
+            "addi   t5, t5, 0x400\n\t"      \
+            "lw     t5, (t5)\n\t"           \
+            "xor    t6, t6, t5\n\t"         \
+            "srli   t5, " #rki ", 6\n\t"    \
+            "andi   t5, t5, 0x3fc\n\t"      \
+            "add    t5, t5, %[te1]\n\t"     \
+            "lbu    t5, (t5)\n\t"           \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[td]\n\t"      \
+            "li     t4, 0x800\n\t"          \
+            "add    t5, t5, t4\n\t"         \
+            "lw     t5, (t5)\n\t"           \
+            "xor    t6, t6, t5\n\t"         \
+            "andi   t5, " #rki ", 0xff\n\t" \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[te1]\n\t"     \
+            "lbu    t5, (t5)\n\t"           \
+            "slli   t5, t5, 2\n\t"          \
+            "add    t5, t5, %[td]\n\t"      \
+            "li     t4, 0xc00\n\t"          \
+            "add    t5, t5, t4\n\t"         \
+            "lw     t5, (t5)\n\t"           \
+            "xor    " #rki ", t6, t5\n\t"
+
+    if (dir == AES_DECRYPTION) {
+        int r = aes->rounds;
+        rk = aes->key;
+
+        __asm__ __volatile__ (
+            /* Change key schedule for decryption. */
+            "slli   s1, %[r], 4\n\t"
+            "add    s1, s1, %[rk]\n\t"
+            "srli   %[r], %[r], 1\n\t"
+            "addi   %[r], %[r], -1\n\t"
+
+            /* Swap first two rounds. */
+            "ld     t0, 0(%[rk])\n\t"
+            "ld     t1, 8(%[rk])\n\t"
+            "ld     t2, 0(s1)\n\t"
+            "ld     t3, 8(s1)\n\t"
+            "sd     t0, 0(s1)\n\t"
+            "sd     t1, 8(s1)\n\t"
+            "sd     t2, 0(%[rk])\n\t"
+            "sd     t3, 8(%[rk])\n\t"
+
+       "L_aes_set_key_inv_mixcol_loop:\n\t"
+            "addi   %[rk], %[rk], 16\n\t"
+            "addi   s1, s1, -16\n\t"
+
+            "lw     t0,  0(%[rk])\n\t"
+            "lw     t1,  4(%[rk])\n\t"
+            "lw     t2,  8(%[rk])\n\t"
+            "lw     t3, 12(%[rk])\n\t"
+            "lw     a4,  0(s1)\n\t"
+            "lw     a5,  4(s1)\n\t"
+            "lw     a6,  8(s1)\n\t"
+            "lw     a7, 12(s1)\n\t"
+
+            INV_MIXCOL(t0)
+            INV_MIXCOL(t1)
+            INV_MIXCOL(t2)
+            INV_MIXCOL(t3)
+            INV_MIXCOL(a4)
+            INV_MIXCOL(a5)
+            INV_MIXCOL(a6)
+            INV_MIXCOL(a7)
+
+            "sw     t0,  0(s1)\n\t"
+            "sw     t1,  4(s1)\n\t"
+            "sw     t2,  8(s1)\n\t"
+            "sw     t3, 12(s1)\n\t"
+            "sw     a4,  0(%[rk])\n\t"
+            "sw     a5,  4(%[rk])\n\t"
+            "sw     a6,  8(%[rk])\n\t"
+            "sw     a7, 12(%[rk])\n\t"
+
+            "addi   %[r], %[r], -1\n\t"
+            "bnez   %[r], L_aes_set_key_inv_mixcol_loop\n\t"
+
+            "lw     t0, 16(%[rk])\n\t"
+            "lw     t1, 20(%[rk])\n\t"
+            "lw     t2, 24(%[rk])\n\t"
+            "lw     t3, 28(%[rk])\n\t"
+
+            INV_MIXCOL(t0)
+            INV_MIXCOL(t1)
+            INV_MIXCOL(t2)
+            INV_MIXCOL(t3)
+
+            "sw     t0, 16(%[rk])\n\t"
+            "sw     t1, 20(%[rk])\n\t"
+            "sw     t2, 24(%[rk])\n\t"
+            "sw     t3, 28(%[rk])\n\t"
+
+            : [rk] "+r" (rk), [r] "+r" (r)
+            : [td] "r" (Td), [te1] "r" (Te[1])
+            : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5",
+              "a6", "a7", "s1"
+       );
+   }
+#endif /* HAVE_AES_DECRYPT */
+}
+
+/* Set the key and/or IV into the AES object.
+ *
+ * Creates the key schedule from the key.
+ * Uses Cryptographic instructions.
+ *
+ * @param [in] aes     AES object.
+ * @param [in] key     Secret key to use.
+ * @param [in] keyLen  Length of key in bytes.
+ * @param [in] iv      Initialization Vector (IV) to use. May be NULL.
+ * @param [in] dir     Direction of crypt: AES_ENCRYPT, AES_DECRYPT.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes or key is NULL.
+ * @return  BAD_FUNC_ARG when keyLen/dir is not supported or valid.
+ */
+int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
+    int dir)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (aes == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check key size is supported by AES object. */
+    if ((ret == 0) && (keyLen > (word32)sizeof(aes->key))) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Check key length is supported. */
+        switch (keyLen) {
+    #if defined(AES_MAX_KEY_SIZE) && (AES_MAX_KEY_SIZE >= 128) && \
+        defined(WOLFSSL_AES_128)
+        case 16:
+    #endif
+    #if defined(AES_MAX_KEY_SIZE) && (AES_MAX_KEY_SIZE >= 192) && \
+        defined(WOLFSSL_AES_192)
+        case 24:
+    #endif
+    #if defined(AES_MAX_KEY_SIZE) && (AES_MAX_KEY_SIZE >= 256) && \
+        defined(WOLFSSL_AES_256)
+        case 32:
+    #endif
+            break;
+        default:
+            ret = BAD_FUNC_ARG;
+        }
+    }
+#ifndef HAVE_AES_DECRYPT
+    if ((ret == 0) && (dir == AES_DECRYPTION)) {
+        ret = BAD_FUNC_ARG;
+    }
+#endif
+
+    if (ret == 0) {
+        /* Initialize fields. */
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
+        aes->left = 0;
+    #endif
+        aes->keylen = (int)keyLen;
+        aes->rounds = (keyLen / 4) + 6;
+
+        /* Compute the key schedule. */
+        AesSetKey_C(aes, key, keyLen, dir);
+
+        /* Set the IV. */
+        ret = wc_AesSetIV(aes, iv);
+    }
+
+    return ret;
+}
+
+#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+/* Encrypt a block using AES.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to encrypt.
+ * @param [out] out  Encrypted block.
+ */
+static void wc_AesEncrypt(Aes* aes, const byte* in, byte* out)
+{
+/* A round of encryption from set 2 to 1 registers. */
+#define ENC_ROUND_T_S_ASM(o)                    \
+        "srliw      t0, a4, 24\n\t"             \
+        "srliw      t1, a5, 24\n\t"             \
+        "srliw      t2, a6, 24\n\t"             \
+        "srliw      t3, a7, 24\n\t"             \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, %[te]\n\t"          \
+        "add        t1, t1, %[te]\n\t"          \
+        "add        t2, t2, %[te]\n\t"          \
+        "add        t3, t3, %[te]\n\t"          \
+        "lw         t5, (t0)\n\t"               \
+        "lw         t6, (t1)\n\t"               \
+        "lw         s1, (t2)\n\t"               \
+        "lw         s2, (t3)\n\t"               \
+                                                \
+        "addi       t4, %[te], 0x400\n\t"       \
+        "srliw      t0, a5, 14\n\t"             \
+        "srliw      t1, a6, 14\n\t"             \
+        "srliw      t2, a7, 14\n\t"             \
+        "srliw      t3, a4, 14\n\t"             \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "srliw      t0, a6, 6\n\t"              \
+        "srliw      t1, a7, 6\n\t"              \
+        "srliw      t2, a4, 6\n\t"              \
+        "srliw      t3, a5, 6\n\t"              \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "andi       t0, a7, 0xff\n\t"           \
+        "andi       t1, a4, 0xff\n\t"           \
+        "andi       t2, a5, 0xff\n\t"           \
+        "andi       t3, a6, 0xff\n\t"           \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"             \
+                                                \
+        "lw         t0, " #o "(%[rk])\n\t"      \
+        "lw         t1, " #o "+4(%[rk])\n\t"    \
+        "lw         t2, " #o "+8(%[rk])\n\t"    \
+        "lw         t3, " #o "+12(%[rk])\n\t"   \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"
+
+/* A round of encryption from set 1 to 2 registers. */
+#define ENC_ROUND_S_T_ASM(o)                    \
+        "srliw      t0, t5, 24\n\t"             \
+        "srliw      t1, t6, 24\n\t"             \
+        "srliw      t2, s1, 24\n\t"             \
+        "srliw      t3, s2, 24\n\t"             \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, %[te]\n\t"          \
+        "add        t1, t1, %[te]\n\t"          \
+        "add        t2, t2, %[te]\n\t"          \
+        "add        t3, t3, %[te]\n\t"          \
+        "lw         a4, (t0)\n\t"               \
+        "lw         a5, (t1)\n\t"               \
+        "lw         a6, (t2)\n\t"               \
+        "lw         a7, (t3)\n\t"               \
+                                                \
+        "addi       t4, %[te], 0x400\n\t"       \
+        "srliw      t0, t6, 14\n\t"             \
+        "srliw      t1, s1, 14\n\t"             \
+        "srliw      t2, s2, 14\n\t"             \
+        "srliw      t3, t5, 14\n\t"             \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "srliw      t0, s1, 6\n\t"              \
+        "srliw      t1, s2, 6\n\t"              \
+        "srliw      t2, t5, 6\n\t"              \
+        "srliw      t3, t6, 6\n\t"              \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "andi       t0, s2, 0xff\n\t"           \
+        "andi       t1, t5, 0xff\n\t"           \
+        "andi       t2, t6, 0xff\n\t"           \
+        "andi       t3, s1, 0xff\n\t"           \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"             \
+                                                \
+        "lw         t0, " #o "(%[rk])\n\t"      \
+        "lw         t1, " #o "+4(%[rk])\n\t"    \
+        "lw         t2, " #o "+8(%[rk])\n\t"    \
+        "lw         t3, " #o "+12(%[rk])\n\t"   \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"
+
+    __asm__ __volatile__ (
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* Load 4 32-bit words in reverse byte order. */
+        LOAD_WORD_REV(t0, 0, %[in])
+        LOAD_WORD_REV(t1, 4, %[in])
+        LOAD_WORD_REV(t2, 8, %[in])
+        LOAD_WORD_REV(t3, 12, %[in])
+#else
+        "ld         t1,  0(%[in])\n\t"
+        "ld         t3,  8(%[in])\n\t"
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        "srli       t0, t1, 32\n\t"
+        "srli       t2, t3, 32\n\t"
+#endif
+        "lw         a4,  0(%[rk])\n\t"
+        "lw         a5,  4(%[rk])\n\t"
+        "lw         a6,  8(%[rk])\n\t"
+        "lw         a7, 12(%[rk])\n\t"
+        /* AddRoundKey */
+        "xor        a4, t0, a4\n\t"
+        "xor        a5, t1, a5\n\t"
+        "xor        a6, t2, a6\n\t"
+        "xor        a7, t3, a7\n\t"
+
+        ENC_ROUND_T_S_ASM(16)
+        ENC_ROUND_S_T_ASM(32)
+        ENC_ROUND_T_S_ASM(48)
+        ENC_ROUND_S_T_ASM(64)
+        ENC_ROUND_T_S_ASM(80)
+        ENC_ROUND_S_T_ASM(96)
+        ENC_ROUND_T_S_ASM(112)
+        ENC_ROUND_S_T_ASM(128)
+        ENC_ROUND_T_S_ASM(144)
+
+        "li          t4, 5\n\t"
+        "ble         %[r], t4, L_aes_encrypt_done\n\t"
+        ENC_ROUND_S_T_ASM(160)
+        ENC_ROUND_T_S_ASM(176)
+
+        "li          t4, 6\n\t"
+        "ble         %[r], t4, L_aes_encrypt_done\n\t"
+        ENC_ROUND_S_T_ASM(192)
+        ENC_ROUND_T_S_ASM(208)
+    "L_aes_encrypt_done:\n\t"
+
+        /* Last round. */
+        "srliw      t0, s1, 6\n\t"
+        "srliw      t1, s2, 6\n\t"
+        "srliw      t2, t5, 6\n\t"
+        "srliw      t3, t6, 6\n\t"
+        "andi       t0, t0, 0x3fc\n\t"
+        "andi       t1, t1, 0x3fc\n\t"
+        "andi       t2, t2, 0x3fc\n\t"
+        "andi       t3, t3, 0x3fc\n\t"
+        "add        t0, t0, %[te]\n\t"
+        "add        t1, t1, %[te]\n\t"
+        "add        t2, t2, %[te]\n\t"
+        "add        t3, t3, %[te]\n\t"
+        "lw         a4, (t0)\n\t"
+        "lw         a5, (t1)\n\t"
+        "lw         a6, (t2)\n\t"
+        "lw         a7, (t3)\n\t"
+        "li         t4, 0x0000ff00\n\t"
+        "and        a4, a4, t4\n\t"
+        "and        a5, a5, t4\n\t"
+        "and        a6, a6, t4\n\t"
+        "and        a7, a7, t4\n\t"
+
+        "addi       t4, %[te], 0x400\n\t"
+        "andi       t0, s2, 0xff\n\t"
+        "andi       t1, t5, 0xff\n\t"
+        "andi       t2, t6, 0xff\n\t"
+        "andi       t3, s1, 0xff\n\t"
+        "slli       t0, t0, 2\n\t"
+        "slli       t1, t1, 2\n\t"
+        "slli       t2, t2, 2\n\t"
+        "slli       t3, t3, 2\n\t"
+        "add        t0, t0, t4\n\t"
+        "add        t1, t1, t4\n\t"
+        "add        t2, t2, t4\n\t"
+        "add        t3, t3, t4\n\t"
+        "lbu        t0, (t0)\n\t"
+        "lbu        t1, (t1)\n\t"
+        "lbu        t2, (t2)\n\t"
+        "lbu        t3, (t3)\n\t"
+        "or         a4, a4, t0\n\t"
+        "or         a5, a5, t1\n\t"
+        "or         a6, a6, t2\n\t"
+        "or         a7, a7, t3\n\t"
+
+        "addi       t4, t4, 0x400\n\t"
+        "srliw      t0, t5, 24\n\t"
+        "srliw      t1, t6, 24\n\t"
+        "srliw      t2, s1, 24\n\t"
+        "srliw      t3, s2, 24\n\t"
+        "slli       t0, t0, 2\n\t"
+        "slli       t1, t1, 2\n\t"
+        "slli       t2, t2, 2\n\t"
+        "slli       t3, t3, 2\n\t"
+        "add        t0, t0, t4\n\t"
+        "add        t1, t1, t4\n\t"
+        "add        t2, t2, t4\n\t"
+        "add        t3, t3, t4\n\t"
+        "lw         t0, (t0)\n\t"
+        "lw         t1, (t1)\n\t"
+        "lw         t2, (t2)\n\t"
+        "lw         t3, (t3)\n\t"
+        "li         t4, 0xff000000\n\t"
+        "and        t0, t0, t4\n\t"
+        "and        t1, t1, t4\n\t"
+        "and        t2, t2, t4\n\t"
+        "and        t3, t3, t4\n\t"
+        "or         a4, a4, t0\n\t"
+        "or         a5, a5, t1\n\t"
+        "or         a6, a6, t2\n\t"
+        "or         a7, a7, t3\n\t"
+
+        "li         t4, 0xc00\n\t"
+        "add        t4, %[te], t4\n\t"
+        "srliw      t0, t6, 14\n\t"
+        "srliw      t1, s1, 14\n\t"
+        "srliw      t2, s2, 14\n\t"
+        "srliw      t3, t5, 14\n\t"
+        "andi       t0, t0, 0x3fc\n\t"
+        "andi       t1, t1, 0x3fc\n\t"
+        "andi       t2, t2, 0x3fc\n\t"
+        "andi       t3, t3, 0x3fc\n\t"
+        "add        t0, t0, t4\n\t"
+        "add        t1, t1, t4\n\t"
+        "add        t2, t2, t4\n\t"
+        "add        t3, t3, t4\n\t"
+        "lw         t0, (t0)\n\t"
+        "lw         t1, (t1)\n\t"
+        "lw         t2, (t2)\n\t"
+        "lw         t3, (t3)\n\t"
+        "li         t4, 0x00ff0000\n\t"
+        "and        t0, t0, t4\n\t"
+        "and        t1, t1, t4\n\t"
+        "and        t2, t2, t4\n\t"
+        "and        t3, t3, t4\n\t"
+        "or         a4, a4, t0\n\t"
+        "or         a5, a5, t1\n\t"
+        "or         a6, a6, t2\n\t"
+        "or         a7, a7, t3\n\t"
+
+        "slli       t4, %[r], 5\n\t"
+        "add        t4, %[rk], t4\n\t"
+        "lw         t0,  0(t4)\n\t"
+        "lw         t1,  4(t4)\n\t"
+        "lw         t2,  8(t4)\n\t"
+        "lw         t3, 12(t4)\n\t"
+        "xor        a4, a4, t0\n\t"
+        "xor        a5, a5, t1\n\t"
+        "xor        a6, a6, t2\n\t"
+        "xor        a7, a7, t3\n\t"
+
+        /* Reverse byte in 32-bit words. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        STORE_WORD_REV(a4, 0, %[out])
+        STORE_WORD_REV(a5, 4, %[out])
+        STORE_WORD_REV(a6, 8, %[out])
+        STORE_WORD_REV(a7, 12, %[out])
+#elif !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
+        "slli        t0, a4, 32\n\t"
+        "slli        t1, a5, 32\n\t"
+        "slli        t2, a6, 32\n\t"
+        "slli        t3, a7, 32\n\t"
+        "srli        t1, t1, 32\n\t"
+        "srli        t3, t3, 32\n\t"
+        "or          t1, t1, t0\n\t"
+        "or          t3, t3, t2\n\t"
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        /* Write encrypted block to output. */
+        "sd         t1,  0(%[out])\n\t"
+        "sd         t3,  8(%[out])\n\t"
+#else
+        PACK(REG_T1, REG_A5, REG_A4)
+        PACK(REG_T3, REG_A7, REG_A6)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        /* Write encrypted block to output. */
+        "sd         t1,  0(%[out])\n\t"
+        "sd         t3,  8(%[out])\n\t"
+#endif
+
+        :
+        : [in] "r" (in), [rk] "r" (aes->key), [te] "r" (Te),
+          [r] "r" (aes->rounds >> 1), [out] "r" (out)
+        : "memory", "t0", "t1", "t2", "t3", "t4",
+          "a4", "a5", "a6", "a7",
+          "t5", "t6", "s1", "s2"
+    );
+}
+#endif /* WOLFSSL_AES_DIRECT || HAVE_AES_CBC || HAVE_AESGCM || HAVE_AESCCM */
+
+#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_CBC)
+#ifdef HAVE_AES_DECRYPT
+/* AES byte decryption table. */
+static const FLASH_QUALIFIER byte Td4[256] =
+{
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+
+/* Decrypt a block using AES.
+ *
+ * @param [in]  aes  AES object.
+ * @param [in]  in   Block to decrypt.
+ * @param [out] out  Decrypted block.
+ */
+static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
+{
+/* A round of decryption from set 2 to 1 registers. */
+#define DEC_ROUND_T_S_ASM(o)                    \
+        "srliw      t0, a4, 24\n\t"             \
+        "srliw      t1, a5, 24\n\t"             \
+        "srliw      t2, a6, 24\n\t"             \
+        "srliw      t3, a7, 24\n\t"             \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, %[td]\n\t"          \
+        "add        t1, t1, %[td]\n\t"          \
+        "add        t2, t2, %[td]\n\t"          \
+        "add        t3, t3, %[td]\n\t"          \
+        "lw         t5, (t0)\n\t"               \
+        "lw         t6, (t1)\n\t"               \
+        "lw         s1, (t2)\n\t"               \
+        "lw         s2, (t3)\n\t"               \
+                                                \
+        "addi       t4, %[td], 0x400\n\t"       \
+        "srliw      t0, a7, 14\n\t"             \
+        "srliw      t1, a4, 14\n\t"             \
+        "srliw      t2, a5, 14\n\t"             \
+        "srliw      t3, a6, 14\n\t"             \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "srliw      t0, a6, 6\n\t"              \
+        "srliw      t1, a7, 6\n\t"              \
+        "srliw      t2, a4, 6\n\t"              \
+        "srliw      t3, a5, 6\n\t"              \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "andi       t0, a5, 0xff\n\t"           \
+        "andi       t1, a6, 0xff\n\t"           \
+        "andi       t2, a7, 0xff\n\t"           \
+        "andi       t3, a4, 0xff\n\t"           \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"             \
+                                                \
+        "lw         t0, " #o "(%[rk])\n\t"      \
+        "lw         t1, " #o "+4(%[rk])\n\t"    \
+        "lw         t2, " #o "+8(%[rk])\n\t"    \
+        "lw         t3, " #o "+12(%[rk])\n\t"   \
+        "xor        t5, t5, t0\n\t"             \
+        "xor        t6, t6, t1\n\t"             \
+        "xor        s1, s1, t2\n\t"             \
+        "xor        s2, s2, t3\n\t"
+
+/* A round of decryption from set 1 to 2 registers. */
+#define DEC_ROUND_S_T_ASM(o)                    \
+        "srliw      t0, t5, 24\n\t"             \
+        "srliw      t1, t6, 24\n\t"             \
+        "srliw      t2, s1, 24\n\t"             \
+        "srliw      t3, s2, 24\n\t"             \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, %[td]\n\t"          \
+        "add        t1, t1, %[td]\n\t"          \
+        "add        t2, t2, %[td]\n\t"          \
+        "add        t3, t3, %[td]\n\t"          \
+        "lw         a4, (t0)\n\t"               \
+        "lw         a5, (t1)\n\t"               \
+        "lw         a6, (t2)\n\t"               \
+        "lw         a7, (t3)\n\t"               \
+                                                \
+        "addi       t4, %[td], 0x400\n\t"       \
+        "srliw      t0, s2, 14\n\t"             \
+        "srliw      t1, t5, 14\n\t"             \
+        "srliw      t2, t6, 14\n\t"             \
+        "srliw      t3, s1, 14\n\t"             \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "srliw      t0, s1, 6\n\t"              \
+        "srliw      t1, s2, 6\n\t"              \
+        "srliw      t2, t5, 6\n\t"              \
+        "srliw      t3, t6, 6\n\t"              \
+        "andi       t0, t0, 0x3fc\n\t"          \
+        "andi       t1, t1, 0x3fc\n\t"          \
+        "andi       t2, t2, 0x3fc\n\t"          \
+        "andi       t3, t3, 0x3fc\n\t"          \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"             \
+                                                \
+        "addi       t4, t4, 0x400\n\t"          \
+        "andi       t0, t6, 0xff\n\t"           \
+        "andi       t1, s1, 0xff\n\t"           \
+        "andi       t2, s2, 0xff\n\t"           \
+        "andi       t3, t5, 0xff\n\t"           \
+        "slliw      t0, t0, 2\n\t"              \
+        "slliw      t1, t1, 2\n\t"              \
+        "slliw      t2, t2, 2\n\t"              \
+        "slliw      t3, t3, 2\n\t"              \
+        "add        t0, t0, t4\n\t"             \
+        "add        t1, t1, t4\n\t"             \
+        "add        t2, t2, t4\n\t"             \
+        "add        t3, t3, t4\n\t"             \
+        "lw         t0, (t0)\n\t"               \
+        "lw         t1, (t1)\n\t"               \
+        "lw         t2, (t2)\n\t"               \
+        "lw         t3, (t3)\n\t"               \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"             \
+                                                \
+        "lw         t0, " #o "(%[rk])\n\t"      \
+        "lw         t1, " #o "+4(%[rk])\n\t"    \
+        "lw         t2, " #o "+8(%[rk])\n\t"    \
+        "lw         t3, " #o "+12(%[rk])\n\t"   \
+        "xor        a4, a4, t0\n\t"             \
+        "xor        a5, a5, t1\n\t"             \
+        "xor        a6, a6, t2\n\t"             \
+        "xor        a7, a7, t3\n\t"
+
+    __asm__ __volatile__ (
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* Load 4 32-bit words in reverse byte order. */
+        LOAD_WORD_REV(t0, 0, %[in])
+        LOAD_WORD_REV(t1, 4, %[in])
+        LOAD_WORD_REV(t2, 8, %[in])
+        LOAD_WORD_REV(t3, 12, %[in])
+#else
+        "ld         t1,  0(%[in])\n\t"
+        "ld         t3,  8(%[in])\n\t"
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        "srli       t0, t1, 32\n\t"
+        "srli       t2, t3, 32\n\t"
+#endif
+        "lw         a4,  0(%[rk])\n\t"
+        "lw         a5,  4(%[rk])\n\t"
+        "lw         a6,  8(%[rk])\n\t"
+        "lw         a7, 12(%[rk])\n\t"
+        /* AddRoundKey */
+        "xor        a4, t0, a4\n\t"
+        "xor        a5, t1, a5\n\t"
+        "xor        a6, t2, a6\n\t"
+        "xor        a7, t3, a7\n\t"
+
+        DEC_ROUND_T_S_ASM(16)
+        DEC_ROUND_S_T_ASM(32)
+        DEC_ROUND_T_S_ASM(48)
+        DEC_ROUND_S_T_ASM(64)
+        DEC_ROUND_T_S_ASM(80)
+        DEC_ROUND_S_T_ASM(96)
+        DEC_ROUND_T_S_ASM(112)
+        DEC_ROUND_S_T_ASM(128)
+        DEC_ROUND_T_S_ASM(144)
+
+        "li          t4, 5\n\t"
+        "ble         %[r], t4, L_aes_decrypt_done\n\t"
+        DEC_ROUND_S_T_ASM(160)
+        DEC_ROUND_T_S_ASM(176)
+
+        "li          t4, 6\n\t"
+        "ble         %[r], t4, L_aes_decrypt_done\n\t"
+        DEC_ROUND_S_T_ASM(192)
+        DEC_ROUND_T_S_ASM(208)
+    "L_aes_decrypt_done:\n\t"
+
+        /* Last round. */
+        "srliw      t0, t5, 24\n\t"
+        "srliw      t1, t6, 24\n\t"
+        "srliw      t2, s1, 24\n\t"
+        "srliw      t3, s2, 24\n\t"
+        "add        t0, t0, %[td4]\n\t"
+        "add        t1, t1, %[td4]\n\t"
+        "add        t2, t2, %[td4]\n\t"
+        "add        t3, t3, %[td4]\n\t"
+        "lbu        a4, (t0)\n\t"
+        "lbu        a5, (t1)\n\t"
+        "lbu        a6, (t2)\n\t"
+        "lbu        a7, (t3)\n\t"
+        "slli       a4, a4, 24\n\t"
+        "slli       a5, a5, 24\n\t"
+        "slli       a6, a6, 24\n\t"
+        "slli       a7, a7, 24\n\t"
+
+        "srliw      t0, s2, 16\n\t"
+        "srliw      t1, t5, 16\n\t"
+        "srliw      t2, t6, 16\n\t"
+        "srliw      t3, s1, 16\n\t"
+        "andi       t0, t0, 0xff\n\t"
+        "andi       t1, t1, 0xff\n\t"
+        "andi       t2, t2, 0xff\n\t"
+        "andi       t3, t3, 0xff\n\t"
+        "add        t0, t0, %[td4]\n\t"
+        "add        t1, t1, %[td4]\n\t"
+        "add        t2, t2, %[td4]\n\t"
+        "add        t3, t3, %[td4]\n\t"
+        "lbu        t0, (t0)\n\t"
+        "lbu        t1, (t1)\n\t"
+        "lbu        t2, (t2)\n\t"
+        "lbu        t3, (t3)\n\t"
+        "slli       t0, t0, 16\n\t"
+        "slli       t1, t1, 16\n\t"
+        "slli       t2, t2, 16\n\t"
+        "slli       t3, t3, 16\n\t"
+        "or         a4, a4, t0\n\t"
+        "or         a5, a5, t1\n\t"
+        "or         a6, a6, t2\n\t"
+        "or         a7, a7, t3\n\t"
+
+        "srliw      t0, s1, 8\n\t"
+        "srliw      t1, s2, 8\n\t"
+        "srliw      t2, t5, 8\n\t"
+        "srliw      t3, t6, 8\n\t"
+        "andi       t0, t0, 0xff\n\t"
+        "andi       t1, t1, 0xff\n\t"
+        "andi       t2, t2, 0xff\n\t"
+        "andi       t3, t3, 0xff\n\t"
+        "add        t0, t0, %[td4]\n\t"
+        "add        t1, t1, %[td4]\n\t"
+        "add        t2, t2, %[td4]\n\t"
+        "add        t3, t3, %[td4]\n\t"
+        "lbu        t0, (t0)\n\t"
+        "lbu        t1, (t1)\n\t"
+        "lbu        t2, (t2)\n\t"
+        "lbu        t3, (t3)\n\t"
+        "slli       t0, t0, 8\n\t"
+        "slli       t1, t1, 8\n\t"
+        "slli       t2, t2, 8\n\t"
+        "slli       t3, t3, 8\n\t"
+        "or         a4, a4, t0\n\t"
+        "or         a5, a5, t1\n\t"
+        "or         a6, a6, t2\n\t"
+        "or         a7, a7, t3\n\t"
+
+        "andi       t0, t6, 0xff\n\t"
+        "andi       t1, s1, 0xff\n\t"
+        "andi       t2, s2, 0xff\n\t"
+        "andi       t3, t5, 0xff\n\t"
+        "add        t0, t0, %[td4]\n\t"
+        "add        t1, t1, %[td4]\n\t"
+        "add        t2, t2, %[td4]\n\t"
+        "add        t3, t3, %[td4]\n\t"
+        "lbu        t0, (t0)\n\t"
+        "lbu        t1, (t1)\n\t"
+        "lbu        t2, (t2)\n\t"
+        "lbu        t3, (t3)\n\t"
+        "or         a4, a4, t0\n\t"
+        "or         a5, a5, t1\n\t"
+        "or         a6, a6, t2\n\t"
+        "or         a7, a7, t3\n\t"
+
+        "slli       t4, %[r], 5\n\t"
+        "add        t4, %[rk], t4\n\t"
+        "lw         t0,  0(t4)\n\t"
+        "lw         t1,  4(t4)\n\t"
+        "lw         t2,  8(t4)\n\t"
+        "lw         t3, 12(t4)\n\t"
+        "xor        a4, a4, t0\n\t"
+        "xor        a5, a5, t1\n\t"
+        "xor        a6, a6, t2\n\t"
+        "xor        a7, a7, t3\n\t"
+
+        /* Reverse byte in 32-bit words. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        STORE_WORD_REV(a4, 0, %[out])
+        STORE_WORD_REV(a5, 4, %[out])
+        STORE_WORD_REV(a6, 8, %[out])
+        STORE_WORD_REV(a7, 12, %[out])
+#elif !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
+        "slli        t0, a4, 32\n\t"
+        "slli        t1, a5, 32\n\t"
+        "slli        t2, a6, 32\n\t"
+        "slli        t3, a7, 32\n\t"
+        "srli        t1, t1, 32\n\t"
+        "srli        t3, t3, 32\n\t"
+        "or          t1, t1, t0\n\t"
+        "or          t3, t3, t2\n\t"
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        /* Write encrypted block to output. */
+        "sd         t1,  0(%[out])\n\t"
+        "sd         t3,  8(%[out])\n\t"
+#else
+        PACK(REG_T1, REG_A5, REG_A4)
+        PACK(REG_T3, REG_A7, REG_A6)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        /* Write encrypted block to output. */
+        "sd         t1,  0(%[out])\n\t"
+        "sd         t3,  8(%[out])\n\t"
+#endif
+
+        :
+        : [in] "r" (in), [rk] "r" (aes->key), [td] "r" (Td),
+          [r] "r" (aes->rounds >> 1), [out] "r" (out), [td4] "r" (Td4)
+        : "memory", "t0", "t1", "t2", "t3", "t4",
+          "a4", "a5", "a6", "a7",
+          "t5", "t6", "s1", "s2"
+    );
+}
+#endif /* HAVE_AES_DECRYPT */
+#endif /* WOLFSSL_AES_DIRECT || HAVE_AES_CBC */
+
+#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */
+
+/* AES-CBC */
+#if (defined(HAVE_AES_CBC) && !defined(HAVE_AES_CBC_ENC_DEC)) || \
+    (defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_AES_COUNTER_ENC)) || \
+    (defined(HAVE_AESGCM) && !defined(WOLFSSL_RISCV_VECTOR_GCM)) || \
+    defined(HAVE_AESCCM)
+/* XOR two 16-byte values, out and in, into out.
+ *
+ * @param [in, out] out  16-byte value.
+ * @param [in]      in   16-byte value.
+ */
+static WC_INLINE void xorbuf16(byte* out, const byte* in)
+{
+    word64* out64 = (word64*)out;
+    word64* in64  = (word64*)in;
+
+    out64[0] ^= in64[0];
+    out64[1] ^= in64[1];
+}
+#endif
+
+#if (defined(HAVE_AES_CBC) && !defined(HAVE_AES_CBC_ENC_DEC)) || \
+    (defined(HAVE_AESGCM) && (!defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) || \
+     !defined(WOLFSSL_RISCV_VECTOR_GCM)))
+/* XOR two 16-byte values into out.
+ *
+ * @param [out] out  16-byte value.
+ * @param [in]  a    16-byte value.
+ * @param [in]  b    16-byte value.
+ */
+static WC_INLINE void xorbufout16(byte* out, const byte* a, const byte* b)
+{
+    word64* out64 = (word64*)out;
+    word64* a64   = (word64*)a;
+    word64* b64   = (word64*)b;
+
+    out64[0] = a64[0] ^ b64[0];
+    out64[1] = a64[1] ^ b64[1];
+}
+#endif
+
+#if defined(HAVE_AES_CBC) && !defined(HAVE_AES_CBC_ENC_DEC)
+/* Encrypt blocks of data using AES-CBC.
+ *
+ * Implementation using wc_AesEncrypt().
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted blocks.
+ * @param [in]  in   Blocks to encrypt.
+ * @param pin]  sz   Number of bytes to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ */
+int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret = 0;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+    /* Ensure a multiple of blocks is to be encrypted.  */
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
+        ret = BAD_LENGTH_E;
+    }
+#endif
+
+    if ((ret == 0) && (blocks > 0)) {
+        if (in != out) {
+            /* Encrypt first block with IV. */
+            xorbufout16(out, (byte*)aes->reg, in);
+            wc_AesEncrypt(aes, out, out);
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            for (blocks--; blocks > 0; blocks--) {
+                /* Encrypt a block with previous output block as IV. */
+                xorbufout16(out, out - WC_AES_BLOCK_SIZE, in);
+                wc_AesEncrypt(aes, out, out);
+                in += WC_AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
+            }
+            /* Copy last output block into AES object as next IV. */
+            memcpy16((byte*)aes->reg, out - WC_AES_BLOCK_SIZE);
+        }
+        /* in and out are same buffer. */
+        else {
+            byte* data = out;
+            /* Encrypt first block with IV. */
+            xorbuf16(data, (byte*)aes->reg);
+            wc_AesEncrypt(aes, data, data);
+            data += WC_AES_BLOCK_SIZE;
+            for (blocks--; blocks > 0; blocks--) {
+                /* Encrypt a block with previous output block as IV. */
+                xorbuf16(data, data - WC_AES_BLOCK_SIZE);
+                wc_AesEncrypt(aes, data, data);
+                data += WC_AES_BLOCK_SIZE;
+            }
+            /* Copy last output block into AES object as next IV. */
+            memcpy16((byte*)aes->reg, data - WC_AES_BLOCK_SIZE);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_AES_DECRYPT
+/* Decrypt blocks of data using AES-CBC.
+ *
+ * Implementation using wc_AesDecrypt().
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Decrypted blocks.
+ * @param [in]  in   Blocks to decrypt.
+ * @param pin]  sz   Number of bytes to decrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_FUNC_ARG when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ */
+int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret = 0;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure a multiple of blocks is being decrypted.  */
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        ret = BAD_LENGTH_E;
+#else
+        ret = BAD_FUNC_ARG;
+#endif
+    }
+
+    if ((ret == 0) && (blocks > 0)) {
+        if (in != out) {
+            /* Decrypt first block with the IV. */
+            wc_AesDecrypt(aes, in, out);
+            xorbuf16(out, (byte*)aes->reg);
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            for (blocks--; blocks > 0; blocks--) {
+                /* Decrypt a block with previous input block as IV. */
+                wc_AesDecrypt(aes, in, out);
+                xorbuf16(out, in - WC_AES_BLOCK_SIZE);
+                in += WC_AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
+            }
+            /* Copy last output block into AES object as next IV. */
+            memcpy16((byte*)aes->reg, in - WC_AES_BLOCK_SIZE);
+        }
+        /* in and out are same buffer. */
+        else {
+            byte* data = out;
+            for (; blocks > 0; blocks -= 2) {
+                /* Decrypt block with the IV in aes->reg. */
+                memcpy16((byte*)aes->tmp, data);
+                wc_AesDecrypt(aes, data, data);
+                xorbuf16(data, (byte*)aes->reg);
+                if (blocks == 1) {
+                    memcpy16((byte*)aes->reg, (byte*)aes->tmp);
+                    break;
+                }
+                data += WC_AES_BLOCK_SIZE;
+                /* Decrypt block with the IV in aes->tmp. */
+                memcpy16((byte*)aes->reg, data);
+                wc_AesDecrypt(aes, data, data);
+                xorbuf16(data, (byte*)aes->tmp);
+                data += WC_AES_BLOCK_SIZE;
+            }
+        }
+    }
+
+    return ret;
+}
+#endif
+#endif
+
+/* AES-ECB */
+#ifdef HAVE_AES_ECB
+/* Encrypt blocks of data using AES-ECB.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted blocks.
+ * @param [in]  in   Blocks to encrypt.
+ * @param pin]  sz   Number of bytes to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ */
+int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure a multiple of blocks is to be encrypted.  */
+    if ((ret == 0) && ((sz % WC_AES_BLOCK_SIZE) != 0)) {
+        ret = BAD_LENGTH_E;
+    }
+
+    if (ret == 0) {
+        /* Encrypt block by block. */
+        while (sz > 0) {
+            wc_AesEncrypt(aes, in, out);
+            out += WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
+        }
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_AES_DECRYPT
+/* Decrypt blocks of data using AES-ECB.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted blocks.
+ * @param [in]  in   Blocks to encrypt.
+ * @param pin]  sz   Number of bytes to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ */
+int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure a multiple of blocks is to be decrypted.  */
+    if ((ret == 0) && ((sz % WC_AES_BLOCK_SIZE) != 0)) {
+        ret = BAD_LENGTH_E;
+    }
+
+    if (ret == 0) {
+        /* Decrypt block by block. */
+        while (sz > 0) {
+            wc_AesDecrypt(aes, in, out);
+            out += WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
+        }
+    }
+
+    return ret;
+}
+#endif
+#endif /* HAVE_AES_ECB */
+
+/* AES-CTR */
+#if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_AES_COUNTER_ENC)
+/* Increment AES counter.
+ *
+ * Big-endian byte ordering.
+ *
+ * @param [in, out] inOutCtr  Counter value to be incremented.
+ */
+static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* Big-endian array - start at last element and move back. */
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
+        /* Result not zero means no carry. */
+        if ((++inOutCtr[i]) != 0) {
+            return;
+        }
+    }
+}
+
+/* Encrypt blocks of data using AES-CTR.
+ *
+ * Implementation uses wc_AesEncrypt().
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted blocks.
+ * @param [in]  in   Blocks to encrypt.
+ * @param [in]  sz   Number of bytes to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out or in is NULL.
+ * @return  BAD_FUNC_ARG when key size in AES object is not supported.
+ */
+int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    byte scratch[WC_AES_BLOCK_SIZE];
+    word32 processed;
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (aes == NULL || out == NULL || in == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Check key size is supported. */
+        switch(aes->rounds) {
+        #ifdef WOLFSSL_AES_128
+            case 10: /* AES 128 BLOCK */
+        #endif /* WOLFSSL_AES_128 */
+        #ifdef WOLFSSL_AES_192
+            case 12: /* AES 192 BLOCK */
+        #endif /* WOLFSSL_AES_192 */
+        #ifdef WOLFSSL_AES_256
+            case 14: /* AES 256 BLOCK */
+        #endif /* WOLFSSL_AES_256 */
+                break;
+            default:
+                WOLFSSL_MSG("Bad AES-CTR round value");
+                ret = BAD_FUNC_ARG;
+        }
+    }
+
+    if (ret == 0) {
+        /* Use up any unused bytes left in aes->tmp */
+        processed = min(aes->left, sz);
+        if (processed > 0) {
+            /* XOR in encrypted counter.  */
+            xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
+                processed);
+            out += processed;
+            in += processed;
+            aes->left -= processed;
+            sz -= processed;
+        }
+
+        /* Do whole blocks of data. */
+        while (sz >= WC_AES_BLOCK_SIZE) {
+            wc_AesEncrypt(aes, (byte*)aes->reg, scratch);
+            xorbuf16(scratch, in);
+            memcpy16(out, scratch);
+            IncrementAesCounter((byte*)aes->reg);
+
+            out += WC_AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            sz  -= WC_AES_BLOCK_SIZE;
+            aes->left = 0;
+        }
+        ForceZero(scratch, WC_AES_BLOCK_SIZE);
+
+        if (sz > 0) {
+            /* Encrypt counter and store in aes->tmp.
+             * Use up aes->tmp to encrypt data less than a block.
+             */
+            wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
+            IncrementAesCounter((byte*)aes->reg);
+            aes->left = WC_AES_BLOCK_SIZE - sz;
+            /* XOR in encrypted counter. */
+            xorbufout(out, in, aes->tmp, sz);
+        }
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_AES_COUNTER */
+
+#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+/* Set AES key directly.
+ *
+ * @param [in] aes     AES object.
+ * @param [in] key     Secret key to use.
+ * @param [in] keyLen  Length of key in bytes.
+ * @param [in] iv      Initialization Vector (IV) to use. May be NULL.
+ * @param [in] dir     Direction of crypt: AES_ENCRYPT, AES_DECRYPT.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes or key is NULL.
+ * @return  BAD_FUNC_ARG when keyLen/dir is not supported or valid.
+ */
+int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
+    int dir)
+{
+    return wc_AesSetKey(aes, key, keyLen, iv, dir);
+}
+#endif
+
+/* Set the IV.
+ *
+ * @param [in] aes  AES object.
+ * @param [in] iv   Initialization Vector (IV) to set.
+ *                  When NULL, an IV of all zeros is set.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes is NULL.
+ */
+int wc_AesSetIV(Aes* aes, const byte* iv)
+{
+    int ret = 0;
+
+    if (aes == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if (iv != NULL) {
+        memcpy16((byte*)aes->reg, iv);
+    }
+    else {
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
+    }
+
+    return ret;
+}
+
+/* AES-DIRECT */
+#ifdef WOLFSSL_AES_DIRECT
+/* Direct encryption of a block.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Encrypted block.
+ * @param [in]  in   Block to encrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out, or in is NULL.
+ */
+int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    int ret = 0;
+
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        WOLFSSL_MSG("Invalid input to wc_AesEncryptDirect");
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        wc_AesEncrypt(aes, in, out);
+    }
+
+    return ret;
+}
+#ifdef HAVE_AES_DECRYPT
+/* Direct decryption of a block.
+ *
+ * @param [in]  aes  AES object.
+ * @param [out] out  Decrypted block.
+ * @param [in]  in   Block to decrypt.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, out, or in is NULL.
+ */
+int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    int ret = 0;
+
+    if ((aes == NULL) || (out == NULL) || (in == NULL)) {
+        WOLFSSL_MSG("Invalid input to wc_AesDecryptDirect");
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        wc_AesDecrypt(aes, in, out);
+    }
+
+    return ret;
+}
+#endif /* HAVE_AES_DECRYPT */
+#endif /* WOLFSSL_AES_DIRECT */
+
+#ifdef WOLFSSL_AES_COUNTER
+
+/* Set the key for AES-CTR.
+ *
+ * @param [in] aes     AES object.
+ * @param [in] key     Secret key to use.
+ * @param [in] keyLen  Length of key in bytes.
+ * @param [in] iv      Initialization Vector (IV) to use. May be NULL.
+ * @param [in] dir     Direction of crypt: AES_ENCRYPT, AES_DECRYPT.
+ *                     For CTR mode, underlying key is always for encryption.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes or key is NULL.
+ * @return  BAD_FUNC_ARG when keyLen is not supported or valid.
+ */
+int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
+    int dir)
+{
+    (void)dir;
+    return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
+}
+
+#endif /* WOLFSSL_AES_COUNTER */
+
+#ifdef HAVE_AESGCM
+
+#if !defined(WOLFSSL_RISCV_VECTOR_GCM) && \
+    !defined(WOLFSSL_RISCV_VECTOR_CARRYLESS) && \
+    !defined(WOLFSSL_RISCV_CARRYLESS)
+/* Shift x in GF2
+ *
+ * @param [in, out] x  128-bit value to shift.
+ */
+static WC_INLINE void RIGHTSHIFTX(byte* x)
+{
+    int i;
+    int carryIn = 0;
+    byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
+
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
+        int carryOut = (x[i] & 0x01) << 7;
+        x[i] = (byte) ((x[i] >> 1) | carryIn);
+        carryIn = carryOut;
+    }
+    x[0] ^= borrow;
+}
+
+/* Shift right by 4 a big-endian value in little-endian.
+ *
+ * @param [out] r8  Result of shift.
+ * @param [in]  z8  128-bit value to shift.
+ */
+static WC_INLINE void Shift4_M0(byte *r8, byte *z8)
+{
+    int i;
+    for (i = 15; i > 0; i--)
+        r8[i] = (byte)(z8[i-1] << 4) | (byte)(z8[i] >> 4);
+    r8[0] = (byte)(z8[0] >> 4);
+}
+
+/* Generate 4-bit table.
+ *
+ * @param [in, out] gcm  GCM object.
+ */
+void GenerateM0(Gcm* gcm)
+{
+    int i;
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
+
+    /* 0 times -> 0x0 */
+    XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE);
+    /* 1 times -> 0x8 */
+    memcpy16(m[0x8], gcm->H);
+    /* 2 times -> 0x4 */
+    memcpy16(m[0x4], m[0x8]);
+    RIGHTSHIFTX(m[0x4]);
+    /* 4 times -> 0x2 */
+    memcpy16(m[0x2], m[0x4]);
+    RIGHTSHIFTX(m[0x2]);
+    /* 8 times -> 0x1 */
+    memcpy16(m[0x1], m[0x2]);
+    RIGHTSHIFTX(m[0x1]);
+
+    /* 0x3 */
+    memcpy16(m[0x3], m[0x2]);
+    xorbuf16(m[0x3], m[0x1]);
+
+    /* 0x5 -> 0x7 */
+    memcpy16(m[0x5], m[0x4]);
+    xorbuf16(m[0x5], m[0x1]);
+    memcpy16(m[0x6], m[0x4]);
+    xorbuf16(m[0x6], m[0x2]);
+    memcpy16(m[0x7], m[0x4]);
+    xorbuf16(m[0x7], m[0x3]);
+
+    /* 0x9 -> 0xf */
+    memcpy16(m[0x9], m[0x8]);
+    xorbuf16(m[0x9], m[0x1]);
+    memcpy16(m[0xa], m[0x8]);
+    xorbuf16(m[0xa], m[0x2]);
+    memcpy16(m[0xb], m[0x8]);
+    xorbuf16(m[0xb], m[0x3]);
+    memcpy16(m[0xc], m[0x8]);
+    xorbuf16(m[0xc], m[0x4]);
+    memcpy16(m[0xd], m[0x8]);
+    xorbuf16(m[0xd], m[0x5]);
+    memcpy16(m[0xe], m[0x8]);
+    xorbuf16(m[0xe], m[0x6]);
+    memcpy16(m[0xf], m[0x8]);
+    xorbuf16(m[0xf], m[0x7]);
+
+    for (i = 0; i < 16; i++) {
+        Shift4_M0(m[16+i], m[i]);
+    }
+}
+#endif
+
+/* Setup the AES-GCM operation with the key.
+ *
+ * @param [in] aes  AES object.
+ * @param [in] key  Secret key to use.
+ * @param [in] ken  Length of key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes or key is NULL.
+ * @return  BAD_FUNC_ARG when the key length is not supported.
+ */
+int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
+{
+    int  ret = 0;
+    byte iv[WC_AES_BLOCK_SIZE];
+
+    if (aes == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != 16) && (len != 24) && (len != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
+    }
+    if (ret == 0) {
+        wc_AesEncrypt(aes, (byte*)aes->reg, aes->gcm.H);
+#ifdef WOLFSSL_RISCV_VECTOR_GCM
+        /* Vector crypto instructions do bit reversal. */
+#elif defined(WOLFSSL_RISCV_VECTOR_CARRYLESS)
+        /* Vector crypto instructions do bit reversal. */
+#elif defined(WOLFSSL_RISCV_CARRYLESS)
+        /* Reverse bits in aes->gcm.H. */
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+        __asm__ __volatile__ (
+            "ld          t0, 0(%[data])\n\t"
+            "ld          t1, 8(%[data])\n\t"
+            BREV8(REG_T0, REG_T0)
+            BREV8(REG_T1, REG_T1)
+            "sd          t0, 0(%[data])\n\t"
+            "sd          t1, 8(%[data])\n\t"
+        :
+        : [data] "r" (aes->gcm.H)
+        : "memory", "t0", "t1"
+        );
+#else
+        __asm__ __volatile__ (
+            "ld          t0, 0(%[data])\n\t"
+            "ld          t1, 8(%[data])\n\t"
+
+            /* Swap odd-even bits. */
+            "li          t4, 0x5555555555555555\n\t"
+            "srli        t2, t0, 1\n\t"
+            "srli        t3, t1, 1\n\t"
+            "and         t0, t0, t4\n\t"
+            "and         t1, t1, t4\n\t"
+            "and         t2, t2, t4\n\t"
+            "and         t3, t3, t4\n\t"
+            "slli        t0, t0, 1\n\t"
+            "slli        t1, t1, 1\n\t"
+            "or          t0, t0, t2\n\t"
+            "or          t1, t1, t3\n\t"
+            /* Swap pairs. */
+            "li          t4, 0x3333333333333333\n\t"
+            "srli        t2, t0, 2\n\t"
+            "srli        t3, t1, 2\n\t"
+            "and         t0, t0, t4\n\t"
+            "and         t1, t1, t4\n\t"
+            "and         t2, t2, t4\n\t"
+            "and         t3, t3, t4\n\t"
+            "slli        t0, t0, 2\n\t"
+            "slli        t1, t1, 2\n\t"
+            "or          t0, t0, t2\n\t"
+            "or          t1, t1, t3\n\t"
+            /* Swap nibbles. */
+            "li          t4, 0x0f0f0f0f0f0f0f0f\n\t"
+            "srli        t2, t0, 4\n\t"
+            "srli        t3, t1, 4\n\t"
+            "and         t0, t0, t4\n\t"
+            "and         t1, t1, t4\n\t"
+            "and         t2, t2, t4\n\t"
+            "and         t3, t3, t4\n\t"
+            "slli        t0, t0, 4\n\t"
+            "slli        t1, t1, 4\n\t"
+            "or          t0, t0, t2\n\t"
+            "or          t1, t1, t3\n\t"
+
+            "sd          t0, 0(%[data])\n\t"
+            "sd          t1, 8(%[data])\n\t"
+        :
+        : [data] "r" (aes->gcm.H)
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+        );
+#endif /* WOLFSSL_RISCV_BIT_MANIPULATION */
+#else
+        GenerateM0(&aes->gcm);
+#endif
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_GCM
+/* Encode sz in bytes into array as big-endian number of bits.
+ *
+ * @param [out] buf  Buffer to encode size into.
+ * @param [in]  sz   Size in bytes.
+ */
+static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
+{
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+    __asm__ __volatile__ (
+        /* sz is only 32-bits */
+        /* Multiply by 8 to get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   , 0(%[buf])\n\t"
+        "sb         x0   , 2(%[buf])\n\t"
+        "sb         t0   , 3(%[buf])\n\t"
+        "sb         t1   , 4(%[buf])\n\t"
+        "sb         t2   , 5(%[buf])\n\t"
+        "sb         t3   , 6(%[buf])\n\t"
+        "sb         %[sz], 7(%[buf])\n\t"
+        : [sz] "+r" (sz)
+        : [buf] "r" (buf)
+        : "memory", "t0", "t1", "t2", "t3"
+    );
+#else
+    __asm__ __volatile__ (
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[buf])\n\t"
+        :
+        : [sz] "r" (sz), [buf] "r" (buf)
+        : "memory", "t0"
+    );
+#endif
+}
+#endif
+
+#if defined(WOLFSSL_RISCV_VECTOR_GCM)
+
+/* Vector GHASH: vd = (vd ^ vs1) * vs2 */
+#define VGHSH_VV(vd, vs1, vs2)                                              \
+    ASM_WORD((0b101100 << 26) | (0b1 << 25) | (0b010 << 12) |               \
+             (0b1110111 << 0) | (vs2 << 20) | (vs1 << 15) | (vd << 7))
+/* Vector GMULT: vd = vd * vs2 */
+#define VGMUL_VV(vd, vs2)                                                   \
+    ASM_WORD((0b101000 << 26) | (0b1 << 25) | (0b010 << 12) |               \
+             (0b1110111 << 0) | (vs2 << 20) | (0b10001 << 15) | (vd << 7))
+
+/* GHASH Additional Authentication Data (AAD) and cipher text.
+ *
+ * @param [in]  gcm  GCM object.
+ * @param [in]  a    Additional Authentication Data (AAD).
+ * @param [in]  aSz  Size of AAD in bytes.
+ * @param [in]  c    Cipher text.
+ * @param [in]  cSz  Size of cipher text in bytes.
+ * @param [out] s    Hash result.
+ * @param [in]  sSz  Number of bytes to put into hash result.
+ */
+void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
+    byte* s, word32 sSz)
+{
+    if (gcm != NULL) {
+        byte x[WC_AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
+        byte* h = gcm->H;
+
+        __asm__ __volatile__ (
+            VXOR_VV(REG_V0, REG_V0, REG_V0)
+
+            /* Hash in A, the Additional Authentication Data */
+            "beqz       %[aSz], L_ghash_aad_done\n\t"
+            "beqz       %[a], L_ghash_aad_done\n\t"
+
+            "srli       t3, %[aSz], 4\n\t"
+            VSETIVLI(REG_T0, 4, 0, 0, 0b010, 0b000)
+            "mv         t0, %[h]\n\t"
+            VL1RE32_V(REG_V1, REG_T0)
+
+            "beqz       t3, L_ghash_aad_blocks_done\n\t"
+         "L_ghash_aad_loop:\n\t"
+            "mv         t0, %[a]\n\t"
+            VL1RE32_V(REG_V2, REG_T0)
+            VGHSH_VV(REG_V0, REG_V2, REG_V1)
+            "addi       %[a], %[a], 16\n\t"
+            "addi       t3, t3, -1\n\t"
+            "bnez       t3, L_ghash_aad_loop\n\t"
+         "L_ghash_aad_blocks_done:\n\t"
+            "andi       t3, %[aSz], 0xf\n\t"
+            "beqz       t3, L_ghash_aad_done\n\t"
+            VXOR_VV(REG_V2, REG_V2, REG_V2)
+            "mv         t0, %[scratch]\n\t"
+            VS1R_V(REG_V2, REG_T0)
+            "mv         t2, t3\n\t"
+         "L_ghash_aad_load_byte:\n\t"
+            "lb         t0, (%[a])\n\t"
+            "sb         t0, (%[scratch])\n\t"
+            "addi       %[a], %[a], 1\n\t"
+            "addi       %[scratch], %[scratch], 1\n\t"
+            "addi       t2, t2, -1\n\t"
+            "bnez       t2, L_ghash_aad_load_byte\n\t"
+            "sub        %[scratch], %[scratch], t3\n\t"
+            "mv         t0, %[scratch]\n\t"
+            VL1RE32_V(REG_V2, REG_T0)
+            VGHSH_VV(REG_V0, REG_V2, REG_V1)
+         "L_ghash_aad_done:\n\t"
+
+            /* Hash in C, the Ciphertext */
+            "beqz       %[cSz], L_ghash_ct_done\n\t"
+            "beqz       %[c], L_ghash_ct_done\n\t"
+
+            "srli       t3, %[cSz], 4\n\t"
+            VSETIVLI(REG_T0, 4, 0, 0, 0b010, 0b000)
+            "mv         t0, %[h]\n\t"
+            VL1RE32_V(REG_V1, REG_T0)
+
+            "beqz       t3, L_ghash_ct_blocks_done\n\t"
+         "L_ghash_ct_loop:\n\t"
+            "mv         t0, %[c]\n\t"
+            VL1RE32_V(REG_V2, REG_T0)
+            VGHSH_VV(REG_V0, REG_V2, REG_V1)
+            "addi       %[c], %[c], 16\n\t"
+            "addi       t3, t3, -1\n\t"
+            "bnez       t3, L_ghash_ct_loop\n\t"
+         "L_ghash_ct_blocks_done:\n\t"
+            "andi       t3, %[cSz], 0xf\n\t"
+            "beqz       t3, L_ghash_ct_done\n\t"
+            VXOR_VV(REG_V2, REG_V2, REG_V2)
+            "mv         t0, %[scratch]\n\t"
+            VS1R_V(REG_V2, REG_T0)
+            "mv         t2, t3\n\t"
+         "L_ghash_ct_load_byte:\n\t"
+            "lb         t0, (%[c])\n\t"
+            "sb         t0, (%[scratch])\n\t"
+            "addi       %[c], %[c], 1\n\t"
+            "addi       %[scratch], %[scratch], 1\n\t"
+            "addi       t2, t2, -1\n\t"
+            "bnez       t2, L_ghash_ct_load_byte\n\t"
+            "sub        %[scratch], %[scratch], t3\n\t"
+            "mv         t0, %[scratch]\n\t"
+            VL1RE32_V(REG_V2, REG_T0)
+            VGHSH_VV(REG_V0, REG_V2, REG_V1)
+         "L_ghash_ct_done:\n\t"
+
+            /* Hash in the lengths of A and C in bits */
+        #ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+            /* aSz is only 32-bits */
+            /* Multiply by 8 do get size in bits. */
+            "slli       %[aSz], %[aSz], 3\n\t"
+            "srli       t0, %[aSz], 32\n\t"
+            "srli       t1, %[aSz], 24\n\t"
+            "srli       t2, %[aSz], 16\n\t"
+            "srli       t3, %[aSz], 8\n\t"
+            /* Top 3 bytes are 0. */
+            "sh         x0    , 0(%[scratch])\n\t"
+            "sb         x0    , 2(%[scratch])\n\t"
+            "sb         t0    , 3(%[scratch])\n\t"
+            "sb         t1    , 4(%[scratch])\n\t"
+            "sb         t2    , 5(%[scratch])\n\t"
+            "sb         t3    , 6(%[scratch])\n\t"
+            "sb         %[aSz], 7(%[scratch])\n\t"
+            /* cSz is only 32-bits */
+            /* Multiply by 8 do get size in bits. */
+            "slli       %[cSz], %[cSz], 3\n\t"
+            "srli       t0, %[cSz], 32\n\t"
+            "srli       t1, %[cSz], 24\n\t"
+            "srli       t2, %[cSz], 16\n\t"
+            "srli       t3, %[cSz], 8\n\t"
+            /* Top 3 bytes are 0. */
+            "sh         x0    ,  8(%[scratch])\n\t"
+            "sb         x0    , 10(%[scratch])\n\t"
+            "sb         t0    , 11(%[scratch])\n\t"
+            "sb         t1    , 12(%[scratch])\n\t"
+            "sb         t2    , 13(%[scratch])\n\t"
+            "sb         t3    , 14(%[scratch])\n\t"
+            "sb         %[cSz], 15(%[scratch])\n\t"
+        #else
+            "slli       t0, %[aSz], 3\n\t"
+            REV8(REG_T0, REG_T0)
+            "sd         t0, 0(%[scratch])\n\t"
+            "slli       t0, %[cSz], 3\n\t"
+            REV8(REG_T0, REG_T0)
+            "sd         t0, 8(%[scratch])\n\t"
+        #endif
+            "mv         t0, %[scratch]\n\t"
+            VL1RE32_V(REG_V2, REG_T0)
+            VGHSH_VV(REG_V0, REG_V2, REG_V1)
+
+            "mv         t1, %[x]\n\t"
+            VS1R_V(REG_V0, REG_T1)
+
+            : [a] "+r" (a), [c] "+r" (c) , [aSz] "+r" (aSz), [cSz] "+r" (cSz)
+            : [x] "r" (x), [h] "r" (h), [scratch] "r" (scratch)
+            : "memory", "t0", "t1", "t2", "t3"
+        );
+
+        /* Copy the result into s. */
+        XMEMCPY(s, x, sSz);
+    }
+}
+
+#define HAVE_GHASH
+
+#elif defined(WOLFSSL_RISCV_VECTOR_CARRYLESS)
+
+#define VCLMUL_VV(vd, vs1, vs2) \
+    ASM_WORD((0b001100 << 26) | (0b1 << 25) | (0b010 << 12) | \
+             (0b1010111 << 0) | (vs2 << 20) | (vs1 << 15) | (vd << 7))
+#define VCLMULH_VV(vd, vs1, vs2) \
+    ASM_WORD((0b001101 << 26) | (0b1 << 25) | (0b010 << 12) | \
+             (0b1010111 << 0) | (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+/* GMULT, multiply in GF2, x and y into x.
+ *
+ * @param [in, out]  x  On in, value to GMULT.
+ *                      On out, result of GMULT.
+ * @param [in]       y  Value to GMULT.
+ */
+static void GMULT(byte* x, byte* y)
+{
+    static byte red[16] = {
+        0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    };
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000)
+
+        /* 0x87 into both 64-bit elements of v7. */
+        "mv          t1, %[red]\n\t"
+        VL1RE64_V(REG_V8, REG_T1)
+
+        "mv          t1, %[x]\n\t"
+        VL1RE64_V(REG_V0, REG_T1)
+        "mv          t0, %[y]\n\t"
+        VL1RE64_V(REG_V1, REG_T0)
+        /* Reverse x and y. */
+#ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VBREV8(REG_V0, REG_V0)
+        VBREV8(REG_V1, REG_V1)
+#else
+        VSETIVLI(REG_X0, 16, 0, 0, 0b000, 0b000)
+
+        /* Swap odd/even bits. */
+        "li          t0, 0x55\n\t"
+        VMV_V_X(REG_V4, REG_T0)
+        VSRL_VI(REG_V2, REG_V0, 1)
+        VSRL_VI(REG_V3, REG_V1, 1)
+        VAND_VV(REG_V0, REG_V0, REG_V4)
+        VAND_VV(REG_V1, REG_V1, REG_V4)
+        VAND_VV(REG_V2, REG_V2, REG_V4)
+        VAND_VV(REG_V3, REG_V3, REG_V4)
+        VSLL_VI(REG_V0, REG_V0, 1)
+        VSLL_VI(REG_V1, REG_V1, 1)
+        VOR_VV(REG_V0, REG_V0, REG_V2)
+        VOR_VV(REG_V1, REG_V1, REG_V3)
+        /* Swap pairs of bits. */
+        "li          t0, 0x33\n\t"
+        VMV_V_X(REG_V4, REG_T0)
+        VSRL_VI(REG_V2, REG_V0, 2)
+        VSRL_VI(REG_V3, REG_V1, 2)
+        VAND_VV(REG_V0, REG_V0, REG_V4)
+        VAND_VV(REG_V1, REG_V1, REG_V4)
+        VAND_VV(REG_V2, REG_V2, REG_V4)
+        VAND_VV(REG_V3, REG_V3, REG_V4)
+        VSLL_VI(REG_V0, REG_V0, 2)
+        VSLL_VI(REG_V1, REG_V1, 2)
+        VOR_VV(REG_V0, REG_V0, REG_V2)
+        VOR_VV(REG_V1, REG_V1, REG_V3)
+        /* Swap nibbles. */
+        "li          t0, 0x0f\n\t"
+        VMV_V_X(REG_V4, REG_T0)
+        VSRL_VI(REG_V2, REG_V0, 4)
+        VSRL_VI(REG_V3, REG_V1, 4)
+        VAND_VV(REG_V0, REG_V0, REG_V4)
+        VAND_VV(REG_V1, REG_V1, REG_V4)
+        VAND_VV(REG_V2, REG_V2, REG_V4)
+        VAND_VV(REG_V3, REG_V3, REG_V4)
+        VSLL_VI(REG_V0, REG_V0, 4)
+        VSLL_VI(REG_V1, REG_V1, 4)
+        VOR_VV(REG_V0, REG_V0, REG_V2)
+        VOR_VV(REG_V1, REG_V1, REG_V3)
+
+        VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000)
+#endif
+
+        /* v2 = (x[1] * y[1])[0] | (x[0] * y[0])[0]  */
+        VCLMUL_VV(REG_V2, REG_V0, REG_V1)
+        /* v3 = (x[1] * y[1])[1] | (x[0] * y[0])[1]  */
+        VCLMULH_VV(REG_V3, REG_V0, REG_V1)
+        /* V2 = R[2] | R[0], V3 = R[3] | R[1] */
+
+        /* SWAP 64-bit values from V1 into V6. V6 = V1[0] | V1[1] */
+        VSLIDEDOWN_VI(REG_V6, REG_V1, 1)
+        VSLIDEUP_VI(REG_V6, REG_V1, 1)
+        /* (x[1] * y[0])[0] | (x[0] * y[1])[0]  */
+        VCLMUL_VV(REG_V4, REG_V0, REG_V6)
+        /* (x[1] * y[0])[1] | (x[0] * y[1])[1]  */
+        VCLMULH_VV(REG_V5, REG_V0, REG_V6)
+        /* V4 = R[1] | R[1], V5 = R[2] | R[2] */
+
+        VMV_V_V(REG_V1, REG_V3)
+        VSLIDEDOWN_VI(REG_V0, REG_V2, 1)
+        VSLIDEUP_VI(REG_V1, REG_V0, 1)
+        /* V2 =  ---- | R[0], V3 = R[3] | ----, V1 = R[2] | R[1] */
+
+        VMV_V_V(REG_V6, REG_V4)
+        /* V7 = ---- | ----, V6 = ---- | R[1] */
+        VSLIDEDOWN_VI(REG_V7, REG_V4, 1)
+        /* V7 = ---- | R[1], V6 = ---- | R[1] */
+        VSLIDEUP_VI(REG_V6, REG_V5, 1)
+        /* V7 = ---- | R[1], V6 = R[2] | R[1] */
+        VSLIDEDOWN_VI(REG_V0, REG_V5, 1)
+        VSLIDEUP_VI(REG_V7, REG_V0, 1)
+        /* V7 = R[2] | R[1], V6 = R[2] | R[1] */
+        VXOR_VV(REG_V1, REG_V1, REG_V6)
+        VXOR_VV(REG_V1, REG_V1, REG_V7)
+        /* V2 =  ---- | R[0], V3 = R[3] | ----, V1 = R[2] | R[1] */
+        VSLIDEUP_VI(REG_V2, REG_V1, 1)
+        VSLIDEDOWN_VI(REG_V5, REG_V3, 1)
+        VSLIDEDOWN_VI(REG_V3, REG_V1, 1)
+        VSLIDEUP_VI(REG_V3, REG_V5, 1)
+        /* V2 =  R[1] | R[0], V3 = R[3] | R[2] */
+
+        /* Reduce */
+        /* v0 = (R[3] * 0x87)[0] | (R[2] * 0x87)[0]  */
+        VCLMUL_VV(REG_V0, REG_V3, REG_V8)
+        /* v1 = (R[3] * 0x87)[1] | (R[2] * 0x87)[1]  */
+        VCLMULH_VV(REG_V1, REG_V3, REG_V8)
+        /* V0 = r[1] | r[0], V1 = r[2] | r[1] */
+        VXOR_VV(REG_V4, REG_V4, REG_V4)
+        VXOR_VV(REG_V2, REG_V2, REG_V0)
+        VSLIDEUP_VI(REG_V4, REG_V1, 1)
+        VXOR_VV(REG_V2, REG_V2, REG_V4)
+        VSLIDEDOWN_VI(REG_V3, REG_V1, 1)
+        /* v0 = ---- | (r[2] * 0x87)[0]  */
+        VCLMUL_VV(REG_V0, REG_V3, REG_V8)
+        /* v1 = ---- | (r[2] * 0x87)[1] */
+        VCLMULH_VV(REG_V1, REG_V3, REG_V8)
+        /* V0 = ---- | r[0] , V1 = ---- | r[1] */
+        VSLIDEUP_VI(REG_V0, REG_V1, 1)
+        /* V1 = R[1] | R[0] */
+        VXOR_VV(REG_V2, REG_V2, REG_V0)
+
+        /* Reverse x. */
+#ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VBREV8(REG_V2, REG_V2)
+#else
+        VSETIVLI(REG_X0, 16, 0, 0, 0b000, 0b000)
+
+        /* Swap odd/even bits. */
+        "li          t0, 0x55\n\t"
+        VMV_V_X(REG_V4, REG_T0)
+        VSRL_VI(REG_V0, REG_V2, 1)
+        VAND_VV(REG_V2, REG_V2, REG_V4)
+        VAND_VV(REG_V0, REG_V0, REG_V4)
+        VSLL_VI(REG_V2, REG_V2, 1)
+        VOR_VV(REG_V2, REG_V2, REG_V0)
+        /* Swap pairs of bits. */
+        "li          t0, 0x33\n\t"
+        VMV_V_X(REG_V4, REG_T0)
+        VSRL_VI(REG_V0, REG_V2, 2)
+        VAND_VV(REG_V2, REG_V2, REG_V4)
+        VAND_VV(REG_V0, REG_V0, REG_V4)
+        VSLL_VI(REG_V2, REG_V2, 2)
+        VOR_VV(REG_V2, REG_V2, REG_V0)
+        /* Swap nibbles. */
+        "li          t0, 0x0f\n\t"
+        VMV_V_X(REG_V4, REG_T0)
+        VSRL_VI(REG_V0, REG_V2, 4)
+        VAND_VV(REG_V2, REG_V2, REG_V4)
+        VAND_VV(REG_V0, REG_V0, REG_V4)
+        VSLL_VI(REG_V2, REG_V2, 4)
+        VOR_VV(REG_V2, REG_V2, REG_V0)
+
+        VSETIVLI(REG_X0, 2, 0, 0, 0b011, 0b000)
+#endif
+        VS1R_V(REG_V2, REG_T1)
+        :
+        : [x] "r" (x), [y] "r" (y), [red] "r" (red)
+        : "memory", "t0", "t1", "t2"
+    );
+}
+
+/* GHASH Additional Authentication Data (AAD) and cipher text.
+ *
+ * @param [in]  gcm  GCM object.
+ * @param [in]  a    Additional Authentication Data (AAD).
+ * @param [in]  aSz  Size of AAD in bytes.
+ * @param [in]  c    Cipher text.
+ * @param [in]  cSz  Size of cipher text in bytes.
+ * @param [out] s    Hash result.
+ * @param [in]  sSz  Number of bytes to put into hash result.
+ */
+void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
+    byte* s, word32 sSz)
+{
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    word32 blocks, partial;
+    byte* h;
+
+    if (gcm == NULL) {
+        return;
+    }
+
+    h = gcm->H;
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf16(x, a);
+            GMULT(x, h);
+            a += WC_AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf16(x, scratch);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf16(x, c);
+            GMULT(x, h);
+            c += WC_AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf16(x, scratch);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf16(x, scratch);
+    GMULT(x, h);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+#define HAVE_GHASH
+
+#elif defined(WOLFSSL_RISCV_CARRYLESS)
+
+/* Bottom half of carryless-multiplication: rd = (rs1 * rs2)[0..63]. */
+#define CLMUL(rd, rs1, rs2)                                 \
+    ASM_WORD(0b00001010000000000001000000110011 |           \
+             (rd << 7) | (rs1 << 15) | (rs2 << 20))
+/* Top half of carryless-multiplication: rd = (rs1 * rs2)[64..127]. */
+#define CLMULH(rd, rs1, rs2)                                \
+    ASM_WORD(0b00001010000000000011000000110011 |           \
+             (rd << 7) | (rs1 << 15) | (rs2 << 20))
+
+/* GMULT, multiply in GF2, x and y into x.
+ *
+ * @param [in, out]  x  On in, value to GMULT.
+ *                      On out, result of GMULT.
+ * @param [in]       y  Value to GMULT.
+ */
+static void GMULT(byte* x, byte* y)
+{
+    __asm__ __volatile__ (
+        "ld         t0, 0(%[x])\n\t"
+        "ld         t1, 8(%[x])\n\t"
+        "ld         t2, 0(%[y])\n\t"
+        "ld         t3, 8(%[y])\n\t"
+        /* Load reduction value into t6 */
+        "li         t6, 0x87\n\t"
+        /* Reverse x. y was reversed in wc_AesGcmSetKey. */
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+        BREV8(REG_T0, REG_T0)
+        BREV8(REG_T1, REG_T1)
+#else
+        /* Swap odd-even bits. */
+        "li          a4, 0x5555555555555555\n\t"
+        "srli        a2, t0, 1\n\t"
+        "srli        a3, t1, 1\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 1\n\t"
+        "slli        t1, t1, 1\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap pairs. */
+        "li          a4, 0x3333333333333333\n\t"
+        "srli        a2, t0, 2\n\t"
+        "srli        a3, t1, 2\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 2\n\t"
+        "slli        t1, t1, 2\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap nibbles. */
+        "li          a4, 0x0f0f0f0f0f0f0f0f\n\t"
+        "srli        a2, t0, 4\n\t"
+        "srli        a3, t1, 4\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 4\n\t"
+        "slli        t1, t1, 4\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+#endif
+
+        /* r[0..1] = x[0] * y[0] */
+        CLMUL(REG_A2, REG_T0, REG_T2)
+        CLMULH(REG_A3, REG_T0, REG_T2)
+        /* r[2..3] = x[1] * y[1] */
+        CLMUL(REG_A4, REG_T1, REG_T3)
+        CLMULH(REG_A5, REG_T1, REG_T3)
+        /* r[1..2] ^= x[1] * y[0] */
+        CLMUL(REG_T4, REG_T1, REG_T2)
+        CLMULH(REG_T5, REG_T1, REG_T2)
+        "xor        a3, a3, t4\n\t"
+        "xor        a4, a4, t5\n\t"
+        /* r[1..2] ^= x[0] * y[1] */
+        CLMUL(REG_T4, REG_T0, REG_T3)
+        CLMULH(REG_T5, REG_T0, REG_T3)
+        "xor        a3, a3, t4\n\t"
+        "xor        a4, a4, t5\n\t"
+
+        /* Reduce */
+        CLMUL(REG_T4, REG_A5, REG_T6)
+        CLMULH(REG_T5, REG_A5, REG_T6)
+        "xor        a3, a3, t4\n\t"
+        "xor        a4, a4, t5\n\t"
+        CLMUL(REG_T4, REG_A4, REG_T6)
+        CLMULH(REG_T5, REG_A4, REG_T6)
+        "xor        t0, a2, t4\n\t"
+        "xor        t1, a3, t5\n\t"
+
+        /* Reverse x. */
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+        BREV8(REG_T0, REG_T0)
+        BREV8(REG_T1, REG_T1)
+#else
+        /* Swap odd-even bits. */
+        "li          a4, 0x5555555555555555\n\t"
+        "srli        a2, t0, 1\n\t"
+        "srli        a3, t1, 1\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 1\n\t"
+        "slli        t1, t1, 1\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap pairs. */
+        "li          a4, 0x3333333333333333\n\t"
+        "srli        a2, t0, 2\n\t"
+        "srli        a3, t1, 2\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 2\n\t"
+        "slli        t1, t1, 2\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap nibbles. */
+        "li          a4, 0x0f0f0f0f0f0f0f0f\n\t"
+        "srli        a2, t0, 4\n\t"
+        "srli        a3, t1, 4\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 4\n\t"
+        "slli        t1, t1, 4\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+#endif
+        "sd         t0, 0(%[x])\n\t"
+        "sd         t1, 8(%[x])\n\t"
+        :
+        : [x] "r" (x), [y] "r" (y)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a2", "a3", "a4", "a5"
+    );
+}
+
+/* GHASH blocks of data.
+ *
+ * @param [in, out]  x       On in, value to GMULT.
+ *                           On out, result of GMULT.
+ * @param [in]       y       Value to GMULT.
+ * @param [in]       in      Blocks of data to GHASH.
+ * @param [in]       blocks  Number of blocks to GHASH.
+ */
+static void ghash_blocks(byte* x, byte* y, const byte* in, word32 blocks)
+{
+    __asm__ __volatile__ (
+        "ld         t0, 0(%[x])\n\t"
+        "ld         t1, 8(%[x])\n\t"
+        "ld         t2, 0(%[y])\n\t"
+        "ld         t3, 8(%[y])\n\t"
+        /* Load reduction value into t6 */
+        "li         t6, 0x87\n\t"
+        /* Reverse x. y was reversed in wc_AesGcmSetKey. */
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+        BREV8(REG_T0, REG_T0)
+        BREV8(REG_T1, REG_T1)
+#else
+        /* Swap odd-even bits. */
+        "li          a4, 0x5555555555555555\n\t"
+        "srli        a2, t0, 1\n\t"
+        "srli        a3, t1, 1\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 1\n\t"
+        "slli        t1, t1, 1\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap pairs. */
+        "li          a4, 0x3333333333333333\n\t"
+        "srli        a2, t0, 2\n\t"
+        "srli        a3, t1, 2\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 2\n\t"
+        "slli        t1, t1, 2\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap nibbles. */
+        "li          a4, 0x0f0f0f0f0f0f0f0f\n\t"
+        "srli        a2, t0, 4\n\t"
+        "srli        a3, t1, 4\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 4\n\t"
+        "slli        t1, t1, 4\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+#endif
+
+    "L_ghash_loop:\n\t"
+        /* Load input block. */
+        "ld          t5, 0(%[in])\n\t"
+        "ld          a5, 8(%[in])\n\t"
+        /* Reverse bits to match x. */
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+        BREV8(REG_T5, REG_T5)
+        BREV8(REG_A5, REG_A5)
+#else
+        /* Swap odd-even bits. */
+        "li          a4, 0x5555555555555555\n\t"
+        "srli        a2, t5, 1\n\t"
+        "srli        a3, a5, 1\n\t"
+        "and         t5, t5, a4\n\t"
+        "and         a5, a5, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t5, t5, 1\n\t"
+        "slli        a5, a5, 1\n\t"
+        "or          t5, t5, a2\n\t"
+        "or          a5, a5, a3\n\t"
+        /* Swap pairs. */
+        "li          a4, 0x3333333333333333\n\t"
+        "srli        a2, t5, 2\n\t"
+        "srli        a3, a5, 2\n\t"
+        "and         t5, t5, a4\n\t"
+        "and         a5, a5, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t5, t5, 2\n\t"
+        "slli        a5, a5, 2\n\t"
+        "or          t5, t5, a2\n\t"
+        "or          a5, a5, a3\n\t"
+        /* Swap nibbles. */
+        "li          a4, 0x0f0f0f0f0f0f0f0f\n\t"
+        "srli        a2, t5, 4\n\t"
+        "srli        a3, a5, 4\n\t"
+        "and         t5, t5, a4\n\t"
+        "and         a5, a5, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t5, t5, 4\n\t"
+        "slli        a5, a5, 4\n\t"
+        "or          t5, t5, a2\n\t"
+        "or          a5, a5, a3\n\t"
+#endif
+        /* XOR input into x. */
+        "xor         t0, t0, t5\n\t"
+        "xor         t1, t1, a5\n\t"
+
+        /* r[0..1] = x[0] * y[0] */
+        CLMUL(REG_A2, REG_T0, REG_T2)
+        CLMULH(REG_A3, REG_T0, REG_T2)
+        /* r[2..3] = x[1] * y[1] */
+        CLMUL(REG_A4, REG_T1, REG_T3)
+        CLMULH(REG_A5, REG_T1, REG_T3)
+        /* r[1..2] ^= x[1] * y[0] */
+        CLMUL(REG_T4, REG_T1, REG_T2)
+        CLMULH(REG_T5, REG_T1, REG_T2)
+        "xor        a3, a3, t4\n\t"
+        "xor        a4, a4, t5\n\t"
+        /* r[1..2] ^= x[0] * y[1] */
+        CLMUL(REG_T4, REG_T0, REG_T3)
+        CLMULH(REG_T5, REG_T0, REG_T3)
+        "xor        a3, a3, t4\n\t"
+        "xor        a4, a4, t5\n\t"
+
+        /* Reduce */
+        CLMUL(REG_T4, REG_A5, REG_T6)
+        CLMULH(REG_T5, REG_A5, REG_T6)
+        "xor        a3, a3, t4\n\t"
+        "xor        a4, a4, t5\n\t"
+        CLMUL(REG_T4, REG_A4, REG_T6)
+        CLMULH(REG_T5, REG_A4, REG_T6)
+        "xor        t0, a2, t4\n\t"
+        "xor        t1, a3, t5\n\t"
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[blocks], %[blocks], -1\n\t"
+        "bnez        %[blocks], L_ghash_loop\n\t"
+
+        /* Reverse x. */
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+        BREV8(REG_T0, REG_T0)
+        BREV8(REG_T1, REG_T1)
+#else
+        /* Swap odd-even bits. */
+        "li          a4, 0x5555555555555555\n\t"
+        "srli        a2, t0, 1\n\t"
+        "srli        a3, t1, 1\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 1\n\t"
+        "slli        t1, t1, 1\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap pairs. */
+        "li          a4, 0x3333333333333333\n\t"
+        "srli        a2, t0, 2\n\t"
+        "srli        a3, t1, 2\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 2\n\t"
+        "slli        t1, t1, 2\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+        /* Swap nibbles. */
+        "li          a4, 0x0f0f0f0f0f0f0f0f\n\t"
+        "srli        a2, t0, 4\n\t"
+        "srli        a3, t1, 4\n\t"
+        "and         t0, t0, a4\n\t"
+        "and         t1, t1, a4\n\t"
+        "and         a2, a2, a4\n\t"
+        "and         a3, a3, a4\n\t"
+        "slli        t0, t0, 4\n\t"
+        "slli        t1, t1, 4\n\t"
+        "or          t0, t0, a2\n\t"
+        "or          t1, t1, a3\n\t"
+#endif
+        "sd         t0, 0(%[x])\n\t"
+        "sd         t1, 8(%[x])\n\t"
+        : [in] "+r" (in), [blocks] "+r" (blocks)
+        : [x] "r" (x), [y] "r" (y)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a2", "a3", "a4", "a5"
+    );
+}
+
+/* GHASH Additional Authentication Data (AAD) and cipher text.
+ *
+ * @param [in]  gcm  GCM object.
+ * @param [in]  a    Additional Authentication Data (AAD).
+ * @param [in]  aSz  Size of AAD in bytes.
+ * @param [in]  c    Cipher text.
+ * @param [in]  cSz  Size of cipher text in bytes.
+ * @param [out] s    Hash result.
+ * @param [in]  sSz  Number of bytes to put into hash result.
+ */
+void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
+    byte* s, word32 sSz)
+{
+    if (gcm != NULL) {
+        byte x[WC_AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
+        word32 blocks, partial;
+        byte* h = gcm->H;
+
+        XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
+
+        /* Hash in A, the Additional Authentication Data */
+        if (aSz != 0 && a != NULL) {
+            blocks = aSz / WC_AES_BLOCK_SIZE;
+            partial = aSz % WC_AES_BLOCK_SIZE;
+            if (blocks > 0) {
+                ghash_blocks(x, h, a, blocks);
+                a += blocks * WC_AES_BLOCK_SIZE;
+            }
+            if (partial != 0) {
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
+                XMEMCPY(scratch, a, partial);
+                xorbuf16(x, scratch);
+                GMULT(x, h);
+            }
+        }
+
+        /* Hash in C, the Ciphertext */
+        if (cSz != 0 && c != NULL) {
+            blocks = cSz / WC_AES_BLOCK_SIZE;
+            partial = cSz % WC_AES_BLOCK_SIZE;
+            if (blocks > 0) {
+                ghash_blocks(x, h, c, blocks);
+                c += blocks * WC_AES_BLOCK_SIZE;
+            }
+            if (partial != 0) {
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
+                XMEMCPY(scratch, c, partial);
+                xorbuf16(x, scratch);
+                GMULT(x, h);
+            }
+        }
+
+        /* Hash in the lengths of A and C in bits */
+        FlattenSzInBits(&scratch[0], aSz);
+        FlattenSzInBits(&scratch[8], cSz);
+        xorbuf16(x, scratch);
+        GMULT(x, h);
+
+        /* Copy the result into s. */
+        XMEMCPY(s, x, sSz);
+    }
+}
+
+#define HAVE_GHASH
+
+#endif /* !WOLFSSL_RISCV_VECTOR_GCM */
+
+#ifdef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+#ifdef WOLFSSL_RISCV_VECTOR_GCM
+/* START script replace AES-GCM RISC-V 64 with hardware vector crypto */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+static const word32 rev_idx[4] = {
+    0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f
+};
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+
+#ifdef WOLFSSL_AES_128
+/* Encrypt data using AES-128-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Encrypted data.
+ * @param [in]  in       Data to encrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ */
+static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* key = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (nonceSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+#ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+#endif
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+#ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+#endif
+    }
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+        /* X=0, get H */
+        VXOR_VV(REG_V18, REG_V18, REG_V18)
+        "mv         t0, %[h]\n\t"
+        VL1RE32_V(REG_V19, REG_T0)
+
+        /* Hash in AAD, the Additional Authentication Data */
+        "beqz       %[aSz], L_aes_gcm_128_encrypt_ghash_aad_done\n\t"
+        "beqz       %[aad], L_aes_gcm_128_encrypt_ghash_aad_done\n\t"
+
+        "srli       t1, %[aSz], 4\n\t"
+        "beqz       t1, L_aes_gcm_128_encrypt_ghash_aad_blocks_done\n\t"
+
+      "L_aes_gcm_128_encrypt_ghash_aad_loop:\n\t"
+        "mv         t0, %[aad]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        "addi       %[aad], %[aad], 16\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_encrypt_ghash_aad_loop\n\t"
+      "L_aes_gcm_128_encrypt_ghash_aad_blocks_done:\n\t"
+        "andi       t1, %[aSz], 0xf\n\t"
+        "beqz       t1, L_aes_gcm_128_encrypt_ghash_aad_done\n\t"
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t2, t1\n\t"
+      "L_aes_gcm_128_encrypt_ghash_aad_load_byte:\n\t"
+        "lb         t0, (%[aad])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[aad], %[aad], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_128_encrypt_ghash_aad_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t1\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+      "L_aes_gcm_128_encrypt_ghash_aad_done:\n\t"
+        /* Done Hash in AAD */
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "mv         t0, %[rev_idx]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        /* Load the counter. */
+        "mv         t0, %[ctr]\n\t"
+        VL1RE32_V(REG_V16, REG_T0)
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VSLIDEDOWN_VI(REG_V20, REG_V16, 3)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V21, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V20, REG_V21)
+#else
+        VREV8(REG_V20, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "lw         t3, 12(%[ctr])\n\t"
+        "slli       t3, t3, 32\n\t"
+        REV8(REG_T3, REG_T3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..9]. */
+        "addi       t0, t0, 128\n\t"
+        VL2RE32_V(REG_V8, REG_T0)
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V10, REG_T0)
+
+        "beqz       %[sz], L_aes_gcm_128_encrypt_blocks_done\n\t"
+        "srli       t4, %[sz], 6\n\t"
+        "beqz       t4, L_aes_gcm_128_encrypt_x4_blocks_done\n\t"
+
+        /* Calculate H^[1-4] - GMULT partials */
+        VMV_V_V(REG_V21, REG_V19)
+        VMV_V_V(REG_V22, REG_V19)
+        /* Multiply H * H => H^2 */
+        VGMUL_VV(REG_V21, REG_V19)
+        VMV_V_V(REG_V23, REG_V21)
+        /* Multiply H * H => H^3 */
+        VGMUL_VV(REG_V22, REG_V21)
+        /* Multiply H^2 * H^2 => H^4 */
+        VGMUL_VV(REG_V23, REG_V21)
+
+      "L_aes_gcm_128_encrypt_x4_block_loop:\n\t"
+        /* Calculate next 4 counters (+1-4) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VMV_V_V(REG_V24, REG_V16)
+        VMV_V_V(REG_V25, REG_V16)
+        VMV_V_V(REG_V26, REG_V16)
+        VMV_V_V(REG_V27, REG_V16)
+        VADD_VI(REG_V28, REG_V20, 1)
+        VADD_VI(REG_V29, REG_V20, 2)
+        VADD_VI(REG_V30, REG_V20, 3)
+        VADD_VI(REG_V20, REG_V20, 4)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V28)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V28, REG_V17)
+#else
+        VREV8(REG_V28, REG_V28)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V29)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V29, REG_V17)
+#else
+        VREV8(REG_V29, REG_V29)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V30)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V30, REG_V17)
+#else
+        VREV8(REG_V30, REG_V30)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V31, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V31, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "addi       t0, t3, 1\n\t"
+        VMV_V_V(REG_V24, REG_V16)
+        "addi       t1, t3, 2\n\t"
+        VMV_V_V(REG_V25, REG_V16)
+        "addi       t2, t3, 3\n\t"
+        VMV_V_V(REG_V26, REG_V16)
+        "slli       t0, t0, 32\n\t"
+        VMV_V_V(REG_V27, REG_V16)
+        "slli       t1, t1, 32\n\t"
+        "slli       t2, t2, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T2, REG_T2)
+        "addi       t3, t3, 4\n\t"
+        VMV_V_X(REG_V28, REG_T0)
+        "slli       t0, t3, 32\n\t"
+        VMV_V_X(REG_V29, REG_T1)
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V30, REG_T2)
+        VMV_V_X(REG_V31, REG_T0)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V24, REG_V28, 3)
+        VSLIDEUP_VI(REG_V25, REG_V29, 3)
+        VSLIDEUP_VI(REG_V26, REG_V30, 3)
+        VSLIDEUP_VI(REG_V27, REG_V31, 3)
+
+        VAESZ_VS(REG_V24, REG_V0)
+        VAESZ_VS(REG_V25, REG_V0)
+        VAESZ_VS(REG_V26, REG_V0)
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V24, REG_V1)
+        VAESEM_VS(REG_V24, REG_V2)
+        VAESEM_VS(REG_V24, REG_V3)
+        VAESEM_VS(REG_V24, REG_V4)
+        VAESEM_VS(REG_V24, REG_V5)
+        VAESEM_VS(REG_V24, REG_V6)
+        VAESEM_VS(REG_V24, REG_V7)
+        VAESEM_VS(REG_V24, REG_V8)
+        VAESEM_VS(REG_V24, REG_V9)
+        VAESEM_VS(REG_V25, REG_V1)
+        VAESEM_VS(REG_V25, REG_V2)
+        VAESEM_VS(REG_V25, REG_V3)
+        VAESEM_VS(REG_V25, REG_V4)
+        VAESEM_VS(REG_V25, REG_V5)
+        VAESEM_VS(REG_V25, REG_V6)
+        VAESEM_VS(REG_V25, REG_V7)
+        VAESEM_VS(REG_V25, REG_V8)
+        VAESEM_VS(REG_V25, REG_V9)
+        VAESEM_VS(REG_V26, REG_V1)
+        VAESEM_VS(REG_V26, REG_V2)
+        VAESEM_VS(REG_V26, REG_V3)
+        VAESEM_VS(REG_V26, REG_V4)
+        VAESEM_VS(REG_V26, REG_V5)
+        VAESEM_VS(REG_V26, REG_V6)
+        VAESEM_VS(REG_V26, REG_V7)
+        VAESEM_VS(REG_V26, REG_V8)
+        VAESEM_VS(REG_V26, REG_V9)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEF_VS(REG_V24, REG_V10)
+        VAESEF_VS(REG_V25, REG_V10)
+        VAESEF_VS(REG_V26, REG_V10)
+        VAESEF_VS(REG_V27, REG_V10)
+
+        /* Load input. */
+        "mv        t0, %[in]\n\t"
+        VL4RE32_V(REG_V28, REG_T0)
+        VXOR_VV(REG_V28, REG_V24, REG_V28)
+        VXOR_VV(REG_V29, REG_V25, REG_V29)
+        VXOR_VV(REG_V30, REG_V26, REG_V30)
+        VXOR_VV(REG_V31, REG_V27, REG_V31)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS4R_V(REG_V28, REG_T0)
+        VGMUL_VV(REG_V28, REG_V23)
+        VGMUL_VV(REG_V29, REG_V22)
+        VGMUL_VV(REG_V30, REG_V21)
+        VGMUL_VV(REG_V31, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V28)
+        VXOR_VV(REG_V18, REG_V18, REG_V29)
+        VXOR_VV(REG_V18, REG_V18, REG_V30)
+        VXOR_VV(REG_V18, REG_V18, REG_V31)
+        "addi        %[in], %[in], 64\n\t"
+        "addi        %[out], %[out], 64\n\t"
+        /* Loop if more elements to process. */
+        "addi       t4, t4, -1\n\t"
+        "bnez       t4, L_aes_gcm_128_encrypt_x4_block_loop\n\t"
+        "andi       %[sz], %[sz], 0x3f\n\t"
+
+      "L_aes_gcm_128_encrypt_x4_blocks_done:\n\t"
+        "srli       t2, %[sz], 4\n\t"
+        "beqz       t2, L_aes_gcm_128_encrypt_blocks_done\n\t"
+
+      "L_aes_gcm_128_encrypt_block_loop:\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEF_VS(REG_V27, REG_V10)
+
+        /* Load input. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        VGHSH_VV(REG_V18, REG_V27, REG_V19)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V27, REG_T0)
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[out], %[out], 16\n\t"
+        /* Loop if more elements to process. */
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_128_encrypt_block_loop\n\t"
+
+      "L_aes_gcm_128_encrypt_blocks_done:\n\t"
+        "andi       t2, %[sz], 0xf\n\t"
+        "beqz       t2, L_aes_gcm_128_encrypt_done\n\t"
+
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_128_encrypt_load_byte:\n\t"
+        "lb         t0, (%[in])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[in], %[in], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_encrypt_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+
+        /* Encrypt counter for partial block. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEF_VS(REG_V27, REG_V10)
+
+        /* Load scratch. */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store scratch. */
+        VS1R_V(REG_V27, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_128_encrypt_store_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[out])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[out], %[out], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_encrypt_store_byte\n\t"
+        "li         t1, 16\n\t"
+        "sub        t1, t1, t2\n\t"
+      "L_aes_gcm_128_encrypt_zero_byte:\n\t"
+        "sb         x0, (%[scratch])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_encrypt_zero_byte\n\t"
+        "addi       %[scratch], %[scratch], -16\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+      "L_aes_gcm_128_encrypt_done:\n\t"
+
+        /* Hash in the lengths of A and C in bits */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* aSz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[aSz], %[aSz], 3\n\t"
+        "srli       t0, %[aSz], 32\n\t"
+        "srli       t1, %[aSz], 24\n\t"
+        "srli       t2, %[aSz], 16\n\t"
+        "srli       t3, %[aSz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0    , 0(%[scratch])\n\t"
+        "sb         x0    , 2(%[scratch])\n\t"
+        "sb         t0    , 3(%[scratch])\n\t"
+        "sb         t1    , 4(%[scratch])\n\t"
+        "sb         t2    , 5(%[scratch])\n\t"
+        "sb         t3    , 6(%[scratch])\n\t"
+        "sb         %[aSz], 7(%[scratch])\n\t"
+        /* sz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   ,  8(%[scratch])\n\t"
+        "sb         x0   , 10(%[scratch])\n\t"
+        "sb         t0   , 11(%[scratch])\n\t"
+        "sb         t1   , 12(%[scratch])\n\t"
+        "sb         t2   , 13(%[scratch])\n\t"
+        "sb         t3   , 14(%[scratch])\n\t"
+        "sb         %[sz], 15(%[scratch])\n\t"
+#else
+        "slli       t0, %[aSz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[scratch])\n\t"
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 8(%[scratch])\n\t"
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        VAESZ_VS(REG_V16, REG_V0)
+        VAESEM_VS(REG_V16, REG_V1)
+        VAESEM_VS(REG_V16, REG_V2)
+        VAESEM_VS(REG_V16, REG_V3)
+        VAESEM_VS(REG_V16, REG_V4)
+        VAESEM_VS(REG_V16, REG_V5)
+        VAESEM_VS(REG_V16, REG_V6)
+        VAESEM_VS(REG_V16, REG_V7)
+        VAESEM_VS(REG_V16, REG_V8)
+        VAESEM_VS(REG_V16, REG_V9)
+        VAESEF_VS(REG_V16, REG_V10)
+        VXOR_VV(REG_V18, REG_V18, REG_V16)
+
+        "li         t1, 16\n\t"
+        "blt        %[tagSz], t1, L_aes_gcm_128_encrypt_tag_small\n\t"
+        "mv         t0, %[tag]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "beqz       x0, L_aes_gcm_128_encrypt_tag_done\n\t"
+      "L_aes_gcm_128_encrypt_tag_small:\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "mv         t1, %[tagSz]\n\t"
+      "L_aes_gcm_128_encrypt_store_tag_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[tag])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[tag], %[tag], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_encrypt_store_tag_byte\n\t"
+      "L_aes_gcm_128_encrypt_tag_done:\n\t"
+
+        : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key),
+          [aSz] "+r" (aadSz), [aad] "+r" (aad), [sz] "+r" (sz)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+          , [rev_idx] "r" (rev_idx)
+#endif
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+#ifdef OPENSSL_EXTRA
+    if ((tag != NULL) && (in != NULL) && (sz != 0)) {
+        /* store AAD size for next call */
+        aes->gcm.aadLen = aadSz;
+    }
+#endif
+}
+#endif /*  WOLFSSL_AES_128 */
+
+#ifdef WOLFSSL_AES_192
+/* Encrypt data using AES-192-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Encrypted data.
+ * @param [in]  in       Data to encrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ */
+static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* key = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (nonceSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+#ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+#endif
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+#ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+#endif
+    }
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+        /* X=0, get H */
+        VXOR_VV(REG_V18, REG_V18, REG_V18)
+        "mv         t0, %[h]\n\t"
+        VL1RE32_V(REG_V19, REG_T0)
+
+        /* Hash in AAD, the Additional Authentication Data */
+        "beqz       %[aSz], L_aes_gcm_192_encrypt_ghash_aad_done\n\t"
+        "beqz       %[aad], L_aes_gcm_192_encrypt_ghash_aad_done\n\t"
+
+        "srli       t1, %[aSz], 4\n\t"
+        "beqz       t1, L_aes_gcm_192_encrypt_ghash_aad_blocks_done\n\t"
+
+      "L_aes_gcm_192_encrypt_ghash_aad_loop:\n\t"
+        "mv         t0, %[aad]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        "addi       %[aad], %[aad], 16\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_encrypt_ghash_aad_loop\n\t"
+      "L_aes_gcm_192_encrypt_ghash_aad_blocks_done:\n\t"
+        "andi       t1, %[aSz], 0xf\n\t"
+        "beqz       t1, L_aes_gcm_192_encrypt_ghash_aad_done\n\t"
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t2, t1\n\t"
+      "L_aes_gcm_192_encrypt_ghash_aad_load_byte:\n\t"
+        "lb         t0, (%[aad])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[aad], %[aad], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_192_encrypt_ghash_aad_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t1\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+      "L_aes_gcm_192_encrypt_ghash_aad_done:\n\t"
+        /* Done Hash in AAD */
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "mv         t0, %[rev_idx]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        /* Load the counter. */
+        "mv         t0, %[ctr]\n\t"
+        VL1RE32_V(REG_V16, REG_T0)
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VSLIDEDOWN_VI(REG_V20, REG_V16, 3)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V21, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V20, REG_V21)
+#else
+        VREV8(REG_V20, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "lw         t3, 12(%[ctr])\n\t"
+        "slli       t3, t3, 32\n\t"
+        REV8(REG_T3, REG_T3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..11]. */
+        "addi       t0, t0, 128\n\t"
+        VL4RE32_V(REG_V8, REG_T0)
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V12, REG_T0)
+
+        "beqz       %[sz], L_aes_gcm_192_encrypt_blocks_done\n\t"
+        "srli       t4, %[sz], 6\n\t"
+        "beqz       t4, L_aes_gcm_192_encrypt_x4_blocks_done\n\t"
+
+        /* Calculate H^[1-4] - GMULT partials */
+        VMV_V_V(REG_V21, REG_V19)
+        VMV_V_V(REG_V22, REG_V19)
+        /* Multiply H * H => H^2 */
+        VGMUL_VV(REG_V21, REG_V19)
+        VMV_V_V(REG_V23, REG_V21)
+        /* Multiply H * H => H^3 */
+        VGMUL_VV(REG_V22, REG_V21)
+        /* Multiply H^2 * H^2 => H^4 */
+        VGMUL_VV(REG_V23, REG_V21)
+
+      "L_aes_gcm_192_encrypt_x4_block_loop:\n\t"
+        /* Calculate next 4 counters (+1-4) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VMV_V_V(REG_V24, REG_V16)
+        VMV_V_V(REG_V25, REG_V16)
+        VMV_V_V(REG_V26, REG_V16)
+        VMV_V_V(REG_V27, REG_V16)
+        VADD_VI(REG_V28, REG_V20, 1)
+        VADD_VI(REG_V29, REG_V20, 2)
+        VADD_VI(REG_V30, REG_V20, 3)
+        VADD_VI(REG_V20, REG_V20, 4)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V28)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V28, REG_V17)
+#else
+        VREV8(REG_V28, REG_V28)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V29)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V29, REG_V17)
+#else
+        VREV8(REG_V29, REG_V29)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V30)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V30, REG_V17)
+#else
+        VREV8(REG_V30, REG_V30)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V31, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V31, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "addi       t0, t3, 1\n\t"
+        VMV_V_V(REG_V24, REG_V16)
+        "addi       t1, t3, 2\n\t"
+        VMV_V_V(REG_V25, REG_V16)
+        "addi       t2, t3, 3\n\t"
+        VMV_V_V(REG_V26, REG_V16)
+        "slli       t0, t0, 32\n\t"
+        VMV_V_V(REG_V27, REG_V16)
+        "slli       t1, t1, 32\n\t"
+        "slli       t2, t2, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T2, REG_T2)
+        "addi       t3, t3, 4\n\t"
+        VMV_V_X(REG_V28, REG_T0)
+        "slli       t0, t3, 32\n\t"
+        VMV_V_X(REG_V29, REG_T1)
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V30, REG_T2)
+        VMV_V_X(REG_V31, REG_T0)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V24, REG_V28, 3)
+        VSLIDEUP_VI(REG_V25, REG_V29, 3)
+        VSLIDEUP_VI(REG_V26, REG_V30, 3)
+        VSLIDEUP_VI(REG_V27, REG_V31, 3)
+
+        VAESZ_VS(REG_V24, REG_V0)
+        VAESZ_VS(REG_V25, REG_V0)
+        VAESZ_VS(REG_V26, REG_V0)
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V24, REG_V1)
+        VAESEM_VS(REG_V24, REG_V2)
+        VAESEM_VS(REG_V24, REG_V3)
+        VAESEM_VS(REG_V24, REG_V4)
+        VAESEM_VS(REG_V24, REG_V5)
+        VAESEM_VS(REG_V24, REG_V6)
+        VAESEM_VS(REG_V24, REG_V7)
+        VAESEM_VS(REG_V24, REG_V8)
+        VAESEM_VS(REG_V24, REG_V9)
+        VAESEM_VS(REG_V24, REG_V10)
+        VAESEM_VS(REG_V24, REG_V11)
+        VAESEM_VS(REG_V25, REG_V1)
+        VAESEM_VS(REG_V25, REG_V2)
+        VAESEM_VS(REG_V25, REG_V3)
+        VAESEM_VS(REG_V25, REG_V4)
+        VAESEM_VS(REG_V25, REG_V5)
+        VAESEM_VS(REG_V25, REG_V6)
+        VAESEM_VS(REG_V25, REG_V7)
+        VAESEM_VS(REG_V25, REG_V8)
+        VAESEM_VS(REG_V25, REG_V9)
+        VAESEM_VS(REG_V25, REG_V10)
+        VAESEM_VS(REG_V25, REG_V11)
+        VAESEM_VS(REG_V26, REG_V1)
+        VAESEM_VS(REG_V26, REG_V2)
+        VAESEM_VS(REG_V26, REG_V3)
+        VAESEM_VS(REG_V26, REG_V4)
+        VAESEM_VS(REG_V26, REG_V5)
+        VAESEM_VS(REG_V26, REG_V6)
+        VAESEM_VS(REG_V26, REG_V7)
+        VAESEM_VS(REG_V26, REG_V8)
+        VAESEM_VS(REG_V26, REG_V9)
+        VAESEM_VS(REG_V26, REG_V10)
+        VAESEM_VS(REG_V26, REG_V11)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEF_VS(REG_V24, REG_V12)
+        VAESEF_VS(REG_V25, REG_V12)
+        VAESEF_VS(REG_V26, REG_V12)
+        VAESEF_VS(REG_V27, REG_V12)
+
+        /* Load input. */
+        "mv        t0, %[in]\n\t"
+        VL4RE32_V(REG_V28, REG_T0)
+        VXOR_VV(REG_V28, REG_V24, REG_V28)
+        VXOR_VV(REG_V29, REG_V25, REG_V29)
+        VXOR_VV(REG_V30, REG_V26, REG_V30)
+        VXOR_VV(REG_V31, REG_V27, REG_V31)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS4R_V(REG_V28, REG_T0)
+        VGMUL_VV(REG_V28, REG_V23)
+        VGMUL_VV(REG_V29, REG_V22)
+        VGMUL_VV(REG_V30, REG_V21)
+        VGMUL_VV(REG_V31, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V28)
+        VXOR_VV(REG_V18, REG_V18, REG_V29)
+        VXOR_VV(REG_V18, REG_V18, REG_V30)
+        VXOR_VV(REG_V18, REG_V18, REG_V31)
+        "addi        %[in], %[in], 64\n\t"
+        "addi        %[out], %[out], 64\n\t"
+        /* Loop if more elements to process. */
+        "addi       t4, t4, -1\n\t"
+        "bnez       t4, L_aes_gcm_192_encrypt_x4_block_loop\n\t"
+        "andi       %[sz], %[sz], 0x3f\n\t"
+
+      "L_aes_gcm_192_encrypt_x4_blocks_done:\n\t"
+        "srli       t2, %[sz], 4\n\t"
+        "beqz       t2, L_aes_gcm_192_encrypt_blocks_done\n\t"
+
+      "L_aes_gcm_192_encrypt_block_loop:\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEF_VS(REG_V27, REG_V12)
+
+        /* Load input. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        VGHSH_VV(REG_V18, REG_V27, REG_V19)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V27, REG_T0)
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[out], %[out], 16\n\t"
+        /* Loop if more elements to process. */
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_192_encrypt_block_loop\n\t"
+
+      "L_aes_gcm_192_encrypt_blocks_done:\n\t"
+        "andi       t2, %[sz], 0xf\n\t"
+        "beqz       t2, L_aes_gcm_192_encrypt_done\n\t"
+
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_192_encrypt_load_byte:\n\t"
+        "lb         t0, (%[in])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[in], %[in], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_encrypt_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+
+        /* Encrypt counter for partial block. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEF_VS(REG_V27, REG_V12)
+
+        /* Load scratch. */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store scratch. */
+        VS1R_V(REG_V27, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_192_encrypt_store_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[out])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[out], %[out], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_encrypt_store_byte\n\t"
+        "li         t1, 16\n\t"
+        "sub        t1, t1, t2\n\t"
+      "L_aes_gcm_192_encrypt_zero_byte:\n\t"
+        "sb         x0, (%[scratch])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_encrypt_zero_byte\n\t"
+        "addi       %[scratch], %[scratch], -16\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+      "L_aes_gcm_192_encrypt_done:\n\t"
+
+        /* Hash in the lengths of A and C in bits */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* aSz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[aSz], %[aSz], 3\n\t"
+        "srli       t0, %[aSz], 32\n\t"
+        "srli       t1, %[aSz], 24\n\t"
+        "srli       t2, %[aSz], 16\n\t"
+        "srli       t3, %[aSz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0    , 0(%[scratch])\n\t"
+        "sb         x0    , 2(%[scratch])\n\t"
+        "sb         t0    , 3(%[scratch])\n\t"
+        "sb         t1    , 4(%[scratch])\n\t"
+        "sb         t2    , 5(%[scratch])\n\t"
+        "sb         t3    , 6(%[scratch])\n\t"
+        "sb         %[aSz], 7(%[scratch])\n\t"
+        /* sz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   ,  8(%[scratch])\n\t"
+        "sb         x0   , 10(%[scratch])\n\t"
+        "sb         t0   , 11(%[scratch])\n\t"
+        "sb         t1   , 12(%[scratch])\n\t"
+        "sb         t2   , 13(%[scratch])\n\t"
+        "sb         t3   , 14(%[scratch])\n\t"
+        "sb         %[sz], 15(%[scratch])\n\t"
+#else
+        "slli       t0, %[aSz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[scratch])\n\t"
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 8(%[scratch])\n\t"
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        VAESZ_VS(REG_V16, REG_V0)
+        VAESEM_VS(REG_V16, REG_V1)
+        VAESEM_VS(REG_V16, REG_V2)
+        VAESEM_VS(REG_V16, REG_V3)
+        VAESEM_VS(REG_V16, REG_V4)
+        VAESEM_VS(REG_V16, REG_V5)
+        VAESEM_VS(REG_V16, REG_V6)
+        VAESEM_VS(REG_V16, REG_V7)
+        VAESEM_VS(REG_V16, REG_V8)
+        VAESEM_VS(REG_V16, REG_V9)
+        VAESEM_VS(REG_V16, REG_V10)
+        VAESEM_VS(REG_V16, REG_V11)
+        VAESEF_VS(REG_V16, REG_V12)
+        VXOR_VV(REG_V18, REG_V18, REG_V16)
+
+        "li         t1, 16\n\t"
+        "blt        %[tagSz], t1, L_aes_gcm_192_encrypt_tag_small\n\t"
+        "mv         t0, %[tag]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "beqz       x0, L_aes_gcm_192_encrypt_tag_done\n\t"
+      "L_aes_gcm_192_encrypt_tag_small:\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "mv         t1, %[tagSz]\n\t"
+      "L_aes_gcm_192_encrypt_store_tag_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[tag])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[tag], %[tag], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_encrypt_store_tag_byte\n\t"
+      "L_aes_gcm_192_encrypt_tag_done:\n\t"
+
+        : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key),
+          [aSz] "+r" (aadSz), [aad] "+r" (aad), [sz] "+r" (sz)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+          , [rev_idx] "r" (rev_idx)
+#endif
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+#ifdef OPENSSL_EXTRA
+    if ((tag != NULL) && (in != NULL) && (sz != 0)) {
+        /* store AAD size for next call */
+        aes->gcm.aadLen = aadSz;
+    }
+#endif
+}
+#endif /*  WOLFSSL_AES_192 */
+
+#ifdef WOLFSSL_AES_256
+/* Encrypt data using AES-256-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Encrypted data.
+ * @param [in]  in       Data to encrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ */
+static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* key = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (nonceSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+#ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+#endif
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+#ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+#endif
+    }
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+        /* X=0, get H */
+        VXOR_VV(REG_V18, REG_V18, REG_V18)
+        "mv         t0, %[h]\n\t"
+        VL1RE32_V(REG_V19, REG_T0)
+
+        /* Hash in AAD, the Additional Authentication Data */
+        "beqz       %[aSz], L_aes_gcm_256_encrypt_ghash_aad_done\n\t"
+        "beqz       %[aad], L_aes_gcm_256_encrypt_ghash_aad_done\n\t"
+
+        "srli       t1, %[aSz], 4\n\t"
+        "beqz       t1, L_aes_gcm_256_encrypt_ghash_aad_blocks_done\n\t"
+
+      "L_aes_gcm_256_encrypt_ghash_aad_loop:\n\t"
+        "mv         t0, %[aad]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        "addi       %[aad], %[aad], 16\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_encrypt_ghash_aad_loop\n\t"
+      "L_aes_gcm_256_encrypt_ghash_aad_blocks_done:\n\t"
+        "andi       t1, %[aSz], 0xf\n\t"
+        "beqz       t1, L_aes_gcm_256_encrypt_ghash_aad_done\n\t"
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t2, t1\n\t"
+      "L_aes_gcm_256_encrypt_ghash_aad_load_byte:\n\t"
+        "lb         t0, (%[aad])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[aad], %[aad], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_256_encrypt_ghash_aad_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t1\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+      "L_aes_gcm_256_encrypt_ghash_aad_done:\n\t"
+        /* Done Hash in AAD */
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "mv         t0, %[rev_idx]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        /* Load the counter. */
+        "mv         t0, %[ctr]\n\t"
+        VL1RE32_V(REG_V16, REG_T0)
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VSLIDEDOWN_VI(REG_V20, REG_V16, 3)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V21, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V20, REG_V21)
+#else
+        VREV8(REG_V20, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "lw         t3, 12(%[ctr])\n\t"
+        "slli       t3, t3, 32\n\t"
+        REV8(REG_T3, REG_T3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..11]. */
+        "addi       t0, t0, 128\n\t"
+        VL4RE32_V(REG_V8, REG_T0)
+        /* Load key[12..13]. */
+        "addi       t0, t0, 64\n\t"
+        VL2RE32_V(REG_V12, REG_T0)
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V14, REG_T0)
+
+        "beqz       %[sz], L_aes_gcm_256_encrypt_blocks_done\n\t"
+        "srli       t4, %[sz], 6\n\t"
+        "beqz       t4, L_aes_gcm_256_encrypt_x4_blocks_done\n\t"
+
+        /* Calculate H^[1-4] - GMULT partials */
+        VMV_V_V(REG_V21, REG_V19)
+        VMV_V_V(REG_V22, REG_V19)
+        /* Multiply H * H => H^2 */
+        VGMUL_VV(REG_V21, REG_V19)
+        VMV_V_V(REG_V23, REG_V21)
+        /* Multiply H * H => H^3 */
+        VGMUL_VV(REG_V22, REG_V21)
+        /* Multiply H^2 * H^2 => H^4 */
+        VGMUL_VV(REG_V23, REG_V21)
+
+      "L_aes_gcm_256_encrypt_x4_block_loop:\n\t"
+        /* Calculate next 4 counters (+1-4) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VMV_V_V(REG_V24, REG_V16)
+        VMV_V_V(REG_V25, REG_V16)
+        VMV_V_V(REG_V26, REG_V16)
+        VMV_V_V(REG_V27, REG_V16)
+        VADD_VI(REG_V28, REG_V20, 1)
+        VADD_VI(REG_V29, REG_V20, 2)
+        VADD_VI(REG_V30, REG_V20, 3)
+        VADD_VI(REG_V20, REG_V20, 4)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V28)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V28, REG_V17)
+#else
+        VREV8(REG_V28, REG_V28)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V29)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V29, REG_V17)
+#else
+        VREV8(REG_V29, REG_V29)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V30)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V30, REG_V17)
+#else
+        VREV8(REG_V30, REG_V30)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V31, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V31, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "addi       t0, t3, 1\n\t"
+        VMV_V_V(REG_V24, REG_V16)
+        "addi       t1, t3, 2\n\t"
+        VMV_V_V(REG_V25, REG_V16)
+        "addi       t2, t3, 3\n\t"
+        VMV_V_V(REG_V26, REG_V16)
+        "slli       t0, t0, 32\n\t"
+        VMV_V_V(REG_V27, REG_V16)
+        "slli       t1, t1, 32\n\t"
+        "slli       t2, t2, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T2, REG_T2)
+        "addi       t3, t3, 4\n\t"
+        VMV_V_X(REG_V28, REG_T0)
+        "slli       t0, t3, 32\n\t"
+        VMV_V_X(REG_V29, REG_T1)
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V30, REG_T2)
+        VMV_V_X(REG_V31, REG_T0)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V24, REG_V28, 3)
+        VSLIDEUP_VI(REG_V25, REG_V29, 3)
+        VSLIDEUP_VI(REG_V26, REG_V30, 3)
+        VSLIDEUP_VI(REG_V27, REG_V31, 3)
+
+        VAESZ_VS(REG_V24, REG_V0)
+        VAESZ_VS(REG_V25, REG_V0)
+        VAESZ_VS(REG_V26, REG_V0)
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V24, REG_V1)
+        VAESEM_VS(REG_V24, REG_V2)
+        VAESEM_VS(REG_V24, REG_V3)
+        VAESEM_VS(REG_V24, REG_V4)
+        VAESEM_VS(REG_V24, REG_V5)
+        VAESEM_VS(REG_V24, REG_V6)
+        VAESEM_VS(REG_V24, REG_V7)
+        VAESEM_VS(REG_V24, REG_V8)
+        VAESEM_VS(REG_V24, REG_V9)
+        VAESEM_VS(REG_V24, REG_V10)
+        VAESEM_VS(REG_V24, REG_V11)
+        VAESEM_VS(REG_V24, REG_V12)
+        VAESEM_VS(REG_V24, REG_V13)
+        VAESEM_VS(REG_V25, REG_V1)
+        VAESEM_VS(REG_V25, REG_V2)
+        VAESEM_VS(REG_V25, REG_V3)
+        VAESEM_VS(REG_V25, REG_V4)
+        VAESEM_VS(REG_V25, REG_V5)
+        VAESEM_VS(REG_V25, REG_V6)
+        VAESEM_VS(REG_V25, REG_V7)
+        VAESEM_VS(REG_V25, REG_V8)
+        VAESEM_VS(REG_V25, REG_V9)
+        VAESEM_VS(REG_V25, REG_V10)
+        VAESEM_VS(REG_V25, REG_V11)
+        VAESEM_VS(REG_V25, REG_V12)
+        VAESEM_VS(REG_V25, REG_V13)
+        VAESEM_VS(REG_V26, REG_V1)
+        VAESEM_VS(REG_V26, REG_V2)
+        VAESEM_VS(REG_V26, REG_V3)
+        VAESEM_VS(REG_V26, REG_V4)
+        VAESEM_VS(REG_V26, REG_V5)
+        VAESEM_VS(REG_V26, REG_V6)
+        VAESEM_VS(REG_V26, REG_V7)
+        VAESEM_VS(REG_V26, REG_V8)
+        VAESEM_VS(REG_V26, REG_V9)
+        VAESEM_VS(REG_V26, REG_V10)
+        VAESEM_VS(REG_V26, REG_V11)
+        VAESEM_VS(REG_V26, REG_V12)
+        VAESEM_VS(REG_V26, REG_V13)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEM_VS(REG_V27, REG_V12)
+        VAESEM_VS(REG_V27, REG_V13)
+        VAESEF_VS(REG_V24, REG_V14)
+        VAESEF_VS(REG_V25, REG_V14)
+        VAESEF_VS(REG_V26, REG_V14)
+        VAESEF_VS(REG_V27, REG_V14)
+
+        /* Load input. */
+        "mv        t0, %[in]\n\t"
+        VL4RE32_V(REG_V28, REG_T0)
+        VXOR_VV(REG_V28, REG_V24, REG_V28)
+        VXOR_VV(REG_V29, REG_V25, REG_V29)
+        VXOR_VV(REG_V30, REG_V26, REG_V30)
+        VXOR_VV(REG_V31, REG_V27, REG_V31)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS4R_V(REG_V28, REG_T0)
+        VGMUL_VV(REG_V28, REG_V23)
+        VGMUL_VV(REG_V29, REG_V22)
+        VGMUL_VV(REG_V30, REG_V21)
+        VGMUL_VV(REG_V31, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V28)
+        VXOR_VV(REG_V18, REG_V18, REG_V29)
+        VXOR_VV(REG_V18, REG_V18, REG_V30)
+        VXOR_VV(REG_V18, REG_V18, REG_V31)
+        "addi        %[in], %[in], 64\n\t"
+        "addi        %[out], %[out], 64\n\t"
+        /* Loop if more elements to process. */
+        "addi       t4, t4, -1\n\t"
+        "bnez       t4, L_aes_gcm_256_encrypt_x4_block_loop\n\t"
+        "andi       %[sz], %[sz], 0x3f\n\t"
+
+      "L_aes_gcm_256_encrypt_x4_blocks_done:\n\t"
+        "srli       t2, %[sz], 4\n\t"
+        "beqz       t2, L_aes_gcm_256_encrypt_blocks_done\n\t"
+
+      "L_aes_gcm_256_encrypt_block_loop:\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEM_VS(REG_V27, REG_V12)
+        VAESEM_VS(REG_V27, REG_V13)
+        VAESEF_VS(REG_V27, REG_V14)
+
+        /* Load input. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        VGHSH_VV(REG_V18, REG_V27, REG_V19)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V27, REG_T0)
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[out], %[out], 16\n\t"
+        /* Loop if more elements to process. */
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_256_encrypt_block_loop\n\t"
+
+      "L_aes_gcm_256_encrypt_blocks_done:\n\t"
+        "andi       t2, %[sz], 0xf\n\t"
+        "beqz       t2, L_aes_gcm_256_encrypt_done\n\t"
+
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_256_encrypt_load_byte:\n\t"
+        "lb         t0, (%[in])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[in], %[in], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_encrypt_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+
+        /* Encrypt counter for partial block. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEM_VS(REG_V27, REG_V12)
+        VAESEM_VS(REG_V27, REG_V13)
+        VAESEF_VS(REG_V27, REG_V14)
+
+        /* Load scratch. */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store scratch. */
+        VS1R_V(REG_V27, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_256_encrypt_store_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[out])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[out], %[out], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_encrypt_store_byte\n\t"
+        "li         t1, 16\n\t"
+        "sub        t1, t1, t2\n\t"
+      "L_aes_gcm_256_encrypt_zero_byte:\n\t"
+        "sb         x0, (%[scratch])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_encrypt_zero_byte\n\t"
+        "addi       %[scratch], %[scratch], -16\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+      "L_aes_gcm_256_encrypt_done:\n\t"
+
+        /* Hash in the lengths of A and C in bits */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* aSz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[aSz], %[aSz], 3\n\t"
+        "srli       t0, %[aSz], 32\n\t"
+        "srli       t1, %[aSz], 24\n\t"
+        "srli       t2, %[aSz], 16\n\t"
+        "srli       t3, %[aSz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0    , 0(%[scratch])\n\t"
+        "sb         x0    , 2(%[scratch])\n\t"
+        "sb         t0    , 3(%[scratch])\n\t"
+        "sb         t1    , 4(%[scratch])\n\t"
+        "sb         t2    , 5(%[scratch])\n\t"
+        "sb         t3    , 6(%[scratch])\n\t"
+        "sb         %[aSz], 7(%[scratch])\n\t"
+        /* sz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   ,  8(%[scratch])\n\t"
+        "sb         x0   , 10(%[scratch])\n\t"
+        "sb         t0   , 11(%[scratch])\n\t"
+        "sb         t1   , 12(%[scratch])\n\t"
+        "sb         t2   , 13(%[scratch])\n\t"
+        "sb         t3   , 14(%[scratch])\n\t"
+        "sb         %[sz], 15(%[scratch])\n\t"
+#else
+        "slli       t0, %[aSz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[scratch])\n\t"
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 8(%[scratch])\n\t"
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        VAESZ_VS(REG_V16, REG_V0)
+        VAESEM_VS(REG_V16, REG_V1)
+        VAESEM_VS(REG_V16, REG_V2)
+        VAESEM_VS(REG_V16, REG_V3)
+        VAESEM_VS(REG_V16, REG_V4)
+        VAESEM_VS(REG_V16, REG_V5)
+        VAESEM_VS(REG_V16, REG_V6)
+        VAESEM_VS(REG_V16, REG_V7)
+        VAESEM_VS(REG_V16, REG_V8)
+        VAESEM_VS(REG_V16, REG_V9)
+        VAESEM_VS(REG_V16, REG_V10)
+        VAESEM_VS(REG_V16, REG_V11)
+        VAESEM_VS(REG_V16, REG_V12)
+        VAESEM_VS(REG_V16, REG_V13)
+        VAESEF_VS(REG_V16, REG_V14)
+        VXOR_VV(REG_V18, REG_V18, REG_V16)
+
+        "li         t1, 16\n\t"
+        "blt        %[tagSz], t1, L_aes_gcm_256_encrypt_tag_small\n\t"
+        "mv         t0, %[tag]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "beqz       x0, L_aes_gcm_256_encrypt_tag_done\n\t"
+      "L_aes_gcm_256_encrypt_tag_small:\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "mv         t1, %[tagSz]\n\t"
+      "L_aes_gcm_256_encrypt_store_tag_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[tag])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[tag], %[tag], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_encrypt_store_tag_byte\n\t"
+      "L_aes_gcm_256_encrypt_tag_done:\n\t"
+
+        : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key),
+          [aSz] "+r" (aadSz), [aad] "+r" (aad), [sz] "+r" (sz)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+          , [rev_idx] "r" (rev_idx)
+#endif
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+#ifdef OPENSSL_EXTRA
+    if ((tag != NULL) && (in != NULL) && (sz != 0)) {
+        /* store AAD size for next call */
+        aes->gcm.aadLen = aadSz;
+    }
+#endif
+}
+#endif /*  WOLFSSL_AES_256 */
+
+/* Encrypt data using AES-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Encrypted data.
+ * @param [in]  in       Data to encrypt.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, nonce or tag is NULL.
+ * @return  BAD_FUNC_ARG when nonceSz is zero.
+ * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
+ * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
+ *          greater than WC_AES_BLOCK_SIZE.
+ * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
+ */
+int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz, const byte* aad,
+    word32 aadSz)
+{
+    int ret = 0;
+
+    /* sanity checks */
+    if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) ||
+            ((aad == NULL) && (aadSz > 0)) || ((sz != 0) && ((in == NULL) ||
+            (out == NULL)))) {
+        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && ((tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
+            (tagSz > WC_AES_BLOCK_SIZE))) {
+        WOLFSSL_MSG("GcmEncrypt tagSz error");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (aes->rounds) {
+        #ifdef WOLFSSL_AES_128
+            case 10:
+                Aes128GcmEncrypt(aes, out, in, sz, nonce, nonceSz, tag, tagSz,
+                    aad, aadSz);
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_192
+            case 12:
+                Aes192GcmEncrypt(aes, out, in, sz, nonce, nonceSz, tag, tagSz,
+                    aad, aadSz);
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_256
+            case 14:
+                Aes256GcmEncrypt(aes, out, in, sz, nonce, nonceSz, tag, tagSz,
+                    aad, aadSz);
+                break;
+        #endif
+            default:
+                WOLFSSL_MSG("AES-GCM invalid round number");
+                ret = BAD_FUNC_ARG;
+        }
+    }
+
+    return ret;
+}
+
+
+#ifdef HAVE_AES_DECRYPT
+
+#ifdef WOLFSSL_AES_128
+/* Decrypt data using AES-128-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Decrypted data.
+ * @param [in]  in       Data to decrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
+ *          tag passed in.
+ */
+static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    int ret = 0;
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* key = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (nonceSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+#ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+#endif
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+#ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+#endif
+    }
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+        /* X=0, get H */
+        VXOR_VV(REG_V18, REG_V18, REG_V18)
+        "mv         t0, %[h]\n\t"
+        VL1RE32_V(REG_V19, REG_T0)
+
+        /* Hash in AAD, the Additional Authentication Data */
+        "beqz       %[aSz], L_aes_gcm_128_decrypt_ghash_aad_done\n\t"
+        "beqz       %[aad], L_aes_gcm_128_decrypt_ghash_aad_done\n\t"
+
+        "srli       t1, %[aSz], 4\n\t"
+        "beqz       t1, L_aes_gcm_128_decrypt_ghash_aad_blocks_done\n\t"
+
+      "L_aes_gcm_128_decrypt_ghash_aad_loop:\n\t"
+        "mv         t0, %[aad]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        "addi       %[aad], %[aad], 16\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_decrypt_ghash_aad_loop\n\t"
+      "L_aes_gcm_128_decrypt_ghash_aad_blocks_done:\n\t"
+        "andi       t1, %[aSz], 0xf\n\t"
+        "beqz       t1, L_aes_gcm_128_decrypt_ghash_aad_done\n\t"
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t2, t1\n\t"
+      "L_aes_gcm_128_decrypt_ghash_aad_load_byte:\n\t"
+        "lb         t0, (%[aad])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[aad], %[aad], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_128_decrypt_ghash_aad_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t1\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+      "L_aes_gcm_128_decrypt_ghash_aad_done:\n\t"
+        /* Done Hash in AAD */
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "mv         t0, %[rev_idx]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        /* Load the counter. */
+        "mv         t0, %[ctr]\n\t"
+        VL1RE32_V(REG_V16, REG_T0)
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VSLIDEDOWN_VI(REG_V20, REG_V16, 3)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V21, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V20, REG_V21)
+#else
+        VREV8(REG_V20, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "lw         t3, 12(%[ctr])\n\t"
+        "slli       t3, t3, 32\n\t"
+        REV8(REG_T3, REG_T3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..9]. */
+        "addi       t0, t0, 128\n\t"
+        VL2RE32_V(REG_V8, REG_T0)
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V10, REG_T0)
+
+        "beqz       %[sz], L_aes_gcm_128_decrypt_blocks_done\n\t"
+        "srli       t4, %[sz], 6\n\t"
+        "beqz       t4, L_aes_gcm_128_decrypt_x4_blocks_done\n\t"
+
+        /* Calculate H^[1-4] - GMULT partials */
+        VMV_V_V(REG_V21, REG_V19)
+        VMV_V_V(REG_V22, REG_V19)
+        /* Multiply H * H => H^2 */
+        VGMUL_VV(REG_V21, REG_V19)
+        VMV_V_V(REG_V23, REG_V21)
+        /* Multiply H * H => H^3 */
+        VGMUL_VV(REG_V22, REG_V21)
+        /* Multiply H^2 * H^2 => H^4 */
+        VGMUL_VV(REG_V23, REG_V21)
+
+      "L_aes_gcm_128_decrypt_x4_block_loop:\n\t"
+        /* Load input. */
+        "mv        t0, %[in]\n\t"
+        VL4RE32_V(REG_V28, REG_T0)
+        VMVR_V(REG_V24, REG_V28, 4)
+        VGMUL_VV(REG_V24, REG_V23)
+        VGMUL_VV(REG_V25, REG_V22)
+        VGMUL_VV(REG_V26, REG_V21)
+        VGMUL_VV(REG_V27, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V24)
+        VXOR_VV(REG_V18, REG_V18, REG_V25)
+        VXOR_VV(REG_V18, REG_V18, REG_V26)
+        VXOR_VV(REG_V18, REG_V18, REG_V27)
+        /* Calculate next 4 counters (+1-4) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V24, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V24, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V25, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V25, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V26, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V26, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V27, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t0, t3, 1\n\t"
+        VMV_V_V(REG_V24, REG_V16)
+        "addi       t1, t3, 2\n\t"
+        VMV_V_V(REG_V25, REG_V16)
+        "slli       t0, t0, 32\n\t"
+        VMV_V_V(REG_V26, REG_V16)
+        "slli       t1, t1, 32\n\t"
+        VMV_V_V(REG_V27, REG_V16)
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        VMV_V_X(REG_V20, REG_T0)
+        "addi       t0, t3, 3\n\t"
+        VSLIDEUP_VI(REG_V24, REG_V20, 3)
+        "addi       t3, t3, 4\n\t"
+        VMV_V_X(REG_V20, REG_T1)
+        "slli       t0, t0, 32\n\t"
+        VSLIDEUP_VI(REG_V25, REG_V20, 3)
+        "slli       t1, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        VMV_V_X(REG_V20, REG_T0)
+        VSLIDEUP_VI(REG_V26, REG_V20, 3)
+        VMV_V_X(REG_V20, REG_T1)
+        VSLIDEUP_VI(REG_V27, REG_V20, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V24, REG_V0)
+        VAESZ_VS(REG_V25, REG_V0)
+        VAESZ_VS(REG_V26, REG_V0)
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V24, REG_V1)
+        VAESEM_VS(REG_V24, REG_V2)
+        VAESEM_VS(REG_V24, REG_V3)
+        VAESEM_VS(REG_V24, REG_V4)
+        VAESEM_VS(REG_V24, REG_V5)
+        VAESEM_VS(REG_V24, REG_V6)
+        VAESEM_VS(REG_V24, REG_V7)
+        VAESEM_VS(REG_V24, REG_V8)
+        VAESEM_VS(REG_V24, REG_V9)
+        VAESEM_VS(REG_V25, REG_V1)
+        VAESEM_VS(REG_V25, REG_V2)
+        VAESEM_VS(REG_V25, REG_V3)
+        VAESEM_VS(REG_V25, REG_V4)
+        VAESEM_VS(REG_V25, REG_V5)
+        VAESEM_VS(REG_V25, REG_V6)
+        VAESEM_VS(REG_V25, REG_V7)
+        VAESEM_VS(REG_V25, REG_V8)
+        VAESEM_VS(REG_V25, REG_V9)
+        VAESEM_VS(REG_V26, REG_V1)
+        VAESEM_VS(REG_V26, REG_V2)
+        VAESEM_VS(REG_V26, REG_V3)
+        VAESEM_VS(REG_V26, REG_V4)
+        VAESEM_VS(REG_V26, REG_V5)
+        VAESEM_VS(REG_V26, REG_V6)
+        VAESEM_VS(REG_V26, REG_V7)
+        VAESEM_VS(REG_V26, REG_V8)
+        VAESEM_VS(REG_V26, REG_V9)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEF_VS(REG_V24, REG_V10)
+        VAESEF_VS(REG_V25, REG_V10)
+        VAESEF_VS(REG_V26, REG_V10)
+        VAESEF_VS(REG_V27, REG_V10)
+        VXOR_VV(REG_V28, REG_V24, REG_V28)
+        VXOR_VV(REG_V29, REG_V25, REG_V29)
+        VXOR_VV(REG_V30, REG_V26, REG_V30)
+        VXOR_VV(REG_V31, REG_V27, REG_V31)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS4R_V(REG_V28, REG_T0)
+        "addi        %[in], %[in], 64\n\t"
+        "addi        %[out], %[out], 64\n\t"
+        /* Loop if more elements to process. */
+        "addi       t4, t4, -1\n\t"
+        "bnez       t4, L_aes_gcm_128_decrypt_x4_block_loop\n\t"
+        "andi       %[sz], %[sz], 0x3f\n\t"
+
+      "L_aes_gcm_128_decrypt_x4_blocks_done:\n\t"
+        "srli       t2, %[sz], 4\n\t"
+        "beqz       t2, L_aes_gcm_128_decrypt_blocks_done\n\t"
+
+      "L_aes_gcm_128_decrypt_block_loop:\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEF_VS(REG_V27, REG_V10)
+
+        /* Load input. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V27, REG_T0)
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[out], %[out], 16\n\t"
+        /* Loop if more elements to process. */
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_128_decrypt_block_loop\n\t"
+
+      "L_aes_gcm_128_decrypt_blocks_done:\n\t"
+        "andi       t2, %[sz], 0xf\n\t"
+        "beqz       t2, L_aes_gcm_128_decrypt_done\n\t"
+
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_128_decrypt_load_byte:\n\t"
+        "lb         t0, (%[in])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[in], %[in], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_decrypt_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        /* Encrypt counter for partial block. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEF_VS(REG_V27, REG_V10)
+
+        /* Load scratch. */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store scratch. */
+        VS1R_V(REG_V27, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_128_decrypt_store_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[out])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[out], %[out], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_decrypt_store_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+
+      "L_aes_gcm_128_decrypt_done:\n\t"
+
+        /* Hash in the lengths of A and C in bits */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* aSz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[aSz], %[aSz], 3\n\t"
+        "srli       t0, %[aSz], 32\n\t"
+        "srli       t1, %[aSz], 24\n\t"
+        "srli       t2, %[aSz], 16\n\t"
+        "srli       t3, %[aSz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0    , 0(%[scratch])\n\t"
+        "sb         x0    , 2(%[scratch])\n\t"
+        "sb         t0    , 3(%[scratch])\n\t"
+        "sb         t1    , 4(%[scratch])\n\t"
+        "sb         t2    , 5(%[scratch])\n\t"
+        "sb         t3    , 6(%[scratch])\n\t"
+        "sb         %[aSz], 7(%[scratch])\n\t"
+        /* sz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   ,  8(%[scratch])\n\t"
+        "sb         x0   , 10(%[scratch])\n\t"
+        "sb         t0   , 11(%[scratch])\n\t"
+        "sb         t1   , 12(%[scratch])\n\t"
+        "sb         t2   , 13(%[scratch])\n\t"
+        "sb         t3   , 14(%[scratch])\n\t"
+        "sb         %[sz], 15(%[scratch])\n\t"
+#else
+        "slli       t0, %[aSz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[scratch])\n\t"
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 8(%[scratch])\n\t"
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        VAESZ_VS(REG_V16, REG_V0)
+        VAESEM_VS(REG_V16, REG_V1)
+        VAESEM_VS(REG_V16, REG_V2)
+        VAESEM_VS(REG_V16, REG_V3)
+        VAESEM_VS(REG_V16, REG_V4)
+        VAESEM_VS(REG_V16, REG_V5)
+        VAESEM_VS(REG_V16, REG_V6)
+        VAESEM_VS(REG_V16, REG_V7)
+        VAESEM_VS(REG_V16, REG_V8)
+        VAESEM_VS(REG_V16, REG_V9)
+        VAESEF_VS(REG_V16, REG_V10)
+        VXOR_VV(REG_V18, REG_V18, REG_V16)
+
+        "li         t1, 16\n\t"
+        "blt        %[tagSz], t1, L_aes_gcm_128_decrypt_tag_small\n\t"
+        "mv         t0, %[tag]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V19, REG_V19, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V17)
+        VMSNE_VV(REG_V19, REG_V19, REG_V18)
+        VCPOP_M(REG_T0, REG_V19)
+        "beqz       x0, L_aes_gcm_128_decrypt_tag_done\n\t"
+      "L_aes_gcm_128_decrypt_tag_small:\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "mv         t1, %[tagSz]\n\t"
+        "xor        t0, t0, t0\n\t"
+      "L_aes_gcm_128_decrypt_store_tag_byte:\n\t"
+        "lb         t2, (%[scratch])\n\t"
+        "lb         t3, (%[tag])\n\t"
+        "xor        t0, t0, t2\n\t"
+        "xor        t0, t0, t3\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[tag], %[tag], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_128_decrypt_store_tag_byte\n\t"
+      "L_aes_gcm_128_decrypt_tag_done:\n\t"
+        "negw       t0, t0\n\t"
+        "sraiw      t0, t0, 31\n\t"
+        "andi       %[ret], t0, -180\n\t"
+
+        : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key),
+          [aSz] "+r" (aadSz), [aad] "+r" (aad), [ret] "+r" (ret),
+          [sz] "+r" (sz)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+          , [rev_idx] "r" (rev_idx)
+#endif
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+#ifdef OPENSSL_EXTRA
+    if ((tag != NULL) && (in != NULL) && (sz != 0)) {
+        /* store AAD size for next call */
+        aes->gcm.aadLen = aadSz;
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+
+#ifdef WOLFSSL_AES_192
+/* Decrypt data using AES-192-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Decrypted data.
+ * @param [in]  in       Data to decrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
+ *          tag passed in.
+ */
+static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    int ret = 0;
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* key = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (nonceSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+#ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+#endif
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+#ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+#endif
+    }
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+        /* X=0, get H */
+        VXOR_VV(REG_V18, REG_V18, REG_V18)
+        "mv         t0, %[h]\n\t"
+        VL1RE32_V(REG_V19, REG_T0)
+
+        /* Hash in AAD, the Additional Authentication Data */
+        "beqz       %[aSz], L_aes_gcm_192_decrypt_ghash_aad_done\n\t"
+        "beqz       %[aad], L_aes_gcm_192_decrypt_ghash_aad_done\n\t"
+
+        "srli       t1, %[aSz], 4\n\t"
+        "beqz       t1, L_aes_gcm_192_decrypt_ghash_aad_blocks_done\n\t"
+
+      "L_aes_gcm_192_decrypt_ghash_aad_loop:\n\t"
+        "mv         t0, %[aad]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        "addi       %[aad], %[aad], 16\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_decrypt_ghash_aad_loop\n\t"
+      "L_aes_gcm_192_decrypt_ghash_aad_blocks_done:\n\t"
+        "andi       t1, %[aSz], 0xf\n\t"
+        "beqz       t1, L_aes_gcm_192_decrypt_ghash_aad_done\n\t"
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t2, t1\n\t"
+      "L_aes_gcm_192_decrypt_ghash_aad_load_byte:\n\t"
+        "lb         t0, (%[aad])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[aad], %[aad], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_192_decrypt_ghash_aad_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t1\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+      "L_aes_gcm_192_decrypt_ghash_aad_done:\n\t"
+        /* Done Hash in AAD */
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "mv         t0, %[rev_idx]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        /* Load the counter. */
+        "mv         t0, %[ctr]\n\t"
+        VL1RE32_V(REG_V16, REG_T0)
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VSLIDEDOWN_VI(REG_V20, REG_V16, 3)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V21, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V20, REG_V21)
+#else
+        VREV8(REG_V20, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "lw         t3, 12(%[ctr])\n\t"
+        "slli       t3, t3, 32\n\t"
+        REV8(REG_T3, REG_T3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..11]. */
+        "addi       t0, t0, 128\n\t"
+        VL4RE32_V(REG_V8, REG_T0)
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V12, REG_T0)
+
+        "beqz       %[sz], L_aes_gcm_192_decrypt_blocks_done\n\t"
+        "srli       t4, %[sz], 6\n\t"
+        "beqz       t4, L_aes_gcm_192_decrypt_x4_blocks_done\n\t"
+
+        /* Calculate H^[1-4] - GMULT partials */
+        VMV_V_V(REG_V21, REG_V19)
+        VMV_V_V(REG_V22, REG_V19)
+        /* Multiply H * H => H^2 */
+        VGMUL_VV(REG_V21, REG_V19)
+        VMV_V_V(REG_V23, REG_V21)
+        /* Multiply H * H => H^3 */
+        VGMUL_VV(REG_V22, REG_V21)
+        /* Multiply H^2 * H^2 => H^4 */
+        VGMUL_VV(REG_V23, REG_V21)
+
+      "L_aes_gcm_192_decrypt_x4_block_loop:\n\t"
+        /* Load input. */
+        "mv        t0, %[in]\n\t"
+        VL4RE32_V(REG_V28, REG_T0)
+        VMVR_V(REG_V24, REG_V28, 4)
+        VGMUL_VV(REG_V24, REG_V23)
+        VGMUL_VV(REG_V25, REG_V22)
+        VGMUL_VV(REG_V26, REG_V21)
+        VGMUL_VV(REG_V27, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V24)
+        VXOR_VV(REG_V18, REG_V18, REG_V25)
+        VXOR_VV(REG_V18, REG_V18, REG_V26)
+        VXOR_VV(REG_V18, REG_V18, REG_V27)
+        /* Calculate next 4 counters (+1-4) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V24, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V24, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V25, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V25, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V26, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V26, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V27, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t0, t3, 1\n\t"
+        VMV_V_V(REG_V24, REG_V16)
+        "addi       t1, t3, 2\n\t"
+        VMV_V_V(REG_V25, REG_V16)
+        "slli       t0, t0, 32\n\t"
+        VMV_V_V(REG_V26, REG_V16)
+        "slli       t1, t1, 32\n\t"
+        VMV_V_V(REG_V27, REG_V16)
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        VMV_V_X(REG_V20, REG_T0)
+        "addi       t0, t3, 3\n\t"
+        VSLIDEUP_VI(REG_V24, REG_V20, 3)
+        "addi       t3, t3, 4\n\t"
+        VMV_V_X(REG_V20, REG_T1)
+        "slli       t0, t0, 32\n\t"
+        VSLIDEUP_VI(REG_V25, REG_V20, 3)
+        "slli       t1, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        VMV_V_X(REG_V20, REG_T0)
+        VSLIDEUP_VI(REG_V26, REG_V20, 3)
+        VMV_V_X(REG_V20, REG_T1)
+        VSLIDEUP_VI(REG_V27, REG_V20, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V24, REG_V0)
+        VAESZ_VS(REG_V25, REG_V0)
+        VAESZ_VS(REG_V26, REG_V0)
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V24, REG_V1)
+        VAESEM_VS(REG_V24, REG_V2)
+        VAESEM_VS(REG_V24, REG_V3)
+        VAESEM_VS(REG_V24, REG_V4)
+        VAESEM_VS(REG_V24, REG_V5)
+        VAESEM_VS(REG_V24, REG_V6)
+        VAESEM_VS(REG_V24, REG_V7)
+        VAESEM_VS(REG_V24, REG_V8)
+        VAESEM_VS(REG_V24, REG_V9)
+        VAESEM_VS(REG_V24, REG_V10)
+        VAESEM_VS(REG_V24, REG_V11)
+        VAESEM_VS(REG_V25, REG_V1)
+        VAESEM_VS(REG_V25, REG_V2)
+        VAESEM_VS(REG_V25, REG_V3)
+        VAESEM_VS(REG_V25, REG_V4)
+        VAESEM_VS(REG_V25, REG_V5)
+        VAESEM_VS(REG_V25, REG_V6)
+        VAESEM_VS(REG_V25, REG_V7)
+        VAESEM_VS(REG_V25, REG_V8)
+        VAESEM_VS(REG_V25, REG_V9)
+        VAESEM_VS(REG_V25, REG_V10)
+        VAESEM_VS(REG_V25, REG_V11)
+        VAESEM_VS(REG_V26, REG_V1)
+        VAESEM_VS(REG_V26, REG_V2)
+        VAESEM_VS(REG_V26, REG_V3)
+        VAESEM_VS(REG_V26, REG_V4)
+        VAESEM_VS(REG_V26, REG_V5)
+        VAESEM_VS(REG_V26, REG_V6)
+        VAESEM_VS(REG_V26, REG_V7)
+        VAESEM_VS(REG_V26, REG_V8)
+        VAESEM_VS(REG_V26, REG_V9)
+        VAESEM_VS(REG_V26, REG_V10)
+        VAESEM_VS(REG_V26, REG_V11)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEF_VS(REG_V24, REG_V12)
+        VAESEF_VS(REG_V25, REG_V12)
+        VAESEF_VS(REG_V26, REG_V12)
+        VAESEF_VS(REG_V27, REG_V12)
+        VXOR_VV(REG_V28, REG_V24, REG_V28)
+        VXOR_VV(REG_V29, REG_V25, REG_V29)
+        VXOR_VV(REG_V30, REG_V26, REG_V30)
+        VXOR_VV(REG_V31, REG_V27, REG_V31)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS4R_V(REG_V28, REG_T0)
+        "addi        %[in], %[in], 64\n\t"
+        "addi        %[out], %[out], 64\n\t"
+        /* Loop if more elements to process. */
+        "addi       t4, t4, -1\n\t"
+        "bnez       t4, L_aes_gcm_192_decrypt_x4_block_loop\n\t"
+        "andi       %[sz], %[sz], 0x3f\n\t"
+
+      "L_aes_gcm_192_decrypt_x4_blocks_done:\n\t"
+        "srli       t2, %[sz], 4\n\t"
+        "beqz       t2, L_aes_gcm_192_decrypt_blocks_done\n\t"
+
+      "L_aes_gcm_192_decrypt_block_loop:\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEF_VS(REG_V27, REG_V12)
+
+        /* Load input. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V27, REG_T0)
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[out], %[out], 16\n\t"
+        /* Loop if more elements to process. */
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_192_decrypt_block_loop\n\t"
+
+      "L_aes_gcm_192_decrypt_blocks_done:\n\t"
+        "andi       t2, %[sz], 0xf\n\t"
+        "beqz       t2, L_aes_gcm_192_decrypt_done\n\t"
+
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_192_decrypt_load_byte:\n\t"
+        "lb         t0, (%[in])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[in], %[in], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_decrypt_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        /* Encrypt counter for partial block. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEF_VS(REG_V27, REG_V12)
+
+        /* Load scratch. */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store scratch. */
+        VS1R_V(REG_V27, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_192_decrypt_store_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[out])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[out], %[out], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_decrypt_store_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+
+      "L_aes_gcm_192_decrypt_done:\n\t"
+
+        /* Hash in the lengths of A and C in bits */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* aSz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[aSz], %[aSz], 3\n\t"
+        "srli       t0, %[aSz], 32\n\t"
+        "srli       t1, %[aSz], 24\n\t"
+        "srli       t2, %[aSz], 16\n\t"
+        "srli       t3, %[aSz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0    , 0(%[scratch])\n\t"
+        "sb         x0    , 2(%[scratch])\n\t"
+        "sb         t0    , 3(%[scratch])\n\t"
+        "sb         t1    , 4(%[scratch])\n\t"
+        "sb         t2    , 5(%[scratch])\n\t"
+        "sb         t3    , 6(%[scratch])\n\t"
+        "sb         %[aSz], 7(%[scratch])\n\t"
+        /* sz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   ,  8(%[scratch])\n\t"
+        "sb         x0   , 10(%[scratch])\n\t"
+        "sb         t0   , 11(%[scratch])\n\t"
+        "sb         t1   , 12(%[scratch])\n\t"
+        "sb         t2   , 13(%[scratch])\n\t"
+        "sb         t3   , 14(%[scratch])\n\t"
+        "sb         %[sz], 15(%[scratch])\n\t"
+#else
+        "slli       t0, %[aSz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[scratch])\n\t"
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 8(%[scratch])\n\t"
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        VAESZ_VS(REG_V16, REG_V0)
+        VAESEM_VS(REG_V16, REG_V1)
+        VAESEM_VS(REG_V16, REG_V2)
+        VAESEM_VS(REG_V16, REG_V3)
+        VAESEM_VS(REG_V16, REG_V4)
+        VAESEM_VS(REG_V16, REG_V5)
+        VAESEM_VS(REG_V16, REG_V6)
+        VAESEM_VS(REG_V16, REG_V7)
+        VAESEM_VS(REG_V16, REG_V8)
+        VAESEM_VS(REG_V16, REG_V9)
+        VAESEM_VS(REG_V16, REG_V10)
+        VAESEM_VS(REG_V16, REG_V11)
+        VAESEF_VS(REG_V16, REG_V12)
+        VXOR_VV(REG_V18, REG_V18, REG_V16)
+
+        "li         t1, 16\n\t"
+        "blt        %[tagSz], t1, L_aes_gcm_192_decrypt_tag_small\n\t"
+        "mv         t0, %[tag]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V19, REG_V19, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V17)
+        VMSNE_VV(REG_V19, REG_V19, REG_V18)
+        VCPOP_M(REG_T0, REG_V19)
+        "beqz       x0, L_aes_gcm_192_decrypt_tag_done\n\t"
+      "L_aes_gcm_192_decrypt_tag_small:\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "mv         t1, %[tagSz]\n\t"
+        "xor        t0, t0, t0\n\t"
+      "L_aes_gcm_192_decrypt_store_tag_byte:\n\t"
+        "lb         t2, (%[scratch])\n\t"
+        "lb         t3, (%[tag])\n\t"
+        "xor        t0, t0, t2\n\t"
+        "xor        t0, t0, t3\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[tag], %[tag], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_192_decrypt_store_tag_byte\n\t"
+      "L_aes_gcm_192_decrypt_tag_done:\n\t"
+        "negw       t0, t0\n\t"
+        "sraiw      t0, t0, 31\n\t"
+        "andi       %[ret], t0, -180\n\t"
+
+        : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key),
+          [aSz] "+r" (aadSz), [aad] "+r" (aad), [ret] "+r" (ret),
+          [sz] "+r" (sz)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+          , [rev_idx] "r" (rev_idx)
+#endif
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+#ifdef OPENSSL_EXTRA
+    if ((tag != NULL) && (in != NULL) && (sz != 0)) {
+        /* store AAD size for next call */
+        aes->gcm.aadLen = aadSz;
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_192 */
+
+#ifdef WOLFSSL_AES_256
+/* Decrypt data using AES-256-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Decrypted data.
+ * @param [in]  in       Data to decrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
+ *          tag passed in.
+ */
+static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    int ret = 0;
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* key = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (nonceSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+#ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+#endif
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+#ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+#endif
+    }
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+
+        /* X=0, get H */
+        VXOR_VV(REG_V18, REG_V18, REG_V18)
+        "mv         t0, %[h]\n\t"
+        VL1RE32_V(REG_V19, REG_T0)
+
+        /* Hash in AAD, the Additional Authentication Data */
+        "beqz       %[aSz], L_aes_gcm_256_decrypt_ghash_aad_done\n\t"
+        "beqz       %[aad], L_aes_gcm_256_decrypt_ghash_aad_done\n\t"
+
+        "srli       t1, %[aSz], 4\n\t"
+        "beqz       t1, L_aes_gcm_256_decrypt_ghash_aad_blocks_done\n\t"
+
+      "L_aes_gcm_256_decrypt_ghash_aad_loop:\n\t"
+        "mv         t0, %[aad]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        "addi       %[aad], %[aad], 16\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_decrypt_ghash_aad_loop\n\t"
+      "L_aes_gcm_256_decrypt_ghash_aad_blocks_done:\n\t"
+        "andi       t1, %[aSz], 0xf\n\t"
+        "beqz       t1, L_aes_gcm_256_decrypt_ghash_aad_done\n\t"
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t2, t1\n\t"
+      "L_aes_gcm_256_decrypt_ghash_aad_load_byte:\n\t"
+        "lb         t0, (%[aad])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[aad], %[aad], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_256_decrypt_ghash_aad_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t1\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+      "L_aes_gcm_256_decrypt_ghash_aad_done:\n\t"
+        /* Done Hash in AAD */
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "mv         t0, %[rev_idx]\n\t"
+        VL1RE32_V(REG_V15, REG_T0)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        /* Load the counter. */
+        "mv         t0, %[ctr]\n\t"
+        VL1RE32_V(REG_V16, REG_T0)
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VSLIDEDOWN_VI(REG_V20, REG_V16, 3)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V21, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        VMV_V_V(REG_V20, REG_V21)
+#else
+        VREV8(REG_V20, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+#else
+        "lw         t3, 12(%[ctr])\n\t"
+        "slli       t3, t3, 32\n\t"
+        REV8(REG_T3, REG_T3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        /* Load key[0..7]. */
+        "mv         t0, %[key]\n\t"
+        VL8RE32_V(REG_V0, REG_T0)
+        /* Load key[8..11]. */
+        "addi       t0, t0, 128\n\t"
+        VL4RE32_V(REG_V8, REG_T0)
+        /* Load key[12..13]. */
+        "addi       t0, t0, 64\n\t"
+        VL2RE32_V(REG_V12, REG_T0)
+        /* Load last round's key */
+        "addi       t0, %[key], 224\n\t"
+        VL1RE32_V(REG_V14, REG_T0)
+
+        "beqz       %[sz], L_aes_gcm_256_decrypt_blocks_done\n\t"
+        "srli       t4, %[sz], 6\n\t"
+        "beqz       t4, L_aes_gcm_256_decrypt_x4_blocks_done\n\t"
+
+        /* Calculate H^[1-4] - GMULT partials */
+        VMV_V_V(REG_V21, REG_V19)
+        VMV_V_V(REG_V22, REG_V19)
+        /* Multiply H * H => H^2 */
+        VGMUL_VV(REG_V21, REG_V19)
+        VMV_V_V(REG_V23, REG_V21)
+        /* Multiply H * H => H^3 */
+        VGMUL_VV(REG_V22, REG_V21)
+        /* Multiply H^2 * H^2 => H^4 */
+        VGMUL_VV(REG_V23, REG_V21)
+
+      "L_aes_gcm_256_decrypt_x4_block_loop:\n\t"
+        /* Load input. */
+        "mv        t0, %[in]\n\t"
+        VL4RE32_V(REG_V28, REG_T0)
+        VMVR_V(REG_V24, REG_V28, 4)
+        VGMUL_VV(REG_V24, REG_V23)
+        VGMUL_VV(REG_V25, REG_V22)
+        VGMUL_VV(REG_V26, REG_V21)
+        VGMUL_VV(REG_V27, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V24)
+        VXOR_VV(REG_V18, REG_V18, REG_V25)
+        VXOR_VV(REG_V18, REG_V18, REG_V26)
+        VXOR_VV(REG_V18, REG_V18, REG_V27)
+        /* Calculate next 4 counters (+1-4) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V24, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V24, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V25, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V25, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V26, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V26, REG_V17, 3)
+        VADD_VI(REG_V20, REG_V20, 1)
+        VMV_V_V(REG_V27, REG_V16)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t0, t3, 1\n\t"
+        VMV_V_V(REG_V24, REG_V16)
+        "addi       t1, t3, 2\n\t"
+        VMV_V_V(REG_V25, REG_V16)
+        "slli       t0, t0, 32\n\t"
+        VMV_V_V(REG_V26, REG_V16)
+        "slli       t1, t1, 32\n\t"
+        VMV_V_V(REG_V27, REG_V16)
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        VMV_V_X(REG_V20, REG_T0)
+        "addi       t0, t3, 3\n\t"
+        VSLIDEUP_VI(REG_V24, REG_V20, 3)
+        "addi       t3, t3, 4\n\t"
+        VMV_V_X(REG_V20, REG_T1)
+        "slli       t0, t0, 32\n\t"
+        VSLIDEUP_VI(REG_V25, REG_V20, 3)
+        "slli       t1, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        VMV_V_X(REG_V20, REG_T0)
+        VSLIDEUP_VI(REG_V26, REG_V20, 3)
+        VMV_V_X(REG_V20, REG_T1)
+        VSLIDEUP_VI(REG_V27, REG_V20, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V24, REG_V0)
+        VAESZ_VS(REG_V25, REG_V0)
+        VAESZ_VS(REG_V26, REG_V0)
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V24, REG_V1)
+        VAESEM_VS(REG_V24, REG_V2)
+        VAESEM_VS(REG_V24, REG_V3)
+        VAESEM_VS(REG_V24, REG_V4)
+        VAESEM_VS(REG_V24, REG_V5)
+        VAESEM_VS(REG_V24, REG_V6)
+        VAESEM_VS(REG_V24, REG_V7)
+        VAESEM_VS(REG_V24, REG_V8)
+        VAESEM_VS(REG_V24, REG_V9)
+        VAESEM_VS(REG_V24, REG_V10)
+        VAESEM_VS(REG_V24, REG_V11)
+        VAESEM_VS(REG_V24, REG_V12)
+        VAESEM_VS(REG_V24, REG_V13)
+        VAESEM_VS(REG_V25, REG_V1)
+        VAESEM_VS(REG_V25, REG_V2)
+        VAESEM_VS(REG_V25, REG_V3)
+        VAESEM_VS(REG_V25, REG_V4)
+        VAESEM_VS(REG_V25, REG_V5)
+        VAESEM_VS(REG_V25, REG_V6)
+        VAESEM_VS(REG_V25, REG_V7)
+        VAESEM_VS(REG_V25, REG_V8)
+        VAESEM_VS(REG_V25, REG_V9)
+        VAESEM_VS(REG_V25, REG_V10)
+        VAESEM_VS(REG_V25, REG_V11)
+        VAESEM_VS(REG_V25, REG_V12)
+        VAESEM_VS(REG_V25, REG_V13)
+        VAESEM_VS(REG_V26, REG_V1)
+        VAESEM_VS(REG_V26, REG_V2)
+        VAESEM_VS(REG_V26, REG_V3)
+        VAESEM_VS(REG_V26, REG_V4)
+        VAESEM_VS(REG_V26, REG_V5)
+        VAESEM_VS(REG_V26, REG_V6)
+        VAESEM_VS(REG_V26, REG_V7)
+        VAESEM_VS(REG_V26, REG_V8)
+        VAESEM_VS(REG_V26, REG_V9)
+        VAESEM_VS(REG_V26, REG_V10)
+        VAESEM_VS(REG_V26, REG_V11)
+        VAESEM_VS(REG_V26, REG_V12)
+        VAESEM_VS(REG_V26, REG_V13)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEM_VS(REG_V27, REG_V12)
+        VAESEM_VS(REG_V27, REG_V13)
+        VAESEF_VS(REG_V24, REG_V14)
+        VAESEF_VS(REG_V25, REG_V14)
+        VAESEF_VS(REG_V26, REG_V14)
+        VAESEF_VS(REG_V27, REG_V14)
+        VXOR_VV(REG_V28, REG_V24, REG_V28)
+        VXOR_VV(REG_V29, REG_V25, REG_V29)
+        VXOR_VV(REG_V30, REG_V26, REG_V30)
+        VXOR_VV(REG_V31, REG_V27, REG_V31)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS4R_V(REG_V28, REG_T0)
+        "addi        %[in], %[in], 64\n\t"
+        "addi        %[out], %[out], 64\n\t"
+        /* Loop if more elements to process. */
+        "addi       t4, t4, -1\n\t"
+        "bnez       t4, L_aes_gcm_256_decrypt_x4_block_loop\n\t"
+        "andi       %[sz], %[sz], 0x3f\n\t"
+
+      "L_aes_gcm_256_decrypt_x4_blocks_done:\n\t"
+        "srli       t2, %[sz], 4\n\t"
+        "beqz       t2, L_aes_gcm_256_decrypt_blocks_done\n\t"
+
+      "L_aes_gcm_256_decrypt_block_loop:\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEM_VS(REG_V27, REG_V12)
+        VAESEM_VS(REG_V27, REG_V13)
+        VAESEF_VS(REG_V27, REG_V14)
+
+        /* Load input. */
+        "mv         t0, %[in]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store output. */
+        "mv         t0, %[out]\n\t"
+        VS1R_V(REG_V27, REG_T0)
+
+        "addi        %[in], %[in], 16\n\t"
+        "addi        %[out], %[out], 16\n\t"
+        /* Loop if more elements to process. */
+        "addi       t2, t2, -1\n\t"
+        "bnez       t2, L_aes_gcm_256_decrypt_block_loop\n\t"
+
+      "L_aes_gcm_256_decrypt_blocks_done:\n\t"
+        "andi       t2, %[sz], 0xf\n\t"
+        "beqz       t2, L_aes_gcm_256_decrypt_done\n\t"
+
+        VXOR_VV(REG_V17, REG_V17, REG_V17)
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V17, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_256_decrypt_load_byte:\n\t"
+        "lb         t0, (%[in])\n\t"
+        "sb         t0, (%[scratch])\n\t"
+        "addi       %[in], %[in], 1\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_decrypt_load_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        /* Encrypt counter for partial block. */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        VADD_VI(REG_V20, REG_V20, 1)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        VSETIVLI(REG_X0, 16, 1, 1, 0b000, 0b000)
+        VRGATHER_VV(REG_V17, REG_V15, REG_V20)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+#else
+        VREV8(REG_V17, REG_V20)
+#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#else
+        "addi       t3, t3, 1\n\t"
+        "slli       t0, t3, 32\n\t"
+        REV8(REG_T0, REG_T0)
+        VMV_V_X(REG_V17, REG_T0)
+        VMV_V_V(REG_V27, REG_V16)
+        VSLIDEUP_VI(REG_V27, REG_V17, 3)
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+        VAESZ_VS(REG_V27, REG_V0)
+        VAESEM_VS(REG_V27, REG_V1)
+        VAESEM_VS(REG_V27, REG_V2)
+        VAESEM_VS(REG_V27, REG_V3)
+        VAESEM_VS(REG_V27, REG_V4)
+        VAESEM_VS(REG_V27, REG_V5)
+        VAESEM_VS(REG_V27, REG_V6)
+        VAESEM_VS(REG_V27, REG_V7)
+        VAESEM_VS(REG_V27, REG_V8)
+        VAESEM_VS(REG_V27, REG_V9)
+        VAESEM_VS(REG_V27, REG_V10)
+        VAESEM_VS(REG_V27, REG_V11)
+        VAESEM_VS(REG_V27, REG_V12)
+        VAESEM_VS(REG_V27, REG_V13)
+        VAESEF_VS(REG_V27, REG_V14)
+
+        /* Load scratch. */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        /* Store scratch. */
+        VS1R_V(REG_V27, REG_T0)
+        "mv         t1, t2\n\t"
+      "L_aes_gcm_256_decrypt_store_byte:\n\t"
+        "lb         t0, (%[scratch])\n\t"
+        "sb         t0, (%[out])\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[out], %[out], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_decrypt_store_byte\n\t"
+        "sub        %[scratch], %[scratch], t2\n\t"
+
+      "L_aes_gcm_256_decrypt_done:\n\t"
+
+        /* Hash in the lengths of A and C in bits */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        /* aSz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[aSz], %[aSz], 3\n\t"
+        "srli       t0, %[aSz], 32\n\t"
+        "srli       t1, %[aSz], 24\n\t"
+        "srli       t2, %[aSz], 16\n\t"
+        "srli       t3, %[aSz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0    , 0(%[scratch])\n\t"
+        "sb         x0    , 2(%[scratch])\n\t"
+        "sb         t0    , 3(%[scratch])\n\t"
+        "sb         t1    , 4(%[scratch])\n\t"
+        "sb         t2    , 5(%[scratch])\n\t"
+        "sb         t3    , 6(%[scratch])\n\t"
+        "sb         %[aSz], 7(%[scratch])\n\t"
+        /* sz is only 32-bits */
+        /* Multiply by 8 do get size in bits. */
+        "slli       %[sz], %[sz], 3\n\t"
+        "srli       t0, %[sz], 32\n\t"
+        "srli       t1, %[sz], 24\n\t"
+        "srli       t2, %[sz], 16\n\t"
+        "srli       t3, %[sz], 8\n\t"
+        /* Top 3 bytes are 0. */
+        "sh         x0   ,  8(%[scratch])\n\t"
+        "sb         x0   , 10(%[scratch])\n\t"
+        "sb         t0   , 11(%[scratch])\n\t"
+        "sb         t1   , 12(%[scratch])\n\t"
+        "sb         t2   , 13(%[scratch])\n\t"
+        "sb         t3   , 14(%[scratch])\n\t"
+        "sb         %[sz], 15(%[scratch])\n\t"
+#else
+        "slli       t0, %[aSz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 0(%[scratch])\n\t"
+        "slli       t0, %[sz], 3\n\t"
+        REV8(REG_T0, REG_T0)
+        "sd         t0, 8(%[scratch])\n\t"
+#endif /* !WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+        "mv         t0, %[scratch]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VGHSH_VV(REG_V18, REG_V17, REG_V19)
+
+        VAESZ_VS(REG_V16, REG_V0)
+        VAESEM_VS(REG_V16, REG_V1)
+        VAESEM_VS(REG_V16, REG_V2)
+        VAESEM_VS(REG_V16, REG_V3)
+        VAESEM_VS(REG_V16, REG_V4)
+        VAESEM_VS(REG_V16, REG_V5)
+        VAESEM_VS(REG_V16, REG_V6)
+        VAESEM_VS(REG_V16, REG_V7)
+        VAESEM_VS(REG_V16, REG_V8)
+        VAESEM_VS(REG_V16, REG_V9)
+        VAESEM_VS(REG_V16, REG_V10)
+        VAESEM_VS(REG_V16, REG_V11)
+        VAESEM_VS(REG_V16, REG_V12)
+        VAESEM_VS(REG_V16, REG_V13)
+        VAESEF_VS(REG_V16, REG_V14)
+        VXOR_VV(REG_V18, REG_V18, REG_V16)
+
+        "li         t1, 16\n\t"
+        "blt        %[tagSz], t1, L_aes_gcm_256_decrypt_tag_small\n\t"
+        "mv         t0, %[tag]\n\t"
+        VL1RE32_V(REG_V17, REG_T0)
+        VXOR_VV(REG_V19, REG_V19, REG_V19)
+        VXOR_VV(REG_V18, REG_V18, REG_V17)
+        VMSNE_VV(REG_V19, REG_V19, REG_V18)
+        VCPOP_M(REG_T0, REG_V19)
+        "beqz       x0, L_aes_gcm_256_decrypt_tag_done\n\t"
+      "L_aes_gcm_256_decrypt_tag_small:\n\t"
+        "mv         t0, %[scratch]\n\t"
+        VS1R_V(REG_V18, REG_T0)
+        "mv         t1, %[tagSz]\n\t"
+        "xor        t0, t0, t0\n\t"
+      "L_aes_gcm_256_decrypt_store_tag_byte:\n\t"
+        "lb         t2, (%[scratch])\n\t"
+        "lb         t3, (%[tag])\n\t"
+        "xor        t0, t0, t2\n\t"
+        "xor        t0, t0, t3\n\t"
+        "addi       %[scratch], %[scratch], 1\n\t"
+        "addi       %[tag], %[tag], 1\n\t"
+        "addi       t1, t1, -1\n\t"
+        "bnez       t1, L_aes_gcm_256_decrypt_store_tag_byte\n\t"
+      "L_aes_gcm_256_decrypt_tag_done:\n\t"
+        "negw       t0, t0\n\t"
+        "sraiw      t0, t0, 31\n\t"
+        "andi       %[ret], t0, -180\n\t"
+
+        : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key),
+          [aSz] "+r" (aadSz), [aad] "+r" (aad), [ret] "+r" (ret),
+          [sz] "+r" (sz)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "r" (aes->gcm.H), [tag] "r" (tag), [tagSz] "r" (tagSz)
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+          , [rev_idx] "r" (rev_idx)
+#endif
+        : "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+#ifdef OPENSSL_EXTRA
+    if ((tag != NULL) && (in != NULL) && (sz != 0)) {
+        /* store AAD size for next call */
+        aes->gcm.aadLen = aadSz;
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_256 */
+
+/* Decrypt data using AES-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Decrypted data.
+ * @param [in]  in       Data to decrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, nonce or tag is NULL.
+ * @return  BAD_FUNC_ARG when nonceSz is zero.
+ * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
+ * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
+ *          greater than WC_AES_BLOCK_SIZE.
+ * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
+ * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
+ *          tag passed in.
+ */
+int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    int ret = 0;
+
+    /* sanity checks */
+    if ((aes == NULL) || (nonce == NULL) || (tag == NULL) ||
+            (tagSz > WC_AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
+            ((aad == NULL) && (aadSz > 0)) || (nonceSz == 0) ||
+            ((sz != 0) && ((in == NULL) || (out == NULL)))) {
+        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
+        return BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (aes->rounds) {
+        #ifdef WOLFSSL_AES_128
+            case 10:
+                ret = Aes128GcmDecrypt(aes, out, in, sz, nonce, nonceSz, tag,
+                    tagSz, aad, aadSz);
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_192
+            case 12:
+                ret = Aes192GcmDecrypt(aes, out, in, sz, nonce, nonceSz, tag,
+                    tagSz, aad, aadSz);
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_256
+            case 14:
+                ret = Aes256GcmDecrypt(aes, out, in, sz, nonce, nonceSz, tag,
+                    tagSz, aad, aadSz);
+                break;
+        #endif
+            default:
+                WOLFSSL_MSG("AES-GCM invalid round number");
+                ret = BAD_FUNC_ARG;
+        }
+    }
+
+    return ret;
+
+}
+
+#endif /* HAVE_AES_DECRYPT */
+
+/* END script replace AES-GCM RISC-V 64 with hardware vector crypto */
+
+#define HAVE_AES_GCM_ENC_DEC
+
+#endif /* !WOLFSSL_RISCV_VECTOR_GCM */
+
+#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
+/* Implement GHASH if we haven't already. */
+#ifndef HAVE_GHASH
+/* Remainder values. */
+static const word16 R[32] = {
+          0x0000,       0x201c,       0x4038,       0x6024,
+          0x8070,       0xa06c,       0xc048,       0xe054,
+          0x00e1,       0x20fd,       0x40d9,       0x60c5,
+          0x8091,       0xa08d,       0xc0a9,       0xe0b5,
+
+          0x0000,       0xc201,       0x8403,       0x4602,
+          0x0807,       0xca06,       0x8c04,       0x4e05,
+          0x100e,       0xd20f,       0x940d,       0x560c,
+          0x1809,       0xda08,       0x9c0a,       0x5e0b,
+};
+
+/* GMULT, multiply in GF2, x and y into x.
+ *
+ * @param [in, out]  x  On in, value to GMULT.
+ *                      On out, result of GMULT.
+ * @param [in]       y  Value to GMULT.
+ */
+static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE])
+{
+    int i;
+    word64 z8[2] = {0, 0};
+    byte a;
+    word64* x8 = (word64*)x;
+    word64* m8;
+    word64 n0, n1, n2, n3;
+    byte xi;
+
+    for (i = 15; i > 0; i--) {
+        xi = x[i];
+
+        /* XOR in (msn * H) */
+        m8 = (word64*)m[xi & 0xf];
+        z8[0] ^= m8[0];
+        z8[1] ^= m8[1];
+
+        /* Cache top byte for remainder calculations - lost in rotate. */
+        a = (byte)(z8[1] >> 56);
+
+        /* Rotate Z by 8-bits */
+        z8[1] = (z8[0] >> 56) | (z8[1] << 8);
+        z8[0] <<= 8;
+
+        /* XOR in (next significant nibble * H) [pre-rotated by 4 bits] */
+        m8 = (word64*)m[16 + (xi >> 4)];
+        z8[0] ^= m8[0];
+        z8[1] ^= m8[1];
+
+        /* XOR in (msn * remainder) [pre-rotated by 4 bits] */
+        z8[0] ^= (word64)R[16 + (a & 0xf)];
+        /* XOR in next significant nibble (XORed with H) * remainder */
+        m8 = (word64*)m[xi >> 4];
+        a ^= (byte)(m8[1] >> 52);
+        z8[0] ^= (word64)R[a >> 4];
+    }
+
+    xi = x[0];
+
+    /* XOR in most significant nibble * H */
+    m8 = (word64*)m[xi & 0xf];
+    z8[0] ^= m8[0];
+    z8[1] ^= m8[1];
+
+    /* Cache top byte for remainder calculations - lost in rotate. */
+    a = (z8[1] >> 56) & 0xf;
+
+    /* Rotate z by 4-bits */
+    n3 = z8[1] & W64LIT(0xf0f0f0f0f0f0f0f0);
+    n2 = z8[1] & W64LIT(0x0f0f0f0f0f0f0f0f);
+    n1 = z8[0] & W64LIT(0xf0f0f0f0f0f0f0f0);
+    n0 = z8[0] & W64LIT(0x0f0f0f0f0f0f0f0f);
+    z8[1] = (n3 >> 4) | (n2 << 12) | (n0 >> 52);
+    z8[0] = (n1 >> 4) | (n0 << 12);
+
+    /* XOR in next significant nibble * H */
+    m8 = (word64*)m[xi >> 4];
+    z8[0] ^= m8[0];
+    z8[1] ^= m8[1];
+    /* XOR in most significant nibble * remainder */
+    z8[0] ^= (word64)R[a];
+
+    /* Write back result. */
+    x8[0] = z8[0];
+    x8[1] = z8[1];
+}
+
+/* GHASH Additional Authentication Data (AAD) and cipher text.
+ *
+ * @param [in]  gcm  GCM object.
+ * @param [in]  a    Additional Authentication Data (AAD).
+ * @param [in]  aSz  Size of AAD in bytes.
+ * @param [in]  c    Cipher text.
+ * @param [in]  cSz  Size of cipher text in bytes.
+ * @param [out] s    Hash result.
+ * @param [in]  sSz  Number of bytes to put into hash result.
+ */
+void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
+    byte* s, word32 sSz)
+{
+    if (gcm != NULL) {
+        byte x[WC_AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
+        word32 blocks, partial;
+
+        XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
+
+        /* Hash in A, the Additional Authentication Data */
+        if (aSz != 0 && a != NULL) {
+            blocks = aSz / WC_AES_BLOCK_SIZE;
+            partial = aSz % WC_AES_BLOCK_SIZE;
+            while (blocks--) {
+                xorbuf16(x, a);
+                GMULT(x, gcm->M0);
+                a += WC_AES_BLOCK_SIZE;
+            }
+            if (partial != 0) {
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
+                XMEMCPY(scratch, a, partial);
+                xorbuf16(x, scratch);
+                GMULT(x, gcm->M0);
+            }
+        }
+
+        /* Hash in C, the Ciphertext */
+        if (cSz != 0 && c != NULL) {
+            blocks = cSz / WC_AES_BLOCK_SIZE;
+            partial = cSz % WC_AES_BLOCK_SIZE;
+            while (blocks--) {
+                xorbuf16(x, c);
+                GMULT(x, gcm->M0);
+                c += WC_AES_BLOCK_SIZE;
+            }
+            if (partial != 0) {
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
+                XMEMCPY(scratch, c, partial);
+                xorbuf16(x, scratch);
+                GMULT(x, gcm->M0);
+            }
+        }
+
+        /* Hash in the lengths of A and C in bits */
+        FlattenSzInBits(&scratch[0], aSz);
+        FlattenSzInBits(&scratch[8], cSz);
+        xorbuf16(x, scratch);
+        GMULT(x, gcm->M0);
+
+        /* Copy the result into s. */
+        XMEMCPY(s, x, sSz);
+    }
+}
+#endif /* !HAVE_GHASH */
+
+#ifndef HAVE_AES_GCM_ENC_DEC
+/* Increment AES-GCM counter.
+ *
+ * Big-endian byte ordering.
+ *
+ * @param [in, out] inOutCtr  Counter value to be incremented.
+ */
+static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* Big-endian array - start at last element and move back. */
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
+        /* Result not zero means no carry. */
+        if ((++inOutCtr[i]) != 0) {
+            return;
+        }
+    }
+}
+
+/* Encrypt data using AES-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Encrypted data.
+ * @param [in]  in       Data to encrypt.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, nonce or tag is NULL.
+ * @return  BAD_FUNC_ARG when nonceSz is zero.
+ * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
+ * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
+ *          greater than WC_AES_BLOCK_SIZE.
+ * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
+ */
+int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    int ret = 0;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
+    const byte* p = in;
+    byte* c = out;
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) ||
+            ((aad == NULL) && (aadSz > 0)) || ((sz != 0) && ((in == NULL) ||
+            (out == NULL)))) {
+        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && ((tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
+            (tagSz > WC_AES_BLOCK_SIZE))) {
+        WOLFSSL_MSG("GcmEncrypt tagSz error");
+        ret = BAD_FUNC_ARG;
+    }
+
+
+    if (ret == 0) {
+        if (nonceSz == GCM_NONCE_MID_SZ) {
+            /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
+            XMEMCPY(counter, nonce, nonceSz);
+            XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
+                WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+            counter[WC_AES_BLOCK_SIZE - 1] = 1;
+        }
+        else {
+            /* Counter is GHASH of IV. */
+        #ifdef OPENSSL_EXTRA
+            word32 aadTemp = aes->gcm.aadLen;
+            aes->gcm.aadLen = 0;
+        #endif
+            GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+        #ifdef OPENSSL_EXTRA
+            aes->gcm.aadLen = aadTemp;
+        #endif
+        }
+        memcpy16(initialCounter, counter);
+
+        while (blocks--) {
+            IncrementGcmCounter(counter);
+            wc_AesEncrypt(aes, counter, scratch);
+            xorbufout16(c, scratch, p);
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
+        }
+
+        if (partial != 0) {
+            IncrementGcmCounter(counter);
+            wc_AesEncrypt(aes, counter, scratch);
+            xorbufout(c, scratch, p, partial);
+        }
+        if (tag) {
+            GHASH(&aes->gcm, aad, aadSz, out, sz, tag, tagSz);
+            wc_AesEncrypt(aes, initialCounter, scratch);
+            xorbuf(tag, scratch, tagSz);
+        #ifdef OPENSSL_EXTRA
+            if (!in && !sz)
+                /* store AAD size for next call */
+                aes->gcm.aadLen = aadSz;
+        #endif
+        }
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_AES_DECRYPT
+/* Decrypt data using AES-GCM.
+ *
+ * @param [in]  aes      AES object.
+ * @param [out] out      Decrypted data.
+ * @param [in]  in       Data to decrypt and GHASH.
+ * @param [in]  sz       Number of bytes of data.
+ * @param [in]  nonce    Nonce used to calculate first IV.
+ * @param [in]  nonceSz  Length of nonce in bytes.
+ * @param [out] tag      Authentication tag.
+ * @param [in]  tagSz    Length of authentication tag in bytes.
+ * @param [in]  aad      Additional Authentication Data (AAD).
+ * @param [in]  aadSz    Length of AAD in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when aes, nonce or tag is NULL.
+ * @return  BAD_FUNC_ARG when nonceSz is zero.
+ * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
+ * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
+ *          greater than WC_AES_BLOCK_SIZE.
+ * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
+ * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
+ *          tag passed in.
+ */
+int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz, const byte* tag, word32 tagSz,
+    const byte* aad, word32 aadSz)
+{
+    int ret = 0;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
+    const byte* c = in;
+    byte* p = out;
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
+    sword32 res;
+
+    /* Validate parameters. */
+    if ((aes == NULL) || (nonce == NULL) || (tag == NULL) ||
+            (tagSz > WC_AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
+            ((aad == NULL) && (aadSz > 0)) || (nonceSz == 0) ||
+            ((sz != 0) && ((in == NULL) || (out == NULL)))) {
+        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        if (nonceSz == GCM_NONCE_MID_SZ) {
+            /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
+            XMEMCPY(counter, nonce, nonceSz);
+            XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
+                WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+            counter[WC_AES_BLOCK_SIZE - 1] = 1;
+        }
+        else {
+            /* Counter is GHASH of IV. */
+        #ifdef OPENSSL_EXTRA
+            word32 aadTemp = aes->gcm.aadLen;
+            aes->gcm.aadLen = 0;
+        #endif
+            GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
+        #ifdef OPENSSL_EXTRA
+            aes->gcm.aadLen = aadTemp;
+        #endif
+        }
+
+        /* Calc the tag again using received auth data and the cipher text */
+        GHASH(&aes->gcm, aad, aadSz, in, sz, Tprime, sizeof(Tprime));
+        wc_AesEncrypt(aes, counter, EKY0);
+        xorbuf(Tprime, EKY0, sizeof(Tprime));
+    #ifdef WC_AES_GCM_DEC_AUTH_EARLY
+        /* ConstantCompare returns the cumulative bitwise or of the bitwise xor
+         * of the pairwise bytes in the strings.
+         */
+        res = ConstantCompare(tag, Tprime, tagSz);
+        /* convert positive retval from ConstantCompare() to all-1s word, in
+         * constant time.
+         */
+        res = 0 - (sword32)(((word32)(0 - res)) >> 31U);
+        ret = res & AES_GCM_AUTH_E;
+    }
+    if (ret == 0) {
+    #endif
+
+    #ifdef OPENSSL_EXTRA
+        if (!out) {
+            /* authenticated, non-confidential data */
+            /* store AAD size for next call */
+            aes->gcm.aadLen = aadSz;
+        }
+    #endif
+
+        while (blocks--) {
+            IncrementGcmCounter(counter);
+            wc_AesEncrypt(aes, counter, scratch);
+            xorbufout16(p, scratch, c);
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
+        }
+
+        if (partial != 0) {
+            IncrementGcmCounter(counter);
+            wc_AesEncrypt(aes, counter, scratch);
+            xorbuf(scratch, c, partial);
+            XMEMCPY(p, scratch, partial);
+        }
+
+    #ifndef WC_AES_GCM_DEC_AUTH_EARLY
+        /* ConstantCompare returns the cumulative bitwise or of the bitwise xor
+         * of the pairwise bytes in the strings.
+         */
+        res = ConstantCompare(tag, Tprime, (int)tagSz);
+        /* convert positive retval from ConstantCompare() to all-1s word, in
+         * constant time.
+         */
+        res = 0 - (sword32)(((word32)(0 - res)) >> 31U);
+        /* now use res as a mask for constant time return of ret, unless tag
+         * mismatch, whereupon AES_GCM_AUTH_E is returned.
+         */
+        ret = (ret & ~res) | (res & AES_GCM_AUTH_E);
+    #endif
+    }
+
+    return ret;
+}
+#endif /* HAVE_AES_DECRYPT */
+#endif /* !HAVE_AES_GCM_ENC_DEC */
+
+#endif /* HAVE_AESGCM */
+
+#ifdef HAVE_AESCCM
+
+static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
+{
+    /* process the bulk of the data */
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf16(out, in);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
+
+        wc_AesEncrypt(aes, out, out);
+    }
+
+    /* process remainder of the data */
+    if (inSz > 0) {
+        xorbuf(out, in, inSz);
+        wc_AesEncrypt(aes, out, out);
+    }
+}
+
+
+static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
+{
+    word32 authLenSz;
+    word32 remainder;
+
+    /* encode the length in */
+    if (inSz <= 0xFEFF) {
+        authLenSz = 2;
+        out[0] ^= ((inSz & 0xFF00) >> 8);
+        out[1] ^=  (inSz & 0x00FF);
+    }
+    else {
+        authLenSz = 6;
+        out[0] ^= 0xFF; out[1] ^= 0xFE;
+        out[2] ^= ((inSz & 0xFF000000) >> 24);
+        out[3] ^= ((inSz & 0x00FF0000) >> 16);
+        out[4] ^= ((inSz & 0x0000FF00) >>  8);
+        out[5] ^=  (inSz & 0x000000FF);
+    }
+    /* Note, the protocol handles auth data up to 2^64, but we are
+     * using 32-bit sizes right now, so the bigger data isn't handled.
+     */
+
+    /* start fill out the rest of the first block */
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
+    if (inSz >= remainder) {
+        /* plenty of bulk data to fill the remainder of this block */
+        xorbuf(out + authLenSz, in, remainder);
+        inSz -= remainder;
+        in += remainder;
+    }
+    else {
+        /* not enough bulk data, copy what is available, and pad zero */
+        xorbuf(out + authLenSz, in, inSz);
+        inSz = 0;
+    }
+    wc_AesEncrypt(aes, out, out);
+
+    if (inSz > 0)
+        roll_x(aes, in, inSz, out);
+}
+
+
+static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
+{
+    word32 i;
+
+    for (i = 0; i < lenSz; i++) {
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
+    }
+}
+
+/* return 0 on success */
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                   const byte* nonce, word32 nonceSz,
+                   byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    int ret = 0;
+
+    /* sanity check on arguments */
+    if ((aes == NULL) || ((inSz != 0) && ((in == NULL) || (out == NULL))) ||
+            (nonce == NULL) || (authTag == NULL) || (nonceSz < 7) ||
+            (nonceSz > 13)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && (wc_AesCcmCheckTagSize(authTagSz) != 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        byte A[WC_AES_BLOCK_SIZE];
+        byte B[WC_AES_BLOCK_SIZE];
+        byte lenSz;
+        byte i;
+
+        XMEMCPY(B+1, nonce, nonceSz);
+        lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+        B[0] = (authInSz > 0 ? 64 : 0)
+             + (8 * (((byte)authTagSz - 2) / 2))
+             + (lenSz - 1);
+        for (i = 0; (i < lenSz) && (i < (byte)sizeof(word32)); i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i);
+        }
+        for (; i < lenSz; i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
+        }
+
+        wc_AesEncrypt(aes, B, A);
+
+        if (authInSz > 0) {
+            roll_auth(aes, authIn, authInSz, A);
+        }
+        if (inSz > 0) {
+            roll_x(aes, in, inSz, A);
+        }
+        XMEMCPY(authTag, A, authTagSz);
+
+        B[0] = lenSz - 1;
+        for (i = 0; i < lenSz; i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
+        }
+        wc_AesEncrypt(aes, B, A);
+        xorbuf(authTag, A, authTagSz);
+
+        B[15] = 1;
+        while (inSz >= WC_AES_BLOCK_SIZE) {
+            wc_AesEncrypt(aes, B, A);
+            xorbuf16(A, in);
+            memcpy16(out, A);
+
+            AesCcmCtrInc(B, lenSz);
+            inSz -= WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+        }
+        if (inSz > 0) {
+            wc_AesEncrypt(aes, B, A);
+            xorbuf(A, in, inSz);
+            XMEMCPY(out, A, inSz);
+        }
+
+        ForceZero(A, WC_AES_BLOCK_SIZE);
+        ForceZero(B, WC_AES_BLOCK_SIZE);
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_AES_DECRYPT
+int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                   const byte* nonce, word32 nonceSz,
+                   const byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    int ret = 0;
+
+    /* sanity check on arguments */
+    if ((aes == NULL) || ((inSz != 0) && ((in == NULL) || (out == NULL))) ||
+            (nonce == NULL) || (authTag == NULL) || (nonceSz < 7) ||
+            (nonceSz > 13)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && (wc_AesCcmCheckTagSize(authTagSz) != 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        byte A[WC_AES_BLOCK_SIZE];
+        byte B[WC_AES_BLOCK_SIZE];
+        byte lenSz;
+        byte i;
+        byte* o = out;
+        word32 oSz = inSz;
+
+        XMEMCPY(B+1, nonce, nonceSz);
+        lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+
+        B[0] = lenSz - 1;
+        for (i = 0; i < lenSz; i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
+        }
+        B[15] = 1;
+
+        while (oSz >= WC_AES_BLOCK_SIZE) {
+            wc_AesEncrypt(aes, B, A);
+            xorbuf16(A, in);
+            memcpy16(o, A);
+
+            AesCcmCtrInc(B, lenSz);
+            oSz -= WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            o += WC_AES_BLOCK_SIZE;
+        }
+        if (inSz > 0) {
+            wc_AesEncrypt(aes, B, A);
+            xorbuf(A, in, oSz);
+            XMEMCPY(o, A, oSz);
+        }
+
+        for (i = 0; i < lenSz; i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
+        }
+        wc_AesEncrypt(aes, B, A);
+
+        B[0] = (authInSz > 0 ? 64 : 0)
+             + (8 * (((byte)authTagSz - 2) / 2))
+             + (lenSz - 1);
+        for (i = 0; (i < lenSz) && (i < (byte)sizeof(word32)); i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i);
+        }
+        for (; i < lenSz; i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
+        }
+
+        wc_AesEncrypt(aes, B, A);
+
+        if (authInSz > 0) {
+            roll_auth(aes, authIn, authInSz, A);
+        }
+        if (inSz > 0) {
+            roll_x(aes, out, inSz, A);
+        }
+
+        B[0] = lenSz - 1;
+        for (i = 0; i < lenSz; i++) {
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
+        }
+        wc_AesEncrypt(aes, B, B);
+        xorbuf(A, B, authTagSz);
+
+        if (ConstantCompare(A, authTag, authTagSz) != 0) {
+            /* If the authTag check fails, don't keep the decrypted data.
+             * Unfortunately, you need the decrypted data to calculate the
+             * check value. */
+            XMEMSET(out, 0, inSz);
+            ret = AES_CCM_AUTH_E;
+        }
+
+        ForceZero(A, WC_AES_BLOCK_SIZE);
+        ForceZero(B, WC_AES_BLOCK_SIZE);
+        o = NULL;
+    }
+
+    return ret;
+}
+#endif /* HAVE_AES_DECRYPT */
+#endif /* HAVE_AESCCM */
+
+#endif /* WOLFSSL_RISCV_ASM */
+
+#endif /* !NO_AES */
+
diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
new file mode 100644
index 000000000..8240e863d
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
@@ -0,0 +1,2374 @@
+/* riscv-64-chacha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to
+ * optimize for ARM:
+ *   https://cryptojedi.org/papers/veccrypto-20120320.pdf
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#ifdef HAVE_CHACHA
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+#ifdef CHACHA_TEST
+    #include <stdio.h>
+#endif
+
+/* Number of rounds */
+#define ROUNDS  20
+
+#define U32C(v) (v##U)
+#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
+#define U8TO32_LITTLE(p) (((word32*)(p))[0])
+
+#define PLUS(v,w)   (U32V((v) + (w)))
+#define PLUSONE(v)  (PLUS((v),1))
+
+#define ARM_SIMD_LEN_BYTES 16
+
+/**
+ * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
+ * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
+ */
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
+{
+    word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
+
+    ctx->left = 0;
+    ctx->X[CHACHA_IV_BYTES+0] = counter;           /* block counter */
+    ctx->X[CHACHA_IV_BYTES+1] = temp[0]; /* fixed variable from nonce */
+    ctx->X[CHACHA_IV_BYTES+2] = temp[1]; /* counter from nonce */
+    ctx->X[CHACHA_IV_BYTES+3] = temp[2]; /* counter from nonce */
+
+    return 0;
+}
+
+/* "expand 32-byte k" as unsigned 32 byte */
+static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
+/* "expand 16-byte k" as unsigned 16 byte */
+static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
+
+/**
+ * Key setup. 8 word iv (nonce)
+ */
+int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
+{
+    const word32* constants;
+    const byte*   k;
+
+#ifdef XSTREAM_ALIGN
+    word32 alignKey[8];
+#endif
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
+        return BAD_FUNC_ARG;
+
+#ifdef XSTREAM_ALIGN
+    if ((wc_ptr_t)key % 4) {
+        WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
+        XMEMCPY(alignKey, key, keySz);
+        k = (byte*)alignKey;
+    }
+    else {
+        k = key;
+    }
+#else
+    k = key;
+#endif /* XSTREAM_ALIGN */
+
+    ctx->X[4] = U8TO32_LITTLE(k +  0);
+    ctx->X[5] = U8TO32_LITTLE(k +  4);
+    ctx->X[6] = U8TO32_LITTLE(k +  8);
+    ctx->X[7] = U8TO32_LITTLE(k + 12);
+    if (keySz == CHACHA_MAX_KEY_SZ) {
+        k += 16;
+        constants = sigma;
+    }
+    else {
+        constants = tau;
+    }
+    ctx->X[ 8] = U8TO32_LITTLE(k +  0);
+    ctx->X[ 9] = U8TO32_LITTLE(k +  4);
+    ctx->X[10] = U8TO32_LITTLE(k +  8);
+    ctx->X[11] = U8TO32_LITTLE(k + 12);
+    ctx->X[ 0] = constants[0];
+    ctx->X[ 1] = constants[1];
+    ctx->X[ 2] = constants[2];
+    ctx->X[ 3] = constants[3];
+    ctx->left = 0;
+
+    return 0;
+}
+
+
+#define CC_A0   "a4"
+#define CC_A1   "a5"
+#define CC_A2   "a6"
+#define CC_A3   "a7"
+#define CC_B0   "t3"
+#define CC_B1   "t4"
+#define CC_B2   "t5"
+#define CC_B3   "t6"
+#define CC_C0   "s2"
+#define CC_C1   "s3"
+#define CC_C2   "s4"
+#define CC_C3   "s5"
+#define CC_D0   "s6"
+#define CC_D1   "s7"
+#define CC_D2   "s8"
+#define CC_D3   "s9"
+#define CC_T0   "t0"
+#define CC_T1   "t1"
+#define CC_T2   "t2"
+#define CC_T3   "s1"
+
+#if defined(WOLFSSL_RISCV_VECTOR)
+
+static const word32 L_chacha20_vec_inc_first_word[] = {
+    0x1,
+    0x0,
+    0x0,
+    0x0,
+};
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND_ODD_ABD_5(s, sr)                     \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V15, s)                    \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V19, s)                    \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V15, REG_V15, sr)                   \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V19, REG_V19, sr)                   \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V15, REG_V15, REG_V23)               \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V19, REG_V19, REG_V24)
+
+#define PART_ROUND_ODD_CDB_5(s, sr)                     \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V13, s)                    \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V17, s)                    \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V13, REG_V13, sr)                   \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V17, REG_V17, sr)                   \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V13, REG_V13, REG_V23)               \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V17, REG_V17, REG_V24)
+
+#define PART_ROUND_EVEN_ABD_5(s, sr)                    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V15, s)                    \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V19, s)                    \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V15, REG_V15, sr)                   \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V19, REG_V19, sr)                   \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V15, REG_V15, REG_V23)               \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V19, REG_V19, REG_V24)
+
+#define PART_ROUND_EVEN_CDB_5(s, sr)                    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V23, REG_V13, s)                    \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V24, REG_V17, s)                    \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V13, REG_V13, sr)                   \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VSRL_VI(REG_V17, REG_V17, sr)                   \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        VOR_VV(REG_V13, REG_V13, REG_V23)               \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"    \
+        VOR_VV(REG_V17, REG_V17, REG_V24)
+
+#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION )
+
+#define PART_ROUND_ODD_ABD_5(s, sr)                     \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VROR_VI(REG_V19, sr, REG_V19)                   \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB_5(s, sr)                     \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VROR_VI(REG_V17, sr, REG_V17)                   \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD_5(s, sr)                    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VROR_VI(REG_V19, sr, REG_V19)                   \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB_5(s, sr)                    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VROR_VI(REG_V17, sr, REG_V17)                   \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#else
+
+#define PART_ROUND_ODD_ABD_5(s, sr)                     \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        VROR_VI(REG_V19, sr, REG_V19)
+
+#define PART_ROUND_ODD_CDB_5(s, sr)                     \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        VROR_VI(REG_V17, sr, REG_V17)
+
+#define PART_ROUND_EVEN_ABD_5(s, sr)                    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V12, REG_V12, REG_V13)              \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V16, REG_V16, REG_V17)              \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VXOR_VV(REG_V15, REG_V15, REG_V12)              \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VXOR_VV(REG_V19, REG_V19, REG_V16)              \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        VROR_VI(REG_V15, sr, REG_V15)                   \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        VROR_VI(REG_V19, sr, REG_V19)
+
+#define PART_ROUND_EVEN_CDB_5(s, sr)                    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V14, REG_V14, REG_V15)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V18, REG_V18, REG_V19)              \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V13, REG_V13, REG_V14)              \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V17, REG_V17, REG_V18)              \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        VROR_VI(REG_V13, sr, REG_V13)                   \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        VROR_VI(REG_V17, sr, REG_V17)
+
+#endif
+
+#define QUARTER_ROUND_ODD_5()               \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_ODD_ABD_5(16, 16)        \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_ODD_CDB_5(12, 20)        \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_ODD_ABD_5( 8, 24)        \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_ODD_CDB_5( 7, 25)
+
+#define QUARTER_ROUND_EVEN_5()              \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_EVEN_ABD_5(16, 16)       \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_EVEN_CDB_5(12, 20)       \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_EVEN_ABD_5( 8, 24)       \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_EVEN_CDB_5( 7, 25)
+
+#define SHUFFLE_5(r, t, i)                  \
+        VRGATHER_VV(t + 0, i, r + 0)        \
+        VRGATHER_VV(t + 1, i, r + 4)        \
+        VRGATHER_VV(t + 2, i, r + 8)        \
+        VRGATHER_VV(t + 3, i, r + 12)       \
+        VRGATHER_VV(t + 4, i, r + 16)       \
+        VMV_V_V(r + 0, t + 0)               \
+        VMV_V_V(r + 4, t + 1)               \
+        VMV_V_V(r + 8, t + 2)               \
+        VMV_V_V(r + 12, t + 3)              \
+        VMV_V_V(r + 16, t + 4)
+
+#define ODD_SHUFFLE_5()                                                 \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        SHUFFLE_5(REG_V3, REG_V20, REG_V27)                             \
+        SHUFFLE_5(REG_V1, REG_V20, REG_V25)                             \
+        SHUFFLE_5(REG_V2, REG_V20, REG_V26)
+
+#define EVEN_SHUFFLE_5()                                                \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        SHUFFLE_5(REG_V3, REG_V20, REG_V25)                             \
+        SHUFFLE_5(REG_V1, REG_V20, REG_V27)                             \
+        SHUFFLE_5(REG_V2, REG_V20, REG_V26)
+
+static WC_INLINE void wc_chacha_encrypt_384(const word32* input, const byte* m,
+    byte* c, word32 bytes)
+{
+    word64 bytes64 = (word64)bytes;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - first block
+         * v4-v7 - second block
+         * v8-v11 - third block
+         * v12-v15 - fourth block
+         * v16-v19 - fifth block
+         * v20-v24 - temp/message
+         * v25-v27 - indices for rotating words in vector
+         * v28-v31 - input
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V28, REG_T2)
+        VID_V(REG_V20)
+        VSLIDEDOWN_VI(REG_V25, REG_V20, 1)
+        VSLIDEUP_VI(REG_V25, REG_V20, 3)
+        VSLIDEDOWN_VI(REG_V26, REG_V20, 2)
+        VSLIDEUP_VI(REG_V26, REG_V20, 2)
+        VSLIDEDOWN_VI(REG_V27, REG_V20, 3)
+        VSLIDEUP_VI(REG_V27, REG_V20, 1)
+        "\n"
+    "L_chacha20_riscv_384_outer:\n\t"
+        /* Move state into regular registers */
+        "ld     a4,  0(%[input])\n\t"
+        "ld     a6,  8(%[input])\n\t"
+        "ld     t3, 16(%[input])\n\t"
+        "ld     t5, 24(%[input])\n\t"
+        "ld     s2, 32(%[input])\n\t"
+        "ld     s4, 40(%[input])\n\t"
+        "lw     s7, 52(%[input])\n\t"
+        "ld     s8, 56(%[input])\n\t"
+        "srli   a5, a4, 32\n\t"
+        "srli   a7, a6, 32\n\t"
+        "srli   t4, t3, 32\n\t"
+        "srli   t6, t5, 32\n\t"
+        "srli   s3, s2, 32\n\t"
+        "srli   s5, s4, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+        VMV_X_S(REG_S6, REG_V31)
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V28, 4)
+        VMVR_V(REG_V4, REG_V28, 4)
+        VMVR_V(REG_V8, REG_V28, 4)
+        VMVR_V(REG_V12, REG_V28, 4)
+        VMVR_V(REG_V16, REG_V28, 4)
+        /* Set counter word */
+        "addi   t1, s6, 1\n\t"
+        VMV_S_X(REG_V7, REG_T1)
+        "addi   t1, s6, 2\n\t"
+        VMV_S_X(REG_V11, REG_T1)
+        "addi   t1, s6, 3\n\t"
+        VMV_S_X(REG_V15, REG_T1)
+        "addi   t1, s6, 4\n\t"
+        VMV_S_X(REG_V19, REG_T1)
+        "addi   s6, s6, 5\n\t"
+        /* Set number of odd+even rounds to perform */
+        "li     a3, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_384_loop:\n\t"
+        /* Odd Round */
+        QUARTER_ROUND_ODD_5()
+        ODD_SHUFFLE_5()
+        /* Even Round */
+        QUARTER_ROUND_EVEN_5()
+        EVEN_SHUFFLE_5()
+        "addi   a3, a3, -1\n\t"
+        "bnez   a3, L_chacha20_riscv_384_loop\n\t"
+        /* Load message */
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        /* Add back state, XOR in message and store (load next block) */
+        /* BLOCK 1 */
+        VADD_VV(REG_V0, REG_V0, REG_V28)
+        VADD_VV(REG_V1, REG_V1, REG_V29)
+        VADD_VV(REG_V2, REG_V2, REG_V30)
+        VADD_VV(REG_V3, REG_V3, REG_V31)
+        VXOR_VV(REG_V0, REG_V0, REG_V20)
+        VXOR_VV(REG_V1, REG_V1, REG_V21)
+        VXOR_VV(REG_V2, REG_V2, REG_V22)
+        VXOR_VV(REG_V3, REG_V3, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        VMV_X_S(REG_T0, REG_V31)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 2 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V4, REG_V4, REG_V28)
+        VADD_VV(REG_V5, REG_V5, REG_V29)
+        VADD_VV(REG_V6, REG_V6, REG_V30)
+        VADD_VV(REG_V7, REG_V7, REG_V31)
+        VXOR_VV(REG_V4, REG_V4, REG_V20)
+        VXOR_VV(REG_V5, REG_V5, REG_V21)
+        VXOR_VV(REG_V6, REG_V6, REG_V22)
+        VXOR_VV(REG_V7, REG_V7, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 3 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V8, REG_V8, REG_V28)
+        VADD_VV(REG_V9, REG_V9, REG_V29)
+        VADD_VV(REG_V10, REG_V10, REG_V30)
+        VADD_VV(REG_V11, REG_V11, REG_V31)
+        VXOR_VV(REG_V8, REG_V8, REG_V20)
+        VXOR_VV(REG_V9, REG_V9, REG_V21)
+        VXOR_VV(REG_V10, REG_V10, REG_V22)
+        VXOR_VV(REG_V11, REG_V11, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V8, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 4 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V12, REG_V12, REG_V28)
+        VADD_VV(REG_V13, REG_V13, REG_V29)
+        VADD_VV(REG_V14, REG_V14, REG_V30)
+        VADD_VV(REG_V15, REG_V15, REG_V31)
+        VXOR_VV(REG_V12, REG_V12, REG_V20)
+        VXOR_VV(REG_V13, REG_V13, REG_V21)
+        VXOR_VV(REG_V14, REG_V14, REG_V22)
+        VXOR_VV(REG_V15, REG_V15, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V12, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 5 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        VADD_VV(REG_V16, REG_V16, REG_V28)
+        VADD_VV(REG_V17, REG_V17, REG_V29)
+        VADD_VV(REG_V18, REG_V18, REG_V30)
+        VADD_VV(REG_V19, REG_V19, REG_V31)
+        VXOR_VV(REG_V16, REG_V16, REG_V20)
+        VXOR_VV(REG_V17, REG_V17, REG_V21)
+        VXOR_VV(REG_V18, REG_V18, REG_V22)
+        VXOR_VV(REG_V19, REG_V19, REG_V23)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V20, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V16, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 6 */
+        /* Move regular registers into vector registers for adding and xor */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V0, REG_A4)
+        VMV_S_X(REG_V1, REG_T3)
+        VMV_S_X(REG_V2, REG_S2)
+        VMV_S_X(REG_V3, REG_S6)
+        VMV_S_X(REG_V4, REG_A5)
+        VMV_S_X(REG_V5, REG_T4)
+        VMV_S_X(REG_V6, REG_S3)
+        VMV_S_X(REG_V7, REG_S7)
+        VSLIDEUP_VI(REG_V0, REG_V4, 1)
+        VSLIDEUP_VI(REG_V1, REG_V5, 1)
+        VSLIDEUP_VI(REG_V2, REG_V6, 1)
+        VSLIDEUP_VI(REG_V3, REG_V7, 1)
+        VMV_S_X(REG_V4, REG_A6)
+        VMV_S_X(REG_V5, REG_T5)
+        VMV_S_X(REG_V6, REG_S4)
+        VMV_S_X(REG_V7, REG_S8)
+        VSLIDEUP_VI(REG_V0, REG_V4, 2)
+        VSLIDEUP_VI(REG_V1, REG_V5, 2)
+        VSLIDEUP_VI(REG_V2, REG_V6, 2)
+        VSLIDEUP_VI(REG_V3, REG_V7, 2)
+        VMV_S_X(REG_V4, REG_A7)
+        VMV_S_X(REG_V5, REG_T6)
+        VMV_S_X(REG_V6, REG_S5)
+        VMV_S_X(REG_V7, REG_S9)
+        VSLIDEUP_VI(REG_V0, REG_V4, 3)
+        VSLIDEUP_VI(REG_V1, REG_V5, 3)
+        VSLIDEUP_VI(REG_V2, REG_V6, 3)
+        VSLIDEUP_VI(REG_V3, REG_V7, 3)
+        VMV_S_X(REG_V31, REG_T0)
+        /* Add back state, XOR in message and store */
+        VADD_VV(REG_V0, REG_V0, REG_V28)
+        VADD_VV(REG_V1, REG_V1, REG_V29)
+        VADD_VV(REG_V2, REG_V2, REG_V30)
+        VADD_VV(REG_V3, REG_V3, REG_V31)
+        VXOR_VV(REG_V0, REG_V0, REG_V20)
+        VXOR_VV(REG_V1, REG_V1, REG_V21)
+        VXOR_VV(REG_V2, REG_V2, REG_V22)
+        VXOR_VV(REG_V3, REG_V3, REG_V23)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        "addi   %[bytes], %[bytes], -384\n\t"
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V31, REG_T0)
+        "bnez   %[bytes], L_chacha20_riscv_384_outer\n\t"
+        : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64)
+        : [input] "r" (input)
+        : "memory", "t0", "t1", "t2", "s1", "a3",
+          "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s2", "s3", "s4", "s5",
+          "s6", "s7", "s8", "s9"
+    );
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND_ODD_ABD(s, sr)                       \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB(s, sr)                       \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD(s, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V3, s)                     \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V7, s)                     \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V11, s)                    \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        VSRL_VI(REG_V3, REG_V3, sr)                     \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        VSRL_VI(REG_V7, REG_V7, sr)                     \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V11, REG_V11, sr)                   \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        VOR_VV(REG_V3, REG_V3, REG_V20)                 \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        VOR_VV(REG_V7, REG_V7, REG_V21)                 \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V11, REG_V11, REG_V22)               \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB(s, sr)                      \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VSLL_VI(REG_V20, REG_V1, s)                     \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VSLL_VI(REG_V21, REG_V5, s)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VSLL_VI(REG_V22, REG_V9, s)                     \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        VSRL_VI(REG_V1, REG_V1, sr)                     \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        VSRL_VI(REG_V5, REG_V5, sr)                     \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        VSRL_VI(REG_V9, REG_V9, sr)                     \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        VOR_VV(REG_V1, REG_V1, REG_V20)                 \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        VOR_VV(REG_V5, REG_V5, REG_V21)                 \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        VOR_VV(REG_V9, REG_V9, REG_V22)                 \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION )
+
+#define PART_ROUND_ODD_ABD(s, sr)                       \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T0 ", " CC_D0 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "slli   " CC_T1 ", " CC_D1 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_D2 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_D3 ", " #s "\n\t"       \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB(s, sr)                       \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T0 ", " CC_B0 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "slli   " CC_T1 ", " CC_B1 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_B2 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_B3 ", " #s "\n\t"       \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD(s, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        "slli   " CC_T0 ", " CC_D3 ", " #s "\n\t"       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        "slli   " CC_T1 ", " CC_D0 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_D1 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_D2 ", " #s "\n\t"       \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB(s, sr)                      \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        "slli   " CC_T1 ", " CC_B2 ", " #s "\n\t"       \
+        "slli   " CC_T2 ", " CC_B3 ", " #s "\n\t"       \
+        "slli   " CC_T3 ", " CC_B0 ", " #s "\n\t"       \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#else
+
+#define PART_ROUND_ODD_ABD(s, sr)                       \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        RORIW(REG_S9, REG_S9, sr)
+
+#define PART_ROUND_ODD_CDB(s, sr)                       \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)
+
+#define PART_ROUND_EVEN_ABD(s, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        VADD_VV(REG_V0, REG_V0, REG_V1)                 \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        VADD_VV(REG_V4, REG_V4, REG_V5)                 \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        VADD_VV(REG_V8, REG_V8, REG_V9)                 \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        VXOR_VV(REG_V3, REG_V3, REG_V0)                 \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        VXOR_VV(REG_V7, REG_V7, REG_V4)                 \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        VXOR_VV(REG_V11, REG_V11, REG_V8)               \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        VROR_VI(REG_V3, sr, REG_V3)                     \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        VROR_VI(REG_V7, sr, REG_V7)                     \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        VROR_VI(REG_V11, sr, REG_V11)                   \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)
+
+#define PART_ROUND_EVEN_CDB(s, sr)                      \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        VADD_VV(REG_V2, REG_V2, REG_V3)                 \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        VADD_VV(REG_V6, REG_V6, REG_V7)                 \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        VADD_VV(REG_V10, REG_V10, REG_V11)              \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        VXOR_VV(REG_V1, REG_V1, REG_V2)                 \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        VXOR_VV(REG_V5, REG_V5, REG_V6)                 \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        VXOR_VV(REG_V9, REG_V9, REG_V10)                \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        VROR_VI(REG_V1, sr, REG_V1)                     \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        VROR_VI(REG_V5, sr, REG_V5)                     \
+        "slli   " CC_T0 ", " CC_B1 ", " #s "\n\t"       \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        VROR_VI(REG_V9, sr, REG_V9)                     \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        RORIW(REG_T3, REG_T3, sr)
+
+#endif
+
+#define QUARTER_ROUND_ODD_4()               \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_ODD_ABD(16, 16)          \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_ODD_CDB(12, 20)          \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_ODD_ABD( 8, 24)          \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_ODD_CDB( 7, 25)
+
+#define QUARTER_ROUND_EVEN_4()              \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_EVEN_ABD(16, 16)         \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_EVEN_CDB(12, 20)         \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_EVEN_ABD( 8, 24)         \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_EVEN_CDB( 7, 25)
+
+#define SHUFFLE_4(r, t, i)                  \
+        VRGATHER_VV(t + 0, i, r + 0)        \
+        VRGATHER_VV(t + 1, i, r + 4)        \
+        VRGATHER_VV(t + 2, i, r + 8)        \
+        VMV_V_V(r + 0, t + 0)               \
+        VMV_V_V(r + 4, t + 1)               \
+        VMV_V_V(r + 8, t + 2)
+
+#define ODD_SHUFFLE_4()                                                 \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        SHUFFLE_4(REG_V3, REG_V20, REG_V25)                             \
+        SHUFFLE_4(REG_V1, REG_V20, REG_V23)                             \
+        SHUFFLE_4(REG_V2, REG_V20, REG_V24)
+
+#define EVEN_SHUFFLE_4()                                                \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        SHUFFLE_4(REG_V3, REG_V20, REG_V23)                             \
+        SHUFFLE_4(REG_V1, REG_V20, REG_V25)                             \
+        SHUFFLE_4(REG_V2, REG_V20, REG_V24)
+
+/**
+  * Converts word into bytes with rotations having been done.
+  */
+static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m,
+    byte* c)
+{
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - first block
+         * v4-v7 - second block
+         * v8-v11 - third block
+         * v12-v15 - message
+         * v16-v19 - input
+         * v20-v22 - temp
+         * v23-v25 - indices for rotating words in vector
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V16, REG_T2)
+        VID_V(REG_V20)
+        VSLIDEDOWN_VI(REG_V23, REG_V20, 1)
+        VSLIDEUP_VI(REG_V23, REG_V20, 3)
+        VSLIDEDOWN_VI(REG_V24, REG_V20, 2)
+        VSLIDEUP_VI(REG_V24, REG_V20, 2)
+        VSLIDEDOWN_VI(REG_V25, REG_V20, 3)
+        VSLIDEUP_VI(REG_V25, REG_V20, 1)
+        /* Move state into regular registers */
+        "ld     a4,  0(%[input])\n\t"
+        "ld     a6,  8(%[input])\n\t"
+        "ld     t3, 16(%[input])\n\t"
+        "ld     t5, 24(%[input])\n\t"
+        "ld     s2, 32(%[input])\n\t"
+        "ld     s4, 40(%[input])\n\t"
+        "ld     s6, 48(%[input])\n\t"
+        "ld     s8, 56(%[input])\n\t"
+        "srli   a5, a4, 32\n\t"
+        "srli   a7, a6, 32\n\t"
+        "srli   t4, t3, 32\n\t"
+        "srli   t6, t5, 32\n\t"
+        "srli   s3, s2, 32\n\t"
+        "srli   s5, s4, 32\n\t"
+        "srli   s7, s6, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V16, 4)
+        "addi   t0, s6, 1\n\t"
+        VMVR_V(REG_V4, REG_V16, 4)
+        "addi   t1, s6, 2\n\t"
+        VMVR_V(REG_V8, REG_V16, 4)
+        "addi   s6, s6, 3\n\t"
+        /* Set counter word */
+        VMV_S_X(REG_V7, REG_T0)
+        VMV_S_X(REG_V11, REG_T1)
+        /* Set number of odd+even rounds to perform */
+        "li     a3, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_256_loop:\n\t"
+        /* Odd Round */
+        QUARTER_ROUND_ODD_4()
+        ODD_SHUFFLE_4()
+        "addi   a3, a3, -1\n\t"
+        /* Even Round */
+        QUARTER_ROUND_EVEN_4()
+        EVEN_SHUFFLE_4()
+        "bnez   a3, L_chacha20_riscv_256_loop\n\t"
+        /* Load message */
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        /* Add back state, XOR in message and store (load next block) */
+        /* BLOCK 1 */
+        VADD_VV(REG_V0, REG_V0, REG_V16)
+        VADD_VV(REG_V1, REG_V1, REG_V17)
+        VADD_VV(REG_V2, REG_V2, REG_V18)
+        VADD_VV(REG_V3, REG_V3, REG_V19)
+        VXOR_VV(REG_V0, REG_V0, REG_V12)
+        VXOR_VV(REG_V1, REG_V1, REG_V13)
+        VXOR_VV(REG_V2, REG_V2, REG_V14)
+        VXOR_VV(REG_V3, REG_V3, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        VMV_X_S(REG_T0, REG_V19)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 2 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V19, REG_T0)
+        VADD_VV(REG_V4, REG_V4, REG_V16)
+        VADD_VV(REG_V5, REG_V5, REG_V17)
+        VADD_VV(REG_V6, REG_V6, REG_V18)
+        VADD_VV(REG_V7, REG_V7, REG_V19)
+        VXOR_VV(REG_V4, REG_V4, REG_V12)
+        VXOR_VV(REG_V5, REG_V5, REG_V13)
+        VXOR_VV(REG_V6, REG_V6, REG_V14)
+        VXOR_VV(REG_V7, REG_V7, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 3 */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V19, REG_T0)
+        VADD_VV(REG_V8, REG_V8, REG_V16)
+        VADD_VV(REG_V9, REG_V9, REG_V17)
+        VADD_VV(REG_V10, REG_V10, REG_V18)
+        VADD_VV(REG_V11, REG_V11, REG_V19)
+        VXOR_VV(REG_V8, REG_V8, REG_V12)
+        VXOR_VV(REG_V9, REG_V9, REG_V13)
+        VXOR_VV(REG_V10, REG_V10, REG_V14)
+        VXOR_VV(REG_V11, REG_V11, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V8, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        /* BLOCK 4 */
+        /* Move regular registers into vector registers for adding and xor */
+        "addi   t0, t0, 1\n\t"
+        VMV_S_X(REG_V0, REG_A4)
+        VMV_S_X(REG_V1, REG_T3)
+        VMV_S_X(REG_V2, REG_S2)
+        VMV_S_X(REG_V3, REG_S6)
+        VMV_S_X(REG_V4, REG_A5)
+        VMV_S_X(REG_V5, REG_T4)
+        VMV_S_X(REG_V6, REG_S3)
+        VMV_S_X(REG_V7, REG_S7)
+        VSLIDEUP_VI(REG_V0, REG_V4, 1)
+        VSLIDEUP_VI(REG_V1, REG_V5, 1)
+        VSLIDEUP_VI(REG_V2, REG_V6, 1)
+        VSLIDEUP_VI(REG_V3, REG_V7, 1)
+        VMV_S_X(REG_V4, REG_A6)
+        VMV_S_X(REG_V5, REG_T5)
+        VMV_S_X(REG_V6, REG_S4)
+        VMV_S_X(REG_V7, REG_S8)
+        VSLIDEUP_VI(REG_V0, REG_V4, 2)
+        VSLIDEUP_VI(REG_V1, REG_V5, 2)
+        VSLIDEUP_VI(REG_V2, REG_V6, 2)
+        VSLIDEUP_VI(REG_V3, REG_V7, 2)
+        VMV_S_X(REG_V4, REG_A7)
+        VMV_S_X(REG_V5, REG_T6)
+        VMV_S_X(REG_V6, REG_S5)
+        VMV_S_X(REG_V7, REG_S9)
+        VSLIDEUP_VI(REG_V0, REG_V4, 3)
+        VSLIDEUP_VI(REG_V1, REG_V5, 3)
+        VSLIDEUP_VI(REG_V2, REG_V6, 3)
+        VSLIDEUP_VI(REG_V3, REG_V7, 3)
+        VMV_S_X(REG_V19, REG_T0)
+        /* Add back state, XOR in message and store */
+        VADD_VV(REG_V0, REG_V0, REG_V16)
+        VADD_VV(REG_V1, REG_V1, REG_V17)
+        VADD_VV(REG_V2, REG_V2, REG_V18)
+        VADD_VV(REG_V3, REG_V3, REG_V19)
+        VXOR_VV(REG_V0, REG_V0, REG_V12)
+        VXOR_VV(REG_V1, REG_V1, REG_V13)
+        VXOR_VV(REG_V2, REG_V2, REG_V14)
+        VXOR_VV(REG_V3, REG_V3, REG_V15)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        : [m] "+r" (m), [c] "+r" (c)
+        : [input] "r" (input)
+        : "memory", "t0", "t1", "t2", "s1", "a3",
+          "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s2", "s3", "s4", "s5",
+          "s6", "s7", "s8", "s9"
+    );
+    return CHACHA_CHUNK_BYTES * 4;
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr)    \
+        VADD_VV(a, a, b)                                    \
+        VADD_VV(a2, a2, b2)                                 \
+        VXOR_VV(d, d, a)                                    \
+        VXOR_VV(d2, d2, a2)                                 \
+        VSLL_VI(t, d, sl)                                   \
+        VSLL_VI(t2, d2, sl)                                 \
+        VSRL_VI(d, d, sr)                                   \
+        VSRL_VI(d2, d2, sr)                                 \
+        VOR_VV(d, d, t)                                     \
+        VOR_VV(d2, d2, t2)
+
+#else
+
+#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr)    \
+        VADD_VV(a, a, b)                                    \
+        VADD_VV(a2, a2, b2)                                 \
+        VXOR_VV(d, d, a)                                    \
+        VXOR_VV(d2, d2, a2)                                 \
+        VROR_VI(d, sr, d)                                   \
+        VROR_VI(d2, sr, d2)
+
+#endif
+
+#define QUARTER_ROUND_2(a, b, c, d, t, a2, b2, c2, d2, t2)  \
+        /* a += b; d ^= a; d <<<= 16; */                    \
+        PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, 16, 16)    \
+        /* c += d; b ^= c; b <<<= 12; */                    \
+        PART_ROUND_2(c, d, b, t, c2, d2, b2, t2, 12, 20)    \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_2(a, b, d, t, a2, b2, d2, t2,  8, 24)    \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_2(c, d, b, t, c2, d2, b2, t2,  7, 25)
+
+#define ODD_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2)                       \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        VRGATHER_VV(t, REG_V25, d)                                      \
+        VRGATHER_VV(t2, REG_V25, d2)                                    \
+        VMV_V_V(d, t)                                                   \
+        VMV_V_V(d2, t2)                                                 \
+        VRGATHER_VV(t, REG_V23, b)                                      \
+        VRGATHER_VV(t2, REG_V23, b2)                                    \
+        VMV_V_V(b, t)                                                   \
+        VMV_V_V(b2, t2)                                                 \
+        VRGATHER_VV(t, REG_V24, c)                                      \
+        VRGATHER_VV(t2, REG_V24, c2)                                    \
+        VMV_V_V(c, t)                                                   \
+        VMV_V_V(c2, t2)
+
+#define EVEN_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2)                      \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        VRGATHER_VV(t, REG_V23, d)                                      \
+        VRGATHER_VV(t2, REG_V23, d2)                                    \
+        VMV_V_V(d, t)                                                   \
+        VMV_V_V(d2, t2)                                                 \
+        VRGATHER_VV(t, REG_V25, b)                                      \
+        VRGATHER_VV(t2, REG_V25, b2)                                    \
+        VMV_V_V(b, t)                                                   \
+        VMV_V_V(b2, t2)                                                 \
+        VRGATHER_VV(t, REG_V24, c)                                      \
+        VRGATHER_VV(t2, REG_V24, c2)                                    \
+        VMV_V_V(c, t)                                                   \
+        VMV_V_V(c2, t2)
+
+
+static WC_INLINE int wc_chacha_encrypt_128(const word32* input, const byte* m,
+     byte* c)
+{
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - first block
+         * v4-v7 - second block
+         * v12-v15 - message
+         * v16-v19 - input
+         * v20-v22 - temp
+         * v23-v25 - indices for rotating words in vector
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load incrementer register to modify counter */
+        "mv     t2, %[L_chacha20_vec_inc_first_word]\n\t"
+        VL1RE32_V(REG_V22, REG_T2)
+        VID_V(REG_V20)
+        VSLIDEDOWN_VI(REG_V23, REG_V20, 1)
+        VSLIDEUP_VI(REG_V23, REG_V20, 3)
+        VSLIDEDOWN_VI(REG_V24, REG_V20, 2)
+        VSLIDEUP_VI(REG_V24, REG_V20, 2)
+        VSLIDEDOWN_VI(REG_V25, REG_V20, 3)
+        VSLIDEUP_VI(REG_V25, REG_V20, 1)
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V16, REG_T2)
+        /* Load message */
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "addi   %[m], %[m], 64\n\t"
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V16, 4)
+        VMVR_V(REG_V4, REG_V16, 4)
+        /* Add counter word */
+        VADD_VV(REG_V7, REG_V7, REG_V22)
+        /* Set number of odd+even rounds to perform */
+        "li     t0, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_128_loop:\n\t"
+        QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20,
+                        REG_V4, REG_V5, REG_V6, REG_V7, REG_V21)
+        ODD_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20,
+                      REG_V5, REG_V6, REG_V7, REG_V21)
+        QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20,
+                        REG_V4, REG_V5, REG_V6, REG_V7, REG_V21)
+        EVEN_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20,
+                       REG_V5, REG_V6, REG_V7, REG_V21)
+        "addi   t0, t0, -1\n\t"
+        "bnez   t0, L_chacha20_riscv_128_loop\n\t"
+        /* Add back state, XOR in message and store (load next block) */
+        VADD_VV(REG_V0, REG_V0, REG_V16)
+        VADD_VV(REG_V1, REG_V1, REG_V17)
+        VADD_VV(REG_V2, REG_V2, REG_V18)
+        VADD_VV(REG_V3, REG_V3, REG_V19)
+        VXOR_VV(REG_V0, REG_V0, REG_V12)
+        VXOR_VV(REG_V1, REG_V1, REG_V13)
+        VXOR_VV(REG_V2, REG_V2, REG_V14)
+        VXOR_VV(REG_V3, REG_V3, REG_V15)
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V12, REG_T2)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V0, REG_T2)
+        "addi   %[c], %[c], 64\n\t"
+        VADD_VV(REG_V19, REG_V19, REG_V22)
+        VADD_VV(REG_V4, REG_V4, REG_V16)
+        VADD_VV(REG_V5, REG_V5, REG_V17)
+        VADD_VV(REG_V6, REG_V6, REG_V18)
+        VADD_VV(REG_V7, REG_V7, REG_V19)
+        VXOR_VV(REG_V4, REG_V4, REG_V12)
+        VXOR_VV(REG_V5, REG_V5, REG_V13)
+        VXOR_VV(REG_V6, REG_V6, REG_V14)
+        VXOR_VV(REG_V7, REG_V7, REG_V15)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        : [m] "+r" (m), [c] "+r" (c)
+        : [input] "r" (input),
+          [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word)
+        : "memory", "t0", "t1", "t2"
+    );
+    return CHACHA_CHUNK_BYTES * 2;
+}
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define PART_ROUND(a, b, d, t, sl, sr)      \
+        VADD_VV(a, a, b)                    \
+        VXOR_VV(d, d, a)                    \
+        VSLL_VI(t, d, sl)                   \
+        VSRL_VI(d, d, sr)                   \
+        VOR_VV(d, d, t)
+
+#else
+
+#define PART_ROUND(a, b, d, t, sl, sr)      \
+        VADD_VV(a, a, b)                    \
+        VXOR_VV(d, d, a)                    \
+        VROR_VI(d, sr, d)
+
+#endif
+
+#define QUARTER_ROUND(a, b, c, d, t)        \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND(a, b, d, t, 16, 16)      \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND(c, d, b, t, 12, 20)      \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND(a, b, d, t,  8, 24)      \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND(c, d, b, t,  7, 25)
+
+#define ODD_SHUFFLE(b, c, d, t)                                         \
+        /*    a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15          \
+         * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */       \
+        VSLIDEDOWN_VI(t, d, 3)                                          \
+        VSLIDEUP_VI(t, d, 1)                                            \
+        VMV_V_V(d, t)                                                   \
+        VSLIDEDOWN_VI(t, b, 1)                                          \
+        VSLIDEUP_VI(t, b, 3)                                            \
+        VMV_V_V(b, t)                                                   \
+        VSLIDEDOWN_VI(t, c, 2)                                          \
+        VSLIDEUP_VI(t, c, 2)                                            \
+        VMV_V_V(c, t)
+
+#define EVEN_SHUFFLE(b, c, d, t)                                        \
+        /*    a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14          \
+         * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */       \
+        VSLIDEDOWN_VI(t, d, 1)                                          \
+        VSLIDEUP_VI(t, d, 3)                                            \
+        VMV_V_V(d, t)                                                   \
+        VSLIDEDOWN_VI(t, b, 3)                                          \
+        VSLIDEUP_VI(t, b, 1)                                            \
+        VMV_V_V(b, t)                                                   \
+        VSLIDEDOWN_VI(t, c, 2)                                          \
+        VSLIDEUP_VI(t, c, 2)                                            \
+        VMV_V_V(c, t)
+
+#define EIGHT_QUARTER_ROUNDS(a, b, c, d, t) \
+        /* Odd Round */                     \
+        QUARTER_ROUND(a, b, c, d, t)        \
+        ODD_SHUFFLE(b, c, d, t)             \
+        /* Even Round */                    \
+        QUARTER_ROUND(a, b, c, d, t)        \
+        EVEN_SHUFFLE(b, c, d, t)
+
+static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m,
+    byte* c, word32 bytes, byte* over)
+{
+    word64 bytes64 = (word64)bytes;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        /* The layout of used vector registers is:
+         * v0-v3 - block
+         * v4-v7 - message
+         * v8-v11 - input
+         * v12 - temp
+         *
+         * v0  0  1  2  3
+         * v1  4  5  6  7
+         * v2  8  9 10 11
+         * v3 12 13 14 15
+         * load CHACHA state with indices placed as shown above
+         */
+
+        /* Load incrementer register to modify counter */
+        "mv     t2, %[L_chacha20_vec_inc_first_word]\n\t"
+        VL1RE32_V(REG_V13, REG_T2)
+        /* Load state to encrypt */
+        "mv     t2, %[input]\n\t"
+        VL4RE32_V(REG_V8, REG_T2)
+        "\n"
+    "L_chacha20_riscv_64_loop:\n\t"
+        /* Move state into vector registers */
+        VMVR_V(REG_V0, REG_V8, 4)
+        /* Add counter word */
+        /* Odd Round */
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12)
+        "addi   t1, %[bytes], -64\n\t"
+        /* Add back state */
+        VADD_VV(REG_V0, REG_V0, REG_V8)
+        VADD_VV(REG_V1, REG_V1, REG_V9)
+        VADD_VV(REG_V2, REG_V2, REG_V10)
+        VADD_VV(REG_V3, REG_V3, REG_V11)
+        "bltz   t1, L_chacha20_riscv_64_lt_64\n\t"
+        "mv     t2, %[m]\n\t"
+        VL4RE32_V(REG_V4, REG_T2)
+        VXOR_VV(REG_V4, REG_V4, REG_V0)
+        VXOR_VV(REG_V5, REG_V5, REG_V1)
+        VXOR_VV(REG_V6, REG_V6, REG_V2)
+        VXOR_VV(REG_V7, REG_V7, REG_V3)
+        "mv     t2, %[c]\n\t"
+        VS4R_V(REG_V4, REG_T2)
+        "addi   %[bytes], %[bytes], -64\n\t"
+        "addi   %[c], %[c], 64\n\t"
+        "addi   %[m], %[m], 64\n\t"
+        VADD_VV(REG_V11, REG_V11, REG_V13)
+        "bnez   %[bytes], L_chacha20_riscv_64_loop\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        "\n"
+    "L_chacha20_riscv_64_lt_64:\n\t"
+        "mv     t2, %[over]\n\t"
+        "addi   t1, %[bytes], -32\n\t"
+        VS4R_V(REG_V0, REG_T2)
+
+        "bltz   t1, L_chacha20_riscv_64_lt_32\n\t"
+        "mv     t2, %[m]\n\t"
+        VL2RE32_V(REG_V4, REG_T2)
+        VXOR_VV(REG_V4, REG_V4, REG_V0)
+        VXOR_VV(REG_V5, REG_V5, REG_V1)
+        "mv     t2, %[c]\n\t"
+        VS2R_V(REG_V4, REG_T2)
+        "addi   %[bytes], %[bytes], -32\n\t"
+        "addi   %[c], %[c], 32\n\t"
+        "addi   %[m], %[m], 32\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        VMVR_V(REG_V0, REG_V2, 2)
+        "\n"
+    "L_chacha20_riscv_64_lt_32:\n\t"
+        "addi   t1, %[bytes], -16\n\t"
+        "bltz   t1, L_chacha20_riscv_64_lt_16\n\t"
+        "mv     t2, %[m]\n\t"
+        VL1RE32_V(REG_V4, REG_T2)
+        VXOR_VV(REG_V4, REG_V4, REG_V0)
+        "mv     t2, %[c]\n\t"
+        VS1R_V(REG_V4, REG_T2)
+        "addi   %[bytes], %[bytes], -16\n\t"
+        "addi   %[c], %[c], 16\n\t"
+        "addi   %[m], %[m], 16\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        VMV_V_V(REG_V0, REG_V1)
+        "\n"
+    "L_chacha20_riscv_64_lt_16:\n\t"
+        "addi   t1, %[bytes], -8\n\t"
+        "bltz   t1, L_chacha20_riscv_64_lt_8\n\t"
+        VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000)
+        VMV_X_S(REG_T0, REG_V0)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        "ld     t1, (%[m])\n\t"
+        "xor    t1, t1, t0\n\t"
+        "sd     t1, (%[c])\n\t"
+        "addi   %[bytes], %[bytes], -8\n\t"
+        "addi   %[c], %[c], 8\n\t"
+        "addi   %[m], %[m], 8\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_64_done\n\t"
+        VSLIDEDOWN_VI(REG_V0, REG_V0, 2)
+        "\n"
+    "L_chacha20_riscv_64_lt_8:\n\t"
+        "addi   %[bytes], %[bytes], -1\n\t"
+        VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000)
+        VMV_X_S(REG_T0, REG_V0)
+        VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000)
+        "\n"
+    "L_chacha20_riscv_64_loop_lt_8:\n\t"
+        "addi   %[bytes], %[bytes], -1\n\t"
+        "lb     t1, (%[m])\n\t"
+        "addi   %[m], %[m], 1\n\t"
+        "xor    t1, t1, t0\n\t"
+        "sb     t1, (%[c])\n\t"
+        "addi   %[c], %[c], 1\n\t"
+        "srli   t0, t0, 8\n\t"
+        "bgez   %[bytes], L_chacha20_riscv_64_loop_lt_8\n\t"
+        "\n"
+    "L_chacha20_riscv_64_done:\n\t"
+        : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64)
+        : [input] "r" (input), [over] "r" (over),
+          [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word)
+        : "memory", "t0", "t1", "t2"
+    );
+}
+
+/**
+ * Encrypt a stream of bytes
+ */
+static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
+    word32 bytes)
+{
+    int    processed;
+
+    if (bytes >= CHACHA_CHUNK_BYTES * 6) {
+        processed = (bytes / (CHACHA_CHUNK_BYTES * 6)) * CHACHA_CHUNK_BYTES * 6;
+        wc_chacha_encrypt_384(ctx->X, m, c, processed);
+
+        bytes -= processed;
+        c += processed;
+        m += processed;
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
+    }
+    if (bytes >= CHACHA_CHUNK_BYTES * 4) {
+        processed = wc_chacha_encrypt_256(ctx->X, m, c);
+
+        bytes -= processed;
+        c += processed;
+        m += processed;
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
+    }
+    if (bytes >= CHACHA_CHUNK_BYTES * 2) {
+        processed = wc_chacha_encrypt_128(ctx->X, m, c);
+
+        bytes -= processed;
+        c += processed;
+        m += processed;
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
+    }
+    if (bytes > 0) {
+        wc_chacha_encrypt_64(ctx->X, m, c, bytes, (byte*)ctx->over);
+        if (bytes > CHACHA_CHUNK_BYTES)
+            ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
+        ctx->left = CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1));
+        ctx->left &= CHACHA_CHUNK_BYTES - 1;
+        ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
+    }
+}
+
+#else
+
+#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
+
+#define PART_ROUND_ODD_ABD(sl, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        "slli   " CC_T0 ", " CC_D0 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_D1 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_D2 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_D3 ", " #sl "\n\t"      \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t"    \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_ODD_CDB(sl, sr)                      \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        "slli   " CC_T0 ", " CC_B0 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_B1 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_B2 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_B3 ", " #sl "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t"    \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_ABD(sl, sr)                     \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        "slli   " CC_T0 ", " CC_D3 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_D0 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_D1 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_D2 ", " #sl "\n\t"      \
+        "srliw  " CC_D3 ", " CC_D3 ", " #sr "\n\t"      \
+        "srliw  " CC_D0 ", " CC_D0 ", " #sr "\n\t"      \
+        "srliw  " CC_D1 ", " CC_D1 ", " #sr "\n\t"      \
+        "srliw  " CC_D2 ", " CC_D2 ", " #sr "\n\t"      \
+        "or     " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t"    \
+        "or     " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t"    \
+        "or     " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t"    \
+        "or     " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t"
+
+#define PART_ROUND_EVEN_CDB(sl, sr)                     \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        "slli   " CC_T0 ", " CC_B1 ", " #sl "\n\t"      \
+        "slli   " CC_T1 ", " CC_B2 ", " #sl "\n\t"      \
+        "slli   " CC_T2 ", " CC_B3 ", " #sl "\n\t"      \
+        "slli   " CC_T3 ", " CC_B0 ", " #sl "\n\t"      \
+        "srliw  " CC_B1 ", " CC_B1 ", " #sr "\n\t"      \
+        "srliw  " CC_B2 ", " CC_B2 ", " #sr "\n\t"      \
+        "srliw  " CC_B3 ", " CC_B3 ", " #sr "\n\t"      \
+        "srliw  " CC_B0 ", " CC_B0 ", " #sr "\n\t"      \
+        "or     " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t"    \
+        "or     " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t"    \
+        "or     " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t"    \
+        "or     " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t"
+
+#else
+
+#define PART_ROUND_ODD_ABD(sl, sr)                      \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t"    \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)                       \
+        RORIW(REG_S9, REG_S9, sr)
+
+#define PART_ROUND_ODD_CDB(sl, sr)                      \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t"    \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t"    \
+        RORIW(REG_T3, REG_T3, sr)                       \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)
+
+#define PART_ROUND_EVEN_ABD(sl, sr)                     \
+        "add    " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t"    \
+        "add    " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t"    \
+        "add    " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t"    \
+        "add    " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t"    \
+        "xor    " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t"    \
+        "xor    " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t"    \
+        "xor    " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t"    \
+        "xor    " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t"    \
+        RORIW(REG_S9, REG_S9, sr)                       \
+        RORIW(REG_S6, REG_S6, sr)                       \
+        RORIW(REG_S7, REG_S7, sr)                       \
+        RORIW(REG_S8, REG_S8, sr)
+
+#define PART_ROUND_EVEN_CDB(sl, sr)                     \
+        "add    " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t"    \
+        "add    " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t"    \
+        "add    " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t"    \
+        "add    " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t"    \
+        "xor    " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t"    \
+        "xor    " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t"    \
+        "xor    " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t"    \
+        "xor    " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t"    \
+        RORIW(REG_T4, REG_T4, sr)                       \
+        RORIW(REG_T5, REG_T5, sr)                       \
+        RORIW(REG_T6, REG_T6, sr)                       \
+        RORIW(REG_T3, REG_T3, sr)
+
+#endif
+
+#define QUARTER_ROUND_ODD()                 \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_ODD_ABD(16, 16)          \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_ODD_CDB(12, 20)          \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_ODD_ABD( 8, 24)          \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_ODD_CDB( 7, 25)
+
+#define QUARTER_ROUND_EVEN()                \
+        /* a += b; d ^= a; d <<<= 16; */    \
+        PART_ROUND_EVEN_ABD(16, 16)         \
+        /* c += d; b ^= c; b <<<= 12; */    \
+        PART_ROUND_EVEN_CDB(12, 20)         \
+        /* a += b; d ^= a; d <<<= 8; */     \
+        PART_ROUND_EVEN_ABD( 8, 24)         \
+        /* c += d; b ^= c; b <<<= 7; */     \
+        PART_ROUND_EVEN_CDB( 7, 25)
+
+
+static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m,
+    byte* c, word32 bytes, word32* over)
+{
+    __asm__ __volatile__ (
+        /* Ensure 64-bit bytes has top bits clear. */
+        "slli   %[bytes], %[bytes], 32\n\t"
+        "srli   %[bytes], %[bytes], 32\n\t"
+
+    "L_chacha20_riscv_outer:\n\t"
+        /* Move state into regular registers */
+        "ld     a4,  0(%[input])\n\t"
+        "ld     a6,  8(%[input])\n\t"
+        "ld     t3, 16(%[input])\n\t"
+        "ld     t5, 24(%[input])\n\t"
+        "ld     s2, 32(%[input])\n\t"
+        "ld     s4, 40(%[input])\n\t"
+        "ld     s6, 48(%[input])\n\t"
+        "ld     s8, 56(%[input])\n\t"
+        "srli   a5, a4, 32\n\t"
+        "srli   a7, a6, 32\n\t"
+        "srli   t4, t3, 32\n\t"
+        "srli   t6, t5, 32\n\t"
+        "srli   s3, s2, 32\n\t"
+        "srli   s5, s4, 32\n\t"
+        "srli   s7, s6, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+
+        /* Set number of odd+even rounds to perform */
+        "li     a3, 10\n\t"
+        "\n"
+    "L_chacha20_riscv_loop:\n\t"
+        /* Odd Round */
+        QUARTER_ROUND_ODD()
+        "addi   a3, a3, -1\n\t"
+        /* Even Round */
+        QUARTER_ROUND_EVEN()
+        "bnez   a3, L_chacha20_riscv_loop\n\t"
+
+        "addi   %[bytes], %[bytes], -64\n\t"
+
+        "ld     t0, 0(%[input])\n\t"
+        "ld     t1, 8(%[input])\n\t"
+        "ld     t2, 16(%[input])\n\t"
+        "ld     s1, 24(%[input])\n\t"
+        "add    a4, a4, t0\n\t"
+        "add    a6, a6, t1\n\t"
+        "add    t3, t3, t2\n\t"
+        "add    t5, t5, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "add    a5, a5, t0\n\t"
+        "add    a7, a7, t1\n\t"
+        "add    t4, t4, t2\n\t"
+        "add    t6, t6, s1\n\t"
+        "ld     t0, 32(%[input])\n\t"
+        "ld     t1, 40(%[input])\n\t"
+        "ld     t2, 48(%[input])\n\t"
+        "ld     s1, 56(%[input])\n\t"
+        "add    s2, s2, t0\n\t"
+        "add    s4, s4, t1\n\t"
+        "add    s6, s6, t2\n\t"
+        "addi   t2, t2, 1\n\t"
+        "add    s8, s8, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "sw     t2, 48(%[input])\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "add    s3, s3, t0\n\t"
+        "add    s5, s5, t1\n\t"
+        "add    s7, s7, t2\n\t"
+        "add    s9, s9, s1\n\t"
+
+        "bltz   %[bytes], L_chacha20_riscv_over\n\t"
+
+#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION)
+        "ld     t0, 0(%[m])\n\t"
+        "ld     t1, 8(%[m])\n\t"
+        "ld     t2, 16(%[m])\n\t"
+        "ld     s1, 24(%[m])\n\t"
+        "xor    a4, a4, t0\n\t"
+        "xor    a6, a6, t1\n\t"
+        "xor    t3, t3, t2\n\t"
+        "xor    t5, t5, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "xor    a5, a5, t0\n\t"
+        "xor    a7, a7, t1\n\t"
+        "xor    t4, t4, t2\n\t"
+        "xor    t6, t6, s1\n\t"
+        "ld     t0, 32(%[m])\n\t"
+        "ld     t1, 40(%[m])\n\t"
+        "ld     t2, 48(%[m])\n\t"
+        "ld     s1, 56(%[m])\n\t"
+        "xor    s2, s2, t0\n\t"
+        "xor    s4, s4, t1\n\t"
+        "xor    s6, s6, t2\n\t"
+        "xor    s8, s8, s1\n\t"
+        "srli   t0, t0, 32\n\t"
+        "srli   t1, t1, 32\n\t"
+        "srli   t2, t2, 32\n\t"
+        "srli   s1, s1, 32\n\t"
+        "xor    s3, s3, t0\n\t"
+        "xor    s5, s5, t1\n\t"
+        "xor    s7, s7, t2\n\t"
+        "xor    s9, s9, s1\n\t"
+        "sw     a4, 0(%[c])\n\t"
+        "sw     a5, 4(%[c])\n\t"
+        "sw     a6, 8(%[c])\n\t"
+        "sw     a7, 12(%[c])\n\t"
+        "sw     t3, 16(%[c])\n\t"
+        "sw     t4, 20(%[c])\n\t"
+        "sw     t5, 24(%[c])\n\t"
+        "sw     t6, 28(%[c])\n\t"
+        "sw     s2, 32(%[c])\n\t"
+        "sw     s3, 36(%[c])\n\t"
+        "sw     s4, 40(%[c])\n\t"
+        "sw     s5, 44(%[c])\n\t"
+        "sw     s6, 48(%[c])\n\t"
+        "sw     s7, 52(%[c])\n\t"
+        "sw     s8, 56(%[c])\n\t"
+        "sw     s9, 60(%[c])\n\t"
+#else
+        PACK(REG_A4, REG_A4, REG_A5)
+        PACK(REG_A6, REG_A6, REG_A7)
+        PACK(REG_T3, REG_T3, REG_T4)
+        PACK(REG_T5, REG_T5, REG_T6)
+        PACK(REG_S2, REG_S2, REG_S3)
+        PACK(REG_S4, REG_S4, REG_S5)
+        PACK(REG_S6, REG_S6, REG_S7)
+        PACK(REG_S8, REG_S8, REG_S9)
+        "ld     a5, 0(%[m])\n\t"
+        "ld     a7, 8(%[m])\n\t"
+        "ld     t4, 16(%[m])\n\t"
+        "ld     t6, 24(%[m])\n\t"
+        "ld     s3, 32(%[m])\n\t"
+        "ld     s5, 40(%[m])\n\t"
+        "ld     s7, 48(%[m])\n\t"
+        "ld     s9, 56(%[m])\n\t"
+        "xor    a4, a4, a5\n\t"
+        "xor    a6, a6, a7\n\t"
+        "xor    t3, t3, t4\n\t"
+        "xor    t5, t5, t6\n\t"
+        "xor    s2, s2, s3\n\t"
+        "xor    s4, s4, s5\n\t"
+        "xor    s6, s6, s7\n\t"
+        "xor    s8, s8, s9\n\t"
+        "sd     a4, 0(%[c])\n\t"
+        "sd     a6, 8(%[c])\n\t"
+        "sd     t3, 16(%[c])\n\t"
+        "sd     t5, 24(%[c])\n\t"
+        "sd     s2, 32(%[c])\n\t"
+        "sd     s4, 40(%[c])\n\t"
+        "sd     s6, 48(%[c])\n\t"
+        "sd     s8, 56(%[c])\n\t"
+#endif
+
+        "addi   %[m], %[m], 64\n\t"
+        "addi   %[c], %[c], 64\n\t"
+
+        "bnez   %[bytes], L_chacha20_riscv_outer\n\t"
+        "beqz   %[bytes], L_chacha20_riscv_done\n\t"
+
+     "L_chacha20_riscv_over:\n\t"
+        "addi   a3, %[bytes], 64\n\t"
+
+        "sw     a4,  0(%[over])\n\t"
+        "sw     a5,  4(%[over])\n\t"
+        "sw     a6,  8(%[over])\n\t"
+        "sw     a7, 12(%[over])\n\t"
+        "sw     t3, 16(%[over])\n\t"
+        "sw     t4, 20(%[over])\n\t"
+        "sw     t5, 24(%[over])\n\t"
+        "sw     t6, 28(%[over])\n\t"
+        "sw     s2, 32(%[over])\n\t"
+        "sw     s3, 36(%[over])\n\t"
+        "sw     s4, 40(%[over])\n\t"
+        "sw     s5, 44(%[over])\n\t"
+        "sw     s6, 48(%[over])\n\t"
+        "sw     s7, 52(%[over])\n\t"
+        "sw     s8, 56(%[over])\n\t"
+        "sw     s9, 60(%[over])\n\t"
+
+        "addi   t0, a3, -8\n\t"
+        "bltz   t0, L_chacha20_riscv_32bit\n\t"
+        "addi   a3, a3, -1\n\t"
+     "L_chacha20_riscv_64bit_loop:\n\t"
+        "ld     t0, (%[m])\n\t"
+        "ld     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sd     t0, (%[c])\n\t"
+        "addi   %[m], %[m], 8\n\t"
+        "addi   %[c], %[c], 8\n\t"
+        "addi   %[over], %[over], 8\n\t"
+        "addi   a3, a3, -8\n\t"
+        "bgez   a3, L_chacha20_riscv_64bit_loop\n\t"
+        "addi   a3, a3, 1\n\t"
+
+     "L_chacha20_riscv_32bit:\n\t"
+        "addi   t0, a3, -4\n\t"
+        "bltz   t0, L_chacha20_riscv_16bit\n\t"
+        "lw     t0, (%[m])\n\t"
+        "lw     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sw     t0, (%[c])\n\t"
+        "addi   %[m], %[m], 4\n\t"
+        "addi   %[c], %[c], 4\n\t"
+        "addi   %[over], %[over], 4\n\t"
+
+     "L_chacha20_riscv_16bit:\n\t"
+        "addi   t0, a3, -2\n\t"
+        "bltz   t0, L_chacha20_riscv_8bit\n\t"
+        "lh     t0, (%[m])\n\t"
+        "lh     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sh     t0, (%[c])\n\t"
+        "addi   %[m], %[m], 2\n\t"
+        "addi   %[c], %[c], 2\n\t"
+        "addi   %[over], %[over], 2\n\t"
+
+     "L_chacha20_riscv_8bit:\n\t"
+        "addi   t0, a3, -1\n\t"
+        "bltz   t0, L_chacha20_riscv_done\n\t\n\t"
+        "lb     t0, (%[m])\n\t"
+        "lb     t1, (%[over])\n\t"
+        "xor    t0, t0, t1\n\t"
+        "sb     t0, (%[c])\n\t"
+        "bltz   %[bytes], L_chacha20_riscv_done\n\t"
+
+     "L_chacha20_riscv_done:\n\t"
+        : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes), [over] "+r" (over)
+        : [input] "r" (input)
+        : "memory", "t0", "t1", "t2", "s1", "a3",
+          "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s2", "s3", "s4", "s5",
+          "s6", "s7", "s8", "s9"
+    );
+}
+
+/**
+ * Encrypt a stream of bytes
+ */
+static WC_INLINE void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m,
+    byte* c, word32 bytes)
+{
+    wc_chacha_encrypt(ctx->X, m, c, bytes, ctx->over);
+    ctx->left = (CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1))) &
+                (CHACHA_CHUNK_BYTES - 1);
+}
+#endif
+
+/**
+ * API to encrypt/decrypt a message of any size.
+ */
+int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
+    word32 msglen)
+{
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if (msglen > 0) {
+        if (ctx->left > 0) {
+            word32 processed = min(msglen, ctx->left);
+            byte*  out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
+
+            xorbufout(output, input, out, processed);
+
+            ctx->left -= processed;
+            msglen -= processed;
+            output += processed;
+            input += processed;
+        }
+
+        if (msglen > 0) {
+            wc_chacha_encrypt_bytes(ctx, input, output, msglen);
+        }
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-poly1305.c b/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
new file mode 100644
index 000000000..e25d75fa0
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
@@ -0,0 +1,669 @@
+/* riscv-64-poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+ * Based off the public domain implementations by Andrew Moon
+ * and Daniel J. Bernstein
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+
+#ifndef WOLFSSL_RISCV_BIT_MANIPULATION_TERNARY
+
+#define SPLIT_130(r0, r1, r2, a0, a1, a2, t)        \
+        "srli   " #r1 ", " #a0 ", (64-12)\n\t"      \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        "slli   " #t  ", " #a1 ", (2*12)\n\t"       \
+        "slli   " #r2 ", " #a2 ", (2*12)\n\t"       \
+        "srli   " #a1 ", " #a1 ", (64-2*12)\n\t"    \
+        "srli   " #t  ", " #t  ", 12\n\t"           \
+        "or     " #r2 ", " #a1 ", " #r2 "\n\t"      \
+        "or     " #r1 ", " #r1 ", " #t  "\n\t"
+
+#define SPLIT_128(r0, r1, r2, a0, a1, t)            \
+        "slli   " #t  ", " #a1 ", (2*12)\n\t"       \
+        "srli   " #r1 ", " #a0 ", (64-12)\n\t"      \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        "srli   " #t  ", " #t  ", 12\n\t"           \
+        "srli   " #r2 ", " #a1 ", (64-2*12)\n\t"    \
+        "or     " #r1 ", " #r1 ", " #t  "\n\t"
+
+#define REDIST(l, h, t)                     \
+        "srli   " #t ", " #l ", 52\n\t"     \
+        "slli   " #h ", " #h ", 12\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "or     " #h ", " #h ", " #t "\n\t"
+
+#define REDIST_HI(l, h, h2, t)              \
+        "srli   " #h2 ", " #h ", 28\n\t"    \
+        "slli   " #h ", " #h ", 24\n\t"     \
+        "srli   " #t ", " #l ", 40\n\t"     \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "and    " #h ", " #h ", a6\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "or     " #h ", " #h ", " #t "\n\t"
+
+#define REDIST_HI_26(l, h, t)               \
+        "srli   " #t ", " #l ", 40\n\t"     \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "slli   " #h ", " #h ", 24\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "or     " #h ", " #h ", " #t "\n\t"
+
+#else
+
+#define SPLIT_130(r0, r1, r2, a0, a1, a2, t)        \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        FSRI(r1, a1, a0, 52)                        \
+        FSRI(r2, a2, a1, 40)                        \
+        "and    " #r1 ", " #r1 ", a6\n\t"           \
+        "and    " #r2 ", " #r2 ", a6\n\t"
+
+#define SPLIT_128(r0, r1, r2, a0, a1, t)            \
+        "srli   " #r2 ", " #a1 ", 40\n\t"           \
+        FSRI(r1, a1, a0, 52)                        \
+        "and    " #r0 ", " #a0 ", a6\n\t"           \
+        "and    " #r1 ", " #r1 ", a6\n\t"
+
+#define REDIST(l, h, t)                     \
+        FSRI(h, h, l, 52)                   \
+        "and    " #l ", " #l ", a4\n\t"
+
+#define REDIST_HI(l, h, h2, t)              \
+        "srli   " #h2 ", " #h ", 28\n\t"    \
+        FSRI(h, h, l, 40)                   \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "and    " #h ", " #h ", a6\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"
+
+#define REDIST_HI_26(l, h, t)               \
+        FSRI(h, h, l, 40)                   \
+        "slli   " #l ", " #l ", 12\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"
+
+#endif
+
+#define RECALC(l, h, t)                     \
+        "srli   " #t ", " #l ", 52\n\t"     \
+        "and    " #l ", " #l ", a6\n\t"     \
+        "add    " #h ", " #h ", " #t "\n\t"
+
+static WC_INLINE void poly1305_blocks_riscv64_16(Poly1305* ctx,
+    const unsigned char *m, size_t bytes, int notLast)
+{
+    __asm__ __volatile__ (
+        "addi   %[bytes], %[bytes], -16\n\t"
+        "bltz   %[bytes], L_poly1305_riscv64_16_64_done_%=\n\t"
+
+        "li     a4, 0xffffffc000000\n\t"
+        "li     a5, 0x3ffffff\n\t"
+        "li     a6, 0xfffffffffffff\n\t"
+
+        /* Load r and h */
+        "ld     s8, %[ctx_r_0]\n\t"
+        "ld     s9, %[ctx_r_1]\n\t"
+
+        "ld     s3, %[ctx_h_0]\n\t"
+        "ld     s4, %[ctx_h_1]\n\t"
+        "ld     s5, %[ctx_h_2]\n\t"
+
+    "L_poly1305_riscv64_16_64_loop_%=:\n\t"
+        /* Load m */
+        "ld     t0, (%[m])\n\t"
+        "ld     t1, 8(%[m])\n\t"
+        /* Split m into 26, 52, 52 */
+        SPLIT_130(t2, t3, t4, t0, t1, %[notLast], t5)
+
+        "add    s3, s3, t2\n\t"
+        "add    s4, s4, t3\n\t"
+        "add    s5, s5, t4\n\t"
+
+        /* r[0] * h[0] = [0, 1] */
+        "mul    t0, s8, s3\n\t"
+        "mulhu  t1, s8, s3\n\t"
+        REDIST(t0, t1, s6)
+        /* r[0] * h[1] = [1, 2] */
+        "mul    t3, s8, s4\n\t"
+        "mulhu  t2, s8, s4\n\t"
+        REDIST(t3, t2, s6)
+        "add    t1, t1, t3\n\t"
+        /* r[1] * h[0] = [1, 2] */
+        "mul    t4, s9, s3\n\t"
+        "mulhu  t5, s9, s3\n\t"
+        REDIST_HI(t4, t5, t3, s6)
+        "add    t1, t1, t4\n\t"
+        "add    t2, t2, t5\n\t"
+        /* r[0] * h[2] = [2, 3] */
+        "mul    t4, s8, s5\n\t"
+        "mulhu  t5, s8, s5\n\t"
+        REDIST(t4, t5, s6)
+        "add    t2, t2, t4\n\t"
+        "add    t3, t3, t5\n\t"
+        /* r[1] * h[1] = [2, 3] */
+        "mul    t5, s9, s4\n\t"
+        "mulhu  t6, s9, s4\n\t"
+        REDIST_HI(t5, t6, t4, s6)
+        "add    t2, t2, t5\n\t"
+        "add    t3, t3, t6\n\t"
+        /* r[1] * h[2] = [3, 4] */
+        "mul    t5, s9, s5\n\t"
+        "mulhu  t6, s9, s5\n\t"
+        REDIST_HI_26(t5, t6, s6)
+        "add    t3, t3, t5\n\t"
+        "add    t4, t4, t6\n\t"
+
+        RECALC(t1, t2, s6)
+        RECALC(t2, t3, s6)
+        RECALC(t3, t4, s6)
+
+        /* h[0..4] % (2^130 - 5) */
+        "slli   s3, t3, 26\n\t"
+        "slli   s4, t4, 26\n\t"
+        "and    s3, s3, a4\n\t"
+        "and    s4, s4, a4\n\t"
+        "srli   t5, t2, 26\n\t"
+        "and    t2, t2, a5\n\t"
+        "srli   t3, t3, 26\n\t"
+        "srli   t4, t4, 26\n\t"
+        "add    t5, t5, s3\n\t"
+        "add    t3, t3, s4\n\t"
+
+        "slli   s5, t5, 2\n\t"
+        "slli   s3, t3, 2\n\t"
+        "slli   s4, t4, 2\n\t"
+        "add    t5, t5, s5\n\t"
+        "add    t3, t3, s3\n\t"
+        "add    t4, t4, s4\n\t"
+
+        "add    s3, t0, t5\n\t"
+        "add    s4, t1, t3\n\t"
+        "add    s5, t2, t4\n\t"
+
+        /* h[0..2] % (2^130 - 5) */
+        "and    t5, s5, a4\n\t"
+        "and    s5, s5, a5\n\t"
+        "srli   t6, t5, 24\n\t"
+        "srli   t5, t5, 26\n\t"
+        "add    t5, t5, t6\n\t"
+        "add    s3, s3, t5\n\t"
+
+        "addi   %[bytes], %[bytes], -16\n\t"
+        "addi   %[m], %[m], 16\n\t"
+        "bgez   %[bytes], L_poly1305_riscv64_16_64_loop_%=\n\t"
+
+        "sd     s3, %[ctx_h_0]\n\t"
+        "sd     s4, %[ctx_h_1]\n\t"
+        "sd     s5, %[ctx_h_2]\n\t"
+        "\n"
+    "L_poly1305_riscv64_16_64_done_%=:\n\t"
+        : [bytes] "+r" (bytes), [m] "+r" (m)
+        : [ctx_h_0] "m" (ctx->h[0]), [ctx_h_1] "m" (ctx->h[1]),
+          [ctx_h_2] "m" (ctx->h[2]), [ctx_r_0] "m" (ctx->r[0]),
+          [ctx_r_1] "m" (ctx->r[1]), [notLast] "r" ((word64)notLast)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "s6",
+                    "a4", "a5", "a6", /* Constants */
+                    "s3", "s4", "s5", /* h */
+                    "s8", "s9" /* r */
+    );
+}
+
+#ifdef WOLFSSL_RISCV_VECTOR
+
+#define MUL_RES_REDIS(l, h, t)  \
+        VSRL_VX(t, l, REG_A7)   \
+        VSLL_VI(h, h, 12)       \
+        VAND_VX(l, l, REG_A6)   \
+        VOR_VV(h, h, t)
+
+#endif
+
+void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes)
+{
+#ifdef WOLFSSL_RISCV_VECTOR
+    __asm__ __volatile__ (
+        "addi   %[bytes], %[bytes], -32\n\t"
+        "bltz   %[bytes], L_poly1305_riscv64_vec_done_%=\n\t"
+
+        VSETIVLI(REG_ZERO, 2, 1, 1, 0b011, 0b000)
+
+        "li     a4, 0xffffffc000000\n\t"
+        "li     a5, 0x3ffffff\n\t"
+        "li     a6, 0xfffffffffffff\n\t"
+        "li     a7, 52\n\t"
+
+        /* Load r and r^2 */
+        "mv     t0, %[r2]\n\t"
+        VL2RE64_V(REG_V2, REG_T0)
+        "addi   t0, %[r2], 32\n\t"
+        VL1RE64_V(REG_V4, REG_T0)
+
+        /* Load h */
+        "ld     t0,  0(%[h])\n\t"
+        "ld     t1,  8(%[h])\n\t"
+        "ld     t2,  16(%[h])\n\t"
+
+        VMV_S_X(REG_V8, REG_T0)
+        VMV_S_X(REG_V9, REG_T1)
+        VMV_S_X(REG_V10, REG_T2)
+
+    "L_poly1305_riscv64_vec_loop_%=:\n\t"
+        /* m0 + nfin */
+        "ld     t0, 0(%[m])\n\t"
+        "ld     t1, 8(%[m])\n\t"
+        "li     t6, 1\n\t"
+        /* Split m into 24, 52, 52 */
+        SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
+        VMV_S_X(REG_V11, REG_T2)
+        VMV_S_X(REG_V12, REG_T3)
+        VMV_S_X(REG_V13, REG_T4)
+        /* m1+ nfin */
+        "ld     t0, 16(%[m])\n\t"
+        "ld     t1, 24(%[m])\n\t"
+        /* Split m into 24, 52, 52 */
+        SPLIT_130(t2, t3, t4, t0, t1, t6, t5)
+        VMV_S_X(REG_V14, REG_T2)
+        VMV_S_X(REG_V15, REG_T3)
+        VMV_S_X(REG_V16, REG_T4)
+        /* h += m0 + nfin */
+        VADD_VV(REG_V8, REG_V8, REG_V11)
+        VADD_VV(REG_V9, REG_V9, REG_V12)
+        VADD_VV(REG_V10, REG_V10, REG_V13)
+        /* h[0]|m1[0], h[1]|m1[1], h[2]|m1[2] */
+        VSLIDEUP_VI(REG_V8, REG_V14, 1)
+        VSLIDEUP_VI(REG_V9, REG_V15, 1)
+        VSLIDEUP_VI(REG_V10, REG_V16, 1)
+
+        /* hm[0] * r2r[0] */
+        VMUL_VV(REG_V11, REG_V8, REG_V2)
+        VMULHU_VV(REG_V12, REG_V8, REG_V2)
+        MUL_RES_REDIS(REG_V11, REG_V12, REG_V18)
+
+        /* + hm[0] * r2r[1] */
+        VMUL_VV(REG_V14, REG_V8, REG_V3)
+        VMULHU_VV(REG_V13, REG_V8, REG_V3)
+        MUL_RES_REDIS(REG_V14, REG_V13, REG_V18)
+        VADD_VV(REG_V12, REG_V12, REG_V14)
+        /* + hm[1] * r2r[0] */
+        VMUL_VV(REG_V14, REG_V9, REG_V2)
+        VMULHU_VV(REG_V15, REG_V9, REG_V2)
+        MUL_RES_REDIS(REG_V14, REG_V15, REG_V18)
+        VADD_VV(REG_V12, REG_V12, REG_V14)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+
+        /* + hm[0] * r2r[2] */
+        VMUL_VV(REG_V15, REG_V8, REG_V4)
+        VMULHU_VV(REG_V14, REG_V8, REG_V4)
+        MUL_RES_REDIS(REG_V15, REG_V14, REG_V18)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+        /* + hm[1] * r2r[1] */
+        VMUL_VV(REG_V15, REG_V9, REG_V3)
+        VMULHU_VV(REG_V16, REG_V9, REG_V3)
+        MUL_RES_REDIS(REG_V15, REG_V16, REG_V18)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+        /* + hm[2] * r2r[0] */
+        VMUL_VV(REG_V15, REG_V10, REG_V2)
+        VMULHU_VV(REG_V16, REG_V10, REG_V2)
+        MUL_RES_REDIS(REG_V15, REG_V16, REG_V18)
+        VADD_VV(REG_V13, REG_V13, REG_V15)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+
+        /* + hm[1] * r2r[2] */
+        VMUL_VV(REG_V16, REG_V9, REG_V4)
+        VMULHU_VV(REG_V15, REG_V9, REG_V4)
+        MUL_RES_REDIS(REG_V16, REG_V15, REG_V18)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+        /* + hm[2] * r2r[1] */
+        VMUL_VV(REG_V16, REG_V10, REG_V3)
+        VMULHU_VV(REG_V17, REG_V10, REG_V3)
+        MUL_RES_REDIS(REG_V16, REG_V17, REG_V18)
+        VADD_VV(REG_V14, REG_V14, REG_V16)
+        VADD_VV(REG_V15, REG_V15, REG_V17)
+
+        /* + hm[2] * r2r[2] */
+        VMUL_VV(REG_V17, REG_V10, REG_V4)
+        VADD_VV(REG_V15, REG_V15, REG_V17)
+
+        /* Get m1 * r down */
+        VSLIDEDOWN_VI(REG_V18, REG_V11, 1)
+        VSLIDEDOWN_VI(REG_V19, REG_V12, 1)
+        VSLIDEDOWN_VI(REG_V20, REG_V13, 1)
+        VSLIDEDOWN_VI(REG_V21, REG_V14, 1)
+        VSLIDEDOWN_VI(REG_V22, REG_V15, 1)
+
+        /* Add (h + m0) * r^2 + m1 * r */
+        VADD_VV(REG_V11, REG_V11, REG_V18)
+        VADD_VV(REG_V12, REG_V12, REG_V19)
+        VADD_VV(REG_V13, REG_V13, REG_V20)
+        VADD_VV(REG_V14, REG_V14, REG_V21)
+        VADD_VV(REG_V15, REG_V15, REG_V22)
+
+        /* h' % 2^130-5 */
+        VSLL_VI(REG_V8, REG_V14, 26)
+        VSLL_VI(REG_V9, REG_V15, 26)
+        VAND_VX(REG_V8, REG_V8, REG_A4)
+        VAND_VX(REG_V9, REG_V9, REG_A4)
+        VSRL_VI(REG_V10, REG_V13, 26)
+        VAND_VX(REG_V13, REG_V13, REG_A5)
+        VSRL_VI(REG_V14, REG_V14, 26)
+        VSRL_VI(REG_V15, REG_V15, 26)
+        VADD_VV(REG_V10, REG_V10, REG_V8)
+        VADD_VV(REG_V14, REG_V14, REG_V9)
+
+        VSLL_VI(REG_V16, REG_V10, 2)
+        VSLL_VI(REG_V17, REG_V14, 2)
+        VSLL_VI(REG_V18, REG_V15, 2)
+        VADD_VV(REG_V10, REG_V10, REG_V16)
+        VADD_VV(REG_V14, REG_V14, REG_V17)
+        VADD_VV(REG_V15, REG_V15, REG_V18)
+
+        VADD_VV(REG_V8, REG_V11, REG_V10)
+        VADD_VV(REG_V9, REG_V12, REG_V14)
+        VADD_VV(REG_V10, REG_V13, REG_V15)
+
+        /* h'' % 2^130-5 */
+        VAND_VX(REG_V11, REG_V10, REG_A4)
+        VAND_VX(REG_V10, REG_V10, REG_A5)
+        VSRL_VI(REG_V12, REG_V11, 24)
+        VSRL_VI(REG_V11, REG_V11, 26)
+        VADD_VV(REG_V11, REG_V11, REG_V12)
+        VADD_VV(REG_V8, REG_V8, REG_V11)
+
+        "addi   %[bytes], %[bytes], -32\n\t"
+        "addi   %[m], %[m], 32\n\t"
+        "bgez   %[bytes], L_poly1305_riscv64_vec_loop_%=\n\t"
+
+        VMV_X_S(REG_S3, REG_V8)
+        VMV_X_S(REG_S4, REG_V9)
+        VMV_X_S(REG_S5, REG_V10)
+
+        "sd     s3, 0(%[h])\n\t"
+        "sd     s4, 8(%[h])\n\t"
+        "sd     s5, 16(%[h])\n\t"
+
+        "\n"
+    "L_poly1305_riscv64_vec_done_%=:\n\t"
+        "addi   %[bytes], %[bytes], 32\n\t"
+        : [bytes] "+r" (bytes), [m] "+r" (m)
+        : [r2] "r" (ctx->r2), [h] "r" (ctx->h)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "s3", "s4", "s5", "a4", "a5", "a6", "a7"
+    );
+#endif
+    poly1305_blocks_riscv64_16(ctx, m, bytes, 1);
+}
+
+void poly1305_block_riscv64(Poly1305* ctx, const unsigned char *m)
+{
+    poly1305_blocks_riscv64_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+
+#if defined(POLY130564)
+static word64 clamp[] = {
+    0x0ffffffc0fffffff,
+    0x0ffffffc0ffffffc,
+};
+#endif /* POLY130564 */
+
+
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    for (k = 0; k < keySz; k++) {
+        printf("%02x", key[k]);
+        if ((k+1) % 8 == 0)
+            printf("\n");
+    }
+    printf("\n");
+#endif
+
+    if (keySz != 32 || ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    __asm__ __volatile__ (
+        /* Load key material */
+        "ld     t0, 0(%[key])\n\t"
+        "ld     t1, 8(%[key])\n\t"
+        "ld     t2, 16(%[key])\n\t"
+        "ld     t3, 24(%[key])\n\t"
+        /* Load clamp */
+        "ld     t4, 0(%[clamp])\n\t"
+        "ld     t5, 8(%[clamp])\n\t"
+        /* Save pad for later */
+        "sd     t2, 0(%[ctx_pad])\n\t"
+        "sd     t3, 8(%[ctx_pad])\n\t"
+        /* Apply clamp */
+        /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+        "and    t0, t0, t4\n\t"
+        "and    t1, t1, t5\n\t"
+        /* Store r */
+        "sd     t0, 0(%[ctx_r])\n\t"
+        "sd     t1, 8(%[ctx_r])\n\t"
+
+#ifdef WOLFSSL_RISCV_VECTOR
+        "li     a6, 0xfffffffffffff\n\t"
+        /* Split r into parts less than 64 */
+        SPLIT_128(t2, t3, t4, t0, t1, t5)
+        /* Store r */
+        "sd     t2, 8(%[ctx_r2])\n\t"
+        "sd     t3, 24(%[ctx_r2])\n\t"
+        "sd     t4, 40(%[ctx_r2])\n\t"
+
+        /* r * r */
+        /*   r[0] * r[0] - 0, 1 */
+        "mul    t2, t0, t0\n\t"
+        "mulhu  t3, t0, t0\n\t"
+        /* + r[0] * r[1] - 1, 2 */
+        "mul    t5, t1, t0\n\t"
+        "mulhu  t6, t1, t0\n\t"
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t6, s1\n\t"
+        /* + r[1] * r[0] - 1, 2 */
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t4, s1\n\t"
+        "add    t4, t4, t6\n\t"
+        "sltu   t5, t4, t6\n\t"
+        /* + r[1] * r[1] - 2, 3 */
+        "mul    s1, t1, t1\n\t"
+        "mulhu  t6, t1, t1\n\t"
+        "add    t4, t4, s1\n\t"
+        "sltu   s1, t4, s1\n\t"
+        "add    t5, t5, t6\n\t"
+        "add    t5, t5, s1\n\t"
+        /* (r * r) % (2 ^ 130 - 5) */
+        "andi   t6, t4, -4\n\t"
+        "andi   t4, t4, 3\n\t"
+        /* r[0..129] + r[130-191] * 4 */
+        "add    t2, t2, t6\n\t"
+        "sltu   s1, t2, t6\n\t"
+        "add    t3, t3, s1\n\t"
+        "sltu   s1, t3, s1\n\t"
+        "add    t4, t4, s1\n\t"
+        /* r[0..129] + r[130-193] */
+        "srli   t6, t6, 2\n\t"
+        "slli   s1, t5, 62\n\t"
+        "or     t6, t6, s1\n\t"
+        "add    t2, t2, t6\n\t"
+        "sltu   s1, t2, t6\n\t"
+        "add    t3, t3, s1\n\t"
+        "sltu   s1, t3, s1\n\t"
+        "add    t4, t4, s1\n\t"
+        /* r[64..129] + r[194-253] * 4 */
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t4, s1\n\t"
+        /* r[64..129] + r[194-253] */
+        "srli   t5, t5, 2\n\t"
+        "add    t3, t3, t5\n\t"
+        "sltu   s1, t3, t5\n\t"
+        "add    t4, t4, s1\n\t"
+        /* Split r^2 into parts less than 64 */
+        SPLIT_130(t0, t1, t2, t2, t3, t4, t5)
+        /* Store r^2 */
+        "sd     t0, 0(%[ctx_r2])\n\t"
+        "sd     t1, 16(%[ctx_r2])\n\t"
+        "sd     t2, 32(%[ctx_r2])\n\t"
+#endif
+
+        /* h (accumulator) = 0 */
+        "sd     x0, 0(%[ctx_h])\n\t"
+        "sd     x0, 8(%[ctx_h])\n\t"
+        "sd     x0, 16(%[ctx_h])\n\t"
+        /* Zero leftover */
+        "sd     x0, (%[ctx_leftover])\n\t"
+        :
+        : [clamp] "r" (clamp), [key] "r" (key), [ctx_r] "r" (ctx->r),
+#ifdef WOLFSSL_RISCV_VECTOR
+          [ctx_r2] "r" (ctx->r2),
+#endif
+          [ctx_h] "r" (ctx->h), [ctx_pad] "r" (ctx->pad),
+          [ctx_leftover] "r" (&ctx->leftover)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "s1"
+#ifdef WOLFSSL_RISCV_VECTOR
+                  , "a6"
+#endif
+    );
+
+    return 0;
+}
+
+
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    /* process the remaining block */
+    if (ctx->leftover) {
+        size_t i = ctx->leftover;
+        ctx->buffer[i++] = 1;
+        for (; i < POLY1305_BLOCK_SIZE; i++)
+            ctx->buffer[i] = 0;
+        poly1305_blocks_riscv64_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0);
+    }
+
+    __asm__ __volatile__ (
+        /* Load raw h and padding. */
+        "ld     t0, %[ctx_h_0]\n\t"
+        "ld     t1, %[ctx_h_1]\n\t"
+        "ld     t2, %[ctx_h_2]\n\t"
+        "ld     t3, %[ctx_pad_0]\n\t"
+        "ld     t4, %[ctx_pad_1]\n\t"
+
+        /* Shrink h to 2,64,64. */
+        "slli   t5, t1, 52\n\t"
+        "slli   t6, t2, 40\n\t"
+        "srli   t1, t1, 12\n\t"
+        "srli   t2, t2, 24\n\t"
+        "add    t1, t1, t6\n\t"
+        "sltu   t6, t1, t6\n\t"
+        "add    t2, t2, t6\n\t"
+        "add    t0, t0, t5\n\t"
+        "sltu   t5, t0, t5\n\t"
+        "add    t1, t1, t5\n\t"
+        "sltu   t5, t1, t5\n\t"
+        "add    t2, t2, t5\n\t"
+
+        /* Add padding to h */
+        "add    t0, t0, t3\n\t"
+        "sltu   t3, t0, t3\n\t"
+        "add    t1, t1, t3\n\t"
+        "sltu   t3, t1, t3\n\t"
+        "add    t2, t2, t3\n\t"
+        "add    t1, t1, t4\n\t"
+        "sltu   t4, t1, t4\n\t"
+        "add    t2, t2, t4\n\t"
+
+        /* Check if h is larger than p */
+        "addi   t3, t0, 5\n\t"
+        "sltiu  t3, t3, 5\n\t"
+        "add    t4, t1, t3\n\t"
+        "sltu   t3, t4, t3\n\t"
+        "add    t4, t2, t3\n\t"
+        /* Check if h+5 is larger than 2^130 */
+        "addi   t4, t4, -4\n\t"
+        "srli   t4, t4, 63\n\t"
+        "addi   t4, t4, -1\n\t"
+        "andi   t4, t4, 5\n\t"
+        "add    t0, t0, t4\n\t"
+        "sltu   t3, t0, t4\n\t"
+        "add    t1, t1, t3\n\t"
+        "sltu   t3, t1, t3\n\t"
+        "add    t2, t2, t3\n\t"
+        "andi   t2, t2, 3\n\t"
+        "sd     t0, 0(%[mac])\n\t"
+        "sd     t1, 8(%[mac])\n\t"
+        /* Zero out h. */
+        "sd     x0, %[ctx_h_0]\n\t"
+        "sd     x0, %[ctx_h_1]\n\t"
+        "sd     x0, %[ctx_h_2]\n\t"
+        /* Zero out r. */
+        "sd     x0, %[ctx_r_0]\n\t"
+        "sd     x0, %[ctx_r_1]\n\t"
+        /* Zero out pad. */
+        "ld     t3, %[ctx_pad_0]\n\t"
+        "ld     t4, %[ctx_pad_1]\n\t"
+        : [mac] "+r" (mac)
+        : [ctx_pad_0] "m" (ctx->pad[0]), [ctx_pad_1] "m" (ctx->pad[1]),
+          [ctx_h_0] "m" (ctx->h[0]), [ctx_h_1] "m" (ctx->h[1]),
+          [ctx_h_2] "m" (ctx->h[2]),
+          [ctx_r_0] "m" (ctx->r[0]), [ctx_r_1] "m" (ctx->r[1])
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6"
+    );
+
+    return 0;
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
new file mode 100644
index 000000000..27c5f3ff2
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
@@ -0,0 +1,1417 @@
+/* riscv-sha256.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#if !defined(NO_SHA256) || defined(WOLFSSL_SHA224)
+
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha256.h>
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000014 };
+    int wolfCrypt_FIPS_SHA256_sanity(void)
+    {
+        return 0;
+    }
+#endif
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* Constants to add in each round. */
+static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
+    0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
+    0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
+    0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
+    0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
+    0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
+    0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
+    0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
+    0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
+    0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
+    0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
+    0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
+    0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
+    0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
+};
+
+/* Initialize SHA-256 object for hashing.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ */
+static void InitSha256(wc_Sha256* sha256)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha256->digest[0] = 0x6A09E667L;
+    sha256->digest[1] = 0xBB67AE85L;
+    sha256->digest[2] = 0x3C6EF372L;
+    sha256->digest[3] = 0xA54FF53AL;
+    sha256->digest[4] = 0x510E527FL;
+    sha256->digest[5] = 0x9B05688CL;
+    sha256->digest[6] = 0x1F83D9ABL;
+    sha256->digest[7] = 0x5BE0CD19L;
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha256->digest[0] = 0x9B05688CL;
+    sha256->digest[1] = 0x510E527FL;
+    sha256->digest[2] = 0xBB67AE85L;
+    sha256->digest[3] = 0x6A09E667L;
+    sha256->digest[4] = 0x5BE0CD19L;
+    sha256->digest[5] = 0x1F83D9ABL;
+    sha256->digest[6] = 0xA54FF53AL;
+    sha256->digest[7] = 0x3C6EF372L;
+#endif
+
+    /* No hashed data. */
+    sha256->buffLen = 0;
+    /* No data hashed. */
+    sha256->loLen   = 0;
+    sha256->hiLen   = 0;
+
+#ifdef WOLFSSL_HASH_FLAGS
+    sha256->flags = 0;
+#endif
+}
+
+/* More data hashed, add length to 64-bit cumulative total.
+ *
+ * @param [in, out] sha256  SHA-256 object. Assumed not NULL.
+ * @param [in]      len     Length to add.
+ */
+static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
+{
+    word32 tmp = sha256->loLen;
+    if ((sha256->loLen += len) < tmp)
+        sha256->hiLen++;                       /* carry low to high */
+}
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+/* Load a word with bytes reversed. */
+#define LOAD_WORD_REV(r, o, p, t0, t1, t2)  \
+    "lbu    " #t0 ", " #o "(" #p ")\n\t"    \
+    "lbu    " #t1 ", " #o "+1(" #p ")\n\t"  \
+    "lbu    " #t2 ", " #o "+2(" #p ")\n\t"  \
+    "lbu    " #r ", " #o "+3(" #p ")\n\t"   \
+    "slli   " #t0 ", " #t0 ", 24\n\t"       \
+    "slli   " #t1 ", " #t1 ", 16\n\t"       \
+    "slli   " #t2 ", " #t2 ", 8\n\t"        \
+    "or     " #r ", " #r ", " #t0 "\n\t"    \
+    "or     " #r ", " #r ", " #t1 "\n\t"    \
+    "or     " #r ", " #r ", " #t2 "\n\t"
+
+/* Load a word with bytes reversed. */
+#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \
+    "lbu    " #t0 ", " #o "(" #p ")\n\t"        \
+    "lbu    " #t1 ", " #o "+1(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+2(" #p ")\n\t"      \
+    "lbu    " #r ", " #o "+3(" #p ")\n\t"       \
+    "slli   " #t0 ", " #t0 ", 24\n\t"           \
+    "slli   " #t1 ", " #t1 ", 16\n\t"           \
+    "slli   " #t2 ", " #t2 ", 8\n\t"            \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "lbu    " #t0 ", " #o "+4(" #p ")\n\t"      \
+    "lbu    " #t1 ", " #o "+5(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+6(" #p ")\n\t"      \
+    "lbu    " #t3 ", " #o "+7(" #p ")\n\t"      \
+    "slli   " #t0 ", " #t0 ", 56\n\t"           \
+    "slli   " #t1 ", " #t1 ", 48\n\t"           \
+    "slli   " #t2 ", " #t2 ", 40\n\t"           \
+    "slli   " #t3 ", " #t3 ", 32\n\t"           \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "or     " #r ", " #r ", " #t3 "\n\t"
+
+#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2)  \
+    "slli   " #rd ", " #rs1 ", 32\n\t"          \
+    "slli   " #rs2 ", " #rs2 ", 32\n\t"         \
+    "srli   " #rd ", " #rs1 ", 32\n\t"          \
+    "or     " #rd ", " #rd ", " #rs2 "\n\t"
+
+#else
+
+#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2)  \
+    PACK(rrd, rrs1, rrs2)
+
+#endif
+
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+
+#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM
+
+/* SHA-256 SUM0 operation. */
+#define SHA256SUM0(rd, rs1)                                         \
+    ASM_WORD((0b000100000000 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-256 SUM1 operation. */
+#define SHA256SUM1(rd, rs1)                                         \
+    ASM_WORD((0b000100000001 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-256 SIGMA0 operation. */
+#define SHA256SIG0(rd, rs1)                                         \
+    ASM_WORD((0b000100000010 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-256 SIGMA1 operation. */
+#define SHA256SIG1(rd, rs1)                                         \
+    ASM_WORD((0b000100000011 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* Get e and a */                                           \
+    "mv     a4, " #e "\n\t"                                     \
+    "mv     a5, " #a "\n\t"                                     \
+    /* Sigma1(e) */                                             \
+    SHA256SUM1(REG_A4, REG_A4)                                  \
+    /* Sigma0(a) */                                             \
+    SHA256SUM0(REG_A5, REG_A5)                                  \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* a ^ b */                                                 \
+    "xor    t4, " #a ", " #b "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    t5, " #b ", " #c "\n\t"                             \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* h + sigma1 */                                            \
+    "addw   " #h ", " #h ", a4\n\t"                             \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, t4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* K + W */                                                 \
+    "addw   t4, " #k ", " #w "\n\t"                             \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* h + sigma1 + Ch */                                       \
+    "addw   " #h ", " #h ", t6\n\t"                             \
+    /* 't0' = h + sigma1 + Ch + K + W */                        \
+    "addw   " #h ", " #h ", t4\n\t"                             \
+    /* Sigma0(a) + Maj = 't1' */                                \
+    "addw   t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "addw   " #d ", " #d ", " #h "\n\t"                         \
+    /* 't0' += 't1' */                                          \
+    "addw   " #h ", " #h ", t5\n\t"
+
+/* Two message schedule updates. */
+#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7)  \
+    /* W[i-15] = W[1] */                                        \
+    "srli   t4, " #w0 ", 32\n\t"                                \
+    /* W[i-7] = W[9] */                                         \
+    "srli   t6, " #w4 ", 32\n\t"                                \
+    /* Gamma0(W[1]) */                                          \
+    SHA256SIG0(REG_A4, REG_T4)                                  \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                        \
+    SHA256SIG1(REG_A5, reg_w7)                                  \
+    /* Gamma1(W[14]) + W[9] */                                  \
+    "addw   a5, a5, t6\n\t"                                     \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */          \
+    "addw   " #w0 ", " #w0 ", a4\n\t"                           \
+    /* W[i+1-2] = W[15] */                                      \
+    "srli   t5, " #w7 ", 32\n\t"                                \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */     \
+    "addw   " #w0 ", a5, " #w0 "\n\t"                           \
+                                                                \
+    /* W[i+1-16] = W[1] = t4 */                                 \
+    /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */                      \
+    SHA256SIG0(REG_A6, reg_w1)                                  \
+    /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */                      \
+    SHA256SIG1(REG_A7, REG_T5)                                  \
+    /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */      \
+    "addw   a7, a7, " #w5 "\n\t"                                \
+    /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */        \
+    "addw   t5, a6, t4\n\t"                                     \
+    /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */   \
+    "addw   a7, a7, t5\n\t"                                     \
+    /* Place in W[i+1-16] = W[1] */                             \
+    PACK_BB(w0, w0, a7, reg_w0, reg_w0, REG_A7)
+
+#else
+
+/* SHA-256 SIGMA1 operation. */
+#define SHA256SIG1(rd, rs1)                                     \
+    "slliw  t6, " #rs1 ", 15\n\t"                               \
+    "srliw  t5, " #rs1 ", 17\n\t"                               \
+    "slliw  t4, " #rs1 ", 13\n\t"                               \
+    "srliw  " #rd ", " #rs1 ", 19\n\t"                          \
+    "or     t6, t6, t5\n\t"                                     \
+    "srliw  t5, " #rs1 ", 10\n\t"                               \
+    "xor    " #rd ", "#rd ", t4\n\t"                            \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    " #rd ", " #rd ", t6\n\t"                           \
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* a4 = Sigma1(e) */                                        \
+    "slliw  t5, " #e ", 26\n\t"                                 \
+    "srliw  t4, " #e ", 6\n\t"                                  \
+    "slliw  t6, " #e ", 21\n\t"                                 \
+    "srliw  a4, " #e ", 11\n\t"                                 \
+    "slliw  a5, " #e ", 7\n\t"                                  \
+    "or     t4, t4, t5\n\t"                                     \
+    "xor    a4, a4, t6\n\t"                                     \
+    "srliw  t5, " #e ", 25\n\t"                                 \
+    "xor    t4, t4, a5\n\t"                                     \
+    "xor    a4, a4, t5\n\t"                                     \
+    /* a5 = Sigma0(a) */                                        \
+    "slliw  t5, " #a ", 30\n\t"                                 \
+    "xor    a4, a4, t4\n\t"                                     \
+    "srliw  t4, " #a ", 2\n\t"                                  \
+    "slliw  t6, " #a ", 19\n\t"                                 \
+    /* h + sigma1 */                                            \
+    "addw   " #h ", " #h ", a4\n\t"                             \
+    "srliw  a5, " #a ", 13\n\t"                                 \
+    "slliw  a4, " #a ", 10\n\t"                                 \
+    "or     t4, t4, t5\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    "srliw  t6, " #a ", 22\n\t"                                 \
+    "xor    t4, t4, a4\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* a ^ b */                                                 \
+    "xor    t5, " #a ", " #b "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    a4, " #b ", " #c "\n\t"                             \
+    "xor    a5, a5, t4\n\t"                                     \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, a4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* K + W */                                                 \
+    "addw   a4, " #k ", " #w "\n\t"                             \
+    /* h + sigma1 + Ch */                                       \
+    "addw   " #h ", " #h ", t6\n\t"                             \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* 't0' = h + sigma1 + Ch + K + W */                        \
+    "addw   " #h ", " #h ", a4\n\t"                             \
+    /* 't1' = Sigma0(a) + Maj */                                \
+    "addw   t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "addw   " #d ", " #d ", " #h "\n\t"                         \
+    /* h = 't0' + 't1' */                                       \
+    "addw   " #h ", " #h ", t5\n\t"
+
+/* Two message schedule updates. */
+#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7)  \
+    /* W[i-15] = W[1] */                                        \
+    "srli   a7, " #w0 ", 32\n\t"                                \
+    /* W[i-7] = W[9] */                                         \
+    "srli   a6, " #w4 ", 32\n\t"                                \
+    /* Gamma0(W[1]) */                                          \
+    "slliw  t4, a7, 25\n\t"                                     \
+    "srliw  t5, a7, 7\n\t"                                      \
+    "slliw  t6, a7, 14\n\t"                                     \
+    "srliw  a4, a7, 18\n\t"                                     \
+    "or     t4, t4, t5\n\t"                                     \
+    "srliw  t5, a7, 3\n\t"                                      \
+    "xor    a4, a4, t6\n\t"                                     \
+    "xor    t4, t4, t5\n\t"                                     \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                        \
+    "slliw  t6, " #w7 ", 15\n\t"                                \
+    "srliw  t5, " #w7 ", 17\n\t"                                \
+    "xor    a4, a4, t4\n\t"                                     \
+    "slliw  t4, " #w7 ", 13\n\t"                                \
+    "srliw  a5, " #w7 ", 19\n\t"                                \
+    "or     t6, t6, t5\n\t"                                     \
+    "srliw  t5, " #w7 ", 10\n\t"                                \
+    "xor    a5, a5, t4\n\t"                                     \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */          \
+    "addw   " #w0 ", " #w0 ", a4\n\t"                           \
+    /* Gamma1(W[14]) + W[9] */                                  \
+    "addw   a5, a5, a6\n\t"                                     \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */     \
+    "addw   " #w0 ", a5, " #w0 "\n\t"                           \
+                                                                \
+    /* W[i+1-16] = W[1] = a7 */                                 \
+    /* W[i+1-2] = W[15] */                                      \
+    "srli   a4, " #w7 ", 32\n\t"                                \
+    /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */                      \
+    "slliw  t4, " #w1 ", 25\n\t"                                \
+    "srliw  t5, " #w1 ", 7\n\t"                                 \
+    "slliw  t6, " #w1 ", 14\n\t"                                \
+    "srliw  a6, " #w1 ", 18\n\t"                                \
+    "or     t4, t4, t5\n\t"                                     \
+    "srliw  t5, " #w1 ", 3\n\t"                                 \
+    "xor    a6, a6, t6\n\t"                                     \
+    "xor    t4, t4, t5\n\t"                                     \
+    /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */                      \
+    "slliw  t6, a4, 15\n\t"                                     \
+    "srliw  t5, a4, 17\n\t"                                     \
+    "xor    a6, a6, t4\n\t"                                     \
+    "slliw  t4, a4, 13\n\t"                                     \
+    "srliw  a5, a4, 19\n\t"                                     \
+    "or     t6, t6, t5\n\t"                                     \
+    "srliw  t5, a4, 10\n\t"                                     \
+    "xor    a5, a5, t4\n\t"                                     \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    a5, a5, t6\n\t"                                     \
+    /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */        \
+    "addw   t5, a6, a7\n\t"                                     \
+    /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */      \
+    "addw   a5, a5, " #w5 "\n\t"                                \
+    /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */   \
+    "addw   a5, a5, t5\n\t"                                     \
+    /* Place in W[i+1-16] = W[1] */                             \
+    PACK_BB(w0, w0, a5, reg_w0, reg_w0, REG_A5)
+
+#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */
+
+/* Two rounds of compression. */
+#define RND2(a, b, c, d, e, f, g, h, w, o)  \
+    /* Get k[i], k[i+1] */                  \
+    "ld     a6, " #o "(%[k])\n\t"           \
+    RND(a, b, c, d, e, f, g, h, w, a6)      \
+    /* Move  k[i+1] down */                 \
+    "srli   a6, a6, 32\n\t"                 \
+    /* Move  W[i] down */                   \
+    "srli   a7, " #w ", 32\n\t"             \
+    RND(h, a, b, c, d, e, f, g, a7, a6)
+
+/* Sixteen rounds of compression with message scheduling. */
+#define RND16()                                             \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0,  0)          \
+    W_UPDATE_2(s0, s1, s4, s5, s7, REG_S0, REG_S1, REG_S7)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1,  8)          \
+    W_UPDATE_2(s1, s2, s5, s6, s0, REG_S1, REG_S2, REG_S0)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16)          \
+    W_UPDATE_2(s2, s3, s6, s7, s1, REG_S2, REG_S3, REG_S1)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24)          \
+    W_UPDATE_2(s3, s4, s7, s0, s2, REG_S3, REG_S4, REG_S2)  \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32)          \
+    W_UPDATE_2(s4, s5, s0, s1, s3, REG_S4, REG_S5, REG_S3)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40)          \
+    W_UPDATE_2(s5, s6, s1, s2, s4, REG_S5, REG_S6, REG_S4)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48)          \
+    W_UPDATE_2(s6, s7, s2, s3, s5, REG_S6, REG_S7, REG_S5)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56)          \
+    W_UPDATE_2(s7, s0, s3, s4, s6, REG_S7, REG_S0, REG_S6)
+
+/* Sixteen rounds of compression only. */
+#define RND16_LAST()                                \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0,  0)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1,  8)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24)  \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32)  \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40)  \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48)  \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56)
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
+    word32 blocks)
+{
+    word32* k = (word32*)K;
+
+    __asm__ __volatile__ (
+        /* Load digest. */
+        "ld     t0, 0(%[digest])\n\t"
+        "ld     t2, 8(%[digest])\n\t"
+        "ld     s8, 16(%[digest])\n\t"
+        "ld     s10, 24(%[digest])\n\t"
+        "srli   t1, t0, 32\n\t"
+        "srli   t3, t2, 32\n\t"
+        "srli   s9, s8, 32\n\t"
+        "srli   s11, s10, 32\n\t"
+
+        /* 4 rounds of 16 per block. */
+        "slli   %[blocks], %[blocks], 2\n\t"
+
+    "\n1:\n\t"
+        /* beginning of SHA256 block operation */
+        /* Load W */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        LOAD_DWORD_REV(s0,  0, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s1,  8, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7)
+#else
+        "lwu    a4, 0(%[data])\n\t"
+        "lwu    s0, 4(%[data])\n\t"
+        "lwu    a5, 8(%[data])\n\t"
+        "lwu    s1, 12(%[data])\n\t"
+        "lwu    a6, 16(%[data])\n\t"
+        "lwu    s2, 20(%[data])\n\t"
+        "lwu    a7, 24(%[data])\n\t"
+        "lwu    s3, 28(%[data])\n\t"
+        PACK_BB(s0, s0, a4, REG_S0, REG_S0, REG_A4)
+        PACK_BB(s1, s1, a5, REG_S1, REG_S1, REG_A5)
+        PACK_BB(s2, s2, a6, REG_S2, REG_S2, REG_A6)
+        PACK_BB(s3, s3, a7, REG_S3, REG_S3, REG_A7)
+        REV8(REG_S0, REG_S0)
+        REV8(REG_S1, REG_S1)
+        REV8(REG_S2, REG_S2)
+        REV8(REG_S3, REG_S3)
+        "lwu    a4, 32(%[data])\n\t"
+        "lwu    s4, 36(%[data])\n\t"
+        "lwu    a5, 40(%[data])\n\t"
+        "lwu    s5, 44(%[data])\n\t"
+        "lwu    a6, 48(%[data])\n\t"
+        "lwu    s6, 52(%[data])\n\t"
+        "lwu    a7, 56(%[data])\n\t"
+        "lwu    s7, 60(%[data])\n\t"
+        PACK_BB(s4, s4, a4, REG_S4, REG_S4, REG_A4)
+        PACK_BB(s5, s5, a5, REG_S5, REG_S5, REG_A5)
+        PACK_BB(s6, s6, a6, REG_S6, REG_S6, REG_A6)
+        PACK_BB(s7, s7, a7, REG_S7, REG_S7, REG_A7)
+        REV8(REG_S4, REG_S4)
+        REV8(REG_S5, REG_S5)
+        REV8(REG_S6, REG_S6)
+        REV8(REG_S7, REG_S7)
+#endif
+
+        /* Subtract one as there are only 3 loops. */
+        "addi   %[blocks], %[blocks], -1\n\t"
+    "\n2:\n\t"
+        RND16()
+        "addi   %[blocks], %[blocks], -1\n\t"
+        "add    %[k], %[k], 64\n\t"
+        "andi   a4, %[blocks], 3\n\t"
+        "bnez   a4, 2b \n\t"
+        RND16_LAST()
+        "addi   %[k], %[k], -192\n\t"
+
+        "# Add working vars back into digest state.\n\t"
+        "ld     a4, 0(%[digest])\n\t"
+        "ld     a5, 8(%[digest])\n\t"
+        "ld     a6, 16(%[digest])\n\t"
+        "ld     a7, 24(%[digest])\n\t"
+        "addw   t0, t0, a4\n\t"
+        "addw   t2, t2, a5\n\t"
+        "addw   s8, s8, a6\n\t"
+        "addw   s10, s10, a7\n\t"
+        "srli   a4, a4, 32\n\t"
+        "srli   a5, a5, 32\n\t"
+        "srli   a6, a6, 32\n\t"
+        "srli   a7, a7, 32\n\t"
+        "addw   t1, t1, a4\n\t"
+        "addw   t3, t3, a5\n\t"
+        "addw   s9, s9, a6\n\t"
+        "addw   s11, s11, a7\n\t"
+
+        /* Store digest. */
+        "sw     t0, 0(%[digest])\n\t"
+        "sw     t1, 4(%[digest])\n\t"
+        "sw     t2, 8(%[digest])\n\t"
+        "sw     t3, 12(%[digest])\n\t"
+        "sw     s8, 16(%[digest])\n\t"
+        "sw     s9, 20(%[digest])\n\t"
+        "sw     s10, 24(%[digest])\n\t"
+        "sw     s11, 28(%[digest])\n\t"
+
+        "add    %[data], %[data], 64\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha256->digest)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s0", "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10",
+          "s11"
+    );
+}
+
+#else
+
+/* Two rounds of compression using low two 32-bit W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CL_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101111 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Two rounds of compression using upper two 32-bit W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CH_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101110 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Update 4 W values - message scheduling. */
+#define VSHA2MS_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101101 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+#define RND4(w0, w1, w2, w3, k)                     \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V7, w0, k)                          \
+    VMV_X_S(REG_T1, w1)                             \
+    VSHA2CL_VV(REG_V5, REG_V7, REG_V4)              \
+    VMV_V_V(REG_V6, w2)                             \
+    VSHA2CH_VV(REG_V4, REG_V7, REG_V5)              \
+    /* Update 4 W values - message schedule. */     \
+    VMV_S_X(REG_V6, REG_T1)                         \
+    VSHA2MS_VV(w0, w3, REG_V6)
+
+#define RND4_LAST(w, k)                             \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V7, w, k)                           \
+    VSHA2CL_VV(REG_V5, REG_V7, REG_V4)              \
+    VSHA2CH_VV(REG_V4, REG_V7, REG_V5)
+
+#define RND16(k)                                    \
+    RND4(REG_V0, REG_V1, REG_V2, REG_V3, (k + 0))   \
+    RND4(REG_V1, REG_V2, REG_V3, REG_V0, (k + 1))   \
+    RND4(REG_V2, REG_V3, REG_V0, REG_V1, (k + 2))   \
+    RND4(REG_V3, REG_V0, REG_V1, REG_V2, (k + 3))
+
+#define RND16_LAST(k)           \
+    RND4_LAST(REG_V0, (k + 0))  \
+    RND4_LAST(REG_V1, (k + 1))  \
+    RND4_LAST(REG_V2, (k + 2))  \
+    RND4_LAST(REG_V3, (k + 3))
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static void Sha256Transform(wc_Sha256* sha256, const byte* data,
+    word32 blocks)
+{
+    word32* k = (word32*)K;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000)
+
+        /* Load: a|b|e|f, c|d|g|h
+         *       3 2 1 0  3 2 1 0
+         */
+        "mv     t0, %[digest]\n\t"
+        VL2RE32_V(REG_V4, REG_T0)
+
+        "mv     t0, %[k]\n\t"
+        VL8RE32_V(REG_V8, REG_T0)
+        "addi   t0, %[k], 128\n\t"
+        VL8RE32_V(REG_V16, REG_T0)
+
+    "\n1:\n\t"
+        VMV_V_V(REG_V30, REG_V4)
+        VMV_V_V(REG_V31, REG_V5)
+
+        /* Load 16 W into 4 vectors of 4 32-bit words. */
+        "mv     t0, %[data]\n\t"
+        VL4RE32_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V1, REG_V1)
+        VREV8(REG_V2, REG_V2)
+        VREV8(REG_V3, REG_V3)
+
+        RND16(REG_V8)
+        RND16(REG_V12)
+        RND16(REG_V16)
+        RND16_LAST(REG_V20)
+
+        VADD_VV(REG_V4, REG_V4, REG_V30)
+        VADD_VV(REG_V5, REG_V5, REG_V31)
+
+        "addi   %[blocks], %[blocks], -1\n\t"
+        "add    %[data], %[data], 64\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        "mv     t0, %[digest]\n\t"
+        VS2R_V(REG_V4, REG_T0)
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha256->digest)
+        : "cc", "memory", "t0", "t1"
+    );
+}
+
+#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ */
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
+{
+    word32 add;
+    word32 blocks;
+
+    /* only perform actions if a buffer is passed in */
+    if (len > 0) {
+        AddLength(sha256, len);
+
+        if (sha256->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+             XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+             sha256->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                 Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                 sha256->buffLen = 0;
+             }
+        }
+
+        /* number of blocks in a row to complete */
+        blocks = len / WC_SHA256_BLOCK_SIZE;
+
+        if (blocks > 0) {
+            Sha256Transform(sha256, data, blocks);
+            data += blocks * WC_SHA256_BLOCK_SIZE;
+            len  -= blocks * WC_SHA256_BLOCK_SIZE;
+        }
+
+        if (len > 0) {
+            /* copy over any remaining data leftover */
+            XMEMCPY(sha256->buffer, data, len);
+            sha256->buffLen = len;
+        }
+    }
+
+    /* account for possibility of not used if len = 0 */
+    (void)add;
+    (void)blocks;
+
+    return 0;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ */
+static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash)
+{
+    byte* local;
+
+    local = (byte*)sha256->buffer;
+    local[sha256->buffLen++] = 0x80;     /* add 1 */
+
+    /* pad with zeros */
+    if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
+        XMEMSET(&local[sha256->buffLen], 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+        sha256->buffLen = 0;
+    }
+    XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_PAD_SIZE - sha256->buffLen);
+
+    /* put lengths in bits */
+    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
+        (sha256->hiLen << 3);
+    sha256->loLen = sha256->loLen << 3;
+
+    XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
+    XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
+        sizeof(word32));
+
+    /* store lengths */
+    __asm__ __volatile__ (
+        /* Reverse byte order of 32-bit words. */
+#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t1, 56(%[buff])\n\t"
+        REV8(REG_T1, REG_T1)
+        "srli   t0, t1, 32\n\t"
+        "sw     t0, 56(%[buff])\n\t"
+        "sw     t1, 60(%[buff])\n\t"
+#else
+        LOAD_WORD_REV(t0, 56, %[buff], t2, t3, t4)
+        LOAD_WORD_REV(t1, 60, %[buff], t2, t3, t4)
+        "sw     t0, 56(%[buff])\n\t"
+        "sw     t1, 60(%[buff])\n\t"
+#endif
+        :
+        : [buff] "r" (sha256->buffer)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4"
+    );
+
+    Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+
+    __asm__ __volatile__ (
+        /* Reverse byte order of 32-bit words. */
+#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000)
+        "mv     t0, %[digest]\n\t"
+        VL2RE32_V(REG_V8, REG_T0)
+        VREV8(REG_V8, REG_V8)
+        VREV8(REG_V9, REG_V9)
+        /* a|b|e|f, c|d|g|h
+         * 3 2 1 0  3 2 1 0 */
+        VSLIDEDOWN_VI(REG_V0, REG_V8, 3) /* a */
+        VSLIDEDOWN_VI(REG_V2, REG_V8, 2) /* b */
+        VSLIDEDOWN_VI(REG_V1, REG_V8, 1) /* e */
+        VSLIDEDOWN_VI(REG_V3, REG_V9, 3) /* c */
+        VSLIDEDOWN_VI(REG_V4, REG_V9, 2) /* d */
+        VSLIDEDOWN_VI(REG_V5, REG_V9, 1) /* g */
+        /* -|-|-|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V0, REG_V2, 1)
+        /* -|-|b|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V0, REG_V3, 2)
+        /* -|c|b|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V0, REG_V4, 3)
+        /* d|c|b|a, -|-|-|e */
+        VSLIDEUP_VI(REG_V1, REG_V8, 1)
+        /* d|c|b|a, -|-|f|e */
+        VSLIDEUP_VI(REG_V1, REG_V5, 2)
+        /* d|c|b|a, -|g|f|e */
+        VSLIDEUP_VI(REG_V1, REG_V9, 3)
+        /* d|c|b|a, h|g|f|e */
+        "mv     t0, %[hash]\n\t"
+        VS2R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000)
+        "mv     t0, %[digest]\n\t"
+        VL2RE32_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V1, REG_V1)
+        "mv     t0, %[hash]\n\t"
+        VS2R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t1, 0(%[digest])\n\t"
+        "ld     t3, 8(%[digest])\n\t"
+        "ld     a5, 16(%[digest])\n\t"
+        "ld     a7, 24(%[digest])\n\t"
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T3, REG_T3)
+        REV8(REG_A5, REG_A5)
+        REV8(REG_A7, REG_A7)
+        "srli   t0, t1, 32\n\t"
+        "srli   t2, t3, 32\n\t"
+        "srli   a4, a5, 32\n\t"
+        "srli   a6, a7, 32\n\t"
+        "sw     t0, 0(%[hash])\n\t"
+        "sw     t1, 4(%[hash])\n\t"
+        "sw     t2, 8(%[hash])\n\t"
+        "sw     t3, 12(%[hash])\n\t"
+        "sw     a4, 16(%[hash])\n\t"
+        "sw     a5, 20(%[hash])\n\t"
+        "sw     a6, 24(%[hash])\n\t"
+        "sw     a7, 28(%[hash])\n\t"
+#else
+        LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a4, 8, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a5, 12, %[digest], t2, t3, t4)
+        "sw     t0, 0(%[hash])\n\t"
+        "sw     t1, 4(%[hash])\n\t"
+        "sw     a4, 8(%[hash])\n\t"
+        "sw     a5, 12(%[hash])\n\t"
+        LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a4, 24, %[digest], t2, t3, t4)
+        LOAD_WORD_REV(a5, 28, %[digest], t2, t3, t4)
+        "sw     t0, 16(%[hash])\n\t"
+        "sw     t1, 20(%[hash])\n\t"
+        "sw     a4, 24(%[hash])\n\t"
+        "sw     a5, 28(%[hash])\n\t"
+#endif
+        :
+        : [digest] "r" (sha256->digest), [hash] "r" (hash)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7"
+    );
+}
+
+
+#ifndef NO_SHA256
+
+/* Initialize SHA-256 object for hashing.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 is NULL.
+ */
+int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (sha256 == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        sha256->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        sha256->devId = devId;
+    #endif
+        (void)devId;
+
+        InitSha256(sha256);
+    }
+
+    return ret;
+}
+
+/* Initialize SHA-256 object for hashing.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 is NULL.
+ */
+int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+/* Free the SHA-256 hash.
+ *
+ * @param [in] sha256  SHA-256 object.
+ */
+void wc_Sha256Free(wc_Sha256* sha256)
+{
+    /* No dynamic memory allocated. */
+    (void)sha256;
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || ((data == NULL) && (len != 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha256Update(sha256, data, len);
+    }
+
+    return ret;
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or hash is NULL.
+ */
+int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+    #ifdef LITTLE_ENDIAN_ORDER
+        word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+
+        ByteReverseWords((word32*)digest, (word32*)sha256->digest,
+            WC_SHA256_DIGEST_SIZE);
+        XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
+    #else
+        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+    #endif
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or hash is NULL.
+ */
+int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha256Final(sha256, hash);
+        /* Restart SHA-256 object for next hash. */
+        InitSha256(sha256);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or hash is NULL.
+ */
+int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha256 tmpSha256;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha256Copy(sha256, &tmpSha256);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha256Final(&tmpSha256, hash);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-256 object.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha256 != NULL) {
+        sha256->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-256 object.
+ *
+ * @param [in]  sha256  SHA-256 object.
+ * @param [out] flags   Flags from SHA-256 object.
+ * @return  0 on success.
+ */
+int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha256 != NULL) && (flags != NULL)) {
+        *flags = sha256->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-256 object.
+ *
+ * @param [in]  src  SHA-256 object to copy.
+ * @param [out] dst  SHA-256 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha256));
+    }
+
+    return ret;
+}
+
+#ifdef OPENSSL_EXTRA
+/* Update the hash with one block of data.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or data is NULL.
+ */
+int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE);
+    #else
+        XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
+    #endif
+        Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+/* Update the hash with one block of data and optionally get hash.
+ *
+ * @param [in, out] sha256  SHA-256 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [out]     hash    Buffer to hold hash. May be NULL.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha256 or data is NULL.
+ */
+int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
+    unsigned char* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha256 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Hash block. */
+        Sha256Transform(sha256, data, 1);
+
+        if (hash != NULL) {
+            /* Reverse bytes in digest. */
+        #ifdef LITTLE_ENDIAN_ORDER
+            word32* hash32 = (word32*)hash;
+            word32* digest = (word32*)sha256->digest;
+            hash32[0] = ByteReverseWord32(digest[0]);
+            hash32[1] = ByteReverseWord32(digest[1]);
+            hash32[2] = ByteReverseWord32(digest[2]);
+            hash32[3] = ByteReverseWord32(digest[3]);
+            hash32[4] = ByteReverseWord32(digest[4]);
+            hash32[5] = ByteReverseWord32(digest[5]);
+            hash32[6] = ByteReverseWord32(digest[6]);
+            hash32[7] = ByteReverseWord32(digest[7]);
+        #else
+            XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+        #endif
+            /* Reset state. */
+        #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+            sha256->digest[0] = 0x6A09E667L;
+            sha256->digest[1] = 0xBB67AE85L;
+            sha256->digest[2] = 0x3C6EF372L;
+            sha256->digest[3] = 0xA54FF53AL;
+            sha256->digest[4] = 0x510E527FL;
+            sha256->digest[5] = 0x9B05688CL;
+            sha256->digest[6] = 0x1F83D9ABL;
+            sha256->digest[7] = 0x5BE0CD19L;
+        #else
+            /* f, e, b, a, h, g, d, c */
+            sha256->digest[0] = 0x9B05688CL;
+            sha256->digest[1] = 0x510E527FL;
+            sha256->digest[2] = 0xBB67AE85L;
+            sha256->digest[3] = 0x6A09E667L;
+            sha256->digest[4] = 0x5BE0CD19L;
+            sha256->digest[5] = 0x1F83D9ABL;
+            sha256->digest[6] = 0xA54FF53AL;
+            sha256->digest[7] = 0x3C6EF372L;
+        #endif
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
+
+#endif /* !NO_SHA256 */
+
+
+#ifdef WOLFSSL_SHA224
+
+/* Initialize SHA-224 object for hashing.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ */
+static void InitSha224(wc_Sha224* sha224)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha224->digest[0] = 0xc1059ed8;
+    sha224->digest[1] = 0x367cd507;
+    sha224->digest[2] = 0x3070dd17;
+    sha224->digest[3] = 0xf70e5939;
+    sha224->digest[4] = 0xffc00b31;
+    sha224->digest[5] = 0x68581511;
+    sha224->digest[6] = 0x64f98fa7;
+    sha224->digest[7] = 0xbefa4fa4;
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha224->digest[0] = 0x68581511;
+    sha224->digest[1] = 0xffc00b31;
+    sha224->digest[2] = 0x367cd507;
+    sha224->digest[3] = 0xc1059ed8;
+    sha224->digest[4] = 0xbefa4fa4;
+    sha224->digest[5] = 0x64f98fa7;
+    sha224->digest[6] = 0xf70e5939;
+    sha224->digest[7] = 0x3070dd17;
+#endif
+
+    /* No hashed data. */
+    sha224->buffLen = 0;
+    /* No data hashed. */
+    sha224->loLen   = 0;
+    sha224->hiLen   = 0;
+
+#ifdef WOLFSSL_HASH_FLAGS
+    sha224->flags = 0;
+#endif
+}
+
+/* Initialize SHA-224 object for hashing.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 is NULL.
+ */
+int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (sha224 == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        sha224->heap = heap;
+        (void)devId;
+
+        InitSha224(sha224);
+    }
+
+    return ret;
+}
+
+/* Initialize SHA-224 object for hashing.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 is NULL.
+ */
+int wc_InitSha224(wc_Sha224* sha224)
+{
+    return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha224 == NULL) || ((data == NULL) && (len > 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha256Update((wc_Sha256 *)sha224, data, len);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 or hash is NULL.
+ */
+int wc_Sha224Final(wc_Sha224* sha224, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha224 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        word32 hashTmp[WC_SHA256_DIGEST_SIZE/sizeof(word32)];
+        /* Finalize hash. */
+        Sha256Final((wc_Sha256*)sha224, (byte*)hashTmp);
+        /* Return only 224 bits. */
+        XMEMCPY(hash, hashTmp, WC_SHA224_DIGEST_SIZE);
+        /* Restart SHA-256 object for next hash. */
+        InitSha224(sha224);
+    }
+
+    return ret;
+}
+
+/* Free the SHA-224 hash.
+ *
+ * @param [in] sha224  SHA-224 object.
+ */
+void wc_Sha224Free(wc_Sha224* sha224)
+{
+    /* No dynamic memory allocated. */
+    (void)sha224;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha224 or hash is NULL.
+ */
+int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha224 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha224 tmpSha224;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha224Copy(sha224, &tmpSha224);
+        if (ret == 0) {
+            /* Finalize copy. */
+            ret = wc_Sha224Final(&tmpSha224, hash);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-224 object.
+ *
+ * @param [in, out] sha224  SHA-224 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha224 != NULL) {
+        sha224->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-224 object.
+ *
+ * @param [in]  sha224  SHA-224 object.
+ * @param [out] flags   Flags from SHA-224 object.
+ * @return  0 on success.
+ */
+int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha224 != NULL) && (flags != NULL)) {
+        *flags = sha224->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-224 object.
+ *
+ * @param [in]  src  SHA-224 object to copy.
+ * @param [out] dst  SHA-224 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha224));
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_SHA224 */
+
+#endif /* !NO_SHA256 || WOLFSSL_SHA224 */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha3.c b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
new file mode 100644
index 000000000..dd9000c09
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
@@ -0,0 +1,863 @@
+/* riscv-64-sha3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
+    !defined(WOLFSSL_AFALG_XILINX_SHA3)
+
+#if FIPS_VERSION3_GE(2,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+    #ifdef USE_WINDOWS_API
+        #pragma code_seg(".fipsA$n")
+        #pragma const_seg(".fipsB$n")
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha3.h>
+
+static const word64 hash_keccak_r[24] =
+{
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL
+};
+
+#ifndef WOLFSSL_RISCV_VECTOR
+
+#define S0_0     "a1"
+#define S0_1     "a2"
+#define S0_2     "a3"
+#define S0_3     "a4"
+#define S0_4     "a5"
+#define S1_0     "s1"
+#define S1_1     "s2"
+#define S1_2     "s3"
+#define S1_3     "s4"
+#define S1_4     "s5"
+#define S2_0     "s6"
+#define S2_1     "s7"
+#define S2_2     "s8"
+#define S2_3     "s9"
+#define S2_4     "s10"
+#define S3_0     "t0"
+#define S3_1     "t1"
+#define S3_2     "t2"
+#define S3_3     "t3"
+#define S3_4     "t4"
+
+#define T_0      "a6"
+#define T_1      "a7"
+#define T_2      "t5"
+#define T_3      "t6"
+#define T_4      "s11"
+
+#define SR0_0    REG_A1
+#define SR0_1    REG_A2
+#define SR0_2    REG_A3
+#define SR0_3    REG_A4
+#define SR0_4    REG_A5
+#define SR1_0    REG_S1
+#define SR1_1    REG_S2
+#define SR1_2    REG_S3
+#define SR1_3    REG_S4
+#define SR1_4    REG_S5
+#define SR2_0    REG_S6
+#define SR2_1    REG_S7
+#define SR2_2    REG_S8
+#define SR2_3    REG_S9
+#define SR2_4    REG_S10
+#define SR3_0    REG_T0
+#define SR3_1    REG_T1
+#define SR3_2    REG_T2
+#define SR3_3    REG_T3
+#define SR3_4    REG_T4
+
+#define TR_0     REG_A6
+#define TR_1     REG_A7
+#define TR_2     REG_T5
+#define TR_3     REG_T6
+#define TR_4     REG_S11
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+#define SWAP_ROTL(t0, tr0, t1, s, sr, rr, rl)       \
+        "mv    " t1 ", " s  "\n\t"                  \
+        "srli  " s  ", " t0 ", " #rr "\n\t"         \
+        "slli  " t0 ", " t0 ", " #rl "\n\t"         \
+        "or    " s  ", " s  ", " t0 "\n\t"
+
+#define SWAP_ROTL_MEM(t0, tr0, t1, t2, s, rr, rl)   \
+        "ld    " t1 ", " #s "(%[s])\n\t"            \
+        "srli  " t2 ", " t0 ", " #rr "\n\t"         \
+        "slli  " t0 ", " t0 ", " #rl "\n\t"         \
+        "or    " t0 ", " t0 ", " t2 "\n\t"          \
+        "sd    " t0 ", " #s "(%[s])\n\t"
+
+#else
+
+#define SWAP_ROTL(t0, tr0, t1, s, sr, rr, rl)       \
+        "mv    " t1 ", " s "\n\t"                   \
+        RORI(sr, tr0, rr)
+
+#define SWAP_ROTL_MEM(t0, tr0, t1, t2, s, rr, rl)   \
+        "ld    " t1 ", " #s "(%[s])\n\t"            \
+        RORI(tr0, tr0, rr)                          \
+        "sd    " t0 ", " #s "(%[s])\n\t"
+
+#endif
+
+void BlockSha3(word64* s)
+{
+    const word64* r = hash_keccak_r;
+
+    __asm__ __volatile__ (
+        "addi   sp, sp, -24\n\t"
+        "li     " T_4 ", 24\n\t"
+        "ld     " S0_0 ", 0(%[s])\n\t"
+        "ld     " S0_1 ", 8(%[s])\n\t"
+        "ld     " S0_2 ", 16(%[s])\n\t"
+        "ld     " S0_3 ", 24(%[s])\n\t"
+        "ld     " S0_4 ", 32(%[s])\n\t"
+        "ld     " S1_0 ", 40(%[s])\n\t"
+        "ld     " S1_1 ", 48(%[s])\n\t"
+        "ld     " S1_2 ", 56(%[s])\n\t"
+        "ld     " S1_3 ", 64(%[s])\n\t"
+        "ld     " S1_4 ", 72(%[s])\n\t"
+        "ld     " S2_0 ", 80(%[s])\n\t"
+        "ld     " S2_1 ", 88(%[s])\n\t"
+        "ld     " S2_2 ", 96(%[s])\n\t"
+        "ld     " S2_3 ", 104(%[s])\n\t"
+        "ld     " S2_4 ", 112(%[s])\n\t"
+        "ld     " S3_0 ", 120(%[s])\n\t"
+        "ld     " S3_1 ", 128(%[s])\n\t"
+        "ld     " S3_2 ", 136(%[s])\n\t"
+        "ld     " S3_3 ", 144(%[s])\n\t"
+        "ld     " S3_4 ", 152(%[s])\n\t"
+        "ld     " T_0 ", 160(%[s])\n\t"
+        "ld     " T_1 ", 168(%[s])\n\t"
+        "ld     " T_2 ", 176(%[s])\n\t"
+        "\n"
+    "L_riscv_64_block_sha3_loop:\n\t"
+        "sd     " T_4 ", 16(sp)\n\t"
+
+        /* COLUMN MIX */
+        /* Calc b[0], b[1], b[2], b[3], b[4] */
+        "ld     " T_3 ", 184(%[s])\n\t"
+        "ld     " T_4 ", 192(%[s])\n\t"
+        "xor    " T_0 ", " T_0 ", " S0_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S0_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S0_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S0_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S0_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S1_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S1_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S1_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S1_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S1_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S2_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S2_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S2_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S2_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S2_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S3_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S3_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S3_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S3_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S3_4 "\n\t"
+        "sd     " T_1 ", 0(sp)\n\t"
+        "sd     " T_3 ", 8(sp)\n\t"
+        /* T_0, T_1, T_2, T_3, T_4 */
+
+        /* s[0],s[5],s[10],s[15],s[20] ^= b[4] ^ ROTL(b[1], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_1 ", 63\n\t"
+        "slli   " T_1 ", " T_1 ", 1\n\t"
+        "or     " T_1 ", " T_1 ", " T_3 "\n\t"
+#else
+        RORI(TR_1, TR_1, 63)
+#endif
+        "ld     " T_3 ", 160(%[s])\n\t"
+        "xor    " T_1 ", " T_1 ", " T_4 "\n\t"
+        "xor    " S0_0 ", " S0_0 ", " T_1 "\n\t"
+        "xor    " S1_0 ", " S1_0 ", " T_1 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S2_0 ", " S2_0 ", " T_1 "\n\t"
+        "xor    " S3_0 ", " S3_0 ", " T_1 "\n\t"
+        "sd     " T_3 ", 160(%[s])\n\t"
+        /* T_0, T_2, T_4 */
+
+        /* s[1],s[6],s[11],s[16],s[21] ^= b[0] ^ ROTL(b[2], 1)*/
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_2 ", 63\n\t"
+        "slli   " T_1 ", " T_2 ", 1\n\t"
+        "or     " T_1 ", " T_1 ", " T_3 "\n\t"
+#else
+        RORI(TR_1, TR_2, 63)
+#endif
+        "ld     " T_3 ", 168(%[s])\n\t"
+        "xor    " T_1 ", " T_1 ", " T_0 "\n\t"
+        "xor    " S0_1 ", " S0_1 ", " T_1 "\n\t"
+        "xor    " S1_1 ", " S1_1 ", " T_1 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S2_1 ", " S2_1 ", " T_1 "\n\t"
+        "xor    " S3_1 ", " S3_1 ", " T_1 "\n\t"
+        "sd     " T_3 ", 168(%[s])\n\t"
+        /* T_0, T_2, T_4 */
+
+        /* s[3],s[8],s[13],s[18],s[23] ^= b[2] ^ ROTL(b[4], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_4 ", 63\n\t"
+        "slli   " T_4 ", " T_4 ", 1\n\t"
+        "or     " T_4 ", " T_4 ", " T_3 "\n\t"
+#else
+        RORI(TR_4, TR_4, 63)
+#endif
+        "ld     " T_3 ", 184(%[s])\n\t"
+        "xor    " T_4 ", " T_4 ", " T_2 "\n\t"
+        "xor    " S0_3 ", " S0_3 ", " T_4 "\n\t"
+        "xor    " S1_3 ", " S1_3 ", " T_4 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_4 "\n\t"
+        "xor    " S2_3 ", " S2_3 ", " T_4 "\n\t"
+        "xor    " S3_3 ", " S3_3 ", " T_4 "\n\t"
+        "sd     " T_3 ", 184(%[s])\n\t"
+        /* T_0, T_2 */
+
+        "ld     " T_3 ", 8(sp)\n\t"
+        /* s[4],s[9],s[14],s[19],s[24] ^= b[3] ^ ROTL(b[0], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_2 ", " T_0 ", 63\n\t"
+        "slli   " T_0 ", " T_0 ", 1\n\t"
+        "or     " T_0 ", " T_0 ", " T_2 "\n\t"
+#else
+        RORI(TR_0, TR_0, 63)
+#endif
+        "ld     " T_4 ", 192(%[s])\n\t"
+        "xor    " T_0 ", " T_0 ", " T_3 "\n\t"
+        "xor    " S0_4 ", " S0_4 ", " T_0 "\n\t"
+        "xor    " S1_4 ", " S1_4 ", " T_0 "\n\t"
+        "xor    " T_4 ", " T_4 ", " T_0 "\n\t"
+        "xor    " S2_4 ", " S2_4 ", " T_0 "\n\t"
+        "xor    " S3_4 ", " S3_4 ", " T_0 "\n\t"
+        /* T_3 */
+
+        "ld     " T_1 ", 0(sp)\n\t"
+        /* s[2],s[7],s[12],s[17],s[22] ^= b[1] ^ ROTL(b[3], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_2 ", " T_3 ", 63\n\t"
+        "slli   " T_3 ", " T_3 ", 1\n\t"
+        "or     " T_3 ", " T_3 ", " T_2 "\n\t"
+#else
+        RORI(TR_3, TR_3, 63)
+#endif
+        "ld     " T_2 ", 176(%[s])\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S0_2 ", " S0_2 ", " T_3 "\n\t"
+        "xor    " S1_2 ", " S1_2 ", " T_3 "\n\t"
+        "xor    " T_2 ", " T_2 ", " T_3 "\n\t"
+        "xor    " S2_2 ", " S2_2 ", " T_3 "\n\t"
+        "xor    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+
+        /* SWAP ROTL */
+        /* t0 = s[10], s[10] = s[1] >>> 63 */
+        "mv    " T_0 ", " S2_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli  " T_1 ", " S0_1 ", 63\n\t"
+        "slli  " S2_0 ", " S0_1 ", 1\n\t"
+        "or    " S2_0 ", " S2_0 ", " T_1 "\n\t"
+#else
+        RORI(SR2_0, SR0_1, 63)
+#endif
+        /* t1 = s[ 7], s[ 7] = t0 >>> 61 */
+        SWAP_ROTL(T_0, TR_0, T_1, S1_2, SR1_2, 61, 3)
+        /* t0 = s[11], s[11] = t1 >>> 58 */
+        SWAP_ROTL(T_1, TR_1, T_0, S2_1, SR2_1, 58, 6)
+        /* t1 = s[17], s[17] = t0 >>> 54 */
+        SWAP_ROTL(T_0, TR_0, T_1, S3_2, SR3_2, 54, 10)
+        /* t0 = s[18], s[18] = t1 >>> 49 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_3, SR3_3, 49, 15)
+        /* t1 = s[ 3], s[ 3] = t0 >>> 43 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_3, SR0_3, 43, 21)
+        /* t0 = s[ 5], s[ 5] = t1 >>> 36 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_0, SR1_0, 36, 28)
+        /* t1 = s[16], s[16] = t0 >>> 28 */
+        SWAP_ROTL(T_0, TR_0, T_1, S3_1, SR3_1, 28, 36)
+        /* t0 = s[ 8], s[ 8] = t1 >>> 19 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_3, SR1_3, 19, 45)
+        /* t1 = s[21], s[21] = t0 >>>  9 */
+        SWAP_ROTL_MEM(T_0, TR_0, T_1, T_3, 168,  9, 55)
+        /* t0 = s[24], s[24] = t1 >>> 62 */
+        SWAP_ROTL(T_1, TR_1, T_0, T_4, TR_4, 62,  2)
+        /* t1 = s[ 4], s[ 4] = t0 >>> 50 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_4, SR0_4, 50, 14)
+        /* t0 = s[15], s[15] = t1 >>> 37 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_0, SR3_0, 37, 27)
+        /* t1 = s[23], s[23] = t0 >>> 23 */
+        SWAP_ROTL_MEM(T_0, TR_0, T_1, T_3, 184, 23, 41)
+        /* t0 = s[19], s[19] = t1 >>>  8 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_4, SR3_4,  8, 56)
+        /* t1 = s[13], s[13] = t0 >>> 56 */
+        SWAP_ROTL(T_0, TR_0, T_1, S2_3, SR2_3, 56,  8)
+        /* t0 = s[12], s[12] = t1 >>> 39 */
+        SWAP_ROTL(T_1, TR_1, T_0, S2_2, SR2_2, 39, 25)
+        /* t1 = s[ 2], s[ 2] = t0 >>> 21 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_2, SR0_2, 21, 43)
+        /* t0 = s[20], s[20] = t1 >>>  2 */
+        SWAP_ROTL_MEM(T_1, TR_1, T_0, T_3, 160,  2, 62)
+        /* t1 = s[14], s[14] = t0 >>> 46 */
+        SWAP_ROTL(T_0, TR_0, T_1, S2_4, SR2_4, 46, 18)
+        /* t0 = s[22], s[22] = t1 >>> 25 */
+        SWAP_ROTL(T_1, TR_1, T_0, T_2, TR_2, 25, 39)
+        /* t1 = s[ 9], s[ 9] = t0 >>> 3 */
+        SWAP_ROTL(T_0, TR_0, T_1, S1_4, SR1_4,  3, 61)
+        /* t0 = s[ 6], s[ 6] = t1 >>> 44 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_1, SR1_1, 44, 20)
+        /*             s[ 1] = t0 >>> 20 */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli  " S0_1 ", " T_0 ", 20\n\t"
+        "slli  " T_0 ", " T_0 ", 44\n\t"
+        "or    " S0_1 ", " S0_1 ", " T_0 "\n\t"
+#else
+        RORI(SR0_1, TR_0, 20)
+#endif
+
+        /* ROW MIX */
+        /* s[0] */
+        "mv     " T_0 ", " S0_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_2 "\n\t"
+#else
+        ANDN(TR_3, SR0_2, SR0_1)
+#endif
+        "xor    " S0_0 ", " S0_0 ", " T_3 "\n\t"
+        /* s[1] */
+        "mv     " T_1 ", " S0_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_3 "\n\t"
+#else
+        ANDN(TR_3, SR0_3, SR0_2)
+#endif
+        "xor    " S0_1 ", " S0_1 ", " T_3 "\n\t"
+        /* s[2] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_4 "\n\t"
+#else
+        ANDN(TR_3, SR0_4, SR0_3)
+#endif
+        "xor    " S0_2 ", " S0_2 ", " T_3 "\n\t"
+        /* s[3] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR0_4)
+#endif
+        "xor    " S0_3 ", " S0_3 ", " T_3 "\n\t"
+        /* s[4] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S0_4 ", " S0_4 ", " T_3 "\n\t"
+
+        /* s[5] */
+        "mv     " T_0 ", " S1_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_2 "\n\t"
+#else
+        ANDN(TR_3, SR1_2, SR1_1)
+#endif
+        "xor    " S1_0 ", " S1_0 ", " T_3 "\n\t"
+        /* s[6] */
+        "mv     " T_1 ", " S1_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_3 "\n\t"
+#else
+        ANDN(TR_3, SR1_3, SR1_2)
+#endif
+        "xor    " S1_1 ", " S1_1 ", " T_3 "\n\t"
+        /* s[7] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_4 "\n\t"
+#else
+        ANDN(TR_3, SR1_4, SR1_3)
+#endif
+        "xor    " S1_2 ", " S1_2 ", " T_3 "\n\t"
+        /* s[8] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR1_4)
+#endif
+        "xor    " S1_3 ", " S1_3 ", " T_3 "\n\t"
+        /* s[9] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S1_4 ", " S1_4 ", " T_3 "\n\t"
+
+        /* s[10] */
+        "mv     " T_0 ", " S2_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_2 "\n\t"
+#else
+        ANDN(TR_3, SR2_2, SR2_1)
+#endif
+        "xor    " S2_0 ", " S2_0 ", " T_3 "\n\t"
+        /* s[11] */
+        "mv     " T_1 ", " S2_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_3 "\n\t"
+#else
+        ANDN(TR_3, SR2_3, SR2_2)
+#endif
+        "xor    " S2_1 ", " S2_1 ", " T_3 "\n\t"
+        /* s[12] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_4 "\n\t"
+#else
+        ANDN(TR_3, SR2_4, SR2_3)
+#endif
+        "xor    " S2_2 ", " S2_2 ", " T_3 "\n\t"
+        /* s[13] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR2_4)
+#endif
+        "xor    " S2_3 ", " S2_3 ", " T_3 "\n\t"
+        /* s[14] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S2_4 ", " S2_4 ", " T_3 "\n\t"
+
+        /* s[15] */
+        "mv     " T_0 ", " S3_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_2 "\n\t"
+#else
+        ANDN(TR_3, SR3_2, SR3_1)
+#endif
+        "xor    " S3_0 ", " S3_0 ", " T_3 "\n\t"
+        /* s[16] */
+        "mv     " T_1 ", " S3_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_3 "\n\t"
+#else
+        ANDN(TR_3, SR3_3, SR3_2)
+#endif
+        "xor    " S3_1 ", " S3_1 ", " T_3 "\n\t"
+        /* s[17] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_4 "\n\t"
+#else
+        ANDN(TR_3, SR3_4, SR3_3)
+#endif
+        "xor    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+        /* s[18] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR3_4)
+#endif
+        "xor    " S3_3 ", " S3_3 ", " T_3 "\n\t"
+        /* s[19] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S3_4 ", " S3_4 ", " T_3 "\n\t"
+
+        "sd     " S3_0 ", 120(%[s])\n\t"
+        "sd     " S3_1 ", 128(%[s])\n\t"
+        "sd     " S3_2 ", 136(%[s])\n\t"
+        "ld     " T_0 ", 160(%[s])\n\t"
+        "ld     " T_1 ", 168(%[s])\n\t"
+        "ld     " T_3 ", 184(%[s])\n\t"
+
+        /* s[20] */
+        "mv     " S3_0 ", " T_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_1 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_2 "\n\t"
+#else
+        ANDN(SR3_2, TR_2, TR_1)
+#endif
+        "xor    " T_0 ", " T_0 ", " S3_2 "\n\t"
+        /* s[21] */
+        "mv     " S3_1 ", " T_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_2 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+#else
+        ANDN(SR3_2, TR_3, TR_2)
+#endif
+        "xor    " T_1 ", " T_1 ", " S3_2 "\n\t"
+        /* s[22] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_3 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_4 "\n\t"
+#else
+        ANDN(SR3_2, TR_4, TR_3)
+#endif
+        "xor    " T_2 ", " T_2 ", " S3_2 "\n\t"
+        /* s[23] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_4 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " S3_0 "\n\t"
+#else
+        ANDN(SR3_2, SR3_0, TR_4)
+#endif
+        "xor    " T_3 ", " T_3 ", " S3_2 "\n\t"
+        /* s[24] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " S3_0 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " S3_1 "\n\t"
+#else
+        ANDN(SR3_2, SR3_1, SR3_0)
+#endif
+        "xor    " T_4 ", " T_4 ", " S3_2 "\n\t"
+
+        "ld     " S3_0 ", 120(%[s])\n\t"
+        "ld     " S3_1 ", 128(%[s])\n\t"
+        "ld     " S3_2 ", 136(%[s])\n\t"
+        "sd     " T_0 ", 160(%[s])\n\t"
+        "sd     " T_1 ", 168(%[s])\n\t"
+        "sd     " T_2 ", 176(%[s])\n\t"
+        "sd     " T_3 ", 184(%[s])\n\t"
+        "sd     " T_4 ", 192(%[s])\n\t"
+
+        "ld     " T_4 ", 16(sp)\n\t"
+        "ld     " T_3 ", 0(%[r])\n\t"
+        "addi   %[r], %[r], 8\n\t"
+        "addi   " T_4 ", " T_4 ", -1\n\t"
+        "xor    " S0_0 ", " S0_0 ", " T_3 "\n\t"
+        "bnez   " T_4 ", L_riscv_64_block_sha3_loop\n\t"
+
+        "sd     " S0_0 ", 0(%[s])\n\t"
+        "sd     " S0_1 ", 8(%[s])\n\t"
+        "sd     " S0_2 ", 16(%[s])\n\t"
+        "sd     " S0_3 ", 24(%[s])\n\t"
+        "sd     " S0_4 ", 32(%[s])\n\t"
+        "sd     " S1_0 ", 40(%[s])\n\t"
+        "sd     " S1_1 ", 48(%[s])\n\t"
+        "sd     " S1_2 ", 56(%[s])\n\t"
+        "sd     " S1_3 ", 64(%[s])\n\t"
+        "sd     " S1_4 ", 72(%[s])\n\t"
+        "sd     " S2_0 ", 80(%[s])\n\t"
+        "sd     " S2_1 ", 88(%[s])\n\t"
+        "sd     " S2_2 ", 96(%[s])\n\t"
+        "sd     " S2_3 ", 104(%[s])\n\t"
+        "sd     " S2_4 ", 112(%[s])\n\t"
+        "sd     " S3_0 ", 120(%[s])\n\t"
+        "sd     " S3_1 ", 128(%[s])\n\t"
+        "sd     " S3_2 ", 136(%[s])\n\t"
+        "sd     " S3_3 ", 144(%[s])\n\t"
+        "sd     " S3_4 ", 152(%[s])\n\t"
+
+        "addi   sp, sp, 24\n\t"
+
+        : [r] "+r" (r)
+        : [s] "r" (s)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+           "a1", "a2", "a3", "a4", "a5", "a6", "a7",
+           "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", "s11"
+    );
+}
+
+#else
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define COL_MIX(r, b1, b4)                      \
+        VSLL_VI(REG_V31, b1, 1)                 \
+        VSRL_VX(REG_V30, b1, REG_T1)            \
+        VXOR_VV(REG_V31, REG_V31, b4)           \
+        VXOR_VV(REG_V31, REG_V31, REG_V30)      \
+        VXOR_VV((r +  0), (r +  0), REG_V31)    \
+        VXOR_VV((r +  5), (r +  5), REG_V31)    \
+        VXOR_VV((r + 10), (r + 10), REG_V31)    \
+        VXOR_VV((r + 15), (r + 15), REG_V31)    \
+        VXOR_VV((r + 20), (r + 20), REG_V31)
+
+#define SWAP_ROTL_LO(vr, vt0, vt1, sl)          \
+        VMV_V_V(vt0, vr)                        \
+        "li     t1, 64 - " #sl "\n\t"           \
+        VSLL_VI(vr, vt1, sl)                    \
+        VSRL_VX(vt1, vt1, REG_T1)               \
+        VOR_VV(vr, vr, vt1)
+
+#define SWAP_ROTL_HI(vr, vt0, vt1, sl)          \
+        VMV_V_V(vt0, vr)                        \
+        "li     t1, " #sl "\n\t"                \
+        VSRL_VI(vr, vt1, (64 - sl))             \
+        VSLL_VX(vt1, vt1, REG_T1)               \
+        VOR_VV(vr, vr, vt1)
+
+#define ROW_MIX(r)                              \
+        VMV_V_V(REG_V25, (r + 0))               \
+        VMV_V_V(REG_V26, (r + 1))               \
+        VNOT_V(REG_V30, (r + 1))                \
+        VNOT_V(REG_V31, (r + 2))                \
+        VAND_VV(REG_V30, REG_V30, (r + 2))      \
+        VAND_VV(REG_V31, REG_V31, (r + 3))      \
+        VXOR_VV((r + 0), REG_V30, (r + 0))      \
+        VXOR_VV((r + 1), REG_V31, (r + 1))      \
+        VNOT_V(REG_V30, (r + 3))                \
+        VNOT_V(REG_V31, (r + 4))                \
+        VAND_VV(REG_V30, REG_V30, (r + 4))      \
+        VAND_VV(REG_V31, REG_V31, REG_V25)      \
+        VNOT_V(REG_V25, REG_V25)                \
+        VXOR_VV((r + 2), REG_V30, (r + 2))      \
+        VAND_VV(REG_V25, REG_V25, REG_V26)      \
+        VXOR_VV((r + 3), REG_V31, (r + 3))      \
+        VXOR_VV((r + 4), REG_V25, (r + 4))
+
+#else
+
+#define COL_MIX(r, t)                           \
+        VXOR_VV((r +  0), (r +  0), t)          \
+        VXOR_VV((r +  5), (r +  5), t)          \
+        VXOR_VV((r + 10), (r + 10), t)          \
+        VXOR_VV((r + 15), (r + 15), t)          \
+        VXOR_VV((r + 20), (r + 20), t)
+
+#define SWAP_ROTL(vr, vt0, vt1, sl)             \
+        VMV_V_V(vt0, vr)                        \
+        VROR_VI(vr, (64 - sl), vt1)
+
+#define SWAP_ROTL_LO    SWAP_ROTL
+#define SWAP_ROTL_HI    SWAP_ROTL
+
+#define ROW_MIX(r)                              \
+        VMV_V_V(REG_V25, (r + 0))               \
+        VMV_V_V(REG_V26, (r + 1))               \
+        VANDN_VV(REG_V30, (r + 1), (r + 2))     \
+        VANDN_VV(REG_V31, (r + 2), (r + 3))     \
+        VXOR_VV((r + 0), REG_V30, (r + 0))      \
+        VXOR_VV((r + 1), REG_V31, (r + 1))      \
+        VANDN_VV(REG_V30, (r + 3), (r + 4))     \
+        VANDN_VV(REG_V31, (r + 4), REG_V25)     \
+        VANDN_VV(REG_V25, REG_V25, REG_V26)     \
+        VXOR_VV((r + 2), REG_V30, (r + 2))      \
+        VXOR_VV((r + 3), REG_V31, (r + 3))      \
+        VXOR_VV((r + 4), REG_V25, (r + 4))
+
+#endif
+
+
+void BlockSha3(word64* s)
+{
+    __asm__ __volatile__ (
+        /* 1 x 64-bit */
+        VSETIVLI(REG_X0, 1, 0, 1, 0b011, 0b000)
+
+        "li     t2, 24\n\t"
+        "mv     t0, %[r]\n\t"
+        "mv     t1, %[s]\n\t"
+        VLSEG8E64_V(REG_V0, REG_T1)
+        "addi   t1, %[s], 64\n\t"
+        VLSEG8E64_V(REG_V8, REG_T1)
+        "addi   t1, %[s], 128\n\t"
+        VLSEG8E64_V(REG_V16, REG_T1)
+        "addi   t1, %[s], 192\n\t"
+        VLSEG1E64_V(REG_V24, REG_T1)
+
+        "\n"
+    "L_riscv_64_block_sha3_loop:\n\t"
+
+        /* COLUMN MIX */
+        VXOR_VV(REG_V25, REG_V0, REG_V5)
+        VXOR_VV(REG_V26, REG_V1, REG_V6)
+        VXOR_VV(REG_V27, REG_V2, REG_V7)
+        VXOR_VV(REG_V28, REG_V3, REG_V8)
+        VXOR_VV(REG_V29, REG_V4, REG_V9)
+        VXOR_VV(REG_V25, REG_V25, REG_V10)
+        VXOR_VV(REG_V26, REG_V26, REG_V11)
+        VXOR_VV(REG_V27, REG_V27, REG_V12)
+        VXOR_VV(REG_V28, REG_V28, REG_V13)
+        VXOR_VV(REG_V29, REG_V29, REG_V14)
+        VXOR_VV(REG_V25, REG_V25, REG_V15)
+        VXOR_VV(REG_V26, REG_V26, REG_V16)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        VXOR_VV(REG_V28, REG_V28, REG_V18)
+        VXOR_VV(REG_V29, REG_V29, REG_V19)
+        VXOR_VV(REG_V25, REG_V25, REG_V20)
+        VXOR_VV(REG_V26, REG_V26, REG_V21)
+        VXOR_VV(REG_V27, REG_V27, REG_V22)
+        VXOR_VV(REG_V28, REG_V28, REG_V23)
+        VXOR_VV(REG_V29, REG_V29, REG_V24)
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "li     t1, 63\n\t"
+        COL_MIX(REG_V0, REG_V26, REG_V29)
+        COL_MIX(REG_V1, REG_V27, REG_V25)
+        COL_MIX(REG_V2, REG_V28, REG_V26)
+        COL_MIX(REG_V3, REG_V29, REG_V27)
+        COL_MIX(REG_V4, REG_V25, REG_V28)
+#else
+        VROR_VI(REG_V30, 63, REG_V26)
+        VROR_VI(REG_V31, 63, REG_V27)
+        VXOR_VV(REG_V30, REG_V30, REG_V29)
+        VXOR_VV(REG_V31, REG_V31, REG_V25)
+        COL_MIX(REG_V0, REG_V30)
+        COL_MIX(REG_V1, REG_V31)
+
+        VROR_VI(REG_V30, 63, REG_V28)
+        VROR_VI(REG_V31, 63, REG_V29)
+        VROR_VI(REG_V25, 63, REG_V25)
+        VXOR_VV(REG_V30, REG_V30, REG_V26)
+        VXOR_VV(REG_V31, REG_V31, REG_V27)
+        VXOR_VV(REG_V25, REG_V25, REG_V28)
+        COL_MIX(REG_V2, REG_V30)
+        COL_MIX(REG_V3, REG_V31)
+        COL_MIX(REG_V4, REG_V25)
+#endif
+        /* SWAP ROTL */
+        /* t1 = s[ 1]                   */
+        VMV_V_V(REG_V26, REG_V1)
+        /* t0 = s[10], s[10] = t1 <<< 1 */
+        SWAP_ROTL_LO(REG_V10, REG_V25, REG_V26, 1)
+        /* t1 = s[ 7], s[ 7] = t0 <<< 3 */
+        SWAP_ROTL_LO(REG_V7 , REG_V26, REG_V25, 3)
+        /* t0 = s[11], s[11] = t1 <<< 6 */
+        SWAP_ROTL_LO(REG_V11, REG_V25, REG_V26, 6)
+        /* t1 = s[17], s[17] = t0 <<< 10 */
+        SWAP_ROTL_LO(REG_V17, REG_V26, REG_V25, 10)
+        /* t0 = s[18], s[18] = t1 <<< 15 */
+        SWAP_ROTL_LO(REG_V18, REG_V25, REG_V26, 15)
+        /* t1 = s[ 3], s[ 3] = t0 <<< 21 */
+        SWAP_ROTL_LO(REG_V3 , REG_V26, REG_V25, 21)
+        /* t0 = s[ 5], s[ 5] = t1 <<< 28 */
+        SWAP_ROTL_LO(REG_V5 , REG_V25, REG_V26, 28)
+        /* t1 = s[16], s[16] = t0 <<< 36 */
+        SWAP_ROTL_HI(REG_V16, REG_V26, REG_V25, 36)
+        /* t0 = s[ 8], s[ 8] = t1 <<< 45 */
+        SWAP_ROTL_HI(REG_V8 , REG_V25, REG_V26, 45)
+        /* t1 = s[21], s[21] = t0 <<< 55 */
+        SWAP_ROTL_HI(REG_V21, REG_V26, REG_V25, 55)
+        /* t0 = s[24], s[24] = t1 <<< 2 */
+        SWAP_ROTL_LO(REG_V24, REG_V25, REG_V26,  2)
+        /* t1 = s[ 4], s[ 4] = t0 <<< 14 */
+        SWAP_ROTL_LO(REG_V4 , REG_V26, REG_V25, 14)
+        /* t0 = s[15], s[15] = t1 <<< 27 */
+        SWAP_ROTL_LO(REG_V15, REG_V25, REG_V26, 27)
+        /* t1 = s[23], s[23] = t0 <<< 41 */
+        SWAP_ROTL_HI(REG_V23, REG_V26, REG_V25, 41)
+        /* t0 = s[19], s[19] = t1 <<< 56 */
+        SWAP_ROTL_HI(REG_V19, REG_V25, REG_V26, 56)
+        /* t1 = s[13], s[13] = t0 <<< 8 */
+        SWAP_ROTL_LO(REG_V13, REG_V26, REG_V25,  8)
+        /* t0 = s[12], s[12] = t1 <<< 25 */
+        SWAP_ROTL_LO(REG_V12, REG_V25, REG_V26, 25)
+        /* t1 = s[ 2], s[ 2] = t0 <<< 43 */
+        SWAP_ROTL_HI(REG_V2 , REG_V26, REG_V25, 43)
+        /* t0 = s[20], s[20] = t1 <<< 62 */
+        SWAP_ROTL_HI(REG_V20, REG_V25, REG_V26, 62)
+        /* t1 = s[14], s[14] = t0 <<< 18 */
+        SWAP_ROTL_LO(REG_V14, REG_V26, REG_V25, 18)
+        /* t0 = s[22], s[22] = t1 <<< 39 */
+        SWAP_ROTL_HI(REG_V22, REG_V25, REG_V26, 39)
+        /* t1 = s[ 9], s[ 9] = t0 <<< 61 */
+        SWAP_ROTL_HI(REG_V9 , REG_V26, REG_V25, 61)
+        /* t0 = s[ 6], s[ 6] = t1 <<< 20 */
+        SWAP_ROTL_LO(REG_V6 , REG_V25, REG_V26, 20)
+        /*             s[ 1] = t0 <<< 44 */
+        "li     t1, 44\n\t"
+        VSRL_VI(REG_V1, REG_V25, (64 - 44))
+        VSLL_VX(REG_V25, REG_V25, REG_T1)
+        VOR_VV(REG_V1, REG_V1, REG_V25)
+
+        /* ROW MIX */
+        ROW_MIX(REG_V0)
+        ROW_MIX(REG_V5)
+        ROW_MIX(REG_V10)
+        ROW_MIX(REG_V15)
+        ROW_MIX(REG_V20)
+
+        VL1RE64_V(REG_V25, REG_T0)
+        "addi   t0, t0, 8\n\t"
+        "addi   t2, t2, -1\n\t"
+        VXOR_VV(REG_V0, REG_V0, REG_V25)
+        "bnez   t2, L_riscv_64_block_sha3_loop\n\t"
+
+        "mv     t1, %[s]\n\t"
+        VSSEG8E64_V(REG_V0, REG_T1)
+        "addi   t1, %[s], 64\n\t"
+        VSSEG8E64_V(REG_V8, REG_T1)
+        "addi   t1, %[s], 128\n\t"
+        VSSEG8E64_V(REG_V16, REG_T1)
+        "addi   t1, %[s], 192\n\t"
+        VSSEG1E64_V(REG_V24, REG_T1)
+
+        :
+        : [s] "r" (s), [r] "r" (hash_keccak_r)
+        : "memory", "t0", "t1", "t2"
+    );
+}
+
+#endif /* WOLFSSL_RISCV_VECTOR */
+#endif /* WOLFSSL_SHA3 && !XILINX */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
new file mode 100644
index 000000000..afe326c3b
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
@@ -0,0 +1,1724 @@
+/* riscv-sha512.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#if !defined(NO_SHA512) || defined(WOLFSSL_SHA384)
+
+#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
+    #undef HAVE_FIPS
+#else
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+        #define FIPS_NO_WRAPPERS
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha512.h>
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000014 };
+    int wolfCrypt_FIPS_SHA512_sanity(void)
+    {
+        return 0;
+    }
+#endif
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* Constants to add in each round. */
+static const word64 K512[80] = {
+    W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
+    W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
+    W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
+    W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
+    W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
+    W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
+    W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
+    W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
+    W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
+    W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
+    W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
+    W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
+    W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
+    W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
+    W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
+    W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
+    W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
+    W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
+    W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
+    W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
+    W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
+    W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
+    W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
+    W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
+    W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
+    W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
+    W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
+    W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
+    W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
+    W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
+    W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
+    W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
+    W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
+    W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
+    W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
+    W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
+    W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
+    W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
+    W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
+    W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
+};
+
+static int InitSha512(wc_Sha512* sha512, void* heap, int devId)
+{
+   int ret = 0;
+
+    if (sha512 == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        sha512->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        sha512->devId = devId;
+    #endif
+        (void)devId;
+    #ifdef WOLFSSL_SMALL_STACK_CACHE
+        sha512->W = NULL;
+    #endif
+
+    #ifdef WOLFSSL_HASH_FLAGS
+        sha512->flags = 0;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Initialize SHA-512 object for hashing.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ */
+static void InitSha512_State(wc_Sha512* sha512)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
+    sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
+    sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b);
+    sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1);
+    sha512->digest[4] = W64LIT(0x510e527fade682d1);
+    sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f);
+    sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b);
+    sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha512->digest[0] = W64LIT(0x9b05688c2b3e6c1f);
+    sha512->digest[1] = W64LIT(0x510e527fade682d1);
+    sha512->digest[2] = W64LIT(0xbb67ae8584caa73b);
+    sha512->digest[3] = W64LIT(0x6a09e667f3bcc908);
+    sha512->digest[4] = W64LIT(0x5be0cd19137e2179);
+    sha512->digest[5] = W64LIT(0x1f83d9abfb41bd6b);
+    sha512->digest[6] = W64LIT(0xa54ff53a5f1d36f1);
+    sha512->digest[7] = W64LIT(0x3c6ef372fe94f82b);
+#endif
+
+    /* No hashed data. */
+    sha512->buffLen = 0;
+    /* No data hashed. */
+    sha512->loLen   = 0;
+    sha512->hiLen   = 0;
+}
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+#if !defined(WOLFSSL_NOSHA512_224)
+/**
+ * Initialize given wc_Sha512 structure with value specific to sha512/224.
+ * Note that sha512/224 has different initial hash value from sha512.
+ * The initial hash value consists of eight 64bit words. They are given
+ * in FIPS180-4.
+ */
+static void InitSha512_224_State(wc_Sha512* sha512)
+{
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha512->digest[0] = W64LIT(0x8c3d37c819544da2);
+    sha512->digest[1] = W64LIT(0x73e1996689dcd4d6);
+    sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82);
+    sha512->digest[3] = W64LIT(0x679dd514582f9fcf);
+    sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8);
+    sha512->digest[5] = W64LIT(0x77e36f7304c48942);
+    sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8);
+    sha512->digest[7] = W64LIT(0x1112e6ad91d692a1);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha512->digest[0] = W64LIT(0x77e36f7304c48942);
+    sha512->digest[1] = W64LIT(0x0f6d2b697bd44da8);
+    sha512->digest[2] = W64LIT(0x73e1996689dcd4d6);
+    sha512->digest[3] = W64LIT(0x8c3d37c819544da2);
+    sha512->digest[4] = W64LIT(0x1112e6ad91d692a1);
+    sha512->digest[5] = W64LIT(0x3f9d85a86a1d36c8);
+    sha512->digest[6] = W64LIT(0x679dd514582f9fcf);
+    sha512->digest[7] = W64LIT(0x1dfab7ae32ff9c82);
+#endif
+
+    /* No hashed data. */
+    sha512->buffLen = 0;
+    /* No data hashed. */
+    sha512->loLen   = 0;
+    sha512->hiLen   = 0;
+}
+#endif /* !WOLFSSL_NOSHA512_224 */
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+#if !defined(WOLFSSL_NOSHA512_256)
+/**
+ * Initialize given wc_Sha512 structure with value specific to sha512/256.
+ * Note that sha512/256 has different initial hash value from sha512.
+ * The initial hash value consists of eight 64bit words. They are given
+ * in FIPS180-4.
+ */
+static void InitSha512_256_State(wc_Sha512* sha512)
+{
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha512->digest[0] = W64LIT(0x22312194fc2bf72c);
+    sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2);
+    sha512->digest[2] = W64LIT(0x2393b86b6f53b151);
+    sha512->digest[3] = W64LIT(0x963877195940eabd);
+    sha512->digest[4] = W64LIT(0x96283ee2a88effe3);
+    sha512->digest[5] = W64LIT(0xbe5e1e2553863992);
+    sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa);
+    sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha512->digest[0] = W64LIT(0xbe5e1e2553863992);
+    sha512->digest[1] = W64LIT(0x96283ee2a88effe3);
+    sha512->digest[2] = W64LIT(0x9f555fa3c84c64c2);
+    sha512->digest[3] = W64LIT(0x22312194fc2bf72c);
+    sha512->digest[4] = W64LIT(0x0eb72ddc81c52ca2);
+    sha512->digest[5] = W64LIT(0x2b0199fc2c85b8aa);
+    sha512->digest[6] = W64LIT(0x963877195940eabd);
+    sha512->digest[7] = W64LIT(0x2393b86b6f53b151);
+#endif
+
+    /* No hashed data. */
+    sha512->buffLen = 0;
+    /* No data hashed. */
+    sha512->loLen   = 0;
+    sha512->hiLen   = 0;
+}
+#endif /* !WOLFSSL_NOSHA512_256 */
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+/* More data hashed, add length to 64-bit cumulative total.
+ *
+ * @param [in, out] sha512  SHA-512 object. Assumed not NULL.
+ * @param [in]      len     Length to add.
+ */
+static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len)
+{
+    word32 tmp = sha512->loLen;
+    if ((sha512->loLen += len) < tmp)
+        sha512->hiLen++;                       /* carry low to high */
+}
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+/* Load a word with bytes reversed. */
+#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \
+    "lbu    " #t0 ", " #o "+4(" #p ")\n\t"      \
+    "lbu    " #t1 ", " #o "+5(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+6(" #p ")\n\t"      \
+    "lbu    " #r ", " #o "+7(" #p ")\n\t"       \
+    "slli   " #t0 ", " #t0 ", 24\n\t"           \
+    "slli   " #t1 ", " #t1 ", 16\n\t"           \
+    "slli   " #t2 ", " #t2 ", 8\n\t"            \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "lbu    " #t0 ", " #o "+0(" #p ")\n\t"      \
+    "lbu    " #t1 ", " #o "+1(" #p ")\n\t"      \
+    "lbu    " #t2 ", " #o "+2(" #p ")\n\t"      \
+    "lbu    " #t3 ", " #o "+3(" #p ")\n\t"      \
+    "slli   " #t0 ", " #t0 ", 56\n\t"           \
+    "slli   " #t1 ", " #t1 ", 48\n\t"           \
+    "slli   " #t2 ", " #t2 ", 40\n\t"           \
+    "slli   " #t3 ", " #t3 ", 32\n\t"           \
+    "or     " #r ", " #r ", " #t0 "\n\t"        \
+    "or     " #r ", " #r ", " #t1 "\n\t"        \
+    "or     " #r ", " #r ", " #t2 "\n\t"        \
+    "or     " #r ", " #r ", " #t3 "\n\t"
+
+#endif
+
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+
+#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM
+
+/* SHA-512 SUM0 operation. */
+#define SHA512SUM0(rd, rs1)                                         \
+    ASM_WORD((0b000100000100 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-512 SUM1 operation. */
+#define SHA512SUM1(rd, rs1)                                         \
+    ASM_WORD((0b000100000101 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-512 SIGMA0 operation. */
+#define SHA512SIG0(rd, rs1)                                         \
+    ASM_WORD((0b000100000110 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+/* SHA-512 SIGMA1 operation. */
+#define SHA512SIG1(rd, rs1)                                         \
+    ASM_WORD((0b000100000111 << 20) | (0b001 << 12) | 0b0010011 |   \
+             (rs1 << 15) | (rd << 7))
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* Get e and a */                                           \
+    "mv     a4, " #e "\n\t"                                     \
+    "mv     a5, " #a "\n\t"                                     \
+    /* Sigma1(e) */                                             \
+    SHA512SUM1(REG_A4, REG_A4)                                  \
+    /* Sigma0(a) */                                             \
+    SHA512SUM0(REG_A5, REG_A5)                                  \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* a ^ b */                                                 \
+    "xor    t4, " #a ", " #b "\n\t"                             \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    t5, " #b ", " #c "\n\t"                             \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, t4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* sigma1 + Ch */                                           \
+    "add    t4, a4, t6\n\t"                                     \
+    /* K + W */                                                 \
+    "add    t6, " #k ", " #w "\n\t"                             \
+    /* sigma1 + Ch + K + W = 't0'-h */                          \
+    "add    t4, t4, t6\n\t"                                     \
+    /* h + sigma1 + Ch + K + W = 't0' = h */                    \
+    "add    " #h ", " #h ", t4\n\t"                             \
+    /* Sigma0(a) + Maj = 't1' */                                \
+    "add    t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "add    " #d ", " #d ", " #h "\n\t"                         \
+    /* h += 't1' */                                             \
+    "add    " #h ", " #h ", t5\n\t"
+
+#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_w14)  \
+    /* Gamma0(W[1]) */                                              \
+    SHA512SIG0(REG_A4, reg_w1)                                      \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                            \
+    SHA512SIG1(REG_A5, reg_w14)                                     \
+    /* Gamma1(W[14]) + W[9] */                                      \
+    "add    a5, a5, " #w9 "\n\t"                                    \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */              \
+    "add    " #w0 ", " #w0 ", a4\n\t"                               \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */         \
+    "add    " #w0 ", a5, " #w0 "\n\t"
+
+#else
+
+/* SHA-512 SUM0 operation. */
+#define SHA512SUM0(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 36\n\t"                               \
+    "srli   t4, " #rs1 ", 28\n\t"                               \
+    "slli   t6, " #rs1 ", 30\n\t"                               \
+    "or     t4, t4, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 34\n\t"                               \
+    "xor    t4, t4, t6\n\t"                                     \
+    "slli   t6, " #rs1 ", 25\n\t"                               \
+    "xor    t4, t4, t5\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 39\n\t"                          \
+    "xor    t4, t4, t6\n\t"                                     \
+    "xor    " #rd ", " #rd ", t4\n\t"
+
+/* SHA-512 SUM1 operation. */
+#define SHA512SUM1(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 50\n\t"                               \
+    "srli   t4, " #rs1 ", 14\n\t"                               \
+    "slli   t6, " #rs1 ", 46\n\t"                               \
+    "or     t4, t4, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 18\n\t"                               \
+    "xor    t4, t4, t6\n\t"                                     \
+    "slli   t6, " #rs1 ", 23\n\t"                               \
+    "xor    t4, t4, t5\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 41\n\t"                          \
+    "xor    t4, t4, t6\n\t"                                     \
+    "xor    " #rd ", " #rd ", t4\n\t"
+
+/* SHA-512 SIGMA0 operation. */
+#define SHA512SIG0(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 63\n\t"                               \
+    "srli   t6, " #rs1 ", 1\n\t"                                \
+    "slli   t4, " #rs1 ", 56\n\t"                               \
+    "or     t6, t6, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 8\n\t"                                \
+    "xor    t6, t6, t4\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 7\n\t"                           \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    " #rd ", " #rd ", t6\n\t"
+
+/* SHA-512 SIGMA1 operation. */
+#define SHA512SIG1(rd, rs1)                                     \
+    "slli   t5, " #rs1 ", 45\n\t"                               \
+    "srli   t6, " #rs1 ", 19\n\t"                               \
+    "slli   t4, " #rs1 ", 3\n\t"                                \
+    "or     t6, t6, t5\n\t"                                     \
+    "srli   t5, " #rs1 ", 61\n\t"                               \
+    "xor    t6, t6, t4\n\t"                                     \
+    "srli   " #rd ", " #rs1 ", 6\n\t"                           \
+    "xor    t6, t6, t5\n\t"                                     \
+    "xor    " #rd ", " #rd ", t6\n\t"
+
+/* One round of compression. */
+#define RND(a, b, c, d, e, f, g, h, w, k)                       \
+    /* Sigma1(e) */                                             \
+    SHA512SUM1(a4, e)                                           \
+    /* Sigma0(a) */                                             \
+    SHA512SUM0(a5, a)                                           \
+    /* Maj(a, b, c) = t5 */                                     \
+    /* Ch(e, f, g) = t6 */                                      \
+    /* a ^ b */                                                 \
+    "xor    t4, " #a ", " #b "\n\t"                             \
+    /* f ^ g */                                                 \
+    "xor    t6, " #f ", " #g "\n\t"                             \
+    /* b ^ c */                                                 \
+    "xor    t5, " #b ", " #c "\n\t"                             \
+    /* (f ^ g) & e */                                           \
+    "and    t6, t6, " #e "\n\t"                                 \
+    /* (a^b) & (b^c) */                                         \
+    "and    t5, t5, t4\n\t"                                     \
+    /* ((f ^ g) & e) ^ g */                                     \
+    "xor    t6, t6, " #g "\n\t"                                 \
+    /* ((a^b) & (b^c)) ^ b */                                   \
+    "xor    t5, t5, " #b "\n\t"                                 \
+    /* sigma1 + Ch */                                           \
+    "add    t4, a4, t6\n\t"                                     \
+    /* K + W */                                                 \
+    "add    t6, " #k ", " #w "\n\t"                             \
+    /* sigma1 + Ch + K + W = 't0'-h */                          \
+    "add    t4, t4, t6\n\t"                                     \
+    /* h + sigma1 + Ch + K + W = 't0' = h */                    \
+    "add    " #h ", " #h ", t4\n\t"                             \
+    /* Sigma0(a) + Maj = 't1' */                                \
+    "add    t5, a5, t5\n\t"                                     \
+    /* d += 't0' */                                             \
+    "add    " #d ", " #d ", " #h "\n\t"                         \
+    /* h += 't1' */                                             \
+    "add    " #h ", " #h ", t5\n\t"
+
+/* Two message schedule updates. */
+#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_14)   \
+    /* Gamma0(W[1]) */                                              \
+    SHA512SIG0(a4, w1)                                              \
+    /* Gamma1(W[i-2]) = Gamma1(W[14]) */                            \
+    SHA512SIG1(a5, w14)                                             \
+    /* Gamma1(W[14]) + W[9] */                                      \
+    "add    a5, a5, " #w9 "\n\t"                                    \
+    /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */              \
+    "add    " #w0 ", " #w0 ", a4\n\t"                               \
+    /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */         \
+    "add    " #w0 ", a5, " #w0 "\n\t"
+
+
+#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */
+
+#define RND2_W(a, b, c, d, e, f, g, h, o, w2o, w9o, w10o)       \
+    /* Get k[i] */                                              \
+    "ld     a6, " #o "(%[k])\n\t"                               \
+    /* Get k[i+1] */                                            \
+    "ld     a7, " #o "+8(%[k])\n\t"                             \
+    RND(a, b, c, d, e, f, g, h, s1, a6)                         \
+    /* Get W[1] */                                              \
+    "ld     s2, " #o "+8(sp)\n\t"                               \
+    /* Get W[9] */                                              \
+    "ld     s3, " #w9o "(sp)\n\t"                               \
+    W_UPDATE(s1, s2, s3, s4, REG_S1, REG_S2, REG_S3, REG_S4)    \
+    RND(h, a, b, c, d, e, f, g, s2, a7)                         \
+    "mv     s4, s1\n\t"                                         \
+    /* Get W[2] */                                              \
+    "ld     s1, " #w2o "(sp)\n\t"                               \
+    /* Get W[10] */                                             \
+    "ld     s3, " #w10o "(sp)\n\t"                              \
+    W_UPDATE(s2, s1, s3, s5, REG_S2, REG_S1, REG_S3, REG_S5)    \
+    "sd     s4, " #o "(sp)\n\t"                                 \
+    "mv     s5, s2\n\t"                                         \
+    "sd     s2, " #o "+8(sp)\n\t"
+
+/* Sixteen rounds of compression with message scheduling. */
+#define RND16()                                                     \
+    RND2_W(t0, t1, t2, t3, s8, s9, s10, s11,   0,  16,  72,  80)    \
+    RND2_W(s10, s11, t0, t1, t2, t3, s8, s9,  16,  32,  88,  96)    \
+    RND2_W(s8, s9, s10, s11, t0, t1, t2, t3,  32,  48, 104, 112)    \
+    RND2_W(t2, t3, s8, s9, s10, s11, t0, t1,  48,  64, 120,   0)    \
+    RND2_W(t0, t1, t2, t3, s8, s9, s10, s11,  64,  80,   8,  16)    \
+    RND2_W(s10, s11, t0, t1, t2, t3, s8, s9,  80,  96,  24,  32)    \
+    RND2_W(s8, s9, s10, s11, t0, t1, t2, t3,  96, 112,  40,  48)    \
+    RND2_W(t2, t3, s8, s9, s10, s11, t0, t1, 112,   0,  56,  64)
+
+#define RND2(a, b, c, d, e, f, g, h, o)     \
+    /* Get k[i] */                          \
+    "ld     a6, " #o "(%[k])\n\t"           \
+    /* Get W[0] */                          \
+    "ld     s1, " #o "(sp)\n\t"             \
+    RND(a, b, c, d, e, f, g, h, s1, a6)     \
+    /* Get k[i] */                          \
+    "ld     a6, " #o "+8(%[k])\n\t"         \
+    /* Get W[1] */                          \
+    "ld     s1, " #o "+8(sp)\n\t"           \
+    RND(h, a, b, c, d, e, f, g, s1, a6)
+
+/* Sixteen rounds of compression only. */
+#define RND16_LAST()                               \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11,   0)    \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9,  16)    \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3,  32)    \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1,  48)    \
+    RND2(t0, t1, t2, t3, s8, s9, s10, s11,  64)    \
+    RND2(s10, s11, t0, t1, t2, t3, s8, s9,  80)    \
+    RND2(s8, s9, s10, s11, t0, t1, t2, t3,  96)    \
+    RND2(t2, t3, s8, s9, s10, s11, t0, t1, 112)
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static WC_INLINE void Sha512Transform(wc_Sha512* sha512, const byte* data,
+    word32 blocks)
+{
+    word64* k = (word64*)K512;
+
+    __asm__ __volatile__ (
+        "addi   sp, sp, -128\n\t"
+
+        /* Load digest. */
+        "ld     t0, 0(%[digest])\n\t"
+        "ld     t1, 8(%[digest])\n\t"
+        "ld     t2, 16(%[digest])\n\t"
+        "ld     t3, 24(%[digest])\n\t"
+        "ld     s8, 32(%[digest])\n\t"
+        "ld     s9, 40(%[digest])\n\t"
+        "ld     s10, 48(%[digest])\n\t"
+        "ld     s11, 56(%[digest])\n\t"
+
+        /* 5 rounds of 16 per block - 4 loops of 16 and 1 final 16. */
+        "slli   %[blocks], %[blocks], 2\n\t"
+
+    "\n1:\n\t"
+        /* beginning of SHA512 block operation */
+        /* Load W */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        LOAD_DWORD_REV(t4,  0, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s1,  8, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7)
+#else
+        "ld     t4,  0(%[data])\n\t"
+        "ld     s1,  8(%[data])\n\t"
+        "ld     s2, 16(%[data])\n\t"
+        "ld     s3, 24(%[data])\n\t"
+        "ld     s4, 32(%[data])\n\t"
+        "ld     s5, 40(%[data])\n\t"
+        "ld     s6, 48(%[data])\n\t"
+        "ld     s7, 56(%[data])\n\t"
+        REV8(REG_T4, REG_T4)
+        REV8(REG_S1, REG_S1)
+        REV8(REG_S2, REG_S2)
+        REV8(REG_S3, REG_S3)
+        REV8(REG_S4, REG_S4)
+        REV8(REG_S5, REG_S5)
+        REV8(REG_S6, REG_S6)
+        REV8(REG_S7, REG_S7)
+#endif
+        "sd    t4,  0(sp)\n\t"
+        "sd    s1,  8(sp)\n\t"
+        "sd    s2, 16(sp)\n\t"
+        "sd    s3, 24(sp)\n\t"
+        "sd    s4, 32(sp)\n\t"
+        "sd    s5, 40(sp)\n\t"
+        "sd    s6, 48(sp)\n\t"
+        "sd    s7, 56(sp)\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        LOAD_DWORD_REV(t4,  64, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s1,  72, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s2,  80, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s3,  88, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s4,  96, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s5, 104, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s6, 112, %[data], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s7, 120, %[data], a4, a5, a6, a7)
+#else
+        "ld    t4,  64(%[data])\n\t"
+        "ld    s1,  72(%[data])\n\t"
+        "ld    s2,  80(%[data])\n\t"
+        "ld    s3,  88(%[data])\n\t"
+        "ld    s4,  96(%[data])\n\t"
+        "ld    s5, 104(%[data])\n\t"
+        "ld    s6, 112(%[data])\n\t"
+        "ld    s7, 120(%[data])\n\t"
+        REV8(REG_T4, REG_T4)
+        REV8(REG_S1, REG_S1)
+        REV8(REG_S2, REG_S2)
+        REV8(REG_S3, REG_S3)
+        REV8(REG_S4, REG_S4)
+        REV8(REG_S5, REG_S5)
+        REV8(REG_S6, REG_S6)
+        REV8(REG_S7, REG_S7)
+#endif
+        "sd    t4,  64(sp)\n\t"
+        "sd    s1,  72(sp)\n\t"
+        "sd    s2,  80(sp)\n\t"
+        "sd    s3,  88(sp)\n\t"
+        "sd    s4,  96(sp)\n\t"
+        "sd    s5, 104(sp)\n\t"
+        "sd    s6, 112(sp)\n\t"
+        "sd    s7, 120(sp)\n\t"
+
+    "\n2:\n\t"
+        /* Get W[0] */
+        "ld     s1, 0(sp)\n\t"
+        /* Get W[14] */
+        "ld     s4, 112(sp)\n\t"
+        /* Get W[15] */
+        "ld     s5, 120(sp)\n\t"
+        "addi   %[blocks], %[blocks], -1\n\t"
+        RND16()
+        "andi   a4, %[blocks], 3\n\t"
+        "add    %[k], %[k], 128\n\t"
+        "bnez   a4, 2b \n\t"
+        RND16_LAST()
+        "addi   %[k], %[k], -512\n\t"
+
+        "# Add working vars back into digest state.\n\t"
+        "ld     t4, 0(%[digest])\n\t"
+        "ld     s1, 8(%[digest])\n\t"
+        "ld     s2, 16(%[digest])\n\t"
+        "ld     s3, 24(%[digest])\n\t"
+        "ld     s4, 32(%[digest])\n\t"
+        "ld     s5, 40(%[digest])\n\t"
+        "ld     s6, 48(%[digest])\n\t"
+        "ld     s7, 56(%[digest])\n\t"
+        "add    t0, t0, t4\n\t"
+        "add    t1, t1, s1\n\t"
+        "add    t2, t2, s2\n\t"
+        "add    t3, t3, s3\n\t"
+        "add    s8, s8, s4\n\t"
+        "add    s9, s9, s5\n\t"
+        "add    s10, s10, s6\n\t"
+        "add    s11, s11, s7\n\t"
+
+        /* Store digest. */
+        "sd     t0, 0(%[digest])\n\t"
+        "sd     t1, 8(%[digest])\n\t"
+        "sd     t2, 16(%[digest])\n\t"
+        "sd     t3, 24(%[digest])\n\t"
+        "sd     s8, 32(%[digest])\n\t"
+        "sd     s9, 40(%[digest])\n\t"
+        "sd     s10, 48(%[digest])\n\t"
+        "sd     s11, 56(%[digest])\n\t"
+
+        "add    %[data], %[data], 128\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        "addi   sp, sp, 128\n\t"
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha512->digest)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "a4", "a5", "a6", "a7",
+          "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10",
+          "s11"
+    );
+}
+
+#else
+
+/* Two rounds of compression using low two W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CL_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101111 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Two rounds of compression using upper two W values.
+ * Assumes K has been added into W values.
+ */
+#define VSHA2CH_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101110 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+/* Update 4 W values - message scheduling. */
+#define VSHA2MS_VV(vd, vs1, vs2)                    \
+    ASM_WORD((0b101101 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1110111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+#define RND4(w0, w2, w4, w6, k)                     \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V14, w0, k)                         \
+    VMV_X_S(REG_T1, w2)                             \
+    VSHA2CL_VV(REG_V10, REG_V14, REG_V8)            \
+    VMV_V_V(REG_V12, w4)                            \
+    VSHA2CH_VV(REG_V8, REG_V14, REG_V10)            \
+    /* Update 4 W values - message schedule. */     \
+    VMV_S_X(REG_V12, REG_T1)                        \
+    VSHA2MS_VV(w0, w6, REG_V12)
+
+#define RND4_LAST(w, k)                             \
+    /* Four rounds of compression. */               \
+    VADD_VV(REG_V14, w, k)                          \
+    VSHA2CL_VV(REG_V10, REG_V14, REG_V8)            \
+    VSHA2CH_VV(REG_V8, REG_V14, REG_V10)
+
+#define RND16(k)                                    \
+    RND4(REG_V0, REG_V2, REG_V4, REG_V6, (k + 0))   \
+    RND4(REG_V2, REG_V4, REG_V6, REG_V0, (k + 2))   \
+    RND4(REG_V4, REG_V6, REG_V0, REG_V2, (k + 4))   \
+    RND4(REG_V6, REG_V0, REG_V2, REG_V4, (k + 6))
+
+#define RND16_LAST(k)           \
+    RND4_LAST(REG_V0, (k + 0))  \
+    RND4_LAST(REG_V2, (k + 2))  \
+    RND4_LAST(REG_V4, (k + 4))  \
+    RND4_LAST(REG_V6, (k + 6))
+
+/* Transform the message data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      blocks  Number of blocks of data to hash.
+ */
+static void Sha512Transform(wc_Sha512* sha512, const byte* data,
+    word32 blocks)
+{
+    word64* k = (word64*)K512;
+
+    __asm__ __volatile__ (
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001)
+
+        /* Load: a|b|e|f, c|d|g|h
+         *       3 2 1 0  3 2 1 0
+         */
+        "mv     t0, %[digest]\n\t"
+        VL4RE64_V(REG_V8, REG_T0)
+
+    "\n1:\n\t"
+        VMVR_V(REG_V28, REG_V8, 4)
+
+        /* Load 16 W into 8 vectors of 2 64-bit words. */
+        "mv     t0, %[data]\n\t"
+        VL8RE64_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V2, REG_V2)
+        VREV8(REG_V4, REG_V4)
+        VREV8(REG_V6, REG_V6)
+
+        "mv     t0, %[k]\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 128\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 256\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 384\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16(REG_V16)
+        "addi   t0, %[k], 512\n\t"
+        VL8RE64_V(REG_V16, REG_T0)
+        RND16_LAST(REG_V16)
+
+        VADD_VV(REG_V8, REG_V8, REG_V28)
+        VADD_VV(REG_V10, REG_V10, REG_V30)
+
+        "addi   %[blocks], %[blocks], -1\n\t"
+        "add    %[data], %[data], 128\n\t"
+        "bnez   %[blocks], 1b \n\t"
+
+        "mv     t0, %[digest]\n\t"
+        VS4R_V(REG_V8, REG_T0)
+
+        : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k)
+        : [digest] "r" (sha512->digest)
+        : "cc", "memory", "t0", "t1"
+    );
+}
+
+#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ */
+static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data,
+    word32 len)
+{
+    word32 add;
+    word32 blocks;
+
+    /* only perform actions if a buffer is passed in */
+    if (len > 0) {
+        AddLength(sha512, len);
+
+        if (sha512->buffLen > 0) {
+             /* fill leftover buffer with data */
+             add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+             XMEMCPY((byte*)(sha512->buffer) + sha512->buffLen, data, add);
+             sha512->buffLen += add;
+             data            += add;
+             len             -= add;
+             if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
+                 Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+                 sha512->buffLen = 0;
+             }
+        }
+
+        /* number of blocks in a row to complete */
+        blocks = len / WC_SHA512_BLOCK_SIZE;
+
+        if (blocks > 0) {
+            Sha512Transform(sha512, data, blocks);
+            data += blocks * WC_SHA512_BLOCK_SIZE;
+            len  -= blocks * WC_SHA512_BLOCK_SIZE;
+        }
+
+        if (len > 0) {
+            /* copy over any remaining data leftover */
+            XMEMCPY(sha512->buffer, data, len);
+            sha512->buffLen = len;
+        }
+    }
+
+    /* account for possibility of not used if len = 0 */
+    (void)add;
+    (void)blocks;
+
+    return 0;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha512   SHA-512 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @param [in]      hashLen  Length of hash to write out.
+ */
+static WC_INLINE void Sha512Final(wc_Sha512* sha512, byte* hash, int hashLen)
+{
+    byte* local;
+    byte hashBuf[WC_SHA512_DIGEST_SIZE];
+    byte* hashRes = hash;
+
+    if (hashLen < WC_SHA512_DIGEST_SIZE) {
+        hashRes = hashBuf;
+    }
+
+    local = (byte*)sha512->buffer;
+    local[sha512->buffLen++] = 0x80;     /* add 1 */
+
+    /* pad with zeros */
+    if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
+        XMEMSET(&local[sha512->buffLen], 0,
+            WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+        Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+        sha512->buffLen = 0;
+    }
+    XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen);
+
+    /* put lengths in bits */
+    sha512->hiLen = (sha512->loLen >> (8*sizeof(sha512->loLen) - 3)) +
+        (sha512->hiLen << 3);
+    sha512->loLen = sha512->loLen << 3;
+
+    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen;
+    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
+
+    /* store lengths */
+    __asm__ __volatile__ (
+        /* Reverse byte order of 64-bit words. */
+#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t0, 112(%[buff])\n\t"
+        "ld     t1, 120(%[buff])\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+#else
+        LOAD_DWORD_REV(t0, 112, %[buff], t2, t3, t4, t5)
+        LOAD_DWORD_REV(t1, 120, %[buff], t2, t3, t4, t5)
+#endif
+        "sd     t0, 112(%[buff])\n\t"
+        "sd     t1, 120(%[buff])\n\t"
+        :
+        : [buff] "r" (sha512->buffer)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5"
+    );
+
+    Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+
+    __asm__ __volatile__ (
+        /* Reverse byte order of 64-bit words. */
+#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001)
+        "mv     t0, %[digest]\n\t"
+        VL4RE64_V(REG_V4, REG_T0)
+        VREV8(REG_V4, REG_V4)
+        VREV8(REG_V6, REG_V6)
+        VSETIVLI(REG_ZERO, 2, 1, 1, 0b011, 0b000)
+        /* e|f, a|b, g|h, c|d
+         * 1 0  1 0  1 0  1 0 */
+        VSLIDEDOWN_VI(REG_V0, REG_V5, 1) /* a */
+        VSLIDEDOWN_VI(REG_V1, REG_V7, 1) /* c */
+        VSLIDEDOWN_VI(REG_V2, REG_V4, 1) /* e */
+        VSLIDEDOWN_VI(REG_V3, REG_V6, 1) /* g */
+        VSLIDEUP_VI(REG_V0, REG_V5, 1)
+        VSLIDEUP_VI(REG_V1, REG_V7, 1)
+        VSLIDEUP_VI(REG_V2, REG_V4, 1)
+        VSLIDEUP_VI(REG_V3, REG_V6, 1)
+        "mv     t0, %[hash]\n\t"
+        VS4R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION)
+        VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001)
+        "mv     t0, %[digest]\n\t"
+        VL4RE64_V(REG_V0, REG_T0)
+        VREV8(REG_V0, REG_V0)
+        VREV8(REG_V2, REG_V2)
+        "mv     t0, %[hash]\n\t"
+        VS4R_V(REG_V0, REG_T0)
+#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION)
+        "ld     t0, 0(%[digest])\n\t"
+        "ld     t1, 8(%[digest])\n\t"
+        "ld     t2, 16(%[digest])\n\t"
+        "ld     t3, 24(%[digest])\n\t"
+        "ld     s8, 32(%[digest])\n\t"
+        "ld     s9, 40(%[digest])\n\t"
+        "ld     s10, 48(%[digest])\n\t"
+        "ld     s11, 56(%[digest])\n\t"
+        REV8(REG_T0, REG_T0)
+        REV8(REG_T1, REG_T1)
+        REV8(REG_T2, REG_T2)
+        REV8(REG_T3, REG_T3)
+        REV8(REG_S8, REG_S8)
+        REV8(REG_S9, REG_S9)
+        REV8(REG_S10, REG_S10)
+        REV8(REG_S11, REG_S11)
+        "sd     t0, 0(%[hash])\n\t"
+        "sd     t1, 8(%[hash])\n\t"
+        "sd     t2, 16(%[hash])\n\t"
+        "sd     t3, 24(%[hash])\n\t"
+        "sd     s8, 32(%[hash])\n\t"
+        "sd     s9, 40(%[hash])\n\t"
+        "sd     s10, 48(%[hash])\n\t"
+        "sd     s11, 56(%[hash])\n\t"
+#else
+        LOAD_DWORD_REV(t0,  0, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(t1,  8, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(t2,  16, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(t3,  24, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s8,  32, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s9,  40, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s10,  48, %[digest], a4, a5, a6, a7)
+        LOAD_DWORD_REV(s11,  56, %[digest], a4, a5, a6, a7)
+        "sd     t0, 0(%[hash])\n\t"
+        "sd     t1, 8(%[hash])\n\t"
+        "sd     t2, 16(%[hash])\n\t"
+        "sd     t3, 24(%[hash])\n\t"
+        "sd     s8, 32(%[hash])\n\t"
+        "sd     s9, 40(%[hash])\n\t"
+        "sd     s10, 48(%[hash])\n\t"
+        "sd     s11, 56(%[hash])\n\t"
+#endif
+        :
+        : [digest] "r" (sha512->digest), [hash] "r" (hashRes)
+        : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+          "s8", "s9", "s10", "s11", "a4", "a5", "a6", "a7"
+    );
+
+    if (hashRes == hashBuf) {
+        XMEMCPY(hash, hashBuf, hashLen);
+    }
+}
+
+
+#ifndef NO_SHA512
+
+/* Initialize SHA-512 object for hashing.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 is NULL.
+ */
+int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    int ret = InitSha512(sha512, heap, devId);
+    if (ret == 0) {
+        InitSha512_State(sha512);
+    }
+    return ret;
+}
+
+/* Initialize SHA-512 object for hashing.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 is NULL.
+ */
+int wc_InitSha512(wc_Sha512* sha512)
+{
+    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+}
+
+/* Free the SHA-512 hash.
+ *
+ * @param [in] sha512  SHA-512 object.
+ */
+void wc_Sha512Free(wc_Sha512* sha512)
+{
+    /* No dynamic memory allocated. */
+    (void)sha512;
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || ((data == NULL) && (len != 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha512Update(sha512, data, len);
+    }
+
+    return ret;
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha512   SHA-512 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @param [in]      hashLen  Length of hash to write out.
+ */
+static void Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int hashLen)
+{
+    word32 digest[WC_SHA512_DIGEST_SIZE / sizeof(word32)];
+
+    ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
+        WC_SHA512_DIGEST_SIZE);
+    XMEMCPY(hash, digest, hashLen);
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha512   SHA-512 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or hash is NULL.
+ */
+int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or hash is NULL.
+ */
+int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final(sha512, hash, WC_SHA512_DIGEST_SIZE);
+        /* Restart SHA-512 object for next hash. */
+        InitSha512_State(sha512);
+    }
+
+    return ret;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or hash is NULL.
+ */
+int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha512 tmpSha512;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha512Copy(sha512, &tmpSha512);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha512Final(&tmpSha512, hash, WC_SHA512_DIGEST_SIZE);
+            wc_Sha512Free(&tmpSha512);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-512 object.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha512 != NULL) {
+        sha512->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-512 object.
+ *
+ * @param [in]  sha512  SHA-512 object.
+ * @param [out] flags   Flags from SHA-512 object.
+ * @return  0 on success.
+ */
+int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha512 != NULL) && (flags != NULL)) {
+        *flags = sha512->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-512 object.
+ *
+ * @param [in]  src  SHA-512 object to copy.
+ * @param [out] dst  SHA-512 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha512));
+    }
+
+    return ret;
+}
+
+#ifdef OPENSSL_EXTRA
+/* Update the hash with one block of data.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or data is NULL.
+ */
+int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ByteReverseWords((word32*)sha512->buffer, (word32*)data, WC_SHA512_BLOCK_SIZE);
+        Sha512Transform(sha512, (byte*)sha512->buffer, 1);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+/* Update the hash with one block of data and optionally get hash.
+ *
+ * @param [in, out] sha512  SHA-512 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [out]     hash    Buffer to hold hash. May be NULL.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha512 or data is NULL.
+ */
+int wc_Sha512HashBlock(wc_Sha512* sha512, const unsigned char* data,
+    unsigned char* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (data == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Hash block. */
+        Sha512Transform(sha512, data, 1);
+
+        if (hash != NULL) {
+            /* Reverse bytes in digest. */
+            word32* hash32 = (word32*)hash;
+            word32* digest = (word32*)sha512->digest;
+            hash32[0] = ByteReverseWord32(digest[0]);
+            hash32[1] = ByteReverseWord32(digest[1]);
+            hash32[2] = ByteReverseWord32(digest[2]);
+            hash32[3] = ByteReverseWord32(digest[3]);
+            hash32[4] = ByteReverseWord32(digest[4]);
+            hash32[5] = ByteReverseWord32(digest[5]);
+            hash32[6] = ByteReverseWord32(digest[6]);
+            hash32[7] = ByteReverseWord32(digest[7]);
+            /* Reset state. */
+        #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+            sha512->digest[0] = 0x6A09E667L;
+            sha512->digest[1] = 0xBB67AE85L;
+            sha512->digest[2] = 0x3C6EF372L;
+            sha512->digest[3] = 0xA54FF53AL;
+            sha512->digest[4] = 0x510E527FL;
+            sha512->digest[5] = 0x9B05688CL;
+            sha512->digest[6] = 0x1F83D9ABL;
+            sha512->digest[7] = 0x5BE0CD19L;
+        #else
+            /* f, e, b, a, h, g, d, c */
+            sha512->digest[0] = 0x9B05688CL;
+            sha512->digest[1] = 0x510E527FL;
+            sha512->digest[2] = 0xBB67AE85L;
+            sha512->digest[3] = 0x6A09E667L;
+            sha512->digest[4] = 0x5BE0CD19L;
+            sha512->digest[5] = 0x1F83D9ABL;
+            sha512->digest[6] = 0xA54FF53AL;
+            sha512->digest[7] = 0x3C6EF372L;
+        #endif
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+
+#if !defined(WOLFSSL_NOSHA512_224)
+
+int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    int ret = InitSha512(sha512, heap, devId);
+    if (ret == 0) {
+        InitSha512_224_State(sha512);
+    }
+    return ret;
+}
+int wc_InitSha512_224(wc_Sha512* sha512)
+{
+    return wc_InitSha512_224_ex(sha512, NULL, INVALID_DEVID);
+}
+int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    return wc_Sha512Update(sha512, data, len);
+}
+int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        Sha512FinalRaw(sha512, hash, WC_SHA512_224_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE);
+        /* Restart SHA-512 object for next hash. */
+        InitSha512_224_State(sha512);
+    }
+
+    return ret;
+}
+void wc_Sha512_224Free(wc_Sha512* sha512)
+{
+    wc_Sha512Free(sha512);
+}
+int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha512 tmpSha512;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha512Copy(sha512, &tmpSha512);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha512Final(&tmpSha512, hash, WC_SHA512_224_DIGEST_SIZE);
+            wc_Sha512Free(&tmpSha512);
+        }
+    }
+
+    return ret;
+}
+int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_Sha512Copy(src, dst);
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags)
+{
+    return wc_Sha512SetFlags(sha512, flags);
+}
+int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags)
+{
+    return wc_Sha512GetFlags(sha512, flags);
+}
+#endif /* WOLFSSL_HASH_FLAGS */
+
+#if defined(OPENSSL_EXTRA)
+int wc_Sha512_224Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+    return wc_Sha512Transform(sha512, data);
+}
+#endif /* OPENSSL_EXTRA */
+
+#endif /* !WOLFSSL_NOSHA512_224 */
+
+#if !defined(WOLFSSL_NOSHA512_256)
+
+int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    int ret = InitSha512(sha512, heap, devId);
+    if (ret == 0) {
+        InitSha512_256_State(sha512);
+    }
+    return ret;
+}
+int wc_InitSha512_256(wc_Sha512* sha512)
+{
+    return wc_InitSha512_256_ex(sha512, NULL, INVALID_DEVID);
+}
+int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    return wc_Sha512Update(sha512, data, len);
+}
+int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        Sha512FinalRaw(sha512, hash, WC_SHA512_256_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE);
+        /* Restart SHA-512 object for next hash. */
+        InitSha512_256_State(sha512);
+    }
+
+    return ret;
+}
+void wc_Sha512_256Free(wc_Sha512* sha512)
+{
+    wc_Sha512Free(sha512);
+}
+int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha512 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha512 tmpSha512;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha512Copy(sha512, &tmpSha512);
+        if (ret == 0) {
+            /* Finalize copy. */
+            Sha512Final(&tmpSha512, hash, WC_SHA512_256_DIGEST_SIZE);
+            wc_Sha512Free(&tmpSha512);
+        }
+    }
+
+    return ret;
+}
+int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_Sha512Copy(src, dst);
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags)
+{
+    return wc_Sha512SetFlags(sha512, flags);
+}
+int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags)
+{
+    return wc_Sha512GetFlags(sha512, flags);
+}
+#endif /* WOLFSSL_HASH_FLAGS */
+
+#if defined(OPENSSL_EXTRA)
+int wc_Sha512_256Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+    return wc_Sha512Transform(sha512, data);
+}
+#endif /* OPENSSL_EXTRA */
+
+#endif /* !WOLFSSL_NOSHA512_224 */
+
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+#endif /* !NO_SHA512 */
+
+
+#ifdef WOLFSSL_SHA384
+
+/* Initialize SHA-384 object for hashing.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ */
+static void InitSha384(wc_Sha384* sha384)
+{
+    /* Set initial hash values. */
+#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+    sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
+    sha384->digest[1] = W64LIT(0x629a292a367cd507);
+    sha384->digest[2] = W64LIT(0x9159015a3070dd17);
+    sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
+    sha384->digest[4] = W64LIT(0x67332667ffc00b31);
+    sha384->digest[5] = W64LIT(0x8eb44a8768581511);
+    sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
+    sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
+#else
+    /* f, e, b, a, h, g, d, c */
+    sha384->digest[0] = W64LIT(0x8eb44a8768581511);
+    sha384->digest[1] = W64LIT(0x67332667ffc00b31);
+    sha384->digest[2] = W64LIT(0x629a292a367cd507);
+    sha384->digest[3] = W64LIT(0xcbbb9d5dc1059ed8);
+    sha384->digest[4] = W64LIT(0x47b5481dbefa4fa4);
+    sha384->digest[5] = W64LIT(0xdb0c2e0d64f98fa7);
+    sha384->digest[6] = W64LIT(0x152fecd8f70e5939);
+    sha384->digest[7] = W64LIT(0x9159015a3070dd17);
+#endif
+
+    /* No hashed data. */
+    sha384->buffLen = 0;
+    /* No data hashed. */
+    sha384->loLen   = 0;
+    sha384->hiLen   = 0;
+}
+
+/* Initialize SHA-384 object for hashing.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [in]      heap    Dynamic memory hint.
+ * @param [in]      devId   Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 is NULL.
+ */
+int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+{
+    int ret = InitSha512(sha384, heap, devId);
+    if (ret == 0) {
+        InitSha384(sha384);
+    }
+    return ret;
+}
+
+/* Initialize SHA-384 object for hashing.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 is NULL.
+ */
+int wc_InitSha384(wc_Sha384* sha384)
+{
+    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+}
+
+/* Update the hash with data.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [in]      data    Buffer of data to hash.
+ * @param [in]      len     Number of bytes in buffer to hash.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 is NULL.
+ * @return  BAD_FUNC_ARG when data is NULL but len is not 0.
+ */
+int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha384 == NULL) || ((data == NULL) && (len > 0))) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = Sha512Update((wc_Sha512 *)sha384, data, len);
+    }
+
+    return ret;
+}
+
+/* Put the current hash into buffer.
+ *
+ * @param [in, out] sha384   SHA-384 object.
+ * @param [out]     hash     Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 or hash is NULL.
+ */
+int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
+{
+    word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
+
+    if (sha384 == NULL || hash == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
+        WC_SHA384_DIGEST_SIZE);
+    XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
+
+    return 0;
+}
+
+/* Finalize the hash and put into buffer.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 or hash is NULL.
+ */
+int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((sha384 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /* Finalize hash. */
+        Sha512Final((wc_Sha512*)sha384, hash, WC_SHA384_DIGEST_SIZE);
+        /* Restart SHA-384 object for next hash. */
+        InitSha384(sha384);
+    }
+
+    return ret;
+}
+
+/* Free the SHA-384 hash.
+ *
+ * @param [in] sha384  SHA-384 object.
+ */
+void wc_Sha384Free(wc_Sha384* sha384)
+{
+    /* No dynamic memory allocated. */
+    (void)sha384;
+}
+
+/* Finalize the hash and put into buffer but don't modify state.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [out]     hash    Buffer to hold hash result.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when sha384 or hash is NULL.
+ */
+int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
+{
+    int ret;
+
+    /* Validate parameters. */
+    if ((sha384 == NULL) || (hash == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        wc_Sha384 tmpSha384;
+        /* Create a copy of the hash to finalize. */
+        ret = wc_Sha384Copy(sha384, &tmpSha384);
+        if (ret == 0) {
+            /* Finalize copy. */
+            ret = wc_Sha384Final(&tmpSha384, hash);
+        }
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_HASH_FLAGS
+/* Set flags of SHA-384 object.
+ *
+ * @param [in, out] sha384  SHA-384 object.
+ * @param [in]      flags   Flags to set.
+ * @return  0 on success.
+ */
+int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
+{
+    /* Check we have an object to use. */
+    if (sha384 != NULL) {
+        sha384->flags = flags;
+    }
+    return 0;
+}
+/* Get flags of SHA-384 object.
+ *
+ * @param [in]  sha384  SHA-384 object.
+ * @param [out] flags   Flags from SHA-384 object.
+ * @return  0 on success.
+ */
+int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags)
+{
+    /* Check we have an object and return parameter to use. */
+    if ((sha384 != NULL) && (flags != NULL)) {
+        *flags = sha384->flags;
+    }
+    return 0;
+}
+#endif
+
+/* Deep copy the SHA-384 object.
+ *
+ * @param [in]  src  SHA-384 object to copy.
+ * @param [out] dst  SHA-384 object to fill.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when src or dst is NULL.
+ */
+int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((src == NULL) || (dst == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        XMEMCPY(dst, src, sizeof(wc_Sha384));
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_SHA384 */
+
+#endif /* !NO_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/rpi_pico/README.md b/wolfcrypt/src/port/rpi_pico/README.md
new file mode 100644
index 000000000..240cc9782
--- /dev/null
+++ b/wolfcrypt/src/port/rpi_pico/README.md
@@ -0,0 +1,72 @@
+# wolfSSL Raspberry Pi Pico Acceleration
+
+wolfSSL supports RNG acceleration on the Raspberry Pi RP2040 and RP2350
+microcontrollers. Everything here assumes you are using the standard [Raspberry
+Pi Pico SDK](https://github.com/raspberrypi/pico-sdk).
+
+It has only been tested with the ARM cores of the RP2350, not the RISC-V cores.
+
+## RNG Acceleration
+
+The Pico SDK has RNG functions for both the RP2040 and RP2350. In the RP2040
+this is an optimised PRNG method, in the RP2350 it uses a built-in TRNG. The
+same API is used for both.
+
+## Compiling wolfSSL
+
+In your `user_settings.h`, you should set the following to add support in
+wolfSSL:
+
+```c
+#define WOLFSSL_RPIPICO
+```
+
+Then for an RP2040, enable the ARM Thumb instructions:
+
+```c
+#define WOLFSSL_SP_ARM_THUMB_ASM
+```
+
+or for an RP2350, the Cortex-M instructions should be used:
+
+```c
+#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+```
+
+To enable the RNG acceleration add the following:
+
+```c
+#define WC_NO_HASHDRBG
+#define CUSTOM_RAND_GENERATE_BLOCK wc_pico_rng_gen_block
+```
+
+In CMake you should add the following linking to both wolfSSL and the end
+application:
+
+```cmake
+target_link_libraries(wolfssl
+    pico_stdlib
+    pico_rand
+)
+```
+
+A full example can be found in the
+[`RPi-Pico`](https://github.com/wolfSSL/wolfssl-examples/tree/master/RPi-Pico)
+directory of the
+[`wolfssl-examples`](https://github.com/wolfSSL/wolfssl-examples) GitHub
+repository.
+
+## Note on RP2350 SHA256
+
+Although RP2350 has SHA256 acceleration, we cannot use this. It is because
+we need to get an intermediate result using `wc_Sha256GetHash()`. The hardware
+will only deal with 64byte packets of data, so to get a result we need to do
+SHA padding. Once the SHA padding is done, it is not in a state to add more
+data.
+The only real workaround would be to cache everything being sent into the
+hardware and replay it as a new instance when trying to get an intermediate
+result. This would not very efficient for an embedded device.
+
+## Support
+
+For questions please email support@wolfssl.com
diff --git a/wolfcrypt/src/port/rpi_pico/pico.c b/wolfcrypt/src/port/rpi_pico/pico.c
new file mode 100644
index 000000000..bac5dc0f5
--- /dev/null
+++ b/wolfcrypt/src/port/rpi_pico/pico.c
@@ -0,0 +1,59 @@
+/* pico.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+#include <inttypes.h>
+#include <string.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(WOLFSSL_RPIPICO)
+#include "pico/rand.h"
+
+
+/* On RP2040 this uses an optimized PRNG, on RP2350 this uses a hardware TRNG.
+ * There is a 128bit function, but internally this is just 2x 64bit calls.
+ * Likewise the 32bit call is just a truncated 64bit call, so just stick with
+ * the 64bit calls.
+ */
+
+int wc_pico_rng_gen_block(unsigned char *output, unsigned int sz)
+{
+    uint32_t i = 0;
+
+    while (i < sz)
+    {
+        uint64_t rnd = get_rand_64();
+        if (i + 8 < sz)
+        {
+            XMEMCPY(output + i, &rnd, 8);
+            i += 8;
+        } else {
+            XMEMCPY(output + i, &rnd, sz - i);
+            i = sz;
+        }
+    }
+
+    return 0;
+}
+#endif
diff --git a/wolfcrypt/src/port/silabs/silabs_aes.c b/wolfcrypt/src/port/silabs/silabs_aes.c
index 63e633d73..c1b1ebbd5 100644
--- a/wolfcrypt/src/port/silabs/silabs_aes.c
+++ b/wolfcrypt/src/port/silabs/silabs_aes.c
@@ -1,6 +1,6 @@
 /* silabs_aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_ecc.c b/wolfcrypt/src/port/silabs/silabs_ecc.c
index 6dbb28589..00acd2b43 100644
--- a/wolfcrypt/src/port/silabs/silabs_ecc.c
+++ b/wolfcrypt/src/port/silabs/silabs_ecc.c
@@ -1,6 +1,6 @@
 /* silabs_ecc.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_hash.c b/wolfcrypt/src/port/silabs/silabs_hash.c
index f0bb1110a..024e7799d 100644
--- a/wolfcrypt/src/port/silabs/silabs_hash.c
+++ b/wolfcrypt/src/port/silabs/silabs_hash.c
@@ -1,6 +1,6 @@
 /* silabs_hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_random.c b/wolfcrypt/src/port/silabs/silabs_random.c
index c66ef67c3..1b9f65bd4 100644
--- a/wolfcrypt/src/port/silabs/silabs_random.c
+++ b/wolfcrypt/src/port/silabs/silabs_random.c
@@ -1,6 +1,6 @@
 /* silabs_random.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/st/README.md b/wolfcrypt/src/port/st/README.md
index af7c8b66a..62d976ad4 100644
--- a/wolfcrypt/src/port/st/README.md
+++ b/wolfcrypt/src/port/st/README.md
@@ -1,10 +1,12 @@
 # ST Ports
 
-Support for the STM32 L4, F1, F2, F4 and F7 on-board crypto hardware acceleration:
+Support for the STM32 L4, F1, F2, F4, F7 and MP13 on-board crypto hardware
+acceleration:
  - symmetric AES (ECB/CBC/CTR/GCM)
- - MD5/SHA1/SHA224/SHA256
+ - MD5/SHA1/SHA224/SHA256 (MP13 does not have MD5 acceleration)
 
-Support for the STM32 PKA on WB55, H7 and other devices with on-board public-key acceleration:
+Support for the STM32 PKA on WB55, H7, MP13 and other devices with on-board
+public-key acceleration:
  - ECC192/ECC224/ECC256/ECC384
 
 Support for the STSAFE-A100 crypto hardware accelerator co-processor via I2C for ECC supporting NIST or Brainpool 256-bit and 384-bit curves. It requires the ST-Safe SDK including wolf stsafe_interface.c/.h files. Please contact ST for these.
@@ -73,7 +75,7 @@ At the wolfCrypt level we also support ECC native API's for `wc_ecc_*` using the
 
 `./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100"`
 
-or 
+or
 
 `#define HAVE_PK_CALLBACKS`
 `#define WOLFSSL_STSAFEA100`
diff --git a/wolfcrypt/src/port/st/STM32MP13.md b/wolfcrypt/src/port/st/STM32MP13.md
new file mode 100644
index 000000000..c02ef223e
--- /dev/null
+++ b/wolfcrypt/src/port/st/STM32MP13.md
@@ -0,0 +1,246 @@
+# STM32MP13 Port
+
+The STM32MP13 is unique in that it is an MPU instead of an MCU. The HAL also
+behaves a little differently. This document outlines how to use it in bare
+metal mode. For Linux, this should be used as a normal ARM Linux device.
+
+## Linux
+
+To cross-compile from a Linux host to the STM32MP13 OpenSTLinux, you need to
+install the [SDK](https://www.st.com/en/embedded-software/stm32mp1dev.html#get-software).
+In this example, I have extracted it to `/opt/st`.
+
+Your build environment is configured by running:
+
+```sh
+source /opt/st/stm32mp1/4.2.4-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/environment-setup-cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi
+```
+
+If you wish to compile with support for `/dev/crypto` then you will also need to
+do the following so that the headers are found by the compiler:
+
+```sh
+export CFLAGS="$CFLAGS -I /opt/st/stm32mp1/4.2.4-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sysroots/cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi/usr/src/debug/cryptodev-module/1.12-r0/"
+```
+
+When running `./configure`, make sure you add `--host=arm-linux-gnueabi` to the
+configure options.
+
+## Bare metal
+
+To develop in bare metal, the board needs to be started in "engineering mode".
+In this mode, there is 128KB of SRAM and 512MB of DDR RAM, but the DDR RAM is
+not initialized. On the STM32MP135-DK board, there is no flash storage.
+
+There is a catch-22 here, a wolfSSL project will likely need more than 128KB of
+storage and RAM. But it cannot be loaded into the DDR RAM until the DDR has been
+initialized. To work around this, before running the wolfSSL project, an
+example project called `DDR_Init` needs to be run first. This sets up the clocks
+and initializes the DDR RAM. The wolfSSL project can then be loaded into the DDR
+RAM, where it is executed.
+
+The DDR RAM section below shows how to obtain the `DDR_Init` project.
+
+### Setting up
+
+The board itself has dip switches to set the boot mode. These should be set to
+off-off-on-off to set the board into "engineering mode". The MPU's SRAM can
+then be flashed via the ST-Link.
+
+#### Device Configuration Tool
+
+In the configuration tool, enable and activate the following:
+
+```
+CRYP1
+HASH1
+PKA
+RNG1
+RTC
+```
+
+#### DDR RAM
+
+As mentioned above, the DDR RAM needs to be initialized before the wolfSSL
+project can be executed.
+
+You need to obtain the [STM32MP13 MPU Firmware Package](https://github.com/STMicroelectronics/STM32CubeMP13),
+which contains many examples of how to use the board in bare metal mode. One
+of the examples is the [DDR Init](https://github.com/STMicroelectronics/STM32CubeMP13/tree/main/Projects/STM32MP135C-DK/Examples/DDR/DDR_Init),
+which you will need to use all the features of wolfSSL. This is because the SRAM
+is only 128KB, but the DDR RAM is 512MB. This example initializes the DDR RAM,
+it also sets the MPU to 650MHz.
+
+#### MMU & Cache
+
+The MMU and cache will increase performance around 50x, so it is highly
+recommended. It may, however, make debugging more difficult.
+
+To enable them, in the preprocessor settings, change:
+
+```
+NO_MMU_USE
+NO_CACHE_USE
+```
+
+to:
+
+```
+MMU_USE
+CACHE_USE
+```
+
+Note that the Cube IDE may break this if you make any changes to the Device
+Configuration Tool.
+
+#### printf()
+
+If you are using an STM32MP135F-DK board and want to use the ST-Link UART for
+`printf()`, then you need to set PD6 and PD8 as the UART 4 RX/TX pins. You can
+then enable UART4 and set it to "Asynchronous" mode.
+
+In the code 0 section of `main.c` add:
+
+```c
+#ifdef __GNUC__
+int __io_putchar(int ch)
+#else
+int fputc(int ch, FILE *f)
+#endif
+{
+    HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF);
+
+    return ch;
+}
+#ifdef __GNUC__
+int _write(int file,char *ptr, int len)
+{
+    int DataIdx;
+    for (DataIdx= 0; DataIdx< len; DataIdx++) {
+        __io_putchar(*ptr++);
+    }
+    return len;
+}
+#endif
+```
+
+UART4 will now be used for `printf()`.
+
+
+
+### wolfSSL in your project
+
+There are a few things you need to do to get wolfSSL to run in your project. The
+first is setting compile option, these additional ones are needed. The first
+allows ARM ASM optimizations to compile, the second stops alignment issues from
+crashing the board:
+
+```
+-fomit-frame-pointer
+-mno-unaligned-access
+```
+
+The first of these should also be a flag for the assembler as well.
+
+Then the code needs to be set to use the DDR RAM instead of SRAM. To do this,
+edit `STM32MP135FAFX_RAM.ld` and change:
+
+```c
+REGION_ALIAS("RAM", SYSRAM_BASE);
+```
+
+To this:
+
+```c
+REGION_ALIAS("RAM", DDR_BASE);
+```
+
+In the Run Configuration menu, make sure that the debugger's startup has the
+"monitor reset" command removed. Otherwise the DDR initialization will be reset.
+
+In the `main.c` make sure that `SystemClock_Config();` is not executed. The DDR
+Init code will do this, and changing it will likely crash the board. It can
+be done like this:
+
+```c
+  /* USER CODE BEGIN Init */
+#if 0
+  /* USER CODE END Init */
+
+  /* Configure the system clock */
+  SystemClock_Config();
+
+  /* USER CODE BEGIN SysInit */
+#endif
+  /* USER CODE END SysInit */
+```
+
+### Benchmark
+
+To use the wolfCrypt benchmark, add this to your `main.c`:
+
+```c
+double current_time(void)
+{
+    RTC_TimeTypeDef time;
+    RTC_DateTypeDef date;
+    uint32_t subsec = 0;
+
+    /* must get time and date here due to STM32 HW bug */
+    HAL_RTC_GetTime(&hrtc, &time, RTC_FORMAT_BIN);
+    HAL_RTC_GetDate(&hrtc, &date, RTC_FORMAT_BIN);
+    /* Not all STM32 RTCs have subseconds in the struct */
+#ifdef RTC_ALARMSUBSECONDMASK_ALL
+    subsec = (255 - time.SubSeconds) * 1000 / 255;
+#endif
+
+    (void) date;
+
+    /* return seconds.milliseconds */
+    return ((double) time.Hours * 24) + ((double) time.Minutes * 60)
+            + (double) time.Seconds + ((double) subsec / 1000);
+}
+```
+
+Then in the user code 2 block, you can add:
+
+```c
+  uint32_t mpuss_clock = HAL_RCC_GetMPUSSFreq() / 1000000;
+
+  printf("System clock: %ld MHz, rng clock: %ld MHz\n\n", mpuss_clock);
+
+  int ret;
+  ret = benchmark_test(NULL);
+  printf("End: %d\n", ret);
+```
+
+### Testing
+
+To use the wolfCrypt test suite,
+
+### Compiling wolfSSL
+
+In your `user_settings.h` you should include:
+
+```c
+#define WOLFSSL_STM32MP13
+#define WOLFSSL_STM32_CUBEMX
+#define WOLFSSL_USER_CURRTIME
+```
+
+If you want ECDSA acceleration, you should also add:
+
+```c
+#define WOLFSSL_STM32_PKA
+#define WOLFSSL_STM32_PKA_V2
+```
+
+### Running
+
+Once you have compiled everything, to run your project, you will first need to
+run the DDR Init project. This will initialize the DDR RAM and the blue LED on
+the board will flash.
+
+You can then run the wolfSSL based project. If the board loses power, the
+DDR Init project will need to be run again before you are able to run the
+wolfSSL project.
diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
index 83497af2c..58b612590 100644
--- a/wolfcrypt/src/port/st/stm32.c
+++ b/wolfcrypt/src/port/st/stm32.c
@@ -1,6 +1,6 @@
 /* stm32.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,6 +58,12 @@
 #elif defined(WOLFSSL_STM32WL)
 #include <stm32wlxx_hal_conf.h>
 #include <stm32wlxx_hal_pka.h>
+#elif defined(WOLFSSL_STM32MP13)
+#include <stm32mp13xx_hal_conf.h>
+#include <stm32mp13xx_hal_pka.h>
+#elif defined(WOLFSSL_STM32H7S)
+#include <stm32h7rsxx_hal_conf.h>
+#include <stm32h7rsxx_hal_pka.h>
 #else
 #error Please add the hal_pk.h include
 #endif
@@ -134,6 +140,9 @@ static void wc_Stm32_Hash_SaveContext(STM32_HASH_Context* ctx)
     ctx->HASH_IMR = HASH->IMR;
     ctx->HASH_STR = HASH->STR;
     ctx->HASH_CR  = HASH->CR;
+#ifdef STM32_HASH_SHA3
+    ctx->SHA3CFGR  = HASH->SHA3CFGR;
+#endif
     for (i=0; i<HASH_CR_SIZE; i++) {
         ctx->HASH_CSR[i] = HASH->CSR[i];
     }
@@ -181,6 +190,9 @@ static void wc_Stm32_Hash_RestoreContext(STM32_HASH_Context* ctx, int algo)
         HASH->IMR = ctx->HASH_IMR;
         HASH->STR = ctx->HASH_STR;
         HASH->CR = ctx->HASH_CR;
+#ifdef STM32_HASH_SHA3
+        HASH->SHA3CFGR = ctx->SHA3CFGR;
+#endif
 
         /* Initialize the hash processor */
         HASH->CR |= HASH_CR_INIT;
@@ -303,12 +315,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
     int ret = 0;
     byte* local = (byte*)stmCtx->buffer;
     int wroteToFifo = 0;
-    const word32 fifoSz = (STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE);
     word32 chunkSz;
 
 #ifdef DEBUG_STM32_HASH
-    printf("STM Hash Update: algo %x, len %d, blockSz %d\n",
-        algo, len, blockSize);
+    printf("STM Hash Update: algo %x, len %d, buffLen %d, fifoBytes %d\n",
+        algo, len, stmCtx->buffLen, stmCtx->fifoBytes);
 #endif
     (void)blockSize;
 
@@ -323,40 +334,27 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
     /* restore hash context or init as new hash */
     wc_Stm32_Hash_RestoreContext(stmCtx, algo);
 
-    chunkSz = fifoSz;
-#ifdef STM32_HASH_FIFO_WORKAROUND
-    /* if FIFO already has bytes written then fill remainder first */
-    if (stmCtx->fifoBytes > 0) {
-        chunkSz -= stmCtx->fifoBytes;
-        stmCtx->fifoBytes = 0;
-    }
-#endif
-
     /* write blocks to FIFO */
     while (len) {
-        word32 add = min(len, chunkSz - stmCtx->buffLen);
+        word32 add;
+
+        chunkSz = blockSize;
+        /* fill the FIFO plus one additional to flush the first block */
+        if (!stmCtx->fifoBytes) {
+            chunkSz += STM32_HASH_REG_SIZE;
+        }
+
+        add = min(len, chunkSz - stmCtx->buffLen);
         XMEMCPY(&local[stmCtx->buffLen], data, add);
 
         stmCtx->buffLen += add;
         data            += add;
         len             -= add;
 
-    #ifdef STM32_HASH_FIFO_WORKAROUND
-        /* We cannot leave the FIFO full and do save/restore
-         * the last must be large enough to flush block from FIFO */
-        if (stmCtx->buffLen + len <= fifoSz * 2) {
-            chunkSz = fifoSz + STM32_HASH_REG_SIZE;
-        }
-    #endif
-
         if (stmCtx->buffLen == chunkSz) {
             wc_Stm32_Hash_Data(stmCtx, stmCtx->buffLen);
             wroteToFifo = 1;
-        #ifdef STM32_HASH_FIFO_WORKAROUND
-            if (chunkSz > fifoSz)
-                stmCtx->fifoBytes = chunkSz - fifoSz;
-            chunkSz = fifoSz;
-        #endif
+            stmCtx->fifoBytes += chunkSz;
         }
     }
 
@@ -380,7 +378,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     int ret = 0;
 
 #ifdef DEBUG_STM32_HASH
-    printf("STM Hash Final: algo %x, digestSz %d\n", algo, digestSize);
+    printf("STM Hash Final: algo %x, digestSz %d, buffLen %d, fifoBytes %d\n",
+        algo, digestSize, stmCtx->buffLen, stmCtx->fifoBytes);
 #endif
 
     /* turn on hash clock */
@@ -455,8 +454,10 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp)
     hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key;
 #ifdef STM32_HAL_V2
     hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
-    #ifdef CRYP_HEADERWIDTHUNIT_BYTE
-    hcryp->Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
+    #ifdef WOLFSSL_STM32MP13
+        hcryp->Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
+    #elif defined(CRYP_HEADERWIDTHUNIT_BYTE)
+        hcryp->Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
     #endif
 #endif
 
@@ -820,14 +821,12 @@ int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 {
     PKA_ECDSAVerifInTypeDef pka_ecc;
     int size;
-    int szrbin;
     int status;
     uint8_t Rbin[STM32_MAX_ECC_SIZE];
     uint8_t Sbin[STM32_MAX_ECC_SIZE];
     uint8_t Qxbin[STM32_MAX_ECC_SIZE];
     uint8_t Qybin[STM32_MAX_ECC_SIZE];
     uint8_t Hashbin[STM32_MAX_ECC_SIZE];
-    uint8_t privKeybin[STM32_MAX_ECC_SIZE];
     uint8_t prime[STM32_MAX_ECC_SIZE];
     uint8_t coefA[STM32_MAX_ECC_SIZE];
     uint8_t gen_x[STM32_MAX_ECC_SIZE];
@@ -841,21 +840,17 @@ int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
             key->dp == NULL) {
         return ECC_BAD_ARG_E;
     }
-    *res = 0;
+    *res = 0; /* default to failure */
+    size = wc_ecc_size(key); /* get key size in bytes */
 
-    szrbin = mp_unsigned_bin_size(r);
-    size = wc_ecc_size(key);
-
-    status = stm32_get_from_mp_int(Rbin, r, szrbin);
+    /* load R/S and public X/Y using key size */
+    status = stm32_get_from_mp_int(Rbin, r, size);
     if (status == MP_OKAY)
-        status = stm32_get_from_mp_int(Sbin, s, szrbin);
+        status = stm32_get_from_mp_int(Sbin, s, size);
     if (status == MP_OKAY)
         status = stm32_get_from_mp_int(Qxbin, key->pubkey.x, size);
     if (status == MP_OKAY)
         status = stm32_get_from_mp_int(Qybin, key->pubkey.y, size);
-    if (status == MP_OKAY)
-        status = stm32_get_from_mp_int(privKeybin, wc_ecc_key_get_priv(key),
-            size);
     if (status != MP_OKAY)
         return status;
 
diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
index ebe072733..aa1cdb743 100644
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -1,6 +1,6 @@
 /* stsafe.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/port/st/stsafe.h>
 #include <wolfssl/wolfcrypt/logging.h>
@@ -539,7 +543,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 &otherKeyY[0], (word32*)&otherKeyY_len);
             if (rc == 0) {
                 /* Compute shared secret */
-            	*info->pk.ecdh.outlen = 0;
+                *info->pk.ecdh.outlen = 0;
                 rc = stsafe_interface_shared_secret(
         #ifdef WOLFSSL_STSAFE_TAKES_SLOT
                     STSAFE_A_SLOT_0,
@@ -559,7 +563,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
 #endif /* HAVE_ECC */
 
     /* need to return negative here for error */
-    if (rc != 0 && rc != CRYPTOCB_UNAVAILABLE) {
+    if (rc != 0 && rc != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
         WOLFSSL_MSG("STSAFE: CryptoCb failed");
     #ifdef USE_STSAFE_VERBOSE
         STSAFE_INTERFACE_PRINTF("STSAFE: CryptoCb failed %d\n", rc);
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 18feb969e..9753508bf 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-aes.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,9 +63,9 @@ static int AesSetIV(Aes* aes, const byte* iv)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -99,7 +99,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir)
     aes->rounds = len / 4 + 6;
 
     XMEMCPY(aes->key, key, len);
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
     return AesSetIV(aes, iv);
@@ -149,7 +150,7 @@ static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz,
     ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen-8);
     if (dir == AES_CFG_DIR_DECRYPT && mode == AES_CFG_MODE_CBC) {
         /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     }
     ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
     wolfSSL_TI_unlockCCM();
@@ -157,19 +158,19 @@ static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz,
     /* store iv for next call */
     if (mode == AES_CFG_MODE_CBC) {
         if (dir == AES_CFG_DIR_ENCRYPT)
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         else
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
     }
 
     if (mode == AES_CFG_MODE_CTR) {
         do {
             int i;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                  if (++((byte*)aes->reg)[i])
                      break;
             }
-            sz -= AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
         } while ((int)sz > 0);
     }
 
@@ -185,7 +186,7 @@ static int AesProcess(Aes* aes, byte* out, const byte* in, word32 sz,
 
     if ((aes == NULL) || (in == NULL) || (out == NULL))
         return BAD_FUNC_ARG;
-    if (sz % AES_BLOCK_SIZE)
+    if (sz % WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     while (sz > 0) {
@@ -224,7 +225,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #ifdef WOLFSSL_AES_COUNTER
 int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    char out_block[AES_BLOCK_SIZE];
+    char out_block[WC_AES_BLOCK_SIZE];
     int odd;
     int even;
     char *tmp; /* (char *)aes->tmp, for short */
@@ -232,28 +233,28 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     tmp = (char *)aes->tmp;
     if (aes->left) {
-        if ((aes->left + sz) >= AES_BLOCK_SIZE) {
-            odd = AES_BLOCK_SIZE - aes->left;
+        if ((aes->left + sz) >= WC_AES_BLOCK_SIZE) {
+            odd = WC_AES_BLOCK_SIZE - aes->left;
         } else {
             odd = sz;
         }
         XMEMCPY(tmp+aes->left, in, odd);
-        if ((odd+aes->left) == AES_BLOCK_SIZE) {
-            ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+        if ((odd+aes->left) == WC_AES_BLOCK_SIZE) {
+            ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, WC_AES_BLOCK_SIZE,
                         AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
             if (ret != 0)
                 return ret;
             XMEMCPY(out, out_block+aes->left, odd);
             aes->left = 0;
-            XMEMSET(tmp, 0x0, AES_BLOCK_SIZE);
+            XMEMSET(tmp, 0x0, WC_AES_BLOCK_SIZE);
         }
         in += odd;
         out+= odd;
         sz -= odd;
     }
-    odd = sz % AES_BLOCK_SIZE;  /* if there is tail fragment */
-    if (sz / AES_BLOCK_SIZE) {
-        even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;
+    odd = sz % WC_AES_BLOCK_SIZE;  /* if there is tail fragment */
+    if (sz / WC_AES_BLOCK_SIZE) {
+        even = (sz/WC_AES_BLOCK_SIZE)*WC_AES_BLOCK_SIZE;
         ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
         if (ret != 0)
             return ret;
@@ -261,9 +262,9 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         in  += even;
     }
     if (odd) {
-        XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left);
+        XMEMSET(tmp+aes->left, 0x0, WC_AES_BLOCK_SIZE - aes->left);
         XMEMCPY(tmp+aes->left, in, odd);
-        ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+        ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, WC_AES_BLOCK_SIZE,
                     AES_CFG_DIR_ENCRYPT,
                     AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
                     );
@@ -280,12 +281,12 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #if defined(WOLFSSL_AES_DIRECT)
 int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT,
+    return AesProcess(aes, out, in, WC_AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT,
         AES_CFG_MODE_CBC);
 }
 int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT,
+    return AesProcess(aes, out, in, WC_AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT,
         AES_CFG_MODE_CBC);
 }
 int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv,
@@ -311,7 +312,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 
 static int AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
 {
-    byte nonce[AES_BLOCK_SIZE];
+    byte nonce[WC_AES_BLOCK_SIZE];
 
     if ((aes == NULL) || (key == NULL))
         return BAD_FUNC_ARG;
@@ -405,16 +406,16 @@ static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L,
             byte *b = (byte*)aes->reg;
             if (nonce != NULL)
                 XMEMCPY(aes->reg, nonce, len);
-            b[AES_BLOCK_SIZE-4] = 0;
-            b[AES_BLOCK_SIZE-3] = 0;
-            b[AES_BLOCK_SIZE-2] = 0;
-            b[AES_BLOCK_SIZE-1] = 1;
+            b[WC_AES_BLOCK_SIZE-4] = 0;
+            b[WC_AES_BLOCK_SIZE-3] = 0;
+            b[WC_AES_BLOCK_SIZE-2] = 0;
+            b[WC_AES_BLOCK_SIZE-1] = 1;
 
         }
         else {
-            word32 zeros[AES_BLOCK_SIZE/sizeof(word32)];
-            word32 subkey[AES_BLOCK_SIZE/sizeof(word32)];
-            word32 nonce_padded[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 zeros[WC_AES_BLOCK_SIZE/sizeof(word32)];
+            word32 subkey[WC_AES_BLOCK_SIZE/sizeof(word32)];
+            word32 nonce_padded[WC_AES_BLOCK_SIZE/sizeof(word32)];
             word32 i;
 
             XMEMSET(zeros, 0, sizeof(zeros)); /* init to zero */
@@ -436,10 +437,10 @@ static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L,
             ROM_AESAuthLengthSet(AES_BASE, 0);
 
             /* copy nonce */
-            for (i = 0; i < len; i += AES_BLOCK_SIZE) {
+            for (i = 0; i < len; i += WC_AES_BLOCK_SIZE) {
                 word32 nonceSz = len - i;
-                if (nonceSz > AES_BLOCK_SIZE)
-                    nonceSz = AES_BLOCK_SIZE;
+                if (nonceSz > WC_AES_BLOCK_SIZE)
+                    nonceSz = WC_AES_BLOCK_SIZE;
                 XMEMSET(nonce_padded, 0, sizeof(nonce_padded));
                 XMEMCPY(nonce_padded, (word32*)(nonce + i), nonceSz);
                 ROM_AESDataWrite(AES_BASE, nonce_padded);
@@ -461,11 +462,11 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     byte *in_a,     *in_save = NULL;
     byte *out_a,    *out_save = NULL;
     byte *authIn_a, *authIn_save = NULL;
-    word32 tmpTag[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 tmpTag[WC_AES_BLOCK_SIZE/sizeof(word32)];
 
     ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
         authTagSz, &M, &L);
-    if (ret == BAD_FUNC_ARG) {
+    if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return ret;
     }
 
@@ -479,7 +480,7 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         ROM_AESReset(AES_BASE);
         ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
         ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
-        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, AES_BLOCK_SIZE);
+        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, WC_AES_BLOCK_SIZE);
         wolfSSL_TI_unlockCCM();
         XMEMCPY(authTag, tmpTag, authTagSz);
         return 0;
@@ -545,9 +546,9 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
 exit:
-    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -561,11 +562,11 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     byte *in_a,     *in_save = NULL;
     byte *out_a,    *out_save = NULL;
     byte *authIn_a, *authIn_save = NULL;
-    word32 tmpTag[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 tmpTag[WC_AES_BLOCK_SIZE/sizeof(word32)];
 
     ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
         authTagSz, &M, &L);
-    if (ret == BAD_FUNC_ARG) {
+    if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return ret;
     }
 
@@ -579,7 +580,7 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         ROM_AESReset(AES_BASE);
         ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
         ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
-        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, AES_BLOCK_SIZE);
+        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, WC_AES_BLOCK_SIZE);
         wolfSSL_TI_unlockCCM();
 
         if (XMEMCMP(authTag, tmpTag, authTagSz) != 0) {
@@ -645,9 +646,9 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
 exit:
-    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -830,7 +831,7 @@ int wc_GmacVerify(const byte* key, word32 keySz,
 #endif
 
     if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
-        authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
+        authTag == NULL || authTagSz == 0 || authTagSz > WC_AES_BLOCK_SIZE) {
 
         return BAD_FUNC_ARG;
     }
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index 1b4a26590..d43c733f8 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -1,6 +1,6 @@
 /* port/ti/ti_ccm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
index 47ef04a4b..8e6c71c9b 100644
--- a/wolfcrypt/src/port/ti/ti-des3.c
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-des.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 0077e96da..3aeac3072 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-hash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -203,7 +203,7 @@ WOLFSSL_API int wc_Md5GetHash(Md5* md5, byte* hash)
 
 WOLFSSL_API int wc_Md5Copy(Md5* src, Md5* dst)
 {
-	return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
+        return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
 }
 
 WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte* hash)
@@ -249,7 +249,7 @@ WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
 
 WOLFSSL_API int wc_ShaCopy(Sha* src, Sha* dst)
 {
-	return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
+        return hashCopy((wolfssl_TI_Hash *)src, (wolfssl_TI_Hash *)dst);
 }
 
 WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte* hash)
diff --git a/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/wolfcrypt/src/port/xilinx/xil-aesgcm.c
index aabcbd379..b50042eaf 100644
--- a/wolfcrypt/src/port/xilinx/xil-aesgcm.c
+++ b/wolfcrypt/src/port/xilinx/xil-aesgcm.c
@@ -1,6 +1,6 @@
 /* xil-aesgcm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -87,9 +87,9 @@ static WC_INLINE int aligned_xmalloc(byte** buf, byte** aligned, void* heap, wor
 
 static WC_INLINE void aligned_xfree(void* buf, void* heap)
 {
-	if (buf == NULL)
-		return;
-	XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (buf == NULL)
+                return;
+        XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
 }
 
 static WC_INLINE int check_keysize(word32 len)
@@ -135,7 +135,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
     aes->xKeySize =
             len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 :
                                       XSECURE_AES_KEY_SIZE_256;
-    XMEMCPY(aes->keyInit, key, len);
+    if (key != NULL) {
+        XMEMCPY(aes->keyInit, key, len);
+    }
 
     return 0;
 }
@@ -217,10 +219,10 @@ static WC_INLINE int handle_aad(       Aes* aes,
                                       byte* authTag,
                                 const byte* authIn, word32 authInSz) {
     int ret;
-    byte scratch[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE] = { 0 };
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE] = { 0 };
     XMEMCPY(initalCounter, iv, AEAD_NONCE_SZ);
-    initalCounter[AES_BLOCK_SIZE - 1] = 1;
+    initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     GHASH(&aes->gcm, authIn, authInSz, data, sz, authTag, AES_GCM_AUTH_SZ);
     ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
     if (ret == 0)
@@ -478,7 +480,12 @@ int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
 {
     XCsuDma_Config* con;
 
-    if (aes == NULL || key == NULL) {
+    if (aes == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (kup == XSECURE_CSU_AES_KEY_SRC_KUP && key == NULL) {
+        WOLFSSL_MSG("Expecting key buffer passed in if using KUP");
         return BAD_FUNC_ARG;
     }
 
@@ -501,7 +508,9 @@ int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
 
     aes->keylen = len;
     aes->kup    = kup;
-    XMEMCPY((byte*)(aes->keyInit), key, len);
+    if (key != NULL) {
+        XMEMCPY((byte*)(aes->keyInit), key, len);
+    }
 
     return 0;
 }
@@ -515,8 +524,8 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
                                    const byte* authIn, word32 authInSz)
 {
     byte* tmp;
-    byte scratch[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE];
     int ret;
 
     if ((in == NULL && sz > 0) || iv == NULL || authTag == NULL ||
@@ -538,26 +547,34 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
             return BAD_FUNC_ARG;
         }
 
+    #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
         tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             return MEMORY_E;
         }
+    #else
+        /* if NO_WOLFSSL_XILINX_TAG_MALLOC is defined than it is assumed that
+         * out buffer is large enough to hold both the cipher out and tag */
+        tmp = out;
+    #endif
 
         XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
             aes->keyInit);
         XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
-        XMEMCPY(out, tmp, sz);
         XMEMCPY(authTag, tmp + sz, authTagSz);
+    #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
+        XMEMCPY(out, tmp, sz);
         XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
     }
 
     /* handle completing tag with any additional data */
     if (authIn != NULL) {
         /* @TODO avoid hashing out again since Xilinx call already does */
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0)
@@ -577,8 +594,8 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
 {
     byte* tag;
     byte buf[AES_GCM_AUTH_SZ];
-    byte scratch[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE];
     int ret;
 
     if (in == NULL || iv == NULL || authTag == NULL ||
@@ -593,9 +610,9 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
 
     /* account for additional data */
     if (authIn != NULL && authInSz > 0) {
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         tag = buf;
         GHASH(&aes->gcm, NULL, 0, in, sz, tag, AES_GCM_AUTH_SZ);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
@@ -610,7 +627,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
     /* calls to hardened crypto */
     XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
                 (word32*)iv, aes->keyInit);
-    XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
+    ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
 
     /* account for additional data */
     if (authIn != NULL && authInSz > 0) {
@@ -623,6 +640,12 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
             return AES_GCM_AUTH_E;
         }
     }
+    else {
+        /* if no aad then check the result of the initial tag passed in */
+        if (ret != XST_SUCCESS) {
+            return AES_GCM_AUTH_E;
+        }
+    }
 
     return 0;
 
diff --git a/wolfcrypt/src/port/xilinx/xil-sha3.c b/wolfcrypt/src/port/xilinx/xil-sha3.c
index 0d440916b..01134b99d 100644
--- a/wolfcrypt/src/port/xilinx/xil-sha3.c
+++ b/wolfcrypt/src/port/xilinx/xil-sha3.c
@@ -1,6 +1,6 @@
 /* xil-sha3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-versal-glue.c b/wolfcrypt/src/port/xilinx/xil-versal-glue.c
index ed90fd4fc..e2e41834e 100644
--- a/wolfcrypt/src/port/xilinx/xil-versal-glue.c
+++ b/wolfcrypt/src/port/xilinx/xil-versal-glue.c
@@ -1,6 +1,6 @@
 /* xil-versal-glue.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -78,7 +78,7 @@ int wc_InitXsecure(wc_Xsecure* xsec)
 /**
    Convert Xilinx specific error to string
 
-   err	The error to convert
+   err  The error to convert
 
    Returns a pointer to a string (always, never returns NULL).
  */
diff --git a/wolfcrypt/src/port/xilinx/xil-versal-trng.c b/wolfcrypt/src/port/xilinx/xil-versal-trng.c
index a8a7c2a56..07e683562 100644
--- a/wolfcrypt/src/port/xilinx/xil-versal-trng.c
+++ b/wolfcrypt/src/port/xilinx/xil-versal-trng.c
@@ -1,6 +1,6 @@
 /* xil-versal-trng.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -134,7 +134,7 @@ int wc_VersalTrngInit(byte* nonce, word32 nonceSz)
             .PersStrPresent = XTRNGPSV_FALSE
     };
 #endif
-    int ret = WC_HW_E;
+    int ret = WC_NO_ERR_TRACE(WC_HW_E);
     XTrngpsv_Config *cfg;
     sword32 xret = 0;
     if (trng.State == XTRNGPSV_HEALTHY) {
@@ -142,22 +142,29 @@ int wc_VersalTrngInit(byte* nonce, word32 nonceSz)
     }
     cfg = XTrngpsv_LookupConfig(WOLFSSL_PSV_TRNG_DEV_ID);
     if (!cfg) {
+        ret = WC_HW_E;
         WOLFSSL_MSG("Could not lookup TRNG config");
         goto out;
     }
     xret = XTrngpsv_CfgInitialize(&trng, cfg, cfg->BaseAddress);
-    if (xret)
+    if (xret) {
+        ret = WC_HW_E;
         goto out;
+    }
     xret = versal_trng_selftest();
-    if (xret)
+    if (xret) {
+        ret = WC_HW_E;
         goto out;
+    }
 #if !defined(HAVE_HASHDRBG)
     if (nonce)
         usercfg_add_nonce(&user_cfg, nonce, nonceSz);
 #endif
     xret = XTrngpsv_Instantiate(&trng, &user_cfg);
-    if (xret)
+    if (xret) {
+        ret = WC_HW_E;
         goto out;
+    }
 
     ret = 0;
 
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index 8be0c64e8..05e574dfb 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -1,6 +1,6 @@
 /* pwdbased.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,6 +28,16 @@
 
 #ifndef NO_PWDBASED
 
+#if FIPS_VERSION3_GE(6,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+       #ifdef USE_WINDOWS_API
+               #pragma code_seg(".fipsA$h")
+               #pragma const_seg(".fipsB$h")
+       #endif
+#endif
+
 #include <wolfssl/wolfcrypt/pwdbased.h>
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/hash.h>
@@ -41,6 +51,17 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    #ifdef DEBUG_WOLFSSL
+        #include <wolfssl/wolfcrypt/logging.h>
+    #endif
+    const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000010 };
+    int wolfCrypt_FIPS_PBKDF_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 #ifdef HAVE_PBKDF1
 
@@ -165,6 +186,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
 int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
            int sLen, int iterations, int kLen, int hashType)
 {
+
     return wc_PBKDF1_ex(output, kLen, NULL, 0,
         passwd, pLen, salt, sLen, iterations, hashType, NULL);
 }
@@ -191,6 +213,24 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
         return BAD_FUNC_ARG;
     }
 
+#if FIPS_VERSION3_GE(6,0,0)
+    /* Per SP800-132 section 5 "The kLen value shall be at least 112 bits in
+     * length", ensure the returned bits for the derived master key are at a
+     * minimum 14-bytes or 112-bits after stretching and strengthening
+     * (iterations) */
+    if (kLen < HMAC_FIPS_MIN_KEY)
+        return BAD_LENGTH_E;
+#endif
+
+#if FIPS_VERSION3_GE(6,0,0) && defined(DEBUG_WOLFSSL)
+    /* SP800-132 section 5.2 recommends an iteration count of 1000 but this is
+     * not strictly enforceable and is listed in Appendix B Table 1 as a
+     * non-testable requirement. wolfCrypt will log it when appropriate but
+     * take no action */
+    if (iterations < 1000) {
+        WOLFSSL_MSG("WARNING: Iteration < 1,000, see SP800-132 section 5.2");
+    }
+#endif
     if (iterations <= 0)
         iterations = 1;
 
@@ -214,7 +254,17 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
     if (ret == 0) {
         word32 i = 1;
         /* use int hashType here, since HMAC FIPS uses the old unique value */
+    #if FIPS_VERSION3_GE(6,0,0)
+        {
+            /* Allow passwords that are less than 14-bytes for compatibility
+             * / interoperability, only since module v6.0.0 */
+            int allowShortPasswd = 1;
+            ret = wc_HmacSetKey_ex(hmac, hashType, passwd, (word32)pLen,
+                                   allowShortPasswd);
+        }
+    #else
         ret = wc_HmacSetKey(hmac, hashType, passwd, (word32)pLen);
+    #endif
 
         while (ret == 0 && kLen) {
             int currentLen;
@@ -538,16 +588,11 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
 #ifdef WOLFSSL_SMALL_STACK
   out:
 
-    if (Ai != NULL)
-        XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (B != NULL)
-        XFREE(B,  heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (B1 != NULL)
-        XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (i1 != NULL)
-        XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (res != NULL)
-        XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     if (dynamic)
@@ -781,7 +826,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
         goto end;
     }
     /* Temporary for scryptROMix. */
-    v = (byte*)XMALLOC((size_t)((1 << cost) * bSz), NULL,
+    v = (byte*)XMALLOC((size_t)((1U << cost) * bSz), NULL,
                        DYNAMIC_TYPE_TMP_BUFFER);
     if (v == NULL) {
         ret = MEMORY_E;
@@ -795,6 +840,8 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
         goto end;
     }
 
+    XMEMSET(y, 0, (size_t)(blockSize * 128));
+
     /* Step 1. */
     ret = wc_PBKDF2(blocks, passwd, passLen, salt, saltLen, 1, (int)blocksSz,
                     WC_SHA256);
@@ -803,18 +850,15 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
 
     /* Step 2. */
     for (i = 0; i < parallel; i++)
-        scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1 << cost);
+        scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1U << cost);
 
     /* Step 3. */
     ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen,
                     WC_SHA256);
 end:
-    if (blocks != NULL)
-        XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (v != NULL)
-        XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (y != NULL)
-        XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 16c0d3309..1201e948a 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1,6 +1,6 @@
 /* random.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,6 +31,9 @@ This library contains implementation for the random number generator.
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#if defined(DEBUG_WOLFSSL)
+    #include <wolfssl/wolfcrypt/logging.h>
+#endif
 
 /* on HPUX 11 you may need to install /dev/random see
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
@@ -47,8 +50,8 @@ This library contains implementation for the random number generator.
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$c")
-        #pragma const_seg(".fipsB$c")
+        #pragma code_seg(".fipsA$i")
+        #pragma const_seg(".fipsB$i")
     #endif
 #endif
 
@@ -84,14 +87,19 @@ This library contains implementation for the random number generator.
     #ifndef _WIN32_WINNT
         #define _WIN32_WINNT 0x0400
     #endif
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
     #include <wincrypt.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 #elif defined(HAVE_WNR)
     #include <wnr.h>
     #include <wolfssl/wolfcrypt/logging.h>
-    wolfSSL_Mutex wnr_mutex;    /* global netRandom mutex */
+    wolfSSL_Mutex wnr_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wnr_mutex);    /* global netRandom mutex */
     int wnr_timeout     = 0;    /* entropy timeout, milliseconds */
-    int wnr_mutex_init  = 0;    /* flag for mutex init */
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
+    int wnr_mutex_inited = 0;   /* flag for mutex init */
+    #endif
+    int wnr_inited = 0;    /* flag for whether wc_InitNetRandom() has been called */
     wnr_context*  wnr_ctx;      /* global netRandom context */
 #elif defined(FREESCALE_KSDK_2_0_TRNG)
     #include "fsl_trng.h"
@@ -104,7 +112,9 @@ This library contains implementation for the random number generator.
     #include <basictypes.h>
     #include <random.h>
 #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
-#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
+    #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
+#elif defined(WOLFSSL_RPIPICO)
+    #include "wolfssl/wolfcrypt/port/rpi_pico/pico.h"
 #elif defined(NO_DEV_RANDOM)
 #elif defined(CUSTOM_RAND_GENERATE)
 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
@@ -120,11 +130,18 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_PB)
 #elif defined(WOLFSSL_ZEPHYR)
 #elif defined(WOLFSSL_TELIT_M2MB)
+#elif defined(WOLFSSL_RENESAS_TSIP)
+    /* for wc_tsip_GenerateRandBlock */
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
 #elif defined(WOLFSSL_IMXRT1170_CAAM)
+#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
+    #include "cyhal_trng.h" /* Infineon/Cypress HAL RNG implementation */
 #elif defined(WOLFSSL_GETRANDOM)
     #include <errno.h>
     #include <sys/random.h>
+#elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
 #else
     /* include headers that may be needed to get good seed */
     #include <fcntl.h>
@@ -145,6 +162,15 @@ This library contains implementation for the random number generator.
 #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000011 };
+    int wolfCrypt_FIPS_DRBG_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
 #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) || \
     defined(HAVE_AMD_RDSEED)
     static word32 intel_flags = 0;
@@ -574,14 +600,14 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen
 
         dIdx = (int)dLen - 1;
         for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) {
-            carry += (word16)(d[dIdx] + s[sIdx]);
+            carry = (word16)(carry + d[dIdx] + s[sIdx]);
             d[dIdx] = (byte)carry;
             carry >>= 8;
             dIdx--;
         }
 
         for (; dIdx >= 0; dIdx--) {
-            carry += (word16)d[dIdx];
+            carry = (word16)(carry + d[dIdx]);
             d[dIdx] = (byte)carry;
             carry >>= 8;
         }
@@ -605,6 +631,9 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
     }
 
     if (drbg->reseedCtr == RESEED_INTERVAL) {
+#if FIPS_VERSION3_GE(6,0,0)
+        printf("Reseed triggered\n");
+#endif
         return DRBG_NEED_RESEED;
     }
     else {
@@ -791,7 +820,7 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
  */
 static WC_INLINE word64 Entropy_TimeHiRes(void)
 {
-    return mach_absolute_time();
+    return clock_gettime_nsec_np(CLOCK_MONOTONIC_RAW);
 }
 #elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__aarch64__)
 /* Get the high resolution time counter.
@@ -809,6 +838,26 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
     );
     return cnt;
 }
+#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__)
+
+#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
+
+/* Get the high resolution time counter.
+ * Collect ticks from LPD_SCNTR
+ * @return  64-bit tick count.
+ */
+static WC_INLINE word64 Entropy_TimeHiRes(void)
+{
+    word64 cnt;
+    word32 *ptr;
+
+    ptr = (word32*)LPD_SCNTR_BASE_ADDRESS;
+    cnt = *(ptr+1);
+    cnt = cnt << 32;
+    cnt |= *ptr;
+
+    return cnt;
+}
 #elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L)
 /* Get the high resolution time counter.
  *
@@ -866,7 +915,8 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
  * @param [in,out] args  Entropy data including: counter and stop flag.
  * @return  NULL always.
  */
-static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN Entropy_IncCounter(void* args)
+static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN
+    Entropy_IncCounter(void* args)
 {
     (void)args;
 
@@ -879,8 +929,9 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN Entropy_IncCounter(void* args)
 #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE
     fprintf(stderr, "EXITING ENTROPY COUNTER THREAD\n");
 #endif
+
     /* Exit from thread. */
-    WOLFSSL_RETURN_FROM_THREAD(0);
+    RETURN_FROM_THREAD_NOJOIN(0);
 }
 
 /* Start a thread that increments counter if not one already.
@@ -1353,7 +1404,7 @@ static int Entropy_Condition(byte* output, word32 len, byte* noise,
 /* Mutex to prevent multiple callers requesting entropy operations at the
  * same time.
  */
-static wolfSSL_Mutex entropy_mutex;
+static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mutex);
 
 /* Get entropy of specified strength.
  *
@@ -1430,7 +1481,7 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
     Entropy_StopThread();
 #endif
 
-    if (ret != BAD_MUTEX_E) {
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) {
         /* Unlock mutex now we are done. */
         wc_UnLockMutex(&entropy_mutex);
     }
@@ -1446,7 +1497,7 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
  * @return  ENTROPY_RT_E or ENTROPY_APT_E on failure.
  * @return  BAD_MUTEX_E when unable to lock mutex.
  */
-int wc_Entropy_OnDemandTest()
+int wc_Entropy_OnDemandTest(void)
 {
     int ret = 0;
 
@@ -1462,7 +1513,7 @@ int wc_Entropy_OnDemandTest()
         ret = Entropy_HealthTest_Startup();
     }
 
-    if (ret != BAD_MUTEX_E) {
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) {
         /* Unlock mutex now we are done. */
         wc_UnLockMutex(&entropy_mutex);
     }
@@ -1474,13 +1525,13 @@ int wc_Entropy_OnDemandTest()
  * @return  0 on success.
  * @return  Negative on failure.
  */
-int Entropy_Init()
+int Entropy_Init(void)
 {
     int ret = 0;
 
     /* Check whether initialization has succeeded before. */
     if (!entropy_memuse_initialized) {
-    #ifndef SINGLE_THREADED
+    #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
         ret = wc_InitMutex(&entropy_mutex);
     #endif
         if (ret == 0) {
@@ -1511,13 +1562,13 @@ int Entropy_Init()
 
 /* Finalize the data associated with the MemUse Entropy source.
  */
-void Entropy_Final()
+void Entropy_Final(void)
 {
     /* Only finalize when initialized. */
     if (entropy_memuse_initialized) {
         /* Dispose of the SHA3-356 hash object. */
         wc_Sha3_256_Free(&entropyHash);
-    #ifndef SINGLE_THREADED
+    #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
         wc_FreeMutex(&entropy_mutex);
     #endif
         /* Clear health test data. */
@@ -1615,11 +1666,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 #ifdef CUSTOM_RAND_GENERATE_BLOCK
     ret = 0; /* success */
 #else
-#ifdef HAVE_HASHDRBG
-    if (nonceSz == 0)
-        seedSz = MAX_SEED_SZ;
 
-    if (wc_RNG_HealthTestLocal(0, rng->heap, devId) == 0) {
+ /* not CUSTOM_RAND_GENERATE_BLOCK follows */
+#ifdef HAVE_HASHDRBG
+    if (nonceSz == 0) {
+        seedSz = MAX_SEED_SZ;
+    }
+
+    ret = wc_RNG_HealthTestLocal(0, rng->heap, devId);
+    if (ret != 0) {
+        #if defined(DEBUG_WOLFSSL)
+        WOLFSSL_MSG_EX("wc_RNG_HealthTestLocal failed err = %d", ret);
+        #endif
+        ret = DRBG_CONT_FAILURE;
+    }
+    else {
     #ifndef WOLFSSL_SMALL_STACK
         byte seed[MAX_SEED_SZ];
     #else
@@ -1634,13 +1695,23 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
                 (struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap,
                                                           DYNAMIC_TYPE_RNG);
         if (rng->drbg == NULL) {
+    #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG_EX("_InitRng XMALLOC failed to allocate %d bytes",
+                           sizeof(DRBG_internal));
+    #endif
             ret = MEMORY_E;
             rng->status = DRBG_FAILED;
         }
 #else
         rng->drbg = (struct DRBG*)&rng->drbg_data;
+#endif /* WOLFSSL_NO_MALLOC or WOLFSSL_STATIC_MEMORY */
+
+        if (ret != 0) {
+#if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret);
 #endif
-        if (ret == 0) {
+        }
+        else {
 #ifdef WC_RNG_SEED_CB
             if (seedCb == NULL) {
                 ret = DRBG_NO_SEED_CB;
@@ -1653,10 +1724,13 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             }
 #else
             ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
-#endif
+#endif /* WC_RNG_SEED_CB */
             if (ret == 0)
                 ret = wc_RNG_TestSeed(seed, seedSz);
             else {
+    #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret);
+    #endif
                 ret = DRBG_FAILURE;
                 rng->status = DRBG_FAILED;
             }
@@ -1672,24 +1746,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
             #endif
                 rng->drbg = NULL;
             }
-        }
+        } /* ret == 0 */
 
         ForceZero(seed, seedSz);
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(seed, rng->heap, DYNAMIC_TYPE_SEED);
     #endif
-    }
-    else {
-        ret = DRBG_CONT_FAILURE;
-    }
+    } /* else swc_RNG_HealthTestLocal was successful */
 
     if (ret == DRBG_SUCCESS) {
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-#ifdef HAVE_HASHDRBG
+    #ifdef HAVE_HASHDRBG
         struct DRBG_internal* drbg = (struct DRBG_internal*)rng->drbg;
         wc_MemZero_Add("DRBG V", &drbg->V, sizeof(drbg->V));
         wc_MemZero_Add("DRBG C", &drbg->C, sizeof(drbg->C));
-#endif
+    #endif
 #endif
 
         rng->status = DRBG_OK;
@@ -1731,6 +1802,26 @@ WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 }
 
 
+int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz,
+                  void* heap, int devId)
+{
+    int ret;
+
+    *rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG);
+    if (*rng == NULL) {
+        return MEMORY_E;
+    }
+
+    ret = _InitRng(*rng, nonce, nonceSz, heap, devId);
+    if (ret != 0) {
+        XFREE(*rng, heap, DYNAMIC_TYPE_RNG);
+        *rng = NULL;
+    }
+
+    return ret;
+}
+
+
 WOLFSSL_ABI
 void wc_rng_free(WC_RNG* rng)
 {
@@ -1788,7 +1879,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
     #endif
     {
         ret = wc_CryptoCb_RandomBlock(rng, output, sz);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -2097,7 +2188,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL,
+    check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, heap,
                            DYNAMIC_TYPE_TMP_BUFFER);
     if (check == NULL) {
         return MEMORY_E;
@@ -2164,16 +2255,32 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
 #else
         const byte* seedB = seedB_data;
         const byte* outputB = outputB_data;
+#endif
+#if defined(DEBUG_WOLFSSL)
+        WOLFSSL_MSG_EX("RNG_HEALTH_TEST_CHECK_SIZE = %d",
+                        RNG_HEALTH_TEST_CHECK_SIZE);
+        WOLFSSL_MSG_EX("sizeof(seedB_data)         = %d",
+                        (int)sizeof(outputB_data));
 #endif
         ret = wc_RNG_HealthTest_ex(0, NULL, 0,
                                    seedB, sizeof(seedB_data),
                                    NULL, 0,
                                    check, RNG_HEALTH_TEST_CHECK_SIZE,
                                    heap, devId);
-        if (ret == 0) {
-            if (ConstantCompare(check, outputB,
-                                RNG_HEALTH_TEST_CHECK_SIZE) != 0)
+        if (ret != 0) {
+            #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG_EX("RNG_HealthTest failed: err = %d", ret);
+            #endif
+        }
+        else {
+            ret = ConstantCompare(check, outputB,
+                                RNG_HEALTH_TEST_CHECK_SIZE);
+            if (ret != 0) {
+                #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG_EX("Random ConstantCompare failed: err = %d", ret);
+                #endif
                 ret = -1;
+            }
         }
 
         /* The previous test cases use a large seed instead of a seed and nonce.
@@ -2201,7 +2308,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(check, heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -2218,10 +2325,13 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
  */
 int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
 {
+    int ret;
+
     if (configFile == NULL || timeout < 0)
         return BAD_FUNC_ARG;
 
-    if (wnr_mutex_init > 0) {
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    if (wnr_mutex_inited > 0) {
         WOLFSSL_MSG("netRandom context already created, skipping");
         return 0;
     }
@@ -2230,7 +2340,14 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         WOLFSSL_MSG("Bad Init Mutex wnr_mutex");
         return BAD_MUTEX_E;
     }
-    wnr_mutex_init = 1;
+
+    wnr_mutex_inited = 1;
+#endif
+
+    if (wnr_inited > 0) {
+        WOLFSSL_MSG("netRandom context already created, skipping");
+        return 0;
+    }
 
     if (wc_LockMutex(&wnr_mutex) != 0) {
         WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
@@ -2243,7 +2360,8 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
     /* create global wnr_context struct */
     if (wnr_create(&wnr_ctx) != WNR_ERROR_NONE) {
         WOLFSSL_MSG("Error creating global netRandom context");
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
     /* load config file */
@@ -2251,7 +2369,8 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         WOLFSSL_MSG("Error loading config file into netRandom context");
         wnr_destroy(wnr_ctx);
         wnr_ctx = NULL;
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
     /* create/init polling mechanism */
@@ -2259,7 +2378,8 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         WOLFSSL_MSG("Error initializing netRandom polling mechanism");
         wnr_destroy(wnr_ctx);
         wnr_ctx = NULL;
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
     /* validate config, set HMAC callback (optional) */
@@ -2268,12 +2388,17 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
         wnr_destroy(wnr_ctx);
         wnr_ctx = NULL;
         wnr_poll_destroy();
-        return RNG_FAILURE_E;
+        ret = RNG_FAILURE_E;
+        goto out;
     }
 
+    wnr_inited = 1;
+
+out:
+
     wc_UnLockMutex(&wnr_mutex);
 
-    return 0;
+    return ret;
 }
 
 /*
@@ -2282,7 +2407,7 @@ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
  */
 int wc_FreeNetRandom(void)
 {
-    if (wnr_mutex_init > 0) {
+    if (wnr_inited > 0) {
 
         if (wc_LockMutex(&wnr_mutex) != 0) {
             WOLFSSL_MSG("Bad Lock Mutex wnr_mutex");
@@ -2297,8 +2422,12 @@ int wc_FreeNetRandom(void)
 
         wc_UnLockMutex(&wnr_mutex);
 
+#ifndef WOLFSSL_MUTEX_INITIALIZER
         wc_FreeMutex(&wnr_mutex);
-        wnr_mutex_init = 0;
+        wnr_mutex_inited = 0;
+#endif
+
+        wnr_inited = 0;
     }
 
     return 0;
@@ -2558,7 +2687,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     #endif
     {
         ret = wc_CryptoCb_RandomSeed(os, output, sz);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -2845,7 +2974,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
         return RAN_BLOCK_E;
     }
-
 #elif !defined(WOLFSSL_CAAM) && \
     (defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
      defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS))
@@ -3358,7 +3486,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             }
 
             /* driver could be waiting for entropy */
-            if (ret != RAN_BLOCK_E && ret != 0) {
+            if (ret != WC_NO_ERR_TRACE(RAN_BLOCK_E) && ret != 0) {
                 return ret;
             }
 #ifndef WOLFSSL_IMXRT1170_CAAM
@@ -3395,6 +3523,79 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return 0;
     }
 
+#elif defined(ARDUINO)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        int ret = 0;
+        word32 rand;
+        while (sz > 0) {
+            word32 len = sizeof(rand);
+            if (sz < len)
+                len = sz;
+        /* Get an Arduino framework random number */
+        #if defined(ARDUINO_SAMD_NANO_33_IOT) || \
+            defined(ARDUINO_ARCH_RP2040)
+            /* Known, tested boards working with random() */
+            rand = random();
+        #elif defined(ARDUINO_SAM_DUE)
+            /* See: https://github.com/avrxml/asf/tree/master/sam/utils/cmsis/sam3x/include */
+            #if defined(__SAM3A4C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3A8C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X4C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X4E__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X8C__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif defined(__SAM3X8E__)
+                /* This is the Arduino Due */
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #elif  defined(__SAM3A8H__)
+                #ifndef TRNG
+                    #define TRNG (0x400BC000U)
+                #endif
+            #else
+                #ifndef TRNG
+                    #error "Unknown TRNG for this device"
+                #endif
+            #endif
+
+            srand(analogRead(0));
+            rand = trng_read_output_data(TRNG);
+        #elif defined(__STM32__)
+            /* TODO: confirm this is proper random number on Arduino STM32 */
+            #warning "Not yet tested on STM32 targets"
+            rand = random();
+        #else
+            /* TODO: Pull requests appreciated for new targets.
+             * Do *all* other Arduino boards support random()?
+             * Probably not 100%, but most will likely work: */
+            rand = random();
+        #endif
+
+            XMEMCPY(output, &rand, len);
+            output += len;
+            sz -= len;
+        }
+
+        return ret;
+    }
+
 #elif defined(WOLFSSL_ESPIDF)
 
     /* Espressif */
@@ -3431,6 +3632,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
+    #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_ENTER("ESP8266 Random");
+    #endif
             word32 rand;
             while (sz > 0) {
                 word32 len = sizeof(rand);
@@ -3445,7 +3649,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
             return 0;
         }
-    #endif /* end WOLFSSL_ESP32 */
+    #endif /* end WOLFSSL_ESPIDF */
 
 #elif defined(WOLFSSL_LINUXKM)
     #include <linux/random.h>
@@ -3458,6 +3662,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return 0;
     }
 
+#elif defined(WOLFSSL_RENESAS_TSIP)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        (void)os;
+        return wc_tsip_GenerateRandBlock(output, sz);
+    }
+
 
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
     #include "hal_data.h"
@@ -3515,27 +3727,55 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
      * extern int myRngFunc(byte* output, word32 sz);
      */
 
+#elif defined(__MICROBLAZE__)
+    #warning weak source of entropy
+    #define LPD_SCNTR_BASE_ADDRESS 0xFF250000
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        word32* cnt;
+        word32 i;
+
+        /* using current time with srand */
+        cnt = (word32*)LPD_SCNTR_BASE_ADDRESS;
+        srand(*cnt | *(cnt+1));
+
+        for (i = 0; i < sz; i++)
+            output[i] = rand();
+
+        (void)os;
+        return 0;
+    }
+
 #elif defined(WOLFSSL_ZEPHYR)
 
-        #include <version.h>
+    #include <version.h>
 
     #if KERNEL_VERSION_NUMBER >= 0x30500
         #include <zephyr/random/random.h>
     #else
-        #include <zephyr/random/rand32.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/random/rand32.h>
+        #else
+            #include <random/rand32.h>
+        #endif
     #endif
 
     #ifndef _POSIX_C_SOURCE
-        #include <zephyr/posix/time.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/posix/time.h>
+        #else
+            #include <posix/time.h>
+        #endif
     #else
         #include <time.h>
     #endif
 
-        int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-        {
-            sys_rand_get(output, sz);
-            return 0;
-        }
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        sys_rand_get(output, sz);
+        return 0;
+    }
 
 #elif defined(WOLFSSL_TELIT_M2MB)
 
@@ -3582,7 +3822,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return ret;
     }
 
-#elif defined(DOLPHIN_EMULATOR)
+#elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS)
 
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
@@ -3593,6 +3833,45 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
                 output[i] = (byte)rand();
             return 0;
         }
+#elif defined(WOLFSSL_MAXQ108X) || defined(WOLFSSL_MAXQ1065)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        (void)os;
+
+        return maxq10xx_random(output, sz);
+    }
+#elif defined(MAX3266X_RNG)
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        #ifdef WOLFSSL_MAX3266X
+        int status;
+        #endif /* WOLFSSL_MAX3266X */
+        static int initDone = 0;
+        (void)os;
+        if (initDone == 0) {
+            #ifdef WOLFSSL_MAX3266X
+            status = wolfSSL_HwRngMutexLock();
+            if (status != 0) {
+                return status;
+            }
+            #endif /* WOLFSSL_MAX3266X */
+            if(MXC_TRNG_HealthTest() != 0) {
+                #ifdef DEBUG_WOLFSSL
+                WOLFSSL_MSG("TRNG HW Health Test Failed");
+                #endif /* DEBUG_WOLFSSL */
+                #ifdef WOLFSSL_MAX3266X
+                wolfSSL_HwRngMutexUnLock();
+                #endif /* WOLFSSL_MAX3266X */
+                return WC_HW_E;
+            }
+            #ifdef WOLFSSL_MAX3266X
+            wolfSSL_HwRngMutexUnLock();
+            #endif /* WOLFSSL_MAX3266X */
+            initDone = 1;
+        }
+        return wc_MXC_TRNG_Random(output, sz);
+    }
 
 #elif defined(WOLFSSL_GETRANDOM)
 
@@ -3625,6 +3904,40 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return ret;
     }
 
+#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
+
+    /* Infineon/Cypress HAL RNG implementation */
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        cyhal_trng_t obj;
+        cy_rslt_t result;
+        uint32_t val;
+        word32 i = 0;
+
+        (void)os;
+
+        result = cyhal_trng_init(&obj);
+        if (result == CY_RSLT_SUCCESS) {
+            while (i < sz) {
+                /* If not aligned or there is odd/remainder add single byte */
+                if( (i + sizeof(word32)) > sz ||
+                    ((wc_ptr_t)&output[i] % sizeof(word32)) != 0
+                ) {
+                    val = cyhal_trng_generate(&obj);
+                    output[i++] = (byte)val;
+                }
+                else {
+                    /* Use native 32 instruction */
+                    val = cyhal_trng_generate(&obj);
+                    *((uint32_t*)&output[i]) = val;
+                    i += sizeof(word32);
+                }
+            }
+            cyhal_trng_free(&obj);
+        }
+        return 0;
+    }
+
 #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \
       defined(WOLFSSL_IAR_ARM)  || defined(WOLFSSL_MDK_ARM) || \
       defined(WOLFSSL_uITRON4)  || defined(WOLFSSL_uTKERNEL2) || \
@@ -3641,6 +3954,28 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 #elif defined(NO_DEV_RANDOM)
 
+    /* Allow bare-metal targets to use cryptoCb as seed provider */
+    #if defined(WOLF_CRYPTO_CB)
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        int ret = WC_NO_ERR_TRACE(WC_HW_E);
+
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (os->devId != INVALID_DEVID)
+        #endif
+        {
+            ret = wc_CryptoCb_RandomSeed(os, output, sz);
+            if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+                ret = WC_HW_E;
+            }
+        }
+
+        return ret;
+    }
+
+    #else /* defined(WOLF_CRYPTO_CB)*/
+
     #error "you need to write an os specific wc_GenerateSeed() here"
 
     /*
@@ -3650,6 +3985,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     }
     */
 
+   #endif  /* !defined(WOLF_CRYPTO_CB) */
+
 #else
 
     /* may block */
@@ -3667,7 +4004,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         #endif
         {
             ret = wc_CryptoCb_RandomSeed(os, output, sz);
-            if (ret != CRYPTOCB_UNAVAILABLE)
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
             ret = 0; /* reset error code */
@@ -3704,15 +4041,23 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
     #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */
         os->fd = open("/dev/urandom", O_RDONLY);
+        #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG("opened /dev/urandom.");
+        #endif
         if (os->fd == -1)
     #endif
         {
             /* may still have /dev/random */
             os->fd = open("/dev/random", O_RDONLY);
+    #if defined(DEBUG_WOLFSSL)
+            WOLFSSL_MSG("opened /dev/random.");
+    #endif
             if (os->fd == -1)
                 return OPEN_RAN_E;
         }
-
+    #if defined(DEBUG_WOLFSSL)
+        WOLFSSL_MSG("rnd read...");
+    #endif
         while (sz) {
             int len = (int)read(os->fd, output, sz);
             if (len == -1) {
@@ -3749,7 +4094,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
         word32 i;
         for (i = 0; i < sz; i++ )
-            output[i] = i;
+            output[i] = (byte)i;
 
         (void)os;
 
diff --git a/wolfcrypt/src/rc2.c b/wolfcrypt/src/rc2.c
index 3839d4941..c38e90625 100644
--- a/wolfcrypt/src/rc2.c
+++ b/wolfcrypt/src/rc2.c
@@ -1,6 +1,6 @@
 /* rc2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c
index 9402c70be..adfd96051 100644
--- a/wolfcrypt/src/ripemd.c
+++ b/wolfcrypt/src/ripemd.c
@@ -1,6 +1,6 @@
 /* ripemd.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 3382a5db2..e553bbc2d 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -1,6 +1,6 @@
 /* rsa.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,15 +35,13 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 
 #ifndef NO_RSA
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-
+#if FIPS_VERSION3_GE(2,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
        #ifdef USE_WINDOWS_API
-               #pragma code_seg(".fipsA$e")
-               #pragma const_seg(".fipsB$e")
+               #pragma code_seg(".fipsA$j")
+               #pragma const_seg(".fipsB$j")
        #endif
 #endif
 
@@ -55,13 +53,21 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
 #include <xsecure_rsaclient.h>
 #endif
-#ifdef WOLFSSL_SE050
+#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
 #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 #ifdef WOLFSSL_HAVE_SP_RSA
 #include <wolfssl/wolfcrypt/sp.h>
 #endif
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 /*
 Possible RSA enable options:
  * NO_RSA:                Overall control of RSA                    default: on
@@ -100,6 +106,14 @@ RSA Key Size Configuration:
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_rsa_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000012 };
+    int wolfCrypt_FIPS_RSA_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 enum {
     RSA_STATE_NONE = 0,
@@ -113,22 +127,25 @@ enum {
     RSA_STATE_DECRYPT_RES
 };
 
-
 static void wc_RsaCleanup(RsaKey* key)
 {
-#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_NO_MALLOC)
-    if (key && key->data) {
+#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \
+    (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)))
+    if (key != NULL) {
+    #ifndef WOLFSSL_RSA_PUBLIC_ONLY
+        /* if private operation zero temp buffer */
+        if ((key->data != NULL && key->dataLen > 0) &&
+            (key->type == RSA_PRIVATE_DECRYPT ||
+             key->type == RSA_PRIVATE_ENCRYPT)) {
+            ForceZero(key->data, key->dataLen);
+        }
+    #endif
         /* make sure any allocated memory is free'd */
         if (key->dataIsAlloc) {
-        #ifndef WOLFSSL_RSA_PUBLIC_ONLY
-            if (key->type == RSA_PRIVATE_DECRYPT ||
-                key->type == RSA_PRIVATE_ENCRYPT) {
-                ForceZero(key->data, key->dataLen);
-            }
-        #endif
             XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
             key->dataIsAlloc = 0;
         }
+
         key->data = NULL;
         key->dataLen = 0;
     }
@@ -137,32 +154,58 @@ static void wc_RsaCleanup(RsaKey* key)
 #endif
 }
 
+#ifndef WC_NO_CONSTRUCTORS
+RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code)
+{
+    int ret;
+    RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_InitRsaKey_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_RSA);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_FreeRsaKey(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
 {
-    int ret      = 0;
-#if defined(HAVE_PKCS11)
-    int isPkcs11 = 0;
-#endif
+    int ret = 0;
 
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-#if defined(HAVE_PKCS11)
-    if (key->isPkcs11) {
-        isPkcs11 = 1;
-    }
-#endif
-
     XMEMSET(key, 0, sizeof(RsaKey));
 
     key->type = RSA_TYPE_UNKNOWN;
     key->state = RSA_STATE_NONE;
     key->heap = heap;
-#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_NO_MALLOC)
+#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \
+    (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)))
     key->dataIsAlloc = 0;
-    key->data = NULL;
 #endif
+    key->data = NULL;
     key->dataLen = 0;
 #ifdef WC_RSA_BLINDING
     key->rng = NULL;
@@ -180,19 +223,18 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     #endif
 
     #ifdef WC_ASYNC_ENABLE_RSA
-        #if defined(HAVE_PKCS11)
-            if (!isPkcs11)
+        #ifdef WOLF_CRYPTO_CB
+        /* prefer crypto callback */
+        if (key->devId != INVALID_DEVID)
         #endif
-            {
-                /* handle as async */
-                ret = wolfAsync_DevCtxInit(&key->asyncDev,
-                        WOLFSSL_ASYNC_MARKER_RSA, key->heap, devId);
-                if (ret != 0)
-                    return ret;
-            }
+        {
+            /* handle as async */
+            ret = wolfAsync_DevCtxInit(&key->asyncDev,
+                    WOLFSSL_ASYNC_MARKER_RSA, key->heap, devId);
+            if (ret != 0)
+                return ret;
+        }
     #endif /* WC_ASYNC_ENABLE_RSA */
-#elif defined(HAVE_PKCS11)
-    (void)isPkcs11;
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
@@ -235,7 +277,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->handle = NULL;
 #endif
 
-
 #if defined(WOLFSSL_RENESAS_FSPSM)
     key->ctx.wrapped_pri1024_key = NULL;
     key->ctx.wrapped_pub1024_key = NULL;
@@ -243,6 +284,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->ctx.wrapped_pub2048_key = NULL;
     key->ctx.keySz = 0;
 #endif
+
     return ret;
 }
 
@@ -256,7 +298,7 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
                      int devId)
 {
     int ret = 0;
-#ifdef WOLFSSL_SE050
+#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
     /* SE050 TLS users store a word32 at id, need to cast back */
     word32* keyPtr = NULL;
 #endif
@@ -265,20 +307,12 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
         ret = BAD_FUNC_ARG;
     if (ret == 0 && (len < 0 || len > RSA_MAX_ID_LEN))
         ret = BUFFER_E;
-
-#if defined(HAVE_PKCS11)
-    if (ret == 0) {
-        XMEMSET(key, 0, sizeof(RsaKey));
-        key->isPkcs11 = 1;
-    }
-#endif
-
     if (ret == 0)
         ret = wc_InitRsaKey_ex(key, heap, devId);
     if (ret == 0 && id != NULL && len != 0) {
         XMEMCPY(key->id, id, (size_t)len);
         key->idLen = len;
-    #ifdef WOLFSSL_SE050
+    #if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         /* Set SE050 ID from word32, populate RsaKey with public from SE050 */
         if (len == (int)sizeof(word32)) {
             keyPtr = (word32*)key->id;
@@ -302,14 +336,6 @@ int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId)
         if (labelLen == 0 || labelLen > RSA_MAX_LABEL_LEN)
             ret = BUFFER_E;
     }
-
-#if defined(HAVE_PKCS11)
-    if (ret == 0) {
-        XMEMSET(key, 0, sizeof(RsaKey));
-        key->isPkcs11 = 1;
-    }
-#endif
-
     if (ret == 0)
         ret = wc_InitRsaKey_ex(key, heap, devId);
     if (ret == 0) {
@@ -381,9 +407,7 @@ int wc_InitRsaHw(RsaKey* key)
     }
 
     /* check for existing mod buffer to avoid memory leak */
-    if (key->mod != NULL) {
-        XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY);
-    }
+    XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY);
 
     key->pubExp = e;
     key->mod    = m;
@@ -497,7 +521,7 @@ static int cc310_RSA_GenerateKeyPair(RsaKey* key, int size, long e)
 }
 #endif /* WOLFSSL_CRYPTOCELL */
 
-#ifdef WOLFSSL_SE050
+#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
 /* Use specified hardware key ID with RsaKey operations. Unlike devId,
  * keyId is a word32 so can handle key IDs larger than an int.
  *
@@ -622,6 +646,8 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
     ret = wc_RsaEncryptSize(key);
     if (ret < 0)
         return ret;
+    else if (ret == 0)
+        return BAD_FUNC_ARG;
     sigLen = (word32)ret;
 
     WOLFSSL_MSG("Doing RSA consistency test");
@@ -640,13 +666,13 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* Do blocking async calls here, caller does not support WC_PENDING_E */
     do {
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
         if (ret >= 0)
 #endif
             ret = wc_RsaSSL_Sign((const byte*)msg, msgLen, sig, sigLen, key, rng);
 #ifdef WOLFSSL_ASYNC_CRYPT
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
 #endif
 
     if (ret > 0) {
@@ -654,13 +680,13 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
 #ifdef WOLFSSL_ASYNC_CRYPT
         /* Do blocking async calls here, caller does not support WC_PENDING_E */
         do {
-            if (ret == WC_PENDING_E)
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
             if (ret >= 0)
 #endif
                 ret = wc_RsaSSL_VerifyInline(sig, sigLen, &plain, key);
 #ifdef WOLFSSL_ASYNC_CRYPT
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
 #endif
     }
 
@@ -681,13 +707,17 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
 
 int wc_CheckRsaKey(RsaKey* key)
 {
-    DECL_MP_INT_SIZE_DYN(tmp, mp_bitsused(&key->n), RSA_MAX_SIZE);
 #ifdef WOLFSSL_SMALL_STACK
     WC_RNG *rng = NULL;
 #else
     WC_RNG rng[1];
 #endif
     int ret = 0;
+    DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE);
+
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
 
 #ifdef WOLFSSL_CAAM
     /* can not perform these checks on an encrypted key */
@@ -712,19 +742,13 @@ int wc_CheckRsaKey(RsaKey* key)
 
     ret = wc_InitRng(rng);
 
-    if (ret == 0)
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+    SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
     if (ret == 0) {
         if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY)
             ret = MP_INIT_E;
     }
 
-    if (ret == 0) {
-        if (key == NULL)
-            ret = BAD_FUNC_ARG;
-    }
-
     if (ret == 0)
         ret = _ifc_pairwise_consistency_test(key, rng);
 
@@ -1734,6 +1758,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
     if (tmp == NULL) {
         return MEMORY_E;
     }
+    XMEMSET(tmp, 0, (size_t)maskLen);
 #endif
 
     if ((ret = RsaMGF(mgf, pkcsBlock + maskLen, (word32)hLen, tmp, (word32)maskLen,
@@ -1798,7 +1823,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
 static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
                     byte **output, byte padValue)
 {
-    int    ret = BAD_FUNC_ARG;
+    int    ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     word16 i;
 
     if (output == NULL || pkcsBlockLen < 2 || pkcsBlockLen > 0xFFFF) {
@@ -2154,9 +2179,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 #endif
             }
 
-            if (d != NULL) {
-                XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-            }
+            XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
         }
     #endif
         break;
@@ -2406,7 +2429,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1024) &&
-                                             (mp_count_bits(&key->q) == 1024)) {
+                    (mp_count_bits(&key->q) == 1024) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2437,7 +2463,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1536) &&
-                                             (mp_count_bits(&key->q) == 1536)) {
+                    (mp_count_bits(&key->q) == 1536) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2468,7 +2497,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 2048) &&
-                                             (mp_count_bits(&key->q) == 2048)) {
+                    (mp_count_bits(&key->q) == 2048) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2565,7 +2597,13 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
         }
     }
 #else
-    if (ret == 0) {
+    if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) ||
+            mp_iszero(&key->dP) || mp_iszero(&key->dQ))) {
+        if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) {
+            ret = MP_EXPTMOD_E;
+        }
+    }
+    else if (ret == 0) {
         mp_int* tmpa = tmp;
 #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG)
         mp_int* tmpb = rnd;
@@ -2681,12 +2719,16 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 
     NEW_MP_INT_SIZE(tmp, mp_bitsused(&key->n), key->heap, DYNAMIC_TYPE_RSA);
 #ifdef MP_INT_SIZE_CHECK_NULL
-    if (tmp == NULL)
+    if (tmp == NULL) {
+        WOLFSSL_MSG("NEW_MP_INT_SIZE tmp is NULL, return MEMORY_E");
         return MEMORY_E;
+    }
 #endif
 
-    if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY)
+    if (INIT_MP_INT_SIZE(tmp, mp_bitsused(&key->n)) != MP_OKAY) {
+        WOLFSSL_MSG("INIT_MP_INT_SIZE failed.");
         ret = MP_INIT_E;
+    }
 
 #ifndef TEST_UNPAD_CONSTANT_TIME
     if (ret == 0 && mp_read_unsigned_bin(tmp, in, inLen) != MP_OKAY)
@@ -2710,8 +2752,10 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     #endif
         case RSA_PUBLIC_ENCRYPT:
         case RSA_PUBLIC_DECRYPT:
-            if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY)
+            if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) {
+                WOLFSSL_MSG("mp_exptmod_nct failed");
                 ret = MP_EXPTMOD_E;
+            }
             break;
         default:
             ret = RSA_WRONG_TYPE_E;
@@ -2720,9 +2764,23 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     }
 
     if (ret == 0) {
-        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY)
-             ret = MP_TO_E;
+        WOLFSSL_MSG("mp_to_unsigned_bin_len_ct...");
+        if (mp_to_unsigned_bin_len_ct(tmp, out, (int)*outLen) != MP_OKAY) {
+            WOLFSSL_MSG("mp_to_unsigned_bin_len_ct failed");
+            ret = MP_TO_E;
+        }
     }
+#ifdef WOLFSSL_RSA_CHECK_D_ON_DECRYPT
+    if ((ret == 0) && (type == RSA_PRIVATE_DECRYPT)) {
+        mp_sub(&key->n, &key->p, tmp);
+        mp_sub(tmp, &key->q, tmp);
+        mp_add_d(tmp, 1, tmp);
+        mp_mulmod(&key->d, &key->e, tmp, tmp);
+        if (!mp_isone(tmp)) {
+            ret = MP_EXPTMOD_E;
+        }
+    }
+#endif
 #else
     (void)type;
     (void)key;
@@ -2746,6 +2804,9 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 
     ret = wc_RsaEncryptSize(key);
     if (ret < 0) {
+#ifdef DEBUG_WOLFSSL
+        WOLFSSL_MSG_EX("wc_RsaEncryptSize failed err = %d", ret);
+#endif
         return ret;
     }
     keyLen = (word32)ret;
@@ -2760,12 +2821,13 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     }
 
     if (mp_iseven(&key->n)) {
+        WOLFSSL_MSG("MP_VAL is even");
         return MP_VAL;
     }
 
 #ifdef WOLFSSL_HAVE_SP_RSA
     ret = RsaFunction_SP(in, inLen, out, outLen, type, key, rng);
-    if (ret != WC_KEY_SIZE_E)
+    if (ret != WC_NO_ERR_TRACE(WC_KEY_SIZE_E))
         return ret;
 #endif /* WOLFSSL_HAVE_SP_RSA */
 
@@ -2867,22 +2929,10 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
 }
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
 
-#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
-/* Function that does the RSA operation directly with no padding.
- *
- * in       buffer to do operation on
- * inLen    length of input buffer
- * out      buffer to hold results
- * outSz    gets set to size of result buffer. Should be passed in as length
- *          of out buffer. If the pointer "out" is null then outSz gets set to
- *          the expected buffer size needed and LENGTH_ONLY_E gets returned.
- * key      RSA key to use for encrypt/decrypt
- * type     if using private or public key {RSA_PUBLIC_ENCRYPT,
- *          RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT}
- * rng      wolfSSL RNG to use if needed
- *
- * returns size of result on success
- */
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+/* Performs direct RSA computation without padding. The input and output must
+ * match the key size (ex: 2048-bits = 256 bytes). Returns the size of the
+ * output on success or negative value on failure. */
 int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
         RsaKey* key, int type, WC_RNG* rng)
 {
@@ -2915,7 +2965,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
     if (out == NULL) {
         *outSz = inLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     switch (key->state) {
@@ -2931,7 +2981,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
             key->dataLen = *outSz;
 
             ret = wc_RsaFunction(in, inLen, out, &key->dataLen, type, key, rng);
-            if (ret >= 0 || ret == WC_PENDING_E) {
+            if (ret >= 0 || ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 key->state = (type == RSA_PRIVATE_ENCRYPT ||
                     type == RSA_PUBLIC_ENCRYPT) ? RSA_STATE_ENCRYPT_RES:
                                                   RSA_STATE_DECRYPT_RES;
@@ -2952,7 +3002,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
     }
 
     /* if async pending then skip cleanup*/
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -2965,7 +3015,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
     return ret;
 }
-#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */
+#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(WOLFSSL_CRYPTOCELL)
 static int cc310_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
@@ -3063,9 +3113,10 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
 #endif /* WOLFSSL_CRYPTOCELL */
 
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
-#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) &&     !defined(NO_RSA_BOUNDS_CHECK)
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \
+    !defined(NO_RSA_BOUNDS_CHECK)
 /* Check that 1 < in < n-1. (Requirement of 800-56B.) */
-static int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
+int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
     int checkSmallCt)
 {
     int ret = 0;
@@ -3116,6 +3167,9 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     int ret = 0;
     (void)rng;
     (void)checkSmallCt;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (key == NULL || in == NULL || inLen == 0 || out == NULL ||
             outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) {
@@ -3127,14 +3181,25 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     if (key->devId != INVALID_DEVID)
     #endif
     {
+    #if defined(WOLF_CRYPTO_CB_RSA_PAD)
+        /* If we are here, either the RSA PAD callback was already called
+         * and returned that it could not implement for that padding scheme,
+         * or this is a public verify operation. Either way indicate to the
+         * callback that this should be a raw RSA operation with no padding.*/
+        XMEMSET(&padding, 0, sizeof(RsaPadding));
+        padding.pad_type = WC_RSA_NO_PAD;
+        ret = wc_CryptoCb_RsaPad(in, inLen, out,
+                            outLen, type, key, rng, &padding);
+    #else
         ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng);
+    #endif
         #ifndef WOLF_CRYPTO_CB_ONLY_RSA
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable and try using software */
         #endif
         #ifdef WOLF_CRYPTO_CB_ONLY_RSA
-        if (ret == CRYPTOCB_UNAVAILABLE) {
+        if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             return NO_VALID_DEVID;
         }
         return ret;
@@ -3142,7 +3207,9 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     }
 #endif
 
-#ifndef WOLF_CRYPTO_CB_ONLY_RSA
+#ifdef WOLF_CRYPTO_CB_ONLY_RSA
+    return NO_VALID_DEVID;
+#else /* !WOLF_CRYPTO_CB_ONLY_RSA */
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \
@@ -3179,12 +3246,12 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     RESTORE_VECTOR_REGISTERS();
 
     /* handle error */
-    if (ret < 0 && ret != WC_PENDING_E
+    if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         && ret != FP_WOULDBLOCK
     #endif
     ) {
-        if (ret == MP_EXPTMOD_E) {
+        if (ret == WC_NO_ERR_TRACE(MP_EXPTMOD_E)) {
             /* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */
             WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
         }
@@ -3193,7 +3260,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
         wc_RsaCleanup(key);
     }
     return ret;
-#endif /* WOLF_CRYPTO_CB_ONLY_RSA */
+#endif /* !WOLF_CRYPTO_CB_ONLY_RSA */
 }
 
 int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
@@ -3233,6 +3300,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     int ret = 0;
     int sz;
     int state;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
@@ -3298,7 +3368,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
             return cc310_RsaSSL_Sign(in, inLen, out, outLen, key,
                                   cc310_hashModeRSA(hash, 0));
         }
-    #elif defined(WOLFSSL_SE050)
+    #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) {
             return se050_rsa_public_encrypt(in, inLen, out, outLen, key,
                                             rsa_type, pad_value, pad_type, hash,
@@ -3310,25 +3380,31 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
                                   pad_value, pad_type, hash, mgf, label,
                                   labelSz, sz);
         }
-    #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
-          (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
-           /* SCE needs wrapped key which is passed via
-            * user ctx object of crypt-call back.
-            */
-       #ifdef WOLF_CRYPTO_CB
-            if (key->devId != INVALID_DEVID) {
-                /* SCE supports 1024 and 2048 bits */
-                ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                    outLen, rsa_type, key, rng);
-                if (ret != CRYPTOCB_UNAVAILABLE)
-                    return ret;
-                /* fall-through when unavailable */
-                ret = 0; /* reset error code and try using software */
-            }
-       #endif
-    #endif /* WOLFSSL_SE050 */
+    #endif /* RSA CRYPTO HW */
 
+    #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+        if (key->devId != INVALID_DEVID) {
+            XMEMSET(&padding, 0, sizeof(RsaPadding));
+            padding.pad_value = pad_value;
+            padding.pad_type = pad_type;
+            padding.hash = hash;
+            padding.mgf = mgf;
+            padding.label = label;
+            padding.labelSz = labelSz;
+            padding.saltLen = saltLen;
+            ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng,
+                                     &padding);
+
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+                if (ret < 0) {
+                    break;
+                }
+
+                ret = outLen;
+                break;
+            }
+        }
+    #endif
         key->state = RSA_STATE_ENCRYPT_PAD;
         ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type,
                            hash, mgf, label, labelSz, saltLen,
@@ -3346,7 +3422,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
         ret = wc_RsaFunction(out, (word32)sz, out, &key->dataLen, rsa_type, key,
                              rng);
 
-        if (ret >= 0 || ret == WC_PENDING_E) {
+        if (ret >= 0 || ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             key->state = RSA_STATE_ENCRYPT_RES;
         }
         if (ret < 0) {
@@ -3365,7 +3441,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -3406,8 +3482,11 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
                             byte* label, word32 labelSz, int saltLen,
                             WC_RNG* rng)
 {
-    int ret = RSA_WRONG_TYPE_E;
+    int ret = WC_NO_ERR_TRACE(RSA_WRONG_TYPE_E);
     byte* pad = NULL;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
@@ -3451,7 +3530,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             return cc310_RsaSSL_Verify(in, inLen, out, key,
                                        cc310_hashModeRSA(hash, 0));
         }
-    #elif defined(WOLFSSL_SE050)
+    #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) {
             ret = se050_rsa_private_decrypt(in, inLen, out, outLen, key,
                                             rsa_type, pad_value, pad_type, hash,
@@ -3471,21 +3550,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
             return ret;
         }
-    #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
-          (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
-           #ifdef WOLF_CRYPTO_CB
-                if (key->devId != INVALID_DEVID) {
-                    ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                        outLen, rsa_type, key, rng);
-                    if (ret != CRYPTOCB_UNAVAILABLE)
-                      return ret;
-                    /* fall-through when unavailable */
-                    ret = 0; /* reset error code and try using software */
-                }
-           #endif
-
-    #endif /* WOLFSSL_CRYPTOCELL */
+    #endif /* RSA CRYPTO HW */
 
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
@@ -3506,6 +3571,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
                 break;
             }
             XMEMCPY(key->data, in, inLen);
+            key->dataLen = inLen;
         }
         else {
             key->dataIsAlloc = 0;
@@ -3517,6 +3583,30 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
         FALL_THROUGH;
 
     case RSA_STATE_DECRYPT_EXPTMOD:
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    if ((key->devId != INVALID_DEVID)
+    #if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
+        !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+    && (rsa_type != RSA_PUBLIC_DECRYPT)
+    #endif
+    ) {
+        /* Everything except verify goes to crypto cb if
+         * WOLF_CRYPTO_CB_RSA_PAD defined */
+        XMEMSET(&padding, 0, sizeof(RsaPadding));
+        padding.pad_value = pad_value;
+        padding.pad_type = pad_type;
+        padding.hash = hash;
+        padding.mgf = mgf;
+        padding.label = label;
+        padding.labelSz = labelSz;
+        padding.saltLen = saltLen;
+        ret = wc_CryptoCb_RsaPad(in, inLen, out,
+                            &outLen, rsa_type, key, rng, &padding);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            break;
+        }
+    }
+#endif
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
     !defined(WOLFSSL_NO_MALLOC)
         ret = wc_RsaFunction_ex(key->data, inLen, key->data, &key->dataLen,
@@ -3527,7 +3617,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
                                               rng, pad_type != WC_RSA_OAEP_PAD);
 #endif
 
-        if (ret >= 0 || ret == WC_PENDING_E) {
+        if (ret >= 0 || ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             key->state = RSA_STATE_DECRYPT_UNPAD;
         }
         if (ret < 0) {
@@ -3539,13 +3629,13 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
     case RSA_STATE_DECRYPT_UNPAD:
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
     !defined(WOLFSSL_NO_MALLOC)
-        ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type,
-                             hash, mgf, label, labelSz, saltLen,
-                             mp_count_bits(&key->n), key->heap);
+        ret = wc_RsaUnPad_ex(key->data,
+            key->dataLen, &pad, pad_value, pad_type, hash, mgf,
+            label, labelSz, saltLen, mp_count_bits(&key->n), key->heap);
 #else
-        ret = wc_RsaUnPad_ex(out, key->dataLen, &pad, pad_value, pad_type, hash,
-                             mgf, label, labelSz, saltLen,
-                             mp_count_bits(&key->n), key->heap);
+        ret = wc_RsaUnPad_ex(out,
+            key->dataLen, &pad, pad_value, pad_type, hash, mgf, label,
+            labelSz, saltLen, mp_count_bits(&key->n), key->heap);
 #endif
         if (rsa_type == RSA_PUBLIC_DECRYPT && ret > (int)outLen) {
             ret = RSA_BUFFER_E;
@@ -3580,9 +3670,11 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
-            ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret, RSA_BUFFER_E);
+            ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret,
+                               WC_NO_ERR_TRACE(RSA_BUFFER_E));
     #ifndef WOLFSSL_RSA_DECRYPT_TO_0_LEN
-            ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E);
+            ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret,
+                               WC_NO_ERR_TRACE(RSA_BUFFER_E));
     #endif
 #else
             if (outLen < (word32)ret)
@@ -3617,7 +3709,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -4014,7 +4106,10 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig,
 
     /* Sig = Salt | Exp Hash */
     if (ret == 0) {
-        if (sigSz != inSz + (word32)saltLen) {
+        word32 totalSz;
+        if ((WC_SAFE_SUM_WORD32(inSz, (word32)saltLen, totalSz) == 0) ||
+            (sigSz != totalSz))
+        {
             ret = PSS_SALTLEN_E;
         }
     }
@@ -4240,7 +4335,7 @@ int wc_RsaEncryptSize(const RsaKey* key)
 
 #ifdef WOLF_CRYPTO_CB
     if (ret == 0 && key->devId != INVALID_DEVID) {
-        if (wc_CryptoCb_RsaGetSize(key, &ret) == CRYPTOCB_UNAVAILABLE) {
+        if (wc_CryptoCb_RsaGetSize(key, &ret) == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             ret = 2048/8; /* hardware handles, use 2048-bit as default */
         }
     }
@@ -4307,7 +4402,7 @@ int wc_RsaExportKey(RsaKey* key,
                     byte* d, word32* dSz, byte* p, word32* pSz,
                     byte* q, word32* qSz)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key && e && eSz && n && nSz && d && dSz && p && pSz && q && qSz)
         ret = 0;
@@ -4512,7 +4607,8 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
 
     if (q != NULL) {
         int valid = 0;
-        /* 5.4 - check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */
+        /* 5.4 (186-4) 5.5 (186-5) -
+         * check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */
         ret = wc_CompareDiffPQ(p, q, nlen, &valid);
         if ((ret != MP_OKAY) || (!valid)) goto notOkay;
         prime = q;
@@ -4520,14 +4616,15 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,
     else
         prime = p;
 
-    /* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1))
+    /* 4.4,5.5 (186-4) 4.4,5.4 (186-5) -
+     * Check that prime >= (2^(1/2))(2^((nlen/2)-1))
      *           This is a comparison against lowerBound */
     ret = mp_read_unsigned_bin(tmp1, lower_bound, (word32)nlen/16);
     if (ret != MP_OKAY) goto notOkay;
     ret = mp_cmp(prime, tmp1);
     if (ret == MP_LT) goto exit;
 
-    /* 4.5,5.6 - Check that GCD(p-1, e) == 1 */
+    /* 4.5,5.6 (186-4 & 186-5) - Check that GCD(p-1, e) == 1 */
     ret = mp_sub_d(prime, 1, tmp1);  /* tmp1 = prime-1 */
     if (ret != MP_OKAY) goto notOkay;
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -4686,7 +4783,8 @@ int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz,
 int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
 #ifndef WC_NO_RNG
-#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
+#if !defined(WOLFSSL_CRYPTOCELL) && \
+    (!defined(WOLFSSL_SE050) || defined(WOLFSSL_SE050_NO_RSA))
 #ifdef WOLFSSL_SMALL_STACK
     mp_int *p = NULL;
     mp_int *q = NULL;
@@ -4702,7 +4800,12 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 #endif /* WOLFSSL_SMALL_STACK */
     int i, failCount, isPrime = 0;
     word32 primeSz;
+#ifndef WOLFSSL_NO_MALLOC
     byte* buf = NULL;
+#else
+    /* RSA_MAX_SIZE is the size of n in bits. */
+    byte buf[RSA_MAX_SIZE/16];
+#endif
 #endif /* !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 */
     int err;
 
@@ -4724,7 +4827,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 #if defined(WOLFSSL_CRYPTOCELL)
     err = cc310_RSA_GenerateKeyPair(key, size, e);
     goto out;
-#elif defined(WOLFSSL_SE050)
+#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
     err = se050_rsa_create_key(key, size, e);
     goto out;
 #else
@@ -4761,12 +4864,12 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     {
         err = wc_CryptoCb_MakeRsaKey(key, size, e, rng);
         #ifndef WOLF_CRYPTO_CB_ONLY_RSA
-        if (err != CRYPTOCB_UNAVAILABLE)
+        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             goto out;
         /* fall-through when unavailable */
         #endif
         #ifdef WOLF_CRYPTO_CB_ONLY_RSA
-        if (err == CRYPTOCB_UNAVAILABLE)
+        if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             err = NO_VALID_DEVID;
             goto out;
         }
@@ -4808,12 +4911,14 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     primeSz = (word32)size / 16; /* size is the size of n in bits.
                             primeSz is in bytes. */
 
+#ifndef WOLFSSL_NO_MALLOC
     /* allocate buffer to work with */
     if (err == MP_OKAY) {
         buf = (byte*)XMALLOC(primeSz, key->heap, DYNAMIC_TYPE_RSA);
         if (buf == NULL)
             err = MEMORY_E;
     }
+#endif
 
     SAVE_VECTOR_REGISTERS(err = _svr_ret;);
 
@@ -4829,7 +4934,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     #endif
         isPrime = 0;
         i = 0;
-        do {
+        for (;;) {
 #ifdef SHOW_GEN
             printf(".");
             fflush(stdout);
@@ -4852,9 +4957,15 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
             i++;
 #else
             /* Keep the old retry behavior in non-FIPS build. */
-            (void)i;
 #endif
-        } while (err == MP_OKAY && !isPrime && i < failCount);
+
+            if (err != MP_OKAY || isPrime || i >= failCount)
+                break;
+
+            /* linuxkm: release the kernel for a moment before iterating. */
+            RESTORE_VECTOR_REGISTERS();
+            SAVE_VECTOR_REGISTERS(err = _svr_ret; break;);
+        };
     }
 
     if (err == MP_OKAY && !isPrime)
@@ -4910,10 +5021,14 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     if (err == MP_OKAY && !isPrime)
         err = PRIME_GEN_E;
 
+#ifndef WOLFSSL_NO_MALLOC
     if (buf) {
         ForceZero(buf, primeSz);
         XFREE(buf, key->heap, DYNAMIC_TYPE_RSA);
     }
+#else
+    ForceZero(buf, primeSz);
+#endif
 
     if (err == MP_OKAY && mp_cmp(p, q) < 0) {
         err = mp_copy(p, tmp1);
@@ -5060,16 +5175,13 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 
 #if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
 #ifdef WOLFSSL_SMALL_STACK
-    if (p)
+    if (key != NULL) {
         XFREE(p, key->heap, DYNAMIC_TYPE_RSA);
-    if (q)
         XFREE(q, key->heap, DYNAMIC_TYPE_RSA);
-    if (tmp1)
         XFREE(tmp1, key->heap, DYNAMIC_TYPE_RSA);
-    if (tmp2)
         XFREE(tmp2, key->heap, DYNAMIC_TYPE_RSA);
-    if (tmp3)
         XFREE(tmp3, key->heap, DYNAMIC_TYPE_RSA);
+    }
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
     mp_memzero_check(p);
     mp_memzero_check(q);
@@ -5131,4 +5243,115 @@ int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, word32 cpuMHz)
 #endif /* WC_RSA_NONBLOCK_TIME */
 #endif /* WC_RSA_NONBLOCK */
 
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+/*
+ * Calculate  y = d mod(x-1)
+ */
+static int CalcDX(mp_int* y, mp_int* x, mp_int* d)
+{
+    int err;
+#ifndef WOLFSSL_SMALL_STACK
+    mp_int  m[1];
+#else
+    mp_int* m = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_WOLF_BIGINT);
+    if (m == NULL)
+        return MEMORY_E;
+#endif
+
+    err = mp_init(m);
+    if (err == MP_OKAY) {
+        err = mp_sub_d(x, 1, m);
+        if (err == MP_OKAY)
+            err = mp_mod(d, m, y);
+        mp_forcezero(m);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(m, NULL, DYNAMIC_TYPE_WOLF_BIGINT);
+#endif
+
+    return err;
+}
+#endif
+
+int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
+        const byte* e, word32 eSz, const byte* d, word32 dSz,
+        const byte* u, word32 uSz, const byte* p, word32 pSz,
+        const byte* q, word32 qSz, const byte* dP, word32 dPSz,
+        const byte* dQ, word32 dQSz, RsaKey* key)
+{
+    int err = MP_OKAY;
+
+    if (n == NULL || nSz == 0 || e == NULL || eSz == 0
+            || d == NULL || dSz == 0 || p == NULL || pSz == 0
+            || q == NULL || qSz == 0 || key == NULL) {
+        err = BAD_FUNC_ARG;
+    }
+
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+    if (err == MP_OKAY) {
+        if ((u == NULL || uSz == 0)
+                || (dP != NULL && dPSz == 0)
+                || (dQ != NULL && dQSz == 0)) {
+            err = BAD_FUNC_ARG;
+        }
+    }
+#else
+    (void)u;
+    (void)uSz;
+    (void)dP;
+    (void)dPSz;
+    (void)dQ;
+    (void)dQSz;
+#endif
+
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(&key->n, n, nSz);
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(&key->e, e, eSz);
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(&key->d, d, dSz);
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(&key->p, p, pSz);
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(&key->q, q, qSz);
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(&key->u, u, uSz);
+    if (err == MP_OKAY) {
+        if (dP != NULL)
+            err = mp_read_unsigned_bin(&key->dP, dP, dPSz);
+        else
+            err = CalcDX(&key->dP, &key->p, &key->d);
+    }
+    if (err == MP_OKAY) {
+        if (dQ != NULL)
+            err = mp_read_unsigned_bin(&key->dQ, dQ, dQSz);
+        else
+            err = CalcDX(&key->dQ, &key->q, &key->d);
+    }
+#endif
+
+    if (err == MP_OKAY) {
+        key->type = RSA_PRIVATE;
+    }
+    else if (key != NULL) {
+        mp_clear(&key->n);
+        mp_clear(&key->e);
+        mp_clear(&key->d);
+        mp_clear(&key->p);
+        mp_clear(&key->q);
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+        mp_clear(&key->u);
+        mp_clear(&key->dP);
+        mp_clear(&key->dQ);
+#endif
+    }
+
+    return err;
+}
+#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
+
 #endif /* NO_RSA */
diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c
index 2629365fa..217456461 100644
--- a/wolfcrypt/src/sakke.c
+++ b/wolfcrypt/src/sakke.c
@@ -1,6 +1,6 @@
 /* sakke.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -44,6 +44,14 @@
 #include <wolfssl/wolfcrypt/sakke.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
     #define wc_ecc_key_get_priv(key) (&((key)->k))
@@ -319,14 +327,18 @@ static int sakke_load_base_point(SakkeKey* key)
 static int sakke_mulmod_base(SakkeKey* key, const mp_int* n, ecc_point* res,
         int map)
 {
-    int err = NOT_COMPILED_IN;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
             (ecc_sets[key->ecc.idx].id == ECC_SAKKE_1)) {
         err = sp_ecc_mulmod_base_1024(n, res, map, key->heap);
     }
+    else
 #endif
+    {
+        err = NOT_COMPILED_IN;
+    }
 
     return err;
 }
@@ -345,14 +357,18 @@ static int sakke_mulmod_base(SakkeKey* key, const mp_int* n, ecc_point* res,
 static int sakke_mulmod_base_add(SakkeKey* key, const mp_int* n,
         const ecc_point* a, ecc_point* res, int map)
 {
-    int err = NOT_COMPILED_IN;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
             (ecc_sets[key->ecc.idx].id == ECC_SAKKE_1)) {
         err = sp_ecc_mulmod_base_add_1024(n, a, 0, res, map, key->heap);
     }
+    else
 #endif
+    {
+        err = NOT_COMPILED_IN;
+    }
 
     return err;
 }
@@ -432,7 +448,7 @@ static int sakke_mulmod_base_add(SakkeKey* key, const mp_int* n, ecc_point* a,
 static int sakke_mulmod_point(SakkeKey* key, const mp_int* n,
         const ecc_point* p, byte* table, ecc_point* res, int map)
 {
-    int err = NOT_COMPILED_IN;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
@@ -444,7 +460,11 @@ static int sakke_mulmod_point(SakkeKey* key, const mp_int* n,
             err = sp_ecc_mulmod_table_1024(n, p, table, res, map, key->heap);
         }
     }
+    else
 #endif
+    {
+        err = NOT_COMPILED_IN;
+    }
 
     return err;
 }
@@ -602,7 +622,7 @@ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(3 * key->ecc.dp->size);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err >= 0) && (*sz < (word32)(3 * key->ecc.dp->size))) {
         err = BUFFER_E;
@@ -711,7 +731,7 @@ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)key->ecc.dp->size;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err >= 0) && (*sz < (word32)key->ecc.dp->size)) {
         err = BUFFER_E;
@@ -828,7 +848,7 @@ static int sakke_encode_point(ecc_point* point, word32 size, byte* data,
 
     if (data == NULL) {
         *sz = size * 2 + !raw;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < size * 2 + !raw)) {
         err = BUFFER_E;
@@ -1343,7 +1363,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk,
 static int sakke_pairing(const SakkeKey* key, const ecc_point* p,
     const ecc_point* q, mp_int* r, const byte* table, word32 len)
 {
-    int err = NOT_COMPILED_IN;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
@@ -1355,6 +1375,9 @@ static int sakke_pairing(const SakkeKey* key, const ecc_point* p,
             err = sp_Pairing_precomp_1024(p, q, r, table, len);
         }
     }
+    else {
+        err = NOT_COMPILED_IN;
+    }
 #else
     (void)key;
     (void)p;
@@ -1362,6 +1385,7 @@ static int sakke_pairing(const SakkeKey* key, const ecc_point* p,
     (void)r;
     (void)table;
     (void)len;
+    err = NOT_COMPILED_IN;
 #endif
 
     return err;
@@ -1395,7 +1419,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk,
     }
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -2515,14 +2539,18 @@ int wc_GetSakkeAuthSize(SakkeKey* key, word16* authSz)
 static int sakke_modexp(const SakkeKey* key, const mp_int* b, mp_int* e,
         mp_int* r)
 {
-    int err = NOT_COMPILED_IN;
+    int err = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
 #ifdef WOLFSSL_SP_1024
     if ((key->ecc.idx != ECC_CUSTOM_IDX) &&
             (ecc_sets[key->ecc.idx].id == ECC_SAKKE_1)) {
         err = sp_ModExp_Fp_star_1024(b, e, r);
     }
+    else
 #endif
+    {
+        err = NOT_COMPILED_IN;
+    }
 
     return err;
 }
@@ -6393,7 +6421,7 @@ int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(key->ecc.dp->size * 2);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < (word32)key->ecc.dp->size * 2)) {
         err = BUFFER_E;
@@ -6503,7 +6531,7 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len)
 #else
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         *len = 0;
@@ -6514,7 +6542,6 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len)
         key->i.table = table;
         key->i.tableLen = *len;
     }
-    (void)table;
 #endif
 
     return err;
@@ -6544,7 +6571,7 @@ int wc_SetSakkePointITable(SakkeKey* key, byte* table, word32 len)
 #ifdef WOLFSSL_HAVE_SP_ECC
     if (err == 0) {
         err = sp_ecc_gen_table_1024(key->i.i, NULL, &sz, NULL);
-        if (err == LENGTH_ONLY_E) {
+        if (err == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             err = 0;
         }
     }
@@ -6702,7 +6729,7 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType,
         *authSz = outSz;
 
         if (auth == NULL) {
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
 
@@ -6797,7 +6824,7 @@ int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, word16* ssvSz)
         /* Return length only if an output buffer is NULL. */
         if (ssv == NULL) {
             *ssvSz = (word16) (n / 8);
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else {
             n = *ssvSz;
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 1f4439f0f..81a15e423 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -1,6 +1,6 @@
 /* sha.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,13 +36,13 @@
 
 #if !defined(NO_SHA)
 
-#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$j")
-        #pragma const_seg(".fipsB$j")
+        #pragma code_seg(".fipsA$k")
+        #pragma const_seg(".fipsB$k")
     #endif
 #endif
 
@@ -118,6 +118,14 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000013 };
+    int wolfCrypt_FIPS_SHA_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 /* Hardware Acceleration */
 #if defined(WOLFSSL_PIC32MZ_HASH)
@@ -300,6 +308,10 @@
     !defined(WOLFSSL_QNX_CAAM)
     /* wolfcrypt/src/port/caam/caam_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+
 #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \
       defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW)
 
@@ -433,7 +445,7 @@ static WC_INLINE void AddLength(wc_Sha* sha, word32 len)
     #define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
     #define f4(x,y,z) ((x)^(y)^(z))
 
-    #ifdef WOLFSSL_NUCLEUS_1_2
+    #if defined(WOLFSSL_NUCLEUS_1_2) || defined(NUCLEUS_PLUS_2_3)
         /* nucleus.h also defines R1-R4 */
         #undef R1
         #undef R2
@@ -552,6 +564,13 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
     sha->devCtx = NULL;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
     if (sha->ctx.mode != ESP32_SHA_INIT) {
         /* it may be interesting to see old values during debugging */
@@ -598,7 +617,7 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
 #ifdef WOLF_CRYPTO_CB
     if (sha->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_ShaHash(sha, data, len, NULL);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         ret = 0; /* reset ret */
         /* fall-through when unavailable */
@@ -817,7 +836,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
 #ifdef WOLF_CRYPTO_CB
     if (sha->devId != INVALID_DEVID) {
         ret = wc_CryptoCb_ShaHash(sha, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -841,7 +860,10 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
 
     /* pad with zeros */
     if (sha->buffLen > WC_SHA_PAD_SIZE) {
-        XMEMSET(&local[sha->buffLen], 0, WC_SHA_BLOCK_SIZE - sha->buffLen);
+        if (sha->buffLen < WC_SHA_BLOCK_SIZE) {
+            XMEMSET(&local[sha->buffLen], 0, WC_SHA_BLOCK_SIZE - sha->buffLen);
+        }
+
         sha->buffLen += WC_SHA_BLOCK_SIZE - sha->buffLen;
 
     #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
@@ -1024,6 +1046,8 @@ int wc_InitSha(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 void wc_ShaFree(wc_Sha* sha)
 {
     if (sha == NULL)
@@ -1040,6 +1064,9 @@ void wc_ShaFree(wc_Sha* sha)
 #ifdef WOLFSSL_PIC32MZ_HASH
     wc_ShaPic32Free(sha);
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+#endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     se050_hash_free(&sha->se050Ctx);
 #endif
@@ -1047,16 +1074,15 @@ void wc_ShaFree(wc_Sha* sha)
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \
     defined(WOLFSSL_RENESAS_RX64_HASH)
-    if (sha->msg != NULL) {
-        XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        sha->msg = NULL;
-    }
+    XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    sha->msg = NULL;
 #endif
 #ifdef WOLFSSL_IMXRT_DCP
     DCPShaFree(sha);
 #endif
 }
 
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !WOLFSSL_TI_HASH */
 
@@ -1071,6 +1097,8 @@ void wc_ShaFree(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 /* wc_ShaGetHash get hash value */
 int wc_ShaGetHash(wc_Sha* sha, byte* hash)
 {
@@ -1135,12 +1163,20 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
     esp_sha_ctx_copy(src, dst);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_HASH_FLAGS
     dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_RX64_HASH */
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
           !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ||
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 427927cd8..31a557c8d 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -1,6 +1,6 @@
 /* sha256.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,16 +63,16 @@ on the specific device platform.
 #endif
 
 
-#if !defined(NO_SHA256) && (!defined(WOLFSSL_ARMASM) && \
-    !defined(WOLFSSL_ARMASM_NO_NEON))
+#if !defined(NO_SHA256) && !(defined(WOLFSSL_ARMASM) || \
+    defined(WOLFSSL_ARMASM_NO_NEON)) && !defined(WOLFSSL_RISCV_ASM)
 
 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$d")
-        #pragma const_seg(".fipsB$d")
+        #pragma code_seg(".fipsA$l")
+        #pragma const_seg(".fipsB$l")
     #endif
 #endif
 
@@ -105,11 +105,12 @@ on the specific device platform.
 #endif
 
 #ifdef WOLFSSL_ESPIDF
-    /* Define the ESP_LOGx(TAG, "" value for output messages here.
+    /* Define the ESP_LOGx(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE value for output messages here.
     **
     ** Beware of possible conflict in test.c (that one now named TEST_TAG)
     */
-    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
+    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
         static const char* TAG = "wc_sha256";
     #endif
 #endif
@@ -121,7 +122,9 @@ on the specific device platform.
 
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
 
-
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha256.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
 #else
 
 #include <wolfssl/wolfcrypt/logging.h>
@@ -140,6 +143,14 @@ on the specific device platform.
     #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000014 };
+    int wolfCrypt_FIPS_SHA256_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
 #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
     #if defined(__GNUC__) && ((__GNUC__ < 4) || \
@@ -167,6 +178,46 @@ on the specific device platform.
     #define HAVE_INTEL_RORX
 #endif
 
+#if defined(LITTLE_ENDIAN_ORDER)
+    #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
+          defined(CONFIG_IDF_TARGET_ESP8684) || \
+          defined(CONFIG_IDF_TARGET_ESP32C3) || \
+          defined(CONFIG_IDF_TARGET_ESP32C6)    \
+        ) && \
+        defined(WOLFSSL_ESP32_CRYPT) &&         \
+        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
+        !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
+        /* For Espressif RISC-V Targets, we *may* need to reverse bytes
+         * depending on if HW is active or not. */
+        #define SHA256_REV_BYTES(ctx) \
+            (esp_sha_need_byte_reversal(ctx))
+    #elif defined(FREESCALE_MMCAU_SHA)
+        #define SHA256_REV_BYTES(ctx)       1 /* reverse needed on final */
+    #endif
+#endif
+#ifndef SHA256_REV_BYTES
+    #if defined(LITTLE_ENDIAN_ORDER)
+        #define SHA256_REV_BYTES(ctx)       1
+    #else
+        #define SHA256_REV_BYTES(ctx)       0
+    #endif
+#endif
+#if defined(LITTLE_ENDIAN_ORDER) && \
+        defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA256_UPDATE_REV_BYTES(ctx) (sha256->sha_method == SHA256_C)
+    #else
+        #define SHA256_UPDATE_REV_BYTES(ctx) \
+            (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags) && \
+             !IS_INTEL_SHA(intel_flags))
+    #endif
+#elif defined(FREESCALE_MMCAU_SHA)
+    #define SHA256_UPDATE_REV_BYTES(ctx)    0 /* reverse not needed on update */
+#else
+    #define SHA256_UPDATE_REV_BYTES(ctx)    SHA256_REV_BYTES(ctx)
+#endif
+
 
 #if !defined(WOLFSSL_PIC32MZ_HASH) && !defined(STM32_HASH_SHA2) && \
     (!defined(WOLFSSL_IMX6_CAAM) || defined(NO_IMX6_CAAM_HASH) || \
@@ -184,14 +235,18 @@ on the specific device platform.
     (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \
     !defined(WOLFSSL_RENESAS_RX64_HASH)
 
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+#ifdef WC_C_DYNAMIC_FALLBACK
+    #define SHA256_SETTRANSFORM_ARGS int *sha_method
+#else
+    #define SHA256_SETTRANSFORM_ARGS void
+#endif
+static void Sha256_SetTransform(SHA256_SETTRANSFORM_ARGS);
+#endif
 
 static int InitSha256(wc_Sha256* sha256)
 {
-    int ret = 0;
-
-    if (sha256 == NULL)
-        return BAD_FUNC_ARG;
-
     XMEMSET(sha256->digest, 0, sizeof(sha256->digest));
     sha256->digest[0] = 0x6A09E667L;
     sha256->digest[1] = 0xBB67AE85L;
@@ -214,8 +269,15 @@ static int InitSha256(wc_Sha256* sha256)
     sha256->used = 0;
 #endif
 
-#ifdef WOLF_CRYPTO_CB
-    sha256->devId = wc_CryptoCb_DefaultDevID();
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+    /* choose best Transform function under this runtime environment */
+#ifdef WC_C_DYNAMIC_FALLBACK
+    sha256->sha_method = 0;
+    Sha256_SetTransform(&sha256->sha_method);
+#else
+    Sha256_SetTransform();
+#endif
 #endif
 
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
@@ -226,7 +288,7 @@ static int InitSha256(wc_Sha256* sha256)
     sha256->hSession = NULL;
 #endif
 
-    return ret;
+    return 0;
 }
 #endif
 
@@ -301,7 +363,15 @@ static int InitSha256(wc_Sha256* sha256)
     extern "C" {
 #endif
 
+        extern int Transform_Sha256_SSE2_Sha(wc_Sha256 *sha256,
+                                             const byte* data);
+        extern int Transform_Sha256_SSE2_Sha_Len(wc_Sha256* sha256,
+                                                 const byte* data, word32 len);
     #if defined(HAVE_INTEL_AVX1)
+        extern int Transform_Sha256_AVX1_Sha(wc_Sha256 *sha256,
+                                             const byte* data);
+        extern int Transform_Sha256_AVX1_Sha_Len(wc_Sha256* sha256,
+                                                 const byte* data, word32 len);
         extern int Transform_Sha256_AVX1(wc_Sha256 *sha256, const byte* data);
         extern int Transform_Sha256_AVX1_Len(wc_Sha256* sha256,
                                              const byte* data, word32 len);
@@ -324,25 +394,209 @@ static int InitSha256(wc_Sha256* sha256)
     }  /* extern "C" */
 #endif
 
+    static word32 intel_flags = 0;
+
+#if defined(WC_C_DYNAMIC_FALLBACK) && !defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
+    #define WC_NO_INTERNAL_FUNCTION_POINTERS
+#endif
+
+#ifdef WC_NO_INTERNAL_FUNCTION_POINTERS
+
+    enum sha_methods { SHA256_UNSET = 0, SHA256_AVX1_SHA, SHA256_AVX2,
+                       SHA256_AVX1_RORX, SHA256_AVX1_NOSHA, SHA256_AVX2_RORX,
+                       SHA256_SSE2, SHA256_C };
+
+#ifndef WC_C_DYNAMIC_FALLBACK
+    /* note that all write access to this static variable must be idempotent,
+     * as arranged by Sha256_SetTransform(), else it will be susceptible to
+     * data races.
+     */
+    static enum sha_methods sha_method = SHA256_UNSET;
+#endif
+
+    static void Sha256_SetTransform(SHA256_SETTRANSFORM_ARGS)
+    {
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA_METHOD (*sha_method)
+    #else
+        #define SHA_METHOD sha_method
+    #endif
+        if (SHA_METHOD != SHA256_UNSET)
+            return;
+
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        if (! CAN_SAVE_VECTOR_REGISTERS()) {
+            SHA_METHOD = SHA256_C;
+            return;
+        }
+    #endif
+
+        if (intel_flags == 0)
+            intel_flags = cpuid_get_flags();
+
+        if (IS_INTEL_SHA(intel_flags)) {
+        #ifdef HAVE_INTEL_AVX1
+            if (IS_INTEL_AVX1(intel_flags)) {
+                SHA_METHOD = SHA256_AVX1_SHA;
+            }
+            else
+        #endif
+            {
+                SHA_METHOD = SHA256_SSE2;
+            }
+        }
+        else
+    #ifdef HAVE_INTEL_AVX2
+        if (IS_INTEL_AVX2(intel_flags)) {
+        #ifdef HAVE_INTEL_RORX
+            if (IS_INTEL_BMI2(intel_flags)) {
+                SHA_METHOD = SHA256_AVX2_RORX;
+            }
+            else
+        #endif
+            {
+                SHA_METHOD = SHA256_AVX2;
+            }
+        }
+        else
+    #endif
+    #ifdef HAVE_INTEL_AVX1
+        if (IS_INTEL_AVX1(intel_flags)) {
+        #ifdef HAVE_INTEL_RORX
+            if (IS_INTEL_BMI2(intel_flags)) {
+                SHA_METHOD = SHA256_AVX1_RORX;
+            }
+            else
+        #endif
+            {
+                SHA_METHOD = SHA256_AVX1_NOSHA;
+            }
+        }
+        else
+    #endif
+        {
+            SHA_METHOD = SHA256_C;
+        }
+    #undef SHA_METHOD
+    }
+
+    static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) {
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA_METHOD (S->sha_method)
+    #else
+        #define SHA_METHOD sha_method
+    #endif
+        int ret;
+
+        if (SHA_METHOD == SHA256_C)
+            return Transform_Sha256(S, D);
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+        switch (SHA_METHOD) {
+        case SHA256_AVX2:
+            ret = Transform_Sha256_AVX2(S, D);
+            break;
+        case SHA256_AVX2_RORX:
+            ret = Transform_Sha256_AVX2_RORX(S, D);
+            break;
+        case SHA256_AVX1_SHA:
+            ret = Transform_Sha256_AVX1_Sha(S, D);
+            break;
+        case SHA256_AVX1_NOSHA:
+            ret = Transform_Sha256_AVX1(S, D);
+            break;
+        case SHA256_AVX1_RORX:
+            ret = Transform_Sha256_AVX1_RORX(S, D);
+            break;
+        case SHA256_SSE2:
+            ret = Transform_Sha256_SSE2_Sha(S, D);
+            break;
+        case SHA256_C:
+        case SHA256_UNSET:
+        default:
+            ret = Transform_Sha256(S, D);
+            break;
+        }
+        RESTORE_VECTOR_REGISTERS();
+        return ret;
+    #undef SHA_METHOD
+    }
+#define XTRANSFORM(...) inline_XTRANSFORM(__VA_ARGS__)
+
+    static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) {
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA_METHOD (S->sha_method)
+    #else
+        #define SHA_METHOD sha_method
+    #endif
+        int ret;
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+        switch (SHA_METHOD) {
+        case SHA256_AVX2:
+            ret = Transform_Sha256_AVX2_Len(S, D, L);
+            break;
+        case SHA256_AVX2_RORX:
+            ret = Transform_Sha256_AVX2_RORX_Len(S, D, L);
+            break;
+        case SHA256_AVX1_SHA:
+            ret = Transform_Sha256_AVX1_Sha_Len(S, D, L);
+            break;
+        case SHA256_AVX1_NOSHA:
+            ret = Transform_Sha256_AVX1_Len(S, D, L);
+            break;
+        case SHA256_AVX1_RORX:
+            ret = Transform_Sha256_AVX1_RORX_Len(S, D, L);
+            break;
+        case SHA256_SSE2:
+            ret = Transform_Sha256_SSE2_Sha_Len(S, D, L);
+            break;
+        case SHA256_C:
+        case SHA256_UNSET:
+        default:
+            ret = 0;
+            break;
+        }
+        RESTORE_VECTOR_REGISTERS();
+        return ret;
+    #undef SHA_METHOD
+    }
+#define XTRANSFORM_LEN(...) inline_XTRANSFORM_LEN(__VA_ARGS__)
+
+#else /* !WC_NO_INTERNAL_FUNCTION_POINTERS */
+
     static int (*Transform_Sha256_p)(wc_Sha256* sha256, const byte* data);
                                                        /* = _Transform_Sha256 */
     static int (*Transform_Sha256_Len_p)(wc_Sha256* sha256, const byte* data,
                                          word32 len);
                                                                     /* = NULL */
     static int transform_check = 0;
-    static word32 intel_flags;
     static int Transform_Sha256_is_vectorized = 0;
 
     static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) {
         int ret;
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha256_is_vectorized)
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+    #endif
         ret = (*Transform_Sha256_p)(S, D);
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha256_is_vectorized)
+            RESTORE_VECTOR_REGISTERS();
+    #endif
         return ret;
     }
 #define XTRANSFORM(...) inline_XTRANSFORM(__VA_ARGS__)
 
     static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) {
         int ret;
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha256_is_vectorized)
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+    #endif
         ret = (*Transform_Sha256_Len_p)(S, D, L);
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha256_is_vectorized)
+            RESTORE_VECTOR_REGISTERS();
+    #endif
         return ret;
     }
 #define XTRANSFORM_LEN(...) inline_XTRANSFORM_LEN(__VA_ARGS__)
@@ -355,6 +609,22 @@ static int InitSha256(wc_Sha256* sha256)
 
         intel_flags = cpuid_get_flags();
 
+        if (IS_INTEL_SHA(intel_flags)) {
+        #ifdef HAVE_INTEL_AVX1
+            if (IS_INTEL_AVX1(intel_flags)) {
+                Transform_Sha256_p = Transform_Sha256_AVX1_Sha;
+                Transform_Sha256_Len_p = Transform_Sha256_AVX1_Sha_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
+            else
+        #endif
+            {
+                Transform_Sha256_p = Transform_Sha256_SSE2_Sha;
+                Transform_Sha256_Len_p = Transform_Sha256_SSE2_Sha_Len;
+                Transform_Sha256_is_vectorized = 1;
+            }
+        }
+        else
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
         #ifdef HAVE_INTEL_RORX
@@ -400,6 +670,8 @@ static int InitSha256(wc_Sha256* sha256)
         transform_check = 1;
     }
 
+#endif /* !WC_NO_INTERNAL_FUNCTION_POINTERS */
+
 #if !defined(WOLFSSL_KCAPI_HASH)
     int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
     {
@@ -420,9 +692,6 @@ static int InitSha256(wc_Sha256* sha256)
         if (ret != 0)
             return ret;
 
-        /* choose best Transform function under this runtime environment */
-        Sha256_SetTransform();
-
     #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
         ret = wolfAsync_DevCtxInit(&sha256->asyncDev,
                             WOLFSSL_ASYNC_MARKER_SHA256, sha256->heap, devId);
@@ -565,7 +834,14 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret = 0;
 
-        if (sha256 == NULL || (data == NULL && len > 0)) {
+        if (sha256 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
             return BAD_FUNC_ARG;
         }
 
@@ -616,6 +892,17 @@ static int InitSha256(wc_Sha256* sha256)
 
     int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
     {
+        if (sha256 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
         return se050_hash_update(&sha256->se050Ctx, data, len);
     }
 
@@ -711,10 +998,6 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret = 0; /* zero = success */
 
-        if (sha256 == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
         /* We may or may not need initial digest for HW.
          * Always needed for SW-only. */
         sha256->digest[0] = 0x6A09E667L;
@@ -731,7 +1014,7 @@ static int InitSha256(wc_Sha256* sha256)
         sha256->hiLen   = 0;
 
 #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
-        ret = esp_sha_init(&(sha256->ctx), WC_HASH_TYPE_SHA256);
+        ret = esp_sha_init((WC_ESP32SHA*)&(sha256->ctx), WC_HASH_TYPE_SHA256);
 #endif
         return ret;
     }
@@ -748,15 +1031,14 @@ static int InitSha256(wc_Sha256* sha256)
             return BAD_FUNC_ARG;
         }
 
-    #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
-#ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
+    #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
         /* We know this is a fresh, uninitialized item, so set to INIT */
         if (sha256->ctx.mode != ESP32_SHA_INIT) {
             ESP_LOGV(TAG, "Set ctx mode from prior value: "
                                "%d", sha256->ctx.mode);
         }
         sha256->ctx.mode = ESP32_SHA_INIT;
-#endif
     #endif
 
         return InitSha256(sha256);
@@ -811,6 +1093,12 @@ static int InitSha256(wc_Sha256* sha256)
         sha256->devId = devId;
         sha256->devCtx = NULL;
     #endif
+    #ifdef MAX3266X_SHA_CB
+        ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+        if (ret != 0) {
+            return ret;
+        }
+    #endif
     #ifdef WOLFSSL_SMALL_STACK_CACHE
         sha256->W = NULL;
     #endif
@@ -972,6 +1260,9 @@ static int InitSha256(wc_Sha256* sha256)
     {
         word32 S[8], t0, t1;
         int i;
+    #ifdef USE_SLOW_SHA256
+        int j;
+    #endif
         word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)];
 
         /* Copy digest to working vars */
@@ -985,6 +1276,16 @@ static int InitSha256(wc_Sha256* sha256)
         S[7] = sha256->digest[7];
 
         i = 0;
+    #ifdef USE_SLOW_SHA256
+        for (j = 0; j < 16; j++) {
+            RND1(j);
+        }
+        for (i = 16; i < 64; i += 16) {
+            for (j = 0; j < 16; j++) {
+                RNDN(j);
+            }
+        }
+    #else
         RND1( 0); RND1( 1); RND1( 2); RND1( 3);
         RND1( 4); RND1( 5); RND1( 6); RND1( 7);
         RND1( 8); RND1( 9); RND1(10); RND1(11);
@@ -996,6 +1297,7 @@ static int InitSha256(wc_Sha256* sha256)
             RNDN( 8); RNDN( 9); RNDN(10); RNDN(11);
             RNDN(12); RNDN(13); RNDN(14); RNDN(15);
         }
+    #endif
 
         /* Add the working vars back into digest */
         sha256->digest[0] += S[0];
@@ -1025,21 +1327,13 @@ static int InitSha256(wc_Sha256* sha256)
     }
 
     /* do block size increments/updates */
-    static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+    static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+        word32 len)
     {
         int ret = 0;
         word32 blocksLen;
         byte* local;
 
-        if (sha256 == NULL || (data == NULL && len > 0)) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (data == NULL && len == 0) {
-            /* valid, but do nothing */
-            return 0;
-        }
-
         /* check that internal buffLen is valid */
         if (sha256->buffLen >= WC_SHA256_BLOCK_SIZE) {
             return BUFFER_E;
@@ -1068,34 +1362,13 @@ static int InitSha256(wc_Sha256* sha256)
                 }
             #endif
 
-
-            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-                #if defined(WOLFSSL_X86_64_BUILD) && \
-                          defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-                if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-                #endif
-                #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-                      defined(CONFIG_IDF_TARGET_ESP8684) || \
-                      defined(CONFIG_IDF_TARGET_ESP32C3) || \
-                      defined(CONFIG_IDF_TARGET_ESP32C6)    \
-                    ) && \
-                    defined(WOLFSSL_ESP32_CRYPT) &&         \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-                /* For Espressif RISC-V Targets, we *may* need to reverse bytes
-                 * depending on if HW is active or not. */
-                    if (esp_sha_need_byte_reversal(&sha256->ctx))
-                #endif
-                {
-                    ByteReverseWords(sha256->buffer, sha256->buffer,
-                        WC_SHA256_BLOCK_SIZE);
-                }
-            #endif
+            if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+                ByteReverseWords(sha256->buffer, sha256->buffer,
+                    WC_SHA256_BLOCK_SIZE);
+            }
 
             #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
                !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-
                 if (sha256->ctx.mode == ESP32_SHA_SW) {
                     #if defined(WOLFSSL_DEBUG_MUTEX)
                     {
@@ -1122,7 +1395,6 @@ static int InitSha256(wc_Sha256* sha256)
                 /* Always SW */
                 ret = XTRANSFORM(sha256, (const byte*)local);
             #endif
-
                 if (ret == 0)
                     sha256->buffLen = 0;
                 else
@@ -1134,15 +1406,24 @@ static int InitSha256(wc_Sha256* sha256)
     #ifdef XTRANSFORM_LEN
         #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
                           (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+
+        #ifdef WC_C_DYNAMIC_FALLBACK
+        if (sha256->sha_method != SHA256_C)
+        #elif defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
+        if (sha_method != SHA256_C)
+        #else
         if (Transform_Sha256_Len_p != NULL)
+        #endif
+
         #endif
         {
-            /* get number of blocks */
-            /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */
-            /* len (masked by 0xFFFFFFC0) returns block aligned length */
-            blocksLen = len & ~((word32)WC_SHA256_BLOCK_SIZE-1);
-            if (blocksLen > 0) {
-                /* Byte reversal and alignment handled in function if required */
+            if (len >= WC_SHA256_BLOCK_SIZE) {
+                /* get number of blocks */
+                /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */
+                /* len (masked by 0xFFFFFFC0) returns block aligned length */
+                blocksLen = len & ~((word32)WC_SHA256_BLOCK_SIZE-1);
+                /* Byte reversal and alignment handled in function if required
+                 */
                 XTRANSFORM_LEN(sha256, data, blocksLen);
                 data += blocksLen;
                 len  -= blocksLen;
@@ -1185,28 +1466,9 @@ static int InitSha256(wc_Sha256* sha256)
                 }
             #endif
 
-            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-                #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-                      defined(CONFIG_IDF_TARGET_ESP8684) || \
-                      defined(CONFIG_IDF_TARGET_ESP32C3) || \
-                      defined(CONFIG_IDF_TARGET_ESP32C6)    \
-                    ) && \
-                    defined(WOLFSSL_ESP32_CRYPT)         && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-                   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-                /* For Espressif RISC-V Targets, we *may* need to reverse bytes
-                 * depending on if HW is active or not. */
-                    if (esp_sha_need_byte_reversal(&sha256->ctx))
-                #endif
-                #if defined(WOLFSSL_X86_64_BUILD) && \
-                          defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-                if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-                #endif
-                {
-                    ByteReverseWords(local32, local32, WC_SHA256_BLOCK_SIZE);
-                }
-            #endif
+            if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+                ByteReverseWords(local32, local32, WC_SHA256_BLOCK_SIZE);
+            }
 
             #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
                !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
@@ -1243,14 +1505,16 @@ static int InitSha256(wc_Sha256* sha256)
 #else
     int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
     {
-        if (sha256 == NULL || (data == NULL && len > 0)) {
+        if (sha256 == NULL) {
             return BAD_FUNC_ARG;
         }
-
         if (data == NULL && len == 0) {
             /* valid, but do nothing */
             return 0;
         }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
 
     #ifdef WOLF_CRYPTO_CB
         #ifndef WOLF_CRYPTO_CB_FIND
@@ -1258,7 +1522,7 @@ static int InitSha256(wc_Sha256* sha256)
         #endif
         {
             int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL);
-            if (ret != CRYPTOCB_UNAVAILABLE)
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
         }
@@ -1277,14 +1541,9 @@ static int InitSha256(wc_Sha256* sha256)
 
     static WC_INLINE int Sha256Final(wc_Sha256* sha256)
     {
-
         int ret;
         byte* local;
 
-        if (sha256 == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
         /* we'll add a 0x80 byte at the end,
         ** so make sure we have appropriate buffer length. */
         if (sha256->buffLen > WC_SHA256_BLOCK_SIZE - 1) {
@@ -1297,9 +1556,10 @@ static int InitSha256(wc_Sha256* sha256)
 
         /* pad with zeros */
         if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
-            XMEMSET(&local[sha256->buffLen], 0,
-                WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-            sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
+            if (sha256->buffLen < WC_SHA256_BLOCK_SIZE) {
+                XMEMSET(&local[sha256->buffLen], 0,
+                    WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+            }
 
         #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
            !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
@@ -1308,28 +1568,10 @@ static int InitSha256(wc_Sha256* sha256)
             }
         #endif
 
-        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-            #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-                  defined(CONFIG_IDF_TARGET_ESP8684) || \
-                  defined(CONFIG_IDF_TARGET_ESP32C3) || \
-                  defined(CONFIG_IDF_TARGET_ESP32C6)    \
-                )  && \
-                defined(WOLFSSL_ESP32_CRYPT) &&         \
-               !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-               !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            /* For Espressif RISC-V Targets, we *may* need to reverse bytes
-             * depending on if HW is active or not. */
-                if (esp_sha_need_byte_reversal(&sha256->ctx))
-            #endif
-            #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-            #endif
-            {
-                ByteReverseWords(sha256->buffer, sha256->buffer,
-                                                      WC_SHA256_BLOCK_SIZE);
-            }
-        #endif
+        if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords(sha256->buffer, sha256->buffer,
+                WC_SHA256_BLOCK_SIZE);
+        }
 
         #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
            !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
@@ -1366,28 +1608,10 @@ static int InitSha256(wc_Sha256* sha256)
     #endif
 
         /* store lengths */
-    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
-        #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-              defined(CONFIG_IDF_TARGET_ESP8684) || \
-              defined(CONFIG_IDF_TARGET_ESP32C3) || \
-              defined(CONFIG_IDF_TARGET_ESP32C6)    \
-            ) && \
-            defined(WOLFSSL_ESP32_CRYPT) &&         \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            /* For Espressif RISC-V Targets, we *may* need to reverse bytes
-             * depending on if HW is active or not. */
-            if (esp_sha_need_byte_reversal(&sha256->ctx))
-        #endif
-        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
-                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
-        #endif
-        {
+        if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
             ByteReverseWords(sha256->buffer, sha256->buffer,
-                WC_SHA256_BLOCK_SIZE);
+                WC_SHA256_PAD_SIZE);
         }
-    #endif
         /* ! 64-bit length ordering dependent on digest endian type ! */
         XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
         XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
@@ -1426,7 +1650,12 @@ static int InitSha256(wc_Sha256* sha256)
         /* Kinetis requires only these bytes reversed */
         #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
                           (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-        if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
+        #ifdef WC_C_DYNAMIC_FALLBACK
+        if (sha256->sha_method != SHA256_C)
+        #else
+        if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags) ||
+            IS_INTEL_SHA(intel_flags))
+        #endif
         #endif
         {
             ByteReverseWords(
@@ -1469,23 +1698,10 @@ static int InitSha256(wc_Sha256* sha256)
         }
 
     #ifdef LITTLE_ENDIAN_ORDER
-        #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-              defined(CONFIG_IDF_TARGET_ESP8684) || \
-              defined(CONFIG_IDF_TARGET_ESP32C3) || \
-              defined(CONFIG_IDF_TARGET_ESP32C6)    \
-            ) && \
-            defined(WOLFSSL_ESP32_CRYPT) &&         \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            /* For Espressif RISC-V Targets, we *may* need to reverse bytes
-             * depending on if HW is active or not. */
-            if (esp_sha_need_byte_reversal(&sha256->ctx))
-        #endif
-            {
-                ByteReverseWords((word32*)digest,
-                                 (word32*)sha256->digest,
-                                  WC_SHA256_DIGEST_SIZE);
-            }
+        if (SHA256_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords((word32*)digest, (word32*)sha256->digest,
+                              WC_SHA256_DIGEST_SIZE);
+        }
         XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
     #else
         XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
@@ -1508,7 +1724,7 @@ static int InitSha256(wc_Sha256* sha256)
         #endif
         {
             ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash);
-            if (ret != CRYPTOCB_UNAVAILABLE)
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
         }
@@ -1529,22 +1745,10 @@ static int InitSha256(wc_Sha256* sha256)
         }
 
     #if defined(LITTLE_ENDIAN_ORDER)
-        #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-              defined(CONFIG_IDF_TARGET_ESP8684) || \
-              defined(CONFIG_IDF_TARGET_ESP32C3) || \
-              defined(CONFIG_IDF_TARGET_ESP32C6)    \
-            )  && \
-            defined(WOLFSSL_ESP32_CRYPT) &&         \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-           !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
-            /* For Espressif RISC-V Targets, we *may* need to reverse bytes
-             * depending on if HW is active or not. */
-            if (esp_sha_need_byte_reversal(&sha256->ctx))
-        #endif
-            {
-                ByteReverseWords(sha256->digest, sha256->digest,
-                                 WC_SHA256_DIGEST_SIZE);
-            }
+        if (SHA256_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords(sha256->digest, sha256->digest,
+                WC_SHA256_DIGEST_SIZE);
+        }
     #endif
         XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
 
@@ -1556,18 +1760,115 @@ static int InitSha256(wc_Sha256* sha256)
 /* @param sha  a pointer to wc_Sha256 structure           */
 /* @param data data to be applied SHA256 transformation   */
 /* @return 0 on successful, otherwise non-zero on failure */
-    int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data)
+    int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
     {
-        if (sha == NULL || data == NULL) {
+        if (sha256 == NULL || data == NULL) {
             return BAD_FUNC_ARG;
         }
-        return (Transform_Sha256(sha, data));
+        return Transform_Sha256(sha256, data);
     }
-    #endif
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA || HAVE_CURL */
 
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+    /* One block will be used from data.
+     * hash must be big enough to hold all of digest output.
+     */
+    int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
+        unsigned char* hash)
+    {
+        int ret;
+
+        if ((sha256 == NULL) || (data == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        if (SHA256_UPDATE_REV_BYTES(&sha256->ctx)) {
+            ByteReverseWords(sha256->buffer, (word32*)data,
+                WC_SHA256_BLOCK_SIZE);
+            data = (unsigned char*)sha256->buffer;
+        }
+        ret = XTRANSFORM(sha256, data);
+
+        if ((ret == 0) && (hash != NULL)) {
+            if (!SHA256_REV_BYTES(&sha256->ctx)) {
+                XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+            }
+            else {
+        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+                __asm__ __volatile__ (
+                    "mov    0x00(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x00(%[h])\n\t"
+                    "mov    0x04(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x04(%[h])\n\t"
+                    "mov    0x08(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x08(%[h])\n\t"
+                    "mov    0x0c(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x0c(%[h])\n\t"
+                    "mov    0x10(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x10(%[h])\n\t"
+                    "mov    0x14(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x14(%[h])\n\t"
+                    "mov    0x18(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x18(%[h])\n\t"
+                    "mov    0x1c(%[d]), %%esi\n\t"
+                    "movbe  %%esi, 0x1c(%[h])\n\t"
+                    :
+                    : [d] "r" (sha256->digest), [h] "r" (hash)
+                    : "memory", "esi"
+                );
+        #else
+                word32* hash32 = (word32*)hash;
+                word32* digest = (word32*)sha256->digest;
+            #if WOLFSSL_GENERAL_ALIGNMENT < 4
+                ALIGN16 word32 buf[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+
+                if (((size_t)digest & 0x3) != 0) {
+                    if (((size_t)hash32 & 0x3) != 0) {
+                        XMEMCPY(buf, digest, WC_SHA256_DIGEST_SIZE);
+                        hash32 = buf;
+                        digest = buf;
+                    }
+                    else {
+                        XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
+                        digest = hash32;
+                    }
+                }
+                else if (((size_t)hash32 & 0x3) != 0) {
+                    hash32 = digest;
+                }
+            #endif
+                hash32[0] = ByteReverseWord32(digest[0]);
+                hash32[1] = ByteReverseWord32(digest[1]);
+                hash32[2] = ByteReverseWord32(digest[2]);
+                hash32[3] = ByteReverseWord32(digest[3]);
+                hash32[4] = ByteReverseWord32(digest[4]);
+                hash32[5] = ByteReverseWord32(digest[5]);
+                hash32[6] = ByteReverseWord32(digest[6]);
+                hash32[7] = ByteReverseWord32(digest[7]);
+            #if WOLFSSL_GENERAL_ALIGNMENT < 4
+                if (hash != (byte*)hash32) {
+                    XMEMCPY(hash, hash32, WC_SHA256_DIGEST_SIZE);
+                }
+            #endif
+        #endif /* WOLFSSL_X86_64_BUILD && USE_INTEL_SPEEDUP */
+            }
+            sha256->digest[0] = 0x6A09E667L;
+            sha256->digest[1] = 0xBB67AE85L;
+            sha256->digest[2] = 0x3C6EF372L;
+            sha256->digest[3] = 0xA54FF53AL;
+            sha256->digest[4] = 0x510E527FL;
+            sha256->digest[5] = 0x9B05688CL;
+            sha256->digest[6] = 0x1F83D9ABL;
+            sha256->digest[7] = 0x5BE0CD19L;
+        }
+
+        return ret;
+    }
+#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
 #endif /* !WOLFSSL_KCAPI_HASH */
 
+#endif /* XTRANSFORM */
+
 
 #ifdef WOLFSSL_SHA224
 
@@ -1668,6 +1969,9 @@ static int InitSha256(wc_Sha256* sha256)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
 
 /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
@@ -1686,10 +1990,6 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret = 0;
 
-        if (sha224 == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
         sha224->digest[0] = 0xc1059ed8;
         sha224->digest[1] = 0x367cd507;
         sha224->digest[2] = 0x3070dd17;
@@ -1703,11 +2003,19 @@ static int InitSha256(wc_Sha256* sha256)
         sha224->loLen   = 0;
         sha224->hiLen   = 0;
 
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        sha224->sha_method = 0;
+    #endif
+
     #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
                           (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
         /* choose best Transform function under this runtime environment */
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        Sha256_SetTransform(&sha224->sha_method);
+    #else
         Sha256_SetTransform();
     #endif
+    #endif
     #ifdef WOLFSSL_HASH_FLAGS
         sha224->flags = 0;
     #endif
@@ -1790,7 +2098,14 @@ static int InitSha256(wc_Sha256* sha256)
     {
         int ret;
 
-        if (sha224 == NULL || (data == NULL && len > 0)) {
+        if (sha224 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
             return BAD_FUNC_ARG;
         }
 
@@ -1842,18 +2157,7 @@ static int InitSha256(wc_Sha256* sha256)
             return ret;
 
     #if defined(LITTLE_ENDIAN_ORDER)
-        #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \
-              defined(CONFIG_IDF_TARGET_ESP8684) || \
-              defined(CONFIG_IDF_TARGET_ESP32C3) || \
-              defined(CONFIG_IDF_TARGET_ESP32C6)    \
-            )  && \
-            defined(WOLFSSL_ESP32_CRYPT) && \
-           (!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) || \
-            !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224)    \
-           )
-            if (esp_sha_need_byte_reversal(&sha224->ctx))
-        #endif
-        {
+        if (SHA256_REV_BYTES(&sha224->ctx)) {
             ByteReverseWords(sha224->digest,
                              sha224->digest,
                              WC_SHA224_DIGEST_SIZE);
@@ -1946,6 +2250,10 @@ void wc_Sha256Free(wc_Sha256* sha256)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
     wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256);
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -2058,6 +2366,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
     int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
@@ -2192,7 +2503,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
     /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
-
+#elif defined(MAX3266X_SHA)
+    /* Implemented in wolfcrypt/src/port/maxim/max3266x.c */
 #else
 
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
@@ -2219,7 +2531,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
     ret = wc_Sha256Copy(sha256, tmpSha256);
     if (ret == 0) {
         ret = wc_Sha256Final(tmpSha256, hash);
-        wc_Sha256Free(tmpSha256); /* TODO move outside brackets? */
+        wc_Sha256Free(tmpSha256);
     }
 
 
@@ -2243,6 +2555,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
     wc_MAXQ10XX_Sha256Copy(src);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     dst->W = NULL;
 #endif
@@ -2273,7 +2592,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
 #endif
 
 #ifdef WOLFSSL_HASH_FLAGS
-     dst->flags |= WC_HASH_FLAG_ISCOPY;
+    dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
 #if defined(WOLFSSL_HASH_KEEP)
diff --git a/wolfcrypt/src/sha256_asm.S b/wolfcrypt/src/sha256_asm.S
index 6d1c8ea79..5d2d60049 100644
--- a/wolfcrypt/src/sha256_asm.S
+++ b/wolfcrypt/src/sha256_asm.S
@@ -1,6 +1,6 @@
 /* sha256_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,6 +46,439 @@
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_X86_64_BUILD
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_sse2_sha256_sha_k:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_sse2_sha256_shuf_mask:
+.quad	0x405060700010203, 0xc0d0e0f08090a0b
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_SSE2_Sha
+.type	Transform_Sha256_SSE2_Sha,@function
+.align	16
+Transform_Sha256_SSE2_Sha:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_SSE2_Sha
+.p2align	4
+_Transform_Sha256_SSE2_Sha:
+#endif /* __APPLE__ */
+        leaq	L_sse2_sha256_sha_k(%rip), %rdx
+        movdqa	L_sse2_sha256_shuf_mask(%rip), %xmm10
+        movq	(%rdi), %xmm1
+        movq	8(%rdi), %xmm2
+        movhpd	16(%rdi), %xmm1
+        movhpd	24(%rdi), %xmm2
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        movdqu	(%rsi), %xmm3
+        movdqu	16(%rsi), %xmm4
+        movdqu	32(%rsi), %xmm5
+        movdqu	48(%rsi), %xmm6
+        pshufb	%xmm10, %xmm3
+        movdqa	%xmm1, %xmm8
+        movdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        movdqa	%xmm3, %xmm0
+        paddd	(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        pshufb	%xmm10, %xmm4
+        movdqa	%xmm4, %xmm0
+        paddd	16(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        pshufb	%xmm10, %xmm5
+        movdqa	%xmm5, %xmm0
+        paddd	32(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        pshufb	%xmm10, %xmm6
+        movdqa	%xmm6, %xmm0
+        paddd	48(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        movdqa	%xmm3, %xmm0
+        paddd	64(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        movdqa	%xmm4, %xmm0
+        paddd	80(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        movdqa	%xmm5, %xmm0
+        paddd	96(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        movdqa	%xmm6, %xmm0
+        paddd	112(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        movdqa	%xmm3, %xmm0
+        paddd	128(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        movdqa	%xmm4, %xmm0
+        paddd	144(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        movdqa	%xmm5, %xmm0
+        paddd	160(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        movdqa	%xmm6, %xmm0
+        paddd	176(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        movdqa	%xmm3, %xmm0
+        paddd	192(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        movdqa	%xmm4, %xmm0
+        paddd	208(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm5, %xmm0
+        paddd	224(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm6, %xmm0
+        paddd	240(%rdx), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        paddd	%xmm8, %xmm1
+        paddd	%xmm9, %xmm2
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        movq	%xmm1, (%rdi)
+        movq	%xmm2, 8(%rdi)
+        movhpd	%xmm1, 16(%rdi)
+        movhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_SSE2_Sha,.-Transform_Sha256_SSE2_Sha
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_SSE2_Sha_Len
+.type	Transform_Sha256_SSE2_Sha_Len,@function
+.align	16
+Transform_Sha256_SSE2_Sha_Len:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_SSE2_Sha_Len
+.p2align	4
+_Transform_Sha256_SSE2_Sha_Len:
+#endif /* __APPLE__ */
+        leaq	L_sse2_sha256_sha_k(%rip), %rax
+        movdqa	L_sse2_sha256_shuf_mask(%rip), %xmm10
+        movq	(%rdi), %xmm1
+        movq	8(%rdi), %xmm2
+        movhpd	16(%rdi), %xmm1
+        movhpd	24(%rdi), %xmm2
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        # Start of loop processing a block
+L_sha256_sha_len_sse2_start:
+        movdqu	(%rsi), %xmm3
+        movdqu	16(%rsi), %xmm4
+        movdqu	32(%rsi), %xmm5
+        movdqu	48(%rsi), %xmm6
+        pshufb	%xmm10, %xmm3
+        movdqa	%xmm1, %xmm8
+        movdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        movdqa	%xmm3, %xmm0
+        paddd	(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        pshufb	%xmm10, %xmm4
+        movdqa	%xmm4, %xmm0
+        paddd	16(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        pshufb	%xmm10, %xmm5
+        movdqa	%xmm5, %xmm0
+        paddd	32(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        pshufb	%xmm10, %xmm6
+        movdqa	%xmm6, %xmm0
+        paddd	48(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        movdqa	%xmm3, %xmm0
+        paddd	64(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        movdqa	%xmm4, %xmm0
+        paddd	80(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        movdqa	%xmm5, %xmm0
+        paddd	96(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        movdqa	%xmm6, %xmm0
+        paddd	112(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        movdqa	%xmm3, %xmm0
+        paddd	128(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        movdqa	%xmm4, %xmm0
+        paddd	144(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        movdqa	%xmm5, %xmm0
+        paddd	160(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        movdqa	%xmm6, %xmm0
+        paddd	176(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm6, %xmm7
+        palignr	$4, %xmm5, %xmm7
+        paddd	%xmm7, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        movdqa	%xmm3, %xmm0
+        paddd	192(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm3, %xmm7
+        palignr	$4, %xmm6, %xmm7
+        paddd	%xmm7, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        pshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        movdqa	%xmm4, %xmm0
+        paddd	208(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm4, %xmm7
+        palignr	$4, %xmm3, %xmm7
+        paddd	%xmm7, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm5, %xmm0
+        paddd	224(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        movdqa	%xmm5, %xmm7
+        palignr	$4, %xmm4, %xmm7
+        paddd	%xmm7, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        movdqa	%xmm6, %xmm0
+        paddd	240(%rax), %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        pshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        addq	$0x40, %rsi
+        subl	$0x40, %edx
+        paddd	%xmm8, %xmm1
+        paddd	%xmm9, %xmm2
+        jnz	L_sha256_sha_len_sse2_start
+        pshufd	$27, %xmm1, %xmm1
+        pshufd	$27, %xmm2, %xmm2
+        movq	%xmm1, (%rdi)
+        movq	%xmm2, 8(%rdi)
+        movhpd	%xmm1, 16(%rdi)
+        movhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_SSE2_Sha_Len,.-Transform_Sha256_SSE2_Sha_Len
+#endif /* __APPLE__ */
 #ifdef HAVE_INTEL_AVX1
 #ifndef __APPLE__
 .data
@@ -122,8 +555,9 @@ _Transform_Sha256_AVX1:
         pushq	%r13
         pushq	%r14
         pushq	%r15
+        pushq	%rbp
         subq	$0x40, %rsp
-        leaq	32(%rdi), %rax
+        leaq	L_avx1_sha256_k(%rip), %rbp
         vmovdqa	L_avx1_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_sha256_shuf_00BA(%rip), %xmm11
         vmovdqa	L_avx1_sha256_shuf_DC00(%rip), %xmm12
@@ -136,24 +570,24 @@ _Transform_Sha256_AVX1:
         movl	24(%rdi), %r14d
         movl	28(%rdi), %r15d
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	%r9d, %ebx
         movl	%r12d, %edx
         xorl	%r10d, %ebx
         # set_w_k_xfer_4: 0
-        vpaddd	0+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	16+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	(%rbp), %xmm0, %xmm4
+        vpaddd	16(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	32+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	48+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	32(%rbp), %xmm2, %xmm6
+        vpaddd	48(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -781,12 +1215,12 @@ _Transform_Sha256_AVX1:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 4
-        vpaddd	64+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	80+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	64(%rbp), %xmm0, %xmm4
+        vpaddd	80(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	96+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	112+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	96(%rbp), %xmm2, %xmm6
+        vpaddd	112(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -1414,12 +1848,12 @@ _Transform_Sha256_AVX1:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 8
-        vpaddd	128+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	144+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	128(%rbp), %xmm0, %xmm4
+        vpaddd	144(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	160+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	176+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	160(%rbp), %xmm2, %xmm6
+        vpaddd	176(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -2047,12 +2481,12 @@ _Transform_Sha256_AVX1:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 12
-        vpaddd	192+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	208+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	192(%rbp), %xmm0, %xmm4
+        vpaddd	208(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	224+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	240+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	224(%rbp), %xmm2, %xmm6
+        vpaddd	240(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # rnd_all_4: 0-3
@@ -2484,8 +2918,8 @@ _Transform_Sha256_AVX1:
         addl	%r14d, 24(%rdi)
         addl	%r15d, 28(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x40, %rsp
+        popq	%rbp
         popq	%r15
         popq	%r14
         popq	%r13
@@ -2513,9 +2947,10 @@ _Transform_Sha256_AVX1_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
-        subq	$0x40, %rsp
+        movq	%rdx, %rbp
+        subq	$0x44, %rsp
+        movl	%ebp, 64(%rsp)
+        leaq	L_avx1_sha256_k(%rip), %rbp
         vmovdqa	L_avx1_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_sha256_shuf_00BA(%rip), %xmm11
         vmovdqa	L_avx1_sha256_shuf_DC00(%rip), %xmm12
@@ -2530,24 +2965,24 @@ _Transform_Sha256_AVX1_Len:
         # Start of loop processing a block
 L_sha256_len_avx1_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	%r9d, %ebx
         movl	%r12d, %edx
         xorl	%r10d, %ebx
         # set_w_k_xfer_4: 0
-        vpaddd	0+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	16+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	(%rbp), %xmm0, %xmm4
+        vpaddd	16(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	32+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	48+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	32(%rbp), %xmm2, %xmm6
+        vpaddd	48(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -3175,12 +3610,12 @@ L_sha256_len_avx1_start:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 4
-        vpaddd	64+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	80+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	64(%rbp), %xmm0, %xmm4
+        vpaddd	80(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	96+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	112+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	96(%rbp), %xmm2, %xmm6
+        vpaddd	112(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -3808,12 +4243,12 @@ L_sha256_len_avx1_start:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 8
-        vpaddd	128+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	144+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	128(%rbp), %xmm0, %xmm4
+        vpaddd	144(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	160+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	176+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	160(%rbp), %xmm2, %xmm6
+        vpaddd	176(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -4441,12 +4876,12 @@ L_sha256_len_avx1_start:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 12
-        vpaddd	192+L_avx1_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	208+L_avx1_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	192(%rbp), %xmm0, %xmm4
+        vpaddd	208(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	224+L_avx1_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	240+L_avx1_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	224(%rbp), %xmm2, %xmm6
+        vpaddd	240(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # rnd_all_4: 0-3
@@ -4877,8 +5312,8 @@ L_sha256_len_avx1_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, 64(%rsp)
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -4889,8 +5324,7 @@ L_sha256_len_avx1_start:
         movl	%r15d, 28(%rdi)
         jnz	L_sha256_len_avx1_start
         xorq	%rax, %rax
-        vzeroupper
-        addq	$0x40, %rsp
+        addq	$0x44, %rsp
         popq	%rbp
         popq	%r15
         popq	%r14
@@ -4976,18 +5410,19 @@ _Transform_Sha256_AVX1_RORX:
         pushq	%r13
         pushq	%r14
         pushq	%r15
+        pushq	%rbp
         subq	$0x40, %rsp
+        leaq	L_avx1_rorx_sha256_k(%rip), %rbp
         vmovdqa	L_avx1_rorx_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_rorx_sha256_shuf_00BA(%rip), %xmm11
         vmovdqa	L_avx1_rorx_sha256_shuf_DC00(%rip), %xmm12
-        leaq	32(%rdi), %rax
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	(%rdi), %r8d
@@ -4999,12 +5434,12 @@ _Transform_Sha256_AVX1_RORX:
         movl	24(%rdi), %r14d
         movl	28(%rdi), %r15d
         # set_w_k_xfer_4: 0
-        vpaddd	0+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	16+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	(%rbp), %xmm0, %xmm4
+        vpaddd	16(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	32+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	48+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	32(%rbp), %xmm2, %xmm6
+        vpaddd	48(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         movl	%r9d, %ebx
@@ -5631,12 +6066,12 @@ _Transform_Sha256_AVX1_RORX:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 4
-        vpaddd	64+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	80+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	64(%rbp), %xmm0, %xmm4
+        vpaddd	80(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	96+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	112+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	96(%rbp), %xmm2, %xmm6
+        vpaddd	112(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -6260,12 +6695,12 @@ _Transform_Sha256_AVX1_RORX:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 8
-        vpaddd	128+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	144+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	128(%rbp), %xmm0, %xmm4
+        vpaddd	144(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	160+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	176+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	160(%rbp), %xmm2, %xmm6
+        vpaddd	176(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -6889,12 +7324,12 @@ _Transform_Sha256_AVX1_RORX:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 12
-        vpaddd	192+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	208+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	192(%rbp), %xmm0, %xmm4
+        vpaddd	208(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	224+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	240+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	224(%rbp), %xmm2, %xmm6
+        vpaddd	240(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         xorl	%eax, %eax
@@ -7296,8 +7731,8 @@ _Transform_Sha256_AVX1_RORX:
         addl	%r14d, 24(%rdi)
         addl	%r15d, 28(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x40, %rsp
+        popq	%rbp
         popq	%r15
         popq	%r14
         popq	%r13
@@ -7325,9 +7760,10 @@ _Transform_Sha256_AVX1_RORX_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
-        subq	$0x40, %rsp
+        movq	%rdx, %rbp
+        subq	$0x44, %rsp
+        movl	%ebp, 64(%rsp)
+        leaq	L_avx1_rorx_sha256_k(%rip), %rbp
         vmovdqa	L_avx1_rorx_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx1_rorx_sha256_shuf_00BA(%rip), %xmm11
         vmovdqa	L_avx1_rorx_sha256_shuf_DC00(%rip), %xmm12
@@ -7342,21 +7778,21 @@ _Transform_Sha256_AVX1_RORX_Len:
         # Start of loop processing a block
 L_sha256_len_avx1_len_rorx_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         # set_w_k_xfer_4: 0
-        vpaddd	0+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	16+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	(%rbp), %xmm0, %xmm4
+        vpaddd	16(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	32+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	48+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	32(%rbp), %xmm2, %xmm6
+        vpaddd	48(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         movl	%r9d, %ebx
@@ -7983,12 +8419,12 @@ L_sha256_len_avx1_len_rorx_start:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 4
-        vpaddd	64+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	80+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	64(%rbp), %xmm0, %xmm4
+        vpaddd	80(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	96+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	112+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	96(%rbp), %xmm2, %xmm6
+        vpaddd	112(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -8612,12 +9048,12 @@ L_sha256_len_avx1_len_rorx_start:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 8
-        vpaddd	128+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	144+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	128(%rbp), %xmm0, %xmm4
+        vpaddd	144(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	160+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	176+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	160(%rbp), %xmm2, %xmm6
+        vpaddd	176(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         # msg_sched: 0-3
@@ -9241,12 +9677,12 @@ L_sha256_len_avx1_len_rorx_start:
         vpaddd	%xmm4, %xmm9, %xmm3
         # msg_sched done: 12-15
         # set_w_k_xfer_4: 12
-        vpaddd	192+L_avx1_rorx_sha256_k(%rip), %xmm0, %xmm4
-        vpaddd	208+L_avx1_rorx_sha256_k(%rip), %xmm1, %xmm5
+        vpaddd	192(%rbp), %xmm0, %xmm4
+        vpaddd	208(%rbp), %xmm1, %xmm5
         vmovdqu	%xmm4, (%rsp)
         vmovdqu	%xmm5, 16(%rsp)
-        vpaddd	224+L_avx1_rorx_sha256_k(%rip), %xmm2, %xmm6
-        vpaddd	240+L_avx1_rorx_sha256_k(%rip), %xmm3, %xmm7
+        vpaddd	224(%rbp), %xmm2, %xmm6
+        vpaddd	240(%rbp), %xmm3, %xmm7
         vmovdqu	%xmm6, 32(%rsp)
         vmovdqu	%xmm7, 48(%rsp)
         xorl	%eax, %eax
@@ -9648,8 +10084,8 @@ L_sha256_len_avx1_len_rorx_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, 64(%rsp)
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -9660,8 +10096,7 @@ L_sha256_len_avx1_len_rorx_start:
         movl	%r15d, 28(%rdi)
         jnz	L_sha256_len_avx1_len_rorx_start
         xorq	%rax, %rax
-        vzeroupper
-        addq	$0x40, %rsp
+        addq	$0x44, %rsp
         popq	%rbp
         popq	%r15
         popq	%r14
@@ -9672,6 +10107,383 @@ L_sha256_len_avx1_len_rorx_start:
 #ifndef __APPLE__
 .size	Transform_Sha256_AVX1_RORX_Len,.-Transform_Sha256_AVX1_RORX_Len
 #endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_avx1_sha256_sha_k:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_avx1_sha256_shuf_mask:
+.quad	0x405060700010203, 0xc0d0e0f08090a0b
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_AVX1_Sha
+.type	Transform_Sha256_AVX1_Sha,@function
+.align	16
+Transform_Sha256_AVX1_Sha:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_AVX1_Sha
+.p2align	4
+_Transform_Sha256_AVX1_Sha:
+#endif /* __APPLE__ */
+        leaq	L_avx1_sha256_sha_k(%rip), %rdx
+        vmovdqa	L_avx1_sha256_shuf_mask(%rip), %xmm10
+        vmovq	(%rdi), %xmm1
+        vmovq	8(%rdi), %xmm2
+        vmovhpd	16(%rdi), %xmm1, %xmm1
+        vmovhpd	24(%rdi), %xmm2, %xmm2
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        vmovdqu	(%rsi), %xmm3
+        vmovdqu	16(%rsi), %xmm4
+        vmovdqu	32(%rsi), %xmm5
+        vmovdqu	48(%rsi), %xmm6
+        vpshufb	%xmm10, %xmm3, %xmm3
+        vmovdqa	%xmm1, %xmm8
+        vmovdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        vpaddd	(%rdx), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        vpshufb	%xmm10, %xmm4, %xmm4
+        vpaddd	16(%rdx), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        vpshufb	%xmm10, %xmm5, %xmm5
+        vpaddd	32(%rdx), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        vpshufb	%xmm10, %xmm6, %xmm6
+        vpaddd	48(%rdx), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        vpaddd	64(%rdx), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        vpaddd	80(%rdx), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        vpaddd	96(%rdx), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        vpaddd	112(%rdx), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        vpaddd	128(%rdx), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        vpaddd	144(%rdx), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        vpaddd	160(%rdx), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        vpaddd	176(%rdx), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        vpaddd	192(%rdx), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        vpaddd	208(%rdx), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	224(%rdx), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	240(%rdx), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	%xmm8, %xmm1, %xmm1
+        vpaddd	%xmm9, %xmm2, %xmm2
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        vmovq	%xmm1, (%rdi)
+        vmovq	%xmm2, 8(%rdi)
+        vmovhpd	%xmm1, 16(%rdi)
+        vmovhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_AVX1_Sha,.-Transform_Sha256_AVX1_Sha
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	Transform_Sha256_AVX1_Sha_Len
+.type	Transform_Sha256_AVX1_Sha_Len,@function
+.align	16
+Transform_Sha256_AVX1_Sha_Len:
+#else
+.section	__TEXT,__text
+.globl	_Transform_Sha256_AVX1_Sha_Len
+.p2align	4
+_Transform_Sha256_AVX1_Sha_Len:
+#endif /* __APPLE__ */
+        leaq	L_avx1_sha256_sha_k(%rip), %rax
+        vmovdqa	L_avx1_sha256_shuf_mask(%rip), %xmm10
+        vmovq	(%rdi), %xmm1
+        vmovq	8(%rdi), %xmm2
+        vmovhpd	16(%rdi), %xmm1, %xmm1
+        vmovhpd	24(%rdi), %xmm2, %xmm2
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        # Start of loop processing a block
+L_sha256_sha_len_avx1_start:
+        vmovdqu	(%rsi), %xmm3
+        vmovdqu	16(%rsi), %xmm4
+        vmovdqu	32(%rsi), %xmm5
+        vmovdqu	48(%rsi), %xmm6
+        vpshufb	%xmm10, %xmm3, %xmm3
+        vmovdqa	%xmm1, %xmm8
+        vmovdqa	%xmm2, %xmm9
+        # Rounds: 0-3
+        vpaddd	(%rax), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 4-7
+        vpshufb	%xmm10, %xmm4, %xmm4
+        vpaddd	16(%rax), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 8-11
+        vpshufb	%xmm10, %xmm5, %xmm5
+        vpaddd	32(%rax), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 12-15
+        vpshufb	%xmm10, %xmm6, %xmm6
+        vpaddd	48(%rax), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 16-19
+        vpaddd	64(%rax), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 20-23
+        vpaddd	80(%rax), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 24-27
+        vpaddd	96(%rax), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 28-31
+        vpaddd	112(%rax), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 32-35
+        vpaddd	128(%rax), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 36-39
+        vpaddd	144(%rax), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm4, %xmm3
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 40-43
+        vpaddd	160(%rax), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm5, %xmm4
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 44-47
+        vpaddd	176(%rax), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm5, %xmm6, %xmm7
+        vpaddd	%xmm7, %xmm3, %xmm3
+        sha256msg2	%xmm6, %xmm3
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm6, %xmm5
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 48-51
+        vpaddd	192(%rax), %xmm3, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm6, %xmm3, %xmm7
+        vpaddd	%xmm7, %xmm4, %xmm4
+        sha256msg2	%xmm3, %xmm4
+        vpshufd	$14, %xmm0, %xmm0
+        sha256msg1	%xmm3, %xmm6
+        sha256rnds2	%xmm2, %xmm1
+        # Rounds: 52-63
+        vpaddd	208(%rax), %xmm4, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm3, %xmm4, %xmm7
+        vpaddd	%xmm7, %xmm5, %xmm5
+        sha256msg2	%xmm4, %xmm5
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	224(%rax), %xmm5, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpalignr	$4, %xmm4, %xmm5, %xmm7
+        vpaddd	%xmm7, %xmm6, %xmm6
+        sha256msg2	%xmm5, %xmm6
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        vpaddd	240(%rax), %xmm6, %xmm0
+        sha256rnds2	%xmm1, %xmm2
+        vpshufd	$14, %xmm0, %xmm0
+        sha256rnds2	%xmm2, %xmm1
+        addq	$0x40, %rsi
+        subl	$0x40, %edx
+        vpaddd	%xmm8, %xmm1, %xmm1
+        vpaddd	%xmm9, %xmm2, %xmm2
+        jnz	L_sha256_sha_len_avx1_start
+        vpshufd	$27, %xmm1, %xmm1
+        vpshufd	$27, %xmm2, %xmm2
+        vmovq	%xmm1, (%rdi)
+        vmovq	%xmm2, 8(%rdi)
+        vmovhpd	%xmm1, 16(%rdi)
+        vmovhpd	%xmm2, 24(%rdi)
+        xorq	%rax, %rax
+        repz retq
+#ifndef __APPLE__
+.size	Transform_Sha256_AVX1_Sha_Len,.-Transform_Sha256_AVX1_Sha_Len
+#endif /* __APPLE__ */
 #endif /* HAVE_INTEL_AVX1 */
 #ifdef HAVE_INTEL_AVX2
 #ifndef __APPLE__
@@ -9768,8 +10580,9 @@ _Transform_Sha256_AVX2:
         pushq	%r13
         pushq	%r14
         pushq	%r15
+        pushq	%rbp
         subq	$0x200, %rsp
-        leaq	32(%rdi), %rax
+        leaq	L_avx2_sha256_k(%rip), %rbp
         vmovdqa	L_avx2_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx2_sha256_shuf_00BA(%rip), %ymm11
         vmovdqa	L_avx2_sha256_shuf_DC00(%rip), %ymm12
@@ -9782,24 +10595,24 @@ _Transform_Sha256_AVX2:
         movl	24(%rdi), %r14d
         movl	28(%rdi), %r15d
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
         movl	%r9d, %ebx
         movl	%r12d, %edx
         xorl	%r10d, %ebx
         # set_w_k_xfer_4: 0
-        vpaddd	0+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	32+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	(%rbp), %ymm0, %ymm4
+        vpaddd	32(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, (%rsp)
         vmovdqu	%ymm5, 32(%rsp)
-        vpaddd	64+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	96+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	64(%rbp), %ymm2, %ymm4
+        vpaddd	96(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 64(%rsp)
         vmovdqu	%ymm5, 96(%rsp)
         # msg_sched: 0-3
@@ -10427,12 +11240,12 @@ _Transform_Sha256_AVX2:
         vpaddd	%ymm4, %ymm9, %ymm3
         # msg_sched done: 24-27
         # set_w_k_xfer_4: 4
-        vpaddd	128+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	160+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	128(%rbp), %ymm0, %ymm4
+        vpaddd	160(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, 128(%rsp)
         vmovdqu	%ymm5, 160(%rsp)
-        vpaddd	192+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	224+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	192(%rbp), %ymm2, %ymm4
+        vpaddd	224(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 192(%rsp)
         vmovdqu	%ymm5, 224(%rsp)
         # msg_sched: 32-35
@@ -11060,12 +11873,12 @@ _Transform_Sha256_AVX2:
         vpaddd	%ymm4, %ymm9, %ymm3
         # msg_sched done: 56-59
         # set_w_k_xfer_4: 8
-        vpaddd	256+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	288+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	256(%rbp), %ymm0, %ymm4
+        vpaddd	288(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, 256(%rsp)
         vmovdqu	%ymm5, 288(%rsp)
-        vpaddd	320+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	352+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	320(%rbp), %ymm2, %ymm4
+        vpaddd	352(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 320(%rsp)
         vmovdqu	%ymm5, 352(%rsp)
         # msg_sched: 64-67
@@ -11693,12 +12506,12 @@ _Transform_Sha256_AVX2:
         vpaddd	%ymm4, %ymm9, %ymm3
         # msg_sched done: 88-91
         # set_w_k_xfer_4: 12
-        vpaddd	384+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	416+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	384(%rbp), %ymm0, %ymm4
+        vpaddd	416(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, 384(%rsp)
         vmovdqu	%ymm5, 416(%rsp)
-        vpaddd	448+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	480+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	448(%rbp), %ymm2, %ymm4
+        vpaddd	480(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 448(%rsp)
         vmovdqu	%ymm5, 480(%rsp)
         # rnd_all_4: 24-27
@@ -12132,6 +12945,7 @@ _Transform_Sha256_AVX2:
         xorq	%rax, %rax
         vzeroupper
         addq	$0x200, %rsp
+        popq	%rbp
         popq	%r15
         popq	%r14
         popq	%r13
@@ -12159,13 +12973,13 @@ _Transform_Sha256_AVX2_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
-        subq	$0x200, %rsp
-        testb	$0x40, %sil
+        movq	%rdx, %rbp
+        subq	$0x204, %rsp
+        testb	$0x40, %bpl
+        movl	%ebp, 512(%rsp)
         je	L_sha256_len_avx2_block
-        vmovdqu	(%rbp), %ymm0
-        vmovdqu	32(%rbp), %ymm1
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
         vmovups	%ymm0, 32(%rdi)
         vmovups	%ymm1, 64(%rdi)
 #ifndef __APPLE__
@@ -12173,10 +12987,11 @@ _Transform_Sha256_AVX2_Len:
 #else
         call	_Transform_Sha256_AVX2
 #endif /* __APPLE__ */
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, 512(%rsp)
         jz	L_sha256_len_avx2_done
 L_sha256_len_avx2_block:
+        leaq	L_avx2_sha256_k(%rip), %rbp
         vmovdqa	L_avx2_sha256_flip_mask(%rip), %ymm13
         vmovdqa	L_avx2_sha256_shuf_00BA(%rip), %ymm11
         vmovdqa	L_avx2_sha256_shuf_DC00(%rip), %ymm12
@@ -12191,18 +13006,18 @@ L_sha256_len_avx2_block:
         # Start of loop processing two blocks
 L_sha256_len_avx2_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
-        vmovdqu	64(%rbp), %xmm4
-        vmovdqu	80(%rbp), %xmm5
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vmovdqu	64(%rsi), %xmm4
+        vmovdqu	80(%rsi), %xmm5
         vinserti128	$0x01, %xmm4, %ymm0, %ymm0
         vinserti128	$0x01, %xmm5, %ymm1, %ymm1
         vpshufb	%ymm13, %ymm0, %ymm0
         vpshufb	%ymm13, %ymm1, %ymm1
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
-        vmovdqu	96(%rbp), %xmm6
-        vmovdqu	112(%rbp), %xmm7
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vmovdqu	96(%rsi), %xmm6
+        vmovdqu	112(%rsi), %xmm7
         vinserti128	$0x01, %xmm6, %ymm2, %ymm2
         vinserti128	$0x01, %xmm7, %ymm3, %ymm3
         vpshufb	%ymm13, %ymm2, %ymm2
@@ -12211,12 +13026,12 @@ L_sha256_len_avx2_start:
         movl	%r12d, %edx
         xorl	%r10d, %ebx
         # set_w_k_xfer_4: 0
-        vpaddd	0+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	32+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	(%rbp), %ymm0, %ymm4
+        vpaddd	32(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, (%rsp)
         vmovdqu	%ymm5, 32(%rsp)
-        vpaddd	64+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	96+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	64(%rbp), %ymm2, %ymm4
+        vpaddd	96(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 64(%rsp)
         vmovdqu	%ymm5, 96(%rsp)
         # msg_sched: 0-3
@@ -12844,12 +13659,12 @@ L_sha256_len_avx2_start:
         vpaddd	%ymm4, %ymm9, %ymm3
         # msg_sched done: 24-27
         # set_w_k_xfer_4: 4
-        vpaddd	128+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	160+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	128(%rbp), %ymm0, %ymm4
+        vpaddd	160(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, 128(%rsp)
         vmovdqu	%ymm5, 160(%rsp)
-        vpaddd	192+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	224+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	192(%rbp), %ymm2, %ymm4
+        vpaddd	224(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 192(%rsp)
         vmovdqu	%ymm5, 224(%rsp)
         # msg_sched: 32-35
@@ -13477,12 +14292,12 @@ L_sha256_len_avx2_start:
         vpaddd	%ymm4, %ymm9, %ymm3
         # msg_sched done: 56-59
         # set_w_k_xfer_4: 8
-        vpaddd	256+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	288+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	256(%rbp), %ymm0, %ymm4
+        vpaddd	288(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, 256(%rsp)
         vmovdqu	%ymm5, 288(%rsp)
-        vpaddd	320+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	352+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	320(%rbp), %ymm2, %ymm4
+        vpaddd	352(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 320(%rsp)
         vmovdqu	%ymm5, 352(%rsp)
         # msg_sched: 64-67
@@ -14110,12 +14925,12 @@ L_sha256_len_avx2_start:
         vpaddd	%ymm4, %ymm9, %ymm3
         # msg_sched done: 88-91
         # set_w_k_xfer_4: 12
-        vpaddd	384+L_avx2_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	416+L_avx2_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	384(%rbp), %ymm0, %ymm4
+        vpaddd	416(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, 384(%rsp)
         vmovdqu	%ymm5, 416(%rsp)
-        vpaddd	448+L_avx2_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	480+L_avx2_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	448(%rbp), %ymm2, %ymm4
+        vpaddd	480(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 448(%rsp)
         vmovdqu	%ymm5, 480(%rsp)
         # rnd_all_4: 24-27
@@ -16245,8 +17060,8 @@ L_sha256_len_avx2_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        addq	$0x80, %rbp
-        subl	$0x80, %esi
+        addq	$0x80, %rsi
+        subl	$0x80, 512(%rsp)
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -16259,7 +17074,7 @@ L_sha256_len_avx2_start:
 L_sha256_len_avx2_done:
         xorq	%rax, %rax
         vzeroupper
-        addq	$0x200, %rsp
+        addq	$0x204, %rsp
         popq	%rbp
         popq	%r15
         popq	%r14
@@ -16364,26 +17179,27 @@ _Transform_Sha256_AVX2_RORX:
         pushq	%r13
         pushq	%r14
         pushq	%r15
+        pushq	%rbp
         subq	$0x200, %rsp
-        leaq	32(%rdi), %rax
+        leaq	L_avx2_rorx_sha256_k(%rip), %rbp
         vmovdqa	L_avx2_rorx_sha256_flip_mask(%rip), %xmm13
         vmovdqa	L_avx2_rorx_sha256_shuf_00BA(%rip), %ymm11
         vmovdqa	L_avx2_rorx_sha256_shuf_DC00(%rip), %ymm12
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rax), %xmm0
-        vmovdqu	16(%rax), %xmm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
         vpshufb	%xmm13, %xmm0, %xmm0
         vpshufb	%xmm13, %xmm1, %xmm1
-        vpaddd	0+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	32+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	(%rbp), %ymm0, %ymm4
+        vpaddd	32(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, (%rsp)
         vmovdqu	%ymm5, 32(%rsp)
-        vmovdqu	32(%rax), %xmm2
-        vmovdqu	48(%rax), %xmm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
         vpshufb	%xmm13, %xmm2, %xmm2
         vpshufb	%xmm13, %xmm3, %xmm3
-        vpaddd	64+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	96+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	64(%rbp), %ymm2, %ymm4
+        vpaddd	96(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 64(%rsp)
         vmovdqu	%ymm5, 96(%rsp)
         movl	(%rdi), %r8d
@@ -16546,7 +17362,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	128+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
+        vpaddd	128(%rbp), %ymm0, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -16705,7 +17521,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	160+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4
+        vpaddd	160(%rbp), %ymm1, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -16864,7 +17680,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	192+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
+        vpaddd	192(%rbp), %ymm2, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -17023,7 +17839,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	224+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4
+        vpaddd	224(%rbp), %ymm3, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -17182,7 +17998,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	256+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
+        vpaddd	256(%rbp), %ymm0, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -17341,7 +18157,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	288+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4
+        vpaddd	288(%rbp), %ymm1, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -17500,7 +18316,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	320+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
+        vpaddd	320(%rbp), %ymm2, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -17659,7 +18475,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	352+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4
+        vpaddd	352(%rbp), %ymm3, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -17818,7 +18634,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	384+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
+        vpaddd	384(%rbp), %ymm0, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -17977,7 +18793,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	416+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4
+        vpaddd	416(%rbp), %ymm1, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -18136,7 +18952,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	448+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
+        vpaddd	448(%rbp), %ymm2, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -18295,7 +19111,7 @@ _Transform_Sha256_AVX2_RORX:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	480+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4
+        vpaddd	480(%rbp), %ymm3, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -18703,6 +19519,7 @@ _Transform_Sha256_AVX2_RORX:
         xorq	%rax, %rax
         vzeroupper
         addq	$0x200, %rsp
+        popq	%rbp
         popq	%r15
         popq	%r14
         popq	%r13
@@ -18730,13 +19547,13 @@ _Transform_Sha256_AVX2_RORX_Len:
         pushq	%r14
         pushq	%r15
         pushq	%rbp
-        movq	%rsi, %rbp
-        movq	%rdx, %rsi
-        subq	$0x200, %rsp
-        testb	$0x40, %sil
+        movq	%rdx, %rbp
+        subq	$0x204, %rsp
+        testb	$0x40, %bpl
+        movl	%ebp, 512(%rsp)
         je	L_sha256_len_avx2_rorx_block
-        vmovdqu	(%rbp), %ymm0
-        vmovdqu	32(%rbp), %ymm1
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
         vmovups	%ymm0, 32(%rdi)
         vmovups	%ymm1, 64(%rdi)
 #ifndef __APPLE__
@@ -18744,10 +19561,11 @@ _Transform_Sha256_AVX2_RORX_Len:
 #else
         call	_Transform_Sha256_AVX2_RORX
 #endif /* __APPLE__ */
-        addq	$0x40, %rbp
-        subl	$0x40, %esi
+        addq	$0x40, %rsi
+        subl	$0x40, 512(%rsp)
         jz	L_sha256_len_avx2_rorx_done
 L_sha256_len_avx2_rorx_block:
+        leaq	L_avx2_rorx_sha256_k(%rip), %rbp
         vmovdqa	L_avx2_rorx_sha256_flip_mask(%rip), %ymm13
         vmovdqa	L_avx2_rorx_sha256_shuf_00BA(%rip), %ymm11
         vmovdqa	L_avx2_rorx_sha256_shuf_DC00(%rip), %ymm12
@@ -18762,24 +19580,24 @@ L_sha256_len_avx2_rorx_block:
         # Start of loop processing two blocks
 L_sha256_len_avx2_rorx_start:
         # X0, X1, X2, X3 = W[0..15]
-        vmovdqu	(%rbp), %xmm0
-        vmovdqu	16(%rbp), %xmm1
-        vinserti128	$0x01, 64(%rbp), %ymm0, %ymm0
-        vinserti128	$0x01, 80(%rbp), %ymm1, %ymm1
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vinserti128	$0x01, 64(%rsi), %ymm0, %ymm0
+        vinserti128	$0x01, 80(%rsi), %ymm1, %ymm1
         vpshufb	%ymm13, %ymm0, %ymm0
         vpshufb	%ymm13, %ymm1, %ymm1
-        vpaddd	0+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
-        vpaddd	32+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm5
+        vpaddd	(%rbp), %ymm0, %ymm4
+        vpaddd	32(%rbp), %ymm1, %ymm5
         vmovdqu	%ymm4, (%rsp)
         vmovdqu	%ymm5, 32(%rsp)
-        vmovdqu	32(%rbp), %xmm2
-        vmovdqu	48(%rbp), %xmm3
-        vinserti128	$0x01, 96(%rbp), %ymm2, %ymm2
-        vinserti128	$0x01, 112(%rbp), %ymm3, %ymm3
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vinserti128	$0x01, 96(%rsi), %ymm2, %ymm2
+        vinserti128	$0x01, 112(%rsi), %ymm3, %ymm3
         vpshufb	%ymm13, %ymm2, %ymm2
         vpshufb	%ymm13, %ymm3, %ymm3
-        vpaddd	64+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
-        vpaddd	96+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm5
+        vpaddd	64(%rbp), %ymm2, %ymm4
+        vpaddd	96(%rbp), %ymm3, %ymm5
         vmovdqu	%ymm4, 64(%rsp)
         vmovdqu	%ymm5, 96(%rsp)
         movl	%r9d, %ebx
@@ -18934,7 +19752,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	128+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
+        vpaddd	128(%rbp), %ymm0, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -19093,7 +19911,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	160+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4
+        vpaddd	160(%rbp), %ymm1, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -19252,7 +20070,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	192+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
+        vpaddd	192(%rbp), %ymm2, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -19411,7 +20229,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	224+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4
+        vpaddd	224(%rbp), %ymm3, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -19570,7 +20388,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	256+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
+        vpaddd	256(%rbp), %ymm0, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -19729,7 +20547,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	288+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4
+        vpaddd	288(%rbp), %ymm1, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -19888,7 +20706,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	320+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
+        vpaddd	320(%rbp), %ymm2, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -20047,7 +20865,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	352+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4
+        vpaddd	352(%rbp), %ymm3, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -20206,7 +21024,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	384+L_avx2_rorx_sha256_k(%rip), %ymm0, %ymm4
+        vpaddd	384(%rbp), %ymm0, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -20365,7 +21183,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	416+L_avx2_rorx_sha256_k(%rip), %ymm1, %ymm4
+        vpaddd	416(%rbp), %ymm1, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -20524,7 +21342,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r12d, %r8d
         movl	%r14d, %ebx
-        vpaddd	448+L_avx2_rorx_sha256_k(%rip), %ymm2, %ymm4
+        vpaddd	448(%rbp), %ymm2, %ymm4
         # rnd_1: 6 - 6
         xorl	%r13d, %ebx
         addl	%edx, %r12d
@@ -20683,7 +21501,7 @@ L_sha256_len_avx2_rorx_start:
         xorl	%ecx, %edx
         addl	%r8d, %r12d
         movl	%r10d, %ebx
-        vpaddd	480+L_avx2_rorx_sha256_k(%rip), %ymm3, %ymm4
+        vpaddd	480(%rbp), %ymm3, %ymm4
         # rnd_1: 6 - 6
         xorl	%r9d, %ebx
         addl	%edx, %r8d
@@ -22637,7 +23455,7 @@ L_sha256_len_avx2_rorx_start:
         addl	%edx, %r8d
         xorl	%r10d, %eax
         addl	%eax, %r8d
-        addq	$0x80, %rbp
+        addq	$0x80, %rsi
         addl	(%rdi), %r8d
         addl	4(%rdi), %r9d
         addl	8(%rdi), %r10d
@@ -22646,7 +23464,7 @@ L_sha256_len_avx2_rorx_start:
         addl	20(%rdi), %r13d
         addl	24(%rdi), %r14d
         addl	28(%rdi), %r15d
-        subl	$0x80, %esi
+        subl	$0x80, 512(%rsp)
         movl	%r8d, (%rdi)
         movl	%r9d, 4(%rdi)
         movl	%r10d, 8(%rdi)
@@ -22659,7 +23477,7 @@ L_sha256_len_avx2_rorx_start:
 L_sha256_len_avx2_rorx_done:
         xorq	%rax, %rax
         vzeroupper
-        addq	$0x200, %rsp
+        addq	$0x204, %rsp
         popq	%rbp
         popq	%r15
         popq	%r14
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 096566d28..de4dbb94d 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -1,6 +1,6 @@
 /* sha3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,13 +29,13 @@
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
    !defined(WOLFSSL_AFALG_XILINX_SHA3)
 
-#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$l")
-        #pragma const_seg(".fipsB$l")
+        #pragma code_seg(".fipsA$n")
+        #pragma const_seg(".fipsB$n")
     #endif
 #endif
 
@@ -43,6 +43,9 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -50,18 +53,35 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha3_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000016 };
+    int wolfCrypt_FIPS_SHA3_sanity(void)
+    {
+        return 0;
+    }
+#endif
 
-#if !defined(WOLFSSL_ARMASM) || !defined(WOLFSSL_ARMASM_CRYPTO_SHA3)
 
-#ifdef USE_INTEL_SPEEDUP
+#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
+        defined(WOLFSSL_ARMASM))
     #include <wolfssl/wolfcrypt/cpuid.h>
 
     word32 cpuid_flags;
     int cpuid_flags_set = 0;
+#ifdef WC_C_DYNAMIC_FALLBACK
+    #define SHA3_BLOCK (sha3->sha3_block)
+    #define SHA3_BLOCK_N (sha3->sha3_block_n)
+#else
     void (*sha3_block)(word64 *s) = NULL;
     void (*sha3_block_n)(word64 *s, const byte* data, word32 n,
         word64 c) = NULL;
+    #define SHA3_BLOCK sha3_block
+    #define SHA3_BLOCK_N sha3_block_n
 #endif
+#endif
+
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
 
 #ifdef WOLFSSL_SHA3_SMALL
 /* Rotate a 64-bit value left.
@@ -231,7 +251,7 @@ while (0)
 #ifndef USE_INTEL_SPEEDUP
 static
 #endif
-void BlockSha3(word64 *s)
+void BlockSha3(word64* s)
 {
     byte i, x, y;
     word64 t0, t1;
@@ -281,7 +301,7 @@ void BlockSha3(word64 *s)
  */
 #define ROTL64(a, n)    (((a)<<(n))|((a)>>(64-(n))))
 
-
+#if !defined(STM32_HASH_SHA3)
 /* An array of values to XOR for block operation. */
 static const word64 hash_keccak_r[24] =
 {
@@ -298,6 +318,7 @@ static const word64 hash_keccak_r[24] =
     W64LIT(0x8000000080008081), W64LIT(0x8000000000008080),
     W64LIT(0x0000000080000001), W64LIT(0x8000000080008008)
 };
+#endif
 
 /* Indices used in swap and rotate operation. */
 #define KI_0     6
@@ -515,6 +536,7 @@ do {                                                      \
 while (0)
 #endif /* SHA3_BY_SPEC */
 
+#if !defined(STM32_HASH_SHA3)
 /* The block operation performed on the state.
  *
  * s  The state.
@@ -522,7 +544,7 @@ while (0)
 #ifndef USE_INTEL_SPEEDUP
 static
 #endif
-void BlockSha3(word64 *s)
+void BlockSha3(word64* s)
 {
     word64 n[25];
     word64 b[5];
@@ -530,7 +552,7 @@ void BlockSha3(word64 *s)
 #ifndef SHA3_BY_SPEC
     word64 t1;
 #endif
-    byte i;
+    word32 i;
 
     for (i = 0; i < 24; i += 2)
     {
@@ -544,8 +566,10 @@ void BlockSha3(word64 *s)
     }
 }
 #endif /* WOLFSSL_SHA3_SMALL */
-#endif /* !WOLFSSL_ARMASM */
+#endif /* STM32_HASH_SHA3 */
+#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
+#if !defined(STM32_HASH_SHA3)
 static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
 {
     return ((word64)a[0] <<  0) |
@@ -599,6 +623,7 @@ static word64 Load64BitBigEndian(const byte* a)
  * sha3   wc_Sha3 object holding state.
  * returns 0 on success.
  */
+
 static int InitSha3(wc_Sha3* sha3)
 {
     int i;
@@ -614,22 +639,59 @@ static int InitSha3(wc_Sha3* sha3)
     if (!cpuid_flags_set) {
         cpuid_flags = cpuid_get_flags();
         cpuid_flags_set = 1;
+#ifdef WC_C_DYNAMIC_FALLBACK
+    }
+    {
+        if (! CAN_SAVE_VECTOR_REGISTERS()) {
+            SHA3_BLOCK = BlockSha3;
+            SHA3_BLOCK_N = NULL;
+        }
+        else
+#endif
         if (IS_INTEL_BMI1(cpuid_flags) && IS_INTEL_BMI2(cpuid_flags)) {
-            sha3_block = sha3_block_bmi2;
-            sha3_block_n = sha3_block_n_bmi2;
+            SHA3_BLOCK = sha3_block_bmi2;
+            SHA3_BLOCK_N = sha3_block_n_bmi2;
         }
         else if (IS_INTEL_AVX2(cpuid_flags)) {
-            sha3_block = sha3_block_avx2;
+            SHA3_BLOCK = sha3_block_avx2;
+            SHA3_BLOCK_N = NULL;
         }
         else {
-            sha3_block = BlockSha3;
+            SHA3_BLOCK = BlockSha3;
+            SHA3_BLOCK_N = NULL;
         }
     }
+#define SHA3_FUNC_PTR
+#endif
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+        if (IS_AARCH64_SHA3(cpuid_flags)) {
+            SHA3_BLOCK = BlockSha3_crypto;
+            SHA3_BLOCK_N = NULL;
+        }
+        else
+    #endif
+        {
+            SHA3_BLOCK = BlockSha3_base;
+            SHA3_BLOCK_N = NULL;
+        }
+    }
+#define SHA3_FUNC_PTR
 #endif
 
     return 0;
 }
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+void BlockSha3(word64* s)
+{
+    (*SHA3_BLOCK)(s);
+}
+#endif
+
 /* Update the SHA-3 hash state with message data.
  *
  * sha3  wc_Sha3 object holding state.
@@ -643,6 +705,10 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
     word32 i;
     word32 blocks;
 
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#endif
     if (sha3->i > 0) {
         byte *t;
         byte l = (byte)(p * 8 - sha3->i);
@@ -656,26 +722,26 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         }
         data += i;
         len -= i;
-        sha3->i += (byte) i;
+        sha3->i = (byte)(sha3->i + i);
 
         if (sha3->i == p * 8) {
             for (i = 0; i < p; i++) {
                 sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
             }
-        #ifdef USE_INTEL_SPEEDUP
-            (*sha3_block)(sha3->s);
+        #ifdef SHA3_FUNC_PTR
+            (*SHA3_BLOCK)(sha3->s);
         #else
             BlockSha3(sha3->s);
         #endif
             sha3->i = 0;
         }
     }
-    blocks = len / (p * 8);
-    #ifdef USE_INTEL_SPEEDUP
-    if ((sha3_block_n != NULL) && (blocks > 0)) {
-        (*sha3_block_n)(sha3->s, data, blocks, p * 8);
-        len -= blocks * (p * 8);
-        data += blocks * (p * 8);
+    blocks = len / (p * 8U);
+    #ifdef SHA3_FUNC_PTR
+    if ((SHA3_BLOCK_N != NULL) && (blocks > 0)) {
+        (*SHA3_BLOCK_N)(sha3->s, data, blocks, p * 8U);
+        len -= blocks * (p * 8U);
+        data += blocks * (p * 8U);
         blocks = 0;
     }
     #endif
@@ -683,16 +749,22 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         for (i = 0; i < p; i++) {
             sha3->s[i] ^= Load64Unaligned(data + 8 * i);
         }
-    #ifdef USE_INTEL_SPEEDUP
-        (*sha3_block)(sha3->s);
+    #ifdef SHA3_FUNC_PTR
+        (*SHA3_BLOCK)(sha3->s);
     #else
         BlockSha3(sha3->s);
     #endif
-        len -= p * 8;
-        data += p * 8;
+        len -= p * 8U;
+        data += p * 8U;
     }
-    XMEMCPY(sha3->t, data, len);
-    sha3->i += (byte)len;
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        RESTORE_VECTOR_REGISTERS();
+#endif
+    if (len > 0) {
+        XMEMCPY(sha3->t, data, len);
+    }
+    sha3->i = (byte)(sha3->i + len);
 
     return 0;
 }
@@ -707,7 +779,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
  */
 static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
 {
-    word32 rate = p * 8;
+    word32 rate = p * 8U;
     word32 j;
     word32 i;
 
@@ -719,14 +791,20 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     sha3->t[sha3->i ]  = padChar;
     sha3->t[rate - 1] |= 0x80;
     if (rate - 1 > (word32)sha3->i + 1) {
-        XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1 - (sha3->i + 1));
+        XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1U - (sha3->i + 1U));
     }
     for (i = 0; i < p; i++) {
         sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
     }
+
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#endif
+
     for (j = 0; l - j >= rate; j += rate) {
-    #ifdef USE_INTEL_SPEEDUP
-        (*sha3_block)(sha3->s);
+    #ifdef SHA3_FUNC_PTR
+        (*SHA3_BLOCK)(sha3->s);
     #else
         BlockSha3(sha3->s);
     #endif
@@ -737,8 +815,8 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     #endif
     }
     if (j != l) {
-    #ifdef USE_INTEL_SPEEDUP
-        (*sha3_block)(sha3->s);
+    #ifdef SHA3_FUNC_PTR
+        (*SHA3_BLOCK)(sha3->s);
     #else
         BlockSha3(sha3->s);
     #endif
@@ -747,8 +825,91 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     #endif
         XMEMCPY(hash + j, sha3->s, l - j);
     }
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        RESTORE_VECTOR_REGISTERS();
+#endif
+
     return 0;
 }
+#endif
+#if defined(STM32_HASH_SHA3)
+
+    /* Supports CubeMX HAL or Standard Peripheral Library */
+
+    static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
+    {
+        if (sha3 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha3, 0, sizeof(wc_Sha3));
+        wc_Stm32_Hash_Init(&sha3->stmCtx);
+        return 0;
+    }
+
+    static int Stm32GetAlgo(byte p)
+    {
+        switch(p) {
+            case WC_SHA3_224_COUNT:
+                return HASH_ALGOSELECTION_SHA3_224;
+            case WC_SHA3_256_COUNT:
+                return HASH_ALGOSELECTION_SHA3_256;
+            case WC_SHA3_384_COUNT:
+                return HASH_ALGOSELECTION_SHA3_384;
+            case WC_SHA3_512_COUNT:
+                return HASH_ALGOSELECTION_SHA3_512;
+        }
+        /* Should never get here */
+        return WC_SHA3_224_COUNT;
+    }
+
+    static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
+    {
+        int ret = 0;
+
+        if (sha3 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha3->stmCtx,
+                Stm32GetAlgo(p), data, len, p * 8);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
+    {
+        int ret = 0;
+
+        if (sha3 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha3->stmCtx,
+                Stm32GetAlgo(p), hash, len);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha3(sha3, NULL, 0); /* reset state */
+
+        return ret;
+    }
+#else
 
 /* Initialize the state for a SHA-3 hash operation.
  *
@@ -772,9 +933,11 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
     ret = wolfAsync_DevCtxInit(&sha3->asyncDev,
                         WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId);
-#else
+#endif
+#if defined(WOLF_CRYPTO_CB)
+    sha3->devId = devId;
+#endif
     (void)devId;
-#endif /* WOLFSSL_ASYNC_CRYPT */
 
     return ret;
 }
@@ -800,13 +963,32 @@ static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         return 0;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha3->devId != INVALID_DEVID)
+    #endif
+    {
+        int hash_type = WC_HASH_TYPE_NONE;
+        switch (p) {
+            case WC_SHA3_224_COUNT: hash_type = WC_HASH_TYPE_SHA3_224; break;
+            case WC_SHA3_256_COUNT: hash_type = WC_HASH_TYPE_SHA3_256; break;
+            case WC_SHA3_384_COUNT: hash_type = WC_HASH_TYPE_SHA3_384; break;
+            case WC_SHA3_512_COUNT: hash_type = WC_HASH_TYPE_SHA3_512; break;
+            default: return BAD_FUNC_ARG;
+        }
+        ret = wc_CryptoCb_Sha3Hash(sha3, hash_type, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
     if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) {
     #if defined(HAVE_INTEL_QA) && defined(QAT_V2)
         /* QAT only supports SHA3_256 */
         if (p == WC_SHA3_256_COUNT) {
             ret = IntelQaSymSha3(&sha3->asyncDev, NULL, data, len);
-            if (ret != NOT_COMPILED_IN)
+            if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                 return ret;
             /* fall-through when unavailable */
         }
@@ -835,6 +1017,25 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha3->devId != INVALID_DEVID)
+    #endif
+    {
+        int hash_type = WC_HASH_TYPE_NONE;
+        switch (p) {
+            case WC_SHA3_224_COUNT: hash_type = WC_HASH_TYPE_SHA3_224; break;
+            case WC_SHA3_256_COUNT: hash_type = WC_HASH_TYPE_SHA3_256; break;
+            case WC_SHA3_384_COUNT: hash_type = WC_HASH_TYPE_SHA3_384; break;
+            case WC_SHA3_512_COUNT: hash_type = WC_HASH_TYPE_SHA3_512; break;
+            default: return BAD_FUNC_ARG;
+        }
+        ret = wc_CryptoCb_Sha3Hash(sha3, hash_type, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
     if (sha3->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA3) {
     #if defined(HAVE_INTEL_QA) && defined(QAT_V2)
@@ -842,7 +1043,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
         /* QAT SHA-3 only supported on v2 (8970 or later cards) */
         if (len == WC_SHA3_256_DIGEST_SIZE) {
             ret = IntelQaSymSha3(&sha3->asyncDev, hash, NULL, len);
-            if (ret != NOT_COMPILED_IN)
+            if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                 return ret;
             /* fall-through when unavailable */
         }
@@ -856,7 +1057,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
 
     return InitSha3(sha3);  /* reset state */
 }
-
+#endif
 /* Dispose of any dynamically allocated data from the SHA3-384 operation.
  * (Required for async ops.)
  *
@@ -1300,6 +1501,10 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
 {
     int ret;
 
+    if ((shake == NULL) || (data == NULL && len != 0)) {
+        return BAD_FUNC_ARG;
+    }
+
     ret = Sha3Update(shake, data, len, WC_SHA3_128_COUNT);
     if (ret == 0) {
         byte hash[1];
@@ -1311,6 +1516,13 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
     return ret;
 }
 
+#ifdef WC_C_DYNAMIC_FALLBACK
+    #undef SHA3_BLOCK
+    #undef SHA3_BLOCK_N
+    #define SHA3_BLOCK (shake->sha3_block)
+    #define SHA3_BLOCK_N (shake->sha3_block_n)
+#endif
+
 /* Squeeze the state to produce pseudo-random output.
  *
  * shake  wc_Shake object holding state.
@@ -1320,9 +1532,16 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
  */
 int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
 {
+    if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
+        return BAD_FUNC_ARG;
+    }
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#endif
     for (; (blockCnt > 0); blockCnt--) {
-    #ifdef USE_INTEL_SPEEDUP
-        (*sha3_block)(shake->s);
+    #ifdef SHA3_FUNC_PTR
+        (*SHA3_BLOCK)(shake->s);
     #else
         BlockSha3(shake->s);
     #endif
@@ -1333,6 +1552,10 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
     #endif
         out += WC_SHA3_128_COUNT * 8;
     }
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        RESTORE_VECTOR_REGISTERS();
+#endif
 
     return 0;
 }
@@ -1430,6 +1653,10 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
 {
     int ret;
 
+    if ((shake == NULL) || (data == NULL && len != 0)) {
+        return BAD_FUNC_ARG;
+    }
+
     ret = Sha3Update(shake, data, len, WC_SHA3_256_COUNT);
     if (ret == 0) {
         byte hash[1];
@@ -1450,9 +1677,16 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
  */
 int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
 {
+    if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
+        return BAD_FUNC_ARG;
+    }
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+#endif
     for (; (blockCnt > 0); blockCnt--) {
-    #ifdef USE_INTEL_SPEEDUP
-        (*sha3_block)(shake->s);
+    #ifdef SHA3_FUNC_PTR
+        (*SHA3_BLOCK)(shake->s);
     #else
         BlockSha3(shake->s);
     #endif
@@ -1463,6 +1697,10 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
     #endif
         out += WC_SHA3_256_COUNT * 8;
     }
+#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2)
+        RESTORE_VECTOR_REGISTERS();
+#endif
 
     return 0;
 }
diff --git a/wolfcrypt/src/sha3_asm.S b/wolfcrypt/src/sha3_asm.S
index 07a0b140b..6ca133a92 100644
--- a/wolfcrypt/src/sha3_asm.S
+++ b/wolfcrypt/src/sha3_asm.S
@@ -1,6 +1,6 @@
 /* sha3_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index c0a19609b..b47fc3e33 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -1,6 +1,6 @@
 /* sha512.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,7 +28,7 @@
 
 #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \
     (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \
-    !defined(WOLFSSL_PSOC6_CRYPTO)
+    !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM)
 
 /* determine if we are using Espressif SHA hardware acceleration */
 #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
@@ -39,8 +39,8 @@
      * By default the HW acceleration is on for ESP32 Chipsets,
      * but individual components can be turned off. See user_settings.h
      */
+    #define TAG "wc_sha_512"
     #define WOLFSSL_USE_ESP32_CRYPT_HASH_HW
-    static const char* TAG = "wc_sha_512";
 #else
     #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
 #endif
@@ -50,8 +50,8 @@
     #define FIPS_NO_WRAPPERS
 
     #ifdef USE_WINDOWS_API
-        #pragma code_seg(".fipsA$k")
-        #pragma const_seg(".fipsB$k")
+        #pragma code_seg(".fipsA$m")
+        #pragma const_seg(".fipsB$m")
     #endif
 #endif
 
@@ -82,12 +82,26 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] =
+                                                     { 0x1a2b3c4d, 0x00000015 };
+    int wolfCrypt_FIPS_SHA512_sanity(void)
+    {
+        return 0;
+    }
+#endif
+
+
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 
+#if defined(MAX3266X_SHA)
+    /* Already brought in by sha512.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+#endif
 
-#if defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
     #if defined(__GNUC__) && ((__GNUC__ < 4) || \
                               (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
         #undef  NO_AVX2_SUPPORT
@@ -140,6 +154,9 @@
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     int wc_InitSha512(wc_Sha512* sha512)
     {
@@ -157,6 +174,17 @@
     }
     int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     {
+        if (sha512 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
         return se050_hash_update(&sha512->se050Ctx, data, len);
     }
     int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
@@ -191,11 +219,81 @@
     {
         se050_hash_free(&sha512->se050Ctx);
     }
+#elif defined(STM32_HASH_SHA512)
+
+    /* Supports CubeMX HAL or Standard Peripheral Library */
+
+    int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+    {
+        if (sha512 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha512, 0, sizeof(wc_Sha512));
+        wc_Stm32_Hash_Init(&sha512->stmCtx);
+        return 0;
+    }
+
+    int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512, data, len, WC_SHA512_BLOCK_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512, hash, WC_SHA512_DIGEST_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha512(sha512); /* reset state */
+
+        return ret;
+    }
 
 #else
 
 #ifdef WOLFSSL_SHA512
 
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+#ifdef WC_C_DYNAMIC_FALLBACK
+    #define SHA512_SETTRANSFORM_ARGS int *sha_method
+#else
+    #define SHA512_SETTRANSFORM_ARGS void
+#endif
+static void Sha512_SetTransform(SHA512_SETTRANSFORM_ARGS);
+#endif
+
 static int InitSha512(wc_Sha512* sha512)
 {
     if (sha512 == NULL)
@@ -214,6 +312,16 @@ static int InitSha512(wc_Sha512* sha512)
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
 
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+#ifdef WC_C_DYNAMIC_FALLBACK
+    sha512->sha_method = 0;
+    Sha512_SetTransform(&sha512->sha_method);
+#else
+    Sha512_SetTransform();
+#endif
+#endif
+
 #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
 
@@ -255,6 +363,16 @@ static int InitSha512_224(wc_Sha512* sha512)
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
 
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+#ifdef WC_C_DYNAMIC_FALLBACK
+    sha512->sha_method = 0;
+    Sha512_SetTransform(&sha512->sha_method);
+#else
+    Sha512_SetTransform();
+#endif
+#endif
+
 #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
     /* HW needs to be carefully initialized, taking into account soft copy.
@@ -298,6 +416,16 @@ static int InitSha512_256(wc_Sha512* sha512)
     sha512->loLen   = 0;
     sha512->hiLen   = 0;
 
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+#ifdef WC_C_DYNAMIC_FALLBACK
+    sha512->sha_method = 0;
+    Sha512_SetTransform(&sha512->sha_method);
+#else
+    Sha512_SetTransform();
+#endif
+#endif
+
 #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
     /* HW needs to be carefully initialized, taking into account soft copy.
@@ -318,11 +446,9 @@ static int InitSha512_256(wc_Sha512* sha512)
 #endif /* WOLFSSL_SHA512 */
 
 /* Hardware Acceleration */
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
 
-#ifdef WOLFSSL_SHA512
-
     /*****
     Intel AVX1/AVX2 Macro Control Structure
 
@@ -417,21 +543,178 @@ static int InitSha512_256(wc_Sha512* sha512)
     }  /* extern "C" */
 #endif
 
+    static word32 intel_flags = 0;
+
+#if defined(WC_C_DYNAMIC_FALLBACK) && !defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
+    #define WC_NO_INTERNAL_FUNCTION_POINTERS
+#endif
+
     static int _Transform_Sha512(wc_Sha512 *sha512);
+
+#ifdef WC_NO_INTERNAL_FUNCTION_POINTERS
+
+    enum sha_methods { SHA512_UNSET = 0, SHA512_AVX1, SHA512_AVX2,
+                       SHA512_AVX1_RORX, SHA512_AVX2_RORX, SHA512_C };
+
+#ifndef WC_C_DYNAMIC_FALLBACK
+    /* note that all write access to this static variable must be idempotent,
+     * as arranged by Sha512_SetTransform(), else it will be susceptible to
+     * data races.
+     */
+    static enum sha_methods sha_method = SHA512_UNSET;
+#endif
+
+    static void Sha512_SetTransform(SHA512_SETTRANSFORM_ARGS)
+    {
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA_METHOD (*sha_method)
+    #else
+        #define SHA_METHOD sha_method
+    #endif
+        if (SHA_METHOD != SHA512_UNSET)
+            return;
+
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        if (! CAN_SAVE_VECTOR_REGISTERS()) {
+            SHA_METHOD = SHA512_C;
+            return;
+        }
+    #endif
+
+        if (intel_flags == 0)
+            intel_flags = cpuid_get_flags();
+
+    #if defined(HAVE_INTEL_AVX2)
+        if (IS_INTEL_AVX2(intel_flags)) {
+        #ifdef HAVE_INTEL_RORX
+            if (IS_INTEL_BMI2(intel_flags)) {
+                SHA_METHOD = SHA512_AVX2_RORX;
+            }
+            else
+        #endif
+            {
+                SHA_METHOD = SHA512_AVX2;
+            }
+        }
+        else
+    #endif
+    #if defined(HAVE_INTEL_AVX1)
+        if (IS_INTEL_AVX1(intel_flags)) {
+        #ifdef HAVE_INTEL_RORX
+            if (IS_INTEL_BMI2(intel_flags)) {
+                SHA_METHOD = SHA512_AVX1_RORX;
+            }
+            else
+        #endif
+            {
+                SHA_METHOD = SHA512_AVX1;
+            }
+        }
+        else
+    #endif
+        {
+            SHA_METHOD = SHA512_C;
+        }
+    #undef SHA_METHOD
+    }
+
+    static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA_METHOD (sha512->sha_method)
+    #else
+        #define SHA_METHOD sha_method
+    #endif
+        int ret;
+        if (SHA_METHOD == SHA512_C)
+            return _Transform_Sha512(sha512);
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+        switch (SHA_METHOD) {
+        case SHA512_AVX2:
+            ret = Transform_Sha512_AVX2(sha512);
+            break;
+        case SHA512_AVX2_RORX:
+            ret = Transform_Sha512_AVX2_RORX(sha512);
+            break;
+        case SHA512_AVX1:
+            ret = Transform_Sha512_AVX1(sha512);
+            break;
+        case SHA512_AVX1_RORX:
+            ret = Transform_Sha512_AVX1_RORX(sha512);
+            break;
+        case SHA512_C:
+        case SHA512_UNSET:
+        default:
+            ret = _Transform_Sha512(sha512);
+            break;
+        }
+        RESTORE_VECTOR_REGISTERS();
+        return ret;
+    #undef SHA_METHOD
+    }
+
+    static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
+    #ifdef WC_C_DYNAMIC_FALLBACK
+        #define SHA_METHOD (sha512->sha_method)
+    #else
+        #define SHA_METHOD sha_method
+    #endif
+        int ret;
+        SAVE_VECTOR_REGISTERS(return _svr_ret;);
+        switch (SHA_METHOD) {
+        case SHA512_AVX2:
+            ret = Transform_Sha512_AVX2_Len(sha512, len);
+            break;
+        case SHA512_AVX2_RORX:
+            ret = Transform_Sha512_AVX2_RORX_Len(sha512, len);
+            break;
+        case SHA512_AVX1:
+            ret = Transform_Sha512_AVX1_Len(sha512, len);
+            break;
+        case SHA512_AVX1_RORX:
+            ret = Transform_Sha512_AVX1_RORX_Len(sha512, len);
+            break;
+        case SHA512_C:
+        case SHA512_UNSET:
+        default:
+            ret = 0;
+            break;
+        }
+        RESTORE_VECTOR_REGISTERS();
+        return ret;
+    #undef SHA_METHOD
+    }
+
+#else /* !WC_NO_INTERNAL_FUNCTION_POINTERS */
+
     static int (*Transform_Sha512_p)(wc_Sha512* sha512) = _Transform_Sha512;
     static int (*Transform_Sha512_Len_p)(wc_Sha512* sha512, word32 len) = NULL;
     static int transform_check = 0;
-    static word32 intel_flags;
     static int Transform_Sha512_is_vectorized = 0;
 
     static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
         int ret;
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha512_is_vectorized)
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+    #endif
         ret = (*Transform_Sha512_p)(sha512);
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha512_is_vectorized)
+            RESTORE_VECTOR_REGISTERS();
+    #endif
         return ret;
     }
     static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
         int ret;
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha512_is_vectorized)
+            SAVE_VECTOR_REGISTERS(return _svr_ret;);
+    #endif
         ret = (*Transform_Sha512_Len_p)(sha512, len);
+    #ifdef WOLFSSL_LINUXKM
+        if (Transform_Sha512_is_vectorized)
+            RESTORE_VECTOR_REGISTERS();
+    #endif
         return ret;
     }
 
@@ -486,7 +769,8 @@ static int InitSha512_256(wc_Sha512* sha512)
 
         transform_check = 1;
     }
-#endif /* WOLFSSL_SHA512 */
+
+#endif /* !WC_NO_INTERNAL_FUNCTION_POINTERS */
 
 #else
     #define Transform_Sha512(sha512) _Transform_Sha512(sha512)
@@ -498,7 +782,7 @@ static int InitSha512_256(wc_Sha512* sha512)
 static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
                              int (*initfp)(wc_Sha512*))
 {
-   int ret = 0;
+    int ret = 0;
 
     if (sha512 == NULL) {
         return BAD_FUNC_ARG;
@@ -519,10 +803,6 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
     if (ret != 0)
         return ret;
 
-#if defined(USE_INTEL_SPEEDUP) && \
-    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-    Sha512_SetTransform();
-#endif
 #ifdef WOLFSSL_HASH_KEEP
     sha512->msg  = NULL;
     sha512->len  = 0;
@@ -553,6 +833,12 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
     sha512->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, InitSha512);
 }
 
@@ -760,9 +1046,13 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
 
         if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
     #if defined(LITTLE_ENDIAN_ORDER)
-        #if defined(USE_INTEL_SPEEDUP) && \
+        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
             (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+            #ifdef WC_C_DYNAMIC_FALLBACK
+            if (sha512->sha_method == SHA512_C)
+            #else
             if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+            #endif
         #endif
             {
         #if !defined(WOLFSSL_ESP32_CRYPT) || \
@@ -778,15 +1068,17 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
          defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
             ret = Transform_Sha512(sha512);
     #else
-            if(sha512->ctx.mode == ESP32_SHA_INIT) {
+            if (sha512->ctx.mode == ESP32_SHA_INIT) {
                 esp_sha_try_hw_lock(&sha512->ctx);
             }
-            ret = esp_sha512_process(sha512);
-            if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
+            if (sha512->ctx.mode == ESP32_SHA_SW) {
                 ByteReverseWords64(sha512->buffer, sha512->buffer,
                                                          WC_SHA512_BLOCK_SIZE);
                 ret = Transform_Sha512(sha512);
             }
+            else {
+                ret = esp_sha512_process(sha512);
+            }
     #endif
             if (ret == 0)
                 sha512->buffLen = 0;
@@ -795,9 +1087,18 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
         }
     }
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-    if (Transform_Sha512_Len_p != NULL) {
+
+    #ifdef WC_C_DYNAMIC_FALLBACK
+    if (sha512->sha_method != SHA512_C)
+    #elif defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
+    if (sha_method != SHA512_C)
+    #else
+    if (Transform_Sha512_Len_p != NULL)
+    #endif
+
+    {
         word32 blocksLen = len & ~((word32)WC_SHA512_BLOCK_SIZE-1);
 
         if (blocksLen > 0) {
@@ -810,8 +1111,9 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
     }
     else
 #endif
-#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \
-        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
+#if !defined(LITTLE_ENDIAN_ORDER) || (defined(WOLFSSL_X86_64_BUILD) && \
+        defined(USE_INTEL_SPEEDUP) && (defined(HAVE_INTEL_AVX1) || \
+        defined(HAVE_INTEL_AVX2)))
     {
         while (len >= WC_SHA512_BLOCK_SIZE) {
             XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
@@ -819,9 +1121,13 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
             data += WC_SHA512_BLOCK_SIZE;
             len  -= WC_SHA512_BLOCK_SIZE;
 
-        #if defined(USE_INTEL_SPEEDUP) && \
+        #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
             (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+            #ifdef WC_C_DYNAMIC_FALLBACK
+            if (sha512->sha_method == SHA512_C)
+            #else
             if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+            #endif
             {
                 ByteReverseWords64(sha512->buffer, sha512->buffer,
                                                           WC_SHA512_BLOCK_SIZE);
@@ -881,7 +1187,14 @@ static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 le
 
 int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
 {
-    if (sha512 == NULL || (data == NULL && len > 0)) {
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && len == 0) {
+        /* valid, but do nothing */
+        return 0;
+    }
+    if (data == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -891,7 +1204,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     #endif
     {
         int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -919,6 +1232,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+#elif defined(STM32_HASH_SHA512)
 #else
 
 static WC_INLINE int Sha512Final(wc_Sha512* sha512)
@@ -942,12 +1258,20 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 
     /* pad with zeros */
     if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
-        XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+        if (sha512->buffLen < WC_SHA512_BLOCK_SIZE ) {
+            XMEMSET(&local[sha512->buffLen], 0,
+                WC_SHA512_BLOCK_SIZE - sha512->buffLen);
+        }
+
         sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen;
 #if defined(LITTLE_ENDIAN_ORDER)
-    #if defined(USE_INTEL_SPEEDUP) && \
+    #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+        #ifdef WC_C_DYNAMIC_FALLBACK
+        if (sha512->sha_method == SHA512_C)
+        #else
         if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+        #endif
     #endif
         {
 
@@ -991,9 +1315,13 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 
     /* store lengths */
 #if defined(LITTLE_ENDIAN_ORDER)
-    #if defined(USE_INTEL_SPEEDUP) && \
+    #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+        #ifdef WC_C_DYNAMIC_FALLBACK
+        if (sha512->sha_method == SHA512_C)
+        #else
         if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+        #endif
     #endif
     #if !defined(WOLFSSL_ESP32_CRYPT) || \
          defined(NO_WOLFSSL_ESP32_CRYPT_HASH) || \
@@ -1010,9 +1338,13 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
     sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
 #endif
 
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+    #ifdef WC_C_DYNAMIC_FALLBACK
+    if (sha512->sha_method != SHA512_C)
+    #else
     if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
+    #endif
         ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
                            &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
                            WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE);
@@ -1063,26 +1395,23 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+#elif defined(STM32_HASH_SHA512)
 #else
 
 static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
 {
-#ifdef LITTLE_ENDIAN_ORDER
-    word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
-#endif
-
     if (sha512 == NULL || hash == NULL) {
         return BAD_FUNC_ARG;
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
-                                                         WC_SHA512_DIGEST_SIZE);
-    XMEMCPY(hash, digest, digestSz);
-#else
-    XMEMCPY(hash, sha512->digest, digestSz);
+    ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE);
 #endif
 
+    XMEMCPY(hash, sha512->digest, digestSz);
+
     return 0;
 }
 
@@ -1107,7 +1436,7 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz,
     {
         byte localHash[WC_SHA512_DIGEST_SIZE];
         ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
-        if (ret != CRYPTOCB_UNAVAILABLE) {
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             XMEMCPY(hash, localHash, digestSz);
             return ret;
         }
@@ -1132,13 +1461,19 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz,
     return initfp(sha512);
 }
 
+#ifndef STM32_HASH_SHA512
 int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 {
     return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512);
 }
+#endif
 
 #endif /* WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
 int wc_InitSha512(wc_Sha512* sha512)
 {
@@ -1181,12 +1516,18 @@ void wc_Sha512Free(wc_Sha512* sha512)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     ForceZero(sha512, sizeof(*sha512));
 }
+#endif
+
 #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \
     && !defined(WOLFSSL_KCAPI_HASH)
 /* Apply SHA512 transformation to the data                */
@@ -1215,15 +1556,14 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
         return MEMORY_E;
 #endif
 
-#if defined(USE_INTEL_SPEEDUP) && \
-    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-    Sha512_SetTransform();
-#endif
-
 #if defined(LITTLE_ENDIAN_ORDER)
-#if defined(USE_INTEL_SPEEDUP) && \
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
     (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+    #ifdef WC_C_DYNAMIC_FALLBACK
+    if (sha->sha_method == SHA512_C)
+    #else
     if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+    #endif
 #endif
     {
         ByteReverseWords64((word64*)data, (word64*)data,
@@ -1267,6 +1607,17 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
     }
     int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
     {
+        if (sha384 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
         return se050_hash_update(&sha384->se050Ctx, data, len);
 
     }
@@ -1295,6 +1646,67 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+#elif defined(STM32_HASH_SHA384)
+
+    int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+    {
+        if (sha384 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha384, 0, sizeof(wc_Sha384));
+        wc_Stm32_Hash_Init(&sha384->stmCtx);
+        return 0;
+    }
+
+    int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
+    {
+        int ret = 0;
+
+        if (sha384 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha384->stmCtx,
+                HASH_ALGOSELECTION_SHA384, data, len, WC_SHA384_BLOCK_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
+    {
+        int ret = 0;
+
+        if (sha384 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha384->stmCtx,
+                HASH_ALGOSELECTION_SHA384, hash, WC_SHA384_DIGEST_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha384(sha384); /* reset state */
+
+        return ret;
+    }
+
 #else
 
 static int InitSha384(wc_Sha384* sha384)
@@ -1316,6 +1728,16 @@ static int InitSha384(wc_Sha384* sha384)
     sha384->loLen   = 0;
     sha384->hiLen   = 0;
 
+#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) && \
+    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
+#ifdef WC_C_DYNAMIC_FALLBACK
+    sha384->sha_method = 0;
+    Sha512_SetTransform(&sha384->sha_method);
+#else
+    Sha512_SetTransform();
+#endif
+#endif
+
 #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)  && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384)
     /* HW needs to be carefully initialized, taking into account soft copy.
@@ -1342,7 +1764,15 @@ static int InitSha384(wc_Sha384* sha384)
 
 int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
 {
-    if (sha384 == NULL || (data == NULL && len > 0)) {
+
+    if (sha384 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && len == 0) {
+        /* valid, but do nothing */
+        return 0;
+    }
+    if (data == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -1352,7 +1782,7 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
     #endif
     {
         int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -1371,22 +1801,16 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
 
 int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
 {
-#ifdef LITTLE_ENDIAN_ORDER
-    word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
-#endif
-
     if (sha384 == NULL || hash == NULL) {
         return BAD_FUNC_ARG;
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
-                                                         WC_SHA384_DIGEST_SIZE);
-    XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
-#else
-    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
+    ByteReverseWords64(sha384->digest, sha384->digest, WC_SHA384_DIGEST_SIZE);
 #endif
 
+    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
+
     return 0;
 }
 
@@ -1404,7 +1828,7 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
     #endif
     {
         ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
     }
@@ -1453,16 +1877,18 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
     sha384->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     ret = InitSha384(sha384);
     if (ret != 0) {
         return ret;
     }
 
-#if defined(USE_INTEL_SPEEDUP) && \
-    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
-    Sha512_SetTransform();
-#endif
-
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
     ret = wolfAsync_DevCtxInit(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384,
                                                            sha384->heap, devId);
@@ -1477,6 +1903,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 int wc_InitSha384(wc_Sha384* sha384)
 {
     int devId = INVALID_DEVID;
@@ -1532,9 +1962,14 @@ void wc_Sha384Free(wc_Sha384* sha384)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
     ForceZero(sha384, sizeof(*sha384));
 }
 
+#endif
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
@@ -1546,6 +1981,9 @@ void wc_Sha384Free(wc_Sha384* sha384)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
@@ -1612,7 +2050,8 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
 #endif
 
-#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
+#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
+   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
     #if defined(CONFIG_IDF_TARGET_ESP32)
     if (ret == 0) {
         ret = esp_sha512_ctx_copy(src, dst);
@@ -1648,6 +2087,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -1673,17 +2119,75 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
 #if !defined(WOLFSSL_NOSHA512_224) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 
+#if defined(STM32_HASH_SHA512_224)
 
+int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    if (sha512 == NULL)
+        return BAD_FUNC_ARG;
+
+    (void)devId;
+    (void)heap;
+
+    XMEMSET(sha512, 0, sizeof(wc_Sha512));
+    wc_Stm32_Hash_Init(&sha512->stmCtx);
+    return 0;
+}
+
+int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    int ret = 0;
+
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && len == 0) {
+        /* valid, but do nothing */
+        return 0;
+    }
+    if (data == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ret = wolfSSL_CryptHwMutexLock();
+    if (ret == 0) {
+        ret = wc_Stm32_Hash_Update(&sha512->stmCtx,
+            HASH_ALGOSELECTION_SHA512_224, data, len, WC_SHA512_224_BLOCK_SIZE);
+        wolfSSL_CryptHwMutexUnLock();
+    }
+    return ret;
+}
+
+int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    if (sha512 == NULL || hash == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ret = wolfSSL_CryptHwMutexLock();
+    if (ret == 0) {
+        ret = wc_Stm32_Hash_Final(&sha512->stmCtx,
+            HASH_ALGOSELECTION_SHA512_224, hash, WC_SHA512_224_DIGEST_SIZE);
+        wolfSSL_CryptHwMutexUnLock();
+    }
+
+    (void)wc_InitSha512_224(sha512); /* reset state */
+
+    return ret;
+}
+#endif
 int wc_InitSha512_224(wc_Sha512* sha)
 {
     return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID);
 }
-
+#if !defined(STM32_HASH_SHA512_224)
 int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
 {
     return wc_Sha512Update(sha, data, len);
 }
-
+#endif
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
@@ -1691,6 +2195,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
+#elif defined(STM32_HASH_SHA512_224)
 
 #else
 int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
@@ -1753,16 +2258,75 @@ int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
 
 #if !defined(WOLFSSL_NOSHA512_256) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+#if defined(STM32_HASH_SHA512_256)
 
+    int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
+    {
+        if (sha512 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha512, 0, sizeof(wc_Sha512));
+        wc_Stm32_Hash_Init(&sha512->stmCtx);
+        return 0;
+    }
+
+    int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512_256, data, len, WC_SHA512_256_BLOCK_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512_256, hash, WC_SHA512_256_DIGEST_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha512_256(sha512); /* reset state */
+
+        return ret;
+    }
+#endif
 int wc_InitSha512_256(wc_Sha512* sha)
 {
     return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID);
 }
-
+#if !defined(STM32_HASH_SHA512_256)
 int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
 {
     return wc_Sha512Update(sha, data, len);
 }
+#endif
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
@@ -1770,7 +2334,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
-
+#elif defined(STM32_HASH_SHA512_256)
 #else
 int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
 {
@@ -1836,6 +2400,9 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
@@ -1897,7 +2464,8 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
     ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
 #endif
 
-#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
+#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) && \
+   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384)
     #if defined(CONFIG_IDF_TARGET_ESP32)
         esp_sha384_ctx_copy(src, dst);
     #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
@@ -1934,6 +2502,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/sha512_asm.S b/wolfcrypt/src/sha512_asm.S
index 47789e83a..fe7278541 100644
--- a/wolfcrypt/src/sha512_asm.S
+++ b/wolfcrypt/src/sha512_asm.S
@@ -1,6 +1,6 @@
 /* sha512_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -159,7 +159,7 @@ _Transform_Sha512_AVX1:
         movq	%r12, %rax
         xorq	%r10, %rbx
         # Start of 16 rounds
-L_sha256_len_avx1_start:
+L_transform_sha512_avx1_start:
         vpaddq	(%rsi), %xmm0, %xmm8
         vpaddq	16(%rsi), %xmm1, %xmm9
         vmovdqu	%xmm8, (%rsp)
@@ -906,7 +906,7 @@ L_sha256_len_avx1_start:
         vpaddq	%xmm7, %xmm8, %xmm7
         # msg_sched done: 14-17
         subl	$0x01, 128(%rsp)
-        jne	L_sha256_len_avx1_start
+        jne	L_transform_sha512_avx1_start
         vpaddq	(%rsi), %xmm0, %xmm8
         vpaddq	16(%rsi), %xmm1, %xmm9
         vmovdqu	%xmm8, (%rsp)
@@ -1372,7 +1372,6 @@ L_sha256_len_avx1_start:
         addq	%r14, 48(%rdi)
         addq	%r15, 56(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x88, %rsp
         popq	%r15
         popq	%r14
@@ -2664,7 +2663,6 @@ L_sha512_len_avx1_start:
         movq	%r15, 56(%rdi)
         jnz	L_sha512_len_avx1_begin
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x90, %rsp
         popq	%rbp
         popq	%r15
@@ -2805,7 +2803,7 @@ _Transform_Sha512_AVX1_RORX:
         vmovdqu	%xmm8, 96(%rsp)
         vmovdqu	%xmm9, 112(%rsp)
         # Start of 16 rounds
-L_sha256_len_avx1_rorx_start:
+L_transform_sha512_avx1_rorx_start:
         addq	$0x80, %rsi
         # msg_sched: 0-1
         # rnd_0: 0 - 0
@@ -3512,7 +3510,7 @@ L_sha256_len_avx1_rorx_start:
         vmovdqu	%xmm8, 96(%rsp)
         vmovdqu	%xmm9, 112(%rsp)
         subl	$0x01, 128(%rsp)
-        jne	L_sha256_len_avx1_rorx_start
+        jne	L_transform_sha512_avx1_rorx_start
         # rnd_all_2: 0-1
         # rnd_0: 0 - 7
         rorxq	$14, %r12, %rax
@@ -3931,7 +3929,6 @@ L_sha256_len_avx1_rorx_start:
         addq	%r14, 48(%rdi)
         addq	%r15, 56(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x88, %rsp
         popq	%r15
         popq	%r14
@@ -5168,7 +5165,6 @@ L_sha512_len_avx1_rorx_start:
         movq	%r15, 56(%rdi)
         jnz	L_sha512_len_avx1_rorx_begin
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x90, %rsp
         popq	%rbp
         popq	%r15
diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c
index efcbd8878..98db14f85 100644
--- a/wolfcrypt/src/signature.c
+++ b/wolfcrypt/src/signature.c
@@ -1,6 +1,6 @@
 /* signature.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,6 +48,16 @@
 /* Signature wrapper disabled check */
 #ifndef NO_SIG_WRAPPER
 
+#if !defined(NO_RSA) && defined(NO_ASN)
+    #ifndef MAX_DER_DIGEST_ASN_SZ
+        #define MAX_DER_DIGEST_ASN_SZ 36
+    #endif
+    #ifndef MAX_ENCODED_SIG_SZ
+        #define MAX_ENCODED_SIG_SZ 1024 /* Supports 8192 bit keys */
+    #endif
+#endif
+
+
 #if !defined(NO_RSA) && defined(WOLFSSL_CRYPTOCELL)
     extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
                                 RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
@@ -80,7 +90,7 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data,
 int wc_SignatureGetSize(enum wc_SignatureType sig_type,
     const void* key, word32 key_len)
 {
-    int sig_len = BAD_FUNC_ARG;
+    int sig_len = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Suppress possible unused args if all signature types are disabled */
     (void)key;
@@ -169,7 +179,7 @@ int wc_SignatureVerifyHash(
             if (ret >= 0)
                 ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len,
                     &is_valid_sig, (ecc_key*)key);
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret != 0 || is_valid_sig != 1) {
                 ret = SIG_VERIFY_E;
             }
@@ -225,8 +235,9 @@ int wc_SignatureVerifyHash(
                         WC_ASYNC_FLAG_CALL_AGAIN);
                 #endif
                 if (ret >= 0)
-                        ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key);
-                } while (ret == WC_PENDING_E);
+                        ret = wc_RsaSSL_VerifyInline(plain_data, sig_len,
+                            &plain_ptr, (RsaKey*)key);
+                } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                 if (ret >= 0 && plain_ptr) {
                     if ((word32)ret == hash_len &&
                             XMEMCMP(plain_ptr, hash_data, hash_len) == 0) {
@@ -395,7 +406,7 @@ int wc_SignatureGenerateHash_ex(
             if (ret >= 0)
                 ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len,
                     rng, (ecc_key*)key);
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
 #else
             ret = SIG_TYPE_E;
 #endif
@@ -426,7 +437,7 @@ int wc_SignatureGenerateHash_ex(
                 if (ret >= 0)
                     ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
                         (RsaKey*)key, rng);
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif /* WOLFSSL_CRYPTOCELL */
             if (ret >= 0) {
                 *sig_len = (word32)ret;
diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c
index 0fc27218a..4b73e7062 100644
--- a/wolfcrypt/src/siphash.c
+++ b/wolfcrypt/src/siphash.c
@@ -1,6 +1,6 @@
 /* siphash.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -69,14 +69,14 @@
  * @param [in] a  Little-endian byte array.
  * @return 64-bit number.
  */
-#define GET_U64(a)      (*(word64*)(a))
+#define GET_U64(a)      readUnalignedWord64(a)
 /**
  * Decode little-endian byte array to 32-bit number.
  *
  * @param [in] a  Little-endian byte array.
  * @return 32-bit number.
  */
-#define GET_U32(a)      (*(word32*)(a))
+#define GET_U32(a)      readUnalignedWord32(a)
 /**
  * Decode little-endian byte array to 16-bit number.
  *
@@ -90,7 +90,7 @@
  * @param [out] a  Byte array to write into.
  * @param [in]  n  Number to encode.
  */
-#define SET_U64(a, n)   ((*(word64*)(a)) = (n))
+#define SET_U64(a, n)   writeUnalignedWord64(a, n)
 #else
 /**
  * Decode little-endian byte array to 64-bit number.
@@ -112,7 +112,7 @@
  * @param [in] a  Little-endian byte array.
  * @return 32-bit number.
  */
-#define GET_U32(a)      (((word64)((a)[3]) << 24) |     \
+#define GET_U32(a)      (((word32)((a)[3]) << 24) |     \
                          ((word32)((a)[2]) << 16) |     \
                          ((word32)((a)[1]) <<  8) |     \
                          ((word32)((a)[0])      ))
@@ -256,14 +256,14 @@ int wc_SipHashUpdate(SipHash* sipHash, const unsigned char* in, word32 inSz)
     if ((ret == 0) && (inSz > 0)) {
         /* Add to cache if already started. */
         if (sipHash->cacheCnt > 0) {
-            byte len = SIPHASH_BLOCK_SIZE - sipHash->cacheCnt;
+            byte len = (byte)(SIPHASH_BLOCK_SIZE - sipHash->cacheCnt);
             if (len > inSz) {
                 len = (byte)inSz;
             }
             XMEMCPY(sipHash->cache + sipHash->cacheCnt, in, len);
             in += len;
             inSz -= len;
-            sipHash->cacheCnt += len;
+            sipHash->cacheCnt = (byte)(sipHash->cacheCnt + len);
 
             if (sipHash->cacheCnt == SIPHASH_BLOCK_SIZE) {
                 /* Compress the block from the cache. */
@@ -331,7 +331,7 @@ int wc_SipHashFinal(SipHash* sipHash, unsigned char* out, unsigned char outSz)
 
     if (ret == 0) {
         /* Put in remaining cached message bytes. */
-        XMEMSET(sipHash->cache + sipHash->cacheCnt, 0, 7 - sipHash->cacheCnt);
+        XMEMSET(sipHash->cache + sipHash->cacheCnt, 0, 7U - sipHash->cacheCnt);
         sipHash->cache[7] = (byte)(sipHash->inCnt + sipHash->cacheCnt);
 
         SipHashCompress(sipHash, sipHash->cache);
@@ -468,7 +468,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 
         : [in] "+r" (in), [inSz] "+r" (inSz), [k0] "+r" (k0), [k1] "+r" (k1),
           [v0] "+r" (v0), [v1] "+r" (v1), [v2] "+r" (v2), [v3] "+r" (v3)
-        : [key] "r" (key), [out] "r" (out) , [outSz] "r" (outSz)
+        : [out] "r" (out) , [outSz] "r" (outSz)
         : "memory"
     );
 
@@ -515,16 +515,16 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 #endif
         "xorq   %[k1], %[v0]\n\t"
 
-        "cmp    $8, %[outSz]\n\t"
-        "je     L_siphash_8_end\n\t"
-
         : [in] "+r" (in), [inSz] "+r" (inSz), [k0] "+r" (k0), [k1] "+r" (k1),
           [v0] "+r" (v0), [v1] "+r" (v1), [v2] "+r" (v2), [v3] "+r" (v3)
-        : [key] "r" (key), [out] "r" (out) , [outSz] "r" (outSz)
+        : [out] "r" (out) , [outSz] "r" (outSz)
         : "memory"
     );
 
     __asm__ __volatile__ (
+        "cmp    $8, %[outSz]\n\t"
+        "je     L_siphash_8_end\n\t"
+
         "xor    $0xee, %b[v2]\n\t"
 #if WOLFSSL_SIPHASH_DROUNDS == 2
         SIPHASH_ROUND(%[v0], %[v1], %[v2], %[v3])
@@ -575,7 +575,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 
         : [in] "+r" (in), [inSz] "+r" (inSz), [k0] "+r" (k0), [k1] "+r" (k1),
           [v0] "+r" (v0), [v1] "+r" (v1), [v2] "+r" (v2), [v3] "+r" (v3)
-        : [key] "r" (key), [out] "r" (out) , [outSz] "r" (outSz)
+        : [out] "r" (out) , [outSz] "r" (outSz)
         : "memory"
     );
 
@@ -805,29 +805,29 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 #else
 
 #define SipRoundV(v0, v1, v2, v3)   \
-    v0 += v1;                       \
-    v2 += v3;                       \
-    v1 = rotlFixed64(v1, 13);       \
-    v3 = rotlFixed64(v3, 16);       \
-    v1 ^= v0;                       \
-    v3 ^= v2;                       \
-    v0 = rotlFixed64(v0, 32);       \
-    v2 += v1;                       \
-    v0 += v3;                       \
-    v1 = rotlFixed64(v1, 17);       \
-    v3 = rotlFixed64(v3, 21);       \
-    v1 ^= v2;                       \
-    v3 ^= v0;                       \
-    v2 = rotlFixed64(v2, 32);
+    (v0) += (v1);                   \
+    (v2) += (v3);                   \
+    (v1) = rotlFixed64(v1, 13);     \
+    (v3) = rotlFixed64(v3, 16);     \
+    (v1) ^= (v0);                   \
+    (v3) ^= (v2);                   \
+    (v0) = rotlFixed64(v0, 32);     \
+    (v2) += (v1);                   \
+    (v0) += (v3);                   \
+    (v1) = rotlFixed64(v1, 17);     \
+    (v3) = rotlFixed64(v3, 21);     \
+    (v1) ^= (v2);                   \
+    (v3) ^= (v0);                   \
+    (v2) = rotlFixed64(v2, 32);
 
 #define SipHashCompressV(v0, v1, v2, v3, m)             \
     do {                                                \
         int i;                                          \
-        v3 ^= m;                                        \
+        (v3) ^= (m);                                    \
         for (i = 0; i < WOLFSSL_SIPHASH_CROUNDS; i++) { \
             SipRoundV(v0, v1, v2, v3);                  \
         }                                               \
-        v0 ^= m;                                        \
+        (v0) ^= (m);                                    \
     }                                                   \
     while (0)
 
@@ -839,7 +839,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
         for (i = 0; i < WOLFSSL_SIPHASH_DROUNDS; i++) { \
             SipRoundV(v0, v1, v2, v3);                  \
         }                                               \
-        n = v0 ^ v1 ^ v2 ^ v3;                          \
+        n = (v0) ^ (v1) ^ (v2) ^ (v3);                  \
         SET_U64(out, n);                                \
     }                                                   \
     while (0)
diff --git a/wolfcrypt/src/sm2.c b/wolfcrypt/src/sm2.c
index 829d5e5b2..a0873cbf6 100644
--- a/wolfcrypt/src/sm2.c
+++ b/wolfcrypt/src/sm2.c
@@ -1,6 +1,6 @@
 /* sm2.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sm3.c b/wolfcrypt/src/sm3.c
index 1339037b7..edc8c5f36 100644
--- a/wolfcrypt/src/sm3.c
+++ b/wolfcrypt/src/sm3.c
@@ -1,6 +1,6 @@
 /* sm3.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sm3_asm.S b/wolfcrypt/src/sm3_asm.S
index 2c368f1ff..8fd7a6513 100644
--- a/wolfcrypt/src/sm3_asm.S
+++ b/wolfcrypt/src/sm3_asm.S
@@ -1,6 +1,6 @@
 /* sm3_asm.S
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sm4.c b/wolfcrypt/src/sm4.c
index 1e4f31760..9bea60359 100644
--- a/wolfcrypt/src/sm4.c
+++ b/wolfcrypt/src/sm4.c
@@ -1,6 +1,6 @@
 /* sm4.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c
index 2014da43d..eb3a77317 100644
--- a/wolfcrypt/src/sp_arm32.c
+++ b/wolfcrypt/src/sp_arm32.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -93,7 +93,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -104,12 +105,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -2231,7 +2240,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -2584,7 +2594,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "add	sp, sp, #36\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2610,7 +2621,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "strd	%[r], %[a], [sp, #36]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -2655,7 +2666,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #32]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -2715,7 +2726,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
 }
 
@@ -2751,9 +2763,9 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -2798,9 +2810,9 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -2848,9 +2860,9 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -2988,9 +3000,9 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -3066,9 +3078,9 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -3266,9 +3278,9 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -3400,9 +3412,9 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -4680,7 +4692,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -4923,7 +4936,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -4941,7 +4955,7 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	%[r], [sp, #28]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -5028,18 +5042,19 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         /* R[15] = r7 */
         "ldr	lr, [sp, #28]\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
         "stm	lr!, {r7}\n\t"
         "sub	lr, lr, #0x40\n\t"
-        "ldm	sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
-        "stm	lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
+        "stm	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
         "add	sp, sp, #32\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5074,9 +5089,9 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5159,9 +5174,9 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5272,9 +5287,9 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5347,9 +5362,10 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5383,9 +5399,10 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5585,7 +5602,8 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_2048_mul_64_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -5742,7 +5760,8 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_2048_sqr_64_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -5798,9 +5817,10 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5834,9 +5854,10 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -6036,7 +6057,8 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_2048_mul_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -6193,7 +6215,8 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_2048_sqr_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -6314,7 +6337,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #256]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -8379,7 +8402,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r4, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -8408,7 +8431,8 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -8434,9 +8458,9 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -8448,7 +8472,8 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -8572,9 +8597,9 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -9553,7 +9578,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -9848,7 +9874,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -10053,7 +10080,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -10183,7 +10211,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -11224,7 +11252,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -11283,9 +11311,9 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -11421,9 +11449,9 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -11820,9 +11848,9 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -12022,13 +12050,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12191,13 +12218,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12231,7 +12257,8 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -12257,9 +12284,9 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -12271,7 +12298,8 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -12507,9 +12535,9 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -14416,7 +14444,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -14967,7 +14996,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -15332,7 +15362,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -15400,9 +15431,10 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -15534,9 +15566,9 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -15594,9 +15626,9 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -15732,9 +15764,9 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -16587,9 +16619,9 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -16783,13 +16815,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16935,13 +16966,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17104,8 +17134,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -17121,7 +17150,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -17147,9 +17177,9 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -17161,7 +17191,8 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -17285,9 +17316,9 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -17999,7 +18030,7 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r6, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -18117,13 +18148,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18266,7 +18296,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -18277,12 +18308,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -23905,7 +23944,8 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -23947,9 +23987,9 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -24008,9 +24048,9 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24072,9 +24112,9 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -24244,9 +24284,9 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24350,9 +24390,9 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -24606,9 +24646,9 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24796,9 +24836,9 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -27928,7 +27968,8 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -27969,9 +28010,9 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28068,9 +28109,9 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28209,9 +28250,9 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28284,9 +28325,10 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28320,9 +28362,10 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28522,7 +28565,8 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_3072_mul_96_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -28679,7 +28723,8 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_3072_sqr_96_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -28735,9 +28780,10 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28771,9 +28817,10 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28973,7 +29020,8 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_3072_mul_48_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -29130,7 +29178,8 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_3072_sqr_48_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -29251,7 +29300,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #384]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -32340,7 +32389,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -32369,7 +32418,8 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -32395,9 +32445,9 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -32409,7 +32459,8 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -32589,9 +32640,9 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -34034,7 +34085,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34457,7 +34509,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34742,7 +34795,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34872,7 +34926,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #192]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -36425,7 +36479,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -36484,9 +36538,9 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -36622,9 +36676,9 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -37197,9 +37251,9 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -37399,13 +37453,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -37568,13 +37621,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -37608,7 +37660,8 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -37634,9 +37687,9 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -37648,7 +37701,8 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -37996,9 +38050,9 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -40833,7 +40887,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -41640,7 +41695,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -42165,7 +42221,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -42233,9 +42290,10 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -42423,9 +42481,9 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -42483,9 +42541,9 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -42621,9 +42679,9 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -42750,9 +42808,8 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p)
         "mov	r3, #-1\n\t"
 #ifdef WOLFSSL_SP_SMALL
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0x1\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x7c\n\t"
+        "mov	r4, #0x7c\n\t"
+        "orr	r4, r4, #0x100\n\t"
 #else
         "mov	r4, #0x17c\n\t"
 #endif
@@ -43834,9 +43891,9 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -44030,13 +44087,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44182,13 +44238,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44351,8 +44406,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -44368,7 +44422,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -44394,9 +44449,9 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44408,7 +44463,8 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -44588,9 +44644,9 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45494,7 +45550,7 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r4, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -45612,13 +45668,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -45761,7 +45816,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -45772,12 +45828,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -46146,9 +46210,9 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -46157,7 +46221,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -46392,9 +46457,9 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -46480,7 +46545,8 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -46506,9 +46572,10 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46542,9 +46609,10 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46744,7 +46812,8 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "bgt	L_sp_4096_mul_128_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -46901,7 +46970,8 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_4096_sqr_128_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -47020,7 +47090,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #512]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -51133,7 +51203,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -51163,7 +51233,8 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -51189,9 +51260,9 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -51203,7 +51274,8 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -51663,9 +51735,9 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -55428,7 +55500,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -56491,7 +56564,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -57176,7 +57250,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -57219,7 +57294,8 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a,
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -57244,9 +57320,10 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -57256,7 +57333,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -57490,9 +57568,9 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -57550,9 +57628,9 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -57688,9 +57766,9 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -57817,9 +57895,8 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p)
         "mov	r3, #-1\n\t"
 #ifdef WOLFSSL_SP_SMALL
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0x1\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0xfc\n\t"
+        "mov	r4, #0xfc\n\t"
+        "orr	r4, r4, #0x100\n\t"
 #else
         "mov	r4, #0x1fc\n\t"
 #endif
@@ -59253,9 +59330,9 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -59449,13 +59526,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -59601,13 +59677,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -59770,8 +59845,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -59787,7 +59861,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -59813,9 +59888,9 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -59827,7 +59902,8 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -60063,9 +60139,9 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -61161,7 +61237,7 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r5, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -61279,13 +61355,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -61643,7 +61718,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "bgt	L_sp_256_mul_8_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -63639,7 +63715,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -63992,7 +64069,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "add	sp, sp, #36\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -64018,7 +64096,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "strd	%[r], %[a], [sp, #36]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -64063,7 +64141,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #32]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -64123,7 +64201,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
 }
 
@@ -64283,7 +64362,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_256_sqr_8_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -65494,7 +65574,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -65737,7 +65818,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -65755,7 +65837,7 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	%[r], [sp, #28]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -65842,18 +65924,19 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         /* R[15] = r7 */
         "ldr	lr, [sp, #28]\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
         "stm	lr!, {r7}\n\t"
         "sub	lr, lr, #0x40\n\t"
-        "ldm	sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
-        "stm	lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
+        "stm	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
         "add	sp, sp, #32\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -65892,9 +65975,10 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -65929,9 +66013,9 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -65941,7 +66025,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
  * a  The number to convert.
  * m  The modulus (prime).
  */
-static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -66165,10 +66250,11 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_di
         "add	sp, sp, #24\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
     (void)m_p;
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Convert an mp_int to an array of sp_digit.
@@ -66376,7 +66462,8 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm)
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68480,7 +68567,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r12"
     );
     (void)m_p;
     (void)mp_p;
@@ -68496,7 +68584,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68957,7 +69046,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -68973,7 +69063,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68988,7 +69079,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "strd	%[r], %[a], [sp, #68]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -69033,7 +69124,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #64]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -69212,7 +69303,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x4c\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -69227,7 +69319,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70410,7 +70503,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9",
+            "r10", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -70424,7 +70518,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70776,7 +70871,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -70790,7 +70886,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70798,7 +70895,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
     __asm__ __volatile__ (
         "sub	sp, sp, #0x44\n\t"
         "str	%[r], [sp, #64]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -70885,7 +70982,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         /* R[15] = r7 */
         "mov	lr, sp\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
@@ -71016,7 +71113,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -71044,7 +71142,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -71248,9 +71346,9 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -71268,7 +71366,8 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -71294,9 +71393,9 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -71308,7 +71407,8 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -71348,9 +71448,9 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71636,7 +71736,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71739,7 +71840,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71824,7 +71926,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71975,7 +72078,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "add	sp, sp, #0x44\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -71988,7 +72092,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72260,7 +72365,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72272,7 +72378,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72363,7 +72470,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72375,7 +72483,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72448,7 +72557,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72479,7 +72589,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -72488,7 +72598,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -72502,7 +72612,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -72546,7 +72657,8 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
 }
@@ -72596,7 +72708,8 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2"
     );
     (void)m_p;
 }
@@ -72678,7 +72791,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3", "r12"
     );
     (void)m_p;
 }
@@ -72690,7 +72804,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -72732,7 +72847,8 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
 }
@@ -72809,7 +72925,8 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r], {r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3"
     );
 }
 
@@ -73104,8 +73221,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73122,7 +73239,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73296,8 +73413,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73314,7 +73431,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73369,7 +73486,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -73563,15 +73680,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_256));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_256));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -73767,8 +73884,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73785,7 +73902,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73875,8 +73992,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -73913,7 +74029,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -74040,10 +74156,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74063,7 +74177,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -74076,8 +74190,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74089,7 +74205,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74175,10 +74291,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74295,8 +74413,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74333,7 +74450,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -74460,10 +74577,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74483,7 +74598,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -74496,8 +74611,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74509,7 +74626,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74595,10 +74712,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74677,10 +74796,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74757,10 +74874,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76227,10 +76342,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76305,10 +76418,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76340,7 +76451,7 @@ static void sp_256_add_one_8(sp_digit* a_p)
         "stm	%[a]!, {r1, r2, r3, r4}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -76357,7 +76468,8 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -76368,12 +76480,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -76391,6 +76511,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -76407,6 +76528,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -76485,12 +76611,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76648,10 +76771,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76743,9 +76864,10 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -76777,9 +76899,9 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -76877,7 +76999,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #32]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -77150,7 +77272,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -77209,9 +77331,9 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -77347,9 +77469,9 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -77452,7 +77574,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -78031,9 +78153,10 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -78067,9 +78190,9 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -78114,8 +78237,7 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
         "strd	r8, r9, [%[r], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [%[a]]\n\t"
-        "ldr	r3, [%[a], #4]\n\t"
+        "ldm	r1, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [%[a]]\n\t"
 #endif
@@ -78134,8 +78256,7 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
         "orr	r8, r8, r5, lsl #31\n\t"
         "orr	r9, r9, r12, lsl #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[r]]\n\t"
-        "str	r7, [%[r], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[r]]\n\t"
 #endif
@@ -78147,7 +78268,8 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -78233,12 +78355,13 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_256_num_bits_8_table[] = {
+static const byte L_sp_256_num_bits_8_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -78276,7 +78399,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = {
 static int sp_256_num_bits_8(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = (unsigned char*)&L_sp_256_num_bits_8_table;
+    register byte* L_sp_256_num_bits_8_table_c asm ("r1") =
+        (byte*)&L_sp_256_num_bits_8_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_256_num_bits_8_table]\n\t"
@@ -78588,11 +78712,12 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "\n"
     "L_sp_256_num_bits_8_9_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c)
+        : [a] "+r" (a),
+          [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -78604,13 +78729,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "ldr	r1, [%[a], #28]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_256_num_bits_8_7_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_256_num_bits_8_9_%=\n\t"
@@ -78679,9 +78798,9 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -78968,10 +79087,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79178,8 +79295,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79218,8 +79334,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79327,10 +79442,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79409,10 +79522,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79477,10 +79588,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79541,10 +79650,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79610,8 +79717,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79676,8 +79782,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -79966,7 +80071,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "bgt	L_sp_384_mul_12_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -85463,7 +85569,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -85622,7 +85729,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_384_sqr_12_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -88685,7 +88793,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -88723,9 +88832,10 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -88767,9 +88877,9 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -88853,23 +88963,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -89079,7 +89188,8 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -89105,9 +89215,9 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -89119,7 +89229,8 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -89173,9 +89284,9 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -89576,7 +89687,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89711,7 +89823,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89816,7 +89929,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89873,7 +89987,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -90137,9 +90251,9 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -90172,7 +90286,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -90181,7 +90295,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -90195,7 +90309,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90278,9 +90393,10 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -90321,9 +90437,9 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -90336,7 +90452,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90362,9 +90479,9 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -90376,7 +90493,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90430,9 +90548,9 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -90443,7 +90561,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90513,7 +90632,7 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p)
         "str	r4, [%[r], #44]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -90825,8 +90944,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -90843,7 +90962,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -91017,8 +91136,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -91035,7 +91154,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -91102,7 +91221,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -91308,15 +91427,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_384));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_384));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -91512,8 +91631,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -91530,7 +91649,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -91620,8 +91739,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -91666,7 +91784,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -91801,10 +91919,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -91824,7 +91940,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -91837,8 +91953,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -91850,7 +91968,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -91936,10 +92054,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -92056,8 +92176,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92102,7 +92221,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -92237,10 +92356,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92260,7 +92377,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -92273,8 +92390,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -92286,7 +92405,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -92372,10 +92491,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -92454,10 +92575,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92534,10 +92653,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94004,10 +94121,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94082,10 +94197,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94123,7 +94236,7 @@ static void sp_384_add_one_12(sp_digit* a_p)
         "stm	%[a]!, {r1, r2, r3, r4}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -94140,7 +94253,8 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -94151,12 +94265,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -94174,6 +94296,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -94190,6 +94313,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -94268,12 +94396,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94431,10 +94556,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94526,9 +94649,10 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -94567,9 +94691,9 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -94667,7 +94791,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #48]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -95068,7 +95192,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -95127,9 +95251,9 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -95265,9 +95389,9 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -95374,13 +95498,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -95940,8 +96064,7 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
     "L_sp_384_div2_mod_12_div2_%=: \n\t"
         "sub	%[r], %[r], #48\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[r]]\n\t"
-        "ldr	r9, [%[r], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[r]]\n\t"
 #endif
@@ -95993,12 +96116,13 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "str	r10, [%[r], #44]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_384_num_bits_12_table[] = {
+static const byte L_sp_384_num_bits_12_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -96036,7 +96160,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = {
 static int sp_384_num_bits_12(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = (unsigned char*)&L_sp_384_num_bits_12_table;
+    register byte* L_sp_384_num_bits_12_table_c asm ("r1") =
+        (byte*)&L_sp_384_num_bits_12_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_384_num_bits_12_table]\n\t"
@@ -96047,9 +96172,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x78\n\t"
+        "mov	r2, #0x78\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x178\n\t"
 #endif
@@ -96063,9 +96187,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x70\n\t"
+        "mov	r2, #0x70\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x170\n\t"
 #endif
@@ -96079,9 +96202,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x68\n\t"
+        "mov	r2, #0x68\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x168\n\t"
 #endif
@@ -96092,9 +96214,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
     "L_sp_384_num_bits_12_11_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -96110,9 +96231,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x58\n\t"
+        "mov	r2, #0x58\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x158\n\t"
 #endif
@@ -96126,9 +96246,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x50\n\t"
+        "mov	r2, #0x50\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x150\n\t"
 #endif
@@ -96142,9 +96261,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x48\n\t"
+        "mov	r2, #0x48\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x148\n\t"
 #endif
@@ -96155,9 +96273,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
     "L_sp_384_num_bits_12_10_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -96173,9 +96290,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x38\n\t"
+        "mov	r2, #0x38\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x138\n\t"
 #endif
@@ -96189,9 +96305,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x30\n\t"
+        "mov	r2, #0x30\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x130\n\t"
 #endif
@@ -96205,9 +96320,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x28\n\t"
+        "mov	r2, #0x28\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x128\n\t"
 #endif
@@ -96218,9 +96332,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
     "L_sp_384_num_bits_12_9_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -96236,9 +96349,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x18\n\t"
+        "mov	r2, #0x18\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x118\n\t"
 #endif
@@ -96252,9 +96364,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x10\n\t"
+        "mov	r2, #0x10\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x110\n\t"
 #endif
@@ -96268,9 +96379,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x8\n\t"
+        "mov	r2, #0x8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x108\n\t"
 #endif
@@ -96280,13 +96390,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "\n"
     "L_sp_384_num_bits_12_8_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "ldrb	r12, [lr, r3]\n\t"
         "add	r12, r2, r12\n\t"
         "b	L_sp_384_num_bits_12_13_%=\n\t"
@@ -96600,11 +96704,12 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "\n"
     "L_sp_384_num_bits_12_13_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c)
+        : [a] "+r" (a),
+          [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -96617,9 +96722,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x80\n\t"
+        "mov	r2, #0x80\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x180\n\t"
 #endif
@@ -96632,9 +96736,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -96647,9 +96750,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -96662,9 +96764,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -96676,13 +96777,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "ldr	r1, [%[a], #28]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_7_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_384_num_bits_12_13_%=\n\t"
@@ -96751,9 +96846,9 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -97044,10 +97139,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97254,8 +97347,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97294,8 +97386,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97403,10 +97494,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97485,10 +97574,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97553,10 +97640,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97617,10 +97702,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97716,8 +97799,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -97782,8 +97864,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -98087,7 +98168,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "bgt	L_sp_521_mul_17_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -109103,7 +109185,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -109265,7 +109348,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_521_sqr_17_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -115137,7 +115221,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -115181,9 +115266,10 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], r4, #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -115236,9 +115322,9 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -115464,7 +115550,8 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -115490,9 +115577,9 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -115504,7 +115591,8 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -115577,9 +115665,9 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -115663,9 +115751,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
         "ldm	%[a], {r1, r2, r3, r4, r5}\n\t"
         "ldm	sp!, {r7, r8, r9, r10, r11}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0x1\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xff\n\t"
+        "mov	lr, #0xff\n\t"
+        "orr	lr, lr, #0x100\n\t"
 #else
         "mov	lr, #0x1ff\n\t"
 #endif
@@ -115705,7 +115792,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
         "stm	%[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -115718,7 +115806,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -115740,9 +115829,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "cmp	r9, #0x40\n\t"
         "bne	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r7, #0x1\n\t"
-        "lsl	r7, r7, #8\n\t"
-        "add	r7, r7, #0xff\n\t"
+        "mov	r7, #0xff\n\t"
+        "orr	r7, r7, #0x100\n\t"
 #else
         "mov	r7, #0x1ff\n\t"
 #endif
@@ -116334,7 +116422,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116346,7 +116435,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116366,9 +116456,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "cmp	r9, #0x40\n\t"
         "bne	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r7, #0x1\n\t"
-        "lsl	r7, r7, #8\n\t"
-        "add	r7, r7, #0xff\n\t"
+        "mov	r7, #0xff\n\t"
+        "orr	r7, r7, #0x100\n\t"
 #else
         "mov	r7, #0x1ff\n\t"
 #endif
@@ -116592,7 +116681,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116604,7 +116694,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116626,9 +116717,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "cmp	r12, #0x40\n\t"
         "bne	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x1\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xff\n\t"
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0x100\n\t"
 #else
         "mov	r10, #0x1ff\n\t"
 #endif
@@ -116805,7 +116895,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116862,7 +116953,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -117178,9 +117269,9 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -117213,7 +117304,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -117222,7 +117313,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -117236,7 +117327,8 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -117276,9 +117368,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[b]!, {r4}\n\t"
         "adcs	r8, r8, r4\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x1\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xff\n\t"
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0x100\n\t"
 #else
         "mov	r12, #0x1ff\n\t"
 #endif
@@ -117311,7 +117402,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
     (void)m_p;
 }
@@ -117352,9 +117444,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[a]!, {r4}\n\t"
         "adcs	r4, r4, r4\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x1\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0xff\n\t"
+        "mov	r3, #0xff\n\t"
+        "orr	r3, r3, #0x100\n\t"
 #else
         "mov	r3, #0x1ff\n\t"
 #endif
@@ -117387,7 +117478,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3"
     );
     (void)m_p;
 }
@@ -117462,9 +117554,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[a]!, {r8}\n\t"
         "adcs	r4, r4, r8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x1\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0xff\n\t"
+        "mov	r3, #0xff\n\t"
+        "orr	r3, r3, #0x100\n\t"
 #else
         "mov	r3, #0x1ff\n\t"
 #endif
@@ -117483,7 +117574,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3"
     );
     (void)m_p;
 }
@@ -117495,7 +117587,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -117535,9 +117628,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[b]!, {r4}\n\t"
         "sbcs	r8, r8, r4\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x1\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xff\n\t"
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0x100\n\t"
 #else
         "mov	r12, #0x1ff\n\t"
 #endif
@@ -117571,7 +117663,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
     (void)m_p;
 }
@@ -117650,7 +117743,7 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p)
         "str	r3, [%[r], #64]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -117966,8 +118059,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117984,7 +118077,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118158,8 +118251,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118176,7 +118269,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -118258,7 +118351,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -118483,15 +118576,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_521));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_521));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -118687,8 +118780,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118705,7 +118798,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118795,8 +118888,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118851,7 +118943,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -118996,10 +119088,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119019,7 +119109,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -119032,8 +119122,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -119045,7 +119137,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -119131,10 +119223,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -119251,8 +119345,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119307,7 +119400,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -119452,10 +119545,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119475,7 +119566,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -119488,8 +119579,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -119501,7 +119594,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -119587,10 +119680,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -119669,10 +119764,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119749,10 +119842,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121763,10 +121854,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121841,10 +121930,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121891,7 +121978,7 @@ static void sp_521_add_one_17(sp_digit* a_p)
         "stm	%[a]!, {r1}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -121908,7 +121995,8 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -121919,12 +122007,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -121942,6 +122038,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -121959,6 +122056,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -122037,12 +122139,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122202,10 +122301,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122272,8 +122369,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
     __asm__ __volatile__ (
         "rsb	r12, %[n], #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[a]]\n\t"
-        "ldr	r5, [%[a], #4]\n\t"
+        "ldm	r1, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[a]]\n\t"
 #endif
@@ -122364,7 +122460,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122484,7 +122580,7 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r5, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122702,7 +122798,7 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r6, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122741,9 +122837,10 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], %[a], %[a]\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -122793,9 +122890,9 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -122893,7 +122990,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #68]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -123454,7 +123551,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -123513,9 +123610,9 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -123651,9 +123748,9 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -123767,14 +123864,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -124341,9 +124438,10 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -124395,9 +124493,9 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -124468,8 +124566,7 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
     "L_sp_521_div2_mod_17_div2_%=: \n\t"
         "sub	%[r], %[r], #0x44\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[r]]\n\t"
-        "ldr	r9, [%[r], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[r]]\n\t"
 #endif
@@ -124541,12 +124638,13 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "str	r9, [%[r], #64]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_521_num_bits_17_table[] = {
+static const byte L_sp_521_num_bits_17_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -124584,7 +124682,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = {
 static int sp_521_num_bits_17(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = (unsigned char*)&L_sp_521_num_bits_17_table;
+    register byte* L_sp_521_num_bits_17_table_c asm ("r1") =
+        (byte*)&L_sp_521_num_bits_17_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_521_num_bits_17_table]\n\t"
@@ -124595,9 +124694,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x18\n\t"
+        "mov	r2, #0x18\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x218\n\t"
 #endif
@@ -124611,9 +124709,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x10\n\t"
+        "mov	r2, #0x10\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x210\n\t"
 #endif
@@ -124627,9 +124724,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x8\n\t"
+        "mov	r2, #0x8\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x208\n\t"
 #endif
@@ -124639,13 +124735,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_16_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x200\n\t"
-#endif
         "ldrb	r12, [lr, r3]\n\t"
         "add	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -124658,9 +124748,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xf8\n\t"
+        "mov	r2, #0xf8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1f8\n\t"
 #endif
@@ -124674,9 +124763,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xf0\n\t"
+        "mov	r2, #0xf0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1f0\n\t"
 #endif
@@ -124690,9 +124778,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xe8\n\t"
+        "mov	r2, #0xe8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1e8\n\t"
 #endif
@@ -124703,9 +124790,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_15_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xe0\n\t"
+        "mov	r2, #0xe0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1e0\n\t"
 #endif
@@ -124721,9 +124807,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xd8\n\t"
+        "mov	r2, #0xd8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1d8\n\t"
 #endif
@@ -124737,9 +124822,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xd0\n\t"
+        "mov	r2, #0xd0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1d0\n\t"
 #endif
@@ -124753,9 +124837,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xc8\n\t"
+        "mov	r2, #0xc8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1c8\n\t"
 #endif
@@ -124766,9 +124849,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_14_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xc0\n\t"
+        "mov	r2, #0xc0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1c0\n\t"
 #endif
@@ -124784,9 +124866,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xb8\n\t"
+        "mov	r2, #0xb8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1b8\n\t"
 #endif
@@ -124800,9 +124881,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xb0\n\t"
+        "mov	r2, #0xb0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1b0\n\t"
 #endif
@@ -124816,9 +124896,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xa8\n\t"
+        "mov	r2, #0xa8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1a8\n\t"
 #endif
@@ -124829,9 +124908,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_13_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xa0\n\t"
+        "mov	r2, #0xa0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1a0\n\t"
 #endif
@@ -124847,9 +124925,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x98\n\t"
+        "mov	r2, #0x98\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x198\n\t"
 #endif
@@ -124863,9 +124940,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x90\n\t"
+        "mov	r2, #0x90\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x190\n\t"
 #endif
@@ -124879,9 +124955,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x88\n\t"
+        "mov	r2, #0x88\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x188\n\t"
 #endif
@@ -124892,9 +124967,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_12_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x80\n\t"
+        "mov	r2, #0x80\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x180\n\t"
 #endif
@@ -124910,9 +124984,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x78\n\t"
+        "mov	r2, #0x78\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x178\n\t"
 #endif
@@ -124926,9 +124999,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x70\n\t"
+        "mov	r2, #0x70\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x170\n\t"
 #endif
@@ -124942,9 +125014,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x68\n\t"
+        "mov	r2, #0x68\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x168\n\t"
 #endif
@@ -124955,9 +125026,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_11_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -124973,9 +125043,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x58\n\t"
+        "mov	r2, #0x58\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x158\n\t"
 #endif
@@ -124989,9 +125058,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x50\n\t"
+        "mov	r2, #0x50\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x150\n\t"
 #endif
@@ -125005,9 +125073,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x48\n\t"
+        "mov	r2, #0x48\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x148\n\t"
 #endif
@@ -125018,9 +125085,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_10_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -125036,9 +125102,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x38\n\t"
+        "mov	r2, #0x38\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x138\n\t"
 #endif
@@ -125052,9 +125117,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x30\n\t"
+        "mov	r2, #0x30\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x130\n\t"
 #endif
@@ -125068,9 +125132,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x28\n\t"
+        "mov	r2, #0x28\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x128\n\t"
 #endif
@@ -125081,9 +125144,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_9_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -125099,9 +125161,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x18\n\t"
+        "mov	r2, #0x18\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x118\n\t"
 #endif
@@ -125115,9 +125176,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x10\n\t"
+        "mov	r2, #0x10\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x110\n\t"
 #endif
@@ -125131,9 +125191,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x8\n\t"
+        "mov	r2, #0x8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x108\n\t"
 #endif
@@ -125143,13 +125202,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_8_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "ldrb	r12, [lr, r3]\n\t"
         "add	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -125463,11 +125516,12 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_18_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c)
+        : [a] "+r" (a),
+          [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -125480,9 +125534,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x220\n\t"
 #endif
@@ -125494,13 +125547,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "ldr	r1, [%[a], #60]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x200\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -125510,9 +125557,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xe0\n\t"
+        "mov	r2, #0xe0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1e0\n\t"
 #endif
@@ -125525,9 +125571,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xc0\n\t"
+        "mov	r2, #0xc0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1c0\n\t"
 #endif
@@ -125540,9 +125585,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xa0\n\t"
+        "mov	r2, #0xa0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1a0\n\t"
 #endif
@@ -125555,9 +125599,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x80\n\t"
+        "mov	r2, #0x80\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x180\n\t"
 #endif
@@ -125570,9 +125613,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -125585,9 +125627,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -125600,9 +125641,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -125614,13 +125654,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "ldr	r1, [%[a], #28]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_7_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -125689,9 +125723,9 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -125991,10 +126025,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126204,8 +126236,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126244,8 +126275,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126353,10 +126383,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126435,10 +126463,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126503,10 +126529,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126567,10 +126591,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126578,7 +126600,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -126620,8 +126642,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126686,8 +126707,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136464,7 +136484,8 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -141696,7 +141717,8 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -141745,9 +141767,9 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -141820,9 +141842,9 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -141898,9 +141920,9 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -142016,9 +142038,9 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -142253,7 +142275,8 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_1024_mul_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -142410,7 +142433,8 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_1024_sqr_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -142530,9 +142554,10 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142545,7 +142570,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -142571,9 +142597,9 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -142585,7 +142611,8 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -142709,9 +142736,9 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142748,9 +142775,10 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142848,7 +142876,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -143889,7 +143917,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -143948,9 +143976,9 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -144086,9 +144114,9 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -144515,9 +144543,9 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -144637,16 +144665,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -145829,7 +145857,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146129,7 +146158,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146339,7 +146369,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146376,7 +146407,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -146466,7 +146497,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -146475,7 +146506,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -146489,7 +146520,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -146651,7 +146683,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -146661,7 +146694,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a   Number to double in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -146806,7 +146840,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
+        : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7",
+            "r12"
     );
 }
 
@@ -146816,7 +146851,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a   Number to triple in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147116,7 +147152,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
+        : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7",
+            "r12"
     );
 }
 
@@ -147127,7 +147164,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147283,7 +147321,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -147296,7 +147335,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147322,9 +147362,9 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -147336,7 +147376,8 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147460,9 +147501,9 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -147600,7 +147641,7 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p)
         "str	r3, [%[r], #124]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -147921,8 +147962,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -147939,7 +147980,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -148113,8 +148154,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -148131,7 +148172,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -148472,8 +148513,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -148490,7 +148531,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -148580,8 +148621,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -148680,10 +148720,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -148703,7 +148741,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -148716,8 +148754,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -148729,7 +148769,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -148815,10 +148855,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -148935,8 +148977,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -149035,10 +149076,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -149058,7 +149097,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -149071,8 +149110,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -149084,7 +149125,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -149170,10 +149211,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -149252,10 +149295,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -152890,10 +152931,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -152968,10 +153007,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153005,7 +153042,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -153036,10 +153073,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153065,7 +153100,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -153132,10 +153167,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -153282,9 +153315,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -155180,9 +155211,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -155550,9 +155579,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -155977,9 +156004,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -156009,7 +156034,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -156238,7 +156263,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -156345,9 +156370,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(neg, 1, NULL);
     sp_1024_point_free_32(c, 1, NULL);
@@ -156540,9 +156563,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -156565,7 +156586,8 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -156576,12 +156598,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -156635,7 +156665,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
@@ -156643,8 +156673,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -156683,8 +156712,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -156792,10 +156820,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c
index ed66e6d19..3ea0e0165 100644
--- a/wolfcrypt/src/sp_arm64.c
+++ b/wolfcrypt/src/sp_arm64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -4164,13 +4164,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4333,13 +4332,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5790,13 +5788,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5992,13 +5989,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6161,8 +6157,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -6837,13 +6832,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13355,13 +13349,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13524,13 +13517,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15347,13 +15339,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15499,13 +15490,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15668,8 +15658,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -16440,13 +16429,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20458,13 +20446,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20610,13 +20597,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20779,8 +20765,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -21647,13 +21632,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -22119,14 +22103,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
 
     (void)m;
 
-    a32[0] = a[0] & 0xffffffff;
-    a32[1] = a[0] >> 32;
-    a32[2] = a[1] & 0xffffffff;
-    a32[3] = a[1] >> 32;
-    a32[4] = a[2] & 0xffffffff;
-    a32[5] = a[2] >> 32;
-    a32[6] = a[3] & 0xffffffff;
-    a32[7] = a[3] >> 32;
+    a32[0] = (int64_t)(a[0] & 0xffffffff);
+    a32[1] = (int64_t)(a[0] >> 32);
+    a32[2] = (int64_t)(a[1] & 0xffffffff);
+    a32[3] = (int64_t)(a[1] >> 32);
+    a32[4] = (int64_t)(a[2] & 0xffffffff);
+    a32[5] = (int64_t)(a[2] >> 32);
+    a32[6] = (int64_t)(a[3] & 0xffffffff);
+    a32[7] = (int64_t)(a[3] >> 32);
 
     /*  1  1  0 -1 -1 -1 -1  0 */
     t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
@@ -22176,10 +22160,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-    r[0] = (t[1] << 32) | t[0];
-    r[1] = (t[3] << 32) | t[2];
-    r[2] = (t[5] << 32) | t[4];
-    r[3] = (t[7] << 32) | t[6];
+    r[0] = (sp_digit)((t[1] << 32) | t[0]);
+    r[1] = (sp_digit)((t[3] << 32) | t[2]);
+    r[2] = (sp_digit)((t[5] << 32) | t[4]);
+    r[3] = (sp_digit)((t[7] << 32) | t[6]);
 
     return MP_OKAY;
 }
@@ -22754,7 +22738,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -23060,7 +23044,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -23069,7 +23053,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -24213,13 +24197,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_6[66] = {
+static const word8 recode_index_4_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -24228,7 +24212,7 @@ static const uint8_t recode_index_4_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_6[66] = {
+static const word8 recode_neg_4_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -24246,7 +24230,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -24255,7 +24239,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -24269,12 +24253,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_6[y];
         v[i].neg = recode_neg_4_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -24486,10 +24470,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24731,8 +24713,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24902,10 +24883,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24926,7 +24905,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -24939,8 +24918,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -24952,7 +24933,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -25038,10 +25019,12 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -25160,8 +25143,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25331,10 +25313,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25355,7 +25335,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -25368,8 +25348,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -25381,7 +25363,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -25467,10 +25449,12 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -25549,10 +25533,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25629,10 +25611,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27298,7 +27278,7 @@ static int sp_256_ecc_mulmod_base_4(sp_point_256* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_7[130] = {
+static const word8 recode_index_4_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -27311,7 +27291,7 @@ static const uint8_t recode_index_4_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_7[130] = {
+static const word8 recode_neg_4_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -27333,7 +27313,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -27342,7 +27322,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -27356,12 +27336,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_7[y];
         v[i].neg = recode_neg_4_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -39465,7 +39445,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
             p->infinity = !v[i].i;
             sp_256_sub_4(negy, p256_mod, p->y);
             sp_256_norm_4(negy);
-            sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg);
+            sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_256_proj_point_add_qz1_4(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -39486,8 +39466,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39554,10 +39533,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39632,10 +39609,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39788,6 +39763,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -39804,6 +39780,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -39882,12 +39863,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40051,10 +40029,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40543,7 +40519,7 @@ SP_NOINLINE static void sp_256_mont_mul_order_4(sp_digit* r,
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
@@ -41922,10 +41898,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42176,8 +42150,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42216,8 +42189,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42325,10 +42297,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42407,10 +42377,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42475,10 +42443,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42539,10 +42505,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42608,8 +42572,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42674,8 +42637,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43382,18 +43344,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
     if (err == MP_OKAY) {
         a32 = t + 12;
 
-        a32[0] = a[0] & 0xffffffff;
-        a32[1] = a[0] >> 32;
-        a32[2] = a[1] & 0xffffffff;
-        a32[3] = a[1] >> 32;
-        a32[4] = a[2] & 0xffffffff;
-        a32[5] = a[2] >> 32;
-        a32[6] = a[3] & 0xffffffff;
-        a32[7] = a[3] >> 32;
-        a32[8] = a[4] & 0xffffffff;
-        a32[9] = a[4] >> 32;
-        a32[10] = a[5] & 0xffffffff;
-        a32[11] = a[5] >> 32;
+        a32[0] = (int64_t)(a[0] & 0xffffffff);
+        a32[1] = (int64_t)(a[0] >> 32);
+        a32[2] = (int64_t)(a[1] & 0xffffffff);
+        a32[3] = (int64_t)(a[1] >> 32);
+        a32[4] = (int64_t)(a[2] & 0xffffffff);
+        a32[5] = (int64_t)(a[2] >> 32);
+        a32[6] = (int64_t)(a[3] & 0xffffffff);
+        a32[7] = (int64_t)(a[3] >> 32);
+        a32[8] = (int64_t)(a[4] & 0xffffffff);
+        a32[9] = (int64_t)(a[4] >> 32);
+        a32[10] = (int64_t)(a[5] & 0xffffffff);
+        a32[11] = (int64_t)(a[5] >> 32);
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
         t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11];
@@ -43448,17 +43410,16 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = (t[1] << 32) | t[0];
-        r[1] = (t[3] << 32) | t[2];
-        r[2] = (t[5] << 32) | t[4];
-        r[3] = (t[7] << 32) | t[6];
-        r[4] = (t[9] << 32) | t[8];
-        r[5] = (t[11] << 32) | t[10];
+        r[0] = (sp_digit)((t[1] << 32) | t[0]);
+        r[1] = (sp_digit)((t[3] << 32) | t[2]);
+        r[2] = (sp_digit)((t[5] << 32) | t[4]);
+        r[3] = (sp_digit)((t[7] << 32) | t[6]);
+        r[4] = (sp_digit)((t[9] << 32) | t[8]);
+        r[5] = (sp_digit)((t[11] << 32) | t[10]);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43983,7 +43944,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -44237,7 +44198,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -44246,7 +44207,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44816,8 +44777,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
         sp_384_mont_sub_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44834,7 +44795,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45008,8 +44969,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45026,7 +44987,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45198,13 +45159,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_6[66] = {
+static const word8 recode_index_6_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -45213,7 +45174,7 @@ static const uint8_t recode_index_6_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_6[66] = {
+static const word8 recode_neg_6_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -45231,7 +45192,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -45240,7 +45201,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -45254,12 +45215,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_6[y];
         v[i].neg = recode_neg_6_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -45475,10 +45436,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45548,8 +45507,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
         sp_384_mont_sub_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45566,7 +45525,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45680,8 +45639,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45851,10 +45809,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45875,7 +45831,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -45888,8 +45844,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -45901,7 +45859,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -45987,10 +45945,12 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46109,8 +46069,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46280,10 +46239,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46304,7 +46261,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -46317,8 +46274,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46330,7 +46289,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46416,10 +46375,12 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46498,10 +46459,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46578,10 +46537,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48247,7 +48204,7 @@ static int sp_384_ecc_mulmod_base_6(sp_point_384* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_7[130] = {
+static const word8 recode_index_6_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -48260,7 +48217,7 @@ static const uint8_t recode_index_6_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_7[130] = {
+static const word8 recode_neg_6_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -48282,7 +48239,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -48291,7 +48248,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -48305,12 +48262,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_7[y];
         v[i].neg = recode_neg_6_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -66228,7 +66185,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
             p->infinity = !v[i].i;
             sp_384_sub_6(negy, p384_mod, p->y);
             sp_384_norm_6(negy);
-            sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg);
+            sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_384_proj_point_add_qz1_6(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -66249,8 +66206,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66317,10 +66273,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66395,10 +66349,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66555,6 +66507,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -66571,6 +66524,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -66649,12 +66607,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -66818,10 +66773,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -67169,13 +67122,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -68046,10 +67999,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68256,8 +68207,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68296,8 +68246,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68405,10 +68354,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68487,10 +68434,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68555,10 +68500,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68619,10 +68562,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68718,8 +68659,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -68784,8 +68724,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72173,7 +72112,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -72438,7 +72377,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -72447,7 +72386,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -73195,8 +73134,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73213,7 +73152,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73387,8 +73326,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73405,7 +73344,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73577,13 +73516,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -73592,7 +73531,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -73610,7 +73549,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -73619,7 +73558,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -73633,12 +73572,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -73881,10 +73820,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -73954,8 +73891,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73972,7 +73909,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -74086,8 +74023,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74275,10 +74211,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74299,7 +74233,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -74312,8 +74246,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74325,7 +74261,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74411,10 +74347,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74533,8 +74471,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74722,10 +74659,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -74746,7 +74681,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -74759,8 +74694,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -74772,7 +74709,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74858,10 +74795,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -74940,10 +74879,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -75020,10 +74957,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -77325,7 +77260,7 @@ static int sp_521_ecc_mulmod_base_9(sp_point_521* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_7[130] = {
+static const word8 recode_index_9_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -77338,7 +77273,7 @@ static const uint8_t recode_index_9_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_7[130] = {
+static const word8 recode_neg_9_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -77360,7 +77295,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -77369,7 +77304,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -77383,12 +77318,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_7[y];
         v[i].neg = recode_neg_9_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -111384,7 +111319,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
             p->infinity = !v[i].i;
             sp_521_sub_9(negy, p521_mod, p->y);
             sp_521_norm_9(negy);
-            sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg);
+            sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_521_proj_point_add_qz1_9(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -111405,8 +111340,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111473,10 +111407,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111551,10 +111483,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111719,6 +111649,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -111736,6 +111667,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -111814,12 +111750,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -111985,10 +111918,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112065,14 +111996,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -112987,10 +112918,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113200,8 +113129,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113240,8 +113168,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113349,10 +113276,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113431,10 +113356,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113499,10 +113422,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113563,10 +113484,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113574,7 +113493,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -113616,8 +113535,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113682,8 +113600,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -115618,16 +115535,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -116161,7 +116078,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -116251,7 +116168,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -116260,7 +116177,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -117296,8 +117213,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117314,7 +117231,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -117488,8 +117405,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117506,7 +117423,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -117678,13 +117595,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_16_7[130] = {
+static const word8 recode_index_16_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -117697,7 +117614,7 @@ static const uint8_t recode_index_16_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_16_7[130] = {
+static const word8 recode_neg_16_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -117719,7 +117636,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -117728,7 +117645,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -117742,12 +117659,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 16) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_16_7[y];
         v[i].neg = recode_neg_16_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -117894,10 +117811,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -117969,8 +117884,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117987,7 +117902,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118098,8 +118013,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118198,10 +118112,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118221,7 +118133,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -118234,8 +118146,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -118247,7 +118161,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -118333,10 +118247,12 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -118414,10 +118330,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121815,10 +121729,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121893,10 +121805,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121930,7 +121840,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -121961,10 +121871,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -121990,7 +121898,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -122057,10 +121965,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -122207,9 +122113,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -123849,9 +123753,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -124219,9 +124121,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -124646,9 +124546,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -124678,7 +124576,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -124907,7 +124805,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -125014,9 +124912,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(neg, 1, NULL);
     sp_1024_point_free_16(c, 1, NULL);
@@ -125209,9 +125105,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -125379,7 +125273,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_16(t1, p1024_mod);
-        sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
+        sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63));
         sp_1024_norm_16(t1);
         if (!sp_1024_iszero_16(t1)) {
             err = MP_VAL;
@@ -125387,8 +125281,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -125427,8 +125320,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -125536,10 +125428,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c
index c73f69abd..1b836823b 100644
--- a/wolfcrypt/src/sp_armthumb.c
+++ b/wolfcrypt/src/sp_armthumb.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -93,7 +93,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -104,12 +105,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -9528,7 +9537,7 @@ SP_NOINLINE static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -9616,7 +9625,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -9781,7 +9790,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_16(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -9940,7 +9949,7 @@ SP_NOINLINE static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -10155,7 +10164,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -10464,7 +10473,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -10759,7 +10768,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11106,7 +11115,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -11703,7 +11712,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -12270,7 +12279,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -19367,7 +19376,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -19560,7 +19569,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -19889,7 +19898,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -20005,7 +20014,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20084,7 +20093,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20881,7 +20890,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20954,7 +20963,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21925,7 +21934,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_2048_mont_reduce_order_64   sp_2048_mont_reduce_64
@@ -23824,7 +23833,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Compare a with b in constant time.
@@ -23933,7 +23942,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -24134,13 +24143,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -24303,13 +24311,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -24399,7 +24406,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_2048_mont_reduce_order_64   sp_2048_mont_reduce_64
@@ -26124,7 +26131,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -26691,7 +26698,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27308,7 +27315,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -27521,7 +27528,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -27715,13 +27722,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -27867,13 +27873,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -28036,8 +28041,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -28110,7 +28114,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -30132,13 +30136,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -30281,7 +30284,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -30292,12 +30296,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -50976,7 +50988,7 @@ SP_NOINLINE static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -51096,7 +51108,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -51333,7 +51345,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_24(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -51560,7 +51572,7 @@ SP_NOINLINE static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -51843,7 +51855,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -52296,7 +52308,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -52727,7 +52739,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -53202,7 +53214,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -54087,7 +54099,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -54926,7 +54938,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -70313,7 +70325,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -70574,7 +70586,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -71039,7 +71051,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -71155,7 +71167,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71234,7 +71246,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -72056,7 +72068,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -72129,7 +72141,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -73115,7 +73127,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_3072_mont_reduce_order_96   sp_3072_mont_reduce_96
@@ -75286,7 +75298,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Compare a with b in constant time.
@@ -75395,7 +75407,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -75596,13 +75608,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -75765,13 +75776,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -75861,7 +75871,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_3072_mont_reduce_order_96   sp_3072_mont_reduce_96
@@ -78140,7 +78150,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -78979,7 +78989,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -79596,7 +79606,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -79814,7 +79824,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -80008,13 +80018,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -80160,13 +80169,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -80329,8 +80337,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -80403,7 +80410,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -83223,13 +83230,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -83372,7 +83378,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -83383,12 +83390,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -84052,7 +84067,7 @@ SP_NOINLINE static sp_digit sp_4096_add_word_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -85225,7 +85240,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -86336,7 +86351,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -86489,7 +86504,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -86568,7 +86583,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -87593,7 +87608,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_4096_mont_reduce_order_128   sp_4096_mont_reduce_128
@@ -90416,7 +90431,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -91527,7 +91542,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -92144,7 +92159,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -92363,7 +92378,7 @@ SP_NOINLINE static sp_int32 sp_4096_cmp_128(const sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -92557,13 +92572,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -92709,13 +92723,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -92878,8 +92891,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -92957,7 +92969,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -96565,13 +96577,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -97471,7 +97482,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -97563,7 +97574,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -98874,7 +98885,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -99055,7 +99066,7 @@ SP_NOINLINE static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -99124,7 +99135,7 @@ SP_NOINLINE static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Map the Montgomery form projective coordinate point to an affine point.
@@ -99151,7 +99162,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -99160,7 +99171,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -100606,8 +100617,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -100624,7 +100635,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -100798,8 +100809,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -100816,7 +100827,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -100871,7 +100882,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101065,15 +101076,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_256));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_256));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -101269,8 +101280,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -101287,7 +101298,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -101377,8 +101388,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101415,7 +101425,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101542,10 +101552,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101565,7 +101573,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -101578,8 +101586,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -101591,7 +101601,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -101677,10 +101687,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -101797,8 +101809,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101835,7 +101846,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101962,10 +101973,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -101985,7 +101994,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -101998,8 +102007,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -102011,7 +102022,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -102097,10 +102108,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -102179,10 +102192,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -102259,10 +102270,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -103729,10 +103738,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -103807,10 +103814,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -103917,7 +103922,8 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -103928,12 +103934,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -103951,6 +103965,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -103967,6 +103982,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -104045,12 +104065,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -104208,10 +104225,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -104342,7 +104357,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -104436,7 +104451,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -105239,7 +105254,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -105342,7 +105357,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -105954,7 +105969,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -106045,7 +106060,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -107227,7 +107242,7 @@ static int sp_256_num_bits_8(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -107513,10 +107528,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107723,8 +107736,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107763,8 +107775,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107872,10 +107883,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -107954,10 +107963,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108022,10 +108029,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108086,10 +108091,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108155,8 +108158,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -108221,8 +108223,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -109053,7 +109054,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -109179,7 +109180,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -109263,23 +109264,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -109540,7 +109540,7 @@ SP_NOINLINE static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_384_mont_reduce_order_12   sp_384_mont_reduce_12
@@ -110322,7 +110322,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -110519,7 +110519,7 @@ SP_NOINLINE static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -110552,7 +110552,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -110561,7 +110561,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -110681,7 +110681,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -110806,7 +110806,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -110876,7 +110876,7 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Subtract two Montgomery form numbers (r = a - b % m).
@@ -111434,8 +111434,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -111452,7 +111452,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -111626,8 +111626,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -111644,7 +111644,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -111711,7 +111711,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -111917,15 +111917,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_384));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_384));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -112121,8 +112121,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -112139,7 +112139,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -112229,8 +112229,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112275,7 +112274,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112410,10 +112409,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112433,7 +112430,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -112446,8 +112443,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -112459,7 +112458,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -112545,10 +112544,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -112665,8 +112666,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112711,7 +112711,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112846,10 +112846,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -112869,7 +112867,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -112882,8 +112880,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -112895,7 +112895,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -112981,10 +112981,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -113063,10 +113065,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -113143,10 +113143,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -114613,10 +114611,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -114691,10 +114687,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -114837,7 +114831,8 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -114848,12 +114843,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -114871,6 +114874,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -114887,6 +114891,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -114965,12 +114974,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -115128,10 +115134,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -115262,7 +115266,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -115392,7 +115396,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -116195,7 +116199,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -116302,13 +116306,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -118419,7 +118423,7 @@ static int sp_384_num_bits_12(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -118709,10 +118713,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118919,8 +118921,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -118959,8 +118960,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119068,10 +119068,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119150,10 +119148,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119218,10 +119214,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119282,10 +119276,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119381,8 +119373,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -119447,8 +119438,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -120291,7 +120281,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -120461,7 +120451,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -120738,7 +120728,7 @@ SP_NOINLINE static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Reduce the number back to 521 bits using Montgomery reduction.
@@ -122606,7 +122596,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -122800,7 +122790,7 @@ SP_NOINLINE static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -122833,7 +122823,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -122842,7 +122832,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -124383,7 +124373,7 @@ SP_NOINLINE static sp_digit sp_521_cond_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Right shift a by 1 bit into r. (r = a >> 1)
@@ -125023,8 +125013,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125041,7 +125031,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -125215,8 +125205,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125233,7 +125223,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -125315,7 +125305,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -125540,15 +125530,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_521));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_521));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -125744,8 +125734,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125762,7 +125752,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -125852,8 +125842,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -125908,7 +125897,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -126053,10 +126042,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126076,7 +126063,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -126089,8 +126076,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -126102,7 +126091,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -126188,10 +126177,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -126308,8 +126299,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126364,7 +126354,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -126509,10 +126499,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126532,7 +126520,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -126545,8 +126533,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -126558,7 +126548,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -126644,10 +126634,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -126726,10 +126718,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -126806,10 +126796,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -128820,10 +128808,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -128898,10 +128884,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -129089,7 +129073,8 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -129100,12 +129085,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -129123,6 +129116,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -129140,6 +129134,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -129218,12 +129217,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -129383,10 +129379,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -131153,7 +131147,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -131329,7 +131323,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -132132,7 +132126,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -132246,14 +132240,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -132848,7 +132842,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -133017,7 +133011,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -135349,7 +135343,7 @@ static int sp_521_num_bits_17(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -135648,10 +135642,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -135861,8 +135853,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -135901,8 +135892,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136010,10 +136000,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136092,10 +136080,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136160,10 +136146,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136224,10 +136208,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136235,7 +136217,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -136277,8 +136259,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -136343,8 +136324,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -199435,7 +199415,7 @@ SP_NOINLINE static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -199587,7 +199567,7 @@ SP_NOINLINE static sp_digit sp_1024_add_word_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -199896,7 +199876,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -200191,7 +200171,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -200416,7 +200396,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -201287,7 +201267,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -201351,7 +201331,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #ifdef WOLFSSL_SP_SMALL
@@ -201425,7 +201405,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -202228,7 +202208,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -202367,7 +202347,7 @@ SP_NOINLINE static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -202488,16 +202468,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -203818,7 +203798,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -203908,7 +203888,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -203917,7 +203897,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -208981,7 +208961,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Right shift a by 1 bit into r. (r = a >> 1)
@@ -209912,8 +209892,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -209930,7 +209910,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -210104,8 +210084,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -210122,7 +210102,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -210463,8 +210443,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -210481,7 +210461,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -210571,8 +210551,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -210671,10 +210650,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -210694,7 +210671,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -210707,8 +210684,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -210720,7 +210699,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -210806,10 +210785,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -210926,8 +210907,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -211026,10 +211006,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -211049,7 +211027,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -211062,8 +211040,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -211075,7 +211055,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -211161,10 +211141,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -211243,10 +211225,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -214881,10 +214861,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -214959,10 +214937,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -214996,7 +214972,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -215027,10 +215003,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -215056,7 +215030,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -215123,10 +215097,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -215273,9 +215245,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -217171,9 +217141,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -217541,9 +217509,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -217968,9 +217934,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -218000,7 +217964,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -218229,7 +218193,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -218336,9 +218300,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(neg, 1, NULL);
     sp_1024_point_free_32(c, 1, NULL);
@@ -218531,9 +218493,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -218556,7 +218516,8 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -218567,12 +218528,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -218626,7 +218595,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
@@ -218634,8 +218603,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -218674,8 +218642,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -218783,10 +218750,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c
index 468e0fcfe..ec6d5ed0d 100644
--- a/wolfcrypt/src/sp_c32.c
+++ b/wolfcrypt/src/sp_c32.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,13 +71,13 @@
 #define SP_PRINT_NUM(var, name, total, words, bits)   \
     do {                                              \
         int ii;                                       \
-        byte nb[(bits + 7) / 8];                      \
+        byte nb[((bits) + 7) / 8];                    \
         sp_digit _s[words];                           \
         XMEMCPY(_s, var, sizeof(_s));                 \
         sp_##total##_norm_##words(_s);                \
         sp_##total##_to_bin_##words(_s, nb);          \
         fprintf(stderr, name "=0x");                  \
-        for (ii=0; ii<(bits + 7) / 8; ii++)           \
+        for (ii=0; ii<((bits) + 7) / 8; ii++)         \
             fprintf(stderr, "%02x", nb[ii]);          \
         fprintf(stderr, "\n");                        \
     } while (0)
@@ -357,29 +357,29 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -387,7 +387,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -396,7 +396,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -406,7 +406,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 9]
        + ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
@@ -417,7 +417,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1]
        + ((sp_uint64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[10]
        + ((sp_uint64)a[ 1]) * b[ 9]
        + ((sp_uint64)a[ 2]) * b[ 8]
@@ -429,7 +429,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 8]) * b[ 2]
        + ((sp_uint64)a[ 9]) * b[ 1]
        + ((sp_uint64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[11]
        + ((sp_uint64)a[ 1]) * b[10]
        + ((sp_uint64)a[ 2]) * b[ 9]
@@ -442,7 +442,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 2]
        + ((sp_uint64)a[10]) * b[ 1]
        + ((sp_uint64)a[11]) * b[ 0];
-    t[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 1]) * b[11]
        + ((sp_uint64)a[ 2]) * b[10]
        + ((sp_uint64)a[ 3]) * b[ 9]
@@ -454,7 +454,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 3]
        + ((sp_uint64)a[10]) * b[ 2]
        + ((sp_uint64)a[11]) * b[ 1];
-    t[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 2]) * b[11]
        + ((sp_uint64)a[ 3]) * b[10]
        + ((sp_uint64)a[ 4]) * b[ 9]
@@ -465,7 +465,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 4]
        + ((sp_uint64)a[10]) * b[ 3]
        + ((sp_uint64)a[11]) * b[ 2];
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 3]) * b[11]
        + ((sp_uint64)a[ 4]) * b[10]
        + ((sp_uint64)a[ 5]) * b[ 9]
@@ -475,7 +475,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 5]
        + ((sp_uint64)a[10]) * b[ 4]
        + ((sp_uint64)a[11]) * b[ 3];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 4]) * b[11]
        + ((sp_uint64)a[ 5]) * b[10]
        + ((sp_uint64)a[ 6]) * b[ 9]
@@ -484,7 +484,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 6]
        + ((sp_uint64)a[10]) * b[ 5]
        + ((sp_uint64)a[11]) * b[ 4];
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 5]) * b[11]
        + ((sp_uint64)a[ 6]) * b[10]
        + ((sp_uint64)a[ 7]) * b[ 9]
@@ -492,35 +492,35 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 7]
        + ((sp_uint64)a[10]) * b[ 6]
        + ((sp_uint64)a[11]) * b[ 5];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 6]) * b[11]
        + ((sp_uint64)a[ 7]) * b[10]
        + ((sp_uint64)a[ 8]) * b[ 9]
        + ((sp_uint64)a[ 9]) * b[ 8]
        + ((sp_uint64)a[10]) * b[ 7]
        + ((sp_uint64)a[11]) * b[ 6];
-    r[16] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 7]) * b[11]
        + ((sp_uint64)a[ 8]) * b[10]
        + ((sp_uint64)a[ 9]) * b[ 9]
        + ((sp_uint64)a[10]) * b[ 8]
        + ((sp_uint64)a[11]) * b[ 7];
-    r[17] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 8]) * b[11]
        + ((sp_uint64)a[ 9]) * b[10]
        + ((sp_uint64)a[10]) * b[ 9]
        + ((sp_uint64)a[11]) * b[ 8];
-    r[18] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 9]) * b[11]
        + ((sp_uint64)a[10]) * b[10]
        + ((sp_uint64)a[11]) * b[ 9];
-    r[19] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[10]) * b[11]
        + ((sp_uint64)a[11]) * b[10];
-    r[20] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[11]) * b[11];
-    r[21] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[22] = t0 & 0x1fffffff;
+    r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[22] = (sp_digit)(t0 & 0x1fffffff);
     r[23] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -874,105 +874,105 @@ SP_NOINLINE static void sp_2048_sqr_12(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 9]
        +  ((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[10]
        +  ((sp_uint64)a[ 1]) * a[ 9]
        +  ((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[11]
        +  ((sp_uint64)a[ 1]) * a[10]
        +  ((sp_uint64)a[ 2]) * a[ 9]
        +  ((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 1]) * a[11]
        +  ((sp_uint64)a[ 2]) * a[10]
        +  ((sp_uint64)a[ 3]) * a[ 9]
        +  ((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 2]) * a[11]
        +  ((sp_uint64)a[ 3]) * a[10]
        +  ((sp_uint64)a[ 4]) * a[ 9]
        +  ((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 3]) * a[11]
        +  ((sp_uint64)a[ 4]) * a[10]
        +  ((sp_uint64)a[ 5]) * a[ 9]
        +  ((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 4]) * a[11]
        +  ((sp_uint64)a[ 5]) * a[10]
        +  ((sp_uint64)a[ 6]) * a[ 9]
        +  ((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 5]) * a[11]
        +  ((sp_uint64)a[ 6]) * a[10]
        +  ((sp_uint64)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 6]) * a[11]
        +  ((sp_uint64)a[ 7]) * a[10]
        +  ((sp_uint64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 7]) * a[11]
        +  ((sp_uint64)a[ 8]) * a[10]) * 2
        +  ((sp_uint64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 8]) * a[11]
        +  ((sp_uint64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 9]) * a[11]) * 2
        +  ((sp_uint64)a[10]) * a[10];
-    r[19] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 =  ((sp_uint64)a[11]) * a[11];
-    r[21] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[22] = t0 & 0x1fffffff;
+    r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[22] = (sp_digit)(t0 & 0x1fffffff);
     r[23] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -1626,26 +1626,26 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
     t[3]  = (tb * a[35]) + r[35];
-    r[32] = t[0] & 0x1fffffff;
+    r[32] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[33] = t[1] & 0x1fffffff;
+    r[33] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[34] = t[2] & 0x1fffffff;
+    r[34] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[35] = t[3] & 0x1fffffff;
+    r[35] = (sp_digit)(t[3] & 0x1fffffff);
     r[36] +=  (sp_digit)(t[3] >> 29);
 #else
     sp_int64 tb = b;
@@ -1662,34 +1662,34 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
     t[3]  = (tb * a[35]) + r[35];
-    r[32] = t[0] & 0x1fffffff;
+    r[32] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[33] = t[1] & 0x1fffffff;
+    r[33] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[34] = t[2] & 0x1fffffff;
+    r[34] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[35] = t[3] & 0x1fffffff;
+    r[35] = (sp_digit)(t[3] & 0x1fffffff);
     r[36] +=  (sp_digit)(t[3] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -1708,7 +1708,7 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[36]) << 20;
 
     for (i = 0; i < 35; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[37 + i]) << 20;
     }
@@ -1718,26 +1718,26 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[35] >> 9;
     n += ((sp_int64)a[36]) << 20;
     for (i = 0; i < 32; i += 8) {
-        r[i + 0] = n & 0x1fffffff;
+        r[i + 0] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 37]) << 20;
-        r[i + 1] = n & 0x1fffffff;
+        r[i + 1] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 38]) << 20;
-        r[i + 2] = n & 0x1fffffff;
+        r[i + 2] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 39]) << 20;
-        r[i + 3] = n & 0x1fffffff;
+        r[i + 3] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 40]) << 20;
-        r[i + 4] = n & 0x1fffffff;
+        r[i + 4] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 41]) << 20;
-        r[i + 5] = n & 0x1fffffff;
+        r[i + 5] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 42]) << 20;
-        r[i + 6] = n & 0x1fffffff;
+        r[i + 6] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 43]) << 20;
-        r[i + 7] = n & 0x1fffffff;
+        r[i + 7] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 44]) << 20;
     }
-    r[32] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[69]) << 20;
-    r[33] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[70]) << 20;
-    r[34] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[71]) << 20;
+    r[32] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[69]) << 20;
+    r[33] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[70]) << 20;
+    r[34] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[71]) << 20;
     r[35] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[36], 0, sizeof(*r) * 36U);
@@ -1758,11 +1758,11 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_36(a + 36);
 
     for (i=0; i<35; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL);
     sp_2048_mul_add_36(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -1913,22 +1913,22 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<35; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (29 - n)) & 0x1fffffff);
-    r[33] = (a[33] >> n) | ((a[34] << (29 - n)) & 0x1fffffff);
-    r[34] = (a[34] >> n) | ((a[35] << (29 - n)) & 0x1fffffff);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (29 - n)) & 0x1fffffff);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (29 - n)) & 0x1fffffff);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (29 - n)) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[35] = a[35] >> n;
 }
@@ -2105,8 +2105,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2218,14 +2217,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2309,13 +2307,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2455,13 +2452,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(rt, m, mp);
         n = sp_2048_cmp_36(rt, m);
-        sp_2048_cond_sub_36(rt, rt, m, ~(n >> 31));
+        sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 72);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2615,26 +2611,26 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
     t[2]  = (tb * a[70]) + r[70];
     t[3]  = (tb * a[71]) + r[71];
-    r[68] = t[0] & 0x1fffffff;
+    r[68] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[69] = t[1] & 0x1fffffff;
+    r[69] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[70] = t[2] & 0x1fffffff;
+    r[70] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[71] = t[3] & 0x1fffffff;
+    r[71] = (sp_digit)(t[3] & 0x1fffffff);
     r[72] +=  (sp_digit)(t[3] >> 29);
 #else
     sp_int64 tb = b;
@@ -2651,21 +2647,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[64]) + r[64];
@@ -2676,21 +2672,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[69]) + r[69];
     t[6]  = (tb * a[70]) + r[70];
     t[7]  = (tb * a[71]) + r[71];
-    r[64] = t[0] & 0x1fffffff;
+    r[64] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[65] = t[1] & 0x1fffffff;
+    r[65] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[66] = t[2] & 0x1fffffff;
+    r[66] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[67] = t[3] & 0x1fffffff;
+    r[67] = (sp_digit)(t[3] & 0x1fffffff);
     t[4] += t[3] >> 29;
-    r[68] = t[4] & 0x1fffffff;
+    r[68] = (sp_digit)(t[4] & 0x1fffffff);
     t[5] += t[4] >> 29;
-    r[69] = t[5] & 0x1fffffff;
+    r[69] = (sp_digit)(t[5] & 0x1fffffff);
     t[6] += t[5] >> 29;
-    r[70] = t[6] & 0x1fffffff;
+    r[70] = (sp_digit)(t[6] & 0x1fffffff);
     t[7] += t[6] >> 29;
-    r[71] = t[7] & 0x1fffffff;
+    r[71] = (sp_digit)(t[7] & 0x1fffffff);
     r[72] +=  (sp_digit)(t[7] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -2709,7 +2705,7 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[71]) << 11;
 
     for (i = 0; i < 70; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[72 + i]) << 11;
     }
@@ -2719,29 +2715,29 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[70] >> 18;
     n += ((sp_int64)a[71]) << 11;
     for (i = 0; i < 64; i += 8) {
-        r[i + 0] = n & 0x1fffffff;
+        r[i + 0] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 72]) << 11;
-        r[i + 1] = n & 0x1fffffff;
+        r[i + 1] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 73]) << 11;
-        r[i + 2] = n & 0x1fffffff;
+        r[i + 2] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 74]) << 11;
-        r[i + 3] = n & 0x1fffffff;
+        r[i + 3] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 75]) << 11;
-        r[i + 4] = n & 0x1fffffff;
+        r[i + 4] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 76]) << 11;
-        r[i + 5] = n & 0x1fffffff;
+        r[i + 5] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 77]) << 11;
-        r[i + 6] = n & 0x1fffffff;
+        r[i + 6] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 78]) << 11;
-        r[i + 7] = n & 0x1fffffff;
+        r[i + 7] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 79]) << 11;
     }
-    r[64] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[136]) << 11;
-    r[65] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[137]) << 11;
-    r[66] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[138]) << 11;
-    r[67] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[139]) << 11;
-    r[68] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[140]) << 11;
-    r[69] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[141]) << 11;
+    r[64] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[136]) << 11;
+    r[65] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[137]) << 11;
+    r[66] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[138]) << 11;
+    r[67] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[139]) << 11;
+    r[68] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[140]) << 11;
+    r[69] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[141]) << 11;
     r[70] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[71], 0, sizeof(*r) * 71U);
@@ -2764,33 +2760,33 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<70; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_2048_mul_add_72(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<70; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_2048_mul_add_72(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x3ffffL;
+        mu = (sp_digit)(a[i] & 0x3ffffL);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<70; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
     sp_2048_mul_add_72(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -2971,26 +2967,26 @@ SP_NOINLINE static void sp_2048_rshift_72(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<71; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<64; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
-    r[64] = (a[64] >> n) | ((a[65] << (29 - n)) & 0x1fffffff);
-    r[65] = (a[65] >> n) | ((a[66] << (29 - n)) & 0x1fffffff);
-    r[66] = (a[66] >> n) | ((a[67] << (29 - n)) & 0x1fffffff);
-    r[67] = (a[67] >> n) | ((a[68] << (29 - n)) & 0x1fffffff);
-    r[68] = (a[68] >> n) | ((a[69] << (29 - n)) & 0x1fffffff);
-    r[69] = (a[69] >> n) | ((a[70] << (29 - n)) & 0x1fffffff);
-    r[70] = (a[70] >> n) | ((a[71] << (29 - n)) & 0x1fffffff);
+    r[64] = (a[64] >> n) | (sp_digit)((a[65] << (29 - n)) & 0x1fffffff);
+    r[65] = (a[65] >> n) | (sp_digit)((a[66] << (29 - n)) & 0x1fffffff);
+    r[66] = (a[66] >> n) | (sp_digit)((a[67] << (29 - n)) & 0x1fffffff);
+    r[67] = (a[67] >> n) | (sp_digit)((a[68] << (29 - n)) & 0x1fffffff);
+    r[68] = (a[68] >> n) | (sp_digit)((a[69] << (29 - n)) & 0x1fffffff);
+    r[69] = (a[69] >> n) | (sp_digit)((a[70] << (29 - n)) & 0x1fffffff);
+    r[70] = (a[70] >> n) | (sp_digit)((a[71] << (29 - n)) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[71] = a[71] >> n;
 }
@@ -3167,8 +3163,7 @@ static int sp_2048_div_72(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3283,14 +3278,13 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(t[0], m, mp);
         n = sp_2048_cmp_72(t[0], m);
-        sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 72 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3374,13 +3368,12 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(t[0], m, mp);
         n = sp_2048_cmp_72(t[0], m);
-        sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 72 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3503,13 +3496,12 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(rt, m, mp);
         n = sp_2048_cmp_72(rt, m);
-        sp_2048_cond_sub_72(rt, rt, m, ~(n >> 31));
+        sp_2048_cond_sub_72(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 144);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3630,8 +3622,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -3742,8 +3733,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -4113,7 +4103,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 36 * 13);
@@ -4350,7 +4340,7 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a,
 
     r[72] = a[71] >> (29 - n);
     for (i=71; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
 #else
     sp_int_digit s;
@@ -4359,149 +4349,149 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[71];
     r[72] = s >> (29U - n);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -4611,12 +4601,11 @@ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_72(r, m, mp);
         n = sp_2048_cmp_72(r, m);
-        sp_2048_cond_sub_72(r, r, m, ~(n >> 31));
+        sp_2048_cond_sub_72(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5335,17 +5324,17 @@ SP_NOINLINE static void sp_3072_mul_add_53(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[52]) + r[52];
-    r[52] = t[0] & 0x1fffffff;
+    r[52] = (sp_digit)(t[0] & 0x1fffffff);
     r[53] +=  (sp_digit)(t[0] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -5362,7 +5351,7 @@ static void sp_3072_mont_shift_53(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[53]) << 1;
 
     for (i = 0; i < 52; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[54 + i]) << 1;
     }
@@ -5385,11 +5374,11 @@ static void sp_3072_mont_reduce_53(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_53(a + 53);
 
     for (i=0; i<52; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_3072_mul_add_53(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL);
     sp_3072_mul_add_53(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -5613,7 +5602,7 @@ SP_NOINLINE static void sp_3072_rshift_53(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<52; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[52] = a[52] >> n;
 }
@@ -5790,8 +5779,7 @@ static int sp_3072_div_53(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5903,14 +5891,13 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(t[0], m, mp);
         n = sp_3072_cmp_53(t[0], m);
-        sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 53 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5994,13 +5981,12 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(t[0], m, mp);
         n = sp_3072_cmp_53(t[0], m);
-        sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 53 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6140,13 +6126,12 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(rt, m, mp);
         n = sp_3072_cmp_53(rt, m);
-        sp_3072_cond_sub_53(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_53(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 106);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6265,20 +6250,20 @@ SP_NOINLINE static void sp_3072_mul_add_106(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[104]) + r[104];
     t[1]  = (tb * a[105]) + r[105];
-    r[104] = t[0] & 0x1fffffff;
+    r[104] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[105] = t[1] & 0x1fffffff;
+    r[105] = (sp_digit)(t[1] & 0x1fffffff);
     r[106] +=  (sp_digit)(t[1] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -6295,7 +6280,7 @@ static void sp_3072_mont_shift_106(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[106]) << 2;
 
     for (i = 0; i < 105; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[107 + i]) << 2;
     }
@@ -6320,33 +6305,33 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<105; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_3072_mul_add_106(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<105; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_3072_mul_add_106(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x7ffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffL);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<105; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL);
     sp_3072_mul_add_106(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -6452,7 +6437,7 @@ SP_NOINLINE static void sp_3072_rshift_106(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<105; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[105] = a[105] >> n;
 }
@@ -6629,8 +6614,7 @@ static int sp_3072_div_106(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6743,14 +6727,13 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(t[0], m, mp);
         n = sp_3072_cmp_106(t[0], m);
-        sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 106 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6834,13 +6817,12 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(t[0], m, mp);
         n = sp_3072_cmp_106(t[0], m);
-        sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 106 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6963,13 +6945,12 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(rt, m, mp);
         n = sp_3072_cmp_106(rt, m);
-        sp_3072_cond_sub_106(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_106(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 212);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7088,8 +7069,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -7200,8 +7180,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -7571,7 +7550,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 53 * 13);
@@ -7807,9 +7786,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a,
 
     r[106] = a[105] >> (29 - n);
     for (i=105; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -7919,12 +7898,11 @@ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_106(r, m, mp);
         n = sp_3072_cmp_106(r, m);
-        sp_3072_cond_sub_106(r, r, m, ~(n >> 31));
+        sp_3072_cond_sub_106(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8460,29 +8438,29 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -8490,7 +8468,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -8499,7 +8477,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -8509,7 +8487,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 9]
        + ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
@@ -8520,7 +8498,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1]
        + ((sp_uint64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[10]
        + ((sp_uint64)a[ 1]) * b[ 9]
        + ((sp_uint64)a[ 2]) * b[ 8]
@@ -8532,7 +8510,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 8]) * b[ 2]
        + ((sp_uint64)a[ 9]) * b[ 1]
        + ((sp_uint64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[11]
        + ((sp_uint64)a[ 1]) * b[10]
        + ((sp_uint64)a[ 2]) * b[ 9]
@@ -8545,7 +8523,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 2]
        + ((sp_uint64)a[10]) * b[ 1]
        + ((sp_uint64)a[11]) * b[ 0];
-    t[10] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[12]
        + ((sp_uint64)a[ 1]) * b[11]
        + ((sp_uint64)a[ 2]) * b[10]
@@ -8559,7 +8537,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[10]) * b[ 2]
        + ((sp_uint64)a[11]) * b[ 1]
        + ((sp_uint64)a[12]) * b[ 0];
-    t[11] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[13]
        + ((sp_uint64)a[ 1]) * b[12]
        + ((sp_uint64)a[ 2]) * b[11]
@@ -8574,7 +8552,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 2]
        + ((sp_uint64)a[12]) * b[ 1]
        + ((sp_uint64)a[13]) * b[ 0];
-    t[12] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 1]) * b[13]
        + ((sp_uint64)a[ 2]) * b[12]
        + ((sp_uint64)a[ 3]) * b[11]
@@ -8588,7 +8566,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 3]
        + ((sp_uint64)a[12]) * b[ 2]
        + ((sp_uint64)a[13]) * b[ 1];
-    t[13] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 2]) * b[13]
        + ((sp_uint64)a[ 3]) * b[12]
        + ((sp_uint64)a[ 4]) * b[11]
@@ -8601,7 +8579,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 4]
        + ((sp_uint64)a[12]) * b[ 3]
        + ((sp_uint64)a[13]) * b[ 2];
-    r[14] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 3]) * b[13]
        + ((sp_uint64)a[ 4]) * b[12]
        + ((sp_uint64)a[ 5]) * b[11]
@@ -8613,7 +8591,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 5]
        + ((sp_uint64)a[12]) * b[ 4]
        + ((sp_uint64)a[13]) * b[ 3];
-    r[15] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 4]) * b[13]
        + ((sp_uint64)a[ 5]) * b[12]
        + ((sp_uint64)a[ 6]) * b[11]
@@ -8624,7 +8602,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 6]
        + ((sp_uint64)a[12]) * b[ 5]
        + ((sp_uint64)a[13]) * b[ 4];
-    r[16] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 5]) * b[13]
        + ((sp_uint64)a[ 6]) * b[12]
        + ((sp_uint64)a[ 7]) * b[11]
@@ -8634,7 +8612,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 7]
        + ((sp_uint64)a[12]) * b[ 6]
        + ((sp_uint64)a[13]) * b[ 5];
-    r[17] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 6]) * b[13]
        + ((sp_uint64)a[ 7]) * b[12]
        + ((sp_uint64)a[ 8]) * b[11]
@@ -8643,7 +8621,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 8]
        + ((sp_uint64)a[12]) * b[ 7]
        + ((sp_uint64)a[13]) * b[ 6];
-    r[18] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 7]) * b[13]
        + ((sp_uint64)a[ 8]) * b[12]
        + ((sp_uint64)a[ 9]) * b[11]
@@ -8651,35 +8629,35 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 9]
        + ((sp_uint64)a[12]) * b[ 8]
        + ((sp_uint64)a[13]) * b[ 7];
-    r[19] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 8]) * b[13]
        + ((sp_uint64)a[ 9]) * b[12]
        + ((sp_uint64)a[10]) * b[11]
        + ((sp_uint64)a[11]) * b[10]
        + ((sp_uint64)a[12]) * b[ 9]
        + ((sp_uint64)a[13]) * b[ 8];
-    r[20] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 9]) * b[13]
        + ((sp_uint64)a[10]) * b[12]
        + ((sp_uint64)a[11]) * b[11]
        + ((sp_uint64)a[12]) * b[10]
        + ((sp_uint64)a[13]) * b[ 9];
-    r[21] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[10]) * b[13]
        + ((sp_uint64)a[11]) * b[12]
        + ((sp_uint64)a[12]) * b[11]
        + ((sp_uint64)a[13]) * b[10];
-    r[22] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[11]) * b[13]
        + ((sp_uint64)a[12]) * b[12]
        + ((sp_uint64)a[13]) * b[11];
-    r[23] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[12]) * b[13]
        + ((sp_uint64)a[13]) * b[12];
-    r[24] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[13]) * b[13];
-    r[25] = t1 & 0xfffffff; t0 += t1 >> 28;
-    r[26] = t0 & 0xfffffff;
+    r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
+    r[26] = (sp_digit)(t0 & 0xfffffff);
     r[27] = (sp_digit)(t0 >> 28);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -9032,57 +9010,57 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 9]
        +  ((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[10]
        +  ((sp_uint64)a[ 1]) * a[ 9]
        +  ((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[11]
        +  ((sp_uint64)a[ 1]) * a[10]
        +  ((sp_uint64)a[ 2]) * a[ 9]
        +  ((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[12]
        +  ((sp_uint64)a[ 1]) * a[11]
        +  ((sp_uint64)a[ 2]) * a[10]
@@ -9090,7 +9068,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[13]
        +  ((sp_uint64)a[ 1]) * a[12]
        +  ((sp_uint64)a[ 2]) * a[11]
@@ -9098,7 +9076,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 4]) * a[ 9]
        +  ((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 1]) * a[13]
        +  ((sp_uint64)a[ 2]) * a[12]
        +  ((sp_uint64)a[ 3]) * a[11]
@@ -9106,62 +9084,62 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 5]) * a[ 9]
        +  ((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    t[13] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 2]) * a[13]
        +  ((sp_uint64)a[ 3]) * a[12]
        +  ((sp_uint64)a[ 4]) * a[11]
        +  ((sp_uint64)a[ 5]) * a[10]
        +  ((sp_uint64)a[ 6]) * a[ 9]
        +  ((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 3]) * a[13]
        +  ((sp_uint64)a[ 4]) * a[12]
        +  ((sp_uint64)a[ 5]) * a[11]
        +  ((sp_uint64)a[ 6]) * a[10]
        +  ((sp_uint64)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 4]) * a[13]
        +  ((sp_uint64)a[ 5]) * a[12]
        +  ((sp_uint64)a[ 6]) * a[11]
        +  ((sp_uint64)a[ 7]) * a[10]
        +  ((sp_uint64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 5]) * a[13]
        +  ((sp_uint64)a[ 6]) * a[12]
        +  ((sp_uint64)a[ 7]) * a[11]
        +  ((sp_uint64)a[ 8]) * a[10]) * 2
        +  ((sp_uint64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 6]) * a[13]
        +  ((sp_uint64)a[ 7]) * a[12]
        +  ((sp_uint64)a[ 8]) * a[11]
        +  ((sp_uint64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 7]) * a[13]
        +  ((sp_uint64)a[ 8]) * a[12]
        +  ((sp_uint64)a[ 9]) * a[11]) * 2
        +  ((sp_uint64)a[10]) * a[10];
-    r[19] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 8]) * a[13]
        +  ((sp_uint64)a[ 9]) * a[12]
        +  ((sp_uint64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 9]) * a[13]
        +  ((sp_uint64)a[10]) * a[12]) * 2
        +  ((sp_uint64)a[11]) * a[11];
-    r[21] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[10]) * a[13]
        +  ((sp_uint64)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[11]) * a[13]) * 2
        +  ((sp_uint64)a[12]) * a[12];
-    r[23] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[12]) * a[13]) * 2;
-    r[24] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 =  ((sp_uint64)a[13]) * a[13];
-    r[25] = t1 & 0xfffffff; t0 += t1 >> 28;
-    r[26] = t0 & 0xfffffff;
+    r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
+    r[26] = (sp_digit)(t0 & 0xfffffff);
     r[27] = (sp_digit)(t0 >> 28);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -9419,21 +9397,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0xfffffff;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffff);
         t[1] += t[0] >> 28;
-        r[i+1] = t[1] & 0xfffffff;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffff);
         t[2] += t[1] >> 28;
-        r[i+2] = t[2] & 0xfffffff;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffff);
         t[3] += t[2] >> 28;
-        r[i+3] = t[3] & 0xfffffff;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffff);
         t[4] += t[3] >> 28;
-        r[i+4] = t[4] & 0xfffffff;
+        r[i+4] = (sp_digit)(t[4] & 0xfffffff);
         t[5] += t[4] >> 28;
-        r[i+5] = t[5] & 0xfffffff;
+        r[i+5] = (sp_digit)(t[5] & 0xfffffff);
         t[6] += t[5] >> 28;
-        r[i+6] = t[6] & 0xfffffff;
+        r[i+6] = (sp_digit)(t[6] & 0xfffffff);
         t[7] += t[6] >> 28;
-        r[i+7] = t[7] & 0xfffffff;
+        r[i+7] = (sp_digit)(t[7] & 0xfffffff);
         t[0]  = t[7] >> 28;
     }
     t[0] += (tb * a[48]) + r[48];
@@ -9444,21 +9422,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[53]) + r[53];
     t[6]  = (tb * a[54]) + r[54];
     t[7]  = (tb * a[55]) + r[55];
-    r[48] = t[0] & 0xfffffff;
+    r[48] = (sp_digit)(t[0] & 0xfffffff);
     t[1] += t[0] >> 28;
-    r[49] = t[1] & 0xfffffff;
+    r[49] = (sp_digit)(t[1] & 0xfffffff);
     t[2] += t[1] >> 28;
-    r[50] = t[2] & 0xfffffff;
+    r[50] = (sp_digit)(t[2] & 0xfffffff);
     t[3] += t[2] >> 28;
-    r[51] = t[3] & 0xfffffff;
+    r[51] = (sp_digit)(t[3] & 0xfffffff);
     t[4] += t[3] >> 28;
-    r[52] = t[4] & 0xfffffff;
+    r[52] = (sp_digit)(t[4] & 0xfffffff);
     t[5] += t[4] >> 28;
-    r[53] = t[5] & 0xfffffff;
+    r[53] = (sp_digit)(t[5] & 0xfffffff);
     t[6] += t[5] >> 28;
-    r[54] = t[6] & 0xfffffff;
+    r[54] = (sp_digit)(t[6] & 0xfffffff);
     t[7] += t[6] >> 28;
-    r[55] = t[7] & 0xfffffff;
+    r[55] = (sp_digit)(t[7] & 0xfffffff);
     r[56] +=  (sp_digit)(t[7] >> 28);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -9474,29 +9452,29 @@ static void sp_3072_mont_shift_56(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[54] >> 24;
     n += ((sp_int64)a[55]) << 4;
     for (i = 0; i < 48; i += 8) {
-        r[i + 0] = n & 0xfffffff;
+        r[i + 0] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 56]) << 4;
-        r[i + 1] = n & 0xfffffff;
+        r[i + 1] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 57]) << 4;
-        r[i + 2] = n & 0xfffffff;
+        r[i + 2] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 58]) << 4;
-        r[i + 3] = n & 0xfffffff;
+        r[i + 3] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 59]) << 4;
-        r[i + 4] = n & 0xfffffff;
+        r[i + 4] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 60]) << 4;
-        r[i + 5] = n & 0xfffffff;
+        r[i + 5] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 61]) << 4;
-        r[i + 6] = n & 0xfffffff;
+        r[i + 6] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 62]) << 4;
-        r[i + 7] = n & 0xfffffff;
+        r[i + 7] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 63]) << 4;
     }
-    r[48] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[104]) << 4;
-    r[49] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[105]) << 4;
-    r[50] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[106]) << 4;
-    r[51] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[107]) << 4;
-    r[52] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[108]) << 4;
-    r[53] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[109]) << 4;
+    r[48] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[104]) << 4;
+    r[49] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[105]) << 4;
+    r[50] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[106]) << 4;
+    r[51] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[107]) << 4;
+    r[52] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[108]) << 4;
+    r[53] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[109]) << 4;
     r[54] = (sp_digit)n;
     XMEMSET(&r[55], 0, sizeof(*r) * 55U);
 }
@@ -9516,11 +9494,11 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_56(a + 55);
 
     for (i=0; i<54; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
         sp_3072_mul_add_56(a+i, m, mu);
         a[i+1] += a[i] >> 28;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL);
     sp_3072_mul_add_56(a+i, m, mu);
     a[i+1] += a[i] >> 28;
     a[i] &= 0xfffffff;
@@ -9633,22 +9611,22 @@ SP_NOINLINE static void sp_3072_rshift_56(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<48; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff);
     }
-    r[48] = (a[48] >> n) | ((a[49] << (28 - n)) & 0xfffffff);
-    r[49] = (a[49] >> n) | ((a[50] << (28 - n)) & 0xfffffff);
-    r[50] = (a[50] >> n) | ((a[51] << (28 - n)) & 0xfffffff);
-    r[51] = (a[51] >> n) | ((a[52] << (28 - n)) & 0xfffffff);
-    r[52] = (a[52] >> n) | ((a[53] << (28 - n)) & 0xfffffff);
-    r[53] = (a[53] >> n) | ((a[54] << (28 - n)) & 0xfffffff);
-    r[54] = (a[54] >> n) | ((a[55] << (28 - n)) & 0xfffffff);
+    r[48] = (a[48] >> n) | (sp_digit)((a[49] << (28 - n)) & 0xfffffff);
+    r[49] = (a[49] >> n) | (sp_digit)((a[50] << (28 - n)) & 0xfffffff);
+    r[50] = (a[50] >> n) | (sp_digit)((a[51] << (28 - n)) & 0xfffffff);
+    r[51] = (a[51] >> n) | (sp_digit)((a[52] << (28 - n)) & 0xfffffff);
+    r[52] = (a[52] >> n) | (sp_digit)((a[53] << (28 - n)) & 0xfffffff);
+    r[53] = (a[53] >> n) | (sp_digit)((a[54] << (28 - n)) & 0xfffffff);
+    r[54] = (a[54] >> n) | (sp_digit)((a[55] << (28 - n)) & 0xfffffff);
     r[55] = a[55] >> n;
 }
 
@@ -9824,8 +9802,7 @@ static int sp_3072_div_56(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9937,14 +9914,13 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(t[0], m, mp);
         n = sp_3072_cmp_56(t[0], m);
-        sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 56 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10028,13 +10004,12 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(t[0], m, mp);
         n = sp_3072_cmp_56(t[0], m);
-        sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 56 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10174,13 +10149,12 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(rt, m, mp);
         n = sp_3072_cmp_56(rt, m);
-        sp_3072_cond_sub_56(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_56(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 112);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10313,21 +10287,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0xfffffff;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffff);
         t[1] += t[0] >> 28;
-        r[i+1] = t[1] & 0xfffffff;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffff);
         t[2] += t[1] >> 28;
-        r[i+2] = t[2] & 0xfffffff;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffff);
         t[3] += t[2] >> 28;
-        r[i+3] = t[3] & 0xfffffff;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffff);
         t[4] += t[3] >> 28;
-        r[i+4] = t[4] & 0xfffffff;
+        r[i+4] = (sp_digit)(t[4] & 0xfffffff);
         t[5] += t[4] >> 28;
-        r[i+5] = t[5] & 0xfffffff;
+        r[i+5] = (sp_digit)(t[5] & 0xfffffff);
         t[6] += t[5] >> 28;
-        r[i+6] = t[6] & 0xfffffff;
+        r[i+6] = (sp_digit)(t[6] & 0xfffffff);
         t[7] += t[6] >> 28;
-        r[i+7] = t[7] & 0xfffffff;
+        r[i+7] = (sp_digit)(t[7] & 0xfffffff);
         t[0]  = t[7] >> 28;
     }
     t[0] += (tb * a[104]) + r[104];
@@ -10338,21 +10312,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[109]) + r[109];
     t[6]  = (tb * a[110]) + r[110];
     t[7]  = (tb * a[111]) + r[111];
-    r[104] = t[0] & 0xfffffff;
+    r[104] = (sp_digit)(t[0] & 0xfffffff);
     t[1] += t[0] >> 28;
-    r[105] = t[1] & 0xfffffff;
+    r[105] = (sp_digit)(t[1] & 0xfffffff);
     t[2] += t[1] >> 28;
-    r[106] = t[2] & 0xfffffff;
+    r[106] = (sp_digit)(t[2] & 0xfffffff);
     t[3] += t[2] >> 28;
-    r[107] = t[3] & 0xfffffff;
+    r[107] = (sp_digit)(t[3] & 0xfffffff);
     t[4] += t[3] >> 28;
-    r[108] = t[4] & 0xfffffff;
+    r[108] = (sp_digit)(t[4] & 0xfffffff);
     t[5] += t[4] >> 28;
-    r[109] = t[5] & 0xfffffff;
+    r[109] = (sp_digit)(t[5] & 0xfffffff);
     t[6] += t[5] >> 28;
-    r[110] = t[6] & 0xfffffff;
+    r[110] = (sp_digit)(t[6] & 0xfffffff);
     t[7] += t[6] >> 28;
-    r[111] = t[7] & 0xfffffff;
+    r[111] = (sp_digit)(t[7] & 0xfffffff);
     r[112] +=  (sp_digit)(t[7] >> 28);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -10368,28 +10342,28 @@ static void sp_3072_mont_shift_112(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[109] >> 20;
     n += ((sp_int64)a[110]) << 8;
     for (i = 0; i < 104; i += 8) {
-        r[i + 0] = n & 0xfffffff;
+        r[i + 0] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 111]) << 8;
-        r[i + 1] = n & 0xfffffff;
+        r[i + 1] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 112]) << 8;
-        r[i + 2] = n & 0xfffffff;
+        r[i + 2] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 113]) << 8;
-        r[i + 3] = n & 0xfffffff;
+        r[i + 3] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 114]) << 8;
-        r[i + 4] = n & 0xfffffff;
+        r[i + 4] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 115]) << 8;
-        r[i + 5] = n & 0xfffffff;
+        r[i + 5] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 116]) << 8;
-        r[i + 6] = n & 0xfffffff;
+        r[i + 6] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 117]) << 8;
-        r[i + 7] = n & 0xfffffff;
+        r[i + 7] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 118]) << 8;
     }
-    r[104] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[215]) << 8;
-    r[105] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[216]) << 8;
-    r[106] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[217]) << 8;
-    r[107] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[218]) << 8;
-    r[108] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[219]) << 8;
+    r[104] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[215]) << 8;
+    r[105] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[216]) << 8;
+    r[106] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[217]) << 8;
+    r[107] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[218]) << 8;
+    r[108] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[219]) << 8;
     r[109] = (sp_digit)n;
     XMEMSET(&r[110], 0, sizeof(*r) * 110U);
 }
@@ -10411,33 +10385,33 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<109; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
             sp_3072_mul_add_112(a+i, m, mu);
             a[i+1] += a[i] >> 28;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
         a[i] &= 0xfffffff;
     }
     else {
         for (i=0; i<109; i++) {
-            mu = a[i] & 0xfffffff;
+            mu = (sp_digit)(a[i] & 0xfffffff);
             sp_3072_mul_add_112(a+i, m, mu);
             a[i+1] += a[i] >> 28;
         }
-        mu = a[i] & 0xfffffL;
+        mu = (sp_digit)(a[i] & 0xfffffL);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
         a[i] &= 0xfffffff;
     }
 #else
     for (i=0; i<109; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_3072_mul_add_112(a+i, m, mu);
     a[i+1] += a[i] >> 28;
     a[i] &= 0xfffffff;
@@ -10551,22 +10525,22 @@ SP_NOINLINE static void sp_3072_rshift_112(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<104; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff);
     }
-    r[104] = (a[104] >> n) | ((a[105] << (28 - n)) & 0xfffffff);
-    r[105] = (a[105] >> n) | ((a[106] << (28 - n)) & 0xfffffff);
-    r[106] = (a[106] >> n) | ((a[107] << (28 - n)) & 0xfffffff);
-    r[107] = (a[107] >> n) | ((a[108] << (28 - n)) & 0xfffffff);
-    r[108] = (a[108] >> n) | ((a[109] << (28 - n)) & 0xfffffff);
-    r[109] = (a[109] >> n) | ((a[110] << (28 - n)) & 0xfffffff);
-    r[110] = (a[110] >> n) | ((a[111] << (28 - n)) & 0xfffffff);
+    r[104] = (a[104] >> n) | (sp_digit)((a[105] << (28 - n)) & 0xfffffff);
+    r[105] = (a[105] >> n) | (sp_digit)((a[106] << (28 - n)) & 0xfffffff);
+    r[106] = (a[106] >> n) | (sp_digit)((a[107] << (28 - n)) & 0xfffffff);
+    r[107] = (a[107] >> n) | (sp_digit)((a[108] << (28 - n)) & 0xfffffff);
+    r[108] = (a[108] >> n) | (sp_digit)((a[109] << (28 - n)) & 0xfffffff);
+    r[109] = (a[109] >> n) | (sp_digit)((a[110] << (28 - n)) & 0xfffffff);
+    r[110] = (a[110] >> n) | (sp_digit)((a[111] << (28 - n)) & 0xfffffff);
     r[111] = a[111] >> n;
 }
 
@@ -10743,8 +10717,7 @@ static int sp_3072_div_112(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10859,14 +10832,13 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(t[0], m, mp);
         n = sp_3072_cmp_112(t[0], m);
-        sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 112 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10950,13 +10922,12 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(t[0], m, mp);
         n = sp_3072_cmp_112(t[0], m);
-        sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 112 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11079,13 +11050,12 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(rt, m, mp);
         n = sp_3072_cmp_112(rt, m);
-        sp_3072_cond_sub_112(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_112(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 224);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11206,8 +11176,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -11318,8 +11287,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -11689,7 +11657,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 56 * 13);
@@ -11927,228 +11895,228 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[111];
     r[112] = s >> (28U - n);
     s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]);
-    r[111] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[111] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]);
-    r[110] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[110] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]);
-    r[109] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[109] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]);
-    r[108] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[108] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]);
-    r[107] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[107] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]);
-    r[106] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[106] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]);
-    r[105] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[105] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]);
-    r[104] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[104] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]);
-    r[103] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[103] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]);
-    r[102] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[102] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]);
-    r[101] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[101] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]);
-    r[100] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[100] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]);
-    r[99] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[99] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]);
-    r[98] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[98] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]);
-    r[97] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[97] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]);
-    r[96] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[96] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]);
-    r[95] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[95] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]);
-    r[94] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[94] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]);
-    r[93] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[93] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]);
-    r[92] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[92] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]);
-    r[91] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[91] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]);
-    r[90] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[90] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]);
-    r[89] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[89] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]);
-    r[88] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[88] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]);
-    r[87] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[87] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]);
-    r[86] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[86] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]);
-    r[85] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[85] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]);
-    r[84] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[84] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]);
-    r[83] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[83] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]);
-    r[82] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[82] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]);
-    r[81] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[81] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]);
-    r[80] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[80] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]);
-    r[79] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[79] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]);
-    r[78] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[78] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[77] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[76] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[75] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[74] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[73] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[72] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
-    r[0] = (a[0] << n) & 0xfffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -12258,12 +12226,11 @@ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_112(r, m, mp);
         n = sp_3072_cmp_112(r, m);
-        sp_3072_cond_sub_112(r, r, m, ~(n >> 31));
+        sp_3072_cond_sub_112(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12986,23 +12953,23 @@ SP_NOINLINE static void sp_4096_mul_add_71(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
     t[2]  = (tb * a[70]) + r[70];
-    r[68] = t[0] & 0x1fffffff;
+    r[68] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[69] = t[1] & 0x1fffffff;
+    r[69] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[70] = t[2] & 0x1fffffff;
+    r[70] = (sp_digit)(t[2] & 0x1fffffff);
     r[71] +=  (sp_digit)(t[2] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -13019,7 +12986,7 @@ static void sp_4096_mont_shift_71(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[71]) << 11;
 
     for (i = 0; i < 70; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[72 + i]) << 11;
     }
@@ -13042,11 +13009,11 @@ static void sp_4096_mont_reduce_71(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_71(a + 71);
 
     for (i=0; i<70; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_4096_mul_add_71(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
     sp_4096_mul_add_71(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -13270,7 +13237,7 @@ SP_NOINLINE static void sp_4096_rshift_71(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<70; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[70] = a[70] >> n;
 }
@@ -13447,8 +13414,7 @@ static int sp_4096_div_71(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13560,14 +13526,13 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(t[0], m, mp);
         n = sp_4096_cmp_71(t[0], m);
-        sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 71 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13651,13 +13616,12 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(t[0], m, mp);
         n = sp_4096_cmp_71(t[0], m);
-        sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 71 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13797,13 +13761,12 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(rt, m, mp);
         n = sp_4096_cmp_71(rt, m);
-        sp_4096_cond_sub_71(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_71(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 142);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -13923,20 +13886,20 @@ SP_NOINLINE static void sp_4096_mul_add_142(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[140]) + r[140];
     t[1]  = (tb * a[141]) + r[141];
-    r[140] = t[0] & 0x1fffffff;
+    r[140] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[141] = t[1] & 0x1fffffff;
+    r[141] = (sp_digit)(t[1] & 0x1fffffff);
     r[142] +=  (sp_digit)(t[1] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -13953,7 +13916,7 @@ static void sp_4096_mont_shift_142(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[142]) << 22;
 
     for (i = 0; i < 141; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[143 + i]) << 22;
     }
@@ -13978,33 +13941,33 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<141; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_4096_mul_add_142(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<141; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_4096_mul_add_142(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x7fL;
+        mu = (sp_digit)(a[i] & 0x7fL);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<141; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL);
     sp_4096_mul_add_142(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -14110,7 +14073,7 @@ SP_NOINLINE static void sp_4096_rshift_142(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<141; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[141] = a[141] >> n;
 }
@@ -14287,8 +14250,7 @@ static int sp_4096_div_142(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14401,14 +14363,13 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(t[0], m, mp);
         n = sp_4096_cmp_142(t[0], m);
-        sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 142 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14492,13 +14453,12 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(t[0], m, mp);
         n = sp_4096_cmp_142(t[0], m);
-        sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 142 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14621,13 +14581,12 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(rt, m, mp);
         n = sp_4096_cmp_142(rt, m);
-        sp_4096_cond_sub_142(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_142(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 284);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14746,8 +14705,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -14858,8 +14816,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -15229,7 +15186,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 71 * 13);
@@ -15465,9 +15422,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a,
 
     r[142] = a[141] >> (29 - n);
     for (i=141; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -15577,12 +15534,11 @@ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_142(r, m, mp);
         n = sp_4096_cmp_142(r, m);
-        sp_4096_cond_sub_142(r, r, m, ~(n >> 31));
+        sp_4096_cond_sub_142(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15965,29 +15921,29 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -15995,7 +15951,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -16004,7 +15960,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -16014,7 +15970,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
        + ((sp_uint64)a[ 3]) * b[ 6]
@@ -16023,7 +15979,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 3]
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 2]) * b[ 8]
        + ((sp_uint64)a[ 3]) * b[ 7]
        + ((sp_uint64)a[ 4]) * b[ 6]
@@ -16031,35 +15987,35 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 4]
        + ((sp_uint64)a[ 7]) * b[ 3]
        + ((sp_uint64)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 3]) * b[ 8]
        + ((sp_uint64)a[ 4]) * b[ 7]
        + ((sp_uint64)a[ 5]) * b[ 6]
        + ((sp_uint64)a[ 6]) * b[ 5]
        + ((sp_uint64)a[ 7]) * b[ 4]
        + ((sp_uint64)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 4]) * b[ 8]
        + ((sp_uint64)a[ 5]) * b[ 7]
        + ((sp_uint64)a[ 6]) * b[ 6]
        + ((sp_uint64)a[ 7]) * b[ 5]
        + ((sp_uint64)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 5]) * b[ 8]
        + ((sp_uint64)a[ 6]) * b[ 7]
        + ((sp_uint64)a[ 7]) * b[ 6]
        + ((sp_uint64)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 6]) * b[ 8]
        + ((sp_uint64)a[ 7]) * b[ 7]
        + ((sp_uint64)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 7]) * b[ 8]
        + ((sp_uint64)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[16] = t0 & 0x3ffffff;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff);
     r[17] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -16573,66 +16529,66 @@ SP_NOINLINE static void sp_4096_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 =  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[16] = t0 & 0x3ffffff;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff);
     r[17] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -16980,25 +16936,25 @@ SP_NOINLINE static void sp_4096_mul_add_81(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[4] += t[3] >> 26;
-        r[i+4] = t[4] & 0x3ffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x3ffffff);
         t[5] += t[4] >> 26;
-        r[i+5] = t[5] & 0x3ffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x3ffffff);
         t[6] += t[5] >> 26;
-        r[i+6] = t[6] & 0x3ffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x3ffffff);
         t[7] += t[6] >> 26;
-        r[i+7] = t[7] & 0x3ffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x3ffffff);
         t[0]  = t[7] >> 26;
     }
     t[0] += (tb * a[80]) + r[80];
-    r[80] = t[0] & 0x3ffffff;
+    r[80] = (sp_digit)(t[0] & 0x3ffffff);
     r[81] +=  (sp_digit)(t[0] >> 26);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -17014,29 +16970,29 @@ static void sp_4096_mont_shift_81(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[78] >> 20;
     n += ((sp_int64)a[79]) << 6;
     for (i = 0; i < 72; i += 8) {
-        r[i + 0] = n & 0x3ffffff;
+        r[i + 0] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 80]) << 6;
-        r[i + 1] = n & 0x3ffffff;
+        r[i + 1] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 81]) << 6;
-        r[i + 2] = n & 0x3ffffff;
+        r[i + 2] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 82]) << 6;
-        r[i + 3] = n & 0x3ffffff;
+        r[i + 3] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 83]) << 6;
-        r[i + 4] = n & 0x3ffffff;
+        r[i + 4] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 84]) << 6;
-        r[i + 5] = n & 0x3ffffff;
+        r[i + 5] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 85]) << 6;
-        r[i + 6] = n & 0x3ffffff;
+        r[i + 6] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 86]) << 6;
-        r[i + 7] = n & 0x3ffffff;
+        r[i + 7] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 87]) << 6;
     }
-    r[72] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[152]) << 6;
-    r[73] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[153]) << 6;
-    r[74] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[154]) << 6;
-    r[75] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[155]) << 6;
-    r[76] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[156]) << 6;
-    r[77] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[157]) << 6;
+    r[72] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[152]) << 6;
+    r[73] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[153]) << 6;
+    r[74] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[154]) << 6;
+    r[75] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[155]) << 6;
+    r[76] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[156]) << 6;
+    r[77] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[157]) << 6;
     r[78] = (sp_digit)n;
     XMEMSET(&r[79], 0, sizeof(*r) * 79U);
 }
@@ -17056,11 +17012,11 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_81(a + 79);
 
     for (i=0; i<78; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_4096_mul_add_81(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_4096_mul_add_81(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -17177,14 +17133,14 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<80; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
     r[80] = a[80] >> n;
 }
@@ -17362,8 +17318,7 @@ static int sp_4096_div_81(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17475,14 +17430,13 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(t[0], m, mp);
         n = sp_4096_cmp_81(t[0], m);
-        sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 81 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17566,13 +17520,12 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(t[0], m, mp);
         n = sp_4096_cmp_81(t[0], m);
-        sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 81 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17712,13 +17665,12 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(rt, m, mp);
         n = sp_4096_cmp_81(rt, m);
-        sp_4096_cond_sub_81(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_81(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 162);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17858,28 +17810,28 @@ SP_NOINLINE static void sp_4096_mul_add_162(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[4] += t[3] >> 26;
-        r[i+4] = t[4] & 0x3ffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x3ffffff);
         t[5] += t[4] >> 26;
-        r[i+5] = t[5] & 0x3ffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x3ffffff);
         t[6] += t[5] >> 26;
-        r[i+6] = t[6] & 0x3ffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x3ffffff);
         t[7] += t[6] >> 26;
-        r[i+7] = t[7] & 0x3ffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x3ffffff);
         t[0]  = t[7] >> 26;
     }
     t[0] += (tb * a[160]) + r[160];
     t[1]  = (tb * a[161]) + r[161];
-    r[160] = t[0] & 0x3ffffff;
+    r[160] = (sp_digit)(t[0] & 0x3ffffff);
     t[1] += t[0] >> 26;
-    r[161] = t[1] & 0x3ffffff;
+    r[161] = (sp_digit)(t[1] & 0x3ffffff);
     r[162] +=  (sp_digit)(t[1] >> 26);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -17895,28 +17847,28 @@ static void sp_4096_mont_shift_162(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[157] >> 14;
     n += ((sp_int64)a[158]) << 12;
     for (i = 0; i < 152; i += 8) {
-        r[i + 0] = n & 0x3ffffff;
+        r[i + 0] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 159]) << 12;
-        r[i + 1] = n & 0x3ffffff;
+        r[i + 1] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 160]) << 12;
-        r[i + 2] = n & 0x3ffffff;
+        r[i + 2] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 161]) << 12;
-        r[i + 3] = n & 0x3ffffff;
+        r[i + 3] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 162]) << 12;
-        r[i + 4] = n & 0x3ffffff;
+        r[i + 4] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 163]) << 12;
-        r[i + 5] = n & 0x3ffffff;
+        r[i + 5] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 164]) << 12;
-        r[i + 6] = n & 0x3ffffff;
+        r[i + 6] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 165]) << 12;
-        r[i + 7] = n & 0x3ffffff;
+        r[i + 7] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 166]) << 12;
     }
-    r[152] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[311]) << 12;
-    r[153] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[312]) << 12;
-    r[154] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[313]) << 12;
-    r[155] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[314]) << 12;
-    r[156] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[315]) << 12;
+    r[152] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[311]) << 12;
+    r[153] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[312]) << 12;
+    r[154] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[313]) << 12;
+    r[155] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[314]) << 12;
+    r[156] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[315]) << 12;
     r[157] = (sp_digit)n;
     XMEMSET(&r[158], 0, sizeof(*r) * 158U);
 }
@@ -17938,33 +17890,33 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<157; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
             sp_4096_mul_add_162(a+i, m, mu);
             a[i+1] += a[i] >> 26;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
         a[i] &= 0x3ffffff;
     }
     else {
         for (i=0; i<157; i++) {
-            mu = a[i] & 0x3ffffff;
+            mu = (sp_digit)(a[i] & 0x3ffffff);
             sp_4096_mul_add_162(a+i, m, mu);
             a[i+1] += a[i] >> 26;
         }
-        mu = a[i] & 0x3fffL;
+        mu = (sp_digit)(a[i] & 0x3fffL);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
         a[i] &= 0x3ffffff;
     }
 #else
     for (i=0; i<157; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL);
     sp_4096_mul_add_162(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -18080,16 +18032,16 @@ SP_NOINLINE static void sp_4096_rshift_162(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<160; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
-    r[160] = (a[160] >> n) | ((a[161] << (26 - n)) & 0x3ffffff);
+    r[160] = (a[160] >> n) | (sp_digit)((a[161] << (26 - n)) & 0x3ffffff);
     r[161] = a[161] >> n;
 }
 
@@ -18268,8 +18220,7 @@ static int sp_4096_div_162(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18384,14 +18335,13 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(t[0], m, mp);
         n = sp_4096_cmp_162(t[0], m);
-        sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 162 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18475,13 +18425,12 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(t[0], m, mp);
         n = sp_4096_cmp_162(t[0], m);
-        sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 162 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18604,13 +18553,12 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(rt, m, mp);
         n = sp_4096_cmp_162(rt, m);
-        sp_4096_cond_sub_162(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_162(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 324);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18731,8 +18679,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -18843,8 +18790,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -19214,7 +19160,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 81 * 13);
@@ -19452,328 +19398,328 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[161];
     r[162] = s >> (26U - n);
     s = (sp_int_digit)(a[161]); t = (sp_int_digit)(a[160]);
-    r[161] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[161] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[160]); t = (sp_int_digit)(a[159]);
-    r[160] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[160] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[159]); t = (sp_int_digit)(a[158]);
-    r[159] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[159] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[158]); t = (sp_int_digit)(a[157]);
-    r[158] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[158] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[157]); t = (sp_int_digit)(a[156]);
-    r[157] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[157] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[156]); t = (sp_int_digit)(a[155]);
-    r[156] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[156] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[155]); t = (sp_int_digit)(a[154]);
-    r[155] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[155] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[154]); t = (sp_int_digit)(a[153]);
-    r[154] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[154] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[153]); t = (sp_int_digit)(a[152]);
-    r[153] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[153] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[152]); t = (sp_int_digit)(a[151]);
-    r[152] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[152] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[151]); t = (sp_int_digit)(a[150]);
-    r[151] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[151] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[150]); t = (sp_int_digit)(a[149]);
-    r[150] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[150] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[149]); t = (sp_int_digit)(a[148]);
-    r[149] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[149] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[148]); t = (sp_int_digit)(a[147]);
-    r[148] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[148] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[147]); t = (sp_int_digit)(a[146]);
-    r[147] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[147] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[146]); t = (sp_int_digit)(a[145]);
-    r[146] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[146] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[145]); t = (sp_int_digit)(a[144]);
-    r[145] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[145] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[144]); t = (sp_int_digit)(a[143]);
-    r[144] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[144] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[143]); t = (sp_int_digit)(a[142]);
-    r[143] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[143] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[142]); t = (sp_int_digit)(a[141]);
-    r[142] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[142] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[141]); t = (sp_int_digit)(a[140]);
-    r[141] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[141] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[140]); t = (sp_int_digit)(a[139]);
-    r[140] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[140] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[139]); t = (sp_int_digit)(a[138]);
-    r[139] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[139] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[138]); t = (sp_int_digit)(a[137]);
-    r[138] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[138] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[137]); t = (sp_int_digit)(a[136]);
-    r[137] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[137] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[136]); t = (sp_int_digit)(a[135]);
-    r[136] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[136] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[135]); t = (sp_int_digit)(a[134]);
-    r[135] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[135] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[134]); t = (sp_int_digit)(a[133]);
-    r[134] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[134] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[133]); t = (sp_int_digit)(a[132]);
-    r[133] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[133] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[132]); t = (sp_int_digit)(a[131]);
-    r[132] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[132] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[131]); t = (sp_int_digit)(a[130]);
-    r[131] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[131] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[130]); t = (sp_int_digit)(a[129]);
-    r[130] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[130] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[129]); t = (sp_int_digit)(a[128]);
-    r[129] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[129] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[128]); t = (sp_int_digit)(a[127]);
-    r[128] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[128] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[127]); t = (sp_int_digit)(a[126]);
-    r[127] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[127] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[126]); t = (sp_int_digit)(a[125]);
-    r[126] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[126] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[125]); t = (sp_int_digit)(a[124]);
-    r[125] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[125] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[124]); t = (sp_int_digit)(a[123]);
-    r[124] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[124] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[123]); t = (sp_int_digit)(a[122]);
-    r[123] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[123] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[122]); t = (sp_int_digit)(a[121]);
-    r[122] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[122] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[121]); t = (sp_int_digit)(a[120]);
-    r[121] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[121] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[120]); t = (sp_int_digit)(a[119]);
-    r[120] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[120] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[119]); t = (sp_int_digit)(a[118]);
-    r[119] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[119] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[118]); t = (sp_int_digit)(a[117]);
-    r[118] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[118] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[117]); t = (sp_int_digit)(a[116]);
-    r[117] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[117] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[116]); t = (sp_int_digit)(a[115]);
-    r[116] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[116] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[115]); t = (sp_int_digit)(a[114]);
-    r[115] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[115] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[114]); t = (sp_int_digit)(a[113]);
-    r[114] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[114] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[113]); t = (sp_int_digit)(a[112]);
-    r[113] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[113] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[112]); t = (sp_int_digit)(a[111]);
-    r[112] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[112] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]);
-    r[111] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[111] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]);
-    r[110] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[110] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]);
-    r[109] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[109] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]);
-    r[108] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[108] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]);
-    r[107] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[107] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]);
-    r[106] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[106] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]);
-    r[105] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[105] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]);
-    r[104] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[104] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]);
-    r[103] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[103] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]);
-    r[102] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[102] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]);
-    r[101] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[101] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]);
-    r[100] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[100] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]);
-    r[99] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[99] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]);
-    r[98] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[98] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]);
-    r[97] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[97] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]);
-    r[96] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[96] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]);
-    r[95] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[95] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]);
-    r[94] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[94] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]);
-    r[93] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[93] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]);
-    r[92] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[92] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]);
-    r[91] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[91] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]);
-    r[90] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[90] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]);
-    r[89] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[89] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]);
-    r[88] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[88] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]);
-    r[87] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[87] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]);
-    r[86] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[86] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]);
-    r[85] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[85] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]);
-    r[84] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[84] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]);
-    r[83] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[83] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]);
-    r[82] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[82] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]);
-    r[81] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[81] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]);
-    r[80] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[80] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]);
-    r[79] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[79] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]);
-    r[78] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[78] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[77] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[76] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[75] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[74] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[73] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[72] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
-    r[0] = (a[0] << n) & 0x3ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -19883,12 +19829,11 @@ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_162(r, m, mp);
         n = sp_4096_cmp_162(r, m);
-        sp_4096_cond_sub_162(r, r, m, ~(n >> 31));
+        sp_4096_cond_sub_162(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20139,29 +20084,29 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int64)a[ 0]) * b[ 0];
     t1 = ((sp_int64)a[ 0]) * b[ 1]
        + ((sp_int64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 2]
        + ((sp_int64)a[ 1]) * b[ 1]
        + ((sp_int64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 3]
        + ((sp_int64)a[ 1]) * b[ 2]
        + ((sp_int64)a[ 2]) * b[ 1]
        + ((sp_int64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 4]
        + ((sp_int64)a[ 1]) * b[ 3]
        + ((sp_int64)a[ 2]) * b[ 2]
        + ((sp_int64)a[ 3]) * b[ 1]
        + ((sp_int64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 5]
        + ((sp_int64)a[ 1]) * b[ 4]
        + ((sp_int64)a[ 2]) * b[ 3]
        + ((sp_int64)a[ 3]) * b[ 2]
        + ((sp_int64)a[ 4]) * b[ 1]
        + ((sp_int64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 6]
        + ((sp_int64)a[ 1]) * b[ 5]
        + ((sp_int64)a[ 2]) * b[ 4]
@@ -20169,7 +20114,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 4]) * b[ 2]
        + ((sp_int64)a[ 5]) * b[ 1]
        + ((sp_int64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 7]
        + ((sp_int64)a[ 1]) * b[ 6]
        + ((sp_int64)a[ 2]) * b[ 5]
@@ -20178,7 +20123,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 5]) * b[ 2]
        + ((sp_int64)a[ 6]) * b[ 1]
        + ((sp_int64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 8]
        + ((sp_int64)a[ 1]) * b[ 7]
        + ((sp_int64)a[ 2]) * b[ 6]
@@ -20188,7 +20133,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 2]
        + ((sp_int64)a[ 7]) * b[ 1]
        + ((sp_int64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 1]) * b[ 8]
        + ((sp_int64)a[ 2]) * b[ 7]
        + ((sp_int64)a[ 3]) * b[ 6]
@@ -20197,7 +20142,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 3]
        + ((sp_int64)a[ 7]) * b[ 2]
        + ((sp_int64)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 2]) * b[ 8]
        + ((sp_int64)a[ 3]) * b[ 7]
        + ((sp_int64)a[ 4]) * b[ 6]
@@ -20205,35 +20150,35 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 4]
        + ((sp_int64)a[ 7]) * b[ 3]
        + ((sp_int64)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 3]) * b[ 8]
        + ((sp_int64)a[ 4]) * b[ 7]
        + ((sp_int64)a[ 5]) * b[ 6]
        + ((sp_int64)a[ 6]) * b[ 5]
        + ((sp_int64)a[ 7]) * b[ 4]
        + ((sp_int64)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 4]) * b[ 8]
        + ((sp_int64)a[ 5]) * b[ 7]
        + ((sp_int64)a[ 6]) * b[ 6]
        + ((sp_int64)a[ 7]) * b[ 5]
        + ((sp_int64)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 5]) * b[ 8]
        + ((sp_int64)a[ 6]) * b[ 7]
        + ((sp_int64)a[ 7]) * b[ 6]
        + ((sp_int64)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 6]) * b[ 8]
        + ((sp_int64)a[ 7]) * b[ 7]
        + ((sp_int64)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 7]) * b[ 8]
        + ((sp_int64)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[16] = t0 & 0x1fffffff;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff);
     r[17] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -20295,66 +20240,66 @@ SP_NOINLINE static void sp_256_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int64)a[ 0]) * a[ 0];
     t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2
        +  ((sp_int64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 3]
        +  ((sp_int64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 4]
        +  ((sp_int64)a[ 1]) * a[ 3]) * 2
        +  ((sp_int64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 5]
        +  ((sp_int64)a[ 1]) * a[ 4]
        +  ((sp_int64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 6]
        +  ((sp_int64)a[ 1]) * a[ 5]
        +  ((sp_int64)a[ 2]) * a[ 4]) * 2
        +  ((sp_int64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 7]
        +  ((sp_int64)a[ 1]) * a[ 6]
        +  ((sp_int64)a[ 2]) * a[ 5]
        +  ((sp_int64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 8]
        +  ((sp_int64)a[ 1]) * a[ 7]
        +  ((sp_int64)a[ 2]) * a[ 6]
        +  ((sp_int64)a[ 3]) * a[ 5]) * 2
        +  ((sp_int64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 1]) * a[ 8]
        +  ((sp_int64)a[ 2]) * a[ 7]
        +  ((sp_int64)a[ 3]) * a[ 6]
        +  ((sp_int64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 2]) * a[ 8]
        +  ((sp_int64)a[ 3]) * a[ 7]
        +  ((sp_int64)a[ 4]) * a[ 6]) * 2
        +  ((sp_int64)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 3]) * a[ 8]
        +  ((sp_int64)a[ 4]) * a[ 7]
        +  ((sp_int64)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 4]) * a[ 8]
        +  ((sp_int64)a[ 5]) * a[ 7]) * 2
        +  ((sp_int64)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 5]) * a[ 8]
        +  ((sp_int64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 6]) * a[ 8]) * 2
        +  ((sp_int64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 =  ((sp_int64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[16] = t0 & 0x1fffffff;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff);
     r[17] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -20734,17 +20679,17 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x1fffffff;
+    r[8] = (sp_digit)(t[0] & 0x1fffffff);
     r[9] +=  (sp_digit)(t[0] >> 29);
 #else
     sp_int64 tb = b;
@@ -20761,25 +20706,25 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x1fffffff;
+    r[8] = (sp_digit)(t[0] & 0x1fffffff);
     r[9] +=  (sp_digit)(t[0] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -20822,7 +20767,7 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[9]) << 5;
 
     for (i = 0; i < 8; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[10 + i]) << 5;
     }
@@ -20830,14 +20775,14 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a)
 #else
     sp_int64 n = a[8] >> 24;
     n += ((sp_int64)a[9]) << 5;
-    r[ 0] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[10]) << 5;
-    r[ 1] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[11]) << 5;
-    r[ 2] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[12]) << 5;
-    r[ 3] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[13]) << 5;
-    r[ 4] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[14]) << 5;
-    r[ 5] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[15]) << 5;
-    r[ 6] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[16]) << 5;
-    r[ 7] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[17]) << 5;
+    r[ 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10]) << 5;
+    r[ 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[11]) << 5;
+    r[ 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[12]) << 5;
+    r[ 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[13]) << 5;
+    r[ 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[14]) << 5;
+    r[ 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[15]) << 5;
+    r[ 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[16]) << 5;
+    r[ 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[17]) << 5;
     r[8] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[9], 0, sizeof(*r) * 9U);
@@ -20858,11 +20803,11 @@ static void sp_256_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit
     sp_256_norm_9(a + 9);
 
     for (i=0; i<8; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_256_mul_add_9(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL);
     sp_256_mul_add_9(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -20887,32 +20832,32 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 8; i++) {
-        am = a[i] & 0x1fffffff;
-        a[i + 3] += (am << 9) & 0x1fffffff;
+        am = (sp_digit)(a[i] & 0x1fffffff);
+        a[i + 3] += (sp_digit)((am << 9) & 0x1fffffff);
         a[i + 4] += am >> 20;
-        a[i + 6] += (am << 18) & 0x1fffffff;
-        a[i + 7] += (am >> 11) - ((am << 21) & 0x1fffffff);
-        a[i + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff);
+        a[i + 6] += (sp_digit)((am << 18) & 0x1fffffff);
+        a[i + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff);
+        a[i + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff);
         a[i + 9] += am >> 5;
 
         a[i + 1] += a[i] >> 29;
     }
-    am = a[8] & 0xffffff;
-    a[8 + 3] += (am << 9) & 0x1fffffff;
+    am = (sp_digit)(a[8] & 0xffffff);
+    a[8 + 3] += (sp_digit)((am << 9) & 0x1fffffff);
     a[8 + 4] += am >> 20;
-    a[8 + 6] += (am << 18) & 0x1fffffff;
-    a[8 + 7] += (am >> 11) - ((am << 21) & 0x1fffffff);
-    a[8 + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff);
+    a[8 + 6] += (sp_digit)((am << 18) & 0x1fffffff);
+    a[8 + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff);
+    a[8 + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff);
     a[8 + 9] += am >> 5;
 
-    a[0] = (a[ 8] >> 24) + ((a[ 9] << 5) & 0x1fffffff);
-    a[1] = (a[ 9] >> 24) + ((a[10] << 5) & 0x1fffffff);
-    a[2] = (a[10] >> 24) + ((a[11] << 5) & 0x1fffffff);
-    a[3] = (a[11] >> 24) + ((a[12] << 5) & 0x1fffffff);
-    a[4] = (a[12] >> 24) + ((a[13] << 5) & 0x1fffffff);
-    a[5] = (a[13] >> 24) + ((a[14] << 5) & 0x1fffffff);
-    a[6] = (a[14] >> 24) + ((a[15] << 5) & 0x1fffffff);
-    a[7] = (a[15] >> 24) + ((a[16] << 5) & 0x1fffffff);
+    a[0] = (a[ 8] >> 24) + (sp_digit)((a[ 9] << 5) & 0x1fffffff);
+    a[1] = (a[ 9] >> 24) + (sp_digit)((a[10] << 5) & 0x1fffffff);
+    a[2] = (a[10] >> 24) + (sp_digit)((a[11] << 5) & 0x1fffffff);
+    a[3] = (a[11] >> 24) + (sp_digit)((a[12] << 5) & 0x1fffffff);
+    a[4] = (a[12] >> 24) + (sp_digit)((a[13] << 5) & 0x1fffffff);
+    a[5] = (a[13] >> 24) + (sp_digit)((a[14] << 5) & 0x1fffffff);
+    a[6] = (a[14] >> 24) + (sp_digit)((a[15] << 5) & 0x1fffffff);
+    a[7] = (a[15] >> 24) + (sp_digit)((a[16] << 5) & 0x1fffffff);
     a[8] = (a[16] >> 24) +  (a[17] << 5);
 
     a[1] += a[0] >> 29; a[0] &= 0x1fffffff;
@@ -20929,15 +20874,15 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x1fffffff & am;
-    a[1] -= 0x1fffffff & am;
-    a[2] -= 0x1fffffff & am;
-    a[3] -= 0x000001ff & am;
+    a[0] -= (sp_digit)(0x1fffffff & am);
+    a[1] -= (sp_digit)(0x1fffffff & am);
+    a[2] -= (sp_digit)(0x1fffffff & am);
+    a[3] -= (sp_digit)(0x000001ff & am);
     /* p256_mod[4] is zero */
     /* p256_mod[5] is zero */
-    a[6] -= 0x00040000 & am;
-    a[7] -= 0x1fe00000 & am;
-    a[8] -= 0x00ffffff & am;
+    a[6] -= (sp_digit)(0x00040000 & am);
+    a[7] -= (sp_digit)(0x1fe00000 & am);
+    a[8] -= (sp_digit)(0x00ffffff & am);
 
     a[1] += a[0] >> 29; a[0] &= 0x1fffffff;
     a[2] += a[1] >> 29; a[1] &= 0x1fffffff;
@@ -21000,7 +20945,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -21099,7 +21044,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_9(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_9(r->x, p256_mod);
-    sp_256_cond_sub_9(r->x, r->x, p256_mod, ~(n >> 28));
+    sp_256_cond_sub_9(r->x, r->x, p256_mod, (sp_digit)~(n >> 28));
     sp_256_norm_9(r->x);
 
     /* y /= z^3 */
@@ -21108,7 +21053,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_9(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_9(r->y, p256_mod);
-    sp_256_cond_sub_9(r->y, r->y, p256_mod, ~(n >> 28));
+    sp_256_cond_sub_9(r->y, r->y, p256_mod, (sp_digit)~(n >> 28));
     sp_256_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -21242,17 +21187,17 @@ SP_NOINLINE static void sp_256_rshift1_9(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<8; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 28) & 0x1fffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 28) & 0x1fffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 28) & 0x1fffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 28) & 0x1fffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 28) & 0x1fffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 28) & 0x1fffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 28) & 0x1fffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 28) & 0x1fffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 28) & 0x1fffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 28) & 0x1fffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 28) & 0x1fffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 28) & 0x1fffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 28) & 0x1fffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 28) & 0x1fffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 28) & 0x1fffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 28) & 0x1fffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 28) & 0x1fffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 28) & 0x1fffffff);
 #endif
     r[8] = a[8] >> 1;
 }
@@ -21563,8 +21508,8 @@ static void sp_256_proj_point_add_9(sp_point_256* r,
         sp_256_mont_sub_9(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -21581,7 +21526,7 @@ static void sp_256_proj_point_add_9(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -21755,8 +21700,8 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -21773,7 +21718,7 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -21907,8 +21852,7 @@ static int sp_256_mod_mul_norm_9(sp_digit* r, const sp_digit* a, const sp_digit*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -22441,13 +22385,13 @@ static void sp_256_proj_point_add_sub_9(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -22456,7 +22400,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -22474,7 +22418,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -22483,7 +22427,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 29) {
             y &= 0x3f;
             n >>= 6;
@@ -22497,12 +22441,12 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (29 - o)) & 0x3f);
+            y |= (word8)((n << (29 - o)) & 0x3f);
             o -= 23;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -22550,7 +22494,7 @@ static void sp_256_get_point_33_9(sp_point_256* r, const sp_point_256* table,
     r->z[7] = 0;
     r->z[8] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -22717,10 +22661,8 @@ static int sp_256_ecc_mulmod_win_add_sub_9(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -22786,8 +22728,8 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r,
         sp_256_mont_sub_9(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22804,7 +22746,7 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -22915,8 +22857,7 @@ static int sp_256_gen_stripe_table_9(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -22955,7 +22896,7 @@ static void sp_256_get_entry_256_9(sp_point_256* r,
     r->y[7] = 0;
     r->y[8] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23084,10 +23025,8 @@ static int sp_256_ecc_mulmod_stripe_9(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23107,7 +23046,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -23120,8 +23059,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -23133,7 +23074,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -23219,10 +23160,12 @@ static int sp_256_ecc_mulmod_9(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -23301,10 +23244,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23381,10 +23322,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24770,10 +24709,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24848,10 +24785,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24915,6 +24850,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -24931,6 +24867,11 @@ static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -25009,12 +24950,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25197,10 +25135,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25267,18 +25203,18 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<8; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
 #endif /* WOLFSSL_SP_SMALL */
     r[8] = a[8] >> n;
@@ -25338,7 +25274,7 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a,
 
     r[18] = a[17] >> (29 - n);
     for (i=17; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
 #else
     sp_int_digit s;
@@ -25347,41 +25283,41 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[17];
     r[18] = s >> (29U - n);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -25445,8 +25381,7 @@ static int sp_256_div_9(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -25481,7 +25416,7 @@ static void sp_256_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -26041,7 +25976,7 @@ static int sp_256_num_bits_29_9(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_256_tab32_9[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_256_tab32_9[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_256_num_bits_9(const sp_digit* a)
@@ -26171,8 +26106,7 @@ static int sp_256_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 9);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26380,10 +26314,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26590,8 +26522,7 @@ static int sp_256_ecc_is_point_9(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26630,8 +26561,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26739,10 +26669,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26821,10 +26749,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26889,10 +26815,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26953,10 +26877,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27022,8 +26944,7 @@ static int sp_256_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27088,8 +27009,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27248,29 +27168,29 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int64)a[ 0]) * b[ 0];
     t1 = ((sp_int64)a[ 0]) * b[ 1]
        + ((sp_int64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 2]
        + ((sp_int64)a[ 1]) * b[ 1]
        + ((sp_int64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 3]
        + ((sp_int64)a[ 1]) * b[ 2]
        + ((sp_int64)a[ 2]) * b[ 1]
        + ((sp_int64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 4]
        + ((sp_int64)a[ 1]) * b[ 3]
        + ((sp_int64)a[ 2]) * b[ 2]
        + ((sp_int64)a[ 3]) * b[ 1]
        + ((sp_int64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 5]
        + ((sp_int64)a[ 1]) * b[ 4]
        + ((sp_int64)a[ 2]) * b[ 3]
        + ((sp_int64)a[ 3]) * b[ 2]
        + ((sp_int64)a[ 4]) * b[ 1]
        + ((sp_int64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 6]
        + ((sp_int64)a[ 1]) * b[ 5]
        + ((sp_int64)a[ 2]) * b[ 4]
@@ -27278,7 +27198,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 4]) * b[ 2]
        + ((sp_int64)a[ 5]) * b[ 1]
        + ((sp_int64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 7]
        + ((sp_int64)a[ 1]) * b[ 6]
        + ((sp_int64)a[ 2]) * b[ 5]
@@ -27287,7 +27207,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 5]) * b[ 2]
        + ((sp_int64)a[ 6]) * b[ 1]
        + ((sp_int64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 8]
        + ((sp_int64)a[ 1]) * b[ 7]
        + ((sp_int64)a[ 2]) * b[ 6]
@@ -27297,7 +27217,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 2]
        + ((sp_int64)a[ 7]) * b[ 1]
        + ((sp_int64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 9]
        + ((sp_int64)a[ 1]) * b[ 8]
        + ((sp_int64)a[ 2]) * b[ 7]
@@ -27308,7 +27228,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 7]) * b[ 2]
        + ((sp_int64)a[ 8]) * b[ 1]
        + ((sp_int64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[10]
        + ((sp_int64)a[ 1]) * b[ 9]
        + ((sp_int64)a[ 2]) * b[ 8]
@@ -27320,7 +27240,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 8]) * b[ 2]
        + ((sp_int64)a[ 9]) * b[ 1]
        + ((sp_int64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[11]
        + ((sp_int64)a[ 1]) * b[10]
        + ((sp_int64)a[ 2]) * b[ 9]
@@ -27333,7 +27253,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 9]) * b[ 2]
        + ((sp_int64)a[10]) * b[ 1]
        + ((sp_int64)a[11]) * b[ 0];
-    t[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[12]
        + ((sp_int64)a[ 1]) * b[11]
        + ((sp_int64)a[ 2]) * b[10]
@@ -27347,7 +27267,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[10]) * b[ 2]
        + ((sp_int64)a[11]) * b[ 1]
        + ((sp_int64)a[12]) * b[ 0];
-    t[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[13]
        + ((sp_int64)a[ 1]) * b[12]
        + ((sp_int64)a[ 2]) * b[11]
@@ -27362,7 +27282,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[11]) * b[ 2]
        + ((sp_int64)a[12]) * b[ 1]
        + ((sp_int64)a[13]) * b[ 0];
-    t[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[14]
        + ((sp_int64)a[ 1]) * b[13]
        + ((sp_int64)a[ 2]) * b[12]
@@ -27378,7 +27298,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 2]
        + ((sp_int64)a[13]) * b[ 1]
        + ((sp_int64)a[14]) * b[ 0];
-    t[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 1]) * b[14]
        + ((sp_int64)a[ 2]) * b[13]
        + ((sp_int64)a[ 3]) * b[12]
@@ -27393,7 +27313,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 3]
        + ((sp_int64)a[13]) * b[ 2]
        + ((sp_int64)a[14]) * b[ 1];
-    t[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 2]) * b[14]
        + ((sp_int64)a[ 3]) * b[13]
        + ((sp_int64)a[ 4]) * b[12]
@@ -27407,7 +27327,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 4]
        + ((sp_int64)a[13]) * b[ 3]
        + ((sp_int64)a[14]) * b[ 2];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 3]) * b[14]
        + ((sp_int64)a[ 4]) * b[13]
        + ((sp_int64)a[ 5]) * b[12]
@@ -27420,7 +27340,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 5]
        + ((sp_int64)a[13]) * b[ 4]
        + ((sp_int64)a[14]) * b[ 3];
-    r[16] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 4]) * b[14]
        + ((sp_int64)a[ 5]) * b[13]
        + ((sp_int64)a[ 6]) * b[12]
@@ -27432,7 +27352,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 6]
        + ((sp_int64)a[13]) * b[ 5]
        + ((sp_int64)a[14]) * b[ 4];
-    r[17] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 5]) * b[14]
        + ((sp_int64)a[ 6]) * b[13]
        + ((sp_int64)a[ 7]) * b[12]
@@ -27443,7 +27363,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 7]
        + ((sp_int64)a[13]) * b[ 6]
        + ((sp_int64)a[14]) * b[ 5];
-    r[18] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 6]) * b[14]
        + ((sp_int64)a[ 7]) * b[13]
        + ((sp_int64)a[ 8]) * b[12]
@@ -27453,7 +27373,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 8]
        + ((sp_int64)a[13]) * b[ 7]
        + ((sp_int64)a[14]) * b[ 6];
-    r[19] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 7]) * b[14]
        + ((sp_int64)a[ 8]) * b[13]
        + ((sp_int64)a[ 9]) * b[12]
@@ -27462,7 +27382,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 9]
        + ((sp_int64)a[13]) * b[ 8]
        + ((sp_int64)a[14]) * b[ 7];
-    r[20] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 8]) * b[14]
        + ((sp_int64)a[ 9]) * b[13]
        + ((sp_int64)a[10]) * b[12]
@@ -27470,35 +27390,35 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[10]
        + ((sp_int64)a[13]) * b[ 9]
        + ((sp_int64)a[14]) * b[ 8];
-    r[21] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 9]) * b[14]
        + ((sp_int64)a[10]) * b[13]
        + ((sp_int64)a[11]) * b[12]
        + ((sp_int64)a[12]) * b[11]
        + ((sp_int64)a[13]) * b[10]
        + ((sp_int64)a[14]) * b[ 9];
-    r[22] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[10]) * b[14]
        + ((sp_int64)a[11]) * b[13]
        + ((sp_int64)a[12]) * b[12]
        + ((sp_int64)a[13]) * b[11]
        + ((sp_int64)a[14]) * b[10];
-    r[23] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[11]) * b[14]
        + ((sp_int64)a[12]) * b[13]
        + ((sp_int64)a[13]) * b[12]
        + ((sp_int64)a[14]) * b[11];
-    r[24] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[12]) * b[14]
        + ((sp_int64)a[13]) * b[13]
        + ((sp_int64)a[14]) * b[12];
-    r[25] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[13]) * b[14]
        + ((sp_int64)a[14]) * b[13];
-    r[26] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[14]) * b[14];
-    r[27] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[28] = t0 & 0x3ffffff;
+    r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[28] = (sp_digit)(t0 & 0x3ffffff);
     r[29] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -27560,57 +27480,57 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int64)a[ 0]) * a[ 0];
     t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2
        +  ((sp_int64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 3]
        +  ((sp_int64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 4]
        +  ((sp_int64)a[ 1]) * a[ 3]) * 2
        +  ((sp_int64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 5]
        +  ((sp_int64)a[ 1]) * a[ 4]
        +  ((sp_int64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 6]
        +  ((sp_int64)a[ 1]) * a[ 5]
        +  ((sp_int64)a[ 2]) * a[ 4]) * 2
        +  ((sp_int64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 7]
        +  ((sp_int64)a[ 1]) * a[ 6]
        +  ((sp_int64)a[ 2]) * a[ 5]
        +  ((sp_int64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 8]
        +  ((sp_int64)a[ 1]) * a[ 7]
        +  ((sp_int64)a[ 2]) * a[ 6]
        +  ((sp_int64)a[ 3]) * a[ 5]) * 2
        +  ((sp_int64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 9]
        +  ((sp_int64)a[ 1]) * a[ 8]
        +  ((sp_int64)a[ 2]) * a[ 7]
        +  ((sp_int64)a[ 3]) * a[ 6]
        +  ((sp_int64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[10]
        +  ((sp_int64)a[ 1]) * a[ 9]
        +  ((sp_int64)a[ 2]) * a[ 8]
        +  ((sp_int64)a[ 3]) * a[ 7]
        +  ((sp_int64)a[ 4]) * a[ 6]) * 2
        +  ((sp_int64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[11]
        +  ((sp_int64)a[ 1]) * a[10]
        +  ((sp_int64)a[ 2]) * a[ 9]
        +  ((sp_int64)a[ 3]) * a[ 8]
        +  ((sp_int64)a[ 4]) * a[ 7]
        +  ((sp_int64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[12]
        +  ((sp_int64)a[ 1]) * a[11]
        +  ((sp_int64)a[ 2]) * a[10]
@@ -27618,7 +27538,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 4]) * a[ 8]
        +  ((sp_int64)a[ 5]) * a[ 7]) * 2
        +  ((sp_int64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[13]
        +  ((sp_int64)a[ 1]) * a[12]
        +  ((sp_int64)a[ 2]) * a[11]
@@ -27626,7 +27546,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 4]) * a[ 9]
        +  ((sp_int64)a[ 5]) * a[ 8]
        +  ((sp_int64)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[14]
        +  ((sp_int64)a[ 1]) * a[13]
        +  ((sp_int64)a[ 2]) * a[12]
@@ -27635,7 +27555,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 5]) * a[ 9]
        +  ((sp_int64)a[ 6]) * a[ 8]) * 2
        +  ((sp_int64)a[ 7]) * a[ 7];
-    t[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 1]) * a[14]
        +  ((sp_int64)a[ 2]) * a[13]
        +  ((sp_int64)a[ 3]) * a[12]
@@ -27643,7 +27563,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 5]) * a[10]
        +  ((sp_int64)a[ 6]) * a[ 9]
        +  ((sp_int64)a[ 7]) * a[ 8]) * 2;
-    t[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 2]) * a[14]
        +  ((sp_int64)a[ 3]) * a[13]
        +  ((sp_int64)a[ 4]) * a[12]
@@ -27651,62 +27571,62 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 6]) * a[10]
        +  ((sp_int64)a[ 7]) * a[ 9]) * 2
        +  ((sp_int64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 3]) * a[14]
        +  ((sp_int64)a[ 4]) * a[13]
        +  ((sp_int64)a[ 5]) * a[12]
        +  ((sp_int64)a[ 6]) * a[11]
        +  ((sp_int64)a[ 7]) * a[10]
        +  ((sp_int64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 4]) * a[14]
        +  ((sp_int64)a[ 5]) * a[13]
        +  ((sp_int64)a[ 6]) * a[12]
        +  ((sp_int64)a[ 7]) * a[11]
        +  ((sp_int64)a[ 8]) * a[10]) * 2
        +  ((sp_int64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 5]) * a[14]
        +  ((sp_int64)a[ 6]) * a[13]
        +  ((sp_int64)a[ 7]) * a[12]
        +  ((sp_int64)a[ 8]) * a[11]
        +  ((sp_int64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 6]) * a[14]
        +  ((sp_int64)a[ 7]) * a[13]
        +  ((sp_int64)a[ 8]) * a[12]
        +  ((sp_int64)a[ 9]) * a[11]) * 2
        +  ((sp_int64)a[10]) * a[10];
-    r[19] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 7]) * a[14]
        +  ((sp_int64)a[ 8]) * a[13]
        +  ((sp_int64)a[ 9]) * a[12]
        +  ((sp_int64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 8]) * a[14]
        +  ((sp_int64)a[ 9]) * a[13]
        +  ((sp_int64)a[10]) * a[12]) * 2
        +  ((sp_int64)a[11]) * a[11];
-    r[21] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 9]) * a[14]
        +  ((sp_int64)a[10]) * a[13]
        +  ((sp_int64)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[10]) * a[14]
        +  ((sp_int64)a[11]) * a[13]) * 2
        +  ((sp_int64)a[12]) * a[12];
-    r[23] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[11]) * a[14]
        +  ((sp_int64)a[12]) * a[13]) * 2;
-    r[24] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[12]) * a[14]) * 2
        +  ((sp_int64)a[13]) * a[13];
-    r[25] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[13]) * a[14]) * 2;
-    r[26] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 =  ((sp_int64)a[14]) * a[14];
-    r[27] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[28] = t0 & 0x3ffffff;
+    r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[28] = (sp_digit)(t0 & 0x3ffffff);
     r[29] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -28097,23 +28017,23 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[0]  = t[3] >> 26;
     }
     t[0] += (tb * a[12]) + r[12];
     t[1]  = (tb * a[13]) + r[13];
     t[2]  = (tb * a[14]) + r[14];
-    r[12] = t[0] & 0x3ffffff;
+    r[12] = (sp_digit)(t[0] & 0x3ffffff);
     t[1] += t[0] >> 26;
-    r[13] = t[1] & 0x3ffffff;
+    r[13] = (sp_digit)(t[1] & 0x3ffffff);
     t[2] += t[1] >> 26;
-    r[14] = t[2] & 0x3ffffff;
+    r[14] = (sp_digit)(t[2] & 0x3ffffff);
     r[15] +=  (sp_digit)(t[2] >> 26);
 #else
     sp_int64 tb = b;
@@ -28196,7 +28116,7 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[15]) << 6;
 
     for (i = 0; i < 14; i++) {
-        r[i] = n & 0x3ffffff;
+        r[i] = (sp_digit)(n & 0x3ffffff);
         n >>= 26;
         n += ((sp_int64)a[16 + i]) << 6;
     }
@@ -28204,20 +28124,20 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a)
 #else
     sp_int64 n = a[14] >> 20;
     n += ((sp_int64)a[15]) << 6;
-    r[ 0] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[16]) << 6;
-    r[ 1] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[17]) << 6;
-    r[ 2] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[18]) << 6;
-    r[ 3] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[19]) << 6;
-    r[ 4] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[20]) << 6;
-    r[ 5] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[21]) << 6;
-    r[ 6] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[22]) << 6;
-    r[ 7] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[23]) << 6;
-    r[ 8] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[24]) << 6;
-    r[ 9] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[25]) << 6;
-    r[10] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[26]) << 6;
-    r[11] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[27]) << 6;
-    r[12] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[28]) << 6;
-    r[13] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[29]) << 6;
+    r[ 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16]) << 6;
+    r[ 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[17]) << 6;
+    r[ 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[18]) << 6;
+    r[ 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[19]) << 6;
+    r[ 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[20]) << 6;
+    r[ 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[21]) << 6;
+    r[ 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[22]) << 6;
+    r[ 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[23]) << 6;
+    r[ 8] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[24]) << 6;
+    r[ 9] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[25]) << 6;
+    r[10] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[26]) << 6;
+    r[11] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[27]) << 6;
+    r[12] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[28]) << 6;
+    r[13] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[29]) << 6;
     r[14] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[15], 0, sizeof(*r) * 15U);
@@ -28238,11 +28158,11 @@ static void sp_384_mont_reduce_order_15(sp_digit* a, const sp_digit* m, sp_digit
     sp_384_norm_15(a + 15);
 
     for (i=0; i<14; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_384_mul_add_15(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_384_mul_add_15(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -28267,42 +28187,42 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 14; i++) {
-        am = (a[i] * 0x1) & 0x3ffffff;
-        a[i +  1] += (am << 6) & 0x3ffffff;
+        am = (sp_digit)((a[i] * 0x1) & 0x3ffffff);
+        a[i +  1] += (sp_digit)((am << 6) & 0x3ffffff);
         a[i +  2] += am >> 20;
-        a[i +  3] -= (am << 18) & 0x3ffffff;
+        a[i +  3] -= (sp_digit)((am << 18) & 0x3ffffff);
         a[i +  4] -= am >> 8;
-        a[i +  4] -= (am << 24) & 0x3ffffff;
+        a[i +  4] -= (sp_digit)((am << 24) & 0x3ffffff);
         a[i +  5] -= am >> 2;
-        a[i + 14] += (am << 20) & 0x3ffffff;
+        a[i + 14] += (sp_digit)((am << 20) & 0x3ffffff);
         a[i + 15] += am >> 6;
 
         a[i +  1] += a[i] >> 26;
     }
-    am = (a[14] * 0x1) & 0xfffff;
-    a[14 +  1] += (am << 6) & 0x3ffffff;
+    am = (sp_digit)((a[14] * 0x1) & 0xfffff);
+    a[14 +  1] += (sp_digit)((am << 6) & 0x3ffffff);
     a[14 +  2] += am >> 20;
-    a[14 +  3] -= (am << 18) & 0x3ffffff;
+    a[14 +  3] -= (sp_digit)((am << 18) & 0x3ffffff);
     a[14 +  4] -= am >> 8;
-    a[14 +  4] -= (am << 24) & 0x3ffffff;
+    a[14 +  4] -= (sp_digit)((am << 24) & 0x3ffffff);
     a[14 +  5] -= am >> 2;
-    a[14 + 14] += (am << 20) & 0x3ffffff;
+    a[14 + 14] += (sp_digit)((am << 20) & 0x3ffffff);
     a[14 + 15] += am >> 6;
 
-    a[0] = (a[14] >> 20) + ((a[15] << 6) & 0x3ffffff);
-    a[1] = (a[15] >> 20) + ((a[16] << 6) & 0x3ffffff);
-    a[2] = (a[16] >> 20) + ((a[17] << 6) & 0x3ffffff);
-    a[3] = (a[17] >> 20) + ((a[18] << 6) & 0x3ffffff);
-    a[4] = (a[18] >> 20) + ((a[19] << 6) & 0x3ffffff);
-    a[5] = (a[19] >> 20) + ((a[20] << 6) & 0x3ffffff);
-    a[6] = (a[20] >> 20) + ((a[21] << 6) & 0x3ffffff);
-    a[7] = (a[21] >> 20) + ((a[22] << 6) & 0x3ffffff);
-    a[8] = (a[22] >> 20) + ((a[23] << 6) & 0x3ffffff);
-    a[9] = (a[23] >> 20) + ((a[24] << 6) & 0x3ffffff);
-    a[10] = (a[24] >> 20) + ((a[25] << 6) & 0x3ffffff);
-    a[11] = (a[25] >> 20) + ((a[26] << 6) & 0x3ffffff);
-    a[12] = (a[26] >> 20) + ((a[27] << 6) & 0x3ffffff);
-    a[13] = (a[27] >> 20) + ((a[28] << 6) & 0x3ffffff);
+    a[0] = (a[14] >> 20) + (sp_digit)((a[15] << 6) & 0x3ffffff);
+    a[1] = (a[15] >> 20) + (sp_digit)((a[16] << 6) & 0x3ffffff);
+    a[2] = (a[16] >> 20) + (sp_digit)((a[17] << 6) & 0x3ffffff);
+    a[3] = (a[17] >> 20) + (sp_digit)((a[18] << 6) & 0x3ffffff);
+    a[4] = (a[18] >> 20) + (sp_digit)((a[19] << 6) & 0x3ffffff);
+    a[5] = (a[19] >> 20) + (sp_digit)((a[20] << 6) & 0x3ffffff);
+    a[6] = (a[20] >> 20) + (sp_digit)((a[21] << 6) & 0x3ffffff);
+    a[7] = (a[21] >> 20) + (sp_digit)((a[22] << 6) & 0x3ffffff);
+    a[8] = (a[22] >> 20) + (sp_digit)((a[23] << 6) & 0x3ffffff);
+    a[9] = (a[23] >> 20) + (sp_digit)((a[24] << 6) & 0x3ffffff);
+    a[10] = (a[24] >> 20) + (sp_digit)((a[25] << 6) & 0x3ffffff);
+    a[11] = (a[25] >> 20) + (sp_digit)((a[26] << 6) & 0x3ffffff);
+    a[12] = (a[26] >> 20) + (sp_digit)((a[27] << 6) & 0x3ffffff);
+    a[13] = (a[27] >> 20) + (sp_digit)((a[28] << 6) & 0x3ffffff);
     a[14] = (a[14 + 14] >> 20) +  (a[29] << 6);
 
     a[1] += a[0] >> 26; a[0] &= 0x3ffffff;
@@ -28325,21 +28245,21 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x03ffffff & am;
-    a[1] -= 0x0000003f & am;
+    a[0] -= (sp_digit)(0x03ffffff & am);
+    a[1] -= (sp_digit)(0x0000003f & am);
     /* p384_mod[2] is zero */
-    a[3] -= 0x03fc0000 & am;
-    a[4] -= 0x02ffffff & am;
-    a[5] -= 0x03ffffff & am;
-    a[6] -= 0x03ffffff & am;
-    a[7] -= 0x03ffffff & am;
-    a[8] -= 0x03ffffff & am;
-    a[9] -= 0x03ffffff & am;
-    a[10] -= 0x03ffffff & am;
-    a[11] -= 0x03ffffff & am;
-    a[12] -= 0x03ffffff & am;
-    a[13] -= 0x03ffffff & am;
-    a[14] -= 0x000fffff & am;
+    a[3] -= (sp_digit)(0x03fc0000 & am);
+    a[4] -= (sp_digit)(0x02ffffff & am);
+    a[5] -= (sp_digit)(0x03ffffff & am);
+    a[6] -= (sp_digit)(0x03ffffff & am);
+    a[7] -= (sp_digit)(0x03ffffff & am);
+    a[8] -= (sp_digit)(0x03ffffff & am);
+    a[9] -= (sp_digit)(0x03ffffff & am);
+    a[10] -= (sp_digit)(0x03ffffff & am);
+    a[11] -= (sp_digit)(0x03ffffff & am);
+    a[12] -= (sp_digit)(0x03ffffff & am);
+    a[13] -= (sp_digit)(0x03ffffff & am);
+    a[14] -= (sp_digit)(0x000fffff & am);
 
     a[1] += a[0] >> 26; a[0] &= 0x3ffffff;
     a[2] += a[1] >> 26; a[1] &= 0x3ffffff;
@@ -28408,7 +28328,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_15(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -28523,7 +28443,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_15(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_15(r->x, p384_mod);
-    sp_384_cond_sub_15(r->x, r->x, p384_mod, ~(n >> 25));
+    sp_384_cond_sub_15(r->x, r->x, p384_mod, (sp_digit)~(n >> 25));
     sp_384_norm_15(r->x);
 
     /* y /= z^3 */
@@ -28532,7 +28452,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_15(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_15(r->y, p384_mod);
-    sp_384_cond_sub_15(r->y, r->y, p384_mod, ~(n >> 25));
+    sp_384_cond_sub_15(r->y, r->y, p384_mod, (sp_digit)~(n >> 25));
     sp_384_norm_15(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -28672,23 +28592,23 @@ SP_NOINLINE static void sp_384_rshift1_15(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<14; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 25) & 0x3ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 25) & 0x3ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 25) & 0x3ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 25) & 0x3ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 25) & 0x3ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 25) & 0x3ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 25) & 0x3ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 25) & 0x3ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 25) & 0x3ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 25) & 0x3ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 25) & 0x3ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 25) & 0x3ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 25) & 0x3ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 25) & 0x3ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 25) & 0x3ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 25) & 0x3ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 25) & 0x3ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 25) & 0x3ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 25) & 0x3ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 25) & 0x3ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 25) & 0x3ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 25) & 0x3ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 25) & 0x3ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 25) & 0x3ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 25) & 0x3ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 25) & 0x3ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 25) & 0x3ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 25) & 0x3ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 25) & 0x3ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 25) & 0x3ffffff);
 #endif
     r[14] = a[14] >> 1;
 }
@@ -29001,8 +28921,8 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
         sp_384_mont_sub_15(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29019,7 +28939,7 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29193,8 +29113,8 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29211,7 +29131,7 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29389,8 +29309,7 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -29935,13 +29854,13 @@ static void sp_384_proj_point_add_sub_15(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_15_6[66] = {
+static const word8 recode_index_15_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -29950,7 +29869,7 @@ static const uint8_t recode_index_15_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_15_6[66] = {
+static const word8 recode_neg_15_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -29968,7 +29887,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -29977,7 +29896,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 26) {
             y &= 0x3f;
             n >>= 6;
@@ -29991,12 +29910,12 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 15) {
             n = k[j];
-            y |= (uint8_t)((n << (26 - o)) & 0x3f);
+            y |= (word8)((n << (26 - o)) & 0x3f);
             o -= 20;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_15_6[y];
         v[i].neg = recode_neg_15_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -30062,7 +29981,7 @@ static void sp_384_get_point_33_15(sp_point_384* r, const sp_point_384* table,
     r->z[13] = 0;
     r->z[14] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30247,10 +30166,8 @@ static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30316,8 +30233,8 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r,
         sp_384_mont_sub_15(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30334,7 +30251,7 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30445,8 +30362,7 @@ static int sp_384_gen_stripe_table_15(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30497,7 +30413,7 @@ static void sp_384_get_entry_256_15(sp_point_384* r,
     r->y[13] = 0;
     r->y[14] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30638,10 +30554,8 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30661,7 +30575,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30674,8 +30588,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -30687,7 +30603,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -30773,10 +30689,12 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -30855,10 +30773,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30935,10 +30851,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -32836,10 +32750,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -32914,10 +32826,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -32981,6 +32891,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -32997,6 +32908,11 @@ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -33075,12 +32991,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33263,10 +33176,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33333,25 +33244,25 @@ SP_NOINLINE static void sp_384_rshift_15(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<14; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
-    r[8] = (a[8] >> n) | ((a[9] << (26 - n)) & 0x3ffffff);
-    r[9] = (a[9] >> n) | ((a[10] << (26 - n)) & 0x3ffffff);
-    r[10] = (a[10] >> n) | ((a[11] << (26 - n)) & 0x3ffffff);
-    r[11] = (a[11] >> n) | ((a[12] << (26 - n)) & 0x3ffffff);
-    r[12] = (a[12] >> n) | ((a[13] << (26 - n)) & 0x3ffffff);
-    r[13] = (a[13] >> n) | ((a[14] << (26 - n)) & 0x3ffffff);
+    r[8] = (a[8] >> n) | (sp_digit)((a[9] << (26 - n)) & 0x3ffffff);
+    r[9] = (a[9] >> n) | (sp_digit)((a[10] << (26 - n)) & 0x3ffffff);
+    r[10] = (a[10] >> n) | (sp_digit)((a[11] << (26 - n)) & 0x3ffffff);
+    r[11] = (a[11] >> n) | (sp_digit)((a[12] << (26 - n)) & 0x3ffffff);
+    r[12] = (a[12] >> n) | (sp_digit)((a[13] << (26 - n)) & 0x3ffffff);
+    r[13] = (a[13] >> n) | (sp_digit)((a[14] << (26 - n)) & 0x3ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[14] = a[14] >> n;
 }
@@ -33422,7 +33333,7 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a,
 
     r[30] = a[29] >> (26 - n);
     for (i=29; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff);
     }
 #else
     sp_int_digit s;
@@ -33431,65 +33342,65 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[29];
     r[30] = s >> (26U - n);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x3ffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -33553,8 +33464,7 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -33589,13 +33499,13 @@ static void sp_384_mont_mul_order_15(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -34116,7 +34026,7 @@ static int sp_384_num_bits_26_15(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_384_tab32_15[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_384_tab32_15[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_384_num_bits_15(const sp_digit* a)
@@ -34246,8 +34156,7 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 15);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34461,10 +34370,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34671,8 +34578,7 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34711,8 +34617,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34820,10 +34725,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34902,10 +34805,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34970,10 +34871,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35034,10 +34933,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35133,8 +35030,7 @@ static int sp_384_mont_sqrt_15(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35199,8 +35095,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35369,7 +35264,7 @@ SP_NOINLINE static void sp_521_mul_21(sp_digit* r, const sp_digit* a,
         }
     }
     for (i=0; i<41; i++) {
-        r[i] = t[i] & 0x1ffffff;
+        r[i] = (sp_digit)(t[i] & 0x1ffffff);
         t[i+1] += t[i] >> 25;
     }
     r[41] = (sp_digit)t[41];
@@ -35438,7 +35333,7 @@ SP_NOINLINE static void sp_521_sqr_21(sp_digit* r, const sp_digit* a)
         t[i+i] += ((sp_int64)a[i]) * a[i];
     }
     for (i=0; i<41; i++) {
-        r[i] = t[i] & 0x1ffffff;
+        r[i] = (sp_digit)(t[i] & 0x1ffffff);
         t[i+1] += t[i] >> 25;
     }
     r[41] = (sp_digit)t[41];
@@ -35786,10 +35681,10 @@ static void sp_521_mont_reduce_21(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 20; i++) {
-        a[i] += ((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff;
+        a[i] += (sp_digit)(((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff);
     }
     a[20] &= 0x1fffff;
-    a[20] += ((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff;
+    a[20] += (sp_digit)(((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff);
 
     sp_521_norm_21(a);
 
@@ -35894,17 +35789,17 @@ SP_NOINLINE static void sp_521_mul_add_21(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffff);
         t[1] += t[0] >> 25;
-        r[i+1] = t[1] & 0x1ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffff);
         t[2] += t[1] >> 25;
-        r[i+2] = t[2] & 0x1ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffff);
         t[3] += t[2] >> 25;
-        r[i+3] = t[3] & 0x1ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffff);
         t[0]  = t[3] >> 25;
     }
     t[0] += (tb * a[20]) + r[20];
-    r[20] = t[0] & 0x1ffffff;
+    r[20] = (sp_digit)(t[0] & 0x1ffffff);
     r[21] +=  (sp_digit)(t[0] >> 25);
 #else
     sp_int64 tb = b;
@@ -35957,8 +35852,8 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a)
     s = a[21];
     n = a[20] >> 21;
     for (i = 0; i < 20; i++) {
-        n += (s & 0x1ffffff) << 4;
-        r[i] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4);
+        r[i] = (sp_digit)(n & 0x1ffffff);
         n >>= 25;
         s = a[22 + i] + (s >> 25);
     }
@@ -35971,30 +35866,30 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a)
 
     s = a[21]; n = a[20] >> 21;
     for (i = 0; i < 16; i += 8) {
-        n += (s & 0x1ffffff) << 4; r[i+0] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+0] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+22] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+1] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+1] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+23] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+2] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+2] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+24] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+3] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+3] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+25] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+4] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+4] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+26] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+5] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+5] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+27] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+6] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+6] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+28] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+7] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+7] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+29] + (s >> 25);
     }
-    n += (s & 0x1ffffff) << 4; r[16] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[16] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[38] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[17] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[17] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[39] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[18] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[18] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[40] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[19] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[19] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[41] + (s >> 25);
     n += s << 4;              r[20] = n;
 #endif /* WOLFSSL_SP_SMALL */
@@ -36016,11 +35911,11 @@ static void sp_521_mont_reduce_order_21(sp_digit* a, const sp_digit* m, sp_digit
     sp_521_norm_21(a + 21);
 
     for (i=0; i<20; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff);
         sp_521_mul_add_21(a+i, m, mu);
         a[i+1] += a[i] >> 25;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL);
     sp_521_mul_add_21(a+i, m, mu);
     a[i+1] += a[i] >> 25;
     a[i] &= 0x1ffffff;
@@ -36081,7 +35976,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_21(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -36193,7 +36088,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_21(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_21(r->x, p521_mod);
-    sp_521_cond_sub_21(r->x, r->x, p521_mod, ~(n >> 24));
+    sp_521_cond_sub_21(r->x, r->x, p521_mod, (sp_digit)~(n >> 24));
     sp_521_norm_21(r->x);
 
     /* y /= z^3 */
@@ -36202,7 +36097,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_21(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_21(r->y, p521_mod);
-    sp_521_cond_sub_21(r->y, r->y, p521_mod, ~(n >> 24));
+    sp_521_cond_sub_21(r->y, r->y, p521_mod, (sp_digit)~(n >> 24));
     sp_521_norm_21(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -36344,29 +36239,29 @@ SP_NOINLINE static void sp_521_rshift1_21(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<20; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff);
-    r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff);
-    r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff);
-    r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff);
-    r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff);
-    r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff);
-    r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff);
+    r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff);
+    r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff);
+    r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff);
 #endif
     r[20] = a[20] >> 1;
 }
@@ -36682,8 +36577,8 @@ static void sp_521_proj_point_add_21(sp_point_521* r,
         sp_521_mont_sub_21(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36700,7 +36595,7 @@ static void sp_521_proj_point_add_21(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36874,8 +36769,8 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36892,7 +36787,7 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -37478,13 +37373,13 @@ static void sp_521_proj_point_add_sub_21(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_21_6[66] = {
+static const word8 recode_index_21_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -37493,7 +37388,7 @@ static const uint8_t recode_index_21_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_21_6[66] = {
+static const word8 recode_neg_21_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -37511,7 +37406,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -37520,7 +37415,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 25) {
             y &= 0x3f;
             n >>= 6;
@@ -37534,12 +37429,12 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 21) {
             n = k[j];
-            y |= (uint8_t)((n << (25 - o)) & 0x3f);
+            y |= (word8)((n << (25 - o)) & 0x3f);
             o -= 19;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_21_6[y];
         v[i].neg = recode_neg_21_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -37623,7 +37518,7 @@ static void sp_521_get_point_33_21(sp_point_521* r, const sp_point_521* table,
     r->z[19] = 0;
     r->z[20] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -37826,10 +37721,8 @@ static int sp_521_ecc_mulmod_win_add_sub_21(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -37895,8 +37788,8 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r,
         sp_521_mont_sub_21(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37913,7 +37806,7 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -38024,8 +37917,7 @@ static int sp_521_gen_stripe_table_21(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38088,7 +37980,7 @@ static void sp_521_get_entry_256_21(sp_point_521* r,
     r->y[19] = 0;
     r->y[20] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38241,10 +38133,8 @@ static int sp_521_ecc_mulmod_stripe_21(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38264,7 +38154,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -38277,8 +38167,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -38290,7 +38182,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -38376,10 +38268,12 @@ static int sp_521_ecc_mulmod_21(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -38458,10 +38352,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38538,10 +38430,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40949,10 +40839,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41027,10 +40915,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41094,6 +40980,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -41111,6 +40998,11 @@ static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -41189,12 +41081,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41377,10 +41266,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41445,23 +41332,23 @@ SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<20; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff);
     }
 #else
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff);
-    r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff);
-    r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff);
-    r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (25 - n)) & 0x1ffffff);
+    r[17] = (a[17] >> n) | (sp_digit)((a[18] << (25 - n)) & 0x1ffffff);
+    r[18] = (a[18] >> n) | (sp_digit)((a[19] << (25 - n)) & 0x1ffffff);
+    r[19] = (a[19] >> n) | (sp_digit)((a[20] << (25 - n)) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[20] = a[20] >> n;
 }
@@ -41532,7 +41419,7 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a,
 
     r[42] = a[41] >> (25 - n);
     for (i=41; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff);
     }
 #else
     sp_int_digit s;
@@ -41541,89 +41428,89 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[41];
     r[42] = s >> (25U - n);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1ffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -41687,8 +41574,7 @@ static int sp_521_div_21(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -41723,14 +41609,14 @@ static void sp_521_mont_mul_order_21(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -42275,7 +42161,7 @@ static int sp_521_num_bits_25_21(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_521_tab32_21[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_521_tab32_21[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_521_num_bits_21(const sp_digit* a)
@@ -42405,8 +42291,7 @@ static int sp_521_mod_inv_21(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 21);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42631,10 +42516,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42845,8 +42728,7 @@ static int sp_521_ecc_is_point_21(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42885,8 +42767,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42994,10 +42875,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43076,10 +42955,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43144,10 +43021,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43208,10 +43083,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43219,7 +43092,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -43261,8 +43134,7 @@ static int sp_521_mont_sqrt_21(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43327,8 +43199,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43410,20 +43281,20 @@ SP_NOINLINE static void sp_1024_mul_7(sp_digit* r, const sp_digit* a,
                  + ((sp_int64)a[ 6]) * b[ 5];
     sp_int64 t12  = ((sp_int64)a[ 6]) * b[ 6];
 
-    t1   += t0  >> 25; r[ 0] = t0  & 0x1ffffff;
-    t2   += t1  >> 25; r[ 1] = t1  & 0x1ffffff;
-    t3   += t2  >> 25; r[ 2] = t2  & 0x1ffffff;
-    t4   += t3  >> 25; r[ 3] = t3  & 0x1ffffff;
-    t5   += t4  >> 25; r[ 4] = t4  & 0x1ffffff;
-    t6   += t5  >> 25; r[ 5] = t5  & 0x1ffffff;
-    t7   += t6  >> 25; r[ 6] = t6  & 0x1ffffff;
-    t8   += t7  >> 25; r[ 7] = t7  & 0x1ffffff;
-    t9   += t8  >> 25; r[ 8] = t8  & 0x1ffffff;
-    t10  += t9  >> 25; r[ 9] = t9  & 0x1ffffff;
-    t11  += t10 >> 25; r[10] = t10 & 0x1ffffff;
-    t12  += t11 >> 25; r[11] = t11 & 0x1ffffff;
+    t1   += t0  >> 25; r[ 0] = (sp_digit)(t0  & 0x1ffffff);
+    t2   += t1  >> 25; r[ 1] = (sp_digit)(t1  & 0x1ffffff);
+    t3   += t2  >> 25; r[ 2] = (sp_digit)(t2  & 0x1ffffff);
+    t4   += t3  >> 25; r[ 3] = (sp_digit)(t3  & 0x1ffffff);
+    t5   += t4  >> 25; r[ 4] = (sp_digit)(t4  & 0x1ffffff);
+    t6   += t5  >> 25; r[ 5] = (sp_digit)(t5  & 0x1ffffff);
+    t7   += t6  >> 25; r[ 6] = (sp_digit)(t6  & 0x1ffffff);
+    t8   += t7  >> 25; r[ 7] = (sp_digit)(t7  & 0x1ffffff);
+    t9   += t8  >> 25; r[ 8] = (sp_digit)(t8  & 0x1ffffff);
+    t10  += t9  >> 25; r[ 9] = (sp_digit)(t9  & 0x1ffffff);
+    t11  += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff);
+    t12  += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff);
     r[13] = (sp_digit)(t12 >> 25);
-                       r[12] = t12 & 0x1ffffff;
+                       r[12] = (sp_digit)(t12 & 0x1ffffff);
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -43462,20 +43333,20 @@ SP_NOINLINE static void sp_1024_sqr_7(sp_digit* r, const sp_digit* a)
     sp_int64 t11  = (((sp_int64)a[ 5]) * a[ 6]) * 2;
     sp_int64 t12  =  ((sp_int64)a[ 6]) * a[ 6];
 
-    t1   += t0  >> 25; r[ 0] = t0  & 0x1ffffff;
-    t2   += t1  >> 25; r[ 1] = t1  & 0x1ffffff;
-    t3   += t2  >> 25; r[ 2] = t2  & 0x1ffffff;
-    t4   += t3  >> 25; r[ 3] = t3  & 0x1ffffff;
-    t5   += t4  >> 25; r[ 4] = t4  & 0x1ffffff;
-    t6   += t5  >> 25; r[ 5] = t5  & 0x1ffffff;
-    t7   += t6  >> 25; r[ 6] = t6  & 0x1ffffff;
-    t8   += t7  >> 25; r[ 7] = t7  & 0x1ffffff;
-    t9   += t8  >> 25; r[ 8] = t8  & 0x1ffffff;
-    t10  += t9  >> 25; r[ 9] = t9  & 0x1ffffff;
-    t11  += t10 >> 25; r[10] = t10 & 0x1ffffff;
-    t12  += t11 >> 25; r[11] = t11 & 0x1ffffff;
+    t1   += t0  >> 25; r[ 0] = (sp_digit)(t0  & 0x1ffffff);
+    t2   += t1  >> 25; r[ 1] = (sp_digit)(t1  & 0x1ffffff);
+    t3   += t2  >> 25; r[ 2] = (sp_digit)(t2  & 0x1ffffff);
+    t4   += t3  >> 25; r[ 3] = (sp_digit)(t3  & 0x1ffffff);
+    t5   += t4  >> 25; r[ 4] = (sp_digit)(t4  & 0x1ffffff);
+    t6   += t5  >> 25; r[ 5] = (sp_digit)(t5  & 0x1ffffff);
+    t7   += t6  >> 25; r[ 6] = (sp_digit)(t6  & 0x1ffffff);
+    t8   += t7  >> 25; r[ 7] = (sp_digit)(t7  & 0x1ffffff);
+    t9   += t8  >> 25; r[ 8] = (sp_digit)(t8  & 0x1ffffff);
+    t10  += t9  >> 25; r[ 9] = (sp_digit)(t9  & 0x1ffffff);
+    t11  += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff);
+    t12  += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff);
     r[13] = (sp_digit)(t12 >> 25);
-                       r[12] = t12 & 0x1ffffff;
+                       r[12] = (sp_digit)(t12 & 0x1ffffff);
 }
 
 /* Add b to a into r. (r = a + b)
@@ -44180,20 +44051,20 @@ SP_NOINLINE static void sp_1024_rshift_42(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<41; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff);
     }
 #else
     for (i=0; i<40; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff);
     }
-    r[40] = (a[40] >> n) | ((a[41] << (25 - n)) & 0x1ffffff);
+    r[40] = (a[40] >> n) | (sp_digit)((a[41] << (25 - n)) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[41] = a[41] >> n;
 }
@@ -44370,8 +44241,7 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -44450,16 +44320,16 @@ static void sp_1024_point_free_42(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -44753,20 +44623,20 @@ SP_NOINLINE static void sp_1024_mul_add_42(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffff);
         t[1] += t[0] >> 25;
-        r[i+1] = t[1] & 0x1ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffff);
         t[2] += t[1] >> 25;
-        r[i+2] = t[2] & 0x1ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffff);
         t[3] += t[2] >> 25;
-        r[i+3] = t[3] & 0x1ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffff);
         t[0]  = t[3] >> 25;
     }
     t[0] += (tb * a[40]) + r[40];
     t[1]  = (tb * a[41]) + r[41];
-    r[40] = t[0] & 0x1ffffff;
+    r[40] = (sp_digit)(t[0] & 0x1ffffff);
     t[1] += t[0] >> 25;
-    r[41] = t[1] & 0x1ffffff;
+    r[41] = (sp_digit)(t[1] & 0x1ffffff);
     r[42] +=  (sp_digit)(t[1] >> 25);
 #else
     sp_int64 tb = b;
@@ -44840,7 +44710,7 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a)
     n = a[40] >> 24;
     for (i = 0; i < 40; i++) {
         n += (sp_uint32)a[41 + i] << 1;
-        r[i] = n & 0x1ffffff;
+        r[i] = (sp_digit)(n & 0x1ffffff);
         n >>= 25;
     }
     n += (sp_uint32)a[81] << 1;
@@ -44852,14 +44722,14 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a)
     n  = (sp_uint32)a[40];
     n  = n >> 24U;
     for (i = 0; i < 40; i += 8) {
-        n += (sp_uint32)a[i+41] << 1U; r[i+0] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+42] << 1U; r[i+1] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+43] << 1U; r[i+2] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+44] << 1U; r[i+3] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+45] << 1U; r[i+4] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+46] << 1U; r[i+5] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+47] << 1U; r[i+6] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+48] << 1U; r[i+7] = n & 0x1ffffff; n >>= 25U;
+        n += (sp_uint32)a[i+41] << 1U; r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+42] << 1U; r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+43] << 1U; r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+44] << 1U; r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+45] << 1U; r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+46] << 1U; r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+47] << 1U; r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+48] << 1U; r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
     }
     n += (sp_uint32)a[81] << 1U; r[40] = n;
 #endif /* WOLFSSL_SP_SMALL */
@@ -44882,22 +44752,22 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp)
 
     if (mp != 1) {
         for (i=0; i<40; i++) {
-            mu = (a[i] * mp) & 0x1ffffff;
+            mu = (sp_digit)((a[i] * mp) & 0x1ffffff);
             sp_1024_mul_add_42(a+i, m, mu);
             a[i+1] += a[i] >> 25;
         }
-        mu = (a[i] * mp) & 0xffffffL;
+        mu = (sp_digit)((a[i] * mp) & 0xffffffL);
         sp_1024_mul_add_42(a+i, m, mu);
         a[i+1] += a[i] >> 25;
         a[i] &= 0x1ffffff;
     }
     else {
         for (i=0; i<40; i++) {
-            mu = a[i] & 0x1ffffff;
+            mu = (sp_digit)(a[i] & 0x1ffffff);
             sp_1024_mul_add_42(a+i, m, mu);
             a[i+1] += a[i] >> 25;
         }
-        mu = a[i] & 0xffffffL;
+        mu = (sp_digit)(a[i] & 0xffffffL);
         sp_1024_mul_add_42(a+i, m, mu);
         a[i+1] += a[i] >> 25;
         a[i] &= 0x1ffffff;
@@ -44940,7 +44810,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_42(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -45024,7 +44894,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_42(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_42(r->x, p1024_mod);
-    sp_1024_cond_sub_42(r->x, r->x, p1024_mod, ~(n >> 24));
+    sp_1024_cond_sub_42(r->x, r->x, p1024_mod, (sp_digit)~(n >> 24));
     sp_1024_norm_42(r->x);
 
     /* y /= z^3 */
@@ -45033,7 +44903,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_42(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_42(r->y, p1024_mod);
-    sp_1024_cond_sub_42(r->y, r->y, p1024_mod, ~(n >> 24));
+    sp_1024_cond_sub_42(r->y, r->y, p1024_mod, (sp_digit)~(n >> 24));
     sp_1024_norm_42(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -45123,50 +44993,50 @@ SP_NOINLINE static void sp_1024_rshift1_42(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<41; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff);
-    r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff);
-    r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff);
-    r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff);
-    r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff);
-    r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff);
-    r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff);
-    r[20] = (a[20] >> 1) + ((a[21] << 24) & 0x1ffffff);
-    r[21] = (a[21] >> 1) + ((a[22] << 24) & 0x1ffffff);
-    r[22] = (a[22] >> 1) + ((a[23] << 24) & 0x1ffffff);
-    r[23] = (a[23] >> 1) + ((a[24] << 24) & 0x1ffffff);
-    r[24] = (a[24] >> 1) + ((a[25] << 24) & 0x1ffffff);
-    r[25] = (a[25] >> 1) + ((a[26] << 24) & 0x1ffffff);
-    r[26] = (a[26] >> 1) + ((a[27] << 24) & 0x1ffffff);
-    r[27] = (a[27] >> 1) + ((a[28] << 24) & 0x1ffffff);
-    r[28] = (a[28] >> 1) + ((a[29] << 24) & 0x1ffffff);
-    r[29] = (a[29] >> 1) + ((a[30] << 24) & 0x1ffffff);
-    r[30] = (a[30] >> 1) + ((a[31] << 24) & 0x1ffffff);
-    r[31] = (a[31] >> 1) + ((a[32] << 24) & 0x1ffffff);
-    r[32] = (a[32] >> 1) + ((a[33] << 24) & 0x1ffffff);
-    r[33] = (a[33] >> 1) + ((a[34] << 24) & 0x1ffffff);
-    r[34] = (a[34] >> 1) + ((a[35] << 24) & 0x1ffffff);
-    r[35] = (a[35] >> 1) + ((a[36] << 24) & 0x1ffffff);
-    r[36] = (a[36] >> 1) + ((a[37] << 24) & 0x1ffffff);
-    r[37] = (a[37] >> 1) + ((a[38] << 24) & 0x1ffffff);
-    r[38] = (a[38] >> 1) + ((a[39] << 24) & 0x1ffffff);
-    r[39] = (a[39] >> 1) + ((a[40] << 24) & 0x1ffffff);
-    r[40] = (a[40] >> 1) + ((a[41] << 24) & 0x1ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff);
+    r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff);
+    r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff);
+    r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff);
+    r[20] = (a[20] >> 1) + (sp_digit)((a[21] << 24) & 0x1ffffff);
+    r[21] = (a[21] >> 1) + (sp_digit)((a[22] << 24) & 0x1ffffff);
+    r[22] = (a[22] >> 1) + (sp_digit)((a[23] << 24) & 0x1ffffff);
+    r[23] = (a[23] >> 1) + (sp_digit)((a[24] << 24) & 0x1ffffff);
+    r[24] = (a[24] >> 1) + (sp_digit)((a[25] << 24) & 0x1ffffff);
+    r[25] = (a[25] >> 1) + (sp_digit)((a[26] << 24) & 0x1ffffff);
+    r[26] = (a[26] >> 1) + (sp_digit)((a[27] << 24) & 0x1ffffff);
+    r[27] = (a[27] >> 1) + (sp_digit)((a[28] << 24) & 0x1ffffff);
+    r[28] = (a[28] >> 1) + (sp_digit)((a[29] << 24) & 0x1ffffff);
+    r[29] = (a[29] >> 1) + (sp_digit)((a[30] << 24) & 0x1ffffff);
+    r[30] = (a[30] >> 1) + (sp_digit)((a[31] << 24) & 0x1ffffff);
+    r[31] = (a[31] >> 1) + (sp_digit)((a[32] << 24) & 0x1ffffff);
+    r[32] = (a[32] >> 1) + (sp_digit)((a[33] << 24) & 0x1ffffff);
+    r[33] = (a[33] >> 1) + (sp_digit)((a[34] << 24) & 0x1ffffff);
+    r[34] = (a[34] >> 1) + (sp_digit)((a[35] << 24) & 0x1ffffff);
+    r[35] = (a[35] >> 1) + (sp_digit)((a[36] << 24) & 0x1ffffff);
+    r[36] = (a[36] >> 1) + (sp_digit)((a[37] << 24) & 0x1ffffff);
+    r[37] = (a[37] >> 1) + (sp_digit)((a[38] << 24) & 0x1ffffff);
+    r[38] = (a[38] >> 1) + (sp_digit)((a[39] << 24) & 0x1ffffff);
+    r[39] = (a[39] >> 1) + (sp_digit)((a[40] << 24) & 0x1ffffff);
+    r[40] = (a[40] >> 1) + (sp_digit)((a[41] << 24) & 0x1ffffff);
 #endif
     r[41] = a[41] >> 1;
 }
@@ -45492,8 +45362,8 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r,
         sp_1024_mont_sub_42(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45510,7 +45380,7 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45684,8 +45554,8 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45702,7 +45572,7 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -46312,13 +46182,13 @@ static void sp_1024_proj_point_add_sub_42(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_42_7[130] = {
+static const word8 recode_index_42_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -46331,7 +46201,7 @@ static const uint8_t recode_index_42_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_42_7[130] = {
+static const word8 recode_neg_42_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -46353,7 +46223,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -46362,7 +46232,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 25) {
             y &= 0x7f;
             n >>= 7;
@@ -46376,12 +46246,12 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 42) {
             n = k[j];
-            y |= (uint8_t)((n << (25 - o)) & 0x7f);
+            y |= (word8)((n << (25 - o)) & 0x7f);
             o -= 18;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_42_7[y];
         v[i].neg = recode_neg_42_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -46528,10 +46398,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46597,8 +46465,8 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r,
         sp_1024_mont_sub_42(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -46615,7 +46483,7 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46726,8 +46594,7 @@ static int sp_1024_gen_stripe_table_42(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46826,10 +46693,8 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46849,7 +46714,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -46862,8 +46727,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46875,7 +46742,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46961,10 +46828,12 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -47043,10 +46912,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50988,10 +50855,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51066,10 +50931,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51103,7 +50966,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -51134,10 +50997,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51163,7 +51024,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -51230,10 +51091,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51380,9 +51239,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -53278,9 +53135,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -53648,9 +53503,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(c, 1, NULL);
     sp_1024_point_free_42(q, 1, NULL);
@@ -54075,9 +53928,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(c, 1, NULL);
     sp_1024_point_free_42(q, 1, NULL);
@@ -54107,7 +53958,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -54336,7 +54187,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -54443,9 +54294,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(neg, 1, NULL);
     sp_1024_point_free_42(c, 1, NULL);
@@ -54638,9 +54487,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_42(c, 1, NULL);
     sp_1024_point_free_42(q, 1, NULL);
@@ -54730,7 +54577,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_42(t1, p1024_mod);
-        sp_1024_cond_sub_42(t1, t1, p1024_mod, ~(n >> 24));
+        sp_1024_cond_sub_42(t1, t1, p1024_mod, (sp_digit)~(n >> 24));
         sp_1024_norm_42(t1);
         if (!sp_1024_iszero_42(t1)) {
             err = MP_VAL;
@@ -54738,8 +54585,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -54778,8 +54624,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -54887,10 +54732,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c
index a2b97d816..706b47fff 100644
--- a/wolfcrypt/src/sp_c64.c
+++ b/wolfcrypt/src/sp_c64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,13 +71,13 @@
 #define SP_PRINT_NUM(var, name, total, words, bits)   \
     do {                                              \
         int ii;                                       \
-        byte nb[(bits + 7) / 8];                      \
+        byte nb[((bits) + 7) / 8];                    \
         sp_digit _s[words];                           \
         XMEMCPY(_s, var, sizeof(_s));                 \
         sp_##total##_norm_##words(_s);                \
         sp_##total##_to_bin_##words(_s, nb);          \
         fprintf(stderr, name "=0x");                  \
-        for (ii=0; ii<(bits + 7) / 8; ii++)           \
+        for (ii=0; ii<((bits) + 7) / 8; ii++)         \
             fprintf(stderr, "%02x", nb[ii]);          \
         fprintf(stderr, "\n");                        \
     } while (0)
@@ -563,17 +563,17 @@ SP_NOINLINE static void sp_2048_mul_add_17(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
         t[1] += t[0] >> 61;
-        r[i+1] = t[1] & 0x1fffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
         t[2] += t[1] >> 61;
-        r[i+2] = t[2] & 0x1fffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL);
         t[3] += t[2] >> 61;
-        r[i+3] = t[3] & 0x1fffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL);
         t[0]  = t[3] >> 61;
     }
     t[0] += (tb * a[16]) + r[16];
-    r[16] = t[0] & 0x1fffffffffffffffL;
+    r[16] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
     r[17] +=  (sp_digit)(t[0] >> 61);
 }
 
@@ -589,7 +589,7 @@ static void sp_2048_mont_shift_17(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[17]) << 13;
 
     for (i = 0; i < 16; i++) {
-        r[i] = n & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1fffffffffffffffL);
         n >>= 61;
         n += ((sp_int128)a[18 + i]) << 13;
     }
@@ -612,11 +612,11 @@ static void sp_2048_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_17(a + 17);
 
     for (i=0; i<16; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
         sp_2048_mul_add_17(a+i, m, mu);
         a[i+1] += a[i] >> 61;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL);
     sp_2048_mul_add_17(a+i, m, mu);
     a[i+1] += a[i] >> 61;
     a[i] &= 0x1fffffffffffffffL;
@@ -840,7 +840,7 @@ SP_NOINLINE static void sp_2048_rshift_17(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<16; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL);
     }
     r[16] = a[16] >> n;
 }
@@ -1017,8 +1017,7 @@ static int sp_2048_div_17(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1130,14 +1129,13 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(t[0], m, mp);
         n = sp_2048_cmp_17(t[0], m);
-        sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 17 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1221,13 +1219,12 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(t[0], m, mp);
         n = sp_2048_cmp_17(t[0], m);
-        sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 17 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1367,13 +1364,12 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(rt, m, mp);
         n = sp_2048_cmp_17(rt, m);
-        sp_2048_cond_sub_17(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_17(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 34);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1479,20 +1475,20 @@ SP_NOINLINE static void sp_2048_mul_add_34(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
         t[1] += t[0] >> 61;
-        r[i+1] = t[1] & 0x1fffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
         t[2] += t[1] >> 61;
-        r[i+2] = t[2] & 0x1fffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL);
         t[3] += t[2] >> 61;
-        r[i+3] = t[3] & 0x1fffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL);
         t[0]  = t[3] >> 61;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
-    r[32] = t[0] & 0x1fffffffffffffffL;
+    r[32] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
     t[1] += t[0] >> 61;
-    r[33] = t[1] & 0x1fffffffffffffffL;
+    r[33] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
     r[34] +=  (sp_digit)(t[1] >> 61);
 }
 
@@ -1508,7 +1504,7 @@ static void sp_2048_mont_shift_34(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[34]) << 26;
 
     for (i = 0; i < 33; i++) {
-        r[i] = n & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1fffffffffffffffL);
         n >>= 61;
         n += ((sp_int128)a[35 + i]) << 26;
     }
@@ -1533,33 +1529,33 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<33; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
             sp_2048_mul_add_34(a+i, m, mu);
             a[i+1] += a[i] >> 61;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
         a[i] &= 0x1fffffffffffffffL;
     }
     else {
         for (i=0; i<33; i++) {
-            mu = a[i] & 0x1fffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1fffffffffffffffL);
             sp_2048_mul_add_34(a+i, m, mu);
             a[i+1] += a[i] >> 61;
         }
-        mu = a[i] & 0x7ffffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
         a[i] &= 0x1fffffffffffffffL;
     }
 #else
     for (i=0; i<33; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL);
     sp_2048_mul_add_34(a+i, m, mu);
     a[i+1] += a[i] >> 61;
     a[i] &= 0x1fffffffffffffffL;
@@ -1665,7 +1661,7 @@ SP_NOINLINE static void sp_2048_rshift_34(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<33; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL);
     }
     r[33] = a[33] >> n;
 }
@@ -1842,8 +1838,7 @@ static int sp_2048_div_34(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1956,14 +1951,13 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(t[0], m, mp);
         n = sp_2048_cmp_34(t[0], m);
-        sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 34 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2047,13 +2041,12 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(t[0], m, mp);
         n = sp_2048_cmp_34(t[0], m);
-        sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 34 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2176,13 +2169,12 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(rt, m, mp);
         n = sp_2048_cmp_34(rt, m);
-        sp_2048_cond_sub_34(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_34(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 68);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2301,8 +2293,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -2413,8 +2404,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -2784,7 +2774,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 17 * 13);
@@ -3020,9 +3010,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a,
 
     r[34] = a[33] >> (61 - n);
     for (i=33; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0x1fffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -3133,12 +3123,11 @@ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_34(r, m, mp);
         n = sp_2048_cmp_34(r, m);
-        sp_2048_cond_sub_34(r, r, m, ~(n >> 63));
+        sp_2048_cond_sub_34(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -3615,29 +3604,29 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -3645,7 +3634,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -3654,7 +3643,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -3664,7 +3653,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
        + ((sp_uint128)a[ 3]) * b[ 6]
@@ -3673,7 +3662,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 3]
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 2]) * b[ 8]
        + ((sp_uint128)a[ 3]) * b[ 7]
        + ((sp_uint128)a[ 4]) * b[ 6]
@@ -3681,35 +3670,35 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 4]
        + ((sp_uint128)a[ 7]) * b[ 3]
        + ((sp_uint128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 3]) * b[ 8]
        + ((sp_uint128)a[ 4]) * b[ 7]
        + ((sp_uint128)a[ 5]) * b[ 6]
        + ((sp_uint128)a[ 6]) * b[ 5]
        + ((sp_uint128)a[ 7]) * b[ 4]
        + ((sp_uint128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 4]) * b[ 8]
        + ((sp_uint128)a[ 5]) * b[ 7]
        + ((sp_uint128)a[ 6]) * b[ 6]
        + ((sp_uint128)a[ 7]) * b[ 5]
        + ((sp_uint128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 5]) * b[ 8]
        + ((sp_uint128)a[ 6]) * b[ 7]
        + ((sp_uint128)a[ 7]) * b[ 6]
        + ((sp_uint128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 6]) * b[ 8]
        + ((sp_uint128)a[ 7]) * b[ 7]
        + ((sp_uint128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 7]) * b[ 8]
        + ((sp_uint128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -3909,66 +3898,66 @@ SP_NOINLINE static void sp_2048_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -4213,16 +4202,16 @@ static void sp_2048_mont_shift_18(sp_digit* r, const sp_digit* a)
     n  = (sp_uint64)a[17];
     n  = n >> 55U;
     for (i = 0; i < 16; i += 8) {
-        n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U;
+        n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     }
-    n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U;
+    n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     n += (sp_uint64)a[35] << 2U; r[17] = n;
     XMEMSET(&r[18], 0, sizeof(*r) * 18U);
 }
@@ -4242,11 +4231,11 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_18(a + 18);
 
     for (i=0; i<17; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_2048_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL);
     sp_2048_mul_add_18(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -4367,16 +4356,16 @@ SP_NOINLINE static void sp_2048_rshift_18(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL);
     r[17] = a[17] >> n;
 }
 
@@ -4552,8 +4541,7 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4665,14 +4653,13 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(t[0], m, mp);
         n = sp_2048_cmp_18(t[0], m);
-        sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4756,13 +4743,12 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(t[0], m, mp);
         n = sp_2048_cmp_18(t[0], m);
-        sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4902,13 +4888,12 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(rt, m, mp);
         n = sp_2048_cmp_18(rt, m);
-        sp_2048_cond_sub_18(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_18(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 36);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5063,28 +5048,28 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
 
     s = a[36]; n = a[35] >> 53;
     for (i = 0; i < 32; i += 8) {
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+0] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+37] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+1] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+38] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+2] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+39] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+3] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+40] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+4] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+41] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+5] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+42] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+6] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+43] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+7] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+44] + (s >> 57);
     }
-    n += (s & 0x1ffffffffffffffL) << 4; r[32] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[32] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[69] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 4; r[33] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[33] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[70] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 4; r[34] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[34] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[71] + (s >> 57);
     n += s << 4;              r[35] = n;
     XMEMSET(&r[36], 0, sizeof(*r) * 36U);
@@ -5107,33 +5092,33 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<35; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
             sp_2048_mul_add_36(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<35; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_2048_mul_add_36(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x1fffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x1fffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
 #else
     for (i=0; i<35; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
     sp_2048_mul_add_36(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -5251,18 +5236,18 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (57 - n)) & 0x1ffffffffffffffL);
-    r[33] = (a[33] >> n) | ((a[34] << (57 - n)) & 0x1ffffffffffffffL);
-    r[34] = (a[34] >> n) | ((a[35] << (57 - n)) & 0x1ffffffffffffffL);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (57 - n)) & 0x1ffffffffffffffL);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (57 - n)) & 0x1ffffffffffffffL);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (57 - n)) & 0x1ffffffffffffffL);
     r[35] = a[35] >> n;
 }
 
@@ -5438,8 +5423,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5554,14 +5538,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5645,13 +5628,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5774,13 +5756,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(rt, m, mp);
         n = sp_2048_cmp_36(rt, m);
-        sp_2048_cond_sub_36(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 72);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5901,8 +5882,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -6013,8 +5993,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -6384,7 +6363,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 18 * 13);
@@ -6622,76 +6601,76 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[35];
     r[36] = s >> (57U - n);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1ffffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -6802,12 +6781,11 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_36(r, m, mp);
         n = sp_2048_cmp_36(r, m);
-        sp_2048_cond_sub_36(r, r, m, ~(n >> 63));
+        sp_2048_cond_sub_36(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7476,20 +7454,20 @@ SP_NOINLINE static void sp_3072_mul_add_26(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL);
         t[1] += t[0] >> 60;
-        r[i+1] = t[1] & 0xfffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL);
         t[2] += t[1] >> 60;
-        r[i+2] = t[2] & 0xfffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL);
         t[3] += t[2] >> 60;
-        r[i+3] = t[3] & 0xfffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL);
         t[0]  = t[3] >> 60;
     }
     t[0] += (tb * a[24]) + r[24];
     t[1]  = (tb * a[25]) + r[25];
-    r[24] = t[0] & 0xfffffffffffffffL;
+    r[24] = (sp_digit)(t[0] & 0xfffffffffffffffL);
     t[1] += t[0] >> 60;
-    r[25] = t[1] & 0xfffffffffffffffL;
+    r[25] = (sp_digit)(t[1] & 0xfffffffffffffffL);
     r[26] +=  (sp_digit)(t[1] >> 60);
 }
 
@@ -7505,7 +7483,7 @@ static void sp_3072_mont_shift_26(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[26]) << 24;
 
     for (i = 0; i < 25; i++) {
-        r[i] = n & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffffL);
         n >>= 60;
         n += ((sp_int128)a[27 + i]) << 24;
     }
@@ -7528,11 +7506,11 @@ static void sp_3072_mont_reduce_26(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_26(a + 26);
 
     for (i=0; i<25; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
         sp_3072_mul_add_26(a+i, m, mu);
         a[i+1] += a[i] >> 60;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL);
     sp_3072_mul_add_26(a+i, m, mu);
     a[i+1] += a[i] >> 60;
     a[i] &= 0xfffffffffffffffL;
@@ -7717,7 +7695,7 @@ SP_NOINLINE static void sp_3072_rshift_26(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<25; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL);
     }
     r[25] = a[25] >> n;
 }
@@ -7894,8 +7872,7 @@ static int sp_3072_div_26(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8007,14 +7984,13 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(t[0], m, mp);
         n = sp_3072_cmp_26(t[0], m);
-        sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 26 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8098,13 +8074,12 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(t[0], m, mp);
         n = sp_3072_cmp_26(t[0], m);
-        sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 26 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8244,13 +8219,12 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(rt, m, mp);
         n = sp_3072_cmp_26(rt, m);
-        sp_3072_cond_sub_26(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_26(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 52);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8356,26 +8330,26 @@ SP_NOINLINE static void sp_3072_mul_add_52(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL);
         t[1] += t[0] >> 60;
-        r[i+1] = t[1] & 0xfffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL);
         t[2] += t[1] >> 60;
-        r[i+2] = t[2] & 0xfffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL);
         t[3] += t[2] >> 60;
-        r[i+3] = t[3] & 0xfffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL);
         t[0]  = t[3] >> 60;
     }
     t[0] += (tb * a[48]) + r[48];
     t[1]  = (tb * a[49]) + r[49];
     t[2]  = (tb * a[50]) + r[50];
     t[3]  = (tb * a[51]) + r[51];
-    r[48] = t[0] & 0xfffffffffffffffL;
+    r[48] = (sp_digit)(t[0] & 0xfffffffffffffffL);
     t[1] += t[0] >> 60;
-    r[49] = t[1] & 0xfffffffffffffffL;
+    r[49] = (sp_digit)(t[1] & 0xfffffffffffffffL);
     t[2] += t[1] >> 60;
-    r[50] = t[2] & 0xfffffffffffffffL;
+    r[50] = (sp_digit)(t[2] & 0xfffffffffffffffL);
     t[3] += t[2] >> 60;
-    r[51] = t[3] & 0xfffffffffffffffL;
+    r[51] = (sp_digit)(t[3] & 0xfffffffffffffffL);
     r[52] +=  (sp_digit)(t[3] >> 60);
 }
 
@@ -8391,7 +8365,7 @@ static void sp_3072_mont_shift_52(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[52]) << 48;
 
     for (i = 0; i < 51; i++) {
-        r[i] = n & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffffL);
         n >>= 60;
         n += ((sp_int128)a[53 + i]) << 48;
     }
@@ -8416,33 +8390,33 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<51; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
             sp_3072_mul_add_52(a+i, m, mu);
             a[i+1] += a[i] >> 60;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
         a[i] &= 0xfffffffffffffffL;
     }
     else {
         for (i=0; i<51; i++) {
-            mu = a[i] & 0xfffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0xfffffffffffffffL);
             sp_3072_mul_add_52(a+i, m, mu);
             a[i+1] += a[i] >> 60;
         }
-        mu = a[i] & 0xfffL;
+        mu = (sp_digit)(a[i] & 0xfffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
         a[i] &= 0xfffffffffffffffL;
     }
 #else
     for (i=0; i<51; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL);
     sp_3072_mul_add_52(a+i, m, mu);
     a[i+1] += a[i] >> 60;
     a[i] &= 0xfffffffffffffffL;
@@ -8548,7 +8522,7 @@ SP_NOINLINE static void sp_3072_rshift_52(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<51; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL);
     }
     r[51] = a[51] >> n;
 }
@@ -8725,8 +8699,7 @@ static int sp_3072_div_52(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8839,14 +8812,13 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(t[0], m, mp);
         n = sp_3072_cmp_52(t[0], m);
-        sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 52 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8930,13 +8902,12 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(t[0], m, mp);
         n = sp_3072_cmp_52(t[0], m);
-        sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 52 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9059,13 +9030,12 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(rt, m, mp);
         n = sp_3072_cmp_52(rt, m);
-        sp_3072_cond_sub_52(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_52(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 104);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9184,8 +9154,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -9296,8 +9265,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -9667,7 +9635,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 26 * 13);
@@ -9903,9 +9871,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a,
 
     r[52] = a[51] >> (60 - n);
     for (i=51; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0xfffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -10016,12 +9984,11 @@ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_52(r, m, mp);
         n = sp_3072_cmp_52(r, m);
-        sp_3072_cond_sub_52(r, r, m, ~(n >> 63));
+        sp_3072_cond_sub_52(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -10501,29 +10468,29 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -10531,7 +10498,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -10540,7 +10507,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -10550,7 +10517,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
        + ((sp_uint128)a[ 3]) * b[ 6]
@@ -10559,7 +10526,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 3]
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 2]) * b[ 8]
        + ((sp_uint128)a[ 3]) * b[ 7]
        + ((sp_uint128)a[ 4]) * b[ 6]
@@ -10567,35 +10534,35 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 4]
        + ((sp_uint128)a[ 7]) * b[ 3]
        + ((sp_uint128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 3]) * b[ 8]
        + ((sp_uint128)a[ 4]) * b[ 7]
        + ((sp_uint128)a[ 5]) * b[ 6]
        + ((sp_uint128)a[ 6]) * b[ 5]
        + ((sp_uint128)a[ 7]) * b[ 4]
        + ((sp_uint128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 4]) * b[ 8]
        + ((sp_uint128)a[ 5]) * b[ 7]
        + ((sp_uint128)a[ 6]) * b[ 6]
        + ((sp_uint128)a[ 7]) * b[ 5]
        + ((sp_uint128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 5]) * b[ 8]
        + ((sp_uint128)a[ 6]) * b[ 7]
        + ((sp_uint128)a[ 7]) * b[ 6]
        + ((sp_uint128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 6]) * b[ 8]
        + ((sp_uint128)a[ 7]) * b[ 7]
        + ((sp_uint128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 7]) * b[ 8]
        + ((sp_uint128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -10853,66 +10820,66 @@ SP_NOINLINE static void sp_3072_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -11218,26 +11185,26 @@ static void sp_3072_mont_shift_27(sp_digit* r, const sp_digit* a)
 
     s = a[27]; n = a[26] >> 54;
     for (i = 0; i < 24; i += 8) {
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+0] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+28] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+1] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+29] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+2] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+30] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+3] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+31] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+4] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+32] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+5] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+33] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+6] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+34] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+7] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+35] + (s >> 57);
     }
-    n += (s & 0x1ffffffffffffffL) << 3; r[24] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[24] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[52] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 3; r[25] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[25] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[53] + (s >> 57);
     n += s << 3;              r[26] = n;
     XMEMSET(&r[27], 0, sizeof(*r) * 27U);
@@ -11258,11 +11225,11 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_27(a + 27);
 
     for (i=0; i<26; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_3072_mul_add_27(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL);
     sp_3072_mul_add_27(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -11387,17 +11354,17 @@ SP_NOINLINE static void sp_3072_rshift_27(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<24; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[24] = (a[24] >> n) | ((a[25] << (57 - n)) & 0x1ffffffffffffffL);
-    r[25] = (a[25] >> n) | ((a[26] << (57 - n)) & 0x1ffffffffffffffL);
+    r[24] = (a[24] >> n) | (sp_digit)((a[25] << (57 - n)) & 0x1ffffffffffffffL);
+    r[25] = (a[25] >> n) | (sp_digit)((a[26] << (57 - n)) & 0x1ffffffffffffffL);
     r[26] = a[26] >> n;
 }
 
@@ -11573,8 +11540,7 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11686,14 +11652,13 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(t[0], m, mp);
         n = sp_3072_cmp_27(t[0], m);
-        sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11777,13 +11742,12 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(t[0], m, mp);
         n = sp_3072_cmp_27(t[0], m);
-        sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -11923,13 +11887,12 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(rt, m, mp);
         n = sp_3072_cmp_27(rt, m);
-        sp_3072_cond_sub_27(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_27(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 54);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12092,28 +12055,28 @@ static void sp_3072_mont_shift_54(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[53] >> 51;
     n += ((sp_int128)a[54]) << 6;
     for (i = 0; i < 48; i += 8) {
-        r[i + 0] = n & 0x1ffffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 55]) << 6;
-        r[i + 1] = n & 0x1ffffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 56]) << 6;
-        r[i + 2] = n & 0x1ffffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 57]) << 6;
-        r[i + 3] = n & 0x1ffffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 58]) << 6;
-        r[i + 4] = n & 0x1ffffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 59]) << 6;
-        r[i + 5] = n & 0x1ffffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 60]) << 6;
-        r[i + 6] = n & 0x1ffffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 61]) << 6;
-        r[i + 7] = n & 0x1ffffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 62]) << 6;
     }
-    r[48] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[103]) << 6;
-    r[49] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[104]) << 6;
-    r[50] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[105]) << 6;
-    r[51] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[106]) << 6;
-    r[52] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[107]) << 6;
+    r[48] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[103]) << 6;
+    r[49] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[104]) << 6;
+    r[50] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[105]) << 6;
+    r[51] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[106]) << 6;
+    r[52] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[107]) << 6;
     r[53] = (sp_digit)n;
     XMEMSET(&r[54], 0, sizeof(*r) * 54U);
 }
@@ -12135,33 +12098,33 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<53; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
             sp_3072_mul_add_54(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<53; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_3072_mul_add_54(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x7ffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
 #else
     for (i=0; i<53; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL);
     sp_3072_mul_add_54(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -12281,20 +12244,20 @@ SP_NOINLINE static void sp_3072_rshift_54(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<48; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[48] = (a[48] >> n) | ((a[49] << (57 - n)) & 0x1ffffffffffffffL);
-    r[49] = (a[49] >> n) | ((a[50] << (57 - n)) & 0x1ffffffffffffffL);
-    r[50] = (a[50] >> n) | ((a[51] << (57 - n)) & 0x1ffffffffffffffL);
-    r[51] = (a[51] >> n) | ((a[52] << (57 - n)) & 0x1ffffffffffffffL);
-    r[52] = (a[52] >> n) | ((a[53] << (57 - n)) & 0x1ffffffffffffffL);
+    r[48] = (a[48] >> n) | (sp_digit)((a[49] << (57 - n)) & 0x1ffffffffffffffL);
+    r[49] = (a[49] >> n) | (sp_digit)((a[50] << (57 - n)) & 0x1ffffffffffffffL);
+    r[50] = (a[50] >> n) | (sp_digit)((a[51] << (57 - n)) & 0x1ffffffffffffffL);
+    r[51] = (a[51] >> n) | (sp_digit)((a[52] << (57 - n)) & 0x1ffffffffffffffL);
+    r[52] = (a[52] >> n) | (sp_digit)((a[53] << (57 - n)) & 0x1ffffffffffffffL);
     r[53] = a[53] >> n;
 }
 
@@ -12470,8 +12433,7 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12586,14 +12548,13 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(t[0], m, mp);
         n = sp_3072_cmp_54(t[0], m);
-        sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12677,13 +12638,12 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(t[0], m, mp);
         n = sp_3072_cmp_54(t[0], m);
-        sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12806,13 +12766,12 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(rt, m, mp);
         n = sp_3072_cmp_54(rt, m);
-        sp_3072_cond_sub_54(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_54(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 108);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -12933,8 +12892,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -13045,8 +13003,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -13416,7 +13373,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 27 * 13);
@@ -13654,112 +13611,112 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[53];
     r[54] = s >> (57U - n);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[53] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[52] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[51] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[50] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[49] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[48] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[47] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[46] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[45] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[44] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[43] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[42] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[41] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[40] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[39] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[38] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[37] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[36] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1ffffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -13870,12 +13827,11 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_54(r, m, mp);
         n = sp_3072_cmp_54(r, m);
-        sp_3072_cond_sub_54(r, r, m, ~(n >> 63));
+        sp_3072_cond_sub_54(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -14547,23 +14503,23 @@ SP_NOINLINE static void sp_4096_mul_add_35(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
         t[1] += t[0] >> 59;
-        r[i+1] = t[1] & 0x7ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
         t[2] += t[1] >> 59;
-        r[i+2] = t[2] & 0x7ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
         t[3] += t[2] >> 59;
-        r[i+3] = t[3] & 0x7ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL);
         t[0]  = t[3] >> 59;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
-    r[32] = t[0] & 0x7ffffffffffffffL;
+    r[32] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
     t[1] += t[0] >> 59;
-    r[33] = t[1] & 0x7ffffffffffffffL;
+    r[33] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
     t[2] += t[1] >> 59;
-    r[34] = t[2] & 0x7ffffffffffffffL;
+    r[34] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
     r[35] +=  (sp_digit)(t[2] >> 59);
 }
 
@@ -14579,7 +14535,7 @@ static void sp_4096_mont_shift_35(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[35]) << 17;
 
     for (i = 0; i < 34; i++) {
-        r[i] = n & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7ffffffffffffffL);
         n >>= 59;
         n += ((sp_int128)a[36 + i]) << 17;
     }
@@ -14602,11 +14558,11 @@ static void sp_4096_mont_reduce_35(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_35(a + 35);
 
     for (i=0; i<34; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
         sp_4096_mul_add_35(a+i, m, mu);
         a[i+1] += a[i] >> 59;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL);
     sp_4096_mul_add_35(a+i, m, mu);
     a[i+1] += a[i] >> 59;
     a[i] &= 0x7ffffffffffffffL;
@@ -14791,7 +14747,7 @@ SP_NOINLINE static void sp_4096_rshift_35(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<34; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL);
     }
     r[34] = a[34] >> n;
 }
@@ -14968,8 +14924,7 @@ static int sp_4096_div_35(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15081,14 +15036,13 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(t[0], m, mp);
         n = sp_4096_cmp_35(t[0], m);
-        sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 35 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15172,13 +15126,12 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(t[0], m, mp);
         n = sp_4096_cmp_35(t[0], m);
-        sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 35 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15318,13 +15271,12 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(rt, m, mp);
         n = sp_4096_cmp_35(rt, m);
-        sp_4096_cond_sub_35(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_35(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 70);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15431,20 +15383,20 @@ SP_NOINLINE static void sp_4096_mul_add_70(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
         t[1] += t[0] >> 59;
-        r[i+1] = t[1] & 0x7ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
         t[2] += t[1] >> 59;
-        r[i+2] = t[2] & 0x7ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
         t[3] += t[2] >> 59;
-        r[i+3] = t[3] & 0x7ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL);
         t[0]  = t[3] >> 59;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
-    r[68] = t[0] & 0x7ffffffffffffffL;
+    r[68] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
     t[1] += t[0] >> 59;
-    r[69] = t[1] & 0x7ffffffffffffffL;
+    r[69] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
     r[70] +=  (sp_digit)(t[1] >> 59);
 }
 
@@ -15460,7 +15412,7 @@ static void sp_4096_mont_shift_70(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[70]) << 34;
 
     for (i = 0; i < 69; i++) {
-        r[i] = n & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7ffffffffffffffL);
         n >>= 59;
         n += ((sp_int128)a[71 + i]) << 34;
     }
@@ -15485,33 +15437,33 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<69; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
             sp_4096_mul_add_70(a+i, m, mu);
             a[i+1] += a[i] >> 59;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
         a[i] &= 0x7ffffffffffffffL;
     }
     else {
         for (i=0; i<69; i++) {
-            mu = a[i] & 0x7ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x7ffffffffffffffL);
             sp_4096_mul_add_70(a+i, m, mu);
             a[i+1] += a[i] >> 59;
         }
-        mu = a[i] & 0x1ffffffL;
+        mu = (sp_digit)(a[i] & 0x1ffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
         a[i] &= 0x7ffffffffffffffL;
     }
 #else
     for (i=0; i<69; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL);
     sp_4096_mul_add_70(a+i, m, mu);
     a[i+1] += a[i] >> 59;
     a[i] &= 0x7ffffffffffffffL;
@@ -15617,7 +15569,7 @@ SP_NOINLINE static void sp_4096_rshift_70(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<69; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL);
     }
     r[69] = a[69] >> n;
 }
@@ -15794,8 +15746,7 @@ static int sp_4096_div_70(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15908,14 +15859,13 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(t[0], m, mp);
         n = sp_4096_cmp_70(t[0], m);
-        sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 70 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -15999,13 +15949,12 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(t[0], m, mp);
         n = sp_4096_cmp_70(t[0], m);
-        sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 70 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16128,13 +16077,12 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(rt, m, mp);
         n = sp_4096_cmp_70(rt, m);
-        sp_4096_cond_sub_70(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_70(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 140);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16253,8 +16201,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -16365,8 +16312,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -16736,7 +16682,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 35 * 13);
@@ -16972,9 +16918,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a,
 
     r[70] = a[69] >> (59 - n);
     for (i=69; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0x7ffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x7ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -17085,12 +17031,11 @@ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_70(r, m, mp);
         n = sp_4096_cmp_70(r, m);
-        sp_4096_cond_sub_70(r, r, m, ~(n >> 63));
+        sp_4096_cond_sub_70(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -17434,29 +17379,29 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -17464,7 +17409,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -17473,7 +17418,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -17483,7 +17428,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 9]
        + ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
@@ -17494,7 +17439,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1]
        + ((sp_uint128)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[10]
        + ((sp_uint128)a[ 1]) * b[ 9]
        + ((sp_uint128)a[ 2]) * b[ 8]
@@ -17506,7 +17451,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 8]) * b[ 2]
        + ((sp_uint128)a[ 9]) * b[ 1]
        + ((sp_uint128)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[11]
        + ((sp_uint128)a[ 1]) * b[10]
        + ((sp_uint128)a[ 2]) * b[ 9]
@@ -17519,7 +17464,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 9]) * b[ 2]
        + ((sp_uint128)a[10]) * b[ 1]
        + ((sp_uint128)a[11]) * b[ 0];
-    t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[12]
        + ((sp_uint128)a[ 1]) * b[11]
        + ((sp_uint128)a[ 2]) * b[10]
@@ -17533,7 +17478,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 2]
        + ((sp_uint128)a[11]) * b[ 1]
        + ((sp_uint128)a[12]) * b[ 0];
-    t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 1]) * b[12]
        + ((sp_uint128)a[ 2]) * b[11]
        + ((sp_uint128)a[ 3]) * b[10]
@@ -17546,7 +17491,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 3]
        + ((sp_uint128)a[11]) * b[ 2]
        + ((sp_uint128)a[12]) * b[ 1];
-    t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 2]) * b[12]
        + ((sp_uint128)a[ 3]) * b[11]
        + ((sp_uint128)a[ 4]) * b[10]
@@ -17558,7 +17503,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 4]
        + ((sp_uint128)a[11]) * b[ 3]
        + ((sp_uint128)a[12]) * b[ 2];
-    r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 3]) * b[12]
        + ((sp_uint128)a[ 4]) * b[11]
        + ((sp_uint128)a[ 5]) * b[10]
@@ -17569,7 +17514,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 5]
        + ((sp_uint128)a[11]) * b[ 4]
        + ((sp_uint128)a[12]) * b[ 3];
-    r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 4]) * b[12]
        + ((sp_uint128)a[ 5]) * b[11]
        + ((sp_uint128)a[ 6]) * b[10]
@@ -17579,7 +17524,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 6]
        + ((sp_uint128)a[11]) * b[ 5]
        + ((sp_uint128)a[12]) * b[ 4];
-    r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 5]) * b[12]
        + ((sp_uint128)a[ 6]) * b[11]
        + ((sp_uint128)a[ 7]) * b[10]
@@ -17588,7 +17533,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 7]
        + ((sp_uint128)a[11]) * b[ 6]
        + ((sp_uint128)a[12]) * b[ 5];
-    r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 6]) * b[12]
        + ((sp_uint128)a[ 7]) * b[11]
        + ((sp_uint128)a[ 8]) * b[10]
@@ -17596,35 +17541,35 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 8]
        + ((sp_uint128)a[11]) * b[ 7]
        + ((sp_uint128)a[12]) * b[ 6];
-    r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 7]) * b[12]
        + ((sp_uint128)a[ 8]) * b[11]
        + ((sp_uint128)a[ 9]) * b[10]
        + ((sp_uint128)a[10]) * b[ 9]
        + ((sp_uint128)a[11]) * b[ 8]
        + ((sp_uint128)a[12]) * b[ 7];
-    r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 8]) * b[12]
        + ((sp_uint128)a[ 9]) * b[11]
        + ((sp_uint128)a[10]) * b[10]
        + ((sp_uint128)a[11]) * b[ 9]
        + ((sp_uint128)a[12]) * b[ 8];
-    r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 9]) * b[12]
        + ((sp_uint128)a[10]) * b[11]
        + ((sp_uint128)a[11]) * b[10]
        + ((sp_uint128)a[12]) * b[ 9];
-    r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[10]) * b[12]
        + ((sp_uint128)a[11]) * b[11]
        + ((sp_uint128)a[12]) * b[10];
-    r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[11]) * b[12]
        + ((sp_uint128)a[12]) * b[11];
-    r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[12]) * b[12];
-    r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
-    r[24] = t0 & 0x1fffffffffffffL;
+    r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
+    r[24] = (sp_digit)(t0 & 0x1fffffffffffffL);
     r[25] = (sp_digit)(t0 >> 53);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -17890,57 +17835,57 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 9]
        +  ((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[10]
        +  ((sp_uint128)a[ 1]) * a[ 9]
        +  ((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[11]
        +  ((sp_uint128)a[ 1]) * a[10]
        +  ((sp_uint128)a[ 2]) * a[ 9]
        +  ((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[12]
        +  ((sp_uint128)a[ 1]) * a[11]
        +  ((sp_uint128)a[ 2]) * a[10]
@@ -17948,62 +17893,62 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a)
        +  ((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 1]) * a[12]
        +  ((sp_uint128)a[ 2]) * a[11]
        +  ((sp_uint128)a[ 3]) * a[10]
        +  ((sp_uint128)a[ 4]) * a[ 9]
        +  ((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 2]) * a[12]
        +  ((sp_uint128)a[ 3]) * a[11]
        +  ((sp_uint128)a[ 4]) * a[10]
        +  ((sp_uint128)a[ 5]) * a[ 9]
        +  ((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 3]) * a[12]
        +  ((sp_uint128)a[ 4]) * a[11]
        +  ((sp_uint128)a[ 5]) * a[10]
        +  ((sp_uint128)a[ 6]) * a[ 9]
        +  ((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 4]) * a[12]
        +  ((sp_uint128)a[ 5]) * a[11]
        +  ((sp_uint128)a[ 6]) * a[10]
        +  ((sp_uint128)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 5]) * a[12]
        +  ((sp_uint128)a[ 6]) * a[11]
        +  ((sp_uint128)a[ 7]) * a[10]
        +  ((sp_uint128)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 6]) * a[12]
        +  ((sp_uint128)a[ 7]) * a[11]
        +  ((sp_uint128)a[ 8]) * a[10]) * 2
        +  ((sp_uint128)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 7]) * a[12]
        +  ((sp_uint128)a[ 8]) * a[11]
        +  ((sp_uint128)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 8]) * a[12]
        +  ((sp_uint128)a[ 9]) * a[11]) * 2
        +  ((sp_uint128)a[10]) * a[10];
-    r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 9]) * a[12]
        +  ((sp_uint128)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[10]) * a[12]) * 2
        +  ((sp_uint128)a[11]) * a[11];
-    r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 =  ((sp_uint128)a[12]) * a[12];
-    r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
-    r[24] = t0 & 0x1fffffffffffffL;
+    r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
+    r[24] = (sp_digit)(t0 & 0x1fffffffffffffL);
     r[25] = (sp_digit)(t0 >> 53);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -18332,29 +18277,29 @@ static void sp_4096_mont_shift_39(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[38] >> 34;
     n += ((sp_int128)a[39]) << 19;
     for (i = 0; i < 32; i += 8) {
-        r[i + 0] = n & 0x1fffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 40]) << 19;
-        r[i + 1] = n & 0x1fffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 41]) << 19;
-        r[i + 2] = n & 0x1fffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 42]) << 19;
-        r[i + 3] = n & 0x1fffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 43]) << 19;
-        r[i + 4] = n & 0x1fffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 44]) << 19;
-        r[i + 5] = n & 0x1fffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 45]) << 19;
-        r[i + 6] = n & 0x1fffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 46]) << 19;
-        r[i + 7] = n & 0x1fffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 47]) << 19;
     }
-    r[32] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[72]) << 19;
-    r[33] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[73]) << 19;
-    r[34] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[74]) << 19;
-    r[35] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[75]) << 19;
-    r[36] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[76]) << 19;
-    r[37] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[77]) << 19;
+    r[32] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[72]) << 19;
+    r[33] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[73]) << 19;
+    r[34] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[74]) << 19;
+    r[35] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[75]) << 19;
+    r[36] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[76]) << 19;
+    r[37] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[77]) << 19;
     r[38] = (sp_digit)n;
     XMEMSET(&r[39], 0, sizeof(*r) * 39U);
 }
@@ -18374,11 +18319,11 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_39(a + 39);
 
     for (i=0; i<38; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_4096_mul_add_39(a+i, m, mu);
         a[i+1] += a[i] >> 53;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL);
     sp_4096_mul_add_39(a+i, m, mu);
     a[i+1] += a[i] >> 53;
     a[i] &= 0x1fffffffffffffL;
@@ -18507,21 +18452,21 @@ SP_NOINLINE static void sp_4096_rshift_39(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (53 - n)) & 0x1fffffffffffffL);
-    r[33] = (a[33] >> n) | ((a[34] << (53 - n)) & 0x1fffffffffffffL);
-    r[34] = (a[34] >> n) | ((a[35] << (53 - n)) & 0x1fffffffffffffL);
-    r[35] = (a[35] >> n) | ((a[36] << (53 - n)) & 0x1fffffffffffffL);
-    r[36] = (a[36] >> n) | ((a[37] << (53 - n)) & 0x1fffffffffffffL);
-    r[37] = (a[37] >> n) | ((a[38] << (53 - n)) & 0x1fffffffffffffL);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (53 - n)) & 0x1fffffffffffffL);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (53 - n)) & 0x1fffffffffffffL);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (53 - n)) & 0x1fffffffffffffL);
+    r[35] = (a[35] >> n) | (sp_digit)((a[36] << (53 - n)) & 0x1fffffffffffffL);
+    r[36] = (a[36] >> n) | (sp_digit)((a[37] << (53 - n)) & 0x1fffffffffffffL);
+    r[37] = (a[37] >> n) | (sp_digit)((a[38] << (53 - n)) & 0x1fffffffffffffL);
     r[38] = a[38] >> n;
 }
 
@@ -18697,8 +18642,7 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18810,14 +18754,13 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(t[0], m, mp);
         n = sp_4096_cmp_39(t[0], m);
-        sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -18901,13 +18844,12 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(t[0], m, mp);
         n = sp_4096_cmp_39(t[0], m);
-        sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19047,13 +18989,12 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(rt, m, mp);
         n = sp_4096_cmp_39(rt, m);
-        sp_4096_cond_sub_39(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_39(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 78);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19217,28 +19158,28 @@ static void sp_4096_mont_shift_78(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[77] >> 15;
     n += ((sp_int128)a[78]) << 38;
     for (i = 0; i < 72; i += 8) {
-        r[i + 0] = n & 0x1fffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 79]) << 38;
-        r[i + 1] = n & 0x1fffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 80]) << 38;
-        r[i + 2] = n & 0x1fffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 81]) << 38;
-        r[i + 3] = n & 0x1fffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 82]) << 38;
-        r[i + 4] = n & 0x1fffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 83]) << 38;
-        r[i + 5] = n & 0x1fffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 84]) << 38;
-        r[i + 6] = n & 0x1fffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 85]) << 38;
-        r[i + 7] = n & 0x1fffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 86]) << 38;
     }
-    r[72] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[151]) << 38;
-    r[73] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[152]) << 38;
-    r[74] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[153]) << 38;
-    r[75] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[154]) << 38;
-    r[76] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[155]) << 38;
+    r[72] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[151]) << 38;
+    r[73] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[152]) << 38;
+    r[74] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[153]) << 38;
+    r[75] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[154]) << 38;
+    r[76] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[155]) << 38;
     r[77] = (sp_digit)n;
     XMEMSET(&r[78], 0, sizeof(*r) * 78U);
 }
@@ -19260,33 +19201,33 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<77; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
             sp_4096_mul_add_78(a+i, m, mu);
             a[i+1] += a[i] >> 53;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
         a[i] &= 0x1fffffffffffffL;
     }
     else {
         for (i=0; i<77; i++) {
-            mu = a[i] & 0x1fffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1fffffffffffffL);
             sp_4096_mul_add_78(a+i, m, mu);
             a[i+1] += a[i] >> 53;
         }
-        mu = a[i] & 0x7fffL;
+        mu = (sp_digit)(a[i] & 0x7fffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
         a[i] &= 0x1fffffffffffffL;
     }
 #else
     for (i=0; i<77; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL);
     sp_4096_mul_add_78(a+i, m, mu);
     a[i+1] += a[i] >> 53;
     a[i] &= 0x1fffffffffffffL;
@@ -19406,20 +19347,20 @@ SP_NOINLINE static void sp_4096_rshift_78(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<72; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
     }
-    r[72] = (a[72] >> n) | ((a[73] << (53 - n)) & 0x1fffffffffffffL);
-    r[73] = (a[73] >> n) | ((a[74] << (53 - n)) & 0x1fffffffffffffL);
-    r[74] = (a[74] >> n) | ((a[75] << (53 - n)) & 0x1fffffffffffffL);
-    r[75] = (a[75] >> n) | ((a[76] << (53 - n)) & 0x1fffffffffffffL);
-    r[76] = (a[76] >> n) | ((a[77] << (53 - n)) & 0x1fffffffffffffL);
+    r[72] = (a[72] >> n) | (sp_digit)((a[73] << (53 - n)) & 0x1fffffffffffffL);
+    r[73] = (a[73] >> n) | (sp_digit)((a[74] << (53 - n)) & 0x1fffffffffffffL);
+    r[74] = (a[74] >> n) | (sp_digit)((a[75] << (53 - n)) & 0x1fffffffffffffL);
+    r[75] = (a[75] >> n) | (sp_digit)((a[76] << (53 - n)) & 0x1fffffffffffffL);
+    r[76] = (a[76] >> n) | (sp_digit)((a[77] << (53 - n)) & 0x1fffffffffffffL);
     r[77] = a[77] >> n;
 }
 
@@ -19595,8 +19536,7 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19711,14 +19651,13 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(t[0], m, mp);
         n = sp_4096_cmp_78(t[0], m);
-        sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
 
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19802,13 +19741,12 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(t[0], m, mp);
         n = sp_4096_cmp_78(t[0], m);
-        sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -19931,13 +19869,12 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(rt, m, mp);
         n = sp_4096_cmp_78(rt, m);
-        sp_4096_cond_sub_78(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_78(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 156);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20058,8 +19995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -20170,8 +20106,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (d != NULL)
-        XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(d, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -20541,7 +20476,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-if (a != NULL)
+    if (a != NULL)
 #endif
     {
         ForceZero(a, sizeof(sp_digit) * 39 * 13);
@@ -20779,160 +20714,160 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[77];
     r[78] = s >> (53U - n);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[77] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[76] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[75] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[74] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[73] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[72] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[71] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[70] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[69] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[68] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[67] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[66] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[65] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[64] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[63] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[62] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[61] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[60] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[59] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[58] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[57] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[56] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[55] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[54] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[53] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[52] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[51] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[50] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[49] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[48] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[47] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[46] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[45] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[44] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[43] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[42] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[41] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[40] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[39] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[38] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[37] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[36] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1fffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -21043,12 +20978,11 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_78(r, m, mp);
         n = sp_4096_cmp_78(r, m);
-        sp_4096_cond_sub_78(r, r, m, ~(n >> 63));
+        sp_4096_cond_sub_78(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -21315,16 +21249,16 @@ SP_NOINLINE static void sp_256_mul_5(sp_digit* r, const sp_digit* a,
                  + ((sp_int128)a[ 4]) * b[ 3];
     sp_int128 t8   = ((sp_int128)a[ 4]) * b[ 4];
 
-    t1   += t0  >> 52; r[ 0] = t0  & 0xfffffffffffffL;
-    t2   += t1  >> 52; r[ 1] = t1  & 0xfffffffffffffL;
-    t3   += t2  >> 52; r[ 2] = t2  & 0xfffffffffffffL;
-    t4   += t3  >> 52; r[ 3] = t3  & 0xfffffffffffffL;
-    t5   += t4  >> 52; r[ 4] = t4  & 0xfffffffffffffL;
-    t6   += t5  >> 52; r[ 5] = t5  & 0xfffffffffffffL;
-    t7   += t6  >> 52; r[ 6] = t6  & 0xfffffffffffffL;
-    t8   += t7  >> 52; r[ 7] = t7  & 0xfffffffffffffL;
+    t1   += t0  >> 52; r[ 0] = (sp_digit)(t0  & 0xfffffffffffffL);
+    t2   += t1  >> 52; r[ 1] = (sp_digit)(t1  & 0xfffffffffffffL);
+    t3   += t2  >> 52; r[ 2] = (sp_digit)(t2  & 0xfffffffffffffL);
+    t4   += t3  >> 52; r[ 3] = (sp_digit)(t3  & 0xfffffffffffffL);
+    t5   += t4  >> 52; r[ 4] = (sp_digit)(t4  & 0xfffffffffffffL);
+    t6   += t5  >> 52; r[ 5] = (sp_digit)(t5  & 0xfffffffffffffL);
+    t7   += t6  >> 52; r[ 6] = (sp_digit)(t6  & 0xfffffffffffffL);
+    t8   += t7  >> 52; r[ 7] = (sp_digit)(t7  & 0xfffffffffffffL);
     r[9] = (sp_digit)(t8 >> 52);
-                       r[8] = t8 & 0xfffffffffffffL;
+                       r[8] = (sp_digit)(t8 & 0xfffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21394,16 +21328,16 @@ SP_NOINLINE static void sp_256_sqr_5(sp_digit* r, const sp_digit* a)
     sp_int128 t7   = (((sp_int128)a[ 3]) * a[ 4]) * 2;
     sp_int128 t8   =  ((sp_int128)a[ 4]) * a[ 4];
 
-    t1   += t0  >> 52; r[ 0] = t0  & 0xfffffffffffffL;
-    t2   += t1  >> 52; r[ 1] = t1  & 0xfffffffffffffL;
-    t3   += t2  >> 52; r[ 2] = t2  & 0xfffffffffffffL;
-    t4   += t3  >> 52; r[ 3] = t3  & 0xfffffffffffffL;
-    t5   += t4  >> 52; r[ 4] = t4  & 0xfffffffffffffL;
-    t6   += t5  >> 52; r[ 5] = t5  & 0xfffffffffffffL;
-    t7   += t6  >> 52; r[ 6] = t6  & 0xfffffffffffffL;
-    t8   += t7  >> 52; r[ 7] = t7  & 0xfffffffffffffL;
+    t1   += t0  >> 52; r[ 0] = (sp_digit)(t0  & 0xfffffffffffffL);
+    t2   += t1  >> 52; r[ 1] = (sp_digit)(t1  & 0xfffffffffffffL);
+    t3   += t2  >> 52; r[ 2] = (sp_digit)(t2  & 0xfffffffffffffL);
+    t4   += t3  >> 52; r[ 3] = (sp_digit)(t3  & 0xfffffffffffffL);
+    t5   += t4  >> 52; r[ 4] = (sp_digit)(t4  & 0xfffffffffffffL);
+    t6   += t5  >> 52; r[ 5] = (sp_digit)(t5  & 0xfffffffffffffL);
+    t7   += t6  >> 52; r[ 6] = (sp_digit)(t6  & 0xfffffffffffffL);
+    t8   += t7  >> 52; r[ 7] = (sp_digit)(t7  & 0xfffffffffffffL);
     r[9] = (sp_digit)(t8 >> 52);
-                       r[8] = t8 & 0xfffffffffffffL;
+                       r[8] = (sp_digit)(t8 & 0xfffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21752,17 +21686,17 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffL);
         t[1] += t[0] >> 52;
-        r[i+1] = t[1] & 0xfffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffL);
         t[2] += t[1] >> 52;
-        r[i+2] = t[2] & 0xfffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffL);
         t[3] += t[2] >> 52;
-        r[i+3] = t[3] & 0xfffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffL);
         t[0]  = t[3] >> 52;
     }
     t[0] += (tb * a[4]) + r[4];
-    r[4] = t[0] & 0xfffffffffffffL;
+    r[4] = (sp_digit)(t[0] & 0xfffffffffffffL);
     r[5] +=  (sp_digit)(t[0] >> 52);
 #else
     sp_int128 tb = b;
@@ -21816,7 +21750,7 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a)
     n = a[4] >> 48;
     for (i = 0; i < 4; i++) {
         n += (sp_uint64)a[5 + i] << 4;
-        r[i] = n & 0xfffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffL);
         n >>= 52;
     }
     n += (sp_uint64)a[9] << 4;
@@ -21825,10 +21759,10 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[4] >> 48;
-    n += (sp_uint64)a[ 5] << 4U; r[ 0] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 6] << 4U; r[ 1] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 7] << 4U; r[ 2] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 8] << 4U; r[ 3] = n & 0xfffffffffffffUL; n >>= 52U;
+    n += (sp_uint64)a[ 5] << 4U; r[ 0] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 6] << 4U; r[ 1] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 7] << 4U; r[ 2] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 8] << 4U; r[ 3] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
     n += (sp_uint64)a[ 9] << 4U; r[ 4] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[5], 0, sizeof(*r) * 5U);
@@ -21849,11 +21783,11 @@ static void sp_256_mont_reduce_order_5(sp_digit* a, const sp_digit* m, sp_digit
     sp_256_norm_5(a + 5);
 
     for (i=0; i<4; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL);
         sp_256_mul_add_5(a+i, m, mu);
         a[i+1] += a[i] >> 52;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL);
     sp_256_mul_add_5(a+i, m, mu);
     a[i+1] += a[i] >> 52;
     a[i] &= 0xfffffffffffffL;
@@ -21879,32 +21813,32 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 4; i++) {
-        am = a[i] & 0xfffffffffffffL;
+        am = (sp_digit)(a[i] & 0xfffffffffffffL);
         /* Fifth word of modulus word */
         t = am; t *= 0x0ffffffff0000L;
 
-        a[i + 1] += (am << 44) & 0xfffffffffffffL;
+        a[i + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL);
         a[i + 2] += am >> 8;
-        a[i + 3] += (am << 36) & 0xfffffffffffffL;
-        a[i + 4] += (am >> 16) + (t & 0xfffffffffffffL);
+        a[i + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL);
+        a[i + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL);
         a[i + 5] +=  t >> 52;
 
         a[i + 1] += a[i] >> 52;
     }
-    am = a[4] & 0xffffffffffff;
+    am = (sp_digit)(a[4] & 0xffffffffffff);
     /* Fifth word of modulus word */
     t = am; t *= 0x0ffffffff0000L;
 
-    a[4 + 1] += (am << 44) & 0xfffffffffffffL;
+    a[4 + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL);
     a[4 + 2] += am >> 8;
-    a[4 + 3] += (am << 36) & 0xfffffffffffffL;
-    a[4 + 4] += (am >> 16) + (t & 0xfffffffffffffL);
+    a[4 + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL);
+    a[4 + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL);
     a[4 + 5] +=  t >> 52;
 
-    a[0] = (a[4] >> 48) + ((a[5] << 4) & 0xfffffffffffffL);
-    a[1] = (a[5] >> 48) + ((a[6] << 4) & 0xfffffffffffffL);
-    a[2] = (a[6] >> 48) + ((a[7] << 4) & 0xfffffffffffffL);
-    a[3] = (a[7] >> 48) + ((a[8] << 4) & 0xfffffffffffffL);
+    a[0] = (a[4] >> 48) + (sp_digit)((a[5] << 4) & 0xfffffffffffffL);
+    a[1] = (a[5] >> 48) + (sp_digit)((a[6] << 4) & 0xfffffffffffffL);
+    a[2] = (a[6] >> 48) + (sp_digit)((a[7] << 4) & 0xfffffffffffffL);
+    a[3] = (a[7] >> 48) + (sp_digit)((a[8] << 4) & 0xfffffffffffffL);
     a[4] = (a[8] >> 48) +  (a[9] << 4);
 
     a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL;
@@ -21917,11 +21851,11 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x000fffffffffffffL & am;
-    a[1] -= 0x00000fffffffffffL & am;
+    a[0] -= (sp_digit)(0x000fffffffffffffL & am);
+    a[1] -= (sp_digit)(0x00000fffffffffffL & am);
     /* p256_mod[2] is zero */
-    a[3] -= 0x0000001000000000L & am;
-    a[4] -= 0x0000ffffffff0000L & am;
+    a[3] -= (sp_digit)(0x0000001000000000L & am);
+    a[4] -= (sp_digit)(0x0000ffffffff0000L & am);
 
     a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL;
     a[2] += a[1] >> 52; a[1] &= 0xfffffffffffffL;
@@ -21980,7 +21914,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_5(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -22079,7 +22013,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_5(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_5(r->x, p256_mod);
-    sp_256_cond_sub_5(r->x, r->x, p256_mod, ~(n >> 51));
+    sp_256_cond_sub_5(r->x, r->x, p256_mod, (sp_digit)~(n >> 51));
     sp_256_norm_5(r->x);
 
     /* y /= z^3 */
@@ -22088,7 +22022,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_5(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_5(r->y, p256_mod);
-    sp_256_cond_sub_5(r->y, r->y, p256_mod, ~(n >> 51));
+    sp_256_cond_sub_5(r->y, r->y, p256_mod, (sp_digit)~(n >> 51));
     sp_256_norm_5(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -22218,13 +22152,13 @@ SP_NOINLINE static void sp_256_rshift1_5(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<4; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 51) & 0xfffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 51) & 0xfffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 51) & 0xfffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 51) & 0xfffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 51) & 0xfffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 51) & 0xfffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 51) & 0xfffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 51) & 0xfffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 51) & 0xfffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 51) & 0xfffffffffffffL);
 #endif
     r[4] = a[4] >> 1;
 }
@@ -22533,8 +22467,8 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
         sp_256_mont_sub_5(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22551,7 +22485,7 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -22725,8 +22659,8 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22743,7 +22677,7 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -22862,8 +22796,7 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23388,13 +23321,13 @@ static void sp_256_proj_point_add_sub_5(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_5_6[66] = {
+static const word8 recode_index_5_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -23403,7 +23336,7 @@ static const uint8_t recode_index_5_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_5_6[66] = {
+static const word8 recode_neg_5_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -23421,7 +23354,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -23430,7 +23363,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 52) {
             y &= 0x3f;
             n >>= 6;
@@ -23444,12 +23377,12 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 5) {
             n = k[j];
-            y |= (uint8_t)((n << (52 - o)) & 0x3f);
+            y |= (word8)((n << (52 - o)) & 0x3f);
             o -= 46;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_5_6[y];
         v[i].neg = recode_neg_5_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -23485,7 +23418,7 @@ static void sp_256_get_point_33_5(sp_point_256* r, const sp_point_256* table,
     r->z[3] = 0;
     r->z[4] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23640,10 +23573,8 @@ static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23709,8 +23640,8 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r,
         sp_256_mont_sub_5(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -23727,7 +23658,7 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -23838,8 +23769,7 @@ static int sp_256_gen_stripe_table_5(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -23870,7 +23800,7 @@ static void sp_256_get_entry_256_5(sp_point_256* r,
     r->y[3] = 0;
     r->y[4] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23991,10 +23921,8 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24014,7 +23942,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -24027,8 +23955,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -24040,7 +23970,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -24126,10 +24056,12 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -24208,10 +24140,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24288,10 +24218,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25677,10 +25605,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25755,10 +25681,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -25822,6 +25746,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -25838,6 +25763,11 @@ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -25916,12 +25846,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26104,10 +26031,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26174,23 +26099,23 @@ SP_NOINLINE static void sp_256_rshift_5(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<4; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL);
     }
 #else
     for (i=0; i<0; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (52 - n)) & 0xfffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (52 - n)) & 0xfffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (52 - n)) & 0xfffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (52 - n)) & 0xfffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (52 - n)) & 0xfffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (52 - n)) & 0xfffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (52 - n)) & 0xfffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (52 - n)) & 0xfffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (52 - n)) & 0xfffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (52 - n)) & 0xfffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (52 - n)) & 0xfffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (52 - n)) & 0xfffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (52 - n)) & 0xfffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (52 - n)) & 0xfffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (52 - n)) & 0xfffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (52 - n)) & 0xfffffffffffffL);
     }
-    r[0] = (a[0] >> n) | ((a[1] << (52 - n)) & 0xfffffffffffffL);
-    r[1] = (a[1] >> n) | ((a[2] << (52 - n)) & 0xfffffffffffffL);
-    r[2] = (a[2] >> n) | ((a[3] << (52 - n)) & 0xfffffffffffffL);
-    r[3] = (a[3] >> n) | ((a[4] << (52 - n)) & 0xfffffffffffffL);
+    r[0] = (a[0] >> n) | (sp_digit)((a[1] << (52 - n)) & 0xfffffffffffffL);
+    r[1] = (a[1] >> n) | (sp_digit)((a[2] << (52 - n)) & 0xfffffffffffffL);
+    r[2] = (a[2] >> n) | (sp_digit)((a[3] << (52 - n)) & 0xfffffffffffffL);
+    r[3] = (a[3] >> n) | (sp_digit)((a[4] << (52 - n)) & 0xfffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[4] = a[4] >> n;
 }
@@ -26241,7 +26166,7 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a,
 
     r[10] = a[9] >> (52 - n);
     for (i=9; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -26250,25 +26175,25 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[9];
     r[10] = s >> (52U - n);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0xfffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -26338,8 +26263,7 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -26374,7 +26298,7 @@ static void sp_256_mont_mul_order_5(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
@@ -26939,7 +26863,7 @@ static int sp_256_num_bits_52_5(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_256_tab64_5[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_256_tab64_5[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_256_num_bits_5(const sp_digit* a)
@@ -27069,8 +26993,7 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 5);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27274,10 +27197,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27484,8 +27405,7 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27524,8 +27444,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27633,10 +27552,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27715,10 +27632,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27783,10 +27698,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27847,10 +27760,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27916,8 +27827,7 @@ static int sp_256_mont_sqrt_5(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27982,8 +27892,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -28173,20 +28082,20 @@ SP_NOINLINE static void sp_384_mul_7(sp_digit* r, const sp_digit* a,
                  + ((sp_int128)a[ 6]) * b[ 5];
     sp_int128 t12  = ((sp_int128)a[ 6]) * b[ 6];
 
-    t1   += t0  >> 55; r[ 0] = t0  & 0x7fffffffffffffL;
-    t2   += t1  >> 55; r[ 1] = t1  & 0x7fffffffffffffL;
-    t3   += t2  >> 55; r[ 2] = t2  & 0x7fffffffffffffL;
-    t4   += t3  >> 55; r[ 3] = t3  & 0x7fffffffffffffL;
-    t5   += t4  >> 55; r[ 4] = t4  & 0x7fffffffffffffL;
-    t6   += t5  >> 55; r[ 5] = t5  & 0x7fffffffffffffL;
-    t7   += t6  >> 55; r[ 6] = t6  & 0x7fffffffffffffL;
-    t8   += t7  >> 55; r[ 7] = t7  & 0x7fffffffffffffL;
-    t9   += t8  >> 55; r[ 8] = t8  & 0x7fffffffffffffL;
-    t10  += t9  >> 55; r[ 9] = t9  & 0x7fffffffffffffL;
-    t11  += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL;
-    t12  += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL;
+    t1   += t0  >> 55; r[ 0] = (sp_digit)(t0  & 0x7fffffffffffffL);
+    t2   += t1  >> 55; r[ 1] = (sp_digit)(t1  & 0x7fffffffffffffL);
+    t3   += t2  >> 55; r[ 2] = (sp_digit)(t2  & 0x7fffffffffffffL);
+    t4   += t3  >> 55; r[ 3] = (sp_digit)(t3  & 0x7fffffffffffffL);
+    t5   += t4  >> 55; r[ 4] = (sp_digit)(t4  & 0x7fffffffffffffL);
+    t6   += t5  >> 55; r[ 5] = (sp_digit)(t5  & 0x7fffffffffffffL);
+    t7   += t6  >> 55; r[ 6] = (sp_digit)(t6  & 0x7fffffffffffffL);
+    t8   += t7  >> 55; r[ 7] = (sp_digit)(t7  & 0x7fffffffffffffL);
+    t9   += t8  >> 55; r[ 8] = (sp_digit)(t8  & 0x7fffffffffffffL);
+    t10  += t9  >> 55; r[ 9] = (sp_digit)(t9  & 0x7fffffffffffffL);
+    t11  += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL);
+    t12  += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL);
     r[13] = (sp_digit)(t12 >> 55);
-                       r[12] = t12 & 0x7fffffffffffffL;
+                       r[12] = (sp_digit)(t12 & 0x7fffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28269,20 +28178,20 @@ SP_NOINLINE static void sp_384_sqr_7(sp_digit* r, const sp_digit* a)
     sp_int128 t11  = (((sp_int128)a[ 5]) * a[ 6]) * 2;
     sp_int128 t12  =  ((sp_int128)a[ 6]) * a[ 6];
 
-    t1   += t0  >> 55; r[ 0] = t0  & 0x7fffffffffffffL;
-    t2   += t1  >> 55; r[ 1] = t1  & 0x7fffffffffffffL;
-    t3   += t2  >> 55; r[ 2] = t2  & 0x7fffffffffffffL;
-    t4   += t3  >> 55; r[ 3] = t3  & 0x7fffffffffffffL;
-    t5   += t4  >> 55; r[ 4] = t4  & 0x7fffffffffffffL;
-    t6   += t5  >> 55; r[ 5] = t5  & 0x7fffffffffffffL;
-    t7   += t6  >> 55; r[ 6] = t6  & 0x7fffffffffffffL;
-    t8   += t7  >> 55; r[ 7] = t7  & 0x7fffffffffffffL;
-    t9   += t8  >> 55; r[ 8] = t8  & 0x7fffffffffffffL;
-    t10  += t9  >> 55; r[ 9] = t9  & 0x7fffffffffffffL;
-    t11  += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL;
-    t12  += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL;
+    t1   += t0  >> 55; r[ 0] = (sp_digit)(t0  & 0x7fffffffffffffL);
+    t2   += t1  >> 55; r[ 1] = (sp_digit)(t1  & 0x7fffffffffffffL);
+    t3   += t2  >> 55; r[ 2] = (sp_digit)(t2  & 0x7fffffffffffffL);
+    t4   += t3  >> 55; r[ 3] = (sp_digit)(t3  & 0x7fffffffffffffL);
+    t5   += t4  >> 55; r[ 4] = (sp_digit)(t4  & 0x7fffffffffffffL);
+    t6   += t5  >> 55; r[ 5] = (sp_digit)(t5  & 0x7fffffffffffffL);
+    t7   += t6  >> 55; r[ 6] = (sp_digit)(t6  & 0x7fffffffffffffL);
+    t8   += t7  >> 55; r[ 7] = (sp_digit)(t7  & 0x7fffffffffffffL);
+    t9   += t8  >> 55; r[ 8] = (sp_digit)(t8  & 0x7fffffffffffffL);
+    t10  += t9  >> 55; r[ 9] = (sp_digit)(t9  & 0x7fffffffffffffL);
+    t11  += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL);
+    t12  += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL);
     r[13] = (sp_digit)(t12 >> 55);
-                       r[12] = t12 & 0x7fffffffffffffL;
+                       r[12] = (sp_digit)(t12 & 0x7fffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28639,23 +28548,23 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7fffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7fffffffffffffL);
         t[1] += t[0] >> 55;
-        r[i+1] = t[1] & 0x7fffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7fffffffffffffL);
         t[2] += t[1] >> 55;
-        r[i+2] = t[2] & 0x7fffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7fffffffffffffL);
         t[3] += t[2] >> 55;
-        r[i+3] = t[3] & 0x7fffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7fffffffffffffL);
         t[0]  = t[3] >> 55;
     }
     t[0] += (tb * a[4]) + r[4];
     t[1]  = (tb * a[5]) + r[5];
     t[2]  = (tb * a[6]) + r[6];
-    r[4] = t[0] & 0x7fffffffffffffL;
+    r[4] = (sp_digit)(t[0] & 0x7fffffffffffffL);
     t[1] += t[0] >> 55;
-    r[5] = t[1] & 0x7fffffffffffffL;
+    r[5] = (sp_digit)(t[1] & 0x7fffffffffffffL);
     t[2] += t[1] >> 55;
-    r[6] = t[2] & 0x7fffffffffffffL;
+    r[6] = (sp_digit)(t[2] & 0x7fffffffffffffL);
     r[7] +=  (sp_digit)(t[2] >> 55);
 #else
     sp_int128 tb = b;
@@ -28715,7 +28624,7 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a)
     n = a[6] >> 54;
     for (i = 0; i < 6; i++) {
         n += (sp_uint64)a[7 + i] << 1;
-        r[i] = n & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7fffffffffffffL);
         n >>= 55;
     }
     n += (sp_uint64)a[13] << 1;
@@ -28724,12 +28633,12 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[6] >> 54;
-    n += (sp_uint64)a[ 7] << 1U; r[ 0] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[ 8] << 1U; r[ 1] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[ 9] << 1U; r[ 2] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[10] << 1U; r[ 3] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[11] << 1U; r[ 4] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[12] << 1U; r[ 5] = n & 0x7fffffffffffffUL; n >>= 55U;
+    n += (sp_uint64)a[ 7] << 1U; r[ 0] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[ 8] << 1U; r[ 1] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[ 9] << 1U; r[ 2] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[10] << 1U; r[ 3] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[11] << 1U; r[ 4] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[12] << 1U; r[ 5] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
     n += (sp_uint64)a[13] << 1U; r[ 6] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[7], 0, sizeof(*r) * 7U);
@@ -28750,11 +28659,11 @@ static void sp_384_mont_reduce_order_7(sp_digit* a, const sp_digit* m, sp_digit
     sp_384_norm_7(a + 7);
 
     for (i=0; i<6; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL);
         sp_384_mul_add_7(a+i, m, mu);
         a[i+1] += a[i] >> 55;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL);
     sp_384_mul_add_7(a+i, m, mu);
     a[i+1] += a[i] >> 55;
     a[i] &= 0x7fffffffffffffL;
@@ -28779,30 +28688,30 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 6; i++) {
-        am = (a[i] * 0x100000001) & 0x7fffffffffffffL;
-        a[i + 0] += (am << 32) & 0x7fffffffffffffL;
-        a[i + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL);
-        a[i + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL);
+        am = (sp_digit)((a[i] * 0x100000001) & 0x7fffffffffffffL);
+        a[i + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL);
+        a[i + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL);
+        a[i + 2] += -(am >> 14) - ((sp_digit)(am << 18) & 0x7fffffffffffffL);
         a[i + 3] += -(am >> 37);
-        a[i + 6] += (am << 54) & 0x7fffffffffffffL;
+        a[i + 6] += ((sp_digit)(am << 54) & 0x7fffffffffffffL);
         a[i + 7] += am >> 1;
 
         a[i + 1] += a[i] >> 55;
     }
-    am = (a[6] * 0x100000001) & 0x3fffffffffffff;
-    a[6 + 0] += (am << 32) & 0x7fffffffffffffL;
-    a[6 + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL);
-    a[6 + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL);
+    am = (sp_digit)((a[6] * 0x100000001) & 0x3fffffffffffff);
+    a[6 + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL);
+    a[6 + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL);
+    a[6 + 2] += -(am >> 14) - (sp_digit)((am << 18) & 0x7fffffffffffffL);
     a[6 + 3] += -(am >> 37);
-    a[6 + 6] += (am << 54) & 0x7fffffffffffffL;
+    a[6 + 6] += (sp_digit)((am << 54) & 0x7fffffffffffffL);
     a[6 + 7] += am >> 1;
 
-    a[0] = (a[6] >> 54) + ((a[7] << 1) & 0x7fffffffffffffL);
-    a[1] = (a[7] >> 54) + ((a[8] << 1) & 0x7fffffffffffffL);
-    a[2] = (a[8] >> 54) + ((a[9] << 1) & 0x7fffffffffffffL);
-    a[3] = (a[9] >> 54) + ((a[10] << 1) & 0x7fffffffffffffL);
-    a[4] = (a[10] >> 54) + ((a[11] << 1) & 0x7fffffffffffffL);
-    a[5] = (a[11] >> 54) + ((a[12] << 1) & 0x7fffffffffffffL);
+    a[0] = (a[6] >> 54) + (sp_digit)((a[7] << 1) & 0x7fffffffffffffL);
+    a[1] = (a[7] >> 54) + (sp_digit)((a[8] << 1) & 0x7fffffffffffffL);
+    a[2] = (a[8] >> 54) + (sp_digit)((a[9] << 1) & 0x7fffffffffffffL);
+    a[3] = (a[9] >> 54) + (sp_digit)((a[10] << 1) & 0x7fffffffffffffL);
+    a[4] = (a[10] >> 54) + (sp_digit)((a[11] << 1) & 0x7fffffffffffffL);
+    a[5] = (a[11] >> 54) + (sp_digit)((a[12] << 1) & 0x7fffffffffffffL);
     a[6] = (a[12] >> 54) +  (a[13] << 1);
 
     a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL;
@@ -28817,13 +28726,13 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x00000000ffffffffL & am;
-    a[1] -= 0x007ffe0000000000L & am;
-    a[2] -= 0x007ffffffffbffffL & am;
-    a[3] -= 0x007fffffffffffffL & am;
-    a[4] -= 0x007fffffffffffffL & am;
-    a[5] -= 0x007fffffffffffffL & am;
-    a[6] -= 0x003fffffffffffffL & am;
+    a[0] -= (sp_digit)(0x00000000ffffffffL & am);
+    a[1] -= (sp_digit)(0x007ffe0000000000L & am);
+    a[2] -= (sp_digit)(0x007ffffffffbffffL & am);
+    a[3] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[4] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[5] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[6] -= (sp_digit)(0x003fffffffffffffL & am);
 
     a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL;
     a[2] += a[1] >> 55; a[1] &= 0x7fffffffffffffL;
@@ -28884,7 +28793,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_7(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -28999,7 +28908,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_7(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_7(r->x, p384_mod);
-    sp_384_cond_sub_7(r->x, r->x, p384_mod, ~(n >> 54));
+    sp_384_cond_sub_7(r->x, r->x, p384_mod, (sp_digit)~(n >> 54));
     sp_384_norm_7(r->x);
 
     /* y /= z^3 */
@@ -29008,7 +28917,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_7(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_7(r->y, p384_mod);
-    sp_384_cond_sub_7(r->y, r->y, p384_mod, ~(n >> 54));
+    sp_384_cond_sub_7(r->y, r->y, p384_mod, (sp_digit)~(n >> 54));
     sp_384_norm_7(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29140,15 +29049,15 @@ SP_NOINLINE static void sp_384_rshift1_7(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<6; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 54) & 0x7fffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 54) & 0x7fffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 54) & 0x7fffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 54) & 0x7fffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 54) & 0x7fffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 54) & 0x7fffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 54) & 0x7fffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 54) & 0x7fffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 54) & 0x7fffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 54) & 0x7fffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 54) & 0x7fffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 54) & 0x7fffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 54) & 0x7fffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 54) & 0x7fffffffffffffL);
 #endif
     r[6] = a[6] >> 1;
 }
@@ -29458,8 +29367,8 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
         sp_384_mont_sub_7(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29476,7 +29385,7 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29650,8 +29559,8 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29668,7 +29577,7 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29819,8 +29728,7 @@ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30349,13 +30257,13 @@ static void sp_384_proj_point_add_sub_7(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_7_6[66] = {
+static const word8 recode_index_7_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -30364,7 +30272,7 @@ static const uint8_t recode_index_7_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_7_6[66] = {
+static const word8 recode_neg_7_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -30382,7 +30290,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -30391,7 +30299,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 55) {
             y &= 0x3f;
             n >>= 6;
@@ -30405,12 +30313,12 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 7) {
             n = k[j];
-            y |= (uint8_t)((n << (55 - o)) & 0x3f);
+            y |= (word8)((n << (55 - o)) & 0x3f);
             o -= 49;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_7_6[y];
         v[i].neg = recode_neg_7_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -30452,7 +30360,7 @@ static void sp_384_get_point_33_7(sp_point_384* r, const sp_point_384* table,
     r->z[5] = 0;
     r->z[6] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30613,10 +30521,8 @@ static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30682,8 +30588,8 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r,
         sp_384_mont_sub_7(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30700,7 +30606,7 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30811,8 +30717,7 @@ static int sp_384_gen_stripe_table_7(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30847,7 +30752,7 @@ static void sp_384_get_entry_256_7(sp_point_384* r,
     r->y[5] = 0;
     r->y[6] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30972,10 +30877,8 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30995,7 +30898,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -31008,8 +30911,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -31021,7 +30926,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -31107,10 +31012,12 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -31189,10 +31096,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -31269,10 +31174,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33168,10 +33071,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33246,10 +33147,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33313,6 +33212,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -33329,6 +33229,11 @@ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -33407,12 +33312,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33595,10 +33497,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -33665,25 +33565,25 @@ SP_NOINLINE static void sp_384_rshift_7(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<6; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL);
     }
 #else
     for (i=0; i<0; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (55 - n)) & 0x7fffffffffffffL);
     }
-    r[0] = (a[0] >> n) | ((a[1] << (55 - n)) & 0x7fffffffffffffL);
-    r[1] = (a[1] >> n) | ((a[2] << (55 - n)) & 0x7fffffffffffffL);
-    r[2] = (a[2] >> n) | ((a[3] << (55 - n)) & 0x7fffffffffffffL);
-    r[3] = (a[3] >> n) | ((a[4] << (55 - n)) & 0x7fffffffffffffL);
-    r[4] = (a[4] >> n) | ((a[5] << (55 - n)) & 0x7fffffffffffffL);
-    r[5] = (a[5] >> n) | ((a[6] << (55 - n)) & 0x7fffffffffffffL);
+    r[0] = (a[0] >> n) | (sp_digit)((a[1] << (55 - n)) & 0x7fffffffffffffL);
+    r[1] = (a[1] >> n) | (sp_digit)((a[2] << (55 - n)) & 0x7fffffffffffffL);
+    r[2] = (a[2] >> n) | (sp_digit)((a[3] << (55 - n)) & 0x7fffffffffffffL);
+    r[3] = (a[3] >> n) | (sp_digit)((a[4] << (55 - n)) & 0x7fffffffffffffL);
+    r[4] = (a[4] >> n) | (sp_digit)((a[5] << (55 - n)) & 0x7fffffffffffffL);
+    r[5] = (a[5] >> n) | (sp_digit)((a[6] << (55 - n)) & 0x7fffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[6] = a[6] >> n;
 }
@@ -33738,7 +33638,7 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a,
 
     r[14] = a[13] >> (55 - n);
     for (i=13; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -33747,33 +33647,33 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[13];
     r[14] = s >> (55U - n);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x7fffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x7fffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -33837,8 +33737,7 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -33873,13 +33772,13 @@ static void sp_384_mont_mul_order_7(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -34405,7 +34304,7 @@ static int sp_384_num_bits_55_7(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_384_tab64_7[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_384_tab64_7[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_384_num_bits_7(const sp_digit* a)
@@ -34535,8 +34434,7 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 7);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34742,10 +34640,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34952,8 +34848,7 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -34992,8 +34887,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35101,10 +34995,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35183,10 +35075,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35251,10 +35141,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35315,10 +35203,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35414,8 +35300,7 @@ static int sp_384_mont_sqrt_7(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35480,8 +35365,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -35637,29 +35521,29 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int128)a[ 0]) * b[ 0];
     t1 = ((sp_int128)a[ 0]) * b[ 1]
        + ((sp_int128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 2]
        + ((sp_int128)a[ 1]) * b[ 1]
        + ((sp_int128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 3]
        + ((sp_int128)a[ 1]) * b[ 2]
        + ((sp_int128)a[ 2]) * b[ 1]
        + ((sp_int128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 4]
        + ((sp_int128)a[ 1]) * b[ 3]
        + ((sp_int128)a[ 2]) * b[ 2]
        + ((sp_int128)a[ 3]) * b[ 1]
        + ((sp_int128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 5]
        + ((sp_int128)a[ 1]) * b[ 4]
        + ((sp_int128)a[ 2]) * b[ 3]
        + ((sp_int128)a[ 3]) * b[ 2]
        + ((sp_int128)a[ 4]) * b[ 1]
        + ((sp_int128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 6]
        + ((sp_int128)a[ 1]) * b[ 5]
        + ((sp_int128)a[ 2]) * b[ 4]
@@ -35667,7 +35551,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 4]) * b[ 2]
        + ((sp_int128)a[ 5]) * b[ 1]
        + ((sp_int128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 7]
        + ((sp_int128)a[ 1]) * b[ 6]
        + ((sp_int128)a[ 2]) * b[ 5]
@@ -35676,7 +35560,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 5]) * b[ 2]
        + ((sp_int128)a[ 6]) * b[ 1]
        + ((sp_int128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 8]
        + ((sp_int128)a[ 1]) * b[ 7]
        + ((sp_int128)a[ 2]) * b[ 6]
@@ -35686,7 +35570,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 2]
        + ((sp_int128)a[ 7]) * b[ 1]
        + ((sp_int128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 1]) * b[ 8]
        + ((sp_int128)a[ 2]) * b[ 7]
        + ((sp_int128)a[ 3]) * b[ 6]
@@ -35695,7 +35579,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 3]
        + ((sp_int128)a[ 7]) * b[ 2]
        + ((sp_int128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 2]) * b[ 8]
        + ((sp_int128)a[ 3]) * b[ 7]
        + ((sp_int128)a[ 4]) * b[ 6]
@@ -35703,35 +35587,35 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 4]
        + ((sp_int128)a[ 7]) * b[ 3]
        + ((sp_int128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 3]) * b[ 8]
        + ((sp_int128)a[ 4]) * b[ 7]
        + ((sp_int128)a[ 5]) * b[ 6]
        + ((sp_int128)a[ 6]) * b[ 5]
        + ((sp_int128)a[ 7]) * b[ 4]
        + ((sp_int128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 4]) * b[ 8]
        + ((sp_int128)a[ 5]) * b[ 7]
        + ((sp_int128)a[ 6]) * b[ 6]
        + ((sp_int128)a[ 7]) * b[ 5]
        + ((sp_int128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 5]) * b[ 8]
        + ((sp_int128)a[ 6]) * b[ 7]
        + ((sp_int128)a[ 7]) * b[ 6]
        + ((sp_int128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 6]) * b[ 8]
        + ((sp_int128)a[ 7]) * b[ 7]
        + ((sp_int128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 7]) * b[ 8]
        + ((sp_int128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
-    r[16] = t0 & 0x3ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
+    r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 58);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -35793,66 +35677,66 @@ SP_NOINLINE static void sp_521_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int128)a[ 0]) * a[ 0];
     t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2
        +  ((sp_int128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 3]
        +  ((sp_int128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 4]
        +  ((sp_int128)a[ 1]) * a[ 3]) * 2
        +  ((sp_int128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 5]
        +  ((sp_int128)a[ 1]) * a[ 4]
        +  ((sp_int128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 6]
        +  ((sp_int128)a[ 1]) * a[ 5]
        +  ((sp_int128)a[ 2]) * a[ 4]) * 2
        +  ((sp_int128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 7]
        +  ((sp_int128)a[ 1]) * a[ 6]
        +  ((sp_int128)a[ 2]) * a[ 5]
        +  ((sp_int128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 8]
        +  ((sp_int128)a[ 1]) * a[ 7]
        +  ((sp_int128)a[ 2]) * a[ 6]
        +  ((sp_int128)a[ 3]) * a[ 5]) * 2
        +  ((sp_int128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 1]) * a[ 8]
        +  ((sp_int128)a[ 2]) * a[ 7]
        +  ((sp_int128)a[ 3]) * a[ 6]
        +  ((sp_int128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 2]) * a[ 8]
        +  ((sp_int128)a[ 3]) * a[ 7]
        +  ((sp_int128)a[ 4]) * a[ 6]) * 2
        +  ((sp_int128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 3]) * a[ 8]
        +  ((sp_int128)a[ 4]) * a[ 7]
        +  ((sp_int128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 4]) * a[ 8]
        +  ((sp_int128)a[ 5]) * a[ 7]) * 2
        +  ((sp_int128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 5]) * a[ 8]
        +  ((sp_int128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2
        +  ((sp_int128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 =  ((sp_int128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
-    r[16] = t0 & 0x3ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
+    r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 58);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -36176,10 +36060,10 @@ static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 8; i++) {
-        a[i] += ((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL;
+        a[i] += (sp_digit)(((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL);
     }
     a[8] &= 0x1ffffffffffffff;
-    a[8] += ((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL;
+    a[8] += (sp_digit)(((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL);
 
     sp_521_norm_9(a);
 
@@ -36268,17 +36152,17 @@ SP_NOINLINE static void sp_521_mul_add_9(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x3ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffffffffffffL);
         t[1] += t[0] >> 58;
-        r[i+1] = t[1] & 0x3ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffffffffffffL);
         t[2] += t[1] >> 58;
-        r[i+2] = t[2] & 0x3ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffffffffffffL);
         t[3] += t[2] >> 58;
-        r[i+3] = t[3] & 0x3ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffffffffffffL);
         t[0]  = t[3] >> 58;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x3ffffffffffffffL;
+    r[8] = (sp_digit)(t[0] & 0x3ffffffffffffffL);
     r[9] +=  (sp_digit)(t[0] >> 58);
 #else
     sp_int128 tb = b;
@@ -36320,7 +36204,7 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a)
     n = a[8] >> 57;
     for (i = 0; i < 8; i++) {
         n += (sp_uint64)a[9 + i] << 1;
-        r[i] = n & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x3ffffffffffffffL);
         n >>= 58;
     }
     n += (sp_uint64)a[17] << 1;
@@ -36329,14 +36213,14 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[8] >> 57;
-    n += (sp_uint64)a[ 9] << 1U; r[ 0] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[10] << 1U; r[ 1] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[11] << 1U; r[ 2] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[12] << 1U; r[ 3] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[13] << 1U; r[ 4] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[14] << 1U; r[ 5] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[15] << 1U; r[ 6] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[16] << 1U; r[ 7] = n & 0x3ffffffffffffffUL; n >>= 58U;
+    n += (sp_uint64)a[ 9] << 1U; r[ 0] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[10] << 1U; r[ 1] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[11] << 1U; r[ 2] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[12] << 1U; r[ 3] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[13] << 1U; r[ 4] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[14] << 1U; r[ 5] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[15] << 1U; r[ 6] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[16] << 1U; r[ 7] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
     n += (sp_uint64)a[17] << 1U; r[ 8] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[9], 0, sizeof(*r) * 9U);
@@ -36357,11 +36241,11 @@ static void sp_521_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit
     sp_521_norm_9(a + 9);
 
     for (i=0; i<8; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL);
         sp_521_mul_add_9(a+i, m, mu);
         a[i+1] += a[i] >> 58;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
     sp_521_mul_add_9(a+i, m, mu);
     a[i+1] += a[i] >> 58;
     a[i] &= 0x3ffffffffffffffL;
@@ -36422,7 +36306,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -36534,7 +36418,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 57));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 57));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -36543,7 +36427,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 57));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 57));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -36677,17 +36561,17 @@ SP_NOINLINE static void sp_521_rshift1_9(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<8; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 57) & 0x3ffffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 57) & 0x3ffffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 57) & 0x3ffffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 57) & 0x3ffffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 57) & 0x3ffffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 57) & 0x3ffffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 57) & 0x3ffffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 57) & 0x3ffffffffffffffL);
-    r[6] = (a[6] >> 1) + ((a[7] << 57) & 0x3ffffffffffffffL);
-    r[7] = (a[7] >> 1) + ((a[8] << 57) & 0x3ffffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 57) & 0x3ffffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 57) & 0x3ffffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 57) & 0x3ffffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 57) & 0x3ffffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 57) & 0x3ffffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 57) & 0x3ffffffffffffffL);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 57) & 0x3ffffffffffffffL);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 57) & 0x3ffffffffffffffL);
 #endif
     r[8] = a[8] >> 1;
 }
@@ -36998,8 +36882,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37016,7 +36900,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -37190,8 +37074,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37208,7 +37092,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -37770,13 +37654,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -37785,7 +37669,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -37803,7 +37687,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -37812,7 +37696,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 58) {
             y &= 0x3f;
             n >>= 6;
@@ -37826,12 +37710,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (58 - o)) & 0x3f);
+            y |= (word8)((n << (58 - o)) & 0x3f);
             o -= 52;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -37879,7 +37763,7 @@ static void sp_521_get_point_33_9(sp_point_521* r, const sp_point_521* table,
     r->z[7] = 0;
     r->z[8] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38046,10 +37930,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38115,8 +37997,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -38133,7 +38015,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -38244,8 +38126,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38284,7 +38165,7 @@ static void sp_521_get_entry_256_9(sp_point_521* r,
     r->y[7] = 0;
     r->y[8] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38413,10 +38294,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38436,7 +38315,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -38449,8 +38328,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -38462,7 +38343,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -38548,10 +38429,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -38630,10 +38513,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38710,10 +38591,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40609,10 +40488,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40687,10 +40564,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40754,6 +40629,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -40771,6 +40647,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -40849,12 +40730,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41037,10 +40915,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41105,18 +40981,18 @@ SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<8; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
     }
 #endif /* WOLFSSL_SP_SMALL */
     r[8] = a[8] >> n;
@@ -41178,7 +41054,7 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a,
 
     r[18] = a[17] >> (58 - n);
     for (i=17; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -41187,41 +41063,41 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[17];
     r[18] = s >> (58U - n);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x3ffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -41285,8 +41161,7 @@ static int sp_521_div_9(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -41321,14 +41196,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -41878,7 +41753,7 @@ static int sp_521_num_bits_58_9(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_521_tab64_9[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_521_tab64_9[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_521_num_bits_9(const sp_digit* a)
@@ -42008,8 +41883,7 @@ static int sp_521_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m)
             XMEMCPY(r, d, sizeof(sp_digit) * 9);
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u != NULL)
-        XFREE(u, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(u, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42222,10 +42096,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42436,8 +42308,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42476,8 +42347,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42585,10 +42455,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42667,10 +42535,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42735,10 +42601,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42799,10 +42663,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42810,7 +42672,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -42852,8 +42714,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42918,8 +42779,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -42958,29 +42818,29 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int128)a[ 0]) * b[ 0];
     t1 = ((sp_int128)a[ 0]) * b[ 1]
        + ((sp_int128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 2]
        + ((sp_int128)a[ 1]) * b[ 1]
        + ((sp_int128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 3]
        + ((sp_int128)a[ 1]) * b[ 2]
        + ((sp_int128)a[ 2]) * b[ 1]
        + ((sp_int128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 4]
        + ((sp_int128)a[ 1]) * b[ 3]
        + ((sp_int128)a[ 2]) * b[ 2]
        + ((sp_int128)a[ 3]) * b[ 1]
        + ((sp_int128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 5]
        + ((sp_int128)a[ 1]) * b[ 4]
        + ((sp_int128)a[ 2]) * b[ 3]
        + ((sp_int128)a[ 3]) * b[ 2]
        + ((sp_int128)a[ 4]) * b[ 1]
        + ((sp_int128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 6]
        + ((sp_int128)a[ 1]) * b[ 5]
        + ((sp_int128)a[ 2]) * b[ 4]
@@ -42988,7 +42848,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 4]) * b[ 2]
        + ((sp_int128)a[ 5]) * b[ 1]
        + ((sp_int128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 7]
        + ((sp_int128)a[ 1]) * b[ 6]
        + ((sp_int128)a[ 2]) * b[ 5]
@@ -42997,7 +42857,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 5]) * b[ 2]
        + ((sp_int128)a[ 6]) * b[ 1]
        + ((sp_int128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 8]
        + ((sp_int128)a[ 1]) * b[ 7]
        + ((sp_int128)a[ 2]) * b[ 6]
@@ -43007,7 +42867,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 2]
        + ((sp_int128)a[ 7]) * b[ 1]
        + ((sp_int128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 1]) * b[ 8]
        + ((sp_int128)a[ 2]) * b[ 7]
        + ((sp_int128)a[ 3]) * b[ 6]
@@ -43016,7 +42876,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 3]
        + ((sp_int128)a[ 7]) * b[ 2]
        + ((sp_int128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 2]) * b[ 8]
        + ((sp_int128)a[ 3]) * b[ 7]
        + ((sp_int128)a[ 4]) * b[ 6]
@@ -43024,35 +42884,35 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 4]
        + ((sp_int128)a[ 7]) * b[ 3]
        + ((sp_int128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 3]) * b[ 8]
        + ((sp_int128)a[ 4]) * b[ 7]
        + ((sp_int128)a[ 5]) * b[ 6]
        + ((sp_int128)a[ 6]) * b[ 5]
        + ((sp_int128)a[ 7]) * b[ 4]
        + ((sp_int128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 4]) * b[ 8]
        + ((sp_int128)a[ 5]) * b[ 7]
        + ((sp_int128)a[ 6]) * b[ 6]
        + ((sp_int128)a[ 7]) * b[ 5]
        + ((sp_int128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 5]) * b[ 8]
        + ((sp_int128)a[ 6]) * b[ 7]
        + ((sp_int128)a[ 7]) * b[ 6]
        + ((sp_int128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 6]) * b[ 8]
        + ((sp_int128)a[ 7]) * b[ 7]
        + ((sp_int128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 7]) * b[ 8]
        + ((sp_int128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -43070,66 +42930,66 @@ SP_NOINLINE static void sp_1024_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int128)a[ 0]) * a[ 0];
     t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2
        +  ((sp_int128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 3]
        +  ((sp_int128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 4]
        +  ((sp_int128)a[ 1]) * a[ 3]) * 2
        +  ((sp_int128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 5]
        +  ((sp_int128)a[ 1]) * a[ 4]
        +  ((sp_int128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 6]
        +  ((sp_int128)a[ 1]) * a[ 5]
        +  ((sp_int128)a[ 2]) * a[ 4]) * 2
        +  ((sp_int128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 7]
        +  ((sp_int128)a[ 1]) * a[ 6]
        +  ((sp_int128)a[ 2]) * a[ 5]
        +  ((sp_int128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 8]
        +  ((sp_int128)a[ 1]) * a[ 7]
        +  ((sp_int128)a[ 2]) * a[ 6]
        +  ((sp_int128)a[ 3]) * a[ 5]) * 2
        +  ((sp_int128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 1]) * a[ 8]
        +  ((sp_int128)a[ 2]) * a[ 7]
        +  ((sp_int128)a[ 3]) * a[ 6]
        +  ((sp_int128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 2]) * a[ 8]
        +  ((sp_int128)a[ 3]) * a[ 7]
        +  ((sp_int128)a[ 4]) * a[ 6]) * 2
        +  ((sp_int128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 3]) * a[ 8]
        +  ((sp_int128)a[ 4]) * a[ 7]
        +  ((sp_int128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 4]) * a[ 8]
        +  ((sp_int128)a[ 5]) * a[ 7]) * 2
        +  ((sp_int128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 5]) * a[ 8]
        +  ((sp_int128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2
        +  ((sp_int128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_int128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -43645,20 +43505,20 @@ SP_NOINLINE static void sp_1024_rshift_18(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<17; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL);
     }
 #else
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[17] = a[17] >> n;
 }
@@ -43835,8 +43695,7 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -43915,16 +43774,16 @@ static void sp_1024_point_free_18(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -44218,20 +44077,20 @@ SP_NOINLINE static void sp_1024_mul_add_18(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffffffffffffL);
         t[1] += t[0] >> 57;
-        r[i+1] = t[1] & 0x1ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffffffffffffL);
         t[2] += t[1] >> 57;
-        r[i+2] = t[2] & 0x1ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffffffffffffL);
         t[3] += t[2] >> 57;
-        r[i+3] = t[3] & 0x1ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffffffffffffL);
         t[0]  = t[3] >> 57;
     }
     t[0] += (tb * a[16]) + r[16];
     t[1]  = (tb * a[17]) + r[17];
-    r[16] = t[0] & 0x1ffffffffffffffL;
+    r[16] = (sp_digit)(t[0] & 0x1ffffffffffffffL);
     t[1] += t[0] >> 57;
-    r[17] = t[1] & 0x1ffffffffffffffL;
+    r[17] = (sp_digit)(t[1] & 0x1ffffffffffffffL);
     r[18] +=  (sp_digit)(t[1] >> 57);
 #else
     sp_int128 tb = b;
@@ -44277,7 +44136,7 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a)
     n = a[17] >> 55;
     for (i = 0; i < 17; i++) {
         n += (sp_uint64)a[18 + i] << 2;
-        r[i] = n & 0x1ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57;
     }
     n += (sp_uint64)a[35] << 2;
@@ -44289,16 +44148,16 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a)
     n  = (sp_uint64)a[17];
     n  = n >> 55U;
     for (i = 0; i < 16; i += 8) {
-        n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U;
+        n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     }
-    n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U;
+    n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     n += (sp_uint64)a[35] << 2U; r[17] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[18], 0, sizeof(*r) * 18U);
@@ -44320,22 +44179,22 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp)
 
     if (mp != 1) {
         for (i=0; i<17; i++) {
-            mu = (a[i] * mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)((a[i] * mp) & 0x1ffffffffffffffL);
             sp_1024_mul_add_18(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = (a[i] * mp) & 0x7fffffffffffffL;
+        mu = (sp_digit)((a[i] * mp) & 0x7fffffffffffffL);
         sp_1024_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<17; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_1024_mul_add_18(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x7fffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x7fffffffffffffL);
         sp_1024_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
@@ -44377,7 +44236,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_18(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -44461,7 +44320,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_18(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_18(r->x, p1024_mod);
-    sp_1024_cond_sub_18(r->x, r->x, p1024_mod, ~(n >> 56));
+    sp_1024_cond_sub_18(r->x, r->x, p1024_mod, (sp_digit)~(n >> 56));
     sp_1024_norm_18(r->x);
 
     /* y /= z^3 */
@@ -44470,7 +44329,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_18(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_18(r->y, p1024_mod);
-    sp_1024_cond_sub_18(r->y, r->y, p1024_mod, ~(n >> 56));
+    sp_1024_cond_sub_18(r->y, r->y, p1024_mod, (sp_digit)~(n >> 56));
     sp_1024_norm_18(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44560,26 +44419,26 @@ SP_NOINLINE static void sp_1024_rshift1_18(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<17; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 56) & 0x1ffffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 56) & 0x1ffffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 56) & 0x1ffffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 56) & 0x1ffffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 56) & 0x1ffffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 56) & 0x1ffffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 56) & 0x1ffffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 56) & 0x1ffffffffffffffL);
-    r[6] = (a[6] >> 1) + ((a[7] << 56) & 0x1ffffffffffffffL);
-    r[7] = (a[7] >> 1) + ((a[8] << 56) & 0x1ffffffffffffffL);
-    r[8] = (a[8] >> 1) + ((a[9] << 56) & 0x1ffffffffffffffL);
-    r[9] = (a[9] >> 1) + ((a[10] << 56) & 0x1ffffffffffffffL);
-    r[10] = (a[10] >> 1) + ((a[11] << 56) & 0x1ffffffffffffffL);
-    r[11] = (a[11] >> 1) + ((a[12] << 56) & 0x1ffffffffffffffL);
-    r[12] = (a[12] >> 1) + ((a[13] << 56) & 0x1ffffffffffffffL);
-    r[13] = (a[13] >> 1) + ((a[14] << 56) & 0x1ffffffffffffffL);
-    r[14] = (a[14] >> 1) + ((a[15] << 56) & 0x1ffffffffffffffL);
-    r[15] = (a[15] >> 1) + ((a[16] << 56) & 0x1ffffffffffffffL);
-    r[16] = (a[16] >> 1) + ((a[17] << 56) & 0x1ffffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 56) & 0x1ffffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 56) & 0x1ffffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 56) & 0x1ffffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 56) & 0x1ffffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 56) & 0x1ffffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 56) & 0x1ffffffffffffffL);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 56) & 0x1ffffffffffffffL);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 56) & 0x1ffffffffffffffL);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 56) & 0x1ffffffffffffffL);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 56) & 0x1ffffffffffffffL);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 56) & 0x1ffffffffffffffL);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 56) & 0x1ffffffffffffffL);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 56) & 0x1ffffffffffffffL);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 56) & 0x1ffffffffffffffL);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 56) & 0x1ffffffffffffffL);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 56) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 56) & 0x1ffffffffffffffL);
 #endif
     r[17] = a[17] >> 1;
 }
@@ -44894,8 +44753,8 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r,
         sp_1024_mont_sub_18(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44912,7 +44771,7 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45086,8 +44945,8 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45104,7 +44963,7 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45666,13 +45525,13 @@ static void sp_1024_proj_point_add_sub_18(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_18_7[130] = {
+static const word8 recode_index_18_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -45685,7 +45544,7 @@ static const uint8_t recode_index_18_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_18_7[130] = {
+static const word8 recode_neg_18_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -45707,7 +45566,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -45716,7 +45575,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 57) {
             y &= 0x7f;
             n >>= 7;
@@ -45730,12 +45589,12 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 18) {
             n = k[j];
-            y |= (uint8_t)((n << (57 - o)) & 0x7f);
+            y |= (word8)((n << (57 - o)) & 0x7f);
             o -= 50;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_18_7[y];
         v[i].neg = recode_neg_18_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -45882,10 +45741,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -45951,8 +45808,8 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r,
         sp_1024_mont_sub_18(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45969,7 +45826,7 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46080,8 +45937,7 @@ static int sp_1024_gen_stripe_table_18(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46180,10 +46036,8 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46203,7 +46057,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -46216,8 +46070,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46229,7 +46085,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46315,10 +46171,12 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46397,10 +46255,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49828,10 +49684,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49906,10 +49760,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49943,7 +49795,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -49974,10 +49826,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50003,7 +49853,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -50070,10 +49920,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50220,9 +50068,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -51862,9 +51708,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -52232,9 +52076,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(c, 1, NULL);
     sp_1024_point_free_18(q, 1, NULL);
@@ -52659,9 +52501,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(c, 1, NULL);
     sp_1024_point_free_18(q, 1, NULL);
@@ -52691,7 +52531,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -52920,7 +52760,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -53027,9 +52867,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(neg, 1, NULL);
     sp_1024_point_free_18(c, 1, NULL);
@@ -53222,9 +53060,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_18(c, 1, NULL);
     sp_1024_point_free_18(q, 1, NULL);
@@ -53314,7 +53150,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_18(t1, p1024_mod);
-        sp_1024_cond_sub_18(t1, t1, p1024_mod, ~(n >> 56));
+        sp_1024_cond_sub_18(t1, t1, p1024_mod, (sp_digit)~(n >> 56));
         sp_1024_norm_18(t1);
         if (!sp_1024_iszero_18(t1)) {
             err = MP_VAL;
@@ -53322,8 +53158,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -53362,8 +53197,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -53471,10 +53305,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c
index 3ab1accbf..af5e445f4 100644
--- a/wolfcrypt/src/sp_cortexm.c
+++ b/wolfcrypt/src/sp_cortexm.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -93,7 +93,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -104,12 +105,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -240,7 +249,7 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a)
 #define sp_2048_norm_64(a)
 
 #ifndef WOLFSSL_SP_SMALL
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Multiply a and b into r. (r = a * b)
  *
  * r  A single precision integer.
@@ -736,7 +745,7 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 /* Add b to a into r. (r = a + b)
  *
  * r  A single precision integer.
@@ -776,7 +785,7 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -829,7 +838,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -885,7 +894,7 @@ static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1031,7 +1040,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -1115,7 +1124,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1321,7 +1330,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -1461,7 +1470,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1533,7 +1542,7 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a,
     (void)sp_2048_add_32(r + 96, r + 96, a1);
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Square a and put result in r. (r = a * a)
  *
  * r  A single precision integer.
@@ -1899,7 +1908,7 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 /* Sub b from a into r. (r = a - b)
  *
  * r  A single precision integer.
@@ -1938,7 +1947,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2029,7 +2038,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2148,7 +2157,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2211,7 +2220,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x100\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_add_64_word:\n\t"
+#else
+    "L_sp_2048_add_64_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -2223,17 +2236,19 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_add_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_add_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_2048_add_64_word\n\t"
+#else
+        "BNE.N	L_sp_2048_add_64_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2258,7 +2273,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x100\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sub_in_pkace_64_word:\n\t"
+#else
+    "L_sp_2048_sub_in_pkace_64_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -2269,17 +2288,19 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_sub_in_pkace_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_sub_in_pkace_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_2048_sub_in_pkace_64_word\n\t"
+#else
+        "BNE.N	L_sp_2048_sub_in_pkace_64_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2312,13 +2333,21 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_64_outer:\n\t"
+#else
+    "L_sp_2048_mul_64_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xfc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_64_inner:\n\t"
+#else
+    "L_sp_2048_mul_64_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2334,15 +2363,19 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_64_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_64_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_mul_64_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_64_inner\n\t"
 #else
+        "BGT.N	L_sp_2048_mul_64_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_64_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mul_64_inner\n\t"
+#else
+        "BLT.N	L_sp_2048_mul_64_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -2351,17 +2384,23 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_64_inner_done:\n\t"
+#else
+    "L_sp_2048_mul_64_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x1f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_mul_64_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_mul_64_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_2048_mul_64_outer\n\t"
+#else
+        "BLE.N	L_sp_2048_mul_64_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #252]\n\t"
         "LDR	r11, [%[b], #252]\n\t"
@@ -2370,14 +2409,20 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_64_store:\n\t"
+#else
+    "L_sp_2048_mul_64_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_64_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_64_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_mul_64_store\n\t"
+#else
+        "BGT.N	L_sp_2048_mul_64_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -2410,13 +2455,21 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_64_outer:\n\t"
+#else
+    "L_sp_2048_sqr_64_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xfc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_64_inner:\n\t"
+#else
+    "L_sp_2048_sqr_64_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2429,15 +2482,19 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_64_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_64_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_sqr_64_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_sqr_64_inner\n\t"
 #else
+        "BGT.N	L_sp_2048_sqr_64_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_sqr_64_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_sqr_64_inner\n\t"
+#else
+        "BLT.N	L_sp_2048_sqr_64_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -2445,17 +2502,23 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_64_inner_done:\n\t"
+#else
+    "L_sp_2048_sqr_64_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x1f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_sqr_64_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_sqr_64_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_2048_sqr_64_outer\n\t"
+#else
+        "BLE.N	L_sp_2048_sqr_64_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #252]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -2463,14 +2526,20 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_64_store:\n\t"
+#else
+    "L_sp_2048_sqr_64_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_64_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_64_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_sqr_64_store\n\t"
+#else
+        "BGT.N	L_sp_2048_sqr_64_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -2520,7 +2589,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x80\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_add_32_word:\n\t"
+#else
+    "L_sp_2048_add_32_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -2532,17 +2605,19 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_add_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_add_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_2048_add_32_word\n\t"
+#else
+        "BNE.N	L_sp_2048_add_32_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2567,7 +2642,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x80\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sub_in_pkace_32_word:\n\t"
+#else
+    "L_sp_2048_sub_in_pkace_32_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -2578,17 +2657,19 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_sub_in_pkace_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_sub_in_pkace_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_2048_sub_in_pkace_32_word\n\t"
+#else
+        "BNE.N	L_sp_2048_sub_in_pkace_32_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2621,13 +2702,21 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_32_outer:\n\t"
+#else
+    "L_sp_2048_mul_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_32_inner:\n\t"
+#else
+    "L_sp_2048_mul_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2643,15 +2732,19 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_32_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_mul_32_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_32_inner\n\t"
 #else
+        "BGT.N	L_sp_2048_mul_32_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mul_32_inner\n\t"
+#else
+        "BLT.N	L_sp_2048_mul_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -2660,17 +2753,23 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_32_inner_done:\n\t"
+#else
+    "L_sp_2048_mul_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_mul_32_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_mul_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_2048_mul_32_outer\n\t"
+#else
+        "BLE.N	L_sp_2048_mul_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "LDR	r11, [%[b], #124]\n\t"
@@ -2679,14 +2778,20 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_32_store:\n\t"
+#else
+    "L_sp_2048_mul_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_mul_32_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_mul_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_mul_32_store\n\t"
+#else
+        "BGT.N	L_sp_2048_mul_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -2719,13 +2824,21 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_32_outer:\n\t"
+#else
+    "L_sp_2048_sqr_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_32_inner:\n\t"
+#else
+    "L_sp_2048_sqr_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -2738,15 +2851,19 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_32_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_sqr_32_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_sqr_32_inner\n\t"
 #else
+        "BGT.N	L_sp_2048_sqr_32_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_sqr_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_sqr_32_inner\n\t"
+#else
+        "BLT.N	L_sp_2048_sqr_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -2754,17 +2871,23 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_32_inner_done:\n\t"
+#else
+    "L_sp_2048_sqr_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_2048_sqr_32_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_2048_sqr_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_2048_sqr_32_outer\n\t"
+#else
+        "BLE.N	L_sp_2048_sqr_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -2772,14 +2895,20 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sqr_32_store:\n\t"
+#else
+    "L_sp_2048_sqr_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_2048_sqr_32_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_2048_sqr_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_2048_sqr_32_store\n\t"
+#else
+        "BGT.N	L_sp_2048_sqr_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -2838,7 +2967,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_d_64_word:\n\t"
+#else
+    "L_sp_2048_mul_d_64_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -2851,10 +2984,12 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_d_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_d_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mul_d_64_word\n\t"
+#else
+        "BLT.N	L_sp_2048_mul_d_64_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #256]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -3252,7 +3387,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_cond_sub_32_words:\n\t"
+#else
+    "L_sp_2048_cond_sub_32_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -3262,17 +3401,19 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_cond_sub_32_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_cond_sub_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_cond_sub_32_words\n\t"
+#else
+        "BLT.N	L_sp_2048_cond_sub_32_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -3416,7 +3557,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -3448,7 +3589,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -3710,10 +3855,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_2048_mont_reduce_32_word\n\t"
+#else
+        "BLT.W	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -3752,7 +3899,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -3760,7 +3911,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_32_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -3802,10 +3957,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_32_mul\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_32_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #128]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -3818,10 +3975,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_32_word\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -3863,7 +4022,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -4030,10 +4193,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_2048_mont_reduce_32_word\n\t"
+#else
+        "BLT.W	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -4075,7 +4240,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -4083,7 +4252,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_32_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_32_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -4113,10 +4286,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_32_mul\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_32_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #128]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -4129,10 +4304,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_32_word\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -4203,7 +4380,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mul_d_32_word:\n\t"
+#else
+    "L_sp_2048_mul_d_32_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -4216,10 +4397,12 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mul_d_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mul_d_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mul_d_32_word\n\t"
+#else
+        "BLT.N	L_sp_2048_mul_d_32_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -4477,7 +4660,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -4517,7 +4700,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_2048_word_32_bit:\n\t"
+#else
+    "L_div_2048_word_32_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -4527,7 +4714,13 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_2048_word_32_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_2048_word_32_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_2048_word_32_bit\n\t"
+#else
+        "BPL.N	L_div_2048_word_32_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -4549,7 +4742,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -4579,7 +4772,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x7c\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_cmp_32_words:\n\t"
+#else
+    "L_sp_2048_cmp_32_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -4592,7 +4789,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_2048_cmp_32_words\n\t"
+#else
+        "bcs	L_sp_2048_cmp_32_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #124]\n\t"
@@ -4954,7 +5155,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -5153,13 +5354,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5322,13 +5522,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5380,7 +5579,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_cond_sub_64_words:\n\t"
+#else
+    "L_sp_2048_cond_sub_64_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -5390,17 +5593,19 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_cond_sub_64_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_cond_sub_64_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_cond_sub_64_words\n\t"
+#else
+        "BLT.N	L_sp_2048_cond_sub_64_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -5656,7 +5861,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5688,7 +5893,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -6206,10 +6415,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x100\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_2048_mont_reduce_64_word\n\t"
+#else
+        "BLT.W	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -6248,7 +6459,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -6256,7 +6471,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_64_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -6298,10 +6517,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_64_mul\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_64_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #256]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -6314,10 +6535,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_64_word\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -6359,7 +6582,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -6686,10 +6913,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x100\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_2048_mont_reduce_64_word\n\t"
+#else
+        "BLT.W	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -6731,7 +6960,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_64_word:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -6739,7 +6972,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_mont_reduce_64_mul:\n\t"
+#else
+    "L_sp_2048_mont_reduce_64_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -6769,10 +7006,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_64_mul\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_64_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #256]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -6785,10 +7024,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_mont_reduce_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_mont_reduce_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_mont_reduce_64_word\n\t"
+#else
+        "BLT.N	L_sp_2048_mont_reduce_64_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -6854,7 +7095,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x100\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_sub_64_word:\n\t"
+#else
+    "L_sp_2048_sub_64_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -6865,17 +7110,19 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_2048_sub_64_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_2048_sub_64_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_2048_sub_64_word\n\t"
+#else
+        "BNE.N	L_sp_2048_sub_64_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -7015,7 +7262,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -7081,7 +7328,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -7121,7 +7368,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_2048_word_64_bit:\n\t"
+#else
+    "L_div_2048_word_64_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -7131,7 +7382,13 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_2048_word_64_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_2048_word_64_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_2048_word_64_bit\n\t"
+#else
+        "BPL.N	L_div_2048_word_64_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -7153,7 +7410,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -7286,7 +7543,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0xfc\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_cmp_64_words:\n\t"
+#else
+    "L_sp_2048_cmp_64_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -7299,7 +7560,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_2048_cmp_64_words\n\t"
+#else
+        "bcs	L_sp_2048_cmp_64_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #252]\n\t"
@@ -8013,7 +8278,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -8206,13 +8471,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8358,13 +8622,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -8527,8 +8790,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -8562,7 +8824,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_2048_cond_add_32_words:\n\t"
+#else
+    "L_sp_2048_cond_add_32_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -8572,17 +8838,19 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_2048_cond_add_32_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_2048_cond_add_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_2048_cond_add_32_words\n\t"
+#else
+        "BLT.N	L_sp_2048_cond_add_32_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -8726,7 +8994,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -9562,13 +9830,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -9711,7 +9978,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -9722,12 +9990,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -10931,7 +11207,7 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -10998,7 +11274,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11068,7 +11344,7 @@ static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11246,7 +11522,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11358,7 +11634,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11620,7 +11896,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11816,7 +12092,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -12633,7 +12909,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -12738,7 +13014,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -12885,7 +13161,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -12948,7 +13224,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x180\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_add_96_word:\n\t"
+#else
+    "L_sp_3072_add_96_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -12960,17 +13240,19 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_add_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_add_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_3072_add_96_word\n\t"
+#else
+        "BNE.N	L_sp_3072_add_96_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -12995,7 +13277,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x180\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sub_in_pkace_96_word:\n\t"
+#else
+    "L_sp_3072_sub_in_pkace_96_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -13006,17 +13292,19 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_sub_in_pkace_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_sub_in_pkace_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_3072_sub_in_pkace_96_word\n\t"
+#else
+        "BNE.N	L_sp_3072_sub_in_pkace_96_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13049,13 +13337,21 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_96_outer:\n\t"
+#else
+    "L_sp_3072_mul_96_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x17c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_96_inner:\n\t"
+#else
+    "L_sp_3072_mul_96_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13071,15 +13367,19 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_96_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_96_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_mul_96_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_96_inner\n\t"
 #else
+        "BGT.N	L_sp_3072_mul_96_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_96_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mul_96_inner\n\t"
+#else
+        "BLT.N	L_sp_3072_mul_96_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -13088,17 +13388,23 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_96_inner_done:\n\t"
+#else
+    "L_sp_3072_mul_96_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x2f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_mul_96_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_mul_96_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_3072_mul_96_outer\n\t"
+#else
+        "BLE.N	L_sp_3072_mul_96_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #380]\n\t"
         "LDR	r11, [%[b], #380]\n\t"
@@ -13107,14 +13413,20 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_96_store:\n\t"
+#else
+    "L_sp_3072_mul_96_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_96_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_96_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_mul_96_store\n\t"
+#else
+        "BGT.N	L_sp_3072_mul_96_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -13147,13 +13459,21 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_96_outer:\n\t"
+#else
+    "L_sp_3072_sqr_96_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x17c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_96_inner:\n\t"
+#else
+    "L_sp_3072_sqr_96_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13166,15 +13486,19 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_96_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_96_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_sqr_96_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_sqr_96_inner\n\t"
 #else
+        "BGT.N	L_sp_3072_sqr_96_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_sqr_96_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_sqr_96_inner\n\t"
+#else
+        "BLT.N	L_sp_3072_sqr_96_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -13182,17 +13506,23 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_96_inner_done:\n\t"
+#else
+    "L_sp_3072_sqr_96_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x2f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_sqr_96_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_sqr_96_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_3072_sqr_96_outer\n\t"
+#else
+        "BLE.N	L_sp_3072_sqr_96_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #380]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -13200,14 +13530,20 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_96_store:\n\t"
+#else
+    "L_sp_3072_sqr_96_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_96_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_96_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_sqr_96_store\n\t"
+#else
+        "BGT.N	L_sp_3072_sqr_96_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -13257,7 +13593,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0xc0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_add_48_word:\n\t"
+#else
+    "L_sp_3072_add_48_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -13269,17 +13609,19 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_add_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_add_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_3072_add_48_word\n\t"
+#else
+        "BNE.N	L_sp_3072_add_48_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13304,7 +13646,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0xc0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sub_in_pkace_48_word:\n\t"
+#else
+    "L_sp_3072_sub_in_pkace_48_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -13315,17 +13661,19 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_sub_in_pkace_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_sub_in_pkace_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_3072_sub_in_pkace_48_word\n\t"
+#else
+        "BNE.N	L_sp_3072_sub_in_pkace_48_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13358,13 +13706,21 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_48_outer:\n\t"
+#else
+    "L_sp_3072_mul_48_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xbc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_48_inner:\n\t"
+#else
+    "L_sp_3072_mul_48_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13380,15 +13736,19 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_48_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_48_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_mul_48_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_48_inner\n\t"
 #else
+        "BGT.N	L_sp_3072_mul_48_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_48_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mul_48_inner\n\t"
+#else
+        "BLT.N	L_sp_3072_mul_48_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -13397,17 +13757,23 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_48_inner_done:\n\t"
+#else
+    "L_sp_3072_mul_48_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x174\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_mul_48_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_mul_48_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_3072_mul_48_outer\n\t"
+#else
+        "BLE.N	L_sp_3072_mul_48_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #188]\n\t"
         "LDR	r11, [%[b], #188]\n\t"
@@ -13416,14 +13782,20 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_48_store:\n\t"
+#else
+    "L_sp_3072_mul_48_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_mul_48_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_mul_48_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_mul_48_store\n\t"
+#else
+        "BGT.N	L_sp_3072_mul_48_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -13456,13 +13828,21 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_48_outer:\n\t"
+#else
+    "L_sp_3072_sqr_48_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0xbc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_48_inner:\n\t"
+#else
+    "L_sp_3072_sqr_48_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -13475,15 +13855,19 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_48_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_48_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_sqr_48_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_sqr_48_inner\n\t"
 #else
+        "BGT.N	L_sp_3072_sqr_48_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_sqr_48_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_sqr_48_inner\n\t"
+#else
+        "BLT.N	L_sp_3072_sqr_48_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -13491,17 +13875,23 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_48_inner_done:\n\t"
+#else
+    "L_sp_3072_sqr_48_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x174\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_3072_sqr_48_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_3072_sqr_48_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_3072_sqr_48_outer\n\t"
+#else
+        "BLE.N	L_sp_3072_sqr_48_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #188]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -13509,14 +13899,20 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sqr_48_store:\n\t"
+#else
+    "L_sp_3072_sqr_48_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_3072_sqr_48_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_3072_sqr_48_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_3072_sqr_48_store\n\t"
+#else
+        "BGT.N	L_sp_3072_sqr_48_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -13575,7 +13971,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_d_96_word:\n\t"
+#else
+    "L_sp_3072_mul_d_96_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -13588,10 +13988,12 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_d_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_d_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mul_d_96_word\n\t"
+#else
+        "BLT.N	L_sp_3072_mul_d_96_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #384]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -14149,7 +14551,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_cond_sub_48_words:\n\t"
+#else
+    "L_sp_3072_cond_sub_48_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -14159,17 +14565,19 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_cond_sub_48_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_cond_sub_48_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_cond_sub_48_words\n\t"
+#else
+        "BLT.N	L_sp_3072_cond_sub_48_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -14369,7 +14777,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -14401,7 +14809,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -14791,10 +15203,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0xc0\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_3072_mont_reduce_48_word\n\t"
+#else
+        "BLT.W	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -14833,7 +15247,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -14841,7 +15259,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_48_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -14883,10 +15305,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_48_mul\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_48_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #192]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -14899,10 +15323,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_48_word\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -14944,7 +15370,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -15191,10 +15621,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0xc0\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_3072_mont_reduce_48_word\n\t"
+#else
+        "BLT.W	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -15236,7 +15668,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_48_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -15244,7 +15680,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_48_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_48_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -15274,10 +15714,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_48_mul\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_48_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #192]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -15290,10 +15732,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_48_word\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_48_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -15364,7 +15808,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mul_d_48_word:\n\t"
+#else
+    "L_sp_3072_mul_d_48_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -15377,10 +15825,12 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mul_d_48_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mul_d_48_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mul_d_48_word\n\t"
+#else
+        "BLT.N	L_sp_3072_mul_d_48_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #192]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -15718,7 +16168,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -15758,7 +16208,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_3072_word_48_bit:\n\t"
+#else
+    "L_div_3072_word_48_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -15768,7 +16222,13 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_3072_word_48_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_3072_word_48_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_3072_word_48_bit\n\t"
+#else
+        "BPL.N	L_div_3072_word_48_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -15790,7 +16250,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -15820,7 +16280,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0xbc\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_cmp_48_words:\n\t"
+#else
+    "L_sp_3072_cmp_48_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -15833,7 +16297,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_3072_cmp_48_words\n\t"
+#else
+        "bcs	L_sp_3072_cmp_48_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #188]\n\t"
@@ -16371,7 +16839,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -16570,13 +17038,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16739,13 +17206,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -16797,7 +17263,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_cond_sub_96_words:\n\t"
+#else
+    "L_sp_3072_cond_sub_96_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -16807,17 +17277,19 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_cond_sub_96_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_cond_sub_96_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_cond_sub_96_words\n\t"
+#else
+        "BLT.N	L_sp_3072_cond_sub_96_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -17185,7 +17657,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -17217,7 +17689,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -17991,10 +18467,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x180\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_3072_mont_reduce_96_word\n\t"
+#else
+        "BLT.W	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -18033,7 +18511,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -18041,7 +18523,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_96_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -18083,10 +18569,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_96_mul\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_96_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #384]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -18099,10 +18587,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_96_word\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -18144,7 +18634,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -18631,10 +19125,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x180\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_3072_mont_reduce_96_word\n\t"
+#else
+        "BLT.W	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -18676,7 +19172,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_96_word:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -18684,7 +19184,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_mont_reduce_96_mul:\n\t"
+#else
+    "L_sp_3072_mont_reduce_96_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -18714,10 +19218,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_96_mul\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_96_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #384]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -18730,10 +19236,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x180\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_mont_reduce_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_mont_reduce_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_mont_reduce_96_word\n\t"
+#else
+        "BLT.N	L_sp_3072_mont_reduce_96_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -18799,7 +19307,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x180\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_sub_96_word:\n\t"
+#else
+    "L_sp_3072_sub_96_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -18810,17 +19322,19 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_3072_sub_96_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_3072_sub_96_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_3072_sub_96_word\n\t"
+#else
+        "BNE.N	L_sp_3072_sub_96_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -19016,7 +19530,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -19082,7 +19596,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -19122,7 +19636,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_3072_word_96_bit:\n\t"
+#else
+    "L_div_3072_word_96_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -19132,7 +19650,13 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_3072_word_96_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_3072_word_96_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_3072_word_96_bit\n\t"
+#else
+        "BPL.N	L_div_3072_word_96_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -19154,7 +19678,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -19287,7 +19811,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x17c\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_cmp_96_words:\n\t"
+#else
+    "L_sp_3072_cmp_96_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -19300,7 +19828,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_3072_cmp_96_words\n\t"
+#else
+        "bcs	L_sp_3072_cmp_96_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #380]\n\t"
@@ -20366,7 +20898,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -20559,13 +21091,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20711,13 +21242,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -20880,8 +21410,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -20915,7 +21444,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_3072_cond_add_48_words:\n\t"
+#else
+    "L_sp_3072_cond_add_48_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -20925,17 +21458,19 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0xc0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_3072_cond_add_48_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_3072_cond_add_48_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_3072_cond_add_48_words\n\t"
+#else
+        "BLT.N	L_sp_3072_cond_add_48_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -21135,7 +21670,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -22163,13 +22698,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -22312,7 +22846,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -22323,12 +22858,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -22705,7 +23248,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -22957,7 +23500,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -23059,7 +23602,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x200\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_add_128_word:\n\t"
+#else
+    "L_sp_4096_add_128_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -23071,17 +23618,19 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_4096_add_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_4096_add_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_4096_add_128_word\n\t"
+#else
+        "BNE.N	L_sp_4096_add_128_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -23106,7 +23655,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x200\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_sub_in_pkace_128_word:\n\t"
+#else
+    "L_sp_4096_sub_in_pkace_128_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -23117,17 +23670,19 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_4096_sub_in_pkace_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_4096_sub_in_pkace_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_4096_sub_in_pkace_128_word\n\t"
+#else
+        "BNE.N	L_sp_4096_sub_in_pkace_128_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -23160,13 +23715,21 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mul_128_outer:\n\t"
+#else
+    "L_sp_4096_mul_128_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1fc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mul_128_inner:\n\t"
+#else
+    "L_sp_4096_mul_128_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -23182,15 +23745,19 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_mul_128_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_mul_128_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_4096_mul_128_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mul_128_inner\n\t"
 #else
+        "BGT.N	L_sp_4096_mul_128_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mul_128_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_mul_128_inner\n\t"
+#else
+        "BLT.N	L_sp_4096_mul_128_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -23199,17 +23766,23 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mul_128_inner_done:\n\t"
+#else
+    "L_sp_4096_mul_128_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x3f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_4096_mul_128_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_4096_mul_128_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_4096_mul_128_outer\n\t"
+#else
+        "BLE.N	L_sp_4096_mul_128_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #508]\n\t"
         "LDR	r11, [%[b], #508]\n\t"
@@ -23218,14 +23791,20 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mul_128_store:\n\t"
+#else
+    "L_sp_4096_mul_128_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_mul_128_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_mul_128_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_4096_mul_128_store\n\t"
+#else
+        "BGT.N	L_sp_4096_mul_128_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -23258,13 +23837,21 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_sqr_128_outer:\n\t"
+#else
+    "L_sp_4096_sqr_128_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1fc\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_sqr_128_inner:\n\t"
+#else
+    "L_sp_4096_sqr_128_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -23277,15 +23864,19 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_sqr_128_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_sqr_128_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_4096_sqr_128_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_sqr_128_inner\n\t"
 #else
+        "BGT.N	L_sp_4096_sqr_128_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_sqr_128_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_sqr_128_inner\n\t"
+#else
+        "BLT.N	L_sp_4096_sqr_128_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -23293,17 +23884,23 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_sqr_128_inner_done:\n\t"
+#else
+    "L_sp_4096_sqr_128_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x3f4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_4096_sqr_128_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_4096_sqr_128_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_4096_sqr_128_outer\n\t"
+#else
+        "BLE.N	L_sp_4096_sqr_128_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #508]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -23311,14 +23908,20 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_sqr_128_store:\n\t"
+#else
+    "L_sp_4096_sqr_128_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_4096_sqr_128_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_4096_sqr_128_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_4096_sqr_128_store\n\t"
+#else
+        "BGT.N	L_sp_4096_sqr_128_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -23375,7 +23978,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mul_d_128_word:\n\t"
+#else
+    "L_sp_4096_mul_d_128_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -23388,10 +23995,12 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mul_d_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mul_d_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_mul_d_128_word\n\t"
+#else
+        "BLT.N	L_sp_4096_mul_d_128_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #512]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -24110,7 +24719,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_cond_sub_128_words:\n\t"
+#else
+    "L_sp_4096_cond_sub_128_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -24120,17 +24733,19 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_cond_sub_128_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_cond_sub_128_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_cond_sub_128_words\n\t"
+#else
+        "BLT.N	L_sp_4096_cond_sub_128_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -24610,7 +25225,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -24642,7 +25257,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -25672,10 +26291,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x200\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_4096_mont_reduce_128_word\n\t"
+#else
+        "BLT.W	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -25714,7 +26335,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -25722,7 +26347,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mont_reduce_128_mul:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -25764,10 +26393,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_mont_reduce_128_mul\n\t"
+#else
+        "BLT.N	L_sp_4096_mont_reduce_128_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #512]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -25780,10 +26411,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_mont_reduce_128_word\n\t"
+#else
+        "BLT.N	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -25825,7 +26458,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -26472,10 +27109,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x200\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_4096_mont_reduce_128_word\n\t"
+#else
+        "BLT.W	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -26517,7 +27156,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* ca = 0 */
         "MOV	r3, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mont_reduce_128_word:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "LDR	r10, [%[a]]\n\t"
         "MUL	r8, %[mp], r10\n\t"
@@ -26525,7 +27168,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "MOV	r12, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_mont_reduce_128_mul:\n\t"
+#else
+    "L_sp_4096_mont_reduce_128_mul_%=:\n\t"
+#endif
         /* a[i+j+0] += m[j+0] * mu */
         "LDR	r7, [%[m], r12]\n\t"
         "LDR	r10, [%[a], r12]\n\t"
@@ -26555,10 +27202,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         /* j += 1 */
         "ADD	r12, r12, #0x4\n\t"
         "CMP	r12, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_mul\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_mul_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_mont_reduce_128_mul\n\t"
+#else
+        "BLT.N	L_sp_4096_mont_reduce_128_mul_%=\n\t"
 #endif
         "LDR	r10, [%[a], #512]\n\t"
         "ADDS	r4, r4, r3\n\t"
@@ -26571,10 +27220,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
         "ADD	r9, r9, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r9, #0x200\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_mont_reduce_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_mont_reduce_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_mont_reduce_128_word\n\t"
+#else
+        "BLT.N	L_sp_4096_mont_reduce_128_word_%=\n\t"
 #endif
         /* Loop Done */
         "MOV	%[mp], r3\n\t"
@@ -26640,7 +27291,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x200\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_sub_128_word:\n\t"
+#else
+    "L_sp_4096_sub_128_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -26651,17 +27306,19 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_4096_sub_128_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_4096_sub_128_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_4096_sub_128_word\n\t"
+#else
+        "BNE.N	L_sp_4096_sub_128_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -26913,7 +27570,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -26979,7 +27636,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -27019,7 +27676,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_4096_word_128_bit:\n\t"
+#else
+    "L_div_4096_word_128_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -27029,7 +27690,13 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_4096_word_128_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_4096_word_128_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_4096_word_128_bit\n\t"
+#else
+        "BPL.N	L_div_4096_word_128_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -27051,7 +27718,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -27184,7 +27851,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x1fc\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_cmp_128_words:\n\t"
+#else
+    "L_sp_4096_cmp_128_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -27197,7 +27868,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_4096_cmp_128_words\n\t"
+#else
+        "bcs	L_sp_4096_cmp_128_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #508]\n\t"
@@ -28615,7 +29290,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -28808,13 +29483,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -28960,13 +29634,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -29129,8 +29802,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -29164,7 +29836,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_4096_cond_add_64_words:\n\t"
+#else
+    "L_sp_4096_cond_add_64_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -29174,17 +29850,19 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x100\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_4096_cond_add_64_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_4096_cond_add_64_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_4096_cond_add_64_words\n\t"
+#else
+        "BLT.N	L_sp_4096_cond_add_64_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -29440,7 +30118,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -30660,13 +31338,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -30857,13 +31534,21 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mul_8_outer:\n\t"
+#else
+    "L_sp_256_mul_8_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mul_8_inner:\n\t"
+#else
+    "L_sp_256_mul_8_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -30879,15 +31564,19 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_mul_8_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_256_mul_8_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_256_mul_8_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_mul_8_inner\n\t"
 #else
+        "BGT.N	L_sp_256_mul_8_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mul_8_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_256_mul_8_inner\n\t"
+#else
+        "BLT.N	L_sp_256_mul_8_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -30896,17 +31585,23 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mul_8_inner_done:\n\t"
+#else
+    "L_sp_256_mul_8_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x34\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_256_mul_8_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_256_mul_8_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_256_mul_8_outer\n\t"
+#else
+        "BLE.N	L_sp_256_mul_8_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #28]\n\t"
         "LDR	r11, [%[b], #28]\n\t"
@@ -30915,14 +31610,20 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mul_8_store:\n\t"
+#else
+    "L_sp_256_mul_8_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_mul_8_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_256_mul_8_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_256_mul_8_store\n\t"
+#else
+        "BGT.N	L_sp_256_mul_8_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -30931,7 +31632,7 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
 }
 
 #else
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Multiply a and b into r. (r = a * b)
  *
  * r  A single precision integer.
@@ -31427,7 +32128,7 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Square a and put result in r. (r = a * a)
@@ -31455,13 +32156,21 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_sqr_8_outer:\n\t"
+#else
+    "L_sp_256_sqr_8_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x1c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_sqr_8_inner:\n\t"
+#else
+    "L_sp_256_sqr_8_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -31474,15 +32183,19 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_sqr_8_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_256_sqr_8_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_256_sqr_8_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_sqr_8_inner\n\t"
 #else
+        "BGT.N	L_sp_256_sqr_8_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_256_sqr_8_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_256_sqr_8_inner\n\t"
+#else
+        "BLT.N	L_sp_256_sqr_8_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -31490,17 +32203,23 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_sqr_8_inner_done:\n\t"
+#else
+    "L_sp_256_sqr_8_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x34\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_256_sqr_8_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_256_sqr_8_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_256_sqr_8_outer\n\t"
+#else
+        "BLE.N	L_sp_256_sqr_8_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #28]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -31508,14 +32227,20 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_sqr_8_store:\n\t"
+#else
+    "L_sp_256_sqr_8_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_256_sqr_8_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_256_sqr_8_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_256_sqr_8_store\n\t"
+#else
+        "BGT.N	L_sp_256_sqr_8_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -31524,7 +32249,7 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
 }
 
 #else
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Square a and put result in r. (r = a * a)
  *
  * r  A single precision integer.
@@ -31890,7 +32615,7 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Add b to a into r. (r = a + b)
@@ -31915,7 +32640,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x20\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_add_8_word:\n\t"
+#else
+    "L_sp_256_add_8_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -31927,17 +32656,19 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_256_add_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_256_add_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_256_add_8_word\n\t"
+#else
+        "BNE.N	L_sp_256_add_8_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -31980,7 +32711,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -32227,7 +32958,7 @@ static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit*
 #else
     (void)m;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Convert an mp_int to an array of sp_digit.
@@ -33837,7 +34568,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -33938,7 +34669,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x1c\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_cmp_8_words:\n\t"
+#else
+    "L_sp_256_cmp_8_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -33951,7 +34686,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_256_cmp_8_words\n\t"
+#else
+        "bcs	L_sp_256_cmp_8_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #28]\n\t"
@@ -34049,7 +34788,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -34085,7 +34824,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_cond_sub_8_words:\n\t"
+#else
+    "L_sp_256_cond_sub_8_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -34095,17 +34838,19 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_cond_sub_8_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_256_cond_sub_8_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_256_cond_sub_8_words\n\t"
+#else
+        "BLT.N	L_sp_256_cond_sub_8_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -34165,7 +34910,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -34199,7 +34944,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mont_reduce_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34269,10 +35018,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_256_mont_reduce_8_word\n\t"
+#else
+        "BLT.W	L_sp_256_mont_reduce_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -34314,7 +35065,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mont_reduce_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34361,10 +35116,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_256_mont_reduce_8_word\n\t"
+#else
+        "BLT.W	L_sp_256_mont_reduce_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -34573,7 +35330,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mont_reduce_order_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_order_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34643,10 +35404,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_order_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_order_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_256_mont_reduce_order_8_word\n\t"
+#else
+        "BLT.W	L_sp_256_mont_reduce_order_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -34688,7 +35451,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mont_reduce_order_8_word:\n\t"
+#else
+    "L_sp_256_mont_reduce_order_8_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -34735,10 +35502,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit*
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x20\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_256_mont_reduce_order_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mont_reduce_order_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_256_mont_reduce_order_8_word\n\t"
+#else
+        "BLT.W	L_sp_256_mont_reduce_order_8_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -34780,7 +35549,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -34789,7 +35558,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -35431,8 +36200,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -35449,7 +36218,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -35623,8 +36392,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -35641,7 +36410,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -35696,7 +36465,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -35890,15 +36659,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_256));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_256));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -36094,8 +36863,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36112,7 +36881,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36202,8 +36971,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36240,7 +37008,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -36367,10 +37135,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36390,7 +37156,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -36403,8 +37169,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -36416,7 +37184,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -36502,10 +37270,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -36622,8 +37392,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36660,7 +37429,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -36787,10 +37556,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -36810,7 +37577,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -36823,8 +37590,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -36836,7 +37605,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -36922,10 +37691,12 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -37004,10 +37775,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -37084,10 +37853,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38554,10 +39321,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38632,10 +39397,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38690,7 +39453,8 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -38701,12 +39465,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -38724,6 +39496,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -38740,6 +39513,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -38818,12 +39596,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -38981,10 +39756,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -39067,7 +39840,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x20\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_sub_in_pkace_8_word:\n\t"
+#else
+    "L_sp_256_sub_in_pkace_8_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -39078,17 +39855,19 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_256_sub_in_pkace_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_256_sub_in_pkace_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_256_sub_in_pkace_8_word\n\t"
+#else
+        "BNE.N	L_sp_256_sub_in_pkace_8_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -39128,7 +39907,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -39160,7 +39939,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_mul_d_8_word:\n\t"
+#else
+    "L_sp_256_mul_d_8_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -39173,10 +39956,12 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_256_mul_d_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_256_mul_d_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_256_mul_d_8_word\n\t"
+#else
+        "BLT.N	L_sp_256_mul_d_8_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #32]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -39314,7 +40099,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -39354,7 +40139,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_256_word_8_bit:\n\t"
+#else
+    "L_div_256_word_8_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -39364,7 +40153,13 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_256_word_8_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_256_word_8_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_256_word_8_bit\n\t"
+#else
+        "BPL.N	L_div_256_word_8_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -39386,7 +40181,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -39488,7 +40283,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -40058,7 +40853,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x20\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_sub_8_word:\n\t"
+#else
+    "L_sp_256_sub_8_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -40069,17 +40868,19 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_256_sub_8_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_256_sub_8_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_256_sub_8_word\n\t"
+#else
+        "BNE.N	L_sp_256_sub_8_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -40121,7 +40922,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -40191,10 +40992,12 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
         "MOV	r12, #0x0\n\t"
         "LDM	%[a]!, {r4}\n\t"
         "ANDS	r3, r4, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_div2_mod_8_even\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_div2_mod_8_even_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_div2_mod_8_even\n\t"
+#else
+        "BEQ.N	L_sp_256_div2_mod_8_even_%=\n\t"
 #endif
         "LDM	%[a]!, {r5, r6, r7}\n\t"
         "LDM	%[m]!, {r8, r9, r10, r11}\n\t"
@@ -40210,17 +41013,27 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
         "ADCS	r6, r6, r10\n\t"
         "ADCS	r7, r7, r11\n\t"
         "ADC	r3, r12, r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_div2_mod_8_div2\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_div2_mod_8_div2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_div2_mod_8_div2\n\t"
+#else
+        "B.N	L_sp_256_div2_mod_8_div2_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_div2_mod_8_even:\n\t"
+#else
+    "L_sp_256_div2_mod_8_even_%=:\n\t"
+#endif
         "LDRD	r4, r5, [%[a], #12]\n\t"
         "LDRD	r6, r7, [%[a], #20]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_div2_mod_8_div2:\n\t"
+#else
+    "L_sp_256_div2_mod_8_div2_%=:\n\t"
+#endif
         "LSR	r8, r4, #1\n\t"
         "AND	r4, r4, #0x1\n\t"
         "LSR	r9, r5, #1\n\t"
@@ -40262,135 +41075,195 @@ static int sp_256_num_bits_8(const sp_digit* a)
     __asm__ __volatile__ (
         "LDR	r1, [%[a], #28]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_7\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_7\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_7_%=\n\t"
 #endif
         "MOV	r2, #0x100\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_7:\n\t"
+#else
+    "L_sp_256_num_bits_8_7_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #24]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_6\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_6\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_6_%=\n\t"
 #endif
         "MOV	r2, #0xe0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_6:\n\t"
+#else
+    "L_sp_256_num_bits_8_6_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #20]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_5\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_5\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_5_%=\n\t"
 #endif
         "MOV	r2, #0xc0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_5:\n\t"
+#else
+    "L_sp_256_num_bits_8_5_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #16]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_4\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_4\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_4_%=\n\t"
 #endif
         "MOV	r2, #0xa0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_4:\n\t"
+#else
+    "L_sp_256_num_bits_8_4_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #12]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_3\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_3\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_3_%=\n\t"
 #endif
         "MOV	r2, #0x80\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_3:\n\t"
+#else
+    "L_sp_256_num_bits_8_3_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #8]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_2\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_2\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_2_%=\n\t"
 #endif
         "MOV	r2, #0x60\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_2:\n\t"
+#else
+    "L_sp_256_num_bits_8_2_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #4]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_256_num_bits_8_1\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_256_num_bits_8_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_256_num_bits_8_1\n\t"
+#else
+        "BEQ.N	L_sp_256_num_bits_8_1_%=\n\t"
 #endif
         "MOV	r2, #0x40\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_256_num_bits_8_9\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_256_num_bits_8_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_256_num_bits_8_9\n\t"
+#else
+        "B.N	L_sp_256_num_bits_8_9_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_1:\n\t"
+#else
+    "L_sp_256_num_bits_8_1_%=:\n\t"
+#endif
         "LDR	r1, [%[a]]\n\t"
         "MOV	r2, #0x20\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_256_num_bits_8_9:\n\t"
+#else
+    "L_sp_256_num_bits_8_9_%=:\n\t"
+#endif
         "MOV	%[a], r4\n\t"
         : [a] "+r" (a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -40676,10 +41549,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40886,8 +41757,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -40926,8 +41796,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41035,10 +41904,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41117,10 +41984,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41185,10 +42050,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41249,10 +42112,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41318,8 +42179,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41384,8 +42244,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -41507,13 +42366,21 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mul_12_outer:\n\t"
+#else
+    "L_sp_384_mul_12_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x2c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mul_12_inner:\n\t"
+#else
+    "L_sp_384_mul_12_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -41529,15 +42396,19 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_mul_12_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_384_mul_12_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_384_mul_12_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_mul_12_inner\n\t"
 #else
+        "BGT.N	L_sp_384_mul_12_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mul_12_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_384_mul_12_inner\n\t"
+#else
+        "BLT.N	L_sp_384_mul_12_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -41546,17 +42417,23 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mul_12_inner_done:\n\t"
+#else
+    "L_sp_384_mul_12_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x54\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_384_mul_12_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_384_mul_12_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_384_mul_12_outer\n\t"
+#else
+        "BLE.N	L_sp_384_mul_12_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #44]\n\t"
         "LDR	r11, [%[b], #44]\n\t"
@@ -41565,14 +42442,20 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mul_12_store:\n\t"
+#else
+    "L_sp_384_mul_12_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_mul_12_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_384_mul_12_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_384_mul_12_store\n\t"
+#else
+        "BGT.N	L_sp_384_mul_12_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -42635,13 +43518,21 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_sqr_12_outer:\n\t"
+#else
+    "L_sp_384_sqr_12_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x2c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_sqr_12_inner:\n\t"
+#else
+    "L_sp_384_sqr_12_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -42654,15 +43545,19 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_sqr_12_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_384_sqr_12_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_384_sqr_12_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_sqr_12_inner\n\t"
 #else
+        "BGT.N	L_sp_384_sqr_12_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_384_sqr_12_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_384_sqr_12_inner\n\t"
+#else
+        "BLT.N	L_sp_384_sqr_12_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -42670,17 +43565,23 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_sqr_12_inner_done:\n\t"
+#else
+    "L_sp_384_sqr_12_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x54\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_384_sqr_12_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_384_sqr_12_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_384_sqr_12_outer\n\t"
+#else
+        "BLE.N	L_sp_384_sqr_12_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #44]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -42688,14 +43589,20 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_sqr_12_store:\n\t"
+#else
+    "L_sp_384_sqr_12_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_384_sqr_12_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_384_sqr_12_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_384_sqr_12_store\n\t"
+#else
+        "BGT.N	L_sp_384_sqr_12_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -43428,7 +44335,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x30\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_add_12_word:\n\t"
+#else
+    "L_sp_384_add_12_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -43440,17 +44351,19 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_384_add_12_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_384_add_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_384_add_12_word\n\t"
+#else
+        "BNE.N	L_sp_384_add_12_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -43500,7 +44413,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -43584,23 +44497,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -43828,7 +44740,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_cond_sub_12_words:\n\t"
+#else
+    "L_sp_384_cond_sub_12_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -43838,17 +44754,19 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x30\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_cond_sub_12_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_384_cond_sub_12_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_384_cond_sub_12_words\n\t"
+#else
+        "BLT.N	L_sp_384_cond_sub_12_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -43922,7 +44840,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -43955,7 +44873,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mont_reduce_12_word:\n\t"
+#else
+    "L_sp_384_mont_reduce_12_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -44057,10 +44979,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x30\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_384_mont_reduce_12_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mont_reduce_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_384_mont_reduce_12_word\n\t"
+#else
+        "BLT.W	L_sp_384_mont_reduce_12_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -44102,7 +45026,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mont_reduce_12_word:\n\t"
+#else
+    "L_sp_384_mont_reduce_12_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -44169,10 +45097,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x30\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_384_mont_reduce_12_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mont_reduce_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_384_mont_reduce_12_word\n\t"
+#else
+        "BLT.W	L_sp_384_mont_reduce_12_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -44240,7 +45170,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -44357,7 +45287,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x2c\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_cmp_12_words:\n\t"
+#else
+    "L_sp_384_cmp_12_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -44370,7 +45304,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_384_cmp_12_words\n\t"
+#else
+        "bcs	L_sp_384_cmp_12_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #44]\n\t"
@@ -44512,7 +45450,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -44545,7 +45483,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -44554,7 +45492,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44660,7 +45598,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x30\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_sub_12_word:\n\t"
+#else
+    "L_sp_384_sub_12_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -44671,17 +45613,19 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_384_sub_12_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_384_sub_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_384_sub_12_word\n\t"
+#else
+        "BNE.N	L_sp_384_sub_12_word_%=\n\t"
 #endif
         "MOV	%[r], r11\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44730,7 +45674,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -44761,7 +45705,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_cond_add_12_words:\n\t"
+#else
+    "L_sp_384_cond_add_12_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -44771,17 +45719,19 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x30\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_cond_add_12_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_384_cond_add_12_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_384_cond_add_12_words\n\t"
+#else
+        "BLT.N	L_sp_384_cond_add_12_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44855,7 +45805,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45260,8 +46210,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45278,7 +46228,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45452,8 +46402,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45470,7 +46420,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45537,7 +46487,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -45743,15 +46693,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_384));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_384));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -45947,8 +46897,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45965,7 +46915,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46055,8 +47005,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46101,7 +47050,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -46236,10 +47185,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46259,7 +47206,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -46272,8 +47219,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46285,7 +47234,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46371,10 +47320,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46491,8 +47442,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46537,7 +47487,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -46672,10 +47622,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46695,7 +47643,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -46708,8 +47656,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -46721,7 +47671,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46807,10 +47757,12 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -46889,10 +47841,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -46969,10 +47919,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48439,10 +49387,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48517,10 +49463,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48581,7 +49525,8 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -48592,12 +49537,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -48615,6 +49568,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -48631,6 +49585,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -48709,12 +49668,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48872,10 +49828,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -48958,7 +49912,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x30\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_sub_in_pkace_12_word:\n\t"
+#else
+    "L_sp_384_sub_in_pkace_12_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -48969,17 +49927,19 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_384_sub_in_pkace_12_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_384_sub_in_pkace_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_384_sub_in_pkace_12_word\n\t"
+#else
+        "BNE.N	L_sp_384_sub_in_pkace_12_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -49026,7 +49986,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -49058,7 +50018,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_mul_d_12_word:\n\t"
+#else
+    "L_sp_384_mul_d_12_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -49071,10 +50035,12 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x30\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_384_mul_d_12_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_384_mul_d_12_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_384_mul_d_12_word\n\t"
+#else
+        "BLT.N	L_sp_384_mul_d_12_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #48]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -49232,7 +50198,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -49272,7 +50238,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_384_word_12_bit:\n\t"
+#else
+    "L_div_384_word_12_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -49282,7 +50252,13 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_384_word_12_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_384_word_12_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_384_word_12_bit\n\t"
+#else
+        "BPL.N	L_div_384_word_12_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -49304,7 +50280,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -49410,13 +50386,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -49945,10 +50921,12 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m
     __asm__ __volatile__ (
         "LDM	%[a]!, {r4}\n\t"
         "ANDS	r3, r4, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_div2_mod_12_even\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_div2_mod_12_even_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_div2_mod_12_even\n\t"
+#else
+        "BEQ.N	L_sp_384_div2_mod_12_even_%=\n\t"
 #endif
         "MOV	r12, #0x0\n\t"
         "LDM	%[a]!, {r5, r6, r7}\n\t"
@@ -49973,13 +50951,19 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m
         "ADCS	r7, r7, r11\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "ADC	r3, r12, r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_div2_mod_12_div2\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_div2_mod_12_div2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_div2_mod_12_div2\n\t"
+#else
+        "B.N	L_sp_384_div2_mod_12_div2_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_div2_mod_12_even:\n\t"
+#else
+    "L_sp_384_div2_mod_12_even_%=:\n\t"
+#endif
         "LDM	%[a]!, {r5, r6, r7}\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
@@ -49987,7 +50971,11 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_div2_mod_12_div2:\n\t"
+#else
+    "L_sp_384_div2_mod_12_div2_%=:\n\t"
+#endif
         "SUB	%[r], %[r], #0x30\n\t"
         "LDRD	r8, r9, [%[r]]\n\t"
         "LSR	r8, r8, #1\n\t"
@@ -50055,203 +51043,295 @@ static int sp_384_num_bits_12(const sp_digit* a)
     __asm__ __volatile__ (
         "LDR	r1, [%[a], #44]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_11\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_11_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_11\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_11_%=\n\t"
 #endif
         "MOV	r2, #0x180\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_11:\n\t"
+#else
+    "L_sp_384_num_bits_12_11_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #40]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_10\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_10_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_10\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_10_%=\n\t"
 #endif
         "MOV	r2, #0x160\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_10:\n\t"
+#else
+    "L_sp_384_num_bits_12_10_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #36]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_9\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_9\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_9_%=\n\t"
 #endif
         "MOV	r2, #0x140\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_9:\n\t"
+#else
+    "L_sp_384_num_bits_12_9_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #32]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_8\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_8\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_8_%=\n\t"
 #endif
         "MOV	r2, #0x120\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_8:\n\t"
+#else
+    "L_sp_384_num_bits_12_8_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #28]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_7\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_7\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_7_%=\n\t"
 #endif
         "MOV	r2, #0x100\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_7:\n\t"
+#else
+    "L_sp_384_num_bits_12_7_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #24]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_6\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_6\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_6_%=\n\t"
 #endif
         "MOV	r2, #0xe0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_6:\n\t"
+#else
+    "L_sp_384_num_bits_12_6_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #20]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_5\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_5\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_5_%=\n\t"
 #endif
         "MOV	r2, #0xc0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_5:\n\t"
+#else
+    "L_sp_384_num_bits_12_5_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #16]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_4\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_4\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_4_%=\n\t"
 #endif
         "MOV	r2, #0xa0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_4:\n\t"
+#else
+    "L_sp_384_num_bits_12_4_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #12]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_3\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_3\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_3_%=\n\t"
 #endif
         "MOV	r2, #0x80\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_3:\n\t"
+#else
+    "L_sp_384_num_bits_12_3_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #8]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_2\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_2\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_2_%=\n\t"
 #endif
         "MOV	r2, #0x60\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_2:\n\t"
+#else
+    "L_sp_384_num_bits_12_2_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #4]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_384_num_bits_12_1\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_384_num_bits_12_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_384_num_bits_12_1\n\t"
+#else
+        "BEQ.N	L_sp_384_num_bits_12_1_%=\n\t"
 #endif
         "MOV	r2, #0x40\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_384_num_bits_12_13\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_384_num_bits_12_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_384_num_bits_12_13\n\t"
+#else
+        "B.N	L_sp_384_num_bits_12_13_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_1:\n\t"
+#else
+    "L_sp_384_num_bits_12_1_%=:\n\t"
+#endif
         "LDR	r1, [%[a]]\n\t"
         "MOV	r2, #0x20\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_384_num_bits_12_13:\n\t"
+#else
+    "L_sp_384_num_bits_12_13_%=:\n\t"
+#endif
         "MOV	%[a], r4\n\t"
         : [a] "+r" (a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -50541,10 +51621,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50751,8 +51829,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50791,8 +51868,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50900,10 +51976,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -50982,10 +52056,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51050,10 +52122,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51114,10 +52184,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51213,8 +52281,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51279,8 +52346,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51414,13 +52480,21 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mul_17_outer:\n\t"
+#else
+    "L_sp_521_mul_17_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x40\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mul_17_inner:\n\t"
+#else
+    "L_sp_521_mul_17_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -51436,15 +52510,19 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_mul_17_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_521_mul_17_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_521_mul_17_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_mul_17_inner\n\t"
 #else
+        "BGT.N	L_sp_521_mul_17_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mul_17_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_521_mul_17_inner\n\t"
+#else
+        "BLT.N	L_sp_521_mul_17_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -51453,17 +52531,23 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mul_17_inner_done:\n\t"
+#else
+    "L_sp_521_mul_17_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x7c\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_521_mul_17_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_521_mul_17_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_521_mul_17_outer\n\t"
+#else
+        "BLE.N	L_sp_521_mul_17_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #64]\n\t"
         "LDR	r11, [%[b], #64]\n\t"
@@ -51475,14 +52559,20 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r6, r7}\n\t"
         "SUB	r5, r5, #0x8\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mul_17_store:\n\t"
+#else
+    "L_sp_521_mul_17_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_mul_17_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_521_mul_17_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_521_mul_17_store\n\t"
+#else
+        "BGT.N	L_sp_521_mul_17_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -53559,13 +54649,21 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_sqr_17_outer:\n\t"
+#else
+    "L_sp_521_sqr_17_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x40\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_sqr_17_inner:\n\t"
+#else
+    "L_sp_521_sqr_17_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -53578,15 +54676,19 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_sqr_17_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_521_sqr_17_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_521_sqr_17_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_sqr_17_inner\n\t"
 #else
+        "BGT.N	L_sp_521_sqr_17_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_521_sqr_17_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_521_sqr_17_inner\n\t"
+#else
+        "BLT.N	L_sp_521_sqr_17_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -53594,17 +54696,23 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_sqr_17_inner_done:\n\t"
+#else
+    "L_sp_521_sqr_17_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x7c\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_521_sqr_17_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_521_sqr_17_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_521_sqr_17_outer\n\t"
+#else
+        "BLE.N	L_sp_521_sqr_17_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #64]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -53615,14 +54723,20 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a)
         "STM	%[r]!, {r6, r7}\n\t"
         "SUB	r5, r5, #0x8\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_sqr_17_store:\n\t"
+#else
+    "L_sp_521_sqr_17_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_521_sqr_17_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_521_sqr_17_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_521_sqr_17_store\n\t"
+#else
+        "BGT.N	L_sp_521_sqr_17_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -54939,7 +56053,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x40\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_add_17_word:\n\t"
+#else
+    "L_sp_521_add_17_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -54951,10 +56069,12 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_add_17_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_521_add_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_521_add_17_word\n\t"
+#else
+        "BNE.N	L_sp_521_add_17_word_%=\n\t"
 #endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a], {r4}\n\t"
@@ -54967,7 +56087,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -55028,7 +56148,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -55272,7 +56392,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_cond_sub_17_words:\n\t"
+#else
+    "L_sp_521_cond_sub_17_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -55282,17 +56406,19 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x44\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_cond_sub_17_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_521_cond_sub_17_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_521_cond_sub_17_words\n\t"
+#else
+        "BLT.N	L_sp_521_cond_sub_17_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -55385,7 +56511,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -55552,19 +56678,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mont_reduce_order_17_word:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         "CMP	r11, #0x40\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_mont_reduce_order_17_nomask\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_521_mont_reduce_order_17_nomask\n\t"
+#else
+        "BNE.N	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #endif
         "MOV	r9, #0x1ff\n\t"
         "AND	r10, r10, r9\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mont_reduce_order_17_nomask:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t"
+#endif
         /* a[i+0] += m[0] * mu */
         "MOV	r7, #0x0\n\t"
         "UMLAL	r4, r7, r10, lr\n\t"
@@ -55705,10 +56841,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x44\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_521_mont_reduce_order_17_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mont_reduce_order_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_521_mont_reduce_order_17_word\n\t"
+#else
+        "BLT.W	L_sp_521_mont_reduce_order_17_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -55820,19 +56958,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mont_reduce_order_17_word:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         "CMP	r4, #0x40\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_mont_reduce_order_17_nomask\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_521_mont_reduce_order_17_nomask\n\t"
+#else
+        "BNE.N	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #endif
         "MOV	r12, #0x1ff\n\t"
         "AND	lr, lr, r12\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mont_reduce_order_17_nomask:\n\t"
+#else
+    "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t"
+#endif
         /* a[i+0] += m[0] * mu */
         "LDR	r12, [%[m]]\n\t"
         "MOV	r3, #0x0\n\t"
@@ -55923,10 +57071,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit*
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x44\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_521_mont_reduce_order_17_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mont_reduce_order_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_521_mont_reduce_order_17_word\n\t"
+#else
+        "BLT.W	L_sp_521_mont_reduce_order_17_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -56064,7 +57214,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -56178,7 +57328,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x40\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_cmp_17_words:\n\t"
+#else
+    "L_sp_521_cmp_17_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -56191,7 +57345,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_521_cmp_17_words\n\t"
+#else
+        "bcs	L_sp_521_cmp_17_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #64]\n\t"
@@ -56388,7 +57546,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -56421,7 +57579,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -56430,7 +57588,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -57196,8 +58354,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -57214,7 +58372,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -57388,8 +58546,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -57406,7 +58564,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -57488,7 +58646,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -57713,15 +58871,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con
     #endif
     }
 #ifndef WC_NO_CACHE_RESISTANT
-    #ifdef WOLFSSL_SP_SMALL_STACK
+#ifdef WOLFSSL_SP_SMALL_STACK
     if (p != NULL)
+#endif
+    {
+        ForceZero(p, sizeof(sp_point_521));
+    #ifdef WOLFSSL_SP_SMALL_STACK
+        XFREE(p, heap, DYNAMIC_TYPE_ECC);
     #endif
-        {
-            ForceZero(p, sizeof(sp_point_521));
-        #ifdef WOLFSSL_SP_SMALL_STACK
-            XFREE(p, heap, DYNAMIC_TYPE_ECC);
-        #endif
-        }
+    }
 #endif /* !WC_NO_CACHE_RESISTANT */
 #ifdef WOLFSSL_SP_SMALL_STACK
     if (t != NULL)
@@ -57917,8 +59075,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -57935,7 +59093,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -58025,8 +59183,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58081,7 +59238,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -58226,10 +59383,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58249,7 +59404,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -58262,8 +59417,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -58275,7 +59432,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -58361,10 +59518,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -58481,8 +59640,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58537,7 +59695,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -58682,10 +59840,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58705,7 +59861,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -58718,8 +59874,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -58731,7 +59889,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -58817,10 +59975,12 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -58899,10 +60059,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -58979,10 +60137,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -60993,10 +62149,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61071,10 +62225,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61144,7 +62296,8 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -61155,12 +62308,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -61178,6 +62339,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -61195,6 +62357,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -61273,12 +62440,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61438,10 +62602,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -61971,7 +63133,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x40\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_sub_in_pkace_17_word:\n\t"
+#else
+    "L_sp_521_sub_in_pkace_17_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -61982,10 +63148,12 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_sub_in_pkace_17_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_521_sub_in_pkace_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_521_sub_in_pkace_17_word\n\t"
+#else
+        "BNE.N	L_sp_521_sub_in_pkace_17_word_%=\n\t"
 #endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2}\n\t"
@@ -61997,7 +63165,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -62055,7 +63223,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -62087,7 +63255,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_mul_d_17_word:\n\t"
+#else
+    "L_sp_521_mul_d_17_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -62100,10 +63272,12 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x44\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_521_mul_d_17_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_521_mul_d_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_521_mul_d_17_word\n\t"
+#else
+        "BLT.N	L_sp_521_mul_d_17_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #68]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -62286,7 +63460,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -62326,7 +63500,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_521_word_17_bit:\n\t"
+#else
+    "L_div_521_word_17_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -62336,7 +63514,13 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_521_word_17_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_521_word_17_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_521_word_17_bit\n\t"
+#else
+        "BPL.N	L_div_521_word_17_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -62358,7 +63542,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -62471,14 +63655,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -63031,7 +64215,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r11, #0x0\n\t"
         "ADD	r12, %[a], #0x40\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_sub_17_word:\n\t"
+#else
+    "L_sp_521_sub_17_word_%=:\n\t"
+#endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3, r4, r5, r6}\n\t"
         "LDM	%[b]!, {r7, r8, r9, r10}\n\t"
@@ -63042,10 +64230,12 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "STM	%[r]!, {r3, r4, r5, r6}\n\t"
         "SBC	r11, r3, r3\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_521_sub_17_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_521_sub_17_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_521_sub_17_word\n\t"
+#else
+        "BNE.N	L_sp_521_sub_17_word_%=\n\t"
 #endif
         "RSBS	r11, r11, #0x0\n\t"
         "LDM	%[a]!, {r3}\n\t"
@@ -63057,7 +64247,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -63117,7 +64307,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -63142,10 +64332,12 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m
     __asm__ __volatile__ (
         "LDM	%[a]!, {r4}\n\t"
         "ANDS	r3, r4, #0x1\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_div2_mod_17_even\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_div2_mod_17_even_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_div2_mod_17_even\n\t"
+#else
+        "BEQ.N	L_sp_521_div2_mod_17_even_%=\n\t"
 #endif
         "MOV	r12, #0x0\n\t"
         "LDM	%[a]!, {r5, r6, r7}\n\t"
@@ -63181,13 +64373,19 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m
         "ADCS	r4, r4, r8\n\t"
         "STM	%[r]!, {r4}\n\t"
         "ADC	r3, r12, r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_div2_mod_17_div2\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_div2_mod_17_div2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_div2_mod_17_div2\n\t"
+#else
+        "B.N	L_sp_521_div2_mod_17_div2_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_div2_mod_17_even:\n\t"
+#else
+    "L_sp_521_div2_mod_17_even_%=:\n\t"
+#endif
         "LDM	%[a]!, {r5, r6, r7}\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
@@ -63199,7 +64397,11 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m
         "LDM	%[a]!, {r4}\n\t"
         "STM	%[r]!, {r4}\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_div2_mod_17_div2:\n\t"
+#else
+    "L_sp_521_div2_mod_17_div2_%=:\n\t"
+#endif
         "SUB	%[r], %[r], #0x44\n\t"
         "LDRD	r8, r9, [%[r]]\n\t"
         "LSR	r8, r8, #1\n\t"
@@ -63287,288 +64489,420 @@ static int sp_521_num_bits_17(const sp_digit* a)
     __asm__ __volatile__ (
         "LDR	r1, [%[a], #64]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_16\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_16_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_16\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_16_%=\n\t"
 #endif
         "MOV	r2, #0x220\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_16:\n\t"
+#else
+    "L_sp_521_num_bits_17_16_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #60]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_15\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_15_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_15\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_15_%=\n\t"
 #endif
         "MOV	r2, #0x200\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_15:\n\t"
+#else
+    "L_sp_521_num_bits_17_15_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #56]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_14\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_14_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_14\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_14_%=\n\t"
 #endif
         "MOV	r2, #0x1e0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_14:\n\t"
+#else
+    "L_sp_521_num_bits_17_14_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #52]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_13\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_13_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_13\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_13_%=\n\t"
 #endif
         "MOV	r2, #0x1c0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_13:\n\t"
+#else
+    "L_sp_521_num_bits_17_13_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #48]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_12\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_12_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_12\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_12_%=\n\t"
 #endif
         "MOV	r2, #0x1a0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_12:\n\t"
+#else
+    "L_sp_521_num_bits_17_12_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #44]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_11\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_11_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_11\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_11_%=\n\t"
 #endif
         "MOV	r2, #0x180\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_11:\n\t"
+#else
+    "L_sp_521_num_bits_17_11_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #40]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_10\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_10_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_10\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_10_%=\n\t"
 #endif
         "MOV	r2, #0x160\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_10:\n\t"
+#else
+    "L_sp_521_num_bits_17_10_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #36]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_9\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_9_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_9\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_9_%=\n\t"
 #endif
         "MOV	r2, #0x140\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_9:\n\t"
+#else
+    "L_sp_521_num_bits_17_9_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #32]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_8\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_8_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_8\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_8_%=\n\t"
 #endif
         "MOV	r2, #0x120\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_8:\n\t"
+#else
+    "L_sp_521_num_bits_17_8_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #28]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_7\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_7\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_7_%=\n\t"
 #endif
         "MOV	r2, #0x100\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_7:\n\t"
+#else
+    "L_sp_521_num_bits_17_7_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #24]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_6\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_6\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_6_%=\n\t"
 #endif
         "MOV	r2, #0xe0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_6:\n\t"
+#else
+    "L_sp_521_num_bits_17_6_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #20]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_5\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_5\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_5_%=\n\t"
 #endif
         "MOV	r2, #0xc0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_5:\n\t"
+#else
+    "L_sp_521_num_bits_17_5_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #16]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_4\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_4\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_4_%=\n\t"
 #endif
         "MOV	r2, #0xa0\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_4:\n\t"
+#else
+    "L_sp_521_num_bits_17_4_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #12]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_3\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_3\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_3_%=\n\t"
 #endif
         "MOV	r2, #0x80\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_3:\n\t"
+#else
+    "L_sp_521_num_bits_17_3_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #8]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_2\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_2\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_2_%=\n\t"
 #endif
         "MOV	r2, #0x60\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_2:\n\t"
+#else
+    "L_sp_521_num_bits_17_2_%=:\n\t"
+#endif
         "LDR	r1, [%[a], #4]\n\t"
         "CMP	r1, #0x0\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BEQ	L_sp_521_num_bits_17_1\n\t"
-#else
+#if defined(__GNUC__)
+        "BEQ	L_sp_521_num_bits_17_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BEQ.N	L_sp_521_num_bits_17_1\n\t"
+#else
+        "BEQ.N	L_sp_521_num_bits_17_1_%=\n\t"
 #endif
         "MOV	r2, #0x40\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "B	L_sp_521_num_bits_17_18\n\t"
-#else
+#if defined(__GNUC__)
+        "B	L_sp_521_num_bits_17_18_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "B.N	L_sp_521_num_bits_17_18\n\t"
+#else
+        "B.N	L_sp_521_num_bits_17_18_%=\n\t"
 #endif
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_1:\n\t"
+#else
+    "L_sp_521_num_bits_17_1_%=:\n\t"
+#endif
         "LDR	r1, [%[a]]\n\t"
         "MOV	r2, #0x20\n\t"
         "CLZ	r4, r1\n\t"
         "SUB	r4, r2, r4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_521_num_bits_17_18:\n\t"
+#else
+    "L_sp_521_num_bits_17_18_%=:\n\t"
+#endif
         "MOV	%[a], r4\n\t"
         : [a] "+r" (a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -63867,10 +65201,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64080,8 +65412,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64120,8 +65451,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64229,10 +65559,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64311,10 +65639,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64379,10 +65705,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64443,10 +65767,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64454,7 +65776,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -64496,8 +65818,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -64562,8 +65883,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -67600,7 +68920,7 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -67681,7 +69001,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -67765,7 +69085,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -67889,7 +69209,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -67957,13 +69277,21 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mul_32_outer:\n\t"
+#else
+    "L_sp_1024_mul_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mul_32_inner:\n\t"
+#else
+    "L_sp_1024_mul_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -67979,15 +69307,19 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_mul_32_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_mul_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_1024_mul_32_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_mul_32_inner\n\t"
 #else
+        "BGT.N	L_sp_1024_mul_32_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mul_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_1024_mul_32_inner\n\t"
+#else
+        "BLT.N	L_sp_1024_mul_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[b], r3]\n\t"
@@ -67996,17 +69328,23 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mul_32_inner_done:\n\t"
+#else
+    "L_sp_1024_mul_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_1024_mul_32_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_1024_mul_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_1024_mul_32_outer\n\t"
+#else
+        "BLE.N	L_sp_1024_mul_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "LDR	r11, [%[b], #124]\n\t"
@@ -68015,14 +69353,20 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mul_32_store:\n\t"
+#else
+    "L_sp_1024_mul_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_mul_32_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_mul_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_1024_mul_32_store\n\t"
+#else
+        "BGT.N	L_sp_1024_mul_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
@@ -68055,13 +69399,21 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "MOV	r8, #0x0\n\t"
         "MOV	r5, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_sqr_32_outer:\n\t"
+#else
+    "L_sp_1024_sqr_32_outer_%=:\n\t"
+#endif
         "SUBS	r3, r5, #0x7c\n\t"
         "IT	cc\n\t"
         "MOVCC	r3, #0x0\n\t"
         "SUB	r4, r5, r3\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_sqr_32_inner:\n\t"
+#else
+    "L_sp_1024_sqr_32_inner_%=:\n\t"
+#endif
         "LDR	lr, [%[a], r3]\n\t"
         "LDR	r11, [%[a], r4]\n\t"
         "UMULL	r9, r10, lr, r11\n\t"
@@ -68074,15 +69426,19 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r3, r3, #0x4\n\t"
         "SUB	r4, r4, #0x4\n\t"
         "CMP	r3, r4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_sqr_32_inner_done\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_sqr_32_inner_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_1024_sqr_32_inner_done\n\t"
-#endif
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_sqr_32_inner\n\t"
 #else
+        "BGT.N	L_sp_1024_sqr_32_inner_done_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_sqr_32_inner_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_1024_sqr_32_inner\n\t"
+#else
+        "BLT.N	L_sp_1024_sqr_32_inner_%=\n\t"
 #endif
         "LDR	lr, [%[a], r3]\n\t"
         "UMULL	r9, r10, lr, lr\n\t"
@@ -68090,17 +69446,23 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "ADCS	r7, r7, r10\n\t"
         "ADC	r8, r8, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_sqr_32_inner_done:\n\t"
+#else
+    "L_sp_1024_sqr_32_inner_done_%=:\n\t"
+#endif
         "STR	r6, [sp, r5]\n\t"
         "MOV	r6, r7\n\t"
         "MOV	r7, r8\n\t"
         "MOV	r8, #0x0\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0xf4\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLE	L_sp_1024_sqr_32_outer\n\t"
-#else
+#if defined(__GNUC__)
+        "BLE	L_sp_1024_sqr_32_outer_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLE.N	L_sp_1024_sqr_32_outer\n\t"
+#else
+        "BLE.N	L_sp_1024_sqr_32_outer_%=\n\t"
 #endif
         "LDR	lr, [%[a], #124]\n\t"
         "UMLAL	r6, r7, lr, lr\n\t"
@@ -68108,14 +69470,20 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a)
         "ADD	r5, r5, #0x4\n\t"
         "STR	r7, [sp, r5]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_sqr_32_store:\n\t"
+#else
+    "L_sp_1024_sqr_32_store_%=:\n\t"
+#endif
         "LDM	sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	%[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t"
         "SUBS	r5, r5, #0x20\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BGT	L_sp_1024_sqr_32_store\n\t"
-#else
+#if defined(__GNUC__)
+        "BGT	L_sp_1024_sqr_32_store_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BGT.N	L_sp_1024_sqr_32_store\n\t"
+#else
+        "BGT.N	L_sp_1024_sqr_32_store_%=\n\t"
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
@@ -68230,7 +69598,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "MOV	r10, #0x0\n\t"
         "ADD	r11, %[a], #0x80\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_sub_in_pkace_32_word:\n\t"
+#else
+    "L_sp_1024_sub_in_pkace_32_word_%=:\n\t"
+#endif
         "RSBS	r10, r10, #0x0\n\t"
         "LDM	%[a], {r2, r3, r4, r5}\n\t"
         "LDM	%[b]!, {r6, r7, r8, r9}\n\t"
@@ -68241,17 +69613,19 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         "STM	%[a]!, {r2, r3, r4, r5}\n\t"
         "SBC	r10, r10, r10\n\t"
         "CMP	%[a], r11\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_1024_sub_in_pkace_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_1024_sub_in_pkace_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_1024_sub_in_pkace_32_word\n\t"
+#else
+        "BNE.N	L_sp_1024_sub_in_pkace_32_word_%=\n\t"
 #endif
         "MOV	%[a], r10\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -68282,7 +69656,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r4, #0x0\n\t"
         "MOV	r5, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_cond_sub_32_words:\n\t"
+#else
+    "L_sp_1024_cond_sub_32_words_%=:\n\t"
+#endif
         "SUBS	r4, r8, r4\n\t"
         "LDR	r6, [%[a], r5]\n\t"
         "LDR	r7, [%[b], r5]\n\t"
@@ -68292,17 +69670,19 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r5]\n\t"
         "ADD	r5, r5, #0x4\n\t"
         "CMP	r5, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_cond_sub_32_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_cond_sub_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_1024_cond_sub_32_words\n\t"
+#else
+        "BLT.N	L_sp_1024_cond_sub_32_words_%=\n\t"
 #endif
         "MOV	%[r], r4\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -68446,7 +69826,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -68473,7 +69853,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r3, #0x0\n\t"
         "ADD	r12, %[a], #0x80\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_add_32_word:\n\t"
+#else
+    "L_sp_1024_add_32_word_%=:\n\t"
+#endif
         "ADDS	r3, r3, #0xffffffff\n\t"
         "LDM	%[a]!, {r4, r5, r6, r7}\n\t"
         "LDM	%[b]!, {r8, r9, r10, r11}\n\t"
@@ -68485,17 +69869,19 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         "MOV	r4, #0x0\n\t"
         "ADC	r3, r4, #0x0\n\t"
         "CMP	%[a], r12\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BNE	L_sp_1024_add_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BNE	L_sp_1024_add_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BNE.N	L_sp_1024_add_32_word\n\t"
+#else
+        "BNE.N	L_sp_1024_add_32_word_%=\n\t"
 #endif
         "MOV	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -68527,7 +69913,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "MOV	r9, #0x4\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mul_d_32_word:\n\t"
+#else
+    "L_sp_1024_mul_d_32_word_%=:\n\t"
+#endif
         /* A[i] * B */
         "LDR	r8, [%[a], r9]\n\t"
         "UMULL	r6, r7, %[b], r8\n\t"
@@ -68540,10 +69930,12 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b)
         "MOV	r5, #0x0\n\t"
         "ADD	r9, r9, #0x4\n\t"
         "CMP	r9, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_mul_d_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mul_d_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_1024_mul_d_32_word\n\t"
+#else
+        "BLT.N	L_sp_1024_mul_d_32_word_%=\n\t"
 #endif
         "STR	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
@@ -68801,7 +70193,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -68841,7 +70233,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         /* Next 30 bits */
         "MOV	r4, #0x1d\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_div_1024_word_32_bit:\n\t"
+#else
+    "L_div_1024_word_32_bit_%=:\n\t"
+#endif
         "LSLS	r6, r6, #1\n\t"
         "ADC	r7, r7, r7\n\t"
         "SUBS	r8, r5, r7\n\t"
@@ -68851,7 +70247,13 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         "AND	r8, r8, r5\n\t"
         "SUBS	r7, r7, r8\n\t"
         "SUBS	r4, r4, #0x1\n\t"
-        "bpl	L_div_1024_word_32_bit\n\t"
+#if defined(__GNUC__)
+        "BPL	L_div_1024_word_32_bit_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BPL.N	L_div_1024_word_32_bit\n\t"
+#else
+        "BPL.N	L_div_1024_word_32_bit_%=\n\t"
+#endif
         "ADD	r3, r3, r3\n\t"
         "ADD	r3, r3, #0x1\n\t"
         "UMULL	r6, r7, r3, %[div]\n\t"
@@ -68873,7 +70275,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -68933,7 +70335,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
 #ifdef WOLFSSL_SP_SMALL
         "MOV	r6, #0x7c\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_cmp_32_words:\n\t"
+#else
+    "L_sp_1024_cmp_32_words_%=:\n\t"
+#endif
         "LDR	r4, [%[a], r6]\n\t"
         "LDR	r5, [%[b], r6]\n\t"
         "AND	r4, r4, r3\n\t"
@@ -68946,7 +70352,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         "IT	ne\n\t"
         "movne	r3, r7\n\t"
         "SUBS	r6, r6, #0x4\n\t"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "bcs	L_sp_1024_cmp_32_words\n\t"
+#else
+        "bcs	L_sp_1024_cmp_32_words_%=\n\t"
+#endif
         "EOR	r2, r2, r3\n\t"
 #else
         "LDR	r4, [%[a], #124]\n\t"
@@ -69308,7 +70718,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -69427,16 +70837,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -69666,7 +71076,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r4, [%[a]]\n\t"
         "LDR	r5, [%[a], #4]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_1024_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	r10, %[mp], r4\n\t"
         /* a[i+0] += m[0] * mu */
@@ -69928,10 +71342,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r11, r11, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r11, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_1024_mont_reduce_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_1024_mont_reduce_32_word\n\t"
+#else
+        "BLT.W	L_sp_1024_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r4, [%[a]]\n\t"
@@ -69978,7 +71394,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "LDR	r9, [%[a], #12]\n\t"
         "LDR	r10, [%[a], #16]\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_mont_reduce_32_word:\n\t"
+#else
+    "L_sp_1024_mont_reduce_32_word_%=:\n\t"
+#endif
         /* mu = a[i] * mp */
         "MUL	lr, %[mp], r6\n\t"
         /* a[i+0] += m[0] * mu */
@@ -70145,10 +71565,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s
         "ADD	r4, r4, #0x4\n\t"
         "ADD	%[a], %[a], #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#ifdef __GNUC__
-        "BLT	L_sp_1024_mont_reduce_32_word\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_mont_reduce_32_word_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.W	L_sp_1024_mont_reduce_32_word\n\t"
+#else
+        "BLT.W	L_sp_1024_mont_reduce_32_word_%=\n\t"
 #endif
         /* Loop Done */
         "STR	r6, [%[a]]\n\t"
@@ -70201,7 +71623,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -70291,7 +71713,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -70300,7 +71722,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -71163,7 +72585,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "MOV	r8, #0x0\n\t"
         "MOV	r4, #0x0\n\t"
         "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
     "L_sp_1024_cond_add_32_words:\n\t"
+#else
+    "L_sp_1024_cond_add_32_words_%=:\n\t"
+#endif
         "ADDS	r5, r5, #0xffffffff\n\t"
         "LDR	r6, [%[a], r4]\n\t"
         "LDR	r7, [%[b], r4]\n\t"
@@ -71173,17 +72599,19 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         "STR	r6, [%[r], r4]\n\t"
         "ADD	r4, r4, #0x4\n\t"
         "CMP	r4, #0x80\n\t"
-#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
-        "BLT	L_sp_1024_cond_add_32_words\n\t"
-#else
+#if defined(__GNUC__)
+        "BLT	L_sp_1024_cond_add_32_words_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
         "BLT.N	L_sp_1024_cond_add_32_words\n\t"
+#else
+        "BLT.N	L_sp_1024_cond_add_32_words_%=\n\t"
 #endif
         "MOV	%[r], r5\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -71327,7 +72755,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71792,8 +73220,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -71810,7 +73238,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -71984,8 +73412,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -72002,7 +73430,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -72343,8 +73771,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -72361,7 +73789,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -72451,8 +73879,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72551,10 +73978,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72574,7 +73999,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -72587,8 +74012,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -72600,7 +74027,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -72686,10 +74113,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -72806,8 +74235,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72906,10 +74334,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -72929,7 +74355,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -72942,8 +74368,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -72955,7 +74383,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -73041,10 +74469,12 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -73123,10 +74553,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76761,10 +78189,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76839,10 +78265,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76876,7 +78300,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -76907,10 +78331,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -76936,7 +78358,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -77003,10 +78425,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -77153,9 +78573,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -79051,9 +80469,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -79421,9 +80837,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -79848,9 +81262,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res)
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -79880,7 +81292,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -80109,7 +81521,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -80216,9 +81628,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(neg, 1, NULL);
     sp_1024_point_free_32(c, 1, NULL);
@@ -80411,9 +81821,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_32(c, 1, NULL);
     sp_1024_point_free_32(q, 1, NULL);
@@ -80436,7 +81844,8 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -80447,12 +81856,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -80506,7 +81923,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
@@ -80514,8 +81931,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -80554,8 +81970,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -80663,10 +82078,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_dsp32.c b/wolfcrypt/src/sp_dsp32.c
index fd7b88c42..579831b99 100644
--- a/wolfcrypt/src/sp_dsp32.c
+++ b/wolfcrypt/src/sp_dsp32.c
@@ -1,6 +1,6 @@
 /* sp_cdsp_signed.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -296,9 +296,7 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -1311,7 +1309,7 @@ static void sp_256_mont_sqr_n_10(sp_digit* r, const sp_digit* a, int n,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_2[8] = {
+static const word32 p256_mod_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -1392,10 +1390,10 @@ static void sp_256_mont_inv_10(sp_digit* r, const sp_digit* a, sp_digit* td)
 }
 
 
-/* Map the Montgomery form projective co-ordinate point to an affine point.
+/* Map the Montgomery form projective coordinate point to an affine point.
  *
- * r  Resulting affine co-ordinate point.
- * p  Montgomery form projective co-ordinate point.
+ * r  Resulting affine coordinate point.
+ * p  Montgomery form projective coordinate point.
  * t  Temporary ordinate data.
  */
 static void sp_256_map_10(sp_point* r, const sp_point* p, sp_digit* t)
@@ -1912,7 +1910,7 @@ static void sp_256_proj_point_add_10(sp_point* r, const sp_point* p, const sp_po
 
 #ifdef WOLFSSL_SP_SMALL
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2008,7 +2006,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
 
 #elif !defined(WC_NO_CACHE_RESISTANT)
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2121,7 +2119,7 @@ typedef struct sp_table_entry {
 } sp_table_entry;
 
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2519,7 +2517,7 @@ static int sp_256_gen_stripe_table_10(const sp_point* a,
 
 #endif /* FP_ECC */
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -2592,9 +2590,7 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point* r, const sp_point* g,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (t != NULL) {
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p, 0, heap);
     sp_ecc_point_free(rt, 0, heap);
@@ -2611,7 +2607,7 @@ typedef struct sp_cache_t {
     sp_digit x[10] __attribute__((aligned(128)));
     sp_digit y[10] __attribute__((aligned(128)));
     sp_table_entry table[256] __attribute__((aligned(128)));
-    uint32_t cnt;
+    word32 cnt;
     int set;
 } sp_cache_t;
 
@@ -2620,14 +2616,16 @@ static THREAD_LS_T int sp_cache_last = -1;
 static THREAD_LS_T int sp_cache_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    static wolfSSL_Mutex sp_cache_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_lock);
+#ifdef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex = 0;
-    static wolfSSL_Mutex sp_cache_lock;
+#endif
 #endif
 
 static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
 {
     int i, j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -2681,7 +2679,7 @@ static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
 #endif /* FP_ECC */
 
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2701,10 +2699,12 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
     int err = MP_OKAY;
 
 #ifndef HAVE_THREAD_LS
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (initCacheMutex == 0) {
          wc_InitMutex(&sp_cache_lock);
          initCacheMutex = 1;
     }
+#endif
     if (wc_LockMutex(&sp_cache_lock) != 0)
        err = BAD_MUTEX_E;
 #endif /* HAVE_THREAD_LS */
@@ -2735,7 +2735,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
 
 #ifdef WOLFSSL_SP_SMALL
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -4033,7 +4033,7 @@ static const sp_table_entry p256_table[256] = {
 };
 
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -4229,9 +4229,7 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, sp_digit* m,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4253,13 +4251,13 @@ static int sp_256_mod_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_2[8] = {
+static const word32 p256_order_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P256 curve. */
-static const uint32_t p256_order_low[4] = {
+static const word32 p256_order_low[4] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -4526,8 +4524,7 @@ int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32*
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (d != NULL)
-        XFREE(d, heap, DYNAMIC_TYPE_ECC);
+    XFREE(d, heap, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p1, 0, heap);
     sp_ecc_point_free(p2, 0, heap);
@@ -4541,21 +4538,21 @@ void wc_ecc_fp_free(void)
 }
 
 
-AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle) 
+AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle)
 {
   /* can be any value or ignored, rpc layer doesn't care
    * also ok
    * *handle = 0;
    * *handle = 0xdeadc0de;
    */
-   *handle = (remote_handle64)malloc(1);
+   *handle = (remote_handle64)XMALLOC(1, NULL, DYNAMIC_TYPE_ECC);
    return 0;
 }
 
-AEEResult wolfSSL_close(remote_handle64 handle) 
+AEEResult wolfSSL_close(remote_handle64 handle)
 {
    if (handle)
-      free((void*)handle);
+      XFREE((void*)handle, NULL, DYNAMIC_TYPE_ECC);
    return 0;
 }
 #endif /* HAVE_ECC_VERIFY */
@@ -4627,9 +4624,7 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (tmp != NULL) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(q, 0, NULL);
     sp_ecc_point_free(p, 0, NULL);
@@ -4692,9 +4687,7 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (tmp != NULL) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p, 0, NULL);
 
@@ -4750,9 +4743,7 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (tmp != NULL) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
 #endif
     sp_ecc_point_free(p, 0, NULL);
 
@@ -4827,9 +4818,7 @@ static int sp_256_mont_sqrt_10(sp_digit* y)
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (d != NULL) {
-        XFREE(d, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(d, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -4902,9 +4891,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    if (d != NULL) {
-        XFREE(d, NULL, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(d, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 94fc01c35..39de4a594 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -1,6 +1,6 @@
 /* sp_int.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,6 +31,7 @@ This library provides single precision (SP) integer math functions.
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
 
@@ -115,6 +116,14 @@ This library provides single precision (SP) integer math functions.
 
 #include <wolfssl/wolfcrypt/sp_int.h>
 
+#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+    /* force off unneeded vector register save/restore. */
+    #undef SAVE_VECTOR_REGISTERS
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #undef RESTORE_VECTOR_REGISTERS
+    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+#endif
+
 /* DECL_SP_INT: Declare one variable of type 'sp_int'. */
 #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
     !defined(WOLFSSL_SP_NO_MALLOC)
@@ -159,7 +168,7 @@ This library provides single precision (SP) integer math functions.
     do {                                                                       \
         ALLOC_SP_INT(n, s, err, h);                                            \
         if ((err) == MP_OKAY) {                                                \
-            (n)->size = (s);                                                   \
+            (n)->size = (sp_size_t)(s);                                        \
         }                                                                      \
     }                                                                          \
     while (0)
@@ -167,7 +176,7 @@ This library provides single precision (SP) integer math functions.
     /* Array declared on stack - check size is valid. */
     #define ALLOC_SP_INT(n, s, err, h)                                         \
     do {                                                                       \
-        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+        if (((err) == MP_OKAY) && ((s) > (int)SP_INT_DIGITS)) {                \
             (err) = MP_VAL;                                                    \
         }                                                                      \
     }                                                                          \
@@ -178,7 +187,7 @@ This library provides single precision (SP) integer math functions.
     do {                                                                       \
         ALLOC_SP_INT(n, s, err, h);                                            \
         if ((err) == MP_OKAY) {                                                \
-            (n)->size = (unsigned int)(s);                                     \
+            (n)->size = (sp_size_t)(s);                                        \
         }                                                                      \
     }                                                                          \
     while (0)
@@ -202,9 +211,10 @@ This library provides single precision (SP) integer math functions.
 
 
 /* Declare a variable that will be assigned a value on XMALLOC. */
-#define DECL_DYN_SP_INT_ARRAY(n, s, c)  \
-    sp_int* n##d = NULL;            \
-    sp_int* (n)[c] = { NULL, }
+#define DECL_DYN_SP_INT_ARRAY(n, s, c)               \
+    sp_int* n##d = NULL;                             \
+    sp_int* (n)[c];                                  \
+    void *n ## _dummy_var = XMEMSET(n, 0, sizeof(n))
 
 /* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */
 #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
@@ -212,19 +222,17 @@ This library provides single precision (SP) integer math functions.
     /* Declare a variable that will be assigned a value on XMALLOC. */
     #define DECL_SP_INT_ARRAY(n, s, c)  \
         DECL_DYN_SP_INT_ARRAY(n, s, c)
-#else
-    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
         !defined(WOLFSSL_SP_NO_DYN_STACK)
-        /* Declare a variable on the stack with the required data size. */
-        #define DECL_SP_INT_ARRAY(n, s, c)          \
-            byte    n##d[MP_INT_SIZEOF(s) * (c)];   \
-            sp_int* (n)[c] = { NULL, }
-    #else
-        /* Declare a variable on the stack. */
-        #define DECL_SP_INT_ARRAY(n, s, c)      \
-            sp_int n##d[c];                     \
-            sp_int* (n)[c]
-    #endif
+    /* Declare a variable on the stack with the required data size. */
+    #define DECL_SP_INT_ARRAY(n, s, c)          \
+        byte    n##d[MP_INT_SIZEOF(s) * (c)];   \
+        sp_int* (n)[c] = { NULL, }
+#else
+    /* Declare a variable on the stack. */
+    #define DECL_SP_INT_ARRAY(n, s, c)      \
+        sp_int n##d[c];                     \
+        sp_int* (n)[c]
 #endif
 
 /* Dynamically allocate just enough data to support multiple sp_ints of the
@@ -232,6 +240,7 @@ This library provides single precision (SP) integer math functions.
  */
 #define ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h)                                \
 do {                                                                           \
+    (void)n ## _dummy_var;                                                     \
     if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                         \
         (err) = MP_VAL;                                                        \
     }                                                                          \
@@ -244,10 +253,10 @@ do {                                                                           \
         else {                                                                 \
             int n##ii;                                                         \
             (n)[0] = n##d;                                                     \
-            (n)[0]->size = (s);                                                \
+            (n)[0]->size = (sp_size_t)(s);                                     \
             for (n##ii = 1; n##ii < (int)(c); n##ii++) {                       \
                 (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                     \
-                (n)[n##ii]->size = (s);                                        \
+                (n)[n##ii]->size = (sp_size_t)(s);                             \
             }                                                                  \
         }                                                                      \
     }                                                                          \
@@ -259,47 +268,45 @@ while (0)
     !defined(WOLFSSL_SP_NO_MALLOC)
     #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
         ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h)
-#else
-    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
         !defined(WOLFSSL_SP_NO_DYN_STACK)
-        /* Data declared on stack that supports multiple sp_ints of the
-         * required size. Use pointers into data to make up array and set sizes.
-         */
-        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \
-        do {                                                                   \
-            if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                 \
-                (err) = MP_VAL;                                                \
-            }                                                                  \
-            if ((err) == MP_OKAY) {                                            \
-                int n##ii;                                                     \
-                (n)[0] = (sp_int*)n##d;                                        \
-                ((sp_int_minimal*)(n)[0])->size = (s);                         \
-                for (n##ii = 1; n##ii < (int)(c); n##ii++) {                   \
-                    (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                 \
-                    ((sp_int_minimal*)(n)[n##ii])->size = (s);                 \
-                }                                                              \
+    /* Data declared on stack that supports multiple sp_ints of the
+     * required size. Use pointers into data to make up array and set sizes.
+     */
+    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \
+    do {                                                                       \
+        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+            (err) = MP_VAL;                                                    \
+        }                                                                      \
+        if ((err) == MP_OKAY) {                                                \
+            int n##ii;                                                         \
+            (n)[0] = (sp_int*)n##d;                                            \
+            ((sp_int_minimal*)(n)[0])->size = (sp_size_t)(s);                  \
+            for (n##ii = 1; n##ii < (int)(c); n##ii++) {                       \
+                (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                     \
+                ((sp_int_minimal*)(n)[n##ii])->size = (sp_size_t)(s);          \
             }                                                                  \
         }                                                                      \
-        while (0)
-    #else
-        /* Data declared on stack that supports multiple sp_ints of the
-         * required size. Set into array and set sizes.
-         */
-        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \
-        do {                                                                   \
-            if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                 \
-                (err) = MP_VAL;                                                \
-            }                                                                  \
-            if ((err) == MP_OKAY) {                                            \
-                int n##ii;                                                     \
-                for (n##ii = 0; n##ii < (int)(c); n##ii++) {                   \
-                    (n)[n##ii] = &n##d[n##ii];                                 \
-                    (n)[n##ii]->size = (s);                                    \
-                }                                                              \
+    }                                                                          \
+    while (0)
+#else
+    /* Data declared on stack that supports multiple sp_ints of the
+     * required size. Set into array and set sizes.
+     */
+    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \
+    do {                                                                       \
+        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+            (err) = MP_VAL;                                                    \
+        }                                                                      \
+        if ((err) == MP_OKAY) {                                                \
+            int n##ii;                                                         \
+            for (n##ii = 0; n##ii < (int)(c); n##ii++) {                       \
+                (n)[n##ii] = &n##d[n##ii];                                     \
+                (n)[n##ii]->size = (sp_size_t)(s);                             \
             }                                                                  \
         }                                                                      \
-        while (0)
-    #endif
+    }                                                                          \
+    while (0)
 #endif
 
 /* Free data variable that was dynamically allocated. */
@@ -346,8 +353,8 @@ while (0)
         "movq	%%rax, %[l]	\n\t"                    \
         "movq	%%rdx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
-        : "memory", "%rax", "%rdx", "cc"                 \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
+        : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -370,7 +377,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and add double size result into: vh | vl */
@@ -381,7 +388,7 @@ while (0)
         "addq	%%rax, %[l]	\n\t"                    \
         "adcq	%%rdx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl */
@@ -396,7 +403,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl
@@ -412,7 +419,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Square va and store double size result in: vh | vl */
@@ -423,8 +430,8 @@ while (0)
         "movq	%%rax, %[l]	\n\t"                    \
         "movq	%%rdx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va)                                   \
-        : "memory", "%rax", "%rdx", "cc"                 \
+        : [a] "rm" (va)                                  \
+        : "%rax", "%rdx", "cc"                           \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -435,7 +442,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Square va and add double size result into: vh | vl */
@@ -446,7 +453,7 @@ while (0)
         "addq	%%rax, %[l]	\n\t"                    \
         "adcq	%%rdx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Add va into: vh | vl */
@@ -455,10 +462,9 @@ while (0)
         "addq	%[a], %[l]	\n\t"                    \
         "adcq	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
-/* Add va, variable in a register, into: vh | vl */
 #define SP_ASM_ADDC_REG(vl, vh, va)                      \
     __asm__ __volatile__ (                               \
         "addq	%[a], %[l]	\n\t"                    \
@@ -473,7 +479,7 @@ while (0)
         "subq	%[a], %[l]	\n\t"                    \
         "sbbq	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
 /* Sub va from: vh | vl */
@@ -696,8 +702,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "movl	%%eax, %[l]	\n\t"                    \
         "movl	%%edx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
-        : "memory", "eax", "edx", "cc"                   \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
+        : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -719,8 +725,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
-        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
-        : [a] "r" (va), [b] "r" (vb)                     \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and add double size result into: vh | vl */
@@ -731,7 +737,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl */
@@ -745,8 +751,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
-        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
-        : [a] "r" (va), [b] "r" (vb)                     \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl
@@ -762,7 +768,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Square va and store double size result in: vh | vl */
@@ -773,8 +779,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "movl	%%eax, %[l]	\n\t"                    \
         "movl	%%edx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va)                                   \
-        : "memory", "eax", "edx", "cc"                   \
+        : [a] "rm" (va)                                  \
+        : "eax", "edx", "cc"                             \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -784,8 +790,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
-        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
-        : [a] "m" (va)                                   \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "rm" (va)                                  \
         : "eax", "edx", "cc"                             \
     )
 /* Square va and add double size result into: vh | vl */
@@ -796,7 +802,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "eax", "edx", "cc"                             \
     )
 /* Add va into: vh | vl */
@@ -805,10 +811,9 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%[a], %[l]	\n\t"                    \
         "adcl	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
-/* Add va, variable in a register, into: vh | vl */
 #define SP_ASM_ADDC_REG(vl, vh, va)                      \
     __asm__ __volatile__ (                               \
         "addl	%[a], %[l]	\n\t"                    \
@@ -823,7 +828,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "subl	%[a], %[l]	\n\t"                    \
         "sbbl	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
 /* Sub va from: vh | vl */
@@ -854,7 +859,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "bsr	%[a], %[i]	\n\t"                    \
         : [i] "=r" (vi)                                  \
         : [a] "r" (va)                                   \
-        : "cC"                                           \
+        : "cc"                                           \
     )
 
 #ifndef WOLFSSL_SP_DIV_WORD_HALF
@@ -897,7 +902,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umulh	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "cc"                                 \
+        : "cc"                                           \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -908,7 +913,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mov	%[o], xzr		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "x8"                                           \
+        : "x8", "cc"                                     \
     )
 /* Multiply va by vb and add double size result into: vo | vh | vl */
 #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
@@ -971,7 +976,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umulh	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        : "cc"                                           \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -1128,7 +1133,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umull	%[l], %[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -1137,7 +1141,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mov	%[o], #0		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
         : [a] "r" (va), [b] "r" (vb)                     \
-        :                                                \
     )
 /* Multiply va by vb and add double size result into: vo | vh | vl */
 #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
@@ -1156,7 +1159,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umlal	%[l], %[h], %[a], %[b]	\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        :                                                \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl */
 #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
@@ -1193,7 +1195,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umull	%[l], %[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -1252,7 +1253,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "clz	%[n], %[a]	\n\t"                    \
         : [n] "=r" (vn)                                  \
         : [a] "r" (va)                                   \
-        :                                                \
     )
 #endif
 
@@ -3451,7 +3451,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         :
         : "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)hi;
+    return (sp_uint32)(size_t)hi;
 }
 
 #define SP_ASM_DIV_WORD
@@ -3466,6 +3466,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
  * CPU: PPC64
  */
 
+    #ifdef __APPLE__
+
 /* Multiply va by vb and store double size result in: vh | vl */
 #define SP_ASM_MUL(vl, vh, va, vb)                       \
     __asm__ __volatile__ (                               \
@@ -3473,7 +3475,155 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhdu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
+    )
+/* Multiply va by vb and store double size result in: vo | vh | vl */
+#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulhdu	%[h], %[a], %[b]	\n\t"            \
+        "mulld	%[l], %[a], %[b]	\n\t"            \
+        "li	%[o], 0			\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
+    )
+/* Multiply va by vb and add double size result into: vo | vh | vl */
+#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result into: vh | vl */
+#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl */
+#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl
+ * Assumes first add will not overflow vh | vl
+ */
+#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and store double size result in: vh | vl */
+#define SP_ASM_SQR(vl, vh, va)                           \
+    __asm__ __volatile__ (                               \
+        "mulld	%[l], %[a], %[a]	\n\t"            \
+        "mulhdu	%[h], %[a], %[a]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+/* Square va and add double size result into: vo | vh | vl */
+#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[a]		\n\t"            \
+        "mulhdu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and add double size result into: vh | vl */
+#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[a]		\n\t"            \
+        "mulhdu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Add va into: vh | vl */
+#define SP_ASM_ADDC(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "addze	%[h], %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "cc"                                           \
+    )
+/* Sub va from: vh | vl */
+#define SP_ASM_SUBB(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "subfc	%[l], %[a], %[l]	\n\t"            \
+        "li    r16, 0			\n\t"            \
+        "subfe %[h], r16, %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "cc"                                    \
+    )
+/* Add two times vc | vb | va into vo | vh | vl */
+#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \
+        : "cc"                                           \
+    )
+/* Count leading zeros. */
+#define SP_ASM_LZCNT(va, vn)                             \
+    __asm__ __volatile__ (                               \
+        "cntlzd	%[n], %[a]	\n\t"                    \
+        : [n] "=r" (vn)                                  \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+
+    #else  /* !defined(__APPLE__) */
+
+/* Multiply va by vb and store double size result in: vh | vl */
+#define SP_ASM_MUL(vl, vh, va, vb)                       \
+    __asm__ __volatile__ (                               \
+        "mulld	%[l], %[a], %[b]	\n\t"            \
+        "mulhdu	%[h], %[a], %[b]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -3546,7 +3696,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhdu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -3612,6 +3762,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         :                                                \
     )
 
+    #endif /* !defined(__APPLE__) */
+
 #define SP_INT_ASM_AVAILABLE
 
     #endif /* WOLFSSL_SP_PPC64 && SP_WORD_SIZE == 64 */
@@ -3621,6 +3773,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
  * CPU: PPC 32-bit
  */
 
+    #ifdef __APPLE__
+
 /* Multiply va by vb and store double size result in: vh | vl */
 #define SP_ASM_MUL(vl, vh, va, vb)                       \
     __asm__ __volatile__ (                               \
@@ -3628,7 +3782,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhwu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -3640,6 +3794,152 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         : [a] "r" (va), [b] "r" (vb)                     \
     )
 /* Multiply va by vb and add double size result into: vo | vh | vl */
+#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result into: vh | vl */
+#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl */
+#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl
+ * Assumes first add will not overflow vh | vl
+ */
+#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and store double size result in: vh | vl */
+#define SP_ASM_SQR(vl, vh, va)                           \
+    __asm__ __volatile__ (                               \
+        "mullw	%[l], %[a], %[a]	\n\t"            \
+        "mulhwu	%[h], %[a], %[a]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+/* Square va and add double size result into: vo | vh | vl */
+#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[a]		\n\t"            \
+        "mulhwu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and add double size result into: vh | vl */
+#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[a]		\n\t"            \
+        "mulhwu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Add va into: vh | vl */
+#define SP_ASM_ADDC(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "addze	%[h], %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "cc"                                           \
+    )
+/* Sub va from: vh | vl */
+#define SP_ASM_SUBB(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "subfc	%[l], %[a], %[l]	\n\t"            \
+        "li	r16, 0			\n\t"            \
+        "subfe	%[h], r16, %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "cc"                                    \
+    )
+/* Add two times vc | vb | va into vo | vh | vl */
+#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \
+        : "cc"                                           \
+    )
+/* Count leading zeros. */
+#define SP_ASM_LZCNT(va, vn)                             \
+    __asm__ __volatile__ (                               \
+        "cntlzw	%[n], %[a]	\n\t"                    \
+        : [n] "=r" (vn)                                  \
+        : [a] "r" (va)                                   \
+    )
+
+    #else /* !defined(__APPLE__) */
+
+/* Multiply va by vb and store double size result in: vh | vl */
+#define SP_ASM_MUL(vl, vh, va, vb)                       \
+    __asm__ __volatile__ (                               \
+        "mullw	%[l], %[a], %[b]	\n\t"            \
+        "mulhwu	%[h], %[a], %[b]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
+    )
+/* Multiply va by vb and store double size result in: vo | vh | vl */
+#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulhwu	%[h], %[a], %[b]	\n\t"            \
+        "mullw	%[l], %[a], %[b]	\n\t"            \
+        "xor	%[o], %[o], %[o]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+    )
+/* Multiply va by vb and add double size result into: vo | vh | vl */
 #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
     __asm__ __volatile__ (                               \
         "mullw	16, %[a], %[b]		\n\t"            \
@@ -3700,7 +4000,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhwu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -3738,7 +4038,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
 #define SP_ASM_SUBB(vl, vh, va)                          \
     __asm__ __volatile__ (                               \
         "subfc	%[l], %[a], %[l]	\n\t"            \
-        "li	16, 0			\n\t"            \
+        "xor	16, 16, 16		\n\t"            \
         "subfe	%[h], 16, %[h]		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
         : [a] "r" (va)                                   \
@@ -3765,6 +4065,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         : [a] "r" (va)                                   \
     )
 
+    #endif /* !defined(__APPLE__) */
+
 #define SP_INT_ASM_AVAILABLE
 
     #endif /* WOLFSSL_SP_PPC && SP_WORD_SIZE == 64 */
@@ -3782,7 +4084,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "$lo", "$hi"                         \
+        : "$lo", "$hi"                                   \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -3885,7 +4187,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory", "$lo", "$hi"                         \
+        : "$lo", "$hi"                                   \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -3983,7 +4285,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "%lo", "%hi"                         \
+        : "%lo", "%hi"                                   \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4086,7 +4388,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory", "%lo", "%hi"                         \
+        : "%lo", "%hi"                                   \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4183,7 +4485,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4280,7 +4582,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4375,7 +4677,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4472,7 +4774,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4569,7 +4871,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "lgr	%[h], %%r0		\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "r0", "r1"                           \
+        : "r0", "r1"                                     \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4649,7 +4951,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "lgr	%[h], %%r0		\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory", "r0", "r1"                           \
+        : "r0", "r1"                                     \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4778,46 +5080,6 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct);
 static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho);
 #endif
 
-/* Determine when mp_add_d is required. */
-#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
-    !defined(NO_DSA) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(OPENSSL_EXTRA)
-#define WOLFSSL_SP_ADD_D
-#endif
-/* Determine when mp_sub_d is required. */
-#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
-#define WOLFSSL_SP_SUB_D
-#endif
-/* Determine when mp_read_radix with a radix of 10 is required. */
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \
-    !defined(NO_DSA) || defined(OPENSSL_EXTRA)
-#define WOLFSSL_SP_READ_RADIX_16
-#endif
-/* Determine when mp_read_radix with a radix of 10 is required. */
-#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)
-#define WOLFSSL_SP_READ_RADIX_10
-#endif
-/* Determine when mp_invmod is required. */
-#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
-#define WOLFSSL_SP_INVMOD
-#endif
-/* Determine when mp_invmod_mont_ct is required. */
-#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
-#define WOLFSSL_SP_INVMOD_MONT_CT
-#endif
-
-/* Determine when mp_prime_gen is required. */
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-    !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
-    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
-#define WOLFSSL_SP_PRIME_GEN
-#endif
 
 /* Set the multi-precision number to zero.
  *
@@ -4851,7 +5113,7 @@ static void _sp_init_size(sp_int* a, unsigned int size)
 #endif
     _sp_zero((sp_int*)am);
 
-    am->size = size;
+    a->size = (sp_size_t)size;
 }
 
 /* Initialize the multi-precision number to be zero with a given max size.
@@ -4867,7 +5129,7 @@ int sp_init_size(sp_int* a, unsigned int size)
     int err = MP_OKAY;
 
     /* Validate parameters. Don't use size more than max compiled. */
-    if ((a == NULL) || ((size <= 0) || (size > SP_INT_DIGITS))) {
+    if ((a == NULL) || ((size == 0) || (size > SP_INT_DIGITS))) {
         err = MP_VAL;
     }
 
@@ -5037,7 +5299,7 @@ void sp_forcezero(sp_int* a)
     /* Zeroize when a vald pointer passed in. */
     if (a != NULL) {
         /* Ensure all data zeroized - data not zeroed when used decreases. */
-        ForceZero(a->dp, a->size * SP_WORD_SIZEOF);
+        ForceZero(a->dp, a->size * (word32)SP_WORD_SIZEOF);
         /* Set back to zero. */
     #ifdef HAVE_WOLF_BIGINT
         /* Zeroize the raw data as well. */
@@ -5064,7 +5326,7 @@ static void _sp_copy(const sp_int* a, sp_int* r)
         r->dp[0] = 0;
     }
     else {
-        XMEMCPY(r->dp, a->dp, a->used * SP_WORD_SIZEOF);
+        XMEMCPY(r->dp, a->dp, a->used * (word32)SP_WORD_SIZEOF);
     }
     /* Set number of used words in result. */
     r->used = a->used;
@@ -5206,8 +5468,8 @@ int sp_exch(sp_int* a, sp_int* b)
         ALLOC_SP_INT(t, a->used, err, NULL);
         if (err == MP_OKAY) {
             /* Cache allocated size of a and b. */
-            unsigned int asize = a->size;
-            unsigned int bsize = b->size;
+            sp_size_t asize = a->size;
+            sp_size_t bsize = b->size;
             /* Copy all of SP int: t <- a, a <- b, b <- t. */
             XMEMCPY(t, a, MP_INT_SIZEOF(a->used));
             XMEMCPY(a, b, MP_INT_SIZEOF(b->used));
@@ -5243,9 +5505,9 @@ int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t)
     sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap;
 
     /* XOR other fields in sp_int into temp - mask set when swapping. */
-    t->used = (a->used ^ b->used) & (unsigned int)mask;
+    t->used = (a->used ^ b->used) & (sp_size_t)mask;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    t->sign = (a->sign ^ b->sign) & (unsigned int)mask;
+    t->sign = (a->sign ^ b->sign) & (sp_uint8)mask;
 #endif
 
     /* XOR requested words into temp - mask set when swapping. */
@@ -5408,7 +5670,8 @@ int sp_cmp_mag(const sp_int* a, const sp_int* b)
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) || !defined(NO_DSA) || \
     defined(OPENSSL_EXTRA) || !defined(NO_DH) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
+    (!defined(NO_RSA) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \
+     defined(WOLFSSL_KEY_GEN)))
 /* Compare two multi-precision numbers.
  *
  * Assumes a and b are not NULL.
@@ -5710,7 +5973,7 @@ int sp_cnt_lsb(const sp_int* a)
         unsigned int j;
 
         /* Count least significant words that are zero. */
-        for (i = 0; i < a->used && a->dp[i] == 0; i++, bc += SP_WORD_SIZE) {
+        for (i = 0; (i < a->used) && (a->dp[i] == 0); i++, bc += SP_WORD_SIZE) {
         }
 
         /* Use 4-bit table to get count. */
@@ -5781,7 +6044,7 @@ int sp_set_bit(sp_int* a, int i)
 {
     int err = MP_OKAY;
     /* Get index of word to set. */
-    unsigned int w = (unsigned int)(i >> SP_WORD_SHIFT);
+    sp_size_t w = (sp_size_t)(i >> SP_WORD_SHIFT);
 
     /* Check for valid number and and space for bit. */
     if ((a == NULL) || (i < 0) || (w >= a->size)) {
@@ -5802,7 +6065,7 @@ int sp_set_bit(sp_int* a, int i)
         a->dp[w] |= (sp_int_digit)1 << s;
         /* Update used if necessary */
         if (a->used <= w) {
-            a->used = w + 1;
+            a->used = (sp_size_t)(w + 1U);
         }
     }
 
@@ -6243,7 +6506,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r)
     !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
      !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
+    defined(WOLFSSL_SP_MUL_D)
 /* Multiply a by digit n and put result into r shifting up o digits.
  *   r = (a * n) << (o * SP_WORD_SIZE)
  *
@@ -6317,7 +6581,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
         }
     }
     /* Update number of words in result. */
-    r->used = o;
+    r->used = (sp_size_t)o;
     /* In case n is zero. */
     sp_clamp(r);
 
@@ -6326,8 +6590,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
 #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
         *  WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+#ifdef WOLFSSL_SP_MUL_D
 /* Multiply a by digit n and put result into r. r = a * n
  *
  * @param  [in]   a  SP integer to multiply.
@@ -6365,8 +6628,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r)
 
     return err;
 }
-#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
-        * (WOLFSSL_KEY_GEN && !NO_RSA) */
+#endif /* WOLFSSL_SP_MUL_D */
 
 /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
@@ -7031,7 +7293,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r)
 
 #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD)
 /* Divides a by 2 and stores in r: r = a >> 1
  *
  * @param  [in]   a  SP integer to divide.
@@ -7048,7 +7310,7 @@ static void _sp_div_2(const sp_int* a, sp_int* r)
     /* Last word only needs to be shifted down. */
     r->dp[i] = a->dp[i] >> 1;
     /* Set used to be all words seen. */
-    r->used = (unsigned int)i + 1;
+    r->used = (sp_size_t)(i + 1);
     /* Remove leading zeros. */
     sp_clamp(r);
 #ifdef WOLFSSL_SP_INT_NEGATIVE
@@ -7124,7 +7386,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
     #endif
         /* Mask to apply to modulus. */
         sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1);
-        unsigned int i;
+        sp_size_t i;
 
     #if 0
         sp_print(a, "a");
@@ -7169,7 +7431,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
         r->dp[i] = l;
     #endif
         /* Used includes carry - set or not. */
-        r->used = i + 1;
+        r->used = (sp_size_t)(i + 1);
     #ifdef WOLFSSL_SP_INT_NEGATIVE
         r->sign = MP_ZPOS;
     #endif
@@ -7199,7 +7461,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
  */
 static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
 {
-    unsigned int i = 0;
+    sp_size_t i = 0;
 #ifndef SQR_MUL_ASM
     sp_int_word t = 0;
 #else
@@ -7320,10 +7582,10 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
     /* Put in carry. */
 #ifndef SQR_MUL_ASM
     r->dp[i] = (sp_int_digit)t;
-    r->used += (t != 0);
+    r->used = (sp_size_t)(r->used + (sp_size_t)(t != 0));
 #else
     r->dp[i] = l;
-    r->used += (l != 0);
+    r->used = (sp_size_t)(r->used + (sp_size_t)(l != 0));
 #endif
 
     /* Remove leading zeros. */
@@ -7347,8 +7609,8 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
 static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
     unsigned int o)
 {
-    unsigned int i = 0;
-    unsigned int j;
+    sp_size_t i = 0;
+    sp_size_t j;
 #ifndef SQR_MUL_ASM
     sp_int_sword t = 0;
 #else
@@ -7363,7 +7625,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
         }
     }
     else {
-        i = o;
+        i = (sp_size_t)o;
     }
     /* Index to add at is the offset now. */
 
@@ -7557,7 +7819,7 @@ static int _sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m,
 {
     int err = MP_OKAY;
     /* Calculate used based on digits used in a and b. */
-    unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
+    sp_size_t used = (sp_size_t)(((a->used >= b->used) ? a->used + 1U : b->used + 1U));
     DECL_SP_INT(t, used);
 
     /* Allocate a temporary SP int to hold sum. */
@@ -7645,8 +7907,8 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m,
     int err = MP_OKAY;
 #ifndef WOLFSSL_SP_INT_NEGATIVE
     unsigned int used = ((a->used >= m->used) ?
-        ((a->used >= b->used) ? (a->used + 1) : (b->used + 1)) :
-        ((b->used >= m->used)) ? (b->used + 1) : (m->used + 1));
+        ((a->used >= b->used) ? (a->used + 1U) : (b->used + 1U)) :
+        ((b->used >= m->used)) ? (b->used + 1U) : (m->used + 1U));
     DECL_SP_INT_ARRAY(t, used, 2);
 
     ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
@@ -7678,7 +7940,7 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m,
 
     FREE_SP_INT_ARRAY(t, NULL);
 #else /* WOLFSSL_SP_INT_NEGATIVE */
-    unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
+    sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
     DECL_SP_INT(t, used);
 
     ALLOC_SP_INT_SIZE(t, used, err, NULL);
@@ -7747,19 +8009,31 @@ int sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
 }
 #endif /* WOLFSSL_SP_MATH_ALL */
 
-/* Constant time clamping/
+/* Constant time clamping.
  *
  * @param [in, out] a  SP integer to clamp.
  */
 static void sp_clamp_ct(sp_int* a)
 {
     int i;
-    unsigned int used = a->used;
-    unsigned int mask = (unsigned int)-1;
+    sp_size_t used = a->used;
+    sp_size_t mask = (sp_size_t)-1;
 
     for (i = (int)a->used - 1; i >= 0; i--) {
-        used -= ((unsigned int)(a->dp[i] == 0)) & mask;
-        mask &= (unsigned int)0 - (a->dp[i] == 0);
+#if ((SP_WORD_SIZE == 64) && \
+     (defined(_WIN64) || !defined(WOLFSSL_UINT128_T_DEFINED))) || \
+    ((SP_WORD_SIZE == 32) && defined(NO_64BIT))
+        sp_int_digit negVal = ~a->dp[i];
+        sp_int_digit minusOne = a->dp[i] - 1;
+        sp_int_digit zeroMask =
+            (sp_int_digit)((sp_int_sdigit)(negVal & minusOne) >>
+                           (SP_WORD_SIZE - 1));
+#else
+        sp_int_digit zeroMask =
+            (sp_int_digit)((((sp_int_sword)a->dp[i]) - 1) >> SP_WORD_SIZE);
+#endif
+        mask &= (sp_size_t)zeroMask;
+        used = (sp_size_t)(used + mask);
     }
     a->used = used;
 }
@@ -7795,7 +8069,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
     sp_int_digit mask;
     sp_int_digit mask_a = (sp_int_digit)-1;
     sp_int_digit mask_b = (sp_int_digit)-1;
-    unsigned int i;
+    sp_size_t i;
 
     /* Check result is as big as modulus. */
     if (m->used > r->size) {
@@ -7947,7 +8221,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
  * @return  MP_OKAY on success.
  */
 static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
-    unsigned int max, sp_int* r)
+    unsigned int max_size, sp_int* r)
 {
 #ifndef SQR_MUL_ASM
     sp_int_sword w;
@@ -7968,7 +8242,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     l = 0;
     h = 0;
 #endif
-    for (i = 0; i < max; i++) {
+    for (i = 0; i < max_size; i++) {
         /* Values past 'used' are not initialized. */
         mask_a += (i == a->used);
         mask_b += (i == b->used);
@@ -8032,7 +8306,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     }
     /* Result will always have digits equal to or less than those in
      * modulus. */
-    r->used = i;
+    r->used = (sp_size_t)i;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     r->sign = MP_ZPOS;
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
@@ -8088,6 +8362,27 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
 }
 #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
 
+#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) && \
+    defined(WOLFSSL_ECC_BLIND_K)
+void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r)
+{
+    if ((a != NULL) && (b != NULL) && (r != NULL)) {
+        unsigned int i;
+
+        r->used = (len * 8 + SP_WORD_SIZE - 1) / SP_WORD_SIZE;
+        for (i = 0; i < r->used; i++) {
+            r->dp[i] = a->dp[i] ^ b->dp[i];
+        }
+        i = (len * 8) % SP_WORD_SIZE;
+        if (i > 0) {
+            r->dp[r->used - 1] &= ((sp_int_digit)1 << i) - 1;
+        }
+        /* Remove leading zeros. */
+        sp_clamp_ct(r);
+    }
+}
+#endif
+
 /********************
  * Shifting functoins
  ********************/
@@ -8116,11 +8411,11 @@ int sp_lshd(sp_int* a, int s)
     }
     if (err == MP_OKAY) {
         /* Move up digits. */
-        XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF);
+        XMEMMOVE(a->dp + s, a->dp, a->used * (word32)SP_WORD_SIZEOF);
         /* Back fill with zeros. */
         XMEMSET(a->dp, 0, (size_t)s * SP_WORD_SIZEOF);
         /* Update used. */
-        a->used += (unsigned int)s;
+        a->used = (sp_size_t)(a->used + s);
         /* Remove leading zeros. */
         sp_clamp(a);
     }
@@ -8149,7 +8444,7 @@ static int sp_lshb(sp_int* a, int n)
 
     if (a->used != 0) {
         /* Calculate number of digits to shift. */
-        unsigned int s = (unsigned int)n >> SP_WORD_SHIFT;
+        sp_size_t s = (sp_size_t)n >> SP_WORD_SHIFT;
 
         /* Ensure number has enough digits for result. */
         if (a->used + s >= a->size) {
@@ -8157,7 +8452,7 @@ static int sp_lshb(sp_int* a, int n)
         }
         if (err == MP_OKAY) {
             /* Get count of bits to move in digit. */
-            n &= SP_WORD_MASK;
+            n &= (int)SP_WORD_MASK;
             /* Check whether this is a complicated case. */
             if (n != 0) {
                 unsigned int i;
@@ -8166,7 +8461,7 @@ static int sp_lshb(sp_int* a, int n)
                 /* Get new most significant digit. */
                 sp_int_digit v = a->dp[a->used - 1] >> (SP_WORD_SIZE - n);
                 /* Shift up each digit. */
-                for (i = a->used - 1; i >= 1; i--) {
+                for (i = a->used - 1U; i >= 1U; i--) {
                     a->dp[i + s] = (a->dp[i] << n) |
                                    (a->dp[i - 1] >> (SP_WORD_SIZE - n));
                 }
@@ -8181,13 +8476,13 @@ static int sp_lshb(sp_int* a, int n)
             /* Only digits to move and ensure not zero. */
             else if (s > 0) {
                 /* Move up digits. */
-                XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF);
+                XMEMMOVE(a->dp + s, a->dp, a->used * (word32)SP_WORD_SIZEOF);
             }
 
             /* Update used digit count. */
-            a->used += s;
+            a->used = (sp_size_t)(a->used + s);
             /* Back fill with zeros. */
-            XMEMSET(a->dp, 0, SP_WORD_SIZEOF * s);
+            XMEMSET(a->dp, 0, (word32)SP_WORD_SIZEOF * s);
         }
     }
 
@@ -8207,14 +8502,14 @@ void sp_rshd(sp_int* a, int c)
     /* Do shift if we have an SP int. */
     if ((a != NULL) && (c > 0)) {
         /* Make zero if shift removes all digits. */
-        if ((unsigned int)c >= a->used) {
+        if ((sp_size_t)c >= a->used) {
             _sp_zero(a);
         }
         else {
-            unsigned int i;
+            sp_size_t i;
 
             /* Update used digits count. */
-            a->used -= (unsigned int)c;
+            a->used = (sp_size_t)(a->used - c);
             /* Move digits down. */
             for (i = 0; i < a->used; i++, c++) {
                 a->dp[i] = a->dp[c];
@@ -8237,13 +8532,13 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
 {
     int err = MP_OKAY;
     /* Number of digits to shift down. */
-    unsigned int i = (unsigned int)(n >> SP_WORD_SHIFT);
+    sp_size_t i;
 
     if ((a == NULL) || (n < 0)) {
         err = MP_VAL;
     }
     /* Handle case where shifting out all digits. */
-    if ((err == MP_OKAY) && (i >= a->used)) {
+    else if ((i = (sp_size_t)(n >> SP_WORD_SHIFT)) >= a->used) {
         _sp_zero(r);
     }
     /* Change callers when more error cases returned. */
@@ -8251,30 +8546,30 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
         err = MP_VAL;
     }
     else if (err == MP_OKAY) {
-        unsigned int j;
+        sp_size_t j;
 
         /* Number of bits to shift in digits. */
         n &= SP_WORD_SIZE - 1;
         /* Handle simple case. */
         if (n == 0) {
             /* Set the count of used digits. */
-            r->used = a->used - i;
+            r->used = (sp_size_t)(a->used - i);
             /* Move digits down. */
             if (r == a) {
-                XMEMMOVE(r->dp, r->dp + i, SP_WORD_SIZEOF * r->used);
+                XMEMMOVE(r->dp, r->dp + i, (word32)SP_WORD_SIZEOF * r->used);
             }
             else {
-                XMEMCPY(r->dp, a->dp + i, SP_WORD_SIZEOF * r->used);
+                XMEMCPY(r->dp, a->dp + i, (word32)SP_WORD_SIZEOF * r->used);
             }
         }
         else {
             /* Move the bits down starting at least significant digit. */
-            for (j = 0; i < a->used-1; i++, j++)
+            for (j = 0; i < a->used - 1; i++, j++)
                 r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
             /* Most significant digit has no higher digit to pull from. */
             r->dp[j] = a->dp[i] >> n;
             /* Set the count of used digits. */
-            r->used = j + (r->dp[j] > 0);
+            r->used = (sp_size_t)(j + (r->dp[j] > 0));
         }
 #ifdef WOLFSSL_SP_INT_NEGATIVE
         if (sp_iszero(r)) {
@@ -8298,10 +8593,10 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
      !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
 {
-    unsigned int i;
+    sp_size_t i;
 
     /* Compare top digits of dividend with those of divisor up to last. */
-    for (i = d->used - 1; i > 0; i--) {
+    for (i = (sp_size_t)(d->used - 1U); i > 0; i--) {
         /* Break if top divisor is not equal to dividend. */
         if (a->dp[a->used - d->used + i] != d->dp[i]) {
             break;
@@ -8314,7 +8609,7 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
         /* Get 'used' to restore - ensure zeros put into quotient. */
         i = a->used;
         /* Subtract d from top of a. */
-        _sp_sub_off(a, d, a, a->used - d->used);
+        _sp_sub_off(a, d, a, (sp_size_t)(a->used - d->used));
         /* Restore 'used' on remainder. */
         a->used = i;
     }
@@ -8336,12 +8631,12 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
 static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
 #ifdef WOLFSSL_SP_SMALL
     int c;
 #else
-    unsigned int j;
-    unsigned int o;
+    sp_size_t j;
+    sp_size_t o;
     #ifndef SQR_MUL_ASM
     sp_int_sword sw;
     #else
@@ -8354,7 +8649,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
     sp_int_digit dt;
 
     /* Set result size to clear. */
-    r->used = a->used - d->used + 1;
+    r->used = (sp_size_t)(a->used - d->used + 1);
     /* Set all potentially used digits to zero. */
     for (i = 0; i < r->used; i++) {
         r->dp[i] = 0;
@@ -8371,7 +8666,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
     /* Keep subtracting multiples of d as long as the digit count of a is
      * greater than equal to d.
      */
-    for (i = a->used - 1; i >= d->used; i--) {
+    for (i = (sp_size_t)(a->used - 1U); i >= d->used; i--) {
         /* When top digits equal, guestimate maximum multiplier.
          * Worst case, multiplier is actually SP_DIGIT_MAX - 1.
          * That is, for w (word size in bits) > 1, n > 1, let:
@@ -8425,7 +8720,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
         }
 #else
         /* Index of lowest digit trial is subtracted from. */
-        o = i - d->used;
+        o = (sp_size_t)(i - d->used);
         do {
         #ifndef SQR_MUL_ASM
             sp_int_word tw = 0;
@@ -8494,7 +8789,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
 #endif /* WOLFSSL_SP_SMALL */
     }
     /* Update used. */
-    a->used = i + 1;
+    a->used = (sp_size_t)(i + 1U);
     if (a->used == d->used) {
         /* Finish div now that length of dividend is same as divisor. */
         _sp_div_same_size(a, d, r);
@@ -8527,8 +8822,8 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
     sp_int* tr = NULL;
     sp_int* trial = NULL;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int signA = MP_ZPOS;
-    unsigned int signD = MP_ZPOS;
+    sp_uint8 signA = MP_ZPOS;
+    sp_uint8 signD = MP_ZPOS;
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
     /* Intermediates will always be less than or equal to dividend. */
     DECL_SP_INT_ARRAY(td, used, 4);
@@ -8586,7 +8881,7 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
     if ((!done) && (err == MP_OKAY)) {
     #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
         !defined(WOLFSSL_SP_NO_MALLOC)
-        int cnt = 4;
+        unsigned int cnt = 4;
         /* Reuse remainder sp_int where possible. */
         if ((rem != NULL) && (rem != d) && (rem->size > a->used)) {
             sa = rem;
@@ -8615,25 +8910,25 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
         }
         if (tr == NULL) {
             tr = td[i];
-            _sp_init_size(tr, a->used - d->used + 2);
+            _sp_init_size(tr, (unsigned int)(a->used - d->used + 2));
         }
     #else
         sa    = td[2];
         tr    = td[3];
 
         _sp_init_size(sa, used);
-        _sp_init_size(tr, a->used - d->used + 2);
+        _sp_init_size(tr, (unsigned int)(a->used - d->used + 2));
     #endif
         sd    = td[0];
         trial = td[1];
 
         /* Initialize sizes to minimal values. */
-        _sp_init_size(sd, d->used + 1);
+        _sp_init_size(sd, (sp_size_t)(d->used + 1U));
         _sp_init_size(trial, used);
 
         /* Move divisor to top of word. Adjust dividend as well. */
         s = sp_count_bits(d);
-        s = SP_WORD_SIZE - (s & SP_WORD_MASK);
+        s = SP_WORD_SIZE - (s & (int)SP_WORD_MASK);
         _sp_copy(a, sa);
         /* Only shift if top bit of divisor no set. */
         if (s != SP_WORD_SIZE) {
@@ -8722,7 +9017,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem)
             /* May need to shift number being divided left into a new word. */
             int bits = SP_WORD_SIZE - (sp_count_bits(d) % SP_WORD_SIZE);
             if ((bits != SP_WORD_SIZE) &&
-                    (sp_count_bits(a) + bits > SP_INT_DIGITS * SP_WORD_SIZE)) {
+                    (sp_count_bits(a) + bits > (int)(SP_INT_DIGITS * SP_WORD_SIZE))) {
                 err = MP_VAL;
             }
             else {
@@ -8730,7 +9025,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem)
             }
         }
         else {
-            used = a->used + 1;
+            used = (sp_size_t)(a->used + 1U);
         }
     }
 
@@ -8903,7 +9198,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k <= a->used - 1; k++) {
+        for (k = 1; k <= (unsigned int)a->used - 1; k++) {
             j = (int)k;
             dp = a->dp;
             for (; j >= 0; dp++, j--) {
@@ -8914,8 +9209,8 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
             h = o;
             o = 0;
         }
-        for (; k <= (a->used - 1) * 2; k++) {
-            i = k - (b->used - 1);
+        for (; k <= ((unsigned int)a->used - 1) * 2; k++) {
+            i = k - (sp_size_t)(b->used - 1);
             dp = &b->dp[b->used - 1];
             for (; i < a->used; i++, dp--) {
                 SP_ASM_MUL_ADD(l, h, o, a->dp[i], dp[0]);
@@ -8927,14 +9222,12 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
         }
         r->dp[k] = l;
         XMEMCPY(r->dp, t, a->used * sizeof(sp_int_digit));
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -8951,9 +9244,9 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
 static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -8964,8 +9257,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL,
-        DYNAMIC_TYPE_BIGINT);
+    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) *
+                               (size_t)(a->used + b->used), NULL,
+                               DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
     }
@@ -8981,7 +9275,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k <= b->used - 1; k++) {
+        for (k = 1; k <= (sp_size_t)(b->used - 1); k++) {
             i = 0;
             j = (int)k;
             for (; (i < a->used) && (j >= 0); i++, j--) {
@@ -8992,9 +9286,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
             h = o;
             o = 0;
         }
-        for (; k <= (a->used - 1) + (b->used - 1); k++) {
+        for (; k <= (sp_size_t)((a->used - 1) + (b->used - 1)); k++) {
             j = (int)(b->used - 1);
-            i = k - (unsigned int)j;
+            i = (sp_size_t)(k - (sp_size_t)j);
             for (; (i < a->used) && (j >= 0); i++, j--) {
                 SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
             }
@@ -9004,15 +9298,13 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
             o = 0;
         }
         t[k] = l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -9029,9 +9321,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -9042,8 +9334,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL,
-        DYNAMIC_TYPE_BIGINT);
+    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) *
+                               (size_t)(a->used + b->used), NULL,
+                               DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
     }
@@ -9063,9 +9356,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
     #ifdef SP_WORD_OVERFLOW
         o = 0;
     #endif
-        for (k = 1; k <= (a->used - 1) + (b->used - 1); k++) {
-            i = k - (b->used - 1);
-            i &= (((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
+        for (k = 1; (int)k <= ((int)a->used - 1) + ((int)b->used - 1); k++) {
+            i = (sp_size_t)(k - (b->used - 1));
+            i &= (sp_size_t)(((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
             j = (int)(k - i);
             for (; (i < a->used) && (j >= 0); i++, j--) {
                 w = (sp_int_word)a->dp[i] * b->dp[j];
@@ -9088,15 +9381,13 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
         #endif
         }
         t[k] = (sp_int_digit)l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -9220,9 +9511,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (w != NULL) {
-        XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -10219,9 +10508,7 @@ static int _sp_mul_16(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -11027,9 +11314,7 @@ static int _sp_mul_24(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -11717,7 +12002,7 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign = MP_ZPOS;
+    sp_uint8 sign = MP_ZPOS;
 #endif
 
     if ((a == NULL) || (b == NULL) || (r == NULL)) {
@@ -11725,9 +12010,14 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
     /* Need extra digit during calculation. */
+    /* NOLINTBEGIN(clang-analyzer-core.UndefinedBinaryOperatorResult) */
+    /* clang-tidy falsely believes that r->size was corrupted by the _sp_copy()
+     * to "Copy base into working variable" in _sp_exptmod_ex().
+     */
     if ((err == MP_OKAY) && (a->used + b->used > r->size)) {
         err = MP_VAL;
     }
+    /* NOLINTEND(clang-analyzer-core.UndefinedBinaryOperatorResult) */
 
 #if 0
     if (err == MP_OKAY) {
@@ -11874,7 +12164,7 @@ static int _sp_mulmod_tmp(const sp_int* a, const sp_int* b, const sp_int* m,
 
     ALLOC_SP_INT(t, a->used + b->used, err, NULL);
     if (err == MP_OKAY) {
-        err = sp_init_size(t, a->used + b->used);
+        err = sp_init_size(t, (sp_size_t)(a->used + b->used));
     }
 
     /* Multiply and reduce. */
@@ -12110,8 +12400,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x,
 
     ALLOC_SP_INT(d, m->used + 1, err, NULL);
     if (err == MP_OKAY) {
-        mp_init(d);
+        err = sp_init_size(d, (sp_size_t)(m->used + 1U));
+    }
 
+    if (err == MP_OKAY) {
         /* 1. x = m, y = a, b = 1, c = 0 */
         if (a != y) {
             _sp_copy(a, y);
@@ -12252,7 +12544,7 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r)
      *  - x3 one word larger than modulus
      *  - x1 one word longer than twice modulus used
      */
-    ALLOC_SP_INT_ARRAY(t, m->used + 1, 3, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, m->used + 1U, 3, err, NULL);
     ALLOC_SP_INT(c, 2 * m->used + 1, err, NULL);
     if (err == MP_OKAY) {
         u = t[0];
@@ -12263,16 +12555,16 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r)
 
     /* Initialize intermediate values with minimal sizes. */
     if (err == MP_OKAY) {
-        err = sp_init_size(u, m->used + 1);
+        err = sp_init_size(u, (sp_size_t)(m->used + 1U));
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(v, m->used + 1);
+        err = sp_init_size(v, (sp_size_t)(m->used + 1U));
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(b, m->used + 1);
+        err = sp_init_size(b, (sp_size_t)(m->used + 1U));
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(c, 2 * m->used + 1);
+        err = sp_init_size(c, (sp_size_t)(2U * m->used + 1U));
     }
 
     if (err == MP_OKAY) {
@@ -12467,21 +12759,21 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
 #endif
 
 #ifndef WOLFSSL_SP_NO_MALLOC
-    ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err,
+    ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err,
         NULL);
 #else
-    ALLOC_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err, NULL);
+    ALLOC_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, NULL);
 #endif
     if (err == MP_OKAY) {
         t = pre[CT_INV_MOD_PRE_CNT + 0];
         e = pre[CT_INV_MOD_PRE_CNT + 1];
         /* Space for sqr and mul result. */
-        _sp_init_size(t, m->used * 2 + 1);
+        _sp_init_size(t, (sp_size_t)(m->used * 2 + 1));
         /* e = mod - 2 */
-        _sp_init_size(e, m->used + 1);
+        _sp_init_size(e, (sp_size_t)(m->used + 1));
 
         /* Create pre-computation results: ((2^(1..8))-1).a. */
-        _sp_init_size(pre[0], m->used * 2 + 1);
+        _sp_init_size(pre[0], (sp_size_t)(m->used * 2 + 1));
         /* 1. pre[0] = 2^0 * a mod m
          *    Start with 1.a = a.
          */
@@ -12492,7 +12784,7 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
         for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) {
             /* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */
             /* Previous value ..1 -> ..10 */
-            _sp_init_size(pre[i], m->used * 2 + 1);
+            _sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1));
             err = sp_sqr(pre[i-1], pre[i]);
             if (err == MP_OKAY) {
                 err = _sp_mont_red(pre[i], m, mp, 0);
@@ -12714,14 +13006,14 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
     ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 2, err, NULL);
 #else
     /* Working SP int needed when cache resistant. */
-    ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 3, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, 2U * m->used + 1U, 3, err, NULL);
 #endif
     if (err == MP_OKAY) {
         /* Initialize temporaries. */
-        _sp_init_size(t[0], 2 * m->used + 1);
-        _sp_init_size(t[1], 2 * m->used + 1);
+        _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1));
     #ifndef WC_NO_CACHE_RESISTANT
-        _sp_init_size(t[2], 2 * m->used + 1);
+        _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1));
     #endif
 
         /* 2. t[0] = b mod m
@@ -12774,7 +13066,7 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
 
             if (err == MP_OKAY) {
                 /* 4.2. y = e[i] */
-                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1);
+                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1);
                 /* 4.3. j = y & s */
                 int j = y & s;
                 /* 4.4  s = s | y */
@@ -12946,13 +13238,13 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
     DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 4);
 
     /* Allocate temporaries. */
-    ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, m->used * 2U + 1U, 4, err, NULL);
     if (err == MP_OKAY) {
         /* Initialize temporaries. */
-        _sp_init_size(t[0], m->used * 2 + 1);
-        _sp_init_size(t[1], m->used * 2 + 1);
-        _sp_init_size(t[2], m->used * 2 + 1);
-        _sp_init_size(t[3], m->used * 2 + 1);
+        _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[3], (sp_size_t)(m->used * 2 + 1));
 
         /* 1. Ensure base is less than modulus. */
         if (_sp_cmp_abs(b, m) != MP_LT) {
@@ -12986,7 +13278,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
         }
         if (err == MP_OKAY) {
             /* t[0] = t[0] mod m, temporary size has to be bigger than t[0]. */
-            err = _sp_div(t[0], m, NULL, t[0], t[0]->used + 1);
+            err = _sp_div(t[0], m, NULL, t[0], t[0]->used + 1U);
         }
         if (err == MP_OKAY) {
             /* 4. t[1] = t[0]
@@ -13013,7 +13305,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
 
             if (err == MP_OKAY) {
                 /* 6.2. y = e[i] */
-                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1);
+                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1);
                 /* 6.3  j = y & s */
                 int j = y & s;
                 /* 6.4  s = s | y */
@@ -13481,19 +13773,19 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
      *  - constant time add value for mod operation
      *  - temporary result
      */
-    ALLOC_SP_INT_ARRAY(d, m->used * 2 + 1, 2, err, NULL);
+    ALLOC_SP_INT_ARRAY(d, m->used * 2U + 1U, 2, err, NULL);
 #else
     /* Allocate sp_int for temporary result. */
-    ALLOC_SP_INT(tr, m->used * 2 + 1, err, NULL);
+    ALLOC_SP_INT(tr, m->used * 2U + 1U, err, NULL);
 #endif
     if (err == MP_OKAY) {
     #ifndef WC_NO_HARDEN
         a  = d[0];
         tr = d[1];
 
-        _sp_init_size(a, m->used * 2 + 1);
+        _sp_init_size(a, (sp_size_t)(m->used * 2 + 1));
     #endif
-        _sp_init_size(tr, m->used * 2 + 1);
+        _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1));
 
     }
 
@@ -13634,7 +13926,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
 #ifndef WC_NO_HARDEN
     FREE_SP_INT_ARRAY(d, NULL);
 #else
-    FREE_SP_INT(tr, m->used * 2 + 1);
+    FREE_SP_INT(tr, NULL);
 #endif
     return err;
 }
@@ -13732,7 +14024,8 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m,
     if ((!done) && (err == MP_OKAY)) {
         /* Use code optimized for specific sizes if possible */
 #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH))
+    ((defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
+        defined(WOLFSSL_HAVE_SP_DH))
     #ifndef WOLFSSL_SP_NO_2048
         if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) &&
                 (eBits <= 1024)) {
@@ -13942,9 +14235,9 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
      *  - Montgomery form of base
      */
 #ifndef WOLFSSL_SP_NO_MALLOC
-    ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL);
+    ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2U + 1U, (size_t)preCnt + 2, err, NULL);
 #else
-    ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, m->used * 2U + 1U, (size_t)preCnt + 2, err, NULL);
 #endif
     if (err == MP_OKAY) {
         /* Set variables to use allocate memory. */
@@ -13953,10 +14246,10 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
 
         /* Initialize all allocated  */
         for (i = 0; i < preCnt; i++) {
-            _sp_init_size(t[i], m->used * 2 + 1);
+            _sp_init_size(t[i], (sp_size_t)(m->used * 2 + 1));
         }
-        _sp_init_size(tr, m->used * 2 + 1);
-        _sp_init_size(bm, m->used * 2 + 1);
+        _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(bm, (sp_size_t)(m->used * 2 + 1));
 
         /* 1. Ensure base is less than modulus. */
         if (_sp_cmp_abs(b, m) != MP_LT) {
@@ -13988,7 +14281,7 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
         }
         if (err == MP_OKAY) {
             /* bm = bm mod m, temporary size has to be bigger than bm->used. */
-            err = _sp_div(bm, m, NULL, bm, bm->used + 1);
+            err = _sp_div(bm, m, NULL, bm, bm->used + 1U);
         }
         if (err == MP_OKAY) {
             /* Copy Montgomery form of base into first element of table. */
@@ -14411,8 +14704,8 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
             }
             if ((err == MP_OKAY) && (rem != NULL)) {
                 /* Set used and mask off top digit of remainder. */
-                rem->used = ((unsigned int)e + SP_WORD_SIZE - 1) >>
-                    SP_WORD_SHIFT;
+                rem->used = (sp_size_t)((e + SP_WORD_SIZE - 1) >>
+                                        SP_WORD_SHIFT);
                 e &= SP_WORD_MASK;
                 if (e > 0) {
                     rem->dp[rem->used - 1] &= ((sp_int_digit)1 << e) - 1;
@@ -14446,7 +14739,7 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
 int sp_mod_2d(const sp_int* a, int e, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int digits = ((unsigned int)e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
+    sp_size_t digits = (sp_size_t)((e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT);
 
     if ((a == NULL) || (r == NULL) || (e < 0)) {
         err = MP_VAL;
@@ -14458,7 +14751,7 @@ int sp_mod_2d(const sp_int* a, int e, sp_int* r)
     if (err == MP_OKAY) {
         /* Copy a into r if not same pointer. */
         if (a != r) {
-            XMEMCPY(r->dp, a->dp, digits * SP_WORD_SIZEOF);
+            XMEMCPY(r->dp, a->dp, digits * (word32)SP_WORD_SIZEOF);
             r->used = a->used;
         #ifdef WOLFSSL_SP_INT_NEGATIVE
             r->sign = a->sign;
@@ -14527,7 +14820,8 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r)
 
     /* Ensure result has enough allocated digits for result. */
     if ((err == MP_OKAY) &&
-            ((unsigned int)(sp_count_bits(a) + e) > r->size * SP_WORD_SIZE)) {
+            ((unsigned int)(sp_count_bits(a) + e) >
+             (unsigned int)r->size * SP_WORD_SIZE)) {
         err = MP_VAL;
     }
 
@@ -14577,9 +14871,9 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r)
 static int _sp_sqr(const sp_int* a, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -14591,7 +14885,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     t = (sp_int_digit*)XMALLOC(
-        sizeof(sp_int_digit) * (((a->used + 1) / 2) * 2 + 1), NULL,
+        sizeof(sp_int_digit) * (size_t)(((a->used + 1) / 2) * 2 + 1), NULL,
         DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
@@ -14619,7 +14913,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k < (a->used + 1) / 2; k++) {
+        for (k = 1; k < (sp_size_t)((a->used + 1) / 2); k++) {
             i = k;
             j = (int)(k - 1);
             for (; (j >= 0); i++, j--) {
@@ -14631,7 +14925,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             o = 0;
 
             SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
-            i = k + 1;
+            i = (sp_size_t)(k + 1);
             j = (int)(k - 1);
             for (; (j >= 0); i++, j--) {
                 SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
@@ -14653,7 +14947,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             o = 0;
 
             SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
-            i = k + 1;
+            i = (sp_size_t)(k + 1);
             j = (int)(k - 1);
             for (; (i < a->used); i++, j--) {
                 SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
@@ -14666,18 +14960,17 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             p = r->dp;
         }
         r->dp[k * 2 - 1] = l;
-        XMEMCPY(r->dp, t, (((a->used + 1) / 2) * 2 + 1) * sizeof(sp_int_digit));
+        XMEMCPY(r->dp, t, (size_t)(((a->used + 1) / 2) * 2 + 1) *
+            sizeof(sp_int_digit));
     }
 
     if (err == MP_OKAY) {
-        r->used = a->used * 2;
+        r->used = (sp_size_t)(a->used * 2U);
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -14693,9 +14986,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 static int _sp_sqr(const sp_int* a, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -14706,8 +14999,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
-        DYNAMIC_TYPE_BIGINT);
+    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) *
+                               (size_t)(a->used * 2), NULL,
+                               DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
     }
@@ -14733,7 +15027,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
     #ifdef SP_WORD_OVERFLOW
         o = 0;
     #endif
-        for (k = 1; k <= (a->used - 1) * 2; k++) {
+        for (k = 1; k <= (sp_size_t)((a->used - 1) * 2); k++) {
             i = k / 2;
             j = (int)(k - i);
             if (i == (unsigned int)j) {
@@ -14776,15 +15070,13 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
         #endif
         }
         t[k] = (sp_int_digit)l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -14896,9 +15188,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (w != NULL) {
-        XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -15723,9 +16013,7 @@ static int _sp_sqr_16(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -16298,9 +16586,7 @@ static int _sp_sqr_24(const sp_int* a, sp_int* r)
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    if (t != NULL) {
-        XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
-    }
+    XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
 #endif
     return err;
 }
@@ -17023,7 +17309,7 @@ static int _sp_sqrmod(const sp_int* a, const sp_int* m, sp_int* r)
 
     ALLOC_SP_INT(t, a->used * 2, err, NULL);
     if (err == MP_OKAY) {
-        err = sp_init_size(t, a->used * 2);
+        err = sp_init_size(t, a->used * 2U);
     }
 
     /* Square and reduce. */
@@ -17135,18 +17421,21 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     bits = sp_count_bits(m);
 
     /* Adding numbers into m->used * 2 digits - zero out unused digits. */
-    if (!ct) {
-        for (i = a->used; i < m->used * 2; i++) {
-            a->dp[i] = 0;
-        }
-    }
-    else {
-        for (i = 0; i < m->used * 2; i++) {
+#ifndef WOLFSSL_NO_CT_OPS
+    if (ct) {
+        for (i = 0; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
         }
     }
+    else
+#endif /* !WOLFSSL_NO_CT_OPS */
+    {
+        for (i = a->used; i < (unsigned int)m->used * 2; i++) {
+            a->dp[i] = 0;
+        }
+    }
 
     /* Special case when modulus is 1 digit or less. */
     if (m->used <= 1) {
@@ -17181,7 +17470,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */
             mu = mp * a->dp[i];
             /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            if ((i == m->used - 1) && (mask != 0)) {
+            if ((i == (unsigned int)m->used - 1) && (mask != 0)) {
                 mu &= mask;
             }
 
@@ -17191,7 +17480,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             a->dp[i] = (sp_int_digit)w;
             w >>= SP_WORD_SIZE;
             /* 2.4. For j = 1 up to NumDigits(m)-2 */
-            for (j = 1; j < m->used - 1; j++) {
+            for (j = 1; j < (unsigned int)m->used - 1; j++) {
                 /* 2.4.1 a += mu * DigitMask(m, j) */
                 w += a->dp[i + j];
                 w += (sp_int_word)mu * m->dp[j];
@@ -17213,7 +17502,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         a->dp[m->used * 2 - 1] = (sp_int_digit)o;
         o >>= SP_WORD_SIZE;
         a->dp[m->used * 2] = (sp_int_digit)o;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
     }
 
     if (!ct) {
@@ -17235,7 +17524,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         /* 4. a = a mod m
          * Always subtract but at a too high offset if a is less than m.
          */
-        _sp_submod_ct(a, m, m, m->used + 1, a);
+        _sp_submod_ct(a, m, m, m->used + 1U, a);
     }
 
 
@@ -17260,18 +17549,21 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     bits = sp_count_bits(m);
     mask = ((sp_int_digit)1 << (bits & (SP_WORD_SIZE - 1))) - 1;
 
-    if (!ct) {
-        for (i = a->used; i < m->used * 2; i++) {
-            a->dp[i] = 0;
-        }
-    }
-    else {
-        for (i = 0; i < m->used * 2; i++) {
+#ifndef WOLFSSL_NO_CT_OPS
+    if (ct) {
+        for (i = 0; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
         }
     }
+    else
+#endif
+    {
+        for (i = a->used; i < (unsigned int)m->used * 2; i++) {
+            a->dp[i] = 0;
+        }
+    }
 
     if (m->used <= 1) {
         sp_int_digit l;
@@ -17289,7 +17581,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         SP_ASM_ADDC(l, h, a->dp[1]);
         a->dp[1] = l;
         a->dp[2] = h;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
         /* mp is SP_WORD_SIZE */
         bits = SP_WORD_SIZE;
     }
@@ -17334,10 +17626,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
         }
         /* Handle overflow. */
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[7]);
+        SP_ASM_ADDC(l, o2, a->dp[7]);
         a->dp[3] = l;
-        a->dp[4] = h;
+        a->dp[4] = o2;
         a->used = 5;
 
         /* Remove leading zeros. */
@@ -17400,10 +17691,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
         }
         /* Handle overflow. */
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[11]);
+        SP_ASM_ADDC(l, o2, a->dp[11]);
         a->dp[5] = l;
-        a->dp[6] = h;
+        a->dp[6] = o2;
         a->used = 7;
 
         /* Remove leading zeros. */
@@ -17439,7 +17729,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
             SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
             l = h;
-            for (j = 1; j + 1 < m->used - 1; j += 2) {
+            for (j = 1; j < (unsigned int)m->used - 2; j += 2) {
                 h = 0;
                 SP_ASM_ADDC(l, h, ad[j]);
                 SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
@@ -17449,7 +17739,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
                 SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
                 ad[j] = h;
             }
-            for (; j < m->used - 1; j++) {
+            for (; j < (unsigned int)m->used - 1; j++) {
                 h = 0;
                 SP_ASM_ADDC(l, h, ad[j]);
                 SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
@@ -17465,11 +17755,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             o = h;
         }
         /* Handle overflow. */
-        l = o;
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
-        a->dp[m->used  - 1] = l;
-        a->dp[m->used] = h;
+        SP_ASM_ADDC(o, o2, a->dp[m->used * 2 - 1]);
+        a->dp[m->used  - 1] = o;
+        a->dp[m->used] = o2;
         a->used = m->used + 1;
 
         /* Remove leading zeros. */
@@ -17500,7 +17788,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */
             mu = mp * ad[0];
             /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            if ((i == m->used - 1) && (mask != 0)) {
+            if ((i == (unsigned int)m->used - 1) && (mask != 0)) {
                 mu &= mask;
             }
 
@@ -17510,8 +17798,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
             ad[0] = l;
             l = h;
-            /* 2.4. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            for (j = 1; j + 1 < m->used - 1; j += 2) {
+            /* 2.4. For j = 1 up to NumDigits(m)-2 */
+            for (j = 1; j < (unsigned int)m->used - 2; j += 2) {
                 h = 0;
                 /* 2.4.1. a += mu * DigitMask(m, j) */
                 SP_ASM_ADDC(l, h, ad[j + 0]);
@@ -17523,7 +17811,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
                 SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
                 ad[j + 1] = h;
             }
-            for (; j < m->used - 1; j++) {
+            for (; j < (unsigned int)m->used - 1; j++) {
                 h = 0;
                 /* 2.4.1. a += mu * DigitMask(m, j) */
                 SP_ASM_ADDC(l, h, ad[j]);
@@ -17541,12 +17829,10 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             o = h;
         }
         /* Handle overflow. */
-        l = o;
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
-        a->dp[m->used * 2 - 1] = l;
-        a->dp[m->used * 2] = h;
-        a->used = m->used * 2 + 1;
+        SP_ASM_ADDC(o, o2, a->dp[m->used * 2 - 1]);
+        a->dp[m->used * 2 - 1] = o;
+        a->dp[m->used * 2] = o2;
+        a->used = (sp_size_t)(m->used * 2 + 1);
     }
 
     if (!ct) {
@@ -17563,7 +17849,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         /* Constant time clamping. */
         sp_clamp_ct(a);
 
-        _sp_submod_ct(a, m, m, m->used + 1, a);
+        _sp_submod_ct(a, m, m, m->used + 1U, a);
     }
 
 #if 0
@@ -17617,7 +17903,7 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
  *
  * Used when performing Montgomery Reduction.
  * m must be odd.
- * Jeffrey Hurchalla’s method.
+ * Jeffrey Hurchalla's method.
  *   https://arxiv.org/pdf/2204.04342.pdf
  *
  * @param  [in]   m   SP integer that is the modulus.
@@ -17698,9 +17984,14 @@ int sp_mont_norm(sp_int* norm, const sp_int* m)
     if (err == MP_OKAY) {
         /* Find top bit and ensure norm has enough space. */
         bits = (unsigned int)sp_count_bits(m);
-        if (bits >= norm->size * SP_WORD_SIZE) {
+        /* NOLINTBEGIN(clang-analyzer-core.UndefinedBinaryOperatorResult) */
+        /* clang-tidy falsely believes that norm->size was corrupted by the
+         * _sp_copy() to "Set real working value to base." in _sp_exptmod_ex().
+         */
+        if (bits >= (unsigned int)norm->size * SP_WORD_SIZE) {
             err = MP_VAL;
         }
+        /* NOLINTEND(clang-analyzer-core.UndefinedBinaryOperatorResult) */
     }
     if (err == MP_OKAY) {
         /* Round up for case when m is less than a word - no advantage in using
@@ -17785,7 +18076,7 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
         int i;
         int j = 0;
 
-        a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
+        a->used = (sp_size_t)((inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF);
 
     #if defined(BIG_ENDIAN_ORDER) && !defined(WOLFSSL_SP_INT_DIGIT_ALIGN)
         /* Data endian matches representation of number.
@@ -17913,7 +18204,7 @@ int sp_to_unsigned_bin_len(const sp_int* a, byte* out, int outSz)
                     d >>= 8;
                     /* Stop if the output buffer is filled. */
                     if (j < 0) {
-                        if ((i < a->used - 1) || (d > 0)) {
+                        if ((i < (unsigned int)a->used - 1) || (d > 0)) {
                             err = MP_VAL;
                         }
                         break;
@@ -17980,14 +18271,14 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
         /* Put each digit in. */
         i = 0;
         for (j = outSz - 1; j >= 0; ) {
-            int b;
+            unsigned int b;
             d = a->dp[i];
             /* Place each byte of a digit into the buffer. */
             for (b = 0; (j >= 0) && (b < SP_WORD_SIZEOF); b++) {
                 out[j--] = (byte)(d & mask);
                 d >>= 8;
             }
-            mask &= (sp_int_digit)0 - (i < a->used - 1);
+            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18003,7 +18294,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
         i = 0;
         for (j = outSz - 1; j >= 0; j--) {
             out[j] = a->dp[i] & mask;
-            mask &= (sp_int_digit)0 - (i < a->used - 1);
+            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18059,8 +18350,10 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
     int err = MP_OKAY;
     int i;
     unsigned int s = 0;
-    unsigned int j = 0;
+    sp_size_t j = 0;
     sp_int_digit d;
+    /* Skip whitespace at end of line */
+    int eol_done = 0;
 
     /* Make all nibbles in digit 0. */
     d = 0;
@@ -18071,9 +18364,12 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
         int ch = (int)HexCharToByte(in[i]);
         /* Check for invalid character. */
         if (ch < 0) {
+            if (!eol_done && CharIsWhiteSpace(in[i]))
+                continue;
             err = MP_VAL;
             break;
         }
+        eol_done = 1;
 
         /* Check whether we have filled the digit. */
         if (s == SP_WORD_SIZE) {
@@ -18102,7 +18398,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
             a->dp[j] = d;
         }
         /* Update used count. */
-        a->used = j + 1;
+        a->used = (sp_size_t)(j + 1U);
         /* Remove leading zeros. */
         sp_clamp(a);
     }
@@ -18140,9 +18436,11 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
         /* Check character is valid. */
         if ((ch >= '0') && (ch <= '9')) {
             /* Assume '0'..'9' are continuous values as characters. */
-            ch -= '0';
+            ch = (char)(ch - '0');
         }
         else {
+            if (CharIsWhiteSpace(ch))
+                continue;
             /* Return error on invalid character. */
             err = MP_VAL;
             break;
@@ -18182,7 +18480,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
 {
     int err = MP_OKAY;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign = MP_ZPOS;
+    sp_uint8 sign = MP_ZPOS;
 #endif
 
     if ((a == NULL) || (in == NULL)) {
@@ -18659,7 +18957,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
         r->sign = MP_ZPOS;
     #endif /* WOLFSSL_SP_INT_NEGATIVE */
         /* Set number of digits that will be used. */
-        r->used = digits;
+        r->used = (sp_size_t)digits;
     #if defined(WOLFSSL_SP_MATH_ALL) || defined(BIG_ENDIAN_ORDER)
         /* Calculate number of bits in last digit. */
         bits = (len * 8) & SP_WORD_MASK;
@@ -18994,9 +19292,9 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result)
         n1 = t[0];
         r  = t[1];
 
-        _sp_init_size(n1, a->used + 1);
-        _sp_init_size(r, a->used + 1);
-        _sp_init_size(b, a->used * 2 + 1);
+        _sp_init_size(n1, a->used + 1U);
+        _sp_init_size(r, a->used + 1U);
+        _sp_init_size(b, (sp_size_t)(a->used * 2U + 1U));
 
         /* Do requested number of trials of Miller-Rabin test. */
         for (i = 0; i < trials; i++) {
@@ -19118,10 +19416,10 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result,
         sp_int* b  = d[0];
         sp_int* r  = d[1];
 
-        _sp_init_size(c , a->used + 1);
-        _sp_init_size(n1, a->used + 1);
-        _sp_init_size(b , a->used * 2 + 1);
-        _sp_init_size(r , a->used * 2 + 1);
+        _sp_init_size(c , a->used + 1U);
+        _sp_init_size(n1, a->used + 1U);
+        _sp_init_size(b , (sp_size_t)(a->used * 2U + 1U));
+        _sp_init_size(r , (sp_size_t)(a->used * 2U + 1U));
 
         _sp_sub_d(a, 2, c);
 
@@ -19288,7 +19586,7 @@ static WC_INLINE int _sp_gcd(const sp_int* a, const sp_int* b, sp_int* r)
     /* Used for swapping sp_ints. */
     sp_int* s;
     /* Determine maximum digit length numbers will reach. */
-    unsigned int used = (a->used >= b->used) ? a->used + 1 : b->used + 1;
+    unsigned int used = (a->used >= b->used) ? a->used + 1U : b->used + 1U;
     DECL_SP_INT_ARRAY(d, used, 3);
 
     SAVE_VECTOR_REGISTERS(err = _svr_ret;);
@@ -19422,7 +19720,7 @@ int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r)
     return err;
 }
 
-#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
+#endif /* !NO_RSA && WOLFSSL_KEY_GEN */
 
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
     (!defined(WC_RSA_BLINDING) || defined(HAVE_FIPS) || defined(HAVE_SELFTEST))
@@ -19548,7 +19846,8 @@ int sp_lcm(const sp_int* a, const sp_int* b, sp_int* r)
     return err;
 }
 
-#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
+#endif /* !NO_RSA && WOLFSSL_KEY_GEN && (!WC_RSA_BLINDING || HAVE_FIPS ||
+        * HAVE_SELFTEST) */
 
 /* Returns the run time settings.
  *
diff --git a/wolfcrypt/src/sp_sm2_arm32.c b/wolfcrypt/src/sp_sm2_arm32.c
index 211b14392..2ab530785 100644
--- a/wolfcrypt/src/sp_sm2_arm32.c
+++ b/wolfcrypt/src/sp_sm2_arm32.c
@@ -1,6 +1,6 @@
 /* sp_sm2_arm32.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_arm64.c b/wolfcrypt/src/sp_sm2_arm64.c
index 5c84948a0..4cfe9c8d9 100644
--- a/wolfcrypt/src/sp_sm2_arm64.c
+++ b/wolfcrypt/src/sp_sm2_arm64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_arm64.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_armthumb.c b/wolfcrypt/src/sp_sm2_armthumb.c
index 5d26e27be..5ba99500f 100644
--- a/wolfcrypt/src/sp_sm2_armthumb.c
+++ b/wolfcrypt/src/sp_sm2_armthumb.c
@@ -1,6 +1,6 @@
 /* sp_sm2_armthumb.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_c32.c b/wolfcrypt/src/sp_sm2_c32.c
index 41c40d1ef..233d204e2 100644
--- a/wolfcrypt/src/sp_sm2_c32.c
+++ b/wolfcrypt/src/sp_sm2_c32.c
@@ -1,6 +1,6 @@
 /* sp_sm2_c32.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_c64.c b/wolfcrypt/src/sp_sm2_c64.c
index ee3801654..a099155ea 100644
--- a/wolfcrypt/src/sp_sm2_c64.c
+++ b/wolfcrypt/src/sp_sm2_c64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_c64.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_cortexm.c b/wolfcrypt/src/sp_sm2_cortexm.c
index 3bda85f02..6474cb70f 100644
--- a/wolfcrypt/src/sp_sm2_cortexm.c
+++ b/wolfcrypt/src/sp_sm2_cortexm.c
@@ -1,6 +1,6 @@
 /* sp_sm2_cortexm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_x86_64.c b/wolfcrypt/src/sp_sm2_x86_64.c
index f73e40834..5181a3844 100644
--- a/wolfcrypt/src/sp_sm2_x86_64.c
+++ b/wolfcrypt/src/sp_sm2_x86_64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_x86_64.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_sm2_x86_64_asm.S b/wolfcrypt/src/sp_sm2_x86_64_asm.S
index 6ddc3c77e..c845cec4a 100644
--- a/wolfcrypt/src/sp_sm2_x86_64_asm.S
+++ b/wolfcrypt/src/sp_sm2_x86_64_asm.S
@@ -1,6 +1,6 @@
 /* sp_sm2_x86_64_asm.S
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c
index 990a999cb..a32840051 100644
--- a/wolfcrypt/src/sp_x86_64.c
+++ b/wolfcrypt/src/sp_x86_64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -492,8 +492,8 @@ static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -575,7 +575,7 @@ static WC_INLINE int sp_2048_div_16(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_2048_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1);
     for (i = 15; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[16 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[16 + i] == div);
         sp_digit hi = t1[16 + i] + mask;
         r1 = div_2048_word_16(hi, t1[16 + i - 1], div);
         r1 |= mask;
@@ -806,13 +806,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1047,13 +1046,12 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16);
         sp_2048_mont_reduce_avx2_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_avx2_16(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1176,8 +1174,8 @@ static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -1352,7 +1350,7 @@ static WC_INLINE int sp_2048_div_32(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_2048_cond_sub_32(&t1[32], &t1[32], d, (sp_digit)0 - r1);
     for (i = 31; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[32 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[32 + i] == div);
         sp_digit hi = t1[32 + i] + mask;
         r1 = div_2048_word_32(hi, t1[32 + i - 1], div);
         r1 |= mask;
@@ -1618,13 +1616,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1894,13 +1891,12 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_avx2_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_avx2_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -1965,7 +1961,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
         m = r + 32 * 2;
         ah = a + 32;
 
-        sp_2048_from_bin(ah, 32, in, inLen);
+        sp_2048_from_bin(ah, 32, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -1993,7 +1989,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_2048_mont_sqr_avx2_32(r, r, m, mp);
                     }
@@ -2024,7 +2021,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_2048_sqr_avx2_32(r, ah);
                     err = sp_2048_mod_32_cond(r, r, m);
@@ -2066,7 +2064,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 32);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_2048_mont_sqr_avx2_32(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -2105,8 +2104,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -2187,7 +2185,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_2048_from_bin(a, 32, in, inLen);
+        sp_2048_from_bin(a, 32, in, (int)inLen);
         sp_2048_from_mp(d, 32, dm);
         sp_2048_from_mp(m, 32, mm);
         err = sp_2048_mod_exp_32(r, a, d, 2048, m, 0);
@@ -2305,14 +2303,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 32;
         r = a + 32;
 
-        sp_2048_from_bin(a, 32, in, inLen);
+        sp_2048_from_bin(a, 32, in, (int)inLen);
         sp_2048_from_mp(p, 16, pm);
         sp_2048_from_mp(q, 16, qm);
         sp_2048_from_mp(dp, 16, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(tmpa, a, dp, 1024, p, 1);
+        }
         else
 #endif
             err = sp_2048_mod_exp_16(tmpa, a, dp, 1024, p, 1);
@@ -2320,8 +2320,10 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_2048_from_mp(dq, 16, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(tmpb, a, dq, 1024, q, 1);
+       }
        else
 #endif
             err = sp_2048_mod_exp_16(tmpb, a, dq, 1024, q, 1);
@@ -2330,7 +2332,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_2048_sub_in_place_16(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
             sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
         }
@@ -2343,7 +2346,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_2048_from_mp(qi, 16, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_16(tmpa, tmpa, qi);
         }
         else
@@ -2356,7 +2360,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_16(tmpa, q, tmpa);
         }
         else
@@ -2519,8 +2524,10 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_2048_from_mp(m, 32, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_2048_mod_exp_32(r, b, e, expBits, m, 0);
@@ -2531,14 +2538,12 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 32);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -2682,13 +2687,12 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_avx2_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_avx2_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2821,13 +2825,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -2897,27 +2900,31 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_2048_from_mp(b, 32, base);
-        sp_2048_from_bin(e, 32, exp, expLen);
+        sp_2048_from_bin(e, 32, exp, (int)expLen);
         sp_2048_from_mp(m, 32, mod);
 
     #ifdef HAVE_FFDHE_2048
         if (base->used == 1 && base->dp[0] == 2 && m[31] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_2048_mod_exp_2_avx2_32(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_2048_mod_exp_2_avx2_32(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_2048_mod_exp_2_32(r, e, expLen * 8, m);
+                err = sp_2048_mod_exp_2_32(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_2048_mod_exp_avx2_32(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_2048_mod_exp_avx2_32(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_2048_mod_exp_32(r, b, e, expLen * 8, m, 0);
+                err = sp_2048_mod_exp_32(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -2932,14 +2939,12 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 32);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -3010,8 +3015,10 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_2048_from_mp(m, 16, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_2048_mod_exp_16(r, b, e, expBits, m, 0);
@@ -3023,14 +3030,12 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 16);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -3494,8 +3499,8 @@ static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -3577,7 +3582,7 @@ static WC_INLINE int sp_3072_div_24(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_3072_cond_sub_24(&t1[24], &t1[24], d, (sp_digit)0 - r1);
     for (i = 23; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[24 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[24 + i] == div);
         sp_digit hi = t1[24 + i] + mask;
         r1 = div_3072_word_24(hi, t1[24 + i - 1], div);
         r1 |= mask;
@@ -3808,13 +3813,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4049,13 +4053,12 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24);
         sp_3072_mont_reduce_avx2_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_avx2_24(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4178,8 +4181,8 @@ static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -4354,7 +4357,7 @@ static WC_INLINE int sp_3072_div_48(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_3072_cond_sub_48(&t1[48], &t1[48], d, (sp_digit)0 - r1);
     for (i = 47; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[48 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[48 + i] == div);
         sp_digit hi = t1[48 + i] + mask;
         r1 = div_3072_word_48(hi, t1[48 + i - 1], div);
         r1 |= mask;
@@ -4568,13 +4571,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4792,13 +4794,12 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_avx2_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_avx2_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -4863,7 +4864,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
         m = r + 48 * 2;
         ah = a + 48;
 
-        sp_3072_from_bin(ah, 48, in, inLen);
+        sp_3072_from_bin(ah, 48, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -4891,7 +4892,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_3072_mont_sqr_avx2_48(r, r, m, mp);
                     }
@@ -4922,7 +4924,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_3072_sqr_avx2_48(r, ah);
                     err = sp_3072_mod_48_cond(r, r, m);
@@ -4964,7 +4967,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 48);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_3072_mont_sqr_avx2_48(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -5003,8 +5007,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -5085,7 +5088,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_3072_from_bin(a, 48, in, inLen);
+        sp_3072_from_bin(a, 48, in, (int)inLen);
         sp_3072_from_mp(d, 48, dm);
         sp_3072_from_mp(m, 48, mm);
         err = sp_3072_mod_exp_48(r, a, d, 3072, m, 0);
@@ -5203,14 +5206,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 48;
         r = a + 48;
 
-        sp_3072_from_bin(a, 48, in, inLen);
+        sp_3072_from_bin(a, 48, in, (int)inLen);
         sp_3072_from_mp(p, 24, pm);
         sp_3072_from_mp(q, 24, qm);
         sp_3072_from_mp(dp, 24, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(tmpa, a, dp, 1536, p, 1);
+        }
         else
 #endif
             err = sp_3072_mod_exp_24(tmpa, a, dp, 1536, p, 1);
@@ -5218,8 +5223,10 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_3072_from_mp(dq, 24, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(tmpb, a, dq, 1536, q, 1);
+       }
        else
 #endif
             err = sp_3072_mod_exp_24(tmpb, a, dq, 1536, q, 1);
@@ -5228,7 +5235,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_3072_sub_in_place_24(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
             sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
         }
@@ -5241,7 +5249,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_3072_from_mp(qi, 24, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_3072_mul_avx2_24(tmpa, tmpa, qi);
         }
         else
@@ -5254,7 +5263,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_3072_mul_avx2_24(tmpa, q, tmpa);
         }
         else
@@ -5417,8 +5427,10 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_3072_from_mp(m, 48, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_48(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_3072_mod_exp_48(r, b, e, expBits, m, 0);
@@ -5429,14 +5441,12 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 48);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -5580,13 +5590,12 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_avx2_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_avx2_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5719,13 +5728,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -5795,27 +5803,31 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_3072_from_mp(b, 48, base);
-        sp_3072_from_bin(e, 48, exp, expLen);
+        sp_3072_from_bin(e, 48, exp, (int)expLen);
         sp_3072_from_mp(m, 48, mod);
 
     #ifdef HAVE_FFDHE_3072
         if (base->used == 1 && base->dp[0] == 2 && m[47] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_3072_mod_exp_2_avx2_48(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_3072_mod_exp_2_avx2_48(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_3072_mod_exp_2_48(r, e, expLen * 8, m);
+                err = sp_3072_mod_exp_2_48(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_3072_mod_exp_avx2_48(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_3072_mod_exp_avx2_48(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_3072_mod_exp_48(r, b, e, expLen * 8, m, 0);
+                err = sp_3072_mod_exp_48(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -5830,14 +5842,12 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 48);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -5908,8 +5918,10 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_3072_from_mp(m, 24, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_3072_mod_exp_24(r, b, e, expBits, m, 0);
@@ -5921,14 +5933,12 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 24);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -6302,8 +6312,8 @@ static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -6478,7 +6488,7 @@ static WC_INLINE int sp_4096_div_64(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_4096_cond_sub_64(&t1[64], &t1[64], d, (sp_digit)0 - r1);
     for (i = 63; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[64 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[64 + i] == div);
         sp_digit hi = t1[64 + i] + mask;
         r1 = div_4096_word_64(hi, t1[64 + i - 1], div);
         r1 |= mask;
@@ -6692,13 +6702,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6916,13 +6925,12 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_avx2_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_avx2_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -6987,7 +6995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
         m = r + 64 * 2;
         ah = a + 64;
 
-        sp_4096_from_bin(ah, 64, in, inLen);
+        sp_4096_from_bin(ah, 64, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -7015,7 +7023,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_4096_mont_sqr_avx2_64(r, r, m, mp);
                     }
@@ -7046,7 +7055,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_4096_sqr_avx2_64(r, ah);
                     err = sp_4096_mod_64_cond(r, r, m);
@@ -7088,7 +7098,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 64);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_4096_mont_sqr_avx2_64(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -7127,8 +7138,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (a != NULL)
-        XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+    XFREE(a, NULL, DYNAMIC_TYPE_RSA);
 #endif
 
     return err;
@@ -7209,7 +7219,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_4096_from_bin(a, 64, in, inLen);
+        sp_4096_from_bin(a, 64, in, (int)inLen);
         sp_4096_from_mp(d, 64, dm);
         sp_4096_from_mp(m, 64, mm);
         err = sp_4096_mod_exp_64(r, a, d, 4096, m, 0);
@@ -7327,14 +7337,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 64;
         r = a + 64;
 
-        sp_4096_from_bin(a, 64, in, inLen);
+        sp_4096_from_bin(a, 64, in, (int)inLen);
         sp_4096_from_mp(p, 32, pm);
         sp_4096_from_mp(q, 32, qm);
         sp_4096_from_mp(dp, 32, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(tmpa, a, dp, 2048, p, 1);
+        }
         else
 #endif
             err = sp_2048_mod_exp_32(tmpa, a, dp, 2048, p, 1);
@@ -7342,8 +7354,10 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_4096_from_mp(dq, 32, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(tmpb, a, dq, 2048, q, 1);
+       }
        else
 #endif
             err = sp_2048_mod_exp_32(tmpb, a, dq, 2048, q, 1);
@@ -7352,7 +7366,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_2048_sub_in_place_32(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
             sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
         }
@@ -7365,7 +7380,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_2048_from_mp(qi, 32, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_32(tmpa, tmpa, qi);
         }
         else
@@ -7378,7 +7394,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_32(tmpa, q, tmpa);
         }
         else
@@ -7541,8 +7558,10 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_4096_from_mp(m, 64, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_4096_mod_exp_avx2_64(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_4096_mod_exp_64(r, b, e, expBits, m, 0);
@@ -7553,14 +7572,12 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 64);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -7704,13 +7721,12 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_avx2_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_avx2_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7843,13 +7859,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (td != NULL)
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return err;
@@ -7919,27 +7934,31 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_4096_from_mp(b, 64, base);
-        sp_4096_from_bin(e, 64, exp, expLen);
+        sp_4096_from_bin(e, 64, exp, (int)expLen);
         sp_4096_from_mp(m, 64, mod);
 
     #ifdef HAVE_FFDHE_4096
         if (base->used == 1 && base->dp[0] == 2 && m[63] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_4096_mod_exp_2_avx2_64(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_4096_mod_exp_2_avx2_64(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_4096_mod_exp_2_64(r, e, expLen * 8, m);
+                err = sp_4096_mod_exp_2_64(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_4096_mod_exp_avx2_64(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_4096_mod_exp_avx2_64(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_4096_mod_exp_64(r, b, e, expLen * 8, m, 0);
+                err = sp_4096_mod_exp_64(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -7954,14 +7973,12 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (b != NULL)
-        XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (e != NULL) {
         XMEMSET(e, 0, 64);
         XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (m != NULL)
-        XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     XMEMSET(e, 0, sizeof(e));
 #endif
@@ -8119,14 +8136,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
 
     (void)m;
 
-    a32[0] = a[0] & 0xffffffff;
-    a32[1] = a[0] >> 32;
-    a32[2] = a[1] & 0xffffffff;
-    a32[3] = a[1] >> 32;
-    a32[4] = a[2] & 0xffffffff;
-    a32[5] = a[2] >> 32;
-    a32[6] = a[3] & 0xffffffff;
-    a32[7] = a[3] >> 32;
+    a32[0] = (int64_t)(a[0] & 0xffffffff);
+    a32[1] = (int64_t)(a[0] >> 32);
+    a32[2] = (int64_t)(a[1] & 0xffffffff);
+    a32[3] = (int64_t)(a[1] >> 32);
+    a32[4] = (int64_t)(a[2] & 0xffffffff);
+    a32[5] = (int64_t)(a[2] >> 32);
+    a32[6] = (int64_t)(a[3] & 0xffffffff);
+    a32[7] = (int64_t)(a[3] >> 32);
 
     /*  1  1  0 -1 -1 -1 -1  0 */
     t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
@@ -8176,10 +8193,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-    r[0] = (t[1] << 32) | t[0];
-    r[1] = (t[3] << 32) | t[2];
-    r[2] = (t[5] << 32) | t[4];
-    r[3] = (t[7] << 32) | t[6];
+    r[0] = (sp_digit)((t[1] << 32) | t[0]);
+    r[1] = (sp_digit)((t[3] << 32) | t[2]);
+    r[2] = (sp_digit)((t[5] << 32) | t[4]);
+    r[3] = (sp_digit)((t[7] << 32) | t[6]);
 
     return MP_OKAY;
 }
@@ -8421,7 +8438,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -8554,7 +8571,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -8563,7 +8580,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -8980,8 +8997,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
         sp_256_mont_sub_4(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -8998,7 +9015,7 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -9170,8 +9187,8 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -9188,7 +9205,7 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -9357,13 +9374,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_6[66] = {
+static const word8 recode_index_4_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -9372,7 +9389,7 @@ static const uint8_t recode_index_4_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_6[66] = {
+static const word8 recode_neg_4_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -9390,7 +9407,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -9399,7 +9416,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -9413,12 +9430,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_6[y];
         v[i].neg = recode_neg_4_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -9575,10 +9592,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -9728,7 +9743,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_avx2_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -9737,7 +9752,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_avx2_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -10100,8 +10115,8 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
         sp_256_mont_sub_avx2_4(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10118,7 +10133,7 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -10290,8 +10305,8 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10308,7 +10323,7 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -10610,10 +10625,8 @@ static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -10683,8 +10696,8 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r,
         sp_256_mont_sub_4(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10701,7 +10714,7 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -10812,8 +10825,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -10942,10 +10954,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -10966,7 +10976,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -10979,8 +10989,10 @@ static THREAD_LS_T int sp_cache_256_last = -1;
 static THREAD_LS_T int sp_cache_256_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_256 = 0;
-    static wolfSSL_Mutex sp_cache_256_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_256_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_256_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -10992,7 +11004,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -11078,10 +11090,12 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -11171,8 +11185,8 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r,
         sp_256_mont_sub_avx2_4(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -11189,7 +11203,7 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -11300,8 +11314,7 @@ static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11416,10 +11429,8 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11459,10 +11470,12 @@ static int sp_256_ecc_mulmod_avx2_4(sp_point_256* r, const sp_point_256* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_256 == 0) {
             wc_InitMutex(&sp_cache_256_lock);
             initCacheMutex_256 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_256_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -11538,8 +11551,10 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_256_point_from_ecc_point_4(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, map, 1, heap);
@@ -11549,10 +11564,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -11620,24 +11633,30 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(point, point, addP, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_map_avx2_4(point, point, tmp);
+            }
             else
 #endif
                 sp_256_map_4(point, point, tmp);
@@ -11647,10 +11666,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -12030,7 +12047,7 @@ static int sp_256_ecc_mulmod_base_avx2_4(sp_point_256* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_7[130] = {
+static const word8 recode_index_4_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -12043,7 +12060,7 @@ static const uint8_t recode_index_4_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_7[130] = {
+static const word8 recode_neg_4_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -12065,7 +12082,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -12074,7 +12091,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -12088,12 +12105,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_7[y];
         v[i].neg = recode_neg_4_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -24156,7 +24173,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
             p->infinity = !v[i].i;
             sp_256_sub_4(negy, p256_mod, p->y);
             sp_256_norm_4(negy);
-            sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg);
+            sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_256_proj_point_add_qz1_4(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -24177,8 +24194,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24290,7 +24306,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
             p->infinity = !v[i].i;
             sp_256_sub_4(negy, p256_mod, p->y);
             sp_256_norm_4(negy);
-            sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg);
+            sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_256_proj_point_add_qz1_avx2_4(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -24311,8 +24327,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24377,8 +24392,10 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_256_from_mp(k, 4, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, map, 1, heap);
@@ -24388,10 +24405,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24457,24 +24472,30 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(point, point, addP, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_map_avx2_4(point, point, tmp);
+            }
             else
 #endif
                 sp_256_map_4(point, point, tmp);
@@ -24484,10 +24505,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24548,6 +24567,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[32];
 
@@ -24564,6 +24584,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -24624,8 +24649,10 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, NULL);
@@ -24634,7 +24661,8 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(infinity, point, p256_order, 1, 1,
                                                                           NULL);
         }
@@ -24657,12 +24685,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24832,8 +24857,10 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_256_from_mp(k, 4, priv);
         sp_256_point_from_ecc_point_4(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, 1, 1, heap);
@@ -24844,10 +24871,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -24966,8 +24991,8 @@ static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -25034,7 +25059,7 @@ static WC_INLINE int sp_256_div_4(const sp_digit* a, const sp_digit* d, sp_digit
 #endif
         sp_256_cond_sub_4(&t1[4], &t1[4], d, (sp_digit)0 - r1);
     for (i = 3; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[4 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[4 + i] == div);
         sp_digit hi = t1[4 + i] + mask;
         r1 = div_256_word_4(hi, t1[4 + i - 1], div);
         r1 |= mask;
@@ -25096,13 +25121,13 @@ static void sp_256_mont_mul_order_4(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
 #else
 /* The low half of the order-2 of the P256 curve. */
-static const uint64_t p256_order_low[2] = {
+static const word64 p256_order_low[2] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -25580,8 +25605,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_mul_avx2_4(k, k, p256_norm_order);
+    }
     else
 #endif
         sp_256_mul_4(k, k, p256_norm_order);
@@ -25591,8 +25618,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_inv_order_avx2_4(kInv, k, tmp);
+        }
         else
 #endif
             sp_256_mont_inv_order_4(kInv, k, tmp);
@@ -25600,8 +25629,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mul_avx2_4(x, x, r);
+        }
         else
 #endif
             sp_256_mul_4(x, x, r);
@@ -25619,8 +25650,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_order_avx2_4(s, s, kInv);
+        }
         else
 #endif
             sp_256_mont_mul_order_4(s, s, kInv);
@@ -25708,8 +25741,10 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, heap);
@@ -25971,7 +26006,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_proj_point_add_avx2_4(p1, p1, p2, tmp);
     }
     else
@@ -25980,7 +26016,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2,
     if (sp_256_iszero_4(p1->z)) {
         if (sp_256_iszero_4(p1->x) && sp_256_iszero_4(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_proj_point_dbl_avx2_4(p1, p2, tmp);
             }
             else
@@ -26018,7 +26055,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
 
 #ifndef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_mod_inv_avx2_4(s, s, p256_order);
     }
     else
@@ -26029,7 +26067,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mul_avx2_4(s, s, p256_norm_order);
         }
         else
@@ -26043,7 +26082,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         sp_256_norm_4(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_inv_order_avx2_4(s, s, tmp);
             sp_256_mont_mul_order_avx2_4(u1, u1, s);
             sp_256_mont_mul_order_avx2_4(u2, u2, s);
@@ -26057,7 +26097,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_order_avx2_4(u1, u1, s);
             sp_256_mont_mul_order_avx2_4(u2, u2, s);
         }
@@ -26069,7 +26110,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(p1, u1, 0, 0, heap);
         }
         else
@@ -26083,8 +26125,10 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(p2, p2, u2, 0, 0, heap);
@@ -26186,14 +26230,18 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_sqr_avx2_4(p1->z, p1->z, p256_mod, p256_mp_mod);
+        }
         else
 #endif
             sp_256_mont_sqr_4(p1->z, p1->z, p256_mod, p256_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod, p256_mp_mod);
+        }
         else
 #endif
             sp_256_mont_mul_4(u1, u2, p1->z, p256_mod, p256_mp_mod);
@@ -26216,7 +26264,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod,
                         p256_mp_mod);
                 }
@@ -26231,10 +26280,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26441,8 +26488,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26481,8 +26527,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26572,8 +26617,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(p, pub, p256_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(p, pub, p256_order, 1, 1, heap);
@@ -26588,8 +26635,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_256_ecc_mulmod_base_avx2_4(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_256_ecc_mulmod_base_4(p, priv, 1, 1, heap);
@@ -26603,10 +26652,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26675,8 +26722,10 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_256_iszero_4(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(p, p, q, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(p, p, q, tmp);
@@ -26693,10 +26742,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26751,8 +26798,10 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_256_iszero_4(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_dbl_avx2_4(p, p, tmp);
+        }
         else
 #endif
             sp_256_proj_point_dbl_4(p, p, tmp);
@@ -26769,10 +26818,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26823,8 +26870,10 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_256_iszero_4(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_map_avx2_4(p, p, tmp);
+        }
         else
 #endif
             sp_256_map_4(p, p, tmp);
@@ -26841,10 +26890,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26880,7 +26927,8 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
         t2 = t1 + 2 * 4;
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             /* t2 = y ^ 0x2 */
             sp_256_mont_sqr_avx2_4(t2, y, p256_mod, p256_mp_mod);
             /* t1 = y ^ 0x3 */
@@ -26947,8 +26995,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -26990,7 +27037,8 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_sqr_avx2_4(y, x, p256_mod, p256_mp_mod);
             sp_256_mont_mul_avx2_4(y, y, x, p256_mod, p256_mp_mod);
         }
@@ -27023,8 +27071,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27191,18 +27238,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
     if (err == MP_OKAY) {
         a32 = t + 12;
 
-        a32[0] = a[0] & 0xffffffff;
-        a32[1] = a[0] >> 32;
-        a32[2] = a[1] & 0xffffffff;
-        a32[3] = a[1] >> 32;
-        a32[4] = a[2] & 0xffffffff;
-        a32[5] = a[2] >> 32;
-        a32[6] = a[3] & 0xffffffff;
-        a32[7] = a[3] >> 32;
-        a32[8] = a[4] & 0xffffffff;
-        a32[9] = a[4] >> 32;
-        a32[10] = a[5] & 0xffffffff;
-        a32[11] = a[5] >> 32;
+        a32[0] = (int64_t)(a[0] & 0xffffffff);
+        a32[1] = (int64_t)(a[0] >> 32);
+        a32[2] = (int64_t)(a[1] & 0xffffffff);
+        a32[3] = (int64_t)(a[1] >> 32);
+        a32[4] = (int64_t)(a[2] & 0xffffffff);
+        a32[5] = (int64_t)(a[2] >> 32);
+        a32[6] = (int64_t)(a[3] & 0xffffffff);
+        a32[7] = (int64_t)(a[3] >> 32);
+        a32[8] = (int64_t)(a[4] & 0xffffffff);
+        a32[9] = (int64_t)(a[4] >> 32);
+        a32[10] = (int64_t)(a[5] & 0xffffffff);
+        a32[11] = (int64_t)(a[5] >> 32);
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
         t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11];
@@ -27257,17 +27304,16 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = (t[1] << 32) | t[0];
-        r[1] = (t[3] << 32) | t[2];
-        r[2] = (t[5] << 32) | t[4];
-        r[3] = (t[7] << 32) | t[6];
-        r[4] = (t[9] << 32) | t[8];
-        r[5] = (t[11] << 32) | t[10];
+        r[0] = (sp_digit)((t[1] << 32) | t[0]);
+        r[1] = (sp_digit)((t[3] << 32) | t[2]);
+        r[2] = (sp_digit)((t[5] << 32) | t[4]);
+        r[3] = (sp_digit)((t[7] << 32) | t[6]);
+        r[4] = (sp_digit)((t[9] << 32) | t[8]);
+        r[5] = (sp_digit)((t[11] << 32) | t[10]);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -27547,7 +27593,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -27675,7 +27721,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -27684,7 +27730,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -28107,8 +28153,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
         sp_384_mont_sub_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28125,7 +28171,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -28299,8 +28345,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28317,7 +28363,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -28489,13 +28535,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_6[66] = {
+static const word8 recode_index_6_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -28504,7 +28550,7 @@ static const uint8_t recode_index_6_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_6[66] = {
+static const word8 recode_neg_6_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -28522,7 +28568,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -28531,7 +28577,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -28545,12 +28591,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_6[y];
         v[i].neg = recode_neg_6_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -28707,10 +28753,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -28896,7 +28940,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_avx2_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -28905,7 +28949,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_avx2_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29280,8 +29324,8 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
         sp_384_mont_sub_avx2_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29298,7 +29342,7 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29472,8 +29516,8 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29490,7 +29534,7 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29795,10 +29839,8 @@ static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -29871,8 +29913,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
         sp_384_mont_sub_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29889,7 +29931,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30000,8 +30042,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30130,10 +30171,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30154,7 +30193,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30167,8 +30206,10 @@ static THREAD_LS_T int sp_cache_384_last = -1;
 static THREAD_LS_T int sp_cache_384_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_384 = 0;
-    static wolfSSL_Mutex sp_cache_384_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_384_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_384_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -30180,7 +30221,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -30266,10 +30307,12 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -30362,8 +30405,8 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r,
         sp_384_mont_sub_avx2_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30380,7 +30423,7 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30491,8 +30534,7 @@ static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30607,10 +30649,8 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30650,10 +30690,12 @@ static int sp_384_ecc_mulmod_avx2_6(sp_point_384* r, const sp_point_384* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_384 == 0) {
             wc_InitMutex(&sp_cache_384_lock);
             initCacheMutex_384 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_384_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -30729,8 +30771,10 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_384_point_from_ecc_point_6(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, map, 1, heap);
@@ -30740,10 +30784,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -30811,24 +30853,30 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(point, point, addP, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_map_avx2_6(point, point, tmp);
+            }
             else
 #endif
                 sp_384_map_6(point, point, tmp);
@@ -30838,10 +30886,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -31221,7 +31267,7 @@ static int sp_384_ecc_mulmod_base_avx2_6(sp_point_384* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_7[130] = {
+static const word8 recode_index_6_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -31234,7 +31280,7 @@ static const uint8_t recode_index_6_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_7[130] = {
+static const word8 recode_neg_6_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -31256,7 +31302,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -31265,7 +31311,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -31279,12 +31325,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_7[y];
         v[i].neg = recode_neg_6_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -49161,7 +49207,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
             p->infinity = !v[i].i;
             sp_384_sub_6(negy, p384_mod, p->y);
             sp_384_norm_6(negy);
-            sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg);
+            sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_384_proj_point_add_qz1_6(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -49182,8 +49228,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49295,7 +49340,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
             p->infinity = !v[i].i;
             sp_384_sub_6(negy, p384_mod, p->y);
             sp_384_norm_6(negy);
-            sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg);
+            sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_384_proj_point_add_qz1_avx2_6(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -49316,8 +49361,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49382,8 +49426,10 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_384_from_mp(k, 6, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, map, 1, heap);
@@ -49393,10 +49439,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49462,24 +49506,30 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(point, point, addP, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_map_avx2_6(point, point, tmp);
+            }
             else
 #endif
                 sp_384_map_6(point, point, tmp);
@@ -49489,10 +49539,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49553,6 +49601,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[48];
 
@@ -49569,6 +49618,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -49629,8 +49683,10 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, NULL);
@@ -49639,7 +49695,8 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(infinity, point, p384_order, 1, 1,
                                                                           NULL);
         }
@@ -49662,12 +49719,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49837,8 +49891,10 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_384_from_mp(k, 6, priv);
         sp_384_point_from_ecc_point_6(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, 1, 1, heap);
@@ -49849,10 +49905,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -49971,8 +50025,8 @@ static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -50041,7 +50095,7 @@ static WC_INLINE int sp_384_div_6(const sp_digit* a, const sp_digit* d, sp_digit
 #endif
         sp_384_cond_sub_6(&t1[6], &t1[6], d, (sp_digit)0 - r1);
     for (i = 5; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[6 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[6 + i] == div);
         sp_digit hi = t1[6 + i] + mask;
         r1 = div_384_word_6(hi, t1[6 + i - 1], div);
         r1 |= mask;
@@ -50102,13 +50156,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -50443,8 +50497,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_384_mul_avx2_6(k, k, p384_norm_order);
+    }
     else
 #endif
         sp_384_mul_6(k, k, p384_norm_order);
@@ -50454,8 +50510,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_inv_order_avx2_6(kInv, k, tmp);
+        }
         else
 #endif
             sp_384_mont_inv_order_6(kInv, k, tmp);
@@ -50463,8 +50521,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mul_avx2_6(x, x, r);
+        }
         else
 #endif
             sp_384_mul_6(x, x, r);
@@ -50482,8 +50542,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_order_avx2_6(s, s, kInv);
+        }
         else
 #endif
             sp_384_mont_mul_order_6(s, s, kInv);
@@ -50571,8 +50633,10 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, heap);
@@ -50923,7 +50987,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_384_proj_point_add_avx2_6(p1, p1, p2, tmp);
     }
     else
@@ -50932,7 +50997,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2,
     if (sp_384_iszero_6(p1->z)) {
         if (sp_384_iszero_6(p1->x) && sp_384_iszero_6(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_proj_point_dbl_avx2_6(p1, p2, tmp);
             }
             else
@@ -50976,7 +51042,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mul_avx2_6(s, s, p384_norm_order);
         }
         else
@@ -50990,7 +51057,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         sp_384_norm_6(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_inv_order_avx2_6(s, s, tmp);
             sp_384_mont_mul_order_avx2_6(u1, u1, s);
             sp_384_mont_mul_order_avx2_6(u2, u2, s);
@@ -51004,7 +51072,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_order_avx2_6(u1, u1, s);
             sp_384_mont_mul_order_avx2_6(u2, u2, s);
         }
@@ -51016,7 +51085,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(p1, u1, 0, 0, heap);
         }
         else
@@ -51030,8 +51100,10 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(p2, p2, u2, 0, 0, heap);
@@ -51133,14 +51205,18 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_sqr_avx2_6(p1->z, p1->z, p384_mod, p384_mp_mod);
+        }
         else
 #endif
             sp_384_mont_sqr_6(p1->z, p1->z, p384_mod, p384_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod, p384_mp_mod);
+        }
         else
 #endif
             sp_384_mont_mul_6(u1, u2, p1->z, p384_mod, p384_mp_mod);
@@ -51163,7 +51239,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod,
                         p384_mp_mod);
                 }
@@ -51178,10 +51255,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51388,8 +51463,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51428,8 +51502,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51519,8 +51592,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(p, pub, p384_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(p, pub, p384_order, 1, 1, heap);
@@ -51535,8 +51610,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_384_ecc_mulmod_base_avx2_6(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_384_ecc_mulmod_base_6(p, priv, 1, 1, heap);
@@ -51550,10 +51627,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51622,8 +51697,10 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_384_iszero_6(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(p, p, q, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(p, p, q, tmp);
@@ -51640,10 +51717,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51698,8 +51773,10 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_384_iszero_6(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_dbl_avx2_6(p, p, tmp);
+        }
         else
 #endif
             sp_384_proj_point_dbl_6(p, p, tmp);
@@ -51716,10 +51793,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51770,8 +51845,10 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_384_iszero_6(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_map_avx2_6(p, p, tmp);
+        }
         else
 #endif
             sp_384_map_6(p, p, tmp);
@@ -51788,10 +51865,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51832,7 +51907,8 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
         t5 = t1 + 8 * 6;
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             /* t2 = y ^ 0x2 */
             sp_384_mont_sqr_avx2_6(t2, y, p384_mod, p384_mp_mod);
             /* t1 = y ^ 0x3 */
@@ -51949,8 +52025,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -51992,7 +52067,8 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_sqr_avx2_6(y, x, p384_mod, p384_mp_mod);
             sp_384_mont_mul_avx2_6(y, y, x, p384_mod, p384_mp_mod);
         }
@@ -52025,8 +52101,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -52428,7 +52503,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -52574,7 +52649,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -52583,7 +52658,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -53008,8 +53083,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -53026,7 +53101,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -53200,8 +53275,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -53218,7 +53293,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -53390,13 +53465,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -53405,7 +53480,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -53423,7 +53498,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -53432,7 +53507,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -53446,12 +53521,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -53608,10 +53683,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -53774,7 +53847,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_avx2_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -53783,7 +53856,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_avx2_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -54158,8 +54231,8 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
         sp_521_mont_sub_avx2_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54176,7 +54249,7 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -54350,8 +54423,8 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54368,7 +54441,7 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -54673,10 +54746,8 @@ static int sp_521_ecc_mulmod_win_add_sub_avx2_9(sp_point_521* r, const sp_point_
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -54749,8 +54820,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54767,7 +54838,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -54878,8 +54949,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55008,10 +55078,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55032,7 +55100,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -55045,8 +55113,10 @@ static THREAD_LS_T int sp_cache_521_last = -1;
 static THREAD_LS_T int sp_cache_521_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_521 = 0;
-    static wolfSSL_Mutex sp_cache_521_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_521_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_521_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -55058,7 +55128,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -55144,10 +55214,12 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -55240,8 +55312,8 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r,
         sp_521_mont_sub_avx2_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -55258,7 +55330,7 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -55369,8 +55441,7 @@ static int sp_521_gen_stripe_table_avx2_9(const sp_point_521* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55485,10 +55556,8 @@ static int sp_521_ecc_mulmod_stripe_avx2_9(sp_point_521* r, const sp_point_521*
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55528,10 +55597,12 @@ static int sp_521_ecc_mulmod_avx2_9(sp_point_521* r, const sp_point_521* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_521 == 0) {
             wc_InitMutex(&sp_cache_521_lock);
             initCacheMutex_521 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_521_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -55607,8 +55678,10 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_521_point_from_ecc_point_9(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, map, 1, heap);
@@ -55618,10 +55691,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -55689,24 +55760,30 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(point, point, addP, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_map_avx2_9(point, point, tmp);
+            }
             else
 #endif
                 sp_521_map_9(point, point, tmp);
@@ -55716,10 +55793,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -56225,7 +56300,7 @@ static int sp_521_ecc_mulmod_base_avx2_9(sp_point_521* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_7[130] = {
+static const word8 recode_index_9_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -56238,7 +56313,7 @@ static const uint8_t recode_index_9_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_7[130] = {
+static const word8 recode_neg_9_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -56260,7 +56335,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -56269,7 +56344,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -56283,12 +56358,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_7[y];
         v[i].neg = recode_neg_9_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -90225,7 +90300,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
             p->infinity = !v[i].i;
             sp_521_sub_9(negy, p521_mod, p->y);
             sp_521_norm_9(negy);
-            sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg);
+            sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_521_proj_point_add_qz1_9(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -90246,8 +90321,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90359,7 +90433,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521
             p->infinity = !v[i].i;
             sp_521_sub_9(negy, p521_mod, p->y);
             sp_521_norm_9(negy);
-            sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg);
+            sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_521_proj_point_add_qz1_avx2_9(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -90380,8 +90454,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521
     #endif
     }
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90446,8 +90519,10 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_521_from_mp(k, 9, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, map, 1, heap);
@@ -90457,10 +90532,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90526,24 +90599,30 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(point, point, addP, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_map_avx2_9(point, point, tmp);
+            }
             else
 #endif
                 sp_521_map_9(point, point, tmp);
@@ -90553,10 +90632,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90617,6 +90694,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
  */
 static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
 {
+#ifndef WC_NO_RNG
     int err;
     byte buf[66];
 
@@ -90634,6 +90712,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k)
     while (err == 0);
 
     return err;
+#else
+    (void)rng;
+    (void)k;
+    return NOT_COMPILED_IN;
+#endif
 }
 
 /* Makes a random EC key pair.
@@ -90694,8 +90777,10 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, NULL);
@@ -90704,7 +90789,8 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(infinity, point, p521_order, 1, 1,
                                                                           NULL);
         }
@@ -90727,12 +90813,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL) {
-        /* point is not sensitive, so no need to zeroize */
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
-    }
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    /* point is not sensitive, so no need to zeroize */
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -90902,8 +90985,10 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_521_from_mp(k, 9, priv);
         sp_521_point_from_ecc_point_9(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, 1, 1, heap);
@@ -90914,10 +90999,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -91057,8 +91140,8 @@ static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -91194,14 +91277,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -91563,8 +91646,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_521_mul_avx2_9(k, k, p521_norm_order);
+    }
     else
 #endif
         sp_521_mul_9(k, k, p521_norm_order);
@@ -91574,8 +91659,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_inv_order_avx2_9(kInv, k, tmp);
+        }
         else
 #endif
             sp_521_mont_inv_order_9(kInv, k, tmp);
@@ -91583,8 +91670,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mul_avx2_9(x, x, r);
+        }
         else
 #endif
             sp_521_mul_9(x, x, r);
@@ -91602,8 +91691,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_order_avx2_9(s, s, kInv);
+        }
         else
 #endif
             sp_521_mont_mul_order_9(s, s, kInv);
@@ -91691,8 +91782,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, heap);
@@ -92051,7 +92144,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_521_proj_point_add_avx2_9(p1, p1, p2, tmp);
     }
     else
@@ -92060,7 +92154,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2,
     if (sp_521_iszero_9(p1->z)) {
         if (sp_521_iszero_9(p1->x) && sp_521_iszero_9(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_proj_point_dbl_avx2_9(p1, p2, tmp);
             }
             else
@@ -92107,7 +92202,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mul_avx2_9(s, s, p521_norm_order);
         }
         else
@@ -92121,7 +92217,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         sp_521_norm_9(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_inv_order_avx2_9(s, s, tmp);
             sp_521_mont_mul_order_avx2_9(u1, u1, s);
             sp_521_mont_mul_order_avx2_9(u2, u2, s);
@@ -92135,7 +92232,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_order_avx2_9(u1, u1, s);
             sp_521_mont_mul_order_avx2_9(u2, u2, s);
         }
@@ -92147,7 +92245,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(p1, u1, 0, 0, heap);
         }
         else
@@ -92161,8 +92260,10 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(p2, p2, u2, 0, 0, heap);
@@ -92268,14 +92369,18 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_sqr_avx2_9(p1->z, p1->z, p521_mod, p521_mp_mod);
+        }
         else
 #endif
             sp_521_mont_sqr_9(p1->z, p1->z, p521_mod, p521_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod, p521_mp_mod);
+        }
         else
 #endif
             sp_521_mont_mul_9(u1, u2, p1->z, p521_mod, p521_mp_mod);
@@ -92298,7 +92403,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod,
                         p521_mp_mod);
                 }
@@ -92313,10 +92419,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (u1 != NULL)
-        XFREE(u1, heap, DYNAMIC_TYPE_ECC);
-    if (p1 != NULL)
-        XFREE(p1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(p1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92526,8 +92630,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92566,8 +92669,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92657,8 +92759,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(p, pub, p521_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(p, pub, p521_order, 1, 1, heap);
@@ -92673,8 +92777,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_521_ecc_mulmod_base_avx2_9(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_521_ecc_mulmod_base_9(p, priv, 1, 1, heap);
@@ -92688,10 +92794,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92760,8 +92864,10 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_521_iszero_9(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(p, p, q, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(p, p, q, tmp);
@@ -92778,10 +92884,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92836,8 +92940,10 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_521_iszero_9(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_dbl_avx2_9(p, p, tmp);
+        }
         else
 #endif
             sp_521_proj_point_dbl_9(p, p, tmp);
@@ -92854,10 +92960,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92908,8 +93012,10 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_521_iszero_9(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_map_avx2_9(p, p, tmp);
+        }
         else
 #endif
             sp_521_map_9(p, p, tmp);
@@ -92926,10 +93032,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (tmp != NULL)
-        XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
-    if (p != NULL)
-        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(p, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -92937,7 +93041,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -92969,7 +93073,8 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     if (err == MP_OKAY) {
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             int i;
 
             XMEMCPY(t, y, sizeof(sp_digit) * 9);
@@ -92996,8 +93101,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(t, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -93039,7 +93143,8 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_sqr_avx2_9(y, x, p521_mod, p521_mp_mod);
             sp_521_mont_mul_avx2_9(y, y, x, p521_mod, p521_mp_mod);
         }
@@ -93072,8 +93177,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (x != NULL)
-        XFREE(x, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(x, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -93279,8 +93383,8 @@ static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -93362,7 +93466,7 @@ static WC_INLINE int sp_1024_div_16(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_1024_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1);
     for (i = 15; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[16 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[16 + i] == div);
         sp_digit hi = t1[16 + i] + mask;
         r1 = div_1024_word_16(hi, t1[16 + i - 1], div);
         r1 |= mask;
@@ -93481,16 +93585,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap)
 {
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-/* If valid pointer then clear point data if requested and free data. */
+    /* If valid pointer then clear point data if requested and free data. */
     if (p != NULL) {
-        if (clear != 0) {
+        if (clear) {
             XMEMSET(p, 0, sizeof(*p));
         }
         XFREE(p, heap, DYNAMIC_TYPE_ECC);
     }
 #else
-/* Clear point data if requested. */
-    if ((p != NULL) && (clear != 0)) {
+    /* Clear point data if requested. */
+    if ((p != NULL) && clear) {
         XMEMSET(p, 0, sizeof(*p));
     }
 #endif
@@ -93738,7 +93842,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -93828,7 +93932,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -93837,7 +93941,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -94265,8 +94369,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -94283,7 +94387,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -94457,8 +94561,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -94475,7 +94579,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -94647,13 +94751,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_16_7[130] = {
+static const word8 recode_index_16_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -94666,7 +94770,7 @@ static const uint8_t recode_index_16_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_16_7[130] = {
+static const word8 recode_neg_16_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -94688,7 +94792,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -94697,7 +94801,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -94711,12 +94815,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 16) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_16_7[y];
         v[i].neg = recode_neg_16_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -94863,10 +94967,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -94977,7 +95079,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_avx2_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -94986,7 +95088,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_avx2_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -95385,8 +95487,8 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
         sp_1024_mont_sub_avx2_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95403,7 +95505,7 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -95577,8 +95679,8 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95595,7 +95697,7 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -95904,10 +96006,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_poi
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (tmp != NULL)
-        XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -95980,8 +96080,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95998,7 +96098,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -96109,8 +96209,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96209,10 +96308,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96232,7 +96329,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -96245,8 +96342,10 @@ static THREAD_LS_T int sp_cache_1024_last = -1;
 static THREAD_LS_T int sp_cache_1024_inited = 0;
 
 #ifndef HAVE_THREAD_LS
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
     static volatile int initCacheMutex_1024 = 0;
-    static wolfSSL_Mutex sp_cache_1024_lock;
+    #endif
+    static wolfSSL_Mutex sp_cache_1024_lock WOLFSSL_MUTEX_INITIALIZER_CLAUSE(sp_cache_1024_lock);
 #endif
 
 /* Get the cache entry for the point.
@@ -96258,7 +96357,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -96344,10 +96443,12 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -96440,8 +96541,8 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r,
         sp_1024_mont_sub_avx2_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -96458,7 +96559,7 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -96569,8 +96670,7 @@ static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96669,10 +96769,8 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (rt != NULL)
-        XFREE(rt, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(rt, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -96711,10 +96809,12 @@ static int sp_1024_ecc_mulmod_avx2_16(sp_point_1024* r, const sp_point_1024* g,
 #endif
 #ifndef HAVE_THREAD_LS
     if (err == MP_OKAY) {
+        #ifndef WOLFSSL_MUTEX_INITIALIZER
         if (initCacheMutex_1024 == 0) {
             wc_InitMutex(&sp_cache_1024_lock);
             initCacheMutex_1024 = 1;
         }
+        #endif
         if (wc_LockMutex(&sp_cache_1024_lock) != 0) {
             err = BAD_MUTEX_E;
         }
@@ -96790,8 +96890,10 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_1024_point_from_ecc_point_16(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_avx2_16(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_16(point, point, k, map, 1, heap);
@@ -96801,10 +96903,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100223,8 +100323,10 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_1024_from_mp(k, 16, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_base_avx2_16(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_base_16(point, k, map, 1, heap);
@@ -100234,10 +100336,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100303,24 +100403,30 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_base_avx2_16(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_base_16(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_1024_proj_point_add_avx2_16(point, point, addP, tmp);
+        }
         else
 #endif
             sp_1024_proj_point_add_16(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_1024_map_avx2_16(point, point, tmp);
+            }
             else
 #endif
                 sp_1024_map_16(point, point, tmp);
@@ -100330,10 +100436,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100370,7 +100474,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -100394,9 +100498,11 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     if (err == MP_OKAY) {
         sp_1024_point_from_ecc_point_16(point, gm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_gen_stripe_table_avx2_16(point,
                 (sp_table_entry_1024*)table, t, heap);
+        }
         else
 #endif
             err = sp_1024_gen_stripe_table_16(point,
@@ -100407,10 +100513,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t != NULL)
-        XFREE(t, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100436,7 +100540,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -100495,9 +100599,11 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
 
 #ifndef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_stripe_avx2_16(point, point,
                 (const sp_table_entry_1024*)table, k, map, 0, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_stripe_16(point, point,
@@ -100512,10 +100618,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (k != NULL)
-        XFREE(k, heap, DYNAMIC_TYPE_ECC);
-    if (point != NULL)
-        XFREE(point, heap, DYNAMIC_TYPE_ECC);
+    XFREE(k, heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -100662,9 +100766,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102304,9 +102406,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102454,9 +102554,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102553,9 +102651,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return err;
 }
@@ -102954,9 +103050,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -103381,9 +103475,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int*
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -103755,9 +103847,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -104155,9 +104245,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -104223,7 +104311,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -104452,7 +104540,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -104559,9 +104647,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(neg, 1, NULL);
     sp_1024_point_free_16(c, 1, NULL);
@@ -104754,9 +104840,7 @@ static int sp_Pairing_precomp_x64_1024(const ecc_point* pm, const ecc_point* qm,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -104787,7 +104871,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -104989,7 +105073,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -105096,9 +105180,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(neg, 1, NULL);
     sp_1024_point_free_16(c, 1, NULL);
@@ -105291,9 +105373,7 @@ static int sp_Pairing_precomp_avx2_1024(const ecc_point* pm, const ecc_point* qm
 
 #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \
     defined(WOLFSSL_SP_SMALL_STACK)
-    if (td != NULL) {
-        XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     sp_1024_point_free_16(c, 1, NULL);
     sp_1024_point_free_16(q, 1, NULL);
@@ -105453,7 +105533,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_16(t1, p1024_mod);
-        sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
+        sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63));
         sp_1024_norm_16(t1);
         if (!sp_1024_iszero_16(t1)) {
             err = MP_VAL;
@@ -105461,8 +105541,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (t1 != NULL)
-        XFREE(t1, heap, DYNAMIC_TYPE_ECC);
+    XFREE(t1, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -105501,8 +105580,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
@@ -105592,8 +105670,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_avx2_16(p, pub, p1024_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_16(p, pub, p1024_order, 1, 1, heap);
@@ -105608,8 +105688,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_1024_ecc_mulmod_base_avx2_16(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_1024_ecc_mulmod_base_16(p, priv, 1, 1, heap);
@@ -105623,10 +105705,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
-    if (pub != NULL)
-        XFREE(pub, heap, DYNAMIC_TYPE_ECC);
-    if (priv != NULL)
-        XFREE(priv, heap, DYNAMIC_TYPE_ECC);
+    XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+    XFREE(priv, heap, DYNAMIC_TYPE_ECC);
 #endif
 
     return err;
diff --git a/wolfcrypt/src/sp_x86_64_asm.S b/wolfcrypt/src/sp_x86_64_asm.S
index 6879391de..795d8de17 100644
--- a/wolfcrypt/src/sp_x86_64_asm.S
+++ b/wolfcrypt/src/sp_x86_64_asm.S
@@ -1,6 +1,6 @@
 /* sp_x86_64_asm.S */
 /*
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -59047,15 +59047,23 @@ _sp_256_mod_inv_avx2_4:
         movq	8(%rsi), %r11
         movq	16(%rsi), %r12
         movq	24(%rsi), %r13
-        vmovupd	0+L_sp256_mod_inv_avx2_4_order(%rip), %ymm6
-        vmovupd	32+L_sp256_mod_inv_avx2_4_order(%rip), %ymm7
-        vmovupd	0+L_sp256_mod_inv_avx2_4_one(%rip), %ymm8
-        vmovupd	0+L_sp256_mod_inv_avx2_4_mask01111(%rip), %ymm9
-        vmovupd	0+L_sp256_mod_inv_avx2_4_all_one(%rip), %ymm10
-        vmovupd	0+L_sp256_mod_inv_avx2_4_down_one_dword(%rip), %ymm11
-        vmovupd	0+L_sp256_mod_inv_avx2_4_neg(%rip), %ymm12
-        vmovupd	0+L_sp256_mod_inv_avx2_4_up_one_dword(%rip), %ymm13
-        vmovupd	0+L_sp256_mod_inv_avx2_4_mask26(%rip), %ymm14
+        leaq	L_sp256_mod_inv_avx2_4_order(%rip), %rbx
+        vmovupd	(%rbx), %ymm6
+        vmovupd	32(%rbx), %ymm7
+        leaq	L_sp256_mod_inv_avx2_4_one(%rip), %rbx
+        vmovupd	(%rbx), %ymm8
+        leaq	L_sp256_mod_inv_avx2_4_mask01111(%rip), %rbx
+        vmovupd	(%rbx), %ymm9
+        leaq	L_sp256_mod_inv_avx2_4_all_one(%rip), %rbx
+        vmovupd	(%rbx), %ymm10
+        leaq	L_sp256_mod_inv_avx2_4_down_one_dword(%rip), %rbx
+        vmovupd	(%rbx), %ymm11
+        leaq	L_sp256_mod_inv_avx2_4_neg(%rip), %rbx
+        vmovupd	(%rbx), %ymm12
+        leaq	L_sp256_mod_inv_avx2_4_up_one_dword(%rip), %rbx
+        vmovupd	(%rbx), %ymm13
+        leaq	L_sp256_mod_inv_avx2_4_mask26(%rip), %rbx
+        vmovupd	(%rbx), %ymm14
         vpxor	%xmm0, %xmm0, %xmm0
         vpxor	%xmm1, %xmm1, %xmm1
         vmovdqu	%ymm8, %ymm2
diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm
index fa6558cc9..4df93a976 100644
--- a/wolfcrypt/src/sp_x86_64_asm.asm
+++ b/wolfcrypt/src/sp_x86_64_asm.asm
@@ -1,6 +1,6 @@
 ; /* sp_x86_64_asm.asm */
 ; /*
-;  * Copyright (C) 2006-2023 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
@@ -9712,14 +9712,14 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_2048_get_from_table_16 PROC
         sub	rsp, 128
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
         mov	rax, 1
         movd	xmm10, r8
         movd	xmm11, rax
@@ -9736,10 +9736,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9753,10 +9753,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+8]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9770,10 +9770,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+16]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9787,10 +9787,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+24]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9804,10 +9804,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+32]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9821,10 +9821,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+40]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9838,10 +9838,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+48]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9855,10 +9855,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+56]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9872,10 +9872,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+64]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9889,10 +9889,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+72]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9906,10 +9906,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+80]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9923,10 +9923,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+88]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9940,10 +9940,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+96]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9957,10 +9957,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+104]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9974,10 +9974,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+112]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -9991,10 +9991,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+120]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10008,10 +10008,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+128]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10025,10 +10025,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+136]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10042,10 +10042,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+144]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10059,10 +10059,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+152]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10076,10 +10076,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+160]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10093,10 +10093,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+168]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10110,10 +10110,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+176]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10127,10 +10127,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+184]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10144,10 +10144,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+192]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10161,10 +10161,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+200]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10178,10 +10178,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+208]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10195,10 +10195,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+216]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10212,10 +10212,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+224]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10229,10 +10229,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+232]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10246,10 +10246,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+240]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10263,10 +10263,10 @@ sp_2048_get_from_table_16 PROC
         mov	r9, QWORD PTR [rdx+248]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10276,10 +10276,10 @@ sp_2048_get_from_table_16 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 0-7
         ; START: 8-15
@@ -10293,10 +10293,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10311,10 +10311,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10329,10 +10329,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10347,10 +10347,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10365,10 +10365,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10383,10 +10383,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10401,10 +10401,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10419,10 +10419,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10437,10 +10437,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10455,10 +10455,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10473,10 +10473,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10491,10 +10491,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10509,10 +10509,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10527,10 +10527,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10545,10 +10545,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10563,10 +10563,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10581,10 +10581,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10599,10 +10599,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10617,10 +10617,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10635,10 +10635,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10653,10 +10653,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10671,10 +10671,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10689,10 +10689,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10707,10 +10707,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10725,10 +10725,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10743,10 +10743,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10761,10 +10761,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10779,10 +10779,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10797,10 +10797,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10815,10 +10815,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10833,10 +10833,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10851,10 +10851,10 @@ sp_2048_get_from_table_16 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -10864,19 +10864,19 @@ sp_2048_get_from_table_16 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         ; END: 8-15
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
         add	rsp, 128
         ret
 sp_2048_get_from_table_16 ENDP
@@ -13169,14 +13169,14 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_2048_get_from_table_32 PROC
         sub	rsp, 128
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
         mov	rax, 1
         movd	xmm10, r8
         movd	xmm11, rax
@@ -13193,10 +13193,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13210,10 +13210,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+8]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13227,10 +13227,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+16]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13244,10 +13244,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+24]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13261,10 +13261,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+32]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13278,10 +13278,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+40]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13295,10 +13295,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+48]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13312,10 +13312,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+56]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13329,10 +13329,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+64]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13346,10 +13346,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+72]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13363,10 +13363,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+80]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13380,10 +13380,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+88]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13397,10 +13397,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+96]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13414,10 +13414,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+104]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13431,10 +13431,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+112]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13448,10 +13448,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+120]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13465,10 +13465,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+128]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13482,10 +13482,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+136]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13499,10 +13499,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+144]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13516,10 +13516,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+152]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13533,10 +13533,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+160]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13550,10 +13550,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+168]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13567,10 +13567,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+176]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13584,10 +13584,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+184]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13601,10 +13601,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+192]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13618,10 +13618,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+200]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13635,10 +13635,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+208]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13652,10 +13652,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+216]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13669,10 +13669,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+224]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13686,10 +13686,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+232]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13703,10 +13703,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+240]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13720,10 +13720,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+248]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13737,10 +13737,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+256]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13754,10 +13754,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+264]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13771,10 +13771,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+272]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13788,10 +13788,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+280]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13805,10 +13805,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+288]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13822,10 +13822,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+296]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13839,10 +13839,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+304]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13856,10 +13856,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+312]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13873,10 +13873,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+320]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13890,10 +13890,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+328]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13907,10 +13907,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+336]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13924,10 +13924,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+344]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13941,10 +13941,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+352]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13958,10 +13958,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+360]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13975,10 +13975,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+368]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -13992,10 +13992,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+376]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14009,10 +14009,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+384]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14026,10 +14026,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+392]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14043,10 +14043,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+400]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14060,10 +14060,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+408]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14077,10 +14077,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+416]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14094,10 +14094,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+424]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14111,10 +14111,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+432]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14128,10 +14128,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+440]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14145,10 +14145,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+448]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14162,10 +14162,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+456]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14179,10 +14179,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+464]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14196,10 +14196,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+472]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14213,10 +14213,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+480]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14230,10 +14230,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+488]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14247,10 +14247,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+496]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14264,10 +14264,10 @@ sp_2048_get_from_table_32 PROC
         mov	r9, QWORD PTR [rdx+504]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14277,10 +14277,10 @@ sp_2048_get_from_table_32 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 0-7
         ; START: 8-15
@@ -14294,10 +14294,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14312,10 +14312,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14330,10 +14330,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14348,10 +14348,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14366,10 +14366,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14384,10 +14384,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14402,10 +14402,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14420,10 +14420,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14438,10 +14438,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14456,10 +14456,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14474,10 +14474,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14492,10 +14492,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14510,10 +14510,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14528,10 +14528,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14546,10 +14546,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14564,10 +14564,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14582,10 +14582,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14600,10 +14600,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14618,10 +14618,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14636,10 +14636,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14654,10 +14654,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14672,10 +14672,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14690,10 +14690,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14708,10 +14708,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14726,10 +14726,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14744,10 +14744,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14762,10 +14762,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14780,10 +14780,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14798,10 +14798,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14816,10 +14816,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14834,10 +14834,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14852,10 +14852,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14870,10 +14870,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14888,10 +14888,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14906,10 +14906,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14924,10 +14924,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14942,10 +14942,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14960,10 +14960,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14978,10 +14978,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -14996,10 +14996,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15014,10 +15014,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15032,10 +15032,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15050,10 +15050,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15068,10 +15068,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15086,10 +15086,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15104,10 +15104,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15122,10 +15122,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15140,10 +15140,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15158,10 +15158,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15176,10 +15176,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15194,10 +15194,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15212,10 +15212,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15230,10 +15230,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15248,10 +15248,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15266,10 +15266,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15284,10 +15284,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15302,10 +15302,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15320,10 +15320,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15338,10 +15338,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15356,10 +15356,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15374,10 +15374,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15392,10 +15392,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15410,10 +15410,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15428,10 +15428,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15441,10 +15441,10 @@ sp_2048_get_from_table_32 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 8-15
         ; START: 16-23
@@ -15458,10 +15458,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15476,10 +15476,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15494,10 +15494,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15512,10 +15512,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15530,10 +15530,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15548,10 +15548,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15566,10 +15566,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15584,10 +15584,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15602,10 +15602,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15620,10 +15620,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15638,10 +15638,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15656,10 +15656,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15674,10 +15674,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15692,10 +15692,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15710,10 +15710,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15728,10 +15728,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15746,10 +15746,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15764,10 +15764,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15782,10 +15782,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15800,10 +15800,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15818,10 +15818,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15836,10 +15836,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15854,10 +15854,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15872,10 +15872,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15890,10 +15890,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15908,10 +15908,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15926,10 +15926,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15944,10 +15944,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15962,10 +15962,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15980,10 +15980,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -15998,10 +15998,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16016,10 +16016,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16034,10 +16034,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16052,10 +16052,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16070,10 +16070,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16088,10 +16088,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16106,10 +16106,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16124,10 +16124,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16142,10 +16142,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16160,10 +16160,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16178,10 +16178,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16196,10 +16196,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16214,10 +16214,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16232,10 +16232,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16250,10 +16250,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16268,10 +16268,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16286,10 +16286,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16304,10 +16304,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16322,10 +16322,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16340,10 +16340,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16358,10 +16358,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16376,10 +16376,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16394,10 +16394,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16412,10 +16412,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16430,10 +16430,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16448,10 +16448,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16466,10 +16466,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16484,10 +16484,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16502,10 +16502,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16520,10 +16520,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16538,10 +16538,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16556,10 +16556,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16574,10 +16574,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16592,10 +16592,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16605,10 +16605,10 @@ sp_2048_get_from_table_32 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 16-23
         ; START: 24-31
@@ -16622,10 +16622,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16640,10 +16640,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16658,10 +16658,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16676,10 +16676,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16694,10 +16694,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16712,10 +16712,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16730,10 +16730,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16748,10 +16748,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16766,10 +16766,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16784,10 +16784,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16802,10 +16802,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16820,10 +16820,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16838,10 +16838,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16856,10 +16856,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16874,10 +16874,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16892,10 +16892,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16910,10 +16910,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16928,10 +16928,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16946,10 +16946,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16964,10 +16964,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -16982,10 +16982,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17000,10 +17000,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17018,10 +17018,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17036,10 +17036,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17054,10 +17054,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17072,10 +17072,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17090,10 +17090,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17108,10 +17108,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17126,10 +17126,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17144,10 +17144,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17162,10 +17162,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17180,10 +17180,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17198,10 +17198,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17216,10 +17216,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17234,10 +17234,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17252,10 +17252,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17270,10 +17270,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17288,10 +17288,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17306,10 +17306,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17324,10 +17324,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17342,10 +17342,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17360,10 +17360,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17378,10 +17378,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17396,10 +17396,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17414,10 +17414,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17432,10 +17432,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17450,10 +17450,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17468,10 +17468,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17486,10 +17486,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17504,10 +17504,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17522,10 +17522,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17540,10 +17540,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17558,10 +17558,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17576,10 +17576,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17594,10 +17594,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17612,10 +17612,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17630,10 +17630,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17648,10 +17648,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17666,10 +17666,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17684,10 +17684,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17702,10 +17702,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17720,10 +17720,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17738,10 +17738,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17756,10 +17756,10 @@ sp_2048_get_from_table_32 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -17769,19 +17769,19 @@ sp_2048_get_from_table_32 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         ; END: 24-31
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
         add	rsp, 128
         ret
 sp_2048_get_from_table_32 ENDP
@@ -20598,8 +20598,8 @@ _text SEGMENT READONLY PARA
 sp_2048_lshift_32 PROC
         push	r12
         push	r13
-        mov	cl, r8b
         mov	rax, rcx
+        mov	cl, r8b
         mov	r12, 0
         mov	r13, QWORD PTR [rdx+216]
         mov	r8, QWORD PTR [rdx+224]
@@ -31837,14 +31837,14 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_3072_get_from_table_24 PROC
         sub	rsp, 128
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
         mov	rax, 1
         movd	xmm10, r8
         movd	xmm11, rax
@@ -31861,10 +31861,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31878,10 +31878,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+8]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31895,10 +31895,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+16]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31912,10 +31912,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+24]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31929,10 +31929,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+32]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31946,10 +31946,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+40]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31963,10 +31963,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+48]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31980,10 +31980,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+56]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -31997,10 +31997,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+64]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32014,10 +32014,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+72]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32031,10 +32031,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+80]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32048,10 +32048,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+88]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32065,10 +32065,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+96]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32082,10 +32082,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+104]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32099,10 +32099,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+112]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32116,10 +32116,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+120]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32133,10 +32133,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+128]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32150,10 +32150,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+136]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32167,10 +32167,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+144]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32184,10 +32184,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+152]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32201,10 +32201,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+160]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32218,10 +32218,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+168]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32235,10 +32235,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+176]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32252,10 +32252,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+184]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32269,10 +32269,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+192]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32286,10 +32286,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+200]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32303,10 +32303,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+208]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32320,10 +32320,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+216]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32337,10 +32337,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+224]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32354,10 +32354,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+232]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32371,10 +32371,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+240]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32388,10 +32388,10 @@ sp_3072_get_from_table_24 PROC
         mov	r9, QWORD PTR [rdx+248]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32401,10 +32401,10 @@ sp_3072_get_from_table_24 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 0-7
         ; START: 8-15
@@ -32418,10 +32418,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32436,10 +32436,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32454,10 +32454,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32472,10 +32472,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32490,10 +32490,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32508,10 +32508,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32526,10 +32526,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32544,10 +32544,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32562,10 +32562,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32580,10 +32580,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32598,10 +32598,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32616,10 +32616,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32634,10 +32634,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32652,10 +32652,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32670,10 +32670,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32688,10 +32688,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32706,10 +32706,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32724,10 +32724,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32742,10 +32742,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32760,10 +32760,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32778,10 +32778,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32796,10 +32796,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32814,10 +32814,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32832,10 +32832,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32850,10 +32850,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32868,10 +32868,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32886,10 +32886,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32904,10 +32904,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32922,10 +32922,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32940,10 +32940,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32958,10 +32958,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32976,10 +32976,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -32989,10 +32989,10 @@ sp_3072_get_from_table_24 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 8-15
         ; START: 16-23
@@ -33006,10 +33006,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33024,10 +33024,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33042,10 +33042,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33060,10 +33060,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33078,10 +33078,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33096,10 +33096,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33114,10 +33114,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33132,10 +33132,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33150,10 +33150,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33168,10 +33168,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33186,10 +33186,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33204,10 +33204,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33222,10 +33222,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33240,10 +33240,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33258,10 +33258,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33276,10 +33276,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33294,10 +33294,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33312,10 +33312,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33330,10 +33330,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33348,10 +33348,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33366,10 +33366,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33384,10 +33384,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33402,10 +33402,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33420,10 +33420,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33438,10 +33438,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33456,10 +33456,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33474,10 +33474,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33492,10 +33492,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33510,10 +33510,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33528,10 +33528,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33546,10 +33546,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33564,10 +33564,10 @@ sp_3072_get_from_table_24 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -33577,19 +33577,19 @@ sp_3072_get_from_table_24 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         ; END: 16-23
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
         add	rsp, 128
         ret
 sp_3072_get_from_table_24 ENDP
@@ -36853,14 +36853,14 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_3072_get_from_table_48 PROC
         sub	rsp, 128
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
         mov	rax, 1
         movd	xmm10, r8
         movd	xmm11, rax
@@ -36877,10 +36877,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36894,10 +36894,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+8]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36911,10 +36911,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+16]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36928,10 +36928,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+24]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36945,10 +36945,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+32]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36962,10 +36962,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+40]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36979,10 +36979,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+48]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -36996,10 +36996,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+56]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37013,10 +37013,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+64]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37030,10 +37030,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+72]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37047,10 +37047,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+80]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37064,10 +37064,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+88]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37081,10 +37081,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+96]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37098,10 +37098,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+104]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37115,10 +37115,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+112]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37132,10 +37132,10 @@ sp_3072_get_from_table_48 PROC
         mov	r9, QWORD PTR [rdx+120]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37145,10 +37145,10 @@ sp_3072_get_from_table_48 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 0-7
         ; START: 8-15
@@ -37162,10 +37162,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37180,10 +37180,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37198,10 +37198,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37216,10 +37216,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37234,10 +37234,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37252,10 +37252,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37270,10 +37270,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37288,10 +37288,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37306,10 +37306,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37324,10 +37324,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37342,10 +37342,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37360,10 +37360,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37378,10 +37378,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37396,10 +37396,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37414,10 +37414,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37432,10 +37432,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37445,10 +37445,10 @@ sp_3072_get_from_table_48 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 8-15
         ; START: 16-23
@@ -37462,10 +37462,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37480,10 +37480,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37498,10 +37498,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37516,10 +37516,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37534,10 +37534,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37552,10 +37552,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37570,10 +37570,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37588,10 +37588,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37606,10 +37606,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37624,10 +37624,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37642,10 +37642,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37660,10 +37660,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37678,10 +37678,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37696,10 +37696,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37714,10 +37714,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37732,10 +37732,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37745,10 +37745,10 @@ sp_3072_get_from_table_48 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 16-23
         ; START: 24-31
@@ -37762,10 +37762,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37780,10 +37780,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37798,10 +37798,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37816,10 +37816,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37834,10 +37834,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37852,10 +37852,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37870,10 +37870,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37888,10 +37888,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37906,10 +37906,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37924,10 +37924,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37942,10 +37942,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37960,10 +37960,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37978,10 +37978,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -37996,10 +37996,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38014,10 +38014,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38032,10 +38032,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38045,10 +38045,10 @@ sp_3072_get_from_table_48 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 24-31
         ; START: 32-39
@@ -38062,10 +38062,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38080,10 +38080,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38098,10 +38098,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38116,10 +38116,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38134,10 +38134,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38152,10 +38152,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38170,10 +38170,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38188,10 +38188,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38206,10 +38206,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38224,10 +38224,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38242,10 +38242,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38260,10 +38260,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38278,10 +38278,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38296,10 +38296,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38314,10 +38314,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38332,10 +38332,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38345,10 +38345,10 @@ sp_3072_get_from_table_48 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 32-39
         ; START: 40-47
@@ -38362,10 +38362,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38380,10 +38380,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38398,10 +38398,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38416,10 +38416,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38434,10 +38434,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38452,10 +38452,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38470,10 +38470,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38488,10 +38488,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38506,10 +38506,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38524,10 +38524,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38542,10 +38542,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38560,10 +38560,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38578,10 +38578,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38596,10 +38596,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38614,10 +38614,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38632,10 +38632,10 @@ sp_3072_get_from_table_48 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -38645,19 +38645,19 @@ sp_3072_get_from_table_48 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         ; END: 40-47
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
         add	rsp, 128
         ret
 sp_3072_get_from_table_48 ENDP
@@ -40446,8 +40446,8 @@ _text SEGMENT READONLY PARA
 sp_3072_lshift_48 PROC
         push	r12
         push	r13
-        mov	cl, r8b
         mov	rax, rcx
+        mov	cl, r8b
         mov	r12, 0
         mov	r13, QWORD PTR [rdx+344]
         mov	r8, QWORD PTR [rdx+352]
@@ -49224,14 +49224,14 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_4096_get_from_table_64 PROC
         sub	rsp, 128
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
         mov	rax, 1
         movd	xmm10, r8
         movd	xmm11, rax
@@ -49248,10 +49248,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49265,10 +49265,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+8]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49282,10 +49282,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+16]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49299,10 +49299,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+24]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49316,10 +49316,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+32]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49333,10 +49333,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+40]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49350,10 +49350,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+48]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49367,10 +49367,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+56]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49384,10 +49384,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+64]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49401,10 +49401,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+72]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49418,10 +49418,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+80]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49435,10 +49435,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+88]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49452,10 +49452,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+96]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49469,10 +49469,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+104]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49486,10 +49486,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+112]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49503,10 +49503,10 @@ sp_4096_get_from_table_64 PROC
         mov	r9, QWORD PTR [rdx+120]
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49516,10 +49516,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 0-7
         ; START: 8-15
@@ -49533,10 +49533,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49551,10 +49551,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49569,10 +49569,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49587,10 +49587,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49605,10 +49605,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49623,10 +49623,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49641,10 +49641,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49659,10 +49659,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49677,10 +49677,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49695,10 +49695,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49713,10 +49713,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49731,10 +49731,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49749,10 +49749,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49767,10 +49767,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49785,10 +49785,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49803,10 +49803,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 64
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49816,10 +49816,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 8-15
         ; START: 16-23
@@ -49833,10 +49833,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49851,10 +49851,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49869,10 +49869,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49887,10 +49887,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49905,10 +49905,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49923,10 +49923,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49941,10 +49941,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49959,10 +49959,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49977,10 +49977,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -49995,10 +49995,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50013,10 +50013,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50031,10 +50031,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50049,10 +50049,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50067,10 +50067,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50085,10 +50085,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50103,10 +50103,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 128
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50116,10 +50116,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 16-23
         ; START: 24-31
@@ -50133,10 +50133,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50151,10 +50151,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50169,10 +50169,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50187,10 +50187,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50205,10 +50205,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50223,10 +50223,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50241,10 +50241,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50259,10 +50259,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50277,10 +50277,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50295,10 +50295,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50313,10 +50313,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50331,10 +50331,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50349,10 +50349,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50367,10 +50367,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50385,10 +50385,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50403,10 +50403,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 192
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50416,10 +50416,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 24-31
         ; START: 32-39
@@ -50433,10 +50433,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50451,10 +50451,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50469,10 +50469,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50487,10 +50487,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50505,10 +50505,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50523,10 +50523,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50541,10 +50541,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50559,10 +50559,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50577,10 +50577,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50595,10 +50595,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50613,10 +50613,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50631,10 +50631,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50649,10 +50649,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50667,10 +50667,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50685,10 +50685,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50703,10 +50703,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 256
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50716,10 +50716,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 32-39
         ; START: 40-47
@@ -50733,10 +50733,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50751,10 +50751,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50769,10 +50769,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50787,10 +50787,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50805,10 +50805,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50823,10 +50823,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50841,10 +50841,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50859,10 +50859,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50877,10 +50877,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50895,10 +50895,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50913,10 +50913,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50931,10 +50931,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50949,10 +50949,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50967,10 +50967,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -50985,10 +50985,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51003,10 +51003,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 320
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51016,10 +51016,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 40-47
         ; START: 48-55
@@ -51033,10 +51033,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51051,10 +51051,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51069,10 +51069,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51087,10 +51087,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51105,10 +51105,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51123,10 +51123,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51141,10 +51141,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51159,10 +51159,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51177,10 +51177,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51195,10 +51195,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51213,10 +51213,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51231,10 +51231,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51249,10 +51249,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51267,10 +51267,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51285,10 +51285,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51303,10 +51303,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 384
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51316,10 +51316,10 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         add	rcx, 64
         ; END: 48-55
         ; START: 56-63
@@ -51333,10 +51333,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51351,10 +51351,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51369,10 +51369,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51387,10 +51387,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51405,10 +51405,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51423,10 +51423,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51441,10 +51441,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51459,10 +51459,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51477,10 +51477,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51495,10 +51495,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51513,10 +51513,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51531,10 +51531,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51549,10 +51549,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51567,10 +51567,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51585,10 +51585,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51603,10 +51603,10 @@ sp_4096_get_from_table_64 PROC
         add	r9, 448
         movdqu	xmm12, xmm13
         pcmpeqd	xmm12, xmm10
-        movdqu	xmm0, [r9]
-        movdqu	xmm1, [r9+16]
-        movdqu	xmm2, [r9+32]
-        movdqu	xmm3, [r9+48]
+        movdqu	xmm0, OWORD PTR [r9]
+        movdqu	xmm1, OWORD PTR [r9+16]
+        movdqu	xmm2, OWORD PTR [r9+32]
+        movdqu	xmm3, OWORD PTR [r9+48]
         pand	xmm0, xmm12
         pand	xmm1, xmm12
         pand	xmm2, xmm12
@@ -51616,19 +51616,19 @@ sp_4096_get_from_table_64 PROC
         por	xmm6, xmm2
         por	xmm7, xmm3
         paddd	xmm13, xmm11
-        movdqu	[rcx], xmm4
-        movdqu	[rcx+16], xmm5
-        movdqu	[rcx+32], xmm6
-        movdqu	[rcx+48], xmm7
+        movdqu	OWORD PTR [rcx], xmm4
+        movdqu	OWORD PTR [rcx+16], xmm5
+        movdqu	OWORD PTR [rcx+32], xmm6
+        movdqu	OWORD PTR [rcx+48], xmm7
         ; END: 56-63
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
         add	rsp, 128
         ret
 sp_4096_get_from_table_64 ENDP
@@ -53973,8 +53973,8 @@ _text SEGMENT READONLY PARA
 sp_4096_lshift_64 PROC
         push	r12
         push	r13
-        mov	cl, r8b
         mov	rax, rcx
+        mov	cl, r8b
         mov	r12, 0
         mov	r13, QWORD PTR [rdx+472]
         mov	r8, QWORD PTR [rdx+480]
@@ -55726,16 +55726,16 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_256_get_point_33_4 PROC
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         mov	rax, 1
         movd	xmm13, r8d
         add	rdx, 200
@@ -55755,12 +55755,12 @@ L_256_get_point_33_4_start_1:
         movdqa	xmm12, xmm14
         paddd	xmm14, xmm15
         pcmpeqd	xmm12, xmm13
-        movdqu	xmm6, [rdx]
-        movdqu	xmm7, [rdx+16]
-        movdqu	xmm8, [rdx+64]
-        movdqu	xmm9, [rdx+80]
-        movdqu	xmm10, [rdx+128]
-        movdqu	xmm11, [rdx+144]
+        movdqu	xmm6, OWORD PTR [rdx]
+        movdqu	xmm7, OWORD PTR [rdx+16]
+        movdqu	xmm8, OWORD PTR [rdx+64]
+        movdqu	xmm9, OWORD PTR [rdx+80]
+        movdqu	xmm10, OWORD PTR [rdx+128]
+        movdqu	xmm11, OWORD PTR [rdx+144]
         add	rdx, 200
         pand	xmm6, xmm12
         pand	xmm7, xmm12
@@ -55776,22 +55776,22 @@ L_256_get_point_33_4_start_1:
         por	xmm5, xmm11
         dec	rax
         jnz	L_256_get_point_33_4_start_1
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+64], xmm2
-        movdqu	[rcx+80], xmm3
-        movdqu	[rcx+128], xmm4
-        movdqu	[rcx+144], xmm5
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+64], xmm2
+        movdqu	OWORD PTR [rcx+80], xmm3
+        movdqu	OWORD PTR [rcx+128], xmm4
+        movdqu	OWORD PTR [rcx+144], xmm5
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         ret
 sp_256_get_point_33_4 ENDP
@@ -56442,12 +56442,12 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_256_get_entry_64_4 PROC
         sub	rsp, 96
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
         ; From entry 1
         mov	rax, 1
         movd	xmm9, r8d
@@ -56466,10 +56466,10 @@ L_256_get_entry_64_4_start_0:
         movdqa	xmm8, xmm10
         paddd	xmm10, xmm11
         pcmpeqd	xmm8, xmm9
-        movdqu	xmm4, [rdx]
-        movdqu	xmm5, [rdx+16]
-        movdqu	xmm6, [rdx+32]
-        movdqu	xmm7, [rdx+48]
+        movdqu	xmm4, OWORD PTR [rdx]
+        movdqu	xmm5, OWORD PTR [rdx+16]
+        movdqu	xmm6, OWORD PTR [rdx+32]
+        movdqu	xmm7, OWORD PTR [rdx+48]
         add	rdx, 64
         pand	xmm4, xmm8
         pand	xmm5, xmm8
@@ -56481,16 +56481,16 @@ L_256_get_entry_64_4_start_0:
         por	xmm3, xmm7
         dec	rax
         jnz	L_256_get_entry_64_4_start_0
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+64], xmm2
-        movdqu	[rcx+80], xmm3
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+64], xmm2
+        movdqu	OWORD PTR [rcx+80], xmm3
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
         add	rsp, 96
         ret
 sp_256_get_entry_64_4 ENDP
@@ -56550,12 +56550,12 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_256_get_entry_65_4 PROC
         sub	rsp, 96
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
         ; From entry 1
         mov	rax, 1
         movd	xmm9, r8d
@@ -56574,10 +56574,10 @@ L_256_get_entry_65_4_start_0:
         movdqa	xmm8, xmm10
         paddd	xmm10, xmm11
         pcmpeqd	xmm8, xmm9
-        movdqu	xmm4, [rdx]
-        movdqu	xmm5, [rdx+16]
-        movdqu	xmm6, [rdx+32]
-        movdqu	xmm7, [rdx+48]
+        movdqu	xmm4, OWORD PTR [rdx]
+        movdqu	xmm5, OWORD PTR [rdx+16]
+        movdqu	xmm6, OWORD PTR [rdx+32]
+        movdqu	xmm7, OWORD PTR [rdx+48]
         add	rdx, 64
         pand	xmm4, xmm8
         pand	xmm5, xmm8
@@ -56589,16 +56589,16 @@ L_256_get_entry_65_4_start_0:
         por	xmm3, xmm7
         dec	rax
         jnz	L_256_get_entry_65_4_start_0
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+64], xmm2
-        movdqu	[rcx+80], xmm3
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+64], xmm2
+        movdqu	OWORD PTR [rcx+80], xmm3
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
         add	rsp, 96
         ret
 sp_256_get_entry_65_4 ENDP
@@ -57715,22 +57715,22 @@ sp_256_mod_inv_avx2_4 PROC
         mov	r13, QWORD PTR [rdx+8]
         mov	r14, QWORD PTR [rdx+16]
         mov	r15, QWORD PTR [rdx+24]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_order
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_order]
         vmovupd	ymm6, YMMWORD PTR [rbx]
         vmovupd	ymm7, YMMWORD PTR [rbx+32]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_one
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_one]
         vmovupd	ymm8, YMMWORD PTR [rbx]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_mask01111
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_mask01111]
         vmovupd	ymm9, YMMWORD PTR [rbx]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_all_one
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_all_one]
         vmovupd	ymm10, YMMWORD PTR [rbx]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_down_one_dword
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_down_one_dword]
         vmovupd	ymm11, YMMWORD PTR [rbx]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_neg
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_neg]
         vmovupd	ymm12, YMMWORD PTR [rbx]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_up_one_dword
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_up_one_dword]
         vmovupd	ymm13, YMMWORD PTR [rbx]
-        mov	rbx, ptr_L_sp256_mod_inv_avx2_4_mask26
+        mov	rbx, QWORD PTR [ptr_L_sp256_mod_inv_avx2_4_mask26]
         vmovupd	ymm14, YMMWORD PTR [rbx]
         vpxor	xmm0, xmm0, xmm0
         vpxor	xmm1, xmm1, xmm1
@@ -59734,16 +59734,16 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_384_get_point_33_6 PROC
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         mov	rax, 1
         movd	xmm13, r8d
         add	rdx, 296
@@ -59763,12 +59763,12 @@ L_384_get_point_33_6_start_1:
         movdqa	xmm12, xmm14
         paddd	xmm14, xmm15
         pcmpeqd	xmm12, xmm13
-        movdqu	xmm6, [rdx]
-        movdqu	xmm7, [rdx+16]
-        movdqu	xmm8, [rdx+32]
-        movdqu	xmm9, [rdx+96]
-        movdqu	xmm10, [rdx+112]
-        movdqu	xmm11, [rdx+128]
+        movdqu	xmm6, OWORD PTR [rdx]
+        movdqu	xmm7, OWORD PTR [rdx+16]
+        movdqu	xmm8, OWORD PTR [rdx+32]
+        movdqu	xmm9, OWORD PTR [rdx+96]
+        movdqu	xmm10, OWORD PTR [rdx+112]
+        movdqu	xmm11, OWORD PTR [rdx+128]
         add	rdx, 296
         pand	xmm6, xmm12
         pand	xmm7, xmm12
@@ -59784,12 +59784,12 @@ L_384_get_point_33_6_start_1:
         por	xmm5, xmm11
         dec	rax
         jnz	L_384_get_point_33_6_start_1
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+32], xmm2
-        movdqu	[rcx+96], xmm3
-        movdqu	[rcx+112], xmm4
-        movdqu	[rcx+128], xmm5
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+32], xmm2
+        movdqu	OWORD PTR [rcx+96], xmm3
+        movdqu	OWORD PTR [rcx+112], xmm4
+        movdqu	OWORD PTR [rcx+128], xmm5
         mov	rax, 1
         movd	xmm13, r8d
         sub	rdx, 9472
@@ -59806,9 +59806,9 @@ L_384_get_point_33_6_start_2:
         movdqa	xmm12, xmm14
         paddd	xmm14, xmm15
         pcmpeqd	xmm12, xmm13
-        movdqu	xmm6, [rdx+192]
-        movdqu	xmm7, [rdx+208]
-        movdqu	xmm8, [rdx+224]
+        movdqu	xmm6, OWORD PTR [rdx+192]
+        movdqu	xmm7, OWORD PTR [rdx+208]
+        movdqu	xmm8, OWORD PTR [rdx+224]
         add	rdx, 296
         pand	xmm6, xmm12
         pand	xmm7, xmm12
@@ -59818,19 +59818,19 @@ L_384_get_point_33_6_start_2:
         por	xmm2, xmm8
         dec	rax
         jnz	L_384_get_point_33_6_start_2
-        movdqu	[rcx+192], xmm0
-        movdqu	[rcx+208], xmm1
-        movdqu	[rcx+224], xmm2
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	OWORD PTR [rcx+192], xmm0
+        movdqu	OWORD PTR [rcx+208], xmm1
+        movdqu	OWORD PTR [rcx+224], xmm2
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         ret
 sp_384_get_point_33_6 ENDP
@@ -60368,16 +60368,16 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_384_get_entry_64_6 PROC
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         ; From entry 1
         mov	rax, 1
         movd	xmm13, r8d
@@ -60398,12 +60398,12 @@ L_384_get_entry_64_6_start_0:
         movdqa	xmm12, xmm14
         paddd	xmm14, xmm15
         pcmpeqd	xmm12, xmm13
-        movdqu	xmm6, [rdx]
-        movdqu	xmm7, [rdx+16]
-        movdqu	xmm8, [rdx+32]
-        movdqu	xmm9, [rdx+48]
-        movdqu	xmm10, [rdx+64]
-        movdqu	xmm11, [rdx+80]
+        movdqu	xmm6, OWORD PTR [rdx]
+        movdqu	xmm7, OWORD PTR [rdx+16]
+        movdqu	xmm8, OWORD PTR [rdx+32]
+        movdqu	xmm9, OWORD PTR [rdx+48]
+        movdqu	xmm10, OWORD PTR [rdx+64]
+        movdqu	xmm11, OWORD PTR [rdx+80]
         add	rdx, 96
         pand	xmm6, xmm12
         pand	xmm7, xmm12
@@ -60419,22 +60419,22 @@ L_384_get_entry_64_6_start_0:
         por	xmm5, xmm11
         dec	rax
         jnz	L_384_get_entry_64_6_start_0
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+32], xmm2
-        movdqu	[rcx+96], xmm3
-        movdqu	[rcx+112], xmm4
-        movdqu	[rcx+128], xmm5
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+32], xmm2
+        movdqu	OWORD PTR [rcx+96], xmm3
+        movdqu	OWORD PTR [rcx+112], xmm4
+        movdqu	OWORD PTR [rcx+128], xmm5
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         ret
 sp_384_get_entry_64_6 ENDP
@@ -60512,16 +60512,16 @@ IFNDEF WC_NO_CACHE_RESISTANT
 _text SEGMENT READONLY PARA
 sp_384_get_entry_65_6 PROC
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         ; From entry 1
         mov	rax, 1
         movd	xmm13, r8d
@@ -60542,12 +60542,12 @@ L_384_get_entry_65_6_start_0:
         movdqa	xmm12, xmm14
         paddd	xmm14, xmm15
         pcmpeqd	xmm12, xmm13
-        movdqu	xmm6, [rdx]
-        movdqu	xmm7, [rdx+16]
-        movdqu	xmm8, [rdx+32]
-        movdqu	xmm9, [rdx+48]
-        movdqu	xmm10, [rdx+64]
-        movdqu	xmm11, [rdx+80]
+        movdqu	xmm6, OWORD PTR [rdx]
+        movdqu	xmm7, OWORD PTR [rdx+16]
+        movdqu	xmm8, OWORD PTR [rdx+32]
+        movdqu	xmm9, OWORD PTR [rdx+48]
+        movdqu	xmm10, OWORD PTR [rdx+64]
+        movdqu	xmm11, OWORD PTR [rdx+80]
         add	rdx, 96
         pand	xmm6, xmm12
         pand	xmm7, xmm12
@@ -60563,22 +60563,22 @@ L_384_get_entry_65_6_start_0:
         por	xmm5, xmm11
         dec	rax
         jnz	L_384_get_entry_65_6_start_0
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+32], xmm2
-        movdqu	[rcx+96], xmm3
-        movdqu	[rcx+112], xmm4
-        movdqu	[rcx+128], xmm5
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+32], xmm2
+        movdqu	OWORD PTR [rcx+96], xmm3
+        movdqu	OWORD PTR [rcx+112], xmm4
+        movdqu	OWORD PTR [rcx+128], xmm5
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         ret
 sp_384_get_entry_65_6 ENDP
@@ -65054,16 +65054,16 @@ sp_521_get_point_33_9 PROC
         push	r13
         push	r14
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         mov	r14, 1
         mov	rax, 1
         movd	xmm13, r8d
@@ -65091,13 +65091,13 @@ L_521_get_point_33_9_start_1:
         sete	r9b
         neg	r9
         inc	r14
-        movdqu	xmm6, [rdx]
-        movdqu	xmm7, [rdx+16]
-        movdqu	xmm8, [rdx+32]
-        movdqu	xmm9, [rdx+48]
+        movdqu	xmm6, OWORD PTR [rdx]
+        movdqu	xmm7, OWORD PTR [rdx+16]
+        movdqu	xmm8, OWORD PTR [rdx+32]
+        movdqu	xmm9, OWORD PTR [rdx+48]
         mov	r10, QWORD PTR [rdx+64]
-        movdqu	xmm10, [rdx+144]
-        movdqu	xmm11, [rdx+160]
+        movdqu	xmm10, OWORD PTR [rdx+144]
+        movdqu	xmm11, OWORD PTR [rdx+160]
         add	rdx, 440
         pand	xmm6, xmm12
         pand	xmm7, xmm12
@@ -65115,13 +65115,13 @@ L_521_get_point_33_9_start_1:
         or	r12, r10
         dec	rax
         jnz	L_521_get_point_33_9_start_1
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+32], xmm2
-        movdqu	[rcx+48], xmm3
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+32], xmm2
+        movdqu	OWORD PTR [rcx+48], xmm3
         mov	QWORD PTR [rcx+64], r12
-        movdqu	[rcx+144], xmm4
-        movdqu	[rcx+160], xmm5
+        movdqu	OWORD PTR [rcx+144], xmm4
+        movdqu	OWORD PTR [rcx+160], xmm5
         mov	r14, 1
         mov	rax, 1
         movd	xmm13, r8d
@@ -65149,13 +65149,13 @@ L_521_get_point_33_9_start_2:
         sete	r9b
         neg	r9
         inc	r14
-        movdqu	xmm6, [rdx+176]
-        movdqu	xmm7, [rdx+192]
+        movdqu	xmm6, OWORD PTR [rdx+176]
+        movdqu	xmm7, OWORD PTR [rdx+192]
         mov	r10, QWORD PTR [rdx+208]
-        movdqu	xmm8, [rdx+288]
-        movdqu	xmm9, [rdx+304]
-        movdqu	xmm10, [rdx+320]
-        movdqu	xmm11, [rdx+336]
+        movdqu	xmm8, OWORD PTR [rdx+288]
+        movdqu	xmm9, OWORD PTR [rdx+304]
+        movdqu	xmm10, OWORD PTR [rdx+320]
+        movdqu	xmm11, OWORD PTR [rdx+336]
         mov	r11, QWORD PTR [rdx+352]
         add	rdx, 440
         pand	xmm6, xmm12
@@ -65176,24 +65176,24 @@ L_521_get_point_33_9_start_2:
         or	r13, r11
         dec	rax
         jnz	L_521_get_point_33_9_start_2
-        movdqu	[rcx+176], xmm0
-        movdqu	[rcx+192], xmm1
+        movdqu	OWORD PTR [rcx+176], xmm0
+        movdqu	OWORD PTR [rcx+192], xmm1
         mov	QWORD PTR [rcx+208], r12
-        movdqu	[rcx+288], xmm2
-        movdqu	[rcx+304], xmm3
-        movdqu	[rcx+320], xmm4
-        movdqu	[rcx+336], xmm5
+        movdqu	OWORD PTR [rcx+288], xmm2
+        movdqu	OWORD PTR [rcx+304], xmm3
+        movdqu	OWORD PTR [rcx+320], xmm4
+        movdqu	OWORD PTR [rcx+336], xmm5
         mov	QWORD PTR [rcx+352], r13
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         pop	r14
         pop	r13
@@ -66817,16 +66817,16 @@ _text SEGMENT READONLY PARA
 sp_521_get_entry_64_9 PROC
         push	r12
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         ; From entry 1
         mov	r12, 1
         mov	rax, 1
@@ -66852,10 +66852,10 @@ L_521_get_entry_64_9_start_0:
         sete	r9b
         neg	r9
         inc	r12
-        movdqu	xmm4, [rdx]
-        movdqu	xmm5, [rdx+16]
-        movdqu	xmm6, [rdx+32]
-        movdqu	xmm7, [rdx+48]
+        movdqu	xmm4, OWORD PTR [rdx]
+        movdqu	xmm5, OWORD PTR [rdx+16]
+        movdqu	xmm6, OWORD PTR [rdx+32]
+        movdqu	xmm7, OWORD PTR [rdx+48]
         mov	r10, QWORD PTR [rdx+64]
         add	rdx, 144
         pand	xmm4, xmm12
@@ -66870,10 +66870,10 @@ L_521_get_entry_64_9_start_0:
         or	r11, r10
         dec	rax
         jnz	L_521_get_entry_64_9_start_0
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+32], xmm2
-        movdqu	[rcx+48], xmm3
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+32], xmm2
+        movdqu	OWORD PTR [rcx+48], xmm3
         mov	QWORD PTR [rcx+64], r11
         ; From entry 1
         mov	r12, 1
@@ -66900,10 +66900,10 @@ L_521_get_entry_64_9_start_1:
         sete	r9b
         neg	r9
         inc	r12
-        movdqu	xmm4, [rdx]
-        movdqu	xmm5, [rdx+16]
-        movdqu	xmm6, [rdx+32]
-        movdqu	xmm7, [rdx+48]
+        movdqu	xmm4, OWORD PTR [rdx]
+        movdqu	xmm5, OWORD PTR [rdx+16]
+        movdqu	xmm6, OWORD PTR [rdx+32]
+        movdqu	xmm7, OWORD PTR [rdx+48]
         mov	r10, QWORD PTR [rdx+64]
         add	rdx, 144
         pand	xmm4, xmm12
@@ -66918,21 +66918,21 @@ L_521_get_entry_64_9_start_1:
         or	r11, r10
         dec	rax
         jnz	L_521_get_entry_64_9_start_1
-        movdqu	[rcx+144], xmm0
-        movdqu	[rcx+160], xmm1
-        movdqu	[rcx+176], xmm2
-        movdqu	[rcx+192], xmm3
+        movdqu	OWORD PTR [rcx+144], xmm0
+        movdqu	OWORD PTR [rcx+160], xmm1
+        movdqu	OWORD PTR [rcx+176], xmm2
+        movdqu	OWORD PTR [rcx+192], xmm3
         mov	QWORD PTR [rcx+208], r11
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         pop	r12
         ret
@@ -67034,16 +67034,16 @@ _text SEGMENT READONLY PARA
 sp_521_get_entry_65_9 PROC
         push	r12
         sub	rsp, 160
-        vmovdqu	OWORD PTR [rsp], xmm6
-        vmovdqu	OWORD PTR [rsp+16], xmm7
-        vmovdqu	OWORD PTR [rsp+32], xmm8
-        vmovdqu	OWORD PTR [rsp+48], xmm9
-        vmovdqu	OWORD PTR [rsp+64], xmm10
-        vmovdqu	OWORD PTR [rsp+80], xmm11
-        vmovdqu	OWORD PTR [rsp+96], xmm12
-        vmovdqu	OWORD PTR [rsp+112], xmm13
-        vmovdqu	OWORD PTR [rsp+128], xmm14
-        vmovdqu	OWORD PTR [rsp+144], xmm15
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	OWORD PTR [rsp+80], xmm11
+        movdqu	OWORD PTR [rsp+96], xmm12
+        movdqu	OWORD PTR [rsp+112], xmm13
+        movdqu	OWORD PTR [rsp+128], xmm14
+        movdqu	OWORD PTR [rsp+144], xmm15
         ; From entry 1
         mov	r12, 1
         mov	rax, 1
@@ -67069,10 +67069,10 @@ L_521_get_entry_65_9_start_0:
         sete	r9b
         neg	r9
         inc	r12
-        movdqu	xmm4, [rdx]
-        movdqu	xmm5, [rdx+16]
-        movdqu	xmm6, [rdx+32]
-        movdqu	xmm7, [rdx+48]
+        movdqu	xmm4, OWORD PTR [rdx]
+        movdqu	xmm5, OWORD PTR [rdx+16]
+        movdqu	xmm6, OWORD PTR [rdx+32]
+        movdqu	xmm7, OWORD PTR [rdx+48]
         mov	r10, QWORD PTR [rdx+64]
         add	rdx, 144
         pand	xmm4, xmm12
@@ -67087,10 +67087,10 @@ L_521_get_entry_65_9_start_0:
         or	r11, r10
         dec	rax
         jnz	L_521_get_entry_65_9_start_0
-        movdqu	[rcx], xmm0
-        movdqu	[rcx+16], xmm1
-        movdqu	[rcx+32], xmm2
-        movdqu	[rcx+48], xmm3
+        movdqu	OWORD PTR [rcx], xmm0
+        movdqu	OWORD PTR [rcx+16], xmm1
+        movdqu	OWORD PTR [rcx+32], xmm2
+        movdqu	OWORD PTR [rcx+48], xmm3
         mov	QWORD PTR [rcx+64], r11
         ; From entry 1
         mov	r12, 1
@@ -67117,10 +67117,10 @@ L_521_get_entry_65_9_start_1:
         sete	r9b
         neg	r9
         inc	r12
-        movdqu	xmm4, [rdx]
-        movdqu	xmm5, [rdx+16]
-        movdqu	xmm6, [rdx+32]
-        movdqu	xmm7, [rdx+48]
+        movdqu	xmm4, OWORD PTR [rdx]
+        movdqu	xmm5, OWORD PTR [rdx+16]
+        movdqu	xmm6, OWORD PTR [rdx+32]
+        movdqu	xmm7, OWORD PTR [rdx+48]
         mov	r10, QWORD PTR [rdx+64]
         add	rdx, 144
         pand	xmm4, xmm12
@@ -67135,21 +67135,21 @@ L_521_get_entry_65_9_start_1:
         or	r11, r10
         dec	rax
         jnz	L_521_get_entry_65_9_start_1
-        movdqu	[rcx+144], xmm0
-        movdqu	[rcx+160], xmm1
-        movdqu	[rcx+176], xmm2
-        movdqu	[rcx+192], xmm3
+        movdqu	OWORD PTR [rcx+144], xmm0
+        movdqu	OWORD PTR [rcx+160], xmm1
+        movdqu	OWORD PTR [rcx+176], xmm2
+        movdqu	OWORD PTR [rcx+192], xmm3
         mov	QWORD PTR [rcx+208], r11
-        vmovdqu	xmm6, OWORD PTR [rsp]
-        vmovdqu	xmm7, OWORD PTR [rsp+16]
-        vmovdqu	xmm8, OWORD PTR [rsp+32]
-        vmovdqu	xmm9, OWORD PTR [rsp+48]
-        vmovdqu	xmm10, OWORD PTR [rsp+64]
-        vmovdqu	xmm11, OWORD PTR [rsp+80]
-        vmovdqu	xmm12, OWORD PTR [rsp+96]
-        vmovdqu	xmm13, OWORD PTR [rsp+112]
-        vmovdqu	xmm14, OWORD PTR [rsp+128]
-        vmovdqu	xmm15, OWORD PTR [rsp+144]
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        movdqu	xmm11, OWORD PTR [rsp+80]
+        movdqu	xmm12, OWORD PTR [rsp+96]
+        movdqu	xmm13, OWORD PTR [rsp+112]
+        movdqu	xmm14, OWORD PTR [rsp+128]
+        movdqu	xmm15, OWORD PTR [rsp+144]
         add	rsp, 160
         pop	r12
         ret
@@ -67504,8 +67504,8 @@ ENDIF
 _text SEGMENT READONLY PARA
 sp_521_rshift_9 PROC
         push	r12
-        mov	rcx, r8
         mov	rax, rcx
+        mov	rcx, r8
         mov	r8, QWORD PTR [rdx]
         mov	r9, QWORD PTR [rdx+8]
         mov	r10, QWORD PTR [rdx+16]
@@ -67547,8 +67547,8 @@ _text SEGMENT READONLY PARA
 sp_521_lshift_9 PROC
         push	r12
         push	r13
-        mov	cl, r8b
         mov	rax, rcx
+        mov	cl, r8b
         mov	r12, 0
         mov	r13, QWORD PTR [rdx+32]
         mov	r8, QWORD PTR [rdx+40]
@@ -67594,8 +67594,8 @@ _text SEGMENT READONLY PARA
 sp_521_lshift_18 PROC
         push	r12
         push	r13
-        mov	cl, r8b
         mov	rax, rcx
+        mov	cl, r8b
         mov	r12, 0
         mov	r13, QWORD PTR [rdx+104]
         mov	r8, QWORD PTR [rdx+112]
diff --git a/wolfcrypt/src/sphincs.c b/wolfcrypt/src/sphincs.c
index 65bb57a9c..99340eaba 100644
--- a/wolfcrypt/src/sphincs.c
+++ b/wolfcrypt/src/sphincs.c
@@ -1,6 +1,6 @@
 /* sphincs.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,7 +58,7 @@
  *          0 otherwise.
  */
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key)
+                        sphincs_key* key, WC_RNG* rng)
 {
     int ret = 0;
 #ifdef HAVE_LIBOQS
@@ -135,6 +135,10 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -145,6 +149,8 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
@@ -237,7 +243,7 @@ int wc_sphincs_init(sphincs_key* key)
         return BAD_FUNC_ARG;
     }
 
-    ForceZero(key, sizeof(key));
+    ForceZero(key, sizeof(*key));
     return 0;
 }
 
@@ -302,7 +308,7 @@ int wc_sphincs_get_level_and_optim(sphincs_key* key, byte* level, byte* optim)
 void wc_sphincs_free(sphincs_key* key)
 {
     if (key != NULL) {
-        ForceZero(key, sizeof(key));
+        ForceZero(key, sizeof(*key));
     }
 }
 
@@ -425,7 +431,8 @@ static int parse_private_key(const byte* priv, word32 privSz,
 
     /* At this point, it is still a PKCS8 private key. */
     if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) {
-        return ret;
+        /* ignore error, did not have PKCS8 header */
+        (void)ret;
     }
 
     /* Now it is a octet_string(concat(priv,pub)) */
@@ -851,7 +858,7 @@ int wc_Sphincs_PrivateKeyDecode(const byte* input, word32* inOutIdx,
     else if ((key->level == 5) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL5k;
     }
-    if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
+    else if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
         keytype = SPHINCS_SMALL_LEVEL1k;
     }
     else if ((key->level == 3) && (key->optim == SMALL_VARIANT)) {
@@ -890,6 +897,11 @@ int wc_Sphincs_PublicKeyDecode(const byte* input, word32* inOutIdx,
         return BAD_FUNC_ARG;
     }
 
+    ret = wc_sphincs_import_public(input, inSz, key);
+    if (ret == 0) {
+        return 0;
+    }
+
     if ((key->level == 1) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL1k;
     }
@@ -899,7 +911,7 @@ int wc_Sphincs_PublicKeyDecode(const byte* input, word32* inOutIdx,
     else if ((key->level == 5) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL5k;
     }
-    if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
+    else if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
         keytype = SPHINCS_SMALL_LEVEL1k;
     }
     else if ((key->level == 3) && (key->optim == SMALL_VARIANT)) {
@@ -941,7 +953,7 @@ int wc_Sphincs_PublicKeyToDer(sphincs_key* key, byte* output, word32 inLen,
     word32 pubKeyLen = (word32)sizeof(pubKey);
     int    keytype = 0;
 
-    if (key == NULL || output == NULL) {
+    if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -954,7 +966,7 @@ int wc_Sphincs_PublicKeyToDer(sphincs_key* key, byte* output, word32 inLen,
     else if ((key->level == 5) && (key->optim == FAST_VARIANT)) {
         keytype = SPHINCS_FAST_LEVEL5k;
     }
-    if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
+    else if ((key->level == 1) && (key->optim == SMALL_VARIANT)) {
         keytype = SPHINCS_SMALL_LEVEL1k;
     }
     else if ((key->level == 3) && (key->optim == SMALL_VARIANT)) {
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index e32c35313..de0056ed6 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -1,6 +1,6 @@
 /* srp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -152,39 +152,39 @@ static int SrpHashFinal(SrpHash* hash, byte* digest)
     }
 }
 
-static word32 SrpHashSize(SrpType type)
+static int SrpHashSize(SrpType type)
 {
     switch (type) {
         case SRP_TYPE_SHA:
             #ifndef NO_SHA
                 return WC_SHA_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         case SRP_TYPE_SHA256:
             #ifndef NO_SHA256
                 return WC_SHA256_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         case SRP_TYPE_SHA384:
             #ifdef WOLFSSL_SHA384
                 return WC_SHA384_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         case SRP_TYPE_SHA512:
             #ifdef WOLFSSL_SHA512
                 return WC_SHA512_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         default:
-            return 0;
+            return ALGO_ID_E;
     }
 }
 
@@ -353,7 +353,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     byte digest2[SRP_MAX_DIGEST_SIZE];
     byte pad = 0;
     int r;
-    word32 i, j = 0;
+    word32 i;
+    int hashSize = 0;
 
     if (!srp || !N || !g || !salt || nSz < gSz)
         return BAD_FUNC_ARG;
@@ -361,6 +362,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (!srp->user)
         return SRP_CALL_ORDER_E;
 
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return hashSize;
+
     /* Set N */
     if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
         return MP_READ_E;
@@ -389,7 +394,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     srp->saltSz = saltSz;
 
     /* Set k = H(N, g) */
-            r = SrpHashInit(&hash, srp->type, srp->heap);
+    r = SrpHashInit(&hash, srp->type, srp->heap);
     if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
     for (i = 0; (word32)i < nSz - gSz; i++) {
         if (!r) r = SrpHashUpdate(&hash, &pad, 1);
@@ -414,7 +419,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
 
     /* digest1 = H(N) ^ H(g) */
     if (r == 0) {
-        for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
+        for (i = 0; i < (word32)hashSize; i++)
             digest1[i] ^= digest2[i];
     }
 
@@ -425,8 +430,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     SrpHashFree(&hash);
 
     /* client proof = H( H(N) ^ H(g) | H(user) | salt) */
-    if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j);
-    if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, (word32)hashSize);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, (word32)hashSize);
     if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz);
 
     return r;
@@ -436,7 +441,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
-    word32 digestSz;
+    int digestSz;
     int r;
 
     if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
@@ -446,6 +451,8 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
         return SRP_CALL_ORDER_E;
 
     digestSz = SrpHashSize(srp->type);
+    if (digestSz < 0)
+        return digestSz;
 
     /* digest = H(username | ':' | password) */
             r = SrpHashInit(&hash, srp->type, srp->heap);
@@ -458,12 +465,12 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
     /* digest = H(salt | H(username | ':' | password)) */
     if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
     if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
-    if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
+    if (!r) r = SrpHashUpdate(&hash, digest, (word32)digestSz);
     if (!r) r = SrpHashFinal(&hash, digest);
     SrpHashFree(&hash);
 
     /* Set x (private key) */
-    if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
+    if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, (word32)digestSz);
 
     ForceZero(digest, SRP_MAX_DIGEST_SIZE);
 
@@ -572,10 +579,15 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
 #endif
     word32 modulusSz;
     int r;
+    int hashSize;
 
     if (!srp || !pub || !size)
         return BAD_FUNC_ARG;
 
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return hashSize;
+
     if (mp_iszero(&srp->auth) == MP_YES)
         return SRP_CALL_ORDER_E;
 
@@ -616,7 +628,7 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
             {
                 r = mp_init_multi(i, j, 0, 0, 0, 0);
             }
-            if (!r) r = mp_read_unsigned_bin(i, srp->k,SrpHashSize(srp->type));
+            if (!r) r = mp_read_unsigned_bin(i, srp->k, (word32)hashSize);
             if (!r) r = mp_iszero(i) == MP_YES ? SRP_BAD_KEY_E : 0;
             if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey);
             if (!r) r = mp_mulmod(i, &srp->auth, &srp->N, j);
@@ -654,17 +666,22 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
-    word32 i, j, digestSz = SrpHashSize(srp->type);
+    word32 i, j;
+    int digestSz;
     byte counter[4];
-    int r = BAD_FUNC_ARG;
+    int r = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    digestSz = SrpHashSize(srp->type);
+    if (digestSz < 0)
+        return digestSz;
 
     XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
 
-    srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
+    srp->key = (byte*)XMALLOC(2 * (word32)digestSz, srp->heap, DYNAMIC_TYPE_SRP);
     if (srp->key == NULL)
         return MEMORY_E;
 
-    srp->keySz = 2 * digestSz;
+    srp->keySz = 2 * (word32)digestSz;
 
     for (i = j = 0; j < srp->keySz; i++) {
         counter[0] = (byte)(i >> 24);
@@ -677,7 +694,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
         if (!r) r = SrpHashUpdate(&hash, counter, 4);
 
         if (!r) {
-            if (j + digestSz > srp->keySz) {
+            if (j + (word32)digestSz > srp->keySz) {
                 r = SrpHashFinal(&hash, digest);
                 XMEMCPY(srp->key + j, digest, srp->keySz - j);
                 j = srp->keySz;
@@ -685,7 +702,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
             else
             {
                 r = SrpHashFinal(&hash, srp->key + j);
-                j += digestSz;
+                j += (word32)digestSz;
             }
         }
         SrpHashFree(&hash);
@@ -715,7 +732,8 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     mp_int u[1], s[1], temp1[1], temp2[1];
 #endif
     byte *secret = NULL;
-    word32 i, secretSz, digestSz;
+    word32 i, secretSz;
+    int digestSz;
     byte pad = 0;
     int r;
 
@@ -761,6 +779,11 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
         goto out;
 
     digestSz = SrpHashSize(srp->type);
+    if (digestSz < 0) {
+        r = digestSz;
+        goto out;
+    }
+
     secretSz = (word32)mp_unsigned_bin_size(&srp->N);
 
     if ((secretSz < clientPubKeySz) || (secretSz < serverPubKeySz)) {
@@ -795,7 +818,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     /* set u */
     if ((r = SrpHashFinal(hash, digest)))
         goto out;
-    if ((r = mp_read_unsigned_bin(u, digest, SrpHashSize(srp->type))))
+    if ((r = mp_read_unsigned_bin(u, digest, (word32)digestSz)))
         goto out;
     SrpHashFree(hash);
 
@@ -804,7 +827,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     if (srp->side == SRP_CLIENT_SIDE) {
 
         /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */
-        if ((r = mp_read_unsigned_bin(temp1, srp->k, digestSz)))
+        if ((r = mp_read_unsigned_bin(temp1, srp->k, (word32)digestSz)))
             goto out;
         if (mp_iszero(temp1) == MP_YES) {
             r = SRP_BAD_KEY_E;
@@ -903,32 +926,30 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (hash)
-        XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP);
-    if (digest)
-        XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP);
+    XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP);
+    XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP);
     if (u) {
-        if (r != MP_INIT_E)
+        if (r != WC_NO_ERR_TRACE(MP_INIT_E))
             mp_clear(u);
         XFREE(u, srp->heap, DYNAMIC_TYPE_SRP);
     }
     if (s) {
-        if (r != MP_INIT_E)
+        if (r != WC_NO_ERR_TRACE(MP_INIT_E))
             mp_clear(s);
         XFREE(s, srp->heap, DYNAMIC_TYPE_SRP);
     }
     if (temp1) {
-        if (r != MP_INIT_E)
+        if (r != WC_NO_ERR_TRACE(MP_INIT_E))
             mp_clear(temp1);
         XFREE(temp1, srp->heap, DYNAMIC_TYPE_SRP);
     }
     if (temp2) {
-        if (r != MP_INIT_E)
+        if (r != WC_NO_ERR_TRACE(MP_INIT_E))
             mp_clear(temp2);
         XFREE(temp2, srp->heap, DYNAMIC_TYPE_SRP);
     }
 #else
-    if (r != MP_INIT_E) {
+    if (r != WC_NO_ERR_TRACE(MP_INIT_E)) {
         mp_clear(u);
         mp_clear(s);
         mp_clear(temp1);
@@ -942,11 +963,16 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
 int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
 {
     int r;
+    int hashSize;
 
     if (!srp || !proof || !size)
         return BAD_FUNC_ARG;
 
-    if (*size < SrpHashSize(srp->type))
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return ALGO_ID_E;
+
+    if (*size < (word32)hashSize)
         return BUFFER_E;
 
     if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE
@@ -954,7 +980,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
                           : &srp->server_proof, proof)) != 0)
         return r;
 
-    *size = SrpHashSize(srp->type);
+    *size = (word32)hashSize;
 
     if (srp->side == SRP_CLIENT_SIDE) {
         /* server proof = H( A | client proof | K) */
@@ -969,11 +995,16 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
 {
     byte digest[SRP_MAX_DIGEST_SIZE];
     int r;
+    int hashSize;
 
     if (!srp || !proof)
         return BAD_FUNC_ARG;
 
-    if (size != SrpHashSize(srp->type))
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return ALGO_ID_E;
+
+    if (size != (word32)hashSize)
         return BUFFER_E;
 
     r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 1b07f5d59..a07fcbbe9 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -1,6 +1,6 @@
 /* tfm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -321,7 +321,7 @@ int fp_mul(fp_int *A, fp_int *B, fp_int *C)
                 goto clean; /* success */
                 break;
 
-            case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+            case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
             case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
             case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
                 /* fall back to software, below */
@@ -989,9 +989,9 @@ int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c)
   fp_digit mask;
   int i;
 
-  mask = 0 - (a->dp[0] & 1);
+  mask = (fp_digit)0 - (a->dp[0] & 1);
   for (i = 0; i < b->used; i++) {
-      fp_digit mask_a = 0 - (i < a->used);
+      fp_digit mask_a = (fp_digit)0 - (i < a->used);
 
       w         += b->dp[i] & mask;
       w         += a->dp[i] & mask_a;
@@ -1104,9 +1104,9 @@ void fp_mod_2d(fp_int *a, int b, fp_int *c)
 
    bmax = ((unsigned int)b + DIGIT_BIT - 1) / DIGIT_BIT;
 
-   /* If a is negative and bmax is larger than FP_SIZE, then the
+   /* If a is negative and bmax is greater than or equal to FP_SIZE, then the
     * result can't fit within c. Just return. */
-   if (c->sign == FP_NEG && bmax > FP_SIZE) {
+   if (c->sign == FP_NEG && bmax >= FP_SIZE) {
       return;
    }
 
@@ -3125,9 +3125,9 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
             return retHW;
             break;
 
-         case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+         case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
          case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
-         case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
+         case WC_NO_ERR_TRACE(MP_HW_VALIDATION_ACTIVE): /* use SW to compare to HW */
             /* use software calc */
             break;
 
@@ -3227,7 +3227,7 @@ int fp_exptmod_ex(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y)
          return retHW;
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -3328,7 +3328,7 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
          return retHW;
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -3440,7 +3440,7 @@ int fp_sqr(fp_int *A, fp_int *B)
                 goto clean; /* success */
                 break;
 
-            case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+            case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
             case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
             case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
                 /* fall back to software, below */
@@ -4589,10 +4589,11 @@ void fp_clear(fp_int *a)
 
 void fp_forcezero (mp_int * a)
 {
+    int size;
+
     if (a == NULL)
       return;
 
-    int size;
     a->used = 0;
     a->sign = FP_ZPOS;
 #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
@@ -4697,7 +4698,7 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
          /* successfully computed in HW */
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -5684,9 +5685,9 @@ int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap)
 
     err = fp_randprime(a, len, rng, heap);
     switch(err) {
-        case FP_VAL:
+        case WC_NO_ERR_TRACE(MP_VAL):
             return MP_VAL;
-        case FP_MEM:
+        case WC_NO_ERR_TRACE(MP_MEM):
             return MP_MEM;
         default:
             break;
@@ -5945,6 +5946,8 @@ static int fp_read_radix_16(fp_int *a, const char *str)
 {
   int     i, j, k, neg;
   int     ch;
+  /* Skip whitespace at end of line */
+  int     eol_done = 0;
 
   /* if the leading digit is a
    * minus set the sign to negative.
@@ -5961,8 +5964,11 @@ static int fp_read_radix_16(fp_int *a, const char *str)
   for (i = (int)(XSTRLEN(str) - 1); i >= 0; i--) {
       ch = (int)HexCharToByte(str[i]);
       if (ch < 0) {
+        if (!eol_done && CharIsWhiteSpace(str[i]))
+          continue;
         return FP_VAL;
       }
+      eol_done = 1;
 
       k += j == DIGIT_BIT;
       j &= DIGIT_BIT - 1;
@@ -6024,7 +6030,13 @@ static int fp_read_radix(fp_int *a, const char *str, int radix)
       }
     }
     if (y >= radix) {
-      return FP_VAL;
+      /* Check if whitespace at end of line */
+      while (CharIsWhiteSpace(*str))
+        ++str;
+      if (*str)
+        return FP_VAL;
+      else
+        break;
     }
 
     /* if the char was found in the map
@@ -6080,14 +6092,14 @@ int mp_montgomery_setup(fp_int *a, fp_digit *rho)
 
 #endif /* HAVE_ECC || (!NO_RSA && WC_RSA_BLINDING) */
 
-#ifdef HAVE_ECC
-
 /* fast math conversion */
 int mp_sqr(fp_int *A, fp_int *B)
 {
     return fp_sqr(A, B);
 }
 
+#ifdef HAVE_ECC
+
 /* fast math conversion */
 int mp_div_2(fp_int * a, fp_int * b)
 {
diff --git a/wolfcrypt/src/wc_dsp.c b/wolfcrypt/src/wc_dsp.c
index 95dfed643..4a30615a4 100644
--- a/wolfcrypt/src/wc_dsp.c
+++ b/wolfcrypt/src/wc_dsp.c
@@ -1,6 +1,6 @@
 /* wc_dsp.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,7 +38,7 @@
 #include "rpcmem.h"
 static wolfSSL_DSP_Handle_cb handle_function = NULL;
 static remote_handle64 defaultHandle;
-static wolfSSL_Mutex handle_mutex; /* mutex for access to single default handle */
+static wolfSSL_Mutex handle_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(handle_mutex); /* mutex for access to single default handle */
 
 #define WOLFSSL_HANDLE_DONE 1
 #define WOLFSSL_HANDLE_GET 0
@@ -95,11 +95,13 @@ int wolfSSL_InitHandle()
         return -1;
     }
     wolfSSL_SetHandleCb(default_handle_cb);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     ret = wc_InitMutex(&handle_mutex);
     if (ret != 0) {
         WOLFSSL_MSG("Unable to init handle mutex");
         return -1;
     }
+#endif
     return 0;
 }
 
@@ -108,7 +110,9 @@ int wolfSSL_InitHandle()
 void wolfSSL_CleanupHandle()
 {
     wolfSSL_close(defaultHandle);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     wc_FreeMutex(&handle_mutex);
+#endif
 }
 #if defined(WOLFSSL_HAVE_SP_ECC)
 
diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c
index 506ac11e0..12cfe58d8 100644
--- a/wolfcrypt/src/wc_encrypt.c
+++ b/wolfcrypt/src/wc_encrypt.c
@@ -1,6 +1,6 @@
 /* wc_encrypt.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -244,7 +244,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
 int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
     const byte* password, int passwordSz, int hashType)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 #ifdef WOLFSSL_SMALL_STACK
     byte* key      = NULL;
 #else
@@ -318,7 +318,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
 int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
     const byte* password, int passwordSz, int hashType)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 #ifdef WOLFSSL_SMALL_STACK
     byte* key      = NULL;
 #else
@@ -545,9 +545,15 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
 
                 ret =  wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
                                     iterations, (int)derivedLen, typeH, 1);
+                if (ret < 0)
+                    break;
                 if (id != PBE_SHA1_RC4_128) {
-                    ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
+                    i = ret;
+                    ret = wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
                                     saltSz, iterations, 8, typeH, 2);
+                    if (ret < 0)
+                        break;
+                    ret += i;
                 }
                 break;
             }
@@ -658,15 +664,21 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
                                                             AES_ENCRYPTION);
                     }
                     else {
+                    #ifdef HAVE_AES_DECRYPT
                         ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
                                                             AES_DECRYPTION);
+                    #else
+                        ret = NOT_COMPILED_IN;
+                    #endif
                     }
                 }
                 if (ret == 0) {
                     if (enc)
                         ret = wc_AesCbcEncrypt(aes, input, input, (word32)length);
+                    #ifdef HAVE_AES_DECRYPT
                     else
                         ret = wc_AesCbcDecrypt(aes, input, input, (word32)length);
+                    #endif
                 }
                 if (free_aes)
                     wc_AesFree(aes);
diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c
index 8d516c89d..781b93c72 100644
--- a/wolfcrypt/src/wc_kyber.c
+++ b/wolfcrypt/src/wc_kyber.c
@@ -1,6 +1,6 @@
 /* wc_kyber.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,2089 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <wolfssl/wolfcrypt/settings.h>
+/* Implementation based on FIPS 203:
+ *   https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
+ *
+ * Original implementation based on NIST 3rd Round submission package.
+ * See link at:
+ *   https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
+ */
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #error "Contact wolfSSL to get the implementation of this file"
+/* Possible Kyber options:
+ *
+ * WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM                                  Default: OFF
+ *   Uses less dynamic memory to perform key generation.
+ *   Has a small performance trade-off.
+ *   Only usable with C implementation.
+ *
+ * WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM                              Default: OFF
+ *   Uses less dynamic memory to perform encapsulation.
+ *   Affects decapsulation too as encapsulation called.
+ *   Has a small performance trade-off.
+ *   Only usable with C implementation.
+ *
+ * WOLFSSL_KYBER_NO_MAKE_KEY                                        Default: OFF
+ *   Disable the make key or key generation API.
+ *   Reduces the code size.
+ *   Turn on when only doing encapsulation.
+ *
+ * WOLFSSL_KYBER_NO_ENCAPSULATE                                     Default: OFF
+ *   Disable the encapsulation API.
+ *   Reduces the code size.
+ *   Turn on when doing make key/decapsulation.
+ *
+ * WOLFSSL_KYBER_NO_DECAPSULATE                                     Default: OFF
+ *   Disable the decapsulation API.
+ *   Reduces the code size.
+ *   Turn on when only doing encapsulation.
+ *
+ * WOLFSSL_MLKEM_CACHE_A                                           Default: OFF
+ *   Stores the matrix A during key generation for use in encapsulation when
+ *   performing decapsulation.
+ *   KyberKey is 8KB larger but decapsulation is significantly faster.
+ *   Turn on when performing make key and decapsualtion with same object.
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
 #endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/kyber.h>
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/memory.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#if defined(USE_INTEL_SPEEDUP) || \
+    (defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+    #if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+        defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+        #error "Can't use small memory with assembly optimized code"
+    #endif
+#endif
+#if defined(WOLFSSL_MLKEM_CACHE_A)
+    #if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+        defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+        #error "Can't cache A with small memory code"
+    #endif
+#endif
+
+#if defined(WOLFSSL_KYBER_NO_MAKE_KEY) && \
+    defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
+    defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+    #error "No ML-KEM operations to be built."
+#endif
+
+#ifdef WOLFSSL_WC_KYBER
+
+/******************************************************************************/
+
+/* Use SHA3-256 to generate 32-bytes of hash. */
+#define KYBER_HASH_H            kyber_hash256
+/* Use SHA3-512 to generate 64-bytes of hash. */
+#define KYBER_HASH_G            kyber_hash512
+/* Use SHAKE-256 as a key derivation function (KDF). */
+#if defined(USE_INTEL_SPEEDUP) || \
+        (defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+    #define KYBER_KDF               kyber_kdf
+#else
+    #define KYBER_KDF               wc_Shake256Hash
+#endif
+
+/******************************************************************************/
+
+/* Declare variable to make compiler not optimize code in kyber_from_msg(). */
+volatile sword16 kyber_opt_blocker = 0;
+
+/******************************************************************************/
+
+/**
+ * Initialize the Kyber key.
+ *
+ * @param  [in]   type   Type of key:
+ *                         WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024,
+ *                         KYBER512, KYBER768, KYBER1024.
+ * @param  [out]  key    Kyber key object to initialize.
+ * @param  [in]   heap   Dynamic memory hint.
+ * @param  [in]   devId  Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or type is unrecognized.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate key. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Validate type. */
+        switch (type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+        #ifndef WOLFSSL_WC_ML_KEM_512
+            /* Code not compiled in for Kyber-512. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case WC_ML_KEM_768:
+        #ifndef WOLFSSL_WC_ML_KEM_768
+            /* Code not compiled in for Kyber-768. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case WC_ML_KEM_1024:
+        #ifndef WOLFSSL_WC_ML_KEM_1024
+            /* Code not compiled in for Kyber-1024. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER_ORIGINAL
+        case KYBER512:
+        #ifndef WOLFSSL_KYBER512
+            /* Code not compiled in for Kyber-512. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case KYBER768:
+        #ifndef WOLFSSL_KYBER768
+            /* Code not compiled in for Kyber-768. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case KYBER1024:
+        #ifndef WOLFSSL_KYBER1024
+            /* Code not compiled in for Kyber-1024. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = BAD_FUNC_ARG;
+            break;
+        }
+    }
+    if (ret == 0) {
+        /* Keep type for parameters. */
+        key->type = type;
+        /* Cache heap pointer. */
+        key->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        /* Cache device id - not used in for this algorithm yet. */
+        key->devId = devId;
+    #endif
+        key->flags = 0;
+
+        /* Zero out all data. */
+        XMEMSET(&key->prf, 0, sizeof(key->prf));
+
+        /* Initialize the hash algorithm object. */
+        ret = kyber_hash_new(&key->hash, heap, devId);
+    }
+    if (ret == 0) {
+        /* Initialize the PRF algorithm object. */
+        ret = kyber_prf_new(&key->prf, heap, devId);
+    }
+    if (ret == 0) {
+        kyber_init();
+    }
+
+    (void)devId;
+
+    return ret;
+}
+
+/**
+ * Free the Kyber key object.
+ *
+ * @param  [in, out]  key   Kyber key object to dispose of.
+ */
+void wc_KyberKey_Free(KyberKey* key)
+{
+    if (key != NULL) {
+        /* Dispose of PRF object. */
+        kyber_prf_free(&key->prf);
+        /* Dispose of hash object. */
+        kyber_hash_free(&key->hash);
+        /* Ensure all private data is zeroed. */
+        ForceZero(&key->hash, sizeof(key->hash));
+        ForceZero(&key->prf, sizeof(key->prf));
+        ForceZero(key->priv, sizeof(key->priv));
+        ForceZero(key->z, sizeof(key->z));
+    }
+}
+
+/******************************************************************************/
+
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+/**
+ * Make a Kyber key object using a random number generator.
+ *
+ * FIPS 203 - Algorithm 19: ML-KEM.KeyGen()
+ * Generates an encapsulation key and a corresponding decapsulation key.
+ *   1: d <- B_32                                        >  d is 32 random bytes
+ *   2: z <- B_32                                        >  z is 32 random bytes
+ *   3: if d == NULL or z == NULL then
+ *   4:   return falsum
+ *                  > return an error indication if random bit generation failed
+ *   5: end if
+ *   6: (ek,dk) <- ML-KEM.KeyGen_Interal(d, z)
+ *                                       > run internal key generation algorithm
+ *   &: return (ek,dk)
+ *
+ * @param  [in, out]  key   Kyber key object.
+ * @param  [in]       rng   Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rng is NULL.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ * @return  RNG_FAILURE_E when  generating random numbers failed.
+ * @return  DRBG_CONT_FAILURE when random number generator health check fails.
+ */
+int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
+{
+    int ret = 0;
+    unsigned char rand[KYBER_MAKEKEY_RAND_SZ];
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Generate random to use with PRFs.
+         * Step 1: d is 32 random bytes
+         * Step 2: z is 32 random bytes
+         */
+        ret = wc_RNG_GenerateBlock(rng, rand, KYBER_SYM_SZ * 2);
+        /* Step 3: ret is not zero when d == NULL or z == NULL. */
+    }
+    if (ret == 0) {
+        /* Make a key pair from the random.
+         * Step 6. run internal key generation algorithm
+         * Step 7. public and private key are stored in key
+         */
+        ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
+    }
+
+    /* Ensure seeds are zeroized. */
+    ForceZero((void*)rand, (word32)sizeof(rand));
+
+    /* Step 4: return ret != 0 on falsum or internal key generation failure. */
+    return ret;
+}
+
+/**
+ * Make a Kyber key object using random data.
+ *
+ * FIPS 203 - Algorithm 16: ML-KEM.KeyGen_internal(d,z)
+ * Uses randomness to generate an encapsulation key and a corresponding
+ * decapsulation key.
+ *   1: (ek_PKE,dk_PKE) < K-PKE.KeyGen(d)         > run key generation for K-PKE
+ *   ...
+ *
+ * FIPS 203 - Algorithm 13: K-PKE.KeyGen(d)
+ * Uses randomness to generate an encryption key and a corresponding decryption
+ * key.
+ *   1: (rho,sigma) <- G(d||k)A
+ *                         > expand 32+1 bytes to two pseudorandom 32-byte seeds
+ *   2: N <- 0
+ *   3-7: generate matrix A_hat
+ *   8-11: generate s
+ *   12-15: generate e
+ *   16-18: calculate t_hat from A_hat, s and e
+ *   ...
+ *
+ * @param  [in, out]  key   Kyber key ovject.
+ * @param  [in]       rand  Random data.
+ * @param  [in]       len   Length of random data in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rand is NULL.
+ * @return  BUFFER_E when length is not KYBER_MAKEKEY_RAND_SZ.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
+    int len)
+{
+    byte buf[2 * KYBER_SYM_SZ + 1];
+    byte* rho = buf;
+    byte* sigma = buf + KYBER_SYM_SZ;
+#ifndef WOLFSSL_NO_MALLOC
+    sword16* e = NULL;
+#else
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+#ifndef WOLFSSL_MLKEM_CACHE_A
+    sword16 e[(KYBER_MAX_K + 1) * KYBER_MAX_K * KYBER_N];
+#else
+    sword16 e[KYBER_MAX_K * KYBER_N];
+#endif
+#else
+    sword16 e[KYBER_MAX_K * KYBER_N];
+#endif
+#endif
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+    sword16* a = NULL;
+#endif
+    sword16* s = NULL;
+    sword16* t = NULL;
+    int ret = 0;
+    int k = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rand == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != KYBER_MAKEKEY_RAND_SZ)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        key->flags = 0;
+
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    if (ret == 0) {
+        /* Allocate dynamic memory for matrix and error vector. */
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+#ifndef WOLFSSL_MLKEM_CACHE_A
+        /* e (v) | a (m) */
+        e = (sword16*)XMALLOC((k + 1) * k * KYBER_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        /* e (v) */
+        e = (sword16*)XMALLOC(k * KYBER_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#else
+        /* e (v) */
+        e = (sword16*)XMALLOC(k * KYBER_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        if (e == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        const byte* d = rand;
+
+#ifdef WOLFSSL_MLKEM_CACHE_A
+        a = key->a;
+#elif !defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM)
+        /* Matrix A allocated at end of error vector. */
+        a = e + (k * KYBER_N);
+#endif
+
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        {
+            /* Expand 32 bytes of random to 32. */
+            ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf);
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            buf[0] = k;
+            /* Expand 33 bytes of random to 32.
+             * Alg 13: Step 1: (rho,sigma) <- G(d||k)
+             */
+            ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf);
+        }
+#endif
+    }
+    if (ret == 0) {
+        const byte* z = rand + KYBER_SYM_SZ;
+        s = key->priv;
+        t = key->pub;
+
+        /* Cache the public seed for use in encapsulation and encoding public
+         * key. */
+        XMEMCPY(key->pubSeed, rho, KYBER_SYM_SZ);
+        /* Cache the z value for decapsulation and encoding private key. */
+        XMEMCPY(key->z, z, sizeof(key->z));
+
+        /* Initialize PRF for use in noise generation. */
+        kyber_prf_init(&key->prf);
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+        /* Generate noise using PRF.
+         * Alg 13: Steps 8-15: generate s and e
+         */
+        ret = kyber_get_noise(&key->prf, k, s, e, NULL, sigma);
+    }
+    if (ret == 0) {
+        /* Generate the matrix A.
+         * Alg 13: Steps 3-7
+         */
+        ret = kyber_gen_matrix(&key->prf, a, k, rho, 0);
+    }
+    if (ret == 0) {
+        /* Generate key pair from random data.
+         * Alg 13: Steps 16-18.
+         */
+        kyber_keygen(s, t, e, a, k);
+#else
+        /* Generate noise using PRF.
+         * Alg 13: Steps 8-11: generate s
+         */
+        ret = kyber_get_noise(&key->prf, k, s, NULL, NULL, sigma);
+    }
+    if (ret == 0) {
+        /* Generate key pair from private vector and seeds.
+         * Alg 13: Steps 3-7: generate matrix A_hat
+         * Alg 13: 12-15: generate e
+         * Alg 13: 16-18: calculate t_hat from A_hat, s and e
+         */
+        ret = kyber_keygen_seeds(s, t, &key->prf, e, k, rho, sigma);
+    }
+    if (ret == 0) {
+#endif
+        /* Private and public key are set/available. */
+        key->flags |= KYBER_FLAG_PRIV_SET | KYBER_FLAG_PUB_SET;
+#ifdef WOLFSSL_MLKEM_CACHE_A
+        key->flags |= KYBER_FLAG_A_SET;
+#endif
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    /* Free dynamic memory allocated in function. */
+    if (key != NULL) {
+        XFREE(e, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
+
+    return ret;
+}
+#endif /* !WOLFSSL_KYBER_NO_MAKE_KEY */
+
+/******************************************************************************/
+
+/**
+ * Get the size in bytes of cipher text for key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of cipher text in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the cipher text for the type of this key. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Size of a shared secret in bytes. Always KYBER_SS_SZ.
+ *
+ * @param  [in]   key  Kyber key object. Not used.
+ * @param  [out]  Size of the shared secret created with a Kyber key.
+ * @return  0 on success.
+ * @return  0 to indicate success.
+ */
+int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
+{
+    (void)key;
+
+    *len = KYBER_SS_SZ;
+
+    return 0;
+}
+
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+/* Encapsulate data and derive secret.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r)
+ * Uses the encryption key to encrypt a plaintext message using the randomness
+ * r.
+ *   1: N <- 0
+ *   2: t_hat <- ByteDecode_12(ek_PKE[0:384k])
+ *                                   > run ByteDecode_12 k times to decode t_hat
+ *   3: rho <- ek_PKE[384k : 384K + 32]
+ *                                            > extract 32-byte seed from ek_PKE
+ *   4-8: generate matrix A_hat
+ *   9-12: generate y
+ *   13-16: generate e_1
+ *   17: generate e_2
+ *   18-19: calculate u
+ *   20: mu <- Decompress_1(ByteDecode_1(m))
+ *   21: calculate v
+ *   22: c_1 <- ByteEncode_d_u(Compress_d_u(u))
+ *                                 > run ByteEncode_d_u and Compress_d_u k times
+ *   23: c_2 <- ByteEncode_d_v(Compress_d_v(v))
+ *   24: return c <- (c_1||c_2)
+ *
+ * @param  [in]  key  Kyber key object.
+ * @param  [in]  m    Random bytes.
+ * @param  [in]  r    Seed to feed to PRF when generating y, e1 and e2.
+ * @param  [out] c    Calculated cipher text.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+static int kyberkey_encapsulate(KyberKey* key, const byte* m, byte* r, byte* c)
+{
+    int ret = 0;
+    sword16* a = NULL;
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+    sword16* mu = NULL;
+    sword16* e1 = NULL;
+    sword16* e2 = NULL;
+#endif
+    unsigned int k = 0;
+    unsigned int compVecSz = 0;
+#ifndef WOLFSSL_NO_MALLOC
+    sword16* y = NULL;
+#else
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+    sword16 y[((KYBER_MAX_K + 3) * KYBER_MAX_K + 3) * KYBER_N];
+#else
+    sword16 y[3 * KYBER_MAX_K * KYBER_N];
+#endif
+#endif
+#ifdef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+    sword16* u;
+    sword16* v;
+#endif
+
+    /* Establish parameters based on key type. */
+    switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        k = WC_ML_KEM_512_K;
+        compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        k = WC_ML_KEM_768_K;
+        compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        k = WC_ML_KEM_1024_K;
+        compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+#ifdef WOLFSSL_KYBER512
+    case KYBER512:
+        k = KYBER512_K;
+        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER768
+    case KYBER768:
+        k = KYBER768_K;
+        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER1024
+    case KYBER1024:
+        k = KYBER1024_K;
+        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+    default:
+        /* No other values supported. */
+        ret = NOT_COMPILED_IN;
+        break;
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    if (ret == 0) {
+        /* Allocate dynamic memory for all matrices, vectors and polynomials. */
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+        y = (sword16*)XMALLOC(((k + 3) * k + 3) * KYBER_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        y = (sword16*)XMALLOC(3 * k * KYBER_N * sizeof(sword16), key->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        if (y == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+        /* Assign allocated dynamic memory to pointers.
+         * y (b) | a (m) | mu (p) | e1 (p) | e2 (v) | u (v) | v (p) */
+        a  = y  + KYBER_N * k;
+        mu = a  + KYBER_N * k * k;
+        e1 = mu + KYBER_N;
+        e2 = e1 + KYBER_N * k;
+#else
+        /* Assign allocated dynamic memory to pointers.
+         * y (v) | a (v) | u (v) */
+        a = y + KYBER_N * k;
+#endif
+
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+        /* Convert msg to a polynomial.
+         * Step 20: mu <- Decompress_1(ByteDecode_1(m)) */
+        kyber_from_msg(mu, m);
+
+        /* Initialize the PRF for use in the noise generation. */
+        kyber_prf_init(&key->prf);
+        /* Generate noise using PRF.
+         * Steps 9-17: generate y, e_1, e_2
+         */
+        ret = kyber_get_noise(&key->prf, k, y, e1, e2, r);
+    }
+#ifdef WOLFSSL_MLKEM_CACHE_A
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_A_SET) != 0)) {
+        unsigned int i;
+        /* Transpose matrix.
+         *   Steps 4-8: generate matrix A_hat (from original) */
+        for (i = 0; i < k; i++) {
+            unsigned int j;
+            for (j = 0; j < k; j++) {
+                XMEMCPY(&a[(i * k + j) * KYBER_N],
+                        &key->a[(j * k + i) * KYBER_N],
+                        KYBER_N * 2);
+            }
+        }
+    }
+    else
+#endif
+    if (ret == 0) {
+        /* Generate the transposed matrix.
+         *   Step 4-8: generate matrix A_hat */
+        ret = kyber_gen_matrix(&key->prf, a, k, key->pubSeed, 1);
+    }
+    if (ret == 0) {
+        sword16* u;
+        sword16* v;
+
+        /* Assign remaining allocated dynamic memory to pointers.
+         * y (v) | a (m) | mu (p) | e1 (p) | r2 (v) | u (v) | v (p)*/
+        u  = e2 + KYBER_N;
+        v  = u  + KYBER_N * k;
+
+        /* Perform encapsulation maths.
+         *   Steps 18-19, 21: calculate u and v */
+        kyber_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k);
+#else
+        /* Initialize the PRF for use in the noise generation. */
+        kyber_prf_init(&key->prf);
+        /* Generate noise using PRF.
+         * Steps 9-12: generate y */
+        ret = kyber_get_noise(&key->prf, k, y, NULL, NULL, r);
+    }
+    if (ret == 0) {
+        /* Assign remaining allocated dynamic memory to pointers.
+         * y (v) | at (v) | u (v) */
+        u  = a + KYBER_N * k;
+        v  = a;
+
+        /* Perform encapsulation maths.
+         *   Steps 13-17: generate e_1 and e_2
+         *   Steps 18-19, 21: calculate u and v */
+        ret = kyber_encapsulate_seeds(key->pub, &key->prf, u, a, y, k, m,
+            key->pubSeed, r);
+    }
+    if (ret == 0) {
+#endif
+        byte* c1 = c;
+        byte* c2 = c + compVecSz;
+
+    #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+        if (k == KYBER512_K) {
+            /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
+            kyber_vec_compress_10(c1, u, k);
+            /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
+            kyber_compress_4(c2, v);
+            /* Step 24: return c <- (c_1||c_2) */
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+        if (k == KYBER768_K) {
+            /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
+            kyber_vec_compress_10(c1, u, k);
+            /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
+            kyber_compress_4(c2, v);
+            /* Step 24: return c <- (c_1||c_2) */
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+        if (k == KYBER1024_K) {
+            /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
+            kyber_vec_compress_11(c1, u);
+            /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
+            kyber_compress_5(c2, v);
+            /* Step 24: return c <- (c_1||c_2) */
+        }
+    #endif
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    /* Dispose of dynamic memory allocated in function. */
+    XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+/**
+ * Encapsulate with random number generator and derive secret.
+ *
+ * FIPS 203, Algorithm 20: ML-KEM.Encaps(ek)
+ * Uses the encapsulation key to generate a shared secret key and an associated
+ * ciphertext.
+ *   1: m <- B_32                                         > m is 32 random bytes
+ *   2: if m == NULL then
+ *   3:     return falsum
+ *   4: end if
+ *   5: (K,c) <- ML-KEM.Encaps_internal(ek,m)
+ *                                        > run internal encapsulation algorithm
+ *   6: return (K,c)
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  c    Cipher text.
+ * @param  [out]  k    Shared secret generated.
+ * @param  [in]   rng  Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ct, ss or RNG is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* c, unsigned char* k,
+    WC_RNG* rng)
+{
+    int ret = 0;
+    unsigned char m[KYBER_ENC_RAND_SZ];
+
+    /* Validate parameters. */
+    if ((key == NULL) || (c == NULL) || (k == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Generate seed for use with PRFs.
+         * Step 1: m is 32 random bytes
+         */
+        ret = wc_RNG_GenerateBlock(rng, m, sizeof(m));
+        /* Step 2: ret is not zero when m == NULL. */
+    }
+    if (ret == 0) {
+        /* Encapsulate with the random.
+         * Step 5: run internal encapsulation algorithm
+         */
+        ret = wc_KyberKey_EncapsulateWithRandom(key, c, k, m, sizeof(m));
+    }
+
+    /* Step 3: return ret != 0 on falsum or internal key generation failure. */
+    return ret;
+}
+
+/**
+ * Encapsulate with random data and derive secret.
+ *
+ * FIPS 203, Algorithm 17: ML-KEM.Encaps_internal(ek, m)
+ * Uses the encapsulation key and randomness to generate a key and an associated
+ * ciphertext.
+ *   Step 1: (K,r) <- G(m||H(ek))
+ *                                 > derive shared secret key K and randomness r
+ *   Step 2: c <- K-PPKE.Encrypt(ek, m, r)
+ *                                     > encrypt m using K-PKE with randomness r
+ *   Step 3: return (K,c)
+ *
+ * @param  [out]  c    Cipher text.
+ * @param  [out]  k    Shared secret generated.
+ * @param  [in]   m    Random bytes.
+ * @param  [in]   len  Length of random bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, c, k or RNG is NULL.
+ * @return  BUFFER_E when len is not KYBER_ENC_RAND_SZ.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* c,
+    unsigned char* k, const unsigned char* m, int len)
+{
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    byte msg[KYBER_SYM_SZ];
+#endif
+    byte kr[2 * KYBER_SYM_SZ + 1];
+    int ret = 0;
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    unsigned int cSz = 0;
+#endif
+
+    /* Validate parameters. */
+    if ((key == NULL) || (c == NULL) || (k == NULL) || (m == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != KYBER_ENC_RAND_SZ)) {
+        ret = BUFFER_E;
+    }
+
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+    #endif
+            break;
+#endif
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            cSz = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            cSz = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            cSz = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+#endif
+
+    /* If public hash (h) is not stored against key, calculate it
+     * (fields set explicitly instead of using decode).
+     * Step 1: ... H(ek)...
+     */
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
+    #ifndef WOLFSSL_NO_MALLOC
+        byte* pubKey = NULL;
+        word32 pubKeyLen;
+    #else
+        byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE];
+        word32 pubKeyLen = KYBER_MAX_PUBLIC_KEY_SIZE;
+    #endif
+
+    #ifndef WOLFSSL_NO_MALLOC
+        /* Determine how big an encoded public key will be. */
+        ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen);
+        if (ret == 0) {
+            /* Allocate dynamic memory for encoded public key. */
+            pubKey = (byte*)XMALLOC(pubKeyLen, key->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (pubKey == NULL) {
+                ret = MEMORY_E;
+            }
+        }
+        if (ret == 0) {
+    #endif
+            /* Encode public key - h is hash of encoded public key. */
+            ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen);
+    #ifndef WOLFSSL_NO_MALLOC
+        }
+        /* Dispose of encoded public key. */
+        XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+     #endif
+    }
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
+        /* Implementation issue if h not cached and flag set. */
+        ret = BAD_STATE_E;
+    }
+
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    if (ret == 0) {
+#ifndef WOLFSSL_NO_ML_KEM
+        if (key->type & KYBER_ORIGINAL)
+#endif
+        {
+            /* Hash random to anonymize as seed data. */
+            ret = KYBER_HASH_H(&key->hash, m, KYBER_SYM_SZ, msg);
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Hash message into seed buffer. */
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        {
+            ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h,
+                KYBER_SYM_SZ, kr);
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            /* Step 1: (K,r) <- G(m||H(ek)) */
+            ret = KYBER_HASH_G(&key->hash, m, KYBER_SYM_SZ, key->h,
+                KYBER_SYM_SZ, kr);
+        }
+#endif
+    }
+
+    if (ret == 0) {
+        /* Encapsulate the message using the key and the seed. */
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        {
+            ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, c);
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            /* Step 2: c <- K-PKE.Encrypt(ek,m,r) */
+            ret = kyberkey_encapsulate(key, m, kr + KYBER_SYM_SZ, c);
+        }
+#endif
+    }
+
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+    if (key->type & KYBER_ORIGINAL)
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    {
+        if (ret == 0) {
+            /* Hash the cipher text after the seed. */
+            ret = KYBER_HASH_H(&key->hash, c, cSz, kr + KYBER_SYM_SZ);
+        }
+        if (ret == 0) {
+            /* Derive the secret from the seed and hash of cipher text. */
+            ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, k, KYBER_SS_SZ);
+        }
+    }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    {
+        if (ret == 0) {
+            /* return (K,c) */
+            XMEMCPY(k, kr, KYBER_SS_SZ);
+        }
+    }
+#endif
+
+    return ret;
+}
+#endif /* !WOLFSSL_KYBER_NO_ENCAPSULATE */
+
+/******************************************************************************/
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+/* Decapsulate cipher text to the message using key.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   1: c1 <- c[0 : 32.d_u.k]
+ *   2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)]
+ *   3: u' <= Decompress_d_u(ByteDecode_d_u(c1))
+ *   4: v' <= Decompress_d_v(ByteDecode_d_v(c2))
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   7: m <- ByteEncode_1(Compress_1(w))
+ *   8: return m
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  m    Message than was encapsulated.
+ * @param  [in]   c    Cipher text.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, byte* m,
+    const byte* c)
+{
+    int ret = 0;
+    sword16* v;
+    sword16* w;
+    unsigned int k = 0;
+    unsigned int compVecSz;
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    sword16* u = NULL;
+#else
+    sword16 u[(KYBER_MAX_K + 1) * KYBER_N];
+#endif
+
+    /* Establish parameters based on key type. */
+    switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        k = WC_ML_KEM_512_K;
+        compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        k = WC_ML_KEM_768_K;
+        compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        k = WC_ML_KEM_1024_K;
+        compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+#ifdef WOLFSSL_KYBER512
+    case KYBER512:
+        k = KYBER512_K;
+        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER768
+    case KYBER768:
+        k = KYBER768_K;
+        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER1024
+    case KYBER1024:
+        k = KYBER1024_K;
+        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+    default:
+        /* No other values supported. */
+        ret = NOT_COMPILED_IN;
+        break;
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    if (ret == 0) {
+        /* Allocate dynamic memory for a vector and a polynomial. */
+        u = (sword16*)XMALLOC((k + 1) * KYBER_N * sizeof(sword16), key->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (u == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Step 1: c1 <- c[0 : 32.d_u.k] */
+        const byte* c1 = c;
+        /* Step 2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)] */
+        const byte* c2 = c + compVecSz;
+
+        /* Assign allocated dynamic memory to pointers.
+         * u (v) | v (p) */
+        v = u + k * KYBER_N;
+        w = u;
+
+    #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+        if (k == KYBER512_K) {
+            /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */
+            kyber_vec_decompress_10(u, c1, k);
+            /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */
+            kyber_decompress_4(v, c2);
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+        if (k == KYBER768_K) {
+            /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */
+            kyber_vec_decompress_10(u, c1, k);
+            /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */
+            kyber_decompress_4(v, c2);
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+        if (k == KYBER1024_K) {
+            /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */
+            kyber_vec_decompress_11(u, c1);
+            /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */
+            kyber_decompress_5(v, c2);
+        }
+    #endif
+
+        /* Decapsulate the cipher text into polynomial.
+         * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
+        kyber_decapsulate(key->priv, w, u, v, k);
+
+        /* Convert the polynomial into a array of bytes (message).
+         * Step 7: m <- ByteEncode_1(Compress_1(w)) */
+        kyber_to_msg(m, w);
+        /* Step 8: return m */
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of dynamically memory allocated in function. */
+    XFREE(u, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#ifndef WOLFSSL_NO_ML_KEM
+/* Derive the secret from z and cipher text.
+ *
+ * @param [in]  z     Implicit rejection value.
+ * @param [in]  ct    Cipher text.
+ * @param [in]  ctSz  Length of cipher text in bytes.
+ * @param [out] ss    Shared secret.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ * @return  Other negative when a hash error occurred.
+ */
+static int kyber_derive_secret(const byte* z, const byte* ct, word32 ctSz,
+    byte* ss)
+{
+    int ret;
+    wc_Shake shake;
+
+    ret = wc_InitShake256(&shake, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_Shake256_Update(&shake, z, KYBER_SYM_SZ);
+        if (ret == 0) {
+            ret = wc_Shake256_Update(&shake, ct, ctSz);
+        }
+        if (ret == 0) {
+            ret = wc_Shake256_Final(&shake, ss, KYBER_SS_SZ);
+        }
+        wc_Shake256_Free(&shake);
+    }
+
+    return ret;
+}
+#endif
+
+/**
+ * Decapsulate the cipher text to calculate the shared secret.
+ *
+ * Validates the cipher text by encapsulating and comparing with data passed in.
+ *
+ * FIPS 203, Algorithm 21: ML-KEM.Decaps(dk, c)
+ * Uses the decapsulation key to produce a shared secret key from a ciphertext.
+ *   1: K' <- ML-KEM.Decaps_internal(dk,c)
+ *                                        > run internal decapsulation algorithm
+ *   2: return K'
+ *
+ * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c)
+ * Uses the decapsulation key to produce a shared secret key from a ciphertext.
+ *   ...
+ *   1: dk_PKE <- dk[0 : 384k]
+ *                        > extract (from KEM decaps key) the PKE decryption key
+ *   2: ek_PKE <- dk[384k : 768l + 32]
+ *                                                  > extract PKE encryption key
+ *   3: h <- dk[768K + 32 : 768k + 64]
+ *                                          > extract hash of PKE encryption key
+ *   4: z <- dk[768K + 64 : 768k + 96]
+ *                                            > extract implicit rejection value
+ *   5: m' <- K-PKE.Decrypt(dk_PKE, c)                      > decrypt ciphertext
+ *   6: (K', r') <- G(m'||h)
+ *   7: K_bar <- J(z||c)
+ *   8: c' <- K-PKE.Encrypt(ek_PKE, m', r')
+ *                                  > re-encrypt using the derived randomness r'
+ *   9: if c != c' then
+ *  10:      K' <= K_bar
+ *                            > if ciphertexts do not match, "implicitly reject"
+ *  11: end if
+ *  12: return K'
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  ss   Shared secret.
+ * @param  [in]   ct   Cipher text.
+ * @param  [in]   len  Length of cipher text.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ss or cr are NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the length of cipher text for the key type.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
+    const unsigned char* ct, word32 len)
+{
+    byte msg[KYBER_SYM_SZ];
+    byte kr[2 * KYBER_SYM_SZ + 1];
+    int ret = 0;
+    unsigned int ctSz = 0;
+    unsigned int i = 0;
+    int fail = 0;
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    byte* cmp = NULL;
+#else
+    byte cmp[KYBER_MAX_CIPHER_TEXT_SIZE];
+#endif
+
+    /* Validate parameters. */
+    if ((key == NULL) || (ss == NULL) || (ct == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish cipher text size based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            ctSz = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            ctSz = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            ctSz = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    /* Ensure the cipher text passed in is the correct size. */
+    if ((ret == 0) && (len != ctSz)) {
+        ret = BUFFER_E;
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    if (ret == 0) {
+        /* Allocate memory for cipher text that is generated. */
+        cmp = (byte*)XMALLOC(ctSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cmp == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Decapsulate the cipher text. */
+        ret = kyberkey_decapsulate(key, msg, ct);
+    }
+    if (ret == 0) {
+        /* Hash message into seed buffer. */
+        ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
+            kr);
+    }
+    if (ret == 0) {
+        /* Encapsulate the message. */
+        ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, cmp);
+    }
+    if (ret == 0) {
+        /* Compare generated cipher text with that passed in. */
+        fail = kyber_cmp(ct, cmp, ctSz);
+
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & KYBER_ORIGINAL)
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+        {
+            /* Hash the cipher text after the seed. */
+            ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
+            if (ret == 0) {
+                /* Change seed to z on comparison failure. */
+                for (i = 0; i < KYBER_SYM_SZ; i++) {
+                    kr[i] ^= (kr[i] ^ key->z[i]) & fail;
+                }
+
+                /* Derive the secret from the seed and hash of cipher text. */
+                ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
+            }
+        }
+#endif
+#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            ret = kyber_derive_secret(key->z, ct, ctSz, msg);
+            if (ret == 0) {
+               /* Set secret to kr or fake secret on comparison failure. */
+               for (i = 0; i < KYBER_SYM_SZ; i++) {
+                   ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail);
+               }
+            }
+        }
+#endif
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of dynamic memory allocated in function. */
+    if (key != NULL) {
+        XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_KYBER_NO_DECAPSULATE */
+
+/******************************************************************************/
+
+/**
+ * Get the public key and public seed from bytes.
+ *
+ * FIPS 203, Algorithm 14 K-PKE.Encrypt(ek_PKE, m, r)
+ *   ...
+ *   2: t <- ByteDecode_12(ek_PKE[0 : 384k])
+ *   3: rho <- ek_PKE[384k :  384k + 32]
+ *   ...
+ *
+ * @param [out] pub      Public key - vector.
+ * @param [out] pubSeed  Public seed.
+ * @param [in]  p        Public key data.
+ * @param [in]  k        Number of polynomials in vector.
+ */
+static void kyberkey_decode_public(sword16* pub, byte* pubSeed, const byte* p,
+    unsigned int k)
+{
+    unsigned int i;
+
+    /* Decode public key that is vector of polynomials.
+     * Step 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) */
+    kyber_from_bytes(pub, p, k);
+    p += k * KYBER_POLY_SIZE;
+
+    /* Read public key seed.
+     * Step 3: rho <- ek_PKE[384k :  384k + 32] */
+    for (i = 0; i < KYBER_SYM_SZ; i++) {
+        pubSeed[i] = p[i];
+    }
+}
+
+/**
+ * Decode the private key.
+ *
+ * Private Vector | Public Key | Public Hash | Randomizer
+ *
+ * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c)
+ *   1: dk_PKE <- dk[0 : 384k]
+ *                        > extract (from KEM decaps key) the PKE decryption key
+ *   2: ek_PKE <- dk[384k : 768l + 32]
+ *                                                  > extract PKE encryption key
+ *   3: h <- dk[768K + 32 : 768k + 64]
+ *                                          > extract hash of PKE encryption key
+ *   4: z <- dk[768K + 64 : 768k + 96]
+ *                                            > extract implicit rejection value
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE, c)
+ *   ...
+ *   5: s_hat <= ByteDecode_12(dk_PKE)
+ *   ...
+ *
+ * @param  [in, out]  key  Kyber key object.
+ * @param  [in]       in   Buffer holding encoded key.
+ * @param  [in]       len  Length of data in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the correct size.
+ */
+int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
+    word32 len)
+{
+    int ret = 0;
+    word32 privLen = 0;
+    word32 pubLen = 0;
+    unsigned int k = 0;
+    const unsigned char* p = in;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            privLen = KYBER512_PRIVATE_KEY_SIZE;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            privLen = KYBER768_PRIVATE_KEY_SIZE;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            privLen = KYBER1024_PRIVATE_KEY_SIZE;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Ensure the data is the correct length for the key type. */
+    if ((ret == 0) && (len != privLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Decode private key that is vector of polynomials.
+         * Alg 18 Step 1: dk_PKE <- dk[0 : 384k]
+         * Alg 15 Step 5: s_hat <- ByteDecode_12(dk_PKE) */
+        kyber_from_bytes(key->priv, p, k);
+        p += k * KYBER_POLY_SIZE;
+
+        /* Decode the public key that is after the private key. */
+        kyberkey_decode_public(key->pub, key->pubSeed, p, k);
+        p += pubLen;
+
+        /* Copy the hash of the encoded public key that is after public key. */
+        XMEMCPY(key->h, p, sizeof(key->h));
+        p += KYBER_SYM_SZ;
+        /* Copy the z (randomizer) that is after hash. */
+        XMEMCPY(key->z, p, sizeof(key->z));
+
+        /* Set flags */
+        key->flags |= KYBER_FLAG_H_SET | KYBER_FLAG_BOTH_SET;
+    }
+
+    return ret;
+}
+
+/**
+ * Decode public key.
+ *
+ * Public vector | Public Seed
+ *
+ * @param  [in, out]  key  Kyber key object.
+ * @param  [in]       in   Buffer holding encoded key.
+ * @param  [in]       len  Length of data in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the correct size.
+ */
+int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
+    word32 len)
+{
+    int ret = 0;
+    word32 pubLen = 0;
+    unsigned int k = 0;
+    const unsigned char* p = in;
+
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Ensure the data is the correct length for the key type. */
+    if ((ret == 0) && (len != pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        kyberkey_decode_public(key->pub, key->pubSeed, p, k);
+
+        /* Calculate public hash. */
+        ret = KYBER_HASH_H(&key->hash, in, len, key->h);
+    }
+    if (ret == 0) {
+        /* Record public key and public hash set. */
+        key->flags |= KYBER_FLAG_PUB_SET | KYBER_FLAG_H_SET;
+    }
+
+    return ret;
+}
+
+/**
+ * Get the size in bytes of encoded private key for the key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of encoded private key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the encoded private key for the type of this
+         * key. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Get the size in bytes of encoded public key for the key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of encoded public key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the encoded public key for the type of this
+         * key. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Encode the private key.
+ *
+ * Private Vector | Public Key | Public Hash | Randomizer
+ *
+ * FIPS 203, Algorithm 16: ML-KEM.KeyGen_internal(d,z)
+ *   ...
+ *   3: dk <- (dk_PKE||ek||H(ek)||z)
+ *   ...
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   20: dk_PKE  <- ByteEncode_12(s_hat)
+ *   ...
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  out  Buffer to hold data.
+ * @param  [in]   len  Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or out is NULL or private/public key not
+ * available.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
+{
+    int ret = 0;
+    unsigned int k = 0;
+    unsigned int pubLen = 0;
+    unsigned int privLen = 0;
+    unsigned char* p = out;
+
+    if ((key == NULL) || (out == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            ((key->flags & KYBER_FLAG_BOTH_SET) != KYBER_FLAG_BOTH_SET)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            privLen = KYBER512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            privLen = KYBER768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            privLen = KYBER1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Check buffer is big enough for encoding. */
+    if ((ret == 0) && (len != privLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Encode private key that is vector of polynomials. */
+        kyber_to_bytes(p, key->priv, k);
+        p += KYBER_POLY_SIZE * k;
+
+        /* Encode public key. */
+        ret = wc_KyberKey_EncodePublicKey(key, p, pubLen);
+        p += pubLen;
+    }
+    /* Ensure hash of public key is available. */
+    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
+        ret = KYBER_HASH_H(&key->hash, p - pubLen, pubLen, key->h);
+    }
+    if (ret == 0) {
+        /* Public hash is available. */
+        key->flags |= KYBER_FLAG_H_SET;
+        /* Append public hash. */
+        XMEMCPY(p, key->h, sizeof(key->h));
+        p += KYBER_SYM_SZ;
+        /* Append z (randomizer). */
+        XMEMCPY(p, key->z, sizeof(key->z));
+    }
+
+    return ret;
+}
+
+/**
+ * Encode the public key.
+ *
+ * Public vector | Public Seed
+ *
+ * FIPS 203, Algorithm 16: ML-KEM.KeyGen_internal(d,z)
+ *   ...
+ *   2: ek <- ek_PKE
+ *   ...
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   19: ek_PKE  <- ByteEncode_12(t_hat)||rho
+ *   ...
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  out  Buffer to hold data.
+ * @param  [in]   len  Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or out is NULL or public key not available.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
+{
+    int ret = 0;
+    unsigned int k = 0;
+    unsigned int pubLen = 0;
+    unsigned char* p = out;
+
+    if ((key == NULL) || (out == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            ((key->flags & KYBER_FLAG_PUB_SET) != KYBER_FLAG_PUB_SET)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Check buffer is big enough for encoding. */
+    if ((ret == 0) && (len != pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        int i;
+
+        /* Encode public key polynomial by polynomial. */
+        kyber_to_bytes(p, key->pub, k);
+        p += k * KYBER_POLY_SIZE;
+
+        /* Append public seed. */
+        for (i = 0; i < KYBER_SYM_SZ; i++) {
+            p[i] = key->pubSeed[i];
+        }
+
+        /* Make sure public hash is set. */
+        if ((key->flags & KYBER_FLAG_H_SET) == 0) {
+            ret = KYBER_HASH_H(&key->hash, out, len, key->h);
+        }
+    }
+    if (ret == 0) {
+        /* Public hash is set. */
+        key->flags |= KYBER_FLAG_H_SET;
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_WC_KYBER */
diff --git a/wolfcrypt/src/wc_kyber_asm.S b/wolfcrypt/src/wc_kyber_asm.S
index 599400b32..b51c3d5d1 100644
--- a/wolfcrypt/src/wc_kyber_asm.S
+++ b/wolfcrypt/src/wc_kyber_asm.S
@@ -1,6 +1,6 @@
-/* wc_kyber_asm.S
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+/* wc_kyber_asm.S */
+/*
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,27951 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_USER_SETTINGS
+#ifdef WOLFSSL_USER_SETTINGS_ASM
+/*
+ * user_settings_asm.h is a file generated by the script user_settings_asm.sh.
+ * The script takes in a user_settings.h and produces user_settings_asm.h, which
+ * is a stripped down version of user_settings.h containing only preprocessor
+ * directives. This makes the header safe to include in assembly (.S) files.
+ */
+#include "user_settings_asm.h"
+#else
+/*
+ * Note: if user_settings.h contains any C code (e.g. a typedef or function
+ * prototype), including it here in an assembly (.S) file will cause an
+ * assembler failure. See user_settings_asm.h above.
+ */
+#include "user_settings.h"
+#endif /* WOLFSSL_USER_SETTINGS_ASM */
+#endif /* WOLFSSL_USER_SETTINGS */
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #error "Contact wolfSSL to get the implementation of this file"
+#ifndef HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX1
+#endif /* HAVE_INTEL_AVX1 */
+#ifndef NO_AVX2_SUPPORT
+#define HAVE_INTEL_AVX2
+#endif /* NO_AVX2_SUPPORT */
+
+#ifdef WOLFSSL_WC_KYBER
+#ifdef HAVE_INTEL_AVX2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_qinv:
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+.value	0xf301,0xf301
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_f:
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+.value	0x549,0x549
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_f_qinv:
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+.value	0x5049,0x5049
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+kyber_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_avx2_zetas:
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0xa0b,0xa0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0x7b0b,0x7b0b
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0xb9a,0xb9a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x399a,0x399a
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x5d5,0x5d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x34d5,0x34d5
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0x58e,0x58e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xcf8e,0xcf8e
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xc56,0xc56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0xae56,0xae56
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x26e,0x26e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x6c6e,0x6c6e
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0x629,0x629
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xf129,0xf129
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xb6,0xb6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0xc2b6,0xc2b6
+.value	0x23d,0x23d
+.value	0x23d,0x23d
+.value	0x23d,0x23d
+.value	0x23d,0x23d
+.value	0x7d4,0x7d4
+.value	0x7d4,0x7d4
+.value	0x7d4,0x7d4
+.value	0x7d4,0x7d4
+.value	0xe93d,0xe93d
+.value	0xe93d,0xe93d
+.value	0xe93d,0xe93d
+.value	0xe93d,0xe93d
+.value	0x43d4,0x43d4
+.value	0x43d4,0x43d4
+.value	0x43d4,0x43d4
+.value	0x43d4,0x43d4
+.value	0x108,0x108
+.value	0x108,0x108
+.value	0x108,0x108
+.value	0x108,0x108
+.value	0x17f,0x17f
+.value	0x17f,0x17f
+.value	0x17f,0x17f
+.value	0x17f,0x17f
+.value	0x9908,0x9908
+.value	0x9908,0x9908
+.value	0x9908,0x9908
+.value	0x9908,0x9908
+.value	0x8e7f,0x8e7f
+.value	0x8e7f,0x8e7f
+.value	0x8e7f,0x8e7f
+.value	0x8e7f,0x8e7f
+.value	0x4c7,0x4c7
+.value	0x4c7,0x4c7
+.value	0x28c,0x28c
+.value	0x28c,0x28c
+.value	0xad9,0xad9
+.value	0xad9,0xad9
+.value	0x3f7,0x3f7
+.value	0x3f7,0x3f7
+.value	0xe9c7,0xe9c7
+.value	0xe9c7,0xe9c7
+.value	0xe68c,0xe68c
+.value	0xe68c,0xe68c
+.value	0x5d9,0x5d9
+.value	0x5d9,0x5d9
+.value	0x78f7,0x78f7
+.value	0x78f7,0x78f7
+.value	0x7f4,0x7f4
+.value	0x7f4,0x7f4
+.value	0x5d3,0x5d3
+.value	0x5d3,0x5d3
+.value	0xbe7,0xbe7
+.value	0xbe7,0xbe7
+.value	0x6f9,0x6f9
+.value	0x6f9,0x6f9
+.value	0xa3f4,0xa3f4
+.value	0xa3f4,0xa3f4
+.value	0x4ed3,0x4ed3
+.value	0x4ed3,0x4ed3
+.value	0x50e7,0x50e7
+.value	0x50e7,0x50e7
+.value	0x61f9,0x61f9
+.value	0x61f9,0x61f9
+.value	0x9c4,0x9c4
+.value	0x9c4,0x9c4
+.value	0x9c4,0x9c4
+.value	0x9c4,0x9c4
+.value	0x5b2,0x5b2
+.value	0x5b2,0x5b2
+.value	0x5b2,0x5b2
+.value	0x5b2,0x5b2
+.value	0x15c4,0x15c4
+.value	0x15c4,0x15c4
+.value	0x15c4,0x15c4
+.value	0x15c4,0x15c4
+.value	0xfbb2,0xfbb2
+.value	0xfbb2,0xfbb2
+.value	0xfbb2,0xfbb2
+.value	0xfbb2,0xfbb2
+.value	0x6bf,0x6bf
+.value	0x6bf,0x6bf
+.value	0x6bf,0x6bf
+.value	0x6bf,0x6bf
+.value	0xc7f,0xc7f
+.value	0xc7f,0xc7f
+.value	0xc7f,0xc7f
+.value	0xc7f,0xc7f
+.value	0x53bf,0x53bf
+.value	0x53bf,0x53bf
+.value	0x53bf,0x53bf
+.value	0x53bf,0x53bf
+.value	0x997f,0x997f
+.value	0x997f,0x997f
+.value	0x997f,0x997f
+.value	0x997f,0x997f
+.value	0x204,0x204
+.value	0x204,0x204
+.value	0xcf9,0xcf9
+.value	0xcf9,0xcf9
+.value	0xbc1,0xbc1
+.value	0xbc1,0xbc1
+.value	0xa67,0xa67
+.value	0xa67,0xa67
+.value	0xce04,0xce04
+.value	0xce04,0xce04
+.value	0x67f9,0x67f9
+.value	0x67f9,0x67f9
+.value	0x3ec1,0x3ec1
+.value	0x3ec1,0x3ec1
+.value	0xcf67,0xcf67
+.value	0xcf67,0xcf67
+.value	0x6af,0x6af
+.value	0x6af,0x6af
+.value	0x877,0x877
+.value	0x877,0x877
+.value	0x7e,0x7e
+.value	0x7e,0x7e
+.value	0x5bd,0x5bd
+.value	0x5bd,0x5bd
+.value	0x23af,0x23af
+.value	0x23af,0x23af
+.value	0xfd77,0xfd77
+.value	0xfd77,0xfd77
+.value	0x9a7e,0x9a7e
+.value	0x9a7e,0x9a7e
+.value	0x6cbd,0x6cbd
+.value	0x6cbd,0x6cbd
+.value	0x8b2,0x8b2
+.value	0x1ae,0x1ae
+.value	0x22b,0x22b
+.value	0x34b,0x34b
+.value	0x81e,0x81e
+.value	0x367,0x367
+.value	0x60e,0x60e
+.value	0x69,0x69
+.value	0xfeb2,0xfeb2
+.value	0x2bae,0x2bae
+.value	0xd32b,0xd32b
+.value	0x344b,0x344b
+.value	0x821e,0x821e
+.value	0xc867,0xc867
+.value	0x500e,0x500e
+.value	0xab69,0xab69
+.value	0x1a6,0x1a6
+.value	0x24b,0x24b
+.value	0xb1,0xb1
+.value	0xc16,0xc16
+.value	0xbde,0xbde
+.value	0xb35,0xb35
+.value	0x626,0x626
+.value	0x675,0x675
+.value	0x93a6,0x93a6
+.value	0x334b,0x334b
+.value	0x3b1,0x3b1
+.value	0xee16,0xee16
+.value	0xc5de,0xc5de
+.value	0x5a35,0x5a35
+.value	0x1826,0x1826
+.value	0x1575,0x1575
+.value	0xc0b,0xc0b
+.value	0x30a,0x30a
+.value	0x487,0x487
+.value	0xc6e,0xc6e
+.value	0x9f8,0x9f8
+.value	0x5cb,0x5cb
+.value	0xaa7,0xaa7
+.value	0x45f,0x45f
+.value	0x7d0b,0x7d0b
+.value	0x810a,0x810a
+.value	0x2987,0x2987
+.value	0x766e,0x766e
+.value	0x71f8,0x71f8
+.value	0xb6cb,0xb6cb
+.value	0x8fa7,0x8fa7
+.value	0x315f,0x315f
+.value	0x6cb,0x6cb
+.value	0x284,0x284
+.value	0x999,0x999
+.value	0x15d,0x15d
+.value	0x1a2,0x1a2
+.value	0x149,0x149
+.value	0xc65,0xc65
+.value	0xcb6,0xcb6
+.value	0xb7cb,0xb7cb
+.value	0x4e84,0x4e84
+.value	0x4499,0x4499
+.value	0x485d,0x485d
+.value	0xc7a2,0xc7a2
+.value	0x4c49,0x4c49
+.value	0xeb65,0xeb65
+.value	0xceb6,0xceb6
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x714,0x714
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x314,0x314
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x11f,0x11f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0x6e1f,0x6e1f
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xca,0xca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0xbeca,0xbeca
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x3c2,0x3c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x29c2,0x29c2
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x84f,0x84f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x54f,0x54f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0x73f,0x73f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0xd43f,0xd43f
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x5bc,0x5bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0x79bc,0x79bc
+.value	0xa58,0xa58
+.value	0xa58,0xa58
+.value	0xa58,0xa58
+.value	0xa58,0xa58
+.value	0x3f9,0x3f9
+.value	0x3f9,0x3f9
+.value	0x3f9,0x3f9
+.value	0x3f9,0x3f9
+.value	0x9258,0x9258
+.value	0x9258,0x9258
+.value	0x9258,0x9258
+.value	0x9258,0x9258
+.value	0x5ef9,0x5ef9
+.value	0x5ef9,0x5ef9
+.value	0x5ef9,0x5ef9
+.value	0x5ef9,0x5ef9
+.value	0x2dc,0x2dc
+.value	0x2dc,0x2dc
+.value	0x2dc,0x2dc
+.value	0x2dc,0x2dc
+.value	0x260,0x260
+.value	0x260,0x260
+.value	0x260,0x260
+.value	0x260,0x260
+.value	0xd6dc,0xd6dc
+.value	0xd6dc,0xd6dc
+.value	0xd6dc,0xd6dc
+.value	0xd6dc,0xd6dc
+.value	0x2260,0x2260
+.value	0x2260,0x2260
+.value	0x2260,0x2260
+.value	0x2260,0x2260
+.value	0x9ac,0x9ac
+.value	0x9ac,0x9ac
+.value	0xca7,0xca7
+.value	0xca7,0xca7
+.value	0xbf2,0xbf2
+.value	0xbf2,0xbf2
+.value	0x33e,0x33e
+.value	0x33e,0x33e
+.value	0x4dac,0x4dac
+.value	0x4dac,0x4dac
+.value	0x91a7,0x91a7
+.value	0x91a7,0x91a7
+.value	0xc1f2,0xc1f2
+.value	0xc1f2,0xc1f2
+.value	0xdd3e,0xdd3e
+.value	0xdd3e,0xdd3e
+.value	0x6b,0x6b
+.value	0x6b,0x6b
+.value	0x774,0x774
+.value	0x774,0x774
+.value	0xc0a,0xc0a
+.value	0xc0a,0xc0a
+.value	0x94a,0x94a
+.value	0x94a,0x94a
+.value	0x916b,0x916b
+.value	0x916b,0x916b
+.value	0x2374,0x2374
+.value	0x2374,0x2374
+.value	0x8a0a,0x8a0a
+.value	0x8a0a,0x8a0a
+.value	0x474a,0x474a
+.value	0x474a,0x474a
+.value	0x6fb,0x6fb
+.value	0x6fb,0x6fb
+.value	0x6fb,0x6fb
+.value	0x6fb,0x6fb
+.value	0x19b,0x19b
+.value	0x19b,0x19b
+.value	0x19b,0x19b
+.value	0x19b,0x19b
+.value	0x47fb,0x47fb
+.value	0x47fb,0x47fb
+.value	0x47fb,0x47fb
+.value	0x47fb,0x47fb
+.value	0x229b,0x229b
+.value	0x229b,0x229b
+.value	0x229b,0x229b
+.value	0x229b,0x229b
+.value	0xc34,0xc34
+.value	0xc34,0xc34
+.value	0xc34,0xc34
+.value	0xc34,0xc34
+.value	0x6de,0x6de
+.value	0x6de,0x6de
+.value	0x6de,0x6de
+.value	0x6de,0x6de
+.value	0x6834,0x6834
+.value	0x6834,0x6834
+.value	0x6834,0x6834
+.value	0x6834,0x6834
+.value	0xc0de,0xc0de
+.value	0xc0de,0xc0de
+.value	0xc0de,0xc0de
+.value	0xc0de,0xc0de
+.value	0xb73,0xb73
+.value	0xb73,0xb73
+.value	0x3c1,0x3c1
+.value	0x3c1,0x3c1
+.value	0x71d,0x71d
+.value	0x71d,0x71d
+.value	0xa2c,0xa2c
+.value	0xa2c,0xa2c
+.value	0x3473,0x3473
+.value	0x3473,0x3473
+.value	0x36c1,0x36c1
+.value	0x36c1,0x36c1
+.value	0x8e1d,0x8e1d
+.value	0x8e1d,0x8e1d
+.value	0xce2c,0xce2c
+.value	0xce2c,0xce2c
+.value	0x1c0,0x1c0
+.value	0x1c0,0x1c0
+.value	0x8d8,0x8d8
+.value	0x8d8,0x8d8
+.value	0x2a5,0x2a5
+.value	0x2a5,0x2a5
+.value	0x806,0x806
+.value	0x806,0x806
+.value	0x41c0,0x41c0
+.value	0x41c0,0x41c0
+.value	0x10d8,0x10d8
+.value	0x10d8,0x10d8
+.value	0xa1a5,0xa1a5
+.value	0xa1a5,0xa1a5
+.value	0xba06,0xba06
+.value	0xba06,0xba06
+.value	0x331,0x331
+.value	0x449,0x449
+.value	0x25b,0x25b
+.value	0x262,0x262
+.value	0x52a,0x52a
+.value	0x7fc,0x7fc
+.value	0x748,0x748
+.value	0x180,0x180
+.value	0x8631,0x8631
+.value	0x4f49,0x4f49
+.value	0x635b,0x635b
+.value	0x862,0x862
+.value	0xe32a,0xe32a
+.value	0x3bfc,0x3bfc
+.value	0x5f48,0x5f48
+.value	0x8180,0x8180
+.value	0x842,0x842
+.value	0xc79,0xc79
+.value	0x4c2,0x4c2
+.value	0x7ca,0x7ca
+.value	0x997,0x997
+.value	0xdc,0xdc
+.value	0x85e,0x85e
+.value	0x686,0x686
+.value	0xae42,0xae42
+.value	0xe779,0xe779
+.value	0x2ac2,0x2ac2
+.value	0xc5ca,0xc5ca
+.value	0x5e97,0x5e97
+.value	0xd4dc,0xd4dc
+.value	0x425e,0x425e
+.value	0x3886,0x3886
+.value	0x860,0x860
+.value	0x707,0x707
+.value	0x803,0x803
+.value	0x31a,0x31a
+.value	0x71b,0x71b
+.value	0x9ab,0x9ab
+.value	0x99b,0x99b
+.value	0x1de,0x1de
+.value	0x2860,0x2860
+.value	0xac07,0xac07
+.value	0xe103,0xe103
+.value	0xb11a,0xb11a
+.value	0xa81b,0xa81b
+.value	0x5aab,0x5aab
+.value	0x2a9b,0x2a9b
+.value	0xbbde,0xbbde
+.value	0xc95,0xc95
+.value	0xbcd,0xbcd
+.value	0x3e4,0x3e4
+.value	0x3df,0x3df
+.value	0x3be,0x3be
+.value	0x74d,0x74d
+.value	0x5f2,0x5f2
+.value	0x65c,0x65c
+.value	0x7b95,0x7b95
+.value	0xa2cd,0xa2cd
+.value	0x6fe4,0x6fe4
+.value	0xb0df,0xb0df
+.value	0x5dbe,0x5dbe
+.value	0x1e4d,0x1e4d
+.value	0xbbf2,0xbbf2
+.value	0x5a5c,0x5a5c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_avx2_zetas_basemul:
+.value	0x8b2,0x81e
+.value	0xf74e,0xf7e2
+.value	0x1ae,0x367
+.value	0xfe52,0xfc99
+.value	0x22b,0x60e
+.value	0xfdd5,0xf9f2
+.value	0x34b,0x69
+.value	0xfcb5,0xff97
+.value	0xfeb2,0x821e
+.value	0x14e,0x7de2
+.value	0x2bae,0xc867
+.value	0xd452,0x3799
+.value	0xd32b,0x500e
+.value	0x2cd5,0xaff2
+.value	0x344b,0xab69
+.value	0xcbb5,0x5497
+.value	0x1a6,0xbde
+.value	0xfe5a,0xf422
+.value	0x24b,0xb35
+.value	0xfdb5,0xf4cb
+.value	0xb1,0x626
+.value	0xff4f,0xf9da
+.value	0xc16,0x675
+.value	0xf3ea,0xf98b
+.value	0x93a6,0xc5de
+.value	0x6c5a,0x3a22
+.value	0x334b,0x5a35
+.value	0xccb5,0xa5cb
+.value	0x3b1,0x1826
+.value	0xfc4f,0xe7da
+.value	0xee16,0x1575
+.value	0x11ea,0xea8b
+.value	0xc0b,0x9f8
+.value	0xf3f5,0xf608
+.value	0x30a,0x5cb
+.value	0xfcf6,0xfa35
+.value	0x487,0xaa7
+.value	0xfb79,0xf559
+.value	0xc6e,0x45f
+.value	0xf392,0xfba1
+.value	0x7d0b,0x71f8
+.value	0x82f5,0x8e08
+.value	0x810a,0xb6cb
+.value	0x7ef6,0x4935
+.value	0x2987,0x8fa7
+.value	0xd679,0x7059
+.value	0x766e,0x315f
+.value	0x8992,0xcea1
+.value	0x6cb,0x1a2
+.value	0xf935,0xfe5e
+.value	0x284,0x149
+.value	0xfd7c,0xfeb7
+.value	0x999,0xc65
+.value	0xf667,0xf39b
+.value	0x15d,0xcb6
+.value	0xfea3,0xf34a
+.value	0xb7cb,0xc7a2
+.value	0x4835,0x385e
+.value	0x4e84,0x4c49
+.value	0xb17c,0xb3b7
+.value	0x4499,0xeb65
+.value	0xbb67,0x149b
+.value	0x485d,0xceb6
+.value	0xb7a3,0x314a
+.value	0x331,0x52a
+.value	0xfccf,0xfad6
+.value	0x449,0x7fc
+.value	0xfbb7,0xf804
+.value	0x25b,0x748
+.value	0xfda5,0xf8b8
+.value	0x262,0x180
+.value	0xfd9e,0xfe80
+.value	0x8631,0xe32a
+.value	0x79cf,0x1cd6
+.value	0x4f49,0x3bfc
+.value	0xb0b7,0xc404
+.value	0x635b,0x5f48
+.value	0x9ca5,0xa0b8
+.value	0x862,0x8180
+.value	0xf79e,0x7e80
+.value	0x842,0x997
+.value	0xf7be,0xf669
+.value	0xc79,0xdc
+.value	0xf387,0xff24
+.value	0x4c2,0x85e
+.value	0xfb3e,0xf7a2
+.value	0x7ca,0x686
+.value	0xf836,0xf97a
+.value	0xae42,0x5e97
+.value	0x51be,0xa169
+.value	0xe779,0xd4dc
+.value	0x1887,0x2b24
+.value	0x2ac2,0x425e
+.value	0xd53e,0xbda2
+.value	0xc5ca,0x3886
+.value	0x3a36,0xc77a
+.value	0x860,0x71b
+.value	0xf7a0,0xf8e5
+.value	0x707,0x9ab
+.value	0xf8f9,0xf655
+.value	0x803,0x99b
+.value	0xf7fd,0xf665
+.value	0x31a,0x1de
+.value	0xfce6,0xfe22
+.value	0x2860,0xa81b
+.value	0xd7a0,0x57e5
+.value	0xac07,0x5aab
+.value	0x53f9,0xa555
+.value	0xe103,0x2a9b
+.value	0x1efd,0xd565
+.value	0xb11a,0xbbde
+.value	0x4ee6,0x4422
+.value	0xc95,0x3be
+.value	0xf36b,0xfc42
+.value	0xbcd,0x74d
+.value	0xf433,0xf8b3
+.value	0x3e4,0x5f2
+.value	0xfc1c,0xfa0e
+.value	0x3df,0x65c
+.value	0xfc21,0xf9a4
+.value	0x7b95,0x5dbe
+.value	0x846b,0xa242
+.value	0xa2cd,0x1e4d
+.value	0x5d33,0xe1b3
+.value	0x6fe4,0xbbf2
+.value	0x901c,0x440e
+.value	0xb0df,0x5a5c
+.value	0x4f21,0xa5a4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_avx2_zetas_inv:
+.value	0x6a5,0x6a5
+.value	0x5b4,0x5b4
+.value	0x70f,0x70f
+.value	0x943,0x943
+.value	0x922,0x922
+.value	0x134,0x134
+.value	0x91d,0x91d
+.value	0x6c,0x6c
+.value	0xa5a5,0xa5a5
+.value	0xe1b4,0xe1b4
+.value	0x440f,0x440f
+.value	0xa243,0xa243
+.value	0x4f22,0x4f22
+.value	0x5d34,0x5d34
+.value	0x901d,0x901d
+.value	0x846c,0x846c
+.value	0xb23,0xb23
+.value	0x356,0x356
+.value	0x366,0x366
+.value	0x5e6,0x5e6
+.value	0x9e7,0x9e7
+.value	0x5fa,0x5fa
+.value	0x4fe,0x4fe
+.value	0x4a1,0x4a1
+.value	0x4423,0x4423
+.value	0xa556,0xa556
+.value	0xd566,0xd566
+.value	0x57e6,0x57e6
+.value	0x4ee7,0x4ee7
+.value	0x53fa,0x53fa
+.value	0x1efe,0x1efe
+.value	0xd7a1,0xd7a1
+.value	0x4fb,0x4fb
+.value	0x4fb,0x4fb
+.value	0xa5c,0xa5c
+.value	0xa5c,0xa5c
+.value	0x429,0x429
+.value	0x429,0x429
+.value	0xb41,0xb41
+.value	0xb41,0xb41
+.value	0x45fb,0x45fb
+.value	0x45fb,0x45fb
+.value	0x5e5c,0x5e5c
+.value	0x5e5c,0x5e5c
+.value	0xef29,0xef29
+.value	0xef29,0xef29
+.value	0xbe41,0xbe41
+.value	0xbe41,0xbe41
+.value	0x2d5,0x2d5
+.value	0x2d5,0x2d5
+.value	0x5e4,0x5e4
+.value	0x5e4,0x5e4
+.value	0x940,0x940
+.value	0x940,0x940
+.value	0x18e,0x18e
+.value	0x18e,0x18e
+.value	0x31d5,0x31d5
+.value	0x31d5,0x31d5
+.value	0x71e4,0x71e4
+.value	0x71e4,0x71e4
+.value	0xc940,0xc940
+.value	0xc940,0xc940
+.value	0xcb8e,0xcb8e
+.value	0xcb8e,0xcb8e
+.value	0x623,0x623
+.value	0x623,0x623
+.value	0x623,0x623
+.value	0x623,0x623
+.value	0xcd,0xcd
+.value	0xcd,0xcd
+.value	0xcd,0xcd
+.value	0xcd,0xcd
+.value	0x3f23,0x3f23
+.value	0x3f23,0x3f23
+.value	0x3f23,0x3f23
+.value	0x3f23,0x3f23
+.value	0x97cd,0x97cd
+.value	0x97cd,0x97cd
+.value	0x97cd,0x97cd
+.value	0x97cd,0x97cd
+.value	0xb66,0xb66
+.value	0xb66,0xb66
+.value	0xb66,0xb66
+.value	0xb66,0xb66
+.value	0x606,0x606
+.value	0x606,0x606
+.value	0x606,0x606
+.value	0x606,0x606
+.value	0xdd66,0xdd66
+.value	0xdd66,0xdd66
+.value	0xdd66,0xdd66
+.value	0xdd66,0xdd66
+.value	0xb806,0xb806
+.value	0xb806,0xb806
+.value	0xb806,0xb806
+.value	0xb806,0xb806
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x745,0x745
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x8645,0x8645
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x5c2,0x5c2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0x2bc2,0x2bc2
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0xc37,0xc37
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x4137,0x4137
+.value	0x67b,0x67b
+.value	0xc25,0xc25
+.value	0x4a3,0x4a3
+.value	0x36a,0x36a
+.value	0x537,0x537
+.value	0x88,0x88
+.value	0x83f,0x83f
+.value	0x4bf,0x4bf
+.value	0xc77b,0xc77b
+.value	0x2b25,0x2b25
+.value	0xbda3,0xbda3
+.value	0xa16a,0xa16a
+.value	0x3a37,0x3a37
+.value	0x1888,0x1888
+.value	0xd53f,0xd53f
+.value	0x51bf,0x51bf
+.value	0xb81,0xb81
+.value	0x505,0x505
+.value	0x5b9,0x5b9
+.value	0x7d7,0x7d7
+.value	0xa9f,0xa9f
+.value	0x8b8,0x8b8
+.value	0xaa6,0xaa6
+.value	0x9d0,0x9d0
+.value	0x7e81,0x7e81
+.value	0xc405,0xc405
+.value	0xa0b9,0xa0b9
+.value	0x1cd7,0x1cd7
+.value	0xf79f,0xf79f
+.value	0xb0b8,0xb0b8
+.value	0x9ca6,0x9ca6
+.value	0x79d0,0x79d0
+.value	0x3b7,0x3b7
+.value	0x3b7,0x3b7
+.value	0xf7,0xf7
+.value	0xf7,0xf7
+.value	0x58d,0x58d
+.value	0x58d,0x58d
+.value	0xc96,0xc96
+.value	0xc96,0xc96
+.value	0xb8b7,0xb8b7
+.value	0xb8b7,0xb8b7
+.value	0x75f7,0x75f7
+.value	0x75f7,0x75f7
+.value	0xdc8d,0xdc8d
+.value	0xdc8d,0xdc8d
+.value	0x6e96,0x6e96
+.value	0x6e96,0x6e96
+.value	0x9c3,0x9c3
+.value	0x9c3,0x9c3
+.value	0x10f,0x10f
+.value	0x10f,0x10f
+.value	0x5a,0x5a
+.value	0x5a,0x5a
+.value	0x355,0x355
+.value	0x355,0x355
+.value	0x22c3,0x22c3
+.value	0x22c3,0x22c3
+.value	0x3e0f,0x3e0f
+.value	0x3e0f,0x3e0f
+.value	0x6e5a,0x6e5a
+.value	0x6e5a,0x6e5a
+.value	0xb255,0xb255
+.value	0xb255,0xb255
+.value	0xaa1,0xaa1
+.value	0xaa1,0xaa1
+.value	0xaa1,0xaa1
+.value	0xaa1,0xaa1
+.value	0xa25,0xa25
+.value	0xa25,0xa25
+.value	0xa25,0xa25
+.value	0xa25,0xa25
+.value	0xdda1,0xdda1
+.value	0xdda1,0xdda1
+.value	0xdda1,0xdda1
+.value	0xdda1,0xdda1
+.value	0x2925,0x2925
+.value	0x2925,0x2925
+.value	0x2925,0x2925
+.value	0x2925,0x2925
+.value	0x908,0x908
+.value	0x908,0x908
+.value	0x908,0x908
+.value	0x908,0x908
+.value	0x2a9,0x2a9
+.value	0x2a9,0x2a9
+.value	0x2a9,0x2a9
+.value	0x2a9,0x2a9
+.value	0xa108,0xa108
+.value	0xa108,0xa108
+.value	0xa108,0xa108
+.value	0xa108,0xa108
+.value	0x6da9,0x6da9
+.value	0x6da9,0x6da9
+.value	0x6da9,0x6da9
+.value	0x6da9,0x6da9
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0x4b2,0x4b2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0xfab2,0xfab2
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0x93f,0x93f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xd63f,0xd63f
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0xbe2,0xbe2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x91e2,0x91e2
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0x5ed,0x5ed
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0xfced,0xfced
+.value	0x4b,0x4b
+.value	0xbb8,0xbb8
+.value	0x9c,0x9c
+.value	0xb5f,0xb5f
+.value	0xba4,0xba4
+.value	0xa7d,0xa7d
+.value	0x368,0x368
+.value	0x636,0x636
+.value	0x314b,0x314b
+.value	0xb3b8,0xb3b8
+.value	0x149c,0x149c
+.value	0x385f,0x385f
+.value	0xb7a4,0xb7a4
+.value	0xb17d,0xb17d
+.value	0xbb68,0xbb68
+.value	0x4836,0x4836
+.value	0x8a2,0x8a2
+.value	0x736,0x736
+.value	0x25a,0x25a
+.value	0x309,0x309
+.value	0x93,0x93
+.value	0x9f7,0x9f7
+.value	0x87a,0x87a
+.value	0xf6,0xf6
+.value	0xcea2,0xcea2
+.value	0x4936,0x4936
+.value	0x705a,0x705a
+.value	0x8e09,0x8e09
+.value	0x8993,0x8993
+.value	0x7ef7,0x7ef7
+.value	0xd67a,0xd67a
+.value	0x82f6,0x82f6
+.value	0x744,0x744
+.value	0x744,0x744
+.value	0xc83,0xc83
+.value	0xc83,0xc83
+.value	0x48a,0x48a
+.value	0x48a,0x48a
+.value	0x652,0x652
+.value	0x652,0x652
+.value	0x9344,0x9344
+.value	0x9344,0x9344
+.value	0x6583,0x6583
+.value	0x6583,0x6583
+.value	0x28a,0x28a
+.value	0x28a,0x28a
+.value	0xdc52,0xdc52
+.value	0xdc52,0xdc52
+.value	0x29a,0x29a
+.value	0x29a,0x29a
+.value	0x140,0x140
+.value	0x140,0x140
+.value	0x8,0x8
+.value	0x8,0x8
+.value	0xafd,0xafd
+.value	0xafd,0xafd
+.value	0x309a,0x309a
+.value	0x309a,0x309a
+.value	0xc140,0xc140
+.value	0xc140,0xc140
+.value	0x9808,0x9808
+.value	0x9808,0x9808
+.value	0x31fd,0x31fd
+.value	0x31fd,0x31fd
+.value	0x82,0x82
+.value	0x82,0x82
+.value	0x82,0x82
+.value	0x82,0x82
+.value	0x642,0x642
+.value	0x642,0x642
+.value	0x642,0x642
+.value	0x642,0x642
+.value	0x6682,0x6682
+.value	0x6682,0x6682
+.value	0x6682,0x6682
+.value	0x6682,0x6682
+.value	0xac42,0xac42
+.value	0xac42,0xac42
+.value	0xac42,0xac42
+.value	0xac42,0xac42
+.value	0x74f,0x74f
+.value	0x74f,0x74f
+.value	0x74f,0x74f
+.value	0x74f,0x74f
+.value	0x33d,0x33d
+.value	0x33d,0x33d
+.value	0x33d,0x33d
+.value	0x33d,0x33d
+.value	0x44f,0x44f
+.value	0x44f,0x44f
+.value	0x44f,0x44f
+.value	0x44f,0x44f
+.value	0xea3d,0xea3d
+.value	0xea3d,0xea3d
+.value	0xea3d,0xea3d
+.value	0xea3d,0xea3d
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0xc4b,0xc4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x3d4b,0x3d4b
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0x6d8,0x6d8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0xed8,0xed8
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x773,0x773
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x3073,0x3073
+.value	0x68c,0x68c
+.value	0x1cc,0x1cc
+.value	0x6db,0x6db
+.value	0x123,0x123
+.value	0xeb,0xeb
+.value	0xab6,0xab6
+.value	0xc50,0xc50
+.value	0xb5b,0xb5b
+.value	0xea8c,0xea8c
+.value	0xa5cc,0xa5cc
+.value	0xe7db,0xe7db
+.value	0x3a23,0x3a23
+.value	0x11eb,0x11eb
+.value	0xccb6,0xccb6
+.value	0xfc50,0xfc50
+.value	0x6c5b,0x6c5b
+.value	0xc98,0xc98
+.value	0x99a,0x99a
+.value	0x6f3,0x6f3
+.value	0x4e3,0x4e3
+.value	0x9b6,0x9b6
+.value	0xb53,0xb53
+.value	0xad6,0xad6
+.value	0x44f,0x44f
+.value	0x5498,0x5498
+.value	0x379a,0x379a
+.value	0xaff3,0xaff3
+.value	0x7de3,0x7de3
+.value	0xcbb6,0xcbb6
+.value	0xd453,0xd453
+.value	0x2cd6,0x2cd6
+.value	0x14f,0x14f
+.value	0x608,0x608
+.value	0x608,0x608
+.value	0x11a,0x11a
+.value	0x11a,0x11a
+.value	0x72e,0x72e
+.value	0x72e,0x72e
+.value	0x50d,0x50d
+.value	0x50d,0x50d
+.value	0x9e08,0x9e08
+.value	0x9e08,0x9e08
+.value	0xaf1a,0xaf1a
+.value	0xaf1a,0xaf1a
+.value	0xb12e,0xb12e
+.value	0xb12e,0xb12e
+.value	0x5c0d,0x5c0d
+.value	0x5c0d,0x5c0d
+.value	0x90a,0x90a
+.value	0x90a,0x90a
+.value	0x228,0x228
+.value	0x228,0x228
+.value	0xa75,0xa75
+.value	0xa75,0xa75
+.value	0x83a,0x83a
+.value	0x83a,0x83a
+.value	0x870a,0x870a
+.value	0x870a,0x870a
+.value	0xfa28,0xfa28
+.value	0xfa28,0xfa28
+.value	0x1975,0x1975
+.value	0x1975,0x1975
+.value	0x163a,0x163a
+.value	0x163a,0x163a
+.value	0xb82,0xb82
+.value	0xb82,0xb82
+.value	0xb82,0xb82
+.value	0xb82,0xb82
+.value	0xbf9,0xbf9
+.value	0xbf9,0xbf9
+.value	0xbf9,0xbf9
+.value	0xbf9,0xbf9
+.value	0x7182,0x7182
+.value	0x7182,0x7182
+.value	0x7182,0x7182
+.value	0x7182,0x7182
+.value	0x66f9,0x66f9
+.value	0x66f9,0x66f9
+.value	0x66f9,0x66f9
+.value	0x66f9,0x66f9
+.value	0x52d,0x52d
+.value	0x52d,0x52d
+.value	0x52d,0x52d
+.value	0x52d,0x52d
+.value	0xac4,0xac4
+.value	0xac4,0xac4
+.value	0xac4,0xac4
+.value	0xac4,0xac4
+.value	0xbc2d,0xbc2d
+.value	0xbc2d,0xbc2d
+.value	0xbc2d,0xbc2d
+.value	0xbc2d,0xbc2d
+.value	0x16c4,0x16c4
+.value	0x16c4,0x16c4
+.value	0x16c4,0x16c4
+.value	0x16c4,0x16c4
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0xa93,0xa93
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0x9393,0x9393
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0xab,0xab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x51ab,0x51ab
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0x72c,0x72c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0xcb2c,0xcb2c
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0x167,0x167
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0xc667,0xc667
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x2f6,0x2f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x84f6,0x84f6
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0x5a1,0x5a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+.value	0xd8a1,0xd8a1
+#ifndef __APPLE__
+.text
+.globl	kyber_keygen_avx2
+.type	kyber_keygen_avx2,@function
+.align	16
+kyber_keygen_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_keygen_avx2
+.p2align	4
+_kyber_keygen_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm14
+        vmovdqu	kyber_v(%rip), %ymm15
+        movslq	%r8d, %r9
+        movq	%rdi, %r10
+L_kyber_keygen_avx2_priv:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r11
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm12
+        vmovdqu	128(%r10), %ymm0
+        vmovdqu	160(%r10), %ymm1
+        vmovdqu	192(%r10), %ymm2
+        vmovdqu	224(%r10), %ymm3
+        vmovdqu	384(%r10), %ymm4
+        vmovdqu	416(%r10), %ymm5
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	%ymm2, 192(%r10)
+        vmovdqu	%ymm3, 224(%r10)
+        vmovdqu	%ymm4, 384(%r10)
+        vmovdqu	%ymm5, 416(%r10)
+        vmovdqu	%ymm6, 448(%r10)
+        vmovdqu	%ymm7, 480(%r10)
+        vmovdqu	(%r10), %ymm0
+        vmovdqu	32(%r10), %ymm1
+        vmovdqu	64(%r10), %ymm2
+        vmovdqu	96(%r10), %ymm3
+        vmovdqu	256(%r10), %ymm4
+        vmovdqu	288(%r10), %ymm5
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%r10)
+        vmovdqu	%ymm5, 288(%r10)
+        vmovdqu	%ymm6, 320(%r10)
+        vmovdqu	%ymm7, 352(%r10)
+        vmovdqu	128(%r10), %ymm4
+        vmovdqu	160(%r10), %ymm5
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm12
+        vmovdqu	320(%r11), %ymm11
+        vmovdqu	352(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm12
+        vmovdqu	448(%r11), %ymm11
+        vmovdqu	480(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r11), %ymm10
+        vmovdqu	672(%r11), %ymm12
+        vmovdqu	704(%r11), %ymm11
+        vmovdqu	736(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r11), %ymm10
+        vmovdqu	928(%r11), %ymm12
+        vmovdqu	960(%r11), %ymm11
+        vmovdqu	992(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r11), %ymm10
+        vmovdqu	1056(%r11), %ymm12
+        vmovdqu	1088(%r11), %ymm11
+        vmovdqu	1120(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r11), %ymm10
+        vmovdqu	1184(%r11), %ymm12
+        vmovdqu	1216(%r11), %ymm11
+        vmovdqu	1248(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, (%r10)
+        vmovdqu	%ymm9, 32(%r10)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 64(%r10)
+        vmovdqu	%ymm9, 96(%r10)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 128(%r10)
+        vmovdqu	%ymm9, 160(%r10)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 192(%r10)
+        vmovdqu	%ymm9, 224(%r10)
+        vmovdqu	256(%r10), %ymm0
+        vmovdqu	288(%r10), %ymm1
+        vmovdqu	320(%r10), %ymm2
+        vmovdqu	352(%r10), %ymm3
+        vmovdqu	384(%r10), %ymm4
+        vmovdqu	416(%r10), %ymm5
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r11), %ymm10
+        vmovdqu	1312(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r11), %ymm10
+        vmovdqu	1376(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r11), %ymm10
+        vmovdqu	1440(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r11), %ymm10
+        vmovdqu	1504(%r11), %ymm12
+        vmovdqu	1536(%r11), %ymm11
+        vmovdqu	1568(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r11), %ymm10
+        vmovdqu	1632(%r11), %ymm12
+        vmovdqu	1664(%r11), %ymm11
+        vmovdqu	1696(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r11), %ymm10
+        vmovdqu	1888(%r11), %ymm12
+        vmovdqu	1920(%r11), %ymm11
+        vmovdqu	1952(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r11), %ymm10
+        vmovdqu	2144(%r11), %ymm12
+        vmovdqu	2176(%r11), %ymm11
+        vmovdqu	2208(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r11), %ymm10
+        vmovdqu	2272(%r11), %ymm12
+        vmovdqu	2304(%r11), %ymm11
+        vmovdqu	2336(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r11), %ymm10
+        vmovdqu	2400(%r11), %ymm12
+        vmovdqu	2432(%r11), %ymm11
+        vmovdqu	2464(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, 256(%r10)
+        vmovdqu	%ymm9, 288(%r10)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 320(%r10)
+        vmovdqu	%ymm9, 352(%r10)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 384(%r10)
+        vmovdqu	%ymm9, 416(%r10)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 448(%r10)
+        vmovdqu	%ymm9, 480(%r10)
+        addq	$0x200, %r10
+        subq	$0x01, %r9
+        jg	L_kyber_keygen_avx2_priv
+        vmovdqu	kyber_qinv(%rip), %ymm13
+        movslq	%r8d, %rax
+        movq	%rsi, %r10
+L_kyber_keygen_avx2_acc:
+        # Pointwise acc mont
+        movslq	%r8d, %r9
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdi), %ymm4
+        vmovdqu	32(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm4
+        vmovdqu	96(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%r10)
+        vmovdqu	%ymm1, 96(%r10)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm4
+        vmovdqu	224(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%r10)
+        vmovdqu	%ymm1, 224(%r10)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm4
+        vmovdqu	288(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm4
+        vmovdqu	352(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r11), %ymm10
+        vmovdqu	352(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%r10)
+        vmovdqu	%ymm1, 352(%r10)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        vmovdqu	480(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r11), %ymm10
+        vmovdqu	480(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%r10)
+        vmovdqu	%ymm1, 480(%r10)
+        addq	$0x200, %rcx
+        addq	$0x200, %rdi
+        subq	$2, %r9
+        jz	L_pointwise_acc_mont_end_keygen
+L_pointwise_acc_mont_start_keygen:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdi), %ymm4
+        vmovdqu	32(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%r10), %ymm6
+        vmovdqu	32(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm4
+        vmovdqu	96(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%r10), %ymm6
+        vmovdqu	96(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%r10)
+        vmovdqu	%ymm1, 96(%r10)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%r10), %ymm6
+        vmovdqu	160(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm4
+        vmovdqu	224(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%r10)
+        vmovdqu	%ymm1, 224(%r10)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm4
+        vmovdqu	288(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%r10), %ymm6
+        vmovdqu	288(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm4
+        vmovdqu	352(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r11), %ymm10
+        vmovdqu	352(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%r10)
+        vmovdqu	%ymm1, 352(%r10)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%r10), %ymm6
+        vmovdqu	416(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        vmovdqu	480(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r11), %ymm10
+        vmovdqu	480(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%r10)
+        vmovdqu	%ymm1, 480(%r10)
+        addq	$0x200, %rcx
+        addq	$0x200, %rdi
+        subq	$0x01, %r9
+        jg	L_pointwise_acc_mont_start_keygen
+L_pointwise_acc_mont_end_keygen:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdi), %ymm4
+        vmovdqu	32(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%r10), %ymm6
+        vmovdqu	32(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm4
+        vmovdqu	96(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%r10), %ymm6
+        vmovdqu	96(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%r10)
+        vmovdqu	%ymm1, 96(%r10)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%r10), %ymm6
+        vmovdqu	160(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm4
+        vmovdqu	224(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%r10)
+        vmovdqu	%ymm1, 224(%r10)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm4
+        vmovdqu	288(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%r10), %ymm6
+        vmovdqu	288(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm4
+        vmovdqu	352(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r11), %ymm10
+        vmovdqu	352(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%r10)
+        vmovdqu	%ymm1, 352(%r10)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%r10), %ymm6
+        vmovdqu	416(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        vmovdqu	480(%rdi), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r11), %ymm10
+        vmovdqu	480(%r11), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm13, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%r10)
+        vmovdqu	%ymm1, 480(%r10)
+        addq	$0x200, %rcx
+        addq	$0x200, %rdi
+        movslq	%r8d, %r9
+        shl	$9, %r9d
+        subq	%r9, %rdi
+        addq	$0x200, %r10
+        subq	$0x01, %rax
+        jg	L_kyber_keygen_avx2_acc
+        movslq	%r8d, %rax
+        vmovdqu	kyber_f(%rip), %ymm12
+        vmovdqu	kyber_f_qinv(%rip), %ymm13
+        movslq	%r8d, %rax
+        movq	%rsi, %r10
+L_kyber_keygen_avx2_to_mont:
+        # To Mont
+        vmovdqu	(%r10), %ymm0
+        vmovdqu	32(%r10), %ymm1
+        vmovdqu	64(%r10), %ymm2
+        vmovdqu	96(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, (%r10)
+        vmovdqu	%ymm1, 32(%r10)
+        vmovdqu	%ymm2, 64(%r10)
+        vmovdqu	%ymm3, 96(%r10)
+        vmovdqu	128(%r10), %ymm0
+        vmovdqu	160(%r10), %ymm1
+        vmovdqu	192(%r10), %ymm2
+        vmovdqu	224(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, 128(%r10)
+        vmovdqu	%ymm1, 160(%r10)
+        vmovdqu	%ymm2, 192(%r10)
+        vmovdqu	%ymm3, 224(%r10)
+        vmovdqu	256(%r10), %ymm0
+        vmovdqu	288(%r10), %ymm1
+        vmovdqu	320(%r10), %ymm2
+        vmovdqu	352(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, 256(%r10)
+        vmovdqu	%ymm1, 288(%r10)
+        vmovdqu	%ymm2, 320(%r10)
+        vmovdqu	%ymm3, 352(%r10)
+        vmovdqu	384(%r10), %ymm0
+        vmovdqu	416(%r10), %ymm1
+        vmovdqu	448(%r10), %ymm2
+        vmovdqu	480(%r10), %ymm3
+        vpmullw	%ymm13, %ymm0, %ymm4
+        vpmulhw	%ymm12, %ymm0, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm0
+        vpmullw	%ymm13, %ymm1, %ymm4
+        vpmulhw	%ymm12, %ymm1, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm4
+        vpmulhw	%ymm12, %ymm2, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm2
+        vpmullw	%ymm13, %ymm3, %ymm4
+        vpmulhw	%ymm12, %ymm3, %ymm5
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpsubw	%ymm4, %ymm5, %ymm3
+        vmovdqu	%ymm0, 384(%r10)
+        vmovdqu	%ymm1, 416(%r10)
+        vmovdqu	%ymm2, 448(%r10)
+        vmovdqu	%ymm3, 480(%r10)
+        addq	$0x200, %r10
+        subq	$0x01, %rax
+        jg	L_kyber_keygen_avx2_to_mont
+        movslq	%r8d, %rax
+L_kyber_keygen_avx2_to_mont_ntt_err:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r11
+        vmovdqu	(%r11), %ymm10
+        vmovdqu	32(%r11), %ymm12
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%rdx)
+        vmovdqu	%ymm5, 288(%rdx)
+        vmovdqu	%ymm6, 320(%rdx)
+        vmovdqu	%ymm7, 352(%rdx)
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r11), %ymm10
+        vmovdqu	96(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r11), %ymm10
+        vmovdqu	160(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r11), %ymm10
+        vmovdqu	224(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r11), %ymm10
+        vmovdqu	288(%r11), %ymm12
+        vmovdqu	320(%r11), %ymm11
+        vmovdqu	352(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r11), %ymm10
+        vmovdqu	416(%r11), %ymm12
+        vmovdqu	448(%r11), %ymm11
+        vmovdqu	480(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r11), %ymm10
+        vmovdqu	672(%r11), %ymm12
+        vmovdqu	704(%r11), %ymm11
+        vmovdqu	736(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r11), %ymm10
+        vmovdqu	928(%r11), %ymm12
+        vmovdqu	960(%r11), %ymm11
+        vmovdqu	992(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r11), %ymm10
+        vmovdqu	1056(%r11), %ymm12
+        vmovdqu	1088(%r11), %ymm11
+        vmovdqu	1120(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r11), %ymm10
+        vmovdqu	1184(%r11), %ymm12
+        vmovdqu	1216(%r11), %ymm11
+        vmovdqu	1248(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	%ymm4, 128(%rdx)
+        vmovdqu	%ymm5, 160(%rdx)
+        vmovdqu	%ymm6, 192(%rdx)
+        vmovdqu	%ymm7, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r11), %ymm10
+        vmovdqu	1312(%r11), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r11), %ymm10
+        vmovdqu	1376(%r11), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r11), %ymm10
+        vmovdqu	1440(%r11), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r11), %ymm10
+        vmovdqu	1504(%r11), %ymm12
+        vmovdqu	1536(%r11), %ymm11
+        vmovdqu	1568(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r11), %ymm10
+        vmovdqu	1632(%r11), %ymm12
+        vmovdqu	1664(%r11), %ymm11
+        vmovdqu	1696(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r11), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r11), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r11), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r11), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r11), %ymm10
+        vmovdqu	1888(%r11), %ymm12
+        vmovdqu	1920(%r11), %ymm11
+        vmovdqu	1952(%r11), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r11), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r11), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r11), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r11), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r11), %ymm10
+        vmovdqu	2144(%r11), %ymm12
+        vmovdqu	2176(%r11), %ymm11
+        vmovdqu	2208(%r11), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r11), %ymm10
+        vmovdqu	2272(%r11), %ymm12
+        vmovdqu	2304(%r11), %ymm11
+        vmovdqu	2336(%r11), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r11), %ymm10
+        vmovdqu	2400(%r11), %ymm12
+        vmovdqu	2432(%r11), %ymm11
+        vmovdqu	2464(%r11), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        # Add Errors
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	96(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vmovdqu	448(%rsi), %ymm2
+        vmovdqu	480(%rsi), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	%ymm2, 448(%rsi)
+        vmovdqu	%ymm3, 480(%rsi)
+        addq	$0x200, %rdx
+        addq	$0x200, %rsi
+        subq	$0x01, %rax
+        jg	L_kyber_keygen_avx2_to_mont_ntt_err
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_keygen_avx2,.-kyber_keygen_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_encapsulate_avx2
+.type	kyber_encapsulate_avx2,@function
+.align	16
+kyber_encapsulate_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_encapsulate_avx2
+.p2align	4
+_kyber_encapsulate_avx2:
+#endif /* __APPLE__ */
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
+        movq	40(%rsp), %rax
+        movq	48(%rsp), %r10
+        movq	56(%rsp), %r11
+        subq	$48, %rsp
+        vmovdqu	kyber_q(%rip), %ymm14
+        vmovdqu	kyber_v(%rip), %ymm15
+        movslq	%r11d, %r13
+        movq	%r8, %r14
+L_kyber_encapsulate_avx2_trans:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r15
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm12
+        vmovdqu	128(%r14), %ymm0
+        vmovdqu	160(%r14), %ymm1
+        vmovdqu	192(%r14), %ymm2
+        vmovdqu	224(%r14), %ymm3
+        vmovdqu	384(%r14), %ymm4
+        vmovdqu	416(%r14), %ymm5
+        vmovdqu	448(%r14), %ymm6
+        vmovdqu	480(%r14), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%r14)
+        vmovdqu	%ymm1, 160(%r14)
+        vmovdqu	%ymm2, 192(%r14)
+        vmovdqu	%ymm3, 224(%r14)
+        vmovdqu	%ymm4, 384(%r14)
+        vmovdqu	%ymm5, 416(%r14)
+        vmovdqu	%ymm6, 448(%r14)
+        vmovdqu	%ymm7, 480(%r14)
+        vmovdqu	(%r14), %ymm0
+        vmovdqu	32(%r14), %ymm1
+        vmovdqu	64(%r14), %ymm2
+        vmovdqu	96(%r14), %ymm3
+        vmovdqu	256(%r14), %ymm4
+        vmovdqu	288(%r14), %ymm5
+        vmovdqu	320(%r14), %ymm6
+        vmovdqu	352(%r14), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%r14)
+        vmovdqu	%ymm5, 288(%r14)
+        vmovdqu	%ymm6, 320(%r14)
+        vmovdqu	%ymm7, 352(%r14)
+        vmovdqu	128(%r14), %ymm4
+        vmovdqu	160(%r14), %ymm5
+        vmovdqu	192(%r14), %ymm6
+        vmovdqu	224(%r14), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm12
+        vmovdqu	320(%r15), %ymm11
+        vmovdqu	352(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm12
+        vmovdqu	448(%r15), %ymm11
+        vmovdqu	480(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r15), %ymm10
+        vmovdqu	672(%r15), %ymm12
+        vmovdqu	704(%r15), %ymm11
+        vmovdqu	736(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r15), %ymm10
+        vmovdqu	928(%r15), %ymm12
+        vmovdqu	960(%r15), %ymm11
+        vmovdqu	992(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r15), %ymm10
+        vmovdqu	1056(%r15), %ymm12
+        vmovdqu	1088(%r15), %ymm11
+        vmovdqu	1120(%r15), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r15), %ymm10
+        vmovdqu	1184(%r15), %ymm12
+        vmovdqu	1216(%r15), %ymm11
+        vmovdqu	1248(%r15), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, (%r14)
+        vmovdqu	%ymm1, 32(%r14)
+        vmovdqu	%ymm2, 64(%r14)
+        vmovdqu	%ymm3, 96(%r14)
+        vmovdqu	%ymm4, 128(%r14)
+        vmovdqu	%ymm5, 160(%r14)
+        vmovdqu	%ymm6, 192(%r14)
+        vmovdqu	%ymm7, 224(%r14)
+        vmovdqu	256(%r14), %ymm0
+        vmovdqu	288(%r14), %ymm1
+        vmovdqu	320(%r14), %ymm2
+        vmovdqu	352(%r14), %ymm3
+        vmovdqu	384(%r14), %ymm4
+        vmovdqu	416(%r14), %ymm5
+        vmovdqu	448(%r14), %ymm6
+        vmovdqu	480(%r14), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r15), %ymm10
+        vmovdqu	1312(%r15), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r15), %ymm10
+        vmovdqu	1376(%r15), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r15), %ymm10
+        vmovdqu	1440(%r15), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r15), %ymm10
+        vmovdqu	1504(%r15), %ymm12
+        vmovdqu	1536(%r15), %ymm11
+        vmovdqu	1568(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r15), %ymm10
+        vmovdqu	1632(%r15), %ymm12
+        vmovdqu	1664(%r15), %ymm11
+        vmovdqu	1696(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r15), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r15), %ymm10
+        vmovdqu	1888(%r15), %ymm12
+        vmovdqu	1920(%r15), %ymm11
+        vmovdqu	1952(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r15), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r15), %ymm10
+        vmovdqu	2144(%r15), %ymm12
+        vmovdqu	2176(%r15), %ymm11
+        vmovdqu	2208(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r15), %ymm10
+        vmovdqu	2272(%r15), %ymm12
+        vmovdqu	2304(%r15), %ymm11
+        vmovdqu	2336(%r15), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r15), %ymm10
+        vmovdqu	2400(%r15), %ymm12
+        vmovdqu	2432(%r15), %ymm11
+        vmovdqu	2464(%r15), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 256(%r14)
+        vmovdqu	%ymm1, 288(%r14)
+        vmovdqu	%ymm2, 320(%r14)
+        vmovdqu	%ymm3, 352(%r14)
+        vmovdqu	%ymm4, 384(%r14)
+        vmovdqu	%ymm5, 416(%r14)
+        vmovdqu	%ymm6, 448(%r14)
+        vmovdqu	%ymm7, 480(%r14)
+        addq	$0x200, %r14
+        subq	$0x01, %r13
+        jg	L_kyber_encapsulate_avx2_trans
+        movslq	%r11d, %r12
+L_kyber_encapsulate_avx2_calc:
+        vmovdqu	kyber_qinv(%rip), %ymm12
+        # Pointwise acc mont
+        movslq	%r11d, %r13
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rcx
+        addq	$0x200, %r8
+        subq	$2, %r13
+        jz	L_pointwise_acc_mont_end_encap_bp
+L_pointwise_acc_mont_start_encap_bp:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rcx
+        addq	$0x200, %r8
+        subq	$0x01, %r13
+        jg	L_pointwise_acc_mont_start_encap_bp
+L_pointwise_acc_mont_end_encap_bp:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rcx), %ymm2
+        vmovdqu	32(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rcx), %ymm2
+        vmovdqu	96(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rcx), %ymm2
+        vmovdqu	160(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rcx), %ymm2
+        vmovdqu	224(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rcx), %ymm2
+        vmovdqu	288(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rcx), %ymm2
+        vmovdqu	352(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rcx), %ymm2
+        vmovdqu	416(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rcx), %ymm2
+        vmovdqu	480(%rcx), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rcx
+        addq	$0x200, %r8
+        movslq	%r11d, %r13
+        shl	$9, %r13d
+        subq	%r13, %r8
+        # invntt
+        leaq	L_kyber_avx2_zetas_inv(%rip), %r15
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        # 2: 1/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	32(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	64(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	96(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm12
+        vmovdqu	192(%r15), %ymm11
+        vmovdqu	224(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm12
+        vmovdqu	320(%r15), %ymm11
+        vmovdqu	352(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 1/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 1/2
+        vmovdqu	512(%r15), %ymm10
+        vmovdqu	544(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 1/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	576(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	608(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	640(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	672(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%r15), %ymm10
+        vmovdqu	736(%r15), %ymm12
+        vmovdqu	768(%r15), %ymm11
+        vmovdqu	800(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%r15), %ymm10
+        vmovdqu	864(%r15), %ymm12
+        vmovdqu	896(%r15), %ymm11
+        vmovdqu	928(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 1/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 1/2
+        vmovdqu	1088(%r15), %ymm10
+        vmovdqu	1120(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 1/2
+        vmovdqu	1152(%r15), %ymm10
+        vmovdqu	1184(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        vmovdqu	%ymm5, 160(%rsi)
+        vmovdqu	%ymm6, 192(%rsi)
+        vmovdqu	%ymm7, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	384(%rsi), %ymm4
+        vmovdqu	416(%rsi), %ymm5
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        # 2: 2/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1216(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	1248(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	1280(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	1312(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%r15), %ymm10
+        vmovdqu	1376(%r15), %ymm12
+        vmovdqu	1408(%r15), %ymm11
+        vmovdqu	1440(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%r15), %ymm10
+        vmovdqu	1504(%r15), %ymm12
+        vmovdqu	1536(%r15), %ymm11
+        vmovdqu	1568(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 2/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 2/2
+        vmovdqu	1728(%r15), %ymm10
+        vmovdqu	1760(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 2/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1792(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	1824(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	1856(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	1888(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%r15), %ymm10
+        vmovdqu	1952(%r15), %ymm12
+        vmovdqu	1984(%r15), %ymm11
+        vmovdqu	2016(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%r15), %ymm10
+        vmovdqu	2080(%r15), %ymm12
+        vmovdqu	2112(%r15), %ymm11
+        vmovdqu	2144(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 2/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 2/2
+        vmovdqu	2304(%r15), %ymm10
+        vmovdqu	2336(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 2/2
+        vmovdqu	2368(%r15), %ymm10
+        vmovdqu	2400(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        # 128
+        vmovdqu	2432(%r15), %ymm10
+        vmovdqu	2464(%r15), %ymm12
+        vmovdqu	2496(%r15), %ymm11
+        vmovdqu	2528(%r15), %ymm13
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	%ymm4, 384(%rsi)
+        vmovdqu	%ymm5, 416(%rsi)
+        vmovdqu	%ymm6, 448(%rsi)
+        vmovdqu	%ymm7, 480(%rsi)
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	256(%rsi), %ymm4
+        vmovdqu	288(%rsi), %ymm5
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 256(%rsi)
+        vmovdqu	%ymm5, 288(%rsi)
+        vmovdqu	%ymm6, 320(%rsi)
+        vmovdqu	%ymm7, 352(%rsi)
+        # Add Errors
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	(%r9), %ymm4
+        vmovdqu	32(%r9), %ymm5
+        vmovdqu	64(%r9), %ymm6
+        vmovdqu	96(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vmovdqu	128(%r9), %ymm4
+        vmovdqu	160(%r9), %ymm5
+        vmovdqu	192(%r9), %ymm6
+        vmovdqu	224(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	256(%r9), %ymm4
+        vmovdqu	288(%r9), %ymm5
+        vmovdqu	320(%r9), %ymm6
+        vmovdqu	352(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vmovdqu	448(%rsi), %ymm2
+        vmovdqu	480(%rsi), %ymm3
+        vmovdqu	384(%r9), %ymm4
+        vmovdqu	416(%r9), %ymm5
+        vmovdqu	448(%r9), %ymm6
+        vmovdqu	480(%r9), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	%ymm2, 448(%rsi)
+        vmovdqu	%ymm3, 480(%rsi)
+        addq	$0x200, %r9
+        addq	$0x200, %rsi
+        subq	$0x01, %r12
+        jg	L_kyber_encapsulate_avx2_calc
+        vmovdqu	kyber_qinv(%rip), %ymm12
+        # Pointwise acc mont
+        movslq	%r11d, %r13
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rdx)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rdx)
+        vmovdqu	%ymm1, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rdx)
+        vmovdqu	%ymm1, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rdx)
+        vmovdqu	%ymm1, 480(%rdx)
+        addq	$0x200, %rdi
+        addq	$0x200, %r8
+        subq	$2, %r13
+        jz	L_pointwise_acc_mont_end_encap_v
+L_pointwise_acc_mont_start_encap_v:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	32(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	96(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rdx)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	160(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rdx)
+        vmovdqu	%ymm1, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	288(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rdx)
+        vmovdqu	%ymm1, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	416(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rdx)
+        vmovdqu	%ymm1, 480(%rdx)
+        addq	$0x200, %rdi
+        addq	$0x200, %r8
+        subq	$0x01, %r13
+        jg	L_pointwise_acc_mont_start_encap_v
+L_pointwise_acc_mont_end_encap_v:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%r8), %ymm4
+        vmovdqu	32(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r15), %ymm10
+        vmovdqu	32(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	32(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%r8), %ymm4
+        vmovdqu	96(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r15), %ymm10
+        vmovdqu	96(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	96(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rdx)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%r8), %ymm4
+        vmovdqu	160(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	160(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%r8), %ymm4
+        vmovdqu	224(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r15), %ymm10
+        vmovdqu	224(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rdx)
+        vmovdqu	%ymm1, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%r8), %ymm4
+        vmovdqu	288(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	288(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%r8), %ymm4
+        vmovdqu	352(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r15), %ymm10
+        vmovdqu	352(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rdx)
+        vmovdqu	%ymm1, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%r8), %ymm4
+        vmovdqu	416(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r15), %ymm10
+        vmovdqu	416(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	416(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%r8), %ymm4
+        vmovdqu	480(%r8), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r15), %ymm10
+        vmovdqu	480(%r15), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rdx)
+        vmovdqu	%ymm1, 480(%rdx)
+        addq	$0x200, %rdi
+        addq	$0x200, %r8
+        movslq	%r11d, %r13
+        shl	$9, %r13d
+        subq	%r13, %r8
+        # invntt
+        leaq	L_kyber_avx2_zetas_inv(%rip), %r15
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	224(%rdx), %ymm7
+        # 2: 1/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	32(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	64(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	96(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%r15), %ymm10
+        vmovdqu	160(%r15), %ymm12
+        vmovdqu	192(%r15), %ymm11
+        vmovdqu	224(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%r15), %ymm10
+        vmovdqu	288(%r15), %ymm12
+        vmovdqu	320(%r15), %ymm11
+        vmovdqu	352(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 1/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 1/2
+        vmovdqu	512(%r15), %ymm10
+        vmovdqu	544(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 1/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	576(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	608(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	640(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	672(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%r15), %ymm10
+        vmovdqu	736(%r15), %ymm12
+        vmovdqu	768(%r15), %ymm11
+        vmovdqu	800(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%r15), %ymm10
+        vmovdqu	864(%r15), %ymm12
+        vmovdqu	896(%r15), %ymm11
+        vmovdqu	928(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 1/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 1/2
+        vmovdqu	1088(%r15), %ymm10
+        vmovdqu	1120(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 1/2
+        vmovdqu	1152(%r15), %ymm10
+        vmovdqu	1184(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	%ymm4, 128(%rdx)
+        vmovdqu	%ymm5, 160(%rdx)
+        vmovdqu	%ymm6, 192(%rdx)
+        vmovdqu	%ymm7, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	480(%rdx), %ymm7
+        # 2: 2/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1216(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	1248(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	1280(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	1312(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%r15), %ymm10
+        vmovdqu	1376(%r15), %ymm12
+        vmovdqu	1408(%r15), %ymm11
+        vmovdqu	1440(%r15), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%r15), %ymm10
+        vmovdqu	1504(%r15), %ymm12
+        vmovdqu	1536(%r15), %ymm11
+        vmovdqu	1568(%r15), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 2/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%r15), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%r15), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%r15), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%r15), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 2/2
+        vmovdqu	1728(%r15), %ymm10
+        vmovdqu	1760(%r15), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 2/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1792(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	1824(%r15), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	1856(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	1888(%r15), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%r15), %ymm10
+        vmovdqu	1952(%r15), %ymm12
+        vmovdqu	1984(%r15), %ymm11
+        vmovdqu	2016(%r15), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%r15), %ymm10
+        vmovdqu	2080(%r15), %ymm12
+        vmovdqu	2112(%r15), %ymm11
+        vmovdqu	2144(%r15), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 2/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%r15), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%r15), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%r15), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%r15), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 2/2
+        vmovdqu	2304(%r15), %ymm10
+        vmovdqu	2336(%r15), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 2/2
+        vmovdqu	2368(%r15), %ymm10
+        vmovdqu	2400(%r15), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        # 128
+        vmovdqu	2432(%r15), %ymm10
+        vmovdqu	2464(%r15), %ymm12
+        vmovdqu	2496(%r15), %ymm11
+        vmovdqu	2528(%r15), %ymm13
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	352(%rdx), %ymm7
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	%ymm4, 256(%rdx)
+        vmovdqu	%ymm5, 288(%rdx)
+        vmovdqu	%ymm6, 320(%rdx)
+        vmovdqu	%ymm7, 352(%rdx)
+        # Add Errors
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	(%rax), %ymm4
+        vmovdqu	32(%rax), %ymm5
+        vmovdqu	64(%rax), %ymm6
+        vmovdqu	96(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vmovdqu	128(%rax), %ymm4
+        vmovdqu	160(%rax), %ymm5
+        vmovdqu	192(%rax), %ymm6
+        vmovdqu	224(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	256(%rax), %ymm4
+        vmovdqu	288(%rax), %ymm5
+        vmovdqu	320(%rax), %ymm6
+        vmovdqu	352(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	384(%rdx), %ymm0
+        vmovdqu	416(%rdx), %ymm1
+        vmovdqu	448(%rdx), %ymm2
+        vmovdqu	480(%rdx), %ymm3
+        vmovdqu	384(%rax), %ymm4
+        vmovdqu	416(%rax), %ymm5
+        vmovdqu	448(%rax), %ymm6
+        vmovdqu	480(%rax), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	%ymm2, 448(%rdx)
+        vmovdqu	%ymm3, 480(%rdx)
+        # Add Errors
+        vmovdqu	(%rdx), %ymm0
+        vmovdqu	32(%rdx), %ymm1
+        vmovdqu	64(%rdx), %ymm2
+        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	(%r10), %ymm4
+        vmovdqu	32(%r10), %ymm5
+        vmovdqu	64(%r10), %ymm6
+        vmovdqu	96(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rdx)
+        vmovdqu	%ymm1, 32(%rdx)
+        vmovdqu	%ymm2, 64(%rdx)
+        vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	128(%rdx), %ymm0
+        vmovdqu	160(%rdx), %ymm1
+        vmovdqu	192(%rdx), %ymm2
+        vmovdqu	224(%rdx), %ymm3
+        vmovdqu	128(%r10), %ymm4
+        vmovdqu	160(%r10), %ymm5
+        vmovdqu	192(%r10), %ymm6
+        vmovdqu	224(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rdx)
+        vmovdqu	%ymm1, 160(%rdx)
+        vmovdqu	%ymm2, 192(%rdx)
+        vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	256(%rdx), %ymm0
+        vmovdqu	288(%rdx), %ymm1
+        vmovdqu	320(%rdx), %ymm2
+        vmovdqu	352(%rdx), %ymm3
+        vmovdqu	256(%r10), %ymm4
+        vmovdqu	288(%r10), %ymm5
+        vmovdqu	320(%r10), %ymm6
+        vmovdqu	352(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rdx)
+        vmovdqu	%ymm1, 288(%rdx)
+        vmovdqu	%ymm2, 320(%rdx)
+        vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	384(%rdx), %ymm0
+        vmovdqu	416(%rdx), %ymm1
+        vmovdqu	448(%rdx), %ymm2
+        vmovdqu	480(%rdx), %ymm3
+        vmovdqu	384(%r10), %ymm4
+        vmovdqu	416(%r10), %ymm5
+        vmovdqu	448(%r10), %ymm6
+        vmovdqu	480(%r10), %ymm7
+        vpaddw	%ymm4, %ymm0, %ymm4
+        vpaddw	%ymm5, %ymm1, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpaddw	%ymm6, %ymm2, %ymm6
+        vpaddw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rdx)
+        vmovdqu	%ymm1, 416(%rdx)
+        vmovdqu	%ymm2, 448(%rdx)
+        vmovdqu	%ymm3, 480(%rdx)
+        vzeroupper
+        addq	$48, %rsp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	kyber_encapsulate_avx2,.-kyber_encapsulate_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_decapsulate_avx2
+.type	kyber_decapsulate_avx2,@function
+.align	16
+kyber_decapsulate_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decapsulate_avx2
+.p2align	4
+_kyber_decapsulate_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm14
+        vmovdqu	kyber_v(%rip), %ymm15
+        movslq	%r8d, %rax
+        movq	%rdx, %r9
+L_kyber_decapsulate_avx2_trans:
+        # ntt
+        leaq	L_kyber_avx2_zetas(%rip), %r10
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm12
+        vmovdqu	128(%r9), %ymm0
+        vmovdqu	160(%r9), %ymm1
+        vmovdqu	192(%r9), %ymm2
+        vmovdqu	224(%r9), %ymm3
+        vmovdqu	384(%r9), %ymm4
+        vmovdqu	416(%r9), %ymm5
+        vmovdqu	448(%r9), %ymm6
+        vmovdqu	480(%r9), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%r9)
+        vmovdqu	%ymm1, 160(%r9)
+        vmovdqu	%ymm2, 192(%r9)
+        vmovdqu	%ymm3, 224(%r9)
+        vmovdqu	%ymm4, 384(%r9)
+        vmovdqu	%ymm5, 416(%r9)
+        vmovdqu	%ymm6, 448(%r9)
+        vmovdqu	%ymm7, 480(%r9)
+        vmovdqu	(%r9), %ymm0
+        vmovdqu	32(%r9), %ymm1
+        vmovdqu	64(%r9), %ymm2
+        vmovdqu	96(%r9), %ymm3
+        vmovdqu	256(%r9), %ymm4
+        vmovdqu	288(%r9), %ymm5
+        vmovdqu	320(%r9), %ymm6
+        vmovdqu	352(%r9), %ymm7
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vmovdqu	%ymm4, 256(%r9)
+        vmovdqu	%ymm5, 288(%r9)
+        vmovdqu	%ymm6, 320(%r9)
+        vmovdqu	%ymm7, 352(%r9)
+        vmovdqu	128(%r9), %ymm4
+        vmovdqu	160(%r9), %ymm5
+        vmovdqu	192(%r9), %ymm6
+        vmovdqu	224(%r9), %ymm7
+        # 64: 0/3
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 0/3
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 0/3
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 0/3
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm12
+        vmovdqu	320(%r10), %ymm11
+        vmovdqu	352(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 0/3
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm12
+        vmovdqu	448(%r10), %ymm11
+        vmovdqu	480(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 0/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	512(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	544(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	576(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	608(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	640(%r10), %ymm10
+        vmovdqu	672(%r10), %ymm12
+        vmovdqu	704(%r10), %ymm11
+        vmovdqu	736(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 0/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	768(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	800(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	832(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	864(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 0/3
+        vmovdqu	896(%r10), %ymm10
+        vmovdqu	928(%r10), %ymm12
+        vmovdqu	960(%r10), %ymm11
+        vmovdqu	992(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 0/3
+        vmovdqu	1024(%r10), %ymm10
+        vmovdqu	1056(%r10), %ymm12
+        vmovdqu	1088(%r10), %ymm11
+        vmovdqu	1120(%r10), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 0/3
+        vmovdqu	1152(%r10), %ymm10
+        vmovdqu	1184(%r10), %ymm12
+        vmovdqu	1216(%r10), %ymm11
+        vmovdqu	1248(%r10), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, (%r9)
+        vmovdqu	%ymm9, 32(%r9)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 64(%r9)
+        vmovdqu	%ymm9, 96(%r9)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 128(%r9)
+        vmovdqu	%ymm9, 160(%r9)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 192(%r9)
+        vmovdqu	%ymm9, 224(%r9)
+        vmovdqu	256(%r9), %ymm0
+        vmovdqu	288(%r9), %ymm1
+        vmovdqu	320(%r9), %ymm2
+        vmovdqu	352(%r9), %ymm3
+        vmovdqu	384(%r9), %ymm4
+        vmovdqu	416(%r9), %ymm5
+        vmovdqu	448(%r9), %ymm6
+        vmovdqu	480(%r9), %ymm7
+        # 64: 1/3
+        vmovdqu	1280(%r10), %ymm10
+        vmovdqu	1312(%r10), %ymm12
+        vpmullw	%ymm12, %ymm4, %ymm8
+        vpmullw	%ymm12, %ymm5, %ymm9
+        vpmulhw	%ymm10, %ymm4, %ymm4
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm4
+        vpsubw	%ymm9, %ymm1, %ymm5
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm6
+        vpsubw	%ymm9, %ymm3, %ymm7
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        # 32: 1/3
+        vmovdqu	1344(%r10), %ymm10
+        vmovdqu	1376(%r10), %ymm12
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm2
+        vpsubw	%ymm9, %ymm1, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        # 32: 1/3
+        vmovdqu	1408(%r10), %ymm10
+        vmovdqu	1440(%r10), %ymm12
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm6
+        vpsubw	%ymm9, %ymm5, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        # 16: 1/3
+        vmovdqu	1472(%r10), %ymm10
+        vmovdqu	1504(%r10), %ymm12
+        vmovdqu	1536(%r10), %ymm11
+        vmovdqu	1568(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 16: 1/3
+        vmovdqu	1600(%r10), %ymm10
+        vmovdqu	1632(%r10), %ymm12
+        vmovdqu	1664(%r10), %ymm11
+        vmovdqu	1696(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 8: 1/3
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1728(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1760(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1792(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1824(%r10), %ymm13
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm0
+        vpsubw	%ymm2, %ymm3, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm1
+        vpsubw	%ymm2, %ymm9, %ymm3
+        vpaddw	%ymm0, %ymm8, %ymm8
+        vpaddw	%ymm2, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	1856(%r10), %ymm10
+        vmovdqu	1888(%r10), %ymm12
+        vmovdqu	1920(%r10), %ymm11
+        vmovdqu	1952(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 8: 1/3
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1984(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2016(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2048(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2080(%r10), %ymm13
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm4
+        vpsubw	%ymm6, %ymm7, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm5
+        vpsubw	%ymm6, %ymm9, %ymm7
+        vpaddw	%ymm4, %ymm8, %ymm8
+        vpaddw	%ymm6, %ymm9, %ymm9
+        # 4: 1/3
+        vmovdqu	2112(%r10), %ymm10
+        vmovdqu	2144(%r10), %ymm12
+        vmovdqu	2176(%r10), %ymm11
+        vmovdqu	2208(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        # 2: 1/3
+        vmovdqu	2240(%r10), %ymm10
+        vmovdqu	2272(%r10), %ymm12
+        vmovdqu	2304(%r10), %ymm11
+        vmovdqu	2336(%r10), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm1, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm1
+        vpsubw	%ymm9, %ymm2, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm2, %ymm2
+        # 2: 1/3
+        vmovdqu	2368(%r10), %ymm10
+        vmovdqu	2400(%r10), %ymm12
+        vmovdqu	2432(%r10), %ymm11
+        vmovdqu	2464(%r10), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm5, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm5
+        vpsubw	%ymm9, %ymm6, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, 256(%r9)
+        vmovdqu	%ymm9, 288(%r9)
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 320(%r9)
+        vmovdqu	%ymm9, 352(%r9)
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 384(%r9)
+        vmovdqu	%ymm9, 416(%r9)
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 448(%r9)
+        vmovdqu	%ymm9, 480(%r9)
+        addq	$0x200, %r9
+        subq	$0x01, %rax
+        jg	L_kyber_decapsulate_avx2_trans
+        vmovdqu	kyber_qinv(%rip), %ymm12
+        # Pointwise acc mont
+        movslq	%r8d, %rax
+        # Base mul mont
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r10), %ymm10
+        vmovdqu	352(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r10), %ymm10
+        vmovdqu	480(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rdi
+        addq	$0x200, %rdx
+        subq	$2, %rax
+        jz	L_pointwise_acc_mont_end_decap
+L_pointwise_acc_mont_start_decap:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r10), %ymm10
+        vmovdqu	352(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r10), %ymm10
+        vmovdqu	480(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rdi
+        addq	$0x200, %rdx
+        subq	$0x01, %rax
+        jg	L_pointwise_acc_mont_start_decap
+L_pointwise_acc_mont_end_decap:
+        # Base mul mont add
+        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        vmovdqu	(%rdi), %ymm2
+        vmovdqu	32(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	(%r10), %ymm10
+        vmovdqu	32(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	(%rsi), %ymm6
+        vmovdqu	32(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	64(%r10), %ymm10
+        vmovdqu	96(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	64(%rsi), %ymm6
+        vmovdqu	96(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm1, 96(%rsi)
+        vmovdqu	128(%rdi), %ymm2
+        vmovdqu	160(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	128(%rsi), %ymm6
+        vmovdqu	160(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	192(%r10), %ymm10
+        vmovdqu	224(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	%ymm1, 224(%rsi)
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	288(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	256(%rsi), %ymm6
+        vmovdqu	288(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	320(%r10), %ymm10
+        vmovdqu	352(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	%ymm1, 352(%rsi)
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	384(%r10), %ymm10
+        vmovdqu	416(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	384(%rsi), %ymm6
+        vmovdqu	416(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpslld	$16, %ymm3, %ymm6
+        vpsrld	$16, %ymm2, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm2, %ymm2
+        vpblendw	$0x55, %ymm7, %ymm3, %ymm3
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm5
+        vpslld	$16, %ymm5, %ymm6
+        vpsrld	$16, %ymm4, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
+        vpblendw	$0x55, %ymm7, %ymm5, %ymm5
+        vmovdqu	448(%r10), %ymm10
+        vmovdqu	480(%r10), %ymm11
+        vpmullw	%ymm5, %ymm3, %ymm0
+        vpmulhw	%ymm5, %ymm3, %ymm6
+        vpmullw	%ymm4, %ymm2, %ymm1
+        vpmulhw	%ymm4, %ymm2, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm0, %ymm8
+        vpmullw	%ymm12, %ymm1, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm0
+        vpsubw	%ymm9, %ymm7, %ymm1
+        vpmullw	%ymm11, %ymm0, %ymm6
+        vpmulhw	%ymm10, %ymm0, %ymm7
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm6, %ymm7, %ymm0
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm2, %ymm1
+        vpmulhw	%ymm5, %ymm2, %ymm6
+        vpmullw	%ymm4, %ymm3, %ymm2
+        vpmulhw	%ymm4, %ymm3, %ymm7
+        # Mont Reduce
+        vpmullw	%ymm12, %ymm1, %ymm8
+        vpmullw	%ymm12, %ymm2, %ymm9
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm1
+        vpsubw	%ymm9, %ymm7, %ymm2
+        vpaddw	%ymm2, %ymm1, %ymm1
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpaddw	%ymm6, %ymm0, %ymm0
+        vpaddw	%ymm7, %ymm1, %ymm1
+        vpslld	$16, %ymm1, %ymm6
+        vpsrld	$16, %ymm0, %ymm7
+        vpblendw	$0xaa, %ymm6, %ymm0, %ymm0
+        vpblendw	$0x55, %ymm7, %ymm1, %ymm1
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	%ymm1, 480(%rsi)
+        addq	$0x200, %rdi
+        addq	$0x200, %rdx
+        movslq	%r8d, %rax
+        shl	$9, %eax
+        subq	%rax, %rdx
+        # invntt
+        leaq	L_kyber_avx2_zetas_inv(%rip), %r10
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        # 2: 1/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	32(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	64(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	96(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%r10), %ymm10
+        vmovdqu	160(%r10), %ymm12
+        vmovdqu	192(%r10), %ymm11
+        vmovdqu	224(%r10), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%r10), %ymm10
+        vmovdqu	288(%r10), %ymm12
+        vmovdqu	320(%r10), %ymm11
+        vmovdqu	352(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 1/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%r10), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 1/2
+        vmovdqu	512(%r10), %ymm10
+        vmovdqu	544(%r10), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 1/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	576(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	608(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	640(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	672(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%r10), %ymm10
+        vmovdqu	736(%r10), %ymm12
+        vmovdqu	768(%r10), %ymm11
+        vmovdqu	800(%r10), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%r10), %ymm10
+        vmovdqu	864(%r10), %ymm12
+        vmovdqu	896(%r10), %ymm11
+        vmovdqu	928(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 1/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%r10), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 1/2
+        vmovdqu	1088(%r10), %ymm10
+        vmovdqu	1120(%r10), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 1/2
+        vmovdqu	1152(%r10), %ymm10
+        vmovdqu	1184(%r10), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        vmovdqu	%ymm5, 160(%rsi)
+        vmovdqu	%ymm6, 192(%rsi)
+        vmovdqu	%ymm7, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	384(%rsi), %ymm4
+        vmovdqu	416(%rsi), %ymm5
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        # 2: 2/2
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1216(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm9
+        vmovdqu	1248(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm0
+        vpsrlq	$32, %ymm8, %ymm1
+        vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
+        vpblendd	$0x55, %ymm1, %ymm9, %ymm1
+        vperm2i128	$32, %ymm3, %ymm2, %ymm8
+        vmovdqu	1280(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm9
+        vmovdqu	1312(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm2
+        vpsrlq	$32, %ymm8, %ymm3
+        vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
+        vpblendd	$0x55, %ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%r10), %ymm10
+        vmovdqu	1376(%r10), %ymm12
+        vmovdqu	1408(%r10), %ymm11
+        vmovdqu	1440(%r10), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%r10), %ymm10
+        vmovdqu	1504(%r10), %ymm12
+        vmovdqu	1536(%r10), %ymm11
+        vmovdqu	1568(%r10), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
+        # 16: 2/2
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%r10), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%r10), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%r10), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%r10), %ymm13
+        vpsubw	%ymm1, %ymm0, %ymm8
+        vpsubw	%ymm3, %ymm2, %ymm9
+        vpaddw	%ymm1, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm2, %ymm2
+        vpmullw	%ymm12, %ymm8, %ymm1
+        vpmullw	%ymm13, %ymm9, %ymm3
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpsubw	%ymm3, %ymm9, %ymm3
+        # 32: 2/2
+        vmovdqu	1728(%r10), %ymm10
+        vmovdqu	1760(%r10), %ymm12
+        vpaddw	%ymm2, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm1, %ymm9
+        vpsubw	%ymm2, %ymm0, %ymm2
+        vpsubw	%ymm3, %ymm1, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpmullw	%ymm12, %ymm2, %ymm8
+        vpmullw	%ymm12, %ymm3, %ymm9
+        vpmulhw	%ymm10, %ymm2, %ymm2
+        vpmulhw	%ymm10, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        # 2: 2/2
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	1792(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm9
+        vmovdqu	1824(%r10), %ymm12
+        vpsllq	$32, %ymm9, %ymm4
+        vpsrlq	$32, %ymm8, %ymm5
+        vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
+        vpblendd	$0x55, %ymm5, %ymm9, %ymm5
+        vperm2i128	$32, %ymm7, %ymm6, %ymm8
+        vmovdqu	1856(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm9
+        vmovdqu	1888(%r10), %ymm13
+        vpsllq	$32, %ymm9, %ymm6
+        vpsrlq	$32, %ymm8, %ymm7
+        vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
+        vpblendd	$0x55, %ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%r10), %ymm10
+        vmovdqu	1952(%r10), %ymm12
+        vmovdqu	1984(%r10), %ymm11
+        vmovdqu	2016(%r10), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%r10), %ymm10
+        vmovdqu	2080(%r10), %ymm12
+        vmovdqu	2112(%r10), %ymm11
+        vmovdqu	2144(%r10), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
+        # 16: 2/2
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%r10), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%r10), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%r10), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%r10), %ymm13
+        vpsubw	%ymm5, %ymm4, %ymm8
+        vpsubw	%ymm7, %ymm6, %ymm9
+        vpaddw	%ymm5, %ymm4, %ymm4
+        vpaddw	%ymm7, %ymm6, %ymm6
+        vpmullw	%ymm12, %ymm8, %ymm5
+        vpmullw	%ymm13, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm11, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm5, %ymm8, %ymm5
+        vpsubw	%ymm7, %ymm9, %ymm7
+        # 32: 2/2
+        vmovdqu	2304(%r10), %ymm10
+        vmovdqu	2336(%r10), %ymm12
+        vpaddw	%ymm6, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm5, %ymm9
+        vpsubw	%ymm6, %ymm4, %ymm6
+        vpsubw	%ymm7, %ymm5, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm5
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm5, %ymm5
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        # 64: 2/2
+        vmovdqu	2368(%r10), %ymm10
+        vmovdqu	2400(%r10), %ymm12
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpsubw	%ymm6, %ymm2, %ymm8
+        vpsubw	%ymm7, %ymm3, %ymm9
+        vpaddw	%ymm6, %ymm2, %ymm2
+        vpaddw	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm12, %ymm8, %ymm6
+        vpmullw	%ymm12, %ymm9, %ymm7
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpmulhw	%ymm14, %ymm7, %ymm7
+        vpsubw	%ymm6, %ymm8, %ymm6
+        vpsubw	%ymm7, %ymm9, %ymm7
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        # 128
+        vmovdqu	2432(%r10), %ymm10
+        vmovdqu	2464(%r10), %ymm12
+        vmovdqu	2496(%r10), %ymm11
+        vmovdqu	2528(%r10), %ymm13
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	%ymm4, 384(%rsi)
+        vmovdqu	%ymm5, 416(%rsi)
+        vmovdqu	%ymm6, 448(%rsi)
+        vmovdqu	%ymm7, 480(%rsi)
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	256(%rsi), %ymm4
+        vmovdqu	288(%rsi), %ymm5
+        vmovdqu	320(%rsi), %ymm6
+        vmovdqu	352(%rsi), %ymm7
+        vpsubw	%ymm4, %ymm0, %ymm8
+        vpsubw	%ymm5, %ymm1, %ymm9
+        vpaddw	%ymm4, %ymm0, %ymm0
+        vpaddw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm12, %ymm8, %ymm4
+        vpmullw	%ymm12, %ymm9, %ymm5
+        vpmulhw	%ymm10, %ymm8, %ymm8
+        vpmulhw	%ymm10, %ymm9, %ymm9
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm5, %ymm5
+        vpsubw	%ymm4, %ymm8, %ymm4
+        vpsubw	%ymm5, %ymm9, %ymm5
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vpmullw	%ymm13, %ymm0, %ymm8
+        vpmullw	%ymm13, %ymm1, %ymm9
+        vpmulhw	%ymm11, %ymm0, %ymm0
+        vpmulhw	%ymm11, %ymm1, %ymm1
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm0
+        vpsubw	%ymm9, %ymm1, %ymm1
+        vpmullw	%ymm13, %ymm2, %ymm8
+        vpmullw	%ymm13, %ymm3, %ymm9
+        vpmulhw	%ymm11, %ymm2, %ymm2
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm9, %ymm3, %ymm3
+        vpmullw	%ymm13, %ymm4, %ymm8
+        vpmullw	%ymm13, %ymm5, %ymm9
+        vpmulhw	%ymm11, %ymm4, %ymm4
+        vpmulhw	%ymm11, %ymm5, %ymm5
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm4
+        vpsubw	%ymm9, %ymm5, %ymm5
+        vpmullw	%ymm13, %ymm6, %ymm8
+        vpmullw	%ymm13, %ymm7, %ymm9
+        vpmulhw	%ymm11, %ymm6, %ymm6
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 256(%rsi)
+        vmovdqu	%ymm5, 288(%rsi)
+        vmovdqu	%ymm6, 320(%rsi)
+        vmovdqu	%ymm7, 352(%rsi)
+        # Sub Errors
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	(%rcx), %ymm4
+        vmovdqu	32(%rcx), %ymm5
+        vmovdqu	64(%rcx), %ymm6
+        vmovdqu	96(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vmovdqu	192(%rsi), %ymm2
+        vmovdqu	224(%rsi), %ymm3
+        vmovdqu	128(%rcx), %ymm4
+        vmovdqu	160(%rcx), %ymm5
+        vmovdqu	192(%rcx), %ymm6
+        vmovdqu	224(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	%ymm1, 160(%rsi)
+        vmovdqu	%ymm2, 192(%rsi)
+        vmovdqu	%ymm3, 224(%rsi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	256(%rcx), %ymm4
+        vmovdqu	288(%rcx), %ymm5
+        vmovdqu	320(%rcx), %ymm6
+        vmovdqu	352(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vmovdqu	448(%rsi), %ymm2
+        vmovdqu	480(%rsi), %ymm3
+        vmovdqu	384(%rcx), %ymm4
+        vmovdqu	416(%rcx), %ymm5
+        vmovdqu	448(%rcx), %ymm6
+        vmovdqu	480(%rcx), %ymm7
+        vpsubw	%ymm0, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm0
+        vpmulhw	%ymm15, %ymm5, %ymm1
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm1, %ymm1
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm1, %ymm1
+        vpsubw	%ymm0, %ymm4, %ymm0
+        vpsubw	%ymm1, %ymm5, %ymm1
+        vpsubw	%ymm2, %ymm6, %ymm6
+        vpsubw	%ymm3, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm2
+        vpmulhw	%ymm15, %ymm7, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm6, %ymm2
+        vpsubw	%ymm3, %ymm7, %ymm3
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	%ymm1, 416(%rsi)
+        vmovdqu	%ymm2, 448(%rsi)
+        vmovdqu	%ymm3, 480(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decapsulate_avx2,.-kyber_decapsulate_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_csubq_avx2
+.type	kyber_csubq_avx2,@function
+.align	16
+kyber_csubq_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_csubq_avx2
+.p2align	4
+_kyber_csubq_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm12
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_csubq_avx2,.-kyber_csubq_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_rej_idx:
+.quad	0xffffffffffffffff,0xffffffffffffff00
+.quad	0xffffffffffffff02,0xffffffffffff0200
+.quad	0xffffffffffffff04,0xffffffffffff0400
+.quad	0xffffffffffff0402,0xffffffffff040200
+.quad	0xffffffffffffff06,0xffffffffffff0600
+.quad	0xffffffffffff0602,0xffffffffff060200
+.quad	0xffffffffffff0604,0xffffffffff060400
+.quad	0xffffffffff060402,0xffffffff06040200
+.quad	0xffffffffffffff08,0xffffffffffff0800
+.quad	0xffffffffffff0802,0xffffffffff080200
+.quad	0xffffffffffff0804,0xffffffffff080400
+.quad	0xffffffffff080402,0xffffffff08040200
+.quad	0xffffffffffff0806,0xffffffffff080600
+.quad	0xffffffffff080602,0xffffffff08060200
+.quad	0xffffffffff080604,0xffffffff08060400
+.quad	0xffffffff08060402,0xffffff0806040200
+.quad	0xffffffffffffff0a,0xffffffffffff0a00
+.quad	0xffffffffffff0a02,0xffffffffff0a0200
+.quad	0xffffffffffff0a04,0xffffffffff0a0400
+.quad	0xffffffffff0a0402,0xffffffff0a040200
+.quad	0xffffffffffff0a06,0xffffffffff0a0600
+.quad	0xffffffffff0a0602,0xffffffff0a060200
+.quad	0xffffffffff0a0604,0xffffffff0a060400
+.quad	0xffffffff0a060402,0xffffff0a06040200
+.quad	0xffffffffffff0a08,0xffffffffff0a0800
+.quad	0xffffffffff0a0802,0xffffffff0a080200
+.quad	0xffffffffff0a0804,0xffffffff0a080400
+.quad	0xffffffff0a080402,0xffffff0a08040200
+.quad	0xffffffffff0a0806,0xffffffff0a080600
+.quad	0xffffffff0a080602,0xffffff0a08060200
+.quad	0xffffffff0a080604,0xffffff0a08060400
+.quad	0xffffff0a08060402,0xffff0a0806040200
+.quad	0xffffffffffffff0c,0xffffffffffff0c00
+.quad	0xffffffffffff0c02,0xffffffffff0c0200
+.quad	0xffffffffffff0c04,0xffffffffff0c0400
+.quad	0xffffffffff0c0402,0xffffffff0c040200
+.quad	0xffffffffffff0c06,0xffffffffff0c0600
+.quad	0xffffffffff0c0602,0xffffffff0c060200
+.quad	0xffffffffff0c0604,0xffffffff0c060400
+.quad	0xffffffff0c060402,0xffffff0c06040200
+.quad	0xffffffffffff0c08,0xffffffffff0c0800
+.quad	0xffffffffff0c0802,0xffffffff0c080200
+.quad	0xffffffffff0c0804,0xffffffff0c080400
+.quad	0xffffffff0c080402,0xffffff0c08040200
+.quad	0xffffffffff0c0806,0xffffffff0c080600
+.quad	0xffffffff0c080602,0xffffff0c08060200
+.quad	0xffffffff0c080604,0xffffff0c08060400
+.quad	0xffffff0c08060402,0xffff0c0806040200
+.quad	0xffffffffffff0c0a,0xffffffffff0c0a00
+.quad	0xffffffffff0c0a02,0xffffffff0c0a0200
+.quad	0xffffffffff0c0a04,0xffffffff0c0a0400
+.quad	0xffffffff0c0a0402,0xffffff0c0a040200
+.quad	0xffffffffff0c0a06,0xffffffff0c0a0600
+.quad	0xffffffff0c0a0602,0xffffff0c0a060200
+.quad	0xffffffff0c0a0604,0xffffff0c0a060400
+.quad	0xffffff0c0a060402,0xffff0c0a06040200
+.quad	0xffffffffff0c0a08,0xffffffff0c0a0800
+.quad	0xffffffff0c0a0802,0xffffff0c0a080200
+.quad	0xffffffff0c0a0804,0xffffff0c0a080400
+.quad	0xffffff0c0a080402,0xffff0c0a08040200
+.quad	0xffffffff0c0a0806,0xffffff0c0a080600
+.quad	0xffffff0c0a080602,0xffff0c0a08060200
+.quad	0xffffff0c0a080604,0xffff0c0a08060400
+.quad	0xffff0c0a08060402,0xff0c0a0806040200
+.quad	0xffffffffffffff0e,0xffffffffffff0e00
+.quad	0xffffffffffff0e02,0xffffffffff0e0200
+.quad	0xffffffffffff0e04,0xffffffffff0e0400
+.quad	0xffffffffff0e0402,0xffffffff0e040200
+.quad	0xffffffffffff0e06,0xffffffffff0e0600
+.quad	0xffffffffff0e0602,0xffffffff0e060200
+.quad	0xffffffffff0e0604,0xffffffff0e060400
+.quad	0xffffffff0e060402,0xffffff0e06040200
+.quad	0xffffffffffff0e08,0xffffffffff0e0800
+.quad	0xffffffffff0e0802,0xffffffff0e080200
+.quad	0xffffffffff0e0804,0xffffffff0e080400
+.quad	0xffffffff0e080402,0xffffff0e08040200
+.quad	0xffffffffff0e0806,0xffffffff0e080600
+.quad	0xffffffff0e080602,0xffffff0e08060200
+.quad	0xffffffff0e080604,0xffffff0e08060400
+.quad	0xffffff0e08060402,0xffff0e0806040200
+.quad	0xffffffffffff0e0a,0xffffffffff0e0a00
+.quad	0xffffffffff0e0a02,0xffffffff0e0a0200
+.quad	0xffffffffff0e0a04,0xffffffff0e0a0400
+.quad	0xffffffff0e0a0402,0xffffff0e0a040200
+.quad	0xffffffffff0e0a06,0xffffffff0e0a0600
+.quad	0xffffffff0e0a0602,0xffffff0e0a060200
+.quad	0xffffffff0e0a0604,0xffffff0e0a060400
+.quad	0xffffff0e0a060402,0xffff0e0a06040200
+.quad	0xffffffffff0e0a08,0xffffffff0e0a0800
+.quad	0xffffffff0e0a0802,0xffffff0e0a080200
+.quad	0xffffffff0e0a0804,0xffffff0e0a080400
+.quad	0xffffff0e0a080402,0xffff0e0a08040200
+.quad	0xffffffff0e0a0806,0xffffff0e0a080600
+.quad	0xffffff0e0a080602,0xffff0e0a08060200
+.quad	0xffffff0e0a080604,0xffff0e0a08060400
+.quad	0xffff0e0a08060402,0xff0e0a0806040200
+.quad	0xffffffffffff0e0c,0xffffffffff0e0c00
+.quad	0xffffffffff0e0c02,0xffffffff0e0c0200
+.quad	0xffffffffff0e0c04,0xffffffff0e0c0400
+.quad	0xffffffff0e0c0402,0xffffff0e0c040200
+.quad	0xffffffffff0e0c06,0xffffffff0e0c0600
+.quad	0xffffffff0e0c0602,0xffffff0e0c060200
+.quad	0xffffffff0e0c0604,0xffffff0e0c060400
+.quad	0xffffff0e0c060402,0xffff0e0c06040200
+.quad	0xffffffffff0e0c08,0xffffffff0e0c0800
+.quad	0xffffffff0e0c0802,0xffffff0e0c080200
+.quad	0xffffffff0e0c0804,0xffffff0e0c080400
+.quad	0xffffff0e0c080402,0xffff0e0c08040200
+.quad	0xffffffff0e0c0806,0xffffff0e0c080600
+.quad	0xffffff0e0c080602,0xffff0e0c08060200
+.quad	0xffffff0e0c080604,0xffff0e0c08060400
+.quad	0xffff0e0c08060402,0xff0e0c0806040200
+.quad	0xffffffffff0e0c0a,0xffffffff0e0c0a00
+.quad	0xffffffff0e0c0a02,0xffffff0e0c0a0200
+.quad	0xffffffff0e0c0a04,0xffffff0e0c0a0400
+.quad	0xffffff0e0c0a0402,0xffff0e0c0a040200
+.quad	0xffffffff0e0c0a06,0xffffff0e0c0a0600
+.quad	0xffffff0e0c0a0602,0xffff0e0c0a060200
+.quad	0xffffff0e0c0a0604,0xffff0e0c0a060400
+.quad	0xffff0e0c0a060402,0xff0e0c0a06040200
+.quad	0xffffffff0e0c0a08,0xffffff0e0c0a0800
+.quad	0xffffff0e0c0a0802,0xffff0e0c0a080200
+.quad	0xffffff0e0c0a0804,0xffff0e0c0a080400
+.quad	0xffff0e0c0a080402,0xff0e0c0a08040200
+.quad	0xffffff0e0c0a0806,0xffff0e0c0a080600
+.quad	0xffff0e0c0a080602,0xff0e0c0a08060200
+.quad	0xffff0e0c0a080604,0xff0e0c0a08060400
+.quad	0xff0e0c0a08060402,0xe0c0a0806040200
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_q:
+.quad	0xd010d010d010d01, 0xd010d010d010d01
+.quad	0xd010d010d010d01, 0xd010d010d010d01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_ones:
+.quad	0x101010101010101, 0x101010101010101
+.quad	0x101010101010101, 0x101010101010101
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_mask:
+.quad	0xfff0fff0fff0fff, 0xfff0fff0fff0fff
+.quad	0xfff0fff0fff0fff, 0xfff0fff0fff0fff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_rej_shuffle:
+.quad	0x504040302010100, 0xb0a0a0908070706
+.quad	0x908080706050504, 0xf0e0e0d0c0b0b0a
+#ifndef __APPLE__
+.text
+.globl	kyber_rej_uniform_n_avx2
+.type	kyber_rej_uniform_n_avx2,@function
+.align	16
+kyber_rej_uniform_n_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rej_uniform_n_avx2
+.p2align	4
+_kyber_rej_uniform_n_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
+        pushq	%rbp
+        movq	%rcx, %r8
+        movl	%esi, %eax
+        vmovdqu	L_kyber_rej_q(%rip), %ymm6
+        vmovdqu	L_kyber_rej_ones(%rip), %ymm7
+        vmovdqu	L_kyber_rej_mask(%rip), %ymm8
+        vmovdqu	L_kyber_rej_shuffle(%rip), %ymm9
+        leaq	L_kyber_rej_idx(%rip), %r9
+        movq	$0x1111111111111111, %r14
+        movq	$0xe0c0a0806040200, %rbp
+        movq	$0x101010101010101, %r13
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 48(%rdx), %ymm0
+        vpermq	$0x94, 72(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 96(%rdx), %ymm0
+        vpermq	$0x94, 120(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 144(%rdx), %ymm0
+        vpermq	$0x94, 168(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 192(%rdx), %ymm0
+        vpermq	$0x94, 216(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 240(%rdx), %ymm0
+        vpermq	$0x94, 264(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        vpermq	$0x94, 288(%rdx), %ymm0
+        vpermq	$0x94, 312(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$0x150, %rdx
+        subl	$0x150, %r8d
+L_kyber_rej_uniform_n_avx2_start_256:
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$48, %r8d
+        jl	L_kyber_rej_uniform_n_avx2_done_256
+        cmpl	$32, %esi
+        jge	L_kyber_rej_uniform_n_avx2_start_256
+L_kyber_rej_uniform_n_avx2_done_256:
+        cmpl	$8, %esi
+        jl	L_kyber_rej_uniform_n_avx2_done_128
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_n_avx2_done_128
+L_kyber_rej_uniform_n_avx2_start_128:
+        vmovdqu	(%rdx), %xmm0
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsrlw	$4, %xmm0, %xmm2
+        vpblendw	$0xaa, %xmm2, %xmm0, %xmm0
+        vpand	%xmm8, %xmm0, %xmm0
+        vpcmpgtw	%xmm0, %xmm6, %xmm2
+        vpmovmskb	%xmm2, %rbx
+        movq	$0x5555, %r10
+        pextl	%r10d, %ebx, %ebx
+        movq	(%r9,%rbx,8), %xmm3
+        vpaddb	%xmm7, %xmm3, %xmm4
+        vpunpcklbw	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm3, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        popcntl	%ebx, %ecx
+        leaq	(%rdi,%rcx,2), %rdi
+        subl	%ecx, %esi
+        addq	$12, %rdx
+        subl	$12, %r8d
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_n_avx2_done_128
+        cmpl	$8, %esi
+        jge	L_kyber_rej_uniform_n_avx2_start_128
+L_kyber_rej_uniform_n_avx2_done_128:
+        cmpl	$0x00, %r8d
+        je	L_kyber_rej_uniform_n_avx2_done_64
+        cmpl	$0x00, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+        movq	$0xfff0fff0fff0fff, %r15
+        movq	$0x2000200020002000, %r10
+        movq	$0xd010d010d010d01, %r11
+        movq	$0x1000100010001000, %r12
+L_kyber_rej_uniform_n_avx2_start_64:
+        movq	(%rdx), %rcx
+        pdepq	%r15, %rcx, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_0
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_0:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_1
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_1:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_2
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_2:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_0_avx2_rej_large_3
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_n_avx2_done_64
+L_kyber_rej_uniform_0_avx2_rej_large_3:
+        addq	$6, %rdx
+        subl	$6, %r8d
+        jle	L_kyber_rej_uniform_n_avx2_done_64
+        cmpl	$0x00, %esi
+        jg	L_kyber_rej_uniform_n_avx2_start_64
+L_kyber_rej_uniform_n_avx2_done_64:
+        vzeroupper
+        subl	%esi, %eax
+        popq	%rbp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	kyber_rej_uniform_n_avx2,.-kyber_rej_uniform_n_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_rej_uniform_avx2
+.type	kyber_rej_uniform_avx2,@function
+.align	16
+kyber_rej_uniform_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_rej_uniform_avx2
+.p2align	4
+_kyber_rej_uniform_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        pushq	%r15
+        pushq	%rbp
+        movq	%rcx, %r8
+        movl	%esi, %eax
+        cmpl	$0x00, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+        cmpl	$8, %esi
+        jl	L_kyber_rej_uniform_avx2_done_128
+        vmovdqu	L_kyber_rej_q(%rip), %ymm6
+        vmovdqu	L_kyber_rej_ones(%rip), %ymm7
+        vmovdqu	L_kyber_rej_mask(%rip), %ymm8
+        vmovdqu	L_kyber_rej_shuffle(%rip), %ymm9
+        leaq	L_kyber_rej_idx(%rip), %r9
+        movq	$0x1111111111111111, %r14
+        movq	$0xe0c0a0806040200, %rbp
+        movq	$0x101010101010101, %r13
+        cmpl	$32, %esi
+        jl	L_kyber_rej_uniform_avx2_done_256
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$32, %esi
+        jl	L_kyber_rej_uniform_avx2_done_256
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$32, %esi
+        jl	L_kyber_rej_uniform_avx2_done_256
+L_kyber_rej_uniform_avx2_start_256:
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpblendw	$0xaa, %ymm2, %ymm0, %ymm0
+        vpblendw	$0xaa, %ymm3, %ymm1, %ymm1
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        shrq	$16, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r11
+        andq	$0xff, %r12
+        movq	(%r9,%r10,8), %xmm2
+        movq	(%r9,%rcx,8), %xmm3
+        movq	(%r9,%r11,8), %xmm4
+        movq	(%r9,%r12,8), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpaddb	%ymm7, %ymm2, %ymm4
+        vpaddb	%ymm7, %ymm3, %ymm5
+        vpunpcklbw	%ymm4, %ymm2, %ymm2
+        vpunpcklbw	%ymm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        movq	%rbx, %r10
+        movq	%rbx, %r11
+        movq	%rbx, %r12
+        andq	$0xff, %rbx
+        shrq	$16, %r10
+        shrq	$8, %r11
+        shrq	$24, %r12
+        andq	$0xff, %r10
+        andq	$0xff, %r11
+        popcntl	%ebx, %ebx
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vmovdqu	%xmm0, (%rdi)
+        vextracti128	$0x01, %ymm0, %xmm0
+        leaq	(%rdi,%rbx,2), %rdi
+        subl	%ebx, %esi
+        vmovdqu	%xmm0, (%rdi)
+        leaq	(%rdi,%r10,2), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        vextracti128	$0x01, %ymm1, %xmm1
+        leaq	(%rdi,%r11,2), %rdi
+        subl	%r11d, %esi
+        vmovdqu	%xmm1, (%rdi)
+        leaq	(%rdi,%r12,2), %rdi
+        subl	%r12d, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$48, %r8d
+        jl	L_kyber_rej_uniform_avx2_done_256
+        cmpl	$32, %esi
+        jge	L_kyber_rej_uniform_avx2_start_256
+L_kyber_rej_uniform_avx2_done_256:
+        cmpl	$8, %esi
+        jl	L_kyber_rej_uniform_avx2_done_128
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_avx2_done_128
+L_kyber_rej_uniform_avx2_start_128:
+        vmovdqu	(%rdx), %xmm0
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsrlw	$4, %xmm0, %xmm2
+        vpblendw	$0xaa, %xmm2, %xmm0, %xmm0
+        vpand	%xmm8, %xmm0, %xmm0
+        vpcmpgtw	%xmm0, %xmm6, %xmm2
+        vpmovmskb	%xmm2, %rbx
+        movq	$0x5555, %r10
+        pextl	%r10d, %ebx, %ebx
+        movq	(%r9,%rbx,8), %xmm3
+        vpaddb	%xmm7, %xmm3, %xmm4
+        vpunpcklbw	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm3, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        popcntl	%ebx, %ecx
+        leaq	(%rdi,%rcx,2), %rdi
+        subl	%ecx, %esi
+        addq	$12, %rdx
+        subl	$12, %r8d
+        cmpl	$12, %r8d
+        jl	L_kyber_rej_uniform_avx2_done_128
+        cmpl	$8, %esi
+        jge	L_kyber_rej_uniform_avx2_start_128
+L_kyber_rej_uniform_avx2_done_128:
+        cmpl	$0x00, %r8d
+        je	L_kyber_rej_uniform_avx2_done_64
+        cmpl	$0x00, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+        movq	$0xfff0fff0fff0fff, %r15
+        movq	$0x2000200020002000, %r10
+        movq	$0xd010d010d010d01, %r11
+        movq	$0x1000100010001000, %r12
+L_kyber_rej_uniform_avx2_start_64:
+        movq	(%rdx), %rcx
+        pdepq	%r15, %rcx, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_0
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_0:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_1
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_1:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_2
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_2:
+        shrq	$16, %rcx
+        cmpw	$0xd01, %cx
+        jge	L_kyber_rej_uniform_avx2_rej_large_3
+        movw	%cx, (%rdi)
+        addq	$2, %rdi
+        subl	$0x01, %esi
+        je	L_kyber_rej_uniform_avx2_done_64
+L_kyber_rej_uniform_avx2_rej_large_3:
+        addq	$6, %rdx
+        subl	$6, %r8d
+        jle	L_kyber_rej_uniform_avx2_done_64
+        cmpl	$0x00, %esi
+        jg	L_kyber_rej_uniform_avx2_start_64
+L_kyber_rej_uniform_avx2_done_64:
+        vzeroupper
+        subl	%esi, %eax
+        popq	%rbp
+        popq	%r15
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	kyber_rej_uniform_avx2,.-kyber_rej_uniform_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_249:
+.quad	0x24924900249249, 0x24924900249249
+.quad	0x24924900249249, 0x24924900249249
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_6db:
+.quad	0x6db6db006db6db, 0x6db6db006db6db
+.quad	0x6db6db006db6db, 0x6db6db006db6db
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_07:
+.quad	0x700000007, 0x700000007
+.quad	0x700000007, 0x700000007
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_70:
+.quad	0x7000000070000, 0x7000000070000
+.quad	0x7000000070000, 0x7000000070000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_3:
+.quad	0x3000300030003, 0x3000300030003
+.quad	0x3000300030003, 0x3000300030003
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_shuff:
+.quad	0xff050403ff020100, 0xff0b0a09ff080706
+.quad	0xff090807ff060504, 0xff0f0e0dff0c0b0a
+#ifndef __APPLE__
+.text
+.globl	kyber_cbd_eta3_avx2
+.type	kyber_cbd_eta3_avx2,@function
+.align	16
+kyber_cbd_eta3_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cbd_eta3_avx2
+.p2align	4
+_kyber_cbd_eta3_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_mask_249(%rip), %ymm8
+        vmovdqu	L_kyber_mask_6db(%rip), %ymm9
+        vmovdqu	L_kyber_mask_07(%rip), %ymm10
+        vmovdqu	L_kyber_mask_70(%rip), %ymm11
+        vmovdqu	L_kyber_mask_3(%rip), %ymm12
+        vmovdqu	L_kyber_shuff(%rip), %ymm13
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	24(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	48(%rsi), %ymm0
+        vmovdqu	72(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm2, 160(%rdi)
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vmovdqu	96(%rsi), %ymm0
+        vmovdqu	120(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        vmovdqu	%ymm1, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	144(%rsi), %ymm0
+        vmovdqu	168(%rsi), %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpermq	$0x94, %ymm1, %ymm1
+        vpshufb	%ymm13, %ymm0, %ymm0
+        vpshufb	%ymm13, %ymm1, %ymm1
+        vpsrld	$0x01, %ymm0, %ymm2
+        vpsrld	$0x01, %ymm1, %ymm3
+        vpsrld	$2, %ymm0, %ymm4
+        vpsrld	$2, %ymm1, %ymm5
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpsrld	$3, %ymm0, %ymm2
+        vpsrld	$3, %ymm1, %ymm3
+        vpaddd	%ymm9, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm2, %ymm0, %ymm0
+        vpsubd	%ymm3, %ymm1, %ymm1
+        vpslld	$10, %ymm0, %ymm2
+        vpslld	$10, %ymm1, %ymm3
+        vpsrld	$12, %ymm0, %ymm4
+        vpsrld	$12, %ymm1, %ymm5
+        vpsrld	$2, %ymm0, %ymm6
+        vpsrld	$2, %ymm1, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm11, %ymm6, %ymm6
+        vpand	%ymm11, %ymm7, %ymm7
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpaddw	%ymm6, %ymm4, %ymm2
+        vpaddw	%ymm7, %ymm5, %ymm3
+        vpsubw	%ymm12, %ymm0, %ymm0
+        vpsubw	%ymm12, %ymm1, %ymm1
+        vpsubw	%ymm12, %ymm2, %ymm2
+        vpsubw	%ymm12, %ymm3, %ymm3
+        vpunpckldq	%ymm2, %ymm0, %ymm4
+        vpunpckldq	%ymm3, %ymm1, %ymm5
+        vpunpckhdq	%ymm2, %ymm0, %ymm6
+        vpunpckhdq	%ymm3, %ymm1, %ymm7
+        vperm2i128	$32, %ymm6, %ymm4, %ymm0
+        vperm2i128	$32, %ymm7, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm4, %ymm2
+        vperm2i128	$49, %ymm7, %ymm5, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm2, 416(%rdi)
+        vmovdqu	%ymm1, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_cbd_eta3_avx2,.-kyber_cbd_eta3_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_55:
+.quad	0x5555555555555555, 0x5555555555555555
+.quad	0x5555555555555555, 0x5555555555555555
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_33:
+.quad	0x3333333333333333, 0x3333333333333333
+.quad	0x3333333333333333, 0x3333333333333333
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_03:
+.quad	0x303030303030303, 0x303030303030303
+.quad	0x303030303030303, 0x303030303030303
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_mask_0f:
+.quad	0xf0f0f0f0f0f0f0f, 0xf0f0f0f0f0f0f0f
+.quad	0xf0f0f0f0f0f0f0f, 0xf0f0f0f0f0f0f0f
+#ifndef __APPLE__
+.text
+.globl	kyber_cbd_eta2_avx2
+.type	kyber_cbd_eta2_avx2,@function
+.align	16
+kyber_cbd_eta2_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cbd_eta2_avx2
+.p2align	4
+_kyber_cbd_eta2_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_mask_55(%rip), %ymm8
+        vmovdqu	L_kyber_mask_33(%rip), %ymm9
+        vmovdqu	L_kyber_mask_03(%rip), %ymm10
+        vmovdqu	L_kyber_mask_0f(%rip), %ymm11
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vpsrlw	$0x01, %ymm0, %ymm2
+        vpsrlw	$0x01, %ymm1, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddb	%ymm2, %ymm0, %ymm0
+        vpaddb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$2, %ymm0, %ymm2
+        vpsrlw	$2, %ymm1, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpaddb	%ymm9, %ymm0, %ymm0
+        vpaddb	%ymm9, %ymm1, %ymm1
+        vpsubb	%ymm2, %ymm0, %ymm0
+        vpsubb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpand	%ymm11, %ymm0, %ymm0
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpsubb	%ymm10, %ymm0, %ymm0
+        vpsubb	%ymm10, %ymm1, %ymm1
+        vpsubb	%ymm10, %ymm2, %ymm2
+        vpsubb	%ymm10, %ymm3, %ymm3
+        vpunpcklbw	%ymm2, %ymm0, %ymm4
+        vpunpcklbw	%ymm3, %ymm1, %ymm5
+        vpunpckhbw	%ymm2, %ymm0, %ymm6
+        vpunpckhbw	%ymm3, %ymm1, %ymm7
+        vpmovsxbw	%xmm4, %ymm0
+        vpmovsxbw	%xmm5, %ymm1
+        vextracti128	$0x01, %ymm4, %xmm2
+        vextracti128	$0x01, %ymm5, %xmm3
+        vpmovsxbw	%xmm2, %ymm2
+        vpmovsxbw	%xmm3, %ymm3
+        vpmovsxbw	%xmm6, %ymm4
+        vpmovsxbw	%xmm7, %ymm5
+        vextracti128	$0x01, %ymm6, %xmm6
+        vextracti128	$0x01, %ymm7, %xmm7
+        vpmovsxbw	%xmm6, %ymm6
+        vpmovsxbw	%xmm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm3, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm1
+        vpsrlw	$0x01, %ymm0, %ymm2
+        vpsrlw	$0x01, %ymm1, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddb	%ymm2, %ymm0, %ymm0
+        vpaddb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$2, %ymm0, %ymm2
+        vpsrlw	$2, %ymm1, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpaddb	%ymm9, %ymm0, %ymm0
+        vpaddb	%ymm9, %ymm1, %ymm1
+        vpsubb	%ymm2, %ymm0, %ymm0
+        vpsubb	%ymm3, %ymm1, %ymm1
+        vpsrlw	$4, %ymm0, %ymm2
+        vpsrlw	$4, %ymm1, %ymm3
+        vpand	%ymm11, %ymm0, %ymm0
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpsubb	%ymm10, %ymm0, %ymm0
+        vpsubb	%ymm10, %ymm1, %ymm1
+        vpsubb	%ymm10, %ymm2, %ymm2
+        vpsubb	%ymm10, %ymm3, %ymm3
+        vpunpcklbw	%ymm2, %ymm0, %ymm4
+        vpunpcklbw	%ymm3, %ymm1, %ymm5
+        vpunpckhbw	%ymm2, %ymm0, %ymm6
+        vpunpckhbw	%ymm3, %ymm1, %ymm7
+        vpmovsxbw	%xmm4, %ymm0
+        vpmovsxbw	%xmm5, %ymm1
+        vextracti128	$0x01, %ymm4, %xmm2
+        vextracti128	$0x01, %ymm5, %xmm3
+        vpmovsxbw	%xmm2, %ymm2
+        vpmovsxbw	%xmm3, %ymm3
+        vpmovsxbw	%xmm6, %ymm4
+        vpmovsxbw	%xmm7, %ymm5
+        vextracti128	$0x01, %ymm6, %xmm6
+        vextracti128	$0x01, %ymm7, %xmm7
+        vpmovsxbw	%xmm6, %ymm6
+        vpmovsxbw	%xmm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm4, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm6, 352(%rdi)
+        vmovdqu	%ymm1, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_cbd_eta2_avx2,.-kyber_cbd_eta2_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_mask:
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+.value	0x3ff,0x3ff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shift:
+.quad	0x400000104000001, 0x400000104000001
+.quad	0x400000104000001, 0x400000104000001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shlv:
+.quad	0xc, 0xc
+.quad	0xc, 0xc
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shuf:
+.value	0x100,0x302
+.value	0x804,0xa09
+.value	0xc0b,0xffff
+.value	0xffff,0xffff
+.value	0xa09,0xc0b
+.value	0xffff,0xffff
+.value	0xffff,0x100
+.value	0x302,0x804
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_offset:
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_10_avx2_shift12:
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+.value	0x1000,0x1000
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_10_avx2
+.type	kyber_compress_10_avx2,@function
+.align	16
+kyber_compress_10_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_10_avx2
+.p2align	4
+_kyber_compress_10_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_compress_10_avx2_mask(%rip), %ymm9
+        vmovdqu	L_kyber_compress_10_avx2_shift(%rip), %ymm8
+        vmovdqu	L_kyber_compress_10_avx2_shlv(%rip), %ymm10
+        vmovdqu	L_kyber_compress_10_avx2_shuf(%rip), %ymm11
+        vmovdqu	L_kyber_compress_10_avx2_v(%rip), %ymm6
+        vmovdqu	L_kyber_compress_10_avx2_offset(%rip), %ymm12
+        vmovdqu	L_kyber_compress_10_avx2_shift12(%rip), %ymm13
+        vpsllw	$3, %ymm6, %ymm7
+L_kyber_compress_10_avx2_start:
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, (%rdi)
+        vmovdqu	%xmm1, 20(%rdi)
+        vmovss	%xmm2, 16(%rdi)
+        vmovss	%xmm4, 36(%rdi)
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 40(%rdi)
+        vmovdqu	%xmm1, 60(%rdi)
+        vmovss	%xmm2, 56(%rdi)
+        vmovss	%xmm4, 76(%rdi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 80(%rdi)
+        vmovdqu	%xmm1, 100(%rdi)
+        vmovss	%xmm2, 96(%rdi)
+        vmovss	%xmm4, 116(%rdi)
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 120(%rdi)
+        vmovdqu	%xmm1, 140(%rdi)
+        vmovss	%xmm2, 136(%rdi)
+        vmovss	%xmm4, 156(%rdi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 160(%rdi)
+        vmovdqu	%xmm1, 180(%rdi)
+        vmovss	%xmm2, 176(%rdi)
+        vmovss	%xmm4, 196(%rdi)
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	352(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 200(%rdi)
+        vmovdqu	%xmm1, 220(%rdi)
+        vmovss	%xmm2, 216(%rdi)
+        vmovss	%xmm4, 236(%rdi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 240(%rdi)
+        vmovdqu	%xmm1, 260(%rdi)
+        vmovss	%xmm2, 256(%rdi)
+        vmovss	%xmm4, 276(%rdi)
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	480(%rsi), %ymm1
+        vpmullw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm7, %ymm1, %ymm4
+        vpaddw	%ymm12, %ymm0, %ymm3
+        vpaddw	%ymm12, %ymm1, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm1, %ymm1
+        vpmulhuw	%ymm6, %ymm0, %ymm0
+        vpmulhuw	%ymm6, %ymm1, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm3, %ymm2, %ymm2
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm2, %ymm2
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm2, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm13, %ymm0, %ymm0
+        vpmulhrsw	%ymm13, %ymm1, %ymm1
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpmaddwd	%ymm8, %ymm0, %ymm0
+        vpmaddwd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm10, %ymm0, %ymm0
+        vpsllvd	%ymm10, %ymm1, %ymm1
+        vpsrlq	$12, %ymm0, %ymm0
+        vpsrlq	$12, %ymm1, %ymm1
+        vpshufb	%ymm11, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm1, %ymm1
+        vextracti128	$0x01, %ymm0, %xmm2
+        vextracti128	$0x01, %ymm1, %xmm4
+        vpblendw	$0xe0, %xmm2, %xmm0, %xmm0
+        vpblendw	$0xe0, %xmm4, %xmm1, %xmm1
+        vmovdqu	%xmm0, 280(%rdi)
+        vmovdqu	%xmm1, 300(%rdi)
+        vmovss	%xmm2, 296(%rdi)
+        vmovss	%xmm4, 316(%rdi)
+        addq	$0x140, %rdi
+        addq	$0x200, %rsi
+        subl	$0x01, %edx
+        jg	L_kyber_compress_10_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_10_avx2,.-kyber_compress_10_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_mask:
+.long	0x7fe01ff8,0x7fe01ff8,0x7fe01ff8,0x7fe01ff8
+.long	0x7fe01ff8,0x7fe01ff8,0x7fe01ff8,0x7fe01ff8
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_sllv:
+.quad	0x4, 0x4
+.quad	0x4, 0x4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_q:
+.long	0xd013404,0xd013404,0xd013404,0xd013404
+.long	0xd013404,0xd013404,0xd013404,0xd013404
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_10_avx2_shuf:
+.value	0x100,0x201
+.value	0x302,0x403
+.value	0x605,0x706
+.value	0x807,0x908
+.value	0x302,0x403
+.value	0x504,0x605
+.value	0x807,0x908
+.value	0xa09,0xb0a
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_10_avx2
+.type	kyber_decompress_10_avx2,@function
+.align	16
+kyber_decompress_10_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_10_avx2
+.p2align	4
+_kyber_decompress_10_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_10_avx2_mask(%rip), %ymm4
+        vmovdqu	L_kyber_decompress_10_avx2_q(%rip), %ymm5
+        vmovdqu	L_kyber_decompress_10_avx2_shuf(%rip), %ymm6
+        vmovdqu	L_kyber_decompress_10_avx2_sllv(%rip), %ymm7
+L_kyber_decompress_10_avx2_start:
+        vpermq	$0x94, (%rsi), %ymm0
+        vpermq	$0x94, 20(%rsi), %ymm1
+        vpermq	$0x94, 40(%rsi), %ymm2
+        vpermq	$0x94, 60(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vpermq	$0x94, 80(%rsi), %ymm0
+        vpermq	$0x94, 100(%rsi), %ymm1
+        vpermq	$0x94, 120(%rsi), %ymm2
+        vpermq	$0x94, 140(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vpermq	$0x94, 160(%rsi), %ymm0
+        vpermq	$0x94, 180(%rsi), %ymm1
+        vpermq	$0x94, 200(%rsi), %ymm2
+        vpermq	$0x94, 220(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vpermq	$0x94, 240(%rsi), %ymm0
+        vpermq	$0x94, 260(%rsi), %ymm1
+        vpermq	$0x94, 280(%rsi), %ymm2
+        vpermq	$0x94, 300(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm5, %ymm0, %ymm0
+        vpmulhrsw	%ymm5, %ymm1, %ymm1
+        vpmulhrsw	%ymm5, %ymm2, %ymm2
+        vpmulhrsw	%ymm5, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        addq	$0x140, %rsi
+        addq	$0x200, %rdi
+        subl	$0x01, %edx
+        jg	L_kyber_decompress_10_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_10_avx2,.-kyber_decompress_10_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_off:
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+.value	0x24,0x24
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_shift13:
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+.value	0x2000,0x2000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_mask:
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+.value	0x7ff,0x7ff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_shift:
+.quad	0x800000108000001, 0x800000108000001
+.quad	0x800000108000001, 0x800000108000001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_sllvd:
+.long	0xa,0x0,0xa,0x0
+.long	0xa,0x0,0xa,0x0
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_srlvq:
+.quad	0xa, 0x1e
+.quad	0xa, 0x1e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_11_avx2_shuf:
+.value	0x100,0x302
+.value	0x504,0x706
+.value	0x908,0xff0a
+.value	0xffff,0xffff
+.value	0x605,0x807
+.value	0xa09,0xffff
+.value	0xffff,0x0
+.value	0x201,0x403
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_11_avx2
+.type	kyber_compress_11_avx2,@function
+.align	16
+kyber_compress_11_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_11_avx2
+.p2align	4
+_kyber_compress_11_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_compress_11_avx2_v(%rip), %ymm7
+        vmovdqu	L_kyber_compress_11_avx2_off(%rip), %ymm8
+        vmovdqu	L_kyber_compress_11_avx2_shift13(%rip), %ymm9
+        vmovdqu	L_kyber_compress_11_avx2_mask(%rip), %ymm10
+        vmovdqu	L_kyber_compress_11_avx2_shift(%rip), %ymm11
+        vmovdqu	L_kyber_compress_11_avx2_sllvd(%rip), %ymm12
+        vmovdqu	L_kyber_compress_11_avx2_srlvq(%rip), %ymm13
+        vmovdqu	L_kyber_compress_11_avx2_shuf(%rip), %ymm14
+        vpsllw	$3, %ymm7, %ymm6
+L_kyber_compress_11_avx2_start:
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, (%rdi)
+        vmovq	%xmm1, 16(%rdi)
+        vmovdqu	%xmm3, 22(%rdi)
+        vmovq	%xmm4, 38(%rdi)
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 44(%rdi)
+        vmovq	%xmm1, 60(%rdi)
+        vmovdqu	%xmm3, 66(%rdi)
+        vmovq	%xmm4, 82(%rdi)
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 88(%rdi)
+        vmovq	%xmm1, 104(%rdi)
+        vmovdqu	%xmm3, 110(%rdi)
+        vmovq	%xmm4, 126(%rdi)
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 132(%rdi)
+        vmovq	%xmm1, 148(%rdi)
+        vmovdqu	%xmm3, 154(%rdi)
+        vmovq	%xmm4, 170(%rdi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 176(%rdi)
+        vmovq	%xmm1, 192(%rdi)
+        vmovdqu	%xmm3, 198(%rdi)
+        vmovq	%xmm4, 214(%rdi)
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	352(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 220(%rdi)
+        vmovq	%xmm1, 236(%rdi)
+        vmovdqu	%xmm3, 242(%rdi)
+        vmovq	%xmm4, 258(%rdi)
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 264(%rdi)
+        vmovq	%xmm1, 280(%rdi)
+        vmovdqu	%xmm3, 286(%rdi)
+        vmovq	%xmm4, 302(%rdi)
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	480(%rsi), %ymm3
+        vpmullw	%ymm6, %ymm0, %ymm1
+        vpmullw	%ymm6, %ymm3, %ymm4
+        vpaddw	%ymm8, %ymm0, %ymm2
+        vpaddw	%ymm8, %ymm3, %ymm5
+        vpsllw	$3, %ymm0, %ymm0
+        vpsllw	$3, %ymm3, %ymm3
+        vpmulhw	%ymm7, %ymm0, %ymm0
+        vpmulhw	%ymm7, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm1, %ymm2
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpandn	%ymm2, %ymm1, %ymm1
+        vpandn	%ymm5, %ymm4, %ymm4
+        vpsrlw	$15, %ymm1, %ymm1
+        vpsrlw	$15, %ymm4, %ymm4
+        vpsubw	%ymm1, %ymm0, %ymm0
+        vpsubw	%ymm4, %ymm3, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm3, %ymm3
+        vpmaddwd	%ymm11, %ymm0, %ymm0
+        vpmaddwd	%ymm11, %ymm3, %ymm3
+        vpsllvd	%ymm12, %ymm0, %ymm0
+        vpsllvd	%ymm12, %ymm3, %ymm3
+        vpsrldq	$8, %ymm0, %ymm1
+        vpsrldq	$8, %ymm3, %ymm4
+        vpsrlvq	%ymm13, %ymm0, %ymm0
+        vpsrlvq	%ymm13, %ymm3, %ymm3
+        vpsllq	$34, %ymm1, %ymm1
+        vpsllq	$34, %ymm4, %ymm4
+        vpaddq	%ymm1, %ymm0, %ymm0
+        vpaddq	%ymm4, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm1
+        vextracti128	$0x01, %ymm3, %xmm4
+        vpblendvb	%xmm14, %xmm1, %xmm0, %xmm0
+        vpblendvb	%xmm14, %xmm4, %xmm3, %xmm3
+        vmovdqu	%xmm0, 308(%rdi)
+        vmovq	%xmm1, 324(%rdi)
+        vmovdqu	%xmm3, 330(%rdi)
+        vmovq	%xmm4, 346(%rdi)
+        addq	$0x160, %rdi
+        addq	$0x200, %rsi
+        subl	$0x01, %edx
+        jg	L_kyber_compress_11_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_11_avx2,.-kyber_compress_11_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_shuf:
+.value	0x100,0x201
+.value	0x302,0x504
+.value	0x605,0x706
+.value	0x908,0xa09
+.value	0x403,0x504
+.value	0x605,0x807
+.value	0x908,0xa09
+.value	0xc0b,0xd0c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_sllv:
+.long	0x0,0x1,0x0,0x0
+.long	0x0,0x1,0x0,0x0
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_srlv:
+.quad	0x0, 0x2
+.quad	0x0, 0x2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_shift:
+.value	0x20,0x4
+.value	0x1,0x20
+.value	0x8,0x1
+.value	0x20,0x4
+.value	0x20,0x4
+.value	0x1,0x20
+.value	0x8,0x1
+.value	0x20,0x4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_11_avx2_mask:
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+.value	0x7ff0,0x7ff0
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_11_avx2
+.type	kyber_decompress_11_avx2,@function
+.align	16
+kyber_decompress_11_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_11_avx2
+.p2align	4
+_kyber_decompress_11_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_11_avx2_q(%rip), %ymm4
+        vmovdqu	L_kyber_decompress_11_avx2_shuf(%rip), %ymm5
+        vmovdqu	L_kyber_decompress_11_avx2_sllv(%rip), %ymm6
+        vmovdqu	L_kyber_decompress_11_avx2_srlv(%rip), %ymm7
+        vmovdqu	L_kyber_decompress_11_avx2_shift(%rip), %ymm8
+        vmovdqu	L_kyber_decompress_11_avx2_mask(%rip), %ymm9
+L_kyber_decompress_11_avx2_start:
+        vpermq	$0x94, (%rsi), %ymm0
+        vpermq	$0x94, 22(%rsi), %ymm1
+        vpermq	$0x94, 44(%rsi), %ymm2
+        vpermq	$0x94, 66(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vpermq	$0x94, 88(%rsi), %ymm0
+        vpermq	$0x94, 110(%rsi), %ymm1
+        vpermq	$0x94, 132(%rsi), %ymm2
+        vpermq	$0x94, 154(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vpermq	$0x94, 176(%rsi), %ymm0
+        vpermq	$0x94, 198(%rsi), %ymm1
+        vpermq	$0x94, 220(%rsi), %ymm2
+        vpermq	$0x94, 242(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vpermq	$0x94, 264(%rsi), %ymm0
+        vpermq	$0x94, 286(%rsi), %ymm1
+        vpermq	$0x94, 308(%rsi), %ymm2
+        vpermq	$0x94, 330(%rsi), %ymm3
+        vpshufb	%ymm5, %ymm0, %ymm0
+        vpshufb	%ymm5, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm2, %ymm2
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm6, %ymm0, %ymm0
+        vpsrlvd	%ymm6, %ymm1, %ymm1
+        vpsrlvd	%ymm6, %ymm2, %ymm2
+        vpsrlvd	%ymm6, %ymm3, %ymm3
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm1, %ymm1
+        vpsrlvq	%ymm7, %ymm2, %ymm2
+        vpsrlvq	%ymm7, %ymm3, %ymm3
+        vpmullw	%ymm8, %ymm0, %ymm0
+        vpmullw	%ymm8, %ymm1, %ymm1
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsrlw	$0x01, %ymm0, %ymm0
+        vpsrlw	$0x01, %ymm1, %ymm1
+        vpsrlw	$0x01, %ymm2, %ymm2
+        vpsrlw	$0x01, %ymm3, %ymm3
+        vpand	%ymm9, %ymm0, %ymm0
+        vpand	%ymm9, %ymm1, %ymm1
+        vpand	%ymm9, %ymm2, %ymm2
+        vpand	%ymm9, %ymm3, %ymm3
+        vpmulhrsw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm4, %ymm1, %ymm1
+        vpmulhrsw	%ymm4, %ymm2, %ymm2
+        vpmulhrsw	%ymm4, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        addq	$0x160, %rsi
+        addq	$0x200, %rdi
+        subl	$0x01, %edx
+        jg	L_kyber_decompress_11_avx2_start
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_11_avx2,.-kyber_decompress_11_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_mask:
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+.value	0xf,0xf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_shift:
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+.value	0x200,0x200
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_perm:
+.long	0x0,0x4,0x1,0x5
+.long	0x2,0x6,0x3,0x7
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_4_avx2_shift12:
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+.value	0x1001,0x1001
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_4_avx2
+.type	kyber_compress_4_avx2,@function
+.align	16
+kyber_compress_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_4_avx2
+.p2align	4
+_kyber_compress_4_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_compress_4_avx2_mask(%rip), %ymm8
+        vmovdqu	L_kyber_compress_4_avx2_shift(%rip), %ymm9
+        vmovdqu	L_kyber_compress_4_avx2_perm(%rip), %ymm10
+        vmovdqu	L_kyber_compress_4_avx2_v(%rip), %ymm11
+        vmovdqu	L_kyber_compress_4_avx2_shift12(%rip), %ymm12
+        vpmulhw	(%rsi), %ymm11, %ymm0
+        vpmulhw	32(%rsi), %ymm11, %ymm1
+        vpmulhw	64(%rsi), %ymm11, %ymm2
+        vpmulhw	96(%rsi), %ymm11, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm1, %ymm1
+        vpmulhrsw	%ymm9, %ymm2, %ymm2
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpackuswb	%ymm3, %ymm2, %ymm2
+        vpmaddubsw	%ymm12, %ymm0, %ymm0
+        vpmaddubsw	%ymm12, %ymm2, %ymm2
+        vpackuswb	%ymm2, %ymm0, %ymm0
+        vpmulhw	128(%rsi), %ymm11, %ymm4
+        vpmulhw	160(%rsi), %ymm11, %ymm5
+        vpmulhw	192(%rsi), %ymm11, %ymm6
+        vpmulhw	224(%rsi), %ymm11, %ymm7
+        vpmulhrsw	%ymm9, %ymm4, %ymm4
+        vpmulhrsw	%ymm9, %ymm5, %ymm5
+        vpmulhrsw	%ymm9, %ymm6, %ymm6
+        vpmulhrsw	%ymm9, %ymm7, %ymm7
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpand	%ymm8, %ymm6, %ymm6
+        vpand	%ymm8, %ymm7, %ymm7
+        vpackuswb	%ymm5, %ymm4, %ymm4
+        vpackuswb	%ymm7, %ymm6, %ymm6
+        vpmaddubsw	%ymm12, %ymm4, %ymm4
+        vpmaddubsw	%ymm12, %ymm6, %ymm6
+        vpackuswb	%ymm6, %ymm4, %ymm4
+        vpermd	%ymm0, %ymm10, %ymm0
+        vpermd	%ymm4, %ymm10, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        vpmulhw	256(%rsi), %ymm11, %ymm0
+        vpmulhw	288(%rsi), %ymm11, %ymm1
+        vpmulhw	320(%rsi), %ymm11, %ymm2
+        vpmulhw	352(%rsi), %ymm11, %ymm3
+        vpmulhrsw	%ymm9, %ymm0, %ymm0
+        vpmulhrsw	%ymm9, %ymm1, %ymm1
+        vpmulhrsw	%ymm9, %ymm2, %ymm2
+        vpmulhrsw	%ymm9, %ymm3, %ymm3
+        vpand	%ymm8, %ymm0, %ymm0
+        vpand	%ymm8, %ymm1, %ymm1
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpackuswb	%ymm3, %ymm2, %ymm2
+        vpmaddubsw	%ymm12, %ymm0, %ymm0
+        vpmaddubsw	%ymm12, %ymm2, %ymm2
+        vpackuswb	%ymm2, %ymm0, %ymm0
+        vpmulhw	384(%rsi), %ymm11, %ymm4
+        vpmulhw	416(%rsi), %ymm11, %ymm5
+        vpmulhw	448(%rsi), %ymm11, %ymm6
+        vpmulhw	480(%rsi), %ymm11, %ymm7
+        vpmulhrsw	%ymm9, %ymm4, %ymm4
+        vpmulhrsw	%ymm9, %ymm5, %ymm5
+        vpmulhrsw	%ymm9, %ymm6, %ymm6
+        vpmulhrsw	%ymm9, %ymm7, %ymm7
+        vpand	%ymm8, %ymm4, %ymm4
+        vpand	%ymm8, %ymm5, %ymm5
+        vpand	%ymm8, %ymm6, %ymm6
+        vpand	%ymm8, %ymm7, %ymm7
+        vpackuswb	%ymm5, %ymm4, %ymm4
+        vpackuswb	%ymm7, %ymm6, %ymm6
+        vpmaddubsw	%ymm12, %ymm4, %ymm4
+        vpmaddubsw	%ymm12, %ymm6, %ymm6
+        vpackuswb	%ymm6, %ymm4, %ymm4
+        vpermd	%ymm0, %ymm10, %ymm0
+        vpermd	%ymm4, %ymm10, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm4, 96(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_4_avx2,.-kyber_compress_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_mask:
+.long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
+.long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_shift:
+.long	0x800800,0x800800,0x800800,0x800800
+.long	0x800800,0x800800,0x800800,0x800800
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_4_avx2_shuf:
+.value	0x0,0x0
+.value	0x101,0x101
+.value	0x202,0x202
+.value	0x303,0x303
+.value	0x404,0x404
+.value	0x505,0x505
+.value	0x606,0x606
+.value	0x707,0x707
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_4_avx2
+.type	kyber_decompress_4_avx2,@function
+.align	16
+kyber_decompress_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_4_avx2
+.p2align	4
+_kyber_decompress_4_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_4_avx2_mask(%rip), %ymm4
+        vmovdqu	L_kyber_decompress_4_avx2_shift(%rip), %ymm5
+        vmovdqu	L_kyber_decompress_4_avx2_shuf(%rip), %ymm6
+        vmovdqu	L_kyber_decompress_4_avx2_q(%rip), %ymm7
+        vpbroadcastq	(%rsi), %ymm0
+        vpbroadcastq	8(%rsi), %ymm1
+        vpbroadcastq	16(%rsi), %ymm2
+        vpbroadcastq	24(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vpbroadcastq	32(%rsi), %ymm0
+        vpbroadcastq	40(%rsi), %ymm1
+        vpbroadcastq	48(%rsi), %ymm2
+        vpbroadcastq	56(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vpbroadcastq	64(%rsi), %ymm0
+        vpbroadcastq	72(%rsi), %ymm1
+        vpbroadcastq	80(%rsi), %ymm2
+        vpbroadcastq	88(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vpbroadcastq	96(%rsi), %ymm0
+        vpbroadcastq	104(%rsi), %ymm1
+        vpbroadcastq	112(%rsi), %ymm2
+        vpbroadcastq	120(%rsi), %ymm3
+        vpshufb	%ymm6, %ymm0, %ymm0
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpshufb	%ymm6, %ymm2, %ymm2
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpand	%ymm4, %ymm2, %ymm2
+        vpand	%ymm4, %ymm3, %ymm3
+        vpmullw	%ymm5, %ymm0, %ymm0
+        vpmullw	%ymm5, %ymm1, %ymm1
+        vpmullw	%ymm5, %ymm2, %ymm2
+        vpmullw	%ymm5, %ymm3, %ymm3
+        vpmulhrsw	%ymm7, %ymm0, %ymm0
+        vpmulhrsw	%ymm7, %ymm1, %ymm1
+        vpmulhrsw	%ymm7, %ymm2, %ymm2
+        vpmulhrsw	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_4_avx2,.-kyber_decompress_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_v:
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+.value	0x4ebf,0x4ebf
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shift:
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+.value	0x400,0x400
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_mask:
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+.value	0x1f,0x1f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shift1:
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+.value	0x2001,0x2001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shift2:
+.long	0x4000001,0x4000001,0x4000001,0x4000001
+.long	0x4000001,0x4000001,0x4000001,0x4000001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shlv:
+.quad	0xc, 0xc
+.quad	0xc, 0xc
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_compress_5_avx2_shuffle:
+.value	0x100,0x302
+.value	0xff04,0xffff
+.value	0xffff,0x908
+.value	0xb0a,0xff0c
+.value	0xa09,0xc0b
+.value	0xff,0x201
+.value	0x403,0xffff
+.value	0xffff,0x8ff
+#ifndef __APPLE__
+.text
+.globl	kyber_compress_5_avx2
+.type	kyber_compress_5_avx2,@function
+.align	16
+kyber_compress_5_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_compress_5_avx2
+.p2align	4
+_kyber_compress_5_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_compress_5_avx2_v(%rip), %ymm2
+        vmovdqu	L_kyber_compress_5_avx2_shift(%rip), %ymm3
+        vmovdqu	L_kyber_compress_5_avx2_mask(%rip), %ymm4
+        vmovdqu	L_kyber_compress_5_avx2_shift1(%rip), %ymm5
+        vmovdqu	L_kyber_compress_5_avx2_shift2(%rip), %ymm6
+        vmovdqu	L_kyber_compress_5_avx2_shlv(%rip), %ymm7
+        vmovdqu	L_kyber_compress_5_avx2_shuffle(%rip), %ymm8
+        vpmulhw	(%rsi), %ymm2, %ymm0
+        vpmulhw	32(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, (%rdi)
+        movss	%xmm1, 16(%rdi)
+        vpmulhw	64(%rsi), %ymm2, %ymm0
+        vpmulhw	96(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 20(%rdi)
+        movss	%xmm1, 36(%rdi)
+        vpmulhw	128(%rsi), %ymm2, %ymm0
+        vpmulhw	160(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 40(%rdi)
+        movss	%xmm1, 56(%rdi)
+        vpmulhw	192(%rsi), %ymm2, %ymm0
+        vpmulhw	224(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 60(%rdi)
+        movss	%xmm1, 76(%rdi)
+        vpmulhw	256(%rsi), %ymm2, %ymm0
+        vpmulhw	288(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 80(%rdi)
+        movss	%xmm1, 96(%rdi)
+        vpmulhw	320(%rsi), %ymm2, %ymm0
+        vpmulhw	352(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 100(%rdi)
+        movss	%xmm1, 116(%rdi)
+        vpmulhw	384(%rsi), %ymm2, %ymm0
+        vpmulhw	416(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 120(%rdi)
+        movss	%xmm1, 136(%rdi)
+        vpmulhw	448(%rsi), %ymm2, %ymm0
+        vpmulhw	480(%rsi), %ymm2, %ymm1
+        vpmulhrsw	%ymm3, %ymm0, %ymm0
+        vpmulhrsw	%ymm3, %ymm1, %ymm1
+        vpand	%ymm4, %ymm0, %ymm0
+        vpand	%ymm4, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpmaddubsw	%ymm5, %ymm0, %ymm0
+        vpmaddwd	%ymm6, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsrlvq	%ymm7, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm1
+        vpblendvb	%xmm8, %xmm1, %xmm0, %xmm0
+        vmovdqu	%xmm0, 140(%rdi)
+        movss	%xmm1, 156(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_compress_5_avx2,.-kyber_compress_5_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_q:
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+.value	0xd01,0xd01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_shuf:
+.value	0x0,0x100
+.value	0x101,0x201
+.value	0x302,0x303
+.value	0x403,0x404
+.value	0x505,0x605
+.value	0x606,0x706
+.value	0x807,0x808
+.value	0x908,0x909
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_mask:
+.value	0x1f,0x3e0
+.value	0x7c,0xf80
+.value	0x1f0,0x3e
+.value	0x7c0,0xfb
+.value	0x1f,0x3e0
+.value	0x7c,0xf80
+.value	0x1f0,0x3e
+.value	0x7c0,0xfb
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_decompress_5_avx2_shift:
+.value	0x400,0x20
+.value	0x100,0x8
+.value	0x40,0x200
+.value	0x10,0x80
+.value	0x400,0x20
+.value	0x100,0x8
+.value	0x40,0x200
+.value	0x10,0x80
+#ifndef __APPLE__
+.text
+.globl	kyber_decompress_5_avx2
+.type	kyber_decompress_5_avx2,@function
+.align	16
+kyber_decompress_5_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_decompress_5_avx2
+.p2align	4
+_kyber_decompress_5_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_decompress_5_avx2_q(%rip), %ymm1
+        vmovdqu	L_kyber_decompress_5_avx2_shuf(%rip), %ymm2
+        vmovdqu	L_kyber_decompress_5_avx2_mask(%rip), %ymm3
+        vmovdqu	L_kyber_decompress_5_avx2_shift(%rip), %ymm4
+        vbroadcasti128	(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rdi)
+        vbroadcasti128	10(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rdi)
+        vbroadcasti128	20(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rdi)
+        vbroadcasti128	30(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rdi)
+        vbroadcasti128	40(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 128(%rdi)
+        vbroadcasti128	50(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 160(%rdi)
+        vbroadcasti128	60(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 192(%rdi)
+        vbroadcasti128	70(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 224(%rdi)
+        vbroadcasti128	80(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 256(%rdi)
+        vbroadcasti128	90(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 288(%rdi)
+        vbroadcasti128	100(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 320(%rdi)
+        vbroadcasti128	110(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 352(%rdi)
+        vbroadcasti128	120(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 384(%rdi)
+        vbroadcasti128	130(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 416(%rdi)
+        vbroadcasti128	140(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 448(%rdi)
+        vbroadcasti128	150(%rsi), %ymm0
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpand	%ymm3, %ymm0, %ymm0
+        vpmullw	%ymm4, %ymm0, %ymm0
+        vpmulhrsw	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_decompress_5_avx2,.-kyber_decompress_5_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_from_msg_avx2_shift:
+.long	0x3,0x2,0x1,0x0
+.long	0x3,0x2,0x1,0x0
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_from_msg_avx2_shuf:
+.value	0x100,0x504
+.value	0x908,0xd0c
+.value	0x302,0x706
+.value	0xb0a,0xf0e
+.value	0x100,0x504
+.value	0x908,0xd0c
+.value	0x302,0x706
+.value	0xb0a,0xf0e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_from_msg_avx2_hqs:
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+.value	0x681,0x681
+#ifndef __APPLE__
+.text
+.globl	kyber_from_msg_avx2
+.type	kyber_from_msg_avx2,@function
+.align	16
+kyber_from_msg_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_from_msg_avx2
+.p2align	4
+_kyber_from_msg_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_from_msg_avx2_shift(%rip), %ymm9
+        vmovdqu	L_kyber_from_msg_avx2_shuf(%rip), %ymm10
+        vmovdqu	L_kyber_from_msg_avx2_hqs(%rip), %ymm11
+        vpshufd	$0x00, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 256(%rdi)
+        vmovdqu	%ymm4, 288(%rdi)
+        vpshufd	$0x55, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 320(%rdi)
+        vmovdqu	%ymm4, 352(%rdi)
+        vpshufd	$0xaa, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 160(%rdi)
+        vmovdqu	%ymm3, 384(%rdi)
+        vmovdqu	%ymm4, 416(%rdi)
+        vpshufd	$0xff, %ymm0, %ymm4
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsllw	$12, %ymm4, %ymm1
+        vpsllw	$8, %ymm4, %ymm2
+        vpsllw	$4, %ymm4, %ymm3
+        vpsraw	$15, %ymm1, %ymm1
+        vpsraw	$15, %ymm2, %ymm2
+        vpsraw	$15, %ymm3, %ymm3
+        vpsraw	$15, %ymm4, %ymm4
+        vpand	%ymm11, %ymm1, %ymm1
+        vpand	%ymm11, %ymm2, %ymm2
+        vpand	%ymm11, %ymm3, %ymm3
+        vpand	%ymm11, %ymm4, %ymm4
+        vpunpcklqdq	%ymm2, %ymm1, %ymm5
+        vpunpckhqdq	%ymm2, %ymm1, %ymm7
+        vpunpcklqdq	%ymm4, %ymm3, %ymm6
+        vpunpckhqdq	%ymm4, %ymm3, %ymm8
+        vperm2i128	$32, %ymm6, %ymm5, %ymm1
+        vperm2i128	$49, %ymm6, %ymm5, %ymm3
+        vperm2i128	$32, %ymm8, %ymm7, %ymm2
+        vperm2i128	$49, %ymm8, %ymm7, %ymm4
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm2, 224(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm4, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_from_msg_avx2,.-kyber_from_msg_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_to_msg_avx2_hqs:
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+.value	0x680,0x680
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_to_msg_avx2_hhqs:
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+.value	0xfcc1,0xfcc1
+#ifndef __APPLE__
+.text
+.globl	kyber_to_msg_avx2
+.type	kyber_to_msg_avx2,@function
+.align	16
+kyber_to_msg_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_msg_avx2
+.p2align	4
+_kyber_to_msg_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_kyber_to_msg_avx2_hqs(%rip), %ymm8
+        vmovdqu	L_kyber_to_msg_avx2_hhqs(%rip), %ymm9
+        vpsubw	(%rsi), %ymm8, %ymm0
+        vpsubw	32(%rsi), %ymm8, %ymm1
+        vpsubw	64(%rsi), %ymm8, %ymm2
+        vpsubw	96(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, (%rdi)
+        movl	%eax, 4(%rdi)
+        vpsubw	128(%rsi), %ymm8, %ymm0
+        vpsubw	160(%rsi), %ymm8, %ymm1
+        vpsubw	192(%rsi), %ymm8, %ymm2
+        vpsubw	224(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, 8(%rdi)
+        movl	%eax, 12(%rdi)
+        vpsubw	256(%rsi), %ymm8, %ymm0
+        vpsubw	288(%rsi), %ymm8, %ymm1
+        vpsubw	320(%rsi), %ymm8, %ymm2
+        vpsubw	352(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, 16(%rdi)
+        movl	%eax, 20(%rdi)
+        vpsubw	384(%rsi), %ymm8, %ymm0
+        vpsubw	416(%rsi), %ymm8, %ymm1
+        vpsubw	448(%rsi), %ymm8, %ymm2
+        vpsubw	480(%rsi), %ymm8, %ymm3
+        vpsraw	$15, %ymm0, %ymm4
+        vpsraw	$15, %ymm1, %ymm5
+        vpsraw	$15, %ymm2, %ymm6
+        vpsraw	$15, %ymm3, %ymm7
+        vpxor	%ymm4, %ymm0, %ymm0
+        vpxor	%ymm5, %ymm1, %ymm1
+        vpxor	%ymm6, %ymm2, %ymm2
+        vpxor	%ymm7, %ymm3, %ymm3
+        vpaddw	%ymm9, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm9, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpacksswb	%ymm1, %ymm0, %ymm0
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm0, %edx
+        vpmovmskb	%ymm2, %eax
+        movl	%edx, 24(%rdi)
+        movl	%eax, 28(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_to_msg_avx2,.-kyber_to_msg_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_from_bytes_avx2_shuf:
+.value	0x100,0xff02
+.value	0x403,0xff05
+.value	0x706,0xff08
+.value	0xa09,0xff0b
+.value	0x504,0xff06
+.value	0x807,0xff09
+.value	0xb0a,0xff0c
+.value	0xe0d,0xff0f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_from_bytes_avx2_mask:
+.long	0xfff,0xfff,0xfff,0xfff
+.long	0xfff,0xfff,0xfff,0xfff
+#ifndef __APPLE__
+.text
+.globl	kyber_from_bytes_avx2
+.type	kyber_from_bytes_avx2,@function
+.align	16
+kyber_from_bytes_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_from_bytes_avx2
+.p2align	4
+_kyber_from_bytes_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	L_kyber_from_bytes_avx2_shuf(%rip), %ymm12
+        vmovdqu	L_kyber_from_bytes_avx2_mask(%rip), %ymm13
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vpermq	$0xe9, %ymm5, %ymm7
+        vpermq	$0x00, %ymm5, %ymm8
+        vpermq	$62, %ymm4, %ymm6
+        vpermq	$0x40, %ymm4, %ymm9
+        vpermq	$3, %ymm3, %ymm5
+        vpermq	$0x94, %ymm3, %ymm4
+        vpermq	$0xe9, %ymm2, %ymm3
+        vpermq	$0x00, %ymm2, %ymm10
+        vpermq	$62, %ymm1, %ymm2
+        vpermq	$0x40, %ymm1, %ymm11
+        vpermq	$3, %ymm0, %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpblendd	$0xc0, %ymm8, %ymm6, %ymm6
+        vpblendd	$0xfc, %ymm9, %ymm5, %ymm5
+        vpblendd	$0xc0, %ymm10, %ymm2, %ymm2
+        vpblendd	$0xfc, %ymm11, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm0, %ymm0
+        vpshufb	%ymm12, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm2, %ymm2
+        vpshufb	%ymm12, %ymm3, %ymm3
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpshufb	%ymm12, %ymm6, %ymm6
+        vpshufb	%ymm12, %ymm7, %ymm7
+        vpandn	%ymm0, %ymm13, %ymm8
+        vpandn	%ymm1, %ymm13, %ymm9
+        vpandn	%ymm2, %ymm13, %ymm10
+        vpandn	%ymm3, %ymm13, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpandn	%ymm4, %ymm13, %ymm8
+        vpandn	%ymm5, %ymm13, %ymm9
+        vpandn	%ymm6, %ymm13, %ymm10
+        vpandn	%ymm7, %ymm13, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm1
+        vmovdqu	256(%rsi), %ymm2
+        vmovdqu	288(%rsi), %ymm3
+        vmovdqu	320(%rsi), %ymm4
+        vmovdqu	352(%rsi), %ymm5
+        vpermq	$0xe9, %ymm5, %ymm7
+        vpermq	$0x00, %ymm5, %ymm8
+        vpermq	$62, %ymm4, %ymm6
+        vpermq	$0x40, %ymm4, %ymm9
+        vpermq	$3, %ymm3, %ymm5
+        vpermq	$0x94, %ymm3, %ymm4
+        vpermq	$0xe9, %ymm2, %ymm3
+        vpermq	$0x00, %ymm2, %ymm10
+        vpermq	$62, %ymm1, %ymm2
+        vpermq	$0x40, %ymm1, %ymm11
+        vpermq	$3, %ymm0, %ymm1
+        vpermq	$0x94, %ymm0, %ymm0
+        vpblendd	$0xc0, %ymm8, %ymm6, %ymm6
+        vpblendd	$0xfc, %ymm9, %ymm5, %ymm5
+        vpblendd	$0xc0, %ymm10, %ymm2, %ymm2
+        vpblendd	$0xfc, %ymm11, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm0, %ymm0
+        vpshufb	%ymm12, %ymm1, %ymm1
+        vpshufb	%ymm12, %ymm2, %ymm2
+        vpshufb	%ymm12, %ymm3, %ymm3
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpshufb	%ymm12, %ymm6, %ymm6
+        vpshufb	%ymm12, %ymm7, %ymm7
+        vpandn	%ymm0, %ymm13, %ymm8
+        vpandn	%ymm1, %ymm13, %ymm9
+        vpandn	%ymm2, %ymm13, %ymm10
+        vpandn	%ymm3, %ymm13, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpandn	%ymm4, %ymm13, %ymm8
+        vpandn	%ymm5, %ymm13, %ymm9
+        vpandn	%ymm6, %ymm13, %ymm10
+        vpandn	%ymm7, %ymm13, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$4, %ymm8, %ymm8
+        vpslld	$4, %ymm9, %ymm9
+        vpslld	$4, %ymm10, %ymm10
+        vpslld	$4, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_from_bytes_avx2,.-kyber_from_bytes_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_to_bytes_avx2_mask:
+.long	0xfff,0xfff,0xfff,0xfff
+.long	0xfff,0xfff,0xfff,0xfff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_kyber_to_bytes_avx2_shuf:
+.value	0x100,0x402
+.value	0x605,0x908
+.value	0xc0a,0xe0d
+.value	0xffff,0xffff
+.value	0x605,0x908
+.value	0xc0a,0xe0d
+.value	0xffff,0xffff
+.value	0x100,0x402
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_kyber_to_bytes_avx2_perm:
+.long	0x0,0x1,0x2,0x7
+.long	0x4,0x5,0x3,0x6
+#ifndef __APPLE__
+.text
+.globl	kyber_to_bytes_avx2
+.type	kyber_to_bytes_avx2,@function
+.align	16
+kyber_to_bytes_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_to_bytes_avx2
+.p2align	4
+_kyber_to_bytes_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	kyber_q(%rip), %ymm12
+        vmovdqu	L_kyber_to_bytes_avx2_mask(%rip), %ymm13
+        vmovdqu	L_kyber_to_bytes_avx2_shuf(%rip), %ymm14
+        vmovdqu	L_kyber_to_bytes_avx2_perm(%rip), %ymm15
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm1
+        vmovdqu	64(%rsi), %ymm2
+        vmovdqu	96(%rsi), %ymm3
+        vmovdqu	128(%rsi), %ymm4
+        vmovdqu	160(%rsi), %ymm5
+        vmovdqu	192(%rsi), %ymm6
+        vmovdqu	224(%rsi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vpsrld	$16, %ymm0, %ymm8
+        vpsrld	$16, %ymm1, %ymm9
+        vpsrld	$16, %ymm2, %ymm10
+        vpsrld	$16, %ymm3, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpsrld	$16, %ymm4, %ymm8
+        vpsrld	$16, %ymm5, %ymm9
+        vpsrld	$16, %ymm6, %ymm10
+        vpsrld	$16, %ymm7, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm1, %ymm1
+        vpshufb	%ymm14, %ymm2, %ymm2
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm4, %ymm4
+        vpshufb	%ymm14, %ymm5, %ymm5
+        vpshufb	%ymm14, %ymm6, %ymm6
+        vpshufb	%ymm14, %ymm7, %ymm7
+        vpermd	%ymm0, %ymm15, %ymm0
+        vpermd	%ymm1, %ymm15, %ymm1
+        vpermd	%ymm2, %ymm15, %ymm2
+        vpermd	%ymm3, %ymm15, %ymm3
+        vpermd	%ymm4, %ymm15, %ymm4
+        vpermd	%ymm5, %ymm15, %ymm5
+        vpermd	%ymm6, %ymm15, %ymm6
+        vpermd	%ymm7, %ymm15, %ymm7
+        vpermq	$2, %ymm6, %ymm8
+        vpermq	$0x90, %ymm7, %ymm7
+        vpermq	$9, %ymm5, %ymm9
+        vpermq	$0x40, %ymm6, %ymm6
+        vpermq	$0x00, %ymm5, %ymm5
+        vpblendd	$63, %ymm4, %ymm5, %ymm5
+        vpermq	$2, %ymm2, %ymm10
+        vpermq	$0x90, %ymm3, %ymm4
+        vpermq	$9, %ymm1, %ymm11
+        vpermq	$0x40, %ymm2, %ymm3
+        vpermq	$0x00, %ymm1, %ymm2
+        vpblendd	$63, %ymm0, %ymm2, %ymm2
+        vpblendd	$3, %ymm8, %ymm7, %ymm7
+        vpblendd	$15, %ymm9, %ymm6, %ymm6
+        vpblendd	$3, %ymm10, %ymm4, %ymm4
+        vpblendd	$15, %ymm11, %ymm3, %ymm3
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        vmovdqu	%ymm5, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm7, 160(%rdi)
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm1
+        vmovdqu	320(%rsi), %ymm2
+        vmovdqu	352(%rsi), %ymm3
+        vmovdqu	384(%rsi), %ymm4
+        vmovdqu	416(%rsi), %ymm5
+        vmovdqu	448(%rsi), %ymm6
+        vmovdqu	480(%rsi), %ymm7
+        vpsubw	%ymm12, %ymm0, %ymm8
+        vpsubw	%ymm12, %ymm1, %ymm9
+        vpsubw	%ymm12, %ymm2, %ymm10
+        vpsubw	%ymm12, %ymm3, %ymm11
+        vpsraw	$15, %ymm8, %ymm0
+        vpsraw	$15, %ymm9, %ymm1
+        vpsraw	$15, %ymm10, %ymm2
+        vpsraw	$15, %ymm11, %ymm3
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpand	%ymm12, %ymm2, %ymm2
+        vpand	%ymm12, %ymm3, %ymm3
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpaddw	%ymm10, %ymm2, %ymm2
+        vpaddw	%ymm11, %ymm3, %ymm3
+        vpsubw	%ymm12, %ymm4, %ymm8
+        vpsubw	%ymm12, %ymm5, %ymm9
+        vpsubw	%ymm12, %ymm6, %ymm10
+        vpsubw	%ymm12, %ymm7, %ymm11
+        vpsraw	$15, %ymm8, %ymm4
+        vpsraw	$15, %ymm9, %ymm5
+        vpsraw	$15, %ymm10, %ymm6
+        vpsraw	$15, %ymm11, %ymm7
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vpand	%ymm12, %ymm6, %ymm6
+        vpand	%ymm12, %ymm7, %ymm7
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpaddw	%ymm10, %ymm6, %ymm6
+        vpaddw	%ymm11, %ymm7, %ymm7
+        vpsrld	$16, %ymm0, %ymm8
+        vpsrld	$16, %ymm1, %ymm9
+        vpsrld	$16, %ymm2, %ymm10
+        vpsrld	$16, %ymm3, %ymm11
+        vpand	%ymm0, %ymm13, %ymm0
+        vpand	%ymm1, %ymm13, %ymm1
+        vpand	%ymm2, %ymm13, %ymm2
+        vpand	%ymm3, %ymm13, %ymm3
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm0, %ymm0
+        vpor	%ymm9, %ymm1, %ymm1
+        vpor	%ymm10, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vpsrld	$16, %ymm4, %ymm8
+        vpsrld	$16, %ymm5, %ymm9
+        vpsrld	$16, %ymm6, %ymm10
+        vpsrld	$16, %ymm7, %ymm11
+        vpand	%ymm4, %ymm13, %ymm4
+        vpand	%ymm5, %ymm13, %ymm5
+        vpand	%ymm6, %ymm13, %ymm6
+        vpand	%ymm7, %ymm13, %ymm7
+        vpslld	$12, %ymm8, %ymm8
+        vpslld	$12, %ymm9, %ymm9
+        vpslld	$12, %ymm10, %ymm10
+        vpslld	$12, %ymm11, %ymm11
+        vpor	%ymm8, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm10, %ymm6, %ymm6
+        vpor	%ymm11, %ymm7, %ymm7
+        vpshufb	%ymm14, %ymm0, %ymm0
+        vpshufb	%ymm14, %ymm1, %ymm1
+        vpshufb	%ymm14, %ymm2, %ymm2
+        vpshufb	%ymm14, %ymm3, %ymm3
+        vpshufb	%ymm14, %ymm4, %ymm4
+        vpshufb	%ymm14, %ymm5, %ymm5
+        vpshufb	%ymm14, %ymm6, %ymm6
+        vpshufb	%ymm14, %ymm7, %ymm7
+        vpermd	%ymm0, %ymm15, %ymm0
+        vpermd	%ymm1, %ymm15, %ymm1
+        vpermd	%ymm2, %ymm15, %ymm2
+        vpermd	%ymm3, %ymm15, %ymm3
+        vpermd	%ymm4, %ymm15, %ymm4
+        vpermd	%ymm5, %ymm15, %ymm5
+        vpermd	%ymm6, %ymm15, %ymm6
+        vpermd	%ymm7, %ymm15, %ymm7
+        vpermq	$2, %ymm6, %ymm8
+        vpermq	$0x90, %ymm7, %ymm7
+        vpermq	$9, %ymm5, %ymm9
+        vpermq	$0x40, %ymm6, %ymm6
+        vpermq	$0x00, %ymm5, %ymm5
+        vpblendd	$63, %ymm4, %ymm5, %ymm5
+        vpermq	$2, %ymm2, %ymm10
+        vpermq	$0x90, %ymm3, %ymm4
+        vpermq	$9, %ymm1, %ymm11
+        vpermq	$0x40, %ymm2, %ymm3
+        vpermq	$0x00, %ymm1, %ymm2
+        vpblendd	$63, %ymm0, %ymm2, %ymm2
+        vpblendd	$3, %ymm8, %ymm7, %ymm7
+        vpblendd	$15, %ymm9, %ymm6, %ymm6
+        vpblendd	$3, %ymm10, %ymm4, %ymm4
+        vpblendd	$15, %ymm11, %ymm3, %ymm3
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vmovdqu	%ymm4, 256(%rdi)
+        vmovdqu	%ymm5, 288(%rdi)
+        vmovdqu	%ymm6, 320(%rdi)
+        vmovdqu	%ymm7, 352(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_to_bytes_avx2,.-kyber_to_bytes_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_cmp_avx2
+.type	kyber_cmp_avx2,@function
+.align	16
+kyber_cmp_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_cmp_avx2
+.p2align	4
+_kyber_cmp_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm2, %ymm2, %ymm2
+        vpxor	%ymm3, %ymm3, %ymm3
+        movl	$0x00, %ecx
+        movl	$-1, %r8d
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpxor	(%rsi), %ymm0, %ymm0
+        vpxor	32(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpxor	64(%rsi), %ymm0, %ymm0
+        vpxor	96(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpxor	128(%rsi), %ymm0, %ymm0
+        vpxor	160(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpxor	192(%rsi), %ymm0, %ymm0
+        vpxor	224(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpxor	256(%rsi), %ymm0, %ymm0
+        vpxor	288(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpxor	320(%rsi), %ymm0, %ymm0
+        vpxor	352(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpxor	384(%rsi), %ymm0, %ymm0
+        vpxor	416(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpxor	448(%rsi), %ymm0, %ymm0
+        vpxor	480(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpxor	512(%rsi), %ymm0, %ymm0
+        vpxor	544(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpxor	576(%rsi), %ymm0, %ymm0
+        vpxor	608(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpxor	640(%rsi), %ymm0, %ymm0
+        vpxor	672(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpxor	704(%rsi), %ymm0, %ymm0
+        vpxor	736(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        subl	$0x300, %edx
+        jz	L_kyber_cmp_avx2_done
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpxor	768(%rsi), %ymm0, %ymm0
+        vpxor	800(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpxor	832(%rsi), %ymm0, %ymm0
+        vpxor	864(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpxor	896(%rsi), %ymm0, %ymm0
+        vpxor	928(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpxor	960(%rsi), %ymm0, %ymm0
+        vpxor	992(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1024(%rdi), %ymm0
+        vmovdqu	1056(%rdi), %ymm1
+        vpxor	1024(%rsi), %ymm0, %ymm0
+        vpxor	1056(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        subl	$0x140, %edx
+        jz	L_kyber_cmp_avx2_done
+        vmovdqu	1088(%rdi), %ymm0
+        vmovdqu	1120(%rdi), %ymm1
+        vpxor	1088(%rsi), %ymm0, %ymm0
+        vpxor	1120(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1152(%rdi), %ymm0
+        vmovdqu	1184(%rdi), %ymm1
+        vpxor	1152(%rsi), %ymm0, %ymm0
+        vpxor	1184(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1216(%rdi), %ymm0
+        vmovdqu	1248(%rdi), %ymm1
+        vpxor	1216(%rsi), %ymm0, %ymm0
+        vpxor	1248(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1280(%rdi), %ymm0
+        vmovdqu	1312(%rdi), %ymm1
+        vpxor	1280(%rsi), %ymm0, %ymm0
+        vpxor	1312(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1344(%rdi), %ymm0
+        vmovdqu	1376(%rdi), %ymm1
+        vpxor	1344(%rsi), %ymm0, %ymm0
+        vpxor	1376(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1408(%rdi), %ymm0
+        vmovdqu	1440(%rdi), %ymm1
+        vpxor	1408(%rsi), %ymm0, %ymm0
+        vpxor	1440(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	1472(%rdi), %ymm0
+        vmovdqu	1504(%rdi), %ymm1
+        vpxor	1472(%rsi), %ymm0, %ymm0
+        vpxor	1504(%rsi), %ymm1, %ymm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+L_kyber_cmp_avx2_done:
+        vpor	%ymm3, %ymm2, %ymm2
+        vptest	%ymm2, %ymm2
+        cmovzl	%ecx, %eax
+        cmovnzl	%r8d, %eax
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_cmp_avx2,.-kyber_cmp_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_21_rand_avx2
+.type	kyber_redistribute_21_rand_avx2,@function
+.align	16
+kyber_redistribute_21_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_21_rand_avx2
+.p2align	4
+_kyber_redistribute_21_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vmovdqu	256(%rdi), %ymm8
+        vmovdqu	288(%rdi), %ymm9
+        vmovdqu	320(%rdi), %ymm10
+        vmovdqu	352(%rdi), %ymm11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm12
+        vpunpckhqdq	%ymm1, %ymm0, %ymm13
+        vpunpcklqdq	%ymm3, %ymm2, %ymm14
+        vpunpckhqdq	%ymm3, %ymm2, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm0
+        vperm2i128	$32, %ymm15, %ymm13, %ymm1
+        vperm2i128	$49, %ymm14, %ymm12, %ymm2
+        vperm2i128	$49, %ymm15, %ymm13, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm12
+        vpunpckhqdq	%ymm5, %ymm4, %ymm13
+        vpunpcklqdq	%ymm7, %ymm6, %ymm14
+        vpunpckhqdq	%ymm7, %ymm6, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm4
+        vperm2i128	$32, %ymm15, %ymm13, %ymm5
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm7
+        vpunpcklqdq	%ymm9, %ymm8, %ymm12
+        vpunpckhqdq	%ymm9, %ymm8, %ymm13
+        vpunpcklqdq	%ymm11, %ymm10, %ymm14
+        vpunpckhqdq	%ymm11, %ymm10, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm8
+        vperm2i128	$32, %ymm15, %ymm13, %ymm9
+        vperm2i128	$49, %ymm14, %ymm12, %ymm10
+        vperm2i128	$49, %ymm15, %ymm13, %ymm11
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm8, 64(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm9, 64(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm10, 64(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	%ymm11, 64(%r8)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	544(%rdi), %ymm5
+        vmovdqu	576(%rdi), %ymm6
+        vmovdqu	608(%rdi), %ymm7
+        movq	640(%rdi), %rax
+        movq	648(%rdi), %r9
+        movq	656(%rdi), %r10
+        movq	664(%rdi), %r11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm12
+        vpunpckhqdq	%ymm1, %ymm0, %ymm13
+        vpunpcklqdq	%ymm3, %ymm2, %ymm14
+        vpunpckhqdq	%ymm3, %ymm2, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm0
+        vperm2i128	$32, %ymm15, %ymm13, %ymm1
+        vperm2i128	$49, %ymm14, %ymm12, %ymm2
+        vperm2i128	$49, %ymm15, %ymm13, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm12
+        vpunpckhqdq	%ymm5, %ymm4, %ymm13
+        vpunpcklqdq	%ymm7, %ymm6, %ymm14
+        vpunpckhqdq	%ymm7, %ymm6, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm4
+        vperm2i128	$32, %ymm15, %ymm13, %ymm5
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm7
+        vmovdqu	%ymm0, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        movq	%rax, 160(%rsi)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	%ymm5, 128(%rdx)
+        movq	%r9, 160(%rdx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        movq	%r10, 160(%rcx)
+        vmovdqu	%ymm3, 96(%r8)
+        vmovdqu	%ymm7, 128(%r8)
+        movq	%r11, 160(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_21_rand_avx2,.-kyber_redistribute_21_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_17_rand_avx2
+.type	kyber_redistribute_17_rand_avx2,@function
+.align	16
+kyber_redistribute_17_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_17_rand_avx2
+.p2align	4
+_kyber_redistribute_17_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        movq	512(%rdi), %rax
+        movq	520(%rdi), %r9
+        movq	528(%rdi), %r10
+        movq	536(%rdi), %r11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm4, 96(%rsi)
+        movq	%rax, 128(%rsi)
+        vmovdqu	%ymm1, 64(%rdx)
+        vmovdqu	%ymm5, 96(%rdx)
+        movq	%r9, 128(%rdx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        movq	%r10, 128(%rcx)
+        vmovdqu	%ymm3, 64(%r8)
+        vmovdqu	%ymm7, 96(%r8)
+        movq	%r11, 128(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_17_rand_avx2,.-kyber_redistribute_17_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_16_rand_avx2
+.type	kyber_redistribute_16_rand_avx2,@function
+.align	16
+kyber_redistribute_16_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_16_rand_avx2
+.p2align	4
+_kyber_redistribute_16_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm4, 96(%rsi)
+        vmovdqu	%ymm1, 64(%rdx)
+        vmovdqu	%ymm5, 96(%rdx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm3, 64(%r8)
+        vmovdqu	%ymm7, 96(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_16_rand_avx2,.-kyber_redistribute_16_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	kyber_redistribute_8_rand_avx2
+.type	kyber_redistribute_8_rand_avx2,@function
+.align	16
+kyber_redistribute_8_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_redistribute_8_rand_avx2
+.p2align	4
+_kyber_redistribute_8_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_redistribute_8_rand_avx2,.-kyber_redistribute_8_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_sha3_parallel_4_r:
+.quad	0x1,0x1
+.quad	0x1,0x1
+.quad	0x8082,0x8082
+.quad	0x8082,0x8082
+.quad	0x800000000000808a,0x800000000000808a
+.quad	0x800000000000808a,0x800000000000808a
+.quad	0x8000000080008000,0x8000000080008000
+.quad	0x8000000080008000,0x8000000080008000
+.quad	0x808b,0x808b
+.quad	0x808b,0x808b
+.quad	0x80000001,0x80000001
+.quad	0x80000001,0x80000001
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000000008009,0x8000000000008009
+.quad	0x8000000000008009,0x8000000000008009
+.quad	0x8a,0x8a
+.quad	0x8a,0x8a
+.quad	0x88,0x88
+.quad	0x88,0x88
+.quad	0x80008009,0x80008009
+.quad	0x80008009,0x80008009
+.quad	0x8000000a,0x8000000a
+.quad	0x8000000a,0x8000000a
+.quad	0x8000808b,0x8000808b
+.quad	0x8000808b,0x8000808b
+.quad	0x800000000000008b,0x800000000000008b
+.quad	0x800000000000008b,0x800000000000008b
+.quad	0x8000000000008089,0x8000000000008089
+.quad	0x8000000000008089,0x8000000000008089
+.quad	0x8000000000008003,0x8000000000008003
+.quad	0x8000000000008003,0x8000000000008003
+.quad	0x8000000000008002,0x8000000000008002
+.quad	0x8000000000008002,0x8000000000008002
+.quad	0x8000000000000080,0x8000000000000080
+.quad	0x8000000000000080,0x8000000000000080
+.quad	0x800a,0x800a
+.quad	0x800a,0x800a
+.quad	0x800000008000000a,0x800000008000000a
+.quad	0x800000008000000a,0x800000008000000a
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000080008081,0x8000000080008081
+.quad	0x8000000000008080,0x8000000000008080
+.quad	0x8000000000008080,0x8000000000008080
+.quad	0x80000001,0x80000001
+.quad	0x80000001,0x80000001
+.quad	0x8000000080008008,0x8000000080008008
+.quad	0x8000000080008008,0x8000000080008008
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_128_blockx4_seed_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_128_blocksx4_seed_avx2
+.type	kyber_sha3_128_blocksx4_seed_avx2,@function
+.align	16
+kyber_sha3_128_blocksx4_seed_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_128_blocksx4_seed_avx2
+.p2align	4
+_kyber_sha3_128_blocksx4_seed_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_parallel_4_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vmovdqu	L_sha3_128_blockx4_seed_avx2_end_mark(%rip), %ymm5
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	(%rdi), %ymm14
+        vmovdqu	%ymm6, 32(%rdi)
+        vmovdqu	%ymm6, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm6, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm5, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vpxor	%ymm5, %ymm15, %ymm10
+        # Round 0
+        # Calc b[0..4]
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_sha3_128_blocksx4_seed_avx2,.-kyber_sha3_128_blocksx4_seed_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_256_blockx4_seed_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	kyber_sha3_256_blocksx4_seed_avx2
+.type	kyber_sha3_256_blocksx4_seed_avx2,@function
+.align	16
+kyber_sha3_256_blocksx4_seed_avx2:
+#else
+.section	__TEXT,__text
+.globl	_kyber_sha3_256_blocksx4_seed_avx2
+.p2align	4
+_kyber_sha3_256_blocksx4_seed_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_parallel_4_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vmovdqu	L_sha3_256_blockx4_seed_avx2_end_mark(%rip), %ymm5
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	(%rdi), %ymm14
+        vmovdqu	%ymm6, 32(%rdi)
+        vmovdqu	%ymm6, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm5, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm6, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vmovdqu	%ymm15, %ymm10
+        vpxor	%ymm5, %ymm11, %ymm11
+        # Round 0
+        # Calc b[0..4]
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	kyber_sha3_256_blocksx4_seed_avx2,.-kyber_sha3_256_blocksx4_seed_avx2
+#endif /* __APPLE__ */
+#endif /* HAVE_INTEL_AVX2 */
+#endif /* WOLFSSL_WC_KYBER */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
 #endif
-
diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c
index dfb10aced..0030b139d 100644
--- a/wolfcrypt/src/wc_kyber_poly.c
+++ b/wolfcrypt/src/wc_kyber_poly.c
@@ -1,6 +1,6 @@
 /* wc_kyber_poly.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,5520 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <wolfssl/wolfcrypt/settings.h>
+/* Implementation based on FIPS 203:
+ *   https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
+ *
+ * Original implementation based on NIST 3rd Round submission package.
+ * See link at:
+ *   https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
+ */
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #error "Contact wolfSSL to get the implementation of this file"
+/* Implementation of the functions that operate on polynomials or vectors of
+ * polynomials.
+ */
+
+/* Possible Kyber options:
+ *
+ * WOLFSSL_WC_KYBER                                           Default: OFF
+ *   Enables this code, wolfSSL implementation, to be built.
+ *
+ * WOLFSSL_WC_ML_KEM_512                                      Default: OFF
+ *   Enables the ML-KEM 512 parameter implementations.
+ * WOLFSSL_WC_ML_KEM_768                                      Default: OFF
+ *   Enables the ML-KEM 768 parameter implementations.
+ * WOLFSSL_WC_ML_KEM_1024                                     Default: OFF
+ *   Enables the ML-KEM 1024 parameter implementations.
+ * WOLFSSL_KYBER512                                           Default: OFF
+ *   Enables the KYBER512 parameter implementations.
+ * WOLFSSL_KYBER768                                           Default: OFF
+ *   Enables the KYBER768 parameter implementations.
+ * WOLFSSL_KYBER1024                                          Default: OFF
+ *   Enables the KYBER1024 parameter implementations.
+ *
+ * USE_INTEL_SPEEDUP                                          Default: OFF
+ *   Compiles in Intel x64 specific implementations that are faster.
+ * WOLFSSL_KYBER_NO_LARGE_CODE                                Default: OFF
+ *   Compiles smaller, fast code size with a speed trade-off.
+ * WOLFSSL_KYBER_SMALL                                        Default: OFF
+ *   Compiles to small code size with a speed trade-off.
+ * WOLFSSL_SMALL_STACK                                        Default: OFF
+ *   Use less stack by dynamically allocating local variables.
+ *
+ * WOLFSSL_KYBER_NTT_UNROLL                                   Default: OFF
+ *   Enable an alternative NTT implementation that may be faster on some
+ *   platforms and is smaller in code size.
+ * WOLFSSL_KYBER_INVNTT_UNROLL                                Default: OFF
+ *   Enables an alternative inverse NTT implementation that may be faster on
+ *   some platforms and is smaller in code size.
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
 #endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/wc_kyber.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_WC_KYBER
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+static int kyber_gen_matrix_i(KYBER_PRF_T* prf, sword16* a, int k, byte* seed,
+    int i, int transposed);
+static int kyber_get_noise_i(KYBER_PRF_T* prf, int k, sword16* vec2,
+    byte* seed, int i, int make);
+static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed);
+#endif
+
+/* Declared in wc_kyber.c to stop compiler optimizer from simplifying. */
+extern volatile sword16 kyber_opt_blocker;
+
+#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
+    defined(WOLFSSL_ARMASM))
+static word32 cpuid_flags = 0;
+#endif
+
+/* Half of Q plus one. Converted message bit value of 1. */
+#define KYBER_Q_1_HALF      ((KYBER_Q + 1) / 2)
+/* Half of Q */
+#define KYBER_Q_HALF        (KYBER_Q / 2)
+
+
+/* q^-1 mod 2^16 (inverse of 3329 mod 16384) */
+#define KYBER_QINV       62209
+
+/* Used in Barrett Reduction:
+ *    r = a mod q
+ * => r = a - ((V * a) >> 26) * q), as V based on 2^26
+ * V is the multiplier that gets the quotient after shifting.
+ */
+#define KYBER_V          (((1U << 26) + (KYBER_Q / 2)) / KYBER_Q)
+
+/* Used in converting to Montgomery form.
+ * f is the normalizer = 2^k % m.
+ * 16-bit value cast to sword32 in use.
+ */
+#define KYBER_F          ((1ULL << 32) % KYBER_Q)
+
+/* Number of bytes in an output block of SHA-3-128 */
+#define SHA3_128_BYTES   (WC_SHA3_128_COUNT * 8)
+/* Number of bytes in an output block of SHA-3-256 */
+#define SHA3_256_BYTES   (WC_SHA3_256_COUNT * 8)
+
+/* Number of blocks to generate for matrix. */
+#define GEN_MATRIX_NBLOCKS \
+    ((12 * KYBER_N / 8 * (1 << 12) / KYBER_Q + XOF_BLOCK_SIZE) / XOF_BLOCK_SIZE)
+/* Number of bytes to generate for matrix. */
+#define GEN_MATRIX_SIZE     GEN_MATRIX_NBLOCKS * XOF_BLOCK_SIZE
+
+
+/* Number of random bytes to generate for ETA3. */
+#define ETA3_RAND_SIZE     ((3 * KYBER_N) / 4)
+/* Number of random bytes to generate for ETA2. */
+#define ETA2_RAND_SIZE     ((2 * KYBER_N) / 4)
+
+
+/* Montgomery reduce a.
+ *
+ * @param  [in]  a  32-bit value to be reduced.
+ * @return  Montgomery reduction result.
+ */
+#define KYBER_MONT_RED(a) \
+    (sword16)(((a) - (sword32)(((sword16)((sword16)(a) * \
+                                (sword16)KYBER_QINV)) * \
+                               (sword32)KYBER_Q)) >> 16)
+
+/* Barrett reduce a. r = a mod q.
+ *
+ * Converted division to multiplication.
+ *
+ * @param  [in]  a  16-bit value to be reduced to range of q.
+ * @return  Modulo result.
+ */
+#define KYBER_BARRETT_RED(a) \
+    (sword16)((sword16)(a) - (sword16)((sword16)( \
+        ((sword32)((sword32)KYBER_V * (sword16)(a))) >> 26) * (word16)KYBER_Q))
+
+
+/* Zetas for NTT. */
+const sword16 zetas[KYBER_N / 2] = {
+    2285, 2571, 2970, 1812, 1493, 1422,  287,  202,
+    3158,  622, 1577,  182,  962, 2127, 1855, 1468,
+     573, 2004,  264,  383, 2500, 1458, 1727, 3199,
+    2648, 1017,  732,  608, 1787,  411, 3124, 1758,
+    1223,  652, 2777, 1015, 2036, 1491, 3047, 1785,
+     516, 3321, 3009, 2663, 1711, 2167,  126, 1469,
+    2476, 3239, 3058,  830,  107, 1908, 3082, 2378,
+    2931,  961, 1821, 2604,  448, 2264,  677, 2054,
+    2226,  430,  555,  843, 2078,  871, 1550,  105,
+     422,  587,  177, 3094, 3038, 2869, 1574, 1653,
+    3083,  778, 1159, 3182, 2552, 1483, 2727, 1119,
+    1739,  644, 2457,  349,  418,  329, 3173, 3254,
+     817, 1097,  603,  610, 1322, 2044, 1864,  384,
+    2114, 3193, 1218, 1994, 2455,  220, 2142, 1670,
+    2144, 1799, 2051,  794, 1819, 2475, 2459,  478,
+     3221, 3021,  996,  991,  958, 1869, 1522, 1628
+};
+
+
+#if !defined(WOLFSSL_ARMASM)
+/* Number-Theoretic Transform.
+ *
+ * FIPS 203, Algorithm 9: NTT(f)
+ * Computes the NTT representation f_hat of the given polynomial f element of
+ * R_q.
+ *   1: f_hat <- f
+ *   2: i <- 1
+ *   3: for (len <- 128; len >= 2; len <- len/2)
+ *   4:     for (start <- 0; start < 256; start <- start + 2.len)
+ *   5:         zeta <- zetas^BitRev_7(i) mod q
+ *   6:         i <- i + 1
+ *   7:         for (j <- start; j < start + len; j++)
+ *   8:             t <- zeta.f[j+len]
+ *   9:             f_hat[j+len] <- f_hat[j] - t
+ *  10:             f_hat[j] <- f_hat[j] - t
+ *  11:         end for
+ *  12:     end for
+ *  13: end for
+ *  14: return f_hat
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void kyber_ntt(sword16* r)
+{
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+
+    /* Step 2 */
+    k = 1;
+    /* Step 3 */
+    for (len = KYBER_N / 2; len >= 2; len >>= 1) {
+        unsigned int start;
+        /* Step 4 */
+        for (start = 0; start < KYBER_N; start = j + len) {
+            /* Step 5, 6*/
+            sword16 zeta = zetas[k++];
+            /* Step 7 */
+            for (j = start; j < start + len; ++j) {
+                /* Step 8 */
+                sword32 p = (sword32)zeta * r[j + len];
+                sword16 t = KYBER_MONT_RED(p);
+                sword16 rj = r[j];
+                /* Step 9 */
+                r[j + len] = rj - t;
+                /* Step 10 */
+                r[j] = rj + t;
+            }
+        }
+    }
+
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < KYBER_N; ++j) {
+        r[j] = KYBER_BARRETT_RED(r[j]);
+    }
+#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
+    /* Take out the first iteration. */
+    unsigned int len;
+    unsigned int k = 1;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta = zetas[k++];
+
+    for (j = 0; j < KYBER_N / 2; ++j) {
+        sword32 p = (sword32)zeta * r[j + KYBER_N / 2];
+        sword16 t = KYBER_MONT_RED(p);
+        sword16 rj = r[j];
+        r[j + KYBER_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+    for (len = KYBER_N / 4; len >= 2; len >>= 1) {
+        for (start = 0; start < KYBER_N; start = j + len) {
+            zeta = zetas[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p = (sword32)zeta * r[j + len];
+                sword16 t = KYBER_MONT_RED(p);
+                sword16 rj = r[j];
+                r[j + len] = rj - t;
+                r[j] = rj + t;
+            }
+        }
+    }
+
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < KYBER_N; ++j) {
+        r[j] = KYBER_BARRETT_RED(r[j]);
+    }
+#elif defined(WOLFSSL_KYBER_NTT_UNROLL)
+    /* Unroll len loop (Step 3). */
+    unsigned int k = 1;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta = zetas[k++];
+
+    /* len = 128 */
+    for (j = 0; j < KYBER_N / 2; ++j) {
+        sword32 p = (sword32)zeta * r[j + KYBER_N / 2];
+        sword16 t = KYBER_MONT_RED(p);
+        sword16 rj = r[j];
+        r[j + KYBER_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+    /* len = 64 */
+    for (start = 0; start < KYBER_N; start += 2 * 64) {
+        zeta = zetas[k++];
+        for (j = 0; j < 64; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 64];
+            sword16 t = KYBER_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 64] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 32 */
+    for (start = 0; start < KYBER_N; start += 2 * 32) {
+        zeta = zetas[k++];
+        for (j = 0; j < 32; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 32];
+            sword16 t = KYBER_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 32] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 16 */
+    for (start = 0; start < KYBER_N; start += 2 * 16) {
+        zeta = zetas[k++];
+        for (j = 0; j < 16; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 16];
+            sword16 t = KYBER_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 16] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 8 */
+    for (start = 0; start < KYBER_N; start += 2 * 8) {
+        zeta = zetas[k++];
+        for (j = 0; j < 8; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 8];
+            sword16 t = KYBER_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 8] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 4 */
+    for (start = 0; start < KYBER_N; start += 2 * 4) {
+        zeta = zetas[k++];
+        for (j = 0; j < 4; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 4];
+            sword16 t = KYBER_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 4] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 2 */
+    for (start = 0; start < KYBER_N; start += 2 * 2) {
+        zeta = zetas[k++];
+        for (j = 0; j < 2; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 2];
+            sword16 t = KYBER_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 2] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < KYBER_N; ++j) {
+        r[j] = KYBER_BARRETT_RED(r[j]);
+    }
+#else
+    /* Unroll len (2, 3, 2) and start loops. */
+    unsigned int j;
+    sword16 t0;
+    sword16 t1;
+    sword16 t2;
+    sword16 t3;
+
+    /* len = 128,64 */
+    sword16 zeta128 = zetas[1];
+    sword16 zeta64_0 = zetas[2];
+    sword16 zeta64_1 = zetas[3];
+    for (j = 0; j < KYBER_N / 8; j++) {
+        sword16 r0 = r[j +   0];
+        sword16 r1 = r[j +  32];
+        sword16 r2 = r[j +  64];
+        sword16 r3 = r[j +  96];
+        sword16 r4 = r[j + 128];
+        sword16 r5 = r[j + 160];
+        sword16 r6 = r[j + 192];
+        sword16 r7 = r[j + 224];
+
+        t0 = KYBER_MONT_RED((sword32)zeta128 * r4);
+        t1 = KYBER_MONT_RED((sword32)zeta128 * r5);
+        t2 = KYBER_MONT_RED((sword32)zeta128 * r6);
+        t3 = KYBER_MONT_RED((sword32)zeta128 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = KYBER_MONT_RED((sword32)zeta64_0 * r2);
+        t1 = KYBER_MONT_RED((sword32)zeta64_0 * r3);
+        t2 = KYBER_MONT_RED((sword32)zeta64_1 * r6);
+        t3 = KYBER_MONT_RED((sword32)zeta64_1 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+
+    /* len = 32,16,8 */
+    for (j = 0; j < KYBER_N; j += 64) {
+        int i;
+        sword16 zeta32   = zetas[ 4 + j / 64 + 0];
+        sword16 zeta16_0 = zetas[ 8 + j / 32 + 0];
+        sword16 zeta16_1 = zetas[ 8 + j / 32 + 1];
+        sword16 zeta8_0  = zetas[16 + j / 16 + 0];
+        sword16 zeta8_1  = zetas[16 + j / 16 + 1];
+        sword16 zeta8_2  = zetas[16 + j / 16 + 2];
+        sword16 zeta8_3  = zetas[16 + j / 16 + 3];
+        for (i = 0; i < 8; i++) {
+            sword16 r0 = r[j + i +  0];
+            sword16 r1 = r[j + i +  8];
+            sword16 r2 = r[j + i + 16];
+            sword16 r3 = r[j + i + 24];
+            sword16 r4 = r[j + i + 32];
+            sword16 r5 = r[j + i + 40];
+            sword16 r6 = r[j + i + 48];
+            sword16 r7 = r[j + i + 56];
+
+            t0 = KYBER_MONT_RED((sword32)zeta32 * r4);
+            t1 = KYBER_MONT_RED((sword32)zeta32 * r5);
+            t2 = KYBER_MONT_RED((sword32)zeta32 * r6);
+            t3 = KYBER_MONT_RED((sword32)zeta32 * r7);
+            r4 = r0 - t0;
+            r5 = r1 - t1;
+            r6 = r2 - t2;
+            r7 = r3 - t3;
+            r0 += t0;
+            r1 += t1;
+            r2 += t2;
+            r3 += t3;
+
+            t0 = KYBER_MONT_RED((sword32)zeta16_0 * r2);
+            t1 = KYBER_MONT_RED((sword32)zeta16_0 * r3);
+            t2 = KYBER_MONT_RED((sword32)zeta16_1 * r6);
+            t3 = KYBER_MONT_RED((sword32)zeta16_1 * r7);
+            r2 = r0 - t0;
+            r3 = r1 - t1;
+            r6 = r4 - t2;
+            r7 = r5 - t3;
+            r0 += t0;
+            r1 += t1;
+            r4 += t2;
+            r5 += t3;
+
+            t0 = KYBER_MONT_RED((sword32)zeta8_0 * r1);
+            t1 = KYBER_MONT_RED((sword32)zeta8_1 * r3);
+            t2 = KYBER_MONT_RED((sword32)zeta8_2 * r5);
+            t3 = KYBER_MONT_RED((sword32)zeta8_3 * r7);
+            r1 = r0 - t0;
+            r3 = r2 - t1;
+            r5 = r4 - t2;
+            r7 = r6 - t3;
+            r0 += t0;
+            r2 += t1;
+            r4 += t2;
+            r6 += t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    /* len = 4,2 and Final reduction */
+    for (j = 0; j < KYBER_N; j += 8) {
+        sword16 zeta4  = zetas[32 + j / 8 + 0];
+        sword16 zeta2_0 = zetas[64 + j / 4 + 0];
+        sword16 zeta2_1 = zetas[64 + j / 4 + 1];
+        sword16 r0 = r[j + 0];
+        sword16 r1 = r[j + 1];
+        sword16 r2 = r[j + 2];
+        sword16 r3 = r[j + 3];
+        sword16 r4 = r[j + 4];
+        sword16 r5 = r[j + 5];
+        sword16 r6 = r[j + 6];
+        sword16 r7 = r[j + 7];
+
+        t0 = KYBER_MONT_RED((sword32)zeta4 * r4);
+        t1 = KYBER_MONT_RED((sword32)zeta4 * r5);
+        t2 = KYBER_MONT_RED((sword32)zeta4 * r6);
+        t3 = KYBER_MONT_RED((sword32)zeta4 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = KYBER_MONT_RED((sword32)zeta2_0 * r2);
+        t1 = KYBER_MONT_RED((sword32)zeta2_0 * r3);
+        t2 = KYBER_MONT_RED((sword32)zeta2_1 * r6);
+        t3 = KYBER_MONT_RED((sword32)zeta2_1 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j + 0] = KYBER_BARRETT_RED(r0);
+        r[j + 1] = KYBER_BARRETT_RED(r1);
+        r[j + 2] = KYBER_BARRETT_RED(r2);
+        r[j + 3] = KYBER_BARRETT_RED(r3);
+        r[j + 4] = KYBER_BARRETT_RED(r4);
+        r[j + 5] = KYBER_BARRETT_RED(r5);
+        r[j + 6] = KYBER_BARRETT_RED(r6);
+        r[j + 7] = KYBER_BARRETT_RED(r7);
+    }
+#endif
+}
+
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+/* Zetas for inverse NTT. */
+const sword16 zetas_inv[KYBER_N / 2] = {
+    1701, 1807, 1460, 2371, 2338, 2333,  308,  108,
+    2851,  870,  854, 1510, 2535, 1278, 1530, 1185,
+    1659, 1187, 3109,  874, 1335, 2111,  136, 1215,
+    2945, 1465, 1285, 2007, 2719, 2726, 2232, 2512,
+      75,  156, 3000, 2911, 2980,  872, 2685, 1590,
+    2210,  602, 1846,  777,  147, 2170, 2551,  246,
+    1676, 1755,  460,  291,  235, 3152, 2742, 2907,
+    3224, 1779, 2458, 1251, 2486, 2774, 2899, 1103,
+    1275, 2652, 1065, 2881,  725, 1508, 2368,  398,
+     951,  247, 1421, 3222, 2499,  271,   90,  853,
+    1860, 3203, 1162, 1618,  666,  320,    8, 2813,
+    1544,  282, 1838, 1293, 2314,  552, 2677, 2106,
+    1571,  205, 2918, 1542, 2721, 2597, 2312,  681,
+     130, 1602, 1871,  829, 2946, 3065, 1325, 2756,
+    1861, 1474, 1202, 2367, 3147, 1752, 2707,  171,
+    3127, 3042, 1907, 1836, 1517,  359,  758, 1441
+};
+
+/* Inverse Number-Theoretic Transform.
+ *
+ * FIPS 203, Algorithm 10: NTT^-1(f_hat)
+ * Computes the polynomial f element of R_q that corresponds to the given NTT
+ * representation f element of T_q.
+ *   1: f <- f_hat
+ *   2: i <- 127
+ *   3: for (len <- 2; len <= 128 ; len <- 2.len)
+ *   4:     for (start <- 0; start < 256; start <- start + 2.len)
+ *   5:         zeta <- zetas^BitRev_7(i) mod q
+ *   6:         i <- i - 1
+ *   7:         for (j <- start; j < start + len; j++)
+ *   8:             t <- f[j]
+ *   9:             f[j] < t + f[j + len]
+ *  10:             f[j + len] <- zeta.(f[j+len] - t)
+ *  11:         end for
+ *  12:     end for
+ *  13: end for
+ *  14: f <- f.3303 mod q
+ *  15: return f
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void kyber_invntt(sword16* r)
+{
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+    sword16 zeta;
+
+    /* Step 2 - table reversed */
+    k = 0;
+    /* Step 3 */
+    for (len = 2; len <= KYBER_N / 2; len <<= 1) {
+        unsigned int start;
+        /* Step 4 */
+        for (start = 0; start < KYBER_N; start = j + len) {
+            /* Step 5, 6 */
+            zeta = zetas_inv[k++];
+            /* Step 7 */
+            for (j = start; j < start + len; ++j) {
+                sword32 p;
+                /* Step 8 */
+                sword16 rj = r[j];
+                sword16 rjl = r[j + len];
+                /* Step 9 */
+                sword16 t = rj + rjl;
+                r[j] = KYBER_BARRETT_RED(t);
+                /* Step 10 */
+                rjl = rj - rjl;
+                p = (sword32)zeta * rjl;
+                r[j + len] = KYBER_MONT_RED(p);
+            }
+        }
+    }
+
+    /* Step 14 */
+    zeta = zetas_inv[127];
+    for (j = 0; j < KYBER_N; ++j) {
+        sword32 p = (sword32)zeta * r[j];
+        r[j] = KYBER_MONT_RED(p);
+    }
+#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
+    /* Take out last iteration. */
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+    sword16 zeta;
+    sword16 zeta2;
+
+    k = 0;
+    for (len = 2; len <= KYBER_N / 4; len <<= 1) {
+        unsigned int start;
+        for (start = 0; start < KYBER_N; start = j + len) {
+            zeta = zetas_inv[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p;
+                sword16 rj = r[j];
+                sword16 rjl = r[j + len];
+                sword16 t = rj + rjl;
+                r[j] = KYBER_BARRETT_RED(t);
+                rjl = rj - rjl;
+                p = (sword32)zeta * rjl;
+                r[j + len] = KYBER_MONT_RED(p);
+            }
+        }
+    }
+
+    zeta = zetas_inv[126];
+    zeta2 = zetas_inv[127];
+    for (j = 0; j < KYBER_N / 2; ++j) {
+        sword32 p;
+        sword16 rj = r[j];
+        sword16 rjl = r[j + KYBER_N / 2];
+        sword16 t = rj + rjl;
+        rjl = rj - rjl;
+        p = (sword32)zeta * rjl;
+        r[j] = t;
+        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
+
+        p = (sword32)zeta2 * r[j];
+        r[j] = KYBER_MONT_RED(p);
+        p = (sword32)zeta2 * r[j + KYBER_N / 2];
+        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
+    }
+#elif defined(WOLFSSL_KYBER_INVNTT_UNROLL)
+    /* Unroll len loop (Step 3). */
+    unsigned int k;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta;
+    sword16 zeta2;
+
+    k = 0;
+    /* len = 2 */
+    for (start = 0; start < KYBER_N; start += 2 * 2) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 2; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 2];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 2] = KYBER_MONT_RED(p);
+        }
+    }
+    /* len = 4 */
+    for (start = 0; start < KYBER_N; start += 2 * 4) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 4; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 4];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 4] = KYBER_MONT_RED(p);
+        }
+    }
+    /* len = 8 */
+    for (start = 0; start < KYBER_N; start += 2 * 8) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 8; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 8];
+            sword16 t = rj + rjl;
+            /* Reduce. */
+            r[start + j] = KYBER_BARRETT_RED(t);
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 8] = KYBER_MONT_RED(p);
+        }
+    }
+    /* len = 16 */
+    for (start = 0; start < KYBER_N; start += 2 * 16) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 16; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 16];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 16] = KYBER_MONT_RED(p);
+        }
+    }
+    /* len = 32 */
+    for (start = 0; start < KYBER_N; start += 2 * 32) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 32; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 32];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 32] = KYBER_MONT_RED(p);
+        }
+    }
+    /* len = 64 */
+    for (start = 0; start < KYBER_N; start += 2 * 64) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 64; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 64];
+            sword16 t = rj + rjl;
+            /* Reduce. */
+            r[start + j] = KYBER_BARRETT_RED(t);
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 64] = KYBER_MONT_RED(p);
+        }
+    }
+    /* len = 128, 256 */
+    zeta = zetas_inv[126];
+    zeta2 = zetas_inv[127];
+    for (j = 0; j < KYBER_N / 2; ++j) {
+        sword32 p;
+        sword16 rj = r[j];
+        sword16 rjl = r[j + KYBER_N / 2];
+        sword16 t = rj + rjl;
+        rjl = rj - rjl;
+        p = (sword32)zeta * rjl;
+        r[j] = t;
+        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
+
+        p = (sword32)zeta2 * r[j];
+        r[j] = KYBER_MONT_RED(p);
+        p = (sword32)zeta2 * r[j + KYBER_N / 2];
+        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
+    }
+#else
+    /* Unroll len (2, 3, 3) and start loops. */
+    unsigned int j;
+    sword16 t0;
+    sword16 t1;
+    sword16 t2;
+    sword16 t3;
+    sword16 zeta64_0;
+    sword16 zeta64_1;
+    sword16 zeta128;
+    sword16 zeta256;
+    sword32 p;
+
+    for (j = 0; j < KYBER_N; j += 8) {
+        sword16 zeta2_0 = zetas_inv[ 0 + j / 4 + 0];
+        sword16 zeta2_1 = zetas_inv[ 0 + j / 4 + 1];
+        sword16 zeta4   = zetas_inv[64 + j / 8 + 0];
+        sword16 r0 = r[j + 0];
+        sword16 r1 = r[j + 1];
+        sword16 r2 = r[j + 2];
+        sword16 r3 = r[j + 3];
+        sword16 r4 = r[j + 4];
+        sword16 r5 = r[j + 5];
+        sword16 r6 = r[j + 6];
+        sword16 r7 = r[j + 7];
+
+        p = (sword32)zeta2_0 * (sword16)(r0 - r2);
+        t0 = KYBER_MONT_RED(p);
+        p = (sword32)zeta2_0 * (sword16)(r1 - r3);
+        t1 = KYBER_MONT_RED(p);
+        p = (sword32)zeta2_1 * (sword16)(r4 - r6);
+        t2 = KYBER_MONT_RED(p);
+        p = (sword32)zeta2_1 * (sword16)(r5 - r7);
+        t3 = KYBER_MONT_RED(p);
+        r0 += r2;
+        r1 += r3;
+        r4 += r6;
+        r5 += r7;
+        r2 = t0;
+        r3 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        p = (sword32)zeta4 * (sword16)(r0 - r4);
+        t0 = KYBER_MONT_RED(p);
+        p = (sword32)zeta4 * (sword16)(r1 - r5);
+        t1 = KYBER_MONT_RED(p);
+        p = (sword32)zeta4 * (sword16)(r2 - r6);
+        t2 = KYBER_MONT_RED(p);
+        p = (sword32)zeta4 * (sword16)(r3 - r7);
+        t3 = KYBER_MONT_RED(p);
+        r0 += r4;
+        r1 += r5;
+        r2 += r6;
+        r3 += r7;
+        r4 = t0;
+        r5 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        r[j + 0] = r0;
+        r[j + 1] = r1;
+        r[j + 2] = r2;
+        r[j + 3] = r3;
+        r[j + 4] = r4;
+        r[j + 5] = r5;
+        r[j + 6] = r6;
+        r[j + 7] = r7;
+    }
+
+    for (j = 0; j < KYBER_N; j += 64) {
+        int i;
+        sword16 zeta8_0  = zetas_inv[ 96 + j / 16 + 0];
+        sword16 zeta8_1  = zetas_inv[ 96 + j / 16 + 1];
+        sword16 zeta8_2  = zetas_inv[ 96 + j / 16 + 2];
+        sword16 zeta8_3  = zetas_inv[ 96 + j / 16 + 3];
+        sword16 zeta16_0 = zetas_inv[112 + j / 32 + 0];
+        sword16 zeta16_1 = zetas_inv[112 + j / 32 + 1];
+        sword16 zeta32   = zetas_inv[120 + j / 64 + 0];
+        for (i = 0; i < 8; i++) {
+            sword16 r0 = r[j + i +  0];
+            sword16 r1 = r[j + i +  8];
+            sword16 r2 = r[j + i + 16];
+            sword16 r3 = r[j + i + 24];
+            sword16 r4 = r[j + i + 32];
+            sword16 r5 = r[j + i + 40];
+            sword16 r6 = r[j + i + 48];
+            sword16 r7 = r[j + i + 56];
+
+            p = (sword32)zeta8_0 * (sword16)(r0 - r1);
+            t0 = KYBER_MONT_RED(p);
+            p = (sword32)zeta8_1 * (sword16)(r2 - r3);
+            t1 = KYBER_MONT_RED(p);
+            p = (sword32)zeta8_2 * (sword16)(r4 - r5);
+            t2 = KYBER_MONT_RED(p);
+            p = (sword32)zeta8_3 * (sword16)(r6 - r7);
+            t3 = KYBER_MONT_RED(p);
+            r0 = KYBER_BARRETT_RED(r0 + r1);
+            r2 = KYBER_BARRETT_RED(r2 + r3);
+            r4 = KYBER_BARRETT_RED(r4 + r5);
+            r6 = KYBER_BARRETT_RED(r6 + r7);
+            r1 = t0;
+            r3 = t1;
+            r5 = t2;
+            r7 = t3;
+
+            p = (sword32)zeta16_0 * (sword16)(r0 - r2);
+            t0 = KYBER_MONT_RED(p);
+            p = (sword32)zeta16_0 * (sword16)(r1 - r3);
+            t1 = KYBER_MONT_RED(p);
+            p = (sword32)zeta16_1 * (sword16)(r4 - r6);
+            t2 = KYBER_MONT_RED(p);
+            p = (sword32)zeta16_1 * (sword16)(r5 - r7);
+            t3 = KYBER_MONT_RED(p);
+            r0 += r2;
+            r1 += r3;
+            r4 += r6;
+            r5 += r7;
+            r2 = t0;
+            r3 = t1;
+            r6 = t2;
+            r7 = t3;
+
+            p = (sword32)zeta32 * (sword16)(r0 - r4);
+            t0 = KYBER_MONT_RED(p);
+            p = (sword32)zeta32 * (sword16)(r1 - r5);
+            t1 = KYBER_MONT_RED(p);
+            p = (sword32)zeta32 * (sword16)(r2 - r6);
+            t2 = KYBER_MONT_RED(p);
+            p = (sword32)zeta32 * (sword16)(r3 - r7);
+            t3 = KYBER_MONT_RED(p);
+            r0 += r4;
+            r1 += r5;
+            r2 += r6;
+            r3 += r7;
+            r4 = t0;
+            r5 = t1;
+            r6 = t2;
+            r7 = t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    zeta64_0 = zetas_inv[124];
+    zeta64_1 = zetas_inv[125];
+    zeta128  = zetas_inv[126];
+    zeta256  = zetas_inv[127];
+    for (j = 0; j < KYBER_N / 8; j++) {
+        sword16 r0 = r[j +   0];
+        sword16 r1 = r[j +  32];
+        sword16 r2 = r[j +  64];
+        sword16 r3 = r[j +  96];
+        sword16 r4 = r[j + 128];
+        sword16 r5 = r[j + 160];
+        sword16 r6 = r[j + 192];
+        sword16 r7 = r[j + 224];
+
+        p = (sword32)zeta64_0 * (sword16)(r0 - r2);
+        t0 = KYBER_MONT_RED(p);
+        p = (sword32)zeta64_0 * (sword16)(r1 - r3);
+        t1 = KYBER_MONT_RED(p);
+        p = (sword32)zeta64_1 * (sword16)(r4 - r6);
+        t2 = KYBER_MONT_RED(p);
+        p = (sword32)zeta64_1 * (sword16)(r5 - r7);
+        t3 = KYBER_MONT_RED(p);
+        r0 = KYBER_BARRETT_RED(r0 + r2);
+        r1 = KYBER_BARRETT_RED(r1 + r3);
+        r4 = KYBER_BARRETT_RED(r4 + r6);
+        r5 = KYBER_BARRETT_RED(r5 + r7);
+        r2 = t0;
+        r3 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        p = (sword32)zeta128 * (sword16)(r0 - r4);
+        t0 = KYBER_MONT_RED(p);
+        p = (sword32)zeta128 * (sword16)(r1 - r5);
+        t1 = KYBER_MONT_RED(p);
+        p = (sword32)zeta128 * (sword16)(r2 - r6);
+        t2 = KYBER_MONT_RED(p);
+        p = (sword32)zeta128 * (sword16)(r3 - r7);
+        t3 = KYBER_MONT_RED(p);
+        r0 += r4;
+        r1 += r5;
+        r2 += r6;
+        r3 += r7;
+        r4 = t0;
+        r5 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        p = (sword32)zeta256 * r0;
+        r0 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r1;
+        r1 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r2;
+        r2 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r3;
+        r3 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r4;
+        r4 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r5;
+        r5 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r6;
+        r6 = KYBER_MONT_RED(p);
+        p = (sword32)zeta256 * r7;
+        r7 = KYBER_MONT_RED(p);
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+#endif
+}
+#endif
+
+/* Multiplication of polynomials in Zq[X]/(X^2-zeta).
+ *
+ * Used for multiplication of elements in Rq in NTT domain.
+ *
+ * FIPS 203, Algorithm 12: BaseCaseMultiply(a0, a1, b0, b1, zeta)
+ * Computes the product of two degree-one polynomials with respect to a
+ * quadratic modulus.
+ *   1: c0 <- a0.b0 + a1.b1.zeta
+ *   2: c1 <- a0.b1 + a1.b0
+ *   3: return (c0, c1)
+ *
+ * @param  [out]  r     Result polynomial.
+ * @param  [in]   a     First factor.
+ * @param  [in]   b     Second factor.
+ * @param  [in]   zeta  Integer defining the reduction polynomial.
+ */
+static void kyber_basemul(sword16* r, const sword16* a, const sword16* b,
+    sword16 zeta)
+{
+    sword16 r0;
+    sword16 a0 = a[0];
+    sword16 a1 = a[1];
+    sword16 b0 = b[0];
+    sword16 b1 = b[1];
+    sword32 p1;
+    sword32 p2;
+
+    /* Step 1 */
+    p1   = (sword32)a0 * b0;
+    p2   = (sword32)a1 * b1;
+    r0   = KYBER_MONT_RED(p2);
+    p2   = (sword32)zeta * r0;
+    p2  += p1;
+    r[0] = KYBER_MONT_RED(p2);
+
+    /* Step 2 */
+    p1   = (sword32)a0 * b1;
+    p2   = (sword32)a1 * b0;
+    p1  += p2;
+    r[1] = KYBER_MONT_RED(p1);
+}
+
+/* Multiply two polynomials in NTT domain. r = a * b.
+ *
+ * FIPS 203, Algorithm 11: MultiplyNTTs(f_hat, g_hat)
+ * Computes the product (in the ring T_q) of two NTT representations.
+ *   1: for (i <- 0; i < 128; i++)
+ *   2:     (h_hat[2i],h_hat[2i+1]) <-
+ *              BaseCaseMultiply(f_hat[2i],f_hat[2i+1],g_hat[2i],g_hat[2i+1],
+ *                               zetas^(BitRev_7(i)+1)
+ *   3: end for
+ *   4: return h_hat
+ *
+ * @param  [out]  r  Result polynomial.
+ * @param  [in]   a  First polynomial multiplier.
+ * @param  [in]   b  Second polynomial multiplier.
+ */
+static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+{
+    const sword16* zeta = zetas + 64;
+
+#if defined(WOLFSSL_KYBER_SMALL)
+    /* Two multiplications per loop. */
+    unsigned int i;
+    /* Step 1 */
+    for (i = 0; i < KYBER_N; i += 4, zeta++) {
+        /* Step 2 */
+        kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
+    }
+#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
+    /* Four multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
+        kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
+        kyber_basemul(r + i + 4, a + i + 4, b + i + 4,  zeta[1]);
+        kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]);
+    }
+#else
+    /* Eight multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < KYBER_N; i += 16, zeta += 4) {
+        kyber_basemul(r + i +  0, a + i +  0, b + i +  0,  zeta[0]);
+        kyber_basemul(r + i +  2, a + i +  2, b + i +  2, -zeta[0]);
+        kyber_basemul(r + i +  4, a + i +  4, b + i +  4,  zeta[1]);
+        kyber_basemul(r + i +  6, a + i +  6, b + i +  6, -zeta[1]);
+        kyber_basemul(r + i +  8, a + i +  8, b + i +  8,  zeta[2]);
+        kyber_basemul(r + i + 10, a + i + 10, b + i + 10, -zeta[2]);
+        kyber_basemul(r + i + 12, a + i + 12, b + i + 12,  zeta[3]);
+        kyber_basemul(r + i + 14, a + i + 14, b + i + 14, -zeta[3]);
+    }
+#endif
+}
+
+/* Multiply two polynomials in NTT domain and add to result. r += a * b.
+ *
+ * FIPS 203, Algorithm 11: MultiplyNTTs(f_hat, g_hat)
+ * Computes the product (in the ring T_q) of two NTT representations.
+ *   1: for (i <- 0; i < 128; i++)
+ *   2:     (h_hat[2i],h_hat[2i+1]) <-
+ *              BaseCaseMultiply(f_hat[2i],f_hat[2i+1],g_hat[2i],g_hat[2i+1],
+ *                               zetas^(BitRev_7(i)+1)
+ *   3: end for
+ *   4: return h_hat
+ * Add h_hat to r.
+ *
+ * @param  [in, out]  r  Result polynomial.
+ * @param  [in]       a  First polynomial multiplier.
+ * @param  [in]       b  Second polynomial multiplier.
+ */
+static void kyber_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b)
+{
+    const sword16* zeta = zetas + 64;
+
+#if defined(WOLFSSL_KYBER_SMALL)
+    /* Two multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < KYBER_N; i += 4, zeta++) {
+        sword16 t0[2];
+        sword16 t2[2];
+
+        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+    }
+#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
+    /* Four multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
+        sword16 t0[2];
+        sword16 t2[2];
+        sword16 t4[2];
+        sword16 t6[2];
+
+        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+        kyber_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
+        kyber_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+        r[i + 4] += t4[0];
+        r[i + 5] += t4[1];
+        r[i + 6] += t6[0];
+        r[i + 7] += t6[1];
+    }
+#else
+    /* Eight multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < KYBER_N; i += 16, zeta += 4) {
+        sword16 t0[2];
+        sword16 t2[2];
+        sword16 t4[2];
+        sword16 t6[2];
+        sword16 t8[2];
+        sword16 t10[2];
+        sword16 t12[2];
+        sword16 t14[2];
+
+        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+        kyber_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
+        kyber_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
+        kyber_basemul(t8, a + i + 8, b + i + 8,  zeta[2]);
+        kyber_basemul(t10, a + i + 10, b + i + 10, -zeta[2]);
+        kyber_basemul(t12, a + i + 12, b + i + 12,  zeta[3]);
+        kyber_basemul(t14, a + i + 14, b + i + 14, -zeta[3]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+        r[i + 4] += t4[0];
+        r[i + 5] += t4[1];
+        r[i + 6] += t6[0];
+        r[i + 7] += t6[1];
+        r[i + 8] += t8[0];
+        r[i + 9] += t8[1];
+        r[i + 10] += t10[0];
+        r[i + 11] += t10[1];
+        r[i + 12] += t12[0];
+        r[i + 13] += t12[1];
+        r[i + 14] += t14[0];
+        r[i + 15] += t14[1];
+    }
+#endif
+}
+#endif
+
+/* Pointwise multiply elements of a and b, into r, and multiply by 2^-16.
+ *
+ * @param  [out]  r  Result polynomial.
+ * @param  [in]   a  First vector polynomial to multiply with.
+ * @param  [in]   b  Second vector polynomial to multiply with.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_pointwise_acc_mont(sword16* r, const sword16* a,
+    const sword16* b, unsigned int k)
+{
+    unsigned int i;
+
+    kyber_basemul_mont(r, a, b);
+#ifdef WOLFSSL_KYBER_SMALL
+    for (i = 1; i < k; ++i) {
+        kyber_basemul_mont_add(r, a + i * KYBER_N, b + i * KYBER_N);
+    }
+#else
+    for (i = 1; i < k - 1; ++i) {
+        kyber_basemul_mont_add(r, a + i * KYBER_N, b + i * KYBER_N);
+    }
+    kyber_basemul_mont_add(r, a + (k - 1) * KYBER_N, b + (k - 1) * KYBER_N);
+#endif
+}
+
+/******************************************************************************/
+
+/* Initialize Kyber implementation.
+ */
+void kyber_init(void)
+{
+#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
+    defined(WOLFSSL_ARMASM))
+    cpuid_flags = cpuid_get_flags();
+#endif
+}
+
+/******************************************************************************/
+
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   16: s_hat <- NTT(s)
+ *   17: e_hat <- NTT(e)
+ *   18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s  Private key vector of polynomials.
+ * @param  [out]      t  Public key vector of polynomials.
+ * @param  [in]       e  Error values as a vector of polynomials. Modified.
+ * @param  [in]       a  Random values in an array of vectors of polynomials.
+ * @param  [in]       k  Number of polynomials in vector.
+ */
+void kyber_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k)
+{
+    int i;
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+    if (IS_AARCH64_RDM(cpuid_flags)) {
+        /* Transform private key. All of result used in public key calculation.
+         * Step 16: s_hat = NTT(s) */
+        for (i = 0; i < k; ++i) {
+            kyber_ntt_sqrdmlsh(s + i * KYBER_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+        for (i = 0; i < k; ++i) {
+            /* Multiply a by private into public polynomial.
+             * Step 18: ... A_hat o s_hat ... */
+            kyber_pointwise_acc_mont(t + i * KYBER_N, a + i * k * KYBER_N, s,
+                k);
+            /* Convert public polynomial to Montgomery form.
+             * Step 18: ... MontRed(A_hat o s_hat) ... */
+            kyber_to_mont_sqrdmlsh(t + i * KYBER_N);
+            /* Transform error values polynomial.
+             * Step 17: e_hat = NTT(e) */
+            kyber_ntt_sqrdmlsh(e + i * KYBER_N);
+            /* Add errors to public key and reduce.
+             * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+            kyber_add_reduce(t + i * KYBER_N, e + i * KYBER_N);
+        }
+    }
+    else
+#endif
+    {
+        /* Transform private key. All of result used in public key calculation.
+         * Step 16: s_hat = NTT(s) */
+        for (i = 0; i < k; ++i) {
+            kyber_ntt(s + i * KYBER_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+        for (i = 0; i < k; ++i) {
+            /* Multiply a by private into public polynomial.
+             * Step 18: ... A_hat o s_hat ... */
+            kyber_pointwise_acc_mont(t + i * KYBER_N, a + i * k * KYBER_N, s,
+                k);
+            /* Convert public polynomial to Montgomery form.
+             * Step 18: ... MontRed(A_hat o s_hat) ... */
+            kyber_to_mont(t + i * KYBER_N);
+            /* Transform error values polynomial.
+             * Step 17: e_hat = NTT(e) */
+            kyber_ntt(e + i * KYBER_N);
+            /* Add errors to public key and reduce.
+             * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+            kyber_add_reduce(t + i * KYBER_N, e + i * KYBER_N);
+        }
+    }
+}
+#endif /* WOLFSSL_KYBER_NO_MAKE_KEY */
+
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+/* Encapsulate message.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r)
+ *   ...
+ *   Step 18: y_hat <- NTT(y)
+ *   Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1)
+ *   ...
+ *   Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu)
+ *   ...
+ *
+ * @param  [in]   t   Public key vector of polynomials.
+ * @param  [out]  u   Vector of polynomials.
+ * @param  [out]  v   Polynomial.
+ * @param  [in]   a   Array of vector of polynomials.
+ * @param  [in]   y   Vector of polynomials.
+ * @param  [in]   e1  Error Vector of polynomials.
+ * @param  [in]   e2  Error polynomial.
+ * @param  [in]   m   Message polynomial.
+ * @param  [in]   k   Number of polynomials in vector.
+ */
+void kyber_encapsulate(const sword16* t, sword16* u , sword16* v,
+    const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
+    const sword16* m, int k)
+{
+    int i;
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+    if (IS_AARCH64_RDM(cpuid_flags)) {
+        /* Transform y. All of result used in calculation of u and v.
+         * Step 18: y_hat <- NTT(y) */
+        for (i = 0; i < k; ++i) {
+            kyber_ntt_sqrdmlsh(y + i * KYBER_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+        for (i = 0; i < k; ++i) {
+            /* Multiply at by y into u polynomial.
+             * Step 19: ... A_hat_trans o y_hat ... */
+            kyber_pointwise_acc_mont(u + i * KYBER_N, a + i * k * KYBER_N, y,
+                k);
+            /* Inverse transform u  polynomial.
+             * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */
+            kyber_invntt_sqrdmlsh(u  + i * KYBER_N);
+            /* Add errors to u  and reduce.
+             * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+            kyber_add_reduce(u  + i * KYBER_N, e1 + i * KYBER_N);
+        }
+
+        /* Multiply public key by y into v polynomial.
+         * Step 21: ... t_hat_trans o y_hat ... */
+        kyber_pointwise_acc_mont(v, t, y, k);
+        /* Inverse transform v.
+         * Step 22: ... InvNTT(t_hat_trans o y_hat) ... */
+        kyber_invntt_sqrdmlsh(v);
+    }
+    else
+#endif
+    {
+        /* Transform y. All of result used in calculation of u and v.
+         * Step 18: y_hat <- NTT(y) */
+        for (i = 0; i < k; ++i) {
+            kyber_ntt(y + i * KYBER_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+        for (i = 0; i < k; ++i) {
+            /* Multiply at by y into u polynomial.
+             * Step 19: ... A_hat_trans o y_hat ... */
+            kyber_pointwise_acc_mont(u + i * KYBER_N, a + i * k * KYBER_N, y,
+                k);
+            /* Inverse transform u  polynomial.
+             * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */
+            kyber_invntt(u + i * KYBER_N);
+            /* Add errors to u and reduce.
+             * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+            kyber_add_reduce(u + i * KYBER_N, e1 + i * KYBER_N);
+        }
+
+        /* Multiply public key by y into v polynomial.
+         * Step 21: ... t_hat_trans o y_hat ... */
+        kyber_pointwise_acc_mont(v, t, y, k);
+        /* Inverse transform v.
+         * Step 22: ... InvNTT(t_hat_trans o y_hat) ... */
+        kyber_invntt(v);
+    }
+    /* Add errors and message to v and reduce.
+     * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) */
+    kyber_add3_reduce(v, e2, m);
+}
+#endif /* !WOLFSSL_KYBER_NO_ENCAPSULATE || !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+/* Decapsulate message.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   ...
+ *
+ * @param  [in]   s  Decryption key as vector of polynomials.
+ * @param  [out]  w  Message polynomial.
+ * @param  [in]   u  Vector of polynomials containing error.
+ * @param  [in]   v  Encapsulated message polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_decapsulate(const sword16* s, sword16* w, sword16* u,
+    const sword16* v, int k)
+{
+    int i;
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+    if (IS_AARCH64_RDM(cpuid_flags)) {
+        /* Transform u. All of result used in calculation of w.
+         * Step 6: ... NTT(u') */
+        for (i = 0; i < k; ++i) {
+            kyber_ntt_sqrdmlsh(u + i * KYBER_N);
+        }
+
+        /* Multiply private key by u into w polynomial.
+         * Step 6: ... s_hat_trans o NTT(u') */
+        kyber_pointwise_acc_mont(w, s, u, k);
+        /* Inverse transform w.
+         * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */
+        kyber_invntt_sqrdmlsh(w);
+    }
+    else
+#endif
+    {
+        /* Transform u. All of result used in calculation of w.
+         * Step 6: ... NTT(u') */
+        for (i = 0; i < k; ++i) {
+            kyber_ntt(u + i * KYBER_N);
+        }
+
+        /* Multiply private key by u into w polynomial.
+         * Step 6: ... s_hat_trans o NTT(u') */
+        kyber_pointwise_acc_mont(w, s, u, k);
+        /* Inverse transform w.
+         * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */
+        kyber_invntt(w);
+    }
+    /* Subtract errors (in w) out of v and reduce into w.
+     * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
+    kyber_rsub_reduce(w, v);
+}
+#endif /* !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#else
+
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   16: s_hat <- NTT(s)
+ *   17: e_hat <- NTT(e)
+ *   18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s  Private key vector of polynomials.
+ * @param  [out]      t  Public key vector of polynomials.
+ * @param  [in]       e  Error values as a vector of polynomials. Modified.
+ * @param  [in]       a  Random values in an array of vectors of polynomials.
+ * @param  [in]       k  Number of polynomials in vector.
+ */
+static void kyber_keygen_c(sword16* s, sword16* t, sword16* e, const sword16* a,
+    int k)
+{
+    int i;
+
+    /* Transform private key. All of result used in public key calculation
+     * Step 16: s_hat = NTT(s) */
+    for (i = 0; i < k; ++i) {
+        kyber_ntt(s + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors.
+     * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Multiply a by private into public polynomial.
+         * Step 18: ... A_hat o s_hat ... */
+        kyber_pointwise_acc_mont(t + i * KYBER_N, a + i * k * KYBER_N, s, k);
+        /* Convert public polynomial to Montgomery form.
+         * Step 18: ... MontRed(A_hat o s_hat) ... */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword32 n = t[i * KYBER_N + j] * (sword32)KYBER_F;
+            t[i * KYBER_N + j] = KYBER_MONT_RED(n);
+        }
+        /* Transform error values polynomial.
+         * Step 17: e_hat = NTT(e) */
+        kyber_ntt(e + i * KYBER_N);
+        /* Add errors to public key and reduce.
+         * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword16 n = t[i * KYBER_N + j] + e[i * KYBER_N + j];
+            t[i * KYBER_N + j] = KYBER_BARRETT_RED(n);
+        }
+    }
+}
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   16: s_hat <- NTT(s)
+ *   17: e_hat <- NTT(e)
+ *   18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s  Private key vector of polynomials.
+ * @param  [out]      t  Public key vector of polynomials.
+ * @param  [in]       e  Error values as a vector of polynomials. Modified.
+ * @param  [in]       a  Random values in an array of vectors of polynomials.
+ * @param  [in]       k  Number of polynomials in vector.
+ */
+void kyber_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if ((IS_INTEL_AVX2(cpuid_flags)) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        /* Alg 13: Steps 16-18 */
+        kyber_keygen_avx2(s, t, e, a, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        /* Alg 13: Steps 16-18 */
+        kyber_keygen_c(s, t, e, a, k);
+    }
+}
+
+#else
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   3: for (i <- 0; i < k; i++)                         > generate matrix A_hat
+ *   ... (generate A[i])
+ *   7: end for
+ *   ...
+ *   9:      s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N))
+ *   ...
+ *  16: s_hat <- NTT(s)
+ *  17: e_hat <- NTT(e)
+ *  18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s      Private key vector of polynomials.
+ * @param  [out]      tv     Public key vector of polynomials.
+ * @param  [in]       prf    XOF object.
+ * @param  [in]       tv     Temporary vector of polynomials.
+ * @param  [in]       k      Number of polynomials in vector.
+ * @param  [in]       rho    Random seed to generate matrix A from.
+ * @param  [in]       sigma  Random seed to generate noise from.
+ */
+int kyber_keygen_seeds(sword16* s, sword16* t, KYBER_PRF_T* prf,
+    sword16* tv, int k, byte* rho, byte* sigma)
+{
+    int i;
+    int ret = 0;
+    sword16* ai = tv;
+    sword16* e = tv;
+
+    /* Transform private key. All of result used in public key calculation
+     * Step 16: s_hat = NTT(s) */
+    for (i = 0; i < k; ++i) {
+        kyber_ntt(s + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors.
+     * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Generate a vector of matrix A.
+         * Steps 4-6: generate A[i] */
+        ret = kyber_gen_matrix_i(prf, ai, k, rho, i, 0);
+        if (ret != 0) {
+           break;
+        }
+
+        /* Multiply a by private into public polynomial.
+         * Step 18: ... A_hat o s_hat ... */
+        kyber_pointwise_acc_mont(t + i * KYBER_N, ai, s, k);
+        /* Convert public polynomial to Montgomery form.
+         * Step 18: ... MontRed(A_hat o s_hat) ... */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword32 n = t[i * KYBER_N + j] * (sword32)KYBER_F;
+            t[i * KYBER_N + j] = KYBER_MONT_RED(n);
+        }
+
+        /* Generate noise using PRF.
+         * Step 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) */
+        ret = kyber_get_noise_i(prf, k, e, sigma, i, 1);
+        if (ret != 0) {
+           break;
+        }
+        /* Transform error values polynomial.
+         * Step 17: e_hat = NTT(e) */
+        kyber_ntt(e);
+        /* Add errors to public key and reduce.
+         * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword16 n = t[i * KYBER_N + j] + e[j];
+            t[i * KYBER_N + j] = KYBER_BARRETT_RED(n);
+        }
+    }
+
+    return ret;
+}
+
+#endif
+#endif /* !WOLFSSL_KYBER_NO_MAKE_KEY */
+
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+/* Encapsulate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  u    Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   a    Array of vector of polynomials.
+ * @param  [in]   y    Vector of polynomials.
+ * @param  [in]   e1   Error Vector of polynomials.
+ * @param  [in]   e2   Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   k    Number of polynomials in vector.
+ */
+static void kyber_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
+    const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
+    const sword16* m, int k)
+{
+    int i;
+
+    /* Transform y. All of result used in calculation of u and v. */
+    for (i = 0; i < k; ++i) {
+        kyber_ntt(y + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Multiply at by y into u polynomial. */
+        kyber_pointwise_acc_mont(u + i * KYBER_N, a + i * k * KYBER_N, y, k);
+        /* Inverse transform u polynomial. */
+        kyber_invntt(u + i * KYBER_N);
+        /* Add errors to u and reduce. */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword16 t = u[i * KYBER_N + j] + e1[i * KYBER_N + j];
+            u[i * KYBER_N + j] = KYBER_BARRETT_RED(t);
+        }
+    }
+
+    /* Multiply public key by y into v polynomial. */
+    kyber_pointwise_acc_mont(v, pub, y, k);
+    /* Inverse transform v. */
+    kyber_invntt(v);
+    /* Add errors and message to v and reduce. */
+    for (i = 0; i < KYBER_N; ++i) {
+        sword16 t = v[i] + e2[i] + m[i];
+        v[i] = KYBER_BARRETT_RED(t);
+    }
+}
+
+/* Encapsulate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  u    Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   a    Array of vector of polynomials.
+ * @param  [in]   y    Vector of polynomials.
+ * @param  [in]   e1   Error Vector of polynomials.
+ * @param  [in]   e2   Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   k    Number of polynomials in vector.
+ */
+void kyber_encapsulate(const sword16* pub, sword16* u, sword16* v,
+    const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
+    const sword16* m, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_encapsulate_avx2(pub, u, v, a, y, e1, e2, m, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_encapsulate_c(pub, u, v, a, y, e1, e2, m, k);
+    }
+}
+
+#else
+
+/* Encapsulate message.
+ *
+ * @param  [in]       pub    Public key vector of polynomials.
+ * @param  [in]       prf    XOF object.
+ * @param  [out]      u      Vector of polynomials.
+ * @param  [in, out]  tp     Polynomial.
+ * @param  [in]       y      Vector of polynomials.
+ * @param  [in]       k      Number of polynomials in vector.
+ * @param  [in]       msg    Message to encapsulate.
+ * @param  [in]       seed   Random seed to generate matrix A from.
+ * @param  [in]       coins  Random seed to generate noise from.
+ */
+int kyber_encapsulate_seeds(const sword16* pub, KYBER_PRF_T* prf, sword16* u,
+    sword16* tp, sword16* y, int k, const byte* msg, byte* seed, byte* coins)
+{
+    int ret = 0;
+    int i;
+    sword16* a = tp;
+    sword16* e1 = tp;
+    sword16* v = tp;
+    sword16* e2 = tp + KYBER_N;
+    sword16* m = y;
+
+    /* Transform y. All of result used in calculation of u and v. */
+    for (i = 0; i < k; ++i) {
+        kyber_ntt(y + i * KYBER_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Generate a vector of matrix A. */
+        ret = kyber_gen_matrix_i(prf, a, k, seed, i, 1);
+        if (ret != 0) {
+           break;
+        }
+
+        /* Multiply at by y into u polynomial. */
+        kyber_pointwise_acc_mont(u + i * KYBER_N, a, y, k);
+        /* Inverse transform u polynomial. */
+        kyber_invntt(u + i * KYBER_N);
+
+        /* Generate noise using PRF. */
+        ret = kyber_get_noise_i(prf, k, e1, coins, i, 0);
+        if (ret != 0) {
+           break;
+        }
+        /* Add errors to u and reduce. */
+        for (j = 0; j < KYBER_N; ++j) {
+            sword16 t = u[i * KYBER_N + j] + e1[j];
+            u[i * KYBER_N + j] = KYBER_BARRETT_RED(t);
+        }
+    }
+
+    /* Multiply public key by y into v polynomial. */
+    kyber_pointwise_acc_mont(v, pub, y, k);
+    /* Inverse transform v. */
+    kyber_invntt(v);
+
+    kyber_from_msg(m, msg);
+
+    /* Generate noise using PRF. */
+    coins[KYBER_SYM_SZ] = 2 * k;
+    ret = kyber_get_noise_eta2_c(prf, e2, coins);
+    if (ret == 0) {
+        /* Add errors and message to v and reduce. */
+        for (i = 0; i < KYBER_N; ++i) {
+            sword16 t = v[i] + e2[i] + m[i];
+            tp[i] = KYBER_BARRETT_RED(t);
+        }
+    }
+
+    return ret;
+}
+#endif
+#endif /* !WOLFSSL_KYBER_NO_ENCAPSULATE || !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+
+/* Decapsulate message.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   ...
+ *
+ * @param  [in]   s  Private key vector of polynomials.
+ * @param  [out]  w  Message polynomial.
+ * @param  [in]   u  Vector of polynomials containing error.
+ * @param  [in]   v  Encapsulated message polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_decapsulate_c(const sword16* s, sword16* w, sword16* u,
+    const sword16* v, int k)
+{
+    int i;
+
+    /* Transform u. All of result used in calculation of w.
+     * Step 6: ... NTT(u') */
+    for (i = 0; i < k; ++i) {
+        kyber_ntt(u + i * KYBER_N);
+    }
+
+    /* Multiply private key by u into w polynomial.
+     * Step 6: ... s_hat_trans o NTT(u') */
+    kyber_pointwise_acc_mont(w, s, u, k);
+    /* Inverse transform w.
+     * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */
+    kyber_invntt(w);
+    /* Subtract errors (in w) out of v and reduce into w.
+     * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
+    for (i = 0; i < KYBER_N; ++i) {
+        sword16 t = v[i] - w[i];
+        w[i] = KYBER_BARRETT_RED(t);
+    }
+}
+
+/* Decapsulate message.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   ...
+ *
+ * @param  [in]   s  Private key vector of polynomials.
+ * @param  [out]  w  Message polynomial.
+ * @param  [in]   u  Vector of polynomials containing error.
+ * @param  [in]   v   Encapsulated message polynomial.
+ * @param  [in]   k   Number of polynomials in vector.
+ */
+void kyber_decapsulate(const sword16* s, sword16* w, sword16* u,
+    const sword16* v, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_decapsulate_avx2(s, w, u, v, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_decapsulate_c(s, w, u, v, k);
+    }
+}
+
+#endif /* !WOLFSSL_KYBER_ NO_DECAPSULATE */
+#endif
+
+/******************************************************************************/
+
+#ifdef USE_INTEL_SPEEDUP
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    if (!transposed) {
+        state[4*4 + 0] = 0x1f0000 + 0x000;
+        state[4*4 + 1] = 0x1f0000 + 0x001;
+        state[4*4 + 2] = 0x1f0000 + 0x100;
+        state[4*4 + 3] = 0x1f0000 + 0x101;
+    }
+    else {
+        state[4*4 + 0] = 0x1f0000 + 0x000;
+        state[4*4 + 1] = 0x1f0000 + 0x100;
+        state[4*4 + 2] = 0x1f0000 + 0x001;
+        state[4*4 + 3] = 0x1f0000 + 0x101;
+    }
+
+    kyber_sha3_128_blocksx4_seed_avx2(state, seed);
+    kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+        rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+        rand + 3 * GEN_MATRIX_SIZE);
+    for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        kyber_sha3_blocksx4_avx2(state);
+        kyber_redistribute_21_rand_avx2(state, rand + i + 0 * GEN_MATRIX_SIZE,
+            rand + i + 1 * GEN_MATRIX_SIZE, rand + i + 2 * GEN_MATRIX_SIZE,
+            rand + i + 3 * GEN_MATRIX_SIZE);
+    }
+
+    /* Sample random bytes to create a polynomial. */
+    p = rand;
+    ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
+        GEN_MATRIX_SIZE);
+    /* Create more blocks if too many rejected. */
+    while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
+           (ctr3 < KYBER_N)) {
+        kyber_sha3_blocksx4_avx2(state);
+        kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+            rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+            rand + 3 * GEN_MATRIX_SIZE);
+
+        p = rand;
+        ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3, KYBER_N - ctr3,
+            p, XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 2; k++) {
+        for (i = 0; i < 4; i++) {
+            if (!transposed) {
+                state[4*4 + i] = 0x1f0000 + (((k*4+i)/3) << 8) + ((k*4+i)%3);
+            }
+            else {
+                state[4*4 + i] = 0x1f0000 + (((k*4+i)%3) << 8) + ((k*4+i)/3);
+            }
+        }
+
+        kyber_sha3_128_blocksx4_seed_avx2(state, seed);
+        kyber_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
+               (ctr3 < KYBER_N)) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+                rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3,
+                KYBER_N - ctr3, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 4 * KYBER_N;
+    }
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (2 << 8) + 2;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else {
+            BlockSha3(state);
+        }
+        XMEMCPY(rand + i, state, SHA3_128_BYTES);
+    }
+    ctr0 = kyber_rej_uniform_n_avx2(a, KYBER_N, rand, GEN_MATRIX_SIZE);
+    while (ctr0 < KYBER_N) {
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else {
+            BlockSha3(state);
+        }
+        XMEMCPY(rand, state, SHA3_128_BYTES);
+        ctr0 += kyber_rej_uniform_avx2(a + ctr0, KYBER_N - ctr0, rand,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 4; k++) {
+        for (i = 0; i < 4; i++) {
+            if (!transposed) {
+                state[4*4 + i] = 0x1f0000 + (k << 8) + i;
+            }
+            else {
+                state[4*4 + i] = 0x1f0000 + (i << 8) + k;
+            }
+        }
+
+        kyber_sha3_128_blocksx4_seed_avx2(state, seed);
+        kyber_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
+            GEN_MATRIX_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
+               (ctr3 < KYBER_N)) {
+            kyber_sha3_blocksx4_avx2(state);
+            kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+                rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3,
+                KYBER_N - ctr3, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 4 * KYBER_N;
+    }
+
+    return 0;
+}
+#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */
+#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed)
+{
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    if (!transposed) {
+        state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0;
+        state[1*25 + 4] = 0x1f0000 + (0 << 8) + 1;
+        state[2*25 + 4] = 0x1f0000 + (1 << 8) + 0;
+    }
+    else {
+        state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0;
+        state[1*25 + 4] = 0x1f0000 + (1 << 8) + 0;
+        state[2*25 + 4] = 0x1f0000 + (0 << 8) + 1;
+    }
+
+    kyber_shake128_blocksx3_seed_neon(state, seed);
+    /* Sample random bytes to create a polynomial. */
+    p = (byte*)st;
+    ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE);
+    p += 25 * 8;
+    ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE);
+    p += 25 * 8;
+    ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE);
+    while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) {
+        kyber_sha3_blocksx3_neon(st);
+
+        p = (byte*)st;
+        ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0,
+            p, XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1,
+            p, XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2,
+            p, XOF_BLOCK_SIZE);
+    }
+
+    a += 3 * KYBER_N;
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (1 << 8) + 1;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    p = (byte*)state;
+    ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE);
+    while (ctr0 < KYBER_N) {
+        BlockSha3(state);
+        ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    for (k = 0; k < 3; k++) {
+        for (i = 0; i < 3; i++) {
+            if (!transposed) {
+                state[i*25 + 4] = 0x1f0000 + ((k << 8) + i);
+            }
+            else {
+                state[i*25 + 4] = 0x1f0000 + ((i << 8) + k);
+            }
+        }
+
+        kyber_shake128_blocksx3_seed_neon(state, seed);
+        /* Sample random bytes to create a polynomial. */
+        p = (byte*)st;
+        ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p +=25 * 8;
+        ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) {
+            kyber_sha3_blocksx3_neon(st);
+
+            p = (byte*)st;
+            ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 3 * KYBER_N;
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    for (k = 0; k < 5; k++) {
+        for (i = 0; i < 3; i++) {
+            byte bi = ((k * 3) + i) / 4;
+            byte bj = ((k * 3) + i) % 4;
+            if (!transposed) {
+                state[i*25 + 4] = 0x1f0000 + (bi << 8) + bj;
+            }
+            else {
+                state[i*25 + 4] = 0x1f0000 + (bj << 8) + bi;
+            }
+        }
+
+        kyber_shake128_blocksx3_seed_neon(state, seed);
+        /* Sample random bytes to create a polynomial. */
+        p = (byte*)st;
+        ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p,
+            XOF_BLOCK_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) {
+            kyber_sha3_blocksx3_neon(st);
+
+            p = (byte*)st;
+            ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0,
+                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1,
+                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2,
+                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 3 * KYBER_N;
+    }
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (3 << 8) + 3;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    p = (byte*)state;
+    ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE);
+    while (ctr0 < KYBER_N) {
+        BlockSha3(state);
+        ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+#endif /* USE_INTEL_SPEEDUP */
+
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+/* Absorb the seed data for squeezing out pseudo-random data.
+ *
+ * FIPS 203, Section 4.1:
+ * 1. XOF.init() = SHA128.Init().
+ * 2. XOF.Absorb(ctx,str) = SHAKE128.Absorb(ctx,str).
+ *
+ * @param  [in, out]  shake128  SHAKE-128 object.
+ * @param  [in]       seed      Data to absorb.
+ * @param  [in]       len       Length of data to absorb in bytes.
+ * @return  0 on success always.
+ */
+static int kyber_xof_absorb(wc_Shake* shake128, byte* seed, int len)
+{
+    int ret;
+
+    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_Shake128_Absorb(shake128, seed, len);
+    }
+
+    return ret;
+}
+
+/* Squeeze the state to produce pseudo-random data.
+ *
+ * FIPS 203, Section 4.1:
+ * 3. XOF.Absorb(ctx,l) = SHAKE128.Squeeze(ctx,8.l).
+ *
+ * @param  [in, out]  shake128  SHAKE-128 object.
+ * @param  [out]      out       Buffer to write to.
+ * @param  [in]       blocks    Number of blocks to write.
+ * @return  0 on success always.
+ */
+static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
+{
+    return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
+}
+#endif
+
+/* New/Initialize SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * H(s) := SHA3-256(s)
+ *
+ * @param  [in, out]  hash    SHA-3 object.
+ * @param  [in]       heap    Dynamic memory allocator hint.
+ * @param  [in]       devId   Device id.
+ * @return  0 on success always.
+ */
+int kyber_hash_new(wc_Sha3* hash, void* heap, int devId)
+{
+    return wc_InitSha3_256(hash, heap, devId);
+}
+
+/* Free SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * H(s) := SHA3-256(s)
+ *
+ * @param  [in, out]  hash  SHA-3 object.
+ */
+void kyber_hash_free(wc_Sha3* hash)
+{
+    wc_Sha3_256_Free(hash);
+}
+
+/* Hash data using SHA3-256 with SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * H(s) := SHA3-256(s)
+ *
+ * @param  [in, out]  hash     SHA-3 object.
+ * @param  [io]       data     Data to be hashed.
+ * @param  [in]       dataLen  Length of data in bytes.
+ * @param  [out]      out      Hash of data.
+ * @return  0 on success.
+ */
+int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out)
+{
+    int ret;
+
+    /* Process all data. */
+    ret = wc_Sha3_256_Update(hash, data, dataLen);
+    if (ret == 0) {
+        /* Calculate Hash of data passed in an re-initialize. */
+        ret = wc_Sha3_256_Final(hash, out);
+    }
+
+    return ret;
+}
+
+/* Hash one or two blocks of data using SHA3-512 with SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * G(s) := SHA3-512(s)
+ *
+ * @param  [in, out]  hash      SHA-3 object.
+ * @param  [io]       data1     First block of data to be hashed.
+ * @param  [in]       data1Len  Length of first block of data in bytes.
+ * @param  [io]       data2     Second block of data to be hashed. May be NULL.
+ * @param  [in]       data2Len  Length of second block of data in bytes.
+ * @param  [out]      out       Hash of all data.
+ * @return  0 on success.
+ */
+int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
+    const byte* data2, word32 data2Len, byte* out)
+{
+    int ret;
+
+    /* Process first block of data. */
+    ret = wc_Sha3_512_Update(hash, data1, data1Len);
+    /* Check if there is a second block of data. */
+    if ((ret == 0) && (data2Len > 0)) {
+        /* Process second block of data. */
+        ret = wc_Sha3_512_Update(hash, data2, data2Len);
+    }
+    if (ret == 0) {
+        /* Calculate Hash of data passed in an re-initialize. */
+        ret = wc_Sha3_512_Final(hash, out);
+    }
+
+    return ret;
+}
+
+/* Initialize SHAKE-256 object.
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ */
+void kyber_prf_init(wc_Shake* prf)
+{
+    XMEMSET(prf->s, 0, sizeof(prf->s));
+}
+
+/* New/Initialize SHAKE-256 object.
+ *
+ * FIPS 203, Section 4.1:
+ * PRF_eta(s,b) := SHA256(s||b,8.64.eta)
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ * @param  [in]       heap      Dynamic memory allocator hint.
+ * @param  [in]       devId     Device id.
+ * @return  0 on success always.
+ */
+int kyber_prf_new(wc_Shake* prf, void* heap, int devId)
+{
+    return wc_InitShake256(prf, heap, devId);
+}
+
+/* Free SHAKE-256 object.
+ *
+ * FIPS 203, Section 4.1:
+ * PRF_eta(s,b) := SHA256(s||b,8.64.eta)
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ */
+void kyber_prf_free(wc_Shake* prf)
+{
+    wc_Shake256_Free(prf);
+}
+
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+/* Create pseudo-random data from the key using SHAKE-256.
+ *
+ * FIPS 203, Section 4.1:
+ * PRF_eta(s,b) := SHA256(s||b,8.64.eta)
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ * @param  [out]      out       Buffer to write to.
+ * @param  [in]       outLen    Number of bytes to write.
+ * @param  [in]       key       Data to derive from. Must be KYBER_SYM_SZ + 1
+ *                              bytes in length.
+ * @return  0 on success always.
+ */
+static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
+    const byte* key)
+{
+#ifdef USE_INTEL_SPEEDUP
+    word64 state[25];
+
+    (void)shake256;
+
+    /* Put first KYBER_SYM_SZ bytes og key into blank state. */
+    readUnalignedWords64(state, key, KYBER_SYM_SZ / sizeof(word64));
+    /* Last byte in with end of content marker. */
+    state[KYBER_SYM_SZ / 8] = 0x1f00 | key[KYBER_SYM_SZ];
+    /* Set rest of state to 0. */
+    XMEMSET(state + KYBER_SYM_SZ / 8 + 1, 0,
+        (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64));
+    /* ... except for rate marker. */
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    /* Generate as much output as is required. */
+    while (outLen > 0) {
+        /* Get as much of an output block as is needed. */
+        unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE);
+
+        /* Perform a block operation on the state for next block of output. */
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags) &&
+                 (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else {
+            BlockSha3(state);
+        }
+
+        /* Copy the state as output. */
+        XMEMCPY(out, state, len);
+        /* Update output pointer and length. */
+        out += len;
+        outLen -= len;
+    }
+
+    return 0;
+#else
+    int ret;
+
+    /* Process all data. */
+    ret = wc_Shake256_Update(shake256, key, KYBER_SYM_SZ + 1);
+    if (ret == 0) {
+        /* Calculate Hash of data passed in an re-initialize. */
+        ret = wc_Shake256_Final(shake256, out, outLen);
+    }
+
+    return ret;
+#endif
+}
+#endif
+
+#ifdef WOLFSSL_KYBER_ORIGINAL
+#ifdef USE_INTEL_SPEEDUP
+/* Create pseudo-random key from the seed using SHAKE-256.
+ *
+ * @param  [in]  seed      Data to derive from.
+ * @param  [in]  seedLen   Length of data to derive from in bytes.
+ * @param  [out] out       Buffer to write to.
+ * @param  [in]  outLen    Number of bytes to derive.
+ * @return  0 on success always.
+ */
+int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
+{
+    word64 state[25];
+    word32 len64 = seedLen / 8;
+
+    readUnalignedWords64(state, seed, len64);
+    state[len64] = 0x1f;
+    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else {
+        BlockSha3(state);
+    }
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+/* Create pseudo-random key from the seed using SHAKE-256.
+ *
+ * @param  [in]  seed      Data to derive from.
+ * @param  [in]  seedLen   Length of data to derive from in bytes.
+ * @param  [out] out       Buffer to write to.
+ * @param  [in]  outLen    Number of bytes to derive.
+ * @return  0 on success always.
+ */
+int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
+{
+    word64 state[25];
+    word32 len64 = seedLen / 8;
+
+    readUnalignedWords64(state, seed, len64);
+    state[len64] = 0x1f;
+    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    BlockSha3(state);
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+}
+#endif
+#endif
+
+#if !defined(WOLFSSL_ARMASM)
+/* Rejection sampling on uniform random bytes to generate uniform random
+ * integers mod q.
+ *
+ * FIPS 203, Algorithm 7: SampleNTT(B)
+ * Takes a 32-byte seed and two indices as input and outputs a pseudorandom
+ * element of T_q.
+ *   ...
+ *   4: while j < 256 do
+ *   5:     (ctx,C) <- XOF.Squeeze(ctx,3)
+ *   6:     d1 <- C[0] + 256.(C[1] mod 16)
+ *   7:     d2 <- lower(C[1] / 16) + 16.C[2]
+ *   8:     if d1 < q then
+ *   9:         a_hat[j] <- d1
+ *  10:         j <- j + 1
+ *  11:     end if
+ *  12:     if d2 < q and j < 256 then
+ *  13:         a_hat[j] <- d2
+ *  14:         j <- j + 1
+ *  15:     end if
+ *  16: end while
+ *  ...
+ *
+ * @param  [out]  p     Uniform random integers mod q.
+ * @param  [in]   len   Maximum number of integers.
+ * @param  [in]   r     Uniform random bytes buffer.
+ * @param  [in]   rLen  Length of random data in buffer.
+ * @return  Number of integers sampled.
+ */
+static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen)
+{
+    unsigned int i;
+    unsigned int j;
+
+#if defined(WOLFSSL_KYBER_SMALL) || !defined(WC_64BIT_CPU)
+    /* Keep sampling until maximum number of integers reached or buffer used up.
+     * Step 4. */
+    for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) {
+        /* Step 5 - caller generates and now using 3 bytes of it. */
+        /* Use 24 bits (3 bytes) as two 12 bits integers. */
+        /* Step 6. */
+        sword16 v0 = ((r[0] >> 0) | ((word16)r[1] << 8)) & 0xFFF;
+        /* Step 7. */
+        sword16 v1 = ((r[1] >> 4) | ((word16)r[2] << 4)) & 0xFFF;
+
+        /* Reject first 12-bit integer if greater than or equal to q.
+         * Step 8 */
+        if (v0 < KYBER_Q) {
+            /* Steps 9-10 */
+            p[i++] = v0;
+        }
+        /* Check second if we don't have enough integers yet.
+         * Reject second 12-bit integer if greater than or equal to q.
+         * Step 12 */
+        if ((i < len) && (v1 < KYBER_Q)) {
+            /* Steps 13-14 */
+            p[i++] = v1;
+        }
+
+        /* Move over used bytes. */
+        r += 3;
+    }
+#else
+    /* Unroll loops. Minimal work per loop. */
+    unsigned int minJ;
+
+    /* Calculate minimum number of 6 byte data blocks to get all required
+     * numbers assuming no rejections. */
+    minJ = len / 4 * 6;
+    if (minJ > rLen)
+        minJ = rLen;
+    i = 0;
+    for (j = 0; j < minJ; j += 6) {
+        /* Use 48 bits (6 bytes) as four 12-bit integers. */
+        word64 r_word = readUnalignedWord64(r);
+        sword16 v0 =  r_word        & 0xfff;
+        sword16 v1 = (r_word >> 12) & 0xfff;
+        sword16 v2 = (r_word >> 24) & 0xfff;
+        sword16 v3 = (r_word >> 36) & 0xfff;
+
+        p[i] = v0;
+        i += (v0 < KYBER_Q);
+        p[i] = v1;
+        i += (v1 < KYBER_Q);
+        p[i] = v2;
+        i += (v2 < KYBER_Q);
+        p[i] = v3;
+        i += (v3 < KYBER_Q);
+
+        /* Move over used bytes. */
+        r += 6;
+    }
+    /* Check whether we have all the numbers we need. */
+    if (j < rLen) {
+        /* Keep trying until we have less than 4 numbers to find or data is used
+         * up. */
+        for (; (i + 4 < len) && (j < rLen); j += 6) {
+            /* Use 48 bits (6 bytes) as four 12-bit integers. */
+            word64 r_word = readUnalignedWord64(r);
+            sword16 v0 =  r_word        & 0xfff;
+            sword16 v1 = (r_word >> 12) & 0xfff;
+            sword16 v2 = (r_word >> 24) & 0xfff;
+            sword16 v3 = (r_word >> 36) & 0xfff;
+
+            p[i] = v0;
+            i += (v0 < KYBER_Q);
+            p[i] = v1;
+            i += (v1 < KYBER_Q);
+            p[i] = v2;
+            i += (v2 < KYBER_Q);
+            p[i] = v3;
+            i += (v3 < KYBER_Q);
+
+            /* Move over used bytes. */
+            r += 6;
+        }
+        /* Keep trying until we have all the numbers we need or the data is used
+         * up. */
+        for (; (i < len) && (j < rLen); j += 6) {
+            /* Use 48 bits (6 bytes) as four 12-bit integers. */
+            word64 r_word = readUnalignedWord64(r);
+            sword16 v0 =  r_word        & 0xfff;
+            sword16 v1 = (r_word >> 12) & 0xfff;
+            sword16 v2 = (r_word >> 24) & 0xfff;
+            sword16 v3 = (r_word >> 36) & 0xfff;
+
+            /* Reject first 12-bit integer if greater than or equal to q. */
+            if (v0 < KYBER_Q) {
+                p[i++] = v0;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject second 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v1 < KYBER_Q)) {
+                p[i++] = v1;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject third 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v2 < KYBER_Q)) {
+                p[i++] = v2;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject fourth 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v3 < KYBER_Q)) {
+                p[i++] = v3;
+            }
+
+            /* Move over used bytes. */
+            r += 6;
+        }
+    }
+#endif
+
+    return i;
+}
+#endif
+
+#if !defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    !defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   3: for (i <- 0; i < k; i++)
+ *   4:     for (j <- 0; j < k; j++)
+ *   5:         A_hat[i,j] <- SampleNTT(rho||j||i)
+ *   6:     end for
+ *   7: end for
+ *   ...
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *   4: for (i <- 0; i < k; i++)
+ *   5:     for (j <- 0; j < k; j++)
+ *   6:         A_hat[i,j] <- SampleNTT(rho||j||i)  (Transposed is rho||i||j)
+ *   7:     end for
+ *   8: end for
+ *   ...
+ * FIPS 203, Algorithm 7: SampleNTT(B)
+ * Takes a 32-byte seed and two indices as input and outputs a pseudorandom
+ * element of T_q.
+ *   1: ctx <- XOF.init()
+ *   2: ctx <- XOF.Absorb(ctx,B)
+ *   3: j <- 0
+ *   4: while j < 256 do
+ *   5:     (ctx,C) <- XOF.Squeeze(ctx,3)
+ *   ...
+ *  16: end while
+ *  17: return a_hat
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   k           Number of dimensions. k x k polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int k, byte* seed,
+    int transposed)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* rand;
+#else
+    byte rand[GEN_MATRIX_SIZE + 2];
+#endif
+    byte extSeed[KYBER_SYM_SZ + 2];
+    int ret = 0;
+    int i;
+
+    /* Copy seed into buffer than has space for i and j to be appended. */
+    XMEMCPY(extSeed, seed, KYBER_SYM_SZ);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Allocate large amount of memory to hold random bytes to be samples. */
+    rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (rand == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+#if !defined(WOLFSSL_KYBER_SMALL) && defined(WC_64BIT_CPU)
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    if (ret == 0) {
+        rand[GEN_MATRIX_SIZE+0] = 0xff;
+        rand[GEN_MATRIX_SIZE+1] = 0xff;
+    }
+#endif
+
+    /* Generate each vector of polynomials.
+     * Alg 13, Step 3. Alg 14, Step 4. */
+    for (i = 0; (ret == 0) && (i < k); i++, a += k * KYBER_N) {
+        int j;
+        /* Generate each polynomial in vector from seed with indices.
+         * Alg 13, Step 4. Alg 14, Step 5. */
+        for (j = 0; (ret == 0) && (j < k); j++) {
+            if (transposed) {
+                /* Alg 14, Step 6: .. rho||i||j ... */
+                extSeed[KYBER_SYM_SZ + 0] = i;
+                extSeed[KYBER_SYM_SZ + 1] = j;
+            }
+            else {
+                /* Alg 13, Step 5: .. rho||j||i ... */
+                extSeed[KYBER_SYM_SZ + 0] = j;
+                extSeed[KYBER_SYM_SZ + 1] = i;
+            }
+            /* Absorb the index specific seed.
+             * Alg 7, Step 1-2 */
+            ret = kyber_xof_absorb(prf, extSeed, sizeof(extSeed));
+            if (ret == 0) {
+                /* Create data based on the seed.
+                 * Alg 7, Step 5. Generating enough to, on average, be able to
+                 * get enough valid values. */
+                ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
+            }
+            if (ret == 0) {
+                unsigned int ctr;
+
+                /* Sample random bytes to create a polynomial.
+                 * Alg 7, Step 3 - implicitly counter is 0.
+                 * Alg 7, Step 4-16. */
+                ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand,
+                    GEN_MATRIX_SIZE);
+                /* Create more blocks if too many rejected.
+                 * Alg 7, Step 4. */
+                while (ctr < KYBER_N) {
+                    /* Alg 7, Step 5. */
+                    kyber_xof_squeezeblocks(prf, rand, 1);
+                    /* Alg 7, Step 4-16. */
+                    ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
+                        KYBER_N - ctr, rand, XOF_BLOCK_SIZE);
+                }
+            }
+        }
+    }
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of temporary buffer. */
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif
+
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d), Steps 3-7
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r), Steps 4-8
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   k           Number of dimensions. k x k polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int k, byte* seed,
+    int transposed)
+{
+    int ret;
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if (k == KYBER512_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = kyber_gen_matrix_k2_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = kyber_gen_matrix_c(prf, a, KYBER512_K, seed, transposed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+    if (k == KYBER768_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = kyber_gen_matrix_k3_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = kyber_gen_matrix_c(prf, a, KYBER768_K, seed, transposed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+    if (k == KYBER1024_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = kyber_gen_matrix_k4_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = kyber_gen_matrix_c(prf, a, KYBER1024_K, seed, transposed);
+        }
+#endif
+    }
+    else
+#endif
+    {
+        ret = BAD_STATE_E;
+    }
+
+    (void)prf;
+
+    return ret;
+}
+
+#endif
+
+#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ * ...
+ * 4:     for (j <- 0; j < k; j++)
+ * 5:         A_hat[i,j] <- SampleNTT(rho||j||i)
+ * 6:     end for
+ * ...
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ * ...
+ * 5:     for (j <- 0; j < k; j++)
+ * 6:         A_hat[i,j] <- SampleNTT(rho||j||i)  (Transposed is rho||i||j)
+ * 7:     end for
+ * ...
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   k           Number of dimensions. k x k polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   i           Index of vector to generate.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int kyber_gen_matrix_i(KYBER_PRF_T* prf, sword16* a, int k, byte* seed,
+    int i, int transposed)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* rand;
+#else
+    byte rand[GEN_MATRIX_SIZE + 2];
+#endif
+    byte extSeed[KYBER_SYM_SZ + 2];
+    int ret = 0;
+    int j;
+
+    XMEMCPY(extSeed, seed, KYBER_SYM_SZ);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Allocate large amount of memory to hold random bytes to be samples. */
+    rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (rand == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+#if !defined(WOLFSSL_KYBER_SMALL) && defined(WC_64BIT_CPU)
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    if (ret == 0) {
+        rand[GEN_MATRIX_SIZE+0] = 0xff;
+        rand[GEN_MATRIX_SIZE+1] = 0xff;
+    }
+#endif
+
+    /* Generate each polynomial in vector from seed with indices.
+     * Alg 13, Step 4. Alg 14, Step 5. */
+    for (j = 0; (ret == 0) && (j < k); j++) {
+        if (transposed) {
+            /* Alg 14, Step 6: .. rho||i||j ... */
+            extSeed[KYBER_SYM_SZ + 0] = i;
+            extSeed[KYBER_SYM_SZ + 1] = j;
+        }
+        else {
+            /* Alg 13, Step 5: .. rho||j||i ... */
+            extSeed[KYBER_SYM_SZ + 0] = j;
+            extSeed[KYBER_SYM_SZ + 1] = i;
+        }
+        /* Absorb the index specific seed.
+         * Alg 7, Step 1-2 */
+        ret = kyber_xof_absorb(prf, extSeed, sizeof(extSeed));
+        if (ret == 0) {
+            /* Create out based on the seed.
+             * Alg 7, Step 5. Generating enough to, on average, be able to get
+             * enough valid values. */
+            ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
+        }
+        if (ret == 0) {
+            unsigned int ctr;
+
+            /* Sample random bytes to create a polynomial.
+             * Alg 7, Step 3 - implicitly counter is 0.
+             * Alg 7, Step 4-16. */
+            ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand,
+                GEN_MATRIX_SIZE);
+            /* Create more blocks if too many rejected.
+             * Alg 7, Step 4. */
+            while (ctr < KYBER_N) {
+                /* Alg 7, Step 5. */
+                kyber_xof_squeezeblocks(prf, rand, 1);
+                /* Alg 7, Step 4-16. */
+                ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
+                    KYBER_N - ctr, rand, XOF_BLOCK_SIZE);
+            }
+        }
+    }
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of temporary buffer. */
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#endif
+
+
+/******************************************************************************/
+
+/* Subtract one 2 bit value from another out of a larger number.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param  [in]  d  Value containing sequential 2 bit values.
+ * @param  [in]  i  Start index of the two values in 2 bits each.
+ * @return  Difference of the two values with range 0..2.
+ */
+#define ETA2_SUB(d, i) \
+    (((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \
+     ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3)))
+
+/* Compute polynomial with coefficients distributed according to a centered
+ * binomial distribution with parameter eta2 from uniform random bytes.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param [out]  p  Polynomial computed.
+ * @param [in]   r  Random bytes.
+ */
+static void kyber_cbd_eta2(sword16* p, const byte* r)
+{
+    unsigned int i;
+
+#ifndef WORD64_AVAILABLE
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 4 bytes, little endian, as a 32 bit value. */
+    #ifdef BIG_ENDIAN_ORDER
+        word32 t = ByteReverseWord32(*(word32*)r);
+    #else
+        word32 t = *(word32*)r;
+    #endif
+        word32 d;
+        /* Add second bits to first. */
+        d  = (t >> 0) & 0x55555555;
+        d += (t >> 1) & 0x55555555;
+        /* Values 0, 1 or 2 in consecutive 2 bits.
+         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 8; j++) {
+            p[i + j] = ETA2_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA2_SUB(d, 0);
+        p[i + 1] = ETA2_SUB(d, 1);
+        p[i + 2] = ETA2_SUB(d, 2);
+        p[i + 3] = ETA2_SUB(d, 3);
+        p[i + 4] = ETA2_SUB(d, 4);
+        p[i + 5] = ETA2_SUB(d, 5);
+        p[i + 6] = ETA2_SUB(d, 6);
+        p[i + 7] = ETA2_SUB(d, 7);
+    #endif
+        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
+
+        /* Move over used bytes. */
+        r += 4;
+    }
+#else
+    /* Calculate sixteen integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 16) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 8 bytes, little endian, as a 64 bit value. */
+    #ifdef BIG_ENDIAN_ORDER
+        word64 t = ByteReverseWord64(readUnalignedWord64(r));
+    #else
+        word64 t = readUnalignedWord64(r);
+    #endif
+        word64 d;
+        /* Add second bits to first. */
+        d  = (t >> 0) & 0x5555555555555555L;
+        d += (t >> 1) & 0x5555555555555555L;
+        /* Values 0, 1 or 2 in consecutive 2 bits.
+         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 16; j++) {
+            p[i + j] = ETA2_SUB(d, j);
+        }
+    #else
+        p[i +  0] = ETA2_SUB(d,  0);
+        p[i +  1] = ETA2_SUB(d,  1);
+        p[i +  2] = ETA2_SUB(d,  2);
+        p[i +  3] = ETA2_SUB(d,  3);
+        p[i +  4] = ETA2_SUB(d,  4);
+        p[i +  5] = ETA2_SUB(d,  5);
+        p[i +  6] = ETA2_SUB(d,  6);
+        p[i +  7] = ETA2_SUB(d,  7);
+        p[i +  8] = ETA2_SUB(d,  8);
+        p[i +  9] = ETA2_SUB(d,  9);
+        p[i + 10] = ETA2_SUB(d, 10);
+        p[i + 11] = ETA2_SUB(d, 11);
+        p[i + 12] = ETA2_SUB(d, 12);
+        p[i + 13] = ETA2_SUB(d, 13);
+        p[i + 14] = ETA2_SUB(d, 14);
+        p[i + 15] = ETA2_SUB(d, 15);
+    #endif
+        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
+
+        /* Move over used bytes. */
+        r += 8;
+    }
+#endif
+}
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Subtract one 3 bit value from another out of a larger number.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param  [in]  d  Value containing sequential 3 bit values.
+ * @param  [in]  i  Start index of the two values in 3 bits each.
+ * @return  Difference of the two values with range 0..3.
+ */
+#define ETA3_SUB(d, i) \
+    (((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \
+     ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7)))
+
+/* Compute polynomial with coefficients distributed according to a centered
+ * binomial distribution with parameter eta3 from uniform random bytes.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param [out]  p  Polynomial computed.
+ * @param [in]   r  Random bytes.
+ */
+static void kyber_cbd_eta3(sword16* p, const byte* r)
+{
+    unsigned int i;
+
+#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_KYBER_NO_LARGE_CODE) || \
+    defined(BIG_ENDIAN_ORDER)
+#ifndef WORD64_AVAILABLE
+    /* Calculate four integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 4) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 3 bytes, little endian, as a 24 bit value. */
+        word32 t = (((word32)(r[0])) <<  0) |
+                   (((word32)(r[1])) <<  8) |
+                   (((word32)(r[2])) << 16);
+        word32 d;
+        /* Add second and third bits to first. */
+        d  = (t >> 0) & 0x00249249;
+        d += (t >> 1) & 0x00249249;
+        d += (t >> 2) & 0x00249249;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 4; j++) {
+            p[i + j] = ETA3_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA3_SUB(d, 0);
+        p[i + 1] = ETA3_SUB(d, 1);
+        p[i + 2] = ETA3_SUB(d, 2);
+        p[i + 3] = ETA3_SUB(d, 3);
+    #endif
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 3;
+    }
+#else
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 6 bytes, little endian, as a 48 bit value. */
+        word64 t = (((word64)(r[0])) <<  0) |
+                   (((word64)(r[1])) <<  8) |
+                   (((word64)(r[2])) << 16) |
+                   (((word64)(r[3])) << 24) |
+                   (((word64)(r[4])) << 32) |
+                   (((word64)(r[5])) << 40);
+        word64 d;
+        /* Add second and third bits to first. */
+        d  = (t >> 0) & 0x0000249249249249L;
+        d += (t >> 1) & 0x0000249249249249L;
+        d += (t >> 2) & 0x0000249249249249L;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+    #ifdef WOLFSSL_KYBER_SMALL
+        for (j = 0; j < 8; j++) {
+            p[i + j] = ETA3_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA3_SUB(d, 0);
+        p[i + 1] = ETA3_SUB(d, 1);
+        p[i + 2] = ETA3_SUB(d, 2);
+        p[i + 3] = ETA3_SUB(d, 3);
+        p[i + 4] = ETA3_SUB(d, 4);
+        p[i + 5] = ETA3_SUB(d, 5);
+        p[i + 6] = ETA3_SUB(d, 6);
+        p[i + 7] = ETA3_SUB(d, 7);
+    #endif
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 6;
+    }
+#endif /* WORD64_AVAILABLE */
+#else
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 16) {
+        const word32* r32 = (const word32*)r;
+        /* Take the next 12 bytes, little endian, as 24 bit values. */
+        word32 t0 =   r32[0]                          & 0xffffff;
+        word32 t1 = ((r32[0] >> 24) | (r32[1] <<  8)) & 0xffffff;
+        word32 t2 = ((r32[1] >> 16) | (r32[2] << 16)) & 0xffffff;
+        word32 t3 =   r32[2] >>  8                              ;
+        word32 d0;
+        word32 d1;
+        word32 d2;
+        word32 d3;
+
+        /* Add second and third bits to first. */
+        d0  = (t0 >> 0) & 0x00249249;
+        d0 += (t0 >> 1) & 0x00249249;
+        d0 += (t0 >> 2) & 0x00249249;
+        d1  = (t1 >> 0) & 0x00249249;
+        d1 += (t1 >> 1) & 0x00249249;
+        d1 += (t1 >> 2) & 0x00249249;
+        d2  = (t2 >> 0) & 0x00249249;
+        d2 += (t2 >> 1) & 0x00249249;
+        d2 += (t2 >> 2) & 0x00249249;
+        d3  = (t3 >> 0) & 0x00249249;
+        d3 += (t3 >> 1) & 0x00249249;
+        d3 += (t3 >> 2) & 0x00249249;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+        p[i +  0] = ETA3_SUB(d0, 0);
+        p[i +  1] = ETA3_SUB(d0, 1);
+        p[i +  2] = ETA3_SUB(d0, 2);
+        p[i +  3] = ETA3_SUB(d0, 3);
+        p[i +  4] = ETA3_SUB(d1, 0);
+        p[i +  5] = ETA3_SUB(d1, 1);
+        p[i +  6] = ETA3_SUB(d1, 2);
+        p[i +  7] = ETA3_SUB(d1, 3);
+        p[i +  8] = ETA3_SUB(d2, 0);
+        p[i +  9] = ETA3_SUB(d2, 1);
+        p[i + 10] = ETA3_SUB(d2, 2);
+        p[i + 11] = ETA3_SUB(d2, 3);
+        p[i + 12] = ETA3_SUB(d3, 0);
+        p[i + 13] = ETA3_SUB(d3, 1);
+        p[i + 14] = ETA3_SUB(d3, 2);
+        p[i + 15] = ETA3_SUB(d3, 3);
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 12;
+    }
+#endif /* WOLFSSL_SMALL_STACK || WOLFSSL_KYBER_NO_LARGE_CODE || BIG_ENDIAN_ORDER        */
+}
+#endif
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   9:     s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N))
+ *   ...
+ *  13:     e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N))
+ *   ...
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  10:     y[i] <- SamplePolyCBD_eta_1(PRF_eta_1(r, N))
+ *   ...
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @param  [in]       eta1  Size of noise/error integers.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed, byte eta1)
+{
+    int ret;
+
+    (void)eta1;
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if (eta1 == KYBER_CBD_ETA3) {
+        byte rand[ETA3_RAND_SIZE];
+
+        /* Calculate random bytes from seed with PRF. */
+        ret = kyber_prf(prf, rand, sizeof(rand), seed);
+        if (ret == 0) {
+            /* Sample for values in range -3..3 from 3 bits of random. */
+            kyber_cbd_eta3(p, rand);
+         }
+    }
+    else
+#endif
+    {
+        byte rand[ETA2_RAND_SIZE];
+
+        /* Calculate random bytes from seed with PRF. */
+        ret = kyber_prf(prf, rand, sizeof(rand), seed);
+        if (ret == 0) {
+            /* Sample for values in range -2..2 from 2 bits of random. */
+            kyber_cbd_eta2(p, rand);
+        }
+    }
+
+    return ret;
+}
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution. Values -2..2
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed)
+{
+    int ret;
+    byte rand[ETA2_RAND_SIZE];
+
+    /* Calculate random bytes from seed with PRF. */
+    ret = kyber_prf(prf, rand, sizeof(rand), seed);
+    if (ret == 0) {
+        kyber_cbd_eta2(p, rand);
+    }
+
+    return ret;
+}
+
+#endif
+
+#ifdef USE_INTEL_SPEEDUP
+#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \
+    defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
+{
+    int i;
+    word64 state[25 * 4];
+
+    for (i = 0; i < 4; i++) {
+        state[4*4 + i] = 0x1f00 + i + o;
+    }
+
+    kyber_sha3_256_blocksx4_seed_avx2(state, seed);
+    kyber_redistribute_16_rand_avx2(state, rand + 0 * ETA2_RAND_SIZE,
+        rand + 1 * ETA2_RAND_SIZE, rand + 2 * ETA2_RAND_SIZE,
+        rand + 3 * ETA2_RAND_SIZE);
+}
+#endif
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x4_eta3_avx2(byte* rand, byte* seed)
+{
+    word64 state[25 * 4];
+    int i;
+
+    state[4*4 + 0] = 0x1f00 + 0;
+    state[4*4 + 1] = 0x1f00 + 1;
+    state[4*4 + 2] = 0x1f00 + 2;
+    state[4*4 + 3] = 0x1f00 + 3;
+
+    kyber_sha3_256_blocksx4_seed_avx2(state, seed);
+    kyber_redistribute_17_rand_avx2(state, rand + 0 * PRF_RAND_SZ,
+        rand + 1 * PRF_RAND_SZ, rand + 2 * PRF_RAND_SZ,
+        rand + 3 * PRF_RAND_SZ);
+    i = SHA3_256_BYTES;
+    kyber_sha3_blocksx4_avx2(state);
+    kyber_redistribute_8_rand_avx2(state, rand + i + 0 * PRF_RAND_SZ,
+        rand + i + 1 * PRF_RAND_SZ, rand + i + 2 * PRF_RAND_SZ,
+        rand + i + 3 * PRF_RAND_SZ);
+}
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution. Values -2..2
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_eta2_avx2(KYBER_PRF_T* prf, sword16* p,
+    const byte* seed)
+{
+    int ret;
+    byte rand[ETA2_RAND_SIZE];
+
+    /* Calculate random bytes from seed with PRF. */
+    ret = kyber_prf(prf, rand, sizeof(rand), seed);
+    if (ret == 0) {
+        kyber_cbd_eta2_avx2(p, rand);
+    }
+
+    return ret;
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[4 * PRF_RAND_SZ];
+
+    kyber_get_noise_x4_eta3_avx2(rand, seed);
+    kyber_cbd_eta3_avx2(vec1          , rand + 0 * PRF_RAND_SZ);
+    kyber_cbd_eta3_avx2(vec1 + KYBER_N, rand + 1 * PRF_RAND_SZ);
+    if (poly == NULL) {
+        kyber_cbd_eta3_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
+        kyber_cbd_eta3_avx2(vec2 + KYBER_N, rand + 3 * PRF_RAND_SZ);
+    }
+    else {
+        kyber_cbd_eta2_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
+        kyber_cbd_eta2_avx2(vec2 + KYBER_N, rand + 3 * PRF_RAND_SZ);
+
+        seed[KYBER_SYM_SZ] = 4;
+        ret = kyber_get_noise_eta2_avx2(prf, poly, seed);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly,
+    byte* seed)
+{
+    byte rand[4 * ETA2_RAND_SIZE];
+
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 0);
+    kyber_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2              , rand + 3 * ETA2_RAND_SIZE);
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 4);
+    kyber_cbd_eta2_avx2(vec2 + 1 * KYBER_N, rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 2 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    if (poly != NULL) {
+        kyber_cbd_eta2_avx2(poly, rand + 2 * ETA2_RAND_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k4_avx2(KYBER_PRF_T* prf, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[4 * ETA2_RAND_SIZE];
+
+    (void)prf;
+
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 0);
+    kyber_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec1 + 3 * KYBER_N, rand + 3 * ETA2_RAND_SIZE);
+    kyber_get_noise_x4_eta2_avx2(rand, seed, 4);
+    kyber_cbd_eta2_avx2(vec2              , rand + 0 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
+    kyber_cbd_eta2_avx2(vec2 + 3 * KYBER_N, rand + 3 * ETA2_RAND_SIZE);
+    if (poly != NULL) {
+        seed[KYBER_SYM_SZ] = 8;
+        ret = kyber_get_noise_eta2_avx2(prf, poly, seed);
+    }
+
+    return ret;
+}
+#endif
+#endif /* USE_INTEL_SPEEDUP */
+
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+
+#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
+
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64* state = (word64*)rand;
+
+    state[0*25 + 4] = 0x1f00 + 0 + o;
+    state[1*25 + 4] = 0x1f00 + 1 + o;
+    state[2*25 + 4] = 0x1f00 + 2 + o;
+
+    kyber_shake256_blocksx3_seed_neon(state, seed);
+}
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void kyber_get_noise_x3_eta3_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64 state[3 * 25];
+
+    state[0*25 + 4] = 0x1f00 + 0 + o;
+    state[1*25 + 4] = 0x1f00 + 1 + o;
+    state[2*25 + 4] = 0x1f00 + 2 + o;
+
+    kyber_shake256_blocksx3_seed_neon(state, seed);
+    XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, SHA3_256_BYTES);
+    XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, SHA3_256_BYTES);
+    XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, SHA3_256_BYTES);
+    kyber_sha3_blocksx3_neon(state);
+    rand += SHA3_256_BYTES;
+    XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+    XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+    XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+}
+
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ * @return  0 on success.
+ */
+static void kyber_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64 state[25];
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    state[4] = 0x1f00 + o;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[16] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    XMEMCPY(rand                 , state, SHA3_256_BYTES);
+    BlockSha3(state);
+    XMEMCPY(rand + SHA3_256_BYTES, state, ETA3_RAND_SIZE - SHA3_256_BYTES);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[3 * 25 * 8];
+
+    kyber_get_noise_x3_eta3_aarch64(rand, seed, 0);
+    kyber_cbd_eta3(vec1          , rand + 0 * ETA3_RAND_SIZE);
+    kyber_cbd_eta3(vec1 + KYBER_N, rand + 1 * ETA3_RAND_SIZE);
+    if (poly == NULL) {
+        kyber_cbd_eta3(vec2          , rand + 2 * ETA3_RAND_SIZE);
+        kyber_get_noise_eta3_aarch64(rand, seed, 3);
+        kyber_cbd_eta3(vec2 + KYBER_N, rand                     );
+    }
+    else {
+        kyber_get_noise_x3_eta2_aarch64(rand, seed, 2);
+        kyber_cbd_eta2(vec2          , rand + 0 * 25 * 8);
+        kyber_cbd_eta2(vec2 + KYBER_N, rand + 1 * 25 * 8);
+        kyber_cbd_eta2(poly          , rand + 2 * 25 * 8);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ * @return  0 on success.
+ */
+static void kyber_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64* state = (word64*)rand;
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    /* Transposed value same as not. */
+    state[4] = 0x1f00 + o;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[16] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2,
+     sword16* poly, byte* seed)
+{
+    byte rand[3 * 25 * 8];
+
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 0);
+    kyber_cbd_eta2(vec1              , rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8);
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 3);
+    kyber_cbd_eta2(vec2              , rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 2 * 25 * 8);
+    if (poly != NULL) {
+        kyber_get_noise_eta2_aarch64(rand, seed, 6);
+        kyber_cbd_eta2(poly              , rand + 0 * 25 * 8);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_k4_aarch64(sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[3 * 25 * 8];
+
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 0);
+    kyber_cbd_eta2(vec1              , rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8);
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 3);
+    kyber_cbd_eta2(vec1 + 3 * KYBER_N, rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec2              , rand + 1 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 2 * 25 * 8);
+    kyber_get_noise_x3_eta2_aarch64(rand, seed, 6);
+    kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 0 * 25 * 8);
+    kyber_cbd_eta2(vec2 + 3 * KYBER_N, rand + 1 * 25 * 8);
+    if (poly != NULL) {
+        kyber_cbd_eta2(poly,               rand + 2 * 25 * 8);
+    }
+
+    return ret;
+}
+#endif
+#endif /* __aarch64__ && WOLFSSL_ARMASM */
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [in]       k     Number of polynomials in vector.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [in]       eta1  Size of noise/error integers with first vector.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [in]       eta2  Size of noise/error integers with second vector.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_c(KYBER_PRF_T* prf, int k, sword16* vec1, int eta1,
+    sword16* vec2, int eta2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    int i;
+
+    /* First noise generation has a seed with 0x00 appended. */
+    seed[KYBER_SYM_SZ] = 0;
+    /* Generate noise as private key. */
+    for (i = 0; (ret == 0) && (i < k); i++) {
+        /* Generate noise for each dimension of vector. */
+        ret = kyber_get_noise_eta1_c(prf, vec1 + i * KYBER_N, seed, eta1);
+        /* Increment value of appended byte. */
+        seed[KYBER_SYM_SZ]++;
+    }
+    if ((ret == 0) && (vec2 != NULL)) {
+        /* Generate noise for error. */
+        for (i = 0; (ret == 0) && (i < k); i++) {
+            /* Generate noise for each dimension of vector. */
+            ret = kyber_get_noise_eta1_c(prf, vec2 + i * KYBER_N, seed, eta2);
+            /* Increment value of appended byte. */
+            seed[KYBER_SYM_SZ]++;
+        }
+    }
+    else {
+        seed[KYBER_SYM_SZ] = 2 * k;
+    }
+    if ((ret == 0) && (poly != NULL)) {
+        /* Generating random error polynomial. */
+        ret = kyber_get_noise_eta2_c(prf, poly, seed);
+    }
+
+    return ret;
+}
+
+#endif /* __aarch64__ && WOLFSSL_ARMASM */
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [in]       k     Number of polynomials in vector.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+int kyber_get_noise(KYBER_PRF_T* prf, int k, sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret;
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if (k == KYBER512_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        if (poly == NULL) {
+            ret = kyber_get_noise_c(prf, k, vec1, KYBER_CBD_ETA3, vec2,
+                KYBER_CBD_ETA3, NULL, seed);
+        }
+        else {
+            ret = kyber_get_noise_c(prf, k, vec1, KYBER_CBD_ETA3, vec2,
+                KYBER_CBD_ETA2, poly, seed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+    if (k == KYBER768_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = kyber_get_noise_c(prf, k, vec1, KYBER_CBD_ETA2, vec2,
+                KYBER_CBD_ETA2, poly, seed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+    if (k == KYBER1024_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = kyber_get_noise_c(prf, k, vec1, KYBER_CBD_ETA2, vec2,
+                KYBER_CBD_ETA2, poly, seed);
+        }
+#endif
+    }
+    else
+#endif
+    {
+        ret = BAD_STATE_E;
+    }
+
+    (void)prf;
+
+    return ret;
+}
+
+#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [in]       k     Number of polynomials in vector.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @param  [in]       i     Index of vector to generate.
+ * @param  [in]       make  Indicates generation is for making a key.
+ * @return  0 on success.
+ */
+static int kyber_get_noise_i(KYBER_PRF_T* prf, int k, sword16* vec2,
+    byte* seed, int i, int make)
+{
+    int ret;
+
+    /* Initialize the PRF (generating matrix A leaves it in uninitialized
+     * state). */
+    kyber_prf_init(prf);
+
+    /* Set index of polynomial of second vector into seed. */
+    seed[KYBER_SYM_SZ] = k + i;
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if ((k == KYBER512_K) && make) {
+        ret = kyber_get_noise_eta1_c(prf, vec2, seed, KYBER_CBD_ETA3);
+    }
+    else
+#endif
+    {
+        ret = kyber_get_noise_eta1_c(prf, vec2, seed, KYBER_CBD_ETA2);
+    }
+
+    (void)make;
+    return ret;
+}
+#endif
+
+/******************************************************************************/
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+/* Compare two byte arrays of equal size.
+ *
+ * @param [in]  a   First array to compare.
+ * @param [in]  b   Second array to compare.
+ * @param [in]  sz  Size of arrays in bytes.
+ * @return  0 on success.
+ * @return  -1 on failure.
+ */
+static int kyber_cmp_c(const byte* a, const byte* b, int sz)
+{
+    int i;
+    byte r = 0;
+
+    /* Constant time comparison of the encapsulated message and cipher text. */
+    for (i = 0; i < sz; i++) {
+        r |= a[i] ^ b[i];
+    }
+    return 0 - ((-(word32)r) >> 31);
+}
+#endif
+
+/* Compare two byte arrays of equal size.
+ *
+ * @param [in]  a   First array to compare.
+ * @param [in]  b   Second array to compare.
+ * @param [in]  sz  Size of arrays in bytes.
+ * @return  0 on success.
+ * @return  -1 on failure.
+ */
+int kyber_cmp(const byte* a, const byte* b, int sz)
+{
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+    return kyber_cmp_neon(a, b, sz);
+#else
+    int fail;
+
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        fail = kyber_cmp_avx2(a, b, sz);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        fail = kyber_cmp_c(a, b, sz);
+    }
+
+    return fail;
+#endif
+}
+
+/******************************************************************************/
+
+#if !defined(WOLFSSL_ARMASM)
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
+{
+    unsigned int i;
+
+    for (i = 0; i < KYBER_N; ++i) {
+        sword16 t = p[i] - KYBER_Q;
+        /* When top bit set, -ve number - need to add q back. */
+        p[i] = ((t >> 15) & KYBER_Q) + t;
+    }
+}
+
+#elif defined(__aarch64__)
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+#define kyber_csubq_c   kyber_csubq_neon
+
+#elif defined(WOLFSSL_ARMASM_THUMB2)
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+#define kyber_csubq_c   kyber_thumb2_csubq
+
+#else
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+#define kyber_csubq_c   kyber_arm32_csubq
+
+#endif
+
+/******************************************************************************/
+
+#if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE)
+
+/* Compress value.
+ *
+ * Uses div operator that may be slow.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  s  Shift amount to apply to value being compressed.
+ * @param  [in]  m  Mask to apply get the require number of bits.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_VEC(v, i, j, k, s, m) \
+    ((((word32)v[i * KYBER_N + j + k] << s) + KYBER_Q_HALF) / KYBER_Q) & m
+
+/* Compress value to 10 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_10(v, i, j, k) \
+    TO_COMP_WORD_VEC(v, i, j, k, 10, 0x3ff)
+
+/* Compress value to 11 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_11(v, i, j, k) \
+    TO_COMP_WORD_VEC(v, i, j, k, 11, 0x7ff)
+
+#else
+
+/* Multiplier that does div q.
+ * ((1 << 53) + KYBER_Q_HALF) / KYBER_Q
+ */
+#define KYBER_V53         0x275f6ed0176UL
+/* Multiplier times half of q.
+ * KYBER_V53 * (KYBER_Q_HALF + 1)
+ */
+#define KYBER_V53_HALF    0x10013afb768076UL
+
+/* Multiplier that does div q.
+ * ((1 << 54) + KYBER_Q_HALF) / KYBER_Q
+ */
+#define KYBER_V54         0x4ebedda02ecUL
+/* Multiplier times half of q.
+ * KYBER_V54 * (KYBER_Q_HALF + 1)
+ */
+#define KYBER_V54_HALF    0x200275f6ed00ecUL
+
+/* Compress value to 10 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_10(v, i, j, k) \
+    ((((KYBER_V54 << 10) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V54_HALF) >> 54)
+
+/* Compress value to 11 bits.
+ *
+ * Uses mul instead of div.
+ * Only works for values in range: 0..3228
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_11(v, i, j, k) \
+    ((((KYBER_V53 << 11) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V53_HALF) >> 53)
+
+#endif /* CONV_WITH_DIV */
+
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Compress the vector of polynomials into a byte array with 10 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   v  Vector of polynomials.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int k)
+{
+    unsigned int i;
+    unsigned int j;
+
+    for (i = 0; i < k; i++) {
+        /* Reduce each coefficient to mod q. */
+        kyber_csubq_c(v + i * KYBER_N);
+        /* All values are now positive. */
+    }
+
+    /* Each polynomial. */
+    for (i = 0; i < k; i++) {
+#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_KYBER_NO_LARGE_CODE) || \
+    defined(BIG_ENDIAN_ORDER)
+        /* Each 4 polynomial coefficients. */
+        for (j = 0; j < KYBER_N; j += 4) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            unsigned int l;
+            sword16 t[4];
+            /* Compress four polynomial values to 10 bits each. */
+            for (l = 0; l < 4; l++) {
+                t[l] = TO_COMP_WORD_10(v, i, j, l);
+            }
+
+            /* Pack four 10-bit values into byte array. */
+            r[ 0] = (t[0] >> 0);
+            r[ 1] = (t[0] >> 8) | (t[1] << 2);
+            r[ 2] = (t[1] >> 6) | (t[2] << 4);
+            r[ 3] = (t[2] >> 4) | (t[3] << 6);
+            r[ 4] = (t[3] >> 2);
+        #else
+            /* Compress four polynomial values to 10 bits each. */
+            sword16 t0 = TO_COMP_WORD_10(v, i, j, 0);
+            sword16 t1 = TO_COMP_WORD_10(v, i, j, 1);
+            sword16 t2 = TO_COMP_WORD_10(v, i, j, 2);
+            sword16 t3 = TO_COMP_WORD_10(v, i, j, 3);
+
+            /* Pack four 10-bit values into byte array. */
+            r[ 0] = (t0 >> 0);
+            r[ 1] = (t0 >> 8) | (t1 << 2);
+            r[ 2] = (t1 >> 6) | (t2 << 4);
+            r[ 3] = (t2 >> 4) | (t3 << 6);
+            r[ 4] = (t3 >> 2);
+        #endif
+
+            /* Move over set bytes. */
+            r += 5;
+        }
+#else
+        /* Each 16 polynomial coefficients. */
+        for (j = 0; j < KYBER_N; j += 16) {
+            /* Compress four polynomial values to 10 bits each. */
+            sword16 t0  = TO_COMP_WORD_10(v, i, j, 0);
+            sword16 t1  = TO_COMP_WORD_10(v, i, j, 1);
+            sword16 t2  = TO_COMP_WORD_10(v, i, j, 2);
+            sword16 t3  = TO_COMP_WORD_10(v, i, j, 3);
+            sword16 t4  = TO_COMP_WORD_10(v, i, j, 4);
+            sword16 t5  = TO_COMP_WORD_10(v, i, j, 5);
+            sword16 t6  = TO_COMP_WORD_10(v, i, j, 6);
+            sword16 t7  = TO_COMP_WORD_10(v, i, j, 7);
+            sword16 t8  = TO_COMP_WORD_10(v, i, j, 8);
+            sword16 t9  = TO_COMP_WORD_10(v, i, j, 9);
+            sword16 t10 = TO_COMP_WORD_10(v, i, j, 10);
+            sword16 t11 = TO_COMP_WORD_10(v, i, j, 11);
+            sword16 t12 = TO_COMP_WORD_10(v, i, j, 12);
+            sword16 t13 = TO_COMP_WORD_10(v, i, j, 13);
+            sword16 t14 = TO_COMP_WORD_10(v, i, j, 14);
+            sword16 t15 = TO_COMP_WORD_10(v, i, j, 15);
+
+            word32* r32 = (word32*)r;
+            /* Pack sixteen 10-bit values into byte array. */
+            r32[0] =  t0        | ((word32)t1  << 10) | ((word32)t2  << 20) |
+                                  ((word32)t3  << 30);
+            r32[1] = (t3  >> 2) | ((word32)t4  <<  8) | ((word32)t5  << 18) |
+                                  ((word32)t6  << 28);
+            r32[2] = (t6  >> 4) | ((word32)t7  <<  6) | ((word32)t8  << 16) |
+                                  ((word32)t9  << 26);
+            r32[3] = (t9  >> 6) | ((word32)t10 <<  4) | ((word32)t11 << 14) |
+                                  ((word32)t12 << 24);
+            r32[4] = (t12 >> 8) | ((word32)t13 <<  2) | ((word32)t14 << 12) |
+                                  ((word32)t15 << 22);
+
+            /* Move over set bytes. */
+            r += 20;
+        }
+#endif
+    }
+}
+
+/* Compress the vector of polynomials into a byte array with 10 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   v  Vector of polynomials.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_vec_compress_10(byte* r, sword16* v, unsigned int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_compress_10_avx2(r, v, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_vec_compress_10_c(r, v, k);
+    }
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Compress the vector of polynomials into a byte array with 11 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ */
+static void kyber_vec_compress_11_c(byte* r, sword16* v)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int k;
+#endif
+
+    for (i = 0; i < 4; i++) {
+        /* Reduce each coefficient to mod q. */
+        kyber_csubq_c(v + i * KYBER_N);
+        /* All values are now positive. */
+    }
+
+    /* Each polynomial. */
+    for (i = 0; i < 4; i++) {
+        /* Each 8 polynomial coefficients. */
+        for (j = 0; j < KYBER_N; j += 8) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            sword16 t[8];
+            /* Compress eight polynomial values to 11 bits each. */
+            for (k = 0; k < 8; k++) {
+                t[k] = TO_COMP_WORD_11(v, i, j, k);
+            }
+
+            /* Pack eight 11-bit values into byte array. */
+            r[ 0] = (t[0] >>  0);
+            r[ 1] = (t[0] >>  8) | (t[1] << 3);
+            r[ 2] = (t[1] >>  5) | (t[2] << 6);
+            r[ 3] = (t[2] >>  2);
+            r[ 4] = (t[2] >> 10) | (t[3] << 1);
+            r[ 5] = (t[3] >>  7) | (t[4] << 4);
+            r[ 6] = (t[4] >>  4) | (t[5] << 7);
+            r[ 7] = (t[5] >>  1);
+            r[ 8] = (t[5] >>  9) | (t[6] << 2);
+            r[ 9] = (t[6] >>  6) | (t[7] << 5);
+            r[10] = (t[7] >>  3);
+        #else
+            /* Compress eight polynomial values to 11 bits each. */
+            sword16 t0 = TO_COMP_WORD_11(v, i, j, 0);
+            sword16 t1 = TO_COMP_WORD_11(v, i, j, 1);
+            sword16 t2 = TO_COMP_WORD_11(v, i, j, 2);
+            sword16 t3 = TO_COMP_WORD_11(v, i, j, 3);
+            sword16 t4 = TO_COMP_WORD_11(v, i, j, 4);
+            sword16 t5 = TO_COMP_WORD_11(v, i, j, 5);
+            sword16 t6 = TO_COMP_WORD_11(v, i, j, 6);
+            sword16 t7 = TO_COMP_WORD_11(v, i, j, 7);
+
+            /* Pack eight 11-bit values into byte array. */
+            r[ 0] = (t0 >>  0);
+            r[ 1] = (t0 >>  8) | (t1 << 3);
+            r[ 2] = (t1 >>  5) | (t2 << 6);
+            r[ 3] = (t2 >>  2);
+            r[ 4] = (t2 >> 10) | (t3 << 1);
+            r[ 5] = (t3 >>  7) | (t4 << 4);
+            r[ 6] = (t4 >>  4) | (t5 << 7);
+            r[ 7] = (t5 >>  1);
+            r[ 8] = (t5 >>  9) | (t6 << 2);
+            r[ 9] = (t6 >>  6) | (t7 << 5);
+            r[10] = (t7 >>  3);
+        #endif
+
+            /* Move over set bytes. */
+            r += 11;
+        }
+    }
+}
+
+/* Compress the vector of polynomials into a byte array with 11 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ */
+void kyber_vec_compress_11(byte* r, sword16* v)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_compress_11_avx2(r, v, 4);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_vec_compress_11_c(r, v);
+    }
+}
+#endif
+#endif /* !WOLFSSL_KYBER_NO_ENCAPSULATE || !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+/* Decompress a 10 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_10(v, i, j, k, t) \
+    v[(i) * KYBER_N + 4 * (j) + (k)] = \
+        (word16)((((word32)((t) & 0x3ff) * KYBER_Q) + 512) >> 10)
+
+/* Decompress an 11 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_11(v, i, j, k, t) \
+    v[(i) * KYBER_N + 8 * (j) + (k)] = \
+        (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11)
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Decompress the byte array of packed 10 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_vec_decompress_10_c(sword16* v, const byte* b, unsigned int k)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int l;
+#endif
+
+    /* Each polynomial. */
+    for (i = 0; i < k; i++) {
+        /* Each 4 polynomial coefficients. */
+        for (j = 0; j < KYBER_N / 4; j++) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            word16 t[4];
+            /* Extract out 4 values of 10 bits each. */
+            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            t[1] = (b[1] >> 2) | ((word16)b[ 2] << 6);
+            t[2] = (b[2] >> 4) | ((word16)b[ 3] << 4);
+            t[3] = (b[3] >> 6) | ((word16)b[ 4] << 2);
+            b += 5;
+
+            /* Decompress 4 values. */
+            for (l = 0; l < 4; l++) {
+                DECOMP_10(v, i, j, l, t[l]);
+            }
+        #else
+            /* Extract out 4 values of 10 bits each. */
+            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            sword16 t1 = (b[1] >> 2) | ((word16)b[ 2] << 6);
+            sword16 t2 = (b[2] >> 4) | ((word16)b[ 3] << 4);
+            sword16 t3 = (b[3] >> 6) | ((word16)b[ 4] << 2);
+            b += 5;
+
+            /* Decompress 4 values. */
+            DECOMP_10(v, i, j, 0, t0);
+            DECOMP_10(v, i, j, 1, t1);
+            DECOMP_10(v, i, j, 2, t2);
+            DECOMP_10(v, i, j, 3, t3);
+        #endif
+        }
+    }
+}
+
+/* Decompress the byte array of packed 10 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_vec_decompress_10(sword16* v, const byte* b, unsigned int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_decompress_10_avx2(v, b, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_vec_decompress_10_c(v, b, k);
+    }
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Decompress the byte array of packed 11 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ */
+static void kyber_vec_decompress_11_c(sword16* v, const byte* b)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int l;
+#endif
+
+    /* Each polynomial. */
+    for (i = 0; i < 4; i++) {
+        /* Each 8 polynomial coefficients. */
+        for (j = 0; j < KYBER_N / 8; j++) {
+        #ifdef WOLFSSL_KYBER_SMALL
+            word16 t[8];
+            /* Extract out 8 values of 11 bits each. */
+            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            t[1] = (b[1] >> 3) | ((word16)b[ 2] << 5);
+            t[2] = (b[2] >> 6) | ((word16)b[ 3] << 2) |
+                   ((word16)b[4] << 10);
+            t[3] = (b[4] >> 1) | ((word16)b[ 5] << 7);
+            t[4] = (b[5] >> 4) | ((word16)b[ 6] << 4);
+            t[5] = (b[6] >> 7) | ((word16)b[ 7] << 1) |
+                   ((word16)b[8] <<  9);
+            t[6] = (b[8] >> 2) | ((word16)b[ 9] << 6);
+            t[7] = (b[9] >> 5) | ((word16)b[10] << 3);
+            b += 11;
+
+            /* Decompress 8 values. */
+            for (l = 0; l < 8; l++) {
+                DECOMP_11(v, i, j, l, t[l]);
+            }
+        #else
+            /* Extract out 8 values of 11 bits each. */
+            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            sword16 t1 = (b[1] >> 3) | ((word16)b[ 2] << 5);
+            sword16 t2 = (b[2] >> 6) | ((word16)b[ 3] << 2) |
+                   ((word16)b[4] << 10);
+            sword16 t3 = (b[4] >> 1) | ((word16)b[ 5] << 7);
+            sword16 t4 = (b[5] >> 4) | ((word16)b[ 6] << 4);
+            sword16 t5 = (b[6] >> 7) | ((word16)b[ 7] << 1) |
+                   ((word16)b[8] <<  9);
+            sword16 t6 = (b[8] >> 2) | ((word16)b[ 9] << 6);
+            sword16 t7 = (b[9] >> 5) | ((word16)b[10] << 3);
+            b += 11;
+
+            /* Decompress 8 values. */
+            DECOMP_11(v, i, j, 0, t0);
+            DECOMP_11(v, i, j, 1, t1);
+            DECOMP_11(v, i, j, 2, t2);
+            DECOMP_11(v, i, j, 3, t3);
+            DECOMP_11(v, i, j, 4, t4);
+            DECOMP_11(v, i, j, 5, t5);
+            DECOMP_11(v, i, j, 6, t6);
+            DECOMP_11(v, i, j, 7, t7);
+        #endif
+        }
+    }
+}
+
+/* Decompress the byte array of packed 11 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ */
+void kyber_vec_decompress_11(sword16* v, const byte* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_decompress_11_avx2(v, b, 4);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_vec_decompress_11_c(v, b);
+    }
+}
+#endif
+#endif /* !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#ifdef CONV_WITH_DIV
+
+/* Compress value.
+ *
+ * Uses div operator that may be slow.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  s  Shift amount to apply to value being compressed.
+ * @param  [in]  m  Mask to apply get the require number of bits.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD(v, i, j, s, m) \
+    ((((word32)v[i + j] << s) + KYBER_Q_HALF) / KYBER_Q) & m
+
+/* Compress value to 4 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_4(p, i, j) \
+    TO_COMP_WORD(p, i, j, 4, 0xf)
+
+/* Compress value to 5 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_5(p, i, j) \
+    TO_COMP_WORD(p, i, j, 5, 0x1f)
+
+#else
+
+/* Multiplier that does div q. */
+#define KYBER_V28         ((word32)(((1U << 28) + KYBER_Q_HALF)) / KYBER_Q)
+/* Multiplier times half of q. */
+#define KYBER_V28_HALF    ((word32)(KYBER_V28 * (KYBER_Q_HALF + 1)))
+
+/* Multiplier that does div q. */
+#define KYBER_V27         ((word32)(((1U << 27) + KYBER_Q_HALF)) / KYBER_Q)
+/* Multiplier times half of q. */
+#define KYBER_V27_HALF    ((word32)(KYBER_V27 * KYBER_Q_HALF))
+
+/* Compress value to 4 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_4(p, i, j) \
+    ((((KYBER_V28 << 4) * (p)[(i) + (j)]) + KYBER_V28_HALF) >> 28)
+
+/* Compress value to 5 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_5(p, i, j) \
+    ((((KYBER_V27 << 5) * (p)[(i) + (j)]) + KYBER_V27_HALF) >> 27)
+
+#endif /* CONV_WITH_DIV */
+
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Compress a polynomial into byte array - on coefficients into 4 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+static void kyber_compress_4_c(byte* b, sword16* p)
+{
+    unsigned int i;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int j;
+    byte t[8];
+#endif
+
+    /* Reduce each coefficients to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    /* Each 8 polynomial coefficients. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        /* Compress eight polynomial values to 4 bits each. */
+        for (j = 0; j < 8; j++) {
+            t[j] = TO_COMP_WORD_4(p, i, j);
+        }
+
+        b[0] = t[0] | (t[1] << 4);
+        b[1] = t[2] | (t[3] << 4);
+        b[2] = t[4] | (t[5] << 4);
+        b[3] = t[6] | (t[7] << 4);
+    #else
+        /* Compress eight polynomial values to 4 bits each. */
+        byte t0 = TO_COMP_WORD_4(p, i, 0);
+        byte t1 = TO_COMP_WORD_4(p, i, 1);
+        byte t2 = TO_COMP_WORD_4(p, i, 2);
+        byte t3 = TO_COMP_WORD_4(p, i, 3);
+        byte t4 = TO_COMP_WORD_4(p, i, 4);
+        byte t5 = TO_COMP_WORD_4(p, i, 5);
+        byte t6 = TO_COMP_WORD_4(p, i, 6);
+        byte t7 = TO_COMP_WORD_4(p, i, 7);
+
+        /* Pack eight 4-bit values into byte array. */
+        b[0] = t0 | (t1 << 4);
+        b[1] = t2 | (t3 << 4);
+        b[2] = t4 | (t5 << 4);
+        b[3] = t6 | (t7 << 4);
+    #endif
+
+        /* Move over set bytes. */
+        b += 4;
+    }
+}
+
+/* Compress a polynomial into byte array - on coefficients into 4 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+void kyber_compress_4(byte* b, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_compress_4_avx2(b, p);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_compress_4_c(b, p);
+    }
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Compress a polynomial into byte array - on coefficients into 5 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+static void kyber_compress_5_c(byte* b, sword16* p)
+{
+    unsigned int i;
+#ifdef WOLFSSL_KYBER_SMALL
+    unsigned int j;
+    byte t[8];
+#endif
+
+    /* Reduce each coefficients to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        /* Compress eight polynomial values to 5 bits each. */
+        for (j = 0; j < 8; j++) {
+            t[j] = TO_COMP_WORD_5(p, i, j);
+        }
+
+        /* Pack 5 bits into byte array. */
+        b[0] = (t[0] >> 0) | (t[1] << 5);
+        b[1] = (t[1] >> 3) | (t[2] << 2) | (t[3] << 7);
+        b[2] = (t[3] >> 1) | (t[4] << 4);
+        b[3] = (t[4] >> 4) | (t[5] << 1) | (t[6] << 6);
+        b[4] = (t[6] >> 2) | (t[7] << 3);
+    #else
+        /* Compress eight polynomial values to 5 bits each. */
+        byte t0 = TO_COMP_WORD_5(p, i, 0);
+        byte t1 = TO_COMP_WORD_5(p, i, 1);
+        byte t2 = TO_COMP_WORD_5(p, i, 2);
+        byte t3 = TO_COMP_WORD_5(p, i, 3);
+        byte t4 = TO_COMP_WORD_5(p, i, 4);
+        byte t5 = TO_COMP_WORD_5(p, i, 5);
+        byte t6 = TO_COMP_WORD_5(p, i, 6);
+        byte t7 = TO_COMP_WORD_5(p, i, 7);
+
+        /* Pack eight 5-bit values into byte array. */
+        b[0] = (t0 >> 0) | (t1 << 5);
+        b[1] = (t1 >> 3) | (t2 << 2) | (t3 << 7);
+        b[2] = (t3 >> 1) | (t4 << 4);
+        b[3] = (t4 >> 4) | (t5 << 1) | (t6 << 6);
+        b[4] = (t6 >> 2) | (t7 << 3);
+    #endif
+
+        /* Move over set bytes. */
+        b += 5;
+    }
+}
+
+/* Compress a polynomial into byte array - on coefficients into 5 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+void kyber_compress_5(byte* b, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_compress_5_avx2(b, p);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_compress_5_c(b, p);
+    }
+}
+#endif
+#endif /* !WOLFSSL_KYBER_NO_ENCAPSULATE || !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+/* Decompress a 4 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_4(p, i, j, t) \
+    p[(i) + (j)] = ((word16)((t) * KYBER_Q) + 8) >> 4
+
+/* Decompress a 5 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_5(p, i, j, t) \
+    p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Decompress the byte array of packed 4 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+static void kyber_decompress_4_c(sword16* p, const byte* b)
+{
+    unsigned int i;
+
+    /* 2 coefficients at a time. */
+    for (i = 0; i < KYBER_N; i += 2) {
+        /* 2 coefficients decompressed from one byte. */
+        DECOMP_4(p, i, 0, b[0] & 0xf);
+        DECOMP_4(p, i, 1, b[0] >>  4);
+        b += 1;
+    }
+}
+
+/* Decompress the byte array of packed 4 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+void kyber_decompress_4(sword16* p, const byte* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_decompress_4_avx2(p, b);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_decompress_4_c(p, b);
+    }
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Decompress the byte array of packed 5 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+static void kyber_decompress_5_c(sword16* p, const byte* b)
+{
+    unsigned int i;
+
+    /* Each 8 polynomial coefficients. */
+    for (i = 0; i < KYBER_N; i += 8) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+        byte t[8];
+
+        /* Extract out 8 values of 5 bits each. */
+        t[0] = (b[0] >> 0);
+        t[1] = (b[0] >> 5) | (b[1] << 3);
+        t[2] = (b[1] >> 2);
+        t[3] = (b[1] >> 7) | (b[2] << 1);
+        t[4] = (b[2] >> 4) | (b[3] << 4);
+        t[5] = (b[3] >> 1);
+        t[6] = (b[3] >> 6) | (b[4] << 2);
+        t[7] = (b[4] >> 3);
+        b += 5;
+
+        /* Decompress 8 values. */
+        for (j = 0; j < 8; j++) {
+            DECOMP_5(p, i, j, t[j]);
+        }
+    #else
+        /* Extract out 8 values of 5 bits each. */
+        byte t0 = (b[0] >> 0);
+        byte t1 = (b[0] >> 5) | (b[1] << 3);
+        byte t2 = (b[1] >> 2);
+        byte t3 = (b[1] >> 7) | (b[2] << 1);
+        byte t4 = (b[2] >> 4) | (b[3] << 4);
+        byte t5 = (b[3] >> 1);
+        byte t6 = (b[3] >> 6) | (b[4] << 2);
+        byte t7 = (b[4] >> 3);
+        b += 5;
+
+        /* Decompress 8 values. */
+        DECOMP_5(p, i, 0, t0);
+        DECOMP_5(p, i, 1, t1);
+        DECOMP_5(p, i, 2, t2);
+        DECOMP_5(p, i, 3, t3);
+        DECOMP_5(p, i, 4, t4);
+        DECOMP_5(p, i, 5, t5);
+        DECOMP_5(p, i, 6, t6);
+        DECOMP_5(p, i, 7, t7);
+    #endif
+    }
+}
+
+/* Decompress the byte array of packed 5 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+void kyber_decompress_5(sword16* p, const byte* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_decompress_5_avx2(p, b);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_decompress_5_c(p, b);
+    }
+}
+#endif
+#endif /* !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+/******************************************************************************/
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+/* Convert bit from byte to 0 or (KYBER_Q + 1) / 2.
+ *
+ * Constant time implementation.
+ * XOR in kyber_opt_blocker to ensure optimizer doesn't know what will be ANDed
+ * with KYBER_Q_1_HALF and can't optimize to non-constant time code.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial to hold converted value.
+ * @param  [in]   msg  Message to get bit from byte from.
+ * @param  [in]   i    Index of byte from message.
+ * @param  [in]   j    Index of bit in byte.
+ */
+#define FROM_MSG_BIT(p, msg, i, j) \
+    ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
+                          kyber_opt_blocker) & KYBER_Q_1_HALF)
+
+/* Convert message to polynomial.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+static void kyber_from_msg_c(sword16* p, const byte* msg)
+{
+    unsigned int i;
+
+    /* For each byte of the message. */
+    for (i = 0; i < KYBER_N / 8; i++) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+        /* For each bit of the message. */
+        for (j = 0; j < 8; j++) {
+            FROM_MSG_BIT(p, msg, i, j);
+        }
+    #else
+        FROM_MSG_BIT(p, msg, i, 0);
+        FROM_MSG_BIT(p, msg, i, 1);
+        FROM_MSG_BIT(p, msg, i, 2);
+        FROM_MSG_BIT(p, msg, i, 3);
+        FROM_MSG_BIT(p, msg, i, 4);
+        FROM_MSG_BIT(p, msg, i, 5);
+        FROM_MSG_BIT(p, msg, i, 6);
+        FROM_MSG_BIT(p, msg, i, 7);
+    #endif
+    }
+}
+
+/* Convert message to polynomial.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+void kyber_from_msg(sword16* p, const byte* msg)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        kyber_from_msg_avx2(p, msg);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_from_msg_c(p, msg);
+    }
+}
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+#ifdef CONV_WITH_DIV
+
+/* Convert to value to bit.
+ *
+ * Uses div operator that may be slow.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  m   Message.
+ * @param  [in]   p   Polynomial.
+ * @param  [in]   i   Index of byte in message.
+ * @param  [in]   j   Index of bit in byte.
+ */
+#define TO_MSG_BIT(m, p, i, j) \
+    m[i] |= (((((sword16)p[8 * i + j] << 1) + KYBER_Q_HALF) / KYBER_Q) & 1) << j
+
+#else
+
+/* Multiplier that does div q. */
+#define KYBER_V31       (((1U << 31) + (KYBER_Q / 2)) / KYBER_Q)
+/* 2 * multiplier that does div q. Only need bit 32 of result. */
+#define KYBER_V31_2     ((word32)(KYBER_V31 * 2))
+/* Multiplier times half of q. */
+#define KYBER_V31_HALF    ((word32)(KYBER_V31 * KYBER_Q_HALF))
+
+/* Convert to value to bit.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  m   Message.
+ * @param  [in]   p   Polynomial.
+ * @param  [in]   i   Index of byte in message.
+ * @param  [in]   j   Index of bit in byte.
+ */
+#define TO_MSG_BIT(m, p, i, j) \
+    (m)[i] |= ((word32)((KYBER_V31_2 * (p)[8 * (i) + (j)]) + KYBER_V31_HALF) >> 31) << (j)
+
+#endif /* CONV_WITH_DIV */
+
+/* Convert polynomial to message.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+static void kyber_to_msg_c(byte* msg, sword16* p)
+{
+    unsigned int i;
+
+    /* Reduce each coefficient to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now in range. */
+
+    for (i = 0; i < KYBER_N / 8; i++) {
+    #ifdef WOLFSSL_KYBER_SMALL
+        unsigned int j;
+        msg[i] = 0;
+        for (j = 0; j < 8; j++) {
+            TO_MSG_BIT(msg, p, i, j);
+        }
+    #else
+        msg[i] = 0;
+        TO_MSG_BIT(msg, p, i, 0);
+        TO_MSG_BIT(msg, p, i, 1);
+        TO_MSG_BIT(msg, p, i, 2);
+        TO_MSG_BIT(msg, p, i, 3);
+        TO_MSG_BIT(msg, p, i, 4);
+        TO_MSG_BIT(msg, p, i, 5);
+        TO_MSG_BIT(msg, p, i, 6);
+        TO_MSG_BIT(msg, p, i, 7);
+    #endif
+    }
+}
+
+/* Convert polynomial to message.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+void kyber_to_msg(byte* msg, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        /* Convert the polynomial into a array of bytes (message). */
+        kyber_to_msg_avx2(msg, p);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_to_msg_c(msg, p);
+    }
+}
+#endif /* !WOLFSSL_KYBER_NO_DECAPSULATE */
+#else
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+/* Convert message to polynomial.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+void kyber_from_msg(sword16* p, const byte* msg)
+{
+    kyber_from_msg_neon(p, msg);
+}
+#endif /* !WOLFSSL_KYBER_NO_ENCAPSULATE || !WOLFSSL_KYBER_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+/* Convert polynomial to message.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+void kyber_to_msg(byte* msg, sword16* p)
+{
+    kyber_to_msg_neon(msg, p);
+}
+#endif /* WOLFSSL_KYBER_NO_DECAPSULATE */
+#endif /* !(__aarch64__ && WOLFSSL_ARMASM) */
+
+/******************************************************************************/
+
+/* Convert bytes to polynomial.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in decoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_from_bytes_c(sword16* p, const byte* b, int k)
+{
+    int i;
+    int j;
+
+    for (j = 0; j < k; j++) {
+        for (i = 0; i < KYBER_N / 2; i++) {
+            p[2 * i + 0] = ((b[3 * i + 0] >> 0) |
+                            ((word16)b[3 * i + 1] << 8)) & 0xfff;
+            p[2 * i + 1] = ((b[3 * i + 1] >> 4) |
+                            ((word16)b[3 * i + 2] << 4)) & 0xfff;
+        }
+        p += KYBER_N;
+        b += KYBER_POLY_SIZE;
+    }
+}
+
+/* Convert bytes to polynomial.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in decoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_from_bytes(sword16* p, const byte* b, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        int i;
+
+        for (i = 0; i < k; i++) {
+            kyber_from_bytes_avx2(p, b);
+            p += KYBER_N;
+            b += KYBER_POLY_SIZE;
+        }
+
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_from_bytes_c(p, b, k);
+    }
+}
+
+/* Convert polynomial to bytes.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in encoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   p  Polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void kyber_to_bytes_c(byte* b, sword16* p, int k)
+{
+    int i;
+    int j;
+
+    /* Reduce each coefficient to mod q. */
+    kyber_csubq_c(p);
+    /* All values are now positive. */
+
+    for (j = 0; j < k; j++) {
+        for (i = 0; i < KYBER_N / 2; i++) {
+            word16 t0 = p[2 * i];
+            word16 t1 = p[2 * i + 1];
+            b[3 * i + 0] = (t0 >> 0);
+            b[3 * i + 1] = (t0 >> 8) | t1 << 4;
+            b[3 * i + 2] = (t1 >> 4);
+        }
+        p += KYBER_N;
+        b += KYBER_POLY_SIZE;
+    }
+}
+
+/* Convert polynomial to bytes.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in encoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   p  Polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void kyber_to_bytes(byte* b, sword16* p, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        int i;
+
+        for (i = 0; i < k; i++) {
+            kyber_to_bytes_avx2(b, p);
+            p += KYBER_N;
+            b += KYBER_POLY_SIZE;
+        }
+
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        kyber_to_bytes_c(b, p, k);
+    }
+}
+
+#endif /* WOLFSSL_WC_KYBER */
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
index 60e8519d9..faa69987d 100644
--- a/wolfcrypt/src/wc_lms.c
+++ b/wolfcrypt/src/wc_lms.c
@@ -1,6 +1,6 @@
 /* wc_lms.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,1249 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_HAVE_LMS
-    #error "Contact wolfSSL to get the implementation of this file"
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
 #endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
+#include <wolfssl/wolfcrypt/wc_lms.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+
+/* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8.
+ *
+ * @param [in] w  Winternitz width.
+ */
+#define LMS_U(w, hLen)              \
+    (8 * (hLen) / (w))
+/* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8.
+ *
+ * @param [in] w   Winternitz width.
+ * @param [in] wb  Winternitz width length in bits.
+ */
+#define LMS_V(w, wb)                \
+    (2 + (8 - (wb)) / (w))
+/* Calculate ls. Appendix B. Works for w of 1, 2, 4, or 8.
+ *
+ * @param [in] w   Winternitz width.
+ * @param [in] wb  Winternitz width length in bits.
+ */
+#define LMS_LS(w, wb)               \
+    (16 - LMS_V(w, wb) * (w))
+/* Calculate p. Appendix B. Works for w of 1, 2, 4, or 8.
+ *
+ * @param [in] w   Winternitz width.
+ * @param [in] wb  Winternitz width length in bits.
+ */
+#define LMS_P(w, wb, hLen)          \
+    (LMS_U(w, hLen) + LMS_V(w, wb))
+/* Calculate signature length.
+ *
+ * @param [in] l  Number of levels.
+ * @param [in] h  Height of the trees.
+ * @param [in] p  Number of n-byte string elements in signature for a tree.
+ */
+#define LMS_PARAMS_SIG_LEN(l, h, p, hLen)               \
+    (4 + (l) * (4 + 4 + 4 + (hLen) * (1 + (p) + (h))) + \
+     ((l) - 1) * LMS_PUBKEY_LEN(hLen))
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+    /* Root levels and leaf cache bits. */
+    #define LMS_PARAMS_CACHE(h)                             \
+        (((h) < LMS_ROOT_LEVELS) ? (h) : LMS_ROOT_LEVELS),  \
+        (((h) < LMS_CACHE_BITS ) ? (h) : LMS_CACHE_BITS )
+#else
+    /* Root levels and leaf cache bits aren't in structure. */
+    #define LMS_PARAMS_CACHE(h) /* null expansion */
+#endif
+
+/* Define parameters entry for LMS.
+ *
+ * @param [in] l   Number of levels.
+ * @param [in] h   Height of the trees.
+ * @param [in] w   Winternitz width.
+ * @param [in] wb  Winternitz width length in bits.
+ * @param [in] t   LMS type.
+ * @param [in] t2  LM-OTS type.
+ */
+#define LMS_PARAMS(l, h, w, wb, t, t2, hLen)                \
+    { l, h, w, LMS_LS(w, wb), LMS_P(w, wb, hLen), t, t2,    \
+      LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb, hLen), hLen),   \
+      (hLen), LMS_PARAMS_CACHE(h) }
+
+
+/* Initialize the working state for LMS operations.
+ *
+ * @param [in, out] state   LMS state.
+ * @param [in]      params  LMS parameters.
+ */
+static int wc_lmskey_state_init(LmsState* state, const LmsParams* params)
+{
+    int ret;
+
+    /* Zero out every field. */
+    XMEMSET(state, 0, sizeof(LmsState));
+
+    /* Keep a reference to the parameters for use in operations. */
+    state->params = params;
+
+    /* Initialize the two hash algorithms. */
+    ret = wc_InitSha256(&state->hash);
+    if (ret == 0) {
+        ret = wc_InitSha256(&state->hash_k);
+        if (ret != 0) {
+            wc_Sha256Free(&state->hash);
+        }
+    }
+
+    return ret;
+}
+
+/* Free the working state for LMS operations.
+ *
+ * @param [in] state  LMS state.
+ */
+static void wc_lmskey_state_free(LmsState* state)
+{
+    wc_Sha256Free(&state->hash_k);
+    wc_Sha256Free(&state->hash);
+}
+
+/* Supported LMS parameters. */
+static const wc_LmsParamsMap wc_lms_map[] = {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
+#if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_NONE     , "LMS_NONE"         ,
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2",
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4",
+      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_LEVELS >= 2
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2",
+      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4",
+      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8",
+      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 3
+    { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" ,
+      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" ,
+      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" ,
+      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4",
+      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 4
+    { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" ,
+      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+
+    /* For when user sets L, H, W explicitly. */
+    { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" ,
+      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" ,
+      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" ,
+      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" ,
+      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2",
+      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4",
+      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8",
+      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8",
+      LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_HEIGHT >= 20
+    { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2",
+      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4",
+      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8",
+      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_LEVELS >= 2
+    { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" ,
+      LMS_PARAMS(2,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" ,
+      LMS_PARAMS(2,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" ,
+      LMS_PARAMS(2,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2",
+      LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4",
+      LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8",
+      LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_HEIGHT >= 20
+    { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2",
+      LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4",
+      LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8",
+      LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 3
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8",
+      LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 4
+    { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" ,
+      LMS_PARAMS(4,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" ,
+      LMS_PARAMS(4,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4",
+      LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
+    { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8",
+      LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
+#endif
+#endif
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+#if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2",
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4",
+      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_LEVELS >= 2
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2",
+      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4",
+      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8",
+      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 3
+    { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" ,
+      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" ,
+      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" ,
+      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4",
+      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 4
+    { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" ,
+      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+
+    { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" ,
+      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" ,
+      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" ,
+      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" ,
+      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2",
+      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4",
+      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8",
+      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_HEIGHT >= 20
+    { WC_LMS_PARM_SHA256_192_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2",
+      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4",
+      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8",
+      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif /* WOLFSSL_LMS_SHA256_192 */
+};
+/* Number of parameter sets supported. */
+#define WC_LMS_MAP_LEN      ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map)))
+
+/* Initialize LMS key.
+ *
+ * Call this before setting the params of an LMS key.
+ *
+ * @param [out] key    LMS key to initialize.
+ * @param [in]  heap   Heap hint.
+ * @param [in]  devId  Device identifier.
+ *                     Use INVALID_DEVID when not using a device.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ */
+int wc_LmsKey_Init(LmsKey* key, void* heap, int devId)
+{
+    int ret = 0;
+
+    (void)heap;
+    (void)devId;
+
+    /* Validate parameters. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Zeroize the key data. */
+        ForceZero(key, sizeof(LmsKey));
+
+    #ifndef WOLFSSL_LMS_VERIFY_ONLY
+        /* Initialize other fields. */
+        key->write_private_key = NULL;
+        key->read_private_key = NULL;
+        key->context = NULL;
+        key->heap = heap;
+    #endif
+    #ifdef WOLF_CRYPTO_CB
+        key->devId = devId;
+    #endif
+        /* Start in initialized state. */
+        key->state = WC_LMS_STATE_INITED;
+    }
+
+    return ret;
+}
+
+/* Get the string representation of the LMS parameter set.
+ *
+ * @param [in] lmsParm  LMS parameter set identifier.
+ * @return  String representing LMS parameter set on success.
+ * @return  NULL when parameter set not supported.
+ */
+const char* wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm)
+{
+    const char* str = NULL;
+    int i;
+
+    /* Search through table for matching numeric identifier. */
+    for (i = 0; i < WC_LMS_MAP_LEN; i++) {
+        if (lmsParm == wc_lms_map[i].id) {
+            /* Get string corresponding to numeric identifier. */
+            str = wc_lms_map[i].str;
+            break;
+        }
+    }
+
+    /* Return the string or NULL. */
+    return str;
+}
+
+/* Set the wc_LmsParm of an LMS key.
+ *
+ * Use this if you wish to set a key with a predefined parameter set,
+ * such as WC_LMS_PARM_L2_H10_W8.
+ *
+ * Key must be inited before calling this.
+ *
+ * @param [in, out] key      LMS key to set parameters on.
+ * @param [in]      lmsParm  Identifier of parameters.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  BAD_FUNC_ARG when parameters not supported.
+ */
+int wc_LmsKey_SetLmsParm(LmsKey* key, enum wc_LmsParm lmsParm)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Check state is valid. */
+    if ((ret == 0) && (key->state != WC_LMS_STATE_INITED)) {
+        WOLFSSL_MSG("error: LmsKey needs init");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        int i;
+
+        ret = BAD_FUNC_ARG;
+        /* Search through table for matching numeric identifier. */
+        for (i = 0; i < WC_LMS_MAP_LEN; i++) {
+            if (lmsParm == wc_lms_map[i].id) {
+                /* Set the parameters into the key. */
+                key->params = &wc_lms_map[i].params;
+                ret = 0;
+                break;
+            }
+        }
+    }
+
+    if (ret == 0) {
+        /* Move the state to params set.
+         * Key is ready for MakeKey or Reload. */
+        key->state = WC_LMS_STATE_PARMSET;
+    }
+
+    return ret;
+}
+
+/* Set the parameters of an LMS key.
+ *
+ * Use this if you wish to set specific parameters not found in the
+ * wc_LmsParm predefined sets. See comments in lms.h for allowed
+ * parameters.
+ *
+ * Key must be inited before calling this.
+ *
+ * @param [in, out] key         LMS key to set parameters on.
+ * @param [in]      levels      Number of tree levels.
+ * @param [in]      height      Height of each tree.
+ * @param [in]      winternitz  Width or Winternitz coefficient.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ * @return  BAD_FUNC_ARG when parameters not supported.
+ * */
+int wc_LmsKey_SetParameters(LmsKey* key, int levels, int height,
+    int winternitz)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Check state is valid. */
+    if ((ret == 0) && (key->state != WC_LMS_STATE_INITED)) {
+        WOLFSSL_MSG("error: LmsKey needs init");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        int i;
+
+        ret = BAD_FUNC_ARG;
+        /* Search through table for matching levels, height and width. */
+        for (i = 0; i < WC_LMS_MAP_LEN; i++) {
+            if ((levels == wc_lms_map[i].params.levels) &&
+                    (height == wc_lms_map[i].params.height) &&
+                    (winternitz == wc_lms_map[i].params.width)) {
+                /* Set the parameters into the key. */
+                key->params = &wc_lms_map[i].params;
+                ret = 0;
+                break;
+            }
+        }
+    }
+
+    if (ret == 0) {
+        /* Move the state to params set.
+         * Key is ready for MakeKey or Reload. */
+        key->state = WC_LMS_STATE_PARMSET;
+    }
+
+    return ret;
+}
+
+/* Get the parameters of an LMS key.
+ *
+ * Key must be inited and parameters set before calling this.
+ *
+ * @param [in]  key         LMS key.
+ * @param [out] levels      Number of levels of trees.
+ * @param [out] height      Height of the trees.
+ * @param [out] winternitz  Winternitz width.
+ * Returns 0 on success.
+ * */
+int wc_LmsKey_GetParameters(const LmsKey* key, int* levels, int* height,
+    int* winternitz)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (levels == NULL) || (height == NULL) ||
+            (winternitz == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Validate the parameters are available. */
+    if ((ret == 0) && (key->params == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Set the levels, height and Winternitz width from parameters. */
+        *levels = key->params->levels;
+        *height = key->params->height;
+        *winternitz = key->params->width;
+    }
+
+    return ret;
+}
+
+/* Frees the LMS key from memory.
+ *
+ * This does not affect the private key saved to non-volatile storage.
+ *
+ * @param [in, out] key  LMS key to free.
+ */
+void wc_LmsKey_Free(LmsKey* key)
+{
+    if (key != NULL) {
+    #ifndef WOLFSSL_LMS_VERIFY_ONLY
+        if (key->priv_data != NULL) {
+            const LmsParams* params = key->params;
+
+            ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels,
+                params->height, params->p, params->rootLevels,
+                params->cacheBits, params->hash_len));
+
+            XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS);
+        }
+    #endif
+
+        ForceZero(key, sizeof(LmsKey));
+
+        key->state = WC_LMS_STATE_FREED;
+    }
+}
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+/* Set the write private key callback to the LMS key structure.
+ *
+ * The callback must be able to write/update the private key to
+ * non-volatile storage.
+ *
+ * @param [in, out] key       LMS key.
+ * @param [in]      write_cb  Callback function that stores private key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or write_cb is NULL.
+ * @return  BAD_STATE_E when key state is invalid.
+ */
+int wc_LmsKey_SetWriteCb(LmsKey* key, wc_lms_write_private_key_cb write_cb)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (write_cb == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Changing the write callback of an already working key is forbidden. */
+    if ((ret == 0) && (key->state == WC_LMS_STATE_OK)) {
+        WOLFSSL_MSG("error: wc_LmsKey_SetWriteCb: key in use");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Set the callback into the key. */
+        key->write_private_key = write_cb;
+    }
+
+    return ret;
+}
+
+/* Set the read private key callback to the LMS key structure.
+ *
+ * The callback must be able to read the private key from
+ * non-volatile storage.
+ *
+ * @param [in, out] key      LMS key.
+ * @param [in]      read_cb  Callback function that loads private key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or read_cb is NULL.
+ * @return  BAD_STATE_E when key state is invalid.
+ * */
+int wc_LmsKey_SetReadCb(LmsKey* key, wc_lms_read_private_key_cb read_cb)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (read_cb == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Changing the read callback of an already working key is forbidden. */
+    if ((ret == 0) && (key->state == WC_LMS_STATE_OK)) {
+        WOLFSSL_MSG("error: wc_LmsKey_SetReadCb: key in use");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Set the callback into the key. */
+        key->read_private_key = read_cb;
+    }
+
+    return ret;
+}
+
+/* Sets the context to be used by write and read callbacks.
+ *
+ * E.g. this could be a filename if the callbacks write/read to file.
+ *
+ * @param [in, out] key      LMS key.
+ * @param [in]      context  Pointer to data for read/write callbacks.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or context is NULL.
+ * @return  BAD_STATE_E when key state is invalid.
+ * */
+int wc_LmsKey_SetContext(LmsKey* key, void* context)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (context == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Setting context of an already working key is forbidden. */
+    if ((ret == 0) && (key->state == WC_LMS_STATE_OK)) {
+        WOLFSSL_MSG("error: wc_LmsKey_SetContext: key in use");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Set the callback context into the key. */
+        key->context = context;
+    }
+
+    return ret;
+}
+
+/* Make the LMS private/public key pair. The key must have its parameters
+ * set before calling this.
+ *
+ * Write/read callbacks, and context data, must be set prior.
+ * Key must have parameters set.
+ *
+ * @param [in, out] key   LMS key.
+ * @param [in]      rng   Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rng is NULL.
+ * @return  BAD_STATE_E when key is in an invalid state.
+ * @return  BAD_FUNC_ARG when write callback or callback context not set.
+ * @return  BAD_STATE_E when no more signatures can be created.
+ */
+int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check state. */
+    if ((ret == 0) && (key->state != WC_LMS_STATE_PARMSET)) {
+        WOLFSSL_MSG("error: LmsKey not ready for generation");
+        ret = BAD_STATE_E;
+    }
+    /* Check write callback set. */
+    if ((ret == 0) && (key->write_private_key == NULL)) {
+        WOLFSSL_MSG("error: LmsKey write callback is not set");
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check callback context set. */
+    if ((ret == 0) && (key->context == NULL)) {
+        WOLFSSL_MSG("error: LmsKey context is not set");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && (key->priv_data == NULL)) {
+        const LmsParams* params = key->params;
+
+        /* Allocate memory for the private key data. */
+        key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
+            params->height, params->p, params->rootLevels, params->cacheBits,
+            params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
+        /* Check pointer is valid. */
+        if (key->priv_data == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        LmsState* state;
+    #else
+        LmsState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Allocate memory for working state. */
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize working state for use. */
+            ret = wc_lmskey_state_init(state, key->params);
+            if (ret == 0) {
+                /* Make the HSS key. */
+                ret = wc_hss_make_key(state, rng, key->priv_raw, &key->priv,
+                    key->priv_data, key->pub);
+                wc_lmskey_state_free(state);
+            }
+            ForceZero(state, sizeof(LmsState));
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+    if (ret == 0) {
+        /* Write private key to storage. */
+        int rv = key->write_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
+        if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
+            ret = IO_FAILED_E;
+        }
+    }
+
+    /* This should not happen, but check whether signatures can be created. */
+    if ((ret == 0) && (wc_LmsKey_SigsLeft(key) == 0)) {
+        WOLFSSL_MSG("error: generated LMS key signatures exhausted");
+        key->state = WC_LMS_STATE_NOSIGS;
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Update state. */
+        key->state = WC_LMS_STATE_OK;
+    }
+
+    return ret;
+}
+
+/* Reload a key that has been prepared with the appropriate params and
+ * data. Use this if you wish to resume signing with an existing key.
+ *
+ * Write/read callbacks, and context data, must be set prior.
+ * Key must have parameters set.
+ *
+ * @param [in, out] key  LMS key.
+ *
+ * Returns 0 on success. */
+int wc_LmsKey_Reload(LmsKey* key)
+{
+    int ret = 0;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check state. */
+    if ((ret == 0) && (key->state != WC_LMS_STATE_PARMSET)) {
+        WOLFSSL_MSG("error: LmsKey not ready for reload");
+        ret = BAD_STATE_E;
+    }
+    /* Check read callback present. */
+    if ((ret == 0) && (key->read_private_key == NULL)) {
+        WOLFSSL_MSG("error: LmsKey read callback is not set");
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check context for callback set */
+    if ((ret == 0) && (key->context == NULL)) {
+        WOLFSSL_MSG("error: LmsKey context is not set");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((ret == 0) && (key->priv_data == NULL)) {
+        const LmsParams* params = key->params;
+
+        /* Allocate memory for the private key data. */
+        key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
+            params->height, params->p, params->rootLevels, params->cacheBits,
+            params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
+        /* Check pointer is valid. */
+        if (key->priv_data == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 0) {
+        /* Load private key. */
+        int rv = key->read_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
+        if (rv != WC_LMS_RC_READ_TO_MEMORY) {
+            ret = IO_FAILED_E;
+        }
+    }
+
+    /* Double check the key actually has signatures left. */
+    if ((ret == 0) && (wc_LmsKey_SigsLeft(key) == 0)) {
+        WOLFSSL_MSG("error: reloaded LMS key signatures exhausted");
+        key->state = WC_LMS_STATE_NOSIGS;
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        LmsState* state;
+    #else
+        LmsState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Allocate memory for working state. */
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize working state for use. */
+            ret = wc_lmskey_state_init(state, key->params);
+            if (ret == 0) {
+                /* Reload the key ready for signing. */
+                ret = wc_hss_reload_key(state, key->priv_raw, &key->priv,
+                    key->priv_data, NULL);
+            }
+            ForceZero(state, sizeof(LmsState));
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+
+    if (ret == 0) {
+        /* Update state. */
+        key->state = WC_LMS_STATE_OK;
+    }
+
+    return ret;
+}
+
+/* Get the private key length based on parameter set of key.
+ *
+ * @param [in]  key  LMS key.
+ * @param [out] len  Length of private key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL or parameters not set.
+ */
+int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL) || (key->params == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return private key length from parameter set. */
+        *len = HSS_PRIVATE_KEY_LEN(key->params->hash_len);
+    }
+
+    return ret;
+}
+
+/* Sign a message.
+ *
+ * @param [in, out] key    LMS key to sign with.
+ * @param [out]     sig    Signature data. Buffer must be big enough to hold
+ *                         signature data.
+ * @param [out]     sigSz  Length of signature data.
+ * @param [in]      msg    Message to sign.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, sig, sigSz or msg is NULL.
+ * @return  BAD_FUNC_ARG when msgSz is not greater than 0.
+ */
+int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
+    int msgSz)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (sigSz == NULL) || (msg == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (msgSz <= 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check state. */
+    if ((ret == 0) && (key->state == WC_LMS_STATE_NOSIGS)) {
+        WOLFSSL_MSG("error: LMS signatures exhausted");
+        ret = BAD_STATE_E;
+    }
+    if ((ret == 0) && (key->state != WC_LMS_STATE_OK)) {
+       /* The key had an error the last time it was used, and we
+        * can't guarantee its state. */
+        WOLFSSL_MSG("error: can't sign, LMS key not in good state");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        LmsState* state;
+    #else
+        LmsState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Allocate memory for working state. */
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize working state for use. */
+            ret = wc_lmskey_state_init(state, key->params);
+            if (ret == 0) {
+                /* Sign message. */
+                ret = wc_hss_sign(state, key->priv_raw, &key->priv,
+                    key->priv_data, msg, msgSz, sig);
+                wc_lmskey_state_free(state);
+            }
+            ForceZero(state, sizeof(LmsState));
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+    if (ret == 0) {
+        *sigSz = (word32)key->params->sig_len;
+    }
+    if (ret == 0) {
+        /* Write private key to storage. */
+        int rv = key->write_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
+        if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
+            ret = IO_FAILED_E;
+        }
+    }
+
+    return ret;
+}
+
+/* Returns whether signatures can be created with key.
+ *
+ * @param [in]  key  LMS key.
+ *
+ * @return  1 if there are signatures remaining.
+ * @return  0 if available signatures are exhausted.
+ */
+int wc_LmsKey_SigsLeft(LmsKey* key)
+{
+    int ret = 0;
+
+    /* NULL keys have no signatures remaining. */
+    if (key != NULL) {
+        ret = wc_hss_sigsleft(key->params, key->priv_raw);
+    }
+
+    return ret;
+}
+
+#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY*/
+
+/* Get the public key length based on parameter set of key.
+ *
+ * @param [in]  key  LMS key.
+ * @param [out] len  Length of public key.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL or parameters not set.
+ */
+int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters */
+    if ((key == NULL) || (len == NULL) || (key->params == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        *len = HSS_PUBLIC_KEY_LEN(key->params->hash_len);
+    }
+
+    return ret;
+}
+
+/* Export a generated public key and parameter set from one LmsKey
+ * to another. Use this to prepare a signature verification LmsKey
+ * that is pub only.
+ *
+ * Though the public key is all that is used to verify signatures,
+ * the parameter set is needed to calculate the signature length
+ * before hand.
+ *
+ * @param [out] keyDst  LMS key to copy into.
+ * @param [in]  keySrc  LMS key to copy.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when keyDst or keySrc is NULL.
+ */
+int wc_LmsKey_ExportPub(LmsKey* keyDst, const LmsKey* keySrc)
+{
+    int ret = 0;
+
+    if ((keyDst == NULL) || (keySrc == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ForceZero(keyDst, sizeof(LmsKey));
+
+        keyDst->params = keySrc->params;
+        XMEMCPY(keyDst->pub, keySrc->pub, sizeof(keySrc->pub));
+
+        /* Mark this key as verify only, to prevent misuse. */
+        keyDst->state = WC_LMS_STATE_VERIFYONLY;
+    }
+
+    return ret;
+}
+
+/* Exports the raw LMS public key buffer from key to out buffer.
+ * The out buffer should be large enough to hold the public key, and
+ * outLen should indicate the size of the buffer.
+ *
+ * Call wc_LmsKey_GetPubLen beforehand to determine pubLen.
+ *
+ * @param [in]      key     LMS key.
+ * @param [out]     out     Buffer to hold encoded public key.
+ * @param [in, out] outLen  On in, length of out in bytes.
+ *                          On out, the length of the public key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, out or outLen is NULL.
+ * @return  BUFFER_E when outLen is too small to hold encoded public key.
+ */
+int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check size of out is sufficient. */
+    if ((ret == 0) &&
+            (*outLen < (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Return encoded public key. */
+        XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN(key->params->hash_len));
+        *outLen = HSS_PUBLIC_KEY_LEN(key->params->hash_len);
+    }
+
+    return ret;
+}
+
+/* Imports a raw public key buffer from in array to LmsKey key.
+ *
+ * The LMS parameters must be set first with wc_LmsKey_SetLmsParm or
+ * wc_LmsKey_SetParameters, and inLen must match the length returned
+ * by wc_LmsKey_GetPubLen.
+ *
+ * Call wc_LmsKey_GetPubLen beforehand to determine pubLen.
+ *
+ * @param [in, out] key    LMS key to put public key in.
+ * @param [in]      in     Buffer holding encoded public key.
+ * @param [in]      inLen  Length of encoded public key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  BUFFER_E when inLen does not match public key length by parameters.
+ */
+int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            (inLen != (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) {
+        /* Something inconsistent. Parameters weren't set, or input
+         * pub key is wrong.*/
+        return BUFFER_E;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(key->pub, in, inLen);
+
+        if (key->state != WC_LMS_STATE_OK)
+            key->state = WC_LMS_STATE_VERIFYONLY;
+    }
+
+    return ret;
+}
+
+/* Given a levels, height, winternitz parameter set, determine
+ * the signature length.
+ *
+ * Call this before wc_LmsKey_Sign so you know the length of
+ * the required signature buffer.
+ *
+ * @param [in]  key  LMS key.
+ * @param [out] len  Length of a signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ */
+int wc_LmsKey_GetSigLen(const LmsKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        *len = key->params->sig_len;
+    }
+
+    return ret;
+}
+
+/* Verify the signature of the message with public key.
+ *
+ * @param [in] key    LMS key.
+ * @param [in] sig    Signature to verify.
+ * @param [in] sigSz  Size of signature in bytes.
+ * @param [in] msg    Message to verify.
+ * @param [in] msgSz  Length of the message in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a key, sig or msg is NULL.
+ * @return  SIG_VERIFY_E when signature did not verify message.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * @return  BUFFER_E when sigSz is invalid for parameters.
+ */
+int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz,
+    const byte* msg, int msgSz)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (msg == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check state. */
+    if ((ret == 0) && (key->state != WC_LMS_STATE_OK) &&
+            (key->state != WC_LMS_STATE_VERIFYONLY)) {
+        /* LMS key not ready for verification. Param str must be
+         * set first, and Reload() called. */
+        WOLFSSL_MSG("error: LMS key not ready for verification");
+        ret = BAD_STATE_E;
+    }
+    /* Check signature length. */
+    if ((ret == 0) && (sigSz != key->params->sig_len)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        LmsState* state;
+    #else
+        LmsState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        /* Allocate memory for working state. */
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize working state for use. */
+            ret = wc_lmskey_state_init(state, key->params);
+            if (ret == 0) {
+                /* Verify signature of message with public key. */
+                ret = wc_hss_verify(state, key->pub, msg, msgSz, sig);
+                wc_lmskey_state_free(state);
+            }
+            ForceZero(state, sizeof(LmsState));
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c
new file mode 100644
index 000000000..70fe8c1e3
--- /dev/null
+++ b/wolfcrypt/src/wc_lms_impl.c
@@ -0,0 +1,3738 @@
+/* wc_lms_impl.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Implementation based on:
+ *   RFC 8554: Leighton-Micali Hash-Based Signatures
+ *   https://datatracker.ietf.org/doc/html/rfc8554
+ * Implementation by Sean Parkinson.
+ */
+
+/* Possible LMS options:
+ *
+ * WC_LMS_FULL_HASH                                      Default: OFF
+ *   Performs a full hash instead of assuming internals.
+ *   Enable when using hardware SHA-256.
+ * WOLFSSL_LMS_VERIFY_ONLY                               Default: OFF
+ *   Only compiles in verification code.
+ * WOLFSSL_WC_LMS_SMALL                                  Default: OFF
+ *   Implementation is smaller code size with slow signing.
+ *   Enable when memory is limited.
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/wc_lms.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
+
+/* Length of R in bytes. */
+#define LMS_R_LEN           4
+/* Length of D in bytes. */
+#define LMS_D_LEN           2
+/* Length of checksum in bytes. */
+#define LMS_CKSM_LEN        2
+
+/* Predefined values used in hashes to make them unique. */
+/* Fixed value for calculating x. */
+#define LMS_D_FIXED         0xff
+/* D value when computing public key. */
+#define LMS_D_PBLC          0x8080
+/* D value when computing message. */
+#define LMS_D_MESG          0x8181
+/* D value when computing leaf node. */
+#define LMS_D_LEAF          0x8282
+/* D value when computing interior node. */
+#define LMS_D_INTR          0x8383
+/* D value when computing C, randomizer value. */
+#define LMS_D_C             0xfffd
+/* D value when computing child SEED for private key. */
+#define LMS_D_CHILD_SEED    0xfffe
+/* D value when computing child I for private key. */
+#define LMS_D_CHILD_I       0xffff
+
+/* Length of data to hash when computing seed:
+ *   16 + 4 + 2 + 32/24 = 54/46 */
+#define LMS_SEED_HASH_LEN(hLen)     \
+    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + (hLen))
+
+/* Length of data to hash when computing a node:
+ *   16 + 4 + 2 + 32/24 + 32/24 = 86/70 */
+#define LMS_NODE_HASH_LEN(hLen)     \
+    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * (hLen))
+
+/* Length of data to hash when computing most results:
+ *   16 + 4 + 2 + 1 + 32/24 = 55/47 */
+#define LMS_HASH_BUFFER_LEN(hLen)   \
+    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + (hLen))
+
+/* Length of preliminary data to hash when computing K:
+ *   16 + 4 + 2 = 22 */
+#define LMS_K_PRE_LEN       (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN)
+
+/* Length of preliminary data to hash when computing message hash:
+ *   16 + 4 + 2 = 22 */
+#define LMS_MSG_PRE_LEN     (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN)
+
+
+#ifdef WC_LMS_DEBUG_PRINT_DATA
+/* Print data when debugging implementation.
+ *
+ * @param [in] name  String to print before data.
+ * @param [in] data  Array of bytes.
+ * @param [in] len   Length of data in array.
+ */
+static void print_data(const char* name, const byte* data, int len)
+{
+    int i;
+
+    fprintf(stderr, "%6s: ", name);
+    for (i = 0; i < len; i++) {
+        fprintf(stderr, "%02x", data[i]);
+    }
+    fprintf(stderr, "\n");
+}
+#endif
+
+/***************************************
+ * Index APIs
+ **************************************/
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+/* Zero index.
+ *
+ * @param [out] a    Byte array. Big-endian encoding.
+ * @param [in]  len  Length of array in bytes.
+ */
+static WC_INLINE void wc_lms_idx_zero(unsigned char* a, int len)
+{
+    XMEMSET(a, 0, len);
+}
+
+/* Increment big-endian value.
+ *
+ * @param [in, out] a    Byte array. Big-endian encoding.
+ * @param [in]      len  Length of array in bytes.
+ */
+static WC_INLINE void wc_lms_idx_inc(unsigned char* a, int len)
+{
+    int i;
+
+    /* Starting at least-significant byte up to most. */
+    for (i = len - 1; i >= 0; i--) {
+        /* Add one/carry to byte. */
+        if ((++a[i]) != 0) {
+            /* No more carry. */
+            break;
+        }
+    }
+}
+#endif /* !WOLFSSL_LMS_VERIFY_ONLY */
+
+/***************************************
+ * Hash APIs
+ **************************************/
+
+/* Set hash data and length into SHA-256 digest.
+ *
+ * @param [in, out] state  SHA-256 digest object.
+ * @param [in]      data   Data to add to hash.
+ * @param [in]      len    Number of bytes in data. Must be less than a block.
+ */
+#define LMS_SHA256_SET_DATA(sha256, data, len)  \
+do {                                            \
+    XMEMCPY((sha256)->buffer, (data), (len));   \
+    (sha256)->buffLen = (len);                  \
+    (sha256)->loLen = (len);                    \
+} while (0)
+
+/* Add hash data and length into SHA-256 digest.
+ *
+ * @param [in, out] state  SHA-256 digest object.
+ * @param [in]      data   Data to add to hash.
+ * @param [in]      len    Number of bytes in data. Must be less than a block.
+ */
+#define LMS_SHA256_ADD_DATA(sha256, data, len)                              \
+do {                                                                        \
+    XMEMCPY((byte*)(sha256)->buffer + (sha256)->buffLen, (data), (len));    \
+    (sha256)->buffLen += (len);                                             \
+    (sha256)->loLen += (len);                                               \
+} while (0)
+
+/* Set the length of 54 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_54(buffer)   \
+do {                                    \
+    (buffer)[54] = 0x80;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0xb0;                \
+} while (0)
+
+/* Set the length of 55 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_55(buffer)   \
+do {                                    \
+    (buffer)[55] = 0x80;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0xb8;                \
+} while (0)
+
+#ifndef WOLFSSL_NO_LMS_SHA256_256
+#ifndef WC_LMS_FULL_HASH
+/* Hash one full block of data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_block(wc_Sha256* sha256, const byte* data,
+    byte* hash)
+{
+    /* Hash the block and reset SHA-256 state. */
+    return wc_Sha256HashBlock(sha256, data, hash);
+}
+#endif /* !WC_LMS_FULL_HASH */
+
+/* Hash data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [in]  len     Length of data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len,
+    byte* hash)
+{
+    int ret;
+
+#ifndef WC_LMS_FULL_HASH
+    if (len < WC_SHA256_BLOCK_SIZE) {
+        /* Store data into SHA-256 object's buffer. */
+        LMS_SHA256_SET_DATA(sha256, data, len);
+        ret = wc_Sha256Final(sha256, hash);
+    }
+    else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) {
+        ret = wc_Sha256HashBlock(sha256, data, NULL);
+        if (ret == 0) {
+            byte* buffer = (byte*)sha256->buffer;
+            int rem = len - WC_SHA256_BLOCK_SIZE;
+
+            XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem);
+            buffer[rem++] = 0x80;
+            XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem);
+            buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5);
+            buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3);
+            ret = wc_Sha256HashBlock(sha256, buffer, hash);
+        }
+    }
+    else {
+        ret = wc_Sha256Update(sha256, data, len);
+        if (ret == 0) {
+            ret = wc_Sha256Final(sha256, hash);
+        }
+    }
+#else
+    ret = wc_Sha256Update(sha256, data, len);
+    if (ret == 0) {
+        ret = wc_Sha256Final(sha256, hash);
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    return ret;
+}
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+/* Update hash with first data.
+ *
+ * Sets the data directly into SHA-256's buffer if valid.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [in]  len     Length of data to hash.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_first(wc_Sha256* sha256, const byte* data,
+    word32 len)
+{
+    int ret = 0;
+
+#ifndef WC_LMS_FULL_HASH
+    if (len < WC_SHA256_BLOCK_SIZE) {
+        /* Store data into SHA-256 object's buffer. */
+        LMS_SHA256_SET_DATA(sha256, data, len);
+    }
+    else
+#endif /* !WC_LMS_FULL_HASH */
+    {
+        ret = wc_Sha256Update(sha256, data, len);
+    }
+
+    return ret;
+}
+
+/* Update hash with further data.
+ *
+ * Adds the data directly into SHA-256's buffer if valid.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [in]  len     Length of data to hash.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data,
+    word32 len)
+{
+    int ret = 0;
+
+#ifndef WC_LMS_FULL_HASH
+    if (sha256->buffLen + len < WC_SHA256_BLOCK_SIZE) {
+        /* Add data to SHA-256 object's buffer. */
+        LMS_SHA256_ADD_DATA(sha256, data, len);
+    }
+    else if (sha256->buffLen + len < 2 * WC_SHA256_BLOCK_SIZE) {
+        byte* buffer = (byte*)sha256->buffer;
+
+        XMEMCPY(buffer + sha256->buffLen, data,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        ret = wc_Sha256HashBlock(sha256, buffer, NULL);
+        if (ret == 0) {
+            int rem = len - (WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+            XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE - sha256->buffLen, rem);
+            sha256->buffLen = rem;
+            sha256->loLen += len;
+        }
+    }
+    else {
+        ret = wc_Sha256Update(sha256, data, len);
+    }
+#else
+    ret = wc_Sha256Update(sha256, data, len);
+#endif /* !WC_LMS_FULL_HASH */
+
+    return ret;
+}
+
+#ifndef WOLFSSL_NO_LMS_SHA256_256
+/* Finalize hash.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash)
+{
+#ifndef WC_LMS_FULL_HASH
+    int ret = 0;
+    byte* buffer = (byte*)sha256->buffer;
+
+    buffer[sha256->buffLen++] = 0x80;
+    if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        ret = wc_Sha256HashBlock(sha256, buffer, NULL);
+        sha256->buffLen = 0;
+    }
+    if (ret == 0) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen);
+        sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29);
+        sha256->loLen = sha256->loLen << 3;
+    #ifdef LITTLE_ENDIAN_ORDER
+        sha256->buffer[14] = ByteReverseWord32(sha256->hiLen);
+        sha256->buffer[15] = ByteReverseWord32(sha256->loLen);
+    #else
+        sha256->buffer[14] = sha256->hiLen;
+        sha256->buffer[15] = sha256->loLen;
+    #endif
+        ret = wc_Sha256HashBlock(sha256, buffer, hash);
+        sha256->buffLen = 0;
+        sha256->hiLen = 0;
+        sha256->loLen = 0;
+    }
+
+    return ret;
+#else
+    return wc_Sha256Final(sha256, hash);
+#endif
+}
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+/* Set the length of 46 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_46(buffer)   \
+do {                                    \
+    (buffer)[46] = 0x80;                \
+    (buffer)[47] = 0x00;                \
+    (buffer)[48] = 0x00;                \
+    (buffer)[49] = 0x00;                \
+    (buffer)[50] = 0x00;                \
+    (buffer)[51] = 0x00;                \
+    (buffer)[52] = 0x00;                \
+    (buffer)[53] = 0x00;                \
+    (buffer)[54] = 0x00;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0x70;                \
+} while (0)
+
+/* Set the length of 47 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_47(buffer)   \
+do {                                    \
+    (buffer)[47] = 0x80;                \
+    (buffer)[48] = 0x00;                \
+    (buffer)[49] = 0x00;                \
+    (buffer)[50] = 0x00;                \
+    (buffer)[51] = 0x00;                \
+    (buffer)[52] = 0x00;                \
+    (buffer)[53] = 0x00;                \
+    (buffer)[54] = 0x00;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0x78;                \
+} while (0)
+
+#ifndef WC_LMS_FULL_HASH
+/* Hash one full block of data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_sha256_192_hash_block(wc_Sha256* sha256,
+    const byte* data, byte* hash)
+{
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    /* Hash the block and reset SHA-256 state. */
+    ret = wc_Sha256HashBlock(sha256, data, output);
+    if (ret == 0) {
+        XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+#endif /* !WC_LMS_FULL_HASH */
+
+/* Hash data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [in]  len     Length of data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_sha256_192(wc_Sha256* sha256, byte* data,
+    word32 len, byte* hash)
+{
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+#ifndef WC_LMS_FULL_HASH
+    if (len < WC_SHA256_BLOCK_SIZE) {
+        /* Store data into SHA-256 object's buffer. */
+        LMS_SHA256_SET_DATA(sha256, data, len);
+        ret = wc_Sha256Final(sha256, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+    }
+    else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) {
+        ret = wc_Sha256HashBlock(sha256, data, NULL);
+        if (ret == 0) {
+            byte* buffer = (byte*)sha256->buffer;
+            int rem = len - WC_SHA256_BLOCK_SIZE;
+
+            XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem);
+            buffer[rem++] = 0x80;
+            XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem);
+            buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5);
+            buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3);
+            ret = wc_Sha256HashBlock(sha256, buffer, output);
+            if (ret == 0) {
+                XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+            }
+        }
+    }
+    else {
+        ret = wc_Sha256Update(sha256, data, len);
+        if (ret == 0) {
+            ret = wc_Sha256Final(sha256, output);
+            if (ret == 0) {
+                XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+            }
+        }
+    }
+#else
+    ret = wc_Sha256Update(sha256, data, len);
+    if (ret == 0) {
+        ret = wc_Sha256Final(sha256, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    return ret;
+}
+
+/* Finalize hash.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_sha256_192_final(wc_Sha256* sha256, byte* hash)
+{
+#ifndef WC_LMS_FULL_HASH
+    int ret = 0;
+    byte* buffer = (byte*)sha256->buffer;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    buffer[sha256->buffLen++] = 0x80;
+    if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        ret = wc_Sha256HashBlock(sha256, buffer, NULL);
+        sha256->buffLen = 0;
+    }
+    if (ret == 0) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen);
+        sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29);
+        sha256->loLen = sha256->loLen << 3;
+    #ifdef LITTLE_ENDIAN_ORDER
+        sha256->buffer[14] = ByteReverseWord32(sha256->hiLen);
+        sha256->buffer[15] = ByteReverseWord32(sha256->loLen);
+    #else
+        sha256->buffer[14] = sha256->hiLen;
+        sha256->buffer[15] = sha256->loLen;
+    #endif
+        ret = wc_Sha256HashBlock(sha256, buffer, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+        sha256->buffLen = 0;
+        sha256->hiLen = 0;
+        sha256->loLen = 0;
+    }
+
+    return ret;
+#else
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    ret = wc_Sha256Final(sha256, output);
+    if (ret == 0) {
+        XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+    }
+
+    return ret;
+#endif
+}
+#endif /* WOLFSSL_LMS_SHA256_192 */
+
+/***************************************
+ * LM-OTS APIs
+ **************************************/
+
+/* Expand Q to and array of Winternitz width bits values plus checksum.
+ *
+ * Supported Winternitz widths: 8, 4, 2, 1.
+ *
+ * Algorithm 2: Checksum Calculation
+ *   sum = 0
+ *   for ( i = 0; i < (n*8/w); i = i + 1 ) {
+ *     sum = sum + (2^w - 1) - coef(S, i, w)
+ *   }
+ *   return (sum << ls)
+ * Section 3.1.3: Strings of w-Bit Elements
+ *   coef(S, i, w) = (2^w - 1) AND
+ *                   ( byte(S, floor(i * w / 8)) >>
+ *                     (8 - (w * (i % (8 / w)) + w)) )
+ * Combine coefficient expansion with checksum calculation.
+ *
+ * @param [in]  q   Q array of bytes.
+ * @param [in]  n   Number of bytes in Q.
+ * @param [in]  w   Winternitz width in bits.
+ * @param [in]  ls  Left shift of checksum.
+ * @param [out] qe  Expanded Q with checksum.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when Winternitz width is not supported.
+ */
+static WC_INLINE int wc_lmots_q_expand(byte* q, word8 n, word8 w, word8 ls,
+    byte* qe)
+{
+    int ret = 0;
+    word16 sum;
+    unsigned int i;
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+    switch (w) {
+        /* Winternitz width of 8. */
+        case 8:
+            /* No expansion required, just copy. */
+            XMEMCPY(qe, q, n);
+            /* Start sum with all 2^w - 1s and subtract from that. */
+            sum = 0xff * n;
+            /* For each byte of the hash. */
+            for (i = 0; i < n; i++) {
+                /* Subtract coefficient from sum. */
+                sum -= q[i];
+            }
+            /* Put coefficients of checksum on the end. */
+            qe[n + 0] = (word8)(sum >> 8);
+            qe[n + 1] = (word8)(sum     );
+            break;
+        /* Winternitz width of 4. */
+        case 4:
+            sum = 2 * 0xf * n;
+            /* For each byte of the hash. */
+            for (i = 0; i < n; i++) {
+                /* Get coefficient. */
+                qe[0] = (q[i] >> 4)      ;
+                qe[1] = (q[i]     ) & 0xf;
+                /* Subtract coefficients from sum. */
+                sum -= qe[0];
+                sum -= qe[1];
+                /* Move to next coefficients. */
+                qe += 2;
+            }
+            /* Put coefficients of checksum on the end. */
+            qe[0] = (word8)((sum >> 8) & 0xf);
+            qe[1] = (word8)((sum >> 4) & 0xf);
+            qe[2] = (word8)((sum     ) & 0xf);
+            break;
+        /* Winternitz width of 2. */
+        case 2:
+            sum = 4 * 0x3 * n;
+            /* For each byte of the hash. */
+            for (i = 0; i < n; i++) {
+                /* Get coefficients. */
+                qe[0] = (q[i] >> 4)      ;
+                qe[0] = (q[i] >> 6)      ;
+                qe[1] = (q[i] >> 4) & 0x3;
+                qe[2] = (q[i] >> 2) & 0x3;
+                qe[3] = (q[i]     ) & 0x3;
+                /* Subtract coefficients from sum. */
+                sum -= qe[0];
+                sum -= qe[1];
+                sum -= qe[2];
+                sum -= qe[3];
+                /* Move to next coefficients. */
+                qe += 4;
+            }
+            /* Put coefficients of checksum on the end. */
+            qe[0] = (word8)((sum >>  8) & 0x3);
+            qe[1] = (word8)((sum >>  6) & 0x3);
+            qe[2] = (word8)((sum >>  4) & 0x3);
+            qe[3] = (word8)((sum >>  2) & 0x3);
+            qe[4] = (word8)((sum      ) & 0x3);
+            break;
+        /* Winternitz width of 1. */
+        case 1:
+            sum = 8 * 0x01 * n;
+            /* For each byte of the hash. */
+            for (i = 0; i < n; i++) {
+                /* Get coefficients. */
+                qe[0] = (q[i] >> 4)      ;
+                qe[0] = (q[i] >> 7)      ;
+                qe[1] = (q[i] >> 6) & 0x1;
+                qe[2] = (q[i] >> 5) & 0x1;
+                qe[3] = (q[i] >> 4) & 0x1;
+                qe[4] = (q[i] >> 3) & 0x1;
+                qe[5] = (q[i] >> 2) & 0x1;
+                qe[6] = (q[i] >> 1) & 0x1;
+                qe[7] = (q[i]     ) & 0x1;
+                /* Subtract coefficients from sum. */
+                sum -= qe[0];
+                sum -= qe[1];
+                sum -= qe[2];
+                sum -= qe[3];
+                sum -= qe[4];
+                sum -= qe[5];
+                sum -= qe[6];
+                sum -= qe[7];
+                /* Move to next coefficients. */
+                qe += 8;
+            }
+            /* Put coefficients of checksum on the end. */
+            qe[0] = (word8)((sum >>  8)      );
+            qe[1] = (word8)((sum >>  7) & 0x1);
+            qe[2] = (word8)((sum >>  6) & 0x1);
+            qe[3] = (word8)((sum >>  5) & 0x1);
+            qe[4] = (word8)((sum >>  4) & 0x1);
+            qe[5] = (word8)((sum >>  3) & 0x1);
+            qe[6] = (word8)((sum >>  2) & 0x1);
+            qe[7] = (word8)((sum >>  1) & 0x1);
+            qe[8] = (word8)((sum      ) & 0x1);
+            break;
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
+    }
+
+    (void)ls;
+#else
+    int j;
+
+    if ((w != 8) && (w != 4) && (w != 2) && (w != 1)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Start sum with all 2^w - 1s and subtract from that. */
+        sum = ((1 << w) - 1) * ((n * 8) / w);
+        /* For each byte of the hash. */
+        for (i = 0; i < n; i++) {
+            /* Get next byte. */
+            byte a = *(q++);
+            /* For each width bits of byte. */
+            for (j = 8 - w; j >= 0; j -= w) {
+                /* Get coefficient. */
+                *qe = a >> (8 - w);
+                /* Subtract coefficient from sum. */
+                sum -= *qe;
+                /* Move to next coefficient. */
+                qe++;
+                /* Remove width bits. */
+                a <<= w;
+            }
+        }
+        /* Shift sum up as required to pack it on the end of hash. */
+        sum <<= ls;
+        /* For each width buts of checksum. */
+        for (j = 16 - w; j >= ls; j--) {
+            /* Get coefficient. */
+            *(qe++) = sum >> (16 - w);
+            /* Remove width bits. */
+            sum <<= w;
+        }
+    }
+#endif /* !WOLFSSL_WC_LMS_SMALL */
+
+    return ret;
+}
+
+/* Calculate the hash for the message.
+ *
+ * Algorithm 3: Generating a One-Time Signature From a Private Key and a
+ * Message
+ *   ...
+ *   5. Compute the array y as follows:
+ *      Q = H(I || u32str(q) || u16str(D_MESG) || C || message)
+ * Algorithm 4b: Computing a Public Key Candidate Kc from a Signature,
+ * Message, Signature Typecode pubtype, and Identifiers I, q
+ *   ...
+ *   3. Compute the string Kc as follows:
+ *      Q = H(I || u32str(q) || u16str(D_MESG) || C || message)
+ *
+ * @param [in, out]  state  LMS state.
+ * @param [in]       msg    Message to hash.
+ * @param [in]       msgSz  Length of message in bytes.
+ * @param [in]       c      C or randomizer value.
+ * @param [out]      q      Computed Q value.
+ * @return  0 on success.
+ */
+static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz,
+    const byte* c, byte* q)
+{
+    int ret;
+    byte* buffer = state->buffer;
+    byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN;
+
+    /* I || u32str(q) || u16str(D_MESG) */
+    c16toa(LMS_D_MESG, ip);
+    /* H(I || u32str(q) || u16str(D_MESG) || ...) */
+    ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN);
+    if (ret == 0) {
+        /* H(... || C || ...) */
+        ret = wc_lms_hash_update(&state->hash, c, state->params->hash_len);
+    }
+    if (ret == 0) {
+        /* H(... || message) */
+        ret = wc_lms_hash_update(&state->hash, msg, msgSz);
+    }
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) &&
+            ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* Q = H(...) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash, q);
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_LMS_SHA256_256
+    if (ret == 0) {
+        /* Q = H(...) */
+        ret = wc_lms_hash_final(&state->hash, q);
+    }
+    else
+#endif
+    {
+        ret = NOT_COMPILED_IN;
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+/* Compute array y, intermediates of public key calculation, for signature.
+ *
+ * Verification will perform the remaining iterations of hashing.
+ *
+ * Algorithm 3: Generating a One-Time Signature From a Private Key and a
+ * Message
+ *   ...
+ *   5. Compute the array y as follows:
+ *      Q = H(I || u32str(q) || u16str(D_MESG) || C || message)
+ *      for ( i = 0; i < p; i = i + 1 ) {
+ *        a = coef(Q || Cksm(Q), i, w)
+ *        tmp = x[i]
+ *        for ( j = 0; j < a; j = j + 1 ) {
+ *          tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp)
+ *        }
+ *        y[i] = tmp
+ *      }
+ * x[i] can be calculated on the fly using pseudo key generation in Appendix A.
+ * Appendix A, The elements of the LM-OTS private keys are computed as:
+ *   x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED).
+ *
+ * @param [in, out]  state  LMS state.
+ * @param [in]       seed   Seed to hash.
+ * @param [in]       msg    Message to sign.
+ * @param [in]       msgSZ  Length of message in bytes.
+ * @param [in]       c      C or randomizer value to hash.
+ * @param [out]      y      Calculated intermediate hashes.
+ * @return  0 on success.
+ */
+static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
+    const byte* msg, word32 msgSz, const byte* c, byte* y)
+{
+    const LmsParams* params = state->params;
+    int ret;
+    word16 i;
+    byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN];
+#ifdef WOLFSSL_SMALL_STACK
+    byte* a = state->a;
+#else
+    byte a[LMS_MAX_P];
+#endif /* WOLFSSL_SMALL_STACK */
+    byte* buffer = state->buffer;
+    byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN;
+    byte* jp = ip + LMS_P_LEN;
+    byte* tmp = jp + LMS_W_LEN;
+
+    /* Q = H(I || u32str(q) || u16str(D_MESG) || C || message) */
+    ret = wc_lmots_msg_hash(state, msg, msgSz, c, q);
+    if (ret == 0) {
+        /* Calculate checksum list all coefficients. */
+        ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width,
+            params->ls, a);
+    }
+#ifndef WC_LMS_FULL_HASH
+    if (ret == 0) {
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_47(buffer);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_55(buffer);
+        #endif
+        }
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    /* Compute y for each coefficient. */
+    for (i = 0; (ret == 0) && (i < params->p); i++) {
+        unsigned int j;
+
+        /* tmp = x[i]
+         *     = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */
+        c16toa(i, ip);
+        *jp = LMS_D_FIXED;
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
+
+        /* Apply the hash function coefficient number of times. */
+        for (j = 0; (ret == 0) && (j < a[i]); j++) {
+            /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
+            *jp = j;
+            /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
+        }
+
+        if (ret == 0) {
+            /* y[i] = tmp */
+            XMEMCPY(y, tmp, params->hash_len);
+            y += params->hash_len;
+        }
+    }
+
+    return ret;
+}
+#endif /* !WOLFSSL_LMS_VERIFY_ONLY */
+
+/* Compute public key candidate K from signature.
+ *
+ * Signing performed the first coefficient number of iterations of hashing.
+ *
+ * Algorithm 4b: Computing a Public Key Candidate Kc from a Signature,
+ * Message, Signature Typecode pubtype, and Identifiers I, q
+ *   ...
+ *   3. Compute the string Kc as follows:
+ *      Q = H(I || u32str(q) || u16str(D_MESG) || C || message)
+ *      for ( i = 0; i < p; i = i + 1 ) {
+ *        a = coef(Q || Cksm(Q), i, w)
+ *        tmp = y[i]
+ *        for ( j = a; j < 2^w - 1; j = j + 1 ) {
+ *          tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp)
+ *        }
+ *        z[i] = tmp
+ *      }
+ *      Kc = H(I || u32str(q) || u16str(D_PBLC) ||
+ *                                    z[0] || z[1] || ... || z[p-1])
+ *   4, Return Kc.
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      msg    Message to compute Kc for.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @param [in]      c      C or randomizer value from signature.
+ * @param [in]      sig_y  Part of signature containing array y.
+ * @param [out]     kc     Kc or public key candidate K.
+ * @return  0 on success.
+ */
+static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
+    word32 msgSz, const byte* c, const byte* sig_y, byte* kc)
+{
+    const LmsParams* params = state->params;
+    int ret;
+    word16 i;
+    byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN];
+#ifdef WOLFSSL_SMALL_STACK
+    byte* a = state->a;
+#else
+    byte a[LMS_MAX_P];
+#endif /* WOLFSSL_SMALL_STACK */
+    byte* buffer = state->buffer;
+    byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN;
+    byte* jp = ip + LMS_P_LEN;
+    byte* tmp = jp + LMS_W_LEN;
+    unsigned int max = ((unsigned int)1 << params->width) - 1;
+
+    /* I || u32str(q) || u16str(D_PBLC). */
+    c16toa(LMS_D_PBLC, ip);
+    /* H(I || u32str(q) || u16str(D_PBLC) || ...). */
+    ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN);
+    if (ret == 0) {
+        /* Q = H(I || u32str(q) || u16str(D_MESG) || C || message) */
+        ret = wc_lmots_msg_hash(state, msg, msgSz, c, q);
+    }
+    if (ret == 0) {
+        /* Calculate checksum list all coefficients. */
+        ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width,
+            params->ls, a);
+    }
+#ifndef WC_LMS_FULL_HASH
+    if (ret == 0) {
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_47(buffer);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_55(buffer);
+        #endif
+        }
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    /* Compute z for each coefficient. */
+    for (i = 0; (ret == 0) && (i < params->p); i++) {
+        unsigned int j;
+
+        /* I || u32(str) || u16str(i) || ... */
+        c16toa(i, ip);
+
+        /* tmp = y[i].
+         * I || u32(str) || u16str(i) || ... || tmp */
+        XMEMCPY(tmp, sig_y, params->hash_len);
+        sig_y += params->hash_len;
+
+        /* Finish iterations of hash from coefficient to max. */
+        for (j = a[i]; (ret == 0) && (j < max); j++) {
+            /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
+            *jp = (word8)j;
+            /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+            /* Apply the hash function coefficient number of times. */
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
+        }
+
+        if (ret == 0) {
+            /* H(... || z[i] || ...) (for calculating Kc). */
+            ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len);
+        }
+    }
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) &&
+            ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* Kc = H(...) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash_k, kc);
+    }
+    else
+#endif
+    if (ret == 0) {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Kc = H(...) */
+        ret = wc_lms_hash_final(&state->hash_k, kc);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+/* Generate LM-OTS public key.
+ *
+ * Caller set: state->buffer = I || u32str(q)
+ *
+ * Algorithm 1: Generating a One-Time Signature Public Key From a Private Key
+ *   ...
+ *   4. Compute the string K as follows:
+ *      for ( i = 0; i < p; i = i + 1 ) {
+ *        tmp = x[i]
+ *        for ( j = 0; j < 2^w - 1; j = j + 1 ) {
+ *          tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp)
+ *        }
+ *        y[i] = tmp
+ *      }
+ *      K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1])
+ *   ...
+ * x[i] can be calculated on the fly using pseudo key generation in Appendix A.
+ * Appendix A, The elements of the LM-OTS private keys are computed as:
+ *   x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED).
+ *
+ * @param [in, out]  state   LMS state.
+ * @param [in]       seed    Seed to hash.
+ * @param [out]      k       K, the public key hash, or OTS_PUB_HASH
+ */
+static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
+{
+    const LmsParams* params = state->params;
+    int ret;
+    word16 i;
+    byte* buffer = state->buffer;
+    byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN;
+    byte* jp = ip + LMS_P_LEN;
+    byte* tmp = jp + LMS_W_LEN;
+    unsigned int max = ((unsigned int)1 << params->width) - 1;
+
+    /* I || u32str(q) || u16str(D_PBLC). */
+    c16toa(LMS_D_PBLC, ip);
+    /* K = H(I || u32str(q) || u16str(D_PBLC) || ...) */
+    ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN);
+
+#ifndef WC_LMS_FULL_HASH
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+    #endif
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    for (i = 0; (ret == 0) && (i < params->p); i++) {
+        unsigned int j;
+
+        /* tmp = x[i]
+         *     = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */
+        c16toa(i, ip);
+        *jp = LMS_D_FIXED;
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
+        /* Do all iterations to calculate y. */
+        for (j = 0; (ret == 0) && (j < max); j++) {
+            /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
+            *jp = (word8)j;
+            /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
+        }
+        if (ret == 0) {
+            /* K = H(... || y[i] || ...) */
+            ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len);
+        }
+    }
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) && ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash_k, k);
+    }
+    else
+#endif
+    if (ret == 0) {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */
+        ret = wc_lms_hash_final(&state->hash_k, k);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Encode the LM-OTS public key.
+ *
+ * Encoded into public key and signature if more than one level.
+ * T[1] is already in place. Putting in: type, ostype and I.
+ *
+ * Section 4.3:
+ *   u32str(type) || u32str(otstype) || I || T[1]
+ *
+ * @param [in]  params  LMS parameters.
+ * @param [in]  priv    LMS private ley.
+ * @param [out] pub     LMS public key.
+ */
+static void wc_lmots_public_key_encode(const LmsParams* params,
+    const byte* priv, byte* pub)
+{
+    const byte* priv_i = priv + LMS_Q_LEN + params->hash_len;
+
+    /* u32str(type) || ... || T(1) */
+    c32toa(params->lmsType, pub);
+    pub += 4;
+    /* u32str(type) || u32str(otstype) || ... || T(1) */
+    c32toa(params->lmOtsType, pub);
+    pub += 4;
+    /* u32str(type) || u32str(otstype) || I || T(1) */
+    XMEMCPY(pub, priv_i, LMS_I_LEN);
+}
+#endif /* !WOLFSSL_LMS_VERIFY_ONLY */
+
+/* Check the public key matches the parameters.
+ *
+ * @param [in] params  LMS parameters.
+ * @param [in] pub     Public key.
+ * @return  0 on success.
+ * @return  PUBLIC_KEY_E when LMS or LM-OTS type doesn't match.
+ */
+static int wc_lmots_public_key_check(const LmsParams* params, const byte* pub)
+{
+    int ret = 0;
+    word32 type;
+
+    /* Get message hash and height type. */
+    ato32(pub, &type);
+    pub += 4;
+    /* Compare with parameters. */
+    if (type != params->lmsType) {
+        ret = PUBLIC_KEY_E;
+    }
+    if (ret == 0) {
+        /* Get node hash and Winternitz width type. */
+        ato32(pub, &type);
+        /* Compare with parameters. */
+        if (type != params->lmOtsType) {
+            ret = PUBLIC_KEY_E;
+        }
+    }
+
+    return ret;
+}
+
+/* Calculate public key candidate K from signature.
+ *
+ * Algorithm 4b: Computing a Public Key Candidate Kc from a Signature,
+ * Message, Signature Typecode pubtype, and Identifiers I, q
+ *   ...
+ *   2. Parse sigtype, C, and y from the signature as follows:
+ *      a. sigtype = strTou32(first 4 bytes of signature)
+ *      b. If sigtype is not equal to pubtype, return INVALID.
+ *      ...
+ *      d. C = next n bytes of signature
+ *      e.   y[0] = next n bytes of signature
+ *           y[1] = next n bytes of signature
+ *           ...
+ *         y[p-1] = next n bytes of signature
+ *   3. Compute the string Kc as follows:
+ *   ...
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      pub    LMS public key.
+ * @param [in]      msg    Message/next private key to verify.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @param [in]      sig    Signature including type, C and y[0..p-1].
+ * @param [out]     kc     Public key candidate Kc.
+ */
+static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg,
+    word32 msgSz, const byte* sig, byte* kc)
+{
+    int ret = 0;
+
+    /* Check signature type. */
+    if (XMEMCMP(pub, sig, LMS_TYPE_LEN) != 0) {
+        ret = SIG_TYPE_E;
+    }
+    if (ret == 0) {
+        /* Get C or randomizer value from signature. */
+        const byte* c = sig + LMS_TYPE_LEN;
+        /* Get array y from signature. */
+        const byte* y = c + state->params->hash_len;
+
+        /* Compute the public key candidate Kc from the signature. */
+        ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc);
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+/* Generate LM-OTS private key.
+ *
+ * Algorithm 5: Computing an LMS Private Key
+ * But use Appendix A to generate x on the fly.
+ *   PRIV = SEED | I
+ *
+ * @param [in]  rng       Random number generator.
+ * @param [in]  seed_len  Length of seed to generate.
+ * @param [out] priv      Private key data.
+ */
+static int wc_lmots_make_private_key(WC_RNG* rng, word16 seed_len, byte* priv)
+{
+    return wc_RNG_GenerateBlock(rng, priv, seed_len + LMS_I_LEN);
+}
+
+/* Generate LM-OTS signature.
+ *
+ * Algorithm 3: Generating a One-Time Signature From a Private Key and a
+ * Message
+ *   ...
+ *   4. Set C to a uniformly random n-byte string
+ *   5. Compute the array y as follows:
+ *      ...
+ *   6. Return u32str(type) || C || y[0] || ... || y[p-1]
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      seed   Private key seed.
+ * @param [in]      msg    Message to be signed.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @param [out]     sig    Signature buffer.
+ * @return  0 on success.
+ */
+static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg,
+    word32 msgSz, byte* sig)
+{
+    int ret;
+    byte* buffer = state->buffer;
+    byte* ip = buffer + LMS_I_LEN + LMS_Q_LEN;
+    byte* jp = ip + LMS_P_LEN;
+    byte* tmp = jp + LMS_W_LEN;
+    byte* sig_c = sig;
+
+    /* I || u32str(q) || u16str(0xFFFD) || ... */
+    c16toa(LMS_D_C, ip);
+    /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */
+    *jp = LMS_D_FIXED;
+#ifndef WC_LMS_FULL_HASH
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, sig_c);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, sig_c);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+#else
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), sig_c);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), sig_c);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    if (ret == 0) {
+        byte* sig_y = sig_c + state->params->hash_len;
+
+        /* Compute array y.
+         * sig = u32str(type) || C || y[0] || ... || y[p-1] */
+        ret = wc_lmots_compute_y_from_seed(state, seed, msg, msgSz, sig_c,
+            sig_y);
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_LMS_VERIFY_ONLY */
+
+/***************************************
+ * LMS APIs
+ **************************************/
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+#ifndef WOLFSSL_WC_LMS_SMALL
+/* Load the LMS private state from data.
+ *
+ * @param [in]  params     LMS parameters.
+ * @param [out] state      Private key state.
+ * @param [in]  priv_data  Private key data.
+ */
+static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state,
+    byte* priv_data)
+{
+    /* Authentication path data. */
+    state->auth_path = priv_data;
+    priv_data += params->height * params->hash_len;
+
+    /* Stack of nodes. */
+    state->stack.stack = priv_data;
+    priv_data += (params->height + 1) * params->hash_len;
+    ato32(priv_data, &state->stack.offset);
+    priv_data += 4;
+
+    /* Cached root nodes. */
+    state->root = priv_data;
+    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len);
+
+    /* Cached leaf nodes. */
+    state->leaf.cache = priv_data;
+    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len);
+    ato32(priv_data, &state->leaf.idx);
+    priv_data += 4;
+    ato32(priv_data, &state->leaf.offset);
+    /* priv_data += 4; */
+}
+
+/* Store the LMS private state into data.
+ *
+ * @param [in]      params     LMS parameters.
+ * @param [in]      state      Private key state.
+ * @param [in, out] priv_data  Private key data.
+ */
+static void wc_lms_priv_state_store(const LmsParams* params,
+    LmsPrivState* state, byte* priv_data)
+{
+    /* Authentication path data. */
+    priv_data += params->height * params->hash_len;
+
+    /* Stack of nodes. */
+    priv_data += (params->height + 1) * params->hash_len;
+    c32toa(state->stack.offset, priv_data);
+    priv_data += 4;
+
+    /* Cached root nodes. */
+    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len);
+
+    /* Cached leaf nodes. */
+    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len);
+    c32toa(state->leaf.idx, priv_data);
+    priv_data += 4;
+    c32toa(state->leaf.offset, priv_data);
+    /* priv_data += 4; */
+}
+
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+/* Copy LMS private key state.
+ *
+ * @param [in]  params  LMS parameters.
+ * @param [out] dst     LMS private state destination.
+ * @param [in]  src     LMS private state source.
+ */
+static void wc_lms_priv_state_copy(const LmsParams* params,
+    LmsPrivState* dst, const LmsPrivState* src)
+{
+    XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height,
+        params->rootLevels, params->cacheBits, params->hash_len));
+    dst->stack.offset = src->stack.offset;
+    dst->leaf.idx = src->leaf.idx;
+    dst->leaf.offset = src->leaf.offset;
+}
+#endif /* !WOLFSSL_LMS_NO_SIGN_SMOOTHING */
+#endif /* !WOLFSSL_WC_LMS_SMALL */
+
+/* Calculate the leaf node hash.
+ *
+ * Assumes buffer already contains : I
+ *
+ * Appendix C.
+ *   ...
+ *     temp = H(I || u32str(r)|| u16str(D_LEAF) || OTS_PUB_HASH[i])
+ *   ...
+ * Section 5.3. LMS Public Key
+ *                                        ... where we denote the public
+ *   key final hash value (namely, the K value computed in Algorithm 1)
+ *   associated with the i-th LM-OTS private key as OTS_PUB_HASH[i], ...
+ * Algorithm 1: Generating a One-Time Signature Public Key From a
+ * Private Key
+ *   ...
+ *   K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1])
+ *   ...
+ * Therefore:
+ *   OTS_PUB_HASH[i] = H(I || u32str(i) || u16str(D_PBLC) ||
+ *                       y[0] || ... || y[p-1])
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      seed   Private seed to generate x.
+ * @param [in]      i      Index of leaf.
+ * @param [in]      r      Leaf hash index.
+ * @param [out]     leaf   Leaf node hash.
+ */
+static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i,
+    word32 r, byte* leaf)
+{
+    int ret;
+    byte* buffer = state->buffer;
+    byte* rp = buffer + LMS_I_LEN;
+    byte* dp = rp + LMS_R_LEN;
+    byte* ots_pub_hash = dp + LMS_D_LEN;
+
+    /* I || u32str(i) || ... */
+    c32toa(i, rp);
+    /* OTS_PUB_HASH[i] = H(I || u32str(i) || u16str(D_PBLC) ||
+     *                     y[0] || ... || y[p-1])
+     */
+    ret = wc_lmots_make_public_hash(state, seed, ots_pub_hash);
+    if (ret == 0) {
+        /* I || u32str(r) || ... || OTS_PUB_HASH[i] */
+        c32toa(r, rp);
+        /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */
+        c16toa(LMS_D_LEAF, dp);
+        /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */
+#ifndef WC_LMS_FULL_HASH
+        /* Put in padding for final block. */
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            LMS_SHA256_SET_LEN_46(buffer);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, leaf);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            LMS_SHA256_SET_LEN_54(buffer);
+            ret = wc_lms_hash_block(&state->hash, buffer, leaf);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), leaf);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), leaf);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
+    }
+
+    return ret;
+}
+
+/* Calculate interior node hash.
+ *
+ * Appendix C. n Iterative Algorithm for Computing an LMS Public Key
+ * Generating an LMS Public Key from an LMS Private Key
+ *   ...
+ *   left_side = pop(data stack);
+ *   temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
+ *   ...
+ * Popping the stack is done in the caller.
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      sp     Stack pointer to left nodes.
+ * @param [in]      r      Node hash index.
+ * @param [out]     node   Interior node hash.
+ */
+static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r,
+    byte* node)
+{
+    int ret;
+    byte* buffer = state->buffer;
+    byte* rp = buffer + LMS_I_LEN;
+    byte* left = rp + LMS_R_LEN + LMS_D_LEN;
+
+    /* I || u32str(r) || u16str(D_INTR) || ... || temp */
+    c32toa(r, rp);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* left_side = pop(data stack)
+         * I || u32str(r) || u16str(D_INTR) || left_side || temp */
+        XMEMCPY(left, sp, WC_SHA256_192_DIGEST_SIZE);
+        /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), node);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* left_side = pop(data stack)
+         * I || u32str(r) || u16str(D_INTR) || left_side || temp */
+        XMEMCPY(left, sp, WC_SHA256_DIGEST_SIZE);
+        /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), node);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_WC_LMS_SMALL
+/* Computes hash of the Merkle tree and gets the authentication path for q.
+ *
+ * Appendix C: An Iterative Algorithm for Computing an LMS Public Key
+ *    for ( i = 0; i < 2^h; i = i + 1 ) {
+ *      r = i + num_lmots_keys;
+ *      temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i])
+ *      j = i;
+ *      while (j % 2 == 1) {
+ *        r = (r - 1)/2;
+ *        j = (j-1) / 2;
+ *        left_side = pop(data stack);
+ *        temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
+ *      }
+ *      push temp onto the data stack
+ *   }
+ *   public_key = pop(data stack)
+ *
+ * @param [in, out] state      LMS state.
+ * @param [in]      id         Unique tree identifier, I.
+ * @param [in]      seed       Private seed to generate x.
+ * @param [in]      max        Count of leaf nodes to calculate. Must be greater
+ *                             than q. Must be a power of 2.
+ * @param [in]      q          Index for authentication path.
+ * @param [out]     auth_path  Authentication path for index.
+ * @param [out]     pub        LMS public key.
+ * @param [out]     stack_d    Where to store stack data.
+ * @return  0 on success.
+ */
+static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
+    word32 q, byte* auth_path, byte* pub)
+{
+    int ret = 0;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    byte* rp = buffer + LMS_I_LEN;
+    byte* dp = rp + LMS_R_LEN;
+    byte* left = dp + LMS_D_LEN;
+    byte* temp = left + params->hash_len;
+#ifdef WOLFSSL_SMALL_STACK
+    byte* stack = NULL;
+#else
+    byte stack[(LMS_MAX_HEIGHT + 1) * LMS_MAX_NODE_LEN];
+#endif /* WOLFSSL_SMALL_STACK */
+    byte* sp;
+    word32 i;
+
+    /* I || ... */
+    XMEMCPY(buffer, id, LMS_I_LEN);
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate stack of left side hashes. */
+    stack = XMALLOC((params->height + 1) * params->hash_len, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (stack == NULL) {
+        ret = MEMORY_E;
+    }
+#endif /* WOLFSSL_SMALL_STACK */
+    sp = stack;
+
+    /* Compute all nodes requested. */
+    for (i = 0; (ret == 0) && (i < ((word32)1 << params->height)); i++) {
+        word32 j = i;
+        word16 h = 0;
+        /* r = i + num_lmots_keys */
+        word32 r = i + ((word32)1 << (params->height));
+
+        /* Calculate leaf node hash. */
+        ret = wc_lms_leaf_hash(state, seed, i, r, temp);
+
+        /* Store the node if on the authentication path. */
+        if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) {
+            XMEMCPY(auth_path, temp, params->hash_len);
+        }
+
+        /* I || ... || u16str(D_INTR) || ... || temp */
+        c16toa(LMS_D_INTR, dp);
+        /* Calculate parent node is we have both left and right. */
+        while ((ret == 0) && ((j & 0x1) == 1)) {
+            /* Get parent node index. r and j are odd. */
+            r >>= 1;
+            j >>= 1;
+            h++;
+
+            /* Calculate interior node hash.
+             * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
+             */
+            sp -= params->hash_len;
+            ret = wc_lms_interior_hash(state, sp, r, temp);
+
+            /* Copy out node to authentication path if on path. */
+            if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) {
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
+            }
+        }
+        /* Push temp onto the data stack. */
+        XMEMCPY(sp, temp, params->hash_len);
+        sp += params->hash_len;
+    }
+
+    if ((ret == 0) && (pub != NULL)) {
+        /* Public key, root node, is top of data stack. */
+        XMEMCPY(pub, stack, params->hash_len);
+    }
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* WOLFSSL_SMALL_STACK */
+    return ret;
+}
+
+/* Compute the LMS public key - root node of tree.
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      id     Unique tree identifier, I.
+ * @param [in]      seed   Private seed to generate x.
+ * @param [out]     pub    LMS public key.
+ * @return  0 on success.
+ */
+static int wc_lms_make_public_key(LmsState* state, const byte* id,
+    const byte* seed, byte* pub)
+{
+    return wc_lms_treehash(state, id, seed, 0, NULL, pub);
+}
+
+/* Calculate the authentication path.
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      id     Public random: I.
+ * @param [in]      seed   Private random: SEED.
+ * @param [in]      q      Index of leaf.
+ * @param [out]     sig    Signature buffer to place authentication path into.
+ * @param [out]     root   Root node of tree.
+ * @return  0 on success.
+ */
+static int wc_lms_auth_path(LmsState* state, const byte* id, const byte* seed,
+    word32 q, byte* sig, byte* root)
+{
+    return wc_lms_treehash(state, id, seed, q, sig, root);
+}
+#else
+/* Computes hash of the Merkle tree and gets the authentication path for q.
+ *
+ * Appendix C: An Iterative Algorithm for Computing an LMS Public Key
+ *    for ( i = 0; i < 2^h; i = i + 1 ) {
+ *      r = i + num_lmots_keys;
+ *      temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i])
+ *      j = i;
+ *      while (j % 2 == 1) {
+ *        r = (r - 1)/2;
+ *        j = (j-1) / 2;
+ *        left_side = pop(data stack);
+ *        temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
+ *      }
+ *      push temp onto the data stack
+ *   }
+ *   public_key = pop(data stack)
+ *
+ * @param [in, out] state      LMS state.
+ * @param [in, out] privState  LMS state of the private key.
+ * @param [in]      id         Unique tree identifier, I.
+ * @param [in]      seed       Private seed to generate x.
+ * @param [in]      q          Index for authentication path.
+ * @return  0 on success.
+ */
+static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
+    const byte* id, const byte* seed, word32 q)
+{
+    int ret = 0;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    byte* auth_path = privState->auth_path;
+    byte* root = privState->root;
+    HssLeafCache* leaf = &privState->leaf;
+    byte* rp = buffer + LMS_I_LEN;
+    byte* dp = rp + LMS_R_LEN;
+    byte* left = dp + LMS_D_LEN;
+    byte* temp = left + params->hash_len;
+#ifdef WOLFSSL_SMALL_STACK
+    byte* stack = NULL;
+#else
+    byte stack[(LMS_MAX_HEIGHT + 1) * LMS_MAX_NODE_LEN];
+#endif /* WOLFSSL_SMALL_STACK */
+    word32 spi = 0;
+    word32 i;
+    word32 max_h = (word32)1 << params->height;
+    word32 max_cb = (word32)1 << params->cacheBits;
+
+    privState->stack.offset = 0;
+    /* Reset the cached stack. */
+    leaf->offset = 0;
+    leaf->idx = q;
+    if ((q + max_cb) > max_h) {
+        leaf->idx = max_h - max_cb;
+    }
+
+    /* I || ... */
+    XMEMCPY(buffer, id, LMS_I_LEN);
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate stack of left side hashes. */
+    stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (stack == NULL) {
+        ret = MEMORY_E;
+    }
+#endif /* WOLFSSL_SMALL_STACK */
+
+    /* Compute all nodes requested. */
+    for (i = 0; (ret == 0) && (i < max_h); i++) {
+        word32 j = i;
+        word16 h = 0;
+        /* r = i + num_lmots_keys */
+        word32 r = i + max_h;
+
+        /* Calculate leaf node hash. */
+        ret = wc_lms_leaf_hash(state, seed, i, r, temp);
+
+        /* Cache leaf node if in range. */
+        if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) {
+            XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len);
+        }
+
+        /* Store the node if on the authentication path. */
+        if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) {
+            XMEMCPY(auth_path, temp, params->hash_len);
+        }
+
+        /* I || ... || u16str(D_INTR) || ... || temp */
+        c16toa(LMS_D_INTR, dp);
+        /* Calculate parent node is we have both left and right. */
+        while ((ret == 0) && ((j & 0x1) == 1)) {
+            /* Get parent node index. r and j are odd. */
+            r >>= 1;
+            j >>= 1;
+            h++;
+
+            /* Calculate interior node hash.
+             * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
+             */
+            spi -= params->hash_len;
+            ret = wc_lms_interior_hash(state, stack + spi, r, temp);
+
+            /* Copy out top root nodes. */
+            if ((h > params->height - params->rootLevels) &&
+                    ((i >> (h-1)) != ((i + 1) >> (h - 1)))) {
+                int off = (1 << (params->height - h)) + (i >> h) - 1;
+                XMEMCPY(root + off * params->hash_len, temp, params->hash_len);
+            }
+
+            /* Copy out node to authentication path if on path. */
+            if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) {
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
+            }
+        }
+        /* Push temp onto the data stack. */
+        XMEMCPY(stack + spi, temp, params->hash_len);
+        spi += params->hash_len;
+
+        if (i == q - 1) {
+            XMEMCPY(privState->stack.stack, stack, spi);
+            privState->stack.offset = spi;
+        }
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* WOLFSSL_SMALL_STACK */
+    return ret;
+}
+
+/* Computes hash of the Merkle tree and gets the authentication path for q.
+ *
+ * Appendix C: An Iterative Algorithm for Computing an LMS Public Key
+ *    for ( i = 0; i < 2^h; i = i + 1 ) {
+ *      r = i + num_lmots_keys;
+ *      temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i])
+ *      j = i;
+ *      while (j % 2 == 1) {
+ *        r = (r - 1)/2;
+ *        j = (j-1) / 2;
+ *        left_side = pop(data stack);
+ *        temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
+ *      }
+ *      push temp onto the data stack
+ *   }
+ *   public_key = pop(data stack)
+ *
+ * @param [in, out] state       LMS state.
+ * @param [in, out] privState   LMS state of the private key.
+ * @param [in]      id          Unique tree identifier, I.
+ * @param [in]      seed        Private seed to generate x.
+ * @param [in]      min_idx     Minimum leaf index to process.
+ * @param [in]      max_idx     Maximum leaf index to process.
+ * @param [in]      q           Index for authentication path.
+ * @param [in]      useRoot     Whether to use nodes from root cache.
+ * @return  0 on success.
+ */
+static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
+    const byte* id, const byte* seed, word32 min_idx, word32 max_idx, word32 q,
+    int useRoot)
+{
+    int ret = 0;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    byte* auth_path = privState->auth_path;
+    LmsStack* stackCache = &privState->stack;
+    HssLeafCache* leaf = &privState->leaf;
+    byte* rp = buffer + LMS_I_LEN;
+    byte* dp = rp + LMS_R_LEN;
+    byte* left = dp + LMS_D_LEN;
+    byte* temp = left + params->hash_len;
+#ifdef WOLFSSL_SMALL_STACK
+    byte* stack = NULL;
+#else
+    byte stack[(LMS_MAX_HEIGHT + 1) * LMS_MAX_NODE_LEN];
+#endif /* WOLFSSL_SMALL_STACK */
+    byte* sp;
+    word32 max_cb = (word32)1 << params->cacheBits;
+    word32 i;
+
+    /* I || ... */
+    XMEMCPY(buffer, id, LMS_I_LEN);
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate stack of left side hashes. */
+    stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (stack == NULL) {
+        ret = MEMORY_E;
+    }
+#endif /* WOLFSSL_SMALL_STACK */
+
+    /* Public key, root node, is top of data stack. */
+    if (ret == 0) {
+        XMEMCPY(stack, stackCache->stack, params->height * params->hash_len);
+        sp = stack + stackCache->offset;
+    }
+
+    /* Compute all nodes requested. */
+    for (i = min_idx; (ret == 0) && (i <= max_idx); i++) {
+        word32 j = i;
+        word16 h = 0;
+        /* r = i + num_lmots_keys */
+        word32 r = i + ((word32)1 << (params->height));
+
+        if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) {
+            /* Calculate offset of node in cache. */
+            word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) *
+                params->hash_len;
+            /* Copy cached node into working buffer. */
+            XMEMCPY(temp, leaf->cache + off, params->hash_len);
+            /* I || u32str(i) || ... */
+            c32toa(i, rp);
+        }
+        else {
+            /* Calculate leaf node hash. */
+            ret = wc_lms_leaf_hash(state, seed, i, r, temp);
+
+            /* Check if this is at the end of the cache and not beyond q plus
+             * the number of leaf nodes. */
+            if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) {
+                /* Copy working node into cache over old first node. */
+                XMEMCPY(leaf->cache + leaf->offset * params->hash_len, temp,
+                    params->hash_len);
+                /* Increase start index as first node replaced. */
+                leaf->idx++;
+                /* Update offset of first leaf node. */
+                leaf->offset = (leaf->offset + 1) & (max_cb - 1);
+            }
+        }
+
+        /* Store the node if on the authentication path. */
+        if ((ret == 0) && ((q ^ 0x1) == i)) {
+            XMEMCPY(auth_path, temp, params->hash_len);
+        }
+
+        /* I || ... || u16str(D_INTR) || ... || temp */
+        c16toa(LMS_D_INTR, dp);
+        /* Calculate parent node if we have both left and right. */
+        while ((ret == 0) && ((j & 0x1) == 1)) {
+            /* Get parent node index. r and j are odd. */
+            r >>= 1;
+            j >>= 1;
+            h++;
+
+            sp -= params->hash_len;
+            if (useRoot && (h > params->height - params->rootLevels) &&
+                    (h <= params->height)) {
+                /* Calculate offset of cached root node. */
+                word32 off = ((word32)1U << (params->height - h)) +
+                    (i >> h) - 1;
+                XMEMCPY(temp, privState->root + (off * params->hash_len),
+                    params->hash_len);
+            }
+            else {
+                /* Calculate interior node hash.
+                 * temp = H(I || u32str(r) || u16str(D_INTR) || left_side ||
+                 *          temp)
+                 */
+                ret = wc_lms_interior_hash(state, sp, r, temp);
+            }
+
+            /* Copy out top root nodes. */
+            if ((ret == 0) && (q == 0) && (!useRoot) &&
+                    (h > params->height - params->rootLevels) &&
+                    ((i >> (h-1)) != ((i + 1) >> (h - 1)))) {
+                int off = (1 << (params->height - h)) + (i >> h) - 1;
+                XMEMCPY(privState->root + off * params->hash_len, temp,
+                    params->hash_len);
+            }
+
+            /* Copy out node to authentication path if on path. */
+            if ((ret == 0) && (((q >> h) ^ 0x1) == j)) {
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
+            }
+        }
+        if (ret == 0) {
+            /* Push temp onto the data stack. */
+            XMEMCPY(sp, temp, params->hash_len);
+            sp += params->hash_len;
+
+            /* Save stack after updating first node. */
+            if (i == min_idx) {
+                /* Copy stack back. */
+                stackCache->offset = (word32)((size_t)sp - (size_t)stack);
+                XMEMCPY(stackCache->stack, stack, stackCache->offset);
+            }
+        }
+    }
+
+    if (!useRoot && (ret == 0)) {
+        /* Copy stack back. */
+        XMEMCPY(stackCache->stack, stack, params->height * params->hash_len);
+        stackCache->offset = (word32)((size_t)sp - (size_t)stack);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* WOLFSSL_SMALL_STACK */
+    return ret;
+}
+#endif /* WOLFSSL_WC_LMS_SMALL */
+
+/* Sign message using LMS.
+ *
+ * Appendix D. Method for Deriving Authentication Path for a Signature.
+ * Generating an LMS Signature
+ *   ...
+ *   3. Create the LM-OTS signature for the message:
+ *      ots_signature = lmots_sign(message, LMS_PRIV[q])
+ *   4. Compute the array path as follows:
+ *      ...
+ *   5. S = u32str(q) || ots_signature || u32str(type) ||
+ *                           path[0] || path[1] || ... || path[h-1]
+ *   ...
+ * path[] added by caller as it can come from cache.
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      priv   LMS private key.
+ * @param [in]      msg    Message/public key to sign.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @param [out]     sig    LMS signature.
+ * @return  0 on success.
+ */
+static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg,
+    word32 msgSz, byte* sig)
+{
+    int ret;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    byte* s = sig;
+    const byte* priv_q = priv;
+    const byte* priv_seed = priv_q + LMS_Q_LEN;
+    const byte* priv_i = priv_seed + params->hash_len;
+
+    /* Setup for hashing: I || Q */
+    XMEMCPY(buffer, priv_i, LMS_I_LEN);
+    XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN);
+
+    /* Copy q from private key.
+     * S = u32str(q) || ... */
+    XMEMCPY(s, priv_q, LMS_Q_LEN);
+    s += LMS_Q_LEN;
+
+    /* ots_signature = sig = u32str(type) || ... */
+    c32toa(state->params->lmOtsType, s);
+    s += LMS_TYPE_LEN;
+    /* Sign this level.
+     * S = u32str(q) || ots_signature || ... */
+    ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s);
+    if (ret == 0) {
+        /* Skip over ots_signature. */
+        s += params->hash_len + params->p * params->hash_len;
+        /* S = u32str(q) || ots_signature || u32str(type) || ... */
+        c32toa(params->lmsType, s);
+    }
+
+    return ret;
+}
+
+#if !defined(WOLFSSL_WC_LMS_SMALL) && !defined(WOLFSSL_LMS_NO_SIG_CACHE)
+/* Copy in the cached signature data.
+ *
+ * @param [in]  params    LMS parameters.
+ * @param [in]  y         y cache.
+ * @param [in]  priv      Private key data.
+ * @param [out] sig       Signature data.
+ */
+static void wc_lms_sig_copy(const LmsParams* params, const byte* y,
+    const byte* priv, byte* sig)
+{
+    /* Put in q. */
+    XMEMCPY(sig, priv, LMS_Q_LEN);
+    sig += LMS_Q_LEN;
+    /* S = u32str(q) || ... */
+    c32toa(params->lmOtsType, sig);
+    sig += LMS_TYPE_LEN;
+    /* S = u32str(q) || ots_signature || ... */
+    XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len);
+    sig += params->hash_len + params->p * params->hash_len;
+    /* S = u32str(q) || ots_signature || u32str(type) || ... */
+    c32toa(params->lmsType, sig);
+}
+#endif /* !WOLFSSL_WC_LMS_SMALL && !WOLFSSL_LMS_NO_SIG_CACHE */
+#endif /* !WOLFSSL_LMS_VERIFY_ONLY */
+
+/* Compute the root node of the LMS tree.
+ *
+ * Algorithm 6a: Computing an LMS Public Key Candidate from a Signature,
+ * Message, Identifier, and Algorithm Typecodes
+ *   ...
+ *   4. Compute the candidate LMS root value Tc as follows:
+ *      node_num = 2^h + q
+ *      tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc)
+ *      i = 0
+ *      while (node_num > 1) {
+ *        if (node_num is odd):
+ *          tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+ *        else:
+ *          tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+ *        node_num = node_num/2
+ *        i = i + 1
+ *      }
+ *      Tc = tmp
+ *   5. Return Tc.
+ *
+ * @param [in, out]  state  LMS state.
+ * @param [in]       q      Index of node.
+ * @param [in]       kc     K candidate.
+ * @param [in]       path   Authentication path from signature.
+ * @param [out]      tc     T candidate.
+ * @return  0 on success.
+ */
+static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc,
+    const byte* path, byte* tc)
+{
+    int ret;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    byte* rp = buffer + LMS_I_LEN;
+    byte* ip = rp + LMS_Q_LEN;
+    byte* node = ip + LMS_P_LEN;
+    byte* b[2][2];
+    /* node_num = 2^h + q */
+    word32 r = (1 << params->height) + q;
+
+    /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */
+    c32toa(r, rp);
+    c16toa(LMS_D_LEAF, ip);
+    XMEMCPY(node, kc, params->hash_len);
+    /* Put tmp into offset required for first iteration. */
+#ifndef WC_LMS_FULL_HASH
+    /* Put in padding for final block. */
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][1] = node;
+        LMS_SHA256_SET_LEN_46(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, b[r & 1][0]);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][1] = node;
+        LMS_SHA256_SET_LEN_54(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+#else
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][1] = node;
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][1] = node;
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    if (ret == 0) {
+        int i;
+
+        /* I||...||u16str(D_INT)||... */
+        c16toa(LMS_D_INTR, ip);
+
+        /* Do all but last height. */
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE);
+                path += WC_SHA256_192_DIGEST_SIZE;
+
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into offset required for next iteration. */
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]);
+            }
+            if (ret == 0) {
+                /* Last height. */
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into Tc.*/
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), tc);
+            }
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE);
+                path += WC_SHA256_DIGEST_SIZE;
+
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into offset required for next iteration. */
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]);
+            }
+            if (ret == 0) {
+                /* Last height. */
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into Tc.*/
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), tc);
+            }
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+    }
+
+    return ret;
+}
+
+/* LMS verify message using public key and signature.
+ *
+ * Algorithm 6a: Computing an LMS Public Key Candidate from a Signature,
+ * Message, Identifier, and Algorithm Typecodes
+ *   ...
+ *   2. Parse sigtype, q, lmots_signature, and path from the signature
+ *      as follows:
+ *      a. q = strTou32(first 4 bytes of signature)
+ *      ...
+ *      e. lmots_signature = bytes 4 through 7 + n * (p + 1)
+ *         of signature
+ *      ...
+ *      j. Set path as follows:
+ *           path[0] = next m bytes of signature
+ *           path[1] = next m bytes of signature
+ *              ...
+ *         path[h-1] = next m bytes of signature
+ *   3. Kc = candidate public key computed by applying Algorithm 4b
+ *      to the signature lmots_signature, the message, and the
+ *      identifiers I, q
+ *   4. Compute the candidate LMS root value Tc as follows:
+ *      ...
+ *   5. Return Tc
+ * Algorithm 6: LMS Signature Verification
+ *   ...
+ *   3. Compute the LMS Public Key Candidate Tc from the signature,
+ *      message, identifier, pubtype, and ots_typecode, using
+ *      Algorithm 6a.
+ *   4. If Tc is equal to T[1], return VALID; otherwise, return INVALID.
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      pub    LMS public key.
+ * @param [in]      msg    Message/public key to verify.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @param [in]      sig    LMS signature.
+ */
+static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg,
+    word32 msgSz, const byte* sig)
+{
+    int ret;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    const byte* pub_i = pub + LMS_TYPE_LEN + LMS_TYPE_LEN;
+    const byte* pub_k = pub_i + LMS_I_LEN;
+    const byte* sig_q = sig;
+    byte tc[LMS_MAX_NODE_LEN];
+    byte* kc = tc;
+
+    /* Algorithm 6. Step 3. */
+    /* Check the public key LMS type matches parameters. */
+    ret = wc_lmots_public_key_check(params, pub);
+    if (ret == 0) {
+        /* Algorithm 6a. Step 2.e. */
+        const byte* sig_lmots = sig + LMS_Q_LEN;
+
+        /* Setup buffer with I || Q. */
+        XMEMCPY(buffer, pub_i, LMS_I_LEN);
+        XMEMCPY(buffer + LMS_I_LEN, sig_q, LMS_Q_LEN);
+
+        /* Algorithm 6a. Step 3. */
+        ret = wc_lmots_calc_kc(state, pub + LMS_TYPE_LEN, msg, msgSz,
+            sig_lmots, kc);
+    }
+    if (ret == 0) {
+        /* Algorithm 6a. Step 2.j. */
+        const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN +
+            params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN;
+        word32 q;
+
+        /* Algorithm 6a. Step 2.a. */
+        ato32(sig_q, &q);
+
+        /* Algorithm 6a. Steps 4-5. */
+        ret = wc_lms_compute_root(state, q, kc, sig_path, tc);
+    }
+    /* Algorithm 6. Step 4. */
+    if ((ret == 0) && (XMEMCMP(pub_k, tc, params->hash_len) != 0)) {
+        ret = SIG_VERIFY_E;
+    }
+
+    return ret;
+}
+
+/***************************************
+ * HSS APIs
+ **************************************/
+
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+/* Derive the seed and i for child.
+ *
+ * @param [in, out] state   LMS state.
+ * @param [in]      id      Parent's I.
+ * @param [in]      seed    Parent's SEED.
+ * @param [in]      q       Parent's q.
+ * @param [out]     seed_i  Derived SEED and I.
+ * @return  0 on success.
+ */
+static int wc_hss_derive_seed_i(LmsState* state, const byte* id,
+    const byte* seed, const byte* q, byte* seed_i)
+{
+    int ret = 0;
+    byte buffer[WC_SHA256_BLOCK_SIZE];
+    byte* idp = buffer;
+    byte* qp = idp + LMS_I_LEN;
+    byte* ip = qp + LMS_Q_LEN;
+    byte* jp = ip + LMS_P_LEN;
+    byte* tmp = jp + LMS_W_LEN;
+
+    /* parent's I || ... */
+    XMEMCPY(idp, id, LMS_I_LEN);
+    /* parent's I || q || ... */
+    XMEMCPY(qp, q, LMS_Q_LEN);
+    /* parent's I || q || D_CHILD_SEED || ... */
+    c16toa(LMS_D_CHILD_SEED, ip);
+    /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */
+    *jp = LMS_D_FIXED;
+    /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */
+    XMEMCPY(tmp, seed, state->params->hash_len);
+    /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */
+#ifndef WC_LMS_FULL_HASH
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, seed_i);
+        if (ret == 0) {
+            seed_i += WC_SHA256_192_DIGEST_SIZE;
+        }
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, seed_i);
+        if (ret == 0) {
+            seed_i += WC_SHA256_DIGEST_SIZE;
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+#else
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), seed_i);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), seed_i);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    if (ret == 0) {
+        /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */
+        c16toa(LMS_D_CHILD_I, ip);
+        /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
+        /* Copy part of hash as new I into private key. */
+        XMEMCPY(seed_i, tmp, LMS_I_LEN);
+    }
+
+    return ret;
+}
+
+/* Get q, index, of leaf at the specified level. */
+#define LMS_Q_AT_LEVEL(q, ls, l, h)                                 \
+    (w64GetLow32(w64ShiftRight((q), (((ls) - 1 - (l)) * (h)))) &    \
+     (((word32)1 << (h)) - 1))
+
+/* Expand the seed and I for further levels and set q for each level.
+ *
+ * @param [in, out] state     LMS state.
+ * @param [in, out] priv      Private key for use in signing.
+ * @param [in]      priv_raw  Private key read.
+ * @param [in]      inc       Whether this is an incremental expansion.
+ * @return  0 on success.
+ */
+static int wc_hss_expand_private_key(LmsState* state, byte* priv,
+    const byte* priv_raw, int inc)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+    w64wrapper q;
+    w64wrapper qm1;
+    word32 q32;
+    byte* priv_q;
+    byte* priv_seed_i;
+    int i;
+
+    /* Get the 64-bit q value from the raw private key. */
+    ato64(priv_raw, &q);
+    /* Step over q and parameter set. */
+    priv_raw += HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN;
+
+    /* Get q of highest level. */
+    q32 = LMS_Q_AT_LEVEL(q, params->levels, 0, params->height);
+    /* Set q of highest tree. */
+    c32toa(q32, priv);
+
+    /* Incremental expansion needs q-1. */
+    if (inc) {
+        /* Calculate q-1 for comparison. */
+        qm1 = q;
+        w64Decrement(&qm1);
+    }
+    else {
+        /* Copy out SEED and I into private key. */
+        XMEMCPY(priv + LMS_Q_LEN, priv_raw, params->hash_len + LMS_I_LEN);
+    }
+
+    /* Compute SEED and I for rest of levels. */
+    for (i = 1; (ret == 0) && (i < params->levels); i++) {
+        /* Don't skip calculating SEED and I. */
+        int skip = 0;
+
+        /* Incremental means q, SEED and I already present if q unchanged. */
+        if (inc) {
+            /* Calculate previous levels q for previous 64-bit q value. */
+            word32 qm1_32 = LMS_Q_AT_LEVEL(qm1, params->levels, i - 1,
+                params->height);
+            /* Same q at previous level means no need to re-compute. */
+            if (q32 == qm1_32) {
+                /* Do skip calculating SEED and I. */
+                skip = 1;
+            }
+        }
+
+        /* Get pointers into private q to write q and seed + I. */
+        priv_q = priv;
+        priv += LMS_Q_LEN;
+        priv_seed_i = priv;
+        priv += params->hash_len + LMS_I_LEN;
+
+        /* Get q for level from 64-bit composite. */
+        q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) *
+            params->height)) & (((word32)1 << params->height) - 1);
+        /* Set q of tree. */
+        c32toa(q32, priv);
+
+        if (!skip) {
+            /* Derive SEED and I into private key. */
+            ret = wc_hss_derive_seed_i(state, priv_seed_i + params->hash_len,
+                priv_seed_i, priv_q, priv + LMS_Q_LEN);
+        }
+    }
+
+    return ret;
+}
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+/* Initialize the next subtree.
+ *
+ * @param [in] state      LMS state.
+ * @param [in] privState  LMS private state.
+ * @param [in] curr       Current private key.
+ * @param [in] priv       Next private key.
+ * @param [in] q          q for this level.
+ * @return  0 on success.
+ */
+static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState,
+    byte* curr, byte* priv, word32 q)
+{
+    int ret;
+    const LmsParams* params = state->params;
+    byte* priv_q;
+    byte* priv_seed;
+    byte* priv_i;
+    word32 pq;
+
+    priv_q = priv;
+    priv += LMS_Q_LEN;
+    priv_seed = curr + LMS_Q_LEN;
+    priv += params->hash_len;
+    priv_i = curr + LMS_Q_LEN + params->hash_len;
+    priv += LMS_I_LEN;
+
+    ato32(curr, &pq);
+    pq = (pq + 1) & ((1 << params->height) - 1);
+    c32toa(pq, priv_q);
+
+    privState->stack.offset = 0;
+    privState->leaf.idx = (word32)-(1 << params->cacheBits);
+    privState->leaf.offset = 0;
+
+    /* Derive SEED and I for next tree. */
+    ret = wc_hss_derive_seed_i(state, priv_i, priv_seed, priv_q,
+        priv + LMS_Q_LEN);
+    if (ret == 0) {
+        /* Update treehash for first leaf. */
+        ret = wc_lms_treehash_update(state, privState,
+            priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, 0, q, 0, 0);
+    }
+
+    return ret;
+}
+
+/* Increment count on next subtree.
+ *
+ * @param [in] state     LMS state.
+ * @param [in] priv_key  HSS private key.
+ * @param [in] q64       64-bit q for all levels.
+ * @return  0 on success.
+ */
+static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
+    w64wrapper q64)
+{
+    int ret = 0;
+    const LmsParams* params = state->params;
+    byte* curr = priv_key->priv;
+    byte* priv = priv_key->next_priv;
+    int i;
+    w64wrapper p64 = q64;
+    byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)];
+    int use_tmp = 0;
+    int lastQMax = 0;
+    w64wrapper p64_hi;
+    w64wrapper q64_hi;
+
+    /* Get previous index. */
+    w64Decrement(&p64);
+    /* Get index of previous and current parent. */
+    p64_hi = w64ShiftRight(p64, (params->levels - 1) * params->height);
+    q64_hi = w64ShiftRight(q64, (params->levels - 1) * params->height);
+    for (i = 1; (ret == 0) && (i < params->levels); i++) {
+        word32 qc;
+        w64wrapper cp64_hi;
+        w64wrapper cq64_hi;
+
+        /* Get index of previous and current child. */
+        cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height);
+        cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height);
+        /* Get the q for the child. */
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc);
+
+        /* Compare index of parent node with previous value. */
+        if (w64LT(p64_hi, q64_hi)) {
+            wc_lms_priv_state_copy(params, &priv_key->state[i],
+                &priv_key->next_state[i-1]);
+            ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1],
+                use_tmp ? tmp_priv : curr, priv, 0);
+            use_tmp = 0;
+        }
+        /* Check whether the child is in a new subtree. */
+        else if ((qc == ((word32)1 << params->height) - 1) &&
+                w64LT(cp64_hi, cq64_hi)) {
+            XMEMSET(tmp_priv, 0, LMS_Q_LEN);
+            /* Check whether the node at the previous level is also in a new
+             * subtree. */
+            if (lastQMax) {
+                /* Calculate new SEED and I based on new subtree. */
+                ret = wc_hss_derive_seed_i(state,
+                    priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN,
+                    tmp_priv, tmp_priv + LMS_Q_LEN);
+            }
+            else {
+                /* Calculate new SEED and I based on parent. */
+                ret = wc_hss_derive_seed_i(state,
+                    curr + LMS_Q_LEN + params->hash_len, curr + LMS_Q_LEN, priv,
+                    tmp_priv + LMS_Q_LEN);
+            }
+            /* Values not stored so note that they are in temporary. */
+            use_tmp = 1;
+
+            /* Set the the q. */
+            XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN);
+        }
+
+        lastQMax = (qc == ((word32)1 << params->height) - 1);
+        curr += LMS_PRIV_LEN(params->hash_len);
+        priv += LMS_PRIV_LEN(params->hash_len);
+        p64_hi = cp64_hi;
+        q64_hi = cq64_hi;
+    }
+
+    return ret;
+}
+
+/* Initialize the next subtree for each level bar the highest.
+ *
+ * @param [in, out] state     LMS state.
+ * @param [out]     priv_key  Private key data.
+ * @return  0 on success.
+ */
+static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key)
+{
+    int ret = 0;
+    const LmsParams* params = state->params;
+    byte* curr = priv_key->priv;
+    byte* priv = priv_key->next_priv;
+    int i;
+
+    XMEMCPY(priv, curr, LMS_PRIV_LEN(params->hash_len));
+    wc_lms_idx_inc(priv, LMS_Q_LEN);
+
+    for (i = 1; (ret == 0) && (i < params->levels); i++) {
+        word32 q;
+
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), &q);
+        ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1],
+            curr, priv, q);
+
+        curr += LMS_PRIV_LEN(params->hash_len);
+        priv += LMS_PRIV_LEN(params->hash_len);
+    }
+
+    return ret;
+}
+#endif
+
+/* Update the authentication path and caches.
+ *
+ * @param [in, out] state     LMS state.
+ * @param [in, out] priv_key  Private key information.
+ * @param [in]      levels    Number of level to start at.
+ * @param [out]     pub_root  Public root.
+ * @return  0 on success.
+ */
+static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key,
+    byte* pub_root)
+{
+    int ret = 0;
+    int levels = state->params->levels;
+    byte* priv = priv_key->priv +
+        LMS_PRIV_LEN(state->params->hash_len) * (levels - 1);
+    int l;
+
+    for (l = levels - 1; (ret == 0) && (l >= 0); l--) {
+        word32 q;
+        const byte* priv_q = priv;
+        const byte* priv_seed = priv_q + LMS_Q_LEN;
+        const byte* priv_i = priv_seed + state->params->hash_len;
+
+        /* Get current q for tree at level. */
+        ato32(priv_q, &q);
+        /* Set cache start to a value that indicates no numbers available. */
+        ret = wc_lms_treehash_init(state, &priv_key->state[l], priv_i,
+             priv_seed, q);
+
+        /* Move onto next level's data. */
+        priv -= LMS_PRIV_LEN(state->params->hash_len);
+    }
+
+    if ((ret == 0) && (pub_root != NULL)) {
+        XMEMCPY(pub_root, priv_key->state[0].root, state->params->hash_len);
+    }
+
+    return ret;
+}
+
+/* Calculate the corresponding authentication path index at that height.
+ *
+ * @param [in] i  Leaf node index.
+ * @param [in] h  Height to calculate for.
+ * @return  Index on authentication path.
+ */
+#define LMS_AUTH_PATH_IDX(i, h)                                 \
+    (((i) ^ ((word32)1U << (h))) | (((word32)1U << (h)) - 1))
+
+/* Update the authentication path.
+ *
+ * @param [in, out] state     LMS state.
+ * @param [in, out] priv_key  Private key information.
+ * @param [in]      levels    Number of level to start at.
+ * @return  0 on success.
+ */
+static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
+    byte* priv_raw, int levels)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+    byte* priv = priv_key->priv + LMS_PRIV_LEN(params->hash_len) * (levels - 1);
+    int i;
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+    w64wrapper q64;
+#endif
+
+    (void)priv_raw;
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+    ato64(priv_raw, &q64);
+#endif
+
+    for (i = levels - 1; (ret == 0) && (i >= 0); i--) {
+        word32 q;
+        const byte* priv_q = priv;
+        const byte* priv_seed = priv_q + LMS_Q_LEN;
+        const byte* priv_i = priv_seed + params->hash_len;
+        LmsPrivState* privState = &priv_key->state[i];
+
+        /* Get q for tree at level. */
+        ato32(priv_q, &q);
+    #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+        if ((levels > 1) && (i == levels - 1) && (q == 0)) {
+            /* New sub-tree. */
+            ret = wc_hss_next_subtree_inc(state, priv_key, q64);
+        }
+        if ((ret == 0) && (q != 0))
+    #else
+        if (q == 0) {
+            /* New sub-tree. */
+            ret = wc_lms_treehash_init(state, privState, priv_i, priv_seed, 0);
+        }
+        else
+    #endif
+        {
+            word32 maxq = q - 1;
+            int h;
+            int maxh = params->height;
+
+            /* Check each index at each height needed for the auth path. */
+            for (h = 0; (h < maxh) && (h <= maxh - params->rootLevels); h++) {
+                /* Calculate the index for current q and q-1. */
+                word32 qa = LMS_AUTH_PATH_IDX(q, h);
+                word32 qm1a = LMS_AUTH_PATH_IDX(q - 1, h);
+                /* If different then needs to be computed so keep highest. */
+                if ((qa != qm1a) && (qa > maxq)) {
+                    maxq = qa;
+                }
+            }
+            for (; h < maxh; h++) {
+                /* Calculate the index for current q and q-1. */
+                word32 qa = LMS_AUTH_PATH_IDX(q, h);
+                word32 qm1a = LMS_AUTH_PATH_IDX(q - 1, h);
+                /* If different then copy in cached hash. */
+                if ((qa != qm1a) && (qa > maxq)) {
+                    int off = (1 << (params->height - h)) + (qa >> h) - 1;
+                    XMEMCPY(privState->auth_path + h * params->hash_len,
+                        privState->root + off * params->hash_len,
+                        params->hash_len);
+                }
+            }
+            /* Update the treehash and calculate the extra indices for
+             * authentication path. */
+            ret = wc_lms_treehash_update(state, privState, priv_i, priv_seed,
+                q - 1, maxq, q, 1);
+        #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+            if ((ret == 0) && (i > 0)) {
+                w64wrapper tmp64 = w64ShiftRight(q64,
+                    (levels - i) * params->height);
+                w64Increment(&tmp64);
+                tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height));
+                if (!w64IsZero(tmp64)) {
+                    priv_seed = priv_key->next_priv +
+                        i * LMS_PRIV_LEN(params->hash_len) + LMS_Q_LEN;
+                    priv_i = priv_seed + params->hash_len;
+                    privState = &priv_key->next_state[i - 1];
+
+                    ret = wc_lms_treehash_update(state, privState, priv_i,
+                        priv_seed, q, q, 0, 0);
+                }
+            }
+        #endif
+            break;
+        }
+
+        /* Move onto next level's data. */
+        priv -= LMS_PRIV_LEN(params->hash_len);
+    }
+
+    return ret;
+}
+
+#if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1)
+/* Pre-sign for current q so that it isn't needed in signing.
+ *
+ * @param [in, out] state     LMS state.
+ * @param [in, out] priv_key  Private key.
+ */
+static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key)
+{
+    int ret = 0;
+    const LmsParams* params = state->params;
+    byte* buffer = state->buffer;
+    byte pub[LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)];
+    byte* root = pub + LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN) - params->hash_len;
+    byte* priv = priv_key->priv;
+    int i;
+
+    for (i = params->levels - 2; i >= 0; i--) {
+        const byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
+        const byte* priv_q = p;
+        const byte* priv_seed = priv_q + LMS_Q_LEN;
+        const byte* priv_i = priv_seed + params->hash_len;
+
+        /* ... || T(1) */
+        XMEMCPY(root, priv_key->state[i + 1].root, params->hash_len);
+        /* u32str(type) || u32str(otstype) || I || T(1) */
+        p = priv + (i + 1) * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
+        wc_lmots_public_key_encode(params, p, pub);
+
+        /* Setup for hashing: I || Q || ... */
+        XMEMCPY(buffer, priv_i, LMS_I_LEN);
+        XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN);
+
+        /* LM-OTS Sign this level. */
+        ret = wc_lmots_sign(state, priv_seed, pub,
+            LMS_PUBKEY_LEN(params->hash_len),
+            priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len));
+    }
+
+    return ret;
+}
+#endif /* !WOLFSSL_LMS_NO_SIG_CACHE && LMS_MAX_LEVELS > 1 */
+#endif /* !WOLFSSL_WC_LMS_SMALL */
+
+/* Load the private key data into HSS private key structure.
+ *
+ * @param [in]      params     LMS parameters.
+ * @param [in, out] key        HSS private key.
+ * @param [in]      priv_data  Private key data.
+ */
+static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key,
+    byte* priv_data)
+{
+#ifndef WOLFSSL_WC_LMS_SMALL
+    int l;
+#endif
+
+    /* Expanded private keys. */
+    key->priv = priv_data;
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+    for (l = 0; l < params->levels; l++) {
+        /* Caches for subtree. */
+        wc_lms_priv_state_load(params, &key->state[l], priv_data);
+        priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
+            params->cacheBits, params->hash_len);
+    }
+
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+    /* Next subtree's expanded private keys. */
+    key->next_priv = priv_data;
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
+    for (l = 0; l < params->levels - 1; l++) {
+        /* Next subtree's caches. */
+        wc_lms_priv_state_load(params, &key->next_state[l], priv_data);
+        priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
+            params->cacheBits, params->hash_len);
+    }
+#endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */
+
+#ifndef WOLFSSL_LMS_NO_SIG_CACHE
+    /* Signature cache. */
+    key->y = priv_data;
+#endif /* WOLFSSL_LMS_NO_SIG_CACHE */
+#endif /* WOLFSSL_WC_LMS_SMALL */
+}
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+/* Store the private key data from HSS private key structure.
+ *
+ * @param [in]      params     LMS parameters.
+ * @param [in]      key        HSS private key.
+ * @param [in, out] priv_data  Private key data.
+ */
+static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key,
+    byte* priv_data)
+{
+    int l;
+
+    (void)key;
+
+    /* Expanded private keys. */
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
+
+    for (l = 0; l < params->levels; l++) {
+        /* Caches for subtrees. */
+        wc_lms_priv_state_store(params, &key->state[l], priv_data);
+        priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
+            params->cacheBits, params->hash_len);
+    }
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+    /* Next subtree's expanded private keys. */
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
+    for (l = 0; l < params->levels - 1; l++) {
+        /* Next subtree's caches. */
+        wc_lms_priv_state_store(params, &key->next_state[l], priv_data);
+        priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
+            params->cacheBits, params->hash_len);
+    }
+#endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */
+
+#ifndef WOLFSSL_LMS_NO_SIG_CACHE
+    /* Signature cache. */
+#endif /* WOLFSSL_LMS_NO_SIG_CACHE */
+}
+#endif /* WOLFSSL_WC_LMS_SMALL */
+
+/* Expand private key for each level and calculating auth path..
+ *
+ * @param [in, out] state      LMS state.
+ * @param [in]      priv_raw   Raw private key bytes.
+ * @param [out]     priv_key   Private key data.
+ * @param [out]     priv_data  Private key data.
+ * @param [out]     pub_root   Public key root node.
+ * @return  0 on success.
+ */
+int wc_hss_reload_key(LmsState* state, const byte* priv_raw,
+    HssPrivKey* priv_key, byte* priv_data, byte* pub_root)
+{
+    int ret;
+
+    (void)pub_root;
+
+    wc_hss_priv_data_load(state->params, priv_key, priv_data);
+#ifndef WOLFSSL_WC_LMS_SMALL
+    priv_key->inited = 0;
+#endif
+
+    /* Expand the raw private key into the private key data. */
+    ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 0);
+#ifndef WOLFSSL_WC_LMS_SMALL
+    if ((ret == 0) && (!priv_key->inited)) {
+        /* Initialize the authentication paths and caches for all trees. */
+        ret = wc_hss_init_auth_path(state, priv_key, pub_root);
+    #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+        if (ret == 0) {
+            ret = wc_hss_next_subtrees_init(state, priv_key);
+        }
+    #endif
+    #if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1)
+        if (ret == 0) {
+            /* Calculate signatures for trees not at bottom. */
+            ret = wc_hss_presign(state, priv_key);
+        }
+    #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
+        /* Set initialized flag. */
+        priv_key->inited = (ret == 0);
+    }
+#endif /* WOLFSSL_WC_LMS_SMALL */
+
+    return ret;
+}
+
+/* Make an HSS key pair.
+ *
+ * @param [in, out] state      LMS state.
+ * @param [in]      rng        Random number generator.
+ * @param [out]     priv_raw   Private key to write.
+ * @param [out]     priv_key   Private key.
+ * @param [out]     priv_data  Private key data.
+ * @param [out]     pub        Public key.
+ * @return  0 on success.
+ */
+int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
+    HssPrivKey* priv_key, byte* priv_data, byte* pub)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+    int i;
+    byte* p = priv_raw;
+    byte* pub_root = pub + LMS_L_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN;
+
+    /* The 64-bit q starts at 0 - set into raw private key. */
+    wc_lms_idx_zero(p, HSS_Q_LEN);
+    p += HSS_Q_LEN;
+
+    /* Set the LMS and LM-OTS types for each level. */
+    for (i = 0; i < params->levels; i++) {
+        p[i] = ((params->lmsType & LMS_H_W_MASK) << 4) +
+               (params->lmOtsType & LMS_H_W_MASK);
+    }
+    /* Set rest of levels to an invalid value. */
+    for (; i < HSS_MAX_LEVELS; i++) {
+        p[i] = 0xff;
+    }
+    p += HSS_PRIV_KEY_PARAM_SET_LEN;
+
+    /* Make the private key. */
+    ret = wc_lmots_make_private_key(rng, params->hash_len, p);
+
+    if (ret == 0) {
+        /* Set the levels into the public key data. */
+        c32toa(params->levels, pub);
+        pub += LMS_L_LEN;
+
+        ret = wc_hss_reload_key(state, priv_raw, priv_key, priv_data, pub_root);
+    }
+    #ifdef WOLFSSL_WC_LMS_SMALL
+    if (ret == 0) {
+        byte* priv_seed = priv_key->priv + LMS_Q_LEN;
+        byte* priv_i = priv_seed + params->hash_len;
+
+        /* Compute the root of the highest tree to get the root for public key.
+         */
+        ret = wc_lms_make_public_key(state, priv_i, priv_seed, pub_root);
+    }
+    #endif /* !WOLFSSL_WC_LMS_SMALL */
+    if (ret == 0) {
+        /* Encode the public key with remaining fields from the private key. */
+        wc_lmots_public_key_encode(params, priv_key->priv, pub);
+    }
+
+    return ret;
+}
+
+#ifdef WOLFSSL_WC_LMS_SMALL
+/* Sign message using HSS.
+ *
+ * Algorithm 8: Generating an HSS signature
+ *   1. If the message-signing key prv[L-1] is exhausted, regenerate
+ *      that key pair, together with any parent key pairs that might
+ *      be necessary.
+ *      If the root key pair is exhausted, then the HSS key pair is
+ *      exhausted and MUST NOT generate any more signatures.
+ *      d = L
+ *      while (prv[d-1].q == 2^(prv[d-1].h)) {
+ *        d = d - 1
+ *        if (d == 0)
+ *          return FAILURE
+ *      }
+ *      while (d < L) {
+ *        create lms key pair pub[d], prv[d]
+ *        sig[d-1] = lms_signature( pub[d], prv[d-1] )
+ *        d = d + 1
+ *      }
+ *   2. Sign the message.
+ *      sig[L-1] = lms_signature( msg, prv[L-1] )
+ *   3. Create the list of signed public keys.
+ *      i = 0;
+ *      while (i < L-1) {
+ *        signed_pub_key[i] = sig[i] || pub[i+1]
+ *        i = i + 1
+ *      }
+ *   4. Return u32str(L-1) || signed_pub_key[0] || ...
+ *                               || signed_pub_key[L-2] || sig[L-1]
+ *
+ * @param [in, out] state     LMS state.
+ * @param [in, out] priv_raw  Raw private key bytes.
+ * @param [in, out] priv_key  Private key data.
+ * @param [in]      msg       Message to sign.
+ * @param [in]      msgSz     Length of message in bytes.
+ * @param [out]     sig       Signature of message.
+ * @return  0 on success.
+ */
+int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
+    byte* priv_data, const byte* msg, word32 msgSz, byte* sig)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+    byte* priv = priv_key->priv;
+
+    (void)priv_data;
+
+    /* Step 1. Part 2: Check for total key exhaustion. */
+    if (!wc_hss_sigsleft(params, priv_raw)) {
+        ret = KEY_EXHAUSTED_E;
+    }
+
+    if (ret == 0) {
+        /* Expand the raw private key into the private key data. */
+        ret = wc_hss_expand_private_key(state, priv, priv_raw, 0);
+    }
+    if (ret == 0) {
+        int i;
+        w64wrapper q;
+        w64wrapper qm1;
+
+        /* Get 64-bit q from raw private key. */
+        ato64(priv_raw, &q);
+        /* Calculate q-1 for comparison. */
+        qm1 = q;
+        w64Decrement(&qm1);
+
+        /* Set number of signed public keys. */
+        c32toa(params->levels - 1, sig);
+        sig += params->sig_len;
+
+        /* Build from bottom up. */
+        for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) {
+            byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
+            byte* root = NULL;
+
+            /* Move to start of next signature at this level. */
+            sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len);
+            if (i != 0) {
+                /* Put root node into signature at this index. */
+                root = sig - params->hash_len;
+            }
+
+            /* Sign using LMS for this level. */
+            ret = wc_lms_sign(state, p, msg, msgSz, sig);
+            if (ret == 0) {
+                byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + params->hash_len +
+                    params->p * params->hash_len + LMS_TYPE_LEN;
+                byte* priv_q = p;
+                byte* priv_seed = priv_q + LMS_Q_LEN;
+                byte* priv_i = priv_seed + params->hash_len;
+                word32 q32;
+
+                /* Get Q from private key as a number. */
+                ato32(priv_q, &q32);
+                /* Calculate authentication path. */
+                ret = wc_lms_auth_path(state, priv_i, priv_seed, q32, s, root);
+            }
+            if ((ret == 0) && (i != 0)) {
+                /* Create public data for this level if there is another. */
+                sig -= LMS_PUBKEY_LEN(params->hash_len);
+                msg = sig;
+                msgSz = LMS_PUBKEY_LEN(params->hash_len);
+                wc_lmots_public_key_encode(params, p, sig);
+            }
+        }
+    }
+    if (ret == 0) {
+        /* Increment index of leaf node to sign with in raw data. */
+        wc_lms_idx_inc(priv_raw, HSS_Q_LEN);
+    }
+
+    return ret;
+}
+#else
+/* Build signature for HSS signed message.
+ *
+ * Algorithm 8: Generating an HSS signature
+ *   1. ...
+ *      while (prv[d-1].q == 2^(prv[d-1].h)) {
+ *        d = d - 1
+ *        if (d == 0)
+ *          return FAILURE
+ *      }
+ *      while (d < L) {
+ *        create lms key pair pub[d], prv[d]
+ *        sig[d-1] = lms_signature( pub[d], prv[d-1] )
+ *        d = d + 1
+ *      }
+ *   2. Sign the message.
+ *      sig[L-1] = lms_signature( msg, prv[L-1] )
+ *   3. Create the list of signed public keys.
+ *      i = 0;
+ *      while (i < L-1) {
+ *        signed_pub_key[i] = sig[i] || pub[i+1]
+ *        i = i + 1
+ *      }
+ *   4. Return u32str(L-1) || signed_pub_key[0] || ...
+ *                               || signed_pub_key[L-2] || sig[L-1]
+ *
+ * @param [in, out] state      LMS state.
+ * @param [in, out] priv_raw   Raw private key bytes.
+ * @param [in, out] priv_key   Private key data.
+ * @param [in]      msg        Message to sign.
+ * @param [in]      msgSz      Length of message in bytes.
+ * @param [out]     sig        Signature of message.
+ * @return  0 on success.
+ */
+static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
+    HssPrivKey* priv_key, const byte* msg, word32 msgSz, byte* sig)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+    int i;
+    w64wrapper q;
+    w64wrapper qm1;
+    byte* priv = priv_key->priv;
+
+    /* Get 64-bit q from raw private key. */
+    ato64(priv_raw, &q);
+    /* Calculate q-1 for comparison. */
+    qm1 = q;
+    w64Decrement(&qm1);
+
+    /* Set number of signed public keys. */
+    c32toa(params->levels - 1, sig);
+    sig += params->sig_len;
+
+    /* Build from bottom up. */
+    for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) {
+        byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
+        byte* root = NULL;
+    #ifndef WOLFSSL_LMS_NO_SIG_CACHE
+        int store_p = 0;
+        word32 q_32 = LMS_Q_AT_LEVEL(q, params->levels, i,
+            params->height);
+        word32 qm1_32 = LMS_Q_AT_LEVEL(qm1, params->levels, i,
+            params->height);
+    #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
+
+        /* Move to start of next signature at this level. */
+        sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len);
+        if (i != 0) {
+            /* Put root node into signature at this index. */
+            root = sig - params->hash_len;
+        }
+
+    #ifndef WOLFSSL_LMS_NO_SIG_CACHE
+        /* Check if we have a cached version of C and the p hashes that we
+         * can reuse. */
+        if ((i < params->levels - 1) && (q_32 == qm1_32)) {
+            wc_lms_sig_copy(params, priv_key->y +
+                i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), p, sig);
+        }
+        else
+    #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
+        {
+            /* Sign using LMS for this level. */
+            ret = wc_lms_sign(state, p, msg, msgSz, sig);
+        #ifndef WOLFSSL_LMS_NO_SIG_CACHE
+            store_p = (i < params->levels - 1);
+        #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
+        }
+        if (ret == 0) {
+            byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN;
+
+        #ifndef WOLFSSL_LMS_NO_SIG_CACHE
+            /* Check if we computed new C and p hashes. */
+            if (store_p) {
+                /* Cache the C and p hashes. */
+                XMEMCPY(priv_key->y +
+                    i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), s,
+                    LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len));
+            }
+        #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
+            s += params->hash_len + params->p * params->hash_len +
+                LMS_TYPE_LEN;
+
+            /* Copy the authentication path out of the private key. */
+            XMEMCPY(s, priv_key->state[i].auth_path,
+                params->height * params->hash_len);
+            /* Copy the root node into signature unless at top. */
+            if (i != 0) {
+                XMEMCPY(root, priv_key->state[i].root, params->hash_len);
+            }
+        }
+        if ((ret == 0) && (i != 0)) {
+            /* Create public data for this level if there is another. */
+            sig -= LMS_PUBKEY_LEN(params->hash_len);
+            msg = sig;
+            msgSz = LMS_PUBKEY_LEN(params->hash_len);
+            wc_lmots_public_key_encode(params, p, sig);
+        }
+    }
+
+    return ret;
+}
+
+/* Sign message using HSS.
+ *
+ * Algorithm 8: Generating an HSS signature
+ *   1. If the message-signing key prv[L-1] is exhausted, regenerate
+ *      that key pair, together with any parent key pairs that might
+ *      be necessary.
+ *      If the root key pair is exhausted, then the HSS key pair is
+ *      exhausted and MUST NOT generate any more signatures.
+ *      d = L
+ *      while (prv[d-1].q == 2^(prv[d-1].h)) {
+ *        d = d - 1
+ *        if (d == 0)
+ *          return FAILURE
+ *      }
+ *      while (d < L) {
+ *        create lms key pair pub[d], prv[d]
+ *        sig[d-1] = lms_signature( pub[d], prv[d-1] )
+ *        d = d + 1
+ *      }
+ *   2. Sign the message.
+ *      sig[L-1] = lms_signature( msg, prv[L-1] )
+ *   3. Create the list of signed public keys.
+ *      i = 0;
+ *      while (i < L-1) {
+ *        signed_pub_key[i] = sig[i] || pub[i+1]
+ *        i = i + 1
+ *      }
+ *   4. Return u32str(L-1) || signed_pub_key[0] || ...
+ *                               || signed_pub_key[L-2] || sig[L-1]
+ *
+ * @param [in, out] state      LMS state.
+ * @param [in, out] priv_raw   Raw private key bytes.
+ * @param [in, out] priv_key   Private key data.
+ * @param [in, out] priv_data  Private key data.
+ * @param [in]      msg        Message to sign.
+ * @param [in]      msgSz      Length of message in bytes.
+ * @param [out]     sig        Signature of message.
+ * @return  0 on success.
+ */
+int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
+    byte* priv_data, const byte* msg, word32 msgSz, byte* sig)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+
+    /* Validate fixed parameters for static code analyzers. */
+    if ((params->rootLevels == 0) || (params->rootLevels > params->height)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Step 1. Part 2: Check for total key exhaustion. */
+    if ((ret == 0) && (!wc_hss_sigsleft(params, priv_raw))) {
+        ret = KEY_EXHAUSTED_E;
+    }
+
+    if ((ret == 0) && (!priv_key->inited)) {
+        /* Initialize the authentication paths and caches for all trees. */
+        ret = wc_hss_init_auth_path(state, priv_key, NULL);
+    #if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1)
+        if (ret == 0) {
+            ret = wc_hss_presign(state, priv_key);
+        }
+    #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
+        /* Set initialized flag. */
+        priv_key->inited = (ret == 0);
+    }
+    if (ret == 0) {
+        ret = wc_hss_sign_build_sig(state, priv_raw, priv_key, msg, msgSz, sig);
+    }
+    if (ret == 0) {
+        /* Increment index of leaf node to sign with in raw data. */
+        wc_lms_idx_inc(priv_raw, HSS_Q_LEN);
+    }
+    /* Check we will produce another signature. */
+    if ((ret == 0) && wc_hss_sigsleft(params, priv_raw)) {
+        /* Update the expanded private key data. */
+        ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 1);
+        if (ret == 0) {
+            /* Update authentication path and caches for all trees. */
+            ret = wc_hss_update_auth_path(state, priv_key, priv_raw,
+                params->levels);
+        }
+    }
+    if (ret == 0) {
+        /* Store the updated private key data. */
+        wc_hss_priv_data_store(state->params, priv_key, priv_data);
+    }
+
+    return ret;
+}
+#endif
+
+/* Check whether key is exhausted.
+ *
+ * First 8 bytes of raw key is the index.
+ * Check index is less than count of leaf nodes.
+ *
+ * @param [in] params    LMS parameters.
+ * @param [in] priv_raw  HSS raw private key.
+ * @return  1 when signature possible.
+ * @return  0 when private key exhausted.
+ */
+int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw)
+{
+    w64wrapper q;
+    w64wrapper cnt;
+
+    /* Get current q - next leaf index to sign with. */
+    ato64(priv_raw, &q);
+    /* 1 << total_height = total leaf nodes. */
+    cnt = w64ShiftLeft(w64From32(0, 1), params->levels * params->height);
+    /* Check q is less than total leaf node count. */
+    return w64LT(q, cnt);
+}
+#endif /* !WOLFSSL_LMS_VERIFY_ONLY */
+
+/* Verify message using HSS.
+ *
+ * Section 6.3. Signature Verification
+ *  1. Nspk = strTou32(first four bytes of S)
+ *  2. if Nspk+1 is not equal to the number of levels L in pub:
+ *  3.   return INVALID
+ *  4. key = pub
+ *  5. for (i = 0; i < Nspk; i = i + 1) {
+ *  6.   sig = siglist[i]
+ *  7.   msg = publist[i]
+ *  8.   if (lms_verify(msg, key, sig) != VALID):
+ *  9.     return INVALID
+ * 10.   key = msg
+ * 11. }
+ * 12. return lms_verify(message, key, siglist[Nspk])
+ *
+ * @param [in, out] state  LMS state.
+ * @param [in]      pub    HSS public key.
+ * @param [in]      msg    Message to verify.
+ * @param [in]      msgSz  Length of message in bytes.
+ * @param [in]      sig    Signature of message.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E on failure.
+ */
+int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
+    word32 msgSz, const byte* sig)
+{
+    const LmsParams* params = state->params;
+    int ret = 0;
+    word32 nspk;
+    const byte* key = pub + LMS_L_LEN;
+    word32 levels;
+
+    /* Get number of levels from public key. */
+    ato32(pub, &levels);
+    /* Line 1: Get number of signed public keys from signature. */
+    ato32(sig, &nspk);
+    /* Line 6 (First iteration): Move to start of next signature. */
+    sig += LMS_L_LEN;
+
+    /* Line 2: Verify that pub and signature match in levels. */
+    if (nspk + 1 != levels) {
+        /* Line 3: Return invalid signature. */
+        ret = SIG_VERIFY_E;
+    }
+    if (ret == 0) {
+        word32 i;
+
+        /* Line 5: For all but last LMS signature. */
+        for (i = 0; (ret == 0) && (i < nspk); i++) {
+            /* Line 7: Get start of public key in signature. */
+            const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN +
+                params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN +
+                params->height * params->hash_len;
+            /* Line 8: Verify the LMS signature with public key as message. */
+            ret = wc_lms_verify(state, key, pubList,
+                LMS_PUBKEY_LEN(params->hash_len), sig);
+            /* Line 10: Next key is from signature. */
+            key = pubList;
+            /* Line 6: Move to start of next signature. */
+            sig = pubList + LMS_PUBKEY_LEN(params->hash_len);
+        }
+    }
+    if (ret == 0) {
+        /* Line 12: Verify bottom tree with real message. */
+        ret = wc_lms_verify(state, key, msg, msgSz, sig);
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
+
diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
index 0d7bd6e21..e6278fc89 100644
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@@ -1,6 +1,6 @@
 /* wc_pkcs11.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -108,6 +108,8 @@ static CK_OBJECT_CLASS privKeyClass    = CKO_PRIVATE_KEY;
 static CK_OBJECT_CLASS secretKeyClass  = CKO_SECRET_KEY;
 #endif
 
+static CK_OBJECT_CLASS certClass  = CKO_CERTIFICATE;
+
 #ifdef WOLFSSL_DEBUG_PKCS11
 /* Enable logging of PKCS#11 calls and return value. */
 #define PKCS11_RV(op, rv)       pkcs11_rv(op, rv)
@@ -240,6 +242,10 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
                 XSNPRINTF(line, sizeof(line), "%25s: SECRET", type);
                 WOLFSSL_MSG(line);
             }
+            else if (keyClass == CKO_CERTIFICATE) {
+                XSNPRINTF(line, sizeof(line), "%25s: CERTIFICATE", type);
+                WOLFSSL_MSG(line);
+            }
             else
             {
                 XSNPRINTF(line, sizeof(line), "%25s: UNKNOWN (%p)", type,
@@ -531,22 +537,36 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
 static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev,
     const char* tokenName, size_t tokenNameSz)
 {
+    int           ret = -1;
     CK_RV         rv;
     CK_ULONG      slotCnt = 0;
     CK_TOKEN_INFO tinfo;
-    int           slotId = -1;
+    int           index = -1;
+    CK_SLOT_ID*   slot = NULL;
+
     rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt);
     if (rv == CKR_OK) {
-        for (slotId = 0; slotId < (int)slotCnt; slotId++) {
-            rv = dev->func->C_GetTokenInfo(slotId, &tinfo);
+        slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap,
+                                   DYNAMIC_TYPE_TMP_BUFFER);
+        if (slot == NULL)
+            goto out;
+        rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt);
+        if (rv != CKR_OK)
+            goto out;
+        for (index = 0; index < (int)slotCnt; index++) {
+            rv = dev->func->C_GetTokenInfo(slot[index], &tinfo);
             PKCS11_RV("C_GetTokenInfo", rv);
             if (rv == CKR_OK &&
                 XMEMCMP(tinfo.label, tokenName, tokenNameSz) == 0) {
-                return slotId;
+                ret =  (int)slot[index];
+                break;
             }
         }
     }
-    return -1;
+
+out:
+    XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
 }
 
 /* lookup by slotId or tokenName */
@@ -613,9 +633,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
         token->userPinLogin = 0;
     }
 
-    if (slot != NULL) {
-        XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -645,7 +663,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
         tokenNameSz = XSTRLEN(tokenName);
     }
     ret = Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz);
-    if (ret == 0) {
+    if (ret == 0 && userPin != NULL) {
         token->userPin = (CK_UTF8CHAR_PTR)userPin;
         token->userPinSz = (CK_ULONG)userPinSz;
         token->userPinLogin = 1;
@@ -696,7 +714,7 @@ int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev,
     const unsigned char* userPin, int userPinSz)
 {
     int ret = Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz);
-    if (ret == 0) {
+    if (ret == 0 && userPin != NULL) {
         token->userPin = (CK_UTF8CHAR_PTR)userPin;
         token->userPinSz = (CK_ULONG)userPinSz;
         token->userPinLogin = 1;
@@ -947,7 +965,7 @@ static int Pkcs11CreateSecretKey(CK_OBJECT_HANDLE* key, Pkcs11Session* session,
 }
 #endif
 
-#ifndef NO_RSA
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
 /**
  * Create a PKCS#11 object containing the RSA private key data.
  *
@@ -1024,7 +1042,7 @@ static int Pkcs11CreateRsaPrivateKey(CK_OBJECT_HANDLE* privateKey,
 
     return ret;
 }
-#endif
+#endif /* !NO_RSA && WOLFSSL_KEY_GEN */
 
 #ifdef HAVE_ECC
 /**
@@ -1138,8 +1156,7 @@ static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey,
         }
     }
 
-    if (ecPoint != NULL)
-        XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC);
+    XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC);
 
     return ret;
 }
@@ -1355,7 +1372,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                 int keyType;
 
                 ret = Pkcs11HmacTypes(hmac->macType, &mechType, &keyType);
-                if (ret == NOT_COMPILED_IN)
+                if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                     break;
 
                 if (ret == 0)
@@ -1367,7 +1384,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                                                 (unsigned char*)hmac->id,
                                                 hmac->idLen, hmac->label,
                                                 hmac->labelLen, CKA_SIGN);
-                    if (ret == WC_HW_E) {
+                    if (ret == WC_NO_ERR_TRACE(WC_HW_E)) {
                         ret = Pkcs11CreateSecretKey(&privKey, &session,
                                                    CKK_GENERIC_SECRET,
                                                    (unsigned char*)hmac->keyRaw,
@@ -1380,7 +1397,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                 break;
             }
     #endif
-    #ifndef NO_RSA
+    #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
             case PKCS11_KEY_TYPE_RSA: {
                 RsaKey* rsaKey = (RsaKey*)key;
 
@@ -1402,7 +1419,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
     #ifdef HAVE_ECC
             case PKCS11_KEY_TYPE_EC: {
                 ecc_key* eccKey = (ecc_key*)key;
-                int      ret2 = NOT_COMPILED_IN;
+                int      ret2 = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
         #ifndef NO_PKCS11_ECDH
                 if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
@@ -1414,7 +1431,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                     }
                 }
          #endif
-                if (ret == 0 || ret == NOT_COMPILED_IN) {
+                if (ret == 0 || ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
                     /* Try ECDSA mechanism next. */
                     ret2 = Pkcs11MechAvail(&session, CKM_ECDSA);
                     if (ret2 == 0) {
@@ -1428,7 +1445,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                         }
                     }
                     /* OK for this to fail if set for ECDH. */
-                    if (ret == NOT_COMPILED_IN)
+                    if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
                         ret = ret2;
                 }
                 if (ret == 0 && clear)
@@ -1452,7 +1469,8 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
 }
 
 #if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
-           (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC)
+           (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
+           !defined(NO_HMAC) || !defined(NO_CERTS)
 
 /**
  * Find the PKCS#11 object containing key data using template.
@@ -1716,10 +1734,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session,
     if (ret == 0)
         ret = wc_RsaPublicKeyDecodeRaw(mod, modSz, exp, expSz, key);
 
-    if (exp != NULL)
-        XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (mod != NULL)
-        XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -1774,7 +1790,12 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey,
     int     ret;
 
     if (sessionKey) {
+    #ifdef WOLFSSL_KEY_GEN
         ret = Pkcs11CreateRsaPrivateKey(privateKey, session, rsaKey, 0);
+    #else
+        /* RSA Key Generation support not compiled in */
+        ret = NOT_COMPILED_IN;
+    #endif
     }
     else if (rsaKey->labelLen > 0) {
         ret = Pkcs11FindKeyByLabel(privateKey, CKO_PRIVATE_KEY, CKK_RSA,
@@ -1795,6 +1816,84 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey,
     return ret;
 }
 
+/**
+ * Get the hash length associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  -1 if hash type not recognized.
+ * @return  hash length on success.
+ */
+int wc_hash2sz(int hType)
+{
+    switch(hType) {
+    case WC_HASH_TYPE_SHA:
+        return 20;
+    case WC_HASH_TYPE_SHA224:
+        return 24;
+    case WC_HASH_TYPE_SHA256:
+        return 32;
+    case WC_HASH_TYPE_SHA384:
+        return 48;
+    case WC_HASH_TYPE_SHA512:
+        return 64;
+    default:
+        /* unsupported WC_HASH_TYPE_XXXX */
+        return -1;
+    }
+}
+
+/**
+ * Get PKCS11 hash mechanism associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  0 if hash type not recognized.
+ * @return  PKCS11 mechanism on success.
+ */
+CK_MECHANISM_TYPE wc_hash2ckm(int hType)
+{
+    switch(hType) {
+    case WC_HASH_TYPE_SHA:
+        return CKM_SHA_1;
+    case WC_HASH_TYPE_SHA224:
+        return CKM_SHA224;
+    case WC_HASH_TYPE_SHA256:
+        return CKM_SHA256;
+    case WC_HASH_TYPE_SHA384:
+        return CKM_SHA384;
+    case WC_HASH_TYPE_SHA512:
+        return CKM_SHA512;
+    default:
+        /* unsupported WC_HASH_TYPE_XXXX */
+        return 0UL;
+    }
+}
+
+/**
+ * Get PKCS11 MGF hash mechanism associated with the WolfCrypt MGF hash type.
+ *
+ * @param  [in]   mgf   MGF Type.
+ * @return  0 if MGF type not recognized.
+ * @return  PKCS11 MGF hash mechanism on success.
+ */
+CK_MECHANISM_TYPE wc_mgf2ckm(int mgf)
+{
+    switch(mgf) {
+    case WC_MGF1SHA1:
+        return CKG_MGF1_SHA1;
+    case WC_MGF1SHA224:
+        return CKG_MGF1_SHA224;
+    case WC_MGF1SHA256:
+        return CKG_MGF1_SHA256;
+    case WC_MGF1SHA384:
+        return CKG_MGF1_SHA384;
+    case WC_MGF1SHA512:
+        return CKG_MGF1_SHA512;
+    default:
+        /* unsupported WC_MGF1XXXX */
+        return 0x0UL;
+    }
+}
+
 /**
  * Exponentiate the input with the public part of the RSA key.
  * Used in public encrypt and decrypt.
@@ -1808,9 +1907,13 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info,
                             CK_OBJECT_HANDLE key)
 {
     int              ret = 0;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_OAEP_PARAMS oaepParams;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Public Key Operation");
 
@@ -1818,12 +1921,37 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_OAEP) {
+            XMEMSET(&oaepParams, 0, sizeof(oaepParams));
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+            mech.pParameter = &oaepParams;
+            oaepParams.source = CKZ_DATA_SPECIFIED;
+            oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+        }
+#endif
+
         rv = session->func->C_EncryptInit(session->handle, &mech, key);
         PKCS11_RV("C_EncryptInit", rv);
         if (rv != CKR_OK) {
@@ -1861,9 +1989,13 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info,
                             CK_OBJECT_HANDLE key)
 {
     int              ret = 0;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_OAEP_PARAMS oaepParams;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
@@ -1871,12 +2003,37 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_OAEP) {
+            XMEMSET(&oaepParams, 0, sizeof(oaepParams));
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+            mech.pParameter = &oaepParams;
+            oaepParams.source = CKZ_DATA_SPECIFIED;
+            oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+        }
+#endif
+
         rv = session->func->C_DecryptInit(session->handle, &mech, key);
         PKCS11_RV("C_DecryptInit", rv);
         if (rv != CKR_OK) {
@@ -1919,6 +2076,12 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+    CK_MECHANISM_TYPE      mechanism;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_PSS_PARAMS pssParams;
+    int hLen;
+    int saltLen;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
@@ -1926,12 +2089,67 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_PSS:
+        mechanism = CKM_RSA_PKCS_PSS;
+        break;
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+    default:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_PSS) {
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_PSS_PARAMS);
+            mech.pParameter = &pssParams;
+            pssParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            pssParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+
+            saltLen = info->pk.rsa.padding->saltLen;
+            hLen = wc_hash2sz(info->pk.rsa.padding->hash);
+
+            /* Same salt length code as rsa.c */
+            if (saltLen == RSA_PSS_SALT_LEN_DEFAULT)
+                saltLen = hLen;
+#ifndef WOLFSSL_PSS_LONG_SALT
+            else if (saltLen > hLen) {
+                return PSS_SALTLEN_E;
+            }
+#endif
+#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
+            else if (saltLen < RSA_PSS_SALT_LEN_DEFAULT) {
+                return PSS_SALTLEN_E;
+            }
+#else
+            else if (saltLen == RSA_PSS_SALT_LEN_DISCOVER) {
+                saltLen = *(info->pk.rsa.outLen) - hLen - 2;
+                if (saltLen < 0) {
+                    return PSS_SALTLEN_E;
+                }
+            }
+            else if (saltLen < RSA_PSS_SALT_LEN_DISCOVER) {
+                return PSS_SALTLEN_E;
+            }
+#endif
+            if (*(info->pk.rsa.outLen) - hLen < (word32)(saltLen + 2)) {
+                return PSS_SALTLEN_E;
+            }
+
+            pssParams.sLen = saltLen;
+        }
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+
         rv = session->func->C_SignInit(session->handle, &mech, key);
         PKCS11_RV("C_SignInit", rv);
         if (rv != CKR_OK) {
@@ -1970,13 +2188,31 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
     int               ret = 0;
     CK_RV             rv;
     CK_MECHANISM_INFO mechInfo;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     int               sessionKey = 0;
     CK_OBJECT_HANDLE  key;
     RsaKey*           rsaKey = info->pk.rsa.key;
     int               type = info->pk.rsa.type;
 
+    switch(info->pk.type) {
+#ifndef NO_PKCS11_RSA_PKCS
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_PSS:
+        mechanism = CKM_RSA_PKCS_PSS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif /* !NO_PKCS11_RSA_PKCS */
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     /* Check operation is supported. */
-    rv = session->func->C_GetMechanismInfo(session->slotId, CKM_RSA_X_509,
+    rv = session->func->C_GetMechanismInfo(session->slotId, mechanism,
                                                                      &mechInfo);
     PKCS11_RV("C_GetMechanismInfo", rv);
     if (rv != CKR_OK) {
@@ -1996,7 +2232,8 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
             /* Make a handle to a private key. */
             ret = Pkcs11RsaPrivateKey(session, rsaKey, sessionKey, &key);
         }
-
+    }
+    if (ret == 0) {
         if (type == RSA_PUBLIC_ENCRYPT) {
             WOLFSSL_MSG("PKCS#11: Public Encrypt");
             if ((mechInfo.flags & CKF_ENCRYPT) != 0) {
@@ -2008,7 +2245,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
         }
         else if (type == RSA_PUBLIC_DECRYPT) {
             WOLFSSL_MSG("PKCS#11: Public Decrypt");
-            if ((mechInfo.flags & CKF_DECRYPT) != 0) {
+            if ((mechInfo.flags & CKF_ENCRYPT) != 0) {
                 ret = Pkcs11RsaEncrypt(session, info, key);
             }
             else {
@@ -2216,8 +2453,7 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
         }
     }
 
-    if (ecPoint != NULL)
-        XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
+    XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
 
     return ret;
 }
@@ -2300,8 +2536,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session,
         key->type = ECC_PUBLICKEY;
     }
 
-    if (point != NULL)
-        XFREE(point, key->heap, DYNAMIC_TYPE_ECC);
+    XFREE(point, key->heap, DYNAMIC_TYPE_ECC);
 
     return ret;
 }
@@ -2514,7 +2749,7 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
         PRIVATE_KEY_UNLOCK();
         ret = wc_ecc_export_x963(info->pk.ecdh.public_key, NULL, &pointLen);
         PRIVATE_KEY_LOCK();
-        if (ret == LENGTH_ONLY_E) {
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             point = (unsigned char*)XMALLOC(pointLen,
                                                  info->pk.ecdh.public_key->heap,
                                                        DYNAMIC_TYPE_ECC_BUFFER);
@@ -2986,9 +3221,7 @@ static int wc_Pkcs11CheckPrivKey_Rsa(RsaKey* priv,
         wc_FreeRsaKey(pub);
     }
     #ifdef WOLFSSL_SMALL_STACK
-        if (pub != NULL) {
-            XFREE(pub, NULL, DYNAMIC_TYPE_RSA);
-        }
+        XFREE(pub, NULL, DYNAMIC_TYPE_RSA);
     #endif
 
     return ret;
@@ -3133,9 +3366,7 @@ static int wc_Pkcs11CheckPrivKey_Ecc(ecc_key* priv,
         wc_ecc_free(pub);
     }
     #ifdef WOLFSSL_SMALL_STACK
-        if (pub != NULL) {
-            XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
-        }
+        XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
     #endif
 
     return ret;
@@ -3447,7 +3678,7 @@ static int Pkcs11AesCbcEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
 
     if (ret == 0) {
         mech.mechanism      = CKM_AES_CBC;
-        mech.ulParameterLen = AES_BLOCK_SIZE;
+        mech.ulParameterLen = WC_AES_BLOCK_SIZE;
         mech.pParameter     = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg;
 
         rv = session->func->C_EncryptInit(session->handle, &mech, key);
@@ -3523,7 +3754,7 @@ static int Pkcs11AesCbcDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
 
     if (ret == 0) {
         mech.mechanism      = CKM_AES_CBC;
-        mech.ulParameterLen = AES_BLOCK_SIZE;
+        mech.ulParameterLen = WC_AES_BLOCK_SIZE;
         mech.pParameter     = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg;
 
         rv = session->func->C_DecryptInit(session->handle, &mech, key);
@@ -3604,7 +3835,7 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info)
             ret = Pkcs11CreateSecretKey(&key, session, keyType,
                                     (unsigned char*)hmac->keyRaw, hmac->keyLen,
                                     NULL, 0, NULL, 0, CKA_SIGN);
-            if (ret == WC_HW_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_HW_E)) {
                 ret = Pkcs11CreateSecretKey(&key, session, CKK_GENERIC_SECRET,
                                     (unsigned char*)hmac->keyRaw, hmac->keyLen,
                                     NULL, 0, NULL, 0, CKA_SIGN);
@@ -3614,7 +3845,7 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info)
         else if (ret == 0 && hmac->labelLen != 0) {
             ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, keyType, session,
                                        hmac->label, hmac->labelLen);
-            if (ret == WC_HW_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_HW_E)) {
                 ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY,
                                            CKK_GENERIC_SECRET, session,
                                            hmac->label, hmac->labelLen);
@@ -3623,7 +3854,7 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info)
         else if (ret == 0) {
             ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, keyType, session,
                                     hmac->id, hmac->idLen);
-            if (ret == WC_HW_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_HW_E)) {
                 ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY,
                                         CKK_GENERIC_SECRET, session, hmac->id,
                                         hmac->idLen);
@@ -3741,6 +3972,90 @@ static int Pkcs11RandomSeed(Pkcs11Session* session, wc_CryptoInfo* info)
 }
 #endif
 
+#ifndef NO_CERTS
+
+static int Pkcs11GetCert(Pkcs11Session* session, wc_CryptoInfo* info) {
+    int                 ret = 0;
+    CK_RV               rv  = 0;
+    CK_ULONG            count = 0;
+    CK_OBJECT_HANDLE    certHandle = CK_INVALID_HANDLE;
+    byte               *certData = NULL;
+    CK_ATTRIBUTE    certTemplate[2] = {
+        { CKA_CLASS,           &certClass, sizeof(certClass)   }
+    };
+    CK_ATTRIBUTE   tmpl[] = {
+        { CKA_VALUE,         NULL_PTR, 0 }
+    };
+    CK_ULONG        certTmplCnt = sizeof(certTemplate) / sizeof(*certTemplate);
+    CK_ULONG        tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
+
+    WOLFSSL_MSG("PKCS#11: Retrieve certificate");
+    if (info->cert.labelLen > 0) {
+        certTemplate[1].type = CKA_LABEL;
+        certTemplate[1].pValue = (CK_VOID_PTR)info->cert.label;
+        certTemplate[1].ulValueLen = info->cert.labelLen;
+    }
+    else if (info->cert.idLen > 0) {
+        certTemplate[1].type = CKA_ID;
+        certTemplate[1].pValue = (CK_VOID_PTR)info->cert.id;
+        certTemplate[1].ulValueLen = info->cert.idLen;
+    }
+    else {
+        ret = BAD_FUNC_ARG;
+        goto exit;
+    }
+
+    ret = Pkcs11FindKeyByTemplate(
+        &certHandle, session, certTemplate, certTmplCnt, &count);
+    if (ret == 0 && count == 0) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    PKCS11_DUMP_TEMPLATE("Get Certificate Length", tmpl, tmplCnt);
+    rv = session->func->C_GetAttributeValue(
+        session->handle, certHandle, tmpl, tmplCnt);
+    PKCS11_RV("C_GetAttributeValue", rv);
+    if (rv != CKR_OK) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    if (tmpl[0].ulValueLen <= 0) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    certData = (byte *)XMALLOC(
+        (int)tmpl[0].ulValueLen, info->cert.heap, DYNAMIC_TYPE_CERT);
+    if (certData == NULL) {
+        ret = MEMORY_E;
+        goto exit;
+    }
+
+    tmpl[0].pValue = certData;
+    rv = session->func->C_GetAttributeValue(
+        session->handle, certHandle, tmpl, tmplCnt);
+    PKCS11_RV("C_GetAttributeValue", rv);
+    if (rv != CKR_OK) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    *info->cert.certDataOut = certData;
+    *info->cert.certSz = (word32)tmpl[0].ulValueLen;
+    if (info->cert.certFormatOut != NULL) {
+        *info->cert.certFormatOut = CTC_FILETYPE_ASN1;
+    }
+    certData = NULL;
+
+exit:
+    XFREE(certData, info->cert.heap, DYNAMIC_TYPE_CERT);
+    return ret;
+}
+
+#endif /* !NO_CERTS */
+
 /**
  * Perform a cryptographic operation using PKCS#11 device.
  *
@@ -3774,6 +4089,11 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             switch (info->pk.type) {
     #ifndef NO_RSA
                 case WC_PK_TYPE_RSA:
+        #ifdef WOLF_CRYPTO_CB_RSA_PAD
+                case WC_PK_TYPE_RSA_PKCS:
+                case WC_PK_TYPE_RSA_PSS:
+                case WC_PK_TYPE_RSA_OAEP:
+        #endif
                     ret = Pkcs11OpenSession(token, &session, readWrite);
                     if (ret == 0) {
                         ret = Pkcs11Rsa(&session, info);
@@ -3928,6 +4248,17 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             }
     #else
             ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (info->algo_type == WC_ALGO_TYPE_CERT) {
+    #ifndef NO_CERTS
+            ret = Pkcs11OpenSession(token, &session, readWrite);
+            if (ret == 0) {
+                ret = Pkcs11GetCert(&session, info);
+                Pkcs11CloseSession(token, &session);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
     #endif
         }
         else
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index f902cbd0e..a57e54c44 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -1,6 +1,6 @@
 /* port.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,10 @@
     #include <config.h>
 #endif
 
+#ifdef __APPLE__
+    #include <AvailabilityMacros.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -36,16 +40,17 @@
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
-/* IPP header files for library initialization */
-#ifdef HAVE_FAST_RSA
-    #include <ipp.h>
-    #include <ippcp.h>
-#endif
-
 #ifdef FREESCALE_LTC_TFM
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #ifdef WOLFSSL_PSOC6_CRYPTO
     #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
 #endif
@@ -127,6 +132,10 @@
     #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+#endif
+
 #if defined(FREERTOS) && defined(WOLFSSL_ESPIDF)
     #include <freertos/FreeRTOS.h>
     #include <freertos/task.h>
@@ -134,6 +143,13 @@
     #include <pthread.h>
 #endif
 
+#if defined(WOLFSSL_ZEPHYR)
+#if defined(CONFIG_BOARD_NATIVE_POSIX)
+#include "native_rtc.h"
+#define CONFIG_RTC
+#endif
+#endif
+
 /* prevent multiple mutex initializations */
 static volatile int initRefCount = 0;
 
@@ -234,20 +250,6 @@ int wolfCrypt_Init(void)
         }
     #endif
 
-    /* if defined have fast RSA then initialize Intel IPP */
-    #ifdef HAVE_FAST_RSA
-        WOLFSSL_MSG("Attempting to use optimized IPP Library");
-        if ((ret = ippInit()) != ippStsNoErr) {
-            /* possible to get a CPU feature support status on optimized IPP
-              library but still use default library and see competitive speeds */
-            WOLFSSL_MSG("Warning when trying to set up optimization");
-            WOLFSSL_MSG(ippGetStatusString(ret));
-            WOLFSSL_MSG("Using default fast IPP library");
-            ret = 0;
-            (void)ret; /* suppress not read warning */
-        }
-    #endif
-
     #if defined(FREESCALE_LTC_TFM) || defined(FREESCALE_LTC_ECC)
         ret = ksdk_port_init();
         if (ret != 0) {
@@ -256,6 +258,22 @@ int wolfCrypt_Init(void)
         }
     #endif
 
+    /* Crypto Callbacks only works on AES for MAX32666/5 HW */
+    #if defined(MAX3266X_AES) && defined(WOLF_CRYPTO_CB)
+        ret = wc_CryptoCb_RegisterDevice(WOLFSSL_MAX3266X_DEVID, wc_MxcCryptoCb,
+                                            NULL);
+        if(ret != 0) {
+            return ret;
+        }
+    #endif
+    #if defined(MAX3266X_RTC)
+        ret = wc_MXC_RTC_Init();
+        if (ret != 0) {
+            WOLFSSL_MSG("MXC RTC Init Failed");
+            return WC_HW_E;
+        }
+    #endif
+
     #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
         defined(WOLFSSL_ATECC608A)
         ret = atmel_init();
@@ -347,6 +365,13 @@ int wolfCrypt_Init(void)
             return ret;
         }
     #endif
+    #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
+            (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
+        if ((ret = wc_ecc_oid_cache_init()) != 0) {
+            WOLFSSL_MSG("Error creating ECC oid cache");
+            return ret;
+        }
+    #endif
 #endif
 
 #ifdef WOLFSSL_SCE
@@ -392,6 +417,12 @@ int wolfCrypt_Init(void)
         }
         rpcmem_init();
 #endif
+
+#if defined(HAVE_LIBOQS)
+        if ((ret = wolfSSL_liboqsInit()) != 0) {
+            return ret;
+        }
+#endif
     }
     initRefCount++;
 
@@ -432,6 +463,10 @@ int wolfCrypt_Cleanup(void)
     #ifdef ECC_CACHE_CURVE
         wc_ecc_curve_cache_free();
     #endif
+    #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
+            (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
+        wc_ecc_oid_cache_free();
+    #endif
 #endif /* HAVE_ECC */
 
     #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
@@ -503,6 +538,10 @@ int wolfCrypt_Cleanup(void)
     #endif
     }
 
+#if defined(HAVE_LIBOQS)
+    wolfSSL_liboqsClose();
+#endif
+
     return ret;
 }
 
@@ -1002,6 +1041,15 @@ int z_fs_close(XFILE file)
     return ret;
 }
 
+/* Rewind the file pointer to the beginning of the file */
+/* This is not a 'rewind' is not supported in Zephyr so */
+/* use fs_seek to move the file pointer to the beginning of the file */
+/* calling it z_fs_rewind to avoid future conflicts if rewind is added */
+int z_fs_rewind(XFILE file)
+{
+    return fs_seek(file, 0, FS_SEEK_SET);
+}
+
 #endif /* !NO_FILESYSTEM && !WOLFSSL_ZEPHYR */
 
 #if !defined(WOLFSSL_USER_MUTEX)
@@ -1147,10 +1195,10 @@ int wc_strcasecmp(const char *s1, const char *s2)
     for (;;++s1, ++s2) {
         c1 = *s1;
         if ((c1 >= 'a') && (c1 <= 'z'))
-            c1 -= ('a' - 'A');
+            c1 = (char)(c1 - ('a' - 'A'));
         c2 = *s2;
         if ((c2 >= 'a') && (c2 <= 'z'))
-            c2 -= ('a' - 'A');
+            c2 = (char)(c2 - ('a' - 'A'));
         if ((c1 != c2) || (c1 == 0))
             break;
     }
@@ -1165,10 +1213,10 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n)
     for (c1 = 0, c2 = 0; n > 0; --n, ++s1, ++s2) {
         c1 = *s1;
         if ((c1 >= 'a') && (c1 <= 'z'))
-            c1 -= ('a' - 'A');
+            c1 = (char)(c1 - ('a' - 'A'));
         c2 = *s2;
         if ((c2 >= 'a') && (c2 <= 'z'))
-            c2 -= ('a' - 'A');
+            c2 = (char)(c2 - ('a' - 'A'));
         if ((c1 != c2) || (c1 == 0))
             break;
     }
@@ -1176,7 +1224,24 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n)
 }
 #endif /* USE_WOLF_STRNCASECMP */
 
-#ifdef WOLFSSL_ATOMIC_OPS
+#ifdef USE_WOLF_STRDUP
+char* wc_strdup_ex(const char *src, int memType) {
+    char *ret = NULL;
+    word32 len = 0;
+
+    if (src) {
+        len = (word32)XSTRLEN(src) + 1; /* Add one for null terminator */
+        ret = (char*)XMALLOC(len, NULL, memType);
+        if (ret != NULL) {
+            XMEMCPY(ret, src, len);
+        }
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
 
 #ifdef HAVE_C___ATOMIC
 /* Atomic ops using standard C lib */
@@ -1236,8 +1301,9 @@ int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i)
 
 #endif /* WOLFSSL_ATOMIC_OPS */
 
-#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_ATOMIC_OPS)
-void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err)
+#if !defined(SINGLE_THREADED)
+
+void wolfSSL_RefWithMutexInit(wolfSSL_RefWithMutex* ref, int* err)
 {
     int ret = wc_InitMutex(&ref->mutex);
     if (ret != 0) {
@@ -1248,14 +1314,14 @@ void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err)
     *err = ret;
 }
 
-void wolfSSL_RefFree(wolfSSL_Ref* ref)
+void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref)
 {
     if (wc_FreeMutex(&ref->mutex) != 0) {
         WOLFSSL_MSG("Failed to free mutex of reference counting!");
     }
 }
 
-void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err)
+void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref, int* err)
 {
     int ret = wc_LockMutex(&ref->mutex);
     if (ret != 0) {
@@ -1268,7 +1334,17 @@ void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err)
     *err = ret;
 }
 
-void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err)
+int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref)
+{
+    return wc_LockMutex(&ref->mutex);
+}
+
+int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref)
+{
+    return wc_UnLockMutex(&ref->mutex);
+}
+
+void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref, int* isZero, int* err)
 {
     int ret = wc_LockMutex(&ref->mutex);
     if (ret != 0) {
@@ -1285,29 +1361,32 @@ void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err)
     }
     *err = ret;
 }
-#endif
+#endif /* ! SINGLE_THREADED */
 
 #if WOLFSSL_CRYPT_HW_MUTEX
 /* Mutex for protection of cryptography hardware */
-static wolfSSL_Mutex wcCryptHwMutex;
+static wolfSSL_Mutex wcCryptHwMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwMutex);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
 static int wcCryptHwMutexInit = 0;
+#endif
 
 int wolfSSL_CryptHwMutexInit(void)
 {
     int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
     if (wcCryptHwMutexInit == 0) {
         ret = wc_InitMutex(&wcCryptHwMutex);
         if (ret == 0) {
             wcCryptHwMutexInit = 1;
         }
     }
+#endif
     return ret;
 }
 int wolfSSL_CryptHwMutexLock(void)
 {
-    int ret = BAD_MUTEX_E;
     /* Make sure HW Mutex has been initialized */
-    ret = wolfSSL_CryptHwMutexInit();
+    int ret = wolfSSL_CryptHwMutexInit();
     if (ret == 0) {
         ret = wc_LockMutex(&wcCryptHwMutex);
     }
@@ -1315,15 +1394,206 @@ int wolfSSL_CryptHwMutexLock(void)
 }
 int wolfSSL_CryptHwMutexUnLock(void)
 {
-    int ret = BAD_MUTEX_E;
     if (wcCryptHwMutexInit) {
-        ret = wc_UnLockMutex(&wcCryptHwMutex);
+        return wc_UnLockMutex(&wcCryptHwMutex);
+    }
+    else {
+        return BAD_MUTEX_E;
     }
-    return ret;
 }
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
 
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+/* Mutex for protection of cryptography hardware */
+#ifndef NO_RNG_MUTEX
+static wolfSSL_Mutex wcCryptHwRngMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static wolfSSL_Mutex wcCryptHwAesMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static wolfSSL_Mutex wcCryptHwHashMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static wolfSSL_Mutex wcCryptHwPkMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
+#endif /* NO_PK_MUTEX */
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+#ifndef NO_RNG_MUTEX
+static int wcCryptHwRngMutexInit = 0;
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static int wcCryptHwAesMutexInit = 0;
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static int wcCryptHwHashMutexInit = 0;
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static int wcCryptHwPkMutexInit = 0;
+#endif /* NO_PK_MUTEX */
+#endif /* WOLFSSL_MUTEX_INITIALIZER */
+
+
+/* Allows ability to switch to different mutex based on enum type */
+/* hw_mutex_algo, expects the dereferenced Ptrs to be set to NULL */
+static int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr,
+                                int** wcHwAlgoInitPtr)
+{
+    if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) {
+        return BAD_FUNC_ARG;
+    }
+    switch (hwAlgo) {
+        #ifndef NO_RNG_MUTEX
+        case rng_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwRngMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit;
+            break;
+        #endif
+        #ifndef NO_AES_MUTEX
+        case aes_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwAesMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit;
+            break;
+        #endif
+        #ifndef NO_HASH_MUTEX
+        case hash_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwHashMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit;
+            break;
+        #endif
+        #ifndef NO_PK_MUTEX
+        case pk_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwPkMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit;
+            break;
+        #endif
+        default:
+            return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+static int hwAlgoMutexInit(hw_mutex_algo hwAlgo)
+{
+    int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    if (*wcHwAlgoInitPtr == 0) {
+        ret = wc_InitMutex(wcHwAlgoMutexPtr);
+        if (ret == 0) {
+            *wcHwAlgoInitPtr = 1;
+        }
+    }
+#endif
+    return ret;
+}
+
+static int hwAlgoMutexLock(hw_mutex_algo hwAlgo)
+{
+    /* Make sure HW Mutex has been initialized */
+    int ret = 0;
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = hwAlgoMutexInit(hwAlgo);
+    if (ret == 0) {
+        ret = wc_LockMutex(wcHwAlgoMutexPtr);
+    }
+    return ret;
+}
+
+static int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo)
+{
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) {
+        return BAD_FUNC_ARG;
+    }
+    if (*wcHwAlgoInitPtr) {
+        return wc_UnLockMutex(wcHwAlgoMutexPtr);
+    }
+    else {
+        return BAD_MUTEX_E;
+    }
+}
+
+/* Wrap around generic hwAlgo* functions and use correct */
+/* global mutex to determine if it can be unlocked/locked */
+#ifndef NO_RNG_MUTEX
+int wolfSSL_HwRngMutexInit(void)
+{
+    return hwAlgoMutexInit(rng_mutex);
+}
+int wolfSSL_HwRngMutexLock(void)
+{
+    return hwAlgoMutexLock(rng_mutex);
+}
+int wolfSSL_HwRngMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(rng_mutex);
+}
+#endif /* NO_RNG_MUTEX */
+
+#ifndef NO_AES_MUTEX
+int wolfSSL_HwAesMutexInit(void)
+{
+    return hwAlgoMutexInit(aes_mutex);
+}
+int wolfSSL_HwAesMutexLock(void)
+{
+    return hwAlgoMutexLock(aes_mutex);
+}
+int wolfSSL_HwAesMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(aes_mutex);
+}
+#endif /* NO_AES_MUTEX */
+
+#ifndef NO_HASH_MUTEX
+int wolfSSL_HwHashMutexInit(void)
+{
+    return hwAlgoMutexInit(hash_mutex);
+}
+int wolfSSL_HwHashMutexLock(void)
+{
+    return hwAlgoMutexLock(hash_mutex);
+}
+int wolfSSL_HwHashMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(hash_mutex);
+}
+#endif /* NO_HASH_MUTEX */
+
+#ifndef NO_PK_MUTEX
+int wolfSSL_HwPkMutexInit(void)
+{
+    return hwAlgoMutexInit(pk_mutex);
+}
+int wolfSSL_HwPkMutexLock(void)
+{
+    return hwAlgoMutexLock(pk_mutex);
+}
+int wolfSSL_HwPkMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(pk_mutex);
+}
+#endif /* NO_PK_MUTEX */
+
+#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* ---------------------------------------------------------------------------*/
 /* Mutex Ports */
 /* ---------------------------------------------------------------------------*/
@@ -1396,6 +1666,99 @@ int wolfSSL_CryptHwMutexUnLock(void)
         return 0;
     }
 
+#elif defined(__WATCOMC__)
+
+    int wc_InitMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosCreateMutexSem( NULL, m, 0, FALSE );
+    #elif defined(__NT__)
+        InitializeCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_init(m, NULL) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wc_FreeMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosCloseMutexSem(*m);
+    #elif defined(__NT__)
+        DeleteCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_destroy(m) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wc_LockMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosRequestMutexSem(*m, SEM_INDEFINITE_WAIT);
+    #elif defined(__NT__)
+        EnterCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_lock(m) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wc_UnLockMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosReleaseMutexSem(*m);
+    #elif defined(__NT__)
+        LeaveCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_unlock(m) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    #if defined(WOLFSSL_USE_RWLOCK) && defined(__LINUX__)
+
+    int wc_InitRwLock(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_init(m, NULL) )
+             return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_FreeRwLock(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_destroy(m) )
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_LockRwLock_Wr(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_wrlock(m) )
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_LockRwLock_Rd(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_rdlock(m) )
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_UnLockRwLock(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_unlock(m) == 0)
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    #endif
+
 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \
   defined(FREESCALE_FREE_RTOS)
 
@@ -1532,7 +1895,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
     static void destruct_key(void *buf)
     {
         if (buf != NULL) {
-            free(buf);
+            XFREE(buf, NULL, DYNAMIC_TYPE_OS_BUF);
         }
     }
 
@@ -1661,7 +2024,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
         key_ptr = pthread_getspecific(key_own_hw_mutex);
         if (key_ptr == NULL) {
-            key_ptr = malloc(sizeof(int));
+            key_ptr = XMALLOC(sizeof(int), NULL, DYNAMIC_TYPE_OS_BUF);
             if (key_ptr == NULL) {
                 return MEMORY_E;
             }
@@ -1701,9 +2064,8 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int maxq_CryptHwMutexTryLock()
     {
-        int ret = BAD_MUTEX_E;
         /* Make sure HW Mutex has been initialized */
-        ret = wolfSSL_CryptHwMutexInit();
+        int ret = wolfSSL_CryptHwMutexInit();
         if (ret == 0) {
             ret = maxq_LockMutex(&wcCryptHwMutex, 1);
         }
@@ -2162,6 +2524,10 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_InitMutex(wolfSSL_Mutex* m)
     {
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2))
+        if (wolfCrypt_GetMode_fips() == FIPS_MODE_INIT)
+            return 0;
+    #endif
         if (_mutex_init(m, NULL) == MQX_EOK)
             return 0;
         else
@@ -2178,6 +2544,13 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_LockMutex(wolfSSL_Mutex* m)
     {
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2))
+        if (m->VALID != MUTEX_VALID) {
+            if (_mutex_init(m, NULL) != MQX_EOK)
+                return BAD_MUTEX_E;
+        }
+    #endif
+
         if (_mutex_lock(m) == MQX_EOK)
             return 0;
         else
@@ -2186,6 +2559,13 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_UnLockMutex(wolfSSL_Mutex* m)
     {
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2))
+        if (m->VALID != MUTEX_VALID) {
+            if (_mutex_init(m, NULL) != MQX_EOK)
+                return BAD_MUTEX_E;
+        }
+    #endif
+
         if (_mutex_unlock(m) == MQX_EOK)
             return 0;
         else
@@ -2450,7 +2830,9 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
 #elif defined(WOLFSSL_CMSIS_RTOS)
 
-    #define CMSIS_NMUTEX 10
+    #ifndef CMSIS_NMUTEX
+        #define CMSIS_NMUTEX 10
+    #endif
     osMutexDef(wolfSSL_mt0);  osMutexDef(wolfSSL_mt1);  osMutexDef(wolfSSL_mt2);
     osMutexDef(wolfSSL_mt3);  osMutexDef(wolfSSL_mt4);  osMutexDef(wolfSSL_mt5);
     osMutexDef(wolfSSL_mt6);  osMutexDef(wolfSSL_mt7);  osMutexDef(wolfSSL_mt8);
@@ -3124,6 +3506,9 @@ time_t mqx_time(time_t* timer)
 
 #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */
 
+#if defined(MAX3266X_RTC)
+    #define XTIME wc_MXC_RTC_Time
+#endif
 
 #if defined(WOLFSSL_TIRTOS) && defined(USER_TIME)
 
@@ -3176,6 +3561,21 @@ time_t z_time(time_t * timer)
 
     #if defined(CONFIG_RTC) && \
         (defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC))
+
+    #if defined(CONFIG_BOARD_NATIVE_POSIX)
+
+    /* When using native sim, get time from simulator rtc */
+    uint32_t nsec = 0;
+    uint64_t sec = 0;
+    native_rtc_gettime(RTC_CLOCK_PSEUDOHOSTREALTIME, &nsec, &sec);
+
+    if (timer != NULL)
+        *timer = sec;
+
+    return sec;
+
+    #else
+
     /* Try to obtain the actual time from an RTC */
     static const struct device *rtc = DEVICE_DT_GET(DT_NODELABEL(rtc));
 
@@ -3194,6 +3594,7 @@ time_t z_time(time_t * timer)
             return epochTime;
         }
     }
+    #endif /* defined(CONFIG_BOARD_NATIVE_POSIX) */
     #endif
 
     /* Fallback to uptime since boot. This works for relative times, but
@@ -3336,7 +3737,8 @@ time_t stm32_hal_time(time_t *t1)
 
 #endif /* !NO_ASN_TIME */
 
-#if !defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)
+#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \
+    defined(USE_WOLF_STRNSTR)
 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 {
     unsigned int s2_len = (unsigned int)XSTRLEN(s2);
@@ -3356,6 +3758,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 }
 #endif
 
+
 /* custom memory wrappers */
 #ifdef WOLFSSL_NUCLEUS_1_2
 
@@ -3433,7 +3836,214 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 #ifndef SINGLE_THREADED
 
 /* Environment-specific multi-thread implementation check  */
-#if defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS)
+#if defined(__WATCOMC__)
+
+    int wolfSSL_NewThread(THREAD_TYPE* thread,
+        THREAD_CB cb, void* arg)
+    {
+        if (thread == NULL || cb == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        *thread = _beginthread(cb, NULL, 0, arg);
+        if (*thread == INVALID_THREAD_VAL) {
+            return MEMORY_E;
+        }
+    #elif defined(__NT__)
+        /* Use _beginthreadex instead of _beginthread because of:
+         *   _beginthreadex is safer to use than _beginthread. If the thread
+         *   that's generated by _beginthread exits quickly, the handle that's
+         *   returned to the caller of _beginthread might be invalid or point
+         *   to another thread. However, the handle that's returned by
+         *   _beginthreadex has to be closed by the caller of _beginthreadex,
+         *   so it's guaranteed to be a valid handle if _beginthreadex didn't
+         *   return an error.*/
+        *thread = _beginthreadex(NULL, 0, cb, arg, 0, NULL);
+        if (*thread == 0) {
+            *thread = INVALID_THREAD_VAL;
+            return MEMORY_E;
+        }
+    #elif defined(__LINUX__)
+        if (pthread_create(thread, NULL, cb, arg))
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_JoinThread(THREAD_TYPE thread)
+    {
+        int ret = 0;
+
+        if (thread == INVALID_THREAD_VAL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        DosWaitThread(&thread, DCWW_WAIT);
+    #elif defined(__NT__)
+        /* We still want to attempt to close the thread handle even on error */
+        if (WaitForSingleObject((HANDLE)thread, INFINITE) == WAIT_FAILED)
+            ret = MEMORY_E;
+        if (CloseHandle((HANDLE)thread) == 0)
+            ret = MEMORY_E;
+    #elif defined(__LINUX__)
+        if (pthread_join(thread, NULL) != 0)
+            ret = MEMORY_E;
+    #endif
+        return ret;
+    }
+
+    #if defined(WOLFSSL_THREAD_NO_JOIN)
+    int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg)
+    {
+        THREAD_TYPE thread;
+        int ret = 0;
+
+        if (cb == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        thread = _beginthread(cb, NULL, 0, arg);
+        if (thread == INVALID_THREAD_VAL)
+            ret = MEMORY_E;
+    #elif defined(__NT__)
+        thread = _beginthread(cb, 0, arg);
+        if (thread == -1L)
+            ret = MEMORY_E;
+    #elif defined(__LINUX__)
+        XMEMSET(&thread, 0, sizeof(thread));
+        ret = wolfSSL_NewThread(&thread, cb, arg);
+        if (ret == 0)
+            ret = pthread_detach(thread);
+    #endif
+        return ret;
+    }
+    #endif
+
+    #ifdef WOLFSSL_COND
+    int wolfSSL_CondInit(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        DosCreateMutexSem( NULL, &cond->mutex, 0, FALSE );
+        DosCreateEventSem( NULL, &cond->cond, DCE_POSTONE, FALSE );
+    #elif defined(__NT__)
+        cond->cond = CreateEventA(NULL, FALSE, FALSE, NULL);
+        if (cond->cond == NULL)
+            return MEMORY_E;
+
+        if (wc_InitMutex(&cond->mutex) != 0) {
+            if (CloseHandle(cond->cond) == 0)
+                return MEMORY_E;
+            return MEMORY_E;
+        }
+    #elif defined(__LINUX__)
+        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
+            return MEMORY_E;
+
+        if (pthread_cond_init(&cond->cond, NULL) != 0) {
+            /* Keep compilers happy that we are using the return code */
+            if (pthread_mutex_destroy(&cond->mutex) != 0)
+                return MEMORY_E;
+            return MEMORY_E;
+        }
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondFree(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        DosCloseMutexSem(cond->mutex);
+        DosCloseEventSem(cond->cond);
+    #elif defined(__NT__)
+        if (CloseHandle(cond->cond) == 0)
+            return MEMORY_E;
+    #elif defined(__LINUX__)
+        if (pthread_mutex_destroy(&cond->mutex) != 0)
+            return MEMORY_E;
+
+        if (pthread_cond_destroy(&cond->cond) != 0)
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondStart(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_mutex_lock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondSignal(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        if (SetEvent(cond->cond) == 0)
+            return MEMORY_E;
+
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_cond_signal(&cond->cond) != 0)
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondWait(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        if (WaitForSingleObject(cond->cond, INFINITE) == WAIT_FAILED)
+            return MEMORY_E;
+
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondEnd(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_mutex_unlock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+    #endif /* WOLFSSL_COND */
+
+
+#elif defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS) && \
+    !defined(_WIN32_WCE)
     int wolfSSL_NewThread(THREAD_TYPE* thread,
         THREAD_CB cb, void* arg)
     {
@@ -3630,7 +4240,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         XMEMSET(thread, 0, sizeof(*thread));
 
         thread->threadStack = (void *)XMALLOC(WOLFSSL_NETOS_STACK_SZ, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER);
+                DYNAMIC_TYPE_OS_BUF);
         if (thread->threadStack == NULL)
             return MEMORY_E;
 
@@ -3648,11 +4258,11 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
                            "wolfSSL thread",
                            (entry_functionType)cb, (ULONG)arg,
                            thread->threadStack,
-                           TESTSUITE_THREAD_STACK_SZ,
+                           WOLFSSL_NETOS_STACK_SZ,
                            2, 2,
                            1, TX_AUTO_START);
         if (result != TX_SUCCESS) {
-            free(thread->threadStack);
+            XFREE(thread->threadStack, NULL, DYNAMIC_TYPE_OS_BUF);
             thread->threadStack = NULL;
             return MEMORY_E;
         }
@@ -3663,18 +4273,20 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     int wolfSSL_JoinThread(THREAD_TYPE thread)
     {
         /* TODO: maybe have to use tx_thread_delete? */
-        free(thread.threadStack);
+        XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_OS_BUF);
         thread.threadStack = NULL;
         return 0;
     }
 
 #elif defined(WOLFSSL_ZEPHYR)
 
+    void* wolfsslThreadHeapHint = NULL;
+
     int wolfSSL_NewThread(THREAD_TYPE* thread,
         THREAD_CB cb, void* arg)
     {
         #ifndef WOLFSSL_ZEPHYR_STACK_SZ
-            #define WOLFSSL_ZEPHYR_STACK_SZ (24*1024)
+            #define WOLFSSL_ZEPHYR_STACK_SZ (48*1024)
         #endif
 
         if (thread == NULL || cb == NULL)
@@ -3682,21 +4294,35 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
         XMEMSET(thread, 0, sizeof(*thread));
 
+        thread->tid = (struct k_thread*)XMALLOC(
+                Z_KERNEL_STACK_SIZE_ADJUST(sizeof(struct k_thread)),
+                wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER);
+        if (thread->tid == NULL) {
+            WOLFSSL_MSG("error: XMALLOC thread->tid failed");
+            return MEMORY_E;
+        }
+
         /* TODO: Use the following once k_thread_stack_alloc makes it into a
          * release.
          * thread->threadStack = k_thread_stack_alloc(WOLFSSL_ZEPHYR_STACK_SZ,
          *                                            0);
          */
         thread->threadStack = (void*)XMALLOC(
-                Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), 0,
-                                             DYNAMIC_TYPE_TMP_BUFFER);
-        if (thread->threadStack == NULL)
+                Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ),
+                wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER);
+        if (thread->threadStack == NULL) {
+            XFREE(thread->tid, wolfsslThreadHeapHint,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+            thread->tid = NULL;
+
+            WOLFSSL_MSG("error: XMALLOC thread->threadStack failed");
             return MEMORY_E;
+        }
 
         /* k_thread_create does not return any error codes */
         /* Casting to k_thread_entry_t should be fine since we just ignore the
          * extra arguments being passed in */
-        k_thread_create(&thread->tid, thread->threadStack,
+        k_thread_create(thread->tid, thread->threadStack,
                 WOLFSSL_ZEPHYR_STACK_SZ, (k_thread_entry_t)cb, arg, NULL, NULL,
                 5, 0, K_NO_WAIT);
 
@@ -3708,17 +4334,22 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         int ret = 0;
         int err;
 
-        err = k_thread_join(&thread.tid, K_FOREVER);
+        err = k_thread_join(thread.tid, K_FOREVER);
         if (err != 0)
             ret = MEMORY_E;
 
+        XFREE(thread.tid, wolfsslThreadHeapHint,
+                DYNAMIC_TYPE_TMP_BUFFER);
+        thread.tid = NULL;
+
         /* TODO: Use the following once k_thread_stack_free makes it into a
          * release.
          * err = k_thread_stack_free(thread.threadStack);
          * if (err != 0)
          *     ret = MEMORY_E;
          */
-        XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(thread.threadStack, wolfsslThreadHeapHint,
+                DYNAMIC_TYPE_TMP_BUFFER);
         thread.threadStack = NULL;
 
         /* No thread resources to free. Everything is stored in thread.tid */
@@ -3771,86 +4402,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     }
 
 #ifdef WOLFSSL_COND
-    #ifndef __MACH__
-    /* Generic POSIX conditional */
-    int wolfSSL_CondInit(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
-            return MEMORY_E;
-
-        if (pthread_cond_init(&cond->cond, NULL) != 0) {
-            /* Keep compilers happy that we are using the return code */
-            if (pthread_mutex_destroy(&cond->mutex) != 0)
-                return MEMORY_E;
-            return MEMORY_E;
-        }
-
-        return 0;
-    }
-
-    int wolfSSL_CondFree(COND_TYPE* cond)
-    {
-        int ret = 0;
-
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_destroy(&cond->mutex) != 0)
-            ret = MEMORY_E;
-
-        if (pthread_cond_destroy(&cond->cond) != 0)
-            ret = MEMORY_E;
-
-        return ret;
-    }
-
-    int wolfSSL_CondStart(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_lock(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
-
-        return 0;
-    }
-
-    int wolfSSL_CondSignal(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_cond_signal(&cond->cond) != 0)
-            return MEMORY_E;
-
-        return 0;
-    }
-
-    int wolfSSL_CondWait(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
-            return MEMORY_E;
-
-        return 0;
-    }
-
-    int wolfSSL_CondEnd(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_unlock(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
-
-        return 0;
-    }
-    #else /* __MACH__ */
+    #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \
+        && !defined(__ppc__)
     /* Apple style dispatch semaphore */
     int wolfSSL_CondInit(COND_TYPE* cond)
     {
@@ -3942,9 +4495,100 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
         return 0;
     }
+
+    #else /* Generic POSIX conditional */
+
+    int wolfSSL_CondInit(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
+            return MEMORY_E;
+
+        if (pthread_cond_init(&cond->cond, NULL) != 0) {
+            /* Keep compilers happy that we are using the return code */
+            if (pthread_mutex_destroy(&cond->mutex) != 0)
+                return MEMORY_E;
+            return MEMORY_E;
+        }
+
+        return 0;
+    }
+
+    int wolfSSL_CondFree(COND_TYPE* cond)
+    {
+        int ret = 0;
+
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_destroy(&cond->mutex) != 0)
+            ret = MEMORY_E;
+
+        if (pthread_cond_destroy(&cond->cond) != 0)
+            ret = MEMORY_E;
+
+        return ret;
+    }
+
+    int wolfSSL_CondStart(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_lock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        return 0;
+    }
+
+    int wolfSSL_CondSignal(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_cond_signal(&cond->cond) != 0)
+            return MEMORY_E;
+
+        return 0;
+    }
+
+    int wolfSSL_CondWait(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
+            return MEMORY_E;
+
+        return 0;
+    }
+
+    int wolfSSL_CondEnd(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_unlock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        return 0;
+    }
+
     #endif /* __MACH__ */
 #endif /* WOLFSSL_COND */
 
 #endif /* Environment check */
 
 #endif /* not SINGLE_THREADED */
+
+#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \
+    defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE)
+noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr,
+                                   __le32 *updptr, int nr_inst)
+{
+    return (wolfssl_linuxkm_get_pie_redirect_table()->
+            alt_cb_patch_nops)(alt, origptr, updptr, nr_inst);
+}
+#endif
diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c
index 545b531ce..7e08be2f5 100644
--- a/wolfcrypt/src/wc_xmss.c
+++ b/wolfcrypt/src/wc_xmss.c
@@ -1,6 +1,6 @@
 /* wc_xmss.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,8 +19,1654 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef WOLFSSL_HAVE_XMSS
-    #error "Contact wolfSSL to get the implementation of this file"
+#include <wolfssl/wolfcrypt/wc_xmss.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
 #endif
+
+
+/***************************
+ * DIGEST init and free.
+ ***************************/
+
+/* Initialize the digest algorithm to use.
+ *
+ * @param [in, out] state  XMSS/MT state including digest and parameters.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when digest algorithm not supported.
+ * @return  Other negative when digest algorithm initialization failed.
+ */
+static int wc_xmss_digest_init(XmssState* state)
+{
+    int ret;
+    word8 hash = state->params->hash;
+
+#ifdef WC_XMSS_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+        ret = wc_InitSha256(&state->digest.sha256);
+    }
+    else
+#endif
+#ifdef WC_XMSS_SHA512
+    if (hash == WC_HASH_TYPE_SHA512) {
+        ret = wc_InitSha512(&state->digest.sha512);
+    }
+    else
+#endif
+#ifdef WC_XMSS_SHAKE128
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+        ret = wc_InitShake128(&state->digest.shake, NULL, INVALID_DEVID);
+    }
+    else
+#endif
+#ifdef WC_XMSS_SHAKE256
+    if (hash == WC_HASH_TYPE_SHAKE256) {
+        ret = wc_InitShake256(&state->digest.shake, NULL, INVALID_DEVID);
+    }
+    else
+#endif
+    {
+        ret = NOT_COMPILED_IN;
+    }
+
+    return ret;
+}
+/* Free the digest algorithm.
+ *
+ * @param [in, out] state  XMSS/MT state including digest and parameters.
+ */
+static void wc_xmss_digest_free(XmssState* state)
+{
+    word8 hash = state->params->hash;
+
+#ifdef WC_XMSS_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+        wc_Sha256Free(&state->digest.sha256);
+    }
+    else
+#endif
+#ifdef WC_XMSS_SHA512
+    if (hash == WC_HASH_TYPE_SHA512) {
+        wc_Sha512Free(&state->digest.sha512);
+    }
+    else
+#endif
+#ifdef WC_XMSS_SHAKE128
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+        wc_Shake128_Free(&state->digest.shake);
+    }
+    else
+#endif
+#ifdef WC_XMSS_SHAKE256
+    if (hash == WC_HASH_TYPE_SHAKE256) {
+        wc_Shake256_Free(&state->digest.shake);
+    }
+    else
+#endif
+    {
+        /* Do nothing. */
+    }
+}
+
+/* Initialize the XMSS/MT state.
+ *
+ * @param [in, out] state   XMSS/MT state including digest and parameters.
+ * @param [in]      params  Parameters for key.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when digest algorithm not supported.
+ * @return  Other negative when digest algorithm initialization failed.
+ */
+static WC_INLINE int wc_xmss_state_init(XmssState* state,
+    const XmssParams* params)
+{
+    state->params = params;
+    state->ret = 0;
+    return wc_xmss_digest_init(state);
+}
+
+/* Free the XMSS/MT state.
+ *
+ * @param [in, out] state  XMSS/MT state including digest and parameters.
+ */
+static WC_INLINE void wc_xmss_state_free(XmssState* state)
+{
+    wc_xmss_digest_free(state);
+}
+
+
+/***************************
+ * XMSS PARAMS
+ ***************************/
+
+/* Map of XMSS/MT string name to OID.
+ */
+typedef struct wc_XmssString {
+    /* Name of algorithm as a string. */
+    const char* str;
+    /* OID for algorithm. */
+    word32 oid;
+    /* XMSS parameters. */
+    XmssParams params;
+} wc_XmssString;
+
+#ifndef WOLFSSL_WC_XMSS_SMALL
+
+/* Size of BDS State encoded numbers - offset=1, next=3. */
+#define XMSS_BDS_NUMS_SZ      4
+/* Size of treehash encoding - nextIdx=3, completed|used=1. */
+#define XMSS_TREEHASH_SZ      4
+
+/* Calculate Secret key length.
+ *
+ * See wc_xmss_bds_state_save() and wc_xmss_bds_state_load().
+ *
+ * SK = idx || wots_sk || SK_PRF || root || SEED || BDSs || OTHER
+ * BDSs = (2 * depth - 1) * BDS
+ * BDS = stack || height || authPath || keep || nodes || retain ||
+ *       offset || next || TREEHASHes
+ * TREEHASHes = (Subtree height - BDS k param) * TREEHASH
+ * TREEHASH = nextIdx || completed || used
+ *
+ * @param [in] n  Number of bytes to hash output.
+ * @param [in] h  Height of full tree.
+ * @param [in] d  Depth of trees (number of subtrees).
+ * @param [in] s  Subtree height.
+ * @param [in] i  Length of index encoding in bytes.
+ * @param [in] k  BDS k parameter.
+ * @return  Secret key length in bytes.
+ */
+#define XMSS_SK_LEN(n, h, d, s, i, k)                               \
+    (((i) + 4 * (n)) +                                              \
+     (2 * (d) - 1) * (((s) + 1) * (n) +                             \
+                    (s) + 1 +                                       \
+                    (s) * (n) +                                     \
+                    ((s) >> 1) * (n) +                              \
+                    ((s) - (k)) * XMSS_TREEHASH_SZ +                \
+                    ((s) - (k)) * (n) +                             \
+                    XMSS_RETAIN_LEN(k, n) +                         \
+                    XMSS_BDS_NUMS_SZ) +                             \
+     ((d) - 1) * (n) * ((n) * 2 + 3))
+
+#else
+
+/* Calculate Secret key length.
+ *
+ * SK = idx || wots_sk || SK_PRF || root || SEED
+ *
+ * @param [in] n  Number of bytes to hash output.
+ * @param [in] h  Height of full tree. Unused.
+ * @param [in] d  Depth of trees (number of subtrees). Unused.
+ * @param [in] s  Subtree height. Unused.
+ * @param [in] i  Length of index encoding in bytes.
+ * @param [in] k  BDS k parameter. Unused.
+ * @return  Secret key length.
+ */
+#define XMSS_SK_LEN(n, h, d, s, i, k)                               \
+    ((i) + 4 * (n))
+
+#endif
+
+#ifndef WOLFSSL_XMSS_LARGE_SECRET_KEY
+/* Choose the smaller BDS K parameter. */
+#define XMSS_K(k, kl)   (k)
+#else
+/* Choose the larger BDS K parameter. */
+#define XMSS_K(k, kl)   (kl)
+#endif
+
+/* Calculate all fixed parameter values and output an array declaration.
+ *
+ * @param [in] hash  Hash algorithm to use.
+ * @param [in] n     Number of bytes to hash output.
+ * @param [in] p     Number of bytes of padding.
+ * @param [in] h     Height of full tree.
+ * @param [in] d     Depth of trees (number of subtrees).
+ * @param [in] i     Length of index encoding in bytes.
+ * @param [in] k     BDS k parameter. 0 or >= 2 but (h/d - k) is even.
+ * @param [in] kl    BDS k parameter when large signatures.
+ * @return  XMSS/XMSS^MT parameters array declaration.
+ */
+#define XMSS_PARAMS(hash, n, p, h, d, i, k, kl)                             \
+    { hash, n, p, (n) * 2 + 3, (n) * ((n) * 2 + 3), h, (h) / (d), (d), (i), \
+      (i) + (n) + (d) * (((n) * 2 + 3) * (n)) + (h) * (n),                  \
+      XMSS_SK_LEN(n, h, d, ((h) / (d)), i, XMSS_K(k, kl)), (n) * 2,         \
+      XMSS_K(k, kl) }
+    /* hash, d, pad_len, wots_len, wots_sig_len, h, sub_h, d, idx_len,
+     * sig_len,
+     * sk_len, pk_len,
+     * bds_k */
+
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20
+/* List of known XMSS algorithm strings and their OIDs. */
+static const wc_XmssString wc_xmss_alg[] = {
+#ifdef WC_XMSS_SHA256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHA2_10_256",     WC_XMSS_OID_SHA2_10_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHA2_16_256",     WC_XMSS_OID_SHA2_16_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHA2_20_256",     WC_XMSS_OID_SHA2_20_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 256 */
+#endif /* WC_XMSS_SHA256 */
+#ifdef WC_XMSS_SHA512
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHA2_10_512",     WC_XMSS_OID_SHA2_10_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHA2_16_512",     WC_XMSS_OID_SHA2_16_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHA2_20_512",     WC_XMSS_OID_SHA2_20_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 512 */
+#endif /* WC_XMSS_SHA512 */
+
+#ifdef WC_XMSS_SHAKE128
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHAKE_10_256",    WC_XMSS_OID_SHAKE_10_256   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHAKE_16_256",    WC_XMSS_OID_SHAKE_16_256   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHAKE_20_256",    WC_XMSS_OID_SHAKE_20_256   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 256 */
+#endif /* WC_XMSS_SHAKE128 */
+
+#ifdef WC_XMSS_SHAKE256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHAKE_10_512",    WC_XMSS_OID_SHAKE_10_512   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHAKE_16_512",    WC_XMSS_OID_SHAKE_16_512   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHAKE_20_512",    WC_XMSS_OID_SHAKE_20_512   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 512 */
+#endif /* WC_XMSS_SHAKE256 */
+
+#ifdef WC_XMSS_SHA256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHA2_10_192",     WC_XMSS_OID_SHA2_10_192    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHA2_16_192",     WC_XMSS_OID_SHA2_16_192    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHA2_20_192",     WC_XMSS_OID_SHA2_20_192    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 192 */
+#endif /* WC_XMSS_SHA256 */
+
+#ifdef WC_XMSS_SHAKE256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHAKE256_10_256", WC_XMSS_OID_SHAKE256_10_256,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHAKE256_16_256", WC_XMSS_OID_SHAKE256_16_256,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHAKE256_20_256", WC_XMSS_OID_SHAKE256_20_256,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 256 */
+#endif /* WC_XMSS_SHAKE256 */
+
+#ifdef WC_XMSS_SHAKE256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10
+    { "XMSS-SHAKE256_10_192", WC_XMSS_OID_SHAKE256_10_192,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 10, 1, 4, 0, 4), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16
+    { "XMSS-SHAKE256_16_192", WC_XMSS_OID_SHAKE256_16_192,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 16, 1, 4, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSS-SHAKE256_20_192", WC_XMSS_OID_SHAKE256_20_192,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 20, 1, 4, 0, 0), },
+#endif
+#endif /* HASH_SIZE 192 */
+#endif /* WC_XMSS_SHAKE256 */
+};
+/* Length of array of known XMSS algorithms. */
+#define WC_XMSS_ALG_LEN     (sizeof(wc_xmss_alg) / sizeof(*wc_xmss_alg))
+#endif
+
+/* Convert XMSS algorithm string to an OID - object identifier.
+ *
+ * @param [out] oid     OID value corresponding to string.
+ * @param [in]  s       String to convert.
+ * @param [out] params  XMSS/MT parameters.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN on failure.
+ */
+static int wc_xmss_str_to_params(const char *s, word32* oid,
+    const XmssParams** params)
+{
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20
+    unsigned int i;
+
+    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    for (i = 0; i < WC_XMSS_ALG_LEN; i++) {
+         if (XSTRCMP(s, wc_xmss_alg[i].str) == 0) {
+             *oid = wc_xmss_alg[i].oid;
+             *params = &wc_xmss_alg[i].params;
+             ret = 0;
+             break;
+         }
+    }
+#else
+    (void)s;
+    (void)oid;
+    (void)params;
+    ret = NOT_COMPILED_IN;
+#endif
+
+    return ret;
+}
+
+#if WOLFSSL_XMSS_MAX_HEIGHT >= 20
+/* List of known XMSS^MT algorithm strings and their OIDs. */
+static const wc_XmssString wc_xmssmt_alg[] = {
+#ifdef WC_XMSS_SHA256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHA2_20/2_256",      WC_XMSSMT_OID_SHA2_20_2_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHA2_20/4_256",      WC_XMSSMT_OID_SHA2_20_4_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHA2_40/2_256",      WC_XMSSMT_OID_SHA2_40_2_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHA2_40/4_256",      WC_XMSSMT_OID_SHA2_40_4_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHA2_40/8_256",      WC_XMSSMT_OID_SHA2_40_8_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHA2_60/3_256",      WC_XMSSMT_OID_SHA2_60_3_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHA2_60/6_256",      WC_XMSSMT_OID_SHA2_60_6_256     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHA2_60/12_256",     WC_XMSSMT_OID_SHA2_60_12_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   32, 32, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 256 */
+#endif /* WC_XMSS_SHA256 */
+#ifdef WC_XMSS_SHA512
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHA2_20/2_512",      WC_XMSSMT_OID_SHA2_20_2_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHA2_20/4_512",      WC_XMSSMT_OID_SHA2_20_4_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHA2_40/2_512",      WC_XMSSMT_OID_SHA2_40_2_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHA2_40/4_512",      WC_XMSSMT_OID_SHA2_40_4_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHA2_40/8_512",      WC_XMSSMT_OID_SHA2_40_8_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHA2_60/3_512",      WC_XMSSMT_OID_SHA2_60_3_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHA2_60/6_512",      WC_XMSSMT_OID_SHA2_60_6_512     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHA2_60/12_512",     WC_XMSSMT_OID_SHA2_60_12_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA512,   64, 64, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 512 */
+#endif /* WC_XMSS_SHA512 */
+
+#ifdef WC_XMSS_SHAKE128
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHAKE_20/2_256",     WC_XMSSMT_OID_SHAKE_20_2_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHAKE_20/4_256",     WC_XMSSMT_OID_SHAKE_20_4_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHAKE_40/2_256",     WC_XMSSMT_OID_SHAKE_40_2_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHAKE_40/4_256",     WC_XMSSMT_OID_SHAKE_40_4_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHAKE_40/8_256",     WC_XMSSMT_OID_SHAKE_40_8_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHAKE_60/3_256",     WC_XMSSMT_OID_SHAKE_60_3_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHAKE_60/6_256",     WC_XMSSMT_OID_SHAKE_60_6_256    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHAKE_60/12_256",    WC_XMSSMT_OID_SHAKE_60_12_256   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE128, 32, 32, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 256 */
+#endif /* WC_XMSS_SHAKE128 */
+
+#ifdef WC_XMSS_SHAKE256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHAKE_20/2_512",     WC_XMSSMT_OID_SHAKE_20_2_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHAKE_20/4_512",     WC_XMSSMT_OID_SHAKE_20_4_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHAKE_40/2_512",     WC_XMSSMT_OID_SHAKE_40_2_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHAKE_40/4_512",     WC_XMSSMT_OID_SHAKE_40_4_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHAKE_40/8_512",     WC_XMSSMT_OID_SHAKE_40_8_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHAKE_60/3_512",     WC_XMSSMT_OID_SHAKE_60_3_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHAKE_60/6_512",     WC_XMSSMT_OID_SHAKE_60_6_512    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHAKE_60/12_512",    WC_XMSSMT_OID_SHAKE_60_12_512   ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 64, 64, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 512 */
+#endif /* WC_XMSS_SHAKE256 */
+
+#ifdef WC_XMSS_SHA256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHA2_20/2_192",      WC_XMSSMT_OID_SHA2_20_2_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHA2_20/4_192",      WC_XMSSMT_OID_SHA2_20_4_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHA2_40/2_192",      WC_XMSSMT_OID_SHA2_40_2_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHA2_40/4_192",      WC_XMSSMT_OID_SHA2_40_4_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHA2_40/8_192",      WC_XMSSMT_OID_SHA2_40_8_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHA2_60/3_192",      WC_XMSSMT_OID_SHA2_60_3_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHA2_60/6_192",      WC_XMSSMT_OID_SHA2_60_6_192     ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHA2_60/12_192",     WC_XMSSMT_OID_SHA2_60_12_192    ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHA256,   24,  4, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 192 */
+#endif /* WC_XMSS_SHA256 */
+
+#ifdef WC_XMSS_SHAKE256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHAKE256_20/2_256",  WC_XMSSMT_OID_SHAKE256_20_2_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHAKE256_20/4_256",  WC_XMSSMT_OID_SHAKE256_20_4_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHAKE256_40/2_256",  WC_XMSSMT_OID_SHAKE256_40_2_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHAKE256_40/4_256",  WC_XMSSMT_OID_SHAKE256_40_4_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHAKE256_40/8_256",  WC_XMSSMT_OID_SHAKE256_40_8_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHAKE256_60/3_256",  WC_XMSSMT_OID_SHAKE256_60_3_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHAKE256_60/6_256",  WC_XMSSMT_OID_SHAKE256_60_6_256 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHAKE256_60/12_256", WC_XMSSMT_OID_SHAKE256_60_12_256,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 32, 32, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 256 */
+#endif /* WC_XMSS_SHAKE256 */
+
+#ifdef WC_XMSS_SHAKE256
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    { "XMSSMT-SHAKE256_20/2_192",  WC_XMSSMT_OID_SHAKE256_20_2_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 20,  2, 3, 2, 4), },
+    { "XMSSMT-SHAKE256_20/4_192",  WC_XMSSMT_OID_SHAKE256_20_4_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 20,  4, 3, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40
+    { "XMSSMT-SHAKE256_40/2_192",  WC_XMSSMT_OID_SHAKE256_40_2_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 40,  2, 5, 2, 4), },
+    { "XMSSMT-SHAKE256_40/4_192",  WC_XMSSMT_OID_SHAKE256_40_4_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 40,  4, 5, 2, 4), },
+    { "XMSSMT-SHAKE256_40/8_192",  WC_XMSSMT_OID_SHAKE256_40_8_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 40,  8, 5, 0, 0), },
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60
+    { "XMSSMT-SHAKE256_60/3_192",  WC_XMSSMT_OID_SHAKE256_60_3_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 60,  3, 8, 2, 4), },
+    { "XMSSMT-SHAKE256_60/6_192",  WC_XMSSMT_OID_SHAKE256_60_6_192 ,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 60,  6, 8, 2, 4), },
+    { "XMSSMT-SHAKE256_60/12_192", WC_XMSSMT_OID_SHAKE256_60_12_192,
+      XMSS_PARAMS(WC_HASH_TYPE_SHAKE256, 24,  4, 60, 12, 8, 0, 0), },
+#endif
+#endif /* HASH_SIZE 192 */
+#endif /* WC_XMSS_SHAKE256 */
+};
+/* Length of array of known XMSS^MT algorithms. */
+#define WC_XMSSMT_ALG_LEN   (sizeof(wc_xmssmt_alg) / sizeof(*wc_xmssmt_alg))
+#endif
+
+/* Convert XMSS^MT algorithm string to an OID - object identifier.
+ *
+ * @param [out] oid     OID value corresponding to string.
+ * @param [in]  s       String to convert.
+ * @param [out] params  XMSS/MT parameters.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN on failure.
+ */
+static int wc_xmssmt_str_to_params(const char *s, word32* oid,
+    const XmssParams** params)
+{
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+#if WOLFSSL_XMSS_MAX_HEIGHT >= 20
+    unsigned int i;
+
+    ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    for (i = 0; i < WC_XMSSMT_ALG_LEN; i++) {
+         if (XSTRCMP(s, wc_xmssmt_alg[i].str) == 0) {
+             *oid = wc_xmssmt_alg[i].oid;
+             *params = &wc_xmssmt_alg[i].params;
+             ret = 0;
+             break;
+         }
+    }
+#else
+    (void)s;
+    (void)oid;
+    (void)params;
+    ret = NOT_COMPILED_IN;
+#endif
+
+    return ret;
+}
+
+/***************************
+ * OTHER Internal APIs
+ ***************************/
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+/* Allocates the XMSS secret key (sk) array.
+ *
+ * The XMSS/XMSS^MT secret key length is a function of the
+ * parameters, and can't be allocated until the param string
+ * has been set with SetParamStr.
+ *
+ * This is only called by MakeKey() and Reload().
+ *
+ * Note: the XMSS sk array is force zeroed after every use.
+ *
+ * @param [in] key  The XMSS key.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_FUNC_ARG when private key already allocated.
+ * @return  MEMORY_E when allocating dynamic memory fails.
+ */
+static int wc_xmsskey_alloc_sk(XmssKey* key)
+{
+    int ret = 0;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure the private key doesn't exist. */
+    else if (key->sk != NULL) {
+        WOLFSSL_MSG("error: XMSS secret key already exists");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* The XMSS/XMSS^MT secret key length is a function of the
+         * parameters. Therefore can't allocate this until param
+         * string has been set. */
+        ret = wc_XmssKey_GetPrivLen(key, &key->sk_len);
+    }
+    if (ret == 0) {
+        /* Allocate a buffer to hold secret key. */
+        key->sk = (unsigned char *)XMALLOC(key->sk_len, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (key->sk == NULL) {
+            WOLFSSL_MSG("error: malloc XMSS key->sk failed");
+            ret = MEMORY_E;
+        }
+    }
+
+    if (ret == 0) {
+        /* Zeroize private key buffer. */
+        ForceZero(key->sk, key->sk_len);
+    }
+
+    return ret;
+}
+
+/* Signs the message using the XMSS secret key, and
+ * updates the secret key on NV storage.
+ *
+ * Both operations must succeed to be considered
+ * successful.
+ *
+ * On success:  sets key state to WC_XMSS_STATE_OK.
+ * On failure:  sets key state to WC_XMSS_STATE_BAD
+ *
+ * If no signatures are left, sets state to WC_XMSS_STATE_NOSIGS.
+ *
+ * @return  IO_FAILED_E when reading or writing private key failed.
+ * @return  KEY_EXHAUSTED_E when no more keys in private key available.
+ * @return  BAD_COND_E when generated signature length is invalid.
+ */
+static WC_INLINE int wc_xmsskey_signupdate(XmssKey* key, byte* sig,
+    const byte* msg, int msgLen)
+{
+    int            ret = 0;
+    enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE;
+
+    /* Set the key state to bad by default. State is presumed bad unless a
+     * correct sign and update operation happen together. */
+    key->state = WC_XMSS_STATE_BAD;
+
+    /* Read the current secret key from NV storage.*/
+    cb_rc = key->read_private_key(key->sk, key->sk_len, key->context);
+    if (cb_rc != WC_XMSS_RC_READ_TO_MEMORY) {
+        /* Read from NV storage failed. */
+        WOLFSSL_MSG("error: XMSS read_private_key failed");
+        ret = IO_FAILED_E;
+    }
+
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XmssState* state;
+    #else
+        XmssState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize state for use in signing. */
+            ret = wc_xmss_state_init(state, key->params);
+            if (ret == 0) {
+                /* Read was good. Now sign and update the secret key in memory.
+                 */
+            #ifndef WOLFSSL_WC_XMSS_SMALL
+                if (key->is_xmssmt) {
+                    ret = wc_xmssmt_sign(state, msg, msgLen, key->sk, sig);
+                }
+                else {
+                    ret = wc_xmss_sign(state, msg, msgLen, key->sk, sig);
+                }
+            #else
+                ret = wc_xmssmt_sign(state, msg, msgLen, key->sk, sig);
+            #endif
+                if (ret == WC_NO_ERR_TRACE(KEY_EXHAUSTED_E)) {
+                    /* Signature space exhausted. */
+                    key->state = WC_XMSS_STATE_NOSIGS;
+                    WOLFSSL_MSG("error: no XMSS signatures remaining");
+                }
+                else if (ret != 0) {
+                    /* Something failed or inconsistent in signature. Erase the
+                     * signature just to be safe. */
+                    ForceZero(sig, key->params->sig_len);
+                    WOLFSSL_MSG("error: XMSS sign failed");
+                }
+                /* Free state after use. */
+                wc_xmss_state_free(state);
+            }
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+
+    if (ret == 0) {
+        /* The signature succeeded. key->sk is now updated and must be
+         * committed to NV storage. */
+        cb_rc = key->write_private_key(key->sk, key->sk_len, key->context);
+        if (cb_rc != WC_XMSS_RC_SAVED_TO_NV_MEMORY) {
+            /* Write to NV storage failed. Erase the signature from
+             * memory. */
+            ForceZero(sig, key->params->sig_len);
+            WOLFSSL_MSG("error: XMSS write_private_key failed");
+            ret = IO_FAILED_E;
+        }
+    }
+    if (ret == 0) {
+        /* key->sk was successfully committed to NV storage. Set the
+         * key state to OK, and set the sigLen. */
+        key->state = WC_XMSS_STATE_OK;
+    }
+
+    /* Force zero the secret key from memory always. */
+    ForceZero(key->sk, key->sk_len);
+
+    return ret;
+}
+#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */
+
+/***************************
+ * PUBLIC API
+ ***************************/
+
+/* Init an XMSS key.
+ *
+ * Call this before setting the parms of an XMSS key.
+ *
+ * @param [in] key    The XMSS key to init.
+ * @param [in] heap   Unused.
+ * @param [in] devId  Unused.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ */
+int wc_XmssKey_Init(XmssKey* key, void* heap, int devId)
+{
+    int ret = 0;
+
+    (void) heap;
+    (void) devId;
+
+    /* Validate parameters. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Zeroize key and set state to initialized. */
+        ForceZero(key, sizeof(XmssKey));
+        key->state = WC_XMSS_STATE_INITED;
+    }
+
+    return ret;
+}
+
+/* Set the XMSS key parameter string.
+ *
+ * The input string must be one of the supported parm set names in
+ * the "Name" section from the table in wolfssl/wolfcrypt/xmss.h,
+ * e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256".
+ *
+ * @param [in] key  The XMSS key to set.
+ * @param [in] str  The XMSS/XMSS^MT parameter string.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_FUNC_ARG when string not recognized.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * @return  NOT_COMPILED_IN when string not supported.
+ */
+int wc_XmssKey_SetParamStr(XmssKey* key, const char* str)
+{
+    int      ret = 0;
+    word32   oid = 0;
+    int      is_xmssmt = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (str == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Validate state. */
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_INITED)) {
+        WOLFSSL_MSG("error: XMSS key needs init");
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Check which type of algorithm the string is for. */
+        is_xmssmt = (XMEMCMP(str, "XMSS-", 5) != 0);
+
+        /* Convert XMSS param string to OID. */
+        if (is_xmssmt) {
+            ret = wc_xmssmt_str_to_params(str, &oid, &key->params);
+        }
+        else {
+            ret = wc_xmss_str_to_params(str, &oid, &key->params);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("error: xmssmt_str_to_params failed");
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    if (ret == 0) {
+        /* Set key info. */
+        key->oid = oid;
+        key->is_xmssmt = is_xmssmt;
+        key->state = WC_XMSS_STATE_PARMSET;
+    }
+
+    return ret;
+}
+
+/* Force zeros and frees the XMSS key from memory.
+ *
+ * This does not touch the private key saved to non-volatile storage.
+ *
+ * This is the only function that frees the key->sk array.
+ *
+ * @param [in] key  XMSS key.
+ */
+void wc_XmssKey_Free(XmssKey* key)
+{
+    /* Validate parameter. */
+    if (key != NULL) {
+    #ifndef WOLFSSL_XMSS_VERIFY_ONLY
+        if (key->sk != NULL) {
+            /* Zeroize private key. */
+            ForceZero(key->sk, key->sk_len);
+            XFREE(key->sk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            key->sk = NULL;
+            key->sk_len = 0;
+        }
+    #endif /* !WOLFSSL_XMSS_VERIFY_ONLY */
+
+        /* Ensure all data is zeroized. */
+        ForceZero(key, sizeof(XmssKey));
+
+        /* Set the state to freed. */
+        key->state = WC_XMSS_STATE_FREED;
+    }
+}
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+/* Sets the XMSS write private key callback.
+ *
+ * The callback must be able to write/update the private key to
+ * non-volatile storage.
+ *
+ * @param [in] key       The XMSS key.
+ * @param [in] write_cb  The write private key callback.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_STATE_E when wrong state for operation.
+ */
+int wc_XmssKey_SetWriteCb(XmssKey* key, wc_xmss_write_private_key_cb write_cb)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (write_cb == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Changing the write callback of an already working key is forbidden. */
+    else if (key->state == WC_XMSS_STATE_OK) {
+        WOLFSSL_MSG("error: wc_XmssKey_SetWriteCb: key in use");
+        ret = BAD_STATE_E;
+    }
+    else {
+        /* Set write callback for storing private key. */
+        key->write_private_key = write_cb;
+    }
+
+    return ret;
+}
+
+/* Sets the XMSS read private key callback.
+ *
+ * The callback must be able to read the private key from
+ * non-volatile storage.
+ *
+ * @param [in] key      The XMSS key.
+ * @param [in] read_cb  The read private key callback.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_STATE_E when wrong state for operation.
+ */
+int wc_XmssKey_SetReadCb(XmssKey* key, wc_xmss_read_private_key_cb read_cb)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (read_cb == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Changing the read callback of an already working key is forbidden. */
+    else if (key->state == WC_XMSS_STATE_OK) {
+        WOLFSSL_MSG("error: wc_XmssKey_SetReadCb: key in use");
+        ret = BAD_STATE_E;
+    }
+    else {
+        /* Set write callback for getting private key. */
+        key->read_private_key = read_cb;
+    }
+
+    return ret;
+}
+
+/* Sets the XMSS context to be used by write and read callbacks.
+ *
+ * E.g. this could be a filename if the callbacks write/read to file.
+ *
+ * @param [in] key      The XMSS key.
+ * @param [in] context  The context pointer.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_STATE_E when wrong state for operation.
+ */
+int wc_XmssKey_SetContext(XmssKey* key, void* context)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (context == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Setting context of an already working key is forbidden. */
+    else if (key->state == WC_XMSS_STATE_OK) {
+        WOLFSSL_MSG("error: wc_XmssKey_SetContext: key in use");
+        ret = BAD_STATE_E;
+    }
+    else {
+        /* Set read/write callback context for accessing the private key. */
+        key->context = context;
+    }
+
+    return ret;
+}
+
+/* Make the XMSS/XMSS^MT private/public key pair. The key must have its
+ * parameters set before calling this.
+ *
+ * Write/read callbacks, and context data, must be set prior.
+ * Key must have parameters set.
+ *
+ * This function and Reload() are the only functions that allocate
+ * key->sk array. wc_XmssKey_FreeKey is the only function that
+ * deallocates key->sk.
+ *
+ * @param [in] key  The XMSS key to make.
+ * @param [in] rng  Initialized WC_RNG pointer.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_FUNC_ARG when a write private key is not set.
+ * @return  BAD_FUNC_ARG when a read/write private key context is not set.
+ * @return  BAD_FUNC_ARG when private key already allocated.
+ * @return  MEMORY_E when allocating dynamic memory fails.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * @return  IO_FAILED_E when writing private key failed.
+ * @return  Other negative when random number generation failed.
+ */
+int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng)
+{
+    int            ret = 0;
+    enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE;
+#ifdef WOLFSSL_SMALL_STACK
+    unsigned char* seed = NULL;
+#else
+    unsigned char  seed[3 * WC_XMSS_MAX_N];
+#endif
+
+    /* Validate parameters */
+    if ((key == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_PARMSET)) {
+        WOLFSSL_MSG("error: XmssKey not ready for generation");
+        ret = BAD_STATE_E;
+    }
+    /* Ensure write callback available. */
+    if ((ret == 0) && (key->write_private_key == NULL)) {
+        WOLFSSL_MSG("error: XmssKey write callback is not set");
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure read/write callback context available. */
+    if ((ret == 0) && (key->context == NULL)) {
+        WOLFSSL_MSG("error: XmssKey context is not set");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Allocate sk array. */
+        ret = wc_xmsskey_alloc_sk(key);
+    }
+#ifdef WOLFSSL_SMALL_STACK
+    if (ret == 0) {
+        seed = (unsigned char*)XMALLOC(3 * key->params->n, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (seed == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Generate three random seeds. */
+        ret = wc_RNG_GenerateBlock(rng, seed, 3 * key->params->n);
+    }
+
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XmssState* state;
+    #else
+        XmssState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize state for use in key generation. */
+            ret = wc_xmss_state_init(state, key->params);
+            if (ret == 0) {
+                /* Finally make the private/public key pair. Immediately write
+                 * it to NV storage and then clear from memory. */
+            #ifndef WOLFSSL_WC_XMSS_SMALL
+                if (key->is_xmssmt) {
+                    ret = wc_xmssmt_keygen(state, seed, key->sk, key->pk);
+                }
+                else {
+                    ret = wc_xmss_keygen(state, seed, key->sk, key->pk);
+                }
+            #else
+                ret = wc_xmssmt_keygen(state, seed, key->sk, key->pk);
+            #endif
+                if (ret != 0) {
+                    WOLFSSL_MSG("error: XMSS keygen failed");
+                    key->state = WC_XMSS_STATE_BAD;
+                }
+                /* Free state after use. */
+                wc_xmss_state_free(state);
+            }
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+
+    if (ret == 0) {
+        /* Write out private key. */
+        cb_rc = key->write_private_key(key->sk, key->sk_len, key->context);
+        /* Zeroize private key data whether it was saved or not. */
+        ForceZero(key->sk, key->sk_len);
+        /* Check writing succeeded. */
+        if (cb_rc != WC_XMSS_RC_SAVED_TO_NV_MEMORY) {
+            WOLFSSL_MSG("error: XMSS write to NV storage failed");
+            key->state = WC_XMSS_STATE_BAD;
+            ret = IO_FAILED_E;
+        }
+    }
+
+    if (ret == 0) {
+        key->state = WC_XMSS_STATE_OK;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return ret;
+}
+
+/* This function allocates the secret key buffer, and does a
+ * quick sanity check to verify the secret key is readable
+ * from NV storage, and then force zeros the key from memory.
+ *
+ * On success it sets the key state to OK.
+ *
+ * Use this function to resume signing with an already existing
+ * XMSS key pair.
+ *
+ * Write/read callbacks, and context data, must be set prior.
+ * Key must have parameters set.
+ *
+ * This function and MakeKey are the only functions that allocate
+ * key->sk array. wc_XmssKey_FreeKey is the only function that
+ * deallocates key->sk.
+ *
+ * @params [in] key  XMSS key to load.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_FUNC_ARG when a read or write function is not set.
+ * @return  BAD_FUNC_ARG when a read/write function context is not set.
+ * @return  BAD_FUNC_ARG when private key already allocated.
+ * @return  MEMORY_E when allocating dynamic memory fails.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * @return  IO_FAILED_E when reading private key failed.
+ */
+int wc_XmssKey_Reload(XmssKey* key)
+{
+    int            ret = 0;
+    enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_PARMSET)) {
+        WOLFSSL_MSG("error: XmssKey not ready for reload");
+        ret = BAD_STATE_E;
+    }
+    /* Ensure read and write callbacks are available. */
+    if ((ret == 0) && ((key->write_private_key == NULL) ||
+            (key->read_private_key == NULL))) {
+        WOLFSSL_MSG("error: XmssKey write/read callbacks are not set");
+        ret = BAD_FUNC_ARG;
+    }
+    /* Ensure read and write callback context is available. */
+    if ((ret == 0) && (key->context == NULL)) {
+        WOLFSSL_MSG("error: XmssKey context is not set");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Allocate sk array. */
+        ret = wc_xmsskey_alloc_sk(key);
+    }
+
+    if (ret == 0) {
+        /* Read the current secret key from NV storage. Force clear it
+         * immediately. This is just to sanity check the secret key
+         * is readable from permanent storage. */
+        cb_rc = key->read_private_key(key->sk, key->sk_len, key->context);
+        ForceZero(key->sk, key->sk_len);
+        /* Check reading succeeded. */
+        if (cb_rc != WC_XMSS_RC_READ_TO_MEMORY) {
+            WOLFSSL_MSG("error: XMSS read from NV storage failed");
+            key->state = WC_XMSS_STATE_BAD;
+            ret = IO_FAILED_E;
+        }
+    }
+    if (ret == 0) {
+        key->state = WC_XMSS_STATE_OK;
+    }
+
+    return ret;
+}
+
+/* Gets the XMSS/XMSS^MT private key length.
+ *
+ * Parameters must be set before calling this, as the key size (sk_len)
+ * is a function of the parameters.
+ *
+ * Note: the XMSS/XMSS^MT private key format is implementation specific,
+ * and not standardized. Interoperability of XMSS private keys should
+ * not be expected.
+ *
+ * @param [in]  key  XMSS key.
+ * @param [out] len  Length of the private key in bytes.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * */
+int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && ((key->state != WC_XMSS_STATE_OK) &&
+            (key->state != WC_XMSS_STATE_PARMSET))) {
+        /* params->sk_len not set yet. */
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Calculate private key length: OID + private key bytes. */
+        *len = XMSS_OID_LEN + (word32)key->params->sk_len;
+    }
+
+    return ret;
+}
+
+/* Sign the message using the XMSS secret key.
+ *
+ * @param [in]      key     XMSS key to use to sign.
+ * @param [in]      sig     Buffer to write signature into.
+ * @param [in, out] sigLen  On in, size of buffer.
+ *                          On out, the length of the signature in bytes.
+ * @param [in]      msg     Message to sign.
+ * @param [in]      msgLen  Length of the message in bytes.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_FUNC_ARG when a write private key is not set.
+ * @return  BAD_FUNC_ARG when a read/write private key context is not set.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * @return  BUFFER_E when sigLen is too small.
+ * @return  IO_FAILED_E when reading or writing private key failed.
+ * @return  KEY_EXHAUSTED_E when no more keys in private key available.
+ * @return  BAD_COND_E when generated signature length is invalid.
+ */
+int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigLen, const byte* msg,
+    int msgLen)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (sigLen == NULL) || (msg == NULL) ||
+            (msgLen <= 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && (key->state == WC_XMSS_STATE_NOSIGS)) {
+        WOLFSSL_MSG("error: XMSS signatures exhausted");
+        ret = BAD_STATE_E;
+    }
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_OK)) {
+       /* The key had an error the last time it was used, and we
+        * can't guarantee its state. */
+        WOLFSSL_MSG("error: can't sign, XMSS key not in good state");
+        ret = BAD_STATE_E;
+    }
+    /* Check signature buffer size. */
+    if ((ret == 0) && (*sigLen < key->params->sig_len)) {
+        /* Signature buffer too small. */
+        WOLFSSL_MSG("error: XMSS sig buffer too small");
+        ret = BUFFER_E;
+    }
+    /* Check read and write callbacks available. */
+    if ((ret == 0) && ((key->write_private_key == NULL) ||
+            (key->read_private_key == NULL))) {
+        WOLFSSL_MSG("error: XmssKey write/read callbacks are not set");
+        ret = BAD_FUNC_ARG;
+    }
+    /* Check read/write callback context available. */
+    if ((ret == 0) && (key->context == NULL)) {
+        WOLFSSL_MSG("error: XmssKey context is not set");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        *sigLen = key->params->sig_len;
+        /* Finally, sign and update the secret key. */
+        ret = wc_xmsskey_signupdate(key, sig, msg, msgLen);
+    }
+
+    return ret;
+}
+
+/* Check if more signatures are possible with key.
+ *
+ * @param [in] key  XMSS key to check.
+ * @return  1 when signatures possible.
+ * @return  0 when key exhausted.
+ */
+int  wc_XmssKey_SigsLeft(XmssKey* key)
+{
+    int ret;
+
+    /* Validate parameter. */
+    if (key == NULL) {
+        ret = 0;
+    }
+    /* Validate state. */
+    else if (key->state == WC_XMSS_STATE_NOSIGS) {
+        WOLFSSL_MSG("error: XMSS signatures exhausted");
+        ret = 0;
+    }
+    else if (key->state != WC_XMSS_STATE_OK) {
+        WOLFSSL_MSG("error: can't sign, XMSS key not in good state");
+        ret = 0;
+    }
+    /* Read the current secret key from NV storage.*/
+    else if (key->read_private_key(key->sk, key->sk_len, key->context) !=
+             WC_XMSS_RC_READ_TO_MEMORY) {
+        WOLFSSL_MSG("error: XMSS read_private_key failed");
+        ret = 0;
+    }
+    else {
+        /* Ask implementation to check index in private key. */
+        ret = wc_xmss_sigsleft(key->params, key->sk);
+    }
+
+    return ret;
+}
+#endif /* !WOLFSSL_XMSS_VERIFY_ONLY*/
+
+/* Get the XMSS/XMSS^MT public key length.
+ *
+ * The public key is static in size and does not depend on parameters,
+ * other than the choice of SHA256 as hashing function.
+ *
+ * @param [in]  key  XMSS key.
+ * @param [out] len  Length of the public key.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  NOT_COMPILED_IN when a hash algorithm not supported.
+ */
+int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        *len = XMSS_OID_LEN + key->params->pk_len;
+    }
+
+    return ret;
+}
+
+/* Export public key and parameters from one XmssKey to another.
+ *
+ * Use this to prepare a signature verification XmssKey that is pub only.
+ *
+ * @param [out] keyDst  Destination key for copy.
+ * @param [in]  keySrc  Source key for copy.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a key is NULL.
+ * @return  Other negative when digest algorithm initialization failed.
+ */
+int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((keyDst == NULL) || (keySrc == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Zeroize the new key. */
+        ForceZero(keyDst, sizeof(XmssKey));
+
+        /* Copy over the public key. */
+        XMEMCPY(keyDst->pk, keySrc->pk, sizeof(keySrc->pk));
+
+        /* Copy over the key info. */
+        keyDst->oid = keySrc->oid;
+        keyDst->is_xmssmt = keySrc->is_xmssmt;
+        keyDst->params = keySrc->params;
+    }
+    if (ret == 0) {
+        /* Mark keyDst as verify only, to prevent misuse. */
+        keyDst->state = WC_XMSS_STATE_VERIFYONLY;
+    }
+
+    return 0;
+}
+
+/* Exports the raw XMSS public key buffer from key to out buffer.
+ *
+ * The out buffer should be large enough to hold the public key, and
+ * outLen should indicate the size of the buffer.
+ *
+ * @param [in]       key     XMSS key.
+ * @param [out]      out     Array holding public key.
+ * @param [in, out]  outLen  On in, size of buffer.
+ *                           On out, the length of the public key.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BUFFER_E if array is too small.
+ */
+int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out, word32* outLen)
+{
+    int    ret = 0;
+    word32 pubLen = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Get the public key length. */
+    if (ret == 0) {
+        ret = wc_XmssKey_GetPubLen(key, &pubLen);
+    }
+    /* Check the output buffer is large enough. */
+    if ((ret == 0) && (*outLen < pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        int i = 0;
+        /* First copy the oid into buffer. */
+        for (; i < XMSS_OID_LEN; i++) {
+            out[XMSS_OID_LEN - i - 1] = (key->oid >> (8 * i)) & 0xFF;
+        }
+        /* Copy the public key data into buffer after oid. */
+        XMEMCPY(out + XMSS_OID_LEN, key->pk, pubLen - XMSS_OID_LEN);
+        /* Return actual public key length. */
+        *outLen = pubLen;
+    }
+
+    return ret;
+}
+
+/* Imports a raw public key buffer from in array to XmssKey key.
+ *
+ * The XMSS parameters must be set first with wc_XmssKey_SetParamStr,
+ * and inLen must match the length returned by wc_XmssKey_GetPubLen.
+ *
+ * @param [in, out] key     XMSS key.
+ * @param [in]      in      Array holding public key.
+ * @param [in]       inLen  Length of array in bytes.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BUFFER_E if array is incorrect size.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * */
+int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in, word32 inLen)
+{
+    int    ret = 0;
+    word32 pubLen = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_PARMSET)) {
+        /* XMSS key not ready for import. Param str must be set first. */
+        WOLFSSL_MSG("error: XMSS key not ready for import");
+        ret = BAD_STATE_E;
+    }
+
+    /* Get the public key length. */
+    if (ret == 0) {
+        ret = wc_XmssKey_GetPubLen(key, &pubLen);
+    }
+    /* Check the input buffer is the right size. */
+    if ((ret == 0) && (inLen != pubLen)) {
+        /* Something inconsistent. Parameters weren't set, or input
+         * pub key is wrong.*/
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Copy the public key data into key. */
+        XMEMCPY(key->pk, in + XMSS_OID_LEN, pubLen - XMSS_OID_LEN);
+
+        /* Update state to verify-only as we don't have a private key. */
+        key->state = WC_XMSS_STATE_VERIFYONLY;
+    }
+
+    return ret;
+}
+
+/* Gets the XMSS/XMSS^MT signature length.
+ *
+ * Parameters must be set before calling this, as the signature size
+ * is a function of the parameters.
+ *
+ * Note: call this before wc_XmssKey_Sign or Verify so you know the
+ * length of the required signature buffer.
+ *
+ * @param [in]  key  XMSS key to use to sign.
+ * @param [out] len  The length of the signature in bytes.
+ *
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * */
+int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_OK) &&
+            (key->state != WC_XMSS_STATE_PARMSET)) {
+        ret = BAD_STATE_E;
+    }
+
+    if (ret == 0) {
+        /* Return the calculated signature length. */
+        *len = key->params->sig_len;
+    }
+
+    return ret;
+}
+
+/* Verify the signature using the XMSS public key.
+ *
+ * Requires that XMSS parameters have been set with
+ * wc_XmssKey_SetParamStr, and that a public key is available
+ * from importing or MakeKey().
+ *
+ * Call wc_XmssKey_GetSigLen() before this function to determine
+ * length of the signature buffer.
+ *
+ * @param [in] key     XMSS key to use to verify.
+ * @param [in] sig     Signature to verify.
+ * @param [in] sigLen  Size of signature in bytes.
+ * @param [in] m       Message to verify.
+ * @param [in] mLen    Length of the message in bytes.
+ *
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when signature did not verify message.
+ * @return  BAD_FUNC_ARG when a parameter is NULL.
+ * @return  BAD_STATE_E when wrong state for operation.
+ * @return  BUFFER_E when sigLen is too small.
+ */
+int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen,
+    const byte* m, int mLen)
+{
+    int            ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (m == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Validate state. */
+    if ((ret == 0) && (key->state != WC_XMSS_STATE_OK) &&
+            (key->state != WC_XMSS_STATE_VERIFYONLY)) {
+        /* XMSS key not ready for verification. Param str must be
+         * set first, and Reload() called. */
+        WOLFSSL_MSG("error: XMSS key not ready for verification");
+        ret = BAD_STATE_E;
+    }
+    /* Check the signature is the big enough. */
+    if ((ret == 0) && (sigLen < key->params->sig_len)) {
+        /* Signature buffer too small. */
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XmssState* state;
+    #else
+        XmssState state[1];
+    #endif
+
+    #ifdef WOLFSSL_SMALL_STACK
+        state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (state == NULL) {
+            ret = MEMORY_E;
+        }
+        if (ret == 0)
+    #endif
+        {
+            /* Initialize state for use in verification. */
+            ret = wc_xmss_state_init(state, key->params);
+            if (ret == 0) {
+                /* Verify using either XMSS^MT function as it works for both. */
+                ret = wc_xmssmt_verify(state, m, mLen, sig, key->pk);
+                /* Free state after use. */
+                wc_xmss_state_free(state);
+            }
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        }
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_HAVE_XMSS */
diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c
new file mode 100644
index 000000000..0a058a2a6
--- /dev/null
+++ b/wolfcrypt/src/wc_xmss_impl.c
@@ -0,0 +1,4387 @@
+/* wc_xmss_impl.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Based on:
+ *  o RFC 8391 - XMSS: eXtended Merkle Signature Scheme
+ *  o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo
+ *    from "Post Quantum Cryptography", Springer 2009.
+ *  o [OPX] "Optimal Parameters for XMSS^MT", Hulsing, Rausch and Buchmann
+ *
+ * TODO: "Simple and Memory-efficient Signature Generation of XMSS^MT"
+ *       (https://ece.engr.uvic.ca/~raltawy/SAC2021/9.pdf)
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#include <wolfssl/wolfcrypt/wc_xmss.h>
+#include <wolfssl/wolfcrypt/hash.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#if defined(WOLFSSL_HAVE_XMSS)
+
+/* Indices into Hash Address. */
+#define XMSS_ADDR_LAYER                 0
+#define XMSS_ADDR_TREE_HI               1
+#define XMSS_ADDR_TREE                  2
+#define XMSS_ADDR_TYPE                  3
+#define XMSS_ADDR_OTS                   4
+#define XMSS_ADDR_LTREE                 4
+#define XMSS_ADDR_TREE_ZERO             4
+#define XMSS_ADDR_CHAIN                 5
+#define XMSS_ADDR_TREE_HEIGHT           5
+#define XMSS_ADDR_HASH                  6
+#define XMSS_ADDR_TREE_INDEX            6
+#define XMSS_ADDR_KEY_MASK              7
+
+/* Types of hash addresses. */
+#define WC_XMSS_ADDR_TYPE_OTS        0
+#define WC_XMSS_ADDR_TYPE_LTREE      1
+#define WC_XMSS_ADDR_TYPE_TREE       2
+
+/* Byte to include in hash to create unique sequence. */
+#define XMSS_HASH_PADDING_F             0
+#define XMSS_HASH_PADDING_H             1
+#define XMSS_HASH_PADDING_HASH          2
+#define XMSS_HASH_PADDING_PRF           3
+#define XMSS_HASH_PADDING_PRF_KEYGEN    4
+
+/* Fixed parameter values. */
+#define XMSS_WOTS_W                     16
+#define XMSS_WOTS_LOG_W                 4
+#define XMSS_WOTS_LEN2                  3
+#define XMSS_CSUM_SHIFT                 4
+#define XMSS_CSUM_LEN                   2
+
+/* Length of the message to the PRF. */
+#define XMSS_PRF_M_LEN                  32
+
+/* Length of index encoding when doing XMSS. */
+#define XMSS_IDX_LEN                    4
+
+/* Size of the N when using SHA-256 and 32 byte padding. */
+#define XMSS_SHA256_32_N                WC_SHA256_DIGEST_SIZE
+/* Size of the padding when using SHA-256 and 32 byte padding. */
+#define XMSS_SHA256_32_PAD_LEN          32
+
+/* Calculate PRF data length for parameters. */
+#define XMSS_HASH_PRF_DATA_LEN(params)                              \
+    ((params)->pad_len + (params)->n + WC_XMSS_ADDR_LEN)
+/* PRF data length when using SHA-256 with 32 byte padding. */
+#define XMSS_HASH_PRF_DATA_LEN_SHA256_32                            \
+    (XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N + WC_XMSS_ADDR_LEN)
+
+/* Calculate chain hash data length for parameters. */
+#define XMSS_CHAIN_HASH_DATA_LEN(params)                            \
+    ((params)->pad_len + 2 * (params)->n)
+/* Chain hash data length when using SHA-256 with 32 byte padding. */
+#define XMSS_CHAIN_HASH_DATA_LEN_SHA256_32                          \
+    (XMSS_SHA256_32_PAD_LEN + 2 * XMSS_SHA256_32_N)
+
+/* Calculate rand hash data length for parameters. */
+#define XMSS_RAND_HASH_DATA_LEN(params)                             \
+    ((params)->pad_len + 3 * (params)->n)
+/* Rand hash data length when using SHA-256 with 32 byte padding. */
+#define XMSS_RAND_HASH_DATA_LEN_SHA256_32                           \
+    (XMSS_SHA256_32_PAD_LEN + 3 * XMSS_SHA256_32_N)
+
+/* Encode pad value into byte array. Front fill with 0s.
+ *
+ * RFC 8391: 2.4
+ *
+ * @param [in]  n   Number to encode.
+ * @param [out] a   Array to hold encoding.
+ * @param [in]  l   Length of array.
+ */
+#define XMSS_PAD_ENC(n, a, l)   \
+do {                            \
+    XMEMSET(a, 0, l);           \
+    (a)[(l) - 1] = (n);         \
+} while (0)
+
+
+/********************************************
+ * Index 32/64 bits
+ ********************************************/
+
+/* Index of 32 or 64 bits. */
+typedef union wc_Idx {
+#if WOLFSSL_XMSS_MAX_HEIGHT > 32
+    /* 64-bit representation. */
+    w64wrapper u64;
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 32
+    /* 32-bit representation. */
+    word32     u32;
+#endif
+} wc_Idx;
+
+#if WOLFSSL_XMSS_MAX_HEIGHT > 32
+/* Set index to zero.
+ *
+ * Index is up to 64-bits.
+ *
+ * @param [out] idx  32/64-bit index to zero.
+ */
+#define WC_IDX_ZERO(idx)    w64Zero(&(idx).u64)
+#else
+/* Set index to zero.
+ *
+ * Index is no more than 32-bits.
+ *
+ * @param [out] idx  32/64-bit index to zero.
+ */
+#define WC_IDX_ZERO(idx)    idx.u32 = 0
+#endif
+
+#if WOLFSSL_XMSS_MAX_HEIGHT > 32
+/* Decode 64-bit index.
+ *
+ * @param [out] i    Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define IDX64_DECODE(i, c, a, ret)                      \
+    if ((c) == 5) {                                     \
+        word32 t;                                       \
+        ato32((a) + 1, &t);                             \
+        (i) = w64From32((a)[0], t);                     \
+    }                                                   \
+    else if ((c) == 8) {                                \
+        ato64(a, &(i));                                 \
+    }
+
+/* Decode 64-bit index.
+ *
+ * @param [out] i    Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define XMSS_IDX64_DECODE(i, c, a, ret)                 \
+do {                                                    \
+    IDX64_DECODE(i, c, a, ret)                          \
+    else {                                              \
+        (ret) = NOT_COMPILED_IN;                        \
+    }                                                   \
+} while (0)
+
+/* Check whether index is valid.
+ *
+ * @param [in] i  Index to check.
+ * @param [in] c  Count of bytes i was encoded in.
+ * @param [in] h  Full tree Height.
+ */
+#define IDX64_INVALID(i, c, h)                              \
+    ((w64GetHigh32(w64Add32(i, 1, NULL)) >> ((h) - 32)) != 0)
+
+/* Set 64-bit index as hash address value for tree.
+ *
+ * @param [in]  i  Index to set.
+ * @param [in]  c  Count of bytes to encode into.
+ * @param [in]  h  Height of tree.
+ * @param [out] a  Hash address to encode into.
+ * @param [out] l  Index of leaf.
+ */
+#define IDX64_SET_ADDR_TREE(i, c, h, a, l)              \
+    if ((c) > 4) {                                      \
+        (l) = w64GetLow32(i) & (((word32)1 << (h)) - 1);\
+        (i) = w64ShiftRight(i, h);                      \
+        (a)[XMSS_ADDR_TREE_HI] = w64GetHigh32(i);       \
+        (a)[XMSS_ADDR_TREE] = w64GetLow32(i);           \
+    }
+#endif /* WOLFSSL_XMSS_MAX_HEIGHT > 32 */
+
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 32
+/* Decode 32-bit index.
+ *
+ * @param [out] i    Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define IDX32_DECODE(i, c, a, ret)                      \
+    if ((c) == 4) {                                     \
+        ato32(a, &(i));                                 \
+    }                                                   \
+    else if ((c) == 3) {                                \
+        ato24(a, &(i));                                 \
+    }
+
+/* Decode 32-bit index.
+ *
+ * @param [out] i    Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define XMSS_IDX32_DECODE(i, c, a, ret)                 \
+do {                                                    \
+    IDX32_DECODE(i, c, a, ret)                          \
+    else {                                              \
+        (ret) = NOT_COMPILED_IN;                        \
+    }                                                   \
+} while (0)
+
+/* Check whether 32-bit index is valid.
+ *
+ * @param [in] i  Index to check.
+ * @param [in] c  Count of bytes i was encoded in.
+ * @param [in] h  Full tree Height.
+ */
+#define IDX32_INVALID(i, c, h)                          \
+    ((((i) + 1) >> (h)) != 0)
+
+/* Set 32-bit index as hash address value for tree.
+ *
+ * @param [in]  i  Index to set.
+ * @param [in]  c  Count of bytes to encode into.
+ * @param [in]  h  Height of tree.
+ * @param [out] a  Hash address to encode into.
+ * @param [out] l  Index of leaf.
+ */
+#define IDX32_SET_ADDR_TREE(i, c, h, a, l)              \
+    if ((c) <= 4) {                                     \
+        (l) = ((i) & ((1 << (h)) - 1));                 \
+        (i) >>= params->sub_h;                          \
+        (a)[XMSS_ADDR_TREE] = (i);                      \
+    }
+
+#endif /* WOLFSSL_XMSS_MIN_HEIGHT <= 32 */
+
+#if (WOLFSSL_XMSS_MAX_HEIGHT > 32) && (WOLFSSL_XMSS_MIN_HEIGHT <= 32)
+
+/* Decode 32/64-bit index.
+ *
+ * @param [out] idx  Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define WC_IDX_DECODE(idx, c, a, ret)                   \
+do {                                                    \
+    IDX64_DECODE((idx).u64, c, a, ret)                  \
+    else                                                \
+    IDX32_DECODE((idx).u32, c, a, ret)                  \
+    else {                                              \
+        (ret) = NOT_COMPILED_IN;                        \
+    }                                                   \
+} while (0)
+
+/* Check whether index is valid.
+ *
+ * @param [in] i  Index to check.
+ * @param [in] c  Count of bytes i was encoded in.
+ * @param [in] h  Full tree Height.
+ */
+#define WC_IDX_INVALID(i, c, h)                         \
+    ((((c) >  4) && IDX64_INVALID((i).u64, c, h)) ||    \
+     (((c) <= 4) && IDX32_INVALID((i).u32, c, h)))
+
+/* Set 32/64-bit index as hash address value for tree.
+ *
+ * @param [in]  i  Index to set.
+ * @param [in]  c  Count of bytes to encode into.
+ * @param [in]  h  Height of tree.
+ * @param [out] a  Hash address to encode into.
+ * @param [out] l  Index of leaf.
+ */
+#define WC_IDX_SET_ADDR_TREE(idx, c, h, a, l)           \
+do {                                                    \
+    IDX64_SET_ADDR_TREE((idx).u64, c, h, a, l)          \
+    else                                                \
+    IDX32_SET_ADDR_TREE((idx).u32, c, h, a, l)          \
+} while (0)
+
+#elif WOLFSSL_XMSS_MAX_HEIGHT > 32
+
+/* Decode 64-bit index.
+ *
+ * @param [out] idx  Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define WC_IDX_DECODE(idx, c, a, ret)                   \
+do {                                                    \
+    IDX64_DECODE((idx).u64, c, a, ret)                  \
+} while (0)
+
+/* Check whether index is valid.
+ *
+ * @param [in] i  Index to check.
+ * @param [in] c  Count of bytes i was encoded in.
+ * @param [in] h  Full tree Height.
+ */
+#define WC_IDX_INVALID(i, c, h)                         \
+    IDX64_INVALID((i).u64, c, h)
+
+/* Set 64-bit index as hash address value for tree.
+ *
+ * @param [in]  i  Index to set.
+ * @param [in]  c  Count of bytes to encode into.
+ * @param [in]  h  Height of tree.
+ * @param [out] a  Hash address to encode into.
+ * @param [out] l  Index of leaf.
+ */
+#define WC_IDX_SET_ADDR_TREE(idx, c, h, a, l)           \
+do {                                                    \
+    IDX64_SET_ADDR_TREE((idx).u64, c, h, a, l)          \
+} while (0)
+
+#else
+
+/* Decode 32-bit index.
+ *
+ * @param [out] idx  Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ * @param [out] ret  Return value.
+ */
+#define WC_IDX_DECODE(idx, c, a, ret)                   \
+do {                                                    \
+    IDX32_DECODE((idx).u32, c, a, ret)                  \
+    else {                                              \
+        (ret) = NOT_COMPILED_IN;                        \
+    }                                                   \
+} while (0)
+
+/* Check whether index is valid.
+ *
+ * @param [in] i  Index to check.
+ * @param [in] c  Count of bytes i was encoded in.
+ * @param [in] h  Full tree Height.
+ */
+#define WC_IDX_INVALID(i, c, h)                         \
+    IDX32_INVALID((i).u32, c, h)
+
+/* Set 32-bit index as hash address value for tree.
+ *
+ * @param [in]  i  Index to set.
+ * @param [in]  c  Count of bytes to encode into.
+ * @param [in]  h  Height of tree.
+ * @param [out] a  Hash address to encode into.
+ * @param [out] l  Index of leaf.
+ */
+#define WC_IDX_SET_ADDR_TREE(idx, c, h, a, l)           \
+do {                                                    \
+    IDX32_SET_ADDR_TREE(idx.u32, c, h, a, l)            \
+} while (0)
+
+#endif /* (WOLFSSL_XMSS_MAX_HEIGHT > 32) && (WOLFSSL_XMSS_MIN_HEIGHT <= 32) */
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+/* Update index by adding one to big-endian encoded value.
+ *
+ * @param [in, out] a  Array index is encoded in.
+ * @param [in]      l  Length of encoded index.
+ */
+static void wc_idx_update(unsigned char* a, word8 l)
+{
+    sword8 i;
+
+    for (i = l - 1; i >= 0; i--) {
+        if ((++a[i]) != 0) {
+            break;
+        }
+    }
+}
+
+/* Copy index from source buffer to destination buffer.
+ *
+ * Index is put into the front of the destination buffer with the length of the
+ * source.
+ *
+ * @param [in]      s   Source buffer.
+ * @param [in]      sl  Length of index in source.
+ * @param [in, out] d   Destination buffer.
+ * @param [in]      dl  Length of destination buffer.
+ */
+static void wc_idx_copy(const unsigned char* s, word8 sl, unsigned char* d,
+    word8 dl)
+{
+    XMEMCPY(d, s, sl);
+    XMEMSET(d + sl, 0, dl - sl);
+}
+#endif
+
+/********************************************
+ * Hash Address.
+ ********************************************/
+
+/* Set the hash address based on subtree.
+ *
+ * @param [out] a  Hash address.
+ * @param [in]  s  Subtree hash address.
+ * @param [in]  t  Type of hash address.
+ */
+#define XMSS_ADDR_SET_SUBTREE(a, s, t)                \
+do {                                                  \
+    (a)[XMSS_ADDR_LAYER]   = (s)[XMSS_ADDR_LAYER];    \
+    (a)[XMSS_ADDR_TREE_HI] = (s)[XMSS_ADDR_TREE_HI];  \
+    (a)[XMSS_ADDR_TREE]    = (s)[XMSS_ADDR_TREE];     \
+    (a)[XMSS_ADDR_TYPE]    = (t);                     \
+    XMEMSET((a) + 4, 0, sizeof(a) - 4 * sizeof(*(a)));\
+} while (0)
+
+/* Set the OTS hash address based on subtree.
+ *
+ * @param [out] a  Hash address.
+ * @param [in]  s  Subtree hash address.
+ */
+#define XMSS_ADDR_OTS_SET_SUBTREE(a, s) \
+    XMSS_ADDR_SET_SUBTREE(a, s, WC_XMSS_ADDR_TYPE_OTS)
+/* Set the L-tree address based on subtree.
+ *
+ * @param [out] a  Hash address.
+ * @param [in]  s  Subtree hash address.
+ */
+#define XMSS_ADDR_LTREE_SET_SUBTREE(a, s) \
+    XMSS_ADDR_SET_SUBTREE(a, s, WC_XMSS_ADDR_TYPE_LTREE)
+/* Set the hash tree address based on subtree.
+ *
+ * @param [out] a  Hash address.
+ * @param [in]  s  Subtree hash address.
+ */
+#define XMSS_ADDR_TREE_SET_SUBTREE(a, s) \
+    XMSS_ADDR_SET_SUBTREE(a, s, WC_XMSS_ADDR_TYPE_TREE)
+
+#ifdef LITTLE_ENDIAN_ORDER
+
+/* Set a byte value into a word of an encoded address.
+ *
+ * @param [in, out] a  Encoded hash address.
+ * @param [in]      i  Index of word.
+ * @param [in]      b  Byte to set.
+ */
+#define XMSS_ADDR_SET_BYTE(a, i, b)     \
+    ((word32*)(a))[i] = (word32)(b) << 24
+
+#else
+
+/* Set a byte value into a word of an encoded address.
+ *
+ * @param [in, out] a  Encoded hash address.
+ * @param [in]      i  Index of word.
+ * @param [in]      b  Byte to set.
+ */
+#define XMSS_ADDR_SET_BYTE(a, i, b)     \
+    ((word32*)(a))[i] = (b)
+
+#endif /* LITTLE_ENDIAN_ORDER */
+
+/* Convert hash address to bytes.
+ *
+ * @param [out] bytes  Array to encode into.
+ * @param [in]  addr   Hash address.
+ */
+static void wc_xmss_addr_encode(const HashAddress addr, byte* bytes)
+{
+    c32toa((addr)[0], (bytes) + (0 * 4));
+    c32toa((addr)[1], (bytes) + (1 * 4));
+    c32toa((addr)[2], (bytes) + (2 * 4));
+    c32toa((addr)[3], (bytes) + (3 * 4));
+    c32toa((addr)[4], (bytes) + (4 * 4));
+    c32toa((addr)[5], (bytes) + (5 * 4));
+    c32toa((addr)[6], (bytes) + (6 * 4));
+    c32toa((addr)[7], (bytes) + (7 * 4));
+}
+
+/********************************************
+ * HASHING
+ ********************************************/
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \
+    !defined(WC_XMSS_FULL_HASH)
+
+/* Set hash data and length into SHA-256 digest.
+ *
+ * @param [in, out] state      XMSS/MT state with SHA-256 digest.
+ * @param [in]      data       Data to add to hash.
+ * @param [in]      len        Number of bytes in data.
+ *                             Must be less than a block.
+ * @param [in]      total_len  Number of bytes updated so far.
+ */
+#define XMSS_SHA256_SET_DATA(state, data, len, total_len)           \
+do {                                                                \
+    XMEMCPY((state)->digest.sha256.buffer, data, len);              \
+    (state)->digest.sha256.buffLen = (len);                         \
+    (state)->digest.sha256.loLen = (total_len);                     \
+} while (0)
+
+/* Save the SHA-256 state to cache.
+ *
+ * @param [in, out] state  XMSS/MT state with SHA-256 digest and state cache.
+ */
+#define XMSS_SHA256_STATE_CACHE(state)                              \
+    (state)->dgst_state[0] = (state)->digest.sha256.digest[0];      \
+    (state)->dgst_state[1] = (state)->digest.sha256.digest[1];      \
+    (state)->dgst_state[2] = (state)->digest.sha256.digest[2];      \
+    (state)->dgst_state[3] = (state)->digest.sha256.digest[3];      \
+    (state)->dgst_state[4] = (state)->digest.sha256.digest[4];      \
+    (state)->dgst_state[5] = (state)->digest.sha256.digest[5];      \
+    (state)->dgst_state[6] = (state)->digest.sha256.digest[6];      \
+    (state)->dgst_state[7] = (state)->digest.sha256.digest[7];      \
+
+/* Restore the SHA-256 state from cache and set length.
+ *
+ * @param [in, out] state  XMSS/MT state with SHA-256 digest and state cache.
+ * @param [in]      len    Number of bytes of data hashed so far.
+ */
+#define XMSS_SHA256_STATE_RESTORE(state, len)                       \
+do {                                                                \
+    (state)->digest.sha256.digest[0] = (state)->dgst_state[0];      \
+    (state)->digest.sha256.digest[1] = (state)->dgst_state[1];      \
+    (state)->digest.sha256.digest[2] = (state)->dgst_state[2];      \
+    (state)->digest.sha256.digest[3] = (state)->dgst_state[3];      \
+    (state)->digest.sha256.digest[4] = (state)->dgst_state[4];      \
+    (state)->digest.sha256.digest[5] = (state)->dgst_state[5];      \
+    (state)->digest.sha256.digest[6] = (state)->dgst_state[6];      \
+    (state)->digest.sha256.digest[7] = (state)->dgst_state[7];      \
+    (state)->digest.sha256.loLen = (len);                           \
+} while (0)
+
+/* Restore the SHA-256 state from cache and set data and length.
+ *
+ * @param [in, out] state      XMSS/MT state with SHA-256 digest and cache.
+ * @param [in]      data       Data to add to hash.
+ * @param [in]      len        Number of bytes in data.
+ *                             Must be less than a block.
+ * @param [in]      total_len  Number of bytes updated so far.
+ */
+#define XMSS_SHA256_STATE_RESTORE_DATA(state, data, len, total_len) \
+do {                                                                \
+    (state)->digest.sha256.digest[0] = (state)->dgst_state[0];      \
+    (state)->digest.sha256.digest[1] = (state)->dgst_state[1];      \
+    (state)->digest.sha256.digest[2] = (state)->dgst_state[2];      \
+    (state)->digest.sha256.digest[3] = (state)->dgst_state[3];      \
+    (state)->digest.sha256.digest[4] = (state)->dgst_state[4];      \
+    (state)->digest.sha256.digest[5] = (state)->dgst_state[5];      \
+    (state)->digest.sha256.digest[6] = (state)->dgst_state[6];      \
+    (state)->digest.sha256.digest[7] = (state)->dgst_state[7];      \
+    XMSS_SHA256_SET_DATA(state, data, len, total_len);              \
+} while (0)
+
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 && !WC_XMSS_FULL_HASH */
+
+/* Hash the data into output buffer.
+ *
+ * @param [in]  state   XMSS/MT state including digest and parameters.
+ * @param [in]  in      Data to digest.
+ * @param [in]  inlen   Length of data to digest in bytes.
+ * @param [out] out     Buffer to put digest into.
+ */
+static WC_INLINE void wc_xmss_hash(XmssState* state, const byte* in,
+    word32 inlen, byte* out)
+{
+    int ret;
+    const XmssParams* params = state->params;
+
+#ifdef WC_XMSS_SHA256
+    /* Full SHA-256 digest. */
+    if ((params->hash == WC_HASH_TYPE_SHA256) &&
+            (params->n == WC_SHA256_DIGEST_SIZE)) {
+        ret = wc_Sha256Update(&state->digest.sha256, in, inlen);
+        if (ret == 0) {
+            ret = wc_Sha256Final(&state->digest.sha256, out);
+        }
+    }
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192
+    /* Partial SHA-256 digest. */
+    else if (params->hash == WC_HASH_TYPE_SHA256) {
+        byte buf[WC_SHA256_DIGEST_SIZE];
+        ret = wc_Sha256Update(&state->digest.sha256, in, inlen);
+        if (ret == 0) {
+            ret = wc_Sha256Final(&state->digest.sha256, buf);
+        }
+        if (ret == 0) {
+            XMEMCPY(out, buf, params->n);
+        }
+    }
+#endif
+    else
+#endif /* WC_XMSS_SHA256 */
+#ifdef WC_XMSS_SHA512
+    /* Full SHA-512 digest. */
+    if (params->hash == WC_HASH_TYPE_SHA512) {
+        ret = wc_Sha512Update(&state->digest.sha512, in, inlen);
+        if (ret == 0) {
+            ret = wc_Sha512Final(&state->digest.sha512, out);
+        }
+    }
+    else
+#endif /* WC_XMSS_SHA512 */
+#ifdef WC_XMSS_SHAKE128
+    /* Digest with SHAKE-128. */
+    if (params->hash == WC_HASH_TYPE_SHAKE128) {
+        ret = wc_Shake128_Update(&state->digest.shake, in, inlen);
+        if (ret == 0) {
+            ret = wc_Shake128_Final(&state->digest.shake, out, params->n);
+        }
+    }
+    else
+#endif /* WC_XMSS_SHAKE128 */
+#ifdef WC_XMSS_SHAKE256
+    /* Digest with SHAKE-256. */
+    if (params->hash == WC_HASH_TYPE_SHAKE256) {
+        ret = wc_Shake256_Update(&state->digest.shake, in, inlen);
+        if (ret == 0) {
+            ret = wc_Shake256_Final(&state->digest.shake, out, params->n);
+        }
+    }
+    else
+#endif /* WC_XMSS_SHAKE256 */
+    {
+        /* Unsupported digest function. */
+        ret = NOT_COMPILED_IN;
+    }
+
+    if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+}
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+#ifndef WC_XMSS_FULL_HASH
+/* Chain hashing.
+ *
+ * RFC 8391: 3.1.2, Algorithm 2: chain - Chaining Function
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM = PRF(SEED, ADRS);
+ *     tmp = F(KEY, tmp XOR BM);
+ *     return tmp;
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  tmp    Temporary buffer holding chain data.
+ * @param [in]  addr   Hash address as a byte array.
+ * @param [out] hash   Buffer to hold hash.
+ */
+static void wc_xmss_chain_hash_sha256_32(XmssState* state, const byte* tmp,
+    byte* addr, byte* hash)
+{
+    /* Offsets into chain hash data. */
+    byte* pad = state->buf;
+    byte* key = pad + XMSS_SHA256_32_PAD_LEN;
+    byte* bm = key + XMSS_SHA256_32_N;
+    int ret;
+
+    /* Calculate n-byte key - KEY. */
+    ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0;
+    /* Copy back state after first 64 bytes. */
+    XMSS_SHA256_STATE_RESTORE_DATA(state, addr, WC_XMSS_ADDR_LEN,
+        XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+    /* Calculate hash. */
+    ret = wc_Sha256Final(&state->digest.sha256, key);
+
+    if (ret == 0) {
+        /* Calculate n-byte bit mask - BM. */
+        addr[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm);
+    }
+
+    if (ret == 0) {
+        /* Function padding set in caller. */
+        xorbuf(bm, tmp, XMSS_SHA256_32_N);
+        ret = wc_Sha256Update(&state->digest.sha256, state->buf,
+             XMSS_CHAIN_HASH_DATA_LEN_SHA256_32);
+    }
+    if (ret == 0) {
+        /* Calculate the chain hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, hash);
+    }
+    if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+}
+#else
+/* Chain hashing.
+ *
+ * Padding, seed, addr for PRF set by caller into prf_buf.
+ *
+ * RFC 8391: 3.1.2, Algorithm 2: chain - Chaining Function
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM = PRF(SEED, ADRS);
+ *     tmp = F(KEY, tmp XOR BM);
+ *     return tmp;
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  tmp    Temporary buffer holding chain data.
+ * @param [out] out    Buffer to hold hash.
+ */
+static void wc_xmss_chain_hash_sha256_32(XmssState* state, const byte* tmp,
+    byte* hash)
+{
+    byte* addr = state->prf_buf + XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N;
+    /* Offsets into chain hash data. */
+    byte* pad = state->buf;
+    byte* key = pad + XMSS_SHA256_32_PAD_LEN;
+    byte* bm = key + XMSS_SHA256_32_N;
+
+    /* Calculate n-byte key - KEY. */
+    ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, key);
+    /* Calculate the n-byte mask. */
+    addr[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm);
+
+    /* Function padding set in caller. */
+    xorbuf(bm, tmp, XMSS_SHA256_32_N);
+    /* Calculate the chain hash. */
+    wc_xmss_hash(state, state->buf, XMSS_CHAIN_HASH_DATA_LEN_SHA256_32, hash);
+}
+#endif /* !WC_XMSS_FULL_HASH */
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+
+/* Chain hashing.
+ *
+ * Padding, seed, addr for PRF set by caller into prf_buf.
+ *
+ * RFC 8391: 3.1.2, Algorithm 2: chain - Chaining Function
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM = PRF(SEED, ADRS);
+ *     tmp = F(KEY, tmp XOR BM);
+ *     return tmp;
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  tmp    Temporary buffer holding chain data.
+ * @param [out] hash   Buffer to hold hash.
+ */
+static void wc_xmss_chain_hash(XmssState* state, const byte* tmp, byte* hash)
+{
+    const XmssParams* params = state->params;
+    byte* addr = state->prf_buf + params->pad_len + params->n;
+    /* Offsets into chain hash data. */
+    byte* pad = state->buf;
+    byte* key = pad + params->pad_len;
+    byte* bm = key + params->n;
+
+    /* Calculate n-byte key - KEY. */
+    ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN(params), key);
+    /* Calculate n-byte bit mask - BM. */
+    addr[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN(params), bm);
+
+    /* Function padding set in caller. */
+    xorbuf(bm, tmp, params->n);
+    /* Calculate the chain hash. */
+    wc_xmss_hash(state, state->buf, XMSS_CHAIN_HASH_DATA_LEN(params), hash);
+}
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+#ifndef WC_XMSS_FULL_HASH
+/* Randomized tree hashing.
+ *
+ * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM_0 = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(2);
+ *     BM_1 = PRF(SEED, ADRS);
+ *     return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1));
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  data   Input data.
+ * @param [in]  addr   Hash address.
+ * @param [out] hash   Buffer to hold hash.
+ */
+static void wc_xmss_rand_hash_sha256_32_prehash(XmssState* state,
+    const byte* data, HashAddress addr, byte* hash)
+{
+    int ret;
+    /* Offsets into rand hash data. */
+    byte* pad = state->buf;
+    byte* key = pad + XMSS_SHA256_32_PAD_LEN;
+    byte* bm0 = key + XMSS_SHA256_32_N;
+    byte* bm1 = bm0 + XMSS_SHA256_32_N;
+    byte addr_buf[WC_XMSS_ADDR_LEN];
+
+    addr[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+    /* Calculate n-byte key - KEY. */
+    XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+        XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+    /* Calculate hash. */
+    ret = wc_Sha256Final(&state->digest.sha256, key);
+
+    /* Calculate n-byte mask - BM_0. */
+    if (ret == 0) {
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm0);
+    }
+
+    /* Calculate n-byte mask - BM_1. */
+    if (ret == 0) {
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm1);
+    }
+
+    if (ret == 0) {
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, XMSS_SHA256_32_PAD_LEN);
+        /* XOR into bm0 and bm1. */
+        xorbuf(bm0, data, XMSS_SHA256_32_N * 2);
+        ret = wc_Sha256Update(&state->digest.sha256, state->buf,
+            XMSS_RAND_HASH_DATA_LEN_SHA256_32);
+    }
+    if (ret == 0) {
+        ret = wc_Sha256Final(&state->digest.sha256, hash);
+    }
+    if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+}
+#endif /* !WC_XMSS_FULL_HASH */
+
+/* Randomized tree hashing.
+ *
+ * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM_0 = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(2);
+ *     BM_1 = PRF(SEED, ADRS);
+ *     return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1));
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  data     Input data.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address.
+ * @param [out] hash     Buffer to hold hash.
+ */
+static void wc_xmss_rand_hash_sha256_32(XmssState* state, const byte* data,
+    const byte* pk_seed, HashAddress addr, byte* hash)
+{
+    byte* addr_buf = state->prf_buf + XMSS_SHA256_32_PAD_LEN +
+        XMSS_SHA256_32_N;
+    /* Offsets into rand hash data. */
+    byte* pad = state->buf;
+    byte* key = pad + XMSS_SHA256_32_PAD_LEN;
+    byte* bm0 = key + XMSS_SHA256_32_N;
+    byte* bm1 = bm0 + XMSS_SHA256_32_N;
+#ifndef WC_XMSS_FULL_HASH
+    int ret;
+
+    /* Encode padding byte for PRF. */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN);
+    /* Append public seed for PRF. */
+    XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed,
+        XMSS_SHA256_32_N);
+
+    /* Set key mask to initial value and append encoding. */
+    addr[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+    /* Calculate n-byte key - KEY. */
+    ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf,
+        XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N);
+    if (ret == 0) {
+        /* Copy state after first 64 bytes. */
+        XMSS_SHA256_STATE_CACHE(state);
+        /* Copy in remaining 32 bytes to buffer. */
+        XMSS_SHA256_SET_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, key);
+    }
+
+    /* Calculate n-byte mask - BM_0. */
+    if (ret == 0) {
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm0);
+    }
+
+    /* Calculate n-byte mask - BM_1. */
+    if (ret == 0) {
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm1);
+    }
+
+    if (ret == 0) {
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, XMSS_SHA256_32_PAD_LEN);
+        /* XOR into bm0 and bm1. */
+        xorbuf(bm0, data, 2 * XMSS_SHA256_32_N);
+        ret = wc_Sha256Update(&state->digest.sha256, state->buf,
+            XMSS_RAND_HASH_DATA_LEN_SHA256_32);
+    }
+    if (ret == 0) {
+        ret = wc_Sha256Final(&state->digest.sha256, hash);
+    }
+    if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+#else
+    /* Encode padding byte for PRF. */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN);
+    /* Append public seed for PRF. */
+    XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed,
+        XMSS_SHA256_32_N);
+
+    /* Set key mask to initial value and append encoding. */
+    addr[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+    /* Calculate n-byte key - KEY. */
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, key);
+    /* Calculate n-byte mask - BM_0. */
+    addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm0);
+    /* Calculate n-byte mask - BM_1. */
+    addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm1);
+
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_H, state->buf, XMSS_SHA256_32_PAD_LEN);
+    xorbuf(bm0, data, 2 * XMSS_SHA256_32_N);
+    wc_xmss_hash(state, state->buf, XMSS_RAND_HASH_DATA_LEN_SHA256_32, hash);
+#endif /* WC_XMSS_FULL_HASH */
+}
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+
+/* Randomized tree hashing.
+ *
+ * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM_0 = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(2);
+ *     BM_1 = PRF(SEED, ADRS);
+ *     return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1));
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  data     Input data.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address.
+ * @param [out] hash     Buffer to hold hash.
+ */
+static void wc_xmss_rand_hash(XmssState* state, const byte* data,
+    const byte* pk_seed, HashAddress addr, byte* hash)
+{
+    const XmssParams* params = state->params;
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+    if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+            (params->n == XMSS_SHA256_32_N) &&
+            (params->hash == WC_HASH_TYPE_SHA256)) {
+        wc_xmss_rand_hash_sha256_32(state, data, pk_seed, addr, hash);
+    }
+    else
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+    {
+        byte* addr_buf = state->prf_buf + params->pad_len + params->n;
+        /* Offsets into rand hash data. */
+        byte* pad = state->buf;
+        byte* key = pad + params->pad_len;
+        byte* bm0 = key + params->n;
+        byte* bm1 = bm0 + params->n;
+        const word32 len = params->pad_len + params->n + WC_XMSS_ADDR_LEN;
+
+        /* Encode padding byte for PRF. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, params->pad_len);
+        /* Append public seed for PRF. */
+        XMEMCPY(state->prf_buf + params->pad_len, pk_seed, params->n);
+
+        /* Set key mask to initial value and append encoding. */
+        addr[XMSS_ADDR_KEY_MASK] = 0;
+        wc_xmss_addr_encode(addr, addr_buf);
+
+        /* Calculate n-byte key - KEY. */
+        wc_xmss_hash(state, state->prf_buf, len, key);
+        /* Calculate n-byte mask - BM_0. */
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+        wc_xmss_hash(state, state->prf_buf, len, bm0);
+        /* Calculate n-byte mask - BM_1. */
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+        wc_xmss_hash(state, state->prf_buf, len, bm1);
+
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, params->pad_len);
+        xorbuf(bm0, data, 2 * params->n);
+        wc_xmss_hash(state, state->buf, params->pad_len + 3 * params->n,
+            hash);
+    }
+}
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) || defined(WOLFSSL_XMSS_VERIFY_ONLY)
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+/* Randomized tree hashing.
+ *
+ * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM_0 = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(2);
+ *     BM_1 = PRF(SEED, ADRS);
+ *     return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1));
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  left     First half of data.
+ * @param [in]  right    Second half of data.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address.
+ * @param [out] hash     Buffer to hold hash.
+ */
+static void wc_xmss_rand_hash_lr_sha256_32(XmssState* state, const byte* left,
+    const byte* right, const byte* pk_seed, HashAddress addr, byte* hash)
+{
+    byte* addr_buf = state->prf_buf + XMSS_SHA256_32_PAD_LEN +
+        XMSS_SHA256_32_N;
+    /* Offsets into rand hash data. */
+    byte* pad = state->buf;
+    byte* key = pad + XMSS_SHA256_32_PAD_LEN;
+    byte* bm0 = key + XMSS_SHA256_32_N;
+    byte* bm1 = bm0 + XMSS_SHA256_32_N;
+#ifndef WC_XMSS_FULL_HASH
+    int ret;
+
+    /* Encode padding byte for PRF. */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN);
+    /* Append public seed for PRF. */
+    XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed,
+        XMSS_SHA256_32_N);
+
+    /* Set key mask to initial value and append encoding. */
+    addr[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+    /* Calculate n-byte key - KEY. */
+    ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf,
+        XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N);
+    if (ret == 0) {
+        /* Copy state after first 64 bytes. */
+        XMSS_SHA256_STATE_CACHE(state);
+        /* Copy in remaining 32 bytes to buffer. */
+        XMSS_SHA256_SET_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, key);
+    }
+
+    /* Calculate n-byte mask - BM_0. */
+    if (ret == 0) {
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm0);
+    }
+
+    /* Calculate n-byte mask - BM_1. */
+    if (ret == 0) {
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+        /* Copy back state after first 64 bytes. */
+        XMSS_SHA256_STATE_RESTORE_DATA(state, addr_buf, WC_XMSS_ADDR_LEN,
+            XMSS_HASH_PRF_DATA_LEN_SHA256_32);
+        /* Calculate hash. */
+        ret = wc_Sha256Final(&state->digest.sha256, bm1);
+    }
+
+    if (ret == 0) {
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, XMSS_SHA256_32_PAD_LEN);
+        /* XOR into bm0 and bm1. */
+        XMEMCPY(state->prf_buf, left, XMSS_SHA256_32_N);
+        XMEMCPY(state->prf_buf + XMSS_SHA256_32_N, right, XMSS_SHA256_32_N);
+        xorbuf(bm0, state->prf_buf, 2 * XMSS_SHA256_32_N);
+        ret = wc_Sha256Update(&state->digest.sha256, state->buf,
+            XMSS_RAND_HASH_DATA_LEN_SHA256_32);
+    }
+    if (ret == 0) {
+        ret = wc_Sha256Final(&state->digest.sha256, hash);
+    }
+    if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+#else
+    /* Encode padding byte for PRF. */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, XMSS_SHA256_32_PAD_LEN);
+    /* Append public seed for PRF. */
+    XMEMCPY(state->prf_buf + XMSS_SHA256_32_PAD_LEN, pk_seed, XMSS_SHA256_32_N);
+
+    /* Set key mask to initial value and append encoding. */
+    addr[XMSS_ADDR_KEY_MASK] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+    /* Calculate n-byte key - KEY. */
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, key);
+    /* Calculate n-byte mask - BM_0. */
+    addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm0);
+    /* Calculate n-byte mask - BM_1. */
+    addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+    wc_xmss_hash(state, state->prf_buf, XMSS_HASH_PRF_DATA_LEN_SHA256_32, bm1);
+
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_H, state->buf, XMSS_SHA256_32_PAD_LEN);
+    XMEMCPY(state->prf_buf, left, XMSS_SHA256_32_N);
+    XMEMCPY(state->prf_buf + XMSS_SHA256_32_N, right, XMSS_SHA256_32_N);
+    xorbuf(bm0, state->prf_buf, 2 * XMSS_SHA256_32_N);
+    wc_xmss_hash(state, state->buf, XMSS_RAND_HASH_DATA_LEN_SHA256_32, hash);
+#endif /* WC_XMSS_FULL_HASH */
+}
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+/* Randomized tree hashing - left and right separate parameters.
+ *
+ * RFC 8391: 4.1.4, Algorithm 7: RAND_HASH
+ *     ...
+ *     ADRS.setKeyAndMask(0);
+ *     KEY = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(1);
+ *     BM_0 = PRF(SEED, ADRS);
+ *     ADRS.setKeyAndMask(2);
+ *     BM_1 = PRF(SEED, ADRS);
+ *     return H(KEY, (LEFT XOR BM_0) || (RIGHT XOR BM_1));
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  left     First half of data.
+ * @param [in]  right    Second half of data.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address.
+ * @param [out] hash     Buffer to hold hash.
+ */
+static void wc_xmss_rand_hash_lr(XmssState* state, const byte* left,
+    const byte* right, const byte* pk_seed, HashAddress addr, byte* hash)
+{
+    const XmssParams* params = state->params;
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+    if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+            (params->n == XMSS_SHA256_32_N) &&
+            (params->hash == WC_HASH_TYPE_SHA256)) {
+        wc_xmss_rand_hash_lr_sha256_32(state, left, right, pk_seed, addr, hash);
+    }
+    else
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+    {
+        byte* addr_buf = state->prf_buf + params->pad_len + params->n;
+        /* Offsets into rand hash data. */
+        byte* pad = state->buf;
+        byte* key = pad + params->pad_len;
+        byte* bm0 = key + params->n;
+        byte* bm1 = bm0 + params->n;
+        const word32 len = params->pad_len + params->n + WC_XMSS_ADDR_LEN;
+
+        /* Encode padding byte for PRF. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, state->prf_buf, params->pad_len);
+        /* Append public seed for PRF. */
+        XMEMCPY(state->prf_buf + params->pad_len, pk_seed, params->n);
+
+        /* Set key mask to initial value and append encoding. */
+        addr[XMSS_ADDR_KEY_MASK] = 0;
+        wc_xmss_addr_encode(addr, addr_buf);
+
+        /* Calculate n-byte key - KEY. */
+        wc_xmss_hash(state, state->prf_buf, len, key);
+        /* Calculate n-byte mask - BM_0. */
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 1;
+        wc_xmss_hash(state, state->prf_buf, len, bm0);
+        /* Calculate n-byte mask - BM_1. */
+        addr_buf[XMSS_ADDR_KEY_MASK * 4 + 3] = 2;
+        wc_xmss_hash(state, state->prf_buf, len, bm1);
+
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_H, pad, params->pad_len);
+        XMEMCPY(state->prf_buf, left, params->n);
+        XMEMCPY(state->prf_buf + params->n, right, params->n);
+        xorbuf(bm0, state->prf_buf, 2 * params->n);
+        wc_xmss_hash(state, state->buf, params->pad_len + 3 * params->n,
+            hash);
+    }
+}
+#endif /* !WOLFSSL_WC_XMSS_SMALL || WOLFSSL_XMSS_VERIFY_ONLY */
+
+/* Compute message hash from the random r, root, index and message.
+ *
+ * RFC 8391: 4.1.9, Algorithm 12: XMSS_sign
+ *    ...
+ *    byte[n] M' = H_msg(r || getRoot(SK) || (toByte(idx_sig, n)), M);
+ * RFC 8391: 5.1
+ *    H_msg: SHA2-256(toByte(2, 32) || KEY || M)
+ *    H_msg: SHA2-512(toByte(2, 64) || KEY || M)
+ *    H_msg: SHAKE128(toByte(2, 32) || KEY || M, 256)
+ *    H_msg: SHAKE256(toByte(2, 64) || KEY || M, 512)
+ *
+ * @param [in]  state     XMSS/MT state including digest and parameters.
+ * @param [in]  random    Random value of n bytes.
+ * @param [in]  root      Public root.
+ * @param [in]  idx       Buffer holding encoded index.
+ * @param [in]  idx_len   Length of encoded index in bytes.
+ * @param [in]  m         Message to hash.
+ * @param [in]  mlen      Length of message.
+ * @param [out] hash      Buffer to hold hash.
+ */
+static void wc_xmss_hash_message(XmssState* state, const byte* random,
+    const byte* root, const byte* idx, word8 idx_len, const byte* m,
+    word32 mlen, byte* hash)
+{
+    int ret;
+    const XmssParams* params = state->params;
+    word32 padKeyLen = params->pad_len + 3 * params->n;
+    /* Offsets into message hash data. */
+    byte* padKey = state->buf;
+    byte* pad = padKey;
+    byte* key = pad + params->pad_len;
+    byte* root_sk = key + params->n;
+    byte* idx_sig = root_sk + params->n;
+
+    /* Set prefix data before message. */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_HASH, pad, params->pad_len);
+    XMEMCPY(key, random, params->n);
+    XMEMCPY(root_sk, root, params->n);
+    XMEMSET(idx_sig, 0, params->n - idx_len);
+    XMEMCPY(idx_sig + params->n - idx_len, idx, idx_len);
+
+    /* Hash the padding and key first. */
+#ifdef WC_XMSS_SHA256
+    if (params->hash == WC_HASH_TYPE_SHA256) {
+        ret = wc_Sha256Update(&state->digest.sha256, padKey, padKeyLen);
+    }
+    else
+#endif /* WC_XMSS_SHA256 */
+#ifdef WC_XMSS_SHA512
+    if (params->hash == WC_HASH_TYPE_SHA512) {
+        ret = wc_Sha512Update(&state->digest.sha512, padKey, padKeyLen);
+    }
+    else
+#endif /* WC_XMSS_SHA512 */
+#ifdef WC_XMSS_SHAKE128
+    if (params->hash == WC_HASH_TYPE_SHAKE128) {
+        ret = wc_Shake128_Update(&state->digest.shake, padKey, padKeyLen);
+    }
+    else
+#endif /* WC_XMSS_SHAKE128 */
+#ifdef WC_XMSS_SHAKE256
+    if (params->hash == WC_HASH_TYPE_SHAKE256) {
+        ret = wc_Shake256_Update(&state->digest.shake, padKey, padKeyLen);
+    }
+    else
+#endif /* WC_XMSS_SHAKE256 */
+    {
+        /* Unsupported digest function. */
+        ret = NOT_COMPILED_IN;
+    }
+    if (ret == 0) {
+        /* Generate hash of message - M'. */
+        wc_xmss_hash(state, m, mlen, hash);
+    }
+    else if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+}
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+
+/* Compute PRF with key and message.
+ *
+ * RFC 8391: 5.1
+ *   PRF: SHA2-256(toByte(3, 32) || KEY || M)
+ *   PRF: SHA2-512(toByte(3, 64) || KEY || M)
+ *   PRF: SHAKE128(toByte(3, 32) || KEY || M, 256)
+ *   PRF: SHAKE256(toByte(3, 64) || KEY || M, 512)
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  key      Key used to derive pseudo-random from.
+ * @param [in]  m        32 bytes of data to derive pseudo-random from.
+ * @param [out] prf      Buffer to hold pseudo-random data.
+ */
+static void wc_xmss_prf(XmssState* state, const byte* key, const byte* m,
+    byte* prf)
+{
+    const XmssParams* params = state->params;
+    byte* pad = state->prf_buf;
+    byte* key_buf = pad + params->pad_len;
+    byte* m_buf = key_buf + params->n;
+
+    /* 00[0..pl-1] || 03 || key[0..n-1] || m[0..31] */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, params->pad_len);
+    XMEMCPY(key_buf, key, params->n);
+    XMEMCPY(m_buf, m, XMSS_PRF_M_LEN);
+
+    /* Hash the PRF data. */
+    wc_xmss_hash(state, state->prf_buf, params->pad_len + params->n +
+        XMSS_PRF_M_LEN, prf);
+}
+
+#ifdef XMSS_CALL_PRF_KEYGEN
+/* Compute PRF for keygen with key and message.
+ *
+ * NIST SP 800-208: 5.1, 5.2, 5.3, 5.4
+ *   PRFkeygen (KEY, M): SHA-256(toByte(4, 32) || KEY || M)
+ *   PRFkeygen (KEY, M): T192(SHA-256(toByte(4, 4) || KEY || M))
+ *   PRFkeygen (KEY, M): SHAKE256(toByte(4, 32) || KEY || M, 256)
+ *   PRFkeygen (KEY, M): SHAKE256(toByte(4, 4) || KEY || M, 192)
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  key      Key of n bytes used to derive pseudo-random from.
+ * @param [in]  m        n + 32 bytes of data to derive pseudo-random from.
+ * @param [out] prf      Buffer to hold pseudo-random data.
+ */
+static void wc_xmss_prf_keygen(XmssState* state, const byte* key,
+    const byte* m, byte* prf)
+{
+    const XmssParams* params = state->params;
+    byte* pad = state->prf_buf;
+    byte* key_buf = pad + params->pad_len;
+    byte* m_buf = key_buf + params->n;
+
+    /* 00[0..pl-1] || 04 || key[0..n-1] || m[0..n+31] */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF_KEYGEN, pad, params->pad_len);
+    XMEMCPY(key_buf, key, params->n);
+    XMEMCPY(m_buf, m, params->n + XMSS_PRF_M_LEN);
+
+    /* Hash the PRF keygen data. */
+    wc_xmss_hash(state, state->prf_buf, params->pad_len + 2 * params->n +
+        XMSS_PRF_M_LEN, prf);
+}
+#endif /* XMSS_CALL_PRF_KEYGEN */
+
+#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */
+
+/********************************************
+ * WOTS
+ ********************************************/
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+/* Expand private seed with PRF keygen.
+ *
+ * RFC 8391: 4.1.3
+ *   "the existence of a method getWOTS_SK(SK, i) is assumed"
+ * NIST SP 800-208: 7.2.1, Algorithm 10'
+ *     ...
+ *     for ( j=0; j < len; j++) {
+ *       ADRS.setChainAddress(j);
+ *       sk[j] = PRFkeygen(S_XMSS, SEED || ADRS);
+ *     }
+ *
+ * @param [in]  state     XMSS/MT state including digest and parameters.
+ * @param [in]  sk_seed   Buffer holding private seed.
+ * @param [in]  pk_seed   Random public seed.
+ * @param [in]  addr      Hash address as a byte array.
+ * @param [out] gen_seed  Buffer to hold seeds.
+ */
+static void wc_xmss_wots_get_wots_sk_sha256_32(XmssState* state,
+    const byte* sk_seed, const byte* pk_seed, byte* addr, byte* gen_seed)
+{
+    const XmssParams* params = state->params;
+    word32 i;
+    byte* pad = state->prf_buf;
+    byte* s_xmss = pad + XMSS_SHA256_32_PAD_LEN;
+    byte* seed = s_xmss + XMSS_SHA256_32_N;
+    byte* addr_buf = seed + XMSS_SHA256_32_N;
+    int ret;
+
+    ((word32*)addr)[XMSS_ADDR_CHAIN] = 0;
+    ((word32*)addr)[XMSS_ADDR_HASH] = 0;
+    ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0;
+
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF_KEYGEN, pad, XMSS_SHA256_32_PAD_LEN);
+    XMEMCPY(s_xmss, sk_seed, XMSS_SHA256_32_N);
+    XMEMCPY(seed, pk_seed, XMSS_SHA256_32_N);
+    XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN);
+
+#ifndef WC_XMSS_FULL_HASH
+    ret = wc_Sha256Update(&state->digest.sha256, pad, XMSS_SHA256_32_PAD_LEN +
+        XMSS_SHA256_32_N);
+    if (ret == 0) {
+        /* Copy state after first 64 bytes. */
+        XMSS_SHA256_STATE_CACHE(state);
+        ret = wc_Sha256Update(&state->digest.sha256, seed, XMSS_SHA256_32_N +
+            WC_XMSS_ADDR_LEN);
+    }
+    if (ret == 0) {
+        ret = wc_Sha256Final(&state->digest.sha256, gen_seed);
+    }
+    for (i = 1; (ret == 0) && (i < params->wots_len); i++) {
+        gen_seed += XMSS_SHA256_32_N;
+        addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+        XMSS_SHA256_STATE_RESTORE(state, 64);
+        ret = wc_Sha256Update(&state->digest.sha256, seed, XMSS_SHA256_32_N +
+            WC_XMSS_ADDR_LEN);
+        if (ret == 0) {
+            ret = wc_Sha256Final(&state->digest.sha256, gen_seed);
+        }
+    }
+#else
+    ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf,
+        XMSS_SHA256_32_PAD_LEN + 2 * XMSS_SHA256_32_N + WC_XMSS_ADDR_LEN);
+    if (ret == 0) {
+        ret = wc_Sha256Final(&state->digest.sha256, gen_seed);
+    }
+    for (i = 1; (ret == 0) && i < params->wots_len; i++) {
+        gen_seed += XMSS_SHA256_32_N;
+        addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+        ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf,
+            XMSS_SHA256_32_PAD_LEN + 2 * XMSS_SHA256_32_N + WC_XMSS_ADDR_LEN);
+        if (ret == 0) {
+            ret = wc_Sha256Final(&state->digest.sha256, gen_seed);
+        }
+    }
+#endif /*  WC_XMSS_FULL_HASH*/
+
+    if (state->ret == 0) {
+        /* Store any digest failures for public APIs to return. */
+        state->ret = ret;
+    }
+}
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+
+/* Expand private seed with PRF keygen.
+ *
+ * RFC 8391: 4.1.3
+ *   "the existence of a method getWOTS_SK(SK, i) is assumed"
+ * NIST SP 800-208: 7.2.1
+ *   Algorithm 10'
+ *     ...
+ *     for ( j=0; j < len; j++) {
+ *       ADRS.setChainAddress(j);
+ *       sk[j] = PRFkeygen(S_XMSS, SEED || ADRS);
+ *     }
+ *
+ * @param [in]  state     XMSS/MT state including digest and parameters.
+ * @param [in]  sk_seed   Buffer holding private seed.
+ * @param [in]  pk_seed   Random public seed.
+ * @param [in]  addr      Hash address as a byte array.
+ * @param [out] gen_seed  Buffer to hold seeds.
+ */
+static void wc_xmss_wots_get_wots_sk(XmssState* state, const byte* sk_seed,
+    const byte* pk_seed, byte* addr, byte* gen_seed)
+{
+    const XmssParams* params = state->params;
+    word32 i;
+#ifdef XMSS_CALL_PRF_KEYGEN
+    byte* seed = state->buf;
+    byte* addr_buf = seed + params->n;
+#else
+    byte* pad = state->prf_buf;
+    byte* s_xmss = pad + params->pad_len;
+    byte* seed = s_xmss + params->n;
+    byte* addr_buf = seed + params->n;
+    const word32 len = params->pad_len + params->n * 2 + WC_XMSS_ADDR_LEN;
+#endif /* XMSS_CALL_PRF_KEYGEN */
+
+    /* Ensure hash address fields are 0. */
+    ((word32*)addr)[XMSS_ADDR_CHAIN] = 0;
+    ((word32*)addr)[XMSS_ADDR_HASH] = 0;
+    ((word32*)addr)[XMSS_ADDR_KEY_MASK] = 0;
+
+#ifdef XMSS_CALL_PRF_KEYGEN
+    /* Copy the seed and address into PRF keygen message buffer. */
+    XMEMCPY(seed, pk_seed, params->n);
+    XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN);
+
+    wc_xmss_prf_keygen(state, sk_seed, state->buf, gen_seed);
+    for (i = 1; i < params->wots_len; i++) {
+        gen_seed += params->n;
+        addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+        wc_xmss_prf_keygen(state, sk_seed, state->buf, gen_seed);
+    }
+#else
+    /* Copy the PRF keygen fields into one buffer. */
+    XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF_KEYGEN, pad, params->pad_len);
+    XMEMCPY(s_xmss, sk_seed, params->n);
+    XMEMCPY(seed, pk_seed, params->n);
+    XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN);
+
+    /* Fill output with hashes of different chain hash addresses. */
+    wc_xmss_hash(state, state->prf_buf, len, gen_seed);
+    for (i = 1; i < params->wots_len; i++) {
+        gen_seed += params->n;
+        addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+        wc_xmss_hash(state, state->prf_buf, len, gen_seed);
+    }
+#endif /* XMSS_CALL_PRF_KEYGEN */
+}
+
+#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+/* Chain hashing to calculate node hash.
+ *
+ * RFC 8391: 3.1.2, Algorithm 2 - recursive.
+ * This function is an iterative version.
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  data     Initial data to hash.
+ * @param [in]  start    Starting hash value in hash address.
+ * @param [in]  steps    Size of step.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address as a byte array.
+ * @param [out] hash     Chained hash.
+ */
+static void wc_xmss_chain_sha256_32(XmssState* state, const byte* data,
+    unsigned int start, unsigned int steps, const byte* pk_seed, byte* addr,
+    byte* hash)
+{
+    if (steps > 0) {
+        word32 i;
+        byte* pad = state->prf_buf;
+        byte* seed = pad + XMSS_SHA256_32_PAD_LEN;
+#ifndef WC_XMSS_FULL_HASH
+        int ret;
+
+        /* Set data for PRF hash. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, XMSS_SHA256_32_PAD_LEN);
+        XMEMCPY(seed, pk_seed, XMSS_SHA256_32_N);
+
+        /* Hash first 64 bytes. */
+        ret = wc_Sha256Update(&state->digest.sha256, state->prf_buf,
+             XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N);
+        if (ret == 0) {
+            /* Copy state after first 64 bytes. */
+            XMSS_SHA256_STATE_CACHE(state);
+            /* Only do this once for all chain hash calls. */
+            XMSS_PAD_ENC(XMSS_HASH_PADDING_F, state->buf,
+                state->params->pad_len);
+
+            /* Set address. */
+            XMSS_ADDR_SET_BYTE(addr, XMSS_ADDR_HASH, start);
+            wc_xmss_chain_hash_sha256_32(state, data, addr, hash);
+            /* Iterate 'steps' calls to the hash function. */
+            for (i = start+1; i < (start+steps) && i < XMSS_WOTS_W; i++) {
+                addr[XMSS_ADDR_HASH * 4 + 3] = i;
+                wc_xmss_chain_hash_sha256_32(state, hash, addr, hash);
+            }
+        }
+        else if (state->ret == 0) {
+            /* Store any digest failures for public APIs to return. */
+            state->ret = ret;
+        }
+#else
+        const XmssParams* params = state->params;
+        byte* addr_buf = seed + XMSS_SHA256_32_N;
+
+        /* Set data for PRF hash. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, XMSS_SHA256_32_PAD_LEN);
+        XMEMCPY(seed, pk_seed, params->n);
+        XMEMCPY(addr_buf, addr, WC_XMSS_ADDR_LEN);
+
+        /* Only do this once for all chain hash calls. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_F, state->buf, params->pad_len);
+
+        /* Set address. */
+        XMSS_ADDR_SET_BYTE(addr_buf, XMSS_ADDR_HASH, start);
+        wc_xmss_chain_hash_sha256_32(state, data, hash);
+        /* Iterate 'steps' calls to the hash function. */
+        for (i = start+1; i < (start+steps) && i < XMSS_WOTS_W; i++) {
+            addr_buf[XMSS_ADDR_HASH * 4 + 3] = i;
+            wc_xmss_chain_hash_sha256_32(state, hash, hash);
+        }
+#endif /* !WC_XMSS_FULL_HASH */
+    }
+    else if (hash != data) {
+        XMEMCPY(hash, data, XMSS_SHA256_32_N);
+    }
+}
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+
+/* Chain hashing to calculate node hash.
+ *
+ * RFC 8391: 3.1.2, Algorithm 2 - recursive.
+ * This function is an iterative version.
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  data     Initial data to hash.
+ * @param [in]  start    Starting hash value in hash address.
+ * @param [in]  steps    Size of step.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address as a byte array.
+ * @param [out] hash     Chained hash.
+ */
+static void wc_xmss_chain(XmssState* state, const byte* data,
+    unsigned int start, unsigned int steps, const byte* pk_seed, byte* addr,
+    byte* hash)
+{
+    const XmssParams* params = state->params;
+
+    if (steps > 0) {
+        word32 i;
+        byte* pad = state->prf_buf;
+        byte* seed = pad + params->pad_len;
+        byte* addr_buf = seed + params->n;
+
+        /* Set data for PRF hash. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, pad, params->pad_len);
+        XMEMCPY(seed, pk_seed, params->n);
+        XMEMCPY(addr_buf, addr, 32);
+
+        /* Only do this once for all chain hash calls. */
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_F, state->buf, params->pad_len);
+
+        /* Set address. */
+        XMSS_ADDR_SET_BYTE(addr_buf, XMSS_ADDR_HASH, start);
+        wc_xmss_chain_hash(state, data, hash);
+        /* Iterate 'steps' calls to the hash function. */
+        for (i = start+1; i < (start+steps) && i < XMSS_WOTS_W; i++) {
+            addr_buf[XMSS_ADDR_HASH * 4 + 3] = i;
+            wc_xmss_chain_hash(state, hash, hash);
+        }
+    }
+    else if (hash != data) {
+        XMEMCPY(hash, data, params->n);
+    }
+}
+
+/* Convert base on message and add checksum.
+ *
+ * RFC 8391:, 2.6, Algorithm 1: base_w
+ *     int in = 0;
+ *     int out = 0;
+ *     unsigned int total = 0;
+ *     int bits = 0;
+ *     int consumed;
+ *
+ *     for ( consumed = 0; consumed < out_len; consumed++ ) {
+ *         if ( bits == 0 ) {
+ *             total = X[in];
+ *             in++;
+ *             bits += 8;
+ *         }
+ *         bits -= lg(w);
+ *         basew[out] = (total >> bits) AND (w - 1);
+ *         out++;
+ *     }
+ *     return basew;
+ *
+ * base_w implemented for w == 16 (lg(w) == 4).
+ *
+ * RFC 8391: 3.1.5, Algorithm 5:
+ *     ...
+ *     csum = 0;
+ *
+ *     # Convert message to base w
+ *     msg = base_w(M, w, len_1);
+ *     # Compute checksum
+ *     for ( i = 0; i < len_1; i++ ) {
+ *           csum = csum + w - 1 - msg[i];
+ *     }
+ *
+ *     # Convert csum to base w
+ *     csum = csum << ( 8 - ( ( len_2 * lg(w) ) % 8 ));
+ *     len_2_bytes = ceil( ( len_2 * lg(w) ) / 8 );
+ *     msg = msg || base_w(toByte(csum, len_2_bytes), w, len_2);
+ *
+ * len_1 == 8 * n / 4 = n * 2
+ * Implemented for len_2 == 3
+ *
+ * @param [in]  m      Message data.
+ * @param [in]  n      Number of bytes in hash.
+ * @param [out] msg    Message in new base.
+ */
+static void wc_xmss_msg_convert(const byte* m, word8 n, word8* msg)
+{
+    word8 i;
+    word16 csum = 0;
+
+    /* Split each full byte of m into two bytes of msg. */
+    for (i = 0; i < n; i++) {
+        msg[0] = m[i] >> 4;
+        msg[1] = m[i] & 0xf;
+        csum += XMSS_WOTS_W - 1 - msg[0];
+        csum += XMSS_WOTS_W - 1 - msg[1];
+        msg += 2;
+    }
+
+    /* Append checksum to message. (Maximum value: 1920 = 64 * 2 * 15) */
+    msg[0] = (csum >> 8)       ;
+    msg[1] = (csum >> 4) & 0x0f;
+    msg[2] = (csum     ) & 0x0f;
+}
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+
+/* WOTS+ generate public key with private seed.
+ *
+ * RFC 8391: 4.1.6, Algorithm 9:
+ *     ...
+ *     pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS);
+ * RFC 8391, 3.1.4, Algorithm 4: WOTS_genPK
+ *     ...
+ *     for ( i = 0; i < len; i++ ) {
+ *       ADRS.setChainAddress(i);
+ *       pk[i] = chain(sk[i], 0, w - 1, SEED, ADRS);
+ *     }
+ *     return pk;
+ *
+ * WOTS_genPK only used in Algorithm 9 and it is convenient to combine with
+ * getWOTS_SK due to parameter specific implementations.
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  sk     Random private seed.
+ * @param [in]  seed   Random public seed.
+ * @param [in]  addr   Hashing address.
+ * @param [out] pk     Public key.
+ */
+static void wc_xmss_wots_gen_pk(XmssState* state, const byte* sk,
+    const byte* seed, HashAddress addr, byte* pk)
+{
+    const XmssParams* params = state->params;
+    byte* addr_buf = state->encMsg;
+    word32 i;
+
+    /* Ensure chain address is 0 and encode into a buffer. */
+    addr[XMSS_ADDR_CHAIN] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+    if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+            (params->n == XMSS_SHA256_32_N) &&
+            (params->hash == WC_HASH_TYPE_SHA256)) {
+        /* Expand the private seed - getWOTS_SK */
+        wc_xmss_wots_get_wots_sk_sha256_32(state, sk, seed, addr_buf,
+            pk);
+
+        /* Calculate chain hash. */
+        wc_xmss_chain_sha256_32(state, pk, 0, XMSS_WOTS_W - 1, seed, addr_buf,
+            pk);
+        for (i = 1; i < params->wots_len; i++) {
+            pk += params->n;
+            addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+            wc_xmss_chain_sha256_32(state, pk, 0, XMSS_WOTS_W - 1, seed,
+                addr_buf, pk);
+        }
+    }
+    else
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+    {
+        /* Expand the private seed - getWOTS_SK */
+        wc_xmss_wots_get_wots_sk(state, sk, seed, addr_buf, pk);
+
+        /* Calculate chain hash. */
+        wc_xmss_chain(state, pk, 0, XMSS_WOTS_W - 1, seed, addr_buf, pk);
+        for (i = 1; i < params->wots_len; i++) {
+            pk += params->n;
+            addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+            wc_xmss_chain(state, pk, 0, XMSS_WOTS_W - 1, seed, addr_buf, pk);
+        }
+    }
+}
+/* Generate a signature from a privatge key and message.
+ *
+ * RFC 8391: 4.1.9, Algorithm 11: treeSig
+ *     sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig),
+ *                         M', getSEED(SK), ADRS);
+ * RFC 8391: 3.1.5, Algorithm 5: WOTS_sign
+ *     (Convert message to base w and append checksum in base w)
+ *     ...
+ *     for ( i = 0; i < len; i++ ) {
+ *          ADRS.setChainAddress(i);
+ *          sig[i] = chain(sk[i], 0, msg[i], SEED, ADRS);
+ *     }
+ *     return sig;
+ *
+ * WOTS_sign only used in Algorithm 11 and convenient to do getWOTS_SK due to
+ * hash address reuse and parameter specific implementations.
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  m      Message hash to sign.
+ * @param [in]  sk     Random private seed.
+ * @param [in]  seed   Random public seed.
+ * @param [in]  addr   Hashing address.
+ * @param [out] sig    Calculated XMSS/MT signature.
+ */
+static void wc_xmss_wots_sign(XmssState* state, const byte* m,
+    const byte* sk, const byte* seed, HashAddress addr, byte* sig)
+{
+    const XmssParams* params = state->params;
+    byte* addr_buf = state->pk;
+    word32 i;
+
+    /* Convert message to base w and append checksum in base w. */
+    wc_xmss_msg_convert(m, params->n, state->encMsg);
+
+    /* Set initial chain value and encode hash address. */
+    addr[XMSS_ADDR_CHAIN] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+    if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+            (params->n == XMSS_SHA256_32_N) &&
+            (params->hash == WC_HASH_TYPE_SHA256)) {
+        /* Expand the private seed - getWOTS_SK */
+        wc_xmss_wots_get_wots_sk_sha256_32(state, sk, seed, addr_buf, sig);
+
+        /* Calculate chain hash. */
+        wc_xmss_chain_sha256_32(state, sig, 0, state->encMsg[0], seed, addr_buf,
+            sig);
+        for (i = 1; i < params->wots_len; i++) {
+            sig += params->n;
+            addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+            wc_xmss_chain_sha256_32(state, sig, 0, state->encMsg[i], seed,
+                addr_buf, sig);
+        }
+    }
+    else
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+    {
+        /* Expand the private seed - getWOTS_SK */
+        wc_xmss_wots_get_wots_sk(state, sk, seed, addr_buf, sig);
+
+       /* Calculate chain hash. */
+        wc_xmss_chain(state, sig, 0, state->encMsg[0], seed, addr_buf, sig);
+        for (i = 1; i < params->wots_len; i++) {
+            sig += params->n;
+            addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+            wc_xmss_chain(state, sig, 0, state->encMsg[i], seed, addr_buf, sig);
+        }
+    }
+}
+
+#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */
+
+/* Compute WOTS+ public key value from signature and message.
+ *
+ * RFC 8319: 3.1.6
+ *   Algorithm 6: WOTS_pkFromSig
+ *     (Convert message to base w and append checksum in base w)
+ *     ...
+ *     for ( i = 0; i < len; i++ ) {
+ *          ADRS.setChainAddress(i);
+ *          tmp_pk[i] = chain(sig[i], msg[i], w - 1 - msg[i], SEED, ADRS);
+ *     }
+ *     return tmp_pk;
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  sig    XMSS/MT Signature.
+ * @param [in]  m      Message to verify.
+ * @param [in]  seed   Random public seed.
+ * @param [in]  addr   Hashing address.
+ * @param [out] pk     Public key.
+ */
+static void wc_xmss_wots_pk_from_sig(XmssState* state, const byte* sig,
+    const byte* m, const byte* seed, HashAddress addr, byte* pk)
+{
+    const XmssParams* params = state->params;
+    byte* addr_buf = state->stack;
+    word32 i;
+
+    /* Convert message to base w and append checksum in base w. */
+    wc_xmss_msg_convert(m, params->n, state->encMsg);
+
+    /* Start with address with chain value of 0. */
+    addr[XMSS_ADDR_CHAIN] = 0;
+    wc_xmss_addr_encode(addr, addr_buf);
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256)
+    if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+            (params->n == XMSS_SHA256_32_N) &&
+            (params->hash == WC_HASH_TYPE_SHA256)) {
+        /* Calculate chain hash. */
+        wc_xmss_chain_sha256_32(state, sig, state->encMsg[0],
+            XMSS_WOTS_W - 1 - state->encMsg[0], seed, addr_buf, pk);
+        for (i = 1; i < params->wots_len; i++) {
+            sig += params->n;
+            pk += params->n;
+            /* Update chain. */
+            addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+            wc_xmss_chain_sha256_32(state, sig, state->encMsg[i],
+                XMSS_WOTS_W - 1 - state->encMsg[i], seed, addr_buf, pk);
+        }
+    }
+    else
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 */
+    {
+        /* Calculate chain hash. */
+        wc_xmss_chain(state, sig, state->encMsg[0],
+            XMSS_WOTS_W - 1 - state->encMsg[0], seed, addr_buf, pk);
+        for (i = 1; i < params->wots_len; i++) {
+            sig += params->n;
+            pk += params->n;
+            /* Update chain. */
+            addr_buf[XMSS_ADDR_CHAIN * 4 + 3] = i;
+            wc_xmss_chain(state, sig, state->encMsg[i],
+                XMSS_WOTS_W - 1 - state->encMsg[i], seed, addr_buf, pk);
+        }
+    }
+}
+
+/********************************************
+ * L-TREE - unbalanced binary hash tree
+ ********************************************/
+
+/* Compute leaves of L-tree from WOTS+ public key and compress to single value.
+ *
+ * RFC 8391: 4.1.5, Algorithm 8: ltree
+ *     unsigned int len' = len;
+ *     ADRS.setTreeHeight(0);
+ *     while ( len' > 1 ) {
+ *       for ( i = 0; i < floor(len' / 2); i++ ) {
+ *         ADRS.setTreeIndex(i);
+ *         pk[i] = RAND_HASH(pk[2i], pk[2i + 1], SEED, ADRS);
+ *       }
+ *       if ( len' % 2 == 1 ) {
+ *         pk[floor(len' / 2)] = pk[len' - 1];
+ *       }
+ *       len' = ceil(len' / 2);
+ *       ADRS.setTreeHeight(ADRS.getTreeHeight() + 1);
+ *     }
+ *     return pk[0];
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  pk     WOTS+ public key.
+ * @param [in]  seed   Random public seed.
+ * @param [in]  addr   Hashing address.
+ * @param [out] pk0    N-byte compressed public key value pk[0].
+ */
+static void wc_xmss_ltree(XmssState* state, byte* pk, const byte* seed,
+    HashAddress addr, byte* pk0)
+{
+    const XmssParams* params = state->params;
+    word8 len = params->wots_len;
+    word32 h = 0;
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \
+    !defined(WC_XMSS_FULL_HASH)
+    /* Precompute hash state after first 64 bytes (common to all hashes). */
+    if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+            (params->n == XMSS_SHA256_32_N) &&
+            (params->hash == WC_HASH_TYPE_SHA256)) {
+        byte* prf_buf = state->prf_buf;
+        int ret;
+
+        XMSS_PAD_ENC(XMSS_HASH_PADDING_PRF, prf_buf, XMSS_SHA256_32_PAD_LEN);
+        XMEMCPY(prf_buf + XMSS_SHA256_32_PAD_LEN, seed, XMSS_SHA256_32_N);
+
+        ret = wc_Sha256Update(&state->digest.sha256, prf_buf,
+            XMSS_SHA256_32_PAD_LEN + XMSS_SHA256_32_N);
+        if (ret == 0) {
+            /* Copy state after first 64 bytes. */
+            XMSS_SHA256_STATE_CACHE(state);
+        }
+        else if (state->ret == 0) {
+            /* Store any digest failures for public APIs to return. */
+            state->ret = ret;
+        }
+    }
+#endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 && !WC_XMSS_FULL_HASH */
+    while (len > 1) {
+        word8 i;
+        word8 len2 = len >> 1;
+
+        addr[XMSS_ADDR_TREE_HEIGHT] = h++;
+
+        for (i = 0; i < len2; i++) {
+            addr[XMSS_ADDR_TREE_INDEX] = i;
+        #if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \
+            !defined(WC_XMSS_FULL_HASH)
+            if ((params->pad_len == XMSS_SHA256_32_PAD_LEN) &&
+                    (params->n == XMSS_SHA256_32_N) &&
+                    (params->hash == WC_HASH_TYPE_SHA256)) {
+                wc_xmss_rand_hash_sha256_32_prehash(state,
+                    pk + i * 2 * XMSS_SHA256_32_N, addr,
+                    pk + i * XMSS_SHA256_32_N);
+            }
+            else
+        #endif /* !WOLFSSL_WC_XMSS_SMALL && WC_XMSS_SHA256 &&
+                * !WC_XMSS_FULL_HASH */
+            {
+                wc_xmss_rand_hash(state, pk + i * 2 * params->n,
+                    seed, addr, pk + i * params->n);
+            }
+        }
+        if (len & 1) {
+            XMEMCPY(pk + len2 * params->n, pk + (len - 1) * params->n,
+                params->n);
+        }
+        len = len2 + (len & 1);
+    }
+    /* Return compressed public key value pk[0]. */
+    XMEMCPY(pk0, pk, params->n);
+}
+
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+
+#ifdef WOLFSSL_WC_XMSS_SMALL
+
+/********************************************
+ * TREE HASH
+ ********************************************/
+
+#ifndef WOLFSSL_SMALL_STACK
+/* Compute internal nodes of Merkle tree.
+ *
+ * Implementation always starts at index 0. (s = 0)
+ *
+ * Build authentication path, if required, rather than duplicating work.
+ * When node is generated, copy out to authentication path array of nodes.
+ *
+ * RFC 8391: 4.1.6, Algorithm 9: treeHash
+ *     if( s % (1 << t) != 0 ) return -1;
+ *     for ( i = 0; i < 2^t; i++ ) {
+ *       SEED = getSEED(SK);
+ *       ADRS.setType(0);   # Type = OTS hash address
+ *       ADRS.setOTSAddress(s + i);
+ *       pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS);
+ *       ADRS.setType(1);   # Type = L-tree address
+ *       ADRS.setLTreeAddress(s + i);
+ *       node = ltree(pk, SEED, ADRS);
+ *       ADRS.setType(2);   # Type = hash tree address
+ *       ADRS.setTreeHeight(0);
+ *       ADRS.setTreeIndex(i + s);
+ *       while ( Top node on Stack has same height t' as node ) {
+ *          ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2);
+ *          node = RAND_HASH(Stack.pop(), node, SEED, ADRS);
+ *          ADRS.setTreeHeight(ADRS.getTreeHeight() + 1);
+ *       }
+ *       Stack.push(node);
+ *     }
+ *     return Stack.pop();
+ * RFC 8391: 4.1.9, (Example) buildAuth
+ *     for ( j = 0; j < h; j++ ) {
+ *       k = floor(i / (2^j)) XOR 1;
+ *       auth[j] = treeHash(SK, k * 2^j, j, ADRS);
+ *     }
+ *
+ * @param [in]  state         XMSS/MT state including digest and parameters.
+ * @param [in]  sk_seed       Random private seed.
+ * @param [in]  pk_seed       Random public seed.
+ * @param [in]  leafIdx       Index of lead node.
+ * @param [in]  subtree_addr  Address of subtree.
+ * @param [out] root          Root node of the tree.
+ * @param [out] auth_path     Nodes of the authentication path.
+ */
+static void wc_xmss_treehash(XmssState* state, const byte* sk_seed,
+    const byte* pk_seed, word32 leafIdx, const word32* subtree, byte* root,
+    byte* auth_path)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    byte* node = state->stack;
+    HashAddress ots;
+    HashAddress ltree;
+    HashAddress tree;
+    word8 height[WC_XMSS_MAX_TREE_HEIGHT + 1];
+    word8 offset = 0;
+    word32 max = (word32)1 << params->sub_h;
+    word32 i;
+
+    /* Copy hash address into one for each purpose.  */
+    XMSS_ADDR_OTS_SET_SUBTREE(ots, subtree);
+    XMSS_ADDR_LTREE_SET_SUBTREE(ltree, subtree);
+    XMSS_ADDR_TREE_SET_SUBTREE(tree, subtree);
+
+    for (i = 0; i < max; i++) {
+        word8 h;
+
+        /* Calculate WOTS+ public key. */
+        ots[XMSS_ADDR_OTS] = i;
+        wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, ots, state->pk);
+        /* Calculate public value. */
+        ltree[XMSS_ADDR_LTREE] = i;
+        wc_xmss_ltree(state, state->pk, pk_seed, ltree, node);
+
+        /* Initial height at this offset is 0. */
+        h = height[offset] = 0;
+        /* Copy node, at height 0, out if on authentication path. */
+        if ((auth_path != NULL) && ((leafIdx ^ 0x1) == i)) {
+            XMEMCPY(auth_path, node, n);
+        }
+
+        /* Top node on Stack has same height t' as node. */
+        while ((offset >= 1) && (h == height[offset - 1])) {
+            word32 tree_idx = i >> (h + 1);
+
+            node -= n;
+            /* Calculate hash of node. */
+            tree[XMSS_ADDR_TREE_HEIGHT] = h;
+            tree[XMSS_ADDR_TREE_INDEX] = tree_idx;
+            wc_xmss_rand_hash(state, node, pk_seed, tree, node);
+
+            /* Update offset and height. */
+            offset--;
+            h = ++height[offset];
+
+            /* Copy node out if on authentication path. */
+            if ((auth_path != NULL) && (((leafIdx >> h) ^ 0x1) == tree_idx)) {
+                XMEMCPY(auth_path + h * n, node, n);
+            }
+        }
+        offset++;
+        node += n;
+    }
+
+    /* Copy the root node. */
+    XMEMCPY(root, state->stack, n);
+}
+#else
+/* Compute internal nodes of Merkle tree.
+ *
+ * Implementation always starts at index 0. (s = 0)
+ *
+ * Build authentication path, if required, rather than duplicating work.
+ * When node is generated, copy out to authentication path array of nodes.
+ *
+ * RFC 8391: 4.1.6, Algorithm 9: treeHash
+ *     if( s % (1 << t) != 0 ) return -1;
+ *     for ( i = 0; i < 2^t; i++ ) {
+ *       SEED = getSEED(SK);
+ *       ADRS.setType(0);   # Type = OTS hash address
+ *       ADRS.setOTSAddress(s + i);
+ *       pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS);
+ *       ADRS.setType(1);   # Type = L-tree address
+ *       ADRS.setLTreeAddress(s + i);
+ *       node = ltree(pk, SEED, ADRS);
+ *       ADRS.setType(2);   # Type = hash tree address
+ *       ADRS.setTreeHeight(0);
+ *       ADRS.setTreeIndex(i + s);
+ *       while ( Top node on Stack has same height t' as node ) {
+ *          ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2);
+ *          node = RAND_HASH(Stack.pop(), node, SEED, ADRS);
+ *          ADRS.setTreeHeight(ADRS.getTreeHeight() + 1);
+ *       }
+ *       Stack.push(node);
+ *     }
+ *     return Stack.pop();
+ * RFC 8391: 4.1.9, (Example) buildAuth
+ *     for ( j = 0; j < h; j++ ) {
+ *       k = floor(i / (2^j)) XOR 1;
+ *       auth[j] = treeHash(SK, k * 2^j, j, ADRS);
+ *     }
+ *
+ * @param [in]  state         XMSS/MT state including digest and parameters.
+ * @param [in]  sk_seed       Random private seed.
+ * @param [in]  pk_seed       Random public seed.
+ * @param [in]  leafIdx       Index of lead node.
+ * @param [in]  subtree_addr  Address of subtree.
+ * @param [out] root          Root node of the tree.
+ * @param [out] auth_path     Nodes of the authentication path.
+ */
+static void wc_xmss_treehash(XmssState* state, const byte* sk_seed,
+    const byte* pk_seed, word32 leafIdx, const word32* subtree, byte* root,
+    byte* auth_path)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    byte* node = state->stack;
+    HashAddress addr;
+    word8 height[WC_XMSS_MAX_TREE_HEIGHT + 1];
+    word8 offset = 0;
+    word32 max = (word32)1 << params->sub_h;
+    word32 i;
+
+    XMSS_ADDR_SET_SUBTREE(addr, subtree, 0);
+
+    for (i = 0; i < max; i++) {
+        word8 h;
+
+        /* Calculate WOTS+ public key. */
+        addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+        addr[XMSS_ADDR_LTREE] = i;
+        wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addr, state->pk);
+        /* Calculate public value. */
+        addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE;
+        wc_xmss_ltree(state, state->pk, pk_seed, addr, node);
+        addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE;
+        addr[XMSS_ADDR_TREE_ZERO] = 0;
+
+        /* Initial height at this offset is 0. */
+        h = height[offset] = 0;
+        /* Copy node out if on authentication path. */
+        if ((auth_path != NULL) && ((leafIdx ^ 0x1) == i)) {
+            XMEMCPY(auth_path, node, n);
+        }
+
+        /* Top node on Stack has same height t' as node. */
+        while ((offset >= 1) && (h == height[offset - 1])) {
+            word32 tree_idx = i >> (h + 1);
+
+            node -= n;
+            /* Calculate hash of node. */
+            addr[XMSS_ADDR_TREE_HEIGHT] = h;
+            addr[XMSS_ADDR_TREE_INDEX] = tree_idx;
+            wc_xmss_rand_hash(state, node, pk_seed, addr, node);
+
+            /* Update offset and height. */
+            offset--;
+            h = ++height[offset];
+
+            /* Copy node out if on authentication path. */
+            if ((auth_path != NULL) && (((leafIdx >> h) ^ 0x1) == tree_idx)) {
+                XMEMCPY(auth_path + h * n, node, n);
+            }
+        }
+        offset++;
+        node += n;
+        /* Reset hash address ready for use as OTS and LTREE. */
+        addr[XMSS_ADDR_TREE_HEIGHT] = 0;
+        addr[XMSS_ADDR_TREE_INDEX] = 0;
+    }
+
+    /* Copy the root node. */
+    XMEMCPY(root, state->stack, n);
+}
+#endif /* !WOLFSSL_SMALL_STACK */
+
+/********************************************
+ * MAKE KEY
+ ********************************************/
+
+/* Derives XMSSMT (and XMSS) key pair from seeds.
+ *
+ * RFC 8391: 4.1.7, Algorithm 10: XMSS_keyGen.
+ *     ...
+ *     initialize SK_PRF with a uniformly random n-byte string;
+ *     setSK_PRF(SK, SK_PRF);
+ *
+ *     # Initialization for common contents
+ *     initialize SEED with a uniformly random n-byte string;
+ *     setSEED(SK, SEED);
+ *     setWOTS_SK(SK, wots_sk));
+ *     ADRS = toByte(0, 32);
+ *     root = treeHash(SK, 0, h, ADRS);
+ *
+ *     SK = idx || wots_sk || SK_PRF || root || SEED;
+ *     PK = OID || root || SEED;
+ *     return (SK || PK);
+ *
+ * wots_sk, SK_PRF and SEED passed in as seed.
+ * Store seed for wots_sk instead of generated wots_sk.
+ * OID not stored in PK this is handled in upper layer.
+ *
+ * @param [in]  state   XMSS/MT state including digest and parameters.
+ * @param [in]  seed    Random seeds.
+ * @param [out] sk      Secret/Private key.
+ * @param [out] pk      Public key.
+ * @return  0 on success.
+ * @return  <0 on digest failure.
+ */
+int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
+    unsigned char* sk, unsigned char* pk)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const byte* seed_priv = seed;
+    const byte* seed_pub  = seed + 2 * n;
+    /* Offsets into secret/private key. */
+    byte* sk_idx  = sk;
+    byte* sk_seed = sk_idx + params->idx_len;
+    byte* sk_pub  = sk_seed + 2 * n;
+    /* Offsets into public key. */
+    byte* pk_root = pk;
+    byte* pk_seed = pk_root + n;
+
+    /* Set first index to 0 in private key. */
+    XMEMSET(sk_idx, 0, params->idx_len);
+    /* Set private key seed and private key for PRF in to private key. */
+    XMEMCPY(sk_seed, seed_priv, 2 * n);
+    /* Set public key seed into public key. */
+    XMEMCPY(pk_seed, seed_pub, n);
+
+    /* Set all address values to zero. */
+    XMEMSET(state->addr, 0, sizeof(HashAddress));
+    /* Set depth into address. */
+    state->addr[XMSS_ADDR_LAYER] = params->d - 1;
+    /* Compute root node into public key. */
+    wc_xmss_treehash(state, sk_seed, pk_seed, 0, state->addr, pk_root, NULL);
+
+    /* Append public key (root node and public seed) to private key. */
+    XMEMCPY(sk_pub, pk_root, 2 * n);
+
+    /* Return any errors that occurred during hashing. */
+    return state->ret;
+}
+
+/********************************************
+ * SIGN
+ ********************************************/
+
+/**
+ * Sign message using XMSS/XMSS^MT.
+ *
+ * RFC 8391: 4.1.9, Algorithm 11: treeSig
+ *     auth = buildAuth(SK, idx_sig, ADRS);
+ *     ADRS.setType(0);   # Type = OTS hash address
+ *     ADRS.setOTSAddress(idx_sig);
+ *     sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig),
+ *                         M', getSEED(SK), ADRS);
+ *     Sig = sig_ots || auth;
+ *     return Sig;
+ * RFC 8391: 4.2.4, Algorithm 16: XMSSMT_sign
+ *     # Init
+ *     ADRS = toByte(0, 32);
+ *     SEED = getSEED(SK_MT);
+ *     SK_PRF = getSK_PRF(SK_MT);
+ *     idx_sig = getIdx(SK_MT);
+ *
+ *     # Update SK_MT
+ *     setIdx(SK_MT, idx_sig + 1);
+ *
+ *     # Message compression
+ *     byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32));
+ *     byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M);
+ *
+ *     # Sign
+ *     Sig_MT = idx_sig;
+ *     unsigned int idx_tree
+ *                   = (h - h / d) most significant bits of idx_sig;
+ *     unsigned int idx_leaf = (h / d) least significant bits of idx_sig;
+ *     SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, 0) || SK_PRF
+ *           || toByte(0, n) || SEED;
+ *     ADRS.setLayerAddress(0);
+ *     ADRS.setTreeAddress(idx_tree);
+ *     Sig_tmp = treeSig(M', SK, idx_leaf, ADRS);
+ *     Sig_MT = Sig_MT || r || Sig_tmp;
+ *     for ( j = 1; j < d; j++ ) {
+ *        root = treeHash(SK, 0, h / d, ADRS);
+ *        idx_leaf = (h / d) least significant bits of idx_tree;
+ *        idx_tree = (h - j * (h / d)) most significant bits of idx_tree;
+ *        SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, j) || SK_PRF
+ *               || toByte(0, n) || SEED;
+ *        ADRS.setLayerAddress(j);
+ *        ADRS.setTreeAddress(idx_tree);
+ *        Sig_tmp = treeSig(root, SK, idx_leaf, ADRS);
+ *        Sig_MT = Sig_MT || Sig_tmp;
+ *     }
+ *     return SK_MT || Sig_MT
+ *
+ * buildAuth from treeSig done inside treeHash as this is more efficient.
+ *
+ * @param [in]      state   XMSS/MT state including digest and parameters.
+ * @param [in]      m       Buffer holding message.
+ * @param [in]      mlen    Length of message in buffer.
+ * @param [in, out] sk      Secret/Private key.
+ * @param [out]     sig     Signature.
+ * @return  0 on success.
+ * @return  <0 on digest failure.
+ */
+int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
+    unsigned char* sk, unsigned char* sig)
+{
+    int ret = 0;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 hs = params->sub_h;
+    const word16 hsn = (word16)hs * n;
+    const byte* sk_seed = sk + params->idx_len;
+    const byte* pk_seed = sk + params->idx_len + 3 * n;
+    wc_Idx idx;
+    byte* sig_r = sig + params->idx_len;
+    byte root[WC_XMSS_MAX_N];
+    unsigned int i;
+
+    WC_IDX_ZERO(idx);
+    /* Set all address values to zero and set type to OTS. */
+    XMEMSET(state->addr, 0, sizeof(HashAddress));
+    state->addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+
+    /* Copy the index into the signature data: Sig_MT = idx_sig. */
+    XMEMCPY(sig, sk, params->idx_len);
+
+    /* Read index from the secret key. */
+    WC_IDX_DECODE(idx, params->idx_len, sk, ret);
+    /* Validate index in secret key. */
+    if ((ret == 0) && (WC_IDX_INVALID(idx, params->idx_len, params->h))) {
+        /* Set index to maximum value to distinguish from valid value. */
+        XMEMSET(sk, 0xFF, params->idx_len);
+        /* Zeroize the secret key. */
+        ForceZero(sk + params->idx_len, params->sk_len - params->idx_len);
+        ret = KEY_EXHAUSTED_E;
+    }
+
+    /* Update SK_MT */
+    if (ret == 0) {
+        /* Increment the index in the secret key. */
+        wc_idx_update(sk, params->idx_len);
+    }
+
+    /* Message compression */
+    if (ret == 0) {
+        const byte* sk_prf = sk + params->idx_len + n;
+
+        /* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */
+        wc_idx_copy(sig, params->idx_len, state->buf, XMSS_PRF_M_LEN);
+        wc_xmss_prf(state, sk_prf, state->buf, sig_r);
+        ret = state->ret;
+    }
+    if (ret == 0) {
+        const byte* pub_root = sk + params->idx_len + 2 * n;
+        /* byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M);
+         */
+        wc_xmss_hash_message(state, sig_r, pub_root, sig, params->idx_len, m,
+            mlen, root);
+        ret = state->ret;
+        /* Place WOTS+ signatures after index and 'r'. */
+        sig += params->idx_len + n;
+    }
+
+    /* Sign. */
+    for (i = 0; (ret == 0) && (i < params->d); i++) {
+        word32 idx_leaf = 0;
+
+        /* Set layer, tree and OTS leaf index into hash address. */
+        state->addr[XMSS_ADDR_LAYER] = i;
+        WC_IDX_SET_ADDR_TREE(idx, params->idx_len, hs, state->addr, idx_leaf);
+        /* treeSig || treeHash = sig_ots || auth */
+        state->addr[XMSS_ADDR_OTS] = idx_leaf;
+        /*   Create WOTS+ signature for tree into signature (sig_ots). */
+        wc_xmss_wots_sign(state, root, sk_seed, pk_seed, state->addr, sig);
+        ret = state->ret;
+        if (ret == 0) {
+            sig += params->wots_sig_len;
+            /*   Add authentication path (auth) and calc new root. */
+            wc_xmss_treehash(state, sk_seed, pk_seed, idx_leaf, state->addr,
+                root, sig);
+            ret = state->ret;
+            sig += hsn;
+        }
+    }
+
+    return ret;
+}
+
+#else
+
+/********************************************
+ * Fast C implementation
+ ********************************************/
+
+/* Tree hash data - needs to be unpacked from binary. */
+typedef struct TreeHash {
+    /* Next index to update in tree - max 20 bits. */
+    word32 nextIdx;
+    /* Number of stack entries used by tree - 0..<subtree height>. */
+    word8  used;
+    /* Tree is finished. */
+    word8  completed;
+} TreeHash;
+
+/* BDS state. */
+typedef struct BdsState {
+    /* Stack of nodes - subtree height + 1 nodes. */
+    byte*     stack;
+    /* Height of stack node - subtree height + 1 of 0..<subtree height - 1>. */
+    byte*     height;
+    /* Authentication path for next index - subtree height nodes. */
+    byte*     authPath;
+    /* Hashes of nodes kept - subtree height / 2 nodes. */
+    byte*     keep;
+    /* Tree hash instances - subtree height minus K instances. */
+    byte*     treeHash;
+    /* Hashes of nodes for tree hash - one for each tree hash instance. */
+    byte*     treeHashNode;
+    /* Hashes of nodes to retain - based on K parameter. */
+    byte*     retain;
+    /* Next leaf to calculate - max 20 bits. */
+    word32    next;
+    /* Current offset into stack - 0..<subtree height>. */
+    word8     offset;
+} BdsState;
+
+/* Index to BDS state accounting for swapping.
+ *
+ * @param [in] idx  Index of node.
+ * @param [in] i    Depth of tree.
+ * @param [in] hs   Height of subtree.
+ * @param [in] d    Depth/number of trees.
+ * @return  Index of working BDS state.
+ */
+#define BDS_IDX(idx, i, hs, d)      \
+    (((((idx) >> ((hs) * ((i) + 1))) & 1) == 0) ? (i) : ((d) + (i)))
+/* Index to alternate BDS state accounting for swapping.
+ *
+ * @param [in] idx  Index of node.
+ * @param [in] i    Depth of tree.
+ * @param [in] hs   Height of subtree.
+ * @param [in] d    Depth/number of trees.
+ * @return  Index of alternate BDS state.
+ */
+#define BDS_ALT_IDX(idx, i, hs, d)  \
+    (((((idx) >> ((hs) * ((i) + 1))) & 1) == 0) ? ((d) + (i)) : (i))
+
+/********************************************
+ * Tree Hash APIs
+ ********************************************/
+
+/* Initialize the tree hash data at specified index for the BDS state.
+ *
+ * @param [in, out] bds  BDS state.
+ * @param [in]      i    Index of tree hash.
+ */
+static void wc_xmss_bds_state_treehash_init(BdsState* bds, int i)
+{
+    byte* sk = bds->treeHash + i * 4;
+    c32to24(0, sk);
+    sk[3] = 0 | (1 << 7);
+}
+
+/* Set next index into tree hash data at specified index for the BDS state.
+ *
+ * @param [in, out] bds      BDS state.
+ * @param [in]      i        Index of tree hash.
+ * @param [in]      nextIdx  Next index for tree hash.
+ */
+static void wc_xmss_bds_state_treehash_set_next_idx(BdsState* bds, int i,
+    word32 nextIdx)
+{
+    byte* sk = bds->treeHash + i * 4;
+    c32to24(nextIdx, sk);
+    sk[3] = 0 | (0 << 7);
+}
+
+/* Mark tree hash, at specified index for the BDS state, as complete.
+ *
+ * @param [in, out] bds  BDS state.
+ * @param [in]      i    Index of tree hash.
+ */
+static void wc_xmss_bds_state_treehash_complete(BdsState* bds, int i)
+{
+    byte* sk = bds->treeHash + i * 4;
+    sk[3] |= 1 << 7;
+}
+
+/* Get the tree hash data at specified index for the BDS state.
+ *
+ * @param [in]  bds       BDS state.
+ * @param [in]  i         Index of tree hash.
+ * @param [out] treeHash  Tree hash instance to fill out.
+ */
+static void wc_xmss_bds_state_treehash_get(BdsState* bds, int i,
+    TreeHash* treeHash)
+{
+    byte* sk = bds->treeHash + i * 4;
+    ato24(sk, &treeHash->nextIdx);
+    treeHash->used = sk[3] & 0x7f;
+    treeHash->completed = sk[3] >> 7;
+}
+
+/* Set the tree hash data at specified index for the BDS state.
+ *
+ * @param [in, out]  bds       BDS state.
+ * @param [in]       i         Index of tree hash.
+ * @param [in]       treeHash  Tree hash data.
+ */
+static void wc_xmss_bds_state_treehash_set(BdsState* bds, int i,
+    TreeHash* treeHash)
+{
+    byte* sk = bds->treeHash + i * 4;
+    c32to24(treeHash->nextIdx, sk);
+    sk[3] = treeHash->used | (treeHash->completed << 7);
+}
+
+/********************************************
+ * BDS State APIs
+ ********************************************/
+
+/* Allocate memory for BDS state.
+ *
+ * When using a static BDS state (XMSS) then pass in handle to data for bds.
+ *
+ * @param [in]      params    XMSS/MT parameters.
+ * @param [in, out] bds       Handle to BDS state. May be NULL if not allocated.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ */
+static int wc_xmss_bds_state_alloc(const XmssParams* params, BdsState** bds)
+{
+    const word8 cnt = 2 * params->d - 1;
+    int ret = 0;
+
+    if (*bds == NULL) {
+        /* Allocate memory for BDS states. */
+        *bds = (BdsState*)XMALLOC(sizeof(BdsState) * cnt, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (*bds == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMSET(*bds, 0, sizeof(BdsState) * cnt);
+        }
+    }
+
+    return ret;
+}
+
+/* Dispose of allocated memory associated with BDS state.
+ *
+ * @param [in] bds    BDS state.
+ */
+static void wc_xmss_bds_state_free(BdsState* bds)
+{
+    /* BDS states was allocated - must free. */
+    XFREE(bds, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+}
+
+/* Load the BDS state from the secret/private key.
+ *
+ * @param [in]  state      XMSS/MT state including digest and parameters.
+ * @param [in]  sk         Secret/private key.
+ * @param [out] bds        BDS states.
+ * @param [out] wots_sigs  WOTS signatures when XMSS^MT.
+ */
+static int wc_xmss_bds_state_load(const XmssState* state, byte* sk,
+    BdsState* bds, byte** wots_sigs)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 hs = params->sub_h;
+    const word8 hsk = params->sub_h - params->bds_k;
+    const word8 k = params->bds_k;
+    const word32 retainLen = XMSS_RETAIN_LEN(k, n);
+    int i;
+
+    /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */
+    sk += params->idx_len + 4 * n;
+
+    if (2 * (int)params->d - 1 <= 0)
+        return WC_FAILURE;
+
+    for (i = 0; i < 2 * (int)params->d - 1; i++) {
+        /* Set pointers into SK. */
+        bds[i].stack = sk;
+        sk += (hs + 1) * n;
+        bds[i].height = sk;
+        sk += hs + 1;
+        bds[i].authPath = sk;
+        sk += hs * n;
+        bds[i].keep = sk;
+        sk += (hs >> 1) * n;
+        bds[i].treeHash = sk;
+        sk += hsk * 4;
+        bds[i].treeHashNode = sk;
+        sk += hsk * n;
+        bds[i].retain = sk;
+        sk += retainLen;
+        /* Load values - big-endian encoded. */
+        ato24(sk, &bds[i].next);
+        sk += 3;
+        bds[i].offset = sk[0];
+        sk += 1;
+    }
+
+    if (wots_sigs != NULL) {
+        *wots_sigs = sk;
+    }
+
+    return 0;
+}
+
+/* Store the BDS state into the secret/private key.
+ *
+ * @param [in]      state   XMSS/MT state including digest and parameters.
+ * @param [in, out] sk      Secret/private key.
+ * @param [in]      bds     BDS states.
+ */
+static int wc_xmss_bds_state_store(const XmssState* state, byte* sk,
+    BdsState* bds)
+{
+    int i;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 hs = params->sub_h;
+    const word8 hsk = params->sub_h - params->bds_k;
+    const word8 k = params->bds_k;
+    const word32 skip = (hs + 1) * n +            /* BdsState.stack */
+                        hs + 1 +                  /* BdsState.height */
+                        hs * n +                  /* BdsState.authPath */
+                        (hs >> 1) * n +           /* BdsState.keep */
+                        hsk * 4 +                 /* BdsState.treeHash */
+                        hsk * n +                 /* BdsState.treeHashNode */
+                        XMSS_RETAIN_LEN(k, n);    /* BdsState.retain */
+
+    /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */
+    sk += params->idx_len + 4 * n;
+
+    if (2 * (int)params->d - 1 <= 0)
+        return WC_FAILURE;
+
+    for (i = 0; i < 2 * (int)params->d - 1; i++) {
+        /* Skip pointers into sk. */
+        sk += skip;
+        /* Save values - big-endian encoded. */
+        c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */
+        sk += 3;
+        sk[0] = bds[i].offset;
+        sk += 1;
+    }
+
+    return 0;
+}
+
+/********************************************
+ * BDS
+ ********************************************/
+
+/* Compute node at next index.
+ *
+ * RFC 8391: 4.1.6, Algorithm 9: treeHash
+ *       ...
+ *       ADRS.setType(0);   # Type = OTS hash address
+ *       ADRS.setOTSAddress(s + i);
+ *       pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS);
+ *       ADRS.setType(1);   # Type = L-tree address
+ *       ADRS.setLTreeAddress(s + i);
+ *       node = ltree(pk, SEED, ADRS);
+ *       ADRS.setType(2);   # Type = hash tree address
+ *       ADRS.setTreeHeight(0);
+ *       ADRS.setTreeIndex(i + s);
+ *       while ( Top node on Stack has same height t' as node ) {
+ *          ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2);
+ *          node = RAND_HASH(Stack.pop(), node, SEED, ADRS);
+ *          ADRS.setTreeHeight(ADRS.getTreeHeight() + 1);
+ *       }
+ *       Stack.push(node);
+ *       ...
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  bds      BDS state.
+ * @param [in]  sk_seed  Random secret/private seed.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address.
+ * @param [out] root     Root node.
+ */
+static void wc_xmss_bds_next_idx(XmssState* state, BdsState* bds,
+    const byte* sk_seed, const byte* pk_seed, HashAddress addr, int i,
+    word8* height, word8* offset, word8** sp)
+{
+    const XmssParams* params = state->params;
+    const word8 hs = params->sub_h;
+    const word8 hsk = params->sub_h - params->bds_k;
+    const word8 n = params->n;
+    word8 o = *offset;
+    word8* node = *sp;
+    word8 h;
+
+    /* Calculate WOTS+ public key. */
+    addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+    addr[XMSS_ADDR_OTS] = i;
+    wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addr, state->pk);
+    /* Calculate public value. */
+    addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE;
+    wc_xmss_ltree(state, state->pk, pk_seed, addr, node);
+    addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE;
+    addr[XMSS_ADDR_TREE_ZERO] = 0;
+
+    /* Initial height at this offset is 0. */
+    h = height[o] = 0;
+    /* HDSS, Section 4.5, 2: TREEHASH[h].push(v[h][3])
+     * Copy right node to tree hash nodes if second right node. */
+    if ((hsk > 0) && (i == 3)) {
+        XMEMCPY(bds->treeHashNode, node + n, n);
+    }
+
+    /* Top node on Stack has same height t' as node. */
+    while ((o >= 1) && (h == height[o - 1])) {
+        /* HDSS, Section 4.5, 1: AUTH[h] = v[h][1], h = 0,...,H-1.
+         * Cache left node if on authentication path. */
+        if ((i >> h) == 1) {
+            if (bds->authPath == NULL) {
+                state->ret = WC_FAILURE;
+                return;
+            }
+            XMEMCPY(bds->authPath + h * n, node, n);
+        }
+        /* This is a right node. */
+        else if (h < hsk) {
+            /* HDSS, Section 4.5, 2: TREEHASH[h].push(v[h][3])
+             * Copy right node to tree hash if second right node. */
+            if ((i >> h) == 3) {
+                XMEMCPY(bds->treeHashNode + h * n, node, n);
+            }
+        }
+        else {
+            /* HDSS, Section 4.5, 3: RETAIN[h].push(v[j][2j+3] for
+             *   h = H-K,...,H-2 and j = 2^(H-h-1)-2,...,0.
+             * Retain high right nodes.
+             */
+            word32 ro = (1 << (hs - 1 - h)) + h - hs + (((i >> h) - 3) >> 1);
+            XMEMCPY(bds->retain + ro * n, node, n);
+        }
+
+        node -= n;
+        /* Calculate hash of node. */
+        addr[XMSS_ADDR_TREE_HEIGHT] = h;
+        addr[XMSS_ADDR_TREE_INDEX] = i >> (h + 1);
+        wc_xmss_rand_hash(state, node, pk_seed, addr, node);
+
+        /* Update offset and height. */
+        o--;
+        h = ++height[o];
+    }
+
+    *offset = o;
+    *sp = node;
+}
+
+/* Compute initial Merkle tree and store nodes.
+ *
+ * HDSS, Section 4.5, The algorithm, Initialization.
+ *   1. We store the authentication path for the first leaf (s = 0):
+ *   AUTH[h] = v[h][1], h = 0,...,H-1.
+ *   2. Depending on the parameter K, we store the next right authentication
+ *   node for each height h = 0,...,H-K-1 in the treehash instances:
+ *   TREEHASH[h].push(v[h][3]).
+ *   3. Finally we store the right authentication nodes clode to the root using
+ *   the stacks RETAIN[h]:
+ *   RETAIN[h].push(v[j][2j+3] for h = H-K,...,H-2 and j = 2^(H-h-1)-2,...,0.
+ *
+ * RFC 8391: 4.1.6, Algorithm 9: treeHash
+ *     if( s % (1 << t) != 0 ) return -1;
+ *     for ( i = 0; i < 2^t; i++ ) {
+ *       SEED = getSEED(SK);
+ *       [Compute node at next index]
+ *     }
+ *     return Stack.pop();
+ *
+ * @param [in]  state    XMSS/MT state including digest and parameters.
+ * @param [in]  bds      BDS state.
+ * @param [in]  sk_seed  Random secret/private seed.
+ * @param [in]  pk_seed  Random public seed.
+ * @param [in]  addr     Hash address.
+ * @param [out] root     Root node.
+ */
+static void wc_xmss_bds_treehash_initial(XmssState* state, BdsState* bds,
+    const byte* sk_seed, const byte* pk_seed, const HashAddress addr,
+    byte* root)
+{
+    const XmssParams* params = state->params;
+    const word8 hsk = params->sub_h - params->bds_k;
+    const word8 n = params->n;
+    word8* node = state->stack;
+    HashAddress addrCopy;
+    word8 height[WC_XMSS_MAX_TREE_HEIGHT + 1];
+    word8 offset = 0;
+    word32 maxIdx = (word32)1 << params->sub_h;
+    word32 i;
+
+    /* First signing index will be 0 - setup BDS state. */
+    bds->offset = 0;
+    bds->next = 0;
+    /* Reset the hash tree status. */
+    if (bds->treeHash != NULL) {
+        for (i = 0; i < hsk; i++) {
+            wc_xmss_bds_state_treehash_init(bds, i);
+        }
+    }
+
+    /* Copy hash address into local. */
+    XMSS_ADDR_OTS_SET_SUBTREE(addrCopy, addr);
+
+    /* Compute each node in tree. */
+    for (i = 0; i < maxIdx; i++) {
+        wc_xmss_bds_next_idx(state, bds, sk_seed, pk_seed, addrCopy, i, height,
+            &offset, &node);
+        offset++;
+        node += n;
+        /* Rest the hash address for reuse. */
+        addrCopy[XMSS_ADDR_TREE_HEIGHT] = 0;
+        addrCopy[XMSS_ADDR_TREE_INDEX] = 0;
+    }
+
+    /* Copy the root node. */
+    XMEMCPY(root, state->stack, n);
+}
+
+/* Update internal nodes of Merkle tree at next index.
+ *
+ * RFC 8391: 4.1.6, Algorithm 9: treeHash
+ *       ...
+ *       SEED = getSEED(SK);
+ *       ADRS.setType(0);   # Type = OTS hash address
+ *       ADRS.setOTSAddress(s + i);
+ *       pk = WOTS_genPK (getWOTS_SK(SK, s + i), SEED, ADRS);
+ *       ADRS.setType(1);   # Type = L-tree address
+ *       ADRS.setLTreeAddress(s + i);
+ *       node = ltree(pk, SEED, ADRS);
+ *       ADRS.setType(2);   # Type = hash tree address
+ *       ADRS.setTreeHeight(0);
+ *       ADRS.setTreeIndex(i + s);
+ *       while ( Top node on Stack has same height t' as node ) {
+ *          ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2);
+ *          node = RAND_HASH(Stack.pop(), node, SEED, ADRS);
+ *          ADRS.setTreeHeight(ADRS.getTreeHeight() + 1);
+ *       }
+ *       Stack.push(node);
+ *
+ * @param [in]      state    XMSS/MT state including digest and parameters.
+ * @param [in, out] bds      BDS state.
+ * @param [in]      height   Height of nodes to update.
+ * @param [in]      sk_seed  Random secret/private seed.
+ * @param [in]      pk_seed  Random public seed.
+ * @param [in]      addr     Hash address.
+ */
+static void wc_xmss_bds_treehash_update(XmssState* state, BdsState* bds,
+    word8 height, const byte* sk_seed, const byte* pk_seed,
+    const HashAddress addr)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    HashAddress addrLocal;
+    TreeHash treeHash[1];
+    byte* sp = bds->stack + bds->offset * n;
+    byte* node = state->stack + WC_XMSS_MAX_STACK_LEN - n;
+    word8 h;
+
+    /* Get the tree hash data. */
+    wc_xmss_bds_state_treehash_get(bds, height, treeHash);
+    /* Copy hash address into local as OTS type. */
+    XMSS_ADDR_OTS_SET_SUBTREE(addrLocal, addr);
+    /* Calculate WOTS+ public key. */
+    addrLocal[XMSS_ADDR_OTS] = treeHash->nextIdx;
+    wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addrLocal, state->pk);
+    /* Calculate public value. */
+    addrLocal[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE;
+    wc_xmss_ltree(state, state->pk, pk_seed, addrLocal, node);
+    addrLocal[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE;
+    addrLocal[XMSS_ADDR_TREE_ZERO] = 0;
+
+    /* Initial height is 0. */
+    h = 0;
+
+    /* Top node on Stack has same height t' as node. */
+    while ((treeHash->used > 0) && (h == bds->height[bds->offset - 1])) {
+        sp -= n;
+        /* Copy from stack to before last calculated node. */
+        node -= n;
+        XMEMCPY(node, sp, n);
+
+        /* Calculate hash of node. */
+        addrLocal[XMSS_ADDR_TREE_HEIGHT] = h;
+        addrLocal[XMSS_ADDR_TREE_INDEX] = treeHash->nextIdx >> (h + 1);
+        wc_xmss_rand_hash(state, node, pk_seed, addrLocal, node);
+
+        /* Update used, offset and height. */
+        treeHash->used--;
+        bds->offset--;
+        h++;
+    }
+
+    /* Check whether we reached the height we wanted to update. */
+    if (h == height) {
+        /* Cache node. */
+        XMEMCPY(bds->treeHashNode + height * n, node, n);
+        treeHash->completed = 1;
+    }
+    else {
+        /* Push calculated node onto stack. */
+        XMEMCPY(sp, node, n);
+        treeHash->used++;
+        /* Update BDS state. */
+        bds->height[bds->offset] = h;
+        bds->offset++;
+        treeHash->nextIdx++;
+    }
+
+    /* Set the tree hash data back. */
+    wc_xmss_bds_state_treehash_set(bds, height, treeHash);
+}
+
+/* Updates hash trees that need it most.
+ *
+ * Algorithm 4.6: Authentication path computation, Step 5.
+ *
+ * @param [in]      state    XMSS/MT state including digest and parameters.
+ * @param [in, out] bds      BDS state.
+ * @param [in]      updates  Current number of updates.
+ * @param [in]      sk_seed  Random secret/private seed.
+ * @param [in]      pk_seed  Random public seed.
+ * @param [in]      addr     Hash address.
+ * @return  Number of available updates.
+ */
+static word8 wc_xmss_bds_treehash_updates(XmssState* state, BdsState* bds,
+    word8 updates, const byte* sk_seed, const byte* pk_seed,
+    const HashAddress addr)
+{
+    const XmssParams* params = state->params;
+    const word8 hs = params->sub_h;
+    const word8 hsk = params->sub_h - params->bds_k;
+
+    if (bds->treeHash == NULL) {
+        state->ret = WC_FAILURE;
+        return 0;
+    }
+
+    while (updates > 0) {
+        word8 minH = hs;
+        word8 h = hsk;
+        word8 i;
+
+        /* Step 5.a. k <- min{ h: TREEHASH(h).height() =
+                                  min[j=0..H-K-1]{TREEHASH(j.height()} } */
+        for (i = 0; i < hsk; i++) {
+            TreeHash treeHash[1];
+
+            wc_xmss_bds_state_treehash_get(bds, i, treeHash);
+
+            if (treeHash->completed) {
+                /* Finished - ignore. */
+            }
+            else if (treeHash->used == 0) {
+                /* None used, low height. */
+                if (i < minH) {
+                    h = i;
+                    minH = i;
+                }
+            }
+            /* Find the height of lowest in cache. */
+            else {
+                word8 j;
+                word8 lowH = hs;
+                byte* height = bds->height + bds->offset - treeHash->used;
+
+                for (j = 0; j < treeHash->used; j++) {
+                    lowH = min(height[j], lowH);
+                }
+                if (lowH < minH) {
+                    /* New lowest height. */
+                    h = i;
+                    minH = lowH;
+                }
+            }
+        }
+        /* If none lower, then stop. */
+        if (h == hsk) {
+            break;
+        }
+
+        /* Step 5.b. TREEHASH(k).update() */
+        /* Update tree to the lowest height. */
+        wc_xmss_bds_treehash_update(state, bds, h, sk_seed, pk_seed, addr);
+        updates--;
+    }
+    return updates;
+}
+
+/* Update BDS at next leaf.
+ *
+ * Don't do anything if processed all leaves.
+ *
+ * @param [in]      state     XMSS/MT state including digest and parameters.
+ * @param [in, out] bds       BDS state.
+ * @param [in]      sk_seed   Random secret/private seed.
+ * @param [in]      pk_seed   Random public seed.
+ * @param [in]      addr      Hash address.
+ */
+static void wc_xmss_bds_update(XmssState* state, BdsState* bds,
+    const byte* sk_seed, const byte* pk_seed, const HashAddress addr)
+{
+    if (bds->next < ((word32)1 << state->params->sub_h)) {
+        const XmssParams* params = state->params;
+        byte* sp = bds->stack + bds->offset * params->n;
+        HashAddress addrCopy;
+
+        XMSS_ADDR_OTS_SET_SUBTREE(addrCopy, addr);
+        if (bds->height == NULL) {
+            state->ret = WC_FAILURE;
+            return;
+        }
+        wc_xmss_bds_next_idx(state, bds, sk_seed, pk_seed, addrCopy, bds->next,
+            bds->height, &bds->offset, &sp);
+        bds->offset++;
+        bds->next++;
+    }
+}
+
+/* Find index of lowest zero bit.
+ *
+ * Supports max up to 31.
+ *
+ * @param [in]  n    Number to evaluate.
+ * @param [in]  max  Max number of bits.
+ * @param [out] b    Next bit above first zero bit.
+ * @return  Index of lowest bit that is zero.
+ */
+static word8 wc_xmss_lowest_zero_bit_index(word32 n, word8 max, word8* b)
+{
+    word8 i;
+
+    /* Check each bit from lowest for a zero bit. */
+    for (i = 0; i < max; i++) {
+        if ((n & 1) == 0) {
+            break;
+        }
+        n >>= 1;
+    }
+
+    /* Return next bit after 0 bit. */
+    *b = (n >> 1) & 1;
+    return i;
+}
+
+/* Returns auth path for node leafIdx and computes for next leaf node.
+ *
+ * HDSS, Algorithm 4.6: Authentication path computation, Steps 1-4.
+ *
+ * @param [in]      state    XMSS/MT state including digest and parameters.
+ * @param [in, out] bds      BDS state.
+ * @param [in]      leafIdx  Current leaf index.
+ * @param [in]      sk_seed  Random secret/private seed.
+ * @param [in]      pk_seed  Random public seed.
+ * @param [in]      addr     Hash address.
+ */
+static void wc_xmss_bds_auth_path(XmssState* state, BdsState* bds,
+    const word32 leafIdx, const byte* sk_seed, const byte* pk_seed,
+    HashAddress addr)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 hs = params->sub_h;
+    const word8 hsk = params->sub_h - params->bds_k;
+    word8 tau;
+    byte* node = state->encMsg;
+    word8 parent;
+
+    if ((bds->keep == NULL) || (bds->authPath == NULL)) {
+        state->ret = WC_FAILURE;
+        return;
+    }
+
+    /* Step 1. Find the height of first left node in authentication path. */
+    tau = wc_xmss_lowest_zero_bit_index(leafIdx, hs, &parent);
+    if (tau == 0) {
+        /* Step 2. Keep node if parent is a left node.
+         *     if s/(2^tau+1) is even and tau < H-1 then KEEP[tau] <- AUTH[tau]
+         */
+        if (parent == 0) {
+            XMEMCPY(bds->keep, bds->authPath, n);
+        }
+
+        /* Step 3. if tau = 0 then AUTH[0] <- LEAFCALC(s) */
+        /* Calculate WOTS+ public key. */
+        addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+        addr[XMSS_ADDR_OTS] = leafIdx;
+        wc_xmss_wots_gen_pk(state, sk_seed, pk_seed, addr, state->pk);
+        /* Calculate public value. */
+        addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE;
+        wc_xmss_ltree(state, state->pk, pk_seed, addr, bds->authPath);
+    }
+    else {
+        byte* authPath;
+        byte* nodes;
+        word8 i;
+
+        authPath = bds->authPath + tau * n;
+        /* Step 4.a. <node> = AUTH[tau-1] || KEEP[tau-1]
+         * Only keeping half of nodes, so need to copy out before updating.
+         */
+        XMEMCPY(node, authPath - n, n);
+        XMEMCPY(node + n, bds->keep + ((tau - 1) >> 1) * n, n);
+
+        /* Step 2. Keep node if parent is a left node.
+         *     if s/(2^tau+1) is even and tau < H-1 then KEEP[tau] <- AUTH[tau]
+         */
+        if ((tau < hs - 1) && (parent == 0)) {
+            XMEMCPY(bds->keep + (tau >> 1) * n, authPath, n);
+        }
+
+        /* Step 4.a. AUTH[tau] <- g(<node>) */
+        addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE;
+        addr[XMSS_ADDR_TREE_ZERO] = 0;
+        addr[XMSS_ADDR_TREE_HEIGHT] = tau - 1;
+        addr[XMSS_ADDR_TREE_INDEX] = leafIdx >> tau;
+        wc_xmss_rand_hash(state, node, pk_seed, addr, authPath);
+
+        /* Step 4.b. <Calculate new right nodes on lower heights> */
+        authPath = bds->authPath;
+        nodes = bds->treeHashNode;
+        /*   for h = 0 to tau - 1 do */
+        for (i = 0; i < tau; i++) {
+            /*   if h < H - K then AUTH[h] <- TREEHASH[h].pop()*/
+            if (i < hsk) {
+                XMEMCPY(authPath, nodes, n);
+                nodes += n;
+            }
+            /*   if h >= H - K then AUTH[h] <- RETAIN[h].pop()*/
+            else {
+                word32 o = (1 << (hs - 1 - i)) + i - hs +
+                           (((leafIdx >> i) - 1) >> 1);
+                XMEMCPY(authPath, bds->retain + o * n, n);
+            }
+            authPath += n;
+        }
+
+        /* Step 4.c. Initialize treehash instances for heights:
+         *           0, ..., min{tau-1, H - K - 1} */
+        tau = min(tau, hsk);
+        for (i = 0; i < tau; i++) {
+            word32 startIdx = leafIdx + 1 + 3 * (1 << i);
+            if (startIdx < ((word32)1 << hs)) {
+                wc_xmss_bds_state_treehash_set_next_idx(bds, i, startIdx);
+            }
+        }
+    }
+}
+
+/********************************************
+ * XMSS
+ ********************************************/
+
+/* Derives XMSS key pair from seeds.
+ *
+ * RFC 8391: 4.1.7, Algorithm 10: XMSS_keyGen.
+ *     ...
+ *     initialize SK_PRF with a uniformly random n-byte string;
+ *     setSK_PRF(SK, SK_PRF);
+ *
+ *     # Initialization for common contents
+ *     initialize SEED with a uniformly random n-byte string;
+ *     setSEED(SK, SEED);
+ *     setWOTS_SK(SK, wots_sk));
+ *     ADRS = toByte(0, 32);
+ *     root = treeHash(SK, 0, h, ADRS);
+ *
+ *     SK = idx || wots_sk || SK_PRF || root || SEED;
+ *     PK = OID || root || SEED;
+ *     return (SK || PK);
+ *
+ * HDSS, Section 4.5, The algorithm, Initialization.
+ *
+ * wots_sk, SK_PRF and SEED passed in as seed.
+ * Store seed for wots_sk instead of generated wots_sk.
+ * OID not stored in PK this is handled in upper layer.
+ * BDS state is appended to SK:
+ *     SK = idx || wots_sk || SK_PRF || root || SEED || BDS_STATE;
+ *
+ * @param [in]  state  XMSS/MT state including digest and parameters.
+ * @param [in]  seed   Secret/Private and public seed.
+ * @param [out] sk     Secret key.
+ * @param [out] pk     Public key.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ * @return  <0 on digest failure.
+ */
+int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
+    unsigned char* sk, unsigned char* pk)
+{
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 32
+    int ret = 0;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    /* Offset of root node in public key. */
+    byte* pk_root = pk;
+#ifdef WOLFSSL_SMALL_STACK
+    BdsState* bds = NULL;
+#else
+    BdsState bds[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate memory for tree hash instances and put in BDS state. */
+    ret = wc_xmss_bds_state_alloc(params, &bds);
+    if (ret == 0)
+#endif
+    {
+        /* Setup pointers into sk - assumes sk is initialized to zeros. */
+        ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
+    }
+    if (ret == 0) {
+        /* Offsets into seed. */
+        const byte* seed_priv = seed;
+        const byte* seed_pub = seed + 2 * n;
+        /* Offsets into secret/private key. */
+        word32* sk_idx = (word32*)sk;
+        byte* sk_seeds = sk + params->idx_len;
+        /* Offsets into public key. */
+        byte* pk_seed = pk + n;
+
+        /* Set first index to 0 in private key. idx_len always 4. */
+        *sk_idx = 0;
+        /* Set private key seed and private key for PRF in to private key. */
+        XMEMCPY(sk_seeds, seed_priv, 2 * n);
+        /* Set public key seed into public key. */
+        XMEMCPY(pk_seed, seed_pub, n);
+
+        /* Set all address values to zero. */
+        XMEMSET(state->addr, 0, sizeof(HashAddress));
+        /* Hash address layer is 0. */
+        /* Compute root node into public key. */
+        wc_xmss_bds_treehash_initial(state, bds, sk_seeds, pk_seed,
+            state->addr, pk_root);
+        /* Return any errors that occurred during hashing. */
+        ret = state->ret;
+    }
+    if (ret == 0) {
+        /* Offset of root node in private key. */
+        byte* sk_root = sk + params->idx_len + 2 * n;
+
+        /* Append public key (root node and public seed) to private key. */
+        XMEMCPY(sk_root, pk_root, 2 * n);
+
+        /* Store BDS state back into secret/private key. */
+        ret = wc_xmss_bds_state_store(state, sk, bds);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of allocated data of BDS states. */
+    wc_xmss_bds_state_free(bds);
+#endif
+    return ret;
+#else
+    (void)state;
+    (void)pk;
+    (void)sk;
+    (void)seed;
+
+    return NOT_COMPILED_IN;
+#endif /* WOLFSSL_XMSS_MIN_HEIGHT <= 32 */
+}
+
+/* Sign a message with XMSS.
+ *
+ * RFC 8391: 4.1.9, Algorithm 11: treeSig
+ *     ...
+ *     ADRS.setType(0);   # Type = OTS hash address
+ *     ADRS.setOTSAddress(idx_sig);
+ *     sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig),
+ *                         M', getSEED(SK), ADRS);
+ *     Sig = sig_ots || auth;
+ *     return Sig;
+ * RFC 8391: 4.1.9, Algorithm 12: XMSS_sign
+ *     idx_sig = getIdx(SK);
+ *     setIdx(SK, idx_sig + 1);
+ *     ADRS = toByte(0, 32);
+ *     byte[n] r = PRF(getSK_PRF(SK), toByte(idx_sig, 32));
+ *     byte[n] M' = H_msg(r || getRoot(SK) || (toByte(idx_sig, n)), M);
+ *     Sig = idx_sig || r || treeSig(M', SK, idx_sig, ADRS);
+ *     return (SK || Sig);
+ *
+ * HDSS, Section 4.5, The algorithm, Update and output phase.
+ *
+ * 'auth' was built at key generation or after computing previous signature.
+ * Build next authentication path after signature created.
+ *
+ * @param [in]      state   XMSS/MT state including digest and parameters.
+ * @param [in]      m       Buffer holding message.
+ * @param [in]      mlen    Length of message in buffer.
+ * @param [in, out] sk      Secret/Private key.
+ * @param [out]     sm      Signature and message data.
+ * @param [in, out] smlen   On in, length of signature and message buffer.
+ *                          On out, length of signature and message data.
+ * @return  0 on success.
+ * @return  <0 on digest failure.
+ */
+int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
+    unsigned char* sk, unsigned char* sig)
+{
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 32
+    int ret = 0;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 h = params->h;
+    const word8 hk = params->h - params->bds_k;
+    const byte* sk_seed = sk + XMSS_IDX_LEN;
+    const byte* pk_seed = sk + XMSS_IDX_LEN + 3 * n;
+    byte node[WC_XMSS_MAX_N];
+    word32 idx;
+    byte* sig_r = sig + XMSS_IDX_LEN;
+#ifdef WOLFSSL_SMALL_STACK
+    BdsState* bds = NULL;
+#else
+    BdsState bds[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Allocate memory for tree hash instances and put in BDS state. */
+    ret = wc_xmss_bds_state_alloc(params, &bds);
+    if (ret == 0)
+#endif
+    {
+        /* Load the BDS state from secret/private key. */
+        ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
+    }
+    if (ret == 0) {
+        /* Copy the index into the signature data: Sig = idx_sig || ... */
+        *((word32*)sig) = *((word32*)sk);
+        /* Read index from the secret key. */
+        ato32(sk, &idx);
+
+        /* Check index is valid. */
+        if (IDX32_INVALID(idx, XMSS_IDX_LEN, h)) {
+            /* Set index to maximum value to distinguish from valid value. */
+            XMEMSET(sk, 0xFF, XMSS_IDX_LEN);
+            /* Zeroize the secret key. */
+            ForceZero(sk + XMSS_IDX_LEN, params->sk_len - XMSS_IDX_LEN);
+            ret = KEY_EXHAUSTED_E;
+        }
+    }
+
+    /* Update SK_MT */
+    if (ret == 0) {
+        /* Increment the index in the secret key. */
+        c32toa(idx + 1, sk);
+    }
+
+    /* Message compression */
+    if (ret == 0) {
+        const byte* sk_prf = sk + XMSS_IDX_LEN + n;
+
+        /* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */
+        wc_idx_copy(sig, params->idx_len, state->buf, XMSS_PRF_M_LEN);
+        wc_xmss_prf(state, sk_prf, state->buf, sig_r);
+        ret = state->ret;
+    }
+    if (ret == 0) {
+        const byte* pub_root = sk + XMSS_IDX_LEN + 2 * n;
+
+        /* Compute the message hash. */
+        wc_xmss_hash_message(state, sig_r, pub_root, sig, XMSS_IDX_LEN, m, mlen,
+            node);
+        ret = state->ret;
+        /* Place new signature data after index and 'r'. */
+        sig += XMSS_IDX_LEN + n;
+    }
+
+    if (ret == 0) {
+        /* Set all address values to zero and set type to OTS. */
+        XMEMSET(state->addr, 0, sizeof(HashAddress));
+        state->addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+        /* treeSig || treeHash = sig_ots || auth */
+        state->addr[XMSS_ADDR_OTS] = idx;
+        /*   Create WOTS+ signature for tree into signature (sig_ots). */
+        wc_xmss_wots_sign(state, node, sk_seed, pk_seed, state->addr, sig);
+        ret = state->ret;
+    }
+    if (ret == 0) {
+        sig += params->wots_sig_len;
+        /*   Add authentication path (auth) and calc new root. */
+        XMEMCPY(sig, bds->authPath, h * n);
+        ret = state->ret;
+    }
+
+    if (ret == 0) {
+        /* Update BDS state - update authentication path for next index. */
+        /* Check not last node. */
+        if (idx < ((word32)1 << h) - 1) {
+            /* Calculate next authentication path node. */
+            wc_xmss_bds_auth_path(state, bds, idx, sk_seed, pk_seed,
+                state->addr);
+            ret = state->ret;
+            if (ret == 0) {
+                /* Algorithm 4.6: Step 5. */
+                wc_xmss_bds_treehash_updates(state, bds, hk >> 1, sk_seed,
+                    pk_seed, state->addr);
+                ret = state->ret;
+            }
+        }
+    }
+    if (ret == 0) {
+        /* Store BDS state back into secret/private key. */
+        ret = wc_xmss_bds_state_store(state, sk, bds);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    /* Dispose of allocated data of BDS states. */
+    wc_xmss_bds_state_free(bds);
+#endif
+    return ret;
+#else
+    (void)state;
+    (void)m;
+    (void)mlen;
+    (void)sk;
+    (void)sig;
+
+    return NOT_COMPILED_IN;
+#endif /* WOLFSSL_XMSS_MIN_HEIGHT <= 32 */
+}
+
+/********************************************
+ * XMSS^MT
+ ********************************************/
+
+/* Generate a XMSS^MT key pair from seeds.
+ *
+ * RFC 8391: 4.2.2, Algorithm 15: XMSS^MT_keyGen.
+ *     ...
+ *     # Example initialization
+ *     idx_MT = 0;
+ *     setIdx(SK_MT, idx_MT);
+ *     initialize SK_PRF with a uniformly random n-byte string;
+ *     setSK_PRF(SK_MT, SK_PRF);
+ *     initialize SEED with a uniformly random n-byte string;
+ *     setSEED(SK_MT, SEED);
+ *
+ *     # Generate reduced XMSS private keys
+ *     ADRS = toByte(0, 32);
+ *     for ( layer = 0; layer < d; layer++ ) {
+ *        ADRS.setLayerAddress(layer);
+ *        for ( tree = 0; tree <
+ *              (1 << ((d - 1 - layer) * (h / d)));
+ *              tree++ ) {
+ *           ADRS.setTreeAddress(tree);
+ *           for ( i = 0; i < 2^(h / d); i++ ) {
+ *             wots_sk[i] = WOTS_genSK();
+ *           }
+ *           setXMSS_SK(SK_MT, wots_sk, tree, layer);
+ *        }
+ *     }
+ *
+ *     SK = getXMSS_SK(SK_MT, 0, d - 1);
+ *     setSEED(SK, SEED);
+ *     root = treeHash(SK, 0, h / d, ADRS);
+ *     setRoot(SK_MT, root);
+ *
+ *     PK_MT = OID || root || SEED;
+ *     return (SK_MT || PK_MT);
+ *
+ * HDSS, Section 4.5, The algorithm, Initialization.
+ * OPX, Section 2, Key Generation.
+ *
+ * wots_sk, SK_PRF and SEED passed in as seed.
+ * Store seed for wots_sk instead of generated wots_sk.
+ * OID not stored in PK this is handled in upper layer.
+ * BDS state is appended to SK:
+ *     SK = idx || wots_sk || SK_PRF || root || SEED || BDS_STATE;
+ *
+ * @param [in]  state   XMSS/MT state including digest and parameters.
+ * @param [in]  seed    Secret/Private and public seed.
+ * @param [out] sk      Secret key.
+ * @param [out] pk      Public key.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ * @return  <0 on digest failure.
+ */
+int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
+    unsigned char* sk, unsigned char* pk)
+{
+    int ret = 0;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    unsigned char* sk_seed = sk + params->idx_len;
+    unsigned char* pk_root = pk;
+    unsigned char* pk_seed = pk + n;
+    word8 i;
+    byte* wots_sigs;
+    BdsState* bds = NULL;
+
+    /* Allocate memory for BDS states and tree hash instances. */
+    ret = wc_xmss_bds_state_alloc(params, &bds);
+    if (ret == 0) {
+        /* Load the BDS state from secret/private key. */
+        ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
+    }
+    if (ret == 0) {
+        /* Offsets into seed. */
+        const byte* seed_priv = seed;
+        const byte* seed_pub  = seed + 2 * params->n;
+
+        /* Set first index to 0 in private key. */
+        XMEMSET(sk, 0, params->idx_len);
+        /* Set private key seed and private key for PRF in to private key. */
+        XMEMCPY(sk_seed, seed_priv, 2 * n);
+        /* Set public key seed into public key. */
+        XMEMCPY(pk_seed, seed_pub, n);
+
+        /* Set all address values to zero. */
+        XMEMSET(state->addr, 0, sizeof(HashAddress));
+        /* Hash address layer is 0 = bottom-most layer. */
+    }
+
+    /* Setup state and compute WOTS+ signatures for all but top-most subtree. */
+    for (i = 0; (ret == 0) && (i < params->d - 1); i++) {
+        /* Compute root for subtree. */
+        wc_xmss_bds_treehash_initial(state, bds + i, sk_seed, pk_seed,
+            state->addr, pk_root);
+        ret = state->ret;
+        if (ret == 0) {
+            /* Create signature for subtree for first index. */
+            state->addr[XMSS_ADDR_LAYER] = i+1;
+            wc_xmss_wots_sign(state, pk_root, sk_seed, pk_seed, state->addr,
+                wots_sigs + i * params->wots_sig_len);
+            ret = state->ret;
+        }
+    }
+    if (ret == 0) {
+        /* Compute root for top-most subtree. */
+        wc_xmss_bds_treehash_initial(state, bds + i, sk_seed, pk_seed,
+            state->addr, pk_root);
+        /* Return any errors that occurred during hashing. */
+        ret = state->ret;
+    }
+
+    if (ret == 0) {
+        /* Offset of root node in private key. */
+        unsigned char* sk_root = sk_seed + 2 * n;
+
+        /* Append public key (root node and public seed) to private key. */
+        XMEMCPY(sk_root, pk_root, 2 * n);
+
+        /* Store BDS state back into secret/private key. */
+        ret = wc_xmss_bds_state_store(state, sk, bds);
+    }
+
+    /* Dispose of allocated data of BDS states. */
+    wc_xmss_bds_state_free(bds);
+    return ret;
+}
+
+
+#if !defined(WORD64_AVAILABLE) && (WOLFSSL_XMSS_MAX_HEIGHT > 32)
+    #error "Support not available - use XMSS small code option"
+#endif
+
+#if (WOLFSSL_XMSS_MAX_HEIGHT > 32)
+    typedef word64 XmssIdx;
+    #define IDX_MAX_BITS    64
+#else
+    typedef word32 XmssIdx;
+    #define IDX_MAX_BITS    32
+#endif
+
+/* Decode index into word.
+ *
+ * @param [out] idx  Index from encoding.
+ * @param [in]  c    Count of bytes to decode to index.
+ * @param [in]  a    Array to decode from.
+ */
+static void xmss_idx_decode(XmssIdx* idx, word8 c, const unsigned char* a)
+{
+    word8 i;
+    XmssIdx n = 0;
+
+    for (i = 0; i < c; i++) {
+        n <<= 8;
+        n += a[i];
+    }
+
+    *idx = n;
+}
+
+/* Check whether index is valid.
+ *
+ * @param [in] i  Index to check.
+ * @param [in] h  Full tree Height.
+ */
+static int xmss_idx_invalid(XmssIdx i, word8 h)
+{
+    return ((i + 1) >> h) != 0;
+}
+
+/* Get tree and leaf index from index.
+ *
+ * @param [in]  i  Index to split.
+ * @param [in]  h  Tree height.
+ * @param [out] t  Tree index.
+ * @param [out] l  Leaf index.
+ */
+static void xmss_idx_get_tree_leaf(XmssIdx i, word8 h, XmssIdx* t, word32* l)
+{
+    *l = (word32)i & (((word32)1 << h) - 1);
+    *t = i >> h;
+}
+
+/* Set the index into address as the tree index.
+ *
+ * @param [in]      i  Tree index.
+ * @param [in, out] a  Hash address.
+ */
+static void xmss_idx_set_addr_tree(XmssIdx i, HashAddress a)
+{
+#if IDX_MAX_BITS == 32
+    a[XMSS_ADDR_TREE_HI] = 0;
+    a[XMSS_ADDR_TREE]    = i;
+#else
+    a[XMSS_ADDR_TREE_HI] = (word32)(i >> 32);
+    a[XMSS_ADDR_TREE]    = (word32)(i      );
+#endif
+}
+
+/* Sign message with XMSS^MT.
+ *
+ * RFC 8391: 4.1.9, Algorithm 11: treeSig
+ *     ...
+ *     ADRS.setType(0);   # Type = OTS hash address
+ *     ADRS.setOTSAddress(idx_sig);
+ *     sig_ots = WOTS_sign(getWOTS_SK(SK, idx_sig),
+ *                         M', getSEED(SK), ADRS);
+ *     Sig = sig_ots || auth;
+ *     return Sig;
+ * RFC 8391: 4.2.4, Algorithm 16: XMSS^MT_sign.
+ *      ...
+ *      # Init
+ *     ADRS = toByte(0, 32);
+ *     SEED = getSEED(SK_MT);
+ *     SK_PRF = getSK_PRF(SK_MT);
+ *     idx_sig = getIdx(SK_MT);
+ *
+ *     # Update SK_MT
+ *     setIdx(SK_MT, idx_sig + 1);
+ *
+ *     # Message compression
+ *     byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32));
+ *     byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M);
+ *
+ *     # Sign
+ *     Sig_MT = idx_sig;
+ *     unsigned int idx_tree
+ *                   = (h - h / d) most significant bits of idx_sig;
+ *     unsigned int idx_leaf = (h / d) least significant bits of idx_sig;
+ *     SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, 0) || SK_PRF
+ *           || toByte(0, n) || SEED;
+ *     ADRS.setLayerAddress(0);
+ *     ADRS.setTreeAddress(idx_tree);
+ *     Sig_tmp = treeSig(M', SK, idx_leaf, ADRS);
+ *     Sig_MT = Sig_MT || r || Sig_tmp;
+ *     for ( j = 1; j < d; j++ ) {
+ *        root = treeHash(SK, 0, h / d, ADRS);
+ *        idx_leaf = (h / d) least significant bits of idx_tree;
+ *        idx_tree = (h - j * (h / d)) most significant bits of idx_tree;
+ *        SK = idx_leaf || getXMSS_SK(SK_MT, idx_tree, j) || SK_PRF
+ *               || toByte(0, n) || SEED;
+ *        ADRS.setLayerAddress(j);
+ *        ADRS.setTreeAddress(idx_tree);
+ *        Sig_tmp = treeSig(root, SK, idx_leaf, ADRS);
+ *        Sig_MT = Sig_MT || Sig_tmp;
+ *     }
+ *     return SK_MT || Sig_MT;
+ *
+ * 'auth' was built at key generation or after computing previous signature.
+ *
+ * @param [in]      state      XMSS/MT state including digest and parameters.
+ * @param [in, out] bds        BDS state.
+ * @param [in]      idx        Index to sign with.
+ * @param [in]      wots_sigs  Pre-computed WOTS+ signatures.
+ * @param [in]      m          Buffer holding message.
+ * @param [in]      mlen       Length of message in buffer.
+ * @param [in, out] sk         Secret/Private key.
+ * @param [out]     sig        Signature and message data.
+ * @return  0 on success.
+ * @return  <0 on digest failure.
+ */
+static int wc_xmssmt_sign_msg(XmssState* state, BdsState* bds, XmssIdx idx,
+    byte* wots_sigs, const unsigned char* m, word32 mlen, unsigned char* sk,
+    unsigned char* sig)
+{
+    int ret;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 hs = params->sub_h;
+    const word8 idx_len = params->idx_len;
+    const byte* sk_prf = sk + idx_len + n;
+    byte* sig_mt = sig;
+    byte* sig_r = sig + idx_len;
+    byte node[WC_XMSS_MAX_N];
+
+    /* Message compression */
+    /* byte[n] r = PRF(SK_PRF, toByte(idx_sig, 32)); */
+    wc_idx_copy(sig_mt, idx_len, state->buf, XMSS_PRF_M_LEN);
+    wc_xmss_prf(state, sk_prf, state->buf, sig_r);
+    ret = state->ret;
+    if (ret == 0) {
+        const byte* pub_root = sk + idx_len + 2 * n;
+        /* byte[n] M' = H_msg(r || getRoot(SK_MT) || (toByte(idx_sig, n)), M);
+         */
+        wc_xmss_hash_message(state, sig_r, pub_root, sig, idx_len, m, mlen,
+            node);
+        ret = state->ret;
+        /* Place new signature data after index and 'r'. */
+        sig += idx_len + n;
+    }
+
+    /* Sign */
+    if (ret == 0) {
+        const byte* sk_seed = sk + idx_len;
+        const byte* pk_seed = sk + idx_len + 3 * n;
+        XmssIdx idx_tree;
+        word32 idx_leaf;
+
+        /* Set all address values to zero and set type to OTS. */
+        XMEMSET(state->addr, 0, sizeof(HashAddress));
+        state->addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+
+        /* Fist iteration - calculate signature. */
+        /* Set layer, tree and OTS leaf index into hash address. */
+        state->addr[XMSS_ADDR_LAYER] = 0;
+        xmss_idx_get_tree_leaf(idx, hs, &idx_tree, &idx_leaf);
+        xmss_idx_set_addr_tree(idx_tree, state->addr);
+        /* treeSig || treeHash = sig_ots || auth */
+        state->addr[XMSS_ADDR_OTS] = idx_leaf;
+        /*   Create WOTS+ signature for tree into signature (sig_ots). */
+        wc_xmss_wots_sign(state, node, sk_seed, pk_seed, state->addr, sig);
+        ret = state->ret;
+    }
+    if (ret == 0) {
+        word8 i;
+        byte *authPath;
+
+        sig += params->wots_sig_len;
+        /*   Add authentication path. */
+        authPath = bds[BDS_IDX(idx, 0, hs, params->d)].authPath;
+        if (authPath == NULL) {
+            state->ret = WC_FAILURE;
+            return state->ret;
+        }
+        XMEMCPY(sig, authPath, hs * n);
+        sig += hs * n;
+
+        /* Remaining iterations from storage. */
+        for (i = 1; i < params->d; i++) {
+            /* Copy out precomputed signature into signature (sig_ots). */
+            XMEMCPY(sig, wots_sigs + (i - 1) * params->wots_sig_len,
+                params->wots_sig_len);
+            sig += params->wots_sig_len;
+            /* Add authentication path (auth) and calc new root. */
+            authPath = bds[BDS_IDX(idx, i, hs, params->d)].authPath;
+            if (authPath == NULL) {
+                state->ret = WC_FAILURE;
+                return state->ret;
+            }
+            XMEMCPY(sig, authPath, hs * n);
+            sig += hs * n;
+        }
+        ret = state->ret;
+    }
+
+    return ret;
+}
+
+/* Compute BDS state for signing next index.
+ *
+ * HDSS, Section 4.5, The algorithm, Update and output phase.
+ * OPX, Section 2, Signature Generation. Para 2 and 3.
+ *
+ * @param [in]      state      XMSS/MT state including digest and parameters.
+ * @param [in, out] bds        BDS state.
+ * @param [in]      idx        Index to sign with.
+ * @param [in]      wots_sigs  Pre-computed WOTS+ signatures.
+ * @param [in]      m          Buffer holding message.
+ * @param [in]      mlen       Length of message in buffer.
+ * @param [in, out] sk         Secret/Private key.
+ * @param [out]     sig        Signature and message data.
+ * @return  0 on success.
+ * @return  <0 on digest failure.
+ */
+static int wc_xmssmt_sign_next_idx(XmssState* state, BdsState* bds, XmssIdx idx,
+    byte* wots_sigs, unsigned char* sk)
+{
+    int ret = 0;
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const word8 h = params->h;
+    const word8 hs = params->sub_h;
+    const word8 hsk = params->sub_h - params->bds_k;
+    const byte* sk_seed = sk + params->idx_len;
+    const byte* pk_seed = sk + params->idx_len + 3 * n;
+    XmssIdx idx_tree;
+    int computeAuthPath = 1;
+    unsigned int updates;
+    word8 i;
+
+    /* Update BDS state - update authentication path for next index. */
+    /* HDSS, Algorithm 4.6, Step 5: repeat (H - K) / 2 times. */
+    updates = hsk >> 1;
+
+    idx_tree = (idx >> hs) + 1;
+    /* Check whether last tree. */
+    if (idx_tree < ((XmssIdx)1 << (h - hs))) {
+        /* Set hash address to next tree. */
+        state->addr[XMSS_ADDR_LAYER] = 0;
+        xmss_idx_set_addr_tree(idx_tree, state->addr);
+        /* Update BDS state. */
+        wc_xmss_bds_update(state, &bds[BDS_ALT_IDX(idx, 0, hs, params->d)],
+            sk_seed, pk_seed, state->addr);
+        ret = state->ret;
+    }
+
+    for (i = 0; (ret == 0) && (i < params->d); i++) {
+        word32 idx_leaf;
+        word8 bds_i = BDS_IDX(idx, i, hs, params->d);
+        word8 alt_i = BDS_ALT_IDX(idx, i, hs, params->d);
+
+        /* Check not last at height. */
+        if (((idx + 1) << (IDX_MAX_BITS - ((i + 1) * hs))) != 0) {
+            state->addr[XMSS_ADDR_LAYER] = i;
+            xmss_idx_get_tree_leaf(idx >> (hs * i), hs, &idx_tree, &idx_leaf);
+            xmss_idx_set_addr_tree(idx_tree, state->addr);
+            idx_tree++;
+
+            if (computeAuthPath) {
+                /* Compute authentication path for tree. */
+                wc_xmss_bds_auth_path(state, &bds[bds_i], idx_leaf, sk_seed,
+                    pk_seed, state->addr);
+                ret = state->ret;
+                computeAuthPath = 0;
+            }
+
+            if (ret == 0) {
+                /* HDSS, Algorithm 4.6: Step 5. */
+                updates = wc_xmss_bds_treehash_updates(state, &bds[bds_i],
+                    updates, sk_seed, pk_seed, state->addr);
+                ret = state->ret;
+            }
+
+            /* Check tree not first, updates to do, tree not last at height and
+             * next leaf in alt state is not last. */
+            if ((ret == 0) && (i > 0) && (updates > 0) &&
+                    (idx_tree < ((XmssIdx)1 << (h - (hs * (i + 1))))) &&
+                    (bds[alt_i].next < ((XmssIdx)1 << h))) {
+                xmss_idx_set_addr_tree(idx_tree, state->addr);
+                /* Update alternative BDS state. */
+                wc_xmss_bds_update(state, &bds[alt_i], sk_seed, pk_seed,
+                    state->addr);
+                ret = state->ret;
+                updates--;
+            }
+        }
+        /* Last at height. */
+        else {
+            /* Set layer, tree and OTS leaf index into hash address. */
+            state->addr[XMSS_ADDR_LAYER] = i + 1;
+            idx_tree = (idx + 1) >> ((i + 1) * hs);
+            xmss_idx_get_tree_leaf(idx_tree, hs, &idx_tree, &idx_leaf);
+            xmss_idx_set_addr_tree(idx_tree, state->addr);
+            /* Cache WOTS+ signature for new tree. */
+            state->addr[XMSS_ADDR_OTS] = idx_leaf;
+            wc_xmss_wots_sign(state, bds[alt_i].stack, sk_seed, pk_seed,
+                state->addr, wots_sigs + i * params->wots_sig_len);
+            ret = state->ret;
+
+            if (ret == 0) {
+                word8 d;
+
+                /* Reset old BDS state. */
+                bds[bds_i].offset = 0;
+                bds[bds_i].next = 0;
+
+                /* Done an update. */
+                updates--;
+                /* Need to compute authentication path in next tree up. */
+                computeAuthPath = 1;
+                /* Mark the tree hashes as complete in new BDS state. */
+                for (d = 0; d < hsk; d++) {
+                    wc_xmss_bds_state_treehash_complete(&bds[alt_i], d);
+                }
+            }
+        }
+    }
+
+    return ret;
+}
+
+/* Sign a message with XMSS^MT and update BDS state for signing next index.
+ *
+ * RFC 8391: 4.2.4, Algorithm 16: XMSS^MT_sign.
+ * HDSS, Section 4.5, The algorithm, Update and output phase.
+ *
+ * @param [in]      state   XMSS/MT state including digest and parameters.
+ * @param [in]      m       Buffer holding message.
+ * @param [in]      mlen    Length of message in buffer.
+ * @param [in, out] sk      Secret/Private key.
+ * @param [out]     sig     Signature and message data.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ * @return  <0 on digest failure.
+ */
+int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
+    unsigned char* sk, unsigned char* sig)
+{
+    int ret = 0;
+    const XmssParams* params = state->params;
+    const word8 h = params->h;
+    const word8 idx_len = params->idx_len;
+    XmssIdx idx = 0;
+    byte* sig_mt = sig;
+    byte* wots_sigs;
+    BdsState* bds = NULL;
+
+    /* Allocate memory for BDS states and tree hash instances. */
+    ret = wc_xmss_bds_state_alloc(params, &bds);
+    if (ret == 0) {
+        /* Load the BDS state from secret/private key. */
+        ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
+    }
+    if (ret == 0) {
+        /* Copy the index into the signature data: Sig_MT = idx_sig. */
+        XMEMCPY(sig_mt, sk, idx_len);
+
+        /* Read index from the secret key. */
+        xmss_idx_decode(&idx, idx_len, sk);
+    }
+    if ((ret == 0) && xmss_idx_invalid(idx, h)) {
+        /* Set index to maximum value to distinguish from valid value. */
+        XMEMSET(sk, 0xFF, idx_len);
+        /* Zeroize the secret key. */
+        ForceZero(sk + idx_len, params->sk_len - idx_len);
+        ret = KEY_EXHAUSTED_E;
+    }
+
+    if (ret == 0) {
+        /* Increment the index in the secret key. */
+        wc_idx_update(sk, idx_len);
+
+        /* Compute signature. */
+        ret = wc_xmssmt_sign_msg(state, bds, idx, wots_sigs, m, mlen, sk, sig);
+    }
+
+    /* Only update if not last index. */
+    if ((ret == 0) && (idx < (((XmssIdx)1 << h) - 1))) {
+        /* Update BDS state for signing next index. */
+        ret = wc_xmssmt_sign_next_idx(state, bds, idx, wots_sigs, sk);
+    }
+
+    if (ret == 0) {
+        /* Store BDS state back into secret/private key. */
+        ret = wc_xmss_bds_state_store(state, sk, bds);
+    }
+
+    /* Dispose of allocated data of BDS states. */
+    wc_xmss_bds_state_free(bds);
+    return ret;
+}
+
+#endif /* WOLFSSL_WC_XMSS_SMALL */
+
+/* Check if more signatures are possible with secret/private key.
+ *
+ * @param [in] params  XMSS parameters
+ * @param [in] sk      Secret/private key.
+ * @return  1 when signatures possible.
+ * @return  0 when key exhausted.
+ */
+
+int wc_xmss_sigsleft(const XmssParams* params, unsigned char* sk)
+{
+    int ret = 0;
+    wc_Idx idx;
+
+    WC_IDX_ZERO(idx);
+    /* Read index from the secret key. */
+    WC_IDX_DECODE(idx, params->idx_len, sk, ret);
+    /* Check validity of index. */
+    if ((ret == 0) && (WC_IDX_INVALID(idx, params->idx_len, params->h))) {
+        ret = KEY_EXHAUSTED_E;
+    }
+
+    return ret == 0;
+}
+#endif /* !WOLFSSL_XMSS_VERIFY_ONLY */
+
+/********************************************
+ * SIGN OPEN - Verify
+ ********************************************/
+
+#if !defined(WOLFSSL_WC_XMSS_SMALL) || defined(WOLFSSL_XMSS_VERIFY_ONLY)
+/* Compute root node with leaf and authentication path.
+ *
+ * RFC 8391: 4.1.10, Algorithm 13: XMSS_rootFromSig
+ *     ...
+ *     for ( k = 0; k < h; k++ ) {
+ *       ADRS.setTreeHeight(k);
+ *       if ( (floor(idx_sig / (2^k)) % 2) == 0 ) {
+ *         ADRS.setTreeIndex(ADRS.getTreeIndex() / 2);
+ *         node[1] = RAND_HASH(node[0], auth[k], SEED, ADRS);
+ *       } else {
+ *         ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2);
+ *         node[1] = RAND_HASH(auth[k], node[0], SEED, ADRS);
+ *       }
+ *       node[0] = node[1];
+ *     }
+ *     return node[0];
+ *
+ * @param [in]      state      XMSS/MT state including digest and parameters.
+ * @param [in]      idx_leaf   Index of leaf node.
+ * @param [in]      auth_path  Authentication path.
+ * @param [in]      pk_seed    Random public seed.
+ * @param [in]      addr       Hash address.
+ * @param [in, out] root       On in, leaf node. On out, root node.
+ */
+static void wc_xmss_compute_root(XmssState* state, word32 idx_leaf,
+    const byte* auth_path, const byte* pk_seed, HashAddress addr, byte* root)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    const byte* b[2][2] = { { root, auth_path }, { auth_path, root } };
+    word8 i;
+
+    for (i = 0; i < params->sub_h; i++) {
+        /* Get which side the leaf is on. */
+        word8 s = idx_leaf & 1;
+        /* Set tree height and index. */
+        addr[XMSS_ADDR_TREE_HEIGHT] = i;
+        idx_leaf >>= 1;
+        addr[XMSS_ADDR_TREE_INDEX] = idx_leaf;
+
+        /* Put the result into buffer position for next RAND_HASH. */
+        wc_xmss_rand_hash_lr(state, b[s][0], b[s][1], pk_seed, addr, root);
+        /* Move to next auth path node. */
+        b[0][1] += n;
+        b[1][0] += n;
+    }
+}
+#else
+/* Compute root node with leaf and authentication path.
+ *
+ * RFC 8391: 4.1.10, Algorithm 13: XMSS_rootFromSig
+ *     ...
+ *     for ( k = 0; k < h; k++ ) {
+ *       ADRS.setTreeHeight(k);
+ *       if ( (floor(idx_sig / (2^k)) % 2) == 0 ) {
+ *         ADRS.setTreeIndex(ADRS.getTreeIndex() / 2);
+ *         node[1] = RAND_HASH(node[0], auth[k], SEED, ADRS);
+ *       } else {
+ *         ADRS.setTreeIndex((ADRS.getTreeIndex() - 1) / 2);
+ *         node[1] = RAND_HASH(auth[k], node[0], SEED, ADRS);
+ *       }
+ *       node[0] = node[1];
+ *     }
+ *     return node[0];
+ *
+ * @param [in]      state      XMSS/MT state including digest and parameters.
+ * @param [in]      idx_leaf   Index of leaf node.
+ * @param [in]      auth_path  Authentication path.
+ * @param [in]      pk_seed    Random public seed.
+ * @param [in]      addr       Hash address.
+ * @param [in, out] node       On in, leaf node. On out, root node.
+ */
+static void wc_xmss_compute_root(XmssState* state, word32 idx_leaf,
+    const byte* auth_path, const byte* pk_seed, HashAddress addr, byte* node)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    byte buffer[2 * WC_XMSS_MAX_N];
+    byte* b[2][2] = { { buffer, buffer + n }, { buffer + n, buffer } };
+    word8 i;
+
+    /* Setup buffer for first RAND_HASH. */
+    XMEMCPY(b[idx_leaf & 1][0], node, n);
+    XMEMCPY(b[idx_leaf & 1][1], auth_path, n);
+    auth_path += n;
+
+    for (i = 0; i < params->sub_h - 1; i++) {
+        /* Set tree height and index. */
+        addr[XMSS_ADDR_TREE_HEIGHT] = i;
+        idx_leaf >>= 1;
+        addr[XMSS_ADDR_TREE_INDEX] = idx_leaf;
+
+        /* Put the result into buffer position for next RAND_HASH. */
+        wc_xmss_rand_hash(state, buffer, pk_seed, addr, b[idx_leaf & 1][0]);
+        /* Put auth path node into other half of buffer. */
+        XMEMCPY(b[idx_leaf & 1][1], auth_path, n);
+        /* Move to next auth path node. */
+        auth_path += n;
+    }
+
+    addr[XMSS_ADDR_TREE_HEIGHT] = i;
+    idx_leaf >>= 1;
+    addr[XMSS_ADDR_TREE_INDEX] = idx_leaf;
+    /* Last iteration into output node. */
+    wc_xmss_rand_hash(state, buffer, pk_seed, addr, node);
+}
+#endif /* !WOLFSSL_WC_XMSS_SMALL || WOLFSSL_XMSS_VERIFY_ONLY */
+
+/* Compute a root node from a tree signature.
+ *
+ * RFC 8391: 4.1.10, Algorithm 13: XMSS_rootFromSig
+ *     ADRS.setType(0);   # Type = OTS hash address
+ *     ADRS.setOTSAddress(idx_sig);
+ *     pk_ots = WOTS_pkFromSig(sig_ots, M', SEED, ADRS);
+ *     ADRS.setType(1);   # Type = L-tree address
+ *     ADRS.setLTreeAddress(idx_sig);
+ *     byte[n][2] node;
+ *     node[0] = ltree(pk_ots, SEED, ADRS);
+ *     ADRS.setType(2);   # Type = hash tree address
+ *     ADRS.setTreeIndex(idx_sig);
+ *     [Compute root with leaf and authentication path]
+ *
+ * Computing the root from the leaf and authentication path can be implemented
+ * in different ways and is therefore extracted to its own function.
+ *
+ * @param [in]      state    XMSS/MT state including digest and parameters.
+ * @param [in]      pk_seed  Random public seed.
+ * @param [in]      sig      WOTS+ signature for this tree.
+ * @param [in]      idx_sig  Index of signature leaf in this tree.
+ * @param [in, out] addr     Hash address.
+ * @param [in, out] node     On in, previous root node.
+ *                           On out, root node of this subtree.
+ */
+static void wc_xmss_root_from_sig(XmssState* state, const byte* pk_seed,
+    const byte* sig, word32 idx_sig, HashAddress addr, byte* node)
+{
+    const XmssParams* params = state->params;
+    byte* wots_pk = state->pk;
+    const byte* auth_path = sig + params->wots_sig_len;
+
+    /* Compute WOTS+ public key value from signature. */
+    addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_OTS;
+    addr[XMSS_ADDR_OTS] = idx_sig;
+    wc_xmss_wots_pk_from_sig(state, sig, node, pk_seed, addr, wots_pk);
+
+    /* Compute leaves of L-tree from WOTS+ public key. */
+    addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_LTREE;
+    /* XMSS_ADDR_LTREE is same as XMSS_ADDR_OTS in index and value. */
+    wc_xmss_ltree(state, wots_pk, pk_seed, addr, node);
+
+    /* Compute root node from leaf and authentication path. */
+    addr[XMSS_ADDR_TYPE] = WC_XMSS_ADDR_TYPE_TREE;
+    addr[XMSS_ADDR_TREE_ZERO] = 0;
+    wc_xmss_compute_root(state, idx_sig, auth_path, pk_seed, addr, node);
+}
+
+/* Verify message with signature using XMSS/MT.
+ *
+ * RFC 8391: 4.2.5, Algorithm 17: XMSSMT_verify
+ *     idx_sig = getIdx(Sig_MT);
+ *     SEED = getSEED(PK_MT);
+ *     ADRS = toByte(0, 32);
+ *
+ *     byte[n] M' = H_msg(getR(Sig_MT) || getRoot(PK_MT)
+ *                        || (toByte(idx_sig, n)), M);
+ *
+ *     unsigned int idx_leaf
+ *                   = (h / d) least significant bits of idx_sig;
+ *     unsigned int idx_tree
+ *                   = (h - h / d) most significant bits of idx_sig;
+ *     Sig' = getXMSSSignature(Sig_MT, 0);
+ *     ADRS.setLayerAddress(0);
+ *     ADRS.setTreeAddress(idx_tree);
+ *     byte[n] node = XMSS_rootFromSig(idx_leaf, getSig_ots(Sig'),
+ *                                      getAuth(Sig'), M', SEED, ADRS);
+ *     for ( j = 1; j < d; j++ ) {
+ *        idx_leaf = (h / d) least significant bits of idx_tree;
+ *        idx_tree = (h - j * h / d) most significant bits of idx_tree;
+ *        Sig' = getXMSSSignature(Sig_MT, j);
+ *        ADRS.setLayerAddress(j);
+ *        ADRS.setTreeAddress(idx_tree);
+ *        node = XMSS_rootFromSig(idx_leaf, getSig_ots(Sig'),
+ *                              getAuth(Sig'), node, SEED, ADRS);
+ *     }
+ *     if ( node == getRoot(PK_MT) ) {
+ *       return true;
+ *     } else {
+ *       return false;
+ *     }
+ *
+ * @param [in]       state    XMSS/MT state including digest and parameters.
+ * @param [in]       m        Message buffer.
+ * @param [in]       mlen     Length of message in bytes.
+ * @param [in]       sig      Buffer holding signature.
+ * @param [in]       pk       Public key.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ * @return  SIG_VERIFY_E on verification failure.
+ * @return  <0 on digest failure.
+ */
+int wc_xmssmt_verify(XmssState* state, const unsigned char* m, word32 mlen,
+    const unsigned char* sig, const unsigned char* pk)
+{
+    const XmssParams* params = state->params;
+    const word8 n = params->n;
+    int ret = 0;
+    const byte* pub_root = pk;
+    const byte* pk_seed = pk + n;
+    byte node[WC_XMSS_MAX_N];
+    wc_Idx idx;
+    word32 idx_leaf = 0;
+    unsigned int i;
+
+    /* Set 32/64-bit index to 0. */
+    WC_IDX_ZERO(idx);
+    /* Set all address values to zero. */
+    XMEMSET(state->addr, 0, sizeof(HashAddress));
+
+    if (ret == 0) {
+        /* Convert the index bytes from the signature to an integer. */
+        WC_IDX_DECODE(idx, params->idx_len, sig, ret);
+    }
+
+    if (ret == 0) {
+        const byte* sig_r = sig + params->idx_len;
+        /* byte[n] M' = H_msg(getR(Sig_MT) || getRoot(PK_MT) ||
+         *                    (toByte(idx_sig, n)), M);
+         */
+        wc_xmss_hash_message(state, sig_r, pub_root, sig, params->idx_len, m,
+            mlen, node);
+        ret = state->ret;
+    }
+
+    if (ret == 0) {
+        /* Set tree of hash address. */
+        WC_IDX_SET_ADDR_TREE(idx, params->idx_len, params->sub_h, state->addr,
+            idx_leaf);
+
+        /* Skip to first WOTS+ signature and derive root. */
+        sig += params->idx_len + n;
+        wc_xmss_root_from_sig(state, pk_seed, sig, idx_leaf, state->addr,
+            node);
+        ret = state->ret;
+    }
+    /* Calculate root of remaining subtrees up to top. */
+    for (i = 1; (ret == 0) && (i < params->d); i++) {
+        /* Set layer and tree. */
+        state->addr[XMSS_ADDR_LAYER] = i;
+        WC_IDX_SET_ADDR_TREE(idx, params->idx_len, params->sub_h, state->addr,
+            idx_leaf);
+        /* Skip to next WOTS+ signature and derive root. */
+        sig += params->wots_sig_len + params->sub_h * n;
+        wc_xmss_root_from_sig(state, pk_seed, sig, idx_leaf, state->addr,
+            node);
+        ret = state->ret;
+    }
+    /* Compare calculated node with public key root. */
+    if ((ret == 0) && (XMEMCMP(node, pub_root, n) != 0)) {
+        ret = SIG_VERIFY_E;
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_HAVE_XMSS */
+
diff --git a/wolfcrypt/src/wolfevent.c b/wolfcrypt/src/wolfevent.c
index 01ddd1131..82fbf6640 100644
--- a/wolfcrypt/src/wolfevent.c
+++ b/wolfcrypt/src/wolfevent.c
@@ -1,6 +1,6 @@
 /* wolfevent.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,7 +55,7 @@ int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context)
 
 int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags)
 {
-    int ret = BAD_COND_E;
+    int ret = WC_NO_ERR_TRACE(BAD_COND_E);
 
     /* Check hardware */
 #ifdef WOLFSSL_ASYNC_CRYPT
diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c
index 11e85cd74..1b61d0c30 100644
--- a/wolfcrypt/src/wolfmath.c
+++ b/wolfcrypt/src/wolfmath.c
@@ -1,6 +1,6 @@
 /* wolfmath.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -149,10 +149,10 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
         for (; i < b->used; i++) {
             b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
         }
-        b->used ^= (a->used ^ b->used) & (unsigned int)mask;
+        b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask;
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
-        b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask;
+        b->sign ^= (wc_mp_sign_t)(a->sign ^ b->sign) & (wc_mp_sign_t)mask;
 #endif
     }
 
@@ -167,7 +167,6 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d)
     return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
 }
 
-#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE)
 int mp_rand(mp_int* a, int digits, WC_RNG* rng)
 {
     int ret = 0;
@@ -195,7 +194,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
         ret = BAD_FUNC_ARG;
     }
     if (ret == MP_OKAY) {
-        a->used = (word32)digits;
+        a->used = (wc_mp_size_t)digits;
     }
 #endif
     /* fill the data with random bytes */
@@ -221,7 +220,6 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
 
     return ret;
 }
-#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE */
 #endif /* !WC_NO_RNG */
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)
@@ -357,9 +355,7 @@ void wc_bigint_zero(WC_BIGINT* a)
 void wc_bigint_free(WC_BIGINT* a)
 {
     if (a) {
-        if (a->buf) {
-          XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
-        }
+        XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT);
         a->buf = NULL;
         a->len = 0;
     }
@@ -475,14 +471,16 @@ const char *wc_GetMathInfo(void)
         #elif defined(WOLFSSL_HAVE_SP_DH)
             " dh"
         #endif
-        #ifndef WOLFSSL_SP_NO_2048
-            " 2048"
-        #endif
-        #ifndef WOLFSSL_SP_NO_3072
-            " 3072"
-        #endif
-        #ifdef WOLFSSL_SP_4096
-            " 4096"
+        #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
+            #ifndef WOLFSSL_SP_NO_2048
+                " 2048"
+            #endif
+            #ifndef WOLFSSL_SP_NO_3072
+                " 3072"
+            #endif
+            #ifdef WOLFSSL_SP_4096
+                " 4096"
+            #endif
         #endif
         #ifdef WOLFSSL_SP_ASM
             " asm"
diff --git a/wolfcrypt/test/README.md b/wolfcrypt/test/README.md
index bcf877f9a..167556644 100644
--- a/wolfcrypt/test/README.md
+++ b/wolfcrypt/test/README.md
@@ -53,7 +53,7 @@ Test complete
 
 ## Windows Visual Studio
 
-For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. 
+For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version.
 
 If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the test project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project).
 
diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am
index 64d0f1a4f..4e059dfa6 100644
--- a/wolfcrypt/test/include.am
+++ b/wolfcrypt/test/include.am
@@ -26,5 +26,9 @@ endif
 
 EXTRA_DIST += wolfcrypt/test/test.sln
 EXTRA_DIST += wolfcrypt/test/test.vcproj
+EXTRA_DIST += wolfcrypt/test/test-VS2022.sln
+EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj
+EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user
+
 EXTRA_DIST += wolfcrypt/test/README.md
 DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt
diff --git a/wolfcrypt/test/test-VS2022.sln b/wolfcrypt/test/test-VS2022.sln
new file mode 100644
index 000000000..557627482
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.sln
@@ -0,0 +1,87 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35327.3
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test-VS2022", "test-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h
+		..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM64 = Debug|ARM64
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DLL Debug|ARM64 = DLL Debug|ARM64
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|x86 = DLL Debug|x86
+		DLL Release|ARM64 = DLL Release|ARM64
+		DLL Release|x64 = DLL Release|x64
+		DLL Release|x86 = DLL Release|x86
+		Release|ARM64 = Release|ARM64
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA}
+	EndGlobalSection
+EndGlobal
diff --git a/wolfcrypt/test/test-VS2022.vcxproj b/wolfcrypt/test/test-VS2022.vcxproj
new file mode 100644
index 000000000..ed79d62ef
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.vcxproj
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.35327.3</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="test.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\wolfssl-VS2022.vcxproj">
+      <Project>{12226dbe-7278-4dfa-a119-5a0294cf0b33}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfcrypt/test/test-VS2022.vcxproj.user b/wolfcrypt/test/test-VS2022.vcxproj.user
new file mode 100644
index 000000000..2219efc16
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.vcxproj.user
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerWorkingDirectory>$(ProjectDir)../../</LocalDebuggerWorkingDirectory>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index a43abeaa4..a8c9cdc8d 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1,6 +1,6 @@
 /* test.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,11 +32,15 @@
     #include <config.h>
 #endif
 
-#ifndef WOLFSSL_USER_SETTINGS
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+    #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
+#endif
+
 #ifndef NO_CRYPT_TEST
 
 #include <wolfssl/version.h>
@@ -44,6 +48,13 @@
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/mem_track.h>
 
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
     #include <wolfssl/ssl.h>
     #define err_sys err_sys_remap /* remap err_sys */
@@ -134,7 +145,8 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #include <time.h>
     #include <sys/time.h>
     #include <esp_log.h>
-    #include <wolfcrypt/port/Espressif/esp32-crypt.h> /* */
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #define ESPIDF_TAG "wc_test"
 #elif defined(WOLFSSL_ZEPHYR)
     #include <stdio.h>
 
@@ -256,6 +268,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/hash.h>
 #include <wolfssl/wolfcrypt/rc2.h>
 #include <wolfssl/wolfcrypt/arc4.h>
 #if !defined(WC_NO_RNG)
@@ -279,6 +292,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/chacha.h>
 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+#ifdef HAVE_ASCON
+    #include <wolfssl/wolfcrypt/ascon.h>
+#endif
 #include <wolfssl/wolfcrypt/pwdbased.h>
 #include <wolfssl/wolfcrypt/ripemd.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -308,20 +324,27 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef WOLFSSL_WC_KYBER
     #include <wolfssl/wolfcrypt/wc_kyber.h>
 #endif
-#if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
+#if defined(HAVE_LIBOQS)
     #include <wolfssl/wolfcrypt/ext_kyber.h>
 #endif
 #endif
+#ifdef HAVE_DILITHIUM
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
 #if defined(WOLFSSL_HAVE_XMSS)
     #include <wolfssl/wolfcrypt/xmss.h>
 #ifdef HAVE_LIBXMSS
     #include <wolfssl/wolfcrypt/ext_xmss.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_xmss.h>
 #endif
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
     #include <wolfssl/wolfcrypt/lms.h>
 #ifdef HAVE_LIBLMS
     #include <wolfssl/wolfcrypt/ext_lms.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_lms.h>
 #endif
 #endif
 #ifdef WOLFCRYPT_HAVE_ECCSI
@@ -348,6 +371,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef HAVE_PKCS7
     #include <wolfssl/wolfcrypt/pkcs7.h>
 #endif
+#ifdef HAVE_PKCS12
+    #include <wolfssl/wolfcrypt/pkcs12.h>
+#endif
 #ifdef HAVE_FIPS
     #include <wolfssl/wolfcrypt/fips_test.h>
 #endif
@@ -374,6 +400,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef _MSC_VER
@@ -410,6 +439,13 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef DEVKITPRO
     #include <wiiuse/wpad.h>
 #endif
+#ifdef WOLFSSL_NDS
+    #include <nds/ndstypes.h>
+    #include <nds/arm9/console.h>
+    #include <nds/arm9/input.h>
+    #include <nds/interrupts.h>
+    #include <fat.h>
+#endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -465,12 +501,16 @@ typedef struct testVector {
     size_t outLen;
 } testVector;
 
-#ifndef WOLFSSL_TEST_SUBROUTINE
-#define WOLFSSL_TEST_SUBROUTINE
+#ifdef WOLFCRYPT_TEST_LINT
+    #define WOLFSSL_TEST_SUBROUTINE static
+#else
+    PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
+    PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
 #endif
 
-PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
-PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
+#ifndef WOLFSSL_TEST_SUBROUTINE
+    #define WOLFSSL_TEST_SUBROUTINE
+#endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  error_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  base64_test(void);
@@ -495,7 +535,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha384_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake128_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake256_test(void);
+#ifdef WOLFSSL_SM3
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sm3_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hash_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_md5_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha_test(void);
@@ -513,13 +555,25 @@ static                  wc_test_ret_t  hkdf_test(void);
 #else
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hkdf_test(void);
 #endif
+#endif /* HAVE_HKDF && ! NO_HMAC */
+#ifdef WOLFSSL_HAVE_PRF
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+#ifdef WOLFSSL_BASE16
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls12_kdf_test(void);
+#endif /* WOLFSSL_BASE16 */
+#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
+#endif /* WOLFSSL_HAVE_PRF */
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  prf_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sshkdf_test(void);
 #ifdef WOLFSSL_TLS13
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls13_kdf_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  x963kdf_test(void);
+#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hpke_test(void);
+#endif
 #ifdef WC_SRTP_KDF
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srtpkdf_test(void);
 #endif
@@ -534,10 +588,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  XChaCha20Poly1305_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cbc_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_ctr_test(void);
+#if defined(WOLFSSL_AES_CFB)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cfb_test(void);
+#endif
+#ifdef WOLFSSL_AES_XTS
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_xts_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes192_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes256_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesofb_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  cmac_test(void);
+#ifdef HAVE_ASCON
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ascon_hash256_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ascon_aead128_test(void);
+#endif
 #if defined(WOLFSSL_SIPHASH)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  siphash_test(void);
 #endif
@@ -562,6 +628,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srp_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  random_test(void);
 #endif /* WC_NO_RNG */
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pwdbased_test(void);
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS) && !defined(NO_DES3)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pkcs12_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ripemd_test(void);
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_test(void);   /* test mini api */
@@ -573,7 +645,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_evpSig_test(void);
 #endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
 #endif
@@ -607,21 +679,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 #ifdef WOLFSSL_HAVE_KYBER
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  kyber_test(void);
 #endif
+#ifdef HAVE_DILITHIUM
+    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  dilithium_test(void);
+#endif
 #if defined(WOLFSSL_HAVE_XMSS)
+    #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test_verify_only(void);
+    #endif
     #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test(void);
     #endif
-    #if defined(WOLFSSL_XMSS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test_verify_only(void);
-    #endif
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
+    #if !defined(WOLFSSL_SMALL_STACK)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
+    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
+        #endif
+    #endif
     #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test(void);
     #endif
-    #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
-    #endif
 #endif
 #ifdef WOLFCRYPT_HAVE_ECCSI
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  eccsi_test(void);
@@ -660,7 +738,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
 #endif
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  certext_test(void);
 #endif
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
@@ -702,7 +780,7 @@ void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
 WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
 #endif
 
-#ifdef WOLF_CRYPTO_CB
+#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
 #endif
 #ifdef WOLFSSL_CERT_PIV
@@ -720,19 +798,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
 /* General big buffer size for many tests. */
 #define FOURK_BUF 4096
 
+/* If not defined in user_settings, the ERROR_OUT pause is 120 seconds. */
+#ifndef WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION
+    #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION 120
+#endif
 #if defined(WOLFSSL_ESPIDF_ERROR_PAUSE)
+    #if defined(CONFIG_FREERTOS_HZ)
+        #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
+           (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * CONFIG_FREERTOS_HZ)
+    #else
+        /* If not defined, assume RTOS is 1000 ticks per second. */
+        #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
+           (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * 1000)
+    #endif
     /* When defined, pause at error condition rather than exit with error. */
-        #define ERROR_OUT(err, eLabel) \
-            do { \
-                ret = (err); \
-                esp_ShowExtendedSystemInfo(); \
-                ESP_LOGE("wolfcrypt_test", "ESP Error! ret = %d ", err); \
-                while (1) { \
-                    vTaskDelay(60000); \
-                } \
-                /* Just to appease compiler, don't actually go to eLabel */ \
-                goto eLabel; \
-            } while (0)
+    #define ERROR_OUT(err, eLabel) \
+        do { \
+            ret = (err); \
+            ESP_LOGE(ESPIDF_TAG, "Failed: Error = %d during %s, line %d", \
+                                    err, __FUNCTION__, __LINE__); \
+            ESP_LOGI(ESPIDF_TAG, "Extended system info:"); \
+            esp_ShowExtendedSystemInfo(); \
+            ESP_LOGW(ESPIDF_TAG, "Paused for %d seconds! " \
+                                 "WOLFSSL_ESPIDF_ERROR_PAUSE is enabled.", \
+                                  WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION); \
+            vTaskDelay(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS); \
+            goto eLabel; \
+        } while (0)
 #else
     #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
 #endif
@@ -759,10 +851,16 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
 #ifdef NO_ERROR_STRINGS
         err_sys_printf("%s error L=%d code=%d\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
+#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED)
+        err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
+                       WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
+                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es))
+            );
 #else
         err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
-                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
+                       wolfSSL_ERR_reason_error_string((unsigned long)-WC_TEST_RET_DEC_I(es))
+            );
 #endif
         break;
     case WC_TEST_RET_TAG_ERRNO:
@@ -774,11 +872,11 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
  * stores an error string in the supplied buffer.  this is all most
  * infelicitous...
  */
-#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) &&      \
+#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) &&              \
     (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) &&      \
-    ((defined(__GLIBC__) && (__GLIBC__ >= 2)) ||                \
-     (defined(__USE_XOPEN2K) &&                                 \
-      defined(_POSIX_C_SOURCE) &&                               \
+    ((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) ||  \
+     (defined(__USE_XOPEN2K) &&                                         \
+      defined(_POSIX_C_SOURCE) &&                                       \
       (_POSIX_C_SOURCE >= 200112L)))
 
         char errno_buf[64], *errno_string;
@@ -844,13 +942,83 @@ static void myFipsCb(int ok, int err, const char* hash)
     printf("message = %s\n", wc_GetErrorString(err));
     printf("hash = %s\n", hash);
 
-    if (err == IN_CORE_FIPS_E) {
+    if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
         printf("In core integrity hash check failure, copy above hash\n");
         printf("into verifyCore[] in fips_test.c and rebuild\n");
     }
 }
 #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
 
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS)
+
+#if !defined(NO_AES)
+static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code)
+{
+    int ret;
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_AesInit(aes, heap, thisDevId);
+        if (ret != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return aes;
+}
+static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+    wc_AesFree(aes);
+    XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
+    if (aes_p != NULL)
+        *aes_p = NULL;
+    return 0;
+}
+#endif /* !NO_AES */
+
+#if !defined(NO_RSA)
+static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
+{
+    int ret;
+    RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_InitRsaKey_ex(key, heap, thisDevId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_RSA);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_FreeRsaKey(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !NO_RSA */
+
+#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */
+
 #ifdef WOLFSSL_STATIC_MEMORY
     #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
         static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
@@ -889,7 +1057,7 @@ static int wolfssl_pb_print(const char* msg, ...)
 /* Enable support for RNG with crypto callback */
 static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
 {
-    int rc = CRYPTOCB_UNAVAILABLE;
+    int rc = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
         rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
     }
@@ -899,6 +1067,340 @@ static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
 }
 #endif
 
+#if defined(WC_KDF_NIST_SP_800_56C)
+#define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType)      \
+    {                                                                          \
+        .z = (const byte*)_z, .zSz = sizeof(_z) - 1,                           \
+        .fixedInfo = (const byte*)_fixedInfo,                                  \
+        .fixedInfoSz = sizeof(_fixedInfo) - 1,                                 \
+        .derivedKey = (const byte*)_derivedKey,                                \
+        .derivedKeySz = sizeof(_derivedKey) - 1, .hashType = _hashType,        \
+    }
+
+#define SP800_56C_MAX_OUT 128
+static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
+{
+    struct sp800_56c_test_vector {
+        const byte* z;
+        word32 zSz;
+        const byte* fixedInfo;
+        word32 fixedInfoSz;
+        const byte* derivedKey;
+        word32 derivedKeySz;
+        enum wc_HashType hashType;
+    };
+    struct sp800_56c_test_vector* v;
+    byte output[SP800_56C_MAX_OUT];
+    word32 i;
+    int ret;
+    /* vectors from
+     * https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
+     *
+     * (KeyManagement) */
+    struct sp800_56c_test_vector vctors[] = {
+#if !defined(NO_SHA)
+        /* SHA-1 */
+        INIT_SP80056C_TEST_VECTOR(
+            "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
+            "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
+            "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
+            "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
+            "\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
+            WC_HASH_TYPE_SHA),
+        INIT_SP80056C_TEST_VECTOR(
+            "\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a"
+            "\xa3\x6d\xb6\x14\x29\xea\x55\x21",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7"
+            "\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51"
+            "\xba\x22\x62\xbd\x1e\x28\xe5\x6b",
+            WC_HASH_TYPE_SHA),
+        INIT_SP80056C_TEST_VECTOR(
+            "\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92"
+            "\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa"
+            "\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd"
+            "\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4"
+            "\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d"
+            "\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed"
+            "\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46"
+            "\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8"
+            "\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c"
+            "\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd"
+            "\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3"
+            "\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9"
+            "\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43"
+            "\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd"
+            "\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42"
+            "\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03"
+            "\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87"
+            "\x66\x76\x92\xf1\x2d\x7b\xd3\x8b",
+            WC_HASH_TYPE_SHA),
+        INIT_SP80056C_TEST_VECTOR(
+            "\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e"
+            "\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1"
+            "\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9"
+            "\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9"
+            "\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77"
+            "\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16"
+            "\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed"
+            "\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4"
+            "\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02"
+            "\x91\x79\x0a\x1d\xc8\x31\x4e\x28",
+            WC_HASH_TYPE_SHA),
+        INIT_SP80056C_TEST_VECTOR(
+            "\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91"
+            "\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9"
+            "\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8"
+            "\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0"
+            "\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb"
+            "\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83"
+            "\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25"
+            "\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14"
+            "\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87"
+            "\x10\xe3\x8f\x0c\xef\x0f\xfc\x67",
+            WC_HASH_TYPE_SHA),
+        INIT_SP80056C_TEST_VECTOR(
+            "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
+            "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
+            "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
+            "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
+            "\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
+            WC_HASH_TYPE_SHA),
+#endif
+#if defined(WOLFSSL_SHA224)
+        /* SHA-224*/
+        INIT_SP80056C_TEST_VECTOR(
+            "\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64"
+            "\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e"
+            "\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11"
+            "\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b"
+            "\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84"
+            "\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1"
+            "\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34"
+            "\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50"
+            "\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa"
+            "\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f"
+            "\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71"
+            "\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e"
+            "\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d"
+            "\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b"
+            "\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf"
+            "\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe"
+            "\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d"
+            "\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb"
+            "\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f"
+            "\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32"
+            "\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab"
+            "\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71"
+            "\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26"
+            "\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37"
+            "\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c"
+            "\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe"
+            "\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54"
+            "\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58"
+            "\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13"
+            "\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3"
+            "\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1"
+            "\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56"
+            "\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54"
+            "\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef"
+            "\x74\xe3\x4f\xe8\x8e\xb3\xac\x51",
+            WC_HASH_TYPE_SHA224),
+        INIT_SP80056C_TEST_VECTOR(
+            "\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2"
+            "\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54"
+            "\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee"
+            "\x7c\xfc\x46\x67\x08\x0a\xa0\xf9",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01"
+            "\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a"
+            "\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d"
+            "\xc9\x6d\x70\x09\x99\x16\xf1\x6b",
+            WC_HASH_TYPE_SHA224),
+#endif
+#if !defined(NO_SHA256)
+        /* SHA-256 */
+        INIT_SP80056C_TEST_VECTOR(
+            "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
+            "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
+            "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
+            "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
+            "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
+            "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
+            "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6",
+            WC_HASH_TYPE_SHA256),
+        INIT_SP80056C_TEST_VECTOR(
+            "\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8"
+            "\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5"
+            "\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97"
+            "\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d"
+            "\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2"
+            "\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf"
+            "\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45"
+            "\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c"
+            "\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67"
+            "\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55"
+            "\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36"
+            "\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7"
+            "\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1"
+            "\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34"
+            "\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba"
+            "\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b"
+            "\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27"
+            "\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8"
+            "\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a"
+            "\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b"
+            "\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d"
+            "\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe"
+            "\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82"
+            "\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8"
+            "\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c"
+            "\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55"
+            "\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0"
+            "\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c"
+            "\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07"
+            "\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b"
+            "\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e"
+            "\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76"
+            "\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67"
+            "\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a"
+            "\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b",
+            WC_HASH_TYPE_SHA256),
+            /* slightly modified vector to test generation when derivedKeySz %
+             * hashOutSz != 0*/
+            INIT_SP80056C_TEST_VECTOR(
+            "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
+            "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
+            "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
+            "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
+            "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
+            "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
+            "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc",
+            WC_HASH_TYPE_SHA256),
+
+#endif
+#if defined(WOLFSSL_SHA384)
+        /* SHA-384 */
+        INIT_SP80056C_TEST_VECTOR(
+            "\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8"
+            "\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4"
+            "\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e"
+            "\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a"
+            "\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0"
+            "\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24"
+            "\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda"
+            "\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee"
+            "\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c"
+            "\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8"
+            "\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40",
+            WC_HASH_TYPE_SHA384),
+#endif
+#if defined(WOLFSSL_SHA512)
+        /* SHA-512 */
+        INIT_SP80056C_TEST_VECTOR(
+            "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
+            "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
+            "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
+            "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
+            "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
+            "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
+            "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
+            "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
+            "\xde\x34\x54\xe4",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae"
+            "\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c"
+            "\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26"
+            "\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24"
+            "\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15"
+            "\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5"
+            "\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0"
+            "\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38",
+            WC_HASH_TYPE_SHA512),
+#endif
+        INIT_SP80056C_TEST_VECTOR(
+            "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
+            "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
+            "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
+            "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
+            "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
+            "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
+            "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
+            "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
+            "\xde\x34\x54\xe4",
+            "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
+            "\x42\x4f\x42\x42\x59\x34\x35\x36",
+            "\x2d\x4a",
+            WC_HASH_TYPE_SHA512),
+
+    };
+
+    for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) {
+        v = &vctors[i];
+        ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz,
+            v->derivedKeySz, v->hashType, output,
+            /* use derivedKeySz to force the function to use a temporary buff
+               for the last block */
+            v->derivedKeySz);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_EC(ret);
+        if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0)
+            return WC_TEST_RET_ENC_NC;
+    }
+
+    /* negative tests */
+    ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info",
+        sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        return WC_TEST_RET_ENC_NC;
+    ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16,
+        WC_HASH_TYPE_SHA256, output, 16);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        return WC_TEST_RET_ENC_NC;
+
+    /* allow empty FixedInfo */
+    ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
+        WC_HASH_TYPE_SHA256, output, 16);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    return 0;
+}
+#endif /* WC_KDF_NIST_SP_800_56C */
+
 /* optional macro to add sleep between tests */
 #ifndef TEST_SLEEP
 #define TEST_SLEEP() WC_DO_NOTHING
@@ -958,6 +1460,10 @@ wc_test_ret_t wolfcrypt_test(void* args)
     heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
 #endif
 
+#ifdef WC_RNG_SEED_CB
+        wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
+
     printf("------------------------------------------------------------------------------\n");
     printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
 #ifdef WOLF_CRYPTO_CB
@@ -1012,6 +1518,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         printf("unable to load static memory.\n");
         return(EXIT_FAILURE);
     }
+    #ifndef OPENSSL_EXTRA
+    wolfSSL_SetGlobalHeapHint(HEAP_HINT);
+    #endif
 #endif
 
 #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
@@ -1024,6 +1533,10 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 
 #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
     wolfCrypt_SetCb_fips(myFipsCb);
+    #if FIPS_VERSION3_GE(6,0,0)
+        printf("FIPS module version in use: %s\n",
+               wolfCrypt_GetVersion_fips());
+    #endif
 #endif
 
 #if !defined(NO_BIG_INT)
@@ -1334,6 +1847,28 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     PRIVATE_KEY_LOCK();
 #endif /* WOLFSSL_WOLFSSH */
 
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    PRIVATE_KEY_UNLOCK();
+    if ( (ret = prf_test()) != 0)
+        TEST_FAIL("PRF         test failed!\n", ret);
+    else
+        TEST_PASS("PRF         test passed!\n");
+    PRIVATE_KEY_LOCK();
+#endif
+
+#ifdef WOLFSSL_HAVE_PRF
+#if defined (HAVE_HKDF) && !defined(NO_HMAC)
+#ifdef WOLFSSL_BASE16
+    PRIVATE_KEY_UNLOCK();
+    if ( (ret = tls12_kdf_test()) != 0)
+        TEST_FAIL("TLSv1.2 KDF test failed!\n", ret);
+    else
+        TEST_PASS("TLSv1.2 KDF test passed!\n");
+    PRIVATE_KEY_LOCK();
+#endif /* WOLFSSL_BASE16 */
+#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
+#endif /* WOLFSSL_HAVE_PRF */
+
 #ifdef WOLFSSL_TLS13
     PRIVATE_KEY_UNLOCK();
     if ( (ret = tls13_kdf_test()) != 0)
@@ -1351,17 +1886,28 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = hpke_test()) != 0)
         TEST_FAIL("HPKE     test failed!\n", ret);
     else
         TEST_PASS("HPKE     test passed!\n");
+    PRIVATE_KEY_LOCK();
 #endif
 
 #if defined(WC_SRTP_KDF)
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = srtpkdf_test()) != 0)
         TEST_FAIL("SRTP KDF test failed!\n", ret);
     else
         TEST_PASS("SRTP KDF test passed!\n");
+    PRIVATE_KEY_LOCK();
+#endif
+
+#if defined(WC_KDF_NIST_SP_800_56C)
+    if ( (ret = nist_sp80056c_kdf_test()) != 0)
+        TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret);
+    else
+        TEST_PASS("NIST SP 800-56C KDF test passed!\n");
 #endif
 
 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
@@ -1415,6 +1961,18 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
 #endif
 
+#ifdef HAVE_ASCON
+    if ( (ret = ascon_hash256_test()) != 0)
+        return err_sys("ASCON Hash test failed!\n", ret);
+    else
+        TEST_PASS("ASCON Hash test passed!\n");
+
+    if ( (ret = ascon_aead128_test()) != 0)
+        return err_sys("ASCON AEAD test failed!\n", ret);
+    else
+        TEST_PASS("ASCON AEAD test passed!\n");
+#endif
+
 #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
     if ( (ret = XChaCha20Poly1305_test()) != 0)
         TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret);
@@ -1437,6 +1995,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #ifndef NO_AES
+    /* key sizes, ECB and Direct tests */
     if ( (ret = aes_test()) != 0)
         TEST_FAIL("AES      test failed!\n", ret);
     else
@@ -1457,11 +2016,25 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("AES256   test passed!\n");
 #endif
 
+#ifdef HAVE_AES_CBC
+    if ( (ret = aes_cbc_test()) != 0)
+        TEST_FAIL("AES-CBC  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CBC  test passed!\n");
+#endif
+
+#ifdef WOLFSSL_AES_COUNTER
+    if ( (ret = aes_ctr_test()) != 0)
+        TEST_FAIL("AES-CTR  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CTR  test passed!\n");
+#endif
+
 #ifdef WOLFSSL_AES_OFB
     if ( (ret = aesofb_test()) != 0)
         TEST_FAIL("AES-OFB  test failed!\n", ret);
     else
-        TEST_PASS("AESOFB   test passed!\n");
+        TEST_PASS("AES-OFB   test passed!\n");
 #endif
 
 #ifdef HAVE_AESGCM
@@ -1488,6 +2061,21 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("AES-CCM  test passed!\n");
 #endif
+
+#ifdef WOLFSSL_AES_CFB
+    if ( (ret = aes_cfb_test()) != 0)
+        TEST_FAIL("AES-CFB  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CFB  test passed!\n");
+#endif
+
+#ifdef WOLFSSL_AES_XTS
+    if ( (ret = aes_xts_test()) != 0)
+        TEST_FAIL("AES-XTS  test failed!\n", ret);
+    else
+        TEST_PASS("AES-XTS  test passed!\n");
+#endif
+
 #ifdef HAVE_AES_KEYWRAP
     if ( (ret = aeskeywrap_test()) != 0)
         TEST_FAIL("AES Key Wrap test failed!\n", ret);
@@ -1500,7 +2088,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("AES-SIV  test passed!\n");
 #endif
-#endif
+#endif /* !NO_AES */
 
 #if defined(WOLFSSL_AES_EAX) && \
     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
@@ -1578,10 +2166,22 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #ifndef NO_PWDBASED
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = pwdbased_test()) != 0)
         TEST_FAIL("PWDBASED test failed!\n", ret);
     else
         TEST_PASS("PWDBASED test passed!\n");
+    PRIVATE_KEY_LOCK();
+#endif
+
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS) && !defined(NO_DES3)
+    if ( (ret = pkcs12_test()) != 0)
+        TEST_FAIL("PKCS12   test failed!\n", ret);
+    else
+        TEST_PASS("PKCS12   test passed!\n");
 #endif
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
@@ -1671,10 +2271,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #ifdef HAVE_ED25519
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = ed25519_test()) != 0)
         TEST_FAIL("ED25519  test failed!\n", ret);
     else
         TEST_PASS("ED25519  test passed!\n");
+    PRIVATE_KEY_LOCK();
 #endif
 
 #ifdef HAVE_CURVE448
@@ -1685,10 +2287,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #ifdef HAVE_ED448
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = ed448_test()) != 0)
         TEST_FAIL("ED448    test failed!\n", ret);
     else
         TEST_PASS("ED448    test passed!\n");
+    PRIVATE_KEY_LOCK();
 #endif
 
 #ifdef WOLFSSL_HAVE_KYBER
@@ -1698,16 +2302,23 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("KYBER    test passed!\n");
 #endif
 
-#if defined(WOLFSSL_HAVE_XMSS)
-    #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
-    if ( (ret = xmss_test()) != 0)
-        TEST_FAIL("XMSS     test failed!\n", ret);
+#ifdef HAVE_DILITHIUM
+    if ( (ret = dilithium_test()) != 0)
+        TEST_FAIL("DILITHIUM test failed!\n", ret);
     else
-        TEST_PASS("XMSS     test passed!\n");
+        TEST_PASS("DILITHIUM test passed!\n");
+#endif
+
+#if defined(WOLFSSL_HAVE_XMSS)
+    #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    if ( (ret = xmss_test_verify_only()) != 0)
+        TEST_FAIL("XMSS Vfy test failed!\n", ret);
+    else
+        TEST_PASS("XMSS Vfy test passed!\n");
     #endif
 
-    #if defined(WOLFSSL_XMSS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    if ( (ret = xmss_test_verify_only()) != 0)
+    #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
+    if ( (ret = xmss_test()) != 0)
         TEST_FAIL("XMSS     test failed!\n", ret);
     else
         TEST_PASS("XMSS     test passed!\n");
@@ -1715,15 +2326,18 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif /* if defined(WOLFSSL_HAVE_XMSS) */
 
 #if defined(WOLFSSL_HAVE_LMS)
-    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
-    if ( (ret = lms_test()) != 0)
-        TEST_FAIL("LMS      test failed!\n", ret);
+    #if !defined(WOLFSSL_SMALL_STACK)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
+    if ( (ret = lms_test_verify_only()) != 0)
+        TEST_FAIL("LMS Vfy  test failed!\n", ret);
     else
-        TEST_PASS("LMS      test passed!\n");
+        TEST_PASS("LMS Vfy  test passed!\n");
+        #endif
     #endif
 
-    #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
-    if ( (ret = lms_test_verify_only()) != 0)
+    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
+    if ( (ret = lms_test()) != 0)
         TEST_FAIL("LMS      test failed!\n", ret);
     else
         TEST_PASS("LMS      test passed!\n");
@@ -1827,9 +2441,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 
 #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
     if ( (ret = time_test()) != 0)
-        TEST_FAIL("time test failed!\n", ret);
+        TEST_FAIL("time     test failed!\n", ret);
     else
-        TEST_PASS("time test passed!\n");
+        TEST_PASS("time     test passed!\n");
 #endif
 
 #if defined(__INCLUDE_NUTTX_CONFIG_H)
@@ -1855,7 +2469,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("blob     test passed!\n");
 #endif
 
-#if defined(WOLF_CRYPTO_CB) && \
+#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && \
     !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
       defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
     if ( (ret = cryptocb_test()) != 0)
@@ -1897,10 +2511,20 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     if (args)
         ((func_args*)args)->return_code = ret;
 
+/* If hardware acceleration and respective metrics tracked, show results: */
+#ifdef WOLFSSL_HW_METRICS
+    #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
+        esp_hw_show_mp_metrics();
+    #endif
+#endif
+
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(OPENSSL_EXTRA)
+    wolfSSL_SetGlobalHeapHint(NULL);
+#endif
     TEST_PASS("Test complete\n");
 
     EXIT_TEST(ret);
-}
+} /* end of wolfcrypt_test() */
 
 #ifndef NO_MAIN_DRIVER
 
@@ -1937,7 +2561,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 #ifdef WOLFSSL_APACHE_MYNEWT
         #ifdef ARCH_sim
-        mcu_sim_parse_args(argc, argv);
+            mcu_sim_parse_args(argc, argv);
         #endif
         sysinit();
 
@@ -1977,6 +2601,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         VIDEO_WaitVSync();
         if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
 #endif
+#ifdef WOLFSSL_NDS
+        /* Init Console output */
+        consoleDemoInit();
+
+        /* Init the Filesystem */
+        fatInitDefault();
+#endif
 
 #ifdef HAVE_WNR
         if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
@@ -1994,19 +2625,15 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
             err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret));
         }
 
-    #ifdef HAVE_WC_INTROSPECTION
+#ifdef HAVE_WC_INTROSPECTION
         printf("Math: %s\n", wc_GetMathInfo());
-    #endif
-
-#ifdef WC_RNG_SEED_CB
-    wc_SetSeed_Cb(wc_GenerateSeed);
 #endif
 
-    #ifdef HAVE_STACK_SIZE
+#ifdef HAVE_STACK_SIZE
         StackSizeCheck(&args, wolfcrypt_test);
-    #else
+#else
         wolfcrypt_test(&args);
-    #endif
+#endif
 
         if ((ret = wolfCrypt_Cleanup()) != 0) {
             printf("wolfCrypt_Cleanup failed %d\n", (int)ret);
@@ -2026,7 +2653,26 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         while (1);
 #endif
 
+#ifdef WOLFSSL_NDS
+        /* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */
+        printf("args.return_code: %d\n", args.return_code);
+        printf("Testing complete. Press Start to exit the Program\n");
+        while(1) {
+            swiWaitForVBlank();
+            scanKeys();
+            int keys = keysDown();
+            if(keys & KEY_START) break;
+        }
+#endif
+
+#if defined(WOLFSSL_ESPIDF)
+        /* ESP_LOGI to print takes up a lot less memory than printf */
+        ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
+                        args.return_code);
+#else
+        /* gate this for target platforms wishing to avoid printf reference */
         printf("Exiting main with return code: %ld\n", (long int)args.return_code);
+#endif
 
         return args.return_code;
     } /* wolfcrypt_test_main or wolf_test_task */
@@ -2055,7 +2701,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
     if (!derFile) {
         return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I);
     }
-    ret = (int)XFWRITE(der, 1, derSz, derFile);
+    ret = (int)XFWRITE(der, 1, (size_t)derSz, derFile);
     XFCLOSE(derFile);
     if (ret != derSz) {
         return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I);
@@ -2067,38 +2713,55 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         XFILE pemFile;
     #endif
+    #ifndef WOLFSSL_NO_MALLOC
         byte* pem;
+    #else
+        byte pem[2048];
+    #endif
         int pemSz;
 
         /* calculate PEM size */
-        pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
+        pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, pemType);
         if (pemSz < 0) {
             return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
         }
-        pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #ifndef WOLFSSL_NO_MALLOC
+        pem = (byte*)XMALLOC((word32)pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
             return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
         }
+    #else
+        if (pemSz > (int)sizeof(pem))
+            return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG);
+    #endif
         /* Convert to PEM */
-        pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
+        pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
         if (pemSz < 0) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
         }
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         pemFile = XFOPEN(filePem, "wb");
         if (!pemFile) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
         }
-        ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
+        ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
         XFCLOSE(pemFile);
         if (ret != pemSz) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
         }
     #endif
+        #ifndef WOLFSSL_NO_MALLOC
         XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
     }
 #endif /* WOLFSSL_DER_TO_PEM */
 
@@ -2124,8 +2787,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
     /* Ensure a valid error code's string matches an invalid code's.
      * The string is that error strings are not available.
      */
-    errStr = wc_GetErrorString(OPEN_RAN_E);
-    wc_ErrorString(OPEN_RAN_E, out);
+    WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
+    errStr = wc_GetErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E));
+    wc_ErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E), out);
     if (XSTRCMP(errStr, unknownStr) != 0)
         return WC_TEST_RET_ENC_NC;
     if (XSTRCMP(out, unknownStr) != 0)
@@ -2134,33 +2798,55 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
     int i;
     int j = 0;
     /* Values that are not or no longer error codes. */
-    int missing[] = { -123, -124, -128, -129, -159, -163, -164,
-                      -165, -166, -167, -168, -169, -233,   0 };
+    static const struct {
+        int first;
+        int last;
+    } missing[] = {
+        { -124, -124 },
+        { -167, -169 },
+        { WC_SPAN1_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
+        { WC_SPAN2_LAST_E - 1, WC_SPAN2_MIN_CODE_E }
+    };
 
     /* Check that all errors have a string and it's the same through the two
      * APIs. Check that the values that are not errors map to the unknown
      * string.
      */
-    for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
+    for (i = WC_SPAN1_FIRST_E; i >= WC_SPAN2_MIN_CODE_E; i--) {
+        int this_missing = 0;
+        for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
+            if ((i <= missing[j].first) && (i >= missing[j].last)) {
+                this_missing = 1;
+                break;
+            }
+        }
         errStr = wc_GetErrorString(i);
         wc_ErrorString(i, out);
 
-        if (i != missing[j]) {
-            if (XSTRCMP(errStr, unknownStr) == 0)
-                return WC_TEST_RET_ENC_NC;
-            if (XSTRCMP(out, unknownStr) == 0)
-                return WC_TEST_RET_ENC_NC;
-            if (XSTRCMP(errStr, out) != 0)
-                return WC_TEST_RET_ENC_NC;
-            if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
-                return WC_TEST_RET_ENC_NC;
+        if (! this_missing) {
+            if (XSTRCMP(errStr, unknownStr) == 0) {
+                WOLFSSL_MSG("errStr unknown");
+                return WC_TEST_RET_ENC_I(-i);
+            }
+            if (XSTRCMP(out, unknownStr) == 0) {
+                WOLFSSL_MSG("out unknown");
+                return WC_TEST_RET_ENC_I(-i);
+            }
+            if (XSTRCMP(errStr, out) != 0) {
+                WOLFSSL_MSG("errStr does not match output");
+                return WC_TEST_RET_ENC_I(-i);
+            }
+            if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
+                WOLFSSL_MSG("errStr too long");
+                return WC_TEST_RET_ENC_I(-i);
+            }
         }
         else {
             j++;
             if (XSTRCMP(errStr, unknownStr) != 0)
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             if (XSTRCMP(out, unknownStr) != 0)
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
         }
     }
 
@@ -2203,6 +2889,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         "0123456789+/;";
     byte charTest[] = "A+Gd\0\0\0";
     int        i;
+    WOLFSSL_ENTER("base64_test");
 
     /* Good Base64 encodings. */
     outLen = sizeof(out);
@@ -2227,25 +2914,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
     /* Bad parameters. */
     outLen = 1;
     ret = Base64_Decode(good, sizeof(good), out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     outLen = sizeof(out);
     ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
-    if (ret != ASN_INPUT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
-    if (ret != ASN_INPUT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
         return WC_TEST_RET_ENC_EC(ret);
     /* Bad character at each offset 0-3. */
     for (i = 0; i < 4; i++) {
         outLen = sizeof(out);
         ret = Base64_Decode(badSmall + i, 4, out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
         ret = Base64_Decode(badLarge + i, 4, out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Invalid character less than 0x2b */
@@ -2253,7 +2940,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         outLen = sizeof(out);
         charTest[0] = (byte)i;
         ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Bad characters in range 0x2b - 0x7a. */
@@ -2261,7 +2948,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         outLen = sizeof(out);
         charTest[0] = badChar[i];
         ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Invalid character greater than 0x7a */
@@ -2269,7 +2956,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         outLen = sizeof(out);
         charTest[0] = (byte)i;
         ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -2282,7 +2969,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Encode(data, dataLen, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Encode(data, dataLen, out, &outLen);
@@ -2290,11 +2977,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = 7;
     ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
@@ -2334,6 +3021,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void)
     word32 encodedLen;
     byte   plain[40];
     word32 len;
+    WOLFSSL_ENTER("base16_test");
 
     /* length returned includes null termination */
     encodedLen = sizeof(encoded);
@@ -2368,8 +3056,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
 {
     wc_test_ret_t ret;
     /* ASN1 encoded date buffer */
-    WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
-                            0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
+    WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {
+        0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
+        0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a
+    };
     byte format;
     int length;
     const byte* datePart;
@@ -2377,6 +3067,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
     struct tm timearg;
     time_t now;
 #endif
+    int i;
+    unsigned char buf[16];
+
+    WOLFSSL_ENTER("asn_test");
 
     ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
                          &length);
@@ -2385,9 +3079,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
 
 #ifndef NO_ASN_TIME
     /* Parameter Validation tests. */
-    if ((ret = wc_GetTime(NULL, sizeof(now))) != BAD_FUNC_ARG)
+    if ((ret = wc_GetTime(NULL, sizeof(now))) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    if ((ret = wc_GetTime(&now, 0)) != BUFFER_E)
+    if ((ret = wc_GetTime(&now, 0)) != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     now = 0;
@@ -2404,6 +3098,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* !NO_ASN_TIME */
 
+    /* Test that only calculating the length works. */
+    for (i = 16; i < 32; i++) {
+        ret = wc_PkcsPad(NULL, i, 16);
+        if (ret != i + (16 - (i % 16)))
+            return WC_TEST_RET_ENC_I(i);
+    }
+
+    /* Test that adding padding works. */
+    XMEMSET(buf, 0xa5, sizeof(buf));
+    for (i = 15; i >= 0; i--) {
+        int j;
+        ret = wc_PkcsPad(buf, i, 16);
+        if (ret != 16)
+            return WC_TEST_RET_ENC_I(i);
+        /* Check padded buffer. */
+        for (j = 0; j < 16; j++) {
+            /* Check buffer bytes haven't been modified. */
+            if ((j < i) && (buf[j] != 0xa5))
+                return WC_TEST_RET_ENC_I(i);
+            /* Check padding bytes are correct. */
+            if (j >= i && (buf[j] != (16 - i)))
+                return WC_TEST_RET_ENC_I(i);
+        }
+    }
+
     return 0;
 }
 #endif /* !NO_ASN */
@@ -2412,56 +3131,57 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
 {
     wc_test_ret_t ret = 0;
-    Md2  md2;
-    byte hash[MD2_DIGEST_SIZE];
+    wc_Md2 md2;
+    byte hash[WC_MD2_DIGEST_SIZE];
 
     testVector a, b, c, d, e, f, g;
     testVector test_md2[7];
     int times = sizeof(test_md2) / sizeof(testVector), i;
+    WOLFSSL_ENTER("md2_test");
 
     a.input  = "";
     a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
                "\x27\x73";
     a.inLen  = XSTRLEN(a.input);
-    a.outLen = MD2_DIGEST_SIZE;
+    a.outLen = WC_MD2_DIGEST_SIZE;
 
     b.input  = "a";
     b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
                "\xb5\xd1";
     b.inLen  = XSTRLEN(b.input);
-    b.outLen = MD2_DIGEST_SIZE;
+    b.outLen = WC_MD2_DIGEST_SIZE;
 
     c.input  = "abc";
     c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
                "\xd6\xbb";
     c.inLen  = XSTRLEN(c.input);
-    c.outLen = MD2_DIGEST_SIZE;
+    c.outLen = WC_MD2_DIGEST_SIZE;
 
     d.input  = "message digest";
     d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
                "\x06\xb0";
     d.inLen  = XSTRLEN(d.input);
-    d.outLen = MD2_DIGEST_SIZE;
+    d.outLen = WC_MD2_DIGEST_SIZE;
 
     e.input  = "abcdefghijklmnopqrstuvwxyz";
     e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
                "\x94\x0b";
     e.inLen  = XSTRLEN(e.input);
-    e.outLen = MD2_DIGEST_SIZE;
+    e.outLen = WC_MD2_DIGEST_SIZE;
 
     f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
                "6789";
     f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
                "\x38\xcd";
     f.inLen  = XSTRLEN(f.input);
-    f.outLen = MD2_DIGEST_SIZE;
+    f.outLen = WC_MD2_DIGEST_SIZE;
 
     g.input  = "1234567890123456789012345678901234567890123456789012345678"
                "9012345678901234567890";
     g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
                "\xef\xd8";
     g.inLen  = XSTRLEN(g.input);
-    g.outLen = MD2_DIGEST_SIZE;
+    g.outLen = WC_MD2_DIGEST_SIZE;
 
     test_md2[0] = a;
     test_md2[1] = b;
@@ -2477,7 +3197,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
         wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
         wc_Md2Final(&md2, hash);
 
-        if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
+        if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0)
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -2487,7 +3207,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
             return WC_TEST_RET_ENC_I(i);
         }
 
-        if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
+        if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -2506,6 +3226,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void)
     testVector a, b, c, d, e, f;
     testVector test_md5[6];
     int times = sizeof(test_md5) / sizeof(testVector), i;
+    WOLFSSL_ENTER("md5_test");
 
     a.input  = "";
     a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
@@ -2629,56 +3350,57 @@ exit:
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
 {
-    Md4  md4;
-    byte hash[MD4_DIGEST_SIZE];
+    wc_Md4 md4;
+    byte hash[WC_MD4_DIGEST_SIZE];
 
     testVector a, b, c, d, e, f, g;
     testVector test_md4[7];
     int times = sizeof(test_md4) / sizeof(testVector), i;
+    WOLFSSL_ENTER("md4_test");
 
     a.input  = "";
     a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
                "\xc0";
     a.inLen  = XSTRLEN(a.input);
-    a.outLen = MD4_DIGEST_SIZE;
+    a.outLen = WC_MD4_DIGEST_SIZE;
 
     b.input  = "a";
     b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
                "\x24";
     b.inLen  = XSTRLEN(b.input);
-    b.outLen = MD4_DIGEST_SIZE;
+    b.outLen = WC_MD4_DIGEST_SIZE;
 
     c.input  = "abc";
     c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
                "\x9d";
     c.inLen  = XSTRLEN(c.input);
-    c.outLen = MD4_DIGEST_SIZE;
+    c.outLen = WC_MD4_DIGEST_SIZE;
 
     d.input  = "message digest";
     d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
                "\x4b";
     d.inLen  = XSTRLEN(d.input);
-    d.outLen = MD4_DIGEST_SIZE;
+    d.outLen = WC_MD4_DIGEST_SIZE;
 
     e.input  = "abcdefghijklmnopqrstuvwxyz";
     e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
                "\xa9";
     e.inLen  = XSTRLEN(e.input);
-    e.outLen = MD4_DIGEST_SIZE;
+    e.outLen = WC_MD4_DIGEST_SIZE;
 
     f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
                "6789";
     f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
                "\xe4";
     f.inLen  = XSTRLEN(f.input);
-    f.outLen = MD4_DIGEST_SIZE;
+    f.outLen = WC_MD4_DIGEST_SIZE;
 
     g.input  = "1234567890123456789012345678901234567890123456789012345678"
                "9012345678901234567890";
     g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
                "\x36";
     g.inLen  = XSTRLEN(g.input);
-    g.outLen = MD4_DIGEST_SIZE;
+    g.outLen = WC_MD4_DIGEST_SIZE;
 
     test_md4[0] = a;
     test_md4[1] = b;
@@ -2694,7 +3416,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
         wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
         wc_Md4Final(&md4, hash);
 
-        if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
+        if (XMEMCMP(hash, test_md4[i].output, WC_MD4_DIGEST_SIZE) != 0)
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -2714,6 +3436,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
     testVector a, b, c, d, e;
     testVector test_sha[5];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha_test");
 
     a.input  = "";
     a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
@@ -2844,6 +3567,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void)
     testVector a, b, c, d;
     testVector test_ripemd[4];
     int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("ripemd_test");
 
     a.input  = "abc";
     a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
@@ -2948,6 +3672,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
     byte    digest[64];
     byte    input[64];
     int     i, ret;
+    WOLFSSL_ENTER("blake2b_test");
 
     for (i = 0; i < (int)sizeof(input); i++)
         input[i] = (byte)i;
@@ -2957,7 +3682,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
 
-        ret = wc_Blake2bUpdate(&b2b, input, i);
+        ret = wc_Blake2bUpdate(&b2b, input, (word32)i);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
 
@@ -3009,6 +3734,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
     byte    digest[32];
     byte    input[64];
     int     i, ret;
+    WOLFSSL_ENTER("blake2s_test");
 
     for (i = 0; i < (int)sizeof(input); i++)
         input[i] = (byte)i;
@@ -3018,7 +3744,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
 
-        ret = wc_Blake2sUpdate(&b2s, input, i);
+        ret = wc_Blake2sUpdate(&b2s, input, (word32)i);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
 
@@ -3047,6 +3773,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha224_test");
 
     a.input  = "";
     a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
@@ -3118,9 +3845,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     byte      hashcopy[WC_SHA256_DIGEST_SIZE];
     wc_test_ret_t ret = 0;
 
-    testVector a, b, c;
-    testVector test_sha[3];
+    testVector a, b, c, d;
+    testVector test_sha[4];
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    byte       i_hash[WC_SHA256_DIGEST_SIZE];
+    byte       i_hashcopy[WC_SHA256_DIGEST_SIZE];
+    testVector interleave_test_sha[4];
+    wc_Sha256  i_sha, i_shaCopy;
+#endif
+#ifndef NO_LARGE_HASH_TEST
+#define LARGE_HASH_TEST_INPUT_SZ 1024
+#ifdef WOLFSSL_SMALL_STACK
+    byte *large_input = NULL;
+#else
+    byte large_input[LARGE_HASH_TEST_INPUT_SZ];
+#endif
+#endif
+
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha256_test");
 
     a.input  = "";
     a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
@@ -3143,18 +3886,49 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA256_DIGEST_SIZE;
 
+    d.input  = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+               "aaaaaa"; /* this is BLOCKSIZE length */
+    d.output = "\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52"
+               "\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46"
+               "\x68\xEB";
+    d.inLen  = XSTRLEN(d.input);
+    d.outLen = WC_SHA256_DIGEST_SIZE;
+
     test_sha[0] = a;
     test_sha[1] = b;
     test_sha[2] = c;
+    test_sha[3] = d;
+
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    interleave_test_sha[0] = a;
+    interleave_test_sha[1] = b;
+    interleave_test_sha[2] = c;
+    interleave_test_sha[3] = d;
+#endif
 
     ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    ret = wc_InitSha256_ex(&i_sha, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+#endif
+
     ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
     if (ret != 0) {
         wc_Sha256Free(&sha);
         return WC_TEST_RET_ENC_EC(ret);
     }
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId);
+    if (ret != 0) {
+        wc_Sha256Free(&sha);
+        wc_Sha256Free(&i_sha);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+#endif
 
     for (i = 0; i < times; ++i) {
         ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
@@ -3162,36 +3936,91 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
         }
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256Update(&i_sha, (byte*)interleave_test_sha[i].input,
+            (word32)interleave_test_sha[i].inLen);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#endif
+
         ret = wc_Sha256GetHash(&sha, hashcopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256GetHash(&i_sha, i_hashcopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha256Copy(&sha, &shaCopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256Copy(&i_sha, &i_shaCopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha256Final(&sha, hash);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
-        wc_Sha256Free(&shaCopy);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        ret = wc_Sha256Final(&i_sha, i_hash);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
 
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
+        wc_Sha256Free(&shaCopy);
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        wc_Sha256Free(&i_shaCopy);
+#endif
+
+        if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
-        if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
+        }
+        if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+        if (XMEMCMP(i_hash, interleave_test_sha[i].output,
+                                    WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, i_hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#endif
     }
 
 #ifndef NO_LARGE_HASH_TEST
     /* BEGIN LARGE HASH TEST */ {
-    byte large_input[1024];
 #ifdef HASH_SIZE_LIMIT
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
             "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
             "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
 #else
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
            "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
            "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
 #endif
-    for (i = 0; i < (int)sizeof(large_input); i++) {
+
+#ifdef WOLFSSL_SMALL_STACK
+    large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
+                                  DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (large_input == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
+    }
+#endif
+
+    for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
         large_input[i] = (byte)(i & 0xFF);
     }
 #ifdef HASH_SIZE_LIMIT
@@ -3200,11 +4029,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     times = 100;
 #endif
 #ifdef WOLFSSL_PIC32MZ_HASH
-    wc_Sha256SizeSet(&sha, times * sizeof(large_input));
+    wc_Sha256SizeSet(&sha, times * LARGE_HASH_TEST_INPUT_SZ);
 #endif
     for (i = 0; i < times; ++i) {
         ret = wc_Sha256Update(&sha, (byte*)large_input,
-            (word32)sizeof(large_input));
+            LARGE_HASH_TEST_INPUT_SZ);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         }
@@ -3214,13 +4043,44 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
     if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
     } /* END LARGE HASH TEST */
+#undef LARGE_HASH_TEST_INPUT_SZ
 #endif /* NO_LARGE_HASH_TEST */
 
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+    {
+        WOLFSSL_SMALL_STACK_STATIC const unsigned char
+            data_hb[WC_SHA256_BLOCK_SIZE] = {
+            0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
+        };
+
+        ret = wc_Sha256HashBlock(&sha, data_hb, hash);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
+        }
+        if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
+        }
+    }
+#endif
+
 exit:
 
+#if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
     wc_Sha256Free(&sha);
     wc_Sha256Free(&shaCopy);
-
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    wc_Sha256Free(&i_sha);
+    wc_Sha256Free(&i_shaCopy);
+#endif
     return ret;
 }
 #endif
@@ -3239,7 +4099,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
 
     testVector a, b, c;
     testVector test_sha[3];
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    wc_Sha512  i_sha, i_shaCopy;
+    byte       i_hash[WC_SHA512_DIGEST_SIZE];
+    byte       i_hashcopy[WC_SHA512_DIGEST_SIZE];
+    testVector interleave_test_sha[3];
+#endif
+#ifndef NO_LARGE_HASH_TEST
+#define LARGE_HASH_TEST_INPUT_SZ 1024
+#ifdef WOLFSSL_SMALL_STACK
+    byte *large_input = NULL;
+#else
+    byte large_input[LARGE_HASH_TEST_INPUT_SZ];
+#endif
+#endif
+
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha512_test");
 
     a.input  = "";
     a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
@@ -3273,55 +4149,127 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
     test_sha[1] = b;
     test_sha[2] = c;
 
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    interleave_test_sha[0] = a;
+    interleave_test_sha[1] = b;
+    interleave_test_sha[2] = c;
+#endif
+
     ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    ret = wc_InitSha512_ex(&i_sha, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+#endif
+
     ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
     if (ret != 0) {
         wc_Sha512Free(&sha);
         return WC_TEST_RET_ENC_EC(ret);
     }
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+    ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId);
+    if (ret != 0) {
+        wc_Sha512Free(&sha);
+        wc_Sha512Free(&i_sha);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+#endif
 
     for (i = 0; i < times; ++i) {
         ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
             (word32)test_sha[i].inLen);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512Update(&i_sha, (byte*)interleave_test_sha[i].input,
+            (word32)interleave_test_sha[i].inLen);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha512GetHash(&sha, hashcopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512GetHash(&i_sha, i_hashcopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha512Copy(&sha, &shaCopy);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512Copy(&i_sha, &i_shaCopy);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         ret = wc_Sha512Final(&sha, hash);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        ret = wc_Sha512Final(&i_sha, i_hash);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#endif
+
         wc_Sha512Free(&shaCopy);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        wc_Sha512Free(&i_shaCopy);
+#endif
 
         if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
         if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
+        if (XMEMCMP(i_hash, interleave_test_sha[i].output,
+                                        WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, i_hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+        if (XMEMCMP(i_hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
+        }
+#endif
+
     }
 
 #ifndef NO_LARGE_HASH_TEST
     /* BEGIN LARGE HASH TEST */ {
-    byte large_input[1024];
 #ifdef HASH_SIZE_LIMIT
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
         "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
         "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
         "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
         "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
 #else
-    const char* large_digest =
+    WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
         "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
         "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
         "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
         "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
 #endif
 
-    for (i = 0; i < (int)sizeof(large_input); i++) {
+#ifdef WOLFSSL_SMALL_STACK
+    large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
+                                  DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (large_input == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
+    }
+#endif
+
+    for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
         large_input[i] = (byte)(i & 0xFF);
     }
 #ifdef HASH_SIZE_LIMIT
@@ -3331,7 +4279,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
 #endif
     for (i = 0; i < times; ++i) {
         ret = wc_Sha512Update(&sha, (byte*)large_input,
-            (word32)sizeof(large_input));
+            LARGE_HASH_TEST_INPUT_SZ);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     }
@@ -3345,19 +4293,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            LARGE_HASH_TEST_INPUT_SZ - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512Final(&sha, hash);
     }
 #endif
     } /* END LARGE HASH TEST */
+#undef LARGE_HASH_TEST_INPUT_SZ
 #endif /* NO_LARGE_HASH_TEST */
 
 exit:
+
+#if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
     wc_Sha512Free(&sha);
     wc_Sha512Free(&shaCopy);
-
+#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
+    wc_Sha512Free(&i_sha);
+    wc_Sha512Free(&i_shaCopy);
+#endif
     return ret;
 }
 
@@ -3379,6 +4335,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha512_224_test");
 
     a.input  = "";
     a.output = "\x6e\xd0\xdd\x02"
@@ -3494,7 +4451,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512_224Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            (word32)sizeof(large_input) - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512_224Final(&sha, hash);
@@ -3530,6 +4487,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha512_256_test");
 
     a.input  = "";
     a.output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
@@ -3646,7 +4604,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512_256Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            (word32)sizeof(large_input) - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512_256Final(&sha, hash);
@@ -3677,6 +4635,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
     testVector a, b, c;
     testVector test_sha[3];
     int times = sizeof(test_sha) / sizeof(struct testVector), i;
+    WOLFSSL_ENTER("sha384_test");
 
     a.input  = "";
 
@@ -4223,6 +5182,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void)
     wc_test_ret_t ret;
 
     (void)ret;
+    WOLFSSL_ENTER("sha3_test");
 
 #ifndef WOLFSSL_NOSHA3_224
     if ((ret = sha3_224_test()) != 0)
@@ -4456,6 +5416,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
         "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
         "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
         "\xfa\x1b";
+    WOLFSSL_ENTER("shake128_test");
 
 
     /*
@@ -4593,8 +5554,7 @@ exit:
     wc_Shake128_Free(&sha);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (large_input != NULL)
-        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -4796,6 +5756,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
         "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
         "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
         "\xea\x26";
+
+    WOLFSSL_ENTER("shake256_test");
     /*
     ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
     */
@@ -4930,8 +5892,7 @@ exit:
     wc_Shake256_Free(&sha);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (large_input != NULL)
-        XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -4946,6 +5907,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
     byte   hashGet[WC_SM3_DIGEST_SIZE];
     byte   hashCopy[WC_SM3_DIGEST_SIZE];
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("sm3_test");
 
     testVector a, b, c;
     testVector test_sm3[3];
@@ -5103,7 +6065,11 @@ exit:
 #ifndef NO_HASH_WRAPPER
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 {
-    wc_HashAlg       hash;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_HashAlg      *hash = NULL;
+#else
+    wc_HashAlg       hash[1];
+#endif
     int              ret, exp_ret;
     int              i, j;
     int              digestSz;
@@ -5159,41 +6125,52 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
                                         WC_HASH_TYPE_BLAKE2B,
                                         WC_HASH_TYPE_NONE };
 
+    WOLFSSL_ENTER("hash_test");
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret);
+    if (hash == NULL) {
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+#else
+    XMEMSET(hash, 0, sizeof(wc_HashAlg));
+#endif
+
     /* Parameter Validation testing. */
     ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
+    ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
-    if (ret != BAD_FUNC_ARG)
+    ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Try invalid hash algorithms. */
     for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
-        ret = wc_HashInit(&hash, typesBad[i]);
-        if (ret != BAD_FUNC_ARG)
+        ret = wc_HashInit(hash, typesBad[i]);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
-        if (ret != BAD_FUNC_ARG)
+        ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data));
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashFinal(&hash, typesBad[i], out);
-        if (ret != BAD_FUNC_ARG)
+        ret = wc_HashFinal(hash, typesBad[i], out);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_I(i);
-        wc_HashFree(&hash, typesBad[i]);
+        wc_HashFree(hash, typesBad[i]);
     }
 
     /* Try valid hash algorithms. */
@@ -5204,16 +6181,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
             exp_ret = HASH_TYPE_E;
             j++;
         }
-        ret = wc_HashInit(&hash, typesGood[i]);
+        ret = wc_HashInit(hash, typesGood[i]);
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
+        ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data));
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashFinal(&hash, typesGood[i], out);
+        ret = wc_HashFinal(hash, typesGood[i], out);
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        wc_HashFree(&hash, typesGood[i]);
+        wc_HashFree(hash, typesGood[i]);
 
         digestSz = wc_HashGetDigestSize(typesGood[i]);
         if (exp_ret < 0 && digestSz != exp_ret)
@@ -5222,14 +6199,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
             return WC_TEST_RET_ENC_I(i);
         if (exp_ret == 0) {
             ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
-                                                                  digestSz - 1);
-            if (ret != BUFFER_E)
+                                                        (word32)digestSz - 1);
+            if (ret != WC_NO_ERR_TRACE(BUFFER_E))
                 return WC_TEST_RET_ENC_I(i);
         }
-        ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
+        ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
         if (ret != exp_ret)
             return WC_TEST_RET_ENC_I(i);
-        if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
+        if (exp_ret == 0 && XMEMCMP(out, hashOut, (word32)digestSz) != 0)
             return WC_TEST_RET_ENC_I(i);
 
         ret = wc_HashGetBlockSize(typesGood[i]);
@@ -5240,9 +6217,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
 #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
         ret = wc_HashGetOID(typesGood[i]);
-        if (ret == BAD_FUNC_ARG ||
-                (exp_ret == 0 && ret == HASH_TYPE_E) ||
-                (exp_ret != 0 && ret != HASH_TYPE_E)) {
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) ||
+                (exp_ret == 0 && ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) ||
+                (exp_ret != 0 && ret != WC_NO_ERR_TRACE(HASH_TYPE_E))) {
             return WC_TEST_RET_ENC_I(i);
         }
 
@@ -5254,17 +6231,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
         ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
-        if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E))
+        if ((ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) &&
+            (ret != WC_NO_ERR_TRACE(BUFFER_E)) &&
+            (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)))
+        {
             return WC_TEST_RET_ENC_I(i);
+        }
     }
 
 #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     hashType = wc_OidGetHash(646); /* Md2h */
@@ -5278,17 +6262,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
 #ifndef NO_MD5
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     hashType = wc_OidGetHash(0);
@@ -5298,73 +6285,94 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
 #ifndef NO_MD4
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
 #ifndef NO_MD4
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
 #if !defined(NO_MD5) && !defined(NO_SHA)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #else
-    if (ret != HASH_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if !defined(NO_CERTS) && !defined(NO_ASN)
 #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = wc_GetCTC_HashOID(MD2);
+    ret = wc_GetCTC_HashOID(WC_HASH_TYPE_MD2);
     if (ret == 0)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
@@ -5403,6 +6411,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    (void)wc_HashDelete(hash, &hash);
+#endif
+
     return 0;
 }
 #endif /* !NO_HASH_WRAPPER */
@@ -5419,15 +6431,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
     {
         "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
         "Jefe",
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
         "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
     };
 
-    testVector a, b, c;
-    testVector test_hmac[3];
+    testVector a, b, c, d;
+    testVector test_hmac[4];
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_md5_test");
 
+    /* Following test vectors are from RFC 2202 section 2 */
     a.input  = "Hi There";
     a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
                "\x9d";
@@ -5449,9 +6468,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_MD5_DIGEST_SIZE;
 
+    d.input  = "Test Using Larger Than Block-Size Key - Hash Key First";
+    d.output = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0"
+               "\xcd";
+    d.inLen = XSTRLEN(d.input);
+    d.outLen = WC_MD5_DIGEST_SIZE;
+
+
     test_hmac[0] = a;
     test_hmac[1] = b;
     test_hmac[2] = c;
+    test_hmac[3] = d;
 
     for (i = 0; i < times; ++i) {
     #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
@@ -5482,7 +6509,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
         wc_HmacFree(&hmac);
     }
 
-#ifndef HAVE_FIPS
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
@@ -5503,15 +6530,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
                                                                 "\x0b\x0b\x0b",
         "Jefe",
         "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA",
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
     };
 
-    testVector a, b, c;
-    testVector test_hmac[3];
+    testVector a, b, c, d;
+    testVector test_hmac[4];
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha_test");
 
+    /* Following test vectors are from RFC 2202 section 3 */
     a.input  = "Hi There";
     a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
                "\x8e\xf1\x46\xbe\x00";
@@ -5533,12 +6567,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA_DIGEST_SIZE;
 
+    d.input  = "Test Using Larger Than Block-Size Key - Hash Key First";
+    d.output = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b"
+               "\x55\xed\x40\x21\x12";
+    d.inLen = XSTRLEN(d.input);
+    d.outLen = WC_SHA_DIGEST_SIZE;
+
     test_hmac[0] = a;
     test_hmac[1] = b;
     test_hmac[2] = c;
+    test_hmac[3] = d;
+#if FIPS_VERSION3_GE(6,0,0)
+    int allowShortKeyWithFips = 1;
+#endif
 
     for (i = 0; i < times; ++i) {
-#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
+#if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))
         if (i == 1)
             continue; /* cavium can't handle short keys, fips not allowed */
 #endif
@@ -5548,6 +6592,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
 
         ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
             (word32)XSTRLEN(keys[i]));
+#if FIPS_VERSION3_GE(6,0,0)
+        if (i == 1) {
+            if (ret != WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E))
+                return WC_TEST_RET_ENC_EC(ret);
+            /* Now use the ex and allow short keys with FIPS option */
+            ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i],
+                               (word32)XSTRLEN(keys[i]), allowShortKeyWithFips);
+        }
+#endif
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
         ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
@@ -5564,7 +6617,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
         wc_HmacFree(&hmac);
     }
 
-#ifndef HAVE_FIPS
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
@@ -5587,11 +6640,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
         "Jefe",
         "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                 "\xAA\xAA\xAA",
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA"
     };
 
     testVector a, b, c, d;
@@ -5599,7 +6656,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha224_test");
 
+    /* Following test vectors are from RFC 4231 section 4 */
     a.input  = "Hi There";
     a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
                "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
@@ -5621,9 +6680,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA224_DIGEST_SIZE;
 
-    d.input  = "Big Key Input";
-    d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
-               "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
+    d.input  = "Test Using Larger Than Block-Size Key - Hash Key First";
+    d.output = "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e";
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA224_DIGEST_SIZE;
 
@@ -5659,7 +6717,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
         wc_HmacFree(&hmac);
     }
 
-#ifndef HAVE_FIPS
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
@@ -5684,14 +6742,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
                                                                 "\xAA\xAA\xAA",
         "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                 "\xAA\xAA\xAA",
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA"
     };
 
-    testVector a, b, c, d;
-    testVector test_hmac[4];
+    testVector a, b, c, d, e;
+    testVector test_hmac[5];
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha256_test");
 
+    /* Following test vectors are from RFC 4231 section 4 */
     a.input  = "Hi There";
     a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
                "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
@@ -5723,10 +6792,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
     d.inLen  = 0;
     d.outLen = WC_SHA256_DIGEST_SIZE;
 
+    e.input  = "Test Using Larger Than Block-Size Key - Hash Key First";
+    e.output = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7"
+               "\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3"
+               "\x7f\x54";
+    e.inLen  = XSTRLEN(e.input);;
+    e.outLen = WC_SHA256_DIGEST_SIZE;
+
     test_hmac[0] = a;
     test_hmac[1] = b;
     test_hmac[2] = c;
     test_hmac[3] = d;
+    test_hmac[4] = e;
 
     for (i = 0; i < times; ++i) {
 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
@@ -5761,11 +6838,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
         wc_HmacFree(&hmac);
     }
 
-#ifndef HAVE_FIPS
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
-    if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
+#if FIPS_VERSION3_GE(6,0,0)
+    if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(HMAC_KAT_FIPS_E))
+#else
+    if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+#endif
+    {
         return WC_TEST_RET_ENC_EC(ret);
+    }
 #endif
     if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
@@ -5788,15 +6871,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
         "Jefe",
         "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                 "\xAA\xAA\xAA",
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA"
     };
 
     testVector a, b, c, d;
@@ -5804,7 +6887,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha384_test");
 
+    /* Following test vectors are from RFC 4231 section 4 */
     a.input  = "Hi There";
     a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
                "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
@@ -5832,11 +6917,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA384_DIGEST_SIZE;
 
-    d.input  = "Big Key Input";
-    d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
-               "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
-               "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
-               "\x57\x41\x69";
+    d.input  = "Test Using Larger Than Block-Size Key - Hash Key First";
+    d.output = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5"
+               "\xb4\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a"
+               "\xc4\xc6\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63"
+               "\xf4\x49\x52";
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA384_DIGEST_SIZE;
 
@@ -5872,7 +6957,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
         wc_HmacFree(&hmac);
     }
 
-#ifndef HAVE_FIPS
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
@@ -5895,15 +6980,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
         "Jefe",
         "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
                                                                 "\xAA\xAA\xAA",
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
-        "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+        "\xAA\xAA\xAA"
     };
 
     testVector a, b, c, d;
@@ -5911,7 +6996,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+    WOLFSSL_ENTER("hmac_sha512_test");
 
+    /* Following test vectors are from RFC 4231 section 4 */
     a.input  = "Hi There";
     a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
                "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
@@ -5942,12 +7029,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
     c.inLen  = XSTRLEN(c.input);
     c.outLen = WC_SHA512_DIGEST_SIZE;
 
-    d.input  = "Big Key Input";
-    d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
-               "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
-               "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
-               "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
-               "\x1e\x18\xfe\xfa";
+    d.input  = "Test Using Larger Than Block-Size Key - Hash Key First";
+    d.output = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8"
+               "\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8"
+               "\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d"
+               "\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98"
+               "\x5d\x78\x65\x98";
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA512_DIGEST_SIZE;
 
@@ -5983,7 +7070,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
         wc_HmacFree(&hmac);
     }
 
-#ifndef HAVE_FIPS
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
@@ -6122,8 +7209,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
     };
 
     int i = 0, iMax = sizeof(input) / sizeof(input[0]),
-        j, jMax = sizeof(hashType) / sizeof(hashType[0]),
-        ret;
+        j, jMax = sizeof(hashType) / sizeof(hashType[0]);
+    int ret;
+    WOLFSSL_ENTER("hmac_sha3_test");
 
 #ifdef HAVE_FIPS
     /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
@@ -6146,7 +7234,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
             ret = wc_HmacFinal(&hmac, hash);
             if (ret != 0)
                 return WC_TEST_RET_ENC_EC(ret);
-            if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
+            if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0)
                 return WC_TEST_RET_ENC_NC;
 
             wc_HmacFree(&hmac);
@@ -6154,7 +7242,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
             if (i > 0)
                 continue;
 
-        #ifndef HAVE_FIPS
+        #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
             ret = wc_HmacSizeByType(hashType[j]);
             if (ret != hashSz[j])
                 return WC_TEST_RET_ENC_EC(ret);
@@ -6492,6 +7580,7 @@ static wc_test_ret_t rc2_cbc_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void)
 {
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("rc2_test");
 
     ret = rc2_ecb_test();
     if (ret != 0) {
@@ -6522,6 +7611,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
     testVector test_arc4[4];
 
     int times = sizeof(test_arc4) / sizeof(testVector), i;
+    WOLFSSL_ENTER("arc4_test");
 
     a.input  = "\x01\x23\x45\x67\x89\xab\xcd\xef";
     a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
@@ -6562,10 +7652,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
 
-        ret = wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
+        ret = wc_Arc4SetKey(&enc, (byte*)keys[i], (word32)keylen);
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
-        ret = wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
+        ret = wc_Arc4SetKey(&dec, (byte*)keys[i], (word32)keylen);
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
 
@@ -6636,17 +7726,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-
-    const byte* keys[] = {key1, key2, key3, key4};
-
     WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
     WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
     WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
     WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
-
-    const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
-
 #ifndef BENCH_EMBEDDED
     WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
         0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
@@ -6765,41 +7849,55 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     byte   plain_big[CHACHA_BIG_TEST_SIZE] = {0};
     byte   input_big[CHACHA_BIG_TEST_SIZE] = {0};
 #else
-    byte*  cipher_big;
-    byte*  plain_big;
-    byte*  input_big;
+    byte*  cipher_big = NULL;
+    byte*  plain_big = NULL;
+    byte*  input_big = NULL;
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
     int    block_size;
 #endif /* BENCH_EMBEDDED */
 
-    byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
-    byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
-    byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
-    byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
+    const byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
+    const byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
+    const byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
+    const byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
 
-    byte* test_chacha[4];
+    const byte* test_chacha[4];
+    const byte* keys[4];
+    const byte* ivs[4];
 
     test_chacha[0] = a;
     test_chacha[1] = b;
     test_chacha[2] = c;
     test_chacha[3] = d;
 
+    keys[0] = key1;
+    keys[1] = key2;
+    keys[2] = key3;
+    keys[3] = key4;
+
+    ivs[0] = ivs1;
+    ivs[1] = ivs2;
+    ivs[2] = ivs3;
+    ivs[3] = ivs4;
+
+    WOLFSSL_ENTER("chacha_test");
+
 #ifndef BENCH_EMBEDDED
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
     if (cipher_big == NULL) {
-        return MEMORY_E;
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
     plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
     if (plain_big == NULL) {
-        return MEMORY_E;
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
     input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
     if (input_big == NULL) {
-        return MEMORY_E;
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
     XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
     XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
@@ -6822,24 +7920,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
         ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
         ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret |= wc_Chacha_SetIV(&enc, cipher, 0);
         ret |= wc_Chacha_SetIV(&dec, cipher, 0);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         XMEMCPY(plain, input, 8);
 
         ret |= wc_Chacha_Process(&enc, cipher, plain,  (word32)8);
         ret |= wc_Chacha_Process(&dec, plain,  cipher, (word32)8);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         if (XMEMCMP(test_chacha[i], cipher, 8))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(plain, input, 8))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     }
 
     /* test of starting at a different counter
@@ -6852,20 +7950,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
     ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_SetIV(&enc, cipher, 0);
     ret |= wc_Chacha_SetIV(&dec, cipher, 1);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_Process(&enc, cipher, plain,  sizeof(plain));
     ret |= wc_Chacha_Process(&dec, sliver,  cipher + 64, sizeof(sliver));
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(plain + 64, sliver, 64))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifndef BENCH_EMBEDDED
     /* test of encrypting more data */
@@ -6874,24 +7972,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
     ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
     ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
     ret |= wc_Chacha_Process(&dec, plain_big,  cipher_big,
                                                           CHACHA_BIG_TEST_SIZE);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     for (i = 0; i < 18; ++i) {
         /* this will test all paths
@@ -6904,23 +8002,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
         ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
         ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
         ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , block_size);
-        ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, block_size);
+        ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , (word32)block_size);
+        ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, (word32)block_size);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain_big, input_big, block_size))
-            return WC_TEST_RET_ENC_I(i);
+        if (XMEMCMP(plain_big, input_big, (word32)block_size))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        if (XMEMCMP(cipher_big, cipher_big_result, block_size))
-            return WC_TEST_RET_ENC_I(i);
+        if (XMEMCMP(cipher_big, cipher_big_result, (word32)block_size))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     }
 
     /* Streaming test */
@@ -6929,50 +8027,56 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
 
         ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
-            ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i);
+            ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)i);
             if (ret != 0)
-                return WC_TEST_RET_ENC_EC(ret);
-            ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i);
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)i);
             if (ret != 0)
-                return WC_TEST_RET_ENC_EC(ret);
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         }
 
         rem = CHACHA_BIG_TEST_SIZE - j;
-        ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem);
+        ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)rem);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
-        ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)rem);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     }
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#endif /* BENCH_EMBEDDED */
+
+    ret = 0;
+
+out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
+        !defined(BENCH_EMBEDDED)
     XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
-#endif /* BENCH_EMBEDDED */
 
-    return 0;
+    return ret;
 }
 #endif /* HAVE_CHACHA */
 
@@ -6980,13 +8084,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
 #ifdef HAVE_POLY1305
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
 {
-    wc_test_ret_t ret = 0;
-    int      i;
     byte     tag[16];
     Poly1305 enc;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {
         0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
         0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
         0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
@@ -6994,22 +8095,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x75,0x70
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {
         0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
         0x6c,0x64,0x21
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
         0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
         0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
         0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
@@ -7027,14 +8125,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x61,0x16
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg5[] = {
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg6[] = {
         0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
         0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
         0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
@@ -7056,54 +8152,57 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
         0x61,0x16
     };
+    WOLFSSL_SMALL_STACK_STATIC const byte msg7[] = {
+        0xe8,0x8c,0x85,0x03,0x43,0xaf,0xa7,0x85,
+        0x21,0x6b,0xc3,0x45,0xc4,0x53,0x98,0xf8,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+    };
 
-    byte additional[] =
-    {
+    byte additional[] = {
         0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
         0xc4,0xc5,0xc6,0xc7
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct0[] = {
         0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
         0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct1[] = {
         0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
         0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct2[] = {
         0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
         0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct3[] = {
         0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
         0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct4[] = {
         0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
         0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct5[] = {
         0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct6[] = {
         0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
         0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
     };
+    WOLFSSL_SMALL_STACK_STATIC const byte correct7[] = {
+        0x14,0x00,0x00,0x88,0x5c,0x00,0x00,0x88,
+        0x5c,0x00,0x00,0x88,0x5c,0x00,0x00,0x88
+    };
+
 
     WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
@@ -7133,14 +8232,48 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-    const byte* msgs[]  = {NULL, msg1, msg2, msg3, msg5, msg6};
-    word32      szm[]   = {0, sizeof(msg1), sizeof(msg2),
-                           sizeof(msg3), sizeof(msg5), sizeof(msg6)};
-    const byte* keys[]  = {key, key, key2, key2, key5, key};
-    const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
-                           correct6};
+    WOLFSSL_SMALL_STACK_STATIC const byte key7[] = {
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+    };
 
-    for (i = 0; i < 6; i++) {
+    const byte* msgs[7];
+    const word32 szm[7] = {0, sizeof(msg1), sizeof(msg2),
+                           sizeof(msg3), sizeof(msg5), sizeof(msg6),
+                           sizeof(msg7)};
+    const byte* keys[7];
+    const byte* tests[7];
+    int i;
+    wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("poly1305_test");
+
+    msgs[0] = NULL;
+    msgs[1] = msg1;
+    msgs[2] = msg2;
+    msgs[3] = msg3;
+    msgs[4] = msg5;
+    msgs[5] = msg6;
+    msgs[6] = msg7;
+
+    keys[0] = key;
+    keys[1] = key;
+    keys[2] = key2;
+    keys[3] = key2;
+    keys[4] = key5;
+    keys[5] = key;
+    keys[6] = key7;
+
+    tests[0] = correct0;
+    tests[1] = correct1;
+    tests[2] = correct2;
+    tests[3] = correct3;
+    tests[4] = correct5;
+    tests[5] = correct6;
+    tests[6] = correct7;
+
+    for (i = 0; i < 7; i++) {
         ret = wc_Poly1305SetKey(&enc, keys[i], 32);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
@@ -7157,6 +8290,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
             return WC_TEST_RET_ENC_I(i);
     }
 
+    /* Testing multiple updates with various sizes works. */
+    for (i = 1; i < (int)sizeof(msg6); i++) {
+        int j;
+
+        ret = wc_Poly1305SetKey(&enc, key, 32);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_I(i);
+
+        for (j = 0; j < (int)sizeof(msg6); j += i) {
+            int len = (int)sizeof(msg6) - j;
+            if (len > i)
+                len = i;
+            ret = wc_Poly1305Update(&enc, msg6 + j, len);
+            if (ret != 0)
+                return WC_TEST_RET_ENC_I(j);
+        }
+
+        ret = wc_Poly1305Final(&enc, tag);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_I(i);
+
+        if (XMEMCMP(tag, correct6, sizeof(tag)))
+            return WC_TEST_RET_ENC_I(i);
+    }
+
     /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
     XMEMSET(tag, 0, sizeof(tag));
     ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
@@ -7354,7 +8512,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
     byte generatedPlaintext[265];  /* max plaintext2/cipher2 */
     byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-    wc_test_ret_t err;
 
     ChaChaPoly_Aead aead;
 
@@ -7363,9 +8520,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
 #else
     #define TEST_SMALL_CHACHA_CHUNKS 64
 #endif
-    #ifdef TEST_SMALL_CHACHA_CHUNKS
+
+#ifdef TEST_SMALL_CHACHA_CHUNKS
     word32 testLen;
-    #endif
+#endif
+    wc_test_ret_t err;
+
+    WOLFSSL_ENTER("chacha20_poly1305_aead_test");
 
     XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
     XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
@@ -7375,53 +8536,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     /* Encrypt */
     err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
             plaintext1, sizeof(plaintext1), generatedCiphertext,
             generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), NULL, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), generatedCiphertext, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     /* Decrypt */
     err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), NULL, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
 
 
@@ -7493,39 +8654,39 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     /* AEAD init/update/final - bad argument tests */
     err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
         generatedPlaintext, sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
         sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
         sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Final(&aead, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
 
     /* AEAD init/update/final - bad state tests */
@@ -7536,24 +8697,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     XMEMSET(&aead, 0, sizeof(aead));
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_DATA;
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
         generatedPlaintext, sizeof(plaintext1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_READY;
     err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
 
     XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
@@ -7706,6 +8867,254 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
 }
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 
+#ifdef HAVE_ASCON
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void)
+{
+    WOLFSSL_SMALL_STACK_STATIC byte msg[1024];
+    byte mdOut[ASCON_HASH256_SZ];
+
+    /* KATs taken from https://github.com/ascon/ascon-c.
+     * Testing only a subset of KATs here. The rest are tested in
+     * tests/api/ascon.c.  */
+    /* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt
+     * The message is just the byte stream 00 01 02 03 ... */
+    WOLFSSL_SMALL_STACK_STATIC const byte hash_output[][32] = {
+        { 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 },
+        { 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 },
+        { 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 },
+        { 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C },
+        { 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE },
+    };
+
+    wc_AsconHash256 asconHash;
+    int err;
+    word32 i;
+
+    /* init msg buffer */
+    for (i = 0; i < sizeof(msg); i++)
+        msg[i] = (byte)i;
+
+    for (i = 0; i < XELEM_CNT(hash_output); i++) {
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        err = wc_AsconHash256_Init(&asconHash);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Update(&asconHash, msg, i);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Final(&asconHash, mdOut);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0)
+            return WC_TEST_RET_ENC_NC;
+        wc_AsconHash256_Clear(&asconHash);
+    }
+
+    /* Test separated update */
+    for (i = 0; i < XELEM_CNT(hash_output); i++) {
+        word32 half_i = i / 2;
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        err = wc_AsconHash256_Init(&asconHash);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Update(&asconHash, msg, half_i);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Update(&asconHash, msg + half_i, i - half_i);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Final(&asconHash, mdOut);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0)
+            return WC_TEST_RET_ENC_NC;
+        wc_AsconHash256_Clear(&asconHash);
+    }
+
+    return 0;
+}
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void)
+{
+    word32 i;
+    wc_AsconAEAD128 asconAEAD;
+    int err;
+
+    /* KATs taken from https://github.com/ascon/ascon-c.
+     * Testing only a subset of KATs here. The rest are tested in
+     * tests/api/ascon.c.  */
+    /* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */
+    static const char *aead_kat[][5] = {
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "",
+          /* CT = */ "4427D64B8E1E1451FC445960F0839BB0", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "00",
+          /* CT = */ "103AB79D913A0321287715A979BB8585", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "0001",
+          /* CT = */ "A50E88E30F923B90A9C810181230DF10", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "000102",
+          /* CT = */ "AE214C9F66630658ED8DC7D31131174C", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "00010203",
+          /* CT = */ "C6FF3CF70575B144B955820D9BC7685E", },
+    };
+
+    for (i = 0; i < XELEM_CNT(aead_kat); i++) {
+        byte key[ASCON_AEAD128_KEY_SZ];
+        byte nonce[ASCON_AEAD128_NONCE_SZ];
+        byte pt[32]; /* longest plaintext we test is 32 bytes */
+        word32 ptSz;
+        byte ad[32]; /* longest AD we test is 32 bytes */
+        word32 adSz;
+        byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */
+        word32 ctSz;
+        word32 j;
+        byte tag[ASCON_AEAD128_TAG_SZ];
+        byte buf[32]; /* longest buffer we test is 32 bytes */
+
+        XMEMSET(key, 0, sizeof(key));
+        XMEMSET(nonce, 0, sizeof(nonce));
+        XMEMSET(pt, 0, sizeof(pt));
+        XMEMSET(ad, 0, sizeof(ad));
+        XMEMSET(ct, 0, sizeof(ct));
+        XMEMSET(tag, 0, sizeof(tag));
+
+        /* Convert HEX strings to byte stream */
+        for (j = 0; aead_kat[i][0][j] != '\0'; j += 2) {
+            key[j/2] = HexCharToByte(aead_kat[i][0][j]) << 4 |
+                       HexCharToByte(aead_kat[i][0][j+1]);
+        }
+        for (j = 0; aead_kat[i][1][j] != '\0'; j += 2) {
+            nonce[j/2] = HexCharToByte(aead_kat[i][1][j]) << 4 |
+                         HexCharToByte(aead_kat[i][1][j+1]);
+        }
+        for (j = 0; aead_kat[i][2][j] != '\0'; j += 2) {
+            pt[j/2] = HexCharToByte(aead_kat[i][2][j]) << 4 |
+                      HexCharToByte(aead_kat[i][2][j+1]);
+        }
+        ptSz = j/2;
+        for (j = 0; aead_kat[i][3][j] != '\0'; j += 2) {
+            ad[j/2] = HexCharToByte(aead_kat[i][3][j]) << 4 |
+                      HexCharToByte(aead_kat[i][3][j+1]);
+        }
+        adSz = j/2;
+        for (j = 0; aead_kat[i][4][j] != '\0'; j += 2) {
+            ct[j/2] = HexCharToByte(aead_kat[i][4][j]) << 4 |
+                      HexCharToByte(aead_kat[i][4][j+1]);
+        }
+        ctSz = j/2 - ASCON_AEAD128_TAG_SZ;
+
+        for (j = 0; j < 4; j++) {
+            err = wc_AsconAEAD128_Init(&asconAEAD);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            err = wc_AsconAEAD128_SetKey(&asconAEAD, key);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            err = wc_AsconAEAD128_SetNonce(&asconAEAD, nonce);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            err = wc_AsconAEAD128_SetAD(&asconAEAD, ad, adSz);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            if (j == 0) {
+                /* Encryption test */
+                err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt, ptSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, ct, ptSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0)
+                    return WC_TEST_RET_ENC_NC;
+            }
+            else if (j == 1) {
+                /* Decryption test */
+                err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct, ctSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, pt, ctSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+            }
+            else if (j == 2) {
+                /* Split encryption test */
+                err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt,
+                                                    ptSz/2);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf + (ptSz/2),
+                                                pt + (ptSz/2), ptSz - (ptSz/2));
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, ct, ptSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+            }
+            else if (j == 3) {
+                /* Split decryption test */
+                err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct,
+                                                    ctSz/2);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf + (ctSz/2),
+                                                ct + (ctSz/2), ctSz - (ctSz/2));
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, pt, ctSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+            }
+
+
+            wc_AsconAEAD128_Clear(&asconAEAD);
+        }
+    }
+
+    return 0;
+}
+#endif /* HAVE_ASCON */
 
 #ifndef NO_DES3
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
@@ -7739,7 +9148,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
         0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
     };
 
+    #ifdef WOLFSSL_DES_ECB
+
+    /* "Stay strong and move on!"" */
+    WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
+    {
+        0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
+        0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
+        0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[] =
+    {
+        0x70,0x4F,0x20,0xF6,0x72,0xB4,0xD0,0x2A,
+        0xB5,0xA9,0x94,0x9F,0x11,0xCF,0x87,0xED,
+        0x13,0x33,0x82,0xCB,0x8B,0xF1,0x82,0x56
+    };
+
+    /* "Lemmings" */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_ecb[] =
+    {
+        0x4C,0x65,0x6D,0x6D,0x69,0x6E,0x67,0x73
+    };
+
+    #endif /* WOLFSSL_DES_ECB */
+
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("des_test");
 
     ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
     if (ret != 0)
@@ -7767,6 +9202,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
+    /* Test basic ECB Process for DES*/
+#ifdef WOLFSSL_DES_ECB
+    ret = wc_Des_SetKey(&enc, key_ecb, iv, DES_ENCRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector));
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_SetKey(&dec, key_ecb, iv, DES_DECRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_EcbDecrypt(&dec, plain, cipher, sizeof(cipher));
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
+        return WC_TEST_RET_ENC_NC;
+
+    if (XMEMCMP(cipher, verify_ecb, sizeof(cipher)))
+        return WC_TEST_RET_ENC_NC;
+
+#endif /* WOLFSSL_DES_ECB */
+
 #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
     {
         EncryptedInfo info;
@@ -7784,7 +9245,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
         /* Test invalid info ptr */
         ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
                 sizeof(key), WC_HASH_TYPE_SHA);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_EC(ret);
 
     #ifndef NO_PWDBASED
@@ -7838,11 +9299,38 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
         0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
     };
 
+    #ifdef WOLFSSL_DES_ECB
+
+    /* Stay strong and move on! */
+    WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
+    {
+        0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
+        0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
+        0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte verify3_ecb[] =
+    {
+        0x45,0x7E,0xFA,0xA1,0x05,0xDD,0x48,0x86,
+        0x4D,0xB2,0xAB,0xE4,0xF9,0x63,0xD6,0x54,
+        0x7C,0x5A,0xB3,0x67,0x32,0x25,0x67,0x3D
+    };
+
+    /* "Life is what you make it" */
+    WOLFSSL_SMALL_STACK_STATIC const byte key3_ecb[] =
+    {
+        0x4C,0x69,0x66,0x65,0x20,0x69,0x73,0x20,
+        0x77,0x68,0x61,0x74,0x20,0x79,0x6F,0x75,
+        0x20,0x6D,0x61,0x6B,0x65,0x20,0x69,0x74
+    };
+
+    #endif /* WOLFSSL_DES_ECB */
+
     wc_test_ret_t ret;
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     size_t i;
 #endif
-
+    WOLFSSL_ENTER("des3_test");
 
     ret = wc_Des3Init(&enc, HEAP_HINT, devId);
     if (ret != 0)
@@ -7876,18 +9364,54 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
     if (XMEMCMP(cipher, verify3, sizeof(cipher)))
         return WC_TEST_RET_ENC_NC;
 
+/* Test basic ECB Process for DES3*/
+#ifdef WOLFSSL_DES_ECB
+    ret = wc_Des3Init(&enc, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3Init(&dec, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des3_SetKey(&enc, key3_ecb, NULL, DES_ENCRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_SetKey(&dec, key3_ecb, NULL, DES_DECRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector_ecb));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_EcbDecrypt(&dec, plain, cipher, sizeof(cipher));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
+        return WC_TEST_RET_ENC_NC;
+
+    if (XMEMCMP(cipher, verify3_ecb, sizeof(cipher)))
+        return WC_TEST_RET_ENC_NC;
+
+#endif /* WOLFSSL_DES_ECB */
+
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     /* test the same vectors with using compatibility layer */
     for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
-        DES_key_schedule ks1;
-        DES_key_schedule ks2;
-        DES_key_schedule ks3;
-        DES_cblock iv4;
+        WOLFSSL_DES_key_schedule ks1;
+        WOLFSSL_DES_key_schedule ks2;
+        WOLFSSL_DES_key_schedule ks3;
+        WOLFSSL_DES_cblock iv4;
         byte tmp[sizeof(vector)];
 
-        XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
-        XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
-        XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
+        XMEMCPY(ks1, key3, sizeof(WOLFSSL_DES_key_schedule));
+        XMEMCPY(ks2, key3 + 8, sizeof(WOLFSSL_DES_key_schedule));
+        XMEMCPY(ks3, key3 + 16, sizeof(WOLFSSL_DES_key_schedule));
 
         XMEMSET(plain, 0, sizeof(plain));
         XMEMSET(cipher, 0, sizeof(cipher));
@@ -7896,17 +9420,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
         XMEMCPY(tmp, vector, sizeof(vector));
 
         /* Use i as the splitter */
-        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
-        DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
-                &iv4, DES_ENCRYPT);
-        DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
-                &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT);
+        XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock));
+        wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
+                &iv4, WC_DES_ENCRYPT);
+        wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
+                &ks1, &ks2, &ks3, &iv4, WC_DES_ENCRYPT);
         XMEMCPY(cipher, tmp, sizeof(cipher));
-        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
-        DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
-                &iv4, DES_DECRYPT);
-        DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
-                &ks1, &ks2, &ks3, &iv4, DES_DECRYPT);
+        XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock));
+        wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
+                &iv4, WC_DES_DECRYPT);
+        wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
+                &ks1, &ks2, &ks3, &iv4, WC_DES_DECRYPT);
         XMEMCPY(plain, tmp, sizeof(plain));
 
         if (XMEMCMP(plain, vector, sizeof(plain)))
@@ -7949,7 +9473,8 @@ static const int fiducial1 = WC_TEST_RET_LN; /* source code reference point --
 #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
     defined(WOLFSSL_AES_XTS)
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
-    && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    && !defined(HAVE_SELFTEST)
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
 /* pass in the function, key, iv, plain text and expected and this function
  * tests that the encryption and decryption is successful */
 static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
@@ -7957,9 +9482,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         const byte* expected, int expectedSz)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *ctx = NULL;
+    WOLFSSL_EVP_CIPHER_CTX *ctx = NULL;
 #else
-    EVP_CIPHER_CTX ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
     int ctx_inited = 0;
     int idx, cipherSz;
@@ -7971,33 +9496,33 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         return MEMORY_E;
 #endif
 
-    cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    cipher = (byte*)XMALLOC((size_t)plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (cipher == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto EVP_TEST_END;
     }
 
     /* test encrypt */
-    EVP_CIPHER_CTX_init(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
     ctx_inited = 1;
-    if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
+    if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
-    if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
+    if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
     cipherSz = idx;
-    if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
+    if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
     cipherSz += idx;
 
-    if (XMEMCMP(cipher, expected, plainSz)) {
+    if (XMEMCMP(cipher, expected, (size_t)plainSz)) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
@@ -8012,33 +9537,32 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
     }
 
     /* test decrypt */
-    EVP_CIPHER_CTX_init(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
     ctx_inited = 1;
-    if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
+    if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
-    if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
+    if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
     cipherSz = idx;
-    if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
+    if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
     cipherSz += idx;
 
-    if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
+    if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, (size_t)plainSz)) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
 EVP_TEST_END:
-    if (cipher)
-        XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     (void)cipherSz;
 
     if (ctx_inited) {
@@ -8053,7 +9577,8 @@ EVP_TEST_END:
 
     return ret;
 }
-#endif /* OPENSSL_EXTRA */
+#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0) */
+#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY && !HAVE_SELFTEST */
 #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
 
 #ifdef WOLFSSL_AES_OFB
@@ -8141,55 +9666,59 @@ EVP_TEST_END:
         };
     #endif /* WOLFSSL_AES_192 */
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *enc = NULL;
-#else
+    #else
         Aes enc[1];
-#endif
-        byte cipher[AES_BLOCK_SIZE * 4];
+    #endif
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
     #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        Aes *dec = NULL;
-#else
-        Aes dec[1];
-#endif
-        byte plain [AES_BLOCK_SIZE * 4];
+        #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+            Aes *dec = NULL;
+        #else
+            Aes dec[1];
+        #endif
+        byte plain [WC_AES_BLOCK_SIZE * 4];
     #endif
         wc_test_ret_t ret = 0;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(-1, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(-1, out);
-#endif
-#endif
+    WOLFSSL_ENTER("aesofb_test");
 
-        XMEMSET(enc, 0, sizeof *enc);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
-        XMEMSET(dec, 0, sizeof *dec);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+    ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
+        ret = EVP_test(wolfSSL_EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
                 cipher2, sizeof(cipher2));
         if (ret != 0) {
             goto out;
         }
     #endif
 
-        ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
-        ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
         ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -8201,19 +9730,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain2, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher2, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, plain2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_128 */
@@ -8222,7 +9751,7 @@ EVP_TEST_END:
         /* 192 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
+        ret = EVP_test(wolfSSL_EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
                 cipher3, sizeof(cipher3));
         if (ret != 0) {
             goto out;
@@ -8240,19 +9769,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain3, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher3, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, plain3, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_192 */
@@ -8261,7 +9790,7 @@ EVP_TEST_END:
         /* 256 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
+        ret = EVP_test(wolfSSL_EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             goto out;
@@ -8279,37 +9808,37 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
-                plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher + WC_AES_BLOCK_SIZE,
+                plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
-                cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain + WC_AES_BLOCK_SIZE,
+                cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
@@ -8325,19 +9854,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE * 3);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE * 3);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
+        if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE * 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
@@ -8352,20 +9881,20 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
 
-        XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
-        ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
+        XMEMCPY(cipher, plain1, WC_AES_BLOCK_SIZE * 2);
+        ret = wc_AesOfbEncrypt(enc, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
+        ret = wc_AesOfbDecrypt(dec, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, plain1, WC_AES_BLOCK_SIZE * 2))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
@@ -8388,11 +9917,11 @@ EVP_TEST_END:
         if (XMEMCMP(cipher, cipher1, 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
@@ -8403,27 +9932,29 @@ EVP_TEST_END:
         if (XMEMCMP(plain, plain1, 6))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
-  out:
+    out:
 
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(enc, &enc);
+    #else
         wc_AesFree(enc);
-        wc_AesFree(dec);
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#endif
-#endif
+    #endif
 
+    #ifdef HAVE_AES_DECRYPT
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+    #else
+        wc_AesFree(dec);
+    #endif
+    #endif
 #endif /* WOLFSSL_AES_256 */
 
         return ret;
@@ -8431,25 +9962,25 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_OFB */
 
 #if defined(WOLFSSL_AES_CFB)
-    /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
-    static wc_test_ret_t aescfb_test(void)
+    /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of
+     * Operation Methods and Techniques
+     */
+    static wc_test_ret_t aescfb_test_0(void)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *enc = NULL;
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
-        byte cipher[AES_BLOCK_SIZE * 4];
-    #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+#ifdef HAVE_AES_DECRYPT
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
-#else
+    #else
         Aes dec[1];
-#endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE * 4];
     #endif
+        byte plain [WC_AES_BLOCK_SIZE * 4];
+#endif
         wc_test_ret_t ret = 0;
 
         WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
@@ -8555,72 +10086,74 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             return ret;
         }
     #endif
 
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
         /* decrypt uses AES_ENCRYPTION */
-        ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
+        ret = wc_AesCfbEncrypt(enc, cipher, msg1, WC_AES_BLOCK_SIZE * 2);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         /* test restarting encryption process */
-        ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
-                msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
+        ret = wc_AesCfbEncrypt(enc, cipher + (WC_AES_BLOCK_SIZE * 2),
+                msg1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
-                    cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + (WC_AES_BLOCK_SIZE * 2),
+                    cipher1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
+        ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 3);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
+        if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_128 */
@@ -8629,7 +10162,7 @@ EVP_TEST_END:
         /* 192 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
                 cipher2, sizeof(cipher2));
         if (ret != 0) {
             return ret;
@@ -8647,19 +10180,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
+        ret = wc_AesCfbEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE * 4);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
+        ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 4);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_192 */
@@ -8668,7 +10201,7 @@ EVP_TEST_END:
         /* 256 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
                 cipher3, sizeof(cipher3));
         if (ret != 0) {
             return ret;
@@ -8701,11 +10234,11 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
-                (AES_BLOCK_SIZE * 4) - 31);
+                (WC_AES_BLOCK_SIZE * 4) - 31);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
@@ -8728,35 +10261,34 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
-                (AES_BLOCK_SIZE * 4) - 31);
+                (WC_AES_BLOCK_SIZE * 4) - 31);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_256 */
 
   out:
 
-    if (enc_inited)
-        wc_AesFree(enc);
-    if (dec_inited)
-        wc_AesFree(dec);
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 
         return ret;
     }
 
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
     static wc_test_ret_t aescfb1_test(void)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -8764,16 +10296,14 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
-        byte cipher[AES_BLOCK_SIZE];
+        byte cipher[WC_AES_BLOCK_SIZE];
     #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
 #else
         Aes dec[1];
 #endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE];
+        byte plain [WC_AES_BLOCK_SIZE];
     #endif
         wc_test_ret_t ret = 0;
 
@@ -8798,6 +10328,11 @@ EVP_TEST_END:
         {
             0xC0
         };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte cipher1_7bit[] =
+        {
+            0x1C
+        };
 #endif /* WOLFSSL_AES_128 */
 #ifdef WOLFSSL_AES_192
         WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
@@ -8848,35 +10383,37 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
-#endif
-
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
         /* decrypt uses AES_ENCRYPTION */
-        ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
@@ -8898,8 +10435,17 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
+        XMEMSET(cipher, 0, sizeof(cipher));
+        ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 7);
+
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+        if (cipher[0] != cipher1_7bit[0])
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
     #ifdef OPENSSL_EXTRA
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -8909,8 +10455,8 @@ EVP_TEST_END:
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
+    #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
                 cipher, sizeof(msg1));
         if (ret != 0) {
             goto out;
@@ -8942,8 +10488,8 @@ EVP_TEST_END:
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
+        #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
                 cipher, sizeof(msg2));
         if (ret != 0) {
             goto out;
@@ -8976,8 +10522,8 @@ EVP_TEST_END:
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
+        #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
                 cipher, sizeof(msg3));
         if (ret != 0) {
             goto out;
@@ -8988,21 +10534,18 @@ EVP_TEST_END:
 
   out:
 
-    if (enc_inited)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(enc, &enc);
+#else
         wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
+#endif
+    #ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+#else
         wc_AesFree(dec);
 #endif
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#endif
-#endif
+    #endif
 
         return ret;
     }
@@ -9014,16 +10557,14 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
-        byte cipher[AES_BLOCK_SIZE];
+        byte cipher[WC_AES_BLOCK_SIZE];
     #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
 #else
         Aes dec[1];
 #endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE];
+        byte plain [WC_AES_BLOCK_SIZE];
     #endif
         wc_test_ret_t ret = 0;
 
@@ -9100,42 +10641,45 @@ EVP_TEST_END:
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
-    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             return ret;
         }
     #endif
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
         /* decrypt uses AES_ENCRYPTION */
-        ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
@@ -9169,8 +10713,9 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
+#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
                 cipher2, sizeof(msg2));
         if (ret != 0) {
             return ret;
@@ -9192,8 +10737,9 @@ EVP_TEST_END:
         if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
                 cipher3, sizeof(msg3));
         if (ret != 0) {
             goto out;
@@ -9203,33 +10749,30 @@ EVP_TEST_END:
 
       out:
 
-        if (enc_inited)
-            wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-        if (dec_inited)
-            wc_AesFree(dec);
-#endif
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        wc_AesDelete(enc, &enc);
+#else
+        wc_AesFree(enc);
 #endif
+    #ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+#else
+        wc_AesFree(dec);
 #endif
+    #endif
 
         return ret;
     }
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 #endif /* WOLFSSL_AES_CFB */
 
-
+#ifndef HAVE_RENESAS_SYNC
 static wc_test_ret_t aes_key_size_test(void)
 {
     wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes    *aes;
+    Aes    *aes = NULL;
 #else
     Aes    aes[1];
 #endif
@@ -9250,8 +10793,14 @@ static wc_test_ret_t aes_key_size_test(void)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
+    aes = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (aes == NULL)
+        return WC_TEST_RET_ENC_EC(ret);
+#else
+    ret = wc_AesInit(aes, HEAP_HINT, devId);
+    /* 0 check OK for FIPSv1 */
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
 #if !defined(HAVE_FIPS) || \
@@ -9259,29 +10808,24 @@ static wc_test_ret_t aes_key_size_test(void)
     /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
      * supported with that FIPS version */
     ret = wc_AesInit(NULL, HEAP_HINT, devId);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    ret = wc_AesInit(aes, HEAP_HINT, devId);
-    /* 0 check OK for FIPSv1 */
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
 #ifndef HAVE_FIPS
     /* Parameter Validation testing. */
     ret = wc_AesGetKeySize(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesGetKeySize(aes, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesGetKeySize(NULL, &keySize);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     /* Crashes in FIPS */
     ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     /* NULL IV indicates to use all zeros IV. */
@@ -9289,11 +10833,11 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_128
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 /* CryptoCell handles rounds internally */
 #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
@@ -9302,7 +10846,7 @@ static wc_test_ret_t aes_key_size_test(void)
     /* Force invalid rounds */
     aes->rounds = 16;
     ret = wc_AesGetKeySize(aes, &keySize);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #endif
@@ -9311,7 +10855,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_128
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
@@ -9325,7 +10869,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_192
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
@@ -9338,7 +10882,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_256
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
@@ -9350,13 +10894,15 @@ static wc_test_ret_t aes_key_size_test(void)
     ret = 0; /* success */
   out:
 
-    wc_AesFree(aes);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, &aes);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
 }
+#endif /* !HAVE_RENESAS_SYNC */
 
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
 
@@ -9371,8 +10917,20 @@ static wc_test_ret_t aes_xts_128_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
-    unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2 + 8];
+    unsigned char cipher[WC_AES_BLOCK_SIZE * 2 + 8];
+#ifdef WOLFSSL_AESXTS_STREAM
+    struct XtsAesStreamData stream;
+#endif
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+        !defined(WOLFSSL_AFALG)
+    #define LARGE_XTS_SZ        1024
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* large_input = NULL;
+    #else
+    byte large_input[LARGE_XTS_SZ];
+    #endif
+#endif
 
     /* 128 key tests */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@@ -9436,6 +10994,7 @@ static wc_test_ret_t aes_xts_128_test(void)
         0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
     };
 
+#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
@@ -9460,6 +11019,7 @@ static wc_test_ret_t aes_xts_128_test(void)
         0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
         0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
     };
+#endif /* HAVE_FIPS */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -9468,7 +11028,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
     && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
+    ret = EVP_test(wolfSSL_EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_128_xts failed!\n");
         goto out;
@@ -9495,8 +11055,35 @@ static wc_test_ret_t aes_xts_128_test(void)
     if (XMEMCMP(c2, buf, sizeof(c2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c2, buf, sizeof(c2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -9519,11 +11106,38 @@ static wc_test_ret_t aes_xts_128_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i2), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c1, buf, sizeof(c1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -9531,7 +11145,7 @@ static wc_test_ret_t aes_xts_128_test(void)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
@@ -9546,8 +11160,35 @@ static wc_test_ret_t aes_xts_128_test(void)
     if (XMEMCMP(cp2, cipher, sizeof(cp2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(cp2, buf, sizeof(cp2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, sizeof(cipher));
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -9567,19 +11208,47 @@ static wc_test_ret_t aes_xts_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(pp, buf, sizeof(pp)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pp, buf, sizeof(pp)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -9591,25 +11260,53 @@ static wc_test_ret_t aes_xts_128_test(void)
     /* NIST decrypt test vector */
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p1, buf, sizeof(p1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(p1, buf, sizeof(p1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
@@ -9617,7 +11314,11 @@ static wc_test_ret_t aes_xts_128_test(void)
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9631,7 +11332,715 @@ static wc_test_ret_t aes_xts_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p2, buf, sizeof(p2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifndef HAVE_FIPS
+
+    /* Test ciphertext stealing in-place. */
+    XMEMCPY(buf, p3, sizeof(p3));
+    ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(c3, buf, sizeof(c3)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p3 + WC_AES_BLOCK_SIZE, sizeof(p3) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c3, buf, sizeof(c3)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p3, buf, sizeof(p3)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE, c3 + WC_AES_BLOCK_SIZE, sizeof(c3) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(p3, buf, sizeof(p3)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#endif /* !HAVE_FIPS */
+
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+    !defined(WOLFSSL_AFALG)
+    {
+        int i;
+        int j;
+#ifdef WOLFSSL_AESXTS_STREAM
+        int k;
+#endif
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (large_input == NULL)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
+    #endif
+
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+
+#ifdef WOLFSSL_AESXTS_STREAM
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        /* first, encrypt block by block then decrypt with a one-shot call. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
+                else
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+                ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+                if (ret != 0)
+                    ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+
+        /* second, encrypt with a one-shot call then decrypt block by block. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
+                else
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
+            #if defined(WOLFSSL_ASYNC_CRYPT)
+                #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+                ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                                   WC_ASYNC_FLAG_NONE);
+                #else
+                ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+                #endif
+            #endif
+                if (ret != 0)
+                    ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+#endif /* WOLFSSL_AESXTS_STREAM */
+    }
+#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
+        * !WOLFSSL_AFALG
+        */
+
+  out:
+
+    #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+        !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
+        !defined(WOLFSSL_NO_MALLOC)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+
+    if (aes_inited)
+        wc_AesXtsFree(aes);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+
+#ifndef HAVE_FIPS
+/* FIPS won't allow for XTS-384 (two 192-bit keys) */
+#ifdef WOLFSSL_AES_192
+static wc_test_ret_t aes_xts_192_test(void)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    XtsAes *aes = NULL;
+#else
+    XtsAes aes[1];
+#endif
+    int aes_inited = 0;
+    wc_test_ret_t ret = 0;
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2 + 8];
+    unsigned char cipher[WC_AES_BLOCK_SIZE * 2 + 8];
+#ifdef WOLFSSL_AESXTS_STREAM
+    struct XtsAesStreamData stream;
+#endif
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+        !defined(WOLFSSL_AFALG)
+    #define LARGE_XTS_SZ        1024
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* large_input = NULL;
+    #else
+    byte large_input[LARGE_XTS_SZ];
+    #endif
+#endif
+
+    /* 192 bit key tests */
+    WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
+        0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
+        0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
+        0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
+        0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
+        0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
+        0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
+        0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
+        0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4,
+        0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
+        0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
+        0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
+        0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
+        0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
+        0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
+        0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
+        0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
+        0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
+        0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
+        0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
+        0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
+        0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
+        0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa,
+        0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2,
+        0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb,
+        0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = {
+        0xe9, 0x58, 0xfe, 0xab, 0x66, 0xb4, 0xf1, 0x79,
+        0x91, 0x3f, 0x91, 0xdc, 0x6f, 0xdf, 0xd6, 0xac,
+        0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
+    };
+    WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    };
+    WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
+    };
+    WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
+        0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0,
+        0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e,
+        0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f,
+        0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba,
+        0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde
+    };
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        aes_inited = 1;
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(c2, buf, sizeof(c2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c2, buf, sizeof(c2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(c2, buf, sizeof(c2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+
+    XMEMSET(buf, 0, sizeof(buf));
+
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c1, buf, sizeof(c1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+
+    /* partial block encryption test */
+    XMEMSET(cipher, 0, sizeof(cipher));
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(cp2, cipher, sizeof(cp2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(cp2, buf, sizeof(cp2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    XMEMSET(cipher, 0, sizeof(cipher));
+    ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(cp2, cipher, sizeof(cp2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+
+    /* partial block decrypt test */
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(pp, buf, sizeof(pp)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pp, buf, sizeof(pp)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(pp, buf, sizeof(pp)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+
+    /* NIST decrypt test vector */
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p1, buf, sizeof(p1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(p1, buf, sizeof(p1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
+        defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
+
+    /* fail case with decrypting using wrong key */
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    /* set correct key and retest */
+    XMEMSET(buf, 0, sizeof(buf));
+    ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9653,31 +12062,85 @@ static wc_test_ret_t aes_xts_128_test(void)
     if (XMEMCMP(c3, buf, sizeof(c3)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p3 + WC_AES_BLOCK_SIZE, sizeof(p3) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c3, buf, sizeof(c3)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
     ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(p3, buf, sizeof(p3)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE, c3 + WC_AES_BLOCK_SIZE, sizeof(c3) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(p3, buf, sizeof(p3)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
 #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
     !defined(WOLFSSL_AFALG)
     {
-    #define LARGE_XTS_SZ        1024
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        byte* large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER);
-    #else
-        byte large_input[LARGE_XTS_SZ];
-    #endif
         int i;
         int j;
+#ifdef WOLFSSL_AESXTS_STREAM
+        int k;
+#endif
     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
         if (large_input == NULL)
             ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
     #endif
@@ -9689,7 +12152,7 @@ static wc_test_ret_t aes_xts_128_test(void)
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-            ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
             ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -9700,10 +12163,15 @@ static wc_test_ret_t aes_xts_128_test(void)
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-            ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
             ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
         #endif
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9713,9 +12181,116 @@ static wc_test_ret_t aes_xts_128_test(void)
                 }
             }
         }
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
+
+#ifdef WOLFSSL_AESXTS_STREAM
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        /* first, encrypt block by block then decrypt with a one-shot call. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
+                else
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+                ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+                if (ret != 0)
+                    ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+
+        /* second, encrypt with a one-shot call then decrypt block by block. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
+                else
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
+            #if defined(WOLFSSL_ASYNC_CRYPT)
+                #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+                ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                                   WC_ASYNC_FLAG_NONE);
+                #else
+                ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+                #endif
+            #endif
+                if (ret != 0)
+                    ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+#endif /* WOLFSSL_AESXTS_STREAM */
     }
 #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
         * !WOLFSSL_AFALG
@@ -9723,18 +12298,23 @@ static wc_test_ret_t aes_xts_128_test(void)
 
   out:
 
+    #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+        !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
+        !defined(WOLFSSL_NO_MALLOC)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+
     if (aes_inited)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
 }
-#endif /* WOLFSSL_AES_128 */
-
+#endif /* WOLFSSL_AES_192 */
+#endif /* HAVE_FIPS */
 
 #ifdef WOLFSSL_AES_256
 static wc_test_ret_t aes_xts_256_test(void)
@@ -9746,8 +12326,20 @@ static wc_test_ret_t aes_xts_256_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 3];
-    unsigned char cipher[AES_BLOCK_SIZE * 3];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 3];
+    unsigned char cipher[WC_AES_BLOCK_SIZE * 3];
+#ifdef WOLFSSL_AESXTS_STREAM
+    struct XtsAesStreamData stream;
+#endif
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+        !defined(WOLFSSL_AFALG)
+    #define LARGE_XTS_SZ        1024
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* large_input = NULL;
+    #else
+    byte large_input[LARGE_XTS_SZ];
+    #endif
+#endif
 
     /* 256 key tests */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@@ -9828,7 +12420,7 @@ static wc_test_ret_t aes_xts_256_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
     && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
+    ret = EVP_test(wolfSSL_EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_256_xts failed\n");
         goto out;
@@ -9855,6 +12447,32 @@ static wc_test_ret_t aes_xts_256_test(void)
     if (XMEMCMP(c2, buf, sizeof(c2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c2, buf, sizeof(c2)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
     if (ret != 0)
@@ -9865,9 +12483,35 @@ static wc_test_ret_t aes_xts_256_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(c1, buf, sizeof(c1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
+
     /* partial block encryption test */
     XMEMSET(cipher, 0, sizeof(cipher));
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
@@ -9884,7 +12528,11 @@ static wc_test_ret_t aes_xts_256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9894,13 +12542,36 @@ static wc_test_ret_t aes_xts_256_test(void)
     /* NIST decrypt test vector */
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (XMEMCMP(p1, buf, sizeof(p1)))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef WOLFSSL_AESXTS_STREAM
+    ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
+
+    ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(p1, buf, sizeof(p1)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* WOLFSSL_AESXTS_STREAM */
 
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
@@ -9908,21 +12579,191 @@ static wc_test_ret_t aes_xts_256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(p2, buf, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+    !defined(WOLFSSL_AFALG)
+    {
+        int i;
+        int j;
+#ifdef WOLFSSL_AESXTS_STREAM
+        int k;
+#endif
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (large_input == NULL)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
+    #endif
+
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+
+#ifdef WOLFSSL_AESXTS_STREAM
+        for (i = 0; i < (int)LARGE_XTS_SZ; i++)
+            large_input[i] = (byte)i;
+
+        /* first, encrypt block by block then decrypt with a one-shot call. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+                else
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+                ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+                if (ret != 0)
+                    ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+            ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                               WC_ASYNC_FLAG_NONE);
+            #else
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+            #endif
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+
+        /* second, encrypt with a one-shot call then decrypt block by block. */
+        for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
+                sizeof(i1));
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
+        #if defined(WOLFSSL_ASYNC_CRYPT)
+            ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
+            if (ret != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+                else
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
+            #if defined(WOLFSSL_ASYNC_CRYPT)
+                #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+                ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
+                                   WC_ASYNC_FLAG_NONE);
+                #else
+                ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+                #endif
+            #endif
+                if (ret != 0)
+                    ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    break;
+            }
+
+            for (i = 0; i < j; i++) {
+                if (large_input[i] != (byte)i) {
+                    ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+                }
+            }
+        }
+#endif /* WOLFSSL_AESXTS_STREAM */
+    }
+#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
+        * !WOLFSSL_AFALG
+        */
+
   out:
 
+    #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
+        !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
+        !defined(WOLFSSL_NO_MALLOC)
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+
     if (aes_inited)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -9941,7 +12782,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 2];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2];
 
     /* 128 key tests */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@@ -10129,7 +12970,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     /* decrypt test */
@@ -10139,11 +12980,15 @@ static wc_test_ret_t aes_xts_sector_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     /* 256 bit key tests */
@@ -10167,7 +13012,11 @@ static wc_test_ret_t aes_xts_sector_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -10199,7 +13048,11 @@ static wc_test_ret_t aes_xts_sector_test(void)
     ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3,
             sizeof(c3), s3, sectorSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -10214,8 +13067,7 @@ out:
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -10234,7 +13086,7 @@ static wc_test_ret_t aes_xts_args_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret;
-    unsigned char buf[AES_BLOCK_SIZE * 2];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2];
 
     /* 128 key tests */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@@ -10296,14 +13148,22 @@ static wc_test_ret_t aes_xts_args_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret == 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
 #if defined(WOLFSSL_ASYNC_CRYPT)
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
+    #else
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
 #endif
     if (ret == 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -10316,8 +13176,7 @@ static wc_test_ret_t aes_xts_args_test(void)
         wc_AesXtsFree(aes);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (aes)
-        XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
 #endif
 
     return ret;
@@ -10325,11 +13184,12 @@ static wc_test_ret_t aes_xts_args_test(void)
 #endif /* WOLFSSL_AES_128 */
 #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
-static wc_test_ret_t aes_cbc_test(void)
+#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+    !defined(HAVE_RENESAS_SYNC)
+static wc_test_ret_t aes_cbc_oneshot_test(void)
 {
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     wc_test_ret_t ret;
     WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
@@ -10339,29 +13199,29 @@ static wc_test_ret_t aes_cbc_test(void)
     byte key[] = "0123456789abcdef   ";  /* align */
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
 
     /* Parameter Validation testing. */
-    ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
-    if (ret != BAD_FUNC_ARG)
+    ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key, 17, NULL);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
-    if (ret != BAD_FUNC_ARG)
+    ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key, 17, NULL);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
-    ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
-                                  AES_BLOCK_SIZE, iv);
+    ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key,
+                                  WC_AES_BLOCK_SIZE, iv);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
-                                  AES_BLOCK_SIZE, iv);
+    ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key,
+                                  WC_AES_BLOCK_SIZE, iv);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -10370,179 +13230,18 @@ static wc_test_ret_t aes_cbc_test(void)
 }
 #endif
 
-#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-static wc_test_ret_t aesecb_test(void)
+#if defined(WOLFSSL_AES_COUNTER)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *enc = NULL;
+    Aes *dec = NULL;
 #else
     Aes enc[1];
-#endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE * 4];
-#ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
-    byte plain [AES_BLOCK_SIZE * 4];
-#endif /* HAVE_AES_DECRYPT */
-    wc_test_ret_t ret = 0;
-
-#if defined(WOLFSSL_AES_256)
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
-        {
-            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
-        {
-            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
-        {
-            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-        };
-
-        ret = wc_AesInit(enc, HEAP_HINT, devId);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        enc_inited = 1;
-    #if defined(HAVE_AES_DECRYPT)
-        ret = wc_AesInit(dec, HEAP_HINT, devId);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        dec_inited = 1;
-    #endif
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif
-    }
-
-  out:
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#endif
-#else
-    if (enc_inited)
-        wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-#endif
-
-#endif /* WOLFSSL_AES_256 */
-
-    return ret;
-}
-#endif /* HAVE_AES_ECB */
-
-#ifdef WOLFSSL_AES_COUNTER
-static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
-{
+    byte cipher[WC_AES_BLOCK_SIZE * 4];
+    byte plain [WC_AES_BLOCK_SIZE * 4];
     wc_test_ret_t ret = 0;
 
     /* test vectors from "Recommendation for Block Cipher Modes of
@@ -10566,7 +13265,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
     };
 
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] =
     {
         0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff,
@@ -10603,7 +13302,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
     };
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] =
     {
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
@@ -10636,7 +13335,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
     };
 
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] =
     {
         0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
@@ -10720,7 +13419,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
         0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
     };
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] =
     {
         0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67,
@@ -10753,7 +13452,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
     };
 
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] =
     {
         0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
@@ -10837,7 +13536,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
         0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a
     };
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] =
     {
         0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0,
@@ -10870,7 +13569,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
     };
 
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] =
     {
         0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
@@ -10954,7 +13653,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
         0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
     };
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
     WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] =
     {
         0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94,
@@ -10989,7 +13688,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
           ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
           ctr128Wrap128CipherLong },
-    #ifdef WOLFSSL_ARMASM
+    #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
         { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2,
           ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong),
           ctr128Wrap128_2CipherLong },
@@ -11031,7 +13730,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
           ctrPlain, (int)sizeof(ctr192Wrap128CipherLong),
           ctr192Wrap128CipherLong },
-    #ifdef WOLFSSL_ARMASM
+    #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
         { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2,
           ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong),
           ctr192Wrap128_2CipherLong },
@@ -11073,7 +13772,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
           ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
           ctr256Wrap128CipherLong },
-    #ifdef WOLFSSL_ARMASM
+    #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
         { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2,
           ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong),
           ctr256Wrap128_2CipherLong },
@@ -11106,41 +13805,61 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
     };
     #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
 
+    WOLFSSL_ENTER("aes_ctr_test");
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    XMEMSET(dec, 0, sizeof(Aes));
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
-            ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
+            ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             if (ret != 0) {
                 ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
             }
             /* Ctr only uses encrypt, even on key setup */
-            ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
+            ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             if (ret != 0) {
                 ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
             }
         }
 
-        ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
+        ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
-        ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
+        ret = wc_AesCtrEncrypt(dec, plain, cipher, (word32)testVec[i].len);
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
 
-        if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
+        if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
 #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
-        if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
+        if (XMEMCMP(cipher, testVec[i].cipher, (size_t)testVec[i].len)) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
 #endif
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
@@ -11156,13 +13875,13 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
             }
         }
 
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0) {
@@ -11181,7 +13900,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
-            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -11189,7 +13908,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
                 ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
             }
             /* Ctr only uses encrypt, even on key setup */
-            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
             ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -11217,143 +13936,312 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 #endif
     }
 
-#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */
-
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
 
 out:
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
     return ret;
 }
 #endif /* WOLFSSL_AES_COUNTER */
 
-
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
-{
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#else
-    Aes enc[1];
-#endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE * 4];
-#ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#else
-    Aes dec[1];
-#endif
-    int dec_inited = 0;
-    byte plain [AES_BLOCK_SIZE * 4];
-#endif /* HAVE_AES_DECRYPT */
-#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
-    wc_test_ret_t ret = 0;
-
-#ifdef HAVE_AES_CBC
-#ifdef WOLFSSL_AES_128
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
-    {
-        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
-        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
-    };
-    #ifdef HAVE_RENESAS_SYNC
-        const byte *key =
-                (byte*)guser_PKCbInfo.wrapped_key_aes128;
-    #else
-        WOLFSSL_SMALL_STACK_STATIC const
-            byte key[] = "0123456789abcdef   ";  /* align */
-    #endif
-    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";  /* align */
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
-    if (enc == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
-    if (dec == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
-    ret = wc_AesInit(enc, HEAP_HINT, devId);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
-    ret = wc_AesInit(dec, HEAP_HINT, devId);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
-#endif
-
-    ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
-    ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#endif
-
 #ifdef HAVE_AES_ECB
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[AES_BLOCK_SIZE] = {
-            0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
-            0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
-        };
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
-        ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
+static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
+{
+    wc_test_ret_t ret = 0;
+    /* keys padded to block size (16 bytes) */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_128[] =
+        "0123456789abcdef   ";
+    WOLFSSL_SMALL_STACK_STATIC const byte key_192[] =
+        "0123456789abcdef01234567   ";
+    WOLFSSL_SMALL_STACK_STATIC const byte key_256[] =
+        "0123456789abcdef0123456789abcdef   ";
+    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
+        0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[WC_AES_BLOCK_SIZE] = {
+        0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
+        0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[WC_AES_BLOCK_SIZE] = {
+        0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1,
+        0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[WC_AES_BLOCK_SIZE] = {
+        0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33,
+        0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = {
+        0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+        0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+        0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+        0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = {
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = {
+        0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+        0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+    };
+
+    int i;
+    struct {
+        const byte* key;
+        int         keySz;
+        const byte* iv; /* null uses 0's */
+        const byte* plain;
+        const byte* verify;
+    } testVec[] = {
+        { key_128, 16, iv,   msg,     verify_ecb_128 },
+        { key_192, 24, iv,   msg,     verify_ecb_192 },
+        { key_256, 32, iv,   msg,     verify_ecb_256 },
+        { niKey,   32, NULL, niPlain, niCipher }
+    };
+    #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
+
+    for (i = 0; i < AES_ECB_TEST_LEN; i++) {
+        ret = wc_AesSetKey(enc, testVec[i].key, testVec[i].keySz, testVec[i].iv,
+            AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        ret = wc_AesSetKey(dec, testVec[i].key, testVec[i].keySz, testVec[i].iv,
+            AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+
+        XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(cipher, verify_ecb, AES_BLOCK_SIZE))
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (XMEMCMP(cipher, testVec[i].verify, WC_AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!");
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        }
     #ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
-        ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
+        XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesEcbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (XMEMCMP(plain, testVec[i].plain, WC_AES_BLOCK_SIZE))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     #endif /* HAVE_AES_DECRYPT */
+        (void)dec;
+        (void)plain;
     }
-#endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
-    ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
+out:
+    return ret;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef WOLFSSL_AES_DIRECT
+static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
+{
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_direct_test");
+
+#if defined(WOLFSSL_AES_256)
+    {
+        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
+        {
+            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+        };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
+        {
+            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+        };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
+        {
+            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+        };
+
+        XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#if !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_LINUXKM) || \
+     !defined(HAVE_FIPS) || \
+     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_AesEncryptDirect(enc, cipher, niPlain);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+        wc_AesEncryptDirect(enc, cipher, niPlain);
 #endif
+        if (XMEMCMP(cipher, niCipher, WC_AES_BLOCK_SIZE) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef HAVE_AES_DECRYPT
+        XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#if !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_LINUXKM) || \
+     !defined(HAVE_FIPS) || \
+     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_AesDecryptDirect(dec, plain, niCipher);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+        wc_AesDecryptDirect(dec, plain, niCipher);
+#endif
+        if (XMEMCMP(plain, niPlain, WC_AES_BLOCK_SIZE) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* HAVE_AES_DECRYPT */
+    }
+out:
+#endif /* WOLFSSL_AES_256 */
+    (void)enc;
+    (void)dec;
+    (void)cipher;
+    (void)plain;
+    return ret;
+}
+#endif /* WOLFSSL_AES_DIRECT */
+
+#ifdef HAVE_AES_CBC
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    Aes *enc = NULL;
+#else
+    Aes enc[1];
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    Aes *dec = NULL;
+#else
+    Aes dec[1];
+#endif
+#endif
+    byte cipher[WC_AES_BLOCK_SIZE * 4];
+#ifdef HAVE_AES_DECRYPT
+    byte plain [WC_AES_BLOCK_SIZE * 4];
+#endif
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_cbc_test");
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
-    ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif /* HAVE_AES_DECRYPT */
-    /* skipped because wrapped key use in case of renesas sm */
-    #ifndef HAVE_RENESAS_SYNC
-    if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#ifdef WOLFSSL_AES_128
+    {
+        /* "Now is the time for all " w/o trailing 0 */
+        WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
+            0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+            0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+            0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+        WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
+        {
+            0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+            0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+        };
+    #ifdef HAVE_RENESAS_SYNC
+        const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128;
+    #else
+        /* padded to 16-byye */
+        WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef   ";
     #endif
+        /* padded to 16-bytes */
+        WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
+
+        ret = wc_AesSetKey(enc, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        ret = wc_AesSetKey(dec, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+
+        XMEMSET(cipher, 0, sizeof(cipher));
+        ret = wc_AesCbcEncrypt(enc, cipher, msg, WC_AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        XMEMSET(plain, 0, sizeof(plain));
+        ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+        if (ret != 0) {
+            WOLFSSL_MSG("failed wc_AesCbcDecrypt");
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
+    #endif /* HAVE_AES_DECRYPT */
+        /* skipped because wrapped key use in case of renesas sm */
+        #ifndef HAVE_RENESAS_SYNC
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
+        #endif
+    }
 #endif /* WOLFSSL_AES_128 */
 
 #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
@@ -11409,16 +14297,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
             0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
             0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
         };
-        WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
+        WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] =
+            "0123456789abcdeffedcba9876543210";
+        /* padded to 16-bytes */
+        WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
         word32 keySz, msgSz;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
 
         if ((bigCipher == NULL) ||
             (bigPlain == NULL)) {
-            if (bigCipher != NULL)
-                XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 #else
@@ -11426,12 +14319,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         byte bigPlain[sizeof(bigMsg)];
 #endif
 
-        /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
-         * message by AES_BLOCK_SIZE for each size of AES key. */
+        /* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
+         * message by WC_AES_BLOCK_SIZE for each size of AES key. */
         for (keySz = 16; keySz <= 32; keySz += 8) {
-            for (msgSz = AES_BLOCK_SIZE;
+            for (msgSz = WC_AES_BLOCK_SIZE;
                  msgSz <= sizeof(bigMsg);
-                 msgSz += AES_BLOCK_SIZE) {
+                 msgSz += WC_AES_BLOCK_SIZE) {
 
                 XMEMSET(bigCipher, 0, sizeof(bigMsg));
                 XMEMSET(bigPlain, 0, sizeof(bigMsg));
@@ -11473,14 +14366,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
                 break;
         }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-        /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
-         * message by AES_BLOCK_SIZE for each size of AES key. */
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+        /* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
+         * message by WC_AES_BLOCK_SIZE for each size of AES key. */
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         for (keySz = 16; keySz <= 32; keySz += 8) {
-            for (msgSz = AES_BLOCK_SIZE;
+            for (msgSz = WC_AES_BLOCK_SIZE;
                  msgSz <= sizeof(bigMsg);
-                 msgSz += AES_BLOCK_SIZE) {
+                 msgSz += WC_AES_BLOCK_SIZE) {
 
                 XMEMSET(bigCipher, 0, sizeof(bigMsg));
                 XMEMSET(bigPlain, 0, sizeof(bigMsg));
@@ -11522,7 +14415,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
                 break;
         }
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11568,121 +14461,157 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
-        ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
+        XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 2);
+        ret = wc_AesCbcEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifndef HAVE_RENESAS_SYNC
-        if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif
-        ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
-                msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesCbcEncrypt(enc, cipher + WC_AES_BLOCK_SIZE,
+                msg2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, verify2 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         #if defined(HAVE_AES_DECRYPT)
         ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
-        ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
+        XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 2);
+        ret = wc_AesCbcDecrypt(dec, plain, verify2, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
-                verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesCbcDecrypt(dec, plain + WC_AES_BLOCK_SIZE,
+                verify2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, msg2 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare");
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
+        }
         #endif /* HAVE_AES_DECRYPT */
+
+        aes_cbc_oneshot_test();
     }
 #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
+
+  out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
+
+    return ret;
+}
 #endif /* HAVE_AES_CBC */
 
-#ifdef WOLFSSL_AES_COUNTER
-    ret = aesctr_test(enc, dec, cipher, plain);
+#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+static wc_test_ret_t aes_ecb_direct_test(void)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    Aes *enc = NULL;
+#else
+    Aes enc[1];
+#endif
+#if !defined(HAVE_AES_DECRYPT) || \
+    (defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC))
+    Aes *dec = NULL;
+#else
+    Aes dec[1];
+#endif
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain [WC_AES_BLOCK_SIZE];
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_ecb/direct_test");
+
+#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+#endif
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#else
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
+#ifdef HAVE_AES_ECB
+    ret = aes_ecb_test(enc, dec, cipher, plain);
     if (ret != 0)
         return ret;
 #endif
 
-#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
-        {
-            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
-        {
-            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
-        {
-            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-        };
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
-     !defined(HAVE_FIPS) || \
-     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret = wc_AesEncryptDirect(enc, cipher, niPlain);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#else
-        wc_AesEncryptDirect(enc, cipher, niPlain);
+#ifdef WOLFSSL_AES_DIRECT
+    ret = aes_direct_test(enc, dec, cipher, plain);
+    if (ret != 0)
+        return ret;
 #endif
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
-     !defined(HAVE_FIPS) || \
-     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret = wc_AesDecryptDirect(dec, plain, niCipher);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+  out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
 #else
-        wc_AesDecryptDirect(dec, plain, niCipher);
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-    }
-#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
+
+    return ret;
+}
+#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
+{
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_test");
 
 #ifndef HAVE_RENESAS_SYNC
     ret = aes_key_size_test();
@@ -11690,111 +14619,98 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         goto out;
 #endif
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
-    !defined(HAVE_RENESAS_SYNC)
-    ret = aes_cbc_test();
+#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+    ret = aes_ecb_direct_test();
     if (ret != 0)
-        goto out;
+        return ret;
 #endif
 
-#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+  out:
+    return ret;
+}
+
+#if defined(WOLFSSL_AES_CFB)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
+{
+    int ret;
+    WOLFSSL_ENTER("aes_cfb_test");
+
+    ret = aescfb_test_0();
+    if (ret != 0)
+        return ret;
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
+    ret = aescfb1_test();
+    if (ret != 0)
+        return ret;
+
+    ret = aescfb8_test();
+    if (ret != 0)
+        return ret;
+#endif
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_AES_XTS)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
+{
+    int ret = 0;
+    WOLFSSL_ENTER("aes_xts_test");
+
     #ifdef WOLFSSL_AES_128
     ret = aes_xts_128_test();
     if (ret != 0)
-        goto out;
+        return ret;
     #endif
+
+/* FIPS won't allow for XTS-384 (two 192-bit keys) */
+#ifndef HAVE_FIPS
+    #ifdef WOLFSSL_AES_192
+    ret = aes_xts_192_test();
+    if (ret != 0)
+        return ret;
+    #endif
+#endif
+
     #ifdef WOLFSSL_AES_256
     ret = aes_xts_256_test();
     if (ret != 0)
-        goto out;
+        return ret;
     #endif
     #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
     ret = aes_xts_sector_test();
     if (ret != 0)
-        goto out;
+        return ret;
     #endif
     #ifdef WOLFSSL_AES_128
     ret = aes_xts_args_test();
     if (ret != 0)
-        goto out;
+        return ret;
     #endif
-#endif
-
-#if defined(WOLFSSL_AES_CFB)
-    ret = aescfb_test();
-    if (ret != 0)
-        goto out;
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = aescfb1_test();
-    if (ret != 0)
-        goto out;
-
-    ret = aescfb8_test();
-    if (ret != 0)
-        goto out;
-#endif
-#endif
-
-#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    ret = aesecb_test();
-    if (ret != 0)
-        goto out;
-#endif
-
-  out:
-
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else
-    if (enc_inited)
-        wc_AesFree(enc);
-#endif
-    (void)cipher;
-#ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-    (void)plain;
-#endif /* HAVE_AES_DECRYPT */
-#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
-
-    return ret;
+    return 0;
 }
+#endif
 
 #ifdef WOLFSSL_AES_192
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 {
+    wc_test_ret_t ret = 0;
 #ifdef HAVE_AES_CBC
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *enc = NULL;
 #else
     Aes enc[1];
 #endif
-    byte cipher[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *dec = NULL;
 #else
     Aes dec[1];
 #endif
-    byte plain[AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
 #endif
-#endif /* HAVE_AES_CBC */
-    wc_test_ret_t ret = 0;
 
-#ifdef HAVE_AES_CBC
     /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
      * Appendix F.2.3  */
 
@@ -11809,33 +14725,40 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
         0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
     };
 
-    WOLFSSL_SMALL_STACK_STATIC byte key[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
         0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
         0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
     };
-    WOLFSSL_SMALL_STACK_STATIC byte iv[]  = {
+    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
     };
+    WOLFSSL_ENTER("aes192_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -11846,7 +14769,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11857,7 +14780,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11865,22 +14788,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
+        WOLFSSL_MSG("failed wc_AesCbcDecrypt plain-msg compare");
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif
 
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
-
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 #endif /* HAVE_AES_CBC */
@@ -11898,14 +14822,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #else
     Aes enc[1];
 #endif
-    byte cipher[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *dec = NULL;
 #else
     Aes dec[1];
 #endif
-    byte plain[AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
 #endif
 #endif /* HAVE_AES_CBC */
     wc_test_ret_t ret = 0;
@@ -11928,7 +14852,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
                 (byte*)guser_PKCbInfo.wrapped_key_aes256;
     int keySz = (256/8);
 #else
-    WOLFSSL_SMALL_STACK_STATIC byte key[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
         0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
         0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
@@ -11936,39 +14860,46 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     };
     int keySz = (int)sizeof(key);
 #endif
-    WOLFSSL_SMALL_STACK_STATIC byte iv[]  = {
+    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
     };
+    WOLFSSL_ENTER("aes256_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-    ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
+    ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
+    ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11976,7 +14907,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11991,12 +14922,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -12006,8 +14933,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12016,8 +14943,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12034,25 +14961,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
-
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12060,7 +14982,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12076,20 +14998,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
-    wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    wc_AesFree(dec);
-#endif
-
-#endif
+#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
 #ifdef HAVE_AES_DECRYPT
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 #endif /* HAVE_AES_CBC */
@@ -12107,7 +15029,6 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
                 byte* aad, int aadSz, byte* tag, int tagSz)
 {
     wc_test_ret_t ret;
-    int enc_inited = 0, dec_inited = 0;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *enc = NULL;
     Aes *dec = NULL;
@@ -12116,53 +15037,53 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     Aes dec[1];
 #endif
 
-    byte resultT[AES_BLOCK_SIZE];
-    byte resultP[AES_BLOCK_SIZE * 3];
-    byte resultC[AES_BLOCK_SIZE * 3];
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
+    byte resultT[WC_AES_BLOCK_SIZE];
+    byte resultP[WC_AES_BLOCK_SIZE * 3];
+    byte resultC[WC_AES_BLOCK_SIZE * 3];
 
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    XMEMSET(dec, 0, sizeof(Aes));
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-    ret = wc_AesGcmSetKey(enc, key, keySz);
+    ret = wc_AesGcmSetKey(enc, key, (word32)keySz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
-                                     resultT, tagSz, aad, aadSz);
+    ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, (word32)ivSz,
+                                     resultT, (word32)tagSz, aad, (word32)aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (cipher != NULL) {
-        if (XMEMCMP(cipher, resultC, cipherSz))
+        if (XMEMCMP(cipher, resultC, (word32)cipherSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
-    if (XMEMCMP(tag, resultT, tagSz))
+    if (XMEMCMP(tag, resultT, (unsigned long)tagSz))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
                                      resultT, tagSz, aad, aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -12172,7 +15093,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (cipher != NULL) {
-        if (XMEMCMP(cipher, resultC, cipherSz))
+        if (XMEMCMP(cipher, resultC, (unsigned long)cipherSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
     if (XMEMCMP(tag, resultT, tagSz))
@@ -12180,24 +15101,24 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
 #endif
 
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesGcmSetKey(dec, key, keySz);
+    ret = wc_AesGcmSetKey(dec, key, (word32)keySz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
-                   iv, ivSz, resultT, tagSz, aad, aadSz);
+    ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz,
+                   iv, (word32)ivSz, resultT, (word32)tagSz, aad, (word32)aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (plain != NULL) {
-        if (XMEMCMP(plain, resultP, plainSz))
+        if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
                    iv, ivSz, resultT, tagSz, aad, aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -12207,7 +15128,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (plain != NULL) {
-        if (XMEMCMP(plain, resultP, plainSz))
+        if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif
@@ -12219,21 +15140,11 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
 #else
-    if (enc_inited)
-        wc_AesFree(enc);
-    if (dec_inited)
-        wc_AesFree(dec);
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
 
     return ret;
@@ -12322,6 +15233,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void)
     };
 
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("aesgcm_default_test");
+
     ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
             plain1, sizeof(plain1), cipher1, sizeof(cipher1),
             aad1, sizeof(aad1), tag1, sizeof(tag1));
@@ -12372,14 +15285,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         0xba, 0x63, 0x7b, 0x39
     };
 
-#if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
     WOLFSSL_SMALL_STACK_STATIC const byte a[] =
     {
         0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
         0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
         0xab, 0xad, 0xda, 0xd2
     };
-#endif
 
 #ifdef WOLFSSL_AES_256
 #ifdef HAVE_RENESAS_SYNC
@@ -12395,12 +15306,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     };
     int k1Sz = (int)sizeof(k1);
 #endif
+#endif /* WOLFSSL_AES_256 */
     WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
     {
         0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
         0xde, 0xca, 0xf8, 0x88
     };
-#endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
     WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
@@ -12521,20 +15432,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
 #endif
 
-    byte resultT[sizeof(t1) + AES_BLOCK_SIZE];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
-#ifdef WOLFSSL_AES_256
-    #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
-    int  alen;
-    #endif
-    #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
-    int  plen;
-    #endif
-#endif
+
+    int  alen = 0;
+    int  plen = 0;
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
-    byte buf[sizeof(p) + AES_BLOCK_SIZE];
+    byte buf[sizeof(p) + WC_AES_BLOCK_SIZE];
     byte bufA[sizeof(a) + 1];
     byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -12546,43 +15452,49 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
 #ifndef WOLFSSL_NO_MALLOC
     byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
+    (void)alen;
+    (void)plen;
+
     if ((! large_input) || (! large_output) || (! large_outdec))
         ERROR_OUT(MEMORY_E, out);
 
 #else
     byte large_input[BENCH_AESGCM_LARGE];
-    byte large_output[BENCH_AESGCM_LARGE];
+    byte large_output[BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE];
     byte large_outdec[BENCH_AESGCM_LARGE];
 #endif
 
     XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
-    XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
+    XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE);
     XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
 #endif
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
+    WOLFSSL_ENTER("aesgcm_test");
 
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
 #ifdef WOLFSSL_AES_256
-    ret = wc_AesGcmSetKey(enc, k1, k1Sz);
+    ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -12602,7 +15514,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
 
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesGcmSetKey(dec, k1, k1Sz);
+    ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -12748,7 +15660,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
         /* AES-GCM encrypt and decrypt both use AES encrypt internally */
         ret = wc_AesGcmEncrypt(enc, large_output, large_input,
-                                  plen, iv1, sizeof(iv1), resultT,
+                                  (word32)plen, iv1, sizeof(iv1), resultT,
                                   sizeof(t1), a, sizeof(a));
 #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12758,7 +15670,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
 #ifdef HAVE_AES_DECRYPT
         ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
-                                  plen, iv1, sizeof(iv1), resultT,
+                                  (word32)plen, iv1, sizeof(iv1), resultT,
                                   sizeof(t1), a, sizeof(a));
 #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -12827,8 +15739,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
     /* Large buffer test */
 #ifdef BENCH_AESGCM_LARGE
-    wc_AesGcmSetKey(enc, k2, k3Sz);
-    wc_AesGcmSetKey(dec, k2, k3Sz);
+    wc_AesGcmSetKey(enc, k2, (word32)sizeof(k2));
+    wc_AesGcmSetKey(dec, k2, (word32)sizeof(k2));
     /* setup test buffer */
     for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
         large_input[alen] = (byte)alen;
@@ -12862,7 +15774,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XMEMSET(resultP, 0, sizeof(resultP));
 #endif /* WOLFSSL_AES_192 */
 #ifdef WOLFSSL_AES_128
-    wc_AesGcmSetKey(enc, k3, k3Sz);
+    wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
                                         resultT, sizeof(t3), a3, sizeof(a3));
@@ -12892,8 +15804,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
     /* Large buffer test */
 #ifdef BENCH_AESGCM_LARGE
-    wc_AesGcmSetKey(enc, k3, k3Sz);
-    wc_AesGcmSetKey(dec, k3, k3Sz);
+    wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
+    wc_AesGcmSetKey(dec, k3, (word32)k3Sz);
     /* setup test buffer */
     for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
         large_input[alen] = (byte)alen;
@@ -12932,7 +15844,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
-    wc_AesGcmSetKey(enc, k1, k1Sz);
+    wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
                                 resultT + 1, sizeof(t1) - 1, a, sizeof(a));
@@ -12978,7 +15890,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         XMEMSET(resultC, 0, sizeof(resultC));
         XMEMSET(resultP, 0, sizeof(resultP));
 
-        wc_AesGcmSetKey(enc, k1, k1Sz);
+        wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
         ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13005,7 +15917,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         }
 
 #ifdef HAVE_AES_DECRYPT
-        wc_AesGcmSetKey(dec, k1, k1Sz);
+        wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
         ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13061,7 +15973,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
 
     /* alen is the size to pass in with each update. */
-    for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
+    for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
         ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13070,7 +15982,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         for (plen = 0; plen < (int)sizeof(a); plen += alen)  {
             int len = sizeof(a) - plen;
             if (len > alen) len = alen;
-            ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
+            ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         }
@@ -13078,7 +15990,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         for (plen = 0; plen < (int)sizeof(p); plen += alen)  {
             int len = sizeof(p) - plen;
             if (len > alen) len = alen;
-            ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
+            ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, (word32)len,
                 NULL, 0);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13093,7 +16005,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     }
 
 #ifdef HAVE_AES_DECRYPT
-    for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
+    for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
         ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13102,7 +16014,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         for (plen = 0; plen < (int)sizeof(a); plen += alen)  {
             int len = sizeof(a) - plen;
             if (len > alen) len = alen;
-            ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
+            ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         }
@@ -13110,7 +16022,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         for (plen = 0; plen < (int)sizeof(c1); plen += alen)  {
             int len = sizeof(c1) - plen;
             if (len > alen) len = alen;
-            ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
+            ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, (word32)len,
                 NULL, 0);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13153,29 +16065,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif /* WOLFSSL_AES_256 */
 #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
 
-    wc_AesFree(enc);
-    wc_AesFree(dec);
-
     ret = 0;
 
   out:
 
 #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
     !defined(WOLFSSL_NO_MALLOC)
-    if (large_input)
-        XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (large_output)
-        XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (large_outdec)
-        XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc)
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    if (dec)
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
 
     return ret;
@@ -13184,12 +16090,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #ifdef WOLFSSL_AES_128
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 {
-    wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Gmac *gmac;
 #else
     Gmac gmac[1];
 #endif
+    wc_test_ret_t ret;
 
     WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
     {
@@ -13240,6 +16146,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 #endif
 
     byte tag[16];
+    WOLFSSL_ENTER("gmac_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -13290,7 +16197,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
                     badT, sizeof(badT));
-        if (ret != AES_GCM_AUTH_E)
+        if (ret != WC_NO_ERR_TRACE(AES_GCM_AUTH_E))
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
                     t2, sizeof(t2));
@@ -13331,7 +16238,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 
 static wc_test_ret_t aesccm_256_test(void)
 {
-    wc_test_ret_t ret;
+    wc_test_ret_t ret = 0;
     /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
     WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
         0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
@@ -13353,15 +16260,14 @@ static wc_test_ret_t aesccm_256_test(void)
     byte atag[sizeof(exp_tag)];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret);
     if (aes == NULL) {
-        return MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(ret);
     }
 #else
     Aes aes[1];
-#endif
-
     ret = wc_AesInit(aes, HEAP_HINT, devId);
+#endif
     if (ret == 0) {
         ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
     }
@@ -13378,6 +16284,7 @@ static wc_test_ret_t aesccm_256_test(void)
         ret = WC_TEST_RET_ENC_NC;
     }
 
+#ifdef HAVE_AES_DECRYPT
     if (ret == 0) {
         /* decrypt inline */
         ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output),
@@ -13391,11 +16298,12 @@ static wc_test_ret_t aesccm_256_test(void)
         XMEMCMP(output, in_plaintext, sizeof(output))) {
         ret = WC_TEST_RET_ENC_NC;
     }
-
-    wc_AesFree(aes);
+#endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, &aes);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -13409,7 +16317,7 @@ static wc_test_ret_t aesccm_128_test(void)
 {
     wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc;
+    Aes *enc = NULL;
 #else
     Aes enc[1];
 #endif
@@ -13503,19 +16411,20 @@ static wc_test_ret_t aesccm_128_test(void)
     byte tl2[sizeof(tl)];
     byte t_empty2[sizeof(t_empty)];
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-#endif
-
-    XMEMSET(enc, 0, sizeof *enc); /* clear context */
     XMEMSET(t2, 0, sizeof(t2));
     XMEMSET(c2, 0, sizeof(c2));
     XMEMSET(p2, 0, sizeof(p2));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesCcmSetKey(enc, k, sizeof(k));
     if (ret != 0)
@@ -13531,6 +16440,7 @@ static wc_test_ret_t aesccm_128_test(void)
     if (XMEMCMP(t, t2, sizeof(t2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef HAVE_AES_DECRYPT
     ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
                                                  t2, sizeof(t2), a, sizeof(a));
     if (ret != 0)
@@ -13550,14 +16460,14 @@ static wc_test_ret_t aesccm_128_test(void)
     XMEMSET(c2, 0, sizeof(c2));
     if (XMEMCMP(p2, c2, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-    wc_AesFree(enc);
+#endif
 
-    XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
     XMEMSET(t2, 0, sizeof(t2));
     XMEMSET(c2, 0, sizeof(c2));
     XMEMSET(p2, 0, sizeof(p2));
     XMEMSET(iv2, 0, sizeof(iv2));
 
+    wc_AesFree(enc);
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -13608,34 +16518,38 @@ static wc_test_ret_t aesccm_128_test(void)
     if (XMEMCMP(tl, tl2, sizeof(tl2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef HAVE_AES_DECRYPT
     ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
                                                 tl2, sizeof(tl2), a, sizeof(a));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (XMEMCMP(pl, pl2, sizeof(pl2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
     /* test empty message as null input or output with nonzero inSz. */
     ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
     ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
     /* test empty message as null input and output with zero inSz --
      * must either succeed, or fail early with BAD_FUNC_ARG.
@@ -13643,17 +16557,19 @@ static wc_test_ret_t aesccm_128_test(void)
     ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef HAVE_AES_DECRYPT
         ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
                                   0 /* inSz */, iv, sizeof(iv), t_empty2,
                                   sizeof(t_empty2), a, sizeof(a));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
     }
 
     /* test empty message as zero-length string -- must work. */
@@ -13665,19 +16581,22 @@ static wc_test_ret_t aesccm_128_test(void)
     if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
+#ifdef HAVE_AES_DECRYPT
     ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
-    wc_AesFree(enc);
+#endif
 
     ret = 0;
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
 
     return ret;
@@ -13687,6 +16606,8 @@ static wc_test_ret_t aesccm_128_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void)
 {
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("aesccm_test");
+
 #ifdef WOLFSSL_AES_128
     if (ret == 0)
         ret = aesccm_128_test();
@@ -13708,15 +16629,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
     typedef struct {
         byte key[AES_256_KEY_SIZE];
         int key_length;
-        byte iv[AES_BLOCK_SIZE];
+        byte iv[WC_AES_BLOCK_SIZE];
         int iv_length;
-        byte aad[AES_BLOCK_SIZE * 2];
+        byte aad[WC_AES_BLOCK_SIZE * 2];
         int aad_length;
-        byte msg[AES_BLOCK_SIZE * 2];
+        byte msg[WC_AES_BLOCK_SIZE * 2];
         int msg_length;
-        byte ct[AES_BLOCK_SIZE * 2];
+        byte ct[WC_AES_BLOCK_SIZE * 2];
         int ct_length;
-        byte tag[AES_BLOCK_SIZE];
+        byte tag[WC_AES_BLOCK_SIZE];
         int tag_length;
         int valid;
     } AadVector;
@@ -13798,27 +16719,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
 
     WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)];
     WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)];
-    wc_test_ret_t ret;
     int i;
     int len;
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("aes_eax_test");
+
 
     for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
 
         XMEMSET(ciphertext, 0, sizeof(ciphertext));
 
         len = sizeof(authtag);
-        ret = wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
+        ret = wc_AesEaxEncryptAuth(vectors[i].key, (word32)vectors[i].key_length,
                                    ciphertext,
-                                   vectors[i].msg, vectors[i].msg_length,
-                                   vectors[i].iv, vectors[i].iv_length,
-                                   authtag, len,
-                                   vectors[i].aad, vectors[i].aad_length);
+                                   vectors[i].msg, (word32)vectors[i].msg_length,
+                                   vectors[i].iv, (word32)vectors[i].iv_length,
+                                   authtag, (word32)len,
+                                   vectors[i].aad, (word32)vectors[i].aad_length);
         if (ret != 0) {
             return WC_TEST_RET_ENC_EC(ret);
         }
 
         /* check ciphertext matches vector */
-        if (XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length)) {
+        if (XMEMCMP(ciphertext, vectors[i].ct, (size_t)vectors[i].ct_length)) {
             return WC_TEST_RET_ENC_NC;
         }
 
@@ -13833,18 +16756,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
 
         XMEMSET(ciphertext, 0, sizeof(ciphertext));
 
-        ret = wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
+        ret = wc_AesEaxDecryptAuth(vectors[i].key, (word32)vectors[i].key_length,
                                    ciphertext,
-                                   vectors[i].ct, vectors[i].ct_length,
-                                   vectors[i].iv, vectors[i].iv_length,
-                                   authtag, len,
-                                   vectors[i].aad, vectors[i].aad_length);
+                                   vectors[i].ct, (word32)vectors[i].ct_length,
+                                   vectors[i].iv, (word32)vectors[i].iv_length,
+                                   authtag, (word32)len,
+                                   vectors[i].aad, (word32)vectors[i].aad_length);
         if (ret != 0) {
             return WC_TEST_RET_ENC_EC(ret);
         }
 
         /* check decrypted ciphertext matches vector plaintext */
-        if (XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length)) {
+        if (XMEMCMP(ciphertext, vectors[i].msg, (size_t)vectors[i].msg_length)) {
             return WC_TEST_RET_ENC_NC;
         }
 
@@ -14026,6 +16949,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
         {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
     #endif
     };
+
+    WOLFSSL_ENTER("aeskeywrap_test");
+
     testSz = sizeof(test_wrap) / sizeof(keywrapVector);
 
     XMEMSET(output, 0, sizeof(output));
@@ -14044,7 +16970,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
             return WC_TEST_RET_ENC_NC;
 
         plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
-                                  output, wrapSz,
+                                  output, (word32)wrapSz,
                                   plain, sizeof(plain), NULL);
 
         if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
@@ -14058,8 +16984,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
 }
 #endif /* HAVE_AES_KEYWRAP */
 
+#endif /* !NO_AES */
 
-#endif /* NO_AES */
 
 #ifdef HAVE_ARIA
 void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
@@ -14076,7 +17002,6 @@ void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
 
 WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
 {
-    int ret = 0;
     byte data[] = TEST_STRING;
     word32 dataSz = TEST_STRING_SZ;
 
@@ -14085,10 +17010,13 @@ WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
                        0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
                        0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
                        0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
-    byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[AES_BLOCK_SIZE];
+    byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[WC_AES_BLOCK_SIZE];
     word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
 
     wc_Aria aria;
+    int ret = 0;
+    WOLFSSL_ENTER("ariagcm_test");
+
     XMEMSET((void *)&aria, 0, sizeof(aria));
     ret = wc_AriaInitCrypt(&aria, algo);
     if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
@@ -14262,59 +17190,61 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
         0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
     };
 
-    byte out[CAMELLIA_BLOCK_SIZE];
-    Camellia cam;
-    int i, testsSz, ret;
+    byte out[WC_CAMELLIA_BLOCK_SIZE];
+    wc_Camellia cam;
     WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
     {
-        {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
-        {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
-        {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
-        {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
-        {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
-        {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
-        {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
-        {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
-        {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
-        {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
-        {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
-        {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
+        {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), 114},
+        {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), 115},
+        {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), 116},
+        {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), 117},
+        {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), 118},
+        {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), 119},
+        {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), 120},
+        {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), 121},
+        {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), 122},
+        {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), 123},
+        {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), 124},
+        {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), 125}
     };
+    int i, testsSz;
+    int ret;
+    WOLFSSL_ENTER("camellia_test");
 
     testsSz = sizeof(testVectors)/sizeof(test_vector_t);
     for (i = 0; i < testsSz; i++) {
         if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
                                                         testVectors[i].iv) != 0)
-            return testVectors[i].errorCode;
+            return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
 
         switch (testVectors[i].type) {
             case CAM_ECB_ENC:
                 ret = wc_CamelliaEncryptDirect(&cam, out,
                                                 testVectors[i].plaintext);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
-                                                        CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                        WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             case CAM_ECB_DEC:
                 ret = wc_CamelliaDecryptDirect(&cam, out,
                                                     testVectors[i].ciphertext);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
-                                                        CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                        WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             case CAM_CBC_ENC:
                 ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
-                                                           CAMELLIA_BLOCK_SIZE);
+                                                           WC_CAMELLIA_BLOCK_SIZE);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
-                                                        CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                        WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             case CAM_CBC_DEC:
                 ret = wc_CamelliaCbcDecrypt(&cam, out,
-                                testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
+                                testVectors[i].ciphertext, WC_CAMELLIA_BLOCK_SIZE);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
-                                                           CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                           WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             default:
                 break;
@@ -14325,14 +17255,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
     ret = wc_CamelliaSetIV(&cam, ivc);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE) != 0)
+    if (XMEMCMP(cam.reg, ivc, WC_CAMELLIA_BLOCK_SIZE) != 0)
         return WC_TEST_RET_ENC_NC;
 
     /* Setting the IV to NULL should be same as all zeros IV */
     ret = wc_CamelliaSetIV(&cam, NULL);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE) != 0)
+    if (XMEMCMP(cam.reg, ive, WC_CAMELLIA_BLOCK_SIZE) != 0)
         return WC_TEST_RET_ENC_NC;
 
     /* First parameter should never be null */
@@ -14789,7 +17719,7 @@ static int sm4_ccm_test(void)
 
     ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
     if (ret != 0)
-        return -6720;
+        return WC_TEST_RET_ENC_EC(ret);
 
     /* Encrypt and decrypt using encrypt with CCM. */
     ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
@@ -14842,6 +17772,7 @@ static int sm4_ccm_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
 {
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("sm4_test");
 
 #ifdef WOLFSSL_SM4_ECB
     ret = sm4_ecb_test();
@@ -14875,7 +17806,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
 
 #ifdef HAVE_XCHACHA
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
-    wc_test_ret_t ret;
 
     WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
         0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
@@ -14930,17 +17860,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
         0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
     };
 
+    wc_test_ret_t ret;
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
     byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
+    WOLFSSL_ENTER("XChaCha_test");
     if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
     struct ChaCha chacha[1];
     byte buf1[sizeof Plaintext];
     byte buf2[sizeof Plaintext];
+    WOLFSSL_ENTER("XChaCha_test");
 #endif
 
     ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
@@ -14968,12 +17902,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (chacha)
-        XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
-    if (buf1)
-        XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (buf2)
-        XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
+    XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -14982,7 +17913,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
 
 #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
-    wc_test_ret_t ret;
 
     WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
         0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
@@ -15019,15 +17949,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
       0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
     };
 
+    wc_test_ret_t ret;
+
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
+    WOLFSSL_ENTER("XChaCha20Poly1305_test");
     if ((buf1 == NULL) || (buf2 == NULL))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
     byte buf1[sizeof Ciphertext + sizeof Tag];
     byte buf2[sizeof Plaintext];
+    WOLFSSL_ENTER("XChaCha20Poly1305_test");
 #endif
 
     ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
@@ -15060,10 +17995,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (buf1 != NULL)
-        XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (buf2 != NULL)
-        XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -15071,7 +18004,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
 #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
 
 #ifndef WC_NO_RNG
-static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
+static wc_test_ret_t _rng_test(WC_RNG* rng)
 {
     byte block[32];
     wc_test_ret_t ret;
@@ -15081,8 +18014,7 @@ static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
 
     ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
     if (ret != 0) {
-        ret = 1;
-        goto exit;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     /* Check for 0's */
@@ -15093,49 +18025,36 @@ static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
     }
     /* All zeros count check */
     if (ret >= (int)sizeof(block)) {
-        ret = 2;
-        goto exit;
+        return WC_TEST_RET_ENC_NC;
     }
 
     ret = wc_RNG_GenerateByte(rng, block);
     if (ret != 0) {
-        ret = 3;
-        goto exit;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     /* Parameter validation testing. */
     ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
-    if (ret != BAD_FUNC_ARG) {
-        ret = 4;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
-    if (ret != BAD_FUNC_ARG) {
-        ret = 5;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     ret = wc_RNG_GenerateByte(NULL, block);
-    if (ret != BAD_FUNC_ARG) {
-        ret = 6;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_RNG_GenerateByte(rng, NULL);
-    if (ret != BAD_FUNC_ARG) {
-        ret = 7;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
-    ret = 0;
-
-exit:
-    if (ret != 0)
-        ret = errorOffset - (ret * 1000000);
-
-    return ret;
+    return 0;
 }
 
-
 static wc_test_ret_t random_rng_test(void)
 {
     WC_RNG localRng;
@@ -15152,7 +18071,7 @@ static wc_test_ret_t random_rng_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+    ret = _rng_test(rng);
 
     /* Make sure and free RNG */
     wc_FreeRng(rng);
@@ -15163,14 +18082,30 @@ static wc_test_ret_t random_rng_test(void)
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
     {
         byte nonce[8] = { 0 };
-        /* Test dynamic RNG. */
+
+        /* Test dynamic RNG */
         rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
         if (rng == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
-        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
-
+        ret = _rng_test(rng);
         wc_rng_free(rng);
+        rng = NULL;
+
+        if (ret != 0)
+            return ret;
+
+        /* Test dynamic RNG using extended API */
+        ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce),
+                            HEAP_HINT, devId);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_EC(ret);
+
+        ret = _rng_test(rng);
+        wc_rng_free(rng);
+
+        if (ret != 0)
+            return ret;
     }
 #endif
 
@@ -15298,6 +18233,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 
     byte output[WC_SHA256_DIGEST_SIZE * 4];
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("random_test");
 
     ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
                             output, sizeof(output));
@@ -15364,6 +18300,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 {
+    WOLFSSL_ENTER("random_test");
+
     /* Basic RNG generate block test */
     return random_rng_test();
 }
@@ -15376,7 +18314,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 #endif
 
 #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
-static int simple_mem_test(int sz)
+static int simple_mem_test(size_t sz)
 {
     int ret = 0;
     byte* b;
@@ -15387,11 +18325,11 @@ static int simple_mem_test(int sz)
         return WC_TEST_RET_ENC_NC;
     }
     /* utilize memory */
-    for (i = 0; i < sz; i++) {
+    for (i = 0; i < (int)sz; i++) {
         b[i] = (byte)i;
     }
     /* read back and verify */
-    for (i = 0; i < sz; i++) {
+    for (i = 0; i < (int)sz; i++) {
         if (b[i] != (byte)i) {
             ret = WC_TEST_RET_ENC_NC;
             break;
@@ -15427,7 +18365,7 @@ static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
         ret = in[j]; /* The big test: can we actually access the `in` data? */
     }
     else {
-        ret = -1;
+        ret = WC_TEST_RET_ENC_I(j);
     }
 
     return ret;
@@ -15437,6 +18375,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 {
     wc_test_ret_t ret = 0;
     word32 j = 0; /* used in embedded const pointer test */
+    WOLFSSL_ENTER("memory_test");
 
 #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
     int i;
@@ -15452,27 +18391,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 
 #ifdef WOLFSSL_STATIC_MEMORY
     /* check macro settings */
-    if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
+    if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
         return WC_TEST_RET_ENC_NC;
     }
 
-    if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
+    if (sizeof(dist)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
         return WC_TEST_RET_ENC_NC;
     }
 
-    for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
+    if (WOLFMEM_DEF_BUCKETS > WOLFMEM_MAX_BUCKETS) {
+        return WC_TEST_RET_ENC_NC;
+    }
+
+    for (i = 0; i < WOLFMEM_DEF_BUCKETS; i++) {
         if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
             /* each element in array should be divisible by alignment size */
             return WC_TEST_RET_ENC_NC;
         }
     }
 
-    for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
+    for (i = 1; i < WOLFMEM_DEF_BUCKETS; i++) {
         if (size[i - 1] >= size[i]) {
             return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */
         }
     }
 
+#ifndef WOLFSSL_STATIC_MEMORY_LEAN
     /* check that padding size returned is possible */
     if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
         return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */
@@ -15537,13 +18481,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
         return WC_TEST_RET_ENC_NC; /* should round to 0
                              since struct + bucket will not fit */
     }
+#endif
 
+    (void)pad;
     (void)dist; /* avoid static analysis warning of variable not used */
 #endif
 
 #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
     /* simple test */
-    ret = simple_mem_test(MEM_TEST_SZ);
+    ret = simple_mem_test((size_t)MEM_TEST_SZ);
     if (ret != 0)
         return ret;
 #endif
@@ -15551,7 +18497,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #ifdef COMPLEX_MEM_TEST
     /* test various size blocks */
     for (i = 1; i < MEM_TEST_SZ; i*=2) {
-        ret = simple_mem_test(i);
+        ret = simple_mem_test((size_t)i);
         if (ret != 0)
             return ret;
     }
@@ -15571,11 +18517,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
                 b = c;
         }
         #endif
-        if (b)
-            XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        if ((b == NULL)
+        XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        if (b == NULL
         #ifndef WOLFSSL_NO_REALLOC
-                || (c == NULL)
+                || c == NULL
         #endif
         ) {
             return WC_TEST_RET_ENC_ERRNO;
@@ -15605,6 +18550,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #elif defined(_WIN32_WCE)
     #define CERT_PREFIX "\\windows\\"
     #define CERT_PATH_SEP "\\"
+#elif defined(WOLFSSL_NDS)
+    #undef CERT_PREFIX
+    #ifndef WOLFSSL_MELONDS
+        #define CERT_PREFIX "fat:/_nds/"
+    #else
+        #define CERT_PREFIX "_nds/"
+    #endif
+    #define CERT_PATH_SEP "/"
 #endif
 
 #ifndef CERT_PREFIX
@@ -15637,7 +18590,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             #ifdef WOLFSSL_CERT_GEN
             static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
             #endif
-            #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
+            #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \
+                defined(HAVE_PKCS7)
             static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
             #endif
             #ifdef HAVE_PKCS7
@@ -15682,7 +18636,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             #ifndef NO_RSA
                 static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
             #endif
-            #ifndef NO_ASN_TIME
+            #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
                 static const char* eccCaKeyFile  = CERT_ROOT "ca-ecc-key.der";
                 static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
                 #ifdef ENABLE_ECC384_CERT_GEN_TEST
@@ -15723,12 +18677,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der";
     static const char* certExtNct =
             CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der";
+#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
+    static const char* certBadNegInt =
+            CERT_ROOT "test" CERT_PATH_SEP "cert-bad-neg-int.der";
+#endif
+    static const char* certBadOid =
+            CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der";
+#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT)
+    static const char* certBadUtf8 =
+            CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der";
+#endif
 #endif
 
 #ifndef NO_WRITE_TEMP_FILES
 #ifdef HAVE_ECC
     #ifndef NO_ECC_SECP
-        #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+        #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+            !defined(WOLFSSL_NO_MALLOC)
         static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
         static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
         #endif
@@ -15750,7 +18715,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #endif /* HAVE_ECC */
 
 #ifndef NO_RSA
-    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+        !defined(WOLFSSL_NO_MALLOC)
         static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
         static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
         static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
@@ -15859,16 +18825,16 @@ static void initDefaultName(void)
 
 #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
     !defined(NO_FILESYSTEM)
-static byte minSerial[] = { 0x02, 0x01, 0x01 };
-static byte minName[] = { 0x30, 0x00 };
-static byte nameBad[] = {
+static const byte minSerial[] = { 0x02, 0x01, 0x01 };
+static const byte minName[] = { 0x30, 0x00 };
+static const byte nameBad[] = {
     0x30, 0x08,
           0x31, 0x06,
                 0x30, 0x04,
                       0x06, 0x02,
                             0x55, 0x04,
 };
-static byte minDates[] = {
+static const byte minDates[] = {
     0x30, 0x1e,
           0x17, 0x0d,
                 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
@@ -15877,7 +18843,7 @@ static byte minDates[] = {
                 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
                 0x32, 0x33, 0x31, 0x30, 0x5a
 };
-static byte minPubKey[] = {
+static const byte minPubKey[] = {
     0x30, 0x1c,
           0x30, 0x0d,
                 0x06, 0x09,
@@ -15891,14 +18857,14 @@ static byte minPubKey[] = {
                             0x02, 0x03,
                                   0x01, 0x00, 0x01
 };
-static byte minSigAlg[] = {
+static const byte minSigAlg[] = {
     0x30, 0x0d,
           0x06, 0x09,
                 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
                 0x0b,
           0x05, 0x00
 };
-static byte minSig[] = {
+static const byte minSig[] = {
     0x03, 0x01,
           0x00
 };
@@ -15910,7 +18876,7 @@ static int add_seq(byte* certData, int offset, byte* data, byte length)
     certData[offset++] = length;
     return offset + length;
 }
-static int add_data(byte* certData, int offset, byte* data, byte length)
+static int add_data(byte* certData, int offset, const byte* data, byte length)
 {
     XMEMCPY(certData + offset, data, length);
     return offset + length;
@@ -15959,7 +18925,7 @@ static wc_test_ret_t cert_asn1_test(void)
     InitDecodedCert(&cert, badCert, len[0], 0);
     ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
     FreeDecodedCert(&cert);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
     XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -15967,8 +18933,72 @@ static wc_test_ret_t cert_asn1_test(void)
     ret = 0;
 
 done:
-    if (badCert != NULL)
-        XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+
+static wc_test_ret_t cert_load_bad(const char* fname, byte* tmp, int err)
+{
+    wc_test_ret_t ret;
+    DecodedCert   cert;
+    XFILE         file;
+    size_t        bytes;
+
+    if ((fname == NULL) || (tmp == NULL)) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+    file = XFOPEN(fname, "rb");
+    if (!file) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
+    }
+    bytes = XFREAD(tmp, 1, FOURK_BUF, file);
+    XFCLOSE(file);
+    if (bytes == 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
+    }
+    InitDecodedCert(&cert, tmp, (word32)bytes, 0);
+    ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
+    FreeDecodedCert(&cert);
+    if (ret != err) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    }
+    ret = 0;
+
+done:
+    return ret;
+}
+
+static wc_test_ret_t cert_bad_asn1_test(void)
+{
+    wc_test_ret_t ret = 0;
+    byte*       tmp;
+
+    tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmp == NULL) {
+        ret = WC_TEST_RET_ENC_ERRNO;
+    }
+
+#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
+    if (ret == 0) {
+        /* Serial number: 0xff 0xa8. 0xff and top bit set on next byte invalid.
+         */
+        ret = cert_load_bad(certBadNegInt, tmp, ASN_EXPECT_0_E);
+    }
+#endif
+    if (ret == 0) {
+        /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */
+        ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E);
+    }
+#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT)
+    if (ret == 0) {
+        /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set.
+         */
+        ret = cert_load_bad(certBadUtf8, tmp, ASN_PARSE_E);
+    }
+#endif
+
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
     return ret;
 }
 
@@ -15980,6 +19010,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
     size_t      bytes;
     XFILE       file;
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("cert_test");
+
 
     tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmp == NULL)
@@ -16030,7 +19062,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #else
-    if (ret != ASN_CRIT_EXT_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
     ret = 0;
@@ -16043,13 +19075,15 @@ done:
 
     if (ret == 0)
         ret = cert_asn1_test();
+    if (ret == 0)
+        ret = cert_bad_asn1_test();
 
     return ret;
 }
 #endif /* WOLFSSL_TEST_CERT */
 
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
 {
     DecodedCert cert;
@@ -16082,6 +19116,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     /* created from rsa_test : cert.der */
     byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
                     "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
+    WOLFSSL_ENTER("certext_test");
 
     tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmp == NULL)
@@ -16106,11 +19141,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* check the SKID from a RSA certificate */
-    if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
+    if ((sizeof(skid_rsa) - 1 != cert.extSubjKeyIdSz) ||
+        (XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the AKID from an RSA certificate */
-    if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(akid_rsa) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(akid_rsa, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from an RSA certificate */
@@ -16157,7 +19194,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     /* check the SKID from a ECC certificate - generated dynamically */
 
     /* check the AKID from an ECC certificate */
-    if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(akid_ecc) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(akid_ecc, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from an ECC certificate */
@@ -16205,11 +19243,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* check the SKID from a CA certificate */
-    if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
+    if ((sizeof(kid_ca) - 1 != cert.extSubjKeyIdSz) ||
+            (XMEMCMP(kid_ca, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the AKID from an CA certificate */
-    if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(kid_ca) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(kid_ca, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from CA certificate */
@@ -16241,7 +19281,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     return 0;
 }
 #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
-          !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
+          !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */
 
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
     defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
@@ -16252,6 +19292,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
     FILE* file;
     byte* der;
     word32 derSz;
+    WOLFSSL_ENTER("decodedCertCache_test");
 
     derSz = FOURK_BUF;
     der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -16286,7 +19327,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetSubjectBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -16300,7 +19341,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetSubjectRaw(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -16314,7 +19355,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetIssuerBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -16328,7 +19369,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetIssuerRaw(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -16343,7 +19384,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetAltNamesBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -16357,7 +19398,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetDatesBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -16372,7 +19413,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_NC;
@@ -16405,87 +19446,45 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     /* Parameter Validation testing. */
     ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != BAD_FUNC_ARG)
-#endif
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != BAD_FUNC_ARG)
-#endif
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != BAD_FUNC_ARG)
-#endif
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != BAD_FUNC_ARG)
-#endif
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != BAD_FUNC_ARG)
-#endif
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
+
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
+
     eSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != RSA_BUFFER_E)
-#endif
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
+
     eSz = sizeof(e);
     nSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#else
-    if (ret != RSA_BUFFER_E)
-#endif
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
 }
 #endif /* NO_ASN */
 
-#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
+#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
 static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 {
@@ -16503,54 +19502,54 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
     word32 zero = 0;
 
     ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
 
@@ -16560,7 +19559,7 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 
     return 0;
 }
-#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
+#endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
 
 #ifndef NO_SIG_WRAPPER
 static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
@@ -16589,100 +19588,95 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
 
     /* Parameter Validation testing. */
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     sigSz = (word32)modLen;
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
                                inLen, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                0, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, NULL, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, NULL, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, NULL, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, 0, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, NULL);
-#ifdef HAVE_USER_RSA
-    /* Implementation using IPP Libraries returns:
-     *     -101 = USER_CRYPTO_ERROR
-     */
-    if (ret == 0)
-#elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
+#if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
     /* blinding / rng handled with hardware acceleration */
     if (ret != 0)
 #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
     /* async may not require RNG */
     #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
-    if (ret != NO_VALID_DEVID)
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID))
     #else
-    if (ret != 0 && ret != MISSING_RNG_E)
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
     #endif
 #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
     /* FIPS140 implementation does not do blinding */
     if (ret != 0)
 #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
-    if (ret != SIG_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
 #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
     /* RNG is handled by hardware */
     if (ret != 0)
 #else
-    if (ret != MISSING_RNG_E)
+    if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
 #endif
         return WC_TEST_RET_ENC_EC(ret);
     sigSz = 0;
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
                              inLen, out, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              0, out, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, NULL, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, 0, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, (word32)modLen, NULL, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, (word32)modLen, key, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #ifndef HAVE_ECC
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
-    if (ret != SIG_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
@@ -16845,7 +19839,7 @@ static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte
 }
 #endif
 
-#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
+#if !defined(NO_ASN)
 static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 {
     wc_test_ret_t ret;
@@ -16901,17 +19895,17 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 
     /* Parameter Validation testing. */
     ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -16919,7 +19913,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #if defined(USE_INTEGER_HEAP_MATH)
     if (ret != 0)
 #else
-    if (ret != ASN_GETINT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -16933,7 +19927,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #if defined(USE_INTEGER_HEAP_MATH)
     if (ret != 0)
 #else
-    if (ret != ASN_GETINT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -16958,17 +19952,17 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     /* Parameter Validation testing. */
     inSz = sizeof(good);
     ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -16977,14 +19971,14 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inOutIdx = 2;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inOutIdx = 2;
     inSz = sizeof(goodAlgId) - inOutIdx;
     ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -16992,9 +19986,9 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(goodAlgId);
     ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
 #ifndef WOLFSSL_NO_DECODE_EXTRA
-    if (ret != ASN_PARSE_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
 #else
-    if (ret != ASN_RSA_KEY_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -17004,49 +19998,55 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(badAlgIdNull);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_EXPECT_0_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotBitString);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_BITSTR_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badBitStringLen);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoSeq);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoObj);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badIntN);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotIntE);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -17057,7 +20057,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #ifndef WOLFSSL_ASN_TEMPLATE
     if (ret != 0)
 #else
-    if (ret != ASN_PARSE_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -17072,7 +20072,9 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(badBitStrNoZero);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -17188,6 +20190,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || sig == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa_pss);
@@ -17200,7 +20206,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
         ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
-        digestSz = wc_HashGetDigestSize(hash[j]);
+        digestSz = (word32)wc_HashGetDigestSize(hash[j]);
 
 #ifdef WOLFSSL_SE050
         /* SE050 only supports MGF matched to same hash type */
@@ -17218,7 +20224,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                     ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
                         hash[j], mgf[i], -1, key, rng);
                 }
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             outSz = (word32)ret;
@@ -17236,7 +20242,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                     ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
                         mgf[i], -1, key);
                 }
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             plainSz = (word32)ret;
@@ -17273,7 +20279,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
                                 (byte**)&plain, hash[l], mgf[k], -1, key);
                         }
-                    } while (ret == WC_PENDING_E);
+                    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                     if (ret >= 0)
                         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
                 }
@@ -17287,7 +20293,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
 /* SE050 generates salts internally only of hash length */
 #ifndef WOLFSSL_SE050
     /* Test that a salt length of zero works. */
-    digestSz = wc_HashGetDigestSize(hash[0]);
+    digestSz = (word32)wc_HashGetDigestSize(hash[0]);
     outSz = RSA_TEST_BYTES;
     do {
     #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -17298,7 +20304,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], 0, key, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     outSz = (word32)ret;
@@ -17313,7 +20319,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
                 0, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     plainSz = (word32)ret;
@@ -17337,7 +20343,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                 hash[0], 0, 0, HEAP_HINT);
 #endif
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
@@ -17352,7 +20358,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
                 0, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     plainSz = (word32)ret;
@@ -17373,7 +20379,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
     /* Test bad salt lengths in various APIs. */
-    digestSz = wc_HashGetDigestSize(hash[0]);
+    digestSz = (word32)wc_HashGetDigestSize(hash[0]);
     outSz = RSA_TEST_BYTES;
 #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
     len = -2;
@@ -17389,8 +20395,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], len, key, rng);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
     do {
@@ -17400,10 +20406,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     #endif
         if (ret >= 0) {
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
-                mgf[0], digestSz + 1, key, rng);
+                mgf[0], (int)digestSz + 1, key, rng);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -17416,8 +20422,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
                 mgf[0], -2, key);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -17428,10 +20434,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     #endif
         if (ret >= 0) {
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
-                digestSz + 1, key);
+                (int)digestSz + 1, key);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -17451,28 +20457,28 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
                                     len, 0, HEAP_HINT);
 #endif
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #ifndef WOLFSSL_PSS_LONG_SALT
-    len = digestSz + 1;
+    len = (int)(digestSz + 1);
 #else
-    len = plainSz - digestSz - 1;
+    len = (int)(plainSz - digestSz - 1);
 #endif
 #if defined(HAVE_SELFTEST) && \
     (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
             ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
                                          hash[0], len);
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
             ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
                                          hash[0], len, 0);
-    if (ret != BAD_PADDING_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_PADDING_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #else
     ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
                                     len, 0, HEAP_HINT);
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #endif
 
@@ -17508,6 +20514,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WOLFSSL_ENTER("rsa_no_pad_test");
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (key == NULL || out == NULL || plain == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
@@ -17583,7 +20594,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
     }
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
-    inLen = wc_RsaEncryptSize(key);
+    inLen = (word32)wc_RsaEncryptSize(key);
     outSz   = inLen;
     plainSz = inLen;
     XMEMSET(tmp, 7, inLen);
@@ -17595,7 +20606,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
                     RSA_PRIVATE_ENCRYPT, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -17615,7 +20626,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
                     RSA_PUBLIC_DECRYPT, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -17628,7 +20639,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
 
 #ifdef WC_RSA_BLINDING
     ret = wc_RsaSetRNG(NULL, &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
@@ -17645,10 +20656,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
         ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
     #endif
         if (ret >= 0) {
-            ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng,
+            ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng,
                 WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -17661,10 +20672,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
         ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
     #endif
         if (ret >= 0) {
-            ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key,
+            ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key,
                 WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -17678,25 +20689,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
     /* test some bad arguments */
     ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
             &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
             &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
             &rng);
-    if (ret != LENGTH_ONLY_E || plainSz != inLen) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || plainSz != inLen) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
             RSA_PUBLIC_DECRYPT, &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
@@ -17738,6 +20749,12 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 #endif
+
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (out == NULL
     #ifndef WOLFSSL_RSA_PUBLIC_ONLY
@@ -17829,12 +20846,17 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
     outSz   = wc_RsaEncryptSize(key);
     XMEMSET(tmp, 7, plainSz);
     ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 
     ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif
@@ -17849,14 +20871,19 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
     /* test encrypt and decrypt using WC_RSA_NO_PAD */
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif /* WOLFSSL_RSA_VERIFY_ONLY */
 
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -17885,7 +20912,7 @@ exit_rsa_even_mod:
 }
 #endif /* WOLFSSL_HAVE_SP_RSA */
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
 static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -17997,11 +21024,11 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
         if (ret >= 0) {
             ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     }
-    certSz = (word32)ret;
+    certSz = (int)ret;
 
 #ifdef WOLFSSL_TEST_CERT
     InitDecodedCert(decode, der, certSz, HEAP_HINT);
@@ -18024,8 +21051,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     }
-
-#ifdef WOLFSSL_ALT_NAMES
+#if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
         /* Get CA Cert for testing */
     #ifdef USE_CERT_BUFFERS_1024
         XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
@@ -18044,6 +21070,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
             ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
     #endif /* USE_CERT_BUFFERS */
 
+    #if  defined(WOLFSSL_ALT_NAMES)
     #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
         !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
         ret = wc_SetAltNames(myCert, rsaCaCertFile);
@@ -18065,7 +21092,8 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     #endif
-#endif /* WOLFSSL_ALT_NAMES */
+    #endif /* WOLFSSL_ALT_NAMES */
+#endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */
 
     /* Get CA Key */
 #ifdef USE_CERT_BUFFERS_1024
@@ -18157,10 +21185,10 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
                       caKey, NULL, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
-    certSz = (word32)ret;
+    certSz = (int)ret;
 
 #ifdef WOLFSSL_TEST_CERT
     InitDecodedCert(decode, der, certSz, HEAP_HINT);
@@ -18186,8 +21214,7 @@ exit_rsa:
         XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #ifdef WOLFSSL_TEST_CERT
-    if (decode != NULL)
-        XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #else
     wc_FreeRsaKey(caKey);
@@ -18227,7 +21254,9 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
     word32      idx3 = 0;
 #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
     || !defined(USE_CERT_BUFFERS_256)
-    XFILE       file3;
+    #ifndef NO_FILESYSTEM
+        XFILE       file3;
+    #endif
 #endif
     wc_test_ret_t ret;
 
@@ -18280,20 +21309,29 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
     /* Get Cert Key */
-#ifdef USE_CERT_BUFFERS_256
-    XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
-    bytes3 = sizeof_ecc_key_pub_der_256;
-#else
-    file3 = XFOPEN(eccKeyPubFileDer, "rb");
-    if (!file3) {
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
+    #if defined(USE_CERT_BUFFERS_256)
+    {
+        XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
+        bytes3 = sizeof_ecc_key_pub_der_256;
     }
+    #elif !defined(NO_FILESYSTEM)
+    {
+        file3 = XFOPEN(eccKeyPubFileDer, "rb");
+        if (!file3) {
+            ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
+        }
 
-    bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
-    XFCLOSE(file3);
-    if (bytes3 == 0)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
-#endif
+        bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
+        XFCLOSE(file3);
+        if (bytes3 == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
+    }
+    #else
+    {
+        WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(1)");
+        ERROR_OUT(ASN_PARSE_E, exit_rsa);
+    }
+    #endif
 
     ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
     if (ret != 0)
@@ -18375,10 +21413,10 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
                               FOURK_BUF, caKey, NULL, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
-    certSz = (word32)ret;
+    certSz = (int)ret;
 
 #ifdef WOLFSSL_TEST_CERT
     InitDecodedCert(decode, der, certSz, 0);
@@ -18412,8 +21450,7 @@ exit_rsa:
         XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #ifdef WOLFSSL_TEST_CERT
-    if (decode != NULL)
-        XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #else
     wc_FreeRsaKey(caKey);
@@ -18441,12 +21478,17 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
     RsaKey genKey[1];
 #endif
     wc_test_ret_t ret;
+#ifndef WOLFSSL_NO_MALLOC
     byte*  der = NULL;
+#else
+    byte der[1280];
+#endif
 #ifndef WOLFSSL_CRYPTOCELL
     word32 idx = 0;
 #endif
     int    derSz = 0;
-#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    keySz = 1024;
 #else
     int    keySz = 2048;
@@ -18454,7 +21496,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if (! genKey)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
 
     XMEMSET(genKey, 0, sizeof *genKey);
@@ -18471,7 +21513,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
         ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #ifdef HAVE_FIPS
-        if (ret == PRIME_GEN_E)
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
             continue;
         break;
     }
@@ -18486,12 +21528,16 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #endif
+#ifndef WOLFSSL_NO_MALLOC
     der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (der == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
     }
-
-    derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
+    derSz = FOURK_BUF;
+#else
+    derSz = sizeof(der);
+#endif
+    derSz = wc_RsaKeyToDer(genKey, der, derSz);
     if (derSz < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
     }
@@ -18510,7 +21556,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 #ifndef WOLFSSL_CRYPTOCELL
     idx = 0;
     /* The private key part of the key gen pairs from cryptocell can't be exported */
-    ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
+    ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #endif /* WOLFSSL_CRYPTOCELL */
@@ -18526,10 +21572,10 @@ exit_rsa:
     wc_FreeRsaKey(genKey);
 #endif
 
-    if (der != NULL) {
-        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        der = NULL;
-    }
+#ifndef WOLFSSL_NO_MALLOC
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    der = NULL;
+#endif
 
     return ret;
 }
@@ -18537,8 +21583,7 @@ exit_rsa:
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
 #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
-    !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
-     (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS) || \
       (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
       && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
 static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
@@ -18555,6 +21600,10 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || plain == NULL)
         ERROR_OUT(MEMORY_E, exit_rsa);
@@ -18572,7 +21621,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -18587,7 +21636,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -18608,7 +21657,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -18623,7 +21672,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -18642,7 +21691,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
                 WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     if (ret != (int)inLen) {
@@ -18664,7 +21713,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -18683,7 +21732,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret > 0) { /* in this case decrypt should fail */
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
     }
@@ -18701,7 +21750,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -18716,7 +21765,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -18737,7 +21786,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                     WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         TEST_SLEEP();
@@ -18755,7 +21804,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                     WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
                     in, inLen);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret > 0) { /* should fail */
             ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
         }
@@ -18780,7 +21829,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         TEST_SLEEP();
@@ -18795,7 +21844,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -18817,7 +21866,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -18832,7 +21881,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -18863,19 +21912,24 @@ exit_rsa:
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 {
     wc_test_ret_t ret;
-    size_t bytes;
+    size_t bytes = 0;
     WC_RNG rng;
+#if !defined(WOLFSSL_NO_MALLOC)
+    byte*  der = NULL;
+#endif
+#if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
+    Cert  *req = NULL;
+#endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte*  tmp = NULL;
-    byte*  der = NULL;
-    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *key = NULL;
 #else
     RsaKey key[1];
     byte tmp[FOURK_BUF];
 #endif
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *keypub = NULL;
 #else
     RsaKey keypub[1];
 #endif
@@ -18915,34 +21969,50 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
 
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
+    WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+
+    WOLFSSL_ENTER("rsa_test");
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || plain == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
 
     XMEMCPY(in, inStr, inLen);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    key = wc_NewRsaKey(HEAP_HINT, devId, &ret);
     if (key == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
+    keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret);
     if (keypub == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #endif
 #ifdef WOLFSSL_TEST_CERT
     if (cert == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
-#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
+#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
+
+    ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
+#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
+    ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
+#endif
+
+#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
 
     /* initialize stack structures */
     XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(key, 0, sizeof *key);
-#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
-    XMEMSET(keypub, 0, sizeof *keypub);
-#endif
 
-#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
+#if !defined(NO_ASN)
     ret = rsa_decode_test(key);
     if (ret != 0)
         ERROR_OUT(ret, exit_rsa);
@@ -19056,7 +22126,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -19079,7 +22149,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -19095,7 +22165,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     if (ret != (int)inLen) {
@@ -19113,14 +22183,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
 
 #elif defined(WOLFSSL_PUBLIC_MP)
     {
-        static byte signature_2048[] = {
+        static const byte signature_2048[] = {
             0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
             0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
             0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
@@ -19160,8 +22230,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif
 
 #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
-    ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
-    defined(WOLFSSL_PUBLIC_MP))  && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     idx = (word32)ret;
     XMEMSET(plain, 0, plainSz);
     do {
@@ -19194,7 +22264,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
             }
 #endif
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -19206,30 +22276,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
-    #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
-        (!defined(HAVE_FIPS) || \
+    #if (!defined(HAVE_FIPS) || \
          (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
          && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     ret = rsa_oaep_padding_test(key, &rng);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 
-    #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
+    #endif /* !HAVE_FIPS */
     #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
 #endif /* WOLFSSL_RSA_VERIFY_ONLY */
 
-#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
+#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_export_key_test(key);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 #endif
 
 #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
                                                !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_flatten_test(key);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 #endif
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
@@ -19239,9 +22308,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif
 
 #ifdef WOLFSSL_TEST_CERT
-#if defined(WOLFSSL_MDK_ARM)
-    #define sizeof(s) XSTRLEN((char *)(s))
-#endif
 
 #ifdef USE_CERT_BUFFERS_1024
     XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
@@ -19270,9 +22336,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
 #endif
 
-#ifdef sizeof
-    #undef sizeof
-#endif
     InitDecodedCert(cert, tmp, (word32)bytes, NULL);
 
     ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
@@ -19342,7 +22405,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         goto exit_rsa;
 #endif
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+    !defined(WOLFSSL_NO_MALLOC)
     /* Make Cert / Sign example for RSA cert and RSA CA */
     ret = rsa_certgen_test(key, keypub, &rng, tmp);
     if (ret != 0)
@@ -19356,11 +22420,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
     {
-        Cert        *req;
         int         derSz;
-#ifndef WOLFSSL_SMALL_STACK
-        byte*  der = NULL;
-#endif
 
         req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (! req)
@@ -19439,10 +22499,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
                 ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
                           key, NULL, &rng);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
-        derSz = (word32)ret;
+        derSz = (int)ret;
 
         ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
                             CERTREQ_TYPE);
@@ -19463,8 +22523,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         }
 
         XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         der = NULL;
+        XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        req = NULL;
     }
 #endif /* WOLFSSL_CERT_REQ */
 #endif /* WOLFSSL_CERT_GEN */
@@ -19491,23 +22552,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 exit_rsa:
 
+#if !defined(WOLFSSL_NO_MALLOC)
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if defined(WOLFSSL_CERT_REQ)
+    XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+#endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (key != NULL) {
-        wc_FreeRsaKey(key);
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    wc_DeleteRsaKey(key, &key);
     #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
-    if (keypub != NULL) {
-        wc_FreeRsaKey(keypub);
-        XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    wc_DeleteRsaKey(keypub, &keypub);
     #endif
     #ifdef WOLFSSL_TEST_CERT
-    if (cert != NULL)
-        XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-     XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_FreeRsaKey(key);
     #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
@@ -19649,22 +22708,22 @@ static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
 
     /* Parameter Validation testing. */
     ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
 
     ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
@@ -19718,7 +22777,7 @@ static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
     /* Taint the public key so the check fails. */
     pub[0]++;
     ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
-    if (ret != MP_CMP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_CMP_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
 
@@ -19796,28 +22855,28 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng)
 
     /* Parameter Validation testing. */
     ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     wc_FreeDhKey(NULL);
 
     ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
@@ -19853,6 +22912,11 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng)
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
 
+        /* should fail since modSz is 16 and group size is 20 */
+        ret = wc_DhGenerateParams(rng, 128, smallKey);
+        if (ret == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
+
         ret = wc_DhGenerateParams(rng, 2056, smallKey);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
@@ -19874,8 +22938,7 @@ exit_gen_test:
         wc_FreeDhKey(smallKey);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (smallKey != NULL)
-        XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -19902,36 +22965,42 @@ static wc_test_ret_t dh_test_check_pubvalue(void)
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
-    const dh_pubvalue_test dh_pubval_fail[] = {
-        { prime, sizeof(prime) },
-        { pubValZero, sizeof(pubValZero) },
-        { pubValZeroLong, sizeof(pubValZeroLong) },
-        { pubValOne, sizeof(pubValOne) },
-        { pubValOneLong, sizeof(pubValOneLong) },
-        { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
-        { pubValPrimeLong, sizeof(pubValPrimeLong) },
-        { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
-        { pubValTooBig0, sizeof(pubValTooBig0) },
-        { pubValTooBig1, sizeof(pubValTooBig1) },
-        { pubValTooLong, sizeof(pubValTooLong) },
-    };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
-    const dh_pubvalue_test dh_pubval_pass[] = {
-        { pubValTwo, sizeof(pubValTwo) },
-        { pubValTwoLong, sizeof(pubValTwoLong) },
-        { pubValGood, sizeof(pubValGood) },
-        { pubValGoodLen, sizeof(pubValGoodLen) },
-        { pubValGoodLong, sizeof(pubValGoodLong) },
-    };
+    dh_pubvalue_test dh_pubval_fail[11];
+    dh_pubvalue_test dh_pubval_pass[5];
+
+    #define INIT_PUBVAL_FAIL(i,y) dh_pubval_fail[i].data = y; dh_pubval_fail[i].len = sizeof(y)
+    #define INIT_PUBVAL_PASS(i,y) dh_pubval_pass[i].data = y; dh_pubval_pass[i].len = sizeof(y)
+
+    INIT_PUBVAL_FAIL(0, prime);
+    INIT_PUBVAL_FAIL(1, pubValZero);
+    INIT_PUBVAL_FAIL(2, pubValZeroLong);
+    INIT_PUBVAL_FAIL(3, pubValOne);
+    INIT_PUBVAL_FAIL(4, pubValOneLong);
+    INIT_PUBVAL_FAIL(5, pubValPrimeMinusOne);
+    INIT_PUBVAL_FAIL(6, pubValPrimeLong);
+    INIT_PUBVAL_FAIL(7, pubValPrimePlusOne);
+    INIT_PUBVAL_FAIL(8, pubValTooBig0);
+    INIT_PUBVAL_FAIL(9, pubValTooBig1);
+    INIT_PUBVAL_FAIL(10, pubValTooLong);
+
+    INIT_PUBVAL_PASS(0, pubValTwo);
+    INIT_PUBVAL_PASS(1, pubValTwoLong);
+    INIT_PUBVAL_PASS(2, pubValGood);
+    INIT_PUBVAL_PASS(3, pubValGoodLen);
+    INIT_PUBVAL_PASS(4, pubValGoodLong);
+
+    #undef INIT_PUBVAL_FAIL
+    #undef INIT_PUBVAL_PASS
 
     for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
         ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
                                                          dh_pubval_fail[i].len);
-        if (ret != MP_VAL)
+        if (ret != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -20027,7 +23096,11 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifdef HAVE_PUBLIC_FFDHE
-    ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
+    /* use wc_DhSetKey_ex(), not wc_DhSetKey(), so that trusted=0 is passed to
+     * _DhSetKey(), exercising the primality check on the modulus:
+     */
+    ret = wc_DhSetKey_ex(key, params->p, params->p_len, params->g,
+                         params->g_len, NULL /* q */, 0 /* qSz */);
 #else
     ret = wc_DhSetNamedKey(key, name);
 #endif
@@ -20035,8 +23108,8 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifdef HAVE_PUBLIC_FFDHE
-    ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
-                                                                 params->g_len);
+    ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g,
+                         params->g_len, NULL /* q */, 0 /* qSz */);
 #else
     ret = wc_DhSetNamedKey(key2, name);
 #endif
@@ -20086,7 +23159,9 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 
@@ -20094,14 +23169,20 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 
 #ifndef HAVE_SELFTEST
     ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
-            ret != ASYNC_OP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_CMP_E) &&
+        ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 #endif
@@ -20114,18 +23195,12 @@ done:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
     !defined(WC_NO_RNG)
-    if (priv)
-        XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub)
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (priv2)
-        XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub2)
-        XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree)
-        XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree2)
-        XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (key) {
         wc_FreeDhKey(key);
         XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -20149,7 +23224,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 {
     wc_test_ret_t ret;
     word32 bytes;
-    word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
+    word32 idx = 0;
+    word32 privSz = 0;
+    word32 pubSz = 0;
+    word32 privSz2 = 0;
+    word32 pubSz2 = 0;
 #ifndef WC_NO_RNG
     WC_RNG rng;
     int rngInit = 0;
@@ -20171,10 +23250,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
     DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte  *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))))
+    byte *tmp2 = NULL;
+    #endif
 #else
     DhKey key[1];
     DhKey key2[1];
     byte  tmp[DH_TEST_TMP_SIZE];
+    #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))))
+    byte  tmp2[DH_TEST_TMP_SIZE];
+    #endif
 #endif
 
 #ifndef WC_NO_RNG
@@ -20199,6 +23288,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 #endif
 #endif /* !WC_NO_RNG */
 
+    WOLFSSL_ENTER("dh_test");
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if (key == NULL || key2 == NULL || tmp == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
@@ -20335,11 +23426,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
     if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
+
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \
+            !defined(HAVE_SELFTEST)
+    agreeSz = DH_TEST_BUF_SIZE;
+    agreeSz2 = DH_TEST_BUF_SIZE;
+
+    ret = wc_DhAgree_ct(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    ret = wc_DhAgree_ct(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+#ifdef WOLFSSL_PUBLIC_MP
+    if (agreeSz != (word32)mp_unsigned_bin_size(&key->p))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+#endif
+
+    if (agreeSz != agreeSz2)
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+
+    if (XMEMCMP(agree, agree2, agreeSz) != 0)
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
+
 #endif /* !WC_NO_RNG */
 
 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     ret = wc_DhCheckPrivKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_DhCheckPrivKey(key, priv, privSz);
@@ -20347,12 +23470,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     {
         word32 pSz, qSz, gSz;
         ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 #endif
@@ -20369,12 +23492,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 #ifndef NO_ASN
     {
         /* DH Private - Key Export / Import */
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        byte *tmp2;
-    #else
-        byte  tmp2[DH_TEST_TMP_SIZE];
-    #endif
-
     #if defined(USE_CERT_BUFFERS_2048)
         XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048);
         bytes = sizeof_dh_ffdhe_statickey_der_2048;
@@ -20442,10 +23559,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
         if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_NC, done);
         }
-
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
     }
 #else
     ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
@@ -20546,20 +23659,18 @@ done:
             wc_FreeDhKey(key2);
         XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (tmp)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (priv)
-        XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub)
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (priv2)
-        XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (pub2)
-        XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree)
-        XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (agree2)
-        XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))))
+    XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     if (keyInit)
         wc_FreeDhKey(key);
@@ -20607,6 +23718,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
     DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
+    WOLFSSL_ENTER("dsa_test");
+
 
     if ((tmp == NULL) ||
         (key == NULL)
@@ -20725,7 +23838,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
     derIn_inited = 1;
 
     idx = 0;
-    ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz);
+    ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, (word32)derSz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     }
@@ -20734,13 +23847,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
   out:
 
 #ifdef WOLFSSL_KEY_GEN
-    if (der)
-        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (tmp)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (key) {
         if (key_inited)
             wc_FreeDsaKey(key);
@@ -20931,14 +24042,10 @@ static wc_test_ret_t srp_test_digest(SrpType dgstType)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   out:
 
-    if (cli)
-        XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (srv)
-        XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (clientProof)
-        XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (serverProof)
-        XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return r;
@@ -20947,6 +24054,7 @@ static wc_test_ret_t srp_test_digest(SrpType dgstType)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void)
 {
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("srp_test");
 
 #ifndef NO_SHA
     ret = srp_test_digest(SRP_TYPE_SHA);
@@ -21000,14 +24108,14 @@ static wc_test_ret_t openssl_aes_test(void)
         WOLFSSL_SMALL_STACK_STATIC const byte iv[]  =
             "1234567890abcdef   ";  /* align */
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -21018,25 +24126,25 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                     (byte*)&cbcPlain[9]  , 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -21044,34 +24152,34 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != 32)
             return 3408;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[6], 12) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[6+12], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -21083,29 +24191,29 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(plain, cbcPlain, 18))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         /* test with encrypting/decrypting more than 16 bytes at once */
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, 17) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                     (byte*)&cbcPlain[17]  , 1) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -21113,38 +24221,38 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != 32)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
         /* final call on non block size should fail */
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[17], 1) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[17+1], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -21157,42 +24265,42 @@ static wc_test_ret_t openssl_aes_test(void)
             return WC_TEST_RET_ENC_NC;
 
         /* test byte by byte decrypt */
-        for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
+        for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) {
             plain[i] = i;
         }
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
-                    (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+                    (byte*)plain, WC_AES_BLOCK_SIZE * 3) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (outlen != AES_BLOCK_SIZE * 3)
+        if (outlen != WC_AES_BLOCK_SIZE * 3)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (outlen != AES_BLOCK_SIZE)
+        if (outlen != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
         if (total != sizeof(plain))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
-            if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
+        for (i = 0; i < WC_AES_BLOCK_SIZE * 4; i++) {
+            if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
                         (byte*)cipher + i, 1) == 0)
                 return WC_TEST_RET_ENC_NC;
 
@@ -21208,19 +24316,19 @@ static wc_test_ret_t openssl_aes_test(void)
             }
         }
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
-        if (total != AES_BLOCK_SIZE * 3) {
+        if (total != WC_AES_BLOCK_SIZE * 3) {
             return WC_TEST_RET_ENC_NC;
         }
-        for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
+        for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) {
             if (plain[i] != i) {
                 return WC_TEST_RET_ENC_NC;
             }
         }
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(en);
@@ -21254,11 +24362,11 @@ static wc_test_ret_t openssl_aes_test(void)
         byte plain [EVP_TEST_BUF_SZ];
         byte padded[EVP_TEST_BUF_PAD];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -21268,13 +24376,13 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
@@ -21282,45 +24390,45 @@ static wc_test_ret_t openssl_aes_test(void)
         total += outlen;
 
         /* should fail here */
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         /* turn padding back on and do successful encrypt */
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)padded, &outlen,
                     (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
         if (total != 32)
             return WC_TEST_RET_ENC_NC;
         XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         /* test out of bounds read on buffers w/o padding during decryption */
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 0) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
                     EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
@@ -21328,31 +24436,31 @@ static wc_test_ret_t openssl_aes_test(void)
         total += outlen;
 
         /* should fail since not using padding */
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 1) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
                     EVP_TEST_BUF_PAD) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(en);
@@ -21362,9 +24470,9 @@ static wc_test_ret_t openssl_aes_test(void)
 
     {  /* evp_cipher test: EVP_aes_128_cbc */
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
 
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
@@ -21384,37 +24492,37 @@ static wc_test_ret_t openssl_aes_test(void)
         WOLFSSL_SMALL_STACK_STATIC const byte iv[]  =
             "1234567890abcdef   ";  /* align */
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         if (ctx == NULL)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(ctx);
@@ -21428,9 +24536,9 @@ static wc_test_ret_t openssl_aes_test(void)
 #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
     {  /* evp_cipher test: EVP_aes_256_ecb*/
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
         {
@@ -21453,32 +24561,32 @@ static wc_test_ret_t openssl_aes_test(void)
         };
 
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         if (ctx == NULL)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -21492,14 +24600,14 @@ static wc_test_ret_t openssl_aes_test(void)
     {
         /* Test: AES_encrypt/decrypt/set Key */
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
         #ifdef HAVE_AES_DECRYPT
-        AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
         #endif
 #else
-        AES_KEY enc[1];
+        WOLFSSL_AES_KEY enc[1];
         #ifdef HAVE_AES_DECRYPT
-        AES_KEY dec[1];
+        WOLFSSL_AES_KEY dec[1];
         #endif
 #endif
 
@@ -21535,18 +24643,18 @@ static wc_test_ret_t openssl_aes_test(void)
         #endif
 #endif
 
-        AES_set_encrypt_key(key, sizeof(key)*8, enc);
-        AES_set_decrypt_key(key,  sizeof(key)*8, dec);
+        wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc);
+        wolfSSL_AES_set_decrypt_key(key,  sizeof(key)*8, dec);
 
-        AES_encrypt(msg, cipher, enc);
+        wolfSSL_AES_encrypt(msg, cipher, enc);
 
         #ifdef HAVE_AES_DECRYPT
-        AES_decrypt(cipher, plain, dec);
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        wolfSSL_AES_decrypt(cipher, plain, dec);
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
         #endif /* HAVE_AES_DECRYPT */
 
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -21673,17 +24781,17 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
 #ifdef WOLFSSL_AES_128
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *p_en;
-        EVP_CIPHER_CTX *p_de;
+        WOLFSSL_EVP_CIPHER_CTX *p_en;
+        WOLFSSL_EVP_CIPHER_CTX *p_de;
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -21691,20 +24799,20 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@@ -21712,9 +24820,9 @@ static wc_test_ret_t openssl_aes_test(void)
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -21725,18 +24833,18 @@ static wc_test_ret_t openssl_aes_test(void)
         if (p_de == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
-        if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
+        if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
+        if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@@ -21748,24 +24856,24 @@ static wc_test_ret_t openssl_aes_test(void)
         wolfSSL_EVP_CIPHER_CTX_free(p_de);
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-        if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -21773,9 +24881,9 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(cipherBuff, ctrCipher, 9))
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -21790,21 +24898,21 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_192_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
                 (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_192_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
             (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         XMEMSET(plainBuff, 0, sizeof(plainBuff));
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
@@ -21819,21 +24927,21 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_192 */
 
 #ifdef WOLFSSL_AES_256
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_256_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
             (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_256_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
             (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         XMEMSET(plainBuff, 0, sizeof(plainBuff));
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
@@ -21860,11 +24968,11 @@ static wc_test_ret_t openssl_aes_test(void)
 #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-        AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #else
-        AES_KEY enc[1];
-        AES_KEY dec[1];
+        WOLFSSL_AES_KEY enc[1];
+        WOLFSSL_AES_KEY dec[1];
 #endif
 
         WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
@@ -21894,8 +25002,8 @@ static wc_test_ret_t openssl_aes_test(void)
             0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
         };
 
-        byte cipher[AES_BLOCK_SIZE * 2];
-        byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
+        byte cipher[WC_AES_BLOCK_SIZE * 2];
+        byte iv[WC_AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
         int  num = 0;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -21907,20 +25015,20 @@ static wc_test_ret_t openssl_aes_test(void)
         wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
         wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
 
-        wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
-                &num, AES_ENCRYPT);
+        wolfSSL_AES_cfb128_encrypt(msg, cipher, WC_AES_BLOCK_SIZE - 1, enc, iv,
+                &num, AES_ENCRYPTION);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE - 1))
             return WC_TEST_RET_ENC_NC;
 
         if (num != 15) /* should have used 15 of the 16 bytes */
             return WC_TEST_RET_ENC_NC;
 
-        wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
-                cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
-                &num, AES_ENCRYPT);
+        wolfSSL_AES_cfb128_encrypt(msg + WC_AES_BLOCK_SIZE - 1,
+                cipher + WC_AES_BLOCK_SIZE - 1, WC_AES_BLOCK_SIZE + 1, enc, iv,
+                &num, AES_ENCRYPTION);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
             return WC_TEST_RET_ENC_NC;
 
         if (num != 0)
@@ -21938,16 +25046,60 @@ static wc_test_ret_t openssl_aes_test(void)
     return 0;
 }
 
+#endif /* !NO_AES && !WOLFCRYPT_ONLY */
 
-#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 {
     wc_test_ret_t ret;
-    EVP_MD_CTX md_ctx;
+#ifdef WOLFSSL_SMALL_STACK
+    WOLFSSL_EVP_MD_CTX *md_ctx = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
+    WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *p_en = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *p_de = wolfSSL_EVP_CIPHER_CTX_new();
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+    WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #ifdef HAVE_AES_DECRYPT
+    WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #endif
+    #endif /* !NO_AES && !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
+#else
+    WOLFSSL_EVP_MD_CTX md_ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX en[1];
+    WOLFSSL_EVP_CIPHER_CTX de[1];
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+    WOLFSSL_AES_KEY enc[1];
+    #ifdef HAVE_AES_DECRYPT
+    WOLFSSL_AES_KEY dec[1];
+    #endif
+    #endif /* !NO_AES */
+#endif
     testVector a, b, c, d, e, f;
     byte       hash[WC_SHA256_DIGEST_SIZE*2];  /* max size */
 
+#ifdef WOLFSSL_SMALL_STACK
+    if ((md_ctx == NULL) || (ctx == NULL) || (en == NULL) || (de == NULL) ||
+        (p_en == NULL) || (p_de == NULL)
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+        || (enc == NULL)
+    #ifdef HAVE_AES_DECRYPT
+        || (dec == NULL)
+    #endif
+    #endif
+        )
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
+    }
+#endif
+
+    WOLFSSL_ENTER("openssl_test");
+
     a.inLen = 0;
     b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
 
@@ -21962,13 +25114,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     {
         byte* p;
 
-        p = (byte*)CRYPTO_malloc(10, "", 0);
+        p = (byte*)wolfSSL_CRYPTO_malloc(10, "", 0);
 
         if (p == NULL) {
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        } else {
+            XMEMSET(p, 0, 10);
+            wolfSSL_CRYPTO_free(p, "", 0);
         }
-        XMEMSET(p, 0, 10);
-        CRYPTO_free(p, "", 0);
     }
 
 #ifndef NO_MD5
@@ -21979,19 +25132,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     a.inLen  = XSTRLEN(a.input);
     a.outLen = WC_MD5_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_md5());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_md5());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
     }
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestFinal(&md_ctx, hash, 0);
+        ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* NO_MD5 */
 
 #ifndef NO_SHA
@@ -22003,18 +25156,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     b.inLen  = XSTRLEN(b.input);
     b.outLen = WC_SHA_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha1());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha1());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(hash, b.output, b.outLen) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* NO_SHA */
 
 #ifdef WOLFSSL_SHA224
@@ -22025,16 +25178,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_SHA224 */
 
@@ -22046,16 +25199,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* !NO_SHA256 */
 
@@ -22069,16 +25222,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA384_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha384());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha384());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_SHA384 */
 
@@ -22093,16 +25246,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha512());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
 #if !defined(WOLFSSL_NOSHA512_224) && \
@@ -22115,16 +25268,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha512_224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
 
@@ -22138,16 +25291,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha512_256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
 #endif /* WOLFSSL_SHA512 */
@@ -22161,16 +25314,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA3_224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha3_224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_NOSHA3_224 */
 
@@ -22183,16 +25336,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA3_256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha3_256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_NOSHA3_256 */
 
@@ -22205,16 +25358,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA3_384_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha3_384());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_384());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
 #ifndef WOLFSSL_NOSHA3_512
@@ -22228,24 +25381,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA3_512_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(&md_ctx);
-    ret = EVP_DigestInit(&md_ctx, EVP_sha3_512());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_512());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(&md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(&md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS ||
             XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_NOSHA3_512 */
 #endif /* WOLFSSL_SHA3 */
 
 #ifndef WC_NO_RNG
-    if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
 #ifndef NO_MD5
@@ -22257,15 +25410,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 
 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
     /* Expect failure with MD5 + HMAC when using FIPS 140-3. */
-    if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
+    if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
             hash, 0) != NULL)
 #else
-    if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
+    if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
             hash, 0) == NULL ||
         XMEMCMP(hash, c.output, c.outLen) != 0)
 #endif
     {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* NO_MD5 */
 
@@ -22278,51 +25431,46 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     };
     byte plain[24];
     byte cipher[24];
-    const_DES_cblock key = {
+    WOLFSSL_const_DES_cblock key = {
         0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
     };
-    DES_cblock iv = {
+    WOLFSSL_DES_cblock iv = {
         0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
     };
-    DES_key_schedule sched;
+    WOLFSSL_DES_key_schedule sched;
     WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
         0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
         0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
         0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
     };
 
-    DES_key_sched(&key, &sched);
+    wolfSSL_DES_key_sched(&key, &sched);
 
-    DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
-    DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
+    wolfSSL_DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, WC_DES_ENCRYPT);
+    wolfSSL_DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, WC_DES_DECRYPT);
 
     if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         /* test changing iv */
-    DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
-    DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
+    wolfSSL_DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, WC_DES_ENCRYPT);
+    wolfSSL_DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, WC_DES_ENCRYPT);
 
     if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     }  /* end des test */
 #endif /* NO_DES3 */
 
 #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
     if ((ret = openssl_aes_test()) != 0) {
-        return ret;
+        ERROR_OUT(ret, out);
     }
 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
     {   /* evp_cipher test: EVP_aes_128_cbc */
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
-#else
-        EVP_CIPHER_CTX ctx[1];
-#endif
         int idx, cipherSz, plainSz;
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
             0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
@@ -22345,45 +25493,40 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
             "0123456789abcdef   ";  /* align */
         WOLFSSL_SMALL_STACK_STATIC const byte iv[]  =
             "1234567890abcdef   ";  /* align */
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        if (ctx == NULL)
-            return MEMORY_E;
-#endif
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
         cipherSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
+            ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         /* check partial decrypt (not enough padding for full block) */
         plainSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
             /* this test should fail... not enough padding for full block */
-            ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
             if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
                 ret = WOLFSSL_SUCCESS;
             else
@@ -22391,61 +25534,52 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         }
         else
             ret = WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return ret;
+            ERROR_OUT(ret, out);
 
         plainSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         cipherSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, msg, WC_AES_BLOCK_SIZE);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
-            return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        wolfSSL_EVP_CIPHER_CTX_free(ctx);
-#endif
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }  /* end evp_cipher test: EVP_aes_128_cbc*/
 #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
 
 #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
     {   /* evp_cipher test: EVP_aes_256_ecb*/
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
-#else
-        EVP_CIPHER_CTX ctx[1];
-#endif
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
           0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
           0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
@@ -22460,37 +25594,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
           0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
           0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
         };
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        if (ctx == NULL)
-            return MEMORY_E;
-#endif
-
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
-        EVP_CIPHER_CTX_cleanup(ctx);
+            ret = wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != 16)
-            return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_Cipher(ctx, plain, cipher, 16);
-        EVP_CIPHER_CTX_cleanup(ctx);
+            ret = wolfSSL_EVP_Cipher(ctx, plain, cipher, 16);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != 16)
-            return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
-            return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        wolfSSL_EVP_CIPHER_CTX_free(ctx);
-#endif
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }  /* end evp_cipher test */
 #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
 
@@ -22501,18 +25626,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 {
 
   /* Test: AES_encrypt/decrypt/set Key */
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-  AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #ifdef HAVE_AES_DECRYPT
-  AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #endif
-#else
-  AES_KEY enc[1];
-  #ifdef HAVE_AES_DECRYPT
-  AES_KEY dec[1];
-  #endif
-#endif
-
   WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
   {
       0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
@@ -22538,35 +25651,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 
   printf("openSSL extra test\n") ;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-  if (enc == NULL)
-      return MEMORY_E;
-  #ifdef HAVE_AES_DECRYPT
-  if (dec == NULL)
-      return MEMORY_E;
-  #endif
-#endif
+  wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc);
+  wolfSSL_AES_set_decrypt_key(key, sizeof(key)*8, dec);
 
-  AES_set_encrypt_key(key, sizeof(key)*8, enc);
-  AES_set_decrypt_key(key,  sizeof(key)*8, dec);
-
-  AES_encrypt(msg, cipher, enc);
+  wolfSSL_AES_encrypt(msg, cipher, enc);
 
 #ifdef HAVE_AES_DECRYPT
-  AES_decrypt(cipher, plain, dec);
-  if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
-      return WC_TEST_RET_ENC_NC;
+  wolfSSL_AES_decrypt(cipher, plain, dec);
+  if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
+      ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* HAVE_AES_DECRYPT */
 
-  if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
-      return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-  XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #ifdef HAVE_AES_DECRYPT
-  XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #endif
-#endif
+  if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
+      ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 }
 
 #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
@@ -22621,12 +25718,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
         0xc2
     };
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *p_en;
-    EVP_CIPHER_CTX *p_de;
-#endif
-
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
@@ -22690,168 +25781,143 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     };
 #endif /* WOLFSSL_AES_256 */
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-    EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
-    if ((en == NULL) || (de == NULL))
-        return MEMORY_E;
-#else
-    EVP_CIPHER_CTX en[1];
-    EVP_CIPHER_CTX de[1];
-#endif
-
 #ifdef WOLFSSL_AES_128
 
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
-    if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
+    if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    p_en = wolfSSL_EVP_CIPHER_CTX_new();
-    if (p_en == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-    p_de = wolfSSL_EVP_CIPHER_CTX_new();
-    if (p_de == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-
-    if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
+    if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(p_en);
-    EVP_CIPHER_CTX_cleanup(p_de);
-
-    wolfSSL_EVP_CIPHER_CTX_free(p_en);
-    wolfSSL_EVP_CIPHER_CTX_free(p_de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(p_en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(p_de);
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-    if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
-    if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
+    if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
         (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
         (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctrPlain, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(cipherBuff, ctrCipher, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctrPlain, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(cipherBuff, oddCipher, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_192_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
             (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_192_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
         (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     XMEMSET(plainBuff, 0, sizeof(plainBuff));
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_192 */
 
 #ifdef WOLFSSL_AES_256
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_256_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
         (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_256_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
         (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     XMEMSET(plainBuff, 0, sizeof(plainBuff));
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_256 */
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    wolfSSL_EVP_CIPHER_CTX_free(en);
-    wolfSSL_EVP_CIPHER_CTX_free(de);
-#endif
 }
 #endif /* HAVE_AES_COUNTER */
 
@@ -22875,257 +25941,278 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         byte key[] = "0123456789abcdef   ";  /* align */
         byte iv[]  = "1234567890abcdef   ";  /* align */
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
-#else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
-#endif
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
         int outlen ;
         int total = 0;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        if ((en == NULL) || (de == NULL))
-            return MEMORY_E;
-#endif
-
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         /* openSSL compatibility, if(inlen == 0)return 1; */
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                                                     (byte*)cbcPlain, 0) != 1)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                                                     (byte*)cbcPlain, 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                                                 (byte*)&cbcPlain[9]  , 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
         if(total != 32)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                                                     (byte*)&cipher[6], 12) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                                                 (byte*)&cipher[6+12], 14) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 2)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
         if(total != 18)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (XMEMCMP(plain, cbcPlain, 18))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         total = 0;
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_EncryptInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9]  , 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9]  , 9) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
-        if(total != 32)
-            return 3438;
+        if (total != 32)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         total = 0;
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_DecryptInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 2)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if(total != 18)
-            return 3447;
+        if (total != 18)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (XMEMCMP(plain, cbcPlain, 18))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_key_length(NULL) != 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_Cipher_key_length(NULL) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_Cipher_key_length(wolfSSL_EVP_aes_128_cbc()) != 16)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_CTX_mode(NULL) != 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_mode(NULL) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
-        if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_DecryptInit_ex(de, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
-        if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
-        if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv);
-        if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_block_size(en) != en->block_size)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_aes_128_cbc()) != WC_AES_BLOCK_SIZE)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_flags(wolfSSL_EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
-        EVP_CIPHER_CTX_set_flags(en, 42);
+        wolfSSL_EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
+        wolfSSL_EVP_CIPHER_CTX_set_flags(en, 42);
         if (en->flags != 42)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(NULL, 0) !=
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        wolfSSL_EVP_CIPHER_CTX_free(en);
-        wolfSSL_EVP_CIPHER_CTX_free(de);
-#endif
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
-#endif /* ifndef NO_AES */
-    return 0;
+#endif /* !NO_AES && !WOLFCRYPT_ONLY */
+
+    ret = 0;
+
+out:
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    wolfSSL_EVP_CIPHER_CTX_free(ctx);
+    wolfSSL_EVP_CIPHER_CTX_free(en);
+    wolfSSL_EVP_CIPHER_CTX_free(de);
+    wolfSSL_EVP_CIPHER_CTX_free(p_en);
+    wolfSSL_EVP_CIPHER_CTX_free(p_de);
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #ifdef HAVE_AES_DECRYPT
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #endif
+    #endif
+#else
+    (void)en;
+    (void)de;
+    (void)ctx;
+#endif
+
+    return ret;
 }
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
@@ -23134,60 +26221,61 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
 #if !defined(NO_SHA256) && !defined(NO_SHA)
     WOLFSSL_EVP_MD_CTX* ctx;
     WOLFSSL_EVP_MD_CTX* ctx2;
+    WOLFSSL_ENTER("openSSL_evpMD_test");
 
-    ctx = EVP_MD_CTX_create();
-    ctx2 = EVP_MD_CTX_create();
+    ctx = wolfSSL_EVP_MD_CTX_new();
+    ctx2 = wolfSSL_EVP_MD_CTX_new();
 
-    ret = EVP_DigestInit(ctx, EVP_sha256());
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha256());
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_MD_CTX_copy(ctx2, ctx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_copy(ctx2, ctx);
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_DigestInit(ctx, EVP_sha1());
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1());
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_copy_ex(ctx2, ctx);
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) == wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha1()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
+    if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_add_digest(NULL) != 0) {
+    if (wolfSSL_EVP_add_digest(NULL) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
@@ -23200,8 +26288,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
     ret = 0; /* got to success state without jumping to end with a fail */
 
 openSSL_evpMD_test_done:
-    EVP_MD_CTX_destroy(ctx);
-    EVP_MD_CTX_destroy(ctx2);
+    wolfSSL_EVP_MD_CTX_free(ctx);
+    wolfSSL_EVP_MD_CTX_free(ctx2);
 #endif /* NO_SHA256 */
 
     return ret;
@@ -23225,17 +26313,17 @@ static void show(const char *title, const char *p, unsigned int s) {
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
+#if !defined(NO_RSA) && !defined(NO_SHA)
     byte*   prvTmp;
     byte*   pubTmp;
     int prvBytes;
     int pubBytes;
-    RSA *prvRsa = NULL;
-    RSA *pubRsa = NULL;
-    EVP_PKEY *prvPkey = NULL;
-    EVP_PKEY *pubPkey = NULL;
-    EVP_PKEY_CTX *enc = NULL;
-    EVP_PKEY_CTX *dec = NULL;
+    WOLFSSL_RSA *prvRsa = NULL;
+    WOLFSSL_RSA *pubRsa = NULL;
+    WOLFSSL_EVP_PKEY *prvPkey = NULL;
+    WOLFSSL_EVP_PKEY *pubPkey = NULL;
+    WOLFSSL_EVP_PKEY_CTX *enc = NULL;
+    WOLFSSL_EVP_PKEY_CTX *dec = NULL;
 
     byte   in[] = TEST_STRING;
     byte   out[256];
@@ -23247,9 +26335,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
     XFILE  keypubFile;
     char cliKey[]    = "./certs/client-key.der";
     char cliKeypub[] = "./certs/client-keyPub.der";
-
 #endif
 
+    WOLFSSL_ENTER("openssl_pkey0_test");
+
     prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (prvTmp == NULL)
         return WC_TEST_RET_ENC_ERRNO;
@@ -23311,19 +26400,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         }
 
         ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
-        if(ret != SSL_SUCCESS){
+        if(ret != WOLFSSL_SUCCESS){
             printf("error with RSA_LoadDer_ex\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
         ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
-        if(ret != SSL_SUCCESS){
+        if(ret != WOLFSSL_SUCCESS){
             printf("error with RSA_LoadDer_ex\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
-        keySz = (size_t)RSA_size(pubRsa);
+        keySz = (size_t)wolfSSL_RSA_size(pubRsa);
 
         prvPkey = wolfSSL_EVP_PKEY_new();
         pubPkey = wolfSSL_EVP_PKEY_new();
@@ -23340,28 +26429,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
             goto openssl_pkey0_test_done;
         }
 
-        dec = EVP_PKEY_CTX_new(prvPkey, NULL);
-        enc = EVP_PKEY_CTX_new(pubPkey, NULL);
+        dec = wolfSSL_EVP_PKEY_CTX_new(prvPkey, NULL);
+        enc = wolfSSL_EVP_PKEY_CTX_new(pubPkey, NULL);
         if((dec == NULL)||(enc==NULL)){
             printf("error with EVP_PKEY_CTX_new\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
 
-        ret = EVP_PKEY_decrypt_init(dec);
+        ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
         if (ret != 1) {
             printf("error with decrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
-        ret = EVP_PKEY_encrypt_init(enc);
+        ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
         if (ret != 1) {
             printf("error with encrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
         XMEMSET(out, 0, sizeof(out));
-        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
+        ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
         if (ret != 1) {
             printf("error encrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -23371,7 +26460,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("encrypted msg", out, outlen);
 
         XMEMSET(plain, 0, sizeof(plain));
-        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
+        ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
         if (ret != 1) {
             printf("error decrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -23380,33 +26469,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("decrypted msg", plain, outlen);
 
         /* RSA_PKCS1_OAEP_PADDING test */
-        ret = EVP_PKEY_decrypt_init(dec);
+        ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
         if (ret != 1) {
             printf("error with decrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
-        ret = EVP_PKEY_encrypt_init(enc);
+        ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
         if (ret != 1) {
             printf("error with encrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
 
-        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
             printf("first set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
 #ifndef HAVE_FIPS
-        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
             printf("second set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
-        if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
             printf("third set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
@@ -23414,7 +26503,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
 #endif
 
         XMEMSET(out, 0, sizeof(out));
-        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
+        ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
         if (ret != 1) {
             printf("error encrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -23424,7 +26513,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("encrypted msg", out, outlen);
 
         XMEMSET(plain, 0, sizeof(plain));
-        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
+        ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
         if (ret != 1) {
             printf("error decrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -23438,10 +26527,10 @@ openssl_pkey0_test_done:
 
         wolfSSL_RSA_free(prvRsa);
         wolfSSL_RSA_free(pubRsa);
-        EVP_PKEY_free(pubPkey);
-        EVP_PKEY_free(prvPkey);
-        EVP_PKEY_CTX_free(dec);
-        EVP_PKEY_CTX_free(enc);
+        wolfSSL_EVP_PKEY_free(pubPkey);
+        wolfSSL_EVP_PKEY_free(prvPkey);
+        wolfSSL_EVP_PKEY_CTX_free(dec);
+        wolfSSL_EVP_PKEY_CTX_free(enc);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* NO_RSA */
@@ -23453,13 +26542,12 @@ openssl_pkey0_test_done:
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-    !defined(NO_SHA)
-    EVP_PKEY_CTX* dec = NULL;
-    EVP_PKEY_CTX* enc = NULL;
-    EVP_PKEY* pubKey  = NULL;
-    EVP_PKEY* prvKey  = NULL;
-    X509* x509 = NULL;
+#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
+    WOLFSSL_EVP_PKEY_CTX* dec = NULL;
+    WOLFSSL_EVP_PKEY_CTX* enc = NULL;
+    WOLFSSL_EVP_PKEY* pubKey  = NULL;
+    WOLFSSL_EVP_PKEY* prvKey  = NULL;
+    WOLFSSL_X509* x509 = NULL;
 
     WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
     const unsigned char* clikey;
@@ -23483,6 +26571,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
     unsigned char plain[RSA_TEST_BYTES];
 #endif
 
+    WOLFSSL_ENTER("openssl_pkey1_test");
+
 #if defined(USE_CERT_BUFFERS_1024)
     XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
     cliKeySz = (long)sizeof_client_key_der_1024;
@@ -23530,15 +26620,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
     }
 
     /* using existing wolfSSL api to get public and private key */
-    x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
+    x509 = wolfSSL_X509_load_certificate_file(clientCert, WOLFSSL_FILETYPE_ASN1);
 #endif /* USE_CERT_BUFFERS */
     clikey = tmp;
 
-    if ((prvKey = EVP_PKEY_new()) == NULL) {
+    if ((prvKey = wolfSSL_EVP_PKEY_new()) == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto openssl_pkey1_test_done;
     }
-    EVP_PKEY_free(prvKey);
+    wolfSSL_EVP_PKEY_free(prvKey);
     prvKey = NULL;
 
     if (x509 == NULL) {
@@ -23546,100 +26636,97 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
         goto openssl_pkey1_test_done;
     }
 
-    pubKey = X509_get_pubkey(x509);
+    pubKey = wolfSSL_X509_get_pubkey(x509);
     if (pubKey == NULL) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
+    prvKey = wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
     if (prvKey == NULL) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
-    if (EVP_PKEY_bits(prvKey) != keyLenBits) {
+    /* phase 2 API to create WOLFSSL_EVP_PKEY_CTX and encrypt/decrypt */
+    if (wolfSSL_EVP_PKEY_bits(prvKey) != keyLenBits) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
+    if (wolfSSL_EVP_PKEY_size(prvKey) != keyLenBits/8) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    dec = EVP_PKEY_CTX_new(prvKey, NULL);
-    enc = EVP_PKEY_CTX_new(pubKey, NULL);
+    dec = wolfSSL_EVP_PKEY_CTX_new(prvKey, NULL);
+    enc = wolfSSL_EVP_PKEY_CTX_new(pubKey, NULL);
     if (dec == NULL || enc == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_decrypt_init(dec) != 1) {
+    if (wolfSSL_EVP_PKEY_decrypt_init(dec) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_encrypt_init(enc) != 1) {
+    if (wolfSSL_EVP_PKEY_encrypt_init(enc) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
 #ifndef HAVE_FIPS
-    if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 #endif
 
     XMEMSET(cipher, 0, RSA_TEST_BYTES);
-    outlen = keyLenBits/8;
-    if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
+    outlen = (size_t)(keyLenBits/8);
+    if (wolfSSL_EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 
     XMEMSET(plain, 0, RSA_TEST_BYTES);
-    if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
+    if (wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
 openssl_pkey1_test_done:
     if (pubKey != NULL) {
-        EVP_PKEY_free(pubKey);
+        wolfSSL_EVP_PKEY_free(pubKey);
     }
     if (prvKey != NULL) {
-        EVP_PKEY_free(prvKey);
+        wolfSSL_EVP_PKEY_free(prvKey);
     }
     if (dec != NULL) {
-        EVP_PKEY_CTX_free(dec);
+        wolfSSL_EVP_PKEY_CTX_free(dec);
     }
     if (enc != NULL) {
-        EVP_PKEY_CTX_free(enc);
+        wolfSSL_EVP_PKEY_CTX_free(enc);
     }
     if (x509 != NULL) {
-        X509_free(x509);
+        wolfSSL_X509_free(x509);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (cipher != NULL)
-        XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (plain != NULL)
-        XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
 
@@ -23649,18 +26736,18 @@ openssl_pkey1_test_done:
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
 {
-#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA) && !defined(NO_SHA)
     byte*   prvTmp;
     byte*   pubTmp;
     int prvBytes;
     int pubBytes;
-    RSA *prvRsa;
-    RSA *pubRsa;
-    EVP_PKEY *prvPkey;
-    EVP_PKEY *pubPkey;
+    WOLFSSL_RSA *prvRsa;
+    WOLFSSL_RSA *pubRsa;
+    WOLFSSL_EVP_PKEY *prvPkey;
+    WOLFSSL_EVP_PKEY *pubPkey;
 
-    EVP_MD_CTX* sign;
-    EVP_MD_CTX* verf;
+    WOLFSSL_EVP_MD_CTX* sign;
+    WOLFSSL_EVP_MD_CTX* verf;
     char msg[] = "see spot run";
     unsigned char sig[256];
     unsigned int sigSz;
@@ -23668,12 +26755,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     unsigned int count;
     wc_test_ret_t ret, ret1, ret2;
 
-    #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
+#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
     XFILE   keyFile;
     XFILE   keypubFile;
     char cliKey[]    = "./certs/client-key.der";
     char cliKeypub[] = "./certs/client-keyPub.der";
-    #endif
+#endif
+    WOLFSSL_ENTER("openssl_evpSig_test");
 
     prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (prvTmp == NULL)
@@ -23738,9 +26826,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
 
     ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
     ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
-      printf("error with RSA_LoadDer_ex\n");
-      return WC_TEST_RET_ENC_NC;
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
+        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        printf("error with RSA_LoadDer_ex\n");
+        return WC_TEST_RET_ENC_NC;
     }
 
     prvPkey = wolfSSL_EVP_PKEY_new();
@@ -23756,25 +26846,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     if((ret1 != 1) || (ret2 != 1)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        printf("error with EVP_PKEY_set1_RSA\n");
+        printf("error with WOLFSSL_EVP_PKEY_set1_RSA\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     /****************** sign and verify *******************/
-    sign = EVP_MD_CTX_create();
-    verf = EVP_MD_CTX_create();
+    sign = wolfSSL_EVP_MD_CTX_new();
+    verf = wolfSSL_EVP_MD_CTX_new();
     if((sign == NULL)||(verf == NULL)){
-        printf("error with EVP_MD_CTX_create\n");
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        printf("error with WOLFSSL_EVP_MD_CTX_create\n");
+        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         return WC_TEST_RET_ENC_NC;
     }
 
-    ret = EVP_SignInit(sign, EVP_sha1());
-    if (ret != SSL_SUCCESS){
+    ret = wolfSSL_EVP_SignInit(sign, wolfSSL_EVP_sha1());
+    if (ret != WOLFSSL_SUCCESS){
         printf("error with EVP_SignInit\n");
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         return WC_TEST_RET_ENC_NC;
     }
 
@@ -23784,59 +26878,59 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     /* sign */
     XMEMSET(sig, 0, sizeof(sig));
     pt = (const void*)msg;
-    ret1 = EVP_SignUpdate(sign, pt, count);
-    ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    ret1 = wolfSSL_EVP_SignUpdate(sign, pt, count);
+    ret2 = wolfSSL_EVP_SignFinal(sign, sig, &sigSz, prvPkey);
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
-        printf("error with EVP_MD_CTX_create\n");
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
+        printf("error with WOLFSSL_EVP_MD_CTX_create\n");
         return WC_TEST_RET_ENC_NC;
     }
     show("signature = ", (char *)sig, sigSz);
 
     /* verify */
     pt = (const void*)msg;
-    ret1 = EVP_VerifyInit(verf, EVP_sha1());
-    ret2 = EVP_VerifyUpdate(verf, pt, count);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    ret1 = wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
+    ret2 = wolfSSL_EVP_VerifyUpdate(verf, pt, count);
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("error with EVP_Verify\n");
         return WC_TEST_RET_ENC_NC;
     }
-    if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
+    if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("error with EVP_VerifyFinal\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     /* expect fail without update */
-    EVP_VerifyInit(verf, EVP_sha1());
-    if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
+    wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
+    if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("EVP_VerifyInit without update not detected\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    EVP_MD_CTX_destroy(sign);
-    EVP_MD_CTX_destroy(verf);
+    wolfSSL_EVP_MD_CTX_free(sign);
+    wolfSSL_EVP_MD_CTX_free(verf);
 
     wolfSSL_RSA_free(prvRsa);
     wolfSSL_RSA_free(pubRsa);
-    EVP_PKEY_free(pubPkey);
-    EVP_PKEY_free(prvPkey);
+    wolfSSL_EVP_PKEY_free(pubPkey);
+    wolfSSL_EVP_PKEY_free(prvPkey);
 
 #endif /* NO_RSA */
     return 0;
@@ -23904,6 +26998,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
         0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
     };
 #endif
+    WOLFSSL_ENTER("scrypt_test");
 
     ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
     if (ret != 0)
@@ -23923,7 +27018,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
     /* Test case with parallel overflowing */
     ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
                     sizeof(verify1));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Don't run these test on embedded, since they use large mallocs */
@@ -23943,6 +27038,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
     if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif
+#else
+#ifdef SCRYPT_TEST_ALL
+    (void)verify4;
+#endif
 #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
 
 #if !defined(BENCH_EMBEDDED)
@@ -23961,7 +27060,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
 #endif
 
 #ifdef HAVE_PKCS12
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
                             0x00, 0x00 };
@@ -23987,13 +27086,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
     int id         =  1;
     int kLen       = 24;
     int iterations =  1;
-    wc_test_ret_t ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
-                                                  iterations, kLen, WC_SHA256, id);
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("pkcs12_pbkdf_test");
 
+    ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
+                          iterations, kLen, WC_SHA256, id);
     if (ret < 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(derived, verify, kLen) != 0)
+    if (XMEMCMP(derived, verify, (unsigned long)kLen) != 0)
         return WC_TEST_RET_ENC_NC;
 
     iterations = 1000;
@@ -24018,7 +27119,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
 {
     char passwd[] = "passwordpassword";
-    WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
+    WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
+                                                     0x5d, 0x63, 0xcb, 0x06 };
     int   iterations = 2048;
     int   kLen = 24;
     byte  derived[64];
@@ -24028,10 +27130,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
         0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
     };
 
-    wc_test_ret_t ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
-              (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("pbkdf2_test");
+
+    ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
+                       salt, (int)sizeof(salt), iterations,
+                       kLen, WC_SHA256, HEAP_HINT, devId);
     if (ret != 0)
-        return ret;
+        return WC_TEST_RET_ENC_EC(ret);
 
     if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
         return WC_TEST_RET_ENC_NC;
@@ -24055,9 +27161,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
         0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
     };
 
-    wc_test_ret_t ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
-        (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
-        HEAP_HINT);
+    wc_test_ret_t ret;
+    WOLFSSL_ENTER("pbkdf1_test");
+
+    ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
+             (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
+             HEAP_HINT);
     if (ret != 0)
         return ret;
 
@@ -24070,33 +27179,138 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
 {
-   wc_test_ret_t ret = 0;
+    wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("pwdbased_test");
 
 #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
-   ret = pbkdf1_test();
-   if (ret != 0)
-      return ret;
+    ret = pbkdf1_test();
+    if (ret != 0)
+        return ret;
 #endif
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
-   ret = pbkdf2_test();
-   if (ret != 0)
-      return ret;
+    ret = pbkdf2_test();
+    if (ret != 0)
+        return ret;
 #endif
 #ifdef HAVE_PKCS12
-   ret = pkcs12_test();
-   if (ret != 0)
-      return ret;
+    ret = pkcs12_pbkdf_test();
+    if (ret != 0)
+        return ret;
 #endif
 #ifdef HAVE_SCRYPT
-   ret = scrypt_test();
-   if (ret != 0)
-      return ret;
+    ret = scrypt_test();
+    if (ret != 0)
+        return ret;
 #endif
-   return ret;
+    return ret;
 }
 
 #endif /* NO_PWDBASED */
 
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS) && !defined(NO_DES3)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
+{
+    wc_test_ret_t ret = 0;
+    WC_PKCS12* pkcs12 = NULL;
+    /* Gen vars */
+    byte* pkcs12der = NULL;
+    int pkcs12derSz = 0;
+    WC_DerCertList derCaList = {
+        (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
+    };
+    char* pass = (char*)"wolfSSL test";
+    /* Parsing vars */
+    WC_DerCertList* derCaListOut = NULL;
+    byte* keyDer  = NULL;
+    byte* certDer = NULL;
+    word32 keySz;
+    word32 certSz;
+
+    WOLFSSL_ENTER("pkcs12_test");
+
+    pkcs12 = wc_PKCS12_create(pass, (word32)XSTRLEN(pass),
+        (char*)"friendlyName" /* not used currently */,
+        (byte*)server_key_der_2048, sizeof_server_key_der_2048,
+        (byte*)server_cert_der_2048, sizeof_server_cert_der_2048,
+        &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100,
+        0 /* not used currently */, HEAP_HINT);
+    if (pkcs12 == NULL) {
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
+        goto out;
+    }
+
+    ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        if (ret == 0)
+            ret = WC_TEST_RET_ENC_NC;
+        else
+            ret = WC_TEST_RET_ENC_I(ret);
+        goto out;
+    }
+
+    pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+    if (pkcs12der == NULL) {
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
+        goto out;
+    }
+
+    {
+        /* Use tmp pointer to avoid advancing pkcs12der */
+        byte* tmp = pkcs12der;
+        ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz);
+        if (ret <= 0) {
+            if (ret == 0)
+                ret = WC_TEST_RET_ENC_NC;
+            else
+                ret = WC_TEST_RET_ENC_I(ret);
+            goto out;
+        }
+    }
+
+    wc_PKCS12_free(pkcs12);
+    pkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
+    if (pkcs12 == NULL) {
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
+        goto out;
+    }
+
+    /* convert the DER file into an internal structure */
+    ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12);
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        goto out;
+    }
+
+    /* parse the internal structure into its parts */
+    ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz,
+            &certDer, &certSz, &derCaListOut);
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        goto out;
+    }
+    if (keyDer == NULL || certDer == NULL || derCaListOut == NULL) {
+        ret = WC_TEST_RET_ENC_NC;
+        goto out;
+    }
+
+out:
+
+    if (derCaListOut)
+        wc_FreeCertList(derCaListOut, HEAP_HINT);
+    XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+    XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+    if (pkcs12)
+        wc_PKCS12_free(pkcs12);
+    XFREE(pkcs12der, HEAP_HINT, DYNAMIC_TYPE_PKCS);
+
+    return ret;
+}
+#endif
+
+
 #if defined(HAVE_HKDF) && !defined(NO_HMAC)
 
 #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) ||     \
@@ -24154,49 +27368,50 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
                       0x58, 0x65 };
 #endif
 #endif /* !NO_SHA256 */
+    WOLFSSL_ENTER("hkdf_test");
 
     XMEMSET(okm1, 0, sizeof(okm1));
     L = (int)sizeof(okm1);
 
 #ifndef NO_SHA
     ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
-        okm1, L);
+        okm1, (word32)L);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res1, L) != 0)
+    if (XMEMCMP(okm1, res1, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 
 #ifndef HAVE_FIPS
     /* fips can't have key size under 14 bytes, salt is key too */
     L = (int)sizeof(okm1);
     ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
-        info1, (word32)sizeof(info1), okm1, L);
+        info1, (word32)sizeof(info1), okm1, (word32)L);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res2, L) != 0)
+    if (XMEMCMP(okm1, res2, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_FIPS */
 #endif /* !NO_SHA */
 
 #ifndef NO_SHA256
     ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
-        okm1, L);
+        okm1, (word32)L);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res3, L) != 0)
+    if (XMEMCMP(okm1, res3, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 
 #ifndef HAVE_FIPS
     /* fips can't have key size under 14 bytes, salt is key too */
     ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1),
-        salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, L);
+        salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, (word32)L);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res4, L) != 0)
+    if (XMEMCMP(okm1, res4, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_FIPS */
 #endif /* !NO_SHA256 */
@@ -24336,13 +27551,14 @@ static const SshKdfTestVector sshKdfTestVectors[] = {
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
 {
-    wc_test_ret_t result = 0;
+    byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and WC_AES_BLOCK_SIZE */
     word32 i;
     word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
     const SshKdfTestVector* tv = NULL;
-    byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
-    /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
+    wc_test_ret_t result = 0;
+    WOLFSSL_ENTER("sshkdf_test");
 
+    /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
     for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
         result = wc_SSH_KDF(tv->hashId, tv->keyId,
                 cKey, tv->expectedKeySz,
@@ -24368,6 +27584,114 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
 
 #endif /* WOLFSSL_WOLFSSH */
 
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+#define DIGL 12
+#define SECL 48
+#define LBSL 63
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
+{
+    int ret;
+    byte dig[DIGL] = {0};
+    byte secret[SECL] = {
+                          0x10, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c,
+                          0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f,
+                          0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71,
+                          0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8,
+                          0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99,
+                          0x9d, 0xfc, 0x47
+                        };
+    byte lablSd[LBSL] = {
+                          0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69,
+                          0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba,
+                          0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43,
+                          0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e,
+                          0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a,
+                          0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf,
+                          0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43
+                        };
+    byte expected[DIGL] = {
+                            0xee, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a,
+                            0xbe, 0xda, 0xc1, 0xf6
+                          };
+    int digL = DIGL;
+    int secL = SECL;
+    int lblsdL = LBSL;
+    int hash_type = sha384_mac;
+
+    ret = wc_PRF(dig, (word32)digL, secret, (word32)secL, lablSd,
+                 (word32)lblsdL, hash_type,
+                 HEAP_HINT, INVALID_DEVID);
+    if (ret != 0) {
+        printf("Failed w/ code: %d\n", ret);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+
+    if (XMEMCMP(expected, dig, DIGL) != 0) {
+        printf("Got unexpected digest\n");
+        return WC_TEST_RET_ENC_NC;
+    }
+
+    return 0;
+}
+#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */
+
+#ifdef WOLFSSL_HAVE_PRF
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+#ifdef WOLFSSL_BASE16
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
+{
+    const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089"
+                                  "4E6C2E6C34A165B24540E2970875D641"
+                                  "2AA6515871B389B4C199BB8389C71CED";
+    const char* helloRandom     = "162B81EDFBEAE4F25240320B87E7651C"
+                                  "865564191DD782DB0B9ECA275FBA1BB9"
+                                  "5A1DA3DF436D68DA86C5E7B4B4A36E46"
+                                  "B977C61767983A31BE270D74517BD0F6";
+    const char* masterSecret    = "EB38B8D89B98B1C266DE44BB3CA14E83"
+                                  "C32F009F9955B1D994E61D3C51EE8760"
+                                  "90B4EF89CC7AF42F46E72201BFCC7977";
+    const char* label           = "master secret";
+
+    byte pms[48] = {0};
+    byte seed[64] = {0};
+    byte ms[48] = {0};
+    byte result[48] = {0};
+
+    word32 pmsSz    = (word32)sizeof(pms);
+    word32 seedSz   = (word32)sizeof(seed);
+    word32 msSz     = (word32)sizeof(ms);
+    int ret;
+
+    ret = Base16_Decode((const byte*)preMasterSecret,
+                        (word32)XSTRLEN(preMasterSecret), pms, &pmsSz);
+    if (ret != 0)
+        return ret;
+    ret = Base16_Decode((const byte*)helloRandom,
+                        (word32)XSTRLEN(helloRandom), seed, &seedSz);
+    if (ret != 0)
+        return ret;
+    ret = Base16_Decode((const byte*)masterSecret,
+                        (word32)XSTRLEN(masterSecret), ms, &msSz);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_PRF_TLS(result, msSz, pms, pmsSz,
+            (const byte*)label, (word32)XSTRLEN(label), seed, seedSz,
+            1, sha256_mac, NULL, INVALID_DEVID);
+    if (ret != 0) {
+        if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) {
+            printf("    wc_PRF_TLSv12: Private key locked.\n");
+        }
+        return WC_TEST_RET_ENC_NC;
+    }
+
+    if (XMEMCMP(result, ms, msSz) != 0)
+        return WC_TEST_RET_ENC_NC;
+    return 0;
+}
+#endif /* WOLFSSL_BASE16 */
+#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
+#endif /* WOLFSSL_HAVE_PRF */
 
 #ifdef WOLFSSL_TLS13
 
@@ -24927,6 +28251,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
     word32 i;
     word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
     const Tls13KdfTestVector* tv = NULL;
+    WOLFSSL_ENTER("tls13_kdf_test");
 
     for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
         byte output[WC_MAX_DIGEST_SIZE];
@@ -24939,117 +28264,123 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
         XMEMSET(zeroes, 0, sizeof zeroes);
 
         hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
-        if (hashAlgSz == BAD_FUNC_ARG) break;
-        ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, hashAlgSz);
+        if (hashAlgSz == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) break;
+        ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
                 (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
-                tv->pskSz, tv->hashAlg);
+                tv->pskSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
-                tv->hashHello1, hashAlgSz, tv->hashAlg);
+                tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->clientEarlyTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
-                tv->hashHello1, hashAlgSz, tv->hashAlg);
+                tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->earlyExporterMasterSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
-                hashZero, hashAlgSz, tv->hashAlg);
+                hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz,
+        ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
                 (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
-                tv->dheSz, tv->hashAlg);
+                tv->dheSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
-                tv->hashHello2, hashAlgSz, tv->hashAlg);
+                tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
-                output, hashAlgSz);
+                output, (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
-                tv->hashHello2, hashAlgSz, tv->hashAlg);
+                tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
-                hashZero, hashAlgSz, tv->hashAlg);
+                hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz,
-                zeroes, hashAlgSz, tv->hashAlg);
+        ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
+                zeroes, (word32)(word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
-                tv->hashFinished1, hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->clientApplicationTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
-                tv->hashFinished1, hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->serverApplicationTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
-                tv->hashFinished1, hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->exporterMasterSecret, output, (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
-        ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
-                secret, hashAlgSz,
+        ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
+                secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
-                tv->hashFinished2, hashAlgSz, tv->hashAlg);
+                tv->hashFinished2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->resumptionMasterSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
     }
 
@@ -25164,6 +28495,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
     };
 #endif
 
+    WOLFSSL_ENTER("x963kdf_test");
+
 #ifndef NO_SHA
     ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
                       kek, sizeof(verify));
@@ -25207,7 +28540,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
 
 #endif /* HAVE_X963_KDF */
 
-#if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
+#if defined(HAVE_HPKE) && \
+    (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \
     defined(HAVE_AESGCM)
 
 static wc_test_ret_t hpke_test_single(Hpke* hpke)
@@ -25292,6 +28626,31 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
             ret = WC_TEST_RET_ENC_NC;
     }
 
+    /* Negative test case with NULL argument */
+    if (ret == 0) {
+        ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ret = WC_TEST_RET_ENC_EC(ret);
+        else
+            ret = 0;
+    }
+
+    if (ret == 0) {
+        ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ret = WC_TEST_RET_ENC_EC(ret);
+        else
+            ret = 0;
+    }
+
+    if (ret == 0) {
+        ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ret = WC_TEST_RET_ENC_EC(ret);
+        else
+            ret = 0;
+    }
+
     if (ephemeralKey != NULL)
         wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
 
@@ -25299,8 +28658,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
         wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (pubKey != NULL)
-        XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     if (rngRet == 0)
@@ -25413,6 +28771,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
 {
     wc_test_ret_t ret = 0;
     Hpke hpke[1];
+    WOLFSSL_ENTER("hpke_test");
 
 #if defined(HAVE_ECC)
     #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
@@ -25475,8 +28834,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
         return ret;
 #endif
 
+
+#if defined(HAVE_CURVE448) && \
+    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
+    /* test with curve448 and aes256 */
+    ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512,
+        HPKE_AES_256_GCM, NULL);
+
+    /* HPKE does not support X448 yet, so expect failure */
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = hpke_test_single(hpke);
+
+    /* HPKE does not support X448 yet, so expect failure */
+    if (WC_TEST_RET_DEC_EC(ret) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        return ret;
+    ret = 0; /* reset error code */
+#endif
+
+    /* TODO: HPKE chacha20 is not implemented */
+
     return ret;
-/* x448 and chacha20 are unimplemented */
 }
 #endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM */
 
@@ -25676,6 +29055,61 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
         0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46,
         0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6
     };
+
+    /* SRTCP w/ 48-bit idx - KDR 0 (-1) */
+    WOLFSSL_SMALL_STACK_STATIC const byte mk48_1[] = {
+        0xFF, 0xB6, 0xCB, 0x09, 0x71, 0x3F, 0x63, 0x4D,
+        0x7F, 0x42, 0xED, 0xA8, 0x12, 0x81, 0x50, 0xE6
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ms48_1[] = {
+        0x1F, 0x04, 0x76, 0xC8, 0x7F, 0x58, 0x23, 0xEF,
+        0xD3, 0x57, 0xB2, 0xBD, 0xF1, 0x32
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_1[] = {
+        0x00, 0x00, 0x08, 0x56, 0xBC, 0x39
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_1[] = {
+        0xD2, 0xC3, 0xF3, 0x49, 0x00, 0x1A, 0x18, 0x0F,
+        0xB6, 0x05, 0x5A, 0x5A, 0x67, 0x8E, 0xE5, 0xB2
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_1[] = {
+        0x8D, 0x54, 0xBE, 0xB5, 0x7B, 0x7F, 0x7A, 0xAB,
+        0xF5, 0x46, 0xCE, 0x5B, 0x45, 0x69, 0x4A, 0x75,
+        0x81, 0x2A, 0xE2, 0xCB
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_1[] = {
+        0x76, 0x3C, 0x97, 0x6A, 0x45, 0x31, 0xA7, 0x79,
+        0x3C, 0x28, 0x4A, 0xA6, 0x82, 0x03
+    };
+
+    /* SRTCP w/ 48-bit idx - KDR 19 */
+    WOLFSSL_SMALL_STACK_STATIC const byte mk48_2[] = {
+        0xBD, 0x1D, 0x71, 0x6B, 0xDA, 0x28, 0xE3, 0xFC,
+        0xA5, 0xA0, 0x66, 0x3F, 0x2E, 0x34, 0xA8, 0x58
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte ms48_2[] = {
+        0x79, 0x06, 0xE5, 0xAB, 0x5C, 0x2B, 0x1B, 0x69,
+        0xFA, 0xEE, 0xD2, 0x29, 0x57, 0x3C
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_2[] = {
+        0x00, 0x00, 0x59, 0xD0, 0xC2, 0xE8
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_2[] = {
+        0xB9, 0xD7, 0xAD, 0xD8, 0x90, 0x94, 0xC2, 0x92,
+        0xA5, 0x04, 0x87, 0xC4, 0x8C, 0xEF, 0xE2, 0xA3
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_2[] = {
+        0x07, 0xD5, 0xC4, 0xD2, 0x06, 0xFB, 0x63, 0x15,
+        0xC2, 0x9C, 0x7F, 0x55, 0xD1, 0x16, 0x5C, 0xB5,
+        0xB7, 0x44, 0x54, 0xBD
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_2[] = {
+        0x0C, 0x5E, 0x53, 0xC1, 0xD0, 0x75, 0xAD, 0x65,
+        0xBF, 0x51, 0x74, 0x50, 0x89, 0xD7
+    };
+    int kdr_48_1 = -1;
+    int kdr_48_2 = 19;
+
     #define SRTP_TV_CNT     4
     Srtp_Kdf_Tv tv[SRTP_TV_CNT] = {
         { key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1,
@@ -25696,6 +29130,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
     unsigned char keyE[32];
     unsigned char keyA[20];
     unsigned char keyS[14];
+    WOLFSSL_ENTER("srtpkdf_test");
 
     for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
     #ifndef WOLFSSL_AES_128
@@ -25797,78 +29232,78 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
     ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
             tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
             keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
@@ -25909,6 +29344,37 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
         return WC_TEST_RET_ENC_NC;
     for (i = 0; i < 32; i++) {
         word32 kdr = 1U << i;
+
+        /* SRTCP w/ 48-bit IDX, 128-bit key test */
+        if (i == 0) {
+            ret = wc_SRTCP_KDF_ex(mk48_1, (word32)sizeof(mk48_1),
+                                  ms48_1, (word32)sizeof(ms48_1),
+                                  kdr_48_1, srtcp48idx_1, keyE, tv[i].keSz,
+                                  keyA, tv[i].kaSz, keyS, tv[i].ksSz,
+                                  WC_SRTCP_48BIT_IDX);
+            if (ret != 0)
+                return WC_TEST_RET_ENC_EC(ret);
+            if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0)
+                return WC_TEST_RET_ENC_NC;
+            if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0)
+                return WC_TEST_RET_ENC_NC;
+            if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0)
+                return WC_TEST_RET_ENC_NC;
+
+            ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2),
+                                  ms48_2, (word32)sizeof(ms48_2),
+                                  kdr_48_2, srtcp48idx_2, keyE, tv[i].keSz,
+                                  keyA, tv[i].kaSz, keyS, tv[i].ksSz,
+                                  WC_SRTCP_48BIT_IDX);
+            if (ret != 0)
+                return WC_TEST_RET_ENC_EC(ret);
+            if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0)
+                return WC_TEST_RET_ENC_NC;
+            if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0)
+                return WC_TEST_RET_ENC_NC;
+            if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0)
+                return WC_TEST_RET_ENC_NC;
+        }
         idx = wc_SRTP_KDF_kdr_to_idx(kdr);
         if (idx != i)
             return WC_TEST_RET_ENC_NC;
@@ -25970,12 +29436,10 @@ typedef struct eccVector {
     const char* curveName;
     word32 msgLen;
     word32 keySize;
-#ifndef NO_ASN
     const byte* r;
     word32      rSz;
     const byte* s;
     word32      sSz;
-#endif
 } eccVector;
 
 #if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
@@ -25997,6 +29461,13 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
     WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
 #endif
 
+    WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
+#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
+    WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
+    WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (sig == NULL)
         ERROR_OUT(MEMORY_E, done);
@@ -26013,26 +29484,27 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
 
     ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
                                                   vector->d, vector->curveName);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
+#if !defined(NO_ASN)
     XMEMSET(sig, 0, ECC_SIG_SIZE);
     sigSz = ECC_SIG_SIZE;
     ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
     if (ret != 0)
         goto done;
 
-#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
+#if !defined(HAVE_SELFTEST)
     XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
     sigRawSz = ECC_SIG_SIZE;
     ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
                                                              sigRaw, &sigRawSz);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
@@ -26040,13 +29512,23 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
 
     ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
         sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
     }
-#endif
+#endif /* !HAVE_SELFTEST */
+#else
+    /* Signature will be R+S directly */
+    /* Make sure and zero pad if r or s is less than key size */
+    XMEMSET(sig, 0, ECC_SIG_SIZE);
+    sigSz = vector->keySize * 2;
+    XMEMCPY(sig + (vector->keySize - vector->rSz),
+        vector->r, vector->rSz);
+    XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz),
+        vector->s, vector->sSz);
+#endif /* !NO_ASN */
 
 #ifdef HAVE_ECC_VERIFY
     do {
@@ -26056,9 +29538,9 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
         if (ret == 0)
             ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
                                                vector->msgLen, &verify, userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (verify != 1)
@@ -26134,14 +29616,12 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
         vec.S   = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
         vec.curveName = "SECP192R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
                          "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
         vec.rSz = 24;
         vec.s   = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
                          "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
         vec.sSz = 24;
-    #endif
         break;
 #endif /* HAVE_ECC192 */
 
@@ -26170,7 +29650,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
         vec.S   = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
         vec.curveName = "SECP224R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
                          "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
                          "\xbc\x16\x71\xa7";
@@ -26179,7 +29658,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
                          "\x6a\xf3\xad\x5b";
         vec.sSz = 28;
-    #endif
         break;
 #endif /* HAVE_ECC224 */
 
@@ -26212,7 +29690,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.d   = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
         vec.R   = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
         vec.S   = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
                          "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
                          "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
@@ -26221,7 +29698,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
                          "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
         vec.sSz = 32;
-    #endif
         vec.curveName = "SECP256R1";
         break;
 #endif /* !NO_ECC256 */
@@ -26256,7 +29732,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
         vec.S   = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
         vec.curveName = "SECP384R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
                          "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
                          "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
@@ -26267,7 +29742,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
                          "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
         vec.sSz = 48;
-    #endif
         break;
 #endif /* HAVE_ECC384 */
 
@@ -26301,7 +29775,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         vec.R   = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
         vec.S   = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
         vec.curveName = "SECP521R1";
-    #ifndef NO_ASN
         vec.r   = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
                          "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
                          "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
@@ -26316,11 +29789,12 @@ static wc_test_ret_t ecc_test_vector(int keySize)
                          "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
                          "\x3d\x22\xf2\x48\x0c";
         vec.sSz = 65;
-    #endif
         break;
 #endif /* HAVE_ECC521 */
     default:
-        return NOT_COMPILED_IN; /* Invalid key size / Not supported */
+        return WC_TEST_RET_ENC_EC(NOT_COMPILED_IN); /* Invalid key size /
+                                                     * Not supported
+                                                     */
     }; /* Switch */
 
     ret = ecc_test_vector_item(&vec);
@@ -26332,10 +29806,71 @@ static wc_test_ret_t ecc_test_vector(int keySize)
 }
 #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
 
-#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
-                               defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
-    && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
-#if defined(HAVE_ECC256)
+#if defined(HAVE_ECC_SIGN) && \
+    (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
+
+static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
+    enum wc_HashType hashType, const char* msg, WC_RNG* rng, const byte* expSig,
+    size_t expSigSz)
+{
+    wc_test_ret_t ret;
+    int verify;
+    byte sig[ECC_MAX_SIG_SIZE];
+    word32 sigSz;
+    unsigned char hash[WC_MAX_DIGEST_SIZE];
+
+    ret = wc_Hash(hashType,
+        (byte*)msg, (word32)XSTRLEN(msg),
+        hash, sizeof(hash));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    /* Sign test */
+    sigSz = sizeof(sig);
+    do {
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
+    #endif
+        if (ret == 0)
+            ret = wc_ecc_sign_hash(hash, wc_HashGetDigestSize(hashType),
+                sig, &sigSz, rng, key);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    TEST_SLEEP();
+
+    /* Compare test vector */
+    if (sigSz != expSigSz) {
+        ret = WC_TEST_RET_ENC_NC;
+        goto done;
+    }
+    if (XMEMCMP(sig, expSig, sigSz) != 0) {
+        ret = WC_TEST_RET_ENC_NC;
+        goto done;
+    }
+
+    /* Verification */
+    verify = 0;
+    do {
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
+    #endif
+        if (ret == 0)
+            ret = wc_ecc_verify_hash(sig, sigSz,
+                hash, wc_HashGetDigestSize(hashType), &verify, key);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    if (verify != 1) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+done:
+    return ret;
+}
+
 static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -26345,27 +29880,61 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
     ecc_key key[1];
 #endif
     int key_inited = 0;
-    byte sig[72];
-    word32 sigSz;
-    WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
-    unsigned char hash[32];
+    WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
     WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
         "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
     WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
         "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
     WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
         "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
-    WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = {
-        0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
-        0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
-        0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
-        0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
-        0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
-        0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
-        0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
-        0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
-        0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
+#ifndef NO_SHA256
+    WOLFSSL_SMALL_STACK_STATIC const byte expSig256[] = {
+        0x30, 0x46, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
+            0x02, 0x21,  /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
+                0x00, 0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8,
+                0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81,
+                0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9,
+                0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37,
+                0x16,
+            0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
+                0x00, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C,
+                0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F,
+                0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4,
+                0x06, 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD,
+                0xA8
     };
+#endif
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = {
+        0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
+            0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
+                0x0e, 0xaf, 0xea, 0x03, 0x9b, 0x20, 0xe9, 0xb4,
+                0x23, 0x09, 0xfb, 0x1d, 0x89, 0xe2, 0x13, 0x05,
+                0x7c, 0xbf, 0x97, 0x3d, 0xc0, 0xcf, 0xc8, 0xf1,
+                0x29, 0xed, 0xdd, 0xc8, 0x00, 0xef, 0x77, 0x19,
+            0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
+                0x48, 0x61, 0xf0, 0x49, 0x1e, 0x69, 0x98, 0xb9,
+                0x45, 0x51, 0x93, 0xe3, 0x4e, 0x7b, 0x0d, 0x28,
+                0x4d, 0xdd, 0x71, 0x49, 0xa7, 0x4b, 0x95, 0xb9,
+                0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54
+    };
+#endif
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = {
+        0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
+            0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
+                0x00, 0x84, 0x96, 0xa6, 0x0b, 0x5e, 0x9b, 0x47,
+                0xc8, 0x25, 0x48, 0x88, 0x27, 0xe0, 0x49, 0x5b,
+                0x0e, 0x3f, 0xa1, 0x09, 0xec, 0x45, 0x68, 0xfd,
+                0x3f, 0x8d, 0x10, 0x97, 0x67, 0x8e, 0xb9, 0x7f,
+                0x00,
+            0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
+                0x23, 0x62, 0xab, 0x1a, 0xdb, 0xe2, 0xb8, 0xad,
+                0xf9, 0xcb, 0x9e, 0xda, 0xb7, 0x40, 0xea, 0x60,
+                0x49, 0xc0, 0x28, 0x11, 0x4f, 0x24, 0x60, 0xf9,
+                0x65, 0x54, 0xf6, 0x1f, 0xae, 0x33, 0x02, 0xfe
+    };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -26374,60 +29943,40 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
-    if (ret != 0) {
-        goto done;
-    }
-
-    ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
-            (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-    sigSz = sizeof(sig);
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#ifndef NO_SHA256
+    /* Test for SHA2-256 */
+    ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA256, msg, rng,
+        expSig256, sizeof(expSig256));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+#endif /* !NO_SHA256 */
 
-    if (sigSz != sizeof(expSig)) {
-        ret = WC_TEST_RET_ENC_NC;
-        goto done;
-    }
-    if (XMEMCMP(sig, expSig, sigSz) != 0) {
-        ret = WC_TEST_RET_ENC_NC;
-        goto done;
-    }
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-384 */
+    ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng,
+        expSig384, sizeof(expSig384));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+#endif /* WOLFSSL_SHA384 */
 
-    sigSz = sizeof(sig);
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-512 */
+    ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng,
+        expSig512, sizeof(expSig512));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+#endif /* WOLFSSL_SHA512 */
 
 done:
     if (key_inited)
@@ -26437,10 +29986,56 @@ done:
 #endif
    return ret;
 }
-#endif
+#endif /* NO_ECC256 || HAVE_ALL_CURVES */
+
 
 #ifdef WOLFSSL_PUBLIC_MP
-#if defined(HAVE_ECC384)
+
+static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key,
+    enum wc_HashType hashType, const char* msg, WC_RNG* rng,
+    mp_int* r, mp_int* s,
+    mp_int* expR, mp_int* expS)
+{
+    wc_test_ret_t ret;
+    unsigned char hash[WC_MAX_DIGEST_SIZE];
+    int verify;
+
+    ret = wc_Hash(hashType,
+        (byte*)msg, (word32)XSTRLEN(msg),
+        hash, sizeof(hash));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    ret = wc_ecc_sign_hash_ex(hash, wc_HashGetDigestSize(hashType), rng, key,
+        r, s);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    TEST_SLEEP();
+
+    if (mp_cmp(r, expR) != MP_EQ && mp_cmp(s, expS) != MP_EQ) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+
+    /* Verification */
+    verify = 0;
+    ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType),
+        &verify, key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    if (verify != 1) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+done:
+    return ret;
+}
+
+#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
 /* KAT from RFC6979 */
 static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
 {
@@ -26452,9 +30047,10 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
     ecc_key key[1];
     mp_int r[1], s[1], expR[1], expS[1];
 #endif
-    int key_inited = 0;
-    WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
-    unsigned char hash[32];
+    int key_inited = 0,
+        tmp_mp_ints_inited = 0;
+
+    WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
     WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
         "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
         "96D5724E4C70A825F872C9EA60D2EDF5";
@@ -26464,12 +30060,30 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
     WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
         "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
         "288B231C3AE0D4FE7344FD2533264720";
-    WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
+#ifndef NO_SHA256
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 =
        "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
        "BDE1E888E63355D92FA2B3C36D8FB2CD";
-    WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 =
        "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
        "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
+#endif
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
+        "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C"
+        "81A648152E44ACF96E36DD1E80FABE46";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 =
+        "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F"
+        "A329C145786E679E7B82C71A38628AC8";
+#endif
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
+        "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C"
+        "FE30F35CC900056D7C99CD7882433709";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 =
+        "512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112"
+        "DC7CC3EF3446DEFCEB01A45C2667FDD5";
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -26484,76 +30098,79 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
         (expR == NULL) ||
         (expS == NULL))
     {
-        ret = MEMORY_E;
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
     }
 #endif
 
     ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
-    if (ret != MP_OKAY) {
-        goto done;
-    }
+    if (ret != MP_OKAY)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    tmp_mp_ints_inited = 1;
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
-    if (ret != 0) {
-        goto done;
-    }
-
-    ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
-            (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#ifndef NO_SHA256
+    /* Test for SHA2-256 */
+    mp_read_radix(expR, expRstr256, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* NO_SHA256 */
 
-    mp_read_radix(expR, expRstr, MP_RADIX_HEX);
-    mp_read_radix(expS, expSstr, MP_RADIX_HEX);
-    if (mp_cmp(r, expR) != MP_EQ) {
-        ret = WC_TEST_RET_ENC_NC;
-    }
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-384 */
+    mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-512 */
+    mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA512 */
 
 done:
     if (key_inited)
         wc_ecc_free(key);
+    if (tmp_mp_ints_inited) {
+        mp_free(r);
+        mp_free(s);
+        mp_free(expR);
+        mp_free(expS);
+    }
 #ifdef WOLFSSL_SMALL_STACK
-    if (key != NULL)
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (r != NULL)
-        XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (s != NULL)
-        XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expR != NULL)
-        XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expS != NULL)
-        XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
 }
 #endif /* HAVE_ECC384 */
 
-#if defined(HAVE_ECC521)
+#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
 /* KAT from RFC6979 */
 static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
 {
@@ -26565,10 +30182,9 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
     ecc_key key[1];
     mp_int r[1], s[1], expR[1], expS[1];
 #endif
-    int key_inited = 0;
-    WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
-    unsigned char hash[32];
-
+    int key_inited = 0,
+        tmp_mp_ints_inited = 0;
+    WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
     WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
        "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
        "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
@@ -26581,14 +30197,36 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
         "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
         "CF5";
-    WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
+#ifndef NO_SHA256
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 =
         "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
         "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
         "1A7";
-    WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 =
         "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
         "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
         "CFC";
+#endif
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
+        "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4"
+        "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67"
+        "451";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 =
+        "1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5"
+        "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65"
+        "D61";
+#endif
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
+        "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1"
+        "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37"
+        "7FA";
+    WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 =
+        "0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2"
+        "82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A"
+        "67A";
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
     key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -26603,69 +30241,73 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         (expR == NULL) ||
         (expS == NULL))
     {
-        ret = MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
         goto done;
     }
 #endif
 
     ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
-    if (ret != MP_OKAY) {
-        goto done;
-    }
+    if (ret != MP_OKAY)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    tmp_mp_ints_inited = 1;
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        return WC_TEST_RET_ENC_EC(ret);
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
-    if (ret != 0) {
-        goto done;
-    }
-
-    ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
-            (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-    do {
-    #if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-    #endif
-        if (ret == 0)
-            ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
-    TEST_SLEEP();
+#ifndef NO_SHA256
+    /* Test for SHA2-256 */
+    mp_read_radix(expR, expRstr256, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* NO_SHA256 */
 
-    mp_read_radix(expR, expRstr, MP_RADIX_HEX);
-    mp_read_radix(expS, expSstr, MP_RADIX_HEX);
-    if (mp_cmp(r, expR) != MP_EQ) {
-        ret = WC_TEST_RET_ENC_NC;
-    }
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-384 */
+    mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
+    /* Test for SHA2-512 */
+    mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
+    mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
+    ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
+        r, s, expR, expS);
+    if (ret != 0)
+        ERROR_OUT(ret, done);
+#endif /* WOLFSSL_SHA512 */
 
 done:
     if (key_inited)
         wc_ecc_free(key);
+    if (tmp_mp_ints_inited) {
+        mp_free(r);
+        mp_free(s);
+        mp_free(expR);
+        mp_free(expS);
+    }
 #ifdef WOLFSSL_SMALL_STACK
-    if (key != NULL)
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (r != NULL)
-        XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (s != NULL)
-        XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expR != NULL)
-        XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (expS != NULL)
-        XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -26674,7 +30316,7 @@ done:
 #endif /* WOLFSSL_PUBLIC_MP */
 #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
                             WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
-          && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */
+          && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
 
 
 #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
@@ -26713,24 +30355,21 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
     && (HAVE_FIPS_VERSION > 2)))
     wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
 #endif
 
     ret = wc_ecc_sign_set_k(k, sizeof(k), key);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     sigSz = sizeof(sig);
     do {
@@ -26739,10 +30378,9 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (sigSz != sizeof(expSig)) {
@@ -26761,10 +30399,9 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
 done:
@@ -26801,7 +30438,7 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((pub_key == NULL) ||
         (priv_key == NULL)) {
-        ret = MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
         goto done;
     }
 #endif
@@ -26812,25 +30449,25 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
     /* setup private and public keys */
     ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
     wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
     ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     ret = wc_ecc_set_rng(priv_key, rng);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #else
     (void)rng;
 #endif
@@ -26843,17 +30480,16 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     /* read in expected Z */
     z = sizeof(sharedB);
     ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     /* compare results */
     if (x != z || XMEMCMP(sharedA, sharedB, x)) {
@@ -26909,6 +30545,15 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
 #ifdef HAVE_ECC_VERIFY
     int verify = 0;
 #endif
+#ifdef NO_ASN
+    /* private d for eccKeyDerFile / ecc_key_der_256 */
+    const byte keyPriv[] = {
+        0x45, 0xB6, 0x69, 0x02,  0x73, 0x9C, 0x6C, 0x85,
+        0xA1, 0x38, 0x5B, 0x72,  0xE8, 0xE8, 0xC7, 0xAC,
+        0xC4, 0x03, 0x8D, 0x53,  0x35, 0x04, 0xFA, 0x6C,
+        0x28, 0xDC, 0x34, 0x8D,  0xE1, 0xA8, 0x09, 0x8C
+    };
+#endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((key == NULL) ||
@@ -26928,10 +30573,12 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
     wc_ecc_init_ex(key, HEAP_HINT, devId);
 
 #ifndef NO_ECC256
-#ifdef USE_CERT_BUFFERS_256
-    XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
-    tmpSz = (size_t)sizeof_ecc_key_der_256;
-#else
+#if defined(USE_CERT_BUFFERS_256)
+    {
+        XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
+        tmpSz = (size_t)sizeof_ecc_key_der_256;
+    }
+#elif !defined(NO_FILESYSTEM)
     {
         XFILE file = XFOPEN(eccKeyDerFile, "rb");
         if (!file) {
@@ -26943,6 +30590,11 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         if (tmpSz == 0)
             ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
     }
+#else
+    {
+        WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(2)");
+        ERROR_OUT(ASN_PARSE_E, done);
+    }
 #endif /* USE_CERT_BUFFERS_256 */
 
     /* import private only then test with */
@@ -26956,6 +30608,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
+#ifndef NO_ASN
     x = 0;
     ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
     if (ret != 0)
@@ -26981,6 +30634,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
     }
 
 #endif /* HAVE_ECC_KEY_EXPORT */
+#else
+    /* Load raw private d directly */
+    ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key);
+#endif /* !NO_ASN */
 
     ret = wc_ecc_make_pub(NULL, NULL);
     if (ret == 0) {
@@ -27000,7 +30657,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
 #endif
     if (ret != 0)
        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-#endif
+#endif /* !WOLFSSL_CRYPTOCELL */
     TEST_SLEEP();
 
 #ifdef HAVE_ECC_KEY_EXPORT
@@ -27036,7 +30693,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
             ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
                 &tmpSz, rng, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -27052,7 +30709,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
             ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
                 (word32)XSTRLEN((const char*)msg), &verify, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -27124,7 +30781,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         if (ret == 0) {
             ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     wc_ecc_free(pub);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -27143,13 +30800,10 @@ done:
         XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
-    if (pub != NULL)
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    if (exportBuf != NULL)
-        XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_ecc_free(key);
 #endif
@@ -27228,8 +30882,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize)
         wc_ecc_free(eccKey);
         XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (tmpBuf != NULL)
-        XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_ecc_free(eccKey);
 #endif
@@ -27333,8 +30986,7 @@ static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize)
 done:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (der != NULL)
-        XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (userA != NULL) {
         wc_ecc_free(userA);
         XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -27385,6 +31037,21 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     int     curveSize;
 #endif
 
+#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
+    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
+    WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
+#endif
+#ifdef HAVE_ECC_KEY_EXPORT
+    WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
+#endif
+#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
+    !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
+    defined(HAVE_ECC_SIGN)
+    WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
 #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
@@ -27447,12 +31114,12 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-    if (ret == NO_VALID_DEVID) {
+    if (ret == WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ret = 0;
         goto done; /* no software case */
     }
 #endif
-    if (ret == ECC_CURVE_OID_E)
+    if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
         goto done; /* catch case, where curve is not supported */
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -27504,7 +31171,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -27516,7 +31183,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -27539,7 +31206,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -27551,7 +31218,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -27596,7 +31263,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -27635,7 +31302,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         #endif
             if (ret == 0)
                 ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -27655,11 +31322,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
 #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
 #ifdef HAVE_ECC_SIGN
-    /* ECC w/out Shamir has issue with all 0 digest */
-    /* WC_BIGINT doesn't have 0 len well on hardware */
-    /* Cryptocell has issues with all 0 digest */
-#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    /* some hardware doesn't support sign/verify of all zero digest */
+#if !defined(WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST)
     /* test DSA sign hash with zeros */
     for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
         digest[i] = 0;
@@ -27673,7 +31337,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         if (ret == 0)
             ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
                                                                         userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -27688,7 +31352,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
             if (ret == 0)
                 ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
                                                                &verify, userA);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
         if (verify != 1)
@@ -27696,7 +31360,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         TEST_SLEEP();
     }
 #endif /* HAVE_ECC_VERIFY */
-#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
+#endif /* !WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST */
 
     /* test DSA sign hash with sequence (0,1,2,3,4,...) */
     for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
@@ -27710,7 +31374,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -27724,7 +31388,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         #endif
             if (ret == 0)
                 ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
         if (verify != 1)
@@ -27792,11 +31456,21 @@ done:
 static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
 {
     wc_test_ret_t ret;
+    WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize);
+
+#if FIPS_VERSION3_GE(6,0,0)
+    #ifdef DEBUG_WOLFSSL
+    printf("keySize is %d\n", keySize);
+    #endif
+    if (keySize < WC_ECC_FIPS_GEN_MIN) {
+        goto skip_A;
+    }
+#endif
 
     ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
         NULL);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
             /* some curve sizes are only available with:
                 HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
@@ -27808,7 +31482,9 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
         }
     }
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
-
+#if FIPS_VERSION3_GE(6,0,0)
+  skip_A:
+#endif
 #ifdef HAVE_ECC_VECTOR_TEST
     ret = ecc_test_vector(keySize);
     if (ret < 0) {
@@ -27817,11 +31493,17 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
     }
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    if (keySize < WC_ECC_FIPS_GEN_MIN) {
+        goto skip_B;
+    }
+#endif
+
 #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
     !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
     ret = ecc_test_key_decode(rng, keySize);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
         }
         else {
@@ -27834,7 +31516,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
 #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
     ret = ecc_test_key_gen(rng, keySize);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
         }
         else {
@@ -27843,6 +31525,9 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
         }
     }
 #endif
+#if FIPS_VERSION3_GE(6,0,0)
+  skip_B:
+#endif
 #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
     return 0;
 }
@@ -27927,90 +31612,86 @@ static wc_test_ret_t ecc_point_test(void)
     /* Parameter Validation testing. */
     wc_ecc_del_point(NULL);
     ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(-1, point, out, &outLen);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || outLen != sizeof(out)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     outLen = 0;
     ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
-    if (ret != BUFFER_E) {
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(NULL, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(NULL, point2);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(point, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(NULL, NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(NULL, point2);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(point, NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
 
     /* Use API. */
     ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     outLen = sizeof(out);
     ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (outLen != sizeof(der)) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
@@ -28032,10 +31713,8 @@ static wc_test_ret_t ecc_point_test(void)
     }
 
     ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_cmp_point(point2, point);
     if (ret != MP_GT) {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -28045,16 +31724,12 @@ static wc_test_ret_t ecc_point_test(void)
 #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
     ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_cmp_point(point3, point4);
     if (ret != MP_EQ) {
@@ -28063,16 +31738,12 @@ static wc_test_ret_t ecc_point_test(void)
     }
 
     ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_cmp_point(point3, point4);
     if (ret != MP_EQ) {
@@ -28177,31 +31848,23 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
 
     privLen = sizeof(priv);
     ret = wc_ecc_export_private_only(key, priv, &privLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     pubLen = sizeof(pub);
     ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
 
     ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
@@ -28215,10 +31878,8 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     /* test import private only */
     ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
                                        curve_id);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
@@ -28226,18 +31887,14 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     /* test export public raw */
     pubLenX = pubLenY = 32;
     ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef HAVE_SELFTEST
     /* test import of public */
     ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif
 
     wc_ecc_free(keyImp);
@@ -28247,18 +31904,14 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     pubLenX = pubLenY = privLen = 32;
     ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
         priv, &privLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef HAVE_SELFTEST
     /* test import of private and public */
     ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif
 
 done:
@@ -28288,6 +31941,9 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
     ecc_key    key2[1];
     ecc_key    key3[1];
 #endif
+#ifdef WOLFSSL_PUBLIC_MP
+    mp_int*    priv;
+#endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((key2 == NULL) || (key3 == NULL))
@@ -28317,10 +31973,26 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
     ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
                         wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
                         1);
-    if (ret != 0) {
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+#ifdef WOLFSSL_PUBLIC_MP
+    priv = wc_ecc_key_get_priv(key1);
+    mp_zero(priv);
+    ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
+                        wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
+                        1);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+    if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
+    if (mp_cmp_d(key3->pubkey.z, 1) != MP_EQ) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        goto done;
+    }
+#endif
 
 done:
 
@@ -28343,7 +32015,9 @@ done:
 #endif
 
 #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
+    !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
+    !defined(WOLFSSL_CRYPTOCELL)
 static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -28352,16 +32026,16 @@ static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
 
     /* Parameter Validation testing. */
     ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
@@ -28382,7 +32056,7 @@ static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -28399,7 +32073,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
 #else
     ecc_key key[1];
 #endif
-#if !defined(NO_ECC_SECP) && \
+#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
     ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
      (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
     word32 idx = 0;
@@ -28414,15 +32088,13 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
 
     /* Use API */
     ret = wc_ecc_set_flags(NULL, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_set_flags(key, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 #ifndef WC_NO_RNG
     ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
@@ -28452,14 +32124,16 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
     (void)rng;
 #endif /* !WC_NO_RNG */
 
-#if !defined(NO_ECC_SECP) && \
+#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
     ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
      (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
     /* Use test ECC key - ensure real private "d" exists */
-    #ifdef USE_CERT_BUFFERS_256
-    ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
-        sizeof_ecc_key_der_256);
-    #else
+    #if defined(USE_CERT_BUFFERS_256)
+    {
+        ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
+                                     sizeof_ecc_key_der_256);
+    }
+    #elif !defined(NO_FILESYSTEM)
     {
         XFILE file = XFOPEN(eccKeyDerFile, "rb");
         byte der[128];
@@ -28473,6 +32147,12 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
             ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
         ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
     }
+    #else
+    {
+        (void)idx;
+        WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(3)");
+        ERROR_OUT(ASN_PARSE_E, done);
+    }
     #endif
     if (ret != 0) {
         goto done;
@@ -28498,9 +32178,7 @@ done:
 
     wc_ecc_free(key);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (key != NULL) {
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -28565,22 +32243,22 @@ static wc_test_ret_t ecc_decode_test(void)
 
     inSz = sizeof(good);
     ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -28589,14 +32267,14 @@ static wc_test_ret_t ecc_decode_test(void)
     inOutIdx = 2;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inOutIdx = 4;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -28604,56 +32282,66 @@ static wc_test_ret_t ecc_decode_test(void)
     inSz = sizeof(badNoObjId);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
-    if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badOneObjId);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
-    if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badObjId1Len);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badObj2d1Len);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotBitStr);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
-    if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badBitStrLen);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoBitStrZero);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
-    if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badPoint);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
-    if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_ECC_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -28661,10 +32349,8 @@ static wc_test_ret_t ecc_decode_test(void)
     inSz = sizeof(good);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
 
@@ -28795,10 +32481,8 @@ static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
@@ -28826,21 +32510,19 @@ static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
 #ifdef WOLFSSL_SM2
 #ifdef HAVE_ECC_VERIFY
 #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
-    #ifdef WOLFSSL_SM2
-        #ifdef HAVE_OID_ENCODING
-            #define CODED_SM2P256V1    {1,2,156,10197,1,301}
-            #define CODED_SM2P256V1_SZ 6
-        #else
-            #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
-            #define CODED_SM2P256V1_SZ 10
-        #endif
-        #ifndef WOLFSSL_ECC_CURVE_STATIC
-            static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
-        #else
-            #define ecc_oid_sm2p256v1 CODED_SM2P256V1
-        #endif
-        #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
-    #endif /* WOLFSSL_SM2 */
+    #ifdef HAVE_OID_ENCODING
+        #define CODED_SM2P256V1    {1,2,156,10197,1,301}
+        #define CODED_SM2P256V1_SZ 6
+    #else
+        #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
+        #define CODED_SM2P256V1_SZ 10
+    #endif
+    #ifndef WOLFSSL_ECC_CURVE_STATIC
+        static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
+    #else
+        #define ecc_oid_sm2p256v1 CODED_SM2P256V1
+    #endif
+    #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
     #define ECC_SM2P256V1_TEST 102
 static int test_sm2_verify_caseA2(void)
 {
@@ -29017,9 +32699,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
     WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
     WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
     int     i;
-#ifdef HAVE_ECC_VERIFY
     int     verify;
-#endif /* HAVE_ECC_VERIFY */
 #endif /* HAVE_ECC_SIGN */
     int     ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -29035,6 +32715,18 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
     int     curveSize;
 #endif
 
+#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
+    WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
+#endif
+#ifdef HAVE_ECC_KEY_EXPORT
+    WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
+#endif
+#ifdef HAVE_ECC_SIGN
+    WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
+#endif
+
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
 #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
     if (sharedA == NULL || sharedB == NULL)
@@ -29079,7 +32771,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
 
 #ifndef WC_NO_RNG
     ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
-    if (ret == ECC_CURVE_OID_E)
+    if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
         goto done; /* catch case, where curve is not supported */
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -29203,7 +32895,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-#ifdef HAVE_ECC_VERIFY
     for (i = 0; i < testVerifyCount; i++) {
         verify = 0;
         ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
@@ -29213,7 +32904,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
         if (verify != 1)
             ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
-#endif /* HAVE_ECC_VERIFY */
 #endif /* ECC_SHAMIR */
 
     /* test DSA sign hash with sequence (0,1,2,3,4,...) */
@@ -29226,7 +32916,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
-#ifdef HAVE_ECC_VERIFY
     for (i = 0; i < testVerifyCount; i++) {
         verify = 0;
         ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
@@ -29236,7 +32925,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
         if (verify != 1)
             ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
-#endif /* HAVE_ECC_VERIFY */
 #endif /* HAVE_ECC_SIGN */
 #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
 
@@ -29292,6 +32980,7 @@ done:
 
 static int test_sm2_create_digest(void)
 {
+#ifndef WOLFSSL_SM3
     const byte msg[] = "message to sign";
     const byte id[] = "0123456789";
     const byte badId[] = "0123556789";
@@ -29311,7 +33000,32 @@ static int test_sm2_create_digest(void)
         "89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805";
     const char d[] =
         "b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a";
+    int hash_type = WC_HASH_TYPE_SHA256;
     byte digest[WC_SHA256_DIGEST_SIZE];
+#else
+    ecc_key key;
+    int ret;
+    const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20,
+                         0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x00 };
+    const byte id[] =  { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+                         0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+                         0x00 };
+    const byte badId[] = "0123556789";
+    const char qx[] =
+        "09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020";
+    const char qy[] =
+        "CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13";
+    const char d[] =
+        "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8";
+    byte expected[] = {
+        0xf0, 0xb4, 0x3e, 0x94, 0xba, 0x45, 0xac, 0xca,
+        0xac, 0xe6, 0x92, 0xed, 0x53, 0x43, 0x82, 0xeb,
+        0x17, 0xe6, 0xab, 0x5a, 0x19, 0xce, 0x7b, 0x31,
+        0xf4, 0x48, 0x6f, 0xdf, 0xc0, 0xd2, 0x86, 0x40
+    };
+    int hash_type = WC_HASH_TYPE_SM3;
+    byte digest[WC_SM3_DIGEST_SIZE];
+#endif
 
     ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
     if (ret != 0)
@@ -29322,8 +33036,8 @@ static int test_sm2_create_digest(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id),
-        msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
-        WC_SHA256_DIGEST_SIZE, &key);
+        msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest),
+        &key);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -29331,8 +33045,8 @@ static int test_sm2_create_digest(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
 
     ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId),
-        msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
-        WC_SHA256_DIGEST_SIZE, &key);
+        msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest),
+        &key);
     if (ret != 0)
         goto done;
 
@@ -29367,7 +33081,8 @@ static int test_sm2_verify(void)
 #endif /* WOLFSSL_SM2 */
 
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
+    !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
 
 /* Make Cert / Sign example for ECC cert and ECC CA */
 static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
@@ -29389,9 +33104,9 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
     ecc_key certPubKey[1];
 #endif
     int         certSz;
-    size_t      bytes;
+    size_t      bytes = 0;
     word32      idx = 0;
-#ifndef USE_CERT_BUFFERS_256
+#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_FILESYSTEM)
     XFILE       file;
 #endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -29422,38 +33137,46 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
     /* Get cert private key */
 #ifdef ENABLE_ECC384_CERT_GEN_TEST
     /* Get Cert Key 384 */
-#ifdef USE_CERT_BUFFERS_256
-    XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
-    bytes = sizeof_ca_ecc_key_der_384;
-#else
-    file = XFOPEN(eccCaKey384File, "rb");
-    if (!file) {
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
-    }
+    #ifdef USE_CERT_BUFFERS_256
+        XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
+        bytes = sizeof_ca_ecc_key_der_384;
+    #elif !defined(NO_FILESYSTEM)
+        file = XFOPEN(eccCaKey384File, "rb");
+        if (!file) {
+            ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
+        }
 
-    bytes = XFREAD(der, 1, FOURK_BUF, file);
-    XFCLOSE(file);
-    if (bytes == 0)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
-    (void)eccCaKeyFile;
-#endif /* USE_CERT_BUFFERS_256 */
+        bytes = XFREAD(der, 1, FOURK_BUF, file);
+        XFCLOSE(file);
+        if (bytes == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
+        (void)eccCaKeyFile;
+    #else
+        WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(4)");
+        ERROR_OUT(ASN_PARSE_E, exit);
+    #endif /* USE_CERT_BUFFERS_256 */
+
+    /* end if ENABLE_ECC384_CERT_GEN_TEST */
 #else
-#ifdef USE_CERT_BUFFERS_256
-    XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
-    bytes = sizeof_ca_ecc_key_der_256;
-#else
-    file = XFOPEN(eccCaKeyFile, "rb");
-    if (!file) {
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
-    }
-    bytes = XFREAD(der, 1, FOURK_BUF, file);
-    XFCLOSE(file);
-    if (bytes == 0)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
-#ifdef ENABLE_ECC384_CERT_GEN_TEST
-    (void)eccCaKey384File;
-#endif
-#endif /* USE_CERT_BUFFERS_256 */
+    /* !ENABLE_ECC384_CERT_GEN_TEST */
+
+    #ifdef USE_CERT_BUFFERS_256
+        XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
+        bytes = sizeof_ca_ecc_key_der_256;
+    #else
+        file = XFOPEN(eccCaKeyFile, "rb");
+        if (!file) {
+            ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
+        }
+        bytes = XFREAD(der, 1, FOURK_BUF, file);
+        XFCLOSE(file);
+        if (bytes == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
+
+        #ifdef ENABLE_ECC384_CERT_GEN_TEST
+            (void)eccCaKey384File;
+        #endif
+    #endif /* USE_CERT_BUFFERS_256 */
 #endif /* ENABLE_ECC384_CERT_GEN_TEST */
 
     /* Get CA Key */
@@ -29514,23 +33237,28 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
 #endif /* WOLFSSL_CERT_EXT */
 
 #ifdef ENABLE_ECC384_CERT_GEN_TEST
-#if defined(USE_CERT_BUFFERS_256)
-    ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
-                                      sizeof_ca_ecc_cert_der_384);
+    #if defined(USE_CERT_BUFFERS_256)
+        ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
+                                         sizeof_ca_ecc_cert_der_384);
+    #elif !defined(NO_FILESYSTEM)
+        ret = wc_SetIssuer(myCert, eccCaCert384File);
+        (void)eccCaCertFile;
+    #else
+        /* not testing with embedded, no file system target */
+        ERROR_OUT(ASN_PARSE_E, exit);
+    #endif /* USE_CERT_BUFFERS_256 */
+
 #else
-    ret = wc_SetIssuer(myCert, eccCaCert384File);
-    (void)eccCaCertFile;
-#endif
-#else
-#if defined(USE_CERT_BUFFERS_256)
-    ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
-                                      sizeof_ca_ecc_cert_der_256);
-#else
-    ret = wc_SetIssuer(myCert, eccCaCertFile);
-    #ifdef ENABLE_ECC384_CERT_GEN_TEST
-    (void)eccCaCert384File;
+    /* not ENABLE_ECC384_CERT_GEN_TEST */
+    #if defined(USE_CERT_BUFFERS_256)
+        ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
+                                          sizeof_ca_ecc_cert_der_256);
+    #else
+        ret = wc_SetIssuer(myCert, eccCaCertFile);
+        #ifdef ENABLE_ECC384_CERT_GEN_TEST
+        (void)eccCaCert384File;
+        #endif
     #endif
-#endif
 #endif /* ENABLE_ECC384_CERT_GEN_TEST */
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
@@ -29549,10 +33277,10 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
                               FOURK_BUF, NULL, caEccKey, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
-    certSz = (word32)ret;
+    certSz = (int)ret;
     TEST_SLEEP();
 
 #ifdef WOLFSSL_TEST_CERT
@@ -29578,11 +33306,9 @@ exit:
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (myCert != NULL)
-        XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_TEST_CERT
-    if (decode != NULL)
-        XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     if (caEccKey != NULL) {
         wc_ecc_free(caEccKey);
@@ -29643,6 +33369,7 @@ exit:
 /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
 #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
     defined(WOLFSSL_PUBLIC_MP)
+#ifndef NO_ECC256
 /* ECC Private Key "d" */
 static const byte p256PrivKey[] = {
     /* SECP256R1 */
@@ -29652,6 +33379,7 @@ static const byte p256PrivKey[] = {
     0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
     0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
 };
+#endif
 #ifdef HAVE_ECC384
 static const byte p384PrivKey[] = {
     /* SECP384R1 */
@@ -29681,6 +33409,7 @@ static const byte p521PrivKey[] = {
 #endif /* HAVE_ECC521 */
 
 /* ECC public key Qx/Qy */
+#ifndef NO_ECC256
 static const byte p256PubKey[] = {
     /* SECP256R1 */
     /* Qx */
@@ -29694,6 +33423,7 @@ static const byte p256PubKey[] = {
     0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
     0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
 };
+#endif
 #ifdef HAVE_ECC384
 static const byte p384PubKey[] = {
     /* SECP384R1 */
@@ -29737,6 +33467,9 @@ static const byte p521PubKey[] = {
     0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
     0x91, 0xd9
 };
+#endif
+
+#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
 
 /* perform verify of signature and hash using public key */
 /* key is public Qx + public Qy */
@@ -30056,9 +33789,7 @@ static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
                   sigSz, curveSz, curveId);
     }
 
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
-    }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
 
     return ret;
 }
@@ -30075,12 +33806,14 @@ static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
     const byte* pubKeys[3] = {NULL, NULL, NULL};
     word32 pubKeySzs[3] = {0, 0, 0};
 
+#ifndef NO_ECC256
     curveIds[0] = ECC_SECP256R1;
     curveSzs[0] = 32;
     privKeys[0] = p256PrivKey;
     privKeySzs[0] = sizeof(p256PrivKey);
     pubKeys[0] = p256PubKey;
     pubKeySzs[0] = sizeof(p256PubKey);
+#endif
 #ifdef HAVE_ECC384
     curveIds[1] = ECC_SECP384R1;
     curveSzs[1] = 48;
@@ -30176,6 +33909,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 {
     wc_test_ret_t ret;
     WC_RNG rng;
+    WOLFSSL_ENTER("ecc_test");
+#if defined(ECC_MIN_KEY_SZ)
+    WOLFSSL_MSG_EX("ecc_test ECC_MIN_KEY_SZ = %d\n", ECC_MIN_KEY_SZ);
+#else
+    WOLFSSL_MSG("ecc_test ECC_MIN_KEY_SZ not defined.");
+#endif
 
 #if defined(WOLFSSL_CERT_EXT) && \
     (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
@@ -30218,11 +33957,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
     }
 #endif /* HAVE_ECC160 */
 #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
+#if !FIPS_VERSION3_GE(6,0,0)
     ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF);
-        printf("keySize=24, Default\n");
     if (ret < 0) {
+        printf("keySize=24, Default\n");
         goto done;
     }
+#endif
 #endif /* HAVE_ECC192 */
 #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
     ret = ecc_test_curve(&rng, 28, ECC_CURVE_DEF);
@@ -30327,25 +34068,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
     }
 #endif
 
-#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
-                               defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
-    && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
-    #ifdef HAVE_ECC256
+#if defined(HAVE_ECC_SIGN) && \
+    (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
+     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
+     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+
+    #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
     ret = ecc_test_deterministic_k(&rng);
     if (ret != 0) {
         printf("ecc_test_deterministic_k failed!\n");
         goto done;
     }
     #endif
+
     #ifdef WOLFSSL_PUBLIC_MP
-    #if defined(HAVE_ECC384)
+    #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+        ECC_MIN_KEY_SZ <= 384
     ret = ecc384_test_deterministic_k(&rng);
     if (ret != 0) {
         printf("ecc384_test_deterministic_k failed!\n");
         goto done;
     }
     #endif
-    #if defined(HAVE_ECC521)
+    #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
+        ECC_MIN_KEY_SZ <= 521
     ret = ecc521_test_deterministic_k(&rng);
     if (ret != 0) {
         printf("ecc512_test_deterministic_k failed!\n");
@@ -30382,7 +34128,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 #elif defined(HAVE_ECC_KEY_IMPORT)
     (void)ecc_test_make_pub; /* for compiler warning */
 #endif
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
+    !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
     ret = ecc_test_cert_gen(&rng);
     if (ret != 0) {
         printf("ecc_test_cert_gen failed!\n");
@@ -30417,7 +34164,12 @@ done:
 #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
     (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
 
+#if !defined(WOLFSSL_NO_MALLOC)
+
 #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
+/* maximum encrypted message:
+ * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
+#define MAX_ECIES_TEST_SZ 200
 static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -30425,9 +34177,9 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     byte* encrypted;
     byte* decrypted;
 #else
-    byte plaintext[128];
-    byte encrypted[128];
-    byte decrypted[128];
+    byte plaintext[MAX_ECIES_TEST_SZ];
+    byte encrypted[MAX_ECIES_TEST_SZ];
+    byte decrypted[MAX_ECIES_TEST_SZ];
 #endif
     ecEncCtx* aCtx = NULL;
     ecEncCtx* bCtx = NULL;
@@ -30436,25 +34188,37 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     wc_test_ret_t ret = 0;
     static const char message[] = "Hello wolfSSL!";
     word32 plaintextLen;
-    word32 encryptLen = 128;
-    word32 decryptLen = 128;
+    word32 encryptLen = MAX_ECIES_TEST_SZ;
+    word32 decryptLen = MAX_ECIES_TEST_SZ;
+    int    aInit = 0;
+    int    bInit = 0;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    plaintext = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    encrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    decrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     wc_ecc_free(a);
     wc_ecc_free(b);
 
     ret = wc_ecc_init(a);
-    if (ret != 0)
+    if (ret != 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
+    }
+    else {
+        aInit = 1;
+    }
+
+
     if (ret == 0) {
         ret = wc_ecc_init(b);
-        if (ret != 0)
+        if (ret != 0) {
             ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        else {
+            bInit = 1;
+        }
     }
 
     if (ret == 0)
@@ -30491,10 +34255,10 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
             ret = 10473;
     }
 
-    XMEMSET(plaintext, 0, 128);
+    XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ);
     XSTRLCPY((char *)plaintext, message, sizeof plaintext);
-    plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) /
-                    AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
+    plaintextLen = (((word32)XSTRLEN(message) + WC_AES_BLOCK_SIZE - 1) /
+                    WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE;
 
     /* encrypt */
     if (ret == 0) {
@@ -30516,8 +34280,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
         ret = WC_TEST_RET_ENC_NC;
 
-    wc_ecc_free(a);
-    wc_ecc_free(b);
+    if (aInit) {
+        wc_ecc_free(a);
+    }
+
+    if (bInit) {
+        wc_ecc_free(b);
+    }
 
     wc_ecc_ctx_free(aCtx);
     wc_ecc_ctx_free(bCtx);
@@ -30532,6 +34301,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
 }
 #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
 
+#endif /* !WOLFSSL_NO_MALLOC */
+
 /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
  * wolfFIPS 5.3.
  * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
@@ -30764,13 +34535,9 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
         wc_ecc_free(userA);
 #endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (userB != NULL) {
-        XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_ECIES_OLD
-    if (userA != NULL) {
-        XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 #endif
 
@@ -30778,6 +34545,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
 }
 #endif
 
+#ifndef WOLFSSL_NO_MALLOC
 static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
     byte encAlgo, byte kdfAlgo, byte macAlgo)
 {
@@ -31046,6 +34814,7 @@ done:
 
     return ret;
 }
+#endif
 
 #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
 
@@ -31060,6 +34829,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     ecc_key userA[1];
     ecc_key userB[1];
 #endif
+    WOLFSSL_ENTER("ecc_encrypt_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -31120,7 +34890,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
 
 #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
 
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
 #ifdef WOLFSSL_AES_128
     if (ret == 0) {
         ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
@@ -31156,7 +34926,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     }
 #endif
 #endif
-#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC)
 #ifdef WOLFSSL_AES_128
     if (ret == 0) {
         ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
@@ -31176,7 +34946,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     }
 #endif
 #endif /* !NO_AES && WOLFSSL_AES_COUNTER */
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
     if (ret == 0) {
         ret = ecc_ctx_kdf_salt_test(&rng, userA, userB);
     }
@@ -31232,6 +35002,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
     byte   plain[256];
     int verify = 0;
     word32 x;
+    WOLFSSL_ENTER("ecc_test_buffers");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
@@ -31318,10 +35089,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-TEST_SLEEP();
+    TEST_SLEEP();
 
     XMEMSET(plain, 0, sizeof(plain));
 
@@ -31332,7 +35103,7 @@ TEST_SLEEP();
         if (ret == 0)
             ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
                 cliKey);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (verify != 1)
@@ -31389,7 +35160,7 @@ TEST_SLEEP();
 #else
 #define X25519_TEST_CNT    1
 #endif
-static wc_test_ret_t curve25519_overflow_test(void)
+static wc_test_ret_t curve25519_overflow_test(WC_RNG* rng)
 {
     /* secret key for party a */
     byte sa[X25519_TEST_CNT][32] = {
@@ -31507,6 +35278,10 @@ static wc_test_ret_t curve25519_overflow_test(void)
     curve25519_key userA;
 
     wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    wc_curve25519_set_rng(&userA, rng);
+#endif
+    (void)rng;
 
     for (i = 0; i < X25519_TEST_CNT; i++) {
         if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
@@ -31592,31 +35367,31 @@ static wc_test_ret_t curve25519_check_public_test(void)
     /* Parameter checks */
     /* NULL pointer */
     ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     /* Length of 0 treated differently to other invalid lengths for TLS */
     ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Length not CURVE25519_KEYSIZE */
     for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
         if (i == CURVE25519_KEYSIZE)
             continue;
-        if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+        if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) !=
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
-        if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+        if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) !=
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -31729,6 +35504,162 @@ static wc_test_ret_t curve255519_der_test(void)
         ret = WC_TEST_RET_ENC_NC;
     }
 
+
+    /* Test decode/encode of Curve25519 private key (only) using generic API */
+    if (ret == 0) {
+        /* clear key, since generic API will try to decode all fields */
+        XMEMSET(&key, 0, sizeof(key));
+
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
+            (word32)sizeof(kCurve25519PrivDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0) {
+        outputSz = (word32)sizeof(output);
+        ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+        if (ret >= 0) {
+            outputSz = (word32)ret;
+            ret = 0;
+        }
+        else {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
+                    XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
+        ret = WC_TEST_RET_ENC_NC;
+    }
+
+    /* Test decode/encode of Curve25519 public key (only) using generic API */
+    if (ret == 0) {
+        /* clear key, since generic API will try to decode all fields */
+        XMEMSET(&key, 0, sizeof(key));
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
+            (word32)sizeof(kCurve25519PubDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0) {
+        outputSz = (word32)sizeof(output);
+        ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+        if (ret >= 0) {
+            outputSz = (word32)ret;
+            ret = 0;
+        }
+        else {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
+                    XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
+        ret = WC_TEST_RET_ENC_NC;
+    }
+
+    /* Test decode/encode key data containing both public and private fields */
+    if (ret == 0) {
+        XMEMSET(&key, 0 , sizeof(key));
+
+        /* Decode public key */
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
+            (word32)sizeof(kCurve25519PubDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        if (ret == 0) {
+            /* Decode private key */
+            idx = 0;
+            ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
+                (word32)sizeof(kCurve25519PrivDer));
+            if (ret < 0) {
+                ret = WC_TEST_RET_ENC_EC(ret);
+            }
+        }
+        /* Both public and private flags should be set */
+        if ((ret == 0) && (!key.pubSet && !key.privSet)) {
+            ret = WC_TEST_RET_ENC_NC;
+        }
+        if (ret == 0) {
+            /* Export key to temporary DER */
+            outputSz = (word32)sizeof(output);
+            ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+            if (ret >= 0) {
+                outputSz = (word32)ret;
+                ret = 0;
+            }
+            else {
+                ret = WC_TEST_RET_ENC_EC(ret);
+            }
+
+            /* Re-import temporary DER */
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output));
+                if (ret < 0) {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+
+            /* Ensure public and private keys survived combined keypair
+             * export/import by re-exporting DER for private and public keys,
+             * individually, and re-checking output against known good vectors.
+             * This is slightly circuitous but does test the functionality
+             * without requiring the addition of new test keys */
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx,
+                                      &key, (word32)sizeof(kCurve25519PrivDer));
+                if (ret < 0)
+                    ret = WC_TEST_RET_ENC_EC(ret);
+            }
+            if (ret == 0) {
+                outputSz = (word32)sizeof(output);
+                ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
+                if (ret >= 0) {
+                    outputSz = (word32)ret;
+                    ret = 0;
+                }
+                else {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+            if ((ret == 0) &&
+                (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
+                 XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
+                ret = WC_TEST_RET_ENC_NC;
+            }
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx,
+                                       &key, (word32)sizeof(kCurve25519PubDer));
+                if (ret < 0)
+                    ret = WC_TEST_RET_ENC_EC(ret);
+            }
+            if (ret == 0) {
+                outputSz = (word32)sizeof(output);
+                ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
+                if (ret >= 0) {
+                    outputSz = (word32)ret;
+                    ret = 0;
+                }
+                else {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+            if ((ret == 0) &&
+                (outputSz != (word32)sizeof(kCurve25519PubDer) ||
+                 XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
+                ret = WC_TEST_RET_ENC_NC;
+            }
+        }
+
+    }
+
     wc_curve25519_free(&key);
 
     return ret;
@@ -31748,7 +35679,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     byte    exportBuf[32];
 #endif
     word32  x = 0;
-    curve25519_key userA, userB, pubKey;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL;
+#else
+    curve25519_key userA[1], userB[1], pubKey[1];
+#endif
 
 #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
                                              defined(HAVE_CURVE25519_KEY_IMPORT)
@@ -31798,7 +35733,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
 #endif /* HAVE_CURVE25519_SHARED_SECRET */
 
     (void)x;
+    WOLFSSL_ENTER("curve25519_test");
 
+    /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be
+     * called before any exit goto's */
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
 #else
@@ -31807,52 +35745,68 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
-    wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
-    wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    userA = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    userB = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+#else
+    wc_curve25519_init_ex(userA, HEAP_HINT, devId);
+    wc_curve25519_init_ex(userB, HEAP_HINT, devId);
+    wc_curve25519_init_ex(pubKey, HEAP_HINT, devId);
+#endif
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    wc_curve25519_set_rng(userA, &rng);
+    wc_curve25519_set_rng(userB, &rng);
+#endif
 
     /* make curve25519 keys */
-    ret = wc_curve25519_make_key(&rng, 32, &userA);
+    ret = wc_curve25519_make_key(&rng, 32, userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_curve25519_make_key(&rng, 32, &userB);
+    ret = wc_curve25519_make_key(&rng, 32, userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #ifdef HAVE_CURVE25519_SHARED_SECRET
     /* find shared secret key */
     x = sizeof(sharedA);
-    if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
+    if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) {
         printf("wc_curve25519_shared_secret 1 failed\n");
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     y = sizeof(sharedB);
-    if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
+    if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) {
         printf("wc_curve25519_shared_secret 2 failed\n");
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     /* compare shared secret keys to test they are the same */
     if (y != x)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     if (XMEMCMP(sharedA, sharedB, x))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 #endif
 
 #ifdef HAVE_CURVE25519_KEY_EXPORT
     /* export a public key and import it for another user */
     x = sizeof(exportBuf);
-    ret = wc_curve25519_export_public(&userA, exportBuf, &x);
+    ret = wc_curve25519_export_public(userA, exportBuf, &x);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #ifdef HAVE_CURVE25519_KEY_IMPORT
-    ret = wc_curve25519_import_public(exportBuf, x, &pubKey);
+    ret = wc_curve25519_import_public(exportBuf, x, pubKey);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 #endif
 #endif
 
@@ -31861,97 +35815,108 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     /* test shared key after importing a public key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) {
-        return WC_TEST_RET_ENC_NC;
+    if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
     }
 
     if (XMEMCMP(sharedA, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* import RFC test vectors and compare shared key */
     ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
-                                           &userA);
+                                           userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
-                                           &userB);
+                                           userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* test against known test vector */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(ss, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* test swapping roles of keys and generating same shared key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(ss, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* test with 1 generated key and 1 from known test vector */
     ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
-                                           &userA);
+                                           userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    wc_curve25519_free(&userB);
-    wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
+    wc_curve25519_free(userB);
+    wc_curve25519_init_ex(userB, HEAP_HINT, devId);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    wc_curve25519_set_rng(userB, &rng);
+#endif
 
-    ret = wc_curve25519_make_key(&rng, 32, &userB);
+    ret = wc_curve25519_make_key(&rng, 32, userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     x = sizeof(sharedA);
-    ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
+    ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* compare shared secret keys to test they are the same */
     if (y != x)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     if (XMEMCMP(sharedA, sharedB, x))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
-    ret = curve25519_overflow_test();
+    ret = curve25519_overflow_test(&rng);
     if (ret != 0)
-        return ret;
+        goto cleanup;
     ret = curve25519_check_public_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
 
 #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
     defined(HAVE_CURVE25519_KEY_IMPORT)
     ret = curve255519_der_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 #endif
 
+cleanup:
+
     /* clean up keys when done */
-    wc_curve25519_free(&pubKey);
-    wc_curve25519_free(&userB);
-    wc_curve25519_free(&userA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_curve25519_delete(pubKey, &pubKey);
+    wc_curve25519_delete(userB, &userB);
+    wc_curve25519_delete(userA, &userA);
+#else
+    wc_curve25519_free(pubKey);
+    wc_curve25519_free(userB);
+    wc_curve25519_free(userA);
+#endif
 
     wc_FreeRng(&rng);
 
-    return 0;
+    return ret;
 }
 #endif /* HAVE_CURVE25519 */
 
@@ -32043,8 +36008,7 @@ static wc_test_ret_t ed25519_test_cert(void)
 #endif /* HAVE_ED25519_VERIFY */
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef HAVE_ED25519_VERIFY
     wc_ed25519_free(pubKey);
 #endif /* HAVE_ED25519_VERIFY */
@@ -32117,14 +36081,95 @@ static wc_test_ret_t ed25519_test_make_cert(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_ed25519_free(privKey);
     wc_FreeRng(&rng);
     return ret;
 }
 #endif /* WOLFSSL_TEST_CERT */
 
+#if defined(HAVE_ED25519_KEY_IMPORT)
+static wc_test_ret_t ed25519_test_check_key(void)
+{
+    /* Fails to find x-ordinate from this y-ordinate. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
+        0x40,
+        0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+    };
+    /* Y-ordinate value larger than prime. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
+        0x40,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
+    };
+    /* Y-ordinate value equal to prime. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
+        0x40,
+        0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
+    };
+    /* Y-ordinate value equal to prime - 1. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
+        0x40,
+        0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
+    };
+    ed25519_key key;
+    int ret;
+    int res = 0;
+
+    /* Initialize key for use. */
+    ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
+    if (ret != 0) {
+        return WC_TEST_RET_ENC_NC;
+    }
+
+    /* Load bad public key only and perform checks. */
+    ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key);
+    if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+        res = WC_TEST_RET_ENC_NC;
+    }
+    if (res == 0) {
+        /* Load bad public key only and perform checks. */
+        ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1,
+            &key);
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+            res = WC_TEST_RET_ENC_NC;
+        }
+    }
+    if (res == 0) {
+        /* Load bad public key only and perform checks. */
+        ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1,
+            &key);
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+            res = WC_TEST_RET_ENC_NC;
+        }
+    }
+    if (res == 0) {
+        /* Load good public key only and perform checks. */
+        ret = wc_ed25519_import_public(key_y_is_p_minus_1,
+            ED25519_PUB_KEY_SIZE + 1, &key);
+        if (ret != 0) {
+            res = WC_TEST_RET_ENC_NC;
+        }
+    }
+
+    /* Dispose of key. */
+    wc_ed25519_free(&key);
+
+    return res;
+}
+#endif
+
 #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
     defined(HAVE_ED25519_KEY_IMPORT)
 static wc_test_ret_t ed25519ctx_test(void)
@@ -32390,8 +36435,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #endif /* HAVE_ED25519_VERIFY */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
     word32 keySz, sigSz;
-    ed25519_key key;
-    ed25519_key key2;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    ed25519_key* key = NULL;
+    ed25519_key* key2 = NULL;
+#else
+    ed25519_key  key[1];
+    ed25519_key  key2[1];
+#endif
+
 
 #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
     defined(HAVE_ED25519_KEY_IMPORT)
@@ -32713,7 +36765,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
                                    sizeof(msg4)
     };
 #ifndef NO_ASN
-    static byte privateEd25519[] = {
+    static const byte privateEd25519[] = {
         0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
         0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
@@ -32721,7 +36773,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
         0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
     };
-    static byte badPrivateEd25519[] = {
+    static const byte badPrivateEd25519[] = {
         0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
         0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
@@ -32735,7 +36787,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         0xf7,0x07,0x51,0x1a,
         0x00  /* add additional bytes to make the pubkey bigger  */
     };
-    static byte publicEd25519[] = {
+    static const byte publicEd25519[] = {
         0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
         0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
         0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
@@ -32745,7 +36797,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     };
 
     /* size has been altered to catch if sanity check is done */
-    static byte badPublicEd25519[] = {
+    static const byte badPublicEd25519[] = {
         0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
         0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
         0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
@@ -32754,7 +36806,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         0xf7,0x07,0x51,0x1a,
         0x00 /* add an additional byte to make the pubkey appear bigger */
     };
-    static byte privPubEd25519[] = {
+    static const byte privPubEd25519[] = {
         0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
         0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
@@ -32772,9 +36824,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #endif /* NO_ASN */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
 #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
-    ed25519_key key3;
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    ed25519_key* key3 = NULL;
+    #else
+    ed25519_key  key3[1];
+    #endif
 #endif
 
+    WOLFSSL_ENTER("ed25519_test");
+
     /* create ed25519 keys */
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -32784,170 +36842,297 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    wc_ed25519_init_ex(&key, HEAP_HINT, devId);
-    wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
-#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
-    wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    key =  wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    key2 = wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    key3 = wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #endif
+#else
+    ret = wc_ed25519_init_ex(key, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    ret = wc_ed25519_init_ex(key2, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    ret = wc_ed25519_init_ex(key3, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #endif
 #endif
+
 #ifdef HAVE_ED25519_MAKE_KEY
-    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
-    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
+    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 #endif
 
     /* helper functions for signature and key size */
-    keySz = wc_ed25519_size(&key);
-    sigSz = wc_ed25519_sig_size(&key);
+    keySz = (word32)wc_ed25519_size(key);
+    sigSz = (word32)wc_ed25519_sig_size(key);
 
-#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
+#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
         defined(HAVE_ED25519_KEY_IMPORT)
     for (i = 0; i < 6; i++) {
         outlen = sizeof(out);
         XMEMSET(out, 0, sizeof(out));
 
         if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
-                pKeySz[i], &key) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                pKeySz[i], key) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (XMEMCMP(out, sigs[i], 64))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
         /* test verify on good msg */
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                    &key) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                    key) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
         /* test verify on good msg using streaming interface directly */
         if (wc_ed25519_verify_msg_init(out, outlen,
-                                       &key, (byte)Ed25519, NULL, 0) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                                       key, (byte)Ed25519, NULL, 0) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
         for (j = 0; j < msgSz[i]; j += i) {
-            if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
-                return WC_TEST_RET_ENC_I(i);
+            if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
         }
         if (wc_ed25519_verify_msg_final(out, outlen, &verify,
-                                        &key) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                                        key) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
 
         /* test verify on bad msg */
         out[outlen-1] = out[outlen-1] + 1;
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                    &key) == 0 || verify == 1)
-            return WC_TEST_RET_ENC_I(i);
+                    key) == 0 || verify == 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* HAVE_ED25519_VERIFY */
 
         /* test api for import/exporting keys */
         exportPSz = sizeof(exportPKey);
         exportSSz = sizeof(exportSKey);
-        if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (wc_ed25519_import_private_key(exportSKey, exportSSz,
-                                          exportPKey, exportPSz, &key2) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                                          exportPKey, exportPSz, key2) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         /* clear "out" buffer and test sign with imported keys */
         outlen = sizeof(out);
         XMEMSET(out, 0, sizeof(out));
-        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                                  &key2) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                                  key2) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (XMEMCMP(out, sigs[i], 64))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* HAVE_ED25519_VERIFY */
     }
 
+#ifdef HAVE_ED25519_VERIFY
+    {
+        /* Run tests for some rare code paths */
+        /* sig is exactly equal to the order */
+        static const byte rareEd1[] = {
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+            0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+        };
+        /* sig is larger than the order before we get to the low part */
+        static const byte rareEd2[] = {
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+            0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10
+        };
+        /* sig is larger than the order in the low part */
+        static const byte rareEd3[] = {
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+            0xd6, 0x9c, 0xf9, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+        };
+        /* sig is smaller than the order */
+        static const byte rareEd4[] = {
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+            0xd6, 0x9c, 0xf1, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+        };
+
+        ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE,
+                pKeys[0], pKeySz[0], key);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+
+        ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0],
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+
+        ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0],
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+
+        ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0],
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+
+        ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0],
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    }
+#endif /* HAVE_ED25519_VERIFY */
+
     ret = ed25519ctx_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 
     ret = ed25519ph_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 
 #ifndef NO_ASN
     /* Try ASN.1 encoded private-only key and public key. */
     idx = 0;
-    ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
+    ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3,
                                      sizeof(privateEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     idx = 0;
-    if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
+    if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3,
                                    sizeof(badPrivateEd25519)) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* try with a buffer size that is too large */
     idx = 0;
-    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
+    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3,
                                   sizeof(badPublicEd25519)) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     idx = 0;
-    ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
+    ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3,
                                     sizeof(publicEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(out, sigs[0], 64))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
     /* test verify on good msg */
-    ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3);
+    ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3);
     if (ret != 0 || verify != 1)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #endif /* HAVE_ED25519_VERIFY */
 
-    wc_ed25519_free(&key3);
-    wc_ed25519_init(&key3);
+    wc_ed25519_free(key3);
+    wc_ed25519_init_ex(key3, HEAP_HINT, devId);
 
     idx = 0;
-    ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
+    ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3,
                                      sizeof(privPubEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(out, sigs[0], 64))
-        return WC_TEST_RET_ENC_NC;
-
-    wc_ed25519_free(&key3);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 #endif /* NO_ASN */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
 
+#if defined(HAVE_ED25519_KEY_IMPORT)
+    ret = ed25519_test_check_key();
+    if (ret < 0)
+        goto cleanup;
+#endif
+#ifdef WOLFSSL_TEST_CERT
+    ret = ed25519_test_cert();
+    if (ret < 0)
+        goto cleanup;
+#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
+    ret = ed25519_test_make_cert();
+    if (ret < 0)
+        goto cleanup;
+#endif /* WOLFSSL_CERT_GEN */
+#endif /* WOLFSSL_TEST_CERT */
+
+cleanup:
+
     /* clean up keys when done */
-    wc_ed25519_free(&key);
-    wc_ed25519_free(&key2);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_ed25519_delete(key, &key);
+    wc_ed25519_delete(key2, &key2);
+#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    wc_ed25519_delete(key3, &key3);
+#endif
+#else
+    wc_ed25519_free(key);
+    wc_ed25519_free(key2);
+#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    wc_ed25519_free(key3);
+#endif
+#endif
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     wc_FreeRng(&rng);
@@ -32957,18 +37142,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     (void)keySz;
     (void)sigSz;
 
-#ifdef WOLFSSL_TEST_CERT
-    ret = ed25519_test_cert();
-    if (ret < 0)
-        return ret;
-#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
-    ret = ed25519_test_make_cert();
-    if (ret < 0)
-        return ret;
-#endif /* WOLFSSL_CERT_GEN */
-#endif /* WOLFSSL_TEST_CERT */
-
-    return 0;
+    return ret;
 }
 #endif /* HAVE_ED25519 */
 
@@ -33039,29 +37213,29 @@ static wc_test_ret_t curve448_check_public_test(void)
     /* Parameter checks */
     /* NULL pointer */
     ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* Length of 0 treated differently to other invalid lengths for TLS */
     ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Length not CURVE448_KEY_SIZE */
     for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
         if (i == CURVE448_KEY_SIZE)
             continue;
-        if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+        if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) !=
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
-        if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+        if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) !=
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -33107,7 +37281,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
 #ifdef HAVE_CURVE448_KEY_EXPORT
     byte    exportBuf[CURVE448_KEY_SIZE];
 #endif
-    word32  x;
+    word32  x = 0;
     curve448_key userA, userB, pubKey;
 
 #if defined(HAVE_CURVE448_SHARED_SECRET) && \
@@ -33173,6 +37347,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
 #endif /* HAVE_CURVE448_SHARED_SECRET */
 
     (void)x;
+    WOLFSSL_ENTER("curve448_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
@@ -33399,8 +37574,7 @@ static wc_test_ret_t ed448_test_cert(void)
 #endif /* HAVE_ED448_VERIFY */
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef HAVE_ED448_VERIFY
     wc_ed448_free(pubKey);
 #endif /* HAVE_ED448_VERIFY */
@@ -33473,14 +37647,111 @@ static wc_test_ret_t ed448_test_make_cert(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
-    if (tmp != NULL)
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_ed448_free(privKey);
     wc_FreeRng(&rng);
     return ret;
 }
 #endif /* WOLFSSL_TEST_CERT */
 
+#if defined(HAVE_ED448_KEY_IMPORT)
+static wc_test_ret_t ed448_test_check_key(void)
+{
+    /* Fails to find x-ordinate from this y-ordinate. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
+        0x40,
+        0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00
+    };
+    /* Y-ordinate value larger than prime. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
+        0x40,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff
+    };
+    /* Y-ordinate value equal to prime. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
+        0x40,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff
+    };
+    /* Y-ordinate value equal to prime - 1. */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
+        0x40,
+        0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff
+    };
+    ed448_key key;
+    int ret;
+    int res = 0;
+
+    /* Initialize key for use. */
+    ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
+    if (ret != 0) {
+        return WC_TEST_RET_ENC_NC;
+    }
+
+    /* Load bad public key only and perform checks. */
+    ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key);
+    if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+        res = WC_TEST_RET_ENC_NC;
+    }
+    if (ret == 0) {
+        /* Load bad public key only and perform checks. */
+        ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1,
+            &key);
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+            res = WC_TEST_RET_ENC_NC;
+        }
+    }
+    if (res == 0) {
+        /* Load bad public key only and perform checks. */
+        ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1,
+            &key);
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
+            res = WC_TEST_RET_ENC_NC;
+        }
+    }
+    if (res == 0) {
+        /* Load good public key only and perform checks. */
+        ret = wc_ed448_import_public(key_y_is_p_minus_1, ED448_PUB_KEY_SIZE + 1,
+            &key);
+        if (ret != 0) {
+            res = WC_TEST_RET_ENC_NC;
+        }
+    }
+
+    /* Dispose of key. */
+    wc_ed448_free(&key);
+
+    return res;
+}
+#endif
+
 #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
     defined(HAVE_ED448_KEY_IMPORT)
 static wc_test_ret_t ed448_ctx_test(void)
@@ -34032,7 +38303,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
     WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
     #define SIGSZ sizeof(sig1)
 
-    PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[]  = { };
+    PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[]  = { 0 };
     WOLFSSL_SMALL_STACK_STATIC const byte msg2[]  = { 0x03 };
     WOLFSSL_SMALL_STACK_STATIC const byte msg3[]  = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
                                   0x66, 0x81, 0x1e, 0x29, 0x15 };
@@ -34231,6 +38502,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
     ed448_key key3[1];
 #endif
 #endif
+    WOLFSSL_ENTER("ed448_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -34270,8 +38542,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     /* helper functions for signature and key size */
-    keySz = wc_ed448_size(key);
-    sigSz = wc_ed448_sig_size(key);
+    keySz = (word32)wc_ed448_size(key);
+    sigSz = (word32)wc_ed448_sig_size(key);
 
 #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
         defined(HAVE_ED448_KEY_IMPORT)
@@ -34319,15 +38591,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 
         /* test api for import/exporting keys */
         {
-            byte   *exportPKey = NULL;
-            byte   *exportSKey = NULL;
             word32 exportPSz = ED448_KEY_SIZE;
             word32 exportSSz = ED448_KEY_SIZE;
+#ifdef WOLFSSL_NO_MALLOC
+            byte   exportPKey[exportPSz];
+            byte   exportSKey[exportSSz];
+#else
+            byte   *exportPKey = NULL;
+            byte   *exportSKey = NULL;
 
             exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            if ((exportPKey == NULL) || (exportSKey == NULL))
+            if ((exportPKey == NULL) || (exportSKey == NULL)) {
+                XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+                XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
                 ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+            }
+#endif
 
             ret = 0;
 
@@ -34363,8 +38643,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
                 }
             } while(0);
 
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
 
             if (ret != 0)
                 goto out;
@@ -34397,7 +38679,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     idx = 0;
@@ -34478,6 +38760,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
     (void)keySz;
     (void)sigSz;
 
+    ret = ed448_test_check_key();
+    if (ret < 0)
+        return ret;
 #ifdef WOLFSSL_TEST_CERT
     ret = ed448_test_cert();
     if (ret < 0)
@@ -34494,18 +38779,40 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 #endif /* HAVE_ED448 */
 
 #ifdef WOLFSSL_HAVE_KYBER
-#ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */
-#ifdef WOLFSSL_KYBER512
+#ifdef WOLFSSL_WC_KYBER /* OQS does not support KATs */
+#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
 static wc_test_ret_t kyber512_kat(void)
 {
-    KyberKey key;
     wc_test_ret_t ret;
+#ifdef WOLFSSL_SMALL_STACK
+    KyberKey *key = NULL;
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    byte *priv = NULL;
+    byte *pub = NULL;
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    byte *ct = NULL;
+    byte *ss = NULL;
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    byte *ss_dec = NULL;
+#endif
+#else
+    KyberKey key[1];
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
     byte priv[KYBER512_PRIVATE_KEY_SIZE];
     byte pub[KYBER512_PUBLIC_KEY_SIZE];
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
     byte ct[KYBER512_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
     byte ss_dec[KYBER_SS_SZ];
-    const byte kyber512_rand[] = {
+#endif
+#endif
+    int key_inited = 0;
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
         0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
         0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
         0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
@@ -34515,13 +38822,14 @@ static wc_test_ret_t kyber512_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
-    const byte kyber512enc_rand[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512enc_rand[] = {
         0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
         0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
-    const byte kyber512_pk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
         0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
         0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
         0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
@@ -34623,7 +38931,113 @@ static wc_test_ret_t kyber512_kat(void)
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
     };
-    const byte kyber512_sk[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = {
+        0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
+        0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
+        0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
+        0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
+        0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
+        0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
+        0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
+        0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
+        0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
+        0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
+        0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
+        0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
+        0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
+        0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
+        0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
+        0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
+        0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
+        0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
+        0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
+        0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
+        0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
+        0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
+        0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
+        0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
+        0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
+        0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
+        0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
+        0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
+        0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
+        0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
+        0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
+        0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
+        0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
+        0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
+        0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
+        0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
+        0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
+        0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
+        0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
+        0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
+        0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
+        0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
+        0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
+        0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
+        0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
+        0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
+        0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
+        0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
+        0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
+        0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
+        0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
+        0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
+        0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
+        0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
+        0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
+        0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
+        0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
+        0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
+        0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
+        0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
+        0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
+        0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
+        0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
+        0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
+        0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
+        0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
+        0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
+        0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
+        0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
+        0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
+        0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
+        0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
+        0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
+        0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
+        0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
+        0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
+        0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
+        0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
+        0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
+        0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
+        0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
+        0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
+        0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
+        0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
+        0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
+        0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
+        0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
+        0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
+        0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
+        0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
+        0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
+        0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
+        0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
+        0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
+        0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
+        0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
+        0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
+        0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
+        0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
+        0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
         0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
         0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
         0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
@@ -34829,7 +39243,217 @@ static wc_test_ret_t kyber512_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
-    const byte kyber512_ct[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = {
+        0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c,
+        0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e,
+        0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a,
+        0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04,
+        0x37, 0xa2, 0x64, 0xb0, 0xbe, 0x9a, 0x1e, 0x8b,
+        0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80,
+        0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2,
+        0x08, 0xf1, 0xc9, 0x14, 0xf9, 0x64, 0xc1, 0xaa,
+        0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d,
+        0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5,
+        0xcd, 0x15, 0xa3, 0xbc, 0x7e, 0x74, 0xb6, 0xf2,
+        0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12,
+        0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3,
+        0x8d, 0x5d, 0x1a, 0xcc, 0x51, 0x15, 0x46, 0x2a,
+        0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23,
+        0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea,
+        0x7a, 0x80, 0x37, 0x90, 0xbc, 0x03, 0x93, 0xf3,
+        0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f,
+        0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23,
+        0x62, 0x69, 0x30, 0x22, 0x27, 0x04, 0xc0, 0x8f,
+        0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70,
+        0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1,
+        0x62, 0xf4, 0x86, 0xbb, 0xc6, 0x4a, 0x09, 0x71,
+        0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e,
+        0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea,
+        0x7b, 0xf5, 0xe4, 0x00, 0x7a, 0x66, 0x35, 0x88,
+        0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d,
+        0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a,
+        0x95, 0x25, 0x69, 0x36, 0x73, 0x88, 0x13, 0x0d,
+        0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c,
+        0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6,
+        0xa5, 0x35, 0xd7, 0x92, 0xd2, 0x90, 0x54, 0x74,
+        0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae,
+        0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20,
+        0x66, 0xcd, 0xdb, 0x43, 0xec, 0x05, 0x98, 0x4f,
+        0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6,
+        0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98,
+        0x48, 0x87, 0x59, 0x19, 0xe8, 0x9c, 0xc4, 0x39,
+        0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41,
+        0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c,
+        0x99, 0x63, 0xb4, 0x7a, 0x2a, 0x09, 0x92, 0x29,
+        0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d,
+        0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25,
+        0x62, 0xaf, 0xb0, 0x84, 0x83, 0x7a, 0xcb, 0x3c,
+        0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a,
+        0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85,
+        0x29, 0x6e, 0x6b, 0x02, 0xde, 0x0b, 0x47, 0xb5,
+        0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a,
+        0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43,
+        0xc2, 0xb9, 0xc8, 0x4d, 0x9d, 0xa9, 0x1c, 0x6c,
+        0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84,
+        0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6,
+        0xc2, 0x5e, 0xb2, 0x98, 0x44, 0xd8, 0x58, 0xba,
+        0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6,
+        0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14,
+        0x49, 0x4e, 0xba, 0x28, 0x8a, 0x65, 0x91, 0x51,
+        0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa,
+        0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3,
+        0x46, 0x0f, 0x0a, 0xa0, 0x1a, 0x87, 0xa6, 0xa5,
+        0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc,
+        0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4,
+        0x16, 0x40, 0x50, 0x9d, 0xbd, 0x0b, 0x40, 0x45,
+        0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74,
+        0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80,
+        0xa6, 0xd7, 0xe3, 0x8a, 0x7e, 0x2a, 0x63, 0xe9,
+        0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d,
+        0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96,
+        0xab, 0x04, 0x85, 0x01, 0x3e, 0xa9, 0x27, 0xc7,
+        0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40,
+        0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c,
+        0x3a, 0xa1, 0xc7, 0x4f, 0x85, 0x81, 0xc3, 0x48,
+        0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4,
+        0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c,
+        0x5b, 0x44, 0x09, 0xb8, 0xd0, 0x53, 0x1c, 0x04,
+        0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f,
+        0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77,
+        0x5a, 0xde, 0xd9, 0x70, 0xb5, 0x47, 0x18, 0x59,
+        0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f,
+        0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96,
+        0x10, 0x19, 0xea, 0xae, 0xa2, 0x37, 0x77, 0xd3,
+        0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20,
+        0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea,
+        0x64, 0x14, 0xe5, 0x46, 0xc3, 0xb2, 0x0b, 0xd5,
+        0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38,
+        0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1,
+        0x00, 0xf8, 0xc5, 0xb3, 0xd0, 0x3c, 0xa2, 0xc7,
+        0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26,
+        0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6,
+        0x8c, 0xa5, 0x57, 0x0d, 0xe6, 0x00, 0xcd, 0x09,
+        0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01,
+        0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81,
+        0xa4, 0xf6, 0x81, 0x5d, 0x37, 0x60, 0xb7, 0x64,
+        0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92,
+        0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7,
+        0x7c, 0xcb, 0x89, 0x17, 0xc9, 0x3a, 0x29, 0xd6,
+        0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6,
+        0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
+        0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
+        0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
+        0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
+        0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
+        0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
+        0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
+        0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
+        0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
+        0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
+        0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
+        0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
+        0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
+        0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
+        0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
+        0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
+        0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
+        0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
+        0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
+        0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
+        0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
+        0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
+        0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
+        0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
+        0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
+        0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
+        0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
+        0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
+        0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
+        0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
+        0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
+        0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
+        0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
+        0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
+        0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
+        0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
+        0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
+        0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
+        0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
+        0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
+        0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
+        0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
+        0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
+        0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
+        0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
+        0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
+        0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
+        0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
+        0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
+        0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
+        0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
+        0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
+        0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
+        0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
+        0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
+        0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
+        0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
+        0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
+        0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
+        0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
+        0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
+        0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
+        0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
+        0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
+        0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
+        0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
+        0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
+        0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
+        0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
+        0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
+        0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
+        0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
+        0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
+        0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
+        0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
+        0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
+        0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
+        0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
+        0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
+        0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
+        0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
+        0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
+        0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
+        0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
+        0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
+        0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
+        0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
+        0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
+        0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
+        0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
+        0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
+        0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
+        0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
+        0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
+        0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
+        0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
+        0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
+        0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
+        0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
+        0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39,
+        0x50, 0xc8, 0xdd, 0x15, 0x2a, 0x45, 0x31, 0xaa,
+        0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a,
+        0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d,
+        0x79, 0xaf, 0xe4, 0xdd, 0x4d, 0x1e, 0xee, 0x5a,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
         0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
         0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
         0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
@@ -34927,71 +39551,338 @@ static wc_test_ret_t kyber512_kat(void)
         0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
         0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
     };
-    const byte kyber512_ss[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = {
+        0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35,
+        0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f,
+        0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3,
+        0x2e, 0x95, 0x7d, 0x7f, 0xfb, 0x3c, 0x74, 0x29,
+        0xd5, 0x0c, 0x3c, 0x35, 0x77, 0xa5, 0x15, 0xd3,
+        0x18, 0x3a, 0x1b, 0x9d, 0x26, 0x7b, 0x93, 0x6b,
+        0x7e, 0xb8, 0xf5, 0x43, 0xa3, 0xaf, 0xb7, 0x77,
+        0x65, 0xca, 0x79, 0x38, 0xf7, 0x8a, 0xa6, 0x43,
+        0x8c, 0xe8, 0x0a, 0x06, 0xa6, 0x96, 0x6d, 0x0d,
+        0x06, 0xaf, 0x75, 0xba, 0x3e, 0x0d, 0x4f, 0x37,
+        0xba, 0xc7, 0x33, 0x69, 0xf5, 0xa7, 0x29, 0xf7,
+        0x3e, 0x85, 0x72, 0x9e, 0xdd, 0x97, 0xc8, 0xc2,
+        0xa8, 0xcc, 0x26, 0x19, 0xe4, 0xcf, 0x7b, 0x60,
+        0x91, 0x86, 0x9e, 0x90, 0x9f, 0xd4, 0x7d, 0x97,
+        0x09, 0x14, 0x92, 0x04, 0xb0, 0x83, 0x7d, 0x8d,
+        0x6f, 0x25, 0xd2, 0x67, 0x97, 0x2b, 0xe6, 0x3b,
+        0xad, 0x34, 0xb5, 0x44, 0x52, 0x3c, 0x01, 0xc0,
+        0x9d, 0xe3, 0xb1, 0xfa, 0x1d, 0x6b, 0x7b, 0x05,
+        0x9e, 0xee, 0x9e, 0x65, 0x20, 0x62, 0xfe, 0x87,
+        0x0f, 0x68, 0xc6, 0x80, 0x05, 0x33, 0x9e, 0xa1,
+        0x81, 0xe1, 0xd0, 0x76, 0x7c, 0x15, 0x2a, 0xeb,
+        0x38, 0xfa, 0xf0, 0xf9, 0x24, 0x5a, 0xe5, 0x9d,
+        0x5c, 0xb0, 0xd2, 0xb7, 0xf2, 0x01, 0x22, 0x9e,
+        0xd9, 0x70, 0x20, 0xd0, 0x62, 0x3a, 0x46, 0x10,
+        0x0d, 0x09, 0x7b, 0x0c, 0xe1, 0x15, 0x4e, 0x02,
+        0x8a, 0xe6, 0x19, 0x4d, 0xe0, 0x5d, 0xe9, 0x7d,
+        0xd9, 0xae, 0x2e, 0x85, 0xff, 0xd2, 0x5d, 0x95,
+        0xeb, 0x22, 0xef, 0xfe, 0x5b, 0xa1, 0x9c, 0xd8,
+        0x07, 0xc5, 0x30, 0xeb, 0xaa, 0x9f, 0xe9, 0xf6,
+        0x42, 0xcc, 0xac, 0xff, 0x47, 0xed, 0x15, 0xc2,
+        0x2b, 0xfe, 0x30, 0x36, 0xeb, 0xf8, 0xad, 0x9c,
+        0x8e, 0xd2, 0x32, 0x40, 0xae, 0xeb, 0xaa, 0x24,
+        0xd1, 0x35, 0x75, 0x51, 0x00, 0xb8, 0x5e, 0xce,
+        0xe3, 0x17, 0x49, 0x06, 0xe4, 0x63, 0x12, 0x06,
+        0x2c, 0xee, 0xca, 0xc7, 0x5d, 0xe5, 0x27, 0x52,
+        0x56, 0xc2, 0xc1, 0xa6, 0x53, 0xfd, 0x69, 0x15,
+        0xb1, 0xb3, 0x0c, 0x8e, 0xcb, 0xb6, 0xfd, 0x42,
+        0x80, 0x43, 0x74, 0x53, 0x17, 0x3a, 0x96, 0x23,
+        0x8b, 0xc7, 0xd1, 0x08, 0x89, 0x23, 0x43, 0xe0,
+        0x33, 0xbc, 0xd9, 0x8e, 0x43, 0x7e, 0x78, 0x9f,
+        0xc5, 0xbe, 0xba, 0xa1, 0x2b, 0x26, 0x34, 0xb5,
+        0x1e, 0xd0, 0xd5, 0x89, 0xf1, 0x11, 0x43, 0xa0,
+        0x21, 0xd8, 0xec, 0xce, 0x59, 0x4f, 0xdd, 0x48,
+        0xda, 0xe8, 0x4c, 0x80, 0x63, 0xef, 0x35, 0x81,
+        0xbc, 0x37, 0x8a, 0x48, 0xda, 0x4e, 0x51, 0xbb,
+        0x17, 0x5b, 0x0d, 0xb4, 0x7f, 0x9d, 0xcf, 0x99,
+        0x31, 0x8c, 0x30, 0x22, 0x5c, 0xa7, 0xfa, 0x79,
+        0xc8, 0x79, 0xbf, 0x1c, 0x93, 0x97, 0xb5, 0xcc,
+        0xc5, 0xef, 0xad, 0x94, 0xc5, 0x00, 0xed, 0x7f,
+        0x9f, 0x38, 0x5d, 0x08, 0x8e, 0x34, 0x93, 0x22,
+        0x21, 0xfc, 0x0f, 0xc9, 0xaf, 0xe5, 0x1f, 0x68,
+        0x75, 0x54, 0x81, 0x31, 0x69, 0x76, 0x95, 0x47,
+        0x8a, 0xbd, 0xc8, 0x73, 0x6f, 0x10, 0x09, 0x5a,
+        0x6b, 0x92, 0xec, 0x67, 0x9f, 0xe0, 0xe2, 0xae,
+        0x5d, 0x8b, 0x33, 0x53, 0x55, 0xd5, 0x8d, 0xae,
+        0x4d, 0x4f, 0x0b, 0x17, 0xaa, 0x5d, 0x1e, 0x52,
+        0xf1, 0xd4, 0x55, 0x84, 0xa8, 0x92, 0xc3, 0x4c,
+        0xe4, 0xb0, 0x4f, 0xcd, 0x00, 0x98, 0x1d, 0x51,
+        0xca, 0xa1, 0x60, 0x64, 0xba, 0xd9, 0x2d, 0x01,
+        0x9d, 0xc3, 0xad, 0xed, 0x91, 0x96, 0x84, 0x11,
+        0x2b, 0x29, 0xda, 0xa2, 0x8b, 0x9d, 0xae, 0x09,
+        0xb8, 0x6b, 0x21, 0xa9, 0x33, 0x10, 0xd5, 0xfb,
+        0xc6, 0x52, 0x7b, 0x22, 0x4b, 0x9c, 0xe8, 0x7d,
+        0x27, 0x82, 0xbb, 0x29, 0x46, 0x73, 0xf0, 0xec,
+        0x06, 0xf2, 0x6b, 0x08, 0x76, 0x52, 0xa1, 0x8d,
+        0x6a, 0xd7, 0xb1, 0xc9, 0x33, 0x03, 0xef, 0x05,
+        0x61, 0xc0, 0xfc, 0x9c, 0xd4, 0xf6, 0x78, 0xf6,
+        0x06, 0xf1, 0x92, 0xcf, 0x5d, 0xf9, 0x2b, 0x15,
+        0x48, 0xf5, 0xdd, 0x26, 0x87, 0xed, 0xbe, 0xcc,
+        0xfc, 0x6d, 0x4e, 0x9d, 0xe4, 0xbd, 0x50, 0xd3,
+        0xc7, 0x4f, 0xb2, 0x75, 0xab, 0xd9, 0xb3, 0xe9,
+        0x02, 0x77, 0xdb, 0x4a, 0x00, 0x69, 0xc0, 0xa2,
+        0xa7, 0x13, 0x6f, 0x50, 0xce, 0xad, 0x4b, 0x2f,
+        0x19, 0x95, 0xfa, 0xaf, 0x16, 0x80, 0x40, 0xe9,
+        0xe4, 0xbe, 0xb7, 0xc5, 0x72, 0x20, 0x49, 0xd6,
+        0xda, 0x64, 0x02, 0x99, 0x2f, 0xce, 0xa4, 0x50,
+        0x97, 0xdf, 0x7c, 0x1c, 0x20, 0xfb, 0x06, 0x82,
+        0x22, 0x00, 0x05, 0x76, 0x93, 0x5a, 0x08, 0x06,
+        0x77, 0x34, 0x51, 0x92, 0x1f, 0x54, 0xc5, 0x5f,
+        0xbf, 0x59, 0x3a, 0x4f, 0x14, 0x7c, 0x1f, 0xef,
+        0x3a, 0xca, 0xf0, 0xcf, 0xa9, 0x07, 0xae, 0x48,
+        0xc8, 0xc0, 0x63, 0x12, 0xcf, 0xdf, 0x51, 0x86,
+        0x90, 0x4b, 0xec, 0x7f, 0xed, 0x4e, 0xd9, 0x33,
+        0xc9, 0x25, 0x6a, 0xb0, 0x4c, 0xbf, 0xa0, 0x3a,
+        0x96, 0x7c, 0x1f, 0x7e, 0xad, 0x4a, 0xb4, 0x0d,
+        0xf1, 0x16, 0xbe, 0x66, 0x0e, 0x27, 0xca, 0x2b,
+        0x54, 0x35, 0x26, 0xd4, 0xb9, 0x68, 0x4c, 0x31,
+        0xe1, 0xe4, 0x23, 0x83, 0xb9, 0x69, 0xf8, 0x96,
+        0x29, 0x9d, 0x71, 0x39, 0x0c, 0xc8, 0x5b, 0x70,
+        0x32, 0x02, 0xac, 0xad, 0xec, 0xfa, 0x8c, 0x40,
+        0x96, 0x5c, 0x08, 0xc5, 0x3b, 0x56, 0x71, 0xe0,
+        0xd5, 0x94, 0x55, 0xbc, 0x5a, 0x85, 0x86, 0xc6,
+        0x55, 0xdb, 0x8c, 0x2a, 0xde, 0x4b, 0xa8, 0x87,
+        0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe,
+        0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6,
+        0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
         0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
         0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
         0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
         0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = {
+        0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22,
+        0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91,
+        0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49,
+        0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf
+    };
+#endif
 
-    ret = wc_KyberKey_Init(KYBER512, &key, HEAP_HINT, INVALID_DEVID);
+#ifdef WOLFSSL_SMALL_STACK
+    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (pub == NULL || priv == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL || ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
+
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
 
-    ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber512_rand,
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
         sizeof(kyber512_rand));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub));
+    ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER512_PUBLIC_KEY_SIZE);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv));
+    ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER512_PRIVATE_KEY_SIZE);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512_rand;
+    (void)kyber512_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, kyber512_sk,
+        KYBER512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
-    ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber512enc_rand,
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
         sizeof(kyber512enc_rand));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512enc_rand;
+#endif
 
-    ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber512_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber512_ct,
+        sizeof(kyber512_ct));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512_ct;
+    (void)kyber512_ss;
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_KyberKey_Init(WC_ML_KEM_512, key, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
 
-    wc_KyberKey_Free(&key);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
+        sizeof(kyber512_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    return 0;
+    ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512_rand;
+    (void)ml_kem_512_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_512_sk,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
+        sizeof(kyber512enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512enc_rand;
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_512_ct,
+        sizeof(ml_kem_512_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)ml_kem_512_ct;
+    (void)ml_kem_512_ss;
+#endif
+#endif
+
+out:
+
+    if (key_inited)
+        wc_KyberKey_Free(key);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#endif
+
+    return ret;
 }
 #endif /* WOLFSSL_KYBER512 */
 
-#ifdef WOLFSSL_KYBER768
+#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
 static wc_test_ret_t kyber768_kat(void)
 {
-    KyberKey key;
     wc_test_ret_t ret;
+#ifdef WOLFSSL_SMALL_STACK
+    KyberKey *key = NULL;
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    byte *priv = NULL;
+    byte *pub = NULL;
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    byte *ct = NULL;
+    byte *ss = NULL;
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    byte *ss_dec = NULL;
+#endif
+#else
+    KyberKey key[1];
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
     byte priv[KYBER768_PRIVATE_KEY_SIZE];
     byte pub[KYBER768_PUBLIC_KEY_SIZE];
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
     byte ct[KYBER768_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
     byte ss_dec[KYBER_SS_SZ];
-    const byte kyber768_rand[] = {
+#endif
+#endif
+    int key_inited = 0;
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
         0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
         0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
         0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
@@ -35001,14 +39892,15 @@ static wc_test_ret_t kyber768_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
-    const byte kyber768enc_rand[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768enc_rand[] = {
         0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
         0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
 
-    const byte kyber768_pk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
         0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
         0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
         0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
@@ -35158,7 +40050,161 @@ static wc_test_ret_t kyber768_kat(void)
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
     };
-    const byte kyber768_sk[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = {
+        0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
+        0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
+        0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
+        0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
+        0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
+        0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
+        0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
+        0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
+        0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
+        0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
+        0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
+        0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
+        0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
+        0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
+        0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
+        0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
+        0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
+        0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
+        0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
+        0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
+        0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
+        0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
+        0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
+        0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
+        0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
+        0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
+        0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
+        0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
+        0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
+        0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
+        0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
+        0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
+        0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
+        0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
+        0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
+        0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
+        0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
+        0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
+        0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
+        0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
+        0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
+        0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
+        0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
+        0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
+        0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
+        0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
+        0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
+        0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
+        0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
+        0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
+        0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
+        0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
+        0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
+        0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
+        0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
+        0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
+        0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
+        0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
+        0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
+        0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
+        0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
+        0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
+        0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
+        0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
+        0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
+        0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
+        0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
+        0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
+        0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
+        0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
+        0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
+        0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
+        0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
+        0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
+        0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
+        0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
+        0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
+        0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
+        0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
+        0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
+        0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
+        0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
+        0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
+        0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
+        0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
+        0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
+        0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
+        0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
+        0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
+        0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
+        0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
+        0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
+        0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
+        0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
+        0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
+        0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
+        0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
+        0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
+        0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
+        0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
+        0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
+        0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
+        0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
+        0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
+        0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
+        0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
+        0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
+        0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
+        0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
+        0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
+        0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
+        0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
+        0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
+        0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
+        0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
+        0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
+        0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
+        0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
+        0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
+        0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
+        0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
+        0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
+        0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
+        0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
+        0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
+        0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
+        0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
+        0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
+        0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
+        0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
+        0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
+        0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
+        0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
+        0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
+        0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
+        0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
+        0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
+        0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
+        0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
+        0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
+        0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
+        0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
+        0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
+        0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
+        0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
+        0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
+        0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
+        0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
         0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
@@ -35460,7 +40506,313 @@ static wc_test_ret_t kyber768_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
-    const byte kyber768_ct[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = {
+        0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61,
+        0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d,
+        0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a,
+        0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c,
+        0x41, 0x42, 0x39, 0x66, 0x2f, 0x68, 0xbd, 0x44,
+        0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89,
+        0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57,
+        0x2f, 0x7b, 0x29, 0xa6, 0xde, 0x12, 0x80, 0x14,
+        0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71,
+        0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40,
+        0x33, 0x8d, 0x74, 0x35, 0x16, 0x65, 0x9b, 0xd2,
+        0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58,
+        0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3,
+        0x0d, 0x8f, 0xac, 0x24, 0x3b, 0xd2, 0x24, 0x25,
+        0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90,
+        0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45,
+        0x65, 0xf0, 0x19, 0x23, 0x4f, 0xf0, 0x4b, 0x34,
+        0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72,
+        0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c,
+        0x75, 0xac, 0x59, 0x00, 0xda, 0xe8, 0x30, 0x0d,
+        0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc,
+        0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b,
+        0x85, 0x18, 0xf1, 0x36, 0xad, 0x15, 0xb9, 0xf7,
+        0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75,
+        0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59,
+        0x82, 0x57, 0x53, 0x1b, 0x2c, 0xfb, 0x6e, 0xe7,
+        0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83,
+        0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda,
+        0x9e, 0x92, 0x92, 0x0b, 0xfd, 0x9a, 0x06, 0x9e,
+        0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77,
+        0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10,
+        0x7c, 0xf3, 0x5a, 0x43, 0x4d, 0x69, 0xb0, 0x7e,
+        0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c,
+        0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74,
+        0x7b, 0x28, 0x74, 0x7d, 0x80, 0xeb, 0x9d, 0x6c,
+        0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9,
+        0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9,
+        0xa6, 0x58, 0x53, 0x33, 0x24, 0x86, 0x9c, 0x18,
+        0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5,
+        0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24,
+        0x9c, 0xe4, 0x04, 0xb4, 0x9c, 0x0a, 0x8c, 0x3e,
+        0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d,
+        0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3,
+        0xa8, 0x2e, 0x70, 0x3b, 0x74, 0xe5, 0xae, 0x61,
+        0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f,
+        0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87,
+        0x86, 0x48, 0x6a, 0x72, 0xe4, 0xf2, 0x4d, 0x2d,
+        0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba,
+        0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9,
+        0x33, 0x07, 0xc0, 0xab, 0x64, 0x63, 0x9a, 0xea,
+        0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71,
+        0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2,
+        0xb8, 0x57, 0xfb, 0x88, 0xf6, 0x00, 0xca, 0xa5,
+        0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28,
+        0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18,
+        0x53, 0x70, 0x0b, 0x01, 0xef, 0xf9, 0x45, 0x3f,
+        0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d,
+        0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a,
+        0x82, 0x76, 0x51, 0x93, 0xfd, 0xf8, 0x1b, 0x62,
+        0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42,
+        0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec,
+        0x06, 0xce, 0x77, 0xa3, 0xc6, 0x44, 0x93, 0xc1,
+        0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c,
+        0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97,
+        0x1b, 0x2f, 0xfa, 0x93, 0xb5, 0x2a, 0x46, 0x1e,
+        0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b,
+        0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0,
+        0x73, 0x5e, 0xa8, 0xa1, 0x4a, 0xa5, 0x9e, 0x8d,
+        0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74,
+        0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23,
+        0x04, 0x73, 0x32, 0x3d, 0x25, 0xc6, 0x6f, 0xe6,
+        0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21,
+        0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b,
+        0x6b, 0x7b, 0x37, 0x87, 0x69, 0xa6, 0xb4, 0x70,
+        0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b,
+        0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8,
+        0xb5, 0xe5, 0x20, 0x1a, 0xb2, 0x62, 0x74, 0xbb,
+        0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b,
+        0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6,
+        0x00, 0x99, 0x55, 0x71, 0xff, 0xc3, 0x8c, 0x59,
+        0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9,
+        0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72,
+        0x38, 0xff, 0xc0, 0x70, 0x61, 0xe4, 0x75, 0xd6,
+        0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3,
+        0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3,
+        0x1d, 0x0a, 0xca, 0xcf, 0xd5, 0x58, 0x90, 0xa5,
+        0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13,
+        0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6,
+        0xca, 0x10, 0x26, 0x66, 0x6a, 0xc6, 0xbc, 0x94,
+        0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7,
+        0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78,
+        0x13, 0x6d, 0x1a, 0x05, 0xdb, 0x38, 0xcc, 0x85,
+        0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2,
+        0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11,
+        0x0d, 0x22, 0x78, 0x1d, 0xc3, 0x05, 0x0d, 0x8c,
+        0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06,
+        0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52,
+        0x71, 0xb2, 0x24, 0x86, 0x75, 0x01, 0x19, 0x68,
+        0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0,
+        0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81,
+        0xcf, 0x29, 0xc0, 0x12, 0xc6, 0x62, 0x27, 0xb7,
+        0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62,
+        0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67,
+        0x27, 0xab, 0xb8, 0x37, 0x1f, 0xf2, 0xc1, 0x18,
+        0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16,
+        0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3,
+        0x7d, 0x8f, 0x3b, 0x33, 0x42, 0xe4, 0x49, 0x0a,
+        0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02,
+        0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0,
+        0x41, 0x11, 0x48, 0x01, 0x03, 0x2c, 0x51, 0x9f,
+        0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b,
+        0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5,
+        0x8c, 0xb1, 0xdc, 0x14, 0xb4, 0xa9, 0x6c, 0x47,
+        0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd,
+        0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9,
+        0x5b, 0x3b, 0x4a, 0x4a, 0x4a, 0x95, 0x8e, 0x47,
+        0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb,
+        0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92,
+        0x0b, 0x57, 0x11, 0xac, 0x1f, 0xcb, 0xaf, 0x4b,
+        0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76,
+        0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3,
+        0xa9, 0xdc, 0x62, 0xc5, 0xc1, 0x44, 0x52, 0x7a,
+        0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57,
+        0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8,
+        0xbb, 0xbe, 0x9a, 0xbc, 0x37, 0x05, 0x09, 0x31,
+        0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74,
+        0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70,
+        0x1c, 0x8c, 0xc9, 0x8a, 0x1d, 0x4c, 0xa1, 0x07,
+        0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0,
+        0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22,
+        0x86, 0x37, 0xcc, 0x9e, 0xb1, 0x2a, 0xcc, 0x09,
+        0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97,
+        0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60,
+        0x9b, 0xb2, 0x8c, 0x11, 0xd5, 0xfa, 0xc5, 0xca,
+        0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67,
+        0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35,
+        0x4c, 0xd7, 0xa1, 0x96, 0xdb, 0xd9, 0x80, 0x2f,
+        0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97,
+        0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35,
+        0x2a, 0x20, 0x79, 0x1f, 0xd8, 0xb8, 0x7f, 0xe3,
+        0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30,
+        0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2,
+        0x58, 0x0d, 0x07, 0x1d, 0x6c, 0x56, 0x20, 0x20,
+        0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93,
+        0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
+        0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
+        0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
+        0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
+        0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
+        0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
+        0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
+        0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
+        0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
+        0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
+        0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
+        0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
+        0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
+        0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
+        0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
+        0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
+        0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
+        0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
+        0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
+        0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
+        0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
+        0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
+        0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
+        0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
+        0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
+        0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
+        0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
+        0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
+        0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
+        0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
+        0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
+        0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
+        0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
+        0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
+        0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
+        0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
+        0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
+        0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
+        0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
+        0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
+        0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
+        0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
+        0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
+        0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
+        0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
+        0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
+        0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
+        0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
+        0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
+        0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
+        0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
+        0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
+        0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
+        0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
+        0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
+        0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
+        0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
+        0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
+        0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
+        0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
+        0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
+        0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
+        0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
+        0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
+        0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
+        0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
+        0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
+        0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
+        0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
+        0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
+        0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
+        0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
+        0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
+        0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
+        0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
+        0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
+        0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
+        0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
+        0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
+        0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
+        0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
+        0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
+        0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
+        0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
+        0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
+        0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
+        0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
+        0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
+        0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
+        0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
+        0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
+        0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
+        0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
+        0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
+        0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
+        0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
+        0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
+        0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
+        0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
+        0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
+        0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
+        0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
+        0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
+        0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
+        0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
+        0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
+        0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
+        0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
+        0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
+        0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
+        0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
+        0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
+        0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
+        0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
+        0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
+        0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
+        0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
+        0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
+        0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
+        0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
+        0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
+        0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
+        0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
+        0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
+        0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
+        0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
+        0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
+        0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
+        0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
+        0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
+        0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
+        0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
+        0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
+        0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
+        0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
+        0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
+        0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
+        0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
+        0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
+        0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
+        0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
+        0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
+        0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
+        0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
+        0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
+        0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
+        0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
+        0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28,
+        0xf5, 0x72, 0x62, 0x66, 0x13, 0x58, 0xcd, 0xe8,
+        0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b,
+        0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52,
+        0x56, 0xb6, 0x8b, 0xbf, 0x59, 0x43, 0xb1, 0x32,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
         0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
         0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
         0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
@@ -35598,71 +40950,378 @@ static wc_test_ret_t kyber768_kat(void)
         0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
         0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
     };
-    const byte kyber768_ss[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = {
+        0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97,
+        0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08,
+        0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad,
+        0x66, 0x09, 0x6e, 0xbf, 0xb1, 0xf7, 0x06, 0x42,
+        0x4b, 0x49, 0x55, 0x8f, 0x75, 0x5b, 0x56, 0x25,
+        0xba, 0xe2, 0x36, 0xf2, 0xe0, 0x07, 0x96, 0x01,
+        0xc7, 0x66, 0xf7, 0xd9, 0x60, 0x80, 0x8f, 0x7e,
+        0x2b, 0xb0, 0xc7, 0xa5, 0xe0, 0x66, 0xed, 0x34,
+        0x6d, 0xe6, 0x28, 0xf8, 0xc5, 0x7e, 0xeb, 0xab,
+        0xbb, 0x0c, 0x22, 0xd9, 0x11, 0x54, 0x84, 0x63,
+        0x69, 0x3e, 0xf3, 0xce, 0x52, 0xa5, 0x3f, 0x7f,
+        0xf4, 0x15, 0xf0, 0x0e, 0x65, 0x7a, 0xe1, 0xc5,
+        0xa4, 0x8f, 0xa5, 0xec, 0x6e, 0x4b, 0xe5, 0xcf,
+        0x46, 0x2d, 0xaf, 0xfc, 0x84, 0xd2, 0xf6, 0xd5,
+        0xff, 0x55, 0xdc, 0x9b, 0xbe, 0x8b, 0xb0, 0xd7,
+        0x25, 0xec, 0x64, 0xfd, 0x4c, 0xd4, 0xbd, 0x8d,
+        0xba, 0x0a, 0x84, 0x4e, 0x8b, 0x5c, 0xe4, 0xb6,
+        0xa2, 0x89, 0x34, 0xd7, 0xf7, 0xa0, 0x50, 0x99,
+        0x1f, 0xe1, 0x85, 0xb5, 0x06, 0xb4, 0x51, 0xda,
+        0xbf, 0xad, 0x52, 0xd5, 0x2c, 0xb2, 0x11, 0x4c,
+        0xa7, 0xd9, 0xa5, 0xcf, 0x98, 0x6c, 0x8f, 0xdc,
+        0x1b, 0xc1, 0x0e, 0xc0, 0xc1, 0x86, 0x9e, 0x50,
+        0xc0, 0x3c, 0x55, 0xa7, 0x61, 0x92, 0xa1, 0x04,
+        0x9a, 0xca, 0x63, 0x6b, 0xa9, 0x02, 0x0b, 0xda,
+        0xa8, 0xd0, 0xf5, 0x8c, 0x76, 0x3b, 0x0b, 0x89,
+        0x84, 0x5c, 0xa0, 0x6d, 0x4c, 0x4d, 0xdc, 0x21,
+        0x43, 0x3e, 0x16, 0xb9, 0xc6, 0x2e, 0x44, 0x87,
+        0x1f, 0xdb, 0xc0, 0x5b, 0xa2, 0x18, 0xaf, 0x87,
+        0x1f, 0xdd, 0x7d, 0xcf, 0xa4, 0x64, 0xe6, 0x0f,
+        0xaa, 0x52, 0x65, 0x26, 0x4c, 0xe1, 0x39, 0x1b,
+        0xd9, 0xa8, 0xc5, 0xfa, 0xa7, 0x62, 0x6d, 0x5f,
+        0x15, 0x9b, 0x98, 0x05, 0xb9, 0x75, 0x71, 0x0a,
+        0x35, 0x03, 0xa0, 0xb8, 0x58, 0xa1, 0x1c, 0x6a,
+        0x64, 0x7c, 0xc0, 0xe1, 0x9a, 0xc8, 0x8b, 0x1b,
+        0xe9, 0x05, 0x6c, 0x95, 0xb4, 0xd2, 0x08, 0x7d,
+        0x09, 0x51, 0xd1, 0xd2, 0xf4, 0x99, 0x24, 0x91,
+        0x11, 0x7e, 0x63, 0x47, 0x79, 0x4b, 0xa5, 0x45,
+        0x71, 0xec, 0x49, 0xbb, 0xa7, 0x1a, 0xf3, 0x41,
+        0x3d, 0x38, 0xa3, 0x0b, 0xf5, 0x87, 0x22, 0x48,
+        0xd1, 0xf6, 0xd0, 0x7c, 0x86, 0xba, 0xf7, 0x82,
+        0xe7, 0x3d, 0x26, 0x37, 0xf0, 0x43, 0xd3, 0x41,
+        0xa0, 0x09, 0x21, 0x85, 0x7d, 0x8b, 0x21, 0xdd,
+        0xf3, 0xe1, 0xd6, 0x31, 0x00, 0x36, 0xed, 0x27,
+        0xaf, 0x49, 0xe5, 0xde, 0x1b, 0x90, 0x0f, 0xe4,
+        0xde, 0x79, 0x80, 0x8f, 0xf2, 0x9f, 0x95, 0x70,
+        0x85, 0x96, 0x12, 0xb1, 0x5a, 0xdc, 0x01, 0xfb,
+        0xb2, 0x65, 0xb3, 0x05, 0xb1, 0xe3, 0xa1, 0x2a,
+        0xe4, 0x19, 0xda, 0x5b, 0x74, 0x26, 0x1f, 0xa2,
+        0x84, 0xc1, 0x01, 0xda, 0x3d, 0x8d, 0xca, 0x8b,
+        0x2e, 0x45, 0x21, 0xac, 0xa5, 0x71, 0xef, 0x44,
+        0xa0, 0x58, 0xe8, 0x44, 0xff, 0x32, 0xb1, 0x6d,
+        0x5a, 0xae, 0xa0, 0x5f, 0x7f, 0x3a, 0xf8, 0xe2,
+        0xab, 0x16, 0x22, 0x2e, 0x34, 0x76, 0x62, 0xed,
+        0xdf, 0xb8, 0x91, 0xd0, 0xec, 0xc2, 0xa5, 0x5c,
+        0x56, 0x38, 0xf9, 0xdd, 0xe9, 0x2d, 0x9a, 0x3d,
+        0x54, 0x4a, 0x5f, 0x90, 0x1a, 0xc5, 0x01, 0xac,
+        0xd1, 0xea, 0x6a, 0x01, 0x02, 0x01, 0xfc, 0xb1,
+        0x0a, 0xd7, 0x02, 0xc4, 0x25, 0xa9, 0x4b, 0xdf,
+        0x58, 0x90, 0xd5, 0x00, 0xa2, 0xa1, 0x47, 0xee,
+        0xe1, 0xd1, 0xfc, 0xba, 0x8c, 0x3a, 0xbe, 0x7c,
+        0x2d, 0xfe, 0x70, 0xf3, 0x46, 0xf0, 0x33, 0xd8,
+        0x16, 0xa0, 0xb2, 0x79, 0x1b, 0x4f, 0x0b, 0x2d,
+        0x95, 0x6d, 0x9e, 0xe5, 0x97, 0x17, 0x15, 0x39,
+        0x9a, 0x56, 0x88, 0x30, 0x24, 0x95, 0xe2, 0xe0,
+        0x7c, 0x1c, 0x8c, 0x01, 0x52, 0x71, 0x84, 0xbc,
+        0xd0, 0xc2, 0x08, 0xbc, 0x15, 0x9f, 0x2e, 0x13,
+        0x31, 0x8c, 0x0b, 0xb3, 0xdd, 0x24, 0xa6, 0xa7,
+        0xfc, 0x84, 0x9f, 0x83, 0x38, 0x5e, 0xd4, 0xdb,
+        0xa0, 0x7f, 0xe1, 0xd7, 0xbd, 0x56, 0x40, 0xcc,
+        0x9e, 0xd5, 0xcc, 0xfd, 0xd6, 0x87, 0x63, 0xcb,
+        0x0d, 0x0e, 0xdf, 0x61, 0xb2, 0x92, 0x17, 0x7f,
+        0xc1, 0xd2, 0xd3, 0xc1, 0x1d, 0xd0, 0x49, 0x50,
+        0x56, 0xbc, 0xb1, 0x25, 0x58, 0xae, 0xbc, 0xfd,
+        0xde, 0xf9, 0xfe, 0xb4, 0xae, 0xbc, 0x57, 0xaf,
+        0xd9, 0x02, 0x3c, 0x65, 0xcf, 0xe6, 0x5a, 0x24,
+        0xe3, 0x3f, 0x1b, 0x00, 0x11, 0x1e, 0x92, 0xe6,
+        0x3e, 0x01, 0x1e, 0xaf, 0x0b, 0x21, 0x2c, 0xf9,
+        0x57, 0x43, 0xcd, 0x07, 0xf5, 0x18, 0x9e, 0xce,
+        0x1f, 0x20, 0x5b, 0x7f, 0x6f, 0xcb, 0x2e, 0x6b,
+        0x19, 0x61, 0xb5, 0x40, 0x4c, 0xeb, 0xe4, 0x7c,
+        0x8c, 0xd1, 0x3b, 0x85, 0x99, 0xd5, 0xb4, 0x9e,
+        0x6d, 0x87, 0xee, 0xda, 0x36, 0xe9, 0xb8, 0xfc,
+        0x4c, 0x00, 0x63, 0x58, 0x96, 0xaa, 0x2b, 0x75,
+        0x89, 0x6e, 0x33, 0x6d, 0x1b, 0x61, 0x2e, 0xe1,
+        0x3d, 0xb8, 0x11, 0xe1, 0xf0, 0x7e, 0x61, 0x74,
+        0x8d, 0x92, 0x0f, 0x48, 0x65, 0xf3, 0xf1, 0x17,
+        0x41, 0x39, 0x9d, 0xc6, 0x16, 0x2c, 0x91, 0xca,
+        0x16, 0x8a, 0x02, 0x32, 0x9d, 0xff, 0x82, 0x1d,
+        0x58, 0x19, 0x87, 0x12, 0xdd, 0x55, 0x8a, 0xbb,
+        0x09, 0x9b, 0x3a, 0x0b, 0xaf, 0x9d, 0xa1, 0xb7,
+        0x30, 0xb2, 0xaa, 0x73, 0xbc, 0xf5, 0x8d, 0x74,
+        0xf3, 0x57, 0xb0, 0x6f, 0x72, 0x11, 0xc8, 0x04,
+        0xb6, 0xc8, 0xaf, 0x16, 0xff, 0x35, 0x09, 0xfa,
+        0xd1, 0xd3, 0x5b, 0x14, 0xbf, 0xdc, 0xed, 0x7d,
+        0xb8, 0xa6, 0xa2, 0x5c, 0x48, 0xe5, 0x95, 0x64,
+        0x80, 0x72, 0x4d, 0xaa, 0x05, 0x7c, 0xd6, 0x60,
+        0xb6, 0x7e, 0xe3, 0xe4, 0x72, 0x57, 0x41, 0x82,
+        0x67, 0x9d, 0x48, 0x58, 0x38, 0xa6, 0x47, 0x6e,
+        0xac, 0x02, 0x14, 0x10, 0x75, 0xc8, 0x12, 0xaf,
+        0x79, 0x67, 0xba, 0x7c, 0x91, 0x85, 0xcc, 0x2a,
+        0xbd, 0x2a, 0x45, 0x45, 0xb8, 0x0f, 0x3d, 0x31,
+        0x04, 0xd5, 0x8d, 0x65, 0x4a, 0x57, 0x79, 0x2d,
+        0xcf, 0xab, 0xbe, 0x9c, 0x07, 0x15, 0xe8, 0xde,
+        0x2e, 0xf8, 0x1e, 0xf4, 0x04, 0xc8, 0x16, 0x8f,
+        0xd7, 0xa4, 0x3e, 0xfa, 0xb3, 0xd4, 0x48, 0xe6,
+        0x86, 0xa0, 0x88, 0xef, 0xd2, 0x6a, 0x26, 0x15,
+        0x99, 0x48, 0x92, 0x67, 0x23, 0xd7, 0xec, 0xcc,
+        0x39, 0xe3, 0xc1, 0xb7, 0x19, 0xcf, 0x8b, 0xec,
+        0xb7, 0xbe, 0x7e, 0x96, 0x4f, 0x22, 0xcd, 0x8c,
+        0xb1, 0xb7, 0xe2, 0x5e, 0x80, 0x0e, 0xa9, 0x7d,
+        0x60, 0xa6, 0x4c, 0xc0, 0xbb, 0xd9, 0xcb, 0x40,
+        0x7a, 0x3a, 0xb9, 0xf8, 0x8f, 0x5e, 0x29, 0x16,
+        0x9e, 0xea, 0xfd, 0x4e, 0x03, 0x22, 0xfd, 0xe6,
+        0x59, 0x0a, 0xe0, 0x93, 0xce, 0x8f, 0xee, 0xae,
+        0x98, 0xb6, 0x22, 0xca, 0xa7, 0x55, 0x6f, 0xf4,
+        0x26, 0xc9, 0xe7, 0xa4, 0x04, 0xce, 0x69, 0x35,
+        0x58, 0x30, 0xa7, 0xa6, 0x77, 0x67, 0xa7, 0x6c,
+        0x7d, 0x9a, 0x97, 0xb8, 0x4b, 0xfc, 0xf5, 0x0a,
+        0x02, 0xf7, 0x5c, 0x23, 0x5d, 0x2f, 0x9c, 0x67,
+        0x11, 0x38, 0x04, 0x9f, 0xfc, 0x7c, 0x80, 0x55,
+        0x92, 0x6c, 0x03, 0xeb, 0x3f, 0xb8, 0x7f, 0x96,
+        0x95, 0x18, 0x5a, 0x42, 0xec, 0xa9, 0xa4, 0x16,
+        0x55, 0x87, 0x3d, 0x30, 0xa6, 0xb3, 0xbf, 0x42,
+        0x8b, 0x24, 0x62, 0x23, 0x48, 0x4a, 0x8f, 0xf6,
+        0x1e, 0xe3, 0xee, 0xaf, 0xff, 0x10, 0xe9, 0x9c,
+        0x2c, 0x13, 0xa7, 0x62, 0x84, 0xd0, 0x63, 0xe5,
+        0x6a, 0xb7, 0x11, 0xa3, 0x5a, 0x85, 0xb5, 0x38,
+        0x3d, 0xf8, 0x1d, 0xa2, 0x34, 0x90, 0xf6, 0x6e,
+        0x8e, 0xa3, 0xfc, 0xba, 0x06, 0x7f, 0x55, 0x30,
+        0xc6, 0x54, 0x1c, 0x2b, 0x8f, 0x74, 0x71, 0x7c,
+        0x35, 0x02, 0x3e, 0x7b, 0x9b, 0x39, 0x56, 0xc3,
+        0xee, 0x2f, 0xf8, 0x4b, 0xa0, 0x3c, 0xcf, 0x4b,
+        0x4b, 0x53, 0x21, 0xb9, 0x24, 0x08, 0x95, 0x48,
+        0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84,
+        0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33,
+        0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
         0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
         0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
         0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
         0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = {
+        0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70,
+        0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29,
+        0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4,
+        0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68
+    };
+#endif
 
-    ret = wc_KyberKey_Init(KYBER768, &key, HEAP_HINT, INVALID_DEVID);
+#ifdef WOLFSSL_SMALL_STACK
+    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv == NULL || pub == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL || ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
+
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
 
-    ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber768_rand,
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
         sizeof(kyber768_rand));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub));
+    ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER768_PUBLIC_KEY_SIZE);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv));
+    ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER768_PRIVATE_KEY_SIZE);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768_rand;
+    (void)kyber768_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, kyber768_sk,
+        KYBER768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
-    ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber768enc_rand,
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
         sizeof(kyber768enc_rand));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768enc_rand;
+#endif
 
-    ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber768_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber768_ct,
+        sizeof(kyber768_ct));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768_ct;
+    (void)kyber768_ss;
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_KyberKey_Init(WC_ML_KEM_768, key, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
 
-    wc_KyberKey_Free(&key);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
+        sizeof(kyber768_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    return 0;
+    ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768_rand;
+    (void)ml_kem_768_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_768_sk,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
+        sizeof(kyber768enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768enc_rand;
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_768_ct,
+        sizeof(ml_kem_768_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)ml_kem_768_ct;
+    (void)ml_kem_768_ss;
+#endif
+#endif
+
+out:
+
+    if (key_inited)
+        wc_KyberKey_Free(key);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#endif
+
+    return ret;
 }
 #endif /* WOLFSSL_KYBER768 */
 
-#ifdef WOLFSSL_KYBER1024
+#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
 static wc_test_ret_t kyber1024_kat(void)
 {
-    KyberKey key;
     wc_test_ret_t ret;
+#ifdef WOLFSSL_SMALL_STACK
+    KyberKey *key = NULL;
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    byte *priv = NULL;
+    byte *pub = NULL;
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    byte *ct = NULL;
+    byte *ss = NULL;
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    byte *ss_dec = NULL;
+#endif
+#else
+    KyberKey key[1];
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
     byte priv[KYBER1024_PRIVATE_KEY_SIZE];
     byte pub[KYBER1024_PUBLIC_KEY_SIZE];
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
     byte ct[KYBER1024_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
     byte ss_dec[KYBER_SS_SZ];
-    const byte kyber1024_rand[] = {
+#endif
+#endif
+    int key_inited = 0;
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
         0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
         0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
         0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
@@ -35672,13 +41331,14 @@ static wc_test_ret_t kyber1024_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
-    const byte kyber1024enc_rand[] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024enc_rand[] = {
         0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
         0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
-    const byte kyber1024_pk[] = {
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
         0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
         0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
         0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
@@ -35876,7 +41536,209 @@ static wc_test_ret_t kyber1024_kat(void)
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
     };
-    const byte kyber1024_sk[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = {
+        0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
+        0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
+        0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
+        0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
+        0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
+        0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
+        0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
+        0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
+        0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
+        0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
+        0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
+        0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
+        0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
+        0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
+        0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
+        0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
+        0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
+        0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
+        0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
+        0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
+        0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
+        0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
+        0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
+        0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
+        0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
+        0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
+        0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
+        0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
+        0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
+        0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
+        0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
+        0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
+        0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
+        0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
+        0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
+        0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
+        0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
+        0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
+        0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
+        0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
+        0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
+        0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
+        0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
+        0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
+        0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
+        0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
+        0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
+        0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
+        0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
+        0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
+        0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
+        0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
+        0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
+        0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
+        0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
+        0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
+        0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
+        0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
+        0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
+        0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
+        0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
+        0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
+        0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
+        0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
+        0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
+        0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
+        0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
+        0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
+        0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
+        0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
+        0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
+        0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
+        0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
+        0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
+        0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
+        0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
+        0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
+        0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
+        0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
+        0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
+        0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
+        0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
+        0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
+        0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
+        0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
+        0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
+        0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
+        0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
+        0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
+        0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
+        0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
+        0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
+        0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
+        0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
+        0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
+        0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
+        0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
+        0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
+        0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
+        0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
+        0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
+        0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
+        0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
+        0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
+        0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
+        0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
+        0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
+        0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
+        0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
+        0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
+        0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
+        0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
+        0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
+        0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
+        0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
+        0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
+        0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
+        0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
+        0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
+        0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
+        0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
+        0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
+        0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
+        0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
+        0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
+        0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
+        0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
+        0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
+        0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
+        0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
+        0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
+        0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
+        0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
+        0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
+        0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
+        0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
+        0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
+        0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
+        0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
+        0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
+        0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
+        0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
+        0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
+        0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
+        0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
+        0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
+        0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
+        0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
+        0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
+        0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
+        0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
+        0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
+        0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
+        0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
+        0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
+        0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
+        0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
+        0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
+        0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
+        0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
+        0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
+        0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
+        0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
+        0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
+        0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
+        0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
+        0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
+        0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
+        0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
+        0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
+        0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
+        0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
+        0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
+        0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
+        0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
+        0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
+        0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
+        0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
+        0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
+        0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
+        0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
+        0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
+        0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
+        0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
+        0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
+        0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
+        0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
+        0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
+        0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
+        0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
+        0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
+        0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
+        0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
+        0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
+        0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
+        0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
         0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
@@ -36274,7 +42136,409 @@ static wc_test_ret_t kyber1024_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
-    const byte kyber1024_ct[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = {
+        0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88,
+        0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8,
+        0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77,
+        0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47,
+        0x01, 0x49, 0x08, 0x30, 0x38, 0x66, 0x37, 0xda,
+        0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f,
+        0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b,
+        0x0c, 0xfd, 0x68, 0x0c, 0x11, 0x48, 0x2f, 0x33,
+        0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a,
+        0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75,
+        0x45, 0x98, 0x33, 0x43, 0xcd, 0x82, 0x94, 0x14,
+        0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55,
+        0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62,
+        0x95, 0x31, 0x31, 0xb6, 0x3e, 0xe8, 0x32, 0xad,
+        0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49,
+        0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b,
+        0x15, 0x98, 0x23, 0x73, 0xae, 0x73, 0x2e, 0x04,
+        0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c,
+        0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c,
+        0x85, 0x1d, 0xc9, 0x61, 0x1f, 0x4b, 0xcf, 0x04,
+        0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b,
+        0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8,
+        0x1d, 0xb7, 0xfc, 0xcd, 0xdd, 0x9a, 0x32, 0x4b,
+        0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40,
+        0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94,
+        0x01, 0x9c, 0x10, 0xbe, 0x37, 0xa5, 0x3d, 0x5a,
+        0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f,
+        0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71,
+        0xc9, 0xa1, 0xd2, 0x8a, 0xed, 0x02, 0x59, 0x7a,
+        0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3,
+        0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75,
+        0x87, 0x1a, 0x65, 0x27, 0x5e, 0xb1, 0xc5, 0xb0,
+        0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf,
+        0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9,
+        0x05, 0x62, 0x2b, 0x83, 0xfc, 0x51, 0x39, 0x71,
+        0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67,
+        0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab,
+        0x60, 0x57, 0x93, 0x6d, 0x19, 0xa4, 0xa2, 0xa2,
+        0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f,
+        0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04,
+        0x64, 0x2b, 0x0c, 0x20, 0xda, 0x6c, 0xc0, 0xd9,
+        0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f,
+        0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07,
+        0x49, 0xcb, 0xc0, 0xc9, 0x05, 0xd7, 0xb1, 0xff,
+        0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a,
+        0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78,
+        0x62, 0xe5, 0xf6, 0xba, 0xc9, 0x87, 0x26, 0xe5,
+        0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a,
+        0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac,
+        0x03, 0x82, 0x4c, 0x89, 0x89, 0x7c, 0xb4, 0x90,
+        0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20,
+        0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18,
+        0x4d, 0x78, 0x72, 0x1a, 0xf8, 0x36, 0xad, 0x4d,
+        0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47,
+        0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62,
+        0x75, 0x85, 0xc6, 0x4b, 0xe3, 0x80, 0x9d, 0x7e,
+        0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f,
+        0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40,
+        0x7d, 0x3a, 0x61, 0x9a, 0xd0, 0x95, 0x43, 0xb7,
+        0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17,
+        0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c,
+        0x7d, 0x0e, 0xd9, 0x4c, 0xd5, 0x00, 0x47, 0x95,
+        0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87,
+        0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28,
+        0x17, 0x29, 0x23, 0x24, 0x96, 0x35, 0xaa, 0xd0,
+        0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e,
+        0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90,
+        0x3e, 0x47, 0x10, 0x86, 0xc5, 0xf1, 0x56, 0x7e,
+        0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25,
+        0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42,
+        0x97, 0x25, 0x80, 0x99, 0x50, 0x76, 0x1d, 0x84,
+        0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06,
+        0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40,
+        0xa5, 0x57, 0x01, 0xc2, 0x8f, 0xf8, 0x44, 0x99,
+        0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3,
+        0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91,
+        0x39, 0x00, 0xd8, 0x6c, 0x88, 0x12, 0x62, 0x52,
+        0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02,
+        0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a,
+        0xaa, 0x9a, 0xf9, 0xbc, 0x53, 0xd3, 0x72, 0x98,
+        0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c,
+        0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39,
+        0x82, 0x3b, 0x04, 0x1b, 0xd0, 0xe2, 0x58, 0x48,
+        0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5,
+        0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c,
+        0x63, 0x2d, 0x67, 0x4e, 0xae, 0x88, 0x5a, 0x01,
+        0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe,
+        0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50,
+        0xc8, 0x6b, 0x21, 0xc3, 0xc0, 0x90, 0x94, 0x1f,
+        0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e,
+        0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72,
+        0xb9, 0x8c, 0xa0, 0xa1, 0x58, 0x91, 0x9a, 0xdb,
+        0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e,
+        0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81,
+        0x12, 0x32, 0x60, 0x7e, 0x72, 0x17, 0xbb, 0x03,
+        0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59,
+        0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43,
+        0x81, 0xbf, 0xd6, 0x27, 0xa1, 0x05, 0x17, 0xf5,
+        0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71,
+        0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56,
+        0x14, 0x02, 0x91, 0x97, 0xe6, 0x58, 0x6f, 0xa8,
+        0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b,
+        0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32,
+        0xca, 0xc8, 0x9b, 0x76, 0xc4, 0x2a, 0x5e, 0xde,
+        0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5,
+        0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22,
+        0x6e, 0xfa, 0xd1, 0x5f, 0x2a, 0xc7, 0x37, 0x51,
+        0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22,
+        0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab,
+        0x17, 0x7e, 0x90, 0x3e, 0xad, 0x6b, 0x4a, 0xc4,
+        0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf,
+        0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7,
+        0x2c, 0x7d, 0x0b, 0x88, 0xae, 0xb0, 0xb0, 0x6f,
+        0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57,
+        0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4,
+        0x3d, 0xff, 0x94, 0x26, 0x05, 0xaa, 0x56, 0x04,
+        0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49,
+        0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32,
+        0x7f, 0xee, 0x71, 0x3d, 0x86, 0xf2, 0x9b, 0x3a,
+        0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6,
+        0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0,
+        0x68, 0x62, 0x33, 0xc0, 0xf3, 0xb1, 0xc3, 0x14,
+        0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99,
+        0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec,
+        0x2c, 0xb6, 0x4a, 0x73, 0x85, 0xa7, 0x61, 0xd6,
+        0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43,
+        0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05,
+        0x45, 0x8e, 0x16, 0x20, 0xf0, 0x29, 0x28, 0x97,
+        0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2,
+        0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c,
+        0xbc, 0xaf, 0x04, 0x80, 0x24, 0x16, 0xb3, 0x3c,
+        0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35,
+        0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5,
+        0xc5, 0x03, 0x1a, 0xc3, 0x66, 0x71, 0xa0, 0xd0,
+        0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40,
+        0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b,
+        0x97, 0x1e, 0x30, 0x3f, 0xa1, 0x37, 0xbe, 0x23,
+        0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57,
+        0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96,
+        0xc1, 0xc3, 0x65, 0x30, 0x3a, 0xd2, 0x5d, 0x49,
+        0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c,
+        0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97,
+        0x91, 0x0f, 0x97, 0x35, 0xd4, 0xea, 0x4e, 0x44,
+        0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad,
+        0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a,
+        0x05, 0xd1, 0xb6, 0x16, 0x7a, 0x26, 0x3e, 0x12,
+        0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30,
+        0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5,
+        0xa4, 0x51, 0xbc, 0xaf, 0xc7, 0x47, 0x88, 0xbe,
+        0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e,
+        0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4,
+        0x9d, 0x13, 0x05, 0x3f, 0x26, 0x26, 0xa6, 0x27,
+        0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb,
+        0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91,
+        0x47, 0x2b, 0xa0, 0x05, 0x1e, 0xf7, 0x41, 0x6e,
+        0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1,
+        0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5,
+        0xa2, 0xb4, 0xe4, 0xa1, 0x08, 0xa5, 0x10, 0x93,
+        0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71,
+        0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6,
+        0x55, 0x7a, 0x40, 0x48, 0xa5, 0x8a, 0x2c, 0xd7,
+        0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75,
+        0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34,
+        0x82, 0xdc, 0x13, 0x64, 0x14, 0x04, 0x8c, 0x11,
+        0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1,
+        0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3,
+        0x38, 0xdc, 0x21, 0x53, 0x8a, 0xf3, 0x61, 0x49,
+        0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5,
+        0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b,
+        0x7f, 0xe3, 0xa1, 0x40, 0x8a, 0x25, 0x47, 0xe2,
+        0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2,
+        0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3,
+        0x3e, 0xbd, 0xcb, 0x26, 0x24, 0xb7, 0x9d, 0x87,
+        0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f,
+        0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c,
+        0x60, 0x45, 0xca, 0x32, 0x9f, 0xea, 0x4a, 0x50,
+        0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6,
+        0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb,
+        0x0d, 0x02, 0x57, 0x65, 0x08, 0x19, 0x01, 0x8d,
+        0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40,
+        0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1,
+        0xb6, 0xa4, 0xd3, 0x2f, 0x76, 0xe5, 0xcc, 0x4d,
+        0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67,
+        0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99,
+        0x81, 0x58, 0x9a, 0x34, 0x18, 0x97, 0x68, 0x7b,
+        0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68,
+        0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12,
+        0x41, 0x33, 0x15, 0xcc, 0xf4, 0x9b, 0x99, 0x98,
+        0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6,
+        0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3,
+        0xa7, 0x57, 0x34, 0x69, 0x90, 0xcc, 0x32, 0xb0,
+        0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39,
+        0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
+        0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
+        0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
+        0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
+        0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
+        0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
+        0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
+        0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
+        0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
+        0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
+        0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
+        0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
+        0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
+        0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
+        0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
+        0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
+        0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
+        0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
+        0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
+        0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
+        0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
+        0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
+        0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
+        0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
+        0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
+        0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
+        0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
+        0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
+        0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
+        0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
+        0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
+        0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
+        0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
+        0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
+        0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
+        0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
+        0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
+        0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
+        0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
+        0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
+        0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
+        0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
+        0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
+        0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
+        0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
+        0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
+        0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
+        0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
+        0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
+        0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
+        0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
+        0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
+        0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
+        0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
+        0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
+        0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
+        0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
+        0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
+        0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
+        0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
+        0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
+        0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
+        0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
+        0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
+        0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
+        0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
+        0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
+        0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
+        0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
+        0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
+        0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
+        0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
+        0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
+        0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
+        0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
+        0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
+        0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
+        0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
+        0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
+        0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
+        0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
+        0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
+        0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
+        0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
+        0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
+        0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
+        0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
+        0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
+        0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
+        0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
+        0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
+        0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
+        0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
+        0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
+        0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
+        0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
+        0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
+        0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
+        0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
+        0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
+        0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
+        0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
+        0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
+        0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
+        0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
+        0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
+        0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
+        0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
+        0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
+        0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
+        0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
+        0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
+        0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
+        0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
+        0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
+        0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
+        0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
+        0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
+        0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
+        0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
+        0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
+        0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
+        0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
+        0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
+        0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
+        0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
+        0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
+        0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
+        0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
+        0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
+        0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
+        0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
+        0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
+        0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
+        0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
+        0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
+        0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
+        0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
+        0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
+        0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
+        0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
+        0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
+        0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
+        0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
+        0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
+        0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
+        0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
+        0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
+        0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
+        0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
+        0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
+        0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
+        0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
+        0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
+        0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
+        0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
+        0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
+        0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
+        0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
+        0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
+        0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
+        0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
+        0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
+        0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
+        0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
+        0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
+        0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
+        0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
+        0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
+        0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
+        0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
+        0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
+        0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
+        0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
+        0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
+        0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
+        0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
+        0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
+        0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
+        0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
+        0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
+        0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
+        0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
+        0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
+        0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
+        0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
+        0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
+        0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
+        0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
+        0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
+        0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
+        0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
+        0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
+        0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
+        0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
+        0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb,
+        0xeb, 0xbe, 0x41, 0xcd, 0x4d, 0xea, 0x48, 0x9d,
+        0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54,
+        0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64,
+        0xd5, 0x89, 0x2a, 0xd0, 0x2b, 0x13, 0xf2, 0xe5,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
         0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
         0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
         0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
@@ -36472,57 +42736,402 @@ static wc_test_ret_t kyber1024_kat(void)
         0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
         0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
     };
-    const byte kyber1024_ss[] = {
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = {
+        0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38,
+        0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95,
+        0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb,
+        0x56, 0x4a, 0xf2, 0x26, 0x17, 0x30, 0x52, 0xa4,
+        0xa3, 0xe7, 0xf2, 0xe5, 0xfd, 0x47, 0xd2, 0xb0,
+        0x2a, 0xae, 0xb5, 0x18, 0x9e, 0x06, 0xb9, 0xf4,
+        0xae, 0x98, 0xb6, 0x19, 0xcb, 0x63, 0xef, 0xbd,
+        0xf3, 0x98, 0x9a, 0x94, 0xb3, 0x6e, 0x8e, 0xa0,
+        0xd7, 0x00, 0x63, 0x3b, 0x95, 0x0a, 0x0a, 0xe2,
+        0xa7, 0x8e, 0xd9, 0x2e, 0x85, 0xc8, 0x5c, 0x70,
+        0xe1, 0x3e, 0x62, 0x6f, 0xb2, 0x63, 0xfa, 0xc9,
+        0x68, 0x15, 0x21, 0xc3, 0xab, 0x22, 0xfd, 0xab,
+        0x29, 0x17, 0x3c, 0x96, 0x16, 0xa2, 0xb0, 0x37,
+        0x08, 0x3f, 0xf7, 0xb2, 0xe0, 0x19, 0xb5, 0xbc,
+        0xde, 0x06, 0x8f, 0xac, 0x25, 0x7e, 0xf8, 0xf1,
+        0x27, 0x98, 0x41, 0x16, 0x93, 0xc1, 0xbd, 0xcc,
+        0x65, 0x42, 0x09, 0x97, 0xa5, 0x13, 0xa8, 0xa6,
+        0x95, 0x02, 0x62, 0x0b, 0xe8, 0xe4, 0xce, 0x73,
+        0x62, 0xe4, 0x12, 0xa7, 0x6c, 0xf5, 0x1c, 0x1f,
+        0x24, 0x33, 0xf1, 0xab, 0x64, 0xce, 0x0e, 0x5d,
+        0x2f, 0x56, 0xd7, 0xc9, 0xad, 0xe9, 0x94, 0xd0,
+        0xe3, 0x5d, 0x0a, 0xee, 0xf3, 0xac, 0x51, 0x5b,
+        0x48, 0x24, 0x37, 0x66, 0x4d, 0x8c, 0x1d, 0x25,
+        0xe5, 0xa5, 0x50, 0x7c, 0xf8, 0x0f, 0x97, 0x0d,
+        0x3e, 0xa7, 0x22, 0x6a, 0xac, 0xdc, 0x45, 0x7c,
+        0xbf, 0x88, 0xa0, 0x56, 0x0a, 0xa3, 0x5b, 0xb2,
+        0xc5, 0xc4, 0x55, 0x86, 0x7e, 0x21, 0x59, 0x91,
+        0x0a, 0x35, 0x81, 0x0b, 0xef, 0xe3, 0xaa, 0x10,
+        0xeb, 0x04, 0xd8, 0xd5, 0x71, 0x47, 0xcb, 0x8f,
+        0x66, 0xd2, 0xb0, 0x70, 0xba, 0xc4, 0x3d, 0x1f,
+        0x1f, 0xfd, 0xd5, 0x7a, 0x93, 0x99, 0x95, 0x1f,
+        0x64, 0x96, 0x57, 0x27, 0xbc, 0xb9, 0xf6, 0x6a,
+        0xd4, 0x23, 0x09, 0xda, 0xfc, 0x79, 0x9c, 0x1c,
+        0x54, 0x0a, 0xf1, 0xaf, 0x93, 0xef, 0xf6, 0x8a,
+        0x86, 0xd6, 0x1f, 0x51, 0x15, 0xdb, 0x66, 0x2d,
+        0xee, 0x7a, 0xc9, 0xa3, 0x62, 0x67, 0x77, 0x62,
+        0xb6, 0xa1, 0x64, 0xa0, 0xfa, 0x0a, 0x4d, 0x85,
+        0x9e, 0x4b, 0x8c, 0x8d, 0xbd, 0xb4, 0xe1, 0x83,
+        0xf5, 0xe6, 0x80, 0x8f, 0xc5, 0x22, 0x29, 0x65,
+        0x0c, 0xaf, 0x7c, 0xf3, 0xe1, 0x6d, 0xe3, 0xd8,
+        0x95, 0xd1, 0x48, 0xc3, 0x54, 0x48, 0xab, 0x8c,
+        0x27, 0x53, 0xc9, 0x83, 0x1b, 0x24, 0xbd, 0x49,
+        0x21, 0x49, 0x7e, 0xaa, 0x19, 0x25, 0x65, 0xca,
+        0xbf, 0xd8, 0x3c, 0x0c, 0x68, 0xdf, 0xe7, 0xd3,
+        0x92, 0xab, 0xf5, 0xe5, 0xe6, 0xf8, 0x4b, 0xb9,
+        0xf5, 0xaf, 0x4b, 0x71, 0x18, 0xc0, 0xb5, 0x58,
+        0x10, 0x5f, 0x9c, 0x10, 0xc9, 0xb6, 0xd7, 0x06,
+        0x82, 0xe1, 0xde, 0x6e, 0x06, 0x89, 0xd7, 0x10,
+        0x6a, 0x63, 0x74, 0xbd, 0x34, 0xae, 0xd7, 0x22,
+        0x9e, 0x6c, 0xb3, 0x56, 0xf2, 0xea, 0x65, 0xe6,
+        0x80, 0xce, 0x7b, 0x1e, 0x2c, 0x37, 0x04, 0xe1,
+        0x16, 0xa3, 0x85, 0x42, 0x82, 0x6e, 0x8a, 0x00,
+        0x11, 0x41, 0xba, 0xf2, 0xe3, 0x4d, 0xe3, 0x7a,
+        0x03, 0x04, 0x09, 0x86, 0xd4, 0xc0, 0xcd, 0x5d,
+        0x57, 0xf0, 0x70, 0x1c, 0xe9, 0x30, 0x98, 0x6f,
+        0xd9, 0x52, 0x5b, 0x58, 0xe2, 0xe5, 0x9f, 0x45,
+        0xb8, 0xdd, 0x04, 0xc0, 0xf3, 0x5b, 0x0f, 0x47,
+        0x97, 0x0c, 0xc6, 0x70, 0x79, 0x61, 0x8e, 0xb9,
+        0xe6, 0xd9, 0x1e, 0x9b, 0x0f, 0x8c, 0x6d, 0x2e,
+        0x16, 0x5c, 0xf4, 0x48, 0xa2, 0xc1, 0xeb, 0xf7,
+        0x1b, 0x65, 0x37, 0xe0, 0xf3, 0x75, 0x18, 0x5d,
+        0xfa, 0xfe, 0xf6, 0x98, 0xb6, 0x23, 0x9b, 0xb3,
+        0x55, 0x80, 0xb3, 0x15, 0xbc, 0xb5, 0xed, 0x40,
+        0x8c, 0x35, 0x7f, 0x19, 0x2d, 0xef, 0x89, 0xbc,
+        0x1b, 0x75, 0xcd, 0xd6, 0xaa, 0xe8, 0xb5, 0xfa,
+        0xf0, 0xc3, 0xe1, 0x38, 0x03, 0xf6, 0xbd, 0xfa,
+        0x76, 0xfb, 0x40, 0x7f, 0xcb, 0xda, 0x79, 0x0c,
+        0x32, 0x9b, 0x3e, 0xe4, 0x2f, 0xd3, 0xd3, 0xb0,
+        0x3b, 0xd5, 0x00, 0x3f, 0x0b, 0xc4, 0x32, 0xf7,
+        0xba, 0x39, 0x63, 0x11, 0x12, 0x45, 0x2d, 0xfd,
+        0x12, 0x14, 0x04, 0x33, 0xff, 0x89, 0x80, 0xeb,
+        0x6a, 0x52, 0x6b, 0xa8, 0x5e, 0xf9, 0x94, 0x77,
+        0x37, 0x8b, 0x4d, 0xc7, 0x66, 0x35, 0xa5, 0xcd,
+        0x50, 0x40, 0xe4, 0x3b, 0x8c, 0x1f, 0xe4, 0xee,
+        0x5e, 0x15, 0x8e, 0x42, 0x3b, 0xfc, 0x0c, 0x89,
+        0x3c, 0x1d, 0x56, 0x13, 0xbe, 0xd0, 0x8d, 0xa7,
+        0x19, 0xc9, 0x07, 0x31, 0x84, 0xee, 0xb3, 0x6f,
+        0xd3, 0x57, 0x38, 0x0f, 0xb1, 0x87, 0x3d, 0x8c,
+        0xbd, 0x36, 0xe2, 0x25, 0x5e, 0x98, 0x5b, 0x1b,
+        0x76, 0x81, 0x97, 0x43, 0xa6, 0x58, 0x4a, 0x9b,
+        0x3a, 0x58, 0x09, 0x96, 0xc9, 0xc2, 0xee, 0xd9,
+        0xbb, 0xbf, 0xff, 0x78, 0xa6, 0x20, 0x4b, 0x5e,
+        0x5e, 0xea, 0xe5, 0xf4, 0xef, 0xd2, 0x66, 0x00,
+        0x78, 0xb3, 0x7f, 0x07, 0x54, 0xab, 0x5d, 0xa8,
+        0x62, 0xe6, 0x66, 0xb1, 0x45, 0xb5, 0xf2, 0x3f,
+        0x3d, 0x09, 0x77, 0x79, 0x99, 0x29, 0xdf, 0xa2,
+        0xae, 0xdd, 0xa5, 0x3d, 0x15, 0x2e, 0xda, 0x1d,
+        0x0d, 0x0e, 0x4e, 0xa4, 0x3f, 0x6e, 0xd8, 0x89,
+        0xbb, 0x96, 0x5e, 0xef, 0xe0, 0xa7, 0xc6, 0x85,
+        0xbb, 0x36, 0x77, 0x0e, 0xaa, 0x87, 0x42, 0x42,
+        0xc0, 0xe2, 0x29, 0xcf, 0x6c, 0xe5, 0x6d, 0xef,
+        0xa5, 0xae, 0xae, 0x64, 0xd0, 0xc4, 0x0d, 0xda,
+        0x8a, 0xa2, 0x6e, 0xae, 0xb3, 0x14, 0x58, 0xf0,
+        0x70, 0xa3, 0xbc, 0x72, 0xe1, 0x61, 0x9e, 0xe9,
+        0xb5, 0xf6, 0x42, 0x29, 0x1c, 0x56, 0xdf, 0x5b,
+        0x7e, 0x43, 0xdb, 0x6c, 0x80, 0x2f, 0xc7, 0x4f,
+        0x4f, 0x3f, 0x9b, 0x5c, 0x0d, 0x35, 0x5c, 0x3a,
+        0xae, 0x52, 0x0a, 0xa3, 0x12, 0x29, 0xd1, 0x2f,
+        0x3e, 0x7c, 0xc5, 0xd4, 0x8e, 0x69, 0x11, 0x91,
+        0xa3, 0x6b, 0x28, 0x37, 0x65, 0xf4, 0x13, 0x3f,
+        0x0f, 0xf1, 0xfe, 0x2f, 0x01, 0xc6, 0x64, 0x8b,
+        0x27, 0x98, 0xa7, 0x4e, 0xb5, 0xd8, 0x42, 0xa2,
+        0x48, 0xf5, 0x24, 0xa7, 0xe7, 0xf8, 0x97, 0x42,
+        0x11, 0x29, 0x7b, 0x44, 0xf0, 0xdd, 0x19, 0xf3,
+        0x86, 0xe8, 0x6b, 0xe6, 0xba, 0x78, 0x2d, 0xe7,
+        0x7f, 0xde, 0x88, 0x72, 0x26, 0xf3, 0x7a, 0x1c,
+        0x77, 0xbc, 0x5e, 0xdd, 0xee, 0xe5, 0xbf, 0x46,
+        0xb6, 0x7f, 0xb7, 0x47, 0x8d, 0x55, 0x98, 0x65,
+        0xf2, 0x62, 0xca, 0xa8, 0x4d, 0x64, 0xa8, 0xce,
+        0x59, 0xe4, 0xdf, 0x08, 0x18, 0xe1, 0x48, 0x61,
+        0x52, 0x6a, 0xcd, 0x34, 0x83, 0x60, 0x0f, 0x3d,
+        0xae, 0x79, 0x59, 0xd3, 0x5d, 0x81, 0x81, 0xca,
+        0x6a, 0x81, 0xce, 0x79, 0x1b, 0xe0, 0x07, 0x52,
+        0xda, 0x77, 0x59, 0x44, 0x6a, 0x2c, 0xfb, 0xe0,
+        0x0b, 0x82, 0x48, 0xb9, 0x34, 0x91, 0xde, 0xbd,
+        0x52, 0x02, 0x20, 0xb7, 0x55, 0x41, 0x6d, 0x2f,
+        0xc6, 0xb7, 0xc8, 0xaf, 0x2f, 0xf7, 0x5e, 0x5b,
+        0xcb, 0xb8, 0xe7, 0x53, 0x73, 0x80, 0xa5, 0x72,
+        0x1c, 0x77, 0x48, 0x49, 0x57, 0xa6, 0x92, 0x71,
+        0xd8, 0xba, 0xfc, 0xe0, 0xf1, 0x66, 0x73, 0x5f,
+        0xf8, 0x69, 0x23, 0x2d, 0xe5, 0xd3, 0x81, 0xaf,
+        0xbf, 0x0e, 0x44, 0xd6, 0x91, 0x72, 0xb7, 0x9a,
+        0x35, 0x19, 0x19, 0x49, 0xde, 0x09, 0x70, 0x3b,
+        0x94, 0x22, 0x2b, 0x13, 0xc3, 0x85, 0xc6, 0x08,
+        0x1e, 0x6d, 0x2e, 0xde, 0x1e, 0x57, 0xfe, 0x18,
+        0x4e, 0xf8, 0xf6, 0x01, 0x96, 0xb9, 0xa3, 0xa7,
+        0xb7, 0xef, 0xf7, 0x49, 0x71, 0x91, 0xca, 0x87,
+        0x41, 0xb5, 0xa0, 0x1e, 0x79, 0xcb, 0x69, 0xa6,
+        0x11, 0x42, 0xe6, 0xf5, 0xd0, 0x80, 0xfb, 0xb3,
+        0xe5, 0x66, 0xf7, 0x9e, 0x14, 0x6f, 0x75, 0xc8,
+        0xa1, 0x09, 0x78, 0x60, 0x84, 0x1b, 0x47, 0x47,
+        0xdf, 0x60, 0x4d, 0xba, 0x95, 0x4e, 0x4a, 0x8d,
+        0x9e, 0x0d, 0xcc, 0xc1, 0xf6, 0x09, 0xd0, 0x5c,
+        0xf8, 0xd3, 0x12, 0x19, 0xec, 0xd6, 0x0c, 0x31,
+        0x2d, 0xe6, 0x84, 0x55, 0x2f, 0x09, 0x22, 0x7c,
+        0xb8, 0x29, 0x29, 0x1c, 0x64, 0x57, 0x32, 0xc5,
+        0xf5, 0xd4, 0xd7, 0x11, 0x63, 0x9f, 0x42, 0xa2,
+        0x30, 0x80, 0xaa, 0x34, 0xfe, 0x14, 0x20, 0xf2,
+        0x19, 0xbd, 0x6b, 0xcf, 0x4e, 0x3b, 0x29, 0xb9,
+        0xd0, 0x22, 0x93, 0xb2, 0xda, 0x81, 0x38, 0x3e,
+        0x0a, 0x51, 0xd2, 0xbb, 0x18, 0x6c, 0x7b, 0x0a,
+        0x21, 0x1a, 0x0c, 0xd6, 0x3a, 0xcb, 0xfc, 0x02,
+        0x10, 0x40, 0x1e, 0x98, 0x5d, 0x43, 0x6b, 0x38,
+        0x03, 0xd5, 0x60, 0x1c, 0x24, 0x13, 0x6a, 0xfd,
+        0x15, 0x62, 0x52, 0x2e, 0x45, 0xb4, 0x57, 0xcb,
+        0x43, 0x91, 0x78, 0xbe, 0x4a, 0x87, 0xcc, 0xe4,
+        0x03, 0x46, 0xd3, 0x4a, 0xe0, 0xf3, 0xc3, 0x91,
+        0x03, 0xc8, 0xa3, 0xeb, 0xc9, 0xc8, 0x6c, 0x8d,
+        0xb8, 0xfc, 0x55, 0x61, 0xeb, 0x0f, 0x3a, 0x14,
+        0x3d, 0x4e, 0x9f, 0xe9, 0x3a, 0x5c, 0xba, 0x6f,
+        0x6f, 0xca, 0xe5, 0x65, 0x0d, 0x3f, 0x43, 0xd2,
+        0x66, 0x8a, 0x59, 0x56, 0xc9, 0x22, 0x89, 0x3b,
+        0x81, 0x66, 0x47, 0xde, 0xd0, 0xaf, 0xc0, 0x52,
+        0xa6, 0xc3, 0xd9, 0xd0, 0x1a, 0x3d, 0x3a, 0xf0,
+        0xf1, 0xba, 0x80, 0x7f, 0xf1, 0x04, 0x91, 0xe1,
+        0x31, 0xdc, 0x15, 0xe1, 0x65, 0xcf, 0xd0, 0x65,
+        0x0a, 0x1f, 0x2c, 0x31, 0x3d, 0x79, 0x56, 0x14,
+        0x1e, 0xdc, 0xc6, 0x1c, 0xb9, 0x0e, 0x9e, 0x7a,
+        0xbf, 0x2f, 0xe3, 0x5f, 0xc9, 0xdc, 0x1b, 0xde,
+        0x88, 0x93, 0x9f, 0xa1, 0x1f, 0x7b, 0xbe, 0x3e,
+        0xb4, 0xd8, 0xff, 0xa6, 0x43, 0xb0, 0x74, 0xd7,
+        0x4f, 0x45, 0x11, 0x35, 0x86, 0xe9, 0xbb, 0x12,
+        0x06, 0x00, 0x03, 0xd7, 0x19, 0x41, 0xf2, 0xda,
+        0x09, 0x8d, 0xc0, 0xe9, 0x6c, 0xad, 0x32, 0x55,
+        0xcf, 0x32, 0x8e, 0xa2, 0xd3, 0x30, 0x8c, 0x1f,
+        0x45, 0x85, 0xe8, 0x9c, 0x61, 0x3c, 0x42, 0x6b,
+        0x7e, 0x79, 0x8e, 0x1e, 0xc4, 0xe9, 0x8f, 0xe6,
+        0xc7, 0x1e, 0x74, 0x91, 0xf5, 0xec, 0xa0, 0xcd,
+        0x05, 0x11, 0x58, 0x61, 0xbd, 0x16, 0x0e, 0x3f,
+        0xe7, 0x3a, 0x58, 0xa0, 0x26, 0xba, 0x53, 0x8e,
+        0x0e, 0x25, 0x6b, 0x92, 0xf1, 0xd7, 0xa2, 0x49,
+        0x75, 0x70, 0x59, 0x48, 0x56, 0x86, 0x0f, 0xfd,
+        0x06, 0xb6, 0x01, 0xac, 0x57, 0x55, 0x92, 0xf4,
+        0xac, 0x61, 0x2b, 0x5d, 0xe7, 0x86, 0x60, 0x42,
+        0x12, 0x3e, 0xbc, 0x60, 0xc5, 0x57, 0x68, 0xe3,
+        0xa7, 0x60, 0x0a, 0x32, 0x60, 0x55, 0x1f, 0x2b,
+        0xea, 0x22, 0xbb, 0xf6, 0xb6, 0xc8, 0x24, 0x6e,
+        0x80, 0xf9, 0x12, 0x5c, 0x4b, 0xb9, 0xdb, 0x35,
+        0x4d, 0xd6, 0x4a, 0xe6, 0x95, 0xc1, 0x5f, 0x50,
+        0x71, 0xf4, 0xab, 0xb9, 0x63, 0x92, 0x07, 0xca,
+        0xc7, 0x33, 0x1b, 0x31, 0x0f, 0x69, 0xa0, 0x5f,
+        0x54, 0xb9, 0x95, 0xde, 0x52, 0x9a, 0x02, 0x3f,
+        0x03, 0x3b, 0x05, 0x5d, 0xb9, 0x52, 0x87, 0xa1,
+        0x4b, 0xa3, 0x0a, 0x7c, 0xc5, 0x26, 0xbb, 0x72,
+        0x4c, 0x41, 0x7f, 0xba, 0x29, 0x06, 0x36, 0xa9,
+        0x96, 0xf2, 0x86, 0xe3, 0xe9, 0xe9, 0x39, 0xe4,
+        0xfe, 0x1c, 0x39, 0x8b, 0x5c, 0x65, 0x99, 0x95,
+        0x9d, 0x0b, 0x44, 0x45, 0xa3, 0x27, 0xec, 0x46,
+        0x9a, 0x16, 0x53, 0xcf, 0xae, 0xa7, 0x55, 0x2c,
+        0xec, 0xec, 0x08, 0x5c, 0xca, 0xa6, 0x89, 0x38,
+        0xae, 0x4a, 0xc3, 0xc4, 0x24, 0xf7, 0xe4, 0x80,
+        0x43, 0x9e, 0xbd, 0x2c, 0x99, 0x2b, 0x5f, 0x6f,
+        0x95, 0xec, 0x24, 0x4b, 0x65, 0x7d, 0xbd, 0xea,
+        0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf,
+        0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e,
+        0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee
+    };
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
         0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
         0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
         0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
         0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = {
+        0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3,
+        0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76,
+        0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48,
+        0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6
+    };
+#endif
 
-    ret = wc_KyberKey_Init(KYBER1024, &key, HEAP_HINT, INVALID_DEVID);
+#ifdef WOLFSSL_SMALL_STACK
+    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv == NULL || pub == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL || ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
+
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
 
-    ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber1024_rand,
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
         sizeof(kyber1024_rand));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub));
+    ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER_MAX_PUBLIC_KEY_SIZE);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv));
+    ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER_MAX_PRIVATE_KEY_SIZE);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024_rand;
+    (void)kyber1024_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, kyber1024_sk,
+        KYBER1024_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
-    ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber1024enc_rand,
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
         sizeof(kyber1024enc_rand));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024enc_rand;
+#endif
 
-    ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber1024_ct));
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber1024_ct,
+        sizeof(kyber1024_ct));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024_ct;
+    (void)kyber1024_ss;
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_KyberKey_Init(WC_ML_KEM_1024, key, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
 
-    wc_KyberKey_Free(&key);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
+        sizeof(kyber1024_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    return 0;
+    ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_KyberKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_MAX_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024_rand;
+    (void)ml_kem_1024_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_1024_sk,
+        WC_ML_KEM_1024_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
+        sizeof(kyber1024enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024enc_rand;
+#endif
+
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_1024_ct,
+        sizeof(ml_kem_1024_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)ml_kem_1024_ct;
+    (void)ml_kem_1024_ss;
+#endif
+#endif
+
+out:
+
+    if (key_inited)
+        wc_KyberKey_Free(key);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#endif
+
+    return ret;
 }
 #endif /* WOLFSSL_KYBER1024 */
 #endif /* WOLFSSL_WC_KYBER */
@@ -36530,17 +43139,56 @@ static wc_test_ret_t kyber1024_kat(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
 {
     wc_test_ret_t ret;
-    KyberKey key;
     WC_RNG rng;
     int i;
+#ifdef WOLFSSL_SMALL_STACK
+    KyberKey *key = NULL;
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    byte *priv = NULL;
+    byte *pub = NULL;
+    byte *priv2 = NULL;
+    byte *pub2 = NULL;
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    byte *ct = NULL;
+    byte *ss = NULL;
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    byte *ss_dec = NULL;
+#endif
+#endif
+#endif
+#else
+    KyberKey key[1];
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
     byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
     byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
     byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
     byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
     byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
     byte ss_dec[KYBER_SS_SZ];
-    int testData[][4] = {
+#endif
+#endif
+#endif
+#endif
+    int key_inited = 0;
+    static const int testData[][4] = {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        { WC_ML_KEM_512,  WC_ML_KEM_512_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_512_PUBLIC_KEY_SIZE,  WC_ML_KEM_512_CIPHER_TEXT_SIZE },
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        { WC_ML_KEM_768,  WC_ML_KEM_768_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_768_PUBLIC_KEY_SIZE,  WC_ML_KEM_768_CIPHER_TEXT_SIZE },
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        { WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE },
+    #endif
+#endif
+#ifdef WOLFSSL_KYBER_ORIGINAL
     #ifdef WOLFSSL_KYBER512
         { KYBER512,  KYBER512_PRIVATE_KEY_SIZE,  KYBER512_PUBLIC_KEY_SIZE,
           KYBER512_CIPHER_TEXT_SIZE },
@@ -36553,7 +43201,50 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
         { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
           KYBER1024_CIPHER_TEXT_SIZE },
     #endif
+#endif
     };
+    WOLFSSL_ENTER("kyber_test");
+
+#ifdef WOLFSSL_SMALL_STACK
+    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (pub == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv2 == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (pub2 == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
+#endif
+#endif
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
@@ -36561,93 +43252,3662 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
     ret = wc_InitRng(&rng);
 #endif
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
-        ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID);
+        ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        else
+            key_inited = 1;
 
-        ret = wc_KyberKey_MakeKey(&key, &rng);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+        ret = wc_KyberKey_MakeKey(key, &rng);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_EncodePublicKey(&key, pub, testData[i][2]);
+        ret = wc_KyberKey_EncodePublicKey(key, pub, testData[i][2]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_EncodePrivateKey(&key, priv, testData[i][1]);
+        ret = wc_KyberKey_EncodePrivateKey(key, priv, testData[i][1]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID);
+        ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_DecodePublicKey(&key, pub, testData[i][2]);
+        ret = wc_KyberKey_DecodePublicKey(key, pub, testData[i][2]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Encapsulate(&key, ct, ss, &rng);
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+        ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
 
-        ret = wc_KyberKey_EncodePublicKey(&key, pub2, testData[i][2]);
+        ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(pub, pub2, testData[i][2]) != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID);
+        ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_DecodePrivateKey(&key, priv, testData[i][1]);
+        ret = wc_KyberKey_DecodePrivateKey(key, priv, testData[i][1]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, testData[i][3]);
+#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
+        ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        if (XMEMCMP(ss, ss_dec, sizeof(ss)) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
 
-        ret = wc_KyberKey_EncodePrivateKey(&key, priv2, testData[i][1]);
+        ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]);
         if (ret != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
-            return WC_TEST_RET_ENC_I(i);
-
-        wc_KyberKey_Free(&key);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
     }
 
     wc_FreeRng(&rng);
 
 #ifdef WOLFSSL_WC_KYBER
-#ifdef WOLFSSL_KYBER512
+#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
     ret = kyber512_kat();
     if (ret != 0)
-        return ret;
+        goto out;
 #endif
-#ifdef WOLFSSL_KYBER768
+#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
     ret = kyber768_kat();
     if (ret != 0)
-        return ret;
+        goto out;
 #endif
-#ifdef WOLFSSL_KYBER1024
+#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
     ret = kyber1024_kat();
     if (ret != 0)
-        return ret;
+        goto out;
 #endif
 #endif /* WOLFSSL_WC_KYBER */
 
-    return 0;
+out:
+
+    if (key_inited)
+        wc_KyberKey_Free(key);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
+    XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
+    XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
+    XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#endif
+#endif
+#endif
+
+    return ret;
 }
 #endif /* WOLFSSL_HAVE_KYBER */
 
+#ifdef HAVE_DILITHIUM
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
+    word32 pubKeyLen, const byte* sig, word32 sigLen)
+{
+    byte msg[512];
+    dilithium_key* key;
+    byte * pubExported = NULL;
+    wc_test_ret_t ret;
+    int i;
+    int res = 0;
+    word32 lenExported = pubKeyLen;
+    int n_diff = 0;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    }
+
+    pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (pubExported == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    }
+
+    /* make dummy msg */
+    for (i = 0; i < (int)sizeof(msg); i++) {
+        msg[i] = (byte)i;
+    }
+
+    ret = wc_dilithium_init(key);
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        return ret;
+    }
+
+    ret = wc_dilithium_set_level(key, param);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (param >= WC_ML_DSA_DRAFT) {
+        ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg),
+            &res, key);
+    }
+    else
+#endif
+    {
+        ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
+            (word32)sizeof(msg), &res, key);
+    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (res != 1)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
+
+    /* Now test the export pub raw API, verify we recover the original pub. */
+    ret = wc_dilithium_export_public(key, pubExported, &lenExported);
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+
+    if (lenExported <= 0 || lenExported != pubKeyLen) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out);
+    }
+
+    n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen);
+
+    if (n_diff) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out);
+    }
+
+out:
+    wc_dilithium_free(key);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+static wc_test_ret_t dilithium_param_44_vfy_test(void)
+{
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
+        0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
+        0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f,
+        0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc,
+        0x76, 0xf0, 0x6d, 0x05, 0xa4, 0x78, 0x48, 0x84, 0x26, 0x69, 0xbd, 0x26,
+        0x1d, 0x73, 0x60, 0xaa, 0x57, 0x9d, 0x8c, 0x66, 0xb1, 0x19, 0xea, 0x11,
+        0xff, 0xbb, 0xf6, 0xeb, 0x26, 0x26, 0xac, 0x78, 0x74, 0x46, 0x6d, 0x51,
+        0x6e, 0x92, 0xdf, 0x6a, 0x98, 0x41, 0xe9, 0x10, 0xf2, 0xcc, 0xa8, 0x7a,
+        0x50, 0xdb, 0x1f, 0x4c, 0x42, 0x19, 0xd5, 0xbc, 0x76, 0x20, 0x6f, 0x2f,
+        0xbf, 0xc2, 0xc9, 0x1b, 0x02, 0xb5, 0xb1, 0x09, 0x46, 0x06, 0x87, 0x02,
+        0xac, 0x3d, 0xcf, 0xc3, 0xa5, 0x1b, 0xf0, 0xce, 0xd4, 0x9e, 0x84, 0x34,
+        0x3c, 0x24, 0x7d, 0x89, 0xf3, 0xbf, 0x9c, 0x18, 0x9d, 0x1b, 0x1d, 0xd4,
+        0xf6, 0xda, 0xc9, 0xa4, 0x14, 0xc4, 0x6b, 0xd7, 0x05, 0x6d, 0xed, 0x54,
+        0x42, 0x6b, 0x5f, 0x6d, 0x1e, 0xda, 0x6b, 0x47, 0x70, 0xe5, 0x4e, 0xe7,
+        0x25, 0x06, 0xf8, 0x28, 0x24, 0x34, 0xd6, 0xe5, 0xbe, 0xc5, 0x4f, 0x9e,
+        0x5d, 0x33, 0xfc, 0xef, 0xe4, 0xe9, 0x55, 0x67, 0x93, 0x1f, 0x2e, 0x11,
+        0x3a, 0x2e, 0xf2, 0xbb, 0x82, 0x09, 0x8d, 0xb2, 0x09, 0xf3, 0x2f, 0xef,
+        0x6f, 0x38, 0xc6, 0x56, 0xf2, 0x23, 0x08, 0x63, 0x99, 0x7f, 0x4e, 0xc0,
+        0x9d, 0x08, 0x9d, 0xa1, 0x59, 0x6e, 0xe1, 0x00, 0x2c, 0x99, 0xec, 0x83,
+        0x2f, 0x12, 0x97, 0x2f, 0x75, 0x04, 0x67, 0x44, 0xb5, 0x95, 0xce, 0xc6,
+        0x3e, 0x7a, 0x10, 0x77, 0x5e, 0xbe, 0x9c, 0x0f, 0xb3, 0xc7, 0x38, 0xbf,
+        0x9e, 0x35, 0x8f, 0xe4, 0x8d, 0x19, 0xc3, 0x41, 0xb1, 0x0b, 0x8c, 0x10,
+        0x9a, 0x58, 0xec, 0x4f, 0xb3, 0xe9, 0x5b, 0x72, 0x4b, 0xb8, 0x99, 0x34,
+        0x9a, 0xcd, 0xb0, 0x69, 0xd0, 0x67, 0xef, 0x96, 0xb9, 0xe5, 0x54, 0x92,
+        0xb7, 0x1a, 0x52, 0xf6, 0x0a, 0xc2, 0x23, 0x8d, 0x4f, 0xad, 0x00, 0xae,
+        0x0f, 0x97, 0xfa, 0xce, 0x96, 0xba, 0xe7, 0x74, 0x55, 0xd4, 0xaf, 0xbf,
+        0xa1, 0x32, 0x91, 0x2d, 0x03, 0x9f, 0xe3, 0x10, 0x8c, 0x77, 0x5d, 0x26,
+        0x76, 0xf1, 0x87, 0x90, 0xf0, 0x20, 0xd1, 0xea, 0xf7, 0xa4, 0xe8, 0x2c,
+        0x32, 0x1c, 0x55, 0xc0, 0x5d, 0xc9, 0xcd, 0x4e, 0x8f, 0x0d, 0xef, 0x0a,
+        0x27, 0xb6, 0x4f, 0xa4, 0xd3, 0xa4, 0xed, 0x33, 0x22, 0xa1, 0xd3, 0x15,
+        0xac, 0x1a, 0x20, 0x4e, 0x28, 0x8c, 0x8c, 0xd0, 0x71, 0xd1, 0xf2, 0xdb,
+        0x33, 0x63, 0xb6, 0xa4, 0xf2, 0x17, 0x3c, 0x12, 0xb0, 0xad, 0xef, 0x31,
+        0x91, 0xfe, 0xe5, 0x53, 0x99, 0xb6, 0x85, 0x63, 0xfa, 0xe6, 0xcd, 0xf6,
+        0xb9, 0xce, 0x4a, 0x7d, 0x4a, 0x49, 0x29, 0xd2, 0xd9, 0xc9, 0x47, 0x4a,
+        0x8a, 0x5c, 0x14, 0x5e, 0x0f, 0x7c, 0xc3, 0x91, 0xb0, 0xab, 0x37, 0xf5,
+        0x26, 0x8d, 0x46, 0x74, 0x49, 0xad, 0x51, 0xc3, 0x11, 0xfa, 0x85, 0x15,
+        0xa5, 0x84, 0xc1, 0xe0, 0x3c, 0x13, 0x6d, 0x13, 0xa3, 0xe6, 0xa8, 0x3c,
+        0x22, 0xac, 0x17, 0x48, 0x57, 0x7c, 0x81, 0xe2, 0x4e, 0xd8, 0x33, 0x5d,
+        0x4d, 0x65, 0xf7, 0xe1, 0xb8, 0x00, 0x78, 0x09, 0x16, 0xb0, 0x0b, 0xca,
+        0x15, 0x0d, 0xcd, 0x9a, 0xd8, 0x47, 0x4c, 0x9b, 0x69, 0xb2, 0xa0, 0x9d,
+        0x96, 0x96, 0x52, 0x6d, 0x89, 0xad, 0xff, 0x55, 0xde, 0x7b, 0xd6, 0x3d,
+        0x1d, 0x5e, 0x8d, 0xf1, 0xfc, 0x48, 0x1c, 0x50, 0x59, 0x55, 0xb9, 0x07,
+        0xfd, 0x6b, 0xcb, 0x95, 0xa6, 0x14, 0x73, 0xdb, 0x40, 0x40, 0x1c, 0x44,
+        0xe6, 0x79, 0x30, 0x88, 0xbd, 0xa0, 0xde, 0x9b, 0xb8, 0x76, 0xf8, 0x98,
+        0x56, 0x4b, 0xb9, 0x7a, 0xf6, 0xd4, 0x73, 0x89, 0x6b, 0xf7, 0x7d, 0x05,
+        0x33, 0xbe, 0xb6, 0x1c, 0x4d, 0xa7, 0x12, 0x3b, 0x3f, 0xed, 0x4a, 0x0f,
+        0xae, 0xa7, 0x6a, 0x26, 0x0d, 0x01, 0x84, 0x84, 0xa8, 0x0e, 0xc1, 0xc1,
+        0xfd, 0xe4, 0xa9, 0xe2, 0x3f, 0xab, 0xce, 0x20, 0x90, 0x86, 0x79, 0xa2,
+        0x40, 0xd0, 0xef, 0x79, 0x34, 0x2b, 0xe8, 0xc9, 0x54, 0xa7, 0x19, 0x62,
+        0xcc, 0x20, 0x79, 0x3f, 0x5b, 0x9c, 0x61, 0xc2, 0xc1, 0xd2, 0x36, 0x7c,
+        0x8e, 0xe3, 0x01, 0xbe, 0xc4, 0xb2, 0xb8, 0x07, 0x51, 0x23, 0x5b, 0x5d,
+        0x00, 0xe6, 0x7f, 0xd6, 0xbb, 0x32, 0xa9, 0x7e, 0xb4, 0x30, 0xeb, 0x5e,
+        0x6d, 0xed, 0xb2, 0xc3, 0x88, 0x81, 0xa3, 0x3b, 0x1f, 0x1e, 0xf9, 0x48,
+        0x10, 0xd6, 0x01, 0x65, 0x5f, 0x6d, 0xc5, 0xeb, 0x76, 0x5f, 0x10, 0x79,
+        0xaa, 0xc0, 0x86, 0xe7, 0x44, 0x95, 0x44, 0x4b, 0x54, 0x0c, 0x46, 0x2a,
+        0x98, 0x01, 0x6e, 0xc0, 0xb9, 0x59, 0x2a, 0xff, 0x8f, 0xb3, 0x80, 0x15,
+        0xec, 0xcd, 0x39, 0x36, 0xd7, 0x2f, 0x20, 0x9e, 0x3a, 0xc1, 0x90, 0xe5,
+        0x99, 0x27, 0x16, 0xd7, 0x6c, 0x30, 0x10, 0x12, 0x03, 0x3e, 0xdc, 0xb9,
+        0x03, 0x25, 0xb0, 0x8a, 0x27, 0x4d, 0x1a, 0x32, 0x36, 0x54, 0xc0, 0xba,
+        0x22, 0xb2, 0xe2, 0xf6, 0x39, 0x23, 0x03, 0xc4, 0xc9, 0xe4, 0x0d, 0x99,
+        0xfb, 0x98, 0xa5, 0x9b, 0x12, 0x9b, 0x58, 0x44, 0x74, 0x9f, 0x65, 0x61,
+        0x51, 0xba, 0x31, 0x60, 0x9c, 0xec, 0xf8, 0x4d, 0x36, 0x61, 0xd1, 0x33,
+        0x6d, 0xa6, 0x28, 0x75, 0xba, 0x7c, 0x82, 0xcb, 0x7e, 0xbe, 0x8f, 0x2d,
+        0x21, 0x84, 0xb9, 0xf2, 0x4e, 0x7b, 0x95, 0x99, 0x11, 0xf3, 0xe1, 0xc0,
+        0x6a, 0x44, 0xae, 0x11, 0xcb, 0x04, 0xa0, 0xf2, 0x3e, 0x17, 0xdf, 0xb2,
+        0x6a, 0xdf, 0x5c, 0xf3, 0x8a, 0xf8, 0x90, 0x86, 0x64, 0xea, 0x0a, 0x32,
+        0x7f, 0x9f, 0x90, 0xa8, 0x9d, 0x33, 0x12, 0xa6, 0xa4, 0xe7, 0x74, 0xa0,
+        0x75, 0xa9, 0x65, 0xf8, 0x39, 0xae, 0x14, 0x32, 0x79, 0xcc, 0xaa, 0x34,
+        0x86, 0x55, 0xcc, 0x99, 0xb7, 0x00, 0x05, 0x8b, 0xe3, 0x76, 0x28, 0x12,
+        0xb6, 0x2a, 0x3e, 0x44, 0x8d, 0xf4, 0xba, 0xef, 0xf6, 0xdc, 0x29, 0x08,
+        0x29, 0x7d, 0xd1, 0x1d, 0x17, 0x15, 0xb6, 0xb6, 0x58, 0x67, 0xd5, 0xd3,
+        0x12, 0x05, 0x4e, 0xb0, 0xc3, 0x83, 0xe0, 0x35, 0x30, 0x60, 0x59, 0xa0,
+        0xc5, 0x97, 0x5b, 0x81, 0xd3, 0x68, 0x6c, 0x8c, 0x17, 0x28, 0xa9, 0x24,
+        0x4f, 0x80, 0x20, 0xa5, 0x21, 0x9f, 0x8f, 0x15, 0x89, 0x2d, 0x87, 0xae,
+        0x2e, 0xcc, 0x73, 0x3e, 0x06, 0x43, 0xbc, 0xb3, 0x1b, 0xa6, 0x72, 0xaa,
+        0xa3, 0xaa, 0xbb, 0x6f, 0x2d, 0x68, 0x60, 0xcf, 0x05, 0x94, 0x25, 0x3e,
+        0x59, 0xf3, 0x64, 0x61, 0x5e, 0x78, 0x9a, 0x7e, 0x0d, 0x50, 0x45, 0x78,
+        0x51, 0xab, 0x11, 0xb1, 0xc6, 0x95, 0xfc, 0x29, 0x28, 0x10, 0x9c, 0x1a,
+        0x8c, 0x37, 0xb5, 0x4f, 0x0e, 0xed, 0x4a, 0x28, 0x6c, 0xaa, 0xb7, 0x0d,
+        0x12, 0xfa, 0x87, 0x5d, 0xd4, 0x9a, 0xb7, 0x2b, 0x46, 0x90, 0x58, 0x4e,
+        0xd7, 0x8b, 0x41, 0x1b, 0xf8, 0xc4, 0xc2, 0xde, 0xda, 0xec, 0x61, 0xe7,
+        0xbf, 0x11, 0xdd, 0x6e, 0x4e, 0x6a, 0xd4, 0x87, 0x01, 0xe4, 0xac, 0xe8,
+        0xaf, 0x2b, 0x01, 0xe1, 0x09, 0x20, 0xe0, 0xbd, 0x7d, 0x03, 0x73, 0x23,
+        0xdf, 0x77, 0x71, 0xa4, 0x25, 0x8b, 0x0a, 0x93, 0x49, 0x32, 0x45, 0x1a,
+        0xa4, 0x94, 0x31, 0x61, 0x2e, 0x17, 0x39, 0x8a, 0x66, 0xc9, 0xf9, 0x20,
+        0x2d, 0x6a, 0x97, 0x2f, 0xe7, 0x26, 0xd8, 0x01, 0x42, 0x65, 0xcf, 0xce,
+        0xd4, 0x24, 0x41, 0xfb, 0x9b, 0x6f, 0xf1, 0xc2, 0x9e, 0xd5, 0x08, 0x0c,
+        0xdc, 0x4d, 0x8e, 0xae, 0xcb, 0x5f, 0xd4, 0xcd, 0x7c, 0xf6, 0x82, 0xc6,
+        0xee, 0xf9, 0x88, 0x3a, 0x34, 0x07, 0x04, 0xb4, 0x84, 0x69, 0xb3, 0xa4,
+        0x67, 0xab, 0x09, 0xc0, 0x83, 0xfe, 0x59, 0xaf, 0x18, 0x2c, 0xc8, 0x09,
+        0xc1, 0xbb, 0x13, 0x7c, 0xce, 0x01, 0x5d, 0x85, 0xaa, 0x10, 0x28, 0xa2,
+        0x96, 0x98, 0x69, 0x23, 0xa3, 0xe7, 0x67, 0xbc, 0x7c, 0x7e, 0xde, 0x4b,
+        0x36, 0xab, 0x94, 0xd2, 0xb8, 0xf9, 0xdf, 0xee, 0xa1, 0x69, 0xa1, 0xc8,
+        0xe9, 0x83, 0x21, 0xac, 0x1b, 0x39, 0xf7, 0x6d, 0xbf, 0x8c, 0xdb, 0xd6,
+        0x2f, 0xc9, 0x3c, 0x3d, 0x50, 0xcf, 0x7f, 0xbe, 0x4a, 0x8d, 0xd8, 0x14,
+        0xad, 0x69, 0xb0, 0x3e, 0x8a, 0xaf, 0xeb, 0xd9, 0x1a, 0x15, 0x4a, 0xe4,
+        0xdd, 0xd9, 0xb2, 0xf8, 0x6b, 0xe2, 0x42, 0x9e, 0x29, 0x16, 0xfc, 0x85,
+        0x9c, 0x47, 0x4b, 0x1f, 0x3d, 0x7b, 0x8c, 0xe1, 0x6d, 0xa3, 0xb8, 0x0a,
+        0xe6, 0xfa, 0x27, 0xfe, 0x52, 0x72, 0xab, 0x3a, 0xa6, 0x58, 0xd7, 0x53,
+        0xaf, 0x9f, 0xee, 0x03, 0x85, 0xfc, 0xa4, 0x7a, 0x72, 0x29, 0x7e, 0x62,
+        0x28, 0x08, 0x79, 0xa8, 0xb8, 0xc7, 0x51, 0x8d, 0xaa, 0x40, 0x2d, 0x4a,
+        0xd9, 0x47, 0xb4, 0xa8, 0xa2, 0x0a, 0x43, 0xd0, 0xe0, 0x4a, 0x39, 0xa3,
+        0x06, 0x08, 0x9a, 0xe2, 0xf3, 0xf2, 0xf8, 0xb9, 0x9f, 0x63, 0x32, 0xa0,
+        0x65, 0x0b, 0xb0, 0x50, 0x96, 0xa6, 0xa8, 0x7a, 0x18, 0xdd, 0x6c, 0xd1,
+        0x9b, 0xd9, 0x4e, 0x76, 0x8f, 0xfb, 0x22, 0xa6, 0x1d, 0x29, 0xfc, 0xb8,
+        0x47, 0x29, 0xb6, 0xd1, 0xb1, 0x63, 0x4a, 0x36, 0x1b, 0x10, 0xe6, 0x4c,
+        0x65, 0x68, 0x1f, 0xad, 0x4f, 0x7d, 0x6b, 0x01, 0x41, 0x18, 0x5f, 0xba,
+        0x3d, 0xa6, 0x54, 0x28, 0x58, 0xd5, 0x81, 0x60, 0xdf, 0x84, 0x76, 0x00,
+        0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c,
+        0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
+        0x70, 0x8d, 0x8b, 0x9c
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b,
+    0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81,
+    0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31,
+    0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a,
+    0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79,
+    0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7,
+    0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8,
+    0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c,
+    0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02,
+    0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26,
+    0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a,
+    0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38,
+    0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d,
+    0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4,
+    0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb,
+    0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8,
+    0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c,
+    0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72,
+    0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe,
+    0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa,
+    0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92,
+    0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5,
+    0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2,
+    0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b,
+    0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e,
+    0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77,
+    0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58,
+    0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad,
+    0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55,
+    0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f,
+    0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc,
+    0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27,
+    0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d,
+    0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51,
+    0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18,
+    0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21,
+    0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79,
+    0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b,
+    0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f,
+    0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50,
+    0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d,
+    0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83,
+    0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46,
+    0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5,
+    0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19,
+    0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b,
+    0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc,
+    0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20,
+    0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45,
+    0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff,
+    0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07,
+    0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a,
+    0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e,
+    0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5,
+    0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00,
+    0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d,
+    0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34,
+    0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3,
+    0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12,
+    0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1,
+    0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37,
+    0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde,
+    0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9,
+    0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee,
+    0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f,
+    0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b,
+    0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4,
+    0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf,
+    0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3,
+    0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75,
+    0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87,
+    0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45,
+    0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f,
+    0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39,
+    0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf,
+    0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d,
+    0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55,
+    0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0,
+    0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49,
+    0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3,
+    0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6,
+    0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71,
+    0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d,
+    0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a,
+    0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac,
+    0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9,
+    0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe,
+    0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e,
+    0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2,
+    0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7,
+    0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9,
+    0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f,
+    0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d,
+    0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa,
+    0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60,
+    0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef,
+    0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82,
+    0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83,
+    0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61,
+    0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e,
+    0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2,
+    0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37,
+    0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f,
+    0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3,
+    0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34,
+    0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9,
+    0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12,
+    0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e,
+    0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a,
+    0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5,
+    0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7,
+    0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9,
+    0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76,
+    0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7,
+    0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66,
+    0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99,
+    0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a,
+    0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1,
+    0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68,
+    0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39,
+    0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a,
+    0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81,
+    0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42,
+    0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d,
+    0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6,
+    0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
+    0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
+    0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
+    0xfe, 0x4b
+    };
+#endif
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = {
+        0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4,
+        0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc,
+        0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68,
+        0xb9, 0x80, 0x5a, 0x4a, 0x0d, 0x73, 0x49, 0xe1, 0xc6, 0xde, 0xca, 0x08,
+        0x4f, 0xca, 0xf8, 0xb2, 0xf8, 0x45, 0x3b, 0x6b, 0x8c, 0x6c, 0xfd, 0x3a,
+        0xf4, 0xde, 0xde, 0x82, 0xd8, 0x04, 0xbe, 0x4f, 0x4a, 0xdb, 0x92, 0x47,
+        0x83, 0x2d, 0xc4, 0x55, 0xed, 0x20, 0x4f, 0x71, 0xb1, 0x58, 0xd9, 0x70,
+        0x73, 0xbd, 0xb0, 0x3a, 0xb4, 0x8f, 0xd6, 0x9e, 0x32, 0x98, 0x2b, 0x9e,
+        0xff, 0x2a, 0x7c, 0xcb, 0x05, 0x1b, 0x8e, 0xe6, 0x3a, 0x45, 0xc6, 0x7a,
+        0xc8, 0xaf, 0x62, 0xd3, 0x04, 0xfa, 0x69, 0x4f, 0xda, 0x1b, 0x74, 0x16,
+        0x0d, 0xb3, 0x1a, 0xee, 0x71, 0xd7, 0xb0, 0xef, 0x69, 0xf5, 0xe2, 0xe9,
+        0xc2, 0xcc, 0x15, 0x66, 0x28, 0x0a, 0xac, 0xe2, 0x63, 0x06, 0xb7, 0x21,
+        0x0d, 0xd8, 0x5c, 0x94, 0x63, 0xfd, 0x51, 0x18, 0x9f, 0x07, 0x19, 0x3d,
+        0xa2, 0x50, 0x40, 0xd3, 0xe9, 0x05, 0xd4, 0x11, 0x13, 0x15, 0xaa, 0x46,
+        0xda, 0x3e, 0x5f, 0xcd, 0x3c, 0xfa, 0x42, 0xba, 0x79, 0x4a, 0xb7, 0x43,
+        0x91, 0xa5, 0xcb, 0xbc, 0xeb, 0x37, 0x94, 0xf1, 0x9c, 0xb9, 0xdb, 0x41,
+        0x06, 0xd8, 0x7b, 0x5e, 0x90, 0xe3, 0x3c, 0x8a, 0x10, 0x62, 0x9a, 0x15,
+        0x27, 0x78, 0xed, 0x69, 0x11, 0x2c, 0xb5, 0xb4, 0xdb, 0xc8, 0x70, 0x50,
+        0x62, 0x47, 0x96, 0xcb, 0xd9, 0xb2, 0x3e, 0x59, 0x2f, 0x1c, 0xac, 0xcb,
+        0xcf, 0x22, 0xc2, 0x9b, 0xc7, 0x92, 0xe9, 0x4d, 0x8d, 0x5d, 0xcf, 0x06,
+        0x53, 0x7e, 0xf4, 0x4e, 0xfe, 0x9e, 0x41, 0x5d, 0x00, 0x8c, 0x08, 0xf4,
+        0x02, 0x79, 0x33, 0x1c, 0x27, 0x1d, 0xe3, 0x94, 0xac, 0xe6, 0x87, 0xa0,
+        0x08, 0xb4, 0x60, 0x0c, 0xff, 0x47, 0xdc, 0x16, 0x3a, 0x1d, 0x89, 0xc0,
+        0x6a, 0xa4, 0x3d, 0x71, 0x33, 0xdd, 0x1e, 0x70, 0xfe, 0xd4, 0x8b, 0xed,
+        0x7c, 0x91, 0xe4, 0xe2, 0x15, 0x06, 0xc1, 0x83, 0x24, 0x55, 0xa7, 0x2a,
+        0x9f, 0x4e, 0xd9, 0x56, 0x7a, 0x95, 0xa8, 0xdd, 0xc4, 0xf0, 0x71, 0x3a,
+        0x99, 0x65, 0x31, 0x4b, 0xb7, 0x96, 0x2c, 0x53, 0x54, 0x83, 0xec, 0xc9,
+        0x97, 0x2f, 0x0c, 0xa4, 0x8f, 0xbb, 0x93, 0x9d, 0xea, 0xae, 0xf9, 0xcb,
+        0xb2, 0xb9, 0xa3, 0x61, 0x5f, 0x77, 0x8c, 0xb6, 0x5a, 0x56, 0xbe, 0x5f,
+        0x85, 0xd1, 0xb5, 0x0a, 0x53, 0xe2, 0xc7, 0xbf, 0x76, 0x8b, 0x97, 0x6f,
+        0x10, 0xdd, 0x1f, 0x44, 0x69, 0x66, 0x03, 0xc4, 0x6b, 0x59, 0xf7, 0xb4,
+        0xc1, 0x12, 0xcc, 0x00, 0x70, 0xe8, 0xbd, 0x44, 0x28, 0xf5, 0xfa, 0x96,
+        0xf3, 0x59, 0xed, 0x81, 0x67, 0xe0, 0xbe, 0x47, 0x75, 0xb3, 0xa8, 0x9f,
+        0x21, 0x70, 0x2e, 0x6f, 0xef, 0x54, 0x11, 0x3f, 0x34, 0xaf, 0x0d, 0x73,
+        0x5b, 0x9e, 0x6d, 0x86, 0x58, 0xb7, 0x34, 0xc2, 0xc2, 0xb3, 0x64, 0xd5,
+        0x9b, 0x6e, 0xb9, 0x99, 0x6a, 0xe4, 0xfd, 0xc3, 0x17, 0xf3, 0x10, 0xfc,
+        0x6e, 0xf5, 0x65, 0xe1, 0x9c, 0x59, 0x15, 0x11, 0x00, 0xea, 0x96, 0x81,
+        0x69, 0x9b, 0x05, 0x4d, 0xf3, 0xce, 0xf3, 0xf0, 0xa9, 0x01, 0x3f, 0x13,
+        0xbb, 0xb0, 0xac, 0xc3, 0x92, 0x1c, 0x2b, 0x61, 0xe3, 0x01, 0x22, 0x45,
+        0x4a, 0x23, 0x19, 0x80, 0xca, 0xb9, 0xef, 0x4e, 0x76, 0x52, 0xc5, 0x9d,
+        0x91, 0x33, 0x17, 0xc4, 0x28, 0x83, 0x55, 0x61, 0x49, 0x72, 0x04, 0xaa,
+        0xf8, 0xe3, 0x4b, 0x20, 0xf7, 0x6a, 0x74, 0x56, 0x64, 0xf9, 0xb3, 0xc9,
+        0x67, 0x5b, 0x55, 0x29, 0x9a, 0x89, 0xa5, 0x14, 0x67, 0xea, 0x6d, 0x6a,
+        0xde, 0x98, 0x58, 0x73, 0x25, 0xa3, 0xdb, 0xed, 0x3d, 0x62, 0xaa, 0xe0,
+        0x79, 0x7f, 0xa3, 0xd9, 0xb5, 0x4c, 0xe9, 0xa8, 0xdf, 0xfd, 0x59, 0x31,
+        0x42, 0x81, 0x9e, 0xb7, 0x81, 0x3f, 0x0e, 0xfb, 0xef, 0x80, 0x71, 0x9d,
+        0xb7, 0xa5, 0xfc, 0xb1, 0x80, 0xc9, 0x7e, 0x31, 0xd9, 0x47, 0xe2, 0xca,
+        0x10, 0x7b, 0xd1, 0xa1, 0x1c, 0x28, 0xc7, 0x7f, 0x51, 0x26, 0xb1, 0x4e,
+        0x57, 0xdd, 0x7d, 0x76, 0x5c, 0x5a, 0x85, 0xa7, 0x7b, 0x8c, 0xc5, 0x6e,
+        0xac, 0x20, 0xf8, 0x49, 0x16, 0xd6, 0x64, 0xf5, 0xf4, 0x2c, 0x32, 0xa1,
+        0x5d, 0xfb, 0x87, 0xb6, 0x14, 0xfe, 0x68, 0x7c, 0x4d, 0xce, 0xd7, 0x94,
+        0xf9, 0x8b, 0xf0, 0x61, 0xfd, 0xe0, 0x83, 0x7f, 0x13, 0xec, 0x7a, 0xb7,
+        0x41, 0x04, 0x51, 0x6e, 0x30, 0xa2, 0x01, 0xf7, 0x30, 0x12, 0xec, 0xd2,
+        0x8f, 0x73, 0xe7, 0x8e, 0x12, 0xb4, 0xe5, 0xc1, 0xff, 0xdf, 0x67, 0x14,
+        0xb1, 0xe9, 0xba, 0x36, 0x19, 0x18, 0xf4, 0xaa, 0xe0, 0xe4, 0x9d, 0xcd,
+        0xe8, 0xe7, 0x2b, 0x33, 0xb3, 0xdc, 0xb9, 0x19, 0xd7, 0xad, 0xa4, 0x68,
+        0xcd, 0x83, 0x77, 0x98, 0x36, 0x49, 0xd9, 0x32, 0x20, 0xfd, 0xfc, 0x34,
+        0xe7, 0x54, 0xd9, 0xb5, 0x05, 0xab, 0x0e, 0x08, 0x0e, 0x16, 0x8a, 0x7d,
+        0x91, 0x4c, 0xaa, 0x19, 0x04, 0x37, 0x35, 0xa5, 0xab, 0x6c, 0xee, 0xc4,
+        0x90, 0xf0, 0x5f, 0xc7, 0xae, 0x82, 0xfd, 0x59, 0x53, 0xe5, 0x36, 0x5a,
+        0x56, 0x37, 0x61, 0x69, 0xda, 0xe5, 0x8f, 0xfd, 0x2e, 0xd4, 0x9c, 0x7f,
+        0xb6, 0x39, 0xa4, 0x8d, 0x0a, 0xab, 0x82, 0x0f, 0xfe, 0x84, 0x69, 0x44,
+        0x8a, 0xa6, 0xd0, 0x39, 0xf9, 0x72, 0x68, 0xe7, 0x97, 0xd8, 0x6c, 0x7b,
+        0xec, 0x85, 0x8c, 0x52, 0xc9, 0x97, 0xbb, 0xc4, 0x7a, 0x67, 0x22, 0x60,
+        0x46, 0x9f, 0x16, 0xf1, 0x67, 0x0e, 0x1b, 0x50, 0x7c, 0xc4, 0x29, 0x15,
+        0xbc, 0x55, 0x6a, 0x67, 0xf6, 0xa8, 0x85, 0x66, 0x89, 0x9f, 0xff, 0x38,
+        0x28, 0xaa, 0x87, 0x91, 0xce, 0xde, 0x8d, 0x45, 0x5c, 0xa1, 0x25, 0x95,
+        0xe2, 0x86, 0xdd, 0xa1, 0x87, 0x6a, 0x0a, 0xa8, 0x3e, 0x63, 0x0e, 0x21,
+        0xa5, 0x6e, 0x08, 0x4d, 0x07, 0xb6, 0x26, 0xa8, 0x92, 0xdb, 0xed, 0x13,
+        0x01, 0xc3, 0xba, 0xcf, 0xad, 0x01, 0xbc, 0xe5, 0xc0, 0xba, 0xbe, 0x7c,
+        0x75, 0xf1, 0xb9, 0xfe, 0xd3, 0xf0, 0xa5, 0x2c, 0x8e, 0x10, 0xff, 0x99,
+        0xcb, 0xe2, 0x2d, 0xdc, 0x2f, 0x76, 0x00, 0xf8, 0x51, 0x7c, 0xcc, 0x52,
+        0x16, 0x0f, 0x18, 0x98, 0xea, 0x34, 0x06, 0x7f, 0xb7, 0x2e, 0xe9, 0x40,
+        0xf0, 0x2d, 0x30, 0x3d, 0xc0, 0x67, 0x4c, 0xe6, 0x63, 0x40, 0x41, 0x42,
+        0x96, 0xbb, 0x0b, 0xd6, 0xc9, 0x1c, 0x22, 0x7a, 0xa9, 0x4d, 0xcc, 0x5b,
+        0xaa, 0x03, 0xc6, 0x3b, 0x1e, 0x2f, 0x11, 0xae, 0x34, 0x6f, 0x0c, 0xe9,
+        0x16, 0x9c, 0x82, 0x3b, 0x90, 0x4c, 0x0e, 0xf0, 0xf9, 0x7f, 0x02, 0xca,
+        0xb9, 0xa9, 0x49, 0x6d, 0x27, 0x73, 0xd0, 0xbf, 0x15, 0x61, 0x52, 0xbc,
+        0xd6, 0x31, 0x59, 0x2b, 0x52, 0x5b, 0xaf, 0x3c, 0xc0, 0x8f, 0xdc, 0xd5,
+        0x2c, 0x1d, 0xe4, 0xe9, 0x41, 0xe8, 0xd3, 0x35, 0xd6, 0xb1, 0xf3, 0x32,
+        0xe0, 0x52, 0x08, 0x73, 0x99, 0xb6, 0x6b, 0xbc, 0x26, 0xfb, 0x2e, 0xa7,
+        0xb7, 0xcd, 0x14, 0xf0, 0xf9, 0xe5, 0x3a, 0xd0, 0x05, 0x5b, 0x2b, 0x38,
+        0xbd, 0x7c, 0xda, 0xd4, 0x15, 0x45, 0xfa, 0x3b, 0x6f, 0x94, 0x8e, 0x22,
+        0xce, 0xfa, 0x53, 0xe0, 0x5f, 0xa6, 0x9d, 0x1c, 0x26, 0x91, 0x8a, 0xab,
+        0x72, 0x5b, 0x18, 0x78, 0x69, 0x98, 0x3f, 0x8d, 0x33, 0x7c, 0x21, 0x93,
+        0x9e, 0xf0, 0xaf, 0xb7, 0x30, 0xc8, 0xac, 0xbc, 0xdb, 0x9c, 0x29, 0x17,
+        0x6b, 0x9d, 0x0f, 0x16, 0xd6, 0xc0, 0xcc, 0x3b, 0xce, 0x11, 0xe9, 0x64,
+        0xc8, 0xd4, 0x4c, 0x98, 0x7c, 0x8f, 0xf1, 0x5e, 0x84, 0xe4, 0x72, 0xf9,
+        0x69, 0xf5, 0x9d, 0xad, 0x95, 0x3b, 0xfb, 0x6d, 0x30, 0x7e, 0x0a, 0x47,
+        0x5b, 0x26, 0xb2, 0x4e, 0xeb, 0x1a, 0xc3, 0x37, 0x16, 0x28, 0x79, 0x62,
+        0xb4, 0x36, 0x85, 0x4a, 0x15, 0x5a, 0xc3, 0x6e, 0xbe, 0x7e, 0x00, 0xe9,
+        0x4a, 0xa5, 0xd7, 0x90, 0xcf, 0x59, 0x63, 0x2d, 0x2b, 0xc2, 0xc6, 0x47,
+        0xe6, 0x77, 0xb7, 0x6e, 0x9b, 0xc8, 0x0d, 0x18, 0x2b, 0x45, 0x2b, 0xc9,
+        0x5a, 0x6e, 0xb4, 0x50, 0xa5, 0x23, 0x7d, 0x17, 0xcc, 0x49, 0xe2, 0xb3,
+        0xf4, 0x6d, 0xb4, 0xb7, 0xbb, 0x9e, 0xdd, 0x20, 0x99, 0x19, 0xf5, 0x53,
+        0x1f, 0xd0, 0xff, 0x67, 0xf3, 0x8e, 0x6a, 0xcd, 0x2a, 0x6e, 0x2b, 0x0a,
+        0x90, 0xd7, 0xdb, 0xe1, 0xff, 0x1c, 0x40, 0xa1, 0xb0, 0x5d, 0x94, 0x4d,
+        0x20, 0x14, 0x01, 0xa1, 0xa8, 0xd1, 0x15, 0xd2, 0xd9, 0x1b, 0xbf, 0xc2,
+        0x8a, 0xd0, 0x02, 0xf6, 0x16, 0xa1, 0xb7, 0x40, 0xe0, 0x36, 0x88, 0xc8,
+        0x17, 0x0a, 0xf0, 0xb6, 0x0d, 0x3c, 0x53, 0xb9, 0x51, 0xed, 0xef, 0x20,
+        0x6f, 0xf3, 0x0c, 0xb5, 0xce, 0x0e, 0x9e, 0xfd, 0x0f, 0x5e, 0x3f, 0x8f,
+        0x3c, 0xb7, 0x2a, 0xdb, 0xc6, 0xa7, 0xf2, 0x11, 0x6e, 0xdc, 0x05, 0x33,
+        0xd4, 0xd8, 0xb0, 0x2d, 0x8a, 0xe5, 0x39, 0x82, 0x00, 0x49, 0x7d, 0xfd,
+        0x32, 0x29, 0xbb, 0x79, 0x5d, 0xcb, 0x21, 0x7b, 0x2d, 0x36, 0x58, 0x73,
+        0x52, 0x57, 0x52, 0x96, 0x4d, 0x89, 0x61, 0xf4, 0xad, 0x1f, 0x48, 0xd5,
+        0x7a, 0x4a, 0xaa, 0x1c, 0xa1, 0xf4, 0xb4, 0x9c, 0x43, 0x3b, 0x95, 0x72,
+        0xd0, 0x0e, 0x35, 0x82, 0x26, 0xd4, 0x2e, 0xe3, 0x83, 0x96, 0x97, 0x5a,
+        0x7b, 0xfc, 0x48, 0x17, 0x3c, 0xba, 0x9e, 0x5f, 0x46, 0x1a, 0x53, 0xe3,
+        0x2e, 0x78, 0x79, 0x80, 0xf6, 0x2d, 0x24, 0xcf, 0x62, 0xb6, 0x86, 0xeb,
+        0xee, 0xec, 0xf2, 0x1d, 0x00, 0xc8, 0x28, 0x9d, 0x93, 0x16, 0xa7, 0xd9,
+        0x11, 0x47, 0xe3, 0xc4, 0xb6, 0xc4, 0xa0, 0x99, 0x83, 0xc1, 0x17, 0xd8,
+        0x8e, 0xde, 0x69, 0x1d, 0xcb, 0xdd, 0xe7, 0x86, 0x6f, 0xf2, 0x36, 0x07,
+        0x23, 0x86, 0x0d, 0xe9, 0xad, 0x87, 0xae, 0x76, 0x98, 0x95, 0x51, 0xf2,
+        0xb3, 0x11, 0xc5, 0x34, 0xf0, 0x0c, 0xf8, 0x29, 0x9c, 0x84, 0x4f, 0x81,
+        0x49, 0x85, 0x63, 0x25, 0x16, 0xb0, 0xc3, 0xaa, 0xd7, 0x8a, 0x2e, 0x4b,
+        0x97, 0x60, 0x74, 0xf8, 0xa7, 0x39, 0xec, 0x6c, 0x2c, 0x9b, 0x33, 0x3a,
+        0x11, 0xbd, 0xa6, 0x90, 0x48, 0x65, 0xb1, 0xe7, 0x38, 0x53, 0x47, 0x1b,
+        0x62, 0xd5, 0xb7, 0xa8, 0xd4, 0xae, 0xf5, 0x12, 0x06, 0x12, 0x54, 0xa2,
+        0xce, 0xf1, 0x6b, 0x3a, 0xda, 0x63, 0x2e, 0x37, 0x2a, 0x25, 0x89, 0x30,
+        0x98, 0x77, 0x1d, 0x4b, 0x5a, 0x1e, 0xb7, 0x3d, 0xed, 0x19, 0xec, 0x9f,
+        0x64, 0x46, 0xa8, 0x2a, 0x79, 0xf3, 0x70, 0x39, 0x9f, 0x8c, 0xc3, 0x28,
+        0xcc, 0x2a, 0xc0, 0xd0, 0xe6, 0x80, 0xf5, 0x01, 0x78, 0x72, 0x7f, 0xe7,
+        0x2e, 0x7b, 0x5f, 0x05, 0xc3, 0x41, 0x33, 0x07, 0xdb, 0x9c, 0xa8, 0x96,
+        0xa7, 0x21, 0x20, 0x23, 0xd0, 0x59, 0x39, 0x06, 0x19, 0xa4, 0x29, 0xe5,
+        0x72, 0x39, 0x69, 0x23, 0xe3, 0xfa, 0x28, 0x63, 0xf5, 0x42, 0x3b, 0xca,
+        0x88, 0x5d, 0x7e, 0x47, 0x93, 0xa8, 0x8c, 0x75, 0xf2, 0x19, 0x44, 0x43,
+        0x15, 0x39, 0x03, 0x42, 0xd8, 0x1d, 0x81, 0x30, 0x8e, 0x84, 0x31, 0x24,
+        0x75, 0x67, 0x4e, 0xbe, 0xfe, 0x0a, 0xd8, 0xc3, 0xe7, 0x5b, 0xe1, 0xd5,
+        0x12, 0x6a, 0x69, 0x99, 0xcd, 0x35, 0xca, 0x22, 0x02, 0x65, 0xb3, 0x0f,
+        0x50, 0xb6, 0xaa, 0xc6, 0x91, 0x5c, 0x4d, 0xd4, 0x07, 0x93, 0x46, 0xf0,
+        0xcc, 0xe1, 0x92, 0x14, 0x91, 0x21, 0x43, 0xc4, 0xba, 0x45, 0x1c, 0x47,
+        0x29, 0xdf, 0xff, 0x89, 0x60, 0xee, 0x89, 0x1e, 0xc3, 0xb4, 0xb9, 0x0b,
+        0xc9, 0x7e, 0xd9, 0x15, 0xb0, 0x80, 0x91, 0xbe, 0xb9, 0x43, 0x48, 0x12,
+        0x86, 0x8e, 0x79, 0x38, 0x4d, 0xce, 0x36, 0x7f, 0xc3, 0xe8, 0xb7, 0xb9,
+        0x92, 0xbf, 0x27, 0x20, 0x54, 0xc8, 0x05, 0x63, 0x3b, 0xf5, 0x48, 0x1a,
+        0xa9, 0x04, 0x6c, 0xb6, 0x0e, 0x11, 0xea, 0xf3, 0x59, 0xb9, 0xa6, 0xf6,
+        0xf8, 0x0b, 0x15, 0xed, 0x30, 0xf9, 0xe4, 0xe5, 0x26, 0x2d, 0xbb, 0xc6,
+        0x5b, 0x36, 0xbb, 0x73, 0xa6, 0x4f, 0xf5, 0x43, 0x9f, 0xd7, 0xb9, 0x0f,
+        0xbc, 0x4f, 0x8d, 0xb8, 0xec, 0x1d, 0x42, 0x19, 0x56, 0x37, 0xc4, 0xcb,
+        0xd0, 0x16, 0x85, 0xff, 0xd3, 0x9b, 0xef, 0xc8, 0x75, 0x37, 0xd1, 0x92,
+        0xad, 0x21, 0x94, 0x1e, 0x9a, 0xf6, 0x2f, 0x6d, 0x30, 0xba, 0x37, 0xc3,
+        0xdc, 0x11, 0xe0, 0x79, 0xa4, 0x92, 0x1f, 0xe4, 0xaa, 0x7a, 0x6b, 0x2a,
+        0xe4, 0x04, 0xb7, 0xf9, 0x86, 0x95, 0xdb, 0xa8, 0xfc, 0x8a, 0x53, 0x21,
+        0x31, 0x14, 0xf7, 0x40, 0x01, 0x78, 0x4e, 0x73, 0x18, 0xb3, 0x54, 0xd7,
+        0xa6, 0x93, 0xf0, 0x70, 0x04, 0x1c, 0xe0, 0x2b, 0xef, 0xee, 0xd4, 0x64,
+        0xa7, 0xd9, 0x9f, 0x81, 0x4f, 0xe5, 0x1e, 0xbe, 0x6e, 0xd2, 0xf6, 0x3a,
+        0xba, 0xcf, 0x8c, 0x96, 0x2a, 0x3d, 0xf7, 0xe5, 0x5c, 0x59, 0x40, 0x9c,
+        0xe3, 0xf9, 0x2b, 0x6d, 0x3d, 0xf2, 0x6f, 0x81, 0xd6, 0xab, 0x9c, 0xab,
+        0xc6, 0xf7, 0x8f, 0xaa, 0xe5, 0x71, 0xe3, 0xc9, 0x8c, 0x1a, 0xeb, 0xc5,
+        0x87, 0xe7, 0xb0, 0xde, 0x18, 0xba, 0xaa, 0x1e, 0xda, 0x12, 0x32, 0x16,
+        0x94, 0x3a, 0x6e, 0x4f, 0x84, 0x06, 0x8e, 0x33, 0xf7, 0xfa, 0x35, 0xb8,
+        0x45, 0xe4, 0x5e, 0x9e, 0x46, 0x05, 0x7a, 0xf7, 0xf4, 0x99, 0xad, 0xb9,
+        0xdd, 0x55, 0xd9, 0x52, 0x3b, 0x93, 0xe3, 0x9b, 0x54, 0x1b, 0xe6, 0xa9,
+        0x70, 0xd3, 0x48, 0xf9, 0x3d, 0xdb, 0x88, 0x63, 0x66, 0xa0, 0xab, 0x72,
+        0x83, 0x6e, 0x8f, 0x78, 0x9d, 0x55, 0x46, 0x21, 0xca, 0x7c, 0xb7, 0x5d,
+        0x16, 0xe8, 0x66, 0x3b, 0x7b, 0xaa, 0xfe, 0x9c, 0x9c, 0x33, 0xc9, 0xc2,
+        0xa4, 0x3c, 0x78, 0x97, 0xf3, 0x5b, 0xc2, 0x29, 0x36, 0x98, 0x68, 0x28,
+        0xfe, 0x0a, 0xae, 0x6f, 0xe5, 0xf7, 0xfb, 0x9d, 0xf8, 0x8c, 0xd9, 0xd0,
+        0x4d, 0xfe, 0xc7, 0xd0, 0xb0, 0xe3, 0x9c, 0xdb, 0xac, 0x9e, 0x1b, 0x55,
+        0x7e, 0x24, 0xfe, 0xc4, 0x12, 0xcb, 0xc2, 0xdd, 0x0a, 0xda, 0x31, 0x40,
+        0x41, 0xb7, 0xfc, 0x3f, 0x6d, 0xe2, 0xd3, 0x8a, 0x0f, 0x21, 0x33, 0x3a,
+        0xbc, 0xa7, 0x62, 0x18, 0xb3, 0xaf, 0x48, 0xc6, 0xe2, 0xa3, 0xdd, 0x1d,
+        0x20, 0x62, 0xe4, 0x4b, 0x81, 0x6b, 0x3a, 0xc5, 0xb1, 0x07, 0xe1, 0xf1,
+        0xe1, 0xba, 0xf6, 0x01, 0xc6, 0xf2, 0xea, 0xc0, 0x97, 0x73, 0x79, 0x19,
+        0x06, 0xaa, 0x62, 0x42, 0xcb, 0x21, 0x5f, 0x08, 0x97, 0x7d, 0x72, 0xb5,
+        0x39, 0x4d, 0x99, 0xe3, 0xa2, 0x3f, 0xb9, 0xb4, 0xed, 0xf4, 0x61, 0x35,
+        0xe1, 0x50, 0xfb, 0x56, 0x7c, 0x35, 0xfd, 0x44, 0x8a, 0x57, 0x22, 0xed,
+        0x30, 0x33, 0xc3, 0x0b, 0xf1, 0x88, 0xe4, 0x44, 0x46, 0xf5, 0x73, 0x6d,
+        0x9b, 0x98, 0x88, 0x92, 0xf5, 0x34, 0x85, 0x18, 0x66, 0xef, 0x70, 0xbe,
+        0x7b, 0xc1, 0x0f, 0x1c, 0x78, 0x2d, 0x42, 0x13, 0x2d, 0x2f, 0x4d, 0x40,
+        0x8e, 0xe2, 0x6f, 0xe0, 0x04, 0xdb, 0x58, 0xbc, 0x65, 0x80, 0xba, 0xfc,
+        0x89, 0xee, 0xf3, 0x78, 0xb2, 0xd9, 0x78, 0x93, 0x6d, 0xbf, 0xd4, 0x74,
+        0x24, 0xf4, 0x5c, 0x37, 0x89, 0x0c, 0x14, 0xd5, 0xbd, 0xc5, 0xfc, 0x37,
+        0xe8, 0x8b, 0xe0, 0xc5, 0x89, 0xc9, 0x70, 0xb3, 0x76, 0x46, 0xce, 0x0d,
+        0x7c, 0x3d, 0xa4, 0x5d, 0x02, 0x95, 0x03, 0xba, 0x24, 0xaa, 0xf7, 0xd0,
+        0x75, 0x35, 0x78, 0x27, 0x9c, 0x6d, 0x2a, 0xef, 0xaa, 0xac, 0x85, 0xef,
+        0x8d, 0xfc, 0xc0, 0xfc, 0x72, 0x02, 0xf4, 0xa3, 0xd3, 0x87, 0xfc, 0x4d,
+        0xce, 0x3d, 0xcb, 0xc2, 0x74, 0x5b, 0xb0, 0x83, 0xc5, 0x72, 0x72, 0xd6,
+        0xa1, 0x67, 0x4d, 0xa1, 0xd6, 0xaa, 0xe7, 0x9b, 0xe7, 0xc0, 0xfd, 0x86,
+        0x91, 0x08, 0xfa, 0x48, 0x2f, 0x50, 0xce, 0x17, 0xea, 0x1c, 0xe3, 0x90,
+        0x35, 0xe6, 0x6c, 0xc9, 0x66, 0x7d, 0x51, 0x32, 0x20, 0x0c, 0x2d, 0x4b,
+        0xa1, 0xbf, 0x78, 0x87, 0xe1, 0x5a, 0x28, 0x0e, 0x9a, 0x85, 0xf6, 0x7e,
+        0x39, 0x60, 0xbc, 0x64, 0x42, 0x5d, 0xf0, 0x0a, 0xd7, 0x3e, 0xbb, 0xa0,
+        0x6d, 0x7c, 0xfa, 0x75, 0xee, 0x34, 0x39, 0x23, 0x0e, 0xbd, 0x50, 0x19,
+        0x7a, 0x2a, 0xb7, 0x17, 0x3a, 0x8b, 0xb7, 0xb6, 0xf4, 0xd8, 0x47, 0x71,
+        0x6b, 0x21, 0x1b, 0x56, 0xcc, 0xfb, 0x7b, 0x81, 0x99, 0x46, 0x88, 0x23,
+        0x40, 0x49, 0x66, 0x8b, 0xac, 0x84, 0x16, 0x8a, 0x86, 0xae, 0x38, 0xc4,
+        0x5b, 0x1f, 0x2b, 0xfa, 0xf2, 0x8b, 0x81, 0xc1, 0x22, 0x61, 0x61, 0x6c,
+        0x43, 0x16, 0x8c, 0x1d, 0x37, 0xb2, 0xaf, 0x3c, 0x3a, 0x90, 0x33, 0xed,
+        0xf5, 0x08, 0x78, 0xfd, 0x5a, 0xde, 0xd3, 0x38, 0x6d, 0xd7, 0x1c, 0x23,
+        0xeb, 0xb4, 0x9b, 0x8e, 0xc2, 0x48, 0x47, 0x8e, 0x84, 0xbb, 0xc4, 0xd0,
+        0xcc, 0xf9, 0x55, 0x5a, 0x57, 0xb9, 0x99, 0x52, 0x82, 0x21, 0x3b, 0x83,
+        0xda, 0x8f, 0xa3, 0x88, 0x9c, 0x57, 0xe0, 0x4b, 0xc1, 0xce, 0xbe, 0xd3,
+        0xea, 0xdd, 0xf2, 0x07, 0xc1, 0x73, 0x6f, 0xc0, 0x5e, 0x8e, 0x85, 0x72,
+        0xab, 0x2f, 0xa9, 0xac, 0x39, 0xee, 0x05, 0x34, 0x13, 0x16, 0x1b, 0x1c,
+        0x21, 0x24, 0x41, 0x49, 0x78, 0x87, 0x8b, 0x97, 0x9c, 0x9f, 0xa3, 0xa8,
+        0xb9, 0xbc, 0xc6, 0xcc, 0xf2, 0xfd, 0x18, 0x2a, 0x46, 0x58, 0x5a, 0x88,
+        0xa2, 0xb5, 0xcc, 0xd2, 0xda, 0xe1, 0xe3, 0x0d, 0x20, 0x23, 0x2b, 0x2f,
+        0x47, 0x57, 0x5e, 0x64, 0x87, 0x97, 0x9c, 0xa7, 0xaa, 0xbc, 0xc1, 0xe4,
+        0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f,
+        0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = {
+    0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
+    0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
+    0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40,
+    0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f,
+    0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74,
+    0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd,
+    0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0,
+    0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3,
+    0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e,
+    0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47,
+    0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0,
+    0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4,
+    0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64,
+    0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a,
+    0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59,
+    0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b,
+    0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8,
+    0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32,
+    0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb,
+    0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28,
+    0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c,
+    0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71,
+    0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77,
+    0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65,
+    0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17,
+    0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d,
+    0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3,
+    0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e,
+    0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61,
+    0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb,
+    0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3,
+    0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12,
+    0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d,
+    0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57,
+    0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34,
+    0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0,
+    0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57,
+    0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e,
+    0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d,
+    0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea,
+    0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3,
+    0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57,
+    0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd,
+    0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07,
+    0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f,
+    0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83,
+    0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa,
+    0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c,
+    0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e,
+    0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b,
+    0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a,
+    0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d,
+    0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0,
+    0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48,
+    0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9,
+    0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84,
+    0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b,
+    0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad,
+    0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb,
+    0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63,
+    0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6,
+    0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb,
+    0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45,
+    0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6,
+    0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29,
+    0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f,
+    0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25,
+    0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95,
+    0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44,
+    0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5,
+    0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17,
+    0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59,
+    0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda,
+    0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1,
+    0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a,
+    0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46,
+    0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1,
+    0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36,
+    0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc,
+    0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde,
+    0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4,
+    0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21,
+    0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91,
+    0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f,
+    0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29,
+    0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf,
+    0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3,
+    0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6,
+    0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f,
+    0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53,
+    0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6,
+    0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19,
+    0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e,
+    0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58,
+    0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8,
+    0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5,
+    0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66,
+    0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7,
+    0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65,
+    0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad,
+    0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13,
+    0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba,
+    0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e,
+    0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde,
+    0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a,
+    0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f,
+    0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56,
+    0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac,
+    0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48,
+    0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25,
+    0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93,
+    0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38,
+    0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2,
+    0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c,
+    0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad,
+    0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e,
+    0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9,
+    0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51,
+    0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea,
+    0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3,
+    0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37,
+    0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54,
+    0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06,
+    0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae,
+    0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89,
+    0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62,
+    0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb,
+    0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a,
+    0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31,
+    0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f,
+    0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5,
+    0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6,
+    0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0,
+    0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a,
+    0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86,
+    0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4,
+    0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a,
+    0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69,
+    0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7,
+    0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2,
+    0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a,
+    0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12,
+    0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6,
+    0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4,
+    0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02,
+    0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61,
+    0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5,
+    0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a,
+    0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82,
+    0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60,
+    0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd,
+    0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a,
+    0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3,
+    0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61,
+    0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba,
+    0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05,
+    0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68,
+    0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe,
+    0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56,
+    0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87,
+    0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37,
+    0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76,
+    0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09,
+    0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66,
+    0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57,
+    0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67,
+    0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b,
+    0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10,
+    0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00,
+    0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac,
+    0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2,
+    0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13,
+    0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda,
+    0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c,
+    0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd,
+    0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9,
+    0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d,
+    0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56,
+    0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc,
+    0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc,
+    0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34,
+    0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57,
+    0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98,
+    0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d,
+    0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86,
+    0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5,
+    0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98,
+    0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2,
+    0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3,
+    0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90,
+    0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6,
+    0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d,
+    0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40,
+    0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b,
+    0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f,
+    0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28,
+    0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37,
+    0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f,
+    0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1,
+    0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd,
+    0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81,
+    0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae,
+    0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61,
+    0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72,
+    0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97,
+    0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa,
+    0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f,
+    0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51,
+    0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80,
+    0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc,
+    0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32,
+    0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1,
+    0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81,
+    0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8,
+    0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61,
+    0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf,
+    0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32,
+    0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35,
+    0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59,
+    0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d,
+    0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44,
+    0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d,
+    0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a,
+    0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67,
+    0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b,
+    0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d,
+    0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47,
+    0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45,
+    0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78,
+    0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48,
+    0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b,
+    0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6,
+    0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d,
+    0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b,
+    0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4,
+    0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67,
+    0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25,
+    0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2,
+    0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32,
+    0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c,
+    0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46
+    };
+#endif
+    wc_test_ret_t ret;
+
+    ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
+        (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig,
+        (word32)sizeof(ml_dsa_44_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT,
+            ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key),
+            ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig));
+    }
+#endif
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+static wc_test_ret_t dilithium_param_65_vfy_test(void)
+{
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
+        0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
+        0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6,
+        0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62,
+        0x88, 0x68, 0x4d, 0x5f, 0xbe, 0x5f, 0xe5, 0xf5, 0xa4, 0x75, 0xb6, 0x88,
+        0x26, 0xae, 0x7d, 0x11, 0x43, 0x89, 0xcd, 0xe9, 0x67, 0x0c, 0x91, 0x0b,
+        0xd1, 0xd8, 0x8b, 0x7b, 0x73, 0x75, 0x94, 0xc1, 0xc9, 0x61, 0xc7, 0x35,
+        0x21, 0x99, 0x2e, 0xab, 0xe0, 0xdf, 0x4d, 0xac, 0x0d, 0xd0, 0xa2, 0x61,
+        0x5f, 0x04, 0x08, 0x83, 0x66, 0x5c, 0x67, 0x47, 0x0c, 0xab, 0x2c, 0xb7,
+        0x6d, 0x0e, 0x32, 0x4c, 0x8c, 0x25, 0x80, 0xf5, 0xe5, 0x7e, 0x3b, 0xa1,
+        0xc6, 0xc5, 0x87, 0xd8, 0x68, 0xb2, 0xd5, 0x67, 0xf9, 0x5a, 0x8b, 0x88,
+        0xf8, 0xcd, 0x0c, 0xda, 0x4f, 0xfc, 0xd2, 0xaf, 0xb2, 0xa2, 0x38, 0x21,
+        0xf9, 0xd8, 0xf1, 0x1c, 0x8d, 0xb4, 0xe8, 0xfb, 0x76, 0x36, 0x87, 0xf4,
+        0x7d, 0x03, 0xc4, 0x06, 0xab, 0x87, 0xac, 0x52, 0xe8, 0xd5, 0xf7, 0x63,
+        0xf0, 0xa8, 0x0b, 0x95, 0xbd, 0x07, 0xf1, 0x1d, 0x33, 0x7b, 0x8a, 0x2c,
+        0xef, 0x85, 0xbe, 0xf8, 0xc1, 0x4b, 0xa2, 0xb0, 0xe0, 0x7a, 0x85, 0xfa,
+        0x52, 0x36, 0x05, 0xa7, 0x65, 0x4a, 0x0c, 0x21, 0x5c, 0xc0, 0x4f, 0x18,
+        0xb8, 0x66, 0x02, 0xe6, 0xd0, 0x45, 0x60, 0x56, 0xfc, 0x40, 0x94, 0xb5,
+        0xa5, 0x2b, 0xc7, 0x57, 0xc3, 0xc5, 0x30, 0x72, 0x1c, 0x4c, 0x2a, 0xd5,
+        0x75, 0xae, 0x43, 0x9f, 0x01, 0x71, 0xac, 0x5c, 0xdf, 0x9c, 0x0a, 0x3c,
+        0xb5, 0x89, 0x07, 0x9b, 0x28, 0x25, 0x31, 0x31, 0xc5, 0xb7, 0x24, 0x53,
+        0x2c, 0x3c, 0x2a, 0x96, 0xe5, 0x0d, 0xa2, 0x97, 0xa7, 0x08, 0x9d, 0x31,
+        0xc0, 0xcd, 0x53, 0xd5, 0xa8, 0x58, 0xa6, 0xac, 0x43, 0x2d, 0xac, 0x39,
+        0x01, 0x2c, 0x60, 0xf6, 0x82, 0x86, 0xd0, 0xaf, 0xad, 0x61, 0x3f, 0x82,
+        0x80, 0xa1, 0xe1, 0x12, 0x83, 0x6e, 0x1d, 0x5e, 0xfe, 0xc6, 0x1e, 0x2a,
+        0x7a, 0x44, 0xcd, 0xc2, 0x0a, 0xf5, 0xc8, 0x72, 0x3e, 0x29, 0xc7, 0x0a,
+        0xd1, 0x4c, 0x17, 0xdd, 0x1f, 0xb6, 0x95, 0x34, 0xc2, 0x6c, 0xdc, 0x63,
+        0xd1, 0x7e, 0xb0, 0x52, 0x06, 0x18, 0x6c, 0xb1, 0x99, 0x6a, 0xbe, 0x42,
+        0xa9, 0xc0, 0x22, 0xcc, 0x09, 0x11, 0x84, 0x1f, 0x16, 0x9a, 0x0e, 0xdd,
+        0x18, 0x7a, 0x39, 0x34, 0xb0, 0x49, 0x44, 0xcb, 0x88, 0x1f, 0x91, 0x93,
+        0x49, 0x3f, 0xcc, 0x62, 0x56, 0x33, 0x15, 0xcb, 0x02, 0x9b, 0x33, 0xe8,
+        0xd7, 0xab, 0x51, 0xc0, 0x91, 0xe0, 0x9c, 0xd2, 0xf9, 0x52, 0x05, 0x0c,
+        0xbf, 0xf1, 0x97, 0x42, 0xfe, 0xd0, 0x32, 0x27, 0x34, 0xf8, 0x82, 0x2d,
+        0x65, 0x3a, 0x36, 0xce, 0xd1, 0x07, 0x82, 0x3a, 0x6a, 0xaa, 0x56, 0xf1,
+        0x9b, 0x98, 0xca, 0x8e, 0x55, 0xff, 0xa0, 0x74, 0xd6, 0x6a, 0x42, 0xaa,
+        0x0a, 0xd4, 0x59, 0x74, 0xfb, 0xd4, 0xdb, 0x14, 0x10, 0xee, 0xca, 0x78,
+        0x83, 0x83, 0x95, 0x9b, 0x77, 0xf1, 0x9a, 0x48, 0xe0, 0x8f, 0xa4, 0x5a,
+        0x4d, 0xa9, 0x3f, 0x32, 0x78, 0x4a, 0x25, 0x96, 0x9c, 0x20, 0x0a, 0xcc,
+        0x5b, 0xd8, 0xca, 0x19, 0x47, 0x77, 0xb8, 0x7c, 0x51, 0x3e, 0xd6, 0x30,
+        0xdb, 0x45, 0xb0, 0xe6, 0x9d, 0x6f, 0xc5, 0x0a, 0x5d, 0x5f, 0x55, 0xcd,
+        0x0f, 0x20, 0x22, 0x7e, 0x09, 0x99, 0xac, 0xb8, 0x9c, 0x9d, 0xf7, 0x3e,
+        0x7e, 0x07, 0xd7, 0xbc, 0x21, 0x76, 0x8c, 0x27, 0x81, 0x94, 0xab, 0x57,
+        0x4a, 0xe2, 0x91, 0x1c, 0xa4, 0x77, 0x4a, 0xd2, 0x96, 0x52, 0x9d, 0x33,
+        0xb5, 0x58, 0x70, 0xd7, 0xff, 0x22, 0xe8, 0x14, 0xea, 0xd0, 0x8c, 0xd4,
+        0x06, 0x08, 0xd8, 0x73, 0x66, 0x4b, 0x93, 0x41, 0xc9, 0x73, 0x5b, 0x07,
+        0x5f, 0x31, 0xc5, 0x25, 0x98, 0x7b, 0x7b, 0xa5, 0x26, 0x83, 0x94, 0x22,
+        0x42, 0x1c, 0x51, 0xe6, 0x80, 0x48, 0xca, 0xd4, 0x53, 0x40, 0x3a, 0xee,
+        0x2c, 0x29, 0x07, 0xed, 0xdf, 0x97, 0x44, 0x19, 0xe5, 0xe5, 0x35, 0x66,
+        0x1f, 0xbd, 0x29, 0x77, 0x0c, 0x15, 0x6c, 0x95, 0x08, 0x81, 0xe0, 0x76,
+        0x86, 0x5e, 0x6d, 0x77, 0x78, 0x76, 0x07, 0xdd, 0x21, 0x97, 0x59, 0xdb,
+        0xd4, 0xbd, 0xb6, 0x4c, 0x3f, 0x07, 0x93, 0xb6, 0x4a, 0xce, 0xf7, 0x08,
+        0x86, 0xfd, 0x9c, 0x03, 0x08, 0x94, 0x00, 0xea, 0x4b, 0xd6, 0x1e, 0x17,
+        0xfb, 0xb5, 0xba, 0xde, 0x25, 0x95, 0xe7, 0xf8, 0x97, 0x9e, 0x99, 0xae,
+        0x5d, 0xdd, 0xf6, 0x32, 0x1a, 0xf2, 0x4f, 0xcf, 0x0c, 0x17, 0x55, 0xb8,
+        0xfb, 0xae, 0xc8, 0x46, 0xb0, 0x3e, 0x86, 0x2b, 0x5e, 0xef, 0x36, 0xca,
+        0x24, 0xed, 0x32, 0x5b, 0xc8, 0xfb, 0x88, 0x35, 0x6a, 0x26, 0xfe, 0x06,
+        0x54, 0x0c, 0x3e, 0x2c, 0x71, 0xdf, 0x98, 0xf0, 0xbb, 0xb2, 0xe0, 0x9d,
+        0xf7, 0xeb, 0xce, 0x07, 0xfa, 0xc4, 0xab, 0x88, 0xc3, 0x14, 0x33, 0x60,
+        0x48, 0xcf, 0x39, 0x26, 0x90, 0xac, 0xfa, 0x39, 0x6f, 0x2d, 0x9d, 0x6d,
+        0x15, 0x7f, 0x84, 0x6b, 0x0a, 0x1c, 0xf4, 0x6c, 0x78, 0x62, 0x52, 0x93,
+        0x2c, 0x7e, 0x9f, 0x4a, 0x51, 0x7a, 0x2e, 0xad, 0xea, 0xe4, 0xe5, 0x9c,
+        0x15, 0x15, 0x28, 0x4d, 0x3e, 0x5e, 0xb4, 0x3b, 0xff, 0x81, 0xe0, 0x56,
+        0x44, 0x33, 0x33, 0xd9, 0x4b, 0xb2, 0x23, 0x60, 0xed, 0x0d, 0xa5, 0x4e,
+        0x9f, 0x7d, 0xbc, 0x6e, 0x3a, 0xf9, 0x7e, 0x16, 0x47, 0x66, 0xb1, 0x6c,
+        0xc7, 0x26, 0x62, 0x9b, 0x3c, 0x53, 0xb3, 0xa1, 0x16, 0x62, 0x31, 0x64,
+        0xd2, 0xbb, 0x28, 0x5c, 0xe8, 0x21, 0xc3, 0xfc, 0xc3, 0x6d, 0xa7, 0x35,
+        0x4d, 0x57, 0xe0, 0xbd, 0x54, 0x1a, 0x84, 0xf7, 0x9c, 0x8a, 0x54, 0x3d,
+        0x59, 0xb3, 0xa2, 0x46, 0x3b, 0x16, 0x48, 0x3b, 0x3a, 0x3c, 0x5e, 0x88,
+        0xc3, 0x60, 0x63, 0x7e, 0xca, 0x68, 0xb7, 0x2f, 0x2b, 0xb5, 0x62, 0x2e,
+        0x51, 0x89, 0xbe, 0x78, 0xf7, 0xfa, 0x19, 0xcc, 0xca, 0x87, 0x9a, 0xf5,
+        0xef, 0x0d, 0x21, 0x08, 0x3b, 0xd6, 0x9a, 0x94, 0xc5, 0xd1, 0x1b, 0xa9,
+        0x7c, 0xc8, 0x9f, 0x9a, 0xb0, 0xb8, 0xf7, 0x02, 0x12, 0x31, 0x70, 0x52,
+        0x52, 0xda, 0xb5, 0x9a, 0x08, 0x20, 0xc3, 0xc4, 0x0c, 0x6a, 0x34, 0x58,
+        0x75, 0x9b, 0xdc, 0x1a, 0x6a, 0x37, 0x42, 0x9f, 0x16, 0x70, 0xbb, 0x39,
+        0x86, 0xbd, 0x09, 0x9c, 0x04, 0x44, 0xbe, 0x1a, 0xe5, 0xe9, 0x50, 0x9b,
+        0x14, 0x50, 0x4f, 0x00, 0xba, 0xb0, 0xf6, 0x36, 0x4d, 0x69, 0x16, 0x11,
+        0x40, 0x5a, 0x4e, 0x8b, 0x39, 0xb4, 0xf1, 0xb2, 0x11, 0x36, 0x2f, 0x02,
+        0x15, 0xca, 0x78, 0xde, 0x75, 0x07, 0x64, 0x72, 0xfd, 0xd4, 0x48, 0xdd,
+        0xfb, 0xf5, 0x8a, 0x3d, 0xa8, 0x8e, 0x14, 0xd1, 0x69, 0xe3, 0x21, 0x50,
+        0x39, 0xfd, 0xd0, 0x3b, 0xa0, 0x22, 0x61, 0x5c, 0x7e, 0x88, 0x91, 0xe1,
+        0xf0, 0xf6, 0x16, 0x23, 0xdb, 0xdb, 0x50, 0x0e, 0x39, 0xcc, 0x86, 0xf1,
+        0xab, 0x89, 0x60, 0xb0, 0xac, 0x28, 0xc6, 0x57, 0xe4, 0xee, 0xa9, 0x1b,
+        0xae, 0x78, 0xc5, 0x67, 0x1a, 0xeb, 0xb3, 0x43, 0xbc, 0xea, 0x11, 0x0c,
+        0x64, 0xf6, 0xd2, 0x52, 0xa0, 0x7e, 0xcd, 0x6d, 0x84, 0x8c, 0xf8, 0x80,
+        0xb7, 0xdb, 0x26, 0x91, 0x4a, 0xa0, 0x61, 0x69, 0x2f, 0x6f, 0x1c, 0x9d,
+        0x2a, 0x20, 0x44, 0xdc, 0x58, 0xaf, 0x7d, 0xfe, 0x4d, 0xa2, 0x10, 0x21,
+        0x88, 0xef, 0x42, 0x2e, 0x8e, 0xfb, 0x63, 0xbc, 0xc8, 0x26, 0xe7, 0x80,
+        0xa5, 0xbf, 0xe0, 0x7a, 0xcb, 0xf3, 0x31, 0x1c, 0xd9, 0xa3, 0x12, 0x00,
+        0x2f, 0x20, 0xc6, 0xc1, 0x15, 0xfd, 0x5b, 0x0d, 0x8a, 0x4d, 0xfb, 0x84,
+        0x4d, 0xb4, 0x64, 0xeb, 0x12, 0xf3, 0x78, 0x6b, 0x4d, 0xc6, 0x98, 0x46,
+        0x4c, 0xb3, 0xb4, 0x59, 0xdc, 0xb7, 0xdc, 0xbb, 0x56, 0x0f, 0x09, 0x14,
+        0x28, 0x43, 0x9f, 0xb8, 0x75, 0xed, 0xcb, 0x97, 0x25, 0xaf, 0xa5, 0xeb,
+        0x46, 0x14, 0xa6, 0x38, 0x68, 0x06, 0xe0, 0x6e, 0x55, 0x68, 0x6b, 0xf3,
+        0xd8, 0x6d, 0x59, 0x65, 0x65, 0xff, 0x48, 0xfd, 0xdb, 0x3d, 0xe2, 0x21,
+        0xb4, 0x7b, 0x78, 0x6a, 0x2e, 0x28, 0xb8, 0x21, 0xc4, 0x72, 0xf4, 0xef,
+        0xfb, 0x74, 0x43, 0x29, 0xf2, 0x30, 0xc9, 0xca, 0x78, 0x93, 0x72, 0xfd,
+        0x84, 0xa4, 0x95, 0xe0, 0xcd, 0xb1, 0x48, 0x29, 0xe7, 0xd1, 0x27, 0xf7,
+        0xdc, 0x31, 0x6e, 0x00, 0x04, 0xd7, 0x7c, 0xfd, 0x2d, 0x25, 0xe9, 0xdb,
+        0xc2, 0xb8, 0x14, 0x26, 0xed, 0x63, 0xb1, 0x50, 0x0a, 0x3c, 0xb2, 0x79,
+        0x98, 0x79, 0x81, 0x2d, 0xdb, 0x60, 0x97, 0x99, 0xc0, 0x0a, 0x89, 0x9f,
+        0x90, 0x19, 0x0b, 0xb3, 0x97, 0xd2, 0xf7, 0x50, 0xa5, 0x1d, 0x7d, 0x71,
+        0x75, 0xe6, 0x58, 0x62, 0x53, 0x95, 0x40, 0x9e, 0xc7, 0xd3, 0x72, 0xa1,
+        0xae, 0x07, 0xb3, 0x8a, 0x56, 0x61, 0x99, 0x81, 0x3e, 0xe4, 0x5e, 0x78,
+        0x57, 0xd1, 0x8a, 0xc4, 0x04, 0x38, 0x13, 0xa0, 0x5d, 0x68, 0x6d, 0x22,
+        0xae, 0xda, 0xfc, 0x67, 0xbb, 0xfb, 0x8e, 0x1a, 0xdc, 0x24, 0xf7, 0xc8,
+        0xf9, 0x92, 0x6f, 0x4e, 0xb5, 0xe7, 0x6d, 0x13, 0x88, 0x05, 0x5c, 0xbb,
+        0xe0, 0x24, 0x2a, 0x96, 0xc6, 0x70, 0x52, 0x14, 0xd0, 0xd9, 0xd8, 0xb2,
+        0x5b, 0xdc, 0x85, 0xcf, 0x62, 0xb4, 0xcf, 0x77, 0xf1, 0xe5, 0x51, 0xeb,
+        0xef, 0xe9, 0x3e, 0xf0, 0x16, 0xd2, 0xcc, 0x38, 0x0a, 0x47, 0x91, 0xc0,
+        0xe0, 0x14, 0x1a, 0xf9, 0x74, 0xd1, 0x32, 0x8b, 0x02, 0x36, 0x05, 0x55,
+        0x62, 0xa7, 0xae, 0x77, 0xb0, 0x01, 0x3d, 0x2c, 0x91, 0xbe, 0xfa, 0xdd,
+        0x9c, 0x17, 0x42, 0xc1, 0x01, 0x4d, 0xd8, 0x27, 0x3c, 0x10, 0x82, 0x66,
+        0x11, 0x91, 0x8b, 0xc8, 0x52, 0xd5, 0xc1, 0x1d, 0xee, 0xb2, 0x90, 0x17,
+        0xed, 0xf3, 0xad, 0xa5, 0xd5, 0xeb, 0xf2, 0x9b, 0x78, 0xbf, 0x2d, 0x5a,
+        0xad, 0xe5, 0x53, 0xe6, 0xc1, 0x3b, 0xd8, 0xf3, 0x6b, 0xc5, 0x4c, 0x87,
+        0x0a, 0xe3, 0xc8, 0xc7, 0xe5, 0x42, 0x2c, 0xe2, 0x13, 0x1a, 0xe7, 0x27,
+        0x20, 0x3e, 0x95, 0x13, 0x1e, 0xbb, 0x03, 0xae, 0xc0, 0x84, 0x14, 0x6d,
+        0x7b, 0xf7, 0x98, 0x08, 0x18, 0x12, 0xb4, 0x4f, 0x99, 0x4a, 0xcf, 0xd0,
+        0x4a, 0x5d, 0x21, 0x16, 0xf6, 0xdf, 0x10, 0xc7, 0xbe, 0xe6, 0x79, 0x3b,
+        0x35, 0x2a, 0xa6, 0xd6, 0x19, 0x9c, 0xde, 0xbd, 0xaf, 0x72, 0xd2, 0x25,
+        0xe0, 0xa4, 0xde, 0x99, 0x44, 0x18, 0x66, 0x41, 0xc7, 0x56, 0xf7, 0xdc,
+        0x32, 0x56, 0x57, 0x39, 0x18, 0x31, 0xc8, 0x75, 0x01, 0xc3, 0xf3, 0x46,
+        0xcf, 0xbf, 0xc6, 0x10, 0xb5, 0x1c, 0x38, 0xf9, 0xa4, 0xa5, 0x44, 0xa1,
+        0x0b, 0x25, 0x48, 0x9c, 0xd3, 0x1c, 0x55, 0x54, 0x15, 0x9f, 0xe3, 0x74,
+        0x5b, 0xb1, 0x92, 0xb6, 0x52, 0x61, 0xba, 0x2f, 0x53, 0x91, 0x17, 0x44,
+        0x94, 0x00, 0xe4, 0x43, 0xa0, 0xe7, 0x0d, 0xaa, 0x8a, 0x5b, 0x81, 0x43,
+        0xad, 0xfb, 0x50, 0xfe, 0xcf, 0x85, 0x2d, 0xfa, 0xc8, 0x1d, 0xad, 0xc8,
+        0x7a, 0x7c, 0x5e, 0xf3, 0x90, 0x35, 0x5e, 0x67, 0xce, 0x57, 0x4d, 0xa0,
+        0x22, 0x9e, 0x07, 0x4a, 0xf5, 0x9e, 0x5f, 0x91, 0x45, 0xd8, 0x62, 0xe0,
+        0xf3, 0x87, 0x3b, 0xb7, 0x89, 0x2f, 0xdf, 0x8b, 0x82, 0xb1, 0x86, 0xc3,
+        0xa4, 0xa3, 0x68, 0xc7, 0x73, 0x9e, 0x68, 0x8d, 0x24, 0x6a, 0x29, 0x94,
+        0x58, 0x57, 0x4b, 0x81, 0x00, 0xe2, 0x2b, 0x94, 0x0a, 0xf5, 0x96, 0xa3,
+        0x23, 0x9a, 0x7b, 0xd0, 0x2d, 0xcb, 0x6a, 0x8e, 0xae, 0x1b, 0x1c, 0x34,
+        0xed, 0x30, 0x4e, 0xca, 0x29, 0x21, 0xfc, 0x3d, 0x70, 0x11, 0xc1, 0x5f,
+        0x3e, 0xc2, 0x9e, 0x88, 0x71, 0x29, 0xa3, 0x8f, 0x92, 0xf5, 0x46, 0x77,
+        0xd5, 0x47, 0x2d, 0x2b, 0x66, 0x1c, 0x07, 0xf0, 0xfc, 0x7b, 0xa0, 0x13,
+        0x00, 0xae, 0xa5, 0x61, 0x92, 0x36, 0xeb, 0x7e, 0x43, 0x91, 0x20, 0x72,
+        0xe5, 0xba, 0x7f, 0x79, 0x23, 0x12, 0x3e, 0xb2, 0x4b, 0x13, 0xa1, 0x8c,
+        0x84, 0x72, 0x3b, 0x45, 0x62, 0xcf, 0x2e, 0x78, 0xc4, 0x9c, 0x22, 0x09,
+        0xfa, 0x59, 0x9d, 0xdf, 0x13, 0x54, 0x66, 0xe2, 0x6f, 0xfa, 0xb5, 0x2a,
+        0x27, 0x3e, 0x17, 0x82, 0xf3, 0x2a, 0x4d, 0x36, 0xd3, 0xf0, 0x8d, 0x43,
+        0x40, 0x2c, 0x84, 0x68, 0xbe, 0x40, 0x50, 0x7d, 0xa3, 0x27, 0x5e, 0xde,
+        0x4d, 0x04, 0x6f, 0xe8, 0x96, 0x9c, 0x7a, 0x1d, 0xb8, 0x2b, 0x8a, 0xb1,
+        0x6e, 0xe2, 0x36, 0x07, 0x22, 0x50, 0xd9, 0x71, 0x93, 0x48, 0xb5, 0x51,
+        0xce, 0x2a, 0x64, 0x6b, 0x11, 0xa6, 0xb9, 0x40, 0x2d, 0x6c, 0xd2, 0x76,
+        0x52, 0xc6, 0xe3, 0xa6, 0x6b, 0xd2, 0x3f, 0x39, 0xd2, 0x13, 0x28, 0xa4,
+        0xa9, 0x58, 0x99, 0xe8, 0x3d, 0x08, 0xfa, 0x3c, 0x34, 0x39, 0x4d, 0x7d,
+        0x5e, 0x10, 0x72, 0x51, 0x96, 0x1d, 0x4b, 0xd9, 0x3e, 0xc9, 0x22, 0x4c,
+        0x72, 0x63, 0xf8, 0x87, 0x4b, 0xe7, 0x41, 0xac, 0xcd, 0xd6, 0x34, 0xa2,
+        0xe1, 0xe8, 0x66, 0x81, 0x04, 0x7d, 0x70, 0x95, 0xba, 0x37, 0x86, 0x9e,
+        0x1f, 0x9a, 0x1b, 0xe4, 0x35, 0xac, 0xe6, 0xcf, 0x48, 0x55, 0x6e, 0xbb,
+        0x9d, 0x40, 0x79, 0x96, 0xdd, 0xac, 0xf8, 0xf5, 0x99, 0xad, 0x43, 0x0d,
+        0xad, 0xa9, 0x62, 0xc0, 0x70, 0x8b, 0x50, 0x9b, 0xca, 0x0d, 0x3e, 0x54,
+        0x9c, 0x27, 0xd5, 0x9e, 0x20, 0xe2, 0xe0, 0xb0, 0xb0, 0xbe, 0x8e, 0x56,
+        0x43, 0x95, 0x9b, 0x34, 0xd1, 0x05, 0x28, 0xa0, 0xee, 0xd9, 0xab, 0x6a,
+        0xa7, 0xbb, 0xb7, 0x1b, 0x3a, 0x5d, 0x33, 0x97, 0x25, 0x54, 0xe4, 0x0e,
+        0x64, 0x79, 0xed, 0x16, 0x62, 0x89, 0x70, 0x4a, 0xa6, 0x47, 0x40, 0xd7,
+        0xa3, 0xd2, 0x6f, 0x28, 0xdd, 0xc5, 0x04, 0xab, 0x7e, 0x7e, 0x1e, 0xb0,
+        0x19, 0x02, 0x48, 0xb5, 0x88, 0x82, 0x75, 0xaf, 0x66, 0x74, 0xca, 0xf6,
+        0xd7, 0xe8, 0x6d, 0xfa, 0x5e, 0xfa, 0xaf, 0xa8, 0x04, 0xaa, 0x2c, 0x09,
+        0xf1, 0x4c, 0x36, 0x75, 0xb5, 0xdc, 0xe8, 0x04, 0x80, 0xd3, 0x14, 0x78,
+        0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8,
+        0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
+        0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d,
+    0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92,
+    0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24,
+    0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e,
+    0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4,
+    0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc,
+    0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4,
+    0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6,
+    0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc,
+    0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49,
+    0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71,
+    0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09,
+    0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1,
+    0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00,
+    0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46,
+    0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85,
+    0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9,
+    0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7,
+    0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0,
+    0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc,
+    0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb,
+    0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f,
+    0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a,
+    0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d,
+    0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40,
+    0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e,
+    0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea,
+    0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd,
+    0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea,
+    0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b,
+    0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9,
+    0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc,
+    0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3,
+    0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce,
+    0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1,
+    0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac,
+    0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e,
+    0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b,
+    0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9,
+    0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d,
+    0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda,
+    0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9,
+    0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86,
+    0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4,
+    0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b,
+    0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32,
+    0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf,
+    0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca,
+    0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15,
+    0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2,
+    0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14,
+    0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3,
+    0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0,
+    0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a,
+    0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e,
+    0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75,
+    0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40,
+    0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40,
+    0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75,
+    0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64,
+    0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a,
+    0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91,
+    0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8,
+    0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19,
+    0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35,
+    0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d,
+    0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9,
+    0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c,
+    0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69,
+    0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34,
+    0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f,
+    0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee,
+    0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30,
+    0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4,
+    0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5,
+    0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63,
+    0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63,
+    0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14,
+    0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10,
+    0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97,
+    0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12,
+    0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac,
+    0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7,
+    0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4,
+    0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30,
+    0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a,
+    0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62,
+    0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4,
+    0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c,
+    0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5,
+    0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c,
+    0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d,
+    0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3,
+    0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca,
+    0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed,
+    0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca,
+    0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c,
+    0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97,
+    0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3,
+    0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6,
+    0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4,
+    0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c,
+    0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7,
+    0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04,
+    0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06,
+    0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3,
+    0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9,
+    0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4,
+    0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c,
+    0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71,
+    0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc,
+    0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd,
+    0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c,
+    0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7,
+    0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d,
+    0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4,
+    0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f,
+    0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69,
+    0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7,
+    0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0,
+    0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24,
+    0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84,
+    0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22,
+    0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e,
+    0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f,
+    0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a,
+    0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f,
+    0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e,
+    0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57,
+    0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70,
+    0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62,
+    0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48,
+    0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75,
+    0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f,
+    0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc,
+    0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c,
+    0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5,
+    0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2,
+    0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52,
+    0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b,
+    0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72,
+    0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63,
+    0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a,
+    0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7,
+    0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b,
+    0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2,
+    0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58,
+    0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78,
+    0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06,
+    0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f,
+    0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98,
+    0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f,
+    0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8,
+    0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75,
+    0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee,
+    0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5,
+    0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d,
+    0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24,
+    0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b,
+    0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7,
+    0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58,
+    0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b,
+    0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91,
+    0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a,
+    0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c,
+    0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1,
+    0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b,
+    0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc,
+    0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23,
+    0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58,
+    0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82,
+    0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63,
+    0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac,
+    0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81,
+    0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52,
+    0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2,
+    0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e,
+    0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34,
+    0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff,
+    0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5,
+    0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea,
+    0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6,
+    0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77,
+    0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab,
+    0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d,
+    0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09,
+    0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe,
+    0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e,
+    0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08,
+    0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
+    0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
+    0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
+    0x1b, 0x10
+    };
+#endif
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = {
+        0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38,
+        0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52,
+        0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6,
+        0xd8, 0xdb, 0xf0, 0x71, 0x2a, 0xc9, 0x04, 0x83, 0xc9, 0x45, 0x59, 0x5d,
+        0xe0, 0x36, 0x59, 0x53, 0x1b, 0xb8, 0x5a, 0xa6, 0x1f, 0xb4, 0x1b, 0x0a,
+        0xfb, 0x3a, 0xba, 0xe3, 0xb7, 0x5e, 0x04, 0x14, 0x59, 0x09, 0x9a, 0x8e,
+        0xc2, 0x77, 0x5a, 0x3d, 0xf1, 0x43, 0x67, 0x74, 0x78, 0xfc, 0xcd, 0x34,
+        0xed, 0x35, 0x16, 0x38, 0x04, 0xe6, 0xe7, 0xd6, 0xd2, 0x90, 0x1b, 0x28,
+        0xb6, 0x66, 0x1b, 0x57, 0x85, 0x5e, 0xa7, 0x9f, 0x86, 0x1a, 0x0d, 0xc3,
+        0x7e, 0xed, 0xbd, 0x32, 0x8a, 0x35, 0xe1, 0xb3, 0x01, 0xdc, 0x9b, 0x44,
+        0x88, 0xa1, 0x0b, 0x87, 0x6e, 0x55, 0x31, 0xb1, 0x27, 0xcb, 0x85, 0xa4,
+        0x27, 0x56, 0x33, 0xb0, 0x39, 0x0d, 0xd3, 0x4b, 0xd1, 0xa2, 0x47, 0x07,
+        0xc6, 0xf4, 0xe6, 0x1f, 0x88, 0x70, 0x70, 0x13, 0x7e, 0x2e, 0x17, 0x32,
+        0x0a, 0x6b, 0x38, 0x34, 0xcf, 0x2f, 0x00, 0x36, 0x58, 0x8d, 0xe1, 0xdd,
+        0xa7, 0x94, 0x2a, 0x8f, 0x87, 0x99, 0x67, 0x02, 0x4d, 0x5b, 0x56, 0xaf,
+        0xef, 0xc4, 0x3c, 0xff, 0x72, 0x53, 0x95, 0x27, 0x03, 0x49, 0x94, 0x4f,
+        0x94, 0x87, 0x1f, 0x52, 0x33, 0xed, 0xb9, 0x14, 0x7b, 0xe5, 0x6c, 0xef,
+        0x7a, 0x17, 0x5a, 0xa4, 0x89, 0x2a, 0xfe, 0x68, 0xda, 0xdd, 0x48, 0xc2,
+        0xf0, 0x92, 0xf4, 0xe4, 0xd6, 0xa6, 0x48, 0x08, 0x2c, 0xe8, 0xcd, 0x72,
+        0xf6, 0x94, 0x3e, 0xc1, 0x82, 0xb8, 0x01, 0x58, 0xb2, 0xef, 0xef, 0xf4,
+        0xcb, 0x93, 0x63, 0x2e, 0x33, 0x5b, 0xc9, 0xd6, 0x6a, 0xde, 0xad, 0xe8,
+        0x1e, 0x3f, 0xa3, 0xf2, 0x35, 0x87, 0xc1, 0xc9, 0x48, 0x2f, 0x1b, 0x00,
+        0xea, 0x3d, 0x04, 0x29, 0xd5, 0xc0, 0xe9, 0x1a, 0xc5, 0xce, 0x5e, 0xdb,
+        0xd1, 0xee, 0x16, 0x9c, 0x05, 0x40, 0xf9, 0x21, 0x13, 0x72, 0x08, 0x39,
+        0x6b, 0x63, 0x19, 0xcd, 0x6f, 0x64, 0xa0, 0xc3, 0x77, 0xb7, 0x50, 0xed,
+        0xe9, 0x2d, 0xd5, 0x72, 0xea, 0xa6, 0xc1, 0x97, 0xb9, 0x6b, 0xe5, 0x81,
+        0x91, 0x8e, 0xd1, 0x36, 0x11, 0xee, 0xfb, 0x2b, 0x66, 0xba, 0xe4, 0x3e,
+        0xd0, 0xdd, 0x17, 0xc5, 0x24, 0x3b, 0xc3, 0x5b, 0x75, 0xfc, 0xd5, 0xb6,
+        0x8c, 0xba, 0x8c, 0x66, 0xb2, 0xee, 0x40, 0x45, 0x8c, 0x23, 0xbb, 0xe0,
+        0xc8, 0xd6, 0x05, 0xfd, 0x71, 0x5b, 0x24, 0xbb, 0x37, 0x65, 0x5f, 0x57,
+        0x92, 0x22, 0x13, 0xb2, 0x9a, 0x70, 0x22, 0x4b, 0xbe, 0x03, 0xd1, 0x54,
+        0xb0, 0x3a, 0x30, 0x50, 0x71, 0x24, 0xf7, 0x81, 0x8c, 0x20, 0x67, 0x74,
+        0x5a, 0xef, 0xa1, 0x6a, 0xe3, 0xd0, 0x04, 0xd6, 0xa5, 0x6e, 0xad, 0xa7,
+        0x15, 0x41, 0xf3, 0x21, 0xe8, 0xd9, 0xe6, 0xe5, 0x97, 0xbd, 0xc2, 0x1b,
+        0xbb, 0xd1, 0x4e, 0x7e, 0x5a, 0xd6, 0xe4, 0x19, 0xa5, 0xe4, 0x76, 0xf4,
+        0xce, 0x00, 0x94, 0x76, 0xef, 0x1b, 0xb3, 0x47, 0xb9, 0xa3, 0x32, 0xf7,
+        0x45, 0x6d, 0x32, 0x73, 0x06, 0xc0, 0xb9, 0xaf, 0x9c, 0x46, 0x99, 0xbe,
+        0x14, 0x06, 0xcd, 0x35, 0x7c, 0x90, 0x7c, 0xe7, 0x97, 0x0a, 0x9f, 0xb4,
+        0x21, 0xff, 0xf0, 0xea, 0x83, 0xc0, 0x86, 0x68, 0x9f, 0x36, 0xb0, 0xad,
+        0xe1, 0x8d, 0xc5, 0x76, 0x55, 0xb5, 0xb6, 0x7e, 0x1f, 0xa7, 0x5b, 0x26,
+        0x6c, 0xb5, 0xf9, 0x54, 0x1f, 0x76, 0xc1, 0x9c, 0xfc, 0x57, 0xc8, 0x86,
+        0xc1, 0x7d, 0x59, 0x55, 0x92, 0xa5, 0xb8, 0x03, 0xfa, 0xa5, 0x72, 0xd1,
+        0x5c, 0x8d, 0x9b, 0x2e, 0x84, 0x07, 0x18, 0xee, 0x49, 0xc5, 0x99, 0x8e,
+        0x15, 0x7c, 0xbf, 0xad, 0x8b, 0x13, 0xcd, 0x97, 0xf9, 0x3c, 0xa2, 0x89,
+        0x9c, 0x9c, 0x89, 0xc9, 0x7a, 0x46, 0xb3, 0x42, 0x7b, 0xd4, 0x28, 0x0d,
+        0x55, 0x63, 0x28, 0xd6, 0xc1, 0x65, 0xf5, 0x34, 0x6e, 0x38, 0x2a, 0xb4,
+        0x35, 0x40, 0xed, 0x7e, 0x80, 0x61, 0x9d, 0x8f, 0x68, 0x4f, 0x74, 0x0c,
+        0x30, 0x35, 0x0e, 0xb3, 0x07, 0xf4, 0x92, 0xed, 0x9c, 0x7f, 0xf5, 0xed,
+        0x3e, 0x17, 0x5b, 0x6e, 0x91, 0x46, 0xa1, 0x25, 0x1d, 0x83, 0x50, 0x93,
+        0x35, 0x06, 0x6c, 0x2f, 0x99, 0x8b, 0x21, 0x4c, 0x5c, 0x34, 0xb1, 0xa7,
+        0x82, 0xbc, 0x70, 0x28, 0x56, 0x61, 0x29, 0x35, 0x89, 0x0b, 0x41, 0x21,
+        0xf0, 0xf7, 0xff, 0x69, 0x3d, 0xa4, 0x28, 0x1e, 0x0d, 0x5d, 0xa7, 0x0e,
+        0xaa, 0xd3, 0x4a, 0x95, 0x49, 0xfe, 0x35, 0x5f, 0xa9, 0xc0, 0xe4, 0xe1,
+        0x9a, 0x03, 0xd4, 0xac, 0x96, 0xe3, 0xea, 0x7e, 0xa6, 0x85, 0x7e, 0xb0,
+        0xb8, 0xc2, 0xe8, 0x07, 0xd6, 0xd3, 0x1a, 0x84, 0x90, 0x24, 0x04, 0xef,
+        0x7c, 0x93, 0x15, 0x83, 0xea, 0xe2, 0x42, 0xc6, 0xe7, 0x13, 0x45, 0xbf,
+        0x35, 0xae, 0x5d, 0x50, 0x79, 0x16, 0xbb, 0x11, 0x17, 0x1b, 0xf4, 0x08,
+        0x88, 0x9d, 0x66, 0x14, 0x6a, 0xa0, 0x71, 0x76, 0x80, 0x51, 0x73, 0x7c,
+        0x1d, 0xb0, 0xc1, 0xad, 0x58, 0xfb, 0xbe, 0xcf, 0x73, 0xe0, 0xd9, 0xf8,
+        0xd5, 0xac, 0xd7, 0x49, 0xd9, 0xc9, 0x59, 0xbf, 0xfa, 0xf5, 0xb1, 0xd2,
+        0x5a, 0x01, 0xcd, 0x8b, 0x07, 0x8b, 0x59, 0x37, 0xc0, 0x8c, 0x7d, 0xa9,
+        0x71, 0x83, 0xf9, 0x7c, 0x58, 0xa9, 0x77, 0x01, 0x3d, 0x39, 0x56, 0x5c,
+        0x93, 0xfe, 0x40, 0x87, 0x5a, 0x31, 0x81, 0x53, 0x8e, 0x0d, 0x99, 0x7e,
+        0xdf, 0x37, 0xd9, 0xe3, 0x91, 0xb8, 0x60, 0x3a, 0x5b, 0xca, 0xe8, 0x91,
+        0x56, 0x89, 0x59, 0x61, 0xc6, 0x31, 0xe2, 0x6c, 0x81, 0xda, 0xc7, 0x5c,
+        0x04, 0x9d, 0xe4, 0x23, 0x12, 0x73, 0xfc, 0x48, 0xfb, 0xa5, 0xce, 0x87,
+        0x37, 0x47, 0x71, 0x5c, 0xd1, 0x2a, 0x63, 0x89, 0xdc, 0x07, 0xe7, 0x7f,
+        0x5d, 0x48, 0xe6, 0xd2, 0x96, 0xc6, 0x6f, 0xed, 0xee, 0x8c, 0xed, 0x5e,
+        0x41, 0x38, 0xbd, 0xdf, 0x21, 0xaa, 0x9e, 0x51, 0x16, 0x22, 0x4a, 0xdc,
+        0xd8, 0x12, 0xdf, 0x5a, 0x83, 0xd6, 0xd0, 0x07, 0xa4, 0x42, 0x41, 0x13,
+        0xe1, 0x08, 0xc9, 0x00, 0x0f, 0x37, 0xc0, 0x7d, 0xda, 0xb2, 0x25, 0xfc,
+        0xc9, 0xbc, 0xa8, 0x86, 0xcc, 0x38, 0x0e, 0x06, 0x51, 0x1b, 0x37, 0xc1,
+        0x0e, 0x2a, 0x58, 0x49, 0xbc, 0x7c, 0xa7, 0xf0, 0xda, 0xd7, 0x74, 0x34,
+        0xf5, 0xd8, 0x99, 0x8c, 0x94, 0x86, 0xe3, 0x1e, 0x6b, 0xf5, 0x68, 0xfa,
+        0xa6, 0x69, 0x63, 0x22, 0x5a, 0x3c, 0x6f, 0x29, 0xc9, 0x40, 0xc0, 0xbe,
+        0x8d, 0xb5, 0xcc, 0x82, 0x6e, 0x9d, 0xd1, 0x1f, 0x13, 0x63, 0xd8, 0x24,
+        0x63, 0x38, 0x59, 0xf0, 0x4a, 0x8c, 0x0f, 0x28, 0x8a, 0x77, 0x81, 0xa2,
+        0xa0, 0x23, 0x11, 0x59, 0xa9, 0x5a, 0x2d, 0x71, 0x8f, 0x82, 0xa7, 0xbd,
+        0x85, 0x26, 0x4d, 0xc2, 0x2f, 0x11, 0xe8, 0xff, 0x96, 0xa1, 0x2d, 0xf2,
+        0xd5, 0xf3, 0x1d, 0x54, 0xd0, 0x5f, 0x71, 0x07, 0xaf, 0x22, 0xa0, 0xcd,
+        0x78, 0xb3, 0x47, 0xb1, 0x40, 0x3d, 0x6b, 0xfd, 0x10, 0x1b, 0xc6, 0x60,
+        0xef, 0x5c, 0x24, 0xa3, 0x1f, 0xee, 0xc0, 0x0b, 0xed, 0x1d, 0x38, 0xc8,
+        0xf2, 0x8c, 0xec, 0x5e, 0xd9, 0x70, 0x1a, 0x2b, 0x25, 0xe6, 0xed, 0xa9,
+        0x0c, 0xb3, 0x78, 0xe1, 0x91, 0x01, 0x41, 0x2e, 0xfe, 0x7d, 0xbd, 0xfe,
+        0xcf, 0x48, 0x6d, 0x2e, 0x05, 0x31, 0x89, 0x24, 0xc4, 0xd7, 0xc4, 0x26,
+        0x2f, 0x64, 0x43, 0xa3, 0xdd, 0x56, 0x11, 0x5c, 0x65, 0x76, 0x96, 0xcc,
+        0x3c, 0x12, 0x42, 0xf2, 0x6b, 0x20, 0xc2, 0xe6, 0xc3, 0x5c, 0xfa, 0x91,
+        0xb1, 0xbd, 0x3b, 0xd3, 0x99, 0xde, 0x59, 0x7a, 0x34, 0x40, 0x56, 0xb0,
+        0x88, 0x02, 0x19, 0xc8, 0xf9, 0xf9, 0x8f, 0xe7, 0x60, 0xfb, 0x42, 0x87,
+        0x57, 0xb4, 0x42, 0xb4, 0x65, 0x94, 0x0a, 0x5f, 0xdb, 0xf5, 0x32, 0xe9,
+        0x49, 0x28, 0xbe, 0xa6, 0x64, 0x0d, 0x6d, 0x08, 0x43, 0x91, 0x16, 0x7a,
+        0x6c, 0xa9, 0x02, 0xe4, 0x84, 0x03, 0x39, 0x48, 0x08, 0xcc, 0xcb, 0x56,
+        0xad, 0x52, 0x95, 0x9e, 0x9a, 0x2b, 0xf1, 0x6d, 0x3f, 0x4b, 0x02, 0xc6,
+        0x52, 0xc7, 0x09, 0x6b, 0x3f, 0xa9, 0x60, 0xe2, 0x19, 0x5d, 0x0a, 0x61,
+        0xcd, 0xc8, 0x36, 0xdb, 0x8e, 0x57, 0xd2, 0x11, 0x49, 0x1c, 0x26, 0x58,
+        0x04, 0x07, 0x32, 0x2a, 0x34, 0xf0, 0x6a, 0x88, 0xcf, 0x63, 0xb7, 0xef,
+        0x7e, 0x93, 0xcc, 0x64, 0x07, 0x14, 0xfa, 0x63, 0x38, 0xdd, 0xc0, 0xf0,
+        0xaa, 0x56, 0xa1, 0xed, 0x16, 0xaa, 0x53, 0x8c, 0x99, 0xc0, 0xd4, 0xda,
+        0x94, 0x58, 0x13, 0xd9, 0x5f, 0x98, 0x9a, 0xa1, 0x57, 0xbd, 0x89, 0xca,
+        0x9d, 0x3e, 0xdf, 0x75, 0x26, 0x29, 0x0f, 0xb2, 0x33, 0x4b, 0x83, 0xb3,
+        0x99, 0x1f, 0x06, 0x5d, 0x10, 0xf5, 0x1c, 0x75, 0x97, 0xec, 0x5b, 0x87,
+        0xc7, 0xf1, 0xd8, 0xbd, 0x0e, 0x4c, 0x1a, 0xb0, 0x59, 0x3b, 0x27, 0x73,
+        0xdc, 0xde, 0xca, 0x0c, 0x2e, 0x1f, 0x42, 0x7f, 0xd8, 0x0f, 0x9b, 0x3f,
+        0x49, 0x3f, 0x63, 0x7d, 0x71, 0xe3, 0x77, 0x79, 0xcc, 0x9c, 0xbf, 0xff,
+        0x23, 0xa9, 0x74, 0xa2, 0xda, 0xb7, 0xca, 0x86, 0x7f, 0x12, 0xc1, 0x1b,
+        0x41, 0x35, 0xb5, 0xc7, 0x10, 0x09, 0xc0, 0xa2, 0x1b, 0x41, 0x31, 0x5e,
+        0x6c, 0x35, 0xb5, 0x63, 0x13, 0x19, 0x61, 0x8e, 0xbd, 0x89, 0xf6, 0x0a,
+        0xbd, 0x16, 0x15, 0xd8, 0xfa, 0xcc, 0x9f, 0x97, 0x02, 0x8f, 0x1b, 0x34,
+        0x40, 0xbc, 0x4a, 0xb1, 0x39, 0x12, 0xf8, 0x66, 0xda, 0x34, 0x03, 0xf2,
+        0x5c, 0x33, 0x9c, 0x63, 0x0b, 0xb6, 0x8f, 0xca, 0x81, 0xa2, 0x4a, 0x43,
+        0xe7, 0xe7, 0x66, 0x41, 0x45, 0x6b, 0x7c, 0xd1, 0x1d, 0xbc, 0x4f, 0x91,
+        0xab, 0x24, 0x0b, 0x9f, 0x60, 0x47, 0x36, 0x04, 0x8b, 0x72, 0xb6, 0x65,
+        0x35, 0xfc, 0xbf, 0xc9, 0x26, 0xaf, 0x84, 0x04, 0x30, 0x32, 0x02, 0xc0,
+        0x94, 0x98, 0xbc, 0x17, 0x33, 0x99, 0xac, 0xb1, 0x4e, 0xdd, 0xf0, 0x46,
+        0x68, 0x6a, 0xac, 0x6d, 0xdb, 0x85, 0xfd, 0xc6, 0x3b, 0xc8, 0x93, 0x89,
+        0xbf, 0xd7, 0xd9, 0x94, 0xe4, 0xa4, 0x37, 0xb9, 0x67, 0x52, 0x84, 0xcf,
+        0x88, 0xba, 0x01, 0x8b, 0xe4, 0xd4, 0x3e, 0xde, 0x94, 0xa1, 0xa9, 0xd8,
+        0x15, 0xb5, 0x6e, 0xa0, 0x62, 0x92, 0x5c, 0xb1, 0x1b, 0xbf, 0x4f, 0xaf,
+        0xf5, 0x99, 0x35, 0xce, 0x7d, 0xa9, 0x4b, 0xa8, 0x60, 0x31, 0xf5, 0x0a,
+        0x83, 0x58, 0xf5, 0x83, 0xde, 0xb2, 0xfe, 0xf3, 0x12, 0x08, 0x3d, 0xe3,
+        0x14, 0x89, 0x17, 0x93, 0x5c, 0x87, 0xe4, 0x89, 0xcb, 0xb7, 0x67, 0x3e,
+        0xea, 0x0e, 0x08, 0x57, 0xf1, 0xca, 0xe0, 0x18, 0xd7, 0xae, 0x5f, 0x9e,
+        0x62, 0x5c, 0xd7, 0x6a, 0x2f, 0xd6, 0x30, 0x67, 0xfb, 0x5e, 0xed, 0xcf,
+        0xa9, 0x88, 0x04, 0x0a, 0xf2, 0x62, 0x50, 0xc5, 0x39, 0xc6, 0xa1, 0x3c,
+        0xe4, 0x9a, 0x81, 0x55, 0x96, 0xca, 0x60, 0xb2, 0x53, 0x62, 0xee, 0xa1,
+        0x1d, 0xfc, 0xd9, 0x5c, 0x51, 0xbf, 0x55, 0x65, 0x1d, 0x13, 0x2a, 0x13,
+        0x58, 0xa3, 0x18, 0x52, 0x6b, 0xb4, 0xae, 0x60, 0x1c, 0x26, 0x3e, 0xb1,
+        0x4c, 0xb1, 0x72, 0x1b, 0x8a, 0x4c, 0xaa, 0xb5, 0x5b, 0x8a, 0x3b, 0x2f,
+        0x1f, 0xc3, 0x29, 0x41, 0xe6, 0x6d, 0xd7, 0x96, 0x26, 0xdd, 0x37, 0x67,
+        0x4f, 0x9d, 0x31, 0xc6, 0x54, 0x51, 0xaa, 0xba, 0x73, 0xae, 0xd2, 0x00,
+        0x0b, 0x05, 0x98, 0x73, 0xd6, 0x9c, 0xb4, 0x2e, 0x23, 0xd0, 0xc3, 0xac,
+        0x46, 0x6f, 0x3e, 0x05, 0x43, 0xf8, 0x96, 0xa0, 0xe0, 0xfe, 0x17, 0x3f,
+        0xfa, 0xc2, 0xc3, 0xf6, 0x1a, 0x46, 0xd0, 0x05, 0x53, 0x0e, 0xea, 0xd8,
+        0xba, 0xa3, 0xab, 0xb6, 0x58, 0xd1, 0x40, 0x1c, 0x97, 0x38, 0xd4, 0x77,
+        0x58, 0x03, 0xf5, 0x8a, 0xc7, 0x48, 0x19, 0x71, 0x71, 0xb5, 0x4b, 0x08,
+        0x85, 0x35, 0x1c, 0xdf, 0xbd, 0xa9, 0xc9, 0xd1, 0x40, 0x62, 0xa3, 0xd6,
+        0x3b, 0xa1, 0xf7, 0x4e, 0xc6, 0xfe, 0xc4, 0x07, 0x2f, 0xf5, 0xc9, 0x0c,
+        0xb6, 0xa0, 0xb3, 0x25, 0x3e, 0x2a, 0x07, 0xe3, 0x63, 0xe3, 0x9e, 0x8d,
+        0x0d, 0x7a, 0x70, 0x1e, 0x65, 0x95, 0x47, 0x37, 0xa8, 0xd2, 0x35, 0x09,
+        0x09, 0x70, 0xf5, 0xc9, 0xc9, 0x30, 0x95, 0xd9, 0xf2, 0x5d, 0x10, 0x3c,
+        0xc3, 0x66, 0x66, 0xb6, 0xdc, 0x14, 0xf6, 0x91, 0xc2, 0x7b, 0x4b, 0x71,
+        0x42, 0xf9, 0x35, 0xe7, 0x08, 0x1e, 0xb6, 0x9a, 0x5c, 0x0e, 0x8b, 0x41,
+        0x44, 0x7f, 0xad, 0xca, 0x8a, 0x4b, 0x6a, 0x02, 0x81, 0x96, 0xe7, 0xe1,
+        0xb0, 0x5b, 0xaf, 0xf2, 0x17, 0x44, 0x7f, 0xd1, 0x49, 0x77, 0xfd, 0x07,
+        0x59, 0x53, 0x8e, 0x51, 0xac, 0x0f, 0x0c, 0xb4, 0xa3, 0xf6, 0x24, 0x16,
+        0x47, 0xf3, 0xa4, 0x36, 0x17, 0x3e, 0x01, 0x1e, 0xf1, 0xec, 0x78, 0x4a,
+        0xcb, 0xbd, 0x2a, 0xfd, 0x01, 0xdd, 0xa5, 0xad, 0x7b, 0xef, 0x5e, 0x56,
+        0xb2, 0x60, 0xb4, 0xf2, 0x27, 0xc8, 0x9b, 0x5b, 0x31, 0x49, 0x54, 0xbc,
+        0x69, 0x9b, 0xc6, 0x1a, 0x79, 0xe7, 0xd4, 0x46, 0xc8, 0x50, 0xc3, 0xaa,
+        0xfc, 0xb5, 0x28, 0x87, 0x1e, 0xa0, 0x0c, 0xc6, 0x1a, 0xa7, 0x34, 0xd6,
+        0xbb, 0x9d, 0x9c, 0x0d, 0x90, 0x6f, 0x1a, 0x3c, 0xdc, 0x3b, 0x95, 0xc4,
+        0x38, 0x25, 0x7a, 0xc6, 0x46, 0x82, 0x9f, 0x68, 0xca, 0x6a, 0x63, 0xa7,
+        0x99, 0xfe, 0x64, 0xe6, 0x6f, 0x11, 0xcd, 0x2c, 0x76, 0x1e, 0xe6, 0x08,
+        0xb8, 0x33, 0x64, 0x43, 0x51, 0xbd, 0x52, 0xf7, 0x05, 0x06, 0xd5, 0xcc,
+        0x6a, 0xde, 0x1a, 0xa2, 0xbe, 0xf8, 0x8c, 0x44, 0x5e, 0x2d, 0xc2, 0x28,
+        0xcd, 0x9a, 0x53, 0x04, 0x96, 0xcc, 0x1e, 0xbb, 0x96, 0x07, 0xc9, 0x17,
+        0x04, 0xf8, 0xd8, 0xd9, 0xdd, 0x35, 0x35, 0x3d, 0x53, 0x30, 0x60, 0xb3,
+        0x87, 0x5d, 0xf3, 0xe5, 0xa7, 0x20, 0x30, 0x9d, 0xb0, 0x5b, 0xc4, 0x36,
+        0xf7, 0xd7, 0xb6, 0x3e, 0x44, 0x98, 0x99, 0xe7, 0xc3, 0x29, 0xcb, 0x70,
+        0xc4, 0x91, 0x8b, 0xfc, 0x63, 0x60, 0x29, 0x95, 0xeb, 0x61, 0x7f, 0xdf,
+        0xf7, 0x3a, 0x69, 0x3a, 0xeb, 0xa1, 0x73, 0x1d, 0x13, 0x18, 0x29, 0x2c,
+        0x89, 0x82, 0x56, 0x42, 0xe7, 0xa3, 0xba, 0xe9, 0x59, 0x2e, 0xfd, 0xff,
+        0xb6, 0xf7, 0xbd, 0x2a, 0xc9, 0xff, 0x4c, 0x63, 0xef, 0x54, 0x63, 0x82,
+        0x7c, 0xa5, 0x11, 0x44, 0xc7, 0x68, 0xf5, 0x7b, 0x44, 0x2c, 0xee, 0xab,
+        0xa3, 0x84, 0x5a, 0x99, 0x28, 0x98, 0x97, 0x2e, 0x8b, 0x07, 0x09, 0x6c,
+        0xea, 0xc1, 0x81, 0x0b, 0xe0, 0xc4, 0xb7, 0xc2, 0x73, 0xbe, 0x8b, 0x72,
+        0xf8, 0xc9, 0x8d, 0x50, 0x28, 0xf2, 0x95, 0x54, 0x8a, 0x3b, 0x23, 0x86,
+        0xc4, 0xe8, 0xe8, 0xe5, 0x45, 0x0d, 0xdf, 0xa3, 0xe6, 0x00, 0x71, 0xe8,
+        0x20, 0xd2, 0x6d, 0x22, 0x23, 0xaf, 0x37, 0x04, 0x55, 0x05, 0x8d, 0xc9,
+        0x38, 0x38, 0x12, 0x4c, 0x9f, 0x28, 0x56, 0x14, 0x76, 0xe5, 0x10, 0x54,
+        0xd9, 0x68, 0xca, 0xc3, 0x97, 0x9f, 0xd2, 0x25, 0x2c, 0x0d, 0xa0, 0xff,
+        0xea, 0xab, 0x61, 0xd2, 0xb2, 0x06, 0xc2, 0x93, 0xfd, 0x5a, 0xfe, 0xe3,
+        0x98, 0xbf, 0x37, 0x2e, 0xa5, 0x74, 0x56, 0xd0, 0x7a, 0x5a, 0x23, 0x3b,
+        0xd2, 0xa0, 0x1f, 0x4b, 0xeb, 0x7f, 0x5a, 0xc5, 0x51, 0x79, 0xf6, 0x95,
+        0x19, 0x50, 0xb1, 0x6a, 0x80, 0xcb, 0xcf, 0x19, 0xa4, 0x67, 0xf4, 0x08,
+        0x0f, 0x6a, 0xd9, 0x3f, 0x15, 0x96, 0x2c, 0x6d, 0xd5, 0x69, 0x7a, 0x56,
+        0x4d, 0x17, 0xc8, 0xcb, 0xba, 0x9b, 0x6e, 0x65, 0xa2, 0x3d, 0x66, 0xed,
+        0xea, 0xe2, 0x54, 0x88, 0x6c, 0xc1, 0x1a, 0x11, 0xde, 0x4e, 0x0c, 0x8a,
+        0x42, 0x04, 0xe1, 0x77, 0xc3, 0x0c, 0xff, 0x10, 0x7d, 0x4a, 0x45, 0x3f,
+        0xb8, 0x40, 0xf9, 0x75, 0x76, 0x9f, 0x65, 0x42, 0x2f, 0x78, 0x5b, 0x0b,
+        0x32, 0xbc, 0x45, 0xfc, 0xd4, 0x29, 0x49, 0x34, 0x76, 0xda, 0x5f, 0xe8,
+        0x39, 0x35, 0x9e, 0xba, 0x7f, 0x19, 0x7e, 0x14, 0xe6, 0x71, 0x9c, 0x72,
+        0x6a, 0xce, 0xcc, 0xa6, 0x72, 0x73, 0x3f, 0x4e, 0x9b, 0x9e, 0x94, 0x0c,
+        0xce, 0x00, 0x15, 0xb4, 0x50, 0xff, 0xcf, 0xcd, 0x78, 0xd3, 0x08, 0x0e,
+        0x95, 0x48, 0x24, 0x13, 0x16, 0x54, 0xb4, 0xe0, 0xa9, 0x29, 0xa3, 0x05,
+        0x77, 0x2f, 0x5d, 0x47, 0x6a, 0xa5, 0xb0, 0x4e, 0xf3, 0xa9, 0x4a, 0x82,
+        0xb9, 0x2c, 0x26, 0x07, 0x9c, 0x33, 0xc6, 0x68, 0xc2, 0xe0, 0xc0, 0x7d,
+        0x70, 0x48, 0x74, 0xb9, 0xf5, 0x1e, 0x6c, 0x15, 0x7f, 0xba, 0xe5, 0xa1,
+        0xb4, 0x36, 0x41, 0x20, 0xf4, 0x2d, 0x97, 0x27, 0x0b, 0x10, 0x30, 0x57,
+        0x7f, 0x38, 0x66, 0xe1, 0xc4, 0xf6, 0xa4, 0xc9, 0x8d, 0xbc, 0x2b, 0x4f,
+        0x14, 0xb3, 0xf0, 0x1e, 0x80, 0x70, 0xc0, 0x0f, 0x69, 0x06, 0xe7, 0x95,
+        0xd1, 0x53, 0x65, 0x49, 0x1c, 0xa8, 0xfa, 0x9e, 0x2b, 0xcc, 0x33, 0x71,
+        0x76, 0xa4, 0x0b, 0x4a, 0xc7, 0xea, 0xa0, 0xfa, 0x1b, 0x2b, 0xfb, 0xa5,
+        0x59, 0x06, 0x2a, 0xef, 0x4b, 0xbf, 0x05, 0x4b, 0x87, 0x70, 0x3c, 0xde,
+        0xc7, 0xb2, 0x4f, 0xf2, 0x5b, 0x1a, 0xbe, 0xda, 0x04, 0x31, 0x57, 0xff,
+        0xf2, 0xa5, 0x43, 0x12, 0xff, 0x8d, 0xf4, 0x99, 0x05, 0xe1, 0x34, 0xa9,
+        0xb9, 0x0a, 0xb3, 0x1f, 0x3d, 0x6d, 0x0d, 0xb7, 0xd3, 0x35, 0x0b, 0x04,
+        0x44, 0x77, 0x60, 0xc0, 0x96, 0x99, 0x7b, 0xa8, 0x8e, 0x79, 0x4a, 0x96,
+        0x24, 0xef, 0xb1, 0xf4, 0x8a, 0x2f, 0x3e, 0x08, 0xf3, 0x3d, 0xf2, 0xfe,
+        0x5f, 0x0a, 0xf7, 0x0a, 0xf5, 0xd8, 0xf2, 0xa0, 0x1b, 0xe7, 0x9e, 0xc9,
+        0x0b, 0xcf, 0x58, 0x97, 0x92, 0x90, 0xad, 0x3d, 0xfc, 0x42, 0xc1, 0x7f,
+        0x39, 0xe8, 0xd1, 0x35, 0x14, 0x8a, 0xb3, 0x77, 0xb1, 0xa9, 0xdb, 0xb4,
+        0x3a, 0x3d, 0xeb, 0x59, 0x0b, 0x5b, 0x3a, 0x63, 0x54, 0x70, 0xda, 0xf0,
+        0xf0, 0xb9, 0xe6, 0x07, 0x69, 0x27, 0x9d, 0xc6, 0xb6, 0x00, 0x2d, 0xd6,
+        0xc7, 0xd7, 0x2e, 0xf8, 0x9c, 0xfe, 0x4c, 0xfb, 0xc0, 0x7b, 0xbf, 0xa2,
+        0x25, 0xb8, 0x2a, 0x5c, 0x06, 0xca, 0x12, 0x2c, 0x96, 0xa4, 0x27, 0xa6,
+        0x73, 0x0b, 0xb8, 0x42, 0x93, 0x51, 0x87, 0xfe, 0xe6, 0x8f, 0xca, 0x00,
+        0x53, 0xdc, 0xc0, 0x38, 0x03, 0x9e, 0x66, 0x13, 0x84, 0x68, 0xe7, 0x04,
+        0x93, 0x79, 0x0c, 0x3e, 0x4c, 0x90, 0xe2, 0xf7, 0x81, 0x15, 0x49, 0x05,
+        0xe1, 0x8f, 0xe6, 0xfc, 0xc8, 0x40, 0xae, 0x3d, 0x7a, 0x16, 0xec, 0xc6,
+        0x39, 0xa5, 0x04, 0x95, 0x35, 0xac, 0xdd, 0x0d, 0x19, 0xd6, 0xa9, 0xd9,
+        0xd2, 0x53, 0x71, 0x31, 0x38, 0xa2, 0xf1, 0x9c, 0x13, 0x2c, 0x8c, 0x21,
+        0x9c, 0x3a, 0x1b, 0xf2, 0xd8, 0x4c, 0xeb, 0xe9, 0x8b, 0x27, 0x52, 0xd3,
+        0x6c, 0x01, 0xc0, 0x60, 0x32, 0x8c, 0x6e, 0xfb, 0xd6, 0xd6, 0x1b, 0xc6,
+        0x93, 0xff, 0xdc, 0xdb, 0x38, 0xf5, 0x0e, 0xd5, 0x15, 0xcd, 0x65, 0x76,
+        0x78, 0x42, 0x13, 0x37, 0x6b, 0x2e, 0xe8, 0xe2, 0x54, 0x4d, 0x45, 0x34,
+        0x73, 0x1b, 0x61, 0x35, 0x2c, 0xf7, 0x20, 0x3e, 0xe9, 0x7c, 0xf0, 0xf3,
+        0xba, 0x41, 0xfc, 0x49, 0xe4, 0x5d, 0xd4, 0xb8, 0x07, 0x15, 0x7b, 0x16,
+        0xc7, 0x7f, 0x78, 0xef, 0xd6, 0x53, 0x3f, 0xe4, 0xa6, 0x33, 0xcf, 0xcc,
+        0x78, 0x53, 0x0c, 0x59, 0xf7, 0x28, 0xa5, 0x83, 0x2b, 0x5a, 0xd3, 0xd6,
+        0xb7, 0xb2, 0xd1, 0x73, 0x63, 0xa9, 0xad, 0x16, 0xf2, 0xed, 0x48, 0x6e,
+        0x88, 0x22, 0xbd, 0x16, 0x9d, 0x6a, 0xc2, 0x48, 0x83, 0xdf, 0x40, 0xb7,
+        0x0a, 0x50, 0x23, 0x3d, 0x58, 0x50, 0x00, 0x02, 0x04, 0xd2, 0x31, 0x72,
+        0x28, 0x7b, 0x10, 0x96, 0xe0, 0xe7, 0x3f, 0xe0, 0xd0, 0x61, 0x70, 0x5c,
+        0x0a, 0xdb, 0xc0, 0x7b, 0xea, 0xef, 0xba, 0xc0, 0x90, 0xe0, 0xf9, 0x0e,
+        0x83, 0x8c, 0x3b, 0x05, 0x2b, 0xb6, 0xcb, 0xbb, 0x37, 0xa1, 0xd3, 0x28,
+        0x02, 0x40, 0xe3, 0x76, 0xbf, 0x27, 0x0b, 0x4f, 0x82, 0xb9, 0x22, 0xee,
+        0x0b, 0x3a, 0xcb, 0xcc, 0x56, 0x13, 0x51, 0xb8, 0xb6, 0x2d, 0xd3, 0x6c,
+        0x96, 0x10, 0xd9, 0x51, 0x24, 0x7b, 0x2b, 0xb8, 0x7b, 0xbd, 0x8d, 0xd9,
+        0xf2, 0x50, 0x61, 0xbb, 0x0c, 0xb7, 0x71, 0x65, 0x3a, 0x25, 0x18, 0x09,
+        0x1a, 0x9d, 0x41, 0xf4, 0xdb, 0x5a, 0x1c, 0x61, 0x0a, 0xbb, 0x43, 0x27,
+        0x8a, 0xa8, 0x83, 0x60, 0x8c, 0x5d, 0x4c, 0x9b, 0xa9, 0xe5, 0xa7, 0x67,
+        0x99, 0x98, 0xdc, 0x7a, 0x3a, 0x55, 0x0d, 0x25, 0x69, 0x47, 0x21, 0xb1,
+        0xd7, 0x0c, 0x0c, 0x43, 0x58, 0xc9, 0xbf, 0x74, 0x91, 0x1b, 0x2b, 0xf3,
+        0x29, 0x8d, 0x10, 0x41, 0xaf, 0xdd, 0x42, 0x0a, 0x71, 0xe3, 0xb8, 0x4d,
+        0x3a, 0xf3, 0x9c, 0x5a, 0x46, 0x4e, 0x70, 0xbe, 0xdb, 0x0d, 0x03, 0xee,
+        0xcb, 0xfb, 0x61, 0x45, 0xbd, 0x25, 0xb4, 0x72, 0xd1, 0x51, 0x03, 0x19,
+        0x82, 0x53, 0x83, 0x18, 0xab, 0xa3, 0x6c, 0x9e, 0xa2, 0xe9, 0x15, 0xb1,
+        0x74, 0x61, 0xa1, 0xaf, 0x09, 0x4b, 0x4a, 0x34, 0x9b, 0xd0, 0xd2, 0x80,
+        0x43, 0xd9, 0x90, 0x53, 0x71, 0x38, 0xb9, 0x80, 0x58, 0x1b, 0x9f, 0x9e,
+        0xfe, 0x07, 0x1b, 0x33, 0x24, 0xb2, 0x58, 0x7f, 0x01, 0xbe, 0xe8, 0x25,
+        0x53, 0x08, 0x06, 0x77, 0x7d, 0x5a, 0x16, 0x83, 0x67, 0x91, 0x0b, 0xa2,
+        0xd2, 0x1e, 0x5f, 0x9c, 0x39, 0xda, 0x57, 0xbc, 0x67, 0xc5, 0x39, 0xbe,
+        0xb9, 0x73, 0x03, 0x19, 0x97, 0x34, 0x4f, 0x1e, 0x6b, 0x4d, 0x87, 0xef,
+        0x79, 0x4f, 0xd1, 0xdd, 0x80, 0x13, 0xbe, 0x3b, 0x0f, 0xea, 0x77, 0x9a,
+        0x1a, 0x46, 0x63, 0xc5, 0x2f, 0x93, 0xfe, 0x18, 0x71, 0xfb, 0x70, 0xbf,
+        0x85, 0x3b, 0x3e, 0x54, 0xe6, 0xf8, 0xe0, 0xb9, 0xd0, 0x9d, 0xf5, 0x2b,
+        0x12, 0x22, 0x39, 0x6a, 0x8d, 0x13, 0xa1, 0x3a, 0x95, 0xd0, 0xe7, 0x07,
+        0xa4, 0x2c, 0x33, 0xba, 0x43, 0x1d, 0xd8, 0xb5, 0xd0, 0x8e, 0x6c, 0x85,
+        0x6f, 0xf8, 0x8f, 0xd3, 0x72, 0x65, 0xc1, 0xff, 0x8f, 0xf6, 0xb5, 0x19,
+        0x59, 0x34, 0xf9, 0xe8, 0xdb, 0xf3, 0x10, 0x68, 0xbd, 0xd5, 0x59, 0xf7,
+        0xe5, 0xf2, 0x84, 0x98, 0x8d, 0xd6, 0x6f, 0xcc, 0xde, 0xc5, 0xee, 0xf7,
+        0x16, 0xca, 0xec, 0xc4, 0x00, 0x89, 0x2e, 0x0d, 0x0d, 0xb6, 0xa8, 0xe0,
+        0x9a, 0xb0, 0xe5, 0x8e, 0xb6, 0x64, 0x47, 0x7d, 0x01, 0x59, 0x8a, 0x90,
+        0xa6, 0x9b, 0x2b, 0x63, 0xad, 0x70, 0xc8, 0x07, 0x36, 0x3e, 0xa9, 0x8f,
+        0xd9, 0xc2, 0xf7, 0x4b, 0xec, 0x95, 0x53, 0xec, 0x6b, 0x2d, 0x1f, 0xb5,
+        0x91, 0xbf, 0x9f, 0xc5, 0x85, 0x61, 0x3a, 0xc7, 0x5c, 0x15, 0x2a, 0x0b,
+        0x4b, 0x3c, 0x38, 0x6d, 0xc9, 0x2c, 0x91, 0x11, 0xc6, 0x6b, 0x44, 0x71,
+        0x9f, 0x89, 0xd5, 0xde, 0x27, 0x99, 0x81, 0xa2, 0x59, 0x8b, 0x57, 0x97,
+        0x83, 0x46, 0x33, 0xe1, 0x8c, 0xdf, 0xcf, 0x5b, 0x6b, 0xb3, 0x0e, 0x17,
+        0x1a, 0xb8, 0x7d, 0x6e, 0x71, 0xe5, 0xc8, 0x4c, 0xa9, 0xe2, 0x52, 0x81,
+        0xf6, 0x2f, 0x3a, 0xef, 0x5a, 0x1b, 0x6b, 0x7b, 0x61, 0x51, 0xcb, 0xd5,
+        0x7b, 0x5f, 0xf0, 0x1c, 0xb8, 0xeb, 0x9a, 0xe4, 0x0a, 0x6e, 0x53, 0x59,
+        0x2e, 0x2d, 0x78, 0x27, 0xb7, 0x47, 0x35, 0x1a, 0x01, 0x25, 0x0a, 0xcc,
+        0x67, 0xae, 0xda, 0xaf, 0xfe, 0x22, 0x63, 0xe8, 0xa2, 0x1c, 0x34, 0xe6,
+        0x6b, 0x73, 0xcf, 0x6f, 0x3e, 0x0a, 0x4a, 0x36, 0xbc, 0xda, 0x43, 0xbc,
+        0x5e, 0x9c, 0x91, 0xe4, 0x8b, 0x34, 0x2e, 0x09, 0x87, 0x69, 0x96, 0x93,
+        0xb4, 0xff, 0x97, 0xbc, 0x4e, 0xd6, 0xa2, 0xb4, 0x16, 0x78, 0x7c, 0x62,
+        0xd0, 0x78, 0x3f, 0x37, 0xdb, 0xf2, 0x92, 0xad, 0x9b, 0x51, 0x77, 0x08,
+        0x19, 0xd2, 0x09, 0x12, 0xf7, 0x52, 0xe8, 0xc8, 0xb2, 0xfb, 0x6f, 0xcd,
+        0x05, 0x5b, 0xd2, 0x8e, 0x0d, 0x6e, 0x0c, 0x16, 0x5b, 0x8a, 0xc2, 0x09,
+        0x13, 0x3b, 0x69, 0x85, 0xbd, 0xc0, 0xcc, 0x2b, 0x48, 0x65, 0xa7, 0xc1,
+        0xc3, 0xe0, 0xea, 0x14, 0x67, 0x6f, 0xa4, 0xb8, 0xc6, 0xf0, 0x12, 0x3e,
+        0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = {
+    0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
+    0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
+    0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2,
+    0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04,
+    0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca,
+    0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7,
+    0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99,
+    0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66,
+    0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2,
+    0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb,
+    0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a,
+    0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74,
+    0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd,
+    0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b,
+    0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13,
+    0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47,
+    0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b,
+    0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3,
+    0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0,
+    0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46,
+    0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35,
+    0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1,
+    0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73,
+    0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87,
+    0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe,
+    0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa,
+    0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10,
+    0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1,
+    0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8,
+    0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde,
+    0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f,
+    0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12,
+    0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e,
+    0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e,
+    0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2,
+    0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9,
+    0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89,
+    0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf,
+    0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9,
+    0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45,
+    0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a,
+    0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33,
+    0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad,
+    0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd,
+    0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8,
+    0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25,
+    0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd,
+    0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8,
+    0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a,
+    0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd,
+    0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d,
+    0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84,
+    0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba,
+    0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90,
+    0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49,
+    0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c,
+    0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05,
+    0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a,
+    0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5,
+    0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75,
+    0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f,
+    0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61,
+    0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e,
+    0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72,
+    0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e,
+    0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9,
+    0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6,
+    0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4,
+    0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1,
+    0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99,
+    0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6,
+    0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e,
+    0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c,
+    0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea,
+    0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62,
+    0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca,
+    0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b,
+    0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78,
+    0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab,
+    0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4,
+    0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20,
+    0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92,
+    0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80,
+    0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb,
+    0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3,
+    0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5,
+    0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74,
+    0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7,
+    0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20,
+    0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7,
+    0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02,
+    0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4,
+    0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6,
+    0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf,
+    0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94,
+    0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76,
+    0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f,
+    0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74,
+    0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88,
+    0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08,
+    0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57,
+    0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04,
+    0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16,
+    0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07,
+    0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45,
+    0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5,
+    0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5,
+    0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7,
+    0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d,
+    0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16,
+    0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1,
+    0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82,
+    0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d,
+    0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47,
+    0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11,
+    0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f,
+    0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc,
+    0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69,
+    0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50,
+    0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1,
+    0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74,
+    0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8,
+    0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92,
+    0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5,
+    0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d,
+    0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7,
+    0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f,
+    0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42,
+    0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4,
+    0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2,
+    0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36,
+    0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30,
+    0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68,
+    0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41,
+    0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0,
+    0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce,
+    0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce,
+    0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c,
+    0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83,
+    0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9,
+    0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca,
+    0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec,
+    0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15,
+    0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e,
+    0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab,
+    0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34,
+    0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03,
+    0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0,
+    0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea,
+    0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7,
+    0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32,
+    0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8,
+    0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9,
+    0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce,
+    0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee,
+    0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe,
+    0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e,
+    0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8,
+    0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7,
+    0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a,
+    0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98,
+    0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47,
+    0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe,
+    0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5,
+    0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74,
+    0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e,
+    0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92,
+    0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12,
+    0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab,
+    0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25,
+    0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80,
+    0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55,
+    0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0,
+    0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20,
+    0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda,
+    0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76,
+    0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b,
+    0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e,
+    0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7,
+    0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1,
+    0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5,
+    0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f,
+    0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15,
+    0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94,
+    0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7,
+    0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12,
+    0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd,
+    0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7,
+    0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b,
+    0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68,
+    0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e,
+    0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98,
+    0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61,
+    0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6,
+    0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5,
+    0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89,
+    0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7,
+    0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7,
+    0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd,
+    0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37,
+    0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e,
+    0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff,
+    0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e,
+    0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb,
+    0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8,
+    0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2,
+    0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20,
+    0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73,
+    0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e,
+    0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1,
+    0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1,
+    0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c,
+    0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3,
+    0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42,
+    0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21,
+    0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f,
+    0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb,
+    0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76,
+    0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66,
+    0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36,
+    0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8,
+    0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee,
+    0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10,
+    0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1,
+    0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec,
+    0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f,
+    0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61,
+    0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9,
+    0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0,
+    0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06,
+    0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b,
+    0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07,
+    0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31,
+    0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12,
+    0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab,
+    0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73,
+    0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6,
+    0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe,
+    0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7,
+    0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12,
+    0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8,
+    0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69,
+    0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43,
+    0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26,
+    0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0,
+    0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61,
+    0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45,
+    0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83,
+    0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63,
+    0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e,
+    0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9,
+    0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad,
+    0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52,
+    0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9,
+    0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f,
+    0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4,
+    0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d,
+    0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73,
+    0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a,
+    0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe,
+    0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd,
+    0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24,
+    0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf,
+    0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3,
+    0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38,
+    0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e,
+    0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b,
+    0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38,
+    0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c,
+    0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3,
+    0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb,
+    0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2,
+    0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44,
+    0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33,
+    0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25,
+    0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27,
+    0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a,
+    0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2,
+    0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d,
+    0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d,
+    0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd,
+    0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d,
+    0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01,
+    0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91,
+    0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86,
+    0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d,
+    0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69,
+    0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f,
+    0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21,
+    0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4,
+    0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89,
+    0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05,
+    0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c,
+    0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf,
+    0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3,
+    0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d,
+    0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42,
+    0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7,
+    0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20,
+    0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0,
+    0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6,
+    0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5,
+    0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9,
+    0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8,
+    0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f,
+    0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a,
+    0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a,
+    0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16,
+    0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33,
+    0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76,
+    0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8,
+    0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde,
+    0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7,
+    0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00,
+    0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92,
+    0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d,
+    0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4,
+    0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7,
+    0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a,
+    0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef,
+    0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba,
+    0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12,
+    0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1,
+    0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46,
+    0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2,
+    0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5,
+    0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d,
+    0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e,
+    0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28
+    };
+#endif
+    wc_test_ret_t ret;
+
+    ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
+        (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig,
+        (word32)sizeof(ml_dsa_65_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT,
+            ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key),
+            ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig));
+    }
+#endif
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+static wc_test_ret_t dilithium_param_87_vfy_test(void)
+{
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
+        0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
+        0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04,
+        0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87,
+        0x98, 0x64, 0x88, 0x82, 0x3a, 0x31, 0xbd, 0xec, 0x66, 0xcb, 0x01, 0x90,
+        0xf9, 0x85, 0xcc, 0xde, 0x54, 0x69, 0x7d, 0x84, 0xb3, 0x84, 0x3c, 0x42,
+        0x0d, 0x09, 0x63, 0xdb, 0xe6, 0x5d, 0xc2, 0x8a, 0xcf, 0xe1, 0xf4, 0x86,
+        0x13, 0x05, 0x09, 0x9a, 0x4d, 0x05, 0xd4, 0x31, 0xe7, 0x27, 0x39, 0xfd,
+        0x3a, 0xdb, 0x63, 0x9f, 0x1c, 0x67, 0x0b, 0x01, 0xec, 0xf9, 0xff, 0xf3,
+        0xda, 0xa9, 0xf4, 0x9a, 0x59, 0x52, 0x76, 0xc2, 0xd2, 0xd5, 0xdd, 0x8d,
+        0xb1, 0xa2, 0xef, 0xb3, 0x73, 0x99, 0xe3, 0xcd, 0x1c, 0xf5, 0xca, 0x6e,
+        0x39, 0xfa, 0x26, 0x83, 0x45, 0xe7, 0xd0, 0x9c, 0x1b, 0xf7, 0xb2, 0x64,
+        0xf1, 0x70, 0x00, 0x10, 0xc0, 0x7c, 0x7f, 0xb2, 0x32, 0xce, 0x6d, 0x71,
+        0xa5, 0x43, 0x7c, 0x40, 0x71, 0x09, 0x54, 0x74, 0xac, 0xb5, 0xeb, 0xe0,
+        0x04, 0x02, 0xe5, 0x82, 0x4d, 0x5a, 0x85, 0x1e, 0x19, 0x86, 0x39, 0x33,
+        0x92, 0x2f, 0xa9, 0xa8, 0x10, 0xd2, 0x31, 0x60, 0x16, 0x08, 0x99, 0xe3,
+        0x2c, 0x93, 0x13, 0xc4, 0x4b, 0x10, 0xe0, 0x42, 0xca, 0x3f, 0x32, 0xa7,
+        0xa4, 0xd2, 0xfc, 0x9c, 0x93, 0xb6, 0x5f, 0xe2, 0x5b, 0x6e, 0x40, 0x0c,
+        0x63, 0xf8, 0xf8, 0xe1, 0x2d, 0xcd, 0x86, 0x07, 0x79, 0xdb, 0x61, 0xad,
+        0x24, 0xfd, 0x1e, 0x66, 0x3e, 0x8d, 0x76, 0xba, 0x98, 0x8e, 0x94, 0xc7,
+        0x57, 0xb1, 0x65, 0xce, 0x4f, 0x97, 0xfa, 0x34, 0x7c, 0x97, 0x6b, 0xcd,
+        0x3c, 0x42, 0x81, 0xa4, 0xd1, 0x75, 0xeb, 0x6d, 0x0c, 0x31, 0x0e, 0x6f,
+        0xd5, 0x75, 0xe7, 0xff, 0x83, 0xdd, 0x7a, 0x4d, 0x83, 0x67, 0xa7, 0x4b,
+        0xc1, 0x74, 0xad, 0x37, 0x38, 0x99, 0xe0, 0xf5, 0x5a, 0x44, 0x36, 0xa2,
+        0x20, 0x2b, 0xfc, 0xc9, 0xfa, 0x68, 0xcb, 0xf0, 0x6f, 0x0a, 0x46, 0x1d,
+        0xb5, 0xca, 0x5b, 0x96, 0x1b, 0x3a, 0xaf, 0x7d, 0x01, 0x7a, 0xd2, 0x09,
+        0xcc, 0xd4, 0xe4, 0xb1, 0x49, 0x34, 0x56, 0x68, 0x9c, 0x0f, 0x23, 0xe9,
+        0xb3, 0x4b, 0xed, 0x3d, 0xe7, 0x8d, 0x19, 0x6e, 0xe6, 0xfa, 0x06, 0x55,
+        0xb8, 0x06, 0x4d, 0xa8, 0x45, 0x20, 0x91, 0xf7, 0xfa, 0x0b, 0x6b, 0xce,
+        0x55, 0xa7, 0x14, 0x1b, 0xf9, 0xea, 0xc5, 0x79, 0x78, 0xf7, 0x3a, 0xd9,
+        0xfc, 0x07, 0x43, 0x06, 0x90, 0x94, 0x5e, 0xc9, 0x48, 0x51, 0xe5, 0x96,
+        0x68, 0x78, 0xc8, 0xcb, 0xd1, 0xf3, 0x65, 0xef, 0x14, 0x91, 0xa3, 0xca,
+        0x8b, 0x77, 0x40, 0x84, 0xf4, 0x2e, 0xe7, 0x56, 0xe3, 0xab, 0xa0, 0xa8,
+        0x61, 0x93, 0x17, 0x95, 0x9e, 0xff, 0x3a, 0xd4, 0x12, 0xea, 0x13, 0xe6,
+        0x82, 0x16, 0xed, 0x14, 0x70, 0x91, 0xcc, 0x72, 0x58, 0x99, 0xa1, 0x7f,
+        0xf3, 0x84, 0x10, 0xf4, 0x01, 0x0d, 0x05, 0x45, 0x4d, 0xca, 0x05, 0x03,
+        0x75, 0x7e, 0xbb, 0x44, 0x2e, 0xf5, 0xee, 0xed, 0x64, 0x9b, 0xd3, 0xde,
+        0x3e, 0xfc, 0x31, 0x8c, 0xca, 0x23, 0x66, 0x25, 0xac, 0x5f, 0x0f, 0x33,
+        0x0f, 0xd2, 0xe9, 0xc9, 0x96, 0x2a, 0xe2, 0xb8, 0xed, 0x93, 0xd3, 0x78,
+        0xd8, 0x81, 0xe4, 0x52, 0x9a, 0xc6, 0x64, 0x1d, 0x2d, 0x5f, 0x93, 0x9a,
+        0x2e, 0x73, 0xc4, 0x17, 0xae, 0xc6, 0x08, 0x0d, 0x2d, 0xe9, 0x4b, 0x10,
+        0x29, 0xa8, 0x4e, 0x8c, 0x08, 0x59, 0x87, 0x10, 0x0d, 0x5d, 0xfa, 0xec,
+        0xd6, 0x42, 0xf6, 0x5c, 0xa4, 0x0d, 0xaa, 0x64, 0x8e, 0x20, 0xa5, 0x50,
+        0x9f, 0x0b, 0x85, 0x37, 0x57, 0x15, 0x7c, 0xb1, 0xe4, 0xdd, 0xd5, 0x19,
+        0x3b, 0x10, 0x7d, 0x22, 0xdb, 0x53, 0x8b, 0x7b, 0x32, 0xf7, 0xf2, 0x24,
+        0x92, 0xb2, 0x05, 0xd1, 0xfd, 0xfc, 0x11, 0xd6, 0xfd, 0x3c, 0x8d, 0xd7,
+        0xb0, 0x58, 0x50, 0x06, 0x84, 0x61, 0xa6, 0x78, 0x04, 0x1d, 0x7f, 0x92,
+        0x0e, 0x8b, 0xb3, 0x63, 0x43, 0xc5, 0x30, 0x4c, 0xce, 0x2b, 0x44, 0x70,
+        0x53, 0x7c, 0xb5, 0xbd, 0x30, 0xcb, 0x41, 0x19, 0x27, 0x69, 0xfe, 0x41,
+        0x92, 0xae, 0xf0, 0x37, 0x33, 0xf0, 0x95, 0xe4, 0xe8, 0x4f, 0x75, 0x41,
+        0x64, 0x87, 0xc5, 0x68, 0xd3, 0xce, 0xfa, 0xaa, 0xe8, 0x59, 0x88, 0xfe,
+        0x24, 0x46, 0x27, 0x60, 0x71, 0x36, 0x78, 0x66, 0x3c, 0x36, 0x8e, 0xdb,
+        0x90, 0x67, 0xa5, 0x6a, 0xfe, 0xd3, 0x23, 0x28, 0x91, 0x34, 0x24, 0x67,
+        0x4b, 0x01, 0x6a, 0x0e, 0x02, 0xb7, 0xf0, 0xa8, 0xd4, 0x76, 0xd5, 0xa8,
+        0x1c, 0xd3, 0xb3, 0x7d, 0x74, 0xc6, 0x17, 0x96, 0xa7, 0xf9, 0xad, 0x24,
+        0x36, 0xd2, 0xeb, 0x34, 0x5a, 0xcc, 0x9c, 0x01, 0x99, 0xbe, 0x21, 0x4f,
+        0x27, 0x9d, 0x6b, 0xca, 0x27, 0x1b, 0x60, 0x51, 0x41, 0x23, 0xe1, 0xcb,
+        0xfc, 0x17, 0x2e, 0x1a, 0x4d, 0x3d, 0x51, 0xb3, 0x91, 0x8c, 0x53, 0x4d,
+        0xd7, 0xbc, 0xa4, 0x07, 0xd7, 0x17, 0x19, 0x18, 0x61, 0x38, 0x4e, 0x05,
+        0x81, 0x3f, 0x43, 0x8a, 0x00, 0x60, 0xdc, 0x30, 0xf4, 0x38, 0x3f, 0x93,
+        0x82, 0x10, 0x29, 0x73, 0xa9, 0xbd, 0x63, 0x15, 0x7d, 0xac, 0x2e, 0xc9,
+        0x05, 0xc1, 0x01, 0x41, 0x18, 0x5a, 0xc0, 0xc8, 0xc7, 0x81, 0x69, 0xe7,
+        0x24, 0x21, 0x57, 0xaf, 0x88, 0x73, 0x7c, 0x53, 0x29, 0xae, 0x5a, 0xdf,
+        0x76, 0x37, 0x56, 0x4f, 0x1f, 0x6b, 0xfd, 0x71, 0xbb, 0x80, 0x4a, 0xd7,
+        0x53, 0x50, 0x10, 0x2d, 0xfc, 0x1a, 0xaf, 0x7c, 0x1f, 0xe8, 0xd0, 0x6c,
+        0xa6, 0x45, 0x3d, 0xb5, 0x3d, 0xb2, 0xfc, 0x97, 0xa9, 0xbf, 0x7c, 0x0f,
+        0x32, 0x7a, 0xcc, 0xa9, 0x2f, 0xd0, 0xc6, 0xe6, 0xcd, 0x04, 0x1d, 0x71,
+        0x91, 0xb9, 0x59, 0x4b, 0xad, 0xa0, 0xde, 0x9e, 0xdc, 0x9c, 0x10, 0xeb,
+        0x8d, 0xd6, 0x65, 0x57, 0xbc, 0x96, 0xfd, 0x0f, 0xcc, 0x73, 0xbe, 0x39,
+        0x27, 0x99, 0x94, 0xf5, 0xe1, 0xbb, 0x32, 0xcd, 0x27, 0x7e, 0x08, 0xa0,
+        0xd2, 0x92, 0x39, 0xeb, 0x71, 0xc8, 0xe8, 0x34, 0x57, 0x34, 0x4b, 0x20,
+        0x3f, 0xe2, 0x68, 0xec, 0xc0, 0x8a, 0x71, 0xa3, 0x16, 0xa2, 0x91, 0x77,
+        0xde, 0x41, 0x12, 0xa5, 0xf5, 0x2a, 0x63, 0x60, 0x55, 0xd0, 0x33, 0xa4,
+        0xa7, 0x2e, 0xcb, 0x80, 0x08, 0xe5, 0x76, 0x16, 0x75, 0x04, 0x57, 0xe3,
+        0x14, 0x71, 0x4e, 0x57, 0x29, 0x23, 0x0e, 0xc0, 0xcc, 0xad, 0xba, 0xdc,
+        0x96, 0x5d, 0x23, 0x49, 0x42, 0xd8, 0x91, 0x08, 0x0d, 0x52, 0xf4, 0x5f,
+        0xcd, 0xb7, 0x03, 0xaa, 0x73, 0x26, 0xa8, 0xd5, 0x5b, 0x0c, 0x85, 0xc8,
+        0x84, 0x50, 0x9e, 0x70, 0x18, 0x45, 0x27, 0x82, 0x20, 0x75, 0xad, 0x52,
+        0x5c, 0x80, 0x4b, 0xb1, 0x0b, 0x3b, 0x30, 0x39, 0x02, 0x54, 0x18, 0x5d,
+        0x02, 0x9e, 0x85, 0x31, 0x4a, 0x07, 0x9c, 0x59, 0x5d, 0xab, 0x13, 0x4f,
+        0x8f, 0x6e, 0x39, 0x20, 0xb2, 0xc5, 0x31, 0x93, 0xc6, 0xcc, 0xfb, 0xdc,
+        0x15, 0xba, 0x3d, 0xcc, 0xbb, 0xd2, 0x6f, 0x04, 0x21, 0xdf, 0x0b, 0x27,
+        0x5c, 0xd2, 0x6e, 0xfa, 0xda, 0x86, 0x5d, 0xe4, 0xca, 0xa4, 0x90, 0x22,
+        0xa2, 0x80, 0xb5, 0x33, 0x17, 0xdb, 0x9b, 0x7b, 0x0a, 0xcc, 0x0f, 0x9b,
+        0x38, 0x06, 0xdf, 0x10, 0x11, 0xa1, 0xd7, 0x2c, 0x24, 0xf0, 0xa8, 0x34,
+        0x24, 0xfb, 0x99, 0xba, 0x0a, 0xb5, 0xa1, 0x94, 0x6c, 0x2d, 0xf8, 0xda,
+        0x74, 0xaf, 0x19, 0x59, 0x84, 0xb2, 0x68, 0x1c, 0xef, 0xa1, 0xf5, 0x18,
+        0x8f, 0x10, 0xf6, 0xb3, 0x6d, 0x33, 0x87, 0xe0, 0x25, 0xc8, 0x65, 0x5c,
+        0x2f, 0x51, 0x07, 0x83, 0x69, 0x1b, 0xce, 0xa8, 0xe6, 0xe4, 0x27, 0x62,
+        0x5d, 0x9b, 0x7f, 0xa7, 0x07, 0xc8, 0x54, 0x86, 0x90, 0xa5, 0x06, 0x6a,
+        0x94, 0x80, 0x84, 0x97, 0xaa, 0x2a, 0xb9, 0x79, 0xe5, 0x19, 0x7a, 0x91,
+        0xef, 0x8b, 0x58, 0xdc, 0xf9, 0x90, 0x94, 0xa2, 0x25, 0x4c, 0x69, 0xd8,
+        0x6e, 0x9e, 0xad, 0xf8, 0x82, 0x17, 0x37, 0xc9, 0x20, 0x15, 0x24, 0x40,
+        0xe5, 0xc6, 0xc1, 0xc7, 0xbd, 0xd4, 0x62, 0xff, 0x16, 0x6d, 0xa5, 0xec,
+        0xe9, 0x67, 0x41, 0x9d, 0x3e, 0xfb, 0x22, 0x81, 0x80, 0x61, 0x37, 0x45,
+        0xa5, 0x9f, 0x70, 0xff, 0xd4, 0x99, 0x3d, 0x79, 0x45, 0xd0, 0x27, 0xc2,
+        0x32, 0xbe, 0xd4, 0xe2, 0x53, 0xa8, 0x8c, 0x94, 0x8b, 0xbe, 0x8a, 0x43,
+        0xf7, 0x2a, 0x28, 0x49, 0xf4, 0xce, 0x2e, 0x0b, 0x98, 0xc7, 0xaf, 0x7d,
+        0x51, 0x2e, 0xda, 0xd0, 0x7a, 0xfa, 0x91, 0x3a, 0xe6, 0xe7, 0x64, 0xd6,
+        0x09, 0xd8, 0x5d, 0x6a, 0x97, 0xcf, 0x89, 0x96, 0x72, 0x21, 0x97, 0x61,
+        0xc5, 0x1b, 0xd8, 0xa1, 0xf0, 0xcd, 0x9d, 0xe4, 0xe9, 0x13, 0xd0, 0x16,
+        0x41, 0x20, 0xa4, 0x2c, 0x33, 0xf5, 0x3d, 0xfe, 0x80, 0xe8, 0xb2, 0x52,
+        0x0e, 0x18, 0x31, 0x19, 0x50, 0xeb, 0xc6, 0x99, 0x43, 0xab, 0x9a, 0x59,
+        0x5d, 0x6c, 0x84, 0x00, 0x88, 0x45, 0x7c, 0x73, 0xdf, 0x56, 0x61, 0x3a,
+        0xe1, 0x55, 0xb8, 0x59, 0x13, 0xcc, 0x0e, 0x53, 0xe9, 0xf4, 0x74, 0xa0,
+        0xf2, 0x15, 0xd2, 0xa8, 0xf9, 0xd4, 0x0d, 0x3d, 0xe7, 0x3d, 0x7d, 0x5b,
+        0x19, 0x89, 0x8b, 0x2c, 0x4d, 0x8a, 0xeb, 0xc3, 0x43, 0x31, 0x9a, 0x45,
+        0x72, 0x5b, 0x25, 0xb6, 0xa2, 0xc1, 0x98, 0xe3, 0x8a, 0xd4, 0x90, 0xd0,
+        0x3e, 0x13, 0xf0, 0xd7, 0x90, 0x34, 0x94, 0xcc, 0xf1, 0x0a, 0xa9, 0x30,
+        0xd1, 0x95, 0x43, 0x07, 0xcd, 0xd2, 0xca, 0xb0, 0xe5, 0xd4, 0xf1, 0xa1,
+        0xc5, 0x9b, 0xf4, 0x98, 0x28, 0xba, 0xde, 0x40, 0xd6, 0x98, 0x98, 0x20,
+        0x9c, 0x84, 0x9e, 0xc6, 0x57, 0xd8, 0x84, 0xc4, 0xa2, 0x9b, 0x53, 0x50,
+        0xa5, 0xa6, 0x0b, 0x47, 0xe8, 0x08, 0x7d, 0xd7, 0x09, 0xa4, 0x0c, 0x2b,
+        0x27, 0xde, 0xf9, 0x78, 0xbc, 0xa4, 0xb6, 0xc6, 0x1b, 0xda, 0xce, 0x6a,
+        0xf8, 0x1a, 0xf5, 0xfe, 0x7b, 0xab, 0x58, 0x7c, 0xdc, 0x72, 0x02, 0x94,
+        0x99, 0xf0, 0x3c, 0x37, 0x87, 0x5b, 0xd2, 0x4b, 0x5a, 0x80, 0x83, 0xd7,
+        0xfc, 0x9d, 0xa7, 0x51, 0x81, 0xb8, 0x62, 0xff, 0x4b, 0xb3, 0x9f, 0x07,
+        0xc3, 0x54, 0xfb, 0x41, 0x85, 0x42, 0x9d, 0xac, 0x27, 0x81, 0x2e, 0xaf,
+        0x98, 0x67, 0x8c, 0x23, 0xad, 0x45, 0xfe, 0x6a, 0x57, 0x9f, 0x18, 0xc5,
+        0x71, 0x8c, 0xad, 0x3f, 0x30, 0x3c, 0xaa, 0x47, 0x8d, 0xba, 0xc8, 0x7f,
+        0x03, 0x1c, 0x86, 0xee, 0xba, 0x3f, 0x59, 0x45, 0xd4, 0xd0, 0xf5, 0x54,
+        0x9e, 0xcb, 0x08, 0xcf, 0xca, 0x40, 0x0a, 0x06, 0xc0, 0x1e, 0x60, 0x1f,
+        0x33, 0xbf, 0x2c, 0xa8, 0x5f, 0xce, 0x23, 0xa0, 0xe2, 0x1c, 0x2d, 0x56,
+        0x2a, 0x44, 0x61, 0x58, 0xf1, 0x84, 0x63, 0x4f, 0x0d, 0x5e, 0xfb, 0x83,
+        0x0f, 0x36, 0x1b, 0xf4, 0x8f, 0x17, 0x82, 0x2e, 0x04, 0x2c, 0x77, 0x9d,
+        0x32, 0x58, 0xb8, 0xb0, 0xf9, 0x44, 0xd2, 0xf6, 0x84, 0xa4, 0x8b, 0x28,
+        0x53, 0xd6, 0x99, 0x81, 0x84, 0x43, 0xf0, 0xc1, 0x15, 0xc6, 0x74, 0x4f,
+        0xab, 0x05, 0xcc, 0x80, 0xdf, 0xef, 0xcf, 0xaf, 0x14, 0x82, 0xdf, 0x51,
+        0x7c, 0x28, 0x5e, 0x5b, 0x27, 0x5e, 0x91, 0x8b, 0x54, 0x3d, 0x54, 0x26,
+        0xb0, 0x3f, 0xd7, 0xc5, 0xce, 0xf3, 0x6d, 0x2c, 0x12, 0xc6, 0xb4, 0x48,
+        0x60, 0x11, 0x9c, 0xef, 0x29, 0x98, 0x9c, 0x76, 0x4e, 0x73, 0x2b, 0xd2,
+        0x23, 0x53, 0x7d, 0x03, 0xc2, 0x2f, 0x8a, 0xa1, 0xe2, 0x84, 0x54, 0x2d,
+        0xd8, 0xc6, 0x55, 0x77, 0x9d, 0x07, 0x67, 0x1f, 0x1a, 0xd3, 0x57, 0x4c,
+        0x25, 0x79, 0x8f, 0xd8, 0x82, 0xc2, 0x4d, 0x87, 0x84, 0x33, 0xdc, 0x47,
+        0xed, 0x9e, 0xfb, 0xd2, 0x62, 0xc8, 0x50, 0x76, 0xda, 0x3c, 0x3c, 0x05,
+        0x0e, 0x2d, 0x30, 0x56, 0xca, 0x4d, 0x6a, 0xe2, 0x17, 0x24, 0x26, 0x9c,
+        0xff, 0x09, 0xec, 0xb3, 0x94, 0xec, 0xab, 0x69, 0xb2, 0xf0, 0xa5, 0x66,
+        0x18, 0x92, 0x49, 0x6b, 0x90, 0xf5, 0x77, 0x5a, 0x18, 0xe5, 0x51, 0x36,
+        0x4a, 0x35, 0x54, 0x98, 0x48, 0x04, 0xa9, 0x0f, 0xcb, 0x55, 0xf1, 0x71,
+        0xad, 0x1a, 0x4a, 0x2c, 0x0e, 0x5d, 0x5e, 0x77, 0x47, 0xf5, 0x46, 0x17,
+        0x6b, 0x94, 0x2a, 0xbc, 0x40, 0xe5, 0xa7, 0xa6, 0x88, 0x41, 0x76, 0x22,
+        0x47, 0xd1, 0xe8, 0x2b, 0x18, 0x48, 0x21, 0xc0, 0xe8, 0x4f, 0xe2, 0xb2,
+        0x7e, 0x03, 0xbb, 0x25, 0x9c, 0xc8, 0x68, 0x66, 0x48, 0x25, 0x6a, 0xf2,
+        0x64, 0x29, 0xec, 0x79, 0xba, 0xdb, 0x34, 0xe1, 0xd4, 0xf9, 0x52, 0x0e,
+        0xfd, 0x8d, 0x86, 0x94, 0x71, 0xd8, 0xe0, 0x86, 0x02, 0x9b, 0xd4, 0x65,
+        0x69, 0x5e, 0x01, 0x32, 0x87, 0x59, 0xd8, 0x6c, 0xbc, 0x8a, 0x9f, 0x58,
+        0x28, 0x8c, 0x97, 0xef, 0x33, 0xb2, 0xda, 0x45, 0xa0, 0xec, 0xe5, 0x5b,
+        0xac, 0xc6, 0x65, 0xc1, 0xb6, 0xcb, 0xf7, 0x85, 0x0e, 0xfa, 0x78, 0x36,
+        0x30, 0x84, 0x90, 0xa8, 0xf8, 0x42, 0x25, 0xa5, 0xdd, 0xdc, 0xdc, 0x89,
+        0xd3, 0xf0, 0x73, 0x9a, 0xd8, 0x95, 0x8f, 0x04, 0xbf, 0xc1, 0xfd, 0x94,
+        0xff, 0xe6, 0xf8, 0x4e, 0xc6, 0x43, 0xc9, 0x60, 0x30, 0xe9, 0x68, 0xa8,
+        0x76, 0xfb, 0xfa, 0xdf, 0xc0, 0x9b, 0xbc, 0xbc, 0x34, 0xe4, 0x38, 0xfd,
+        0x93, 0xb0, 0x47, 0xb2, 0x3e, 0x83, 0x6c, 0xef, 0xe1, 0xaf, 0x35, 0xb4,
+        0x90, 0x2a, 0x32, 0xaf, 0x25, 0x3f, 0x3e, 0x72, 0x61, 0xc0, 0x0f, 0x29,
+        0xbb, 0x46, 0x6e, 0x2e, 0x94, 0x7d, 0xdd, 0xb7, 0x67, 0x1f, 0x7b, 0x64,
+        0xcb, 0xa5, 0x9a, 0x58, 0x63, 0x20, 0xa7, 0xc0, 0x94, 0xa9, 0xad, 0x90,
+        0x7d, 0xf3, 0x2b, 0x61, 0x2b, 0x64, 0x3d, 0x8a, 0xc3, 0xd1, 0xcb, 0xad,
+        0x36, 0x44, 0xe6, 0x29, 0x8b, 0x3d, 0x95, 0x7c, 0xa7, 0xa2, 0xfa, 0x1b,
+        0x16, 0x8d, 0x9e, 0xc4, 0xf8, 0x4c, 0x76, 0x20, 0x00, 0x68, 0x07, 0x99,
+        0x9c, 0x60, 0xe6, 0x16, 0x6a, 0x6f, 0x8a, 0xbe, 0x71, 0x95, 0xa1, 0xcb,
+        0xfe, 0x7c, 0x41, 0x59, 0x61, 0x20, 0xf9, 0x54, 0x3c, 0xb1, 0x19, 0x5c,
+        0x42, 0x67, 0x3f, 0xff, 0xf3, 0x32, 0x21, 0x9c, 0x9e, 0x88, 0xf9, 0x97,
+        0x00, 0x43, 0x73, 0x4a, 0xfc, 0x54, 0xeb, 0x27, 0x79, 0x14, 0x85, 0xd3,
+        0xdc, 0x47, 0xb3, 0x6d, 0x24, 0xd3, 0xf7, 0x7a, 0xfb, 0x90, 0x7c, 0x6e,
+        0xcd, 0x4e, 0xbf, 0x26, 0x76, 0xd2, 0xe8, 0xcc, 0x67, 0xd1, 0x23, 0x3c,
+        0x94, 0x16, 0x1e, 0x07, 0x36, 0x7c, 0x96, 0xf6, 0xe8, 0x50, 0x72, 0x26,
+        0x56, 0x67, 0x89, 0xa9, 0x11, 0xfb, 0x1d, 0xb8, 0xb9, 0x2a, 0x55, 0xb7,
+        0x85, 0xf7, 0x40, 0xa2, 0xfc, 0x9f, 0x30, 0xec, 0x8f, 0x9a, 0x1c, 0xc8,
+        0xe4, 0xc5, 0x1f, 0xcb, 0x0a, 0x60, 0x80, 0x41, 0xec, 0x88, 0x8a, 0xda,
+        0x7c, 0x7a, 0xa1, 0x96, 0x51, 0x62, 0x16, 0x63, 0x75, 0x36, 0x28, 0x7c,
+        0xc9, 0xd0, 0x27, 0x0c, 0x9e, 0x18, 0x4a, 0x82, 0xf7, 0x02, 0xb9, 0x40,
+        0x8f, 0xd5, 0x97, 0x7a, 0x35, 0xa9, 0x3a, 0xb3, 0x8b, 0x6b, 0xf1, 0x9a,
+        0xd1, 0xe7, 0x14, 0x38, 0x5e, 0xba, 0x8c, 0xbf, 0x32, 0xaa, 0x34, 0x30,
+        0x7c, 0x1e, 0x11, 0xcd, 0x1f, 0x9f, 0xcf, 0x4d, 0x14, 0xce, 0x67, 0xf9,
+        0x9c, 0x89, 0x07, 0x92, 0x44, 0x6e, 0x9a, 0x16, 0xe4, 0xfb, 0x67, 0x01,
+        0x3f, 0x4c, 0x14, 0x89, 0x33, 0x87, 0x46, 0xc6, 0xe4, 0x66, 0x94, 0xd4,
+        0x87, 0x4f, 0x2c, 0x92, 0x1b, 0xae, 0x82, 0xe7, 0x99, 0xaa, 0xb4, 0x99,
+        0x81, 0x26, 0xa6, 0x6f, 0x1d, 0xc1, 0x95, 0x80, 0xe9, 0xea, 0xe3, 0x44,
+        0x6a, 0x2b, 0xd2, 0xe0, 0x0d, 0x69, 0x42, 0xf7, 0x27, 0x6b, 0x4f, 0x02,
+        0x7a, 0x33, 0x7b, 0x43, 0x3d, 0xef, 0x10, 0xaa, 0xab, 0xc5, 0xa2, 0xf0,
+        0xbb, 0x07, 0x4b, 0x26, 0x0c, 0x58, 0xcd, 0x3b, 0xd2, 0x6d, 0xa5, 0x32,
+        0x37, 0x88, 0x4e, 0x8b, 0xe3, 0x75, 0xb0, 0xbb, 0x87, 0xea, 0xa4, 0x53,
+        0xf3, 0xff, 0x39, 0x92, 0x44, 0xab, 0x7b, 0x71, 0x62, 0x31, 0x6b, 0x31,
+        0xca, 0x97, 0xba, 0xd7, 0x41, 0xe0, 0x47, 0x47, 0x4f, 0x77, 0xa2, 0x35,
+        0x62, 0x7a, 0xc1, 0xb6, 0x69, 0x10, 0x09, 0xce, 0xfc, 0x92, 0xcc, 0xc5,
+        0x7a, 0x11, 0xf1, 0xc1, 0xa0, 0x80, 0xe5, 0x42, 0x17, 0xb6, 0x3f, 0xab,
+        0xc1, 0xa2, 0x41, 0xfb, 0xe3, 0x98, 0x2d, 0x7a, 0xe4, 0x1b, 0x1f, 0x7e,
+        0x71, 0x3c, 0x3e, 0x90, 0x8c, 0x60, 0x30, 0xb7, 0x73, 0x06, 0x1f, 0x8a,
+        0xce, 0x50, 0x20, 0x7c, 0xfa, 0x8c, 0xf2, 0x14, 0xd9, 0x00, 0xa2, 0x21,
+        0xea, 0x10, 0x36, 0x21, 0x6f, 0x7f, 0x13, 0xe3, 0x6c, 0xb2, 0xd6, 0xa5,
+        0xa6, 0x6e, 0xa9, 0xe7, 0x1d, 0xdf, 0xc9, 0x97, 0x60, 0x75, 0xa3, 0x55,
+        0xa1, 0x2c, 0x94, 0xd7, 0x85, 0x4b, 0x44, 0xc6, 0x9c, 0x17, 0xc2, 0xad,
+        0xe6, 0x56, 0x72, 0x1d, 0xb9, 0x13, 0x54, 0xfe, 0x8c, 0xec, 0xf4, 0xa3,
+        0x54, 0x6b, 0x31, 0xbc, 0x55, 0x9e, 0x01, 0xd4, 0x9b, 0x24, 0x9e, 0x51,
+        0xaf, 0x67, 0x76, 0x02, 0xf7, 0x34, 0x6a, 0xaa, 0xb0, 0x3c, 0x70, 0x2e,
+        0xc8, 0x86, 0xfa, 0x40, 0x89, 0x12, 0xb7, 0x49, 0x38, 0x0b, 0xf7, 0x66,
+        0xd2, 0x2e, 0x58, 0xf1, 0x22, 0x3b, 0xb3, 0x40, 0x6b, 0x7a, 0x68, 0x4d,
+        0x42, 0xfd, 0xbf, 0xa0, 0xf7, 0x2f, 0x63, 0x4a, 0x87, 0xe7, 0x99, 0x52,
+        0x6e, 0xe7, 0xdd, 0xca, 0x19, 0x71, 0xee, 0x92, 0xe2, 0x68, 0x0e, 0xe1,
+        0xb7, 0x90, 0x1f, 0xc4, 0xef, 0xf8, 0xf6, 0x85, 0x53, 0x18, 0x33, 0x86,
+        0x15, 0xc8, 0x29, 0x58, 0x6f, 0xf0, 0x1c, 0x14, 0x73, 0xa9, 0x8e, 0x88,
+        0x74, 0xd4, 0x21, 0xf5, 0xc6, 0x7c, 0xd8, 0x96, 0x0f, 0xb0, 0xa6, 0x7b,
+        0xf7, 0x72, 0x15, 0xd7, 0x30, 0x6b, 0x15, 0x1d, 0x3f, 0xb7, 0x4e, 0xaa,
+        0xc0, 0x52, 0x1d, 0x84, 0xbf, 0x98, 0xbd, 0x33, 0x02, 0xab, 0x8b, 0xd0,
+        0x9c, 0x85, 0x2f, 0xa3, 0xfb, 0x46, 0x8d, 0x4d, 0x97, 0x1a, 0x8a, 0x3c,
+        0x73, 0x5b, 0x3b, 0x58, 0x26, 0xba, 0x6b, 0x45, 0x2e, 0x24, 0x66, 0x79,
+        0x7d, 0xc4, 0xf8, 0x8c, 0x05, 0x7d, 0x5c, 0x23, 0xb9, 0xe8, 0x5d, 0xfe,
+        0xc9, 0x84, 0xe5, 0x58, 0x40, 0xa4, 0xb7, 0x55, 0x74, 0x69, 0x92, 0x9c,
+        0x3e, 0x19, 0xb1, 0xb6, 0x51, 0xe9, 0x71, 0xcc, 0x96, 0x2b, 0x01, 0x71,
+        0xf5, 0xb9, 0xde, 0x77, 0xfe, 0x2e, 0x74, 0x9c, 0x6a, 0x52, 0x17, 0x1e,
+        0xea, 0xd9, 0xc8, 0x14, 0xbe, 0x61, 0xdf, 0xe9, 0x96, 0x24, 0x5a, 0x9a,
+        0xd8, 0xd7, 0xad, 0x71, 0xe0, 0xf4, 0xbb, 0x9e, 0xae, 0x95, 0xcd, 0x58,
+        0x94, 0x81, 0xee, 0x46, 0x84, 0x65, 0x39, 0xb1, 0x1b, 0x1e, 0xf5, 0x50,
+        0xad, 0x56, 0x58, 0xb7, 0x53, 0x9b, 0x2a, 0x2f, 0x09, 0x61, 0x57, 0xda,
+        0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2,
+        0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
+        0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0,
+    0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c,
+    0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75,
+    0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6,
+    0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0,
+    0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d,
+    0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f,
+    0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1,
+    0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31,
+    0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23,
+    0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13,
+    0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23,
+    0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b,
+    0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4,
+    0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d,
+    0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6,
+    0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a,
+    0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a,
+    0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6,
+    0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41,
+    0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21,
+    0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55,
+    0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d,
+    0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35,
+    0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27,
+    0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9,
+    0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9,
+    0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18,
+    0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4,
+    0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf,
+    0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79,
+    0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57,
+    0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68,
+    0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67,
+    0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac,
+    0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68,
+    0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7,
+    0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08,
+    0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5,
+    0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0,
+    0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9,
+    0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88,
+    0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6,
+    0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff,
+    0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68,
+    0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde,
+    0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5,
+    0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02,
+    0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f,
+    0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90,
+    0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51,
+    0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d,
+    0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e,
+    0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0,
+    0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb,
+    0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a,
+    0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41,
+    0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6,
+    0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c,
+    0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f,
+    0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec,
+    0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7,
+    0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02,
+    0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8,
+    0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13,
+    0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54,
+    0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23,
+    0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb,
+    0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13,
+    0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c,
+    0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa,
+    0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb,
+    0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae,
+    0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64,
+    0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7,
+    0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75,
+    0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2,
+    0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00,
+    0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd,
+    0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86,
+    0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67,
+    0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43,
+    0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f,
+    0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20,
+    0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b,
+    0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7,
+    0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68,
+    0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9,
+    0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84,
+    0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98,
+    0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35,
+    0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81,
+    0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e,
+    0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc,
+    0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c,
+    0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45,
+    0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd,
+    0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20,
+    0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab,
+    0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69,
+    0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99,
+    0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4,
+    0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a,
+    0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba,
+    0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50,
+    0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae,
+    0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2,
+    0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62,
+    0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e,
+    0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c,
+    0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a,
+    0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70,
+    0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d,
+    0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72,
+    0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb,
+    0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a,
+    0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99,
+    0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c,
+    0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39,
+    0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2,
+    0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf,
+    0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69,
+    0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17,
+    0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6,
+    0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b,
+    0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5,
+    0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1,
+    0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31,
+    0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76,
+    0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81,
+    0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35,
+    0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73,
+    0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d,
+    0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3,
+    0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74,
+    0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8,
+    0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68,
+    0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa,
+    0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08,
+    0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b,
+    0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93,
+    0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb,
+    0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88,
+    0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc,
+    0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3,
+    0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b,
+    0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34,
+    0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92,
+    0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c,
+    0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3,
+    0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a,
+    0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1,
+    0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15,
+    0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe,
+    0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a,
+    0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61,
+    0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf,
+    0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d,
+    0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a,
+    0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38,
+    0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4,
+    0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6,
+    0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72,
+    0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78,
+    0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52,
+    0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3,
+    0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b,
+    0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55,
+    0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1,
+    0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa,
+    0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66,
+    0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45,
+    0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45,
+    0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a,
+    0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40,
+    0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3,
+    0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77,
+    0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53,
+    0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90,
+    0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37,
+    0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5,
+    0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10,
+    0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc,
+    0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f,
+    0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f,
+    0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f,
+    0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce,
+    0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25,
+    0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac,
+    0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7,
+    0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad,
+    0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97,
+    0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88,
+    0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba,
+    0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b,
+    0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d,
+    0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b,
+    0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5,
+    0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2,
+    0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a,
+    0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49,
+    0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c,
+    0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99,
+    0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47,
+    0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde,
+    0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc,
+    0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6,
+    0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58,
+    0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c,
+    0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e,
+    0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5,
+    0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71,
+    0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf,
+    0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00,
+    0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9,
+    0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5,
+    0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd,
+    0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3,
+    0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e,
+    0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51,
+    0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3,
+    0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d,
+    0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a,
+    0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71,
+    0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37,
+    0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58,
+    0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6,
+    0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25,
+    0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64,
+    0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6,
+    0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f,
+    0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4,
+    0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc,
+    0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25,
+    0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18,
+    0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1,
+    0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d,
+    0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce,
+    0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34,
+    0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9,
+    0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18,
+    0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88,
+    0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e,
+    0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30,
+    0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f,
+    0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64,
+    0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32,
+    0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa,
+    0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d,
+    0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d,
+    0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5,
+    0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8,
+    0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25,
+    0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
+    0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
+    0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
+    0x0a, 0x93
+    };
+#endif
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = {
+        0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f,
+        0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b,
+        0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba,
+        0xfd, 0xd3, 0xf8, 0x71, 0x49, 0xd8, 0x31, 0xbc, 0x48, 0x83, 0x22, 0x7b,
+        0xfd, 0x6a, 0x93, 0xa6, 0x39, 0x4c, 0xda, 0xdb, 0x15, 0xe7, 0x41, 0x14,
+        0xb4, 0xb8, 0xfe, 0xb0, 0x1f, 0xf9, 0x0a, 0x2c, 0x0b, 0xc0, 0xac, 0x09,
+        0x84, 0x69, 0x5e, 0x64, 0x8c, 0xa8, 0xee, 0xa1, 0x52, 0x22, 0xde, 0x0d,
+        0xc7, 0x25, 0xef, 0xa8, 0xfd, 0x8c, 0xb9, 0x45, 0x4f, 0xa4, 0x9c, 0xbc,
+        0x70, 0xf2, 0x88, 0xea, 0x79, 0x13, 0xb0, 0xfc, 0xe6, 0x41, 0x48, 0x1c,
+        0x33, 0x48, 0xa2, 0x77, 0x75, 0x37, 0x9f, 0xc1, 0x86, 0x94, 0xcd, 0x69,
+        0x98, 0x87, 0x47, 0x49, 0x75, 0x93, 0xf1, 0xa4, 0x2d, 0x8e, 0xa8, 0x7e,
+        0x0f, 0x95, 0xf5, 0x3e, 0x5d, 0x31, 0x2d, 0xc9, 0x58, 0x1c, 0x42, 0xfd,
+        0x79, 0x6a, 0x49, 0xa3, 0x84, 0xc5, 0x2e, 0x8d, 0x96, 0x9c, 0xc8, 0x05,
+        0x93, 0xdb, 0x6d, 0xbf, 0x83, 0x34, 0xc2, 0x81, 0x47, 0x90, 0xc9, 0xa9,
+        0x82, 0xbd, 0xe1, 0xc8, 0x89, 0xa2, 0x36, 0x47, 0xed, 0xfb, 0x47, 0x57,
+        0x01, 0x1a, 0x75, 0x8c, 0x6b, 0x83, 0xcf, 0x56, 0xae, 0x52, 0x66, 0x8b,
+        0xab, 0x7f, 0x0c, 0xec, 0xde, 0x5c, 0x13, 0xbe, 0xbd, 0x5b, 0x74, 0x28,
+        0xb5, 0xd7, 0x68, 0xd5, 0xd2, 0xe9, 0x96, 0x3b, 0x55, 0xda, 0x3a, 0x93,
+        0x3c, 0xd9, 0x9f, 0x53, 0x2a, 0x31, 0x84, 0x45, 0x3f, 0xee, 0x2b, 0xfc,
+        0x92, 0xb0, 0x9c, 0xc6, 0x16, 0x16, 0x4f, 0x33, 0x41, 0x17, 0x58, 0xbe,
+        0x5d, 0x57, 0x4b, 0x04, 0x82, 0xe3, 0xb3, 0x68, 0xdf, 0x7c, 0x93, 0xce,
+        0x9d, 0xf6, 0x7e, 0x21, 0x3d, 0x28, 0x1c, 0xf0, 0x37, 0x46, 0xf2, 0xc2,
+        0x73, 0x7c, 0xbe, 0x98, 0x0e, 0x09, 0x75, 0xa7, 0x21, 0x11, 0xa9, 0xd6,
+        0xd1, 0x47, 0xac, 0xd0, 0x19, 0x48, 0x3b, 0x74, 0xc1, 0x3c, 0x37, 0x43,
+        0x49, 0x12, 0x62, 0xee, 0xaf, 0x5c, 0x38, 0xf7, 0x8a, 0xce, 0xb3, 0x7a,
+        0x05, 0x16, 0xd4, 0x71, 0x8b, 0xbe, 0x1a, 0xe0, 0x1e, 0xbc, 0x4b, 0x54,
+        0x0f, 0xb5, 0x73, 0x2b, 0xb8, 0x3a, 0x75, 0xf0, 0x26, 0xcd, 0xf9, 0xca,
+        0x32, 0xf9, 0x7e, 0x15, 0x38, 0x75, 0x9c, 0x4d, 0xbc, 0x11, 0xf8, 0xea,
+        0x8e, 0xe8, 0x38, 0x17, 0xc5, 0x62, 0xf4, 0x34, 0xfb, 0xd6, 0xf5, 0x76,
+        0xfc, 0xa3, 0xf3, 0x44, 0xf9, 0xab, 0x2e, 0x9a, 0x68, 0xcd, 0xa1, 0x29,
+        0xff, 0xda, 0xe8, 0xb5, 0xb0, 0x20, 0x5d, 0x02, 0x01, 0x62, 0x26, 0x44,
+        0x32, 0xc8, 0x94, 0xf8, 0xf1, 0xaa, 0xf9, 0xc2, 0x86, 0xcb, 0x55, 0x7f,
+        0x8d, 0xb3, 0xf6, 0x63, 0xb1, 0xa4, 0x95, 0x57, 0xb8, 0x1d, 0xc3, 0x42,
+        0xd2, 0x4b, 0x69, 0xcd, 0x7a, 0x10, 0x5b, 0x6a, 0x13, 0xd1, 0x02, 0x98,
+        0x38, 0x87, 0x9b, 0x9a, 0x5a, 0x66, 0x73, 0xcb, 0x75, 0xd0, 0x7a, 0x4b,
+        0xad, 0x23, 0x06, 0x1c, 0xc8, 0x6b, 0x0c, 0xa8, 0xfe, 0x7b, 0x8f, 0x65,
+        0x50, 0xd7, 0xf7, 0x76, 0x88, 0x42, 0xe0, 0x5e, 0x18, 0x91, 0x8b, 0x99,
+        0x37, 0x56, 0x08, 0x91, 0xe7, 0x01, 0xe7, 0x05, 0xd5, 0xed, 0x43, 0x25,
+        0x71, 0x7e, 0x3e, 0xfc, 0xc4, 0xfd, 0xed, 0x8b, 0x85, 0x16, 0x8c, 0xe3,
+        0x05, 0xee, 0x51, 0x02, 0xa4, 0x4b, 0xd8, 0x3c, 0xcf, 0x4d, 0x2f, 0x2d,
+        0x68, 0x6e, 0xc1, 0xd5, 0xfa, 0x91, 0xfd, 0x6a, 0xe0, 0x64, 0x85, 0x35,
+        0x9c, 0x75, 0xe6, 0x0d, 0xb8, 0xec, 0x97, 0x88, 0x62, 0x98, 0x78, 0x75,
+        0xc7, 0x1e, 0x68, 0xa7, 0xb9, 0x7b, 0xab, 0x75, 0x7a, 0x72, 0x3c, 0x7b,
+        0xab, 0x60, 0x03, 0xb7, 0x38, 0x13, 0xe4, 0x96, 0x6e, 0xcb, 0x95, 0xcc,
+        0xdc, 0x6a, 0x47, 0x67, 0x77, 0xd7, 0x95, 0xc4, 0x87, 0x66, 0xc2, 0x7e,
+        0x42, 0x90, 0x59, 0x4f, 0xd6, 0xf3, 0xf4, 0xa7, 0xd0, 0x29, 0xf9, 0x5d,
+        0x4b, 0x06, 0x06, 0xf7, 0x6e, 0xb2, 0xab, 0xb0, 0x8e, 0x21, 0xa6, 0xff,
+        0x5e, 0x7b, 0x47, 0xb6, 0x3a, 0xa6, 0x9e, 0x19, 0xf6, 0xdf, 0x9b, 0x3b,
+        0x3d, 0x07, 0x37, 0xd1, 0x0b, 0xa8, 0xf3, 0x9c, 0x43, 0x89, 0xee, 0xba,
+        0x03, 0xee, 0x38, 0x74, 0x13, 0x09, 0x8e, 0x47, 0x4e, 0xa9, 0x14, 0xf5,
+        0xb0, 0x55, 0xe0, 0x03, 0xe5, 0xb9, 0x53, 0xef, 0x03, 0x15, 0x60, 0xb3,
+        0x4a, 0x71, 0x31, 0x4b, 0xf1, 0xc8, 0xe4, 0x63, 0x9b, 0x8b, 0x78, 0x3c,
+        0x1f, 0xac, 0x27, 0x20, 0xa8, 0x53, 0x7d, 0xdd, 0x72, 0xd3, 0x90, 0x8f,
+        0x71, 0xa6, 0xa7, 0xeb, 0xb0, 0xeb, 0x42, 0x96, 0xa4, 0xc3, 0xba, 0xc6,
+        0x3c, 0xe7, 0x7b, 0x15, 0x1e, 0xfa, 0x15, 0x23, 0x37, 0xf3, 0xc8, 0xb2,
+        0xf9, 0x46, 0x04, 0xd1, 0x5e, 0x44, 0xd7, 0x8f, 0x70, 0xb1, 0x0a, 0xde,
+        0x6a, 0xe3, 0xaf, 0x9e, 0x49, 0x55, 0x78, 0x79, 0x11, 0x22, 0x87, 0xa9,
+        0x54, 0x7c, 0xb4, 0x83, 0xe1, 0x25, 0xcd, 0x89, 0xa6, 0x91, 0x21, 0x7b,
+        0xbe, 0x3d, 0x2f, 0x46, 0xb5, 0x5b, 0x50, 0x1a, 0xc8, 0x8d, 0x32, 0xf3,
+        0x62, 0x1f, 0x24, 0x64, 0xe8, 0xb6, 0x02, 0x4f, 0x1f, 0x52, 0x3c, 0x40,
+        0xfc, 0x72, 0x38, 0xd4, 0xba, 0x40, 0x8e, 0xb7, 0xc0, 0x97, 0x06, 0x16,
+        0xd5, 0xe3, 0x39, 0x45, 0xd7, 0x7c, 0x0e, 0xed, 0x6b, 0x19, 0x19, 0x0a,
+        0x8e, 0xcb, 0x2b, 0xee, 0x4d, 0xa1, 0x5e, 0x84, 0x22, 0x66, 0xcd, 0x4f,
+        0xb9, 0x1a, 0x25, 0x85, 0x02, 0xc0, 0x67, 0xc4, 0xd5, 0x1a, 0xcb, 0xbb,
+        0xde, 0x4d, 0x3c, 0x3c, 0x62, 0x9f, 0x76, 0x8f, 0x15, 0x29, 0xa5, 0xbb,
+        0x5a, 0x48, 0x38, 0x66, 0xfa, 0x56, 0x0a, 0x09, 0xbd, 0xdf, 0xdf, 0x4a,
+        0xe7, 0x0e, 0xa6, 0xb1, 0xb5, 0x7c, 0xe1, 0xed, 0x8d, 0x63, 0x07, 0x42,
+        0xf3, 0xf8, 0x15, 0x28, 0x7c, 0x09, 0xf5, 0x02, 0x69, 0x1b, 0x88, 0x1e,
+        0x3d, 0xad, 0x5f, 0x46, 0xed, 0xab, 0x2b, 0x11, 0x96, 0x73, 0xa8, 0xe8,
+        0xe6, 0x64, 0x7d, 0xae, 0x13, 0xa1, 0x7d, 0x54, 0xae, 0xc0, 0x82, 0xeb,
+        0x2a, 0xd1, 0x76, 0xb7, 0x9f, 0xbd, 0x33, 0x8f, 0xe7, 0xe6, 0x79, 0x92,
+        0xa6, 0xaf, 0x61, 0x91, 0x49, 0xbc, 0xd2, 0x3c, 0x6f, 0x8b, 0xbe, 0x8f,
+        0x5f, 0x1f, 0x00, 0x2c, 0x2e, 0x2c, 0xa0, 0x14, 0xcf, 0x34, 0x42, 0x44,
+        0x41, 0x11, 0xd7, 0x37, 0xd3, 0x99, 0x44, 0x36, 0x43, 0x03, 0xb9, 0x50,
+        0x4f, 0xab, 0xfe, 0x48, 0xe2, 0x4b, 0xed, 0x51, 0x8b, 0xe0, 0x04, 0x3c,
+        0x93, 0x28, 0x55, 0xc8, 0x5a, 0xb3, 0x52, 0x2c, 0x56, 0xbd, 0x43, 0xb9,
+        0x4a, 0x6c, 0x4c, 0xcc, 0xda, 0xba, 0x9c, 0xe6, 0x3e, 0x50, 0x8b, 0x1a,
+        0xe5, 0x83, 0xc1, 0x60, 0x55, 0xb2, 0x02, 0x16, 0x54, 0x33, 0x62, 0x69,
+        0x7c, 0x7d, 0x94, 0xf2, 0xb0, 0x3a, 0x22, 0xf0, 0x21, 0x46, 0xd7, 0x94,
+        0x53, 0xec, 0x63, 0x4c, 0x3e, 0xc3, 0x71, 0xd1, 0xb9, 0x2e, 0x16, 0xe8,
+        0x17, 0x63, 0x7e, 0x0c, 0x83, 0x05, 0x72, 0xe6, 0x20, 0x60, 0x34, 0xae,
+        0x0e, 0x54, 0xa0, 0x57, 0x75, 0x93, 0x2e, 0xb8, 0x6c, 0xec, 0xda, 0x44,
+        0x1b, 0xac, 0xd6, 0x75, 0xc5, 0x79, 0x3c, 0xc2, 0xa6, 0xa2, 0x7f, 0x3a,
+        0xb0, 0xec, 0xeb, 0xc1, 0xe6, 0xd6, 0xae, 0xac, 0x2e, 0x55, 0x30, 0x1c,
+        0x81, 0xa4, 0x4c, 0x35, 0x0e, 0xd8, 0xa6, 0x4e, 0xea, 0x0e, 0xbf, 0x79,
+        0xf7, 0xdf, 0x55, 0xfc, 0xf9, 0x24, 0xb0, 0xa6, 0xba, 0xc3, 0x72, 0x42,
+        0x60, 0x06, 0x44, 0x03, 0xe3, 0x40, 0x3c, 0x2a, 0x13, 0xf7, 0xdf, 0x3d,
+        0xb7, 0x0d, 0x86, 0x6c, 0xb0, 0x0f, 0x2e, 0x72, 0x91, 0x16, 0x4f, 0x5f,
+        0xd0, 0x3e, 0x8c, 0x36, 0xed, 0xa8, 0x6f, 0xbc, 0x65, 0xb0, 0x65, 0x99,
+        0x47, 0x50, 0xa5, 0x9c, 0xea, 0xee, 0x8a, 0x44, 0x70, 0xf5, 0x31, 0x1a,
+        0xe9, 0x11, 0xc1, 0xce, 0xe0, 0x21, 0x52, 0x70, 0x89, 0xf7, 0xc3, 0x35,
+        0xfa, 0x55, 0x5a, 0xc5, 0x10, 0x02, 0xc4, 0xc7, 0xf7, 0xe1, 0xaf, 0x49,
+        0x48, 0x61, 0xe7, 0x0d, 0xa1, 0x2d, 0x7d, 0x03, 0x00, 0x38, 0xa7, 0xd5,
+        0xd3, 0xbf, 0x95, 0x29, 0xed, 0xcc, 0x70, 0x3e, 0xbe, 0x95, 0x8a, 0xdf,
+        0xaf, 0xbf, 0xec, 0xf8, 0x6a, 0x4f, 0x9e, 0x69, 0xee, 0x4e, 0x3d, 0x8b,
+        0x58, 0xa0, 0x2e, 0xb5, 0x83, 0x6a, 0x0e, 0x04, 0xa4, 0xa9, 0x74, 0xcb,
+        0x4f, 0xb0, 0x39, 0x37, 0x8f, 0xcf, 0xbf, 0x77, 0xe4, 0x1a, 0x74, 0xcf,
+        0x0e, 0x0d, 0x2d, 0x6e, 0x1d, 0xba, 0xc1, 0xf5, 0x7c, 0x54, 0x6e, 0x92,
+        0xec, 0x4b, 0x03, 0xc3, 0xa4, 0x44, 0xad, 0x3e, 0x4f, 0xa4, 0xd9, 0xe9,
+        0x71, 0x3c, 0xe6, 0xb6, 0xbe, 0xe7, 0xfc, 0x72, 0x76, 0x86, 0x9a, 0x73,
+        0xb1, 0xb3, 0xf3, 0x84, 0xb6, 0x2a, 0x40, 0x0b, 0x8c, 0xae, 0xb3, 0xc4,
+        0xdc, 0xb5, 0x21, 0x85, 0x87, 0xdc, 0x19, 0x18, 0xd5, 0xba, 0xa4, 0x5e,
+        0x88, 0x89, 0xa4, 0xf4, 0x88, 0x75, 0xc2, 0x7a, 0xb4, 0xee, 0x9d, 0x54,
+        0x66, 0x97, 0x70, 0x08, 0x8f, 0x99, 0x84, 0x5d, 0x5e, 0xa7, 0x6f, 0x92,
+        0xe8, 0xa3, 0x65, 0xfa, 0x0e, 0x87, 0xfb, 0x3c, 0xe9, 0x17, 0x2d, 0xc7,
+        0x2d, 0x30, 0x8f, 0x41, 0x82, 0x68, 0x2b, 0xf1, 0x67, 0x8e, 0xf7, 0x05,
+        0x78, 0xfa, 0xc3, 0x61, 0xba, 0x35, 0xe7, 0x2f, 0x19, 0xef, 0x71, 0x36,
+        0xac, 0x5b, 0xf0, 0x45, 0x30, 0x70, 0xdc, 0xc7, 0xab, 0x7b, 0x62, 0x17,
+        0x9d, 0xc4, 0x43, 0x6f, 0xfc, 0x02, 0x56, 0x5f, 0x65, 0xaa, 0x68, 0x3b,
+        0x5c, 0xfa, 0x71, 0x28, 0x89, 0xe9, 0x28, 0x2f, 0x95, 0x4b, 0xfc, 0xe6,
+        0xe7, 0xc8, 0x44, 0x28, 0x5c, 0x3c, 0x08, 0x5f, 0x9c, 0xbc, 0x41, 0x68,
+        0x91, 0x98, 0x7a, 0x00, 0x63, 0xc9, 0x5c, 0x75, 0x8f, 0xcc, 0x33, 0x77,
+        0x7b, 0xd0, 0x2d, 0xe8, 0xa2, 0x98, 0xa4, 0x1b, 0xfa, 0x09, 0x67, 0x7b,
+        0x25, 0x96, 0x19, 0xf4, 0x77, 0x33, 0x20, 0x4f, 0x19, 0xf6, 0x9c, 0x6c,
+        0x2e, 0xd9, 0x68, 0x95, 0xb0, 0xe2, 0x18, 0x06, 0xe5, 0x84, 0x8e, 0xf7,
+        0xbf, 0x6c, 0x96, 0xa8, 0x9d, 0x37, 0xc7, 0x28, 0xa1, 0x3d, 0x90, 0x8c,
+        0x40, 0x3d, 0xe2, 0x51, 0xfd, 0x55, 0x09, 0xf8, 0x83, 0x43, 0x44, 0x4d,
+        0x1c, 0x8a, 0x8d, 0x36, 0x84, 0x64, 0xc4, 0xfa, 0x1d, 0x72, 0x04, 0x0b,
+        0x1d, 0x49, 0x13, 0x88, 0x78, 0x5f, 0x07, 0x9b, 0xc8, 0x01, 0x9c, 0x3c,
+        0xfc, 0xff, 0x0f, 0xd5, 0x13, 0xcd, 0x15, 0x98, 0xcc, 0xe6, 0x59, 0x1e,
+        0x83, 0x38, 0x8f, 0x6c, 0x75, 0xbe, 0xdf, 0xe9, 0x1b, 0xc5, 0xb9, 0x6b,
+        0xa4, 0x5a, 0x0c, 0xae, 0x98, 0x8d, 0x93, 0xfa, 0x76, 0x7f, 0x0d, 0x0b,
+        0xe8, 0xa0, 0x3b, 0x9e, 0x5e, 0xc8, 0xa8, 0xcc, 0x02, 0xc9, 0x86, 0x9c,
+        0x78, 0xaf, 0x6e, 0x6a, 0xf4, 0xfe, 0x49, 0xad, 0xc5, 0x93, 0xae, 0x62,
+        0xbd, 0xe3, 0x3a, 0xa8, 0xf2, 0x60, 0xb5, 0x29, 0xde, 0x5f, 0x12, 0x02,
+        0x2d, 0x43, 0x90, 0xf5, 0x9d, 0x9d, 0x97, 0x29, 0xfa, 0xdd, 0x60, 0x41,
+        0x64, 0xb7, 0xa5, 0x03, 0x72, 0x10, 0x2b, 0xdd, 0x5b, 0x60, 0xe6, 0xf0,
+        0xe1, 0xd7, 0xa5, 0x97, 0xec, 0xb4, 0x9a, 0x4c, 0x3e, 0x16, 0xa2, 0x82,
+        0xb3, 0xc3, 0x3f, 0x3e, 0x5d, 0x32, 0xac, 0x5a, 0x40, 0xb4, 0x00, 0xfa,
+        0xd9, 0x47, 0xe8, 0x77, 0xa8, 0x96, 0x5c, 0x60, 0x04, 0x9c, 0x5c, 0xdf,
+        0x24, 0x3b, 0xa7, 0x4a, 0x58, 0x25, 0x12, 0x9a, 0xa8, 0x7b, 0x3e, 0x14,
+        0xc8, 0x06, 0x79, 0x23, 0xea, 0x91, 0x7f, 0xe1, 0x78, 0x41, 0x6c, 0xdb,
+        0x8c, 0xeb, 0x66, 0x35, 0x87, 0x87, 0x81, 0x65, 0x2c, 0xef, 0x3a, 0x6e,
+        0xae, 0xb3, 0x6c, 0xe9, 0x86, 0x50, 0x6d, 0x89, 0xd6, 0x27, 0x0a, 0xdb,
+        0xf8, 0xd4, 0xb8, 0x85, 0x8e, 0x37, 0xa6, 0x56, 0xf7, 0x58, 0x18, 0x4c,
+        0x44, 0xcf, 0xeb, 0xc4, 0x79, 0x19, 0xfc, 0x2e, 0x53, 0x18, 0x0e, 0x7b,
+        0x51, 0x86, 0xf3, 0x59, 0x13, 0xb2, 0xaf, 0xd3, 0xee, 0xf4, 0xd5, 0xbf,
+        0x2c, 0xb8, 0x6d, 0x71, 0x74, 0x7c, 0x67, 0x54, 0xa7, 0x4b, 0x03, 0xa9,
+        0x1b, 0x62, 0x95, 0x9f, 0xc3, 0xf0, 0x71, 0x39, 0x2d, 0x26, 0xaf, 0xaf,
+        0xa7, 0xa5, 0x58, 0xf8, 0xf8, 0x8a, 0xe0, 0x62, 0x90, 0x3f, 0x72, 0x9d,
+        0x21, 0x82, 0x76, 0x3e, 0x4c, 0x5d, 0xe0, 0xb5, 0x67, 0x23, 0xe3, 0x13,
+        0x1a, 0x29, 0xa3, 0xda, 0xa4, 0xb4, 0x5c, 0x1d, 0x47, 0xdf, 0xdf, 0xc9,
+        0x93, 0x6c, 0xb2, 0xb5, 0x22, 0xb3, 0x47, 0x2b, 0xcf, 0xf0, 0x36, 0x87,
+        0x51, 0x3c, 0x79, 0x41, 0x70, 0xbd, 0xea, 0x70, 0xa2, 0x29, 0x90, 0x55,
+        0x30, 0x6f, 0x3e, 0x50, 0xc8, 0x38, 0xd6, 0xfa, 0x6f, 0xe3, 0x39, 0x67,
+        0x88, 0x52, 0x1f, 0xd3, 0x52, 0xbf, 0x3e, 0x7b, 0x2a, 0xe5, 0x1e, 0xcd,
+        0xf9, 0xf1, 0x91, 0x1d, 0x04, 0x61, 0x25, 0xbb, 0xe1, 0x33, 0xe3, 0x66,
+        0x46, 0xed, 0x06, 0x8d, 0xc3, 0x4f, 0x20, 0xc6, 0x24, 0xa7, 0xb5, 0x49,
+        0x3b, 0xc7, 0xe6, 0xa0, 0x77, 0x58, 0xd9, 0x70, 0xb1, 0xf5, 0xec, 0x94,
+        0x19, 0xf3, 0x5b, 0x0f, 0x9a, 0xe4, 0xad, 0x37, 0x81, 0xaf, 0x68, 0x7b,
+        0xe5, 0x67, 0xb5, 0xae, 0x7f, 0x2d, 0x64, 0x78, 0x68, 0x5a, 0xd1, 0x8f,
+        0x1c, 0xc0, 0xc3, 0x5b, 0x21, 0x77, 0xe4, 0xa8, 0x5d, 0x05, 0x50, 0xc1,
+        0x92, 0xee, 0x36, 0x2d, 0xd2, 0xff, 0xee, 0xc2, 0x11, 0x99, 0xee, 0xd7,
+        0x48, 0xfb, 0x6a, 0xa3, 0xc9, 0xb7, 0x0c, 0xc1, 0xe5, 0x12, 0xbf, 0x6f,
+        0x58, 0x66, 0x35, 0x34, 0x26, 0xaa, 0xbe, 0xc3, 0x33, 0x86, 0xfd, 0xc0,
+        0x1c, 0xa5, 0xe4, 0x1e, 0x91, 0xc4, 0x55, 0x4e, 0xf1, 0xcb, 0xd2, 0x0b,
+        0xe8, 0x0d, 0x89, 0x6a, 0x00, 0xbd, 0x7b, 0xf5, 0x3d, 0x1a, 0x4a, 0x48,
+        0xfc, 0xf0, 0x5b, 0xcd, 0xdb, 0xb2, 0xa0, 0x27, 0x4b, 0x8f, 0xf7, 0x87,
+        0x78, 0x13, 0xdb, 0x3f, 0xfb, 0x0b, 0xda, 0x22, 0xb3, 0x2b, 0x3a, 0x38,
+        0xd2, 0x29, 0x73, 0x77, 0xb8, 0xd6, 0xec, 0xab, 0xb4, 0xfe, 0xbe, 0xbb,
+        0x6e, 0xe2, 0xc8, 0x45, 0x7b, 0x0d, 0x36, 0x28, 0x0f, 0x45, 0x72, 0xea,
+        0x6d, 0x38, 0x02, 0x5e, 0x48, 0x89, 0x12, 0x24, 0x1b, 0x33, 0x0f, 0xe9,
+        0xf4, 0xce, 0xf8, 0x27, 0x16, 0x37, 0x29, 0xae, 0xe8, 0x22, 0x03, 0x31,
+        0xa9, 0xa0, 0x73, 0x0c, 0x40, 0xe4, 0xfc, 0x6b, 0xe2, 0x1c, 0x8d, 0x7c,
+        0x40, 0x82, 0x72, 0x28, 0xd0, 0x7d, 0xe5, 0xef, 0x05, 0x14, 0x80, 0x28,
+        0x11, 0x32, 0x0d, 0x63, 0x8a, 0xc3, 0x7c, 0xfe, 0xf5, 0x06, 0x0e, 0xb0,
+        0x78, 0x5c, 0x3a, 0xb6, 0x54, 0x37, 0x46, 0xa7, 0x43, 0x4f, 0x05, 0xec,
+        0xe4, 0x9f, 0xd8, 0x55, 0x1f, 0x70, 0xb3, 0xe6, 0xbc, 0x46, 0x34, 0x9e,
+        0xfc, 0xa4, 0x57, 0x8f, 0x0f, 0x25, 0x6f, 0x9f, 0xb3, 0x80, 0x21, 0x0b,
+        0xa1, 0xca, 0x59, 0xcd, 0x37, 0xf7, 0xc9, 0xcb, 0xbe, 0x91, 0xad, 0x07,
+        0x4f, 0xc7, 0x4e, 0x04, 0xbd, 0x38, 0x8b, 0x63, 0xb5, 0x51, 0xac, 0xc8,
+        0x83, 0x3a, 0xa7, 0xe1, 0x77, 0xbc, 0xa4, 0x0c, 0x6c, 0x50, 0xeb, 0x46,
+        0xe1, 0x45, 0x9a, 0x7b, 0x01, 0xca, 0x54, 0xf0, 0x0f, 0xa0, 0x1f, 0x43,
+        0x9a, 0x19, 0x70, 0x2e, 0x70, 0x5a, 0xcf, 0x3b, 0x1b, 0x41, 0xfd, 0xd3,
+        0x9a, 0xa2, 0x36, 0x14, 0xf0, 0xdd, 0xb0, 0x12, 0x6d, 0xcf, 0x55, 0x3f,
+        0xef, 0x0a, 0xc1, 0x80, 0xa9, 0x68, 0xc3, 0x98, 0x03, 0x46, 0x34, 0xce,
+        0x91, 0xb2, 0x7a, 0x94, 0xd2, 0xe7, 0xb9, 0x9c, 0x56, 0xb8, 0xf8, 0xd6,
+        0xff, 0xbf, 0x8b, 0x39, 0x45, 0x04, 0x45, 0xc9, 0xa2, 0xe2, 0xbb, 0x50,
+        0x68, 0x13, 0x32, 0x1e, 0x09, 0x51, 0xb7, 0xb9, 0xcf, 0x5f, 0xcc, 0x54,
+        0xd2, 0xf3, 0xc1, 0x9d, 0xa0, 0x8d, 0x22, 0xc8, 0x7e, 0x1b, 0xc6, 0x14,
+        0xde, 0x5f, 0x52, 0xb4, 0x69, 0x71, 0xca, 0x58, 0x1d, 0x1e, 0x89, 0xcb,
+        0x56, 0x78, 0x7a, 0x85, 0xee, 0xfd, 0xf6, 0x7e, 0xbe, 0x49, 0x9b, 0xb1,
+        0x05, 0x95, 0x12, 0xe9, 0x63, 0xbd, 0x61, 0x9a, 0x26, 0xf9, 0x0b, 0x9f,
+        0x23, 0x0a, 0x59, 0x55, 0x93, 0xd3, 0x2d, 0xca, 0x66, 0x45, 0x03, 0xb7,
+        0xf0, 0x88, 0x9e, 0xc1, 0x11, 0xbb, 0x62, 0x2c, 0x6f, 0xac, 0x3e, 0x87,
+        0xd7, 0xe6, 0x4a, 0x44, 0x83, 0x04, 0x5d, 0x5d, 0xbc, 0x3c, 0xce, 0x83,
+        0x2b, 0x11, 0x42, 0x02, 0x73, 0x1c, 0x24, 0x90, 0xd9, 0x1a, 0x7d, 0x96,
+        0x82, 0x33, 0x75, 0x1e, 0x59, 0xea, 0xa7, 0x99, 0xe1, 0x5b, 0xdc, 0xe4,
+        0x07, 0xc5, 0x48, 0x07, 0xb4, 0xbc, 0x80, 0x0e, 0xbd, 0x63, 0x6e, 0x66,
+        0xf1, 0x12, 0xb6, 0x67, 0xe0, 0x14, 0x74, 0x9f, 0xbb, 0xb3, 0xb8, 0x16,
+        0xd0, 0x25, 0xe9, 0x21, 0x80, 0x1a, 0x32, 0xb0, 0x58, 0x9a, 0x62, 0x17,
+        0x18, 0x9d, 0x64, 0x2d, 0x47, 0x89, 0x82, 0x3b, 0x8c, 0x5d, 0x60, 0xc4,
+        0x54, 0x69, 0xaa, 0xb4, 0x6a, 0x1d, 0x16, 0xb0, 0xe2, 0x5d, 0x7d, 0xeb,
+        0xb9, 0x80, 0x37, 0xcd, 0x5b, 0xf0, 0xa1, 0xa8, 0x39, 0xb2, 0xd6, 0x3a,
+        0xc8, 0xcd, 0xca, 0xaf, 0xcb, 0x3b, 0x54, 0xc2, 0x67, 0x49, 0xf3, 0xf1,
+        0x11, 0x4d, 0x53, 0x7c, 0x46, 0x8d, 0x22, 0xf6, 0x9a, 0x0d, 0x9e, 0xda,
+        0x37, 0xc6, 0x06, 0x00, 0xca, 0xb6, 0xb6, 0x99, 0xc5, 0xb6, 0x81, 0x7e,
+        0x87, 0x62, 0xcf, 0x07, 0x76, 0xc1, 0x5f, 0xfe, 0x86, 0xfc, 0x5b, 0xa0,
+        0xac, 0xca, 0xcb, 0x7d, 0xf5, 0x5a, 0xc2, 0x5e, 0x41, 0x48, 0x35, 0xc4,
+        0x71, 0x9d, 0xc4, 0x0a, 0x79, 0x6f, 0xe3, 0x6d, 0x47, 0xd4, 0xaa, 0xfd,
+        0x97, 0xe7, 0xb0, 0x7e, 0x61, 0xf1, 0x7d, 0x7e, 0xf8, 0x78, 0x4c, 0x2e,
+        0x65, 0x51, 0xeb, 0x99, 0xd0, 0x3e, 0x24, 0x4c, 0xe0, 0x40, 0x7e, 0x2d,
+        0xf7, 0x00, 0x9d, 0x50, 0x87, 0xce, 0x1f, 0x9a, 0xd2, 0x76, 0x00, 0x09,
+        0xeb, 0x10, 0x1b, 0x4c, 0xf1, 0x43, 0x0e, 0x35, 0xbb, 0x23, 0x2e, 0x26,
+        0x3d, 0x66, 0xa3, 0x0f, 0xf6, 0x10, 0x8b, 0x67, 0xce, 0x66, 0xfd, 0xb5,
+        0x07, 0xdc, 0x04, 0x69, 0xad, 0xe0, 0x4d, 0xdf, 0xdb, 0x2f, 0x87, 0xf7,
+        0xde, 0xc3, 0x77, 0x89, 0x71, 0xfd, 0x70, 0x38, 0xed, 0xe6, 0x27, 0xb1,
+        0xbd, 0x94, 0x5f, 0x39, 0x20, 0x72, 0x59, 0xc4, 0x39, 0xd0, 0x20, 0x5d,
+        0xe2, 0xe7, 0xe0, 0x00, 0x61, 0xc7, 0x65, 0xbd, 0xef, 0x05, 0xb3, 0xc7,
+        0x7e, 0xae, 0xc5, 0x83, 0x7f, 0xc1, 0x32, 0x4e, 0x2a, 0x17, 0x64, 0x4e,
+        0x2a, 0x9a, 0x2d, 0x26, 0x99, 0xa2, 0xd7, 0x37, 0x3a, 0x10, 0x6a, 0x89,
+        0x72, 0x43, 0x0e, 0x3a, 0x03, 0x4c, 0xf9, 0xfe, 0xe8, 0xfc, 0x87, 0x71,
+        0x37, 0x71, 0x5a, 0x05, 0xbc, 0x4e, 0x20, 0x4c, 0xd7, 0xf9, 0x8d, 0x4e,
+        0xb8, 0xb8, 0x56, 0x07, 0xc8, 0x6e, 0x34, 0x6d, 0x45, 0x83, 0x34, 0xf0,
+        0x77, 0xfb, 0x18, 0xec, 0x72, 0xf6, 0x4c, 0xfb, 0xba, 0x84, 0xe9, 0x89,
+        0x3d, 0xfd, 0xb7, 0x0d, 0x70, 0xae, 0xa4, 0x48, 0x6b, 0x39, 0xf8, 0x62,
+        0xc0, 0x7f, 0x0c, 0xf2, 0xa3, 0xfa, 0x7a, 0x64, 0x83, 0x57, 0x7d, 0x4c,
+        0x04, 0x96, 0xd7, 0x9d, 0x10, 0x8b, 0x34, 0x48, 0x17, 0xff, 0x74, 0x5c,
+        0x9c, 0xbe, 0xeb, 0xe5, 0x52, 0x94, 0x6a, 0x34, 0x6f, 0xf7, 0x95, 0x32,
+        0x38, 0x5a, 0x9b, 0x08, 0xf6, 0xda, 0x8c, 0x0f, 0x9c, 0x5d, 0x04, 0x45,
+        0xd4, 0xe9, 0xa4, 0x7a, 0xc4, 0xfd, 0x70, 0xfe, 0xa1, 0x3d, 0x21, 0xa0,
+        0x01, 0xe5, 0x21, 0xca, 0xa7, 0xd9, 0xf1, 0x9f, 0x45, 0xe1, 0xe8, 0x2d,
+        0x27, 0xe6, 0x87, 0xc8, 0x0d, 0xad, 0x13, 0xdb, 0xfe, 0x2f, 0xaa, 0x2b,
+        0xdc, 0xa6, 0x1a, 0xc9, 0x19, 0x78, 0x1a, 0x1f, 0x10, 0xcf, 0x31, 0xe1,
+        0x06, 0x28, 0x66, 0xb3, 0xa7, 0xa2, 0xa6, 0xf1, 0x3b, 0x2d, 0xd3, 0x81,
+        0xaf, 0x6f, 0xc9, 0x88, 0x76, 0xe9, 0x83, 0x6c, 0x52, 0xb9, 0x70, 0x51,
+        0x87, 0x6b, 0x8b, 0xbd, 0x5b, 0x9c, 0xa9, 0xf3, 0xcb, 0x55, 0xd1, 0x76,
+        0x40, 0xe1, 0x90, 0xb9, 0x4c, 0xbd, 0xab, 0x1d, 0xa0, 0x5b, 0x5b, 0x34,
+        0x14, 0x2f, 0x87, 0x8f, 0x63, 0xa0, 0x2d, 0x29, 0x4e, 0x50, 0x4b, 0x18,
+        0x5f, 0x86, 0xac, 0x1b, 0x93, 0xe9, 0x59, 0x38, 0xa1, 0x2a, 0x36, 0x21,
+        0xb2, 0xa4, 0xc0, 0x79, 0xc1, 0x60, 0xfc, 0x0f, 0xbf, 0x99, 0x04, 0x9d,
+        0x4b, 0x17, 0x60, 0x5b, 0xcd, 0x78, 0x03, 0xd7, 0x7c, 0x4b, 0x9b, 0x17,
+        0x58, 0x24, 0x60, 0xb8, 0x08, 0x92, 0x48, 0x4f, 0x66, 0x42, 0x9a, 0x98,
+        0x2a, 0x99, 0x9a, 0x8f, 0xdd, 0xd7, 0x09, 0xf3, 0x22, 0x66, 0x62, 0xef,
+        0xe5, 0x64, 0xd3, 0xdf, 0x31, 0xaa, 0x84, 0x4c, 0xa5, 0x3f, 0x4e, 0x27,
+        0x48, 0x37, 0x96, 0x63, 0xbf, 0x8d, 0xe1, 0xf0, 0xd1, 0xef, 0x95, 0x1a,
+        0xe6, 0xf4, 0x02, 0x61, 0xbf, 0xe3, 0xbc, 0x8b, 0x3d, 0x0b, 0x77, 0x91,
+        0xc0, 0x5d, 0xfb, 0xe6, 0x7e, 0xab, 0x5e, 0xc5, 0x1c, 0x5b, 0x16, 0xfd,
+        0x88, 0xa4, 0x78, 0x4c, 0x06, 0x77, 0xc3, 0x6e, 0x84, 0x0c, 0xda, 0xbf,
+        0xf3, 0x8e, 0xd3, 0x61, 0x65, 0xac, 0xf2, 0x18, 0x70, 0x68, 0x84, 0x6f,
+        0x9f, 0x3a, 0x94, 0x81, 0xa6, 0xc7, 0xc3, 0x92, 0xee, 0x4b, 0x20, 0x15,
+        0x4e, 0x03, 0x76, 0x51, 0x5b, 0x4e, 0xe1, 0x5c, 0x51, 0x5e, 0x1b, 0x9c,
+        0x30, 0x25, 0x79, 0xdd, 0x70, 0x12, 0xec, 0xdc, 0x45, 0x95, 0x45, 0x43,
+        0xcd, 0xbb, 0xae, 0xa0, 0x0d, 0x43, 0xb4, 0xc9, 0x8c, 0x62, 0xfd, 0x7b,
+        0xed, 0x50, 0x78, 0xb7, 0xa6, 0x94, 0xcb, 0x98, 0xb0, 0xbe, 0x09, 0xd9,
+        0x0c, 0xb2, 0xc4, 0x8b, 0x96, 0x93, 0xd9, 0x26, 0xc6, 0x6d, 0x26, 0x93,
+        0x32, 0x4e, 0x86, 0x72, 0x74, 0x92, 0x00, 0x72, 0x0b, 0x20, 0xa3, 0x2b,
+        0x94, 0xe6, 0x10, 0x56, 0x5a, 0x41, 0x71, 0x92, 0x08, 0xce, 0x6c, 0xc4,
+        0x1d, 0x9e, 0x71, 0x82, 0x64, 0x23, 0xe5, 0x15, 0xef, 0x4a, 0x7c, 0x4d,
+        0xe3, 0x92, 0xbc, 0xa3, 0xa2, 0x29, 0xb7, 0x46, 0xfa, 0x8f, 0x9f, 0xc2,
+        0x5d, 0xe4, 0xc0, 0x9c, 0x3f, 0x40, 0x17, 0xae, 0x44, 0xf3, 0x28, 0x10,
+        0x29, 0x24, 0xa9, 0x1c, 0x9e, 0xd2, 0x55, 0x4c, 0xee, 0x45, 0xfe, 0x4a,
+        0x45, 0x12, 0xf5, 0xde, 0xc7, 0x64, 0x15, 0xc3, 0x4a, 0x77, 0x63, 0x05,
+        0x8d, 0xa6, 0x31, 0xa0, 0xad, 0x64, 0xaf, 0x3c, 0x69, 0x2c, 0x25, 0x78,
+        0xae, 0xa0, 0x88, 0x96, 0x8a, 0xc2, 0x9b, 0x8d, 0xee, 0x6f, 0x2e, 0x79,
+        0x1f, 0xec, 0x32, 0x35, 0x75, 0x83, 0x19, 0x8b, 0xda, 0xca, 0xd0, 0xaf,
+        0x6a, 0x6c, 0x42, 0xe8, 0x81, 0xb5, 0x69, 0x31, 0x0b, 0x7d, 0xbc, 0xd8,
+        0xd2, 0xb7, 0x7a, 0x8f, 0xfa, 0xcf, 0x91, 0x07, 0x1f, 0xda, 0xa9, 0x1f,
+        0xb7, 0x2d, 0xff, 0x50, 0x15, 0x2a, 0xef, 0x8c, 0xa1, 0xe3, 0x7f, 0x08,
+        0x95, 0xf2, 0x99, 0x83, 0x1f, 0x97, 0x71, 0x3e, 0x35, 0x3c, 0x8c, 0xe7,
+        0x08, 0xd8, 0xa6, 0x1f, 0x0c, 0xa6, 0x52, 0xdc, 0x73, 0xa0, 0xfc, 0xd2,
+        0x73, 0xe9, 0x27, 0x9d, 0xfd, 0x7a, 0x4a, 0x29, 0xd3, 0x12, 0x26, 0x13,
+        0x0f, 0xce, 0xea, 0x56, 0x99, 0x61, 0x78, 0x47, 0x2c, 0xa0, 0x16, 0xa0,
+        0xe2, 0x64, 0x97, 0x57, 0x31, 0xf0, 0x32, 0x5b, 0x44, 0x93, 0x76, 0x8b,
+        0x59, 0x63, 0x5c, 0x5b, 0x0f, 0xe1, 0xe7, 0x74, 0x98, 0x11, 0x2d, 0x90,
+        0xe4, 0xde, 0xd4, 0x3a, 0xc2, 0xfd, 0x24, 0xe3, 0x1f, 0x7a, 0xf4, 0x40,
+        0xbb, 0x51, 0x92, 0x8f, 0x68, 0x9c, 0x51, 0xab, 0xdc, 0xf6, 0x1e, 0x96,
+        0xca, 0x56, 0x5c, 0x92, 0xca, 0xb2, 0x1b, 0x2e, 0x6d, 0x20, 0x28, 0xb3,
+        0x0a, 0x8e, 0xfd, 0xa9, 0xa2, 0x38, 0x74, 0x60, 0x37, 0xa6, 0x96, 0x02,
+        0x20, 0x8a, 0x9a, 0x2b, 0x8c, 0xb9, 0x6d, 0xec, 0xff, 0xbf, 0x88, 0xbd,
+        0x6c, 0xb4, 0x10, 0xbd, 0xfa, 0x5a, 0xeb, 0xb2, 0x6b, 0x74, 0x13, 0x2d,
+        0xa5, 0xdb, 0x60, 0x93, 0xc6, 0xed, 0x39, 0x4f, 0xc5, 0x63, 0xe1, 0x9e,
+        0x57, 0x1f, 0xe7, 0x47, 0xa4, 0xfb, 0x7f, 0xfa, 0x3a, 0x46, 0x50, 0x3a,
+        0xd8, 0xd3, 0x83, 0xf5, 0xe6, 0x5e, 0xf8, 0x09, 0x0d, 0xfa, 0x33, 0xe1,
+        0x50, 0xe4, 0x36, 0x3e, 0x0a, 0x5d, 0xe6, 0xf8, 0x2e, 0x17, 0x87, 0x8f,
+        0xe1, 0x8c, 0x82, 0x73, 0xbd, 0xdd, 0x3b, 0x77, 0x47, 0x9f, 0x42, 0xd7,
+        0xf4, 0x2d, 0x6c, 0xef, 0xcc, 0x22, 0x15, 0x3c, 0xe9, 0x26, 0xea, 0xbc,
+        0xee, 0x09, 0xd3, 0xea, 0x84, 0x0f, 0x46, 0xa8, 0xe0, 0xda, 0xc5, 0x57,
+        0x02, 0x54, 0xb6, 0x88, 0x2b, 0x37, 0xe5, 0x96, 0xc5, 0x33, 0xb7, 0x45,
+        0x5d, 0xb7, 0xc7, 0xfd, 0xa0, 0xfa, 0x85, 0x1b, 0x2f, 0xe1, 0xec, 0x89,
+        0xc6, 0xb2, 0x51, 0x71, 0xcb, 0x08, 0x82, 0x3e, 0xc9, 0xed, 0x80, 0x9d,
+        0x37, 0x31, 0x9d, 0x15, 0xde, 0x24, 0x6f, 0xbd, 0x0e, 0x73, 0xa2, 0xb8,
+        0x7e, 0x29, 0x7e, 0x96, 0xe4, 0xbb, 0xd6, 0x23, 0x17, 0xff, 0x33, 0x97,
+        0x9c, 0x87, 0xe0, 0xe5, 0x0f, 0xb9, 0xb6, 0x31, 0x33, 0xad, 0xf8, 0xd8,
+        0xdb, 0xa0, 0x71, 0x13, 0xe4, 0x1c, 0xce, 0xd0, 0x7e, 0x65, 0x7b, 0xa0,
+        0x38, 0x17, 0x53, 0x4f, 0x71, 0x75, 0x6d, 0x02, 0x61, 0xc4, 0x52, 0xf8,
+        0xe4, 0x2e, 0xbc, 0x52, 0xc1, 0xb1, 0x7e, 0x83, 0x0a, 0xa1, 0xd1, 0xcd,
+        0x2f, 0xa0, 0x30, 0xfd, 0x41, 0x86, 0x7f, 0x26, 0xd1, 0xe7, 0xfc, 0xd7,
+        0xc7, 0x37, 0xe5, 0x11, 0xa6, 0xc0, 0x9a, 0x75, 0x18, 0x04, 0x36, 0xca,
+        0x8e, 0x26, 0x7d, 0xcf, 0xa2, 0x6a, 0x94, 0x9b, 0xc4, 0xf7, 0xc7, 0xeb,
+        0x51, 0x13, 0xa3, 0x6f, 0x8c, 0x80, 0x5f, 0xae, 0xf0, 0x18, 0xa0, 0x88,
+        0xe0, 0x8d, 0xb7, 0x80, 0x4e, 0x8c, 0xec, 0xc8, 0x7b, 0xeb, 0xac, 0x29,
+        0xb7, 0x4a, 0x0f, 0x33, 0xdd, 0x9d, 0x89, 0x0a, 0x10, 0xb0, 0xce, 0x74,
+        0x59, 0xa2, 0x62, 0x91, 0xc9, 0xac, 0x56, 0xcd, 0x69, 0xd3, 0x01, 0x6d,
+        0x51, 0xe7, 0x04, 0xc3, 0xfb, 0xe9, 0x79, 0x1b, 0x72, 0x72, 0x1a, 0x90,
+        0x0a, 0x20, 0x55, 0x85, 0xc1, 0x8b, 0xeb, 0x1e, 0x9f, 0x9f, 0x4a, 0x81,
+        0x47, 0x97, 0x96, 0xbc, 0xc2, 0xe4, 0xc2, 0xfe, 0xa0, 0x20, 0xda, 0x70,
+        0x0c, 0x2b, 0xe2, 0xd4, 0xc8, 0xcb, 0x46, 0x00, 0xb6, 0x7c, 0xfb, 0xbd,
+        0x56, 0x94, 0x3d, 0x7f, 0x64, 0xf7, 0x88, 0xb5, 0xa7, 0xfe, 0xbe, 0x64,
+        0x8a, 0xe4, 0x00, 0x08, 0x82, 0x5b, 0x8f, 0x98, 0x77, 0x87, 0xda, 0xaf,
+        0x16, 0x25, 0x4a, 0x9a, 0xed, 0xfb, 0x50, 0x18, 0x45, 0x46, 0x2b, 0x73,
+        0xff, 0xb9, 0xb9, 0xab, 0xa2, 0x8f, 0x3a, 0xaf, 0xc5, 0x0a, 0x14, 0x91,
+        0xb2, 0x3f, 0xa6, 0x93, 0xf4, 0x81, 0x20, 0x77, 0xfa, 0x51, 0x79, 0x62,
+        0xe8, 0xe6, 0x89, 0x52, 0x39, 0xd5, 0x01, 0xa2, 0x87, 0xa3, 0x53, 0x74,
+        0x3c, 0x36, 0x8a, 0xc3, 0xb4, 0x44, 0x3b, 0x15, 0x21, 0xf6, 0xdc, 0x18,
+        0x02, 0xd2, 0x57, 0xe5, 0x10, 0xf0, 0x3d, 0x61, 0xa7, 0x16, 0x85, 0x6f,
+        0x71, 0x07, 0x75, 0x50, 0x4b, 0x21, 0x53, 0x47, 0x38, 0x35, 0x9e, 0xa7,
+        0xd8, 0xfd, 0x74, 0x59, 0x15, 0x32, 0x7b, 0x89, 0xd0, 0x2c, 0xd9, 0xf6,
+        0x40, 0x49, 0x79, 0xdc, 0xfb, 0x0a, 0x64, 0x59, 0x9b, 0x17, 0x47, 0x36,
+        0xcb, 0xf0, 0xc3, 0xcc, 0x14, 0x8e, 0x1f, 0xa8, 0x12, 0xaa, 0xb7, 0x6a,
+        0xba, 0x45, 0xf9, 0xc4, 0x44, 0xe7, 0xb5, 0x7c, 0xdd, 0xbe, 0x16, 0x76,
+        0x52, 0x92, 0x3d, 0x78, 0xb7, 0xec, 0x81, 0x96, 0xd8, 0x7f, 0x34, 0x2a,
+        0xa2, 0x64, 0x5f, 0xfd, 0xb1, 0x42, 0x4c, 0x79, 0x98, 0xc9, 0x17, 0x48,
+        0x74, 0x12, 0x72, 0x2c, 0xde, 0x91, 0x7e, 0xa9, 0x49, 0x2a, 0xcc, 0x5c,
+        0x60, 0x05, 0x25, 0x09, 0x72, 0x20, 0x80, 0x42, 0x7b, 0x18, 0xc2, 0xfc,
+        0x2a, 0x5e, 0x3e, 0x2d, 0x61, 0xa6, 0xf6, 0x82, 0x42, 0x83, 0x81, 0x66,
+        0x4d, 0xa6, 0xe1, 0xf9, 0xf6, 0x48, 0xd4, 0xc8, 0x69, 0xed, 0xee, 0xb5,
+        0x7a, 0xcb, 0xf6, 0x0a, 0x76, 0x0e, 0x61, 0x8b, 0xf2, 0x1a, 0x8a, 0xa7,
+        0x88, 0xb0, 0x90, 0xd5, 0x23, 0xaa, 0xe0, 0x2b, 0xd6, 0xd0, 0xef, 0x49,
+        0x13, 0x88, 0xc7, 0x50, 0xf0, 0x9e, 0xd5, 0x28, 0xe1, 0xaa, 0x1d, 0xaf,
+        0xd9, 0x73, 0xb3, 0x9e, 0xa7, 0xd8, 0xfc, 0xb9, 0x22, 0x97, 0x0e, 0x21,
+        0xa0, 0xb9, 0xf9, 0xea, 0x1e, 0x95, 0x88, 0xda, 0x85, 0x7c, 0x32, 0x7c,
+        0xbd, 0xef, 0xf8, 0x44, 0x25, 0x5f, 0x23, 0xfd, 0x14, 0x78, 0xc6, 0xdb,
+        0x86, 0xee, 0xf8, 0xda, 0xc0, 0xae, 0x92, 0x6a, 0x03, 0xa9, 0x0a, 0xee,
+        0x4a, 0x22, 0x5a, 0x6c, 0x39, 0xd3, 0x91, 0x7d, 0x91, 0x43, 0xac, 0x79,
+        0xad, 0xab, 0xb7, 0x91, 0xb1, 0x20, 0x84, 0x7f, 0x0a, 0xd7, 0xa8, 0x62,
+        0x95, 0xab, 0x04, 0xb6, 0xb2, 0xf1, 0xd4, 0xb0, 0xac, 0x52, 0x89, 0xb0,
+        0x93, 0xdf, 0xdf, 0x80, 0x26, 0x0c, 0x32, 0x31, 0xb3, 0xba, 0xa1, 0xba,
+        0x6f, 0xa3, 0x14, 0x5c, 0xfa, 0x37, 0x3b, 0x6a, 0xf2, 0xc4, 0x34, 0x27,
+        0x08, 0x1a, 0xe4, 0xfc, 0x89, 0x58, 0x79, 0x34, 0x36, 0xe4, 0xad, 0x4b,
+        0x3f, 0x57, 0x7b, 0xc1, 0x59, 0x2d, 0xb6, 0x54, 0x44, 0xbe, 0x4e, 0x5d,
+        0x0d, 0x6a, 0xf3, 0xcd, 0xbf, 0xcd, 0x4d, 0x9f, 0x9a, 0x50, 0x09, 0xa4,
+        0x6b, 0x8b, 0xb3, 0x01, 0x69, 0x6c, 0x69, 0x5d, 0x28, 0x73, 0x9e, 0xb5,
+        0xc2, 0xc7, 0x6e, 0xff, 0x4c, 0x5c, 0x6b, 0x93, 0x22, 0xc1, 0x9f, 0xa6,
+        0x71, 0xbf, 0x4d, 0x2d, 0x4e, 0x4e, 0x98, 0xa3, 0x6d, 0xab, 0x05, 0xa0,
+        0xde, 0x34, 0x41, 0x28, 0xa4, 0x38, 0x75, 0x4e, 0xdf, 0x7f, 0xc9, 0xdd,
+        0xbf, 0x5a, 0xd4, 0xcd, 0x38, 0x0c, 0x89, 0xe7, 0x0e, 0xfc, 0x0f, 0x27,
+        0x39, 0x21, 0xa4, 0xa6, 0x07, 0x7b, 0x2a, 0x13, 0x56, 0xe7, 0x4e, 0x55,
+        0x57, 0x71, 0x98, 0xb9, 0x3d, 0x59, 0xb5, 0xa8, 0x24, 0x18, 0x08, 0xa2,
+        0x6e, 0x9a, 0xe5, 0x97, 0xa7, 0x38, 0xd9, 0x43, 0x9b, 0x19, 0x17, 0x34,
+        0x03, 0xd6, 0xba, 0xe9, 0x71, 0x38, 0x26, 0x90, 0x78, 0x9e, 0x1c, 0x41,
+        0x8d, 0x60, 0xdd, 0x0e, 0x12, 0x46, 0x37, 0xb4, 0x79, 0x87, 0x33, 0x12,
+        0x24, 0xc4, 0x5a, 0x6c, 0x70, 0xa2, 0xb2, 0x58, 0xbb, 0xe7, 0xd6, 0x88,
+        0x42, 0x2d, 0x49, 0xc8, 0x67, 0x1e, 0xc5, 0xed, 0x16, 0xa8, 0x1f, 0x36,
+        0x2b, 0xfb, 0x0d, 0x51, 0x96, 0xc8, 0x78, 0xf2, 0xab, 0x82, 0xa1, 0xe2,
+        0xaf, 0x8c, 0xa4, 0x13, 0x54, 0x90, 0xf1, 0xe7, 0xbb, 0xd1, 0x09, 0x23,
+        0x76, 0x0e, 0x50, 0x32, 0xc5, 0x54, 0xbb, 0x1e, 0x12, 0x5d, 0x59, 0xf3,
+        0xe9, 0xc9, 0xa4, 0xaa, 0xbc, 0x13, 0x1d, 0xf0, 0x79, 0x54, 0xae, 0x70,
+        0xc0, 0xea, 0xcb, 0x21, 0x32, 0xe6, 0xe6, 0x8e, 0xaa, 0x51, 0x46, 0x25,
+        0x1e, 0xf1, 0x3f, 0x9f, 0xf6, 0xff, 0x19, 0x53, 0x97, 0xbc, 0xa2, 0xb6,
+        0x91, 0x59, 0x27, 0x1e, 0x39, 0x76, 0x76, 0x02, 0x0b, 0x03, 0x25, 0x6b,
+        0x00, 0x02, 0xfa, 0x7d, 0x69, 0x5e, 0xde, 0x64, 0x33, 0xbf, 0xab, 0x3e,
+        0x3f, 0x24, 0x32, 0x68, 0xbf, 0x90, 0x8f, 0x0f, 0xc5, 0x36, 0x58, 0x9e,
+        0x9b, 0x11, 0xd1, 0x2a, 0x8a, 0x0d, 0xac, 0x3a, 0x23, 0xe2, 0x8e, 0xd6,
+        0x0d, 0x4a, 0x8b, 0x45, 0x04, 0x47, 0xd9, 0x5a, 0x46, 0x6c, 0x70, 0x82,
+        0xc7, 0x81, 0x67, 0xdc, 0xa6, 0xfa, 0x6a, 0x86, 0xfd, 0x01, 0xed, 0x90,
+        0xf6, 0xe6, 0x26, 0x6d, 0xac, 0x52, 0x03, 0x4a, 0x91, 0x08, 0x7b, 0xa5,
+        0x9c, 0xca, 0xd3, 0x2d, 0x79, 0xf1, 0xed, 0xcb, 0xaa, 0x8f, 0x77, 0xc8,
+        0x17, 0xa8, 0xfb, 0x6c, 0x15, 0x62, 0xab, 0x34, 0xd1, 0xdd, 0x94, 0x3e,
+        0xd4, 0x0c, 0x47, 0xed, 0x04, 0x91, 0xd2, 0xd7, 0x98, 0xb4, 0x43, 0x57,
+        0xd1, 0x54, 0xef, 0x63, 0xba, 0xe3, 0x8a, 0x72, 0xc5, 0xb9, 0xf4, 0x30,
+        0xfa, 0x16, 0x3c, 0xe1, 0xbb, 0xbe, 0x57, 0x90, 0xb9, 0xa1, 0xa0, 0x23,
+        0xfa, 0xdd, 0xbe, 0x2f, 0xb3, 0xec, 0x41, 0x8b, 0x64, 0xeb, 0xc5, 0x41,
+        0xea, 0xa8, 0x16, 0x76, 0x6f, 0x28, 0xda, 0x2b, 0x5f, 0x03, 0x0b, 0xe8,
+        0x1c, 0x29, 0x71, 0xd8, 0x4e, 0x41, 0xdf, 0x39, 0x8e, 0x6a, 0x95, 0x79,
+        0x85, 0x9c, 0xa9, 0x79, 0xd9, 0x8f, 0x33, 0xaf, 0x15, 0x3b, 0x5a, 0x82,
+        0x56, 0x32, 0x98, 0x0c, 0xf6, 0xf6, 0x64, 0x42, 0xd4, 0x6a, 0x15, 0x0f,
+        0xb9, 0x75, 0x22, 0xbd, 0x9a, 0x58, 0xa6, 0x01, 0x3a, 0x63, 0xf0, 0x80,
+        0x78, 0x22, 0x80, 0xa0, 0x14, 0xe1, 0x37, 0x6b, 0xd4, 0x99, 0x3f, 0xc2,
+        0xba, 0x2b, 0x8f, 0xf3, 0x56, 0xc8, 0x1b, 0xe4, 0x7a, 0x5e, 0x96, 0x60,
+        0xee, 0x74, 0x54, 0xb6, 0x6d, 0x5c, 0x3d, 0x3e, 0x05, 0xf0, 0x9a, 0xf6,
+        0xcd, 0xdd, 0x06, 0xdb, 0x8c, 0x21, 0xb9, 0xf5, 0x28, 0x57, 0x9c, 0x4f,
+        0xb4, 0x08, 0xcf, 0xac, 0x6c, 0xfe, 0x30, 0xaf, 0xa2, 0xef, 0xcf, 0x93,
+        0x15, 0xdd, 0x12, 0x16, 0x19, 0x7d, 0xbc, 0x57, 0xd9, 0xce, 0xbe, 0x0e,
+        0xfc, 0xe1, 0xf0, 0x4a, 0x7c, 0xaa, 0xbf, 0x20, 0x64, 0x00, 0x34, 0x59,
+        0xed, 0xea, 0x12, 0x58, 0x46, 0x4c, 0xc6, 0x2f, 0x77, 0x62, 0x1d, 0x82,
+        0x5c, 0xe8, 0x98, 0x0d, 0xef, 0x5c, 0x0e, 0xec, 0x5d, 0x2e, 0x5f, 0xd2,
+        0x22, 0x43, 0x2d, 0xe1, 0x02, 0xd5, 0x4a, 0x0a, 0x79, 0x6f, 0xa5, 0xec,
+        0x48, 0xaa, 0xee, 0xf8, 0xe3, 0x5f, 0xdd, 0xe7, 0x26, 0x87, 0xb5, 0xc4,
+        0xcf, 0xd9, 0x7f, 0xa8, 0xaa, 0xb6, 0xbe, 0xe9, 0x02, 0x49, 0x5d, 0x5f,
+        0x81, 0x8b, 0xb9, 0xbd, 0xc0, 0xc9, 0xd5, 0xfe, 0x36, 0x3e, 0x49, 0x56,
+        0x63, 0x8b, 0xce, 0xef, 0x48, 0x6e, 0xc0, 0xd4, 0x04, 0x0c, 0x33, 0x45,
+        0x6e, 0x97, 0x9e, 0xa3, 0xae, 0xbc, 0xc2, 0xce, 0xdc, 0xe3, 0xff, 0x48,
+        0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
+        0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = {
+    0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
+    0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
+    0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2,
+    0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57,
+    0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35,
+    0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70,
+    0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94,
+    0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d,
+    0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47,
+    0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e,
+    0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4,
+    0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37,
+    0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d,
+    0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84,
+    0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a,
+    0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41,
+    0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe,
+    0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c,
+    0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8,
+    0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3,
+    0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8,
+    0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a,
+    0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb,
+    0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f,
+    0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe,
+    0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28,
+    0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80,
+    0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51,
+    0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65,
+    0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d,
+    0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95,
+    0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae,
+    0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4,
+    0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f,
+    0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0,
+    0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1,
+    0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19,
+    0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21,
+    0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd,
+    0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0,
+    0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f,
+    0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e,
+    0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab,
+    0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70,
+    0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e,
+    0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88,
+    0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff,
+    0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14,
+    0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc,
+    0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6,
+    0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f,
+    0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34,
+    0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0,
+    0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1,
+    0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e,
+    0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e,
+    0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44,
+    0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba,
+    0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3,
+    0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6,
+    0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c,
+    0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c,
+    0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a,
+    0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc,
+    0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6,
+    0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba,
+    0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b,
+    0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00,
+    0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f,
+    0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71,
+    0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf,
+    0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7,
+    0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75,
+    0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f,
+    0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d,
+    0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85,
+    0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0,
+    0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7,
+    0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b,
+    0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94,
+    0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3,
+    0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63,
+    0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69,
+    0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf,
+    0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16,
+    0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a,
+    0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0,
+    0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f,
+    0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96,
+    0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a,
+    0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87,
+    0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9,
+    0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01,
+    0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70,
+    0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b,
+    0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb,
+    0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec,
+    0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9,
+    0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d,
+    0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8,
+    0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57,
+    0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e,
+    0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb,
+    0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c,
+    0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde,
+    0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b,
+    0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53,
+    0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81,
+    0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76,
+    0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9,
+    0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9,
+    0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c,
+    0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a,
+    0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d,
+    0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde,
+    0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a,
+    0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb,
+    0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70,
+    0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25,
+    0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac,
+    0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3,
+    0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6,
+    0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f,
+    0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c,
+    0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07,
+    0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63,
+    0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a,
+    0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c,
+    0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d,
+    0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7,
+    0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74,
+    0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36,
+    0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81,
+    0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68,
+    0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40,
+    0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14,
+    0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90,
+    0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2,
+    0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d,
+    0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc,
+    0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8,
+    0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3,
+    0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c,
+    0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e,
+    0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45,
+    0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e,
+    0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1,
+    0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c,
+    0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4,
+    0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66,
+    0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58,
+    0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d,
+    0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a,
+    0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57,
+    0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9,
+    0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62,
+    0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6,
+    0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb,
+    0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9,
+    0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55,
+    0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8,
+    0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08,
+    0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18,
+    0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f,
+    0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6,
+    0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0,
+    0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1,
+    0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6,
+    0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57,
+    0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17,
+    0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48,
+    0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85,
+    0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d,
+    0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f,
+    0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88,
+    0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66,
+    0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51,
+    0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57,
+    0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98,
+    0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b,
+    0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe,
+    0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00,
+    0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32,
+    0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04,
+    0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff,
+    0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54,
+    0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65,
+    0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17,
+    0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5,
+    0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d,
+    0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72,
+    0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51,
+    0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3,
+    0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02,
+    0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c,
+    0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06,
+    0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b,
+    0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6,
+    0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44,
+    0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7,
+    0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89,
+    0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52,
+    0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1,
+    0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98,
+    0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0,
+    0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab,
+    0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab,
+    0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0,
+    0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83,
+    0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84,
+    0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b,
+    0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a,
+    0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec,
+    0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46,
+    0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5,
+    0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00,
+    0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd,
+    0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92,
+    0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6,
+    0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5,
+    0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c,
+    0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c,
+    0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57,
+    0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7,
+    0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78,
+    0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57,
+    0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04,
+    0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed,
+    0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc,
+    0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d,
+    0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71,
+    0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d,
+    0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e,
+    0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6,
+    0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7,
+    0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3,
+    0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f,
+    0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a,
+    0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6,
+    0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56,
+    0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7,
+    0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b,
+    0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d,
+    0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef,
+    0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9,
+    0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21,
+    0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0,
+    0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c,
+    0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1,
+    0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9,
+    0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90,
+    0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76,
+    0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35,
+    0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4,
+    0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb,
+    0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a,
+    0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07,
+    0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b,
+    0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc,
+    0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e,
+    0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92,
+    0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64,
+    0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12,
+    0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f,
+    0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88,
+    0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a,
+    0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20,
+    0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8,
+    0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25,
+    0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4,
+    0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d,
+    0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0,
+    0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8,
+    0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f,
+    0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0,
+    0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1,
+    0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb,
+    0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f,
+    0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e,
+    0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b,
+    0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b,
+    0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d,
+    0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d,
+    0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd,
+    0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6,
+    0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68,
+    0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38,
+    0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49,
+    0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5,
+    0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7,
+    0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81,
+    0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0,
+    0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1,
+    0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c,
+    0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad,
+    0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81,
+    0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e,
+    0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1,
+    0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56,
+    0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f,
+    0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2,
+    0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88,
+    0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6,
+    0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67,
+    0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92,
+    0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a,
+    0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75,
+    0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2,
+    0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63,
+    0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b,
+    0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86,
+    0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83,
+    0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa,
+    0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10,
+    0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5,
+    0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07,
+    0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b,
+    0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27,
+    0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21,
+    0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e,
+    0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00,
+    0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d,
+    0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55,
+    0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc,
+    0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81,
+    0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2,
+    0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb,
+    0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01,
+    0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe,
+    0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc,
+    0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f,
+    0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24,
+    0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52,
+    0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45,
+    0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c,
+    0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c,
+    0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2,
+    0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb,
+    0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b,
+    0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c,
+    0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b,
+    0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c,
+    0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe,
+    0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8,
+    0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf,
+    0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b,
+    0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40,
+    0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b,
+    0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1,
+    0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0,
+    0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe,
+    0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f,
+    0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95,
+    0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f,
+    0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b,
+    0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2,
+    0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e,
+    0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6,
+    0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d,
+    0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44,
+    0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6,
+    0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e,
+    0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11,
+    0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55,
+    0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19,
+    0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d,
+    0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e,
+    0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c,
+    0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4,
+    0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9,
+    0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78,
+    0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2,
+    0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31,
+    0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e,
+    0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12,
+    0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca,
+    0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06,
+    0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53,
+    0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a,
+    0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59,
+    0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87,
+    0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1,
+    0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a,
+    0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05,
+    0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d,
+    0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93,
+    0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83,
+    0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c,
+    0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80,
+    0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0,
+    0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e,
+    0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37,
+    0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01,
+    0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72,
+    0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae,
+    0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6,
+    0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31,
+    0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b,
+    0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a,
+    0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74,
+    0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70,
+    0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0,
+    0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00,
+    0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69,
+    0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e,
+    0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30,
+    0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80,
+    0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25,
+    0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9,
+    0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf,
+    0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47,
+    0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2,
+    0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31,
+    0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5,
+    0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86,
+    0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b,
+    0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1,
+    0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e,
+    0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e,
+    0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65,
+    0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19,
+    0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3,
+    0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24,
+    0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa,
+    0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62,
+    0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd,
+    0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70,
+    0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a,
+    0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1,
+    0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d,
+    0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b,
+    0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c,
+    0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17,
+    0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72,
+    0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7,
+    0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03,
+    0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39,
+    0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd,
+    0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd,
+    0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63,
+    0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b,
+    0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d,
+    0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2,
+    0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9,
+    0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c,
+    0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e,
+    0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde,
+    0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6,
+    0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0,
+    0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f,
+    0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e,
+    0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18,
+    0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b,
+    0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44,
+    0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf,
+    0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1,
+    0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2,
+    0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c,
+    0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38,
+    0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8,
+    0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+    0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f
+    };
+#endif
+    wc_test_ret_t ret;
+
+    ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
+        (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig,
+        (word32)sizeof(ml_dsa_87_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT,
+            ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key),
+            ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig));
+    }
+#endif
+
+    return ret;
+}
+#endif
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
+{
+    wc_test_ret_t ret;
+    dilithium_key* key;
+    byte* sig = NULL;
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    word32 sigLen;
+    byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    int res = 0;
+#endif
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    }
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (sig == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    }
+
+    ret = wc_dilithium_init(key);
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+
+    ret = wc_dilithium_set_level(key, param);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_dilithium_make_key(key, rng);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    sigLen = wc_dilithium_sig_size(key);
+    if (sigLen <= 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_dilithium_sign_msg(msg, (word32)sizeof(msg), sig, &sigLen, key,
+        rng);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res,
+        key);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    if (res != 1)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
+#endif
+#endif
+
+out:
+    wc_dilithium_free(key);
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+#endif
+
+
+#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
+    (defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_VERIFY))
+/* Tests decoding a key from DER without the security level specified */
+static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
+                                                 word32      rawKeySz,
+                                                 int         expectedLevel,
+                                                 int         isPublicOnlyKey)
+{
+    int           ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    dilithium_key *key = NULL;
+#else
+    dilithium_key key[1];
+#endif
+    byte*         der;
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+    word32        derSz;
+    word32        idx;
+#endif
+
+    /* Size the buffer to accommodate the largest encoded key size */
+    const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE;
+
+    /* Allocate DER buffer */
+    der = (byte*)XMALLOC(maxDerSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (der == NULL) {
+        return MEMORY_E;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL)
+        ret = MEMORY_E;
+#endif
+
+    /* Initialize key */
+    if (ret == 0) {
+        ret = wc_dilithium_init(key);
+    }
+
+    /* Import raw key, setting the security level */
+    if (ret == 0) {
+        ret = wc_dilithium_set_level(key, expectedLevel);
+    }
+
+    if (ret == 0) {
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_dilithium_import_public(rawKey, rawKeySz, key);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_dilithium_import_private(rawKey, rawKeySz, key);
+        }
+#endif
+    }
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+    /* Export raw key as DER */
+    if (ret == 0) {
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_Dilithium_PublicKeyToDer(key, der, maxDerSz, 1);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_Dilithium_PrivateKeyToDer(key, der, maxDerSz);
+        }
+#endif
+        if (ret >= 0) {
+            derSz = ret;
+            ret   = 0;
+        }
+    }
+
+    /* Free and reinit key to test fresh decode */
+    if (ret == 0) {
+        wc_dilithium_free(key);
+        ret = wc_dilithium_init(key);
+    }
+
+    /* First test decoding when security level is set externally */
+    if (ret == 0) {
+        ret = wc_dilithium_set_level(key, expectedLevel);
+    }
+
+    if (ret == 0) {
+        idx = 0;
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+    }
+
+    /* Free and reinit key to test fresh decode */
+    if (ret == 0) {
+        wc_dilithium_free(key);
+        ret = wc_dilithium_init(key);
+    }
+
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    /* Test decoding without setting security level - should auto-detect */
+    if (ret == 0) {
+        idx = 0;
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+    }
+
+    /* Verify auto-detected security level */
+    if (ret == 0 && key->level != expectedLevel) {
+        printf("Dilithium key decode failed to detect level.\n"
+               "\tExpected level=%d\n\tGot level=%d\n",
+               expectedLevel, key->level);
+        ret = WC_TEST_RET_ENC_NC;
+    }
+#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
+    /* Cleanup */
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    wc_dilithium_free(key);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return ret;
+}
+
+/* Test Dilithium key decoding and security level detection */
+static wc_test_ret_t dilithium_decode_test(void)
+{
+    wc_test_ret_t ret;
+    const byte*   key;
+    word32        keySz;
+
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    const int isPrvKey = 0;
+#endif
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    const int isPubKey = 1;
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    /* Test ML-DSA-44 */
+    key   = bench_dilithium_level2_key;
+    keySz = sizeof_bench_dilithium_level2_key;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    key   = bench_dilithium_level2_pubkey;
+    keySz = sizeof_bench_dilithium_level2_pubkey;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_NO_ML_DSA_44 */
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    /* Test ML-DSA-65 */
+    key   = bench_dilithium_level3_key;
+    keySz = sizeof_bench_dilithium_level3_key;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    key   = bench_dilithium_level3_pubkey;
+    keySz = sizeof_bench_dilithium_level3_pubkey;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    /* Test ML-DSA-87 */
+    key   = bench_dilithium_level5_key;
+    keySz = sizeof_bench_dilithium_level5_key;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    key   = bench_dilithium_level5_pubkey;
+    keySz = sizeof_bench_dilithium_level5_pubkey;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+
+    return ret;
+}
+#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
+        * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
+
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
+{
+    wc_test_ret_t ret;
+    WC_RNG rng;
+
+#ifndef HAVE_FIPS
+    ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
+#else
+    ret = wc_InitRng(&rng);
+#endif
+    if (ret != 0) {
+        ret = WC_TEST_RET_ENC_EC(ret);
+        return ret;
+    }
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+#ifdef WOLFSSL_WC_DILITHIUM
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ret = dilithium_param_44_vfy_test();
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    ret = dilithium_param_test(WC_ML_DSA_44, &rng);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+#ifdef WOLFSSL_WC_DILITHIUM
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ret = dilithium_param_65_vfy_test();
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    ret = dilithium_param_test(WC_ML_DSA_65, &rng);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+#ifdef WOLFSSL_WC_DILITHIUM
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ret = dilithium_param_87_vfy_test();
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    ret = dilithium_param_test(WC_ML_DSA_87, &rng);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif
+
+#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
+    (defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_VERIFY))
+    ret = dilithium_decode_test();
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
+        * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+    defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) || \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+out:
+#endif
+    wc_FreeRng(&rng);
+    return ret;
+}
+#endif /* HAVE_DILITHIUM */
+
 #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
 static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
     void *context)
@@ -36672,8 +46932,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 {
     int             i = 0;
     int             j = 0;
-    int             ret = -1;
-    int             ret2 = -1;
     XmssKey         signingKey;
     XmssKey         verifyKey;
     WC_RNG          rng;
@@ -36685,8 +46943,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
     unsigned char * old_sk = NULL;
     const char *    msg = "XMSS post quantum signature test";
     word32          msgSz = (word32) XSTRLEN(msg);
+#if WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    const char *    param = "XMSS-SHA2_10_256";
+#elif WOLFSSL_XMSS_MIN_HEIGHT <= 20
     const char *    param = "XMSSMT-SHA2_20/4_256";
+#elif WOLFSSL_XMSS_MIN_HEIGHT <= 40
+    const char *    param = "XMSSMT-SHA2_40/8_256";
+#else
+    const char *    param = "XMSSMT-SHA2_60/12_256";
+#endif
     byte *          sig = NULL;
+    int             ret2 = -1;
+    int             ret = WC_TEST_RET_ENC_NC;
+    WOLFSSL_ENTER("xmss_test");
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
@@ -36696,32 +46965,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
     ret = wc_XmssKey_Init(&signingKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Set the parameter string to the signing key, and
      * get sizes for secret key, pub key, and signature. */
     ret = wc_XmssKey_SetParamStr(&signingKey, param);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     if (pkSz != XMSS_SHA256_PUBLEN) {
-        return WC_TEST_RET_ENC_EC(pkSz);
+        ERROR_OUT(WC_TEST_RET_ENC_I(pkSz), out);
     }
 
     ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Allocate signature array. */
     sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sig == NULL) { return WC_TEST_RET_ENC_ERRNO; }
+    if (sig == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
 
     bufSz = sigSz;
 
@@ -36734,30 +47003,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 
     /* Allocate current and old secret keys.*/
     sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
+    if (sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
 
     old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (old_sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
+    if (old_sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
 
     XMEMSET(sk, 0, skSz);
     XMEMSET(old_sk, 0, skSz);
     XMEMSET(sig, 0, sigSz);
 
     ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_SetContext(&signingKey, (void *) sk);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_MakeKey(&signingKey, &rng);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Export the pub to a verify key. */
     ret = wc_XmssKey_ExportPub(&verifyKey, &signingKey);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Repeat a few times to check that:
      *   1. The secret key is mutated on each sign.
@@ -36768,15 +47037,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
         XMEMCPY(old_sk, sk, skSz);
 
         ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
-        if (sigSz != bufSz) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
+        if (sigSz != bufSz) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* Old secret key and current secret key should not match. */
         ret = XMEMCMP(old_sk, sk, skSz);
-        if (ret == 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret == 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* Flip bits in a few places throughout the signature, stepping in multiple
          * of hash size. These should all fail with -1. */
@@ -36785,9 +47054,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 
             ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if (ret2 != -1) {
+            if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
                 /* Verify passed when it should have failed. */
-                return WC_TEST_RET_ENC_I(j);
+                ERROR_OUT(WC_TEST_RET_ENC_I(j), out);
             }
 
             /* Flip this spot back. */
@@ -36795,31 +47064,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
         }
     }
 
+out:
+
     /* Cleanup everything. */
-    if (sig != NULL) {
-        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sig = NULL;
-    }
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sig = NULL;
 
-    if (sk != NULL) {
-        XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        sk = NULL;
-    }
+    XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    sk = NULL;
 
-    if (old_sk != NULL) {
-        XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        old_sk = NULL;
-    }
+    XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    old_sk = NULL;
 
     wc_XmssKey_Free(&signingKey);
+    wc_XmssKey_Free(&verifyKey);
     wc_FreeRng(&rng);
 
     return ret;
 }
 #endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/
 
-#if defined(WOLFSSL_HAVE_XMSS) && defined(WOLFSSL_XMSS_VERIFY_ONLY) && \
-    !defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \
+    WOLFSSL_XMSS_MIN_HEIGHT <= 10
 
 /* A simple xmss verify only test using:
  *   XMSS-SHA2_10_256
@@ -36832,7 +47098,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
  *   https://github.com/XMSS/xmss-reference
  * */
 
-static byte xmss_pub[XMSS_SHA256_PUBLEN] =
+static const byte xmss_pub[XMSS_SHA256_PUBLEN] =
 {
     0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96,
     0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E,
@@ -36845,7 +47111,7 @@ static byte xmss_pub[XMSS_SHA256_PUBLEN] =
     0xC9,0xB7,0x39,0x4E
 };
 
-static byte xmss_msg[32] =
+static /* not const */ byte xmss_msg[32] =
 {
     0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF,
     0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4,
@@ -36855,7 +47121,7 @@ static byte xmss_msg[32] =
 
 /* This was actually the 5th signature produced from
  * xmss_fast test in xmss-reference. */
-static byte xmss_sig[2500] =
+static /* not const */ byte xmss_sig[2500] =
 {
     0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA,
     0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11,
@@ -37174,13 +47440,19 @@ static byte xmss_sig[2500] =
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 {
-    int          ret = -1;
-    int          ret2 = -1;
-    int          j = 0;
-    XmssKey      verifyKey;
-    word32       pkSz = 0;
-    word32       sigSz = 0;
-    const char * param = "XMSS-SHA2_10_256";
+    XmssKey       verifyKey;
+    unsigned char pub_raw[XMSS_SHA256_PUBLEN];
+    word32        pub_len = sizeof(pub_raw);
+    word32        pkSz  = 0;
+    word32        sigSz = 0;
+    const char *  param = "XMSS-SHA2_10_256";
+    int           j     = 0;
+    int           ret2  = WC_TEST_RET_ENC_NC;
+    int           ret   = WC_TEST_RET_ENC_NC;
+    int           n_diff = 0;
+    WOLFSSL_ENTER("xmss_test_verify_only");
+
+    XMEMSET(pub_raw, 0, sizeof(pub_raw));
 
     ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
@@ -37218,13 +47490,34 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
         return WC_TEST_RET_ENC_EC(ret);
     }
 
+    /* Now test the ExportPubRaw API, verify we recover the original pub. */
+    ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
+    if (ret != 0) {
+        printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+
+    if (pub_len != XMSS_SHA256_PUBLEN) {
+        printf("error: xmss pub len %u, expected %d\n", pub_len,
+               XMSS_SHA256_PUBLEN);
+        return WC_TEST_RET_ENC_EC(pub_len);
+    }
+
+    n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
+
+    if (n_diff != 0) {
+        printf("error: exported and imported pub raw do not match: %d\n",
+               n_diff);
+        return WC_TEST_RET_ENC_EC(n_diff);
+    }
+
     /* Flip bits in message. This should fail. */
     xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
     ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                              (byte *) xmss_msg, sizeof(xmss_msg));
-    if (ret2 != -1) {
+    if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
         printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
-        return WC_TEST_RET_ENC_EC(ret);
+        return WC_TEST_RET_ENC_EC(ret2);
     }
 
     /* Flip it back. This should pass again. */
@@ -37243,7 +47536,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 
         ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                                  (byte *) xmss_msg, sizeof(xmss_msg));
-        if (ret2 != -1) {
+        if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -37257,8 +47550,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 
     return ret;
 }
-#endif /* if defined(WOLFSSL_HAVE_XMSS) && defined(WOLFSSL_XMSS_VERIFY_ONLY) &&
-        *    !defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK &&
+        * WOLFSSL_XMSS_MIN_HEIGHT <= 10 */
 
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
@@ -37281,14 +47574,18 @@ static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
 
 /* LMS signature sizes are a function of their parameters. This
  * test has a signature of 8688 bytes. */
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #define WC_TEST_LMS_SIG_LEN (8688)
+#else
+#define WC_TEST_LMS_SIG_LEN (4984)
+#endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 {
     int           i = 0;
     int           j = 0;
-    int           ret = -1;
-    int           ret2 = -1;
+    int           ret = WC_TEST_RET_ENC_NC;
+    int           ret2 = WC_TEST_RET_ENC_NC;
     int           sigsLeft = 0;
     LmsKey        signingKey;
     LmsKey        verifyKey;
@@ -37299,7 +47596,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
     unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    byte *        sig = XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
+    byte *        sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
                                 DYNAMIC_TYPE_TMP_BUFFER);
     if (sig == NULL) {
         return WC_TEST_RET_ENC_ERRNO;
@@ -37307,17 +47604,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 #else
     byte          sig[WC_TEST_LMS_SIG_LEN];
 #endif
+    WOLFSSL_ENTER("lms_test");
 
     XMEMSET(priv, 0, sizeof(priv));
     XMEMSET(old_priv, 0, sizeof(old_priv));
     XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN);
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&signingKey, 0, sizeof(signingKey));
+    XMEMSET(&verifyKey, 0, sizeof(verifyKey));
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
 #else
     ret = wc_InitRng(&rng);
 #endif
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
    /* This test:
     * levels: 1
@@ -37329,37 +47630,37 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     */
 
     ret = wc_LmsKey_Init(&signingKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetContext(&signingKey, (void *) priv);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_MakeKey(&signingKey, &rng);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     XMEMCPY(old_priv, priv, sizeof(priv));
 
     ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     if (sigSz != WC_TEST_LMS_SIG_LEN) {
-        printf("error: got %d, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
-        return WC_TEST_RET_ENC_EC(sigSz);
+        printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
+        ERROR_OUT(WC_TEST_RET_ENC_I(sigSz), out);
     }
 
     /* 2 ** 5 should be the max number of signatures */
@@ -37367,23 +47668,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
         /* We should have remaining signstures. */
         sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
         if (sigsLeft == 0) {
-            return WC_TEST_RET_ENC_EC(sigsLeft);
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 
         /* Sign with key. The private key will be updated on every signature. */
         ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* The updated private key should not match the old one. */
         if (XMEMCMP(old_priv, priv, sizeof(priv)) == 0) {
             printf("error: current priv key should not match old: %d\n", i);
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
 
         XMEMCPY(old_priv, priv, sizeof(priv));
 
         ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* Flip bits in a few places throughout the signature, stepping in multiple
          * of hash size. These should all fail with -1. */
@@ -37392,9 +47693,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 
             ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if (ret2 != -1) {
+            if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
                 /* Verify passed when it should have failed. */
-                return WC_TEST_RET_ENC_I(j);
+                ERROR_OUT(WC_TEST_RET_ENC_I(j), out);
             }
 
             /* Flip this spot back. */
@@ -37405,21 +47706,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     /* This should be the last signature. */
     sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
     if (sigsLeft != 0) {
-        return WC_TEST_RET_ENC_EC(sigsLeft);
+        ERROR_OUT(WC_TEST_RET_ENC_I(sigsLeft), out);
     }
 
+out:
+
     wc_LmsKey_Free(&signingKey);
     wc_LmsKey_Free(&verifyKey);
 
     wc_FreeRng(&rng);
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }
 
 #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
-#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) && \
-    !defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
+#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+     !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
 
 /* A simple LMS verify only test.
  *
@@ -37441,7 +47749,7 @@ static byte lms_msg[28] =
     0x61,0x67,0x65,0x21
 };
 
-static byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
+static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
 {
     0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06,
     0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8,
@@ -37643,16 +47951,22 @@ static byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] =
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
 {
-    int    ret = -1;
-    int    ret2 = -1;
-    int    j = 0;
-    LmsKey verifyKey;
-    word32 sigSz = 0;
-    word32 msgSz = sizeof(lms_msg);
-    word32 pubLen = 0;
-    int    levels = 0;
-    int    height = 0;
-    int    winternitz = 0;
+    LmsKey        verifyKey;
+    unsigned char pub_raw[HSS_MAX_PUBLIC_KEY_LEN];
+    word32        pub_len = sizeof(pub_raw);
+    word32        sigSz = 0;
+    word32        msgSz = sizeof(lms_msg);
+    word32        pubSz = 0;
+    int           levels = 0;
+    int           height = 0;
+    int           winternitz = 0;
+    int           ret = WC_TEST_RET_ENC_NC;
+    int           ret2 = WC_TEST_RET_ENC_NC;
+    int           j = 0;
+    int           n_diff = 0;
+    WOLFSSL_ENTER("lms_test_verify_only");
+
+    XMEMSET(pub_raw, 0, sizeof(pub_raw));
 
     ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
@@ -37671,22 +47985,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     if (levels != 1 || height != 10 || winternitz != 8) {
         printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height,
                winternitz);
-        return -1;
+        return WC_TEST_RET_ENC_NC;
     }
 
-    ret = wc_LmsKey_GetPubLen(&verifyKey, &pubLen);
+    ret = wc_LmsKey_GetPubLen(&verifyKey, &pubSz);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
-    if (pubLen != HSS_MAX_PUBLIC_KEY_LEN) {
-        printf("error: got %d, expected %d\n", pubLen, HSS_MAX_PUBLIC_KEY_LEN);
-        return WC_TEST_RET_ENC_EC(pubLen);
+    if (pubSz != HSS_MAX_PUBLIC_KEY_LEN) {
+        printf("error: got %u, expected %d\n", pubSz, HSS_MAX_PUBLIC_KEY_LEN);
+        return WC_TEST_RET_ENC_EC(pubSz);
     }
 
     ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
     if (sigSz != LMS_L1H10W8_SIGLEN) {
-        printf("error: got %d, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
+        printf("error: got %u, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
         return WC_TEST_RET_ENC_EC(sigSz);
     }
 
@@ -37697,11 +48011,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
         return WC_TEST_RET_ENC_EC(ret);
     }
 
+    /* Now test the ExportPubRaw API, verify we recover the original pub. */
+    ret = wc_LmsKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
+    if (ret != 0) {
+        printf("error: wc_LmsKey_ExportPubRaw returned %d, expected 0\n", ret);
+        return WC_TEST_RET_ENC_EC(ret);
+    }
+
+    if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
+        printf("error: LMS pub len %u, expected %d\n", pub_len,
+               HSS_MAX_PUBLIC_KEY_LEN);
+        return WC_TEST_RET_ENC_EC(pub_len);
+    }
+
+    n_diff = XMEMCMP(pub_raw, lms_L1H10W8_pub, sizeof(lms_L1H10W8_pub));
+
+    if (n_diff != 0) {
+        printf("error: exported and imported pub raw do not match: %d\n",
+               n_diff);
+        return WC_TEST_RET_ENC_EC(n_diff);
+    }
+
     /* Flip bits in message. This should fail. */
     lms_msg[msgSz / 2] ^= 1;
     ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
                             (byte *) lms_msg, msgSz);
-    if (ret2 != -1) {
+    if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
         printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret);
     }
@@ -37723,7 +48058,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
         ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
                                 LMS_L1H10W8_SIGLEN,
                                 (byte *) lms_msg, msgSz);
-        if (ret2 != -1) {
+        if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -37736,8 +48071,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     return ret;
 }
 
-#endif /* if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) &&
-        *    !defined(WOLFSSL_SMALL_STACK) */
+#endif
+#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
 
 static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point --
                                               * see print_fiducials() below.
@@ -37758,17 +48093,17 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
     word32 sigSz;
 
     ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeEccsiKey(NULL);
@@ -37779,373 +48114,373 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeEccsiKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiKey(NULL, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key set */
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key set */
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, pvt, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, NULL, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key created so no curve information. */
     ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportEccsiKey(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiKey(key, NULL, &sz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiKey(key, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiKey(NULL, data, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
             &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiHash(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiHash(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiHash(NULL, hash, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiPair(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* Key not set. */
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
             &sigSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
             &valid);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiPair(key, ssk, pvt);
@@ -38154,7 +48489,7 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
     /* Identity hash not set. */
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
             &sigSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeEccsiKey(key);
@@ -38269,7 +48604,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 
     ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32 * 3)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -38289,7 +48624,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -38306,7 +48641,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32 * 2)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -38354,7 +48689,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     word32 sz;
 
     ret = wc_ExportEccsiKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 3)
         return WC_TEST_RET_ENC_NC;
@@ -38365,7 +48700,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 3)
         return WC_TEST_RET_ENC_NC;
@@ -38378,7 +48713,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32)
         return WC_TEST_RET_ENC_NC;
@@ -38389,7 +48724,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32)
         return WC_TEST_RET_ENC_NC;
@@ -38412,7 +48747,7 @@ static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
     word32 sz;
 
     ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 2)
         return WC_TEST_RET_ENC_NC;
@@ -38508,7 +48843,7 @@ static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RN
 #ifdef WOLFSSL_SHA384
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
             &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
@@ -38536,7 +48871,7 @@ static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RN
 
     ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
             &sigSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sigSz != 129)
         return WC_TEST_RET_ENC_NC;
@@ -38653,6 +48988,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void)
     EccsiKey* pub  = NULL;
     mp_int* ssk    = NULL;
     ecc_point* pvt = NULL;
+    WOLFSSL_ENTER("eccsi_test");
 
     priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -38767,10 +49103,10 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
     word32 len;
 
     ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeSakkeKey(NULL);
@@ -38783,386 +49119,386 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkeKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeKey(NULL, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkePublicKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePublicKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePublicKey(NULL, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(key, id, 1, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkeKey(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkeKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkeKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkeKey(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeKey(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeKey(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePrivateKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePrivateKey(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePrivateKey(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     sz = sizeof(data);
     ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkeRsk(NULL, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(key, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(NULL, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(key, data, 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     len--;
     ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GetSakkeAuthSize(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkeAuthSize(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkeAuthSize(NULL, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkePointITable(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(key, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     len--;
     ret = wc_GenerateSakkePointITable(key, data, &len);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkePointITable(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(key, data, 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ClearSakkePointITable(NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GetSakkePointI(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkePointI(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkePointI(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     sz = 1;
     ret = wc_GetSakkePointI(key, data, &sz);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     sz = 256;
     ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeIdentity(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ssvSz = sizeof(ssv);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, &authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeRsk(key, NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ssvSz = sizeof(ssv);
     authSz = sizeof(auth);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeIdentity(key, id, 1);
@@ -39170,7 +49506,7 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(key, id, 0);
     if (ret != 0)
@@ -39181,7 +49517,7 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeSakkeKey(key);
@@ -39353,7 +49689,7 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     iTableLen = 0;
     ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (iTableLen != 0) {
         iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -39365,7 +49701,7 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
     }
     len = 0;
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (len > 0) {
         table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -39393,10 +49729,8 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     /* Dispose of tables */
-    if (iTable != NULL)
-        XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (table != NULL)
-        XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     /* Make sure the key public key is exportable - convert to Montgomery form
      * in Validation.
@@ -39465,12 +49799,12 @@ static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key)
         0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
         0x33, 0x00
     };
-    static word32 idSz = sizeof(id);
+    static const word32 idSz = sizeof(id);
     byte ssv[] = {
         0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
         0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
     };
-    static word16 ssvSz = sizeof(ssv);
+    static const word16 ssvSz = sizeof(ssv);
     static const byte expAuth[] = {
         0x04,
         0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
@@ -39559,7 +49893,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkeKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 384)
         return WC_TEST_RET_ENC_NC;
@@ -39586,7 +49920,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 128)
         return WC_TEST_RET_ENC_NC;
@@ -39612,7 +49946,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 256)
         return WC_TEST_RET_ENC_NC;
@@ -39698,7 +50032,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
     word32 sz;
 
     ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (ssvSz != 16)
         return WC_TEST_RET_ENC_NC;
@@ -39724,7 +50058,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
 
     ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             NULL, &authSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (authSz != 257)
         return WC_TEST_RET_ENC_NC;
@@ -39743,7 +50077,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_GetSakkePointI(pub, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 256)
         return WC_TEST_RET_ENC_NC;
@@ -39784,7 +50118,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
     ssv[0] ^= 0x80;
     ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != SAKKE_VERIFY_FAIL_E)
+    if (ret != WC_NO_ERR_TRACE(SAKKE_VERIFY_FAIL_E))
         return WC_TEST_RET_ENC_EC(ret);
     ssv[0] ^= 0x80;
 
@@ -39808,6 +50142,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
     SakkeKey* pub  = NULL;
     SakkeKey* key  = NULL;
     ecc_point* rsk = NULL;
+    WOLFSSL_ENTER("sakke_test");
 
     priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -39890,8 +50225,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
     }
     if (rng_inited)
         wc_FreeRng(&rng);
-    if (key != NULL)
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (pub != NULL) {
         wc_FreeSakkeKey(pub);
         XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -40040,26 +50374,26 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
     const CMAC_Test_Case testCases[] =
     {
 #ifdef WOLFSSL_AES_128
-        {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE},
 #endif
 #ifdef WOLFSSL_AES_192
-        {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, WC_AES_BLOCK_SIZE},
 #endif
 #ifdef WOLFSSL_AES_256
-        {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, WC_AES_BLOCK_SIZE},
 #endif
 #ifdef WOLFSSL_AES_128
-        {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
+        {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, WC_AES_BLOCK_SIZE}
 #endif
     };
 
@@ -40068,10 +50402,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
 #else
     Cmac cmac[1];
 #endif
-    byte tag[AES_BLOCK_SIZE];
+    byte tag[WC_AES_BLOCK_SIZE];
     const CMAC_Test_Case* tc;
     word32 i, tagSz;
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("cmac_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
@@ -40083,7 +50418,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
          i++, tc++) {
 
         XMEMSET(tag, 0, sizeof(tag));
-        tagSz = AES_BLOCK_SIZE;
+        tagSz = WC_AES_BLOCK_SIZE;
 
 #if !defined(HAVE_FIPS) || \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
@@ -40113,21 +50448,47 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
         ret = wc_CmacFinal(cmac, tag, &tagSz);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
+        if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
+        ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
+                               tc->k, tc->kSz, NULL, devId);
+#else
         ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
                                tc->k, tc->kSz);
+#endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
+        if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
+        ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
+                             tc->k, tc->kSz, HEAP_HINT, devId);
+#else
         ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
                              tc->k, tc->kSz);
+#endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
+        /* Test that keyless generate with init is the same */
+        XMEMSET(tag, 0, sizeof(tag));
+        tagSz = sizeof(tag);
+        ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+        ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
+                NULL, 0, HEAP_HINT, devId);
+        if (ret != 0) {
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+#endif
+
     }
 
     ret = 0;
@@ -40135,14 +50496,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (cmac)
-        XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
+    XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
 #endif
 
     return ret;
 }
 
-#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* !NO_AES && WOLFSSL_CMAC */
 
 #if defined(WOLFSSL_SIPHASH)
 
@@ -40370,12 +50730,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
     unsigned char res[SIPHASH_MAC_SIZE_16];
     unsigned char tmp[SIPHASH_MAC_SIZE_8];
     SipHash siphash;
+    WOLFSSL_ENTER("siphash_test (1)");
 
     for (i = 0; i < 64; i++) {
         ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_SipHashUpdate(&siphash, siphash_msg, i);
+        ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
         ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
@@ -40383,7 +50744,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
             return WC_TEST_RET_ENC_I(i);
         if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_8);
+        ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_8);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
         if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
@@ -40393,7 +50754,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
         ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_SipHashUpdate(&siphash, siphash_msg, i);
+        ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
         ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
@@ -40401,63 +50762,65 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
             return WC_TEST_RET_ENC_I(i);
         if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
             return WC_TEST_RET_ENC_I(i);
-        ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_16);
+        ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_16);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
         if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
             return WC_TEST_RET_ENC_I(i);
     }
+#else
+    WOLFSSL_ENTER("siphash_test (1)");
 #endif
 
     /* Testing bad parameters. */
     ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, siphash_key, 7);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashUpdate(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashUpdate(&siphash, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Test cache with multiple non blocksize bytes */
@@ -40729,6 +51092,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
     word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
     byte *c;
     byte *d;
+    WOLFSSL_ENTER("compress_test");
 
     c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -40787,8 +51151,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
     ret = 0; /* success */
 
 exit:
-    if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -41158,14 +51522,16 @@ static const byte asnDataOid[] = {
  * OtherRecipientInfo.
  *
  * Returns 0 on success, negative upon error. */
-static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
+static int myOriEncryptCb(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
                           word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
                           void* ctx)
 {
     int i;
 
     /* make sure buffers are large enough */
-    if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType)))
+    if (*oriValueSz < (2 + cekSz))
+        return WC_TEST_RET_ENC_NC;
+    if (*oriTypeSz < sizeof(asnDataOid))
         return WC_TEST_RET_ENC_NC;
 
     /* our simple encryption algorithm will be take the bitwise complement */
@@ -41193,7 +51559,7 @@ static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
  * in decrypting the encrypted CEK.
  *
  * Returns 0 on success, negative upon error. */
-static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+static int myOriDecryptCb(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
                           byte* oriValue, word32 oriValueSz, byte* decryptedKey,
                           word32* decryptedKeySz, void* ctx)
 {
@@ -41227,7 +51593,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC)
 /* returns 0 on success */
-static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
+static int myDecryptionFunc(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
         byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
         byte* in, int inSz, byte* out, void* usrCtx)
 {
@@ -41276,7 +51642,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
     /* if needing to find keyIdSz can call with NULL */
     ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
             &keyIdSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         printf("Unexpected error %d when getting keyIdSz\n", ret);
         printf("Possibly no KEY ID attribute set\n");
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -41324,13 +51690,13 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
     switch (encryptOID) {
     #ifdef WOLFSSL_AES_256
         case AES256CBCb:
-            if ((keySz != 32 ) || (ivSz  != AES_BLOCK_SIZE))
+            if ((keySz != 32 ) || (ivSz  != WC_AES_BLOCK_SIZE))
                 WARNING_OUT(BAD_FUNC_ARG, out);
             break;
     #endif
     #ifdef WOLFSSL_AES_128
         case AES128CBCb:
-            if ((keySz != 16 ) || (ivSz  != AES_BLOCK_SIZE))
+            if ((keySz != 16 ) || (ivSz  != WC_AES_BLOCK_SIZE))
                 ERROR_OUT(BAD_FUNC_ARG, out);
             break;
     #endif
@@ -41342,9 +51708,9 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
 
     ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION);
         if (ret == 0)
-            ret = wc_AesCbcDecrypt(aes, out, in, inSz);
+            ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz);
         wc_AesFree(aes);
     }
 
@@ -41376,7 +51742,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 
     byte   *enveloped = NULL;
     byte   *decoded = NULL;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef ECC_TIMING_RESISTANT
     WC_RNG rng;
 #endif
@@ -41394,7 +51760,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
     !defined(NO_SHA)
@@ -41759,7 +52125,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 
         /* decode envelopedData */
         pkcs7->contentOID = 0;
-        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
+        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, (word32)envelopedSz,
                                                  decoded, PKCS7_BUF_SIZE);
         if (pkcs7->contentOID != testVectors[i].contentOID ||
             decodedSz <= 0) {
@@ -41779,7 +52145,9 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
             for (z = 0; z < envelopedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
                                                  decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -41829,12 +52197,9 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     (void)rsaPrivKeySz;
 
   out:
-    if (testVectors)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (enveloped)
-        XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -41853,6 +52218,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void)
     byte* eccPrivKey = NULL;
     word32 eccCertSz    = 0;
     word32 eccPrivKeySz = 0;
+    WOLFSSL_ENTER("pkcs7enveloped_test");
 
 #ifndef NO_RSA
     /* read client RSA cert and key in DER format */
@@ -41996,7 +52362,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     byte   *enveloped = NULL;
     byte   *decoded = NULL;
     WC_RNG rng;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  pkcs7File;
 #endif
@@ -42027,7 +52393,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
     /* encryption key for kekri recipient types */
@@ -42126,12 +52492,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
         #endif
-    #else /* NO_AES || !HAVE_AESGCM */
+    #else
         (void)rsaCert;
         (void)rsaCertSz;
         (void)rsaPrivKey;
         (void)rsaPrivKeySz;
-    #endif /* NO_AES || !HAVE_AESGCM */
+    #endif /* !NO_AES && !HAVE_AESGCM */
 #endif
 
         /* key agreement key encryption technique*/
@@ -42213,7 +52579,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
         #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
-    #endif /* NO_AES */
+    #endif /* !NO_AES && HAVE_AESGCM */
 #endif
 
         /* kekri (KEKRecipientInfo) recipient types */
@@ -42467,7 +52833,9 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
             for (z = 0; z < envelopedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
                         enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -42482,7 +52850,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
         /* decode envelopedData */
         decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
-                                                     envelopedSz, decoded,
+                                                     (word32)envelopedSz, decoded,
                                                      PKCS7_BUF_SIZE);
         if (decodedSz <= 0) {
             wc_PKCS7_Free(pkcs7);
@@ -42536,12 +52904,9 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
 
   out:
-    if (testVectors)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (enveloped)
-        XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -42559,6 +52924,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
     byte* eccPrivKey = NULL;
     word32 eccCertSz    = 0;
     word32 eccPrivKeySz = 0;
+    WOLFSSL_ENTER("pkcs7authenveloped_test");
 
 #ifndef NO_RSA
     /* read client RSA cert and key in DER format */
@@ -42649,7 +53015,7 @@ static const byte p7AltKey[] = {
     0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
 };
 
-static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
+static int myCEKwrapFunc(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
         word32 keyIdSz, byte* orginKey, word32 orginKeySz,
         byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
 {
@@ -42693,7 +53059,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
 
 
 /* returns key size on success */
-static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
+static wc_test_ret_t getFirmwareKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     wc_test_ret_t ret;
     word32 atrSz;
@@ -42710,7 +53076,7 @@ static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
     /* find keyID in fwWrappedFirmwareKey */
     ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
             sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
-    if (ret == LENGTH_ONLY_E) {
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         XMEMSET(atr, 0, sizeof(atr));
         ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
                 sizeof(fwWrappedFirmwareKey), atr, &atrSz);
@@ -42719,7 +53085,7 @@ static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
         /* keyIdRaw[1] Length */
 
         if (ret > 0) {
-            PKCS7* envPkcs7;
+            wc_PKCS7* envPkcs7;
 
             envPkcs7 = wc_PKCS7_New(NULL, 0);
             if (envPkcs7 == NULL) {
@@ -42752,7 +53118,7 @@ static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
         word32 outSz)
 {
     wc_test_ret_t ret;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
     WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
 
     pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
@@ -42801,7 +53167,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp
 {
     wc_test_ret_t ret;
     int attribNum = 1;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 
     /* KEY ID
      * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
@@ -42837,7 +53203,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp
         if (ret <= 0) {
             return ret;
         }
-        attribs[1].valueSz = (int)ret;
+        attribs[1].valueSz = (word32)ret;
         attribNum++;
     }
 
@@ -42864,13 +53230,13 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp
         ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
                 encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
                 (byte*)data, sizeof(data), NULL, 0,
-                attribs, attribNum, out, *outSz);
+                attribs, (word32)attribNum, out, *outSz);
     }
     else {
         ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
                 encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
                 (byte*)data, sizeof(data), NULL, 0,
-                attribs, attribNum, out, *outSz);
+                attribs, (word32)attribNum, out, *outSz);
     }
     if (ret <= 0) {
         printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
@@ -42879,7 +53245,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp
         return WC_TEST_RET_ENC_EC(ret);
 
     } else {
-        *outSz = (int)ret;
+        *outSz = (word32)ret;
     }
 
     wc_PKCS7_Free(pkcs7);
@@ -42895,7 +53261,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 {
     wc_test_ret_t ret = 0;
     int usrCtx = 1; /* test value to pass as user context to callback */
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
     byte*  sid = NULL;
     word32 sidSz;
     byte key[256];
@@ -42930,7 +53296,8 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 #endif /* !NO_SHA */
     };
 
-    decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    decoded = (byte *)XMALLOC((word32)decodedSz, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
     if (decoded == NULL) {
         ret = MEMORY_E;
         goto out;
@@ -42955,7 +53322,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 
     /* Get size of SID and print it out */
     ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         goto out;
 
     sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -42979,7 +53346,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
         if (ret < 0)
             goto out;
         pkcs7->encryptionKey = key;
-        pkcs7->encryptionKeySz = (int)ret;
+        pkcs7->encryptionKeySz = (word32)ret;
     }
     else {
         decodedSz = PKCS7_BUF_SIZE;
@@ -42993,7 +53360,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
     }
 
     decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
-            pkcs7->contentSz, decoded, decodedSz);
+            pkcs7->contentSz, decoded, (word32)decodedSz);
     if (decodedSz < 0) {
         ret = decodedSz;
         goto out;
@@ -43003,12 +53370,10 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 
   out:
 
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (pkcs7)
         wc_PKCS7_Free(pkcs7);
-    if (sid)
-        XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -43020,6 +53385,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
     wc_test_ret_t ret = 0;
     word32 derSz;
     byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    WOLFSSL_ENTER("pkcs7callback_test");
 
     if (! derBuf)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -43064,8 +53430,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
     ret = 0;
 
   out:
-    if (derBuf)
-        XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -43090,8 +53455,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
 {
     wc_test_ret_t ret = 0;
     int i, testSz;
-    int encryptedSz, decodedSz, attribIdx;
-    PKCS7* pkcs7;
+    int encryptedSz, decodedSz;
+    word32 attribIdx;
+    wc_PKCS7* pkcs7;
     byte  *encrypted;
     byte  *decoded;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
@@ -43144,8 +53510,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     /* Attribute example from RFC 4134, Section 7.2
      * OID = 1.2.5555
      * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
-    static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
-    static byte genAttr[] = { 0x04, 47,
+    static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
+    static const byte genAttr[] = { 0x04, 47,
                               0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
                               0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
                               0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
@@ -43153,8 +53519,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
                               0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
                               0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
 
-    static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
-    static byte genAttr2[] = { 0x04, 47,
+    static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
+    static const byte genAttr2[] = { 0x04, 47,
                               0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
                               0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
                               0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
@@ -43216,6 +53582,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     #endif
 #endif /* !NO_AES && HAVE_AES_CBC */
     };
+    WOLFSSL_ENTER("pkcs7encrypted_test");
 
     encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -43255,7 +53622,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
             for (z = 0; z < encryptedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
                                                  decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -43268,7 +53637,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
             }
         }
 #endif
-        decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
+        decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
                                                  decoded, PKCS7_BUF_SIZE);
         if (decodedSz <= 0){
             wc_PKCS7_Free(pkcs7);
@@ -43333,10 +53702,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
     }
 
   out:
-    if (encrypted)
-        XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -43359,7 +53726,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
     wc_test_ret_t ret = 0;
     int i, testSz;
     int compressedSz, decodedSz;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte  *compressed;
     byte  *decoded;
@@ -43392,6 +53759,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
         ERROR_OUT(MEMORY_E, out);
     }
 #endif
+    WOLFSSL_ENTER("pkcs7compressed_test");
 
     testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
 
@@ -43458,10 +53826,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (compressed)
-        XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (decoded)
-        XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -43487,12 +53853,12 @@ typedef struct {
     word32       signedAttribsSz;
     const char*  outFileName;
     int          contentOID;
-    byte*        contentType;
+    const byte*  contentType;
     word32       contentTypeSz;
     int          sidType;
     int          encryptOID;   /* for single-shot encrypt alg OID */
     int          encCompFlag;  /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
-    byte*        encryptKey;   /* for single-shot, encryptedData */
+    const byte*  encryptKey;   /* for single-shot, encryptedData */
     word32       encryptKeySz; /* for single-shot, encryptedData */
     PKCS7Attrib* unprotectedAttribs;   /* for single-shot, encryptedData */
     word32       unprotectedAttribsSz; /* for single-shot, encryptedData */
@@ -43516,7 +53882,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
     byte*  out = NULL;
     word32 outSz;
     WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  file;
 #endif
@@ -43526,24 +53892,24 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         0x72,0x6c,0x64
     };
 
-    static byte transIdOid[] =
+    static const byte transIdOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x07 };
-    static byte messageTypeOid[] =
+    static const byte messageTypeOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x02 };
-    static byte senderNonceOid[] =
+    static const byte senderNonceOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x05 };
 #ifndef NO_SHA
-    static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
+    byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
 #else
-    static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
+    byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
 #endif
-    static byte messageType[] = { 0x13, 2, '1', '9' };
-    static byte senderNonce[PKCS7_NONCE_SZ + 2];
+    static const byte messageType[] = { 0x13, 2, '1', '9' };
+    byte senderNonce[PKCS7_NONCE_SZ + 2];
 
-    static PKCS7Attrib attribs[] =
+    PKCS7Attrib attribs[] =
     {
         { transIdOid, sizeof(transIdOid), transId,
                                sizeof(transId) - 1 }, /* take off the null */
@@ -43554,13 +53920,13 @@ static wc_test_ret_t pkcs7signed_run_vectors(
     };
 
     /* for testing custom contentType, FirmwarePkgData */
-    static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
+    static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
                                         0x48, 0x86, 0xF7, 0x0D,
                                         0x01, 0x09, 0x10, 0x01, 0x10 };
 
     #define MAX_TESTVECTORS_LEN 20
     #define ADD_PKCS7SIGNEDVECTOR(...) {                                       \
-            pkcs7SignedVector _this_vector = { __VA_ARGS__ };                  \
+            const pkcs7SignedVector _this_vector = { __VA_ARGS__ };            \
             if (testSz == MAX_TESTVECTORS_LEN) {                               \
                 ret = WC_TEST_RET_ENC_NC;                                      \
                 goto out;                                                      \
@@ -43771,6 +54137,11 @@ static wc_test_ret_t pkcs7signed_run_vectors(
 
     XMEMSET(out, 0, outSz);
 
+    /* test inner pad size error with block size being 0 */
+    ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 0);
+    if (ret > 0)
+        ERROR_OUT(-1, out);
+
     ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -43817,7 +54188,8 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         /* optional custom contentType, default is DATA,
            overrides contentOID if set */
         if (testVectors[i].contentType != NULL) {
-            ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
+            ret = wc_PKCS7_SetContentType(pkcs7,
+                                          (byte *)testVectors[i].contentType,
                                           testVectors[i].contentTypeSz);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -43872,11 +54244,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         #endif
 
             for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
-                #if defined(WOLF_C89)
-                    XSPRINTF((char*)&transId[k], "%02x", digest[j]);
-                #else
-                    (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
-                #endif
+                (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
             }
         }
 
@@ -43939,14 +54307,14 @@ static wc_test_ret_t pkcs7signed_run_vectors(
         #else
             byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
         #endif
-            byte* oidPt = transIdOid + 2;  /* skip object id tag and size */
+            const byte* oidPt = transIdOid + 2;  /* skip object id tag and size */
             int oidSz = (int)sizeof(transIdOid) - 2;
             int bufSz = 0;
 
             if (testVectors[i].signedAttribs != NULL) {
-                ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
+                ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
                     NULL, (word32*)&bufSz);
-                if (ret != LENGTH_ONLY_E)
+                if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
                 ret = 0;
             }
@@ -43954,7 +54322,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
             if (bufSz > (int)sizeof(buf))
                 ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-            bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
+            bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
                     buf, (word32*)&bufSz);
             if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
                 (testVectors[i].signedAttribs == NULL && bufSz > 0))
@@ -43982,10 +54350,8 @@ static wc_test_ret_t pkcs7signed_run_vectors(
 
     if (pkcs7 != NULL)
         wc_PKCS7_Free(pkcs7);
-    if (out != NULL)
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (testVectors != NULL)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_FreeRng(&rng);
 
     if (ret > 0)
@@ -44028,7 +54394,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
     byte*  out = NULL;
     word32 outSz;
     WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  file;
 #endif
@@ -44045,7 +54411,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
 #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
      defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
-    static byte aes256Key[] = {
+    static const byte aes256Key[] = {
         0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
         0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
         0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -44053,10 +54419,10 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
     };
 #endif
 
-    static byte messageTypeOid[] =
+    static const byte messageTypeOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
                  0x09, 0x02 };
-    static byte messageType[] = { 0x13, 2, '1', '9' };
+    static const byte messageType[] = { 0x13, 2, '1', '9' };
 
     PKCS7Attrib attribs[] =
     {
@@ -44346,7 +54712,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
             /* encode Signed Encrypted FirmwarePkgData */
             encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
-                    testVectors[i].encryptKey, testVectors[i].encryptKeySz,
+                    (byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
                     testVectors[i].privateKey, testVectors[i].privateKeySz,
                     testVectors[i].encryptOID, testVectors[i].signOID,
                     testVectors[i].hashOID, (byte*)testVectors[i].content,
@@ -44378,7 +54744,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
             /* encode Signed Encrypted Compressed FirmwarePkgData */
             encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
-                    testVectors[i].encryptKey, testVectors[i].encryptKeySz,
+                    (byte*)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
                     testVectors[i].privateKey, testVectors[i].privateKeySz,
                     testVectors[i].encryptOID, testVectors[i].signOID,
                     testVectors[i].hashOID, (byte*)testVectors[i].content,
@@ -44425,7 +54791,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
             word32 z;
             for (z = 0; z < outSz && ret != 0; z++) {
                 ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
-                if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
+                if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                     printf("unexpected error %d\n", ret);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
                 }
@@ -44449,7 +54815,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
         else if (testVectors[i].encCompFlag == 1) {
 
             /* decrypt inner encryptedData */
-            pkcs7->encryptionKey = testVectors[i].encryptKey;
+            pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey;
             pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
 
             ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
@@ -44458,7 +54824,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
             /* compare decrypted to expected */
             if (((word32)ret != testVectors[i].contentSz) ||
-                XMEMCMP(out, testVectors[i].content, ret))
+                XMEMCMP(out, testVectors[i].content, (word32)ret))
                 ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
     #endif
@@ -44487,7 +54853,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
             XMEMSET(encryptedTmp, 0, encryptedTmpSz);
 
             /* decrypt inner encryptedData */
-            pkcs7->encryptionKey = testVectors[i].encryptKey;
+            pkcs7->encryptionKey = (byte*)testVectors[i].encryptKey;
             pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
 
             encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
@@ -44516,15 +54882,12 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
 
     if (pkcs7 != NULL)
         wc_PKCS7_Free(pkcs7);
-    if (out != NULL)
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
         !defined(NO_PKCS7_ENCRYPTED_DATA)
-    if (encryptedTmp != NULL)
-        XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-    if (testVectors != NULL)
-        XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     wc_FreeRng(&rng);
 
     if (ret > 0)
@@ -44573,6 +54936,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
     word32 rsaServerPrivKeyBufSz = 0;
     word32 rsaCaPrivKeyBufSz     = 0;
     word32 eccClientPrivKeyBufSz = 0;
+    WOLFSSL_ENTER("pkcs7signed_test");
 
 #ifndef NO_RSA
     /* read client RSA cert and key in DER format */
@@ -44709,10 +55073,10 @@ static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
     (void)heap;
 
     do {
-        ret = wc_RNG_GenerateBlock(rng, d, len);
+        ret = wc_RNG_GenerateBlock(rng, d, (word32)len);
         if (ret != 0)
             return ret;
-        ret = mp_read_unsigned_bin(n, d, len);
+        ret = mp_read_unsigned_bin(n, d, (word32)len);
         if (ret != 0)
             return ret;
     } while (mp_iszero(n));
@@ -44823,7 +55187,7 @@ static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
     char str[30];
     WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
     WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
-    WOLFSSL_SMALL_STACK_STATIC const char* badStr3 = " ";
+    WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
     WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
     WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
 
@@ -44850,13 +55214,13 @@ static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
     }
 
     ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
-    ret = mp_read_radix(r, badStr3, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
+    if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_read_radix(r, zeros, MP_RADIX_DEC);
@@ -44903,7 +55267,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
 #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
     static char longStr[2 * sizeof(a->dp) + 2];
 #endif
-    WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = " ";
+    WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
     WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
     WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
 
@@ -44923,11 +55287,11 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
         }
     }
 
-    ret = mp_read_radix(r, badStr1, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    ret = mp_read_radix(r, empty2, MP_RADIX_HEX);
+    if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(r, 1);
@@ -44943,7 +55307,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
     XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
     longStr[sizeof(longStr)-1] = '\0';
     ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -44970,10 +55334,10 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
 
 #ifdef WOLFSSL_SP_MATH
     ret = mp_toradix(a, str, 8);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, 8, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -44991,17 +55355,20 @@ static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
         return WC_TEST_RET_ENC_EC(ret);
     for (i = 0; i < 4; i++) {
         mp_copy(r1, a);
+#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
+    defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
         ret = mp_lshd(r1, i);
         if (ret != MP_OKAY)
             return WC_TEST_RET_ENC_EC(ret);
-#ifndef WOLFSSL_SP_MATH
+    #ifndef WOLFSSL_SP_MATH
         mp_rshd(r1, i);
-#else
+    #else
         mp_rshb(r1, i * SP_WORD_SIZE);
-#endif
+    #endif
         ret = mp_cmp(a, r1);
         if (ret != MP_EQ)
             return WC_TEST_RET_ENC_NC;
+#endif
     }
 #ifndef WOLFSSL_SP_MATH
     for (i = 0; i < DIGIT_BIT+1; i++) {
@@ -45071,7 +55438,7 @@ static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
 
     for (i = 0; i < (int)sizeof(in); i++) {
         p = in + sizeof(in) - i;
-        ret = mp_read_unsigned_bin(a, p, i);
+        ret = mp_read_unsigned_bin(a, p, (word32)i);
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
         for (j = i; j < (int)sizeof(out); j++) {
@@ -45092,7 +55459,7 @@ static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
 
     /* Length too small. */
     ret = mp_to_unsigned_bin_len(a, out, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_read_unsigned_bin(a, NULL, 0);
@@ -45162,7 +55529,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_digit rho;
     int size;
 #endif
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
+#ifdef WOLFSSL_SP_PRIME_GEN
     int result;
 #endif
 #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
@@ -45174,7 +55541,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     (void)r;
 
     ret = mp_init(NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
@@ -45187,11 +55554,11 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = mp_grow(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLFSSL_SP_MATH
     ret = mp_grow(a, SP_INT_DIGITS + 1);
-    if (ret != MP_MEM)
+    if (ret != WC_NO_ERR_TRACE(MP_MEM))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #endif
@@ -45199,49 +55566,52 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_clear(NULL);
 
     ret = mp_abs(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_abs(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_abs(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_unsigned_bin_size(NULL);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
+    /* clear buffer to avoid provoking uninitvar errors. */
+    XMEMSET(buffer, 0, sizeof(buffer));
+
     ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_read_radix(NULL, NULL, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(a, NULL, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(NULL, hexStr, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifndef WOLFSSL_SP_INT_NEGATIVE
     ret = mp_read_radix(a, negStr, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_read_radix(a, negStr, 10);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* WOLFSSL_SP_MATH_ALL */
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
@@ -45249,12 +55619,12 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #ifndef WOLFSSL_SP_MATH_ALL
     /* Radix 10 only supported with ALL. */
     ret = mp_read_radix(a, decStr, 10);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     /* Radix 8 not supported SP_INT. */
     ret = mp_read_radix(a, "0123", 8);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_count_bits(NULL);
@@ -45277,43 +55647,43 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
     !defined(NO_RSA)
     ret = mp_set_bit(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_to_unsigned_bin(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin(NULL, buffer);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_len(a, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
     if (ret != MP_OKAY)
@@ -45322,24 +55692,24 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
     ret = mp_copy(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_copy(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_copy(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
     ret = sp_2expt(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = mp_set(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_cmp_d(NULL, 0);
@@ -45363,491 +55733,492 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_zero(NULL);
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = mp_lshd(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lshd(a, SP_INT_DIGITS + 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_div(NULL, NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(a, NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(NULL, b, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(a, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_mod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_set_int(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
     (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, a, 1, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, a, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, a, 1, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, a, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, a, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
     !defined(WC_NO_RNG)
     ret = mp_rand_prime(NULL, 32, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(a, 32, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(NULL, 32, rng, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(a, 0, rng, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_mul(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_sqr(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqr(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqr(NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_sqrmod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mulmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
     !defined(NO_RSA) || !defined(NO_DSA)
     ret = mp_add_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
     ret = mp_sub_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_div_d(NULL, 0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_d(a, 0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_d(NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
                             (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
     ret = mp_mod_d(NULL, 0, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(a, 0, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(NULL, 0, &rd);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     ret = mp_gcd(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_div_2_mod_ct(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_div_2(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2(NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
-#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+                         !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
     defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
     ret = mp_invmod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, b, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, NULL, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, b, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
     ret = mp_lcm(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, b, 1, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, b, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, b, 1, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -45857,117 +56228,117 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
+#ifdef WOLFSSL_SP_PRIME_GEN
     ret = mp_prime_is_prime(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(NULL, 1, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 0, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 1024, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
     ret = mp_exch(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exch(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exch(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
                                                     defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_mul_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_add(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_sub(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -45975,126 +56346,126 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
                                      defined(WOLFSSL_CUSTOM_CURVES))
     ret = mp_addmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_submod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_div_2d(NULL, 1, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mod_2d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_2d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_2d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mul_2d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_2d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_2d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_montgomery_reduce(NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_reduce(a, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_reduce(NULL, b, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_zero(b);
     ret = mp_montgomery_reduce(a, b, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_montgomery_setup(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_setup(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_setup(NULL, &rho);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_montgomery_calc_normalization(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_calc_normalization(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_calc_normalization(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -46104,53 +56475,53 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_tohex(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_tohex(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_tohex(NULL, hexStr);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_todecimal(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_todecimal(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_todecimal(NULL, decStr);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(a, NULL, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(a, hexStr, 3);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, 3, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -46235,11 +56606,11 @@ static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
         i = SP_INT_MAX_BITS + j;
         if (mp_is_bit_set(a, i))
             return WC_TEST_RET_ENC_NC;
-        if (mp_set_bit(a, i) != MP_VAL)
+        if (mp_set_bit(a, i) != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_NC;
     #ifdef WOLFSSL_KEY_GEN
         ret = mp_2expt(a, i);
-        if (ret != MP_VAL)
+        if (ret != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_EC(ret);
     #endif
     }
@@ -46284,6 +56655,7 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     if (ret != MP_GT)
         return WC_TEST_RET_ENC_NC;
 
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
     ret = mp_cmp_d(b, -1);
     if (ret != MP_GT)
@@ -46298,9 +56670,12 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     ret = mp_cmp(b, b);
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_NC;
+#endif
 
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
+
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-1", MP_RADIX_HEX);
     mp_read_radix(a, "1", MP_RADIX_HEX);
     ret = mp_cmp(a, b);
@@ -46317,12 +56692,15 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     ret = mp_cmp(b, a);
     if (ret != MP_LT)
         return WC_TEST_RET_ENC_NC;
+#endif
 
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-2", MP_RADIX_HEX);
     ret = mp_cmp(a, b);
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_NC;
 #endif
+#endif
 
 #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
     defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
@@ -46388,7 +56766,8 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     return 0;
 }
 
-#if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -46457,9 +56836,8 @@ static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
 }
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+#if !defined(NO_DH) || defined(HAVE_ECC) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
                        WC_RNG* rng)
 {
@@ -46470,7 +56848,7 @@ static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
     mp_zero(d);
 
     ret = mp_div(a, d, r, rem);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(d, 1);
@@ -46609,7 +56987,7 @@ static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 #else
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_NC;
 #endif
 #ifndef WOLFSSL_SP_MATH
@@ -46629,13 +57007,13 @@ static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
 #endif
 
     ret = mp_prime_is_prime(a, 0, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, -1, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 257, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(a, 1);
@@ -46718,13 +57096,13 @@ static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* ex
     mp_set(a, 0);
     mp_set(b, 1);
     ret = mp_lcm(a, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(b, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
@@ -46780,7 +57158,7 @@ static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* ex
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(b, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
@@ -46889,7 +57267,7 @@ static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(a, 0, &r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_zero(a);
@@ -47010,8 +57388,9 @@ static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r
     return 0;
 }
 
-#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
-    defined(OPENSSL_EXTRA)
+#if (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
+    defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
 static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
 {
     wc_test_ret_t ret;
@@ -47019,25 +57398,25 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(a, 0);
     mp_set(m, 1);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(m, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 2);
     mp_set(m, 4);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 3);
     mp_set(m, 6);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 5*9);
     mp_set(m, 6*9);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 4);
@@ -47071,7 +57450,7 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(m, 0);
     mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     /* Maximum modulus - even. */
     mp_set(m, 0);
@@ -47082,32 +57461,36 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
+
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-3", 16);
     ret = mp_invmod(a, m, r);
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
+#endif
+
 #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
     mp_set(a, 0);
     mp_set(m, 3);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 0);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 1);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 2);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(a, 1);
@@ -47131,10 +57514,10 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_set(e, 0x3);
     mp_set(m, 0x0);
     ret = mp_exptmod_ex(b, e, 1, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(b, e, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 
@@ -47239,10 +57622,10 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
     mp_add_d(m, 0x01, m);
     ret = mp_exptmod_ex(b, e, 1, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(b, e, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -47339,16 +57722,24 @@ static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC
         /* a = 2^(bits*2) - 1 */
         mp_zero(a);
         mp_set_bit(a, bits[i] * 2);
-        mp_sub_d(a, 1, a);
+        ret = mp_sub_d(a, 1, a);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         /* m = 2^(bits) - 1 */
         mp_zero(m);
         mp_set_bit(m, bits[i]);
-        mp_sub_d(m, 1, m);
+        ret = mp_sub_d(m, 1, m);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         mp = 1;
         /* result = r = 2^(bits) - 1 */
         mp_zero(r);
         mp_set_bit(r, bits[i]);
-        mp_sub_d(r, 1, r);
+        ret = mp_sub_d(r, 1, r);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
 
         ret = mp_montgomery_reduce(a, m, mp);
         if (ret != MP_OKAY)
@@ -47375,6 +57766,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     mp_digit d = 0;
 #endif
+
 #ifdef WOLFSSL_SMALL_STACK
     mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
                                   DYNAMIC_TYPE_TMP_BUFFER),
@@ -47397,8 +57789,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #else
     mp_int a[1], b[1], r1[1], r2[1], p[1];
 #endif
+    WOLFSSL_ENTER("mp_test");
 
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
+#else
+    ret =  mp_init(a);
+    ret |= mp_init(b);
+    ret |= mp_init(r1);
+    ret |= mp_init(r2);
+#endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -47450,8 +57850,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
             ret = mp_mulmod(a, a, p, r2);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-            if (mp_cmp(r1, r2) != 0)
+            if (mp_cmp(r1, r2) != 0) {
+                WOLFSSL_MSG("Fail: mp_mulmod result does not match mp_sqrmod!");
                 ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+            }
          #endif
 
      #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
@@ -47496,7 +57898,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
              *        - if p and a are even it will fail.
              */
             ret = mp_invmod(a, p, r1);
-            if (ret != 0 && ret != MP_VAL)
+            if (ret != 0 && ret != WC_NO_ERR_TRACE(MP_VAL))
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
         #ifndef WOLFSSL_SP_MATH
@@ -47604,7 +58006,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     if ((ret = mp_test_cmp(a, r1)) != 0)
         goto done;
-#if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
     if ((ret = mp_test_shbd(a, b, &rng))  != 0)
         goto done;
 #endif
@@ -47612,9 +58015,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
     if ((ret = mp_test_set_is_bit(a)) != 0)
         goto done;
 #endif
-#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+#if !defined(NO_DH) || defined(HAVE_ECC) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
     if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0)
         goto done;
 #endif
@@ -47639,8 +58041,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0)
         goto done;
-#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
-    defined(OPENSSL_EXTRA)
+#if (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
+    defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
     if ((ret = mp_test_invmod(a, b, r1)) != 0)
         goto done;
 #endif
@@ -47769,7 +58172,7 @@ static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k)
     if (ret != 0)
         ret = WC_TEST_RET_ENC_EC(ret);
     if (ret == 0) {
-        ret = mp_set(ki, k);
+        ret = mp_set(ki, (mp_digit)k);
         if (ret != 0)
             ret = WC_TEST_RET_ENC_EC(ret);
     }
@@ -47824,7 +58227,7 @@ static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
         goto out;
     }
     for (i = 0; ret == 0 && i < ecPairsSz; i++) {
-        ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz);
+        ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, (word32)ecPairs[i].coeffSz);
         if (ret != 0) {
             ret = WC_TEST_RET_ENC_EC(ret);
             break;
@@ -47891,6 +58294,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
     wc_test_ret_t ret;
     int isPrime = 0;
     WC_RNG rng;
+    WOLFSSL_ENTER("prime_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((n == NULL) ||
@@ -48035,15 +58439,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
     int i;
     word32 len = 0, l;
     byte out[32];
-    WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
+    static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
+    static const byte good1_out[] = { 0x30, 0x00 };
+    static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
+    static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
+    static const byte good3_in[] = {
         0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
+    static const byte good3_out[] = { 0x04, 0x1, 0x01 };
+    static const byte good4_in[] = {
         0x30, 0x80,
           0x02, 0x01, 0x01,
           0x30, 0x80,
@@ -48058,7 +58462,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
             0x00, 0x00,
           0x00, 0x00,
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
+    static const byte good4_out[] = {
         0x30, 0x12,
           0x02, 0x01, 0x01,
           0x30, 0x08,
@@ -48067,19 +58471,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
           0x31, 0x03,
             0x06, 0x01, 0x01
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
+    static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
 
-    berDerTestData testData[] = {
+    static berDerTestData testData[] = {
         { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
         { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
         { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
         { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
         { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
     };
+    WOLFSSL_ENTER("berder_test");
 
     for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
         ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return WC_TEST_RET_ENC_I(i);
         if (len != testData[i].outSz)
             return WC_TEST_RET_ENC_I(i);
@@ -48092,50 +58497,51 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
 
         for (l = 1; l < testData[i].inSz; l++) {
             ret = wc_BerToDer(testData[i].in, l, NULL, &len);
-            if (ret != ASN_PARSE_E)
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
                  return WC_TEST_RET_ENC_EC(ret);
             len = testData[i].outSz;
             ret = wc_BerToDer(testData[i].in, l, out, &len);
-            if (ret != ASN_PARSE_E)
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
                  return WC_TEST_RET_ENC_EC(ret);
         }
 
         for (l = 0; l < testData[i].outSz-1; l++) {
             ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
-            if (ret != BUFFER_E)
+            if (ret != WC_NO_ERR_TRACE(BUFFER_E))
                  return WC_TEST_RET_ENC_EC(ret);
         }
     }
 
     ret = wc_BerToDer(NULL, 4, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(out, 4, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, NULL, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(out, 4, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, out, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     for (l = 1; l < sizeof(good4_out); l++) {
         len = l;
         ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
-        if (ret != BUFFER_E)
+        if (ret != WC_NO_ERR_TRACE(BUFFER_E))
             return WC_TEST_RET_ENC_EC(ret);
     }
 
     return 0;
 }
-#endif
+#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA ||
+          OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef DEBUG_WOLFSSL
 static THREAD_LS_T int log_cnt = 0;
@@ -48155,6 +58561,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
     byte        a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
     byte        b[256];
     int         i;
+    WOLFSSL_ENTER("logging_test (debug)");
 
     for (i = 0; i < (int)sizeof(b); i++)
         b[i] = i;
@@ -48201,12 +58608,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
     (void)b;
 
 #else
+    WOLFSSL_ENTER("logging_test");
     ret = wolfSSL_Debugging_ON();
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return WC_TEST_RET_ENC_EC(ret);
     wolfSSL_Debugging_OFF();
     ret = wolfSSL_SetLoggingCb(NULL);
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* DEBUG_WOLFSSL */
     return 0;
@@ -48225,20 +58633,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
     !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
     wc_test_ret_t ret;
 #endif
+
 #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
-  #ifndef WOLFSSL_STATIC_MEMORY
-    wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
-  #else
-    wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
+    #ifndef WOLFSSL_STATIC_MEMORY
+        wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
+        WOLFSSL_ENTER("[wolfcrypt_]mutex_test (1)");
+    #else
+        wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
                                                  HEAP_HINT, DYNAMIC_TYPE_MUTEX);
-    if (mm != NULL) {
-        ret = wc_InitMutex(mm);
-        if (ret != 0) {
-            WOLFSSL_MSG("Init Mutex failed");
-            XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
-            return WC_TEST_RET_ENC_EC(ret);
+        WOLFSSL_ENTER("[wolfcrypt_]mutex_test (2)");
+        if (mm != NULL) {
+            ret = wc_InitMutex(mm);
+            if (ret != 0) {
+                WOLFSSL_MSG("Init Mutex failed");
+                XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
+                return WC_TEST_RET_ENC_EC(ret);
+            }
         }
-    }
   #endif
     if (mm == NULL)
         return WC_TEST_RET_ENC_ERRNO;
@@ -48258,7 +58669,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
     /* trying to free a locked mutex is not portable behavior with pthread */
     /* Attempting to destroy a locked mutex results in undefined behavior */
     ret = wc_FreeMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_UnLockMutex(&m);
@@ -48270,10 +58681,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
 #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
     /* Trying to use a pthread after free'ing is not portable behavior */
     ret = wc_LockMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_UnLockMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #endif
@@ -48300,7 +58711,7 @@ static void *my_Malloc_cb(size_t size)
 #endif
     malloc_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        return malloc(size);
+        return malloc(size); /* native heap */
     #else
         WOLFSSL_MSG("No malloc available");
         (void)size;
@@ -48319,7 +58730,7 @@ static void my_Free_cb(void *ptr)
 #endif
     free_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        free(ptr);
+        free(ptr); /* native heap */
     #else
         WOLFSSL_MSG("No free available");
         (void)ptr;
@@ -48337,7 +58748,7 @@ static void *my_Realloc_cb(void *ptr, size_t size)
 #endif
     realloc_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        return realloc(ptr, size);
+        return realloc(ptr, size); /* native heap */
     #else
         WOLFSSL_MSG("No realloc available");
         (void)ptr;
@@ -48350,21 +58761,22 @@ static void *my_Realloc_cb(void *ptr, size_t size)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
 {
     wc_test_ret_t ret = 0;
-#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
-    !defined(WOLFSSL_STATIC_MEMORY)
+#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
+    !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
     byte* b = NULL;
 #endif
     wolfSSL_Malloc_cb  mc;
     wolfSSL_Free_cb    fc;
     wolfSSL_Realloc_cb rc;
+    WOLFSSL_ENTER("memcb_test");
 
     /* Save existing memory callbacks */
     ret = wolfSSL_GetAllocators(&mc, &fc, &rc);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
-    !defined(WOLFSSL_STATIC_MEMORY)
+#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
+    !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
 
     /* test realloc */
     b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -48383,7 +58795,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
     }
 
     b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    {
+        byte *new_b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        if (new_b)
+            b = new_b;
+        else {
+            XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_memcb);
+        }
+    }
     XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
 #ifndef WOLFSSL_STATIC_MEMORY
@@ -48399,8 +58819,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
         ret = WC_TEST_RET_ENC_NC;
 #endif /* !WOLFSSL_NO_MALLOC */
 
-#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
-    !defined(WOLFSSL_STATIC_MEMORY)
+#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
+    !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
 exit_memcb:
 
     /* reset malloc/free/realloc counts */
@@ -48442,7 +58862,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void)
             0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
             0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
         };
-
+    WOLFSSL_ENTER("blob_test");
 
     XMEMSET(blob, 0, sizeof(blob));
     XMEMSET(out, 0, sizeof(out));
@@ -48600,7 +59020,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
     */
     ctx->exampleVar = 1;
     ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     } else
         /* reset return code */
@@ -48636,7 +59056,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
         ctx->exampleVar = 1;
         ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
                             in, inLen, out, &sigSz, key, sizeof(*key), NULL);
-        if (ret != NO_VALID_DEVID) {
+        if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
         } else
             /* reset return code */
@@ -48694,13 +59114,13 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 #endif
 
     #ifdef OPENSSL_EXTRA
-    EVP_PKEY* privKey = NULL;
-    EVP_PKEY* pubKey = NULL;
+    WOLFSSL_EVP_PKEY* privKey = NULL;
+    WOLFSSL_EVP_PKEY* pubKey = NULL;
     #ifdef USE_CERT_BUFFERS_256
     ecc_key* pkey;
     const unsigned char* cp;
     #endif
-    EVP_MD_CTX mdCtx;
+    WOLFSSL_EVP_MD_CTX mdCtx;
     const char testData[] = "Hi There";
     size_t checkSz = -1;
     const unsigned char* p;
@@ -48760,7 +59180,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     ctx->exampleVar = 1;
     ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     } else
         /* reset return code */
@@ -48785,7 +59205,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -48803,7 +59223,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -48824,7 +59244,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_shared_secret(key, pub, out, &outLen);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -48835,7 +59255,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 
     (void)pkey;
     cp = ecc_clikey_der_256;
-    privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
+    privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp,
                                                   sizeof_ecc_clikey_der_256);
     if (privKey == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
@@ -48852,9 +59272,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     pkey->devId = devId;
 
     /* sign */
-    EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
+    ret = EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey);
     if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
@@ -48887,17 +59307,17 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     /* restore checkSz for verify */
     checkSz = 71;
 
-    ret = EVP_MD_CTX_cleanup(&mdCtx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
+    if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
 
     /* verify */
 
-    EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    if (ret == SSL_SUCCESS) {
-        ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
+    if (ret == WOLFSSL_SUCCESS) {
+        ret = EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey);
     }
     if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
@@ -48924,8 +59344,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret != -1) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
-    ret = EVP_MD_CTX_cleanup(&mdCtx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
+    if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     } else
         ret = 0;
@@ -48954,12 +59374,8 @@ exit_onlycb:
         wc_ecc_free(key);
         XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
-    if (pub != NULL) {
-        XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if (out != NULL) {
-        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #ifdef OPENSSL_EXTRA
     if (check) {
         FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -48969,9 +59385,9 @@ exit_onlycb:
     wc_ecc_free(key);
     #ifdef OPENSSL_EXTRA
     if (privKey)
-        EVP_PKEY_free(privKey);
+        wolfSSL_EVP_PKEY_free(privKey);
     if (pubKey)
-        EVP_PKEY_free(pubKey);
+        wolfSSL_EVP_PKEY_free(pubKey);
     #endif
 #endif
 
@@ -48983,14 +59399,15 @@ exit_onlycb:
 /* Example crypto dev callback function that calls software version */
 static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and
+                                                   use SW */
     myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
 
     if (info == NULL)
         return BAD_FUNC_ARG;
 
 #ifdef DEBUG_WOLFSSL
-    printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
+    WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type);
 #endif
 
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
@@ -49032,7 +59449,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     }
     else if (info->algo_type == WC_ALGO_TYPE_PK) {
     #ifdef DEBUG_WOLFSSL
-        printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
+        WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type);
     #endif
 
     #ifndef NO_RSA
@@ -49088,7 +59505,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
                     info->pk.rsakg.e, info->pk.rsakg.rng);
 #ifdef HAVE_FIPS
-                if (ret == PRIME_GEN_E)
+                if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
                     continue;
                 break;
             }
@@ -49550,6 +59967,97 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
             #endif
         }
         else
+    #endif
+    #if defined(WOLFSSL_SHA3) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0))
+        if (info->hash.type == WC_HASH_TYPE_SHA3_224) {
+            if (info->hash.sha3 == NULL)
+                return NOT_COMPILED_IN;
+
+            /* set devId to invalid, so software is used */
+            info->hash.sha3->devId = INVALID_DEVID;
+
+            if (info->hash.in != NULL) {
+                ret = wc_Sha3_224_Update(
+                    info->hash.sha3,
+                    info->hash.in,
+                    info->hash.inSz);
+            }
+            if (info->hash.digest != NULL) {
+                ret = wc_Sha3_224_Final(
+                    info->hash.sha3,
+                    info->hash.digest);
+            }
+
+            /* reset devId */
+            info->hash.sha3->devId = devIdArg;
+        }
+        else if (info->hash.type == WC_HASH_TYPE_SHA3_256) {
+            if (info->hash.sha3 == NULL)
+                return NOT_COMPILED_IN;
+
+            /* set devId to invalid, so software is used */
+            info->hash.sha3->devId = INVALID_DEVID;
+
+            if (info->hash.in != NULL) {
+                ret = wc_Sha3_256_Update(
+                    info->hash.sha3,
+                    info->hash.in,
+                    info->hash.inSz);
+            }
+            if (info->hash.digest != NULL) {
+                ret = wc_Sha3_256_Final(
+                    info->hash.sha3,
+                    info->hash.digest);
+            }
+
+            /* reset devId */
+            info->hash.sha3->devId = devIdArg;
+        }
+        else if (info->hash.type == WC_HASH_TYPE_SHA3_384) {
+            if (info->hash.sha3 == NULL)
+                return NOT_COMPILED_IN;
+
+            /* set devId to invalid, so software is used */
+            info->hash.sha3->devId = INVALID_DEVID;
+
+            if (info->hash.in != NULL) {
+                ret = wc_Sha3_384_Update(
+                    info->hash.sha3,
+                    info->hash.in,
+                    info->hash.inSz);
+            }
+            if (info->hash.digest != NULL) {
+                ret = wc_Sha3_384_Final(
+                    info->hash.sha3,
+                    info->hash.digest);
+            }
+
+            /* reset devId */
+            info->hash.sha3->devId = devIdArg;
+        }
+        else if (info->hash.type == WC_HASH_TYPE_SHA3_512) {
+            if (info->hash.sha3 == NULL)
+                return NOT_COMPILED_IN;
+
+            /* set devId to invalid, so software is used */
+            info->hash.sha3->devId = INVALID_DEVID;
+
+            if (info->hash.in != NULL) {
+                ret = wc_Sha3_512_Update(
+                    info->hash.sha3,
+                    info->hash.in,
+                    info->hash.inSz);
+            }
+            if (info->hash.digest != NULL) {
+                ret = wc_Sha3_512_Final(
+                    info->hash.sha3,
+                    info->hash.digest);
+            }
+
+            /* reset devId */
+            info->hash.sha3->devId = devIdArg;
+        }
+        else
     #endif
         {
         }
@@ -49579,6 +60087,49 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         info->hmac.hmac->devId = devIdArg;
     }
 #endif
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
+    else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
+        if (info->cmac.cmac == NULL) {
+            return NOT_COMPILED_IN;
+        }
+
+        /* set devId to invalid so software is used */
+        info->cmac.cmac->devId = INVALID_DEVID;
+
+        /* Handle one-shot cases */
+        if (info->cmac.key != NULL && info->cmac.in != NULL
+                && info->cmac.out != NULL) {
+            ret = wc_AesCmacGenerate(info->cmac.out,
+                    info->cmac.outSz,
+                    info->cmac.in,
+                    info->cmac.inSz,
+                    info->cmac.key,
+                    info->cmac.keySz);
+        /* Sequentially handle incremental cases */
+        } else {
+            if (info->cmac.key != NULL) {
+                ret = wc_InitCmac(info->cmac.cmac,
+                        info->cmac.key,
+                        info->cmac.keySz,
+                        info->cmac.type,
+                        NULL);
+            }
+            if ((ret == 0) && (info->cmac.in != NULL)) {
+                ret = wc_CmacUpdate(info->cmac.cmac,
+                        info->cmac.in,
+                        info->cmac.inSz);
+            }
+            if ((ret ==0) && (info->cmac.out != NULL)) {
+                ret = wc_CmacFinal(info->cmac.cmac,
+                        info->cmac.out,
+                        info->cmac.outSz);
+            }
+        }
+
+        /* reset devId */
+        info->cmac.cmac->devId = devIdArg;
+    }
+#endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
 
     (void)devIdArg;
     (void)myCtx;
@@ -49613,11 +60164,13 @@ static int myCryptoCbFind(int currentId, int algoType)
 #endif /* WOLF_CRYPTO_CB_FIND */
 
 
+#if !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
 {
     wc_test_ret_t ret = 0;
     int origDevId = devId;
     myCryptoDevCtx myCtx;
+    WOLFSSL_ENTER("cryptocb_test");
 
     /* example data for callback */
     myCtx.exampleVar = 1;
@@ -49657,8 +60210,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     PRIVATE_KEY_LOCK();
 #endif
 #ifdef HAVE_ED25519
+    PRIVATE_KEY_UNLOCK();
     if (ret == 0)
         ret = ed25519_test();
+    PRIVATE_KEY_LOCK();
 #endif
 #ifdef HAVE_CURVE25519
     if (ret == 0)
@@ -49673,6 +60228,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     if (ret == 0)
         ret = aes_test();
     #endif
+    #ifdef WOLFSSL_AES_XTS
+    if (ret == 0)
+        ret = aes_xts_test();
+    #endif
     #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
     if (ret == 0)
         ret = aesccm_test();
@@ -49697,6 +60256,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
 #ifdef WOLFSSL_SHA512
     if (ret == 0)
         ret = sha512_test();
+#ifdef WOLFSSL_SHA3
+    if (ret == 0)
+        ret = sha3_test();
+#endif
 #endif
 #ifndef NO_HMAC
     #ifndef NO_SHA
@@ -49707,11 +60270,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     if (ret == 0)
         ret = hmac_sha256_test();
     #endif
+    #ifdef WOLFSSL_SHA3
+    if (ret == 0)
+        ret = hmac_sha3_test();
+    #endif
 #endif
 #ifndef NO_PWDBASED
     #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
+    PRIVATE_KEY_UNLOCK();
     if (ret == 0)
         ret = pbkdf2_test();
+    PRIVATE_KEY_LOCK();
     #endif
 #endif
 #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
@@ -49724,6 +60293,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
 
     return ret;
 }
+#endif /* ! WC_TEST_NO_CRYPTOCB_SW_TEST */
 #endif /* WOLF_CRYPTO_CB */
 
 #ifdef WOLFSSL_CERT_PIV
@@ -49751,6 +60321,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
           0x71, 0x01, 0x04, /* Cert Info */
           0xFE, 0x00,       /* Error Detection */
     };
+    WOLFSSL_ENTER("certpiv_test");
 
     XMEMSET(&piv, 0, sizeof(piv));
     /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
@@ -49820,6 +60391,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void)
 {
     time_t t;
     wc_test_ret_t ret;
+    WOLFSSL_ENTER("time_test");
 
     ret = wc_SetTimeCb(time_cb);
     if (ret != 0)
@@ -49847,24 +60419,29 @@ typedef struct {
   word32     keySz;
   const byte nonce[49];
   word32     nonceSz;
-  const byte assoc[81];
-  word32     assocSz;
+  byte       numAssoc;
+  const byte assoc1[81];
+  word32     assoc1Sz;
+  const byte assoc2[11];
+  word32     assoc2Sz;
   const byte plaintext[83];
   word32     plaintextSz;
-  const byte siv[AES_BLOCK_SIZE+1];
+  const byte siv[WC_AES_BLOCK_SIZE+1];
   const byte ciphertext[82];
   word32     ciphertextSz;
 } AesSivTestVector;
 
-#define AES_SIV_TEST_VECTORS 7
+#define AES_SIV_TEST_VECTORS 9
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
 {
-    /* These test vectors come from chrony 4.1's SIV unit tests. */
     WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
+    /* These test vectors come from chrony 4.1's SIV unit tests. */
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
+      "", 0,
       "", 0,
       "", 0,
       "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
@@ -49873,14 +60450,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
       "", 0,
+      "", 0,
       "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
       "", 0
     },
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
+      "", 0,
       "", 0,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
       "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
@@ -49889,7 +60470,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
       "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
       "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
@@ -49897,7 +60480,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
       "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
       "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
@@ -49906,8 +60491,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
       "\xd5", 17,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
       "\xa0", 17,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
       "\x08", 17,
       "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
@@ -49919,11 +60506,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
       "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
       "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
+      1,
       "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
       "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
       "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
       "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
       "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
+      "", 0,
       "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
       "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
       "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
@@ -49937,16 +60526,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
       "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
       "\xa1", 81
-    }};
+    },
+    /* Example A.1 from RFC5297 */
+    {
+      "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
+      "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 32,
+      "", 0,
+      1,
+      "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+      "\x20\x21\x22\x23\x24\x25\x26\x27", 24,
+      "", 0,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee", 14,
+      "\x85\x63\x2d\x07\xc6\xe8\xf3\x7f\x95\x0a\xcd\x32\x0a\x2e\xcc\x93",
+      "\x40\xc0\x2b\x96\x90\xc4\xdc\x04\xda\xef\x7f\x6a\xfe\x5c", 14
+    },
+    /* Example A.2 from RFC5297 */
+    {
+      "\x7f\x7e\x7d\x7c\x7b\x7a\x79\x78\x77\x76\x75\x74\x73\x72\x71\x70"
+      "\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f", 32,
+      "\x09\xf9\x11\x02\x9d\x74\xe3\x5b\xd8\x41\x56\xc5\x63\x56\x88\xc0", 16,
+      2,
+      "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
+      "\xde\xad\xda\xda\xde\xad\xda\xda\xff\xee\xdd\xcc\xbb\xaa\x99\x88"
+      "\x77\x66\x55\x44\x33\x22\x11\x00", 40,
+      "\x10\x20\x30\x40\x50\x60\x70\x80\x90\xa0", 10,
+      "\x74\x68\x69\x73\x20\x69\x73\x20\x73\x6f\x6d\x65\x20\x70\x6c\x61"
+      "\x69\x6e\x74\x65\x78\x74\x20\x74\x6f\x20\x65\x6e\x63\x72\x79\x70"
+      "\x74\x20\x75\x73\x69\x6e\x67\x20\x53\x49\x56\x2d\x41\x45\x53", 47,
+      "\x7b\xdb\x6e\x3b\x43\x26\x67\xeb\x06\xf4\xd1\x4b\xff\x2f\xbd\x0f",
+      "\xcb\x90\x0f\x2f\xdd\xbe\x40\x43\x26\x60\x19\x65\xc8\x89\xbf\x17"
+      "\xdb\xa7\x7c\xeb\x09\x4f\xa6\x63\xb7\xa3\xf7\x48\xba\x8a\xf8\x29"
+      "\xea\x64\xad\x54\x4a\x27\x2e\x9c\x48\x5b\x62\xa3\xfd\x5c\x0d", 47
+    }
+    };
     int i;
     byte computedCiphertext[82];
     byte computedPlaintext[82];
-    byte siv[AES_BLOCK_SIZE];
+    byte siv[WC_AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
+    WOLFSSL_ENTER("aes_siv_test");
 
+    /* First test legacy "exactly one Assoc" interface. */
     for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
+        if (testVectors[i].numAssoc != 1)
+            continue;
+
         ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
-                              testVectors[i].assoc, testVectors[i].assocSz,
+                              testVectors[i].assoc1, testVectors[i].assoc1Sz,
                               testVectors[i].nonce, testVectors[i].nonceSz,
                               testVectors[i].plaintext,
                               testVectors[i].plaintextSz, siv,
@@ -49954,7 +60580,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
         if (ret != 0) {
             return WC_TEST_RET_ENC_EC(ret);
         }
-        ret = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
+        ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE);
         if (ret != 0) {
             return WC_TEST_RET_ENC_NC;
         }
@@ -49964,7 +60590,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
             return WC_TEST_RET_ENC_NC;
         }
         ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
-                              testVectors[i].assoc, testVectors[i].assocSz,
+                              testVectors[i].assoc1, testVectors[i].assoc1Sz,
                               testVectors[i].nonce, testVectors[i].nonceSz,
                               computedCiphertext, testVectors[i].plaintextSz,
                               siv, computedPlaintext);
@@ -49978,6 +60604,47 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
         }
     }
 
+    /* Then test "multiple Assoc" interface. */
+    for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
+        const struct AesSivAssoc assoc[2] = {
+            { testVectors[i].assoc1, testVectors[i].assoc1Sz },
+            { testVectors[i].assoc2, testVectors[i].assoc2Sz }
+        };
+
+        ret = wc_AesSivEncrypt_ex(testVectors[i].key, testVectors[i].keySz,
+                                  assoc, testVectors[i].numAssoc,
+                                  testVectors[i].nonce, testVectors[i].nonceSz,
+                                  testVectors[i].plaintext,
+                                  testVectors[i].plaintextSz, siv,
+                                  computedCiphertext);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_EC(ret);
+        }
+        ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+        ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
+                     testVectors[i].ciphertextSz);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+        ret = wc_AesSivDecrypt_ex(testVectors[i].key, testVectors[i].keySz,
+                                  assoc, testVectors[i].numAssoc,
+                                  testVectors[i].nonce, testVectors[i].nonceSz,
+                                  computedCiphertext,
+                                  testVectors[i].plaintextSz, siv,
+                                  computedPlaintext);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_EC(ret);
+        }
+        ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
+                     testVectors[i].plaintextSz);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+    }
+
     return 0;
 }
 #endif
diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h
index b58beca0d..7b2ececc9 100644
--- a/wolfcrypt/test/test.h
+++ b/wolfcrypt/test/test.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,6 +37,8 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
 #ifdef HAVE_STACK_SIZE
 THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args);
 #else
@@ -58,6 +60,8 @@ int wolf_test_task(void);
 #define WC_TEST_RET_TAG_ERRNO  2L
 #define WC_TEST_RET_TAG_I      3L
 
+wc_static_assert(-(long)MIN_CODE_E < 0x7ffL);
+
 #define WC_TEST_RET_ENC(line, i, tag)                           \
         ((wc_test_ret_t)(-((wc_test_ret_t)(line) + ((wc_test_ret_t)((word32)(i) & 0x7ffL) * 100000L) + ((wc_test_ret_t)(tag) << 29L))))
 
diff --git a/wolfcrypt/test/test_paths.h.in b/wolfcrypt/test/test_paths.h.in
index adac40c1a..ce5ade920 100644
--- a/wolfcrypt/test/test_paths.h.in
+++ b/wolfcrypt/test/test_paths.h.in
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,6 +20,15 @@
  */
 
 #ifndef NO_FILESYSTEM
+#ifdef CERT_REL_PREFIX
+    #define CERT_PREFIX CERT_REL_PREFIX
+    #ifndef NO_WRITE_TEMP_FILES
+        #ifndef CERT_WRITE_TEMP_DIR
+            #define CERT_WRITE_TEMP_DIR "./"
+        #endif
+    #endif
+#else
     #define CERT_PREFIX "@abs_top_srcdir@/"
     #define CERT_WRITE_TEMP_DIR "@abs_top_builddir@/"
+#endif /* CERT_REL_PREFIX */
 #endif /* NO_FILESYSTEM */
diff --git a/wolfcrypt/user-crypto/Makefile.am b/wolfcrypt/user-crypto/Makefile.am
deleted file mode 100644
index d9c3ae391..000000000
--- a/wolfcrypt/user-crypto/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-AM_CFLAGS=-I m4
-
-#add in wolfssl directory
-AM_CPPFLAGS+=-I$(abs_srcdir)/../../ -I$(srcdir)/include/
-lib_LTLIBRARIES = lib/libusercrypto.la
-lib_libusercrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
-lib_libusercrypto_la_LDFLAGS = $(AM_LDFLAGS)
-lib_libusercrypto_la_SOURCES = src/rsa.c
-include_HEADERS = include/user_rsa.h
diff --git a/wolfcrypt/user-crypto/README.txt b/wolfcrypt/user-crypto/README.txt
deleted file mode 100644
index 8afe87f69..000000000
--- a/wolfcrypt/user-crypto/README.txt
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-/*
- Created to use intel's IPP see their license for linking to intel's IPP library
- */
-
-
-##BUILDING ON 64BIT MAC OSX
-Tested and developed on MAC OSX linking to IPP v9.0
-
-for me exporting the IPP library was needed. As an example it was
-export DYLD_LIBRARY_PATH="/opt/intel/ipp/lib"
-
-first go to the root wolfssl dir and run ./autogen.sh && ./configure it with desired settings then make. This is to set up the define options and wolfssl library for the user crypto to link to.
-
-Then go to the wolfssl/user-crypto directory and run ./autogen.sh && ./configure then make make install this creates a usercrypto library to use
-
-Finally go back to the root wolfssl directory and follow these build instructions
-
-building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
-An example build would be
-./configure --with-user-crypto CPPFLAGS=-I/opt/intel/ipp/include --enable-lighty
-
-
-##BUILDING IN 32BIT UBUNTU
-Tested on UBUNTU 32 bit linking to IPP v9.0
-
-for me exporting the IPP library. As an example it was
-export LD_LIBRARY_PATH="/opt/intel/ipp/lib/ia32_lin/:$LD_LIBRARY_PATH"
-
-first go to the root wolfssl dir and configure it with desired settings and make install. This is to set up the define options and wolfssl library for the user crypto to link to.
-
-For me on Ubuntu the IPP libraries had been installed into /opt/intel/ipp/lib/ia32_lin/ so the ./configure LDFLAGS=-L/opt/intel/ipp/lib/ia32_lin was needed to be looking at that directory.
-Run make && make install from the directory wolfssl_root/wolfssl/user-crypto/ this creates a usercrypto library to use
-
-Finally go back to the root wolfssl directory and follow these build instructions
-
-building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files
-
-./configure --with-user-crypto=root_wolfssl/wolfssl/user-crypto CPPFLAGS=-I/opt/intel/ipp/include (plus any desired additional flags)
-
-
-##THINGS TO CHECK FOR IF NOT ABLE TO LINK WITH USERCRYPTO LIB
-Check that the path has been exported for the IPP library. If usercrypto is unable to use the  function to init an RSA key then the link to it will fail in configure. Check for this by $DYLD_LIBRARY_PATH on mac or $LD_LIBRARY_PATH on ubuntu. If the directory for the Intel IPP libraries are not displayed than use "export DYLD_LIBRARY_PATH=path_to_ipp_libraries:$DYLD_LIBRARY_PATH".
-
-
-##CREATING OWN RSA CRYPTO PLUGIN
-
-It is required to have a header file named user_rsa.h. This is what is looked for by wolfssl/wolfcrypt/rsa.h and should contain the user defined rsa key struct.
-
-It is required to have a library called usercrypto. This is linked to when configuring wolfSSL with the option --with-user-crypto
-
-It is required when compiled with RSA cert generation to have key struct elements named n and e containing the corresponding big numbers. And the three helper functions to work with the big numbers. These functions are called by wolfcrypt/src/asn.c when working with certificates.
-To view the needed functions look at wolfssl/wolfcrypt/rsa.h they will be extern functions surrounded by HAVE_USER_RSA define.
-Cert Generation for other sign and verify such as ECC are not yet supported.
-
-When building with openssl compatibility layer extra developent needs to be done, having the two functions SetRsaExernal and SetRsaInternal
-
-wolfSSL does not take responsibility for the strength of security of third party cryptography libraries plugged in by the user.
diff --git a/wolfcrypt/user-crypto/autogen.sh b/wolfcrypt/user-crypto/autogen.sh
deleted file mode 100755
index 89e475c0b..000000000
--- a/wolfcrypt/user-crypto/autogen.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-#
-# Create configure and makefile stuff...
-#
-
-# Git hooks should come before autoreconf.
-if test -d .git; then
-  if ! test -d .git/hooks; then
-    mkdir .git/hooks
-  fi
-  ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
-  ln -s -f ../../pre-push.sh .git/hooks/pre-push
-fi
-
-# If this is a source checkout then call autoreconf with error as well
-if test -d .git; then
-  WARNINGS="all,error"
-else
-  WARNINGS="all"
-fi
-
-autoreconf --install --force --verbose
-
diff --git a/wolfcrypt/user-crypto/configure.ac b/wolfcrypt/user-crypto/configure.ac
deleted file mode 100644
index 561b9ccd9..000000000
--- a/wolfcrypt/user-crypto/configure.ac
+++ /dev/null
@@ -1,44 +0,0 @@
-#                                               -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-
-AC_PREREQ([2.63])
-AC_INIT([usercypto], [0.1], [])
-AC_CONFIG_SRCDIR([src/rsa.c])
-
-AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
-
-LT_PREREQ([2.2])
-LT_INIT([disable-static])
-LT_LANG([C++])
-LT_LANG([C])
-
-# Checks for programs.
-AC_PROG_CC
-AC_CONFIG_MACRO_DIR([m4])
-
-# Checks for libraries.
-AM_LDFLAGS=$LDFLAGS
-LDFLAGS="$LDFLAGS -L/opt/intel/ipp/lib -lippcp -lippcore"
-
-# Path to find wolfssl/options and other includes
-AM_CPPFLAGS=$CPPFLAGS
-CPPFLAGS="$CPPFLAGS -I../../ -I/opt/intel/ipp/include"
-AC_CHECK_LIB([ippcore], [ippGetStatusString], [], [AC_MSG_ERROR([ippcore library needed ./configure LDFLAGS=/path/to/ipp/lib])])
-AC_CHECK_LIB([ippcp], [ippsRSA_InitPublicKey], [], [AC_MSG_ERROR([ippcp library needed ./configure LDFLAGS=/path/to/ipp/lib])])
-
-# check headers
-AC_CHECK_HEADER([ippcp.h], [], [AC_MSG_ERROR([ippcp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
-AC_CHECK_HEADER([ipp.h], [], [AC_MSG_ERROR([ipp.h not found ./configure CPPFLAGS=-I/ipp/headers])])
-
-LDFLAGS=$AM_LDFLAGS
-CPPFLAGS=$AM_CPPFLAGS
-
-AM_LDFLAGS="-L/opt/intel/ipp/lib -lippcp -lippcore"
-AM_CPPFLAGS="-I/opt/intel/ipp/include"
-
-AC_SUBST([AM_CPPFLAGS])
-AC_SUBST([AM_LDFLAGS])
-AC_C_INLINE
-
-AC_CONFIG_FILES([Makefile])
-AC_OUTPUT
diff --git a/wolfcrypt/user-crypto/include.am b/wolfcrypt/user-crypto/include.am
deleted file mode 100644
index 6cc8577ab..000000000
--- a/wolfcrypt/user-crypto/include.am
+++ /dev/null
@@ -1,13 +0,0 @@
-
-if BUILD_FAST_RSA
-include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h
-endif
-
-# user crypto plug in example
-EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac
-EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh
-EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h
-EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c
-EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep
-EXTRA_DIST+= wolfcrypt/user-crypto/README.txt
-EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am
diff --git a/wolfcrypt/user-crypto/include/user_rsa.h b/wolfcrypt/user-crypto/include/user_rsa.h
deleted file mode 100644
index c850b779b..000000000
--- a/wolfcrypt/user-crypto/include/user_rsa.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/* user_rsa.h
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-/*
- Created to use intel's IPP see their license for linking to intel's IPP library
- */
-
-#ifndef USER_WOLF_CRYPT_RSA_H
-#define USER_WOLF_CRYPT_RSA_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_RSA
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-/* intels crypto */
-#include <ipp.h>
-#include <ippcp.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* needed for WOLFSSL_RSA type but use macro guard against redefine */
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TYPES_DEFINED) \
-        && !defined(WOLFSSL_RSA_TYPE_DEFINED)
-    struct WOLFSSL_RSA;
-    typedef struct WOLFSSL_RSA WOLFSSL_RSA;
-    #define WOLFSSL_RSA_TYPE_DEFINED
-#endif
-
-
-enum {
-    RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1,
-};
-
-/* RSA */
-struct RsaKey {
-    IppsBigNumState* n;
-    IppsBigNumState* e;
-    IppsBigNumState* dipp;
-    IppsBigNumState* pipp;
-    IppsBigNumState* qipp;
-    IppsBigNumState* dPipp;
-    IppsBigNumState* dQipp;
-    IppsBigNumState* uipp;
-    int nSz, eSz, dSz;
-    IppsRSAPublicKeyState*  pPub;
-    IppsRSAPrivateKeyState* pPrv;
-    word32 prvSz; /* size of private key */
-    word32 sz;    /* size of signature */
-    int   type;                               /* public or private */
-    void* heap;                               /* for user memory overrides */
-};
-
-#ifndef WC_RSAKEY_TYPE_DEFINED
-    typedef struct RsaKey RsaKey;
-    #define WC_RSAKEY_TYPE_DEFINED
-#endif
-
-WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void*);
-WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
-WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
-
-WOLFSSL_API int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                     word32 outLen, RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
-                                            RsaKey* key);
-WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
-                                      word32 outLen, RsaKey* key);
-WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                                word32 outLen, RsaKey* key, WC_RNG* rng);
-WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
-                                        RsaKey* key);
-WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
-                                  word32 outLen, RsaKey* key);
-WOLFSSL_API int  wc_RsaEncryptSize(RsaKey* key);
-
-WOLFSSL_API int  wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
-WOLFSSL_API int  wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
-WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
-                                                               RsaKey*, word32);
-WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
-                                        const byte* e, word32 eSz, RsaKey* key);
-WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
-WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
-#ifdef WOLFSSL_KEY_GEN
-    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
-#endif
-WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
-                                                                       word32*);
-WOLFSSL_API int  wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
-
-
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-        /* abstracted BN operations with RSA key */
-    WOLFSSL_API int wc_Rsa_leading_bit(void* BN);
-    WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN);
-
-        /* return MP_OKAY on success */
-    WOLFSSL_API int wc_Rsa_to_unsigned_bin(void* BN, byte* in, int inLen);
-#endif
-
-#ifdef OPENSSL_EXTRA /* abstracted functions to deal with rsa key */
-    WOLFSSL_API int SetRsaExternal(WOLFSSL_RSA* rsa);
-    WOLFSSL_API int SetRsaInternal(WOLFSSL_RSA* rsa);
-#endif
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_RSA */
-#endif /* USER_WOLF_CRYPT_RSA_H */
diff --git a/wolfcrypt/user-crypto/lib/.gitkeep b/wolfcrypt/user-crypto/lib/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c
deleted file mode 100644
index 66357372f..000000000
--- a/wolfcrypt/user-crypto/src/rsa.c
+++ /dev/null
@@ -1,2797 +0,0 @@
-/* rsa.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#ifdef HAVE_CONFIG_H /* configure options when using autoconf */
-    #include <config.h>
-#endif
-
-#include <wolfssl/options.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_RSA
-
-#define USER_CRYPTO_ERROR -101
-
-#ifdef OPENSSL_EXTRA
-    #include <wolfssl/openssl/rsa.h> /* include for openssl compatibility */
-    #include <wolfssl/openssl/bn.h>
-#endif
-#include "user_rsa.h"
-
-#ifdef DEBUG_WOLFSSL /* debug done without variadic to allow older compilers */
-    #include <stdio.h>
-    #define USER_DEBUG(x) printf x
-#else
-    #define USER_DEBUG(x) WC_DO_NOTHING
-#endif
-
-#define ASN_INTEGER    0x02
-#define ASN_BIT_STRING 0x03
-#define ASN_TAG_NULL   0x05
-#define ASN_OBJECT_ID  0x06
-
-
-/* Make sure compiler doesn't skip -- used from wolfSSL */
-static inline void ForceZero(const void* mem, word32 len)
-{
-    volatile byte* z = (volatile byte*)mem;
-
-    while (len--) *z++ = 0;
-}
-
-enum {
-    RSA_PUBLIC_ENCRYPT  = 0,
-    RSA_PUBLIC_DECRYPT  = 1,
-    RSA_PRIVATE_ENCRYPT = 2,
-    RSA_PRIVATE_DECRYPT = 3,
-
-    RSA_BLOCK_TYPE_1 = 1,
-    RSA_BLOCK_TYPE_2 = 2,
-
-    RSA_MIN_SIZE = 512,
-    RSA_MAX_SIZE = 4096, /* max allowed in IPP library */
-
-    RSA_MIN_PAD_SZ   = 11      /* separator + 0 + pad value + 8 pads */
-};
-
-
-int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
-{
-
-    USER_DEBUG(("Entering wc_InitRsaKey\n"));
-
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set full struct as 0 */
-    ForceZero(key, sizeof(RsaKey));
-
-    USER_DEBUG(("\tExit wc_InitRsaKey\n"));
-
-    (void)devId;
-    (void)heap;
-    return 0;
-}
-
-int wc_InitRsaKey(RsaKey* key, void* heap)
-{
-    return wc_InitRsaKey_ex(key, heap, INVALID_DEVID);
-}
-
-
-/* three functions needed for cert and key gen */
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-/* return 1 if there is a leading bit*/
-int wc_Rsa_leading_bit(void* bn)
-{
-    int ret = 0;
-    int dataSz;
-    Ipp32u* data;
-    Ipp32u  q;
-    int qSz = sizeof(Ipp32u);
-
-    if (ippsExtGet_BN(NULL, &dataSz, NULL, bn) != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN Rsa leading bit error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* convert from size in binary to Ipp32u */
-    dataSz = dataSz / 32 + ((dataSz % 32)? 1 : 0);
-    data = (Ipp32u*)XMALLOC(dataSz * sizeof(Ipp32u), NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL) {
-        USER_DEBUG(("Rsa leading bit memory error\n"));
-        return 0;
-    }
-
-    /* extract value from BN */
-    if (ippsExtGet_BN(NULL, NULL, data, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa leading bit error\n"));
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return 0;
-    }
-
-    /* use method like what's used in wolfssl tfm.c  */
-    q = data[dataSz - 1];
-
-    ret = 0;
-    while (qSz > 0) {
-        if (q != 0)
-            ret = (q & 0x80) != 0;
-        q >>= 8;
-        qSz--;
-    }
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return ret;
-}
-
-
-/* get the size in bytes of BN */
-int wc_Rsa_unsigned_bin_size(void* bn)
-{
-    int ret = 0;
-    if (ippsExtGet_BN(NULL, &ret, NULL, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa unsigned bin size error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-    return (ret / 8) + ((ret % 8)? 1: 0); /* size in bytes */
-}
-
-#ifndef MP_OKAY
-#define MP_OKAY 0
-#endif
-
-/* extract the bn value to a unsigned byte array and return MP_OKAY on success */
-int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen)
-{
-    if (ippsGetOctString_BN((Ipp8u*)in, inLen, bn) != ippStsNoErr) {
-        USER_DEBUG(("Rsa to unsigned bin error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-    return MP_OKAY;
-}
-#endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN || OPENSSL_EXTRA */
-
-
-#ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */
-static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in)
-{
-    IppStatus ret;
-    byte* data;
-    int sz;
-
-    USER_DEBUG(("Entering SetIndividualExternal\n"));
-
-    if (bn == NULL || in == NULL) {
-        USER_DEBUG(("inputs NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (*bn == NULL) {
-        *bn = wolfSSL_BN_new();
-        if (*bn == NULL) {
-            USER_DEBUG(("SetIndividualExternal alloc failed\n"));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* get size of array needed and extract oct array of data */
-    ret = ippsGetSize_BN(in, &sz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    data = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(data, sz, in);
-    if (ret != ippStsNoErr) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* store the data into a wolfSSL Big Number */
-    *bn = wolfSSL_BN_bin2bn(data, sz, *bn);
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi)
-{
-    int length, ctxSz, sz;
-    IppStatus ret;
-    Ipp8u* data;
-
-    USER_DEBUG(("Entering SetIndividualInternal\n"));
-
-    if (bn == NULL || bn->internal == NULL) {
-        USER_DEBUG(("bn NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    length = wolfSSL_BN_num_bytes(bn);
-
-    /* if not IPP BN then create one */
-    if (*mpi == NULL) {
-        ret = ippsBigNumGetSize(length, &ctxSz);
-        if (ret != ippStsNoErr)
-            return USER_CRYPTO_ERROR;
-
-        *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-        if (*mpi == NULL)
-            return USER_CRYPTO_ERROR;
-
-        ret = ippsBigNumInit(length, *mpi);
-        if (ret != ippStsNoErr) {
-            XFREE(*mpi, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            return USER_CRYPTO_ERROR;
-        }
-
-    }
-
-    /* get the size of array needed and check IPP BigNum */
-    if (ippsGetSize_BN(*mpi, &sz) != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    if (sz < length) {
-        USER_DEBUG(("big num size is too small\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    data = (Ipp8u*)XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (data == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* extract the wolfSSL BigNum and store it into IPP BigNum */
-    if (wolfSSL_BN_bn2bin(bn, data) < 0) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("error in getting bin from wolfssl bn\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsSetOctString_BN(data, length, *mpi);
-    if (ret != ippStsNoErr) {
-        XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-/* WolfSSL -> OpenSSL */
-int SetRsaExternal(WOLFSSL_RSA* rsa)
-{
-    RsaKey* key;
-    USER_DEBUG(("Entering SetRsaExternal\n"));
-
-    if (rsa == NULL || rsa->internal == NULL) {
-        USER_DEBUG(("rsa key NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key = (RsaKey*)rsa->internal;
-
-    if (SetIndividualExternal(&rsa->n, key->n) != 0) {
-        USER_DEBUG(("rsa n key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (SetIndividualExternal(&rsa->e, key->e) != 0) {
-        USER_DEBUG(("rsa e key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (key->type == RSA_PRIVATE) {
-        if (SetIndividualExternal(&rsa->d, key->dipp) != 0) {
-            USER_DEBUG(("rsa d key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->p, key->pipp) != 0) {
-            USER_DEBUG(("rsa p key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->q, key->qipp) != 0) {
-            USER_DEBUG(("rsa q key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->dmp1, key->dPipp) != 0) {
-            USER_DEBUG(("rsa dP key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->dmq1, key->dQipp) != 0) {
-            USER_DEBUG(("rsa dQ key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        if (SetIndividualExternal(&rsa->iqmp, key->uipp) != 0) {
-            USER_DEBUG(("rsa u key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    rsa->exSet = 1;
-
-    /* SSL_SUCCESS */
-    return 1;
-}
-
-
-/* Openssl -> WolfSSL */
-int SetRsaInternal(WOLFSSL_RSA* rsa)
-{
-    int ctxSz, pSz, qSz;
-    IppStatus ret;
-    RsaKey* key;
-    USER_DEBUG(("Entering SetRsaInternal\n"));
-
-    if (rsa == NULL || rsa->internal == NULL) {
-        USER_DEBUG(("rsa key NULL error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key = (RsaKey*)rsa->internal;
-
-    if (SetIndividualInternal(rsa->n, &key->n) != 0) {
-        USER_DEBUG(("rsa n key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (SetIndividualInternal(rsa->e, &key->e) != 0) {
-        USER_DEBUG(("rsa e key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* public key */
-    key->type = RSA_PUBLIC;
-
-    if (rsa->d != NULL) {
-        if (SetIndividualInternal(rsa->d, &key->dipp) != 0) {
-            USER_DEBUG(("rsa d key error\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* private key */
-        key->type = RSA_PRIVATE;
-    }
-
-    if (rsa->p != NULL &&
-        SetIndividualInternal(rsa->p, &key->pipp) != 0) {
-        USER_DEBUG(("rsa p key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->q != NULL &&
-        SetIndividualInternal(rsa->q, &key->qipp) != 0) {
-        USER_DEBUG(("rsa q key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->dmp1 != NULL &&
-        SetIndividualInternal(rsa->dmp1, &key->dPipp) != 0) {
-        USER_DEBUG(("rsa dP key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->dmq1 != NULL &&
-        SetIndividualInternal(rsa->dmq1, &key->dQipp) != 0) {
-        USER_DEBUG(("rsa dQ key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (rsa->iqmp != NULL &&
-        SetIndividualInternal(rsa->iqmp, &key->uipp) != 0) {
-        USER_DEBUG(("rsa u key error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    rsa->inSet = 1;
-
-    /* get sizes of IPP BN key states created from input */
-    ret = ippsGetSize_BN(key->n, &key->nSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->e, &key->eSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->sz = key->nSz; /* set modulus size */
-
-    /* convert to size in bits */
-    key->nSz = key->nSz * 8;
-    key->eSz = key->eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (key->pipp != NULL && key->qipp != NULL && key->dipp != NULL &&
-            key->dPipp != NULL && key->dQipp != NULL && key->uipp != NULL) {
-        /* get bn sizes needed for private key set up */
-        ret = ippsGetSize_BN(key->pipp, &pSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        ret = ippsGetSize_BN(key->qipp, &qSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* store sizes needed for creating tmp private keys */
-        ret = ippsGetSize_BN(key->dipp, &key->dSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* convert to size in bits */
-        key->dSz = key->dSz * 8;
-        pSz = pSz * 8;
-        qSz = qSz * 8;
-
-        /* set up private key state */
-        ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        key->prvSz = ctxSz;
-        key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-        if (key->pPrv == NULL)
-            return USER_CRYPTO_ERROR;
-
-        ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                        ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-
-        ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-                key->dQipp, key->uipp, key->pPrv);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", ippGetStatusString(ret)));
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* SSL_SUCCESS */
-    return 1;
-}
-#endif /* OPENSSLEXTRA */
-
-
-/* Padding scheme function used in wolfSSL for signing needed for matching
-   existing API signing scheme
-    input : the msg to be signed
-    inputLen : length of input msg
-    pkcsBlock : the outputted padded msg
-    pkcsBlockLen : length of outputted padded msg buffer
-    padValue : the padded value after first 00 , is either 01 or 02
-    rng : random number generator structure
- */
-static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
-                   word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
-{
-    if (inputLen == 0 || pkcsBlockLen == 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    pkcsBlock[0] = 0x0;       /* set first byte to zero and advance */
-    pkcsBlock++; pkcsBlockLen--;
-    pkcsBlock[0] = padValue;  /* insert padValue */
-
-    if (padValue == RSA_BLOCK_TYPE_1) {
-        if (pkcsBlockLen < inputLen + 2) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* pad with 0xff bytes */
-        XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
-    }
-    else {
-        /* pad with non-zero random bytes */
-        word32 padLen, i;
-        int    ret;
-
-        if (pkcsBlockLen < inputLen + 1) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        padLen = pkcsBlockLen - inputLen - 1;
-        ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
-
-        if (ret != 0)
-            return ret;
-
-        /* remove zeros */
-        for (i = 1; i < padLen; i++)
-            if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
-    }
-
-    pkcsBlock[pkcsBlockLen-inputLen-1] = 0;     /* separator */
-    XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
-
-    return 0;
-}
-
-
-/* UnPad plaintext, set start to *output, return length of plaintext,
- * < 0 on error */
-static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
-                       byte **output, byte padValue)
-{
-    word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
-           invalid = 0,
-           i = 1,
-           outputLen;
-
-    if (pkcsBlockLen == 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (pkcsBlock[0] != 0x0) /* skip past zero */
-        invalid = 1;
-    pkcsBlock++; pkcsBlockLen--;
-
-    /* Require block type padValue */
-    invalid = (pkcsBlock[0] != padValue) || invalid;
-
-    /* verify the padding until we find the separator */
-    if (padValue == RSA_BLOCK_TYPE_1) {
-        while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
-    }
-    else {
-        while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
-    }
-
-    if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
-        USER_DEBUG(("RsaUnPad error, bad formatting\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    outputLen = pkcsBlockLen - i;
-    invalid = (outputLen > maxOutputLen) || invalid;
-
-    if (invalid) {
-        USER_DEBUG(("RsaUnPad error, bad formatting\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    *output = (byte *)(pkcsBlock + i);
-    return outputLen;
-}
-
-
-/* Set up memory and structure for a Big Number
- * returns ippStsNoErr on success
- */
-static IppStatus init_bn(IppsBigNumState** in, int sz)
-{
-    int ctxSz;
-    IppStatus ret;
-
-    ret = ippsBigNumGetSize(sz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        return ret;
-    }
-
-    *in = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*in == NULL) {
-        return ippStsNoMemErr;
-    }
-
-    ret = ippsBigNumInit(sz, *in);
-    if (ret != ippStsNoErr) {
-        XFREE(*in, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *in = NULL;
-        return ret;
-    }
-
-    return ippStsNoErr;
-}
-
-
-/* Set up memory and structure for a Montgomery struct
- * returns ippStsNoErr on success
- */
-static IppStatus init_mont(IppsMontState** mont, int* ctxSz,
-                                                         IppsBigNumState* modul)
-{
-    int       mSz;
-    Ipp32u*   m;
-    IppStatus ret;
-
-    ret = ippsExtGet_BN(NULL, ctxSz, NULL, modul);
-    if (ret != ippStsNoErr) {
-        return ret;
-    }
-
-    /* convert bits to Ipp32u array size and round up
-       32 is number of bits in type */
-    mSz = (*ctxSz/32)+((*ctxSz % 32)? 1: 0);
-    m = (Ipp32u*)XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (m == NULL) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ippStsNoMemErr;
-    }
-
-    ret = ippsExtGet_BN(NULL, NULL, m, modul);
-    if (ret != ippStsNoErr) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ret;
-    }
-
-    ret = ippsMontGetSize(IppsSlidingWindows, mSz, ctxSz);
-    if (ret != ippStsNoErr) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ret;
-    }
-
-    /* 2. Allocate working buffer using malloc */
-    *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*mont == NULL) {
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return ippStsNoMemErr;
-    }
-    ret = ippsMontInit(IppsSlidingWindows, mSz, *mont);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret)));
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *mont = NULL;
-        return ret;
-    }
-
-    /* 3. Call the function MontSet to set big number module */
-    ret = ippsMontSet(m, mSz, *mont);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret)));
-        XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        *mont = NULL;
-        return ret;
-    }
-
-    XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return ippStsNoErr;
-}
-
-
-
-int wc_FreeRsaKey(RsaKey* key)
-{
-    if (key == NULL)
-        return 0;
-
-    USER_DEBUG(("Entering wc_FreeRsaKey\n"));
-
-    if (key->pPub != NULL) {
-        XFREE(key->pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pPub = NULL;
-    }
-
-    if (key->pPrv != NULL) {
-        /* write over sensitive information */
-        ForceZero(key->pPrv, key->prvSz);
-        XFREE(key->pPrv, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pPrv = NULL;
-    }
-
-    if (key->n != NULL) {
-        XFREE(key->n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->n = NULL;
-    }
-
-    if (key->e != NULL) {
-        XFREE(key->e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->e = NULL;
-    }
-
-    if (key->dipp != NULL) {
-        XFREE(key->dipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dipp = NULL;
-    }
-
-    if (key->pipp != NULL) {
-        XFREE(key->pipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->pipp = NULL;
-    }
-
-    if (key->qipp != NULL) {
-        XFREE(key->qipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->qipp = NULL;
-    }
-
-    if (key->dPipp != NULL) {
-        XFREE(key->dPipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dPipp = NULL;
-    }
-
-    if (key->dQipp != NULL) {
-        XFREE(key->dQipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->dQipp = NULL;
-    }
-
-    if (key->uipp != NULL) {
-        XFREE(key->uipp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        key->uipp = NULL;
-    }
-
-    USER_DEBUG(("\tExit wc_FreeRsaKey\n"));
-    (void)key;
-
-    return 0;
-}
-
-
-/* Some parsing functions from wolfSSL code needed to match wolfSSL API used */
-static int GetLength(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx)
-{
-    int     length = 0;
-    word32  idx = *inOutIdx;
-    byte    b;
-
-    *len = 0;    /* default length */
-
-    if ((idx + 1) > maxIdx) {   /* for first read */
-        USER_DEBUG(("GetLength bad index on input\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    b = input[idx++];
-    if (b >= 0x80) {
-        word32 bytes = b & 0x7F;
-
-        if ((idx + bytes) > maxIdx) {   /* for reading bytes */
-            USER_DEBUG(("GetLength bad long length\n"));
-            return USER_CRYPTO_ERROR;
-        }
-
-        while (bytes--) {
-            b = input[idx++];
-            length = (length << 8) | b;
-        }
-    }
-    else
-        length = b;
-
-    if ((idx + length) > maxIdx) {   /* for user of length */
-        USER_DEBUG(("GetLength value exceeds buffer length\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    *inOutIdx = idx;
-    if (length > 0)
-        *len = length;
-
-    return length;
-}
-
-static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
-                        word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-    byte   b;
-    int    length;
-
-    if ((idx + 1) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    b = input[idx++];
-    if (b != tag)
-        return USER_CRYPTO_ERROR;
-
-    if (GetLength(input, &idx, &length, maxIdx) < 0)
-        return USER_CRYPTO_ERROR;
-
-    *len      = length;
-    *inOutIdx = idx;
-    return length;
-}
-
-static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
-                     word32 maxIdx)
-{
-    int    ret;
-
-    ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx);
-    if (ret < 0)
-        return ret;
-
-    if (*len > 0) {
-        /* remove leading zero, unless there is only one 0x00 byte */
-        if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
-            (*inOutIdx)++;
-            (*len)--;
-
-            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
-                return USER_CRYPTO_ERROR;
-        }
-    }
-
-    return 0;
-}
-
-static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx,
-                  word32 maxIdx)
-{
-    IppStatus ret;
-    word32 idx = *inOutIdx;
-    int    length;
-    int    ctxSz;
-
-    if (GetASNInt(input, &idx, &length, maxIdx) < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsBigNumGetSize(length, &ctxSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (*mpi == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsBigNumInit(length, *mpi);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)input + idx, length, *mpi);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *inOutIdx = idx + length;
-    return 0;
-}
-
-
-static int GetSequence(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx)
-{
-    int    length = -1;
-    word32 idx    = *inOutIdx;
-
-    if ((idx + 1) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != (0x10 | 0x20) ||
-            GetLength(input, &idx, &length, maxIdx) < 0)
-        return USER_CRYPTO_ERROR;
-
-    *len      = length;
-    *inOutIdx = idx;
-
-    return length;
-}
-
-
-static int GetMyVersion(const byte* input, word32* inOutIdx,
-                               int* version, word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-
-    if ((idx + 3) > maxIdx)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != 0x02)
-        return USER_CRYPTO_ERROR;
-
-    if (input[idx++] != 0x01)
-        return USER_CRYPTO_ERROR;
-
-    *version  = input[idx++];
-    *inOutIdx = idx;
-
-    return *version;
-}
-
-
-int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
-                        word32 inSz)
-{
-    int    version, length;
-    int  ctxSz, pSz, qSz;
-    IppStatus ret;
-
-    if (input == NULL || inOutIdx == NULL || key == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("Entering wc_RsaPrivateKeyDecode\n"));
-
-    /* read in key information */
-    if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-    if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-    key->type = RSA_PRIVATE;
-
-    if (GetInt(&key->n,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->e,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->pipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->qipp,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dPipp, input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->dQipp, input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->uipp,  input, inOutIdx, inSz) < 0 )
-        return USER_CRYPTO_ERROR;
-
-    /* get sizes of IPP BN key states created from input */
-    ret = ippsGetSize_BN(key->n, &key->nSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->e, &key->eSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->sz = key->nSz; /* set modulus size */
-
-    /* convert to size in bits */
-    key->nSz = key->nSz * 8;
-    key->eSz = key->eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* get bn sizes needed for private key set up */
-    ret = ippsGetSize_BN(key->pipp, &pSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsGetSize_BN(key->qipp, &qSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* store sizes needed for creating tmp private keys */
-    ret = ippsGetSize_BN(key->dipp, &key->dSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* convert to size in bits */
-    key->dSz = key->dSz * 8;
-    pSz = pSz * 8;
-    qSz = qSz * 8;
-
-    /* set up private key state */
-    ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->prvSz = ctxSz;
-    key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPrv == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-            key->dQipp, key->uipp, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("\tExit wc_RsaPrivateKeyDecode\n"));
-
-    return 0;
-}
-
-
-int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz)
-{
-    IppStatus ret = 0;
-    int length;
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
-    byte b;
-#endif
-
-    if (input == NULL || inOutIdx == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecode_ex\n"));
-
-    if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-        return USER_CRYPTO_ERROR;
-
-#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
-    if ((*inOutIdx + 1) > inSz)
-        return USER_CRYPTO_ERROR;
-
-    b = input[*inOutIdx];
-    if (b != ASN_INTEGER) {
-        /* not from decoded cert, will have algo id, skip past */
-        if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-
-        b = input[(*inOutIdx)++];
-        if (b != ASN_OBJECT_ID)
-            return USER_CRYPTO_ERROR;
-
-        if (GetLength(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-
-        *inOutIdx += length;   /* skip past */
-
-        /* could have NULL tag and 0 terminator, but may not */
-        b = input[(*inOutIdx)++];
-
-        if (b == ASN_TAG_NULL) {
-            b = input[(*inOutIdx)++];
-            if (b != 0)
-                return USER_CRYPTO_ERROR;
-        }
-        else {
-            /* go back, didn't have it */
-            (*inOutIdx)--;
-        }
-
-        /* should have bit tag length and seq next */
-        b = input[(*inOutIdx)++];
-        if (b != ASN_BIT_STRING)
-            return USER_CRYPTO_ERROR;
-
-        if (GetLength(input, inOutIdx, &length, inSz) <= 0)
-            return USER_CRYPTO_ERROR;
-
-        /* could have 0 */
-        b = input[(*inOutIdx)++];
-        if (b != 0)
-            (*inOutIdx)--;
-
-        if (GetSequence(input, inOutIdx, &length, inSz) < 0)
-            return USER_CRYPTO_ERROR;
-    }
-#endif /* OPENSSL_EXTRA || RSA_DECODE_EXTRA */
-
-    /* Get modulus */
-    ret = GetASNInt(input, inOutIdx, &length, inSz);
-    if (ret < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-    if (nSz)
-        *nSz = length;
-    if (n)
-        *n = &input[*inOutIdx];
-    *inOutIdx += length;
-
-    /* Get exponent */
-    ret = GetASNInt(input, inOutIdx, &length, inSz);
-    if (ret < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-    if (eSz)
-        *eSz = length;
-    if (e)
-        *e = &input[*inOutIdx];
-    *inOutIdx += length;
-
-    USER_DEBUG(("\tExit wc_RsaPublicKeyDecode_ex\n"));
-
-    return ret;
-}
-
-/* read in a public RSA key */
-int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
-                       word32 inSz)
-{
-    IppStatus ret;
-    const byte *n = NULL, *e = NULL;
-    word32 nSz = 0, eSz = 0;
-
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n"));
-
-    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, inSz, &n, &nSz, &e, &eSz);
-    if (ret == 0) {
-        ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key);
-    }
-
-    USER_DEBUG(("\tExit RsaPublicKeyDecode\n"));
-
-    return ret;
-}
-
-/* import RSA public key elements (n, e) into RsaKey structure (key) */
-int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
-                             word32 eSz, RsaKey* key)
-{
-    IppStatus ret;
-    int ctxSz;
-
-    USER_DEBUG(("Entering wc_RsaPublicKeyDecodeRaw\n"));
-
-    if (n == NULL || e == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set up IPP key states -- read in n */
-    ret = init_bn(&key->n, nSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)n, nSz, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* read in e */
-    ret = init_bn(&key->e, eSz);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsSetOctString_BN((Ipp8u*)e, eSz, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* store size and convert to binary */
-    key->sz = nSz;
-    nSz = nSz * 8;
-    eSz = eSz * 8;
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(nSz, eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPublicKey(nSz, eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n,key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    key->nSz = nSz;
-    key->eSz = eSz;
-    key->type = RSA_PUBLIC;
-
-    return 0;
-}
-
-
-/* encrypt using PKCS v15 */
-int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key, WC_RNG* rng)
-{
-    IppStatus ret;
-    Ipp8u* scratchBuffer;
-    int    scratchSz;
-
-    if (key == NULL || in == NULL || out == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (key->pPub == NULL || outLen < key->sz)
-        return USER_CRYPTO_ERROR;
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePublicKey(&scratchSz, key->pPub);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSAEncrypt_PKCSv15((Ipp8u*)in, inLen, NULL, (Ipp8u*)out,
-            key->pPub, scratchBuffer);
-    if (ret != ippStsNoErr) {
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("encrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    (void)rng;
-    return key->sz;
-}
-
-
-/* decrypt using PLCS v15 */
-int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key)
-{
-    IppStatus ret;
-    Ipp8u* scratchBuffer;
-    int    scratchSz;
-    int    outSz;
-
-    if (in == NULL || out == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (key->pPrv == NULL || inLen != key->sz)
-        return USER_CRYPTO_ERROR;
-
-    outSz = outLen;
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv);
-    if (ret != ippStsNoErr) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* perform decryption using IPP */
-    ret = ippsRSADecrypt_PKCSv15((Ipp8u*)in, (Ipp8u*)out, &outSz, key->pPrv,
-            scratchBuffer);
-    if (ret != ippStsNoErr) {
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return outSz;
-}
-
-
-/* out is a pointer that is set to the location in byte array "in" where input
- data has been decrypted */
-int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
-    int outSz;
-    byte* tmp;
-
-    USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n"));
-
-    /* allocate a buffer for max decrypted text */
-    tmp = (byte*)XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (tmp == NULL)
-        return USER_CRYPTO_ERROR;
-
-    outSz = wc_RsaPrivateDecrypt(in, inLen, tmp, key->sz, key);
-    if (outSz >= 0) {
-        XMEMCPY(in, tmp, outSz);
-        *out = in;
-    }
-    else {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return USER_CRYPTO_ERROR;
-    }
-
-    XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    USER_DEBUG(("\tExit wc_RsaPrivateDecryptInline\n"));
-
-    return outSz;
-}
-
-
-/* Used to clean up memory when exiting, clean up memory used */
-static int FreeHelper(IppsBigNumState* pTxt, IppsBigNumState* cTxt,
-        Ipp8u* scratchBuffer, void* pPub)
-{
-    if (pTxt != NULL)
-        XFREE(pTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (cTxt != NULL)
-        XFREE(cTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer != NULL)
-        XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPub != NULL)
-        XFREE(pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return 0;
-}
-
-
-/* for Rsa Verify
-    in : byte array to be verified
-    inLen : length of input array
-    out : pointer to location of in byte array that has been verified
- */
-int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
-{
-
-    int ctxSz;
-    int scratchSz;
-    Ipp8u* scratchBuffer = NULL;
-    IppStatus ret;
-    IppsRSAPrivateKeyState* pPub = NULL;
-    IppsBigNumState* pTxt = NULL;
-    IppsBigNumState* cTxt = NULL;
-
-    USER_DEBUG(("Entering wc_RsaSSL_VerifyInline\n"));
-
-    if (key == NULL || key->n == NULL || key->e == NULL) {
-        USER_DEBUG(("n or e element was null\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (in == NULL || inLen == 0 || out == NULL)
-        return USER_CRYPTO_ERROR;
-
-    /* set up a private key state using public key values */
-    ret = ippsRSA_GetSizePrivateKeyType1(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n",
-                ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    pPub = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPub == NULL)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsRSA_InitPrivateKeyType1(key->nSz, key->eSz, pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsRSA_SetPrivateKeyType1(key->n, key->e, pPub);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n",
-                    ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* set size of scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, pPub);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* load plain and cipher into big num states */
-    ret = init_bn(&pTxt, key->sz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, pTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* set up cipher to hold signature */
-    ret = init_bn(&cTxt, key->sz);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, cTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* decrypt using public key information */
-    ret = ippsRSA_Decrypt(cTxt, pTxt, pPub, scratchBuffer);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* extract big num struct to octet string */
-    ret = ippsGetOctString_BN((Ipp8u*)in, key->sz, pTxt);
-    if (ret != ippStsNoErr) {
-        FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-        USER_DEBUG(("BN get string error of %s\n", ippGetStatusString(ret)));
-        return USER_CRYPTO_ERROR;
-    }
-
-    FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
-
-    /* unpad the decrypted information and return size of array */
-    return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
-}
-
-
-/* sets up and call VerifyInline to verify a signature */
-int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key)
-{
-    int plainLen;
-    byte*  tmp;
-    byte*  pad = 0;
-
-    if (out == NULL || in == NULL || key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_USER_CRYPTO);
-    if (tmp == NULL) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    XMEMCPY(tmp, in, inLen);
-
-    /* verify signature and test if output buffer is large enough */
-    plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key);
-    if (plainLen < 0) {
-        XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        return plainLen;
-    }
-
-    if (plainLen > (int)outLen)
-        plainLen = USER_CRYPTO_ERROR;
-    else
-        XMEMCPY(out, pad, plainLen);
-
-    ForceZero(tmp, inLen);
-    XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    return plainLen;
-}
-
-
-/* Check if a > b , if so c = a mod b
-   return ippStsNoErr on success */
-static IppStatus reduce(IppsBigNumState* a, IppsBigNumState* b,
-        IppsBigNumState* c)
-{
-    IppStatus ret;
-
-    if ((ret = ippsMod_BN(a, b, c)) != ippStsNoErr)
-        return ret;
-
-    return ippStsNoErr;
-}
-
-
-static IppStatus exptmod(IppsBigNumState* a, IppsBigNumState* b,
-        IppsMontState* mont, IppsBigNumState* out, IppsBigNumState* one)
-{
-    IppStatus ret;
-
-    ret = ippsMontForm(a, mont, a);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontForm error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    /* a = a^b mod mont */
-    ret = ippsMontExp(a, b, mont, out);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontExp error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    /* convert back from montgomery */
-    ret = ippsMontMul(out, one, mont, out);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMontMul error of %s\n", ippGetStatusString(ret)));
-        return ret;
-    }
-
-    return ippStsNoErr;
-}
-
-
-static void Free_BN(IppsBigNumState* bn)
-{
-    int sz, ctxSz;
-    IppStatus ret;
-
-    if (bn != NULL) {
-        ret = ippStsNoErr;
-        ret |= ippsGetSize_BN(bn, &sz);
-        ret |= ippsBigNumGetSize(sz, &ctxSz);
-        if (ret == ippStsNoErr) {
-            ForceZero(bn, ctxSz);
-        }
-        else {
-            USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n"));
-        }
-        XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    }
-}
-
-
-/* free up memory used during CRT sign operation */
-static void FreeSignHelper(IppsBigNumState* one, IppsBigNumState* tmp,
-        IppsBigNumState* tmpP, IppsBigNumState* tmpQ, IppsBigNumState* tmpa,
-        IppsBigNumState* tmpb)
-{
-    Free_BN(one);
-    Free_BN(tmp);
-    Free_BN(tmpP);
-    Free_BN(tmpQ);
-    Free_BN(tmpa);
-    Free_BN(tmpb);
-}
-
-
-/* for Rsa Sign */
-int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, WC_RNG* rng)
-{
-    int sz, pSz, qSz;
-    IppStatus ret;
-    word32 outSz;
-
-    IppsMontState* pMont = NULL;
-    IppsMontState* qMont = NULL;
-
-    IppsBigNumState* one  = NULL;
-    IppsBigNumState* tmp  = NULL;
-    IppsBigNumState* tmpP = NULL;
-    IppsBigNumState* tmpQ = NULL;
-    IppsBigNumState* tmpa = NULL;
-    IppsBigNumState* tmpb = NULL;
-
-    IppsBigNumSGN sa, sb;
-
-    Ipp8u o[1];
-    o[0] = 1;
-
-    USER_DEBUG(("Entering wc_RsaSSL_Sign\n"));
-
-    if (in == NULL || out == NULL || key == NULL || rng == NULL) {
-        USER_DEBUG(("Bad argument to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    sz = key->sz;
-
-
-    /* sanity check on key being used */
-    if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL ||
-            key->dPipp == NULL || key->dQipp == NULL) {
-        USER_DEBUG(("Bad key argument to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (sz > (int)outLen) {
-        USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (sz < RSA_MIN_PAD_SZ) {
-        USER_DEBUG(("Key size is too small\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) {
-        USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* Set up needed pkcs v15 padding */
-    if (wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng) != 0) {
-        USER_DEBUG(("RSA Padding error\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmp = input to sign */
-    ret = init_bn(&tmp, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN(out, sz, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSetOctString_BN error of %s\n",
-                                                      ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpP = tmp mod p */
-    ret = init_bn(&tmpP, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpQ = tmp mod q */
-    ret = init_bn(&tmpQ, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpa */
-    ret = init_bn(&tmpa, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpb */
-    ret = init_bn(&tmpb, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* one : used for conversion from Montgomery to classical */
-    ret = init_bn(&one, sz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsSetOctString_BN(o, 1, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSetOctString_BN error of %s\n",
-                    ippGetStatusString(ret)));
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /**
-      Set up Montgomery state
-      */
-    ret = init_mont(&pMont, &pSz, key->pipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
-        if (pMont != NULL) {
-            XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        }
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = init_mont(&qMont, &qSz, key->qipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
-        if (qMont != NULL) {
-            XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        }
-        ForceZero(pMont, pSz);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /**
-      Check and reduce input
-      This is needed for calls to MontExp since required value of a < modulus
-      */
-    ret = reduce(tmp, key->pipp, tmpP);
-    if (ret != ippStsNoErr)
-    {
-        USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = reduce(tmp, key->qipp, tmpQ);
-    if (ret != ippStsNoErr)
-    {
-        USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpa = (tmp mod p)^dP mod p */
-    ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmpb = (tmp mod q)^dQ mod q */
-    ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* tmp = (tmpa - tmpb) * qInv (mod p) */
-    ret = ippsSub_BN(tmpa, tmpb, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    ret = ippsMul_BN(tmp, key->uipp, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* mod performed the same was as wolfSSL fp_mod -- tmpa is just scratch */
-   ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp);
-   if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-   }
-
-    /* Check sign of values and perform conditional add */
-    ret = ippsExtGet_BN(&sa, NULL, NULL, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-    if (sa != sb) {
-        ret = ippsAdd_BN(tmp, key->pipp, tmp);
-        if (ret != ippStsNoErr) {
-            USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret)));
-            ForceZero(pMont, pSz);
-            ForceZero(qMont, qSz);
-            XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-            return USER_CRYPTO_ERROR;
-        }
-    }
-
-    /* tmp = tmpb + q * tmp */
-    ret = ippsMul_BN(tmp, key->qipp, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-
-    ret = ippsAdd_BN(tmp, tmpb, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* Extract the output */
-    ret = ippsGetOctString_BN(out, sz, tmp);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetOctString_BN error of %s\n",
-                    ippGetStatusString(ret)));
-        ForceZero(pMont, pSz);
-        ForceZero(qMont, qSz);
-        XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-        return USER_CRYPTO_ERROR;
-    }
-
-    outSz = sz;
-
-    /* clear memory and free */
-    ForceZero(pMont, pSz);
-    ForceZero(qMont, qSz);
-    XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
-
-    return outSz;
-}
-
-
-int wc_RsaEncryptSize(RsaKey* key)
-{
-    if (key == NULL)
-        return 0;
-
-    return key->sz;
-}
-
-
-/* flatten RsaKey structure into individual elements (e, n) */
-int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
-                           word32* nSz)
-{
-    int sz, bytSz;
-    IppStatus ret;
-
-    USER_DEBUG(("Entering wc_RsaFlattenPublicKey\n"));
-
-    if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
-       return USER_CRYPTO_ERROR;
-
-    bytSz = sizeof(byte) * 8;
-    ret = ippsExtGet_BN(NULL, &sz, NULL, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* sz is in bits change to bytes */
-    sz = (sz / bytSz) + ((sz % bytSz)? 1 : 0);
-
-    if (*eSz < (word32)sz)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(e, sz, key->e);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *eSz = (word32)sz;
-
-    /* flatten n */
-    ret = ippsExtGet_BN(NULL, &sz, NULL, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    /* sz is in bits change to bytes */
-    sz = (sz / bytSz) + ((sz % bytSz)? 1: 0);
-
-    if (*nSz < (word32)sz)
-        return USER_CRYPTO_ERROR;
-
-    ret = ippsGetOctString_BN(n, sz, key->n);
-    if (ret != ippStsNoErr)
-        return USER_CRYPTO_ERROR;
-
-    *nSz = (word32)sz;
-
-    return 0;
-}
-
-
-IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams);
-IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams)
-{
-    int nBytes;
-
-    if (pData == NULL) {
-        USER_DEBUG(("error with wolfSSL_rng argument\n"));
-        return ippStsErr;
-    }
-
-    nBytes = (nBits/8) + ((nBits % 8)? 1: 0);
-    if (wc_RNG_GenerateBlock((WC_RNG*)pEbsParams, (byte*)pData, nBytes) != 0) {
-        USER_DEBUG(("error in generating random wolfSSL block\n"));
-        return ippStsErr;
-    }
-
-    return ippStsNoErr;
-}
-
-
-#ifdef WOLFSSL_KEY_GEN
-/* Make an RSA key for size bits, with e specified, 65537 is a good e */
-int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
-{
-    IppStatus ret;
-    int scratchSz;
-    int i; /* for tries on calling make key */
-    int ctxSz;
-
-    IppsBigNumState* pSrcPublicExp = NULL;
-    Ipp8u* scratchBuffer = NULL;
-    Ipp8u  eAry[8];
-    int trys = 8; /* Miller-Rabin test parameter */
-    IppsPrimeState* pPrime = NULL;
-
-    int qBitSz; /* size of q factor */
-    int bytSz; /* size of key in bytes */
-    int leng;
-
-    USER_DEBUG(("Entering wc_MakeRsaKey\n"));
-
-    /* get byte size and individual private key size -- round up */
-    qBitSz = (size / 2) + ((size % 2)? 1: 0);
-    bytSz  = (size / 8) + ((size % 8)? 1: 0);
-
-    if (key == NULL || rng == NULL) {
-        USER_DEBUG(("Error, NULL argument passed in\n"));
-        return USER_CRYPTO_ERROR;
-    }
-
-    if (e < 3 || (e&1) == 0)
-        return USER_CRYPTO_ERROR;
-
-    if (size > RSA_MAX_SIZE || size < RSA_MIN_SIZE)
-        return USER_CRYPTO_ERROR;
-
-    key->type = RSA_PRIVATE;
-    key->sz   = bytSz;
-
-    /* initialize prime number */
-    ret = ippsPrimeGetSize(size, &ctxSz); /* size in bits */
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsPrimeGetSize error of %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    pPrime = (IppsPrimeState*)XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (pPrime == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsPrimeInit(size, pPrime);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsPrimeInit error of %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* define RSA privete key type 2 */
-    /* length in bits of p and q factors */
-    ret = ippsRSA_GetSizePrivateKeyType2(qBitSz, qBitSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePrivateKeyType2 error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    key->prvSz = ctxSz; /* used when freeing private key */
-    key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPrv == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* length in bits of p and q factors */
-    ret = ippsRSA_InitPrivateKeyType2(qBitSz, qBitSz, key->pPrv, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPrivateKeyType2 error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* allocate scratch buffer */
-    ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetBufferSizePrivateKey error of %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    scratchBuffer = (Ipp8u*)XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (scratchBuffer == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up initial value of pScrPublicExp */
-    leng = (int)sizeof(long); /* # of Ipp32u in long */
-
-    /* place the value of e into the array eAry then load into BN */
-    for (i = 0; i < leng; i++) {
-        eAry[i] = (e >> (8 * (leng - 1 - i))) & 0XFF;
-    }
-    ret = init_bn(&pSrcPublicExp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsSetOctString_BN(eAry, leng, pSrcPublicExp);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* initializing key->n */
-    ret = init_bn(&key->n, bytSz);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* initializing public exponent key->e */
-    ret = init_bn(&key->e, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* private exponent key->dipp */
-    ret = init_bn(&key->dipp, bytSz);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* call IPP to generate keys, if insufficient entropy error call again */
-    ret = ippStsInsufficientEntropy;
-    while (ret == ippStsInsufficientEntropy) {
-        ret = ippsRSA_GenerateKeys(pSrcPublicExp, key->n, key->e,
-                key->dipp, key->pPrv, scratchBuffer, trys, pPrime,
-                wolfSSL_rng, rng);
-        if (ret == ippStsNoErr) {
-            break;
-        }
-
-        /* catch all errors other than entropy error */
-        if (ret != ippStsInsufficientEntropy) {
-            USER_DEBUG(("ippsRSA_GeneratKeys error of %s\n",
-                    ippGetStatusString(ret)));
-            ret = USER_CRYPTO_ERROR;
-            goto makeKeyEnd;
-        }
-    }
-
-    /* get bn sizes needed for private key set up */
-    ret = ippsExtGet_BN(NULL, &key->eSz, NULL, key->e);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsExtGet_BN(NULL, &key->nSz, NULL, key->n);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up public key state */
-    ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetSizePublicKey error %s nSz = %d eSz = %d\n",
-                ippGetStatusString(ret), key->nSz, key->eSz));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-    if (key->pPub == NULL) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_InitPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_SetPublicKey error %s\n",
-                    ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* get private key information for key struct */
-    leng = size/16; /* size of q, p, u, dP, dQ */
-    ret = init_bn(&key->pipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up q BN for key */
-    ret = init_bn(&key->qipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up dP BN for key */
-    ret = init_bn(&key->dPipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up dQ BN for key */
-    ret = init_bn(&key->dQipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* set up u BN for key */
-    ret = init_bn(&key->uipp, leng);
-    if (ret != ippStsNoErr) {
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-
-    /* get values from created key */
-    ret = ippsRSA_GetPrivateKeyType2(key->pipp, key->qipp, key->dPipp,
-            key->dQipp, key->uipp, key->pPrv);
-    if (ret != ippStsNoErr) {
-        USER_DEBUG(("ippsRSA_GetPrivateKeyType2 error %s\n",
-                ippGetStatusString(ret)));
-        ret = USER_CRYPTO_ERROR;
-        goto makeKeyEnd;
-    }
-    ret = 0; /* success case */
-
-makeKeyEnd:
-    /* clean up memory used */
-    XFREE(pSrcPublicExp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(pPrime, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-
-    if (ret != 0) { /* with fail case free RSA components created */
-        wc_FreeRsaKey(key);
-    }
-
-    return ret;
-}
-
-#endif
-
-#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)
-
-/********** duplicate code needed -- future refactor */
-#define MAX_VERSION_SZ 5
-#define MAX_SEQ_SZ 5
-#define ASN_CONTEXT_SPECIFIC 0x80
-#define ASN_CONSTRUCTED 0x20
-#define ASN_LONG_LENGTH 0x80
-#define ASN_SEQUENCE 0x10
-#define RSA_INTS 8
-#define FALSE 0
-#define TRUE 1
-
-#define MAX_LENGTH_SZ 4
-#define RSAk 645
-#define keyType 2
-#define MAX_RSA_INT_SZ 517
-#define MAX_RSA_E_SZ 16
-#define MAX_ALGO_SZ 20
-
-static word32 BytePrecision(word32 value)
-{
-    word32 i;
-    for (i = sizeof(value); i; --i)
-        if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
-            break;
-
-    return i;
-}
-
-
-static int SetMyVersion(word32 version, byte* output, int header)
-{
-    int i = 0;
-
-    if (output == NULL)
-        return USER_CRYPTO_ERROR;
-
-    if (header) {
-        output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
-        output[i++] = ASN_BIT_STRING;
-    }
-    output[i++] = ASN_INTEGER;
-    output[i++] = 0x01;
-    output[i++] = (byte)version;
-
-    return i;
-}
-
-
-static word32 SetLength(word32 length, byte* output)
-{
-    word32 i = 0, j;
-
-    if (length < 0x80)
-        output[i++] = (byte)length;
-    else {
-        output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
-
-        for (j = BytePrecision(length); j; --j) {
-            output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
-            i++;
-        }
-    }
-
-    return i;
-}
-
-
-static word32 SetSequence(word32 len, byte* output)
-{
-    output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED;
-    return SetLength(len, output + 1) + 1;
-}
-
-
-static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
-{
-    /* adding TAG_NULL and 0 to end */
-
-    /* RSA keyType */
-    #ifndef NO_RSA
-        static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
-                                            0x01, 0x01, 0x01, 0x05, 0x00};
-    #endif /* NO_RSA */
-
-    int    algoSz = 0;
-    int    tagSz  = 2;   /* tag null and terminator */
-    word32 idSz, seqSz;
-    const  byte* algoName = 0;
-    byte ID_Length[MAX_LENGTH_SZ];
-    byte seqArray[MAX_SEQ_SZ + 1];  /* add object_id to end */
-
-    if (type == keyType) {    /* keyType */
-        switch (algoOID) {
-        #ifndef NO_RSA
-            case RSAk:
-                algoSz = sizeof(RSA_AlgoID);
-                algoName = RSA_AlgoID;
-                break;
-        #endif /* NO_RSA */
-        default:
-            /* unknown key algo */
-            return 0;
-        }
-    }
-    else {
-        /* unknown algo type */
-        return 0;
-    }
-
-    idSz  = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */
-    seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray);
-                 /* +1 for object id, curveID of curveSz follows for ecc */
-    seqArray[seqSz++] = ASN_OBJECT_ID;
-
-    XMEMCPY(output, seqArray, seqSz);
-    XMEMCPY(output + seqSz, ID_Length, idSz);
-    XMEMCPY(output + seqSz + idSz, algoName, algoSz);
-
-    return seqSz + idSz + algoSz;
-
-}
-
-
-/* Write a public RSA key to output */
-static int SetRsaPublicKey(byte* output, RsaKey* key,
-                           int outLen, int with_header)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte* n = NULL;
-    byte* e = NULL;
-#else
-    byte n[MAX_RSA_INT_SZ];
-    byte e[MAX_RSA_E_SZ];
-#endif
-    byte seq[MAX_SEQ_SZ];
-    byte len[MAX_LENGTH_SZ + 1];  /* trailing 0 */
-    int  nSz;
-    int  eSz;
-    int  seqSz;
-    int  lenSz;
-    int  idx;
-    int  rawLen;
-    int  leadingBit;
-    int  err;
-
-    if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ)
-        return USER_CRYPTO_ERROR;
-
-    /* n */
-#ifdef WOLFSSL_SMALL_STACK
-    n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (n == NULL)
-        return USER_CRYPTO_ERROR;
-#endif
-
-    leadingBit = wc_Rsa_leading_bit(key->n);
-    rawLen = wc_Rsa_unsigned_bin_size(key->n);
-    if ((int)rawLen < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    rawLen = rawLen + leadingBit;
-    n[0] = ASN_INTEGER;
-    nSz  = SetLength(rawLen, n + 1) + 1;  /* int tag */
-
-    if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
-        if (leadingBit)
-            n[nSz] = 0;
-        err = ippsGetOctString_BN((Ipp8u*)n + nSz, rawLen - leadingBit, key->n);
-        if (err == ippStsNoErr)
-            nSz += rawLen;
-        else {
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-            return USER_CRYPTO_ERROR;
-        }
-    }
-    else {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* e */
-#ifdef WOLFSSL_SMALL_STACK
-    e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    if (e == NULL) {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-#endif
-
-    leadingBit = wc_Rsa_leading_bit(key->e);
-    rawLen = wc_Rsa_unsigned_bin_size(key->e);
-    if ((int)rawLen < 0) {
-        return USER_CRYPTO_ERROR;
-    }
-
-    rawLen = rawLen + leadingBit;
-    e[0] = ASN_INTEGER;
-    eSz  = SetLength(rawLen, e + 1) + 1;  /* int tag */
-
-    if ( (eSz + rawLen) < MAX_RSA_E_SZ) {
-        if (leadingBit)
-            e[eSz] = 0;
-        err = ippsGetOctString_BN((Ipp8u*)e + eSz, rawLen - leadingBit, key->e);
-        if (err == ippStsNoErr)
-            eSz += rawLen;
-        else {
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-            return USER_CRYPTO_ERROR;
-        }
-    }
-    else {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    seqSz  = SetSequence(nSz + eSz, seq);
-
-    /* check output size */
-    if ( (seqSz + nSz + eSz) > outLen) {
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-        return USER_CRYPTO_ERROR;
-    }
-
-    /* headers */
-    if (with_header) {
-        int  algoSz;
-#ifdef WOLFSSL_SMALL_STACK
-        byte* algo;
-
-        algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        if (algo == NULL) {
-            XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            return USER_CRYPTO_ERROR;
-        }
-#else
-        byte algo[MAX_ALGO_SZ];
-#endif
-        algoSz = SetAlgoID(RSAk, algo, keyType, 0);
-        lenSz  = SetLength(seqSz + nSz + eSz + 1, len);
-        len[lenSz++] = 0;   /* trailing 0 */
-
-        /* write, 1 is for ASN_BIT_STRING */
-        idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output);
-
-        /* check output size */
-        if ( (idx + algoSz + 1 + lenSz + seqSz + nSz + eSz) > outLen) {
-            #ifdef WOLFSSL_SMALL_STACK
-                XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-                XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-                XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-            #endif
-
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* algo */
-        XMEMCPY(output + idx, algo, algoSz);
-        idx += algoSz;
-        /* bit string */
-        output[idx++] = ASN_BIT_STRING;
-        /* length */
-        XMEMCPY(output + idx, len, lenSz);
-        idx += lenSz;
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-    }
-    else
-        idx = 0;
-
-    /* seq */
-    XMEMCPY(output + idx, seq, seqSz);
-    idx += seqSz;
-    /* n */
-    XMEMCPY(output + idx, n, nSz);
-    idx += nSz;
-    /* e */
-    XMEMCPY(output + idx, e, eSz);
-    idx += eSz;
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(n,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-    XFREE(e,    NULL, DYNAMIC_TYPE_USER_CRYPTO);
-#endif
-
-    return idx;
-}
-
-
-static IppsBigNumState* GetRsaInt(RsaKey* key, int idx)
-{
-    if (idx == 0)
-        return key->n;
-    if (idx == 1)
-        return key->e;
-    if (idx == 2)
-        return key->dipp;
-    if (idx == 3)
-        return key->pipp;
-    if (idx == 4)
-        return key->qipp;
-    if (idx == 5)
-        return key->dPipp;
-    if (idx == 6)
-        return key->dQipp;
-    if (idx == 7)
-        return key->uipp;
-
-    return NULL;
-}
-
-
-/* Release Tmp RSA resources */
-static WC_INLINE void FreeTmpRsas(byte** tmps, void* heap)
-{
-    int i;
-
-    (void)heap;
-
-    for (i = 0; i < RSA_INTS; i++)
-        XFREE(tmps[i], heap, DYNAMIC_TYPE_USER_CRYPTO);
-}
-
-
-/* Convert RsaKey key to DER format, write to output (inLen), return bytes
-   written */
-int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
-{
-    word32 seqSz, verSz, rawLen, intTotalLen = 0;
-    word32 sizes[RSA_INTS];
-    int    i, j, outLen, ret = 0, lbit;
-
-    byte  seq[MAX_SEQ_SZ];
-    byte  ver[MAX_VERSION_SZ];
-    byte* tmps[RSA_INTS];
-
-    USER_DEBUG(("Entering RsaKeyToDer\n"));
-
-    if (!key)
-        return USER_CRYPTO_ERROR;
-
-    if (key->type != RSA_PRIVATE)
-        return USER_CRYPTO_ERROR;
-
-    for (i = 0; i < RSA_INTS; i++)
-        tmps[i] = NULL;
-
-    /* write all big ints from key to DER tmps */
-    for (i = 0; i < RSA_INTS; i++) {
-        Ipp32u isZero;
-        IppsBigNumState* keyInt = GetRsaInt(key, i);
-
-        ippsCmpZero_BN(keyInt, &isZero); /* makes isZero 0 if true */
-        rawLen = wc_Rsa_unsigned_bin_size(keyInt);
-        if ((int)rawLen < 0) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* leading zero */
-        if (!isZero || wc_Rsa_leading_bit(keyInt))
-            lbit = 1;
-        else
-            lbit = 0;
-
-        rawLen += lbit;
-
-        tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
-                                                      DYNAMIC_TYPE_USER_CRYPTO);
-        if (tmps[i] == NULL) {
-            ret = USER_CRYPTO_ERROR;
-            break;
-        }
-
-        tmps[i][0] = ASN_INTEGER;
-        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
-
-        if (sizes[i] <= MAX_SEQ_SZ) {
-            int err;
-
-            /* leading zero */
-            if (lbit)
-                tmps[i][sizes[i]-1] = 0x00;
-
-            /* extract data*/
-            err = ippsGetOctString_BN((Ipp8u*)(tmps[i] + sizes[i]),
-                    rawLen - lbit, keyInt);
-            if (err == ippStsOk) {
-                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
-                intTotalLen += sizes[i];
-                ret = 0;
-            }
-            else {
-                ret = USER_CRYPTO_ERROR;
-                USER_DEBUG(("ippsGetOctString_BN error %s\n",
-                                                      ippGetStatusString(err)));
-                break;
-            }
-        }
-        else {
-            ret = USER_CRYPTO_ERROR;
-            break;
-        }
-    }
-
-    if (ret != 0) {
-        FreeTmpRsas(tmps, key->heap);
-        return ret;
-    }
-
-    /* make headers */
-    verSz = SetMyVersion(0, ver, FALSE);
-    seqSz = SetSequence(verSz + intTotalLen, seq);
-
-    outLen = seqSz + verSz + intTotalLen;
-    if (output) {
-        if (outLen > (int)inLen) {
-            return USER_CRYPTO_ERROR;
-        }
-
-        /* write to output */
-        XMEMCPY(output, seq, seqSz);
-        j = seqSz;
-        XMEMCPY(output + j, ver, verSz);
-        j += verSz;
-
-        for (i = 0; i < RSA_INTS; i++) {
-            XMEMCPY(output + j, tmps[i], sizes[i]);
-            j += sizes[i];
-        }
-    }
-    FreeTmpRsas(tmps, key->heap);
-
-    return outLen;
-}
-
-
-/* Convert Rsa Public key to DER format, write to output (inLen), return bytes
-   written
-*/
-int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
-{
-    return SetRsaPublicKey(output, key, inLen, 1);
-}
-
-/* Returns public DER version of the RSA key. If with_header is 0 then only a
- * seq + n + e is returned in ASN.1 DER format */
-int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
-    int with_header)
-{
-    return SetRsaPublicKey(output, key, inLen, with_header);
-}
-
-#endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */
-
-#ifdef WC_RSA_BLINDING
-
-int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
-{
-    if (key == NULL)
-        return USER_CRYPTO_ERROR;
-
-    (void)rng;
-
-    return 0;
-}
-
-#endif /* WC_RSA_BLINDING */
-
-#endif /* NO_RSA */
-
diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj
new file mode 100644
index 000000000..7c011bbc7
--- /dev/null
+++ b/wolfssl-VS2022.vcxproj
@@ -0,0 +1,578 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{12226DBE-7278-4DFA-A119-5A0294CF0B33}</ProjectGuid>
+    <RootNamespace>wolfssl</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectName>wolfssl</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="src\crl.c" />
+    <ClCompile Include="src\dtls13.c" />
+    <ClCompile Include="src\dtls.c" />
+    <ClCompile Include="src\internal.c" />
+    <ClCompile Include="src\wolfio.c" />
+    <ClCompile Include="src\keys.c" />
+    <ClCompile Include="src\ocsp.c" />
+    <ClCompile Include="src\ssl.c" />
+    <ClCompile Include="src\tls.c" />
+    <ClCompile Include="src\tls13.c" />
+    <ClCompile Include="wolfcrypt\src\aes.c" />
+    <ClCompile Include="wolfcrypt\src\arc4.c" />
+    <ClCompile Include="wolfcrypt\src\asn.c" />
+    <ClCompile Include="wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="wolfcrypt\src\camellia.c" />
+    <ClCompile Include="wolfcrypt\src\chacha.c" />
+    <ClCompile Include="wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="wolfcrypt\src\cmac.c" />
+    <ClCompile Include="wolfcrypt\src\coding.c" />
+    <ClCompile Include="wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="wolfcrypt\src\curve448.c" />
+    <ClCompile Include="wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="wolfcrypt\src\des3.c" />
+    <ClCompile Include="wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="wolfcrypt\src\dh.c" />
+    <ClCompile Include="wolfcrypt\src\dsa.c" />
+    <ClCompile Include="wolfcrypt\src\ecc.c" />
+    <ClCompile Include="wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="wolfcrypt\src\ed448.c" />
+    <ClCompile Include="wolfcrypt\src\error.c" />
+    <ClCompile Include="wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\falcon.c" />
+    <ClCompile Include="wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="wolfcrypt\src\hash.c" />
+    <ClCompile Include="wolfcrypt\src\hmac.c" />
+    <ClCompile Include="wolfcrypt\src\integer.c" />
+    <ClCompile Include="wolfcrypt\src\kdf.c" />
+    <ClCompile Include="wolfcrypt\src\wc_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\wc_kyber_poly.c" />
+    <ClCompile Include="wolfcrypt\src\logging.c" />
+    <ClCompile Include="wolfcrypt\src\md2.c" />
+    <ClCompile Include="wolfcrypt\src\md4.c" />
+    <ClCompile Include="wolfcrypt\src\md5.c" />
+    <ClCompile Include="wolfcrypt\src\memory.c" />
+    <ClCompile Include="wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="wolfcrypt\src\random.c" />
+    <ClCompile Include="wolfcrypt\src\rc2.c" />
+    <ClCompile Include="wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="wolfcrypt\src\rsa.c" />
+    <ClCompile Include="wolfcrypt\src\sha.c" />
+    <ClCompile Include="wolfcrypt\src\sha256.c" />
+    <ClCompile Include="wolfcrypt\src\sha3.c" />
+    <ClCompile Include="wolfcrypt\src\sha512.c" />
+    <ClCompile Include="wolfcrypt\src\signature.c" />
+    <ClCompile Include="wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="wolfcrypt\src\srp.c" />
+    <ClCompile Include="wolfcrypt\src\tfm.c" />
+    <ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="wolfcrypt\src\port\liboqs\liboqs.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <CustomBuild Include="wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <ClInclude Include="IDE\WIN\user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="wolfssl.rc">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
+    </ResourceCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfssl.rc b/wolfssl.rc
index d9a8b919c..b9d1537e2 100644
Binary files a/wolfssl.rc and b/wolfssl.rc differ
diff --git a/wolfssl.vcproj b/wolfssl.vcproj
index f9b5e87d0..8f07d8bf1 100644
--- a/wolfssl.vcproj
+++ b/wolfssl.vcproj
@@ -199,6 +199,10 @@
 				RelativePath=".\wolfcrypt\src\aes_asm.asm"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\aes_gcm_asm.asm"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\arc4.c"
 				>
@@ -227,6 +231,10 @@
 				RelativePath=".\wolfcrypt\src\chacha.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\chacha_asm.asm"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\chacha20_poly1305.c"
 				>
@@ -235,6 +243,10 @@
 				RelativePath=".\wolfcrypt\src\des3.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\dilithium.c"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\dh.c"
 				>
@@ -251,6 +263,14 @@
 				RelativePath=".\wolfcrypt\src\error.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\ext_kyber.c"
+				>
+			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\falcon.c"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\fe_low_mem.c"
 				>
@@ -279,6 +299,14 @@
 				RelativePath=".\wolfcrypt\src\integer.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\wc_kyber.c"
+				>
+			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\wc_kyber_poly.c"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\logging.c"
 				>
@@ -311,6 +339,10 @@
 				RelativePath=".\wolfcrypt\src\poly1305.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\poly1305_asm.asm"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\pwdbased.c"
 				>
@@ -343,6 +375,10 @@
 				RelativePath=".\wolfcrypt\src\sha512.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\sphincs.c"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\sp_c32.c"
 				>
@@ -391,6 +427,10 @@
 				RelativePath=".\wolfcrypt\src\wolfevent.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\port\liboqs\liboqs.c"
+				>
+			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index b5e9b0765..23c57b17a 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{73973223-5EE8-41CA-8E88-1D60E89A237B}</ProjectGuid>
@@ -63,6 +79,18 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
@@ -83,6 +111,16 @@
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -120,6 +158,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -128,6 +170,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -136,6 +182,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -144,6 +194,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -211,6 +265,39 @@
       <OptimizeReferences>false</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
+  </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
@@ -274,6 +361,38 @@
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
+  </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="src\crl.c" />
@@ -301,12 +420,15 @@
     <ClCompile Include="wolfcrypt\src\cpuid.c" />
     <ClCompile Include="wolfcrypt\src\cryptocb.c" />
     <ClCompile Include="wolfcrypt\src\des3.c" />
+    <ClCompile Include="wolfcrypt\src\dilithium.c" />
     <ClCompile Include="wolfcrypt\src\dh.c" />
     <ClCompile Include="wolfcrypt\src\dsa.c" />
     <ClCompile Include="wolfcrypt\src\ecc.c" />
     <ClCompile Include="wolfcrypt\src\ed25519.c" />
     <ClCompile Include="wolfcrypt\src\ed448.c" />
     <ClCompile Include="wolfcrypt\src\error.c" />
+    <ClCompile Include="wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\falcon.c" />
     <ClCompile Include="wolfcrypt\src\fe_448.c" />
     <ClCompile Include="wolfcrypt\src\fe_low_mem.c" />
     <ClCompile Include="wolfcrypt\src\fe_operations.c" />
@@ -317,6 +439,8 @@
     <ClCompile Include="wolfcrypt\src\hmac.c" />
     <ClCompile Include="wolfcrypt\src\integer.c" />
     <ClCompile Include="wolfcrypt\src\kdf.c" />
+    <ClCompile Include="wolfcrypt\src\wc_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\wc_kyber_poly.c" />
     <ClCompile Include="wolfcrypt\src\logging.c" />
     <ClCompile Include="wolfcrypt\src\md2.c" />
     <ClCompile Include="wolfcrypt\src\md4.c" />
@@ -335,6 +459,7 @@
     <ClCompile Include="wolfcrypt\src\sha3.c" />
     <ClCompile Include="wolfcrypt\src\sha512.c" />
     <ClCompile Include="wolfcrypt\src\signature.c" />
+    <ClCompile Include="wolfcrypt\src\sphincs.c" />
     <ClCompile Include="wolfcrypt\src\sp_c32.c" />
     <ClCompile Include="wolfcrypt\src\sp_c64.c" />
     <ClCompile Include="wolfcrypt\src\sp_int.c" />
@@ -346,6 +471,7 @@
     <ClCompile Include="wolfcrypt\src\wc_port.c" />
     <ClCompile Include="wolfcrypt\src\wolfmath.c" />
     <ClCompile Include="wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="wolfcrypt\src\port\liboqs\liboqs.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h" />
@@ -377,6 +503,48 @@
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
     </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
     <CustomBuild Include="wolfcrypt\src\sp_x86_64_asm.asm">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
@@ -399,6 +567,8 @@
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
     </ResourceCompile>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h
index bf996fad6..a75e48372 100644
--- a/wolfssl/callbacks.h
+++ b/wolfssl/callbacks.h
@@ -1,6 +1,6 @@
 /* callbacks.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,7 +36,7 @@ enum { /* CALLBACK CONSTANTS */
     MAX_CIPHERNAME_SZ     =  24,
     MAX_TIMEOUT_NAME_SZ   =  24,
     MAX_PACKETS_HANDSHAKE =  14,       /* 12 for client auth plus 2 alerts */
-    MAX_VALUE_SZ          = 128,       /* all handshake packets but Cert should
+    MAX_VALUE_SZ          = 128        /* all handshake packets but Cert should
                                           fit here  */
 };
 
diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h
index 09ed4b123..37e8da844 100644
--- a/wolfssl/certs_test.h
+++ b/wolfssl/certs_test.h
@@ -100,9 +100,9 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024);
 static const unsigned char client_cert_der_1024[] =
 {
         0x30, 0x82, 0x04, 0x18, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0xF2, 0xEA, 0x44, 0x08,
-        0xB5, 0x12, 0x30, 0xA0, 0x96, 0x93, 0xD1, 0xD1, 0x7F, 0xE1,
-        0xEC, 0x49, 0x75, 0x9B, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x09, 0x1D, 0x03, 0x41, 0x8B,
+        0x92, 0xBD, 0x2A, 0x2A, 0x1C, 0x77, 0xE0, 0x13, 0xA8, 0x3D,
+        0xF0, 0x33, 0xDA, 0x7F, 0x72, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -120,10 +120,10 @@ static const unsigned char client_cert_der_1024[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -180,8 +180,8 @@ static const unsigned char client_cert_der_1024[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x59, 0xF2, 0xEA, 0x44, 0x08, 0xB5, 0x12, 0x30, 0xA0, 0x96,
-        0x93, 0xD1, 0xD1, 0x7F, 0xE1, 0xEC, 0x49, 0x75, 0x9B, 0xA2,
+        0x09, 0x1D, 0x03, 0x41, 0x8B, 0x92, 0xBD, 0x2A, 0x2A, 0x1C,
+        0x77, 0xE0, 0x13, 0xA8, 0x3D, 0xF0, 0x33, 0xDA, 0x7F, 0x72,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -191,20 +191,20 @@ static const unsigned char client_cert_der_1024[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
-        0x03, 0x81, 0x81, 0x00, 0x45, 0x63, 0x6F, 0xF9, 0xED, 0xF4,
-        0x12, 0x3C, 0x3C, 0xC5, 0x2C, 0x51, 0x08, 0x94, 0x61, 0x7E,
-        0x08, 0xE8, 0x32, 0x46, 0x2B, 0x22, 0x02, 0xD0, 0xE8, 0x2B,
-        0xA4, 0x23, 0x15, 0x48, 0x47, 0x87, 0x5D, 0x72, 0xAB, 0x38,
-        0xD5, 0x34, 0xB9, 0xFC, 0xF4, 0x86, 0x93, 0x49, 0x95, 0xD8,
-        0x81, 0x32, 0x1C, 0x21, 0xE3, 0xEF, 0xB8, 0x40, 0xC5, 0x87,
-        0x02, 0xE8, 0x28, 0xAA, 0x54, 0x93, 0x2D, 0x8A, 0xE9, 0x1E,
-        0xDD, 0x5D, 0x11, 0xF8, 0xBF, 0xCA, 0x4E, 0x33, 0x20, 0x56,
-        0x4E, 0x6F, 0x53, 0xBB, 0x79, 0xB0, 0xDA, 0x65, 0xA1, 0x4B,
-        0x9F, 0xC8, 0x55, 0xFA, 0x53, 0x26, 0x84, 0xC6, 0x1E, 0x0A,
-        0x5E, 0x7A, 0x6E, 0xF2, 0x2D, 0x2A, 0x81, 0xA5, 0xD0, 0x2B,
-        0xEC, 0xD5, 0x8E, 0xB9, 0xF0, 0xC7, 0x57, 0xD7, 0xD6, 0x14,
-        0x1A, 0x3B, 0xDC, 0x09, 0x41, 0xB4, 0x9D, 0x0D, 0x72, 0x20,
-        0x44, 0x79
+        0x03, 0x81, 0x81, 0x00, 0x9A, 0x1C, 0x8F, 0xC4, 0xBD, 0x54,
+        0xDA, 0x63, 0xA7, 0xF8, 0xBA, 0x39, 0xB6, 0x64, 0x60, 0x9D,
+        0xBA, 0xA5, 0xFC, 0x43, 0xF5, 0x57, 0x28, 0x31, 0x43, 0x09,
+        0x4C, 0x03, 0x4C, 0xB8, 0xC3, 0x49, 0x2B, 0x4E, 0xBF, 0xF2,
+        0x9B, 0x13, 0x4E, 0x37, 0x1E, 0xA1, 0x57, 0xC6, 0x0C, 0x7B,
+        0x2C, 0x25, 0x19, 0x37, 0x9F, 0x06, 0x53, 0xEF, 0x8D, 0xD1,
+        0xBA, 0xC0, 0x73, 0x6E, 0x7F, 0xC2, 0x0B, 0x46, 0x5F, 0x9B,
+        0x56, 0xBB, 0x59, 0x19, 0x5C, 0xC9, 0xEE, 0xEA, 0x02, 0xDA,
+        0x03, 0x2C, 0xFB, 0x29, 0xB6, 0x07, 0xDD, 0x55, 0xB7, 0xE9,
+        0xCE, 0x60, 0x47, 0xE0, 0x6B, 0x44, 0x5A, 0x61, 0x74, 0x5C,
+        0x96, 0xF6, 0x30, 0xD8, 0x1B, 0xA4, 0x15, 0x5E, 0x06, 0xC5,
+        0x73, 0x4B, 0x8A, 0x4D, 0x94, 0x23, 0x13, 0x1B, 0x3F, 0xDB,
+        0x67, 0xCA, 0xA7, 0xA6, 0x41, 0xC5, 0x28, 0x0F, 0xFD, 0x2E,
+        0x0E, 0xF0
 };
 static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
 
@@ -418,9 +418,9 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024);
 static const unsigned char ca_cert_der_1024[] =
 {
         0x30, 0x82, 0x04, 0x09, 0x30, 0x82, 0x03, 0x72, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3,
-        0xA8, 0x2A, 0xD8, 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7,
-        0xD4, 0x59, 0x07, 0xAA, 0xDD, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A,
+        0x25, 0x8F, 0x1B, 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF,
+        0xFF, 0x9D, 0x43, 0x29, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -438,9 +438,9 @@ static const unsigned char ca_cert_der_1024[] =
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
         0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
         0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D,
-        0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30,
-        0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x30, 0x81,
+        0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31,
+        0x34, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x30, 0x81,
         0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
         0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
         0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
@@ -496,9 +496,9 @@ static const unsigned char ca_cert_der_1024[] =
         0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
         0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
         0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3,
-        0xA8, 0x2A, 0xD8, 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7,
-        0xD4, 0x59, 0x07, 0xAA, 0xDD, 0x30, 0x0C, 0x06, 0x03, 0x55,
+        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A,
+        0x25, 0x8F, 0x1B, 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF,
+        0xFF, 0x9D, 0x43, 0x29, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55,
         0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
         0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13,
         0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E,
@@ -507,20 +507,20 @@ static const unsigned char ca_cert_der_1024[] =
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
         0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
-        0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x70,
-        0x7D, 0x83, 0x94, 0xD0, 0xEE, 0xE1, 0x19, 0x8B, 0x17, 0xCA,
-        0x79, 0x87, 0x12, 0x5B, 0x7F, 0x70, 0xA3, 0x51, 0x20, 0x4F,
-        0x21, 0x99, 0x71, 0x69, 0x21, 0x28, 0x55, 0x61, 0x70, 0x85,
-        0x54, 0x21, 0xA9, 0x70, 0xA2, 0xA9, 0x12, 0xDB, 0x44, 0x11,
-        0x44, 0xE7, 0x41, 0x00, 0x70, 0x80, 0xB5, 0x37, 0x0C, 0x7E,
-        0x78, 0x8F, 0x88, 0x64, 0xBC, 0xE5, 0xC0, 0x44, 0xA7, 0xA5,
-        0x3D, 0xDB, 0x62, 0xC4, 0xD6, 0xCD, 0xAA, 0x4B, 0xAC, 0xFB,
-        0x01, 0x46, 0xBB, 0xEC, 0xCB, 0x6F, 0x01, 0x67, 0xB4, 0x65,
-        0xF3, 0x5E, 0x53, 0x39, 0x64, 0x99, 0x9B, 0x68, 0x80, 0x14,
-        0x91, 0xA4, 0xA4, 0xEB, 0x04, 0xF3, 0x76, 0x9A, 0x7D, 0xB4,
-        0x38, 0x05, 0x9C, 0xA5, 0xE0, 0xBC, 0x7E, 0xD9, 0xD2, 0xD3,
-        0xD4, 0xE8, 0xC3, 0x9F, 0x38, 0x4B, 0x6C, 0x29, 0x94, 0xBE,
-        0x35, 0xBD, 0x30, 0x1F, 0xB5, 0xB7, 0x3D
+        0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x09,
+        0xC6, 0xDA, 0xFE, 0x2A, 0x45, 0x83, 0x9E, 0x8B, 0x66, 0xCF,
+        0x63, 0x1F, 0x11, 0xCB, 0xD9, 0xB4, 0xEB, 0xB0, 0x97, 0x3D,
+        0x33, 0xD4, 0xB9, 0x27, 0x56, 0x46, 0x14, 0x3C, 0xFE, 0x2B,
+        0xB2, 0x36, 0x6E, 0x38, 0x7F, 0x08, 0xF5, 0x37, 0x3C, 0xF2,
+        0xA2, 0x6A, 0x8A, 0xC7, 0xA0, 0xBE, 0x0F, 0xAC, 0xDD, 0xF4,
+        0xF0, 0x97, 0xB3, 0x03, 0xA6, 0x70, 0x48, 0x44, 0xFC, 0xEF,
+        0xEF, 0x7A, 0xC6, 0x1A, 0x8D, 0x3F, 0x19, 0xF6, 0x71, 0x92,
+        0x7E, 0x3A, 0x00, 0x95, 0xF2, 0xB6, 0x57, 0x40, 0x77, 0xC2,
+        0x80, 0x4E, 0x61, 0xF2, 0x71, 0x56, 0x22, 0xA0, 0x1E, 0xA9,
+        0xDD, 0x5C, 0x54, 0x80, 0xAD, 0xE4, 0x27, 0xF2, 0x17, 0x20,
+        0x9B, 0x5B, 0x89, 0x30, 0x6E, 0x6A, 0x31, 0x2A, 0x4E, 0x43,
+        0x52, 0xF8, 0x8A, 0x51, 0xB7, 0xED, 0x3A, 0xAA, 0x78, 0x41,
+        0x90, 0x95, 0xE8, 0x40, 0x2E, 0x66, 0xFC
 };
 static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024);
 
@@ -613,9 +613,9 @@ static const unsigned char server_cert_der_1024[] =
         0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
         0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
         0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17,
-        0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39,
-        0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x30,
+        0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39,
+        0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30,
         0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
         0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
         0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
@@ -671,9 +671,9 @@ static const unsigned char server_cert_der_1024[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x82, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3, 0xA8, 0x2A, 0xD8,
-        0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7, 0xD4, 0x59, 0x07,
-        0xAA, 0xDD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A, 0x25, 0x8F, 0x1B,
+        0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF, 0xFF, 0x9D, 0x43,
+        0x29, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -682,20 +682,20 @@ static const unsigned char server_cert_der_1024[] =
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06,
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-        0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x35, 0x2E, 0x7B, 0x57,
-        0x7B, 0x64, 0x70, 0x53, 0xE0, 0x81, 0xED, 0xF4, 0xAC, 0xB3,
-        0x3A, 0x3B, 0xBA, 0x82, 0x8D, 0xA2, 0x31, 0xD9, 0xD4, 0xAC,
-        0xD1, 0x8A, 0x6D, 0x35, 0x41, 0x15, 0xB3, 0xE8, 0x06, 0x91,
-        0xCA, 0x2A, 0xF7, 0xFF, 0x28, 0x0E, 0x3D, 0xCD, 0xE7, 0x28,
-        0xF0, 0x07, 0xC0, 0x78, 0x62, 0x9E, 0x88, 0x3D, 0xDC, 0x98,
-        0xF0, 0x8C, 0x89, 0xA7, 0x1C, 0x5B, 0x77, 0x37, 0xB2, 0x55,
-        0x38, 0xB2, 0x60, 0x42, 0xE8, 0x02, 0x81, 0xBF, 0x7C, 0xC3,
-        0x54, 0x86, 0x7E, 0xE4, 0x2F, 0x7D, 0x74, 0x74, 0x27, 0xF7,
-        0x9A, 0xE2, 0x8D, 0xA9, 0x2F, 0x7C, 0x82, 0x31, 0x41, 0xF1,
-        0xCB, 0x48, 0xA0, 0x05, 0x00, 0x26, 0x3D, 0xA4, 0x6B, 0x27,
-        0x43, 0x4C, 0x3F, 0x6F, 0x2F, 0x41, 0x2E, 0xEE, 0xBA, 0x0D,
-        0x8F, 0x39, 0x42, 0x0D, 0x2D, 0x76, 0x00, 0x12, 0x4C, 0xF9,
-        0x49, 0x2D, 0x7F, 0xED
+        0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x67, 0x03, 0x63,
+        0x2A, 0x3E, 0xE4, 0x56, 0xA5, 0x9F, 0x84, 0x89, 0x68, 0x8C,
+        0xED, 0xEF, 0xA4, 0xFE, 0x1F, 0xDC, 0x03, 0x04, 0x1E, 0xD0,
+        0x87, 0x90, 0x14, 0x7C, 0x82, 0x3F, 0x36, 0xA8, 0x7C, 0x14,
+        0x64, 0xAB, 0x88, 0xD4, 0x9D, 0x81, 0xE8, 0xF6, 0xA7, 0xEC,
+        0x12, 0x51, 0xEA, 0x25, 0xFD, 0xA4, 0xD1, 0x9C, 0x9B, 0x71,
+        0x3D, 0xC8, 0xD0, 0xB3, 0xD2, 0x6D, 0xEB, 0x56, 0x11, 0x66,
+        0x05, 0x4E, 0x92, 0x27, 0x0A, 0x76, 0x8C, 0x3A, 0x8B, 0xBD,
+        0xE2, 0x46, 0xF5, 0x7B, 0x8E, 0xFF, 0x03, 0xF3, 0x89, 0x92,
+        0xDC, 0x9B, 0x46, 0x79, 0xF4, 0xB8, 0x95, 0x7D, 0xB6, 0x29,
+        0x79, 0xF3, 0x55, 0xC8, 0x70, 0xDE, 0xF7, 0x9F, 0x59, 0xE1,
+        0xE2, 0x8D, 0xA7, 0x73, 0x1F, 0x97, 0x1C, 0x52, 0x64, 0x48,
+        0x77, 0xCF, 0x6D, 0xA0, 0x27, 0xAD, 0xC0, 0x16, 0x56, 0x55,
+        0x46, 0xB2, 0xBF, 0xF1
 };
 static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024);
 
@@ -869,9 +869,9 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048);
 static const unsigned char client_cert_der_2048[] =
 {
         0x30, 0x82, 0x05, 0x1D, 0x30, 0x82, 0x04, 0x05, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03,
-        0x5A, 0xEC, 0x55, 0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6,
-        0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA,
+        0xEE, 0xA2, 0x9B, 0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99,
+        0xF0, 0xCC, 0x23, 0xF2, 0xEC, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -889,10 +889,10 @@ static const unsigned char client_cert_der_2048[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -962,9 +962,9 @@ static const unsigned char client_cert_der_2048[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55,
-        0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59,
-        0xB8, 0xE8, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B,
+        0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23,
+        0xF2, 0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -973,33 +973,33 @@ static const unsigned char client_cert_der_2048[] =
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06,
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x89, 0x84, 0xEB,
-        0x6A, 0x70, 0x3B, 0x2A, 0x6E, 0xA8, 0x8B, 0xF2, 0x92, 0x79,
-        0x97, 0x5C, 0xBD, 0x98, 0x8B, 0x71, 0xDB, 0xDB, 0x7C, 0xDF,
-        0xDB, 0xA4, 0x2C, 0x59, 0xD3, 0xA6, 0x75, 0x41, 0xC2, 0x06,
-        0xB6, 0x17, 0x1E, 0x0C, 0x1F, 0x7D, 0x0B, 0x7F, 0x58, 0x3E,
-        0xC1, 0xE7, 0x0C, 0xF0, 0x62, 0x92, 0x77, 0xAB, 0x99, 0x79,
-        0x7B, 0x85, 0xF4, 0xD9, 0x6C, 0xD0, 0x0E, 0xE5, 0x8B, 0x13,
-        0x35, 0x65, 0x9E, 0xD7, 0x9A, 0x51, 0x98, 0xE4, 0x49, 0x44,
-        0x51, 0xC8, 0xE3, 0xE0, 0x9A, 0xFF, 0xC2, 0xCB, 0x3D, 0x81,
-        0xEB, 0xEE, 0xF4, 0x1A, 0xD1, 0x96, 0x4B, 0xE9, 0x7D, 0xDE,
-        0x5B, 0xF2, 0x64, 0x40, 0xAD, 0xE1, 0xD9, 0xD6, 0xB7, 0xE1,
-        0xEB, 0xA9, 0x3A, 0x52, 0x29, 0x89, 0xAA, 0x07, 0x37, 0x96,
-        0x44, 0xE3, 0x23, 0x49, 0xF3, 0xBE, 0xF3, 0x0D, 0x70, 0xD1,
-        0xA2, 0xCE, 0x78, 0x86, 0x22, 0xFC, 0x76, 0x00, 0x84, 0x1D,
-        0xFA, 0x8B, 0x8A, 0xD2, 0x43, 0x93, 0x88, 0xFA, 0xEE, 0x22,
-        0xCC, 0xA6, 0x86, 0xF5, 0x3F, 0x24, 0xF1, 0xD4, 0x70, 0x05,
-        0x4F, 0x3B, 0x18, 0x32, 0x50, 0x67, 0xC1, 0x80, 0x77, 0x0D,
-        0x3C, 0x78, 0x75, 0x35, 0xD0, 0xFD, 0x60, 0xF3, 0xED, 0xA1,
-        0x30, 0xD0, 0x62, 0x25, 0x99, 0x6B, 0x80, 0x56, 0x17, 0x3D,
-        0xB4, 0xAF, 0x1D, 0xDF, 0xAB, 0x48, 0x21, 0xC1, 0xD2, 0x0B,
-        0x6B, 0x94, 0xA7, 0x33, 0xD1, 0xD0, 0x82, 0xB7, 0x3B, 0x92,
-        0xEB, 0x9D, 0xD6, 0x6C, 0x32, 0x81, 0x5E, 0x07, 0x3C, 0x46,
-        0x34, 0x32, 0x7B, 0xEA, 0x22, 0xDB, 0xA6, 0xA3, 0x18, 0x69,
-        0x7C, 0xAD, 0x17, 0xE4, 0xC8, 0xA9, 0x8F, 0xA8, 0xBA, 0x67,
-        0xAF, 0x99, 0x39, 0xEF, 0x6E, 0x0C, 0xF8, 0xA9, 0xB3, 0xBD,
-        0xAB, 0x71, 0x94, 0xE0, 0x41, 0xAA, 0xA4, 0x2D, 0x72, 0x60,
-        0x51, 0xD1, 0x5C
+        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x46, 0xAB, 0xE4,
+        0x6D, 0xAE, 0x49, 0x5B, 0x6A, 0x0B, 0xA9, 0x87, 0xE1, 0x95,
+        0x32, 0xA6, 0xD7, 0xAE, 0xDE, 0x28, 0xDC, 0xC7, 0x99, 0x68,
+        0xE2, 0x5F, 0xC9, 0x5A, 0x4C, 0x64, 0xB8, 0xF5, 0x28, 0x42,
+        0x5A, 0xE8, 0x5C, 0x59, 0x32, 0xFE, 0xD0, 0x1F, 0x0B, 0x55,
+        0x89, 0xDB, 0x67, 0xE7, 0x78, 0xF3, 0x70, 0xCF, 0x18, 0x51,
+        0x57, 0x8B, 0xF3, 0x2B, 0xA4, 0x66, 0x0B, 0xF6, 0x03, 0x6E,
+        0x11, 0xAC, 0x83, 0x52, 0x16, 0x7E, 0xA2, 0x7C, 0x36, 0x77,
+        0xF6, 0xBB, 0x13, 0x19, 0x40, 0x2C, 0xB8, 0x8C, 0xCA, 0xD6,
+        0x7E, 0x79, 0x7D, 0xF4, 0x14, 0x8D, 0xB5, 0xA4, 0x09, 0xF6,
+        0x2D, 0x4C, 0xE7, 0xF9, 0xB8, 0x25, 0x41, 0x15, 0x78, 0xF4,
+        0xCA, 0x80, 0x41, 0xEA, 0x3A, 0x05, 0x08, 0xF6, 0xB5, 0x5B,
+        0xA1, 0x3B, 0x5B, 0x48, 0xA8, 0x4B, 0x8C, 0x19, 0x8D, 0x6C,
+        0x87, 0x31, 0x76, 0x74, 0x02, 0x16, 0x8B, 0xDD, 0x7F, 0xD1,
+        0x11, 0x62, 0x27, 0x42, 0x39, 0xE0, 0x9A, 0x63, 0x26, 0x31,
+        0x19, 0xCE, 0x3D, 0x41, 0xD5, 0x24, 0x47, 0x32, 0x0F, 0x76,
+        0xD6, 0x41, 0x37, 0x44, 0xAD, 0x73, 0xF1, 0xB8, 0xEC, 0x2B,
+        0x6E, 0x9C, 0x4F, 0x84, 0xC4, 0x4E, 0xD7, 0x92, 0x10, 0x7E,
+        0x23, 0x32, 0xA0, 0x75, 0x6A, 0xE7, 0xFE, 0x55, 0x95, 0x9F,
+        0x0A, 0xAD, 0xDF, 0xF9, 0x2A, 0xA2, 0x1A, 0x59, 0xD5, 0x82,
+        0x63, 0xD6, 0x5D, 0x7D, 0x79, 0xF4, 0xA7, 0x2D, 0xDC, 0x8C,
+        0x04, 0xCD, 0x98, 0xB0, 0x42, 0x0E, 0x84, 0xFA, 0x86, 0x50,
+        0x10, 0x61, 0xAC, 0x73, 0xCD, 0x79, 0x45, 0x30, 0xE8, 0x42,
+        0xA1, 0x6A, 0xF6, 0x77, 0x55, 0xEC, 0x07, 0xDB, 0x52, 0x29,
+        0xCA, 0x7A, 0xC8, 0xA2, 0xDA, 0xE9, 0xF5, 0x98, 0x33, 0x6A,
+        0xE8, 0xBC, 0x89, 0xED, 0x01, 0xE2, 0xFE, 0x44, 0x86, 0x86,
+        0x80, 0x39, 0xEC
 };
 static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
 
@@ -1636,9 +1636,9 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048);
 static const unsigned char ca_cert_der_2048[] =
 {
         0x30, 0x82, 0x04, 0xFF, 0x30, 0x82, 0x03, 0xE7, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x33, 0x44, 0x1A, 0xA8, 0x6C,
-        0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70, 0x51, 0x0A, 0x4C, 0xD1,
-        0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x6B, 0x9B, 0x70, 0xC6, 0xF1,
+        0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08, 0x58, 0xEF, 0xA7, 0x8D,
+        0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -1655,10 +1655,10 @@ static const unsigned char ca_cert_der_2048[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -1726,9 +1726,9 @@ static const unsigned char ca_cert_der_2048[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x82, 0x14, 0x33, 0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6,
-        0x60, 0xF2, 0x70, 0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC,
-        0xE9, 0x44, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x6B, 0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65,
+        0x19, 0xA1, 0x08, 0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83,
+        0xC1, 0xDA, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -1737,33 +1737,33 @@ static const unsigned char ca_cert_der_2048[] =
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06,
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2D, 0xFC, 0xF9,
-        0x32, 0x5A, 0xBE, 0xD6, 0x9D, 0x42, 0x8B, 0x86, 0x4E, 0x67,
-        0x22, 0xC3, 0x50, 0x2D, 0xCB, 0x14, 0x27, 0x1D, 0x94, 0xF3,
-        0xCD, 0x88, 0x42, 0xDA, 0x41, 0x1C, 0x39, 0x24, 0x67, 0xA7,
-        0x92, 0x4D, 0x27, 0xEA, 0x56, 0x82, 0x19, 0xBF, 0x11, 0xB2,
-        0x43, 0xA4, 0x8D, 0x5D, 0x87, 0xB2, 0x27, 0x64, 0x66, 0x82,
-        0x81, 0xDF, 0xC4, 0xFD, 0x5B, 0x62, 0xB0, 0xC2, 0x4D, 0x9D,
-        0x29, 0xF2, 0x41, 0x32, 0xCC, 0x2E, 0xB5, 0xDA, 0x38, 0x06,
-        0x1B, 0xE8, 0x7F, 0x8C, 0x6E, 0x3D, 0x80, 0x1E, 0x00, 0x56,
-        0x49, 0xBF, 0x39, 0xE0, 0xDA, 0x68, 0x2F, 0xC4, 0xFD, 0x00,
-        0xE6, 0xD1, 0x81, 0x1A, 0xD1, 0x4A, 0xBB, 0x76, 0x52, 0xCE,
-        0x4D, 0x24, 0x9D, 0xC4, 0xA3, 0xA7, 0xF1, 0x65, 0x14, 0x2F,
-        0x1F, 0xA8, 0x2D, 0xC6, 0xCB, 0xCE, 0xB1, 0xA7, 0x89, 0x74,
-        0x26, 0x27, 0xC3, 0xF3, 0xA3, 0x84, 0x4C, 0x34, 0x01, 0x14,
-        0x03, 0x7D, 0x16, 0x3A, 0xC8, 0x8B, 0x25, 0x2E, 0x7B, 0x90,
-        0xCC, 0x46, 0xB1, 0x52, 0x34, 0xBA, 0x93, 0x6E, 0xEF, 0xFE,
-        0x43, 0xA3, 0xAD, 0xC6, 0x6F, 0x51, 0xFB, 0xBA, 0xEA, 0x38,
-        0xE3, 0x6F, 0xD6, 0xEE, 0x63, 0x62, 0x36, 0xEA, 0x5E, 0x08,
-        0xB4, 0xE2, 0x2A, 0x46, 0x89, 0xE3, 0xAE, 0xB3, 0xB4, 0x06,
-        0xEF, 0x63, 0x7A, 0x6E, 0x5D, 0xDD, 0xC9, 0xEC, 0x02, 0x4F,
-        0xF7, 0x64, 0xC0, 0x27, 0x07, 0xB4, 0x6F, 0x4A, 0x18, 0x72,
-        0x5B, 0x34, 0x74, 0x7C, 0xD0, 0xA9, 0x04, 0x8F, 0x40, 0x8B,
-        0x6A, 0x39, 0xD2, 0x6B, 0x1A, 0x01, 0xF2, 0x01, 0xA8, 0x81,
-        0x34, 0x3A, 0xE5, 0xB0, 0x55, 0xD1, 0x3C, 0x95, 0xCA, 0xB0,
-        0x82, 0xD6, 0xED, 0x98, 0x28, 0x15, 0x59, 0x7E, 0x95, 0xA7,
-        0x69, 0xC7, 0xB5, 0x7B, 0xEC, 0x01, 0xA7, 0x4D, 0xE6, 0xB9,
-        0xA2, 0xFE, 0x35
+        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0x3B, 0x3D,
+        0x66, 0x74, 0xBC, 0x97, 0xFE, 0x40, 0x16, 0xE6, 0xBA, 0xA5,
+        0xD5, 0xD1, 0x84, 0x08, 0x89, 0x69, 0x4F, 0x88, 0x0D, 0x57,
+        0xA9, 0xEF, 0x8C, 0xC3, 0x97, 0x52, 0xC8, 0xBD, 0x8B, 0xA2,
+        0x49, 0x3B, 0xB7, 0xF7, 0x5D, 0x1E, 0xD6, 0x14, 0x7F, 0xB2,
+        0x80, 0x33, 0xDA, 0xA0, 0x8A, 0xD3, 0xE1, 0x2F, 0xD5, 0xBC,
+        0x33, 0x9F, 0xEA, 0x5A, 0x72, 0x24, 0xE5, 0xF8, 0xB8, 0x4B,
+        0xB3, 0xDF, 0x62, 0x90, 0x3B, 0xA8, 0x21, 0xEF, 0x27, 0x42,
+        0x75, 0xBC, 0x60, 0x02, 0x8E, 0x37, 0x35, 0x99, 0xEB, 0xA3,
+        0x28, 0xF2, 0x65, 0x4C, 0xFF, 0x7A, 0xF8, 0x8E, 0xCC, 0x23,
+        0x6D, 0xE5, 0x6A, 0xFE, 0x22, 0x5A, 0xD9, 0xB2, 0x4F, 0x47,
+        0xC7, 0xE0, 0xAE, 0x98, 0xEF, 0x94, 0xAC, 0xB6, 0x4F, 0x61,
+        0x81, 0x29, 0x8E, 0xE1, 0x79, 0x2C, 0x46, 0xFC, 0xE9, 0x1A,
+        0xC3, 0x96, 0x1F, 0x19, 0x93, 0x64, 0x2E, 0x9F, 0x37, 0x72,
+        0xC5, 0xE4, 0x93, 0x4E, 0x61, 0x5F, 0x38, 0x8E, 0xAE, 0xE8,
+        0x39, 0x19, 0xE6, 0x97, 0xA8, 0x91, 0xD4, 0x23, 0x7E, 0x1E,
+        0xD2, 0xD0, 0x53, 0xEC, 0xCC, 0xAC, 0xA0, 0x1D, 0xD0, 0xB7,
+        0xDD, 0xB1, 0xB7, 0x01, 0x2E, 0x96, 0xCD, 0x85, 0x27, 0xE0,
+        0xE7, 0x47, 0xE2, 0xC1, 0xC1, 0x00, 0xF6, 0x94, 0xDF, 0x77,
+        0xE7, 0xFA, 0xC6, 0xEF, 0x8A, 0xC0, 0x7C, 0x67, 0xBC, 0xFF,
+        0xA0, 0x7C, 0x94, 0x3B, 0x7D, 0x86, 0x42, 0xAF, 0x3D, 0x83,
+        0x31, 0xEE, 0x2A, 0x3B, 0x7B, 0xF0, 0x2C, 0x9E, 0x6F, 0xE9,
+        0xC4, 0x07, 0x81, 0x24, 0xDA, 0x05, 0x70, 0x4D, 0xDD, 0x09,
+        0xAE, 0x9E, 0x72, 0xB8, 0x21, 0x0E, 0x8C, 0xB2, 0xAB, 0xAA,
+        0x4C, 0x49, 0x10, 0xF7, 0x76, 0xF9, 0xB5, 0x0D, 0x6C, 0x20,
+        0xD3, 0xDF, 0x7A, 0x06, 0x32, 0x8D, 0x29, 0x1F, 0x28, 0x1D,
+        0x8D, 0x26, 0x33
 };
 static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
 
@@ -1771,9 +1771,9 @@ static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
 static const unsigned char ca_cert_chain_der[] =
 {
         0x30, 0x82, 0x03, 0xFA, 0x30, 0x82, 0x03, 0x63, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x5D, 0x82, 0xE6, 0x32, 0x61,
-        0xE7, 0x3B, 0x5E, 0x77, 0x3D, 0xDA, 0xA6, 0xF3, 0xFC, 0x54,
-        0xB5, 0x04, 0xD4, 0x10, 0x4E, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x22, 0x3E, 0x28, 0x4D, 0xF0,
+        0xF6, 0xC5, 0x97, 0x06, 0xB3, 0xAD, 0x8A, 0x59, 0x4D, 0xA0,
+        0x87, 0x3F, 0xB3, 0xCE, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -1790,10 +1790,10 @@ static const unsigned char ca_cert_chain_der[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -1848,8 +1848,8 @@ static const unsigned char ca_cert_chain_der[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x5D, 0x82, 0xE6, 0x32, 0x61, 0xE7, 0x3B, 0x5E, 0x77, 0x3D,
-        0xDA, 0xA6, 0xF3, 0xFC, 0x54, 0xB5, 0x04, 0xD4, 0x10, 0x4E,
+        0x22, 0x3E, 0x28, 0x4D, 0xF0, 0xF6, 0xC5, 0x97, 0x06, 0xB3,
+        0xAD, 0x8A, 0x59, 0x4D, 0xA0, 0x87, 0x3F, 0xB3, 0xCE, 0x8C,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -1859,20 +1859,20 @@ static const unsigned char ca_cert_chain_der[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
-        0x03, 0x81, 0x81, 0x00, 0x23, 0x19, 0xF7, 0x04, 0xB7, 0x99,
-        0x84, 0x86, 0xCE, 0x45, 0x9E, 0xA4, 0x55, 0x2D, 0x14, 0xAC,
-        0xC5, 0x1C, 0x2D, 0x2F, 0x8D, 0xD3, 0x14, 0x81, 0x91, 0x27,
-        0x1C, 0x0C, 0x3C, 0x44, 0x14, 0x8B, 0x99, 0x46, 0xF2, 0x43,
-        0xB3, 0x51, 0x33, 0x1B, 0xFA, 0x77, 0x95, 0x07, 0x5C, 0xE4,
-        0x3C, 0x11, 0x17, 0x55, 0x57, 0xBF, 0x9D, 0xF4, 0xB5, 0xD4,
-        0xAD, 0x7C, 0xB1, 0x82, 0x62, 0x77, 0xC8, 0xAA, 0x02, 0xEE,
-        0x73, 0xEE, 0x77, 0x67, 0xD5, 0xB5, 0x58, 0xD7, 0x19, 0x6F,
-        0x0F, 0xFD, 0x8B, 0xFC, 0xD4, 0x32, 0xFF, 0x86, 0x48, 0xF8,
-        0x49, 0x5B, 0xD8, 0xF1, 0xFB, 0x36, 0x28, 0x27, 0xC1, 0x7D,
-        0xDD, 0x0F, 0xFF, 0x7F, 0x95, 0x16, 0x5B, 0x85, 0xCA, 0x3E,
-        0x9B, 0xDC, 0x78, 0xB7, 0x6B, 0xB1, 0xF1, 0x75, 0xFA, 0x61,
-        0xDA, 0xCE, 0x8A, 0x4E, 0x5F, 0x90, 0x7C, 0x38, 0x9E, 0x31,
-        0x00, 0x66
+        0x03, 0x81, 0x81, 0x00, 0x4E, 0x35, 0x89, 0x4C, 0x99, 0xC8,
+        0x51, 0x46, 0x5B, 0x86, 0x21, 0xF3, 0x92, 0x13, 0x2D, 0x0E,
+        0x73, 0x78, 0x85, 0xBC, 0x81, 0xBB, 0xD1, 0x4B, 0xC3, 0x1B,
+        0x65, 0xB5, 0x39, 0x71, 0xA7, 0x04, 0x39, 0x8D, 0x57, 0x20,
+        0x02, 0xA0, 0x33, 0x8C, 0xFF, 0xD5, 0xFC, 0x2E, 0x94, 0x56,
+        0x48, 0xFC, 0x08, 0x4A, 0x37, 0x19, 0x98, 0x81, 0xAF, 0x51,
+        0x3F, 0xB7, 0x91, 0x0A, 0x86, 0x4E, 0x97, 0xE2, 0x39, 0x92,
+        0xF5, 0x3E, 0x99, 0xB2, 0x88, 0x1B, 0xAA, 0x97, 0x95, 0x77,
+        0x2E, 0xDA, 0x41, 0x11, 0xD7, 0x8F, 0x74, 0x9D, 0x34, 0xD0,
+        0x70, 0xCA, 0x37, 0xAA, 0xF7, 0xD7, 0x39, 0xD6, 0xA8, 0x48,
+        0x34, 0x06, 0x3A, 0x6A, 0xDA, 0xDE, 0x8A, 0x1D, 0x3C, 0x41,
+        0x56, 0xA3, 0x4E, 0xAE, 0x9F, 0x50, 0xB4, 0x8E, 0x10, 0x39,
+        0xD9, 0xA2, 0x38, 0xD0, 0x22, 0x04, 0xCA, 0x31, 0x1C, 0xAC,
+        0x3C, 0xF2
 };
 static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der);
 
@@ -2023,10 +2023,10 @@ static const unsigned char server_cert_der_2048[] =
         0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
         0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
         0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32,
-        0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17,
-        0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32,
+        0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
         0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
         0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
         0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
@@ -2093,9 +2093,9 @@ static const unsigned char server_cert_der_2048[] =
         0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
         0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
         0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
-        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x33,
-        0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70,
-        0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x6B,
+        0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08,
+        0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30,
         0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03,
         0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11,
         0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D,
@@ -2105,32 +2105,32 @@ static const unsigned char server_cert_der_2048[] =
         0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05,
         0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
         0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03,
-        0x82, 0x01, 0x01, 0x00, 0x4A, 0xFF, 0xB9, 0xE5, 0x85, 0x9B,
-        0xDA, 0x53, 0x66, 0x7F, 0x07, 0x22, 0xBF, 0xB6, 0x19, 0xEA,
-        0x42, 0xEB, 0xA4, 0x11, 0x07, 0x62, 0xFF, 0x39, 0x5F, 0x33,
-        0x37, 0x3A, 0x87, 0x26, 0x71, 0x3D, 0x13, 0xB2, 0xCA, 0xB8,
-        0x64, 0x38, 0x7B, 0x8A, 0x99, 0x48, 0x0E, 0xA5, 0xA4, 0x6B,
-        0xB1, 0x99, 0x6E, 0xE0, 0x46, 0x51, 0xBD, 0x19, 0x52, 0xAD,
-        0xBC, 0xA6, 0x7E, 0x2A, 0x7A, 0x7C, 0x23, 0xA7, 0xCC, 0xDB,
-        0x5E, 0x43, 0x7D, 0x6B, 0x04, 0xC8, 0xB7, 0xDD, 0x95, 0xAD,
-        0xF0, 0x91, 0x80, 0x59, 0xC5, 0x19, 0x91, 0x26, 0x27, 0x91,
-        0xB8, 0x48, 0x1C, 0xEB, 0x55, 0xB6, 0xAA, 0x7D, 0xA4, 0x38,
-        0xF1, 0x03, 0xBC, 0x6C, 0x8B, 0xAA, 0x94, 0xD6, 0x3C, 0x05,
-        0x7A, 0x96, 0xC5, 0x06, 0xF1, 0x26, 0x14, 0x2E, 0x75, 0xFB,
-        0xDD, 0xE5, 0x35, 0xB3, 0x01, 0x2C, 0xB3, 0xAD, 0x62, 0x5A,
-        0x21, 0x9A, 0x08, 0xBE, 0x56, 0xFC, 0xF9, 0xA2, 0x42, 0x87,
-        0x86, 0xE5, 0xA9, 0xC5, 0x99, 0xCF, 0xAE, 0x14, 0xBE, 0xE0,
-        0xB9, 0x08, 0x24, 0x0D, 0x1D, 0x5C, 0xD6, 0x14, 0xE1, 0x4C,
-        0x9F, 0x40, 0xB3, 0xA9, 0xE9, 0x2D, 0x52, 0x8B, 0x4C, 0xBF,
-        0xAC, 0x44, 0x31, 0x67, 0xC1, 0x8D, 0x06, 0x85, 0xEC, 0x0F,
-        0xE4, 0x99, 0xD7, 0x4B, 0x7B, 0x21, 0x06, 0x66, 0xD4, 0xE4,
-        0xF5, 0x9D, 0xFF, 0x8E, 0xF0, 0x86, 0x39, 0x58, 0x1D, 0xA4,
-        0x5B, 0xE2, 0x63, 0xEF, 0x7C, 0xC9, 0x18, 0x87, 0xA8, 0x02,
-        0x25, 0x10, 0x3E, 0x87, 0x28, 0xF9, 0xF5, 0xEF, 0x47, 0x9E,
-        0xA5, 0x80, 0x08, 0x11, 0x90, 0x68, 0xFE, 0xD1, 0xA3, 0xA8,
-        0x51, 0xB9, 0x37, 0xFF, 0xD5, 0xCA, 0x7C, 0x87, 0x7F, 0x6B,
-        0xBC, 0x2C, 0x12, 0xC8, 0xC5, 0x85, 0x8B, 0xFC, 0x0C, 0xC6,
-        0xB9, 0x86, 0xB8, 0xC9, 0x04, 0xC3, 0x51, 0x37, 0xD2, 0x4F
+        0x82, 0x01, 0x01, 0x00, 0x8A, 0xF1, 0x4E, 0xE8, 0x9F, 0x59,
+        0xB2, 0xD9, 0x13, 0xAC, 0xFC, 0x42, 0xC4, 0x81, 0x34, 0x9F,
+        0x6B, 0x39, 0x57, 0x9C, 0xE9, 0x92, 0x5D, 0x41, 0xAC, 0x05,
+        0x35, 0xB1, 0x26, 0x93, 0x4D, 0x4A, 0xDA, 0xF8, 0x51, 0x82,
+        0xD2, 0x8D, 0x7F, 0xD3, 0x5C, 0x6E, 0x29, 0x80, 0x8D, 0x9B,
+        0x02, 0x10, 0x2B, 0x64, 0xF5, 0xD1, 0x31, 0x06, 0xFA, 0x85,
+        0x2B, 0x8F, 0x63, 0x32, 0x14, 0x76, 0x7A, 0x39, 0x15, 0xF3,
+        0x4E, 0xDD, 0xFD, 0xE2, 0x2C, 0x90, 0x15, 0xD1, 0x6F, 0x73,
+        0x87, 0xEE, 0xE6, 0xC8, 0xEB, 0xAD, 0x40, 0xD5, 0xE8, 0x94,
+        0x1F, 0xA6, 0x7E, 0x26, 0x5B, 0x87, 0xBA, 0x0F, 0x06, 0x5A,
+        0x4D, 0x55, 0x7A, 0xAA, 0xC4, 0x09, 0x34, 0x8B, 0xF7, 0xE5,
+        0xCC, 0xD6, 0xB7, 0x6C, 0x46, 0x6D, 0xA1, 0xE6, 0x66, 0x66,
+        0x4C, 0x4B, 0xE5, 0x12, 0x31, 0x37, 0x54, 0x49, 0x64, 0xA5,
+        0x66, 0xEB, 0xE0, 0xC6, 0xA1, 0x49, 0xF8, 0x4D, 0xC3, 0xD3,
+        0x55, 0xA4, 0x05, 0xD2, 0xAC, 0xFB, 0xE1, 0xC8, 0x69, 0x30,
+        0x4B, 0x98, 0xFD, 0x72, 0x1A, 0xAB, 0x9F, 0x86, 0xEB, 0x0D,
+        0xBD, 0x7C, 0xA6, 0x3D, 0x81, 0xD9, 0x01, 0xA7, 0x8A, 0x79,
+        0xAB, 0x3C, 0xCE, 0xE5, 0xB6, 0xC3, 0x1B, 0xEF, 0x7D, 0x5E,
+        0x37, 0x7B, 0x37, 0x7C, 0x91, 0x89, 0x59, 0x11, 0x21, 0x11,
+        0x7C, 0x05, 0x80, 0xE1, 0xA8, 0xD6, 0xF9, 0x35, 0xDA, 0x1B,
+        0x86, 0x06, 0x5A, 0x32, 0x67, 0x6C, 0xA9, 0x2B, 0xE0, 0x31,
+        0x7B, 0x89, 0x53, 0x37, 0x42, 0xAF, 0x34, 0xA4, 0x53, 0xD2,
+        0x7C, 0x91, 0x50, 0x63, 0x3A, 0x8E, 0x4A, 0x1F, 0xA3, 0x90,
+        0x4E, 0x7C, 0x41, 0x59, 0x1D, 0xEB, 0x7B, 0xA2, 0x14, 0x87,
+        0xBA, 0x76, 0x36, 0xA4, 0x77, 0x46, 0x34, 0xF2, 0x55, 0x50,
+        0xF0, 0x24, 0x9F, 0x83, 0x83, 0xDA, 0xA6, 0xAA, 0x3C, 0xC8
 
 };
 static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
@@ -2502,183 +2502,186 @@ static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072);
 /* ./certs/3072/client-key.der, 3072-bit */
 static const unsigned char client_key_der_3072[] =
 {
-        0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
-        0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10,
-        0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41,
-        0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88,
-        0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, 0x42,
-        0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC,
-        0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C,
-        0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58,
-        0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00,
-        0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A,
-        0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B,
-        0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E,
-        0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64,
-        0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A,
-        0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89,
-        0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, 0x48,
-        0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA,
-        0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59,
-        0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0,
-        0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7,
-        0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8,
-        0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D,
-        0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE,
-        0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C,
-        0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC,
-        0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1,
-        0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9,
-        0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC,
-        0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC,
-        0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D,
-        0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F,
-        0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35,
-        0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA,
-        0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1,
-        0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4,
-        0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F,
-        0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13,
-        0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57,
-        0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9,
-        0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, 0x00,
-        0x01, 0x02, 0x82, 0x01, 0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5,
-        0xCA, 0x48, 0x49, 0xA6, 0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B,
-        0x0D, 0xBB, 0xC9, 0xEA, 0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC,
-        0xEE, 0xE4, 0x3D, 0x42, 0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7,
-        0x70, 0x1C, 0x7E, 0x1F, 0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F,
-        0x01, 0x98, 0xC2, 0x3E, 0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B,
-        0x13, 0x87, 0xAE, 0xAC, 0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25,
-        0x4E, 0x59, 0xBA, 0x09, 0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8,
-        0x93, 0xC6, 0xBB, 0x03, 0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87,
-        0x6A, 0x36, 0x41, 0x7C, 0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39,
-        0xEB, 0x14, 0xA7, 0xA6, 0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6,
-        0x57, 0x9A, 0x1B, 0x01, 0x02, 0x1F, 0x80, 0x34, 0x45, 0x09,
-        0xE6, 0xBF, 0x31, 0x19, 0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A,
-        0xB0, 0xCD, 0xF5, 0xA6, 0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F,
-        0xEA, 0x7E, 0xF6, 0x0A, 0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70,
-        0x0D, 0x1B, 0xD9, 0x70, 0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC,
-        0xD4, 0x93, 0x16, 0xC7, 0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A,
-        0x1F, 0xAD, 0xDD, 0x40, 0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2,
-        0x04, 0xA0, 0x24, 0x05, 0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9,
-        0x5C, 0xC2, 0x5E, 0xE4, 0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77,
-        0xBB, 0x84, 0x69, 0x54, 0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38,
-        0xD8, 0xF7, 0xF3, 0x9F, 0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6,
-        0x7A, 0x65, 0xF5, 0x69, 0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28,
-        0xA4, 0x29, 0xAC, 0xD9, 0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4,
-        0xBA, 0xDF, 0xD0, 0xF1, 0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7,
-        0x5A, 0x94, 0xCF, 0xD9, 0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91,
-        0x2E, 0x77, 0x15, 0x18, 0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1,
-        0x92, 0x9D, 0xD6, 0x04, 0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7,
-        0x2D, 0x64, 0xF8, 0xDF, 0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88,
-        0x83, 0x5F, 0x67, 0x90, 0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA,
-        0x30, 0x13, 0xCA, 0x9F, 0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE,
-        0xF9, 0x96, 0xDD, 0x5E, 0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F,
-        0x7F, 0x33, 0x2A, 0x38, 0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47,
-        0x06, 0xCC, 0x96, 0x44, 0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7,
-        0xD0, 0xD3, 0xC3, 0xC5, 0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE,
-        0x2A, 0xA4, 0x86, 0xE7, 0x76, 0x74, 0x90, 0xD1, 0x04, 0x37,
-        0x64, 0x1A, 0xED, 0x08, 0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B,
-        0x89, 0x99, 0xA4, 0xB0, 0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4,
-        0xEE, 0x3C, 0xC4, 0x00, 0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02,
-        0x81, 0xC1, 0x00, 0xD9, 0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2,
-        0xE7, 0x15, 0xA7, 0x0A, 0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6,
-        0xA9, 0x6F, 0x73, 0x88, 0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80,
-        0xB5, 0x2E, 0x29, 0x8B, 0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18,
-        0x1C, 0x0D, 0x0E, 0x38, 0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C,
-        0x4E, 0x24, 0x05, 0xA7, 0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C,
-        0x1D, 0x0A, 0x2C, 0xFE, 0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D,
-        0xF8, 0xEB, 0x2F, 0xDA, 0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97,
-        0x64, 0x14, 0xAB, 0xEA, 0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63,
-        0x35, 0x90, 0xEE, 0x7F, 0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB,
-        0x87, 0x47, 0x9B, 0x45, 0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3,
-        0x8A, 0x0B, 0x9B, 0xE6, 0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC,
-        0x3E, 0x35, 0xDB, 0xED, 0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29,
-        0x79, 0xF8, 0x3F, 0xC2, 0x58, 0x40, 0x32, 0x66, 0x87, 0x56,
-        0x50, 0xFF, 0xBF, 0x3E, 0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE,
-        0x87, 0x2D, 0xEF, 0x64, 0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94,
-        0xDA, 0x5B, 0x0C, 0x8C, 0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE,
-        0x40, 0x02, 0x65, 0x36, 0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07,
-        0xB4, 0x7F, 0x14, 0x0E, 0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F,
-        0xDC, 0xA2, 0xE8, 0xC7, 0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA,
-        0xED, 0xA5, 0x3F, 0x59, 0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02,
-        0x95, 0x80, 0xA0, 0xAF, 0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72,
-        0x41, 0x2C, 0x5C, 0xB4, 0x43, 0x85, 0x46, 0x73, 0x9F, 0x58,
-        0xE9, 0x40, 0x8B, 0xEC, 0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE,
-        0xC8, 0x6C, 0x74, 0x75, 0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6,
-        0x99, 0xA2, 0x70, 0xDE, 0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49,
-        0x13, 0xA0, 0xE2, 0x20, 0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3,
-        0x25, 0x09, 0xCE, 0x75, 0x13, 0x75, 0x36, 0x11, 0x47, 0x2C,
-        0x3C, 0x15, 0x1F, 0xF0, 0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07,
-        0xAC, 0x3D, 0x83, 0x46, 0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8,
-        0x19, 0x7C, 0xFF, 0xDE, 0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E,
-        0xBD, 0xFA, 0x96, 0xDD, 0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17,
-        0x90, 0x6F, 0x14, 0x35, 0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A,
-        0xA0, 0x53, 0x10, 0x15, 0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6,
-        0x48, 0xC0, 0x5D, 0xB4, 0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75,
-        0xCD, 0xC3, 0x64, 0x66, 0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14,
-        0x34, 0xE6, 0x60, 0x3C, 0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79,
-        0x93, 0x5D, 0x4A, 0x42, 0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E,
-        0x63, 0xBD, 0xB6, 0x5F, 0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70,
-        0xB1, 0x02, 0x81, 0xC0, 0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD,
-        0xF6, 0xB1, 0x66, 0xC5, 0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B,
-        0xDE, 0xD4, 0x4A, 0xFF, 0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B,
-        0x32, 0x35, 0x84, 0x83, 0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B,
-        0x7E, 0xCA, 0xE7, 0xB8, 0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4,
-        0x24, 0xED, 0x1A, 0xC1, 0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64,
-        0xC0, 0xC2, 0xFB, 0xFA, 0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3,
-        0x92, 0x95, 0x4E, 0xC2, 0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6,
-        0x78, 0x79, 0xC7, 0xDC, 0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65,
-        0xFE, 0x56, 0x8F, 0xB2, 0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80,
-        0x49, 0x8A, 0x36, 0xBF, 0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5,
-        0x1D, 0x64, 0x17, 0x26, 0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B,
-        0x99, 0x27, 0x04, 0x64, 0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26,
-        0xC3, 0x56, 0xF9, 0xEE, 0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73,
-        0xF6, 0x67, 0x83, 0xBC, 0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA,
-        0xBD, 0xE0, 0x24, 0x34, 0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3,
-        0xE3, 0x3D, 0x17, 0xBC, 0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6,
-        0x2F, 0xCB, 0xB4, 0xAF, 0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D,
-        0xB4, 0x7F, 0x1B, 0x26, 0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F,
-        0xF6, 0x9A, 0xB7, 0xC1, 0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00,
-        0xB0, 0x6D, 0x20, 0x68, 0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E,
-        0x22, 0x06, 0xFC, 0xC7, 0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE,
-        0x7D, 0xC5, 0x2F, 0xDE, 0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF,
-        0xE0, 0x4B, 0x1A, 0xB5, 0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65,
-        0x03, 0x3D, 0xD9, 0x1C, 0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31,
-        0x2A, 0x19, 0x54, 0x63, 0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE,
-        0xC8, 0xD3, 0xE9, 0xE1, 0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6,
-        0x7A, 0xBD, 0xCE, 0xE2, 0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76,
-        0xA9, 0x7C, 0xAB, 0x19, 0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6,
-        0x36, 0x57, 0x87, 0x3B, 0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67,
-        0x72, 0x6A, 0x86, 0x84, 0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48,
-        0x09, 0x3B, 0x5E, 0x6C, 0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E,
-        0xC2, 0x27, 0xEE, 0x8A, 0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80,
-        0xA3, 0x65, 0x74, 0x11, 0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B,
-        0x69, 0xB4, 0xC2, 0x9A, 0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C,
-        0x66, 0x5B, 0x38, 0x6F, 0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02,
-        0xAC, 0x8C, 0xB9, 0x66, 0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42,
-        0x12, 0xB7, 0x0E, 0x3A, 0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F,
-        0x53, 0x81, 0x7F, 0xE4, 0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39,
-        0xE4, 0x61, 0x02, 0x81, 0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B,
-        0xFD, 0x84, 0x2E, 0x83, 0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8,
-        0x3C, 0xC5, 0x0C, 0xCB, 0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7,
-        0xB0, 0xE9, 0xA4, 0x6A, 0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7,
-        0xDF, 0xEC, 0xC2, 0x03, 0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79,
-        0xA9, 0xAB, 0xBD, 0xAF, 0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53,
-        0xB3, 0xB2, 0xC0, 0xB1, 0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE,
-        0x67, 0xC7, 0xF3, 0x57, 0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75,
-        0x0D, 0xAC, 0x79, 0x90, 0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3,
-        0xE4, 0x46, 0xB2, 0x10, 0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A,
-        0x8F, 0x39, 0x42, 0x0E, 0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3,
-        0xA7, 0x7F, 0x2F, 0x82, 0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E,
-        0x05, 0x6E, 0x75, 0x83, 0x04, 0x35, 0x66, 0x4A, 0x06, 0x57,
-        0x39, 0xAB, 0x21, 0x0B, 0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE,
-        0x98, 0x45, 0x8F, 0x96, 0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10,
-        0x8E, 0x41, 0x7A, 0xDD, 0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC,
-        0xFE, 0xA3, 0x2D, 0xA9, 0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7,
-        0xBC, 0xF9, 0x71, 0xCC, 0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD,
-        0x1A, 0x9E, 0xC7, 0x08, 0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE,
-        0xE3, 0xF8, 0xBE, 0x1E, 0xC7, 0xD2, 0x28, 0x97
+        0x30, 0x82, 0x06, 0xFE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+        0x05, 0x00, 0x04, 0x82, 0x06, 0xE8, 0x30, 0x82, 0x06, 0xE4,
+        0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39,
+        0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3,
+        0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41,
+        0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97,
+        0x74, 0x5F, 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA,
+        0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0,
+        0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C,
+        0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B,
+        0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82,
+        0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0,
+        0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF,
+        0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A,
+        0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8,
+        0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01,
+        0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6,
+        0x05, 0x11, 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE,
+        0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91,
+        0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13,
+        0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D,
+        0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85,
+        0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89,
+        0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10,
+        0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26,
+        0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88,
+        0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0,
+        0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F,
+        0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19,
+        0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B,
+        0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93,
+        0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41,
+        0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA,
+        0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7,
+        0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0,
+        0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61,
+        0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21,
+        0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E,
+        0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA,
+        0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73,
+        0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96,
+        0x41, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
+        0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5, 0xCA, 0x48, 0x49, 0xA6,
+        0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B, 0x0D, 0xBB, 0xC9, 0xEA,
+        0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC, 0xEE, 0xE4, 0x3D, 0x42,
+        0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7, 0x70, 0x1C, 0x7E, 0x1F,
+        0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F, 0x01, 0x98, 0xC2, 0x3E,
+        0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B, 0x13, 0x87, 0xAE, 0xAC,
+        0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25, 0x4E, 0x59, 0xBA, 0x09,
+        0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8, 0x93, 0xC6, 0xBB, 0x03,
+        0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87, 0x6A, 0x36, 0x41, 0x7C,
+        0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39, 0xEB, 0x14, 0xA7, 0xA6,
+        0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6, 0x57, 0x9A, 0x1B, 0x01,
+        0x02, 0x1F, 0x80, 0x34, 0x45, 0x09, 0xE6, 0xBF, 0x31, 0x19,
+        0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A, 0xB0, 0xCD, 0xF5, 0xA6,
+        0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F, 0xEA, 0x7E, 0xF6, 0x0A,
+        0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70, 0x0D, 0x1B, 0xD9, 0x70,
+        0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC, 0xD4, 0x93, 0x16, 0xC7,
+        0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A, 0x1F, 0xAD, 0xDD, 0x40,
+        0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2, 0x04, 0xA0, 0x24, 0x05,
+        0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9, 0x5C, 0xC2, 0x5E, 0xE4,
+        0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77, 0xBB, 0x84, 0x69, 0x54,
+        0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38, 0xD8, 0xF7, 0xF3, 0x9F,
+        0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6, 0x7A, 0x65, 0xF5, 0x69,
+        0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28, 0xA4, 0x29, 0xAC, 0xD9,
+        0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4, 0xBA, 0xDF, 0xD0, 0xF1,
+        0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7, 0x5A, 0x94, 0xCF, 0xD9,
+        0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91, 0x2E, 0x77, 0x15, 0x18,
+        0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1, 0x92, 0x9D, 0xD6, 0x04,
+        0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7, 0x2D, 0x64, 0xF8, 0xDF,
+        0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88, 0x83, 0x5F, 0x67, 0x90,
+        0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA, 0x30, 0x13, 0xCA, 0x9F,
+        0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE, 0xF9, 0x96, 0xDD, 0x5E,
+        0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F, 0x7F, 0x33, 0x2A, 0x38,
+        0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47, 0x06, 0xCC, 0x96, 0x44,
+        0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7, 0xD0, 0xD3, 0xC3, 0xC5,
+        0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE, 0x2A, 0xA4, 0x86, 0xE7,
+        0x76, 0x74, 0x90, 0xD1, 0x04, 0x37, 0x64, 0x1A, 0xED, 0x08,
+        0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B, 0x89, 0x99, 0xA4, 0xB0,
+        0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4, 0xEE, 0x3C, 0xC4, 0x00,
+        0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02, 0x81, 0xC1, 0x00, 0xD9,
+        0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2, 0xE7, 0x15, 0xA7, 0x0A,
+        0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6, 0xA9, 0x6F, 0x73, 0x88,
+        0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80, 0xB5, 0x2E, 0x29, 0x8B,
+        0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18, 0x1C, 0x0D, 0x0E, 0x38,
+        0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C, 0x4E, 0x24, 0x05, 0xA7,
+        0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C, 0x1D, 0x0A, 0x2C, 0xFE,
+        0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D, 0xF8, 0xEB, 0x2F, 0xDA,
+        0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97, 0x64, 0x14, 0xAB, 0xEA,
+        0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63, 0x35, 0x90, 0xEE, 0x7F,
+        0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB, 0x87, 0x47, 0x9B, 0x45,
+        0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3, 0x8A, 0x0B, 0x9B, 0xE6,
+        0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC, 0x3E, 0x35, 0xDB, 0xED,
+        0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29, 0x79, 0xF8, 0x3F, 0xC2,
+        0x58, 0x40, 0x32, 0x66, 0x87, 0x56, 0x50, 0xFF, 0xBF, 0x3E,
+        0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE, 0x87, 0x2D, 0xEF, 0x64,
+        0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94, 0xDA, 0x5B, 0x0C, 0x8C,
+        0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE, 0x40, 0x02, 0x65, 0x36,
+        0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07, 0xB4, 0x7F, 0x14, 0x0E,
+        0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F, 0xDC, 0xA2, 0xE8, 0xC7,
+        0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA, 0xED, 0xA5, 0x3F, 0x59,
+        0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02, 0x95, 0x80, 0xA0, 0xAF,
+        0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72, 0x41, 0x2C, 0x5C, 0xB4,
+        0x43, 0x85, 0x46, 0x73, 0x9F, 0x58, 0xE9, 0x40, 0x8B, 0xEC,
+        0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE, 0xC8, 0x6C, 0x74, 0x75,
+        0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6, 0x99, 0xA2, 0x70, 0xDE,
+        0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49, 0x13, 0xA0, 0xE2, 0x20,
+        0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3, 0x25, 0x09, 0xCE, 0x75,
+        0x13, 0x75, 0x36, 0x11, 0x47, 0x2C, 0x3C, 0x15, 0x1F, 0xF0,
+        0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07, 0xAC, 0x3D, 0x83, 0x46,
+        0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8, 0x19, 0x7C, 0xFF, 0xDE,
+        0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E, 0xBD, 0xFA, 0x96, 0xDD,
+        0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17, 0x90, 0x6F, 0x14, 0x35,
+        0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A, 0xA0, 0x53, 0x10, 0x15,
+        0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6, 0x48, 0xC0, 0x5D, 0xB4,
+        0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75, 0xCD, 0xC3, 0x64, 0x66,
+        0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14, 0x34, 0xE6, 0x60, 0x3C,
+        0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79, 0x93, 0x5D, 0x4A, 0x42,
+        0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E, 0x63, 0xBD, 0xB6, 0x5F,
+        0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70, 0xB1, 0x02, 0x81, 0xC0,
+        0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD, 0xF6, 0xB1, 0x66, 0xC5,
+        0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B, 0xDE, 0xD4, 0x4A, 0xFF,
+        0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B, 0x32, 0x35, 0x84, 0x83,
+        0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B, 0x7E, 0xCA, 0xE7, 0xB8,
+        0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4, 0x24, 0xED, 0x1A, 0xC1,
+        0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64, 0xC0, 0xC2, 0xFB, 0xFA,
+        0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3, 0x92, 0x95, 0x4E, 0xC2,
+        0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6, 0x78, 0x79, 0xC7, 0xDC,
+        0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65, 0xFE, 0x56, 0x8F, 0xB2,
+        0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80, 0x49, 0x8A, 0x36, 0xBF,
+        0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5, 0x1D, 0x64, 0x17, 0x26,
+        0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B, 0x99, 0x27, 0x04, 0x64,
+        0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26, 0xC3, 0x56, 0xF9, 0xEE,
+        0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73, 0xF6, 0x67, 0x83, 0xBC,
+        0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA, 0xBD, 0xE0, 0x24, 0x34,
+        0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3, 0xE3, 0x3D, 0x17, 0xBC,
+        0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6, 0x2F, 0xCB, 0xB4, 0xAF,
+        0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D, 0xB4, 0x7F, 0x1B, 0x26,
+        0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F, 0xF6, 0x9A, 0xB7, 0xC1,
+        0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00, 0xB0, 0x6D, 0x20, 0x68,
+        0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E, 0x22, 0x06, 0xFC, 0xC7,
+        0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE, 0x7D, 0xC5, 0x2F, 0xDE,
+        0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF, 0xE0, 0x4B, 0x1A, 0xB5,
+        0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65, 0x03, 0x3D, 0xD9, 0x1C,
+        0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31, 0x2A, 0x19, 0x54, 0x63,
+        0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE, 0xC8, 0xD3, 0xE9, 0xE1,
+        0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6, 0x7A, 0xBD, 0xCE, 0xE2,
+        0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76, 0xA9, 0x7C, 0xAB, 0x19,
+        0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6, 0x36, 0x57, 0x87, 0x3B,
+        0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67, 0x72, 0x6A, 0x86, 0x84,
+        0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48, 0x09, 0x3B, 0x5E, 0x6C,
+        0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E, 0xC2, 0x27, 0xEE, 0x8A,
+        0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80, 0xA3, 0x65, 0x74, 0x11,
+        0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B, 0x69, 0xB4, 0xC2, 0x9A,
+        0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C, 0x66, 0x5B, 0x38, 0x6F,
+        0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02, 0xAC, 0x8C, 0xB9, 0x66,
+        0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42, 0x12, 0xB7, 0x0E, 0x3A,
+        0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F, 0x53, 0x81, 0x7F, 0xE4,
+        0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39, 0xE4, 0x61, 0x02, 0x81,
+        0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B, 0xFD, 0x84, 0x2E, 0x83,
+        0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8, 0x3C, 0xC5, 0x0C, 0xCB,
+        0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7, 0xB0, 0xE9, 0xA4, 0x6A,
+        0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7, 0xDF, 0xEC, 0xC2, 0x03,
+        0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79, 0xA9, 0xAB, 0xBD, 0xAF,
+        0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53, 0xB3, 0xB2, 0xC0, 0xB1,
+        0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE, 0x67, 0xC7, 0xF3, 0x57,
+        0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75, 0x0D, 0xAC, 0x79, 0x90,
+        0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3, 0xE4, 0x46, 0xB2, 0x10,
+        0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A, 0x8F, 0x39, 0x42, 0x0E,
+        0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3, 0xA7, 0x7F, 0x2F, 0x82,
+        0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E, 0x05, 0x6E, 0x75, 0x83,
+        0x04, 0x35, 0x66, 0x4A, 0x06, 0x57, 0x39, 0xAB, 0x21, 0x0B,
+        0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE, 0x98, 0x45, 0x8F, 0x96,
+        0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10, 0x8E, 0x41, 0x7A, 0xDD,
+        0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC, 0xFE, 0xA3, 0x2D, 0xA9,
+        0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7, 0xBC, 0xF9, 0x71, 0xCC,
+        0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD, 0x1A, 0x9E, 0xC7, 0x08,
+        0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE, 0xE3, 0xF8, 0xBE, 0x1E,
+        0xC7, 0xD2, 0x28, 0x97
 };
 static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072);
 
@@ -2735,9 +2738,9 @@ static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072);
 static const unsigned char client_cert_der_3072[] =
 {
         0x30, 0x82, 0x06, 0x1D, 0x30, 0x82, 0x04, 0x85, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x0B, 0x5C, 0x9F, 0x12, 0x25,
-        0x90, 0xAA, 0x52, 0xC0, 0xDF, 0xE1, 0xE1, 0x1F, 0xED, 0xA9,
-        0x31, 0x01, 0x0A, 0x09, 0x8B, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x1E, 0xD5, 0xB7, 0x66, 0x40,
+        0x3A, 0xE9, 0x9B, 0xDD, 0x58, 0xE4, 0xE4, 0x9A, 0xC0, 0xDA,
+        0x1E, 0xD7, 0xB9, 0x5A, 0x1F, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -2755,10 +2758,10 @@ static const unsigned char client_cert_der_3072[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -2841,8 +2844,8 @@ static const unsigned char client_cert_der_3072[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x0B, 0x5C, 0x9F, 0x12, 0x25, 0x90, 0xAA, 0x52, 0xC0, 0xDF,
-        0xE1, 0xE1, 0x1F, 0xED, 0xA9, 0x31, 0x01, 0x0A, 0x09, 0x8B,
+        0x1E, 0xD5, 0xB7, 0x66, 0x40, 0x3A, 0xE9, 0x9B, 0xDD, 0x58,
+        0xE4, 0xE4, 0x9A, 0xC0, 0xDA, 0x1E, 0xD7, 0xB9, 0x5A, 0x1F,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -2852,45 +2855,45 @@ static const unsigned char client_cert_der_3072[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
-        0x03, 0x82, 0x01, 0x81, 0x00, 0x14, 0x27, 0x57, 0x47, 0x12,
-        0xA4, 0x78, 0xA2, 0xC9, 0xDC, 0x93, 0xF8, 0x47, 0xEE, 0xF4,
-        0xFD, 0x66, 0x80, 0x13, 0x43, 0x9E, 0xDE, 0x23, 0x8C, 0xF7,
-        0x3F, 0xFE, 0x46, 0x9C, 0x85, 0x58, 0x2A, 0x6F, 0x8D, 0x22,
-        0x92, 0x8C, 0xD6, 0x36, 0xCA, 0x90, 0x4F, 0x45, 0xC3, 0xAB,
-        0x78, 0xCA, 0x3C, 0xFE, 0xD0, 0xF5, 0x0F, 0x6D, 0x00, 0xFE,
-        0x3B, 0x42, 0xB0, 0x86, 0x0B, 0x75, 0xF2, 0x7C, 0xD3, 0xC7,
-        0xDB, 0x0B, 0x70, 0xE8, 0xEC, 0xB7, 0xBF, 0x26, 0x30, 0xA8,
-        0x19, 0x67, 0xBD, 0x74, 0x03, 0xCF, 0xD1, 0x08, 0x8E, 0x9C,
-        0xD5, 0x1B, 0x45, 0x28, 0xB2, 0x67, 0x8E, 0x3A, 0xA5, 0x27,
-        0xC9, 0x1B, 0x6A, 0xE9, 0x93, 0xCE, 0x94, 0xC0, 0x00, 0x0C,
-        0xE8, 0xF1, 0x76, 0x02, 0xA4, 0x30, 0x72, 0xA8, 0xFD, 0x55,
-        0x1C, 0xD1, 0xB8, 0x25, 0xF1, 0x62, 0xF6, 0xBA, 0x28, 0xFD,
-        0x30, 0xB1, 0x11, 0x63, 0xF7, 0xB3, 0x78, 0x54, 0x09, 0x04,
-        0xC1, 0x66, 0x12, 0xC7, 0x01, 0xAE, 0x99, 0xE3, 0x55, 0xC4,
-        0x29, 0xBD, 0x1B, 0x1A, 0xDA, 0xB9, 0x77, 0xFD, 0x04, 0xDB,
-        0xB1, 0x68, 0x56, 0x35, 0x65, 0xE1, 0xAA, 0x67, 0xC8, 0xAC,
-        0xBE, 0xE5, 0xF8, 0x27, 0xFB, 0xB4, 0x51, 0x4F, 0x38, 0xE5,
-        0xDE, 0x09, 0xA6, 0x81, 0xA9, 0xEF, 0xDC, 0xD6, 0x4A, 0x96,
-        0x47, 0xB8, 0x38, 0x14, 0xF8, 0x25, 0x5D, 0xAC, 0xF3, 0xE5,
-        0x3B, 0xF2, 0x1B, 0x70, 0x32, 0x3B, 0x2D, 0xFA, 0x20, 0xCA,
-        0x2E, 0xA5, 0xCA, 0x13, 0x9D, 0x84, 0xD2, 0xD4, 0x35, 0x16,
-        0x58, 0x6E, 0x52, 0x5E, 0x09, 0x61, 0x83, 0xC2, 0xE2, 0x56,
-        0x2C, 0xAB, 0x52, 0xBF, 0x54, 0xDC, 0xBD, 0xF3, 0xBF, 0xA7,
-        0x16, 0x6E, 0x0E, 0xCA, 0x68, 0x54, 0xD1, 0x5C, 0x4D, 0x06,
-        0x7A, 0x93, 0x47, 0x1C, 0xCC, 0xA9, 0x66, 0xDA, 0x69, 0x0F,
-        0xF9, 0x1F, 0x25, 0x64, 0x29, 0x40, 0x97, 0x50, 0x3B, 0xCF,
-        0x0C, 0x50, 0x9B, 0x4D, 0xFF, 0x60, 0xBC, 0xD3, 0xE4, 0xA0,
-        0xB7, 0x64, 0xC6, 0x66, 0x2A, 0xF6, 0x02, 0xE2, 0x3F, 0x92,
-        0x31, 0x3B, 0xD7, 0xEA, 0x1A, 0xC3, 0x1A, 0x0C, 0x19, 0x88,
-        0xAB, 0x5F, 0x74, 0xB7, 0x9D, 0x7B, 0x8D, 0x4D, 0x3A, 0x84,
-        0x43, 0xF2, 0x67, 0xB1, 0xBE, 0xA0, 0x9E, 0xFD, 0x3D, 0xAA,
-        0xC1, 0x38, 0x1A, 0xDF, 0xAC, 0x30, 0xFE, 0x63, 0x69, 0xAF,
-        0xD6, 0xF2, 0x21, 0x63, 0x11, 0x63, 0x29, 0xAC, 0x63, 0x9E,
-        0x9F, 0x9F, 0xC4, 0x53, 0xB3, 0xDB, 0x78, 0xC0, 0x2D, 0x79,
-        0x68, 0x1F, 0xD2, 0xD1, 0x36, 0xD1, 0xFB, 0xE3, 0xC0, 0xA7,
-        0x31, 0xEB, 0x15, 0x63, 0x99, 0x0B, 0x93, 0x9D, 0x87, 0xC7,
-        0xFE, 0x56, 0x5D, 0xFC, 0xE7, 0x29, 0x2A, 0x9E, 0x15, 0xBE,
-        0xEF, 0x54, 0xE7, 0x0F, 0x6D, 0x9B, 0x36, 0xB6, 0x17
+        0x03, 0x82, 0x01, 0x81, 0x00, 0x5E, 0xB0, 0xED, 0x38, 0x36,
+        0xB8, 0xF7, 0xE4, 0x0C, 0xB0, 0xC3, 0x6A, 0xBB, 0x7A, 0xB9,
+        0x61, 0x05, 0x9D, 0xB9, 0x82, 0x12, 0x2D, 0x9C, 0x9E, 0x91,
+        0x7B, 0xEC, 0xD0, 0x9B, 0x81, 0xCA, 0x51, 0xE8, 0xD4, 0x55,
+        0x2D, 0x1A, 0xFF, 0x88, 0x5A, 0xC3, 0xE1, 0xD8, 0x82, 0x17,
+        0xC5, 0x4A, 0x7A, 0xD4, 0x17, 0xC8, 0xA2, 0x1C, 0x97, 0x61,
+        0xA7, 0xCF, 0xDE, 0x12, 0xF9, 0x5A, 0xD8, 0xB0, 0x63, 0x63,
+        0x84, 0xD4, 0x7B, 0xB9, 0x81, 0x37, 0xA0, 0x49, 0xF3, 0x68,
+        0x30, 0x0C, 0x84, 0xF8, 0x6C, 0x18, 0x54, 0x34, 0x6F, 0x8D,
+        0xA3, 0x22, 0xD3, 0xD2, 0x3B, 0x42, 0xBC, 0x3B, 0x28, 0x0F,
+        0x95, 0x35, 0xF4, 0x9F, 0xDC, 0x18, 0x9D, 0x4F, 0xC5, 0x5F,
+        0x0D, 0xD2, 0xBD, 0x88, 0xB8, 0xA7, 0x88, 0x82, 0xD3, 0x74,
+        0x5B, 0xA6, 0xAD, 0xB0, 0x2B, 0x70, 0x33, 0xC9, 0x08, 0x7E,
+        0x5F, 0x9B, 0x99, 0x3C, 0x61, 0xF0, 0x1B, 0x3C, 0x1C, 0x4A,
+        0x2A, 0x05, 0x84, 0xF1, 0x47, 0x17, 0xA2, 0xEA, 0x06, 0x3A,
+        0xDC, 0xF6, 0xB3, 0x83, 0x30, 0x9C, 0x12, 0xB1, 0x4C, 0xE9,
+        0xBE, 0x40, 0x86, 0x3E, 0x72, 0x58, 0x4E, 0x44, 0xB8, 0x99,
+        0x59, 0xC3, 0x58, 0x0F, 0xD7, 0xCF, 0x02, 0x60, 0x77, 0xAD,
+        0x6F, 0x9C, 0x41, 0x58, 0xEF, 0x78, 0x63, 0xC0, 0xF7, 0x7D,
+        0xA7, 0xED, 0x67, 0xC2, 0x49, 0xAE, 0x06, 0xFC, 0x46, 0xF7,
+        0x70, 0x53, 0x88, 0xEB, 0x53, 0x2F, 0x25, 0x8D, 0x7A, 0xAC,
+        0xAB, 0xC4, 0xB5, 0xB0, 0x27, 0x90, 0x57, 0xD0, 0x31, 0x79,
+        0x2F, 0xAD, 0xDA, 0x20, 0xC1, 0x6A, 0x00, 0xCC, 0xD9, 0xB4,
+        0x36, 0x5A, 0x90, 0x99, 0x3D, 0xE3, 0xE2, 0xF4, 0xB6, 0xE7,
+        0x85, 0x16, 0x77, 0x3D, 0x69, 0xBB, 0x42, 0x6C, 0xA5, 0x83,
+        0x45, 0x9F, 0x53, 0xC4, 0x43, 0x78, 0x17, 0x43, 0xBD, 0x27,
+        0xC0, 0x6E, 0x4B, 0x40, 0x0F, 0x64, 0x0B, 0xAC, 0x38, 0x1E,
+        0x09, 0x6D, 0x62, 0x5A, 0x54, 0x8A, 0x2C, 0x96, 0x99, 0x23,
+        0xDB, 0xF5, 0x4B, 0x4A, 0xAA, 0x69, 0xBE, 0x6E, 0x8A, 0x9A,
+        0x3E, 0xD5, 0xE6, 0xA3, 0xA9, 0xA9, 0xE9, 0xE8, 0xA9, 0x28,
+        0x28, 0x3B, 0xF9, 0x9D, 0xD9, 0x5F, 0xE3, 0xCB, 0x2B, 0x2B,
+        0x38, 0xBA, 0xF1, 0xBC, 0x45, 0xD8, 0x4A, 0x5A, 0xB1, 0xB3,
+        0x8A, 0x48, 0x64, 0x78, 0x33, 0x21, 0x55, 0xCD, 0x04, 0x14,
+        0xE7, 0x7B, 0x73, 0xC2, 0xB6, 0xF2, 0xDE, 0x81, 0x01, 0xD8,
+        0x8D, 0xC6, 0xCF, 0xF2, 0x85, 0x0F, 0x32, 0x72, 0x0F, 0x6C,
+        0x60, 0xBE, 0xF5, 0x31, 0x75, 0x39, 0x4B, 0xE3, 0xAE, 0xED,
+        0x0C, 0x1E, 0x15, 0x83, 0xAC, 0xF9, 0x4C, 0x86, 0xCF, 0xDF,
+        0x54, 0xB0, 0x7C, 0x6F, 0xF5, 0xDE, 0x26, 0x66, 0xC0, 0xBA,
+        0x85, 0x38, 0xD0, 0x25, 0xFE, 0xB9, 0xBF, 0x12, 0x98
 };
 static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072);
 
@@ -2901,241 +2904,244 @@ static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072);
 /* ./certs/4096/client-key.der, 4096-bit */
 static const unsigned char client_key_der_4096[] =
 {
-        0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
-        0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3,
-        0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC,
-        0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A,
-        0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF,
-        0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE,
-        0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1,
-        0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB,
-        0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F,
-        0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1,
-        0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07,
-        0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB,
-        0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC,
-        0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F,
-        0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64,
-        0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C,
-        0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0,
-        0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A,
-        0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37,
-        0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB,
-        0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E,
-        0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22,
-        0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F,
-        0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6,
-        0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89,
-        0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06,
-        0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE,
-        0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D,
-        0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8,
-        0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80,
-        0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7,
-        0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C,
-        0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96,
-        0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59,
-        0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E,
-        0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28,
-        0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B,
-        0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF,
-        0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54,
-        0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC,
-        0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3,
-        0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72,
-        0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61,
-        0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A,
-        0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7,
-        0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5,
-        0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06, 0x20,
-        0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E,
-        0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E,
-        0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08,
-        0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4,
-        0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2,
-        0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
-        0x82, 0x02, 0x01, 0x00, 0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68,
-        0x1A, 0x8E, 0xC6, 0x63, 0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2,
-        0x74, 0xEA, 0x12, 0xC4, 0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6,
-        0x9E, 0x1A, 0x7F, 0x95, 0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27,
-        0x26, 0x95, 0x5A, 0x91, 0x09, 0xE4, 0x40, 0x13, 0x45, 0x91,
-        0x9F, 0xA0, 0x2B, 0xE8, 0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C,
-        0xC2, 0x0F, 0xA9, 0xE9, 0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D,
-        0x92, 0x3E, 0xFC, 0x74, 0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21,
-        0x92, 0x4D, 0x28, 0x82, 0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2,
-        0x8C, 0x29, 0x1C, 0x19, 0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5,
-        0x2D, 0xA3, 0xC7, 0x28, 0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8,
-        0xD0, 0xFF, 0xF0, 0x0F, 0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6,
-        0xED, 0x0D, 0x5F, 0xBF, 0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3,
-        0xEF, 0x86, 0xE9, 0x51, 0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F,
-        0xE9, 0x5F, 0x3C, 0x94, 0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1,
-        0x6C, 0xE9, 0xF3, 0xA6, 0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B,
-        0x20, 0xD5, 0x2F, 0xDE, 0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49,
-        0x6B, 0xF5, 0x10, 0x85, 0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C,
-        0xA0, 0x4A, 0x4C, 0xDA, 0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC,
-        0xF8, 0xDD, 0xA3, 0x3B, 0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9,
-        0x97, 0x5B, 0x07, 0x95, 0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C,
-        0xE8, 0x8F, 0x4C, 0x4C, 0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE,
-        0xDE, 0x16, 0x31, 0xF6, 0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC,
-        0xAF, 0x2E, 0x47, 0xE8, 0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90,
-        0x98, 0x99, 0xA4, 0xDC, 0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB,
-        0x08, 0x93, 0xAF, 0x61, 0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89,
-        0x64, 0x10, 0xE1, 0xE6, 0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6,
-        0x5A, 0x89, 0x83, 0xFC, 0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12,
-        0xCC, 0x72, 0xBB, 0x1E, 0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E,
-        0xB9, 0x2E, 0x8E, 0x84, 0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A,
-        0x6F, 0x9D, 0x19, 0xE6, 0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23,
-        0x16, 0x9A, 0x68, 0x2C, 0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE,
-        0x8E, 0xEC, 0x5E, 0x46, 0x9D, 0x60, 0x52, 0x32, 0x17, 0x28,
-        0x59, 0xC4, 0x49, 0x2A, 0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6,
-        0x3D, 0xF7, 0xC5, 0xCF, 0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D,
-        0xBE, 0xF4, 0x63, 0xFC, 0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6,
-        0xAD, 0x35, 0xEE, 0xDE, 0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE,
-        0x33, 0xA0, 0xA8, 0xFC, 0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB,
-        0x03, 0x19, 0xA1, 0xE8, 0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE,
-        0xFE, 0xF2, 0x5F, 0xBB, 0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35,
-        0x57, 0xDD, 0xE5, 0x50, 0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2,
-        0x7A, 0x11, 0xB1, 0x43, 0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69,
-        0xB9, 0xE5, 0xA5, 0xC9, 0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5,
-        0x95, 0xB9, 0x58, 0xC0, 0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD,
-        0x84, 0xB1, 0x2B, 0x67, 0x42, 0x82, 0xC3, 0x95, 0x55, 0x45,
-        0xD5, 0xEA, 0xC3, 0x8A, 0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD,
-        0xD2, 0xEA, 0xFC, 0xDF, 0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03,
-        0x19, 0xB2, 0x1D, 0x4A, 0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86,
-        0xC5, 0x1A, 0x10, 0xC3, 0x08, 0xD2, 0xED, 0x85, 0x93, 0x08,
-        0x51, 0x05, 0xA6, 0x37, 0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63,
-        0x01, 0x5D, 0x5B, 0x4F, 0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91,
-        0x21, 0xE4, 0x8E, 0xB7, 0xF0, 0x81, 0x02, 0x82, 0x01, 0x01,
-        0x00, 0xFD, 0x27, 0xC8, 0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB,
-        0x8A, 0x22, 0x87, 0x61, 0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4,
-        0x5C, 0x8A, 0xCA, 0x5C, 0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66,
-        0x90, 0x2C, 0xA3, 0xED, 0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42,
-        0xB4, 0xE0, 0xE0, 0x45, 0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B,
-        0x8E, 0x7D, 0x9D, 0x73, 0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9,
-        0x8C, 0xAD, 0x3A, 0x64, 0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F,
-        0x4B, 0xC9, 0xBD, 0x4F, 0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F,
-        0xE2, 0x99, 0x72, 0x66, 0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF,
-        0x3A, 0x20, 0x37, 0x2A, 0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA,
-        0x18, 0xB1, 0x1F, 0x6E, 0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82,
-        0x9B, 0xDB, 0x50, 0x6B, 0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9,
-        0x81, 0x11, 0x04, 0x14, 0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5,
-        0xF9, 0x7C, 0xA1, 0x78, 0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F,
-        0x79, 0x88, 0x8D, 0x14, 0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42,
-        0xB9, 0xE8, 0x59, 0x76, 0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF,
-        0x0A, 0xC1, 0x42, 0xC7, 0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91,
-        0x4B, 0x1E, 0xF8, 0x46, 0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E,
-        0xC8, 0xD0, 0x31, 0xD3, 0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30,
-        0x0C, 0x58, 0xD8, 0xB7, 0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64,
-        0x6D, 0xE4, 0xC6, 0x59, 0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8,
-        0xC4, 0x84, 0x44, 0x7E, 0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1,
-        0x27, 0x96, 0xB2, 0x19, 0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3,
-        0xD7, 0x1F, 0xCD, 0x1B, 0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F,
-        0x98, 0x05, 0x47, 0x46, 0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF,
-        0x53, 0xE3, 0xC5, 0xB1, 0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01,
-        0x01, 0x00, 0xF8, 0x93, 0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9,
-        0xC4, 0x0A, 0xC3, 0xE8, 0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE,
-        0x14, 0xE7, 0x43, 0xC6, 0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E,
-        0x08, 0x6A, 0x19, 0x6B, 0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B,
-        0xDA, 0xFE, 0x4B, 0x94, 0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5,
-        0x43, 0x70, 0xFB, 0x01, 0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D,
-        0x51, 0xEE, 0xA0, 0xDC, 0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0,
-        0x86, 0xB7, 0x83, 0xFF, 0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE,
-        0xC4, 0x26, 0x36, 0xBC, 0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90,
-        0x97, 0xE5, 0xA6, 0x38, 0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23,
-        0xD2, 0x33, 0x1F, 0x81, 0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38,
-        0x10, 0x03, 0xE6, 0x88, 0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2,
-        0x4D, 0x27, 0x33, 0x85, 0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82,
-        0x58, 0xD9, 0xDF, 0xEE, 0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF,
-        0x06, 0x12, 0x16, 0xD1, 0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A,
-        0xBD, 0xE2, 0xCF, 0x56, 0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4,
-        0x73, 0x0A, 0x98, 0x8D, 0x61, 0x84, 0x38, 0x46, 0xDC, 0x95,
-        0xCF, 0x3F, 0x6B, 0xE7, 0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57,
-        0xE2, 0x3D, 0xC4, 0x2B, 0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F,
-        0xC0, 0x06, 0x12, 0x8C, 0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81,
-        0xC3, 0x23, 0x15, 0xEB, 0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E,
-        0x59, 0xFA, 0x10, 0xCA, 0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86,
-        0x26, 0x1E, 0x55, 0xB9, 0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5,
-        0xD9, 0x63, 0x8D, 0x51, 0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33,
-        0x10, 0x21, 0x5E, 0xEC, 0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC,
-        0x3E, 0x50, 0xF5, 0xBE, 0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82,
-        0x01, 0x00, 0x21, 0x7C, 0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68,
-        0xA7, 0xAD, 0xDD, 0x05, 0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6,
-        0x42, 0x70, 0x8F, 0x57, 0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05,
-        0x56, 0x9C, 0xC9, 0x9A, 0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F,
-        0xA6, 0x0D, 0x41, 0x15, 0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25,
-        0x02, 0x63, 0x55, 0xD0, 0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41,
-        0x46, 0x96, 0xAA, 0x2F, 0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F,
-        0xD0, 0xD3, 0x28, 0x9B, 0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3,
-        0xE2, 0x8E, 0x79, 0xD7, 0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6,
-        0xDA, 0x07, 0xF9, 0x4C, 0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1,
-        0xFA, 0x05, 0x0C, 0x20, 0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A,
-        0xDE, 0xCE, 0xF9, 0x02, 0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A,
-        0x8D, 0x8C, 0x3A, 0x10, 0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A,
-        0x36, 0x41, 0x4B, 0x30, 0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD,
-        0x7D, 0x2B, 0x89, 0x59, 0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0,
-        0x25, 0x68, 0x6C, 0x08, 0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08,
-        0xB2, 0xC6, 0x3C, 0x6C, 0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8,
-        0x5C, 0x7B, 0xC0, 0x5B, 0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99,
-        0x46, 0xE2, 0x5F, 0x4F, 0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B,
-        0x33, 0x10, 0xDF, 0x0B, 0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A,
-        0xF2, 0x1A, 0xEB, 0x41, 0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96,
-        0x88, 0x46, 0xEE, 0x6C, 0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E,
-        0xD4, 0x3F, 0x05, 0x5B, 0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63,
-        0xCA, 0xC4, 0x71, 0x0B, 0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4,
-        0x12, 0x8C, 0x4C, 0x5E, 0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61,
-        0x0C, 0x74, 0x5F, 0x53, 0xBE, 0x39, 0x34, 0x61, 0x02, 0x82,
-        0x01, 0x00, 0x5F, 0xF2, 0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E,
-        0xCC, 0x96, 0x5F, 0x32, 0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73,
-        0xBC, 0xCB, 0xDB, 0xF4, 0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95,
-        0x80, 0x97, 0xFB, 0xC1, 0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2,
-        0x2C, 0x00, 0xF6, 0x89, 0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C,
-        0x87, 0x60, 0xC7, 0xF2, 0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37,
-        0x4E, 0x95, 0xEE, 0xCF, 0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D,
-        0x95, 0x82, 0xA6, 0xD7, 0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB,
-        0x94, 0x09, 0x30, 0x1D, 0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A,
-        0x3E, 0x27, 0xAD, 0xF6, 0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03,
-        0xCF, 0xB2, 0x5E, 0x1A, 0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75,
-        0x92, 0x70, 0xFE, 0xFE, 0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D,
-        0x45, 0xBC, 0xB8, 0xFD, 0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE,
-        0x9A, 0x7F, 0x57, 0x19, 0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B,
-        0xAC, 0x6B, 0x35, 0x15, 0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7,
-        0x2E, 0xAE, 0xAA, 0xDB, 0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB,
-        0xE4, 0x90, 0x15, 0x7C, 0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13,
-        0x02, 0x91, 0x77, 0x84, 0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01,
-        0x0B, 0x5A, 0x4E, 0x2B, 0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61,
-        0x1B, 0x6C, 0xFC, 0xA1, 0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C,
-        0x7E, 0x97, 0x3F, 0x71, 0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12,
-        0xEC, 0x26, 0x43, 0x6E, 0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D,
-        0x12, 0xFF, 0xA8, 0x95, 0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55,
-        0xC3, 0x68, 0xD2, 0xF6, 0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2,
-        0xC9, 0x2A, 0x28, 0x6A, 0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A,
-        0x26, 0x6F, 0xB7, 0xBB, 0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82,
-        0x01, 0x00, 0x56, 0xBA, 0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E,
-        0x1B, 0x1E, 0x2F, 0xF3, 0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68,
-        0x4A, 0xE1, 0xEA, 0xB3, 0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA,
-        0x63, 0x5E, 0xDF, 0x05, 0x24, 0x32, 0x71, 0x65, 0x1A, 0x36,
-        0x2F, 0xBC, 0x07, 0x75, 0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95,
-        0x4D, 0x3F, 0xC9, 0x06, 0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95,
-        0xAB, 0x9A, 0xEB, 0x04, 0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56,
-        0x53, 0xA2, 0x28, 0xF2, 0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63,
-        0xAC, 0x9B, 0x56, 0xA9, 0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70,
-        0xFF, 0x2B, 0x6D, 0x0C, 0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1,
-        0xA7, 0x4B, 0x5E, 0x49, 0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58,
-        0x13, 0x66, 0x8F, 0x2F, 0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94,
-        0x30, 0x3E, 0xEC, 0x96, 0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30,
-        0xB4, 0xEB, 0x41, 0x00, 0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE,
-        0x31, 0x70, 0x17, 0x39, 0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B,
-        0x90, 0x20, 0xBC, 0x39, 0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C,
-        0x4F, 0x45, 0x6B, 0x82, 0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F,
-        0x2D, 0x83, 0xB3, 0x3D, 0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54,
-        0x2E, 0xFE, 0x16, 0x2E, 0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1,
-        0xD8, 0xBB, 0x87, 0xE1, 0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8,
-        0x00, 0x3E, 0x49, 0x8A, 0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31,
-        0x31, 0x21, 0x98, 0x18, 0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7,
-        0x9B, 0x09, 0x2E, 0xBB, 0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1,
-        0x44, 0x75, 0x80, 0x1D, 0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0,
-        0xFC, 0x19, 0x3C, 0xFF, 0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1,
-        0x4E, 0xFE, 0x4D, 0x2B, 0x4B, 0x18, 0xE6, 0xCE
+        0x30, 0x82, 0x09, 0x42, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+        0x05, 0x00, 0x04, 0x82, 0x09, 0x2C, 0x30, 0x82, 0x09, 0x28,
+        0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xF5, 0xD0,
+        0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3, 0x07, 0x50, 0xDD, 0x16,
+        0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC, 0x46, 0x0E, 0x57, 0x12,
+        0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A, 0x33, 0xEA, 0x4F, 0xD9,
+        0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF, 0x59, 0x11, 0x08, 0x02,
+        0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE, 0x0C, 0xDC, 0x87, 0xD4,
+        0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1, 0x76, 0x5A, 0x62, 0x37,
+        0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB, 0x1E, 0x6D, 0x29, 0x75,
+        0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F, 0x87, 0xCB, 0x14, 0x95,
+        0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1, 0x4C, 0xDA, 0xD7, 0x91,
+        0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07, 0x1A, 0x76, 0x4D, 0xB0,
+        0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB, 0xBA, 0xCB, 0x25, 0xD9,
+        0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC, 0x40, 0xE9, 0x36, 0xCD,
+        0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F, 0x36, 0xEB, 0xA5, 0x4E,
+        0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64, 0x62, 0x7A, 0x3F, 0x0D,
+        0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C, 0xA8, 0x8F, 0xE9, 0xED,
+        0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0, 0x03, 0xAC, 0xE3, 0x03,
+        0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A, 0x7E, 0x08, 0xB1, 0xD3,
+        0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37, 0x50, 0x43, 0xC2, 0x6A,
+        0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB, 0x8D, 0x3F, 0x81, 0x02,
+        0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E, 0x80, 0x0C, 0x04, 0x25,
+        0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22, 0x35, 0x4A, 0xF4, 0x85,
+        0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F, 0xA2, 0x3B, 0x24, 0x00,
+        0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6, 0xAC, 0x31, 0x12, 0xDB,
+        0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89, 0x4A, 0x39, 0x60, 0x77,
+        0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06, 0xF1, 0x95, 0x56, 0x2A,
+        0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE, 0x58, 0x44, 0xAC, 0x46,
+        0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D, 0xA1, 0xD3, 0x55, 0x37,
+        0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8, 0xA7, 0x61, 0x48, 0x41,
+        0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80, 0x23, 0x7D, 0x43, 0xB4,
+        0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7, 0x44, 0x19, 0x4D, 0x77,
+        0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C, 0x2F, 0xD6, 0x5A, 0x44,
+        0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96, 0x40, 0x99, 0x2C, 0x56,
+        0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59, 0xD7, 0x2C, 0xD4, 0xB4,
+        0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E, 0xFB, 0xFF, 0x04, 0xEB,
+        0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28, 0x4F, 0x5C, 0x17, 0x96,
+        0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B, 0x1B, 0x48, 0x40, 0x25,
+        0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF, 0x73, 0x76, 0xDA, 0xEB,
+        0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54, 0x6A, 0x93, 0xE1, 0x8D,
+        0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC, 0x87, 0x02, 0x30, 0x22,
+        0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3, 0xAE, 0xE4, 0x02, 0x9B,
+        0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72, 0xE9, 0x8D, 0x13, 0x2D,
+        0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61, 0x71, 0xC9, 0xCC, 0x48,
+        0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A, 0xDF, 0x67, 0xD3, 0x20,
+        0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7, 0x0E, 0x63, 0x16, 0x83,
+        0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5, 0x2A, 0x5C, 0x45, 0x54,
+        0x13, 0xB2, 0x81, 0x18, 0x06, 0x20, 0x2E, 0x2E, 0x66, 0x5A,
+        0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E, 0x89, 0x01, 0x56, 0x70,
+        0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E, 0xD1, 0xB9, 0x3A, 0xB7,
+        0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14,
+        0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31,
+        0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB,
+        0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x02, 0x01, 0x00,
+        0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68, 0x1A, 0x8E, 0xC6, 0x63,
+        0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2, 0x74, 0xEA, 0x12, 0xC4,
+        0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6, 0x9E, 0x1A, 0x7F, 0x95,
+        0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27, 0x26, 0x95, 0x5A, 0x91,
+        0x09, 0xE4, 0x40, 0x13, 0x45, 0x91, 0x9F, 0xA0, 0x2B, 0xE8,
+        0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C, 0xC2, 0x0F, 0xA9, 0xE9,
+        0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D, 0x92, 0x3E, 0xFC, 0x74,
+        0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21, 0x92, 0x4D, 0x28, 0x82,
+        0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2, 0x8C, 0x29, 0x1C, 0x19,
+        0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5, 0x2D, 0xA3, 0xC7, 0x28,
+        0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8, 0xD0, 0xFF, 0xF0, 0x0F,
+        0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6, 0xED, 0x0D, 0x5F, 0xBF,
+        0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3, 0xEF, 0x86, 0xE9, 0x51,
+        0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F, 0xE9, 0x5F, 0x3C, 0x94,
+        0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1, 0x6C, 0xE9, 0xF3, 0xA6,
+        0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B, 0x20, 0xD5, 0x2F, 0xDE,
+        0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49, 0x6B, 0xF5, 0x10, 0x85,
+        0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C, 0xA0, 0x4A, 0x4C, 0xDA,
+        0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC, 0xF8, 0xDD, 0xA3, 0x3B,
+        0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9, 0x97, 0x5B, 0x07, 0x95,
+        0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C, 0xE8, 0x8F, 0x4C, 0x4C,
+        0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE, 0xDE, 0x16, 0x31, 0xF6,
+        0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC, 0xAF, 0x2E, 0x47, 0xE8,
+        0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90, 0x98, 0x99, 0xA4, 0xDC,
+        0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB, 0x08, 0x93, 0xAF, 0x61,
+        0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89, 0x64, 0x10, 0xE1, 0xE6,
+        0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6, 0x5A, 0x89, 0x83, 0xFC,
+        0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12, 0xCC, 0x72, 0xBB, 0x1E,
+        0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E, 0xB9, 0x2E, 0x8E, 0x84,
+        0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A, 0x6F, 0x9D, 0x19, 0xE6,
+        0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23, 0x16, 0x9A, 0x68, 0x2C,
+        0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE, 0x8E, 0xEC, 0x5E, 0x46,
+        0x9D, 0x60, 0x52, 0x32, 0x17, 0x28, 0x59, 0xC4, 0x49, 0x2A,
+        0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6, 0x3D, 0xF7, 0xC5, 0xCF,
+        0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D, 0xBE, 0xF4, 0x63, 0xFC,
+        0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6, 0xAD, 0x35, 0xEE, 0xDE,
+        0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE, 0x33, 0xA0, 0xA8, 0xFC,
+        0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB, 0x03, 0x19, 0xA1, 0xE8,
+        0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE, 0xFE, 0xF2, 0x5F, 0xBB,
+        0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35, 0x57, 0xDD, 0xE5, 0x50,
+        0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2, 0x7A, 0x11, 0xB1, 0x43,
+        0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69, 0xB9, 0xE5, 0xA5, 0xC9,
+        0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5, 0x95, 0xB9, 0x58, 0xC0,
+        0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD, 0x84, 0xB1, 0x2B, 0x67,
+        0x42, 0x82, 0xC3, 0x95, 0x55, 0x45, 0xD5, 0xEA, 0xC3, 0x8A,
+        0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD, 0xD2, 0xEA, 0xFC, 0xDF,
+        0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03, 0x19, 0xB2, 0x1D, 0x4A,
+        0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86, 0xC5, 0x1A, 0x10, 0xC3,
+        0x08, 0xD2, 0xED, 0x85, 0x93, 0x08, 0x51, 0x05, 0xA6, 0x37,
+        0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63, 0x01, 0x5D, 0x5B, 0x4F,
+        0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91, 0x21, 0xE4, 0x8E, 0xB7,
+        0xF0, 0x81, 0x02, 0x82, 0x01, 0x01, 0x00, 0xFD, 0x27, 0xC8,
+        0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB, 0x8A, 0x22, 0x87, 0x61,
+        0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4, 0x5C, 0x8A, 0xCA, 0x5C,
+        0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66, 0x90, 0x2C, 0xA3, 0xED,
+        0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42, 0xB4, 0xE0, 0xE0, 0x45,
+        0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B, 0x8E, 0x7D, 0x9D, 0x73,
+        0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9, 0x8C, 0xAD, 0x3A, 0x64,
+        0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F, 0x4B, 0xC9, 0xBD, 0x4F,
+        0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F, 0xE2, 0x99, 0x72, 0x66,
+        0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF, 0x3A, 0x20, 0x37, 0x2A,
+        0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA, 0x18, 0xB1, 0x1F, 0x6E,
+        0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82, 0x9B, 0xDB, 0x50, 0x6B,
+        0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9, 0x81, 0x11, 0x04, 0x14,
+        0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5, 0xF9, 0x7C, 0xA1, 0x78,
+        0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F, 0x79, 0x88, 0x8D, 0x14,
+        0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42, 0xB9, 0xE8, 0x59, 0x76,
+        0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF, 0x0A, 0xC1, 0x42, 0xC7,
+        0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91, 0x4B, 0x1E, 0xF8, 0x46,
+        0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E, 0xC8, 0xD0, 0x31, 0xD3,
+        0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30, 0x0C, 0x58, 0xD8, 0xB7,
+        0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64, 0x6D, 0xE4, 0xC6, 0x59,
+        0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8, 0xC4, 0x84, 0x44, 0x7E,
+        0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1, 0x27, 0x96, 0xB2, 0x19,
+        0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3, 0xD7, 0x1F, 0xCD, 0x1B,
+        0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F, 0x98, 0x05, 0x47, 0x46,
+        0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF, 0x53, 0xE3, 0xC5, 0xB1,
+        0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xF8, 0x93,
+        0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9, 0xC4, 0x0A, 0xC3, 0xE8,
+        0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE, 0x14, 0xE7, 0x43, 0xC6,
+        0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E, 0x08, 0x6A, 0x19, 0x6B,
+        0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B, 0xDA, 0xFE, 0x4B, 0x94,
+        0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5, 0x43, 0x70, 0xFB, 0x01,
+        0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D, 0x51, 0xEE, 0xA0, 0xDC,
+        0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0, 0x86, 0xB7, 0x83, 0xFF,
+        0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE, 0xC4, 0x26, 0x36, 0xBC,
+        0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90, 0x97, 0xE5, 0xA6, 0x38,
+        0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23, 0xD2, 0x33, 0x1F, 0x81,
+        0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38, 0x10, 0x03, 0xE6, 0x88,
+        0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2, 0x4D, 0x27, 0x33, 0x85,
+        0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82, 0x58, 0xD9, 0xDF, 0xEE,
+        0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF, 0x06, 0x12, 0x16, 0xD1,
+        0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A, 0xBD, 0xE2, 0xCF, 0x56,
+        0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4, 0x73, 0x0A, 0x98, 0x8D,
+        0x61, 0x84, 0x38, 0x46, 0xDC, 0x95, 0xCF, 0x3F, 0x6B, 0xE7,
+        0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57, 0xE2, 0x3D, 0xC4, 0x2B,
+        0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F, 0xC0, 0x06, 0x12, 0x8C,
+        0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81, 0xC3, 0x23, 0x15, 0xEB,
+        0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E, 0x59, 0xFA, 0x10, 0xCA,
+        0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86, 0x26, 0x1E, 0x55, 0xB9,
+        0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5, 0xD9, 0x63, 0x8D, 0x51,
+        0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33, 0x10, 0x21, 0x5E, 0xEC,
+        0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC, 0x3E, 0x50, 0xF5, 0xBE,
+        0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82, 0x01, 0x00, 0x21, 0x7C,
+        0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68, 0xA7, 0xAD, 0xDD, 0x05,
+        0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6, 0x42, 0x70, 0x8F, 0x57,
+        0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05, 0x56, 0x9C, 0xC9, 0x9A,
+        0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F, 0xA6, 0x0D, 0x41, 0x15,
+        0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25, 0x02, 0x63, 0x55, 0xD0,
+        0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41, 0x46, 0x96, 0xAA, 0x2F,
+        0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F, 0xD0, 0xD3, 0x28, 0x9B,
+        0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3, 0xE2, 0x8E, 0x79, 0xD7,
+        0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6, 0xDA, 0x07, 0xF9, 0x4C,
+        0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1, 0xFA, 0x05, 0x0C, 0x20,
+        0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A, 0xDE, 0xCE, 0xF9, 0x02,
+        0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A, 0x8D, 0x8C, 0x3A, 0x10,
+        0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A, 0x36, 0x41, 0x4B, 0x30,
+        0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD, 0x7D, 0x2B, 0x89, 0x59,
+        0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0, 0x25, 0x68, 0x6C, 0x08,
+        0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08, 0xB2, 0xC6, 0x3C, 0x6C,
+        0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8, 0x5C, 0x7B, 0xC0, 0x5B,
+        0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99, 0x46, 0xE2, 0x5F, 0x4F,
+        0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B, 0x33, 0x10, 0xDF, 0x0B,
+        0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A, 0xF2, 0x1A, 0xEB, 0x41,
+        0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96, 0x88, 0x46, 0xEE, 0x6C,
+        0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E, 0xD4, 0x3F, 0x05, 0x5B,
+        0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63, 0xCA, 0xC4, 0x71, 0x0B,
+        0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4, 0x12, 0x8C, 0x4C, 0x5E,
+        0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61, 0x0C, 0x74, 0x5F, 0x53,
+        0xBE, 0x39, 0x34, 0x61, 0x02, 0x82, 0x01, 0x00, 0x5F, 0xF2,
+        0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E, 0xCC, 0x96, 0x5F, 0x32,
+        0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73, 0xBC, 0xCB, 0xDB, 0xF4,
+        0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95, 0x80, 0x97, 0xFB, 0xC1,
+        0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2, 0x2C, 0x00, 0xF6, 0x89,
+        0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C, 0x87, 0x60, 0xC7, 0xF2,
+        0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37, 0x4E, 0x95, 0xEE, 0xCF,
+        0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D, 0x95, 0x82, 0xA6, 0xD7,
+        0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB, 0x94, 0x09, 0x30, 0x1D,
+        0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A, 0x3E, 0x27, 0xAD, 0xF6,
+        0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03, 0xCF, 0xB2, 0x5E, 0x1A,
+        0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75, 0x92, 0x70, 0xFE, 0xFE,
+        0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D, 0x45, 0xBC, 0xB8, 0xFD,
+        0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE, 0x9A, 0x7F, 0x57, 0x19,
+        0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B, 0xAC, 0x6B, 0x35, 0x15,
+        0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7, 0x2E, 0xAE, 0xAA, 0xDB,
+        0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB, 0xE4, 0x90, 0x15, 0x7C,
+        0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13, 0x02, 0x91, 0x77, 0x84,
+        0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01, 0x0B, 0x5A, 0x4E, 0x2B,
+        0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61, 0x1B, 0x6C, 0xFC, 0xA1,
+        0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C, 0x7E, 0x97, 0x3F, 0x71,
+        0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12, 0xEC, 0x26, 0x43, 0x6E,
+        0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D, 0x12, 0xFF, 0xA8, 0x95,
+        0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55, 0xC3, 0x68, 0xD2, 0xF6,
+        0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2, 0xC9, 0x2A, 0x28, 0x6A,
+        0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A, 0x26, 0x6F, 0xB7, 0xBB,
+        0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82, 0x01, 0x00, 0x56, 0xBA,
+        0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E, 0x1B, 0x1E, 0x2F, 0xF3,
+        0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68, 0x4A, 0xE1, 0xEA, 0xB3,
+        0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA, 0x63, 0x5E, 0xDF, 0x05,
+        0x24, 0x32, 0x71, 0x65, 0x1A, 0x36, 0x2F, 0xBC, 0x07, 0x75,
+        0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95, 0x4D, 0x3F, 0xC9, 0x06,
+        0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95, 0xAB, 0x9A, 0xEB, 0x04,
+        0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56, 0x53, 0xA2, 0x28, 0xF2,
+        0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63, 0xAC, 0x9B, 0x56, 0xA9,
+        0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70, 0xFF, 0x2B, 0x6D, 0x0C,
+        0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1, 0xA7, 0x4B, 0x5E, 0x49,
+        0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58, 0x13, 0x66, 0x8F, 0x2F,
+        0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94, 0x30, 0x3E, 0xEC, 0x96,
+        0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30, 0xB4, 0xEB, 0x41, 0x00,
+        0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE, 0x31, 0x70, 0x17, 0x39,
+        0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B, 0x90, 0x20, 0xBC, 0x39,
+        0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C, 0x4F, 0x45, 0x6B, 0x82,
+        0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F, 0x2D, 0x83, 0xB3, 0x3D,
+        0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54, 0x2E, 0xFE, 0x16, 0x2E,
+        0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1, 0xD8, 0xBB, 0x87, 0xE1,
+        0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8, 0x00, 0x3E, 0x49, 0x8A,
+        0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31, 0x31, 0x21, 0x98, 0x18,
+        0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7, 0x9B, 0x09, 0x2E, 0xBB,
+        0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1, 0x44, 0x75, 0x80, 0x1D,
+        0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0, 0xFC, 0x19, 0x3C, 0xFF,
+        0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1, 0x4E, 0xFE, 0x4D, 0x2B,
+        0x4B, 0x18, 0xE6, 0xCE
 };
 static const int sizeof_client_key_der_4096 = sizeof(client_key_der_4096);
 
@@ -3205,9 +3211,9 @@ static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096);
 static const unsigned char client_cert_der_4096[] =
 {
         0x30, 0x82, 0x07, 0x1D, 0x30, 0x82, 0x05, 0x05, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x36, 0x54, 0x05, 0x64,
-        0x52, 0xDD, 0x0E, 0x75, 0x75, 0x33, 0x7C, 0xB2, 0xCE, 0x9F,
-        0x5C, 0x48, 0x9B, 0xAB, 0x0E, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x12, 0x66, 0xC3, 0xA2, 0x08,
+        0x5C, 0xF7, 0xD0, 0x6E, 0xE9, 0xA8, 0x82, 0xA2, 0xAB, 0x9C,
+        0x0F, 0x76, 0x9E, 0x96, 0xF4, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -3225,10 +3231,10 @@ static const unsigned char client_cert_der_4096[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -3323,9 +3329,9 @@ static const unsigned char client_cert_der_4096[] =
         0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
         0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
-        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2F, 0x36,
-        0x54, 0x05, 0x64, 0x52, 0xDD, 0x0E, 0x75, 0x75, 0x33, 0x7C,
-        0xB2, 0xCE, 0x9F, 0x5C, 0x48, 0x9B, 0xAB, 0x0E, 0x30, 0x0C,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x12, 0x66,
+        0xC3, 0xA2, 0x08, 0x5C, 0xF7, 0xD0, 0x6E, 0xE9, 0xA8, 0x82,
+        0xA2, 0xAB, 0x9C, 0x0F, 0x76, 0x9E, 0x96, 0xF4, 0x30, 0x0C,
         0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
         0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
         0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
@@ -3335,58 +3341,58 @@ static const unsigned char client_cert_der_4096[] =
         0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
         0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
         0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
-        0x02, 0x01, 0x00, 0xC2, 0x72, 0x38, 0x27, 0xF0, 0x5C, 0x45,
-        0x04, 0x4B, 0x09, 0x0E, 0x5D, 0x98, 0x6E, 0x38, 0x6A, 0xBC,
-        0xFB, 0xA8, 0x85, 0x4F, 0xF2, 0x04, 0x38, 0x63, 0x4F, 0x86,
-        0x4F, 0x3C, 0xF5, 0xFD, 0xF8, 0xCD, 0x89, 0x09, 0x76, 0x72,
-        0x47, 0x97, 0xDF, 0xF8, 0x17, 0x6A, 0x81, 0x3A, 0xB2, 0xB4,
-        0xFC, 0xAC, 0xE9, 0xFC, 0xE2, 0x47, 0x9B, 0x07, 0x6D, 0x9C,
-        0x53, 0xED, 0xD8, 0x64, 0xBC, 0x6C, 0x4D, 0xA9, 0xBD, 0x3E,
-        0x5E, 0xCD, 0x61, 0xBC, 0x8E, 0x82, 0x20, 0xB2, 0x50, 0xBC,
-        0x9E, 0x72, 0xE6, 0x9F, 0x40, 0xFF, 0x6C, 0x4B, 0x38, 0xF8,
-        0x4B, 0x82, 0x0F, 0x7E, 0x49, 0xCD, 0x45, 0x5C, 0xCD, 0x44,
-        0xDE, 0x47, 0x25, 0xB3, 0x57, 0xD0, 0x1A, 0x0D, 0x8D, 0x4D,
-        0xC7, 0xEA, 0x23, 0xFA, 0x03, 0xE8, 0x86, 0xD8, 0x37, 0x89,
-        0x84, 0x2E, 0xE8, 0x53, 0x7A, 0x77, 0xBE, 0x94, 0xEC, 0x70,
-        0xE7, 0xC4, 0x7B, 0x8F, 0x6F, 0x28, 0x67, 0x33, 0x89, 0xEC,
-        0xC9, 0xDF, 0x98, 0x6D, 0x4A, 0xD9, 0xC6, 0x7B, 0xD3, 0xB5,
-        0x82, 0xD0, 0x8A, 0xCE, 0x8F, 0x06, 0xBF, 0xA2, 0xF7, 0xDE,
-        0x4A, 0x45, 0x22, 0x6F, 0xFF, 0x41, 0x6F, 0x08, 0xF5, 0xC3,
-        0x65, 0x25, 0x27, 0xFB, 0x43, 0x3E, 0xCC, 0x25, 0x0A, 0xD3,
-        0x3D, 0xD2, 0x34, 0x9F, 0x89, 0x6B, 0xE2, 0x97, 0x9C, 0x42,
-        0xD9, 0x3E, 0x64, 0x03, 0x45, 0x5F, 0x07, 0x95, 0xED, 0x1A,
-        0x70, 0x6A, 0xBE, 0x3E, 0x7F, 0x7F, 0x16, 0xBE, 0x47, 0xA6,
-        0x6D, 0x3B, 0x0D, 0x27, 0xB3, 0x89, 0xB1, 0xF1, 0xF6, 0xCE,
-        0x99, 0x71, 0x18, 0xB6, 0xC0, 0xC5, 0x9E, 0x76, 0x7A, 0x8E,
-        0xFB, 0x4A, 0xBE, 0x4F, 0xCD, 0xBC, 0x21, 0xA9, 0x4E, 0x9C,
-        0xFC, 0x48, 0x86, 0xFF, 0xE4, 0x63, 0x14, 0x96, 0x3A, 0xEB,
-        0xC8, 0x48, 0xAE, 0x27, 0xBD, 0x43, 0x0C, 0x27, 0x85, 0xE1,
-        0x25, 0x1A, 0x69, 0x48, 0x6C, 0xE7, 0x11, 0xF8, 0xF3, 0x68,
-        0x9D, 0xEE, 0x15, 0x1A, 0xBE, 0xAD, 0x46, 0x33, 0x24, 0x3D,
-        0xBE, 0xB8, 0x0E, 0x6E, 0x4D, 0xEF, 0x12, 0xB6, 0xAE, 0x1B,
-        0x88, 0xBD, 0x0E, 0xA6, 0xFF, 0x91, 0x08, 0xDC, 0xED, 0xAF,
-        0xFA, 0x13, 0x2B, 0xF2, 0xB4, 0x2C, 0xEA, 0x72, 0xC2, 0x85,
-        0xD6, 0xEE, 0x64, 0x09, 0xE1, 0x4E, 0x1A, 0x5A, 0xBD, 0xC2,
-        0x44, 0xC2, 0x95, 0x82, 0x59, 0x0A, 0xD8, 0x27, 0xBC, 0x48,
-        0x4A, 0x8A, 0xA3, 0xC3, 0x77, 0xAC, 0x92, 0xB6, 0x8B, 0x0B,
-        0x13, 0xE2, 0x87, 0xEC, 0x21, 0x7E, 0x7E, 0x52, 0x29, 0x51,
-        0x5C, 0x59, 0xE1, 0xC8, 0xDB, 0x05, 0xCE, 0x9E, 0xF4, 0x36,
-        0xD8, 0x63, 0x42, 0x45, 0x71, 0x9A, 0xEE, 0x0E, 0x24, 0xB0,
-        0xBA, 0xA5, 0xA5, 0xAA, 0xC9, 0xEE, 0x9E, 0xA3, 0xE3, 0xE9,
-        0x7F, 0xC6, 0x64, 0x6C, 0x9E, 0x65, 0x78, 0x88, 0xF2, 0x61,
-        0x6F, 0xD3, 0x3B, 0x9E, 0x0D, 0x16, 0xFA, 0xAD, 0xC2, 0x58,
-        0xAC, 0xBC, 0x14, 0xB1, 0xF7, 0x6F, 0xDB, 0xB9, 0x7E, 0x79,
-        0x81, 0xF1, 0xF8, 0xE9, 0x41, 0x5B, 0xFE, 0xD9, 0xE2, 0x89,
-        0x86, 0x5C, 0x01, 0x03, 0x5D, 0x0C, 0xD9, 0xA9, 0xD6, 0xDF,
-        0x4B, 0x26, 0x5C, 0xAE, 0xE6, 0xDF, 0xB5, 0xC9, 0xF0, 0x86,
-        0xCA, 0x7B, 0x80, 0xDB, 0x6A, 0x86, 0xFD, 0xA9, 0x00, 0x46,
-        0x32, 0x39, 0x5A, 0x72, 0xC4, 0x67, 0x20, 0xDB, 0xD8, 0x7A,
-        0x5D, 0x2D, 0x78, 0xB9, 0xA7, 0xDE, 0x7F, 0xF4, 0x7A, 0x5B,
-        0x0F, 0x38, 0xB0, 0x9E, 0x1A, 0xAE, 0xC5, 0xCC, 0xFF, 0x61,
-        0x5E, 0xEC, 0xF1, 0x0D, 0xF7, 0x0A, 0x22, 0xBB, 0xCB, 0x08,
-        0x2B, 0x91, 0x58, 0x77, 0x1F, 0x90, 0x2B, 0xA3, 0x78, 0xBE,
-        0xEF, 0x4D, 0xD8, 0x8D, 0xE8, 0xF7, 0x31, 0xF8, 0x92, 0x84,
-        0xE5, 0xB2, 0x2A, 0xE8, 0x3A
+        0x02, 0x01, 0x00, 0xB0, 0x00, 0x28, 0x7B, 0xC8, 0x3F, 0xAE,
+        0x93, 0xF5, 0x16, 0x87, 0x30, 0xD6, 0x07, 0x2B, 0x71, 0x16,
+        0x34, 0x1E, 0x5C, 0x48, 0x0F, 0x4A, 0xE7, 0x50, 0x07, 0x9D,
+        0xF4, 0x75, 0x5B, 0x90, 0x53, 0x72, 0x87, 0x2A, 0xBB, 0xEF,
+        0x04, 0xBC, 0x52, 0xD2, 0xBF, 0xFF, 0x27, 0x58, 0x2F, 0x5C,
+        0xAF, 0xBE, 0xF3, 0xF6, 0x00, 0xA2, 0x37, 0x8B, 0xEC, 0x2C,
+        0xD7, 0xB7, 0xE7, 0xBB, 0x3B, 0xCA, 0x6F, 0x9D, 0x42, 0xB7,
+        0x00, 0xB8, 0xC2, 0xA2, 0x8E, 0x8E, 0xE4, 0x57, 0xFD, 0x83,
+        0x4B, 0xB8, 0x47, 0xAA, 0xA1, 0x28, 0xAC, 0xBD, 0xC1, 0x59,
+        0x04, 0x90, 0x17, 0x40, 0x40, 0x35, 0x04, 0xC6, 0x40, 0xA9,
+        0x21, 0xD3, 0x79, 0x45, 0x0E, 0x22, 0xC8, 0x6F, 0xEC, 0xAE,
+        0x58, 0xA5, 0xC2, 0xD8, 0x1B, 0x11, 0x49, 0x94, 0x58, 0xC2,
+        0x11, 0x7D, 0xF8, 0x0A, 0xBB, 0x47, 0xFD, 0xAC, 0xCF, 0xF7,
+        0x23, 0x05, 0x3F, 0xAB, 0x1D, 0x0E, 0x30, 0xC5, 0x98, 0x29,
+        0x13, 0x1A, 0x90, 0x6F, 0xF9, 0x3F, 0xF2, 0xD6, 0xDF, 0x03,
+        0xCC, 0xF1, 0x48, 0xE7, 0x71, 0xE6, 0xC4, 0xCE, 0xF3, 0xF9,
+        0xBF, 0x07, 0xC9, 0xCF, 0xDD, 0x63, 0x0E, 0xFE, 0xBC, 0x93,
+        0x1C, 0x9A, 0x52, 0x7D, 0x63, 0xF9, 0x6D, 0xA5, 0x50, 0xF3,
+        0xEF, 0x54, 0xD7, 0xDA, 0x42, 0x74, 0x85, 0xB1, 0xB4, 0x7C,
+        0xD5, 0x03, 0xCC, 0xB8, 0xC3, 0xBA, 0x1F, 0xB8, 0x4F, 0x5A,
+        0xF9, 0x05, 0xBA, 0x4B, 0x0D, 0x57, 0x8D, 0x05, 0xCF, 0x4F,
+        0xB7, 0xC4, 0x64, 0x2E, 0x2C, 0x10, 0xF3, 0xFA, 0x79, 0x0C,
+        0x8C, 0x1F, 0xCC, 0x84, 0x33, 0x88, 0xFB, 0x77, 0xB5, 0x6E,
+        0x45, 0x35, 0x15, 0xCC, 0x28, 0x80, 0x2B, 0x2D, 0x6B, 0x3F,
+        0xD0, 0xA3, 0x10, 0xD1, 0x53, 0xC0, 0xBB, 0x70, 0x43, 0x79,
+        0x2F, 0xFF, 0x3F, 0x63, 0x26, 0xC5, 0x60, 0x9B, 0x87, 0xE9,
+        0xA2, 0x5B, 0x40, 0x13, 0x41, 0x25, 0xD2, 0x9C, 0x3E, 0x42,
+        0x79, 0x00, 0xE1, 0x12, 0x0E, 0xAA, 0x06, 0xE0, 0x65, 0x59,
+        0xA1, 0xFA, 0xDB, 0xC4, 0xC2, 0x97, 0xA8, 0x87, 0x35, 0x96,
+        0x1C, 0x8E, 0xFF, 0xEB, 0x91, 0xE0, 0x8B, 0xE3, 0x3E, 0xC8,
+        0xB2, 0x8C, 0xD3, 0x84, 0x5E, 0x76, 0x80, 0xD7, 0x29, 0x0A,
+        0x59, 0xCC, 0x71, 0xD5, 0xE5, 0x65, 0x3C, 0x30, 0x38, 0x6E,
+        0xF5, 0x3F, 0x7E, 0x28, 0x0F, 0x3D, 0x15, 0x10, 0x86, 0x30,
+        0x39, 0x56, 0x23, 0x13, 0x30, 0xB4, 0x70, 0xF7, 0x7B, 0xC3,
+        0x0D, 0x51, 0xAD, 0x18, 0xB1, 0x87, 0xB3, 0x3F, 0x1C, 0x69,
+        0xF5, 0xD4, 0x1E, 0x72, 0x66, 0x5E, 0x44, 0xB9, 0x53, 0xBA,
+        0x9E, 0xF0, 0xB8, 0x4A, 0xB1, 0x34, 0x50, 0x98, 0xD8, 0xF2,
+        0xB9, 0xB2, 0xC5, 0xED, 0x73, 0xC9, 0xEE, 0xDD, 0x33, 0x8C,
+        0xCF, 0x72, 0x35, 0xE0, 0x3D, 0x0F, 0x45, 0x2A, 0x89, 0xF9,
+        0xA3, 0x76, 0x40, 0x07, 0x0F, 0xF6, 0x48, 0x6C, 0xF1, 0x8C,
+        0x30, 0x3A, 0xC2, 0x51, 0x06, 0xC2, 0x51, 0x5E, 0x75, 0x98,
+        0x06, 0xE0, 0x1E, 0x29, 0xF7, 0x12, 0x9A, 0x56, 0xA4, 0x38,
+        0x83, 0xB1, 0x8B, 0x86, 0xB6, 0xAB, 0x87, 0xAA, 0x3C, 0x39,
+        0x9D, 0x4D, 0x0C, 0xE8, 0x78, 0x9F, 0x52, 0x47, 0x66, 0x69,
+        0xC8, 0x66, 0x0C, 0xFE, 0xD9, 0x74, 0x1D, 0x78, 0x0B, 0x51,
+        0xE4, 0xD9, 0xC8, 0x35, 0x97, 0x95, 0xC7, 0x31, 0x97, 0x13,
+        0x49, 0xED, 0xAA, 0x9E, 0x9C, 0xFD, 0x66, 0x04, 0x79, 0xD2,
+        0x24, 0x4D, 0x64, 0x8D, 0x3F, 0xCD, 0x94, 0xB0, 0x05, 0x0A,
+        0x30, 0x3B, 0x1C, 0x96, 0xE7, 0x79, 0x00, 0x03, 0x47, 0x55,
+        0x34, 0x51, 0x1F, 0x46, 0x3A, 0x24, 0x47, 0xE6, 0xDD, 0x78,
+        0x89, 0x18, 0x29, 0x32, 0xC5, 0xAD, 0xFB, 0x9C, 0xF7, 0x26,
+        0xAC, 0x56, 0x3E, 0xF7, 0x73
 };
 static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096);
 
@@ -3451,7 +3457,7 @@ static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096);
 
 #endif /* USE_CERT_BUFFERS_4096 */
 
-#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+#if defined(HAVE_FALCON)
 
 /* certs/falcon/bench_falcon_level1_key.der */
 static const unsigned char bench_falcon_level1_key[] =
@@ -4099,1767 +4105,1813 @@ static const unsigned char bench_falcon_level5_key[] =
 };
 static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key);
 
-#endif /* HAVE_PQC && HAVE_FALCON */
+#endif /* HAVE_FALCON */
 
-#if defined (HAVE_PQC) && defined(HAVE_DILITHIUM)
-
-/* certs/dilithium/bench_dilithium_level2_key.der */
-static const unsigned char bench_dilithium_level2_key[] =
-{
-        0x30, 0x82, 0x0F, 0x1A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
-        0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07,
-        0x04, 0x04, 0x04, 0x82, 0x0F, 0x04, 0x04, 0x82, 0x0F, 0x00,
-        0xA2, 0xBD, 0x74, 0xB9, 0x8E, 0x34, 0xF0, 0xEC, 0xF7, 0x40,
-        0x22, 0x33, 0xE8, 0x50, 0x43, 0x66, 0xF0, 0x25, 0x41, 0x20,
-        0xD9, 0x3F, 0x8A, 0xC6, 0xAD, 0x69, 0xC6, 0x9C, 0xD9, 0xE0,
-        0x0D, 0xFF, 0x77, 0x85, 0xCD, 0x88, 0x58, 0x17, 0x6B, 0x85,
-        0xD2, 0x5D, 0xF0, 0x41, 0xCE, 0x6D, 0x94, 0x7F, 0xF4, 0xDB,
-        0xD3, 0x60, 0x52, 0x1A, 0x83, 0x42, 0xD8, 0x7C, 0x2D, 0xD9,
-        0x55, 0x7B, 0xFB, 0xB8, 0x87, 0xAA, 0xDA, 0x75, 0x42, 0x86,
-        0x3E, 0x5A, 0xE4, 0xD4, 0x7D, 0xC3, 0x38, 0xA2, 0xEE, 0x0D,
-        0xF5, 0xAD, 0xDA, 0x12, 0x5B, 0xD6, 0x3A, 0x89, 0x87, 0xED,
-        0x57, 0xD1, 0xA9, 0xC2, 0xB3, 0xC0, 0xDC, 0x90, 0x88, 0x0C,
-        0x86, 0x48, 0xD2, 0xA6, 0x60, 0x1B, 0x22, 0x8C, 0x03, 0x34,
-        0x69, 0x19, 0x96, 0x24, 0x04, 0xB3, 0x65, 0x10, 0x34, 0x31,
-        0x09, 0x38, 0x31, 0x5C, 0x10, 0x8C, 0x02, 0x15, 0x66, 0xD0,
-        0x48, 0x50, 0x53, 0x22, 0x41, 0xC4, 0x98, 0x41, 0xE2, 0x42,
-        0x62, 0x42, 0x38, 0x45, 0xC2, 0xB8, 0x08, 0x20, 0x31, 0x21,
-        0x13, 0x10, 0x88, 0x00, 0xB9, 0x24, 0x93, 0x06, 0x6D, 0x44,
-        0x20, 0x64, 0x98, 0x84, 0x29, 0x91, 0x12, 0x6A, 0xC9, 0x14,
-        0x10, 0x11, 0x40, 0x2A, 0x24, 0xC9, 0x85, 0xCC, 0x42, 0x2A,
-        0x1C, 0x44, 0x28, 0xE0, 0xB4, 0x00, 0x20, 0x99, 0x11, 0x0B,
-        0x09, 0x61, 0x24, 0x14, 0x10, 0x41, 0x94, 0x20, 0xC9, 0x46,
-        0x64, 0x43, 0x02, 0x6E, 0x08, 0x39, 0x71, 0x81, 0x06, 0x2D,
-        0x63, 0x14, 0x71, 0x62, 0xC0, 0x11, 0x20, 0xB2, 0x61, 0xD1,
-        0x30, 0x24, 0x44, 0x06, 0x89, 0x04, 0x16, 0x88, 0x10, 0x33,
-        0x48, 0x51, 0xB8, 0x00, 0x4A, 0x12, 0x68, 0x14, 0x04, 0x10,
-        0xD8, 0x92, 0x8D, 0x22, 0x32, 0x61, 0x0C, 0x23, 0x91, 0x10,
-        0x39, 0x24, 0x51, 0x80, 0x08, 0x0B, 0x30, 0x61, 0x00, 0x89,
-        0x01, 0x98, 0x34, 0x05, 0x9A, 0xA2, 0x70, 0xC4, 0x46, 0x40,
-        0x52, 0x38, 0x42, 0xC0, 0x92, 0x6D, 0xCC, 0x08, 0x22, 0xD4,
-        0x42, 0x4A, 0x02, 0x23, 0x40, 0x40, 0x92, 0x25, 0x12, 0x36,
-        0x65, 0x42, 0x06, 0x10, 0x02, 0x10, 0x10, 0x20, 0xA3, 0x41,
-        0x0A, 0x15, 0x10, 0x20, 0x23, 0x80, 0x99, 0xB6, 0x0C, 0x11,
-        0x26, 0x11, 0x9B, 0xC8, 0x44, 0x1C, 0xC9, 0x05, 0xA4, 0x38,
-        0x11, 0x1B, 0xB0, 0x05, 0xDC, 0x22, 0x00, 0xC8, 0x22, 0x72,
-        0xA3, 0x30, 0x2E, 0xC1, 0xA8, 0x41, 0x1C, 0xA6, 0x20, 0xE2,
-        0xB0, 0x21, 0x9B, 0x10, 0x01, 0x61, 0x32, 0x46, 0xC1, 0x92,
-        0x61, 0x1C, 0xA4, 0x85, 0x0A, 0xB7, 0x70, 0xE4, 0x26, 0x6C,
-        0x58, 0xA4, 0x00, 0x19, 0x86, 0x4C, 0xDC, 0xA6, 0x40, 0xA1,
-        0x32, 0x12, 0x04, 0x81, 0x90, 0x8C, 0x04, 0x05, 0x10, 0x30,
-        0x26, 0x09, 0x31, 0x2C, 0x50, 0x88, 0x89, 0x82, 0x44, 0x62,
-        0x10, 0x23, 0x8A, 0x04, 0x44, 0x22, 0x0A, 0x30, 0x4E, 0xA4,
-        0x34, 0x32, 0x4C, 0x18, 0x8C, 0x21, 0x21, 0x41, 0x23, 0x13,
-        0x72, 0x08, 0x84, 0x24, 0x1A, 0x04, 0x24, 0x14, 0x06, 0x02,
-        0xC4, 0x40, 0x70, 0xCA, 0x00, 0x6E, 0xC1, 0xC6, 0x09, 0x83,
-        0x42, 0x62, 0xA0, 0x30, 0x12, 0x1B, 0x14, 0x0C, 0x08, 0x03,
-        0x22, 0xCA, 0x46, 0x65, 0x64, 0x46, 0x26, 0x10, 0x39, 0x20,
-        0xCA, 0x80, 0x28, 0x62, 0x14, 0x6D, 0x10, 0x26, 0x11, 0x49,
-        0xA2, 0x45, 0x53, 0x98, 0x0D, 0x64, 0x40, 0x05, 0x0C, 0x31,
-        0x09, 0x13, 0x11, 0x60, 0xD8, 0x02, 0x50, 0x11, 0x41, 0x41,
-        0x23, 0xC1, 0x4C, 0x22, 0xC6, 0x30, 0x99, 0x06, 0x08, 0xCA,
-        0x40, 0x81, 0xCC, 0x32, 0x0E, 0x11, 0xC4, 0x20, 0xD9, 0x92,
-        0x41, 0xC4, 0x20, 0x08, 0xE4, 0xA0, 0x00, 0xCB, 0x88, 0x21,
-        0x03, 0x03, 0x90, 0x54, 0x00, 0x49, 0x14, 0x98, 0x04, 0xC8,
-        0xC0, 0x31, 0x11, 0x31, 0x69, 0x04, 0x93, 0x90, 0x00, 0xB9,
-        0x21, 0x22, 0x38, 0x48, 0x00, 0x34, 0x0C, 0x61, 0x98, 0x00,
-        0x01, 0xB4, 0x69, 0x60, 0x26, 0x81, 0x1C, 0xA4, 0x10, 0x22,
-        0xB6, 0x10, 0x21, 0xC6, 0x20, 0x4A, 0x22, 0x26, 0xD0, 0x92,
-        0x41, 0xDA, 0x84, 0x69, 0x03, 0x42, 0x2A, 0x04, 0x09, 0x02,
-        0xE1, 0x24, 0x42, 0xA2, 0x46, 0x28, 0x10, 0xB1, 0x08, 0x82,
-        0x86, 0x84, 0xE0, 0x24, 0x51, 0x0A, 0xC9, 0x28, 0x59, 0x86,
-        0x20, 0xDB, 0xB6, 0x40, 0x13, 0xC3, 0x40, 0x1C, 0xA9, 0x09,
-        0x80, 0x34, 0x50, 0xDC, 0x84, 0x2C, 0x53, 0x24, 0x08, 0xC0,
-        0xB4, 0x6D, 0x88, 0x26, 0x30, 0x82, 0xC8, 0x0D, 0x62, 0x22,
-        0x28, 0x64, 0xA2, 0x09, 0x10, 0x25, 0x26, 0xDB, 0x34, 0x02,
-        0x4A, 0x04, 0x11, 0x53, 0xB8, 0x28, 0x82, 0x34, 0x11, 0xC2,
-        0x12, 0x25, 0x20, 0xB5, 0x40, 0x19, 0xA8, 0x31, 0x80, 0x22,
-        0x66, 0x21, 0xB2, 0x10, 0x0B, 0x42, 0x2A, 0x61, 0x20, 0x50,
-        0x40, 0x24, 0x4C, 0x99, 0x12, 0x48, 0x21, 0xB4, 0x11, 0xD1,
-        0x44, 0x48, 0x00, 0x40, 0x0C, 0x58, 0x46, 0x68, 0x04, 0x12,
-        0x12, 0x93, 0x22, 0x20, 0xC2, 0x32, 0x4C, 0x01, 0xB0, 0x88,
-        0xE3, 0x20, 0x8E, 0x03, 0x00, 0x6C, 0x52, 0x14, 0x30, 0xD2,
-        0x44, 0x88, 0x10, 0x44, 0x4A, 0x61, 0x86, 0x29, 0x14, 0x42,
-        0x24, 0x24, 0x35, 0x2E, 0x11, 0xC4, 0x0D, 0x23, 0x24, 0x66,
-        0x0A, 0x90, 0x71, 0xE0, 0xC2, 0x69, 0x48, 0x38, 0x91, 0x82,
-        0xC8, 0x08, 0x1C, 0x93, 0x31, 0xD9, 0x06, 0x51, 0x8A, 0xA4,
-        0x6C, 0x50, 0x34, 0x68, 0x5A, 0x18, 0x89, 0x4A, 0x96, 0x85,
-        0x8A, 0x18, 0x44, 0x4A, 0x34, 0x40, 0x5B, 0x36, 0x80, 0xCC,
-        0x20, 0x6E, 0x09, 0x19, 0x89, 0x02, 0x38, 0x6A, 0x24, 0xA3,
-        0x69, 0x58, 0x32, 0x6D, 0x21, 0x01, 0x84, 0x88, 0x86, 0x28,
-        0xA3, 0x22, 0x89, 0x93, 0xA6, 0x80, 0x00, 0x88, 0x81, 0xE1,
-        0x48, 0x70, 0xA2, 0x34, 0x60, 0x18, 0x02, 0x04, 0x18, 0x29,
-        0x01, 0x1B, 0x31, 0x51, 0xD4, 0xA4, 0x49, 0xCC, 0x08, 0x8C,
-        0xDA, 0x36, 0x11, 0x01, 0x39, 0x26, 0x42, 0x92, 0x88, 0xC8,
-        0x46, 0x52, 0x8C, 0xA4, 0x08, 0x14, 0x11, 0x52, 0xCA, 0x40,
-        0x66, 0x8B, 0x32, 0x8E, 0x89, 0x44, 0x02, 0x9B, 0x42, 0x02,
-        0x93, 0xA4, 0x01, 0x1A, 0x00, 0x50, 0x94, 0x44, 0x42, 0x08,
-        0x09, 0x8C, 0xE2, 0xA8, 0x81, 0x98, 0x00, 0x48, 0x63, 0x02,
-        0x85, 0x1B, 0x05, 0x2D, 0xC1, 0xBE, 0x5F, 0xA4, 0xAC, 0xB4,
-        0xF0, 0xC7, 0x94, 0xBD, 0xEC, 0xFB, 0x09, 0xAF, 0x16, 0xF1,
-        0x23, 0x58, 0xAB, 0x82, 0xFA, 0x74, 0xD1, 0x84, 0x51, 0xD0,
-        0x58, 0x9B, 0xFA, 0xF4, 0x11, 0xC1, 0x17, 0x2F, 0xCE, 0xD1,
-        0xCA, 0xC6, 0xCE, 0x1C, 0x8F, 0x8F, 0x1B, 0x43, 0xBF, 0xB9,
-        0x43, 0x41, 0x02, 0x3E, 0x5D, 0xFA, 0x24, 0x88, 0x0E, 0xA5,
-        0x36, 0xA9, 0x9B, 0x25, 0x43, 0xD6, 0xEE, 0xDE, 0xAE, 0x93,
-        0x54, 0xC8, 0x6C, 0x55, 0xE9, 0x5C, 0xC8, 0xC1, 0xA5, 0xD7,
-        0xFC, 0xDA, 0xAF, 0xF8, 0x40, 0x1F, 0x02, 0x5C, 0x8E, 0x48,
-        0x51, 0x4B, 0x3F, 0xFD, 0x76, 0x9A, 0xD0, 0x87, 0xF4, 0xD0,
-        0x68, 0x9C, 0x44, 0x3B, 0xB4, 0x4A, 0xAB, 0x34, 0x2A, 0xD4,
-        0x0C, 0xA4, 0x7A, 0xBB, 0x98, 0x7F, 0x8D, 0xF6, 0xA7, 0x6A,
-        0x42, 0x8C, 0x7A, 0xB4, 0x32, 0xC6, 0x8A, 0xD6, 0x5E, 0x06,
-        0x50, 0xC0, 0xDD, 0x3E, 0xE2, 0x44, 0x5C, 0xB9, 0x83, 0xCF,
-        0x92, 0x0C, 0x3C, 0xFB, 0x53, 0x0D, 0xF0, 0xD1, 0xED, 0x77,
-        0xF3, 0x02, 0x9F, 0xA6, 0xC6, 0xFA, 0x30, 0xA5, 0xC7, 0x42,
-        0x06, 0x1F, 0x38, 0xE5, 0xE1, 0x56, 0x01, 0x7A, 0xD1, 0xE1,
-        0xC1, 0x20, 0x44, 0x37, 0xE6, 0x18, 0x8A, 0x7E, 0x70, 0xBA,
-        0x6B, 0x1C, 0x99, 0x4E, 0xFB, 0xCA, 0xCF, 0x3D, 0x29, 0x26,
-        0xF4, 0x12, 0x95, 0x74, 0x11, 0x23, 0x0E, 0x2E, 0x31, 0xCF,
-        0x73, 0xE6, 0x99, 0xD0, 0x72, 0x23, 0x4A, 0x46, 0x07, 0xA1,
-        0x03, 0x4C, 0x3A, 0x79, 0x72, 0x3B, 0xD1, 0x79, 0x5A, 0x66,
-        0x29, 0xCD, 0x34, 0xB6, 0x6A, 0xA5, 0x6A, 0x4C, 0x71, 0xE5,
-        0xB3, 0xA6, 0xAC, 0x4D, 0x13, 0xDC, 0x70, 0xE4, 0x0C, 0x6A,
-        0x98, 0x48, 0x1C, 0xA0, 0x6C, 0xFC, 0xDD, 0x6A, 0x3F, 0x10,
-        0x3B, 0xBD, 0xC9, 0xC8, 0xEA, 0x01, 0x86, 0x5B, 0x3B, 0x19,
-        0x3E, 0x6F, 0xA9, 0x4A, 0xD4, 0x38, 0x1D, 0x9C, 0x2B, 0x19,
-        0xAE, 0x47, 0x54, 0xE2, 0x4E, 0xB5, 0xDF, 0xA7, 0xBD, 0x6F,
-        0x01, 0x8A, 0x10, 0x5B, 0x83, 0x17, 0xB3, 0x77, 0xE1, 0x9D,
-        0xBF, 0x6B, 0x25, 0xBF, 0x90, 0xC4, 0x92, 0xE1, 0x5E, 0xE1,
-        0xC3, 0x0C, 0xC5, 0x05, 0x24, 0x40, 0x61, 0xA1, 0x01, 0x4A,
-        0x7B, 0xE4, 0x65, 0x73, 0x1F, 0x3C, 0xA2, 0xD8, 0x54, 0xA4,
-        0x64, 0xA3, 0x06, 0xDA, 0x18, 0x9A, 0xD7, 0xE4, 0x90, 0x59,
-        0xAF, 0xBC, 0x1A, 0x79, 0xC4, 0x08, 0xE9, 0x87, 0x95, 0x04,
-        0x48, 0x18, 0xD2, 0x33, 0x15, 0x38, 0x9C, 0x00, 0x7B, 0x72,
-        0x35, 0xC1, 0x03, 0x77, 0xF1, 0x0B, 0xEC, 0x38, 0x33, 0xB7,
-        0xB4, 0xBC, 0xC4, 0xBD, 0xB3, 0xBB, 0x9C, 0x34, 0x0B, 0x28,
-        0x03, 0x1D, 0x99, 0x7A, 0x12, 0x0C, 0x95, 0xFE, 0x0D, 0x53,
-        0x79, 0xE7, 0xE6, 0x99, 0x3F, 0xA1, 0x31, 0x9E, 0xA9, 0xB8,
-        0x9B, 0xB7, 0xC0, 0x3F, 0x9C, 0x18, 0x1B, 0xA2, 0x73, 0xBC,
-        0x10, 0xDB, 0x1B, 0x09, 0xE7, 0x5E, 0x67, 0x8E, 0x69, 0x92,
-        0xCF, 0x99, 0xC3, 0x97, 0x58, 0xE8, 0x9A, 0x40, 0x83, 0xF2,
-        0x14, 0xA3, 0x25, 0xB5, 0x51, 0x30, 0xDA, 0x91, 0x87, 0x91,
-        0x1E, 0xF2, 0x5E, 0x55, 0x49, 0x68, 0x5E, 0xC9, 0x21, 0x67,
-        0x03, 0xBC, 0x21, 0xE4, 0xD1, 0xFC, 0x79, 0xC7, 0xDB, 0x44,
-        0xB9, 0xAB, 0x1E, 0xB4, 0x65, 0x3D, 0x63, 0xCB, 0x64, 0x76,
-        0xE4, 0x1B, 0x93, 0x91, 0xB0, 0xF3, 0x4F, 0xBA, 0xD3, 0x20,
-        0x47, 0x37, 0x5A, 0xCA, 0x1B, 0xDB, 0xCA, 0xA1, 0xE7, 0xED,
-        0x7D, 0x8D, 0x4E, 0x7C, 0x19, 0xB2, 0x73, 0x67, 0x55, 0x11,
-        0xE4, 0xA1, 0x98, 0x44, 0x5F, 0x58, 0xF7, 0xAA, 0x09, 0xFD,
-        0x09, 0x4A, 0x54, 0x68, 0x32, 0xD4, 0xCA, 0xE1, 0x96, 0xFD,
-        0x27, 0x05, 0x88, 0x78, 0x7B, 0x83, 0x74, 0x78, 0x6F, 0x09,
-        0xC7, 0x3C, 0x66, 0xA8, 0x17, 0x3A, 0xCF, 0xB3, 0x6E, 0x5A,
-        0xD7, 0x16, 0xE5, 0x2E, 0x40, 0xD7, 0x30, 0x18, 0x47, 0x5F,
-        0x95, 0x19, 0x4E, 0x0F, 0x69, 0xD3, 0x11, 0xDE, 0xBB, 0x55,
-        0x1B, 0xD1, 0x13, 0x71, 0x3D, 0x45, 0x3E, 0xDC, 0x72, 0x4F,
-        0x89, 0x34, 0x72, 0x96, 0x77, 0xBB, 0x42, 0x29, 0x4A, 0x88,
-        0x44, 0xFB, 0x05, 0x57, 0x38, 0xA6, 0xAC, 0x3E, 0x03, 0xF6,
-        0xE1, 0x9D, 0xE3, 0xE9, 0x5A, 0x1B, 0x64, 0xCE, 0xC8, 0x6E,
-        0x1B, 0xE8, 0xE3, 0x78, 0xF8, 0xE9, 0xF1, 0x47, 0x09, 0x0E,
-        0x66, 0x50, 0x7A, 0x10, 0x51, 0xE1, 0x60, 0x73, 0x78, 0x95,
-        0x00, 0x2E, 0xB8, 0x05, 0x8C, 0x22, 0x72, 0xD9, 0x88, 0xC8,
-        0x8D, 0x16, 0xEF, 0x18, 0x8F, 0xC6, 0x51, 0x1E, 0xC3, 0xBA,
-        0x27, 0x57, 0xB4, 0xFE, 0x74, 0x0F, 0x54, 0x45, 0x5A, 0x0B,
-        0xAC, 0x6C, 0xA7, 0x46, 0x95, 0xC7, 0x35, 0x3D, 0x38, 0xBE,
-        0xC5, 0x4E, 0xE0, 0x83, 0xED, 0x68, 0x8D, 0x01, 0x31, 0x7D,
-        0x90, 0xA7, 0x38, 0xEE, 0x57, 0x8E, 0xD2, 0xFB, 0x87, 0x08,
-        0x7A, 0x44, 0x34, 0x0B, 0x99, 0x5E, 0x2F, 0xA8, 0x4E, 0xC0,
-        0x80, 0xEF, 0x62, 0xFE, 0xFB, 0x3C, 0x73, 0xF1, 0x8C, 0x56,
-        0x12, 0x08, 0x8C, 0xD3, 0x9F, 0xBA, 0x44, 0x90, 0xB7, 0xDB,
-        0x9C, 0xD9, 0xB4, 0x91, 0xBA, 0xFF, 0x4A, 0xB0, 0x1C, 0x91,
-        0x44, 0x34, 0x52, 0xBE, 0x0D, 0xBA, 0x72, 0x33, 0x5C, 0x36,
-        0xB5, 0x5E, 0x91, 0xB7, 0xE9, 0xCE, 0xD0, 0x01, 0x61, 0x19,
-        0xEE, 0x2D, 0x1F, 0xBE, 0x97, 0x7C, 0x8C, 0x30, 0x91, 0x8C,
-        0xB1, 0x8A, 0x04, 0xCA, 0xB8, 0x33, 0xCB, 0xA9, 0x9A, 0x2C,
-        0x1B, 0x25, 0xD2, 0xDB, 0x73, 0x95, 0x3F, 0x02, 0x67, 0xEB,
-        0x2C, 0xEC, 0xCC, 0x92, 0xCD, 0x1E, 0x1F, 0xC2, 0xF2, 0xA7,
-        0x23, 0xAD, 0x7C, 0xA5, 0x50, 0x44, 0x76, 0x7D, 0x74, 0x13,
-        0x20, 0x21, 0xF2, 0x09, 0xD9, 0x70, 0x82, 0xB0, 0x30, 0xA3,
-        0x8A, 0xC0, 0x9D, 0xD2, 0x16, 0x4F, 0x65, 0xDF, 0x42, 0x37,
-        0xC2, 0x63, 0xD6, 0x6C, 0xA9, 0xD1, 0x95, 0x5D, 0x84, 0xD2,
-        0xB5, 0xC7, 0x7A, 0x87, 0x9B, 0x9B, 0xAF, 0x21, 0x65, 0x64,
-        0xF7, 0x0B, 0x21, 0xC7, 0xF6, 0xA5, 0x27, 0xEB, 0xAA, 0x8D,
-        0xF2, 0x10, 0x60, 0xFB, 0xC9, 0xB3, 0xB0, 0x32, 0x7C, 0x9F,
-        0xC1, 0xDE, 0xA8, 0x77, 0x6F, 0xCC, 0x35, 0x1F, 0xBD, 0x74,
-        0x0E, 0xA9, 0x84, 0x3C, 0x05, 0x9D, 0xFF, 0xBC, 0x46, 0x9A,
-        0x8E, 0x43, 0xB5, 0x8B, 0x1C, 0x24, 0xB5, 0xC3, 0xB0, 0xFE,
-        0x14, 0xCC, 0x3C, 0xCF, 0xF2, 0x26, 0xCE, 0x0B, 0x3A, 0x5B,
-        0x5C, 0x8E, 0x59, 0xBF, 0x0D, 0xDC, 0xA6, 0xCA, 0x78, 0xE5,
-        0xD9, 0xC5, 0x46, 0x56, 0x38, 0x98, 0xC4, 0xAC, 0x43, 0x64,
-        0xB1, 0x78, 0x0A, 0x81, 0x34, 0x7D, 0x3D, 0xC0, 0xF5, 0x25,
-        0x14, 0x66, 0xA2, 0x2A, 0x81, 0x64, 0x82, 0x62, 0x86, 0xD0,
-        0x65, 0xCB, 0x2A, 0x09, 0x01, 0xF5, 0x03, 0xEC, 0xB5, 0xD1,
-        0xED, 0xC7, 0x60, 0x62, 0x3D, 0x38, 0x28, 0x9C, 0x32, 0xEE,
-        0x9F, 0x45, 0x72, 0x71, 0xA9, 0x6D, 0x9A, 0x54, 0x83, 0xF9,
-        0xE7, 0x37, 0xC7, 0xCC, 0x28, 0xC0, 0xC2, 0x24, 0x09, 0xC3,
-        0x96, 0xF6, 0xED, 0x9B, 0x60, 0xF3, 0x24, 0x4C, 0xFC, 0xAB,
-        0xD0, 0x38, 0x7A, 0x1C, 0x68, 0xED, 0x63, 0x83, 0x5A, 0x28,
-        0x37, 0x70, 0x31, 0xBB, 0x9D, 0xC7, 0xAA, 0x3A, 0x5B, 0xAF,
-        0x88, 0x82, 0xE2, 0x30, 0xCB, 0xF5, 0xC1, 0x63, 0x9C, 0x59,
-        0x41, 0xD3, 0x24, 0x92, 0xB1, 0x71, 0xA4, 0x16, 0x26, 0x0B,
-        0x9C, 0x96, 0x0B, 0xE9, 0x0B, 0x69, 0xFC, 0x1F, 0xD2, 0x99,
-        0xC2, 0xB6, 0x7A, 0x24, 0x28, 0x5A, 0x3D, 0x88, 0x2C, 0xF0,
-        0x76, 0xFC, 0x25, 0x04, 0xBE, 0xB6, 0x19, 0x94, 0xD1, 0xBA,
-        0x1A, 0x58, 0x0E, 0x9A, 0xFB, 0x4C, 0x9D, 0x21, 0x34, 0x8D,
-        0x45, 0xEC, 0x50, 0xC6, 0x94, 0x1B, 0x0B, 0x87, 0x36, 0x4E,
-        0xE4, 0x96, 0xF6, 0x9A, 0x34, 0xEC, 0xD8, 0x65, 0x6A, 0x46,
-        0xFA, 0xC5, 0x40, 0x35, 0xD0, 0x07, 0x74, 0x02, 0xA3, 0xCF,
-        0x23, 0x60, 0x15, 0xAC, 0x54, 0x98, 0x59, 0xEF, 0x94, 0x17,
-        0x0A, 0xEF, 0xBB, 0xC2, 0x7B, 0x3B, 0xEF, 0xF5, 0xD1, 0x9C,
-        0xB7, 0xB1, 0xDF, 0x45, 0xF5, 0x57, 0xD1, 0x18, 0x05, 0x97,
-        0x8F, 0x8C, 0x30, 0x8C, 0x11, 0xF4, 0x81, 0x4D, 0x75, 0x18,
-        0x97, 0x9F, 0x30, 0x64, 0xE2, 0x5B, 0x18, 0x95, 0xAC, 0x4E,
-        0xDC, 0x47, 0xB5, 0x45, 0xAA, 0xD4, 0x7E, 0xF4, 0x70, 0x46,
-        0x34, 0xF3, 0xB3, 0x85, 0xC2, 0x46, 0x98, 0xB5, 0xB5, 0x33,
-        0x52, 0xF4, 0x36, 0x39, 0xCA, 0x23, 0xF9, 0x66, 0xB9, 0xA4,
-        0x63, 0xC6, 0x3D, 0x02, 0xE7, 0x8F, 0x95, 0xF3, 0x25, 0xFD,
-        0x21, 0xD0, 0x62, 0xC2, 0xEE, 0xE2, 0x2F, 0x69, 0x55, 0x31,
-        0x42, 0x78, 0x2D, 0x53, 0xDC, 0x7F, 0x0E, 0x93, 0xD5, 0x4D,
-        0x21, 0x64, 0x8B, 0x9E, 0x2C, 0xBE, 0xBA, 0xD3, 0x39, 0x41,
-        0xE3, 0x10, 0xE5, 0x07, 0xE4, 0x0E, 0x20, 0x38, 0x63, 0xF7,
-        0x02, 0xF2, 0x17, 0x99, 0xEB, 0xC6, 0xE7, 0x5F, 0xBE, 0xAE,
-        0x53, 0xD1, 0x12, 0xB2, 0x9A, 0x90, 0x25, 0x6A, 0xAA, 0xFD,
-        0x5D, 0x69, 0x2F, 0x32, 0x33, 0x53, 0x57, 0x1B, 0xC4, 0x24,
-        0xC0, 0xC5, 0x90, 0x04, 0x04, 0x67, 0xCA, 0x85, 0x1E, 0x94,
-        0x31, 0x95, 0x78, 0x76, 0x5D, 0xCF, 0x15, 0xE6, 0x06, 0x6B,
-        0x1A, 0x1D, 0x0E, 0xF6, 0x64, 0x91, 0x84, 0xAE, 0xE4, 0xF0,
-        0x1F, 0x0A, 0x76, 0x1C, 0x74, 0xF3, 0xC1, 0x97, 0x80, 0x5B,
-        0xD9, 0xC6, 0xB6, 0x2B, 0xA8, 0xD7, 0xD8, 0xD2, 0xB5, 0x8E,
-        0x05, 0xB5, 0x16, 0x6A, 0xF7, 0xCB, 0xD2, 0xFE, 0xE0, 0xA7,
-        0x3E, 0x1C, 0x3E, 0x84, 0xDC, 0x89, 0x33, 0xD7, 0x2F, 0x2A,
-        0x40, 0x41, 0x18, 0xB8, 0x58, 0xB6, 0x54, 0xC6, 0xC9, 0xDF,
-        0x24, 0x91, 0xCD, 0x62, 0xA0, 0x9D, 0x17, 0xCC, 0xA6, 0xCF,
-        0xD9, 0x25, 0xA1, 0xBC, 0x63, 0x09, 0xFB, 0xD1, 0x65, 0x5C,
-        0xFC, 0xB8, 0x3A, 0x3D, 0x50, 0xEC, 0x1A, 0x26, 0x37, 0xCB,
-        0x9C, 0x29, 0x9E, 0x15, 0x06, 0xC9, 0x14, 0x45, 0x41, 0x5F,
-        0x6C, 0x41, 0x46, 0xEA, 0xC6, 0xF8, 0x18, 0x01, 0x7D, 0xCD,
-        0x30, 0xEE, 0x5D, 0xB5, 0xA0, 0x96, 0x19, 0x80, 0x96, 0xB1,
-        0x03, 0x55, 0x86, 0x57, 0xBE, 0x19, 0x13, 0x46, 0x88, 0x00,
-        0xCE, 0x5E, 0xD0, 0xBE, 0xEC, 0x13, 0x2B, 0x93, 0x3C, 0xE1,
-        0xEC, 0xBD, 0x15, 0x6F, 0xA5, 0xF5, 0x20, 0x59, 0x3C, 0xDD,
-        0xBD, 0xFD, 0xDF, 0x9D, 0x9F, 0x07, 0x73, 0x25, 0x93, 0x42,
-        0x41, 0xCF, 0x4A, 0xE5, 0x8F, 0x04, 0xAC, 0x5F, 0x6A, 0x56,
-        0x87, 0x49, 0xD5, 0x64, 0x00, 0x9D, 0xF4, 0xA5, 0x6B, 0xBE,
-        0x8F, 0xC8, 0xE8, 0xBC, 0xC7, 0x1C, 0x99, 0xC0, 0x2F, 0xA1,
-        0xDA, 0xDF, 0x6B, 0xE5, 0x62, 0x9D, 0xC9, 0x73, 0x5B, 0x2A,
-        0x3E, 0xD7, 0x8A, 0xBE, 0x0A, 0x5F, 0x2B, 0x0B, 0x61, 0xEF,
-        0x4A, 0x09, 0x15, 0x70, 0xE6, 0x5C, 0xA1, 0xB6, 0xDE, 0x54,
-        0x71, 0x74, 0x55, 0x63, 0x77, 0x8F, 0xC9, 0xAF, 0x22, 0x9A,
-        0xFE, 0x2C, 0x09, 0x62, 0x3E, 0xA1, 0xAA, 0x89, 0xB8, 0x6B,
-        0x50, 0x84, 0x20, 0x66, 0x5D, 0x8F, 0x39, 0x7F, 0xC1, 0x2D,
-        0xFA, 0x78, 0x8F, 0x8E, 0xD0, 0x39, 0x33, 0xD4, 0x9A, 0x40,
-        0x56, 0xBC, 0x86, 0x22, 0x07, 0xEB, 0x22, 0xB8, 0x52, 0xC0,
-        0x1A, 0xD2, 0x35, 0x1F, 0x56, 0x7E, 0xDA, 0x2B, 0xC1, 0x08,
-        0xD2, 0x39, 0x28, 0x46, 0x63, 0x9A, 0xAD, 0x44, 0xB3, 0xEF,
-        0x1C, 0x2A, 0xD6, 0x68, 0x67, 0xE4, 0x63, 0x73, 0x78, 0x29,
-        0xA7, 0xA0, 0x70, 0x2E, 0xD9, 0xB4, 0x14, 0x4D, 0x04, 0xD3,
-        0x2D, 0x8A, 0x70, 0x07, 0xAD, 0x8A, 0xC0, 0xA5, 0x1D, 0xE7,
-        0x17, 0xD8, 0xBB, 0xAA, 0xB5, 0xF7, 0xC8, 0x8D, 0x29, 0x8E,
-        0x49, 0x32, 0xA0, 0x40, 0x34, 0xBB, 0x2E, 0x10, 0x30, 0xDD,
-        0xEA, 0x3E, 0xCC, 0xC1, 0xB9, 0xF2, 0x42, 0xCC, 0x4A, 0xF2,
-        0xF4, 0x93, 0x2E, 0x3F, 0x0C, 0xE8, 0xE4, 0x96, 0x1F, 0x33,
-        0x2D, 0x67, 0x4F, 0x8E, 0x1B, 0x01, 0xD6, 0xE2, 0xF2, 0xFD,
-        0x5D, 0xCC, 0xFD, 0x18, 0x9C, 0xD6, 0x50, 0x1F, 0xE1, 0xC5,
-        0x7C, 0xBE, 0x59, 0x95, 0x7D, 0x21, 0x25, 0x3E, 0xF3, 0xBC,
-        0xCE, 0x31, 0x80, 0x79, 0x34, 0x0F, 0x86, 0x78, 0x18, 0xA6,
-        0x36, 0x17, 0xD9, 0x70, 0xA7, 0x22, 0xA7, 0xE8, 0xA2, 0xBD,
-        0x74, 0xB9, 0x8E, 0x34, 0xF0, 0xEC, 0xF7, 0x40, 0x22, 0x33,
-        0xE8, 0x50, 0x43, 0x66, 0xF0, 0x25, 0x41, 0x20, 0xD9, 0x3F,
-        0x8A, 0xC6, 0xAD, 0x69, 0xC6, 0x9C, 0xD9, 0xE0, 0x0D, 0xFF,
-        0x93, 0x32, 0x5D, 0x57, 0x45, 0xCC, 0xA4, 0xF9, 0x32, 0xD4,
-        0x5A, 0x49, 0x17, 0x1B, 0xFB, 0x2F, 0x91, 0xAA, 0x5B, 0xC5,
-        0xC8, 0xC8, 0x2B, 0x20, 0x30, 0x1B, 0xB2, 0x01, 0xC3, 0xA7,
-        0x8E, 0x6C, 0xB8, 0xF7, 0xB3, 0x95, 0x4A, 0x28, 0x82, 0xAA,
-        0x0C, 0x4B, 0xDA, 0x26, 0x4A, 0x34, 0x7F, 0x17, 0x55, 0x4C,
-        0x5D, 0x3C, 0x0B, 0x16, 0xA2, 0xEB, 0x33, 0xFB, 0x38, 0x63,
-        0xF2, 0x15, 0x7D, 0xFA, 0x52, 0xA9, 0x58, 0xDD, 0x41, 0x58,
-        0xA0, 0x13, 0xD2, 0x55, 0x22, 0xF9, 0xC2, 0xF8, 0x4E, 0x3F,
-        0xAC, 0xDC, 0x11, 0x0A, 0xBB, 0x7C, 0xB1, 0x2B, 0xFB, 0x60,
-        0xC5, 0x08, 0xB9, 0xB0, 0xED, 0xE8, 0xB9, 0x88, 0xBD, 0x07,
-        0xDE, 0x53, 0xD0, 0x6B, 0xE5, 0x6E, 0xA0, 0x17, 0x8C, 0xCF,
-        0x02, 0xF0, 0x64, 0xDE, 0xCE, 0x8C, 0x91, 0xED, 0xB4, 0x4F,
-        0xB0, 0xEE, 0x12, 0x26, 0xC6, 0x55, 0xA0, 0x4D, 0xCC, 0xF3,
-        0x1A, 0x86, 0x5A, 0x01, 0x53, 0x01, 0xAA, 0xED, 0x6D, 0x11,
-        0xCD, 0x8A, 0x4A, 0xCA, 0x85, 0x35, 0x35, 0xFA, 0x22, 0x55,
-        0xF3, 0xB8, 0xFA, 0x43, 0xD6, 0x9E, 0xB5, 0x0D, 0xD3, 0x85,
-        0x59, 0xC9, 0xAF, 0xCD, 0xAB, 0xFA, 0xB6, 0x65, 0x20, 0xCC,
-        0x11, 0xF1, 0xDE, 0x87, 0x6F, 0x58, 0xA1, 0x41, 0xF2, 0x80,
-        0x75, 0xEA, 0x26, 0x72, 0x8C, 0xE9, 0x17, 0x1C, 0x2B, 0x4D,
-        0xA4, 0x9C, 0xAA, 0x32, 0xAA, 0x2C, 0x84, 0xBA, 0x87, 0xAA,
-        0x81, 0x66, 0x56, 0x76, 0x0F, 0x1C, 0x58, 0xFE, 0xD1, 0x7F,
-        0x33, 0x59, 0xF1, 0xF0, 0x56, 0x50, 0x00, 0x4F, 0x96, 0xF7,
-        0x1C, 0x11, 0x7C, 0x36, 0xD8, 0xAD, 0x3E, 0x82, 0x15, 0x68,
-        0x40, 0x83, 0xFE, 0x62, 0x94, 0xD5, 0x2A, 0x43, 0x88, 0xD8,
-        0x12, 0xE2, 0x37, 0x8A, 0x3E, 0x9E, 0x24, 0x8B, 0x70, 0x3C,
-        0xBD, 0x97, 0x0B, 0x59, 0xAC, 0x4B, 0x88, 0x36, 0x2D, 0x2F,
-        0xE9, 0x49, 0x14, 0xC0, 0x28, 0x7F, 0x0D, 0xE8, 0x93, 0x76,
-        0x22, 0xF3, 0x08, 0x17, 0x34, 0x91, 0x39, 0xA6, 0x84, 0xCA,
-        0xF1, 0xD2, 0x8A, 0x9D, 0xF1, 0xD4, 0xA4, 0x85, 0xA6, 0x1E,
-        0xFB, 0x6B, 0x75, 0x07, 0x80, 0x84, 0x32, 0xF5, 0x51, 0xD6,
-        0x42, 0xA8, 0x69, 0x96, 0xC3, 0xBD, 0xEF, 0x2F, 0xA4, 0x23,
-        0x58, 0x07, 0xBC, 0xDE, 0x45, 0xD4, 0x1E, 0x67, 0xF1, 0x00,
-        0x65, 0xB5, 0x03, 0xF3, 0x83, 0x9D, 0xE8, 0xDE, 0x63, 0x42,
-        0x2B, 0xB6, 0xED, 0x7F, 0x63, 0xF6, 0xCF, 0x53, 0x1B, 0xBD,
-        0x9D, 0x6C, 0x26, 0xBC, 0xC2, 0xC3, 0xAF, 0x86, 0x06, 0x5F,
-        0x49, 0xBF, 0x7E, 0x76, 0xF5, 0x6C, 0x5B, 0x41, 0xF7, 0xAF,
-        0x02, 0x1F, 0x35, 0x43, 0x0D, 0x64, 0x65, 0xFE, 0xD7, 0x9A,
-        0x3F, 0x21, 0xD5, 0x74, 0x6E, 0x8A, 0xA8, 0xAF, 0x3B, 0xCE,
-        0x85, 0xBB, 0xF7, 0x7B, 0xCA, 0xF7, 0x9D, 0x02, 0x52, 0x55,
-        0xE9, 0x3E, 0x4A, 0x4B, 0x62, 0x85, 0x35, 0xFA, 0xBD, 0xEB,
-        0x92, 0x25, 0x24, 0x01, 0xFF, 0xEE, 0xFB, 0x94, 0xF6, 0xE6,
-        0x9F, 0xE3, 0x3D, 0x93, 0xCF, 0x69, 0xEB, 0x3D, 0x8F, 0x1F,
-        0xBE, 0xAE, 0x85, 0x6F, 0x8F, 0x0B, 0x22, 0x57, 0x00, 0x3D,
-        0x8E, 0xF4, 0x6B, 0x4D, 0x82, 0x76, 0x91, 0x25, 0x4B, 0x2C,
-        0xF1, 0xBC, 0x64, 0x96, 0x54, 0x35, 0xFD, 0xBD, 0xFC, 0x71,
-        0xF7, 0x48, 0x40, 0xEB, 0x4C, 0x1C, 0xC4, 0xAB, 0x4F, 0xC9,
-        0xC7, 0xB0, 0x8C, 0xBF, 0x27, 0xE2, 0x18, 0xCA, 0x78, 0xAA,
-        0xA0, 0x04, 0xAB, 0x6B, 0x6D, 0xBC, 0x89, 0xCB, 0x71, 0xA7,
-        0xF8, 0x81, 0x0D, 0x4F, 0x2A, 0x9A, 0x37, 0x60, 0xA0, 0x6A,
-        0x14, 0xE7, 0x30, 0x2E, 0x72, 0xF9, 0xE2, 0x39, 0x27, 0xD9,
-        0xC6, 0xB2, 0x9E, 0xBC, 0x3D, 0xD6, 0x2D, 0xE4, 0xCD, 0xC2,
-        0x40, 0x15, 0xC5, 0x7B, 0x8A, 0x06, 0x42, 0x46, 0xF2, 0x45,
-        0x14, 0x83, 0x82, 0xAB, 0x30, 0x6C, 0x73, 0x92, 0x55, 0x51,
-        0xE7, 0x8B, 0x3C, 0xD1, 0x2C, 0x8A, 0xC0, 0x16, 0x79, 0xC9,
-        0xFD, 0x7C, 0x78, 0x1E, 0xE9, 0xDF, 0xF4, 0x08, 0xEF, 0x38,
-        0xEC, 0xCB, 0x81, 0xF1, 0x87, 0x53, 0x8A, 0x0B, 0xF3, 0x56,
-        0x0C, 0xBC, 0xEE, 0x03, 0xAE, 0xBC, 0xF8, 0x43, 0x3E, 0xA2,
-        0xEA, 0x84, 0x37, 0x72, 0x8A, 0x80, 0x8D, 0x61, 0x1C, 0x79,
-        0x3E, 0x4A, 0x5A, 0xC2, 0x73, 0xA0, 0x95, 0xDC, 0x46, 0x2B,
-        0x5E, 0x4B, 0x89, 0xE3, 0x9F, 0xD7, 0x14, 0x61, 0x8B, 0x59,
-        0xD1, 0x71, 0xB0, 0x04, 0xAA, 0x4B, 0x2A, 0xCA, 0xEF, 0x8D,
-        0x3B, 0x4B, 0x52, 0x8F, 0x0B, 0x76, 0xB8, 0x38, 0xF8, 0xDD,
-        0xD2, 0xE6, 0x46, 0x53, 0x1C, 0xD5, 0xC8, 0x1E, 0x85, 0x54,
-        0x67, 0xC0, 0x77, 0x7E, 0x28, 0x2F, 0x91, 0xC5, 0xE5, 0x28,
-        0x54, 0x37, 0xF6, 0x77, 0xEC, 0x6C, 0x36, 0x1D, 0x91, 0xA9,
-        0x45, 0xCC, 0x85, 0x61, 0xAB, 0x14, 0xBE, 0x81, 0x6C, 0xFF,
-        0x35, 0x8C, 0x13, 0x61, 0xE7, 0x66, 0x83, 0xFF, 0x67, 0x6C,
-        0x80, 0x59, 0xD5, 0x6D, 0xAB, 0x5B, 0x81, 0x76, 0x39, 0x1B,
-        0xBB, 0xD2, 0xFF, 0x1B, 0x7B, 0x66, 0xD6, 0x42, 0xD0, 0x86,
-        0x62, 0x4A, 0xA1, 0x4F, 0x00, 0x41, 0x7E, 0x9C, 0xE5, 0xD6,
-        0x82, 0x31, 0xA7, 0x34, 0x16, 0x20, 0x62, 0xFA, 0x1F, 0x6B,
-        0x21, 0xBE, 0x62, 0x19, 0xE9, 0x56, 0x7A, 0x4C, 0xF0, 0x7B,
-        0xB4, 0x2E, 0x4A, 0xA7, 0x20, 0xC3, 0x5F, 0x7F, 0x5A, 0xA2,
-        0xAF, 0xF5, 0xC5, 0xFD, 0x1A, 0x7C, 0xB6, 0x06, 0xCA, 0xE3,
-        0x74, 0x72, 0x4E, 0x77, 0xC9, 0xDD, 0x3B, 0x44, 0x16, 0x8C,
-        0x45, 0x46, 0xC5, 0xE3, 0x81, 0x1E, 0x3C, 0x4D, 0xAC, 0x1A,
-        0x7F, 0xAA, 0x6D, 0xFD, 0xE1, 0x45, 0x59, 0x11, 0x44, 0x48,
-        0xB5, 0x09, 0xEF, 0x7E, 0xF2, 0x75, 0x0C, 0xBF, 0xC7, 0x17,
-        0xB4, 0x9E, 0x10, 0xC0, 0x11, 0xDD, 0xB2, 0x59, 0xCF, 0x25,
-        0x3B, 0xA8, 0x97, 0x56, 0x08, 0xE0, 0x65, 0x27, 0xC5, 0x29,
-        0x34, 0xBD, 0x38, 0xB1, 0x39, 0xAA, 0x27, 0xFC, 0x96, 0xCB,
-        0x9A, 0x2B, 0x92, 0x74, 0xDF, 0x0A, 0x52, 0xE4, 0x93, 0xA8,
-        0x18, 0x15, 0x2C, 0x8C, 0x61, 0xD3, 0xBC, 0xD0, 0x9E, 0x9D,
-        0x40, 0x1C, 0x69, 0x95, 0x0D, 0x52, 0x76, 0x3F, 0xD7, 0xD7,
-        0xC1, 0x1C, 0x34, 0xE7, 0xD4, 0xD4, 0x17, 0x2D, 0xF0, 0x6A,
-        0x1C, 0xE2, 0x53, 0x18, 0x60, 0xC6, 0xA1, 0xCD, 0x4F, 0xAA,
-        0x16, 0xA0, 0xC3, 0x3B, 0xCE, 0x4D, 0x73, 0x0B, 0x63, 0x02,
-        0x1C, 0xEE, 0x18, 0xBF, 0xF9, 0x33, 0x24, 0xD3, 0x02, 0x34,
-        0xCC, 0xB9, 0xD7, 0xC2, 0x00, 0x7F, 0xB4, 0x08, 0x4B, 0xFC,
-        0x1D, 0xDF, 0x42, 0x8C, 0x75, 0xEE, 0x13, 0x90, 0x37, 0x14,
-        0x0D, 0xD2, 0xE0, 0x50, 0x90, 0x6A, 0xB9, 0xEF, 0x7F, 0x70,
-        0x38, 0x2E, 0xCD, 0x39, 0x2E, 0x09, 0x51, 0xDF, 0x58, 0xBE,
-        0x8E, 0x82, 0x91, 0xEB, 0xBC, 0xB4, 0x6B, 0x12, 0x40, 0x4E,
-        0x44, 0xB8, 0x08, 0x97, 0x57, 0xF0, 0xFE, 0x61, 0xBD, 0x77,
-        0xED, 0x46, 0xDA, 0xB7, 0xA4, 0xF5, 0x4F, 0xB2, 0xA6, 0xF1,
-        0x47, 0x2D, 0x11, 0x26, 0x74, 0x55, 0x81, 0xFF, 0xFB, 0xEA,
-        0x00, 0x03, 0x96, 0xD8, 0xE6, 0x6B, 0xEA, 0x3F, 0x0B, 0x0C,
-        0xC0, 0xE4, 0x0A, 0x3D, 0x21, 0x3C, 0x99, 0x51, 0x91, 0x11,
-        0xF0, 0x91, 0x68, 0xEE, 0xEE, 0xCD, 0x71, 0x42, 0xAD, 0xBA,
-        0x34, 0x68, 0x9F, 0x67, 0xB1, 0xEE, 0x1C, 0x70, 0x7A, 0xFC,
-        0x1E, 0x86, 0xF8, 0x96, 0x6C, 0x13, 0xD6, 0x36, 0x57, 0x5F,
-        0x11, 0x2E, 0x1B, 0x97, 0xAB, 0x8B, 0x65, 0x3E, 0x8E, 0x91,
-        0x69, 0x1C, 0x76, 0xAD, 0xB5, 0x8C, 0xE6, 0x02, 0x93, 0x16,
-        0xA4, 0xF5, 0x14, 0x86, 0xB5, 0x16, 0x07, 0xF5, 0x0C, 0x01,
-        0xE9, 0xDC, 0xEA, 0x86, 0x58, 0x98, 0xBA, 0x2C, 0x04, 0x0A,
-        0x16, 0x8A, 0xF3, 0x10, 0x25, 0x48, 0x51, 0x21, 0x77, 0x69,
-        0xF1, 0x22, 0xC3, 0xF4, 0x1D, 0xD5, 0x6D, 0x59, 0x1B, 0x44,
-        0x88, 0xFC, 0xE5, 0x4B, 0xE1, 0xD6, 0xF4, 0x46, 0x4C, 0x9D,
-        0x45, 0x93, 0xE1, 0xB5, 0x26, 0xDF, 0x48, 0x90, 0x13, 0xA6,
-        0x65, 0x7E, 0x18, 0x6A, 0x79, 0x19, 0x81, 0x10, 0x08, 0x80,
-        0xA4, 0x99, 0xD3, 0x98, 0x3C, 0x9E, 0x91, 0x31, 0xE9, 0x71,
-        0xA0, 0x6A, 0xF9, 0x2F, 0x61, 0xA5, 0x72, 0x13, 0x6C, 0x4C,
-        0xD2, 0xAF, 0x40, 0x8B, 0x0D, 0x3D, 0xE4, 0x24, 0x7B, 0x30,
-        0x9C, 0xD0, 0x62, 0x42, 0x67, 0x54, 0xC6, 0x34, 0xF2, 0x55,
-        0x70, 0x95, 0xAE, 0x16, 0x9F, 0xCC, 0x6F, 0xEA, 0x0B, 0x40,
-        0x38, 0xAE, 0x74, 0x89, 0xCB, 0x64, 0x79, 0xF7, 0x08, 0x68,
-        0x2C, 0x1E, 0xEE, 0x28, 0xEA, 0x77, 0xA2, 0xA3, 0x8E, 0xF4,
-        0xEE, 0xFE, 0x62, 0x25, 0x98, 0xB1, 0xDE, 0x4B, 0x3A, 0x62,
-        0xD9, 0x12, 0xD6, 0x09, 0x32, 0x6C, 0x80, 0x27, 0x21, 0x0A,
-        0xFE, 0x4D, 0xBF, 0x29, 0x90, 0xCD, 0x6C, 0xE0, 0xAF, 0x06,
-        0xB3, 0xC2, 0xDF, 0xB8, 0x50, 0x59, 0xD8, 0x0A, 0xB5, 0x98,
-        0xC1, 0xA8, 0x80, 0xD7, 0x61, 0xFC, 0x59, 0xDB, 0xB1, 0x2A,
-        0xA5, 0xD7, 0xFA, 0x9E, 0x93, 0x60, 0xD4, 0xB0, 0x6B, 0x44,
-        0xB3, 0xC3, 0x3F, 0x9B, 0xEA, 0xD4, 0x8C, 0x08, 0x4B, 0x09,
-        0x97, 0xC6, 0x2B, 0xC0, 0x8A, 0x92, 0x35, 0xCA, 0x6F, 0x93,
-        0xD6, 0x71, 0x1E, 0xAB, 0x0F, 0x65, 0x42, 0xC2, 0x97, 0x77,
-        0x10, 0x6E, 0xD4, 0xEE, 0x2A, 0xDF, 0x54, 0x2A, 0x5F, 0xB4,
-        0xD4, 0x72, 0x18, 0x90, 0x42, 0x09, 0xAA, 0xC3, 0x31, 0x89
+#if defined(HAVE_DILITHIUM)
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
+static const unsigned char bench_dilithium_level2_key[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xd8, 0x79, 0x4c, 0xee, 0x92, 0x2b, 0x37, 0xab,
+    0xb1, 0x16, 0x65, 0x72, 0xc3, 0x49, 0xc2, 0xec, 0xfd, 0x9a,
+    0xe6, 0x2d, 0x1e, 0x5b, 0xe3, 0x04, 0x96, 0x16, 0xad, 0x97,
+    0x5d, 0xac, 0xf2, 0xcc, 0x62, 0x2e, 0x34, 0x5d, 0x67, 0x19,
+    0x47, 0xee, 0x0f, 0x8b, 0x97, 0x60, 0xb4, 0x0b, 0xeb, 0x6a,
+    0x7a, 0x75, 0x14, 0x27, 0x00, 0x39, 0xd6, 0x60, 0xce, 0x39,
+    0x6e, 0x69, 0x46, 0xe1, 0x0d, 0xf9, 0xa6, 0xfa, 0x8c, 0xcf,
+    0x65, 0x50, 0x59, 0x1d, 0xb0, 0x26, 0xc2, 0xe2, 0xf1, 0xb9,
+    0xcd, 0x09, 0x60, 0xcc, 0xbb, 0x57, 0xd6, 0xac, 0xcc, 0xf9,
+    0x58, 0x73, 0xa8, 0x81, 0x61, 0x2f, 0xd2, 0xa4, 0x5b, 0x98,
+    0x0d, 0x12, 0x88, 0x51, 0x63, 0x38, 0x6e, 0xa2, 0x46, 0x64,
+    0x52, 0xc0, 0x71, 0xc1, 0x42, 0x68, 0xd8, 0x42, 0x32, 0x5c,
+    0xb4, 0x44, 0x08, 0x95, 0x48, 0xa2, 0x46, 0x6c, 0x0b, 0x10,
+    0x09, 0xc8, 0x24, 0x4d, 0x18, 0x37, 0x4c, 0x4c, 0x82, 0x05,
+    0x02, 0x22, 0x10, 0x4a, 0x86, 0x30, 0x03, 0x03, 0x11, 0x44,
+    0x22, 0x62, 0x01, 0xa9, 0x51, 0x13, 0x02, 0x2c, 0x19, 0x85,
+    0x65, 0x51, 0x14, 0x01, 0x9c, 0xb2, 0x81, 0x0a, 0x49, 0x52,
+    0xa2, 0xb2, 0x4c, 0x98, 0x34, 0x01, 0x0a, 0x07, 0x06, 0x58,
+    0xb2, 0x69, 0x51, 0x24, 0x2d, 0x59, 0x12, 0x52, 0xe0, 0xb4,
+    0x04, 0x14, 0x40, 0x29, 0xa2, 0xb0, 0x31, 0x54, 0xc0, 0x40,
+    0x63, 0x00, 0x69, 0x18, 0x47, 0x85, 0xc8, 0x30, 0x81, 0x0b,
+    0x15, 0x0a, 0xd8, 0xa0, 0x0c, 0x5c, 0x20, 0x4a, 0x11, 0x38,
+    0x64, 0x04, 0x94, 0x84, 0xd3, 0x24, 0x72, 0x58, 0x38, 0x28,
+    0x18, 0x37, 0x6d, 0x94, 0xc0, 0x4d, 0xa0, 0xa6, 0x0c, 0x9a,
+    0x82, 0x31, 0xc2, 0x40, 0x48, 0xda, 0x46, 0x85, 0x03, 0x00,
+    0x05, 0xd8, 0x02, 0x4d, 0x0b, 0x85, 0x40, 0xe2, 0x32, 0x86,
+    0x4c, 0xa0, 0x65, 0x8a, 0x36, 0x65, 0x42, 0x18, 0x6e, 0x60,
+    0x36, 0x0d, 0x40, 0xc0, 0x01, 0x5a, 0x44, 0x42, 0xc4, 0xa4,
+    0x0d, 0xd4, 0x88, 0x8d, 0x88, 0x22, 0x52, 0x00, 0xc0, 0x0c,
+    0x5b, 0x36, 0x90, 0x09, 0x20, 0x22, 0x08, 0x03, 0x12, 0x90,
+    0x12, 0x42, 0x04, 0x20, 0x29, 0x8c, 0x48, 0x6d, 0x20, 0x32,
+    0x08, 0x94, 0x88, 0x6c, 0x10, 0x87, 0x21, 0xc1, 0x44, 0x02,
+    0x52, 0x40, 0x12, 0xdb, 0xc8, 0x24, 0x14, 0x09, 0x2c, 0x93,
+    0x40, 0x09, 0x64, 0xc8, 0x4c, 0x08, 0x48, 0x70, 0xa1, 0x10,
+    0x81, 0x4a, 0x80, 0x8c, 0x20, 0x03, 0x31, 0x18, 0xb3, 0x80,
+    0xd3, 0x82, 0x25, 0x4c, 0x94, 0x8c, 0x1c, 0x93, 0x89, 0x1a,
+    0x91, 0x51, 0xd1, 0xb6, 0x68, 0x43, 0x14, 0x25, 0x84, 0x48,
+    0x61, 0x82, 0x40, 0x24, 0xdb, 0x22, 0x4d, 0x63, 0x16, 0x66,
+    0x62, 0x90, 0x50, 0xa1, 0x18, 0x86, 0x49, 0x28, 0x25, 0xa0,
+    0x10, 0x68, 0x8c, 0x04, 0x00, 0x08, 0x32, 0x4e, 0x22, 0x43,
+    0x31, 0x42, 0x96, 0x28, 0x11, 0x23, 0x89, 0xd2, 0xc4, 0x6d,
+    0x11, 0x82, 0x8d, 0x8a, 0xa8, 0x90, 0xd2, 0x06, 0x29, 0x80,
+    0x82, 0x89, 0x00, 0xa8, 0x41, 0x00, 0x13, 0x6a, 0x12, 0xa8,
+    0x04, 0x83, 0xc2, 0x51, 0x13, 0x09, 0x08, 0x62, 0xb4, 0x8d,
+    0x94, 0xc2, 0x44, 0x5a, 0xb4, 0x08, 0x0a, 0x10, 0x48, 0xa1,
+    0x28, 0x20, 0x1b, 0xb7, 0x64, 0x60, 0x24, 0x25, 0x48, 0xc0,
+    0x00, 0x0a, 0x10, 0x09, 0x64, 0xb8, 0x88, 0xcb, 0x44, 0x64,
+    0x54, 0x90, 0x05, 0xd2, 0xb8, 0x21, 0x49, 0x28, 0x28, 0x49,
+    0x42, 0x0d, 0x63, 0xa0, 0x65, 0xcb, 0x90, 0x30, 0x51, 0x82,
+    0x8d, 0x5c, 0xc6, 0x0c, 0x51, 0x06, 0x6a, 0x1a, 0x27, 0x22,
+    0x01, 0xa8, 0x24, 0x61, 0xb2, 0x84, 0x23, 0x40, 0x86, 0xa3,
+    0xb4, 0x48, 0x19, 0x28, 0x0c, 0x14, 0x06, 0x2e, 0xe2, 0x02,
+    0x0d, 0xc4, 0x90, 0x09, 0x08, 0x06, 0x66, 0x9b, 0xc8, 0x10,
+    0x5c, 0x46, 0x21, 0xca, 0xa8, 0x30, 0x83, 0x20, 0x89, 0x03,
+    0x83, 0x6c, 0xa1, 0x46, 0x8c, 0x90, 0x14, 0x4c, 0x99, 0x02,
+    0x81, 0x53, 0x02, 0x10, 0x8b, 0x48, 0x91, 0xe4, 0x40, 0x4a,
+    0x22, 0xb1, 0x88, 0xc1, 0x06, 0x0e, 0xc3, 0xa8, 0x08, 0xc8,
+    0x46, 0x92, 0x03, 0xb5, 0x4c, 0x23, 0x03, 0x0c, 0xa4, 0x06,
+    0x2e, 0xdc, 0x92, 0x81, 0x0c, 0x45, 0x22, 0x40, 0x34, 0x91,
+    0x90, 0x96, 0x48, 0x81, 0x82, 0x31, 0xcb, 0x16, 0x72, 0x49,
+    0xc8, 0x29, 0x44, 0x86, 0x90, 0x60, 0x22, 0x4e, 0x42, 0x42,
+    0x09, 0x4b, 0x82, 0x20, 0x0a, 0xb2, 0x64, 0x20, 0x86, 0x70,
+    0x1a, 0xc0, 0x00, 0x1c, 0x41, 0x49, 0x89, 0x84, 0x05, 0x0c,
+    0x36, 0x49, 0x19, 0x99, 0x6d, 0x00, 0x08, 0x50, 0x23, 0x96,
+    0x6c, 0xe0, 0x44, 0x08, 0x98, 0x24, 0x2c, 0x0a, 0x23, 0x20,
+    0x12, 0x04, 0x31, 0xc9, 0x06, 0x32, 0x14, 0x01, 0x41, 0x08,
+    0x37, 0x08, 0x58, 0x00, 0x0c, 0x19, 0x04, 0x29, 0x90, 0x18,
+    0x05, 0xe1, 0x88, 0x44, 0xc2, 0x20, 0x6c, 0xd1, 0x46, 0x64,
+    0xd9, 0x26, 0x62, 0x09, 0x88, 0x68, 0x02, 0x29, 0x29, 0xe1,
+    0x18, 0x65, 0x98, 0x04, 0x24, 0xe4, 0x34, 0x0c, 0x12, 0x85,
+    0x2d, 0x20, 0x14, 0x06, 0x24, 0x15, 0x82, 0x89, 0x08, 0x91,
+    0x60, 0x84, 0x28, 0x24, 0x34, 0x41, 0x1b, 0x49, 0x22, 0xd3,
+    0x96, 0x64, 0x1b, 0x86, 0x4c, 0x0c, 0xb9, 0x20, 0x20, 0x39,
+    0x04, 0x04, 0x34, 0x6d, 0xc1, 0x28, 0x32, 0x08, 0x14, 0x44,
+    0x81, 0x18, 0x2e, 0xda, 0x38, 0x41, 0x63, 0x18, 0x26, 0xd8,
+    0x48, 0x26, 0x12, 0x20, 0x21, 0x09, 0xc5, 0x25, 0x92, 0x42,
+    0x0c, 0x88, 0x04, 0x64, 0x11, 0x43, 0x8a, 0x19, 0x92, 0x60,
+    0x5c, 0xc6, 0x31, 0xa1, 0x24, 0x6a, 0xd8, 0xb6, 0x49, 0x1b,
+    0x81, 0x90, 0xe2, 0x32, 0x4e, 0x62, 0x44, 0x21, 0x80, 0xb8,
+    0x10, 0x4b, 0x90, 0x49, 0x5c, 0x06, 0x09, 0x48, 0x20, 0x49,
+    0xa2, 0x92, 0x71, 0x5c, 0x48, 0x02, 0xc8, 0x08, 0x81, 0xa4,
+    0x32, 0x66, 0xc9, 0x30, 0x11, 0xca, 0x92, 0x91, 0xc0, 0x00,
+    0x41, 0x44, 0x98, 0x4d, 0x98, 0x12, 0x4e, 0x92, 0x46, 0x8e,
+    0x49, 0xb8, 0x64, 0xdc, 0x18, 0x50, 0x51, 0xb4, 0x48, 0x08,
+    0x47, 0x24, 0x08, 0x46, 0x32, 0x1b, 0x23, 0x00, 0x09, 0xb8,
+    0x04, 0x0a, 0x44, 0x0c, 0x0b, 0xc7, 0x8d, 0x19, 0xa4, 0x09,
+    0x11, 0x30, 0x41, 0xe3, 0x24, 0x45, 0x89, 0x1f, 0x65, 0x54,
+    0xf6, 0x38, 0x04, 0x37, 0xcc, 0x89, 0xc3, 0xc5, 0xdc, 0x43,
+    0xd9, 0x13, 0x56, 0x06, 0x05, 0x50, 0x29, 0x4e, 0x0f, 0xa5,
+    0x5c, 0x5d, 0xd7, 0x82, 0xa1, 0x63, 0x59, 0x0d, 0x3e, 0x5b,
+    0x00, 0xe6, 0x0e, 0xd8, 0x1c, 0xc7, 0xaf, 0xc0, 0x48, 0xb6,
+    0x07, 0x5c, 0x65, 0x00, 0x89, 0xb3, 0x09, 0xbc, 0x4a, 0xaa,
+    0xa6, 0x72, 0xbe, 0x6b, 0x9a, 0xb3, 0x5b, 0x27, 0x82, 0x65,
+    0x9b, 0xc9, 0x6f, 0x19, 0x88, 0x94, 0x0b, 0x37, 0x44, 0x2f,
+    0xe3, 0x9a, 0x02, 0xda, 0xff, 0x11, 0xb0, 0x48, 0x89, 0x70,
+    0x8c, 0x84, 0xc2, 0xc0, 0x31, 0x4a, 0xad, 0x70, 0xe1, 0xa7,
+    0x15, 0xfd, 0xb2, 0x6d, 0x93, 0xda, 0x17, 0x68, 0xc4, 0xe3,
+    0xfd, 0x2c, 0x08, 0x15, 0xb9, 0xa4, 0xc5, 0x1b, 0x97, 0xc9,
+    0xa3, 0xaf, 0x0d, 0x21, 0x06, 0x3d, 0xf1, 0x05, 0xd4, 0x35,
+    0x80, 0x2e, 0x23, 0x99, 0xbd, 0x3a, 0x1a, 0x6c, 0xad, 0xbf,
+    0x56, 0xb5, 0xd3, 0x95, 0x1b, 0x30, 0x4d, 0x56, 0xc1, 0x77,
+    0xe6, 0xd6, 0xab, 0x94, 0x46, 0x68, 0xd7, 0xb8, 0xe4, 0x9d,
+    0xb2, 0x8d, 0xc4, 0xd1, 0xc8, 0x92, 0xbe, 0x5d, 0x1f, 0x58,
+    0x55, 0x7f, 0x11, 0x55, 0xc5, 0x2e, 0xc3, 0x9e, 0x2a, 0x29,
+    0x51, 0xe8, 0x75, 0x49, 0xa7, 0xa3, 0xda, 0x0b, 0xcf, 0xf8,
+    0x3f, 0x78, 0xac, 0x4c, 0x4e, 0x78, 0x6f, 0x0e, 0x67, 0xad,
+    0x94, 0x59, 0x20, 0x5e, 0x37, 0x18, 0xb9, 0x09, 0x87, 0xdb,
+    0xdd, 0xf0, 0xc2, 0x4d, 0x03, 0xcc, 0x98, 0x22, 0x4b, 0xe5,
+    0x7d, 0x8e, 0x74, 0x7e, 0xa9, 0x1b, 0xeb, 0x7a, 0xae, 0xaf,
+    0x2e, 0x7c, 0x3c, 0xc0, 0x1a, 0x30, 0x40, 0x0d, 0x79, 0x86,
+    0x53, 0xcc, 0x0b, 0x2b, 0xbe, 0xa5, 0x72, 0x3b, 0xbb, 0x53,
+    0x9e, 0xd5, 0xc2, 0x23, 0x1d, 0x35, 0xcd, 0x22, 0x12, 0xed,
+    0x9a, 0xee, 0xc8, 0xf9, 0x05, 0x27, 0xdb, 0x46, 0x56, 0xcc,
+    0x24, 0x4d, 0xee, 0xaf, 0xab, 0xa9, 0x78, 0x75, 0x75, 0xb9,
+    0xd1, 0xfd, 0x39, 0x3a, 0xb2, 0xa2, 0xeb, 0x87, 0x76, 0xb2,
+    0x19, 0x47, 0x88, 0xab, 0x42, 0x85, 0x4b, 0xd9, 0x76, 0x22,
+    0x68, 0x4b, 0xc9, 0x88, 0x38, 0x28, 0x0a, 0x34, 0x5d, 0x12,
+    0x4f, 0xf5, 0x43, 0x64, 0x44, 0x8c, 0x3c, 0xc2, 0x99, 0x91,
+    0x4e, 0xfd, 0xfd, 0x9c, 0x73, 0xbf, 0x85, 0xf9, 0x9f, 0xe1,
+    0x53, 0x19, 0xc8, 0x19, 0xcb, 0x7c, 0xdb, 0x9a, 0x3a, 0x2c,
+    0x34, 0x55, 0x8c, 0x64, 0x6f, 0xc5, 0xb7, 0x93, 0x53, 0xb4,
+    0x97, 0x7e, 0xc2, 0xf8, 0x7e, 0x8d, 0x44, 0x10, 0xca, 0x49,
+    0xf5, 0x5c, 0xe8, 0xce, 0xc4, 0xcc, 0x42, 0xf0, 0x85, 0xf1,
+    0xf2, 0x10, 0xa7, 0x0b, 0x37, 0x6a, 0x8e, 0x50, 0x96, 0x96,
+    0x9d, 0xd9, 0x8f, 0x54, 0x45, 0x56, 0xf8, 0x64, 0x88, 0xab,
+    0x51, 0x4f, 0x9f, 0x61, 0xd9, 0x12, 0x87, 0xac, 0x1d, 0xc1,
+    0x23, 0xea, 0xb3, 0x5d, 0xa4, 0x6d, 0xfa, 0x58, 0x92, 0x8f,
+    0x77, 0x78, 0x61, 0xe5, 0xe4, 0x33, 0xdb, 0x10, 0x2d, 0xdd,
+    0xb6, 0xd7, 0xb4, 0xd0, 0x8d, 0xd1, 0xa8, 0x0b, 0x94, 0xdf,
+    0xcf, 0xd7, 0xac, 0xdf, 0x47, 0x0b, 0x38, 0xe0, 0xa5, 0xf8,
+    0xc3, 0xd2, 0xc3, 0xfb, 0x0f, 0x98, 0x00, 0x2b, 0x17, 0x3c,
+    0x44, 0x70, 0x36, 0x47, 0x27, 0x89, 0x41, 0xcb, 0x87, 0x5a,
+    0xa4, 0x2c, 0x57, 0x6d, 0x8c, 0xcb, 0xc0, 0x7d, 0x6b, 0xf5,
+    0xa1, 0x17, 0x39, 0x4a, 0xb5, 0xac, 0xc6, 0x41, 0x90, 0x66,
+    0x85, 0xc4, 0x4b, 0x18, 0xc6, 0xe6, 0x09, 0x6d, 0x6e, 0xbb,
+    0x7f, 0x72, 0x96, 0xd3, 0x21, 0x5a, 0x96, 0xaf, 0x9e, 0xb6,
+    0x0b, 0x3f, 0xe8, 0x83, 0xe5, 0x53, 0x11, 0x81, 0xc6, 0xab,
+    0x40, 0xa9, 0x09, 0xb6, 0x74, 0x5e, 0xe1, 0xc3, 0x82, 0x1e,
+    0xda, 0x2f, 0x24, 0xe0, 0x94, 0x8f, 0x07, 0xb7, 0x9b, 0xc6,
+    0x50, 0xef, 0x3a, 0x79, 0x89, 0x4d, 0x6f, 0x16, 0x33, 0x04,
+    0x24, 0x7e, 0x4a, 0xab, 0x5d, 0x03, 0x29, 0xad, 0xba, 0xa3,
+    0x6c, 0xe2, 0x05, 0xab, 0x4d, 0x69, 0xb6, 0x61, 0x39, 0x9d,
+    0xc3, 0x53, 0x11, 0xc0, 0xe3, 0xaa, 0x2e, 0xdc, 0x74, 0x09,
+    0xbd, 0x19, 0xb5, 0xbb, 0x51, 0x1e, 0x77, 0x3e, 0xce, 0x64,
+    0x13, 0xeb, 0x74, 0x03, 0xb7, 0x49, 0x99, 0xb0, 0x71, 0x99,
+    0xe6, 0x17, 0x3c, 0x80, 0xe6, 0xb5, 0x51, 0xe9, 0xb3, 0xe4,
+    0x2b, 0xaa, 0x52, 0x15, 0x99, 0x4e, 0x46, 0x6d, 0x67, 0x8e,
+    0x79, 0xc4, 0x3c, 0xa6, 0xdc, 0x8f, 0xed, 0x87, 0xb9, 0x68,
+    0x6d, 0xdc, 0x19, 0xa1, 0x52, 0x37, 0x06, 0x76, 0xad, 0xe9,
+    0x61, 0x5c, 0x82, 0x16, 0x81, 0xaf, 0x3a, 0x89, 0xbf, 0x72,
+    0xb0, 0xc7, 0x88, 0x3c, 0x58, 0xfe, 0xe4, 0xa5, 0x41, 0x50,
+    0xfc, 0x8a, 0x15, 0xb0, 0x78, 0xd4, 0x77, 0x06, 0x4b, 0xc4,
+    0x21, 0x7f, 0xaa, 0x2b, 0x88, 0x7f, 0x8c, 0x3b, 0x9b, 0xbb,
+    0x2e, 0x41, 0xcf, 0x9b, 0x06, 0xd3, 0x4d, 0xcf, 0xb2, 0x9c,
+    0x91, 0x46, 0x35, 0x3a, 0x5a, 0x0b, 0xe4, 0xac, 0x96, 0x7c,
+    0xe0, 0xd4, 0x34, 0xe5, 0xab, 0xae, 0xa7, 0x67, 0xbf, 0x4d,
+    0xab, 0x48, 0xfd, 0xcb, 0x3f, 0x5c, 0xde, 0x3f, 0x83, 0xcc,
+    0x52, 0x0f, 0xdd, 0x7f, 0x20, 0x25, 0xed, 0xee, 0xd0, 0x14,
+    0x38, 0xf7, 0x33, 0x4c, 0x3c, 0x5e, 0x23, 0x80, 0xa3, 0x0a,
+    0xe8, 0xb0, 0xef, 0x5b, 0xca, 0xc9, 0x97, 0x13, 0x98, 0xfe,
+    0x91, 0x62, 0x14, 0xa8, 0x64, 0xf6, 0x20, 0xc9, 0xc9, 0x6f,
+    0x8b, 0xc0, 0xec, 0x39, 0x15, 0xa7, 0x59, 0x62, 0x68, 0x21,
+    0xe1, 0x5f, 0xf6, 0xa1, 0x76, 0xb0, 0xca, 0x1b, 0x2a, 0x71,
+    0xe3, 0x1a, 0x24, 0x91, 0x1f, 0x3a, 0xbb, 0xf1, 0xc9, 0x09,
+    0x42, 0x48, 0x7e, 0x19, 0x1b, 0xf1, 0xf0, 0x13, 0x33, 0xf1,
+    0x62, 0x31, 0x00, 0x97, 0x73, 0x9b, 0x3c, 0x26, 0xf8, 0x42,
+    0xd0, 0xd4, 0x41, 0x1b, 0x9f, 0x7e, 0x43, 0x4b, 0x0b, 0x08,
+    0xd7, 0xa0, 0xa8, 0x32, 0x34, 0x0a, 0xc9, 0xef, 0xb8, 0xeb,
+    0xe7, 0x64, 0x3b, 0x40, 0x88, 0xe0, 0x60, 0x59, 0x07, 0xef,
+    0xb9, 0x5f, 0x71, 0x92, 0x90, 0xa4, 0x5f, 0x34, 0x38, 0x93,
+    0x92, 0x43, 0x87, 0xaf, 0xdd, 0x87, 0x63, 0x8c, 0x1d, 0xe5,
+    0x86, 0x9e, 0xe6, 0xde, 0x94, 0xdd, 0x33, 0x5d, 0x95, 0x64,
+    0xd8, 0xc4, 0x8a, 0x3c, 0xe7, 0x4b, 0xd6, 0x3f, 0xc5, 0x69,
+    0x6a, 0xa8, 0x7f, 0x0f, 0x93, 0x77, 0x02, 0x46, 0x66, 0xa5,
+    0xa0, 0x60, 0x8b, 0xec, 0xb1, 0xa2, 0xfc, 0x2a, 0x09, 0xb8,
+    0x08, 0x1c, 0x05, 0x6b, 0x78, 0xb7, 0x7a, 0xe5, 0x60, 0xa4,
+    0xaf, 0x3a, 0x9d, 0xaa, 0xf5, 0x22, 0x9b, 0x5e, 0xef, 0xc3,
+    0x46, 0xed, 0x67, 0xd0, 0x8b, 0xda, 0xb4, 0xa3, 0x34, 0x32,
+    0x20, 0x9d, 0x88, 0x7e, 0x43, 0x42, 0x6f, 0x02, 0xf8, 0x48,
+    0x9b, 0xc5, 0x02, 0xad, 0xaa, 0xa9, 0xee, 0x19, 0x1b, 0xde,
+    0x02, 0x83, 0x81, 0x10, 0xa6, 0x79, 0x4e, 0xad, 0x15, 0xf7,
+    0x3e, 0x4e, 0x1e, 0x72, 0xfe, 0x52, 0x49, 0x24, 0xce, 0x82,
+    0x31, 0x59, 0x72, 0xae, 0xd5, 0x34, 0x50, 0x87, 0x8b, 0xe3,
+    0x8e, 0xec, 0x61, 0x35, 0x13, 0x57, 0xb1, 0xe6, 0xac, 0xfb,
+    0x16, 0xc3, 0x1a, 0x98, 0x92, 0xcb, 0xcd, 0xc9, 0xf7, 0x10,
+    0x6a, 0x43, 0x96, 0x33, 0x2d, 0x6f, 0x6c, 0x76, 0xb0, 0xf6,
+    0x48, 0x4c, 0xae, 0x13, 0x67, 0x5d, 0x42, 0x01, 0x8e, 0x54,
+    0x51, 0xcc, 0x65, 0xf1, 0x95, 0x11, 0x3c, 0x96, 0x2a, 0x5a,
+    0x42, 0x3d, 0x9b, 0xbb, 0xb7, 0x7b, 0x28, 0x96, 0x09, 0xbb,
+    0xed, 0x2d, 0xbc, 0xb7, 0x90, 0x62, 0xd3, 0xbe, 0xbd, 0xae,
+    0x50, 0x15, 0x96, 0xc1, 0x03, 0x91, 0x14, 0x34, 0x4f, 0x21,
+    0xa5, 0x6e, 0x78, 0x4a, 0x5d, 0x8b, 0xcf, 0x5b, 0x1a, 0x8a,
+    0x57, 0x43, 0xb8, 0x25, 0xd3, 0xa2, 0xcd, 0x78, 0xb4, 0x93,
+    0x07, 0x7a, 0x14, 0xc1, 0x0c, 0x6f, 0x5f, 0x5e, 0xcb, 0x11,
+    0x17, 0x81, 0x0d, 0x7d, 0x0f, 0xda, 0xd1, 0x92, 0x43, 0x56,
+    0xaf, 0x75, 0x53, 0x44, 0x1f, 0xc7, 0x9c, 0xd3, 0xc5, 0x47,
+    0xe0, 0xac, 0x4a, 0x11, 0xe4, 0xfe, 0x6c, 0x80, 0x79, 0xcc,
+    0x60, 0x7a, 0xd9, 0x56, 0x65, 0x83, 0x5e, 0xcf, 0x37, 0x27,
+    0x55, 0xe2, 0x4d, 0xf9, 0xd6, 0x09, 0x2d, 0xee, 0xda, 0x10,
+    0x6b, 0xdc, 0xd2, 0x70, 0x46, 0x94, 0xaa, 0xf5, 0x21, 0xc5,
+    0xf0, 0x79, 0xdb, 0x9b, 0x8e, 0x9a, 0xdb, 0x5a, 0x56, 0x41,
+    0x43, 0xe7, 0x1f, 0x8d, 0xfd, 0xda, 0x12, 0x5f, 0xf7, 0x9e,
+    0x47, 0x1a, 0xf7, 0x73, 0x40, 0x67, 0xc2, 0x61, 0x07, 0x33,
+    0x16, 0x78, 0x60, 0x05, 0x85, 0x5c, 0x2f, 0x2b, 0xbf, 0x2c,
+    0x7a, 0x39, 0xc6, 0xed, 0xcb, 0x43, 0x66, 0x27, 0x93, 0xcd,
+    0x92, 0x8d, 0x62, 0x8c, 0xaa, 0x61, 0x1c, 0x9c, 0x4c, 0x90,
+    0xba, 0xba, 0x4b, 0xc1, 0xf1, 0x22, 0xde, 0xe0, 0xf9, 0x3e,
+    0x04, 0xb9, 0x56, 0xa3, 0x1c, 0xe8, 0xda, 0xd6, 0x09, 0x4a,
+    0x7d, 0x89, 0xbc, 0xf4, 0xe8, 0x4d, 0xa1, 0xe8, 0x34, 0x90,
+    0xa5, 0x31, 0x3a, 0xec, 0x56, 0xc5, 0xd2, 0x92, 0x0b, 0xe9,
+    0x58, 0xbb, 0xb2, 0x84, 0x9b, 0xa9, 0x1d, 0x19, 0xdb, 0x7a,
+    0x02, 0x75, 0x79, 0x16, 0x35, 0xee, 0x3a, 0x3f, 0x4e, 0x5e,
+    0x11, 0x90, 0x04, 0x03, 0xce, 0x8b, 0xa0, 0xd8, 0xc1, 0xee,
+    0x52, 0x33, 0x6e, 0xd2, 0x6e, 0x06, 0x5c, 0x99, 0x24, 0x6f,
+    0x16, 0xd9, 0x90, 0x28, 0xe5, 0x2d, 0x91, 0x6f, 0x1a, 0x57,
+    0xf0, 0x4c, 0x7c, 0x3f, 0x7b, 0xd7, 0x30, 0xed, 0x6d, 0x21,
+    0xb7, 0xf8, 0xed, 0xf3, 0x34, 0x89, 0xfa, 0xf0, 0x51, 0x6f,
+    0x99, 0xa0, 0x5e, 0xf8, 0x74, 0xc7, 0x4f, 0xb5, 0x59, 0x52,
+    0xbe, 0x45, 0xac, 0x3f, 0x34, 0x51, 0x87, 0x6e, 0x84, 0xea,
+    0xb0, 0x40, 0xe1, 0x84, 0x16, 0x66, 0x30, 0xf1, 0x5c, 0xb2,
+    0x74, 0x25, 0x03, 0xe3, 0x2e, 0x82, 0xc5, 0x60, 0x9d, 0xe4,
+    0xca, 0xec, 0x49, 0x6b, 0x4e, 0x5a, 0x09, 0xa8, 0xfe, 0xff,
+    0x1d, 0xa1, 0xe8, 0xec, 0x9a, 0x22, 0x3b, 0xd6, 0x72, 0x93,
+    0x6f, 0x6b, 0x5a, 0xfb, 0x2d, 0x5a, 0xde, 0x01, 0x3e, 0xf6,
+    0xdc, 0x77, 0x55, 0x1e, 0x32, 0x19, 0xc8, 0xa1, 0xbb, 0xcf,
+    0xcb, 0x41, 0x54, 0xa2, 0xcb, 0xe6, 0x61, 0xca, 0x43, 0x63,
+    0xd2, 0x2c, 0xae, 0xf4, 0xd9, 0x49, 0xb1, 0x75, 0x1a, 0x06,
+    0x92, 0x13, 0x90, 0x57, 0x89, 0x8e, 0x9f, 0x26, 0xc5, 0x14,
+    0xd8, 0xc7, 0x93, 0xb2, 0xaa, 0x3a, 0x9c, 0x10, 0xd5, 0x68,
+    0x52, 0x28, 0x39, 0xee, 0x30, 0xdc, 0x00, 0x4b, 0x65, 0x72,
+    0x59, 0x98, 0xad, 0x2e, 0x8c, 0xaf, 0x4e, 0x79, 0x0a, 0x8c,
+    0x0c, 0x9d, 0xb6, 0x43, 0x26, 0x83, 0x71, 0x7b, 0x1e, 0x86,
+    0x4d, 0x33, 0xd7, 0x20, 0x29, 0x6a, 0xbf, 0x2f, 0x8e, 0x4b,
+    0x13, 0x35, 0x65, 0xc8, 0xec, 0xe3, 0x2c, 0xde, 0xfb, 0x30,
+    0x57, 0xa9, 0x92, 0x22, 0x5d, 0x79, 0x16, 0x07, 0x73, 0x9b,
+    0xe2, 0x6e, 0xd4, 0x99, 0xb4, 0x35, 0xfd, 0xa2, 0xb5, 0xd9,
+    0xe5, 0x74, 0xd1, 0xb2, 0xcf, 0x32, 0xf1, 0x19, 0x69, 0xcf,
+    0x1e, 0x10, 0xcc, 0x3c, 0xaf, 0xbe, 0xa4, 0x33, 0x11, 0x83,
+    0x64, 0xc0, 0x39, 0xe5, 0xb0, 0x8f, 0x32, 0xf4, 0x01, 0x6a,
+    0x2a, 0x11, 0x8e, 0xdd, 0x03, 0x81, 0x39, 0xe7, 0x70, 0x16,
+    0x2f, 0x0e, 0x24, 0xa9, 0x12, 0x0b, 0xdb, 0xa8, 0x6c, 0xb3,
+    0xf3, 0x74, 0x95, 0xca, 0x64, 0x1d, 0xee, 0x25, 0xc5, 0x27,
+    0xed, 0x0f, 0x82, 0xb5, 0x7a, 0x62, 0x27, 0xb2, 0x87, 0x53,
+    0x11, 0x39, 0x5e, 0xb8, 0x11, 0xca, 0x25, 0xe8, 0x17, 0x46,
+    0xd3, 0x0f, 0x5d, 0x70, 0x68, 0xe1, 0x5f, 0xd1, 0xab, 0x65,
+    0xe5, 0x42, 0x87, 0x1e, 0x96, 0xaf, 0x13, 0x0c, 0x9b, 0x15,
+    0x75, 0x14, 0x31, 0x75, 0xcc, 0x15, 0xbf, 0x2c, 0x74, 0xab,
+    0xc9, 0x9c, 0xda, 0x62, 0x1d, 0xeb, 0x19, 0x81, 0x67, 0x5e,
+    0xcd, 0x54, 0x87, 0x07, 0x67, 0xba, 0xe3, 0xf6, 0x03, 0xbe,
+    0x6d, 0x64, 0x2d, 0xbc, 0xec, 0x54, 0x13, 0x12, 0x5b, 0x44,
+    0x90, 0x95, 0x86, 0x77, 0x8c, 0x59, 0xbd, 0x8e, 0xba, 0xb1,
+    0x12, 0xea, 0xc1, 0x94, 0x37, 0xa0, 0x11, 0xff, 0xb2, 0xa4,
+    0xc3, 0x61, 0xf2, 0xa3, 0x49, 0xbe, 0xe7, 0xb6, 0x96, 0x2f,
 };
 static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key);
 
-/* certs/dilithium/bench_dilithium_level3_key.der */
-static const unsigned char bench_dilithium_level3_key[] =
-{
-        0x30, 0x82, 0x17, 0x5A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
-        0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07,
-        0x06, 0x05, 0x04, 0x82, 0x17, 0x44, 0x04, 0x82, 0x17, 0x40,
-        0x2E, 0xFE, 0x07, 0xDF, 0x5E, 0xF9, 0x18, 0xB4, 0x0E, 0xBF,
-        0x9C, 0x1C, 0xCA, 0x84, 0xBA, 0x62, 0xB9, 0xA2, 0x96, 0x76,
-        0xB6, 0xB7, 0x77, 0x9C, 0xBE, 0x0C, 0xF8, 0xA5, 0xEF, 0x74,
-        0xB1, 0xC2, 0x8D, 0x95, 0x6D, 0x38, 0x49, 0x01, 0xA8, 0x3D,
-        0x63, 0x0B, 0xDF, 0x4B, 0x5D, 0xF4, 0xC4, 0x98, 0x27, 0x77,
-        0x88, 0xA0, 0xA9, 0xF2, 0x38, 0x32, 0x62, 0x17, 0x11, 0xD6,
-        0xBE, 0xA0, 0xFD, 0xEB, 0xBF, 0x4A, 0xF2, 0x6C, 0x44, 0x62,
-        0x2D, 0x87, 0x3D, 0xAD, 0x0C, 0x47, 0x06, 0x00, 0x7E, 0xAF,
-        0x52, 0xE7, 0xA1, 0x8E, 0x7A, 0xA7, 0x7D, 0x3C, 0xE5, 0xB2,
-        0x59, 0xDA, 0x89, 0x76, 0xF7, 0xD4, 0x73, 0x16, 0x33, 0x67,
-        0x88, 0x46, 0x51, 0x13, 0x12, 0x38, 0x64, 0x76, 0x73, 0x40,
-        0x16, 0x55, 0x70, 0x06, 0x32, 0x84, 0x47, 0x25, 0x33, 0x44,
-        0x70, 0x68, 0x36, 0x25, 0x62, 0x47, 0x76, 0x65, 0x73, 0x11,
-        0x28, 0x00, 0x75, 0x33, 0x81, 0x13, 0x62, 0x51, 0x31, 0x33,
-        0x11, 0x41, 0x51, 0x62, 0x55, 0x33, 0x07, 0x60, 0x14, 0x18,
-        0x30, 0x58, 0x22, 0x67, 0x26, 0x86, 0x12, 0x78, 0x17, 0x47,
-        0x30, 0x06, 0x05, 0x36, 0x37, 0x23, 0x08, 0x67, 0x05, 0x05,
-        0x06, 0x85, 0x33, 0x83, 0x14, 0x63, 0x44, 0x35, 0x00, 0x04,
-        0x56, 0x03, 0x23, 0x03, 0x33, 0x13, 0x02, 0x23, 0x25, 0x80,
-        0x22, 0x00, 0x53, 0x73, 0x13, 0x70, 0x03, 0x84, 0x15, 0x50,
-        0x14, 0x20, 0x06, 0x74, 0x03, 0x41, 0x26, 0x74, 0x63, 0x65,
-        0x42, 0x03, 0x00, 0x72, 0x66, 0x44, 0x36, 0x88, 0x60, 0x85,
-        0x76, 0x86, 0x17, 0x72, 0x16, 0x37, 0x23, 0x82, 0x15, 0x84,
-        0x57, 0x14, 0x20, 0x72, 0x15, 0x55, 0x26, 0x42, 0x82, 0x66,
-        0x40, 0x54, 0x03, 0x54, 0x62, 0x61, 0x83, 0x35, 0x20, 0x76,
-        0x62, 0x14, 0x37, 0x35, 0x42, 0x04, 0x32, 0x72, 0x08, 0x35,
-        0x42, 0x74, 0x51, 0x24, 0x54, 0x86, 0x36, 0x56, 0x11, 0x83,
-        0x64, 0x44, 0x54, 0x78, 0x80, 0x50, 0x55, 0x72, 0x84, 0x16,
-        0x48, 0x13, 0x04, 0x17, 0x06, 0x36, 0x25, 0x48, 0x21, 0x33,
-        0x45, 0x71, 0x21, 0x54, 0x10, 0x26, 0x13, 0x72, 0x12, 0x30,
-        0x03, 0x73, 0x48, 0x84, 0x16, 0x22, 0x11, 0x38, 0x26, 0x43,
-        0x53, 0x36, 0x56, 0x12, 0x15, 0x70, 0x07, 0x57, 0x00, 0x65,
-        0x72, 0x11, 0x73, 0x48, 0x01, 0x13, 0x31, 0x58, 0x82, 0x60,
-        0x61, 0x17, 0x78, 0x44, 0x48, 0x15, 0x48, 0x26, 0x62, 0x43,
-        0x72, 0x44, 0x62, 0x76, 0x40, 0x15, 0x63, 0x26, 0x10, 0x51,
-        0x82, 0x21, 0x05, 0x82, 0x30, 0x56, 0x58, 0x62, 0x76, 0x48,
-        0x67, 0x82, 0x86, 0x51, 0x32, 0x37, 0x78, 0x38, 0x13, 0x82,
-        0x55, 0x22, 0x45, 0x22, 0x68, 0x66, 0x15, 0x30, 0x35, 0x77,
-        0x04, 0x28, 0x45, 0x85, 0x72, 0x48, 0x30, 0x26, 0x06, 0x24,
-        0x12, 0x75, 0x42, 0x53, 0x88, 0x14, 0x15, 0x07, 0x08, 0x86,
-        0x05, 0x08, 0x01, 0x56, 0x77, 0x44, 0x38, 0x53, 0x22, 0x21,
-        0x20, 0x56, 0x25, 0x15, 0x72, 0x68, 0x27, 0x03, 0x71, 0x25,
-        0x64, 0x11, 0x44, 0x34, 0x77, 0x60, 0x68, 0x58, 0x44, 0x74,
-        0x76, 0x63, 0x86, 0x16, 0x01, 0x40, 0x68, 0x51, 0x20, 0x12,
-        0x36, 0x55, 0x01, 0x84, 0x61, 0x80, 0x46, 0x36, 0x28, 0x82,
-        0x44, 0x66, 0x14, 0x80, 0x50, 0x32, 0x34, 0x46, 0x21, 0x34,
-        0x63, 0x04, 0x22, 0x20, 0x17, 0x84, 0x88, 0x88, 0x47, 0x02,
-        0x52, 0x60, 0x45, 0x35, 0x86, 0x72, 0x71, 0x43, 0x30, 0x58,
-        0x24, 0x11, 0x11, 0x64, 0x45, 0x36, 0x25, 0x18, 0x82, 0x18,
-        0x16, 0x80, 0x27, 0x76, 0x53, 0x08, 0x70, 0x87, 0x64, 0x43,
-        0x68, 0x86, 0x07, 0x04, 0x34, 0x10, 0x68, 0x30, 0x21, 0x01,
-        0x86, 0x66, 0x06, 0x50, 0x41, 0x72, 0x18, 0x00, 0x05, 0x40,
-        0x36, 0x35, 0x60, 0x50, 0x82, 0x82, 0x24, 0x73, 0x31, 0x35,
-        0x81, 0x35, 0x02, 0x50, 0x22, 0x76, 0x44, 0x52, 0x27, 0x43,
-        0x82, 0x66, 0x51, 0x38, 0x86, 0x72, 0x18, 0x54, 0x20, 0x65,
-        0x45, 0x26, 0x03, 0x42, 0x24, 0x25, 0x27, 0x36, 0x02, 0x04,
-        0x38, 0x77, 0x18, 0x44, 0x17, 0x78, 0x46, 0x34, 0x68, 0x00,
-        0x72, 0x57, 0x72, 0x67, 0x53, 0x82, 0x51, 0x06, 0x34, 0x56,
-        0x71, 0x26, 0x73, 0x55, 0x58, 0x11, 0x44, 0x15, 0x26, 0x81,
-        0x14, 0x88, 0x25, 0x45, 0x52, 0x84, 0x13, 0x60, 0x12, 0x26,
-        0x12, 0x36, 0x11, 0x61, 0x30, 0x25, 0x32, 0x83, 0x00, 0x71,
-        0x73, 0x04, 0x48, 0x40, 0x70, 0x21, 0x36, 0x54, 0x45, 0x33,
-        0x43, 0x00, 0x76, 0x62, 0x63, 0x71, 0x15, 0x35, 0x27, 0x50,
-        0x06, 0x16, 0x30, 0x45, 0x08, 0x12, 0x51, 0x68, 0x38, 0x21,
-        0x71, 0x61, 0x61, 0x18, 0x35, 0x15, 0x25, 0x47, 0x14, 0x62,
-        0x51, 0x14, 0x76, 0x12, 0x62, 0x60, 0x63, 0x16, 0x20, 0x68,
-        0x62, 0x31, 0x56, 0x64, 0x05, 0x84, 0x56, 0x26, 0x40, 0x42,
-        0x88, 0x05, 0x60, 0x84, 0x82, 0x10, 0x23, 0x87, 0x63, 0x33,
-        0x60, 0x40, 0x58, 0x12, 0x83, 0x26, 0x03, 0x13, 0x85, 0x23,
-        0x02, 0x73, 0x05, 0x27, 0x40, 0x02, 0x75, 0x85, 0x46, 0x51,
-        0x83, 0x71, 0x37, 0x16, 0x05, 0x86, 0x35, 0x01, 0x45, 0x00,
-        0x53, 0x68, 0x27, 0x11, 0x06, 0x08, 0x82, 0x60, 0x58, 0x28,
-        0x50, 0x07, 0x32, 0x56, 0x26, 0x46, 0x78, 0x63, 0x71, 0x16,
-        0x48, 0x46, 0x86, 0x41, 0x37, 0x75, 0x06, 0x01, 0x11, 0x46,
-        0x45, 0x21, 0x03, 0x82, 0x42, 0x75, 0x83, 0x30, 0x66, 0x00,
-        0x74, 0x74, 0x46, 0x05, 0x33, 0x82, 0x33, 0x07, 0x34, 0x53,
-        0x07, 0x78, 0x53, 0x07, 0x41, 0x37, 0x78, 0x54, 0x06, 0x11,
-        0x42, 0x47, 0x05, 0x02, 0x62, 0x34, 0x27, 0x17, 0x78, 0x70,
-        0x70, 0x46, 0x00, 0x38, 0x75, 0x48, 0x74, 0x46, 0x83, 0x35,
-        0x08, 0x46, 0x14, 0x12, 0x20, 0x68, 0x00, 0x73, 0x57, 0x81,
-        0x84, 0x62, 0x43, 0x11, 0x28, 0x87, 0x13, 0x30, 0x06, 0x70,
-        0x15, 0x46, 0x51, 0x14, 0x74, 0x13, 0x53, 0x26, 0x84, 0x78,
-        0x86, 0x15, 0x84, 0x18, 0x70, 0x56, 0x41, 0x33, 0x61, 0x56,
-        0x28, 0x11, 0x30, 0x73, 0x82, 0x00, 0x57, 0x68, 0x61, 0x44,
-        0x04, 0x64, 0x78, 0x68, 0x14, 0x02, 0x83, 0x88, 0x86, 0x88,
-        0x40, 0x16, 0x81, 0x20, 0x68, 0x72, 0x67, 0x05, 0x76, 0x06,
-        0x54, 0x74, 0x35, 0x71, 0x02, 0x67, 0x45, 0x24, 0x73, 0x64,
-        0x87, 0x31, 0x60, 0x37, 0x04, 0x11, 0x85, 0x63, 0x40, 0x71,
-        0x38, 0x46, 0x65, 0x16, 0x10, 0x85, 0x06, 0x37, 0x25, 0x53,
-        0x05, 0x58, 0x45, 0x87, 0x17, 0x47, 0x78, 0x10, 0x22, 0x26,
-        0x24, 0x86, 0x44, 0x63, 0x45, 0x00, 0x14, 0x77, 0x60, 0x04,
-        0x54, 0x45, 0x40, 0x32, 0x45, 0x03, 0x60, 0x87, 0x05, 0x02,
-        0x18, 0x22, 0x20, 0x61, 0x07, 0x36, 0x72, 0x52, 0x53, 0x65,
-        0x27, 0x26, 0x37, 0x54, 0x31, 0x34, 0x22, 0x54, 0x37, 0x25,
-        0x83, 0x14, 0x74, 0x75, 0x17, 0x61, 0x48, 0x74, 0x24, 0x43,
-        0x80, 0x81, 0x15, 0x06, 0x88, 0x23, 0x84, 0x55, 0x20, 0x11,
-        0x87, 0x83, 0x64, 0x36, 0x48, 0x88, 0x32, 0x20, 0x28, 0x54,
-        0x88, 0x85, 0x35, 0x61, 0x00, 0x21, 0x01, 0x31, 0x44, 0x13,
-        0x71, 0x48, 0x23, 0x47, 0x31, 0x62, 0x40, 0x18, 0x21, 0x78,
-        0x34, 0x12, 0x88, 0x10, 0x76, 0x46, 0x72, 0x37, 0x70, 0x84,
-        0x15, 0x41, 0x84, 0x22, 0x20, 0x22, 0x27, 0x44, 0x81, 0x03,
-        0x46, 0x48, 0x26, 0x16, 0x21, 0x15, 0x31, 0x85, 0x73, 0x74,
-        0x73, 0x06, 0x55, 0x21, 0x12, 0x53, 0x13, 0x34, 0x01, 0x64,
-        0x40, 0x83, 0x08, 0x57, 0x24, 0x04, 0x18, 0x33, 0x70, 0x18,
-        0x17, 0x06, 0x14, 0x28, 0x12, 0x58, 0x00, 0x25, 0x57, 0x20,
-        0x00, 0x76, 0x73, 0x45, 0x68, 0x16, 0x60, 0x22, 0x17, 0x22,
-        0x37, 0x75, 0x53, 0x48, 0x40, 0x21, 0x64, 0x27, 0x52, 0x48,
-        0x53, 0x61, 0x64, 0x87, 0x57, 0x61, 0x13, 0x75, 0x80, 0x08,
-        0x63, 0x33, 0x60, 0x26, 0x10, 0x25, 0x61, 0x78, 0x47, 0x78,
-        0x07, 0x16, 0x00, 0x52, 0x31, 0x30, 0x63, 0x66, 0x46, 0x80,
-        0x07, 0x10, 0x45, 0x11, 0x13, 0x80, 0x25, 0x61, 0x25, 0x53,
-        0x80, 0x71, 0x38, 0x31, 0x47, 0x55, 0x02, 0x25, 0x50, 0x87,
-        0x57, 0x35, 0x74, 0x11, 0x46, 0x44, 0x53, 0x24, 0x60, 0x33,
-        0x15, 0x12, 0x77, 0x20, 0x36, 0x24, 0x70, 0x04, 0x87, 0x05,
-        0x71, 0x07, 0x77, 0x36, 0x47, 0x01, 0x73, 0x61, 0x32, 0x62,
-        0x28, 0x81, 0x67, 0x17, 0x38, 0x45, 0x21, 0x03, 0x24, 0x72,
-        0x82, 0x64, 0x84, 0x43, 0x07, 0x11, 0x20, 0x72, 0x71, 0x04,
-        0x58, 0x36, 0x22, 0x21, 0x33, 0x67, 0x55, 0x48, 0x03, 0x68,
-        0x32, 0x70, 0x04, 0x63, 0x11, 0x34, 0x27, 0x82, 0x42, 0x56,
-        0x28, 0x74, 0x77, 0x72, 0x18, 0x27, 0x35, 0x87, 0x03, 0x18,
-        0x40, 0x32, 0x78, 0x07, 0x14, 0x43, 0x73, 0x73, 0x84, 0x63,
-        0x78, 0x68, 0x03, 0x22, 0x55, 0x30, 0x18, 0x88, 0x15, 0x86,
-        0x18, 0x51, 0x12, 0x42, 0x13, 0x60, 0x22, 0x44, 0x61, 0x44,
-        0x35, 0x73, 0x08, 0x85, 0x53, 0x02, 0x73, 0x83, 0x25, 0x85,
-        0x64, 0x78, 0x16, 0x12, 0x13, 0x63, 0x48, 0x35, 0x02, 0x71,
-        0x72, 0x58, 0x12, 0x10, 0x65, 0x42, 0x22, 0x54, 0x80, 0x60,
-        0x57, 0x84, 0x72, 0x76, 0x67, 0x35, 0x25, 0x14, 0x73, 0x70,
-        0x48, 0x03, 0x78, 0x07, 0x74, 0x48, 0x67, 0x48, 0x01, 0x62,
-        0x78, 0x05, 0x37, 0x66, 0x42, 0x45, 0x33, 0x65, 0x08, 0x70,
-        0x42, 0x15, 0x72, 0x53, 0x13, 0x20, 0x14, 0x38, 0x05, 0x53,
-        0x00, 0x45, 0x25, 0x20, 0x80, 0x75, 0x01, 0x65, 0x80, 0x70,
-        0x61, 0x50, 0x15, 0x10, 0x77, 0x23, 0x38, 0x31, 0x21, 0x51,
-        0x78, 0x11, 0x88, 0x71, 0x18, 0x06, 0x45, 0x62, 0x47, 0x35,
-        0x43, 0x00, 0x52, 0x34, 0x41, 0x75, 0x18, 0x13, 0x51, 0x35,
-        0x72, 0x11, 0x78, 0x17, 0x30, 0x44, 0x83, 0x25, 0x64, 0x42,
-        0x65, 0x23, 0x50, 0x32, 0x85, 0x30, 0x67, 0x10, 0x70, 0x01,
-        0x16, 0x62, 0x36, 0x46, 0x18, 0x53, 0x53, 0x80, 0x13, 0x65,
-        0x66, 0x53, 0x61, 0x55, 0x07, 0x71, 0x34, 0x56, 0x31, 0x67,
-        0x64, 0x42, 0x64, 0x41, 0x22, 0x56, 0x44, 0x67, 0x25, 0x52,
-        0x08, 0x17, 0x38, 0x45, 0x76, 0x83, 0x37, 0x15, 0x76, 0x31,
-        0x83, 0x47, 0x30, 0x21, 0x55, 0x73, 0x37, 0x82, 0x11, 0x56,
-        0x67, 0x27, 0x23, 0x44, 0x72, 0x82, 0x10, 0x80, 0x43, 0x11,
-        0x16, 0x02, 0x21, 0x40, 0x42, 0x10, 0x12, 0x74, 0x58, 0x40,
-        0x74, 0x00, 0x66, 0x02, 0x85, 0x76, 0x21, 0x17, 0x83, 0x78,
-        0x80, 0x40, 0x46, 0x87, 0x66, 0x24, 0x35, 0x80, 0x31, 0x77,
-        0x87, 0x10, 0x47, 0x02, 0x20, 0x65, 0x43, 0x73, 0x41, 0x61,
-        0x72, 0x18, 0x21, 0x52, 0x32, 0x82, 0x08, 0x82, 0x00, 0x57,
-        0x52, 0x41, 0x45, 0x10, 0x51, 0x41, 0x28, 0x37, 0x72, 0x45,
-        0x77, 0x10, 0x56, 0x06, 0x54, 0x30, 0x03, 0x74, 0x13, 0x56,
-        0x77, 0x54, 0x04, 0x86, 0x13, 0x77, 0x81, 0x77, 0x57, 0x15,
-        0x76, 0x13, 0x51, 0x75, 0x4C, 0xD3, 0x8C, 0xF8, 0x0F, 0x87,
-        0x37, 0xBC, 0x26, 0x1B, 0x7A, 0x1C, 0xDC, 0x05, 0xFD, 0x9B,
-        0x97, 0x8C, 0x4D, 0xE5, 0x06, 0xFF, 0x57, 0x65, 0xDC, 0xFC,
-        0xBF, 0x55, 0x20, 0x8F, 0xC9, 0xAB, 0x63, 0x4C, 0x37, 0x02,
-        0xB5, 0x51, 0x79, 0x6B, 0xC2, 0x02, 0x74, 0xE5, 0x74, 0x72,
-        0xC4, 0x3C, 0x8F, 0xD2, 0x79, 0xCB, 0x65, 0x3C, 0xBD, 0xA6,
-        0xC5, 0x19, 0xDF, 0xFC, 0x24, 0xB9, 0x91, 0x81, 0x41, 0x4D,
-        0xDF, 0x2E, 0x6A, 0xBD, 0x5A, 0xC4, 0x04, 0x03, 0x7F, 0x71,
-        0x7D, 0x51, 0xDD, 0x2F, 0xAE, 0x4C, 0x9A, 0xF8, 0x98, 0x11,
-        0xA0, 0xCE, 0xF7, 0xDE, 0xF5, 0xC6, 0x91, 0xD3, 0xDC, 0xE7,
-        0xAA, 0xD0, 0x7D, 0xDF, 0x5F, 0xF2, 0x5B, 0x55, 0x9C, 0xD6,
-        0x8D, 0xC9, 0x1E, 0xC7, 0x80, 0xD9, 0xC5, 0xFA, 0x15, 0xEB,
-        0xCE, 0x6B, 0x99, 0x71, 0xBD, 0xED, 0x0C, 0x24, 0x1B, 0x97,
-        0x52, 0xFA, 0x54, 0xF5, 0x72, 0x48, 0x97, 0x05, 0x8B, 0x04,
-        0xE5, 0xAA, 0xE0, 0xDC, 0x98, 0x13, 0xD2, 0x27, 0xB0, 0x0B,
-        0x49, 0x8B, 0xA0, 0xD1, 0x2C, 0x18, 0xA5, 0xFA, 0x2A, 0x80,
-        0x4B, 0xF7, 0x4B, 0x8C, 0xE0, 0xA4, 0xCD, 0xD0, 0x75, 0xE9,
-        0x4A, 0x75, 0x15, 0x1B, 0xB8, 0x51, 0xD8, 0x8D, 0x1E, 0xA4,
-        0xD1, 0xCD, 0x0E, 0xEE, 0xD4, 0xAA, 0x55, 0x0C, 0x6A, 0xB3,
-        0xC9, 0x51, 0x66, 0x72, 0x76, 0xF4, 0xF9, 0xA4, 0xC2, 0x56,
-        0x9D, 0xF9, 0x7C, 0x4C, 0x91, 0x27, 0xAC, 0xB3, 0x3E, 0x6B,
-        0x2D, 0x5B, 0x84, 0xF3, 0x68, 0xD7, 0x28, 0xAE, 0xB6, 0x75,
-        0x41, 0x46, 0xF2, 0x50, 0xF4, 0x20, 0x04, 0x4E, 0xB3, 0x0D,
-        0xC3, 0xAE, 0xA9, 0x87, 0x9E, 0xB2, 0x05, 0xAE, 0x33, 0x76,
-        0x76, 0x1A, 0x7A, 0xAB, 0xFD, 0x55, 0x77, 0x64, 0xF0, 0x0A,
-        0x7C, 0x4F, 0x75, 0xE7, 0xBC, 0x09, 0x2D, 0x99, 0x4B, 0x90,
-        0x13, 0x42, 0x62, 0xBD, 0x70, 0x14, 0x39, 0x23, 0x3A, 0x8A,
-        0x32, 0x30, 0xEA, 0x66, 0x24, 0x85, 0xAF, 0x0B, 0xD7, 0x72,
-        0xC4, 0xFC, 0x89, 0xD9, 0xB6, 0x9A, 0x1D, 0xA4, 0x10, 0x50,
-        0x69, 0x98, 0x8E, 0x00, 0xA1, 0xCF, 0x94, 0x6C, 0x1B, 0x79,
-        0x3A, 0xB7, 0xD8, 0x86, 0x1C, 0xD1, 0x95, 0x72, 0x0A, 0x3A,
-        0xDA, 0xEF, 0x26, 0x15, 0xA5, 0xE4, 0x67, 0xD6, 0x04, 0xC5,
-        0x0A, 0xBA, 0x50, 0x21, 0x9C, 0xB7, 0x1A, 0xF1, 0x1F, 0x1D,
-        0x90, 0x5A, 0x6E, 0x40, 0xF8, 0xC1, 0xAB, 0xBD, 0x88, 0xA7,
-        0xB8, 0x25, 0xBD, 0xCB, 0x93, 0xFA, 0x79, 0xAE, 0xAF, 0x1A,
-        0xBD, 0x7B, 0xC4, 0x9F, 0x89, 0x7C, 0xFF, 0xFB, 0x0E, 0x27,
-        0x32, 0x20, 0x6D, 0x47, 0x6B, 0x0E, 0x0D, 0xA1, 0x6A, 0x55,
-        0x7F, 0xFD, 0x73, 0x9B, 0xC5, 0x3F, 0xF8, 0x08, 0xAA, 0xFE,
-        0x0F, 0x7E, 0xAD, 0xB8, 0x13, 0x50, 0x79, 0x8D, 0x58, 0xAF,
-        0xB2, 0xC6, 0x66, 0x24, 0xA8, 0x19, 0xD6, 0x90, 0x81, 0x54,
-        0x92, 0x7B, 0xAF, 0xA8, 0xB8, 0x3D, 0x27, 0xD0, 0xC0, 0x08,
-        0xB6, 0x45, 0x3D, 0x24, 0x46, 0xA0, 0x04, 0x8A, 0x26, 0x95,
-        0xCF, 0x3F, 0x3C, 0x31, 0x43, 0x5D, 0xCA, 0x7A, 0xED, 0xF7,
-        0xD3, 0xB5, 0xA0, 0xEE, 0xDC, 0x97, 0x76, 0xB3, 0x2F, 0x89,
-        0x18, 0x62, 0xAC, 0x4B, 0x8B, 0xFC, 0x06, 0x1E, 0x15, 0xE5,
-        0x25, 0x72, 0x46, 0xB9, 0x02, 0xD9, 0x0C, 0x38, 0xCF, 0x82,
-        0x13, 0x19, 0x6E, 0x18, 0x85, 0xC6, 0x76, 0xF9, 0x10, 0xF9,
-        0xCD, 0x72, 0x05, 0xED, 0x5E, 0xAE, 0xBB, 0xD2, 0xAB, 0x64,
-        0x13, 0x3E, 0x9F, 0x20, 0xCF, 0x8C, 0xC0, 0x37, 0x71, 0x38,
-        0x22, 0x49, 0x38, 0x9C, 0x23, 0xCB, 0x0B, 0xC3, 0xE8, 0xE5,
-        0xEB, 0x31, 0x61, 0x07, 0xFE, 0x2A, 0xAC, 0xDE, 0x90, 0x35,
-        0x24, 0xEB, 0x6B, 0xB6, 0x34, 0x51, 0x9C, 0xE2, 0x7D, 0xD0,
-        0x8B, 0x38, 0xDB, 0x81, 0x7B, 0x24, 0x7B, 0x69, 0x84, 0x1D,
-        0x17, 0x9F, 0x64, 0x63, 0x6F, 0x3F, 0x43, 0xFC, 0xFE, 0x07,
-        0x72, 0x66, 0x84, 0xE3, 0xCD, 0x4F, 0x25, 0x70, 0x81, 0x64,
-        0x66, 0x2C, 0xA8, 0x35, 0x11, 0x1B, 0xF3, 0x03, 0x1B, 0x5B,
-        0xDC, 0xFB, 0x7D, 0xAD, 0x14, 0x11, 0xC8, 0xB1, 0x0C, 0x7E,
-        0x36, 0x79, 0x34, 0x79, 0x1A, 0x88, 0x8A, 0x8F, 0xF6, 0x66,
-        0xB4, 0x95, 0xD4, 0xA1, 0x02, 0xF9, 0x1D, 0x26, 0x53, 0x7A,
-        0x34, 0x00, 0x36, 0x0E, 0xE7, 0xFB, 0x7A, 0x60, 0xF9, 0xC3,
-        0xCF, 0x30, 0xCB, 0xF0, 0x27, 0xB5, 0xD6, 0xCF, 0x15, 0x33,
-        0x53, 0x88, 0x7C, 0x50, 0x07, 0xF4, 0x27, 0xE0, 0x40, 0x47,
-        0xFE, 0x86, 0x0E, 0xFF, 0x07, 0x5F, 0x55, 0xB8, 0x3B, 0xAA,
-        0xFB, 0xB0, 0x6B, 0x98, 0x47, 0x59, 0xB8, 0x33, 0xAA, 0x67,
-        0x6B, 0x36, 0xEB, 0x76, 0x43, 0xAF, 0x31, 0x52, 0x62, 0x3D,
-        0x7F, 0x64, 0x6A, 0xFC, 0x36, 0x92, 0x96, 0xF8, 0xD9, 0xE7,
-        0x13, 0x77, 0x1D, 0xD0, 0xFB, 0x0D, 0x70, 0x29, 0x61, 0x52,
-        0x82, 0xF4, 0xE4, 0xA7, 0x08, 0x47, 0x4C, 0x67, 0xEE, 0x36,
-        0xD1, 0x1C, 0x18, 0x8B, 0xF1, 0x2D, 0xE2, 0x47, 0x16, 0x4D,
-        0x1F, 0x05, 0xC6, 0x4E, 0xFB, 0x35, 0x51, 0x3A, 0x9E, 0xF9,
-        0xE0, 0x1E, 0xC1, 0x64, 0x21, 0x0B, 0x8A, 0xF0, 0x1D, 0x32,
-        0x78, 0x18, 0xF2, 0xB3, 0xB5, 0xBD, 0x66, 0x6B, 0xAD, 0x92,
-        0x4F, 0x22, 0xDC, 0xB9, 0xCC, 0xF4, 0x98, 0x22, 0x99, 0xF6,
-        0x3D, 0xC6, 0x8F, 0x28, 0x77, 0x60, 0x34, 0xD0, 0x73, 0xF5,
-        0x4D, 0x9F, 0x6C, 0x5D, 0x94, 0xC2, 0x3D, 0x19, 0xCD, 0xC2,
-        0x18, 0x41, 0x9B, 0x5F, 0x32, 0x2D, 0x5E, 0x3D, 0x92, 0xBE,
-        0x26, 0x39, 0x85, 0x50, 0xE6, 0xE2, 0x49, 0x17, 0x19, 0xD3,
-        0x57, 0xAF, 0x45, 0x85, 0x74, 0xF7, 0x16, 0x35, 0x0A, 0x94,
-        0x54, 0x64, 0x45, 0xD5, 0x31, 0x51, 0x49, 0x8F, 0xA4, 0x4C,
-        0x33, 0xBB, 0x62, 0x59, 0x6B, 0x08, 0xBD, 0x1C, 0xDD, 0x38,
-        0x93, 0x22, 0x0B, 0xCF, 0x9B, 0x23, 0x87, 0x30, 0xA2, 0xA0,
-        0x6D, 0x97, 0x2D, 0xD7, 0x2B, 0x16, 0x88, 0x72, 0x01, 0x9A,
-        0x51, 0xBA, 0x56, 0xCE, 0xDC, 0xDD, 0xF9, 0x87, 0x41, 0xC8,
-        0x44, 0xF1, 0xA2, 0x20, 0x9A, 0x11, 0x44, 0x13, 0xDF, 0x49,
-        0x04, 0x85, 0x4C, 0x01, 0x46, 0x3E, 0xD6, 0xB8, 0xE2, 0xC2,
-        0x2E, 0xED, 0xA4, 0x07, 0x29, 0x89, 0xA2, 0x46, 0x23, 0x98,
-        0xA5, 0xEF, 0x59, 0x1A, 0xE7, 0x67, 0x64, 0x59, 0xF7, 0x2C,
-        0x5B, 0x30, 0x29, 0x57, 0xE3, 0xDE, 0x5C, 0x84, 0x1B, 0x8F,
-        0x3E, 0xB3, 0x5B, 0xF5, 0x0C, 0x6E, 0xB1, 0x4E, 0x2F, 0xB6,
-        0xB6, 0x5B, 0x29, 0xCD, 0xBB, 0xB8, 0xC9, 0xF0, 0x39, 0xF9,
-        0xB9, 0x11, 0x47, 0xEF, 0xF8, 0x90, 0xE0, 0x0F, 0x91, 0x70,
-        0x97, 0xB4, 0xFC, 0xFD, 0xB5, 0x69, 0x8C, 0x61, 0x9A, 0x26,
-        0xD2, 0xC9, 0x47, 0x67, 0xB7, 0xDB, 0x73, 0x11, 0xA3, 0xC1,
-        0x3B, 0x4E, 0x5F, 0x60, 0xDA, 0x73, 0x39, 0x9B, 0xD4, 0x3D,
-        0x24, 0xA6, 0x8A, 0xB5, 0x56, 0x5D, 0xBD, 0x27, 0xDE, 0x6C,
-        0x67, 0xA1, 0x4A, 0x77, 0xB7, 0x44, 0x1D, 0x28, 0x44, 0xA0,
-        0xA3, 0xF2, 0xEB, 0x3A, 0x9F, 0xE5, 0x5C, 0xF5, 0xE3, 0xFE,
-        0xD0, 0xC3, 0xCA, 0x2A, 0x1A, 0x72, 0x86, 0xB3, 0x4E, 0x9D,
-        0x25, 0x0B, 0x4C, 0xFF, 0x45, 0xB7, 0xDE, 0xE8, 0x8C, 0x0A,
-        0x06, 0xED, 0x30, 0x26, 0x8F, 0xA1, 0xBF, 0x74, 0x22, 0x3D,
-        0x50, 0x39, 0x17, 0xA9, 0x6B, 0x7C, 0xAC, 0xA0, 0x6A, 0xEA,
-        0x14, 0x95, 0x5F, 0xAD, 0x3C, 0xB1, 0x4E, 0xE1, 0x30, 0x2F,
-        0x4A, 0x77, 0x72, 0xC1, 0x1F, 0x4C, 0x91, 0x6B, 0xCF, 0x81,
-        0x46, 0xAF, 0x2D, 0xEC, 0x59, 0x9E, 0x99, 0xD9, 0x60, 0x23,
-        0x95, 0x08, 0x0D, 0xBB, 0xFD, 0xEC, 0x2A, 0xF7, 0x7B, 0x73,
-        0x53, 0xF3, 0x88, 0xB7, 0xAF, 0x51, 0x69, 0xD5, 0x08, 0xFC,
-        0xCC, 0x03, 0xD3, 0x61, 0x5C, 0xDD, 0x39, 0x56, 0x6B, 0xE4,
-        0xEE, 0x1F, 0x0A, 0xD6, 0x1A, 0x84, 0x65, 0x45, 0x0C, 0x0A,
-        0x34, 0xDE, 0x96, 0x24, 0xBB, 0x74, 0xF4, 0xB7, 0xE5, 0x2F,
-        0xB5, 0x1F, 0x85, 0x9D, 0xD7, 0xEA, 0xB3, 0x33, 0xBE, 0xCF,
-        0x19, 0x45, 0xCE, 0xF9, 0x13, 0xF5, 0xFD, 0x65, 0x5D, 0xBB,
-        0xDB, 0x64, 0x94, 0xAC, 0xB8, 0x39, 0xAF, 0x9B, 0x56, 0xE4,
-        0x5C, 0x95, 0x85, 0xFD, 0xB3, 0xF8, 0x3C, 0x98, 0xD3, 0x58,
-        0xCE, 0xAB, 0x09, 0x0E, 0xA7, 0x42, 0x9B, 0x16, 0xA7, 0x63,
-        0xEB, 0xB8, 0x7C, 0x01, 0xA2, 0xD4, 0x3C, 0x2B, 0xA7, 0xA3,
-        0x52, 0x8C, 0x08, 0xA5, 0xA9, 0xAF, 0x63, 0x07, 0xDA, 0x45,
-        0x86, 0x91, 0x64, 0xE6, 0x41, 0x75, 0x78, 0x46, 0x6F, 0xB9,
-        0xB4, 0xEA, 0x6A, 0xDD, 0xC7, 0x1A, 0x1F, 0xC0, 0x8A, 0x00,
-        0x81, 0x70, 0x74, 0x37, 0xC8, 0x84, 0x3F, 0xA8, 0xC9, 0xC1,
-        0xC1, 0x60, 0x2B, 0x25, 0x9B, 0x66, 0x5F, 0x73, 0x15, 0x51,
-        0xE2, 0xE4, 0x49, 0x5B, 0xEE, 0x20, 0xC8, 0x18, 0xE7, 0x65,
-        0xED, 0x29, 0xEA, 0x96, 0x85, 0xB5, 0x63, 0xFB, 0xA6, 0x23,
-        0x22, 0xB7, 0x4F, 0x6E, 0xE3, 0xF2, 0x9C, 0x01, 0x23, 0x7A,
-        0xB9, 0x16, 0x2A, 0x93, 0xAF, 0x4F, 0xEA, 0x05, 0x15, 0x84,
-        0x46, 0x32, 0x2F, 0x99, 0xB8, 0x78, 0x20, 0x78, 0x93, 0xC9,
-        0x42, 0x6D, 0xBC, 0x70, 0xCE, 0x88, 0x6F, 0x12, 0x92, 0x3F,
-        0xDE, 0xFB, 0xDE, 0x8E, 0xD3, 0x69, 0x09, 0x54, 0x7D, 0x0A,
-        0xE1, 0x93, 0x3D, 0x10, 0x04, 0xDE, 0x66, 0x9D, 0x2D, 0xAD,
-        0xA4, 0x53, 0x4C, 0xF6, 0xFC, 0x08, 0xE4, 0x58, 0x05, 0x09,
-        0x78, 0x09, 0xE6, 0xF3, 0xEE, 0x83, 0xC2, 0xD0, 0xA9, 0x04,
-        0xE6, 0xAC, 0x30, 0xD7, 0x34, 0x52, 0xEB, 0xCD, 0x1A, 0x7E,
-        0xB9, 0xCF, 0x18, 0x68, 0x16, 0xB9, 0x9A, 0x18, 0xDA, 0xC8,
-        0xE3, 0x1C, 0xF0, 0x9A, 0x2E, 0x64, 0x28, 0xBE, 0xA4, 0x9F,
-        0xCB, 0xC0, 0x53, 0xE6, 0x2A, 0x88, 0xB5, 0xE7, 0xF3, 0x6F,
-        0x46, 0x1C, 0xBA, 0xAD, 0x76, 0x17, 0x85, 0xAE, 0x95, 0x13,
-        0x7B, 0xF9, 0xB8, 0xD3, 0x08, 0x6A, 0x38, 0x63, 0x67, 0xD8,
-        0x8B, 0x51, 0x8F, 0x49, 0x44, 0xB4, 0x10, 0xB8, 0x74, 0x38,
-        0xDD, 0x17, 0xEA, 0x52, 0x67, 0xB2, 0xCC, 0xC9, 0x77, 0xDD,
-        0x44, 0x2E, 0xDF, 0x03, 0xC7, 0xF4, 0x87, 0xF4, 0xBC, 0x6F,
-        0x94, 0x9F, 0x58, 0xDB, 0xE2, 0x09, 0xA1, 0x4C, 0xCA, 0x89,
-        0x9D, 0x04, 0x5A, 0xAB, 0xDF, 0x8B, 0x82, 0x3F, 0x0E, 0xF2,
-        0xE7, 0xBD, 0x9A, 0x16, 0x3A, 0xAF, 0x72, 0x18, 0xB9, 0x47,
-        0xB3, 0xBC, 0xFE, 0x84, 0x43, 0x92, 0x98, 0xF4, 0x3A, 0x49,
-        0x3A, 0x26, 0xB7, 0xF3, 0x37, 0x54, 0x06, 0xD8, 0x92, 0x09,
-        0xE6, 0xFE, 0x9A, 0xDB, 0x68, 0x16, 0x6F, 0x5D, 0x5D, 0x8E,
-        0xBB, 0xFC, 0xAC, 0x5A, 0x72, 0xFE, 0x0B, 0xEB, 0xDB, 0x90,
-        0xA4, 0x6C, 0x37, 0x1A, 0x8B, 0x5A, 0xD8, 0xE9, 0xF6, 0x15,
-        0xFC, 0x54, 0x1B, 0x95, 0xE3, 0xAE, 0x08, 0x46, 0xB5, 0xFB,
-        0xC5, 0x66, 0xC5, 0x79, 0x17, 0x9D, 0x5C, 0x45, 0xE5, 0x4E,
-        0xFF, 0xA2, 0x86, 0xD7, 0x4F, 0xD4, 0x1D, 0x17, 0xA3, 0x77,
-        0x00, 0x54, 0x70, 0xDF, 0x12, 0xCA, 0xD6, 0x71, 0x05, 0x54,
-        0xFA, 0x47, 0x96, 0x38, 0x2D, 0x4D, 0x70, 0x3E, 0x2E, 0x40,
-        0xE7, 0x52, 0x32, 0x66, 0x4D, 0x92, 0x1B, 0x76, 0x66, 0xF1,
-        0xD4, 0x38, 0x8B, 0x76, 0x47, 0xE1, 0x66, 0xDE, 0xA2, 0x06,
-        0xD7, 0xA7, 0x96, 0x52, 0xED, 0xC9, 0xF3, 0xD6, 0x99, 0xDF,
-        0x2F, 0x98, 0xC5, 0xBF, 0x16, 0x95, 0x80, 0x41, 0xE4, 0xEB,
-        0x8B, 0x16, 0xEF, 0x6A, 0x76, 0x84, 0xE7, 0x5F, 0x6C, 0xBD,
-        0x1D, 0x2A, 0x74, 0x08, 0x5B, 0x4E, 0xCA, 0xE1, 0xF5, 0xD0,
-        0x42, 0x2C, 0x03, 0x9B, 0x80, 0xBD, 0x05, 0x5F, 0x87, 0xF0,
-        0x84, 0x08, 0x96, 0xBE, 0xAC, 0xBF, 0xF1, 0x8F, 0x51, 0x69,
-        0x9E, 0xC2, 0xE9, 0x96, 0x9D, 0x97, 0xCD, 0x56, 0x32, 0x29,
-        0xC8, 0x53, 0xC2, 0x1A, 0x5A, 0xD3, 0xDA, 0x31, 0x94, 0x09,
-        0x35, 0x08, 0x75, 0x27, 0x66, 0xC5, 0x10, 0x5F, 0xD1, 0x94,
-        0x12, 0x03, 0x8A, 0x1B, 0x69, 0x81, 0xEB, 0xBE, 0xBC, 0x6B,
-        0xE4, 0xB9, 0x84, 0x65, 0x7D, 0xE3, 0xFE, 0xFB, 0x45, 0x58,
-        0x31, 0xF3, 0x66, 0x13, 0x64, 0xB2, 0xBD, 0xBC, 0xF6, 0xA5,
-        0x07, 0x07, 0x8A, 0xC8, 0x43, 0xCA, 0x38, 0x94, 0x70, 0xC0,
-        0x25, 0xDA, 0xC6, 0xD9, 0x74, 0x5A, 0x60, 0xE3, 0x9D, 0x74,
-        0x6C, 0x72, 0xF5, 0xAF, 0xD3, 0xD7, 0xF5, 0xBD, 0x17, 0x02,
-        0xE5, 0x17, 0xEC, 0xBD, 0xCB, 0x5D, 0x1A, 0x8F, 0x39, 0x31,
-        0x7E, 0x4B, 0x1F, 0x1A, 0x87, 0xE2, 0x69, 0x65, 0x07, 0x42,
-        0x6D, 0xD2, 0x2D, 0x04, 0x52, 0x51, 0xA7, 0xF2, 0x23, 0xC6,
-        0x01, 0xD1, 0x47, 0x5F, 0x42, 0x44, 0x2A, 0x88, 0x5E, 0xBB,
-        0x98, 0x5A, 0x34, 0xBB, 0x0E, 0x05, 0xA7, 0x1D, 0x7E, 0xFB,
-        0x3E, 0x85, 0xD8, 0x74, 0x70, 0xE8, 0x71, 0xC2, 0x31, 0x80,
-        0x37, 0xF9, 0x15, 0xA4, 0xC1, 0xFC, 0x9B, 0x68, 0x2B, 0x54,
-        0x9B, 0x37, 0x9C, 0xE7, 0x62, 0x80, 0x20, 0x1E, 0x27, 0x78,
-        0xBF, 0x11, 0xC4, 0x86, 0xAC, 0x7B, 0x34, 0x57, 0x76, 0x86,
-        0x77, 0x15, 0x51, 0x7C, 0xDC, 0x32, 0xDF, 0x48, 0xB9, 0xC6,
-        0x63, 0xC6, 0x9A, 0xDE, 0x5E, 0x9D, 0xAB, 0x4A, 0x92, 0xEE,
-        0x0C, 0x10, 0x7E, 0xB5, 0x33, 0x17, 0xF6, 0x0C, 0x8D, 0x26,
-        0x89, 0xCD, 0x2B, 0xB8, 0x49, 0x4A, 0x4D, 0x5D, 0x66, 0x38,
-        0x86, 0x42, 0x37, 0xC5, 0x1B, 0xE7, 0x78, 0x90, 0x21, 0xAE,
-        0x8F, 0xE7, 0x0C, 0x01, 0xB9, 0x31, 0x6A, 0x50, 0x1A, 0x2B,
-        0xDA, 0xC2, 0x99, 0xCB, 0xEB, 0xF9, 0xAE, 0x91, 0x8B, 0xB7,
-        0x08, 0x01, 0x1E, 0xCC, 0x9E, 0x20, 0x05, 0xEC, 0x45, 0x21,
-        0xBE, 0xDE, 0xFE, 0x06, 0x7D, 0x92, 0x9C, 0xE7, 0x47, 0xD9,
-        0x85, 0x63, 0xC3, 0xBB, 0x38, 0x15, 0x2D, 0x94, 0xCA, 0xAF,
-        0xCF, 0xCA, 0x1D, 0x53, 0x1A, 0xBD, 0x23, 0xF1, 0x87, 0x99,
-        0x24, 0xF3, 0x16, 0xE9, 0x7F, 0xBE, 0x00, 0x8A, 0x61, 0xA7,
-        0x65, 0xF7, 0xA9, 0x53, 0x2A, 0x29, 0x20, 0x3E, 0x0B, 0xCF,
-        0x12, 0x69, 0x22, 0x84, 0x27, 0x5D, 0x1C, 0xC8, 0x45, 0xA1,
-        0xA5, 0x5A, 0xB0, 0xDB, 0x95, 0x5D, 0xF7, 0xCE, 0xAC, 0x98,
-        0x44, 0x3B, 0xE1, 0x27, 0x9A, 0x93, 0x5D, 0x2B, 0x8A, 0x20,
-        0xB1, 0x82, 0x2C, 0xDD, 0xB8, 0xCC, 0xFA, 0x77, 0x0F, 0xA7,
-        0x80, 0x00, 0x87, 0x54, 0x1C, 0xCC, 0x0B, 0x1E, 0xF6, 0x52,
-        0x89, 0x03, 0x65, 0x83, 0xF1, 0x97, 0x4E, 0x81, 0x99, 0xE1,
-        0xDD, 0x73, 0x30, 0x31, 0xEC, 0xA7, 0xD5, 0x76, 0x28, 0xC3,
-        0xCE, 0x29, 0x30, 0x7B, 0xB1, 0x27, 0x3F, 0xC4, 0x6D, 0x54,
-        0xAF, 0xE2, 0x84, 0xEA, 0xF5, 0x91, 0xBD, 0xB9, 0x6C, 0x4E,
-        0x98, 0x0F, 0xFB, 0xDE, 0x7C, 0x32, 0xF8, 0xED, 0xEF, 0xD0,
-        0xE9, 0xA3, 0x57, 0xC0, 0x91, 0x06, 0x4C, 0x43, 0x3F, 0x32,
-        0x21, 0xB5, 0xF2, 0x11, 0x5A, 0xDF, 0xFC, 0x7E, 0x91, 0x10,
-        0xC0, 0x4D, 0xD4, 0x4E, 0xA8, 0x38, 0xD6, 0xE0, 0xB6, 0x27,
-        0x38, 0x63, 0xF2, 0xD3, 0xFD, 0x68, 0x4C, 0xDD, 0x76, 0xA9,
-        0x89, 0xCE, 0xBE, 0x7C, 0xAD, 0x45, 0x4C, 0x8C, 0x24, 0xCC,
-        0x32, 0x66, 0x3A, 0x1A, 0x45, 0xDA, 0x47, 0x5C, 0x4C, 0xC6,
-        0x8A, 0x9A, 0xC3, 0x99, 0xFB, 0x4C, 0x94, 0xE2, 0x20, 0xD7,
-        0xE4, 0x37, 0x22, 0x99, 0x32, 0x6F, 0xFB, 0x1C, 0xE5, 0x9B,
-        0xB5, 0xFC, 0xBD, 0xD2, 0xA1, 0xDD, 0x66, 0xD5, 0x47, 0x2F,
-        0x6A, 0xAA, 0x50, 0xF5, 0xE8, 0x1A, 0xDC, 0x74, 0x50, 0x6A,
-        0x92, 0x23, 0x93, 0xED, 0xB0, 0x58, 0x61, 0x7D, 0xB6, 0x5C,
-        0x22, 0x7B, 0x54, 0x75, 0xF0, 0x69, 0xD4, 0x27, 0x0B, 0x70,
-        0x3F, 0xBB, 0x76, 0x63, 0xB3, 0x1D, 0x7E, 0x33, 0x96, 0xD6,
-        0x84, 0x2D, 0x28, 0x4F, 0x97, 0x65, 0xC9, 0x95, 0xCF, 0x30,
-        0xBA, 0xEA, 0x08, 0xF5, 0xC6, 0x24, 0x45, 0x20, 0x85, 0x67,
-        0x9F, 0x34, 0x37, 0x72, 0x44, 0x17, 0x98, 0x5F, 0xD0, 0xCE,
-        0xA8, 0x6E, 0x0E, 0x50, 0x22, 0x14, 0xE1, 0x6B, 0xCB, 0xA5,
-        0x12, 0x2A, 0x36, 0xF1, 0x6E, 0x81, 0x5C, 0x5A, 0x77, 0x4F,
-        0xD7, 0xF9, 0xCE, 0x7A, 0xC9, 0x30, 0x2C, 0x1E, 0x7E, 0xFC,
-        0x24, 0xCB, 0xE4, 0x53, 0xC3, 0x4A, 0x03, 0xED, 0xD5, 0x77,
-        0xC6, 0x55, 0xEB, 0xA2, 0xB4, 0x92, 0x35, 0xE3, 0x20, 0xDA,
-        0xD2, 0x58, 0xE2, 0xCC, 0xC4, 0x4E, 0xBB, 0xE3, 0x8F, 0x75,
-        0xB1, 0xDB, 0x97, 0x15, 0x86, 0x43, 0xE5, 0xD4, 0x4F, 0x44,
-        0x3F, 0x20, 0xE3, 0xB9, 0xA5, 0xFB, 0x3F, 0x36, 0xC9, 0x9C,
-        0xEF, 0x8C, 0xD1, 0x46, 0x67, 0x16, 0xB6, 0xA6, 0x24, 0x8A,
-        0xE9, 0xD7, 0x29, 0x4B, 0x5F, 0x7C, 0x06, 0xEF, 0xD7, 0xBB,
-        0x88, 0xCB, 0x2C, 0xFB, 0x85, 0x19, 0x9F, 0x97, 0x74, 0xFE,
-        0x76, 0x46, 0x44, 0x1E, 0xAD, 0xF3, 0x62, 0xD2, 0xAA, 0x24,
-        0x37, 0xD0, 0x1E, 0xF3, 0xCB, 0x68, 0xE3, 0x17, 0xFF, 0x81,
-        0x90, 0xA3, 0xD6, 0x28, 0xE6, 0xCE, 0x6D, 0x99, 0xF4, 0x2D,
-        0xC6, 0xAE, 0x40, 0x52, 0x32, 0xE9, 0xC1, 0xC6, 0x79, 0x5C,
-        0xF7, 0x69, 0x29, 0x0C, 0x75, 0x9F, 0x48, 0x57, 0x75, 0x1F,
-        0x2F, 0x71, 0x9F, 0x24, 0x90, 0x14, 0xAE, 0xDC, 0x75, 0x2E,
-        0x5E, 0xDD, 0x85, 0xE5, 0x6C, 0xC4, 0x72, 0x58, 0xF0, 0x35,
-        0xDC, 0xFE, 0x03, 0xB7, 0x2F, 0xBD, 0xC3, 0x8A, 0xA3, 0x2C,
-        0x62, 0xE0, 0xCD, 0x37, 0xFA, 0x9E, 0x11, 0xC0, 0x1D, 0xEF,
-        0xB0, 0x58, 0x58, 0x12, 0xAF, 0x25, 0x6D, 0x75, 0x0D, 0x2F,
-        0xBC, 0x89, 0xE9, 0x2E, 0x1E, 0x58, 0x64, 0x35, 0xA8, 0x90,
-        0xC2, 0x61, 0x4D, 0xCE, 0x96, 0xC5, 0xF2, 0x37, 0xBD, 0xB8,
-        0xDE, 0xB4, 0x0E, 0xEB, 0xDD, 0xED, 0xE6, 0x47, 0x24, 0xE6,
-        0x36, 0xC9, 0x22, 0xD3, 0xE7, 0x1A, 0xEF, 0x9E, 0x16, 0x89,
-        0xB9, 0x5C, 0xF4, 0x3B, 0x09, 0x7E, 0x9B, 0x87, 0x7F, 0xD6,
-        0x84, 0x06, 0xCA, 0x0E, 0xA8, 0x54, 0x79, 0xCF, 0x02, 0xF6,
-        0x1B, 0x57, 0x34, 0x9D, 0x97, 0x00, 0x05, 0x8B, 0x75, 0xA3,
-        0x5C, 0x7C, 0xBA, 0xA7, 0x51, 0x85, 0xBC, 0xE6, 0xAC, 0xD9,
-        0xD4, 0x31, 0xB3, 0x3A, 0xBD, 0x82, 0xC8, 0x60, 0x74, 0x46,
-        0xA9, 0x2F, 0xC2, 0x29, 0x08, 0x59, 0x6B, 0x14, 0x19, 0x19,
-        0x39, 0x7F, 0x8B, 0xA2, 0x2A, 0xFD, 0xE3, 0x09, 0x72, 0x50,
-        0x74, 0x88, 0xEE, 0xC6, 0xED, 0x28, 0x37, 0xCD, 0xA9, 0xBA,
-        0x2E, 0xFE, 0x07, 0xDF, 0x5E, 0xF9, 0x18, 0xB4, 0x0E, 0xBF,
-        0x9C, 0x1C, 0xCA, 0x84, 0xBA, 0x62, 0xB9, 0xA2, 0x96, 0x76,
-        0xB6, 0xB7, 0x77, 0x9C, 0xBE, 0x0C, 0xF8, 0xA5, 0xEF, 0x74,
-        0xB1, 0xC2, 0x85, 0xCD, 0xD1, 0x25, 0xD5, 0xFC, 0xFB, 0x2C,
-        0xC7, 0xD6, 0x2F, 0x30, 0x3F, 0x10, 0xEA, 0xA2, 0x99, 0xC4,
-        0x22, 0x58, 0xB3, 0xC4, 0x46, 0x3C, 0x41, 0xE9, 0xE9, 0xA0,
-        0x39, 0x6C, 0x09, 0x89, 0xE3, 0xAE, 0x4E, 0x35, 0xAB, 0x27,
-        0x71, 0x43, 0xEB, 0xA7, 0xFA, 0x68, 0xA8, 0x42, 0x49, 0x3C,
-        0x53, 0x70, 0x35, 0xCA, 0x14, 0xB7, 0x1D, 0xF8, 0x7E, 0x65,
-        0x05, 0x33, 0xE3, 0x5A, 0x86, 0xCD, 0xA5, 0x18, 0x02, 0x24,
-        0x23, 0xAD, 0x52, 0x6A, 0x47, 0x13, 0x14, 0x95, 0xD2, 0xF1,
-        0xE1, 0x6F, 0x61, 0x70, 0x4F, 0xDC, 0x1A, 0x03, 0x0E, 0xD7,
-        0x07, 0xBD, 0x84, 0x43, 0x65, 0x76, 0x9F, 0xFB, 0x1E, 0x89,
-        0xEB, 0x92, 0x5E, 0xDE, 0x5B, 0xAA, 0x54, 0xEE, 0x0A, 0xF5,
-        0x4A, 0x79, 0x46, 0xDA, 0xC1, 0xEC, 0x2F, 0xBC, 0xDD, 0xE5,
-        0x61, 0xFA, 0xED, 0xB6, 0x97, 0x9C, 0x90, 0xD8, 0xF3, 0x2E,
-        0x04, 0xCF, 0xB5, 0x89, 0x74, 0xC2, 0xD1, 0x70, 0xE0, 0x0F,
-        0x53, 0x14, 0x09, 0x6A, 0x19, 0x5A, 0x65, 0xAC, 0xAA, 0x3C,
-        0x25, 0x79, 0x43, 0x27, 0x47, 0x18, 0x19, 0x7A, 0x74, 0xD7,
-        0x73, 0x43, 0xBD, 0x50, 0x1F, 0x68, 0xAF, 0xDF, 0x3E, 0x2A,
-        0xC4, 0xDC, 0x6F, 0x85, 0x2A, 0xBC, 0x0F, 0x39, 0x4B, 0x97,
-        0x6D, 0x2D, 0x87, 0x5F, 0x9A, 0x07, 0x82, 0xC7, 0x69, 0xB9,
-        0xF2, 0xEF, 0xE3, 0x3C, 0x3C, 0x74, 0xB2, 0xFD, 0x81, 0x6F,
-        0xC3, 0xAC, 0x93, 0x22, 0x49, 0xB5, 0x73, 0x5C, 0x58, 0x6E,
-        0x5F, 0x7A, 0x6B, 0x91, 0x02, 0x25, 0x3B, 0xC8, 0x24, 0xD7,
-        0xEF, 0xC8, 0x10, 0xD7, 0x54, 0xD4, 0xA7, 0xC1, 0x88, 0x77,
-        0xDD, 0xCD, 0x3A, 0x92, 0xE5, 0x1D, 0xA1, 0x33, 0x10, 0xA4,
-        0xF6, 0xB4, 0x43, 0xA4, 0xDB, 0x77, 0x4C, 0x91, 0x7C, 0xED,
-        0xDD, 0xC7, 0xB9, 0x5A, 0xB4, 0x2A, 0x6C, 0x78, 0x54, 0xCA,
-        0xBD, 0x16, 0x0C, 0x8C, 0x68, 0xE8, 0xBC, 0xDE, 0x65, 0x2F,
-        0xAF, 0xEF, 0x09, 0xDC, 0x7C, 0x17, 0x7D, 0x05, 0xF7, 0xB1,
-        0x8D, 0x09, 0x94, 0xDC, 0xF2, 0xAE, 0xF4, 0x21, 0x54, 0xF9,
-        0x3E, 0xB0, 0x2A, 0x73, 0xFE, 0x9C, 0x51, 0xEB, 0x1E, 0x7B,
-        0xFE, 0x65, 0xCB, 0x53, 0x80, 0x5B, 0xD2, 0x05, 0xA1, 0xE9,
-        0xCB, 0x75, 0x60, 0x46, 0x08, 0x07, 0x83, 0x27, 0x4E, 0xD4,
-        0xBF, 0x70, 0x83, 0xDE, 0xA9, 0xB4, 0x22, 0x55, 0xF1, 0x5F,
-        0x91, 0x88, 0x4A, 0x43, 0xC1, 0xBF, 0x0A, 0xEF, 0xA7, 0xFF,
-        0xE5, 0xA6, 0x50, 0xDD, 0xFD, 0x6E, 0x22, 0xFF, 0xC1, 0x55,
-        0x82, 0x0B, 0x42, 0x86, 0x42, 0xA7, 0x91, 0xD3, 0x62, 0x69,
-        0xB2, 0x8D, 0x11, 0xC5, 0xB8, 0x4F, 0xBF, 0x4D, 0xFE, 0x37,
-        0x12, 0x1F, 0xBF, 0xDE, 0xA5, 0x86, 0xAD, 0xC7, 0x2C, 0x7F,
-        0x27, 0x01, 0xB0, 0xA1, 0xED, 0x7D, 0xCE, 0x33, 0x68, 0x97,
-        0x2E, 0xA4, 0xF4, 0xEE, 0xA4, 0x36, 0x67, 0xE3, 0xAB, 0x89,
-        0xF8, 0xCE, 0xF7, 0x01, 0xB1, 0x83, 0xFB, 0x54, 0xAA, 0x69,
-        0x05, 0x76, 0x24, 0xD9, 0x76, 0x9F, 0xA3, 0x9C, 0x52, 0x8C,
-        0x2E, 0x27, 0xB9, 0xA3, 0x6E, 0xE2, 0xC0, 0x02, 0x09, 0xC6,
-        0x18, 0xAD, 0x42, 0x88, 0x6B, 0x2F, 0x5D, 0xB4, 0xF7, 0xC6,
-        0xB4, 0x18, 0xB7, 0x88, 0x0B, 0x81, 0x2C, 0x25, 0xCE, 0xC3,
-        0x7E, 0x9E, 0xAE, 0xBB, 0x35, 0x3C, 0xEC, 0x78, 0x46, 0x8F,
-        0x03, 0x16, 0x5E, 0x5B, 0x08, 0x63, 0xFB, 0xBC, 0x78, 0x75,
-        0xAB, 0x07, 0x1A, 0xA7, 0x96, 0x41, 0xCD, 0xDC, 0x3B, 0x59,
-        0xDB, 0x02, 0xBE, 0x42, 0x09, 0xF5, 0x87, 0x96, 0x5D, 0x63,
-        0xC9, 0x8E, 0x06, 0xA2, 0xFF, 0xCE, 0xCD, 0xF3, 0xDE, 0x93,
-        0x79, 0x63, 0x92, 0xD2, 0xB9, 0x1D, 0x76, 0x7E, 0x4F, 0x36,
-        0x2A, 0x89, 0x7B, 0x93, 0xC1, 0x35, 0x0A, 0x83, 0x8B, 0xD6,
-        0xF4, 0xEA, 0x2A, 0x72, 0xA9, 0xE7, 0x6A, 0x77, 0x43, 0x14,
-        0x49, 0x5B, 0x01, 0xD9, 0xE7, 0x72, 0x15, 0xD9, 0x9C, 0xBE,
-        0x87, 0x90, 0x2A, 0x7F, 0x68, 0x02, 0x1C, 0xB5, 0xA1, 0xC6,
-        0x7B, 0x24, 0x49, 0xBF, 0x8E, 0x3D, 0xE0, 0xBA, 0x1C, 0x78,
-        0x0A, 0x7C, 0x69, 0x82, 0xA1, 0x2F, 0xB6, 0x52, 0xC5, 0x25,
-        0xD8, 0x9D, 0x4B, 0x38, 0xAA, 0xBA, 0xF7, 0x4C, 0xC4, 0xC2,
-        0xAE, 0xED, 0x6C, 0x28, 0x1C, 0x76, 0xA9, 0x96, 0x08, 0xAB,
-        0xC4, 0x15, 0xBC, 0x3E, 0xD7, 0xCC, 0xC4, 0xA2, 0xD4, 0x93,
-        0xD1, 0x3A, 0xF4, 0x2F, 0x17, 0xDB, 0x1C, 0xBD, 0xCA, 0x0D,
-        0x5C, 0xF9, 0x69, 0x32, 0xAF, 0xC5, 0x27, 0x37, 0xFC, 0x1B,
-        0xBB, 0x8A, 0x5D, 0x41, 0xA9, 0xC7, 0xE7, 0xC5, 0x2E, 0x78,
-        0xE3, 0x7A, 0x5A, 0x25, 0x49, 0x2A, 0x06, 0x3D, 0x15, 0x58,
-        0x56, 0xFB, 0x66, 0xEC, 0x30, 0x7D, 0xF4, 0x02, 0xF3, 0x53,
-        0x3D, 0x0D, 0xDD, 0xFE, 0xB5, 0x66, 0xB0, 0xD0, 0xAA, 0x0E,
-        0x6A, 0x76, 0xA6, 0xAB, 0x87, 0x14, 0xFB, 0x47, 0xAC, 0x26,
-        0x53, 0xA9, 0x2C, 0xF3, 0xD5, 0xA6, 0x4F, 0xF0, 0x3A, 0x7E,
-        0x78, 0xC5, 0x69, 0x1F, 0xB7, 0xDC, 0xC4, 0xE8, 0xD7, 0x44,
-        0x7B, 0xB2, 0xC4, 0x50, 0x68, 0xF4, 0x33, 0xFC, 0x65, 0x0D,
-        0xDC, 0xCD, 0x71, 0xCB, 0x9C, 0x65, 0x3B, 0x72, 0xB7, 0x19,
-        0x70, 0x45, 0xA7, 0x36, 0xA4, 0xCF, 0xE7, 0x6F, 0xC8, 0xF9,
-        0x67, 0x52, 0x22, 0x8F, 0x8F, 0x64, 0x89, 0xD3, 0x3E, 0x50,
-        0xCC, 0xBE, 0x2B, 0xF3, 0x0A, 0x22, 0x96, 0x33, 0x56, 0x30,
-        0x27, 0x3F, 0x42, 0xDE, 0x69, 0xA3, 0x63, 0xDE, 0x41, 0x94,
-        0x02, 0x97, 0x9D, 0x58, 0xF3, 0x27, 0xE3, 0xFE, 0x94, 0x10,
-        0x20, 0x55, 0x52, 0xD2, 0x46, 0xFB, 0x5E, 0x8C, 0xDF, 0x71,
-        0x9B, 0xBF, 0x33, 0x79, 0x7C, 0xF3, 0x78, 0xA3, 0x75, 0x84,
-        0x6C, 0x13, 0xEF, 0xC0, 0x43, 0x82, 0xAC, 0xF0, 0x97, 0x7D,
-        0x2A, 0xBC, 0xA3, 0xB7, 0xCD, 0x4C, 0x99, 0xB9, 0xB1, 0xE9,
-        0x38, 0x5C, 0x97, 0xB3, 0xC0, 0x2C, 0xBD, 0x6F, 0xF7, 0x14,
-        0x26, 0x3A, 0x27, 0x31, 0x52, 0x81, 0x04, 0x88, 0xE6, 0xD8,
-        0x43, 0x21, 0x78, 0x87, 0x7C, 0x7E, 0x28, 0x26, 0x4F, 0x93,
-        0x9D, 0x7B, 0x2D, 0x02, 0x6E, 0x91, 0x74, 0xD9, 0x2C, 0xF7,
-        0x43, 0xD8, 0x66, 0x81, 0x91, 0x21, 0xA1, 0xEE, 0xBC, 0x78,
-        0x71, 0x80, 0x78, 0x54, 0x16, 0x59, 0x37, 0xB8, 0x69, 0xD3,
-        0x49, 0x40, 0xAB, 0x03, 0x47, 0x36, 0xFD, 0x5D, 0x60, 0x57,
-        0x8F, 0xBE, 0xA8, 0xA0, 0x21, 0x38, 0x43, 0xA9, 0x5C, 0x9F,
-        0xAD, 0xD8, 0xAE, 0x97, 0xA3, 0x0F, 0xFC, 0xE4, 0x4A, 0xCF,
-        0x9F, 0xE9, 0x75, 0x3D, 0x60, 0x91, 0x55, 0x5C, 0x0A, 0xB9,
-        0x18, 0xEF, 0xD4, 0x08, 0x58, 0x06, 0x64, 0xA1, 0x45, 0xA7,
-        0x5D, 0x3F, 0x13, 0x87, 0x49, 0x76, 0x8B, 0x1B, 0x54, 0x9C,
-        0x61, 0x05, 0xC6, 0x2C, 0xED, 0x24, 0x1B, 0x7F, 0x9E, 0x9B,
-        0x17, 0xBB, 0x84, 0xD8, 0xE2, 0x55, 0x69, 0x0E, 0xCF, 0xB2,
-        0xC3, 0x61, 0x35, 0x0D, 0x86, 0xD7, 0x81, 0x75, 0x43, 0x98,
-        0x29, 0xDF, 0x19, 0x9C, 0xFB, 0xC0, 0xC0, 0x5A, 0x7E, 0xF7,
-        0xC6, 0x86, 0xEF, 0x6E, 0xBA, 0x26, 0x1D, 0x07, 0xF9, 0xC0,
-        0x1F, 0xC0, 0x8E, 0x41, 0x8F, 0x1A, 0xE3, 0x51, 0xE2, 0xD7,
-        0xCA, 0x28, 0x7D, 0x7A, 0xA7, 0x57, 0xA3, 0x2D, 0x98, 0x56,
-        0x32, 0x9D, 0xC0, 0xF8, 0x23, 0x1D, 0x2C, 0xF6, 0x64, 0x1E,
-        0x70, 0x33, 0xD4, 0x8F, 0xF9, 0xB0, 0xF4, 0x57, 0x7F, 0xD1,
-        0x9A, 0xD4, 0x1A, 0x7E, 0xB6, 0x07, 0xAA, 0x54, 0x19, 0x0D,
-        0x5D, 0xB8, 0x26, 0x45, 0x1B, 0x38, 0x14, 0x20, 0xFB, 0xAA,
-        0x09, 0x71, 0xAF, 0x96, 0xB1, 0x17, 0xF3, 0x45, 0xA3, 0xA6,
-        0x90, 0x52, 0x3C, 0x3B, 0x43, 0x9A, 0x8D, 0xE3, 0xB1, 0xC5,
-        0xE4, 0x32, 0x6C, 0xE0, 0x17, 0x98, 0x43, 0x34, 0x54, 0x10,
-        0x17, 0x82, 0x27, 0xE8, 0x8F, 0x99, 0x88, 0x98, 0x26, 0x70,
-        0x19, 0xD1, 0x2D, 0x23, 0x02, 0x5F, 0x44, 0x71, 0x2A, 0xF6,
-        0x48, 0x83, 0x34, 0x3A, 0x37, 0x11, 0x9C, 0xA1, 0xCE, 0xF0,
-        0xD7, 0x6E, 0xF7, 0x2B, 0xA3, 0xFC, 0x07, 0x40, 0x64, 0x1A,
-        0xF1, 0xF6, 0xF8, 0x90, 0x21, 0x1C, 0x0E, 0x85, 0xAA, 0xC1,
-        0xF7, 0x16, 0xF5, 0x4D, 0x27, 0x8E, 0x91, 0x4E, 0x84, 0x19,
-        0xDB, 0x8C, 0xEA, 0x00, 0xEA, 0xA6, 0x86, 0x18, 0x2C, 0x8B,
-        0x46, 0x5F, 0xED, 0x61, 0x38, 0x28, 0x31, 0x4A, 0x1A, 0x12,
-        0x19, 0x6C, 0x2D, 0x43, 0x0E, 0xD0, 0xDD, 0x4B, 0xFA, 0xA0,
-        0x39, 0xC2, 0x4B, 0x31, 0xD9, 0x56, 0xB4, 0x9E, 0xB5, 0xD1,
-        0x79, 0xA3, 0x35, 0xC7, 0xAF, 0xFD, 0x0E, 0x11, 0xC7, 0x0F,
-        0x55, 0x1D, 0xCA, 0x71, 0xD1, 0x37, 0x3B, 0xC2, 0x72, 0xA0,
-        0xDB, 0xEE, 0xA0, 0xF2, 0x28, 0xF4, 0x77, 0x34, 0x7D, 0x9F,
-        0xE8, 0x38, 0xD0, 0xF1, 0xEB, 0x51, 0x95, 0x93, 0x5D, 0x7B,
-        0x4F, 0xE7, 0x1A, 0xD5, 0xA1, 0xF1, 0xF1, 0x85, 0xF7, 0x58,
-        0x5C, 0x2C, 0x49, 0xAF, 0xDC, 0x93, 0xFE, 0x73, 0x0F, 0xC8,
-        0xC8, 0x26, 0x1B, 0xDE, 0xD8, 0xA6, 0x8A, 0x44, 0xB4, 0x2B,
-        0x67, 0xBD, 0x8E, 0xFF, 0xA5, 0x8C, 0x18, 0x95, 0xD3, 0x02,
-        0x7F, 0x28, 0x93, 0xAE, 0x84, 0x1E, 0xB0, 0x5C, 0x70, 0x57,
-        0x1C, 0xFF, 0x75, 0x95, 0xBF, 0xAD, 0x95, 0xF3, 0x3C, 0x19,
-        0xA0, 0x7A, 0x0F, 0x62, 0x65, 0xF0, 0x0F, 0x18, 0x1E, 0x48,
-        0xB3, 0x85, 0x5D, 0x11, 0x47, 0xC9, 0x95, 0x75, 0xBE, 0xFA,
-        0x2D, 0x56, 0x35, 0xD0, 0x7A, 0x75, 0x68, 0xEA, 0x7D, 0x01,
-        0x9E, 0xD5, 0x28, 0x9E, 0x80, 0x09, 0xE5, 0xE9, 0xF8, 0xD3,
-        0x11, 0xA6, 0xC7, 0x5E, 0xD6, 0x38, 0x8B, 0x96, 0x7A, 0xFB,
-        0xD8, 0x27, 0xD4, 0x47, 0x6B, 0x50, 0xAB, 0x21, 0x4E, 0xFB,
-        0xC2, 0xA1, 0x8C, 0xB7, 0x50, 0xE2, 0xF7, 0xC3, 0x4C, 0x66,
-        0x04, 0x28, 0x17, 0x5D, 0x6F, 0x48, 0x39, 0x9A, 0x0B, 0x4A,
-        0xB0, 0x75, 0xDF, 0xA9, 0x6E, 0xE0, 0x72, 0x20, 0x68, 0xC5,
-        0x9C, 0xDB, 0x41, 0xA4, 0xF9, 0xA4, 0xF5, 0x1D, 0xDD, 0x89,
-        0x83, 0x11, 0xDD, 0x3A, 0xA4, 0x76, 0x38, 0x62, 0x75, 0x4C,
-        0x5D, 0xC7, 0xF5, 0x99, 0x75, 0xFB, 0xB7, 0x87, 0xB8, 0x77,
-        0x2B, 0x45, 0xEF, 0xC5, 0xE5, 0x10, 0xD9, 0x6B, 0x4C, 0x72,
-        0x4B, 0x42, 0x13, 0x71, 0x3C, 0x9C, 0x2C, 0x2E, 0xFB, 0xA2,
-        0x3A, 0xCD, 0x2B, 0x83, 0x12, 0xA7, 0xF3, 0xA5, 0xCE, 0x4B,
-        0x77, 0x2B, 0xF5, 0x71, 0xA0, 0x1A, 0x40, 0x7F, 0xED, 0x97,
-        0x4B, 0x0C, 0xA0, 0x55, 0x6B, 0x69, 0x73, 0x52, 0x47, 0x6A,
-        0x20, 0xCB, 0xEE, 0xE0, 0xBE, 0x97, 0x8F, 0x05, 0xE0, 0x84,
-        0x4A, 0x6E, 0x40, 0xCC, 0x02, 0x2C, 0xA8, 0x45, 0xD4, 0x6B,
-        0xD4, 0xCD, 0x41, 0x29, 0xBE, 0x99, 0x3B, 0x51, 0x0F, 0x9C,
-        0x70, 0x75, 0x83, 0x3D, 0x42, 0xCF, 0xA9, 0x02, 0xF3, 0x68,
-        0x3C, 0x96, 0xE1, 0x36, 0x46, 0xB7, 0x86, 0x16, 0x03, 0x2C,
-        0xBB, 0x71, 0x21, 0xBF, 0x13, 0x52, 0x03, 0x42, 0x31, 0xE3,
-        0xA3, 0x26, 0xEE, 0xD7, 0x86, 0x78, 0xDA, 0x9E, 0x9A, 0x50,
-        0xD1, 0x9C, 0x5B, 0xB7, 0xEB, 0xCF, 0x0A, 0x6D, 0x10, 0xA0,
-        0xAB, 0x8C, 0x65, 0x4B, 0xFA, 0x9E, 0xAC, 0x0B, 0x66, 0x56,
-        0xC7, 0x5D, 0x85, 0x88, 0x53, 0x1B, 0xC2, 0x37, 0xCC, 0x94,
-        0x2E, 0xE1, 0xB1, 0xF7, 0xCC, 0x1F, 0x59, 0x24, 0xEC, 0x1A,
-        0x27, 0xFA, 0x8D, 0xE5, 0x86, 0x9E, 0x3F, 0x21, 0xDA, 0x15,
-        0xAE, 0xC7, 0x6C, 0xFB, 0x17, 0x0D, 0xF5, 0xCB, 0xE3, 0xB8,
-        0x36, 0x95, 0x0F, 0xBD, 0x84, 0x19, 0x1D, 0xF5, 0x4F, 0x17,
-        0xB8, 0x71, 0x9C, 0x0E, 0x3D, 0xD8, 0xFD, 0x9B, 0xD4, 0x0D,
-        0x2D, 0x16, 0x5D, 0x75, 0xE7, 0x25, 0x94, 0x3D, 0xD3, 0x0C,
-        0x07, 0x3D, 0x04, 0x46, 0xC8, 0x8F, 0x65, 0x06, 0xC7, 0x11,
-        0xB2, 0xAB, 0x41, 0x5E, 0x96, 0x0C, 0x68, 0x76, 0x7D, 0x6D,
-        0xB8, 0xB5, 0x27, 0x01, 0x2C, 0x00, 0xC2, 0xA0, 0x40, 0xB8,
-        0xF7, 0xC6, 0x39, 0x56, 0xCF, 0x25, 0x56, 0xB3, 0x10, 0x04,
-        0xE9, 0xC3, 0x85, 0x47, 0xE8, 0x6E, 0xC7, 0x89, 0xFE, 0x80,
-        0x9A, 0x50, 0x9E, 0xBD, 0xF3, 0x2E, 0x5E, 0x96, 0x0A, 0xA8,
-        0xB7, 0x6C, 0x5B, 0x9E, 0x32, 0x1E, 0x75, 0x68, 0x5E, 0x74,
-        0x88, 0xFC, 0xC5, 0x3D, 0xB9, 0x21, 0x0A, 0xAD, 0x6D, 0xF6,
-        0xBE, 0x2D, 0x9A, 0x8A, 0xA5, 0x2A, 0x40, 0x3C, 0xF6, 0x4C,
-        0xFE, 0x18, 0xE3, 0x44, 0x7A, 0x5F, 0x31, 0x1A, 0xEE, 0x95,
-        0x07, 0x96, 0xC1, 0x27, 0x7F, 0x64, 0x4E, 0xF0, 0x19, 0x2D,
-        0x36, 0x33, 0x5D, 0x23, 0xC9, 0xC2, 0x36, 0x91, 0x22, 0xC9,
-        0x58, 0x8C, 0xE4, 0xF1, 0x19, 0xD0, 0xBF, 0x51, 0xAA, 0x14,
-        0x4C, 0x15, 0x4A, 0x93, 0xF3, 0x16, 0x6A, 0x21, 0xBE, 0xDE,
-        0xA5, 0x4C, 0x84, 0xC5, 0x65, 0x06, 0xA7, 0x11, 0xDC, 0x00,
-        0x5F, 0x0F, 0xF1, 0xDA, 0xA2, 0x11, 0xAB, 0x64, 0xE0, 0x1F,
-        0x1A, 0x65, 0x32, 0xA7, 0x69, 0x65, 0xAF, 0x64, 0x95, 0x90,
-        0xF1, 0xA5, 0xFA, 0x32, 0x4C, 0x59, 0x61, 0x87, 0x3D, 0x94,
-        0x82, 0x7E, 0xE4, 0x04, 0x7B, 0x8A, 0xCD, 0x54, 0x00, 0x2A,
-        0xC5, 0xC3, 0xB7, 0x2F, 0x8A, 0xA8, 0x19, 0x39, 0x93, 0x53,
-        0x3E, 0xEB, 0xE7, 0x8F, 0xF7, 0xCF, 0xDA, 0x8A, 0x4E, 0xAB,
-        0x91, 0x3D, 0xA3, 0x40, 0x55, 0x64, 0xE7, 0x48, 0x90, 0x03,
-        0xE5, 0xE6, 0x03, 0xE8, 0x2A, 0x23, 0x78, 0x6F, 0xCA, 0xDE,
-        0x7C, 0x6E, 0x56, 0x5B, 0xC8, 0x6D, 0x8C, 0x2F, 0xC8, 0x6C,
-        0x7D, 0xD8, 0x60, 0x43, 0x8C, 0xF3, 0xE9, 0x9E, 0x70, 0x73,
-        0xAC, 0x85, 0xB4, 0xA3, 0x29, 0x86, 0x88, 0x60, 0x6D, 0xDD,
-        0x21, 0x07, 0x09, 0x8B, 0xFB, 0xA1, 0x67, 0xA5, 0xDA, 0x9D,
-        0xCC, 0x2E, 0xE3, 0xBE, 0xAE, 0x06, 0x0E, 0x41, 0x4E, 0xBE,
-        0x5F, 0xE4, 0x93, 0x81, 0xE8, 0x06, 0xAA, 0x2C, 0xC9, 0x1B,
-        0x1C, 0x5A, 0x9E, 0x01, 0xEF, 0xFF, 0x82, 0x84, 0xD9, 0x2B,
-        0x05, 0x20, 0x0D, 0xE1, 0x14, 0x6C, 0x0A, 0x85, 0x16, 0x2E,
-        0x79, 0xA3, 0x64, 0xBF, 0xFC, 0x89, 0xB8, 0xFD, 0xB0, 0xC8,
-        0x39, 0x9A, 0x83, 0x1B, 0x74, 0x41, 0x7C, 0xEA, 0xFD, 0x5F,
-        0x83, 0x19
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
+static const unsigned char bench_dilithium_level2_pubkey[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b,
+    0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81,
+    0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31,
+    0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a,
+    0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79,
+    0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7,
+    0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8,
+    0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c,
+    0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02,
+    0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26,
+    0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a,
+    0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38,
+    0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d,
+    0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4,
+    0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb,
+    0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8,
+    0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c,
+    0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72,
+    0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe,
+    0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa,
+    0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92,
+    0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5,
+    0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2,
+    0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b,
+    0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e,
+    0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77,
+    0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58,
+    0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad,
+    0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55,
+    0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f,
+    0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc,
+    0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27,
+    0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d,
+    0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51,
+    0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18,
+    0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21,
+    0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79,
+    0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b,
+    0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f,
+    0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50,
+    0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d,
+    0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83,
+    0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46,
+    0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5,
+    0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19,
+    0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b,
+    0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc,
+    0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20,
+    0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45,
+    0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff,
+    0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07,
+    0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a,
+    0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e,
+    0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5,
+    0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00,
+    0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d,
+    0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34,
+    0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3,
+    0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12,
+    0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1,
+    0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37,
+    0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde,
+    0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9,
+    0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee,
+    0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f,
+    0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b,
+    0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4,
+    0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf,
+    0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3,
+    0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75,
+    0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87,
+    0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45,
+    0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f,
+    0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39,
+    0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf,
+    0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d,
+    0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55,
+    0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0,
+    0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49,
+    0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3,
+    0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6,
+    0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71,
+    0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d,
+    0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a,
+    0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac,
+    0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9,
+    0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe,
+    0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e,
+    0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2,
+    0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7,
+    0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9,
+    0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f,
+    0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d,
+    0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa,
+    0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60,
+    0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef,
+    0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82,
+    0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83,
+    0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61,
+    0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e,
+    0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2,
+    0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37,
+    0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f,
+    0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3,
+    0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34,
+    0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9,
+    0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12,
+    0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e,
+    0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a,
+    0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5,
+    0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7,
+    0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9,
+    0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76,
+    0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7,
+    0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66,
+    0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99,
+    0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a,
+    0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1,
+    0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68,
+    0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39,
+    0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a,
+    0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81,
+    0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42,
+    0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d,
+    0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6,
+    0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
+    0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
+    0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
+    0xfe, 0x4b,
+};
+static const int sizeof_bench_dilithium_level2_pubkey =
+    sizeof(bench_dilithium_level2_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
+static const unsigned char bench_dilithium_level3_key[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x72, 0xdd, 0x85, 0x06, 0xf6, 0x94, 0x0a, 0x57,
+    0x52, 0xcd, 0xac, 0x83, 0x4a, 0xe5, 0xbe, 0xa4, 0x30, 0x79,
+    0x9e, 0xc6, 0xd6, 0x04, 0xc8, 0x73, 0xdc, 0x5e, 0x41, 0x75,
+    0x2f, 0xac, 0x76, 0x57, 0x03, 0x08, 0x46, 0xcb, 0xaf, 0x4c,
+    0x6a, 0x4f, 0x20, 0x18, 0xb3, 0x2e, 0x11, 0x54, 0xb5, 0x94,
+    0xe6, 0x6f, 0x76, 0xf6, 0xb9, 0x73, 0x9a, 0x07, 0x73, 0xe8,
+    0x90, 0xd1, 0x04, 0xda, 0xc5, 0x97, 0xb9, 0x52, 0x51, 0xc8,
+    0xc9, 0xcc, 0x87, 0x29, 0xa1, 0xde, 0x79, 0x9b, 0xf8, 0x7f,
+    0x80, 0x3f, 0xfd, 0xb3, 0x24, 0xa5, 0xba, 0xf5, 0xd6, 0xd4,
+    0x07, 0xbd, 0xa7, 0x1b, 0xd0, 0xe1, 0xd0, 0x43, 0x14, 0x52,
+    0x27, 0x03, 0x33, 0x76, 0x00, 0x67, 0x30, 0x23, 0x76, 0x34,
+    0x72, 0x02, 0x41, 0x62, 0x12, 0x43, 0x86, 0x30, 0x18, 0x28,
+    0x46, 0x27, 0x45, 0x20, 0x88, 0x33, 0x54, 0x10, 0x03, 0x81,
+    0x44, 0x50, 0x06, 0x44, 0x56, 0x30, 0x37, 0x38, 0x38, 0x46,
+    0x03, 0x85, 0x01, 0x86, 0x43, 0x80, 0x78, 0x28, 0x83, 0x55,
+    0x37, 0x44, 0x80, 0x12, 0x17, 0x51, 0x78, 0x46, 0x22, 0x01,
+    0x53, 0x54, 0x63, 0x87, 0x77, 0x38, 0x11, 0x81, 0x43, 0x30,
+    0x15, 0x47, 0x66, 0x11, 0x40, 0x65, 0x70, 0x56, 0x62, 0x28,
+    0x21, 0x65, 0x30, 0x45, 0x63, 0x53, 0x31, 0x80, 0x81, 0x71,
+    0x23, 0x62, 0x85, 0x03, 0x07, 0x56, 0x16, 0x28, 0x18, 0x35,
+    0x07, 0x38, 0x60, 0x68, 0x17, 0x30, 0x15, 0x20, 0x04, 0x13,
+    0x13, 0x61, 0x51, 0x58, 0x00, 0x37, 0x51, 0x58, 0x14, 0x06,
+    0x12, 0x55, 0x13, 0x46, 0x76, 0x05, 0x51, 0x87, 0x32, 0x62,
+    0x50, 0x41, 0x88, 0x24, 0x50, 0x31, 0x65, 0x36, 0x31, 0x02,
+    0x75, 0x35, 0x78, 0x27, 0x36, 0x08, 0x01, 0x77, 0x22, 0x77,
+    0x30, 0x80, 0x11, 0x21, 0x28, 0x26, 0x68, 0x27, 0x13, 0x70,
+    0x50, 0x44, 0x88, 0x20, 0x50, 0x67, 0x65, 0x74, 0x17, 0x46,
+    0x50, 0x16, 0x42, 0x75, 0x35, 0x12, 0x60, 0x12, 0x17, 0x13,
+    0x36, 0x72, 0x04, 0x77, 0x07, 0x55, 0x20, 0x27, 0x15, 0x02,
+    0x25, 0x12, 0x57, 0x71, 0x37, 0x45, 0x43, 0x34, 0x40, 0x31,
+    0x78, 0x50, 0x31, 0x28, 0x17, 0x84, 0x87, 0x43, 0x25, 0x75,
+    0x58, 0x05, 0x61, 0x56, 0x41, 0x44, 0x57, 0x67, 0x85, 0x54,
+    0x00, 0x88, 0x88, 0x50, 0x68, 0x11, 0x14, 0x42, 0x08, 0x74,
+    0x73, 0x00, 0x38, 0x08, 0x45, 0x28, 0x62, 0x43, 0x36, 0x20,
+    0x30, 0x10, 0x87, 0x83, 0x67, 0x62, 0x02, 0x48, 0x46, 0x50,
+    0x08, 0x08, 0x41, 0x43, 0x78, 0x22, 0x65, 0x87, 0x43, 0x84,
+    0x25, 0x36, 0x58, 0x64, 0x30, 0x10, 0x20, 0x68, 0x82, 0x47,
+    0x60, 0x31, 0x76, 0x68, 0x74, 0x68, 0x75, 0x61, 0x16, 0x26,
+    0x82, 0x50, 0x32, 0x61, 0x41, 0x22, 0x38, 0x20, 0x86, 0x75,
+    0x74, 0x00, 0x77, 0x12, 0x81, 0x35, 0x51, 0x78, 0x88, 0x64,
+    0x82, 0x00, 0x41, 0x55, 0x62, 0x87, 0x51, 0x41, 0x74, 0x51,
+    0x53, 0x27, 0x33, 0x84, 0x68, 0x86, 0x57, 0x60, 0x44, 0x30,
+    0x22, 0x32, 0x10, 0x52, 0x22, 0x83, 0x48, 0x53, 0x66, 0x74,
+    0x14, 0x52, 0x32, 0x71, 0x41, 0x08, 0x83, 0x67, 0x41, 0x38,
+    0x46, 0x80, 0x88, 0x14, 0x84, 0x30, 0x85, 0x35, 0x46, 0x20,
+    0x54, 0x84, 0x56, 0x84, 0x54, 0x82, 0x14, 0x11, 0x52, 0x07,
+    0x86, 0x46, 0x05, 0x82, 0x26, 0x85, 0x75, 0x07, 0x88, 0x75,
+    0x51, 0x17, 0x54, 0x32, 0x68, 0x66, 0x08, 0x23, 0x66, 0x06,
+    0x42, 0x28, 0x00, 0x84, 0x27, 0x27, 0x43, 0x47, 0x12, 0x27,
+    0x13, 0x15, 0x17, 0x74, 0x85, 0x14, 0x12, 0x62, 0x06, 0x47,
+    0x17, 0x60, 0x00, 0x10, 0x85, 0x16, 0x55, 0x64, 0x46, 0x62,
+    0x77, 0x05, 0x51, 0x23, 0x52, 0x37, 0x51, 0x78, 0x35, 0x66,
+    0x14, 0x15, 0x78, 0x40, 0x16, 0x54, 0x67, 0x30, 0x61, 0x24,
+    0x26, 0x86, 0x56, 0x83, 0x62, 0x78, 0x88, 0x83, 0x50, 0x06,
+    0x13, 0x21, 0x33, 0x73, 0x16, 0x44, 0x86, 0x77, 0x65, 0x28,
+    0x12, 0x40, 0x62, 0x54, 0x55, 0x84, 0x00, 0x11, 0x77, 0x38,
+    0x71, 0x51, 0x38, 0x32, 0x33, 0x67, 0x15, 0x77, 0x24, 0x33,
+    0x44, 0x11, 0x05, 0x65, 0x13, 0x03, 0x72, 0x63, 0x81, 0x58,
+    0x08, 0x03, 0x34, 0x23, 0x61, 0x00, 0x02, 0x63, 0x86, 0x40,
+    0x03, 0x71, 0x34, 0x27, 0x45, 0x10, 0x34, 0x26, 0x83, 0x28,
+    0x31, 0x35, 0x26, 0x05, 0x58, 0x41, 0x11, 0x10, 0x65, 0x35,
+    0x22, 0x42, 0x28, 0x88, 0x46, 0x06, 0x57, 0x33, 0x88, 0x46,
+    0x04, 0x86, 0x88, 0x88, 0x51, 0x74, 0x82, 0x27, 0x58, 0x14,
+    0x11, 0x08, 0x13, 0x16, 0x61, 0x16, 0x14, 0x44, 0x83, 0x85,
+    0x71, 0x44, 0x55, 0x82, 0x16, 0x62, 0x85, 0x05, 0x43, 0x41,
+    0x73, 0x53, 0x60, 0x01, 0x80, 0x68, 0x33, 0x13, 0x43, 0x44,
+    0x73, 0x36, 0x65, 0x35, 0x22, 0x26, 0x13, 0x31, 0x36, 0x83,
+    0x30, 0x27, 0x15, 0x11, 0x54, 0x53, 0x24, 0x84, 0x75, 0x24,
+    0x72, 0x78, 0x34, 0x24, 0x35, 0x80, 0x06, 0x38, 0x88, 0x11,
+    0x41, 0x01, 0x34, 0x87, 0x77, 0x20, 0x14, 0x50, 0x55, 0x12,
+    0x17, 0x48, 0x87, 0x74, 0x58, 0x42, 0x31, 0x46, 0x36, 0x37,
+    0x26, 0x50, 0x04, 0x75, 0x77, 0x15, 0x41, 0x53, 0x04, 0x04,
+    0x26, 0x61, 0x65, 0x87, 0x55, 0x56, 0x07, 0x81, 0x28, 0x21,
+    0x41, 0x61, 0x41, 0x50, 0x17, 0x47, 0x25, 0x50, 0x20, 0x83,
+    0x46, 0x87, 0x18, 0x45, 0x40, 0x21, 0x06, 0x08, 0x12, 0x25,
+    0x71, 0x13, 0x35, 0x55, 0x54, 0x61, 0x00, 0x52, 0x74, 0x78,
+    0x13, 0x84, 0x55, 0x40, 0x14, 0x40, 0x78, 0x12, 0x88, 0x43,
+    0x33, 0x24, 0x66, 0x88, 0x22, 0x44, 0x15, 0x37, 0x81, 0x27,
+    0x84, 0x18, 0x28, 0x11, 0x58, 0x51, 0x71, 0x21, 0x02, 0x83,
+    0x70, 0x48, 0x32, 0x46, 0x00, 0x70, 0x17, 0x30, 0x63, 0x21,
+    0x46, 0x60, 0x50, 0x72, 0x77, 0x45, 0x83, 0x75, 0x26, 0x31,
+    0x47, 0x34, 0x47, 0x84, 0x87, 0x63, 0x22, 0x83, 0x21, 0x10,
+    0x21, 0x51, 0x47, 0x46, 0x31, 0x06, 0x57, 0x82, 0x65, 0x24,
+    0x61, 0x66, 0x24, 0x68, 0x14, 0x03, 0x43, 0x41, 0x04, 0x14,
+    0x47, 0x61, 0x57, 0x87, 0x43, 0x83, 0x43, 0x25, 0x87, 0x36,
+    0x72, 0x51, 0x38, 0x51, 0x54, 0x54, 0x84, 0x40, 0x15, 0x30,
+    0x35, 0x34, 0x43, 0x61, 0x63, 0x42, 0x77, 0x31, 0x42, 0x06,
+    0x61, 0x03, 0x01, 0x41, 0x08, 0x84, 0x02, 0x65, 0x04, 0x72,
+    0x32, 0x00, 0x21, 0x10, 0x54, 0x73, 0x04, 0x42, 0x48, 0x11,
+    0x74, 0x18, 0x63, 0x73, 0x28, 0x61, 0x36, 0x80, 0x20, 0x86,
+    0x24, 0x42, 0x16, 0x11, 0x71, 0x83, 0x78, 0x38, 0x82, 0x47,
+    0x67, 0x18, 0x56, 0x86, 0x85, 0x66, 0x18, 0x24, 0x50, 0x74,
+    0x72, 0x02, 0x66, 0x83, 0x63, 0x08, 0x25, 0x32, 0x15, 0x78,
+    0x33, 0x08, 0x34, 0x44, 0x08, 0x28, 0x10, 0x25, 0x40, 0x11,
+    0x04, 0x76, 0x60, 0x16, 0x65, 0x16, 0x13, 0x30, 0x53, 0x14,
+    0x77, 0x06, 0x06, 0x88, 0x64, 0x47, 0x08, 0x23, 0x11, 0x56,
+    0x46, 0x61, 0x48, 0x64, 0x73, 0x66, 0x07, 0x65, 0x41, 0x24,
+    0x67, 0x45, 0x42, 0x18, 0x62, 0x01, 0x70, 0x88, 0x03, 0x77,
+    0x22, 0x85, 0x77, 0x02, 0x85, 0x03, 0x65, 0x15, 0x57, 0x51,
+    0x28, 0x72, 0x53, 0x32, 0x05, 0x58, 0x84, 0x54, 0x03, 0x81,
+    0x63, 0x23, 0x38, 0x27, 0x01, 0x85, 0x61, 0x12, 0x28, 0x62,
+    0x22, 0x67, 0x56, 0x66, 0x63, 0x08, 0x74, 0x63, 0x21, 0x01,
+    0x46, 0x10, 0x08, 0x18, 0x07, 0x86, 0x47, 0x70, 0x50, 0x25,
+    0x45, 0x06, 0x55, 0x88, 0x46, 0x11, 0x23, 0x84, 0x70, 0x02,
+    0x24, 0x88, 0x52, 0x60, 0x12, 0x72, 0x63, 0x05, 0x81, 0x21,
+    0x26, 0x07, 0x64, 0x03, 0x56, 0x48, 0x27, 0x04, 0x38, 0x86,
+    0x25, 0x65, 0x21, 0x25, 0x77, 0x21, 0x62, 0x28, 0x82, 0x71,
+    0x85, 0x73, 0x78, 0x24, 0x78, 0x51, 0x61, 0x02, 0x81, 0x14,
+    0x67, 0x61, 0x08, 0x88, 0x31, 0x77, 0x06, 0x24, 0x45, 0x13,
+    0x67, 0x67, 0x54, 0x67, 0x00, 0x12, 0x62, 0x54, 0x11, 0x27,
+    0x51, 0x48, 0x07, 0x33, 0x01, 0x24, 0x04, 0x64, 0x11, 0x83,
+    0x18, 0x52, 0x55, 0x23, 0x24, 0x58, 0x53, 0x78, 0x30, 0x43,
+    0x31, 0x76, 0x62, 0x01, 0x08, 0x73, 0x21, 0x32, 0x12, 0x78,
+    0x22, 0x68, 0x33, 0x45, 0x33, 0x73, 0x02, 0x74, 0x21, 0x81,
+    0x02, 0x16, 0x54, 0x31, 0x55, 0x76, 0x25, 0x76, 0x41, 0x36,
+    0x75, 0x22, 0x78, 0x16, 0x60, 0x48, 0x58, 0x28, 0x83, 0x50,
+    0x88, 0x66, 0x72, 0x70, 0x21, 0x21, 0x24, 0x16, 0x62, 0x57,
+    0x20, 0x13, 0x80, 0x61, 0x15, 0x45, 0x42, 0x86, 0x00, 0x25,
+    0x77, 0x58, 0x84, 0x01, 0x66, 0x16, 0x46, 0x56, 0x68, 0x57,
+    0x12, 0x20, 0x75, 0x60, 0x41, 0x85, 0x02, 0x88, 0x12, 0x68,
+    0x20, 0x02, 0x41, 0x18, 0x87, 0x13, 0x17, 0x33, 0x74, 0x11,
+    0x08, 0x37, 0x47, 0x08, 0x31, 0x67, 0x08, 0x50, 0x61, 0x54,
+    0x56, 0x71, 0x63, 0x26, 0x85, 0x22, 0x07, 0x87, 0x71, 0x28,
+    0x20, 0x47, 0x48, 0x66, 0x54, 0x38, 0x03, 0x41, 0x38, 0x21,
+    0x70, 0x50, 0x66, 0x53, 0x56, 0x70, 0x74, 0x55, 0x70, 0x28,
+    0x52, 0x01, 0x42, 0x65, 0x53, 0x73, 0x32, 0x33, 0x67, 0x42,
+    0x67, 0x85, 0x18, 0x45, 0x12, 0x37, 0x58, 0x82, 0x13, 0x73,
+    0x78, 0x77, 0x03, 0x42, 0x04, 0x65, 0x55, 0x66, 0x07, 0x25,
+    0x07, 0x37, 0x40, 0x78, 0x66, 0x71, 0x11, 0x21, 0x43, 0x25,
+    0x87, 0x40, 0x58, 0x63, 0x33, 0x43, 0x52, 0x10, 0x31, 0x53,
+    0x56, 0x48, 0x05, 0x55, 0x77, 0x77, 0x26, 0x87, 0x28, 0x43,
+    0x61, 0x46, 0x11, 0x76, 0x82, 0x50, 0x42, 0x04, 0x32, 0x88,
+    0x18, 0x66, 0x16, 0x36, 0x64, 0x41, 0x38, 0x17, 0x55, 0x43,
+    0x06, 0x25, 0x80, 0x27, 0x21, 0x16, 0x81, 0x22, 0x64, 0x60,
+    0x38, 0x16, 0x82, 0x40, 0x72, 0x34, 0x73, 0x52, 0x61, 0x85,
+    0x11, 0x16, 0x00, 0x25, 0x03, 0x30, 0x06, 0x80, 0x21, 0x56,
+    0x64, 0x52, 0x23, 0x26, 0x37, 0x75, 0x73, 0x65, 0x53, 0x27,
+    0x37, 0x47, 0x56, 0x76, 0x80, 0x38, 0x53, 0x62, 0x14, 0x24,
+    0x64, 0x03, 0x66, 0x21, 0x72, 0x16, 0x36, 0x34, 0x11, 0x65,
+    0x61, 0x62, 0x86, 0x02, 0x83, 0x27, 0x80, 0x82, 0x70, 0x72,
+    0x52, 0x60, 0x20, 0x87, 0x58, 0x58, 0x14, 0x38, 0x47, 0x03,
+    0x10, 0x72, 0x60, 0x48, 0x02, 0x01, 0x17, 0x21, 0x61, 0x62,
+    0x38, 0x64, 0x27, 0x53, 0x57, 0x13, 0x68, 0x18, 0x26, 0x62,
+    0x43, 0x42, 0x21, 0x85, 0x70, 0x23, 0x58, 0x13, 0x72, 0x04,
+    0x04, 0x08, 0x05, 0x82, 0x26, 0x18, 0x82, 0x47, 0x87, 0x71,
+    0x32, 0x28, 0x68, 0x25, 0x87, 0x24, 0x06, 0x74, 0x41, 0x44,
+    0x08, 0x64, 0x68, 0x30, 0x24, 0x44, 0x21, 0x73, 0x03, 0x45,
+    0x70, 0x41, 0x06, 0x78, 0x38, 0x33, 0x88, 0x13, 0x31, 0x14,
+    0x18, 0x17, 0x45, 0x06, 0x26, 0x67, 0x66, 0x73, 0x82, 0x56,
+    0x66, 0x88, 0x70, 0x22, 0x55, 0x47, 0x27, 0x50, 0x86, 0x55,
+    0x53, 0x00, 0x28, 0x55, 0x40, 0x62, 0xe9, 0x37, 0x65, 0xe1,
+    0x30, 0x48, 0x6b, 0x35, 0x76, 0x96, 0x05, 0x21, 0xce, 0xed,
+    0x46, 0xae, 0x7e, 0x6d, 0xc9, 0xf1, 0xc9, 0xb3, 0x7a, 0xa7,
+    0xde, 0xa7, 0x62, 0x18, 0x11, 0xc0, 0xd8, 0xd0, 0x17, 0x0f,
+    0x38, 0xaf, 0x0e, 0x3d, 0xaf, 0xe6, 0x63, 0xb0, 0xc4, 0x68,
+    0x4e, 0x29, 0xa4, 0xf4, 0x20, 0x22, 0xbc, 0x82, 0x15, 0x1d,
+    0x08, 0x39, 0x18, 0xfe, 0x69, 0x55, 0x06, 0x3d, 0xf4, 0xa3,
+    0xe7, 0x29, 0x23, 0xa4, 0xd9, 0xa4, 0x22, 0x06, 0x2d, 0x5f,
+    0x22, 0xb3, 0x9b, 0x1c, 0xb6, 0x3e, 0xf3, 0xf4, 0x8a, 0xb3,
+    0x35, 0x18, 0x4c, 0x1f, 0xaf, 0xd4, 0xcf, 0x5b, 0x9b, 0xa7,
+    0xf8, 0xd2, 0x86, 0x71, 0x8e, 0x64, 0x96, 0xd1, 0x6e, 0xad,
+    0xd2, 0x7e, 0x16, 0x5b, 0x38, 0x91, 0x0e, 0x40, 0xaa, 0x07,
+    0x6a, 0x63, 0x2a, 0xc0, 0x5b, 0x14, 0x79, 0x52, 0xcb, 0x23,
+    0x6e, 0x76, 0x95, 0xd0, 0x90, 0x6c, 0x18, 0xe7, 0x89, 0xee,
+    0xb9, 0x7f, 0x33, 0x08, 0x35, 0x8f, 0xa3, 0xaa, 0xaa, 0x10,
+    0x2f, 0x8b, 0xc9, 0x6c, 0x1d, 0x95, 0xb5, 0xb8, 0x54, 0x0d,
+    0x67, 0x86, 0xd4, 0x5d, 0xae, 0x8f, 0x33, 0x20, 0xe2, 0x35,
+    0xda, 0x71, 0x53, 0x24, 0xad, 0x16, 0x84, 0x2e, 0x98, 0xcd,
+    0x00, 0xa2, 0x69, 0x6a, 0x12, 0x9a, 0x86, 0xf3, 0x9f, 0x18,
+    0x6c, 0x9f, 0x24, 0xbe, 0xb3, 0xf4, 0x90, 0xb3, 0xc4, 0xa4,
+    0x8b, 0xce, 0x88, 0x60, 0xa0, 0x91, 0xb8, 0x9a, 0x52, 0xe5,
+    0xfe, 0x16, 0x6d, 0xff, 0xb3, 0xdc, 0x50, 0x79, 0xfe, 0x31,
+    0x24, 0xd4, 0x59, 0x5f, 0xf9, 0xb4, 0x70, 0x0b, 0x15, 0x93,
+    0xd9, 0xe9, 0x92, 0xb6, 0xf5, 0x80, 0x34, 0x63, 0x66, 0x78,
+    0xcf, 0xa9, 0xce, 0x48, 0xbf, 0xbe, 0x9e, 0xfa, 0xdd, 0x7d,
+    0xf4, 0x16, 0xe2, 0xd2, 0x98, 0x13, 0xe2, 0x76, 0xdd, 0x0a,
+    0xc7, 0x2d, 0xe8, 0x88, 0x8e, 0x1a, 0xc0, 0xfc, 0xe8, 0x35,
+    0xaf, 0x5d, 0xe2, 0x4c, 0x96, 0x82, 0x4c, 0xe5, 0x89, 0x14,
+    0xb8, 0x27, 0x39, 0xb5, 0x55, 0xc5, 0xa5, 0x8a, 0x01, 0xcc,
+    0xfd, 0xbd, 0xa9, 0xec, 0xae, 0xc0, 0xe7, 0xd7, 0xf8, 0x11,
+    0x84, 0x35, 0x99, 0x26, 0xb6, 0xc6, 0xf7, 0x35, 0xe0, 0x93,
+    0xd8, 0xd7, 0xbf, 0xc0, 0xc8, 0x44, 0xfd, 0x46, 0xf5, 0xb7,
+    0xc5, 0x5a, 0x75, 0xd3, 0xc7, 0xfa, 0xf4, 0xe1, 0xc0, 0x84,
+    0x5e, 0x31, 0xfe, 0x69, 0x80, 0x5a, 0xe5, 0x4b, 0x9b, 0x5b,
+    0xa4, 0x5c, 0x23, 0xaa, 0x85, 0xc9, 0x9a, 0xbd, 0x71, 0x49,
+    0x11, 0x30, 0x8b, 0x81, 0xa1, 0xdd, 0xf8, 0xb8, 0x74, 0x91,
+    0xe7, 0xf7, 0x82, 0x42, 0x70, 0x22, 0x95, 0xf0, 0xcc, 0x9f,
+    0x02, 0x33, 0x0f, 0x08, 0x3b, 0x04, 0x31, 0xd7, 0x4f, 0x86,
+    0x78, 0x49, 0xb9, 0x90, 0xf5, 0x8f, 0xec, 0x12, 0x84, 0x52,
+    0x03, 0x1f, 0x64, 0x5e, 0xf0, 0x2a, 0xeb, 0x87, 0xa5, 0xec,
+    0x95, 0x25, 0x64, 0x25, 0x49, 0x3b, 0x3c, 0x30, 0xed, 0x3b,
+    0xe9, 0x36, 0xfd, 0xae, 0xa6, 0x26, 0xd3, 0x45, 0xbc, 0x1b,
+    0x78, 0x5f, 0xce, 0x27, 0x45, 0x1c, 0xd5, 0xf9, 0xa7, 0xda,
+    0x62, 0xe6, 0x7e, 0xd3, 0xbb, 0xd8, 0x0a, 0xfd, 0xf5, 0xa5,
+    0x31, 0x09, 0x6e, 0x40, 0xe8, 0xcf, 0xc1, 0x42, 0x8e, 0x2e,
+    0x75, 0x65, 0xaa, 0x91, 0x6f, 0xc7, 0x75, 0x3a, 0x1e, 0x40,
+    0x99, 0x71, 0x5e, 0x00, 0xae, 0x07, 0xad, 0x43, 0x49, 0xdd,
+    0x6d, 0x36, 0xe3, 0xa8, 0xdf, 0x2c, 0x39, 0xa2, 0x57, 0xd7,
+    0x93, 0xa1, 0x16, 0x80, 0x89, 0xa6, 0x56, 0x69, 0x75, 0xea,
+    0xb8, 0xb2, 0x43, 0x0c, 0xdf, 0x46, 0x05, 0x9a, 0x39, 0x08,
+    0x3b, 0xb6, 0x76, 0xe3, 0x5b, 0x98, 0x5b, 0x48, 0xc0, 0x11,
+    0x14, 0x6f, 0xcd, 0xb7, 0xaa, 0x08, 0x1e, 0x53, 0x9b, 0x94,
+    0x9d, 0xa2, 0xe6, 0x99, 0xcb, 0x1c, 0xb4, 0xbf, 0x55, 0x84,
+    0x12, 0xc9, 0xf1, 0xf0, 0x94, 0xd9, 0x7d, 0x61, 0xa9, 0xe7,
+    0xe6, 0xc1, 0xe2, 0xca, 0x6b, 0x36, 0x80, 0x72, 0x31, 0x79,
+    0xbf, 0xe7, 0x3e, 0x99, 0x9e, 0xd5, 0x59, 0xd4, 0x97, 0x14,
+    0xd5, 0xfa, 0x93, 0x37, 0x8a, 0x65, 0xa5, 0xb6, 0x4e, 0xba,
+    0xb3, 0x84, 0xf2, 0xc1, 0x55, 0xb6, 0x94, 0x31, 0x30, 0xe7,
+    0xb2, 0x71, 0x4e, 0xc6, 0x21, 0x50, 0xf3, 0xcf, 0x7c, 0xbc,
+    0x26, 0xb7, 0x20, 0xcb, 0x2d, 0x9e, 0x55, 0x23, 0x7c, 0xf0,
+    0x97, 0x16, 0x57, 0x5b, 0xcc, 0xc5, 0x48, 0xc9, 0xc8, 0xee,
+    0x1e, 0x11, 0x6b, 0x72, 0x3b, 0x29, 0x71, 0xa4, 0xed, 0x08,
+    0x6c, 0x38, 0xc6, 0x2e, 0x64, 0x3b, 0x16, 0xd8, 0x4d, 0x19,
+    0xe8, 0x94, 0xd3, 0xd5, 0xb4, 0x18, 0xb4, 0x03, 0x24, 0x62,
+    0xe7, 0x44, 0x5e, 0x09, 0x60, 0xc6, 0xa9, 0xa6, 0xca, 0xbe,
+    0x83, 0xe5, 0xf1, 0xbd, 0x04, 0x22, 0x4b, 0x1b, 0x08, 0x0b,
+    0xa6, 0x20, 0x95, 0xf2, 0x78, 0x8c, 0x3e, 0x73, 0x03, 0x7b,
+    0x75, 0x2c, 0xe5, 0x72, 0xec, 0xc9, 0x25, 0x06, 0x6b, 0x3a,
+    0x5e, 0x0e, 0x96, 0xd0, 0xe3, 0x85, 0xb0, 0xb5, 0x6a, 0x83,
+    0x40, 0x41, 0x94, 0xce, 0xa1, 0x07, 0x79, 0x07, 0xe2, 0x50,
+    0xa4, 0xde, 0x7d, 0x64, 0x2f, 0x7e, 0x43, 0xd5, 0x72, 0xd1,
+    0xa7, 0xb9, 0x76, 0xa3, 0xfc, 0x25, 0x33, 0xd7, 0x95, 0xb5,
+    0xd9, 0x94, 0x93, 0x55, 0xaf, 0x04, 0x86, 0x4a, 0xfc, 0x2f,
+    0x5f, 0x3d, 0x34, 0x86, 0xf2, 0x9a, 0x31, 0x4c, 0xc9, 0xad,
+    0x08, 0xa5, 0x03, 0x91, 0x8a, 0x7e, 0x46, 0xc9, 0x44, 0x61,
+    0x11, 0x59, 0x4f, 0xbb, 0x70, 0xf9, 0x9d, 0x3e, 0x6d, 0x53,
+    0xb4, 0x16, 0x28, 0xd3, 0x67, 0x52, 0x14, 0xad, 0xba, 0xb1,
+    0x21, 0xaf, 0x84, 0x18, 0xc9, 0x37, 0x78, 0xb3, 0x78, 0x92,
+    0x95, 0xad, 0x1b, 0xc0, 0x70, 0xe7, 0xe9, 0x06, 0x02, 0xed,
+    0x6c, 0x99, 0x4e, 0x43, 0xc0, 0xa4, 0x6f, 0x23, 0xa8, 0x02,
+    0xc4, 0xbd, 0xc0, 0x16, 0xc4, 0xed, 0xe0, 0xe1, 0x56, 0x06,
+    0x3f, 0xf4, 0x77, 0x12, 0x72, 0x52, 0x04, 0xe8, 0xe4, 0x26,
+    0xe5, 0x01, 0x47, 0x5b, 0x8a, 0xca, 0x07, 0x3b, 0xc9, 0xb1,
+    0x42, 0x8f, 0x7d, 0x64, 0x7d, 0x5d, 0x6a, 0x95, 0xde, 0x4d,
+    0x4b, 0xd3, 0xfa, 0xcf, 0xf0, 0x25, 0x27, 0x96, 0x48, 0xb6,
+    0xcc, 0x68, 0x29, 0x37, 0x95, 0xcd, 0x36, 0xb7, 0xb0, 0xd6,
+    0xf1, 0xfc, 0x4f, 0xe9, 0xa8, 0x6b, 0x9d, 0x75, 0xc7, 0x9b,
+    0x19, 0xaf, 0xbb, 0x8a, 0xaf, 0x4b, 0xb8, 0xe2, 0xeb, 0x8d,
+    0xd9, 0xf5, 0x75, 0xc5, 0xc8, 0x0b, 0xf2, 0x1c, 0xf9, 0x9e,
+    0xc7, 0x4d, 0x7c, 0x71, 0x47, 0xbd, 0x57, 0x7e, 0xe6, 0x59,
+    0xca, 0x8c, 0xf2, 0x0c, 0x47, 0x4a, 0x90, 0xa7, 0xf5, 0xb8,
+    0xb2, 0x43, 0x97, 0xdb, 0xbe, 0x76, 0x37, 0x29, 0x36, 0x40,
+    0xaa, 0x7a, 0x81, 0xf0, 0xa0, 0xd0, 0x81, 0x39, 0x88, 0xf0,
+    0x23, 0xb0, 0xa4, 0xbe, 0x5e, 0xd8, 0x33, 0x98, 0x5d, 0x9d,
+    0xb5, 0xd4, 0x1c, 0x00, 0xe2, 0x30, 0xb8, 0x68, 0x58, 0x65,
+    0x30, 0x94, 0x3d, 0xf2, 0x75, 0x0c, 0x8e, 0x3b, 0xee, 0x9b,
+    0xce, 0x6c, 0x67, 0x68, 0x54, 0x86, 0x7d, 0x27, 0x2a, 0x2f,
+    0xf7, 0x25, 0xff, 0x22, 0x1e, 0x74, 0xbd, 0x72, 0x11, 0xf4,
+    0x47, 0x8e, 0x2f, 0x0d, 0xb9, 0x31, 0xac, 0x5c, 0x1d, 0xa0,
+    0x11, 0xea, 0x16, 0x24, 0x86, 0x76, 0xbd, 0xa3, 0x41, 0x7f,
+    0x00, 0xe6, 0xe2, 0x86, 0x93, 0xff, 0x02, 0x07, 0xce, 0x49,
+    0xe4, 0xaf, 0x00, 0x9b, 0x15, 0xa6, 0x05, 0xf7, 0x54, 0xd1,
+    0xbb, 0xa7, 0x09, 0x67, 0xe6, 0x99, 0xf9, 0x23, 0xe6, 0xaa,
+    0x6f, 0xcb, 0xe1, 0xc1, 0xac, 0x7b, 0x98, 0xa9, 0x14, 0x43,
+    0x55, 0x22, 0x2c, 0x7a, 0x4a, 0x4a, 0x63, 0xc1, 0xfe, 0x5c,
+    0xca, 0xf4, 0x91, 0x3b, 0x6f, 0xf8, 0x7e, 0x2a, 0xa1, 0x4a,
+    0xc3, 0x16, 0x1c, 0x1d, 0x53, 0x7d, 0x0e, 0x77, 0x0d, 0x72,
+    0x07, 0x78, 0xea, 0xce, 0xe4, 0x0c, 0xf7, 0xce, 0xa0, 0xef,
+    0xa1, 0xdb, 0x6b, 0x5f, 0xfd, 0xeb, 0x68, 0xc7, 0x76, 0xfd,
+    0x35, 0xd2, 0xcb, 0xa4, 0xf6, 0xe6, 0x6b, 0xdb, 0xe9, 0xd5,
+    0x1e, 0x05, 0x8a, 0xba, 0xed, 0x77, 0x94, 0x36, 0x6c, 0x3c,
+    0xe2, 0x23, 0xf8, 0x84, 0xa1, 0xe3, 0xcd, 0xfa, 0x1d, 0x31,
+    0x52, 0x4d, 0xbc, 0x16, 0x31, 0x92, 0xd7, 0xbe, 0x2e, 0xd6,
+    0x6d, 0x1d, 0x58, 0x4e, 0xd8, 0x06, 0x8f, 0xb3, 0xe6, 0x79,
+    0x60, 0x92, 0x71, 0x1f, 0x72, 0x84, 0x55, 0x7b, 0xfa, 0xc8,
+    0xcf, 0x20, 0x16, 0x2f, 0xc7, 0x13, 0x17, 0xd1, 0x2d, 0xd1,
+    0x0d, 0x84, 0x48, 0x08, 0x69, 0xd1, 0x55, 0xb1, 0x08, 0xb6,
+    0x17, 0x8c, 0x38, 0x31, 0xa4, 0x77, 0x73, 0xc0, 0xe9, 0xfc,
+    0x5f, 0x8e, 0xb3, 0x74, 0x1f, 0xab, 0xcf, 0xf5, 0x26, 0x26,
+    0x20, 0x80, 0xd8, 0x13, 0x42, 0xcf, 0xc7, 0x9d, 0xd6, 0x5b,
+    0x1a, 0xfd, 0x46, 0x83, 0xba, 0xc1, 0xe5, 0x92, 0xe9, 0x27,
+    0xa8, 0xa0, 0x36, 0xd5, 0x31, 0x75, 0x7b, 0x8f, 0x53, 0xf6,
+    0xbd, 0x08, 0x1a, 0x86, 0x81, 0x83, 0x85, 0x07, 0x44, 0x3e,
+    0xf9, 0x72, 0x47, 0xe0, 0xf1, 0xbe, 0x43, 0x6a, 0xc3, 0x00,
+    0x94, 0xd3, 0x19, 0x81, 0xde, 0xf3, 0xfd, 0x57, 0x98, 0xdc,
+    0x57, 0xfe, 0x9f, 0x4b, 0x38, 0x23, 0xad, 0xa8, 0xd4, 0x07,
+    0x07, 0x5c, 0xca, 0x25, 0xb8, 0x77, 0x7e, 0x45, 0x01, 0x9b,
+    0xd4, 0x45, 0x5b, 0x94, 0x47, 0x18, 0x35, 0x66, 0xad, 0x0a,
+    0x97, 0x06, 0xc6, 0xa7, 0xaa, 0x50, 0xbf, 0x07, 0x90, 0xfe,
+    0x50, 0x8d, 0xd9, 0x1f, 0xdd, 0x33, 0xa4, 0xa7, 0x23, 0x48,
+    0xa3, 0xd6, 0x5d, 0xb8, 0x9e, 0x97, 0x22, 0x32, 0xd3, 0x8a,
+    0xb0, 0x5e, 0xb3, 0xc9, 0x0b, 0x24, 0x09, 0x66, 0x2e, 0xea,
+    0x94, 0x9c, 0x90, 0x4f, 0x3e, 0x93, 0xcf, 0x30, 0x3f, 0xb4,
+    0xbe, 0x5e, 0x6c, 0xaf, 0x1a, 0xff, 0x00, 0xc7, 0x74, 0x2e,
+    0x8b, 0x08, 0xe9, 0x22, 0x61, 0xc5, 0xd1, 0x21, 0x15, 0xa1,
+    0xba, 0x37, 0xd2, 0x24, 0xfd, 0xa5, 0x63, 0x9a, 0x97, 0xfa,
+    0xfe, 0xb2, 0xa5, 0x1b, 0x3b, 0xbd, 0xb7, 0xb3, 0x2f, 0x3d,
+    0xf1, 0x5a, 0xf2, 0xf6, 0xe4, 0x12, 0xe4, 0x3a, 0x26, 0x3c,
+    0x21, 0x5c, 0xd6, 0x83, 0x65, 0x26, 0x86, 0xcc, 0x47, 0x84,
+    0xd7, 0x26, 0x31, 0x31, 0xcf, 0x1d, 0xd6, 0xc4, 0xa4, 0xf2,
+    0xd4, 0x25, 0x54, 0x2b, 0x81, 0x00, 0x1d, 0xd8, 0xdf, 0x04,
+    0xb8, 0x4b, 0xcf, 0xe5, 0x16, 0xf4, 0x4a, 0x17, 0xc5, 0xd8,
+    0xd3, 0xdf, 0xe4, 0xb7, 0xd3, 0x98, 0xb6, 0x73, 0xa0, 0x37,
+    0x67, 0xbb, 0x8b, 0xc3, 0xfc, 0xac, 0x6e, 0x6c, 0x0e, 0x5d,
+    0x44, 0xb0, 0x9d, 0xf8, 0xae, 0x17, 0x9b, 0xf9, 0xcb, 0xe8,
+    0xfe, 0xc1, 0x7b, 0x78, 0x16, 0xf6, 0x74, 0x04, 0x7d, 0x38,
+    0x17, 0x36, 0x09, 0xe3, 0x73, 0xa1, 0x76, 0x78, 0x7c, 0x14,
+    0xb3, 0x83, 0x91, 0x59, 0x27, 0xea, 0x8c, 0x69, 0xe6, 0xa5,
+    0x21, 0xcd, 0x78, 0xc7, 0x26, 0xa2, 0xfb, 0xd4, 0xf3, 0xaf,
+    0x3f, 0xcf, 0x51, 0x10, 0xcc, 0x4b, 0xdd, 0x14, 0xf4, 0xf3,
+    0xb8, 0xea, 0x07, 0xa7, 0x76, 0xe7, 0xbe, 0xec, 0x01, 0xb5,
+    0x1e, 0xdc, 0xc3, 0x55, 0x19, 0xb1, 0x16, 0x3f, 0xfe, 0xd4,
+    0x15, 0x49, 0xaf, 0x04, 0x9d, 0x38, 0xdd, 0x86, 0x53, 0x2a,
+    0x80, 0x62, 0x42, 0xb7, 0x98, 0x42, 0x38, 0xaf, 0x9d, 0x87,
+    0xe2, 0x3f, 0xea, 0x7e, 0x0a, 0x35, 0xb8, 0xee, 0xa5, 0x48,
+    0x09, 0x08, 0xc5, 0x0d, 0xae, 0x01, 0xd5, 0xec, 0x43, 0x29,
+    0x3b, 0xfb, 0x78, 0xc4, 0x96, 0x01, 0x1c, 0x21, 0xf2, 0xc9,
+    0x44, 0x68, 0x24, 0x66, 0x86, 0x96, 0xb8, 0xc8, 0xe9, 0xd0,
+    0x38, 0x0e, 0x96, 0x4d, 0xcc, 0x45, 0xab, 0xe1, 0xca, 0x50,
+    0x10, 0x20, 0x01, 0xbe, 0x89, 0xc0, 0x43, 0x84, 0xd8, 0x38,
+    0x52, 0xc0, 0xaf, 0x4d, 0x6b, 0x99, 0x0b, 0xc0, 0xc2, 0x99,
+    0x07, 0xc6, 0x78, 0xa8, 0xf7, 0x32, 0x84, 0x86, 0xc5, 0x1a,
+    0x95, 0x81, 0xa6, 0x6a, 0x05, 0xa7, 0x9d, 0x81, 0x0e, 0x32,
+    0x18, 0x11, 0x4a, 0x0f, 0xfc, 0x17, 0x9e, 0xf7, 0xbf, 0x54,
+    0x82, 0xed, 0xba, 0x6f, 0xbd, 0x41, 0xc1, 0xca, 0x55, 0x6c,
+    0xff, 0x32, 0x6b, 0xa2, 0x59, 0xae, 0xae, 0x92, 0xc1, 0xb5,
+    0xa6, 0xfc, 0xaf, 0x09, 0x48, 0x57, 0xd6, 0xee, 0x38, 0x99,
+    0xb4, 0xe3, 0x8f, 0xb7, 0xfc, 0x6a, 0x0a, 0x3b, 0x08, 0xe1,
+    0x81, 0x46, 0x11, 0xeb, 0x4a, 0x98, 0x43, 0x16, 0x16, 0x1f,
+    0x68, 0xdb, 0xb9, 0x71, 0x19, 0xfe, 0x8b, 0xe6, 0xb7, 0x8b,
+    0xc1, 0x3b, 0x90, 0xc5, 0x89, 0x1d, 0xca, 0xd9, 0x19, 0x6c,
+    0xe8, 0x01, 0xf4, 0x19, 0x50, 0x3e, 0x93, 0x84, 0xbf, 0xaa,
+    0x9a, 0x3d, 0x20, 0x4c, 0x4e, 0x79, 0x83, 0xec, 0x46, 0x83,
+    0x09, 0x00, 0xc3, 0x8a, 0xad, 0xd5, 0x2b, 0x08, 0xd1, 0x47,
+    0xac, 0x96, 0x0e, 0x34, 0xf0, 0x89, 0x1a, 0x0f, 0xf2, 0x51,
+    0x8d, 0x2c, 0xb5, 0xf2, 0xfe, 0x8c, 0xdc, 0xed, 0x41, 0x51,
+    0x8c, 0x71, 0x12, 0x05, 0xec, 0x68, 0x21, 0x86, 0x94, 0xf4,
+    0xfb, 0xfc, 0xaa, 0xc7, 0xc7, 0xbb, 0x74, 0xa2, 0x8b, 0x76,
+    0x62, 0x1c, 0x64, 0x11, 0xa0, 0xd0, 0x5f, 0x46, 0x64, 0xd4,
+    0x47, 0xbc, 0x8a, 0x5b, 0x2b, 0xc2, 0xc1, 0x88, 0xb2, 0x30,
+    0xbd, 0x02, 0x17, 0x18, 0x0a, 0xd7, 0x9b, 0x3d, 0x91, 0xb9,
+    0x2c, 0x83, 0x24, 0xb4, 0x8b, 0x9d, 0x02, 0xaf, 0xb2, 0x4e,
+    0x57, 0xe1, 0xb0, 0xa2, 0xf3, 0x7c, 0xde, 0x15, 0xba, 0x60,
+    0xbd, 0x80, 0xbe, 0x6d, 0x6f, 0x16, 0xb3, 0xb9, 0xb8, 0x6a,
+    0x55, 0xb4, 0xad, 0xf1, 0x01, 0x63, 0x40, 0x01, 0xba, 0x5b,
+    0x5d, 0x9a, 0xbc, 0xf0, 0x58, 0xa8, 0xf7, 0xbb, 0x8e, 0x91,
+    0xa0, 0xfd, 0x8c, 0x49, 0x8f, 0x1a, 0xbb, 0x2a, 0x28, 0x0d,
+    0x7a, 0xa6, 0xc2, 0xd7, 0x41, 0x16, 0xed, 0x61, 0x5d, 0xc4,
+    0xe7, 0xcf, 0x2b, 0xb4, 0xb9, 0x10, 0x6f, 0x38, 0x42, 0x88,
+    0x94, 0x6e, 0x75, 0x2c, 0x89, 0xac, 0xa0, 0xe9, 0x81, 0xec,
+    0x2d, 0x62, 0xa3, 0xba, 0x3c, 0x40, 0xdb, 0x65, 0x56, 0x8e,
+    0xc7, 0xd8, 0xb0, 0xd4, 0xf9, 0x04, 0x2b, 0x4c, 0x83, 0x20,
+    0xbe, 0xad, 0xb8, 0x66, 0x1c, 0x20, 0x32, 0xb3, 0xf6, 0xf1,
+    0xac, 0xa5, 0x8a, 0x72, 0x9a, 0x41, 0x1d, 0x6e, 0xa0, 0x16,
+    0xe0, 0x0c, 0x39, 0xb6, 0x06, 0x96, 0x55, 0xb7, 0xda, 0x1c,
+    0x54, 0x08, 0xf6, 0x30, 0x1b, 0xb6, 0x57, 0xca, 0x7d, 0xb0,
+    0xdc, 0x9e, 0xfa, 0x5c, 0x38, 0x7f, 0xac, 0x37, 0x80, 0x26,
+    0xba, 0xdc, 0x7a, 0x95, 0xe5, 0x7b, 0x90, 0xf3, 0x1a, 0xc7,
+    0x31, 0x8e, 0x97, 0x07, 0x9a, 0xb8, 0xbe, 0xae, 0x16, 0x11,
+    0x44, 0xb0, 0x01, 0xf5, 0xe8, 0x37, 0x1a, 0x67, 0xfe, 0x00,
+    0x8f, 0xa1, 0xf5, 0x03, 0x7c, 0xed, 0xbf, 0x42, 0xf4, 0x78,
+    0x2b, 0xfb, 0x9f, 0x8c, 0xb3, 0x63, 0x0b, 0x42, 0xbf, 0xae,
+    0x8e, 0xf7, 0x6f, 0xb4, 0xb1, 0xe8, 0x75, 0x8c, 0xdf, 0x69,
+    0xc6, 0xe1, 0x3a, 0x26, 0x05, 0x47, 0x03, 0x61, 0xfc, 0xc5,
+    0xa9, 0xc1, 0x4f, 0x70, 0xce, 0x18, 0xbb, 0x01, 0xe6, 0x11,
+    0xc9, 0xa7, 0x7e, 0x65, 0xb8, 0xdc, 0x61, 0x3d, 0x9b, 0x47,
+    0x2e, 0x34, 0x16, 0xa1, 0x73, 0x61, 0x91, 0xed, 0x45, 0xe3,
+    0x01, 0x26, 0xee, 0x16, 0x76, 0x0e, 0xb7, 0xa1, 0xc0, 0xb3,
+    0xac, 0xf0, 0xa5, 0x3b, 0xf6, 0x64, 0x1b, 0x93, 0x94, 0x5c,
+    0x8f, 0x4c, 0x25, 0x89, 0xa1, 0x92, 0x32, 0x50, 0x28, 0x03,
+    0x8b, 0xff, 0xc4, 0xf6, 0x2a, 0xe8, 0xda, 0x8d, 0xfe, 0x49,
+    0xb5, 0x33, 0x01, 0xca, 0x2d, 0x2d, 0x60, 0x33, 0xd6, 0x30,
+    0x38, 0x8a, 0x1e, 0x38, 0x3d, 0x78, 0x11, 0xff, 0xef, 0x1c,
+    0x82, 0x33, 0xbb, 0xfc, 0x95, 0xef, 0x79, 0xb0, 0x59, 0xbd,
+    0x2c, 0xfd, 0x1c, 0x3f, 0x42, 0xda, 0xdf, 0xbd, 0x56, 0xf2,
+    0xd6, 0xae, 0x2d, 0x23, 0x36, 0xed, 0xb1, 0x8d, 0x62, 0x58,
+    0x71, 0x66, 0x21, 0xe0, 0x4d, 0xee, 0xf4, 0x16, 0x48, 0xa6,
+    0xcf, 0x1a, 0x8a, 0xf0, 0x8a, 0xd1, 0x53, 0xf6, 0xe5, 0x4e,
+    0x98, 0x9d, 0x7d, 0x6c, 0xd2, 0xdf, 0xb8, 0x2d, 0xa6, 0xe5,
+    0x8a, 0xd6, 0xb5, 0xae, 0x61, 0x96, 0xfa, 0x6b, 0xca, 0x7f,
+    0x08, 0xc2, 0x2b, 0x67, 0x30, 0x5e, 0x21, 0x3b, 0xa4, 0x84,
+    0x95, 0xc6, 0x2f, 0x2c, 0x1f, 0xe2, 0x0e, 0x1a, 0xc3, 0x89,
+    0x6a, 0x6a, 0xe7, 0x08, 0xf9, 0x74, 0xee, 0x4f, 0xcd, 0x5e,
+    0xe8, 0xce, 0x55, 0x4d, 0x38, 0xed, 0x62, 0x35, 0xee, 0xfc,
+    0x14, 0x56, 0xb9, 0xf0, 0xce, 0x29, 0x1c, 0x21, 0x40, 0x51,
+    0xe4, 0x76, 0xe3, 0xa6, 0xd8, 0x3d, 0x54, 0x58, 0x51, 0xe5,
+    0xf0, 0xdc, 0x50, 0x39, 0x43, 0x67, 0x44, 0x14, 0xcc, 0x6e,
+    0x5a, 0xb1, 0x15, 0xec, 0xb4, 0x3e, 0x0e, 0xef, 0x8e, 0x72,
+    0x6a, 0xdf, 0xba, 0x37, 0x27, 0x15, 0x62, 0xc3, 0xbd, 0xee,
+    0x1d, 0xb1, 0x24, 0x2f, 0x57, 0x51, 0xf1, 0x8f, 0xfb, 0xd1,
+    0x10, 0x6f, 0x11, 0xb9, 0x94, 0x5c, 0x9c, 0x12, 0x26, 0x46,
+    0x46, 0x7b, 0x31, 0x0e, 0xad, 0x93, 0xe4, 0x4f, 0x09, 0xe3,
+    0xbf, 0xc5, 0xe3, 0x11, 0xa4, 0x25, 0x8d, 0x9b, 0x8e, 0x26,
+    0x02, 0xaa, 0x72, 0x18, 0xce, 0x89, 0x67, 0xfc, 0x1c, 0x28,
+    0xab, 0x11, 0x5a, 0x84, 0x23, 0x7c, 0x91, 0xac, 0x6b, 0x48,
+    0x9c, 0x39, 0x14, 0xa3, 0xac, 0xc6, 0x30, 0xbc, 0x1e, 0x0c,
+    0xd3, 0x34, 0x19, 0xa9, 0x2b, 0xe7, 0xa4, 0xf8, 0xc1, 0xf0,
+    0x3c, 0x60, 0xa2, 0xf7, 0x51, 0x86, 0xcf, 0x42, 0xad, 0x34,
+    0x81, 0xa6, 0x93, 0x0b, 0x88, 0x4c, 0xbf, 0xd2, 0x4f, 0xe0,
+    0xdb, 0xb2, 0x1d, 0x6d, 0xb2, 0x5c, 0xac, 0xd8, 0x64, 0x85,
+    0xc3, 0x35, 0x6e, 0x5d, 0xaf, 0x63, 0x3e, 0x47, 0xb7, 0x5d,
+    0x39, 0x21, 0x36, 0xa6, 0xd4, 0xef, 0x9e, 0x1c, 0x1f, 0xd6,
+    0xa4, 0xe0, 0xe4, 0x22, 0x75, 0x1e, 0xeb, 0x15, 0xb4, 0xee,
+    0x43, 0x37, 0x06, 0xf9, 0x77, 0xbf, 0x68, 0x9b, 0x9a, 0x7f,
+    0x38, 0x30, 0x87, 0xde, 0x0c, 0x6a, 0x39, 0x41, 0xe1, 0xed,
+    0xf4, 0x18, 0x6e, 0x29, 0x44, 0xf0, 0xfc, 0xb6, 0x09, 0x5b,
+    0xb3, 0x30, 0xc9, 0x0a, 0x8c, 0x41, 0x6f, 0x1e, 0x95, 0xbe,
+    0x93, 0x3c, 0x11, 0x9b, 0x24, 0xf7, 0x57, 0xb8, 0xc5, 0x9b,
+    0x08, 0xaa, 0xcd, 0x24, 0x86, 0x98, 0x59, 0x0f, 0xc6, 0x0e,
+    0xd2, 0x71, 0xb2, 0x5e, 0xae, 0x72, 0xc9, 0x69, 0x3b, 0x80,
+    0xc2, 0x27,
 };
 static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key);
 
-/* certs/dilithium/bench_dilithium_level5_key.der */
-static const unsigned char bench_dilithium_level5_key[] =
-{
-        0x30, 0x82, 0x1D, 0x3A, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
-        0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07,
-        0x08, 0x07, 0x04, 0x82, 0x1D, 0x24, 0x04, 0x82, 0x1D, 0x20,
-        0x0A, 0xDB, 0x85, 0x3A, 0x41, 0x2C, 0x30, 0x56, 0x65, 0x04,
-        0x0A, 0x20, 0x31, 0x2A, 0xF3, 0x88, 0x4C, 0x38, 0x64, 0x86,
-        0x14, 0x06, 0xF5, 0xF0, 0x7F, 0x63, 0xC1, 0x87, 0x24, 0x39,
-        0xFB, 0xC0, 0x28, 0x0C, 0xBE, 0x81, 0xF7, 0xCD, 0x25, 0x8B,
-        0x86, 0x42, 0xAD, 0x74, 0x54, 0xCB, 0xA4, 0xDA, 0xC7, 0x94,
-        0x70, 0xA3, 0x41, 0xDA, 0x1F, 0xD8, 0x4F, 0x94, 0x5C, 0x0B,
-        0xA5, 0x35, 0x60, 0xB2, 0x8C, 0x50, 0xED, 0x0B, 0xCB, 0x75,
-        0x6F, 0x14, 0x64, 0x48, 0x86, 0x21, 0xBC, 0x4A, 0x4C, 0xC5,
-        0x22, 0xBC, 0x2D, 0x28, 0x32, 0x39, 0x13, 0x57, 0xC9, 0xE5,
-        0x74, 0xF4, 0xE6, 0x3A, 0xC2, 0xE2, 0x49, 0x24, 0x31, 0x88,
-        0x82, 0x08, 0x03, 0x89, 0x6C, 0x8B, 0x84, 0x08, 0x81, 0xC2,
-        0x08, 0xDB, 0x44, 0x60, 0xA0, 0xB2, 0x91, 0x88, 0x36, 0x28,
-        0x12, 0x89, 0x89, 0x4B, 0xA4, 0x01, 0x62, 0x12, 0x4C, 0x08,
-        0x02, 0x44, 0x19, 0x15, 0x64, 0x8B, 0x04, 0x65, 0xE4, 0x14,
-        0x06, 0x08, 0xC7, 0x04, 0x5B, 0x28, 0x81, 0x89, 0xC2, 0x70,
-        0xD0, 0xB4, 0x71, 0x4C, 0x24, 0x80, 0xA1, 0x28, 0x86, 0xD1,
-        0x06, 0x25, 0x13, 0x03, 0x84, 0x8C, 0x18, 0x41, 0x49, 0x34,
-        0x09, 0xCB, 0x22, 0x71, 0x0C, 0xA3, 0x90, 0x22, 0x94, 0x51,
-        0x58, 0x02, 0x2D, 0x53, 0x30, 0x00, 0xC2, 0x06, 0x42, 0x48,
-        0xC4, 0x70, 0x8A, 0x32, 0x89, 0x80, 0x16, 0x06, 0x90, 0x44,
-        0x91, 0xCB, 0xC8, 0x71, 0xA2, 0xB6, 0x64, 0xD0, 0x26, 0x0A,
-        0x21, 0x05, 0x88, 0x0C, 0xB0, 0x6C, 0x03, 0x49, 0x24, 0x80,
-        0x02, 0x11, 0xD1, 0x36, 0x06, 0x84, 0x32, 0x11, 0x81, 0x44,
-        0x91, 0x9B, 0xB0, 0x01, 0x91, 0x02, 0x25, 0x44, 0x92, 0x69,
-        0x5A, 0x08, 0x6C, 0x90, 0x00, 0x0D, 0x09, 0x17, 0x64, 0x89,
-        0xB2, 0x2D, 0x02, 0x06, 0x2C, 0xDC, 0x92, 0x45, 0xE1, 0x34,
-        0x31, 0x11, 0x03, 0x2D, 0x00, 0x94, 0x29, 0xCA, 0x34, 0x89,
-        0xA3, 0x40, 0x22, 0xC4, 0x30, 0x08, 0x02, 0x33, 0x6E, 0x1C,
-        0x85, 0x10, 0xE4, 0x92, 0x30, 0xC4, 0x46, 0x84, 0xE0, 0x26,
-        0x28, 0xC3, 0x10, 0x65, 0x51, 0x06, 0x4A, 0x03, 0xC1, 0x11,
-        0x48, 0x32, 0x4E, 0x9A, 0xC4, 0x6C, 0x91, 0x38, 0x40, 0xC0,
-        0x92, 0x64, 0xE3, 0xA4, 0x85, 0x22, 0x32, 0x52, 0x92, 0x08,
-        0x20, 0x82, 0x22, 0x12, 0x49, 0x20, 0x6C, 0x91, 0x06, 0x01,
-        0x1B, 0x30, 0x06, 0x12, 0xC3, 0x41, 0x4B, 0x40, 0x42, 0x0B,
-        0xA7, 0x01, 0x60, 0x12, 0x89, 0x24, 0x98, 0x30, 0x99, 0xA6,
-        0x64, 0x61, 0x26, 0x6A, 0x91, 0xB0, 0x11, 0x03, 0xC2, 0x2D,
-        0x41, 0xC8, 0x6D, 0xD8, 0x38, 0x28, 0x4B, 0x98, 0x04, 0x98,
-        0x18, 0x09, 0x18, 0xA6, 0x65, 0x81, 0x38, 0x69, 0x5B, 0xC4,
-        0x6D, 0x98, 0x26, 0x0D, 0x62, 0xC6, 0x71, 0xC3, 0xC6, 0x4C,
-        0xC2, 0x02, 0x46, 0x5B, 0x94, 0x65, 0x09, 0x29, 0x0E, 0xA2,
-        0xA2, 0x41, 0xE4, 0x02, 0x69, 0xA3, 0x90, 0x4D, 0x8B, 0xA6,
-        0x70, 0xA3, 0x40, 0x85, 0x5C, 0x36, 0x48, 0x22, 0xC5, 0x84,
-        0x19, 0x91, 0x25, 0x00, 0xC2, 0x65, 0xC4, 0x46, 0x2E, 0xDC,
-        0xB0, 0x51, 0x94, 0x28, 0x01, 0x9B, 0x22, 0x66, 0x01, 0xA8,
-        0x90, 0x9A, 0xC4, 0x08, 0xD1, 0x22, 0x41, 0x42, 0x34, 0x62,
-        0x60, 0x40, 0x92, 0x93, 0xC8, 0x45, 0xD8, 0x04, 0x20, 0x8A,
-        0x30, 0x25, 0xE1, 0x14, 0x40, 0x11, 0x13, 0x00, 0x54, 0x22,
-        0x62, 0x50, 0x10, 0x22, 0x03, 0xA9, 0x85, 0x9B, 0x42, 0x4D,
-        0x50, 0xB2, 0x41, 0x10, 0x13, 0x48, 0x63, 0x38, 0x68, 0xA1,
-        0xB0, 0x0D, 0x1B, 0x88, 0x84, 0x8A, 0x28, 0x51, 0xD4, 0x38,
-        0x2A, 0x12, 0x43, 0x61, 0x80, 0x38, 0x32, 0x18, 0xC6, 0x29,
-        0x22, 0xB5, 0x21, 0x02, 0x99, 0x28, 0xCC, 0x18, 0x85, 0x83,
-        0xB4, 0x8C, 0x81, 0x24, 0x51, 0x10, 0x83, 0x68, 0x1C, 0x47,
-        0x71, 0x8C, 0x40, 0x6C, 0x00, 0xB6, 0x0D, 0x88, 0x22, 0x90,
-        0x0C, 0xC7, 0x49, 0xC0, 0x82, 0x89, 0xDA, 0x22, 0x4A, 0xC8,
-        0x18, 0x08, 0xD1, 0x00, 0x2C, 0xDA, 0x30, 0x49, 0x49, 0xC8,
-        0x91, 0x5A, 0x96, 0x64, 0x11, 0x96, 0x20, 0xD2, 0xC4, 0x60,
-        0xE0, 0x46, 0x6A, 0x02, 0xB5, 0x21, 0x19, 0xB9, 0x81, 0x23,
-        0x00, 0x22, 0x11, 0x37, 0x32, 0x19, 0xA4, 0x0D, 0x51, 0x96,
-        0x89, 0x1B, 0x11, 0x11, 0xC3, 0x14, 0x88, 0x4C, 0x96, 0x0C,
-        0x01, 0x13, 0x72, 0x83, 0x16, 0x12, 0x24, 0x38, 0x51, 0x40,
-        0x34, 0x89, 0xD9, 0x26, 0x01, 0x54, 0x42, 0x8D, 0x00, 0xC1,
-        0x85, 0x13, 0x14, 0x84, 0x82, 0x16, 0x25, 0x88, 0xB0, 0x51,
-        0x11, 0x80, 0x30, 0x23, 0x25, 0x46, 0x04, 0x27, 0x66, 0x11,
-        0x28, 0x30, 0xD4, 0x94, 0x84, 0x10, 0xA0, 0x8C, 0xC1, 0x36,
-        0x0C, 0x14, 0x98, 0x28, 0x5B, 0x02, 0x90, 0xD9, 0x90, 0x31,
-        0xD3, 0x28, 0x68, 0x23, 0x90, 0x80, 0x24, 0xC7, 0x84, 0xA1,
-        0x00, 0x09, 0xC1, 0x36, 0x84, 0x58, 0xB6, 0x28, 0x4A, 0xB0,
-        0x69, 0x08, 0x10, 0x51, 0x1C, 0xB6, 0x84, 0x83, 0x84, 0x81,
-        0x03, 0x39, 0x90, 0x81, 0x42, 0x12, 0x13, 0xB4, 0x49, 0x0A,
-        0x20, 0x09, 0x93, 0x22, 0x42, 0xD4, 0x26, 0x21, 0xA3, 0x32,
-        0x89, 0x89, 0x84, 0x81, 0x0B, 0x02, 0x21, 0x64, 0x28, 0x90,
-        0x89, 0xB2, 0x29, 0xE1, 0x36, 0x2C, 0x11, 0x30, 0x51, 0x21,
-        0x83, 0x2C, 0x04, 0x36, 0x26, 0x61, 0x12, 0x8C, 0x19, 0x43,
-        0x52, 0x89, 0x90, 0x88, 0x43, 0xB8, 0x71, 0x0C, 0x43, 0x09,
-        0x84, 0x26, 0x6A, 0x50, 0x36, 0x20, 0x00, 0xC3, 0x68, 0x91,
-        0x38, 0x0E, 0x12, 0x12, 0x52, 0x82, 0xC4, 0x4D, 0x64, 0x90,
-        0x4D, 0x8C, 0x30, 0x22, 0x14, 0x26, 0x6E, 0x10, 0x46, 0x8E,
-        0x58, 0x34, 0x46, 0x22, 0x97, 0x68, 0x02, 0x43, 0x61, 0x41,
-        0x06, 0x01, 0x88, 0x42, 0x40, 0x08, 0x06, 0x6D, 0x80, 0x42,
-        0x22, 0x84, 0x48, 0x89, 0xDB, 0x84, 0x90, 0xC0, 0x22, 0x71,
-        0x43, 0x96, 0x45, 0x0A, 0xA3, 0x30, 0x12, 0x28, 0x44, 0x51,
-        0x00, 0x52, 0x99, 0xA0, 0x8D, 0xC2, 0x28, 0x00, 0xC8, 0x18,
-        0x6E, 0xA2, 0x40, 0x8E, 0x03, 0x47, 0x31, 0x61, 0x22, 0x41,
-        0xD3, 0xB4, 0x01, 0x48, 0x14, 0x40, 0x4C, 0x06, 0x0C, 0x41,
-        0x06, 0x2A, 0x5B, 0x90, 0x25, 0xCC, 0xC6, 0x41, 0xC3, 0x86,
-        0x28, 0x99, 0x26, 0x50, 0x11, 0xC4, 0x8D, 0x8C, 0x30, 0x68,
-        0x8C, 0x08, 0x0C, 0x50, 0x38, 0x86, 0xDC, 0x10, 0x92, 0xD4,
-        0x18, 0x72, 0x02, 0xA8, 0x2C, 0x42, 0x82, 0x44, 0x53, 0x36,
-        0x0E, 0x90, 0x32, 0x49, 0x84, 0x24, 0x09, 0x12, 0xA2, 0x41,
-        0x82, 0x10, 0x4D, 0x01, 0xA0, 0x8C, 0x11, 0xB2, 0x80, 0x21,
-        0x89, 0x69, 0x24, 0x21, 0x28, 0x02, 0x03, 0x6E, 0x49, 0x32,
-        0x0C, 0x08, 0x88, 0x84, 0x91, 0x80, 0x10, 0x0C, 0x33, 0x12,
-        0x43, 0x24, 0x8A, 0x82, 0x26, 0x10, 0x60, 0xC6, 0x60, 0x48,
-        0xA2, 0x10, 0x12, 0x83, 0x24, 0x0B, 0x03, 0x40, 0xCA, 0x08,
-        0x20, 0x99, 0x36, 0x86, 0x5B, 0x24, 0x41, 0x10, 0x87, 0x04,
-        0x0C, 0x15, 0x04, 0x14, 0xB2, 0x68, 0x0B, 0x89, 0x29, 0x99,
-        0x16, 0x8D, 0x00, 0x42, 0x00, 0x9B, 0x48, 0x44, 0x12, 0x45,
-        0x6C, 0x0A, 0x25, 0x92, 0xC0, 0xC4, 0x00, 0x1A, 0xC8, 0x31,
-        0x21, 0x26, 0x8A, 0x81, 0xA0, 0x2C, 0x11, 0x85, 0x65, 0x9A,
-        0x08, 0x61, 0xD9, 0x22, 0x12, 0xCB, 0x36, 0x71, 0xA2, 0x08,
-        0x0A, 0xE4, 0x06, 0x32, 0x19, 0x19, 0x4A, 0x1B, 0x34, 0x45,
-        0x51, 0x06, 0x6E, 0x48, 0x02, 0x68, 0x13, 0xB7, 0x10, 0x44,
-        0xC8, 0x85, 0x13, 0x81, 0x2C, 0xC4, 0x40, 0x45, 0x42, 0x98,
-        0x21, 0x62, 0x18, 0x92, 0x9B, 0x44, 0x25, 0xA1, 0x06, 0x28,
-        0x52, 0x82, 0x11, 0x44, 0x24, 0x32, 0x02, 0xC6, 0x80, 0x10,
-        0x45, 0x4E, 0x22, 0x93, 0x0D, 0x44, 0x02, 0x68, 0x4A, 0x30,
-        0x81, 0xC9, 0x94, 0x85, 0x08, 0x07, 0x08, 0x24, 0x39, 0x64,
-        0xD2, 0x08, 0x22, 0xD0, 0xA0, 0x41, 0x81, 0x92, 0x91, 0x8C,
-        0x24, 0x6A, 0xCA, 0x36, 0x32, 0x1C, 0x12, 0x45, 0x92, 0x94,
-        0x80, 0x82, 0x86, 0x4C, 0xDA, 0xA2, 0x84, 0x98, 0x24, 0x49,
-        0x0A, 0x13, 0x90, 0x1B, 0xC3, 0x01, 0x49, 0x28, 0x60, 0x08,
-        0x21, 0x92, 0x0B, 0xB0, 0x20, 0x52, 0x90, 0x84, 0x8A, 0x32,
-        0x11, 0x50, 0x28, 0x8C, 0x5B, 0x38, 0x2E, 0xDC, 0xB4, 0x08,
-        0x12, 0x20, 0x84, 0xD1, 0x12, 0x22, 0x99, 0x08, 0x11, 0x19,
-        0x95, 0x10, 0x80, 0x44, 0x6A, 0xE1, 0x12, 0x85, 0xCC, 0xB0,
-        0x24, 0x23, 0x15, 0x4C, 0x63, 0x34, 0x68, 0x5C, 0xB6, 0x65,
-        0x42, 0xC2, 0x4D, 0x20, 0x95, 0x84, 0x8A, 0x42, 0x00, 0x4C,
-        0x24, 0x50, 0x98, 0x02, 0x6C, 0x21, 0x44, 0x84, 0x20, 0x85,
-        0x21, 0x80, 0x48, 0x6C, 0x9C, 0x14, 0x86, 0x81, 0x86, 0x91,
-        0x1C, 0x09, 0x04, 0xDC, 0xC6, 0x28, 0x09, 0x27, 0x30, 0x4B,
-        0x02, 0x64, 0x44, 0x46, 0x30, 0x9C, 0xA2, 0x8C, 0x20, 0x11,
-        0x68, 0x11, 0x24, 0x51, 0x0B, 0x02, 0x00, 0xD2, 0x82, 0x4D,
-        0xC3, 0x80, 0x71, 0xE0, 0x48, 0x2C, 0x4A, 0x88, 0x50, 0xA0,
-        0x20, 0x49, 0x4B, 0xB4, 0x31, 0x08, 0x12, 0x71, 0x90, 0xA2,
-        0x89, 0xCA, 0x46, 0x85, 0x91, 0x96, 0x91, 0x8A, 0x30, 0x31,
-        0x0B, 0xC2, 0x21, 0x61, 0x10, 0x49, 0x10, 0x99, 0x81, 0x53,
-        0x36, 0x0C, 0x23, 0x81, 0x88, 0x62, 0x28, 0x0A, 0x12, 0x43,
-        0x70, 0x02, 0xC7, 0x51, 0x14, 0x34, 0x88, 0x23, 0x84, 0x49,
-        0x23, 0x86, 0x08, 0x0C, 0x28, 0x28, 0x94, 0xA0, 0x8D, 0x11,
-        0x33, 0x60, 0xA3, 0x38, 0x6E, 0xC0, 0x42, 0x2E, 0x52, 0xB4,
-        0x40, 0x0A, 0x25, 0x4D, 0x1C, 0x10, 0x2A, 0x9A, 0x96, 0x64,
-        0x10, 0xC1, 0x60, 0x8C, 0x46, 0x60, 0x5A, 0x24, 0x89, 0x42,
-        0x40, 0x86, 0xD0, 0x34, 0x89, 0x5C, 0x02, 0x02, 0x00, 0x34,
-        0x21, 0x00, 0x24, 0x00, 0xA0, 0x20, 0x60, 0x03, 0xA6, 0x40,
-        0xDC, 0x30, 0x80, 0x4B, 0xA8, 0x20, 0x0B, 0xA2, 0x24, 0xE2,
-        0xB0, 0x89, 0xA2, 0xB2, 0x65, 0xD4, 0xA6, 0x68, 0x20, 0xA3,
-        0x04, 0x4C, 0xC2, 0x11, 0x4A, 0x38, 0x24, 0x08, 0x17, 0x4D,
-        0xE2, 0xA2, 0x00, 0x02, 0xC8, 0x00, 0x08, 0x00, 0x30, 0xA4,
-        0xB6, 0x25, 0x5A, 0x30, 0x01, 0x40, 0x92, 0x4C, 0xC8, 0x44,
-        0x92, 0x43, 0xC8, 0x60, 0xA3, 0x86, 0x84, 0x18, 0x04, 0x70,
-        0x53, 0xB2, 0x40, 0x4C, 0x04, 0x84, 0x09, 0xC8, 0x48, 0x21,
-        0x13, 0x31, 0x04, 0xA5, 0x0D, 0x90, 0x92, 0x88, 0xC1, 0x10,
-        0x8D, 0xE0, 0x88, 0x28, 0x0B, 0x06, 0x84, 0x23, 0x22, 0x6C,
-        0xDB, 0xB2, 0x05, 0xC8, 0x08, 0x6E, 0x93, 0x86, 0x4C, 0x0C,
-        0x37, 0x86, 0xDA, 0x16, 0x51, 0x9B, 0x08, 0x32, 0x00, 0x91,
-        0x45, 0xA4, 0x00, 0x2D, 0x14, 0x02, 0x0E, 0x60, 0x90, 0x4C,
-        0x23, 0xB4, 0x09, 0x00, 0xA5, 0x81, 0x19, 0x21, 0x32, 0xC2,
-        0x00, 0x02, 0x18, 0x10, 0x50, 0x08, 0xA2, 0x6D, 0x20, 0x31,
-        0x6A, 0x90, 0x46, 0x90, 0x8B, 0x94, 0x30, 0x21, 0x44, 0x52,
-        0x10, 0x19, 0x51, 0x94, 0xC0, 0x29, 0xC8, 0x20, 0x4E, 0x48,
-        0xA6, 0x4C, 0x11, 0xC4, 0x64, 0xDC, 0x34, 0x10, 0x48, 0xC4,
-        0x84, 0xCA, 0x46, 0x0C, 0x58, 0x12, 0x49, 0x0B, 0x16, 0x00,
-        0x20, 0x42, 0x50, 0x04, 0x00, 0x46, 0xF8, 0x68, 0xB1, 0xA7,
-        0x5E, 0xA7, 0xE6, 0xCE, 0xF5, 0x88, 0x8A, 0x5F, 0x79, 0xC9,
-        0x3A, 0x5F, 0xF2, 0x7F, 0x5A, 0xED, 0xB4, 0xB4, 0x25, 0x44,
-        0xD2, 0x7E, 0xED, 0xCE, 0x46, 0x40, 0xAC, 0xC2, 0x53, 0xD0,
-        0xD3, 0xE7, 0xF6, 0x1C, 0xFA, 0x23, 0x4A, 0xB0, 0xEA, 0x32,
-        0x91, 0xB7, 0xDA, 0x8B, 0x72, 0x35, 0xB7, 0x74, 0xD5, 0x9A,
-        0x9B, 0x22, 0x3D, 0x49, 0x08, 0xBA, 0xD1, 0x7D, 0x9F, 0x64,
-        0xD5, 0xAD, 0x7A, 0x37, 0xBD, 0x11, 0xD0, 0xA0, 0x7C, 0x53,
-        0x05, 0x1A, 0x66, 0x6C, 0x5D, 0x42, 0x45, 0x55, 0x34, 0xC0,
-        0x1F, 0xCA, 0xDB, 0x0D, 0x4F, 0x75, 0x95, 0x9F, 0x10, 0x9A,
-        0x8D, 0x54, 0xCE, 0xC2, 0x5C, 0xF0, 0xCE, 0xBD, 0x39, 0x70,
-        0xB0, 0x52, 0x2E, 0x4B, 0x11, 0x0D, 0x25, 0xD7, 0xE5, 0x4B,
-        0xF1, 0xE3, 0x4F, 0xBE, 0xF2, 0x73, 0xA6, 0xDE, 0xB6, 0xC4,
-        0x61, 0x71, 0xCC, 0x5C, 0xFE, 0x55, 0xF0, 0x50, 0xBA, 0x9C,
-        0x18, 0x44, 0x13, 0xDD, 0xCB, 0x7A, 0xD2, 0xA2, 0xDC, 0xBF,
-        0xF2, 0xC8, 0x84, 0xFF, 0x5B, 0xA7, 0xFA, 0x8D, 0x18, 0xF2,
-        0x55, 0xD0, 0x3C, 0x4E, 0xB3, 0x77, 0x7C, 0x95, 0x91, 0x98,
-        0x52, 0xF2, 0xB6, 0xCF, 0xFC, 0x45, 0xF4, 0x71, 0x62, 0x24,
-        0xE2, 0x7B, 0xF7, 0x85, 0x08, 0x17, 0x6A, 0x62, 0xB4, 0xE9,
-        0x08, 0x3E, 0xA1, 0xC6, 0x27, 0x8E, 0xB3, 0x26, 0xA5, 0x95,
-        0x91, 0x84, 0xD0, 0xA0, 0xCD, 0xBF, 0x45, 0xD0, 0xE2, 0x26,
-        0x65, 0x74, 0xD6, 0x49, 0x50, 0xF2, 0x6B, 0xAE, 0xF1, 0x8A,
-        0x2A, 0x18, 0xDA, 0xF0, 0xAD, 0xE7, 0xF3, 0x0A, 0x0E, 0x33,
-        0xA5, 0xCA, 0x11, 0x16, 0xCC, 0xD6, 0x81, 0x89, 0x83, 0x27,
-        0x32, 0x97, 0x61, 0x48, 0x0D, 0x89, 0x3E, 0xB7, 0x7E, 0x02,
-        0xC8, 0x96, 0x93, 0xFA, 0xD0, 0x1D, 0x76, 0xB4, 0xA4, 0x38,
-        0x4C, 0xE3, 0xB4, 0x6F, 0xCE, 0x66, 0x90, 0x53, 0xDC, 0xCE,
-        0xD6, 0x10, 0x16, 0x3E, 0xB8, 0xBD, 0xD9, 0x8C, 0xA9, 0x90,
-        0x54, 0xAF, 0x86, 0x07, 0xB3, 0xC1, 0x82, 0xFB, 0x41, 0x61,
-        0xB8, 0x6D, 0x8E, 0xA5, 0xA8, 0xEB, 0xE3, 0xC0, 0xCF, 0x51,
-        0xAA, 0x94, 0x7A, 0x7F, 0x9C, 0x48, 0xA3, 0x40, 0x83, 0x33,
-        0x22, 0x41, 0x61, 0x4C, 0xD4, 0x62, 0xD7, 0xC6, 0xC6, 0x5B,
-        0xF3, 0x48, 0x42, 0xA7, 0x18, 0xD5, 0xAF, 0x05, 0xF6, 0x7A,
-        0xF6, 0x6D, 0x82, 0xFF, 0x89, 0x68, 0x21, 0x13, 0x62, 0xA5,
-        0x7E, 0xC9, 0x43, 0x03, 0x73, 0xF7, 0xD1, 0x01, 0x7D, 0xD9,
-        0x13, 0x03, 0x9C, 0x99, 0x74, 0xD4, 0x92, 0x2E, 0xD1, 0xD3,
-        0xCB, 0x53, 0x6C, 0xF9, 0xFE, 0xB4, 0x3D, 0x51, 0xF1, 0x63,
-        0x42, 0x5B, 0xB2, 0x5D, 0x70, 0x03, 0xE5, 0x46, 0x5B, 0xC1,
-        0xEB, 0x27, 0x11, 0x22, 0x15, 0x73, 0x6C, 0xF8, 0x51, 0x0A,
-        0xFF, 0xD8, 0xFE, 0xB6, 0xE1, 0xBD, 0x42, 0xC0, 0x4C, 0xEB,
-        0xCD, 0x1E, 0x3C, 0xD5, 0x7C, 0xEA, 0xC6, 0xD4, 0x34, 0xD2,
-        0x8D, 0x99, 0xC4, 0x99, 0xA8, 0x8E, 0x9F, 0x60, 0xA8, 0xE8,
-        0x7B, 0x1E, 0x7E, 0x50, 0x14, 0xAD, 0xFC, 0xDB, 0xA6, 0x00,
-        0xE9, 0x00, 0x7A, 0x5A, 0xCD, 0x01, 0x26, 0xBB, 0x4E, 0x00,
-        0x9E, 0xCC, 0xD3, 0x2D, 0x49, 0x1B, 0xB8, 0x60, 0x2C, 0x59,
-        0x2A, 0x95, 0x8C, 0x92, 0x4D, 0x1A, 0x57, 0x3B, 0xEF, 0x6E,
-        0xC4, 0x91, 0xE4, 0x99, 0x5E, 0xAE, 0x1B, 0xAF, 0x1E, 0x14,
-        0x51, 0x38, 0x19, 0xBC, 0x33, 0x5C, 0x21, 0x4D, 0xAD, 0xA1,
-        0x12, 0x17, 0xE6, 0xF5, 0x37, 0x98, 0xF6, 0xE6, 0x38, 0x4D,
-        0x07, 0x80, 0x1D, 0xD8, 0x5E, 0xCC, 0x58, 0xDB, 0x7E, 0x3A,
-        0x8F, 0x90, 0xDF, 0x9E, 0x80, 0xFB, 0xFC, 0x10, 0xEC, 0x7E,
-        0x81, 0x53, 0x37, 0xC1, 0x66, 0xEE, 0xD7, 0x80, 0x0F, 0x0C,
-        0xEB, 0xE8, 0x85, 0x2E, 0x37, 0x61, 0x8B, 0x9C, 0x63, 0xF6,
-        0x27, 0x77, 0x16, 0x44, 0x61, 0x66, 0xC9, 0x79, 0x31, 0xDD,
-        0xB4, 0x94, 0x9D, 0x8C, 0x8B, 0x1D, 0x28, 0xC2, 0x84, 0xC9,
-        0x30, 0x71, 0xF4, 0x9E, 0xEF, 0x00, 0x2B, 0xA2, 0x9F, 0x38,
-        0x65, 0xE6, 0xD1, 0x80, 0x26, 0x9B, 0xC4, 0xE8, 0x83, 0xCE,
-        0x64, 0xD0, 0x8A, 0x9A, 0x1E, 0xEF, 0xA3, 0xB6, 0xD2, 0x0B,
-        0x9C, 0x14, 0xF3, 0x08, 0xF1, 0x73, 0xD1, 0x34, 0xAE, 0x83,
-        0xE7, 0x97, 0x5B, 0x97, 0x35, 0x0E, 0x35, 0xDC, 0x22, 0xD5,
-        0xAA, 0xD1, 0xBC, 0xC7, 0x40, 0x20, 0xAD, 0x43, 0x36, 0x24,
-        0x66, 0x7A, 0xB7, 0x1F, 0xF9, 0x1A, 0x1F, 0x37, 0xCE, 0xC2,
-        0xFC, 0x98, 0xB1, 0x6A, 0x9A, 0x81, 0xD9, 0x4B, 0x53, 0x68,
-        0xC5, 0xF3, 0xE6, 0x69, 0x76, 0xA6, 0x8B, 0x98, 0xFB, 0x84,
-        0x2E, 0xD3, 0x4F, 0x77, 0xF9, 0x24, 0xF9, 0x13, 0x89, 0x8D,
-        0xF6, 0x80, 0x2E, 0x0E, 0xA1, 0xCD, 0x90, 0x58, 0xCE, 0x63,
-        0x36, 0x95, 0x8C, 0xF6, 0x68, 0xC3, 0x84, 0xF8, 0xB4, 0x5E,
-        0x9E, 0x6C, 0x19, 0x32, 0x90, 0xA7, 0xD0, 0x2D, 0x47, 0x6B,
-        0xCB, 0xAF, 0x85, 0x65, 0x92, 0x83, 0x11, 0x8E, 0xCC, 0x88,
-        0xB1, 0x0B, 0xB8, 0x1E, 0x55, 0x4F, 0x18, 0x2A, 0xC4, 0x02,
-        0xA8, 0x45, 0x6A, 0xCD, 0x75, 0x58, 0x6A, 0xAF, 0x83, 0x94,
-        0x38, 0x1D, 0xA9, 0x09, 0x29, 0x1E, 0x0E, 0x43, 0xA9, 0x04,
-        0x26, 0xF6, 0x1C, 0xC7, 0xCB, 0xC1, 0x10, 0xB9, 0x86, 0xC1,
-        0xA2, 0xEC, 0x03, 0xDE, 0xF7, 0x53, 0x67, 0x2B, 0xDF, 0xEE,
-        0xAF, 0xD2, 0xF2, 0xA8, 0xBD, 0xD9, 0x21, 0xCC, 0x8C, 0x72,
-        0x02, 0x44, 0xF5, 0xA5, 0xED, 0x88, 0x5B, 0xAC, 0x5F, 0x5A,
-        0x15, 0x81, 0xCC, 0x95, 0x15, 0x2E, 0x34, 0x72, 0x59, 0x6C,
-        0x03, 0x36, 0x5E, 0x22, 0x7E, 0x3F, 0x65, 0xA6, 0x8C, 0x4F,
-        0x89, 0xC1, 0xE7, 0x63, 0xB6, 0x1B, 0xE5, 0x41, 0xC7, 0xF8,
-        0x96, 0xA4, 0x8F, 0x4F, 0x47, 0x59, 0x3E, 0x9D, 0x45, 0xCE,
-        0xE4, 0x1B, 0xF1, 0x69, 0x0C, 0x39, 0x34, 0x16, 0x77, 0x6A,
-        0xF5, 0xB5, 0x9E, 0x8B, 0x63, 0x86, 0x35, 0xFD, 0x4F, 0x2A,
-        0x4B, 0x49, 0x21, 0x7C, 0xE3, 0xEA, 0x5C, 0xDE, 0x98, 0xE4,
-        0x58, 0x32, 0x67, 0x98, 0xFC, 0x8F, 0xAB, 0x01, 0x0E, 0xA4,
-        0x8B, 0x39, 0xA3, 0x55, 0x4C, 0x8E, 0x98, 0xBA, 0xCD, 0x3B,
-        0xDB, 0x91, 0x8D, 0x94, 0x98, 0xBE, 0x37, 0x7B, 0xDB, 0x58,
-        0xFC, 0xC1, 0x88, 0x7D, 0xD3, 0xBC, 0x8F, 0xB4, 0x7C, 0xB2,
-        0xFE, 0x3E, 0x26, 0x36, 0x95, 0x7E, 0xDB, 0xD1, 0x38, 0x29,
-        0xD9, 0xCF, 0x5D, 0x0E, 0xD1, 0xDF, 0x7F, 0xD1, 0x68, 0x04,
-        0x70, 0x6F, 0x61, 0x39, 0x49, 0x44, 0xD2, 0x5C, 0x0C, 0xC3,
-        0xD6, 0xF8, 0x1E, 0x96, 0x36, 0x43, 0x79, 0xB2, 0xE5, 0x1A,
-        0xF1, 0x32, 0x03, 0xE1, 0x22, 0x45, 0x20, 0x1B, 0x36, 0x6A,
-        0xB8, 0x62, 0xA5, 0xC5, 0x85, 0x8B, 0xED, 0x42, 0x69, 0xC6,
-        0x30, 0x36, 0xA1, 0xF6, 0x22, 0x8D, 0x37, 0xD8, 0xE4, 0xBD,
-        0x26, 0x8B, 0x89, 0xC2, 0xA9, 0x10, 0x82, 0xDD, 0x0C, 0x2D,
-        0x04, 0x39, 0xB7, 0x59, 0x0B, 0x30, 0x2A, 0x6D, 0x84, 0x4A,
-        0x74, 0xB9, 0x3F, 0xEA, 0xA5, 0x34, 0x76, 0xFA, 0xAD, 0x99,
-        0xB0, 0xEF, 0xA0, 0xF1, 0x85, 0x3D, 0x00, 0x76, 0x00, 0xF8,
-        0xFA, 0x1B, 0xAA, 0xB7, 0x5A, 0x62, 0x0E, 0xFD, 0xDC, 0x7A,
-        0xCA, 0x18, 0x43, 0x32, 0x02, 0xB7, 0x20, 0x38, 0x0B, 0x50,
-        0x4E, 0x57, 0xBF, 0x88, 0xBA, 0x09, 0xD3, 0x9D, 0x8B, 0x3A,
-        0x88, 0x82, 0xD9, 0xC3, 0x60, 0x89, 0x10, 0xF5, 0x09, 0x61,
-        0x72, 0x41, 0x83, 0xCB, 0x29, 0x38, 0xB3, 0x75, 0xD8, 0xBB,
-        0x7E, 0x3F, 0x4A, 0x3C, 0x6B, 0xE5, 0xAE, 0xB7, 0x18, 0xC1,
-        0x52, 0x3C, 0x8D, 0x8B, 0xF3, 0x8B, 0x84, 0x98, 0x3E, 0xE3,
-        0x5F, 0x5B, 0x89, 0xB7, 0x07, 0x58, 0xD3, 0x7B, 0x84, 0x38,
-        0x57, 0x3B, 0xF7, 0x59, 0x22, 0x6B, 0xA7, 0x31, 0x1D, 0xAF,
-        0xBF, 0xFA, 0x15, 0x8B, 0xE0, 0x72, 0xFA, 0xCA, 0xB6, 0xC2,
-        0xD6, 0x42, 0x43, 0x27, 0xF6, 0xAA, 0x3E, 0x5B, 0x07, 0x12,
-        0x5C, 0xEF, 0xED, 0xCB, 0xDF, 0xAA, 0x5F, 0xF8, 0x77, 0xD0,
-        0x8E, 0xC7, 0x03, 0x1E, 0x23, 0x5A, 0xF1, 0x3A, 0xA9, 0x10,
-        0x6F, 0x05, 0x46, 0x04, 0x72, 0x63, 0xAC, 0xAE, 0x4B, 0x3D,
-        0x1E, 0x2D, 0xC2, 0xE9, 0x38, 0x6A, 0xA9, 0x11, 0x1E, 0xE0,
-        0xCA, 0x06, 0x7A, 0x5A, 0x45, 0xB2, 0x82, 0x0C, 0x10, 0xEB,
-        0x0D, 0x10, 0x26, 0x74, 0xA5, 0x07, 0x1B, 0xBA, 0x61, 0xFD,
-        0x8C, 0x73, 0xCB, 0x96, 0xFC, 0xF8, 0x98, 0x2D, 0x83, 0x12,
-        0x0B, 0x6A, 0x9C, 0xA4, 0x70, 0x95, 0x4B, 0xD8, 0x11, 0x71,
-        0x8F, 0x22, 0x89, 0xA2, 0x6A, 0x0A, 0xB0, 0x17, 0x93, 0x46,
-        0x89, 0x60, 0x58, 0x2E, 0x1F, 0x3B, 0xE1, 0x6F, 0x49, 0x47,
-        0xBC, 0x93, 0xD2, 0x14, 0x3D, 0xF2, 0x21, 0xA4, 0xFA, 0x1F,
-        0x9D, 0x3F, 0x08, 0x40, 0x17, 0x77, 0x58, 0x7F, 0x65, 0xB4,
-        0xFD, 0x01, 0x67, 0xF1, 0x62, 0x77, 0xD8, 0x6D, 0x46, 0x42,
-        0x30, 0x52, 0x64, 0x4C, 0x76, 0x64, 0x7E, 0x09, 0xDD, 0x57,
-        0x04, 0xB8, 0x4A, 0x7F, 0x8A, 0x68, 0xC3, 0x0D, 0xD9, 0xBE,
-        0xF6, 0x61, 0x1C, 0x4D, 0x30, 0x80, 0x18, 0x83, 0xD6, 0x3F,
-        0xB9, 0x58, 0x52, 0x20, 0xB9, 0x60, 0xEA, 0x22, 0xD0, 0xD0,
-        0x61, 0x1A, 0x3B, 0x32, 0x69, 0x35, 0x8B, 0x22, 0x6E, 0x27,
-        0x2E, 0xE2, 0x6D, 0xBA, 0xC7, 0x17, 0x02, 0xDA, 0x83, 0x22,
-        0x5C, 0x31, 0x60, 0xD6, 0x78, 0x78, 0xBF, 0x0B, 0xEE, 0xD4,
-        0x68, 0x32, 0xAE, 0x17, 0x80, 0x04, 0x7F, 0xD9, 0xA9, 0xA0,
-        0xC9, 0xB7, 0x98, 0xEE, 0x9C, 0x8C, 0x61, 0x70, 0xBB, 0x2F,
-        0x10, 0x39, 0x3E, 0xCC, 0x6E, 0xC8, 0x0A, 0x0F, 0xA2, 0x1E,
-        0x31, 0x01, 0x75, 0x1E, 0x41, 0x9E, 0x63, 0x14, 0xC2, 0x3A,
-        0xD9, 0x1A, 0x8B, 0x52, 0x0D, 0xFD, 0xDC, 0xE6, 0x23, 0x35,
-        0xF1, 0x17, 0xE4, 0xA6, 0xDB, 0xAC, 0x3F, 0x67, 0x59, 0x02,
-        0x8E, 0x20, 0x6F, 0x55, 0x69, 0xF8, 0x16, 0xFC, 0x33, 0x53,
-        0xCA, 0xE8, 0x4E, 0x3F, 0xA4, 0x5C, 0xA6, 0xA4, 0x95, 0xCD,
-        0xB7, 0x9D, 0x14, 0x79, 0xAE, 0x82, 0xF8, 0x2F, 0xE2, 0x13,
-        0x0D, 0xDE, 0x75, 0x19, 0xA4, 0x0C, 0x32, 0x83, 0xD0, 0x14,
-        0x35, 0xE7, 0x77, 0xD0, 0x18, 0x9C, 0xEF, 0xCC, 0xD5, 0xDA,
-        0x39, 0x3B, 0xFF, 0x11, 0x39, 0x20, 0x3D, 0x5A, 0xB1, 0x16,
-        0x2A, 0x57, 0x6B, 0x27, 0xC1, 0xB6, 0x69, 0xB5, 0x9B, 0x78,
-        0x6F, 0x6B, 0x8A, 0xEF, 0x3F, 0x8F, 0xB8, 0x37, 0xBF, 0xCA,
-        0x2D, 0x27, 0x25, 0x12, 0xC9, 0x81, 0x3A, 0x4C, 0x1A, 0x94,
-        0xDF, 0x6D, 0x27, 0xF8, 0x85, 0x26, 0xA0, 0x88, 0x56, 0x7B,
-        0x62, 0x5E, 0x84, 0xCF, 0x84, 0xAB, 0x81, 0xA3, 0xD4, 0xEB,
-        0xE9, 0x85, 0x96, 0xED, 0x27, 0x42, 0xF6, 0x86, 0x28, 0xF1,
-        0x8C, 0x69, 0x81, 0xD9, 0xAC, 0x1E, 0x9F, 0x12, 0xA4, 0x9E,
-        0x78, 0xC5, 0x2E, 0x07, 0x66, 0xFF, 0x2F, 0xED, 0x93, 0xD2,
-        0x62, 0x30, 0x30, 0x81, 0xE5, 0x76, 0x7A, 0x2A, 0x8E, 0xF3,
-        0xC0, 0x21, 0x9C, 0xE8, 0xE3, 0x51, 0x4F, 0xDA, 0x96, 0xCF,
-        0x6A, 0x0A, 0xC9, 0x90, 0x64, 0x93, 0x70, 0xE2, 0xAD, 0x6E,
-        0x17, 0x06, 0x5E, 0xBD, 0x5C, 0x40, 0x4B, 0x43, 0x78, 0x1F,
-        0x40, 0x55, 0x36, 0xBD, 0x2B, 0xD6, 0x92, 0x88, 0x02, 0xAA,
-        0x3E, 0xDF, 0x3B, 0xC9, 0x90, 0x69, 0x28, 0xE6, 0xE1, 0x7D,
-        0xBD, 0x2A, 0xC1, 0x6F, 0x70, 0x6D, 0xB8, 0x1A, 0xAD, 0x66,
-        0x4F, 0x78, 0xF7, 0x00, 0x57, 0xED, 0xA8, 0xC3, 0x87, 0x8A,
-        0x27, 0x2E, 0xFC, 0xC4, 0x37, 0xB9, 0xED, 0xAE, 0x06, 0x05,
-        0x19, 0x60, 0x53, 0x85, 0x54, 0x83, 0x52, 0xEC, 0xBF, 0xA5,
-        0x79, 0xFC, 0x18, 0xC3, 0xD8, 0x98, 0xC5, 0xD8, 0x81, 0x78,
-        0x4F, 0xDA, 0x24, 0xAD, 0x6F, 0xF4, 0x78, 0x56, 0x79, 0x9F,
-        0x5D, 0xE3, 0x6D, 0x35, 0x93, 0xEA, 0xA8, 0xB5, 0x44, 0x1A,
-        0xDA, 0x87, 0xBD, 0x06, 0x4D, 0xFF, 0x35, 0x2A, 0x76, 0x51,
-        0xD3, 0xC2, 0x73, 0x20, 0x93, 0x33, 0xC0, 0xEA, 0x88, 0xA0,
-        0xCD, 0xE1, 0xEA, 0x79, 0x86, 0x32, 0xA7, 0xCE, 0xBA, 0x73,
-        0xE9, 0x82, 0x32, 0x64, 0x88, 0x44, 0x66, 0x8A, 0x8C, 0xCB,
-        0xF1, 0xDB, 0x42, 0x91, 0x3E, 0x78, 0x3A, 0x77, 0xEB, 0x4C,
-        0xFD, 0xFE, 0x43, 0xD8, 0xEA, 0x9E, 0xED, 0x19, 0xAD, 0xA8,
-        0x64, 0x1A, 0x12, 0xC3, 0x81, 0x75, 0xA0, 0x61, 0xAF, 0x4F,
-        0x71, 0x25, 0x94, 0x76, 0x31, 0x9A, 0xF6, 0x14, 0x3F, 0x6D,
-        0x36, 0xC0, 0x2F, 0x52, 0x3B, 0x4B, 0xCB, 0x2B, 0xCF, 0xB8,
-        0x70, 0x19, 0x0D, 0x15, 0x1A, 0xF9, 0x48, 0xA8, 0x3A, 0x55,
-        0xAF, 0x18, 0x66, 0x50, 0xC8, 0x32, 0x97, 0x43, 0x1E, 0x9F,
-        0x8B, 0x66, 0xC1, 0x2E, 0x37, 0x69, 0xB8, 0x97, 0xF9, 0x6A,
-        0x1E, 0x69, 0xBA, 0x5C, 0xEC, 0x6F, 0xFD, 0x99, 0x71, 0xB8,
-        0xC4, 0x05, 0xB9, 0xB9, 0xE6, 0x4D, 0xA7, 0x01, 0x2D, 0xEB,
-        0x26, 0x23, 0x40, 0x4D, 0x79, 0x1B, 0xE4, 0xD9, 0xAB, 0x9F,
-        0xE9, 0x9B, 0x35, 0x78, 0xC0, 0x32, 0x8E, 0xF7, 0x5F, 0x7E,
-        0xB5, 0x56, 0xD2, 0xA1, 0x35, 0x81, 0x72, 0xD2, 0x6A, 0x0A,
-        0xC9, 0x6D, 0x0D, 0xDB, 0x2B, 0xA4, 0x02, 0x92, 0x76, 0x26,
-        0xAF, 0x36, 0x27, 0x01, 0xDF, 0xA5, 0x5B, 0x09, 0x97, 0x06,
-        0x5E, 0x80, 0xB0, 0x32, 0xFC, 0x1F, 0x72, 0x4E, 0x93, 0x2F,
-        0x12, 0xF3, 0xA2, 0x60, 0x19, 0x74, 0x69, 0x03, 0x8B, 0x7D,
-        0x6B, 0x2C, 0xE9, 0x54, 0x91, 0xF1, 0x3F, 0x2B, 0xF1, 0x65,
-        0x71, 0x0B, 0x24, 0xEF, 0xCC, 0xB8, 0x79, 0x8E, 0x9B, 0x03,
-        0xC1, 0xFF, 0xAC, 0xF0, 0x04, 0xEA, 0x92, 0xA3, 0x86, 0x64,
-        0x6B, 0x63, 0x43, 0xA6, 0xC3, 0xCB, 0x43, 0xBE, 0xB0, 0xA9,
-        0x11, 0x1B, 0x74, 0xC0, 0x87, 0x61, 0x5C, 0xDB, 0xF4, 0xA3,
-        0x0E, 0xA6, 0x36, 0xEE, 0x41, 0x7F, 0xA8, 0xA6, 0xDF, 0x1B,
-        0x05, 0xAE, 0x77, 0x90, 0x6A, 0xD4, 0x5B, 0x8E, 0x27, 0xE2,
-        0xC0, 0x3E, 0x99, 0xAB, 0xFD, 0xFE, 0x6B, 0x71, 0xB4, 0x22,
-        0x77, 0x7A, 0xB0, 0x43, 0x8B, 0x81, 0x33, 0x4D, 0x51, 0xD4,
-        0xAB, 0xD9, 0xA0, 0x7C, 0xA7, 0x8A, 0x39, 0x92, 0x45, 0x39,
-        0xAC, 0x54, 0x13, 0x6E, 0xA5, 0x22, 0x28, 0xC8, 0xAD, 0x3D,
-        0xB1, 0xB2, 0xF3, 0x6B, 0xF6, 0x51, 0x17, 0xA3, 0x37, 0xE9,
-        0xC9, 0x94, 0x54, 0xD7, 0x64, 0xC6, 0x04, 0xE7, 0xFA, 0x93,
-        0xC1, 0xFA, 0xBA, 0xCA, 0x21, 0x1B, 0xF0, 0x6C, 0x99, 0x22,
-        0x52, 0x53, 0xEF, 0xC2, 0xA2, 0x19, 0xB3, 0xCA, 0xF5, 0x30,
-        0xC1, 0xD1, 0x24, 0x7F, 0x3A, 0x28, 0x8F, 0xAA, 0x70, 0xD2,
-        0xBB, 0x7A, 0xF5, 0x8A, 0x23, 0x57, 0xE9, 0x79, 0x00, 0xF4,
-        0x1C, 0x1D, 0xB1, 0x42, 0x0C, 0x53, 0x99, 0x7B, 0x99, 0x68,
-        0x6E, 0x71, 0xD9, 0xD4, 0xE9, 0xC1, 0xA7, 0x5B, 0x05, 0xA7,
-        0x6F, 0xF2, 0xE7, 0x11, 0x3B, 0x70, 0x5F, 0x11, 0x98, 0xBE,
-        0xB5, 0xF8, 0x78, 0x5F, 0x5C, 0x19, 0xAC, 0x92, 0x4D, 0x18,
-        0x0D, 0x7B, 0x6F, 0x8C, 0x90, 0xAB, 0x6B, 0x32, 0x3D, 0x51,
-        0x11, 0xBC, 0x80, 0xC4, 0xCF, 0x4A, 0xF4, 0x7F, 0xCC, 0x68,
-        0x92, 0x76, 0xF7, 0x9D, 0xF7, 0x07, 0x44, 0x8C, 0xB5, 0x4D,
-        0x53, 0x7E, 0xE2, 0x58, 0x42, 0xB5, 0x8E, 0xB3, 0xC7, 0x0C,
-        0x2F, 0xCA, 0x77, 0x2D, 0x56, 0x84, 0xCA, 0x98, 0x05, 0x09,
-        0x43, 0xA9, 0x0E, 0x92, 0x4B, 0x57, 0x27, 0x46, 0x31, 0xF0,
-        0xE3, 0xA4, 0x48, 0xD9, 0x42, 0x51, 0x32, 0xF0, 0x70, 0xA1,
-        0x72, 0xA9, 0x2B, 0x1D, 0xB1, 0x2A, 0x09, 0x96, 0xAE, 0x3E,
-        0x83, 0x41, 0x7B, 0x9B, 0x28, 0x6E, 0x85, 0xB7, 0xAD, 0x7F,
-        0x10, 0xA3, 0x54, 0xBF, 0x24, 0xB6, 0xFB, 0x6D, 0xA5, 0x9F,
-        0xE6, 0xBB, 0x33, 0x8A, 0x04, 0x83, 0x53, 0xFB, 0xB9, 0x79,
-        0xF7, 0x76, 0xC9, 0x43, 0xC7, 0xE4, 0xB5, 0xE7, 0x19, 0x56,
-        0x72, 0x55, 0xAC, 0x1D, 0xA8, 0xE4, 0xD8, 0x0C, 0x66, 0x15,
-        0x7F, 0x17, 0x08, 0xB9, 0x33, 0x4B, 0x9C, 0x84, 0xDA, 0x49,
-        0x9F, 0x1B, 0x42, 0x85, 0x0F, 0x4B, 0xC0, 0x70, 0x35, 0x23,
-        0x34, 0xD9, 0x3C, 0x76, 0xF9, 0x22, 0x5C, 0x1A, 0xE9, 0x81,
-        0xE5, 0x31, 0xA3, 0xF1, 0xB7, 0x7F, 0xE2, 0x75, 0x42, 0x27,
-        0x82, 0xC7, 0xBA, 0x68, 0x20, 0x0E, 0xAC, 0xD0, 0x32, 0x28,
-        0xB5, 0x99, 0x71, 0xBA, 0x48, 0x2C, 0x95, 0xA5, 0xC8, 0x65,
-        0x2E, 0x19, 0x70, 0xAD, 0x12, 0x3A, 0xAD, 0x83, 0x87, 0x15,
-        0xA7, 0xEA, 0x9D, 0x6E, 0x11, 0x94, 0x95, 0x23, 0x51, 0xDA,
-        0x5F, 0x67, 0xBD, 0xDD, 0xA7, 0xF9, 0xF8, 0x76, 0xE4, 0x3C,
-        0x83, 0x0A, 0xAB, 0xBE, 0x6A, 0xB0, 0xC5, 0xA8, 0xBE, 0xD9,
-        0xDD, 0xBC, 0x4E, 0xA6, 0xCF, 0x91, 0xB3, 0x42, 0x30, 0x96,
-        0x8E, 0x45, 0xC6, 0x1F, 0x55, 0x6B, 0x2C, 0x0A, 0xBC, 0x9F,
-        0x69, 0x65, 0x98, 0x34, 0x95, 0x6A, 0x1E, 0x86, 0x78, 0x8B,
-        0x26, 0x4F, 0x05, 0x76, 0x03, 0x22, 0xCB, 0x72, 0xF1, 0xD0,
-        0x1A, 0x64, 0x19, 0xC7, 0x21, 0x5C, 0x51, 0xD0, 0x6C, 0x0B,
-        0xDA, 0xB9, 0x67, 0x7A, 0x83, 0xC3, 0x1E, 0x16, 0x27, 0x4A,
-        0x00, 0x5F, 0xBA, 0x0E, 0x45, 0x81, 0x6E, 0xE7, 0x5B, 0x5A,
-        0x8F, 0x0D, 0x6D, 0x47, 0xB1, 0x30, 0xA7, 0x42, 0x1E, 0xA9,
-        0x8A, 0x27, 0x4A, 0xB0, 0x60, 0x2F, 0xA9, 0x12, 0x42, 0xD6,
-        0x7F, 0x10, 0x01, 0xF3, 0x59, 0xD2, 0x40, 0x11, 0x19, 0x92,
-        0xFE, 0x80, 0x25, 0x1B, 0x60, 0xDC, 0x02, 0x7B, 0x10, 0x45,
-        0x17, 0x66, 0x70, 0xB9, 0x64, 0x4A, 0xBA, 0xAD, 0xBF, 0x55,
-        0x7C, 0xB3, 0xD8, 0x18, 0x6D, 0x16, 0x53, 0xED, 0x89, 0xE5,
-        0xD2, 0x50, 0xFA, 0xA8, 0xFE, 0x74, 0x67, 0xC4, 0x35, 0x4C,
-        0xC4, 0xBE, 0x52, 0x9A, 0x8E, 0xBB, 0xB6, 0xE0, 0xAF, 0x52,
-        0x57, 0x3D, 0x99, 0x79, 0x10, 0xB8, 0xE6, 0xAB, 0x24, 0x9E,
-        0x75, 0xC2, 0x2A, 0xFB, 0xDB, 0xF8, 0xE0, 0x02, 0xCB, 0x49,
-        0x56, 0x52, 0x6B, 0x8C, 0xFA, 0x8E, 0xCF, 0xFA, 0x18, 0x50,
-        0xDD, 0x98, 0x49, 0xEC, 0xA8, 0x08, 0x6C, 0x60, 0xC0, 0x68,
-        0xBF, 0x7B, 0x49, 0xB4, 0xE6, 0x49, 0x59, 0x6E, 0x65, 0x0E,
-        0x41, 0xEA, 0x64, 0xC8, 0xD3, 0x1A, 0x9F, 0x39, 0xAE, 0xEB,
-        0x3C, 0x88, 0xFB, 0x40, 0xDC, 0xB8, 0x07, 0x82, 0x56, 0x01,
-        0xAC, 0x04, 0x0B, 0x6B, 0x0B, 0x15, 0xAA, 0x4F, 0xD2, 0x04,
-        0xF3, 0x65, 0xCD, 0xF7, 0x32, 0xB1, 0x95, 0xC4, 0x91, 0xB8,
-        0x63, 0x02, 0x26, 0x47, 0x1D, 0x6E, 0x6D, 0xCF, 0x3D, 0x39,
-        0x3D, 0xDC, 0x18, 0x33, 0xD8, 0xF5, 0x8C, 0xB0, 0x69, 0x53,
-        0x48, 0x86, 0x14, 0x50, 0xA3, 0x65, 0xEE, 0x2C, 0x2F, 0x72,
-        0xF7, 0x43, 0xE7, 0xEA, 0xA0, 0x3E, 0x3C, 0x30, 0x33, 0xD9,
-        0x1D, 0x6E, 0x5D, 0xCB, 0xE1, 0xE0, 0x8D, 0x95, 0xD2, 0x58,
-        0x8D, 0xD5, 0xB3, 0x1C, 0x22, 0x28, 0x6A, 0xBB, 0xB3, 0x09,
-        0xB1, 0x91, 0x60, 0xE2, 0xC6, 0x48, 0x11, 0xF0, 0x49, 0xB6,
-        0xE9, 0xEF, 0x4B, 0xC6, 0xDB, 0xB1, 0xBF, 0x6C, 0xB2, 0x92,
-        0x5C, 0x65, 0x91, 0x67, 0x81, 0x9C, 0x71, 0x5A, 0x2C, 0xFE,
-        0xC8, 0xF9, 0xF5, 0x96, 0x7D, 0x3E, 0xBB, 0x7F, 0xEF, 0xF7,
-        0xBF, 0xF8, 0xAC, 0xCF, 0xA6, 0x6F, 0x28, 0x9C, 0x09, 0x65,
-        0x8F, 0xF7, 0xDC, 0xEF, 0x3E, 0x4B, 0xCD, 0x6D, 0x97, 0xD3,
-        0xCC, 0x9C, 0xF7, 0xF2, 0x4C, 0xE6, 0x64, 0x31, 0xE8, 0x1E,
-        0xDE, 0x56, 0xAE, 0xA6, 0x04, 0xFB, 0xED, 0x2E, 0x3F, 0x23,
-        0x7D, 0xBC, 0x6D, 0xCC, 0x4B, 0xD4, 0x9E, 0x06, 0x83, 0xE1,
-        0x95, 0xAE, 0xC4, 0xAA, 0x6E, 0xFF, 0x9E, 0x1C, 0xB9, 0x07,
-        0x60, 0x6D, 0xD5, 0x09, 0x06, 0x30, 0x0C, 0x3F, 0xB5, 0xE8,
-        0x8B, 0x01, 0x94, 0x1B, 0x84, 0xE9, 0xB7, 0x37, 0x03, 0xA7,
-        0xAF, 0x4B, 0x63, 0x3F, 0xD2, 0x57, 0xBB, 0xB8, 0xBF, 0xE2,
-        0x53, 0x4F, 0xA1, 0x9E, 0xC7, 0x4C, 0xDA, 0x89, 0x25, 0x0E,
-        0x7E, 0xC9, 0x44, 0x7F, 0x4C, 0x02, 0x7F, 0xA4, 0x08, 0xEC,
-        0x7F, 0x44, 0xEA, 0xF7, 0xCF, 0x1B, 0x19, 0xFA, 0x6A, 0x0A,
-        0x3E, 0xE1, 0xF4, 0x78, 0xDF, 0x93, 0xAB, 0x86, 0x9E, 0xE1,
-        0x31, 0xBF, 0x70, 0x20, 0x8B, 0x87, 0xCE, 0xFC, 0x84, 0x03,
-        0x8D, 0xF1, 0x25, 0xE6, 0x88, 0x30, 0x79, 0x63, 0xAF, 0x5C,
-        0x3B, 0x84, 0xA9, 0xB8, 0x89, 0xB4, 0x23, 0x58, 0x78, 0xF9,
-        0xAB, 0x76, 0x1B, 0x20, 0x56, 0xDB, 0x9E, 0xFE, 0x59, 0x29,
-        0xB9, 0x8C, 0xD7, 0x4E, 0xA4, 0x5C, 0x7F, 0x40, 0xA8, 0xEB,
-        0x0D, 0x90, 0xBA, 0x30, 0x68, 0x5E, 0x9C, 0x90, 0xBE, 0xD4,
-        0x43, 0x4B, 0x67, 0x27, 0xE7, 0x7D, 0x06, 0xB8, 0xF0, 0x96,
-        0xEF, 0xF4, 0x47, 0x5F, 0x8E, 0xCA, 0x46, 0x85, 0x3C, 0x94,
-        0x9E, 0xDE, 0x09, 0x40, 0x45, 0xB3, 0x69, 0xF1, 0x8F, 0x90,
-        0xF5, 0x5C, 0x22, 0x69, 0xBF, 0x5F, 0x11, 0x66, 0xD9, 0xDC,
-        0x37, 0x6A, 0x2C, 0xAF, 0x72, 0x66, 0xC8, 0x28, 0xEA, 0x59,
-        0x71, 0xB1, 0x7F, 0x10, 0xA5, 0xBC, 0x42, 0x99, 0xF6, 0xD6,
-        0xB4, 0xC4, 0x18, 0x49, 0x72, 0x37, 0xF3, 0xCD, 0x01, 0xD6,
-        0xAB, 0x2A, 0xFE, 0x1A, 0xBC, 0x52, 0x15, 0x38, 0x30, 0xF2,
-        0x4F, 0xC0, 0xD3, 0x5B, 0x91, 0x5A, 0x55, 0xD1, 0x82, 0x5A,
-        0x50, 0xE8, 0x16, 0x8C, 0x3D, 0xC8, 0x97, 0x3D, 0x2A, 0xA9,
-        0xF3, 0xEA, 0x48, 0x57, 0x51, 0x29, 0xB0, 0x81, 0x4D, 0x6B,
-        0x69, 0xFE, 0xF8, 0xA8, 0xE0, 0x5F, 0xF4, 0x98, 0xBE, 0x3D,
-        0x39, 0xB6, 0x10, 0x3E, 0x70, 0x16, 0x60, 0x46, 0xA1, 0x74,
-        0x5C, 0xF5, 0x53, 0x24, 0xF4, 0x56, 0x33, 0x97, 0x18, 0xB6,
-        0x4A, 0x91, 0xE1, 0xF4, 0x36, 0x11, 0x80, 0xCF, 0xDE, 0xE3,
-        0x7C, 0x8C, 0x27, 0xC9, 0x29, 0xA6, 0xCC, 0xA2, 0xE3, 0x61,
-        0xED, 0x46, 0x10, 0x0D, 0x43, 0x1D, 0x63, 0xB2, 0x4B, 0xC0,
-        0xFF, 0x79, 0x2D, 0x6D, 0xD1, 0x0E, 0xD4, 0x73, 0x24, 0xE2,
-        0xFE, 0x07, 0x15, 0xC4, 0xB3, 0xFC, 0xDA, 0x14, 0x44, 0x81,
-        0x89, 0xA9, 0x16, 0xEF, 0x8C, 0x60, 0xEE, 0x2D, 0xBC, 0x81,
-        0xF1, 0xD8, 0xE1, 0x37, 0x5D, 0xC0, 0xD2, 0xA5, 0x8C, 0xF9,
-        0xAF, 0xAA, 0xBE, 0xF6, 0x46, 0x65, 0xEB, 0x53, 0x97, 0x2F,
-        0xDA, 0x28, 0x66, 0x29, 0x67, 0x1F, 0x1F, 0x0A, 0x61, 0x61,
-        0x66, 0x61, 0xF2, 0xA7, 0x1F, 0x1C, 0x30, 0x1F, 0xDD, 0xDE,
-        0xAB, 0xC7, 0x6C, 0x1C, 0xED, 0xC8, 0xDC, 0x09, 0xBA, 0xF9,
-        0x93, 0x76, 0x4C, 0xCC, 0xAE, 0xF5, 0x2D, 0xA4, 0xAB, 0x3F,
-        0xA0, 0x42, 0x4E, 0x8F, 0x28, 0x87, 0xE1, 0x64, 0xCA, 0xF4,
-        0xB6, 0xAC, 0x39, 0x1E, 0x1C, 0xF2, 0x69, 0xFF, 0x30, 0x3B,
-        0x2F, 0x5C, 0xB2, 0x82, 0xD8, 0x28, 0x2D, 0xA8, 0x2C, 0xDA,
-        0x6D, 0x76, 0x38, 0xFC, 0x50, 0x6F, 0xA4, 0xB9, 0x52, 0x9F,
-        0xD5, 0xFA, 0x94, 0xDC, 0x54, 0xED, 0xD9, 0x10, 0x6F, 0xDA,
-        0x7E, 0x5E, 0x8A, 0xFB, 0xB3, 0x68, 0xD0, 0xD1, 0x25, 0x77,
-        0x7E, 0x8B, 0x91, 0x68, 0x4E, 0xF4, 0x74, 0x99, 0x77, 0xB8,
-        0x5C, 0xCE, 0xCC, 0x3D, 0x54, 0xA8, 0xD8, 0x4F, 0x01, 0x30,
-        0x37, 0xB0, 0x82, 0x42, 0xB9, 0xB1, 0xBF, 0x83, 0xC8, 0xB6,
-        0x40, 0x7F, 0xF2, 0xD8, 0x3C, 0xBD, 0x63, 0xCB, 0x23, 0x34,
-        0xA4, 0xFB, 0x4C, 0xE0, 0x8B, 0x85, 0xA4, 0xA9, 0x7B, 0xA4,
-        0x78, 0x86, 0xD4, 0xE9, 0x68, 0xA4, 0x40, 0x8D, 0xBC, 0x56,
-        0x44, 0x8B, 0x24, 0x80, 0x6B, 0xC1, 0x84, 0xEC, 0xB3, 0x70,
-        0x01, 0x0A, 0xFE, 0xED, 0x7D, 0xD9, 0x7E, 0xAB, 0x89, 0xDB,
-        0xE3, 0x90, 0x5C, 0x6A, 0x75, 0x8E, 0x16, 0xF2, 0x0A, 0xFE,
-        0x9E, 0x08, 0xC8, 0xB2, 0x35, 0x3C, 0xC3, 0x20, 0x29, 0xD4,
-        0x8A, 0xA6, 0x58, 0x25, 0x43, 0x9B, 0x27, 0xAE, 0xBF, 0xC7,
-        0x50, 0x82, 0x9F, 0x04, 0x88, 0x4C, 0xB0, 0x4E, 0x38, 0xA5,
-        0x84, 0xC1, 0xBA, 0x6A, 0xA7, 0x16, 0x85, 0x76, 0xF5, 0x21,
-        0x15, 0x3F, 0x00, 0x2C, 0x0A, 0xBD, 0x18, 0x66, 0x0C, 0xD1,
-        0x46, 0x33, 0x1A, 0xF3, 0x85, 0x34, 0x68, 0x49, 0x05, 0x10,
-        0x85, 0xF9, 0x61, 0xD6, 0xB6, 0x97, 0xFC, 0xAA, 0x2C, 0xBC,
-        0xF1, 0x75, 0xF3, 0xFC, 0x57, 0x20, 0x54, 0xF2, 0x02, 0x5E,
-        0xAB, 0xDD, 0x19, 0x31, 0xAB, 0x97, 0x5F, 0x11, 0x4F, 0xCE,
-        0x4F, 0xB9, 0xBB, 0xA2, 0x01, 0x51, 0x48, 0x5A, 0x2C, 0x52,
-        0xAD, 0x58, 0x00, 0x22, 0x41, 0x4D, 0x24, 0x68, 0x9F, 0xD9,
-        0x13, 0x5C, 0x55, 0x0A, 0x62, 0xAD, 0x3E, 0x29, 0x86, 0x34,
-        0x3B, 0x2D, 0x34, 0xBE, 0x0A, 0xDB, 0x85, 0x3A, 0x41, 0x2C,
-        0x30, 0x56, 0x65, 0x04, 0x0A, 0x20, 0x31, 0x2A, 0xF3, 0x88,
-        0x4C, 0x38, 0x64, 0x86, 0x14, 0x06, 0xF5, 0xF0, 0x7F, 0x63,
-        0xC1, 0x87, 0x24, 0x39, 0xFB, 0xC0, 0xC2, 0x6B, 0x57, 0xB3,
-        0xA9, 0x7C, 0x21, 0xD7, 0x17, 0xB5, 0x23, 0x89, 0x8B, 0x9A,
-        0x53, 0xC6, 0x26, 0xD6, 0xC1, 0xD8, 0x3B, 0xD2, 0x30, 0x0B,
-        0x30, 0x76, 0xB3, 0x21, 0x2B, 0xCF, 0x64, 0xB8, 0xCD, 0x8C,
-        0xB9, 0x33, 0x73, 0xA5, 0x19, 0x5C, 0xBB, 0x4A, 0x6F, 0x9E,
-        0xA7, 0x62, 0x61, 0x1C, 0x32, 0xBB, 0x3E, 0x1B, 0x8A, 0xAC,
-        0xE5, 0xE1, 0xA9, 0xDD, 0x50, 0xFB, 0x3B, 0xCF, 0xB6, 0x49,
-        0x7B, 0xED, 0x1A, 0x7E, 0x8E, 0x73, 0xAE, 0x8B, 0x31, 0x06,
-        0x11, 0xC4, 0x84, 0x4C, 0xCA, 0x6D, 0x5A, 0x79, 0x50, 0x2E,
-        0x66, 0x90, 0x0A, 0x13, 0x86, 0x15, 0x78, 0x06, 0xAD, 0x5D,
-        0x8C, 0x5E, 0xC8, 0x73, 0xB0, 0x82, 0xFB, 0x03, 0xE6, 0x30,
-        0xE7, 0x0B, 0x99, 0xF0, 0xD9, 0x8C, 0x2C, 0xFA, 0x34, 0xAB,
-        0x8B, 0xDD, 0x06, 0x2F, 0x39, 0xE0, 0x53, 0x37, 0x61, 0x3D,
-        0xC3, 0x77, 0x4C, 0x9F, 0x66, 0x95, 0x81, 0x94, 0x0A, 0xE5,
-        0xCE, 0x59, 0xA1, 0x83, 0x5C, 0x77, 0xBD, 0xF5, 0xAD, 0xE2,
-        0x9C, 0x10, 0x64, 0x22, 0xAD, 0x99, 0x02, 0x3F, 0x6A, 0xB2,
-        0x96, 0x2C, 0xF3, 0x21, 0xEB, 0x5A, 0x7D, 0xFC, 0x02, 0x9B,
-        0x53, 0x94, 0xB1, 0x88, 0x3E, 0x07, 0x78, 0x31, 0x8F, 0xDF,
-        0xDA, 0xAF, 0xB7, 0x55, 0xC9, 0x30, 0x74, 0x61, 0xD1, 0x75,
-        0x15, 0xF1, 0x29, 0xB0, 0x8B, 0xD9, 0x19, 0xB3, 0x2E, 0x8C,
-        0x3C, 0x4C, 0xED, 0x22, 0x0B, 0x07, 0xEC, 0xA8, 0x2B, 0x26,
-        0xBA, 0x2A, 0xE3, 0xEB, 0x91, 0x2C, 0xDF, 0x28, 0xFD, 0xE3,
-        0x12, 0x6D, 0xA8, 0x8C, 0xA9, 0xA0, 0x18, 0xAE, 0x18, 0xC4,
-        0x05, 0x53, 0xF6, 0xF7, 0x69, 0xEF, 0xBB, 0xF8, 0xFF, 0x55,
-        0xD9, 0x4E, 0xA0, 0xC9, 0x58, 0x38, 0x67, 0x31, 0xE7, 0x5C,
-        0x46, 0x41, 0x58, 0x26, 0x48, 0x8C, 0x82, 0x91, 0xE4, 0x46,
-        0x91, 0xE0, 0xA4, 0x4F, 0xA5, 0xFD, 0x28, 0x14, 0xC8, 0x07,
-        0x73, 0xB9, 0x20, 0x7D, 0x94, 0xAF, 0xDC, 0xBF, 0x4A, 0x55,
-        0xA8, 0x82, 0xBF, 0x6D, 0x22, 0xD2, 0xFF, 0x18, 0x5E, 0xFB,
-        0xC4, 0xDE, 0x8B, 0x12, 0x58, 0x1E, 0x05, 0x51, 0x4A, 0x31,
-        0x54, 0x26, 0xA5, 0xFD, 0x36, 0xED, 0x14, 0x80, 0x4E, 0x3F,
-        0xB2, 0x4F, 0x43, 0x70, 0xAF, 0x63, 0x77, 0x86, 0x68, 0xF4,
-        0x35, 0xC2, 0x4E, 0x57, 0x43, 0x63, 0x06, 0x07, 0x21, 0xCE,
-        0x61, 0xDD, 0x5D, 0x1D, 0xA3, 0xF7, 0x24, 0x72, 0xED, 0x73,
-        0x6A, 0xA0, 0xE6, 0x9C, 0x1A, 0xA3, 0xCF, 0x98, 0x47, 0xC2,
-        0xE1, 0x29, 0x22, 0x1B, 0x7C, 0x14, 0x0E, 0xE2, 0x6B, 0x58,
-        0x54, 0xA7, 0x3E, 0x0F, 0x07, 0x1D, 0xAB, 0xFD, 0x1C, 0x1E,
-        0xE0, 0x24, 0xCB, 0x2B, 0xC8, 0x7D, 0x90, 0x83, 0x8D, 0x46,
-        0x43, 0xB4, 0x30, 0x39, 0x26, 0x29, 0xEE, 0xAF, 0x67, 0x61,
-        0x4C, 0x16, 0xF1, 0xF4, 0x01, 0x55, 0x71, 0x30, 0x1B, 0x18,
-        0xC2, 0xF3, 0x8A, 0x26, 0x52, 0x63, 0xD0, 0xEA, 0x66, 0x04,
-        0xD7, 0xCC, 0x09, 0xF1, 0x66, 0x62, 0xD1, 0x29, 0xFD, 0xCE,
-        0x0A, 0x85, 0xD5, 0x2C, 0x5B, 0x0D, 0xC3, 0x53, 0x8F, 0x45,
-        0xA1, 0x95, 0xEE, 0xAF, 0xC3, 0xC5, 0xEE, 0xE6, 0xCE, 0x4A,
-        0x33, 0xDB, 0x8B, 0x29, 0x79, 0xBC, 0xF7, 0xC5, 0x33, 0xCD,
-        0xC1, 0x74, 0x25, 0x69, 0xEC, 0x75, 0xA4, 0x05, 0x1D, 0x6D,
-        0x6E, 0xEC, 0x77, 0xDC, 0xF9, 0x08, 0xB1, 0xFA, 0x38, 0x7F,
-        0x8E, 0xDF, 0x74, 0x10, 0x27, 0x19, 0x52, 0xAB, 0x6B, 0x08,
-        0xEB, 0x51, 0x22, 0xE7, 0x79, 0xDA, 0x9F, 0xC0, 0xD2, 0x5E,
-        0x5C, 0x2A, 0xC7, 0xF8, 0x6B, 0xB6, 0x63, 0x06, 0x49, 0xB4,
-        0xDD, 0xEB, 0x20, 0x6F, 0x5A, 0x5E, 0x78, 0x79, 0xA5, 0xAF,
-        0x35, 0x6D, 0x36, 0xBA, 0xA4, 0x38, 0x98, 0x38, 0xD9, 0x59,
-        0x81, 0x16, 0x8C, 0xCE, 0x78, 0xCA, 0xD1, 0x86, 0x8B, 0x3A,
-        0xD9, 0xA5, 0x5B, 0x7C, 0x53, 0x24, 0xB8, 0xD2, 0x2B, 0x09,
-        0x73, 0x04, 0x87, 0x3E, 0x39, 0x64, 0x42, 0x5A, 0xE1, 0xC8,
-        0x72, 0xD5, 0x00, 0x06, 0x06, 0x81, 0x91, 0x7A, 0x12, 0xA1,
-        0x91, 0xEC, 0xBF, 0xD6, 0xBC, 0xFD, 0x82, 0xDA, 0xEE, 0x3A,
-        0xB7, 0xF1, 0x54, 0xE3, 0xBD, 0xE5, 0xC0, 0x18, 0xE9, 0x5C,
-        0x49, 0x0C, 0xFA, 0x64, 0x80, 0x98, 0x5C, 0x44, 0x9B, 0x4A,
-        0x48, 0x3E, 0x0C, 0xBE, 0x5E, 0xBB, 0x68, 0xDA, 0x09, 0xD7,
-        0x00, 0x51, 0x5B, 0x13, 0x96, 0xC2, 0x8A, 0xCE, 0xB0, 0x8F,
-        0xDF, 0x84, 0x77, 0x70, 0x4B, 0x0F, 0x6E, 0xC7, 0x62, 0x47,
-        0xFA, 0xA8, 0x35, 0x18, 0x43, 0x93, 0x4C, 0x83, 0x13, 0x45,
-        0x74, 0x76, 0x19, 0xA7, 0x71, 0x98, 0x8C, 0x2E, 0xFC, 0xA9,
-        0x83, 0x64, 0xD1, 0xA3, 0x95, 0x33, 0x31, 0xDB, 0xA8, 0xC3,
-        0xB9, 0x72, 0x80, 0x58, 0xEC, 0xEB, 0xFC, 0xF3, 0x03, 0x44,
-        0xDC, 0x11, 0x06, 0x3A, 0x95, 0x81, 0x28, 0xDB, 0xAB, 0x36,
-        0xC4, 0x37, 0x0C, 0xD4, 0x6B, 0xAF, 0x04, 0xD0, 0x23, 0x3F,
-        0xDD, 0x08, 0x88, 0x06, 0x23, 0x39, 0xCF, 0xB2, 0xCF, 0x13,
-        0x27, 0xE1, 0x4E, 0x21, 0xDA, 0x81, 0x58, 0x29, 0x70, 0x2B,
-        0x26, 0xB7, 0xA7, 0x69, 0xA1, 0x86, 0xBC, 0xD9, 0x88, 0xED,
-        0x70, 0x61, 0x94, 0x2D, 0xCD, 0x47, 0x57, 0xD0, 0xBD, 0x07,
-        0x05, 0x7E, 0xA5, 0x35, 0x29, 0x15, 0xFA, 0x62, 0x7E, 0xB7,
-        0x2A, 0xEB, 0x4F, 0xC4, 0x0D, 0x6D, 0x2E, 0x6D, 0x8F, 0x53,
-        0x7C, 0x0B, 0x62, 0x72, 0xA5, 0x01, 0x5D, 0xD9, 0x52, 0xAF,
-        0x60, 0x22, 0x90, 0xD0, 0xE6, 0x37, 0x25, 0x57, 0x73, 0x66,
-        0xD5, 0x96, 0x6A, 0x23, 0x75, 0x43, 0xF7, 0x6A, 0xC8, 0x3E,
-        0xAC, 0x20, 0xC8, 0x8A, 0xE3, 0xD1, 0xB4, 0x07, 0x87, 0x8E,
-        0x3A, 0xEB, 0x43, 0x10, 0x91, 0x7F, 0x17, 0x96, 0x4B, 0x7A,
-        0x31, 0x2A, 0x84, 0xFC, 0xFE, 0xB1, 0x26, 0x67, 0xD6, 0xAD,
-        0xB8, 0xB7, 0x3D, 0x3A, 0x2F, 0xEE, 0x94, 0x2F, 0x05, 0xF1,
-        0xD8, 0x8E, 0xD4, 0x97, 0xAF, 0x36, 0xCE, 0x01, 0x18, 0x0B,
-        0x68, 0x41, 0x26, 0xEB, 0x38, 0x2B, 0xF6, 0xD2, 0x8A, 0x5A,
-        0x79, 0x02, 0xA1, 0xE4, 0x49, 0x48, 0xCF, 0x55, 0x2B, 0x74,
-        0x16, 0x63, 0x27, 0x9D, 0x25, 0xAA, 0x7F, 0x8A, 0x5D, 0x96,
-        0x68, 0xF3, 0x58, 0x7C, 0x10, 0xCF, 0x6A, 0xE3, 0xE2, 0x80,
-        0x90, 0xD3, 0x39, 0xF5, 0x62, 0x01, 0x33, 0x5F, 0xC2, 0xFD,
-        0xAD, 0xE6, 0x2A, 0xB2, 0x3D, 0x89, 0x99, 0x7B, 0x17, 0x35,
-        0xE4, 0x5C, 0x62, 0x10, 0x69, 0x10, 0x93, 0x57, 0x92, 0x15,
-        0x53, 0xEC, 0x82, 0x17, 0x00, 0xFC, 0x13, 0x49, 0x58, 0x79,
-        0x90, 0x36, 0x0D, 0x50, 0xA5, 0xFE, 0xAE, 0xE1, 0xB3, 0xAF,
-        0x40, 0x98, 0x3C, 0xB7, 0xAB, 0xC9, 0x0B, 0x2B, 0xE8, 0x31,
-        0x71, 0x0D, 0x47, 0xE1, 0xE0, 0x3D, 0xCB, 0xB0, 0x3E, 0x44,
-        0x00, 0x18, 0x66, 0xD5, 0x44, 0xEF, 0x58, 0x6A, 0xC3, 0x98,
-        0x86, 0x19, 0xBA, 0xCE, 0x24, 0xF0, 0x9A, 0xED, 0x55, 0xA9,
-        0x1F, 0x52, 0xB2, 0xBA, 0x1A, 0x2C, 0x71, 0x9F, 0xD7, 0xE6,
-        0xA1, 0x01, 0x64, 0x8B, 0x22, 0x22, 0x23, 0xC8, 0x2A, 0xBA,
-        0x13, 0x5A, 0xDD, 0xC4, 0x0C, 0x1A, 0x3C, 0x4F, 0x1E, 0x0B,
-        0x5B, 0xB5, 0x45, 0xA3, 0xDD, 0x4D, 0xE9, 0x00, 0x06, 0x60,
-        0x59, 0xFC, 0x48, 0xB2, 0x3E, 0x32, 0xBF, 0xF8, 0x74, 0x4E,
-        0x65, 0x9F, 0x89, 0x8D, 0xE4, 0x0C, 0xC1, 0x89, 0xCF, 0x19,
-        0xF0, 0xBC, 0x75, 0xDC, 0xE4, 0xEA, 0x23, 0x18, 0x23, 0xC2,
-        0xD2, 0xA4, 0x96, 0xA6, 0xC2, 0x73, 0x41, 0x1E, 0xD8, 0x9D,
-        0x02, 0x02, 0x35, 0x16, 0x61, 0x9B, 0x6F, 0xCC, 0x16, 0x80,
-        0x2B, 0xA5, 0xE2, 0x9B, 0x63, 0x9B, 0x4E, 0x75, 0xBD, 0xBD,
-        0xF3, 0x36, 0x16, 0x53, 0x6B, 0x34, 0x33, 0xF4, 0xBC, 0x05,
-        0x79, 0x8A, 0x1F, 0x23, 0xD8, 0x36, 0xCC, 0xDB, 0x37, 0x5A,
-        0x1E, 0xCE, 0x6D, 0x27, 0x7B, 0x6C, 0x66, 0x11, 0xE3, 0x96,
-        0xAD, 0xC3, 0xF9, 0x57, 0xF9, 0xA7, 0x4C, 0x4F, 0x8E, 0x97,
-        0x70, 0xB1, 0x70, 0xE9, 0x77, 0xF0, 0xC2, 0xD0, 0x79, 0x12,
-        0x79, 0x3F, 0xDB, 0x71, 0x66, 0x48, 0xDB, 0x5A, 0xFC, 0xA7,
-        0x8E, 0xE4, 0x1A, 0x93, 0xFE, 0x49, 0xF5, 0x7D, 0xEF, 0xC4,
-        0x4B, 0xC1, 0x10, 0x2A, 0xD6, 0xF0, 0x5D, 0xC4, 0x80, 0x8B,
-        0x9C, 0x2E, 0x44, 0xFB, 0x71, 0xD3, 0xA3, 0x80, 0xFB, 0x77,
-        0x60, 0x16, 0xAD, 0x0B, 0xEC, 0x75, 0x9A, 0x58, 0x4B, 0x6E,
-        0xD8, 0xFD, 0xE9, 0x41, 0x46, 0x85, 0x43, 0xFD, 0x82, 0x53,
-        0x51, 0x65, 0xF8, 0xD0, 0x26, 0x2B, 0xF2, 0xF9, 0xE9, 0x26,
-        0xD7, 0x15, 0x84, 0x31, 0x80, 0xAE, 0xFD, 0xA5, 0x30, 0x65,
-        0xEE, 0x52, 0xCA, 0x3C, 0x76, 0x16, 0x91, 0x5A, 0x26, 0x49,
-        0x1A, 0x28, 0xC7, 0x81, 0x10, 0x95, 0xB8, 0x96, 0x09, 0x50,
-        0x6D, 0xB1, 0x64, 0xA2, 0x87, 0xCF, 0x38, 0x3C, 0x3C, 0x6E,
-        0x0B, 0x96, 0x97, 0xFC, 0x81, 0xBD, 0x7D, 0xE7, 0xCC, 0xB6,
-        0xF7, 0xE8, 0x15, 0x05, 0xAF, 0xDE, 0x1C, 0x68, 0xC0, 0xCF,
-        0xF8, 0x68, 0x94, 0x90, 0x7B, 0x7D, 0x98, 0x57, 0xDC, 0x86,
-        0x6D, 0x69, 0xD6, 0x98, 0x62, 0x0F, 0x38, 0x99, 0x93, 0x99,
-        0x55, 0xD6, 0xA5, 0x8C, 0x94, 0x62, 0xCB, 0xD9, 0xE8, 0xA4,
-        0x7C, 0xDF, 0x21, 0xF4, 0x36, 0x65, 0xCF, 0x3F, 0xE4, 0x10,
-        0xA5, 0xB4, 0x71, 0x08, 0x65, 0x98, 0x59, 0x70, 0x19, 0x7E,
-        0x27, 0x13, 0x71, 0x3F, 0xD2, 0x91, 0x20, 0xFF, 0x53, 0xDB,
-        0xD2, 0xD4, 0x07, 0x3A, 0x49, 0x72, 0x05, 0x66, 0xED, 0x7D,
-        0xBC, 0x61, 0x70, 0x7F, 0x64, 0x41, 0xDD, 0xB3, 0x1B, 0x03,
-        0xB8, 0x20, 0xE1, 0x5D, 0x07, 0x39, 0xFC, 0xD2, 0x30, 0x72,
-        0xE8, 0x0F, 0xA7, 0xA2, 0x71, 0xE8, 0x3D, 0xD9, 0x2B, 0x5B,
-        0xB4, 0x97, 0x2B, 0xC3, 0x58, 0xE1, 0x2B, 0x0F, 0xAA, 0x8C,
-        0x5A, 0x72, 0xC7, 0xBB, 0xB6, 0x59, 0x2B, 0x73, 0x39, 0x9A,
-        0x20, 0xE5, 0x9A, 0x70, 0x30, 0x7B, 0x28, 0xBE, 0xD6, 0x6A,
-        0x04, 0x18, 0x41, 0xEF, 0x18, 0xCD, 0xB5, 0x69, 0xB6, 0x00,
-        0x50, 0xEE, 0xF9, 0x45, 0x2F, 0x86, 0xEE, 0x04, 0xBE, 0xF8,
-        0x88, 0x9E, 0x0D, 0xAC, 0x1B, 0xA9, 0xD1, 0xC1, 0xA5, 0x3E,
-        0xF6, 0xD9, 0x78, 0x99, 0x9D, 0x2E, 0x26, 0x6C, 0xCA, 0x7C,
-        0x4C, 0xC7, 0xAF, 0xAB, 0xF0, 0xBB, 0x93, 0x32, 0x03, 0x22,
-        0xAF, 0x27, 0x6A, 0x9F, 0x53, 0x77, 0xA9, 0x6C, 0x83, 0xA2,
-        0x46, 0x15, 0x61, 0x6C, 0xB3, 0x08, 0x6F, 0x5B, 0x85, 0x73,
-        0x8A, 0xCD, 0x8A, 0xB0, 0x70, 0xAC, 0xA5, 0x22, 0x18, 0x87,
-        0x54, 0x91, 0x6B, 0x34, 0x7F, 0x0B, 0x4E, 0xCA, 0x44, 0xB3,
-        0xBE, 0xB0, 0x77, 0x28, 0x85, 0x73, 0xDD, 0x29, 0x70, 0x53,
-        0xD9, 0xA2, 0x4F, 0x12, 0xCB, 0x41, 0xFD, 0x99, 0x27, 0xC7,
-        0xA9, 0xCF, 0xB7, 0x5B, 0xFB, 0xCC, 0x77, 0xBA, 0x12, 0xE1,
-        0xD6, 0xF6, 0x7C, 0x22, 0xB4, 0xED, 0xB0, 0xA0, 0x71, 0x59,
-        0xD2, 0xF3, 0x14, 0xB2, 0x7C, 0x4A, 0x0A, 0xD6, 0x43, 0x10,
-        0xA0, 0xF6, 0xC0, 0x6F, 0xB4, 0x31, 0x8F, 0x7B, 0xF8, 0x5A,
-        0xC9, 0x91, 0x0F, 0x7A, 0xE5, 0xDF, 0x29, 0x11, 0x66, 0xFF,
-        0x4C, 0x73, 0xA6, 0xC7, 0xA0, 0xCC, 0x7B, 0x73, 0x79, 0x36,
-        0x1D, 0x5E, 0x7C, 0xE2, 0xC9, 0xF7, 0x56, 0xC4, 0x88, 0x71,
-        0xC1, 0x03, 0xEE, 0xE7, 0xE0, 0xEE, 0x12, 0xD7, 0x3D, 0x3A,
-        0xB2, 0x91, 0x51, 0xE1, 0x18, 0xFE, 0x66, 0x22, 0x84, 0xA6,
-        0xC3, 0xD2, 0x54, 0xE9, 0xE5, 0xF8, 0xDB, 0xF1, 0xF9, 0x6A,
-        0x01, 0x61, 0xCF, 0x3D, 0xDA, 0x89, 0x5B, 0xED, 0x89, 0x10,
-        0xBA, 0x18, 0xB8, 0xBA, 0x66, 0x38, 0x0D, 0x37, 0xEC, 0x1E,
-        0xF7, 0x06, 0xD6, 0xC0, 0x84, 0x06, 0x2F, 0x43, 0xBD, 0x50,
-        0xA0, 0x05, 0x9B, 0x50, 0xCD, 0xBB, 0xB7, 0x93, 0xF0, 0x70,
-        0x50, 0xB7, 0x03, 0x0F, 0x27, 0x70, 0x47, 0x8E, 0xEB, 0x14,
-        0xE0, 0x81, 0xBC, 0x7F, 0xA5, 0x60, 0xB0, 0x09, 0xCA, 0x38,
-        0xCB, 0x59, 0x85, 0x49, 0xB3, 0xD4, 0x29, 0x50, 0xE1, 0x04,
-        0xBD, 0x9F, 0x6C, 0xA5, 0x76, 0xCB, 0xE6, 0x79, 0xED, 0xDD,
-        0xB8, 0x98, 0xA9, 0x94, 0xDD, 0xD3, 0x2E, 0xE0, 0xEA, 0xCD,
-        0xD3, 0x34, 0xDA, 0x78, 0xBE, 0x7A, 0xC9, 0x8C, 0xD6, 0x12,
-        0x5B, 0xD0, 0x36, 0x11, 0x79, 0x52, 0xCA, 0xA1, 0xCC, 0x3D,
-        0x5B, 0x1F, 0x35, 0x80, 0xCC, 0x56, 0xDA, 0xC9, 0x88, 0xB7,
-        0xD3, 0x28, 0x86, 0x6F, 0x4E, 0x20, 0x56, 0x56, 0x62, 0x12,
-        0x79, 0xDA, 0x3F, 0x75, 0xEC, 0x89, 0xDC, 0x90, 0x44, 0xAE,
-        0xB8, 0x0E, 0x34, 0x76, 0xF9, 0xAE, 0xDF, 0x2C, 0x28, 0x0F,
-        0xCF, 0x28, 0x0B, 0x7B, 0x8A, 0xC4, 0x9B, 0x0B, 0x3C, 0x3E,
-        0xC2, 0x70, 0x88, 0x71, 0xED, 0x3B, 0x3D, 0x61, 0x73, 0xDC,
-        0x1B, 0x1A, 0x89, 0x16, 0xE2, 0x36, 0x50, 0x96, 0x38, 0x44,
-        0xB1, 0xB6, 0x23, 0xB1, 0x83, 0x51, 0x43, 0x7C, 0x37, 0x9C,
-        0x83, 0xDB, 0x63, 0x3E, 0x02, 0x42, 0xFA, 0xE9, 0x0B, 0x22,
-        0xCB, 0xA5, 0x1F, 0x09, 0x03, 0x1C, 0xD0, 0xAD, 0xCB, 0xEE,
-        0xB5, 0x3F, 0xFC, 0xCD, 0x80, 0x04, 0x63, 0x44, 0x4F, 0x3F,
-        0x2B, 0x17, 0x66, 0xE0, 0xA7, 0x1E, 0xA2, 0xB5, 0xE3, 0xD3,
-        0x23, 0x76, 0xF9, 0x75, 0x7C, 0x39, 0x5C, 0x6A, 0x64, 0xF8,
-        0x61, 0xDE, 0x66, 0x3F, 0xCD, 0x4F, 0x06, 0xEF, 0x9C, 0xCA,
-        0x43, 0xA9, 0x32, 0x30, 0xDC, 0xB8, 0xA2, 0xE0, 0xAA, 0xEB,
-        0x4D, 0x30, 0x8D, 0x0C, 0xD1, 0x5E, 0x04, 0xEE, 0xED, 0x46,
-        0x07, 0x9C, 0xF4, 0xD8, 0xD5, 0x78, 0x9A, 0x51, 0x93, 0xC6,
-        0x95, 0x5C, 0x12, 0x48, 0x2B, 0x92, 0x7A, 0xE4, 0x57, 0x3D,
-        0x37, 0xEC, 0xA0, 0x19, 0xEC, 0x0A, 0x45, 0x0B, 0xFE, 0x9F,
-        0x5F, 0xA0, 0xB3, 0x05, 0xEE, 0xF9, 0x87, 0x76, 0x5C, 0xC1,
-        0xAD, 0x92, 0x79, 0x50, 0xAC, 0x70, 0xB6, 0xE8, 0xBB, 0x7C,
-        0xCA, 0xC2, 0x49, 0xAD, 0xB0, 0xDA, 0xD0, 0x28, 0x90, 0xC2,
-        0xEE, 0x3D, 0x4C, 0xCD, 0xC8, 0x41, 0x89, 0x5C, 0x65, 0xB9,
-        0x1C, 0xCA, 0x67, 0x7B, 0xEF, 0x0D, 0x7B, 0x69, 0x4B, 0x8E,
-        0x51, 0x0D, 0xF7, 0x70, 0xB7, 0xB3, 0x4E, 0xC8, 0x87, 0x8D,
-        0xD1, 0xDD, 0x20, 0x11, 0x3C, 0x34, 0xA3, 0x3B, 0x6F, 0xDD,
-        0xF5, 0xB2, 0xB1, 0x21, 0x9A, 0xE0, 0x4A, 0xF0, 0xB9, 0xEB,
-        0x64, 0xDB, 0xC6, 0xD6, 0x64, 0x8F, 0x1A, 0x2C, 0x40, 0x0A,
-        0x24, 0xF4, 0x0C, 0x0F, 0x60, 0x04, 0xBA, 0x9D, 0x3A, 0xE7,
-        0x05, 0x58, 0xB5, 0x29, 0xD4, 0xD3, 0x64, 0xED, 0xCE, 0x47,
-        0x7B, 0xB0, 0x6E, 0xCC, 0x2F, 0x46, 0x3A, 0xFE, 0x11, 0xC6,
-        0x6B, 0x91, 0x51, 0x6A, 0x17, 0xCD, 0x03, 0x35, 0x0E, 0x1C,
-        0x0E, 0x8B, 0xDD, 0x46, 0x4F, 0x5D, 0x9A, 0x5C, 0xE1, 0x14,
-        0x99, 0xE8, 0xF2, 0xA4, 0xED, 0xCF, 0x6F, 0xC6, 0xC1, 0x67,
-        0x36, 0x49, 0x1F, 0x1E, 0x42, 0x92, 0x4D, 0x32, 0x05, 0x4E,
-        0xA6, 0xD7, 0xC0, 0xEC, 0xB0, 0x3E, 0xFD, 0xA1, 0xA7, 0x08,
-        0x6B, 0xE8, 0x7F, 0xCD, 0xF8, 0x3C, 0x53, 0x58, 0x4C, 0x97,
-        0xE6, 0x8D, 0xFE, 0xA9, 0x49, 0x61, 0xD1, 0xF0, 0xA0, 0xC7,
-        0xB4, 0x4F, 0xBE, 0xDD, 0x90, 0x92, 0x0B, 0xA0, 0x5E, 0x69,
-        0xAC, 0xDA, 0x26, 0x99, 0xF8, 0xE3, 0x07, 0xB5, 0xB9, 0xB7,
-        0x48, 0xC7, 0xA3, 0x64, 0x3E, 0xA0, 0xB6, 0xC1, 0xF8, 0x6E,
-        0x23, 0xA3, 0x11, 0x52, 0xA8, 0x26, 0xBD, 0x1C, 0xAD, 0xEB,
-        0xF7, 0xDF, 0xC6, 0x35, 0xB4, 0x92, 0xE5, 0xB0, 0x5B, 0x53,
-        0x55, 0xAA, 0x6E, 0xAD, 0x36, 0x4B, 0xF0, 0xE5, 0x9E, 0x32,
-        0xB6, 0xFF, 0x1C, 0x01, 0x35, 0x20, 0x5E, 0xAD, 0x3E, 0xA3,
-        0x01, 0x5D, 0xA0, 0xC5, 0x1B, 0xC8, 0x69, 0xB8, 0xF2, 0x2B,
-        0x2B, 0x69, 0xC4, 0x4E, 0xA3, 0xC6, 0x1C, 0xFE, 0xCC, 0x0C,
-        0x79, 0x6E, 0xDD, 0xD4, 0x59, 0x93, 0x51, 0xA2, 0x41, 0x3A,
-        0x7A, 0x7D, 0x19, 0x5C, 0x1A, 0x91, 0x3C, 0x68, 0x00, 0x42,
-        0x58, 0x51, 0x26, 0x11, 0x1A, 0x1E, 0xDE, 0x3B, 0x64, 0x16,
-        0xBC, 0xDC, 0x5A, 0xF7, 0x7E, 0x80, 0x04, 0x63, 0xED, 0xDB,
-        0x68, 0x74, 0xC2, 0x6B, 0x36, 0x67, 0xFC, 0x81, 0xB3, 0x64,
-        0xBC, 0xAC, 0xA4, 0x56, 0x55, 0x77, 0x86, 0x74, 0xE2, 0x68,
-        0x02, 0xD5, 0x5A, 0x84, 0x8F, 0x0E, 0x7F, 0xA1, 0xE9, 0xA5,
-        0x30, 0xEB, 0xB4, 0x3E, 0x31, 0x09, 0x7F, 0xE2, 0x21, 0x35,
-        0x4F, 0xFA, 0x61, 0xD2, 0x42, 0xB5, 0xCC, 0x31, 0xDE, 0x9C,
-        0xDD, 0x39, 0x71, 0x90, 0x69, 0x9C, 0xF3, 0x7B, 0x91, 0xB1,
-        0x65, 0x44, 0x10, 0xEC, 0x5C, 0x31, 0xF5, 0xA5, 0x37, 0xFF,
-        0x52, 0xDF, 0x21, 0x85, 0x8A, 0x08, 0x77, 0xD7, 0xEE, 0xCC,
-        0xD8, 0x58, 0xEF, 0x5B, 0xDD, 0x12, 0xC0, 0x4E, 0xC2, 0x20,
-        0xAD, 0x5E, 0x74, 0x37, 0xE0, 0x70, 0x1B, 0xBA, 0xA3, 0x84,
-        0x39, 0x2C, 0x4F, 0x63, 0x77, 0x69, 0x6C, 0x60, 0x69, 0x00,
-        0xF0, 0xCE, 0x19, 0x29, 0x62, 0xDA, 0x10, 0xD9, 0x15, 0x79,
-        0xC5, 0x2B, 0xB0, 0xB3, 0x97, 0x8C, 0x98, 0x83, 0x9F, 0x25,
-        0x3F, 0x56, 0x1F, 0x2C, 0x63, 0x77, 0xFA, 0xDB, 0x27, 0xDF,
-        0x94, 0xAE, 0x08, 0x44, 0x75, 0x8A, 0xE8, 0x91, 0x72, 0xB0,
-        0xD0, 0x93, 0xC5, 0x7B, 0xB1, 0xD0, 0xEB, 0xD8, 0xDD, 0x88,
-        0x29, 0xF8, 0x36, 0xE7, 0x7C, 0xFD, 0x88, 0xFE, 0xA1, 0xEE,
-        0x12, 0x9A, 0x0E, 0x84, 0x75, 0x15, 0xA8, 0xA0, 0xD7, 0xBC,
-        0x72, 0x75, 0x7D, 0x4E, 0xDF, 0xEE, 0x30, 0x30, 0x23, 0x6D,
-        0xCC, 0xE5, 0xD7, 0xFD, 0x11, 0xE0, 0x87, 0x65, 0xDE, 0xAA,
-        0xF4, 0x2C, 0x64, 0x74, 0x1A, 0x0C, 0x7A, 0x0A, 0x5B, 0x85,
-        0xF3, 0x35, 0xB8, 0x41, 0x27, 0x14, 0xFC, 0x2A, 0x8D, 0x28,
-        0xD0, 0xA7, 0xDB, 0xB0, 0xD9, 0x5A, 0xA9, 0x0F, 0x0B, 0x2F,
-        0xE0, 0x8E, 0x37, 0x82, 0x5E, 0x8E, 0x1E, 0x2F, 0xC2, 0xA6,
-        0xF5, 0x89, 0x54, 0x77, 0x49, 0x49, 0xDC, 0xF4, 0x03, 0xF2,
-        0x04, 0xD6, 0xC0, 0x43, 0xB1, 0x13, 0x2B, 0x0C, 0xC2, 0x14,
-        0x93, 0x5A, 0x90, 0x20, 0x87, 0xA0, 0x4A, 0xB2, 0xD7, 0x25,
-        0x81, 0x79, 0x3C, 0x9C, 0xF6, 0x92, 0xBB, 0x26, 0xB0, 0x25,
-        0x93, 0x05, 0x60, 0xEC, 0x56, 0x3C, 0x92, 0x41, 0x63, 0x52,
-        0x0F, 0x95, 0x06, 0x7D, 0xE8, 0x46, 0x90, 0x39, 0x69, 0xEA,
-        0x6B, 0xA6, 0x64, 0x09, 0x7B, 0x2F, 0x34, 0xE0, 0x21, 0x29,
-        0xDA, 0xE3, 0xCF, 0xFE, 0xA7, 0x8E, 0x14, 0x3A, 0xD7, 0x53,
-        0x26, 0xD7, 0x82, 0x0E, 0x2A, 0x00, 0x43, 0xEB, 0x6A, 0x23,
-        0x75, 0x28, 0xD0, 0x9B, 0x85, 0xE0, 0xFB, 0x14, 0x19, 0xF3,
-        0x6A, 0x73, 0x6C, 0x97, 0x0E, 0x21, 0xFC, 0x0F, 0x26, 0xC5,
-        0xCE, 0xB7, 0xC6, 0x59, 0xA2, 0xE6, 0x4C, 0xF4, 0xC7, 0xBB,
-        0x9B, 0xA8, 0xFA, 0x12, 0xC7, 0xDA, 0x33, 0x26, 0x69, 0x83,
-        0x49, 0xA8, 0x0A, 0x3E, 0xF0, 0xD4
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
+static const unsigned char bench_dilithium_level3_pubkey[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d,
+    0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92,
+    0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24,
+    0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e,
+    0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4,
+    0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc,
+    0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4,
+    0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6,
+    0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc,
+    0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49,
+    0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71,
+    0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09,
+    0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1,
+    0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00,
+    0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46,
+    0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85,
+    0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9,
+    0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7,
+    0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0,
+    0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc,
+    0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb,
+    0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f,
+    0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a,
+    0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d,
+    0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40,
+    0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e,
+    0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea,
+    0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd,
+    0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea,
+    0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b,
+    0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9,
+    0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc,
+    0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3,
+    0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce,
+    0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1,
+    0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac,
+    0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e,
+    0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b,
+    0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9,
+    0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d,
+    0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda,
+    0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9,
+    0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86,
+    0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4,
+    0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b,
+    0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32,
+    0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf,
+    0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca,
+    0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15,
+    0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2,
+    0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14,
+    0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3,
+    0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0,
+    0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a,
+    0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e,
+    0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75,
+    0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40,
+    0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40,
+    0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75,
+    0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64,
+    0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a,
+    0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91,
+    0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8,
+    0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19,
+    0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35,
+    0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d,
+    0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9,
+    0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c,
+    0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69,
+    0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34,
+    0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f,
+    0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee,
+    0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30,
+    0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4,
+    0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5,
+    0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63,
+    0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63,
+    0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14,
+    0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10,
+    0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97,
+    0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12,
+    0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac,
+    0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7,
+    0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4,
+    0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30,
+    0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a,
+    0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62,
+    0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4,
+    0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c,
+    0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5,
+    0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c,
+    0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d,
+    0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3,
+    0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca,
+    0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed,
+    0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca,
+    0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c,
+    0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97,
+    0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3,
+    0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6,
+    0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4,
+    0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c,
+    0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7,
+    0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04,
+    0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06,
+    0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3,
+    0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9,
+    0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4,
+    0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c,
+    0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71,
+    0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc,
+    0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd,
+    0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c,
+    0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7,
+    0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d,
+    0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4,
+    0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f,
+    0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69,
+    0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7,
+    0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0,
+    0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24,
+    0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84,
+    0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22,
+    0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e,
+    0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f,
+    0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a,
+    0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f,
+    0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e,
+    0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57,
+    0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70,
+    0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62,
+    0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48,
+    0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75,
+    0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f,
+    0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc,
+    0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c,
+    0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5,
+    0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2,
+    0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52,
+    0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b,
+    0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72,
+    0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63,
+    0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a,
+    0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7,
+    0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b,
+    0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2,
+    0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58,
+    0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78,
+    0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06,
+    0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f,
+    0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98,
+    0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f,
+    0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8,
+    0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75,
+    0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee,
+    0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5,
+    0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d,
+    0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24,
+    0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b,
+    0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7,
+    0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58,
+    0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b,
+    0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91,
+    0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a,
+    0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c,
+    0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1,
+    0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b,
+    0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc,
+    0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23,
+    0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58,
+    0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82,
+    0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63,
+    0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac,
+    0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81,
+    0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52,
+    0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2,
+    0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e,
+    0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34,
+    0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff,
+    0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5,
+    0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea,
+    0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6,
+    0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77,
+    0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab,
+    0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d,
+    0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09,
+    0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe,
+    0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e,
+    0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08,
+    0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
+    0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
+    0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
+    0x1b, 0x10,
+};
+static const int sizeof_bench_dilithium_level3_pubkey =
+    sizeof(bench_dilithium_level3_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
+static const unsigned char bench_dilithium_level5_key[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0xfd, 0x0f, 0x8f, 0x6e, 0xad, 0x75, 0x9b, 0xc9,
+    0xb1, 0xb9, 0x90, 0x93, 0xbf, 0xce, 0x02, 0x2d, 0x12, 0x0c,
+    0x54, 0x2e, 0xe2, 0x3e, 0x52, 0xff, 0xe0, 0x7a, 0xca, 0x2d,
+    0x81, 0x84, 0xea, 0x16, 0x1f, 0x10, 0xc4, 0xc9, 0xde, 0xcd,
+    0xf6, 0xbd, 0x60, 0xc9, 0xb3, 0xd0, 0x0f, 0x57, 0xeb, 0x71,
+    0x78, 0x9b, 0xb5, 0x72, 0x2a, 0x65, 0x11, 0x14, 0xff, 0x63,
+    0x8d, 0x38, 0xcf, 0xa4, 0xf4, 0xad, 0xd0, 0x68, 0x84, 0x97,
+    0xfe, 0xd3, 0x91, 0xa0, 0xe4, 0xc3, 0x74, 0xcf, 0x20, 0x87,
+    0x89, 0x84, 0x1f, 0x75, 0x91, 0xe3, 0xb3, 0x47, 0x8b, 0xfe,
+    0x76, 0xb7, 0x2d, 0x30, 0x89, 0x02, 0x04, 0xc9, 0x93, 0xa8,
+    0x31, 0xd3, 0x84, 0x2d, 0xe4, 0x26, 0x12, 0xdb, 0x94, 0x08,
+    0x12, 0x45, 0x45, 0xca, 0x44, 0x89, 0x52, 0xc4, 0x28, 0x41,
+    0x46, 0x01, 0x1c, 0x93, 0x20, 0x8b, 0x40, 0x6d, 0x09, 0x36,
+    0x65, 0x4c, 0xa2, 0x40, 0x62, 0xb8, 0x2c, 0x1b, 0x00, 0x20,
+    0x61, 0x42, 0x8c, 0x24, 0xa7, 0x10, 0x19, 0x27, 0x25, 0x22,
+    0x14, 0x31, 0x13, 0x33, 0x46, 0x0c, 0x22, 0x22, 0x18, 0xa7,
+    0x91, 0x0c, 0x24, 0x61, 0xd9, 0x32, 0x46, 0xc8, 0x96, 0x49,
+    0x5c, 0x90, 0x89, 0x9b, 0x84, 0x01, 0x5c, 0x08, 0x42, 0x64,
+    0x84, 0x85, 0x0c, 0x42, 0x21, 0x20, 0x48, 0x21, 0x92, 0x00,
+    0x28, 0x83, 0x20, 0x4c, 0x08, 0xc7, 0x51, 0x99, 0x06, 0x66,
+    0x01, 0x18, 0x51, 0x13, 0x48, 0x0a, 0x0b, 0x42, 0x90, 0x4c,
+    0x14, 0x08, 0x83, 0x14, 0x6d, 0x10, 0x10, 0x91, 0xe2, 0xc4,
+    0x8d, 0xe1, 0x12, 0x11, 0x10, 0x40, 0x29, 0x99, 0x92, 0x30,
+    0x12, 0x39, 0x6c, 0x91, 0x86, 0x68, 0x08, 0x83, 0x0c, 0x54,
+    0x80, 0x80, 0xa2, 0x08, 0x52, 0x09, 0x30, 0x71, 0x0c, 0x10,
+    0x04, 0x53, 0x00, 0x65, 0x91, 0x12, 0x2d, 0x0c, 0xa2, 0x8c,
+    0x18, 0x14, 0x45, 0xd8, 0x14, 0x06, 0xe4, 0x36, 0x72, 0x93,
+    0x10, 0x68, 0x09, 0xc2, 0x08, 0x51, 0x14, 0x8c, 0x13, 0x39,
+    0x11, 0xd8, 0x44, 0x02, 0x18, 0x39, 0x29, 0x98, 0x16, 0x71,
+    0x82, 0x40, 0x70, 0x01, 0x10, 0x8c, 0x1a, 0x30, 0x08, 0x02,
+    0x03, 0x41, 0x5a, 0x00, 0x40, 0xa4, 0x16, 0x90, 0x20, 0x26,
+    0x32, 0x00, 0x49, 0x61, 0x20, 0x20, 0x0c, 0x1a, 0xb0, 0x10,
+    0x63, 0x10, 0x11, 0x58, 0x30, 0x0d, 0x59, 0x80, 0x68, 0x90,
+    0x46, 0x2a, 0x91, 0xa8, 0x71, 0x98, 0x20, 0x40, 0x21, 0x83,
+    0x6c, 0xc0, 0x48, 0x0d, 0x8b, 0x90, 0x11, 0x08, 0x09, 0x31,
+    0x8c, 0x00, 0x12, 0x10, 0x14, 0x6e, 0xc2, 0x06, 0x32, 0x1a,
+    0x26, 0x10, 0x0a, 0x91, 0x44, 0x08, 0x99, 0x8d, 0x60, 0x86,
+    0x28, 0x11, 0x20, 0x6d, 0xa3, 0x12, 0x81, 0x8b, 0xc6, 0x51,
+    0xcb, 0xa0, 0x61, 0x09, 0x97, 0x61, 0x48, 0xb6, 0x0d, 0x21,
+    0x49, 0x51, 0x08, 0x13, 0x0c, 0x0a, 0x34, 0x86, 0x49, 0x80,
+    0x65, 0x14, 0x39, 0x04, 0x21, 0x01, 0x81, 0x9a, 0xb8, 0x4d,
+    0x04, 0x41, 0x48, 0x03, 0x92, 0x81, 0x62, 0x14, 0x6c, 0x10,
+    0x16, 0x11, 0xe2, 0xa2, 0x49, 0xe3, 0x30, 0x65, 0x04, 0x93,
+    0x8d, 0x1c, 0x33, 0x70, 0x1b, 0x15, 0x50, 0xe4, 0x38, 0x80,
+    0x21, 0x37, 0x06, 0x20, 0xc6, 0x24, 0xc8, 0x22, 0x88, 0x4a,
+    0x44, 0x80, 0x14, 0x43, 0x88, 0x54, 0x44, 0x42, 0x11, 0x49,
+    0x41, 0x19, 0xb9, 0x2d, 0xcc, 0x04, 0x0d, 0x19, 0xc1, 0x65,
+    0x5b, 0xa0, 0x11, 0x94, 0x00, 0x84, 0xe4, 0xb6, 0x41, 0xc2,
+    0x18, 0x72, 0x5c, 0x02, 0x69, 0x11, 0x85, 0x24, 0x13, 0x35,
+    0x00, 0x62, 0x34, 0x04, 0x58, 0x40, 0x21, 0x00, 0xc4, 0x28,
+    0x0c, 0x17, 0x30, 0x10, 0x47, 0x60, 0x4b, 0xc2, 0x61, 0x9c,
+    0x80, 0x2c, 0x20, 0x94, 0x31, 0x58, 0x92, 0x09, 0xcc, 0x00,
+    0x02, 0x42, 0x94, 0x69, 0x99, 0x28, 0x06, 0x98, 0x02, 0x52,
+    0x90, 0x32, 0x6e, 0x8a, 0x18, 0x2e, 0x54, 0x94, 0x81, 0x03,
+    0xc6, 0x89, 0x03, 0xa1, 0x84, 0x48, 0x82, 0x48, 0x52, 0xc4,
+    0x00, 0x91, 0x30, 0x24, 0x20, 0x12, 0x0d, 0x83, 0x80, 0x05,
+    0x92, 0x48, 0x61, 0x98, 0x46, 0x92, 0xe1, 0xa6, 0x25, 0x20,
+    0x93, 0x4d, 0x1c, 0x37, 0x2c, 0x9b, 0x94, 0x8d, 0xc8, 0x88,
+    0x80, 0xa2, 0x18, 0x72, 0x0c, 0x09, 0x70, 0x81, 0x36, 0x90,
+    0x24, 0x45, 0x69, 0x53, 0x36, 0x6c, 0xd2, 0x20, 0x51, 0x23,
+    0xc1, 0x8c, 0x62, 0xb0, 0x70, 0x11, 0xb2, 0x70, 0xcb, 0x84,
+    0x69, 0x4b, 0x32, 0x89, 0x01, 0x21, 0x81, 0x02, 0x38, 0x66,
+    0xa3, 0x26, 0x12, 0x24, 0xa3, 0x30, 0x22, 0x24, 0x84, 0x18,
+    0xb9, 0x84, 0x40, 0x16, 0x50, 0x22, 0x44, 0x31, 0x1b, 0x13,
+    0x8d, 0x53, 0x02, 0x89, 0x4a, 0x22, 0x10, 0x53, 0x18, 0x01,
+    0x58, 0x30, 0x2d, 0x00, 0x05, 0x08, 0x13, 0x80, 0x84, 0xc2,
+    0x22, 0x0e, 0x88, 0x26, 0x2a, 0x04, 0xc4, 0x4c, 0x19, 0x43,
+    0x01, 0xc8, 0x38, 0x4c, 0xd1, 0xb2, 0x90, 0x13, 0x29, 0x10,
+    0x12, 0x48, 0x22, 0x01, 0xa8, 0x51, 0xd1, 0x92, 0x40, 0x11,
+    0x27, 0x62, 0x10, 0x01, 0x0c, 0x0c, 0xc6, 0x28, 0xe3, 0x46,
+    0x60, 0x24, 0x01, 0x8d, 0x14, 0xb6, 0x10, 0x50, 0xb6, 0x25,
+    0x44, 0x38, 0x40, 0x44, 0xc2, 0x0c, 0x19, 0xc0, 0x64, 0x9c,
+    0x44, 0x02, 0x21, 0x25, 0x65, 0x02, 0x23, 0x86, 0x1a, 0x12,
+    0x70, 0x51, 0x24, 0x91, 0x09, 0x08, 0x44, 0x09, 0x35, 0x66,
+    0x91, 0x04, 0x12, 0x43, 0x42, 0x8d, 0x22, 0xa0, 0x70, 0x14,
+    0x91, 0x25, 0xa0, 0x00, 0x80, 0xe4, 0x00, 0x90, 0x44, 0xb2,
+    0x61, 0x14, 0x20, 0x6e, 0xca, 0x14, 0x0d, 0x23, 0x85, 0x68,
+    0xda, 0x40, 0x92, 0x0b, 0xb1, 0x20, 0x92, 0x04, 0x46, 0xc0,
+    0x08, 0x8a, 0x40, 0xc4, 0x4d, 0x0c, 0x17, 0x45, 0xd3, 0x18,
+    0x52, 0x1b, 0x46, 0x24, 0xc2, 0x24, 0x71, 0x83, 0x10, 0x80,
+    0xc8, 0x82, 0x68, 0xc2, 0x96, 0x81, 0x0a, 0x01, 0x92, 0x60,
+    0xb4, 0x84, 0x09, 0xc6, 0x00, 0x04, 0x37, 0x90, 0x0b, 0xa0,
+    0x28, 0x12, 0x27, 0x09, 0x94, 0x80, 0x50, 0xd8, 0x04, 0x86,
+    0x08, 0x13, 0x8a, 0x4a, 0x06, 0x89, 0x9b, 0xc4, 0x60, 0xe3,
+    0xa2, 0x20, 0xe0, 0x38, 0x21, 0x22, 0xb4, 0x68, 0x0a, 0xa1,
+    0x0c, 0x01, 0x24, 0x32, 0x4c, 0x48, 0x30, 0xa2, 0x80, 0x8d,
+    0x58, 0x44, 0x10, 0xc8, 0x94, 0x6d, 0x21, 0xc3, 0x61, 0xcb,
+    0x98, 0x24, 0xdc, 0x38, 0x11, 0xc9, 0x18, 0x11, 0x20, 0x01,
+    0x50, 0x1c, 0x34, 0x8d, 0x02, 0x03, 0x09, 0x0a, 0x40, 0x61,
+    0xd4, 0xb8, 0x84, 0x9c, 0xc2, 0x09, 0x04, 0xb1, 0x89, 0x83,
+    0x86, 0x84, 0x19, 0x83, 0x0c, 0x5a, 0x86, 0x89, 0x10, 0x21,
+    0x0d, 0xd1, 0xc2, 0x80, 0x18, 0x29, 0x2a, 0x0c, 0x01, 0x50,
+    0x89, 0x88, 0x48, 0x03, 0xa7, 0x85, 0x21, 0x92, 0x64, 0xc4,
+    0x16, 0x81, 0x94, 0x06, 0x6c, 0x53, 0x26, 0x12, 0x90, 0xb6,
+    0x21, 0x0b, 0xa8, 0x64, 0x43, 0x96, 0x84, 0x41, 0x88, 0x70,
+    0xe3, 0xa6, 0x44, 0x12, 0xc0, 0x09, 0x01, 0xc7, 0x60, 0xc3,
+    0x20, 0x42, 0xc3, 0x40, 0x68, 0x10, 0xa6, 0x51, 0xa4, 0xa0,
+    0x71, 0x54, 0x98, 0x04, 0x88, 0xb2, 0x00, 0x54, 0x18, 0x6a,
+    0x48, 0x98, 0x20, 0x21, 0xb2, 0x8d, 0x82, 0x20, 0x81, 0x99,
+    0x16, 0x81, 0x0a, 0xc5, 0x88, 0x0a, 0x23, 0x11, 0x8a, 0x16,
+    0x44, 0x24, 0xc9, 0x29, 0x59, 0x08, 0x91, 0x1c, 0x29, 0x05,
+    0x14, 0xc9, 0x44, 0xe3, 0x20, 0x10, 0x1b, 0xa1, 0x64, 0x82,
+    0xa2, 0x90, 0x00, 0x00, 0x82, 0x98, 0xb2, 0x85, 0xc8, 0x04,
+    0x28, 0xc8, 0xb2, 0x65, 0xc9, 0xc6, 0x88, 0xcc, 0x08, 0x91,
+    0x84, 0x08, 0x30, 0x94, 0x94, 0x8d, 0xc0, 0x18, 0x46, 0x82,
+    0x36, 0x4c, 0x83, 0x10, 0x72, 0x23, 0xb1, 0x88, 0x81, 0x20,
+    0x8e, 0x19, 0x03, 0x8a, 0x94, 0x46, 0x22, 0x21, 0x35, 0x8e,
+    0x04, 0xc0, 0x88, 0x5b, 0xb6, 0x09, 0x0a, 0x18, 0x44, 0x21,
+    0x90, 0x65, 0x03, 0xb2, 0x21, 0xc4, 0x10, 0x50, 0xc1, 0x80,
+    0x0c, 0x09, 0x40, 0x49, 0xe4, 0xa8, 0x8c, 0xa4, 0x36, 0x61,
+    0x59, 0x12, 0x86, 0x20, 0x08, 0x2d, 0x10, 0x19, 0x85, 0xe4,
+    0x34, 0x60, 0xc4, 0xb6, 0x60, 0x00, 0x18, 0x06, 0x8c, 0xb8,
+    0x45, 0x19, 0x13, 0x4a, 0x53, 0xc4, 0x40, 0xc9, 0x38, 0x71,
+    0xd9, 0x48, 0x10, 0x59, 0x08, 0x02, 0x02, 0x10, 0x69, 0x53,
+    0x28, 0x80, 0x22, 0x81, 0x4c, 0xc9, 0x16, 0x26, 0xa1, 0x48,
+    0x64, 0x19, 0x21, 0x11, 0x1c, 0x37, 0x88, 0x4b, 0x94, 0x2c,
+    0x48, 0xc8, 0x6c, 0x63, 0x88, 0x65, 0x81, 0x40, 0x61, 0xa1,
+    0x44, 0x31, 0x82, 0x18, 0x08, 0x80, 0x00, 0x26, 0x50, 0x14,
+    0x49, 0xa1, 0x32, 0x50, 0x02, 0xc8, 0x45, 0x0c, 0x07, 0x24,
+    0x13, 0x01, 0x6d, 0x0a, 0xb3, 0x90, 0x64, 0x30, 0x85, 0x21,
+    0x09, 0x61, 0x44, 0x44, 0x72, 0x08, 0x32, 0x06, 0xe1, 0xa2,
+    0x21, 0xdb, 0xa4, 0x09, 0x5a, 0xb4, 0x71, 0x43, 0xb2, 0x09,
+    0x82, 0xc4, 0x64, 0x88, 0xa0, 0x91, 0xca, 0x14, 0x90, 0xa4,
+    0xa8, 0x41, 0xc1, 0x38, 0x85, 0x12, 0x32, 0x60, 0x1a, 0x11,
+    0x72, 0x53, 0x32, 0x2c, 0xe3, 0x08, 0x4d, 0x24, 0xc6, 0x28,
+    0x0a, 0x03, 0x8c, 0x88, 0x06, 0x05, 0xa0, 0xa8, 0x05, 0x84,
+    0xa2, 0x4c, 0x80, 0x40, 0x62, 0xda, 0x24, 0x81, 0x9a, 0x16,
+    0x91, 0x24, 0x81, 0x04, 0xa4, 0x46, 0x51, 0xc2, 0xa8, 0x25,
+    0x20, 0x28, 0x42, 0x13, 0x46, 0x2c, 0x63, 0x42, 0x72, 0x03,
+    0x88, 0x28, 0xa3, 0x22, 0x24, 0x1a, 0x02, 0x26, 0x42, 0xa2,
+    0x11, 0x11, 0xb0, 0x51, 0x92, 0xb4, 0x6c, 0xe2, 0x32, 0x85,
+    0x10, 0xc2, 0x41, 0xc1, 0x40, 0x46, 0x4c, 0x26, 0x01, 0x1c,
+    0x35, 0x02, 0x0c, 0x14, 0x0c, 0x18, 0x81, 0x00, 0x10, 0x26,
+    0x02, 0xc8, 0x32, 0x8c, 0xe4, 0x02, 0x68, 0xcc, 0x14, 0x2e,
+    0x89, 0x38, 0x60, 0x10, 0x12, 0x24, 0x93, 0x42, 0x65, 0xe3,
+    0x24, 0x29, 0x08, 0x80, 0x41, 0x09, 0x29, 0x46, 0x5b, 0x26,
+    0x49, 0x5b, 0x30, 0x80, 0x03, 0xc1, 0x2c, 0x04, 0x09, 0x82,
+    0x4c, 0x48, 0x2d, 0x1c, 0x36, 0x4d, 0xdb, 0x02, 0x86, 0x21,
+    0xb5, 0x51, 0x81, 0x80, 0x2d, 0xcb, 0x20, 0x81, 0x5b, 0x34,
+    0x41, 0x89, 0x36, 0x48, 0x44, 0xa0, 0x05, 0x59, 0xb6, 0x64,
+    0x12, 0x45, 0x21, 0x20, 0x31, 0x51, 0x0a, 0xc3, 0x8c, 0x14,
+    0x48, 0x71, 0x18, 0x35, 0x24, 0x20, 0x45, 0x05, 0x88, 0x20,
+    0x09, 0x08, 0xb1, 0x29, 0x18, 0xa0, 0x09, 0x4a, 0x00, 0x8a,
+    0xe2, 0xb8, 0x45, 0x02, 0x27, 0x89, 0xd8, 0x10, 0x25, 0x51,
+    0x82, 0x8c, 0x13, 0x92, 0x30, 0x1c, 0x24, 0x8e, 0x1c, 0x93,
+    0x4d, 0xa3, 0x48, 0x51, 0x93, 0xa8, 0x69, 0xe2, 0x04, 0x89,
+    0x13, 0x13, 0x61, 0xcb, 0x98, 0x8c, 0x09, 0x21, 0x62, 0x4b,
+    0x14, 0x4e, 0x11, 0xa3, 0x09, 0x98, 0x40, 0x42, 0x91, 0x12,
+    0x08, 0x80, 0x84, 0x2d, 0xc0, 0x12, 0x60, 0x03, 0xa4, 0x29,
+    0x18, 0x80, 0x01, 0x94, 0x44, 0x8a, 0x12, 0x11, 0x72, 0xc4,
+    0x22, 0x32, 0x9a, 0x46, 0x88, 0x1b, 0x16, 0x4d, 0x4b, 0x08,
+    0x11, 0x02, 0x48, 0x45, 0x81, 0xa4, 0x64, 0xe1, 0x88, 0x0c,
+    0x63, 0x10, 0x70, 0x48, 0x98, 0x05, 0x9b, 0xb8, 0x84, 0x03,
+    0x14, 0x05, 0x44, 0x86, 0x0c, 0x20, 0x11, 0x68, 0xbe, 0x71,
+    0x83, 0xc2, 0x69, 0xde, 0x49, 0xad, 0xb4, 0xdb, 0x93, 0xcb,
+    0x20, 0x2b, 0xbd, 0x95, 0x97, 0x57, 0x7e, 0xcb, 0xbc, 0x73,
+    0xb6, 0x3d, 0x16, 0x4a, 0x0e, 0xe4, 0x9c, 0x81, 0xb1, 0x5d,
+    0x27, 0x64, 0xa2, 0x14, 0x12, 0x1b, 0x8e, 0xd0, 0xd8, 0x38,
+    0xf6, 0xc7, 0xbb, 0x9f, 0x77, 0x3c, 0x62, 0x04, 0x92, 0xe1,
+    0x97, 0xaf, 0x24, 0xa7, 0xf9, 0xf0, 0x8d, 0x3a, 0xbf, 0x5d,
+    0xab, 0x5c, 0x97, 0x0f, 0xfc, 0x35, 0xbc, 0x62, 0xd8, 0x42,
+    0xfd, 0xc7, 0x8b, 0xf7, 0x80, 0xd1, 0x38, 0x68, 0x14, 0x5e,
+    0x4f, 0x99, 0x31, 0xc7, 0xaf, 0xbd, 0x27, 0xce, 0x1c, 0x5b,
+    0x09, 0x1b, 0xcf, 0xbb, 0xfb, 0xf9, 0xf4, 0x90, 0x4c, 0xc1,
+    0xa2, 0x12, 0xf9, 0xd0, 0xa5, 0x2c, 0xfd, 0x7b, 0x55, 0xb0,
+    0xb1, 0xc6, 0x42, 0xe6, 0xeb, 0x10, 0x5e, 0xe9, 0x00, 0xe8,
+    0x46, 0xe4, 0xe0, 0x8b, 0x21, 0xbc, 0xb1, 0xa9, 0x9e, 0x75,
+    0x66, 0xf0, 0xb8, 0x87, 0xb9, 0x11, 0x7e, 0x28, 0x6c, 0x4d,
+    0x58, 0xcd, 0x54, 0x71, 0x0c, 0x6a, 0xcc, 0xfb, 0x52, 0xc2,
+    0x5b, 0xcc, 0x19, 0x67, 0x4f, 0xc2, 0x2f, 0x09, 0x62, 0x51,
+    0x82, 0xeb, 0x9b, 0x94, 0x11, 0xb4, 0x5a, 0x67, 0x7f, 0x58,
+    0x18, 0xb2, 0x3f, 0x37, 0x1f, 0x94, 0x44, 0x73, 0x6a, 0x02,
+    0xf5, 0xfb, 0x5b, 0x03, 0xac, 0x5d, 0xc6, 0xa9, 0x79, 0x8f,
+    0x0f, 0x50, 0xa0, 0x57, 0x46, 0x05, 0x6d, 0x58, 0xde, 0x6e,
+    0x8d, 0x9c, 0x0e, 0x6a, 0xb5, 0x9b, 0x1b, 0x22, 0x74, 0xad,
+    0x00, 0x55, 0x27, 0x46, 0xce, 0xbb, 0x82, 0x77, 0x4e, 0x6e,
+    0x59, 0x38, 0x26, 0xb3, 0xc7, 0xbc, 0x97, 0x54, 0x83, 0x69,
+    0x1f, 0x3e, 0xbd, 0x0f, 0xff, 0x2f, 0xca, 0xb9, 0xea, 0x91,
+    0x26, 0x8e, 0x0a, 0x78, 0x25, 0xf6, 0x6b, 0x11, 0x30, 0xd7,
+    0xe2, 0xf4, 0x2b, 0xda, 0xcf, 0xe1, 0x4a, 0x47, 0xab, 0x5f,
+    0x54, 0x34, 0x38, 0xac, 0xd1, 0xbf, 0x45, 0xad, 0x4b, 0x52,
+    0x0f, 0x4c, 0xa2, 0xac, 0x22, 0x7c, 0xb6, 0xed, 0x7f, 0xd5,
+    0x63, 0x3b, 0x1a, 0x3b, 0xf2, 0x3d, 0x9b, 0x96, 0x92, 0x08,
+    0xb9, 0x95, 0x13, 0xaf, 0x20, 0x26, 0x8b, 0x15, 0x97, 0x89,
+    0xa5, 0x88, 0x8f, 0x78, 0xb4, 0x57, 0x9d, 0x51, 0x96, 0x9c,
+    0x98, 0x93, 0xd5, 0x83, 0xf9, 0xff, 0x94, 0x29, 0x1e, 0xa5,
+    0x28, 0xa4, 0x0c, 0x22, 0xab, 0xbc, 0x70, 0x48, 0xa2, 0x16,
+    0x1c, 0xa4, 0xba, 0x8b, 0xfe, 0xb2, 0xa9, 0x03, 0x96, 0x5f,
+    0xb4, 0x84, 0x8e, 0xb4, 0xbb, 0x7b, 0x11, 0xc5, 0xc2, 0xdb,
+    0xe3, 0x88, 0xb5, 0xd3, 0xac, 0x07, 0x33, 0x53, 0xe8, 0x10,
+    0x9e, 0xc5, 0x81, 0xb0, 0x77, 0x2f, 0x4f, 0x6d, 0x0d, 0x89,
+    0xb4, 0x04, 0x98, 0x05, 0xe6, 0xd3, 0x36, 0x97, 0xcd, 0x3e,
+    0x4d, 0xc6, 0x21, 0xe4, 0x0b, 0xcf, 0xed, 0xa7, 0x4d, 0xd9,
+    0xd3, 0x25, 0xec, 0xec, 0x47, 0xfd, 0x06, 0x92, 0x77, 0x25,
+    0x3c, 0x44, 0xe6, 0x5d, 0xb4, 0x35, 0x2b, 0x5d, 0x05, 0x65,
+    0x63, 0x0b, 0xd9, 0xb8, 0x28, 0xdf, 0xdd, 0xfd, 0x64, 0x18,
+    0x42, 0x19, 0x7f, 0x12, 0x78, 0xdd, 0xf0, 0x64, 0xd6, 0x99,
+    0xb8, 0x74, 0x81, 0xe2, 0xb9, 0xc8, 0x67, 0x6d, 0x31, 0x22,
+    0xa5, 0x68, 0xa1, 0x8d, 0x3e, 0x49, 0xbe, 0x10, 0x68, 0xa8,
+    0x74, 0x1d, 0x18, 0xcf, 0x00, 0xe1, 0x4f, 0x77, 0xd8, 0xc6,
+    0xe3, 0x08, 0xbb, 0x4c, 0xed, 0xff, 0xd9, 0x9b, 0xb0, 0xd1,
+    0x50, 0xbb, 0x8b, 0x91, 0xcd, 0x5f, 0x2a, 0xfb, 0x8f, 0x4d,
+    0x3c, 0x98, 0xba, 0xd7, 0x98, 0x99, 0xa7, 0x22, 0x14, 0xd7,
+    0x94, 0xb5, 0xb8, 0xa4, 0x52, 0x31, 0xa7, 0xa1, 0xa4, 0x28,
+    0xee, 0x31, 0xb5, 0xd0, 0xc1, 0x07, 0x05, 0x16, 0x1d, 0x53,
+    0x45, 0x62, 0x23, 0x05, 0x44, 0xb6, 0x4f, 0x92, 0x03, 0x53,
+    0x9a, 0x71, 0x56, 0xae, 0x16, 0x81, 0xb4, 0xc9, 0x98, 0xf4,
+    0x7f, 0x11, 0x37, 0xc2, 0xc8, 0xf2, 0xe4, 0x48, 0xe3, 0xcc,
+    0xf1, 0xe3, 0x3d, 0x8e, 0x13, 0x5b, 0x25, 0xad, 0xce, 0x6f,
+    0xed, 0x60, 0x4f, 0x7d, 0x51, 0xe1, 0xd0, 0x74, 0xf4, 0xed,
+    0xf3, 0x84, 0xa6, 0x0e, 0xba, 0xb4, 0x8e, 0x5a, 0xb9, 0x12,
+    0x70, 0x43, 0x4c, 0xb5, 0xa5, 0x1e, 0x86, 0xa5, 0xe3, 0x4d,
+    0x76, 0x95, 0xce, 0x2c, 0x53, 0x3a, 0x4e, 0x3f, 0x47, 0x73,
+    0x85, 0x88, 0xd9, 0x39, 0x21, 0x83, 0x24, 0x68, 0x6a, 0x1e,
+    0x77, 0xdf, 0x59, 0xc5, 0x1b, 0xe2, 0xb1, 0x47, 0x9d, 0xee,
+    0x45, 0x1e, 0xc6, 0xd4, 0x43, 0xe2, 0xc7, 0x1c, 0x98, 0x84,
+    0xe0, 0x39, 0xe9, 0x9f, 0xa0, 0xa2, 0x24, 0x4a, 0x88, 0x46,
+    0xf3, 0x50, 0x52, 0xb5, 0xae, 0x37, 0x5c, 0xa1, 0x7d, 0xad,
+    0x7c, 0x30, 0x3e, 0xcd, 0x80, 0x1c, 0xac, 0xf4, 0xe6, 0xb5,
+    0x9f, 0x22, 0xb6, 0xfb, 0x0e, 0x6d, 0x80, 0x10, 0xf7, 0x3f,
+    0xdd, 0x5b, 0xd9, 0xd4, 0x03, 0x14, 0x41, 0x90, 0x88, 0xa8,
+    0xcf, 0x50, 0xa2, 0xf2, 0x7e, 0xf0, 0x0a, 0x7f, 0xed, 0x77,
+    0x09, 0x48, 0x32, 0x55, 0xe9, 0x93, 0xe7, 0x27, 0x18, 0x46,
+    0x17, 0x03, 0x25, 0x8e, 0x17, 0x5d, 0xe8, 0x9e, 0xb1, 0xb4,
+    0x9d, 0x1a, 0x5e, 0xbe, 0xa8, 0xb8, 0x45, 0x30, 0xc6, 0xa5,
+    0xb4, 0xaf, 0xf3, 0x0d, 0x91, 0x9c, 0xa9, 0x5b, 0x4c, 0xbb,
+    0x19, 0x19, 0x39, 0x51, 0x36, 0x80, 0xf7, 0x10, 0xf7, 0x73,
+    0x49, 0x17, 0xec, 0xbc, 0x92, 0x08, 0x21, 0xb1, 0x0c, 0x23,
+    0xc4, 0xd6, 0xd2, 0xb3, 0xfd, 0xae, 0xe7, 0x71, 0xf3, 0x50,
+    0x11, 0x27, 0x1a, 0x85, 0xf0, 0xab, 0xd8, 0x16, 0x64, 0xcb,
+    0xad, 0xbb, 0xae, 0x54, 0x37, 0xa3, 0xa8, 0xf4, 0x09, 0x67,
+    0x54, 0x61, 0x86, 0x0f, 0x0e, 0x25, 0x0d, 0xda, 0x4a, 0xc7,
+    0xe7, 0x02, 0x80, 0x6b, 0x59, 0xd2, 0xc8, 0x88, 0x4d, 0x7d,
+    0xfd, 0x3d, 0x48, 0x04, 0x6d, 0x95, 0xdf, 0xc2, 0x8b, 0x23,
+    0x70, 0x4a, 0xf5, 0xdc, 0xc9, 0x24, 0x8d, 0x7e, 0x52, 0x22,
+    0x7e, 0x9c, 0x5c, 0x32, 0xa5, 0xd5, 0xf2, 0x11, 0x08, 0xa0,
+    0xd4, 0xa2, 0xd8, 0xdb, 0x1d, 0x9f, 0x1b, 0x54, 0x8f, 0xb5,
+    0xf6, 0x71, 0x71, 0x49, 0xbc, 0x38, 0x09, 0xb6, 0x24, 0x94,
+    0x80, 0x1f, 0x2d, 0x0c, 0xc7, 0xe4, 0xd6, 0xcd, 0xab, 0x53,
+    0x79, 0x28, 0xed, 0x48, 0x23, 0x14, 0x2f, 0x0b, 0x3a, 0xd0,
+    0xa7, 0x08, 0xe1, 0xfd, 0x1e, 0xb6, 0xdd, 0x12, 0x93, 0x2d,
+    0x95, 0x06, 0xba, 0x95, 0xcb, 0x1a, 0xed, 0xfb, 0x60, 0xe7,
+    0xf1, 0x1c, 0xad, 0xc3, 0xea, 0x8d, 0x3c, 0x53, 0x32, 0xb5,
+    0x38, 0x26, 0xdd, 0x39, 0xf0, 0x39, 0x4e, 0x6f, 0x3e, 0xa9,
+    0xea, 0x25, 0x29, 0xb8, 0x6c, 0x7d, 0x0a, 0x91, 0xd4, 0xb9,
+    0x7b, 0x67, 0xe4, 0xe5, 0x63, 0xd7, 0x6b, 0x03, 0xa5, 0xd7,
+    0xe8, 0xd2, 0xc0, 0x34, 0x53, 0xa6, 0x16, 0x21, 0x2a, 0x2a,
+    0x09, 0xd3, 0xad, 0xa1, 0x2c, 0x6a, 0x88, 0x2d, 0x90, 0x06,
+    0xba, 0x0b, 0xaa, 0xd1, 0xdb, 0xa4, 0xd0, 0x49, 0x0f, 0x42,
+    0xe1, 0xca, 0xf0, 0x69, 0x15, 0x63, 0xcb, 0x0b, 0x4c, 0x2e,
+    0x99, 0x20, 0x44, 0xe3, 0x6e, 0x32, 0x8a, 0xa1, 0x5c, 0x5b,
+    0x03, 0xeb, 0xb5, 0x05, 0xff, 0x1a, 0x76, 0x38, 0x1c, 0xb0,
+    0x74, 0xf1, 0x5a, 0x0d, 0x8a, 0xd2, 0x4e, 0x38, 0x11, 0x86,
+    0xb0, 0x2d, 0xd3, 0x88, 0xe2, 0x0f, 0x51, 0x68, 0xb9, 0x79,
+    0x96, 0x50, 0x95, 0xdc, 0x69, 0xcb, 0xa6, 0x25, 0x4a, 0xdf,
+    0xa1, 0x39, 0x13, 0x47, 0x0a, 0xf0, 0xeb, 0xcb, 0x14, 0x01,
+    0x28, 0x9c, 0x0f, 0xe2, 0x62, 0xca, 0xb5, 0x40, 0x51, 0x45,
+    0x8e, 0x18, 0x88, 0xc9, 0x58, 0xaf, 0xb3, 0x48, 0xd5, 0x20,
+    0xe8, 0xd8, 0x5b, 0xa2, 0x98, 0x74, 0x25, 0xfa, 0x25, 0x19,
+    0x82, 0x22, 0xfa, 0x82, 0x7c, 0x38, 0x8d, 0x62, 0x86, 0x01,
+    0x63, 0x20, 0x36, 0x8e, 0xaf, 0x15, 0x8a, 0x74, 0x1e, 0xfd,
+    0x7f, 0xbe, 0x60, 0xc3, 0x65, 0x31, 0xce, 0xdb, 0x92, 0xb9,
+    0x13, 0x2a, 0x78, 0xa9, 0xfc, 0x6a, 0x7b, 0x18, 0xec, 0x0c,
+    0x7b, 0x4c, 0x86, 0xaf, 0xea, 0x6d, 0x52, 0x09, 0x76, 0x52,
+    0x87, 0x8a, 0x0b, 0x2a, 0xf3, 0x93, 0x35, 0x92, 0x8b, 0x60,
+    0x42, 0x2e, 0x12, 0xa9, 0xf7, 0x7c, 0x61, 0x5c, 0x8f, 0xc0,
+    0xaa, 0x6e, 0x6a, 0xf6, 0x48, 0x48, 0xc6, 0x3e, 0xe0, 0x1d,
+    0xb4, 0xfb, 0xc4, 0xd8, 0x01, 0xb8, 0xf2, 0xf4, 0xdf, 0xc1,
+    0xba, 0xb5, 0xf2, 0x27, 0x3f, 0xdb, 0x78, 0x62, 0x1c, 0x0a,
+    0xbe, 0xdb, 0xdd, 0x3c, 0x0c, 0x29, 0x85, 0xf1, 0x44, 0x5f,
+    0x2b, 0x43, 0x80, 0x57, 0xa7, 0x5a, 0x4d, 0x1b, 0xbe, 0x03,
+    0xe7, 0x55, 0x7b, 0x91, 0x9d, 0x4c, 0x8b, 0xd7, 0xfd, 0xde,
+    0x65, 0x7e, 0xa8, 0x48, 0xbb, 0xa9, 0x96, 0x06, 0x7f, 0xc0,
+    0x6c, 0xed, 0x87, 0x53, 0x77, 0xb4, 0x5a, 0x7c, 0xbb, 0xce,
+    0xcf, 0x01, 0x08, 0x45, 0x61, 0xc1, 0x28, 0xb6, 0xf2, 0xb4,
+    0x5b, 0x6b, 0x84, 0xfe, 0x18, 0x09, 0x39, 0xc1, 0xc8, 0x96,
+    0x36, 0x6e, 0xba, 0x7e, 0x48, 0x12, 0xe6, 0xdc, 0x22, 0x48,
+    0x17, 0x0b, 0xbd, 0x92, 0x64, 0xfa, 0xc9, 0x9b, 0x07, 0xda,
+    0xed, 0x04, 0x68, 0x42, 0x15, 0x8c, 0xf9, 0xd8, 0xc3, 0x0d,
+    0x21, 0x9d, 0x96, 0xbc, 0xc3, 0x07, 0x1a, 0x2c, 0x59, 0x3f,
+    0x1a, 0x83, 0x43, 0xf0, 0xe0, 0xde, 0xe3, 0x40, 0x8e, 0x04,
+    0x66, 0x3c, 0x87, 0x1e, 0xfa, 0x7b, 0x8a, 0x7b, 0xd2, 0x9e,
+    0x15, 0xf5, 0xec, 0x3c, 0x72, 0x7e, 0x2d, 0x19, 0xf8, 0xfd,
+    0xf0, 0x28, 0x71, 0x8a, 0xf5, 0xcb, 0x4c, 0x61, 0x5f, 0x85,
+    0xe0, 0x6f, 0xb8, 0xf3, 0x17, 0x10, 0xcb, 0x44, 0x45, 0x8c,
+    0x96, 0x08, 0xa1, 0xf1, 0x48, 0xa4, 0x1d, 0xea, 0x35, 0x2f,
+    0x82, 0x2b, 0xc2, 0x0b, 0xef, 0x73, 0xe1, 0xc2, 0x35, 0xdb,
+    0xe7, 0x68, 0xfd, 0xb0, 0xe8, 0x7b, 0x2d, 0x0f, 0xfd, 0x53,
+    0x1b, 0xb8, 0x36, 0x54, 0xd6, 0x43, 0x30, 0xcf, 0x83, 0xb0,
+    0x18, 0xda, 0x9b, 0x86, 0x82, 0xfa, 0xe6, 0x37, 0x5b, 0x9e,
+    0xa4, 0xdb, 0x7c, 0x59, 0x25, 0x59, 0xc6, 0x46, 0x36, 0x72,
+    0xc5, 0x72, 0xd8, 0x2f, 0x26, 0xe2, 0xee, 0xe3, 0xcb, 0xe5,
+    0x33, 0x1f, 0x18, 0x2e, 0x16, 0xce, 0xd2, 0x9c, 0x89, 0x6e,
+    0xd5, 0x21, 0xfa, 0x58, 0x83, 0xa9, 0x4c, 0x69, 0x97, 0x7d,
+    0xae, 0x1f, 0x65, 0xd5, 0xdb, 0xf0, 0xfe, 0xd5, 0x32, 0xb1,
+    0x50, 0x72, 0xdf, 0x2b, 0xe2, 0xc1, 0xe6, 0x2e, 0x8b, 0x87,
+    0xa8, 0x4e, 0x84, 0xbe, 0xc9, 0x27, 0xb5, 0x74, 0x7e, 0x13,
+    0x17, 0x57, 0x9c, 0xc6, 0xd3, 0x9f, 0xcd, 0x86, 0x50, 0x4b,
+    0x6c, 0x50, 0xa2, 0xba, 0xfe, 0xf6, 0xd5, 0x85, 0x68, 0x31,
+    0x89, 0xfb, 0xeb, 0xfe, 0x92, 0xb0, 0xd0, 0x4c, 0xbc, 0x65,
+    0x4b, 0x62, 0xe2, 0xdf, 0x88, 0x7e, 0x90, 0xe0, 0xb3, 0xec,
+    0x13, 0x69, 0x33, 0xea, 0x53, 0x69, 0x9a, 0x0b, 0x27, 0xfb,
+    0xca, 0x9f, 0x9e, 0x1f, 0xcf, 0xb1, 0xeb, 0xf4, 0x8f, 0xe2,
+    0x53, 0xc8, 0xe6, 0x51, 0x75, 0xee, 0xb1, 0x34, 0x3e, 0x37,
+    0xdd, 0x2d, 0x3a, 0x72, 0x76, 0x33, 0xc1, 0x27, 0xe7, 0xbd,
+    0xc1, 0x7f, 0xcb, 0x53, 0x5d, 0xdf, 0xc4, 0x1f, 0x36, 0xdb,
+    0x6a, 0x91, 0x1f, 0x6a, 0xa5, 0xc6, 0xe2, 0x37, 0x68, 0x1a,
+    0x7d, 0xf7, 0xed, 0x2a, 0xc7, 0x99, 0x5e, 0xbd, 0x59, 0x57,
+    0x09, 0x22, 0x7e, 0x9c, 0xbd, 0x8e, 0xad, 0xbe, 0xee, 0xa5,
+    0x2a, 0xe3, 0x9f, 0xff, 0x14, 0xda, 0xba, 0x90, 0x37, 0xba,
+    0x3a, 0x42, 0xcd, 0x4a, 0x28, 0x47, 0x27, 0x58, 0x7a, 0x33,
+    0x93, 0x77, 0x83, 0x29, 0xab, 0x47, 0x19, 0x43, 0x00, 0x6f,
+    0xe7, 0x77, 0xc1, 0xaa, 0xd6, 0xbc, 0xc0, 0x1b, 0xd0, 0xdf,
+    0xf9, 0x40, 0x4d, 0xb2, 0x60, 0xce, 0x59, 0x17, 0x0a, 0xa9,
+    0x14, 0x4e, 0x6a, 0x30, 0x1b, 0x26, 0x68, 0x55, 0x12, 0x19,
+    0x62, 0x85, 0x5d, 0xa6, 0xb4, 0x48, 0x4a, 0xe9, 0xe1, 0x57,
+    0xb1, 0x48, 0xf3, 0x86, 0xd1, 0x50, 0x2e, 0x1d, 0x57, 0xbe,
+    0x09, 0xf8, 0x53, 0x40, 0xd9, 0x55, 0xd9, 0x71, 0x4c, 0xa7,
+    0xdb, 0x61, 0x82, 0x4e, 0x00, 0x58, 0xe4, 0x89, 0xae, 0xa6,
+    0x1a, 0x4b, 0xe3, 0x9d, 0xec, 0x65, 0xee, 0xe1, 0x7b, 0xdb,
+    0x4f, 0x8d, 0xf3, 0xd9, 0x89, 0xaa, 0xd1, 0x31, 0x30, 0xde,
+    0xc3, 0x5c, 0xbc, 0xb9, 0x60, 0x0a, 0xe0, 0x13, 0x14, 0x85,
+    0x08, 0x60, 0xc5, 0x1c, 0xc2, 0x9d, 0x8b, 0x6e, 0xb8, 0x94,
+    0x11, 0x6f, 0xd3, 0xee, 0xfb, 0xf8, 0x15, 0xd8, 0xa4, 0x0b,
+    0x92, 0xdf, 0x7c, 0x9a, 0xa2, 0xec, 0xa3, 0x3d, 0xbc, 0xcd,
+    0xe8, 0xb5, 0xb3, 0xf5, 0xe8, 0xee, 0x2a, 0x57, 0xf7, 0x58,
+    0xc4, 0xaa, 0xeb, 0x33, 0x44, 0x5f, 0x62, 0xbe, 0x90, 0x48,
+    0xe5, 0xcb, 0x6a, 0xcb, 0x55, 0x94, 0x6d, 0xe6, 0x22, 0x03,
+    0xeb, 0xcb, 0x05, 0xb8, 0xb4, 0xa5, 0xbe, 0xec, 0x79, 0x21,
+    0x0d, 0xb3, 0x5c, 0x74, 0x11, 0xcb, 0xb3, 0xa6, 0x06, 0x2f,
+    0x73, 0xd1, 0x14, 0xd9, 0x70, 0x4e, 0xc5, 0xf5, 0xff, 0xfd,
+    0x49, 0x3b, 0xa9, 0x22, 0x80, 0x2a, 0x5e, 0xf9, 0xae, 0xa5,
+    0xd4, 0x3c, 0x74, 0xd7, 0x5a, 0x5d, 0x88, 0x6f, 0x99, 0xe2,
+    0x4c, 0xa3, 0x9b, 0x15, 0xb8, 0xfd, 0x0b, 0x0d, 0x57, 0x03,
+    0xe8, 0xda, 0x78, 0xc4, 0x63, 0x49, 0x48, 0x7a, 0x39, 0xcd,
+    0xfa, 0xad, 0x92, 0x55, 0x4a, 0x0e, 0x68, 0x08, 0xb9, 0x34,
+    0xe0, 0x14, 0x6e, 0x19, 0xed, 0x69, 0x14, 0x7f, 0xc1, 0x7d,
+    0x12, 0xac, 0x5d, 0xf7, 0x62, 0x6f, 0x77, 0x65, 0xa3, 0xc2,
+    0xf9, 0xda, 0x43, 0x9e, 0x6b, 0x82, 0xd9, 0x14, 0x57, 0x02,
+    0x09, 0x9f, 0xa7, 0x15, 0x27, 0xe8, 0xad, 0xa1, 0x73, 0xc7,
+    0xb6, 0x11, 0x4c, 0x5e, 0xf4, 0x1a, 0x0a, 0x97, 0x98, 0x5e,
+    0x29, 0x8a, 0x8b, 0xa5, 0xbd, 0x86, 0x7f, 0x6d, 0x31, 0x72,
+    0x6d, 0xe5, 0xcf, 0x13, 0xff, 0xb9, 0x4e, 0x69, 0x66, 0x37,
+    0x1b, 0xfb, 0xe8, 0xb7, 0x60, 0xfe, 0xbf, 0xaa, 0x06, 0x88,
+    0xa4, 0xa2, 0x0b, 0x33, 0x55, 0xac, 0x61, 0x77, 0x0a, 0x6f,
+    0x1f, 0xaf, 0xd8, 0x9b, 0xc7, 0x26, 0x13, 0xf6, 0xc4, 0xef,
+    0xce, 0x0f, 0x16, 0x86, 0x64, 0x1b, 0xc0, 0x71, 0x35, 0xf9,
+    0x1f, 0xaf, 0xc4, 0x7a, 0xa3, 0x3b, 0x89, 0x40, 0xcb, 0x09,
+    0x11, 0x7b, 0x01, 0x54, 0xd5, 0xd2, 0x2a, 0xc8, 0xfe, 0x0e,
+    0xef, 0x8c, 0xfb, 0x2b, 0x08, 0x12, 0x6d, 0xbb, 0xa8, 0x2e,
+    0x7a, 0x2b, 0xc2, 0x91, 0x2a, 0x76, 0x0b, 0x31, 0x30, 0x4a,
+    0x5b, 0xca, 0x96, 0xc9, 0x89, 0xa0, 0x12, 0x40, 0x76, 0xbe,
+    0xcd, 0x59, 0x5f, 0xc2, 0x7b, 0xaf, 0xf6, 0x29, 0xde, 0xe9,
+    0x24, 0x61, 0x3f, 0x46, 0x78, 0xa7, 0xda, 0x65, 0xb0, 0xb3,
+    0xae, 0xf3, 0x72, 0x6e, 0x37, 0x6e, 0xae, 0xb1, 0x3b, 0xf6,
+    0x60, 0xa1, 0x92, 0x86, 0x9e, 0x97, 0x4f, 0x5e, 0x86, 0x88,
+    0x32, 0x06, 0x7c, 0xe3, 0x37, 0x7e, 0xb1, 0x83, 0xf5, 0x83,
+    0x05, 0x43, 0xb3, 0xe3, 0xa1, 0x68, 0xe5, 0x4c, 0x92, 0x9c,
+    0x61, 0xa3, 0x5d, 0xcf, 0x23, 0xe7, 0xce, 0xf5, 0x7f, 0xbb,
+    0xf7, 0x89, 0x5e, 0xa8, 0xf0, 0xa1, 0xff, 0x1a, 0xaf, 0x15,
+    0xc8, 0x3d, 0x8b, 0xce, 0x06, 0xa4, 0x60, 0xd6, 0x40, 0x19,
+    0x48, 0x33, 0x53, 0x34, 0x9e, 0xd8, 0x75, 0xfc, 0x45, 0x73,
+    0x35, 0x8f, 0x70, 0x04, 0x80, 0xa1, 0xe5, 0xfc, 0x98, 0xb0,
+    0x52, 0x63, 0x41, 0x84, 0x57, 0xa2, 0x85, 0x4e, 0x68, 0x13,
+    0x2d, 0x3e, 0x4b, 0x68, 0x7f, 0x43, 0x04, 0x05, 0x02, 0x5a,
+    0x16, 0x67, 0x5a, 0xc5, 0xea, 0xac, 0x25, 0x61, 0xd4, 0xa4,
+    0xe7, 0xbe, 0x13, 0x95, 0xbd, 0x03, 0xb4, 0x26, 0xe3, 0xbf,
+    0x7e, 0xe5, 0x0b, 0x34, 0xeb, 0x59, 0x5d, 0xd7, 0xdb, 0x1e,
+    0x07, 0xfc, 0x63, 0xab, 0xbb, 0xc6, 0x7a, 0x51, 0x50, 0x59,
+    0x13, 0x4b, 0x27, 0x88, 0x98, 0xdc, 0x01, 0x37, 0xeb, 0x58,
+    0x75, 0xde, 0x5a, 0xa4, 0x6b, 0xdd, 0xba, 0x01, 0x40, 0xf7,
+    0x1c, 0x0a, 0xf3, 0x02, 0x3d, 0x54, 0x64, 0xf2, 0x85, 0x43,
+    0x90, 0xc0, 0x69, 0x18, 0x94, 0x95, 0x6e, 0x57, 0x14, 0xda,
+    0x27, 0x0a, 0x42, 0xb2, 0x5a, 0x78, 0xe4, 0xf1, 0x45, 0x85,
+    0x54, 0xec, 0x44, 0xa0, 0xcb, 0xf4, 0xd1, 0x3a, 0x85, 0x74,
+    0x0f, 0x04, 0x67, 0xf4, 0x42, 0x01, 0xc4, 0x04, 0x66, 0x48,
+    0x6c, 0xbe, 0x84, 0x38, 0x6e, 0xda, 0x23, 0xd0, 0xd1, 0x26,
+    0x94, 0x11, 0x65, 0x2e, 0xc6, 0xd8, 0x6e, 0x25, 0x17, 0x43,
+    0x9f, 0x55, 0x2d, 0x1d, 0x55, 0xa9, 0xdd, 0x3b, 0xc7, 0x09,
+    0xde, 0x26, 0x64, 0xd4, 0x85, 0x21, 0x15, 0x0d, 0x4a, 0x45,
+    0x4d, 0xba, 0x13, 0x9e, 0x3b, 0x5e, 0xc2, 0xf7, 0xc1, 0x34,
+    0xc5, 0x74, 0xd4, 0x95, 0x19, 0x3d, 0x69, 0x9c, 0xae, 0xef,
+    0x13, 0x95, 0x2c, 0x77, 0xdd, 0x64, 0x2c, 0x12, 0x31, 0x7d,
+    0xb5, 0x55, 0xde, 0x69, 0x35, 0x3f, 0x77, 0x72, 0xc6, 0x21,
+    0x22, 0x23, 0x7a, 0x05, 0xbf, 0x92, 0xae, 0x49, 0x7f, 0x74,
+    0x17, 0x97, 0x5f, 0x5b, 0x4d, 0x7d, 0x86, 0x23, 0x04, 0xe0,
+    0xff, 0x10, 0x06, 0xc3, 0xd3, 0x05, 0xde, 0xc4, 0xae, 0xaf,
+    0x3d, 0x2d, 0xaf, 0x3c, 0xaf, 0xd3, 0xd5, 0xfd, 0x84, 0xd8,
+    0x3b, 0x6c, 0x8e, 0x8b, 0x23, 0x8b, 0x16, 0xaa, 0x67, 0xf1,
+    0xde, 0xa4, 0x4b, 0x5a, 0x39, 0x60, 0x73, 0xd2, 0x9f, 0x1f,
+    0x8c, 0xcf, 0xbc, 0xaa, 0x74, 0x9e, 0x8d, 0xfd, 0xc3, 0xb7,
+    0x86, 0xe5, 0xbb, 0x5a, 0x4d, 0x3d, 0xe2, 0xc3, 0x28, 0x78,
+    0x26, 0xd4, 0xb3, 0x45, 0x94, 0xd3, 0x2d, 0xbf, 0x8c, 0x92,
+    0x56, 0x3c, 0x6e, 0xea, 0x53, 0x38, 0x7f, 0x22, 0x67, 0xc9,
+    0xa7, 0x14, 0x20, 0xb9, 0x13, 0xc4, 0xa0, 0x44, 0x83, 0xc4,
+    0x19, 0xca, 0x98, 0x71, 0xc7, 0x13, 0x70, 0x3a, 0xa7, 0xfb,
+    0x9e, 0xc4, 0x94, 0x8c, 0xfd, 0x21, 0x36, 0x88, 0xea, 0x23,
+    0xc7, 0x43, 0x52, 0x9f, 0xf4, 0x9e, 0xb1, 0xb4, 0xd3, 0x20,
+    0x65, 0xd8, 0x18, 0x25, 0x80, 0xb7, 0xe4, 0x5c, 0x96, 0x3a,
+    0xa3, 0xb5, 0x40, 0x63, 0xac, 0x02, 0x34, 0x51, 0xf7, 0x12,
+    0xea, 0x97, 0x9d, 0x3e, 0xe7, 0xcb, 0x88, 0x15, 0xaa, 0xe3,
+    0xfe, 0xe5, 0x42, 0xe5, 0x48, 0xcf, 0xc6, 0x8e, 0x0e, 0xc6,
+    0x48, 0xdb, 0xe5, 0x1e, 0x79, 0x99, 0xed, 0x78, 0xa6, 0x37,
+    0xdd, 0xe3, 0x7b, 0x01, 0xdd, 0x20, 0x63, 0x45, 0x57, 0xd1,
+    0x0f, 0x05, 0x5d, 0x29, 0xad, 0x99, 0x6c, 0x27, 0xa3, 0x0c,
+    0x72, 0x81, 0xb1, 0x26, 0x16, 0xaf, 0x11, 0x65, 0xba, 0x79,
+    0xbc, 0xb8, 0xfe, 0xe7, 0xc5, 0xe6, 0x4c, 0xfa, 0x37, 0xc5,
+    0xe0, 0x2e, 0x4e, 0xef, 0x75, 0xe4, 0x04, 0xaf, 0xfa, 0x41,
+    0x7f, 0x58, 0x2e, 0x8f, 0x95, 0x5f, 0x15, 0x5c, 0x15, 0x23,
+    0x81, 0xb7, 0x2c, 0x81, 0x70, 0xf5, 0xcc, 0x60, 0x09, 0x7e,
+    0xf1, 0x0d, 0x9c, 0x9d, 0xcc, 0xa0, 0x30, 0xa8, 0x82, 0x23,
+    0x5f, 0x94, 0xcb, 0x18, 0xc4, 0x32, 0xe6, 0xab, 0xcd, 0x96,
+    0x9e, 0xab, 0xcd, 0x68, 0x6f, 0x88, 0xb7, 0x72, 0x65, 0xbc,
+    0x1e, 0x05, 0x60, 0xfe, 0x6b, 0x77, 0x2a, 0x11, 0x63, 0x59,
+    0x29, 0xdb, 0xba, 0xe0, 0x50, 0xd5, 0x51, 0x77, 0x16, 0xb8,
+    0xb7, 0xf4, 0xa9, 0xbe, 0xf0, 0xa5, 0xaa, 0x20, 0x50, 0x2e,
+    0x73, 0x21, 0xee, 0x77, 0xa3, 0xc8, 0xbc, 0x0c, 0x16, 0x0f,
+    0x83, 0x7b, 0xaf, 0xbb, 0x91, 0x95, 0xd3, 0x6e, 0xe7, 0x28,
+    0x77, 0x00, 0xbc, 0x83, 0x46, 0xa5, 0x0a, 0x19, 0xe8, 0x10,
+    0xfb, 0x24, 0xeb, 0x27, 0xc2, 0xa3, 0xdd, 0xb8, 0x5b, 0x27,
+    0xb9, 0xbb, 0x49, 0xd9, 0xd0, 0x32, 0x94, 0x48, 0x1b, 0xb8,
+    0xf8, 0xb2, 0x30, 0xf4, 0x1f, 0x3d, 0xbf, 0xe6, 0xf3, 0x34,
+    0xd3, 0x32, 0x85, 0x67, 0x85, 0x13, 0x3e, 0x20, 0xb7, 0xfa,
+    0x74, 0x27, 0x74, 0x8f, 0x55, 0x47, 0x15, 0x91, 0x0b, 0x3f,
+    0xb1, 0x18, 0xe7, 0x11, 0x1e, 0x52, 0xd8, 0xd1, 0x3f, 0xb9,
+    0x5d, 0x4f, 0x88, 0xb9, 0x1e, 0x5a, 0xb6, 0x90, 0x64, 0xad,
+    0x6f, 0x8d, 0x33, 0xb3, 0x57, 0xde, 0x3e, 0x13, 0xb3, 0x9f,
+    0x2d, 0x00, 0xb1, 0x79, 0x84, 0x60, 0x6d, 0x3c, 0x5f, 0xc0,
+    0x34, 0x08, 0x4b, 0x58, 0x33, 0x59, 0xfe, 0xe5, 0xed, 0xd3,
+    0x10, 0xd8, 0xd8, 0x85, 0xc3, 0xc9, 0x71, 0xcf, 0x40, 0x96,
+    0xc0, 0xd5, 0x5e, 0x62, 0xe7, 0xcb, 0x33, 0xee, 0x72, 0xb5,
+    0xb8, 0x6e, 0xea, 0x13, 0xde, 0xeb, 0x82, 0x03, 0x8e, 0x6c,
+    0xb3, 0x67, 0xb1, 0x5f, 0xd4, 0xe1, 0xd9, 0xc2, 0x7a, 0x97,
+    0xbb, 0xd4, 0x5e, 0x0b, 0xfe, 0xc1, 0xb3, 0x1f, 0x2b, 0x1a,
+    0x37, 0x98, 0x26, 0x27, 0xb1, 0xaf, 0x4c, 0x55, 0xe1, 0xae,
+    0x4c, 0x86, 0x80, 0x4b, 0xc5, 0xf2, 0x35, 0x48, 0x81, 0xf7,
+    0x83, 0x75, 0x63, 0x08, 0x0d, 0x77, 0x41, 0x14, 0xbc, 0xf3,
+    0x6e, 0x46, 0xbd, 0x9c, 0x5a, 0x4f, 0x5c, 0x89, 0x26, 0xb6,
+    0x6c, 0xde, 0x0d, 0x15, 0x31, 0xec, 0x7e, 0x13, 0xf2, 0x99,
+    0x74, 0x40, 0x3c, 0xe1, 0xea, 0xa0, 0xc9, 0x99, 0x0a, 0x4b,
+    0x17, 0x74, 0xff, 0x47, 0x15, 0x76, 0x5e, 0x44, 0xa2, 0x1c,
+    0x93, 0xd3, 0xe6, 0xa2, 0x82, 0x0f, 0x7f, 0x55, 0xa8, 0xf3,
+    0x79, 0xc3, 0xa8, 0x9f, 0x37, 0x2b, 0x97, 0x7e, 0x90, 0x71,
+    0xfc, 0xa7, 0xff, 0xc6, 0xc7, 0x93, 0x5c, 0xc9, 0xed, 0x20,
+    0x60, 0xbd, 0x5c, 0x36, 0x05, 0x55, 0x51, 0x55, 0x51, 0x15,
+    0x36, 0x01, 0x17, 0xa9, 0x56, 0x27, 0x44, 0x66, 0xc9, 0x3a,
+    0xb9, 0xbb, 0xee, 0x04, 0xb6, 0x2a, 0xfd, 0x10, 0x9a, 0x46,
+    0xdd, 0x5d, 0x6d, 0xad, 0x21, 0x86, 0x6d, 0x62, 0x8a, 0x4a,
+    0xbc, 0x73, 0xf0, 0x9d, 0x93, 0x0d, 0xf1, 0x62, 0xfa, 0x58,
+    0x64, 0x37, 0x4f, 0x0b, 0xa3, 0xa1, 0x52, 0xce, 0x03, 0xce,
+    0x0f, 0x77, 0x29, 0xad, 0x47, 0x38, 0xca, 0xbc, 0x61, 0xe6,
+    0xad, 0xe4, 0x8b, 0xf1, 0x82, 0xa8, 0xd5, 0xe3, 0x8c, 0xd3,
+    0xa0, 0xc4, 0xc0, 0x5e, 0x3b, 0xa1, 0x66, 0x2a, 0x6e, 0x88,
+    0x24, 0x56, 0xe4, 0x84, 0x0a, 0x36, 0x72, 0xf3, 0x5c, 0x11,
+    0xd9, 0x66, 0xd8, 0x45, 0x5c, 0x83, 0x9e, 0x1c, 0x8c, 0xc6,
+    0xf6, 0x6e, 0x6a, 0xb1, 0x52, 0xed, 0x6c, 0x6a, 0x6d, 0x23,
+    0xb9, 0x0b, 0x66, 0x26, 0x5a, 0x16, 0x16, 0x90, 0x43, 0xb9,
+    0xc3, 0x02, 0xc1, 0x43, 0x93, 0x13, 0x94, 0xfe, 0xc3, 0x59,
+    0x49, 0xbe, 0x1e, 0x26, 0x1b, 0x9d, 0x8e, 0xba, 0xc4, 0x29,
+    0x51, 0x05, 0x28, 0x1f, 0x55, 0x59, 0x1c, 0x3e, 0x25, 0x86,
+    0xcc, 0xc7, 0xd9, 0xd3, 0xa8, 0xe7, 0x10, 0xa0, 0xb6, 0x23,
+    0xb9, 0xaf, 0x00, 0x8b, 0x7d, 0xf1, 0x5b, 0xd6, 0xb7, 0x56,
+    0x44, 0x9b, 0x0a, 0xec, 0xa6, 0x2b, 0xb4, 0x4e, 0x1d, 0x4f,
+    0xc5, 0x0b, 0x45, 0xd2, 0x3a, 0xc5, 0xc0, 0xbf, 0xb9, 0xdd,
+    0x59, 0x21, 0xf2, 0x67, 0x25, 0x88, 0x9b, 0xb6, 0x66, 0x83,
+    0xbf, 0x62, 0xfe, 0x7c, 0xfa, 0x9e, 0x50, 0xed, 0x15, 0x93,
+    0xb6, 0x7a, 0xb0, 0xc4, 0xbe, 0xcf, 0x2a, 0x70, 0x4e, 0x52,
+    0x20, 0xc1, 0x24, 0x08, 0x49, 0xd9, 0x05, 0x04, 0x53, 0x73,
+    0xf3, 0xcf, 0x14, 0x70, 0xac, 0x3c, 0x45, 0x0f, 0x08, 0xa3,
+    0xae, 0x43, 0xe7, 0x7f, 0x1f, 0xe2, 0x14, 0xf1, 0xbb, 0x25,
+    0x20, 0xfd, 0xe4, 0xaf, 0x44, 0x9e, 0x77, 0x88, 0x4d, 0x26,
+    0x09, 0xb1, 0xb0, 0x12, 0xf5, 0xdf, 0x3c, 0x53, 0x48, 0x78,
+    0xb9, 0x60, 0x41, 0xd3, 0x8f, 0x8d, 0x11, 0x63, 0x60, 0x28,
+    0x30, 0x07, 0xa2, 0x14, 0x3b, 0x8c, 0x50, 0xe2, 0xee, 0x73,
+    0x39, 0x66, 0xd1, 0x51, 0x87, 0xac, 0x90, 0x9b, 0x2c, 0x6d,
+    0x8d, 0xd5, 0x75, 0x3f, 0xc6, 0xf1, 0x8f, 0xdf, 0xdb, 0x45,
+    0x38, 0xf8, 0xd6, 0x7e, 0xc7, 0x7c, 0x44, 0x08, 0x4a, 0x14,
+    0xa0, 0x84, 0x7c, 0x8b, 0x88, 0x40, 0x93, 0x89, 0xae, 0x2c,
+    0x20, 0x07, 0x80, 0xec, 0xce, 0x4c, 0x2c, 0x4e, 0x49, 0x79,
+    0x53, 0xe7, 0xde, 0xa2, 0x9e, 0x67, 0x21, 0x53, 0x7c, 0x85,
+    0xe7, 0x6f, 0xbd, 0x93, 0xab, 0x63, 0xba, 0xf0, 0xbd, 0xea,
+    0x39, 0x16, 0x47, 0xbf, 0xe6, 0x0c, 0xcb, 0x63, 0xc7, 0xc5,
+    0xf1, 0xdc, 0x5a, 0x52, 0xcd, 0x4c, 0x53, 0x8b, 0x7e, 0xb1,
+    0xc3, 0x4e, 0xe7, 0x61, 0x25, 0x01, 0xec, 0xae, 0x06, 0x74,
+    0x9f, 0xbc, 0xbb, 0x2a, 0x47, 0x46, 0xe8, 0xae, 0xf2, 0xab,
+    0x15, 0xed, 0xa6, 0x86, 0x8f, 0x2f, 0xe5, 0x67, 0x0f, 0xdd,
+    0xbf, 0x70, 0x53, 0xaa, 0x9b, 0x74,
 };
 static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key);
 
-#endif /* HAVE_PQC && HAVE_DILITHIUM */
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
-#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
+static const unsigned char bench_dilithium_level5_pubkey[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0,
+    0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c,
+    0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75,
+    0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6,
+    0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0,
+    0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d,
+    0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f,
+    0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1,
+    0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31,
+    0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23,
+    0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13,
+    0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23,
+    0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b,
+    0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4,
+    0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d,
+    0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6,
+    0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a,
+    0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a,
+    0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6,
+    0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41,
+    0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21,
+    0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55,
+    0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d,
+    0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35,
+    0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27,
+    0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9,
+    0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9,
+    0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18,
+    0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4,
+    0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf,
+    0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79,
+    0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57,
+    0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68,
+    0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67,
+    0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac,
+    0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68,
+    0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7,
+    0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08,
+    0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5,
+    0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0,
+    0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9,
+    0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88,
+    0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6,
+    0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff,
+    0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68,
+    0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde,
+    0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5,
+    0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02,
+    0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f,
+    0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90,
+    0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51,
+    0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d,
+    0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e,
+    0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0,
+    0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb,
+    0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a,
+    0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41,
+    0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6,
+    0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c,
+    0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f,
+    0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec,
+    0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7,
+    0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02,
+    0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8,
+    0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13,
+    0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54,
+    0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23,
+    0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb,
+    0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13,
+    0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c,
+    0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa,
+    0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb,
+    0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae,
+    0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64,
+    0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7,
+    0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75,
+    0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2,
+    0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00,
+    0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd,
+    0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86,
+    0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67,
+    0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43,
+    0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f,
+    0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20,
+    0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b,
+    0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7,
+    0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68,
+    0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9,
+    0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84,
+    0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98,
+    0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35,
+    0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81,
+    0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e,
+    0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc,
+    0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c,
+    0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45,
+    0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd,
+    0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20,
+    0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab,
+    0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69,
+    0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99,
+    0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4,
+    0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a,
+    0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba,
+    0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50,
+    0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae,
+    0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2,
+    0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62,
+    0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e,
+    0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c,
+    0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a,
+    0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70,
+    0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d,
+    0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72,
+    0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb,
+    0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a,
+    0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99,
+    0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c,
+    0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39,
+    0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2,
+    0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf,
+    0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69,
+    0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17,
+    0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6,
+    0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b,
+    0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5,
+    0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1,
+    0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31,
+    0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76,
+    0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81,
+    0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35,
+    0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73,
+    0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d,
+    0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3,
+    0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74,
+    0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8,
+    0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68,
+    0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa,
+    0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08,
+    0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b,
+    0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93,
+    0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb,
+    0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88,
+    0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc,
+    0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3,
+    0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b,
+    0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34,
+    0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92,
+    0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c,
+    0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3,
+    0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a,
+    0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1,
+    0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15,
+    0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe,
+    0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a,
+    0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61,
+    0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf,
+    0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d,
+    0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a,
+    0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38,
+    0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4,
+    0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6,
+    0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72,
+    0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78,
+    0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52,
+    0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3,
+    0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b,
+    0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55,
+    0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1,
+    0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa,
+    0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66,
+    0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45,
+    0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45,
+    0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a,
+    0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40,
+    0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3,
+    0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77,
+    0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53,
+    0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90,
+    0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37,
+    0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5,
+    0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10,
+    0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc,
+    0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f,
+    0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f,
+    0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f,
+    0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce,
+    0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25,
+    0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac,
+    0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7,
+    0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad,
+    0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97,
+    0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88,
+    0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba,
+    0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b,
+    0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d,
+    0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b,
+    0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5,
+    0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2,
+    0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a,
+    0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49,
+    0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c,
+    0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99,
+    0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47,
+    0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde,
+    0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc,
+    0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6,
+    0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58,
+    0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c,
+    0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e,
+    0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5,
+    0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71,
+    0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf,
+    0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00,
+    0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9,
+    0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5,
+    0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd,
+    0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3,
+    0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e,
+    0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51,
+    0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3,
+    0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d,
+    0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a,
+    0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71,
+    0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37,
+    0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58,
+    0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6,
+    0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25,
+    0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64,
+    0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6,
+    0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f,
+    0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4,
+    0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc,
+    0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25,
+    0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18,
+    0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1,
+    0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d,
+    0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce,
+    0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34,
+    0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9,
+    0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18,
+    0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88,
+    0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e,
+    0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30,
+    0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f,
+    0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64,
+    0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32,
+    0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa,
+    0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d,
+    0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d,
+    0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5,
+    0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8,
+    0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25,
+    0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
+    0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
+    0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
+    0x0a, 0x93,
+};
+static const int sizeof_bench_dilithium_level5_pubkey =
+    sizeof(bench_dilithium_level5_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#endif /* HAVE_DILITHIUM */
+
+#if defined(HAVE_SPHINCS)
 
 /* certs/sphincs/bench_sphincs_fast_level1_key.der */
 static const unsigned char bench_sphincs_fast_level1_key[] =
@@ -5999,7 +6051,7 @@ static const unsigned char bench_sphincs_small_level5_key[] =
 };
 static const int sizeof_bench_sphincs_small_level5_key = sizeof(bench_sphincs_small_level5_key);
 
-#endif /* HAVE_PQC && HAVE_SPHINCS */
+#endif /* HAVE_SPHINCS */
 
 #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
 
@@ -6041,10 +6093,10 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256);
 /* ./certs/client-ecc-cert.der, ECC */
 static const unsigned char cliecc_cert_der_256[] =
 {
-        0x30, 0x82, 0x03, 0x5D, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x37, 0x67, 0x2A, 0x05, 0x24,
-        0xB5, 0x2B, 0xB6, 0xAE, 0x40, 0x6B, 0xE1, 0x75, 0xE0, 0x97,
-        0xCC, 0x1D, 0x12, 0x8B, 0x2A, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x30, 0x82, 0x03, 0x5E, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x75, 0x99, 0xDB, 0x38, 0xED,
+        0x32, 0xB1, 0xC2, 0xD1, 0x2C, 0x5E, 0x6F, 0x6F, 0x9D, 0x47,
+        0x17, 0x58, 0xDD, 0xEE, 0x26, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55,
@@ -6060,10 +6112,10 @@ static const unsigned char cliecc_cert_der_256[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x33, 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06,
         0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
@@ -6109,9 +6161,9 @@ static const unsigned char cliecc_cert_der_256[] =
         0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
         0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
         0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x37, 0x67, 0x2A, 0x05, 0x24,
-        0xB5, 0x2B, 0xB6, 0xAE, 0x40, 0x6B, 0xE1, 0x75, 0xE0, 0x97,
-        0xCC, 0x1D, 0x12, 0x8B, 0x2A, 0x30, 0x0C, 0x06, 0x03, 0x55,
+        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x75, 0x99, 0xDB, 0x38, 0xED,
+        0x32, 0xB1, 0xC2, 0xD1, 0x2C, 0x5E, 0x6F, 0x6F, 0x9D, 0x47,
+        0x17, 0x58, 0xDD, 0xEE, 0x26, 0x30, 0x0C, 0x06, 0x03, 0x55,
         0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
         0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13,
         0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E,
@@ -6120,14 +6172,14 @@ static const unsigned char cliecc_cert_der_256[] =
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
         0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04,
-        0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x7A,
-        0x6D, 0xC5, 0xBD, 0x6F, 0x9D, 0x54, 0x4F, 0xC5, 0x4C, 0xD0,
-        0x12, 0x8C, 0x31, 0x3B, 0xB6, 0x17, 0x80, 0x9E, 0xC7, 0x34,
-        0xF8, 0xC5, 0xDA, 0xFB, 0x61, 0x23, 0x35, 0xE6, 0x93, 0x35,
-        0xB4, 0x02, 0x20, 0x1B, 0x6A, 0x86, 0xC4, 0x11, 0xBE, 0x7C,
-        0x15, 0xA7, 0x5E, 0xAB, 0x85, 0xEE, 0xB7, 0x8C, 0x20, 0xDC,
-        0xEB, 0x17, 0xA3, 0xF2, 0x66, 0x63, 0xAA, 0x6B, 0x67, 0xE0,
-        0x62, 0x1F, 0x17, 0x3E, 0xAC
+        0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x03,
+        0x69, 0x31, 0x45, 0x6F, 0x01, 0x88, 0x6B, 0x63, 0xC6, 0x1C,
+        0xEB, 0x39, 0xE4, 0x9A, 0xA8, 0xE2, 0xE0, 0x34, 0xAC, 0xAC,
+        0xE6, 0xA1, 0xD6, 0xFE, 0xCE, 0x85, 0x98, 0x1E, 0xB0, 0x0D,
+        0xA9, 0x02, 0x21, 0x00, 0xA3, 0xDD, 0x84, 0x5D, 0x08, 0x28,
+        0x4B, 0x8B, 0x58, 0xFB, 0x0D, 0x33, 0xDB, 0x02, 0xEA, 0xC8,
+        0x0C, 0xDA, 0x34, 0x0B, 0x4E, 0x83, 0xA2, 0x10, 0x67, 0x99,
+        0x19, 0x1C, 0x93, 0x91, 0xC8, 0xC7
 };
 static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256);
 
@@ -6189,9 +6241,9 @@ static const int sizeof_ecc_secp_r1_statickey_der_256 = sizeof(ecc_secp_r1_stati
 static const unsigned char serv_ecc_comp_der_256[] =
 {
         0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x03, 0x1D, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x21, 0xD7, 0x53, 0x80, 0x24,
-        0x5C, 0xEB, 0xBF, 0xC0, 0xA4, 0x40, 0xF4, 0x42, 0x19, 0x3B,
-        0x83, 0xFD, 0x58, 0xC5, 0xA6, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x0C, 0x33, 0x75, 0x68, 0xFF,
+        0x2E, 0x13, 0x4A, 0x2A, 0x30, 0x56, 0xB4, 0xA8, 0x79, 0x14,
+        0xE2, 0xC4, 0xCA, 0x61, 0x54, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
@@ -6209,10 +6261,10 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33,
-        0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32,
-        0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32,
-        0x38, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06,
+        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38,
+        0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32,
+        0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33,
+        0x30, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06,
         0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
         0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
         0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
@@ -6259,8 +6311,8 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x21, 0xD7, 0x53, 0x80, 0x24, 0x5C, 0xEB, 0xBF, 0xC0, 0xA4,
-        0x40, 0xF4, 0x42, 0x19, 0x3B, 0x83, 0xFD, 0x58, 0xC5, 0xA6,
+        0x0C, 0x33, 0x75, 0x68, 0xFF, 0x2E, 0x13, 0x4A, 0x2A, 0x30,
+        0x56, 0xB4, 0xA8, 0x79, 0x14, 0xE2, 0xC4, 0xCA, 0x61, 0x54,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -6270,14 +6322,14 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00,
-        0x30, 0x45, 0x02, 0x20, 0x57, 0x1A, 0x59, 0xBC, 0xC9, 0x45,
-        0x0A, 0x46, 0xE6, 0x16, 0xDA, 0x17, 0xCE, 0xC3, 0x0A, 0x57,
-        0x57, 0xF2, 0x3D, 0x15, 0xCD, 0xCA, 0x1B, 0xA7, 0xA8, 0x39,
-        0x2E, 0x9D, 0x09, 0xF3, 0x3E, 0xA0, 0x02, 0x21, 0x00, 0xDE,
-        0xA3, 0x3A, 0x4D, 0x88, 0x38, 0x2B, 0x3A, 0x84, 0xDE, 0x2F,
-        0x0A, 0x81, 0x14, 0x57, 0x7F, 0x7F, 0x2E, 0xD6, 0xA5, 0x4D,
-        0x61, 0x10, 0x69, 0xB9, 0xA2, 0xC6, 0x51, 0xCD, 0x80, 0x4A,
-        0x63
+        0x30, 0x45, 0x02, 0x20, 0x23, 0xD1, 0xF6, 0x8F, 0xD4, 0x29,
+        0x83, 0x27, 0x8F, 0x4A, 0x8E, 0x49, 0x44, 0x49, 0x32, 0x1C,
+        0x12, 0xE4, 0xC1, 0x33, 0xB1, 0x97, 0x2B, 0x31, 0xCD, 0x62,
+        0x47, 0xCB, 0xB6, 0xD0, 0xEB, 0x4D, 0x02, 0x21, 0x00, 0xE0,
+        0x6E, 0xDC, 0x48, 0x70, 0xAA, 0x10, 0xB2, 0x74, 0xD1, 0x88,
+        0xDA, 0xF1, 0x3F, 0xD9, 0xD7, 0xE9, 0xE4, 0x88, 0xE5, 0x91,
+        0x00, 0x03, 0xC1, 0x0C, 0x1F, 0x54, 0xA0, 0xCA, 0x4D, 0x99,
+        0x6A
 };
 static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256);
 
@@ -6302,10 +6354,10 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
         0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
         0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32,
-        0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17,
-        0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32,
+        0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30,
         0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
         0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
         0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
@@ -6353,9 +6405,9 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
         0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
         0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
-        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x33,
-        0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70,
-        0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x6B,
+        0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08,
+        0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30,
         0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03,
         0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11,
         0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D,
@@ -6365,32 +6417,32 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05,
         0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
         0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03,
-        0x82, 0x01, 0x01, 0x00, 0x16, 0xB7, 0xD3, 0x9C, 0x7C, 0x6E,
-        0xD2, 0xB7, 0x79, 0xAA, 0x5A, 0x16, 0x0B, 0x1E, 0xDA, 0xD0,
-        0xF7, 0xDF, 0x64, 0xC9, 0x3C, 0xB8, 0x41, 0x24, 0x4B, 0x1B,
-        0xC2, 0x83, 0x5E, 0xDF, 0xDE, 0xA8, 0x8A, 0x7C, 0xEB, 0x07,
-        0x75, 0x20, 0xF6, 0xF3, 0x4C, 0xBD, 0x3F, 0x2E, 0xF0, 0xF0,
-        0xDA, 0x4B, 0xC5, 0xD2, 0xC4, 0xF8, 0xDB, 0x34, 0x75, 0xE2,
-        0x32, 0xB4, 0x34, 0x92, 0x8A, 0x7F, 0xD7, 0x84, 0xEA, 0xDF,
-        0x99, 0xCA, 0x64, 0xE6, 0x7C, 0x68, 0x05, 0x1C, 0x75, 0xDE,
-        0x3F, 0x06, 0x65, 0x5D, 0xFC, 0x29, 0xC9, 0x73, 0x0F, 0x4A,
-        0xAD, 0xFD, 0xBC, 0x0D, 0x91, 0x37, 0x67, 0x63, 0x55, 0x65,
-        0x93, 0x99, 0x56, 0x84, 0x25, 0x1B, 0xF1, 0x50, 0x03, 0x31,
-        0x2D, 0x48, 0xAD, 0xA3, 0x38, 0x91, 0x29, 0x88, 0xB8, 0x72,
-        0x08, 0x4C, 0x11, 0x36, 0x35, 0x20, 0x13, 0x78, 0x98, 0xD8,
-        0x84, 0x30, 0xC5, 0x7B, 0x70, 0x24, 0x45, 0x8C, 0xE1, 0x55,
-        0x80, 0x06, 0x5F, 0x19, 0x57, 0x89, 0x58, 0x1C, 0x2A, 0x40,
-        0xFB, 0xF3, 0xA6, 0xBF, 0xEA, 0x41, 0x7A, 0x79, 0x2C, 0xAB,
-        0xFE, 0xB6, 0x16, 0x5D, 0xD5, 0xFA, 0x32, 0x50, 0x9D, 0x89,
-        0xF2, 0xCC, 0x87, 0x7A, 0x57, 0xCF, 0x4D, 0x38, 0xC4, 0xD5,
-        0x33, 0x9A, 0x4D, 0x83, 0xC9, 0x00, 0xB8, 0x36, 0x66, 0x14,
-        0x76, 0x20, 0xC1, 0x7A, 0xC7, 0xF7, 0x0A, 0x94, 0x69, 0xCE,
-        0x0A, 0x0F, 0x81, 0x04, 0x12, 0x5F, 0x71, 0xD0, 0xD1, 0xFF,
-        0x08, 0xD0, 0x89, 0x6F, 0xAC, 0x45, 0xD3, 0x06, 0x23, 0xA0,
-        0x76, 0x88, 0xAD, 0x5D, 0x9A, 0x7A, 0x8C, 0x1F, 0x61, 0xD4,
-        0xD8, 0x21, 0x1D, 0x8E, 0x05, 0x89, 0xD1, 0xD4, 0xD6, 0x86,
-        0x5B, 0x4B, 0x43, 0xE6, 0x03, 0x4A, 0x10, 0x48, 0xF4, 0x1B,
-        0x9D, 0x3B, 0x76, 0xD8, 0x2C, 0xAD, 0xFA, 0x33, 0xA5, 0x70
+        0x82, 0x01, 0x01, 0x00, 0x38, 0xE8, 0x66, 0xC3, 0x74, 0xE0,
+        0x5C, 0x59, 0xA9, 0x12, 0x46, 0xAD, 0x84, 0xE3, 0xB3, 0xFA,
+        0x3E, 0x68, 0x90, 0xD0, 0x06, 0xA4, 0x2C, 0xAB, 0xF7, 0xB3,
+        0xB9, 0x7C, 0x89, 0x62, 0xFB, 0x88, 0xEB, 0x88, 0x04, 0xD9,
+        0x4B, 0xAC, 0x7E, 0x4B, 0x4B, 0x7C, 0x7C, 0x0F, 0xE1, 0xDD,
+        0x73, 0xEE, 0x88, 0xB3, 0xE7, 0x1E, 0x00, 0x7B, 0xFE, 0xAA,
+        0x24, 0x50, 0xD7, 0x3C, 0xC4, 0x03, 0xF2, 0xBA, 0xFD, 0x81,
+        0xCE, 0x7A, 0x0C, 0x1C, 0x48, 0x6A, 0x33, 0xAD, 0xA7, 0xF8,
+        0xF7, 0xCA, 0xF7, 0x00, 0x47, 0x5C, 0xFC, 0xF8, 0x05, 0x98,
+        0x5F, 0xEC, 0xC3, 0xAA, 0x75, 0x93, 0x03, 0xA1, 0x4E, 0x7A,
+        0x37, 0xEC, 0x8B, 0xA9, 0x99, 0xFA, 0x76, 0x85, 0xCB, 0xC3,
+        0x99, 0x29, 0x70, 0x1E, 0x9C, 0x41, 0xF1, 0x49, 0xFD, 0xE8,
+        0xC0, 0x75, 0x0A, 0xDD, 0xA0, 0xE0, 0xD3, 0x6E, 0x7F, 0x93,
+        0x7E, 0x4D, 0x2E, 0xEE, 0xA1, 0xC9, 0xDB, 0xFC, 0x98, 0x86,
+        0xBB, 0x67, 0x7D, 0x2F, 0x74, 0x00, 0x10, 0x7C, 0x24, 0x5B,
+        0x58, 0xF3, 0x5A, 0xED, 0x96, 0x6E, 0x8F, 0x34, 0xEE, 0x47,
+        0x46, 0xBE, 0x3E, 0x96, 0x25, 0x2B, 0x7C, 0x90, 0x5B, 0x65,
+        0x24, 0x48, 0x66, 0x5A, 0x79, 0xA6, 0x6A, 0xF5, 0xED, 0x31,
+        0xCF, 0x0B, 0x29, 0xC3, 0xF1, 0xAB, 0x91, 0x21, 0x9C, 0x79,
+        0x99, 0xC9, 0x5C, 0x4C, 0x2B, 0xAC, 0xF1, 0x21, 0x5C, 0x44,
+        0x07, 0x14, 0x45, 0xE5, 0xE0, 0x84, 0xCE, 0xA3, 0x49, 0x59,
+        0x8D, 0x94, 0x4A, 0x9D, 0x11, 0x20, 0xC3, 0xD3, 0xFC, 0xCE,
+        0x8F, 0x2C, 0x38, 0x5B, 0x38, 0xE7, 0xB2, 0xD0, 0x71, 0x9F,
+        0x3F, 0xDE, 0x4E, 0x08, 0x03, 0xF9, 0x11, 0x58, 0x7C, 0x46,
+        0x04, 0x0A, 0x73, 0x28, 0x68, 0xB8, 0x17, 0x17, 0x02, 0x45,
+        0x9C, 0x65, 0x96, 0x1A, 0xB3, 0x98, 0x4D, 0x3B, 0xFB, 0xC7
 
 };
 static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256);
@@ -6416,10 +6468,10 @@ static const unsigned char serv_ecc_der_256[] =
         0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
         0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
         0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32,
-        0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17,
-        0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32,
+        0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
         0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
         0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
         0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F,
@@ -6459,13 +6511,13 @@ static const unsigned char serv_ecc_der_256[] =
         0x01, 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02,
         0x06, 0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
         0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02,
-        0x21, 0x00, 0x86, 0xBD, 0x87, 0x16, 0xD2, 0x9C, 0x66, 0xE7,
-        0x5E, 0x5C, 0x28, 0x0E, 0x5F, 0xEF, 0x94, 0x61, 0x2F, 0xD4,
-        0x21, 0x6D, 0x8E, 0xC3, 0x94, 0x0A, 0x1E, 0xB5, 0x6A, 0x1D,
-        0xC6, 0x04, 0x87, 0xC6, 0x02, 0x20, 0x66, 0x46, 0xC4, 0x29,
-        0xD9, 0x8E, 0xEB, 0x0B, 0xF7, 0x5B, 0x32, 0x13, 0xEB, 0x0A,
-        0xEA, 0x47, 0x99, 0x4B, 0x74, 0x56, 0xBA, 0x21, 0x97, 0xB1,
-        0x67, 0x75, 0x5C, 0xF3, 0xF3, 0xC0, 0x88, 0xAA
+        0x21, 0x00, 0x8B, 0x82, 0xA5, 0xD2, 0xF6, 0xCA, 0x84, 0xBA,
+        0xAD, 0x2D, 0xDE, 0x36, 0xE9, 0x2A, 0x4D, 0xEE, 0x4B, 0x20,
+        0x46, 0xBA, 0xAB, 0x4E, 0xD0, 0x10, 0x6E, 0xEB, 0x30, 0xB6,
+        0x7E, 0xD8, 0xAF, 0x8C, 0x02, 0x20, 0x06, 0x74, 0x40, 0x6A,
+        0xA9, 0x31, 0x54, 0xFE, 0x20, 0x9D, 0xC6, 0x6D, 0x2B, 0xDF,
+        0x1D, 0xAA, 0x63, 0xDA, 0xFC, 0x97, 0x50, 0x87, 0x92, 0x69,
+        0xEE, 0x63, 0x57, 0xB6, 0xEC, 0xE2, 0xE9, 0xFA
 };
 static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
 
@@ -6492,9 +6544,9 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256);
 static const unsigned char ca_ecc_cert_der_256[] =
 {
         0x30, 0x82, 0x02, 0x95, 0x30, 0x82, 0x02, 0x3B, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x0F, 0x17, 0x46, 0x70, 0xFD,
-        0xC2, 0x70, 0xD1, 0xF9, 0x42, 0x49, 0x9C, 0x1A, 0xC3, 0x5D,
-        0xDD, 0x30, 0xC8, 0x5F, 0x85, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x30, 0xB9, 0x30, 0x50, 0xF8,
+        0x1A, 0x0D, 0xFF, 0xAD, 0x68, 0xD1, 0x6D, 0xE8, 0xA3, 0x6B,
+        0x58, 0x23, 0x33, 0x7A, 0x84, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
@@ -6511,10 +6563,10 @@ static const unsigned char ca_ecc_cert_der_256[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
         0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E,
@@ -6550,14 +6602,14 @@ static const unsigned char ca_ecc_cert_der_256[] =
         0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F,
         0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30,
         0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03,
-        0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xC8,
-        0x64, 0x7F, 0xEE, 0x4B, 0xBE, 0x83, 0x48, 0x13, 0xEA, 0x92,
-        0xF8, 0x1A, 0x82, 0x1E, 0x85, 0xB1, 0x5A, 0xA4, 0x1C, 0xE3,
-        0xE8, 0xEA, 0x25, 0x44, 0x6F, 0xE7, 0x70, 0xFD, 0xEB, 0xF3,
-        0x76, 0x02, 0x20, 0x44, 0x02, 0xA2, 0xEC, 0xC5, 0xA1, 0xAE,
-        0xE2, 0xA4, 0x8A, 0xD9, 0x13, 0x95, 0x2B, 0xA6, 0x5B, 0x09,
-        0x57, 0x86, 0x61, 0x42, 0x96, 0x97, 0xF0, 0x95, 0x62, 0x0C,
-        0x03, 0xE6, 0x53, 0x04, 0x25
+        0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0x88,
+        0xCC, 0x7F, 0x00, 0xF5, 0xA9, 0x4E, 0xC0, 0x69, 0x6E, 0x36,
+        0x39, 0x24, 0x8F, 0x83, 0x45, 0x4D, 0xFA, 0xD0, 0x39, 0x14,
+        0xB8, 0xC8, 0x7F, 0x95, 0x51, 0xF2, 0xC5, 0x98, 0xC0, 0xB7,
+        0xE2, 0x02, 0x20, 0x2A, 0x93, 0x61, 0xB0, 0x06, 0xDE, 0xEB,
+        0xDA, 0xFD, 0xAF, 0x6B, 0x39, 0xBF, 0x88, 0x17, 0xF1, 0xBA,
+        0x2A, 0x7D, 0x59, 0xA8, 0xDE, 0xE7, 0x0A, 0x11, 0x83, 0x4F,
+        0x92, 0x77, 0x8D, 0x92, 0x3B
 };
 static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256);
 
@@ -6588,9 +6640,9 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384);
 static const unsigned char ca_ecc_cert_der_384[] =
 {
         0x30, 0x82, 0x02, 0xD2, 0x30, 0x82, 0x02, 0x58, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x2E, 0xEA, 0xF0, 0x11, 0x40,
-        0x1E, 0xAD, 0xFA, 0xA7, 0x85, 0x68, 0x65, 0x7A, 0x25, 0x2B,
-        0x13, 0xB7, 0x61, 0xD7, 0x80, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x4E, 0x08, 0x67, 0x9D, 0x29,
+        0x61, 0x47, 0x3E, 0x2A, 0x23, 0x82, 0xCD, 0xCF, 0xCB, 0x53,
+        0x2A, 0xB8, 0x02, 0x22, 0x57, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
@@ -6607,10 +6659,10 @@ static const unsigned char ca_ecc_cert_der_384[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
         0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E,
@@ -6649,17 +6701,17 @@ static const unsigned char ca_ecc_cert_der_384[] =
         0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01,
         0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A,
         0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03,
-        0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xBD, 0x2E,
-        0x67, 0x71, 0x54, 0xBE, 0xB8, 0x5E, 0x29, 0x19, 0xD3, 0x18,
-        0xF7, 0xE1, 0xAE, 0x79, 0xF0, 0xCC, 0x09, 0xC3, 0x91, 0xC0,
-        0x81, 0xAB, 0xD7, 0xB7, 0x21, 0xF8, 0x4F, 0xDA, 0xBC, 0xAD,
-        0x0E, 0xFC, 0x3D, 0x54, 0x32, 0x21, 0x3A, 0x67, 0xC5, 0x26,
-        0x35, 0xE9, 0x33, 0xB2, 0x58, 0xD2, 0x02, 0x30, 0x64, 0x2F,
-        0xFB, 0x10, 0xD0, 0x65, 0xB5, 0xAC, 0xBB, 0xB3, 0x41, 0x64,
-        0x24, 0xEB, 0x0A, 0x6B, 0xAE, 0xA4, 0xED, 0x3E, 0xC8, 0x62,
-        0x81, 0x45, 0x97, 0x92, 0xAD, 0x61, 0xEB, 0x69, 0x54, 0xCE,
-        0x42, 0x83, 0xBB, 0x68, 0x23, 0x20, 0xF7, 0xB2, 0x5A, 0x55,
-        0x0C, 0xD4, 0xE6, 0x13, 0x42, 0x61
+        0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x1D, 0x3F, 0x92,
+        0x02, 0xB2, 0x46, 0x54, 0xEE, 0x9E, 0x0D, 0x90, 0x03, 0x73,
+        0x6A, 0xAB, 0x04, 0x5A, 0x41, 0xFE, 0xF4, 0x1B, 0xFD, 0xD6,
+        0x99, 0xCC, 0x7A, 0x6C, 0xFD, 0x52, 0xDA, 0x2E, 0x4E, 0x78,
+        0xFE, 0xEF, 0x79, 0x74, 0x12, 0x5E, 0x04, 0x9D, 0x2C, 0xE4,
+        0xE7, 0x1A, 0x4D, 0xD3, 0x1E, 0x02, 0x31, 0x00, 0xB7, 0x34,
+        0xE8, 0x4C, 0x69, 0x70, 0xDB, 0xFD, 0x1A, 0x48, 0xC5, 0xDC,
+        0x8E, 0xEF, 0x15, 0xCA, 0x13, 0xEE, 0xF8, 0x4F, 0x27, 0x5F,
+        0xD2, 0x3A, 0x6A, 0x06, 0x7D, 0xF3, 0x32, 0xA7, 0x75, 0x97,
+        0x27, 0x6D, 0x60, 0xED, 0xA2, 0x9F, 0x9F, 0x7E, 0x66, 0x43,
+        0xF9, 0x15, 0x1D, 0x65, 0x5D, 0x49
 };
 static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384);
 
@@ -6748,9 +6800,9 @@ static const unsigned char server_ed25519_cert[] =
         0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26,
         0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77,
         0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D,
-        0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30,
-        0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, 0x30, 0x81,
+        0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35,
+        0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31,
+        0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81,
         0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
         0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
         0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
@@ -6788,14 +6840,14 @@ static const unsigned char server_ed25519_cert[] =
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
         0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8,
         0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30,
-        0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x22,
-        0xD7, 0x34, 0xAC, 0x33, 0x65, 0x8B, 0x18, 0xA4, 0x34, 0xF9,
-        0x3A, 0xE6, 0xCE, 0xC1, 0x77, 0xA6, 0x3D, 0x2A, 0x2A, 0xEE,
-        0x22, 0xAD, 0x6E, 0xFC, 0x36, 0xFC, 0x98, 0x8D, 0x8A, 0xFD,
-        0x3F, 0xCB, 0xA9, 0x74, 0x01, 0x25, 0x96, 0x05, 0xE1, 0x39,
-        0x13, 0x8B, 0xD9, 0x05, 0x6D, 0xC9, 0xBA, 0x0E, 0x5D, 0x36,
-        0xBF, 0x39, 0x03, 0x57, 0x2A, 0x55, 0xFC, 0xE3, 0x53, 0xC3,
-        0x1B, 0xE1, 0x0B
+        0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x04,
+        0x19, 0x32, 0xE4, 0x24, 0xE5, 0xDF, 0x5A, 0xA4, 0x19, 0xC4,
+        0x31, 0x15, 0x81, 0x05, 0x4C, 0x45, 0x0A, 0x40, 0x4A, 0x5D,
+        0x6A, 0x8B, 0x0A, 0x77, 0x02, 0xFE, 0x48, 0x82, 0xD2, 0x83,
+        0x8D, 0xDE, 0x42, 0xB8, 0xCF, 0x02, 0xDC, 0x64, 0x2C, 0xBD,
+        0x8C, 0x9D, 0x22, 0x16, 0xD8, 0x7A, 0x23, 0x65, 0x5D, 0xB0,
+        0x25, 0x92, 0xAC, 0xA8, 0x6C, 0xDE, 0xDF, 0x1D, 0xEB, 0x64,
+        0xE4, 0x8A, 0x06
 };
 static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert);
 
@@ -6831,10 +6883,10 @@ static const unsigned char ca_ed25519_cert[] =
         0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
         0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
         0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-        0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31,
-        0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A,
-        0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32,
-        0x31, 0x39, 0x32, 0x39, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B,
+        0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31,
+        0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A,
+        0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31,
+        0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B,
         0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
         0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
         0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
@@ -6868,13 +6920,13 @@ static const unsigned char ca_ed25519_cert[] =
         0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06,
         0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03,
         0x02, 0x01, 0x86, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70,
-        0x03, 0x41, 0x00, 0xE6, 0x71, 0xA0, 0x59, 0x63, 0xB4, 0x31,
-        0x31, 0x1F, 0x75, 0x06, 0xCE, 0xF1, 0x89, 0xF0, 0xE7, 0xA2,
-        0xDB, 0xA8, 0xC1, 0xE4, 0xC8, 0x61, 0x38, 0x0C, 0xE6, 0xE9,
-        0xE7, 0xB9, 0x9F, 0xCE, 0xE2, 0xF5, 0x49, 0xA3, 0xF5, 0x04,
-        0x1E, 0x85, 0xF7, 0x7D, 0x10, 0xFB, 0x1D, 0xEE, 0xB6, 0xDC,
-        0x5E, 0x51, 0xF1, 0x82, 0x33, 0xA4, 0xED, 0xE0, 0x0A, 0x65,
-        0x09, 0x2B, 0x0E, 0x1E, 0xB2, 0xAF, 0x0B
+        0x03, 0x41, 0x00, 0x44, 0xEB, 0x38, 0xC6, 0x27, 0xD4, 0x70,
+        0x42, 0x3F, 0x9B, 0xA0, 0xD7, 0x90, 0x96, 0xD6, 0x6E, 0x42,
+        0x38, 0x5B, 0x38, 0x38, 0x9F, 0x21, 0xCA, 0xB0, 0xFA, 0x5E,
+        0x7C, 0x17, 0xB4, 0x32, 0x5C, 0xB3, 0x08, 0xA2, 0x65, 0x50,
+        0xD7, 0x65, 0x6B, 0xF8, 0xA9, 0xEF, 0x0D, 0xD1, 0x54, 0x2D,
+        0x4D, 0xB6, 0x0F, 0x42, 0x9E, 0x51, 0xF7, 0xDB, 0xA7, 0xBF,
+        0x16, 0x23, 0xC4, 0xBD, 0x7D, 0xC9, 0x03
 };
 static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
 
@@ -6882,9 +6934,9 @@ static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
 static const unsigned char client_ed25519_cert[] =
 {
         0x30, 0x82, 0x03, 0x9F, 0x30, 0x82, 0x03, 0x51, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x31, 0xE6, 0x4A, 0xB1, 0x6B,
-        0x4E, 0x2E, 0x77, 0x7B, 0xD6, 0xE3, 0x94, 0x8A, 0xCF, 0x02,
-        0xB7, 0x58, 0x5A, 0xFB, 0xAB, 0x30, 0x05, 0x06, 0x03, 0x2B,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x33, 0x8B, 0x57, 0xD5, 0x8E,
+        0x84, 0x67, 0x6A, 0xE1, 0xED, 0xF2, 0xB9, 0x11, 0x16, 0x5E,
+        0x12, 0xE5, 0x0C, 0x78, 0x8A, 0x30, 0x05, 0x06, 0x03, 0x2B,
         0x65, 0x70, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06,
         0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
         0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
@@ -6904,9 +6956,9 @@ static const unsigned char client_ed25519_cert[] =
         0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A,
         0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01,
         0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30,
-        0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32,
-        0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x36,
-        0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39,
+        0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32,
+        0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37,
+        0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30,
         0x5A, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
         0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
         0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
@@ -6957,9 +7009,9 @@ static const unsigned char client_ed25519_cert[] =
         0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06,
         0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01,
         0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
-        0x82, 0x14, 0x31, 0xE6, 0x4A, 0xB1, 0x6B, 0x4E, 0x2E, 0x77,
-        0x7B, 0xD6, 0xE3, 0x94, 0x8A, 0xCF, 0x02, 0xB7, 0x58, 0x5A,
-        0xFB, 0xAB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x33, 0x8B, 0x57, 0xD5, 0x8E, 0x84, 0x67, 0x6A,
+        0xE1, 0xED, 0xF2, 0xB9, 0x11, 0x16, 0x5E, 0x12, 0xE5, 0x0C,
+        0x78, 0x8A, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -6967,14 +7019,14 @@ static const unsigned char client_ed25519_cert[] =
         0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x05, 0x06,
-        0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x92, 0xAC, 0x52,
-        0xCF, 0x34, 0xC2, 0x76, 0x8A, 0x78, 0xF7, 0xEF, 0xDA, 0x3F,
-        0x79, 0xE9, 0x66, 0xD1, 0xDE, 0xE1, 0xD7, 0x56, 0xB5, 0x4B,
-        0xCF, 0xA7, 0xC2, 0x03, 0xAF, 0xCC, 0x23, 0x11, 0x4B, 0x44,
-        0x0C, 0x33, 0xCE, 0x45, 0xE0, 0x33, 0xEB, 0xCC, 0xC9, 0xF8,
-        0x38, 0x5B, 0x19, 0x6F, 0x86, 0x4D, 0x97, 0x30, 0xD1, 0x55,
-        0x6E, 0xCB, 0x5F, 0x39, 0xC9, 0xA3, 0x22, 0x16, 0x66, 0x5F,
-        0x07
+        0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xAA, 0xC7, 0xBD,
+        0x8E, 0x56, 0x40, 0xAB, 0x7D, 0x9C, 0x55, 0xF0, 0x4D, 0x1D,
+        0x97, 0xE9, 0x03, 0x62, 0x11, 0xCA, 0x51, 0xAD, 0x80, 0xCF,
+        0x1A, 0x2C, 0x2C, 0x5B, 0x2D, 0x71, 0xFE, 0xDB, 0x1D, 0x4B,
+        0xCD, 0x4B, 0x8B, 0x2D, 0x12, 0xF7, 0x01, 0xEE, 0xFB, 0x7D,
+        0x2E, 0x21, 0xFC, 0x81, 0xDE, 0x84, 0x59, 0xC8, 0xA5, 0x1E,
+        0x92, 0xE3, 0x21, 0x58, 0xD1, 0x3E, 0x8A, 0x71, 0x91, 0x2D,
+        0x0E
 };
 static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert);
 
diff --git a/wolfssl/crl.h b/wolfssl/crl.h
index 4b4dcc276..56f500314 100644
--- a/wolfssl/crl.h
+++ b/wolfssl/crl.h
@@ -1,6 +1,6 @@
 /* crl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,10 @@ WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert);
 WOLFSSL_LOCAL int  CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash,
         byte* serial, int serialSz, byte* serialHash, const byte* extCrlInfo,
         int extCrlInfoSz, void* issuerName);
-
+#ifdef HAVE_CRL_UPDATE_CB
+WOLFSSL_LOCAL int  GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff,
+        long sz, int type);
+#endif
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index e579bfb66..bc3e64100 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -1,6 +1,6 @@
 /* error-ssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,24 @@
     extern "C" {
 #endif
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+    #include <wolfssl/debug-untrace-error-codes.h>
+#endif
+
 enum wolfSSL_ErrorCodes {
+    WOLFSSL_FATAL_ERROR          =   -1,   /* must be -1 for backward compat. */
+
+    /* negative counterparts to namesake positive constants in ssl.h */
+    WOLFSSL_ERROR_WANT_READ_E    =   -2,
+    WOLFSSL_ERROR_WANT_WRITE_E   =   -3,
+    WOLFSSL_ERROR_WANT_X509_LOOKUP_E = -4,
+    WOLFSSL_ERROR_SYSCALL_E      =   -5,
+    WOLFSSL_ERROR_ZERO_RETURN_E  =   -6,
+    WOLFSSL_ERROR_WANT_CONNECT_E =   -7,
+    WOLFSSL_ERROR_WANT_ACCEPT_E  =   -8,
+
+    WOLFSSL_FIRST_E              = -301,   /* start of native TLS codes */
+
     INPUT_CASE_ERROR             = -301,   /* process input state error */
     PREFIX_ERROR                 = -302,   /* bad index to key rounds  */
     MEMORY_ERROR                 = -303,   /* out of memory            */
@@ -75,12 +92,14 @@ enum wolfSSL_ErrorCodes {
     ZERO_RETURN                  = -343,   /* peer sent close notify */
     SIDE_ERROR                   = -344,   /* wrong client/server type */
     NO_PEER_CERT                 = -345,   /* peer didn't send key */
+
     ECC_CURVETYPE_ERROR          = -350,   /* Bad ECC Curve Type */
     ECC_CURVE_ERROR              = -351,   /* Bad ECC Curve */
     ECC_PEERKEY_ERROR            = -352,   /* Bad Peer ECC Key */
     ECC_MAKEKEY_ERROR            = -353,   /* Bad Make ECC Key */
     ECC_EXPORT_ERROR             = -354,   /* Bad ECC Export Key */
     ECC_SHARED_ERROR             = -355,   /* Bad ECC Shared Secret */
+
     NOT_CA_ERROR                 = -357,   /* Not a CA cert error */
 
     BAD_CERT_MANAGER_ERROR       = -359,   /* Bad Cert Manager */
@@ -96,7 +115,7 @@ enum wolfSSL_ErrorCodes {
     COOKIE_ERROR                 = -369,   /* dtls cookie error */
     SEQUENCE_ERROR               = -370,   /* dtls sequence error */
     SUITES_ERROR                 = -371,   /* suites pointer error */
-
+    MAX_CERT_EXTENSIONS_ERR      = -372,   /* max cert extension exceeded */
     OUT_OF_ORDER_E               = -373,   /* out of order message */
     BAD_KEA_TYPE_E               = -374,   /* bad KEA type found */
     SANITY_CIPHER_E              = -375,   /* sanity check on cipher error */
@@ -181,24 +200,59 @@ enum wolfSSL_ErrorCodes {
     DTLS_CID_ERROR               = -454,   /* Wrong or missing CID */
     DTLS_TOO_MANY_FRAGMENTS_E    = -455,   /* Received too many fragments */
     QUIC_WRONG_ENC_LEVEL         = -456,   /* QUIC data received on wrong encryption level */
-
     DUPLICATE_TLS_EXT_E          = -457,   /* Duplicate TLS extension in msg. */
-    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
-    /* begin negotiation parameter errors */
+    /* legacy CyaSSL compat layer error codes */
+    WOLFSSL_ALPN_NOT_FOUND       = -458,   /* TLS extension not found */
+    WOLFSSL_BAD_CERTTYPE         = -459,   /* Certificate type not supported */
+    WOLFSSL_BAD_STAT             = -460,   /* not used */
+    WOLFSSL_BAD_PATH             = -461,   /* No certificates found at designated path */
+    WOLFSSL_BAD_FILETYPE         = -462,   /* Data format not supported */
+    WOLFSSL_BAD_FILE             = -463,   /* Input/output error on file */
+    WOLFSSL_NOT_IMPLEMENTED      = -464,   /* Function not implemented */
+    WOLFSSL_UNKNOWN              = -465,   /* Unknown algorithm (EVP) */
+
+    /* negotiation parameter errors */
     UNSUPPORTED_SUITE            = -500,   /* unsupported cipher suite */
     MATCH_SUITE_ERROR            = -501,   /* can't match cipher suite */
     COMPRESSION_ERROR            = -502,   /* compression mismatch */
     KEY_SHARE_ERROR              = -503,   /* key share mismatch */
     POST_HAND_AUTH_ERROR         = -504,   /* client won't do post-hand auth */
     HRR_COOKIE_ERROR             = -505,   /* HRR msg cookie mismatch */
-    UNSUPPORTED_CERTIFICATE      = -506    /* unsupported certificate type */
-    /* end negotiation parameter errors only 10 for now */
-    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+    UNSUPPORTED_CERTIFICATE      = -506,   /* unsupported certificate type */
 
-    /* no error strings go down here, add above negotiation errors !!!! */
+    /* PEM and EVP errors */
+    WOLFSSL_PEM_R_NO_START_LINE_E = -507,
+    WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E = -508,
+    WOLFSSL_PEM_R_BAD_PASSWORD_READ_E = -509,
+    WOLFSSL_PEM_R_BAD_DECRYPT_E  = -510,
+    WOLFSSL_ASN1_R_HEADER_TOO_LONG_E = -511,
+
+    WOLFSSL_EVP_R_BAD_DECRYPT_E  = -512,
+    WOLFSSL_EVP_R_BN_DECODE_ERROR = -513,
+    WOLFSSL_EVP_R_DECODE_ERROR   = -514,
+    WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR = -515,
+
+    CRYPTO_POLICY_FORBIDDEN      = -516,   /* operation forbidden by system
+                                            * crypto-policy */
+
+    WOLFSSL_LAST_E               = -516
+
+    /* codes -1000 to -1999 are reserved for wolfCrypt. */
 };
 
+wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E);
+
+/* I/O Callback default errors */
+enum IOerrors {
+    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
+    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
+    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
+    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
+    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
+    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
+    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
+};
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
     enum {
@@ -211,6 +265,11 @@ enum wolfSSL_ErrorCodes {
 WOLFSSL_LOCAL
 void SetErrorString(int err, char* buff);
 
+#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+        (defined(BUILDING_WOLFSSL) || \
+         defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+    #include <wolfssl/debug-trace-error-codes.h>
+#endif
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/include.am b/wolfssl/include.am
index d00c59382..8fba008b8 100644
--- a/wolfssl/include.am
+++ b/wolfssl/include.am
@@ -3,7 +3,9 @@
 #
 
 include wolfssl/wolfcrypt/include.am
+if BUILD_OPENSSL_COMPAT
 include wolfssl/openssl/include.am
+endif
 
 EXTRA_DIST+= wolfssl/sniffer_error.rc
 
@@ -31,3 +33,9 @@ noinst_HEADERS+=         wolfssl/options.h
 else
 nobase_include_HEADERS+= wolfssl/options.h
 endif
+
+wolfssl/debug-trace-error-codes.h wolfssl/debug-untrace-error-codes.h: wolfssl/wolfcrypt/error-crypt.h wolfssl/error-ssl.h
+	@support/gen-debug-trace-error-codes.sh
+
+DISTCLEANFILES += wolfssl/debug-trace-error-codes.h \
+                  wolfssl/debug-untrace-error-codes.h
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 69bda591a..e24077365 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1,6 +1,6 @@
 /* internal.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -122,8 +122,10 @@
 #ifdef HAVE_CURVE448
     #include <wolfssl/wolfcrypt/curve448.h>
 #endif
-#ifdef HAVE_PQC
+#ifdef HAVE_FALCON
     #include <wolfssl/wolfcrypt/falcon.h>
+#endif
+#ifdef HAVE_DILITHIUM
     #include <wolfssl/wolfcrypt/dilithium.h>
 #endif
 #ifdef HAVE_HKDF
@@ -149,15 +151,25 @@
     #include <signal.h>
 #endif
 
-#ifdef USE_WINDOWS_API
+#ifdef __WATCOMC__
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+        #include <windows.h>
+        #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
+    #elif defined(__LINUX__)
+        #ifndef SINGLE_THREADED
+            #define WOLFSSL_PTHREADS
+            #include <pthread.h>
+        #endif
+    #endif
+#elif defined(USE_WINDOWS_API)
     #ifdef WOLFSSL_GAME_BUILD
         #include "system/xtl.h"
     #else
-        #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
-            /* On WinCE winsock2.h must be included before windows.h */
-            #include <winsock2.h>
-        #endif
+        #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
         #include <windows.h>
+        #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
     #endif
 #elif defined(THREADX)
     #ifndef SINGLE_THREADED
@@ -206,7 +218,12 @@
     #endif
 #elif defined(WOLFSSL_ZEPHYR)
     #ifndef SINGLE_THREADED
-        #include <zephyr/kernel.h>
+        #include <version.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/kernel.h>
+        #else
+            #include <kernel.h>
+        #endif
     #endif
 #elif defined(WOLFSSL_TELIT_M2MB)
     /* do nothing */
@@ -225,7 +242,7 @@
     #endif
     #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
         #ifdef FUSION_RTOS
-           #include <fclunistd.h>
+            #include <fclunistd.h>
         #else
             #include <unistd.h>      /* for close of BIO */
         #endif
@@ -343,7 +360,7 @@
         #endif
     #endif
 
-    #if !defined(NO_RSA) && !defined(NO_DES3)
+    #if !defined(NO_RSA) && !defined(NO_DES3) && !defined(NO_DES3_TLS_SUITES)
         #if !defined(NO_SHA)
             #if defined(WOLFSSL_STATIC_RSA)
                 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
@@ -500,7 +517,7 @@
             #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
                 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
             #endif
-            #if !defined(NO_DES3)
+            #if !defined(NO_DES3) && !defined(NO_DES3_TLS_SUITES)
                 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
             #endif
         #endif
@@ -686,7 +703,8 @@
             #endif
         #endif
         #if !defined(NO_DES3) && !(defined(WSSL_HARDEN_TLS) && \
-                                           WSSL_HARDEN_TLS > 112)
+                                           WSSL_HARDEN_TLS > 112) && \
+            !defined(NO_DES3_TLS_SUITES)
             /* 3DES offers only 112 bits of security.
              * Using guidance from section 5.6.1
              * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
@@ -965,6 +983,25 @@
     #define NO_AESGCM_AEAD
 #endif
 
+#if defined(BUILD_TLS_RSA_WITH_AES_128_CCM_8) || \
+    defined(BUILD_TLS_RSA_WITH_AES_256_CCM_8) || \
+    defined(BUILD_TLS_PSK_WITH_AES_128_CCM_8) || \
+    defined(BUILD_TLS_PSK_WITH_AES_128_CCM) || \
+    defined(BUILD_TLS_PSK_WITH_AES_256_CCM_8) || \
+    defined(BUILD_TLS_PSK_WITH_AES_256_CCM) || \
+    defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CCM) || \
+    defined(BUILD_TLS_DHE_PSK_WITH_AES_256_CCM) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8) || \
+    defined(BUILD_TLS_AES_128_CCM_SHA256) || \
+    defined(BUILD_TLS_AES_128_CCM_8_SHA256)
+    #define BUILD_AESCCM
+#else
+    /* No AES-CCM cipher suites available with build */
+    #define NO_AESCCM_AEAD
+#endif
+
 #if defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256) || \
     defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384)
     #define BUILD_ARIA
@@ -994,7 +1031,8 @@
 #endif
 
 #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
-    #define AES_BLOCK_SIZE 16
+    #undef WC_AES_BLOCK_SIZE
+    #define WC_AES_BLOCK_SIZE 16
     #undef  BUILD_AES
 #else
     #undef  BUILD_AES
@@ -1321,29 +1359,15 @@ enum {
     #endif
 #endif
 
+#ifndef MAX_PSK_KEY_LEN
+    #define MAX_PSK_KEY_LEN 64
+#endif
+
 #ifndef MAX_EARLY_DATA_SZ
     /* maximum early data size */
     #define MAX_EARLY_DATA_SZ  4096
 #endif
 
-#ifndef NO_RSA
-    #ifndef WOLFSSL_MAX_RSA_BITS
-        #ifdef USE_FAST_MATH
-            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
-            #define WOLFSSL_MAX_RSA_BITS    (FP_MAX_BITS / 2)
-        #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
-            /* SP implementation supports numbers of SP_INT_BITS bits. */
-            #define WOLFSSL_MAX_RSA_BITS    (((SP_INT_BITS + 7) / 8) * 8)
-        #else
-            /* Integer maths is dynamic but we only go up to 4096 bits. */
-            #define WOLFSSL_MAX_RSA_BITS 4096
-        #endif
-    #endif
-    #if (WOLFSSL_MAX_RSA_BITS % 8)
-        #error RSA maximum bit size must be multiple of 8
-    #endif
-#endif
-
 
 #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)
     /* MySQL wants to be able to use 8192-bit numbers. */
@@ -1371,9 +1395,9 @@ enum {
             #error "MySQL needs FP_MAX_BITS at least at 16384"
         #endif
 
-        #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
-            WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS
-            #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS"
+        #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \
+            WC_MAX_RSA_BITS > ENCRYPT_BASE_BITS
+            #error "FP_MAX_BITS too small for WC_MAX_RSA_BITS"
         #endif
     #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
         /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */
@@ -1399,9 +1423,9 @@ enum {
             #error "MySQL needs SP_INT_BITS at least at 8192"
         #endif
 
-        #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
-            WOLFSSL_MAX_RSA_BITS > SP_INT_BITS
-            #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS"
+        #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \
+            WC_MAX_RSA_BITS > SP_INT_BITS
+            #error "SP_INT_BITS too small for WC_MAX_RSA_BITS"
         #endif
     #else
         /* Integer/heap maths - support 4096-bit. */
@@ -1413,15 +1437,15 @@ enum {
     #define ENCRYPT_BASE_BITS    (256 * 2)
 #else
     /* No secret from public key operation but PSK key plus length used. */
-    #define ENCRYPT_BASE_BITS  ((MAX_PSK_ID_LEN + 2) * 8)
+    #define ENCRYPT_BASE_BITS  ((MAX_PSK_KEY_LEN + 2) * 8)
 #endif
 
 #ifdef WOLFSSL_DTLS_CID
 #ifndef DTLS_CID_MAX_SIZE
-/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt
+/* DTLS parsing code copies the record header in a static buffer to decrypt
  * the record. Increasing the CID max size does increase also this buffer,
  * impacting on per-session runtime memory footprint. */
-#define DTLS_CID_MAX_SIZE 2
+#define DTLS_CID_MAX_SIZE 10
 #endif
 #else
 #undef DTLS_CID_MAX_SIZE
@@ -1432,6 +1456,30 @@ enum {
 #error "Max size for DTLS CID is 255 bytes"
 #endif
 
+/* Record Payload Protection Section 5
+ *   https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */
+#define WOLFSSL_TLS_HMAC_CID_INNER_SZ                               \
+           (8 +                 /* seq_num_placeholder */           \
+            1 +                 /* tls12_cid */                     \
+            1 +                 /* cid_length */                    \
+            1 +                 /* tls12_cid */                     \
+            2 +                 /* DTLSCiphertext.version */        \
+            2 +                 /* epoch */                         \
+            6 +                 /* sequence_number */               \
+            DTLS_CID_MAX_SIZE + /* cid */                           \
+            2)                  /* length_of_DTLSInnerPlaintext */
+
+#define WOLFSSL_TLS_AEAD_CID_AAD_SZ                                 \
+           (8 +                 /* seq_num_placeholder */           \
+            1 +                 /* tls12_cid */                     \
+            1 +                 /* cid_length */                    \
+            1 +                 /* tls12_cid */                     \
+            2 +                 /* DTLSCiphertext.version */        \
+            2 +                 /* epoch */                         \
+            6 +                 /* sequence_number */               \
+            DTLS_CID_MAX_SIZE + /* cid */                           \
+            2)                  /* length_of_DTLSInnerPlaintext */
+
 #ifndef MAX_TICKET_AGE_DIFF
 /* maximum ticket age difference in seconds, 10 seconds */
 #define MAX_TICKET_AGE_DIFF     10
@@ -1548,18 +1596,18 @@ enum Misc {
     MAXEARLYDATASZ_LEN = 4,     /* maxEarlyDataSz size in ticket */
 #endif
 #endif
-#ifdef HAVE_PQC
-    ENCRYPT_LEN     = 4600,     /* allow 4600 byte buffer for dilithium. */
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    ENCRYPT_LEN     = 5120,     /* Allow 5k byte buffer for dilithium and
+                                 * hybridization with other algs. */
 #else
 #ifndef NO_PSK
-    ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2,
+    ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_KEY_LEN + 2,
 #else
     ENCRYPT_LEN     = (ENCRYPT_BASE_BITS / 8),
 #endif
 #endif
     SIZEOF_SENDER   =  4,       /* clnt or srvr           */
     FINISHED_SZ     = 36,       /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
-    MAX_RECORD_SIZE = 16384,    /* 2^14, max size by standard */
     MAX_PLAINTEXT_SZ   = (1 << 14),        /* Max plaintext sz   */
     MAX_TLS_CIPHER_SZ  = (1 << 14) + 2048, /* Max TLS encrypted data sz */
 #ifdef WOLFSSL_TLS13
@@ -1625,6 +1673,7 @@ enum Misc {
 #endif
 
     HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
+    DTLS13_HANDSHAKE_HEADER_SZ   = 12, /* sizeof(Dtls13HandshakeHeader) */
     RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
     CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
     REQ_HEADER_SZ         = 2,  /* cert request header sz  */
@@ -1637,6 +1686,7 @@ enum Misc {
 
     DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
     DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
+    DTLS12_CID_OFFSET        = 11,
     DTLS_UNIFIED_HEADER_MIN_SZ = 2,
     /* flags + seq_number(2) + length(2) + CID */
     DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE,
@@ -1716,7 +1766,7 @@ enum Misc {
     #endif
 #endif
 
-    MAX_IV_SZ           = AES_BLOCK_SIZE,
+    MAX_IV_SZ           = WC_AES_BLOCK_SIZE,
 
     AEAD_SEQ_OFFSET     = 4,   /* Auth Data: Sequence number */
     AEAD_TYPE_OFFSET    = 8,   /* Auth Data: Type            */
@@ -1725,16 +1775,19 @@ enum Misc {
     AEAD_LEN_OFFSET     = 11,  /* Auth Data: Length          */
     AEAD_AUTH_DATA_SZ   = 13,  /* Size of the data to authenticate */
     AEAD_NONCE_SZ       = 12,
-    AESGCM_IMP_IV_SZ    = 4,   /* Size of GCM/CCM AEAD implicit IV */
+    AESGCM_IMP_IV_SZ    = 4,   /* Size of GCM AEAD implicit IV */
+    AESCCM_IMP_IV_SZ    = 4,   /* Size of CCM AEAD implicit IV */
     AESGCM_EXP_IV_SZ    = 8,   /* Size of GCM/CCM AEAD explicit IV */
     AESGCM_NONCE_SZ     = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
-    GCM_IMP_IV_SZ       = 4,   /* Size of GCM/CCM AEAD implicit IV */
+    GCM_IMP_IV_SZ       = 4,   /* Size of GCM AEAD implicit IV */
+    CCM_IMP_IV_SZ       = 4,   /* Size of CCM AEAD implicit IV */
     GCM_EXP_IV_SZ       = 8,   /* Size of GCM/CCM AEAD explicit IV */
     GCM_NONCE_SZ        = GCM_EXP_IV_SZ + GCM_IMP_IV_SZ,
 
     CHACHA20_IMP_IV_SZ  = 12,  /* Size of ChaCha20 AEAD implicit IV */
     CHACHA20_NONCE_SZ   = 12,  /* Size of ChacCha20 nonce           */
     CHACHA20_OLD_OFFSET = 4,   /* Offset for seq # in old poly1305  */
+    CHACHA20_OFFSET     = 4,   /* Offset for seq # in poly1305  */
 
     /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
 
@@ -1767,9 +1820,16 @@ enum Misc {
     ECDHE_SIZE          = 32,  /* ECDHE server size defaults to 256 bit */
 #endif
     MAX_EXPORT_ECC_SZ   = 256, /* Export ANSI X9.62 max future size */
-    MAX_CURVE_NAME_SZ   = 16,  /* Maximum size of curve name string */
+    MAX_CURVE_NAME_SZ   = 18,  /* Maximum size of curve name string */
 
     NEW_SA_MAJOR        = 8,   /* Most significant byte used with new sig algos */
+    RSA_PSS_RSAE_SHA256_MINOR = 0x04,
+    RSA_PSS_RSAE_SHA384_MINOR = 0x05,
+    RSA_PSS_RSAE_SHA512_MINOR = 0x06,
+    RSA_PSS_PSS_SHA256_MINOR = 0x09,
+    RSA_PSS_PSS_SHA384_MINOR = 0x0A,
+    RSA_PSS_PSS_SHA512_MINOR = 0x0B,
+
     ED25519_SA_MAJOR    = 8,   /* Most significant byte for ED25519 */
     ED25519_SA_MINOR    = 7,   /* Least significant byte for ED25519 */
     ED448_SA_MAJOR      = 8,   /* Most significant byte for ED448 */
@@ -1777,37 +1837,27 @@ enum Misc {
     SM2_SA_MAJOR        = 7,   /* Most significant byte for SM2 with SM3 */
     SM2_SA_MINOR        = 8,   /* Least significant byte for SM2 with SM3 */
 
-    PQC_SA_MAJOR        = 0xFE,/* Most significant byte used with PQC sig algs */
+    FALCON_SA_MAJOR     = 0xFE,/* Most significant byte used with falcon sig algs */
+    DILITHIUM_SA_MAJOR  = 0x09,/* Most significant byte used with dilithium sig algs */
 
-    /* These values for falcon and dilithium match what OQS has defined in their OpenSSL fork. */
+    /* These values for falcon match what OQS has defined. */
     FALCON_LEVEL1_SA_MAJOR = 0xFE,
-    FALCON_LEVEL1_SA_MINOR = 0x0B,
+    FALCON_LEVEL1_SA_MINOR = 0xAE,
     FALCON_LEVEL5_SA_MAJOR = 0xFE,
-    FALCON_LEVEL5_SA_MINOR = 0x0E,
+    FALCON_LEVEL5_SA_MINOR = 0xB1,
 
-    DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL2_SA_MINOR = 0xA0,
-    DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL3_SA_MINOR = 0xA3,
-    DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
+    /* these values for MLDSA (Dilithium) correspond to what is proposed in the
+     * IETF. */
+    DILITHIUM_LEVEL2_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL2_SA_MINOR = 0x04,
+    DILITHIUM_LEVEL3_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL3_SA_MINOR = 0x05,
+    DILITHIUM_LEVEL5_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL5_SA_MINOR = 0x06,
 
     MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
     MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
 
-#if defined(HAVE_PQC)
-    MAX_CERT_VERIFY_SZ = 6000,            /* For Dilithium */
-#elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS)
-    MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
-#elif defined(HAVE_ECC)
-    MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC  */
-#elif defined(HAVE_ED448)
-    MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE,   /* max Ed448  */
-#elif defined(HAVE_ED25519)
-    MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519  */
-#else
-    MAX_CERT_VERIFY_SZ = 1024, /* max default  */
-#endif
     CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
     MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
 
@@ -1816,13 +1866,18 @@ enum Misc {
     DTLS_TIMEOUT_MULTIPLIER =  2, /* default timeout multiplier for DTLS recv */
 
     NULL_TERM_LEN        =   1,  /* length of null '\0' termination character */
-    MAX_PSK_KEY_LEN      =  64,  /* max psk key supported */
     MIN_PSK_ID_LEN       =   6,  /* min length of identities */
     MIN_PSK_BINDERS_LEN  =  33,  /* min length of binders */
 
 #ifndef MAX_WOLFSSL_FILE_SIZE
     MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4,  /* 4 mb file size alloc limit */
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    MAX_WOLFSSL_CRYPTO_POLICY_SIZE = 1024UL, /* Crypto-policy file is one line.
+                                              * It should not be large. */
+    MIN_WOLFSSL_SEC_LEVEL = 0,
+    MAX_WOLFSSL_SEC_LEVEL = 5,
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
     CERT_MIN_SIZE      =  256, /* min PEM cert size with header/footer */
 
@@ -1843,14 +1898,25 @@ enum Misc {
     READ_PROTO         = 0     /* reading a protocol message */
 };
 
-#define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \
-    (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
-#ifdef HAVE_PQC
-#define WOLFSSL_NAMED_GROUP_IS_PQC(group) \
-    (WOLFSSL_PQC_MIN <= (group) && (group) <= WOLFSSL_PQC_MAX)
+
+/* Size of the data to authenticate */
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ
 #else
-#define WOLFSSL_NAMED_GROUP_IS_PQC(group)    ((void)(group), 0)
-#endif /* HAVE_PQC */
+#define AEAD_AUTH_DATA_SZ 13
+#endif
+
+#define WOLFSSL_NAMED_GROUP_IS_FFDHE(group) \
+    (WOLFSSL_FFDHE_START <= (group) && (group) <= WOLFSSL_FFDHE_END)
+#ifdef WOLFSSL_HAVE_KYBER
+WOLFSSL_LOCAL int NamedGroupIsPqc(int group);
+WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
+#define WOLFSSL_NAMED_GROUP_IS_PQC(group) NamedGroupIsPqc(group)
+#define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) NamedGroupIsPqcHybrid(group)
+#else
+#define WOLFSSL_NAMED_GROUP_IS_PQC(group)        ((void)(group), 0)
+#define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) ((void)(group), 0)
+#endif /* WOLFSSL_HAVE_KYBER */
 
 /* minimum Downgrade Minor version */
 #ifndef WOLFSSL_MIN_DOWNGRADE
@@ -1880,7 +1946,7 @@ enum Misc {
 
 /* number of items in the signature algo list */
 #ifndef WOLFSSL_MAX_SIGALGO
-#ifdef HAVE_PQC
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
     /* If we are building with post-quantum algorithms, we likely want to
      * inter-op with OQS's OpenSSL and they send a lot more sigalgs.
      */
@@ -1909,12 +1975,14 @@ enum Misc {
 #endif
 #define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
 
-#ifdef HAVE_PQC
+#ifdef HAVE_FALCON
 #ifndef MIN_FALCONKEY_SZ
-    #define MIN_FALCONKEY_SZ    897
+    #define MIN_FALCONKEY_SZ    1281
 #endif
+#endif
+#ifdef HAVE_DILITHIUM
 #ifndef MIN_DILITHIUMKEY_SZ
-    #define MIN_DILITHIUMKEY_SZ    1312
+    #define MIN_DILITHIUMKEY_SZ    2528
 #endif
 #endif
 
@@ -1957,7 +2025,7 @@ enum Misc {
 #endif
 
 #ifndef MAX_X509_SIZE
-    #if defined(HAVE_PQC)
+    #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
         #define MAX_X509_SIZE   (8*1024) /* max static x509 buffer size; dilithium is big */
     #elif defined(WOLFSSL_HAPROXY)
         #define MAX_X509_SIZE   3072 /* max static x509 buffer size */
@@ -1971,6 +2039,22 @@ enum Misc {
     #define MAX_CHAIN_DEPTH 9
 #endif
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+                    defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    #if !defined(HAVE_OCSP)
+        #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP.
+    #endif
+#endif
+
+/* Max certificate extensions in TLS1.3 */
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    /* Number of extensions to set each OCSP response */
+    #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH)
+#else
+    /* Only empty extensions */
+    #define MAX_CERT_EXTENSIONS 1
+#endif
+
 /* max size of a certificate message payload */
 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
 #ifndef MAX_CERTIFICATE_SZ
@@ -2018,18 +2102,9 @@ enum Misc {
 
 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
 
-/* A static check to assert a relation between x and y */
-#define WOLFSSL_ASSERT_TEST(x, y, op) do {         \
-    typedef char _args_test_[(x) op (y) ? 1 : -1]; \
-    (void)sizeof(_args_test_);                     \
-} while(0)
+#define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y))
 
-#define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==)
-
-#define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \
-    WOLFSSL_ASSERT_TEST(sizeof((x)), sizeof((y)), op)
-
-#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=)
+#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y))
 
 /* states. Adding state before HANDSHAKE_DONE will break session importing */
 enum states {
@@ -2165,14 +2240,22 @@ WOLFSSL_LOCAL int  DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutI
 WOLFSSL_LOCAL int  CompleteServerHello(WOLFSSL *ssl);
 WOLFSSL_LOCAL int  CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
 WOLFSSL_LOCAL int  PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
-                                   word32 hashSigAlgoSz);
+                                   word32 hashSigAlgoSz, int matchSuites);
 #if defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_CHECK_PRIVATE_KEY)
 WOLFSSL_LOCAL int  CreateDevPrivateKey(void** pkey, byte* data, word32 length,
                                        int hsType, int label, int id,
                                        void* heap, int devId);
 #endif
-WOLFSSL_LOCAL int  DecodePrivateKey(WOLFSSL *ssl, word16* length);
-#ifdef WOLF_PRIVATE_KEY_ID
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+WOLFSSL_LOCAL int wolfssl_priv_der_blind(WC_RNG* rng, DerBuffer* key,
+    DerBuffer** mask);
+WOLFSSL_LOCAL void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask);
+#endif
+WOLFSSL_LOCAL int  DecodePrivateKey(WOLFSSL *ssl, word32* length);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_LOCAL int  DecodeAltPrivateKey(WOLFSSL *ssl, word32* length);
+#endif
+#if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS)
 WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
 #ifndef NO_ASN
     WOLFSSL_LOCAL int  InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
@@ -2188,9 +2271,13 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync);
 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
 WOLFSSL_LOCAL int  ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
-WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len, const char* str);
-#ifndef NO_CERTS
-WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
+WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len,
+                                   const char* str, word32 strLen,
+                                   unsigned int flags);
+#if !defined(NO_CERTS) && !defined(NO_ASN)
+WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain,
+                                    word32 domainLen, int* checkCN,
+                                    unsigned int flags);
 WOLFSSL_LOCAL int  CheckIPAddr(DecodedCert* dCert, const char* ipasc);
 WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType);
 #endif
@@ -2212,7 +2299,7 @@ WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl);
 #endif
 
 WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
-                              word16 sz); /* needed by sniffer */
+                              word16 sz, byte type); /* needed by sniffer */
 WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                               word16 sz); /* needed by sniffer */
 
@@ -2266,6 +2353,8 @@ enum {
 
 
 /* determine maximum record size */
+#define MAX_RECORD_SIZE 16384  /* 2^14, max size by standard */
+
 #ifdef RECORD_SIZE
     /* user supplied value */
     #if RECORD_SIZE < 128 || RECORD_SIZE > MAX_RECORD_SIZE
@@ -2333,7 +2422,7 @@ struct Suites {
     word16 hashSigAlgoSz;           /* SigAlgo extension length in bytes */
     byte   suites[WOLFSSL_MAX_SUITE_SZ];
     byte   hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
-    byte   setSuites;               /* user set suites from default */
+    byte   setSuites:1;             /* user set suites from default */
 };
 
 typedef struct CipherSuite {
@@ -2346,32 +2435,26 @@ typedef struct CipherSuite {
 #endif
 } CipherSuite;
 
-WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
-                                         int haveRSAsig, int haveFalconSig,
-                                         int haveDilithiumSig, int haveAnon,
-                                         int tls1_2, int keySz);
-WOLFSSL_LOCAL void InitSuitesHashSigAlgo_ex(byte* hashSigAlgo, int haveECDSAsig,
-                                            int haveRSAsig, int haveFalconSig,
-                                            int haveDilithiumSig, int haveAnon,
-                                            int tls1_2, int keySz, word16* len);
 /* use wolfSSL_API visibility to be able to test in tests/api.c */
-WOLFSSL_API void InitSuitesHashSigAlgo_ex2(byte* hashSigAlgo, int have,
-                                             int tls1_2, int keySz,
-                                             word16* len);
+WOLFSSL_API void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have,
+                                       int tls1_2, int keySz, word16* len);
 WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx);
 WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl);
 WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
                               word16 haveRSA, word16 havePSK, word16 haveDH,
                               word16 haveECDSAsig, word16 haveECC,
                               word16 haveStaticRSA, word16 haveStaticECC,
-                              word16 haveFalconSig, word16 haveDilithiumSig,
-                              word16 haveAnon, word16 haveNull, int side);
+                              word16 haveAnon, word16 haveNull,
+                              word16 haveAES128, word16 haveSHA1,
+                              word16 haveRC4, int side);
 
 typedef struct TLSX TLSX;
 WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites,
                                 CipherSuite* cs, TLSX* extensions);
 WOLFSSL_LOCAL int  MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
-WOLFSSL_LOCAL int  SetCipherList(WOLFSSL_CTX* ctx, Suites* suites,
+WOLFSSL_LOCAL int  SetCipherList_ex(const WOLFSSL_CTX* ctx, const WOLFSSL* ssl,
+        Suites* suites, const char* list);
+WOLFSSL_LOCAL int  SetCipherList(const WOLFSSL_CTX* ctx, Suites* suites,
                                  const char* list);
 WOLFSSL_LOCAL int  SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites,
                                           const byte* list, const int listSz);
@@ -2499,6 +2582,10 @@ struct CRL_Entry {
     word32  tbsSz;
     word32  signatureSz;
     word32  signatureOID;
+#ifdef WC_RSA_PSS
+    word32  sigParamsSz; /* length of signature parameters   */
+    byte*   sigParams;   /* buffer with signature parameters */
+#endif
 #if !defined(NO_SKID) && !defined(NO_ASN)
     byte    extAuthKeyIdSet;
     byte    extAuthKeyId[KEYID_SIZE];
@@ -2507,6 +2594,7 @@ struct CRL_Entry {
 };
 
 
+#ifdef HAVE_CRL_MONITOR
 typedef struct CRL_Monitor CRL_Monitor;
 
 /* CRL directory monitor */
@@ -2532,6 +2620,7 @@ typedef HANDLE wolfSSL_CRL_mfd_t; /* monitor fd, INVALID_HANDLE_VALUE if
                                    * no init yet */
 #define WOLFSSL_CRL_MFD_INIT_VAL (INVALID_HANDLE_VALUE)
 #endif
+#endif
 
 /* wolfSSL CRL controller */
 struct WOLFSSL_CRL {
@@ -2542,12 +2631,15 @@ struct WOLFSSL_CRL {
     CbCrlIO               crlIOCb;
 #endif
     wolfSSL_RwLock        crlLock;       /* CRL list lock */
-    CRL_Monitor           monitors[WOLFSSL_CRL_MONITORS_LEN];
 #ifdef HAVE_CRL_MONITOR
+    CRL_Monitor           monitors[WOLFSSL_CRL_MONITORS_LEN];
     COND_TYPE             cond;          /* condition to signal setup */
     THREAD_TYPE           tid;           /* monitoring thread */
     wolfSSL_CRL_mfd_t     mfd;
     int                   setup;         /* thread is setup predicate */
+#endif
+#ifdef OPENSSL_ALL
+    wolfSSL_Ref           ref;
 #endif
     void*                 heap;          /* heap hint for dynamic memory */
 };
@@ -2589,6 +2681,8 @@ struct WOLFSSL_CERT_MANAGER {
 #endif
     CallbackCACache caCacheCallback;       /* CA cache addition callback */
     CbMissingCRL    cbMissingCRL;          /* notify thru cb of missing crl */
+    crlErrorCb      crlCb;                 /* Allow user to override error */
+    void*           crlCbCtx;
     CbOCSPIO        ocspIOCb;              /* I/O callback for OCSP lookup */
     CbOCSPRespFree  ocspRespFreeCb;        /* Frees OCSP Response from IO Cb */
     wolfSSL_Mutex   caLock;                /* CA list lock */
@@ -2616,11 +2710,18 @@ struct WOLFSSL_CERT_MANAGER {
                                         /* with CTX free.                    */
 #endif
     wolfSSL_Ref     ref;
-#ifdef HAVE_PQC
-    short           minFalconKeySz;      /* minimum allowed Falcon key size */
-    short           minDilithiumKeySz;   /* minimum allowed Dilithium key size */
+#ifdef HAVE_FALCON
+    short           minFalconKeySz;     /* minimum allowed Falcon key size */
+#endif
+#ifdef HAVE_DILITHIUM
+    short           minDilithiumKeySz;  /* minimum allowed Dilithium key size */
+#endif
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    wc_UnknownExtCallback unknownExtCallback;
+#endif
+#ifdef HAVE_CRL_UPDATE_CB
+    CbUpdateCRL    cbUpdateCRL; /* notify thru cb that crl has updated */
 #endif
-
 };
 
 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm,
@@ -2643,7 +2744,9 @@ typedef struct ProcPeerCertArgs {
 #ifdef WOLFSSL_TLS13
     buffer*      exts; /* extensions */
 #endif
+#ifndef NO_ASN
     DecodedCert* dCert;
+#endif
     word32 idx;
     word32 begin;
     int    totalCerts; /* number of certs in certs buffer */
@@ -2665,7 +2768,17 @@ typedef struct ProcPeerCertArgs {
 } ProcPeerCertArgs;
 WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
         int ret, ProcPeerCertArgs* args);
+WOLFSSL_LOCAL void DoCrlCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
+        ProcPeerCertArgs* args, int* outRet);
+
+WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
+        WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args,
+        int cert_err, void* heap, int* x509Free);
+WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store,
+        WOLFSSL* ssl, void* heap, int x509Free);
 #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
+WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
+                                        byte *buf, word32 bufLen, int type);
 #endif /* !defined NO_CERTS */
 
 /* wolfSSL Sock Addr */
@@ -2676,7 +2789,16 @@ struct WOLFSSL_SOCKADDR {
 };
 
 typedef struct WOLFSSL_DTLS_CTX {
+#ifdef WOLFSSL_RW_THREADED
+    /* Protect peer access after the handshake */
+    wolfSSL_RwLock peerLock;
+#endif
     WOLFSSL_SOCKADDR peer;
+#ifdef WOLFSSL_DTLS_CID
+    WOLFSSL_SOCKADDR pendingPeer; /* When using CID's, we don't want to update
+                                   * the peer's address until we successfully
+                                   * de-protect the record. */
+#endif
     int rfd;
     int wfd;
     byte userSet:1;
@@ -2684,6 +2806,9 @@ typedef struct WOLFSSL_DTLS_CTX {
                        * connected (connect() and bind() both called).
                        * This means that sendto and recvfrom do not need to
                        * specify and store the peer address. */
+#ifdef WOLFSSL_DTLS_CID
+    byte processingPendingRecord:1;
+#endif
 } WOLFSSL_DTLS_CTX;
 
 
@@ -2705,6 +2830,72 @@ typedef struct WOLFSSL_DTLS_PEERSEQ {
 #endif
 } WOLFSSL_DTLS_PEERSEQ;
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+struct WOLFSSL_BIO {
+    WOLFSSL_BUF_MEM* mem_buf;
+    WOLFSSL_BIO_METHOD* method;
+    WOLFSSL_BIO* prev;          /* previous in chain */
+    WOLFSSL_BIO* next;          /* next in chain */
+    WOLFSSL_BIO* pair;          /* BIO paired with */
+    void*        heap;          /* user heap hint */
+    union {
+        byte*    mem_buf_data;
+#ifndef WOLFCRYPT_ONLY
+        WOLFSSL* ssl;
+        WOLFSSL_EVP_MD_CTX* md_ctx;
+#endif
+#ifndef NO_FILESYSTEM
+        XFILE    fh;
+#endif
+    } ptr;
+    void*        usrCtx;        /* user set pointer */
+    char*        ip;            /* IP address for wolfIO_TcpConnect */
+    word16       port;          /* Port for wolfIO_TcpConnect */
+    char*        infoArg;       /* BIO callback argument */
+    wolf_bio_info_cb infoCb;    /* BIO callback */
+    int          wrSz;          /* write buffer size (mem) */
+    int          wrSzReset;     /* First buffer size (mem) - read ONLY data */
+    int          wrIdx;         /* current index for write buffer */
+    int          rdIdx;         /* current read index */
+    int          readRq;        /* read request */
+    union {
+        SOCKET_T fd;
+        size_t   length;
+    } num;
+    int          eof;           /* eof flag */
+    int          flags;
+    byte         type;          /* method type */
+    byte         init:1;        /* bio has been initialized */
+    byte         shutdown:1;    /* close flag */
+    byte         connected:1;   /* connected state, for datagram BIOs -- as for
+                                 * struct WOLFSSL_DTLS_CTX, when set, sendto and
+                                 * recvfrom leave the peer_addr unchanged. */
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+    union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored
+                                       * with BIO_CTRL_DGRAM_CONNECT,
+                                       * BIO_CTRL_DGRAM_SET_CONNECTED, or
+                                       * BIO_CTRL_DGRAM_SET_PEER, or stored when a
+                                       * packet was received on an unconnected BIO. */
+#endif
+
+#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS)
+    #define WOLFSSL_BIO_HAVE_FLOW_STATS
+    word64       bytes_read;
+    word64       bytes_written;
+#endif
+
+#ifdef HAVE_EX_DATA
+    WOLFSSL_CRYPTO_EX_DATA ex_data;
+#endif
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+    wolfSSL_Ref  ref;
+#endif
+};
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
+WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr);
+#endif
 
 #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
 
@@ -2766,8 +2957,8 @@ typedef struct Keys {
     byte   encryptionOn;          /* true after change cipher spec */
     byte   decryptedCur;          /* only decrypt current record once */
 #ifdef WOLFSSL_TLS13
-    byte   updateResponseReq:1;   /* KeyUpdate response from peer required. */
-    byte   keyUpdateRespond:1;    /* KeyUpdate is to be responded to. */
+    byte   updateResponseReq;     /* KeyUpdate response from peer required. */
+    byte   keyUpdateRespond;      /* KeyUpdate is to be responded to. */
 #endif
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
 
@@ -2788,70 +2979,110 @@ typedef struct Options Options;
 /** TLS Extensions - RFC 6066 */
 #ifdef HAVE_TLS_EXTENSIONS
 
+#define TLSXT_SERVER_NAME                0x0000 /* a.k.a. SNI  */
+#define TLSXT_MAX_FRAGMENT_LENGTH        0x0001
+#define TLSXT_TRUSTED_CA_KEYS            0x0003
+#define TLSXT_TRUNCATED_HMAC             0x0004
+#define TLSXT_STATUS_REQUEST             0x0005 /* a.k.a. OCSP stapling   */
+#define TLSXT_SUPPORTED_GROUPS           0x000a /* a.k.a. Supported Curves */
+#define TLSXT_EC_POINT_FORMATS           0x000b
+#define TLSXT_SIGNATURE_ALGORITHMS       0x000d /* HELLO_EXT_SIG_ALGO */
+#define TLSXT_USE_SRTP                   0x000e /* 14 */
+#define TLSXT_APPLICATION_LAYER_PROTOCOL 0x0010 /* a.k.a. ALPN */
+#define TLSXT_STATUS_REQUEST_V2          0x0011 /* a.k.a. OCSP stapling v2 */
+#define TLSXT_CLIENT_CERTIFICATE         0x0013 /* RFC8446 */
+#define TLSXT_SERVER_CERTIFICATE         0x0014 /* RFC8446 */
+#define TLSXT_ENCRYPT_THEN_MAC           0x0016 /* RFC 7366 */
+#define TLSXT_EXTENDED_MASTER_SECRET     0x0017 /* HELLO_EXT_EXTMS */
+#define TLSXT_SESSION_TICKET             0x0023
+#define TLSXT_PRE_SHARED_KEY             0x0029
+#define TLSXT_EARLY_DATA                 0x002a
+#define TLSXT_SUPPORTED_VERSIONS         0x002b
+#define TLSXT_COOKIE                     0x002c
+#define TLSXT_PSK_KEY_EXCHANGE_MODES     0x002d
+#define TLSXT_CERTIFICATE_AUTHORITIES    0x002f
+#define TLSXT_POST_HANDSHAKE_AUTH        0x0031
+#define TLSXT_SIGNATURE_ALGORITHMS_CERT  0x0032
+#define TLSXT_KEY_SHARE                  0x0033
+#define TLSXT_CONNECTION_ID              0x0036
+#define TLSXT_KEY_QUIC_TP_PARAMS         0x0039 /* RFC 9001, ch. 8.2 */
+#define TLSXT_ECH                        0xfe0d /* from */
+                                                /* draft-ietf-tls-esni-13 */
+/* The 0xFF section is experimental/custom/personal use */
+#define TLSXT_CKS                        0xff92 /* X9.146 */
+#define TLSXT_RENEGOTIATION_INFO         0xff01
+#define TLSXT_KEY_QUIC_TP_PARAMS_DRAFT   0xffa5 /* from */
+                                                /* draft-ietf-quic-tls-27 */
+
 typedef enum {
 #ifdef HAVE_SNI
-    TLSX_SERVER_NAME                = 0x0000, /* a.k.a. SNI  */
+    TLSX_SERVER_NAME                = TLSXT_SERVER_NAME,
 #endif
-    TLSX_MAX_FRAGMENT_LENGTH        = 0x0001,
-    TLSX_TRUSTED_CA_KEYS            = 0x0003,
-    TLSX_TRUNCATED_HMAC             = 0x0004,
-    TLSX_STATUS_REQUEST             = 0x0005, /* a.k.a. OCSP stapling   */
-    TLSX_SUPPORTED_GROUPS           = 0x000a, /* a.k.a. Supported Curves */
-    TLSX_EC_POINT_FORMATS           = 0x000b,
+    TLSX_MAX_FRAGMENT_LENGTH        = TLSXT_MAX_FRAGMENT_LENGTH,
+    TLSX_TRUSTED_CA_KEYS            = TLSXT_TRUSTED_CA_KEYS,
+    TLSX_TRUNCATED_HMAC             = TLSXT_TRUNCATED_HMAC,
+    TLSX_STATUS_REQUEST             = TLSXT_STATUS_REQUEST,
+    TLSX_SUPPORTED_GROUPS           = TLSXT_SUPPORTED_GROUPS,
+    TLSX_EC_POINT_FORMATS           = TLSXT_EC_POINT_FORMATS,
 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
-    TLSX_SIGNATURE_ALGORITHMS       = 0x000d, /* HELLO_EXT_SIG_ALGO */
+    TLSX_SIGNATURE_ALGORITHMS       = TLSXT_SIGNATURE_ALGORITHMS,
 #endif
 #ifdef WOLFSSL_SRTP
-    TLSX_USE_SRTP                   = 0x000e, /* 14 */
+    TLSX_USE_SRTP                   = TLSXT_USE_SRTP,
 #endif
-    TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
-    TLSX_STATUS_REQUEST_V2          = 0x0011, /* a.k.a. OCSP stapling v2 */
+    TLSX_APPLICATION_LAYER_PROTOCOL = TLSXT_APPLICATION_LAYER_PROTOCOL,
+    TLSX_STATUS_REQUEST_V2          = TLSXT_STATUS_REQUEST_V2,
 #ifdef HAVE_RPK
-    TLSX_CLIENT_CERTIFICATE_TYPE    = 0x0013, /* RFC8446 */
-    TLSX_SERVER_CERTIFICATE_TYPE    = 0x0014, /* RFC8446 */
+    TLSX_CLIENT_CERTIFICATE_TYPE    = TLSXT_CLIENT_CERTIFICATE,
+    TLSX_SERVER_CERTIFICATE_TYPE    = TLSXT_SERVER_CERTIFICATE,
 #endif
 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    TLSX_ENCRYPT_THEN_MAC           = 0x0016, /* RFC 7366 */
+    TLSX_ENCRYPT_THEN_MAC           = TLSXT_ENCRYPT_THEN_MAC,
 #endif
-    TLSX_EXTENDED_MASTER_SECRET     = 0x0017, /* HELLO_EXT_EXTMS */
-    TLSX_SESSION_TICKET             = 0x0023,
+    TLSX_EXTENDED_MASTER_SECRET     = TLSXT_EXTENDED_MASTER_SECRET,
+    TLSX_SESSION_TICKET             = TLSXT_SESSION_TICKET,
 #ifdef WOLFSSL_TLS13
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-    TLSX_PRE_SHARED_KEY             = 0x0029,
-    #endif
     #ifdef WOLFSSL_EARLY_DATA
-    TLSX_EARLY_DATA                 = 0x002a,
+    TLSX_EARLY_DATA                 = TLSXT_EARLY_DATA,
     #endif
-    TLSX_SUPPORTED_VERSIONS         = 0x002b,
+    TLSX_SUPPORTED_VERSIONS         = TLSXT_SUPPORTED_VERSIONS,
     #ifdef WOLFSSL_SEND_HRR_COOKIE
-    TLSX_COOKIE                     = 0x002c,
+    TLSX_COOKIE                     = TLSXT_COOKIE,
     #endif
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-    TLSX_PSK_KEY_EXCHANGE_MODES     = 0x002d,
+    TLSX_PSK_KEY_EXCHANGE_MODES     = TLSXT_PSK_KEY_EXCHANGE_MODES,
     #endif
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
-    TLSX_CERTIFICATE_AUTHORITIES    = 0x002f,
+    TLSX_CERTIFICATE_AUTHORITIES    = TLSXT_CERTIFICATE_AUTHORITIES,
     #endif
     #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
-    TLSX_POST_HANDSHAKE_AUTH        = 0x0031,
+    TLSX_POST_HANDSHAKE_AUTH        = TLSXT_POST_HANDSHAKE_AUTH,
     #endif
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
-    TLSX_SIGNATURE_ALGORITHMS_CERT  = 0x0032,
+    TLSX_SIGNATURE_ALGORITHMS_CERT  = TLSXT_SIGNATURE_ALGORITHMS_CERT,
     #endif
-    TLSX_KEY_SHARE                  = 0x0033,
     #if defined(WOLFSSL_DTLS_CID)
-    TLSX_CONNECTION_ID              = 0x0036,
+    TLSX_CONNECTION_ID              = TLSXT_CONNECTION_ID,
     #endif /* defined(WOLFSSL_DTLS_CID) */
     #ifdef WOLFSSL_QUIC
-    TLSX_KEY_QUIC_TP_PARAMS         = 0x0039, /* RFC 9001, ch. 8.2 */
+    TLSX_KEY_QUIC_TP_PARAMS         = TLSXT_KEY_QUIC_TP_PARAMS,
+    #endif
+    #ifdef HAVE_ECH
+    TLSX_ECH                        = TLSXT_ECH,
     #endif
 #endif
-    TLSX_RENEGOTIATION_INFO         = 0xff01,
-#ifdef WOLFSSL_QUIC
-    TLSX_KEY_QUIC_TP_PARAMS_DRAFT   = 0xffa5, /* from draft-ietf-quic-tls-27 */
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    TLSX_PRE_SHARED_KEY             = TLSXT_PRE_SHARED_KEY,
+    #endif
+    TLSX_KEY_SHARE                  = TLSXT_KEY_SHARE,
 #endif
-#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
-    TLSX_ECH                        = 0xfe0d, /* from draft-ietf-tls-esni-13 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS)
+    TLSX_CKS                        = TLSXT_CKS,
+#endif
+    TLSX_RENEGOTIATION_INFO         = TLSXT_RENEGOTIATION_INFO,
+#ifdef WOLFSSL_QUIC
+    TLSX_KEY_QUIC_TP_PARAMS_DRAFT   = TLSXT_KEY_QUIC_TP_PARAMS_DRAFT,
 #endif
 } TLSX_Type;
 
@@ -2950,6 +3181,8 @@ WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output,
 
 WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs,
     byte* output, word32* outputLen);
+
+WOLFSSL_LOCAL void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap);
 #endif
 
 struct TLSX {
@@ -2968,9 +3201,9 @@ WOLFSSL_LOCAL int   TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
 
 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
 WOLFSSL_LOCAL int   TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
-                                         word16* pLength);
+                                         word32* pLength);
 WOLFSSL_LOCAL int   TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
-                                       byte msgType, word16* pOffset);
+                                       byte msgType, word32* pOffset);
 #endif
 
 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
@@ -3026,7 +3259,7 @@ WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
                                                        word16 size, void* heap);
 WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
 WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
-                                                                   void** data);
+                                                void** data, byte ignoreStatus);
 
 #ifndef NO_WOLFSSL_SERVER
 WOLFSSL_LOCAL void   TLSX_SNI_SetOptions(TLSX* extensions, byte type,
@@ -3093,10 +3326,11 @@ typedef struct {
     byte options;
     WOLFSSL* ssl;
     union {
-        OcspRequest ocsp;
+        OcspRequest ocsp[MAX_CERT_EXTENSIONS];
     } request;
+    word16 requests;
 #ifdef WOLFSSL_TLS13
-    buffer response;
+    buffer responses[MAX_CERT_EXTENSIONS];
 #endif
 } CertificateStatusRequest;
 
@@ -3105,12 +3339,25 @@ WOLFSSL_LOCAL int   TLSX_UseCertificateStatusRequest(TLSX** extensions,
 #ifndef NO_CERTS
 WOLFSSL_LOCAL int   TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
                                                                     void* heap);
+WOLFSSL_LOCAL int   TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert,
+                                            void* heap, int idx);
 #endif
 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
 WOLFSSL_LOCAL int   TLSX_CSR_ForceRequest(WOLFSSL* ssl);
+WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr,
+                                        byte isRequest,
+                                        int idx);
+WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest, int idx);
+WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx);
 
 #endif
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+                             DecodedCert* cert, byte* certData, word32 length,
+                             byte *ctxOwnsRequest);
+#endif
 /** Certificate Status Request v2 - RFC 6961 */
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
 
@@ -3122,11 +3369,17 @@ typedef struct CSRIv2 {
         OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
     } request;
     struct CSRIv2* next;
+    Signer *pendingSigners;
 } CertificateStatusRequestItemV2;
 
 WOLFSSL_LOCAL int   TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
                          byte status_type, byte options, void* heap, int devId);
 #ifndef NO_CERTS
+WOLFSSL_LOCAL int TLSX_CSR2_IsMulti(TLSX *extensions);
+WOLFSSL_LOCAL int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s);
+WOLFSSL_LOCAL Signer* TLSX_CSR2_GetPendingSigners(TLSX *extensions);
+WOLFSSL_LOCAL int TLSX_CSR2_ClearPendingCA(WOLFSSL *ssl);
+WOLFSSL_LOCAL int TLSX_CSR2_MergePendingCA(WOLFSSL* ssl);
 WOLFSSL_LOCAL int   TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
                                                        byte isPeer, void* heap);
 #endif
@@ -3256,6 +3509,13 @@ typedef struct InternalTicket {
 #endif /* OPENSSL_EXTRA */
 } InternalTicket;
 
+#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC
+    #define WOLFSSL_INTERNAL_TICKET_LEN     sizeof(InternalTicket)
+#else
+    #define WOLFSSL_INTERNAL_TICKET_LEN     \
+        (((sizeof(InternalTicket) + 15) / 16) * 16)
+#endif
+
 #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ
 #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32
 #endif
@@ -3351,8 +3611,9 @@ typedef struct KeyShareEntry {
     word32                keyLen;    /* Key size (bytes)                  */
     byte*                 pubKey;    /* Public key                        */
     word32                pubKeyLen; /* Public key length                 */
-#if !defined(NO_DH) || defined(HAVE_PQC)
-    byte*                 privKey;   /* Private key - DH and PQ KEMs only */
+#if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER)
+    byte*                 privKey;   /* Private key                       */
+    word32                privKeyLen;/* Private key length - PQC only     */
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     int                   lastRet;
@@ -3376,8 +3637,11 @@ WOLFSSL_LOCAL int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input,
         word16 length, byte msgType);
 WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
         const byte* input, word16 length, TLSX** extensions);
-
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_LOCAL int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input,
+                                 word16 length, TLSX** extensions);
+WOLFSSL_LOCAL int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions);
+#endif
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
 
 enum PskDecryptReturn {
@@ -3495,7 +3759,10 @@ WOLFSSL_LOCAL int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input,
 WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl);
 WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input,
     word16 inputSize);
+WOLFSSL_LOCAL int Dtls13UnifiedHeaderCIDPresent(byte flags);
 #endif /* WOLFSSL_DTLS_CID */
+WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl);
+WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl);
 
 #ifdef OPENSSL_EXTRA
 enum SetCBIO {
@@ -3530,7 +3797,7 @@ struct WOLFSSL_CTX {
 #ifdef SINGLE_THREADED
     WC_RNG*         rng;          /* to be shared with WOLFSSL w/o locking */
 #endif
-    wolfSSL_Ref     ref;
+    wolfSSL_RefWithMutex ref;
     int         err;              /* error code in case of mutex not created */
 #ifndef NO_DH
     buffer      serverDH_P;
@@ -3553,11 +3820,26 @@ struct WOLFSSL_CTX {
     int         certChainCnt;
 #endif
     DerBuffer*  privateKey;
-    byte        privateKeyType:6;
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    DerBuffer*  privateKeyMask;             /* Mask of private key DER. */
+#endif
+    byte        privateKeyType;
     byte        privateKeyId:1;
     byte        privateKeyLabel:1;
     int         privateKeySz;
     int         privateKeyDevId;
+
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    DerBuffer*  altPrivateKey;
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    DerBuffer*  altPrivateKeyMask;          /* Mask of alt private key DER. */
+#endif
+    byte        altPrivateKeyType;
+    byte        altPrivateKeyId:1;
+    byte        altPrivateKeyLabel:1;
+    int         altPrivateKeySz;
+    int         altPrivateKeyDevId;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef OPENSSL_ALL
     WOLFSSL_EVP_PKEY* privateKeyPKey;
 #endif
@@ -3636,6 +3918,9 @@ struct WOLFSSL_CTX {
 #endif
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
     byte        dtlsSctp:1;         /* DTLS-over-SCTP mode */
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    byte        disableECH:1;
 #endif
     word16      minProto:1; /* sets min to min available */
     word16      maxProto:1; /* sets max to max available */
@@ -3665,8 +3950,10 @@ struct WOLFSSL_CTX {
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
     short       minEccKeySz;      /* minimum ECC key size */
 #endif
-#ifdef HAVE_PQC
+#ifdef HAVE_FALCON
     short       minFalconKeySz;   /* minimum Falcon key size */
+#endif
+#ifdef HAVE_DILITHIUM
     short       minDilithiumKeySz;/* minimum Dilithium key size */
 #endif
     unsigned long     mask;             /* store SSL_OP_ flags */
@@ -3743,7 +4030,7 @@ struct WOLFSSL_CTX {
     word32          maxEarlyDataSz;
 #endif
 #ifdef HAVE_ANON
-    byte        haveAnon;               /* User wants to allow Anon suites */
+    byte        useAnon;               /* User wants to allow Anon suites */
 #endif /* HAVE_ANON */
 #ifdef WOLFSSL_ENCRYPTED_KEYS
     wc_pem_password_cb* passwd_cb;
@@ -3878,6 +4165,8 @@ struct WOLFSSL_CTX {
     CallbackGenPreMaster        GenPreMasterCb;
     /* User generate master secret handler */
     CallbackGenMasterSecret     GenMasterCb;
+    /* User generate Extended master secret handler */
+    CallbackGenExtMasterSecret  GenExtMasterCb;
     /* User generate session key handler */
     CallbackGenSessionKey       GenSessionKeyCb;
     /* User setting encrypt keys handler */
@@ -3934,6 +4223,13 @@ struct WOLFSSL_CTX {
 #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)
     byte doAppleNativeCertValidationFlag:1;
 #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte *sigSpec;
+    word16 sigSpecSz;
+#endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    int secLevel; /* The security level of system-wide crypto policy. */
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 };
 
 WOLFSSL_LOCAL
@@ -3957,6 +4253,7 @@ int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                           word32 inSz, word16 sz);
 
 #ifndef NO_CERTS
+    WOLFSSL_LOCAL int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s);
     WOLFSSL_LOCAL
     int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
     WOLFSSL_LOCAL
@@ -4003,13 +4300,16 @@ enum KeyExchangeAlgorithm {
     ecc_static_diffie_hellman_kea       /* for verify suite only */
 };
 
-/* Used with InitSuitesHashSigAlgo_ex2 */
+/* Used with InitSuitesHashSigAlgo */
 #define SIG_ECDSA       0x01
 #define SIG_RSA         0x02
 #define SIG_SM2         0x04
 #define SIG_FALCON      0x08
 #define SIG_DILITHIUM   0x10
 #define SIG_ANON        0x20
+/* SIG_ANON is omitted by default */
+#define SIG_ALL         (SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | \
+                         SIG_DILITHIUM)
 
 /* Supported Authentication Schemes */
 enum SignatureAlgorithm {
@@ -4126,7 +4426,7 @@ typedef struct Ciphers {
     byte* nonce;
 #endif
 #ifdef HAVE_CAMELLIA
-    Camellia* cam;
+    wc_Camellia* cam;
 #endif
 #ifdef HAVE_CHACHA
     ChaCha*   chacha;
@@ -4374,6 +4674,10 @@ struct WOLFSSL_SESSION {
 #endif
 #ifdef HAVE_EX_DATA
     WOLFSSL_CRYPTO_EX_DATA ex_data;
+#endif
+#ifdef HAVE_MAX_FRAGMENT
+    byte               mfl; /* max fragment length negotiated i.e.
+                             * WOLFSSL_MFL_2_8  (6) */
 #endif
     byte               isSetup:1;
 };
@@ -4487,21 +4791,48 @@ enum AcceptStateTls13 {
     TLS13_TICKET_SENT
 };
 
+#ifdef WOLFSSL_THREADED_CRYPT
+
+#include <pthread.h>
+
+typedef struct ThreadCrypt {
+    Ciphers encrypt;
+    bufferStatic buffer;
+    unsigned char nonce[AESGCM_NONCE_SZ];
+    unsigned char additional[AEAD_AUTH_DATA_SZ];
+    int init;
+    int offset;
+    int cryptLen;
+    int done;
+    int avail;
+    int stop;
+    WOLFSSL_THREAD_SIGNAL signal;
+    void*                 signalCtx;
+} ThreadCrypt;
+
+#endif
+
 /* buffers for struct WOLFSSL */
 typedef struct Buffers {
     bufferStatic    inputBuffer;
     bufferStatic    outputBuffer;
+#ifdef WOLFSSL_THREADED_CRYPT
+    ThreadCrypt     encrypt[WOLFSSL_THREADED_CRYPT_CNT];
+#endif
     buffer          domainName;            /* for client check */
     buffer          clearOutputBuffer;
     buffer          sig;                   /* signature data */
     buffer          digest;                /* digest data */
-    int             prevSent;              /* previous plain text bytes sent
+    word32          prevSent;              /* previous plain text bytes sent
                                               when got WANT_WRITE            */
-    int             plainSz;               /* plain text bytes in buffer to send
+    word32          plainSz;               /* plain text bytes in buffer to send
                                               when got WANT_WRITE            */
     byte            weOwnCert;             /* SSL own cert flag */
     byte            weOwnCertChain;        /* SSL own cert chain flag */
-    byte            weOwnKey;              /* SSL own key  flag */
+    byte            weOwnKey;              /* SSL own key flag */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte            weOwnAltKey;           /* SSL own alt key flag */
+#endif
     byte            weOwnDH;               /* SSL own dh (p,g)  flag */
 #ifndef NO_DH
     buffer          serverDH_P;            /* WOLFSSL_CTX owns, unless we own */
@@ -4513,16 +4844,30 @@ typedef struct Buffers {
 #ifndef NO_CERTS
     DerBuffer*      certificate;           /* WOLFSSL_CTX owns, unless we own */
     DerBuffer*      key;                   /* WOLFSSL_CTX owns, unless we own */
-    byte            keyType:6;             /* Type of key: RSA, ECC, Ed25519 */
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    DerBuffer*      keyMask;               /* Mask of private key DER. */
+#endif
+    byte            keyType;               /* Type of key */
     byte            keyId:1;               /* Key data is an id not data */
     byte            keyLabel:1;            /* Key data is a label not data */
     int             keySz;                 /* Size of RSA key */
     int             keyDevId;              /* Device Id for key */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    DerBuffer*      altKey;                /* WOLFSSL_CTX owns, unless we own */
+#ifdef WOLFSSL_BLIND_PRIVATE_KEY
+    DerBuffer*      altKeyMask;            /* Mask of alt private key DER. */
+#endif
+    byte            altKeyType;            /* Type of alt key */
+    byte            altKeyId:1;            /* Key data is an id not data */
+    byte            altKeyLabel:1;         /* Key data is a label not data */
+    int             altKeySz;              /* Size of alt key */
+    int             altKeyDevId;           /* Device Id for alt key */
+#endif
     DerBuffer*      certChain;             /* WOLFSSL_CTX owns, unless we own */
                  /* chain after self, in DER, with leading size for each cert */
 #ifdef WOLFSSL_TLS13
     int             certChainCnt;
-    DerBuffer*      certExts;
+    DerBuffer*      certExts[MAX_CERT_EXTENSIONS];
 #endif
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
@@ -4627,7 +4972,6 @@ struct Options {
     word16            tls:1;              /* using TLS ? */
     word16            tls1_1:1;           /* using TLSv1.1+ ? */
     word16            tls1_3:1;           /* using TLSv1.3+ ? */
-    word16            seenUnifiedHdr:1;   /* received msg with unified header */
     word16            dtls:1;             /* using datagrams ? */
 #ifdef WOLFSSL_DTLS
     word16            dtlsStateful:1;     /* allow stateful processing ? */
@@ -4636,7 +4980,6 @@ struct Options {
     word16            isClosed:1;         /* if we consider conn closed */
     word16            closeNotify:1;      /* we've received a close notify */
     word16            sentNotify:1;       /* we've sent a close notify */
-    word16            shutdownDone:1;     /* we've completed a shutdown */
     word16            usingCompression:1; /* are we using compression */
     word16            haveRSA:1;          /* RSA available */
     word16            haveECC:1;          /* ECC available */
@@ -4667,7 +5010,7 @@ struct Options {
 #ifdef HAVE_POLY1305
     word16            oldPoly:1;        /* set when to use old rfc way of poly*/
 #endif
-    word16            haveAnon:1;       /* User wants to allow Anon suites */
+    word16            useAnon:1;       /* User wants to allow Anon suites */
 #ifdef HAVE_SESSION_TICKET
     word16            createTicket:1;     /* Server to create new Ticket */
     word16            useTicket:1;        /* Use Ticket not session cache */
@@ -4684,7 +5027,6 @@ struct Options {
 #endif
     word16            dtlsUseNonblock:1;  /* are we using nonblocking socket */
     word16            dtlsHsRetain:1;     /* DTLS retaining HS data */
-    word16            haveMcast:1;        /* using multicast ? */
 #ifdef WOLFSSL_SCTP
     word16            dtlsSctp:1;         /* DTLS-over-SCTP mode */
 #endif
@@ -4737,8 +5079,6 @@ struct Options {
     word16            buildArgsSet:1;         /* buildArgs are set and need to
                                                * be free'd */
 #endif
-    word16            buildingMsg:1;      /* If set then we need to re-enter the
-                                           * handshake logic. */
 #ifdef WOLFSSL_DTLS13
     word16            dtls13SendMoreAcks:1;  /* Send more acks during the
                                               * handshake process */
@@ -4758,6 +5098,7 @@ struct Options {
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
     word16            useEch:1;
     word16            echAccepted:1;
+    byte              disableECH:1;           /* Did the user disable ech */
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
     word16            cookieGood:1;
@@ -4765,6 +5106,15 @@ struct Options {
 #if defined(HAVE_DANE)
     word16            useDANE:1;
 #endif /* HAVE_DANE */
+    word16            disableRead:1;
+#ifdef WOLFSSL_DTLS
+    byte              haveMcast;          /* using multicast ? */
+#endif
+    byte              buildingMsg;        /* If set then we need to re-enter the
+                                           * handshake logic. */
+    byte              seenUnifiedHdr;     /* received msg with unified header */
+    byte              shutdownDone;       /* we've completed a shutdown */
+    byte              sendKeyUpdate;      /* Key Update to write */
 #if defined(HAVE_RPK)
     RpkConfig         rpkConfig;
     RpkState          rpkState;
@@ -4776,6 +5126,8 @@ struct Options {
     byte            cipherSuite;            /* second byte, actual suite */
     byte            hashAlgo;               /* selected hash algorithm */
     byte            sigAlgo;                /* selected sig algorithm */
+    byte            peerHashAlgo;           /* peer's chosen hash algo */
+    byte            peerSigAlgo;            /* peer's chosen sig algo */
     byte            serverState;
     byte            clientState;
     byte            handShakeState;
@@ -4800,8 +5152,10 @@ struct Options {
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
     short           minEccKeySz;      /* minimum ECC key size */
 #endif
-#if defined(HAVE_PQC)
+#if defined(HAVE_FALCON)
     short           minFalconKeySz;   /* minimum Falcon key size */
+#endif
+#if defined(HAVE_DILITHIUM)
     short           minDilithiumKeySz;/* minimum Dilithium key size */
 #endif
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -4897,6 +5251,8 @@ typedef enum {
     STACK_TYPE_X509_REQ_ATTR      = 18,
 } WOLF_STACK_TYPE;
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 struct WOLFSSL_STACK {
     unsigned long num; /* number of nodes in stack
                         * (safety measure for freeing and shortcut for count) */
@@ -4932,6 +5288,8 @@ struct WOLFSSL_STACK {
     WOLF_STACK_TYPE type;     /* Identifies type of stack. */
 };
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 struct WOLFSSL_X509_NAME {
     char  *name;
     int   dynamicName;
@@ -4971,13 +5329,9 @@ struct WOLFSSL_X509 {
     byte             hwType[EXTERNAL_SERIAL_SIZE];
     int              hwSerialNumSz;
     byte             hwSerialNum[EXTERNAL_SERIAL_SIZE];
-#endif /* WOLFSSL_SEP */
-#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
-    defined (OPENSSL_EXTRA)) && \
-    (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
     byte             certPolicySet;
     byte             certPolicyCrit;
-#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
+#endif /* WOLFSSL_SEP */
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
     WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
     WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
@@ -4995,9 +5349,9 @@ struct WOLFSSL_X509 {
     int              pubKeyOID;
     DNS_entry*       altNamesNext;                   /* hint for retrieval */
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
-    defined(HAVE_PQC)
+    defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
     word32       pkCurveOID;
-#endif /* HAVE_ECC || HAVE_PQC */
+#endif
 #ifndef NO_CERTS
     DerBuffer*   derCert;                            /* may need  */
 #endif
@@ -5018,6 +5372,7 @@ struct WOLFSSL_X509 {
     byte*            authKeyId; /* Points into authKeyIdSrc */
     byte*            authKeyIdSrc;
     byte*            subjKeyId;
+    WOLFSSL_ASN1_STRING* subjKeyIdStr;
     byte*            extKeyUsageSrc;
 #ifdef OPENSSL_ALL
     byte*            subjAltNameSrc;
@@ -5025,7 +5380,7 @@ struct WOLFSSL_X509 {
     byte*            rawCRLInfo;
     byte*            CRLInfo;
     byte*            authInfo;
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
+#ifdef WOLFSSL_ASN_CA_ISSUER
     byte*            authInfoCaIssuer;
     int              authInfoCaIssuerSz;
 #endif
@@ -5097,8 +5452,43 @@ struct WOLFSSL_X509 {
     byte            notBeforeData[CTC_DATE_SIZE];
     byte            notAfterData[CTC_DATE_SIZE];
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Subject Alternative Public Key Info */
+    byte *sapkiDer;
+    int sapkiLen;
+    /* Alternative Signature Algorithm */
+    byte *altSigAlgDer;
+    int altSigAlgLen;
+    /* Alternative Signature Value */
+    byte *altSigValDer;
+    int altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
+#if defined(WOLFSSL_ACERT)
+struct WOLFSSL_X509_ACERT {
+    int               version;
+    int               serialSz;
+    byte              serial[EXTERNAL_SERIAL_SIZE];
+    WOLFSSL_ASN1_TIME notBefore;
+    WOLFSSL_ASN1_TIME notAfter;
+    buffer            sig;
+    int               sigOID;
+#ifndef NO_CERTS
+    DerBuffer *       derCert;
+#endif
+    void *            heap;
+    int               dynamic; /* whether struct was dynamically allocated */
+    /* copy of raw Attributes field from */
+    byte              holderSerial[EXTERNAL_SERIAL_SIZE];
+    int               holderSerialSz;
+    DNS_entry *       holderEntityName;  /* Holder entityName from ACERT */
+    DNS_entry *       holderIssuerName;  /* issuerName from ACERT */
+    DNS_entry *       AttCertIssuerName; /* AttCertIssuer name from ACERT */
+    byte *            rawAttr;
+    word32            rawAttrLen;
+};
+#endif /* WOLFSSL_ACERT */
 
 /* record layer header for PlainText, Compressed, and CipherText */
 typedef struct RecordLayerHeader {
@@ -5234,6 +5624,7 @@ typedef struct BuildMsgArgs {
     word32 headerSz;
     word16 size;
     word32 ivSz;      /* TLSv1.1  IV */
+    byte   type;
     byte*  iv;
     ALIGN16 byte staticIvBuffer[MAX_IV_SZ];
 } BuildMsgArgs;
@@ -5367,20 +5758,37 @@ typedef struct Dtls13RecordNumber {
 } Dtls13RecordNumber;
 
 typedef struct Dtls13Rtx {
-    enum Dtls13RtxFsmState state;
+#ifdef WOLFSSL_RW_THREADED
+    wolfSSL_Mutex mutex;
+#endif
+    enum Dtls13RtxFsmState state; /* Unused? */
     Dtls13RtxRecord *rtxRecords;
     Dtls13RtxRecord **rtxRecordTailPtr;
     Dtls13RecordNumber *seenRecords;
     word32 lastRtx;
-    byte triggeredRtxs;
-    byte sendAcks:1;
-    byte retransmit:1;
+    byte triggeredRtxs; /* Unused? */
+    byte sendAcks;
+    byte retransmit;
 } Dtls13Rtx;
 
 #endif /* WOLFSSL_DTLS13 */
 
 #ifdef WOLFSSL_DTLS_CID
-typedef struct CIDInfo CIDInfo;
+typedef struct ConnectionID {
+    byte length;
+/* Ignore "nonstandard extension used : zero-sized array in struct/union"
+ * MSVC warning */
+#ifdef _MSC_VER
+#pragma warning(disable: 4200)
+#endif
+    byte id[];
+} ConnectionID;
+
+typedef struct CIDInfo {
+    ConnectionID* tx;
+    ConnectionID* rx;
+    byte negotiated : 1;
+} CIDInfo;
 #endif /* WOLFSSL_DTLS_CID */
 
 /* The idea is to reuse the context suites object whenever possible to save
@@ -5397,15 +5805,16 @@ struct WOLFSSL {
     WOLFSSL_CTX*    initial_ctx; /* preserve session key materials */
 #endif
     Suites*         suites; /* Only need during handshake. Can be NULL when
-                             * re-using the context's object. When WOLFSSL
+                             * reusing the context's object. When WOLFSSL
                              * object needs separate instance of suites use
                              * AllocateSuites(). */
-#ifdef OPENSSL_EXTRA
-    const Suites*   clSuites;
-#endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+    Suites*         clSuites;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
     WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher
                                                  * suites */
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* clSuitesStack; /* stack of client cipher
+                                                   * suites */
 #endif
     Arrays*         arrays;
 #ifdef WOLFSSL_TLS13
@@ -5464,6 +5873,11 @@ struct WOLFSSL {
                                          * allocated from heap */
     word32          hsType;             /* Type of Handshake key (hsKey) */
     WOLFSSL_CIPHER  cipher;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    void*           hsAltKey;           /* Handshake key (dilithium, falcon)
+                                         * allocated from heap */
+    word32          hsAltType;          /* Type of Handshake key (hsAltKey) */
+#endif
 #ifndef WOLFSSL_AEAD_ONLY
     hmacfp          hmac;
 #endif
@@ -5575,9 +5989,11 @@ struct WOLFSSL {
     curve448_key*   peerX448Key;
     byte            peerX448KeyPresent;
 #endif
-#ifdef HAVE_PQC
+#ifdef HAVE_FALCON
     falcon_key*     peerFalconKey;
     byte            peerFalconKeyPresent;
+#endif
+#ifdef HAVE_DILITHIUM
     dilithium_key*  peerDilithiumKey;
     byte            peerDilithiumKeyPresent;
 #endif
@@ -5632,10 +6048,10 @@ struct WOLFSSL {
     /* used to store the message if it needs to be fragmented */
     buffer dtls13FragmentsBuffer;
     byte dtls13SendingFragments:1;
-    byte dtls13SendingAckOrRtx:1;
+    byte dtls13SendingAckOrRtx;
     byte dtls13FastTimeout:1;
-    byte dtls13WaitKeyUpdateAck:1;
-    byte dtls13DoKeyUpdate:1;
+    byte dtls13WaitKeyUpdateAck;
+    byte dtls13DoKeyUpdate;
     word32 dtls13MessageLength;
     word32 dtls13FragOffset;
     byte dtls13FragHandshakeType;
@@ -5728,13 +6144,14 @@ struct WOLFSSL {
         void*       ocspIOCtx;
         byte ocspProducedDate[MAX_DATE_SZ];
         int ocspProducedDateFormat;
-    #ifdef OPENSSL_EXTRA
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
         byte*       ocspResp;
         int         ocspRespSz;
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-            char*   url;
-        #endif
+        char*   url;
     #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+            word32 response_idx;
+#endif
 #endif
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
@@ -5797,6 +6214,7 @@ struct WOLFSSL {
     #endif /* NO_RSA */
     void* GenPreMasterCtx;   /* Generate Premaster Callback Context */
     void* GenMasterCtx;      /* Generate Master Callback Context */
+    void* GenExtMasterCtx;   /* Generate Extended Master Callback Context */
     void* GenSessionKeyCtx;  /* Generate Session Key Callback Context */
     void* EncryptKeysCtx;    /* Set Encrypt keys Callback Context */
     void* TlsFinishedCtx;    /* Generate Tls Finished Callback Context */
@@ -5805,6 +6223,10 @@ struct WOLFSSL {
 #ifdef HAVE_SECRET_CALLBACK
         SessionSecretCb sessionSecretCb;
         void*           sessionSecretCtx;
+        TicketParseCb   ticketParseCb;
+        void*           ticketParseCtx;
+        TlsSecretCb     tlsSecretCb;
+        void*           tlsSecretCtx;
     #ifdef WOLFSSL_TLS13
         Tls13SecretCb   tls13SecretCb;
         void*           tls13SecretCtx;
@@ -5827,6 +6249,7 @@ struct WOLFSSL {
 #if defined(OPENSSL_EXTRA)
     WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
     WOLFSSL_STACK* peerCertChain;    /* Used in wolfSSL_get_peer_cert_chain */
+    WOLFSSL_STACK* verifiedChain;    /* peer cert chain to CA */
 #ifdef KEEP_OUR_CERT
     WOLFSSL_STACK* ourCertChain;    /* Used in wolfSSL_add1_chain_cert */
 #endif
@@ -5885,9 +6308,26 @@ struct WOLFSSL {
 #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_KEYLOGFILE)
     SSLSnifferSecretCb snifferSecretCb;
 #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */
-
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    byte *sigSpec;         /* This pointer never owns the memory. */
+    word16 sigSpecSz;
+    byte *peerSigSpec;     /* This pointer always owns the memory. */
+    word16 peerSigSpecSz;
+#endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    int secLevel; /* The security level of system-wide crypto policy. */
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 };
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+#define WOLFSSL_SECLEVEL_STR "@SECLEVEL="
+struct SystemCryptoPolicy {
+    int    enabled;
+    int    secLevel;
+    char   str[MAX_WOLFSSL_CRYPTO_POLICY_SIZE + 1]; /* + 1 for null term */
+};
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 /*
  * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error
  * to the error queue on file end. This should not be left
@@ -5896,8 +6336,8 @@ struct WOLFSSL {
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE)
 #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err)                  \
     (err) = wolfSSL_ERR_peek_last_error();                  \
-    if (ERR_GET_LIB(err) == ERR_LIB_PEM &&                  \
-            ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {   \
+    if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM &&  \
+            wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) {   \
         wc_RemoveErrorNode(-1);                             \
     }
 #else
@@ -5933,7 +6373,10 @@ WOLFSSL_LOCAL int  SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL int  InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL int  ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap);
-WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+WOLFSSL_API   void wolfSSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+#ifndef OPENSSL_COEXIST
+#define SSL_ResourceFree wolfSSL_ResourceFree
+#endif
 
 
 #ifndef NO_CERTS
@@ -5945,8 +6388,10 @@ WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
                                  int type, WOLFSSL* ssl, int userChain,
                                 WOLFSSL_CRL* crl, int verify);
 
+    #ifndef NO_ASN
     WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
-                                    size_t domainNameLen);
+                                    size_t domainNameLen, unsigned int flags);
+    #endif
 #endif
 
 
@@ -5973,6 +6418,7 @@ enum ContentType {
     alert              = 21,
     handshake          = 22,
     application_data   = 23,
+    dtls12_cid         = 25,
 #ifdef WOLFSSL_DTLS13
     ack                = 26,
 #endif /* WOLFSSL_DTLS13 */
@@ -6049,16 +6495,11 @@ typedef struct {
     int name_len;
     const char *name;
     int nid;
+    word16 curve;
 } WOLF_EC_NIST_NAME;
 extern const WOLF_EC_NIST_NAME kNistCurves[];
-/* This is the longest and shortest curve name in the kNistCurves list. Note we
- * also have quantum-safe group names as well. */
-#define kNistCurves_MIN_NAME_LEN 5
-#ifdef HAVE_PQC
-#define kNistCurves_MAX_NAME_LEN 32
-#else
-#define kNistCurves_MAX_NAME_LEN 7
-#endif
+WOLFSSL_LOCAL int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx,
+        const char* names, byte curves_only);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 /* internal functions */
@@ -6081,7 +6522,10 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk,
 
 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
 #endif /* HAVE_SESSION_TICKET */
-WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz);
+WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, size_t sz);
+#ifdef WOLFSSL_THREADED_CRYPT
+WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl);
+#endif
 #ifdef WOLFSSL_TLS13
 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType);
 #endif
@@ -6099,7 +6543,7 @@ WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl);
-WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek);
+WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek);
 WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl);
 WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type);
@@ -6118,6 +6562,7 @@ WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
 WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
 
 WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
+WOLFSSL_LOCAL int IsTLS_ex(const ProtocolVersion pv);
 WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
 WOLFSSL_LOCAL int IsAtLeastTLSv1_3(ProtocolVersion pv);
 WOLFSSL_LOCAL int IsEncryptionOn(const WOLFSSL* ssl, int isSend);
@@ -6158,8 +6603,10 @@ static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
 }
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
                                          int *initTmpRng);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef NO_CERTS
     #ifndef NO_RSA
@@ -6233,10 +6680,13 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
     #ifndef GetCA
         WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash);
     #endif
-    #ifdef WOLFSSL_AKID_NAME
+    #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID)
         WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer,
                 word32 issuerSz, const byte* serial, word32 serialSz);
     #endif
+    #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash)
+        WOLFSSL_LOCAL Signer* GetCAByKeyHash(void* vp, const byte* keyHash);
+    #endif
     #if !defined(NO_SKID) && !defined(GetCAByName)
         WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
     #endif
@@ -6263,6 +6713,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
 #endif
 
 WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
+WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
 
 #ifndef NO_WOLFSSL_CLIENT
     WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl);
@@ -6281,6 +6732,10 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
     WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl);
 #endif /* NO_WOLFSSL_SERVER */
 
+#ifdef WOLFSSL_TLS13
+    WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl);
+#endif
+
 #ifdef WOLFSSL_DTLS
     WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap);
     WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap);
@@ -6321,6 +6776,10 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
     WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
             const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
+#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
+                                    SOCKADDR_S *b, XSOCKLENT bLen);
+#endif
 #endif /* WOLFSSL_DTLS */
 
 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
@@ -6346,6 +6805,7 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
 WOLFSSL_LOCAL word32  LowResTimer(void);
 
 WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite);
+WOLFSSL_LOCAL int FindSuite(const Suites* suites, byte first, byte second);
 
 WOLFSSL_LOCAL void DecodeSigAlg(const byte* input, byte* hashAlgo,
         byte* hsType);
@@ -6358,10 +6818,18 @@ WOLFSSL_LOCAL enum wc_HashType HashAlgoToType(int hashAlgo);
     WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag,
                                 void* heap);
     WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509);
+    #ifndef NO_ASN
     WOLFSSL_LOCAL int  CopyDecodedToX509(WOLFSSL_X509* x509,
                                          DecodedCert* dCert);
+    #endif
 #endif
 
+#if defined(WOLFSSL_ACERT)
+    WOLFSSL_LOCAL int  CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509,
+                                              DecodedAcert* dAcert);
+#endif /* WOLFSSL_ACERT */
+
+
 #ifndef MAX_CIPHER_NAME
 #define MAX_CIPHER_NAME 50
 #endif
@@ -6379,7 +6847,7 @@ typedef struct CipherSuiteInfo {
 #endif
     byte cipherSuite0;
     byte cipherSuite;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
     defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
     byte minor;
     byte major;
@@ -6409,7 +6877,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite)
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                                         byte* cipherSuite, int* flags);
+                       byte* cipherSuite, byte* major, byte* minor, int* flags);
 
 
 enum encrypt_side {
@@ -6418,15 +6886,17 @@ enum encrypt_side {
     ENCRYPT_AND_DECRYPT_SIDE
 };
 
+WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys,
+    CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng,
+    int tls13);
 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
 
 /* Set*Internal and Set*External functions */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
 WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
-#ifndef HAVE_USER_RSA
 WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
 WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
-#endif
 
 typedef enum elem_set {
     ELEMENT_P   = 0x01,
@@ -6438,6 +6908,7 @@ typedef enum elem_set {
 WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm );
 WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
 WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK))
     WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
@@ -6562,6 +7033,7 @@ WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out,
     word16 length);
 WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
     enum ContentType content_type, word16 length);
+WOLFSSL_LOCAL int Dtls13MinimumRecordLength(WOLFSSL* ssl);
 WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr,
     word16 recordLength);
 WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags);
@@ -6579,6 +7051,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
     enum HandShakeType msg_type, word32 length);
 #define EE_MASK (0x3)
 WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl);
+WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl);
 WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
     word32* processedSize);
 WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits,
@@ -6616,11 +7089,7 @@ WOLFSSL_LOCAL int GetX509Error(int e);
 #endif
 #endif
 
-#if defined(HAVE_EX_DATA) && \
-    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
-    defined(WOLFSSL_WPAS_SMALL)
+#ifdef HAVE_EX_DATA_CRYPTO
 typedef struct CRYPTO_EX_cb_ctx {
     long ctx_l;
     void *ctx_ptr;
@@ -6629,6 +7098,7 @@ typedef struct CRYPTO_EX_cb_ctx {
     WOLFSSL_CRYPTO_EX_dup* dup_func;
     struct CRYPTO_EX_cb_ctx* next;
 } CRYPTO_EX_cb_ctx;
+
 /* use wolfSSL_API visibility to be able to clear in tests/api.c */
 WOLFSSL_API extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session;
 WOLFSSL_API void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx);
@@ -6641,19 +7111,19 @@ WOLFSSL_LOCAL int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in,
 WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index, long ctx_l,
         void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func,
         WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func);
-#endif
+#endif /* HAVE_EX_DATA_CRYPTO */
 
 WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void);
 WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void);
 
 #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
 #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
-WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
     unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz);
 #endif
 #endif
 
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
 WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf,
     int publicKey, void* heap);
 #endif
@@ -6682,6 +7152,11 @@ WOLFSSL_LOCAL int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* se
     int secretSz, void* ctx);
 #endif
 
+#if defined(SHOW_SECRETS)
+WOLFSSL_LOCAL int tlsShowSecrets(WOLFSSL* ssl, void* secret,
+        int secretSz, void* ctx);
+#endif
+
 /* Optional Pre-Master-Secret logging for Wireshark */
 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
 #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT
@@ -6706,10 +7181,22 @@ WOLFSSL_LOCAL int CreateCookieExt(const WOLFSSL* ssl, byte* hash,
 WOLFSSL_LOCAL int TranslateErrorToAlert(int err);
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
-void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type);
-WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
+WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk,
+                                        WOLF_STACK_TYPE type);
+WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
+
+WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj,
+        const byte* der, word32 len, int addHdr);
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key,
+        word32* keySz);
+WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
+        const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
+        word32* keySz);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h
index 4dff068b9..69b5c14e5 100644
--- a/wolfssl/ocsp.h
+++ b/wolfssl/ocsp.h
@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,6 +48,16 @@ typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP;
 typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
 
 typedef struct OcspRequest WOLFSSL_OCSP_REQUEST;
+
+typedef struct {
+    WOLFSSL_BIO *bio;
+    WOLFSSL_BIO *reqResp; /* First used for request then for response */
+    byte* buf;
+    int bufLen;
+    int state;
+    int ioState;
+    int sent;
+} WOLFSSL_OCSP_REQ_CTX;
 #endif
 
 WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm);
@@ -67,13 +77,11 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
 WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert,
                                      void* vp);
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
-
-    WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
-                                                  WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
-                                                  WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd,
-                                                  WOLFSSL_ASN1_TIME **nextupd);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
+                                              WOLFSSL_OCSP_CERTID *id, int *status, int *reason,
+                                              WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd,
+                                              WOLFSSL_ASN1_TIME **nextupd);
 WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s);
 WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
     WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec);
@@ -132,8 +140,21 @@ WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
 WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(
     WOLFSSL_OCSP_BASICRESP *bs, int idx);
 
-#endif
-#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio,
+        int maxline);
+WOLFSSL_API void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx);
+WOLFSSL_API WOLFSSL_OCSP_REQ_CTX *wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
+        const char *path, OcspRequest *req, int maxline);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx,
+        OcspRequest *req);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
+                             const char *name, const char *value);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx,
+        const char *op, const char *path);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx);
+WOLFSSL_API int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp,
+        WOLFSSL_OCSP_REQ_CTX *rctx);
+
 WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req,
         WOLFSSL_X509_EXTENSION* ext, int idx);
 WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status,
@@ -148,7 +169,7 @@ WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req,
         unsigned char* val, int sz);
 WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req,
         WOLFSSL_OCSP_BASICRESP* bs);
-#endif
+#endif /* OPENSSL_EXTRA */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h
index 38e71ae5b..4710f7231 100644
--- a/wolfssl/openssl/aes.h
+++ b/wolfssl/openssl/aes.h
@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,27 +53,37 @@
 typedef struct WOLFSSL_AES_KEY {
     ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1];
 } WOLFSSL_AES_KEY;
-typedef WOLFSSL_AES_KEY AES_KEY;
 
 WOLFSSL_API int wolfSSL_AES_set_encrypt_key(
-    const unsigned char *key, const int bits, AES_KEY *aes);
+    const unsigned char *key, const int bits, WOLFSSL_AES_KEY *aes);
 WOLFSSL_API int wolfSSL_AES_set_decrypt_key(
-    const unsigned char *key, const int bits, AES_KEY *aes);
+    const unsigned char *key, const int bits, WOLFSSL_AES_KEY *aes);
 WOLFSSL_API void wolfSSL_AES_cbc_encrypt(
-    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
+    const unsigned char *in, unsigned char* out, size_t len, WOLFSSL_AES_KEY *key,
     unsigned char* iv, const int enc);
 WOLFSSL_API void wolfSSL_AES_ecb_encrypt(
-    const unsigned char *in, unsigned char* out, AES_KEY *key, const int enc);
+    const unsigned char *in, unsigned char* out, WOLFSSL_AES_KEY *key, const int enc);
 WOLFSSL_API void wolfSSL_AES_cfb128_encrypt(
-    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
+    const unsigned char *in, unsigned char* out, size_t len, WOLFSSL_AES_KEY *key,
     unsigned char* iv, int* num, const int enc);
 WOLFSSL_API int wolfSSL_AES_wrap_key(
-    AES_KEY *key, const unsigned char *iv, unsigned char *out,
+    WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out,
     const unsigned char *in, unsigned int inlen);
 WOLFSSL_API int wolfSSL_AES_unwrap_key(
-    AES_KEY *key, const unsigned char *iv, unsigned char *out,
+    WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out,
     const unsigned char *in, unsigned int inlen);
 
+#ifdef WOLFSSL_AES_DIRECT
+WOLFSSL_API void wolfSSL_AES_encrypt(
+    const unsigned char* input, unsigned char* output, WOLFSSL_AES_KEY *key);
+WOLFSSL_API void wolfSSL_AES_decrypt(
+    const unsigned char* input, unsigned char* output, WOLFSSL_AES_KEY *key);
+#endif /* WOLFSSL_AES_DIRECT */
+
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_AES_KEY AES_KEY;
+
 #define AES_cbc_encrypt     wolfSSL_AES_cbc_encrypt
 #define AES_ecb_encrypt     wolfSSL_AES_ecb_encrypt
 #define AES_cfb128_encrypt  wolfSSL_AES_cfb128_encrypt
@@ -83,11 +93,6 @@ WOLFSSL_API int wolfSSL_AES_unwrap_key(
 #define AES_unwrap_key      wolfSSL_AES_unwrap_key
 
 #ifdef WOLFSSL_AES_DIRECT
-WOLFSSL_API void wolfSSL_AES_encrypt(
-    const unsigned char* input, unsigned char* output, AES_KEY *key);
-WOLFSSL_API void wolfSSL_AES_decrypt(
-    const unsigned char* input, unsigned char* output, AES_KEY *key);
-
 #define AES_encrypt         wolfSSL_AES_encrypt
 #define AES_decrypt         wolfSSL_AES_decrypt
 #endif /* WOLFSSL_AES_DIRECT */
@@ -99,6 +104,8 @@ WOLFSSL_API void wolfSSL_AES_decrypt(
 #define AES_DECRYPT AES_DECRYPTION
 #endif
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h
index 12ad36980..b9e2c19ca 100644
--- a/wolfssl/openssl/asn1.h
+++ b/wolfssl/openssl/asn1.h
@@ -1,6 +1,6 @@
 /* asn1.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,8 @@
 
 #include <wolfssl/openssl/ssl.h>
 
+#ifndef OPENSSL_COEXIST
+
 #define ASN1_STRING_new       wolfSSL_ASN1_STRING_new
 #define ASN1_STRING_type_new  wolfSSL_ASN1_STRING_type_new
 #define ASN1_STRING_type      wolfSSL_ASN1_STRING_type
@@ -37,34 +39,29 @@
 #define d2i_ASN1_OBJECT       wolfSSL_d2i_ASN1_OBJECT
 #define c2i_ASN1_OBJECT       wolfSSL_c2i_ASN1_OBJECT
 
-#define V_ASN1_INTEGER                   0x02
-#define V_ASN1_OCTET_STRING              0x04 /* tag for ASN1_OCTET_STRING */
-#define V_ASN1_NEG                       0x100
-#define V_ASN1_NEG_INTEGER               (2 | V_ASN1_NEG)
-#define V_ASN1_NEG_ENUMERATED            (10 | V_ASN1_NEG)
+#define V_ASN1_BIT_STRING               WOLFSSL_V_ASN1_BIT_STRING
+#define V_ASN1_INTEGER                  WOLFSSL_V_ASN1_INTEGER
+#define V_ASN1_NEG                      WOLFSSL_V_ASN1_NEG
+#define V_ASN1_NEG_INTEGER              WOLFSSL_V_ASN1_NEG_INTEGER
+#define V_ASN1_NEG_ENUMERATED           WOLFSSL_V_ASN1_NEG_ENUMERATED
 
 /* Type for ASN1_print_ex */
-# define ASN1_STRFLGS_ESC_2253           1
-# define ASN1_STRFLGS_ESC_CTRL           2
-# define ASN1_STRFLGS_ESC_MSB            4
-# define ASN1_STRFLGS_ESC_QUOTE          8
-# define ASN1_STRFLGS_UTF8_CONVERT       0x10
-# define ASN1_STRFLGS_IGNORE_TYPE        0x20
-# define ASN1_STRFLGS_SHOW_TYPE          0x40
-# define ASN1_STRFLGS_DUMP_ALL           0x80
-# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-# define ASN1_STRFLGS_DUMP_DER           0x200
-# define ASN1_STRFLGS_RFC2253            (ASN1_STRFLGS_ESC_2253 | \
-                                          ASN1_STRFLGS_ESC_CTRL | \
-                                          ASN1_STRFLGS_ESC_MSB | \
-                                          ASN1_STRFLGS_UTF8_CONVERT | \
-                                          ASN1_STRFLGS_DUMP_UNKNOWN | \
-                                          ASN1_STRFLGS_DUMP_DER)
+#define ASN1_STRFLGS_ESC_2253           WOLFSSL_ASN1_STRFLGS_ESC_2253
+#define ASN1_STRFLGS_ESC_CTRL           WOLFSSL_ASN1_STRFLGS_ESC_CTRL
+#define ASN1_STRFLGS_ESC_MSB            WOLFSSL_ASN1_STRFLGS_ESC_MSB
+#define ASN1_STRFLGS_ESC_QUOTE          WOLFSSL_ASN1_STRFLGS_ESC_QUOTE
+#define ASN1_STRFLGS_UTF8_CONVERT       WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT
+#define ASN1_STRFLGS_IGNORE_TYPE        WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE
+#define ASN1_STRFLGS_SHOW_TYPE          WOLFSSL_ASN1_STRFLGS_SHOW_TYPE
+#define ASN1_STRFLGS_DUMP_ALL           WOLFSSL_ASN1_STRFLGS_DUMP_ALL
+#define ASN1_STRFLGS_DUMP_UNKNOWN       WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN
+#define ASN1_STRFLGS_DUMP_DER           WOLFSSL_ASN1_STRFLGS_DUMP_DER
+#define ASN1_STRFLGS_RFC2253            WOLFSSL_ASN1_STRFLGS_RFC2253
 
-#define MBSTRING_UTF8                    0x1000
-#define MBSTRING_ASC                     0x1001
-#define MBSTRING_BMP                     0x1002
-#define MBSTRING_UNIV                    0x1004
+#define MBSTRING_UTF8                   WOLFSSL_MBSTRING_UTF8
+#define MBSTRING_ASC                    WOLFSSL_MBSTRING_ASC
+#define MBSTRING_BMP                    WOLFSSL_MBSTRING_BMP
+#define MBSTRING_UNIV                   WOLFSSL_MBSTRING_UNIV
 
 #define ASN1_UTCTIME_print              wolfSSL_ASN1_UTCTIME_print
 #define ASN1_TIME_check                 wolfSSL_ASN1_TIME_check
@@ -72,45 +69,48 @@
 #define ASN1_TIME_compare               wolfSSL_ASN1_TIME_compare
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 
-#define V_ASN1_EOC                      0
-#define V_ASN1_NULL                     5
-#define V_ASN1_OBJECT                   6
-#define V_ASN1_UTF8STRING               12
-#define V_ASN1_SEQUENCE                 16
-#define V_ASN1_SET                      17
-#define V_ASN1_PRINTABLESTRING          19
-#define V_ASN1_T61STRING                20
-#define V_ASN1_IA5STRING                22
-#define V_ASN1_UTCTIME                  23
-#define V_ASN1_GENERALIZEDTIME          24
-#define V_ASN1_UNIVERSALSTRING          28
-#define V_ASN1_BMPSTRING                30
+#define V_ASN1_EOC                      WOLFSSL_V_ASN1_EOC
+#define V_ASN1_BOOLEAN                  WOLFSSL_V_ASN1_BOOLEAN
+#define V_ASN1_OCTET_STRING             WOLFSSL_V_ASN1_OCTET_STRING
+#define V_ASN1_NULL                     WOLFSSL_V_ASN1_NULL
+#define V_ASN1_OBJECT                   WOLFSSL_V_ASN1_OBJECT
+#define V_ASN1_UTF8STRING               WOLFSSL_V_ASN1_UTF8STRING
+#define V_ASN1_SEQUENCE                 WOLFSSL_V_ASN1_SEQUENCE
+#define V_ASN1_SET                      WOLFSSL_V_ASN1_SET
+#define V_ASN1_PRINTABLESTRING          WOLFSSL_V_ASN1_PRINTABLESTRING
+#define V_ASN1_T61STRING                WOLFSSL_V_ASN1_T61STRING
+#define V_ASN1_IA5STRING                WOLFSSL_V_ASN1_IA5STRING
+#define V_ASN1_UTCTIME                  WOLFSSL_V_ASN1_UTCTIME
+#define V_ASN1_GENERALIZEDTIME          WOLFSSL_V_ASN1_GENERALIZEDTIME
+#define V_ASN1_UNIVERSALSTRING          WOLFSSL_V_ASN1_UNIVERSALSTRING
+#define V_ASN1_BMPSTRING                WOLFSSL_V_ASN1_BMPSTRING
 
+#define V_ASN1_CONSTRUCTED              WOLFSSL_V_ASN1_CONSTRUCTED
 
-#define V_ASN1_CONSTRUCTED              0x20
-
-#define ASN1_STRING_FLAG_BITS_LEFT       0x008
-#define ASN1_STRING_FLAG_NDEF            0x010
-#define ASN1_STRING_FLAG_CONT            0x020
-#define ASN1_STRING_FLAG_MSTRING         0x040
-#define ASN1_STRING_FLAG_EMBED           0x080
+#define ASN1_STRING_FLAG_BITS_LEFT      WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT
+#define ASN1_STRING_FLAG_NDEF           WOLFSSL_ASN1_STRING_FLAG_NDEF
+#define ASN1_STRING_FLAG_CONT           WOLFSSL_ASN1_STRING_FLAG_CONT
+#define ASN1_STRING_FLAG_MSTRING        WOLFSSL_ASN1_STRING_FLAG_MSTRING
+#define ASN1_STRING_FLAG_EMBED          WOLFSSL_ASN1_STRING_FLAG_EMBED
 
 /* X.509 PKI size limits from RFC2459 (appendix A) */
 /* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */
-#define ub_name                    CTC_NAME_SIZE /* 32768 */
-#define ub_common_name             CTC_NAME_SIZE /* 64 */
-#define ub_locality_name           CTC_NAME_SIZE /* 128 */
-#define ub_state_name              CTC_NAME_SIZE /* 128 */
-#define ub_organization_name       CTC_NAME_SIZE /* 64 */
-#define ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
-#define ub_title                   CTC_NAME_SIZE /* 64 */
-#define ub_email_address           CTC_NAME_SIZE /* 128 */
+#define ub_name                         WOLFSSL_ub_name
+#define ub_common_name                  WOLFSSL_ub_common_name
+#define ub_locality_name                WOLFSSL_ub_locality_name
+#define ub_state_name                   WOLFSSL_ub_state_name
+#define ub_organization_name            WOLFSSL_ub_organization_name
+#define ub_organization_unit_name       WOLFSSL_ub_organization_unit_name
+#define ub_title                        WOLFSSL_ub_title
+#define ub_email_address                WOLFSSL_ub_email_address
 
+#endif /* !OPENSSL_COEXIST */
 
 WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
     const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai);
 
 WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
+WOLFSSL_API int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a);
 
 WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
                                         int *cls, long inLen);
@@ -122,50 +122,165 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a
 /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
  * we don't use this. Some projects use OpenSSL to implement ASN1 types and
  * this section is only to provide those projects with ASN1 functionality. */
-typedef struct {
-    size_t offset;              /* Offset of this field in structure */
-    byte type;                  /* The type of the member as defined in
-                                 * WOLFSSL_ASN1_TYPES */
-} WOLFSSL_ASN1_TEMPLATE;
 
-typedef struct {
-    byte type;                              /* One of the ASN_Tags types */
-    const WOLFSSL_ASN1_TEMPLATE *members;   /* If SEQUENCE or CHOICE this
-                                             * contains the contents */
+typedef void* (*WolfsslAsn1NewCb)(void);
+typedef void (*WolfsslAsn1FreeCb)(void*);
+typedef int (*WolfsslAsn1i2dCb)(const void*, unsigned char**);
+typedef void* (*WolfsslAsn1d2iCb)(void**, const byte **, long);
+
+struct WOLFSSL_ASN1_TEMPLATE {
+    /* Type functions */
+    WolfsslAsn1NewCb new_func;
+    WolfsslAsn1FreeCb free_func;
+    WolfsslAsn1i2dCb i2d_func;
+    WolfsslAsn1d2iCb d2i_func;
+    /* Member info */
+    size_t offset;              /* Offset of this field in structure */
+    /* DER info */
+    int tag;
+    byte first_byte;            /* First expected byte. Required for
+                                 * IMPLICIT types. */
+    byte ex:1;                  /* explicit, name conflicts with C++ keyword */
+    byte sequence:1;
+};
+
+enum WOLFSSL_ASN1_TYPES {
+    WOLFSSL_ASN1_SEQUENCE = 0,
+    WOLFSSL_ASN1_CHOICE,
+    WOLFSSL_ASN1_OBJECT_TYPE,
+};
+
+struct WOLFSSL_ASN1_ITEM {
+    enum WOLFSSL_ASN1_TYPES type;
+    const struct WOLFSSL_ASN1_TEMPLATE* members; /* If SEQUENCE or CHOICE this
+                                                  * contains the contents */
     size_t mcount;                          /* Number of members if SEQUENCE
                                              * or CHOICE */
     size_t size;                            /* Structure size */
-} WOLFSSL_ASN1_ITEM;
+    size_t toffset;                         /* Type offset */
+};
 
-typedef enum {
-    WOLFSSL_X509_ALGOR_ASN1 = 0,
-    WOLFSSL_ASN1_BIT_STRING_ASN1,
-    WOLFSSL_ASN1_INTEGER_ASN1,
-} WOLFSSL_ASN1_TYPES;
+typedef struct WOLFSSL_ASN1_TEMPLATE WOLFSSL_ASN1_TEMPLATE;
+typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM;
 
-#define ASN1_SEQUENCE(type) \
-    static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
+#define ASN1_BIT_STRING_FIRST_BYTE ASN_BIT_STRING
+#define ASN1_TFLG_EXPLICIT      (0x1 << 0)
+#define ASN1_TFLG_SEQUENCE_OF   (0x1 << 1)
+#define ASN1_TFLG_IMPTAG        (0x1 << 2)
+#define ASN1_TFLG_EXPTAG        (0x1 << 3)
 
-#define ASN1_SIMPLE(type, member, member_type) \
-    { OFFSETOF(type, member), \
-        WOLFSSL_##member_type##_ASN1 }
+#define ASN1_TFLG_TAG_MASK      (ASN1_TFLG_IMPTAG|ASN1_TFLG_EXPTAG)
 
-#define ASN1_SEQUENCE_END(type) \
+#define ASN1_ITEM_TEMPLATE(mtype) \
+        static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data
+
+#define ASN1_ITEM_TEMPLATE_END(mtype) \
     ; \
-    const WOLFSSL_ASN1_ITEM type##_template_data = { \
-            ASN_SEQUENCE, \
-            type##_member_data, \
-            sizeof(type##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
-            sizeof(type) \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_OBJECT_TYPE, \
+            &mtype##_member_data, \
+            1, \
+            0, \
+            0 \
     };
 
+#define ASN1_SEQUENCE(mtype) \
+    static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[]
+
+#define ASN1_SEQUENCE_END(mtype) \
+    ; \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_SEQUENCE, \
+            mtype##_member_data, \
+            sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+            sizeof(mtype), \
+            0 \
+    }; \
+    static WC_MAYBE_UNUSED const byte mtype##_FIRST_BYTE = \
+        ASN_CONSTRUCTED | ASN_SEQUENCE;
+
+/* This is what a ASN1_CHOICE type should look like
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ */
+
+#define ASN1_CHOICE(mtype) \
+    static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[]
+
+#define ASN1_CHOICE_END(mtype) \
+    ; \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_CHOICE, \
+            mtype##_member_data, \
+            sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+            sizeof(mtype) ,\
+            WC_OFFSETOF(mtype, type) \
+    };
+
+#define ASN1_TYPE(type, member, tag, first_byte, exp, seq) \
+    WC_OFFSETOF(type, member), tag, first_byte, exp, seq
+
+/* Function callbacks need to be defined immediately otherwise we will
+ * incorrectly expand the type. Ex: ASN1_INTEGER -> WOLFSSL_ASN1_INTEGER */
+
+#define ASN1_SIMPLE(type, member, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, -1, 0, 0, 0) }
+
+#define ASN1_IMP(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, member_type##_FIRST_BYTE, 0, 0) }
+
+#define ASN1_EXP(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, 0, 1, 0) }
+
+#define ASN1_SEQUENCE_OF(type, member, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, -1, 0, 0, 1) }
+
+#define ASN1_EXP_SEQUENCE_OF(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, 0, 1, 1) }
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      0, (flags) & ASN1_TFLG_TAG_MASK ? (tag) : -1, 0, \
+      !!((flags) & ASN1_TFLG_EXPLICIT), TRUE }
+
 WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl);
-WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void wolfSSL_ASN1_item_free(void *obj,
+        const WOLFSSL_ASN1_ITEM *item);
 WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
                                       const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item);
 
 /* Need function declaration otherwise compiler complains */
-/* // NOLINTBEGIN(readability-named-parameter) */
+/* // NOLINTBEGIN(readability-named-parameter,bugprone-macro-parentheses) */
 #define IMPLEMENT_ASN1_FUNCTIONS(type) \
     type *type##_new(void); \
     type *type##_new(void){ \
@@ -178,15 +293,23 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
     int i2d_##type(type *src, byte **dest); \
     int i2d_##type(type *src, byte **dest) \
     { \
-        return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\
+        return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data); \
+    } \
+    type* d2i_##type(type **dst, const byte **src, long len); \
+    type* d2i_##type(type **dst, const byte **src, long len) \
+    { \
+        return (type*)wolfSSL_ASN1_item_d2i((void**)dst, src, len, \
+                &type##_template_data); \
     }
-/* // NOLINTEND(readability-named-parameter) */
+/* // NOLINTEND(readability-named-parameter,bugprone-macro-parentheses) */
 
 #endif /* OPENSSL_ALL */
 
 #define BN_to_ASN1_INTEGER          wolfSSL_BN_to_ASN1_INTEGER
 #define ASN1_TYPE_set               wolfSSL_ASN1_TYPE_set
+#define ASN1_TYPE_get               wolfSSL_ASN1_TYPE_get
 #define ASN1_TYPE_new               wolfSSL_ASN1_TYPE_new
 #define ASN1_TYPE_free              wolfSSL_ASN1_TYPE_free
+#define i2d_ASN1_TYPE               wolfSSL_i2d_ASN1_TYPE
 
 #endif /* WOLFSSL_ASN1_H_ */
diff --git a/wolfssl/openssl/asn1t.h b/wolfssl/openssl/asn1t.h
index e7d5affd9..2a52b3b16 100644
--- a/wolfssl/openssl/asn1t.h
+++ b/wolfssl/openssl/asn1t.h
@@ -1,6 +1,6 @@
 /* asn1t.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h
index e6f5a709c..73214abcc 100644
--- a/wolfssl/openssl/bio.h
+++ b/wolfssl/openssl/bio.h
@@ -1,6 +1,6 @@
 /* bio.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,6 +25,7 @@
 #ifndef WOLFSSL_BIO_H_
 #define WOLFSSL_BIO_H_
 
+#include <wolfssl/openssl/ssl.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -32,11 +33,57 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+/* helper to set specific retry/read flags */
+#define wolfSSL_BIO_set_retry_read(bio)\
+    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
+#define wolfSSL_BIO_set_retry_write(bio)\
+    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+
+/* BIO CTRL */
+#define WOLFSSL_BIO_CTRL_RESET             1
+#define WOLFSSL_BIO_CTRL_EOF               2
+#define WOLFSSL_BIO_CTRL_INFO              3
+#define WOLFSSL_BIO_CTRL_SET               4
+#define WOLFSSL_BIO_CTRL_GET               5
+#define WOLFSSL_BIO_CTRL_PUSH              6
+#define WOLFSSL_BIO_CTRL_POP               7
+#define WOLFSSL_BIO_CTRL_GET_CLOSE         8
+#define WOLFSSL_BIO_CTRL_SET_CLOSE         9
+#define WOLFSSL_BIO_CTRL_PENDING           10
+#define WOLFSSL_BIO_CTRL_FLUSH             11
+#define WOLFSSL_BIO_CTRL_DUP               12
+#define WOLFSSL_BIO_CTRL_WPENDING          13
+
+#define WOLFSSL_BIO_C_SET_FILE_PTR              106
+#define WOLFSSL_BIO_C_GET_FILE_PTR              107
+#define WOLFSSL_BIO_C_SET_FILENAME              108
+#define WOLFSSL_BIO_C_SET_BUF_MEM               114
+#define WOLFSSL_BIO_C_GET_BUF_MEM_PTR           115
+#define WOLFSSL_BIO_C_FILE_SEEK                 128
+#define WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN    130
+#define WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE        136
+#define WOLFSSL_BIO_C_MAKE_WOLFSSL_BIO_PAIR             138
+
+#define WOLFSSL_BIO_CTRL_DGRAM_CONNECT       31
+#define WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED 32
+#define WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU     40
+#define WOLFSSL_BIO_CTRL_DGRAM_SET_PEER      44
+
+#define WOLFSSL_BIO_FP_TEXT                0x00
+#define WOLFSSL_BIO_NOCLOSE                0x00
+#define WOLFSSL_BIO_CLOSE                  0x01
+
+#define WOLFSSL_BIO_FP_WRITE               0x04
+
+#ifndef OPENSSL_COEXIST
+
 #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
 #define BIO_FLAGS_READ         WOLFSSL_BIO_FLAG_READ
 #define BIO_FLAGS_WRITE        WOLFSSL_BIO_FLAG_WRITE
 #define BIO_FLAGS_IO_SPECIAL   WOLFSSL_BIO_FLAG_IO_SPECIAL
 #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
+/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */
+#define BIO_FLAGS_MEM_RDONLY   WOLFSSL_BIO_FLAG_MEM_RDONLY
 
 #define BIO_new_fp                      wolfSSL_BIO_new_fp
 #if defined(OPENSSL_ALL) \
@@ -57,9 +104,11 @@
 #endif
 #define BIO_int_ctrl                    wolfSSL_BIO_int_ctrl
 #define BIO_reset                       wolfSSL_BIO_reset
+#define BIO_s_null                      wolfSSL_BIO_s_null
 #define BIO_s_file                      wolfSSL_BIO_s_file
 #define BIO_s_bio                       wolfSSL_BIO_s_bio
 #define BIO_s_socket                    wolfSSL_BIO_s_socket
+#define BIO_s_datagram                  wolfSSL_BIO_s_datagram
 #define BIO_s_accept                    wolfSSL_BIO_s_socket
 #define BIO_set_fd                      wolfSSL_BIO_set_fd
 #define BIO_set_close                   wolfSSL_BIO_set_close
@@ -122,10 +171,8 @@
 #define BIO_get_ex_data            wolfSSL_BIO_get_ex_data
 
 /* helper to set specific retry/read flags */
-#define BIO_set_retry_read(bio)\
-    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
-#define BIO_set_retry_write(bio)\
-    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+#define BIO_set_retry_read(bio) wolfSSL_BIO_set_retry_read(bio)
+#define BIO_set_retry_write(bio) wolfSSL_BIO_set_retry_write(bio)
 
 #define BIO_clear_retry_flags      wolfSSL_BIO_clear_retry_flags
 
@@ -143,40 +190,42 @@
 #define BIO_snprintf               XSNPRINTF
 
 /* BIO CTRL */
-#define BIO_CTRL_RESET             1
-#define BIO_CTRL_EOF               2
-#define BIO_CTRL_INFO              3
-#define BIO_CTRL_SET               4
-#define BIO_CTRL_GET               5
-#define BIO_CTRL_PUSH              6
-#define BIO_CTRL_POP               7
-#define BIO_CTRL_GET_CLOSE         8
-#define BIO_CTRL_SET_CLOSE         9
-#define BIO_CTRL_PENDING           10
-#define BIO_CTRL_FLUSH             11
-#define BIO_CTRL_DUP               12
-#define BIO_CTRL_WPENDING          13
+#define BIO_CTRL_RESET              WOLFSSL_BIO_CTRL_RESET
+#define BIO_CTRL_EOF                WOLFSSL_BIO_CTRL_EOF
+#define BIO_CTRL_INFO               WOLFSSL_BIO_CTRL_INFO
+#define BIO_CTRL_SET                WOLFSSL_BIO_CTRL_SET
+#define BIO_CTRL_GET                WOLFSSL_BIO_CTRL_GET
+#define BIO_CTRL_PUSH               WOLFSSL_BIO_CTRL_PUSH
+#define BIO_CTRL_POP                WOLFSSL_BIO_CTRL_POP
+#define BIO_CTRL_GET_CLOSE          WOLFSSL_BIO_CTRL_GET_CLOSE
+#define BIO_CTRL_SET_CLOSE          WOLFSSL_BIO_CTRL_SET_CLOSE
+#define BIO_CTRL_PENDING            WOLFSSL_BIO_CTRL_PENDING
+#define BIO_CTRL_FLUSH              WOLFSSL_BIO_CTRL_FLUSH
+#define BIO_CTRL_DUP                WOLFSSL_BIO_CTRL_DUP
+#define BIO_CTRL_WPENDING           WOLFSSL_BIO_CTRL_WPENDING
 
-#define BIO_C_SET_FILE_PTR              106
-#define BIO_C_GET_FILE_PTR              107
-#define BIO_C_SET_FILENAME              108
-#define BIO_C_SET_BUF_MEM               114
-#define BIO_C_GET_BUF_MEM_PTR           115
-#define BIO_C_FILE_SEEK                 128
-#define BIO_C_SET_BUF_MEM_EOF_RETURN    130
-#define BIO_C_SET_WRITE_BUF_SIZE        136
-#define BIO_C_MAKE_BIO_PAIR             138
+#define BIO_C_SET_FILE_PTR               WOLFSSL_BIO_C_SET_FILE_PTR
+#define BIO_C_GET_FILE_PTR               WOLFSSL_BIO_C_GET_FILE_PTR
+#define BIO_C_SET_FILENAME               WOLFSSL_BIO_C_SET_FILENAME
+#define BIO_C_SET_BUF_MEM                WOLFSSL_BIO_C_SET_BUF_MEM
+#define BIO_C_GET_BUF_MEM_PTR            WOLFSSL_BIO_C_GET_BUF_MEM_PTR
+#define BIO_C_FILE_SEEK                  WOLFSSL_BIO_C_FILE_SEEK
+#define BIO_C_SET_BUF_MEM_EOF_RETURN     WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN
+#define BIO_C_SET_WRITE_BUF_SIZE         WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE
+#define BIO_C_MAKE_BIO_PAIR              WOLFSSL_BIO_C_MAKE_BIO_PAIR
 
-#define BIO_CTRL_DGRAM_QUERY_MTU   40
+#define BIO_CTRL_DGRAM_CONNECT        WOLFSSL_BIO_CTRL_DGRAM_CONNECT
+#define BIO_CTRL_DGRAM_SET_CONNECTED  WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED
+#define BIO_CTRL_DGRAM_QUERY_MTU      WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU
+#define BIO_CTRL_DGRAM_SET_PEER       WOLFSSL_BIO_CTRL_DGRAM_SET_PEER
 
-#define BIO_FP_TEXT                0x00
-#define BIO_NOCLOSE                0x00
-#define BIO_CLOSE                  0x01
+#define BIO_FP_TEXT                 WOLFSSL_BIO_FP_TEXT
+#define BIO_NOCLOSE                 WOLFSSL_BIO_NOCLOSE
+#define BIO_CLOSE                   WOLFSSL_BIO_CLOSE
 
-#define BIO_FP_WRITE               0x04
+#define BIO_FP_WRITE                WOLFSSL_BIO_FP_WRITE
 
-/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */
-#define BIO_FLAGS_MEM_RDONLY       0x200
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 973b85565..c0d7f9b6b 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -1,6 +1,6 @@
 /* bn.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,9 @@
 typedef struct WOLFSSL_BIGNUM {
     int neg;        /* openssh deference */
     void *internal; /* our big num */
+#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)
     mp_int mpi;
+#endif
 } WOLFSSL_BIGNUM;
 
 #define WOLFSSL_BN_ULONG unsigned long
@@ -75,11 +77,17 @@ typedef struct WOLFSSL_BIGNUM {
 
 #define WOLFSSL_BN_MAX_VAL          ((BN_ULONG)-1)
 
-typedef struct WOLFSSL_BN_CTX   WOLFSSL_BN_CTX;
-typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
+struct WOLFSSL_BN_CTX_LIST {
+    WOLFSSL_BIGNUM* bn;
+    struct WOLFSSL_BN_CTX_LIST* next;
+};
+typedef struct WOLFSSL_BN_CTX {
+    struct WOLFSSL_BN_CTX_LIST* list;
+} WOLFSSL_BN_CTX;
+typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX;
+typedef struct WOLFSSL_BN_GENCB    WOLFSSL_BN_GENCB;
 
 WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
-WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx);
 WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
@@ -148,6 +156,8 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn,
                                   int n);
 WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
 WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w);
 WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n);
 WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n);
 WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
@@ -181,8 +191,15 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
     const WOLFSSL_BIGNUM *n,
     WOLFSSL_BN_CTX *ctx);
 
+WOLFSSL_API WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void);
+WOLFSSL_API void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont);
+WOLFSSL_API int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont,
+        const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r,
+        WOLFSSL_BN_ULONG a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m,
+        WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_MONT_CTX *mont);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 #define BN_RAND_TOP_ANY     WOLFSSL_BN_RAND_TOP_ANY
 #define BN_RAND_TOP_ONE     WOLFSSL_BN_RAND_TOP_ONE
@@ -191,13 +208,18 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
 #define BN_RAND_BOTTOM_ANY  WOLFSSL_BN_RAND_BOTTOM_ANY
 #define BN_RAND_BOTTOM_ODD  WOLFSSL_BN_RAND_BOTTOM_ODD
 
-typedef WOLFSSL_BIGNUM   BIGNUM;
-typedef WOLFSSL_BN_CTX   BN_CTX;
-typedef WOLFSSL_BN_GENCB BN_GENCB;
+typedef WOLFSSL_BIGNUM      BIGNUM;
+typedef WOLFSSL_BN_CTX      BN_CTX;
+typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX;
+typedef WOLFSSL_BN_GENCB    BN_GENCB;
 
+#ifndef NO_WOLFSSL_BN_CTX
 #define BN_CTX_new        wolfSSL_BN_CTX_new
-#define BN_CTX_init       wolfSSL_BN_CTX_init
 #define BN_CTX_free       wolfSSL_BN_CTX_free
+#else
+#define BN_CTX_new()      ((BN_CTX*)-1)
+#define BN_CTX_free(x)    ((void)(x))
+#endif
 
 #define BN_new        wolfSSL_BN_new
 #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)
@@ -225,6 +247,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_mod       wolfSSL_BN_mod
 #define BN_mod_exp   wolfSSL_BN_mod_exp
+#define BN_mod_exp_mont(a,b,c,d,e,f)   \
+    ((void)(f), wolfSSL_BN_mod_exp((a),(b),(c),(d),(e)))
 #define BN_mod_mul   wolfSSL_BN_mod_mul
 #define BN_sub       wolfSSL_BN_sub
 #define BN_mul       wolfSSL_BN_mul
@@ -252,7 +276,9 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_lshift wolfSSL_BN_lshift
 #define BN_add_word wolfSSL_BN_add_word
+#define BN_mul_word wolfSSL_BN_mul_word
 #define BN_sub_word wolfSSL_BN_sub_word
+#define BN_div_word wolfSSL_BN_div_word
 #define BN_add wolfSSL_BN_add
 #define BN_mod_add wolfSSL_BN_mod_add
 #define BN_set_word wolfSSL_BN_set_word
@@ -286,7 +312,12 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_prime_checks 0
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#define BN_MONT_CTX_new            wolfSSL_BN_MONT_CTX_new
+#define BN_MONT_CTX_free           wolfSSL_BN_MONT_CTX_free
+#define BN_MONT_CTX_set            wolfSSL_BN_MONT_CTX_set
+#define BN_mod_exp_mont_word       wolfSSL_BN_mod_exp_mont_word
+
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/buffer.h b/wolfssl/openssl/buffer.h
index 52a7813ed..548d744a8 100644
--- a/wolfssl/openssl/buffer.h
+++ b/wolfssl/openssl/buffer.h
@@ -1,6 +1,6 @@
 /* buffer.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,6 +38,7 @@ WOLFSSL_API int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
 WOLFSSL_API int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len);
 WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 
+#ifndef OPENSSL_COEXIST
 
 #define BUF_MEM_new  wolfSSL_BUF_MEM_new
 #define BUF_MEM_grow wolfSSL_BUF_MEM_grow
@@ -47,6 +48,8 @@ WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 #define BUF_strlcpy wc_strlcpy
 #define BUF_strlcat wc_strlcat
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/camellia.h b/wolfssl/openssl/camellia.h
index aa830f534..fe5b17c2c 100644
--- a/wolfssl/openssl/camellia.h
+++ b/wolfssl/openssl/camellia.h
@@ -1,6 +1,6 @@
 /* camellia.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/cmac.h b/wolfssl/openssl/cmac.h
index 5ae013c12..489396c69 100644
--- a/wolfssl/openssl/cmac.h
+++ b/wolfssl/openssl/cmac.h
@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,8 +34,6 @@ typedef struct WOLFSSL_CMAC_CTX {
     WOLFSSL_EVP_CIPHER_CTX* cctx;
 } WOLFSSL_CMAC_CTX;
 
-typedef WOLFSSL_CMAC_CTX CMAC_CTX;
-
 WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void);
 WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx);
 WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx(
@@ -48,6 +46,10 @@ WOLFSSL_API int wolfSSL_CMAC_Update(
 WOLFSSL_API int wolfSSL_CMAC_Final(
     WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len);
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_CMAC_CTX CMAC_CTX;
+
 #define CMAC_CTX_new              wolfSSL_CMAC_CTX_new
 #define CMAC_CTX_free             wolfSSL_CMAC_CTX_free
 #define CMAC_CTX_get0_cipher_ctx  wolfSSL_CMAC_CTX_get0_cipher_ctx
@@ -55,6 +57,8 @@ WOLFSSL_API int wolfSSL_CMAC_Final(
 #define CMAC_Update               wolfSSL_CMAC_Update
 #define CMAC_Final                wolfSSL_CMAC_Final
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h
index 5355c6158..291c08d72 100644
--- a/wolfssl/openssl/cms.h
+++ b/wolfssl/openssl/cms.h
@@ -1,6 +1,6 @@
 /* cms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h
index c1afd62e1..58113c4e1 100644
--- a/wolfssl/openssl/compat_types.h
+++ b/wolfssl/openssl/compat_types.h
@@ -1,6 +1,6 @@
 /* compat_types.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,7 +50,9 @@ typedef struct WOLFSSL_EVP_PKEY_CTX   WOLFSSL_EVP_PKEY_CTX;
 typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX;
 typedef struct WOLFSSL_ASN1_PCTX      WOLFSSL_ASN1_PCTX;
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
+
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 typedef WOLFSSL_EVP_MD         EVP_MD;
 typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
 typedef WOLFSSL_EVP_CIPHER     EVP_CIPHER;
@@ -61,7 +63,7 @@ typedef WOLFSSL_EVP_PKEY       PKCS8_PRIV_KEY_INFO;
 
 typedef WOLFSSL_ENGINE         ENGINE;
 typedef WOLFSSL_EVP_PKEY_CTX   EVP_PKEY_CTX;
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
 
diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h
index 7c3d72106..d2e2eb4ea 100644
--- a/wolfssl/openssl/conf.h
+++ b/wolfssl/openssl/conf.h
@@ -1,6 +1,6 @@
 /* conf.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,8 +45,10 @@ typedef struct WOLFSSL_CONF {
     WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
 } WOLFSSL_CONF;
 
+#ifndef OPENSSL_COEXIST
 typedef WOLFSSL_CONF CONF;
 typedef WOLFSSL_CONF_VALUE CONF_VALUE;
+#endif
 
 #ifdef OPENSSL_EXTRA
 
@@ -58,7 +60,7 @@ WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
 WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
 WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
         const char *group, const char *name);
-WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+WOLFSSL_API int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group,
         const char *name, long *result);
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
         const WOLFSSL_CONF *conf, const char *section);
@@ -80,6 +82,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf_nid(WOLFSSL_CONF* c
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
         WOLFSSL_X509V3_CTX *ctx, const char *sName, const char *value);
 
+#ifndef OPENSSL_COEXIST
 #define sk_CONF_VALUE_new               wolfSSL_sk_CONF_VALUE_new
 #define sk_CONF_VALUE_free              wolfSSL_sk_CONF_VALUE_free
 #define sk_CONF_VALUE_pop_free(a,b)     wolfSSL_sk_CONF_VALUE_free(a)
@@ -103,6 +106,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
 #define X509V3_EXT_nconf_nid            wolfSSL_X509V3_EXT_nconf_nid
 #define X509V3_EXT_nconf                wolfSSL_X509V3_EXT_nconf
 #define X509V3_conf_free                wolfSSL_X509V3_conf_free
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA */
 
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index f57626f33..e05468e84 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,14 +29,20 @@
 typedef struct WOLFSSL_INIT_SETTINGS {
     char* appname;
 } WOLFSSL_INIT_SETTINGS;
-typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
+#ifndef OPENSSL_COEXIST
+#define OPENSSL_INIT_SETTINGS WOLFSSL_INIT_SETTINGS
+#endif
 
 typedef struct WOLFSSL_CRYPTO_THREADID {
     int dummy;
 } WOLFSSL_CRYPTO_THREADID;
+#ifndef OPENSSL_COEXIST
 typedef struct crypto_threadid_st   CRYPTO_THREADID;
+#endif
 
+#ifndef OPENSSL_COEXIST
 typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
+#endif
 
 #ifdef HAVE_EX_DATA
 typedef WOLFSSL_CRYPTO_EX_new CRYPTO_new_func;
@@ -68,10 +74,13 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
 WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);
 
-WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
+WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const WOLFSSL_INIT_SETTINGS *settings);
 #endif
 
 /* class index for wolfSSL_CRYPTO_get_ex_new_index */
+
+#ifndef OPENSSL_COEXIST
+
 #define CRYPTO_EX_INDEX_SSL             WOLF_CRYPTO_EX_INDEX_SSL
 #define CRYPTO_EX_INDEX_SSL_CTX         WOLF_CRYPTO_EX_INDEX_SSL_CTX
 #define CRYPTO_EX_INDEX_SSL_SESSION     WOLF_CRYPTO_EX_INDEX_SSL_SESSION
@@ -96,13 +105,9 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT
 #define SSLeay_version wolfSSLeay_version
 #define SSLeay wolfSSLeay
 #define OpenSSL_version_num wolfSSL_OpenSSL_version_num
+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+#define SSLEAY_VERSION OPENSSL_VERSION
 
-#if defined(WOLFSSL_QT) || defined(WOLFSSL_HITCH)
-    #define SSLEAY_VERSION 0x10001000L
-#else
-    #define SSLEAY_VERSION 0x0090600fL
-#endif
-#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
 #define CRYPTO_lock wc_LockMutex_ex
 
 /* this function was used to set the default malloc, free, and realloc */
@@ -157,6 +162,8 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT
 
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/des.h b/wolfssl/openssl/des.h
index ca0be3590..9554c2abb 100644
--- a/wolfssl/openssl/des.h
+++ b/wolfssl/openssl/des.h
@@ -1,6 +1,6 @@
 /* des.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,8 +49,8 @@ typedef unsigned int WOLFSSL_DES_LONG;
 
 
 enum {
-    DES_ENCRYPT = 1,
-    DES_DECRYPT = 0
+    WC_DES_ENCRYPT = 1,
+    WC_DES_DECRYPT = 0
 };
 
 
@@ -87,6 +87,13 @@ WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
 WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes);
 
 
+#ifndef OPENSSL_COEXIST
+
+enum {
+    DES_ENCRYPT = WC_DES_ENCRYPT,
+    DES_DECRYPT = WC_DES_DECRYPT
+};
+
 typedef WOLFSSL_DES_cblock DES_cblock;
 typedef WOLFSSL_const_DES_cblock const_DES_cblock;
 typedef WOLFSSL_DES_key_schedule DES_key_schedule;
@@ -106,6 +113,8 @@ typedef WOLFSSL_DES_LONG DES_LONG;
 #define DES_cbc_cksum         wolfSSL_DES_cbc_cksum
 #define DES_check_key_parity  wolfSSL_DES_check_key_parity
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index eacd033c9..70b1087b6 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,7 @@
 #define WOLFSSL_DH_H_
 
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/opensslv.h>
 
 #ifdef __cplusplus
@@ -67,6 +68,9 @@ WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub,
                                      WOLFSSL_DH* dh);
+WOLFSSL_API int wolfSSL_DH_compute_key_padded(unsigned char* key,
+                                const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh);
+
 WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf,
                                    int derSz);
 WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len);
@@ -75,7 +79,7 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
 
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 typedef WOLFSSL_DH                   DH;
 
@@ -91,6 +95,7 @@ typedef WOLFSSL_DH                   DH;
 #define DH_size         wolfSSL_DH_size
 #define DH_generate_key wolfSSL_DH_generate_key
 #define DH_compute_key  wolfSSL_DH_compute_key
+#define DH_compute_key_padded wolfSSL_DH_compute_key_padded
 #define DH_set_length   wolfSSL_DH_set_length
 #define DH_set0_pqg     wolfSSL_DH_set0_pqg
 #define DH_get0_pqg     wolfSSL_DH_get0_pqg
@@ -98,6 +103,8 @@ typedef WOLFSSL_DH                   DH;
 #define DH_set0_key     wolfSSL_DH_set0_key
 #define DH_bits(x)      (BN_num_bits((x)->p))
 
+#define OPENSSL_DH_MAX_MODULUS_BITS     DH_MAX_SIZE
+
 #define DH_GENERATOR_2                  2
 #define DH_CHECK_P_NOT_PRIME            0x01
 #define DH_CHECK_P_NOT_SAFE_PRIME       0x02
@@ -128,7 +135,7 @@ typedef WOLFSSL_DH                   DH;
 #define DH_GENERATOR_2 2
 #define DH_GENERATOR_5 5
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index 5a8c31c70..d5f64bbfe 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,7 @@
 #define WOLFSSL_DSA_H_
 
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/compat_types.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -117,11 +118,15 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-typedef WOLFSSL_DSA                   DSA;
-
 #define WOLFSSL_DSA_LOAD_PRIVATE 1
 #define WOLFSSL_DSA_LOAD_PUBLIC  2
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_DSA                   DSA;
+
+#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
+
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
 #define DSA_print_fp wolfSSL_DSA_print_fp
@@ -148,6 +153,8 @@ typedef WOLFSSL_DSA                   DSA;
 
 #define DSA_SIG                    WOLFSSL_DSA_SIG
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h
index 23ef5e9a2..d68217b8f 100644
--- a/wolfssl/openssl/ec.h
+++ b/wolfssl/openssl/ec.h
@@ -1,6 +1,6 @@
 /* ec.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,7 +25,9 @@
 #define WOLFSSL_EC_H_
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 
@@ -34,53 +36,114 @@ extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* Map OpenSSL NID value */
 enum {
-    POINT_CONVERSION_COMPRESSED = 2,
-    POINT_CONVERSION_UNCOMPRESSED = 4,
+    WC_POINT_CONVERSION_COMPRESSED = 2,
+    WC_POINT_CONVERSION_UNCOMPRESSED = 4,
 
 #ifdef HAVE_ECC
     /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by
         calling NIDToEccEnum() in ssl.c */
-    NID_X9_62_prime192v1 = 409,
-    NID_X9_62_prime192v2 = 410,
-    NID_X9_62_prime192v3 = 411,
-    NID_X9_62_prime239v1 = 412,
-    NID_X9_62_prime239v2 = 413,
-    NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
-    NID_X9_62_prime256v1 = 415,
-    NID_secp112r1 = 704,
-    NID_secp112r2 = 705,
-    NID_secp128r1 = 706,
-    NID_secp128r2 = 707,
-    NID_secp160r1 = 709,
-    NID_secp160r2 = 710,
-    NID_secp224r1 = 713,
-    NID_secp384r1 = 715,
-    NID_secp521r1 = 716,
-    NID_secp160k1 = 708,
-    NID_secp192k1 = 711,
-    NID_secp224k1 = 712,
-    NID_secp256k1 = 714,
-    NID_brainpoolP160r1 = 921,
-    NID_brainpoolP192r1 = 923,
-    NID_brainpoolP224r1 = 925,
-    NID_brainpoolP256r1 = 927,
-    NID_brainpoolP320r1 = 929,
-    NID_brainpoolP384r1 = 931,
-    NID_brainpoolP512r1 = 933,
+    WC_NID_X9_62_prime192v1 = 409,
+    WC_NID_X9_62_prime192v2 = 410,
+    WC_NID_X9_62_prime192v3 = 411,
+    WC_NID_X9_62_prime239v1 = 412,
+    WC_NID_X9_62_prime239v2 = 413,
+    WC_NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
+    WC_NID_X9_62_prime256v1 = 415,
+    WC_NID_secp112r1 = 704,
+    WC_NID_secp112r2 = 705,
+    WC_NID_secp128r1 = 706,
+    WC_NID_secp128r2 = 707,
+    WC_NID_secp160r1 = 709,
+    WC_NID_secp160r2 = 710,
+    WC_NID_secp224r1 = 713,
+    WC_NID_secp384r1 = 715,
+    WC_NID_secp521r1 = 716,
+    WC_NID_secp160k1 = 708,
+    WC_NID_secp192k1 = 711,
+    WC_NID_secp224k1 = 712,
+    WC_NID_secp256k1 = 714,
+    WC_NID_brainpoolP160r1 = 921,
+    WC_NID_brainpoolP192r1 = 923,
+    WC_NID_brainpoolP224r1 = 925,
+    WC_NID_brainpoolP256r1 = 927,
+    WC_NID_brainpoolP320r1 = 929,
+    WC_NID_brainpoolP384r1 = 931,
+    WC_NID_brainpoolP512r1 = 933,
 #endif
 
 #ifdef HAVE_ED448
-    NID_ED448 = ED448k,
+    WC_NID_ED448 = ED448k,
+#endif
+#ifdef HAVE_CURVE448
+    WC_NID_X448 = X448k,
 #endif
 #ifdef HAVE_ED25519
-    NID_ED25519 = ED25519k,
+    WC_NID_ED25519 = ED25519k,
+#endif
+#ifdef HAVE_CURVE25519
+    WC_NID_X25519 = X25519k,
 #endif
 
-    OPENSSL_EC_EXPLICIT_CURVE  = 0x000,
-    OPENSSL_EC_NAMED_CURVE  = 0x001,
+    WOLFSSL_EC_EXPLICIT_CURVE  = 0x000,
+    WOLFSSL_EC_NAMED_CURVE  = 0x001
 };
+
+#ifndef OPENSSL_COEXIST
+
+#define POINT_CONVERSION_COMPRESSED WC_POINT_CONVERSION_COMPRESSED
+#define POINT_CONVERSION_UNCOMPRESSED WC_POINT_CONVERSION_UNCOMPRESSED
+
+#ifdef HAVE_ECC
+#define NID_X9_62_prime192v1 WC_NID_X9_62_prime192v1
+#define NID_X9_62_prime192v2 WC_NID_X9_62_prime192v2
+#define NID_X9_62_prime192v3 WC_NID_X9_62_prime192v3
+#define NID_X9_62_prime239v1 WC_NID_X9_62_prime239v1
+#define NID_X9_62_prime239v2 WC_NID_X9_62_prime239v2
+#define NID_X9_62_prime239v3 WC_NID_X9_62_prime239v3
+#define NID_X9_62_prime256v1 WC_NID_X9_62_prime256v1
+#define NID_secp112r1 WC_NID_secp112r1
+#define NID_secp112r2 WC_NID_secp112r2
+#define NID_secp128r1 WC_NID_secp128r1
+#define NID_secp128r2 WC_NID_secp128r2
+#define NID_secp160r1 WC_NID_secp160r1
+#define NID_secp160r2 WC_NID_secp160r2
+#define NID_secp224r1 WC_NID_secp224r1
+#define NID_secp384r1 WC_NID_secp384r1
+#define NID_secp521r1 WC_NID_secp521r1
+#define NID_secp160k1 WC_NID_secp160k1
+#define NID_secp192k1 WC_NID_secp192k1
+#define NID_secp224k1 WC_NID_secp224k1
+#define NID_secp256k1 WC_NID_secp256k1
+#define NID_brainpoolP160r1 WC_NID_brainpoolP160r1
+#define NID_brainpoolP192r1 WC_NID_brainpoolP192r1
+#define NID_brainpoolP224r1 WC_NID_brainpoolP224r1
+#define NID_brainpoolP256r1 WC_NID_brainpoolP256r1
+#define NID_brainpoolP320r1 WC_NID_brainpoolP320r1
+#define NID_brainpoolP384r1 WC_NID_brainpoolP384r1
+#define NID_brainpoolP512r1 WC_NID_brainpoolP512r1
+#endif
+
+#ifdef HAVE_ED448
+#define NID_ED448 WC_NID_ED448
+#endif
+#ifdef HAVE_CURVE448
+#define NID_X448 WC_NID_X448
+#endif
+#ifdef HAVE_ED25519
+#define NID_ED25519 WC_NID_ED25519
+#endif
+#ifdef HAVE_CURVE25519
+#define NID_X25519 WC_NID_X25519
+#endif
+
+#define OPENSSL_EC_EXPLICIT_CURVE WOLFSSL_EC_EXPLICIT_CURVE
+#define OPENSSL_EC_NAMED_CURVE WOLFSSL_EC_NAMED_CURVE
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
@@ -122,8 +185,8 @@ struct WOLFSSL_EC_KEY {
     word16 pkcs8HeaderSz;
 
     /* option bits */
-    byte inSet:1;                /* internal set from external ? */
-    byte exSet:1;                /* external set from internal ? */
+    WC_BITFIELD inSet:1;                /* internal set from external ? */
+    WC_BITFIELD exSet:1;                /* external set from internal ? */
 
     wolfSSL_Ref ref;             /* Reference count information. */
 };
@@ -136,7 +199,16 @@ struct WOLFSSL_EC_BUILTIN_CURVE {
 #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
 #define WOLFSSL_EC_KEY_LOAD_PUBLIC  2
 
-typedef int point_conversion_form_t;
+typedef int wc_point_conversion_form_t;
+#ifndef OPENSSL_COEXIST
+#define point_conversion_form_t wc_point_conversion_form_t
+#endif
+
+typedef struct WOLFSSL_EC_KEY_METHOD {
+    /* Not implemented */
+    /* Just here so that some C compilers don't complain. To be removed. */
+    void* dummy_member;
+} WOLFSSL_EC_KEY_METHOD;
 
 WOLFSSL_API
 size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems);
@@ -175,7 +247,7 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
 WOLFSSL_API
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, int form);
 WOLFSSL_API
-point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
+wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
 WOLFSSL_API
 WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
                                           const WOLFSSL_EC_POINT *p,
@@ -193,6 +265,9 @@ WOLFSSL_API
 int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key,
                               const unsigned char* der, int derSz, int opt);
 WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+        WOLFSSL_EC_KEY **out);
+WOLFSSL_API
 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
 WOLFSSL_API
 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
@@ -306,20 +381,38 @@ WOLFSSL_API
 int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
                                     const WOLFSSL_EC_POINT *a);
 
-#ifndef HAVE_SELFTEST
 WOLFSSL_API
 char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
                                  const WOLFSSL_EC_POINT* point, int form,
                                  WOLFSSL_BN_CTX* ctx);
-#endif
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_POINT_hex2point
+                                (const WOLFSSL_EC_GROUP *group, const char *hex,
+                                    WOLFSSL_EC_POINT *p, WOLFSSL_BN_CTX *ctx);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void);
+WOLFSSL_API WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new(
+        const WOLFSSL_EC_KEY_METHOD *meth);
+WOLFSSL_API void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth);
+/* TODO when implementing change the types to the real callback signatures
+ * and use real parameter names */
+WOLFSSL_API void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth,
+        void* a1, void* a2, void* a3, void* a4, void* a5, void* a6);
+WOLFSSL_API void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth,
+        void* a1, void* a2, void* a3);
+WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method(
+        const WOLFSSL_EC_KEY *key);
+WOLFSSL_API int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key,
+        const WOLFSSL_EC_KEY_METHOD *meth);
+
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 typedef WOLFSSL_EC_KEY                EC_KEY;
 typedef WOLFSSL_EC_GROUP              EC_GROUP;
 typedef WOLFSSL_EC_GROUP              EC_METHOD;
 typedef WOLFSSL_EC_POINT              EC_POINT;
 typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
+typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 
 #ifndef HAVE_ECC
 #define OPENSSL_NO_EC
@@ -341,6 +434,8 @@ typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
 #define EC_KEY_check_key                wolfSSL_EC_KEY_check_key
 #define EC_KEY_print_fp                 wolfSSL_EC_KEY_print_fp
 
+#define d2i_EC_PUBKEY_bio               wolfSSL_d2i_EC_PUBKEY_bio
+
 #define ECDSA_size                      wolfSSL_ECDSA_size
 #define ECDSA_sign                      wolfSSL_ECDSA_sign
 #define ECDSA_verify                    wolfSSL_ECDSA_verify
@@ -356,7 +451,11 @@ typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
 #define EC_GROUP_order_bits             wolfSSL_EC_GROUP_order_bits
 #define EC_GROUP_method_of              wolfSSL_EC_GROUP_method_of
 #ifndef NO_WOLFSSL_STUB
-#define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING
+#ifdef WOLF_NO_VARIADIC_MACROS
+    #define EC_GROUP_set_point_conversion_form() WC_DO_NOTHING
+#else
+    #define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING
+#endif
 #endif
 
 #define EC_METHOD_get_field_type        wolfSSL_EC_METHOD_get_field_type
@@ -394,10 +493,11 @@ typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
 #define i2d_ECPrivateKey                wolfSSL_i2d_ECPrivateKey
 #define EC_KEY_set_conv_form            wolfSSL_EC_KEY_set_conv_form
 #define EC_KEY_get_conv_form            wolfSSL_EC_KEY_get_conv_form
+#define d2i_ECPKParameters              wolfSSL_d2i_ECPKParameters
+#define i2d_ECPKParameters              wolfSSL_i2d_ECPKParameters
 
-#ifndef HAVE_SELFTEST
-    #define EC_POINT_point2hex          wolfSSL_EC_POINT_point2hex
-#endif
+#define EC_POINT_point2hex              wolfSSL_EC_POINT_point2hex
+#define EC_POINT_hex2point              wolfSSL_EC_POINT_hex2point
 
 #define EC_POINT_dump                   wolfSSL_EC_POINT_dump
 #define EC_get_builtin_curves           wolfSSL_EC_get_builtin_curves
@@ -405,7 +505,15 @@ typedef WOLFSSL_EC_BUILTIN_CURVE      EC_builtin_curve;
 #define EC_curve_nid2nist               wolfSSL_EC_curve_nid2nist
 #define EC_curve_nist2nid               wolfSSL_EC_curve_nist2nid
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#define EC_KEY_OpenSSL                  wolfSSL_EC_KEY_OpenSSL
+#define EC_KEY_METHOD_new               wolfSSL_EC_KEY_METHOD_new
+#define EC_KEY_METHOD_free              wolfSSL_EC_KEY_METHOD_free
+#define EC_KEY_METHOD_set_init          wolfSSL_EC_KEY_METHOD_set_init
+#define EC_KEY_METHOD_set_sign          wolfSSL_EC_KEY_METHOD_set_sign
+#define EC_KEY_get_method               wolfSSL_EC_KEY_get_method
+#define EC_KEY_set_method               wolfSSL_EC_KEY_set_method
+
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef __cplusplus
 }  /* extern "C" */
diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h
index 609031106..92cf807ca 100644
--- a/wolfssl/openssl/ec25519.h
+++ b/wolfssl/openssl/ec25519.h
@@ -1,6 +1,6 @@
 /* ec25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ec448.h b/wolfssl/openssl/ec448.h
index 06ce1ddfc..ce2cc7c0a 100644
--- a/wolfssl/openssl/ec448.h
+++ b/wolfssl/openssl/ec448.h
@@ -1,6 +1,6 @@
 /* ec448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
index 9f816b25f..7fbc5a346 100644
--- a/wolfssl/openssl/ecdh.h
+++ b/wolfssl/openssl/ecdh.h
@@ -1,6 +1,6 @@
 /* ecdh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 385e5c06b..12d003f5c 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -1,6 +1,6 @@
 /* ecdsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,9 @@ typedef struct WOLFSSL_ECDSA_SIG      WOLFSSL_ECDSA_SIG;
 #define WOLFSSL_ECDSA_TYPE_DEFINED
 #endif
 
+#ifndef OPENSSL_COEXIST
 typedef WOLFSSL_ECDSA_SIG             ECDSA_SIG;
+#endif
 
 struct WOLFSSL_ECDSA_SIG {
     WOLFSSL_BIGNUM *r;
@@ -64,6 +66,8 @@ WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
 WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
                                       unsigned char **pp);
 
+#ifndef OPENSSL_COEXIST
+
 #define ECDSA_SIG_free         wolfSSL_ECDSA_SIG_free
 #define ECDSA_SIG_new          wolfSSL_ECDSA_SIG_new
 #define ECDSA_SIG_get0         wolfSSL_ECDSA_SIG_get0
@@ -73,6 +77,8 @@ WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
 #define d2i_ECDSA_SIG          wolfSSL_d2i_ECDSA_SIG
 #define i2d_ECDSA_SIG          wolfSSL_i2d_ECDSA_SIG
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h
index a4f2a3ac4..9d67c6ffa 100644
--- a/wolfssl/openssl/ed25519.h
+++ b/wolfssl/openssl/ed25519.h
@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ed448.h b/wolfssl/openssl/ed448.h
index 2d2b4b74e..793e66ff2 100644
--- a/wolfssl/openssl/ed448.h
+++ b/wolfssl/openssl/ed448.h
@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 178afa5f4..6723ded60 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -1,6 +1,6 @@
 /* err.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,6 +25,26 @@
 #include <wolfssl/wolfcrypt/logging.h>
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+#define wolfSSL_RSAerr(f,r)  wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define wolfSSL_SSLerr(f,r)  wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define wolfSSL_ECerr(f,r)   wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+
+#define WOLFSSL_ERR_TXT_MALLOCED                        1
+
+/* SSL function codes */
+#define WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23            0
+#define WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
+#define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
+#define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY                3
+#define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+
+/* reasons */
+#define WOLFSSL_ERR_R_SYS_LIB                           1
+#define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE             2
+
+#ifndef OPENSSL_COEXIST
+
 /* err.h for openssl */
 #define ERR_load_ERR_strings             wolfSSL_ERR_load_ERR_strings
 #define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
@@ -40,24 +60,25 @@
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       WC_KEY_SIZE_E
 #define EC_R_BUFFER_TOO_SMALL                   BUFFER_E
 
-#define ERR_TXT_MALLOCED                        1
+#define ERR_TXT_MALLOCED                         WOLFSSL_ERR_TXT_MALLOCED
 
 /* SSL function codes */
-#define RSA_F_RSA_PADDING_ADD_SSLV23            0
-#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
-#define SSL_F_SSL_USE_PRIVATEKEY                3
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+#define RSA_F_RSA_PADDING_ADD_SSLV23             WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23
+#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT           WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE       WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
+#define SSL_F_SSL_USE_PRIVATEKEY                 WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT             WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT
 
 /* reasons */
-#define ERR_R_SYS_LIB                           1
-#define PKCS12_R_MAC_VERIFY_FAILURE             2
+#define ERR_R_SYS_LIB                            WOLFSSL_ERR_R_SYS_LIB
+#define PKCS12_R_MAC_VERIFY_FAILURE              WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE
 
-#define RSAerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r)   ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define RSAerr(f,r)  wolfSSL_RSAerr(f,r)
+#define SSLerr(f,r)  wolfSSL_SSLerr(f,r)
+#define ECerr(f,r)   wolfSSL_ECerr(f,r)
+
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* WOLFSSL_OPENSSL_ERR_ */
-
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index bdeabf255..c47709c87 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -1,6 +1,6 @@
 /* evp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -221,6 +221,9 @@ typedef union {
     #ifdef WOLFSSL_SM3
         wc_Sm3               sm3;
     #endif
+    #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256)
+        wc_Shake            shake;
+    #endif
 } WOLFSSL_Hasher;
 
 
@@ -270,204 +273,413 @@ typedef union {
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-#define NID_aes_128_cbc                 419
-#define NID_aes_192_cbc                 423
-#define NID_aes_256_cbc                 427
-#define NID_aes_128_ccm                 896
-#define NID_aes_192_ccm                 899
-#define NID_aes_256_ccm                 902
-#define NID_aes_128_gcm                 895
-#define NID_aes_192_gcm                 898
-#define NID_aes_256_gcm                 901
-#define NID_aes_128_ctr                 904
-#define NID_aes_192_ctr                 905
-#define NID_aes_256_ctr                 906
-#define NID_aes_128_ecb                 418
-#define NID_aes_192_ecb                 422
-#define NID_aes_256_ecb                 426
-#define NID_des_cbc                     31
-#define NID_des_ecb                     29
-#define NID_des_ede3_cbc                44
-#define NID_des_ede3_ecb                33
-#define NID_aes_128_cfb1                650
-#define NID_aes_192_cfb1                651
-#define NID_aes_256_cfb1                652
-#define NID_aes_128_cfb8                653
-#define NID_aes_192_cfb8                654
-#define NID_aes_256_cfb8                655
-#define NID_aes_128_cfb128              421
-#define NID_aes_192_cfb128              425
-#define NID_aes_256_cfb128              429
-#define NID_aes_128_ofb                 420
-#define NID_aes_192_ofb                 424
-#define NID_aes_256_ofb                 428
-#define NID_aes_128_xts                 913
-#define NID_aes_256_xts                 914
-#define NID_camellia_128_cbc            751
-#define NID_camellia_256_cbc            753
-#define NID_chacha20_poly1305           1018
-#define NID_chacha20                    1019
-#define NID_sm4_ecb                     1133
-#define NID_sm4_cbc                     1134
-#define NID_sm4_ctr                     1139
-#define NID_sm4_gcm                     1248
-#define NID_sm4_ccm                     1249
-#define NID_md5WithRSA                  104
-#define NID_md2WithRSAEncryption        9
-#define NID_md5WithRSAEncryption        99
-#define NID_dsaWithSHA1                 113
-#define NID_dsaWithSHA1_2               70
-#define NID_sha1WithRSA                 115
-#define NID_sha1WithRSAEncryption       65
-#define NID_sha224WithRSAEncryption     671
-#define NID_sha256WithRSAEncryption     668
-#define NID_sha384WithRSAEncryption     669
-#define NID_sha512WithRSAEncryption     670
-#define NID_RSA_SHA3_224                1116
-#define NID_RSA_SHA3_256                1117
-#define NID_RSA_SHA3_384                1118
-#define NID_RSA_SHA3_512                1119
-#define NID_rsassaPss                   912
-#define NID_ecdsa_with_SHA1             416
-#define NID_ecdsa_with_SHA224           793
-#define NID_ecdsa_with_SHA256           794
-#define NID_ecdsa_with_SHA384           795
-#define NID_ecdsa_with_SHA512           796
-#define NID_ecdsa_with_SHA3_224         1112
-#define NID_ecdsa_with_SHA3_256         1113
-#define NID_ecdsa_with_SHA3_384         1114
-#define NID_ecdsa_with_SHA3_512         1115
-#define NID_dsa_with_SHA224             802
-#define NID_dsa_with_SHA256             803
-#define NID_sha3_224                    1096
-#define NID_sha3_256                    1097
-#define NID_sha3_384                    1098
-#define NID_sha3_512                    1099
-#define NID_blake2b512                  1056
-#define NID_blake2s256                  1057
-#define NID_shake128                    1100
-#define NID_shake256                    1101
-#define NID_sha1                        64
-#define NID_sha224                      675
-#define NID_sm3                         1143
-#define NID_md2                         77
-#define NID_md4                         257
-#define NID_md5                         40
-#define NID_hmac                        855
-#define NID_hmacWithSHA1                163
-#define NID_hmacWithSHA224              798
-#define NID_hmacWithSHA256              799
-#define NID_hmacWithSHA384              800
-#define NID_hmacWithSHA512              801
-#define NID_hkdf                        1036
-#define NID_cmac                        894
-#define NID_dhKeyAgreement              28
-#define NID_ffdhe2048                   1126
-#define NID_ffdhe3072                   1127
-#define NID_ffdhe4096                   1128
-#define NID_rc4                         5
-#define NID_bf_cbc                      91
-#define NID_bf_ecb                      92
-#define NID_bf_cfb64                    93
-#define NID_bf_ofb64                    94
-#define NID_cast5_cbc                   108
-#define NID_cast5_ecb                   109
-#define NID_cast5_cfb64                 110
-#define NID_cast5_ofb64                 111
+/* note, this WC_NID_undef definition duplicates the definition in
+ * wolfcrypt/asn.h, which is gated out when -DNO_ASN.
+ */
+#define WC_NID_undef                       0
+
+#define WC_NID_aes_128_cbc                 419
+#define WC_NID_aes_192_cbc                 423
+#define WC_NID_aes_256_cbc                 427
+#define WC_NID_aes_128_ccm                 896
+#define WC_NID_aes_192_ccm                 899
+#define WC_NID_aes_256_ccm                 902
+#define WC_NID_aes_128_gcm                 895
+#define WC_NID_aes_192_gcm                 898
+#define WC_NID_aes_256_gcm                 901
+#define WC_NID_aes_128_ctr                 904
+#define WC_NID_aes_192_ctr                 905
+#define WC_NID_aes_256_ctr                 906
+#define WC_NID_aes_128_ecb                 418
+#define WC_NID_aes_192_ecb                 422
+#define WC_NID_aes_256_ecb                 426
+#define WC_NID_des_cbc                     31
+#define WC_NID_des_ecb                     29
+#define WC_NID_des_ede3_cbc                44
+#define WC_NID_des_ede3_ecb                33
+#define WC_NID_aes_128_cfb1                650
+#define WC_NID_aes_192_cfb1                651
+#define WC_NID_aes_256_cfb1                652
+#define WC_NID_aes_128_cfb8                653
+#define WC_NID_aes_192_cfb8                654
+#define WC_NID_aes_256_cfb8                655
+#define WC_NID_aes_128_cfb128              421
+#define WC_NID_aes_192_cfb128              425
+#define WC_NID_aes_256_cfb128              429
+#define WC_NID_aes_128_ofb                 420
+#define WC_NID_aes_192_ofb                 424
+#define WC_NID_aes_256_ofb                 428
+#define WC_NID_aes_128_xts                 913
+#define WC_NID_aes_256_xts                 914
+#define WC_NID_camellia_128_cbc            751
+#define WC_NID_camellia_256_cbc            753
+#define WC_NID_chacha20_poly1305           1018
+#define WC_NID_chacha20                    1019
+#define WC_NID_sm4_ecb                     1133
+#define WC_NID_sm4_cbc                     1134
+#define WC_NID_sm4_ctr                     1139
+#define WC_NID_sm4_gcm                     1248
+#define WC_NID_sm4_ccm                     1249
+#define WC_NID_md5WithRSA                  104
+#define WC_NID_md2WithRSAEncryption        9
+#define WC_NID_md5WithRSAEncryption        99
+#define WC_NID_dsaWithSHA1                 113
+#define WC_NID_dsaWithSHA1_2               70
+#define WC_NID_sha1WithRSA                 115
+#define WC_NID_sha1WithRSAEncryption       65
+#define WC_NID_sha224WithRSAEncryption     671
+#define WC_NID_sha256WithRSAEncryption     668
+#define WC_NID_sha384WithRSAEncryption     669
+#define WC_NID_sha512WithRSAEncryption     670
+#define WC_NID_RSA_SHA3_224                1116
+#define WC_NID_RSA_SHA3_256                1117
+#define WC_NID_RSA_SHA3_384                1118
+#define WC_NID_RSA_SHA3_512                1119
+#define WC_NID_rsassaPss                   912
+#define WC_NID_ecdsa_with_SHA1             416
+#define WC_NID_ecdsa_with_SHA224           793
+#define WC_NID_ecdsa_with_SHA256           794
+#define WC_NID_ecdsa_with_SHA384           795
+#define WC_NID_ecdsa_with_SHA512           796
+#define WC_NID_ecdsa_with_SHA3_224         1112
+#define WC_NID_ecdsa_with_SHA3_256         1113
+#define WC_NID_ecdsa_with_SHA3_384         1114
+#define WC_NID_ecdsa_with_SHA3_512         1115
+#define WC_NID_dsa_with_SHA224             802
+#define WC_NID_dsa_with_SHA256             803
+#define WC_NID_sha3_224                    1096
+#define WC_NID_sha3_256                    1097
+#define WC_NID_sha3_384                    1098
+#define WC_NID_sha3_512                    1099
+#define WC_NID_blake2b512                  1056
+#define WC_NID_blake2s256                  1057
+#define WC_NID_shake128                    1100
+#define WC_NID_shake256                    1101
+#define WC_NID_sha1                        64
+#define WC_NID_sha224                      675
+#define WC_NID_sm3                         1143
+#define WC_NID_md2                         77
+#define WC_NID_md4                         257
+#define WC_NID_md5                         40
+#define WC_NID_hmac                        855
+#define WC_NID_hmacWithSHA1                163
+#define WC_NID_hmacWithSHA224              798
+#define WC_NID_hmacWithSHA256              799
+#define WC_NID_hmacWithSHA384              800
+#define WC_NID_hmacWithSHA512              801
+#define WC_NID_hkdf                        1036
+#define WC_NID_cmac                        894
+#define WC_NID_dhKeyAgreement              28
+#define WC_NID_ffdhe2048                   1126
+#define WC_NID_ffdhe3072                   1127
+#define WC_NID_ffdhe4096                   1128
+#define WC_NID_rc4                         5
+#define WC_NID_bf_cbc                      91
+#define WC_NID_bf_ecb                      92
+#define WC_NID_bf_cfb64                    93
+#define WC_NID_bf_ofb64                    94
+#define WC_NID_cast5_cbc                   108
+#define WC_NID_cast5_ecb                   109
+#define WC_NID_cast5_cfb64                 110
+#define WC_NID_cast5_ofb64                 111
 /* key exchange */
-#define NID_kx_rsa                      1037
-#define NID_kx_ecdhe                    1038
-#define NID_kx_dhe                      1039
-#define NID_kx_ecdhe_psk                1040
-#define NID_kx_dhe_psk                  1041
-#define NID_kx_rsa_psk                  1042
-#define NID_kx_psk                      1043
-#define NID_kx_srp                      1044
-#define NID_kx_gost                     1045
-#define NID_kx_any                      1063
+#define WC_NID_kx_rsa                      1037
+#define WC_NID_kx_ecdhe                    1038
+#define WC_NID_kx_dhe                      1039
+#define WC_NID_kx_ecdhe_psk                1040
+#define WC_NID_kx_dhe_psk                  1041
+#define WC_NID_kx_rsa_psk                  1042
+#define WC_NID_kx_psk                      1043
+#define WC_NID_kx_srp                      1044
+#define WC_NID_kx_gost                     1045
+#define WC_NID_kx_any                      1063
 /* server authentication */
-#define NID_auth_rsa                    1046
-#define NID_auth_ecdsa                  1047
-#define NID_auth_psk                    1048
-#define NID_auth_dss                    1049
-#define NID_auth_srp                    1052
-#define NID_auth_null                   1054
-#define NID_auth_any                    1055
+#define WC_NID_auth_rsa                    1046
+#define WC_NID_auth_ecdsa                  1047
+#define WC_NID_auth_psk                    1048
+#define WC_NID_auth_dss                    1049
+#define WC_NID_auth_srp                    1052
+#define WC_NID_auth_null                   1054
+#define WC_NID_auth_any                    1055
 /* Curve */
-#define NID_aria_128_gcm                1123
-#define NID_aria_192_gcm                1124
-#define NID_aria_256_gcm                1125
-#define NID_sm2                         1172
+#define WC_NID_aria_128_gcm                1123
+#define WC_NID_aria_192_gcm                1124
+#define WC_NID_aria_256_gcm                1125
+#define WC_NID_sm2                         1172
 
-#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
-#define NID_rsaEncryption        EVP_PKEY_RSA
-#define NID_dsa                  EVP_PKEY_DSA
-
-#define EVP_PKEY_OP_SIGN    (1 << 3)
-#define EVP_PKEY_OP_VERIFY  (1 << 5)
-#define EVP_PKEY_OP_ENCRYPT (1 << 6)
-#define EVP_PKEY_OP_DECRYPT (1 << 7)
-#define EVP_PKEY_OP_DERIVE  (1 << 8)
-
-#define EVP_PKEY_PRINT_INDENT_MAX    128
+#define WC_NID_X9_62_id_ecPublicKey WC_EVP_PKEY_EC
+#define WC_NID_rsaEncryption        WC_EVP_PKEY_RSA
+#define WC_NID_rsa                  WC_EVP_PKEY_RSA
+#define WC_NID_dsa                  WC_EVP_PKEY_DSA
 
 enum {
-    AES_128_CBC_TYPE       = 1,
-    AES_192_CBC_TYPE       = 2,
-    AES_256_CBC_TYPE       = 3,
-    AES_128_CTR_TYPE       = 4,
-    AES_192_CTR_TYPE       = 5,
-    AES_256_CTR_TYPE       = 6,
-    AES_128_ECB_TYPE       = 7,
-    AES_192_ECB_TYPE       = 8,
-    AES_256_ECB_TYPE       = 9,
-    DES_CBC_TYPE           = 10,
-    DES_ECB_TYPE           = 11,
-    DES_EDE3_CBC_TYPE      = 12,
-    DES_EDE3_ECB_TYPE      = 13,
-    ARC4_TYPE              = 14,
-    NULL_CIPHER_TYPE       = 15,
-    EVP_PKEY_RSA           = 16,
-    EVP_PKEY_DSA           = 17,
-    EVP_PKEY_EC            = 18,
-    AES_128_GCM_TYPE       = 21,
-    AES_192_GCM_TYPE       = 22,
-    AES_256_GCM_TYPE       = 23,
-    EVP_PKEY_DH            = NID_dhKeyAgreement,
-    EVP_PKEY_HMAC          = NID_hmac,
-    EVP_PKEY_CMAC          = NID_cmac,
-    EVP_PKEY_HKDF          = NID_hkdf,
-    EVP_PKEY_FALCON        = 300, /* Randomly picked value. */
-    EVP_PKEY_DILITHIUM     = 301, /* Randomly picked value. */
-    AES_128_CFB1_TYPE      = 24,
-    AES_192_CFB1_TYPE      = 25,
-    AES_256_CFB1_TYPE      = 26,
-    AES_128_CFB8_TYPE      = 27,
-    AES_192_CFB8_TYPE      = 28,
-    AES_256_CFB8_TYPE      = 29,
-    AES_128_CFB128_TYPE    = 30,
-    AES_192_CFB128_TYPE    = 31,
-    AES_256_CFB128_TYPE    = 32,
-    AES_128_OFB_TYPE       = 33,
-    AES_192_OFB_TYPE       = 34,
-    AES_256_OFB_TYPE       = 35,
-    AES_128_XTS_TYPE       = 36,
-    AES_256_XTS_TYPE       = 37,
-    CHACHA20_POLY1305_TYPE = 38,
-    CHACHA20_TYPE          = 39,
-    AES_128_CCM_TYPE       = 40,
-    AES_192_CCM_TYPE       = 41,
-    AES_256_CCM_TYPE       = 42,
-    SM4_ECB_TYPE           = 43,
-    SM4_CBC_TYPE           = 44,
-    SM4_CTR_TYPE           = 45,
-    SM4_GCM_TYPE           = 46,
-    SM4_CCM_TYPE           = 47,
-    ARIA_128_GCM_TYPE      = 48,
-    ARIA_192_GCM_TYPE      = 49,
-    ARIA_256_GCM_TYPE      = 50
+    WC_EVP_PKEY_NONE          = WC_NID_undef,
+    WC_AES_128_CBC_TYPE       = 1,
+    WC_AES_192_CBC_TYPE       = 2,
+    WC_AES_256_CBC_TYPE       = 3,
+    WC_AES_128_CTR_TYPE       = 4,
+    WC_AES_192_CTR_TYPE       = 5,
+    WC_AES_256_CTR_TYPE       = 6,
+    WC_AES_128_ECB_TYPE       = 7,
+    WC_AES_192_ECB_TYPE       = 8,
+    WC_AES_256_ECB_TYPE       = 9,
+    WC_DES_CBC_TYPE           = 10,
+    WC_DES_ECB_TYPE           = 11,
+    WC_DES_EDE3_CBC_TYPE      = 12,
+    WC_DES_EDE3_ECB_TYPE      = 13,
+    WC_ARC4_TYPE              = 14,
+    WC_NULL_CIPHER_TYPE       = 15,
+    WC_EVP_PKEY_RSA           = 16,
+    WC_EVP_PKEY_DSA           = 17,
+    WC_EVP_PKEY_EC            = 18,
+    WC_AES_128_GCM_TYPE       = 21,
+    WC_AES_192_GCM_TYPE       = 22,
+    WC_AES_256_GCM_TYPE       = 23,
+    WC_EVP_PKEY_DH            = WC_NID_dhKeyAgreement,
+    WC_EVP_PKEY_HMAC          = WC_NID_hmac,
+    WC_EVP_PKEY_CMAC          = WC_NID_cmac,
+    WC_EVP_PKEY_HKDF          = WC_NID_hkdf,
+    WC_EVP_PKEY_FALCON        = 300, /* Randomly picked value. */
+    WC_EVP_PKEY_DILITHIUM     = 301, /* Randomly picked value. */
+    WC_AES_128_CFB1_TYPE      = 24,
+    WC_AES_192_CFB1_TYPE      = 25,
+    WC_AES_256_CFB1_TYPE      = 26,
+    WC_AES_128_CFB8_TYPE      = 27,
+    WC_AES_192_CFB8_TYPE      = 28,
+    WC_AES_256_CFB8_TYPE      = 29,
+    WC_AES_128_CFB128_TYPE    = 30,
+    WC_AES_192_CFB128_TYPE    = 31,
+    WC_AES_256_CFB128_TYPE    = 32,
+    WC_AES_128_OFB_TYPE       = 33,
+    WC_AES_192_OFB_TYPE       = 34,
+    WC_AES_256_OFB_TYPE       = 35,
+    WC_AES_128_XTS_TYPE       = 36,
+    WC_AES_256_XTS_TYPE       = 37,
+    WC_CHACHA20_POLY1305_TYPE = 38,
+    WC_CHACHA20_TYPE          = 39,
+    WC_AES_128_CCM_TYPE       = 40,
+    WC_AES_192_CCM_TYPE       = 41,
+    WC_AES_256_CCM_TYPE       = 42,
+    WC_SM4_ECB_TYPE           = 43,
+    WC_SM4_CBC_TYPE           = 44,
+    WC_SM4_CTR_TYPE           = 45,
+    WC_SM4_GCM_TYPE           = 46,
+    WC_SM4_CCM_TYPE           = 47,
+    WC_ARIA_128_GCM_TYPE      = 48,
+    WC_ARIA_192_GCM_TYPE      = 49,
+    WC_ARIA_256_GCM_TYPE      = 50
 };
 
+#define WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX    128
+
+#define WC_EVP_PKEY_OP_SIGN    (1 << 3)
+#define WC_EVP_PKEY_OP_VERIFY  (1 << 5)
+#define WC_EVP_PKEY_OP_ENCRYPT (1 << 6)
+#define WC_EVP_PKEY_OP_DECRYPT (1 << 7)
+#define WC_EVP_PKEY_OP_DERIVE  (1 << 8)
+
+#ifndef OPENSSL_COEXIST
+
+#define EVP_PKEY_NONE WC_EVP_PKEY_NONE
+#define AES_128_CBC_TYPE WC_AES_128_CBC_TYPE
+#define AES_192_CBC_TYPE WC_AES_192_CBC_TYPE
+#define AES_256_CBC_TYPE WC_AES_256_CBC_TYPE
+#define AES_128_CTR_TYPE WC_AES_128_CTR_TYPE
+#define AES_192_CTR_TYPE WC_AES_192_CTR_TYPE
+#define AES_256_CTR_TYPE WC_AES_256_CTR_TYPE
+#define AES_128_ECB_TYPE WC_AES_128_ECB_TYPE
+#define AES_192_ECB_TYPE WC_AES_192_ECB_TYPE
+#define AES_256_ECB_TYPE WC_AES_256_ECB_TYPE
+#define DES_CBC_TYPE WC_DES_CBC_TYPE
+#define DES_ECB_TYPE WC_DES_ECB_TYPE
+#define DES_EDE3_CBC_TYPE WC_DES_EDE3_CBC_TYPE
+#define DES_EDE3_ECB_TYPE WC_DES_EDE3_ECB_TYPE
+#define ARC4_TYPE WC_ARC4_TYPE
+#define NULL_CIPHER_TYPE WC_NULL_CIPHER_TYPE
+#define EVP_PKEY_RSA WC_EVP_PKEY_RSA
+#define EVP_PKEY_DSA WC_EVP_PKEY_DSA
+#define EVP_PKEY_EC WC_EVP_PKEY_EC
+#define AES_128_GCM_TYPE WC_AES_128_GCM_TYPE
+#define AES_192_GCM_TYPE WC_AES_192_GCM_TYPE
+#define AES_256_GCM_TYPE WC_AES_256_GCM_TYPE
+#define EVP_PKEY_DH WC_EVP_PKEY_DH
+#define EVP_PKEY_HMAC WC_EVP_PKEY_HMAC
+#define EVP_PKEY_CMAC WC_EVP_PKEY_CMAC
+#define EVP_PKEY_HKDF WC_EVP_PKEY_HKDF
+#define EVP_PKEY_FALCON WC_EVP_PKEY_FALCON
+#define EVP_PKEY_DILITHIUM WC_EVP_PKEY_DILITHIUM
+#define AES_128_CFB1_TYPE WC_AES_128_CFB1_TYPE
+#define AES_192_CFB1_TYPE WC_AES_192_CFB1_TYPE
+#define AES_256_CFB1_TYPE WC_AES_256_CFB1_TYPE
+#define AES_128_CFB8_TYPE WC_AES_128_CFB8_TYPE
+#define AES_192_CFB8_TYPE WC_AES_192_CFB8_TYPE
+#define AES_256_CFB8_TYPE WC_AES_256_CFB8_TYPE
+#define AES_128_CFB128_TYPE WC_AES_128_CFB128_TYPE
+#define AES_192_CFB128_TYPE WC_AES_192_CFB128_TYPE
+#define AES_256_CFB128_TYPE WC_AES_256_CFB128_TYPE
+#define AES_128_OFB_TYPE WC_AES_128_OFB_TYPE
+#define AES_192_OFB_TYPE WC_AES_192_OFB_TYPE
+#define AES_256_OFB_TYPE WC_AES_256_OFB_TYPE
+#define AES_128_XTS_TYPE WC_AES_128_XTS_TYPE
+#define AES_256_XTS_TYPE WC_AES_256_XTS_TYPE
+#define CHACHA20_POLY1305_TYPE WC_CHACHA20_POLY1305_TYPE
+#define CHACHA20_TYPE WC_CHACHA20_TYPE
+#define AES_128_CCM_TYPE WC_AES_128_CCM_TYPE
+#define AES_192_CCM_TYPE WC_AES_192_CCM_TYPE
+#define AES_256_CCM_TYPE WC_AES_256_CCM_TYPE
+#define SM4_ECB_TYPE WC_SM4_ECB_TYPE
+#define SM4_CBC_TYPE WC_SM4_CBC_TYPE
+#define SM4_CTR_TYPE WC_SM4_CTR_TYPE
+#define SM4_GCM_TYPE WC_SM4_GCM_TYPE
+#define SM4_CCM_TYPE WC_SM4_CCM_TYPE
+#define ARIA_128_GCM_TYPE WC_ARIA_128_GCM_TYPE
+#define ARIA_192_GCM_TYPE WC_ARIA_192_GCM_TYPE
+#define ARIA_256_GCM_TYPE WC_ARIA_256_GCM_TYPE
+
+#define NID_aes_128_cbc WC_NID_aes_128_cbc
+#define NID_aes_192_cbc WC_NID_aes_192_cbc
+#define NID_aes_256_cbc WC_NID_aes_256_cbc
+#define NID_aes_128_ccm WC_NID_aes_128_ccm
+#define NID_aes_192_ccm WC_NID_aes_192_ccm
+#define NID_aes_256_ccm WC_NID_aes_256_ccm
+#define NID_aes_128_gcm WC_NID_aes_128_gcm
+#define NID_aes_192_gcm WC_NID_aes_192_gcm
+#define NID_aes_256_gcm WC_NID_aes_256_gcm
+#define NID_aes_128_ctr WC_NID_aes_128_ctr
+#define NID_aes_192_ctr WC_NID_aes_192_ctr
+#define NID_aes_256_ctr WC_NID_aes_256_ctr
+#define NID_aes_128_ecb WC_NID_aes_128_ecb
+#define NID_aes_192_ecb WC_NID_aes_192_ecb
+#define NID_aes_256_ecb WC_NID_aes_256_ecb
+#define NID_des_cbc WC_NID_des_cbc
+#define NID_des_ecb WC_NID_des_ecb
+#define NID_des_ede3_cbc WC_NID_des_ede3_cbc
+#define NID_des_ede3_ecb WC_NID_des_ede3_ecb
+#define NID_aes_128_cfb1 WC_NID_aes_128_cfb1
+#define NID_aes_192_cfb1 WC_NID_aes_192_cfb1
+#define NID_aes_256_cfb1 WC_NID_aes_256_cfb1
+#define NID_aes_128_cfb8 WC_NID_aes_128_cfb8
+#define NID_aes_192_cfb8 WC_NID_aes_192_cfb8
+#define NID_aes_256_cfb8 WC_NID_aes_256_cfb8
+#define NID_aes_128_cfb128 WC_NID_aes_128_cfb128
+#define NID_aes_192_cfb128 WC_NID_aes_192_cfb128
+#define NID_aes_256_cfb128 WC_NID_aes_256_cfb128
+#define NID_aes_128_ofb WC_NID_aes_128_ofb
+#define NID_aes_192_ofb WC_NID_aes_192_ofb
+#define NID_aes_256_ofb WC_NID_aes_256_ofb
+#define NID_aes_128_xts WC_NID_aes_128_xts
+#define NID_aes_256_xts WC_NID_aes_256_xts
+#define NID_camellia_128_cbc WC_NID_camellia_128_cbc
+#define NID_camellia_256_cbc WC_NID_camellia_256_cbc
+#define NID_chacha20_poly1305 WC_NID_chacha20_poly1305
+#define NID_chacha20 WC_NID_chacha20
+#define NID_sm4_ecb WC_NID_sm4_ecb
+#define NID_sm4_cbc WC_NID_sm4_cbc
+#define NID_sm4_ctr WC_NID_sm4_ctr
+#define NID_sm4_gcm WC_NID_sm4_gcm
+#define NID_sm4_ccm WC_NID_sm4_ccm
+#define NID_md5WithRSA WC_NID_md5WithRSA
+#define NID_md2WithRSAEncryption WC_NID_md2WithRSAEncryption
+#define NID_md5WithRSAEncryption WC_NID_md5WithRSAEncryption
+#define NID_dsaWithSHA1 WC_NID_dsaWithSHA1
+#define NID_dsaWithSHA1_2 WC_NID_dsaWithSHA1_2
+#define NID_sha1WithRSA WC_NID_sha1WithRSA
+#define NID_sha1WithRSAEncryption WC_NID_sha1WithRSAEncryption
+#define NID_sha224WithRSAEncryption WC_NID_sha224WithRSAEncryption
+#define NID_sha256WithRSAEncryption WC_NID_sha256WithRSAEncryption
+#define NID_sha384WithRSAEncryption WC_NID_sha384WithRSAEncryption
+#define NID_sha512WithRSAEncryption WC_NID_sha512WithRSAEncryption
+#define NID_RSA_SHA3_224 WC_NID_RSA_SHA3_224
+#define NID_RSA_SHA3_256 WC_NID_RSA_SHA3_256
+#define NID_RSA_SHA3_384 WC_NID_RSA_SHA3_384
+#define NID_RSA_SHA3_512 WC_NID_RSA_SHA3_512
+#define NID_rsassaPss WC_NID_rsassaPss
+#define NID_ecdsa_with_SHA1 WC_NID_ecdsa_with_SHA1
+#define NID_ecdsa_with_SHA224 WC_NID_ecdsa_with_SHA224
+#define NID_ecdsa_with_SHA256 WC_NID_ecdsa_with_SHA256
+#define NID_ecdsa_with_SHA384 WC_NID_ecdsa_with_SHA384
+#define NID_ecdsa_with_SHA512 WC_NID_ecdsa_with_SHA512
+#define NID_ecdsa_with_SHA3_224 WC_NID_ecdsa_with_SHA3_224
+#define NID_ecdsa_with_SHA3_256 WC_NID_ecdsa_with_SHA3_256
+#define NID_ecdsa_with_SHA3_384 WC_NID_ecdsa_with_SHA3_384
+#define NID_ecdsa_with_SHA3_512 WC_NID_ecdsa_with_SHA3_512
+#define NID_dsa_with_SHA224 WC_NID_dsa_with_SHA224
+#define NID_dsa_with_SHA256 WC_NID_dsa_with_SHA256
+#define NID_sha3_224 WC_NID_sha3_224
+#define NID_sha3_256 WC_NID_sha3_256
+#define NID_sha3_384 WC_NID_sha3_384
+#define NID_sha3_512 WC_NID_sha3_512
+#define NID_blake2b512 WC_NID_blake2b512
+#define NID_blake2s256 WC_NID_blake2s256
+#define NID_shake128 WC_NID_shake128
+#define NID_shake256 WC_NID_shake256
+#define NID_sha1 WC_NID_sha1
+#define NID_sha224 WC_NID_sha224
+#define NID_sm3 WC_NID_sm3
+#define NID_md2 WC_NID_md2
+#define NID_md4 WC_NID_md4
+#define NID_md5 WC_NID_md5
+#define NID_hmac WC_NID_hmac
+#define NID_hmacWithSHA1 WC_NID_hmacWithSHA1
+#define NID_hmacWithSHA224 WC_NID_hmacWithSHA224
+#define NID_hmacWithSHA256 WC_NID_hmacWithSHA256
+#define NID_hmacWithSHA384 WC_NID_hmacWithSHA384
+#define NID_hmacWithSHA512 WC_NID_hmacWithSHA512
+#define NID_hkdf WC_NID_hkdf
+#define NID_cmac WC_NID_cmac
+#define NID_dhKeyAgreement WC_NID_dhKeyAgreement
+#define NID_ffdhe2048 WC_NID_ffdhe2048
+#define NID_ffdhe3072 WC_NID_ffdhe3072
+#define NID_ffdhe4096 WC_NID_ffdhe4096
+#define NID_rc4 WC_NID_rc4
+#define NID_bf_cbc WC_NID_bf_cbc
+#define NID_bf_ecb WC_NID_bf_ecb
+#define NID_bf_cfb64 WC_NID_bf_cfb64
+#define NID_bf_ofb64 WC_NID_bf_ofb64
+#define NID_cast5_cbc WC_NID_cast5_cbc
+#define NID_cast5_ecb WC_NID_cast5_ecb
+#define NID_cast5_cfb64 WC_NID_cast5_cfb64
+#define NID_cast5_ofb64 WC_NID_cast5_ofb64
+/* key exchange */
+#define NID_kx_rsa WC_NID_kx_rsa
+#define NID_kx_ecdhe WC_NID_kx_ecdhe
+#define NID_kx_dhe WC_NID_kx_dhe
+#define NID_kx_ecdhe_psk WC_NID_kx_ecdhe_psk
+#define NID_kx_dhe_psk WC_NID_kx_dhe_psk
+#define NID_kx_rsa_psk WC_NID_kx_rsa_psk
+#define NID_kx_psk WC_NID_kx_psk
+#define NID_kx_srp WC_NID_kx_srp
+#define NID_kx_gost WC_NID_kx_gost
+#define NID_kx_any WC_NID_kx_any
+/* server authentication */
+#define NID_auth_rsa WC_NID_auth_rsa
+#define NID_auth_ecdsa WC_NID_auth_ecdsa
+#define NID_auth_psk WC_NID_auth_psk
+#define NID_auth_dss WC_NID_auth_dss
+#define NID_auth_srp WC_NID_auth_srp
+#define NID_auth_null WC_NID_auth_null
+#define NID_auth_any WC_NID_auth_any
+/* Curve */
+#define NID_aria_128_gcm WC_NID_aria_128_gcm
+#define NID_aria_192_gcm WC_NID_aria_192_gcm
+#define NID_aria_256_gcm WC_NID_aria_256_gcm
+#define NID_sm2 WC_NID_sm2
+
+#define NID_X9_62_id_ecPublicKey WC_NID_X9_62_id_ecPublicKey
+#define NID_rsaEncryption WC_NID_rsaEncryption
+#define NID_rsa WC_NID_rsa
+#define NID_dsa WC_NID_dsa
+
+#define EVP_PKEY_OP_SIGN     WC_EVP_PKEY_OP_SIGN
+#define EVP_PKEY_OP_VERIFY   WC_EVP_PKEY_OP_VERIFY
+#define EVP_PKEY_OP_ENCRYPT  WC_EVP_PKEY_OP_ENCRYPT
+#define EVP_PKEY_OP_DECRYPT  WC_EVP_PKEY_OP_DECRYPT
+#define EVP_PKEY_OP_DERIVE   WC_EVP_PKEY_OP_DERIVE
+
+#define EVP_PKEY_PRINT_INDENT_MAX WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 
@@ -480,7 +692,7 @@ struct WOLFSSL_EVP_CIPHER_CTX {
     unsigned char  cipherType;
 #if !defined(NO_AES)
     /* working iv pointer into cipher */
-    ALIGN16 unsigned char  iv[AES_BLOCK_SIZE];
+    ALIGN16 unsigned char  iv[WC_AES_BLOCK_SIZE];
 #elif defined(WOLFSSL_SM4)
     ALIGN16 unsigned char  iv[SM4_BLOCK_SIZE];
 #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
@@ -513,7 +725,7 @@ struct WOLFSSL_EVP_CIPHER_CTX {
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
     (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
-    ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
+    ALIGN16 unsigned char authTag[WC_AES_BLOCK_SIZE];
 #elif defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
     ALIGN16 unsigned char authTag[SM4_BLOCK_SIZE];
 #else
@@ -523,8 +735,8 @@ struct WOLFSSL_EVP_CIPHER_CTX {
 #endif
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-    byte    authIvGenEnable:1;
-    byte    authIncIv:1;
+    WC_BITFIELD authIvGenEnable:1;
+    WC_BITFIELD authIncIv:1;
 #endif
 #endif
 };
@@ -589,6 +801,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void);
 WOLFSSL_API void wolfSSL_EVP_init(void);
 WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type);
 WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type);
+WOLFSSL_API unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md);
 WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type);
 WOLFSSL_API int  wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type);
 
@@ -614,6 +827,8 @@ WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char*
                                       unsigned int* s);
 WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                             unsigned char* md, unsigned int* s);
+WOLFSSL_API int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX* ctx,
+                                            unsigned char* md, size_t sz);
 WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
                                              const void *d, unsigned int cnt);
 WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
@@ -721,6 +936,8 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
 WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
   WOLFSSL_EVP_PKEY **ppkey);
 WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey,
+                                      const char *name);
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 WOLFSSL_API void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
 #else
@@ -915,6 +1132,30 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                      const WOLFSSL_EVP_MD* type,
                                      WOLFSSL_ENGINE *impl);
 
+#define WOLFSSL_EVP_CTRL_INIT                  0x0
+#define WOLFSSL_EVP_CTRL_SET_KEY_LENGTH        0x1
+#define WOLFSSL_EVP_CTRL_SET_RC2_KEY_BITS      0x3  /* needed for qt compilation */
+
+#define WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN        0x9
+#define WOLFSSL_EVP_CTRL_AEAD_GET_TAG          0x10
+#define WOLFSSL_EVP_CTRL_AEAD_SET_TAG          0x11
+#define WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED     0x12
+#define WOLFSSL_EVP_CTRL_GCM_IV_GEN            0x13
+#define WOLFSSL_EVP_CTRL_GCM_SET_IVLEN         WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define WOLFSSL_EVP_CTRL_GCM_GET_TAG           WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define WOLFSSL_EVP_CTRL_GCM_SET_TAG           WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED      WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED
+#define WOLFSSL_EVP_CTRL_CCM_SET_IVLEN         WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define WOLFSSL_EVP_CTRL_CCM_GET_TAG           WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define WOLFSSL_EVP_CTRL_CCM_SET_TAG           WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define WOLFSSL_EVP_CTRL_CCM_SET_L             0x14
+#define WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN        0x15
+#define WOLFSSL_EVP_MD_FLAG_XOF 0x2
+
+#define WOLFSSL_NO_PADDING_BLOCK_SIZE      1
+
+#ifndef OPENSSL_COEXIST
+
 #define EVP_CIPH_STREAM_CIPHER    WOLFSSL_EVP_CIPH_STREAM_CIPHER
 #define EVP_CIPH_VARIABLE_LENGTH  WOLFSSL_EVP_CIPH_VARIABLE_LENGTH
 #define EVP_CIPH_ECB_MODE         WOLFSSL_EVP_CIPH_ECB_MODE
@@ -1019,15 +1260,18 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_MD_block_size       wolfSSL_EVP_MD_block_size
 #define EVP_MD_type             wolfSSL_EVP_MD_type
 #ifndef NO_WOLFSSL_STUB
-#define EVP_MD_CTX_set_flags(...) WC_DO_NOTHING
+#define EVP_MD_CTX_set_flags(ctx, flags) WC_DO_NOTHING
 #endif
 
+#define EVP_MD_FLAG_XOF WOLFSSL_EVP_MD_FLAG_XOF
+
 #define EVP_Digest             wolfSSL_EVP_Digest
 #define EVP_DigestInit         wolfSSL_EVP_DigestInit
 #define EVP_DigestInit_ex      wolfSSL_EVP_DigestInit_ex
 #define EVP_DigestUpdate       wolfSSL_EVP_DigestUpdate
 #define EVP_DigestFinal        wolfSSL_EVP_DigestFinal
 #define EVP_DigestFinal_ex     wolfSSL_EVP_DigestFinal_ex
+#define EVP_DigestFinalXOF     wolfSSL_EVP_DigestFinalXOF
 #define EVP_DigestSignInit     wolfSSL_EVP_DigestSignInit
 #define EVP_DigestSignUpdate   wolfSSL_EVP_DigestSignUpdate
 #define EVP_DigestSignFinal    wolfSSL_EVP_DigestSignFinal
@@ -1077,6 +1321,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_get_cipherbynid           wolfSSL_EVP_get_cipherbynid
 #define EVP_get_digestbynid           wolfSSL_EVP_get_digestbynid
 #define EVP_MD_nid                    wolfSSL_EVP_MD_type
+#define EVP_MD_flags                  wolfSSL_EVP_MD_flags
 
 #define EVP_PKEY_assign                wolfSSL_EVP_PKEY_assign
 #define EVP_PKEY_assign_RSA            wolfSSL_EVP_PKEY_assign_RSA
@@ -1110,6 +1355,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_PKEY_keygen                wolfSSL_EVP_PKEY_keygen
 #define EVP_PKEY_keygen_init           wolfSSL_EVP_PKEY_keygen_init
 #define EVP_PKEY_bits                  wolfSSL_EVP_PKEY_bits
+#define EVP_PKEY_is_a                  wolfSSL_EVP_PKEY_is_a
 #define EVP_PKEY_CTX_free              wolfSSL_EVP_PKEY_CTX_free
 #define EVP_PKEY_CTX_new               wolfSSL_EVP_PKEY_CTX_new
 #define EVP_PKEY_CTX_set_rsa_padding   wolfSSL_EVP_PKEY_CTX_set_rsa_padding
@@ -1175,7 +1421,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf
 #define OPENSSL_add_all_algorithms_conf   OpenSSL_add_all_algorithms_conf
 
-#define NO_PADDING_BLOCK_SIZE      1
+#define NO_PADDING_BLOCK_SIZE      WOLFSSL_NO_PADDING_BLOCK_SIZE
 
 #define PKCS5_PBKDF2_HMAC_SHA1     wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
 #define PKCS5_PBKDF2_HMAC          wolfSSL_PKCS5_PBKDF2_HMAC
@@ -1186,20 +1432,20 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_CTRL_SET_KEY_LENGTH        0x1
 #define EVP_CTRL_SET_RC2_KEY_BITS      0x3  /* needed for qt compilation */
 
-#define EVP_CTRL_AEAD_SET_IVLEN        0x9
-#define EVP_CTRL_AEAD_GET_TAG          0x10
-#define EVP_CTRL_AEAD_SET_TAG          0x11
-#define EVP_CTRL_AEAD_SET_IV_FIXED     0x12
-#define EVP_CTRL_GCM_IV_GEN            0x13
-#define EVP_CTRL_GCM_SET_IVLEN         EVP_CTRL_AEAD_SET_IVLEN
-#define EVP_CTRL_GCM_GET_TAG           EVP_CTRL_AEAD_GET_TAG
-#define EVP_CTRL_GCM_SET_TAG           EVP_CTRL_AEAD_SET_TAG
-#define EVP_CTRL_GCM_SET_IV_FIXED      EVP_CTRL_AEAD_SET_IV_FIXED
-#define EVP_CTRL_CCM_SET_IVLEN         EVP_CTRL_AEAD_SET_IVLEN
-#define EVP_CTRL_CCM_GET_TAG           EVP_CTRL_AEAD_GET_TAG
-#define EVP_CTRL_CCM_SET_TAG           EVP_CTRL_AEAD_SET_TAG
-#define EVP_CTRL_CCM_SET_L             0x14
-#define EVP_CTRL_CCM_SET_MSGLEN        0x15
+#define EVP_CTRL_AEAD_SET_IVLEN        WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define EVP_CTRL_AEAD_GET_TAG          WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define EVP_CTRL_AEAD_SET_TAG          WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define EVP_CTRL_AEAD_SET_IV_FIXED     WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED
+#define EVP_CTRL_GCM_IV_GEN            WOLFSSL_EVP_CTRL_GCM_IV_GEN
+#define EVP_CTRL_GCM_SET_IVLEN         WOLFSSL_EVP_CTRL_GCM_SET_IVLEN
+#define EVP_CTRL_GCM_GET_TAG           WOLFSSL_EVP_CTRL_GCM_GET_TAG
+#define EVP_CTRL_GCM_SET_TAG           WOLFSSL_EVP_CTRL_GCM_SET_TAG
+#define EVP_CTRL_GCM_SET_IV_FIXED      WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED
+#define EVP_CTRL_CCM_SET_IVLEN         WOLFSSL_EVP_CTRL_CCM_SET_IVLEN
+#define EVP_CTRL_CCM_GET_TAG           WOLFSSL_EVP_CTRL_CCM_GET_TAG
+#define EVP_CTRL_CCM_SET_TAG           WOLFSSL_EVP_CTRL_CCM_SET_TAG
+#define EVP_CTRL_CCM_SET_L             WOLFSSL_EVP_CTRL_CCM_SET_L
+#define EVP_CTRL_CCM_SET_MSGLEN        WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN
 
 #define EVP_PKEY_print_public           wolfSSL_EVP_PKEY_print_public
 #define EVP_PKEY_print_private(arg1, arg2, arg3, arg4) WC_DO_NOTHING
@@ -1226,13 +1472,11 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #endif
 
 
-#define EVP_R_BAD_DECRYPT               (-MIN_CODE_E + 100 + 1)
-#define EVP_R_BN_DECODE_ERROR           (-MIN_CODE_E + 100 + 2)
-#define EVP_R_DECODE_ERROR              (-MIN_CODE_E + 100 + 3)
-#define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-MIN_CODE_E + 100 + 4)
+#define EVP_R_BAD_DECRYPT               (-WOLFSSL_EVP_R_BAD_DECRYPT_E)
+#define EVP_R_BN_DECODE_ERROR           (-WOLFSSL_EVP_R_BN_DECODE_ERROR)
+#define EVP_R_DECODE_ERROR              (-WOLFSSL_EVP_R_DECODE_ERROR)
+#define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR)
 
-#define EVP_PKEY_NONE                   NID_undef
-#define EVP_PKEY_DH                     28
 #define EVP_CIPHER_mode                 WOLFSSL_EVP_CIPHER_mode
 /* WOLFSSL_EVP_CIPHER is just the string name of the cipher */
 #define EVP_CIPHER_name(x)              x
@@ -1274,6 +1518,8 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 
 WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/fips_rand.h b/wolfssl/openssl/fips_rand.h
index 586a9574c..4142e7e20 100644
--- a/wolfssl/openssl/fips_rand.h
+++ b/wolfssl/openssl/fips_rand.h
@@ -1,6 +1,6 @@
 /* fips_rand.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h
index 427a3d652..b29d4fc2e 100644
--- a/wolfssl/openssl/hmac.h
+++ b/wolfssl/openssl/hmac.h
@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,7 @@
 
 WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md,
                                const void* key, int key_len,
-                               const unsigned char* d, int n, unsigned char* md,
+                               const unsigned char* d, size_t n, unsigned char* md,
                                unsigned int* md_len);
 
 WOLFSSL_API WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void);
@@ -67,9 +67,11 @@ WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
 WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
 WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx);
 
+#ifndef OPENSSL_COEXIST
+
 typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 
-#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
+#define HMAC wolfSSL_HMAC
 
 #define HMAC_CTX_new wolfSSL_HMAC_CTX_new
 #define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
@@ -85,6 +87,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 #define HMAC_size     wolfSSL_HMAC_size
 #define HMAC_CTX_get_md wolfSSL_HMAC_CTX_get_md
 
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am
index dee416cd5..84e0dbb1f 100644
--- a/wolfssl/openssl/include.am
+++ b/wolfssl/openssl/include.am
@@ -46,6 +46,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/pkcs7.h \
                          wolfssl/openssl/rand.h \
                          wolfssl/openssl/rsa.h \
+                         wolfssl/openssl/safestack.h \
                          wolfssl/openssl/sha.h \
                          wolfssl/openssl/sha3.h \
                          wolfssl/openssl/srp.h \
diff --git a/wolfssl/openssl/kdf.h b/wolfssl/openssl/kdf.h
index 29537df19..f36aedcec 100644
--- a/wolfssl/openssl/kdf.h
+++ b/wolfssl/openssl/kdf.h
@@ -1,6 +1,6 @@
 /* kdf.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,9 +26,17 @@
     extern "C" {
 #endif
 
-#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
-#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
-#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
+
+#ifndef OPENSSL_COEXIST
+
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
+
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/openssl/lhash.h b/wolfssl/openssl/lhash.h
index 06c62a295..6a86992e6 100644
--- a/wolfssl/openssl/lhash.h
+++ b/wolfssl/openssl/lhash.h
@@ -1,6 +1,6 @@
 /* lhash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/md4.h b/wolfssl/openssl/md4.h
index e1f8b9ee8..3d0549f18 100644
--- a/wolfssl/openssl/md4.h
+++ b/wolfssl/openssl/md4.h
@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,6 +46,7 @@ WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
                        unsigned long len);
 WOLFSSL_API void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4);
 
+#ifndef OPENSSL_COEXIST
 
 typedef WOLFSSL_MD4_CTX MD4_CTX;
 
@@ -53,6 +54,8 @@ typedef WOLFSSL_MD4_CTX MD4_CTX;
 #define MD4_Update wolfSSL_MD4_Update
 #define MD4_Final  wolfSSL_MD4_Final
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h
index 81b60002e..709c03fad 100644
--- a/wolfssl/openssl/md5.h
+++ b/wolfssl/openssl/md5.h
@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,6 +58,8 @@ WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char*
 WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char* data, size_t len,
             unsigned char* hash);
 
+#ifndef OPENSSL_COEXIST
+
 typedef WOLFSSL_MD5_CTX MD5_CTX;
 
 #define MD5_Init wolfSSL_MD5_Init
@@ -95,6 +97,8 @@ typedef WOLFSSL_MD5_CTX MD5_CTX;
     #define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
 #endif
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/modes.h b/wolfssl/openssl/modes.h
index 3288f50fa..50342bdd2 100644
--- a/wolfssl/openssl/modes.h
+++ b/wolfssl/openssl/modes.h
@@ -1,6 +1,6 @@
 /* modes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h
index f3fcd859c..33041580f 100644
--- a/wolfssl/openssl/obj_mac.h
+++ b/wolfssl/openssl/obj_mac.h
@@ -1,6 +1,6 @@
 /* obj_mac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,20 +27,60 @@
     extern "C" {
 #endif
 
-#define NID_sect163k1 721
-#define NID_sect163r1 722
-#define NID_sect163r2 723
-#define NID_sect193r1 724
-#define NID_sect193r2 725
-#define NID_sect233k1 726
-#define NID_sect233r1 727
-#define NID_sect239k1 728
-#define NID_sect283k1 729
-#define NID_sect283r1 730
-#define NID_sect409k1 731
-#define NID_sect409r1 732
-#define NID_sect571k1 733
-#define NID_sect571r1 734
+#define WC_NID_sect163k1 721
+#define WC_NID_sect163r1 722
+#define WC_NID_sect163r2 723
+#define WC_NID_sect193r1 724
+#define WC_NID_sect193r2 725
+#define WC_NID_sect233k1 726
+#define WC_NID_sect233r1 727
+#define WC_NID_sect239k1 728
+#define WC_NID_sect283k1 729
+#define WC_NID_sect283r1 730
+#define WC_NID_sect409k1 731
+#define WC_NID_sect409r1 732
+#define WC_NID_sect571k1 733
+#define WC_NID_sect571r1 734
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_sect163k1 WC_NID_sect163k1
+#define NID_sect163r1 WC_NID_sect163r1
+#define NID_sect163r2 WC_NID_sect163r2
+#define NID_sect193r1 WC_NID_sect193r1
+#define NID_sect193r2 WC_NID_sect193r2
+#define NID_sect233k1 WC_NID_sect233k1
+#define NID_sect233r1 WC_NID_sect233r1
+#define NID_sect239k1 WC_NID_sect239k1
+#define NID_sect283k1 WC_NID_sect283k1
+#define NID_sect283r1 WC_NID_sect283r1
+#define NID_sect409k1 WC_NID_sect409k1
+#define NID_sect409r1 WC_NID_sect409r1
+#define NID_sect571k1 WC_NID_sect571k1
+#define NID_sect571r1 WC_NID_sect571r1
+
+/* mapping of short names */
+#define SN_md4        WC_SN_md4
+#define SN_md5        WC_SN_md5
+#define SN_sha1       WC_SN_sha1
+#define SN_sha224     WC_SN_sha224
+#define SN_sha256     WC_SN_sha256
+#define SN_sha384     WC_SN_sha384
+#define SN_sha512     WC_SN_sha512
+#define SN_sha512_224 WC_SN_sha512_224
+#define SN_sha512_256 WC_SN_sha512_256
+#define SN_sha3_224   WC_SN_sha3_224
+#define SN_sha3_256   WC_SN_sha3_256
+#define SN_sha3_384   WC_SN_sha3_384
+#define SN_sha3_512   WC_SN_sha3_512
+#define SN_shake128   WC_SN_shake128
+#define SN_shake256   WC_SN_shake256
+#define SN_blake2s256 WC_SN_blake2s256
+#define SN_blake2s512 WC_SN_blake2s512
+#define SN_blake2b512 WC_SN_blake2b512
+#define SN_sm3        WC_SN_sm3
+
+#endif /* !OPENSSL_COEXIST */
 
 /* the definition is for Qt Unit test */
 #define SN_jurisdictionCountryName "jurisdictionC"
diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h
index 5f8d8f7c0..3325c83b9 100644
--- a/wolfssl/openssl/objects.h
+++ b/wolfssl/openssl/objects.h
@@ -1,6 +1,6 @@
 /* objects.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,12 +29,19 @@
 #include <wolfssl/ssl.h>
 #endif /* OPENSSL_EXTRA_SSL_GUARD */
 
+#include <wolfssl/openssl/obj_mac.h>
+
 #ifdef __cplusplus
     extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#define WC_NID_ad_OCSP                     178
+#define WC_NID_ad_ca_issuers               179
+
+#ifndef OPENSSL_COEXIST
+
 #define OBJ_NAME_TYPE_UNDEF     WOLFSSL_OBJ_NAME_TYPE_UNDEF
 #define OBJ_NAME_TYPE_MD_METH   WOLFSSL_OBJ_NAME_TYPE_MD_METH
 #define OBJ_NAME_TYPE_CIPHER_METH   WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH
@@ -64,9 +71,10 @@
 /* not required for wolfSSL */
 #define OPENSSL_load_builtin_modules() WC_DO_NOTHING
 
+#define NID_ad_OCSP WC_NID_ad_OCSP
+#define NID_ad_ca_issuers WC_NID_ad_ca_issuers
 
-#define NID_ad_OCSP                     178
-#define NID_ad_ca_issuers               179
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/ocsp.h b/wolfssl/openssl/ocsp.h
index 8cd337232..67ae0f10d 100644
--- a/wolfssl/openssl/ocsp.h
+++ b/wolfssl/openssl/ocsp.h
@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,12 +27,18 @@
 #ifdef HAVE_OCSP
 #include <wolfssl/ocsp.h>
 
-#define OCSP_REQUEST              OcspRequest
-#define OCSP_RESPONSE             OcspResponse
-#define OCSP_BASICRESP            WOLFSSL_OCSP_BASICRESP
-#define OCSP_SINGLERESP           WOLFSSL_OCSP_SINGLERESP
-#define OCSP_CERTID               WOLFSSL_OCSP_CERTID
-#define OCSP_ONEREQ               WOLFSSL_OCSP_ONEREQ
+#ifndef OPENSSL_COEXIST
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
+    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+typedef OcspRequest                      OCSP_REQUEST;
+typedef OcspResponse                     OCSP_RESPONSE;
+typedef WOLFSSL_OCSP_BASICRESP           OCSP_BASICRESP;
+typedef WOLFSSL_OCSP_SINGLERESP          OCSP_SINGLERESP;
+typedef WOLFSSL_OCSP_CERTID              OCSP_CERTID;
+typedef WOLFSSL_OCSP_ONEREQ              OCSP_ONEREQ;
+typedef WOLFSSL_OCSP_REQ_CTX             OCSP_REQ_CTX;
+#endif
 
 #define OCSP_REVOKED_STATUS_NOSTATUS     (-1)
 
@@ -85,6 +91,17 @@
 #define OCSP_resp_count           wolfSSL_OCSP_resp_count
 #define OCSP_resp_get0            wolfSSL_OCSP_resp_get0
 
+#define OCSP_REQ_CTX_new          wolfSSL_OCSP_REQ_CTX_new
+#define OCSP_REQ_CTX_free         wolfSSL_OCSP_REQ_CTX_free
+#define OCSP_sendreq_new          wolfSSL_OCSP_sendreq_new
+#define OCSP_REQ_CTX_set1_req     wolfSSL_OCSP_REQ_CTX_set1_req
+#define OCSP_REQ_CTX_add1_header  wolfSSL_OCSP_REQ_CTX_add1_header
+#define OCSP_REQ_CTX_http         wolfSSL_OCSP_REQ_CTX_http
+#define OCSP_REQ_CTX_nbio         wolfSSL_OCSP_REQ_CTX_nbio
+#define OCSP_sendreq_nbio         wolfSSL_OCSP_sendreq_nbio
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* HAVE_OCSP */
 
 #endif /* WOLFSSL_OCSP_H_ */
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index c43e507ba..e643a64e4 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -1,6 +1,6 @@
 /* opensslv.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,6 +25,7 @@
 #define WOLFSSL_OPENSSLV_H_
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/version.h>
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
@@ -33,28 +34,42 @@
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
-     /* valid version */
+    /* valid version */
+#elif defined(OPENSSL_VERSION_NUMBER)
+    /* unrecognized version, but continue. */
+    #define WOLFSSL_OPENSSL_VERSION_NUMBER_UNRECOGNIZED
+#elif defined(HAVE_MOSQUITTO)
+    #define OPENSSL_VERSION_NUMBER 0x10100000L
 #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
       defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
-      defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL)
+      defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \
+      defined(WOLFSSL_OPENSSH)
     /* For Apache httpd, Use 1.1.0 compatibility */
-     #define OPENSSL_VERSION_NUMBER 0x10100003L
-#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB)
+    #define OPENSSL_VERSION_NUMBER 0x10100003L
+#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
     /* For Qt and Python 3.8.5 compatibility */
-     #define OPENSSL_VERSION_NUMBER 0x10101000L
+    #define OPENSSL_VERSION_NUMBER 0x10101000L
 #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG)
-     #define OPENSSL_VERSION_NUMBER 0x1010000fL
+    #define OPENSSL_VERSION_NUMBER 0x1010000fL
 #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \
     defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
-     /* version number can be increased for Lighty after compatibility for ECDH
-        is added */
-     #define OPENSSL_VERSION_NUMBER 0x10001040L
+    /* version number can be increased for Lighty after compatibility for ECDH
+       is added */
+    #define OPENSSL_VERSION_NUMBER 0x10001040L
 #else
-     #define OPENSSL_VERSION_NUMBER 0x0090810fL
+    #define OPENSSL_VERSION_NUMBER 0x0090810fL
 #endif
 
-#define OPENSSL_VERSION_TEXT             "wolfSSL " LIBWOLFSSL_VERSION_STRING
-#define OPENSSL_VERSION                  0
+#ifndef OPENSSL_VERSION_TEXT
+    #define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING
+#endif
+#ifndef OPENSSL_VERSION
+    #define OPENSSL_VERSION 0
+#endif
+
+#ifndef OPENSSL_IS_WOLFSSL
+    #define OPENSSL_IS_WOLFSSL
+#endif
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/ossl_typ.h b/wolfssl/openssl/ossl_typ.h
index 85b83c3f4..084558d4c 100644
--- a/wolfssl/openssl/ossl_typ.h
+++ b/wolfssl/openssl/ossl_typ.h
@@ -1,6 +1,6 @@
 /* ossl_typ.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 221e8d6f9..1cf424752 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -1,6 +1,6 @@
 /* pem.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,6 +56,8 @@ WOLFSSL_API
 WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
                                              WOLFSSL_RSA** rsa,
                                              wc_pem_password_cb* cb, void *u);
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out);
 
 WOLFSSL_API
 WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
@@ -63,6 +65,12 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
                                                       wc_pem_password_cb* cb,
                                                       void* pass);
 WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
+                                             const unsigned char **in,
+                                             long len);
+WOLFSSL_API
+int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp);
+WOLFSSL_API
 int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
                                         const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
@@ -173,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
                                                   WOLFSSL_EVP_PKEY** key,
                                                   wc_pem_password_cb* cb,
                                                   void* pass);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API
+WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg);
+#endif
 WOLFSSL_API
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
                                               WOLFSSL_EVP_PKEY **key,
@@ -220,6 +233,8 @@ WOLFSSL_API
 int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #endif /* NO_FILESYSTEM */
 
+#ifndef OPENSSL_COEXIST
+
 #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
 
 #define PEM_read                        wolfSSL_PEM_read
@@ -243,12 +258,12 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_bio_RSA_PUBKEY        wolfSSL_PEM_write_bio_RSA_PUBKEY
 #define PEM_read_bio_RSA_PUBKEY         wolfSSL_PEM_read_bio_RSA_PUBKEY
 #define PEM_read_bio_RSAPublicKey       wolfSSL_PEM_read_bio_RSA_PUBKEY
-#define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #define PEM_write_RSAPrivateKey         wolfSSL_PEM_write_RSAPrivateKey
 #define PEM_write_RSA_PUBKEY            wolfSSL_PEM_write_RSA_PUBKEY
 #define PEM_read_RSA_PUBKEY             wolfSSL_PEM_read_RSA_PUBKEY
 #define PEM_write_RSAPublicKey          wolfSSL_PEM_write_RSAPublicKey
 #define PEM_read_RSAPublicKey           wolfSSL_PEM_read_RSAPublicKey
+#define d2i_RSA_PUBKEY_bio              wolfSSL_d2i_RSA_PUBKEY_bio
 /* DSA */
 #define PEM_write_bio_DSAPrivateKey     wolfSSL_PEM_write_bio_DSAPrivateKey
 #define PEM_write_DSAPrivateKey         wolfSSL_PEM_write_DSAPrivateKey
@@ -263,8 +278,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_ECPrivateKey          wolfSSL_PEM_write_ECPrivateKey
 #define PEM_read_bio_ECPrivateKey       wolfSSL_PEM_read_bio_ECPrivateKey
 #define PEM_read_bio_EC_PUBKEY          wolfSSL_PEM_read_bio_EC_PUBKEY
+#define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #ifndef NO_WOLFSSL_STUB
-#define PEM_write_bio_ECPKParameters(...) 0
+#define PEM_write_bio_ECPKParameters(out, x) 0
 #endif
 /* EVP_KEY */
 #define PEM_read_bio_PrivateKey         wolfSSL_PEM_read_bio_PrivateKey
@@ -272,6 +288,11 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_read_bio_PUBKEY             wolfSSL_PEM_read_bio_PUBKEY
 #define PEM_write_bio_PUBKEY            wolfSSL_PEM_write_bio_PUBKEY
 
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO
+
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/pkcs12.h b/wolfssl/openssl/pkcs12.h
index 28a0a3780..a59798c1c 100644
--- a/wolfssl/openssl/pkcs12.h
+++ b/wolfssl/openssl/pkcs12.h
@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,9 +28,15 @@
 #ifndef WOLFSSL_PKCS12_COMPAT_H_
 #define WOLFSSL_PKCS12_COMPAT_H_
 
-#define NID_pbe_WithSHA1AndDES_CBC             2
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
-#define NID_pbe_WithSHA1And128BitRC4           1
+#define WC_NID_pbe_WithSHA1AndDES_CBC             2
+#define WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
+#define WC_NID_pbe_WithSHA1And128BitRC4           1
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_pbe_WithSHA1AndDES_CBC WC_NID_pbe_WithSHA1AndDES_CBC
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+#define NID_pbe_WithSHA1And128BitRC4 WC_NID_pbe_WithSHA1And128BitRC4
 
 #define PKCS12_DEFAULT_ITER WC_PKCS12_ITT_DEFAULT
 
@@ -46,5 +52,6 @@
 #define PKCS12_create  wolfSSL_PKCS12_create
 #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add
 
-#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
+#endif /* !OPENSSL_COEXIST */
 
+#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h
index 41f890163..84ae28581 100644
--- a/wolfssl/openssl/pkcs7.h
+++ b/wolfssl/openssl/pkcs7.h
@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index cc0d72ac9..4c41ed7a8 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -1,6 +1,6 @@
 /* rand.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,18 @@
 
 /* rand.h for openSSL */
 
+#ifndef WOLFSSL_RAND_COMPAT_H_
+#define WOLFSSL_RAND_COMPAT_H_
+
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/wolfcrypt/random.h>
 
+#ifndef OPENSSL_COEXIST
+
 typedef WOLFSSL_RAND_METHOD RAND_METHOD;
 
 #define RAND_set_rand_method     wolfSSL_RAND_set_rand_method
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* WOLFSSL_RAND_COMPAT_H_ */
diff --git a/wolfssl/openssl/rc4.h b/wolfssl/openssl/rc4.h
index ca56ac825..309174b64 100644
--- a/wolfssl/openssl/rc4.h
+++ b/wolfssl/openssl/rc4.h
@@ -1,6 +1,6 @@
 /* rc4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,16 +41,21 @@ typedef struct WOLFSSL_RC4_KEY {
     /* big enough for Arc4 from wolfssl/wolfcrypt/arc4.h */
     void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_RC4_KEY;
-typedef WOLFSSL_RC4_KEY RC4_KEY;
 
 WOLFSSL_API void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
         const unsigned char* data);
 WOLFSSL_API void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len,
         const unsigned char* in, unsigned char* out);
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_RC4_KEY RC4_KEY;
+
 #define RC4         wolfSSL_RC4
 #define RC4_set_key wolfSSL_RC4_set_key
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/ripemd.h b/wolfssl/openssl/ripemd.h
index 7ba600d9a..0e80bb37a 100644
--- a/wolfssl/openssl/ripemd.h
+++ b/wolfssl/openssl/ripemd.h
@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h
index 7284948ad..111a89e85 100644
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,18 +27,28 @@
 
 #include <wolfssl/openssl/bn.h>
 #include <wolfssl/openssl/err.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/rsa.h>
 
 #ifdef __cplusplus
     extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* Padding types */
-#define RSA_PKCS1_PADDING      0
-#define RSA_PKCS1_OAEP_PADDING 1
-#define RSA_PKCS1_PSS_PADDING  2
-#define RSA_NO_PADDING         3
+#define WC_RSA_PKCS1_PADDING      0
+#define WC_RSA_PKCS1_OAEP_PADDING 1
+#define WC_RSA_PKCS1_PSS_PADDING  2
+
+#ifndef OPENSSL_COEXIST
+
+/* Padding types */
+#define RSA_PKCS1_PADDING       WC_RSA_PKCS1_PADDING
+#define RSA_PKCS1_OAEP_PADDING  WC_RSA_PKCS1_OAEP_PADDING
+#define RSA_PKCS1_PSS_PADDING   WC_RSA_PKCS1_PSS_PADDING
+#define RSA_NO_PADDING          WC_RSA_NO_PAD
 
 /* Emulate OpenSSL flags */
 #define RSA_METHOD_FLAG_NO_CHECK        (1 << 1)
@@ -60,13 +70,15 @@
 #define RSA_PSS_SALTLEN_MAX      (-3)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
+#endif /* !OPENSSL_COEXIST */
+
 typedef struct WOLFSSL_RSA_METHOD {
     /* Flags of RSA key implementation. */
     int flags;
     /* Name of RSA key implementation. */
     char *name;
     /* RSA method dynamically allocated. */
-    word16 dynamic:1;
+    WC_BITFIELD dynamic:1;
 } WOLFSSL_RSA_METHOD;
 
 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
@@ -94,16 +106,16 @@ typedef struct WOLFSSL_RSA {
     int flags;                       /* Flags of implementation. */
 
     /* bits */
-    byte inSet:1;                    /* Internal set from external. */
-    byte exSet:1;                    /* External set from internal. */
-    byte ownRng:1;                   /* Rng needs to be free'd. */
+    WC_BITFIELD inSet:1;             /* Internal set from external. */
+    WC_BITFIELD exSet:1;             /* External set from internal. */
+    WC_BITFIELD ownRng:1;            /* Rng needs to be free'd. */
 } WOLFSSL_RSA;
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 typedef WOLFSSL_RSA                   RSA;
 typedef WOLFSSL_RSA_METHOD            RSA_METHOD;
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
@@ -189,10 +201,15 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 #define WOLFSSL_RSA_LOAD_PRIVATE 1
 #define WOLFSSL_RSA_LOAD_PUBLIC  2
 #define WOLFSSL_RSA_F4           0x10001L
 
+#ifndef OPENSSL_COEXIST
+
+#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
+
 #define RSA_new  wolfSSL_RSA_new
 #define RSA_free wolfSSL_RSA_free
 
@@ -240,6 +257,11 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 
 #define RSA_F4             WOLFSSL_RSA_F4
 
+#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
+#define OPENSSL_RSA_MAX_PUBEXP_BITS  RSA_MAX_SIZE
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/safestack.h b/wolfssl/openssl/safestack.h
new file mode 100644
index 000000000..e059a6ed0
--- /dev/null
+++ b/wolfssl/openssl/safestack.h
@@ -0,0 +1,40 @@
+/* safestack.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* stack.h for openSSL */
+
+#ifndef WOLFSSL_SAFESTACK_H_
+#define WOLFSSL_SAFESTACK_H_
+
+#include <wolfssl/openssl/compat_types.h>
+#include <wolfssl/openssl/ssl.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h
index c36441498..4644a3318 100644
--- a/wolfssl/openssl/sha.h
+++ b/wolfssl/openssl/sha.h
@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
-
+#include <wolfssl/wolfcrypt/sha256.h>
 #ifdef WOLFSSL_PREFIX
 #include "prefix_sha.h"
 #endif
@@ -74,7 +74,7 @@ WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
 WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha,
                                           const unsigned char *data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA_DIGEST_LENGTH = 20
 };
@@ -99,7 +99,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
 #define SHA1_Final wolfSSL_SHA1_Final
 #define SHA1_Transform wolfSSL_SHA1_Transform
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !NO_SHA */
 
 
@@ -125,7 +125,7 @@ WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
                            unsigned long sz);
 WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA224_DIGEST_LENGTH = 28
 };
@@ -142,7 +142,7 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
      * because of SHA224 enum in FIPS build. */
     #define SHA224 wolfSSL_SHA224
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* WOLFSSL_SHA224 */
 
 #ifndef NO_SHA256
@@ -151,7 +151,7 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
  * to Sha256, is expected to also be 16 byte aligned addresses.  */
 typedef struct WOLFSSL_SHA256_CTX {
     /* big enough to hold wolfcrypt Sha256, but check on init */
-    ALIGN16 void* holder[(274 + CTX_SHA_HW_ADDER + WC_ASYNC_DEV_SIZE) /
+    ALIGN16 void* holder[sizeof(wc_Sha256) /
         sizeof(void*)];
 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
     ALIGN16 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))];
@@ -168,7 +168,7 @@ WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input
 WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
                                                 const unsigned char *data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA256_DIGEST_LENGTH = 32
 };
@@ -196,7 +196,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
 
     #define SHA256 wolfSSL_SHA256
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !NO_SHA256 */
 
 #ifdef WOLFSSL_SHA384
@@ -215,7 +215,7 @@ WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
                            unsigned long sz);
 WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA384_DIGEST_LENGTH = 48
 };
@@ -230,7 +230,7 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX;
      * build. */
     #define SHA384 wolfSSL_SHA384
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #endif /* WOLFSSL_SHA384 */
 
@@ -252,7 +252,7 @@ WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha,
 WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512,
                                          const unsigned char* data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA512_DIGEST_LENGTH = 64
 };
@@ -268,7 +268,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
      * build. */
     #define SHA512 wolfSSL_SHA512
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #if !defined(WOLFSSL_NOSHA512_224)
 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX;
@@ -282,7 +282,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output,
 WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
                                           const unsigned char* data);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 #define SHA512_224_Init   wolfSSL_SHA512_224_Init
 #define SHA512_224_Update wolfSSL_SHA512_224_Update
 #define SHA512_224_Final  wolfSSL_SHA512_224_Final
@@ -291,7 +291,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     #define SHA512_224 wolfSSL_SHA512_224
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !WOLFSSL_NOSHA512_224 */
 
 #if !defined(WOLFSSL_NOSHA512_256)
@@ -305,7 +305,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* s
 WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
                                           const unsigned char* data);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 #define SHA512_256_Init   wolfSSL_SHA512_256_Init
 #define SHA512_256_Update wolfSSL_SHA512_256_Update
 #define SHA512_256_Final  wolfSSL_SHA512_256_Final
@@ -314,7 +314,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     #define SHA512_256 wolfSSL_SHA512_256
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !WOLFSSL_NOSHA512_256 */
 
 
diff --git a/wolfssl/openssl/sha3.h b/wolfssl/openssl/sha3.h
index 1b0d63bc5..a970bfd2f 100644
--- a/wolfssl/openssl/sha3.h
+++ b/wolfssl/openssl/sha3.h
@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,6 +27,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/sha3.h>
 
 #ifdef WOLFSSL_PREFIX
 #include "prefix_sha.h"
@@ -41,7 +42,11 @@
  * to Sha3 is expected to also be 16 byte aligned addresses.  */
 struct WOLFSSL_SHA3_CTX {
     /* big enough to hold wolfcrypt Sha3, but check on init */
+#ifdef WOLFSSL_SHA3
+    ALIGN16 void* holder[sizeof(wc_Sha3)];
+#else
     ALIGN16 void* holder[(424 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+#endif
 };
 
 #ifndef WOLFSSL_NOSHA3_224
diff --git a/wolfssl/openssl/srp.h b/wolfssl/openssl/srp.h
index b60981d76..978e05d21 100644
--- a/wolfssl/openssl/srp.h
+++ b/wolfssl/openssl/srp.h
@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,10 @@
 
 #include <wolfssl/wolfcrypt/srp.h>
 
+#ifndef OPENSSL_COEXIST
+
 #define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* WOLFSSL_SRP_H_ */
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 77874c770..da1616845 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,6 +31,8 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
+#include <wolfssl/openssl/compat_types.h>
+
 /* wolfssl_openssl compatibility layer */
 #ifndef OPENSSL_EXTRA_SSL_GUARD
 #define OPENSSL_EXTRA_SSL_GUARD
@@ -75,6 +77,61 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#ifndef WOLFCRYPT_ONLY
+
+#define WOLFSSL_ERR_LIB_SYS             2
+#define WOLFSSL_ERR_LIB_RSA             4
+#define WOLFSSL_ERR_LIB_PEM             9
+#define WOLFSSL_ERR_LIB_X509            10
+#define WOLFSSL_ERR_LIB_EVP             11
+#define WOLFSSL_ERR_LIB_ASN1            12
+#define WOLFSSL_ERR_LIB_DIGEST          13
+#define WOLFSSL_ERR_LIB_CIPHER          14
+#define WOLFSSL_ERR_LIB_USER            15
+#define WOLFSSL_ERR_LIB_EC              16
+#define WOLFSSL_ERR_LIB_SSL             20
+#define WOLFSSL_ERR_LIB_PKCS12          35
+
+#endif
+
+#ifndef WOLFCRYPT_ONLY
+#define WOLFSSL_PEMerr(func, reason)    wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_PEM, \
+                                        (func), (reason), __FILE__, __LINE__)
+#else
+#define WOLFSSL_PEMerr(func, reason)    WOLFSSL_ERROR_LINE((reason), \
+                                        NULL, __LINE__, __FILE__, NULL)
+#endif
+#ifndef WOLFCRYPT_ONLY
+#define WOLFSSL_EVPerr(func, reason)    wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_EVP, \
+                                        (func), (reason), __FILE__, __LINE__)
+#else
+#define WOLFSSL_EVPerr(func, reason)    WOLFSSL_ERROR_LINE((reason), \
+                                        NULL, __LINE__, __FILE__, NULL)
+#endif
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#define WOLFSSL_AD_UNRECOGNIZED_NAME unrecognized_name
+
+#define WOLFSSL_TLSEXT_STATUSTYPE_ocsp  1
+
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
+    defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_WPAS_SMALL)
+
+#define WOLFSSL_NPN_UNSUPPORTED 0
+#define WOLFSSL_NPN_NEGOTIATED  1
+#define WOLFSSL_NPN_NO_OVERLAP  2
+
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || \
+    WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA || \
+    HAVE_LIGHTY || HAVE_STUNNEL || \
+    WOLFSSL_WPAS_SMALL */
+
+#if !defined(OPENSSL_COEXIST) && \
+    (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+
 typedef WOLFSSL          SSL;
 typedef WOLFSSL_SESSION  SSL_SESSION;
 typedef WOLFSSL_METHOD   SSL_METHOD;
@@ -82,6 +139,7 @@ typedef WOLFSSL_CTX      SSL_CTX;
 
 typedef WOLFSSL_X509       X509;
 typedef WOLFSSL_X509       X509_REQ;
+typedef WOLFSSL_X509       X509_REQ_INFO;
 typedef WOLFSSL_X509_NAME  X509_NAME;
 typedef WOLFSSL_X509_INFO  X509_INFO;
 typedef WOLFSSL_X509_CHAIN X509_CHAIN;
@@ -99,6 +157,7 @@ typedef WOLFSSL_CIPHER         SSL_CIPHER;
 typedef WOLFSSL_X509_LOOKUP    X509_LOOKUP;
 typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
 typedef WOLFSSL_X509_CRL       X509_CRL;
+typedef WOLFSSL_X509_ACERT     X509_ACERT;
 typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
 typedef WOLFSSL_X509_PUBKEY    X509_PUBKEY;
 typedef WOLFSSL_X509_ALGOR     X509_ALGOR;
@@ -157,11 +216,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 #define CRYPTO_set_mem_functions        wolfSSL_CRYPTO_set_mem_functions
 
-/* depreciated */
+/* deprecated */
 #define CRYPTO_thread_id                wolfSSL_thread_id
 #define CRYPTO_set_id_callback          wolfSSL_set_id_callback
 
-#define CRYPTO_LOCK             0x01
+/* compat CRYPTO_LOCK is defined in wolfssl/ssl.h */
 #define CRYPTO_UNLOCK           0x02
 #define CRYPTO_READ             0x04
 #define CRYPTO_WRITE            0x08
@@ -205,14 +264,16 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_use_certificate_ASN1        wolfSSL_use_certificate_ASN1
 #define d2i_PKCS8_PRIV_KEY_INFO_bio     wolfSSL_d2i_PKCS8_PKEY_bio
 #define d2i_PKCS8_PRIV_KEY_INFO         wolfSSL_d2i_PKCS8_PKEY
-#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PrivateKey
+#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PKCS8_PKEY
 #define d2i_PKCS8PrivateKey_bio         wolfSSL_d2i_PKCS8PrivateKey_bio
 #define i2d_PKCS8PrivateKey_bio         wolfSSL_PEM_write_bio_PKCS8PrivateKey
 #define PKCS8_PRIV_KEY_INFO_free        wolfSSL_EVP_PKEY_free
 #define d2i_PKCS12_fp                   wolfSSL_d2i_PKCS12_fp
+#define SSL_set_ecdh_auto               wolfSSL_set_ecdh_auto
 #define SSL_CTX_set_ecdh_auto           wolfSSL_CTX_set_ecdh_auto
 
 #define i2d_PUBKEY                      wolfSSL_i2d_PUBKEY
+#define i2d_X509_PUBKEY                 wolfSSL_i2d_X509_PUBKEY
 #define d2i_PUBKEY                      wolfSSL_d2i_PUBKEY
 #define d2i_PUBKEY_bio                  wolfSSL_d2i_PUBKEY_bio
 #define d2i_PublicKey                   wolfSSL_d2i_PublicKey
@@ -228,6 +289,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSLv23_client_method            wolfSSLv23_client_method
 #define SSLv2_client_method             wolfSSLv2_client_method
 #define SSLv2_server_method             wolfSSLv2_server_method
+#define SSLv3_method                    wolfSSLv3_method
 #define SSLv3_server_method             wolfSSLv3_server_method
 #define SSLv3_client_method             wolfSSLv3_client_method
 #define TLS_client_method               wolfTLS_client_method
@@ -253,6 +315,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_F_X509_CHECK_PRIVATE_KEY   128
 
 #ifdef WOLFSSL_DTLS
+    #define DTLS_client_method          wolfDTLS_client_method
+    #define DTLS_server_method          wolfDTLS_server_method
     #define DTLSv1_client_method        wolfDTLSv1_client_method
     #define DTLSv1_server_method        wolfDTLSv1_server_method
     #define DTLSv1_2_client_method      wolfDTLSv1_2_client_method
@@ -264,13 +328,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #ifndef NO_FILESYSTEM
     #define SSL_CTX_use_certificate_file      wolfSSL_CTX_use_certificate_file
     #define SSL_CTX_use_PrivateKey_file       wolfSSL_CTX_use_PrivateKey_file
-#ifdef WOLFSSL_APACHE_HTTPD
-    #define SSL_CTX_load_verify_locations(ctx,file,path) \
-        wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\
-                                                   WOLFSSL_LOAD_FLAG_IGNORE_ERR)
-#else
-    #define SSL_CTX_load_verify_locations     wolfSSL_CTX_load_verify_locations
-#endif
+    #define SSL_CTX_load_verify_locations     wolfSSL_CTX_load_verify_locations_compat
     #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
     #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
     #define SSL_CTX_use_RSAPrivateKey_file    wolfSSL_CTX_use_RSAPrivateKey_file
@@ -295,7 +353,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_write_early_data(ssl, d, dLen, len)  wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len))
 
 #define SSL_write                       wolfSSL_write
+#define SSL_write_ex                    wolfSSL_write_ex
 #define SSL_read                        wolfSSL_read
+#define SSL_read_ex                     wolfSSL_read_ex
 #define SSL_peek                        wolfSSL_peek
 #define SSL_accept                      wolfSSL_accept
 #define SSL_CTX_free                    wolfSSL_CTX_free
@@ -340,6 +400,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_CTX_set1_sigalgs_list       wolfSSL_CTX_set1_sigalgs_list
 #define SSL_set1_sigalgs_list           wolfSSL_set1_sigalgs_list
 #define SSL_get_signature_nid           wolfSSL_get_signature_nid
+#define SSL_get_signature_type_nid      wolfSSL_get_signature_type_nid
+#define SSL_get_peer_signature_nid      wolfSSL_get_peer_signature_nid
+#define SSL_get_peer_signature_type_nid wolfSSL_get_peer_signature_type_nid
 
 #define SSL_CTX_set1_groups             wolfSSL_CTX_set1_groups
 #define SSL_set1_groups                 wolfSSL_set1_groups
@@ -363,6 +426,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_SESSION_dup                 wolfSSL_SESSION_dup
 #define SSL_SESSION_free                wolfSSL_SESSION_free
 #define SSL_SESSION_set_cipher          wolfSSL_SESSION_set_cipher
+#define SSL_SESSION_get_max_fragment_length \
+                                        wolfSSL_SESSION_get_max_fragment_length
 #define SSL_is_init_finished            wolfSSL_is_init_finished
 
 #define SSL_SESSION_set1_id             wolfSSL_SESSION_set1_id
@@ -370,6 +435,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 #define SSL_get_version                 wolfSSL_get_version
 #define SSL_get_current_cipher          wolfSSL_get_current_cipher
+#define SSL_get_client_ciphers          wolfSSL_get_client_ciphers
 
 /* use wolfSSL_get_cipher_name for its return format */
 #define SSL_get_cipher                  wolfSSL_get_cipher_name
@@ -394,11 +460,14 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
 #define SSL_SESSION_get_max_early_data  wolfSSL_SESSION_get_max_early_data
 
-#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
-    #define SSL_MODE_RELEASE_BUFFERS     0x00000010U
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+    /* compat SSL_MODE_RELEASE_BUFFERS is defined in wolfssl/ssl.h */
     #define ASN1_BOOLEAN                 WOLFSSL_ASN1_BOOLEAN
     #define X509_get_ext                 wolfSSL_X509_get_ext
     #define X509_get_ext_by_OBJ          wolfSSL_X509_get_ext_by_OBJ
+    #define X509_OBJECT_set1_X509        wolfSSL_X509_OBJECT_set1_X509
+    #define X509_OBJECT_set1_X509_CRL    wolfSSL_X509_OBJECT_set1_X509_CRL
+    #define sk_X509_OBJECT_deep_copy     wolfSSL_sk_X509_OBJECT_deep_copy
     #define X509_cmp                     wolfSSL_X509_cmp
     #define X509_EXTENSION_get_object    wolfSSL_X509_EXTENSION_get_object
     #define X509_EXTENSION_get_critical  wolfSSL_X509_EXTENSION_get_critical
@@ -423,6 +492,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509_fp                     wolfSSL_d2i_X509_fp
 #define i2d_X509                        wolfSSL_i2d_X509
 #define d2i_X509                        wolfSSL_d2i_X509
+#define d2i_X509_REQ_INFO               wolfSSL_d2i_X509_REQ_INFO
 #define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
 #define PEM_read_bio_X509_REQ           wolfSSL_PEM_read_bio_X509_REQ
 #define PEM_read_X509_REQ               wolfSSL_PEM_read_X509_REQ
@@ -440,6 +510,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509_REQ                    wolfSSL_d2i_X509_REQ
 #define X509_REQ_new                    wolfSSL_X509_REQ_new
 #define X509_REQ_free                   wolfSSL_X509_REQ_free
+#define X509_REQ_INFO_free              wolfSSL_X509_REQ_free
 #define X509_REQ_sign                   wolfSSL_X509_REQ_sign
 #define X509_REQ_sign_ctx               wolfSSL_X509_REQ_sign_ctx
 #define X509_REQ_add_extensions         wolfSSL_X509_REQ_add_extensions
@@ -485,6 +556,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_get0_notAfter              wolfSSL_X509_get_notAfter
 #define X509_getm_notAfter              wolfSSL_X509_get_notAfter
 #define X509_get_serialNumber           wolfSSL_X509_get_serialNumber
+#define X509_get0_serialNumber          wolfSSL_X509_get_serialNumber
 #define X509_get0_pubkey_bitstr         wolfSSL_X509_get0_pubkey_bitstr
 #define X509_get_ex_new_index           wolfSSL_X509_get_ex_new_index
 #define X509_get_ex_data                wolfSSL_X509_get_ex_data
@@ -497,13 +569,16 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_set_pubkey                 wolfSSL_X509_set_pubkey
 #define X509_set_notAfter               wolfSSL_X509_set_notAfter
 #define X509_set_notBefore              wolfSSL_X509_set_notBefore
+#define X509_set1_notAfter              wolfSSL_X509_set1_notAfter
+#define X509_set1_notBefore             wolfSSL_X509_set1_notBefore
 #define X509_set_serialNumber           wolfSSL_X509_set_serialNumber
 #define X509_set_version                wolfSSL_X509_set_version
-#define X509_REQ_set_version            wolfSSL_X509_set_version
+#define X509_REQ_set_version            wolfSSL_X509_REQ_set_version
+#define X509_REQ_get_version            wolfSSL_X509_REQ_get_version
 #define X509_sign                       wolfSSL_X509_sign
 #define X509_sign_ctx                   wolfSSL_X509_sign_ctx
 #define X509_print                      wolfSSL_X509_print
-#define X509_REQ_print                  wolfSSL_X509_print
+#define X509_REQ_print                  wolfSSL_X509_REQ_print
 #define X509_print_ex                   wolfSSL_X509_print_ex
 #define X509_print_fp                   wolfSSL_X509_print_fp
 #define X509_CRL_print                  wolfSSL_X509_CRL_print
@@ -525,6 +600,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_dup                        wolfSSL_X509_dup
 #define X509_add_ext                    wolfSSL_X509_add_ext
 #define X509_delete_ext                 wolfSSL_X509_delete_ext
+#define X509_get0_subject_key_id        wolfSSL_X509_get0_subject_key_id
 
 #define X509_EXTENSION_get_object       wolfSSL_X509_EXTENSION_get_object
 #define X509_EXTENSION_get_data         wolfSSL_X509_EXTENSION_get_data
@@ -558,6 +634,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define sk_X509_EXTENSION_new_null      wolfSSL_sk_X509_EXTENSION_new_null
 #define sk_X509_EXTENSION_pop_free      wolfSSL_sk_X509_EXTENSION_pop_free
 #define sk_X509_EXTENSION_push          wolfSSL_sk_X509_EXTENSION_push
+#define sk_X509_EXTENSION_free          wolfSSL_sk_X509_EXTENSION_free
 
 #define X509_INFO_new                   wolfSSL_X509_INFO_new
 #define X509_INFO_free                  wolfSSL_X509_INFO_free
@@ -618,6 +695,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define X509_NAME_entry_count           wolfSSL_X509_NAME_entry_count
 #define X509_NAME_get_entry             wolfSSL_X509_NAME_get_entry
+#define X509_NAME_ENTRY_set             wolfSSL_X509_NAME_ENTRY_set
 #define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
 #define X509_NAME_ENTRY_get_data        wolfSSL_X509_NAME_ENTRY_get_data
 #define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
@@ -631,11 +709,15 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_V_FLAG_CRL_CHECK     WOLFSSL_CRL_CHECK
 #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
 
+#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN
+#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */
+
 #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
 #define X509_V_FLAG_NO_CHECK_TIME  WOLFSSL_NO_CHECK_TIME
 #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT
 #define X509_CHECK_FLAG_NO_WILDCARDS         WOLFSSL_NO_WILDCARDS
 #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS
+#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS WOLFSSL_MULTI_LABEL_WILDCARDS
 
 #define X509_VP_FLAG_DEFAULT        WOLFSSL_VPARAM_DEFAULT
 #define X509_VP_FLAG_OVERWRITE      WOLFSSL_VPARAM_OVERWRITE
@@ -643,6 +725,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_VP_FLAG_LOCKED         WOLFSSL_VPARAM_LOCKED
 #define X509_VP_FLAG_ONCE           WOLFSSL_VPARAM_ONCE
 
+#define X509_STORE_lock(x)   1
+#define X509_STORE_unlock(x) 1
+
 #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
 #define X509_STORE_CTX_set_verify_cb    wolfSSL_X509_STORE_CTX_set_verify_cb
 #define X509_STORE_CTX_new              wolfSSL_X509_STORE_CTX_new
@@ -671,10 +756,13 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c))
 #define X509_STORE_set_verify_cb_func(s, c) \
 wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c))
+#define X509_STORE_set_get_crl          wolfSSL_X509_STORE_set_get_crl
+#define X509_STORE_set_check_crl        wolfSSL_X509_STORE_set_check_crl
 
 
 #define X509_STORE_new                  wolfSSL_X509_STORE_new
 #define X509_STORE_free                 wolfSSL_X509_STORE_free
+#define X509_STORE_up_ref               wolfSSL_X509_STORE_up_ref
 #define X509_STORE_add_lookup           wolfSSL_X509_STORE_add_lookup
 #define X509_STORE_add_cert             wolfSSL_X509_STORE_add_cert
 #define X509_STORE_add_crl              wolfSSL_X509_STORE_add_crl
@@ -683,8 +771,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_STORE_get_by_subject       wolfSSL_X509_STORE_get_by_subject
 #define X509_STORE_set_ex_data          wolfSSL_X509_STORE_set_ex_data
 #define X509_STORE_get_ex_data          wolfSSL_X509_STORE_get_ex_data
+#define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
+#define X509_STORE_set1_param           wolfSSL_X509_STORE_set1_param
 #define X509_STORE_CTX_get1_issuer      wolfSSL_X509_STORE_CTX_get1_issuer
 #define X509_STORE_CTX_set_time         wolfSSL_X509_STORE_CTX_set_time
+#define X509_STORE_CTX_get0_param       wolfSSL_X509_STORE_CTX_get0_param
 #define X509_VERIFY_PARAM_new           wolfSSL_X509_VERIFY_PARAM_new
 #define X509_VERIFY_PARAM_free          wolfSSL_X509_VERIFY_PARAM_free
 #define X509_VERIFY_PARAM_set_flags     wolfSSL_X509_VERIFY_PARAM_set_flags
@@ -696,7 +787,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_VERIFY_PARAM_set1_ip_asc   wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
 #define X509_VERIFY_PARAM_set1_ip       wolfSSL_X509_VERIFY_PARAM_set1_ip
 #define X509_VERIFY_PARAM_set1          wolfSSL_X509_VERIFY_PARAM_set1
+#define X509_VERIFY_PARAM_lookup        wolfSSL_X509_VERIFY_PARAM_lookup
+#define X509_VERIFY_PARAM_inherit       wolfSSL_X509_VERIFY_PARAM_inherit
 #define X509_STORE_load_locations       wolfSSL_X509_STORE_load_locations
+#define X509_STORE_set_default_paths    wolfSSL_X509_STORE_set_default_paths
+#define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
 
 #define X509_LOOKUP_add_dir             wolfSSL_X509_LOOKUP_add_dir
 #define X509_LOOKUP_load_file           wolfSSL_X509_LOOKUP_load_file
@@ -708,6 +803,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define d2i_X509_CRL_fp                 wolfSSL_d2i_X509_CRL_fp
 #define PEM_read_X509_CRL               wolfSSL_PEM_read_X509_CRL
 
+#define X509_CRL_dup                    wolfSSL_X509_CRL_dup
 #define X509_CRL_free                   wolfSSL_X509_CRL_free
 #define X509_CRL_get_lastUpdate         wolfSSL_X509_CRL_get_lastUpdate
 #define X509_CRL_get0_lastUpdate        wolfSSL_X509_CRL_get_lastUpdate
@@ -720,6 +816,15 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_CRL_get_version            wolfSSL_X509_CRL_version
 #define X509_load_crl_file              wolfSSL_X509_load_crl_file
 
+#define X509_ACERT_new                  wolfSSL_X509_ACERT_new
+#define X509_ACERT_free                 wolfSSL_X509_ACERT_free
+#define X509_ACERT_get_version          wolfSSL_X509_ACERT_get_version
+#define X509_ACERT_get_signature_nid    wolfSSL_X509_ACERT_get_signature_nid
+#define X509_ACERT_print                wolfSSL_X509_ACERT_print
+#define X509_ACERT_verify               wolfSSL_X509_ACERT_verify
+#define X509_ACERT_sign                 wolfSSL_X509_ACERT_sign
+#define PEM_read_bio_X509_ACERT         wolfSSL_PEM_read_bio_X509_ACERT
+
 #define X509_get_X509_PUBKEY            wolfSSL_X509_get_X509_PUBKEY
 #define X509_REQ_get_X509_PUBKEY        wolfSSL_X509_get_X509_PUBKEY
 #define X509_get0_tbs_sigalg            wolfSSL_X509_get0_tbs_sigalg
@@ -731,6 +836,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define X509_ALGOR_new                  wolfSSL_X509_ALGOR_new
 #define X509_ALGOR_free                 wolfSSL_X509_ALGOR_free
+#define i2d_X509_ALGOR                  wolfSSL_i2d_X509_ALGOR
+#define d2i_X509_ALGOR                  wolfSSL_d2i_X509_ALGOR
 #define X509_PUBKEY_new                 wolfSSL_X509_PUBKEY_new
 #define X509_PUBKEY_free                wolfSSL_X509_PUBKEY_free
 
@@ -745,7 +852,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_REVOKED_get0_serialNumber   wolfSSL_X509_REVOKED_get0_serial_number
 #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date
 
-#define X509_check_purpose(...)         0
+#define X509_check_purpose(x, id, ca)   0
 
 #define OCSP_parse_url                  wolfSSL_OCSP_parse_url
 
@@ -767,7 +874,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_pop                         wolfSSL_BIO_pop
 #define BIO_flush                       wolfSSL_BIO_flush
 #define BIO_pending                     wolfSSL_BIO_pending
-
+#define BIO_number_read                 wolfSSL_BIO_number_read
+#define BIO_number_written              wolfSSL_BIO_number_written
+#define BIO_reset                       wolfSSL_BIO_reset
 #define BIO_get_mem_data                wolfSSL_BIO_get_mem_data
 #define BIO_new_mem_buf                 wolfSSL_BIO_new_mem_buf
 
@@ -775,6 +884,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_set_write_buffer_size       wolfSSL_BIO_set_write_buffer_size
 #define BIO_f_ssl                       wolfSSL_BIO_f_ssl
 #define BIO_new_socket                  wolfSSL_BIO_new_socket
+#define BIO_new_dgram                   wolfSSL_BIO_new_dgram
 #define BIO_new_connect                 wolfSSL_BIO_new_connect
 #define BIO_new_accept                  wolfSSL_BIO_new_accept
 #define BIO_set_conn_port               wolfSSL_BIO_set_conn_port
@@ -783,6 +893,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_do_handshake                wolfSSL_BIO_do_handshake
 #define BIO_ssl_shutdown                wolfSSL_BIO_ssl_shutdown
 #define SSL_set_bio                     wolfSSL_set_bio
+#define SSL_set0_rbio                   wolfSSL_set_rbio
+#define SSL_set0_wbio                   wolfSSL_set_wbio
 #define BIO_method_type                 wolfSSL_BIO_method_type
 #define BIO_set_ssl                     wolfSSL_BIO_set_ssl
 #define BIO_get_ssl                     wolfSSL_BIO_get_ssl
@@ -818,6 +930,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define COMP_zlib                       wolfSSL_COMP_zlib
 #define COMP_rle                        wolfSSL_COMP_rle
 #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
+#define SSL_COMP_get_name               wolfSSL_COMP_get_name
+#define SSL_get_current_compression     wolfSSL_get_current_compression
+#define SSL_get_current_expansion       wolfSSL_get_current_expansion
 
 #define SSL_get_ex_new_index            wolfSSL_get_ex_new_index
 #define RSA_get_ex_new_index            wolfSSL_get_ex_new_index
@@ -826,24 +941,30 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_BIT_STRING_free            wolfSSL_ASN1_BIT_STRING_free
 #define ASN1_BIT_STRING_get_bit         wolfSSL_ASN1_BIT_STRING_get_bit
 #define ASN1_BIT_STRING_set_bit         wolfSSL_ASN1_BIT_STRING_set_bit
+#define i2d_ASN1_BIT_STRING             wolfSSL_i2d_ASN1_BIT_STRING
+#define d2i_ASN1_BIT_STRING             wolfSSL_d2i_ASN1_BIT_STRING
 
 #define sk_ASN1_OBJECT_free             wolfSSL_sk_ASN1_OBJECT_free
 
 #ifndef NO_ASN_TIME
 #define ASN1_TIME_new                   wolfSSL_ASN1_TIME_new
 #define ASN1_UTCTIME_new                wolfSSL_ASN1_TIME_new
+#define ASN1_GENERALIZEDTIME_new        wolfSSL_ASN1_TIME_new
 #define ASN1_TIME_free                  wolfSSL_ASN1_TIME_free
 #define ASN1_UTCTIME_free               wolfSSL_ASN1_TIME_free
+#define ASN1_GENERALIZEDTIME_free       wolfSSL_ASN1_TIME_free
 #define ASN1_TIME_adj                   wolfSSL_ASN1_TIME_adj
 #define ASN1_TIME_print                 wolfSSL_ASN1_TIME_print
 #define ASN1_TIME_to_string             wolfSSL_ASN1_TIME_to_string
 #define ASN1_TIME_to_tm                 wolfSSL_ASN1_TIME_to_tm
 #define ASN1_TIME_to_generalizedtime    wolfSSL_ASN1_TIME_to_generalizedtime
+#define ASN1_UTCTIME_set                wolfSSL_ASN1_UTCTIME_set
 #endif
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 #define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
+#define ASN1_TIME_set_string_X509       wolfSSL_ASN1_TIME_set_string_X509
+#define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string
 #define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
-#define ASN1_GENERALIZEDTIME_free       wolfSSL_ASN1_GENERALIZEDTIME_free
 
 #define ASN1_tag2str                    wolfSSL_ASN1_tag2str
 
@@ -876,9 +997,25 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_STRING_print(x, y)         wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
 #define d2i_DISPLAYTEXT                 wolfSSL_d2i_DISPLAYTEXT
 #ifndef NO_WOLFSSL_STUB
-#define ASN1_STRING_set_default_mask_asc(...) 1
+#define ASN1_STRING_set_default_mask_asc(p) 1
 #endif
 
+#define ASN1_GENERALSTRING              WOLFSSL_ASN1_STRING
+#define ASN1_GENERALSTRING_new          wolfSSL_ASN1_STRING_new
+#define ASN1_GENERALSTRING_free         wolfSSL_ASN1_STRING_free
+#define ASN1_GENERALSTRING_set          wolfSSL_ASN1_STRING_set
+#define i2d_ASN1_GENERALSTRING          wolfSSL_i2d_ASN1_GENERALSTRING
+#define i2d_ASN1_OCTET_STRING           wolfSSL_i2d_ASN1_OCTET_STRING
+#define i2d_ASN1_UTF8STRING             wolfSSL_i2d_ASN1_UTF8STRING
+#define i2d_ASN1_SEQUENCE               wolfSSL_i2d_ASN1_SEQUENCE
+#define d2i_ASN1_GENERALSTRING          wolfSSL_d2i_ASN1_GENERALSTRING
+#define d2i_ASN1_OCTET_STRING           wolfSSL_d2i_ASN1_OCTET_STRING
+#define d2i_ASN1_UTF8STRING             wolfSSL_d2i_ASN1_UTF8STRING
+
+#define sk_ASN1_GENERALSTRING_num       wolfSSL_sk_num
+#define sk_ASN1_GENERALSTRING_value     wolfSSL_sk_value
+#define sk_ASN1_GENERALSTRING_push      wolfSSL_sk_push
+
 #define ASN1_OCTET_STRING               WOLFSSL_ASN1_STRING
 #define ASN1_OCTET_STRING_new           wolfSSL_ASN1_STRING_new
 #define ASN1_OCTET_STRING_free          wolfSSL_ASN1_STRING_free
@@ -894,7 +1031,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_IA5STRING_free            wolfSSL_ASN1_STRING_free
 #define ASN1_IA5STRING_set             wolfSSL_ASN1_STRING_set
 
-#define ASN1_PRINTABLE_type(...)        V_ASN1_PRINTABLESTRING
+#define ASN1_PRINTABLE_type(s, max)    V_ASN1_PRINTABLESTRING
 
 #define ASN1_UTCTIME_pr                 wolfSSL_ASN1_UTCTIME_pr
 
@@ -913,7 +1050,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #endif
 #define SSL_set0_verify_cert_store      wolfSSL_set0_verify_cert_store
 #define SSL_set1_verify_cert_store      wolfSSL_set1_verify_cert_store
-#define SSL_CTX_get_cert_store(x)       wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
+#define SSL_CTX_get_cert_store(x)       wolfSSL_CTX_get_cert_store ((x))
 #define SSL_get_client_CA_list          wolfSSL_get_client_CA_list
 #define SSL_set_client_CA_list          wolfSSL_set_client_CA_list
 #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
@@ -934,7 +1071,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define SSL_alert_type_string           wolfSSL_alert_type_string
 #define SSL_alert_desc_string           wolfSSL_alert_desc_string
-#define SSL_state_string                wolfSSL_state_string
+#define SSL_state_string                wolfSSL_state_string_long
 
 #define RSA_free                        wolfSSL_RSA_free
 #define RSA_generate_key                wolfSSL_RSA_generate_key
@@ -943,7 +1080,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define RSA_print_fp                    wolfSSL_RSA_print_fp
 #define RSA_bits                        wolfSSL_RSA_bits
 #define RSA_up_ref                      wolfSSL_RSA_up_ref
+#define RSA_padding_add_PKCS1_PSS_mgf1  wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1
 #define RSA_padding_add_PKCS1_PSS       wolfSSL_RSA_padding_add_PKCS1_PSS
+#define RSA_verify_PKCS1_PSS_mgf1       wolfSSL_RSA_verify_PKCS1_PSS_mgf1
 #define RSA_verify_PKCS1_PSS            wolfSSL_RSA_verify_PKCS1_PSS
 
 #define PEM_def_callback                wolfSSL_PEM_def_callback
@@ -977,6 +1116,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback
 #define SSL_set_psk_server_callback     wolfSSL_set_psk_server_callback
 
+#if !defined(USE_WINDOWS_API) && !defined(INVALID_SOCKET)
+    #define INVALID_SOCKET (-1)
+#endif
+
 /* system file ints for ERR_put_error */
 #define SYS_F_ACCEPT      WOLFSSL_SYS_ACCEPT
 #define SYS_F_BIND        WOLFSSL_SYS_BIND
@@ -1021,20 +1164,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ERR_lib_error_string            wolfSSL_ERR_lib_error_string
 #define ERR_load_BIO_strings            wolfSSL_ERR_load_BIO_strings
 
-#ifndef WOLFCRYPT_ONLY
-#define PEMerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_PEM, \
-                                        (func), (reason), __FILE__, __LINE__)
-#else
-#define PEMerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
-                                        NULL, __LINE__, __FILE__, NULL)
-#endif
-#ifndef WOLFCRYPT_ONLY
-#define EVPerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_EVP, \
-                                        (func), (reason), __FILE__, __LINE__)
-#else
-#define EVPerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
-                                        NULL, __LINE__, __FILE__, NULL)
-#endif
+#define PEMerr(func, reason)            WOLFSSL_PEMerr(func, reason)
+#define EVPerr(func, reason)            WOLFSSL_EVPerr(func, reason)
 
 #define SSLv23_server_method            wolfSSLv23_server_method
 #define SSL_CTX_set_options             wolfSSL_CTX_set_options
@@ -1125,6 +1256,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define DTLSv1_get_timeout(ssl, timeleft)   wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft))
 #define DTLSv1_handle_timeout               wolfSSL_DTLSv1_handle_timeout
 #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration
+#define SSL_set_mtu                         wolfSSL_set_mtu_compat
 
 /* DTLS SRTP */
 #ifdef WOLFSSL_SRTP
@@ -1177,6 +1309,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define sk_SSL_CIPHER_free              wolfSSL_sk_SSL_CIPHER_free
 #define sk_SSL_CIPHER_find              wolfSSL_sk_SSL_CIPHER_find
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+#define SSL_get0_peername wolfSSL_get0_peername
+#endif
+
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
     || defined(WOLFSSL_NGINX)
 #include <wolfssl/openssl/pem.h>
@@ -1185,7 +1321,6 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_R_SHORT_READ     10
 #define ERR_R_PEM_LIB        9
 #define SSL_CTRL_MODE        33
-
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
 
 #define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
@@ -1205,10 +1340,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
                                                                   (char *)(arg))
 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */
 
+#define SSL_CTX_set_dh_auto             wolfSSL_CTX_set_dh_auto
 #define SSL_CTX_set_tmp_dh              wolfSSL_CTX_set_tmp_dh
 
-#define TLSEXT_STATUSTYPE_ocsp  1
+#define TLSEXT_STATUSTYPE_ocsp          WOLFSSL_TLSEXT_STATUSTYPE_ocsp
 
+#define TLSEXT_max_fragment_length_DISABLED WOLFSSL_MFL_DISABLED
 #define TLSEXT_max_fragment_length_512   WOLFSSL_MFL_2_9
 #define TLSEXT_max_fragment_length_1024  WOLFSSL_MFL_2_10
 #define TLSEXT_max_fragment_length_2048  WOLFSSL_MFL_2_11
@@ -1309,6 +1446,11 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define SSL3_RANDOM_SIZE                32 /* same as RAN_LEN in internal.h */
 
+#ifndef WOLFSSL_ALLOW_SSLV3
+    #undef  OPENSSL_NO_SSL3
+    #define OPENSSL_NO_SSL3
+#endif
+
 /* Used as message callback types */
 #define SSL3_RT_CHANGE_CIPHER_SPEC       20
 #define SSL3_RT_ALERT                    21
@@ -1334,6 +1476,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_CONF_TYPE_FILE               WOLFSSL_CONF_TYPE_FILE
 #define SSL_CONF_TYPE_DIR                WOLFSSL_CONF_TYPE_DIR
 
+#define OPENSSL_INIT_new                 wolfSSL_OPENSSL_INIT_new
+#define OPENSSL_INIT_free                wolfSSL_OPENSSL_INIT_free
+#define OPENSSL_INIT_set_config_appname  wolfSSL_OPENSSL_INIT_set_config_appname
+
 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
     defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
 
@@ -1342,14 +1488,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define SSL3_AD_BAD_CERTIFICATE          bad_certificate
 #define SSL_AD_BAD_CERTIFICATE           SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNRECOGNIZED_NAME         unrecognized_name
+#define SSL_AD_UNRECOGNIZED_NAME         WOLFSSL_AD_UNRECOGNIZED_NAME
 #define SSL_AD_NO_RENEGOTIATION          no_renegotiation
 #define SSL_AD_INTERNAL_ERROR            80
 #define SSL_AD_NO_APPLICATION_PROTOCOL   no_application_protocol
 #define SSL_AD_MISSING_EXTENSION         missing_extension
 
-#define ASN1_STRFLGS_ESC_MSB             4
-
 #define SSL_MAX_MASTER_KEY_LENGTH       WOLFSSL_MAX_MASTER_KEY_LENGTH
 
 #define SSL_alert_desc_string_long      wolfSSL_alert_desc_string_long
@@ -1447,7 +1591,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define PSK_MAX_IDENTITY_LEN            128
 #define SSL_CTX_clear_options           wolfSSL_CTX_clear_options
 
-#define SSL_CTX_add_server_custom_ext(...) 0
+#define SSL_CTX_add_server_custom_ext(ctx, ext_type, add_cb, free_cb, add_arg, parse_cb, parse_arg) 0
 
 #define SSL_get0_verified_chain         wolfSSL_get0_verified_chain
 #define X509_chain_up_ref               wolfSSL_X509_chain_up_ref
@@ -1455,8 +1599,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
 
 #ifndef NO_WOLFSSL_STUB
-#define b2i_PrivateKey_bio(...)         NULL
-#define b2i_PVK_bio(...)                NULL
+#define b2i_PrivateKey_bio(in)          NULL
+#define b2i_PVK_bio(in, cb, u)          NULL
 #endif
 
 #define SSL_CTX_get_default_passwd_cb   wolfSSL_CTX_get_default_passwd_cb
@@ -1479,40 +1623,41 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define PEM_F_PEM_DEF_CALLBACK  100
 
-/* Avoid wolfSSL error code range */
-#define PEM_R_NO_START_LINE             (-MIN_CODE_E + 1)
-#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2)
-#define PEM_R_BAD_PASSWORD_READ         (-MIN_CODE_E + 3)
-#define PEM_R_BAD_DECRYPT               (-MIN_CODE_E + 4)
-#define ASN1_R_HEADER_TOO_LONG          (-MIN_CODE_E + 5)
+#include <wolfssl/error-ssl.h>
 
-#define ERR_LIB_RSA             4
-#define ERR_LIB_EC              16
-#define ERR_LIB_SSL             20
-#define ERR_LIB_PKCS12          35
-#define ERR_LIB_PEM             9
-#define ERR_LIB_X509            10
-#define ERR_LIB_EVP             11
-#define ERR_LIB_ASN1            12
-#define ERR_LIB_DIGEST          13
-#define ERR_LIB_CIPHER          14
-#define ERR_LIB_USER            15
+#define PEM_R_NO_START_LINE             (-WOLFSSL_PEM_R_NO_START_LINE_E)
+#define PEM_R_PROBLEMS_GETTING_PASSWORD (-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E)
+#define PEM_R_BAD_PASSWORD_READ         (-WOLFSSL_PEM_R_BAD_PASSWORD_READ_E)
+#define PEM_R_BAD_DECRYPT               (-WOLFSSL_PEM_R_BAD_DECRYPT_E)
+#define ASN1_R_HEADER_TOO_LONG          (-WOLFSSL_ASN1_R_HEADER_TOO_LONG_E)
+
+#define ERR_LIB_SYS             WOLFSSL_ERR_LIB_SYS
+#define ERR_LIB_RSA             WOLFSSL_ERR_LIB_RSA
+#define ERR_LIB_PEM             WOLFSSL_ERR_LIB_PEM
+#define ERR_LIB_X509            WOLFSSL_ERR_LIB_X509
+#define ERR_LIB_EVP             WOLFSSL_ERR_LIB_EVP
+#define ERR_LIB_ASN1            WOLFSSL_ERR_LIB_ASN1
+#define ERR_LIB_DIGEST          WOLFSSL_ERR_LIB_DIGEST
+#define ERR_LIB_CIPHER          WOLFSSL_ERR_LIB_CIPHER
+#define ERR_LIB_USER            WOLFSSL_ERR_LIB_USER
+#define ERR_LIB_EC              WOLFSSL_ERR_LIB_EC
+#define ERR_LIB_SSL             WOLFSSL_ERR_LIB_SSL
+#define ERR_LIB_PKCS12          WOLFSSL_ERR_LIB_PKCS12
 
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
     defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
     defined(WOLFSSL_WPAS_SMALL)
 
-#include <wolfssl/error-ssl.h>
-
 #define OPENSSL_STRING    WOLFSSL_STRING
 #define OPENSSL_CSTRING   WOLFSSL_STRING
 
-#define TLSEXT_TYPE_application_layer_protocol_negotiation    16
+#define TLSEXT_TYPE_application_layer_protocol_negotiation \
+    TLSXT_APPLICATION_LAYER_PROTOCOL
 
-#define OPENSSL_NPN_UNSUPPORTED 0
-#define OPENSSL_NPN_NEGOTIATED  1
-#define OPENSSL_NPN_NO_OVERLAP  2
+#define OPENSSL_NPN_UNSUPPORTED WOLFSSL_NPN_UNSUPPORTED
+#define OPENSSL_NPN_NEGOTIATED  WOLFSSL_NPN_NEGOTIATED
+#define OPENSSL_NPN_NO_OVERLAP  WOLFSSL_NPN_NO_OVERLAP
 
 /* Nginx checks these to see if the error was a handshake error. */
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC               LENGTH_ERROR
@@ -1609,7 +1754,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define ERR_NUM_ERRORS                  16
 #define SN_pkcs9_emailAddress           "Email"
 #define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
+#define NID_pkcs9_emailAddress          WC_NID_pkcs9_emailAddress
 #define OBJ_pkcs9_emailAddress          1L,2L,840L,113539L,1L,9L,1L
 
 #define LN_basic_constraints            "X509v3 Basic Constraints"
@@ -1662,11 +1807,16 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define OpenSSL_version(x)              wolfSSL_OpenSSL_version()
 #endif
 
+#define X509_OBJECT_retrieve_by_subject wolfSSL_X509_OBJECT_retrieve_by_subject
+
 #ifndef NO_WOLFSSL_STUB
-#define OBJ_create_objects(...)         WC_DO_NOTHING
-#define sk_SSL_COMP_free(...)           WC_DO_NOTHING
+#define OBJ_create_objects(in)          WC_DO_NOTHING
+#define sk_SSL_COMP_free(sk)            WC_DO_NOTHING
 #endif
 
+#define ASN1_OBJECT_new                 wolfSSL_ASN1_OBJECT_new
+#define ASN1_OBJECT_free                wolfSSL_ASN1_OBJECT_free
+#define i2d_ASN1_OBJECT                 wolfSSL_i2d_ASN1_OBJECT
 #define OBJ_dup                         wolfSSL_ASN1_OBJECT_dup
 
 #define SSL_set_psk_use_session_callback    wolfSSL_set_psk_use_session_callback
@@ -1681,7 +1831,9 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
 #define SSL_CONF_cmd                    wolfSSL_CONF_cmd
 #define SSL_CONF_cmd_value_type         wolfSSL_CONF_cmd_value_type
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#define SSL_OP_LEGACY_SERVER_CONNECT    0
+
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
 #ifdef WOLFSSL_QUIC
@@ -1696,11 +1848,19 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
  * SSL_CIPHER_get_id(cipher)
  * used by QUIC implementations, such as HAProxy
  */
-#define TLS1_3_CK_AES_128_GCM_SHA256       0x1301
-#define TLS1_3_CK_AES_256_GCM_SHA384       0x1302
-#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
-#define TLS1_3_CK_AES_128_CCM_SHA256       0x1304
-#define TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+#define WOLF_TLS1_3_CK_AES_128_GCM_SHA256       0x1301
+#define WOLF_TLS1_3_CK_AES_256_GCM_SHA384       0x1302
+#define WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
+#define WOLF_TLS1_3_CK_AES_128_CCM_SHA256       0x1304
+#define WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+
+#ifndef OPENSSL_COEXIST
+
+#define TLS1_3_CK_AES_128_GCM_SHA256        WOLF_TLS1_3_CK_AES_128_GCM_SHA256
+#define TLS1_3_CK_AES_256_GCM_SHA384        WOLF_TLS1_3_CK_AES_256_GCM_SHA384
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256  WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256
+#define TLS1_3_CK_AES_128_CCM_SHA256        WOLF_TLS1_3_CK_AES_128_CCM_SHA256
+#define TLS1_3_CK_AES_128_CCM_8_SHA256      WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256
 
 #define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION   QUIC_TP_MISSING_E
 #define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED               QUIC_WRONG_ENC_LEVEL
@@ -1742,6 +1902,8 @@ typedef WOLFSSL_ENCRYPTION_LEVEL        OSSL_ENCRYPTION_LEVEL;
 int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c);
 */
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* WOLFSSL_QUIC */
 
 
diff --git a/wolfssl/openssl/stack.h b/wolfssl/openssl/stack.h
index cee7cfc92..16f71d3f0 100644
--- a/wolfssl/openssl/stack.h
+++ b/wolfssl/openssl/stack.h
@@ -1,6 +1,6 @@
 /* stack.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/tls1.h b/wolfssl/openssl/tls1.h
index dc4a27c2f..b1992fca2 100644
--- a/wolfssl/openssl/tls1.h
+++ b/wolfssl/openssl/tls1.h
@@ -1,6 +1,6 @@
 /* tls1.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,8 +45,20 @@
 
 #ifdef WOLFSSL_QUIC
 /* from rfc9001 */
-#define TLSEXT_TYPE_quic_transport_parameters_draft   0xffa5
-#define TLSEXT_TYPE_quic_transport_parameters         0x0039
-#endif
+#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters_draft   \
+    TLSXT_KEY_QUIC_TP_PARAMS_DRAFT
+#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters         \
+    TLSXT_KEY_QUIC_TP_PARAMS
+
+#ifndef OPENSSL_COEXIST
+
+#define TLSEXT_TYPE_quic_transport_parameters_draft   \
+    TLSXT_KEY_QUIC_TP_PARAMS_DRAFT
+#define TLSEXT_TYPE_quic_transport_parameters         \
+    TLSXT_KEY_QUIC_TP_PARAMS
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* WOLFSSL_QUIC */
 
 #endif /* WOLFSSL_OPENSSL_TLS1_H_ */
diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h
index 511235b2c..aa05d9299 100644
--- a/wolfssl/openssl/txt_db.h
+++ b/wolfssl/openssl/txt_db.h
@@ -1,6 +1,6 @@
 /* txt_db.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
index a603ce681..e1eb78ecb 100644
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@@ -1,6 +1,6 @@
 /* x509.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,167 +33,195 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#define WOLFSSL_X509_FLAG_COMPAT        (0UL)
+#define WOLFSSL_X509_FLAG_NO_HEADER     (1UL << 0)
+#define WOLFSSL_X509_FLAG_NO_VERSION    (1UL << 1)
+#define WOLFSSL_X509_FLAG_NO_SERIAL     (1UL << 2)
+#define WOLFSSL_X509_FLAG_NO_SIGNAME    (1UL << 3)
+#define WOLFSSL_X509_FLAG_NO_ISSUER     (1UL << 4)
+#define WOLFSSL_X509_FLAG_NO_VALIDITY   (1UL << 5)
+#define WOLFSSL_X509_FLAG_NO_SUBJECT    (1UL << 6)
+#define WOLFSSL_X509_FLAG_NO_PUBKEY     (1UL << 7)
+#define WOLFSSL_X509_FLAG_NO_EXTENSIONS (1UL << 8)
+#define WOLFSSL_X509_FLAG_NO_SIGDUMP    (1UL << 9)
+#define WOLFSSL_X509_FLAG_NO_AUX        (1UL << 10)
+#define WOLFSSL_X509_FLAG_NO_ATTRIBUTES (1UL << 11)
+#define WOLFSSL_X509_FLAG_NO_IDS        (1UL << 12)
+
+#define WOLFSSL_XN_FLAG_FN_SN           0
+#define WOLFSSL_XN_FLAG_COMPAT          0
+#define WOLFSSL_XN_FLAG_RFC2253         1
+#define WOLFSSL_XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
+#define WOLFSSL_XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
+#define WOLFSSL_XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
+#define WOLFSSL_XN_FLAG_SEP_MULTILINE   (4 << 16)
+#define WOLFSSL_XN_FLAG_SEP_MASK        (0xF << 16)
+#define WOLFSSL_XN_FLAG_DN_REV          (1 << 20)
+#define WOLFSSL_XN_FLAG_FN_LN           (1 << 21)
+#define WOLFSSL_XN_FLAG_FN_OID          (2 << 21)
+#define WOLFSSL_XN_FLAG_FN_NONE         (3 << 21)
+#define WOLFSSL_XN_FLAG_FN_MASK         (3 << 21)
+#define WOLFSSL_XN_FLAG_SPC_EQ          (1 << 23)
+#define WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+#define WOLFSSL_XN_FLAG_FN_ALIGN        (1 << 25)
+
+#define WOLFSSL_XN_FLAG_MULTILINE       0xFFFF
+#define WOLFSSL_XN_FLAG_ONELINE (WOLFSSL_XN_FLAG_SEP_CPLUS_SPC | WOLFSSL_XN_FLAG_SPC_EQ | WOLFSSL_XN_FLAG_FN_SN)
+
+#define WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED              12
+#define WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL            3
+
+#ifndef OPENSSL_COEXIST
+
 /* wolfSSL_X509_print_ex flags */
-#define X509_FLAG_COMPAT        (0UL)
-#define X509_FLAG_NO_HEADER     (1UL << 0)
-#define X509_FLAG_NO_VERSION    (1UL << 1)
-#define X509_FLAG_NO_SERIAL     (1UL << 2)
-#define X509_FLAG_NO_SIGNAME    (1UL << 3)
-#define X509_FLAG_NO_ISSUER     (1UL << 4)
-#define X509_FLAG_NO_VALIDITY   (1UL << 5)
-#define X509_FLAG_NO_SUBJECT    (1UL << 6)
-#define X509_FLAG_NO_PUBKEY     (1UL << 7)
-#define X509_FLAG_NO_EXTENSIONS (1UL << 8)
-#define X509_FLAG_NO_SIGDUMP    (1UL << 9)
-#define X509_FLAG_NO_AUX        (1UL << 10)
-#define X509_FLAG_NO_ATTRIBUTES (1UL << 11)
-#define X509_FLAG_NO_IDS        (1UL << 12)
+#define X509_FLAG_COMPAT         WOLFSSL_X509_FLAG_COMPAT
+#define X509_FLAG_NO_HEADER      WOLFSSL_X509_FLAG_NO_HEADER
+#define X509_FLAG_NO_VERSION     WOLFSSL_X509_FLAG_NO_VERSION
+#define X509_FLAG_NO_SERIAL      WOLFSSL_X509_FLAG_NO_SERIAL
+#define X509_FLAG_NO_SIGNAME     WOLFSSL_X509_FLAG_NO_SIGNAME
+#define X509_FLAG_NO_ISSUER      WOLFSSL_X509_FLAG_NO_ISSUER
+#define X509_FLAG_NO_VALIDITY    WOLFSSL_X509_FLAG_NO_VALIDITY
+#define X509_FLAG_NO_SUBJECT     WOLFSSL_X509_FLAG_NO_SUBJECT
+#define X509_FLAG_NO_PUBKEY      WOLFSSL_X509_FLAG_NO_PUBKEY
+#define X509_FLAG_NO_EXTENSIONS  WOLFSSL_X509_FLAG_NO_EXTENSIONS
+#define X509_FLAG_NO_SIGDUMP     WOLFSSL_X509_FLAG_NO_SIGDUMP
+#define X509_FLAG_NO_AUX         WOLFSSL_X509_FLAG_NO_AUX
+#define X509_FLAG_NO_ATTRIBUTES  WOLFSSL_X509_FLAG_NO_ATTRIBUTES
+#define X509_FLAG_NO_IDS         WOLFSSL_X509_FLAG_NO_IDS
 
-#define XN_FLAG_FN_SN           0
-#define XN_FLAG_ONELINE         0
-#define XN_FLAG_COMPAT          0
-#define XN_FLAG_RFC2253         1
-#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
-#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
-#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
-#define XN_FLAG_SEP_MULTILINE   (4 << 16)
-#define XN_FLAG_SEP_MASK        (0xF << 16)
-#define XN_FLAG_DN_REV          (1 << 20)
-#define XN_FLAG_FN_LN           (1 << 21)
-#define XN_FLAG_FN_OID          (2 << 21)
-#define XN_FLAG_FN_NONE         (3 << 21)
-#define XN_FLAG_FN_MASK         (3 << 21)
-#define XN_FLAG_SPC_EQ          (1 << 23)
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-#define XN_FLAG_FN_ALIGN        (1 << 25)
+#define XN_FLAG_FN_SN            WOLFSSL_XN_FLAG_FN_SN
+#define XN_FLAG_COMPAT           WOLFSSL_XN_FLAG_COMPAT
+#define XN_FLAG_RFC2253          WOLFSSL_XN_FLAG_RFC2253
+#define XN_FLAG_SEP_COMMA_PLUS   WOLFSSL_XN_FLAG_SEP_COMMA_PLUS
+#define XN_FLAG_SEP_CPLUS_SPC    WOLFSSL_XN_FLAG_SEP_CPLUS_SPC
+#define XN_FLAG_SEP_SPLUS_SPC    WOLFSSL_XN_FLAG_SEP_SPLUS_SPC
+#define XN_FLAG_SEP_MULTILINE    WOLFSSL_XN_FLAG_SEP_MULTILINE
+#define XN_FLAG_SEP_MASK         WOLFSSL_XN_FLAG_SEP_MASK
+#define XN_FLAG_DN_REV           WOLFSSL_XN_FLAG_DN_REV
+#define XN_FLAG_FN_LN            WOLFSSL_XN_FLAG_FN_LN
+#define XN_FLAG_FN_OID           WOLFSSL_XN_FLAG_FN_OID
+#define XN_FLAG_FN_NONE          WOLFSSL_XN_FLAG_FN_NONE
+#define XN_FLAG_FN_MASK          WOLFSSL_XN_FLAG_FN_MASK
+#define XN_FLAG_SPC_EQ           WOLFSSL_XN_FLAG_SPC_EQ
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS  WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS
+#define XN_FLAG_FN_ALIGN         WOLFSSL_XN_FLAG_FN_ALIGN
 
-#define XN_FLAG_MULTILINE       0xFFFF
+#define XN_FLAG_MULTILINE        WOLFSSL_XN_FLAG_MULTILINE
+#define XN_FLAG_ONELINE          WOLFSSL_XN_FLAG_ONELINE
+
+#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
+#define X509_V_ERR_CRL_HAS_EXPIRED   WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
+#define X509_V_FLAG_ALLOW_PROXY_CERTS 0
+#define X509_V_FLAG_X509_STRICT       0
 
 /*
- * All of these aren't actually used in wolfSSL. Some are included to
- * satisfy OpenSSL compatibility consumers to prevent compilation errors.
- * The list was taken from
- * https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
- * One requirement for HAProxy is that the values should be literal constants.
+ * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to
+ * satisfy OpenSSL compatibility compilation errors.
+ * For HAProxy the values should be literal constants.
  */
 
-#define X509_V_OK                                       0
-#define X509_V_ERR_UNSPECIFIED                          1
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-#define X509_V_ERR_UNABLE_TO_GET_CRL                    3
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
-#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
-#define X509_V_ERR_CERT_SIGNATURE_FAILURE               7
-#define X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define X509_V_ERR_CERT_NOT_YET_VALID                   9
-#define X509_V_ERR_CERT_HAS_EXPIRED                     10
-#define X509_V_ERR_CRL_NOT_YET_VALID                    11
-#define X509_V_ERR_CRL_HAS_EXPIRED                      12
-#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
-#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
-#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
-#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
-#define X509_V_ERR_OUT_OF_MEM                           17
-#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
-#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
-#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
-#define X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
-#define X509_V_ERR_CERT_REVOKED                         23
-#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY                 24
-#define X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
-#define X509_V_ERR_INVALID_PURPOSE                      26
-#define X509_V_ERR_CERT_UNTRUSTED                       27
-#define X509_V_ERR_CERT_REJECTED                        28
-
-/* These are 'informational' when looking for issuer cert */
-#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
-#define X509_V_ERR_AKID_SKID_MISMATCH                   30
-#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
-#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
-#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
-#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
-#define X509_V_ERR_INVALID_NON_CA                       37
-#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
-#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
-#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-#define X509_V_ERR_INVALID_EXTENSION                    41
-#define X509_V_ERR_INVALID_POLICY_EXTENSION             42
-#define X509_V_ERR_NO_EXPLICIT_POLICY                   43
-#define X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
-#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-#define X509_V_ERR_UNNESTED_RESOURCE                    46
-#define X509_V_ERR_PERMITTED_VIOLATION                  47
-#define X509_V_ERR_EXCLUDED_VIOLATION                   48
-#define X509_V_ERR_SUBTREE_MINMAX                       49
-/* The application is not happy */
-#define X509_V_ERR_APPLICATION_VERIFICATION             50
-#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
-#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
-#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
-#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
-/* Another issuer check debug option */
-#define X509_V_ERR_PATH_LOOP                            55
-/* Suite B mode algorithm violation */
-#define X509_V_ERR_SUITE_B_INVALID_VERSION              56
-#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
-#define X509_V_ERR_SUITE_B_INVALID_CURVE                58
-#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
-#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+#define X509_V_OK                                      0
+#define X509_V_ERR_UNSPECIFIED                         1
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT           2
+#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE    4
+#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE     5
+#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY  6
+#define X509_V_ERR_CERT_SIGNATURE_FAILURE              7
+#define X509_V_ERR_CRL_SIGNATURE_FAILURE               8
+#define X509_V_ERR_CERT_NOT_YET_VALID                  9
+#define X509_V_ERR_CERT_HAS_EXPIRED                    10
+#define X509_V_ERR_CRL_NOT_YET_VALID                   11
+#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD      13
+#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD       14
+#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD      15
+#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD      16
+#define X509_V_ERR_OUT_OF_MEM                          17
+#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT         18
+#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN           19
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY   20
+#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE     21
+#define X509_V_ERR_CERT_CHAIN_TOO_LONG                 22
+#define X509_V_ERR_CERT_REVOKED                        23
+#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY                24
+#define X509_V_ERR_PATH_LENGTH_EXCEEDED                25
+#define X509_V_ERR_INVALID_PURPOSE                     26
+#define X509_V_ERR_CERT_UNTRUSTED                      27
+#define X509_V_ERR_CERT_REJECTED                       28
+#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH             29
+#define X509_V_ERR_AKID_SKID_MISMATCH                  30
+#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH         31
+#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN                32
+#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER            33
+#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION        34
+#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                35
+#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION    36
+#define X509_V_ERR_INVALID_NON_CA                      37
+#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED          38
+#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE       39
+#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED      40
+#define X509_V_ERR_INVALID_EXTENSION                   41
+#define X509_V_ERR_INVALID_POLICY_EXTENSION            42
+#define X509_V_ERR_NO_EXPLICIT_POLICY                  43
+#define X509_V_ERR_DIFFERENT_CRL_SCOPE                 44
+#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE       45
+#define X509_V_ERR_UNNESTED_RESOURCE                   46
+#define X509_V_ERR_PERMITTED_VIOLATION                 47
+#define X509_V_ERR_EXCLUDED_VIOLATION                  48
+#define X509_V_ERR_SUBTREE_MINMAX                      49
+#define X509_V_ERR_APPLICATION_VERIFICATION            50
+#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE         51
+#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX       52
+#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX             53
+#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR           54
+#define X509_V_ERR_PATH_LOOP                           55
+#define X509_V_ERR_SUITE_B_INVALID_VERSION             56
+#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM           57
+#define X509_V_ERR_SUITE_B_INVALID_CURVE               58
+#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
+#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED             60
 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
-/* Host, email and IP check errors */
-#define X509_V_ERR_HOSTNAME_MISMATCH                    62
-#define X509_V_ERR_EMAIL_MISMATCH                       63
-#define X509_V_ERR_IP_ADDRESS_MISMATCH                  64
-/* DANE TLSA errors */
-#define X509_V_ERR_DANE_NO_MATCH                        65
-/* security level errors */
-#define X509_V_ERR_EE_KEY_TOO_SMALL                     66
-#define X509_V_ERR_CA_KEY_TOO_SMALL                     67
-#define X509_V_ERR_CA_MD_TOO_WEAK                       68
-/* Caller error */
-#define X509_V_ERR_INVALID_CALL                         69
-/* Issuer lookup error */
-#define X509_V_ERR_STORE_LOOKUP                         70
-/* Certificate transparency */
-#define X509_V_ERR_NO_VALID_SCTS                        71
-
-#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
-/* OCSP status errors */
-#define X509_V_ERR_OCSP_VERIFY_NEEDED                   73
-#define X509_V_ERR_OCSP_VERIFY_FAILED                   74
-#define X509_V_ERR_OCSP_CERT_UNKNOWN                    75
-
-#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM      76
-#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH         77
-
-/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
-#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY    78
-#define X509_V_ERR_INVALID_CA                           79
-#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA           80
-#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN     81
-#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA  82
-#define X509_V_ERR_ISSUER_NAME_EMPTY                    83
-#define X509_V_ERR_SUBJECT_NAME_EMPTY                   84
-#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER     85
-#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER       86
-#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME               87
-#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL       88
-#define X509_V_ERR_CA_BCONS_NOT_CRITICAL                89
-#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
-#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
-#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
-#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
-#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE               101
+#define X509_V_ERR_HOSTNAME_MISMATCH                   62
+#define X509_V_ERR_EMAIL_MISMATCH                      63
+#define X509_V_ERR_IP_ADDRESS_MISMATCH                 64
+#define X509_V_ERR_DANE_NO_MATCH                       65
+#define X509_V_ERR_EE_KEY_TOO_SMALL                    66
+#define X509_V_ERR_CA_KEY_TOO_SMALL                    67
+#define X509_V_ERR_CA_MD_TOO_WEAK                      68
+#define X509_V_ERR_INVALID_CALL                        69
+#define X509_V_ERR_STORE_LOOKUP                        70
+#define X509_V_ERR_NO_VALID_SCTS                       71
+#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION        72
+#define X509_V_ERR_OCSP_VERIFY_NEEDED                  73
+#define X509_V_ERR_OCSP_VERIFY_FAILED                  74
+#define X509_V_ERR_OCSP_CERT_UNKNOWN                   75
+#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM     76
+#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH        77
+#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY   78
+#define X509_V_ERR_INVALID_CA                          79
+#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA          80
+#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN    81
+#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82
+#define X509_V_ERR_ISSUER_NAME_EMPTY                   83
+#define X509_V_ERR_SUBJECT_NAME_EMPTY                  84
+#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER    85
+#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER      86
+#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME              87
+#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL      88
+#define X509_V_ERR_CA_BCONS_NOT_CRITICAL               89
+#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL   90
+#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL     91
+#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE           92
+#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3        93
+#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS              94
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE              101
+#define X509_R_KEY_VALUES_MISMATCH                     WC_KEY_MISMATCH_E
 
 #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
 #define X509_EXTENSION_set_object   wolfSSL_X509_EXTENSION_set_object
 #define X509_EXTENSION_set_data     wolfSSL_X509_EXTENSION_set_data
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* WOLFSSL_OPENSSL_509_H_ */
diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h
index 025f52678..c26b94d15 100644
--- a/wolfssl/openssl/x509_vfy.h
+++ b/wolfssl/openssl/x509_vfy.h
@@ -1,6 +1,6 @@
 /* x509_vfy.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,10 +33,13 @@
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
     WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose);
+#endif
+#ifdef OPENSSL_EXTRA
     WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
         unsigned long flags);
 #endif
 
+
 #define X509_STORE_CTX_set_purpose  wolfSSL_X509_STORE_CTX_set_purpose
 #define X509_STORE_CTX_set_flags    wolfSSL_X509_STORE_CTX_set_flags
 
diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h
index c9c9ad850..c0ae5cc74 100644
--- a/wolfssl/openssl/x509v3.h
+++ b/wolfssl/openssl/x509v3.h
@@ -1,6 +1,6 @@
 /* x509v3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,91 +36,68 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-#define EXFLAG_KUSAGE  0x2
-#define EXFLAG_XKUSAGE 0x4
+#define WOLFSSL_EXFLAG_KUSAGE  0x2
+#define WOLFSSL_EXFLAG_XKUSAGE 0x4
 
-#define KU_DIGITAL_SIGNATURE    KEYUSE_DIGITAL_SIG
-#define KU_NON_REPUDIATION      KEYUSE_CONTENT_COMMIT
-#define KU_KEY_ENCIPHERMENT     KEYUSE_KEY_ENCIPHER
-#define KU_DATA_ENCIPHERMENT    KEYUSE_DATA_ENCIPHER
-#define KU_KEY_AGREEMENT        KEYUSE_KEY_AGREE
-#define KU_KEY_CERT_SIGN        KEYUSE_KEY_CERT_SIGN
-#define KU_CRL_SIGN             KEYUSE_CRL_SIGN
-#define KU_ENCIPHER_ONLY        KEYUSE_ENCIPHER_ONLY
-#define KU_DECIPHER_ONLY        KEYUSE_DECIPHER_ONLY
+#define WOLFSSL_XKU_SSL_SERVER 0x1
+#define WOLFSSL_XKU_SSL_CLIENT 0x2
+#define WOLFSSL_XKU_SMIME      0x4
+#define WOLFSSL_XKU_CODE_SIGN  0x8
+#define WOLFSSL_XKU_SGC        0x10
+#define WOLFSSL_XKU_OCSP_SIGN  0x20
+#define WOLFSSL_XKU_TIMESTAMP  0x40
+#define WOLFSSL_XKU_DVCS       0x80
+#define WOLFSSL_XKU_ANYEKU     0x100
 
-#define XKU_SSL_SERVER 0x1
-#define XKU_SSL_CLIENT 0x2
-#define XKU_SMIME      0x4
-#define XKU_CODE_SIGN  0x8
-#define XKU_SGC        0x10
-#define XKU_OCSP_SIGN  0x20
-#define XKU_TIMESTAMP  0x40
-#define XKU_DVCS       0x80
-#define XKU_ANYEKU     0x100
-
-#define X509_PURPOSE_SSL_CLIENT       0
-#define X509_PURPOSE_SSL_SERVER       1
-
-#define NS_SSL_CLIENT                 WC_NS_SSL_CLIENT
-#define NS_SSL_SERVER                 WC_NS_SSL_SERVER
-
-/* Forward reference */
+#define WOLFSSL_X509_PURPOSE_SSL_CLIENT       0
+#define WOLFSSL_X509_PURPOSE_SSL_SERVER       1
 
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x0090801fL
-typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef void *(*WOLFSSL_X509V3_EXT_D2I)(void *, const unsigned char **, long);
 #else
-typedef void *(*X509V3_EXT_D2I)(void *, unsigned char **, long);
+typedef void *(*WOLFSSL_X509V3_EXT_D2I)(void *, unsigned char **, long);
 #endif
-typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
+typedef int (*WOLFSSL_X509V3_EXT_I2D) (void *, unsigned char **);
+typedef WOLF_STACK_OF(CONF_VALUE) *(*WOLFSSL_X509V3_EXT_I2V) (
                                 struct WOLFSSL_v3_ext_method *method,
-                                void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
-typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
-                               void *ext, BIO *out, int indent);
-typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
+                                void *ext, WOLF_STACK_OF(CONF_VALUE) *extlist);
+typedef char *(*WOLFSSL_X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
+typedef int (*WOLFSSL_X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
+                               void *ext, WOLFSSL_BIO *out, int indent);
+typedef struct WOLFSSL_v3_ext_method WOLFSSL_X509V3_EXT_METHOD;
 
 struct WOLFSSL_v3_ext_method {
     int ext_nid;
     int ext_flags;
     void *usr_data;
-    X509V3_EXT_D2I d2i;
-    X509V3_EXT_I2D i2d;
-    X509V3_EXT_I2V i2v;
-    X509V3_EXT_I2S i2s;
-    X509V3_EXT_I2R i2r;
+    WOLFSSL_X509V3_EXT_D2I d2i;
+    WOLFSSL_X509V3_EXT_I2D i2d;
+    WOLFSSL_X509V3_EXT_I2V i2v;
+    WOLFSSL_X509V3_EXT_I2S i2s;
+    WOLFSSL_X509V3_EXT_I2R i2r;
 };
 
 struct WOLFSSL_X509_EXTENSION {
     WOLFSSL_ASN1_OBJECT *obj;
     WOLFSSL_ASN1_BOOLEAN crit;
-    ASN1_OCTET_STRING value; /* DER format of extension */
+    WOLFSSL_ASN1_STRING value; /* DER format of extension */
     WOLFSSL_v3_ext_method ext_method;
     WOLFSSL_STACK* ext_sk; /* For extension specific data */
 };
 
 #define WOLFSSL_ASN1_BOOLEAN int
-#define GEN_OTHERNAME   0
-#define GEN_EMAIL       1
-#define GEN_DNS         2
-#define GEN_X400        3
-#define GEN_DIRNAME     4
-#define GEN_EDIPARTY    5
-#define GEN_URI         6
-#define GEN_IPADD       7
-#define GEN_RID         8
-#define GEN_IA5         9
 
-#define GENERAL_NAME       WOLFSSL_GENERAL_NAME
+#define WOLFSSL_GEN_OTHERNAME   0
+#define WOLFSSL_GEN_EMAIL       1
+#define WOLFSSL_GEN_DNS         2
+#define WOLFSSL_GEN_X400        3
+#define WOLFSSL_GEN_DIRNAME     4
+#define WOLFSSL_GEN_EDIPARTY    5
+#define WOLFSSL_GEN_URI         6
+#define WOLFSSL_GEN_IPADD       7
+#define WOLFSSL_GEN_RID         8
+#define WOLFSSL_GEN_IA5         9
 
-#define X509V3_CTX         WOLFSSL_X509V3_CTX
-
-#define CTX_TEST           0x1
-
-typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
-typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
-typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
 typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
 
 WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
@@ -137,22 +114,97 @@ WOLFSSL_API WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
 WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
                                           const WOLFSSL_ASN1_STRING *s);
+WOLFSSL_API int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
 WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
         WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
-WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
-        const char *section, WOLFSSL_X509 *cert);
+WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf,
+        WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert);
 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 
+#ifndef OPENSSL_COEXIST
+
+#define EXFLAG_KUSAGE WOLFSSL_EXFLAG_KUSAGE
+#define EXFLAG_XKUSAGE WOLFSSL_EXFLAG_XKUSAGE
+
+#define KU_DIGITAL_SIGNATURE    KEYUSE_DIGITAL_SIG
+#define KU_NON_REPUDIATION      KEYUSE_CONTENT_COMMIT
+#define KU_KEY_ENCIPHERMENT     KEYUSE_KEY_ENCIPHER
+#define KU_DATA_ENCIPHERMENT    KEYUSE_DATA_ENCIPHER
+#define KU_KEY_AGREEMENT        KEYUSE_KEY_AGREE
+#define KU_KEY_CERT_SIGN        KEYUSE_KEY_CERT_SIGN
+#define KU_CRL_SIGN             KEYUSE_CRL_SIGN
+#define KU_ENCIPHER_ONLY        KEYUSE_ENCIPHER_ONLY
+#define KU_DECIPHER_ONLY        KEYUSE_DECIPHER_ONLY
+
+#define XKU_SSL_SERVER WOLFSSL_XKU_SSL_SERVER
+#define XKU_SSL_CLIENT WOLFSSL_XKU_SSL_CLIENT
+#define XKU_SMIME      WOLFSSL_XKU_SMIME
+#define XKU_CODE_SIGN  WOLFSSL_XKU_CODE_SIGN
+#define XKU_SGC        WOLFSSL_XKU_SGC
+#define XKU_OCSP_SIGN  WOLFSSL_XKU_OCSP_SIGN
+#define XKU_TIMESTAMP  WOLFSSL_XKU_TIMESTAMP
+#define XKU_DVCS       WOLFSSL_XKU_DVCS
+#define XKU_ANYEKU     WOLFSSL_XKU_ANYEKU
+
+#define X509_PURPOSE_SSL_CLIENT       WOLFSSL_X509_PURPOSE_SSL_CLIENT
+#define X509_PURPOSE_SSL_SERVER       WOLFSSL_X509_PURPOSE_SSL_SERVER
+
+#define NS_SSL_CLIENT                 WC_NS_SSL_CLIENT
+#define NS_SSL_SERVER                 WC_NS_SSL_SERVER
+
+/* Forward reference */
+
+#define X509V3_EXT_D2I WOLFSSL_X509V3_EXT_D2I
+#define X509V3_EXT_I2D WOLFSSL_X509V3_EXT_I2D
+#define X509V3_EXT_I2V WOLFSSL_X509V3_EXT_I2V
+#define X509V3_EXT_I2S WOLFSSL_X509V3_EXT_I2S
+#define X509V3_EXT_I2R WOLFSSL_X509V3_EXT_I2R
+typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
+
+#define GEN_OTHERNAME      WOLFSSL_GEN_OTHERNAME
+#define GEN_EMAIL          WOLFSSL_GEN_EMAIL
+#define GEN_DNS            WOLFSSL_GEN_DNS
+#define GEN_X400           WOLFSSL_GEN_X400
+#define GEN_DIRNAME        WOLFSSL_GEN_DIRNAME
+#define GEN_EDIPARTY       WOLFSSL_GEN_EDIPARTY
+#define GEN_URI            WOLFSSL_GEN_URI
+#define GEN_IPADD          WOLFSSL_GEN_IPADD
+#define GEN_RID            WOLFSSL_GEN_RID
+#define GEN_IA5            WOLFSSL_GEN_IA5
+
+#define GENERAL_NAME       WOLFSSL_GENERAL_NAME
+
+#define X509V3_CTX         WOLFSSL_X509V3_CTX
+
+#define CTX_TEST           0x1
+
+typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
+typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
+typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
+
 #define BASIC_CONSTRAINTS_free    wolfSSL_BASIC_CONSTRAINTS_free
 #define AUTHORITY_KEYID_free      wolfSSL_AUTHORITY_KEYID_free
-#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
+#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((x))
 #define ASN1_INTEGER              WOLFSSL_ASN1_INTEGER
 #define ASN1_OCTET_STRING         WOLFSSL_ASN1_STRING
 #define X509V3_EXT_get            wolfSSL_X509V3_EXT_get
 #define X509V3_EXT_d2i            wolfSSL_X509V3_EXT_d2i
 #define X509V3_EXT_add_nconf      wolfSSL_X509V3_EXT_add_nconf
 #ifndef NO_WOLFSSL_STUB
-#define X509V3_parse_list(...)    NULL
+#define X509V3_parse_list(line)   NULL
 #endif
 #define i2s_ASN1_OCTET_STRING     wolfSSL_i2s_ASN1_STRING
 #define a2i_IPADDRESS             wolfSSL_a2i_IPADDRESS
@@ -160,13 +212,15 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 #define X509V3_EXT_conf_nid       wolfSSL_X509V3_EXT_conf_nid
 #define X509V3_set_ctx            wolfSSL_X509V3_set_ctx
 #ifndef NO_WOLFSSL_STUB
-#define X509V3_set_nconf(...)     WC_DO_NOTHING
-#define X509V3_EXT_cleanup(...)   WC_DO_NOTHING
+#define X509V3_set_nconf(ctx, conf) WC_DO_NOTHING
+#define X509V3_EXT_cleanup()      WC_DO_NOTHING
 #endif
 #define X509V3_set_ctx_test(ctx)  wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb       wolfSSL_X509V3_set_ctx_nodb
 #define X509v3_get_ext_count      wolfSSL_sk_num
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef  __cplusplus
diff --git a/wolfssl/options.h.in b/wolfssl/options.h.in
index 5296ed158..f1cb77dcc 100644
--- a/wolfssl/options.h.in
+++ b/wolfssl/options.h.in
@@ -1,6 +1,6 @@
 /* options.h.in
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,7 +22,9 @@
 
 /* default blank options for autoconf */
 
-#ifndef WOLFSSL_OPTIONS_H
+#ifdef WOLFSSL_NO_OPTIONS_H
+/* options.h inhibited by configuration */
+#elif !defined(WOLFSSL_OPTIONS_H)
 #define WOLFSSL_OPTIONS_H
 
 
@@ -37,4 +39,3 @@ extern "C" {
 
 
 #endif /* WOLFSSL_OPTIONS_H */
-
diff --git a/wolfssl/quic.h b/wolfssl/quic.h
index c1462cbae..da8c50a87 100644
--- a/wolfssl/quic.h
+++ b/wolfssl/quic.h
@@ -1,6 +1,6 @@
 /* quic.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,6 +32,8 @@
 
 #ifdef WOLFSSL_QUIC
 
+#include <stdint.h>
+
 /* QUIC operates on three encryption levels which determine
  * which keys/algos are used for de-/encryption. These are
  * kept separately for incoming and outgoing data and.
@@ -288,6 +290,15 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
                       const uint8_t* salt, size_t saltlen,
                       const uint8_t* info, size_t infolen);
 
+/* most common QUIC packet size as of 2022 was 1,200 bytes
+ * largest packet size listed in the RFC is 1,392 bytes
+ * this gives plenty of breathing room for capacity of records but keeps sizes
+ * read from the wire sane */
+#ifndef WOLFSSL_QUIC_MAX_RECORD_CAPACITY
+    /* 1024*1024 -- 1 MB */
+    #define WOLFSSL_QUIC_MAX_RECORD_CAPACITY (1048576)
+#endif
+
 #endif /* WOLFSSL_QUIC */
 
 #ifdef __cplusplus
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 3b5f2373e..929fcdc9d 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -1,6 +1,6 @@
 /* sniffer.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h
index 841241d97..bb574b4b6 100644
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -1,6 +1,6 @@
 /* sniffer_error.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 907b3691b..7260799fe 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,14 +32,23 @@
 /* for users not using preprocessor flags*/
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/version.h>
+#include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/memory.h>
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/pkcs12.h>
+
+#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
+    defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING)) || \
+    defined(WC_ASN_UNKNOWN_EXT_CB)
+#include "wolfssl/wolfcrypt/asn.h"
+#endif
 
 /* For the types */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #include <wolfssl/openssl/compat_types.h>
+#endif
 
 #ifdef HAVE_WOLF_EVENT
     #include <wolfssl/wolfcrypt/wolfevent.h>
@@ -66,8 +75,35 @@
     #undef OCSP_RESPONSE
 #endif
 
+#ifdef OPENSSL_ALL
+    #if !defined(WOLFSSL_HAVE_BIO_ADDR) && !defined(WOLFSSL_NO_SOCK)
+    #define WOLFSSL_HAVE_BIO_ADDR
+    #endif
+    #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU)
+    #define WOLFSSL_DTLS_MTU
+    #endif
+#endif
+
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+    #include <wolfssl/openssl/bn.h>
+    #ifndef WOLFCRYPT_ONLY
+        #include <wolfssl/openssl/hmac.h>
+    #endif
+    #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+        #include <wolfssl/openssl/cmac.h>
+    #endif
+#endif
+
 #ifdef OPENSSL_COEXIST
-    /* mode to allow wolfSSL and OpenSSL to exist together */
+    /* mode to allow wolfSSL and OpenSSL to coexist without symbol conflicts */
+
+    #ifndef NO_OLD_SSL_NAMES
+        #define NO_OLD_SSL_NAMES
+    #endif
+    #ifndef NO_OLD_WC_NAMES
+        #define NO_OLD_WC_NAMES
+    #endif
+
     #ifdef TEST_OPENSSL_COEXIST
         /*
         ./configure --enable-opensslcoexist \
@@ -81,23 +117,86 @@
         #include <openssl/hmac.h>
         #include <openssl/bn.h>
         #include <openssl/crypto.h>
+        #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+            FIPS_VERSION3_GE(5,2,0))
+        #include <openssl/aes.h>
+        #include <openssl/blowfish.h>
+        #include <openssl/camellia.h>
+        #include <openssl/cast.h>
+        #include <openssl/cmac.h>
+        #include <openssl/cms.h>
+        #include <openssl/conf_api.h>
+        #include <openssl/des.h>
+        #include <openssl/dh.h>
+        #include <openssl/dsa.h>
+        #include <openssl/ecdh.h>
+        #include <openssl/ecdsa.h>
+        #include <openssl/engine.h>
+        #include <openssl/hmac.h>
+        #include <openssl/idea.h>
+        #include <openssl/kdf.h>
+        #include <openssl/md2.h>
+        #include <openssl/md4.h>
+        #include <openssl/md5.h>
+        #include <openssl/mdc2.h>
+        #include <openssl/modes.h>
+        #include <openssl/ocsp.h>
+        #include <openssl/ossl_typ.h>
+        #include <openssl/pem2.h>
+        #include <openssl/pem.h>
+        #include <openssl/pkcs12.h>
+        #include <openssl/pkcs7.h>
+        #include <openssl/rand.h>
+        #include <openssl/rc2.h>
+        #include <openssl/rc4.h>
+        #include <openssl/rc5.h>
+        #include <openssl/ripemd.h>
+        #include <openssl/rsa.h>
+        #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(6,0,0)
+            /* clear conflicting name */
+            #undef RSA_PKCS1_PADDING_SIZE
+        #endif
+        #include <openssl/seed.h>
+        #include <openssl/sha.h>
+        #include <openssl/srp.h>
+        #include <openssl/srtp.h>
+        #include <openssl/ssl.h>
+        #include <openssl/store.h>
+        #include <openssl/txt_db.h>
+        #include <openssl/ui.h>
+        #include <openssl/whrlpool.h>
+
+        #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+        #include <openssl/cmp.h>
+        #include <openssl/core_object.h>
+        #include <openssl/decoder.h>
+        #include <openssl/encoder.h>
+        #include <openssl/ess.h>
+        #include <openssl/fipskey.h>
+        #include <openssl/fips_names.h>
+        #if OPENSSL_VERSION_NUMBER >= 0x30200000L
+        #include <openssl/hpke.h>
+        #endif
+        #include <openssl/http.h>
+        #include <openssl/param_build.h>
+        #include <openssl/params.h>
+        #include <openssl/proverr.h>
+        #include <openssl/provider.h>
+        #include <openssl/self_test.h>
+        #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+        #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */
+
     #endif
 
 #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
-    #include <wolfssl/openssl/bn.h>
     #include <wolfssl/openssl/rsa.h>
-    #ifndef WOLFCRYPT_ONLY
-        #include <wolfssl/openssl/hmac.h>
-    #endif
-    #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
-        #include <wolfssl/openssl/cmac.h>
-    #endif
 
     /* We need the old SSL names */
-    #ifdef NO_OLD_SSL_NAMES
+    #if defined(NO_OLD_SSL_NAMES) && !defined(OPENSSL_COEXIST)
         #undef NO_OLD_SSL_NAMES
     #endif
-    #ifdef NO_OLD_WC_NAMES
+    #if defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_COEXIST)
         #undef NO_OLD_WC_NAMES
     #endif
 #endif
@@ -126,19 +225,20 @@ typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
     #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
 #endif
 
-#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_TYPE_DEFINED
+#ifndef WOLFSSL_TYPE_DEFINED
+#define WOLFSSL_TYPE_DEFINED
 typedef struct WOLFSSL          WOLFSSL;
 #endif
 typedef struct WOLFSSL_SESSION  WOLFSSL_SESSION;
 typedef struct WOLFSSL_METHOD   WOLFSSL_METHOD;
-#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
+#ifndef WOLFSSL_CTX_TYPE_DEFINED
+#define WOLFSSL_CTX_TYPE_DEFINED
 typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
 #endif
 
 typedef struct WOLFSSL_STACK      WOLFSSL_STACK;
 typedef struct WOLFSSL_X509       WOLFSSL_X509;
+typedef struct WOLFSSL_X509_ACERT WOLFSSL_X509_ACERT;
 typedef struct WOLFSSL_X509_NAME  WOLFSSL_X509_NAME;
 typedef struct WOLFSSL_X509_NAME_ENTRY  WOLFSSL_X509_NAME_ENTRY;
 typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY;
@@ -152,8 +252,6 @@ typedef struct WOLFSSL_SOCKADDR     WOLFSSL_SOCKADDR;
 typedef struct WOLFSSL_CRL          WOLFSSL_CRL;
 typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX;
 
-typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
-
 typedef struct WOLFSSL_BY_DIR_HASH  WOLFSSL_BY_DIR_HASH;
 typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry;
 typedef struct WOLFSSL_BY_DIR       WOLFSSL_BY_DIR;
@@ -163,10 +261,9 @@ typedef struct WOLFSSL_BY_DIR       WOLFSSL_BY_DIR;
 
 #include <wolfssl/wolfio.h>
 
-
-#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
-#define WOLFSSL_RSA_TYPE_DEFINED
+/* The WOLFSSL_RSA type is required in all build configurations. */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#include <wolfssl/openssl/rsa.h>
 #endif
 
 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
@@ -200,11 +297,13 @@ typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
 typedef struct WOLFSSL_CRL            WOLFSSL_X509_CRL;
 typedef struct WOLFSSL_X509_STORE     WOLFSSL_X509_STORE;
 typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
-typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
 typedef struct WOLFSSL_BIO_METHOD     WOLFSSL_BIO_METHOD;
 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
+#ifndef OPENSSL_COEXIST
+typedef struct WOLFSSL_ASN1_OTHERNAME OTHERNAME;
+#endif
 typedef struct WOLFSSL_X509V3_CTX     WOLFSSL_X509V3_CTX;
 typedef struct WOLFSSL_v3_ext_method  WOLFSSL_v3_ext_method;
 typedef struct WOLFSSL_OBJ_NAME       WOLFSSL_OBJ_NAME;
@@ -228,10 +327,83 @@ typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT;
 
 typedef struct WOLFSSL_CONF_CTX     WOLFSSL_CONF_CTX;
 
+typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *,
+        WOLFSSL_X509_CRL **, WOLFSSL_X509 *);
+typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *,
+        WOLFSSL_X509_CRL *);
+
+#define WOLFSSL_V_ASN1_BIT_STRING                0x03
+#define WOLFSSL_V_ASN1_INTEGER                   0x02
+#define WOLFSSL_V_ASN1_NEG                       0x100
+#define WOLFSSL_V_ASN1_NEG_INTEGER               (2 | WOLFSSL_V_ASN1_NEG)
+#define WOLFSSL_V_ASN1_NEG_ENUMERATED            (10 | WOLFSSL_V_ASN1_NEG)
+
+/* Type for ASN1_print_ex */
+#define WOLFSSL_ASN1_STRFLGS_ESC_2253           1
+#define WOLFSSL_ASN1_STRFLGS_ESC_CTRL           2
+#define WOLFSSL_ASN1_STRFLGS_ESC_MSB            4
+#define WOLFSSL_ASN1_STRFLGS_ESC_QUOTE          8
+#define WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT       0x10
+#define WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE        0x20
+#define WOLFSSL_ASN1_STRFLGS_SHOW_TYPE          0x40
+#define WOLFSSL_ASN1_STRFLGS_DUMP_ALL           0x80
+#define WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+#define WOLFSSL_ASN1_STRFLGS_DUMP_DER           0x200
+#define WOLFSSL_ASN1_STRFLGS_RFC2253            (WOLFSSL_ASN1_STRFLGS_ESC_2253 | \
+                                          WOLFSSL_ASN1_STRFLGS_ESC_CTRL | \
+                                          WOLFSSL_ASN1_STRFLGS_ESC_MSB | \
+                                          WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT | \
+                                          WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                          WOLFSSL_ASN1_STRFLGS_DUMP_DER)
+
+#define WOLFSSL_MBSTRING_UTF8                    0x1000
+#define WOLFSSL_MBSTRING_ASC                     0x1001
+#define WOLFSSL_MBSTRING_BMP                     0x1002
+#define WOLFSSL_MBSTRING_UNIV                    0x1004
+
+#define WOLFSSL_V_ASN1_EOC                      0
+#define WOLFSSL_V_ASN1_BOOLEAN                  1
+#define WOLFSSL_V_ASN1_OCTET_STRING             4
+#define WOLFSSL_V_ASN1_NULL                     5
+#define WOLFSSL_V_ASN1_OBJECT                   6
+#define WOLFSSL_V_ASN1_UTF8STRING               12
+#define WOLFSSL_V_ASN1_SEQUENCE                 16
+#define WOLFSSL_V_ASN1_SET                      17
+#define WOLFSSL_V_ASN1_PRINTABLESTRING          19
+#define WOLFSSL_V_ASN1_T61STRING                20
+#define WOLFSSL_V_ASN1_IA5STRING                22
+#define WOLFSSL_V_ASN1_UTCTIME                  23
+#define WOLFSSL_V_ASN1_GENERALIZEDTIME          24
+#define WOLFSSL_V_ASN1_UNIVERSALSTRING          28
+#define WOLFSSL_V_ASN1_BMPSTRING                30
+
+
+#define WOLFSSL_V_ASN1_CONSTRUCTED              0x20
+
+#define WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT       0x008
+#define WOLFSSL_ASN1_STRING_FLAG_NDEF            0x010
+#define WOLFSSL_ASN1_STRING_FLAG_CONT            0x020
+#define WOLFSSL_ASN1_STRING_FLAG_MSTRING         0x040
+#define WOLFSSL_ASN1_STRING_FLAG_EMBED           0x080
+
+/* X.509 PKI size limits from RFC2459 (appendix A) */
+/* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */
+#define WOLFSSL_ub_name                    CTC_NAME_SIZE /* 32768 */
+#define WOLFSSL_ub_common_name             CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_locality_name           CTC_NAME_SIZE /* 128 */
+#define WOLFSSL_ub_state_name              CTC_NAME_SIZE /* 128 */
+#define WOLFSSL_ub_organization_name       CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_title                   CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_email_address           CTC_NAME_SIZE /* 128 */
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL)
 
 struct WOLFSSL_OBJ_NAME {
     int type;
+    int alias;
+    const char *name;
+    const char *data;
 };
 
 struct WOLFSSL_AUTHORITY_KEYID {
@@ -386,7 +558,7 @@ struct WOLFSSL_EVP_PKEY {
     union {
         char* ptr; /* der format of key */
     } pkey;
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     #ifndef NO_RSA
     WOLFSSL_RSA* rsa;
     #endif
@@ -420,12 +592,82 @@ struct WOLFSSL_EVP_PKEY {
     word16 pkcs8HeaderSz;
 
     /* option bits */
-    byte ownDh:1;  /* if struct owns DH  and should free it */
-    byte ownEcc:1; /* if struct owns ECC and should free it */
-    byte ownDsa:1; /* if struct owns DSA and should free it */
-    byte ownRsa:1; /* if struct owns RSA and should free it */
+    WC_BITFIELD ownDh:1;  /* if struct owns DH  and should free it */
+    WC_BITFIELD ownEcc:1; /* if struct owns ECC and should free it */
+    WC_BITFIELD ownDsa:1; /* if struct owns DSA and should free it */
+    WC_BITFIELD ownRsa:1; /* if struct owns RSA and should free it */
 };
 
+
+#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
+#define WOLFSSL_NO_WILDCARDS         0x2
+#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
+#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
+/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */
+#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40
+
+
+typedef struct WOLFSSL_BUFFER_INFO {
+    unsigned char* buffer;
+    word32 length;
+} WOLFSSL_BUFFER_INFO;
+
+typedef struct WOLFSSL_BUF_MEM {
+    char*  data;   /* dereferenced */
+    size_t length; /* current length */
+    size_t max;    /* maximum length */
+} WOLFSSL_BUF_MEM;
+
+
+typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
+typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
+
+struct WOLFSSL_X509_STORE_CTX {
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
+    WOLFSSL_X509* current_cert;   /* current X509 (OPENSSL_EXTRA) */
+    #if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA)
+    WOLFSSL_X509* current_issuer; /* asio dereference */
+    #endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+    WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLFSSL_STACK* chain;
+    #ifdef OPENSSL_EXTRA
+    WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
+    #endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+    char* domain;                /* subject CN domain name */
+#ifdef HAVE_EX_DATA
+    WOLFSSL_CRYPTO_EX_DATA ex_data;  /* external data */
+#endif
+#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
+    int depth;                   /* used in X509_STORE_CTX_*_depth */
+#endif
+    void* userCtx;               /* user ctx */
+    int   error;                 /* current error */
+    int   error_depth;           /* index of cert depth for this error */
+    int   discardSessionCerts;   /* so verify callback can flag for discard */
+    int   totalCerts;            /* number of peer cert buffers */
+    WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
+    WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
+    void* heap;
+    int   flags;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLF_STACK_OF(WOLFSSL_X509)* owned;  /* Certs owned by this CTX */
+    WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified
+                                                    * on store ctx init */
+    WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override
+                                               * set with
+                                               * X509_STORE_CTX_trusted_stack */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+};
+
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 struct WOLFSSL_X509_PKEY {
     WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */
     void* heap;
@@ -442,7 +684,7 @@ struct WOLFSSL_X509_INFO {
     int               num;
 };
 
-#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
+#define WOLFSSL_EVP_PKEY_DEFAULT WC_EVP_PKEY_RSA /* default key type */
 
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     #define wolfSSL_SSL_MODE_RELEASE_BUFFERS    0x00000010U
@@ -469,7 +711,9 @@ enum BIO_TYPE {
     WOLFSSL_BIO_BIO    = 5,
     WOLFSSL_BIO_FILE   = 6,
     WOLFSSL_BIO_BASE64 = 7,
-    WOLFSSL_BIO_MD     = 8
+    WOLFSSL_BIO_MD     = 8,
+    WOLFSSL_BIO_DGRAM  = 9,
+    WOLFSSL_BIO_NULL   = 10
 };
 
 enum BIO_FLAGS {
@@ -477,7 +721,8 @@ enum BIO_FLAGS {
     WOLFSSL_BIO_FLAG_READ         = 0x02,
     WOLFSSL_BIO_FLAG_WRITE        = 0x04,
     WOLFSSL_BIO_FLAG_IO_SPECIAL   = 0x08,
-    WOLFSSL_BIO_FLAG_RETRY        = 0x10
+    WOLFSSL_BIO_FLAG_RETRY        = 0x10,
+    WOLFSSL_BIO_FLAG_MEM_RDONLY   = 0x200
 };
 
 enum BIO_CB_OPS {
@@ -490,12 +735,6 @@ enum BIO_CB_OPS {
     WOLFSSL_BIO_CB_RETURN = 0x80
 };
 
-typedef struct WOLFSSL_BUF_MEM {
-    char*  data;   /* dereferenced */
-    size_t length; /* current length */
-    size_t max;    /* maximum length */
-} WOLFSSL_BUF_MEM;
-
 /* custom method with user set callbacks */
 typedef int  (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int);
 typedef int  (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int);
@@ -532,38 +771,6 @@ struct WOLFSSL_BIO_METHOD {
 typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg,
                                  int iarg, long larg, long return_value);
 
-struct WOLFSSL_BIO {
-    WOLFSSL_BUF_MEM* mem_buf;
-    WOLFSSL_BIO_METHOD* method;
-    WOLFSSL_BIO* prev;          /* previous in chain */
-    WOLFSSL_BIO* next;          /* next in chain */
-    WOLFSSL_BIO* pair;          /* BIO paired with */
-    void*        heap;          /* user heap hint */
-    void*        ptr;           /* WOLFSSL, file descriptor, MD, or mem buf */
-    void*        usrCtx;        /* user set pointer */
-    char*        ip;            /* IP address for wolfIO_TcpConnect */
-    word16       port;          /* Port for wolfIO_TcpConnect */
-    char*        infoArg;       /* BIO callback argument */
-    wolf_bio_info_cb infoCb;    /* BIO callback */
-    int          wrSz;          /* write buffer size (mem) */
-    int          wrSzReset;     /* First buffer size (mem) - read ONLY data */
-    int          wrIdx;         /* current index for write buffer */
-    int          rdIdx;         /* current read index */
-    int          readRq;        /* read request */
-    int          num;           /* socket num or length */
-    int          eof;           /* eof flag */
-    int          flags;
-    byte         type;          /* method type */
-    byte         init:1;        /* bio has been initialized */
-    byte         shutdown:1;    /* close flag */
-#ifdef HAVE_EX_DATA
-    WOLFSSL_CRYPTO_EX_DATA ex_data;
-#endif
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
-    wolfSSL_Ref  ref;
-#endif
-};
-
 typedef struct WOLFSSL_COMP_METHOD {
     int type;            /* stunnel dereference */
 } WOLFSSL_COMP_METHOD;
@@ -603,6 +810,7 @@ struct WOLFSSL_X509_STORE {
 #endif
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     WOLFSSL_X509_STORE_CTX_verify_cb verify_cb;
+    WOLFSSL_X509_STORE_CTX_get_crl_cb get_crl_cb;
 #endif
 #ifdef HAVE_EX_DATA
     WOLFSSL_CRYPTO_EX_DATA ex_data;
@@ -612,15 +820,16 @@ struct WOLFSSL_X509_STORE {
     WOLFSSL_X509_CRL *crl; /* points to cm->crl */
 #endif
     wolfSSL_Ref     ref;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs;
+    WOLF_STACK_OF(WOLFSSL_X509)* trusted;
+    WOLF_STACK_OF(WOLFSSL_X509)* owned;
+    word32 numAdded; /* Number of objs in objs that are in certs sk */
 };
 
-#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
-#define WOLFSSL_NO_WILDCARDS         0x2
-#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
-
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 #define WOLFSSL_USE_CHECK_TIME 0x2
 #define WOLFSSL_NO_CHECK_TIME  0x200000
+#define WOLFSSL_PARTIAL_CHAIN  0x80000
 #define WOLFSSL_HOST_NAME_MAX  256
 
 #define WOLFSSL_VPARAM_DEFAULT          0x1
@@ -634,25 +843,16 @@ struct WOLFSSL_X509_STORE {
 #endif
 
 struct WOLFSSL_X509_VERIFY_PARAM {
+    const char    *name;
     time_t         check_time;
     unsigned int   inherit_flags;
     unsigned long  flags;
     char           hostName[WOLFSSL_HOST_NAME_MAX];
-    unsigned int  hostFlags;
-    char ipasc[WOLFSSL_MAX_IPSTR];
+    unsigned int   hostFlags;
+    char           ipasc[WOLFSSL_MAX_IPSTR];
 };
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-typedef struct WOLFSSL_ALERT {
-    int code;
-    int level;
-} WOLFSSL_ALERT;
-
-typedef struct WOLFSSL_ALERT_HISTORY {
-    WOLFSSL_ALERT last_rx;
-    WOLFSSL_ALERT last_tx;
-} WOLFSSL_ALERT_HISTORY;
-
 typedef struct WOLFSSL_X509_REVOKED {
     WOLFSSL_ASN1_INTEGER* serialNumber;          /* stunnel dereference */
 } WOLFSSL_X509_REVOKED;
@@ -674,38 +874,6 @@ typedef struct WOLFSSL_X509_OBJECT {
 
 #define WOLFSSL_ASN1_BOOLEAN                int
 
-typedef struct WOLFSSL_BUFFER_INFO {
-    unsigned char* buffer;
-    unsigned int length;
-} WOLFSSL_BUFFER_INFO;
-
-struct WOLFSSL_X509_STORE_CTX {
-    WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
-    WOLFSSL_X509* current_cert;   /* current X509 (OPENSSL_EXTRA) */
-#ifdef WOLFSSL_ASIO
-    WOLFSSL_X509* current_issuer; /* asio dereference */
-#endif
-    WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
-    WOLFSSL_STACK* chain;
-#ifdef OPENSSL_EXTRA
-    WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
-#endif
-    char* domain;                /* subject CN domain name */
-#ifdef HAVE_EX_DATA
-    WOLFSSL_CRYPTO_EX_DATA ex_data;  /* external data */
-#endif
-#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
-    int depth;                   /* used in X509_STORE_CTX_*_depth */
-#endif
-    void* userCtx;               /* user ctx */
-    int   error;                 /* current error */
-    int   error_depth;           /* index of cert depth for this error */
-    int   discardSessionCerts;   /* so verify callback can flag for discard */
-    int   totalCerts;            /* number of peer cert buffers */
-    WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
-    WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
-};
-
 typedef char* WOLFSSL_STRING;
 
 typedef struct WOLFSSL_RAND_METHOD {
@@ -727,6 +895,20 @@ typedef struct WOLFSSL_RAND_METHOD {
     int  (*status)(void);
 } WOLFSSL_RAND_METHOD;
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+
+typedef struct WOLFSSL_ALERT {
+    int code;
+    int level;
+} WOLFSSL_ALERT;
+
+typedef struct WOLFSSL_ALERT_HISTORY {
+    WOLFSSL_ALERT last_rx;
+    WOLFSSL_ALERT last_tx;
+} WOLFSSL_ALERT_HISTORY;
+
+
 /* Valid Alert types from page 16/17
  * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
  */
@@ -784,7 +966,7 @@ enum AlertLevel {
 enum SNICbReturn {
     warning_return = alert_warning,
     fatal_return = alert_fatal,
-    noack_return,
+    noack_return
 };
 
 /* WS_RETURN_CODE macro
@@ -793,9 +975,9 @@ enum SNICbReturn {
  * functions should use this macro to fill this gap. Users who want them
  * to return the same return value as OpenSSL can define
  * WOLFSSL_ERR_CODE_OPENSSL.
- * Give item1 a variable that contains the potentially negative
+ * Give rc a variable that contains the potentially negative
  * wolfSSL-defined return value or the return value itself, and
- * give item2 the openSSL-defined return value.
+ * give fail_rc the openSSL-defined return value.
  * Note that this macro replaces only negative return values with the
  * specified value.
  * Since wolfSSL 4.7.0, the following functions use this macro:
@@ -804,11 +986,15 @@ enum SNICbReturn {
  * - wolfSSL_EVP_PKEY_cmp
  */
 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
-    #define WS_RETURN_CODE(item1,item2) \
-      (((item1) < 0) ? (int)(item2) : (int)(item1))
+    #define WS_RETURN_CODE(rc, fail_rc) \
+      (((rc) < 0) ? (int)(fail_rc) : (int)(rc))
 #else
-    #define WS_RETURN_CODE(item1,item2)  (item1)
+    #define WS_RETURN_CODE(rc, fail_rc)  (rc)
 #endif
+#define WS_RC(rc) \
+    (((rc) == 1) ? 1 : 0)
+#define WC_TO_WS_RC(ret) \
+    (((ret) == 0) ? 1 : (ret))
 
 /* Maximum master key length (SECRET_LEN) */
 #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
@@ -981,6 +1167,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
 #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap);
     WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void);
+#endif
+#if defined(WOLFSSL_EITHER_SIDE) || defined(OPENSSL_EXTRA)
+    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method_ex(void* heap);
+    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method(void);
 #endif
     WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl);
 #endif /* WOLFSSL_DTLS13 */
@@ -994,6 +1184,8 @@ WOLFSSL_API int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx,
 WOLFSSL_API int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
     word32* outputLen);
 
+WOLFSSL_API void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable);
+
 WOLFSSL_API int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
     word32 echConfigs64Len);
 
@@ -1002,6 +1194,8 @@ WOLFSSL_API int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
 
 WOLFSSL_API int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* echConfigs,
     word32* echConfigsLen);
+
+WOLFSSL_API void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable);
 #endif /* WOLFSSL_TLS13 && HAVE_ECH */
 
 #ifdef HAVE_POLY1305
@@ -1056,8 +1250,11 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_certificate_file(
     WOLFSSL_CTX* ctx, const char* file, int format);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(
     WOLFSSL_CTX* ctx, const char* file, int format);
-
-#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_file(
+    WOLFSSL_CTX* ctx, const char* file, int format);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* !NO_FILESYSTEM && !NO_CERTS */
 
 #ifndef NO_CERTS
 #define WOLFSSL_LOAD_FLAG_NONE          0x00000000
@@ -1089,6 +1286,8 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(
     WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(
     WOLFSSL_CTX* ctx, const char* file, const char* path);
+WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat(
+    WOLFSSL_CTX* ctx, const char* file, const char* path);
 #ifndef _WIN32
 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num);
 #endif /* !_WIN32 */
@@ -1127,14 +1326,20 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
 WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method);
 WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx);
 #ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff);
 WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
+WOLFSSL_API int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff);
 WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid);
+WOLFSSL_API int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl,
+        int* nid);
 WOLFSSL_API int  wolfSSL_CTX_set1_sigalgs_list(WOLFSSL_CTX* ctx,
                                                const char* list);
 WOLFSSL_API int  wolfSSL_set1_sigalgs_list(WOLFSSL* ssl, const char* list);
 #endif
 WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx);
-WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(const WOLFSSL* ssl);
 WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx);
 WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm);
@@ -1161,15 +1366,35 @@ WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
     int len);
 WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_get_fd(const WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_get_wfd(const WOLFSSL* ssl);
 /* please see note at top of README if you get an error from connect */
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_connect(WOLFSSL* ssl);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_write(
     WOLFSSL* ssl, const void* data, int sz);
+WOLFSSL_API int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz,
+    size_t* wr);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_read(WOLFSSL* ssl, void* data, int sz);
+WOLFSSL_API int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd);
 WOLFSSL_API int  wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_accept(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz);
 WOLFSSL_API int  wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
 WOLFSSL_API int  wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
+
+WOLFSSL_API int  wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
+                                        int count);
+WOLFSSL_API int  wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SUPPORTED_CURVES)
+WOLFSSL_API int  wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
+                                        int count);
+WOLFSSL_API int  wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count);
+
+#ifdef HAVE_ECC
+WOLFSSL_API int  wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list);
+WOLFSSL_API int  wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list);
+#endif
+#endif
+
 #ifdef WOLFSSL_TLS13
 WOLFSSL_API int  wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
     const unsigned char* secret, unsigned int secretSz);
@@ -1187,20 +1412,6 @@ WOLFSSL_API int  wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_request_certificate(WOLFSSL* ssl);
 
 WOLFSSL_API int  wolfSSL_preferred_group(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
-                                        int count);
-WOLFSSL_API int  wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_SUPPORTED_CURVES)
-WOLFSSL_API int  wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
-                                        int count);
-WOLFSSL_API int  wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count);
-
-#ifdef HAVE_ECC
-WOLFSSL_API int  wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list);
-WOLFSSL_API int  wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list);
-#endif
-#endif
 
 WOLFSSL_API int  wolfSSL_connect_TLSv13(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_accept_TLSv13(WOLFSSL* ssl);
@@ -1229,6 +1440,7 @@ WOLFSSL_API unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSIO
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX* ctx);
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL* ssl);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_shutdown(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_SendUserCanceled(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags);
 WOLFSSL_API int  wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags);
 
@@ -1236,7 +1448,6 @@ WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode);
 WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode);
 
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_get_error(WOLFSSL* ssl, int ret);
-WOLFSSL_API int  wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
 
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
 WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t);
@@ -1251,11 +1462,18 @@ WOLFSSL_API int  wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int
 WOLFSSL_API int  wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1,
                      WOLFSSL_BIO** bio2_p, size_t writebuf2);
 
+WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        unsigned char *em, const unsigned char *mHash,
+        const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash,
+        int saltLen);
 WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
                                                   unsigned char *EM,
                                                   const unsigned char *mHash,
                                                   const WOLFSSL_EVP_MD *hashAlg,
                                                   int saltLen);
+WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen);
 WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
                                           const WOLFSSL_EVP_MD *hashAlg,
                                           const unsigned char *EM, int saltLen);
@@ -1271,15 +1489,38 @@ WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
 #endif /* SESSION_INDEX */
 
-#if defined(SESSION_CERTS)
-WOLFSSL_API
-    WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
-#endif /* SESSION_INDEX && SESSION_CERTS */
 
-typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
-typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
+#ifdef OPENSSL_EXTRA
+/* compatibility callback for TLS state */
+typedef void (CallbackInfoState)(const WOLFSSL* ssl, int state, int err);
+#endif
 
+
+/* ----- EX DATA BEGIN ----- */
+WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx);
+WOLFSSL_API int  wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
+
+#ifdef HAVE_EX_DATA
+WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
+WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(
+    const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx);
+WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(
+    WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data);
+
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
+    WOLFSSL_CRYPTO_EX_DATA* ex_data,
+    int idx,
+    void *data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
+    WOLFSSL* ssl,
+    int idx,
+    void* data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+
+#ifdef HAVE_EX_DATA_CRYPTO
 /* class index for wolfSSL_CRYPTO_get_ex_new_index */
 #define WOLF_CRYPTO_EX_INDEX_SSL             0
 #define WOLF_CRYPTO_EX_INDEX_SSL_CTX         1
@@ -1299,8 +1540,6 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
 #define WOLF_CRYPTO_EX_INDEX_DRBG            15
 #define WOLF_CRYPTO_EX_INDEX__COUNT          16
 
-#ifdef HAVE_EX_DATA
-
 /* Helper macro to log that input arguments should not be used */
 #define WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(a1, a2, a3, a4, a5) \
     (void)(a1);                                                  \
@@ -1315,12 +1554,60 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
         }                                                        \
     } while(0)
 
-WOLFSSL_API int  wolfSSL_get_ex_new_index(long argValue, void* arg,
-        WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
-        WOLFSSL_CRYPTO_EX_free* c);
+WOLFSSL_API int wolfSSL_get_ex_new_index(
+    long argValue, void* arg,
+    WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
+    WOLFSSL_CRYPTO_EX_free* c);
+WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(
+    long idx, void* arg,
+    WOLFSSL_CRYPTO_EX_new* new_func,
+    WOLFSSL_CRYPTO_EX_dup* dup_func,
+    WOLFSSL_CRYPTO_EX_free* free_func);
+WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(
+    int class_index, long argl, void *argp,
+    WOLFSSL_CRYPTO_EX_new* new_func,
+    WOLFSSL_CRYPTO_EX_dup* dup_func,
+    WOLFSSL_CRYPTO_EX_free* free_func);
+WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
+        WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
+        WOLFSSL_CRYPTO_EX_free* free_func);
+#endif /* HAVE_EX_DATA_CRYPTO */
+#endif /* HAVE_EX_DATA */
 
+/* Exposed EX data API's, guarded internally by HAVE_EX_DATA */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
+WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
+    void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
+    WOLFSSL_X509 *x509,
+    int idx,
+    void *data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
 #endif
 
+#ifdef HAVE_EX_DATA_CRYPTO
+WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
+    WOLFSSL_CRYPTO_EX_new* new_func,
+    WOLFSSL_CRYPTO_EX_dup* dup_func,
+    WOLFSSL_CRYPTO_EX_free* free_func);
+#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx);
+WOLFSSL_API int   wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
+    WOLFSSL_CTX* ctx,
+    int idx,
+    void* data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+#endif /* OPENSSL_EXTRA */
+/* ----- EX DATA END ----- */
+
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode,
                                       VerifyCallback verify_callback);
 
@@ -1354,8 +1641,17 @@ WOLFSSL_ABI WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx
 #ifdef HAVE_SECRET_CALLBACK
 typedef int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz,
                                void* ctx);
-WOLFSSL_API int  wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb,
-                                               void*);
+/* This callback is used to set the master secret during resumption */
+WOLFSSL_API int  wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb,
+                                               void* ctx);
+typedef int (*TicketParseCb)(WOLFSSL *ssl, const unsigned char *data,
+                                            int len, void *ctx);
+WOLFSSL_API int wolfSSL_set_session_ticket_ext_cb(WOLFSSL* ssl,
+        TicketParseCb cb, void *ctx);
+typedef int (*TlsSecretCb)(WOLFSSL* ssl, void* secret, int secretSz,
+                               void* ctx);
+/* This callback is used to log the secret for TLS <= 1.2 */
+WOLFSSL_API int wolfSSL_set_secret_cb(WOLFSSL* ssl, TlsSecretCb cb, void* ctx);
 #ifdef WOLFSSL_TLS13
 typedef int (*Tls13SecretCb)(WOLFSSL* ssl, int id, const unsigned char* secret,
                              int secretSz, void* ctx);
@@ -1449,13 +1745,29 @@ WOLFSSL_API int  wolfSSL_dtls(WOLFSSL* ssl);
 WOLFSSL_API void* wolfSSL_dtls_create_peer(int port, char* ip);
 WOLFSSL_API int   wolfSSL_dtls_free_peer(void* addr);
 
-WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
-WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
+WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer,
+                                       unsigned int peerSz);
+WOLFSSL_API int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
+                                              unsigned int peerSz);
+WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer,
+                                       unsigned int* peerSz);
+WOLFSSL_API int  wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                                        unsigned int* peerSz);
 
+WOLFSSL_API byte wolfSSL_is_stateful(WOLFSSL* ssl);
+
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
 WOLFSSL_API int  wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx);
 WOLFSSL_API int  wolfSSL_dtls_set_sctp(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short);
-WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short);
+#endif
+#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
+                                                           defined(WOLFSSL_DTLS)
+WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short mtu);
+WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short mtu);
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+WOLFSSL_API int  wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu);
+#endif
+#endif
 
 #ifdef WOLFSSL_SRTP
 
@@ -1522,7 +1834,9 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long e);
 WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e);
 WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e);
 
-/* extras */
+/* -------- EXTRAS BEGIN -------- */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
 
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
 WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
@@ -1532,16 +1846,13 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* sk);
 WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
 WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
-
-#if defined(HAVE_OCSP) || defined(HAVE_CRL)
-#include "wolfssl/wolfcrypt/asn.h"
-#endif
+WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx);
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
 WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push(
                                        WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
                                        WOLFSSL_ACCESS_DESCRIPTION* a);
-#endif /* defined(OPENSSL_ALL) || OPENSSL_EXTRA || defined(WOLFSSL_QT) */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_QT */
 
 typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
 typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS;
@@ -1616,6 +1927,8 @@ WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a);
 WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
         WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
         void (*f) (WOLFSSL_X509_EXTENSION*));
+WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(
+        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
@@ -1633,55 +1946,8 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_ST
 WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
-                            WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
-WOLFSSL_API int  wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
-    WOLFSSL* ssl,
-    int idx,
-    void* data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
-WOLFSSL_API int  wolfSSL_get_shutdown(const WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_set_rfd(WOLFSSL* ssl, int rfd);
-WOLFSSL_API int  wolfSSL_set_wfd(WOLFSSL* ssl, int wfd);
-WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt);
-WOLFSSL_API int  wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
-                                           unsigned int len);
-WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl);
-WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_session_reused(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap);
-WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
-WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx,
-                                        WOLFSSL_SESSION* session);
-WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
-                                        const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int  wolfSSL_is_init_finished(const WOLFSSL* ssl);
+                      const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
 
-WOLFSSL_API const char*  wolfSSL_get_version(const WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
-WOLFSSL_API WOLFSSL_CIPHER*  wolfSSL_get_current_cipher(WOLFSSL* ssl);
-WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len);
-WOLFSSL_API const char*  wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API const char*  wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API word32       wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
-WOLFSSL_API const char*  wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session);
-WOLFSSL_API const char*  wolfSSL_get_cipher(WOLFSSL* ssl);
-WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
 WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
@@ -1690,8 +1956,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)*
         wolfSSL_X509_chain_up_ref(WOLF_STACK_OF(WOLFSSL_X509)* chain);
 #endif
 
-WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
-                                     char** path, int* ssl);
+WOLFSSL_API int wolfSSL_OCSP_parse_url(const char* url, char** host,
+        char** port, char** path, int* ssl);
 
 #ifndef NO_BIO
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -1726,6 +1992,7 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
 WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size);
 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
 WOLFSSL_API WOLFSSL_BIO*        wolfSSL_BIO_new_socket(int sfd, int flag);
+WOLFSSL_API WOLFSSL_BIO*        wolfSSL_BIO_new_dgram(int fd, int closeF);
 WOLFSSL_API int         wolfSSL_BIO_eof(WOLFSSL_BIO* b);
 
 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
@@ -1774,6 +2041,8 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
 #endif
 WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
+WOLFSSL_API void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd);
+WOLFSSL_API void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr);
 WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b);
 
 #ifndef NO_FILESYSTEM
@@ -1783,6 +2052,8 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
 
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void);
 
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port);
@@ -1806,6 +2077,10 @@ WOLFSSL_API int  wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b);
 WOLFSSL_API int  wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
 WOLFSSL_API int  wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
 WOLFSSL_API int  wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
+#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS)
+WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio);
+WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio);
+#endif
 WOLFSSL_API int  wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
 
 WOLFSSL_API int  wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
@@ -1818,7 +2093,14 @@ WOLFSSL_API int wolfSSL_BIO_set_mem_buf(WOLFSSL_BIO* bio, WOLFSSL_BUF_MEM* bufMe
                                         int closeFlag);
 #endif
 WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio);
-#endif
+
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void);
+WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr);
+WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr);
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
+#endif /* !NO_BIO */
 
 WOLFSSL_API void        wolfSSL_RAND_screen(void);
 WOLFSSL_API const char* wolfSSL_RAND_file_name(char* fname, unsigned long len);
@@ -1830,9 +2112,14 @@ WOLFSSL_API void        wolfSSL_RAND_Cleanup(void);
 WOLFSSL_API void        wolfSSL_RAND_add(const void* add, int len, double entropy);
 WOLFSSL_API int         wolfSSL_RAND_poll(void);
 
+#ifndef NO_WOLFSSL_STUB
 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
 WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
 WOLFSSL_API int wolfSSL_COMP_add_compression_method(int method, void* data);
+WOLFSSL_API const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp);
+WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl);
+WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl);
+#endif /* !NO_WOLFSSL_STUB */
 
 WOLFSSL_API unsigned long wolfSSL_thread_id(void);
 WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
@@ -1857,6 +2144,10 @@ WOLFSSL_API void  wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *c
                                   WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
 WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
                                  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
+WOLFSSL_API void wolfSSL_X509_STORE_set_get_crl(WOLFSSL_X509_STORE *st,
+                            WOLFSSL_X509_STORE_CTX_get_crl_cb get_cb);
+WOLFSSL_API void wolfSSL_X509_STORE_set_check_crl(WOLFSSL_X509_STORE *st,
+        WOLFSSL_X509_STORE_CTX_check_crl_cb check_crl);
 WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
                                                            unsigned char** out);
 WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name,
@@ -1883,22 +2174,15 @@ WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psi
         const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
 WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
-WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name,
-                                                                    char* in, int sz);
 WOLFSSL_API unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name);
 #if defined(OPENSSL_EXTRA) && defined(XSNPRINTF)
 WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz);
 #endif
-WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
-                                                                 WOLFSSL_X509* cert);
 WOLFSSL_API unsigned long  wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
-WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
-                                                                 WOLFSSL_X509* cert);
 WOLFSSL_API unsigned long  wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
 WOLFSSL_API int  wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid);
 WOLFSSL_API int  wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid);
 WOLFSSL_API int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit);
-WOLFSSL_API int  wolfSSL_X509_get_isCA(WOLFSSL_X509* x509);
 WOLFSSL_API int  wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509);
 WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509);
 WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509);
@@ -1906,6 +2190,8 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
                                             WOLFSSL_X509* x509, unsigned char* dst, int* dstLen);
 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
                                             WOLFSSL_X509* x509, unsigned char* dst, int* dstLen);
+WOLFSSL_API const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
+        WOLFSSL_X509 *x509);
 
 WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
 #ifdef WOLFSSL_CERT_REQ
@@ -1918,8 +2204,12 @@ WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509* cert,
 WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509* cert, WOLFSSL_EVP_PKEY* pkey);
 WOLFSSL_API int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509,
         const WOLFSSL_ASN1_TIME* t);
+WOLFSSL_API int wolfSSL_X509_set1_notAfter(WOLFSSL_X509* x509,
+        const WOLFSSL_ASN1_TIME *t);
 WOLFSSL_API int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509,
         const WOLFSSL_ASN1_TIME* t);
+WOLFSSL_API int wolfSSL_X509_set1_notBefore(WOLFSSL_X509* x509,
+        const WOLFSSL_ASN1_TIME *t);
 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509);
 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
@@ -1950,16 +2240,11 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
 WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn);
 WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data(
                                             const WOLFSSL_ASN1_STRING* asn);
-WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn);
+WOLFSSL_API int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn);
 WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
                                                 const WOLFSSL_ASN1_STRING* src);
 WOLFSSL_API int         wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long err);
-WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509);
-WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz);
-WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509, unsigned char* buf,
-        int* bufSz);
-WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509);
 
 WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup,const char* dir,long type);
 WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, const char* file,
@@ -1976,6 +2261,10 @@ WOLFSSL_API void         wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store);
 WOLFSSL_API int          wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store);
 WOLFSSL_API int          wolfSSL_X509_STORE_add_cert(
                                               WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509);
+WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
+        const WOLFSSL_X509_STORE *ctx);
+WOLFSSL_API int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
+        WOLFSSL_X509_VERIFY_PARAM *param);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
                                                    WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
@@ -1984,13 +2273,12 @@ WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
                                                    WOLFSSL_X509_STORE_CTX *ctx);
 WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
                                                             unsigned long flag);
-WOLFSSL_API int          wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store);
-WOLFSSL_API int          wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx,
-                                   int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj);
-WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
+WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx,
+                    int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj);
+WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param(
+        WOLFSSL_X509_STORE_CTX *ctx);
 WOLFSSL_API int  wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
                       WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
         WOLF_STACK_OF(WOLFSSL_X509) *sk);
@@ -2005,11 +2293,15 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
         WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
 WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
         WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen);
+WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key,
+        unsigned char** pp);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
                                          WOLFSSL_EVP_PKEY** out);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
         const unsigned char** in, long inSz);
 WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
+WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
+                                        unsigned char** der);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey,
         const unsigned char ** in, long inSz);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
@@ -2062,6 +2354,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip(
        WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen);
 WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
                                     const WOLFSSL_X509_VERIFY_PARAM* from);
+WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
+                                                             const char *name);
+WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
+                                         const WOLFSSL_X509_VERIFY_PARAM *from);
 WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                               const char *file, int type);
 WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
@@ -2081,7 +2377,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(
                                                const unsigned char** in,
                                                long inSz);
 WOLFSSL_API int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a,
-                                         unsigned char** out);
+                                         unsigned char** pp);
 
 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime);
 
@@ -2127,10 +2423,10 @@ WOLFSSL_API int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl,
         const byte** suites, word16* suiteSz,
         const byte** hashSigAlgo, word16* hashSigAlgoSz);
 typedef struct WOLFSSL_CIPHERSUITE_INFO {
-    byte rsaAuth:1;
-    byte eccAuth:1;
-    byte eccStatic:1;
-    byte psk:1;
+    WC_BITFIELD rsaAuth:1;
+    WC_BITFIELD eccAuth:1;
+    WC_BITFIELD eccStatic:1;
+    WC_BITFIELD psk:1;
 } WOLFSSL_CIPHERSUITE_INFO;
 WOLFSSL_API WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
         byte second);
@@ -2173,14 +2469,6 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
                                            WOLFSSL_X509_STORE_CTX* ctx, int er);
 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
                                                                      int depth);
-WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx);
-
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
-                                                          void* userdata);
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
-                                                   wc_pem_password_cb* cb);
-WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx);
-WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
 
 WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
                           void (*f)(const WOLFSSL* ssl, int type, int val));
@@ -2239,13 +2527,7 @@ WOLFSSL_API int  wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
 
 WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
 
-WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
-WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
 WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s,  long op);
-WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
-WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
-WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
-WOLFSSL_API int  wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
 WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
 WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
@@ -2264,6 +2546,187 @@ WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void);
 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
 WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
 
+WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    /* Errors used in wolfSSL. utilize the values from the defines in
+     * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix.
+     */
+enum {
+    WOLFSSL_X509_V_OK                                    = 0,
+    WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE            = 7,
+    WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID                = 9,
+    WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED                  = 10,
+    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 13,
+    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 14,
+    WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 18,
+    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20,
+    WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 21,
+    WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG               = 22,
+    WOLFSSL_X509_V_ERR_CERT_REVOKED                      = 23,
+    WOLFSSL_X509_V_ERR_INVALID_CA                        = 24,
+    WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED              = 25,
+    WOLFSSL_X509_V_ERR_CERT_REJECTED                     = 28,
+    WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
+
+#ifdef HAVE_OCSP
+    /* OCSP Flags */
+    WOLFSSL_OCSP_NOCERTS     = 1,
+    WOLFSSL_OCSP_NOINTERN    = 2,
+    WOLFSSL_OCSP_NOSIGS      = 4,
+    WOLFSSL_OCSP_NOCHAIN     = 8,
+    WOLFSSL_OCSP_NOVERIFY    = 16,
+    WOLFSSL_OCSP_NOEXPLICIT  = 32,
+    WOLFSSL_OCSP_NOCASIGN    = 64,
+    WOLFSSL_OCSP_NODELEGATED = 128,
+    WOLFSSL_OCSP_NOCHECKS    = 256,
+    WOLFSSL_OCSP_TRUSTOTHER  = 512,
+    WOLFSSL_OCSP_RESPID_KEY  = 1024,
+    WOLFSSL_OCSP_NOTIME      = 2048,
+#endif
+
+    WOLFSSL_ST_CONNECT = 0x1000,
+    WOLFSSL_ST_ACCEPT  = 0x2000,
+    WOLFSSL_ST_MASK    = 0x0FFF,
+
+    WOLFSSL_CB_LOOP = 0x01,
+    WOLFSSL_CB_EXIT = 0x02,
+    WOLFSSL_CB_READ = 0x04,
+    WOLFSSL_CB_WRITE = 0x08,
+    WOLFSSL_CB_HANDSHAKE_START = 0x10,
+    WOLFSSL_CB_HANDSHAKE_DONE = 0x20,
+    WOLFSSL_CB_ALERT = 0x4000,
+    WOLFSSL_CB_READ_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_READ),
+    WOLFSSL_CB_WRITE_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_WRITE),
+    WOLFSSL_CB_ACCEPT_LOOP = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_LOOP),
+    WOLFSSL_CB_ACCEPT_EXIT = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_EXIT),
+    WOLFSSL_CB_CONNECT_LOOP = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_LOOP),
+    WOLFSSL_CB_CONNECT_EXIT = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_EXIT),
+    WOLFSSL_CB_MODE_READ = 1,
+    WOLFSSL_CB_MODE_WRITE = 2,
+
+    WOLFSSL_MODE_ENABLE_PARTIAL_WRITE = 2,
+    WOLFSSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE}
+                              * to the user. This is set by default with
+                              * OPENWOLFSSL_COMPATIBLE_DEFAULTS. The macro
+                              * WOLFWOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to
+                              * limit the possibility of an infinite retry loop
+                              */
+    WOLFSSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
+
+    WOLFSSL_CRYPTO_LOCK = 1,
+    WOLFSSL_CRYPTO_NUM_LOCKS = 10
+};
+
+#define WOLFSSL_NOTHING 1
+#define WOLFSSL_WRITING 2
+#define WOLFSSL_READING 3
+#define WOLFSSL_MAX_SSL_SESSION_ID_LENGTH 32  /* = ID_LEN */
+
+#ifndef OPENSSL_COEXIST
+
+/* for compatibility these must be macros */
+
+#define SSL_OP_MICROSOFT_SESS_ID_BUG            WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG           WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG      WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER       WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING           WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG         WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG
+#define SSL_OP_TLS_D5_BUG                       WOLFSSL_OP_TLS_D5_BUG
+#define SSL_OP_TLS_BLOCK_PADDING_BUG            WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
+#define SSL_OP_TLS_ROLLBACK_BUG                 WOLFSSL_OP_TLS_ROLLBACK_BUG
+#define SSL_OP_EPHEMERAL_RSA                    WOLFSSL_OP_EPHEMERAL_RSA
+#define SSL_OP_PKCS1_CHECK_1                    WOLFSSL_OP_PKCS1_CHECK_1
+#define SSL_OP_PKCS1_CHECK_2                    WOLFSSL_OP_PKCS1_CHECK_2
+#define SSL_OP_NETSCAPE_CA_DN_BUG               WOLFSSL_OP_NETSCAPE_CA_DN_BUG
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS      WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+#define SSL_OP_NO_QUERY_MTU                     WOLFSSL_OP_NO_QUERY_MTU
+#define SSL_OP_COOKIE_EXCHANGE                  WOLFSSL_OP_COOKIE_EXCHANGE
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \
+                                                WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+#define SSL_OP_ALL                              WOLFSSL_OP_ALL
+
+#define SSL_OP_NO_SSLv2       WOLFSSL_OP_NO_SSLv2
+#define SSL_OP_NO_SSLv3       WOLFSSL_OP_NO_SSLv3
+#define SSL_OP_NO_TLSv1       WOLFSSL_OP_NO_TLSv1
+#define SSL_OP_NO_TLSv1_1     WOLFSSL_OP_NO_TLSv1_1
+#define SSL_OP_NO_TLSv1_2     WOLFSSL_OP_NO_TLSv1_2
+#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION
+
+/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */
+#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD))
+#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3
+#endif
+
+#ifdef HAVE_SESSION_TICKET
+#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET
+#endif
+
+#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
+    SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
+
+
+#define SSL_NOTHING  WOLFSSL_NOTHING
+#define SSL_WRITING  WOLFSSL_WRITING
+#define SSL_READING  WOLFSSL_READING
+#define SSL_MAX_SSL_SESSION_ID_LENGTH  WOLFSSL_MAX_SSL_SESSION_ID_LENGTH
+#define SSL_MAX_SID_CTX_LENGTH  WOLFSSL_MAX_SSL_SESSION_ID_LENGTH
+
+#ifdef HAVE_OCSP
+    /* OCSP Flags */
+#define OCSP_NOCERTS WOLFSSL_OCSP_NOCERTS
+#define OCSP_NOINTERN WOLFSSL_OCSP_NOINTERN
+#define OCSP_NOSIGS WOLFSSL_OCSP_NOSIGS
+#define OCSP_NOCHAIN WOLFSSL_OCSP_NOCHAIN
+#define OCSP_NOVERIFY WOLFSSL_OCSP_NOVERIFY
+#define OCSP_NOEXPLICIT WOLFSSL_OCSP_NOEXPLICIT
+#define OCSP_NOCASIGN WOLFSSL_OCSP_NOCASIGN
+#define OCSP_NODELEGATED WOLFSSL_OCSP_NODELEGATED
+#define OCSP_NOCHECKS WOLFSSL_OCSP_NOCHECKS
+#define OCSP_TRUSTOTHER WOLFSSL_OCSP_TRUSTOTHER
+#define OCSP_RESPID_KEY WOLFSSL_OCSP_RESPID_KEY
+#define OCSP_NOTIME WOLFSSL_OCSP_NOTIME
+#endif
+
+#define SSL_ST_CONNECT WOLFSSL_ST_CONNECT
+#define SSL_ST_ACCEPT WOLFSSL_ST_ACCEPT
+#define SSL_ST_MASK WOLFSSL_ST_MASK
+
+#define SSL_CB_LOOP WOLFSSL_CB_LOOP
+#define SSL_CB_EXIT WOLFSSL_CB_EXIT
+#define SSL_CB_READ WOLFSSL_CB_READ
+#define SSL_CB_WRITE WOLFSSL_CB_WRITE
+#define SSL_CB_HANDSHAKE_START WOLFSSL_CB_HANDSHAKE_START
+#define SSL_CB_HANDSHAKE_DONE WOLFSSL_CB_HANDSHAKE_DONE
+#define SSL_CB_ALERT WOLFSSL_CB_ALERT
+#define SSL_CB_READ_ALERT WOLFSSL_CB_READ_ALERT
+#define SSL_CB_WRITE_ALERT WOLFSSL_CB_WRITE_ALERT
+#define SSL_CB_ACCEPT_LOOP WOLFSSL_CB_ACCEPT_LOOP
+#define SSL_CB_ACCEPT_EXIT WOLFSSL_CB_ACCEPT_EXIT
+#define SSL_CB_CONNECT_LOOP WOLFSSL_CB_CONNECT_LOOP
+#define SSL_CB_CONNECT_EXIT WOLFSSL_CB_CONNECT_EXIT
+#define SSL_CB_MODE_READ WOLFSSL_CB_MODE_READ
+#define SSL_CB_MODE_WRITE WOLFSSL_CB_MODE_WRITE
+
+#define SSL_MODE_ENABLE_PARTIAL_WRITE WOLFSSL_MODE_ENABLE_PARTIAL_WRITE
+#define SSL_MODE_AUTO_RETRY WOLFSSL_MODE_AUTO_RETRY
+#define SSL_MODE_RELEASE_BUFFERS WOLFSSL_MODE_RELEASE_BUFFERS
+
+#define CRYPTO_LOCK WOLFSSL_CRYPTO_LOCK
+#define CRYPTO_NUM_LOCKS WOLFSSL_CRYPTO_NUM_LOCKS
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
+/* -------- EXTRAS END -------- */
+
+
 #define WOLFSSL_DEFAULT_CIPHER_LIST ""   /* default all */
 
 /* These are bit-masks */
@@ -2273,7 +2736,7 @@ enum {
     WOLFSSL_OCSP_CHECKALL     = 4,
 
     WOLFSSL_CRL_CHECKALL = 1,
-    WOLFSSL_CRL_CHECK    = 2,
+    WOLFSSL_CRL_CHECK    = 2
 };
 
 /* Separated out from other enums because of size */
@@ -2320,138 +2783,79 @@ enum {
                   | WOLFSSL_OP_TLS_D5_BUG
                   | WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
                   | WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-                  | WOLFSSL_OP_TLS_ROLLBACK_BUG),
+                  | WOLFSSL_OP_TLS_ROLLBACK_BUG)
 };
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
-/* for compatibility these must be macros */
+WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
+                                                          void* userdata);
+WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
+                                                   wc_pem_password_cb* cb);
+WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx);
+WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
 
-#define SSL_OP_MICROSOFT_SESS_ID_BUG            WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG           WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG      WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER       WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING           WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG         WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG
-#define SSL_OP_TLS_D5_BUG                       WOLFSSL_OP_TLS_D5_BUG
-#define SSL_OP_TLS_BLOCK_PADDING_BUG            WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
-#define SSL_OP_TLS_ROLLBACK_BUG                 WOLFSSL_OP_TLS_ROLLBACK_BUG
-#define SSL_OP_EPHEMERAL_RSA                    WOLFSSL_OP_EPHEMERAL_RSA
-#define SSL_OP_PKCS1_CHECK_1                    WOLFSSL_OP_PKCS1_CHECK_1
-#define SSL_OP_PKCS1_CHECK_2                    WOLFSSL_OP_PKCS1_CHECK_2
-#define SSL_OP_NETSCAPE_CA_DN_BUG               WOLFSSL_OP_NETSCAPE_CA_DN_BUG
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS      WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-#define SSL_OP_NO_QUERY_MTU                     WOLFSSL_OP_NO_QUERY_MTU
-#define SSL_OP_COOKIE_EXCHANGE                  WOLFSSL_OP_COOKIE_EXCHANGE
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \
-                                                WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-#define SSL_OP_ALL                              WOLFSSL_OP_ALL
-
-#define SSL_OP_NO_SSLv2       WOLFSSL_OP_NO_SSLv2
-#define SSL_OP_NO_SSLv3       WOLFSSL_OP_NO_SSLv3
-#define SSL_OP_NO_TLSv1       WOLFSSL_OP_NO_TLSv1
-#define SSL_OP_NO_TLSv1_1     WOLFSSL_OP_NO_TLSv1_1
-#define SSL_OP_NO_TLSv1_2     WOLFSSL_OP_NO_TLSv1_2
-#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION
-
-/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */
-#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD))
-#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3
+WOLFSSL_API int  wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
+WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
+WOLFSSL_API int  wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
+WOLFSSL_API int  wolfSSL_get_shutdown(const WOLFSSL* ssl);
+WOLFSSL_API int  wolfSSL_set_rfd(WOLFSSL* ssl, int rfd);
+WOLFSSL_API int  wolfSSL_set_wfd(WOLFSSL* ssl, int wfd);
+WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt);
+WOLFSSL_API int  wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
+                                           unsigned int len);
+WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl);
+WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl);
+WOLFSSL_API int  wolfSSL_session_reused(WOLFSSL* ssl);
+#ifdef OPENSSL_EXTRA
+/* using unsigned char instead of uint8_t here to avoid stdint include */
+WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length(
+                                                      WOLFSSL_SESSION* session);
 #endif
+WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
 
-#ifdef HAVE_SESSION_TICKET
-#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap);
+WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
+WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx,
+                                        WOLFSSL_SESSION* session);
+WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
+                                        const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int  wolfSSL_is_init_finished(const WOLFSSL* ssl);
+
+WOLFSSL_API const char*  wolfSSL_get_version(const WOLFSSL* ssl);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(
+    WOLFSSL* ssl);
 #endif
+WOLFSSL_API int  wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
+WOLFSSL_API WOLFSSL_CIPHER*  wolfSSL_get_current_cipher(WOLFSSL* ssl);
+WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len);
+WOLFSSL_API const char*  wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API const char*  wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API word32       wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
+WOLFSSL_API const char*  wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session);
+WOLFSSL_API const char*  wolfSSL_get_cipher(WOLFSSL* ssl);
+WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session);
 
-#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
-    SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
+WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
+WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx);
 
+WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
+WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
 
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32  /* = ID_LEN */
-
-enum {
-#ifdef HAVE_OCSP
-    /* OCSP Flags */
-    OCSP_NOCERTS     = 1,
-    OCSP_NOINTERN    = 2,
-    OCSP_NOSIGS      = 4,
-    OCSP_NOCHAIN     = 8,
-    OCSP_NOVERIFY    = 16,
-    OCSP_NOEXPLICIT  = 32,
-    OCSP_NOCASIGN    = 64,
-    OCSP_NODELEGATED = 128,
-    OCSP_NOCHECKS    = 256,
-    OCSP_TRUSTOTHER  = 512,
-    OCSP_RESPID_KEY  = 1024,
-    OCSP_NOTIME      = 2048,
-
-    /* OCSP Types */
-    OCSP_CERTID   = 2,
-    OCSP_REQUEST  = 4,
-    OCSP_RESPONSE = 8,
-    OCSP_BASICRESP = 16,
-#endif
-
-    SSL_ST_CONNECT = 0x1000,
-    SSL_ST_ACCEPT  = 0x2000,
-    SSL_ST_MASK    = 0x0FFF,
-
-    SSL_CB_LOOP = 0x01,
-    SSL_CB_EXIT = 0x02,
-    SSL_CB_READ = 0x04,
-    SSL_CB_WRITE = 0x08,
-    SSL_CB_HANDSHAKE_START = 0x10,
-    SSL_CB_HANDSHAKE_DONE = 0x20,
-    SSL_CB_ALERT = 0x4000,
-    SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
-    SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
-    SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
-    SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
-    SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
-    SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
-    SSL_CB_MODE_READ = 1,
-    SSL_CB_MODE_WRITE = 2,
-
-    SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
-    SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE}
-                              * to the user. This is set by default with
-                              * OPENSSL_COMPATIBLE_DEFAULTS. The macro
-                              * WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to
-                              * limit the possibility of an infinite retry loop
-                              */
-    SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
-    /* Errors used in wolfSSL. utilize the values from the defines in
-     * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix.
-     */
-    WOLFSSL_X509_V_OK                                    = 0,
-    WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE            = 7,
-    WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID                = 9,
-    WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED                  = 10,
-    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 13,
-    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 14,
-    WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 18,
-    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20,
-    WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 21,
-    WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG               = 22,
-    WOLFSSL_X509_V_ERR_CERT_REVOKED                      = 23,
-    WOLFSSL_X509_V_ERR_INVALID_CA                        = 24,
-    WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED              = 25,
-    WOLFSSL_X509_V_ERR_CERT_REJECTED                     = 28,
-    WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
-
-    CRYPTO_LOCK = 1,
-    CRYPTO_NUM_LOCKS = 10,
-
-    ASN1_STRFLGS_ESC_MSB = 4
-};
-#endif
-
-/* extras end */
+WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name,
+                                                                    char* in, int sz);
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 /* wolfSSL extension, provide last error from SSL_get_error
@@ -2468,8 +2872,6 @@ WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str,
                                                 size_t len, void *u), void *u);
 #endif
 #endif
-WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
-
 
 #ifndef NO_OLD_SSL_NAMES
     #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
@@ -2531,7 +2933,20 @@ enum { /* ssl Constants */
     WOLFSSL_FAILURE         =  0,   /* for some functions */
     WOLFSSL_SUCCESS         =  1,
 
-/* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown when the other end
+    #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+            (defined(BUILDING_WOLFSSL) || \
+             defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+        #define WOLFSSL_FAILURE WC_ERR_TRACE(WOLFSSL_FAILURE)
+        #define CONST_NUM_ERR_WOLFSSL_FAILURE 0
+        /* include CONST_NUM_ERR_ variants of the success codes, so that they
+         * can be harmlessly wrapped in WC_NO_ERR_TRACE().
+         */
+        #define CONST_NUM_ERR_WOLFSSL_ERROR_NONE 0
+        #define CONST_NUM_ERR_WOLFSSL_SUCCESS 1
+    #endif
+
+/* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown and
+ * wolfSSL_SendUserCanceled when the other end
  * of the connection has yet to send its close notify alert as part of the
  * bidirectional shutdown. To complete the shutdown, either keep calling
  * wolfSSL_shutdown until it returns WOLFSSL_SUCCESS or call wolfSSL_read until
@@ -2545,16 +2960,6 @@ enum { /* ssl Constants */
     WOLFSSL_SHUTDOWN_NOT_DONE =  2,
 #endif
 
-    WOLFSSL_ALPN_NOT_FOUND  = -9,
-    WOLFSSL_BAD_CERTTYPE    = -8,
-    WOLFSSL_BAD_STAT        = -7,
-    WOLFSSL_BAD_PATH        = -6,
-    WOLFSSL_BAD_FILETYPE    = -5,
-    WOLFSSL_BAD_FILE        = -4,
-    WOLFSSL_NOT_IMPLEMENTED = -3,
-    WOLFSSL_UNKNOWN         = -2,
-    WOLFSSL_FATAL_ERROR     = -1,
-
     WOLFSSL_FILETYPE_ASN1    = CTC_FILETYPE_ASN1,
     WOLFSSL_FILETYPE_PEM     = CTC_FILETYPE_PEM,
     WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */
@@ -2578,22 +2983,49 @@ enum { /* ssl Constants */
             (WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE |
                     WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP),
 
-    WOLFSSL_ERROR_WANT_READ        =  2,
-    WOLFSSL_ERROR_WANT_WRITE       =  3,
-    WOLFSSL_ERROR_WANT_CONNECT     =  7,
-    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
-    WOLFSSL_ERROR_SYSCALL          =  5,
-    WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
-    WOLFSSL_ERROR_ZERO_RETURN      =  6,
-    WOLFSSL_ERROR_SSL              = 85,
+    /* These values match OpenSSL values for corresponding names.*/
+    WOLFSSL_ERROR_SSL              =  1,
 
+    /* Operation did not complete; call this API again.*/
+    WOLFSSL_ERROR_WANT_READ        =  2,
+
+    /* Operation did not complete; call this API again.*/
+    WOLFSSL_ERROR_WANT_WRITE       =  3,
+
+    /* Operation did not complete; callback needs this API to be called again.*/
+    WOLFSSL_ERROR_WANT_X509_LOOKUP =  4,
+
+    /* Some sort of system I/O error happened.*/
+    WOLFSSL_ERROR_SYSCALL          =  5,
+
+    /* The connection has been closed with a closure alert.*/
+    WOLFSSL_ERROR_ZERO_RETURN      =  6,
+
+    /* Underlying protocol connection not started yet, call this API again.*/
+    WOLFSSL_ERROR_WANT_CONNECT     =  7,
+
+    /* Underlying protocol connection not started yet, call this API again.*/
+    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
+
+    /* Close notify alert was sent to the peer.*/
     WOLFSSL_SENT_SHUTDOWN     = 1,
+
+    /* Close notify or fatal error was received from the peer.*/
     WOLFSSL_RECEIVED_SHUTDOWN = 2,
+
+    /* Let library know that write buffer might move to different addresses.*/
     WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
 
+    /* The handshake failed. */
     WOLFSSL_R_SSL_HANDSHAKE_FAILURE           = 101,
+
+    /* The issuer CA certificate is unknown. */
     WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA          = 102,
+
+    /* Unable to validate the certificate. */
     WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
+
+    /* There was a problem parsing the certificate. */
     WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE     = 104,
 
     WOLF_PEM_BUFSIZE = 1024
@@ -2672,8 +3104,11 @@ enum { /* ssl Constants */
 /* extra begins */
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
 enum {  /* ERR Constants */
-    ERR_TXT_STRING = 1
+    WOLFSSL_ERR_TXT_STRING = 1
 };
+#ifndef OPENSSL_COEXIST
+#define ERR_TXT_STRING WOLFSSL_ERR_TXT_STRING
+#endif
 #endif
 #ifdef OPENSSL_EXTRA
 /* bio misc */
@@ -2704,7 +3139,6 @@ WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);
 #if !defined(NO_CHECK_PRIVATE_KEY)
   WOLFSSL_API int  wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx);
 #endif
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
 
 WOLFSSL_API void wolfSSL_ERR_free_strings(void);
 WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long id);
@@ -2732,16 +3166,21 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFS
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
 #endif
 
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);
-#endif
 WOLFSSL_API int wolfSSL_want_read(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_want_write(WOLFSSL* ssl);
 
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);
+
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
+
 #include <stdarg.h> /* var_arg */
 WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
                                                             va_list args);
 WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...);
+
+
 WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char* buf, int length);
 WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio,
                                          const WOLFSSL_ASN1_UTCTIME* a);
@@ -2753,39 +3192,20 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_
     const WOLFSSL_ASN1_TIME* to);
 WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
     const WOLFSSL_ASN1_TIME *b);
-#ifdef OPENSSL_EXTRA
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
 WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
-#endif
+WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t,
+        const char *str);
+#endif /* OPENSSL_EXTRA */
 
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
 WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
-
-#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
-
-WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
-                                            int idx);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
-    WOLFSSL_CRYPTO_EX_DATA* ex_data,
-    int idx,
-    void *data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
-WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
-                                            void *data);
 #endif
 
+
 /* stunnel 4.28 needs */
-WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx);
-WOLFSSL_API int   wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
-    WOLFSSL_CTX* ctx,
-    int idx,
-    void* data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
 WOLFSSL_API void  wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
                    WOLFSSL_SESSION*(*f)(WOLFSSL* ssl, const unsigned char*, int, int*));
 WOLFSSL_API void  wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
@@ -2802,13 +3222,21 @@ WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
                               const WOLFSSL_SESSION* sess);
 WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* session);
 WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* session);
-#ifdef HAVE_EX_DATA
-WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
-    WOLFSSL_CRYPTO_EX_new* new_func,
-    WOLFSSL_CRYPTO_EX_dup* dup_func,
-    WOLFSSL_CRYPTO_EX_free* free_func);
+
+
+#ifdef SESSION_CERTS
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl);
 #endif
 
+WOLFSSL_API
+    WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
+
+WOLFSSL_API int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
+                                unsigned char* buf, int inLen, int* outLen);
+#endif /* SESSION_CERTS */
+
 
 /* extra ends */
 
@@ -2819,11 +3247,30 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
    date check and signature check */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
 
+
 /* need to call once to load library (session cache) */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
 /* call when done to cleanup/free session cache mutex / resources  */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+#ifndef NO_FILESYSTEM
+WOLFSSL_API int    wolfSSL_crypto_policy_enable(const char * policy);
+#endif /* ! NO_FILESYSTEM */
+WOLFSSL_API int    wolfSSL_crypto_policy_enable_buffer(const char * buf);
+WOLFSSL_API void   wolfSSL_crypto_policy_disable(void);
+WOLFSSL_API int    wolfSSL_crypto_policy_is_enabled(void);
+WOLFSSL_API const char * wolfSSL_crypto_policy_get_ciphers(void);
+WOLFSSL_API int    wolfSSL_crypto_policy_get_level(void);
+WOLFSSL_LOCAL int  wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx,
+                                                  WOLFSSL_METHOD * method);
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+/* compat functions. */
+WOLFSSL_API int    wolfSSL_get_security_level(const WOLFSSL * ssl);
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API void   wolfSSL_set_security_level(WOLFSSL * ssl, int level);
+#endif /* !NO_WOLFSSL_STUB */
+
 /* which library version do we have */
 WOLFSSL_API const char* wolfSSL_lib_version(void);
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -2859,12 +3306,49 @@ WOLFSSL_API int  wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx);
 WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx);
 /* index cert in X509 */
 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx);
+
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS)
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
+
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
+                                                            WOLFSSL_X509* cert);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
+                                                            WOLFSSL_X509* cert);
+
+WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
+    unsigned char* buf, int* bufSz);
+WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509,
+    unsigned char* buf, int* bufSz);
+WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509);
+
+#ifndef NO_FILESYSTEM
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
+    wolfSSL_X509_load_certificate_file(const char* fname, int format);
+#endif
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#endif
+
 /* free X509 */
 #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509* x509);
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || \
+          KEEP_OUR_CERT || SESSION_CERTS */
+
+
 /* get index cert in PEM */
-WOLFSSL_API int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
-                                unsigned char* buf, int inLen, int* outLen);
+
 WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(
                                                       const WOLFSSL_SESSION* s);
 WOLFSSL_API int  wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,unsigned char* in,int* inOutSz);
@@ -2885,19 +3369,24 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
         const unsigned char** in, int len);
 WOLFSSL_API WOLFSSL_X509*
     wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+WOLFSSL_API WOLFSSL_X509*
+    wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len,
+    void* heap);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509*
     wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+        const unsigned char** in, int len);
 #endif
 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
                                                    const unsigned char *in, int len);
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
-                                                    WOLFSSL_X509_CRL **crl);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
 #endif
 #if defined(HAVE_CRL) && defined(OPENSSL_EXTRA)
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
+                                                    WOLFSSL_X509_CRL **crl);
 WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl);
 WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl);
 WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid(
@@ -2912,9 +3401,50 @@ WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
                                                        byte* in, int* inOutSz);
 #endif
 #if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
+WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl);
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
 #endif
 
+#if defined(WOLFSSL_ACERT) && \
+   (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void * heap);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void);
+WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509,
+                                         int dynamic, void * heap);
+WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509);
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int  wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md);
+#endif /* !NO_WOLFSSL_STUB */
+WOLFSSL_API int  wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509,
+                                           WOLFSSL_EVP_PKEY* pkey);
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature_nid(
+                                                  const WOLFSSL_X509_ACERT* x);
+WOLFSSL_API int  wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio,
+                                          WOLFSSL_X509_ACERT* x509_acert);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT(
+    WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u);
+WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x);
+#endif /* OPENSSL_EXTRA */
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                 const byte ** rawAttr,
+                                                 word32 * rawAttrLen);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                                      unsigned char* in,
+                                                      int * inOutSz);
+WOLFSSL_API int  wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                                  unsigned char* buf,
+                                                  int* bufSz);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex(
+    const unsigned char* buf, int sz, int format, void * heap);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
+
+#ifdef OPENSSL_EXTRA
 WOLFSSL_API
 const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
                                                      WOLFSSL_X509_REVOKED *rev);
@@ -2927,14 +3457,6 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
     WOLFSSL_API WOLFSSL_X509*
         wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
     #endif
-WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
-    wolfSSL_X509_load_certificate_file(const char* fname, int format);
-#endif
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
-    const unsigned char* buf, int sz, int format);
-#ifdef WOLFSSL_CERT_REQ
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
-    const unsigned char* buf, int sz, int format);
 #endif
 
 #ifdef WOLFSSL_SEP
@@ -2946,20 +3468,25 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
            wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz);
 #endif
 
+#endif /* OPENSSL_EXTRA */
+
 /* connect enough to get peer cert */
 WOLFSSL_API int  wolfSSL_connect_cert(WOLFSSL* ssl);
 
 
-
+#ifdef OPENSSL_EXTRA
 /* PKCS12 compatibility */
-typedef struct WC_PKCS12 WC_PKCS12;
-WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
-                                       WC_PKCS12** pkcs12);
-WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
+WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
                                        WOLFSSL_X509_PKCS12** pkcs12);
 #endif
+
+#ifdef HAVE_PKCS12
+WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
+                                       WC_PKCS12** pkcs12);
+WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
+
 WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
      WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
      WOLF_STACK_OF(WOLFSSL_X509)** ca);
@@ -2969,8 +3496,8 @@ WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
         WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
         WOLF_STACK_OF(WOLFSSL_X509)* ca,
         int keyNID, int certNID, int itt, int macItt, int keytype);
-WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
-
+#endif /* HAVE_PKCS12 */
+#endif /* OPENSSL_EXTRA */
 
 
 #ifndef NO_DH
@@ -3032,23 +3559,29 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
         #ifdef __PPU
             #include <sys/types.h>
             #include <sys/socket.h>
-        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \
+        #elif defined(ARDUINO)
+            /* TODO board specific */
+        #elif defined(NUCLEUS_PLUS_2_3)
+            #include "services/sys/uio.h"
+        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)    && \
               !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
-              !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
-              !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \
-              !defined(WOLFSSL_ZEPHYR) && !defined(NETOS)
+              !defined(WOLFSSL_EMBOS)   && !defined(WOLFSSL_FROSTED)    && \
+              !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI)    && \
+              !defined(WOLFSSL_ZEPHYR)  && !defined(NETOS) && \
+              !defined(WOLFSSL_NDS)
             #include <sys/uio.h>
         #endif
         /* allow writev style writing */
         WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
                                      int iovcnt);
-    #endif
-#endif
+    #endif /* !NO_WRITEV */
+#endif /* !_WIN32 */
 
 
 #ifndef NO_CERTS
     /* SSL_CTX versions */
     WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx);
+    WOLFSSL_API int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx);
 #ifdef WOLFSSL_TRUST_PEER_CERT
     WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx);
 #ifdef WOLFSSL_LOCAL_X509_STORE
@@ -3081,6 +3614,23 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
                                                const unsigned char* in, long sz, int format);
     WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
                                                     const unsigned char* in, long sz);
+#if defined(WOLF_CRYPTO_CB)
+    WOLFSSL_API int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx,
+                                                const char *label, int devId);
+    WOLFSSL_API int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx,
+                                const unsigned char *id, int idLen, int devId);
+#endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
+                                const unsigned char* in, long sz, int format);
+    WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx,
+                                const unsigned char* id, long sz,
+                                int devId, long keySz);
+    WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx,
+                                const unsigned char* id, long sz, int devId);
+    WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx,
+                                const char* label, int devId);
+#endif
 
     /* SSL versions */
     WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
@@ -3099,6 +3649,17 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
     WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
                                                const unsigned char* in, long sz);
     WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    WOLFSSL_API int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl,
+                                const unsigned char* in, long sz, int format);
+    WOLFSSL_API int wolfSSL_use_AltPrivateKey_id(WOLFSSL* ssl,
+                                const unsigned char* id, long sz,
+                                int devId, long keySz);
+    WOLFSSL_API int wolfSSL_use_AltPrivateKey_Id(WOLFSSL* ssl,
+                                const unsigned char* id, long sz, int devId);
+    WOLFSSL_API int wolfSSL_use_AltPrivateKey_Label(WOLFSSL* ssl,
+                                const char* label, int devId);
+#endif
 
     #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
         defined(KEEP_OUR_CERT)
@@ -3130,18 +3691,6 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt
 WOLFSSL_API int   wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, const byte* secret, word32 secretSz);
 
 
-/* I/O Callback default errors */
-enum IOerrors {
-    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
-    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
-    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
-    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
-    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
-    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
-    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
-};
-
-
 /* CA cache callbacks */
 enum {
     WOLFSSL_SSLV3    = 0,
@@ -3154,7 +3703,9 @@ enum {
     WOLFSSL_DTLSV1_3 = 7,
 
     WOLFSSL_USER_CA  = 1,          /* user added as trusted */
-    WOLFSSL_CHAIN_CA = 2           /* added to cache from trusted chain */
+    WOLFSSL_CHAIN_CA = 2,          /* added to cache from trusted chain */
+    WOLFSSL_TEMP_CA = 3            /* Temp intermediate CA, only for use by
+                                    * X509_STORE */
 };
 
 WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
@@ -3179,6 +3730,8 @@ WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
 
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 typedef void (*CbMissingCRL)(const char* url);
+typedef int  (*crlErrorCb)(int ret, WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm,
+                           void* ctx);
 typedef int  (*CbOCSPIO)(void*, const char*, int,
                                          unsigned char*, int, unsigned char**);
 typedef void (*CbOCSPRespFree)(void*,unsigned char*);
@@ -3187,6 +3740,22 @@ typedef void (*CbOCSPRespFree)(void*,unsigned char*);
 typedef int  (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
 #endif
 
+#ifdef HAVE_CRL_UPDATE_CB
+typedef struct CrlInfo {
+    byte *issuerHash;
+    word32 issuerHashLen;
+    byte *lastDate;
+    word32 lastDateMaxLen;
+    byte lastDateFormat;
+    byte *nextDate;
+    word32 nextDateMaxLen;
+    byte nextDateFormat;
+    sword32 crlNumber;
+} CrlInfo;
+
+typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* cnew);
+#endif
+
 /* User Atomic Record Layer CallBacks */
 typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
        const unsigned char* macIn, unsigned int macInSz, int macContent,
@@ -3212,6 +3781,21 @@ WOLFSSL_API void  wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptM
 WOLFSSL_API void  wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx);
 WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl);
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    #ifndef WOLFSSL_THREADED_CRYPT_CNT
+        #define WOLFSSL_THREADED_CRYPT_CNT  16
+    #endif
+
+typedef void (*WOLFSSL_THREAD_SIGNAL)(void* ctx, WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx,
+   WOLFSSL_THREAD_SIGNAL signal, void* ctx);
+#endif
+
+
 typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl,
        unsigned char* decOut, const unsigned char* decIn,
        unsigned int decSz, int content, int verify, unsigned int* padSz,
@@ -3252,7 +3836,7 @@ enum {
     WOLFSSL_BLOCK_TYPE = 2,
     WOLFSSL_STREAM_TYPE = 3,
     WOLFSSL_AEAD_TYPE = 4,
-    WOLFSSL_TLS_HMAC_INNER_SZ = 13      /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
+    WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
 };
 
 /* for GetBulkCipher and internal use
@@ -3516,6 +4100,13 @@ WOLFSSL_API void  wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx,
 WOLFSSL_API void  wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx);
 WOLFSSL_API void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl);
 
+typedef int (*CallbackGenExtMasterSecret)(WOLFSSL* ssl, byte* hash,
+                                            word32 hashsz, void* ctx);
+WOLFSSL_API void  wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx,
+                                                CallbackGenExtMasterSecret cb);
+WOLFSSL_API void  wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl);
+
 typedef int (*CallbackGenPreMaster)(WOLFSSL* ssl, byte *premaster,
                                                    word32 preSz, void* ctx);
 WOLFSSL_API void  wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx,
@@ -3587,6 +4178,12 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
     WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm);
     WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm);
 
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    WOLFSSL_API void wolfSSL_CertManagerSetUnknownExtCallback(
+        WOLFSSL_CERT_MANAGER* cm,
+        wc_UnknownExtCallback cb);
+#endif
+
     WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm,
         const char* f, const char* d);
     WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
@@ -3596,6 +4193,8 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
         const unsigned char* buff, long sz, int format);
 
     WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
+    WOLFSSL_API int wolfSSL_CertManagerUnloadIntermediateCerts(
+        WOLFSSL_CERT_MANAGER* cm);
 #ifdef WOLFSSL_TRUST_PEER_CERT
     WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(
         WOLFSSL_CERT_MANAGER* cm);
@@ -3609,8 +4208,10 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
     WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
         int options);
     WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm);
+#ifndef NO_WOLFSSL_CM_VERIFY
     WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
         VerifyCallback vc);
+#endif
     WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
         const char* path, int type, int monitor);
     WOLFSSL_API int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm,
@@ -3619,11 +4220,19 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
         const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
         CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm,
+                                                      crlErrorCb cb, void* ctx);
     WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm,
         CbCrlIO cb);
 #endif
+#ifdef HAVE_CRL_UPDATE_CB
+    WOLFSSL_API int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
+        const byte* buff, long sz, int type);
+    WOLFSSL_API int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm,
+        CbUpdateCRL cb);
+#endif
 #if defined(HAVE_OCSP)
     WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(
         WOLFSSL_CERT_MANAGER* cm, unsigned char *response, int responseSz,
@@ -3662,6 +4271,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
     WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl,
                                           const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb,
+                                           void* ctx);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
 #endif
@@ -3679,6 +4290,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
     WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx,
                                             const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb,
+                                               void* cbCtx);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb);
 #endif
@@ -3728,8 +4341,7 @@ WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
 
 /* SNI types */
 enum {
-    WOLFSSL_SNI_HOST_NAME = 0,
-    WOLFSSL_SNI_HOST_NAME_OUTER = 0,
+    WOLFSSL_SNI_HOST_NAME = 0
 };
 
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
@@ -3749,7 +4361,7 @@ enum {
     WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02,
 
     /* Abort the handshake if the client didn't send a SNI request. */
-    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04,
+    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04
 };
 
 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
@@ -3800,7 +4412,7 @@ enum {
     WOLFSSL_ALPN_NO_MATCH = 0,
     WOLFSSL_ALPN_MATCH    = 1,
     WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
-    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
+    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4
 };
 
 enum {
@@ -3834,6 +4446,7 @@ WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list);
 
 /* Fragment lengths */
 enum {
+    WOLFSSL_MFL_DISABLED = 0,
     WOLFSSL_MFL_2_9  = 1, /*  512 bytes */
     WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
     WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
@@ -3841,7 +4454,7 @@ enum {
     WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
     WOLFSSL_MFL_2_8  = 6, /*  256 bytes *//* wolfSSL ONLY!!! */
     WOLFSSL_MFL_MIN  = WOLFSSL_MFL_2_9,
-    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8,
+    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8
 };
 
 #ifndef NO_WOLFSSL_CLIENT
@@ -3955,38 +4568,56 @@ enum {
     WOLFSSL_FFDHE_4096    = 258,
     WOLFSSL_FFDHE_6144    = 259,
     WOLFSSL_FFDHE_8192    = 260,
+    WOLFSSL_FFDHE_END     = 511,
 
 #ifdef HAVE_PQC
-    /* These group numbers were taken from OQS's openssl fork, see:
-     * https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/
-     * oqs-template/oqs-kem-info.md.
-     *
-     * The levels in the group name refer to the claimed NIST level of each
-     * parameter set. The associated parameter set name is listed as a comment
-     * beside the group number. Please see the NIST PQC Competition's submitted
-     * papers for more details.
-     *
-     * LEVEL1 means that an attack on that parameter set would require the same
-     * or more resources as a key search on AES 128. LEVEL3 would require the
-     * same or more resources as a key search on AES 192. LEVEL5 would require
-     * the same or more resources as a key search on AES 256. None of the
-     * algorithms have LEVEL2 and LEVEL4 because none of these submissions
-     * included them. */
 
-    WOLFSSL_PQC_MIN               = 570,
-    WOLFSSL_PQC_SIMPLE_MIN        = 570,
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    /* Old code points to keep compatibility with Kyber Round 3.
+     * Taken from OQS's openssl provider, see:
+     * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
+     *      oqs-kem-info.md
+     */
     WOLFSSL_KYBER_LEVEL1          = 570, /* KYBER_512 */
     WOLFSSL_KYBER_LEVEL3          = 572, /* KYBER_768 */
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
-    WOLFSSL_PQC_SIMPLE_MAX        = 573,
 
-    WOLFSSL_PQC_HYBRID_MIN        = 12052,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
-    WOLFSSL_PQC_HYBRID_MAX        = 12093,
-    WOLFSSL_PQC_MAX               = 12093,
-#endif
+    WOLFSSL_X25519_KYBER_LEVEL1   = 12089,
+    WOLFSSL_X448_KYBER_LEVEL3     = 12176,
+    WOLFSSL_X25519_KYBER_LEVEL3   = 25497,
+    WOLFSSL_P256_KYBER_LEVEL3     = 25498,
+#endif /* WOLFSSL_KYBER_ORIGINAL */
+#ifndef WOLFSSL_NO_ML_KEM
+    /* Taken from draft-connolly-tls-mlkem-key-agreement, see:
+     * https://github.com/dconnolly/draft-connolly-tls-mlkem-key-agreement/
+     */
+    WOLFSSL_ML_KEM_512            = 512,
+    WOLFSSL_ML_KEM_768            = 513,
+    WOLFSSL_ML_KEM_1024           = 514,
+
+    /* Taken from draft-kwiatkowski-tls-ecdhe-mlkem. see:
+     * https://github.com/post-quantum-cryptography/
+     *      draft-kwiatkowski-tls-ecdhe-mlkem/
+     */
+    WOLFSSL_P256_ML_KEM_768       = 4587,
+    WOLFSSL_X25519_ML_KEM_768     = 4588,
+    WOLFSSL_P384_ML_KEM_1024      = 4589,
+
+    /* Taken from OQS's openssl provider, see:
+     * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
+     *      oqs-kem-info.md
+     */
+    WOLFSSL_P256_ML_KEM_512       = 12107,
+    WOLFSSL_P384_ML_KEM_768       = 12108,
+    WOLFSSL_P521_ML_KEM_1024      = 12109,
+    WOLFSSL_X25519_ML_KEM_512     = 12214,
+    WOLFSSL_X448_ML_KEM_768       = 12215,
+#endif /* WOLFSSL_NO_ML_KEM */
+#endif /* HAVE_PQC */
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
 };
 
 enum {
@@ -3995,6 +4626,7 @@ enum {
     WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
     WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
 #endif
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
 };
 
 #ifdef HAVE_SUPPORTED_CURVES
@@ -4008,6 +4640,16 @@ WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
 WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
 #endif
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+#define WOLFSSL_CKS_SIGSPEC_NATIVE      0x0001
+#define WOLFSSL_CKS_SIGSPEC_ALTERNATIVE 0x0002
+#define WOLFSSL_CKS_SIGSPEC_BOTH        0x0003
+#define WOLFSSL_CKS_SIGSPEC_EXTERNAL    0x0004
+
+WOLFSSL_API int wolfSSL_UseCKS(WOLFSSL* ssl, byte *sigSpec, word16 sigSpecSz);
+WOLFSSL_API int wolfSSL_CTX_UseCKS(WOLFSSL_CTX* ctx, byte *sigSpec,
+                                   word16 sigSpecSz);
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
 /* Secure Renegotiation */
 #if defined(HAVE_SECURE_RENEGOTIATION) || defined(HAVE_SERVER_RENEGOTIATION_INFO)
@@ -4041,7 +4683,25 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl);
 #ifdef HAVE_SESSION_TICKET
 
 #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER)
-    #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
+    #ifdef WOLFSSL_TICKET_ENC_CBC_HMAC
+        #if defined(WOLFSSL_TICKET_ENC_HMAC_SHA512)
+            #define WOLFSSL_TICKET_ENC_HMAC     WC_HASH_TYPE_SHA512
+            #define WOLFSSL_TICKET_HMAC_KEY_SZ  64
+        #elif defined(WOLFSSL_TICKET_ENC_HMAC_SHA384)
+            #define WOLFSSL_TICKET_ENC_HMAC     WC_HASH_TYPE_SHA384
+            #define WOLFSSL_TICKET_HMAC_KEY_SZ  48
+        #else
+            #define WOLFSSL_TICKET_ENC_HMAC     WC_HASH_TYPE_SHA256
+            #define WOLFSSL_TICKET_HMAC_KEY_SZ  32
+        #endif
+        #ifdef WOLFSSL_TICKET_ENC_AES256_CBC
+            #define WOLFSSL_TICKET_KEY_SZ   \
+                (AES_256_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ)
+        #else
+            #define WOLFSSL_TICKET_KEY_SZ   \
+                (AES_128_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ)
+        #endif
+    #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
         !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \
         !defined(WOLFSSL_TICKET_ENC_AES256_GCM)
         #define WOLFSSL_TICKET_KEY_SZ       CHACHA20_POLY1305_AEAD_KEYSIZE
@@ -4072,7 +4732,11 @@ WOLFSSL_API int wolfSSL_send_SessionTicket(WOLFSSL* ssl);
 
 #define WOLFSSL_TICKET_NAME_SZ 16
 #define WOLFSSL_TICKET_IV_SZ   16
-#define WOLFSSL_TICKET_MAC_SZ  32
+#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC
+    #define WOLFSSL_TICKET_MAC_SZ  32
+#else
+    #define WOLFSSL_TICKET_MAC_SZ  WOLFSSL_TICKET_HMAC_KEY_SZ
+#endif
 
 enum TicketEncRet {
     WOLFSSL_TICKET_RET_FATAL  = -1,  /* fatal error, don't use ticket */
@@ -4113,6 +4777,7 @@ WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
 
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+WOLFSSL_API int wolfDTLS_accept_stateless(WOLFSSL* ssl);
 /* notify user we parsed a verified ClientHello is done. This only has an effect
  * on the server end. */
 typedef int (*ClientHelloGoodCb)(WOLFSSL* ssl, void*);
@@ -4273,15 +4938,19 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
     const char *field, int type, const unsigned char *bytes, int len, int loc,
     int set);
+#ifndef wolfSSL_X509_NAME_add_entry_by_NID
 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
                                            int type, const unsigned char *bytes,
                                            int len, int loc, int set);
+#endif
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry(
         WOLFSSL_X509_NAME *name, int loc);
 WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
             const WOLFSSL_X509_NAME* y);
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
+#ifndef wolfSSL_X509_NAME_new_ex
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap);
+#endif
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name);
 WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to);
 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
@@ -4339,6 +5008,10 @@ WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
 WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
         const WOLFSSL_ASN1_OBJECT *obj, int lastpos);
+WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a,
+        WOLFSSL_X509 *obj);
+WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a,
+        WOLFSSL_X509_CRL *obj);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
 WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
@@ -4349,7 +5022,6 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup(
         WOLFSSL_X509_EXTENSION* src);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
                                        WOLFSSL_X509_EXTENSION* ext);
-WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
 #endif
@@ -4401,7 +5073,7 @@ WOLFSSL_API int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl,
                                                        WOLFSSL_X509_STORE* str);
 WOLFSSL_API int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl,
                                                        WOLFSSL_X509_STORE* str);
-WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
+WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
     defined(HAVE_SECRET_CALLBACK)
@@ -4447,7 +5119,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
 #ifndef NO_FILESYSTEM
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
         XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
-        pem_password_cb* cb, void* u);
+        wc_pem_password_cb* cb, void* u);
 #endif
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
         WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
@@ -4481,11 +5153,9 @@ struct WOLFSSL_CONF_CTX {
 };
 
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
+WOLFSSL_API int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
-    defined(OPENSSL_EXTRA_X509_SMALL)
-
 #if    defined(OPENSSL_EXTRA) \
     || defined(OPENSSL_ALL) \
     || defined(HAVE_LIGHTY) \
@@ -4496,8 +5166,10 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA
     || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
+#ifndef wolfSSL_X509_NAME_free
 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
-WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x);
+#endif
+WOLFSSL_API int wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509);
@@ -4505,7 +5177,6 @@ WOLFSSL_API int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
 /* These are to be merged shortly */
 WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
-WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
 WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
@@ -4522,9 +5193,9 @@ WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
 WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
 #endif
 
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
-
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || \
+          WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || \
+          WOLFSSL_HAPROXY */
 
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
     || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
@@ -4564,6 +5235,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
 WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
 WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
+WOLFSSL_API long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req);
+WOLFSSL_API int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version);
 WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                                       const WOLFSSL_EVP_MD *md);
 WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
@@ -4610,8 +5283,6 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions(
 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
     void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
 
-WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
-
 WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
@@ -4654,6 +5325,12 @@ WOLFSSL_API void wolfSSL_sk_X509_OBJECT_pop_free(WOLFSSL_STACK* s,
         void (*f) (WOLFSSL_X509_OBJECT*));
 WOLFSSL_API int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj);
 
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
+        wolfSSL_sk_X509_OBJECT_deep_copy(
+            const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+            WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*),
+            void (*f)(WOLFSSL_X509_OBJECT*));
+
 WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void);
 WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info);
 
@@ -4720,6 +5397,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
                             const WOLFSSL_ASN1_BIT_STRING* str, int i);
 WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
                             WOLFSSL_ASN1_BIT_STRING* str, int pos, int val);
+WOLFSSL_API int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
+        unsigned char** pp);
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
+        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 WOLFSSL_API int  wolfSSL_version(WOLFSSL* ssl);
@@ -4752,12 +5433,6 @@ WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup(
 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
     || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
 
-#ifdef HAVE_EX_DATA
-WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
-        WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
-        WOLFSSL_CRYPTO_EX_free* free_func);
-#endif
-
 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(
         const WOLFSSL_SESSION* sess, unsigned int* idLen);
 
@@ -4781,14 +5456,17 @@ typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
 
 WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx,
         CallbackSniRecv cb);
-WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
-        CallbackSniRecv cb);
 
 WOLFSSL_API int  wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg);
 #endif
 
-#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
-    || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+
+#ifdef HAVE_SNI
+WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
+        CallbackSniRecv cb);
+#endif
 
 WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void* pid);
 
@@ -4817,6 +5495,11 @@ WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_new(void);
 WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_OBJECT_get0_X509(const WOLFSSL_X509_OBJECT *obj);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_X509_OBJECT_get0_X509_CRL(WOLFSSL_X509_OBJECT *obj);
+
+WOLFSSL_API WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
+        WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
+        WOLFSSL_X509_LOOKUP_TYPE type,
+        WOLFSSL_X509_NAME *name);
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@@ -4824,18 +5507,16 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_X509_OBJECT_get0_X509_CRL(WOLFSSL_X509_OBJ
 WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC)
+#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && (defined(HAVE_ECC) || \
+    defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
 WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
 WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
-#endif /* (OPENSSL_EXTRA || HAVE_CURL) && HAVE_ECC */
-
-#if defined(OPENSSL_ALL) || \
-    defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#endif
 
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
 WOLFSSL_API int wolfSSL_get_verify_mode(const WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx);
-
 #endif
 
 #ifdef WOLFSSL_JNI
@@ -4915,34 +5596,16 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \
-    || defined(WOLFSSL_WPAS_SMALL)
-WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
-WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
-    void *data);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
-    WOLFSSL_X509 *x509,
-    int idx,
-    void *data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
-#ifdef HAVE_EX_DATA
-WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
-    WOLFSSL_CRYPTO_EX_new* new_func,
-    WOLFSSL_CRYPTO_EX_dup* dup_func,
-    WOLFSSL_CRYPTO_EX_free* free_func);
-#endif
-WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
-    const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
-
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
 WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
 WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl);
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
+    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
+WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
+    const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
 WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
     WOLFSSL_EC_KEY *ecdh);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
@@ -4950,7 +5613,11 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
 WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts,
-    const OPENSSL_INIT_SETTINGS *settings);
+    const WOLFSSL_INIT_SETTINGS *settings);
+WOLFSSL_API WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void);
+WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init);
+WOLFSSL_API int  wolfSSL_OPENSSL_INIT_set_config_appname(
+        WOLFSSL_INIT_SETTINGS* init, char* appname);
 #endif
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl);
@@ -5017,7 +5684,7 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
 WOLFSSL_API long wolfSSL_CTX_get_tlsext_ticket_keys(WOLFSSL_CTX *ctx,
      unsigned char *keys, int keylen);
 WOLFSSL_API long wolfSSL_CTX_set_tlsext_ticket_keys(WOLFSSL_CTX *ctx,
-     unsigned char *keys, int keylen);
+     const void *keys_vp, int keylen);
 #endif
 
 WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
@@ -5084,8 +5751,14 @@ WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg);
 WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
 WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor);
 WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval);
+WOLFSSL_API int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
+        unsigned char** pp);
+WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
+        const byte** src, long len);
 WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void);
 WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at);
+WOLFSSL_API int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at,
+                                      unsigned char** pp);
 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void);
 WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x);
 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509);
@@ -5098,9 +5771,16 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a
                                                          long length);
 WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
 WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
-WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
-WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+WOLFSSL_API void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
+#ifndef OPENSSL_COEXIST
+#define SSL_CTX_set_tmp_dh_callback WOLFSSL_CTX_set_tmp_dh_callback
+#endif
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void);
+#ifndef OPENSSL_COEXIST
+#define SSL_COMP_get_compression_methods WOLFSSL_COMP_get_compression_methods
+#endif
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
+WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE *str);
 WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
@@ -5109,7 +5789,10 @@ WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
 WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i);
-WOLFSSL_API void ERR_load_SSL_strings(void);
+WOLFSSL_API void wolfSSL_ERR_load_SSL_strings(void);
+#ifndef OPENSSL_COEXIST
+#define ERR_load_SSL_strings wolfSSL_ERR_load_SSL_strings
+#endif
 WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
 
 WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
@@ -5119,6 +5802,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t);
 WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t);
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
                                                                 WOLFSSL_ASN1_TIME **out);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
 WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
 WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
         char *buf, int size);
@@ -5130,6 +5814,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
     WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
     int passwdSz, wc_pem_password_cb* cb, void* ctx);
+WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        WOLFSSL_PKCS8_PRIV_KEY_INFO* keyInfo);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey(
     XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc,
@@ -5178,7 +5864,7 @@ WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
 enum {
     WOLFSSL_CERT_TYPE_UNKNOWN = -1,
     WOLFSSL_CERT_TYPE_X509 = 0,
-    WOLFSSL_CERT_TYPE_RPK  = 2,
+    WOLFSSL_CERT_TYPE_RPK  = 2
 };
 #define MAX_CLIENT_CERT_TYPE_CNT 2
 #define MAX_SERVER_CERT_TYPE_CNT 2
@@ -5202,7 +5888,6 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx);
 #endif
 WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level);
 WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx);
-
 WOLFSSL_API int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s);
 
 WOLFSSL_API void wolfSSL_CRYPTO_free(void *str, const char *file, int line);
@@ -5229,12 +5914,6 @@ WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
 WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
 WOLFSSL_API int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd);
 #endif /* OPENSSL_EXTRA */
-#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
-WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                                           WOLFSSL_CRYPTO_EX_new* new_func,
-                                           WOLFSSL_CRYPTO_EX_dup* dup_func,
-                                           WOLFSSL_CRYPTO_EX_free* free_func);
-#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
 
 #if defined(WOLFSSL_DTLS_CID)
 WOLFSSL_API int wolfSSL_dtls_cid_use(WOLFSSL* ssl);
@@ -5245,10 +5924,15 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl,
     unsigned int* size);
 WOLFSSL_API int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
+WOLFSSL_API int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid);
 WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl,
     unsigned int* size);
 WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
+WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
+WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
+WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz);
 #endif /* defined(WOLFSSL_DTLS_CID) */
 
 #ifdef WOLFSSL_DTLS_CH_FRAG
@@ -5269,6 +5953,247 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
 #define DTLS1_2_VERSION                  0xFEFD
 #define DTLS1_3_VERSION                  0xFEFC
 
+/* These minimums where determined whilst referencing their RFC specs. The
+ * values represent the minimum sizes of the data types in the required struct
+ * for the `extension_data` field. A length of 0 was assumed when necassary.
+ *
+ * Documents Used for the respective extension:
+ *  - https://datatracker.ietf.org/doc/html/rfc6066
+ *      - Server Name Indication (SNI)
+ *      - Maximum Fragment Length Negotiation (MFL)
+ *      - Trusted CA Indication (TCA)
+ *      - Certificate Status Request (CSR)
+ *      - Truncate HMAC (THM)
+ *  - https://datatracker.ietf.org/doc/html/rfc8446
+ *      - Early Data Indication (EDI)
+ *      - Pre-Shared Key (PSK)
+ *      - Pre-Shared Key Exchange Modes (PKM)
+ *      - Key Share (KS)
+ *      - Post-Handshake Authentication (PHA)
+ *      - Signature Algorithms (SA)
+ *      - Signature Algorithms Certificate (SAC)
+ *      - Support Groups (EC)
+ *      - Cookie (CKE)
+ *      - Supported Versions (SV)
+ *      - Certificate Authorities (CAN)
+ *  - https://datatracker.ietf.org/doc/html/rfc6961
+ *      - Certificate Status Request v2 (CSR2)
+ *  - https://datatracker.ietf.org/doc/rfc9146/
+ *      - Connection Identifier (CID)
+ *  - https://datatracker.ietf.org/doc/rfc7301/
+ *      - Application-Layer Protocol Negotiation (ALPN)
+ *  - https://datatracker.ietf.org/doc/html/rfc3711
+ *      - Secure Real-time Transport Protocol (SRTP)
+ *  - https://datatracker.ietf.org/doc/html/rfc7366
+ *      - Encrypt Then Mac (ETM)
+ *  - https://datatracker.ietf.org/doc/html/rfc7250
+ *      - Client Certificate Type (CCT)
+ *      - Server Certificate Type (SCT)
+ *  - https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
+ *      - Encrypted Client Hello (ECH)
+ *  - https://datatracker.ietf.org/doc/html/rfc5746
+ *      - Secure Renegotiation (SCR)
+ *  - https://datatracker.ietf.org/doc/rfc4492/
+ *      - Point Frame (PF)
+ *  - https://datatracker.ietf.org/doc/rfc9000/
+ *      - QUIC (QTP)
+ *  - https://datatracker.ietf.org/doc/html/rfc5077
+ *      - Session Ticket (STK)
+ * Example:
+ *  For `WOLFSSL_CSR_MIN_SIZE_CLIENT = 5`, 5 was determined by looking at the
+ * struct below defined in its respective RFC.
+ * The below struct for `CertificateStatusRequest` is made up of the types:
+ *      `CertificateStatusType` is an enum with a max value of 255, thus its
+ *          length is 1 byte.
+ *      `OCSPStatusRequest` is a struct of the following:
+ *          - `responder_id_list`: which is 2 bytes
+ *          - `request_extensions`: which is 2 bytes
+ *      This then gives the minimum size/length of 5 bytes for this extension
+ *          for the client
+ *  struct {
+ *      CertificateStatusType status_type;
+ *      select (status_type) {
+ *          case ocsp: OCSPStatusRequest;
+ *      } request;
+ *  } CertificateStatusRequest;
+ *  enum { ocsp(1), (255) } CertificateStatusType;
+ *  struct {
+ *      ResponderID responder_id_list<0..2^16-1>;
+ *      Extensions  request_extensions;
+ *    } OCSPStatusRequest;
+ *    opaque ResponderID<1..2^16-1>;
+ *    opaque Extensions<0..2^16-1>;
+ */
+
+#ifndef WOLFSSL_SNI_MIN_SIZE_CLIENT
+    #define WOLFSSL_SNI_MIN_SIZE_CLIENT   4
+#endif
+#ifndef WOLFSSL_SNI_MIN_SIZE_SERVER
+    #define WOLFSSL_SNI_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_EDI_MIN_SIZE_CLIENT
+    #define WOLFSSL_EDI_MIN_SIZE_CLIENT   0
+#endif
+#ifndef WOLFSSL_EDI_MIN_SIZE_SERVER
+    #define WOLFSSL_EDI_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_TCA_MIN_SIZE_CLIENT
+    #define WOLFSSL_TCA_MIN_SIZE_CLIENT   2
+#endif
+#ifndef WOLFSSL_TCA_MIN_SIZE_SERVER
+    #define WOLFSSL_TCA_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_CSR_MIN_SIZE_CLIENT
+    #define WOLFSSL_CSR_MIN_SIZE_CLIENT   5
+#endif
+#ifndef WOLFSSL_CSR_MIN_SIZE_SERVER
+    #define WOLFSSL_CSR_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_PKM_MIN_SIZE_CLIENT
+    #define WOLFSSL_PKM_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_PKM_MIN_SIZE_SERVER
+    #define WOLFSSL_PKM_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_CSR2_MIN_SIZE_CLIENT
+    #define WOLFSSL_CSR2_MIN_SIZE_CLIENT  7
+#endif
+#ifndef WOLFSSL_CSR2_MIN_SIZE_SERVER
+    #define WOLFSSL_CSR2_MIN_SIZE_SERVER  0
+#endif
+#ifndef WOLFSSL_CID_MIN_SIZE_CLIENT
+    #define WOLFSSL_CID_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_CID_MIN_SIZE_SERVER
+    #define WOLFSSL_CID_MIN_SIZE_SERVER   1
+#endif
+#ifndef WOLFSSL_ALPN_MIN_SIZE_CLIENT
+    #define WOLFSSL_ALPN_MIN_SIZE_CLIENT  2
+#endif
+#ifndef WOLFSSL_ALPN_MIN_SIZE_SERVER
+    #define WOLFSSL_ALPN_MIN_SIZE_SERVER  2
+#endif
+#ifndef WOLFSSL_SRTP_MIN_SIZE_CLIENT
+    #define WOLFSSL_SRTP_MIN_SIZE_CLIENT  3
+#endif
+#ifndef WOLFSSL_SRTP_MIN_SIZE_SERVER
+    #define WOLFSSL_SRTP_MIN_SIZE_SERVER  3
+#endif
+#ifndef WOLFSSL_KS_MIN_SIZE_CLIENT
+    #define WOLFSSL_KS_MIN_SIZE_CLIENT    1
+#endif
+#ifndef WOLFSSL_KS_MIN_SIZE_SERVER
+    #define WOLFSSL_KS_MIN_SIZE_SERVER    1
+#endif
+#ifndef WOLFSSL_ETM_MIN_SIZE_CLIENT
+    #define WOLFSSL_ETM_MIN_SIZE_CLIENT   0
+#endif
+#ifndef WOLFSSL_ETM_MIN_SIZE_SERVER
+    #define WOLFSSL_ETM_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_PSK_MIN_SIZE_CLIENT
+    #define WOLFSSL_PSK_MIN_SIZE_CLIENT   2
+#endif
+#ifndef WOLFSSL_PSK_MIN_SIZE_SERVER
+    #define WOLFSSL_PSK_MIN_SIZE_SERVER   2
+#endif
+#ifndef WOLFSSL_CCT_MIN_SIZE_CLIENT
+    #define WOLFSSL_CCT_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_CCT_MIN_SIZE_SERVER
+    #define WOLFSSL_CCT_MIN_SIZE_SERVER   1
+#endif
+#ifndef WOLFSSL_SCT_MIN_SIZE_CLIENT
+    #define WOLFSSL_SCT_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_SCT_MIN_SIZE_SERVER
+    #define WOLFSSL_SCT_MIN_SIZE_SERVER   1
+#endif
+#ifndef WOLFSSL_PHA_MIN_SIZE_CLIENT
+    #define WOLFSSL_PHA_MIN_SIZE_CLIENT   0
+#endif
+#ifndef WOLFSSL_PHA_MIN_SIZE_SERVER
+    #define WOLFSSL_PHA_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_THM_MIN_SIZE_CLIENT
+    #define WOLFSSL_THM_MIN_SIZE_CLIENT   0
+#endif
+#ifndef WOLFSSL_THM_MIN_SIZE_SERVER
+    #define WOLFSSL_THM_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_SA_MIN_SIZE_CLIENT
+    #define WOLFSSL_SA_MIN_SIZE_CLIENT    2
+#endif
+#ifndef WOLFSSL_SA_MIN_SIZE_SERVER
+    #define WOLFSSL_SA_MIN_SIZE_SERVER    2
+#endif
+#ifndef WOLFSSL_SAC_MIN_SIZE_CLIENT
+    #define WOLFSSL_SAC_MIN_SIZE_CLIENT   2
+#endif
+#ifndef WOLFSSL_SAC_MIN_SIZE_SERVER
+    #define WOLFSSL_SAC_MIN_SIZE_SERVER   2
+#endif
+#ifndef WOLFSSL_EC_MIN_SIZE_CLIENT
+    #define WOLFSSL_EC_MIN_SIZE_CLIENT    2
+#endif
+#ifndef WOLFSSL_EC_MIN_SIZE_SERVER
+    #define WOLFSSL_EC_MIN_SIZE_SERVER    2
+#endif
+#ifndef WOLFSSL_ECH_MIN_SIZE_CLIENT
+    #define WOLFSSL_ECH_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_ECH_MIN_SIZE_SERVER
+    #define WOLFSSL_ECH_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_MFL_MIN_SIZE_CLIENT
+    #define WOLFSSL_MFL_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_MFL_MIN_SIZE_SERVER
+    #define WOLFSSL_MFL_MIN_SIZE_SERVER   1
+#endif
+#ifndef WOLFSSL_CKE_MIN_SIZE_CLIENT
+    #define WOLFSSL_CKE_MIN_SIZE_CLIENT   3
+#endif
+#ifndef WOLFSSL_CKE_MIN_SIZE_SERVER
+    #define WOLFSSL_CKE_MIN_SIZE_SERVER   3
+#endif
+#ifndef WOLFSSL_SV_MIN_SIZE_CLIENT
+    #define WOLFSSL_SV_MIN_SIZE_CLIENT    2
+#endif
+#ifndef WOLFSSL_SV_MIN_SIZE_SERVER
+    #define WOLFSSL_SV_MIN_SIZE_SERVER    2
+#endif
+#ifndef WOLFSSL_SCR_MIN_SIZE_CLIENT
+    #define WOLFSSL_SCR_MIN_SIZE_CLIENT   1
+#endif
+#ifndef WOLFSSL_SCR_MIN_SIZE_SERVER
+    #define WOLFSSL_SCR_MIN_SIZE_SERVER   1
+#endif
+#ifndef WOLFSSL_PF_MIN_SIZE_CLIENT
+    #define WOLFSSL_PF_MIN_SIZE_CLIENT    1
+#endif
+#ifndef WOLFSSL_PF_MIN_SIZE_SERVER
+    #define WOLFSSL_PF_MIN_SIZE_SERVER    1
+#endif
+#ifndef WOLFSSL_CAN_MIN_SIZE_CLIENT
+    #define WOLFSSL_CAN_MIN_SIZE_CLIENT   3
+#endif
+#ifndef WOLFSSL_CAN_MIN_SIZE_SERVER
+    #define WOLFSSL_CAN_MIN_SIZE_SERVER   3
+#endif
+#ifndef WOLFSSL_QTP_MIN_SIZE_CLIENT
+    #define WOLFSSL_QTP_MIN_SIZE_CLIENT   0
+#endif
+#ifndef WOLFSSL_QTP_MIN_SIZE_SERVER
+    #define WOLFSSL_QTP_MIN_SIZE_SERVER   0
+#endif
+#ifndef WOLFSSL_STK_MIN_SIZE_CLIENT
+    #define WOLFSSL_STK_MIN_SIZE_CLIENT   0
+#endif
+#ifndef WOLFSSL_STK_MIN_SIZE_SERVER
+    #define WOLFSSL_STK_MIN_SIZE_SERVER   0
+#endif
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/test.h b/wolfssl/test.h
index cc366575f..fa84ab0e0 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1,6 +1,6 @@
 /* test.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,6 +29,12 @@
 #define wolfSSL_TEST_H
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#if defined(OPENSSL_EXTRA) && defined(OPENSSL_COEXIST)
+    #error "Example apps built with OPENSSL_EXTRA can't also be built with OPENSSL_COEXIST."
+#endif
+
 #include <wolfssl/wolfcrypt/wc_port.h>
 
 #ifdef FUSION_RTOS
@@ -79,11 +85,50 @@
     #endif /* HAVE_ECC */
 #endif /*HAVE_PK_CALLBACKS */
 
-#ifdef USE_WINDOWS_API
+#ifdef __WATCOMC__
+    #define SNPRINTF snprintf
+    #if defined(__NT__)
+        #include <winsock2.h>
+        #include <ws2tcpip.h>
+        #include <process.h>
+        #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
+            #include <wspiapi.h>
+        #endif
+        #define SOCKET_T SOCKET
+        #define XSLEEP_MS(t) Sleep(t)
+    #elif defined(__OS2__)
+        #include <netdb.h>
+        #include <sys/ioctl.h>
+        #include <tcpustd.h>
+        #define SOCKET_T int
+    #elif defined(__UNIX__)
+        #include <string.h>
+        #include <netdb.h>
+        #include <netinet/tcp.h>
+        #ifndef WOLFSSL_NDS
+            #include <sys/ioctl.h>
+        #endif
+        #include <time.h>
+        #include <sys/time.h>
+        #ifdef HAVE_PTHREAD
+            #include <pthread.h>
+        #endif
+        #define SOCKET_T int
+        #ifndef SO_NOSIGPIPE
+            #include <signal.h>  /* ignore SIGPIPE */
+        #endif
+
+        #define XSLEEP_MS(m) \
+            { \
+                struct timespec req = { (m)/1000, ((m) % 1000) * 1000 }; \
+                nanosleep( &req, NULL ); \
+            }
+    #endif
+#elif defined(USE_WINDOWS_API)
     #include <winsock2.h>
+    #include <ws2tcpip.h>
     #include <process.h>
     #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
-        #include <ws2tcpip.h>
         #include <wspiapi.h>
     #endif
     #define SOCKET_T SOCKET
@@ -143,9 +188,26 @@
     #include <pthread.h>
     #define SOCKET_T int
 #elif defined(WOLFSSL_ZEPHYR)
+    #include <version.h>
     #include <string.h>
     #include <sys/types.h>
-    #include <zephyr/net/socket.h>
+    #if KERNEL_VERSION_NUMBER >= 0x30100
+        #include <zephyr/net/socket.h>
+        #ifdef CONFIG_POSIX_API
+            #include <zephyr/posix/poll.h>
+            #include <zephyr/posix/netdb.h>
+            #include <zephyr/posix/sys/socket.h>
+            #include <zephyr/posix/sys/select.h>
+        #endif
+    #else
+        #include <net/socket.h>
+        #ifdef CONFIG_POSIX_API
+            #include <posix/poll.h>
+            #include <posix/netdb.h>
+            #include <posix/sys/socket.h>
+            #include <posix/sys/select.h>
+        #endif
+    #endif
     #define SOCKET_T int
     #define SOL_SOCKET 1
     #define WOLFSSL_USE_GETADDRINFO
@@ -175,6 +237,8 @@
         int h_length;        /* length of address */
         char** h_addr_list;  /* list of addresses from the name server */
     };
+#elif defined(ARDUINO)
+    /* TODO, define board-specific */
 #else
     #include <string.h>
     #include <sys/types.h>
@@ -184,7 +248,9 @@
     #include <netinet/in.h>
     #include <netinet/tcp.h>
     #include <arpa/inet.h>
-    #include <sys/ioctl.h>
+    #ifndef WOLFSSL_NDS
+        #include <sys/ioctl.h>
+    #endif
     #include <sys/time.h>
     #include <sys/socket.h>
     #ifdef HAVE_PTHREAD
@@ -287,6 +353,14 @@
     #endif
 #endif
 
+
+#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY) || defined(TEST_PK_PSK)
+    #define WOLFSSL_PKMSG(...) printf(__VA_ARGS__)
+#else
+    #define WOLFSSL_PKMSG(...) WC_DO_NOTHING
+#endif
+
+
 #ifndef MY_EX_USAGE
 #define MY_EX_USAGE 2
 #endif
@@ -645,16 +719,13 @@ void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb,
 void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
                                        callback_functions* server_cb);
 
-/* Return
- *   tmpDir on success
- *   NULL on failure */
-char* create_tmp_dir(char* tmpDir, int len);
-/* Remaining functions return
- * 0 on success
- * -1 on failure */
-int rem_dir(const char* dirName);
-int rem_file(const char* fileName);
-int copy_file(const char* in, const char* out);
+
+#if defined(__MACH__) || defined(__FreeBSD__)
+    int link_file(const char* in, const char* out);
+    #define STAGE_FILE(x,y) link_file((x),(y))
+#else
+    #define STAGE_FILE(x,y) copy_file((x),(y))
+#endif
 
 void signal_ready(tcp_ready* ready);
 
@@ -968,11 +1039,11 @@ static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userda
     (void)rw;
     (void)userdata;
     if (userdata != NULL) {
-        strncpy(passwd, (char*)userdata, sz);
+        strncpy(passwd, (char*)userdata, (size_t) sz);
         return (int)XSTRLEN((char*)userdata);
     }
     else {
-        strncpy(passwd, "yassl123", sz);
+        strncpy(passwd, "yassl123", (size_t) sz);
         return 8;
     }
 }
@@ -1065,10 +1136,11 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
         char serialMsg[80];
 
         /* testsuite has multiple threads writing to stdout, get output
-           message ready to write once */
-        strLen = sprintf(serialMsg, " %s", words[3]);
+         * message ready to write once */
+        strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]);
         for (i = 0; i < sz; i++)
-            sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
+            strLen = XSNPRINTF(serialMsg + strLen,
+                sizeof(serialMsg) - (size_t)strLen, ":%02x ", serial[i]);
         printf("%s\n", serialMsg);
     }
 
@@ -1113,13 +1185,13 @@ static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
 {
     int i;
     int length;
-    unsigned char buffer[3072];
+    unsigned char certPem[3072];
     WOLFSSL_X509* chainX509;
 
     for (i = 0; i < count; i++) {
-        wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
-        buffer[length] = 0;
-        printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
+        wolfSSL_get_chain_cert_pem(chain, i, certPem, sizeof(certPem), &length);
+        certPem[length] = 0;
+        printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, certPem);
 
         chainX509 = wolfSSL_get_chain_X509(chain, i);
         if (chainX509)
@@ -1295,7 +1367,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
 
         if (entry) {
             XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
-                   entry->h_length);
+                   (size_t) entry->h_length);
             useLookup = 1;
         }
     #else
@@ -1396,7 +1468,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
         err_sys_with_errno("socket failed\n");
     }
 
-#ifndef USE_WINDOWS_API
+#if !defined(USE_WINDOWS_API) && !defined(__WATCOMC__) && !defined(__OS2__)
 #ifdef SO_NOSIGPIPE
     {
         int       on = 1;
@@ -1406,7 +1478,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
             err_sys_with_errno("setsockopt SO_NOSIGPIPE failed\n");
     }
 #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
-                        defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
+    defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
     /* nothing to define */
 #elif defined(NETOS)
     /* TODO: signal(SIGPIPE, SIG_IGN); */
@@ -1424,7 +1496,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
             err_sys_with_errno("setsockopt TCP_NODELAY failed\n");
     }
 #endif
-#endif  /* USE_WINDOWS_API */
+#endif  /* !defined(USE_WINDOWS_API) && !defined(__WATCOMC__) && ... */
 }
 
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && defined(WOLFSENTRY_H)
@@ -1478,7 +1550,7 @@ static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
     fd_set* recvfds = NULL;
     fd_set* sendfds = NULL;
     SOCKET_T nfds = socketfd + 1;
-#if !defined(__INTEGRITY)
+#if !defined(__INTEGRITY) && !defined(__WATCOMC__)
     struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0};
 #else
     struct timeval timeout;
@@ -1495,8 +1567,9 @@ static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
     else
         sendfds = &fds;
 
-#if defined(__INTEGRITY)
-    timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
+#if defined(__INTEGRITY) || defined(__WATCOMC__)
+    timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0;
+    timeout.tv_usec = 0;
 #endif
     result = select(nfds, recvfds, sendfds, &errfds, &timeout);
 
@@ -1767,6 +1840,10 @@ static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
         || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
         || defined(WOLFSSL_ZEPHYR)
          /* non blocking not supported, for now */
+    #elif defined(__WATCOMC__) && defined(__OS2__)
+        int blocking = 1;
+        if (ioctl(*sockfd, FIONBIO, &blocking) == -1)
+            err_sys_with_errno("ioctl failed");
     #else
         int flags = fcntl(*sockfd, F_GETFL, 0);
         if (flags < 0)
@@ -1788,6 +1865,10 @@ static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd)
         || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
         || defined(WOLFSSL_ZEPHYR)
          /* non blocking not supported, for now */
+    #elif defined(__WATCOMC__) && defined(__OS2__)
+        int blocking = 0;
+        if (ioctl(*sockfd, FIONBIO, &blocking) == -1)
+            err_sys_with_errno("ioctl failed");
     #else
         int flags = fcntl(*sockfd, F_GETFL, 0);
         if (flags < 0)
@@ -1798,7 +1879,6 @@ static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd)
     #endif
 }
 
-
 #ifndef NO_PSK
 
 /* identity is OpenSSL testing default for openssl s_client, keep same */
@@ -1808,6 +1888,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
         char* identity, unsigned int id_max_len, unsigned char* key,
         unsigned int key_max_len)
 {
+    unsigned int ret;
+
     (void)ssl;
     (void)hint;
     (void)key_max_len;
@@ -1815,15 +1897,16 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
     /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
     XSTRNCPY(identity, kIdentityStr, id_max_len);
 
-    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+    if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
+            wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
-           unsigned binary */
+         * unsigned binary */
         key[0] = 0x1a;
         key[1] = 0x2b;
         key[2] = 0x3c;
         key[3] = 0x4d;
 
-        return 4;   /* length of key in octets or 0 for error */
+        ret = 4;   /* length of key in octets or 0 for error */
     }
     else {
         int i;
@@ -1832,17 +1915,26 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
         for (i = 0; i < 32; i++, b += 0x22) {
             if (b >= 0x100)
                 b = 0x01;
-            key[i] = b;
+            key[i] = (unsigned char) b;
         }
 
-        return 32;   /* length of key in octets or 0 for error */
+        ret = 32;   /* length of key in octets or 0 for error */
     }
+
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Client using HW (Len %d, Hint %s)\n", ret, hint);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 
 
 static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
         unsigned char* key, unsigned int key_max_len)
 {
+    unsigned int ret;
+
     (void)ssl;
     (void)key_max_len;
 
@@ -1850,15 +1942,16 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
     if (XSTRCMP(identity, kIdentityStr) != 0)
         return 0;
 
-    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+    if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
+            wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
-           unsigned binary */
+         * unsigned binary */
         key[0] = 0x1a;
         key[1] = 0x2b;
         key[2] = 0x3c;
         key[3] = 0x4d;
 
-        return 4;   /* length of key in octets or 0 for error */
+        ret = 4;   /* length of key in octets or 0 for error */
     }
     else {
         int i;
@@ -1867,11 +1960,17 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
         for (i = 0; i < 32; i++, b += 0x22) {
             if (b >= 0x100)
                 b = 0x01;
-            key[i] = b;
+            key[i] = (unsigned char) b;
         }
 
-        return 32;   /* length of key in octets or 0 for error */
+        ret = 32;   /* length of key in octets or 0 for error */
     }
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Server using HW (Len %d, Hint %s)\n", ret, identity);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 
 #ifdef WOLFSSL_TLS13
@@ -1879,6 +1978,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
         const char* hint, char* identity, unsigned int id_max_len,
         unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
 {
+    unsigned int ret;
     int i;
     int b = 0x01;
     const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
@@ -1893,12 +1993,23 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
     for (i = 0; i < 32; i++, b += 0x22) {
         if (b >= 0x100)
             b = 0x01;
-        key[i] = b;
+        key[i] = (unsigned char) b;
     }
 
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384";
+#else
     *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
+#endif
 
-    return 32;   /* length of key in octets or 0 for error */
+    ret = 32;   /* length of key in octets or 0 for error */
+
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Client TLS 1.3 using HW (Len %d, Hint %s)\n", ret, hint);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 
 
@@ -1906,9 +2017,10 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
         const char* identity, unsigned char* key, unsigned int key_max_len,
         const char** ciphersuite)
 {
+    unsigned int ret;
     int i;
     int b = 0x01;
-    int kIdLen = (int)XSTRLEN(kIdentityStr);
+    size_t kIdLen = XSTRLEN(kIdentityStr);
     const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
 
     (void)ssl;
@@ -1924,25 +2036,34 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
     for (i = 0; i < 32; i++, b += 0x22) {
         if (b >= 0x100)
             b = 0x01;
-        key[i] = b;
+        key[i] = (unsigned char) b;
     }
 
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384";
+#else
     *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
+#endif
 
-    return 32;   /* length of key in octets or 0 for error */
+    ret = 32;   /* length of key in octets or 0 for error */
+
+#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
+    WOLFSSL_PKMSG("PSK Server TLS 1.3 using HW (Len %d, Hint %s)\n",
+        ret, identity);
+    ret = (unsigned int)USE_HW_PSK;
+#endif
+
+    return ret;
 }
 #endif
 
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
-       !defined(NO_FILESYSTEM)
-static unsigned char local_psk[32];
-#endif
+#ifdef OPENSSL_EXTRA
 static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
             const WOLFSSL_EVP_MD* md, const unsigned char **id,
             size_t* idlen,  WOLFSSL_SESSION **sess)
 {
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
-       !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+    static unsigned char local_psk[32];
     int i;
     WOLFSSL_SESSION* lsess;
     char buf[256];
@@ -1979,7 +2100,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
         for (i = 0; i < 32; i++, b += 0x22) {
             if (b >= 0x100)
                 b = 0x01;
-            local_psk[i] = b;
+            local_psk[i] = (unsigned char) b;
         }
 
         *id = local_psk;
@@ -2005,6 +2126,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
     return 0;
 #endif
 }
+#endif /* OPENSSL_EXTRA */
 
 static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
         const char* hint, char* identity, unsigned int id_max_len,
@@ -2032,7 +2154,7 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
     for (i = 0; i < 32; i++, b += 0x22) {
         if (b >= 0x100)
             b = 0x01;
-        key[i] = b;
+        key[i] = (unsigned char) b;
     }
 
     return 32;   /* length of key in octets or 0 for error */
@@ -2047,7 +2169,9 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
 #elif defined(USE_WINDOWS_API)
 
     #define WIN32_LEAN_AND_MEAN
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 
     static WC_INLINE double current_time(int reset)
     {
@@ -2325,7 +2449,7 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
 enum {
     VERIFY_OVERRIDE_ERROR,
     VERIFY_FORCE_FAIL,
-    VERIFY_USE_PREVERFIY,
+    VERIFY_USE_PREVERIFY,
     VERIFY_OVERRIDE_DATE_ERR,
 };
 static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
@@ -2339,7 +2463,7 @@ static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
 
 static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
 {
-    char buffer[WOLFSSL_MAX_ERROR_SZ];
+    char err_buffer[WOLFSSL_MAX_ERROR_SZ];
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     WOLFSSL_X509* peer;
 #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \
@@ -2366,7 +2490,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
      */
 
     fprintf(stderr, "In verification callback, error = %d, %s\n", store->error,
-                                 wolfSSL_ERR_error_string(store->error, buffer));
+            wolfSSL_ERR_error_string((unsigned long) store->error, err_buffer));
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     peer = store->current_cert;
     if (peer) {
@@ -2491,10 +2615,42 @@ static WC_INLINE void CRL_CallBack(const char* url)
 #endif
 
 #ifndef NO_DH
-static WC_INLINE void SetDH(WOLFSSL* ssl)
-{
+#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
+    /* dh2048 p */
+    static const unsigned char test_dh_p[] =
+    {
+        0xD3, 0xB2, 0x99, 0x84, 0x5C, 0x0A, 0x4C, 0xE7, 0x37, 0xCC, 0xFC, 0x18,
+        0x37, 0x01, 0x2F, 0x5D, 0xC1, 0x4C, 0xF4, 0x5C, 0xC9, 0x82, 0x8D, 0xB7,
+        0xF3, 0xD4, 0xA9, 0x8A, 0x9D, 0x34, 0xD7, 0x76, 0x57, 0xE5, 0xE5, 0xC3,
+        0xE5, 0x16, 0x85, 0xCA, 0x4D, 0xD6, 0x5B, 0xC1, 0xF8, 0xCF, 0x89, 0x26,
+        0xD0, 0x38, 0x8A, 0xEE, 0xF3, 0xCD, 0x33, 0xE5, 0x56, 0xBB, 0x90, 0x83,
+        0x9F, 0x97, 0x8E, 0x71, 0xFB, 0x27, 0xE4, 0x35, 0x15, 0x45, 0x86, 0x09,
+        0x71, 0xA8, 0x9A, 0xB9, 0x3E, 0x0F, 0x51, 0x8A, 0xC2, 0x75, 0x51, 0x23,
+        0x12, 0xFB, 0x94, 0x31, 0x44, 0xBF, 0xCE, 0xF6, 0xED, 0xA6, 0x3A, 0xB7,
+        0x92, 0xCE, 0x16, 0xA9, 0x14, 0xB3, 0x88, 0xB7, 0x13, 0x81, 0x71, 0x83,
+        0x88, 0xCD, 0xB1, 0xA2, 0x37, 0xE1, 0x59, 0x5C, 0xD0, 0xDC, 0xCA, 0x82,
+        0x87, 0xFA, 0x43, 0x44, 0xDD, 0x78, 0x3F, 0xCA, 0x27, 0x7E, 0xE1, 0x6B,
+        0x93, 0x19, 0x7C, 0xD9, 0xA6, 0x96, 0x47, 0x0D, 0x12, 0xC1, 0x13, 0xD7,
+        0xB9, 0x0A, 0x40, 0xD9, 0x1F, 0xFF, 0xB8, 0xB4, 0x00, 0xC8, 0xAA, 0x5E,
+        0xD2, 0x66, 0x4A, 0x05, 0x8E, 0x9E, 0xF5, 0x34, 0xE7, 0xD7, 0x09, 0x7B,
+        0x15, 0x49, 0x1D, 0x76, 0x31, 0xD6, 0x71, 0xEC, 0x13, 0x4E, 0x89, 0x8C,
+        0x09, 0x22, 0xD8, 0xE7, 0xA3, 0xE9, 0x7D, 0x21, 0x51, 0x26, 0x6E, 0x9F,
+        0x30, 0x8A, 0xBB, 0xBC, 0x74, 0xC1, 0xC3, 0x27, 0x6A, 0xCE, 0xA3, 0x12,
+        0x60, 0x68, 0x01, 0xD2, 0x34, 0x07, 0x80, 0xCC, 0x2D, 0x7F, 0x5C, 0xAE,
+        0xA2, 0x97, 0x40, 0xC8, 0x3C, 0xAC, 0xDB, 0x6F, 0xFE, 0x6C, 0x6D, 0xD2,
+        0x06, 0x1C, 0x43, 0xA2, 0xB2, 0x2B, 0x82, 0xB7, 0xD0, 0xAB, 0x3F, 0x2C,
+        0xE7, 0x9C, 0x19, 0x16, 0xD1, 0x5E, 0x26, 0x86, 0xC7, 0x92, 0xF9, 0x16,
+        0x0B, 0xFA, 0x66, 0x83
+    };
+
+    /* dh2048 g */
+    static const unsigned char test_dh_g[] =
+    {
+      0x02,
+    };
+#else
     /* dh1024 p */
-    static const unsigned char p[] =
+    static const unsigned char test_dh_p[] =
     {
         0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
         0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
@@ -2510,39 +2666,22 @@ static WC_INLINE void SetDH(WOLFSSL* ssl)
     };
 
     /* dh1024 g */
-    static const unsigned char g[] =
+    static const unsigned char test_dh_g[] =
     {
       0x02,
     };
+#endif
 
-    wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
+static WC_INLINE void SetDH(WOLFSSL* ssl)
+{
+    wolfSSL_SetTmpDH(ssl, test_dh_p, sizeof(test_dh_p), test_dh_g,
+        sizeof(test_dh_g));
 }
 
 static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
 {
-    /* dh1024 p */
-    static const unsigned char p[] =
-    {
-        0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
-        0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
-        0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
-        0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
-        0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
-        0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
-        0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
-        0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
-        0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
-        0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
-        0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
-    };
-
-    /* dh1024 g */
-    static const unsigned char g[] =
-    {
-      0x02,
-    };
-
-    wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
+    wolfSSL_CTX_SetTmpDH(ctx, test_dh_p, sizeof(test_dh_p), test_dh_g,
+        sizeof(test_dh_g));
 }
 #endif /* NO_DH */
 
@@ -2642,7 +2781,7 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
     if (ret != 0)
         return ret;
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
-               wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
+               wolfSSL_GetMacSecret(ssl, macVerify), (word32) wolfSSL_GetHmacSize(ssl));
     if (ret != 0)
         return ret;
     ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
@@ -2676,7 +2815,7 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
             fprintf(stderr, "AesInit failed in myMacEncryptCb\n");
             return ret;
         }
-        ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(&encCtx->aes, key, (word32) keyLen, iv, AES_ENCRYPTION);
         if (ret != 0) {
             fprintf(stderr, "AesSetKey failed in myMacEncryptCb\n");
             return ret;
@@ -2695,7 +2834,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
 {
     AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
     int ret      = 0;
-    int macInSz  = 0;
+    unsigned int macInSz  = 0;
     int ivExtra  = 0;
     int digestSz = wolfSSL_GetHmacSize(ssl);
     unsigned int pad     = 0;
@@ -2737,7 +2876,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
             fprintf(stderr, "AesInit failed in myDecryptVerifyCb\n");
             return ret;
         }
-        ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(&decCtx->aes, key, (word32) keyLen, iv, AES_DECRYPTION);
         if (ret != 0) {
             fprintf(stderr, "AesSetKey failed in myDecryptVerifyCb\n");
             return ret;
@@ -2751,7 +2890,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
         return ret;
 
     if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
-        *padSz = wolfSSL_GetAeadMacSize(ssl);
+        *padSz = (unsigned int)wolfSSL_GetAeadMacSize(ssl);
         return 0; /* hmac, not needed if aead mode */
     }
 
@@ -2762,8 +2901,8 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
             ivExtra = wolfSSL_GetCipherBlockSize(ssl);
     }
 
-    *padSz  = wolfSSL_GetHmacSize(ssl) + pad + padByte;
-    macInSz = decSz - ivExtra - digestSz - pad - padByte;
+    *padSz  = (unsigned int)wolfSSL_GetHmacSize(ssl) + pad + padByte;
+    macInSz = decSz - (unsigned int)ivExtra - (unsigned int)digestSz - pad - padByte;
 
     wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
 
@@ -2771,7 +2910,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
     if (ret != 0)
         return ret;
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
-               wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
+               wolfSSL_GetMacSecret(ssl, macVerify), (unsigned int) digestSz);
     if (ret != 0)
         return ret;
     ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
@@ -2785,7 +2924,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
         return ret;
 
     if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
-               digestSz) != 0) {
+               (size_t) digestSz) != 0) {
         printf("myDecryptVerify verify failed\n");
         return -1;
     }
@@ -2836,7 +2975,7 @@ static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
             fprintf(stderr, "AesInit failed in myMacEncryptCb\n");
             return ret;
         }
-        ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(&encCtx->aes, key, (word32) keyLen, iv, AES_ENCRYPTION);
         if (ret != 0) {
             fprintf(stderr, "AesSetKey failed in myMacEncryptCb\n");
             return ret;
@@ -2856,7 +2995,7 @@ static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
     if (ret != 0)
         return ret;
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
-               wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
+               wolfSSL_GetMacSecret(ssl, macVerify), (word32) wolfSSL_GetHmacSize(ssl));
     if (ret != 0)
         return ret;
     ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
@@ -2900,7 +3039,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
     if (ret != 0)
         return ret;
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
-               wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
+               wolfSSL_GetMacSecret(ssl, macVerify), (word32) digestSz);
     if (ret != 0)
         return ret;
     ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
@@ -2913,7 +3052,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
     if (ret != 0)
         return ret;
 
-    if (XMEMCMP(verify, decOut + decSz, digestSz) != 0) {
+    if (XMEMCMP(verify, decOut + decSz, (size_t) digestSz) != 0) {
         printf("myDecryptVerify verify failed\n");
         return -1;
     }
@@ -2939,7 +3078,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
             fprintf(stderr, "AesInit failed in myDecryptVerifyCb\n");
             return ret;
         }
-        ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(&decCtx->aes, key, (word32) keyLen, iv, AES_DECRYPTION);
         if (ret != 0) {
             fprintf(stderr, "AesSetKey failed in myDecryptVerifyCb\n");
             return ret;
@@ -3020,7 +3159,7 @@ static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl)
 
 #endif /* ATOMIC_USER */
 
-#ifdef WOLFSSL_STATIC_MEMORY
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
 static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
 {
     word16 i;
@@ -3077,12 +3216,6 @@ typedef struct PkCbInfo {
 #endif
 } PkCbInfo;
 
-#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
-    #define WOLFSSL_PKMSG(...) printf(__VA_ARGS__)
-#else
-    #define WOLFSSL_PKMSG(...) WC_DO_NOTHING
-#endif
-
 #ifdef HAVE_ECC
 
 static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
@@ -3108,7 +3241,7 @@ static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
         WC_RNG *rng = wolfSSL_GetRNG(ssl);
 
         /* create new key */
-        ret = wc_ecc_make_key_ex(rng, keySz, new_key, ecc_curve);
+        ret = wc_ecc_make_key_ex(rng, (int) keySz, new_key, ecc_curve);
 
     #ifdef TEST_PK_PRIVKEY
         if (ret == 0 && new_key != key) {
@@ -3265,8 +3398,9 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         ret = BAD_FUNC_ARG;
     }
 
-#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
-                                                         !defined(HAVE_SELFTEST)
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
+    !defined(HAVE_SELFTEST)
     if (ret == 0) {
         ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
     }
@@ -3304,7 +3438,7 @@ static WC_INLINE int myHkdfExtract(byte* prk, const byte* salt, word32 saltLen,
        byte* ikm, word32 ikmLen, int digest, void* ctx)
 {
     int ret;
-    int len = 0;
+    word32 len = 0;
 
     switch (digest) {
 #ifndef NO_SHA256
@@ -3435,7 +3569,7 @@ static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key,
     if (ret != 0)
         return ret;
 
-    ret = wc_curve25519_make_key(&rng, keySz, key);
+    ret = wc_curve25519_make_key(&rng, (int) keySz, key);
 
     wc_FreeRng(&rng);
 
@@ -3606,7 +3740,7 @@ static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key,
     if (ret != 0)
         return ret;
 
-    ret = wc_curve448_make_key(&rng, keySz, key);
+    ret = wc_curve448_make_key(&rng, (int) keySz, key);
 
     wc_FreeRng(&rng);
 
@@ -3739,7 +3873,7 @@ static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
         if (ret == 0)
             ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
         if (ret > 0) {  /* save and convert to 0 success */
-            *outSz = ret;
+            *outSz = (word32) ret;
             ret = 0;
         }
         wc_FreeRsaKey(&myKey);
@@ -3825,9 +3959,11 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
 {
     enum wc_HashType hashType = WC_HASH_TYPE_NONE;
     WC_RNG           rng;
-    int              ret;
+    int              ret = 0;
     word32           idx = 0;
     RsaKey           myKey;
+    byte*            inBuf = (byte*)in;
+    word32           inBufSz = inSz;
     byte*            keyBuf = (byte*)key;
     PkCbInfo* cbInfo = (PkCbInfo*)ctx;
 
@@ -3865,17 +4001,40 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
     if (ret != 0)
         return ret;
 
-    ret = wc_InitRsaKey(&myKey, NULL);
+    #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+        /* With this defined, RSA-PSS sign callback when used from TLS 1.3
+         * does not hash data before giving to this callback. User must
+         * compute hash themselves. */
+        if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3) {
+            inBufSz = wc_HashGetDigestSize(hashType);
+            inBuf = (byte*)XMALLOC(inBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (inBuf == NULL) {
+                ret = MEMORY_E;
+            }
+            if (ret == 0) {
+                ret = wc_Hash(hashType, in, inSz, inBuf, inBufSz);
+            }
+        }
+    #endif
+
+    if (ret == 0) {
+        ret = wc_InitRsaKey(&myKey, NULL);
+    }
     if (ret == 0) {
         ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
         if (ret == 0) {
-            ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
-                                 &rng);
+            ret = wc_RsaPSS_Sign(inBuf, inBufSz, out, *outSz, hashType, mgf,
+                                 &myKey, &rng);
         }
         if (ret > 0) {  /* save and convert to 0 success */
-            *outSz = ret;
+            *outSz = (word32) ret;
             ret = 0;
         }
+    #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+        if ((inBuf != NULL) && (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3)) {
+            XFREE(inBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+    #endif
         wc_FreeRsaKey(&myKey);
     }
     wc_FreeRng(&rng);
@@ -4024,7 +4183,7 @@ static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
         if (ret == 0) {
             ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
             if (ret > 0) {
-                *outSz = ret;
+                *outSz = (word32) ret;
                 ret = 0;  /* reset to success */
             }
         }
@@ -4101,6 +4260,25 @@ static WC_INLINE int myGenMaster(WOLFSSL* ssl, void* ctx)
     return ret;
 }
 
+static WC_INLINE int myGenExtMaster(WOLFSSL* ssl, byte* hash, word32 hashSz,
+                                        void* ctx)
+{
+    int       ret;
+    PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+    (void)ssl;
+    (void)cbInfo;
+    (void)hash;
+    (void)hashSz;
+
+    WOLFSSL_PKMSG("Gen Extended Master");
+    /* fall through to original routine */
+    ret = PROTOCOLCB_UNAVAILABLE;
+    WOLFSSL_PKMSG("Gen Extended Master: ret %d\n", ret);
+
+    return ret;
+}
+
 static WC_INLINE int myGenPreMaster(WOLFSSL* ssl, byte *premaster,
                                                   word32 preSz, void* ctx)
 {
@@ -4253,6 +4431,7 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
 
     #ifndef NO_CERTS
     wolfSSL_CTX_SetGenMasterSecretCb(ctx, myGenMaster);
+    wolfSSL_CTX_SetGenExtMasterSecretCb(ctx, myGenExtMaster);
     wolfSSL_CTX_SetGenPreMasterCb(ctx, myGenPreMaster);
     wolfSSL_CTX_SetGenSessionKeyCb(ctx, myGenSessionKey);
     wolfSSL_CTX_SetEncryptKeysCb(ctx, mySetEncryptKeys);
@@ -4308,6 +4487,7 @@ static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
 
     #ifndef NO_CERTS
     wolfSSL_SetGenMasterSecretCtx(ssl, myCtx);
+    wolfSSL_SetGenExtMasterSecretCtx(ssl, myCtx);
     wolfSSL_SetGenPreMasterCtx(ssl, myCtx);
     wolfSSL_SetGenSessionKeyCtx(ssl, myCtx);
     wolfSSL_SetEncryptKeysCtx(ssl, myCtx);
@@ -4368,7 +4548,7 @@ static WC_INLINE int SimulateWantWriteIOSendCb(WOLFSSL *ssl, char *buf, int sz,
 #endif /* USE_WOLFSSL_IO */
 
 #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
-                      || defined(_MSC_VER)
+                      || defined(_MSC_VER) || defined(__WATCOMC__)
 
 /* HP/UX doesn't have strsep, needed by test/suites.c */
 static WC_INLINE char* strsep(char **stringp, const char *delim)
@@ -4578,7 +4758,7 @@ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
                                               mac);
         #elif defined(HAVE_AESGCM)
             ret = wc_AesGcmEncrypt(&tickCtx->aes, ticket, ticket, inLen,
-                                   iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
+                                   iv, GCM_NONCE_MID_SZ, mac, WC_AES_BLOCK_SIZE,
                                    tickCtx->aad, aadSz);
         #endif
         }
@@ -4592,7 +4772,7 @@ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
                                               ticket);
         #elif defined(HAVE_AESGCM)
             ret = wc_AesGcmDecrypt(&tickCtx->aes, ticket, ticket, inLen,
-                                   iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
+                                   iv, GCM_NONCE_MID_SZ, mac, WC_AES_BLOCK_SIZE,
                                    tickCtx->aad, aadSz);
         #endif
         }
@@ -4750,4 +4930,23 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName);
 
 #define DTLS_CID_BUFFER_SIZE 256
 
+static WC_MAYBE_UNUSED void *mymemmem(const void *haystack, size_t haystacklen,
+                                      const void *needle, size_t needlelen)
+{
+    size_t i, j;
+    const char* h = (const char*)haystack;
+    const char* n = (const char*)needle;
+    if (needlelen > haystacklen)
+        return NULL;
+    for (i = 0; i <= haystacklen - needlelen; i++) {
+        for (j = 0; j < needlelen; j++) {
+            if (h[i + j] != n[j])
+                break;
+        }
+        if (j == needlelen)
+            return (void*)(h + i);
+    }
+    return NULL;
+}
+
 #endif /* wolfSSL_TEST_H */
diff --git a/wolfssl/version.h b/wolfssl/version.h
index c0cad152b..ea3277d4f 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.6.6"
-#define LIBWOLFSSL_VERSION_HEX 0x05006006
+#define LIBWOLFSSL_VERSION_STRING "5.7.6"
+#define LIBWOLFSSL_VERSION_HEX 0x05007006
 
 #ifdef __cplusplus
 }
diff --git a/wolfssl/version.h.in b/wolfssl/version.h.in
index 158e00b44..126e1a0eb 100644
--- a/wolfssl/version.h.in
+++ b/wolfssl/version.h.in
@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 75653bad3..e5ac0c70e 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,8 +55,13 @@ typedef struct Gcm {
 #endif /* GCM_TABLE */
 } Gcm;
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_AES_sanity(void);
+#endif
+
 WOLFSSL_LOCAL void GenerateM0(Gcm* gcm);
-#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM)
 WOLFSSL_LOCAL void GMULT(byte* X, byte* Y);
 #endif
 WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
@@ -85,10 +90,14 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 #ifdef WOLFSSL_XILINX_CRYPT_VERSAL
 #include <wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
 #include <xsecure_aesclient.h>
-#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+    #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#endif
 #else /* versal */
 #include <xsecure_aes.h>
-#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+    #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#endif
 #endif /* !versal */
 #endif /* WOLFSSL_XILINX_CRYPT */
 
@@ -175,8 +184,22 @@ enum {
     AES_ENC_TYPE   = WC_CIPHER_AES,   /* cipher unique type */
     AES_ENCRYPTION = 0,
     AES_DECRYPTION = 1,
+#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+    AES_ENCRYPTION_AND_DECRYPTION = 2,
+#endif
 
-    AES_BLOCK_SIZE      = 16,
+    WC_AES_BLOCK_SIZE      = 16,
+#ifdef OPENSSL_COEXIST
+    /* allow OPENSSL_COEXIST applications to detect absence of AES_BLOCK_SIZE
+     * and presence of WC_AES_BLOCK_SIZE.
+     *
+     * if WC_NO_COMPAT_AES_BLOCK_SIZE is defined, WC_AES_BLOCK_SIZE is
+     * available, otherwise AES_BLOCK_SIZE is available.
+     */
+    #define WC_NO_COMPAT_AES_BLOCK_SIZE
+#else
+    #define AES_BLOCK_SIZE WC_AES_BLOCK_SIZE
+#endif
 
     KEYWRAP_BLOCK_SIZE  = 8,
 
@@ -215,9 +238,9 @@ enum {
     #endif
 
     /* Number of bits to a block. */
-    #define AES_BLOCK_BITS      (AES_BLOCK_SIZE * 8)
+    #define AES_BLOCK_BITS      (WC_AES_BLOCK_SIZE * 8)
     /* Number of bytes of input that can be processed in one call. */
-    #define BS_BLOCK_SIZE       (AES_BLOCK_SIZE * BS_WORD_SIZE)
+    #define BS_BLOCK_SIZE       (WC_AES_BLOCK_SIZE * BS_WORD_SIZE)
     /* Number of words in a block.  */
     #define BS_BLOCK_WORDS      (AES_BLOCK_BITS / BS_WORD_SIZE)
 
@@ -246,16 +269,16 @@ struct Aes {
     ALIGN16 word32 key[60];
 #ifdef WC_AES_BITSLICED
     /* Extra key schedule space required for bit-slicing technique. */
-    ALIGN16 bs_word bs_key[15 * AES_BLOCK_SIZE * BS_WORD_SIZE];
+    ALIGN16 bs_word bs_key[15 * WC_AES_BLOCK_SIZE * BS_WORD_SIZE];
 #endif
     word32  rounds;
-#ifdef WC_AES_C_DYNAMIC_FALLBACK
+#ifdef WC_C_DYNAMIC_FALLBACK
     word32 key_C_fallback[60];
 #endif
     int     keylen;
 
-    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
-    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
+    ALIGN16 word32 reg[WC_AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
+    ALIGN16 word32 tmp[WC_AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
 
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
     word32 invokeCtr[2];
@@ -281,6 +304,14 @@ struct Aes {
 #ifdef WOLFSSL_AESNI
     byte use_aesni;
 #endif /* WOLFSSL_AESNI */
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    byte use_aes_hw_crypto;
+#ifdef HAVE_AESGCM
+    byte use_pmull_hw_crypto;
+    byte use_sha3_hw_crypto;
+#endif
+#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 #ifdef WOLF_CRYPTO_CB
     int    devId;
     void*  devCtx;
@@ -315,7 +346,7 @@ struct Aes {
     int alFd; /* server socket to bind to */
     int rdFd; /* socket to read from */
     struct msghdr msg;
-    int dir;  /* flag for encrpyt or decrypt */
+    int dir;  /* flag for encrypt or decrypt */
 #ifdef WOLFSSL_AFALG_XILINX_AES
     word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) +
                   GCM_NONCE_MID_SZ)];
@@ -367,18 +398,19 @@ struct Aes {
     void*  heap; /* memory hint to use */
 #ifdef WOLFSSL_AESGCM_STREAM
 #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
-    ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
+    ALIGN16 byte streamData[5 * WC_AES_BLOCK_SIZE];
 #else
     byte*        streamData;
+    word32       streamData_sz;
 #endif
     word32       aSz;
     word32       cSz;
     byte         over;
     byte         aOver;
     byte         cOver;
-    byte         gcmKeySet:1;
-    byte         nonceSet:1;
-    byte         ctrSet:1;
+    WC_BITFIELD  gcmKeySet:1;
+    WC_BITFIELD  nonceSet:1;
+    WC_BITFIELD  ctrSet:1;
 #endif
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     void *CipherLifecycleTag; /* used for dummy allocation and initialization,
@@ -393,12 +425,37 @@ struct Aes {
 #endif
 
 #ifdef WOLFSSL_AES_XTS
-typedef struct XtsAes {
-    Aes aes;
-    Aes tweak;
-} XtsAes;
+    #if FIPS_VERSION3_GE(6,0,0)
+        /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
+         * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+         * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes)
+         */
+        #define FIPS_AES_XTS_MAX_BYTES_PER_TWEAK 16777216
+    #endif
+    struct XtsAes {
+        Aes aes;
+    #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
+        Aes aes_decrypt;
+    #endif
+        Aes tweak;
+    };
+
+    #ifdef WOLFSSL_AESXTS_STREAM
+        struct XtsAesStreamData {
+            byte tweak_block[WC_AES_BLOCK_SIZE];
+            word32 bytes_crypted_with_this_tweak;
+        };
+    #endif
+
+    #ifndef WC_AESXTS_TYPE_DEFINED
+        typedef struct XtsAes XtsAes;
+        typedef struct XtsAesStreamData XtsAesStreamData;
+        #define WC_AESXTS_TYPE_DEFINED
+    #endif
+
 #endif
 
+
 #if (!defined(WC_AESFREE_IS_MANDATORY)) &&                              \
     (defined(WC_DEBUG_CIPHER_LIFECYCLE) ||                              \
      (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) ||  \
@@ -420,9 +477,15 @@ typedef struct XtsAes {
 #endif
 
 #ifdef HAVE_AESGCM
-typedef struct Gmac {
+struct Gmac {
     Aes aes;
-} Gmac;
+};
+
+#ifndef WC_AESGCM_TYPE_DEFINED
+    typedef struct Gmac Gmac;
+    #define WC_AESGCM_TYPE_DEFINED
+#endif
+
 #endif /* HAVE_AESGCM */
 #endif /* HAVE_FIPS */
 
@@ -648,6 +711,28 @@ WOLFSSL_API int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes,
         byte* out, const byte* in, word32 sz, word64 sector,
         word32 sectorSz);
 
+#ifdef WOLFSSL_AESXTS_STREAM
+
+WOLFSSL_API int wc_AesXtsEncryptInit(XtsAes* aes, const byte* i, word32 iSz,
+         struct XtsAesStreamData *stream);
+
+WOLFSSL_API int wc_AesXtsDecryptInit(XtsAes* aes, const byte* i, word32 iSz,
+         struct XtsAesStreamData *stream);
+
+WOLFSSL_API int wc_AesXtsEncryptUpdate(XtsAes* aes, byte* out,
+         const byte* in, word32 sz, struct XtsAesStreamData *stream);
+
+WOLFSSL_API int wc_AesXtsDecryptUpdate(XtsAes* aes, byte* out,
+         const byte* in, word32 sz, struct XtsAesStreamData *stream);
+
+WOLFSSL_API int wc_AesXtsEncryptFinal(XtsAes* aes, byte* out,
+         const byte* in, word32 sz, struct XtsAesStreamData *stream);
+
+WOLFSSL_API int wc_AesXtsDecryptFinal(XtsAes* aes, byte* out,
+         const byte* in, word32 sz, struct XtsAesStreamData *stream);
+
+#endif /* WOLFSSL_AESXTS_STREAM */
+
 WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
 #endif
 
@@ -661,8 +746,17 @@ WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
         int devId);
 #endif
 WOLFSSL_API void wc_AesFree(Aes* aes);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code);
+WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p);
+#endif
 
 #ifdef WOLFSSL_AES_SIV
+typedef struct AesSivAssoc {
+    const byte* assoc;
+    word32 assocSz;
+} AesSivAssoc;
+
 WOLFSSL_API
 int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
@@ -671,6 +765,15 @@ WOLFSSL_API
 int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out);
+
+WOLFSSL_API
+int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out);
+WOLFSSL_API
+int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out);
 #endif
 
 #ifdef WOLFSSL_AES_EAX
@@ -684,10 +787,10 @@ struct AesEax {
     Cmac nonceCmac;
     Cmac aadCmac;
     Cmac ciphertextCmac;
-    byte nonceCmacFinal[AES_BLOCK_SIZE];
-    byte aadCmacFinal[AES_BLOCK_SIZE];
-    byte ciphertextCmacFinal[AES_BLOCK_SIZE];
-    byte prefixBuf[AES_BLOCK_SIZE];
+    byte nonceCmacFinal[WC_AES_BLOCK_SIZE];
+    byte aadCmacFinal[WC_AES_BLOCK_SIZE];
+    byte ciphertextCmacFinal[WC_AES_BLOCK_SIZE];
+    byte prefixBuf[WC_AES_BLOCK_SIZE];
 };
 #endif /* !defined(WOLF_CRYPT_CMAC_H) */
 
@@ -737,6 +840,60 @@ WOLFSSL_API int wc_AesEaxFree(AesEax* eax);
 
 #endif /* WOLFSSL_AES_EAX */
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+
+/* GHASH one block of data.
+ *
+ * XOR block into tag and GMULT with H.
+ *
+ * @param [in, out] aes    AES GCM object.
+ * @param [in]      block  Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK_AARCH64(aes, block)             \
+    do {                                                \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
+        GMULT_AARCH64(AES_TAG(aes), aes->gcm.H);        \
+    }                                                   \
+    while (0)
+
+WOLFSSL_LOCAL int AES_set_key_AARCH64(const unsigned char *userKey,
+    const int keylen, Aes* aes, int dir);
+WOLFSSL_LOCAL void AES_encrypt_AARCH64(const byte* inBlock, byte* outBlock,
+    byte* key, int nr);
+WOLFSSL_LOCAL void AES_decrypt_AARCH64(const byte* inBlock, byte* outBlock,
+    byte* key, int nr);
+WOLFSSL_LOCAL void AES_CBC_encrypt_AARCH64(const byte* in, byte* out, word32 sz,
+    byte* reg, byte* key, int rounds);
+WOLFSSL_LOCAL void AES_CBC_decrypt_AARCH64(const byte* in, byte* out, word32 sz,
+    byte* reg, byte* key, int rounds);
+WOLFSSL_LOCAL void AES_CTR_encrypt_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz);
+WOLFSSL_LOCAL void GMULT_AARCH64(byte* X, byte* Y);
+#ifdef WOLFSSL_AESGCM_STREAM
+WOLFSSL_LOCAL void GHASH_UPDATE_AARCH64(Aes* aes, const byte* a, word32 aSz,
+    const byte* c, word32 cSz);
+WOLFSSL_LOCAL void AES_GCM_init_AARCH64(Aes* aes, const byte* iv, word32 ivSz);
+WOLFSSL_LOCAL void AES_GCM_crypt_update_AARCH64(Aes* aes, byte* out,
+    const byte* in, word32 sz);
+WOLFSSL_LOCAL void AES_GCM_final_AARCH64(Aes* aes, byte* authTag,
+    word32 authTagSz);
+#endif
+WOLFSSL_LOCAL void AES_GCM_set_key_AARCH64(Aes* aes, byte* iv);
+WOLFSSL_LOCAL void AES_GCM_encrypt_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz);
+WOLFSSL_LOCAL int AES_GCM_decrypt_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, const byte* authTag,
+    word32 authTagSz, const byte* authIn, word32 authInSz);
+
+#ifdef WOLFSSL_AES_XTS
+WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(XtsAes* xaes, byte* out,
+    const byte* in, word32 sz, const byte* i);
+WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(XtsAes* xaes, byte* out,
+    const byte* in, word32 sz, const byte* i);
+#endif /* WOLFSSL_AES_XTS */
+#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/arc4.h b/wolfssl/wolfcrypt/arc4.h
index fe58b10ec..cdddde8a4 100644
--- a/wolfssl/wolfcrypt/arc4.h
+++ b/wolfssl/wolfcrypt/arc4.h
@@ -1,6 +1,6 @@
 /* arc4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ascon.h b/wolfssl/wolfcrypt/ascon.h
new file mode 100644
index 000000000..196a8ca29
--- /dev/null
+++ b/wolfssl/wolfcrypt/ascon.h
@@ -0,0 +1,109 @@
+/* ascon.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLF_CRYPT_ASCON_H
+#define WOLF_CRYPT_ASCON_H
+
+#ifdef HAVE_ASCON
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ASCON_HASH256_SZ                               32
+
+#define ASCON_AEAD128_KEY_SZ                           16
+#define ASCON_AEAD128_NONCE_SZ                         16
+#define ASCON_AEAD128_TAG_SZ                           16
+
+typedef union AsconState {
+#ifdef WORD64_AVAILABLE
+    word64 s64[5];
+#endif
+    word32 s32[10];
+    word16 s16[20];
+    byte    s8[40];
+} AsconState;
+
+typedef struct wc_AsconHash256 {
+    AsconState state;
+    byte lastBlkSz;
+} wc_AsconHash256;
+
+enum {
+    ASCON_AEAD128_NOTSET  = 0,
+    ASCON_AEAD128_ENCRYPT = 1,
+    ASCON_AEAD128_DECRYPT = 2
+};
+
+typedef struct wc_AsconAEAD128 {
+    /* needed throughout both encrypt and decrypt */
+#ifdef WORD64_AVAILABLE
+    word64 key[ASCON_AEAD128_KEY_SZ/sizeof(word64)];
+#endif
+    AsconState state;
+    byte lastBlkSz;
+    byte keySet:1;   /* has the key been processed */
+    byte nonceSet:1; /* has the nonce been processed */
+    byte adSet:1;    /* has the associated data been processed */
+    byte op:2;       /* 0 for not set, 1 for encrypt, 2 for decrypt */
+} wc_AsconAEAD128;
+
+/* AsconHash API */
+
+WOLFSSL_API wc_AsconHash256* wc_AsconHash256_New(void);
+WOLFSSL_API void wc_AsconHash256_Free(wc_AsconHash256* a);
+WOLFSSL_API int wc_AsconHash256_Init(wc_AsconHash256* a);
+WOLFSSL_API void wc_AsconHash256_Clear(wc_AsconHash256* a);
+WOLFSSL_API int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data,
+                                       word32 dataSz);
+WOLFSSL_API int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash);
+
+WOLFSSL_API wc_AsconAEAD128* wc_AsconAEAD128_New(void);
+WOLFSSL_API void wc_AsconAEAD128_Free(wc_AsconAEAD128* a);
+WOLFSSL_API int wc_AsconAEAD128_Init(wc_AsconAEAD128* a);
+WOLFSSL_API void wc_AsconAEAD128_Clear(wc_AsconAEAD128* a);
+
+/* AsconAEAD API */
+
+WOLFSSL_API int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key);
+WOLFSSL_API int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce);
+WOLFSSL_API int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad,
+                                      word32 adSz);
+
+WOLFSSL_API int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                              const byte* in, word32 inSz);
+WOLFSSL_API int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag);
+
+WOLFSSL_API int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                              const byte* in, word32 inSz);
+WOLFSSL_API int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a,
+                                             const byte* tag);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* HAVE_ASCON */
+
+#endif /* WOLF_CRYPT_ASCON_H */
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 52041e509..15efecd5a 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1,6 +1,6 @@
 /* asn.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,8 +36,7 @@ that can be serialized and deserialized in a cross-platform way.
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#ifndef NO_ASN
-
+#if !defined(NO_ASN) || !defined(NO_PWDBASED)
 
 #if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
     #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
@@ -71,18 +70,35 @@ that can be serialized and deserialized in a cross-platform way.
     extern "C" {
 #endif
 
+#ifndef NO_ASN
+
 #ifndef EXTERNAL_SERIAL_SIZE
     #define EXTERNAL_SERIAL_SIZE 32
 #endif
 
 enum {
-    ISSUER  = 0,
-    SUBJECT = 1,
+    ASN_ISSUER  = 0,
+    ASN_SUBJECT = 1,
 
-    BEFORE  = 0,
-    AFTER   = 1
+    ASN_BEFORE  = 0,
+    ASN_AFTER   = 1
 };
 
+#ifndef NO_ASN_OLD_TYPE_NAMES
+    #ifndef ISSUER
+        #define ISSUER ASN_ISSUER
+    #endif
+    #ifndef SUBJECT
+        #define SUBJECT ASN_SUBJECT
+    #endif
+    #ifndef BEFORE
+        #define BEFORE ASN_BEFORE
+    #endif
+    #ifndef AFTER
+        #define AFTER ASN_AFTER
+    #endif
+#endif
+
 /* ASN Tags   */
 enum ASN_Tags {
     ASN_EOC               = 0x00,
@@ -209,11 +225,11 @@ typedef struct ASNItem {
     /* BER/DER tag to expect. */
     byte tag;
     /* Whether the ASN.1 item is constructed. */
-    byte constructed:1;
+    WC_BITFIELD constructed:1;
     /* Whether to parse the header only or skip data. If
      * ASNSetData.data.buffer.data is supplied then this option gets
      * overwritten and the child nodes get ignored. */
-    byte headerOnly:1;
+    WC_BITFIELD headerOnly:1;
     /* Whether ASN.1 item is optional.
      *  - 0 means not optional
      *  - 1 means is optional
@@ -351,7 +367,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int8Bit(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD8;                     \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a 16-bit number.
@@ -362,7 +378,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int16Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD16;                    \
-        (dataASN)->data.u16 = num;                                     \
+        (dataASN)->data.u16 = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a 32-bit number.
@@ -373,7 +389,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int32Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD32;                    \
-        (dataASN)->data.u32 = num;                                     \
+        (dataASN)->data.u32 = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get data into a buffer of a specific length.
@@ -385,8 +401,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Buffer(dataASN, d, l)                                   \
     do {                                                               \
         (dataASN)->dataType           = ASN_DATA_TYPE_BUFFER;          \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (l);                           \
     } while (0)
 
 /* Setup ASN data item to check parsed data against expected buffer.
@@ -398,8 +414,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_ExpBuffer(dataASN, d, l)                                \
     do {                                                               \
         (dataASN)->dataType        = ASN_DATA_TYPE_EXP_BUFFER;         \
-        (dataASN)->data.ref.data   = d;                                \
-        (dataASN)->data.ref.length = l;                                \
+        (dataASN)->data.ref.data   = (d);                              \
+        (dataASN)->data.ref.length = (l);                              \
     } while (0)
 
 /* Setup ASN data item to get a number into an mp_int.
@@ -410,7 +426,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP(dataASN, num)                                        \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP;                        \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a number into an mp_int that is initialized.
@@ -421,7 +437,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP_Inited(dataASN, num)                                 \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP_INITED;                 \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a positive or negative number into an mp_int.
@@ -432,7 +448,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP_PosNeg(dataASN, num)                                 \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG;                \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to be a choice of tags.
@@ -443,7 +459,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Choice(dataASN, options)                                \
     do {                                                               \
         (dataASN)->dataType    = ASN_DATA_TYPE_CHOICE;                 \
-        (dataASN)->data.choice = options;                              \
+        (dataASN)->data.choice = (options);                            \
     } while (0)
 
 /* Setup ASN data item to get a boolean value.
@@ -454,7 +470,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Boolean(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_NONE;                      \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to be a an OID of a specific type.
@@ -463,7 +479,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  * @param [in] oidType  Type of OID to expect.
  */
 #define GetASN_OID(dataASN, oidType)                                   \
-    (dataASN)->data.oid.type = oidType
+    (dataASN)->data.oid.type = (oidType)
 
 /* Get the data and length from an ASN data item.
  *
@@ -509,7 +525,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Boolean(dataASN, val)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_NONE;                      \
-        (dataASN)->data.u8  = val;                                     \
+        (dataASN)->data.u8  = (val);                                   \
     } while (0)
 
 /* Setup an ASN data item to set an 8-bit number.
@@ -520,7 +536,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Int8Bit(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD8;                     \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set a 16-bit number.
@@ -531,7 +547,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Int16Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD16;                    \
-        (dataASN)->data.u16 = num;                                     \
+        (dataASN)->data.u16 = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set the data in a buffer.
@@ -542,8 +558,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  */
 #define SetASN_Buffer(dataASN, d, l)                                   \
     do {                                                               \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (word32)(l);                   \
     } while (0)
 
 /* Setup an ASN data item to set the DER encode data in a buffer.
@@ -555,8 +571,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_ReplaceBuffer(dataASN, d, l)                            \
     do {                                                               \
         (dataASN)->dataType           = ASN_DATA_TYPE_REPLACE_BUFFER;  \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (l);                           \
     } while (0)
 
 /* Setup an ASN data item to set an muli-precision number.
@@ -567,7 +583,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_MP(dataASN, num)                                        \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP;                        \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set an OID based on id and type.
@@ -713,6 +729,7 @@ enum DN_Tags {
     /* pilot attribute types
      * OID values of 0.9.2342.19200300.100.1.* */
     ASN_FAVOURITE_DRINK  = 0x13, /* favouriteDrink */
+    ASN_RFC822_MAILBOX = 0x14, /* rfc822Mailbox */
     ASN_DOMAIN_COMPONENT = 0x19  /* DC */
 };
 
@@ -729,7 +746,7 @@ typedef struct WOLFSSL_ObjectInfo {
 } WOLFSSL_ObjectInfo;
 extern const size_t wolfssl_object_info_sz;
 extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
-#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 /* DN Tag Strings */
 #define WOLFSSL_COMMON_NAME      "/CN="
@@ -764,6 +781,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 
 #define WOLFSSL_USER_ID          "/UID="
 #define WOLFSSL_DOMAIN_COMPONENT "/DC="
+#define WOLFSSL_RFC822_MAILBOX   "/rfc822Mailbox="
 #define WOLFSSL_FAVOURITE_DRINK  "/favouriteDrink="
 #define WOLFSSL_CONTENT_TYPE     "/contentType="
 
@@ -780,75 +798,232 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
     #define WOLFSSL_TLS_FEATURE_SUM 92
 #endif
 
+/* Maximum number of allowed subject alternative names in a certificate.
+ * Any certificate containing more than this number of subject
+ * alternative names will cause an error when attempting to parse. */
+#ifndef WOLFSSL_MAX_ALT_NAMES
+#define WOLFSSL_MAX_ALT_NAMES 1024
+#endif
+
+/* Maximum number of allowed name constraints in a certificate.
+ * Any certificate containing more than this number of name constraints
+ * will cause an error when attempting to parse. */
+#ifndef WOLFSSL_MAX_NAME_CONSTRAINTS
+#define WOLFSSL_MAX_NAME_CONSTRAINTS 128
+#endif
+
+#define WC_NID_undef 0
+
+/* Setup for WC_MAX_RSA_BITS needs to be here, rather than rsa.h, because
+ * FIPS headers don't have it.  And it needs to be here, rather than internal.h,
+ * so that setup occurs even in cryptonly builds.
+ */
+#ifndef NO_RSA
+    #ifndef WC_MAX_RSA_BITS
+        #ifdef USE_FAST_MATH
+            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
+            #define WC_MAX_RSA_BITS    (FP_MAX_BITS / 2)
+        #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+            /* SP implementation supports numbers of SP_INT_BITS bits. */
+            #define WC_MAX_RSA_BITS    (((SP_INT_BITS + 7) / 8) * 8)
+        #else
+            /* Integer maths is dynamic but we only go up to 4096 bits. */
+            #define WC_MAX_RSA_BITS 4096
+        #endif
+    #endif
+    #if (WC_MAX_RSA_BITS % 8)
+        #error RSA maximum bit size must be multiple of 8
+    #endif
+#endif
+
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    #define WC_MAX_CERT_VERIFY_SZ 6000            /* For Dilithium */
+#elif defined(WOLFSSL_CERT_EXT)
+    #define WC_MAX_CERT_VERIFY_SZ 2048            /* For larger extensions */
+#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS)
+    #define WC_MAX_CERT_VERIFY_SZ (WC_MAX_RSA_BITS / 8) /* max RSA bytes */
+#elif defined(HAVE_ECC)
+    #define WC_MAX_CERT_VERIFY_SZ ECC_MAX_SIG_SIZE /* max ECC  */
+#elif defined(HAVE_ED448)
+    #define WC_MAX_CERT_VERIFY_SZ ED448_SIG_SIZE   /* max Ed448  */
+#elif defined(HAVE_ED25519)
+    #define WC_MAX_CERT_VERIFY_SZ ED25519_SIG_SIZE /* max Ed25519  */
+#else
+    #define WC_MAX_CERT_VERIFY_SZ 1024 /* max default  */
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+/* short names */
+#define WC_SN_md4        "MD4"
+#define WC_SN_md5        "MD5"
+#define WC_SN_sha1       "SHA1"
+#define WC_SN_sha224     "SHA224"
+#define WC_SN_sha256     "SHA256"
+#define WC_SN_sha384     "SHA384"
+#define WC_SN_sha512     "SHA512"
+#define WC_SN_sha512_224 "SHA512-224"
+#define WC_SN_sha512_256 "SHA512-256"
+#define WC_SN_sha3_224   "SHA3-224"
+#define WC_SN_sha3_256   "SHA3-256"
+#define WC_SN_sha3_384   "SHA3-384"
+#define WC_SN_sha3_512   "SHA3-512"
+#define WC_SN_shake128   "SHAKE128"
+#define WC_SN_shake256   "SHAKE256"
+#define WC_SN_blake2s256 "BLAKE2s256"
+#define WC_SN_blake2s512 "BLAKE2s512"
+#define WC_SN_blake2b512 "BLAKE2b512"
+#define WC_SN_sm3        "SM3"
+
 /* NIDs */
-#define NID_undef 0
-#define NID_netscape_cert_type NID_undef
-#define NID_des 66
-#define NID_des3 67
-#define NID_sha256 672
-#define NID_sha384 673
-#define NID_sha512 674
-#define NID_sha512_224 1094
-#define NID_sha512_256 1095
-#define NID_pkcs7_signed 22
-#define NID_pkcs7_enveloped 23
-#define NID_pkcs7_signedAndEnveloped 24
-#define NID_pkcs9_unstructuredName 49
-#define NID_pkcs9_contentType 50  /* 1.2.840.113549.1.9.3 */
-#define NID_pkcs9_challengePassword 54
-#define NID_hw_name_oid 73
-#define NID_id_pkix_OCSP_basic 74
-#define NID_any_policy 75
-#define NID_anyExtendedKeyUsage 76
-#define NID_givenName 100  /* 2.5.4.42 */
-#define NID_initials 101  /* 2.5.4.43 */
-#define NID_title 106
-#define NID_description 107
-#define NID_basic_constraints 133
-#define NID_key_usage 129      /* 2.5.29.15 */
-#define NID_ext_key_usage 151  /* 2.5.29.37 */
-#define NID_subject_key_identifier 128
-#define NID_authority_key_identifier 149
-#define NID_private_key_usage_period 130  /* 2.5.29.16 */
-#define NID_subject_alt_name 131
-#define NID_issuer_alt_name 132
-#define NID_info_access 69
-#define NID_sinfo_access 79       /* id-pe 11 */
-#define NID_name_constraints 144  /* 2.5.29.30 */
-#define NID_crl_distribution_points 145  /* 2.5.29.31 */
-#define NID_certificate_policies 146
-#define NID_policy_mappings 147
-#define NID_policy_constraints 150
-#define NID_inhibit_any_policy 168       /* 2.5.29.54 */
-#define NID_tlsfeature 1020              /* id-pe 24 */
-#define NID_buildingName 1494
+#define WC_NID_netscape_cert_type WC_NID_undef
+#define WC_NID_des 66
+#define WC_NID_des3 67
+#define WC_NID_sha256 672
+#define WC_NID_sha384 673
+#define WC_NID_sha512 674
+#define WC_NID_sha512_224 1094
+#define WC_NID_sha512_256 1095
+#define WC_NID_pkcs7_signed 22
+#define WC_NID_pkcs7_enveloped 23
+#define WC_NID_pkcs7_signedAndEnveloped 24
+#define WC_NID_pkcs9_emailAddress     48
+#define WC_NID_pkcs9_unstructuredName 49
+#define WC_NID_pkcs9_contentType 50  /* 1.2.840.113549.1.9.3 */
+#define WC_NID_pkcs9_challengePassword 54
+#define WC_NID_hw_name_oid 73
+#define WC_NID_id_pkix_OCSP_basic 74
+#define WC_NID_any_policy 75
+#define WC_NID_anyExtendedKeyUsage 76
+#define WC_NID_givenName 100  /* 2.5.4.42 */
+#define WC_NID_initials 101  /* 2.5.4.43 */
+#define WC_NID_title 106
+#define WC_NID_description 107
+#define WC_NID_basic_constraints 133
+#define WC_NID_key_usage 129      /* 2.5.29.15 */
+#define WC_NID_ext_key_usage 151  /* 2.5.29.37 */
+#define WC_NID_subject_key_identifier 128
+#define WC_NID_authority_key_identifier 149
+#define WC_NID_private_key_usage_period 130  /* 2.5.29.16 */
+#define WC_NID_subject_alt_name 131
+#define WC_NID_issuer_alt_name 132
+#define WC_NID_info_access 69
+#define WC_NID_sinfo_access 79       /* id-pe 11 */
+#define WC_NID_name_constraints 144  /* 2.5.29.30 */
+#define WC_NID_crl_distribution_points 145  /* 2.5.29.31 */
+#define WC_NID_certificate_policies 146
+#define WC_NID_policy_mappings 147
+#define WC_NID_policy_constraints 150
+#define WC_NID_inhibit_any_policy 168       /* 2.5.29.54 */
+#define WC_NID_tlsfeature 1020              /* id-pe 24 */
+#define WC_NID_buildingName 1494
 
-#define NID_dnQualifier 174              /* 2.5.4.46 */
-#define NID_commonName 14                /* CN Changed to not conflict
+#define WC_NID_dnQualifier 174              /* 2.5.4.46 */
+#define WC_NID_commonName 14                /* CN Changed to not conflict
                                     * with PBE_SHA1_DES3 */
-#define NID_name 173                     /* N , OID = 2.5.4.41 */
-#define NID_surname 0x04                 /* SN */
-#define NID_serialNumber 0x05            /* serialNumber */
-#define NID_countryName 0x06             /* C  */
-#define NID_localityName 0x07            /* L  */
-#define NID_stateOrProvinceName 0x08     /* ST */
-#define NID_streetAddress ASN_STREET_ADDR  /* street */
-#define NID_organizationName 0x0a        /* O  */
-#define NID_organizationalUnitName 0x0b  /* OU */
-#define NID_jurisdictionCountryName 0xc
-#define NID_jurisdictionStateOrProvinceName 0xd
-#define NID_businessCategory ASN_BUS_CAT
-#define NID_domainComponent ASN_DOMAIN_COMPONENT
-#define NID_postalCode ASN_POSTAL_CODE   /* postalCode */
-#define NID_favouriteDrink 462
-#define NID_userId 458
-#define NID_emailAddress 0x30            /* emailAddress */
-#define NID_id_on_dnsSRV 82              /* 1.3.6.1.5.5.7.8.7 */
-#define NID_ms_upn 265                   /* 1.3.6.1.4.1.311.20.2.3 */
+#define WC_NID_name 173                     /* N , OID = 2.5.4.41 */
+#define WC_NID_surname 0x04                 /* SN */
+#define WC_NID_serialNumber 0x05            /* serialNumber */
+#define WC_NID_countryName 0x06             /* C  */
+#define WC_NID_localityName 0x07            /* L  */
+#define WC_NID_stateOrProvinceName 0x08     /* ST */
+#define WC_NID_streetAddress ASN_STREET_ADDR  /* street */
+#define WC_NID_organizationName 0x0a        /* O  */
+#define WC_NID_organizationalUnitName 0x0b  /* OU */
+#define WC_NID_jurisdictionCountryName 0xc
+#define WC_NID_jurisdictionStateOrProvinceName 0xd
+#define WC_NID_businessCategory ASN_BUS_CAT
+#define WC_NID_domainComponent ASN_DOMAIN_COMPONENT
+#define WC_NID_postalCode ASN_POSTAL_CODE   /* postalCode */
+#define WC_NID_rfc822Mailbox 460
+#define WC_NID_favouriteDrink 462
+#define WC_NID_userId 458
+#define WC_NID_registeredAddress 870
+#define WC_NID_emailAddress 0x30            /* emailAddress */
+#define WC_NID_id_on_dnsSRV 82              /* 1.3.6.1.5.5.7.8.7 */
+#define WC_NID_ms_upn 265                   /* 1.3.6.1.4.1.311.20.2.3 */
 
-#define NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
-#endif /* OPENSSL_EXTRA */
+#define WC_NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
+
+#define WC_NID_id_GostR3410_2001     811
+#define WC_NID_id_GostR3410_2012_256 979
+#define WC_NID_id_GostR3410_2012_512 980
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_undef WC_NID_undef
+#define NID_netscape_cert_type WC_NID_netscape_cert_type
+#define NID_des WC_NID_des
+#define NID_des3 WC_NID_des3
+#define NID_sha256 WC_NID_sha256
+#define NID_sha384 WC_NID_sha384
+#define NID_sha512 WC_NID_sha512
+#define NID_sha512_224 WC_NID_sha512_224
+#define NID_sha512_256 WC_NID_sha512_256
+#define NID_pkcs7_signed WC_NID_pkcs7_signed
+#define NID_pkcs7_enveloped WC_NID_pkcs7_enveloped
+#define NID_pkcs7_signedAndEnveloped WC_NID_pkcs7_signedAndEnveloped
+#define NID_pkcs9_unstructuredName WC_NID_pkcs9_unstructuredName
+#define NID_pkcs9_contentType WC_NID_pkcs9_contentType
+#define NID_pkcs9_challengePassword WC_NID_pkcs9_challengePassword
+#define NID_hw_name_oid WC_NID_hw_name_oid
+#define NID_id_pkix_OCSP_basic WC_NID_id_pkix_OCSP_basic
+#define NID_any_policy WC_NID_any_policy
+#define NID_anyExtendedKeyUsage WC_NID_anyExtendedKeyUsage
+#define NID_givenName WC_NID_givenName
+#define NID_initials WC_NID_initials
+#define NID_title WC_NID_title
+#define NID_description WC_NID_description
+#define NID_basic_constraints WC_NID_basic_constraints
+#define NID_key_usage WC_NID_key_usage
+#define NID_ext_key_usage WC_NID_ext_key_usage
+#define NID_subject_key_identifier WC_NID_subject_key_identifier
+#define NID_authority_key_identifier WC_NID_authority_key_identifier
+#define NID_private_key_usage_period WC_NID_private_key_usage_period
+#define NID_subject_alt_name WC_NID_subject_alt_name
+#define NID_issuer_alt_name WC_NID_issuer_alt_name
+#define NID_info_access WC_NID_info_access
+#define NID_sinfo_access WC_NID_sinfo_access
+#define NID_name_constraints WC_NID_name_constraints
+#define NID_crl_distribution_points WC_NID_crl_distribution_points
+#define NID_certificate_policies WC_NID_certificate_policies
+#define NID_policy_mappings WC_NID_policy_mappings
+#define NID_policy_constraints WC_NID_policy_constraints
+#define NID_inhibit_any_policy WC_NID_inhibit_any_policy
+#define NID_tlsfeature WC_NID_tlsfeature
+#define NID_buildingName WC_NID_buildingName
+
+#define NID_dnQualifier WC_NID_dnQualifier
+#define NID_commonName WC_NID_commonName
+#define NID_name WC_NID_name
+#define NID_surname WC_NID_surname
+#define NID_serialNumber WC_NID_serialNumber
+#define NID_countryName WC_NID_countryName
+#define NID_localityName WC_NID_localityName
+#define NID_stateOrProvinceName WC_NID_stateOrProvinceName
+#define NID_streetAddress WC_NID_streetAddress
+#define NID_organizationName WC_NID_organizationName
+#define NID_organizationalUnitName WC_NID_organizationalUnitName
+#define NID_jurisdictionCountryName WC_NID_jurisdictionCountryName
+#define NID_jurisdictionStateOrProvinceName WC_NID_jurisdictionStateOrProvinceName
+#define NID_businessCategory WC_NID_businessCategory
+#define NID_domainComponent WC_NID_domainComponent
+#define NID_postalCode WC_NID_postalCode
+#define NID_rfc822Mailbox WC_NID_rfc822Mailbox
+#define NID_favouriteDrink WC_NID_favouriteDrink
+#define NID_userId WC_NID_userId
+#define NID_emailAddress WC_NID_emailAddress
+#define NID_id_on_dnsSRV WC_NID_id_on_dnsSRV
+#define NID_ms_upn WC_NID_ms_upn
+
+#define NID_X9_62_prime_field WC_NID_X9_62_prime_field
+
+#define NID_id_GostR3410_2001 WC_NID_id_GostR3410_2001
+#define NID_id_GostR3410_2012_256 WC_NID_id_GostR3410_2012_256
+#define NID_id_GostR3410_2012_512 WC_NID_id_GostR3410_2012_512
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 enum ECC_TYPES
 {
@@ -918,13 +1093,14 @@ enum Misc_ASN {
 #else
     KEYID_SIZE          = WC_SHA_DIGEST_SIZE,
 #endif
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM))
-    RSA_INTS            =   8,     /* RSA ints in private key */
-#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY)
-    RSA_INTS            =   5,     /* RSA ints in private key */
-#else
-    RSA_INTS            =   2,     /* RSA ints in private key */
+    RSA_INTS            =   2      /* RSA ints in private key */
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+                            + 3
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+                            + 3
 #endif
+#endif
+                            ,
     DSA_PARAM_INTS      =   3,     /* DSA parameter ints */
     RSA_PUB_INTS        =   2,     /* RSA ints in public key */
     DSA_PUB_INTS        =   4,     /* DSA ints in public key */
@@ -932,7 +1108,11 @@ enum Misc_ASN {
     MIN_DATE_SIZE       =  12,
     MAX_DATE_SIZE       =  32,
     ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
-#ifndef NO_RSA
+#ifdef HAVE_SPHINCS
+    MAX_ENCODED_SIG_SZ  = 51200,
+#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    MAX_ENCODED_SIG_SZ  = 5120,
+#elif !defined(NO_RSA)
 #ifdef WOLFSSL_HAPROXY
     MAX_ENCODED_SIG_SZ  = 1024,    /* Supports 8192 bit keys */
 #else
@@ -965,6 +1145,9 @@ enum Misc_ASN {
     MAX_DSA_PRIVKEY_SZ  = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ +
                           MAX_VERSION_SZ, /* Maximum size of a DSA Private
                                       key taken from DsaKeyIntsToDer. */
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */
+#endif
     MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
     MAX_CA_SZ           =  32,     /* Max encoded CA basic constraint length */
     MAX_SN_SZ           =  35,     /* Max encoded serial number (INT) length */
@@ -1011,7 +1194,11 @@ enum Misc_ASN {
     OCSP_NONCE_EXT_SZ   = 35,      /* OCSP Nonce Extension size */
     MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
     MAX_OCSP_NONCE_SZ   = 16,      /* OCSP Nonce size           */
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    MAX_PUBLIC_KEY_SZ   = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
+#else
     MAX_PUBLIC_KEY_SZ   = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
+#endif
 #ifdef WOLFSSL_ENCRYPTED_KEYS
     HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
 #else
@@ -1019,6 +1206,7 @@ enum Misc_ASN {
 #endif
     TRAILING_ZERO       = 1,       /* Used for size of zero pad */
     ASN_TAG_SZ          = 1,       /* single byte ASN.1 tag */
+    ASN_INDEF_END_SZ    = 2,       /* 0x00 0x00 at end of indef */
     MIN_VERSION_SZ      = 3,       /* Min bytes needed for GetMyVersion */
     MAX_X509_VERSION    = 3,       /* Max X509 version allowed */
     MIN_X509_VERSION    = 0,       /* Min X509 version allowed */
@@ -1081,6 +1269,7 @@ enum Oid_Types {
 
 enum Hash_Sum  {
     MD2h      = 646,
+    MD4h      = 648,
     MD5h      = 649,
     SHAh      =  88,
     SHA224h   = 417,
@@ -1136,11 +1325,14 @@ enum Key_Sum {
     ED448k            = 257, /* 1.3.101.113 */
     X448k             = 255, /* 1.3.101.111 */
     DHk               = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
-    FALCON_LEVEL1k    = 268, /* 1.3.9999.3.1 */
-    FALCON_LEVEL5k    = 271, /* 1.3.9999.3.4 */
-    DILITHIUM_LEVEL2k = 213,    /* 1.3.6.1.4.1.2.267.7.4.4 */
-    DILITHIUM_LEVEL3k = 216,    /* 1.3.6.1.4.1.2.267.7.6.5 */
-    DILITHIUM_LEVEL5k = 220,    /* 1.3.6.1.4.1.2.267.7.8.7 */
+    FALCON_LEVEL1k    = 273, /* 1.3.9999.3.6 */
+    FALCON_LEVEL5k    = 276, /* 1.3.9999.3.9 */
+    DILITHIUM_LEVEL2k = 218,    /* 1.3.6.1.4.1.2.267.12.4.4 */
+    DILITHIUM_LEVEL3k = 221,    /* 1.3.6.1.4.1.2.267.12.6.5 */
+    DILITHIUM_LEVEL5k = 225,    /* 1.3.6.1.4.1.2.267.12.8.7 */
+    ML_DSA_LEVEL2k    = 431,    /* 2.16.840.1.101.3.4.3.17 */
+    ML_DSA_LEVEL3k    = 432,    /* 2.16.840.1.101.3.4.3.18 */
+    ML_DSA_LEVEL5k    = 433,    /* 2.16.840.1.101.3.4.3.19 */
     SPHINCS_FAST_LEVEL1k   = 281, /* 1 3 9999 6 7 4 */
     SPHINCS_FAST_LEVEL3k   = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
     SPHINCS_FAST_LEVEL5k   = 282, /* 1 3 9999 6 9 3 */
@@ -1221,7 +1413,13 @@ enum Extensions_Sum {
     AKEY_PACKAGE_OID          = 1048, /* 2.16.840.1.101.2.1.2.78.5
                                         RFC 5958  - Asymmetric Key Packages */
     FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */
-    UPN_OID   = 265  /* 1.3.6.1.4.1.311.20.2.3 UPN */
+    UPN_OID   = 265, /* 1.3.6.1.4.1.311.20.2.3 UPN */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */
+    ALT_SIG_ALG_OID           = 187, /* 2.5.29.73 alt sig alg */
+    ALT_SIG_VAL_OID           = 188,  /* 2.5.29.74 alt sig val */
+#endif
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum)
 };
 
 enum CertificatePolicy_Sum {
@@ -1368,10 +1566,10 @@ struct DNS_entry {
     int        type;   /* i.e. ASN_DNS_TYPE */
     int        len;    /* actual DNS len */
     char*      name;   /* actual DNS name */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+#ifdef WOLFSSL_IP_ALT_NAME
     char*      ipString; /* human readable form of IP address */
 #endif
-#if defined(OPENSSL_ALL)
+#ifdef WOLFSSL_RID_ALT_NAME
     char*      ridString; /* human readable form of registeredID */
 #endif
 
@@ -1447,7 +1645,8 @@ struct SignatureCtx {
     byte* sigCpy;
 #endif
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
-    !defined(NO_DSA)
+    !defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
+    defined(HAVE_SPHINCS)
     int verify;
 #endif
     union {
@@ -1466,9 +1665,13 @@ struct SignatureCtx {
     #ifdef HAVE_ED448
         struct ed448_key* ed448;
     #endif
-    #ifdef HAVE_PQC
+    #if defined(HAVE_FALCON)
         struct falcon_key* falcon;
+    #endif
+    #if defined(HAVE_DILITHIUM)
         struct dilithium_key* dilithium;
+    #endif
+    #if defined(HAVE_SPHINCS)
         struct sphincs_key* sphincs;
     #endif
         void* ptr;
@@ -1606,10 +1809,12 @@ typedef struct TrustedPeerCert TrustedPeerCert;
 typedef struct SignatureCtx SignatureCtx;
 typedef struct CertSignCtx  CertSignCtx;
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
 typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit,
                                      const unsigned char* der, word32 derSz);
+typedef int (*wc_UnknownExtCallbackEx)(const word16* oid, word32 oidSz,
+                                       int crit, const unsigned char* der,
+                                       word32 derSz, void *ctx);
 #endif
 
 struct DecodedCert {
@@ -1657,7 +1862,7 @@ struct DecodedCert {
     word32  extensionsIdx;           /* if want to go back and parse later */
     const byte* extAuthInfo;         /* Authority Information Access URI */
     int     extAuthInfoSz;           /* length of the URI                */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+#ifdef WOLFSSL_ASN_CA_ISSUER
     const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
     int     extAuthInfoCaIssuerSz;   /* length of the caIssuer URI         */
 #endif
@@ -1668,7 +1873,9 @@ struct DecodedCert {
     const byte* extCrlInfo;          /* CRL Distribution Points          */
     int     extCrlInfoSz;            /* length of the URI                */
     byte    extSubjKeyId[KEYID_SIZE]; /* Subject Key ID                  */
+    word32  extSubjKeyIdSz;
     byte    extAuthKeyId[KEYID_SIZE]; /* Authority Key ID                */
+    word32  extAuthKeyIdSz;
 #ifdef WOLFSSL_AKID_NAME
     const byte* extAuthKeyIdIssuer;  /* Authority Key ID authorityCertIssuer */
     word32  extAuthKeyIdIssuerSz;    /* Authority Key ID authorityCertIssuer length */
@@ -1695,9 +1902,7 @@ struct DecodedCert {
     word32  extRawAuthKeyIdSz;
 #endif
     const byte* extAuthKeyIdSrc;
-    word32  extAuthKeyIdSz;
     const byte* extSubjKeyIdSrc;
-    word32  extSubjKeyIdSz;
 #endif
 #ifdef OPENSSL_ALL
     const byte* extSubjAltNameSrc;
@@ -1719,12 +1924,14 @@ struct DecodedCert {
     #endif
 #endif /* WOLFSSL_SUBJ_INFO_ACC */
 
-#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
+    defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || defined(HAVE_SPHINCS)
     word32  pkCurveOID;           /* Public Key's curve OID */
     #ifdef WOLFSSL_CUSTOM_CURVES
         int  pkCurveSize;         /* Public Key's curve size */
     #endif
-#endif /* HAVE_ECC */
+#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_DILITHIUM ||
+        * HAVE_FALCON || HAVE_SPHINCS */
     const byte* beforeDate;
     int     beforeDateLen;
     const byte* afterDate;
@@ -1747,7 +1954,7 @@ struct DecodedCert {
     char*   subjectSN;
     int     subjectSNLen;
     char    subjectSNEnc;
-    #ifdef WOLFSSL_CERT_NAME_ALL
+#ifdef WOLFSSL_CERT_NAME_ALL
     char*   subjectN;
     int     subjectNLen;
     char    subjectNEnc;
@@ -1760,7 +1967,7 @@ struct DecodedCert {
     char*   subjectDNQ;
     int     subjectDNQLen;
     char    subjectDNQEnc;
-    #endif /*WOLFSSL_CERT_NAME_ALL */
+#endif /* WOLFSSL_CERT_NAME_ALL */
     char*   subjectC;
     int     subjectCLen;
     char    subjectCEnc;
@@ -1825,12 +2032,12 @@ struct DecodedCert {
     char*   issuerEmail;
     int     issuerEmailLen;
 #endif /* WOLFSSL_HAVE_ISSUER_NAMES */
-#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
+#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
     void* issuerName;
     void* subjectName;
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 #ifdef WOLFSSL_SEP
     int     deviceTypeSz;
     byte*   deviceType;
@@ -1882,63 +2089,82 @@ struct DecodedCert {
     int criticalExt;
 
     /* Option Bits */
-    byte subjectCNStored : 1;      /* have we saved a copy we own */
-    byte extSubjKeyIdSet : 1;      /* Set when the SKID was read from cert */
-    byte extAuthKeyIdSet : 1;      /* Set when the AKID was read from cert */
+    WC_BITFIELD subjectCNStored:1;      /* have we saved a copy we own */
+    WC_BITFIELD extSubjKeyIdSet:1;      /* Set when the SKID was read from cert */
+    WC_BITFIELD extAuthKeyIdSet:1;      /* Set when the AKID was read from cert */
 #ifndef IGNORE_NAME_CONSTRAINTS
-    byte extNameConstraintSet : 1;
+    WC_BITFIELD extNameConstraintSet:1;
 #endif
-    byte isCA : 1;                 /* CA basic constraint true */
-    byte pathLengthSet : 1;        /* CA basic const path length set */
-    byte weOwnAltNames : 1;        /* altNames haven't been given to copy */
-    byte extKeyUsageSet : 1;
-    byte extExtKeyUsageSet : 1;    /* Extended Key Usage set */
+    WC_BITFIELD isCA:1;                 /* CA basic constraint true */
+    WC_BITFIELD pathLengthSet:1;        /* CA basic const path length set */
+    WC_BITFIELD weOwnAltNames:1;        /* altNames haven't been given to copy */
+    WC_BITFIELD extKeyUsageSet:1;
+    WC_BITFIELD extExtKeyUsageSet:1;    /* Extended Key Usage set */
 #ifdef HAVE_OCSP
-    byte ocspNoCheckSet : 1;       /* id-pkix-ocsp-nocheck set */
+    WC_BITFIELD ocspNoCheckSet:1;       /* id-pkix-ocsp-nocheck set */
 #endif
-    byte extCRLdistSet : 1;
-    byte extAuthInfoSet : 1;
-    byte extBasicConstSet : 1;
-    byte extPolicyConstSet : 1;
-    byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */
-    byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */
-    byte extSubjAltNameSet : 1;
-    byte inhibitAnyOidSet : 1;
-    byte selfSigned : 1;           /* Indicates subject and issuer are same */
-#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-    byte extCertPolicySet : 1;
+    WC_BITFIELD extCRLdistSet:1;
+    WC_BITFIELD extAuthInfoSet:1;
+    WC_BITFIELD extBasicConstSet:1;
+    WC_BITFIELD extPolicyConstSet:1;
+    WC_BITFIELD extPolicyConstRxpSet:1; /* requireExplicitPolicy set */
+    WC_BITFIELD extPolicyConstIpmSet:1; /* inhibitPolicyMapping set */
+    WC_BITFIELD extSubjAltNameSet:1;
+    WC_BITFIELD inhibitAnyOidSet:1;
+    WC_BITFIELD selfSigned:1;           /* Indicates subject and issuer are same */
+#ifdef WOLFSSL_SEP
+    WC_BITFIELD extCertPolicySet:1;
 #endif
-    byte extCRLdistCrit : 1;
-    byte extAuthInfoCrit : 1;
-    byte extBasicConstCrit : 1;
-    byte extPolicyConstCrit : 1;
-    byte extSubjAltNameCrit : 1;
-    byte extAuthKeyIdCrit : 1;
+    WC_BITFIELD extCRLdistCrit:1;
+    WC_BITFIELD extAuthInfoCrit:1;
+    WC_BITFIELD extBasicConstCrit:1;
+    WC_BITFIELD extPolicyConstCrit:1;
+    WC_BITFIELD extSubjAltNameCrit:1;
+    WC_BITFIELD extAuthKeyIdCrit:1;
 #ifndef IGNORE_NAME_CONSTRAINTS
-    byte extNameConstraintCrit : 1;
+    WC_BITFIELD extNameConstraintCrit:1;
 #endif
-    byte extSubjKeyIdCrit : 1;
-    byte extKeyUsageCrit : 1;
-    byte extExtKeyUsageCrit : 1;
+    WC_BITFIELD extSubjKeyIdCrit:1;
+    WC_BITFIELD extKeyUsageCrit:1;
+    WC_BITFIELD extExtKeyUsageCrit:1;
 #ifdef WOLFSSL_SUBJ_DIR_ATTR
-    byte extSubjDirAttrSet : 1;
+    WC_BITFIELD extSubjDirAttrSet:1;
 #endif
 #ifdef WOLFSSL_SUBJ_INFO_ACC
-    byte extSubjInfoAccSet : 1;
+    WC_BITFIELD extSubjInfoAccSet:1;
 #endif
-#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-    byte extCertPolicyCrit : 1;
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    WC_BITFIELD extSapkiSet:1;
+    WC_BITFIELD extAltSigAlgSet:1;
+    WC_BITFIELD extAltSigValSet:1;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#ifdef WOLFSSL_SEP
+    WC_BITFIELD extCertPolicyCrit:1;
 #endif
 #ifdef WOLFSSL_CERT_REQ
-    byte isCSR : 1;                /* Do we intend on parsing a CSR? */
+    WC_BITFIELD isCSR:1;                /* Do we intend on parsing a CSR? */
 #endif
 #ifdef HAVE_RPK
-    byte isRPK : 1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
+    WC_BITFIELD isRPK:1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
 #endif
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
+#ifdef WC_ASN_UNKNOWN_EXT_CB
     wc_UnknownExtCallback unknownExtCallback;
+    wc_UnknownExtCallbackEx unknownExtCallbackEx;
+    void *unknownExtCallbackExCtx;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Subject Alternative Public Key Info */
+    byte *sapkiDer;
+    int sapkiLen;
+    word32 sapkiOID;
+    /* Alternative Signature Algorithm */
+    byte *altSigAlgDer;
+    int altSigAlgLen;
+    word32 altSigAlgOID;
+    /* Alternative Signature Value */
+    byte *altSigValDer;
+    int altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
@@ -1956,14 +2182,14 @@ struct Signer {
     word32  keyOID;                  /* key type */
     word16  keyUsage;
     byte    maxPathLen;
-    byte    selfSigned : 1;
+    WC_BITFIELD selfSigned:1;
     const byte* publicKey;
     int     nameLen;
     char*   name;                    /* common name */
 #ifndef IGNORE_NAME_CONSTRAINTS
         Base_entry* permittedNames;
         Base_entry* excludedNames;
-#endif /* IGNORE_NAME_CONSTRAINTS */
+#endif /* !IGNORE_NAME_CONSTRAINTS */
     byte    subjectNameHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of names in certificate */
     #if defined(HAVE_OCSP) || defined(HAVE_CRL)
@@ -1988,6 +2214,13 @@ struct Signer {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
     word32 cm_idx;
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    word32  sapkiOID; /* key type */
+    byte*   sapkiDer;
+    int     sapkiLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+    byte type;
+
     Signer* next;
 };
 
@@ -2003,6 +2236,10 @@ struct TrustedPeerCert {
     #endif /* IGNORE_NAME_CONSTRAINTS */
     byte    subjectNameHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of names in certificate */
+    #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+    byte    issuerHash[SIGNER_DIGEST_SIZE];
+                                    /* sha hash of issuer name in certificate */
+    #endif
     #ifndef NO_SKID
         byte    subjectKeyIdHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of SKID in certificate */
@@ -2057,18 +2294,22 @@ typedef enum MimeStatus
 } MimeStatus;
 #endif /* HAVE_SMIME */
 
-
 WOLFSSL_LOCAL int HashIdAlg(word32 oidSum);
 WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
 WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash,
     int hashAlg);
 WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
 
-WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
+#ifdef ASN_BER_TO_DER
+WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
                                 word32* derSz);
+#endif
+WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz,
+    byte* out, word32* outSz, word32* idx);
 
 WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap);
 WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap);
+WOLFSSL_ASN_API DNS_entry* AltNameDup(DNS_entry* from, void* heap);
 #ifndef IGNORE_NAME_CONSTRAINTS
     WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry* names, void* heap);
 #endif /* IGNORE_NAME_CONSTRAINTS */
@@ -2080,30 +2321,43 @@ WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert);
 WOLFSSL_ASN_API int  ParseCert(DecodedCert* cert, int type, int verify,
                                void* cm);
 
-#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
-    && defined(HAVE_OID_DECODING)
-WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert,
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+WOLFSSL_API int wc_SetUnknownExtCallback(DecodedCert* cert,
                                              wc_UnknownExtCallback cb);
+WOLFSSL_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
+                                               wc_UnknownExtCallbackEx cb,
+                                               void *ctx);
 #endif
 
 WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,
                                   word32 inSz);
 WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
                                   const char *in, void* heap);
-WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
 WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
         void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
-                                      void* heap, const byte* pubKey,
-                                      word32 pubKeySz, int pubKeyOID);
-#endif
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY)
+    WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz,
+                                          void* heap, void* cm);
+    /* Deprecated public API name kept for backwards build compatibility */
+    #define CheckCertSignature(cert, certSz, heap, cm) \
+        wc_CheckCertSignature(cert, certSz, heap, cm)
+
+    WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
+                                        void* heap, const byte* pubKey,
+                                        word32 pubKeySz, int pubKeyOID);
+#endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */
+
 #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
     (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)))
 WOLFSSL_LOCAL int wc_CertGetPubKey(const byte* cert, word32 certSz,
     const unsigned char** pubKey, word32* pubKeySz);
 #endif
-
+WOLFSSL_LOCAL int ConfirmSignature(SignatureCtx* sigCtx,
+    const byte* buf, word32 bufSz,
+    const byte* key, word32 keySz, word32 keyOID,
+    const byte* sig, word32 sigSz, word32 sigOID,
+    const byte* sigParams, word32 sigParamsSz,
+    byte* rsaKeyIdx);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz,
         void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
@@ -2111,7 +2365,7 @@ WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz,
 WOLFSSL_ASN_API int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
                         int sigAlgoType);
 WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify,
-                                    void* cm);
+                                    void* cm, Signer *extraCa);
 WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify);
 #ifdef WOLFSSL_ASN_TEMPLATE
 WOLFSSL_LOCAL int DecodeCert(DecodedCert* cert, int verify, int* criticalExt);
@@ -2120,9 +2374,14 @@ WOLFSSL_LOCAL int TryDecodeRPKToKey(DecodedCert* cert);
 WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
 
 WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
+WOLFSSL_LOCAL Signer* findSignerByKeyHash(Signer *list, byte *hash);
+WOLFSSL_LOCAL Signer* findSignerByName(Signer *list, byte *hash);
+WOLFSSL_LOCAL int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der);
 WOLFSSL_LOCAL Signer* MakeSigner(void* heap);
 WOLFSSL_LOCAL void    FreeSigner(Signer* signer, void* heap);
 WOLFSSL_LOCAL void    FreeSignerTable(Signer** table, int rows, void* heap);
+WOLFSSL_LOCAL void    FreeSignerTableType(Signer** table, int rows, byte type,
+                                          void* heap);
 #ifdef WOLFSSL_TRUST_PEER_CERT
 WOLFSSL_LOCAL void    FreeTrustedPeer(TrustedPeerCert* tp, void* heap);
 WOLFSSL_LOCAL void    FreeTrustedPeerTable(TrustedPeerCert** table, int rows,
@@ -2136,6 +2395,9 @@ WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
                                       word32 length);
 WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
                                          word32 length, word32* algId);
+WOLFSSL_LOCAL int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx,
+                                          word32 length, word32* algId,
+                                          word32* eccOid);
 WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password,
                      int passwordSz, word32* algId);
 WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
@@ -2153,8 +2415,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
         word32* oidSz, int* algoID, void* heap);
 
 typedef struct tm wolfssl_tm;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#ifdef WOLFSSL_ASN_TIME_STRING
 WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
 #endif
 #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
@@ -2180,10 +2441,12 @@ WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
                               word32 maxIdx);
 
 WOLFSSL_LOCAL const char* GetSigName(int oid);
-WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx);
+WOLFSSL_ASN_API int GetLength(const byte* input, word32* inOutIdx, int* len,
+                              word32 maxIdx);
 WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
                            word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetASNHeader(const byte* input, byte tag, word32* inOutIdx,
+                               int* len, word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
                              word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
@@ -2221,8 +2484,11 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
                               word32 oidType, word32 maxIdx);
 WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
                            word32 oidType, word32 maxIdx);
-WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
-                            word32 inputSz);
+WOLFSSL_LOCAL int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid,
+                     word32 oidType, word32 maxIdx, byte *absentParams);
+WOLFSSL_ASN_API int GetASNTag(const byte* input, word32* idx, byte* tag,
+                              word32 inputSz);
+WOLFSSL_LOCAL int GetASN_BitString(const byte* input, word32 idx, int length);
 
 WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output);
 WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output);
@@ -2233,14 +2499,24 @@ WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
 
 WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
+WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
+WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output,
+                               byte isIndef);
 WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
+WOLFSSL_LOCAL word32 SetIndefEnd(byte* output);
 WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetOctetStringEx(word32 len, byte* output, byte indef);
 WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
 WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
-WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
-WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
+WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output,
+        byte isIndef);
+WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output,
+    byte isIndef);
 WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
+WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
+WOLFSSL_LOCAL word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz,
+                                byte absentParams);
 WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
 WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
     word32 outputSz, int maxSnSz);
@@ -2255,9 +2531,12 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
                               int maxIdx);
 WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash,
                                  int maxIdx, word32 sigOID);
-WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
+WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz,
+                                         DecodedCert* der, int checkAlt,
+                                         void* heap);
 WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
-                                     const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
+                                     const byte* pubKey, word32 pubKeySz,
+                                     enum Key_Sum ks, void* heap);
 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
@@ -2294,8 +2573,12 @@ WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
 
 WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     byte* output, word32 outLen, int keyType, int withHeader);
-WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
-    byte* pubKey, word32* pubKeyLen, int keyType);
+WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input,
+    word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen,
+    int* keyType);
+
+WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx,
+    word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType);
 
 #ifndef NO_CERTS
 
@@ -2305,16 +2588,18 @@ WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info,
 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
                           DerBuffer** pDer, void* heap, EncryptedInfo* info,
                           int* eccKey);
-WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
+WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type,
+    void* heap);
+WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff,
+    word32 length, int type, void* heap);
 WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
 
-#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
-    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE
 WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage,
         void* heap);
 WOLFSSL_LOCAL int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage,
         void* heap);
-#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
+#endif
 
 #endif /* !NO_CERTS */
 
@@ -2340,6 +2625,9 @@ enum cert_enums {
     DILITHIUM_LEVEL2_KEY     = 18,
     DILITHIUM_LEVEL3_KEY     = 19,
     DILITHIUM_LEVEL5_KEY     = 20,
+    ML_DSA_LEVEL2_KEY        = 21,
+    ML_DSA_LEVEL3_KEY        = 22,
+    ML_DSA_LEVEL5_KEY        = 23,
     SPHINCS_FAST_LEVEL1_KEY  = 24,
     SPHINCS_FAST_LEVEL3_KEY  = 25,
     SPHINCS_FAST_LEVEL5_KEY  = 26,
@@ -2406,8 +2694,7 @@ struct CertStatus {
     byte nextDate[MAX_DATE_SIZE];
     byte thisDateFormat;
     byte nextDateFormat;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     WOLFSSL_ASN1_TIME thisDateParsed;
     WOLFSSL_ASN1_TIME nextDateParsed;
     byte* thisDateAsn;
@@ -2420,6 +2707,14 @@ struct CertStatus {
 
 typedef struct OcspEntry OcspEntry;
 
+#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+#define OCSP_DIGEST WC_HASH_TYPE_SM3
+#elif defined(NO_SHA)
+#define OCSP_DIGEST WC_HASH_TYPE_SHA256
+#else
+#define OCSP_DIGEST WC_HASH_TYPE_SHA
+#endif
+
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
 #define OCSP_DIGEST_SIZE WC_SM3_DIGEST_SIZE
 #elif defined(NO_SHA)
@@ -2439,12 +2734,23 @@ struct OcspEntry
     byte* rawCertId;                      /* raw bytes of the CertID   */
     int rawCertIdSize;                    /* num bytes in raw CertID   */
     /* option bits - using 32-bit for alignment */
-    word32 ownStatus:1;                   /* do we need to free the status
+    WC_BITFIELD ownStatus:1;              /* do we need to free the status
                                            * response list */
-    word32 isDynamic:1;                   /* was dynamically allocated */
-    word32 used:1;                        /* entry used                */
+    WC_BITFIELD isDynamic:1;              /* was dynamically allocated */
+    WC_BITFIELD used:1;                   /* entry used                */
 };
 
+#define OCSP_RESPONDER_ID_KEY_SZ 20
+#if !defined(NO_SHA)
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA
+#else
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA256
+#endif
+enum responderIdType {
+    OCSP_RESPONDER_ID_INVALID = 0,
+    OCSP_RESPONDER_ID_NAME = 1,
+    OCSP_RESPONDER_ID_KEY  = 2,
+};
 /* TODO: Long-term, it would be helpful if we made this struct and other OCSP
          structs conform to the ASN spec as described in RFC 6960. It will help
          with readability and with implementing OpenSSL compatibility API
@@ -2456,6 +2762,12 @@ struct OcspResponse {
     byte*   response;        /* Pointer to beginning of OCSP Response */
     word32  responseSz;      /* length of the OCSP Response */
 
+    enum responderIdType responderIdType;
+    union {
+        byte keyHash[OCSP_RESPONDER_ID_KEY_SZ];
+        byte nameHash[KEYID_SIZE];
+    } responderId ;
+
     byte    producedDate[MAX_DATE_SIZE];
                              /* Date at which this response was signed */
     byte    producedDateFormat; /* format of the producedDate */
@@ -2467,6 +2779,9 @@ struct OcspResponse {
     word32  sigSz;           /* Length in octets for the sig */
     word32  sigOID;          /* OID for hash used for sig */
 
+    byte* sigParams;
+    word32 sigParamsSz;
+
     OcspEntry* single;       /* chain of OCSP single responses */
 
     byte*   nonce;           /* pointer to nonce inside ASN.1 response */
@@ -2474,10 +2789,7 @@ struct OcspResponse {
 
     byte*   source;          /* pointer to source buffer, not owned */
     word32  maxIdx;          /* max offset based on init size */
-
-#ifdef OPENSSL_EXTRA
-    int     verifyError;
-#endif
+    Signer* pendingCAs;
     void*  heap;
 };
 
@@ -2492,10 +2804,6 @@ struct OcspRequest {
     int    serialSz;
 #ifdef OPENSSL_EXTRA
     WOLFSSL_ASN1_INTEGER* serialInt;
-#endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
-    defined(HAVE_LIGHTY)
     void* cid; /* WOLFSSL_OCSP_CERTID kept to free */
 #endif
     byte*  url;      /* copy of the extAuthInfo in source cert */
@@ -2511,7 +2819,7 @@ WOLFSSL_LOCAL void InitOcspResponse(OcspResponse* resp, OcspEntry* single,
                      CertStatus* status, byte* source, word32 inSz, void* heap);
 WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse* resp);
 WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap,
-                                     int noVerify);
+                                     int noVerifyCert, int noVerifySignature);
 
 WOLFSSL_LOCAL int    InitOcspRequest(OcspRequest* req, DecodedCert* cert,
                                      byte useNonce, void* heap);
@@ -2523,7 +2831,8 @@ WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output,
 
 
 WOLFSSL_LOCAL int  CompareOcspReqResp(OcspRequest* req, OcspResponse* resp);
-
+WOLFSSL_LOCAL int OcspDecodeCertID(const byte* input, word32* inOutIdx, word32 inSz,
+                 OcspEntry* entry);
 
 #endif /* HAVE_OCSP */
 
@@ -2548,6 +2857,10 @@ struct DecodedCRL {
     word32  sigIndex;                /* offset to start of signature     */
     word32  sigLength;               /* length of signature              */
     word32  signatureOID;            /* sum of algorithm object id       */
+#ifdef WC_RSA_PSS
+    word32  sigParamsIndex;          /* start of signature parameters    */
+    word32  sigParamsLength;         /* length of signature parameters   */
+#endif
     byte*   signature;               /* pointer into raw source, not owned */
     byte    issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash          */
     byte    crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash            */
@@ -2574,30 +2887,72 @@ WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap);
 WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
                                       const byte* toBeSigned, word32 tbsSz,
                                       const byte* signature, word32 sigSz,
-                                      word32 signatureOID, Signer *ca,
-                                      void* heap);
+                                      word32 signatureOID, const byte* sigParams,
+                                      int sigParamsSz, Signer *ca, void* heap);
 WOLFSSL_LOCAL int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl,
                            const byte* buff, word32 sz, int verify, void* cm);
 WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
 
-
 #endif /* HAVE_CRL */
 
-
-#ifdef __cplusplus
-    } /* extern "C" */
+#if defined(WOLFSSL_ACERT)
+/* Minimal structure for x509 attribute certificate (rfc 5755).
+ *
+ * The attributes field is not parsed, but is stored as raw buffer.
+ * */
+struct DecodedAcert {
+    word32       certBegin; /* Offset to start of acert. */
+    word32       sigIndex; /* Offset to start of signature. */
+    word32       sigLength; /* Signature length. */
+    word32       signatureOID; /* Sum of algorithm object id. */
+#ifdef WC_RSA_PSS
+    word32       sigParamsIndex; /* start of signature parameters */
+    word32       sigParamsLength; /* length of signature parameters */
 #endif
+    const byte * signature; /* Not owned, points into raw acert.  */
+    const byte * source; /* Byte buffer holding acert, NOT owned. */
+    word32       srcIdx; /* Current offset into buffer. */
+    word32       maxIdx; /* Max allowed offset. Set in init. */
+    void *       heap; /* For user memory overrides. */
+    int          version; /* attribute cert version. */
+    byte         serial[EXTERNAL_SERIAL_SIZE];  /* Raw serial number. */
+    int          serialSz;
+    const byte * beforeDate; /* Before and After dates. */
+    int          beforeDateLen;
+    const byte * afterDate;
+    int          afterDateLen;
+    byte         holderSerial[EXTERNAL_SERIAL_SIZE];
+    int          holderSerialSz;
+    DNS_entry *  holderEntityName;  /* Holder entityName from ACERT */
+    DNS_entry *  holderIssuerName;  /* Holder issuerName from ACERT */
+    DNS_entry *  AttCertIssuerName; /* AttCertIssuer name from ACERT */
+    const byte * rawAttr; /* Not owned, points into raw acert. */
+    word32       rawAttrLen;
+    SignatureCtx sigCtx;
+};
 
-#endif /* !NO_ASN */
+typedef struct DecodedAcert DecodedAcert;
+
+WOLFSSL_LOCAL void InitDecodedAcert(DecodedAcert* acert,
+                                    const byte* source, word32 inSz,
+                                    void* heap);
+WOLFSSL_LOCAL void FreeDecodedAcert(DecodedAcert * acert);
+WOLFSSL_LOCAL int  ParseX509Acert(DecodedAcert* cert, int verify);
+WOLFSSL_LOCAL int  VerifyX509Acert(const byte* cert, word32 certSz,
+                                   const byte* pubKey, word32 pubKeySz,
+                                   int pubKeyOID, void * heap);
+#endif /* WOLFSSL_ACERT */
 
 
 #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \
     || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
     || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
     || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
-    || (defined(HAVE_PQC) && defined(HAVE_FALCON)) \
-    || (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \
-    || (defined(HAVE_PQC) && defined(HAVE_SPHINCS)))
+    || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
+WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
+    word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey,
+    word32* pubKeyLen, int* inOutKeyType);
+
 WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx,
     word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey,
     word32* pubKeyLen, int keyType);
@@ -2609,6 +2964,7 @@ WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     int keyType);
 #endif
 
+#endif /* !NO_ASN */
 
 #if !defined(NO_ASN) || !defined(NO_PWDBASED)
 
@@ -2641,7 +2997,9 @@ enum PBESTypes {
 
     PBES2              = 13,       /* algo ID */
     PBES1_MD5_DES      = 3,
-    PBES1_SHA1_DES     = 10
+    PBES1_SHA1_DES     = 10,
+
+    PBE_NONE           = 999
 };
 
 enum PKCSTypes {
@@ -2656,4 +3014,10 @@ enum PKCSTypes {
 
 #endif /* !NO_ASN || !NO_PWDBASED */
 
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* !NO_ASN || !NO_PWDBASED */
+
 #endif /* WOLF_CRYPT_ASN_H */
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index a4395ed0c..db4f272a8 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -1,6 +1,6 @@
 /* asn_public.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -141,12 +141,14 @@ enum EncPkcs8Types {
 enum CertType {
     CERT_TYPE       = 0,
     PRIVATEKEY_TYPE,
+    ALT_PRIVATEKEY_TYPE,
     DH_PARAM_TYPE,
     DSA_PARAM_TYPE,
     CRL_TYPE,
     CA_TYPE,
     ECC_PRIVATEKEY_TYPE,
     DSA_PRIVATEKEY_TYPE,
+    ACERT_TYPE,
     CERTREQ_TYPE,
     DSA_TYPE,
     ECC_TYPE,
@@ -169,6 +171,9 @@ enum CertType {
     DILITHIUM_LEVEL2_TYPE,
     DILITHIUM_LEVEL3_TYPE,
     DILITHIUM_LEVEL5_TYPE,
+    ML_DSA_LEVEL2_TYPE,
+    ML_DSA_LEVEL3_TYPE,
+    ML_DSA_LEVEL5_TYPE,
     SPHINCS_FAST_LEVEL1_TYPE,
     SPHINCS_FAST_LEVEL3_TYPE,
     SPHINCS_FAST_LEVEL5_TYPE,
@@ -176,7 +181,9 @@ enum CertType {
     SPHINCS_SMALL_LEVEL3_TYPE,
     SPHINCS_SMALL_LEVEL5_TYPE,
     ECC_PARAM_TYPE,
-    CHAIN_CERT_TYPE
+    CHAIN_CERT_TYPE,
+    PKCS7_TYPE,
+    TRUSTED_CERT_TYPE
 };
 
 
@@ -214,12 +221,15 @@ enum Ctc_SigType {
     CTC_ED25519      = 256,
     CTC_ED448        = 257,
 
-    CTC_FALCON_LEVEL1 = 268,
-    CTC_FALCON_LEVEL5 = 271,
+    CTC_FALCON_LEVEL1 = 273,
+    CTC_FALCON_LEVEL5 = 276,
 
-    CTC_DILITHIUM_LEVEL2     = 213,
-    CTC_DILITHIUM_LEVEL3     = 216,
-    CTC_DILITHIUM_LEVEL5     = 220,
+    CTC_DILITHIUM_LEVEL2     = 218,
+    CTC_DILITHIUM_LEVEL3     = 221,
+    CTC_DILITHIUM_LEVEL5     = 225,
+    CTC_ML_DSA_LEVEL2        = 431,
+    CTC_ML_DSA_LEVEL3        = 432,
+    CTC_ML_DSA_LEVEL5        = 433,
 
     CTC_SPHINCS_FAST_LEVEL1  = 281,
     CTC_SPHINCS_FAST_LEVEL3  = 283,
@@ -323,7 +333,7 @@ typedef struct EncryptedInfo {
     char     name[NAME_SZ];    /* cipher name, such as "DES-CBC" */
     byte     iv[IV_SZ];        /* salt or encrypted IV */
 
-    word16   set:1;            /* if encryption set */
+    WC_BITFIELD set:1;         /* if encryption set */
 #endif
 } EncryptedInfo;
 
@@ -338,7 +348,7 @@ typedef struct WOLFSSL_ASN1_INTEGER {
 
     unsigned char* data;
     unsigned int   dataMax;   /* max size of data buffer */
-    unsigned int   isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
+    WC_BITFIELD    isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
 
     int length;   /* Length of DER encoding. */
     int type;     /* ASN.1 type. Includes negative flag. */
@@ -359,7 +369,6 @@ typedef struct WOLFSSL_ASN1_INTEGER {
 #endif
 #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
 
-#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #ifdef WOLFSSL_MULTI_ATTRIB
 #ifndef CTC_MAX_ATTRIB
     #define CTC_MAX_ATTRIB 4
@@ -373,7 +382,6 @@ typedef struct NameAttrib {
     char value[CTC_NAME_SIZE];   /* name */
 } NameAttrib;
 #endif /* WOLFSSL_MULTI_ATTRIB */
-#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef WOLFSSL_CUSTOM_OID
 typedef struct CertOidField {
@@ -513,6 +521,19 @@ typedef struct Cert {
     byte     issRaw[sizeof(CertName)];   /* raw issuer info */
     byte     sbjRaw[sizeof(CertName)];   /* raw subject info */
 #endif
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* These will not point to managed buffers. They will point to buffers that
+     * are managed by others. No cleanup necessary. */
+    /* Subject Alternative Public Key Info */
+    byte *sapkiDer;
+    int sapkiLen;
+    /* Alternative Signature Algorithm */
+    byte *altSigAlgDer;
+    int altSigAlgLen;
+    /* Alternative Signature Value */
+    byte *altSigValDer;
+    int altSigValLen;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef WOLFSSL_CERT_REQ
     char     challengePw[CTC_NAME_SIZE];
     char     unstructuredName[CTC_NAME_SIZE];
@@ -529,13 +550,13 @@ typedef struct Cert {
     void*   decodedCert;      /* internal DecodedCert allocated from heap */
     byte*   der;              /* Pointer to buffer of current DecodedCert cache */
     void*   heap;             /* heap hint */
-    byte    basicConstSet:1;  /* Indicator for when Basic Constraint is set */
+    WC_BITFIELD basicConstSet:1;  /* Indicator for when Basic Constraint is set */
 #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
-    byte    isCaSet:1;        /* Indicator for when isCA is set */
+    WC_BITFIELD isCaSet:1;        /* Indicator for when isCA is set */
 #endif
-    byte    pathLenSet:1;     /* Indicator for when path length is set */
+    WC_BITFIELD pathLenSet:1;     /* Indicator for when path length is set */
 #ifdef WOLFSSL_ALT_NAMES
-    byte    altNamesCrit:1;   /* Indicator of criticality of SAN extension */
+    WC_BITFIELD altNamesCrit:1;   /* Indicator of criticality of SAN extension */
 #endif
 } Cert;
 
@@ -572,6 +593,11 @@ WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buf,
                                WC_RNG* rng);
 WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
                             RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_API int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
+                                     word32 bufSz, int keyType, void* key,
+                                     WC_RNG* rng);
+#endif
 WOLFSSL_ABI
 WOLFSSL_API int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
                                 RsaKey* key, WC_RNG* rng);
@@ -703,8 +729,9 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
                                 word32 outputSz, byte *cipherIno, int type);
 #endif
 
+WOLFSSL_API word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz);
+
 #ifndef NO_RSA
-    #if !defined(HAVE_USER_RSA)
     WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
         word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
     /* For FIPS v1/v2 and selftest this is in rsa.h */
@@ -717,7 +744,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
          (! ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR == 0)))))
     WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
     #endif
-    #endif /* !HAVE_USER_RSA */
     WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header);
     WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
         int with_header);
@@ -782,8 +808,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
      (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
      (defined(HAVE_ED448)      && defined(HAVE_ED448_KEY_EXPORT)) || \
      (defined(HAVE_CURVE448)   && defined(HAVE_CURVE448_KEY_EXPORT)) || \
-     (defined(HAVE_PQC) && (defined(HAVE_FALCON) || \
-                            defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))))
+     (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))
     #define WC_ENABLE_ASYM_KEY_EXPORT
 #endif
 
@@ -792,8 +817,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
      (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \
      (defined(HAVE_ED448)      && defined(HAVE_ED448_KEY_IMPORT)) || \
      (defined(HAVE_CURVE448)   && defined(HAVE_CURVE448_KEY_IMPORT)) || \
-     (defined(HAVE_PQC) && (defined(HAVE_FALCON) || \
-                            defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))))
+     (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))
     #define WC_ENABLE_ASYM_KEY_IMPORT
 #endif
 
@@ -820,12 +844,16 @@ WOLFSSL_API int wc_Curve25519PrivateKeyDecode(
     const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
 WOLFSSL_API int wc_Curve25519PublicKeyDecode(
     const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Curve25519KeyDecode(const byte *input, word32 *inOutIdx,
+                                       curve25519_key *key, word32 inSz);
 #endif
 #ifdef HAVE_CURVE25519_KEY_EXPORT
 WOLFSSL_API int wc_Curve25519PrivateKeyToDer(
     curve25519_key* key, byte* output, word32 inLen);
 WOLFSSL_API int wc_Curve25519PublicKeyToDer(
     curve25519_key* key, byte* output, word32 inLen, int withAlg);
+WOLFSSL_API int wc_Curve25519KeyToDer(curve25519_key* key, byte* output,
+                                      word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_CURVE25519 */
 
@@ -916,9 +944,9 @@ typedef struct _wc_CertPIV {
     word32       signedNonceSz; /* Identiv Only */
 
     /* flags */
-    word16       compression:2;
-    word16       isX509:1;
-    word16       isIdentiv:1;
+    WC_BITFIELD  compression:2;
+    WC_BITFIELD  isX509:1;
+    WC_BITFIELD  isIdentiv:1;
 } wc_CertPIV;
 
 WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
@@ -943,6 +971,24 @@ WOLFSSL_API int wc_GetFASCNFromCert(struct DecodedCert* cert,
                                     byte* fascn, word32* fascnSz);
 #endif /* WOLFSSL_FPKI */
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der,
+                                  int derSz);
+#endif
+
+#if defined(WOLFSSL_ACERT)
+/* Forward declaration needed, as DecodedAcert is defined in asn.h.*/
+struct DecodedAcert;
+WOLFSSL_API void wc_InitDecodedAcert(struct DecodedAcert* acert,
+                                     const byte* source, word32 inSz,
+                                     void* heap);
+WOLFSSL_API void wc_FreeDecodedAcert(struct DecodedAcert * acert);
+WOLFSSL_API int  wc_ParseX509Acert(struct DecodedAcert* acert, int verify);
+WOLFSSL_API int  wc_VerifyX509Acert(const byte* acert, word32 acertSz,
+                                    const byte* pubKey, word32 pubKeySz,
+                                    int pubKeyOID, void * heap);
+#endif /* WOLFSSL_ACERT */
+
 #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \
     defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT)
 #undef WOLFSSL_ASN_PRINT
@@ -968,7 +1014,7 @@ enum Asn1PrintOpt {
     /* Don't show text representations of primitive types. */
     ASN1_PRINT_OPT_SHOW_NO_TEXT,
     /* Don't show dump text representations of primitive types. */
-    ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT,
+    ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT
 };
 
 /* ASN.1 print options. */
@@ -980,17 +1026,17 @@ typedef struct Asn1PrintOptions {
     /* Number of spaces to indent for each change in depth. */
     word8 indent;
     /* Draw branches instead of indenting. */
-    word8 draw_branch:1;
+    WC_BITFIELD draw_branch:1;
     /* Show raw data of primitive types as octets. */
-    word8 show_data:1;
+    WC_BITFIELD show_data:1;
     /* Show header data as octets. */
-    word8 show_header_data:1;
+    WC_BITFIELD show_header_data:1;
     /* Show the wolfSSL OID value for OBJECT_ID. */
-    word8 show_oid:1;
+    WC_BITFIELD show_oid:1;
     /* Don't show text representations of primitive types. */
-    word8 show_no_text:1;
+    WC_BITFIELD show_no_text:1;
     /* Don't show dump text representations of primitive types. */
-    word8 show_no_dump_text:1;
+    WC_BITFIELD show_no_dump_text:1;
 } Asn1PrintOptions;
 
 /* ASN.1 item data. */
diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h
index 2cdbf4010..3f509c794 100644
--- a/wolfssl/wolfcrypt/blake2-impl.h
+++ b/wolfssl/wolfcrypt/blake2-impl.h
@@ -12,7 +12,7 @@
 */
 /* blake2-impl.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h
index 0ad625ee6..ec2292160 100644
--- a/wolfssl/wolfcrypt/blake2-int.h
+++ b/wolfssl/wolfcrypt/blake2-int.h
@@ -12,7 +12,7 @@
 */
 /* blake2-int.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h
index 1c62e643a..5d42c15df 100644
--- a/wolfssl/wolfcrypt/blake2.h
+++ b/wolfssl/wolfcrypt/blake2.h
@@ -1,6 +1,6 @@
 /* blake2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,10 +49,12 @@ enum {
 #ifdef HAVE_BLAKE2B
     BLAKE2B_ID  = WC_HASH_TYPE_BLAKE2B,
     BLAKE2B_256 = 32,  /* 256 bit type, SSL default */
+    WC_BLAKE2B_DIGEST_SIZE = 64,
 #endif
 #ifdef HAVE_BLAKE2S
     BLAKE2S_ID  = WC_HASH_TYPE_BLAKE2S,
-    BLAKE2S_256 = 32   /* 256 bit type */
+    BLAKE2S_256 = 32,  /* 256 bit type */
+    WC_BLAKE2S_DIGEST_SIZE = 32
 #endif
 };
 
diff --git a/wolfssl/wolfcrypt/camellia.h b/wolfssl/wolfcrypt/camellia.h
index 928312354..a31f764b6 100644
--- a/wolfssl/wolfcrypt/camellia.h
+++ b/wolfssl/wolfcrypt/camellia.h
@@ -27,7 +27,7 @@
 
 /* camellia.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,34 +63,49 @@
 #endif
 
 enum {
-    CAMELLIA_BLOCK_SIZE = 16
+    WC_CAMELLIA_BLOCK_SIZE = 16
 };
 
-#define CAMELLIA_TABLE_BYTE_LEN 272
-#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / sizeof(word32))
+#define WC_CAMELLIA_TABLE_BYTE_LEN 272
+#define WC_CAMELLIA_TABLE_WORD_LEN (WC_CAMELLIA_TABLE_BYTE_LEN / sizeof(word32))
 
-typedef word32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+typedef word32 WC_CAMELLIA_KEY_TABLE_TYPE[WC_CAMELLIA_TABLE_WORD_LEN];
 
-typedef struct Camellia {
+typedef struct wc_Camellia {
     word32 keySz;
-    KEY_TABLE_TYPE key;
-    word32 reg[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-    word32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-} Camellia;
+    WC_CAMELLIA_KEY_TABLE_TYPE key;
+    word32 reg[WC_CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+    word32 tmp[WC_CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+} wc_Camellia;
 
 
-WOLFSSL_API int  wc_CamelliaSetKey(Camellia* cam,
+WOLFSSL_API int  wc_CamelliaSetKey(wc_Camellia* cam,
                                    const byte* key, word32 len, const byte* iv);
-WOLFSSL_API int  wc_CamelliaSetIV(Camellia* cam, const byte* iv);
-WOLFSSL_API int  wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
+WOLFSSL_API int  wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv);
+WOLFSSL_API int  wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out,
                                                                 const byte* in);
-WOLFSSL_API int  wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
+WOLFSSL_API int  wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out,
                                                                 const byte* in);
-WOLFSSL_API int wc_CamelliaCbcEncrypt(Camellia* cam,
+WOLFSSL_API int wc_CamelliaCbcEncrypt(wc_Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
-WOLFSSL_API int wc_CamelliaCbcDecrypt(Camellia* cam,
+WOLFSSL_API int wc_CamelliaCbcDecrypt(wc_Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
 
+#ifndef OPENSSL_COEXIST
+
+enum {
+    CAMELLIA_BLOCK_SIZE = WC_CAMELLIA_BLOCK_SIZE
+};
+
+#define CAMELLIA_TABLE_BYTE_LEN WC_CAMELLIA_TABLE_BYTE_LEN
+#define CAMELLIA_TABLE_WORD_LEN WC_CAMELLIA_TABLE_WORD_LEN
+
+typedef word32 KEY_TABLE_TYPE[WC_CAMELLIA_TABLE_WORD_LEN];
+
+typedef struct wc_Camellia Camellia;
+
+#endif /* !OPENSSL_COEXIST */
+
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h
index 848edf681..892b6cedc 100644
--- a/wolfssl/wolfcrypt/chacha.h
+++ b/wolfssl/wolfcrypt/chacha.h
@@ -1,6 +1,6 @@
 /* chacha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -77,12 +77,13 @@ enum {
 
 typedef struct ChaCha {
     word32 X[CHACHA_CHUNK_WORDS];           /* state of cipher */
-#ifdef HAVE_INTEL_AVX1
+#if defined(USE_INTEL_CHACHA_SPEEDUP)
     /* vpshufd reads 16 bytes but we only use bottom 4. */
     byte extra[12];
 #endif
     word32 left;                            /* number of bytes leftover */
-#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM)
+#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) || \
+    defined(WOLFSSL_RISCV_ASM)
     word32 over[CHACHA_CHUNK_WORDS];
 #endif
 } ChaCha;
@@ -96,16 +97,32 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                               word32 msglen);
 
-WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
-
 WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
 
 #ifdef HAVE_XCHACHA
+WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
+
 WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
                                   const byte *nonce, word32 nonceSz,
                                   word32 counter);
 #endif
 
+#if defined(WOLFSSL_ARMASM)
+
+#ifndef __aarch64__
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter);
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz);
+#endif
+
+#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(WOLFSSL_ARMASM_THUMB2)
+void wc_chacha_use_over(byte* over, byte* output, const byte* input,
+    word32 len);
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len);
+#endif
+
+#endif
+
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h
index 6c04912a0..c7694dbdb 100644
--- a/wolfssl/wolfcrypt/chacha20_poly1305.h
+++ b/wolfssl/wolfcrypt/chacha20_poly1305.h
@@ -1,6 +1,6 @@
 /* chacha20_poly1305.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -72,7 +72,7 @@ typedef struct ChaChaPoly_Aead {
     word32   dataLen;
 
     byte     state;
-    byte     isEncrypt:1;
+    WC_BITFIELD isEncrypt:1;
 } ChaChaPoly_Aead;
 
 
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index 5fbda43cd..dd6e5b7a4 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,9 +24,12 @@
 #define WOLF_CRYPT_CMAC_H
 
 #include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/aes.h>
 
-#if !defined(NO_AES) && defined(WOLFSSL_CMAC)
+#ifdef WOLFSSL_CMAC
+
+#ifndef NO_AES
+#include <wolfssl/wolfcrypt/aes.h>
+#endif
 
 #if defined(HAVE_FIPS) && \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
@@ -38,19 +41,24 @@
 #endif
 
 /* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0)
+
+typedef enum CmacType {
+    WC_CMAC_AES = 1
+} CmacType;
 
 #ifndef WC_CMAC_TYPE_DEFINED
     typedef struct Cmac Cmac;
     #define WC_CMAC_TYPE_DEFINED
 #endif
 struct Cmac {
+#ifndef NO_AES
     Aes aes;
-    byte buffer[AES_BLOCK_SIZE]; /* partially stored block */
-    byte digest[AES_BLOCK_SIZE]; /* running digest */
-    byte k1[AES_BLOCK_SIZE];
-    byte k2[AES_BLOCK_SIZE];
+    byte buffer[WC_AES_BLOCK_SIZE]; /* partially stored block */
+    byte digest[WC_AES_BLOCK_SIZE]; /* running digest */
+    byte k1[WC_AES_BLOCK_SIZE];
+    byte k2[WC_AES_BLOCK_SIZE];
+#endif
     word32 bufferSz;
     word32 totalSz;
 #ifdef WOLF_CRYPTO_CB
@@ -71,16 +79,25 @@ struct Cmac {
 #ifdef WOLFSSL_SE050
     byte   useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */
 #endif
+    CmacType type;
 };
 
 
 
-typedef enum CmacType {
-    WC_CMAC_AES = 1
-} CmacType;
 
-#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE
-#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4)
+#ifndef NO_AES
+#define WC_CMAC_TAG_MAX_SZ WC_AES_BLOCK_SIZE
+#define WC_CMAC_TAG_MIN_SZ (WC_AES_BLOCK_SIZE/4)
+#else
+/* Reasonable defaults */
+#define WC_CMAC_TAG_MAX_SZ 16
+#define WC_CMAC_TAG_MIN_SZ 4
+#endif
+
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_CMAC_sanity(void);
+#endif
 
 #endif /* HAVE_FIPS */
 
@@ -107,19 +124,35 @@ int wc_CmacFinal(Cmac* cmac,
 WOLFSSL_API
 int wc_CmacFree(Cmac* cmac);
 
+#ifndef NO_AES
 WOLFSSL_API
 int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* in, word32 inSz,
                        const byte* key, word32 keySz);
+WOLFSSL_API
+int wc_AesCmacGenerate_ex(Cmac *cmac,
+                          byte* out, word32* outSz,
+                          const byte* in, word32 inSz,
+                          const byte* key, word32 keySz,
+                          void* heap,
+                          int devId);
 
 WOLFSSL_API
 int wc_AesCmacVerify(const byte* check, word32 checkSz,
                      const byte* in, word32 inSz,
                      const byte* key, word32 keySz);
-
+WOLFSSL_API
+int wc_AesCmacVerify_ex(Cmac* cmac,
+                        const byte* check, word32 checkSz,
+                        const byte* in, word32 inSz,
+                        const byte* key, word32 keySz,
+                        void* heap,
+                        int devId);
 WOLFSSL_LOCAL
 void ShiftAndXorRb(byte* out, byte* in);
 
+#endif /* !NO_AES */
+
 #ifdef WOLFSSL_HASH_KEEP
 WOLFSSL_API
 int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
@@ -130,6 +163,6 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
 #endif
 
 
-#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* WOLFSSL_CMAC */
 #endif /* WOLF_CRYPT_CMAC_H */
 
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index e0aecc628..a97976eb9 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -1,6 +1,6 @@
 /* coding.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/compress.h b/wolfssl/wolfcrypt/compress.h
index a4efc7809..c4d5c25e8 100644
--- a/wolfssl/wolfcrypt/compress.h
+++ b/wolfssl/wolfcrypt/compress.h
@@ -1,6 +1,6 @@
 /* compress.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/cpuid.h b/wolfssl/wolfcrypt/cpuid.h
index 9e04328f7..bb883cb45 100644
--- a/wolfssl/wolfcrypt/cpuid.h
+++ b/wolfssl/wolfcrypt/cpuid.h
@@ -1,6 +1,6 @@
 /* cpuid.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,6 +38,11 @@
     #define HAVE_CPUID
     #define HAVE_CPUID_INTEL
 #endif
+#if (defined(WOLFSSL_AARCH64_BUILD) || (defined(__aarch64__) && \
+     defined(WOLFSSL_ARMASM))) && !defined(WOLFSSL_NO_ASM)
+    #define HAVE_CPUID
+    #define HAVE_CPUID_AARCH64
+#endif
 
 #ifdef HAVE_CPUID_INTEL
 
@@ -50,6 +55,7 @@
     #define CPUID_ADX    0x0040   /* ADCX, ADOX */
     #define CPUID_MOVBE  0x0080   /* Move and byte swap */
     #define CPUID_BMI1   0x0100   /* ANDN */
+    #define CPUID_SHA    0x0200   /* SHA-1 and SHA-256 instructions */
 
     #define IS_INTEL_AVX1(f)    ((f) & CPUID_AVX1)
     #define IS_INTEL_AVX2(f)    ((f) & CPUID_AVX2)
@@ -60,6 +66,27 @@
     #define IS_INTEL_ADX(f)     ((f) & CPUID_ADX)
     #define IS_INTEL_MOVBE(f)   ((f) & CPUID_MOVBE)
     #define IS_INTEL_BMI1(f)    ((f) & CPUID_BMI1)
+    #define IS_INTEL_SHA(f)     ((f) & CPUID_SHA)
+
+#elif defined(HAVE_CPUID_AARCH64)
+
+    #define CPUID_AES         0x0001
+    #define CPUID_PMULL       0x0002
+    #define CPUID_SHA256      0x0004
+    #define CPUID_SHA512      0x0008
+    #define CPUID_RDM         0x0010
+    #define CPUID_SHA3        0x0020
+    #define CPUID_SM3         0x0040
+    #define CPUID_SM4         0x0080
+
+    #define IS_AARCH64_AES(f)       ((f) & CPUID_AES)
+    #define IS_AARCH64_PMULL(f)     ((f) & CPUID_PMULL)
+    #define IS_AARCH64_SHA256(f)    ((f) & CPUID_SHA256)
+    #define IS_AARCH64_SHA512(f)    ((f) & CPUID_SHA512)
+    #define IS_AARCH64_RDM(f)       ((f) & CPUID_RDM)
+    #define IS_AARCH64_SHA3(f)      ((f) & CPUID_SHA3)
+    #define IS_AARCH64_SM3(f)       ((f) & CPUID_SM3)
+    #define IS_AARCH64_SM4(f)       ((f) & CPUID_SM4)
 
 #endif
 
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
index 04548e386..d2d90fe37 100644
--- a/wolfssl/wolfcrypt/cryptocb.h
+++ b/wolfssl/wolfcrypt/cryptocb.h
@@ -1,6 +1,6 @@
 /* cryptocb.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,6 +50,9 @@
 #ifndef NO_SHA256
     #include <wolfssl/wolfcrypt/sha256.h>
 #endif
+#ifdef WOLFSSL_SHA3
+    #include <wolfssl/wolfcrypt/sha3.h>
+#endif
 #ifndef NO_HMAC
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
@@ -71,6 +74,21 @@
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
     #include <wolfssl/wolfcrypt/sha512.h>
 #endif
+#ifdef WOLFSSL_HAVE_KYBER
+    #include <wolfssl/wolfcrypt/kyber.h>
+#ifdef WOLFSSL_WC_KYBER
+    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#elif defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/ext_kyber.h>
+#endif
+#endif
+#if defined(HAVE_DILITHIUM)
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
+#if defined(HAVE_FALCON)
+    #include <wolfssl/wolfcrypt/falcon.h>
+#endif
+
 
 #ifdef WOLF_CRYPTO_CB_CMD
 /* CryptoCb Commands */
@@ -83,15 +101,47 @@ enum wc_CryptoCbCmdType {
 };
 #endif
 
+
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+typedef struct {
+    Aes*        aes;
+    byte*       out;
+    const byte* in;
+    word32      sz;
+    const byte* nonce;
+    word32      nonceSz;
+    const byte* iv;
+    word32      ivSz;
+    byte*       authTag;
+    word32      authTagSz;
+    const byte* authIn;
+    word32      authInSz;
+} wc_CryptoCb_AesAuthEnc;
+typedef struct {
+    Aes*        aes;
+    byte*       out;
+    const byte* in;
+    word32      sz;
+    const byte* nonce;
+    word32      nonceSz;
+    const byte* iv;
+    word32      ivSz;
+    const byte* authTag;
+    word32      authTagSz;
+    const byte* authIn;
+    word32      authInSz;
+} wc_CryptoCb_AesAuthDec;
+#endif
+
 /* Crypto Information Structure for callbacks */
 typedef struct wc_CryptoInfo {
     int algo_type; /* enum wc_AlgoType */
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
     union {
 #endif
     struct {
         int type; /* enum wc_PkType */
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
 #endif
         #ifndef NO_RSA
@@ -103,6 +153,9 @@ typedef struct wc_CryptoInfo {
                 int         type;
                 RsaKey*     key;
                 WC_RNG*     rng;
+            #ifdef WOLF_CRYPTO_CB_RSA_PAD
+                RsaPadding *padding;
+            #endif
             } rsa;
         #ifdef WOLFSSL_KEY_GEN
             struct {
@@ -201,7 +254,70 @@ typedef struct wc_CryptoInfo {
                 byte         contextLen;
             } ed25519verify;
         #endif
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+        #if defined(WOLFSSL_HAVE_KYBER)
+            struct {
+                WC_RNG*     rng;
+                int         size;
+                void*       key;
+                int         type; /* enum wc_PqcKemType */
+            } pqc_kem_kg;
+            struct {
+                byte*       ciphertext;
+                word32      ciphertextLen;
+                byte*       sharedSecret;
+                word32      sharedSecretLen;
+                WC_RNG*     rng;
+                void*       key;
+                int         type; /* enum wc_PqcKemType */
+            } pqc_encaps;
+            struct {
+                const byte* ciphertext;
+                word32      ciphertextLen;
+                byte*       sharedSecret;
+                word32      sharedSecretLen;
+                void*       key;
+                int         type; /* enum wc_PqcKemType */
+            } pqc_decaps;
+        #endif
+        #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+            struct {
+                WC_RNG*     rng;
+                int         size;
+                void*       key;
+                int         type; /* enum wc_PqcSignatureType */
+            } pqc_sig_kg;
+            struct {
+                const byte* in;
+                word32      inlen;
+                byte*       out;
+                word32*     outlen;
+                WC_RNG*     rng;
+                void*       key;
+                int         type; /* enum wc_PqcSignatureType */
+                const byte* context;
+                byte        contextLen;
+                word32      preHashType; /* enum wc_HashType */
+            } pqc_sign;
+            struct {
+                const byte* sig;
+                word32      siglen;
+                const byte* msg;
+                word32      msglen;
+                int*        res;
+                void*       key;
+                int         type; /* enum wc_PqcSignatureType */
+                const byte* context;
+                byte        contextLen;
+                word32      preHashType; /* enum wc_HashType */
+            } pqc_verify;
+            struct {
+                void*       key;
+                const byte* pubKey;
+                word32      pubKeySz;
+                int         type; /* enum wc_PqcSignatureType */
+            } pqc_sig_check;
+        #endif
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
     } pk;
@@ -209,60 +325,16 @@ typedef struct wc_CryptoInfo {
     struct {
         int type; /* enum wc_CipherType */
         int enc;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
 #endif
         #ifdef HAVE_AESGCM
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* iv;
-                word32      ivSz;
-                byte*       authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesgcm_enc;
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* iv;
-                word32      ivSz;
-                const byte* authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesgcm_dec;
+            wc_CryptoCb_AesAuthEnc aesgcm_enc;
+            wc_CryptoCb_AesAuthDec aesgcm_dec;
         #endif /* HAVE_AESGCM */
         #ifdef HAVE_AESCCM
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* nonce;
-                word32      nonceSz;
-                byte*       authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesccm_enc;
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* nonce;
-                word32      nonceSz;
-                const byte* authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesccm_dec;
+            wc_CryptoCb_AesAuthEnc aesccm_enc;
+            wc_CryptoCb_AesAuthDec aesccm_dec;
         #endif /* HAVE_AESCCM */
         #if defined(HAVE_AES_CBC)
             struct {
@@ -297,7 +369,7 @@ typedef struct wc_CryptoInfo {
             } des3;
         #endif
             void* ctx;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
     } cipher;
@@ -309,7 +381,7 @@ typedef struct wc_CryptoInfo {
         const byte* in;
         word32 inSz;
         byte* digest;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
 #endif
         #ifndef NO_SHA
@@ -326,9 +398,12 @@ typedef struct wc_CryptoInfo {
         #endif
         #ifdef WOLFSSL_SHA512
             wc_Sha512* sha512;
+        #endif
+        #ifdef WOLFSSL_SHA3
+            wc_Sha3* sha3;
         #endif
             void* ctx;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
     } hash;
@@ -367,13 +442,25 @@ typedef struct wc_CryptoInfo {
         int type;
     } cmac;
 #endif
+#ifndef NO_CERTS
+    struct {
+        const byte *id;
+        word32 idLen;
+        const char *label;
+        word32 labelLen;
+        byte **certDataOut;
+        word32 *certSz;
+        int *certFormatOut;
+        void *heap;
+    } cert;
+#endif
 #ifdef WOLF_CRYPTO_CB_CMD
     struct {      /* uses wc_AlgoType=ALGO_NONE */
         int type; /* enum wc_CryptoCbCmdType */
         void *ctx;
     } cmd;
 #endif
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
     };
 #endif
 } wc_CryptoInfo;
@@ -406,6 +493,11 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
 WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     word32* outLen, int type, RsaKey* key, WC_RNG* rng);
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+WOLFSSL_LOCAL int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+    word32* outLen, int type, RsaKey* key, WC_RNG* rng, RsaPadding *padding);
+#endif
+
 #ifdef WOLFSSL_KEY_GEN
 WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e,
     WC_RNG* rng);
@@ -452,6 +544,39 @@ WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
     const byte* context, byte contextLen);
 #endif /* HAVE_ED25519 */
 
+#if defined(WOLFSSL_HAVE_KYBER)
+WOLFSSL_LOCAL int wc_CryptoCb_PqcKemGetDevId(int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type,
+    int keySize, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcEncapsulate(byte* ciphertext,
+    word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen,
+    WC_RNG* rng, int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext,
+    word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen,
+    int type, void* key);
+#endif /* WOLFSSL_HAVE_KYBER */
+
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type,
+    int keySize, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out,
+    word32 *outlen, const byte* context, byte contextLen, word32 preHashType,
+    WC_RNG* rng, int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
+    const byte* msg, word32 msglen, const byte* context, byte contextLen,
+    word32 preHashType, int* res, int type, void* key);
+
+WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
+    const byte* pubKey, word32 pubKeySz);
+#endif /* HAVE_FALCON || HAVE_DILITHIUM */
+
 #ifndef NO_AES
 #ifdef HAVE_AESGCM
 WOLFSSL_LOCAL int wc_CryptoCb_AesGcmEncrypt(Aes* aes, byte* out,
@@ -519,6 +644,11 @@ WOLFSSL_LOCAL int wc_CryptoCb_Sha512Hash(wc_Sha512* sha512, const byte* in,
     word32 inSz, byte* digest);
 #endif
 
+#ifdef WOLFSSL_SHA3
+WOLFSSL_LOCAL int wc_CryptoCb_Sha3Hash(wc_Sha3* sha3, int type, const byte* in,
+    word32 inSz, byte* digest);
+#endif
+
 #ifndef NO_HMAC
 WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in,
     word32 inSz, byte* digest);
@@ -535,6 +665,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         void* ctx);
 #endif
 
+#ifndef NO_CERTS
+WOLFSSL_LOCAL int wc_CryptoCb_GetCert(int devId, const char *label,
+    word32 labelLen, const byte *id, word32 idLen, byte** out,
+    word32* outSz, int *format, void *heap);
+#endif
+
 #endif /* WOLF_CRYPTO_CB */
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index 3b25a9dfa..79fb6d9af 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -1,6 +1,6 @@
 /* curve25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -90,15 +90,18 @@ struct curve25519_key {
     void* devCtx;
     int devId;
 #endif
-
+    void *heap;
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    WC_RNG* rng;
+#endif
 #ifdef WOLFSSL_SE050
     word32 keyId;
     byte   keyIdSet;
 #endif
 
     /* bit fields */
-    byte pubSet:1;
-    byte privSet:1;
+    WC_BITFIELD pubSet:1;
+    WC_BITFIELD privSet:1;
 };
 
 enum {
@@ -109,11 +112,23 @@ enum {
 WOLFSSL_API
 int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
                            const byte* priv);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_API
+int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
+                                 const byte* priv, WC_RNG* rng);
+#endif
 
 WOLFSSL_API
 int wc_curve25519_generic(int public_size, byte* pub,
                           int private_size, const byte* priv,
                           int basepoint_size, const byte* basepoint);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_API
+int wc_curve25519_generic_blind(int public_size, byte* pub,
+                                int private_size, const byte* priv,
+                                int basepoint_size, const byte* basepoint,
+                                WC_RNG* rng);
+#endif
 
 WOLFSSL_API
 int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv);
@@ -139,6 +154,18 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId);
 WOLFSSL_API
 void wc_curve25519_free(curve25519_key* key);
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_API
+int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng);
+#endif
+
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API
+curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code);
+WOLFSSL_API
+int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p);
+#endif
+WOLFSSL_API
 
 /* raw key helpers */
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h
index aa00e1021..756c8a3d5 100644
--- a/wolfssl/wolfcrypt/curve448.h
+++ b/wolfssl/wolfcrypt/curve448.h
@@ -1,6 +1,6 @@
 /* curve448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,8 +58,8 @@ struct curve448_key {
 #endif
 
     /* bit fields */
-    byte pubSet:1;
-    byte privSet:1;
+    WC_BITFIELD pubSet:1;
+    WC_BITFIELD privSet:1;
 };
 
 enum {
diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h
index d5b123212..25688577f 100644
--- a/wolfssl/wolfcrypt/des3.h
+++ b/wolfssl/wolfcrypt/des3.h
@@ -1,6 +1,6 @@
 /* des3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -134,9 +134,16 @@ WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
 WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out,
                                    const byte* in, word32 sz);
 
+#ifdef FREESCALE_MMCAU /* Has separate encrypt/decrypt functions */
+WOLFSSL_API int wc_Des_EcbDecrypt(Des* des, byte* out,
+                                   const byte* in, word32 sz);
+WOLFSSL_API int wc_Des3_EcbDecrypt(Des3* des, byte* out,
+                                   const byte* in, word32 sz);
+#else
 /* ECB decrypt same process as encrypt but with decrypt key */
 #define wc_Des_EcbDecrypt  wc_Des_EcbEncrypt
 #define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt
+#endif
 
 WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h
index e94cb5931..81c5623cb 100644
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,7 @@
 
 #ifndef NO_DH
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -120,6 +119,11 @@ enum {
     #endif
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_dh_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_DH_sanity(void);
+#endif
+
 #ifdef HAVE_PUBLIC_FFDHE
 #ifdef HAVE_FFDHE_2048
 WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);
@@ -147,6 +151,9 @@ WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
 WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        const byte* priv, word32 privSz, const byte* otherPub,
                        word32 pubSz);
+WOLFSSL_API int wc_DhAgree_ct(DhKey* key, byte* agree, word32* agreeSz,
+                       const byte* priv, word32 privSz, const byte* otherPub,
+                       word32 pubSz);
 
 WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                            word32 inSz); /* wc_DhKeyDecode is in asn.c */
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
index 896976c5f..25fd1587f 100644
--- a/wolfssl/wolfcrypt/dilithium.h
+++ b/wolfssl/wolfcrypt/dilithium.h
@@ -1,6 +1,6 @@
 /* dilithium.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,10 +31,62 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
+#if defined(HAVE_DILITHIUM)
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+#endif
+
+#if defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+        defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+        !defined(WOLFSSL_DILITHIUM_VERIFY_ONLY)
+    #define WOLFSSL_DILITHIUM_VERIFY_ONLY
+#endif
+#ifdef WOLFSSL_DILITHIUM_VERIFY_ONLY
+    #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+        #define WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    #endif
+    #ifndef WOLFSSL_DILITHIUM_NO_SIGN
+        #define WOLFSSL_DILITHIUM_NO_SIGN
+    #endif
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    #define WOLFSSL_DILITHIUM_PUBLIC_KEY
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+        !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    #define WOLFSSL_DILITHIUM_PRIVATE_KEY
+#endif
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+        defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+        !defined(WOLFSSL_DILITHIUM_NO_CHECK_KEY) && \
+        !defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+    #define WOLFSSL_DILITHIUM_CHECK_KEY
+#endif
+
+#ifdef WOLFSSL_WC_DILITHIUM
+    #include <wolfssl/wolfcrypt/sha3.h>
+#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
+    #include <wolfssl/wolfcrypt/random.h>
+#endif
+#endif
+
+#if defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) && \
+        !defined(WC_DILITHIUM_CACHE_MATRIX_A)
+    #define WC_DILITHIUM_CACHE_MATRIX_A
+#endif
+#if defined(WC_DILITHIUM_CACHE_PUB_VECTORS) && \
+        !defined(WC_DILITHIUM_CACHE_MATRIX_A)
+    #define WC_DILITHIUM_CACHE_MATRIX_A
 #endif
 
 #ifdef __cplusplus
@@ -43,36 +95,600 @@
 
 /* Macros Definitions */
 
-#ifdef HAVE_LIBOQS
-#define DILITHIUM_LEVEL2_KEY_SIZE     OQS_SIG_dilithium_2_length_secret_key
-#define DILITHIUM_LEVEL2_SIG_SIZE     OQS_SIG_dilithium_2_length_signature
-#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_dilithium_2_length_public_key
-#define DILITHIUM_LEVEL2_PRV_KEY_SIZE (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
+#ifdef WOLFSSL_WC_DILITHIUM
 
-#define DILITHIUM_LEVEL3_KEY_SIZE     OQS_SIG_dilithium_3_length_secret_key
-#define DILITHIUM_LEVEL3_SIG_SIZE     OQS_SIG_dilithium_3_length_signature
-#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_dilithium_3_length_public_key
-#define DILITHIUM_LEVEL3_PRV_KEY_SIZE (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
+#ifndef WOLFSSL_DILITHIUM_ALIGNMENT
+    #if defined(__arch64__)
+        #define WOLFSSL_DILITHIUM_ALIGNMENT     8
+    #elif defined(__arm__)
+        #define WOLFSSL_DILITHIUM_ALIGNMENT     4
+    #elif !defined(WOLFSSL_AESNI) && defined(WOLFSSL_GENERAL_ALIGNMENT)
+        #define WOLFSSL_DILITHIUM_ALIGNMENT     WOLFSSL_GENERAL_ALIGNMENT
+    #else
+        #define WOLFSSL_DILITHIUM_ALIGNMENT     8
+    #endif
+#endif /* WOLFSSL_DILITHIUM_ALIGNMENT */
+
+#define DILITHIUM_LEVEL2_KEY_SIZE       2560
+#define DILITHIUM_LEVEL2_SIG_SIZE       2420
+#define DILITHIUM_LEVEL2_PUB_KEY_SIZE   1312
+#define DILITHIUM_LEVEL2_PRV_KEY_SIZE   \
+    (DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
+#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
+
+#define DILITHIUM_LEVEL3_KEY_SIZE       4032
+#define DILITHIUM_LEVEL3_SIG_SIZE       3309
+#define DILITHIUM_LEVEL3_PUB_KEY_SIZE   1952
+#define DILITHIUM_LEVEL3_PRV_KEY_SIZE   \
+    (DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
+#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
+
+
+#define DILITHIUM_LEVEL5_KEY_SIZE       4896
+#define DILITHIUM_LEVEL5_SIG_SIZE       4627
+#define DILITHIUM_LEVEL5_PUB_KEY_SIZE   2592
+#define DILITHIUM_LEVEL5_PRV_KEY_SIZE   \
+    (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
+#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
+
+#define ML_DSA_LEVEL2_KEY_SIZE          2560
+#define ML_DSA_LEVEL2_SIG_SIZE          2420
+#define ML_DSA_LEVEL2_PUB_KEY_SIZE      1312
+#define ML_DSA_LEVEL2_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL3_KEY_SIZE          4032
+#define ML_DSA_LEVEL3_SIG_SIZE          3309
+#define ML_DSA_LEVEL3_PUB_KEY_SIZE      1952
+#define ML_DSA_LEVEL3_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL5_KEY_SIZE          4896
+#define ML_DSA_LEVEL5_SIG_SIZE          4627
+#define ML_DSA_LEVEL5_PUB_KEY_SIZE      2592
+#define ML_DSA_LEVEL5_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
+
+
+
+/* Modulus. */
+#define DILITHIUM_Q                     0x7fe001
+/* Number of bits in modulus. */
+#define DILITHIUM_Q_BITS                23
+/* Number of elements in polynomial. */
+#define DILITHIUM_N                     256
+
+/* Number of dropped bits. */
+#define DILITHIUM_D                     13
+/* Maximum value of dropped bits. */
+#define DILITHIUM_D_MAX                 (1 << DILITHIUM_D)
+/* Half maximum value. */
+#define DILITHIUM_D_MAX_HALF            (1 << (DILITHIUM_D - 1))
+/* Number of undropped bits. */
+#define DILITHIUM_U                     (DILITHIUM_Q_BITS - DILITHIUM_D)
+
+/* Bits in coefficient range of y, GAMMA1, of 2^17 is 17. */
+#define DILITHIUM_GAMMA1_BITS_17        17
+/* Coefficient range of y, GAMMA1, of 2^17. */
+#define DILITHIUM_GAMMA1_17             (1 << 17)
+/* # encoding bits of y is GAMMA1 + 1. */
+#define DILITHIUM_GAMMA1_17_ENC_BITS    18
+/* Coefficient range of y, GAMMA1, of 2^17. */
+/* Bits in coefficient range of y, GAMMA1, of 2^19 is 19. */
+#define DILITHIUM_GAMMA1_BITS_19        19
+/* Coefficient range of y, GAMMA1, of 2^19. */
+#define DILITHIUM_GAMMA1_19             (1 << 19)
+/* # encoding bits of y is GAMMA1 + 1. */
+#define DILITHIUM_GAMMA1_19_ENC_BITS    20
+
+/* Low-order rounding range, GAMMA2, is Q divided by 88. */
+#define DILITHIUM_Q_LOW_88              ((DILITHIUM_Q - 1) / 88)
+/* Absolute low-order rounding range, GAMMA2, is Q divided by 88. */
+#define DILITHIUM_Q_LOW_88_2            (((DILITHIUM_Q - 1) / 88) * 2)
+/* # encoding bits of w1 when range is 88. */
+#define DILITHIUM_Q_HI_88_ENC_BITS      6
+/* Low-order rounding range, GAMMA2, is Q divided by 32. */
+#define DILITHIUM_Q_LOW_32              ((DILITHIUM_Q - 1) / 32)
+/* Absolute low-order rounding range, GAMMA2, is Q divided by 32. */
+#define DILITHIUM_Q_LOW_32_2            (((DILITHIUM_Q - 1) / 32) * 2)
+/* # encoding bits of w1 when range is 32. */
+#define DILITHIUM_Q_HI_32_ENC_BITS      4
+
+/* Private key range, eta, of 2. */
+#define DILITHIUM_ETA_2                 2
+/* Bits needed to encode values in range -2..2 as a positive number. */
+#define DILITHIUM_ETA_2_BITS            3
+/* Extract count of valid values. */
+#define DILITHIUM_ETA_2_MOD             15
+/* Private key range, eta, of 4. */
+#define DILITHIUM_ETA_4                 4
+/* Bits needed to encode values in range -4..4 as a positive number. */
+#define DILITHIUM_ETA_4_BITS            4
+/* Extract count of valid values. */
+#define DILITHIUM_ETA_4_MOD             9
+
+/* Number of bytes in a polynomial in memory. */
+#define DILITHIUM_POLY_SIZE             (DILITHIUM_N * sizeof(sword32))
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+
+/* Fist dimension of A, k, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_K              4
+/* Second dimension of A, l, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_L              4
+/* Private key range, ETA, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_ETA            DILITHIUM_ETA_2
+/* Number of bits in private key for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_ETA_BITS       DILITHIUM_ETA_2_BITS
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_LAMBDA         128
+/* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_TAU            39
+/* BETA = TAU * ETA for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_BETA           \
+    (PARAMS_ML_DSA_44_TAU * PARAMS_ML_DSA_44_ETA)
+/* Max # 1's in the hint h, OMEGA, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_OMEGA          80
+/* Bits in coefficient range of y, GAMMA1, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_GAMMA1_BITS    DILITHIUM_GAMMA1_BITS_17
+/* Ccoefficient range of y, GAMMA1, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_GAMMA1         (1 << PARAMS_ML_DSA_44_GAMMA1_BITS)
+/* Low-order rounding range, GAMMA2, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_GAMMA2         DILITHIUM_Q_LOW_88
+/* Bits in high-order rounding range, GAMMA2, for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_GAMMA2_HI_BITS 6
+/* Encoding size of w1 in bytes for ML-DSA-44.
+ * K * N / 8 * 6 - 6 bits as max value is 43 in high bits. */
+#define PARAMS_ML_DSA_44_W1_ENC_SZ      \
+    (PARAMS_ML_DSA_44_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS)
+/* Size of memory used for matrix a in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_A_SIZE         \
+    (PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
+/* Size of memory used for vector s1 in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_S1_SIZE        \
+    (PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
+/* Encoding size of s1 in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_S1_ENC_SIZE    \
+    (PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
+/* Size of memory used for vector s2 in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_S2_SIZE        \
+    (PARAMS_ML_DSA_44_K * DILITHIUM_POLY_SIZE)
+/* Encoding size of s2 in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_S2_ENC_SIZE    \
+    (PARAMS_ML_DSA_44_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
+/* Encoding size of z in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_Z_ENC_SIZE     \
+    (PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) / 8 * \
+     (PARAMS_ML_DSA_44_GAMMA1_BITS + 1))
+/* Encoding size of public key in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_PK_SIZE        \
+    (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
+/* Encoding size of signature in bytes for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_SIG_SIZE       \
+    ((PARAMS_ML_DSA_44_LAMBDA / 4) +    \
+     PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
+     PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
+
+#endif /* WOLFSSL_NO_ML_DSA_44 */
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+
+/* Fist dimension of A, k, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_K              6
+/* Second dimension of A, l, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_L              5
+/* Private key range, ETA, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_ETA            DILITHIUM_ETA_4
+/* Number of bits in private key for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_ETA_BITS       DILITHIUM_ETA_4_BITS
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_LAMBDA         192
+/* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_TAU            49
+/* BETA = TAU * ETA for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_BETA           \
+    (PARAMS_ML_DSA_65_TAU * PARAMS_ML_DSA_65_ETA)
+/* Max # 1's in the hint h, OMEGA, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_OMEGA          55
+/* Bits in coefficient range of y, GAMMA1, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_GAMMA1_BITS    DILITHIUM_GAMMA1_BITS_19
+/* Ccoefficient range of y, GAMMA1, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_GAMMA1         (1 << PARAMS_ML_DSA_65_GAMMA1_BITS)
+/* Low-order rounding range, GAMMA2, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_GAMMA2         DILITHIUM_Q_LOW_32
+/* Bits in high-order rounding range, GAMMA2, for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_GAMMA2_HI_BITS 4
+/* Encoding size of w1 in bytes for ML-DSA-65.
+ * K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
+#define PARAMS_ML_DSA_65_W1_ENC_SZ      \
+    (PARAMS_ML_DSA_65_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS)
+/* Size of memory used for matrix a in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_A_SIZE         \
+    (PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
+/* Size of memory used for vector s1 in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_S1_SIZE        \
+    (PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
+/* Encoding size of s1 in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_S1_ENC_SIZE    \
+    (PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
+/* Size of memory used for vector s2 in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_S2_SIZE        \
+    (PARAMS_ML_DSA_65_K * DILITHIUM_POLY_SIZE)
+/* Encoding size of s2 in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_S2_ENC_SIZE    \
+    (PARAMS_ML_DSA_65_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
+/* Encoding size of z in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_Z_ENC_SIZE     \
+    (PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) / 8 * \
+     (PARAMS_ML_DSA_65_GAMMA1_BITS + 1))
+/* Encoding size of public key in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_PK_SIZE        \
+    (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
+/* Encoding size of signature in bytes for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_SIG_SIZE       \
+    ((PARAMS_ML_DSA_65_LAMBDA / 4) +    \
+     PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
+     PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
+
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+
+/* Fist dimension of A, k, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_K              8
+/* Second dimension of A, l, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_L              7
+/* Private key range, ETA, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_ETA            DILITHIUM_ETA_2
+/* Number of bits in private key for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_ETA_BITS       DILITHIUM_ETA_2_BITS
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_LAMBDA         256
+/* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_TAU            60
+/* BETA = TAU * ETA for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_BETA           \
+    (PARAMS_ML_DSA_87_TAU * PARAMS_ML_DSA_87_ETA)
+/* Max # 1's in the hint h, OMEGA, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_OMEGA          75
+/* Bits in coefficient range of y, GAMMA1, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_GAMMA1_BITS    DILITHIUM_GAMMA1_BITS_19
+/* Ccoefficient range of y, GAMMA1, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_GAMMA1         (1 << PARAMS_ML_DSA_87_GAMMA1_BITS)
+/* Low-order rounding range, GAMMA2, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_GAMMA2         DILITHIUM_Q_LOW_32
+/* Bits in high-order rounding range, GAMMA2, for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_GAMMA2_HI_BITS 4
+/* Encoding size of w1 in bytes for ML-DSA-87.
+ * K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
+#define PARAMS_ML_DSA_87_W1_ENC_SZ      \
+    (PARAMS_ML_DSA_87_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS)
+/* Size of memory used for matrix A in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_A_SIZE         \
+    (PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
+#define PARAMS_ML_DSA_87_S_SIZE         4
+/* Size of memory used for vector s1 in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_S1_SIZE        \
+    (PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
+/* Encoding size of s1 in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_S1_ENC_SIZE    \
+    (PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
+/* Size of memory used for vector s2 in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_S2_SIZE        \
+    (PARAMS_ML_DSA_87_K * DILITHIUM_POLY_SIZE)
+/* Encoding size of s2 in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_S2_ENC_SIZE    \
+    (PARAMS_ML_DSA_87_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
+/* Encoding size of z in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_Z_ENC_SIZE     \
+    (PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) / 8 * \
+     (PARAMS_ML_DSA_87_GAMMA1_BITS + 1))
+/* Encoding size of public key in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_PK_SIZE        \
+    (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
+/* Encoding size of signature in bytes for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_SIG_SIZE       \
+    ((PARAMS_ML_DSA_87_LAMBDA / 4) +    \
+     PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
+     PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
+
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+
+#define DILITHIUM_MAX_W1_ENC_SZ         PARAMS_ML_DSA_87_W1_ENC_SZ
+/* Maximum collision strength of c-tilde in bytes. */
+#define DILITHIUM_MAX_LAMBDA            PARAMS_ML_DSA_87_LAMBDA
+
+/* Maximum count of elements of a vector with dimension K. */
+#define DILITHIUM_MAX_K_VECTOR_COUNT     \
+    (PARAMS_ML_DSA_87_K * DILITHIUM_N)
+/* Maximum count of elements of a vector with dimension L. */
+#define DILITHIUM_MAX_L_VECTOR_COUNT     \
+    (PARAMS_ML_DSA_87_L * DILITHIUM_N)
+/* Maximum count of elements of a matrix with dimension KxL. */
+#define DILITHIUM_MAX_MATRIX_COUNT        \
+    (PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_N)
+
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+
+/* Maximum w1 encoding size in bytes. */
+#define DILITHIUM_MAX_W1_ENC_SZ         PARAMS_ML_DSA_65_W1_ENC_SZ
+/* Maximum collision strength of c-tilde in bytes. */
+#define DILITHIUM_MAX_LAMBDA            PARAMS_ML_DSA_65_LAMBDA
+
+/* Maximum count of elements of a vector with dimension K. */
+#define DILITHIUM_MAX_K_VECTOR_COUNT     \
+    (PARAMS_ML_DSA_65_K * DILITHIUM_N)
+/* Maximum count of elements of a vector with dimension L. */
+#define DILITHIUM_MAX_L_VECTOR_COUNT     \
+    (PARAMS_ML_DSA_65_L * DILITHIUM_N)
+/* Maximum count of elements of a matrix with dimension KxL. */
+#define DILITHIUM_MAX_MATRIX_COUNT        \
+    (PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_N)
+
+#else
+
+/* Maximum w1 encoding size in bytes. */
+#define DILITHIUM_MAX_W1_ENC_SZ         PARAMS_ML_DSA_44_W1_ENC_SZ
+/* Maximum collision strength of c-tilde in bytes. */
+#define DILITHIUM_MAX_LAMBDA            PARAMS_ML_DSA_44_LAMBDA
+
+/* Maximum count of elements of a vector with dimension K. */
+#define DILITHIUM_MAX_K_VECTOR_COUNT     \
+    (PARAMS_ML_DSA_44_K * DILITHIUM_N)
+/* Maximum count of elements of a vector with dimension L. */
+#define DILITHIUM_MAX_L_VECTOR_COUNT     \
+    (PARAMS_ML_DSA_44_L * DILITHIUM_N)
+/* Maximum count of elements of a matrix with dimension KxL. */
+#define DILITHIUM_MAX_MATRIX_COUNT        \
+    (PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_N)
 
-#define DILITHIUM_LEVEL5_KEY_SIZE     OQS_SIG_dilithium_5_length_secret_key
-#define DILITHIUM_LEVEL5_SIG_SIZE     OQS_SIG_dilithium_5_length_signature
-#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_dilithium_5_length_public_key
-#define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
 #endif
 
-#define DILITHIUM_MAX_KEY_SIZE     DILITHIUM_LEVEL5_PRV_KEY_SIZE
+/* Length of K in bytes. */
+#define DILITHIUM_K_SZ                  32
+/* Length of TR in bytes. */
+#define DILITHIUM_TR_SZ                 64
+/* Length of public key seed in bytes when expanding a. */
+#define DILITHIUM_PUB_SEED_SZ           32
+/* Length of private key seed in bytes when generating a key. */
+#define DILITHIUM_PRIV_SEED_SZ          64
+
+/* Length of seed when creating vector c. */
+#define DILITHIUM_SEED_SZ               32
+/* Length of seeds created when making a key. */
+#define DILITHIUM_SEEDS_SZ              128
+
+/* Length of MU in bytes. */
+#define DILITHIUM_MU_SZ                 64
+/* Length of random in bytes when generating a signature. */
+#define DILITHIUM_RND_SZ                32
+/* Length of private random in bytes when generating a signature. */
+#define DILITHIUM_PRIV_RAND_SEED_SZ     64
+
+/* 5 blocks, each block 21 * 8 bytes = 840 bytes.
+ * Minimum required is 256 * 3 = 768. */
+#define DILITHIUM_GEN_A_NBLOCKS         5
+/* Number of bytes to generate with Shake128 when generating A. */
+#define DILITHIUM_GEN_A_BYTES           \
+    (DILITHIUM_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8)
+/* Number of bytes to a block of SHAKE-128 when generating A. */
+#define DILITHIUM_GEN_A_BLOCK_BYTES     (WC_SHA3_128_COUNT * 8)
+
+/* Number of bytes to a block of SHAKE-256 when generating c. */
+#define DILITHIUM_GEN_C_BLOCK_BYTES     (WC_SHA3_256_COUNT * 8)
+
+
+#ifndef WOLFSSL_DILITHIUM_SMALL
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+    /* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
+    #define DILITHIUM_REJ_NTT_POLY_H_SIZE    (DILITHIUM_GEN_A_BYTES + 1)
+#else
+    /* A block SHAKE-128 output. */
+    #define DILITHIUM_REJ_NTT_POLY_H_SIZE    DILITHIUM_GEN_A_BYTES
+#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */
+#else
+#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
+    /* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
+    #define DILITHIUM_REJ_NTT_POLY_H_SIZE    (DILITHIUM_GEN_A_BLOCK_BYTES + 1)
+#else
+    /* A block SHAKE-128 output. */
+    #define DILITHIUM_REJ_NTT_POLY_H_SIZE    DILITHIUM_GEN_A_BLOCK_BYTES
+#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */
+#endif
+
+#elif defined(HAVE_LIBOQS)
+
+#define DILITHIUM_LEVEL2_KEY_SIZE     OQS_SIG_ml_dsa_44_ipd_length_secret_key
+#define DILITHIUM_LEVEL2_SIG_SIZE     OQS_SIG_ml_dsa_44_ipd_length_signature
+#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key
+#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \
+    (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
+#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
+
+#define DILITHIUM_LEVEL3_KEY_SIZE     OQS_SIG_ml_dsa_65_ipd_length_secret_key
+#define DILITHIUM_LEVEL3_SIG_SIZE     OQS_SIG_ml_dsa_65_ipd_length_signature
+#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key
+#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \
+    (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
+#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
+
+#define DILITHIUM_LEVEL5_KEY_SIZE     OQS_SIG_ml_dsa_87_ipd_length_secret_key
+#define DILITHIUM_LEVEL5_SIG_SIZE     OQS_SIG_ml_dsa_87_ipd_length_signature
+#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key
+#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
+    (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
+#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
+
+
+#define ML_DSA_LEVEL2_KEY_SIZE        OQS_SIG_ml_dsa_44_ipd_length_secret_key
+#define ML_DSA_LEVEL2_SIG_SIZE        OQS_SIG_ml_dsa_44_ipd_length_signature
+#define ML_DSA_LEVEL2_PUB_KEY_SIZE    OQS_SIG_ml_dsa_44_ipd_length_public_key
+#define ML_DSA_LEVEL2_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL2_PUB_KEY_SIZE+ML_DSA_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL3_KEY_SIZE        OQS_SIG_ml_dsa_65_ipd_length_secret_key
+#define ML_DSA_LEVEL3_SIG_SIZE        OQS_SIG_ml_dsa_65_ipd_length_signature
+#define ML_DSA_LEVEL3_PUB_KEY_SIZE    OQS_SIG_ml_dsa_65_ipd_length_public_key
+#define ML_DSA_LEVEL3_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL3_PUB_KEY_SIZE+ML_DSA_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL5_KEY_SIZE        OQS_SIG_ml_dsa_87_ipd_length_secret_key
+#define ML_DSA_LEVEL5_SIG_SIZE        OQS_SIG_ml_dsa_87_ipd_length_signature
+#define ML_DSA_LEVEL5_PUB_KEY_SIZE    OQS_SIG_ml_dsa_87_ipd_length_public_key
+#define ML_DSA_LEVEL5_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL5_PUB_KEY_SIZE+ML_DSA_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
+
+#endif
+
+#define DILITHIUM_MAX_KEY_SIZE     DILITHIUM_LEVEL5_KEY_SIZE
 #define DILITHIUM_MAX_SIG_SIZE     DILITHIUM_LEVEL5_SIG_SIZE
 #define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
 #define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
+#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
+
+
+#ifdef WOLF_PRIVATE_KEY_ID
+#define DILITHIUM_MAX_ID_LEN    32
+#define DILITHIUM_MAX_LABEL_LEN 32
+#endif
 
 /* Structs */
 
+#ifdef WOLFSSL_WC_DILITHIUM
+typedef struct wc_dilithium_params {
+    byte level;
+    byte k;
+    byte l;
+    byte eta;
+    byte eta_bits;
+    byte tau;
+    byte beta;
+    byte omega;
+    word16 lambda;
+    byte gamma1_bits;
+    word32 gamma2;
+    word32 w1EncSz;
+    word16 aSz;
+    word16 s1Sz;
+    word16 s1EncSz;
+    word16 s2Sz;
+    word16 s2EncSz;
+    word16 zEncSz;
+    word16 pkSz;
+    word16 sigSz;
+} wc_dilithium_params;
+#endif
+
 struct dilithium_key {
-    bool pubKeySet;
-    bool prvKeySet;
+    byte pubKeySet;
+    byte prvKeySet;
     byte level; /* 2,3 or 5 */
+
+    void* heap; /* heap hint */
+
+#ifdef WOLF_CRYPTO_CB
+    void* devCtx;
+    int   devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    byte id[DILITHIUM_MAX_ID_LEN];
+    int  idLen;
+    char label[DILITHIUM_MAX_LABEL_LEN];
+    int  labelLen;
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
     byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
-    byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
+    byte k[DILITHIUM_MAX_KEY_SIZE];
+#else
+    const byte* p;
+    const byte* k;
+#endif
+
+#ifdef WOLFSSL_WC_DILITHIUM
+    const wc_dilithium_params* params;
+    wc_Shake shake;
+#ifndef WC_DILITHIUM_FIXED_ARRAY
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+    sword32* a;
+    byte aSet;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+    sword32* s1;
+    sword32* s2;
+    sword32* t0;
+    byte privVecsSet;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    sword32* t1;
+    byte pubVecSet;
+#endif
+#else
+#ifdef WC_DILITHIUM_CACHE_MATRIX_A
+    sword32 a[DILITHIUM_MAX_MATRIX_COUNT];
+    byte aSet;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
+    sword32 s1[DILITHIUM_MAX_L_VECTOR_COUNT];
+    sword32 s2[DILITHIUM_MAX_K_VECTOR_COUNT];
+    sword32 t0[DILITHIUM_MAX_K_VECTOR_COUNT];
+    byte privVecsSet;
+#endif
+#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
+    sword32 t1[DILITHIUM_MAX_K_VECTOR_COUNT];
+    byte pubVecSet;
+#endif
+#endif
+#if defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && \
+    defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)
+    sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT];
+    sword32 c[DILITHIUM_N];
+    sword32 w[DILITHIUM_N];
+    sword32 t1[DILITHIUM_N];
+    byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
+#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+    sword64 t64[DILITHIUM_N];
+#endif
+    byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
+    byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
+#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC &&
+        * WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */
+#endif /* WOLFSSL_WC_DILITHIUM */
 };
 
 #ifndef WC_DILITHIUMKEY_TYPE_DEFINED
@@ -82,15 +698,61 @@ struct dilithium_key {
 
 /* Functions */
 
+#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
 WOLFSSL_API
-int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       dilithium_key* key);
+int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
+
+WOLFSSL_API
+int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
+    word32* sigLen, dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
+    const byte* hash, word32 hashLen, byte* sig, word32* sigLen,
+    dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, const byte* seed);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
+    int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed);
+#endif
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
-                         word32 msgLen, int* res, dilithium_key* key);
+    word32 msgLen, int* res, dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, int* res,
+    dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
+    const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
+    word32 hashLen, int* res, dilithium_key* key);
 
 WOLFSSL_API
 int wc_dilithium_init(dilithium_key* key);
+
+WOLFSSL_API
+int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId);
+
+#ifdef WOLF_PRIVATE_KEY_ID
+WOLFSSL_API
+int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len,
+    void* heap, int devId);
+WOLFSSL_API
+int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap,
+    int devId);
+#endif
+
 WOLFSSL_API
 int wc_dilithium_set_level(dilithium_key* key, byte level);
 WOLFSSL_API
@@ -98,54 +760,154 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level);
 WOLFSSL_API
 void wc_dilithium_free(dilithium_key* key);
 
-WOLFSSL_API
-int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key);
-WOLFSSL_API
-int wc_dilithium_import_private_only(const byte* priv, word32 privSz,
-                                  dilithium_key* key);
-WOLFSSL_API
-int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
-                                 const byte* pub, word32 pubSz,
-                                 dilithium_key* key);
-
-WOLFSSL_API
-int wc_dilithium_export_public(dilithium_key*, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
-                         byte* pub, word32 *pubSz);
-
-WOLFSSL_API
-int wc_dilithium_check_key(dilithium_key* key);
-
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 WOLFSSL_API
 int wc_dilithium_size(dilithium_key* key);
+#endif
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
 WOLFSSL_API
 int wc_dilithium_priv_size(dilithium_key* key);
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
 WOLFSSL_API
 int wc_dilithium_pub_size(dilithium_key* key);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
 WOLFSSL_API
 int wc_dilithium_sig_size(dilithium_key* key);
+#endif
 
+#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
+WOLFSSL_API
+int wc_dilithium_check_key(dilithium_key* key);
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+WOLFSSL_API
+int wc_dilithium_import_public(const byte* in, word32 inLen,
+    dilithium_key* key);
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+WOLFSSL_API
+int wc_dilithium_import_private(const byte* priv, word32 privSz,
+    dilithium_key* key);
+#define wc_dilithium_import_private_only    wc_dilithium_import_private
+WOLFSSL_API
+int wc_dilithium_import_key(const byte* priv, word32 privSz,
+    const byte* pub, word32 pubSz, dilithium_key* key);
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+WOLFSSL_API
+int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+WOLFSSL_API
+int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
+#define wc_dilithium_export_private_only    wc_dilithium_export_private
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+WOLFSSL_API
+int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
+    byte* pub, word32 *pubSz);
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
 WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input,
-                                              word32* inOutIdx,
-                                              dilithium_key* key, word32 inSz);
+    word32* inOutIdx, dilithium_key* key, word32 inSz);
+#endif
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
 WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input,
-                                             word32* inOutIdx,
-                                             dilithium_key* key, word32 inSz);
-WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output,
-                                      word32 inLen);
-WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
-                                             word32 inLen);
+    word32* inOutIdx, dilithium_key* key, word32 inSz);
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+#ifdef WC_ENABLE_ASYM_KEY_EXPORT
 WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output,
-                                            word32 inLen, int withAlg);
+    word32 inLen, int withAlg);
+#endif
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
+WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output,
+    word32 inLen);
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
+    word32 inLen);
+#endif
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
+
+#define WC_ML_DSA_DRAFT         10
+
+#define WC_ML_DSA_44            2
+#define WC_ML_DSA_65            3
+#define WC_ML_DSA_87            5
+#define WC_ML_DSA_44_DRAFT      (2 + WC_ML_DSA_DRAFT)
+#define WC_ML_DSA_65_DRAFT      (3 + WC_ML_DSA_DRAFT)
+#define WC_ML_DSA_87_DRAFT      (5 + WC_ML_DSA_DRAFT)
+
+#define DILITHIUM_ML_DSA_44_KEY_SIZE        2560
+#define DILITHIUM_ML_DSA_44_SIG_SIZE        2420
+#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE    1312
+#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE    \
+    (DILITHIUM_ML_DSA_44_PUB_KEY_SIZE + DILITHIUM_ML_DSA_44_KEY_SIZE)
+
+#define DILITHIUM_ML_DSA_65_KEY_SIZE        4032
+#define DILITHIUM_ML_DSA_65_SIG_SIZE        3309
+#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE    1952
+#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE    \
+    (DILITHIUM_ML_DSA_65_PUB_KEY_SIZE + DILITHIUM_ML_DSA_65_KEY_SIZE)
+
+#define DILITHIUM_ML_DSA_87_KEY_SIZE        4896
+#define DILITHIUM_ML_DSA_87_SIG_SIZE        4627
+#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE    2592
+#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE    \
+    (DILITHIUM_ML_DSA_87_PUB_KEY_SIZE + DILITHIUM_ML_DSA_87_KEY_SIZE)
+
+
+#define MlDsaKey  dilithium_key
+
+
+#define wc_MlDsaKey_Init(key, heap, devId)                      \
+    wc_dilithium_init_ex(key, heap, devId)
+#define wc_MlDsaKey_SetParams(key, id)                          \
+    wc_dilithium_set_level(key, id)
+#define wc_MlDsaKey_GetParams(key, id)                          \
+    wc_dilithium_get_level(key, id)
+#define wc_MlDsaKey_MakeKey(key, rng)                           \
+    wc_dilithium_make_key(key, rng)
+#define wc_MlDsaKey_ExportPrivRaw(key, out, outLen)             \
+    wc_dilithium_export_private_only(key, out, outLen)
+#define wc_MlDsaKey_ImportPrivRaw(key, in, inLen)               \
+    wc_dilithium_import_private_only(in, inLen, key)
+#define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng)      \
+    wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng)
+#define wc_MlDsaKey_Free(key)                                   \
+    wc_dilithium_free(key)
+#define wc_MlDsaKey_ExportPubRaw(key, out, outLen)              \
+    wc_dilithium_export_public(key, out, outLen)
+#define wc_MlDsaKey_ImportPubRaw(key, in, inLen)                \
+    wc_dilithium_import_public(in, inLen, key)
+#define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res)    \
+    wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key)
+
+#define wc_MlDsaKey_PublicKeyToDer(key, output, len, withAlg)   \
+    wc_Dilithium_PublicKeyToDer(key, output, len, withAlg)
+
+#define wc_MlDsaKey_PrivateKeyToDer(key, output, len)           \
+    wc_Dilithium_PrivateKeyToDer(key, output, len)
+
+
+WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len);
 
 #ifdef __cplusplus
     }    /* extern "C" */
 #endif
 
-#endif /* HAVE_PQC && HAVE_DILITHIUM */
+#endif /* HAVE_DILITHIUM */
 #endif /* WOLF_CRYPT_DILITHIUM_H */
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index d5ae3a4f8..4ae42c3bb 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 5f67d2d65..04a7a66e9 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -1,6 +1,6 @@
 /* ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,8 +31,7 @@
 
 #ifdef HAVE_ECC
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -83,6 +82,10 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_ecc_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_ECC_sanity(void);
+#endif
 
 /* Enable curve B parameter if needed */
 #if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE)
@@ -131,6 +134,14 @@
     #endif
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    #define WC_ECC_FIPS_SIG_MIN 224
+    #define WC_ECC_FIPS_GEN_MIN (WC_ECC_FIPS_SIG_MIN/8)
+#endif
+
+#ifdef WOLFSSL_SM2
+    #define WOLFSSL_SM2_KEY_BITS   256
+#endif
 
 /* calculate max ECC bytes */
 #if ((MAX_ECC_BITS * 2) % 8) == 0
@@ -209,13 +220,13 @@ typedef enum ecc_curve_id {
     ECC_CURVE_DEF = 0, /* NIST or SECP */
 
     /* NIST Prime Curves */
-    ECC_SECP192R1,
+    ECC_SECP192R1, /* 1 */
     ECC_PRIME192V2,
     ECC_PRIME192V3,
     ECC_PRIME239V1,
     ECC_PRIME239V2,
     ECC_PRIME239V3,
-    ECC_SECP256R1,
+    ECC_SECP256R1, /* 7 */
 
     /* SECP Curves */
     ECC_SECP112R1,
@@ -224,9 +235,9 @@ typedef enum ecc_curve_id {
     ECC_SECP128R2,
     ECC_SECP160R1,
     ECC_SECP160R2,
-    ECC_SECP224R1,
-    ECC_SECP384R1,
-    ECC_SECP521R1,
+    ECC_SECP224R1, /* 14 */
+    ECC_SECP384R1, /* 15 */
+    ECC_SECP521R1, /* 16 */
 
     /* Koblitz */
     ECC_SECP160K1,
@@ -276,7 +287,8 @@ typedef byte   ecc_oid_t;
 #endif
 
 
-#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API)
+#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API) && \
+        !defined(__WATCOMC__)
     /* MSC does something different with the pointers to the arrays than GCC,
      * and it causes the FIPS checksum to fail. In the case of windows builds,
      * store everything as arrays instead of pointers to strings. */
@@ -286,7 +298,7 @@ typedef byte   ecc_oid_t;
 
 /* ECC set type defined a GF(p) curve */
 #ifndef WOLFSSL_ECC_CURVE_STATIC
-typedef struct ecc_set_type {
+struct ecc_set_type {
     int size;             /* The size of the curve in octets */
     int id;               /* id of this curve */
     const char* name;     /* name of this curve */
@@ -300,13 +312,13 @@ typedef struct ecc_set_type {
     word32      oidSz;
     word32      oidSum;    /* sum of encoded OID bytes */
     int         cofactor;
-} ecc_set_type;
+};
 #else
 #define MAX_ECC_NAME 16
 #define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 2)
     /* The values are stored as text strings. */
 
-typedef struct ecc_set_type {
+struct ecc_set_type {
     int size;             /* The size of the curve in octets */
     int id;               /* id of this curve */
     char name[MAX_ECC_NAME];     /* name of this curve */
@@ -320,7 +332,7 @@ typedef struct ecc_set_type {
     word32      oidSz;
     word32      oidSum;    /* sum of encoded OID bytes */
     int         cofactor;
-} ecc_set_type;
+};
 #endif
 
 
@@ -430,10 +442,19 @@ typedef struct alt_fp_int {
     #define WC_ECCKEY_TYPE_DEFINED
 #endif
 
+#ifndef WC_ECCPOINT_TYPE_DEFINED
+    typedef struct ecc_point ecc_point;
+    #define WC_ECCPOINT_TYPE_DEFINED
+#endif
+
+#ifndef WC_ECCSET_TYPE_DEFINED
+    typedef struct ecc_set_type ecc_set_type;
+    #define WC_ECCSET_TYPE_DEFINED
+#endif
 
 /* A point on an ECC curve, stored in Jacobian format such that (x,y,z) =>
    (x/z^2, y/z^3, 1) when interpreted as affine */
-typedef struct {
+struct ecc_point {
 #ifndef ALT_ECC_SIZE
     mp_int x[1];        /* The x coordinate */
     mp_int y[1];        /* The y coordinate */
@@ -447,7 +468,8 @@ typedef struct {
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
     ecc_key* key;
 #endif
-} ecc_point;
+    WC_BITFIELD isAllocated:1;
+};
 
 /* ECC Flags */
 enum {
@@ -490,6 +512,17 @@ struct ecc_key {
     mp_int*   k;
     alt_fp_int ka[1];
 #endif
+#ifdef WOLFSSL_ECC_BLIND_K
+#ifndef ALT_ECC_SIZE
+    mp_int    kb[1];
+    mp_int    ku[1];
+#else
+    mp_int*   kb;
+    mp_int*   ku;
+    alt_fp_int kba[1];
+    alt_fp_int kua[1];
+#endif
+#endif
 
 #ifdef WOLFSSL_CAAM
     word32 blackKey;     /* address of key encrypted and in secure memory */
@@ -508,9 +541,6 @@ struct ecc_key {
     void* devCtx;
     int devId;
 #endif
-#if defined(HAVE_PKCS11)
-    byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */
-#endif
 #ifdef WOLFSSL_SILABS_SE_ACCEL
     sl_se_command_context_t  cmd_ctx;
     sl_se_key_descriptor_t   key;
@@ -561,12 +591,13 @@ struct ecc_key {
     mp_int* sign_k;
 #else
     mp_int sign_k[1];
-    byte sign_k_set:1;
+    WC_BITFIELD sign_k_set:1;
 #endif
 #endif
 #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
-    byte deterministic:1;
+    WC_BITFIELD deterministic:1;
+    enum wc_HashType hashType;
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
@@ -590,7 +621,20 @@ struct ecc_key {
 #endif
 };
 
-#define wc_ecc_key_get_priv(key) ((key)->k)
+#ifndef WOLFSSL_ECC_BLIND_K
+#define ecc_get_k(key)              (key)->k
+#define ecc_blind_k(key, b)         (void)b
+#define ecc_blind_k_rng(key, rng)   0
+
+#define wc_ecc_key_get_priv(key)    (key)->k
+#else
+mp_int* ecc_get_k(ecc_key* key);
+void ecc_blind_k(ecc_key* key, mp_int* b);
+int ecc_blind_k_rng(ecc_key* key, WC_RNG* rng);
+
+WOLFSSL_API mp_int* wc_ecc_key_get_priv(ecc_key* key);
+#endif
+
 #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
 
 
@@ -599,8 +643,15 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);
 
 
 /* ECC predefined curve sets  */
-extern const ecc_set_type ecc_sets[];
-extern const size_t ecc_sets_count;
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    extern const ecc_set_type ecc_sets[];
+    extern const size_t ecc_sets_count;
+#else
+    WOLFSSL_API const ecc_set_type *wc_ecc_get_sets(void);
+    WOLFSSL_API size_t wc_ecc_get_sets_count(void);
+    #define ecc_sets wc_ecc_get_sets()
+    #define ecc_sets_count wc_ecc_get_sets_count()
+#endif
 
 WOLFSSL_API
 const char* wc_ecc_get_name(int curve_id);
@@ -659,10 +710,8 @@ WOLFSSL_LOCAL
 int wc_ecc_shared_secret_gen_sync(ecc_key* private_key,
     ecc_point* point, byte* out, word32* outlen);
 
-#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-    defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
-#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
-#else
+#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(PLUTON_CRYPTO_ECC) && !defined(WOLFSSL_CRYPTOCELL)
 #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
 #endif
 
@@ -680,6 +729,9 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
 WOLFSSL_API
 int wc_ecc_set_deterministic(ecc_key* key, byte flag);
 WOLFSSL_API
+int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag,
+        enum wc_HashType hashType);
+WOLFSSL_API
 int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
         enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
         void* heap);
@@ -720,7 +772,7 @@ WOLFSSL_API
 int wc_ecc_set_flags(ecc_key* key, word32 flags);
 WOLFSSL_ABI WOLFSSL_API
 void wc_ecc_fp_free(void);
-WOLFSSL_LOCAL
+WOLFSSL_API
 void wc_ecc_fp_init(void);
 WOLFSSL_API
 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
@@ -948,6 +1000,8 @@ const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx);
 WOLFSSL_API
 int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt);
 WOLFSSL_API
+int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, word32 sz);
+WOLFSSL_API
 int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz);
 WOLFSSL_API
 int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz);
@@ -975,6 +1029,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void);
 WOLFSSL_API void wc_ecc_curve_cache_free(void);
 #endif
 
+#ifdef HAVE_OID_ENCODING
+WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void);
+WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void);
+#endif
+
 WOLFSSL_API
 int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order);
 
diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h
index 8e0124cca..5136d1355 100644
--- a/wolfssl/wolfcrypt/eccsi.h
+++ b/wolfssl/wolfcrypt/eccsi.h
@@ -1,6 +1,6 @@
 /* eccsi.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,15 +62,15 @@ typedef struct EccsiKeyParams {
     ecc_point* base;
 
     /** Bit indicates order (q) is set as an MP integer in ECCSI key. */
-    byte haveOrder:1;
+    WC_BITFIELD haveOrder:1;
     /** Bit indicates A is set as an MP integer in ECCSI key. */
-    byte haveA:1;
+    WC_BITFIELD haveA:1;
     /** Bit indicates B is set as an MP integer in ECCSI key. */
-    byte haveB:1;
+    WC_BITFIELD haveB:1;
     /** Bit indicates prime is set as an MP integer in ECCSI key. */
-    byte havePrime:1;
+    WC_BITFIELD havePrime:1;
     /** Bit indicates base point is set as an MP integer in ECCSI key. */
-    byte haveBase:1;
+    WC_BITFIELD haveBase:1;
 } EccsiKeyParams;
 
 /**
@@ -104,7 +104,7 @@ typedef struct EccsiKey {
     /** Heap hint for dynamic memory allocation. */
     void* heap;
     /** Bit indicates KPAK (public key) is in montgomery form. */
-    word16 kpakMont:1;
+    WC_BITFIELD kpakMont:1;
 } EccsiKey;
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h
index 0d6ef49fc..8dc0fc118 100644
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,8 +31,6 @@
 
 #ifdef HAVE_ED25519
 
-#include <wolfssl/wolfcrypt/fe_operations.h>
-#include <wolfssl/wolfcrypt/ge_operations.h>
 #include <wolfssl/wolfcrypt/random.h>
 #ifndef WOLFSSL_SHA512
 #error ED25519 requires SHA512
@@ -47,6 +45,10 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_ed25519_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_ED25519_sanity(void);
+#endif
 
 /* info about EdDSA curve specifically ed25519, defined as an elliptic curve
    over GF(p) */
@@ -72,11 +74,6 @@ enum {
     Ed25519ph  = 1
 };
 
-#ifndef WC_ED25519KEY_TYPE_DEFINED
-    typedef struct ed25519_key ed25519_key;
-    #define WC_ED25519KEY_TYPE_DEFINED
-#endif
-
 /* ED25519 Flags */
 enum {
     WC_ED25519_FLAG_NONE     = 0x00,
@@ -97,8 +94,9 @@ struct ed25519_key {
     word32 flags;
     byte   keyIdSet;
 #endif
-    word16 privKeySet:1;
-    word16 pubKeySet:1;
+    WC_BITFIELD privKeySet:1;
+    WC_BITFIELD pubKeySet:1;
+    WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
@@ -109,10 +107,14 @@ struct ed25519_key {
     void *heap;
 #ifdef WOLFSSL_ED25519_PERSISTENT_SHA
     wc_Sha512 sha;
-    int sha_clean_flag;
 #endif
 };
 
+#ifndef WC_ED25519KEY_TYPE_DEFINED
+    typedef struct ed25519_key ed25519_key;
+    #define WC_ED25519KEY_TYPE_DEFINED
+#endif
+
 
 WOLFSSL_API
 int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
@@ -173,13 +175,20 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res,
 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
 #endif /* HAVE_ED25519_VERIFY */
 
-
 WOLFSSL_API
 int wc_ed25519_init(ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
 WOLFSSL_API
 void wc_ed25519_free(ed25519_key* key);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API
+ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code);
+WOLFSSL_API
+int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p);
+#endif
+WOLFSSL_API
+
 #ifdef HAVE_ED25519_KEY_IMPORT
 WOLFSSL_API
 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h
index b45671d76..e79a04837 100644
--- a/wolfssl/wolfcrypt/ed448.h
+++ b/wolfssl/wolfcrypt/ed448.h
@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -47,6 +47,10 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_ed448_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_ED448_sanity(void);
+#endif
 
 /* info about EdDSA curve specifically ed448, defined as an elliptic curve
  * over GF(p)
@@ -72,22 +76,17 @@ enum {
     Ed448ph  = 1
 };
 
-#ifndef WC_ED448KEY_TYPE_DEFINED
-    typedef struct ed448_key ed448_key;
-    #define WC_ED448KEY_TYPE_DEFINED
-#endif
-
 /* An ED448 Key */
 struct ed448_key {
     byte    p[ED448_PUB_KEY_SIZE]; /* compressed public key */
-    byte    k[ED448_PRV_KEY_SIZE]; /* private key : 56 secret -- 56 public */
+    byte    k[ED448_PRV_KEY_SIZE]; /* private key : 57 secret -- 57 public */
 #ifdef FREESCALE_LTC_ECC
     /* uncompressed point coordinates */
     byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */
     byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
 #endif
-    word16 privKeySet:1;
-    word16 pubKeySet:1;
+    WC_BITFIELD privKeySet:1;
+    WC_BITFIELD pubKeySet:1;
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
@@ -98,10 +97,14 @@ struct ed448_key {
     void *heap;
 #ifdef WOLFSSL_ED448_PERSISTENT_SHA
     wc_Shake sha;
-    int sha_clean_flag;
+    unsigned int sha_clean_flag : 1;
 #endif
 };
 
+#ifndef WC_ED448KEY_TYPE_DEFINED
+    typedef struct ed448_key ed448_key;
+    #define WC_ED448KEY_TYPE_DEFINED
+#endif
 
 WOLFSSL_API
 int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index d29ac13b8..f466e291b 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -1,6 +1,6 @@
 /* error-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,10 +37,31 @@ the error status.
     extern "C" {
 #endif
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
 
 /* error codes, add string for new errors !!! */
-enum {
-    MAX_CODE_E         = -100,  /* errors -101 - -299 */
+enum wolfCrypt_ErrorCodes {
+    /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for
+     * reasons of backward compatibility.
+     */
+    WC_FAILURE         =   -1,  /* Generic but traceable back compat errcode.
+                                 * Note, not reflected in MAX_CODE_E or
+                                 * WC_FIRST_E.
+                                 */
+
+    MAX_CODE_E         =  -96,  /* WC_FIRST_E + 1, for backward compat. */
+    WC_FIRST_E         =  -97,  /* First code used for wolfCrypt */
+
+    WC_SPAN1_FIRST_E   =  -97,  /* errors -97 - -300 */
+
+    MP_MEM             =  -97,  /* MP dynamic memory allocation failed. */
+    MP_VAL             =  -98,  /* MP value passed is not able to be used. */
+    MP_WOULDBLOCK      =  -99,  /* MP non-blocking operation is returning after
+                                 * partial completion. */
+    MP_NOT_INF         = -100,  /* MP point not at infinity */
+
     OPEN_RAN_E         = -101,  /* opening random device error */
     READ_RAN_E         = -102,  /* reading random device error */
     WINCRYPT_E         = -103,  /* windows crypt init error */
@@ -65,11 +86,17 @@ enum {
     MP_ZERO_E          = -121,  /* got a mp zero result, not expected */
 
     AES_EAX_AUTH_E     = -122, /* AES-EAX Authentication check failure */
+    KEY_EXHAUSTED_E    = -123, /* No longer usable for operation. */
+
+    /* -124 unused. */
 
     MEMORY_E           = -125,  /* out of memory error */
     VAR_STATE_CHANGE_E = -126,  /* var state modified by different thread */
     FIPS_DEGRADED_E    = -127,  /* FIPS Module in degraded mode */
 
+    FIPS_CODE_SZ_E     = -128,  /* Module CODE too big */
+    FIPS_DATA_SZ_E     = -129,  /* Module DATA too big */
+
     RSA_WRONG_TYPE_E   = -130,  /* RSA wrong block type for RSA function */
     RSA_BUFFER_E       = -131,  /* RSA buffer error, output too small or
                                    input too large */
@@ -101,9 +128,15 @@ enum {
     ASN_SIG_HASH_E     = -156,  /* ASN sig error, unsupported hash type */
     ASN_SIG_KEY_E      = -157,  /* ASN sig error, unsupported key type */
     ASN_DH_KEY_E       = -158,  /* ASN key init error, invalid input */
+    KDF_SRTP_KAT_FIPS_E = -159, /* SRTP-KDF Known Answer Test Failure */
     ASN_CRIT_EXT_E     = -160,  /* ASN unsupported critical extension */
     ASN_ALT_NAME_E     = -161,  /* ASN alternate name error */
     ASN_NO_PEM_HEADER  = -162,  /* ASN no PEM header found */
+    ED25519_KAT_FIPS_E = -163,  /* Ed25519 Known answer test failure */
+    ED448_KAT_FIPS_E   = -164,  /* Ed448 Known answer test failure */
+    PBKDF2_KAT_FIPS_E  = -165,  /* PBKDF2 Known answer test failure */
+    WC_KEY_MISMATCH_E  = -166,  /* Error for private/public key mismatch */
+    /* -167..-169 unused. */
 
     ECC_BAD_ARG_E      = -170,  /* ECC input argument of wrong type */
     ASN_ECC_KEY_E      = -171,  /* ASN ECC bad input */
@@ -179,9 +212,12 @@ enum {
     WC_INIT_E           = -228,  /* wolfcrypt failed to initialize */
     SIG_VERIFY_E        = -229,  /* wolfcrypt signature verify error */
     BAD_COND_E          = -230,  /* Bad condition variable operation */
-    SIG_TYPE_E          = -231,  /* Signature Type not enabled/available */
+    SIG_TYPE_E          = -231,  /* Signature Type not enabled/available
+                                  * NOTE: 1024-bit sign disabled in FIPS mode */
     HASH_TYPE_E         = -232,  /* Hash Type not enabled/available */
 
+    FIPS_INVALID_VER_E  = -233,  /* Invalid FIPS Version defined */
+
     WC_KEY_SIZE_E       = -234,  /* Key size error, either too small or large */
     ASN_COUNTRY_SIZE_E  = -235,  /* ASN Cert Gen, invalid country code size */
     MISSING_RNG_E       = -236,  /* RNG required but not provided */
@@ -261,18 +297,37 @@ enum {
     SM4_GCM_AUTH_E      = -298,  /* SM4-GCM Authentication check failure */
     SM4_CCM_AUTH_E      = -299,  /* SM4-CCM Authentication check failure */
 
-    WC_LAST_E           = -299,  /* Update this to indicate last error */
-    MIN_CODE_E          = -300   /* errors -101 - -299 */
+    WC_SPAN1_LAST_E     = -299,  /* Last used code in span 1 */
+    WC_SPAN1_MIN_CODE_E = -300,  /* Last usable code in span 1 */
+
+    WC_SPAN2_FIRST_E    = -1000,
+
+    DEADLOCK_AVERTED_E  = -1000, /* Deadlock averted -- retry the call */
+    ASCON_AUTH_E        = -1001, /* ASCON Authentication check failure */
+
+    WC_SPAN2_LAST_E     = -1001, /* Update to indicate last used error code */
+    WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
+
+    WC_LAST_E           = -1001, /* the last code used either here or in
+                                  * error-ssl.h
+                                  */
+
+    MIN_CODE_E          = -1999  /* the last code allocated either here or in
+                                  * error-ssl.h
+                                  */
 
     /* add new companion error id strings for any new error codes
        wolfcrypt/src/error.c !!! */
 };
 
+wc_static_assert((int)WC_LAST_E <= (int)WC_SPAN2_LAST_E);
+wc_static_assert((int)MIN_CODE_E <= (int)WC_LAST_E);
+wc_static_assert((int)MIN_CODE_E <= (int)WC_SPAN2_MIN_CODE_E);
 
 #ifdef NO_ERROR_STRINGS
     #define wc_GetErrorString(error) "no support for error strings built in"
     #define wc_ErrorString(err, buf) \
-        (void)err; XSTRNCPY((buf), wc_GetErrorString((err)), \
+        (void)(err); XSTRNCPY((buf), wc_GetErrorString(err), \
         WOLFSSL_MAX_ERROR_SZ);
 
 #else
@@ -280,6 +335,41 @@ WOLFSSL_API void wc_ErrorString(int err, char* buff);
 WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
 #endif
 
+#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+        (defined(BUILDING_WOLFSSL) || \
+         defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+    WOLFSSL_API extern void wc_backtrace_render(void);
+    #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label)
+    #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE
+        #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+            #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render()
+        #else
+            #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0
+        #endif
+    #endif
+    #ifndef WC_ERR_TRACE
+        #ifdef NO_STDIO_FILESYSTEM
+        #define WC_ERR_TRACE(label)                           \
+            ( printf("ERR TRACE: %s L %d %s (%d)\n",          \
+                      __FILE__, __LINE__, #label, label),     \
+              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,          \
+              label                                           \
+            )
+        #else
+        #define WC_ERR_TRACE(label)                           \
+            ( fprintf(stderr,                                 \
+                      "ERR TRACE: %s L %d %s (%d)\n",         \
+                      __FILE__, __LINE__, #label, label),     \
+              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,          \
+              label                                           \
+            )
+        #endif
+    #endif
+    #include <wolfssl/debug-trace-error-codes.h>
+#else
+    #define WC_NO_ERR_TRACE(label) (label)
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/ext_kyber.h b/wolfssl/wolfcrypt/ext_kyber.h
index 53c175d77..0fe421f56 100644
--- a/wolfssl/wolfcrypt/ext_kyber.h
+++ b/wolfssl/wolfcrypt/ext_kyber.h
@@ -1,6 +1,6 @@
 /* ext_kyber.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,11 +22,15 @@
 #ifndef EXT_KYBER_H
 #define EXT_KYBER_H
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #ifdef WOLFSSL_HAVE_KYBER
 #include <wolfssl/wolfcrypt/kyber.h>
 
-#if !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4)
-#error "This code requires liboqs or pqm4"
+#if !defined(HAVE_LIBOQS)
+#error "This code requires liboqs"
 #endif
 
 #if defined(WOLFSSL_WC_KYBER)
@@ -35,17 +39,14 @@
 
 #if defined (HAVE_LIBOQS)
     #include <oqs/kem.h>
-    #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key
-    #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_kyber_1024_length_public_key
-#elif defined(HAVE_PQM4)
-    #include "api_kyber.h"
-    #define PQM4_PUBLIC_KEY_LENGTH    CRYPTO_PUBLICKEYBYTES
-    #define PQM4_PRIVATE_KEY_LENGTH   CRYPTO_SECRETKEYBYTES
-    #define PQM4_SHARED_SECRET_LENGTH CRYPTO_BYTES
-    #define PQM4_CIPHERTEXT_LENGTH    CRYPTO_CIPHERTEXTBYTES
 
-    #define EXT_KYBER_MAX_PRIV_SZ PQM4_PRIVATE_KEY_LENGTH
-    #define EXT_KYBER_MAX_PUB_SZ  PQM4_PUBLIC_KEY_LENGTH
+    #ifndef WOLFSSL_NO_ML_KEM
+        #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_ml_kem_1024_length_secret_key
+        #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_ml_kem_1024_length_public_key
+    #elif defined(WOLFSSL_KYBER_ORIGINAL)
+        #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key
+        #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_kyber_1024_length_public_key
+    #endif
 #endif
 
 struct KyberKey {
@@ -56,6 +57,12 @@ struct KyberKey {
      * Note we don't save the variant (SHAKE vs AES) as that is decided at
      * configuration time. */
     int type;
+
+#ifdef WOLF_CRYPTO_CB
+    void* devCtx;
+    int   devId;
+#endif
+
     byte priv[EXT_KYBER_MAX_PRIV_SZ];
     byte pub[EXT_KYBER_MAX_PUB_SZ];
 };
diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h
index ccdfdcb30..2c7d11674 100644
--- a/wolfssl/wolfcrypt/ext_lms.h
+++ b/wolfssl/wolfcrypt/ext_lms.h
@@ -1,6 +1,6 @@
 /* ext_lms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,12 +22,9 @@
 #ifndef EXT_LMS_H
 #define EXT_LMS_H
 
-#ifdef WOLFSSL_HAVE_LMS
-#include <wolfssl/wolfcrypt/lms.h>
+#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
 
-#if !defined(HAVE_LIBLMS)
-#error "This code requires liblms"
-#endif
+#include <wolfssl/wolfcrypt/lms.h>
 
 /* hash-sigs LMS HSS includes */
 #include <hss.h>
@@ -53,8 +50,8 @@ struct LmsKey {
     unsigned char        pub[HSS_MAX_PUBLIC_KEY_LEN];
 #ifndef WOLFSSL_LMS_VERIFY_ONLY
     hss_working_key *    working_key;
-    write_private_key_cb write_private_key; /* Callback to write/update key. */
-    read_private_key_cb  read_private_key;  /* Callback to read key. */
+    wc_lms_write_private_key_cb write_private_key; /* Callback to write/update key. */
+    wc_lms_read_private_key_cb  read_private_key;  /* Callback to read key. */
     void *               context;           /* Context arg passed to callbacks. */
     hss_extra_info       info;
 #endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
diff --git a/wolfssl/wolfcrypt/ext_xmss.h b/wolfssl/wolfcrypt/ext_xmss.h
index 9abf15835..1c7ed3581 100644
--- a/wolfssl/wolfcrypt/ext_xmss.h
+++ b/wolfssl/wolfcrypt/ext_xmss.h
@@ -1,6 +1,6 @@
 /* ext_xmss.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,12 +22,9 @@
 #ifndef EXT_XMSS_H
 #define EXT_XMSS_H
 
-#ifdef WOLFSSL_HAVE_XMSS
-#include <wolfssl/wolfcrypt/xmss.h>
+#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
 
-#if !defined(HAVE_LIBXMSS)
-    #error "This code requires libxmss"
-#endif
+#include <wolfssl/wolfcrypt/xmss.h>
 
 #include <xmss.h>
 #include <params.h>
@@ -45,8 +42,8 @@ struct XmssKey {
     /* The secret key length is a function of xmss_params. */
     unsigned char *      sk;
     word32               sk_len;
-    write_private_key_cb write_private_key; /* Callback to write/update key. */
-    read_private_key_cb  read_private_key;  /* Callback to read key. */
+    wc_xmss_write_private_key_cb write_private_key; /* Callback to write/update key. */
+    wc_xmss_read_private_key_cb  read_private_key;  /* Callback to read key. */
     void *               context;           /* Context arg passed to callbacks. */
 #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
     enum wc_XmssState    state;
diff --git a/wolfssl/wolfcrypt/falcon.h b/wolfssl/wolfcrypt/falcon.h
index cced2b051..45ae6736f 100644
--- a/wolfssl/wolfcrypt/falcon.h
+++ b/wolfssl/wolfcrypt/falcon.h
@@ -1,6 +1,6 @@
 /* falcon.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,10 +31,15 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(HAVE_PQC) && defined(HAVE_FALCON)
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -55,17 +60,35 @@
 #define FALCON_LEVEL5_PRV_KEY_SIZE (FALCON_LEVEL5_PUB_KEY_SIZE+FALCON_LEVEL5_KEY_SIZE)
 #endif
 
-#define FALCON_MAX_KEY_SIZE     FALCON_LEVEL5_PRV_KEY_SIZE
+#define FALCON_MAX_KEY_SIZE     FALCON_LEVEL5_KEY_SIZE
 #define FALCON_MAX_SIG_SIZE     FALCON_LEVEL5_SIG_SIZE
 #define FALCON_MAX_PUB_KEY_SIZE FALCON_LEVEL5_PUB_KEY_SIZE
 #define FALCON_MAX_PRV_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE
 
+#ifdef WOLF_PRIVATE_KEY_ID
+#define FALCON_MAX_ID_LEN    32
+#define FALCON_MAX_LABEL_LEN 32
+#endif
+
+
 /* Structs */
 
 struct falcon_key {
     bool pubKeySet;
     bool prvKeySet;
     byte level;
+
+#ifdef WOLF_CRYPTO_CB
+    void* devCtx;
+    int   devId;
+#endif
+#ifdef WOLF_PRIVATE_KEY_ID
+    byte id[FALCON_MAX_ID_LEN];
+    int  idLen;
+    char label[FALCON_MAX_LABEL_LEN];
+    int  labelLen;
+#endif
+
     byte p[FALCON_MAX_PUB_KEY_SIZE];
     byte k[FALCON_MAX_PRV_KEY_SIZE];
 };
@@ -79,13 +102,26 @@ struct falcon_key {
 
 WOLFSSL_API
 int wc_falcon_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       falcon_key* key);
+                       falcon_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                          word32 msgLen, int* res, falcon_key* key);
 
 WOLFSSL_API
 int wc_falcon_init(falcon_key* key);
+
+WOLFSSL_API
+int wc_falcon_init_ex(falcon_key* key, void* heap, int devId);
+
+#ifdef WOLF_PRIVATE_KEY_ID
+WOLFSSL_API
+int wc_falcon_init_id(falcon_key* key, const unsigned char* id, int len,
+                      void* heap, int devId);
+WOLFSSL_API
+int wc_falcon_init_label(falcon_key* key, const char* label, void* heap,
+                         int devId);
+#endif
+
 WOLFSSL_API
 int wc_falcon_set_level(falcon_key* key, byte level);
 WOLFSSL_API
@@ -104,7 +140,7 @@ int wc_falcon_import_private_key(const byte* priv, word32 privSz,
                                  falcon_key* key);
 
 WOLFSSL_API
-int wc_falcon_export_public(falcon_key*, byte* out, word32* outLen);
+int wc_falcon_export_public(falcon_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_falcon_export_private_only(falcon_key* key, byte* out, word32* outLen);
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/fe_448.h b/wolfssl/wolfcrypt/fe_448.h
index c925d7da4..fef9d177b 100644
--- a/wolfssl/wolfcrypt/fe_448.h
+++ b/wolfssl/wolfcrypt/fe_448.h
@@ -1,6 +1,6 @@
 /* fe448_448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,7 +29,8 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT)
+#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT) && \
+        !defined(NO_INT128)
     #define CURVED448_128BIT
 #endif
 
diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h
index cdd27db5d..dd029eca1 100644
--- a/wolfssl/wolfcrypt/fe_operations.h
+++ b/wolfssl/wolfcrypt/fe_operations.h
@@ -1,6 +1,6 @@
 /* fe_operations.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,6 +76,10 @@ Bounds on each t[i] vary depending on context.
 WOLFSSL_LOCAL void fe_init(void);
 
 WOLFSSL_LOCAL int  curve25519(byte * q, const byte * n, const byte * p);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_LOCAL int  curve25519_blind(byte * q, const byte * n, const byte* mask,
+                                    const byte * p, const byte* rz);
+#endif
 #endif
 
 /* default to be faster but take more memory */
@@ -116,8 +120,8 @@ WOLFSSL_LOCAL void fe_cmov(fe f, const fe g, int b);
 WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z);
 
 /* 64 type needed for SHA512 */
-WOLFSSL_LOCAL word64 load_3(const unsigned char *in);
-WOLFSSL_LOCAL word64 load_4(const unsigned char *in);
+WOLFSSL_LOCAL sword64 load_3(const unsigned char *in);
+WOLFSSL_LOCAL sword64 load_4(const unsigned char *in);
 
 #ifdef CURVED25519_ASM
 WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b);
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index dc37477d4..16f170b5e 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -1,6 +1,6 @@
 /* fips_test.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,39 +51,46 @@
 
 
 enum FipsCastId {
-    FIPS_CAST_AES_CBC,
-    FIPS_CAST_AES_GCM,
-    FIPS_CAST_HMAC_SHA1,
-    FIPS_CAST_HMAC_SHA2_256,
-    FIPS_CAST_HMAC_SHA2_512,
-    FIPS_CAST_HMAC_SHA3_256,
-    FIPS_CAST_DRBG,
-    FIPS_CAST_RSA_SIGN_PKCS1v15,
-    FIPS_CAST_ECC_CDH,
-    FIPS_CAST_ECC_PRIMITIVE_Z,
-    FIPS_CAST_DH_PRIMITIVE_Z,
-    FIPS_CAST_ECDSA,
-    FIPS_CAST_KDF_TLS12,
-    FIPS_CAST_KDF_TLS13,
-    FIPS_CAST_KDF_SSH,
-    FIPS_CAST_COUNT
+    /* v5.2.0 & v5.2.1 + */
+    FIPS_CAST_AES_CBC           =  0,
+    FIPS_CAST_AES_GCM           =  1,
+    FIPS_CAST_HMAC_SHA1         =  2,
+    FIPS_CAST_HMAC_SHA2_256     =  3,
+    FIPS_CAST_HMAC_SHA2_512     =  4,
+    FIPS_CAST_HMAC_SHA3_256     =  5,
+    FIPS_CAST_DRBG              =  6,
+    FIPS_CAST_RSA_SIGN_PKCS1v15 =  7,
+    FIPS_CAST_ECC_CDH           =  8,
+    FIPS_CAST_ECC_PRIMITIVE_Z   =  9,
+    FIPS_CAST_DH_PRIMITIVE_Z    = 10,
+    FIPS_CAST_ECDSA             = 11,
+    FIPS_CAST_KDF_TLS12         = 12,
+    FIPS_CAST_KDF_TLS13         = 13,
+    FIPS_CAST_KDF_SSH           = 14,
+    /* v6.0.0 + */
+    FIPS_CAST_KDF_SRTP          = 15,
+    FIPS_CAST_ED25519           = 16,
+    FIPS_CAST_ED448             = 17,
+    FIPS_CAST_PBKDF2            = 18,
+    /* v7.0.0 + */
+    FIPS_CAST_AES_ECB           = 19,
+    FIPS_CAST_COUNT             = 20
 };
 
 enum FipsCastStateId {
-    FIPS_CAST_STATE_INIT,
-    FIPS_CAST_STATE_PROCESSING,
-    FIPS_CAST_STATE_SUCCESS,
-    FIPS_CAST_STATE_FAILURE
+    FIPS_CAST_STATE_INIT        = 0,
+    FIPS_CAST_STATE_PROCESSING  = 1,
+    FIPS_CAST_STATE_SUCCESS     = 2,
+    FIPS_CAST_STATE_FAILURE     = 3
 };
 
 enum FipsModeId {
-    FIPS_MODE_INIT = 0,
-    FIPS_MODE_NORMAL = 1,
-    FIPS_MODE_DEGRADED = 2,
-    FIPS_MODE_FAILED = 3
+    FIPS_MODE_INIT              = 0,
+    FIPS_MODE_NORMAL            = 1,
+    FIPS_MODE_DEGRADED          = 2,
+    FIPS_MODE_FAILED            = 3
 };
 
-
 /* FIPS failure callback */
 typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
 
@@ -94,6 +101,7 @@ WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
 WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
 WOLFSSL_API int wolfCrypt_GetMode_fips(void);
 WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
+WOLFSSL_API const char* wolfCrypt_GetRawComputedHash_fips(void);
 
 #ifdef HAVE_FORCE_FIPS_FAILURE
     /* Public function to force failure mode for operational testing */
@@ -108,6 +116,13 @@ WOLFSSL_API int wc_RunCast_fips(int type);
 WOLFSSL_API int wc_GetCastStatus_fips(int type);
 WOLFSSL_API int wc_RunAllCast_fips(void);
 
+#ifdef NO_ATTRIBUTE_CONSTRUCTOR
+    /* NOTE: Must be called in OS initialization section outside user control
+     * and must prove during operational testing/code review with the lab that
+     * this is outside user-control if called by the OS */
+    void fipsEntry(void);
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/ge_448.h b/wolfssl/wolfcrypt/ge_448.h
index 760ef2f5a..82665cfe7 100644
--- a/wolfssl/wolfcrypt/ge_448.h
+++ b/wolfssl/wolfcrypt/ge_448.h
@@ -1,6 +1,6 @@
 /* ge_448.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,7 +64,8 @@ WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b);
 
 WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
                                     const ge448_p2 *A, const byte *b);
-WOLFSSL_LOCAL void ge448_scalarmult_base(ge448_p2* h, const byte* a);
+WOLFSSL_LOCAL int  ge448_scalarmult_base(ge448_p2* h, const byte* a);
+/* Only performs a weak reduce. */
 WOLFSSL_LOCAL void sc448_reduce(byte* b);
 WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d);
 WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h);
diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h
index 0c6ce8dd6..9a4d9957f 100644
--- a/wolfssl/wolfcrypt/ge_operations.h
+++ b/wolfssl/wolfcrypt/ge_operations.h
@@ -1,6 +1,6 @@
 /* ge_operations.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,7 +112,6 @@ typedef struct {
   ge Z;
   ge T2d;
 } ge_cached;
-#endif /* !ED25519_SMALL */
 
 #ifdef CURVED25519_ASM
 void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
@@ -124,6 +123,7 @@ void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
 void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 #endif
+#endif /* !ED25519_SMALL */
 
 #ifdef __cplusplus
     }    /* extern "C" */
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 27b142378..02d99d4c2 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -1,6 +1,6 @@
 /* hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -80,45 +80,45 @@ enum wc_MACAlgorithm {
     sha512_mac,
     rmd_mac,
     blake2b_mac,
-    sm3_mac,
+    sm3_mac
 };
 
-enum wc_HashFlags {
-    WC_HASH_FLAG_NONE =     0x00000000,
-    WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */
-    WC_HASH_FLAG_ISCOPY =   0x00000002, /* hash is copy */
-#ifdef WOLFSSL_SHA3
-    WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */
+/* hash union */
+typedef union {
+#ifndef NO_MD5
+    wc_Md5 md5;
 #endif
-    WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH)
-};
+#ifndef NO_SHA
+    wc_Sha sha;
+#endif
+#ifdef WOLFSSL_SHA224
+    wc_Sha224 sha224;
+#endif
+#ifndef NO_SHA256
+    wc_Sha256 sha256;
+#endif
+#ifdef WOLFSSL_SHA384
+    wc_Sha384 sha384;
+#endif
+#ifdef WOLFSSL_SHA512
+    wc_Sha512 sha512;
+#endif
+#ifdef WOLFSSL_SHA3
+    wc_Sha3 sha3;
+#endif
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+#endif
+    WOLF_AGG_DUMMY_MEMBER;
+} wc_Hashes;
 
 #ifndef NO_HASH_WRAPPER
-typedef union {
-    #ifndef NO_MD5
-        wc_Md5 md5;
-    #endif
-    #ifndef NO_SHA
-        wc_Sha sha;
-    #endif
-    #ifdef WOLFSSL_SHA224
-        wc_Sha224 sha224;
-    #endif
-    #ifndef NO_SHA256
-        wc_Sha256 sha256;
-    #endif
-    #ifdef WOLFSSL_SHA384
-        wc_Sha384 sha384;
-    #endif
-    #ifdef WOLFSSL_SHA512
-        wc_Sha512 sha512;
-    #endif
-    #ifdef WOLFSSL_SHA3
-        wc_Sha3 sha3;
-    #endif
-    #ifdef WOLFSSL_SM3
-        wc_Sm3 sm3;
-    #endif
+typedef struct {
+    wc_Hashes alg;
+    enum wc_HashType type; /* sanity check */
+#ifndef WC_NO_CONSTRUCTORS
+    void *heap;
+#endif
 } wc_HashAlg;
 #endif /* !NO_HASH_WRAPPER */
 
@@ -183,6 +183,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type,
 WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
     byte* out);
 WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap,
+                                   int devId, int *result_code);
+WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p);
+#endif
 
 #ifdef WOLFSSL_HASH_FLAGS
     WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h
index 929d8b2b0..96da94c6c 100644
--- a/wolfssl/wolfcrypt/hmac.h
+++ b/wolfssl/wolfcrypt/hmac.h
@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,7 @@
 
 #ifndef NO_HMAC
 
-#if defined(HAVE_FIPS) && \
-        defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif
 
@@ -39,9 +38,17 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_hmac_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_HMAC_sanity(void);
+#endif
+
+#if FIPS_VERSION3_GE(6,0,0)
+    #define FIPS_ALLOW_SHORT 1
+#endif
+
 /* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
@@ -112,38 +119,15 @@ enum {
     #error "You have to have some kind of hash if you want to use HMAC."
 #endif
 
-
-/* hmac hash union */
-typedef union {
-#ifndef NO_MD5
-    wc_Md5 md5;
-#endif
-#ifndef NO_SHA
-    wc_Sha sha;
-#endif
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-#endif
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-#endif
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-#endif
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-#endif
-#ifdef WOLFSSL_SHA3
-    wc_Sha3 sha3;
-#endif
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-#endif
-} wc_HmacHash;
+typedef wc_Hashes wc_HmacHash;
 
 /* Hmac digest */
 struct Hmac {
     wc_HmacHash hash;
+#ifdef WOLFSSL_HMAC_COPY_HASH
+    wc_HmacHash i_hash;
+    wc_HmacHash o_hash;
+#endif
     word32  ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
     word32  opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
     word32  innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
@@ -184,7 +168,10 @@ struct Hmac {
 #endif /* HAVE_FIPS */
 
 /* does init */
-WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz);
+WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key,
+                              word32 keySz);
+WOLFSSL_API int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key,
+                                 word32 length, int allowFlag);
 WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
 WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* out);
 #ifdef WOLFSSL_KCAPI_HMAC
diff --git a/wolfssl/wolfcrypt/hpke.h b/wolfssl/wolfcrypt/hpke.h
index 3e6b43c37..cacfca6ce 100644
--- a/wolfssl/wolfcrypt/hpke.h
+++ b/wolfssl/wolfcrypt/hpke.h
@@ -1,6 +1,6 @@
 /* hpke.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,7 @@ enum {
     DHKEM_P384_HKDF_SHA384 = 0x0011,
     DHKEM_P521_HKDF_SHA512 = 0x0012,
     DHKEM_X25519_HKDF_SHA256 = 0x0020,
-    DHKEM_X448_HKDF_SHA512 = 0x0021,
+    DHKEM_X448_HKDF_SHA512 = 0x0021
 };
 
 #define DHKEM_P256_ENC_LEN 65
@@ -55,13 +55,13 @@ enum {
 enum {
     HKDF_SHA256 = 0x0001,
     HKDF_SHA384 = 0x0002,
-    HKDF_SHA512 = 0x0003,
+    HKDF_SHA512 = 0x0003
 };
 
 /* AEAD enum */
 enum {
     HPKE_AES_128_GCM = 0x0001,
-    HPKE_AES_256_GCM = 0x0002,
+    HPKE_AES_256_GCM = 0x0002
 };
 
 /* TODO better way of doing this */
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index dfdc80aca..f765ffa4d 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -4,6 +4,7 @@
 nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/aes.h \
                          wolfssl/wolfcrypt/arc4.h \
+                         wolfssl/wolfcrypt/ascon.h \
                          wolfssl/wolfcrypt/asn.h \
                          wolfssl/wolfcrypt/asn_public.h \
                          wolfssl/wolfcrypt/poly1305.h \
@@ -107,7 +108,9 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/silabs/silabs_random.h \
                          wolfssl/wolfcrypt/port/st/stm32.h \
                          wolfssl/wolfcrypt/port/st/stsafe.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
                          wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \
                          wolfssl/wolfcrypt/port/arm/cryptoCell.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
@@ -115,7 +118,10 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
-                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \
+                         wolfssl/wolfcrypt/port/rpi_pico/pico.h
 
 if BUILD_CRYPTOAUTHLIB
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h
@@ -144,6 +150,10 @@ nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-crypt.h
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
 endif
 
+if BUILD_LIBOQS
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/liboqs/liboqs.h
+endif
+
 if BUILD_ASYNCCRYPT
 nobase_include_HEADERS+= wolfssl/wolfcrypt/async.h
 endif
@@ -218,3 +228,15 @@ endif
 if BUILD_MAXQ10XX
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/maxim/maxq10xx.h
 endif
+
+if BUILD_AUTOSAR
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Csm.h
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/CryIf.h
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Crypto.h
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/StandardTypes.h
+endif
+
+if BUILD_RISCV_ASM
+nobase_include_HEADERS+= wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
+endif
+
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 243d3f0d1..68bda1fcd 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -1,6 +1,6 @@
 /* integer.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,6 +42,8 @@
 
 #else
 
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/random.h>
 
 #ifndef CHAR_BIT
@@ -162,9 +164,6 @@ extern "C" {
 #define MP_NEG        1   /* negative */
 
 #define MP_OKAY       0   /* ok result */
-#define MP_MEM       (-2) /* out of mem */
-#define MP_VAL       (-3) /* invalid input */
-#define MP_NOT_INF   (-4) /* point not at infinity */
 #define MP_RANGE      MP_NOT_INF
 
 #define MP_YES        1   /* yes response */
@@ -223,6 +222,9 @@ typedef int           mp_err;
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#define wc_mp_size_t int
+#define wc_mp_sign_t int
+
 /* the mp_int structure */
 typedef struct mp_int {
     int used, alloc, sign;
diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h
index 7fa3c7e78..d2fd38838 100644
--- a/wolfssl/wolfcrypt/kdf.h
+++ b/wolfssl/wolfcrypt/kdf.h
@@ -1,6 +1,6 @@
 /* kdf.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,6 +39,11 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_kdf_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_KDF_sanity(void);
+#endif
+
 enum max_prf {
 #ifdef HAVE_FFDHE_8192
     MAX_PRF_HALF        = 516, /* Maximum half secret len */
@@ -132,6 +137,12 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId,
 /* Length of index for SRTCP KDF. */
 #define WC_SRTCP_INDEX_LEN              4
 
+/* Indicators */
+enum {
+    WC_SRTCP_32BIT_IDX = 0,
+    WC_SRTCP_48BIT_IDX = 1
+};
+
 /* Maximum length of salt that can be used with SRTP/SRTCP. */
 #define WC_SRTP_MAX_SALT    14
 
@@ -141,6 +152,9 @@ WOLFSSL_API int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt,
 WOLFSSL_API int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt,
     word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz,
     byte* key2, word32 key2Sz, byte* key3, word32 key3Sz);
+WOLFSSL_API int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt,
+    word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz,
+    byte* key2, word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator);
 WOLFSSL_API int wc_SRTP_KDF_label(const byte* key, word32 keySz,
     const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte label,
     byte* outKey, word32 outKeySz);
@@ -152,6 +166,11 @@ WOLFSSL_API int wc_SRTP_KDF_kdr_to_idx(word32 kdr);
 
 #endif /* WC_SRTP_KDF */
 
+#ifdef WC_KDF_NIST_SP_800_56C
+WOLFSSL_API int wc_KDA_KDF_onestep(const byte* z, word32 zSz,
+    const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz,
+    enum wc_HashType hashType, byte* output, word32 outputSz);
+#endif
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h
index 7ac4ebd6e..5eb5f1d47 100644
--- a/wolfssl/wolfcrypt/kyber.h
+++ b/wolfssl/wolfcrypt/kyber.h
@@ -1,6 +1,6 @@
 /* kyber.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,14 +33,21 @@
 
 /* Define algorithm type when not excluded. */
 
-#ifndef WOLFSSL_NO_KYBER512
-#define WOLFSSL_KYBER512
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-#define WOLFSSL_KYBER768
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-#define WOLFSSL_KYBER1024
+#ifdef WOLFSSL_KYBER_ORIGINAL
+    #ifndef WOLFSSL_NO_KYBER512
+        #define WOLFSSL_KYBER512
+    #endif
+    #ifndef WOLFSSL_NO_KYBER768
+        #define WOLFSSL_KYBER768
+    #endif
+    #ifndef WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_KYBER1024
+    #endif
+
+    #if !defined(WOLFSSL_KYBER512) && !defined(WOLFSSL_KYBER768) && \
+        !defined(WOLFSSL_KYBER1024)
+        #error "No Kyber key size chosen."
+    #endif
 #endif
 
 
@@ -49,16 +56,15 @@
 
 
 /* Size of a polynomial vector based on dimensions. */
-#define KYBER_POLY_VEC_SZ(k) (k * KYBER_POLY_SIZE)
+#define KYBER_POLY_VEC_SZ(k) ((k) * KYBER_POLY_SIZE)
 /* Size of a compressed polynomial based on bits per coefficient. */
-#define KYBER_POLY_COMPRESSED_SZ(b) (b * (KYBER_N / 8))
+#define KYBER_POLY_COMPRESSED_SZ(b) ((b) * (KYBER_N / 8))
 /* Size of a compressed vector polynomial based on dimensions and bits per
  * coefficient. */
-#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) (k * (b * (KYBER_N / 8)))
+#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (KYBER_N / 8)))
 
 
 /* Kyber-512 parameters */
-#ifdef WOLFSSL_KYBER512
 /* Number of polynomials in a vector and vectors in a matrix. */
 #define KYBER512_K          2
 
@@ -80,10 +86,8 @@
 /* Cipher text size. */
 #define KYBER512_CIPHER_TEXT_SIZE \
     (KYBER512_POLY_VEC_COMPRESSED_SZ + KYBER512_POLY_COMPRESSED_SZ)
-#endif /* WOLFSSL_KYBER512 */
 
 /* Kyber-768 parameters */
-#ifdef WOLFSSL_KYBER768
 /* Number of polynomials in a vector and vectors in a matrix. */
 #define KYBER768_K          3
 
@@ -105,10 +109,8 @@
 /* Cipher text size. */
 #define KYBER768_CIPHER_TEXT_SIZE \
     (KYBER768_POLY_VEC_COMPRESSED_SZ + KYBER768_POLY_COMPRESSED_SZ)
-#endif /* WOLFSSL_KYBER768 */
 
 /* Kyber-1024 parameters */
-#ifdef WOLFSSL_KYBER1024
 /* Number of polynomials in a vector and vectors in a matrix. */
 #define KYBER1024_K         4
 
@@ -130,7 +132,6 @@
 /* Cipher text size. */
 #define KYBER1024_CIPHER_TEXT_SIZE \
     (KYBER1024_POLY_VEC_COMPRESSED_SZ + KYBER1024_POLY_COMPRESSED_SZ)
-#endif /* WOLFSSL_KYBER1024 */
 
 
 /* Maximum dimensions and sizes of supported key types. */
@@ -144,7 +145,7 @@
 #define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER768_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER768_PUBLIC_KEY_SIZE
 #define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER768_CIPHER_TEXT_SIZE
-#else
+#elif defined(WOLFSSL_KYBER512)
 #define KYBER_MAX_K                 KYBER512_K
 #define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER512_PRIVATE_KEY_SIZE
 #define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER512_PUBLIC_KEY_SIZE
@@ -153,9 +154,14 @@
 
 enum {
     /* Types of Kyber keys. */
-    KYBER512  = 0,
-    KYBER768  = 1,
-    KYBER1024 = 2,
+    WC_ML_KEM_512  = 0,
+    WC_ML_KEM_768  = 1,
+    WC_ML_KEM_1024 = 2,
+
+    KYBER_ORIGINAL = 0x10,
+    KYBER512  = 0 | KYBER_ORIGINAL,
+    KYBER768  = 1 | KYBER_ORIGINAL,
+    KYBER1024 = 2 | KYBER_ORIGINAL,
 
     KYBER_LEVEL1 = KYBER512,
     KYBER_LEVEL3 = KYBER768,
@@ -201,10 +207,10 @@ WOLFSSL_API int wc_KyberKey_EncapsulateWithRandom(KyberKey* key,
 WOLFSSL_API int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
     const unsigned char* ct, word32 len);
 
-WOLFSSL_API int wc_KyberKey_DecodePrivateKey(KyberKey* key, unsigned char* in,
-    word32 len);
-WOLFSSL_API int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in,
-    word32 len);
+WOLFSSL_API int wc_KyberKey_DecodePrivateKey(KyberKey* key,
+    const unsigned char* in, word32 len);
+WOLFSSL_API int wc_KyberKey_DecodePublicKey(KyberKey* key,
+    const unsigned char* in, word32 len);
 
 WOLFSSL_API int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len);
 WOLFSSL_API int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len);
@@ -213,6 +219,146 @@ WOLFSSL_API int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out,
 WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
     word32 len);
 
+
+
+#ifndef WOLFSSL_NO_ML_KEM
+    #if !defined(WOLFSSL_NO_ML_KEM_512)
+        #define WOLFSSL_WC_ML_KEM_512
+    #endif
+    #if !defined(WOLFSSL_NO_ML_KEM_768)
+        #define WOLFSSL_WC_ML_KEM_768
+    #endif
+    #if !defined(WOLFSSL_NO_ML_KEM_1024)
+        #define WOLFSSL_WC_ML_KEM_1024
+    #endif
+
+    #if !defined(WOLFSSL_WC_ML_KEM_512) && !defined(WOLFSSL_WC_ML_KEM_768) && \
+        !defined(WOLFSSL_WC_ML_KEM_1024)
+        #error "No ML-KEM key size chosen."
+    #endif
+#endif
+
+#ifdef WOLFSSL_WC_ML_KEM_512
+#define WC_ML_KEM_512_K                     2
+/* Size of a polynomial vector. */
+#define WC_ML_KEM_512_POLY_VEC_SZ           KYBER_POLY_VEC_SZ(WC_ML_KEM_512_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define WC_ML_KEM_512_POLY_COMPRESSED_SZ    KYBER_POLY_COMPRESSED_SZ(4)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ  \
+    KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_512_K, 10)
+
+/* Public key size. */
+#define WC_ML_KEM_512_PUBLIC_KEY_SIZE  \
+    (WC_ML_KEM_512_POLY_VEC_SZ + KYBER_SYM_SZ)
+/* Private key size. */
+#define WC_ML_KEM_512_PRIVATE_KEY_SIZE \
+    (WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_512_PUBLIC_KEY_SIZE + \
+     2 * KYBER_SYM_SZ)
+/* Cipher text size. */
+#define WC_ML_KEM_512_CIPHER_TEXT_SIZE \
+    (WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_512_POLY_COMPRESSED_SZ)
+#endif
+
+#ifdef WOLFSSL_WC_ML_KEM_768
+#define WC_ML_KEM_768_K                     3
+
+/* Size of a polynomial vector. */
+#define WC_ML_KEM_768_POLY_VEC_SZ           KYBER_POLY_VEC_SZ(WC_ML_KEM_768_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define WC_ML_KEM_768_POLY_COMPRESSED_SZ    KYBER_POLY_COMPRESSED_SZ(4)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ  \
+    KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_768_K, 10)
+
+/* Public key size. */
+#define WC_ML_KEM_768_PUBLIC_KEY_SIZE  \
+    (WC_ML_KEM_768_POLY_VEC_SZ + KYBER_SYM_SZ)
+/* Private key size. */
+#define WC_ML_KEM_768_PRIVATE_KEY_SIZE \
+    (WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_768_PUBLIC_KEY_SIZE + \
+     2 * KYBER_SYM_SZ)
+/* Cipher text size. */
+#define WC_ML_KEM_768_CIPHER_TEXT_SIZE \
+    (WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_768_POLY_COMPRESSED_SZ)
+#endif
+
+#ifdef WOLFSSL_WC_ML_KEM_1024
+#define WC_ML_KEM_1024_K                    4
+
+/* Size of a polynomial vector. */
+#define WC_ML_KEM_1024_POLY_VEC_SZ          KYBER_POLY_VEC_SZ(WC_ML_KEM_1024_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define WC_ML_KEM_1024_POLY_COMPRESSED_SZ   KYBER_POLY_COMPRESSED_SZ(5)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \
+    KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_1024_K, 11)
+
+/* Public key size. */
+#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE  \
+    (WC_ML_KEM_1024_POLY_VEC_SZ + KYBER_SYM_SZ)
+/* Private key size. */
+#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE \
+    (WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_1024_PUBLIC_KEY_SIZE + \
+     2 * KYBER_SYM_SZ)
+/* Cipher text size. */
+#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE \
+    (WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_1024_POLY_COMPRESSED_SZ)
+#endif
+
+#ifndef KYBER_MAX_K
+#ifdef WOLFSSL_WC_ML_KEM_1024
+#define KYBER_MAX_K                 WC_ML_KEM_1024_K
+#define KYBER_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_1024_PRIVATE_KEY_SIZE
+#define KYBER_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_1024_PUBLIC_KEY_SIZE
+#define KYBER_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_1024_CIPHER_TEXT_SIZE
+#elif defined(WOLFSSL_WC_ML_KEM_768)
+#define KYBER_MAX_K                 WC_ML_KEM_768_K
+#define KYBER_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_768_PRIVATE_KEY_SIZE
+#define KYBER_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_768_PUBLIC_KEY_SIZE
+#define KYBER_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_768_CIPHER_TEXT_SIZE
+#elif defined(WOLFSSL_WC_ML_KEM_512)
+#define KYBER_MAX_K                 WC_ML_KEM_512_K
+#define KYBER_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_512_PRIVATE_KEY_SIZE
+#define KYBER_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_512_PUBLIC_KEY_SIZE
+#define KYBER_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_512_CIPHER_TEXT_SIZE
+#endif
+#endif /* KYBER_MAX_K */
+
+#define WC_ML_KEM_MAX_K                     KYBER_MAX_K
+#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE      KYBER_MAX_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE       KYBER_MAX_PUBLIC_KEY_SIZE
+#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE      KYBER_MAX_CIPHER_TEXT_SIZE
+
+#define WC_ML_KEM_SYM_SZ            KYBER_SYM_SZ
+#define WC_ML_KEM_SS_SZ             KYBER_SS_SZ
+#define WC_ML_KEM_MAKEKEY_RAND_SZ   KYBER_MAKEKEY_RAND_SZ
+#define WC_ML_KEM_ENC_RAND_SZ       KYBER_ENC_RAND_SZ
+#define WC_ML_KEM_POLY_SIZE         KYBER_POLY_SIZE
+
+#define MlKemKey            KyberKey
+
+#define wc_MlKemKey_Init(key, type, heap, devId) \
+        wc_KyberKey_Init(type, key, heap, devId)
+#define wc_MlKemKey_Free                    wc_KyberKey_Free
+#define wc_MlKemKey_MakeKey                 wc_KyberKey_MakeKey
+#define wc_MlKemKey_MakeKeyWithRandom       wc_KyberKey_MakeKeyWithRandom
+#define wc_MlKemKey_CipherTextSize          wc_KyberKey_CipherTextSize
+#define wc_MlKemKey_SharedSecretSize        wc_KyberKey_SharedSecretSize
+#define wc_MlKemKey_Encapsulate             wc_KyberKey_Encapsulate
+#define wc_MlKemKey_EncapsulateWithRandom   wc_KyberKey_EncapsulateWithRandom
+#define wc_MlKemKey_Decapsulate             wc_KyberKey_Decapsulate
+#define wc_MlKemKey_DecodePrivateKey        wc_KyberKey_DecodePrivateKey
+#define wc_MlKemKey_DecodePublicKey         wc_KyberKey_DecodePublicKey
+#define wc_MlKemKey_PrivateKeySize          wc_KyberKey_PrivateKeySize
+#define wc_MlKemKey_PublicKeySize           wc_KyberKey_PublicKeySize
+#define wc_MlKemKey_EncodePrivateKey        wc_KyberKey_EncodePrivateKey
+#define wc_MlKemKey_EncodePublicKey         wc_KyberKey_EncodePublicKey
+
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h
index 483f349c1..754c49c08 100644
--- a/wolfssl/wolfcrypt/lms.h
+++ b/wolfssl/wolfcrypt/lms.h
@@ -1,6 +1,6 @@
 /* lms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,8 +34,8 @@
 typedef struct LmsKey LmsKey;
 
 /* Private key write and read callbacks. */
-typedef int (*write_private_key_cb)(const byte * priv, word32 privSz, void *context);
-typedef int (*read_private_key_cb)(byte * priv, word32 privSz, void *context);
+typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context);
+typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context);
 
 /* Return codes returned by private key callbacks. */
 enum wc_LmsRc {
@@ -75,20 +75,70 @@ enum wc_LmsRc {
 
 /* Predefined LMS/HSS parameter sets for convenience.
  *
- * Not predefining a set with Winternitz=1, because the signatures
+ * Not predefining many sets with Winternitz=1, because the signatures
  * will be large. */
 enum wc_LmsParm {
-    WC_LMS_PARM_NONE      =  0,
-    WC_LMS_PARM_L1_H15_W2 =  1, /* 1 level Merkle tree of 15 height. */
-    WC_LMS_PARM_L1_H15_W4 =  2,
-    WC_LMS_PARM_L2_H10_W2 =  3, /* 2 level Merkle tree of 10 height. */
-    WC_LMS_PARM_L2_H10_W4 =  4,
-    WC_LMS_PARM_L2_H10_W8 =  5,
-    WC_LMS_PARM_L3_H5_W2  =  6, /* 3 level Merkle tree of 5 height. */
-    WC_LMS_PARM_L3_H5_W4  =  7,
-    WC_LMS_PARM_L3_H5_W8  =  8,
-    WC_LMS_PARM_L3_H10_W4 =  9, /* 3 level Merkle tree of 10 height. */
-    WC_LMS_PARM_L4_H5_W8  = 10, /* 4 level Merkle tree of 5 height. */
+#ifndef WOLFSSL_NO_LMS_SHA256_256
+    WC_LMS_PARM_NONE = 0,
+    WC_LMS_PARM_L1_H5_W1 = 1,
+    WC_LMS_PARM_L1_H5_W2 = 2,
+    WC_LMS_PARM_L1_H5_W4 = 3,
+    WC_LMS_PARM_L1_H5_W8 = 4,
+    WC_LMS_PARM_L1_H10_W2 = 5,
+    WC_LMS_PARM_L1_H10_W4 = 6,
+    WC_LMS_PARM_L1_H10_W8 = 7,
+    WC_LMS_PARM_L1_H15_W2 = 8,
+    WC_LMS_PARM_L1_H15_W4 = 9,
+    WC_LMS_PARM_L1_H15_W8 = 10,
+    WC_LMS_PARM_L1_H20_W2 = 11,
+    WC_LMS_PARM_L1_H20_W4 = 12,
+    WC_LMS_PARM_L1_H20_W8 = 13,
+    WC_LMS_PARM_L2_H5_W2 = 14,
+    WC_LMS_PARM_L2_H5_W4 = 15,
+    WC_LMS_PARM_L2_H5_W8 = 16,
+    WC_LMS_PARM_L2_H10_W2 = 17,
+    WC_LMS_PARM_L2_H10_W4 = 18,
+    WC_LMS_PARM_L2_H10_W8 = 19,
+    WC_LMS_PARM_L2_H15_W2 = 20,
+    WC_LMS_PARM_L2_H15_W4 = 21,
+    WC_LMS_PARM_L2_H15_W8 = 22,
+    WC_LMS_PARM_L2_H20_W2 = 23,
+    WC_LMS_PARM_L2_H20_W4 = 24,
+    WC_LMS_PARM_L2_H20_W8 = 25,
+    WC_LMS_PARM_L3_H5_W2 = 26,
+    WC_LMS_PARM_L3_H5_W4 = 27,
+    WC_LMS_PARM_L3_H5_W8 = 28,
+    WC_LMS_PARM_L3_H10_W4 = 29,
+    WC_LMS_PARM_L3_H10_W8 = 30,
+    WC_LMS_PARM_L4_H5_W2 = 31,
+    WC_LMS_PARM_L4_H5_W4 = 32,
+    WC_LMS_PARM_L4_H5_W8 = 33,
+    WC_LMS_PARM_L4_H10_W4 = 34,
+    WC_LMS_PARM_L4_H10_W8 = 35,
+#endif
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    WC_LMS_PARM_SHA256_192_L1_H5_W1  = 36,
+    WC_LMS_PARM_SHA256_192_L1_H5_W2  = 37,
+    WC_LMS_PARM_SHA256_192_L1_H5_W4  = 38,
+    WC_LMS_PARM_SHA256_192_L1_H5_W8  = 39,
+    WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
+    WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
+    WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
+    WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
+    WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
+    WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53,
+    WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54,
+    WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55,
+    WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
+    WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
+    WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
+    WC_LMS_PARM_SHA256_192_L3_H5_W2  = 48,
+    WC_LMS_PARM_SHA256_192_L3_H5_W4  = 49,
+    WC_LMS_PARM_SHA256_192_L3_H5_W8  = 50,
+    WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
+    WC_LMS_PARM_SHA256_192_L4_H5_W8  = 52,
+#endif
 };
 
 /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
@@ -113,9 +163,9 @@ WOLFSSL_API int  wc_LmsKey_GetParameters(const LmsKey * key, int * levels,
     int * height, int * winternitz);
 #ifndef WOLFSSL_LMS_VERIFY_ONLY
 WOLFSSL_API int  wc_LmsKey_SetWriteCb(LmsKey * key,
-    write_private_key_cb write_cb);
+    wc_lms_write_private_key_cb write_cb);
 WOLFSSL_API int  wc_LmsKey_SetReadCb(LmsKey * key,
-    read_private_key_cb read_cb);
+    wc_lms_read_private_key_cb read_cb);
 WOLFSSL_API int  wc_LmsKey_SetContext(LmsKey * key, void * context);
 WOLFSSL_API int  wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng);
 WOLFSSL_API int  wc_LmsKey_Reload(LmsKey * key);
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 498b605e5..f34f34152 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -1,6 +1,6 @@
 /* logging.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -89,6 +89,11 @@ enum wc_FuncNum {
 };
 #endif
 
+#if defined(ARDUINO)
+/* implemented in Arduino wolfssl.h */
+extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
+#endif /* ARDUINO */
+
 typedef void (*wolfSSL_Logging_cb)(const int logLevel,
                                    const char *const logMessage);
 
@@ -130,7 +135,7 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     WOLFSSL_LOCAL unsigned long wc_PeekErrorNodeLineData(
             const char **file, int *line, const char **data, int *flags,
             int (*ignore_err)(int err));
-    WOLFSSL_LOCAL unsigned long wc_GetErrorNodeErr(void);
+    WOLFSSL_LOCAL int wc_GetErrorNodeErr(void);
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp);
         WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str,
@@ -173,9 +178,36 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
     #define HAVE_WOLFSSL_MSG_EX
 #else
-    #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+    #else
+        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #endif
 #endif
     WOLFSSL_API void WOLFSSL_MSG(const char* msg);
+#ifdef WOLFSSL_DEBUG_CODEPOINTS
+    WOLFSSL_API void WOLFSSL_MSG2(
+        const char *file, int line, const char* msg);
+    WOLFSSL_API void WOLFSSL_ENTER2(
+        const char *file, int line, const char* msg);
+    WOLFSSL_API void WOLFSSL_LEAVE2(
+        const char *file, int line, const char* msg, int ret);
+    #define WOLFSSL_MSG(msg) WOLFSSL_MSG2(__FILE__, __LINE__, msg)
+    #define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg)
+    #define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret)
+    #ifdef XVSNPRINTF
+        WOLFSSL_API void WOLFSSL_MSG_EX2(
+            const char *file, int line, const char* fmt, ...);
+        #define WOLFSSL_MSG_EX(fmt, args...) \
+                WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
+    #else
+        #ifdef WOLF_NO_VARIADIC_MACROS
+            #define WOLFSSL_MSG_EX2() WC_DO_NOTHING
+        #else
+            #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING
+        #endif
+    #endif
+#endif
     WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
 
 #else
@@ -185,7 +217,14 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_STUB(m)       WC_DO_NOTHING
     #define WOLFSSL_IS_DEBUG_ON() 0
 
-    #define WOLFSSL_MSG_EX(...)   WC_DO_NOTHING
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        /* note, modern preprocessors will generate errors with this definition.
+         * "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0"
+         */
+        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+    #else
+        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #endif
     #define WOLFSSL_MSG(m)        WC_DO_NOTHING
     #define WOLFSSL_BUFFER(b, l)  WC_DO_NOTHING
 
@@ -197,8 +236,13 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #ifdef WOLFSSL_HAVE_ERROR_QUEUE
         WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
             const char* file, void* ctx);
-        #define WOLFSSL_ERROR(x) \
-            WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+        #ifdef WOLF_C89
+            #define WOLFSSL_ERROR(x) \
+                WOLFSSL_ERROR_LINE((x), __FILE__, __LINE__, __FILE__, NULL)
+        #else
+            #define WOLFSSL_ERROR(x) \
+                WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+        #endif
     #else
         WOLFSSL_API void WOLFSSL_ERROR(int err);
     #endif /* WOLFSSL_HAVE_ERROR_QUEUE */
diff --git a/wolfssl/wolfcrypt/md2.h b/wolfssl/wolfcrypt/md2.h
index e326a4d79..8fb5076d0 100644
--- a/wolfssl/wolfcrypt/md2.h
+++ b/wolfssl/wolfcrypt/md2.h
@@ -1,6 +1,6 @@
 /* md2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,28 +37,42 @@
 
 /* in bytes */
 enum {
-    MD2             =  WC_HASH_TYPE_MD2,
-    MD2_BLOCK_SIZE  = 16,
-    MD2_DIGEST_SIZE = 16,
-    MD2_PAD_SIZE    = 16,
-    MD2_X_SIZE      = 48
+    WC_MD2_BLOCK_SIZE  = 16,
+    WC_MD2_DIGEST_SIZE = 16,
+    WC_MD2_PAD_SIZE    = 16,
+    WC_MD2_X_SIZE      = 48
 };
 
 
 /* Md2 digest */
-typedef struct Md2 {
+typedef struct wc_Md2 {
     word32  count;   /* bytes % PAD_SIZE  */
-    byte    X[MD2_X_SIZE];
-    byte    C[MD2_BLOCK_SIZE];
-    byte    buffer[MD2_BLOCK_SIZE];
-} Md2;
+    byte    X[WC_MD2_X_SIZE];
+    byte    C[WC_MD2_BLOCK_SIZE];
+    byte    buffer[WC_MD2_BLOCK_SIZE];
+} wc_Md2;
 
 
-WOLFSSL_API void wc_InitMd2(Md2* md2);
-WOLFSSL_API void wc_Md2Update(Md2* md2, const byte* data, word32 len);
-WOLFSSL_API void wc_Md2Final(Md2* md2, byte* hash);
+WOLFSSL_API void wc_InitMd2(wc_Md2* md2);
+WOLFSSL_API void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len);
+WOLFSSL_API void wc_Md2Final(wc_Md2* md2, byte* hash);
 WOLFSSL_API int  wc_Md2Hash(const byte* data, word32 len, byte* hash);
 
+#ifndef OPENSSL_COEXIST
+
+enum {
+    MD2             = WC_HASH_TYPE_MD2,
+    MD2_BLOCK_SIZE  = WC_MD2_BLOCK_SIZE,
+    MD2_DIGEST_SIZE = WC_MD2_DIGEST_SIZE,
+    MD2_PAD_SIZE    = WC_MD2_PAD_SIZE,
+    MD2_X_SIZE      = WC_MD2_X_SIZE
+};
+
+
+/* Md2 digest */
+typedef struct wc_Md2 Md2;
+
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/md4.h b/wolfssl/wolfcrypt/md4.h
index f367cde62..78c4275fb 100644
--- a/wolfssl/wolfcrypt/md4.h
+++ b/wolfssl/wolfcrypt/md4.h
@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,26 +36,36 @@
 
 /* in bytes */
 enum {
-    MD4             =  WC_HASH_TYPE_MD4,
-    MD4_BLOCK_SIZE  = 64,
-    MD4_DIGEST_SIZE = 16,
-    MD4_PAD_SIZE    = 56
+    WC_MD4_BLOCK_SIZE  = 64,
+    WC_MD4_DIGEST_SIZE = 16,
+    WC_MD4_PAD_SIZE    = 56
 };
 
-
 /* MD4 digest */
-typedef struct Md4 {
+typedef struct wc_Md4 {
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    word32  digest[MD4_DIGEST_SIZE / sizeof(word32)];
-    word32  buffer[MD4_BLOCK_SIZE  / sizeof(word32)];
-} Md4;
+    word32  digest[WC_MD4_DIGEST_SIZE / sizeof(word32)];
+    word32  buffer[WC_MD4_BLOCK_SIZE  / sizeof(word32)];
+} wc_Md4;
 
+WOLFSSL_API void wc_InitMd4(wc_Md4* md4);
+WOLFSSL_API void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len);
+WOLFSSL_API void wc_Md4Final(wc_Md4* md4, byte* hash);
 
-WOLFSSL_API void wc_InitMd4(Md4* md4);
-WOLFSSL_API void wc_Md4Update(Md4* md4, const byte* data, word32 len);
-WOLFSSL_API void wc_Md4Final(Md4* md4, byte* hash);
+#ifndef OPENSSL_COEXIST
+
+enum {
+    MD4             = WC_HASH_TYPE_MD4,
+    MD4_BLOCK_SIZE  = WC_MD4_BLOCK_SIZE,
+    MD4_DIGEST_SIZE = WC_MD4_DIGEST_SIZE,
+    MD4_PAD_SIZE    = WC_MD4_PAD_SIZE
+};
+
+typedef struct wc_Md4 Md4;
+
+#endif /* !OPENSSL_COEXIST */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index 6506be989..93b906d13 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -65,7 +65,7 @@ enum {
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
     #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 #endif
-#ifdef STM32_HASH
+#if defined(STM32_HASH) && !defined(STM32_NOMD5)
     #include <wolfssl/wolfcrypt/port/st/stm32.h>
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -80,7 +80,7 @@ enum {
 
 /* MD5 digest */
 typedef struct wc_Md5 {
-#ifdef STM32_HASH
+#if defined(STM32_HASH) && !defined(STM32_NOMD5)
     STM32_HASH_Context stmCtx;
 #else
     word32  buffLen;   /* in bytes          */
diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h
index 585756426..4e867a81d 100644
--- a/wolfssl/wolfcrypt/mem_track.h
+++ b/wolfssl/wolfcrypt/mem_track.h
@@ -1,6 +1,6 @@
 /* mem_track.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -157,9 +157,9 @@ static WC_INLINE void* TrackMalloc(size_t sz)
         return NULL;
 
 #ifdef FREERTOS
-    mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz);
+    mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz); /* native heap */
 #else
-    mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
+    mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); /* native heap */
 #endif
     if (mt == NULL)
         return NULL;
@@ -177,30 +177,34 @@ static WC_INLINE void* TrackMalloc(size_t sz)
     (void)line;
 #endif
 #endif
+#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS)
+    if (pthread_mutex_lock(&memLock) == 0)
+    {
+#endif
 
 #ifdef DO_MEM_STATS
-    ourMemStats.totalAllocs++;
-    ourMemStats.totalBytes   += sz;
-    ourMemStats.currentBytes += sz;
-#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
-    if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs -
-            ourMemStats.totalDeallocs) {
-        ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs -
-            ourMemStats.totalDeallocs;
-    }
-    if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes)
-#endif
-    {
+        ourMemStats.totalAllocs++;
+        ourMemStats.totalBytes   += sz;
+        ourMemStats.currentBytes += sz;
     #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
-        ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes;
+        if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs -
+                ourMemStats.totalDeallocs) {
+            ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs -
+                ourMemStats.totalDeallocs;
+        }
+        if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes)
     #endif
-        if (ourMemStats.currentBytes > ourMemStats.peakBytes)
-            ourMemStats.peakBytes = ourMemStats.currentBytes;
-    }
+        {
+        #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
+            ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes;
+        #endif
+            if (ourMemStats.currentBytes > ourMemStats.peakBytes)
+                ourMemStats.peakBytes = ourMemStats.currentBytes;
+        }
+
 #endif /* DO_MEM_STATS */
 
 #ifdef DO_MEM_LIST
-    if (pthread_mutex_lock(&memLock) == 0) {
     #ifdef WOLFSSL_DEBUG_MEMORY
         header->func = func;
         header->line = line;
@@ -218,7 +222,8 @@ static WC_INLINE void* TrackMalloc(size_t sz)
         }
         ourMemList.tail = header;      /* add to the end either way */
         ourMemList.count++;
-
+#endif
+#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS)
         pthread_mutex_unlock(&memLock);
     }
 #endif /* DO_MEM_LIST */
@@ -245,7 +250,7 @@ static WC_INLINE void TrackFree(void* ptr)
     header = &mt->u.hint;
     sz = header->thisSize;
 
-#ifdef DO_MEM_LIST
+#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS)
     if (pthread_mutex_lock(&memLock) == 0)
     {
 #endif
@@ -277,7 +282,9 @@ static WC_INLINE void TrackFree(void* ptr)
                 prev->next = next;
         }
         ourMemList.count--;
+#endif
 
+#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS)
         pthread_mutex_unlock(&memLock);
     }
 #endif
@@ -293,9 +300,9 @@ static WC_INLINE void TrackFree(void* ptr)
     (void)sz;
 
 #ifdef FREERTOS
-    vPortFree(mt);
+    vPortFree(mt); /* native heap */
 #else
-    free(mt);
+    free(mt); /* native heap */
 #endif
 }
 
@@ -593,7 +600,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf)
         stackSize = PTHREAD_STACK_MIN;
 #endif
 
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */
     if (ret != 0 || myStack == NULL) {
         wc_mem_printf("posix_memalign failed\n");
         return -1;
@@ -643,7 +650,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf)
         }
     }
 
-    free(myStack);
+    free(myStack); /* native heap */
 #ifdef HAVE_STACK_SIZE_VERBOSE
     printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i)
         ? (unsigned long)StackSizeCheck_stackSizeHWM
@@ -674,16 +681,16 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args,
         stackSize = PTHREAD_STACK_MIN;
 #endif
 
-    shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args);
+    shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args); /* native heap */
     if (shim_args == NULL) {
         perror("malloc");
         return -1;
     }
 
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */
     if (ret != 0 || myStack == NULL) {
         wc_mem_printf("posix_memalign failed\n");
-        free(shim_args);
+        free(shim_args); /* native heap */
         return -1;
     }
 
@@ -692,8 +699,8 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args,
     ret = pthread_attr_init(&myAttr);
     if (ret != 0) {
         wc_mem_printf("attr_init failed\n");
-        free(shim_args);
-        free(myStack);
+        free(shim_args); /* native heap */
+        free(myStack); /* native heap */
         return ret;
     }
 
@@ -742,7 +749,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId,
         }
     }
 
-    free(shim_args->myStack);
+    free(shim_args->myStack); /* native heap */
 #ifdef HAVE_STACK_SIZE_VERBOSE
     printf("stack used = %lu\n",
         *shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i)
@@ -754,7 +761,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId,
       printf("stack used = %lu\n", (unsigned long)used);
     }
 #endif
-    free(shim_args);
+    free(shim_args); /* native heap */
 
     return (int)((size_t)status);
 }
diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h
index cf8327316..5170a8c73 100644
--- a/wolfssl/wolfcrypt/memory.h
+++ b/wolfssl/wolfcrypt/memory.h
@@ -1,6 +1,6 @@
 /* memory.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -101,48 +101,72 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     #ifndef WOLFSSL_STATIC_ALIGN
         #define WOLFSSL_STATIC_ALIGN 16
     #endif
-    #ifndef WOLFMEM_MAX_BUCKETS
-        #define WOLFMEM_MAX_BUCKETS  9
+/* WOLFMEM_BUCKETS - list of the sizes of buckets in the pool
+ * WOLFMEM_DIST - list of quantities of buffers in the buckets
+ * WOLFMEM_DEF_BUCKETS - number of values in WOLFMEM_BUCKETS and WOLFMEM_DIST
+ * WOLFMEM_MAX_BUCKETS - size of the arrays used to store the buckets and
+ *     dists in the memory pool; defaults to WOLFMEM_DEF_BUCKETS
+ *
+ * The following defines provide a reasonable set of buckets in the memory
+ * pool for running wolfSSL on a Linux box. The bucket and dist lists below
+ * have nine items each, so WOLFMEM_DEF_BUCKETS is set to 9.
+ *
+ * If WOLFMEM_DEF_BUCKETS is less then WOLFMEM_MAX_BUCKETS, the unused values
+ * are set to zero and ignored. If WOLFMEM_MAX_BUCKETS is less than
+ * WOLFMEM_DEF_BUCKETS, not all the buckets will be created in the pool.
+ */
+    #ifndef WOLFMEM_DEF_BUCKETS
+        #define WOLFMEM_DEF_BUCKETS  9  /* number of default memory blocks */
     #endif
-    #define WOLFMEM_DEF_BUCKETS  9     /* number of default memory blocks */
+
+    #ifndef WOLFMEM_MAX_BUCKETS
+        #define WOLFMEM_MAX_BUCKETS  WOLFMEM_DEF_BUCKETS
+    #endif
+
+    #if WOLFMEM_MAX_BUCKETS < WOLFMEM_DEF_BUCKETS
+        #warning "ignoring excess buckets, MAX_BUCKETS less than DEF_BUCKETS"
+    #endif
+
     #ifndef WOLFMEM_IO_SZ
         #define WOLFMEM_IO_SZ        16992 /* 16 byte aligned */
     #endif
+
+    #ifndef LARGEST_MEM_BUCKET
+        #ifndef SESSION_CERTS
+            #define LARGEST_MEM_BUCKET 16128
+        #elif defined(OPENSSL_EXTRA)
+            #ifdef WOLFSSL_TLS13
+                #define LARGEST_MEM_BUCKET 30400
+            #else
+                #define LARGEST_MEM_BUCKET 25600
+            #endif
+        #elif defined(WOLFSSL_CERT_EXT)
+            /* certificate extensions requires 24k for the SSL struct */
+            #define LARGEST_MEM_BUCKET 24576
+        #else
+            /* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */
+            #define LARGEST_MEM_BUCKET 23440
+        #endif
+    #endif
+
     #ifndef WOLFMEM_BUCKETS
         #ifndef SESSION_CERTS
             /* default size of chunks of memory to separate into */
-            #ifndef LARGEST_MEM_BUCKET
-                #define LARGEST_MEM_BUCKET 16128
-            #endif
             #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\
                                     LARGEST_MEM_BUCKET
-        #elif defined (OPENSSL_EXTRA)
+        #elif defined(OPENSSL_EXTRA)
             /* extra storage in structs for multiple attributes and order */
-            #ifndef LARGEST_MEM_BUCKET
-                #ifdef WOLFSSL_TLS13
-                    #define LARGEST_MEM_BUCKET 30400
-                #else
-                    #define LARGEST_MEM_BUCKET 25600
-                #endif
-            #endif
             #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\
                                     LARGEST_MEM_BUCKET
-        #elif defined (WOLFSSL_CERT_EXT)
-            /* certificate extensions requires 24k for the SSL struct */
-            #ifndef LARGEST_MEM_BUCKET
-                #define LARGEST_MEM_BUCKET 24576
-            #endif
+        #elif defined(WOLFSSL_CERT_EXT)
             #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\
                                     LARGEST_MEM_BUCKET
         #else
-            /* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */
-            #ifndef LARGEST_MEM_BUCKET
-                #define LARGEST_MEM_BUCKET 23440
-            #endif
             #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\
                                     LARGEST_MEM_BUCKET
         #endif
     #endif
+
     #ifndef WOLFMEM_DIST
         #ifndef WOLFSSL_STATIC_MEMORY_SMALL
             #define WOLFMEM_DIST    49,10,6,14,5,6,9,1,1
@@ -190,7 +214,14 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     typedef struct wc_Memory wc_Memory; /* internal structure for mem bucket */
     typedef struct WOLFSSL_HEAP {
         wc_Memory* ava[WOLFMEM_MAX_BUCKETS];
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         wc_Memory* io;                  /* list of buffers to use for IO */
+    #endif
+
+    #ifdef WOLFSSL_STATIC_MEMORY_LEAN
+        word32     sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
+        word32     distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
+    #else
         word32     maxHa;               /* max concurrent handshakes */
         word32     curHa;
         word32     maxIO;               /* max concurrent IO connections */
@@ -199,10 +230,16 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
         word32     distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
         word32     inUse; /* amount of memory currently in use */
         word32     ioUse;
+    #endif
+
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         word32     alloc; /* total number of allocs */
         word32     frAlc; /* total number of frees  */
         int        flag;
+    #endif
+    #ifndef SINGLE_THREADED
         wolfSSL_Mutex memory_mutex;
+    #endif
     } WOLFSSL_HEAP;
 
     /* structure passed into XMALLOC as heap hint
@@ -211,22 +248,41 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     typedef struct WOLFSSL_HEAP_HINT {
         WOLFSSL_HEAP*           memory;
         WOLFSSL_MEM_CONN_STATS* stats;  /* hold individual connection stats */
+    #ifndef WOLFSSL_STATIC_MEMORY_LEAN
         wc_Memory*  outBuf; /* set if using fixed io buffers */
         wc_Memory*  inBuf;
         byte        haFlag; /* flag used for checking handshake count */
+    #endif
     } WOLFSSL_HEAP_HINT;
 
+    WOLFSSL_API void* wolfSSL_SetGlobalHeapHint(void* heap);
+    WOLFSSL_API void* wolfSSL_GetGlobalHeapHint(void);
+    WOLFSSL_API int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
+            unsigned int listSz, const word32 *sizeList,
+            const word32 *distList, unsigned char* buf, unsigned int sz,
+            int flag, int max);
+#ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
+    #define WOLFSSL_DEBUG_MEMORY_ALLOC 0
+    #define WOLFSSL_DEBUG_MEMORY_FAIL  1
+    #define WOLFSSL_DEBUG_MEMORY_FREE  2
+    #define WOLFSSL_DEBUG_MEMORY_INIT  3
+
+
+    typedef void (*DebugMemoryCb)(size_t sz, int bucketSz, byte st, int type);
+    WOLFSSL_API void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb);
+#endif
     WOLFSSL_API int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
             unsigned char* buf, unsigned int sz, int flag, int max);
+    WOLFSSL_API void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap);
 
-    WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
-    WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz,
-                                                  int flag, WOLFSSL_HEAP* heap);
-    WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap,
+    WOLFSSL_API int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap,
                                                       WOLFSSL_MEM_STATS* stats);
     WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
     WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
 
+    WOLFSSL_API int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
+            const word32 *sizeList, const word32 *distList,
+            byte* buffer, word32 sz, int flag);
     WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
     WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);
 #endif /* WOLFSSL_STATIC_MEMORY */
@@ -267,6 +323,16 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         ((void)(CipherLifecycleTag), (void)(heap), (void)(abort_p), 0)
 #endif
 
+#ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+    WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void);
+    #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED
+        #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0
+    #endif
+    #ifndef CAN_SAVE_VECTOR_REGISTERS
+        #define CAN_SAVE_VECTOR_REGISTERS() (SAVE_VECTOR_REGISTERS2_fuzzer() == 0)
+    #endif
+#endif
+
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS
     WOLFSSL_API extern THREAD_LS_T int wc_svr_count;
     WOLFSSL_API extern THREAD_LS_T const char *wc_svr_last_file;
@@ -276,27 +342,29 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE abort();
     #elif defined(DEBUG_VECTOR_REGISTERS_EXIT_ON_FAIL)
         #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE exit(1);
-    #else
+    #elif !defined(DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE)
         #define DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE
     #endif
 
     #define SAVE_VECTOR_REGISTERS(fail_clause) {                    \
         int _svr_ret = wc_debug_vector_registers_retval;            \
         if (_svr_ret != 0) { fail_clause }                          \
-        ++wc_svr_count;                                             \
-        if (wc_svr_count > 5) {                                     \
-            fprintf(stderr,                                         \
-                    ("%s @ L%d : incr : "                           \
-                     "wc_svr_count %d (last op %s L%d)\n"),         \
-                    __FILE__,                                       \
-                    __LINE__,                                       \
-                    wc_svr_count,                                   \
-                    wc_svr_last_file,                               \
-                    wc_svr_last_line);                              \
-            DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE                \
+        else {                                                      \
+          ++wc_svr_count;                                           \
+          if (wc_svr_count > 5) {                                   \
+              fprintf(stderr,                                       \
+                      ("%s @ L%d : incr : "                         \
+                       "wc_svr_count %d (last op %s L%d)\n"),       \
+                      __FILE__,                                     \
+                      __LINE__,                                     \
+                      wc_svr_count,                                 \
+                      wc_svr_last_file,                             \
+                      wc_svr_last_line);                            \
+              DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE              \
+          }                                                         \
+          wc_svr_last_file = __FILE__;                              \
+          wc_svr_last_line = __LINE__;                              \
         }                                                           \
-        wc_svr_last_file = __FILE__;                                \
-        wc_svr_last_line = __LINE__;                                \
     }
 
     WOLFSSL_API extern THREAD_LS_T int wc_debug_vector_registers_retval;
@@ -320,11 +388,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
     } while (0)
 
 #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
-    #ifndef WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED
-        #define WC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED 0
-    #endif
-        WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void);
-
     #define SAVE_VECTOR_REGISTERS2(...) ({                          \
         int _svr2_val = SAVE_VECTOR_REGISTERS2_fuzzer();            \
         if (_svr2_val == 0) {                                       \
@@ -386,7 +449,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
 
 #endif
 
-    #define ASSERT_SAVED_VECTOR_REGISTERS(fail_clause) do {         \
+    #define ASSERT_SAVED_VECTOR_REGISTERS() do {                    \
         if (wc_svr_count <= 0) {                                    \
             fprintf(stderr,                                         \
                     ("ASSERT_SAVED_VECTOR_REGISTERS : %s @ L%d : "  \
@@ -397,7 +460,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
                     wc_svr_last_file,                               \
                     wc_svr_last_line);                              \
             DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE                \
-            { fail_clause }                                         \
         }                                                           \
     } while (0)
     #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) do {      \
@@ -414,7 +476,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
             { fail_clause }                                         \
         }                                                           \
     } while (0)
-    #define RESTORE_VECTOR_REGISTERS(...) do {                      \
+    #define RESTORE_VECTOR_REGISTERS() do {                         \
         --wc_svr_count;                                             \
         if ((wc_svr_count > 4) || (wc_svr_count < 0)) {             \
             fprintf(stderr,                                         \
@@ -430,6 +492,11 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
         wc_svr_last_file = __FILE__;                                \
         wc_svr_last_line = __LINE__;                                \
     } while(0)
+
+#else /* !DEBUG_VECTOR_REGISTER_ACCESS */
+    #if !defined(SAVE_VECTOR_REGISTERS2) && defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING)
+        #define SAVE_VECTOR_REGISTERS2(...) SAVE_VECTOR_REGISTERS2_fuzzer()
+    #endif
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h
index 8901733fd..561c9a2b9 100644
--- a/wolfssl/wolfcrypt/misc.h
+++ b/wolfssl/wolfcrypt/misc.h
@@ -1,6 +1,6 @@
 /* misc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,12 +46,10 @@ word32 rotlFixed(word32 x, word32 y);
 WOLFSSL_LOCAL
 word32 rotrFixed(word32 x, word32 y);
 
-#ifdef WC_RC2
 WOLFSSL_LOCAL
 word16 rotlFixed16(word16 x, word16 y);
 WOLFSSL_LOCAL
 word16 rotrFixed16(word16 x, word16 y);
-#endif
 
 WOLFSSL_LOCAL
 word32 ByteReverseWord32(word32 value);
@@ -74,8 +72,25 @@ void ForceZero(void* mem, word32 len);
 WOLFSSL_LOCAL
 int ConstantCompare(const byte* a, const byte* b, int length);
 
+WOLFSSL_LOCAL
+word32 readUnalignedWord32(const byte *in);
+WOLFSSL_LOCAL
+word32 writeUnalignedWord32(void *out, word32 in);
+WOLFSSL_LOCAL
+void readUnalignedWords32(word32 *out, const byte *in, size_t count);
+WOLFSSL_LOCAL
+void writeUnalignedWords32(byte *out, const word32 *in, size_t count);
+
 #ifdef WORD64_AVAILABLE
 WOLFSSL_LOCAL
+word64 readUnalignedWord64(const byte *in);
+WOLFSSL_LOCAL
+word64 writeUnalignedWord64(void *out, word64 in);
+WOLFSSL_LOCAL
+void readUnalignedWords64(word64 *out, const byte *in, size_t count);
+WOLFSSL_LOCAL
+void writeUnalignedWords64(byte *out, const word64 *in, size_t count);
+WOLFSSL_LOCAL
 word64 rotlFixed64(word64 x, word64 y);
 WOLFSSL_LOCAL
 word64 rotrFixed64(word64 x, word64 y);
@@ -114,10 +129,14 @@ word32 btoi(byte b);
 WOLFSSL_LOCAL signed char HexCharToByte(char ch);
 WOLFSSL_LOCAL char ByteToHex(byte in);
 WOLFSSL_LOCAL int  ByteToHexStr(byte in, char* out);
+WOLFSSL_LOCAL int CharIsWhiteSpace(char ch);
 
 WOLFSSL_LOCAL byte ctMaskGT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);
 WOLFSSL_LOCAL int  ctMaskIntGTE(int a, int b);
+#ifdef WORD64_AVAILABLE
+WOLFSSL_LOCAL word32 ctMaskWord32GTE(word32 a, word32 b);
+#endif
 WOLFSSL_LOCAL byte ctMaskLT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskLTE(int a, int b);
 WOLFSSL_LOCAL byte ctMaskEq(int a, int b);
@@ -134,6 +153,8 @@ WOLFSSL_LOCAL byte ctSetLTE(int a, int b);
 WOLFSSL_LOCAL void ctMaskCopy(byte mask, byte* dst, byte* src, word16 size);
 WOLFSSL_LOCAL word32 MakeWordFromHash(const byte* hashID);
 WOLFSSL_LOCAL word32 HashObject(const byte* o, word32 len, int* error);
+WOLFSSL_LOCAL char* CopyString(const char* src, int srcLen, void* heap,
+        int type);
 
 WOLFSSL_LOCAL void w64Increment(w64wrapper *n);
 WOLFSSL_LOCAL void w64Decrement(w64wrapper *n);
@@ -142,6 +163,7 @@ WOLFSSL_LOCAL word32 w64GetLow32(w64wrapper n);
 WOLFSSL_LOCAL word32 w64GetHigh32(w64wrapper n);
 WOLFSSL_LOCAL void w64SetLow32(w64wrapper *n, word32 low);
 WOLFSSL_LOCAL w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap);
+WOLFSSL_LOCAL w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap);
 WOLFSSL_LOCAL w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap);
 WOLFSSL_LOCAL byte w64GT(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL byte w64IsZero(w64wrapper a);
@@ -152,6 +174,9 @@ WOLFSSL_LOCAL byte w64GTE(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL byte w64LT(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b);
 WOLFSSL_LOCAL void w64Zero(w64wrapper *a);
+WOLFSSL_LOCAL w64wrapper w64ShiftRight(w64wrapper a, int shift);
+WOLFSSL_LOCAL w64wrapper w64ShiftLeft(w64wrapper a, int shift);
+WOLFSSL_LOCAL w64wrapper w64Mul(word32 a, word32 b);
 
 #else /* !NO_INLINE */
 
diff --git a/wolfssl/wolfcrypt/mpi_class.h b/wolfssl/wolfcrypt/mpi_class.h
index 0736d6f8f..4879a6140 100644
--- a/wolfssl/wolfcrypt/mpi_class.h
+++ b/wolfssl/wolfcrypt/mpi_class.h
@@ -1,6 +1,6 @@
 /* mpi_class.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/mpi_superclass.h b/wolfssl/wolfcrypt/mpi_superclass.h
index abfac6af5..69dee6b40 100644
--- a/wolfssl/wolfcrypt/mpi_superclass.h
+++ b/wolfssl/wolfcrypt/mpi_superclass.h
@@ -1,6 +1,6 @@
 /* mpi_superclass.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pkcs11.h b/wolfssl/wolfcrypt/pkcs11.h
index c75478402..36cfd9c45 100644
--- a/wolfssl/wolfcrypt/pkcs11.h
+++ b/wolfssl/wolfcrypt/pkcs11.h
@@ -1,6 +1,6 @@
 /* pkcs11.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,10 +71,12 @@ extern "C" {
 #define CKF_RW_SESSION                        0x00000002UL
 #define CKF_SERIAL_SESSION                    0x00000004UL
 
+#define CKO_CERTIFICATE                       0x00000001UL
 #define CKO_PUBLIC_KEY                        0x00000002UL
 #define CKO_PRIVATE_KEY                       0x00000003UL
 #define CKO_SECRET_KEY                        0x00000004UL
 
+
 #define CKK_RSA                               0x00000000UL
 #define CKK_DH                                0x00000002UL
 #define CKK_EC                                0x00000003UL
@@ -138,14 +140,22 @@ extern "C" {
 #define CKA_HAS_RESET                         0x00000302UL
 
 #define CKM_RSA_PKCS_KEY_PAIR_GEN             0x00000000UL
+#define CKM_RSA_PKCS                          0x00000001UL
 #define CKM_RSA_X_509                         0x00000003UL
+#define CKM_RSA_PKCS_OAEP                     0x00000009UL
+#define CKM_RSA_PKCS_PSS                      0x0000000DUL
 #define CKM_DH_PKCS_KEY_PAIR_GEN              0x00000020UL
 #define CKM_DH_PKCS_DERIVE                    0x00000021UL
 #define CKM_MD5_HMAC                          0x00000211UL
+#define CKM_SHA_1                             0x00000220UL
 #define CKM_SHA_1_HMAC                        0x00000221UL
+#define CKM_SHA256                            0x00000250UL
 #define CKM_SHA256_HMAC                       0x00000251UL
+#define CKM_SHA224                            0x00000255UL
 #define CKM_SHA224_HMAC                       0x00000256UL
+#define CKM_SHA384                            0x00000260UL
 #define CKM_SHA384_HMAC                       0x00000261UL
+#define CKM_SHA512                            0x00000270UL
 #define CKM_SHA512_HMAC                       0x00000271UL
 #define CKM_GENERIC_SECRET_KEY_GEN            0x00000350UL
 #define CKM_EC_KEY_PAIR_GEN                   0x00001040UL
@@ -156,12 +166,26 @@ extern "C" {
 #define CKM_AES_CBC                           0x00001082UL
 #define CKM_AES_GCM                           0x00001087UL
 
+/* full data RSA PK callbacks */
+#define CKM_SHA1_RSA_PKCS_PSS                 0x0000000EUL
+#define CKM_SHA256_RSA_PKCS_PSS               0x00000043UL
+#define CKM_SHA384_RSA_PKCS_PSS               0x00000044UL
+#define CKM_SHA512_RSA_PKCS_PSS               0x00000045UL
+#define CKM_SHA224_RSA_PKCS_PSS               0x00000047UL
+
+#define CKG_MGF1_SHA1 0x00000001UL
+#define CKG_MGF1_SHA224 0x00000005UL
+#define CKG_MGF1_SHA256 0x00000002UL
+#define CKG_MGF1_SHA384 0x00000003UL
+#define CKG_MGF1_SHA512 0x00000004UL
+
+
 #define CKR_OK                                0x00000000UL
 #define CKR_MECHANISM_INVALID                 0x00000070UL
 #define CKR_SIGNATURE_INVALID                 0x000000C0UL
 
 #define CKD_NULL                              0x00000001UL
-
+#define CKZ_DATA_SPECIFIED                    0x00000001UL
 
 typedef unsigned char     CK_BYTE;
 typedef CK_BYTE           CK_CHAR;
@@ -339,6 +363,26 @@ typedef struct CK_GCM_PARAMS {
 } CK_GCM_PARAMS;
 typedef CK_GCM_PARAMS* CK_GCM_PARAMS_PTR;
 
+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
+
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_ULONG sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+typedef CK_RSA_PKCS_PSS_PARAMS *CK_RSA_PKCS_PSS_PARAMS_PTR;
+
+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
+
+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
+    CK_VOID_PTR pSourceData;
+    CK_ULONG ulSourceDataLen;
+} CK_RSA_PKCS_OAEP_PARAMS;
+typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR;
+
 /* Function list types. */
 typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
 typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR;
@@ -538,4 +582,3 @@ struct CK_FUNCTION_LIST {
 #endif
 
 #endif /* _PKCS11_H_ */
-
diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h
index f3023540e..da74fe2e4 100644
--- a/wolfssl/wolfcrypt/pkcs12.h
+++ b/wolfssl/wolfcrypt/pkcs12.h
@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,9 +29,7 @@
     extern "C" {
 #endif
 
-#ifndef WOLFSSL_TYPES_DEFINED /* do not redeclare from ssl.h */
-    typedef struct WC_PKCS12 WC_PKCS12;
-#endif
+typedef struct WC_PKCS12 WC_PKCS12;
 
 typedef struct WC_DerCertList { /* dereferenced in ssl.c */
     byte* buffer;
@@ -47,6 +45,7 @@ enum {
 };
 
 WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void);
+WOLFSSL_API WC_PKCS12* wc_PKCS12_new_ex(void* heap);
 WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12);
 WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12);
 #ifndef NO_FILESYSTEM
@@ -67,7 +66,7 @@ WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz,
 WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap);
 WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12);
 
-WOLFSSL_LOCAL void wc_FreeCertList(WC_DerCertList* list, void* heap);
+WOLFSSL_API void wc_FreeCertList(WC_DerCertList* list, void* heap);
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 1e2733c83..efce67c83 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,6 +112,7 @@ enum PKCS7_STATE {
     WC_PKCS7_VERIFY_STAGE4,
     WC_PKCS7_VERIFY_STAGE5,
     WC_PKCS7_VERIFY_STAGE6,
+    WC_PKCS7_VERIFY_STAGE7,
 
     /* parse info set */
     WC_PKCS7_INFOSET_START,
@@ -157,7 +158,7 @@ enum Pkcs7_Misc {
     MAX_CONTENT_KEY_LEN   = 32,     /* highest current cipher is AES-256-CBC */
     MAX_CONTENT_IV_SIZE   = 16,     /* highest current is AES128 */
 #ifndef NO_AES
-    MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
+    MAX_CONTENT_BLOCK_LEN = WC_AES_BLOCK_SIZE,
 #else
     MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
 #endif
@@ -201,41 +202,52 @@ typedef struct PKCS7DecodedAttrib {
 typedef struct PKCS7State PKCS7State;
 typedef struct Pkcs7Cert Pkcs7Cert;
 typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
-typedef struct PKCS7 PKCS7;
-typedef struct PKCS7 PKCS7_SIGNED;
 typedef struct PKCS7SignerInfo PKCS7SignerInfo;
+typedef struct wc_PKCS7 wc_PKCS7;
+typedef struct wc_PKCS7 wc_PKCS7_SIGNED;
+
+#ifndef OPENSSL_COEXIST
+#define PKCS7 wc_PKCS7
+#define PKCS7_SIGNED wc_PKCS7_SIGNED
+#endif
 
 /* OtherRecipientInfo decrypt callback prototype */
-typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+typedef int (*CallbackOriDecrypt)(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
                                   byte* oriValue, word32 oriValueSz,
                                   byte* decryptedKey, word32* decryptedKeySz,
                                   void* ctx);
-typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+typedef int (*CallbackOriEncrypt)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* oriType, word32* oriTypeSz,
                                   byte* oriValue, word32* oriValueSz,
                                   void* ctx);
-typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID,
+typedef int (*CallbackDecryptContent)(wc_PKCS7* pkcs7, int encryptOID,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
                                    int inSz, byte* out, void* ctx);
-typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* keyId, word32 keyIdSz,
                                   byte* originKey, word32 originKeySz,
                                   byte* out, word32 outSz,
                                   int keyWrapAlgo, int type, int dir);
 
+/* Callbacks for supporting different stream cases */
+typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx);
+typedef int (*CallbackStreamOut)(wc_PKCS7* pkcs7, const byte* output,
+        word32 outputSz, void* ctx);
+
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
 /* RSA sign raw digest callback, user builds DigestInfo */
-typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
+typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
                                    word32 digestSz, byte* out, word32 outSz,
                                    byte* privateKey, word32 privateKeySz,
                                    int devId, int hashOID);
 #endif
 
+
 /* Public Structure Warning:
  * Existing members must not be changed to maintain backwards compatibility!
  */
-struct PKCS7 {
+struct wc_PKCS7 {
     WC_RNG* rng;
     PKCS7Attrib* signedAttribs;
     byte*  content;               /* inner content, not owner             */
@@ -247,7 +259,14 @@ struct PKCS7 {
 #ifdef ASN_BER_TO_DER
     byte*  der;                   /* DER encoded version of message       */
     word32 derSz;
+    byte   indefDepth;
+    CallbackGetContent getContentCb;
+    CallbackStreamOut  streamOutCb;
+    void*  streamCtx; /* passed to getcontentCb and streamOutCb */
 #endif
+    WC_BITFIELD encodeStream:1;   /* use BER when encoding */
+    WC_BITFIELD noCerts:1;        /* if certificates should be added into bundle
+                                     during creation */
     byte*  cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */
     byte*  verifyCert;            /* cert from array used for verify */
     word32 verifyCertSz;
@@ -284,9 +303,9 @@ struct PKCS7 {
     word32 certSz[MAX_PKCS7_CERTS];
 
      /* flags - up to 16-bits */
-    word16 isDynamic:1;
-    word16 noDegenerate:1; /* allow degenerate case in verify function */
-    word16 detached:1;     /* generate detached SignedData signature bundles */
+    WC_BITFIELD isDynamic:1;
+    WC_BITFIELD noDegenerate:1;   /* allow degenerate case in verify function */
+    WC_BITFIELD detached:1;       /* generate detached SignedData signature bundles */
 
     byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
     word32 contentTypeSz;         /* size of contentType, bytes */
@@ -333,6 +352,10 @@ struct PKCS7 {
     word32 plainDigestSz;
     word32 pkcs7DigestSz;
 
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    wc_UnknownExtCallback unknownExtCallback;
+#endif
+
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
     CallbackRsaSignRawDigest rsaSignRawDigestCb;
 #endif
@@ -340,54 +363,82 @@ struct PKCS7 {
     /* used by DecodeEnvelopedData with multiple encrypted contents */
     byte*  cachedEncryptedContent;
     word32 cachedEncryptedContentSz;
-    word16 contentCRLF:1; /* have content line endings been converted to CRLF */
-    word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
+    WC_BITFIELD contentCRLF:1; /* have content line endings been converted to CRLF */
+    WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
+    WC_BITFIELD hashParamsAbsent:1;
+
+    /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as
+     * a SHA1 hash of the public key, but leaves it open to other methods as
+     * long as it is a unique ID. This allows for setting a custom SKID when
+     * creating PKCS7 bundles*/
+    byte* customSKID;
+    word16 customSKIDSz;
+
+
+#if !defined(NO_DES3) || !defined(NO_AES)
+    union {
+    #ifndef NO_AES
+        Aes* aes;
+    #endif
+    #ifndef NO_DES3
+        Des*  des;
+        Des3* des3;
+    #endif
+    } decryptKey;
+#endif
+
     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };
 
-WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
-WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
-WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
-WOLFSSL_API int  wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
-WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
+WOLFSSL_API wc_PKCS7* wc_PKCS7_New(void* heap, int devId);
+#ifdef WC_ASN_UNKNOWN_EXT_CB
+    WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7,
+        wc_UnknownExtCallback cb);
+#endif
+WOLFSSL_API int  wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId);
+WOLFSSL_API int  wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API int  wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API void wc_PKCS7_Free(wc_PKCS7* pkcs7);
 
-WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
+WOLFSSL_API int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid,
         word32 oidSz, byte* out, word32* outSz);
 
-WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
-WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
+WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type);
+WOLFSSL_API int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType,
                                         word32 sz);
 WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
 WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
                                  word32 blockSz);
 
 /* CMS/PKCS#7 Data */
-WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
+WOLFSSL_API int  wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /* CMS/PKCS#7 SignedData */
-WOLFSSL_API int  wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
-WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in,
+                                        word16 inSz);
+WOLFSSL_API int  wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7);
+WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
                                           word32 hashSz, byte* outputHead,
                                           word32* outputHeadSz,
                                           byte* outputFoot,
                                           word32* outputFootSz);
-WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
+WOLFSSL_API void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7,
                                           byte* pkiMsg, word32 pkiMsgSz);
-WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
                                           word32 hashSz, byte* pkiMsgHead,
                                           word32 pkiMsgHeadSz, byte* pkiMsgFoot,
                                           word32 pkiMsgFootSz);
 
-WOLFSSL_API int  wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz);
+WOLFSSL_API int  wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz);
 
 /* CMS single-shot API for Signed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                                           word32 privateKeySz, int signOID,
                                           int hashOID, byte* content,
                                           word32 contentSz,
@@ -396,7 +447,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
                                           word32 outputSz);
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 /* CMS single-shot API for Signed Encrypted FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7,
                                           byte* encryptKey, word32 encryptKeySz,
                                           byte* privateKey, word32 privateKeySz,
                                           int encryptOID, int signOID,
@@ -410,7 +461,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 /* CMS single-shot API for Signed Compressed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7,
                                           byte* privateKey, word32 privateKeySz,
                                           int signOID, int hashOID,
                                           byte* content, word32 contentSz,
@@ -420,7 +471,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
 
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 /* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7,
                                           byte* encryptKey, word32 encryptKeySz,
                                           byte* privateKey, word32 privateKeySz,
                                           int encryptOID, int signOID,
@@ -435,71 +486,80 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
 
 /* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert,
                                           word32 certSz, int options);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert,
                                           word32 certSz, int keyWrapOID,
                                           int keyAgreeOID, byte* ukm,
                                           word32 ukmSz, int options);
 
-WOLFSSL_API int  wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID,
+WOLFSSL_API int  wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID,
                                           byte* kek, word32 kekSz,
                                           byte* keyID, word32 keyIdSz,
                                           void* timePtr, byte* otherOID,
                                           word32 otherOIDSz, byte* other,
                                           word32 otherSz, int options);
 
-WOLFSSL_API int  wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
+WOLFSSL_API int  wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd,
                                           word32 pLen, byte* salt,
                                           word32 saltSz, int kdfOID,
                                           int prfOID, int iterations,
                                           int kekEncryptOID, int options);
-WOLFSSL_API int  wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
-WOLFSSL_API int  wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
-WOLFSSL_API int  wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
+WOLFSSL_API int  wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt cb,
                                            int options);
-WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7,
         CallbackWrapCEK wrapCEKCb);
 
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
-WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
         CallbackRsaSignRawDigest cb);
 #endif
 
 /* CMS/PKCS#7 EnvelopedData */
-WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
 /* CMS/PKCS#7 AuthEnvelopedData */
-WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
 /* CMS/PKCS#7 EncryptedData */
 #ifndef NO_PKCS7_ENCRYPTED_DATA
-WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7,
         CallbackDecryptContent decryptionCb);
-WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx);
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 
+/* stream and certs */
+WOLFSSL_LOCAL int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output,
+    const byte* input, word32 inputSz);
+WOLFSSL_API int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag,
+    CallbackGetContent getContentCb, CallbackStreamOut streamOutCb, void* ctx);
+WOLFSSL_API int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag);
+WOLFSSL_API int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7);
+
 /* CMS/PKCS#7 CompressedData */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
-WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
+WOLFSSL_API int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output,
                                               word32 outputSz);
-WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                               word32 pkiMsgSz, byte* output,
                                               word32 outputSz);
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h
index c0a5b8dfc..c6adb0ef3 100644
--- a/wolfssl/wolfcrypt/poly1305.h
+++ b/wolfssl/wolfcrypt/poly1305.h
@@ -1,6 +1,6 @@
 /* poly1305.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,9 +48,16 @@
 #define WC_HAS_GCC_4_4_64BIT
 #endif
 
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef WOLFSSL_X86_64_BUILD
+#if defined(USE_INTEL_SPEEDUP) && !defined(NO_POLY1305_ASM)
+    #define USE_INTEL_POLY1305_SPEEDUP
+    #define HAVE_INTEL_AVX1
+#endif
+#endif
+
+#if defined(USE_INTEL_POLY1305_SPEEDUP)
 #elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) ||  \
-       defined(WC_HAS_GCC_4_4_64BIT))
+       defined(WC_HAS_GCC_4_4_64BIT)) && !defined(WOLFSSL_W64_WRAPPER_TEST)
 #define POLY130564
 #else
 #define POLY130532
@@ -67,7 +74,7 @@ enum {
 
 /* Poly1305 state */
 typedef struct Poly1305 {
-#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
+#ifdef USE_INTEL_POLY1305_SPEEDUP
     word64 r[3];
     word64 h[3];
     word64 pad[2];
@@ -81,14 +88,42 @@ typedef struct Poly1305 {
     size_t leftover;
     unsigned char finished;
     unsigned char started;
-#else
-#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+    ALIGN128 word64 r64[2];
     ALIGN128 word32 r[5];
     ALIGN128 word32 r_2[5]; /* r^2 */
     ALIGN128 word32 r_4[5]; /* r^4 */
     ALIGN128 word32 h[5];
     word32 pad[4];
     word64 leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
+    unsigned char finished;
+#elif defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_THUMB2) && \
+    !defined(WOLFSSL_ARMASM_NO_NEON)
+    /* NEON implementation for ARM32 */
+    word32 r[4];
+    word32 h[6];
+    word32 pad[4];
+    word32 leftover;
+    unsigned char buffer[4*POLY1305_BLOCK_SIZE];
+    word32 r_21[10];
+    word32 r_43[10];
+#elif defined(WOLFSSL_ARMASM)
+    /* ARM32 (non-NEON) and Thumb2 */
+    word32 r[4];
+    word32 h[5];
+    word32 pad[4];
+    word32 leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
+#elif defined(WOLFSSL_RISCV_ASM)
+    word64 r[2];
+#ifdef WOLFSSL_RISCV_VECTOR
+    word64 r2[6];
+#endif
+    word64 h[3];
+    word64 pad[2];
+    size_t leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
 #else
 #if defined(POLY130564)
     word64 r[3];
@@ -100,10 +135,9 @@ typedef struct Poly1305 {
     word32 pad[4];
 #endif
     size_t leftover;
-#endif /* WOLFSSL_ARMASM */
     unsigned char buffer[POLY1305_BLOCK_SIZE];
     unsigned char finished;
-#endif
+#endif /* WOLFSSL_ARMASM */
 } Poly1305;
 
 /* does init */
@@ -124,10 +158,48 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz,
 WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional,
     word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz);
 
-#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
-void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
-                            size_t bytes);
-void poly1305_block(Poly1305* ctx, const unsigned char *m);
+#if defined(WOLFSSL_ARMASM)
+#if defined(__aarch64__ )
+#define poly1305_blocks     poly1305_blocks_aarch64
+#define poly1305_block      poly1305_block_aarch64
+
+void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m);
+#else
+#if defined(WOLFSSL_ARMASM_THUMB2)
+#define poly1305_blocks     poly1305_blocks_thumb2
+#define poly1305_block      poly1305_block_thumb2
+
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char *m);
+
+void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m,
+    word32 len, int notLast);
+#else
+#define poly1305_blocks     poly1305_blocks_arm32
+#define poly1305_block      poly1305_block_arm32
+
+void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char *m, size_t bytes);
+void poly1305_block_arm32(Poly1305* ctx, const unsigned char *m);
+
+void poly1305_arm32_blocks(Poly1305* ctx, const unsigned char* m, word32 len);
+void poly1305_arm32_blocks_16(Poly1305* ctx, const unsigned char* m, word32 len,
+    int notLast);
+#endif
+void poly1305_set_key(Poly1305* ctx, const byte* key);
+void poly1305_final(Poly1305* ctx, byte* mac);
+#endif
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(WOLFSSL_RISCV_ASM)
+#define poly1305_blocks     poly1305_blocks_riscv64
+#define poly1305_block      poly1305_block_riscv64
+
+void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_riscv64(Poly1305* ctx, const unsigned char *m);
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
new file mode 100644
index 000000000..4ae38a9ff
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
@@ -0,0 +1,233 @@
+/* esp-sdk-lib.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef __ESP_SDK_LIB_H__
+
+#define __ESP_SDK_LIB_H__
+
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.      */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here.   */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF   */
+
+/* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */
+/*    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")        */
+#ifndef WOLFSSL_USER_SETTINGS
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
+#endif
+
+/* FreeRTOS */
+#include <freertos/FreeRTOS.h>
+#include <freertos/task.h>
+#include <freertos/event_groups.h>
+
+/* Espressif */
+#include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */
+#include <esp_idf_version.h>
+#include <esp_log.h>
+
+#define ESP_SDK_MEM_LIB_VERSION 1
+
+/**
+ ******************************************************************************
+ ******************************************************************************
+ ** USER APPLICATION SETTINGS BEGIN
+ ******************************************************************************
+ ******************************************************************************
+ **/
+
+/* when using a private config with plain text passwords,
+ * file my_private_config.h should be excluded from git updates */
+/* #define  USE_MY_PRIVATE_CONFIG */
+
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
+    #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
+        #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
+    #else
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
+    #endif
+#else
+
+    /*
+    ** The examples use WiFi configuration that you can set via project
+    ** configuration menu
+    **
+    ** If you'd rather not, just change the below entries to strings with
+    ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
+    */
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #undef  EXAMPLE_ESP_WIFI_SSID
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
+    #else
+        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+    #endif
+
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #undef  EXAMPLE_ESP_WIFI_PASS
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
+    #else
+        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+    #endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void);
+
+WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v);
+
+WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void);
+
+#if defined(USE_WOLFSSL_ESP_SDK_TIME)
+
+/******************************************************************************
+* Time helpers
+******************************************************************************/
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void);
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void);
+
+/* a function to show the current data and time */
+WOLFSSL_LOCAL esp_err_t esp_show_current_datetime(void);
+
+/* worst case, if GitHub time not available, used fixed time */
+WOLFSSL_LOCAL esp_err_t set_fixed_default_time(void);
+
+/* set time from string (e.g. GitHub commit time) */
+WOLFSSL_LOCAL esp_err_t set_time_from_string(const char* time_buffer);
+
+/* set time from NTP servers,
+ * also initially calls set_fixed_default_time or set_time_from_string */
+WOLFSSL_LOCAL esp_err_t set_time(void);
+
+/* wait NTP_RETRY_COUNT seconds before giving up on NTP time */
+WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void);
+#endif
+
+#if defined(USE_WOLFSSL_ESP_SDK_WIFI)
+
+/******************************************************************************
+* WiFi helpers
+******************************************************************************/
+/* ESP lwip */
+#define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
+
+#define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
+#define TLS_SMP_WIFI_PASS                CONFIG_WIFI_PASSWORD
+
+/* Optionally enable WiFi. Typically not used for wolfcrypt tests */
+/* #define USE_WIFI_EXAMPLE */
+#ifdef USE_WIFI_EXAMPLE
+    #include "esp_netif.h"
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* TODO find and implement ESP8266 example include */
+    #else
+        #include "protocol_examples_common.h" /* see project CMakeLists.txt */
+    #endif
+#endif
+
+
+/* ESP lwip */
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_lib_init(void);
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void);
+
+WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void);
+
+#endif /* USE_WOLFSSL_ESP_SDK_WIFI */
+
+/******************************************************************************
+* Debug helpers
+******************************************************************************/
+WOLFSSL_LOCAL esp_err_t sdk_init_meminfo(void);
+WOLFSSL_LOCAL void* wc_debug_pvPortMalloc(size_t size,
+                                const char* file, int line, const char* fname);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+/* Check for traps */
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+    #if !defined(NO_SESSION_CACHE)    && \
+        !defined(MICRO_SESSION_CACHE) && \
+        !defined(SMALL_SESSION_CACHE)
+        #warning "Limited DRAM/IRAM on ESP8266. Check session cache settings"
+    #endif
+#endif
+
+#endif /* WOLFSSL_ESPIDF */
+
+#endif /* __ESP_SDK_LIB_H__ */
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
index f8d88ef8c..a74d796f1 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
@@ -1,6 +1,6 @@
 /* esp32-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
 
 #ifndef WOLFSSL_USER_SETTINGS
-    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targts"
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
 #endif
 
 #include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */
@@ -44,6 +44,53 @@
 #include <esp_types.h>
 #include <esp_log.h>
 
+#ifndef _INTPTR_T_DECLARED
+    #define intptr_t (void*)
+#endif
+
+#ifndef _UINTPTR_T_DECLARED
+    #define uintptr_t (void*)
+#endif
+
+#ifndef NULLPTR
+    #define NULLPTR ((uintptr_t)NULL)
+#endif
+
+#if ESP_IDF_VERSION_MAJOR >= 4
+    #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE ""
+#else
+    /* Older ESP-IDF such as that for ESP8266 do not support empty strings */
+    #define WOLFSSL_ESPIDF_BLANKLINE_MESSAGE "."
+#endif
+
+#if defined(WOLFSSL_STACK_CHECK)
+    #define CTX_STACK_CHECK(ctx) esp_sha_stack_check(ctx)
+#else
+    #define CTX_STACK_CHECK(ctx) {}
+#endif
+
+#if defined(CONFIG_IDF_TARGET)
+    #define FOUND_CONFIG_IDF_TARGET CONFIG_IDF_TARGET
+#else
+    #define FOUND_CONFIG_IDF_TARGET "(unknown device)"
+#endif
+
+/* Optional exit message.
+ * The WOLFSSL_COMPLETE keyword exits wolfSSL test harness script. */
+#define WOLFSSL_ESPIDF_EXIT_MESSAGE \
+    "\n\nDevice: " FOUND_CONFIG_IDF_TARGET  \
+    "\n\nDone!"                 \
+    "\n\nWOLFSSL_COMPLETE"      \
+    "\n\nIf running from idf.py monitor, press twice: Ctrl+]"
+
+#define WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE(s, err) \
+    "\n\nDevice: " FOUND_CONFIG_IDF_TARGET  \
+    "\n\nExit code: %d "        \
+    "\n\n"s                     \
+    "\n\nWOLFSSL_COMPLETE"      \
+    "\n\nIf running from idf.py monitor, press twice: Ctrl+]", \
+    (err)
+
 /* exit codes to be used in tfm.c, sp_int.c, integer.c, etc.
  *
  * see wolfssl/wolfcrypt/error-crypt.h
@@ -169,6 +216,10 @@ enum {
 **   Turns on diagnostic messages for SHA mutex. Note that given verbosity,
 **   there may be TLS timing issues encountered. Use with caution.
 **
+** DEBUG_WOLFSSL_ESP32_UNFINISHED_HW
+**   This may be interesting in that HW may have been unnessearily locked
+**   for hash that was never completed. (typically encountered at `free1` time)
+**
 ** LOG_LOCAL_LEVEL
 **   Debugging. Default value is ESP_LOG_DEBUG
 **
@@ -182,11 +233,19 @@ enum {
 ** WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 **   Shows a warning when mulm falls back for minimum number of bits.
 **
+** WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+**   Shows a marning when multiplication math bits have exceeded hardware
+**   capabilities and will fall back to slower software.
+**
+** WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+**   Shows a marning when modular math bits have exceeded hardware capabilities
+**   and will fall back to slower software.
+**
 ** NO_HW_MATH_TEST
 **   Even if HW is enabled, do not run HW math tests. See HW_MATH_ENABLED.
 **
 ** NO_ESP_MP_MUL_EVEN_ALT_CALC
-**   Used during Z = X × Y mod M
+**   Used during Z = X * Y mod M
 **   By default, even moduli use a two step HW esp_mp_mul with SW mp_mod.
 **   Enable this to instead fall back to pure software mp_mulmod.
 **
@@ -238,6 +297,11 @@ enum {
 **   See NO_HW_MATH_TEST.
 **
 *******************************************************************************
+** WOLFSSL_FULL_WOLFSSH_SUPPORT
+**   TODO - there's a known, unresolved problem with SHA256 in wolfSSH
+**   Until fixed by a release version or this macro being define once resolved,
+**   this macro should remain undefined.
+**
 */
 #ifdef WOLFSSL_ESP32_CRYPT_DEBUG
     #undef LOG_LOCAL_LEVEL
@@ -266,7 +330,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
+    #if ESP_IDF_VERSION_MAJOR == 4 || (ESP_IDF_VERSION_MAJOR == 5 && ESP_IDF_VERSION_MINOR < 4)
         #include <esp32/rom/ets_sys.h>
     #else
         #include <rom/ets_sys.h>
@@ -287,11 +351,16 @@ enum {
 
     /* #define NO_ESP32_CRYPT */
     /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
-    #define NO_WOLFSSL_ESP32_CRYPT_AES /* No AES HW */
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /* No RSA HW*/
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL /* No RSA, so no mp_mul    */
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD /* No RSA, so no mp_mulmod */
-    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD /* No RSA, no mp_exptmod  */
+    /* No AES HW */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    /* No RSA HW:               */
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /* No RSA, so no mp_mul:    */
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    /* No RSA, so no mp_mulmod: */
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    /* No RSA, no mp_exptmod:   */
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
 
     #include <soc/dport_access.h>
     #include <soc/hwcrypto_reg.h>
@@ -306,9 +375,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
-        /* #include <esp32/rom/ets_sys.h> */
-    #else
+    #if ESP_IDF_VERSION_MAJOR < 4
         #include <rom/ets_sys.h>
     #endif
 
@@ -342,9 +409,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
-    /* #include <esp32/rom/ets_sys.h> */
-    #else
+    #if ESP_IDF_VERSION_MAJOR < 4
         #include <rom/ets_sys.h>
     #endif
 
@@ -378,9 +443,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
-        /* #include <esp32/rom/ets_sys.h> */
-    #else
+    #if ESP_IDF_VERSION_MAJOR < 4
         #include <rom/ets_sys.h>
     #endif
 
@@ -400,6 +463,11 @@ enum {
     #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512
     /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
 
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    /*  wolfSSL Hardware Acceleration not yet implemented. Note: no WiFi.  */
+    #define NO_ESP32_CRYPT
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
 #elif defined(CONFIG_IDF_TARGET_ESP32S2)
     #include "soc/dport_reg.h"
     #include <soc/hwcrypto_reg.h>
@@ -420,9 +488,26 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
     #define ESP_PROHIBIT_SMALL_X 0
-
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
 #else
-    /* not yet supported. no HW */
+    /* Unknown: Not yet supported. Assume no HW. */
+    #define NO_ESP32_CRYPT
+    /***** END CONFIG_IDF_TARGET_[x] config unknown *****/
+
+#endif /* CONFIG_IDF_TARGET target check */
+
+#ifdef NO_ESP32_CRYPT
+    /* There's no hardware acceleration, so ensure everything is disabled: */
+    #undef  NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #undef  NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #undef  NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif
+
+#ifdef NO_WOLFSSL_ESP32_CRYPT_HASH
+    /* There's no SHA hardware acceleration, so ensure all are disabled: */
     #undef  NO_WOLFSSL_ESP32_CRYPT_HASH_SHA
     #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA
     #undef  NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224
@@ -437,7 +522,15 @@ enum {
 
 #endif /* CONFIG_IDF_TARGET target check */
 
-#ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#ifdef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /* With RSA disabled (or not available), explicitly disable each: */
+    #undef  NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #undef  NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #undef  NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#else
     #if defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL) && \
         defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD) && \
         defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD)
@@ -452,7 +545,10 @@ enum {
 #endif
 
 #ifdef SINGLE_THREADED
-    #undef ESP_MONITOR_HW_TASK_LOCK
+    #ifdef WOLFSSL_DEBUG_MUTEX
+        #undef  ESP_MONITOR_HW_TASK_LOCK
+        #define ESP_MONITOR_HW_TASK_LOCK
+    #endif
 #else
     /* Unless explicitly disabled, monitor task lock when not single thread. */
     #ifndef ESP_DISABLE_HW_TASK_LOCK
@@ -460,6 +556,108 @@ enum {
     #endif
 #endif
 
+/* Resulting settings review for syntax highlighter review only: */
+#if defined(NO_ESP32_CRYPT)                     || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_HASH)        || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_AES)         || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI)     || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA)    || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224) || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256) || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) || \
+    defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) || \
+    defined(WOLFSSL_ESP32_CRYPT_DEBUG)
+#endif
+
+/*
+******************************************************************************
+** wolfssl component Kconfig file settings
+******************************************************************************
+ * Naming convention:
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+
+
+/* Pre-set some hardware acceleration from Kconfig / menuconfig settings */
+#ifdef CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+
+/* wolfCrypt test settings */
+#ifdef CONFIG_ESP_WOLFSSL_ENABLE_TEST
+    #ifdef CONFIG_WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+        #define HAVE_WOLFCRYPT_TEST_OPTIONS
+    #endif
+#endif
+
+/* debug options */
+#if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL)
+    /* wolfSSH debugging enabled via Kconfig / menuconfig */
+    #define DEBUG_WOLFSSL
+#endif
+
+/*
+******************************************************************************
+** END wolfssl component Kconfig file settings
+******************************************************************************
+*/
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -473,6 +671,10 @@ extern "C"
 
     WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void);
 
+    WOLFSSL_LOCAL esp_err_t esp_DisableWatchdog(void);
+
+    WOLFSSL_LOCAL esp_err_t esp_EnableWatchdog(void);
+
     /* Compare MATH_INT_T A to MATH_INT_T B
      * During debug, the strings name_A and name_B can help
      * identify variable name. */
@@ -511,21 +713,16 @@ extern "C"
 */
 
 #ifndef NO_AES
-    #if ESP_IDF_VERSION_MAJOR >= 4
-        #include "esp32/rom/aes.h"
-    #else
-        #include "rom/aes.h"
-    #endif
+    /* wolfSSL does not use Espressif rom/aes.h */
+    struct Aes; /* see wolcrypt/aes.h */
 
-    typedef enum tagES32_AES_PROCESS /* TODO what's this ? */
+    typedef enum tagES32_AES_PROCESS
     {
         ESP32_AES_LOCKHW            = 1,
         ESP32_AES_UPDATEKEY_ENCRYPT = 2,
         ESP32_AES_UPDATEKEY_DECRYPT = 3,
         ESP32_AES_UNLOCKHW          = 4
     } ESP32_AESPROCESS;
-
-    struct Aes; /* see aes.h */
 #if  defined(WOLFSSL_HW_METRICS)
     WOLFSSL_LOCAL int esp_hw_show_aes_metrics(void);
     WOLFSSL_LOCAL int wc_esp32AesUnupportedLengthCountAdd(void);
@@ -569,7 +766,14 @@ extern "C"
 
     #define SHA_CTX ETS_SHAContext
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
+    #if ESP_IDF_VERSION_MAJOR > 5 || (ESP_IDF_VERSION_MAJOR == 5 && ESP_IDF_VERSION_MINOR >= 4)
+        #include "rom/sha.h"
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #define WC_ESP_SHA_TYPE enum SHA_TYPE
+        #else
+            #define WC_ESP_SHA_TYPE SHA_TYPE
+        #endif
+    #elif ESP_IDF_VERSION_MAJOR >= 4
         #if defined(CONFIG_IDF_TARGET_ESP32)
             #include "esp32/rom/sha.h"
             #define WC_ESP_SHA_TYPE enum SHA_TYPE
@@ -596,6 +800,8 @@ extern "C"
             #include "rom/sha.h"
             #define WC_ESP_SHA_TYPE SHA_TYPE
         #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        /* there's no HW to include */
     #else
         #include "rom/sha.h"
     #endif
@@ -614,11 +820,14 @@ extern "C"
 
     typedef struct
     {
-        /* pointer to object the initialized HW; to track copies */
-        void* initializer;
-#ifndef SINGLE_THREADED
-        void* task_owner;
-#endif
+    #if defined(WOLFSSL_STACK_CHECK)
+        word32 first_word;
+    #endif
+        /* Pointer to object that initialized HW, to track copies: */
+        uintptr_t initializer;
+    #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
+        TaskHandle_t task_owner;
+    #endif
 
         /* an ESP32_MODE value; typically:
         **   0 init,
@@ -642,7 +851,10 @@ extern "C"
         /* 0 (false) this is NOT first block.
         ** 1 (true ) this is first block.  */
         byte isfirstblock : 1; /* 1 bit only for true / false */
-    } WC_ESP32SHA;
+    #if defined(WOLFSSL_STACK_CHECK)
+        word32 last_word;
+    #endif
+    } WC_ESP32SHA __attribute__((aligned(4)));
 
     WOLFSSL_LOCAL int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx);
     WOLFSSL_LOCAL int esp_sha_init(WC_ESP32SHA* ctx,
@@ -652,20 +864,25 @@ extern "C"
     WOLFSSL_LOCAL int esp_sha_hw_unlock(WC_ESP32SHA* ctx);
 
     /* esp_sha_hw_islocked: returns 0 if not locked, otherwise owner address */
-    WOLFSSL_LOCAL int esp_sha_hw_islocked(WC_ESP32SHA* ctx);
-    WOLFSSL_LOCAL int esp_sha_call_count();
-    WOLFSSL_LOCAL int esp_sha_lock_count();
-    WOLFSSL_LOCAL int esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx);
-    WOLFSSL_LOCAL int esp_sha_set_stray(WC_ESP32SHA* ctx);
+    WOLFSSL_LOCAL uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx);
 
+    /* esp_sha_hw_in_use returns 1 (true) if SHA HW in use, otherwise 0 */
+    WOLFSSL_LOCAL int esp_sha_hw_in_use(void);
+    WOLFSSL_LOCAL int esp_sha_call_count(void);
+    WOLFSSL_LOCAL int esp_sha_lock_count(void);
+    WOLFSSL_LOCAL uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx);
+    WOLFSSL_LOCAL uintptr_t esp_sha_set_stray(WC_ESP32SHA* ctx);
+
+#ifndef NO_SHA
     struct wc_Sha;
     WOLFSSL_LOCAL int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst);
     WOLFSSL_LOCAL int esp_sha_digest_process(struct wc_Sha* sha,
                                              byte blockprocess);
     WOLFSSL_LOCAL int esp_sha_process(struct wc_Sha* sha, const byte* data);
+#endif /* NO_SHA */
 
 #ifdef WOLFSSL_DEBUG_MUTEX
-    /* testing HW release in task that did not lock */
+    /* Testing HW release in task that did not lock: */
     extern WC_ESP32SHA* stray_ctx;
 #endif
 
@@ -764,7 +981,7 @@ extern "C"
     #define WOLFSSL_HAS_METRICS
 
     /* Allow sha256 code to keep track of SW fallback during active HW */
-    WOLFSSL_LOCAL int esp_sw_sha256_count_add();
+    WOLFSSL_LOCAL int esp_sw_sha256_count_add(void);
 
     /* show MP HW Metrics*/
     WOLFSSL_LOCAL int esp_hw_show_mp_metrics(void);
@@ -776,11 +993,18 @@ extern "C"
     WOLFSSL_LOCAL int esp_hw_show_metrics(void);
 #endif
 
+
+#if defined(WOLFSSL_STACK_CHECK)
+
+WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha);
+
+#endif /* WOLFSSL_STACK_CHECK */
+
 /*
  * Errata Mitigation. See
- * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf
- * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf
- * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf
+ *   esp32_errata_en.pdf
+ *   esp32-c3_errata_en.pdf
+ *   esp32-s3_errata_en.pdf
  */
 #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL
 
@@ -796,8 +1020,8 @@ extern "C"
     /* Non-FIFO read may not be needed in chip revision v3.0. */
     #define ESP_EM__READ_NON_FIFO_REG    {DPORT_SEQUENCE_REG_READ(0x3FF40078);}
 
-    /* When the CPU frequency is 160 MHz, add six �nop� between two consecutive
-    ** FIFO reads. When the CPU frequency is 240 MHz, add seven �nop� between
+    /* When the CPU frequency is 160 MHz, add six nops between two consecutive
+    ** FIFO reads. When the CPU frequency is 240 MHz, add seven nops between
     ** two consecutive FIFO reads.  See 3.16 */
     #if defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80)
         #define ESP_EM__3_16 { \
@@ -857,6 +1081,29 @@ extern "C"
 }
 #endif
 
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+
 #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */
 
 #endif  /* __ESP32_CRYPT_H__ */
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h
new file mode 100644
index 000000000..cc8f48f23
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h
@@ -0,0 +1,242 @@
+/* esp_crt_bundle.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifndef __ESP_CRT_BUNDLE_wolfssl_LIB_H__
+
+#define __ESP_CRT_BUNDLE_wolfssl_LIB_H__
+
+/* This file is typically NOT directly used by applications utilizing the
+ * wolfSSL libraries. It is used when the wolfssl library component is
+ * configured to be utilized by the Espressif ESP-IDF, specifically the
+ * esp-tls layer.
+ *
+ * See: esp-idf api-reference for esp_tls.
+ * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h
+ *
+ *******************************************************************************
+ ** Optional Settings:
+ *******************************************************************************
+ * WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+ *   Optionally show certificate bundle debugging info.
+ *
+ * WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+ *   Optionally show certificate bundle name debugging info.
+ *
+ * WOLFSSL_EXAMPLE_VERBOSITY
+ *   Optionally print example application information that may be interesting.
+ *
+ * IS_WOLFSSL_CERT_BUNDLE_FORMAT
+ *   This should be left on as no other bundle format is supported at this time.
+ *
+ * CB_INLINE
+ *   Normally on, this uses the compiler `inline` decorator for bundle functions
+ *   to be optimized, since they are called during a TLS connection.
+ *
+ * See Kconfig file (or use idy.py menuconfig) for other bundle settings.
+ *
+ *******************************************************************************
+ ** Other Settings:
+ *******************************************************************************
+ * WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+ *  This is defined in the wolfssl component cmake file when the esp-tls
+ *  component is required. This is typically when Certificate Bundles are
+ *  enabled, and the esp_tls_free_global_ca_store() in the esp-tls needs
+ *  to be called from the wolfSSL wolfSSL_bundle_cleanup().
+ */
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF   */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
+#endif
+
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) || \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE)
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *)
+#include <wolfssl/ssl.h>
+
+typedef struct wolfssl_ssl_config wolfssl_ssl_config;
+
+struct wolfssl_ssl_config
+{
+    WOLFSSL_X509* ca_chain;
+    WOLFSSL_X509_CRL* ca_crl;
+    void *priv_ctx;
+    void *priv_ssl;
+};
+
+/**
+ * @brief      Attach and enable use of a bundle for certificate verification
+ *
+ * Attach and enable use of a bundle for certificate verification through a
+ * verification callback.If no specific bundle has been set through
+ * esp_crt_bundle_set() it will default to the bundle defined in menuconfig
+ * and embedded in the binary.
+ *
+ * Note this must be visible for both the regular bundles, as well as the
+ *"none" option.
+ *
+ * Other code gated out, below, when the "none" option is selected.
+ *
+ * @param[in]  conf      The config struct for the SSL connection.
+ *
+ * @return
+ *             - ESP_OK  if adding certificates was successful.
+ *             - Other   if an error occurred or an action must be taken by the
+ *                       calling process.
+ */
+esp_err_t esp_crt_bundle_attach(void *conf);
+
+
+#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \
+    (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1)
+
+/* Certificate bundles are enabled, but the "none" option selected */
+
+#else
+/**
+ * @brief      Return ESP_OK for valid bundle, otherwise ESP_FAIL.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+esp_err_t esp_crt_bundle_is_valid(void);
+
+/**
+ * @brief      Return 1 if Cert Bundle loaded, otherwise 0.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+int wolfssl_cert_bundle_loaded(void);
+
+/**
+ * @brief      Return 1 is a cert from the bundle was needed
+ *             at connection time, otherwise 0.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+int wolfssl_need_bundle_cert(void);
+
+/**
+ * @brief      Disable and dealloc the certification bundle
+ *
+ * Used by ESP-IDF esp-tls layer.
+ *
+ * Removes the certificate verification callback and deallocates used resources
+ *
+ * @param[in]  conf      The config struct for the SSL connection.
+ */
+void esp_crt_bundle_detach(wolfssl_ssl_config *conf);
+
+/**
+ * @brief      Set the default certificate bundle used for verification
+ *
+ * Used by ESP-IDF esp-tls layer.
+ *
+ * Overrides the default certificate bundle only in case of successful
+ * initialization. In most use cases the bundle should be set through
+ * menuconfig. The bundle needs to be sorted by subject name since binary
+ * search is used to find certificates.
+ *
+ * @param[in]  x509_bundle     A pointer to the certificate bundle.
+ *
+ * @param[in]  bundle_size     Size of the certificate bundle in bytes.
+ *
+ * @return
+ *             - ESP_OK  if adding certificates was successful.
+ *             - Other   if an error occurred or an action must be taken
+ *                       by the calling process.
+ */
+esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size);
+
+
+/**
+ * @brief      Set the issuer and subject values given the current cert.
+ *
+ * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging
+ * and general visibility to certificate attributes.
+ *
+ * The CERT_TAG can be used at the esp-tls or application layer to indicate
+ * the usage of the respective cert (e.g. the string "peer").
+ *
+ * Turn on WOLFSSL_DEBUG_CERT_BUNDLE to also see ASN1 before/after values.
+ *
+ * @return
+ *             - WOLFSSL_SUCCESS (1)
+ *             - WOLFSSL_FAILURE (0) if unable to get issues and/or subject.
+ */
+int wolfSSL_X509_get_cert_items(char* CERT_TAG,
+                                WOLFSSL_X509* cert,
+                                WOLFSSL_X509_NAME** issuer,
+                                WOLFSSL_X509_NAME** subject);
+
+esp_err_t wolfSSL_bundle_cleanup(void);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf,
+                             int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK,
+                             void *p_vrfy);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf,
+                                             int authmode);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf,
+                                             WOLFSSL_X509 *ca_chain,
+                                             WOLFSSL_X509_CRL *ca_crl);
+
+WOLFSSL_LOCAL void wolfssl_x509_crt_init(WOLFSSL_X509 *crt);
+
+WOLFSSL_LOCAL int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt,
+                                          int depth, uint32_t *flags);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Detect if wolfSSL is enabled, but so are mbedTLS bundles */
+#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \
+            CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+    #error "wolfSSL cannot use mbedTLS certificate bundles. Please disable them"
+#endif
+
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */
+
+#endif /* WOLFSSL_ESPIDF */
+
+#endif /* __ESP_CRT_BUNDLE_wolfssl_LIB_H__ */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
index 9671fafa9..24ce01438 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
@@ -1,6 +1,6 @@
 /* renesas-fspsm-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -123,7 +123,7 @@ WOLFSSL_LOCAL int     wc_fspsm_Open();
 WOLFSSL_LOCAL void    wc_fspsm_Close();
 WOLFSSL_LOCAL int     wc_fspsm_hw_lock();
 WOLFSSL_LOCAL void    wc_fspsm_hw_unlock( void );
-WOLFSSL_LOCAL int     wc_fspsm_usable(const struct WOLFSSL *ssl, 
+WOLFSSL_LOCAL int     wc_fspsm_usable(const struct WOLFSSL *ssl,
                                     uint8_t session_key_generated);
 
 typedef struct {
@@ -319,7 +319,7 @@ WOLFSSL_API int  FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx);
 WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign);
 
 
-#endif  /* WOLFSSL_RENESAS_FSPSM_TLS && 
+#endif  /* WOLFSSL_RENESAS_FSPSM_TLS &&
          * !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */
 
 typedef struct FSPSM_RSA_CTX {
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
index b110343f1..711752b19 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
@@ -1,6 +1,6 @@
 /* renesas-fsp-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,7 +31,7 @@
 
     #define FSPSM_W_KEYVAR          renesas_sce_wrappedkey
     #define FSPSM_tls_flg_ST        sce_keyflgs_tls
-    #define FSPSM_key_flg_ST        sce_keyflgs_cryt
+    #define FSPSM_key_flg_ST        sce_keyflgs_crypt
     #define FSPSM_tag_ST            tagUser_SCEPKCbInfo
     #define FSPSM_ST                User_SCEPKCbInfo
     #define FSPSM_ST_PKC            SCE_PKCbInfo
@@ -171,7 +171,7 @@
     /* structure, type so on */
     #define FSPSM_W_KEYVAR          renesas_rsip_wrappedkey
     #define FSPSM_tls_flg_ST        rsip_keyflgs_tls
-    #define FSPSM_key_flg_ST        rsip_keyflgs_cryt
+    #define FSPSM_key_flg_ST        rsip_keyflgs_crypt
     #define FSPSM_tag_ST            tagUser_RSIPPKCbInfo
     #define FSPSM_ST                User_RSIPPKCbInfo
     #define FSPSM_ST_PKC            RSIP_PKCbInfo
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
index 07d59ac9a..82997c16c 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Use of this Software is subject to the GPLv2 License
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -13,7 +13,7 @@
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
index 6b1bbfdae..bbde10f82 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
@@ -1,6 +1,6 @@
 /* renesas-tsip-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,12 +32,20 @@
 
 #if defined(WOLFSSL_RENESAS_TSIP) || \
     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-    #include "r_tsip_rx_if.h"    
+    #include "r_tsip_rx_if.h"
 #endif
 
 
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #include <wolfssl/ssl.h>
+#endif
+#ifdef WOLF_CRYPTO_CB
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
 
 #ifdef __cplusplus
 extern "C" {
@@ -51,7 +59,7 @@ extern "C" {
 typedef enum {
     WOLFSSL_TSIP_NOERROR = 0,
     WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
-}wolfssl_tsip_error_number;
+} wolfssl_tsip_error_number;
 
 typedef enum {
     tsip_Key_SESSION = 1,
@@ -84,28 +92,33 @@ enum {
     TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
     TSIP_TLS_MAX_SIGDATA_SZ    = 130,
     TSIP_TEMP_WORK_SIZE        = 128,
+
+    TSIP_MAX_ECC_BYTES         = 48,
 };
 
 typedef enum {
-    TSIP_KEY_TYPE_RSA2048      = 0,
-    TSIP_KEY_TYPE_RSA4096      = 1,
-    TSIP_KEY_TYPE_ECDSAP256    = 2,
     #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-    TSIP_KEY_TYPE_RSA1024      = 3,
+    TSIP_KEY_TYPE_RSA1024      = 1, /* RSA 1024 */
     #endif
-    
+    TSIP_KEY_TYPE_RSA2048      = 2, /* RSA 2048 */
+    TSIP_KEY_TYPE_RSA3072      = 3, /* RSA 3072 */
+    TSIP_KEY_TYPE_RSA4096      = 4, /* RSA 4096 */
+    TSIP_KEY_TYPE_ECDSAP256    = 5, /* ECC P256 */
+    TSIP_KEY_TYPE_ECDSAP384    = 6, /* ECC P384 */
 } wolfssl_TSIP_KEY_TYPE;
 
+
 struct WOLFSSL;
+struct ecc_key;
 struct KeyShareEntry;
 
 /*  MsgBag stands for message bag and acts as a buffer for holding plain text
  *  handshake messages exchanged between client and server.
- *  MsgBag was introduced as a workaround for the TSIP's limitation that TSIP 
+ *  MsgBag was introduced as a workaround for the TSIP's limitation that TSIP
  *  can not process multiple hash algorithms at the same time. If the
- *  limitation is resolved in a future TSIP, MsgBag should be removed.    
+ *  limitation is resolved in a future TSIP, MsgBag should be removed.
  *  The contents in this MsgBag is used for transcript hashing. The hash value
- *  is used for the key derivation and Finished-message. 
+ *  is used for the key derivation and Finished-message.
  *  The capacity of the MsgBag is defined as MSGBAG_SIZE and the actual
  *  size is 8KB. The size should be large enough to hold all the handshake
  *  messages including the server and client certificate messages.
@@ -121,33 +134,40 @@ typedef struct MsgBag
 } MsgBag;
 
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
- 
- typedef void* renesas_tsip_key;
- 
- /* flags Crypt Only */
- struct tsip_keyflgs_cryt {
-    uint8_t aes256_key_set:1;
-    uint8_t aes128_key_set:1;
-    uint8_t rsapri2048_key_set:1;
-    uint8_t rsapub2048_key_set:1;
-    uint8_t rsapri1024_key_set:1;
-    uint8_t rsapub1024_key_set:1;
-    uint8_t message_type:1;/*message 0, hashed 1*/
- };
+/* flags Crypt Only */
+struct tsip_keyflgs_crypt {
+    uint32_t aes256_key_set:1;
+    uint32_t aes128_key_set:1;
+    uint32_t rsapri2048_key_set:1;
+    uint32_t rsapub2048_key_set:1;
+    uint32_t rsapri1024_key_set:1;
+    uint32_t rsapub1024_key_set:1;
+    uint32_t eccpri_key_set:1;
+    uint32_t eccpub_key_set:1;
+    uint32_t message_type:1; /*message 0, hashed 1*/
+};
 #endif
+
 /*
  * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
  */
 typedef struct TsipUserCtx {
     /* unique number for each session */
     int devId;
+
+    /* client key pair wrapped by provisioning key */
+    byte*                                              wrappedPrivateKey;
+    byte*                                              wrappedPublicKey;
+
+    int                                                wrappedKeyType;
+
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
     /* 0:working as a TLS client, 1: as a server */
     byte                    side;
 
     /* public key index for verification of RootCA cert */
     uint32_t                user_key_id;
-    
+
     /* WOLFSSL object associated with */
     struct WOLFSSL*         ssl;
     struct WOLFSSL_CTX*     ctx;
@@ -159,34 +179,27 @@ typedef struct TsipUserCtx {
 
     /* handle is used as work area for Tls13 handshake */
     tsip_tls13_handle_t                                handle13;
-#endif /* WOLFSSL_RENESAS_TSIP_TLS */
-    /* client key pair wrapped by provisioning key */
-    byte*                                              wrappedPrivateKey;
-    byte*                                              wrappedPublicKey;
 
-    int                                                wrappedKeyType;
-#ifdef WOLFSSL_RENESAS_TSIP_TLS
-    #if !defined(NO_RSA)
+#if !defined(NO_RSA)
     /* RSA-2048bit private and public key-index for client authentication */
     tsip_rsa2048_private_key_index_t                   Rsa2048PrivateKeyIdx;
     tsip_rsa2048_public_key_index_t                    Rsa2048PublicKeyIdx;
-    #endif /* !NO_RSA */
-
-    #if defined(HAVE_ECC)
-    /* ECC P256 private and public key-index for client authentication */
-    tsip_ecc_private_key_index_t                       EcdsaP256PrivateKeyIdx;
-    tsip_ecc_public_key_index_t                        EcdsaP256PublicKeyIdx;
-    #endif /* HAVE_ECC */
+#endif /* !NO_RSA */
+#if defined(HAVE_ECC)
+    /* ECC private and public key-index for client authentication */
+    tsip_ecc_private_key_index_t                       EcdsaPrivateKeyIdx;
+    tsip_ecc_public_key_index_t                        EcdsaPublicKeyIdx;
+#endif /* HAVE_ECC */
 
     /* ECDHE private key index for Tls13 handshake */
     tsip_tls_p256_ecc_key_index_t                      EcdhPrivKey13Idx;
 
     /* ECDHE pre-master secret */
     tsip_tls13_ephemeral_shared_secret_key_index_t     sharedSecret13Idx;
-    
+
     /* Handshake secret for Tls13 handshake */
     tsip_tls13_ephemeral_handshake_secret_key_index_t  handshakeSecret13Idx;
-    
+
     /* the key to decrypt server-finished message */
     tsip_tls13_ephemeral_server_finished_key_index_t   serverFinished13Idx;
 
@@ -226,12 +239,11 @@ typedef struct TsipUserCtx {
     /* signature data area for TLS1.3 CertificateVerify message  */
     byte                             sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
 
-    
 #if (WOLFSSL_RENESAS_TSIP_VER >=109)
     /* out from R_SCE_TLS_ServerKeyExchangeVerify */
     uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
-    
-    /* ephemeral ECDH pubkey index 
+
+    /* ephemeral ECDH pubkey index
      * got from R_TSIP_GenerateTlsP256EccKeyIndex.
      * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
      */
@@ -248,47 +260,19 @@ typedef struct TsipUserCtx {
     uint32_t    tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
     uint8_t     tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
     uint8_t     tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
-#endif /* WOLFSSL_RENESAS_TSIP_TLS */
-/* for tsip crypt only mode */
-#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-    
-    renesas_tsip_key    rsa1024pri_keyIdx;
-    renesas_tsip_key    rsa1024pub_keyIdx;
-    renesas_tsip_key    rsa2048pri_keyIdx;
-    renesas_tsip_key    rsa2048pub_keyIdx;
-    
-    /* sign/verify hash type :
-     * md5, sha1 or sha256
-     */
-    int sing_hash_type;
-    
-    /* flags shows status if tsip keys are installed */
-    union {
-        uint8_t chr;
-        struct tsip_keyflgs_cryt bits;
-    } keyflgs_crypt;
-    
-#endif
-    /* installed key handling */
-    tsip_aes_key_index_t user_aes256_key_index;
-    uint8_t user_aes256_key_set:1;
-    tsip_aes_key_index_t user_aes128_key_index;
-    uint8_t user_aes128_key_set:1;
-    
+
     /* TSIP defined cipher suite number */
     uint32_t    tsip_cipher;
-    
+
     /* flags */
-#ifdef WOLFSSL_RENESAS_TSIP_TLS
-    #if !defined(NO_RSA)
+#if !defined(NO_RSA)
     uint8_t ClientRsa2048PrivKey_set:1;
     uint8_t ClientRsa2048PubKey_set:1;
-    #endif
-
-    #if defined(HAVE_ECC)
-    uint8_t ClientEccP256PrivKey_set:1;
-    uint8_t ClientEccP256PubKey_set:1;
-    #endif
+#endif
+#if defined(HAVE_ECC)
+    uint8_t ClientEccPrivKey_set:1;
+    uint8_t ClientEccPubKey_set:1;
+#endif
 
     uint8_t HmacInitialized:1;
     uint8_t RootCAverified:1;
@@ -308,6 +292,39 @@ typedef struct TsipUserCtx {
     uint8_t session_key_set:1;
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
+    /* installed key handling */
+    tsip_aes_key_index_t user_aes256_key_index;
+    uint8_t user_aes256_key_set:1;
+    tsip_aes_key_index_t user_aes128_key_index;
+    uint8_t user_aes128_key_set:1;
+
+/* for tsip crypt only mode */
+#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+#ifndef NO_RSA
+    tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx;
+    tsip_rsa1024_public_key_index_t*  rsa1024pub_keyIdx;
+    tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx;
+    tsip_rsa2048_public_key_index_t*  rsa2048pub_keyIdx;
+#endif
+#ifdef HAVE_ECC
+    #ifdef HAVE_ECC_SIGN
+    tsip_ecc_private_key_index_t      eccpri_keyIdx;
+    #endif
+    tsip_ecc_public_key_index_t       eccpub_keyIdx;
+#endif
+
+    /* sign/verify hash type :
+     * md5, sha1 or sha256
+     */
+    int sign_hash_type;
+
+    /* flags shows status if tsip keys are installed */
+    union {
+        uint32_t chr;
+        struct tsip_keyflgs_crypt bits;
+    } keyflgs_crypt;
+#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+
 } TsipUserCtx;
 
 typedef TsipUserCtx RenesasUserCtx;
@@ -315,7 +332,7 @@ typedef TsipUserCtx user_PKCbInfo;
 
 typedef struct
 {
-    TsipUserCtx* userCtx; 
+    TsipUserCtx* userCtx;
 } TsipPKCbInfo;
 
 
@@ -362,6 +379,10 @@ WOLFSSL_API int  tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
 
 WOLFSSL_API int  tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
 
+
+WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType);
+WOLFSSL_LOCAL int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType);
+
 #if defined(WOLF_PRIVATE_KEY_ID)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -372,7 +393,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc,
+WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
                                 const char* keyBuf, int keyBufLen, int keyType);
 WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
                                 const char* keyBuf, int keyBufLen, int keyType);
@@ -387,12 +408,12 @@ WOLFSSL_API void tsip_inform_user_keys_ex(
     byte*       provisioning_key,   /* key got from DLM server */
     byte*       iv,                 /* iv used for public key  */
     byte*       encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/
-    word32      public_key_type);   /* 0: RSA-2048 2:ECDSA P-256 */    
+    word32      public_key_type);   /* 0: RSA-2048 2:ECDSA P-256 */
 
 #else
 
 WOLFSSL_API void tsip_inform_user_keys(
-    byte*       encrypted_session_key, 
+    byte*       encrypted_session_key,
     byte*       iv,
     byte*       encrypted_user_tls_key);
 
@@ -401,22 +422,32 @@ WOLFSSL_API void tsip_inform_user_keys(
 /*----------------------------------------------------*/
 /*   internal use functions                           */
 /*----------------------------------------------------*/
-WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc);
-
+#ifdef HAVE_PK_CALLBACKS
 WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
-                        WOLFSSL* ssl, 
+                        struct WOLFSSL* ssl,
                         unsigned char* sig, unsigned int sigSz,
                         unsigned char** out,
                         const unsigned char* keyDer, unsigned int keySz,
                         void* ctx);
 
-WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc);
-
+#endif
 
 #ifdef WOLF_CRYPTO_CB
-
 struct wc_CryptoInfo;
 
+WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
+    TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
+    TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
+
+WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info,
+    TsipUserCtx* tuc);
+
 WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
 
 WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
@@ -427,7 +458,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
 
 WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac);
 
-WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl, 
+WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(struct WOLFSSL* ssl,
                                                 struct KeyShareEntry* kse);
 
 WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
@@ -466,13 +497,13 @@ WOLFSSL_LOCAL int tsip_Tls13VerifyHandshake(struct WOLFSSL* ssl,
                                                const byte* input, byte* hash,
                                                word32* pHashSz);
 
-WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl, 
+WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(struct WOLFSSL* ssl,
                                     byte* output, const byte* input, word16 sz);
 
 WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(struct WOLFSSL* ssl,
                                     byte* output, const byte* input, word16 sz);
 
-WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl, 
+WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
                                             const byte* input, word32* inOutIdx,
                                             word32 totalSz);
 
@@ -483,7 +514,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(struct WOLFSSL*ssl);
 
 
 #if (WOLFSSL_RENESAS_TSIP_VER >=109)
-WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info, 
+WOLFSSL_LOCAL int wc_tsip_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
                                                                     void* ctx);
 WOLFSSL_LOCAL int wc_tsip_generateMasterSecretEx(
         byte        cipherSuiteFirst,
@@ -505,23 +536,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
 
 
 WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
-        WOLFSSL *ssl,
+        struct WOLFSSL *ssl,
         TsipUserCtx *userCtx);
 
 WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
-        WOLFSSL*  ssl,
+        struct WOLFSSL*  ssl,
         byte*       out,
         word32*     outSz);
 
 WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
-        WOLFSSL* ssl,
+        struct WOLFSSL* ssl,
         struct ecc_key* otherKey,
         unsigned char* pubKeyDer, unsigned int* pubKeySz,
         unsigned char* out, unsigned int* outlen,
         int side, void* ctx);
 
 WOLFSSL_LOCAL int wc_tsip_RsaVerify(
-        WOLFSSL* ssl,
+        struct WOLFSSL* ssl,
         byte* sig,
         word32 sigSz,
         byte** out,
@@ -530,7 +561,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify(
         void* ctx);
 
 WOLFSSL_LOCAL int wc_tsip_EccVerify(
-        WOLFSSL*  ssl, 
+        struct WOLFSSL*  ssl,
         const byte* sig,    word32  sigSz,
         const byte* hash,   word32  hashSz,
         const byte* key,    word32  keySz,
@@ -553,7 +584,7 @@ WOLFSSL_LOCAL int wc_tsip_AesCbcDecrypt(
         byte*       out,
         const byte* in,
         word32      sz);
- 
+
 WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt(
         Aes* aes, byte* out,
         const byte* in, word32 sz,
@@ -561,7 +592,7 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmEncrypt(
               byte* authTag, word32 authTagSz,
         const byte* authIn, word32 authInSz,
         void* ctx);
-            
+
 WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
         Aes* aes, byte* out,
         const byte* in, word32 sz,
@@ -571,22 +602,22 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
         void* ctx);
 #endif /* NO_AES */
 WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
-        const WOLFSSL *ssl,
-        const byte* message, 
+        const struct WOLFSSL *ssl,
+        const byte* message,
         word32      messageSz,
         word32      macSz,
         word32      content);
 
 WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
-        const WOLFSSL *ssl,
-        const byte* myInner, 
+        const struct WOLFSSL *ssl,
+        const byte* myInner,
         word32      innerSz,
         const byte* in,
-        word32      sz, 
+        word32      sz,
         byte*       digest);
 
 WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
-        const WOLFSSL *ssl,
+        const struct WOLFSSL *ssl,
         const byte* myInner,
         word32      innerSz,
         const byte* in,
@@ -601,11 +632,11 @@ WOLFSSL_LOCAL int  tsip_hw_lock();
 
 WOLFSSL_LOCAL void tsip_hw_unlock( void );
 
-WOLFSSL_LOCAL int  tsip_usable(const WOLFSSL *ssl,
+WOLFSSL_LOCAL int  tsip_usable(const struct WOLFSSL *ssl,
                                 uint8_t session_key_generated);
 
 WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
-        const byte* ps_flash, 
+        const byte* ps_flash,
         const byte* psigned_ca_cert,
             word32  len);
 
@@ -631,13 +662,11 @@ WOLFSSL_LOCAL int  wc_tsip_generatePremasterSecret(
         word32  preSz);
 
 WOLFSSL_LOCAL int  wc_tsip_generateSessionKey(
-        WOLFSSL* ssl,
+        struct WOLFSSL* ssl,
         TsipUserCtx*    ctx,
         int             devId);
 
 WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
-WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, 
-                                                TsipUserCtx* tuc);
 
 WOLFSSL_LOCAL int  wc_tsip_GenerateRandBlock(byte* output, word32 size);
 
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
index 1213eeee8..167530f21 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
@@ -1,6 +1,6 @@
 /* renesas_cmn.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,14 @@
 #ifndef __RENESAS_CMN_H__
 #define __RENESAS_CMN_H__
 
+
+
 #include <wolfssl/ssl.h>
+
+#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #include <wolfssl/internal.h>
 
+
 /* Common Callbacks */
 WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
                                 const unsigned char* in, unsigned int inSz,
@@ -36,12 +41,12 @@ WOLFSSL_LOCAL int Renesas_cmn_EccSignCb(WOLFSSL* ssl,
                                 const unsigned char* keyDer, unsigned int keySz,
                                 void* ctx);
 WOLFSSL_LOCAL int Renesas_cmn_genMasterSecret(WOLFSSL* ssl, void* ctx);
-WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl, 
+WOLFSSL_LOCAL int Renesas_cmn_generatePremasterSecret(WOLFSSL* ssl,
                                 byte *premaster, word32 preSz, void* ctx);
-WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in, 
+WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
        unsigned int inSz, unsigned char* out, word32* outSz,
        const unsigned char* keyDer, unsigned int keySz, void* ctx);
-WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, 
+WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message,
                     word32 messageSz, word32 macSz, word32 content, void* ctx);
 WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
         unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
@@ -55,7 +60,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl,
                                 unsigned char** out,
                                 const unsigned char* keyDer, unsigned int keySz,
                                 void* ctx);
-                                
+
 WOLFSSL_LOCAL int Renesas_cmn_TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
              word32 sz, int padSz, int content, int verify, int epochOrder);
 WOLFSSL_LOCAL int Renesas_cmn_usable(const WOLFSSL *ssl, byte seskey_gennerated);
@@ -69,10 +74,8 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne
 
 /* Common Methods */
 WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId);
-int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx);
-void wc_CryptoCb_CleanupRenesasCmn(int* id);
-int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, 
-        word32 key_n_start, word32 key_n_len, word32 key_e_start, 
+int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
+        word32 key_n_start, word32 key_n_len, word32 key_e_start,
         word32 key_e_len, word32 cm_row);
 WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl);
 WOLFSSL_LOCAL byte Renesas_cmn_checkCA(word32 cmIdx);
@@ -80,4 +83,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
                             const byte *handshake_hash, word32 hashSz,
                             byte *hashes, void* ctx);
 WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx);
+#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+
+int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx);
+void wc_CryptoCb_CleanupRenesasCmn(int* id);
+
 #endif /* __RENESAS_CMN_H__ */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
index 365abf5a3..438e4f2fa 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
@@ -1,6 +1,6 @@
 /* renesas_sync.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
index 93738780a..e454a5cb5 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
@@ -1,7 +1,7 @@
 
 /* renesas_tsip_types.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,13 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- 
+
 #ifndef __RENESAS_TSIP_TYPES_H__
 #define __RENESAS_TSIP_TYPES_H__
 
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
 
 #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
@@ -33,12 +34,6 @@ typedef enum {
     TSIP_SHA256 = 1,
 } TSIP_SHA_TYPE;
 
-typedef enum {
-    TSIP_RSA2048,
-    TSIP_RSA4096,
-    TSIP_ECCP256,
-} TSIP_KEY_TYPE;
-
 typedef struct {
     byte*  msg;
     void*  heap;
@@ -48,22 +43,33 @@ typedef struct {
 #if defined(WOLF_CRYPTO_CB)
     word32 flags;
     int devId;
-#endif    
+#endif
 } wolfssl_TSIP_Hash;
 
 /* RAW hash function APIs are not implemented with TSIP */
 #define WOLFSSL_NO_HASH_RAW
 
+#ifndef NO_SHA
 typedef wolfssl_TSIP_Hash wc_Sha;
-
-#if !defined(NO_SHA256)
+#endif
+#ifndef NO_SHA256
 typedef wolfssl_TSIP_Hash wc_Sha256;
 #endif
 
-#endif /* NO_SHA */
+#endif /* !NO_SHA || !NO_SHA256 */
 
+#if defined(WOLFSSL_RENESAS_TSIP_TLS)
+#include "r_tsip_rx_if.h"
 
-#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\
+/* TSIP TLS KEY Definition */
+typedef enum {
+    TSIP_RSA2048 = R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048,
+    TSIP_RSA4096 = R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA4096,
+    TSIP_ECCP256 = R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256,
+} TSIP_KEY_TYPE;
+#endif
+
+#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \
     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 #include "r_tsip_rx_if.h"
 
diff --git a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
index bac08c045..3ddaa8441 100644
--- a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
+++ b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
@@ -1,6 +1,6 @@
 /* afalg_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
index 60571f373..74c818e63 100644
--- a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
+++ b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
@@ -1,6 +1,6 @@
 /* wc_afalg.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/aria/aria-crypt.h b/wolfssl/wolfcrypt/port/aria/aria-crypt.h
index 9d49b875a..0bc00a16b 100644
--- a/wolfssl/wolfcrypt/port/aria/aria-crypt.h
+++ b/wolfssl/wolfcrypt/port/aria/aria-crypt.h
@@ -1,6 +1,6 @@
 /* aria-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
index 01e18b07d..3ef3ecabc 100644
--- a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
+++ b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
@@ -1,6 +1,6 @@
 /* aria-cryptocb.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/arm/cryptoCell.h b/wolfssl/wolfcrypt/port/arm/cryptoCell.h
index 58ba14516..51abd3ad9 100644
--- a/wolfssl/wolfcrypt/port/arm/cryptoCell.h
+++ b/wolfssl/wolfcrypt/port/arm/cryptoCell.h
@@ -1,6 +1,6 @@
 /* cryptoCell.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h
index 4f9223664..d5c9458c5 100644
--- a/wolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/wolfssl/wolfcrypt/port/atmel/atmel.h
@@ -1,6 +1,6 @@
 /* atmel.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/autosar/CryIf.h b/wolfssl/wolfcrypt/port/autosar/CryIf.h
new file mode 100644
index 000000000..04e134606
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/autosar/CryIf.h
@@ -0,0 +1,49 @@
+/* CryIf.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CRYIF_H
+#define WOLFSSL_CRYIF_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* implementation specific structure, for now not used */
+typedef struct CryIf_ConfigType {
+    void* heap;
+} CryIf_ConfigType;
+
+WOLFSSL_LOCAL void CryIf_Init(const CryIf_ConfigType* in);
+WOLFSSL_LOCAL void CryIf_GetVersionInfo(Std_VersionInfoType* ver);
+WOLFSSL_LOCAL Std_ReturnType CryIf_ProcessJob(uint32 id, Crypto_JobType* job);
+WOLFSSL_LOCAL Std_ReturnType CryIf_CancelJob(uint32 id, Crypto_JobType* job);
+WOLFSSL_LOCAL Std_ReturnType CryIf_KeyElementSet(uint32 keyId, uint32 eId,
+        const uint8* key, uint32 keySz);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_CRYIF_H */
+
diff --git a/wolfssl/wolfcrypt/port/autosar/Crypto.h b/wolfssl/wolfcrypt/port/autosar/Crypto.h
new file mode 100644
index 000000000..03b9515fd
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/autosar/Crypto.h
@@ -0,0 +1,55 @@
+/* Crypto.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CRYPTO_H
+#define WOLFSSL_CRYPTO_H
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* key format */
+enum {
+    CRYPTO_KE_FORMAT_BIN_OCTET = 0x01,
+    CRYPTO_KE_FORMAT_BIN_RSA_PRIVATEKEY = 0x05,
+    CRYPTO_KE_FORMAT_BIN_RSA_PUBLICKEY = 0x06
+};
+
+/* implementation specific structure, for now not used */
+typedef struct Crypto_ConfigType {
+    void* heap;
+} Crypto_ConfigType;
+
+WOLFSSL_LOCAL Std_ReturnType Crypto_KeyElementSet(uint32 keyId, uint32 eId,
+        const uint8* key, uint32 keySz);
+WOLFSSL_LOCAL void Crypto_Init(const Crypto_ConfigType* config);
+WOLFSSL_LOCAL Std_ReturnType Crypto_ProcessJob(uint32 objectId,
+        Crypto_JobType* job);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_CRYPTO_H */
+
diff --git a/wolfssl/wolfcrypt/port/autosar/Csm.h b/wolfssl/wolfcrypt/port/autosar/Csm.h
new file mode 100644
index 000000000..41994c3ae
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/autosar/Csm.h
@@ -0,0 +1,295 @@
+/* csm.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* specifications from AUTOSAR_SWS_CryptoServiceManager Release 4.4.0 */
+/* naming scheme from 4.4 specifications, needed for applications to use
+ * standardized names when linking */
+
+
+#ifndef WOLFSSL_CSM_H
+#define WOLFSSL_CSM_H
+
+#ifdef WOLFSSL_AUTOSAR
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/port/autosar/StandardTypes.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+/* Error values */
+#define WOLFSSL_CSM_E_PARAM_POINTER  0x01
+#define WOLFSSL_CSM_E_SMALL_BUFFER   0x03
+#define WOLFSSL_CSM_E_PARAM_HANDLE   0x04
+#define WOLFSSL_CSM_E_UNINIT         0x05
+#define WOLFSSL_CSM_E_INIT_FAILED    0x07
+#define WOLFSSL_CSM_E_PROCESSING_MOD 0x08
+
+
+#define Crypto_JobType WOLFSSL_JOBTYPE
+#define Crypto_JobPrimitiveInputOutputType WOLFSSL_JOBIO
+#define Crypto_JobStateType WOLFSSL_JOBSTATE
+#define Crypto_VerifyResultType WOLFSSL_VERIFY
+#define Crypto_OperationModeType WOLFSSL_OMODE_TYPE
+
+/* implementation specific structure, for now not used */
+typedef struct Csm_ConfigType {
+    void* heap;
+} Csm_ConfigType;
+
+typedef enum WOLFSSL_JOBSTATE {
+    CRYPTO_JOBSTATE_IDLE = 0x00,
+    CRYPTO_JOBSTATE_ACTIVE = 0x01
+} WOLFSSL_JOBSTATE;
+
+typedef enum WOLFSSL_VERIFY {
+    CRYPTO_E_VER_OK = 0x00,
+    CRYPTO_E_VER_NOT_OK = 0x01
+} WOLFSSL_VERIFY;
+
+/* operation modes <Rte_Csm_Type.h> */
+typedef enum WOLFSSL_OMODE_TYPE {
+    CRYPTO_OPERATIONMODE_START = 0x01,
+    CRYPTO_OPERATIONMODE_UPDATE = 0x02,
+    CRYPTO_OPERATIONMODE_STREAMSTART = 0x03,
+    CRYPTO_OPERATIONMODE_FINISH = 0x04,
+    CRYPTO_OPERATIONMODE_SINGLECALL = 0x07
+} WOLFSSL_OMODE_TYPE;
+
+
+typedef enum Crypto_ServiceInfoType {
+    CRYPTO_ENCRYPT = 0x03,
+    CRYPTO_DECRYPT = 0x04,
+    CRYPTO_RANDOMGENERATE = 0x0B,
+
+#ifdef CSM_UNSUPPORTED_ALGS
+    /* not yet supported */
+    CRYPTO_HASH = 0x00,
+    CRYPTO_MACGENERATE = 0x01,
+    CRYPTO_MACVERIFY = 0x02,
+    CRYPTO_AEADENCRYPT = 0x05,
+    CRYPTO_AEADDECRYPT = 0x06,
+    CRYPTO_SIGNATUREGENERATE = 0x07,
+    CRYPTO_SIGNATUREVERIFY = 0x08,
+    CRYPTO_RANDOMSEED = 0x0C,
+    CRYPTO_KEYGENERATE= 0x0D,
+    CRYPTO_KEYDERIVE = 0x0E,
+    CRYPTO_KEYEXCHANGECALCPUBVAL = 0x0F,
+    CRYPTO_KEYEXCHANGECALCSECRET = 0x10,
+    CRYPTO_CERTIFICATEPARSE = 0x11,
+    CRYPTO_CERTIFICATEVERIFY = 0x12,
+    CRYPTO_KEYSETVALID = 0x13,
+#endif
+} Crypto_ServiceInfoType;
+
+
+typedef enum Crypto_AlgorithmModeType {
+    CRYPTO_ALGOMODE_NOT_SET = 0x00,
+    CRYPTO_ALGOMODE_CBC = 0x02,
+
+#ifdef CSM_UNSUPPORTED_ALGS
+    /* not yet supported */
+    CRYPTO_ALGOMODE_ECB = 0x01,
+    CRYPTO_ALGOMODE_CFB = 0x03,
+    CRYPTO_ALGOMODE_OFB = 0x04,
+    CRYPTO_ALGOMODE_CTR = 0x05,
+    CRYPTO_ALGOMODE_GCM = 0x06,
+    CRYPTO_ALGOMODE_XTS = 0x07,
+    CRYPTO_ALGOMODE_RSAES_OAEP = 0x08,
+    CRYPTO_ALGOMODE_RSAAES_PKCS1_V1_5 = 0x09,
+    CRYPTO_ALGOMODE_RSAAES_PSS = 0x0A,
+    CRYPTO_ALGOMODE_RSAASA_PKCS1_V1_5 = 0x0B,
+    CRYPTO_ALGOMODE_8ROUNDS = 0x0C, /* ChaCha8 */
+    CRYPTO_ALGOMODE_12ROUNDS = 0x0D, /* ChaCha12 */
+    CRYPTO_ALGOMODE_20ROUNDS = 0x0E, /* ChaCha20 */
+    CRYPTO_ALGOMODE_HMAC = 0x0F,
+    CRYPTO_ALGOMODE_CMAC = 0x10,
+    CRYPTO_ALGOMODE_GMAC = 0x11,
+#endif
+} Crypto_AlgorithmModeType;
+
+typedef enum Crypto_AlgorithmFamilyType {
+    CRYPTO_ALGOFAM_NOT_SET = 0x00,
+    CRYPTO_ALGOFAM_SHA1 = 0x01,
+    CRYPTO_ALGOFAM_SHA2_224 = 0x02,
+    CRYPTO_ALGOFAM_SHA2_256 = 0x03,
+    CRYPTO_ALGOFAM_SHA2_384 = 0x04,
+    CRYPTO_ALGOFAM_SHA2_512 = 0x05,
+    CRYPTO_ALGOFAM_SHA2_512_224 = 0x06,
+    CRYPTO_ALGOFAM_SHA2_512_256 = 0x07,
+    CRYPTO_ALGOFAM_SHA3_224 = 0x08,
+    CRYPTO_ALGOFAM_SHA3_256 = 0x09,
+    CRYPTO_ALGOFAM_SHA3_384 = 0x0A,
+    CRYPTO_ALGOFAM_SHA3_512 = 0x0B,
+    CRYPTO_ALGOFAM_SHAKE128 = 0x0C,
+    CRYPTO_ALGOFAM_SHAKE256 = 0x0D,
+    CRYPTO_ALGOFAM_RIPEMD160 = 0x0E,
+    CRYPTO_ALGOFAM_BLAKE_1_256 = 0x0D,
+    CRYPTO_ALGOFAM_BLAKE_1_512 = 0x10,
+    CRYPTO_ALGOFAM_BLAKE_2s_256 = 0x11,
+    CRYPTO_ALGOFAM_BLAKE_2s_512 = 0x12,
+    CRYPTO_ALGOFAM_3DES = 0x13,
+    CRYPTO_ALGOFAM_AES = 0x14,
+    CRYPTO_ALGOFAM_CHACHA = 0x15,
+    CRYPTO_ALGOFAM_RSA = 0x16,
+    CRYPTO_ALGOFAM_ED25519 = 0x17,
+    CRYPTO_ALGOFAM_BRAINPOOL = 0x18,
+    CRYPTO_ALGOFAM_ECCNIST = 0x19,
+    CRYPTO_ALGOFAM_RNG = 0x1B,
+    CRYPTO_ALGOFAM_SIPHASH = 0x1C,
+    CRYPTO_ALGOFAM_ECIES = 0x1D,
+    CRYPTO_ALGOFAM_ECCANSI = 0x1E,
+    CRYPTO_ALGOFAM_ECCSEC = 0x1F,
+    CRYPTO_ALGOFAM_DRBG = 0x20,
+    CRYPTO_ALGOFAM_FIPS186 = 0x21, /* random number gen according to FIPS 186 */
+    CRYPTO_ALGOFAM_PADDING_PKCS7 = 0x22,
+    CRYPTO_ALGOFAM_PADDING_ONEWITHZEROS = 0x23 /* fill with 0's but first bit
+                                                * after data is 1 */
+} Crypto_AlgorithmFamilyType;
+
+typedef enum Crypto_KeyID {
+    /* Cipher/AEAD */
+    CRYPTO_KE_CIPHER_KEY = 0x01,
+    CRYPTO_KE_CIPHER_IV =  0x05,
+    CRYPTO_KE_CIPHER_PROOF = 0x06,
+    CRYPTO_KE_CIPHER_2NDKEY =  0x07
+} Crypto_KeyID;
+
+
+typedef enum Crypto_ProcessingType {
+    CRYPTO_PROCESSING_ASYNC = 0x00,
+    CRYPTO_PROCESSING_SYNC = 0x01
+} Crypto_ProcessingType;
+
+
+/* removed const on elements @TODO which is different than 8.2.8 in
+ * AUTOSAR_SWS_CryptoServiceManager.pdf */
+typedef struct Crypto_JobInfoType {
+    uint32 jobId;
+    uint32 jobPriority;
+} Crypto_JobInfoType;
+
+typedef struct Crypto_JobRedirectionInfoType {
+    uint8 redirectionConfig;
+    uint32 inputKeyId;
+    uint32 inputKeyElementId;
+    uint32 secondaryInputKeyId;
+    uint32 secondaryInputKeyElementId;
+    uint32 tertiaryInputKeyId;
+    uint32 tertiaryInputKeyElementId;
+    uint32 outputKeyId;
+    uint32 outputKeyElementId;
+    uint32 secondaryOutputKeyId;
+    uint32 secondaryOutputKeyElementId;
+} Crypto_JobRedirectionInfoType;
+
+
+enum Crypto_InputOutputRedirectionConfigType {
+    CRYPTO_REDIRECT_CONFIG_PRIMARY_INPUT = 0x01,
+    CRYPTO_REDIRECT_CONFIG_SECONDARY_INPUT = 0x02,
+    CRYPTO_REDIRECT_CONFIG_TERTIARY_INPUT = 0x04,
+    CRYPTO_REDIRECT_CONFIG_PRIMARY_OUTPUT = 0x10,
+    CRYPTO_REDIRECT_CONFIG_SECONDARY_OUTPUT = 0x20
+};
+
+
+typedef struct WOLFSSL_JOBIO {
+    const uint8 *inputPtr;
+    uint32       inputLength;
+    const uint8 *secondaryInputPtr; /* secondary data for verify */
+    uint32       secondaryInputLength;
+    const uint8 *tertiaryInputPtr; /* third input data for verify */
+    uint32       tertiaryInputLength;
+    uint8       *outputPtr;
+    uint32      *outputLengthPtr;
+    uint8       *secondaryOutputPtr;
+    uint32      *secondaryOutputLengthPtr;
+    uint64       input64; /* input parameter */
+    Crypto_VerifyResultType *verifyPtr;
+    uint64      *output64Ptr;
+    Crypto_OperationModeType mode;
+    uint32       cryIfKeyId;
+    uint32       targetCryIfKeyId;
+} WOLFSSL_JOBIO;
+
+
+typedef struct Crypto_AlgorithmInfoType {
+    Crypto_AlgorithmFamilyType family;
+    Crypto_AlgorithmFamilyType secondaryFamily; /* second algo type if needed */
+    uint32 keyLength;
+    Crypto_AlgorithmModeType mode; /* i.e. CBC / RSA OAEP */
+} Crypto_AlgorithmInfoType;
+
+
+/* removed const on all 3 elements which is slightly different than AutoSAR */
+typedef struct Crypto_PrimitiveInfoType {
+    uint32 resultLength;
+    Crypto_ServiceInfoType service;
+    Crypto_AlgorithmInfoType algorithm;
+} Crypto_PrimitiveInfoType;
+
+
+typedef struct Crypto_JobPrimitiveInfoType {
+    uint32 callbackId;
+    const Crypto_PrimitiveInfoType *primitiveInfo;
+    uint32 cryIfKeyId;
+    Crypto_ProcessingType processingType;
+    boolean callbackUpdateNotification;
+} Crypto_JobPrimitiveInfoType;
+
+
+typedef struct WOLFSSL_JOBTYPE {
+    uint32 jobId;
+    WOLFSSL_JOBSTATE jobState;
+    WOLFSSL_JOBIO    jobPrimitiveInputOutput;
+    const Crypto_JobPrimitiveInfoType* jobPrimitiveInfo;
+    const Crypto_JobInfoType* jobInfo;
+    Crypto_JobRedirectionInfoType* jobRedirectionInfoRef;
+} WOLFSSL_JOBTYPE;
+
+
+WOLFSSL_API void Csm_Init(const Csm_ConfigType* config);
+
+/* can be called before init, all else return WOLFSSL_CSM_E_UNINIT */
+WOLFSSL_API void Csm_GetVersionInfo(Std_VersionInfoType* version);
+
+WOLFSSL_API Std_ReturnType Csm_Decrypt(uint32 jobId,
+        Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+        uint8* resultPtr, uint32* resultLengthPtr);
+WOLFSSL_API Std_ReturnType Csm_Encrypt(uint32 jobId,
+        Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+        uint8* resultPtr, uint32* resultLengthPtr);
+WOLFSSL_API Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId,
+        const uint8* keyPtr, uint32 keyLength);
+WOLFSSL_API Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,
+        uint32* resultLengthPtr);
+WOLFSSL_LOCAL void ReportToDET(int err);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_AUTOSAR */
+#endif /* WOLFSSL_CSM_H */
+
diff --git a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
new file mode 100644
index 000000000..c06868a2d
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
@@ -0,0 +1,66 @@
+/* StandardTypes.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef WOLFSSL_AUTOSAR
+
+#ifndef WOLFSSL_STANDARDTYPES_H
+#define WOLFSSL_STANDARDTYPES_H
+#include <wolfssl/wolfcrypt/types.h>
+
+/* remap primitives */
+typedef byte   uint8;
+typedef byte   boolean;
+typedef word16 uint16;
+typedef word32 uint32;
+typedef word64 uint64;
+
+#ifndef TRUE
+    #define TRUE 1
+#endif
+#ifndef FALSE
+    #define FALSE 0
+#endif
+
+/* return types */
+typedef enum Std_ReturnType {
+    E_OK = 0x00,
+    E_NOT_OK = 0x01,
+    E_SMALL_BUFFER = 0x02,
+    E_ENTROPY_EXHAUSTION = 0x03,
+    E_KEY_READ_FAIL = 0x04,
+    E_KEY_NOT_AVAILABLE = 0x05,
+    E_KEY_NOT_VALID = 0x06,
+    E_JOB_CANCELED = 0x07,
+    E_KEY_EMPTY = 0x08
+} Std_ReturnType;
+
+
+typedef struct Std_VersionInfoType {
+    uint16 vendorID;
+    uint16 moduleID;
+    uint8 sw_major_version;
+    uint8 sw_minor_version;
+    uint8 sw_patch_version;
+} Std_VersionInfoType;
+#endif /* WOLFSSL_AUTOSAR */
+
+#endif /* WOLFSSL_STANDARDTYPES_H */
+
diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h
index 3f5174ebb..1bd6766d5 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_driver.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h
@@ -1,6 +1,6 @@
 /* caam_driver.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_error.h b/wolfssl/wolfcrypt/port/caam/caam_error.h
index abde9b56b..aa883e8dc 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_error.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_error.h
@@ -1,6 +1,6 @@
 /* caam_error.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_qnx.h b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
index 55d1fccd3..71cf57298 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
@@ -1,6 +1,6 @@
 /* caam_qnx.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam.h b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
index 6c96edc41..27eb44355 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
@@ -1,6 +1,6 @@
 /* wolfcaam.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,7 +36,7 @@
 
 #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
     defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SECO_CAAM) || \
-	defined(WOLFSSL_IMXRT1170_CAAM)
+        defined(WOLFSSL_IMXRT1170_CAAM)
 
 
 /* unique devId for CAAM use on crypto callbacks */
@@ -75,9 +75,9 @@ WOLFSSL_LOCAL int caamWriteToPartition(CAAM_ADDRESS addr, const unsigned char* i
 WOLFSSL_LOCAL int caamReadPartition(CAAM_ADDRESS addr, unsigned char* out, int outSz);
 
 WOLFSSL_API int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out,
-	word32* outSz);
+        word32* outSz);
 WOLFSSL_API int wc_caamCreateBlob(byte* data, word32 dataSz, byte* out,
-	word32* outSz);
+        word32* outSz);
 
 WOLFSSL_API int wc_caamOpenBlob_ex(byte* data, word32 dataSz, byte* out,
         word32* outSz, int type, byte* mod, word32 modSz);
@@ -97,7 +97,7 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz,
 #define WC_CAAM_MAX_ENTROPY 44
 
 #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SECO_CAAM) && \
-	!defined(WOLFSSL_IMXRT1170_CAAM)
+        !defined(WOLFSSL_IMXRT1170_CAAM)
     WOLFSSL_API int wc_caamSetResource(IODevice ioDev);
     #ifndef WC_CAAM_READ
         #define WC_CAAM_READ(reg)      wc_caamReadRegister((reg))
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
index 5ee9e7aa4..728405df0 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
@@ -1,6 +1,6 @@
 /* wolfcaam_aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
index b07fe19b1..cefad8f03 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
@@ -1,6 +1,6 @@
 /* wolfcaam_cmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
index 2943d7176..4287ccc98 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
@@ -1,6 +1,6 @@
 /* wolfcaam_ecdsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
index c1f136725..62a8f8aef 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
@@ -1,6 +1,6 @@
 /* wolfcaam_fsl_nxp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
index 07f176eb5..624f76449 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
@@ -1,6 +1,6 @@
 /* wolfcaam_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
index 6eee6b2c7..079a6cff5 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
@@ -1,6 +1,6 @@
 /* wolfcaam_qnx.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
index 032c1e8c4..e550573dc 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
@@ -1,6 +1,6 @@
 /* wolfcaam_rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
index d07c05492..b81c09f42 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
@@ -1,6 +1,6 @@
 /* wolfcaam_seco.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
index 67aa5aeab..15ba8e201 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
@@ -1,6 +1,6 @@
 /* wolfcaam_sha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
index b10b6c9d5..00ff3b27e 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
@@ -1,6 +1,6 @@
 /* wolfcaam_x25519.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
index 28fdd297a..ae7dab1fa 100644
--- a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
+++ b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
@@ -1,6 +1,6 @@
 /* cavium_octeon_sync.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
index c7df1f34f..61a8d3ec6 100644
--- a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+++ b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
@@ -1,6 +1,6 @@
 /* psoc6_crypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
index d2c73d142..3bc53d396 100644
--- a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
+++ b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
@@ -1,6 +1,6 @@
 /* wc_devcrypto.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
index 3e3411a1e..f567e8cfd 100644
--- a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
+++ b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
@@ -1,6 +1,6 @@
 /* quickassist_sync.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
index 8f452ce6a..12a2b4e79 100644
--- a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
+++ b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
@@ -1,6 +1,6 @@
 /* iotsafe.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -93,6 +93,11 @@ struct wc_IOTSAFE {
     word16 ecdh_keypair_slot;
     word16 peer_pubkey_slot;
     word16 peer_cert_slot;
+#elif (IOTSAFE_ID_SIZE == 4)
+    word32 privkey_id;
+    word32 ecdh_keypair_slot;
+    word32 peer_pubkey_slot;
+    word32 peer_cert_slot;
 #else
 #error "IOTSAFE: ID_SIZE not supported"
 #endif
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
index 7183c149d..9ecb4bd85 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
@@ -1,6 +1,6 @@
 /* kcapi_dh.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
index 31949a070..441f312ca 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
@@ -1,6 +1,6 @@
 /* kcapi_ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
index 1a4bbf877..bb44a65f2 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
@@ -1,6 +1,6 @@
 /* kcapi_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
index cfd841fe2..b5b65aad9 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
@@ -1,6 +1,6 @@
 /* kcapi_hmac.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
index 18a44576a..16d81d747 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
@@ -1,6 +1,6 @@
 /* kcapi_rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
index 3e5483c21..66c38b294 100644
--- a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
+++ b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
@@ -1,6 +1,6 @@
 /* wc_kcapi.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/liboqs/liboqs.h b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
new file mode 100644
index 000000000..a20273d38
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
@@ -0,0 +1,62 @@
+/* liboqs.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/port/liboqs/liboqs.h
+*/
+/*
+
+DESCRIPTION
+This library provides the support interfaces to the liboqs library providing
+implementations for Post-Quantum cryptography algorithms.
+*/
+
+#ifndef WOLF_CRYPT_LIBOQS_H
+#define WOLF_CRYPT_LIBOQS_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#if defined(HAVE_LIBOQS)
+
+#include "oqs/oqs.h"
+
+
+int wolfSSL_liboqsInit(void);
+
+void wolfSSL_liboqsClose(void);
+
+int wolfSSL_liboqsRngMutexLock(WC_RNG* rng);
+
+int wolfSSL_liboqsRngMutexUnlock(void);
+
+#endif /* HAVE_LIBOQS */
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_LIBOQS_H */
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
new file mode 100644
index 000000000..1b0977bb4
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
@@ -0,0 +1,73 @@
+/* max3266x-cryptocb.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+#define _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+
+#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+    defined(WOLF_CRYPTO_CB)
+#ifndef WOLFSSL_MAX3266X_DEVID
+    #define WOLFSSL_MAX3266X_DEVID 9
+#endif
+#define WC_USE_DEVID WOLFSSL_MAX3266X_DEVID
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#include <wolfssl/wolfcrypt/aes.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info,
+                                        void* ctx);
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+
+#ifdef HAVE_AES_DECRYPT
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#endif /* HAVE_AES_DECRYPT */
+
+
+    WOLFSSL_LOCAL int wc_MXC_Sha256Update(wc_MXC_Sha* sha256,
+                                            const unsigned char* data,
+                                            unsigned int len);
+    WOLFSSL_LOCAL int wc_MXC_Sha256Final(wc_MXC_Sha* sha256,
+                                            unsigned char* hash);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* (WOLFSSL_MAX3266X || WOLFSSL_MAX3266X_OLD) && WOLF_CRYPTO_CB) */
+#endif /* _WOLFPORT_MAX3266X_CRYPTO_CB_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h
new file mode 100644
index 000000000..4f02535bb
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h
@@ -0,0 +1,361 @@
+/* max3266x.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_H_
+#define _WOLFPORT_MAX3266X_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef WOLFSSL_MAX_HASH_SIZE
+    #define WOLFSSL_MAX_HASH_SIZE  64
+#endif
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+/* Some extra conditions when using callbacks */
+#if defined(WOLF_CRYPTO_CB)
+    #define MAX3266X_CB
+    #ifdef MAX3266X_MATH
+        #error Cannot have MAX3266X_MATH and MAX3266X_CB
+    #endif
+    #ifdef MAX3266X_SHA
+        #undef MAX3266X_SHA /* Turn Off Normal Sha Definition */
+        #define MAX3266X_SHA_CB /* Turn On Callback for SHA */
+    #endif
+#endif
+
+/* Default to all HW acceleration on unless specified in user_settings */
+#if !defined(MAX3266X_RNG) && !defined(MAX3266X_AES) && \
+        !defined(MAX3266X_AESGCM) && !defined(MAX3266X_SHA) && \
+        !defined(MAX3266X_MATH)
+    #define MAX3266X_RNG
+    #define MAX3266X_AES
+    #ifndef MAX3266X_CB
+        #define MAX3266X_SHA /* SHA is Supported, but need new definitions */
+        #define MAX3266X_MATH  /* MATH is not supported with callbacks */
+    #endif
+    #ifdef MAX3266X_CB
+        #define MAX3266X_SHA_CB /* Turn on Callback for SHA */
+    #endif
+#endif
+
+/* Crypto HW can be used in parallel on this device */
+/* Sets up new Mutexing if desired */
+#ifdef WOLFSSL_ALGO_HW_MUTEX
+    /* SDK only supports using RNG in parallel with crypto HW */
+    /* AES, HASH, and PK must share some mutex */
+    #define NO_AES_MUTEX
+    #define NO_HASH_MUTEX
+    #define NO_PK_MUTEX
+#endif /* WOLFSSL_ALGO_HW_MUTEX */
+
+#if defined(WOLFSSL_MAX3266X_OLD)
+    /* Support for older SDK API Maxim provides */
+
+    /* These are needed for older SDK */
+    #define TARGET MAX32665
+    #define TARGET_REV 0x4131
+    #include "mxc_sys.h"
+
+
+
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides TRNG Drivers */
+        #define MXC_TPU_TRNG_Read           TRNG_Read
+        #warning "TRNG Health Test not available in older Maxim SDK"
+        #define MXC_TRNG_HealthTest(...)    0
+    #endif
+    #if defined(MAX3266X_AES)
+        #include "cipher.h" /* Provides Drivers for AES */
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE      tpu_ciphersel_t
+        #define MXC_TPU_CIPHER_AES128    TPU_CIPHER_AES128
+        #define MXC_TPU_CIPHER_AES192    TPU_CIPHER_AES192
+        #define MXC_TPU_CIPHER_AES256    TPU_CIPHER_AES256
+
+        #define MXC_TPU_MODE_TYPE        tpu_modesel_t
+        #define MXC_TPU_MODE_ECB         TPU_MODE_ECB
+        #define MXC_TPU_MODE_CBC         TPU_MODE_CBC
+        #define MXC_TPU_MODE_CFB         TPU_MODE_CFB
+        #define MXC_TPU_MODE_CTR         TPU_MODE_CTR
+
+        /* AES Functions */
+        #define MXC_TPU_Cipher_Config       TPU_Cipher_Config
+        #define MXC_TPU_Cipher_AES_Encrypt  TPU_AES_Encrypt
+        #define MXC_TPU_Cipher_AES_Decrypt  TPU_AES_Decrypt
+
+    #endif
+    #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+        #include "hash.h"   /* Proivdes Drivers for SHA */
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE        tpu_hashfunsel_t
+        #define MXC_TPU_HASH_SHA1        TPU_HASH_SHA1
+        #define MXC_TPU_HASH_SHA224      TPU_HASH_SHA224
+        #define MXC_TPU_HASH_SHA256      TPU_HASH_SHA256
+        #define MXC_TPU_HASH_SHA384      TPU_HASH_SHA384
+        #define MXC_TPU_HASH_SHA512      TPU_HASH_SHA512
+
+        /* SHA Functions */
+        #define MXC_TPU_Hash_Config             TPU_Hash_Config
+        #define MXC_TPU_Hash_SHA                TPU_SHA
+
+    #endif
+    #if defined(MAX3266X_MATH)
+        #include "maa.h"    /* Provides Drivers for math acceleration for   */
+                            /* ECDSA and RSA Acceleration                   */
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     tpu_maa_clcsel_t
+        #define MXC_TPU_MAA_EXP      TPU_MAA_EXP
+        #define MXC_TPU_MAA_SQ       TPU_MAA_SQ
+        #define MXC_TPU_MAA_MUL      TPU_MAA_MUL
+        #define MXC_TPU_MAA_SQMUL    TPU_MAA_SQMUL
+        #define MXC_TPU_MAA_ADD      TPU_MAA_ADD
+        #define MXC_TPU_MAA_SUB      TPU_MAA_SUB
+
+        /* MAA Functions */
+        #define MXC_TPU_MAA_Compute      MAA_Compute
+        #define MXC_TPU_MAA_Shutdown     MAA_Shutdown
+        #define MXC_TPU_MAA_Init         MAA_Init
+        #define MXC_TPU_MAA_Reset        MAA_Reset
+
+    #endif
+
+    /* TPU Functions */
+    #define MXC_TPU_Init                SYS_TPU_Init
+    #define MXC_TPU_Shutdown            SYS_TPU_Shutdown
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+    #define MXC_SYS_PERIPH_CLOCK_TRNG   SYS_PERIPH_CLOCK_TRNG
+
+#else
+    /* Defaults to expect newer SDK */
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides Drivers for TRNG    */
+    #endif
+    #if defined(MAX3266X_AES) || defined(MAX3266X_SHA) || \
+                defined(MAX3266X_MATH) || defined(MAX3266X_RSA) || \
+                defined(MAX3266X_RNG)
+        #include "tpu.h"    /* SDK Drivers for the TPU unit         */
+                            /* Handles AES, SHA, and                */
+                            /* MAA driver to accelerate RSA/ECDSA   */
+
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE     mxc_tpu_ciphersel_t
+        #define MXC_TPU_MODE_TYPE       mxc_tpu_modesel_t
+
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE       mxc_tpu_hashfunsel_t
+
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     mxc_tpu_maa_clcsel_t
+
+
+    #endif
+
+#endif
+
+
+/* Provide Driver for RTC if specified, meant for wolfCrypt benchmark only */
+#if defined(MAX3266X_RTC)
+    #if defined(WOLFSSL_MAX3266X_OLD)
+       #error Not Implemented with old SDK
+    #endif
+    #include "time.h"
+    #include "rtc.h"
+    #define MXC_SECS_PER_MIN (60)
+    #define MXC_SECS_PER_HR  (60 * MXC_SECS_PER_MIN)
+    #define MXC_SECS_PER_DAY (24 * MXC_SECS_PER_HR)
+#endif
+
+/* Variable Definitions */
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_TPU_Shutdown(void);
+    /* Convert Errors to wolfCrypt Codes */
+    WOLFSSL_LOCAL int wc_MXC_error(int *ret);
+
+#ifdef MAX3266X_RTC
+    WOLFSSL_LOCAL int wc_MXC_RTC_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_RTC_Reset(void);
+    WOLFSSL_LOCAL double wc_MXC_RTC_Time(void);
+#endif
+
+#ifdef MAX3266X_VERBOSE
+    #ifndef DEBUG_WOLFSSL
+        #error Need "#define DEBUG_WOLFSSL" to do use "#define MAX3266X_VERBOSE"
+    #else
+        #define MAX3266X_MSG(...)   WOLFSSL_MSG(__VA_ARGS__)
+    #endif
+#else
+    #define MAX3266X_MSG(...)   /* Compile out Verbose MSGs */
+#endif
+
+#ifdef MAX3266X_RNG
+    WOLFSSL_LOCAL int wc_MXC_TRNG_Random(unsigned char* output,
+                                                unsigned int sz);
+#endif
+
+#ifdef MAX3266X_AES
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesEncrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#ifdef HAVE_AES_DECRYPT
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesDecrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+    /* Need to update this struct accordingly if other SHA Structs change */
+    /* This is a generic struct to use so only this is needed */
+
+    typedef struct {
+        unsigned char   *msg;
+        unsigned int    used;
+        unsigned int    size;
+    } wc_MXC_Sha;
+
+    #if !defined(NO_SHA)
+        /* Define the SHA digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = {
+            0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+            0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+            0xaf, 0xd8, 0x07, 0x09};
+    #endif /* NO_SHA */
+
+    #if defined(WOLFSSL_SHA224)
+        /* Define the SHA-224 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = {
+                0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
+                0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
+                0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
+                0xc5, 0xb3, 0xe4, 0x2f};
+    #endif /* WOLFSSL_SHA224 */
+
+    #if !defined(NO_SHA256)
+        /* Define the SHA-256 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = {
+                0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+                0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+                0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+                0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
+    #endif /* NO_SHA256 */
+
+    #if defined(WOLFSSL_SHA384)
+        /* Define the SHA-384 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = {
+            0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
+            0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
+            0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
+            0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
+            0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
+            0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b};
+    #endif /* WOLFSSL_SHA384 */
+
+    #if defined(WOLFSSL_SHA512)
+        /* Does not support these SHA512 Macros */
+        #ifndef WOLFSSL_NOSHA512_224
+            #warning "MAX3266X Port does not support SHA-512/224"
+            #define WOLFSSL_NOSHA512_224
+        #endif
+        #ifndef WOLFSSL_NOSHA512_256
+            #warning "MAX3266X Port does not support SHA-512/256"
+            #define WOLFSSL_NOSHA512_256
+        #endif
+
+        /* Define the SHA-512 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA512[64] = {
+            0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+            0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+            0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+            0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+            0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+            0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+            0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+            0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e};
+    #endif /* WOLFSSL_SHA512 */
+
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash,
+                                                const unsigned char* data,
+                                                unsigned int size);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst);
+    WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+
+
+#endif /* defined(MAX3266X_SHA) && !defined(WOLF_CRYPTO_CB) */
+
+#if defined(MAX3266X_MATH)
+    #define WOLFSSL_USE_HW_MP
+    /* Setup mapping to fallback if edge case is encountered */
+    #if defined(USE_FAST_MATH)
+        #define mxc_mod         fp_mod
+        #define mxc_addmod      fp_addmod
+        #define mxc_submod      fp_submod
+        #define mxc_mulmod      fp_mulmod
+        #define mxc_exptmod     fp_exptmod
+        #define mxc_sqrmod      fp_sqrmod
+    #elif defined(WOLFSSL_SP_MATH_ALL)
+        #define mxc_mod         sp_mod
+        #define mxc_addmod      sp_addmod
+        #define mxc_submod      sp_submod
+        #define mxc_mulmod      sp_mulmod
+        #define mxc_exptmod     sp_exptmod
+        #define mxc_sqrmod      sp_sqrmod
+    #else
+        #error Need to use WOLFSSL_SP_MATH_ALL
+    #endif
+
+#endif
+
+#ifdef __cplusplus
+    }
+#endif
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
+#endif /* _WOLFPORT_MAX3266X_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
index 0d8849f4f..cb7d15568 100644
--- a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
+++ b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
@@ -1,6 +1,6 @@
 /* maxq10xx.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -96,6 +96,7 @@ WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Copy(wc_Sha256* sha256);
 WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Free(wc_Sha256* sha256);
 WOLFSSL_LOCAL int wc_MAXQ10XX_EccSetKey(ecc_key* key, word32 keysize);
 WOLFSSL_LOCAL void wc_MAXQ10XX_EccFree(ecc_key* key);
+WOLFSSL_LOCAL int maxq10xx_random(byte* output, unsigned short sz);
 #endif /* WOLFSSL_MAXQ10XX_CRYPTO */
 
 #ifdef HAVE_PK_CALLBACKS
diff --git a/wolfssl/wolfcrypt/port/nrf51.h b/wolfssl/wolfcrypt/port/nrf51.h
index d93fd0d86..964f57939 100644
--- a/wolfssl/wolfcrypt/port/nrf51.h
+++ b/wolfssl/wolfcrypt/port/nrf51.h
@@ -1,6 +1,6 @@
 /* nrf51.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/dcp_port.h b/wolfssl/wolfcrypt/port/nxp/dcp_port.h
index 3d4c1fe93..d8b57aa06 100644
--- a/wolfssl/wolfcrypt/port/nxp/dcp_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/dcp_port.h
@@ -1,6 +1,6 @@
 /* dcp_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
index c272a9697..96c48419b 100644
--- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
@@ -1,6 +1,6 @@
 /* ksdk_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,13 +34,13 @@ int ksdk_port_init(void);
 
 /* software algorithm, by wolfcrypt */
 #if defined(FREESCALE_LTC_TFM)
-	int wolfcrypt_mp_mul(mp_int *A, mp_int *B, mp_int *C);
-	int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c);
-	int wolfcrypt_mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
-	int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c);
-	int wolfcrypt_mp_invmod(mp_int *a, mp_int *b, mp_int *c);
-	int wolfcrypt_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y);
-	int wolfcrypt_mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng);
+        int wolfcrypt_mp_mul(mp_int *A, mp_int *B, mp_int *C);
+        int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c);
+        int wolfcrypt_mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
+        int wolfcrypt_mp_mod(mp_int *a, mp_int *b, mp_int *c);
+        int wolfcrypt_mp_invmod(mp_int *a, mp_int *b, mp_int *c);
+        int wolfcrypt_mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y);
+        int wolfcrypt_mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng);
 
     /* Exported mp_mulmod function */
     int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
@@ -48,40 +48,40 @@ int ksdk_port_init(void);
 #endif /* FREESCALE_LTC_TFM */
 
 #if defined(FREESCALE_LTC_ECC)
-	#include "fsl_ltc.h"
+        #include "fsl_ltc.h"
 
-	typedef enum _fsl_ltc_ecc_coordinate_system
-	{
-	    kLTC_Weierstrass = 0U, /*< Point coordinates on an elliptic curve in Weierstrass form */
-	    kLTC_Curve25519 = 1U,  /*< Point coordinates on an Curve25519 elliptic curve in Montgomery form */
-	    kLTC_Ed25519 = 2U,     /*< Point coordinates on an Ed25519 elliptic curve in twisted Edwards form */
-	} fsl_ltc_ecc_coordinate_system_t;
+        typedef enum _fsl_ltc_ecc_coordinate_system
+        {
+            kLTC_Weierstrass = 0U, /*< Point coordinates on an elliptic curve in Weierstrass form */
+            kLTC_Curve25519 = 1U,  /*< Point coordinates on an Curve25519 elliptic curve in Montgomery form */
+            kLTC_Ed25519 = 2U,     /*< Point coordinates on an Ed25519 elliptic curve in twisted Edwards form */
+        } fsl_ltc_ecc_coordinate_system_t;
 
-	int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m);
+        int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m);
 
-	#ifdef HAVE_CURVE25519
-		int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
-		const ECPoint *nxp_ltc_curve25519_GetBasePoint(void);
-		status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
-		status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
-		status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);
-	#endif
+        #ifdef HAVE_CURVE25519
+                int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type);
+                const ECPoint *nxp_ltc_curve25519_GetBasePoint(void);
+                status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
+                status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
+                status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint);
+        #endif
 
-	#ifdef HAVE_ED25519
-		status_t LTC_PKHA_Ed25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
-		status_t LTC_PKHA_WeierstrassToEd25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
-		status_t LTC_PKHA_Ed25519_PointMul(const ltc_pkha_ecc_point_t *ltcPointIn,
-		                                   const uint8_t *N,
-		                                   size_t sizeN,
-		                                   ltc_pkha_ecc_point_t *ltcPointOut,
-		                                   fsl_ltc_ecc_coordinate_system_t typeOut);
-		const ltc_pkha_ecc_point_t *LTC_PKHA_Ed25519_BasePoint(void);
-		status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey, size_t pubKeySize, ltc_pkha_ecc_point_t *ltcPointOut);
-		status_t LTC_PKHA_sc_reduce(uint8_t *a);
-		status_t LTC_PKHA_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c);
-		status_t LTC_PKHA_SignatureForVerify(uint8_t *rcheck, const unsigned char *a, const unsigned char *b, ed25519_key *key);
-		status_t LTC_PKHA_Ed25519_Compress(const ltc_pkha_ecc_point_t *ltcPointIn, uint8_t *p);
-	#endif
+        #ifdef HAVE_ED25519
+                status_t LTC_PKHA_Ed25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
+                status_t LTC_PKHA_WeierstrassToEd25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut);
+                status_t LTC_PKHA_Ed25519_PointMul(const ltc_pkha_ecc_point_t *ltcPointIn,
+                                                   const uint8_t *N,
+                                                   size_t sizeN,
+                                                   ltc_pkha_ecc_point_t *ltcPointOut,
+                                                   fsl_ltc_ecc_coordinate_system_t typeOut);
+                const ltc_pkha_ecc_point_t *LTC_PKHA_Ed25519_BasePoint(void);
+                status_t LTC_PKHA_Ed25519_PointDecompress(const uint8_t *pubkey, size_t pubKeySize, ltc_pkha_ecc_point_t *ltcPointOut);
+                status_t LTC_PKHA_sc_reduce(uint8_t *a);
+                status_t LTC_PKHA_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c);
+                status_t LTC_PKHA_SignatureForVerify(uint8_t *rcheck, const unsigned char *a, const unsigned char *b, ed25519_key *key);
+                status_t LTC_PKHA_Ed25519_Compress(const ltc_pkha_ecc_point_t *ltcPointIn, uint8_t *p);
+        #endif
 
 #endif /* FREESCALE_LTC_ECC */
 
diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h
index ffda88fc9..9e2d18bc2 100644
--- a/wolfssl/wolfcrypt/port/nxp/se050_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h
@@ -1,6 +1,6 @@
 /* se050_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -155,13 +155,14 @@ WOLFSSL_LOCAL void se050_aes_free(struct Aes* aes);
 struct WC_RNG;
 struct ecc_key;
 
+#ifdef HAVE_ECC
 WOLFSSL_LOCAL int se050_ecc_use_key_id(struct ecc_key* key, word32 keyId);
 WOLFSSL_LOCAL int se050_ecc_get_key_id(struct ecc_key* key, word32* keyId);
 WOLFSSL_LOCAL int se050_ecc_sign_hash_ex(const byte* in, word32 inLen,
-    mp_int* r, mp_int* s, byte* out, word32 *outLen, struct ecc_key* key);
+    MATH_INT_T* r, MATH_INT_T* s, byte* out, word32 *outLen, struct ecc_key* key);
 
 WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen,
-    mp_int* r, mp_int* s, struct ecc_key* key, int* res);
+    MATH_INT_T* r, MATH_INT_T* s, struct ecc_key* key, int* res);
 
 WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id,
     int keySize);
diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
index 46f3c04ac..4607dfaff 100644
--- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
+++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
@@ -1,6 +1,6 @@
 /* pic32mz-crypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/psa/psa.h b/wolfssl/wolfcrypt/port/psa/psa.h
index 886d823a6..60691ab2e 100644
--- a/wolfssl/wolfcrypt/port/psa/psa.h
+++ b/wolfssl/wolfcrypt/port/psa/psa.h
@@ -1,6 +1,6 @@
 /* psa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -44,13 +44,6 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-/* PSA implementation takes over the Sha struct and Sha functions implementation
-   completely. Devoiding the struct of the DevId field and hooks to make
-   crypto_cb work. */
-#if !defined(WOLFSSL_PSA_NO_HASH) && defined(WOLF_CRYPTO_CB)
-#error "WOLFSSL PSA is not supported with WOLF_CRYPTO_CB"
-#endif
-
 #if defined(WOLFSSL_HAVE_PSA)
 
 #include <psa/crypto.h>
diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
new file mode 100644
index 000000000..e80228f5e
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
@@ -0,0 +1,436 @@
+/* riscv-64-asm.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLF_CRYPT_RISCV_64_ASM_H
+#define WOLF_CRYPT_RISCV_64_ASM_H
+
+#ifdef WOLFSSL_RISCV_ASM
+
+#define ASM_WORD(i) \
+    ".word    " #i "\n\t"
+
+
+#define REG_X0      0
+#define REG_X1      1
+#define REG_X2      2
+#define REG_X3      3
+#define REG_X4      4
+#define REG_X5      5
+#define REG_X6      6
+#define REG_X7      7
+#define REG_X8      8
+#define REG_X9      9
+#define REG_X10     10
+#define REG_X11     11
+#define REG_X12     12
+#define REG_X13     13
+#define REG_X14     14
+#define REG_X15     15
+#define REG_X16     16
+#define REG_X17     17
+#define REG_X18     18
+#define REG_X19     19
+#define REG_X20     20
+#define REG_X21     21
+#define REG_X22     22
+#define REG_X23     23
+#define REG_X24     24
+#define REG_X25     25
+#define REG_X26     26
+#define REG_X27     27
+#define REG_X28     28
+#define REG_X29     29
+#define REG_X30     30
+#define REG_X31     31
+
+#define REG_ZERO    REG_X0
+#define REG_RA      REG_X1
+#define REG_SP      REG_X2
+#define REG_GP      REG_X3
+#define REG_TP      REG_X4
+#define REG_T0      REG_X5
+#define REG_T1      REG_X6
+#define REG_T2      REG_X7
+#define REG_S0      REG_X8
+#define REG_FP      REG_X8
+#define REG_S1      REG_X9
+#define REG_A0      REG_X10
+#define REG_A1      REG_X11
+#define REG_A2      REG_X12
+#define REG_A3      REG_X13
+#define REG_A4      REG_X14
+#define REG_A5      REG_X15
+#define REG_A6      REG_X16
+#define REG_A7      REG_X17
+#define REG_S2      REG_X18
+#define REG_S3      REG_X19
+#define REG_S4      REG_X20
+#define REG_S5      REG_X21
+#define REG_S6      REG_X22
+#define REG_S7      REG_X23
+#define REG_S8      REG_X24
+#define REG_S9      REG_X25
+#define REG_S10     REG_X26
+#define REG_S11     REG_X27
+#define REG_T3      REG_X28
+#define REG_T4      REG_X29
+#define REG_T5      REG_X30
+#define REG_T6      REG_X31
+
+#define REG_V0      0
+#define REG_V1      1
+#define REG_V2      2
+#define REG_V3      3
+#define REG_V4      4
+#define REG_V5      5
+#define REG_V6      6
+#define REG_V7      7
+#define REG_V8      8
+#define REG_V9      9
+#define REG_V10     10
+#define REG_V11     11
+#define REG_V12     12
+#define REG_V13     13
+#define REG_V14     14
+#define REG_V15     15
+#define REG_V16     16
+#define REG_V17     17
+#define REG_V18     18
+#define REG_V19     19
+#define REG_V20     20
+#define REG_V21     21
+#define REG_V22     22
+#define REG_V23     23
+#define REG_V24     24
+#define REG_V25     25
+#define REG_V26     26
+#define REG_V27     27
+#define REG_V28     28
+#define REG_V29     29
+#define REG_V30     30
+#define REG_V31     31
+
+
+#ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+/* Reverse bytes in 64-bit register. */
+#define REV8(rd, rs)                                        \
+    ASM_WORD((0b011010111000 << 20) | (0b101 << 12) |       \
+             (0b0010011 << 0) |                             \
+             (rs << 15) | (rd << 7))
+
+/* Rotate right 32-bit register 5-bit value. */
+#define RORIW(rd, rs, imm)                                  \
+    ASM_WORD((0b0110000 << 25) | (0b101 << 12) |            \
+             (0b0011011 << 0) |                             \
+             (imm << 20) | (rs << 15) | (rd << 7))
+
+/* Rotate right 64-bit register 7-bit value. */
+#define RORI(rd, rs, imm)                                   \
+    ASM_WORD((0b01100 << 27) | (0b101 << 12) |              \
+             (0b0010011 << 0) |                             \
+             ((imm) << 20) | ((rs) << 15) | ((rd) << 7))
+
+/* rs1 and not rs2 into rd. */
+#define ANDN(rd, rs1, rs2)                                  \
+    ASM_WORD((0b0100000 << 25) | (0b111 << 12) |            \
+             (0b0110011 << 0) |                             \
+             ((rs2) << 20) | ((rs1) << 15) | ((rd) << 7))
+
+
+/* rd = rs1[0..31] | rs2[0..31]. */
+#define PACK(rd, rs1, rs2)                                     \
+    ASM_WORD((0b0000100 << 25) | (0b100 << 12) | 0b0110011 |   \
+             (rs2 << 20) | (rs1 << 15) | (rd << 7))
+
+#endif /* WOLFSSL_RISCV_BASE_BIT_MANIPULATION */
+
+#ifdef WOLFSSL_RISCV_BIT_MANIPULATION_TERNARY
+
+/* rd = (rs1|rs3 >> imm)[0..63] */
+#define FSRI(rd, rs1, rs3, imm)                                     \
+    ASM_WORD((0b1 << 26) | (0b101 << 12) | (0b0110011 << 0) |       \
+             (rs3 << 27) | (imm << 20) | (rs1 << 15) | (rd << 7))
+
+#endif
+
+/*
+ * Load and store
+ */
+
+/* 64-bit width when loading. */
+#define WIDTH_64  0b111
+/* 32-bit width when loading. */
+#define WIDTH_32  0b110
+
+
+#define VLSEG_V(vd, rs1, cnt, width) \
+    ASM_WORD(0b0000111 | (width << 12) | (0b10101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Load 8 Vector registers' 64-bit element. */
+#define VLSEG8E64_V(vd, rs1)  VLSEG_V(vd, rs1, 8, WIDTH_64)
+/* Load 1 Vector register's 64-bit element. */
+#define VLSEG1E64_V(vd, rs1)  VLSEG_V(vd, rs1, 1, WIDTH_64)
+
+#define VSSEG_V(vd, rs1, cnt, width) \
+    ASM_WORD(0b0100111 | (width << 12) | (0b10101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Store 8 Vector registers' 64-bit element. */
+#define VSSEG8E64_V(vd, rs1)  VSSEG_V(vd, rs1, 8, WIDTH_64)
+/* Store 1 Vector register's 64-bit element. */
+#define VSSEG1E64_V(vd, rs1)  VSSEG_V(vd, rs1, 1, WIDTH_64)
+
+/* Load n Vector registers with width-bit components. */
+#define VLRE_V(vd, rs1, cnt, width)                             \
+    ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Load 1 Vector register with 64-bit components. */
+#define VL1RE64_V(vd, rs1)  VLRE_V(vd, rs1, 1, WIDTH_64)
+/* Load 2 Vector register with 64-bit components. */
+#define VL2RE64_V(vd, rs1)  VLRE_V(vd, rs1, 2, WIDTH_64)
+/* Load 4 Vector register with 64-bit components. */
+#define VL4RE64_V(vd, rs1)  VLRE_V(vd, rs1, 4, WIDTH_64)
+/* Load 8 Vector register with 64-bit components. */
+#define VL8RE64_V(vd, rs1)  VLRE_V(vd, rs1, 8, WIDTH_64)
+/* Load 1 Vector register with 32-bit components. */
+#define VL1RE32_V(vd, rs1)  VLRE_V(vd, rs1, 1, WIDTH_32)
+/* Load 2 Vector register with 32-bit components. */
+#define VL2RE32_V(vd, rs1)  VLRE_V(vd, rs1, 2, WIDTH_32)
+/* Load 4 Vector register with 32-bit components. */
+#define VL4RE32_V(vd, rs1)  VLRE_V(vd, rs1, 4, WIDTH_32)
+/* Load 8 Vector register with 32-bit components. */
+#define VL8RE32_V(vd, rs1)  VLRE_V(vd, rs1, 8, WIDTH_32)
+
+/* Store n Vector register. */
+#define VSR_V(vs3, rs1, cnt)                                    \
+    ASM_WORD(0b0100111 | (0b00101000 << 20) | (0 << 28) |       \
+        ((cnt-1) << 29) | (vs3 << 7) | (rs1 << 15))
+/* Store 1 Vector register. */
+#define VS1R_V(vs3, rs1)    VSR_V(vs3, rs1, 1)
+/* Store 2 Vector register. */
+#define VS2R_V(vs3, rs1)    VSR_V(vs3, rs1, 2)
+/* Store 4 Vector register. */
+#define VS4R_V(vs3, rs1)    VSR_V(vs3, rs1, 4)
+/* Store 8 Vector register. */
+#define VS8R_V(vs3, rs1)    VSR_V(vs3, rs1, 8)
+
+/* Move from vector register to vector register. */
+#define VMV_V_V(vd, vs1)                                        \
+    ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) |   \
+        (0b010111 << 26) | ((vd) << 7) | ((vs1) << 15))
+/* Splat register to each component of the vector register. */
+#define VMV_V_X(vd, rs1)                                        \
+    ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) |   \
+        (0b010111 << 26) | ((vd) << 7) | ((rs1) << 15))
+/* Splat immediate to each component of the vector register. */
+#define VMV_V_I(vd, imm)                                        \
+    ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
+        (0b010111 << 26) | ((vd) << 7) | ((imm) << 15))
+/* Move n vector registers to vector registers. */
+#define VMVR_V(vd, vs2, n)                                      \
+    ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
+        (0b100111 << 26) | ((vd) << 7) | ((n-1) << 15) |        \
+        ((vs2) << 20))
+
+
+/*
+ * Logic
+ */
+
+/* vd = vs2 << rs1 */
+#define VSLL_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
+/* vd = vs2 << uimm */
+#define VSLL_VI(vd, vs2, uimm)                      \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (uimm << 15) | (vs2 << 20))
+/* vd = vs2 >> rs1 */
+#define VSRL_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
+/* vd = vs2 >> uimm */
+#define VSRL_VI(vd, vs2, uimm)                      \
+    ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (uimm << 15) | (vs2 << 20))
+
+
+/*
+ * Arithmetic
+ */
+
+/* vd = vs2 + [i,] */
+#define VADD_VI(vd, vs2, i)                         \
+    ASM_WORD((0b000000 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (i << 15) | (vs2 << 20))
+/* vd = vs1 + vs2 */
+#define VADD_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b000000 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+/* vd = vs1 ^ vs2 */
+#define VXOR_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+/* vd = imm ^ vs2 */
+#define VXOR_VI(vd, vs2, imm)                       \
+    ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (imm << 15) | (vs2 << 20))
+/* vd = ~vs */
+#define VNOT_V(vd, vs)  VXOR_VI(vd, vs, 0b11111)
+
+/* vd = vs1 & vs2 */
+#define VAND_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b001001 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+/* vd = vs1 & rs2 */
+#define VAND_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b001001 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
+/* vd = vs1 | vs2 */
+#define VOR_VV(vd, vs1, vs2)                        \
+    ASM_WORD((0b001010 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (vs1 << 15) | (vs2 << 20))
+
+
+/* vd = LOW(vs1 * vs2) */
+#define VMUL_VV(vd, vs1, vs2)                       \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+/* vd = HIGH(vs1 * vs2) - unsigned * unsigned */
+#define VMULHU_VV(vd, vs1, vs2)                     \
+    ASM_WORD((0b100100 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+
+#define VMERGE_VVM(vd, vs2, vs1)                    \
+    ASM_WORD((0b010111 << 26) | (0b0 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+
+
+/*
+ * Permute
+ */
+
+/* x[rd] = vs2[0] */
+#define VMV_X_S(rd, vs2)                            \
+    ASM_WORD((0b010000 << 26) | (0b1 << 25) |       \
+             (0b010 << 12) | (0b1010111 << 0) |     \
+             ((rd) << 7) | ((vs2) << 20))
+
+/* vd[0] = x[rs1] */
+#define VMV_S_X(vd, rs1)                            \
+    ASM_WORD((0b010000 << 26) | (0b1 << 25) |       \
+             (0b110 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((rs1) << 15))
+
+/* vd[shift..max] = vs2[0..max-shift]
+ * Sliding up doesn't change bottom part of destination.
+ */
+#define VSLIDEUP_VI(vd, vs2, shift)                 \
+    ASM_WORD((0b001110 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((shift) << 15) | ((vs2) << 20))
+
+/* vd[0..max-shift] = vs2[shift..max]
+ * Sliding down change top part of destination.
+ */
+#define VSLIDEDOWN_VI(vd, vs2, shift)               \
+    ASM_WORD((0b001111 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((shift) << 15) | ((vs2) << 20))
+
+/* vd[i] = vs1[vs2[i]] */
+#define VRGATHER_VV(vd, vs1, vs2)                   \
+    ASM_WORD((0b001100 << 26) | (0b1 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             ((vd) << 7) | ((vs1) << 15) | ((vs2) << 20))
+
+#define VID_V(vd)                                   \
+    ASM_WORD((0b010100 << 26) | (0b1 << 25) | (0b00000 << 20) |   \
+             (0b10001 << 15) | (0b010 << 12) |      \
+             (0b1010111 << 0) | ((vd) << 7))
+
+
+/*
+ * Setting options.
+ */
+
+/* Set the options of vector instructions. */
+#define VSETIVLI(rd, n, vma, vta, vsew, vlmul) \
+    ASM_WORD((0b11 << 30) | (0b111 << 12) | (0b1010111 << 0) |  \
+             (rd << 7) | (n << 15) | (vma << 27) |              \
+             (vta << 26) | (vsew << 23) | (vlmul << 20))
+
+
+#if defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) || \
+    defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM)
+
+/*
+ * Vector Bit Manipulation
+ */
+
+/* Reverse order of bytes in words of vector register. */
+#define VREV8(vd, vs2) \
+    ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \
+             (0b010 << 12) | (0b1010111 << 0) |                \
+             (vs2 << 20) | (vd << 7))
+
+/* Rotate left bits of vector register. */
+#define VROL_VX(vd, vs2, rs) \
+    ASM_WORD((0b010101 << 26) | (0b1 << 25) | (0b100 << 12) |    \
+             (0b1010111 << 0) |                                  \
+             (vs2 << 20) | (rs << 15) | (vd << 7))
+
+/* Rotate right bits of vector register. */
+#define VROR_VI(vd, imm, vs2) \
+    ASM_WORD((0b01010 << 27) | (0b1 << 25) | (0b011 << 12) |    \
+             (0b1010111 << 0) | ((imm >> 5) << 26) |            \
+             (vs2 << 20) | ((imm & 0x1f) << 15) | (vd << 7))
+
+/* Vector ANDN - vd = ~vs1 & vs2. */
+#define VANDN_VV(vd, vs1, vs2) \
+    ASM_WORD((0b000001 << 26) | (0b1 << 25) | (0b000 << 12) |    \
+             (0b1010111 << 0) |                                  \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+#endif /* WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION ||
+        * WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
+
+#endif /* WOLFSSL_RISCV_ASM */
+
+#endif /* WOLF_CRYPT_RISCV_64_ASM_H */
+
diff --git a/wolfssl/wolfcrypt/port/rpi_pico/pico.h b/wolfssl/wolfcrypt/port/rpi_pico/pico.h
new file mode 100644
index 000000000..f43e371bf
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/rpi_pico/pico.h
@@ -0,0 +1,29 @@
+/* pico.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_RPIPICO_H_
+#define _WOLFPORT_RPIPICO_H_
+#if defined(WOLFSSL_RPIPICO)
+
+WOLFSSL_LOCAL int wc_pico_rng_gen_block(unsigned char* output, unsigned int sz);
+
+#endif /* WOLFSSL_RPPICO */
+#endif /* _WOLFPORT_RPIPICO_H_ */
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
index a6d39dbbd..ae5164b3e 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
@@ -1,6 +1,6 @@
 /* silabs_aes.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
index 43cd0f097..aa4eb7642 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
@@ -1,6 +1,6 @@
 /* silabs_ecc.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
index de502a9ba..3d9f85ed3 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
@@ -1,6 +1,6 @@
 /* silabs_hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_random.h b/wolfssl/wolfcrypt/port/silabs/silabs_random.h
index 280ef44d5..465f6643b 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_random.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_random.h
@@ -1,6 +1,6 @@
 /* silabs_random.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h
index 446663041..48c4e3e78 100644
--- a/wolfssl/wolfcrypt/port/st/stm32.h
+++ b/wolfssl/wolfcrypt/port/st/stm32.h
@@ -1,6 +1,6 @@
 /* stm32.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,13 +35,20 @@
 #ifdef HASH_DIGEST
     /* The HASH_DIGEST register indicates SHA224/SHA256 support */
     #define STM32_HASH_SHA2
-    #if defined(WOLFSSL_STM32H5)
+    #if defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13)
         #define HASH_CR_SIZE    103
         #define HASH_MAX_DIGEST 64 /* Up to SHA512 */
     #else
         #define HASH_CR_SIZE    54
         #define HASH_MAX_DIGEST 32
     #endif
+    #if defined(WOLFSSL_STM32MP13)
+        #define STM32_HASH_SHA512
+        #define STM32_HASH_SHA512_224
+        #define STM32_HASH_SHA512_256
+        #define STM32_HASH_SHA384
+        #define STM32_HASH_SHA3
+    #endif
 #else
     #define HASH_CR_SIZE    50
     #define HASH_MAX_DIGEST 20
@@ -69,28 +76,16 @@
 
 /* STM32 register size in bytes */
 #define STM32_HASH_REG_SIZE  4
-#define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */
-
-#if (defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \
-    defined(WOLFSSL_STM32H7)) && !defined(NO_STM32_HASH_FIFO_WORKAROUND)
-    /* workaround for hash FIFO to write one extra to finalize */
-    /* RM: Message Data Feeding: Data are entered into the HASH
-     * one 32-bit word at a time, by writing them into the HASH_DIN register.
-     * The current contents of the HASH_DIN register are transferred to the
-     * 16 words input FIFO each time the register is written with new data.
-     * Hence HASH_DIN and the FIFO form a seventeen 32-bit words length FIFO. */
-    #undef  STM32_HASH_BUFFER_SIZE
-    #define STM32_HASH_BUFFER_SIZE 17
-
-    #undef  STM32_HASH_FIFO_WORKAROUND
-    #define STM32_HASH_FIFO_WORKAROUND
+/* Maximum FIFO buffer is 64 bits for SHA256, 128 bits for SHA512 and 144 bits
+ * for SHA3 */
+#if defined(STM32_HASH_SHA3)
+    #define STM32_HASH_FIFO_SIZE 36
+#elif defined(STM32_HASH_SHA512) || defined(STM32_HASH_SHA384)
+    #define STM32_HASH_FIFO_SIZE 32
+#else
+    #define STM32_HASH_FIFO_SIZE 16
 #endif
 
-#ifndef STM32_HASH_BUFFER_SIZE
-#define STM32_HASH_BUFFER_SIZE STM32_HASH_FIFO_SIZE
-#endif
-
-
 /* STM32 Hash Context */
 typedef struct {
     /* Context switching registers */
@@ -98,15 +93,16 @@ typedef struct {
     uint32_t HASH_STR;
     uint32_t HASH_CR;
     uint32_t HASH_CSR[HASH_CR_SIZE];
+#ifdef STM32_HASH_SHA3
+    uint32_t SHA3CFGR;
+#endif
 
     /* Hash state / buffers */
-    word32 buffer[STM32_HASH_BUFFER_SIZE]; /* partial word buffer */
+    word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */
     word32 buffLen; /* partial word remain */
     word32 loLen;   /* total update bytes
                  (only lsb 6-bits is used for nbr valid bytes in last word) */
-#ifdef STM32_HASH_FIFO_WORKAROUND
-    int    fifoBytes; /* number of currently filled FIFO bytes */
-#endif
+    word32 fifoBytes; /* number of currently filled FIFO bytes */
 } STM32_HASH_Context;
 
 
@@ -122,11 +118,29 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
 
 #ifdef STM32_CRYPTO
 
+#if defined(WOLFSSL_STM32MP13)
+    #define RNG RNG1
+    #define CRYP CRYP1
+    #define hcryp hcryp1
+    #define FORMAT_BIN RTC_FORMAT_BIN
+    #define __HAL_RCC_RNG_CLK_ENABLE __HAL_RCC_RNG1_CLK_ENABLE
+    #define __HAL_RCC_HASH_CLK_ENABLE __HAL_RCC_HASH1_CLK_ENABLE
+    #define __HAL_RCC_HASH_CLK_DISABLE __HAL_RCC_HASH1_CLK_DISABLE
+    /* From stm32_hal_legacy.h, but that header has a bug in it */
+    #define HASH_AlgoSelection_MD5       HASH_ALGOSELECTION_MD5
+    #define HASH_AlgoSelection_SHA1      HASH_ALGOSELECTION_SHA1
+    #define HASH_AlgoSelection_SHA224    HASH_ALGOSELECTION_SHA224
+    #define HASH_AlgoSelection_SHA256    HASH_ALGOSELECTION_SHA256
+
+    #define STM32_NOMD5 /* The HASH HAL has no MD5 implementation */
+#endif
+
 #ifndef NO_AES
     #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \
             defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \
             defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \
-            defined(WOLFSSL_STM32U5))
+            defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \
+            defined(WOLFSSL_STM32MP13))
         /* Hardware supports AES GCM acceleration */
         #define STM32_CRYPTO_AES_GCM
     #endif
@@ -141,10 +155,14 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
         #define STM32_HAL_V2
     #endif
     #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
-        defined(WOLFSSL_STM32U5)
+        defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5)
         #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5)
             #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
         #endif
+        #if defined(WOLFSSL_STM32H5)
+            #define __HAL_RCC_CRYP_CLK_DISABLE  __HAL_RCC_AES_CLK_DISABLE
+            #define __HAL_RCC_CRYP_CLK_ENABLE   __HAL_RCC_AES_CLK_ENABLE
+        #endif
         #define CRYP AES
         #ifndef CRYP_AES_GCM
             #define CRYP_AES_GCM CRYP_AES_GCM_GMAC
@@ -155,7 +173,8 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     #if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \
         (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || \
          defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5)) || \
-         defined(WOLFSSL_STM32H5)
+         defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13) || \
+         defined(WOLFSSL_STM32H7S)
         #define STM32_HAL_V2
     #endif
 
diff --git a/wolfssl/wolfcrypt/port/st/stsafe.h b/wolfssl/wolfcrypt/port/st/stsafe.h
index d8e11d351..eb429f4c2 100644
--- a/wolfssl/wolfcrypt/port/st/stsafe.h
+++ b/wolfssl/wolfcrypt/port/st/stsafe.h
@@ -1,6 +1,6 @@
 /* stsafe.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
index c23790602..9b8563da1 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-ccm.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
@@ -1,6 +1,6 @@
 /* port/ti/ti_ccm.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h
index 1395e769d..8fef5d8b6 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-hash.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h
@@ -1,6 +1,6 @@
 /* port/ti/ti-hash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
index 433b73abe..7cf52dbf5 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
@@ -1,6 +1,6 @@
 /* xil-sha3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,7 +35,7 @@
 #endif
 
 /* Sha3 digest */
-typedef struct Sha3 {
+typedef struct wc_Sha3 {
 #ifdef WOLFSSL_XILINX_CRYPT_VERSAL
     wc_Xsecure xSec;
 #else
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
index 41203c2b4..043ebf418 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
@@ -1,6 +1,6 @@
 /* xil-versal-glue.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
index 201531570..538c34924 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
@@ -1,6 +1,6 @@
 /* xil-versal-trng.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h
index fb75f4493..9013401f1 100644
--- a/wolfssl/wolfcrypt/pwdbased.h
+++ b/wolfssl/wolfcrypt/pwdbased.h
@@ -1,6 +1,6 @@
 /* pwdbased.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,6 +35,10 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_PBKDF_sanity(void);
+#endif
 /*
  * hashType renamed to typeH to avoid shadowing global declaration here:
  * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 8cd599bdd..3b4533e0d 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -1,6 +1,6 @@
 /* random.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,7 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -39,6 +38,11 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_DRBG_sanity(void);
+#endif
+
  /* Maximum generate block length */
 #ifndef RNG_MAX_BLOCK_LEN
     #ifdef HAVE_INTEL_QA
@@ -205,7 +209,10 @@ WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 #endif /* HAVE_WNR */
 
 
-WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap);
+WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz,
+                                           void* heap);
+WOLFSSL_API int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz,
+                              void* heap, int devId);
 WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG* rng);
 
 
@@ -239,8 +246,8 @@ WOLFSSL_API int  wc_FreeRng(WC_RNG* rng);
 #endif
 
 #ifdef HAVE_HASHDRBG
-    WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
-                                        word32 entropySz);
+    WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
+                                       word32 entropySz);
     WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
     WOLFSSL_API int wc_RNG_HealthTest(int reseed,
                                         const byte* entropyA, word32 entropyASz,
diff --git a/wolfssl/wolfcrypt/rc2.h b/wolfssl/wolfcrypt/rc2.h
index 2d1950e75..22eb58111 100644
--- a/wolfssl/wolfcrypt/rc2.h
+++ b/wolfssl/wolfcrypt/rc2.h
@@ -1,6 +1,6 @@
 /* rc2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ripemd.h b/wolfssl/wolfcrypt/ripemd.h
index 3e1d5b41a..54ede0dbe 100644
--- a/wolfssl/wolfcrypt/ripemd.h
+++ b/wolfssl/wolfcrypt/ripemd.h
@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index acdc3bb79..a01e18d9f 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,11 +58,6 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
     #define NO_RSA_BOUNDS_CHECK
 #endif
 
-/* allow for user to plug in own crypto */
-#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
-    #include "user_rsa.h"
-#else
-
 #include <wolfssl/wolfcrypt/wolfmath.h>
 #include <wolfssl/wolfcrypt/random.h>
 
@@ -102,8 +97,17 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_rsa_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_RSA_sanity(void);
+#endif
+
 #ifndef RSA_MIN_SIZE
-#define RSA_MIN_SIZE 512
+    #if defined(HAVE_WOLFENGINE) || defined(HAVE_WOLFPROVIDER)
+        #define RSA_MIN_SIZE 1024
+    #else
+        #define RSA_MIN_SIZE 2048
+    #endif
 #endif
 
 #ifndef RSA_MAX_SIZE
@@ -141,6 +145,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
     #endif
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    #define WC_RSA_FIPS_GEN_MIN 2048
+    #define WC_RSA_FIPS_SIG_MIN (WC_RSA_FIPS_GEN_MIN/8)
+#endif
+
 enum {
     RSA_PUBLIC   = 0,
     RSA_PRIVATE  = 1,
@@ -160,8 +169,12 @@ enum {
     RSA_PSS_SALT_MAX_SZ = 62,
 
 #ifdef OPENSSL_EXTRA
-    RSA_PKCS1_PADDING_SIZE = 11,
-    RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+    WC_RSA_PKCS1_PADDING_SIZE = 11,
+    WC_RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+    #ifndef OPENSSL_COEXIST
+        #define RSA_PKCS1_PADDING_SIZE WC_RSA_PKCS1_PADDING_SIZE
+        #define RSA_PKCS1_OAEP_PADDING_SIZE WC_RSA_PKCS1_OAEP_PADDING_SIZE
+    #endif
 #endif
 #ifdef WC_RSA_PSS
     RSA_PSS_PAD_TERM = 0xBC,
@@ -212,9 +225,6 @@ struct RsaKey {
     void* devCtx;
     int   devId;
 #endif
-#if defined(HAVE_PKCS11)
-    byte isPkcs11 : 1; /* indicate if PKCS11 is preferred */
-#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
     #ifdef WOLFSSL_CERT_GEN
@@ -240,8 +250,8 @@ struct RsaKey {
     char label[RSA_MAX_LABEL_LEN];
     int  labelLen;
 #endif
-#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
-    !defined(WOLFSSL_NO_MALLOC)
+#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \
+    (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)))
     byte   dataIsAlloc;
 #endif
 #ifdef WC_RSA_NONBLOCK
@@ -272,9 +282,28 @@ struct RsaKey {
 
 #endif /* HAVE_FIPS */
 
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+struct RsaPadding {
+    byte pad_value;
+    int pad_type;
+    enum wc_HashType hash;
+    int mgf;
+    byte* label;
+    word32 labelSz;
+    int saltLen;
+    int unpadded;
+};
+typedef struct RsaPadding RsaPadding;
+#endif
+
 WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void* heap);
 WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code);
+WOLFSSL_API int  wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p);
+#endif
+
 #ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
                                  void* heap, int devId);
@@ -411,7 +440,7 @@ WOLFSSL_API int  wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
 WOLFSSL_API int  wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
                       byte** out, RsaKey* key, int type, enum wc_HashType hash,
                       int mgf, byte* label, word32 labelSz);
-#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
                    RsaKey* key, int type, WC_RNG* rng);
 #endif
@@ -439,18 +468,23 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
                                           int nlen, int* isPrime);
 #endif
 
-WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
-        word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
-        enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen,
-        int saltLen, int bits, void* heap);
-WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
-                                   byte padValue, int padType, enum wc_HashType hType,
-                                   int mgf, byte* optLabel, word32 labelLen, int saltLen,
-                                   int bits, void* heap);
+WOLFSSL_API int wc_RsaPad_ex(const byte* input, word32 inputLen,
+    byte* pkcsBlock, word32 pkcsBlockLen, byte padValue,
+    WC_RNG* rng, int padType, enum wc_HashType hType, int mgf,
+    byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap);
+WOLFSSL_API int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen,
+    byte** out, byte padValue, int padType, enum wc_HashType hType, int mgf,
+    byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap);
 
 WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType);
+WOLFSSL_LOCAL int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
+    int checkSmallCt);
 
-#endif /* HAVE_USER_RSA */
+WOLFSSL_API int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
+        const byte* e, word32 eSz, const byte* d, word32 dSz,
+        const byte* u, word32 uSz, const byte* p, word32 pSz,
+        const byte* q, word32 qSz, const byte* dP, word32 dPSz,
+        const byte* dQ, word32 dQSz, RsaKey* key);
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h
index 173c33bb9..3ba79687e 100644
--- a/wolfssl/wolfcrypt/sakke.h
+++ b/wolfssl/wolfcrypt/sakke.h
@@ -1,6 +1,6 @@
 /* sakke.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,15 +64,15 @@ typedef struct SakkeKeyParams {
     ecc_point* base;
 
     /** Bit indicate prime is set as an MP integer in SAKKE key. */
-    byte havePrime:1;
+    WC_BITFIELD havePrime:1;
     /** Bit indicates q (order) is set as an MP integer in SAKKE key. */
-    byte haveQ:1;
+    WC_BITFIELD haveQ:1;
     /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */
-    byte haveG:1;
+    WC_BITFIELD haveG:1;
     /** Bit indicates a is set as an MP integer in SAKKE key. */
-    byte haveA:1;
+    WC_BITFIELD haveA:1;
     /** Bit indicates base point is set as an ECC point in SAKKE key. */
-    byte haveBase:1;
+    WC_BITFIELD haveBase:1;
 } SakkeKeyParams;
 
 /** Temporary values to use in SAKKE calculations. */
@@ -116,7 +116,7 @@ typedef struct SakkeKeyRsk {
     /** Length of table */
     word32 tableLen;
     /** Indicates whether an RSK value has been set. */
-    byte set:1;
+    WC_BITFIELD set:1;
 } SakkeKeyRsk;
 #endif
 
@@ -153,9 +153,9 @@ typedef struct SakkeKey {
     void* heap;
 
     /** Bit indicates Z, public key, is in montgomery form. */
-    byte zMont:1;
+    WC_BITFIELD zMont:1;
     /** Bit indicate MP integers have been initialized. */
-    byte mpInit:1;
+    WC_BITFIELD mpInit:1;
 } SakkeKey;
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/selftest.h b/wolfssl/wolfcrypt/selftest.h
index a0c7c0eae..08b88846c 100644
--- a/wolfssl/wolfcrypt/selftest.h
+++ b/wolfssl/wolfcrypt/selftest.h
@@ -1,6 +1,6 @@
 /* selftest.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index df7509bb9..2688960d1 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1,6 +1,6 @@
 /* settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,24 +20,19 @@
  */
 
 /*
- *   ************************************************************************
+ *   Note, this file should not be edited to activate/deactivate features.
  *
- *   ******************************** NOTICE ********************************
- *
- *   ************************************************************************
- *
- *   This method of uncommenting a line in settings.h is outdated.
- *
- *   Please use user_settings.h / WOLFSSL_USER_SETTINGS
+ *   Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS
  *
  *         or
  *
- *   ./configure CFLAGS="-DFLAG"
+ *   ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]"
+ *
+ *   To build using a custom configuration method, define WOLFSSL_CUSTOM_CONFIG
  *
  *   For more information see:
  *
  *   https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/
- *
  */
 
 
@@ -52,11 +47,14 @@
     extern "C" {
 #endif
 
-/* This flag allows wolfSSL to include options.h instead of having client
- * projects do it themselves. This should *NEVER* be defined when building
- * wolfSSL as it can cause hard to debug problems. */
-#ifdef EXTERNAL_OPTS_OPENVPN
-#include <wolfssl/options.h>
+/* WOLFSSL_USE_OPTIONS_H directs wolfSSL to include options.h on behalf of
+ * application code, rather than the application including it directly.  This is
+ * not defined when compiling wolfSSL library objects, which are configured
+ * through CFLAGS.
+ */
+#if (defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)) && \
+    !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
 #endif
 
 /* Uncomment next line if using IPHONE */
@@ -212,6 +210,9 @@
 /* Uncomment next line if building for Nucleus 1.2 */
 /* #define WOLFSSL_NUCLEUS_1_2 */
 
+/* Uncomment next line if building for Nucleus Plus 2.3 */
+/* #define NUCLEUS_PLUS_2_3 */
+
 /* Uncomment next line if building for using Apache mynewt */
 /* #define WOLFSSL_APACHE_MYNEWT */
 
@@ -259,38 +260,164 @@
 /* Uncomment next line if building for Dolphin Emulator */
 /* #define DOLPHIN_EMULATOR */
 
+/* Uncomment next line if building for WOLFSSL_NDS */
+/* #define WOLFSSL_NDS */
+
 /* Uncomment next line if using MAXQ1065 */
 /* #define WOLFSSL_MAXQ1065 */
 
 /* Uncomment next line if using MAXQ108x */
 /* #define WOLFSSL_MAXQ108X */
 
+/* Uncomment next line if using Raspberry Pi RP2040 or RP2350 */
+/* #define WOLFSSL_RPIPICO */
+
+/* Check PLATFORMIO first, as it may define other known environments. */
+#ifdef PLATFORMIO
+    #ifdef ESP_PLATFORM
+        /* Turn on the wolfSSL ESPIDF flag for the PlatformIO ESP-IDF detect */
+        #undef  WOLFSSL_ESPIDF
+        #define WOLFSSL_ESPIDF
+    #endif /* ESP_PLATFORM */
+
+    /* Ensure all PlatformIO boards have the wolfSSL user_setting.h enabled. */
+    #ifndef WOLFSSL_USER_SETTINGS
+        #define WOLFSSL_USER_SETTINGS
+    #endif /* WOLFSSL_USER_SETTINGS */
+
+    /* Similar to Arduino we have limited build control, so suppress warning */
+    #undef  WOLFSSL_IGNORE_FILE_WARN
+    #define WOLFSSL_IGNORE_FILE_WARN
+#endif
+
+#if defined(ARDUINO)
+    /* Due to limited build control, we'll ignore file warnings. */
+    /* See https://github.com/arduino/arduino-cli/issues/631     */
+    #undef  WOLFSSL_IGNORE_FILE_WARN
+    #define WOLFSSL_IGNORE_FILE_WARN
+
+    /* we don't have the luxury of compiler options, so manually define */
+    #if defined(__arm__)
+        #undef  WOLFSSL_ARDUINO
+        #define WOLFSSL_ARDUINO
+    /* ESP32? */
+    #endif
+
+    #undef FREERTOS
+    #ifndef WOLFSSL_USER_SETTINGS
+        #define WOLFSSL_USER_SETTINGS
+    #endif /* WOLFSSL_USER_SETTINGS */
+
+    /* board-specific */
+    #if defined(__AVR__)
+        #define WOLFSSL_NO_SOCK
+        #define NO_WRITEV
+    #elif defined(__arm__)
+        #define WOLFSSL_NO_SOCK
+        #define NO_WRITEV
+    #elif defined(ESP32) || defined(ESP8266)
+        /* assume sockets available */
+    #else
+        #define WOLFSSL_NO_SOCK
+    #endif
+#endif
+
+#if !defined(WOLFSSL_CUSTOM_CONFIG) && \
+    ((defined(BUILDING_WOLFSSL) && defined(WOLFSSL_USE_OPTIONS_H)) || \
+     (defined(BUILDING_WOLFSSL) && defined(WOLFSSL_OPTIONS_H) &&      \
+     !defined(EXTERNAL_OPTS_OPENVPN)))
+    #warning wolfssl/options.h included in compiled wolfssl library object.
+#endif
 
 #ifdef WOLFSSL_USER_SETTINGS
     #include "user_settings.h"
 #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
     /* STM Configuration File (generated by CubeMX) */
     #include "wolfSSL.I-CUBE-wolfSSL_conf.h"
+#elif defined(NUCLEUS_PLUS_2_3)
+    /* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */
+    #include "nucleus.h"
+    #include "os/networking/ssl/lite/cyassl_nucleus_defs.h"
+#elif !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_OPTIONS_H) && \
+      !defined(WOLFSSL_NO_OPTIONS_H) && !defined(WOLFSSL_CUSTOM_CONFIG)
+    /* This warning indicates that wolfSSL features may not have been properly
+     * configured before other wolfSSL headers were included. If you are using
+     * an alternative configuration method -- e.g. custom header, or CFLAGS in
+     * an application build -- then your application can avoid this warning by
+     * defining WOLFSSL_NO_OPTIONS_H or WOLFSSL_CUSTOM_CONFIG as appropriate.
+     */
+    #warning "No configuration for wolfSSL detected, check header order"
 #endif
 
 #include <wolfssl/wolfcrypt/visibility.h>
 
-#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) (((major) * 256) + (minor))
-#if !defined(HAVE_FIPS)
-    #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(0,0)
-#elif !defined(HAVE_FIPS_VERSION)
-    #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(1,0)
-#elif !defined(HAVE_FIPS_VERSION_MINOR)
-    #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(HAVE_FIPS_VERSION,0)
-#else
-    #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(HAVE_FIPS_VERSION,HAVE_FIPS_VERSION_MINOR)
+/*------------------------------------------------------------*/
+#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV)
+    #undef HAVE_FIPS_VERSION_MAJOR
+    #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */
+                                      /* of most recent FIPS certificate */
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */
+    #undef HAVE_FIPS_VERSION_PATCH
+    #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */
 #endif
 
-#define FIPS_VERSION_LT(major,minor) (WOLFSSL_FIPS_VERSION_CODE < WOLFSSL_MAKE_FIPS_VERSION(major,minor))
-#define FIPS_VERSION_LE(major,minor) (WOLFSSL_FIPS_VERSION_CODE <= WOLFSSL_MAKE_FIPS_VERSION(major,minor))
-#define FIPS_VERSION_EQ(major,minor) (WOLFSSL_FIPS_VERSION_CODE == WOLFSSL_MAKE_FIPS_VERSION(major,minor))
-#define FIPS_VERSION_GE(major,minor) (WOLFSSL_FIPS_VERSION_CODE >= WOLFSSL_MAKE_FIPS_VERSION(major,minor))
-#define FIPS_VERSION_GT(major,minor) (WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION(major,minor))
+#define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \
+                                (((major) * 65536) + ((minor) * 256) + (patch))
+#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \
+                                  WOLFSSL_MAKE_FIPS_VERSION3(major, minor, 0)
+
+#if !defined(HAVE_FIPS)
+    #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION3(0,0,0)
+    #define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
+#elif !defined(HAVE_FIPS_VERSION)
+    #define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION3(1,0,0)
+    #define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
+#elif !defined(HAVE_FIPS_VERSION_MINOR)
+    #define WOLFSSL_FIPS_VERSION_CODE \
+            WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION,0,0)
+    #define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
+#elif !defined(HAVE_FIPS_VERSION_PATCH)
+    #define WOLFSSL_FIPS_VERSION_CODE \
+            WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION, \
+                                       HAVE_FIPS_VERSION_MINOR, 0)
+    #define WOLFSSL_FIPS_VERSION2_CODE WOLFSSL_FIPS_VERSION_CODE
+#else
+    #define WOLFSSL_FIPS_VERSION_CODE \
+            WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION,\
+                                       HAVE_FIPS_VERSION_MINOR, \
+                                       HAVE_FIPS_VERSION_PATCH)
+    #define WOLFSSL_FIPS_VERSION2_CODE \
+            WOLFSSL_MAKE_FIPS_VERSION3(HAVE_FIPS_VERSION,\
+                                       HAVE_FIPS_VERSION_MINOR, \
+                                       0)
+#endif
+
+#define FIPS_VERSION_LT(major,minor) \
+           (WOLFSSL_FIPS_VERSION2_CODE < WOLFSSL_MAKE_FIPS_VERSION(major,minor))
+#define FIPS_VERSION_LE(major,minor) \
+          (WOLFSSL_FIPS_VERSION2_CODE <= WOLFSSL_MAKE_FIPS_VERSION(major,minor))
+#define FIPS_VERSION_EQ(major,minor) \
+          (WOLFSSL_FIPS_VERSION2_CODE == WOLFSSL_MAKE_FIPS_VERSION(major,minor))
+#define FIPS_VERSION_GE(major,minor) \
+          (WOLFSSL_FIPS_VERSION2_CODE >= WOLFSSL_MAKE_FIPS_VERSION(major,minor))
+#define FIPS_VERSION_GT(major,minor) \
+           (WOLFSSL_FIPS_VERSION2_CODE > WOLFSSL_MAKE_FIPS_VERSION(major,minor))
+
+#define FIPS_VERSION3_LT(major,minor,patch) \
+    (WOLFSSL_FIPS_VERSION_CODE < WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
+#define FIPS_VERSION3_LE(major,minor,patch) \
+    (WOLFSSL_FIPS_VERSION_CODE <= WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
+#define FIPS_VERSION3_EQ(major,minor,patch) \
+    (WOLFSSL_FIPS_VERSION_CODE == WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
+#define FIPS_VERSION3_GE(major,minor,patch) \
+    (WOLFSSL_FIPS_VERSION_CODE >= WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
+#define FIPS_VERSION3_GT(major,minor,patch) \
+    (WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch))
+/*------------------------------------------------------------*/
+
 
 /* make sure old RNG name is used with CTaoCrypt FIPS */
 #ifdef HAVE_FIPS
@@ -301,7 +428,7 @@
          * system or other set of headers included by wolfSSL already defines
          * RNG. Examples are:
          * wolfEngine, wolfProvider and potentially other use-cases */
-        #ifndef RNG
+        #if !defined(RNG) && !defined(NO_OLD_RNGNAME)
             #define RNG WC_RNG
         #endif
     #endif
@@ -309,6 +436,11 @@
     #undef WC_RSA_BLINDING
 #endif
 
+/* old FIPS has only AES_BLOCK_SIZE. */
+#if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \
+     (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
+    #define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE
+#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */
 
 #ifdef WOLFSSL_HARDEN_TLS
     #if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128
@@ -316,44 +448,38 @@
     #endif
 #endif
 
-/* OpenSSL compat layer */
-#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST)
-#undef  WOLFSSL_ALWAYS_VERIFY_CB
-#define WOLFSSL_ALWAYS_VERIFY_CB
+/* ---------------------------------------------------------------------------
+ * Dual Algorithm Certificate Required Features.
+ * ---------------------------------------------------------------------------
+ */
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    #ifdef NO_RSA
+        #error "Need RSA or else dual alg cert example will not work."
+    #endif
 
-#undef WOLFSSL_VERIFY_CB_ALL_CERTS
-#define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #ifndef HAVE_ECC
+        #error "Need ECDSA or else dual alg cert example will not work."
+    #endif
 
-#undef WOLFSSL_EXTRA_ALERTS
-#define WOLFSSL_EXTRA_ALERTS
+    #undef WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_GEN
 
-#undef HAVE_EXT_CACHE
-#define HAVE_EXT_CACHE
+    #undef WOLFSSL_CUSTOM_OID
+    #define WOLFSSL_CUSTOM_OID
 
-#undef WOLFSSL_FORCE_CACHE_ON_TICKET
-#define WOLFSSL_FORCE_CACHE_ON_TICKET
+    #undef HAVE_OID_ENCODING
+    #define HAVE_OID_ENCODING
 
-#undef WOLFSSL_AKID_NAME
-#define WOLFSSL_AKID_NAME
+    #undef WOLFSSL_CERT_EXT
+    #define WOLFSSL_CERT_EXT
 
-#undef HAVE_CTS
-#define HAVE_CTS
+    #undef OPENSSL_EXTRA
+    #define OPENSSL_EXTRA
 
-#undef WOLFSSL_SESSION_ID_CTX
-#define WOLFSSL_SESSION_ID_CTX
-#endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */
+    #undef HAVE_OID_DECODING
+    #define HAVE_OID_DECODING
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
 
-/* Special small OpenSSL compat layer for certs */
-#ifdef OPENSSL_EXTRA_X509_SMALL
-#undef WOLFSSL_EKU_OID
-#define WOLFSSL_EKU_OID
-
-#undef WOLFSSL_MULTI_ATTRIB
-#define WOLFSSL_MULTI_ATTRIB
-
-#undef WOLFSSL_NO_OPENSSL_RAND_CB
-#define WOLFSSL_NO_OPENSSL_RAND_CB
-#endif /* OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(_WIN32) && !defined(_M_X64) && \
     defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)
@@ -381,8 +507,355 @@
     #include <nx_api.h>
 #endif
 
+
+#ifdef WOLFSSL_NDS
+    #include <stddef.h>
+    #define SIZEOF_LONG_LONG 8
+    #define socklen_t int
+    #define IPPROTO_UDP 17
+    #define IPPROTO_TCP 6
+    #define NO_WRITEV
+#endif
+
+#if defined(ARDUINO)
+    #if defined(ESP32)
+        #ifndef NO_ARDUINO_DEFAULT
+            #define SIZEOF_LONG_LONG 8
+            #ifdef FREERTOS
+                #undef FREERTOS
+            #endif
+
+            #define WOLFSSL_LWIP
+            #define NO_WRITEV
+            #define NO_WOLFSSL_DIR
+            #define WOLFSSL_NO_CURRDIR
+
+            #define TFM_TIMING_RESISTANT
+            #define ECC_TIMING_RESISTANT
+            #define WC_RSA_BLINDING
+            #define WC_NO_CACHE_RESISTANT
+        #endif /* !NO_ARDUINO_DEFAULT */
+    #elif defined(__arm__)
+            #define NO_WRITEV
+            #define NO_WOLFSSL_DIR
+            #define WOLFSSL_NO_CURRDIR
+    #elif defined(OTHERBOARD)
+        /* TODO: define other Arduino boards here */
+    #endif
+#endif
+
 #if defined(WOLFSSL_ESPIDF)
     #define SIZEOF_LONG_LONG 8
+
+    #ifndef WOLFSSL_MAX_ERROR_SZ
+        /* Espressif paths can be quite long. Ensure error prints full path. */
+        #define WOLFSSL_MAX_ERROR_SZ 200
+    #endif
+
+    /* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
+     * Macros may or may not be defined. If defined, they may have a value of
+     *
+     *   0 - not enabled (also the equivalent of not defined)
+     *   1 - enabled
+     *
+     * The naming convention is generally an exact match of wolfSSL macros
+     * in the Kconfig file. At cmake time, the Kconfig is processed and an
+     * sdkconfig.h file is created by the ESP-IDF. Any configured options are
+     * named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that
+     * are expected to be ESP-IDF specific and may be ambiguous can named
+     * with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)]
+     *
+     * Note there are some inconsistent macro names that may have been
+     * used in the esp-wolfssl or other places in the ESP-IDF. They should
+     * be always be included for backward compatibility.
+     *
+     * See also: Espressif api-reference kconfig docs.
+     *
+     * These settings should be checked and assigned wolfssl equivalents before
+     * any others.
+     *
+     * Only the actual config settings should be defined here. Any others that
+     * may be application specific should be conditionally defined in the
+     * respective user_settings.h file.
+     *
+     * See the template example for reference:
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+     *
+     * Reminder that by the time we are here, the user_settings.h has already
+     * been processed. The following settings are additive; Enabled settings
+     * from user_settings are not disabled here.
+     */
+    #if defined(CONFIG_ESP_WOLFSSL_TEST_LOOP) && \
+                CONFIG_ESP_WOLFSSL_TEST_LOOP
+        #define            WOLFSSL_TEST_LOOP 1
+    #else
+        #define            WOLFSSL_TEST_LOOP 0
+    #endif
+    #if (defined(CONFIG_DEBUG_WOLFSSL) &&             \
+                 CONFIG_DEBUG_WOLFSSL) ||             \
+        (defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \
+                 CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL  )
+        #define                     DEBUG_WOLFSSL
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH) && \
+                CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
+        #define            WOLFSSL_ENABLE_WOLFSSH
+    #endif
+    #if (defined(CONFIG_TEST_ESPIDF_ALL_WOLFSSL) && \
+                 CONFIG_TEST_ESPIDF_ALL_WOLFSSL   )
+        #define         TEST_ESPIDF_ALL_WOLFSSL
+    #endif
+    #if (defined(CONFIG_WOLFSSL_ALT_CERT_CHAINS) && \
+                 CONFIG_WOLFSSL_ALT_CERT_CHAINS   )
+        #define         WOLFSSL_ALT_CERT_CHAINS
+    #endif
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) && \
+                CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
+        #define        WOLFSSL_ASN_ALLOW_0_SERIAL
+    #endif
+    #if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && \
+                CONFIG_WOLFSSL_NO_ASN_STRICT
+        #define        WOLFSSL_NO_ASN_STRICT
+    #endif
+    #if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) && \
+                CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+        #define        WOLFSSL_DEBUG_CERT_BUNDLE
+    #endif
+    #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_TIME) && \
+                CONFIG_USE_WOLFSSL_ESP_SDK_TIME
+        #define        USE_WOLFSSL_ESP_SDK_TIME
+    #endif
+    #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_WIFI) && \
+                CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
+        #define        USE_WOLFSSL_ESP_SDK_WIFI
+    #endif
+    #if defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) && \
+                CONFIG_WOLFSSL_APPLE_HOMEKIT
+        #define        WOLFSSL_APPLE_HOMEKIT
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) && \
+                CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        #define            WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) && \
+                CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+        #define            WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+    #endif
+
+    #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL)
+        /* When using ESP-TLS, some old algorithms such as SHA1 are no longer
+         * enabled in wolfSSL, except for the OpenSSL compatibility. So enable
+         * that here: */
+        #define OPENSSL_EXTRA
+    #endif
+
+    /* Optional Apple HomeKit support. See below for related sanity checks. */
+    #if defined(WOLFSSL_APPLE_HOMEKIT)
+        /* SRP is known to need 8K; slow on some devices */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS (8192 * 2)
+        #define WOLFCRYPT_HAVE_SRP
+        #define HAVE_CHACHA
+        #define HAVE_POLY1305
+        #define WOLFSSL_BASE64_ENCODE
+        #define HAVE_HKDF
+        #define WOLFSSL_SHA512
+     #endif
+
+    /* Enable benchmark code via menuconfig, or when not otherwise disable: */
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK
+        #ifdef NO_CRYPT_BENCHMARK
+            #pragma message("Benchmark conflict:")
+            #pragma message("-- NO_CRYPT_BENCHMARK defined.")
+            #pragma message("-- CONFIG_WOLFSSL_ENABLE_BENCHMARK also defined.")
+            #pragma message("-- NO_CRYPT_BENCHMARK will be undefined.")
+            #undef NO_CRYPT_BENCHMARK
+        #endif
+    #endif
+
+    #if !defined(NO_CRYPT_BENCHMARK) || \
+         defined(CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK)
+
+        #define BENCH_EMBEDDED
+        #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+        /* See wolfcrypt/benchmark/benchmark.c for debug and other settings: */
+
+        /* Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) */
+        #ifdef CONFIG_ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            #define DEBUG_WOLFSSL_BENCHMARK_TIMING
+        #endif
+
+        /* Turn on timer debugging (used when CPU cycles not available) */
+        #ifdef CONFIG_ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            #define WOLFSSL_BENCHMARK_TIMER_DEBUG
+        #endif
+    #endif
+
+    /* Typically only used in tests, but available to all apps is
+     * the "enable all" feature: */
+    #if defined(TEST_ESPIDF_ALL_WOLFSSL)
+        #define WOLFSSL_MD2
+        #define HAVE_BLAKE2
+        #define HAVE_BLAKE2B
+        #define HAVE_BLAKE2S
+
+        #define WC_RC2
+        #define WOLFSSL_ALLOW_RC4
+
+        #define HAVE_POLY1305
+
+        #define WOLFSSL_AES_128
+        #define WOLFSSL_AES_OFB
+        #define WOLFSSL_AES_CFB
+        #define WOLFSSL_AES_XTS
+
+        /* #define WC_SRTP_KDF */
+        /* TODO Causes failure with Espressif AES HW Enabled */
+        /* #define HAVE_AES_ECB */
+        /* #define HAVE_AESCCM  */
+        /* TODO sanity check when missing HAVE_AES_ECB */
+        #define WOLFSSL_WOLFSSH
+
+        #define HAVE_AESGCM
+        #define WOLFSSL_AES_COUNTER
+
+        #define HAVE_FFDHE
+        #define HAVE_FFDHE_2048
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            /* TODO Full size SRP is disabled on the ESP8266 at this time.
+             * Low memory issue? */
+            #define WOLFCRYPT_HAVE_SRP
+            /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+              defined(CONFIG_IDF_TARGET_ESP32S2) || \
+              defined(CONFIG_IDF_TARGET_ESP32S3)
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            /* SRP Known to be working on this target::*/
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #else
+            /* For everything else, give a try and see if SRP working: */
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #endif
+
+        #define HAVE_DH
+
+        /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+         * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+        /* #define HAVE_CAMELLIA */
+
+        /* DSA requires old SHA */
+        #define HAVE_DSA
+
+        /* Needs SHA512 ? */
+        #define HAVE_HPKE
+
+        /* Not for Espressif? */
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP32H2) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+
+            #if defined(CONFIG_IDF_TARGET_ESP8266)
+                #undef HAVE_ECC
+                #undef HAVE_ECC_CDH
+                #undef HAVE_CURVE25519
+
+                #ifdef HAVE_CHACHA
+                    #error "HAVE_CHACHA not supported on ESP8266"
+                #endif
+                #ifdef HAVE_XCHACHA
+                    #error "HAVE_XCHACHA not supported on ESP8266"
+                #endif
+            #else
+                #define HAVE_XCHACHA
+                #define HAVE_CHACHA
+                /* TODO Not enabled at this time, needs further testing:
+                 *   #define WC_SRTP_KDF
+                 *   #define HAVE_COMP_KEY
+                 *   #define WOLFSSL_HAVE_XMSS
+                 */
+            #endif
+            /* TODO AES-EAX needs stesting on this platform */
+
+            /* Optionally disable DH
+             *   #undef HAVE_DH
+             *   #undef HAVE_FFDHE
+             */
+
+            /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+            #ifndef HAVE_ECC
+                #define ECC_SHAMIR
+            #endif
+        #else
+            #define WOLFSSL_AES_EAX
+
+            #define ECC_SHAMIR
+        #endif
+
+        /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+        /* #define WOLFSSL_CAAM      */
+        /* #define WOLFSSL_CAAM_BLOB */
+
+        #define WOLFSSL_AES_SIV
+        #define WOLFSSL_CMAC
+
+        #define WOLFSSL_CERT_PIV
+
+        /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+        /* #define HAVE_SCRYPT */
+        #define SCRYPT_TEST_ALL
+        #define HAVE_X963_KDF
+    #endif
+
+    /* Optionally enable some wolfSSH settings via compiler def or Kconfig */
+    #if defined(ESP_ENABLE_WOLFSSH)
+        /* The default SSH Windows size is massive for an embedded target.
+         * Limit it: */
+        #define DEFAULT_WINDOW_SZ 2000
+
+        /* These may be defined in cmake for other examples: */
+        #undef  WOLFSSH_TERM
+        #define WOLFSSH_TERM
+
+        #if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSH)
+            /* wolfSSH debugging enabled via Kconfig / menuconfig */
+            #undef  DEBUG_WOLFSSH
+            #define DEBUG_WOLFSSH
+        #endif
+
+        #undef  WOLFSSL_KEY_GEN
+        #define WOLFSSL_KEY_GEN
+
+        #undef  WOLFSSL_PTHREADS
+        #define WOLFSSL_PTHREADS
+
+        #define WOLFSSH_TEST_SERVER
+        #define WOLFSSH_TEST_THREADING
+
+    #endif /* ESP_ENABLE_WOLFSSH */
+
+    /* Experimental Kyber.  */
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_KYBER
+        /* Kyber typically needs a minimum 10K stack */
+        #define WOLFSSL_EXPERIMENTAL_SETTINGS
+        #define WOLFSSL_HAVE_KYBER
+        #define WOLFSSL_WC_KYBER
+        #define WOLFSSL_SHA3
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            /* With limited RAM, we'll disable some of the Kyber sizes: */
+            #define WOLFSSL_NO_KYBER1024
+            #define WOLFSSL_NO_KYBER768
+            #define NO_SESSION_CACHE
+        #endif
+    #endif
+
     #ifndef NO_ESPIDF_DEFAULT
         #define FREERTOS
         #define WOLFSSL_LWIP
@@ -392,10 +865,25 @@
 
         #define TFM_TIMING_RESISTANT
         #define ECC_TIMING_RESISTANT
+
+        /* WC_RSA_BLINDING takes up extra space! */
         #define WC_RSA_BLINDING
+
+        /* Cache Resistant features are  on by default, but has performance
+         * penalty on embedded systems. May not be needed here. Disabled: */
         #define WC_NO_CACHE_RESISTANT
     #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */
 
+    #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
+        #error "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 cannot be defined without" \
+               "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 (enable or disable both)"
+    #endif
+    #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) && \
+       !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384)
+        #error "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 cannot be defined without" \
+               "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 (enable or disable both)"
+    #endif
 #if defined(WOLFSSL_ESPWROOM32)
     /* WOLFSSL_ESPWROOM32 is a legacy macro gate.
     ** Not be be confused with WOLFSSL_ESPWROOM32SE, naming a specific board */
@@ -477,13 +965,69 @@
         #undef  HAVE_AESGCM
         #define HAVE_AESGCM
     #endif /* SM */
+
 #endif /* defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) */
+    /* Final device-specific hardware settings. user_settings.h loaded above. */
+
+    /* Counters for RSA wait timeout. CPU and frequency specific. */
+    #define ESP_RSA_WAIT_TIMEOUT_CNT          0x000020
+    #if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 0xAE8C8F @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0xAF0000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 0x2624B2 @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0x280000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 144323 @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0x160000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8684)
+        /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #else
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #endif
 #endif /* WOLFSSL_ESPIDF */
 
 #if defined(WOLFSSL_RENESAS_TSIP)
     #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
     #define TSIP_TLS_MASTERSECRET_SIZE       80   /* 20 words */
     #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte  */
+
+    #ifdef WOLF_CRYPTO_CB
+        /* make sure RSA padding callbacks are enabled */
+        #define WOLF_CRYPTO_CB_RSA_PAD
+    #endif
 #endif /* WOLFSSL_RENESAS_TSIP */
 
 #if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH)
@@ -565,7 +1109,6 @@
     #define NO_DEV_RANDOM
     #define NO_FILESYSTEM
     #define TFM_TIMING_RESISTANT
-    #define NO_BIG_INT
 #endif
 
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
@@ -701,11 +1244,20 @@
 
 
 #ifdef WOLFSSL_ARDUINO
+    /* Define WOLFSSL_USER_IO here to avoid check in internal.c */
+    #define WOLFSSL_USER_IO
+
     #define NO_WRITEV
     #define NO_WOLFSSL_DIR
     #define SINGLE_THREADED
     #define NO_DEV_RANDOM
-    #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
+    #if defined(INTEL_GALILEO) || defined(ESP32)
+        /* boards with has time.h compatibility */
+    #elif defined(__arm__)
+        /* TODO is time really missing from Arduino Due? */
+        /* This is a brute-force solution to make it work: */
+        #define NO_ASN_TIME
+    #else
         #define TIME_OVERRIDES
         #ifndef XTIME
             #error "Must define XTIME externally see porting guide"
@@ -773,8 +1325,8 @@
     #define XSTRNCMP(s1,s2,n)      strncmp((s1),(s2),(n))
     #define XSTRNCAT(s1,s2,n)      strncat((s1),(s2),(n))
     #define XSTRNCASECMP(s1,s2,n)  _strnicmp((s1),(s2),(n))
-    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
-            || defined(HAVE_ALPN)
+    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
+        defined(OPENSSL_ALL) || defined(HAVE_ALPN)
         #define XSTRTOK            strtok_r
     #endif
 #endif
@@ -840,10 +1392,13 @@
         #define NO_SESSION_CACHE
 #endif
 
-/* Micrium will use Visual Studio for compilation but not the Win32 API */
+/* For platforms where the target OS is not Windows, but compilation is
+ * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API.
+ * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */
 #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
     !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
-    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
+    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \
+    !defined(WOLFSSL_NOT_WINDOWS_API)
     #define USE_WINDOWS_API
 #endif
 
@@ -899,11 +1454,11 @@ extern void uITRON4_free(void *p) ;
 
 
 #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \
-        !defined(NO_WOLFSSL_MEMORY)
+        !defined(NO_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
     #include <stdlib.h>
-    #define XMALLOC(s, h, type)  ((void)(h), (void)(type), malloc((s)))
-    #define XFREE(p, h, type)    ((void)(h), (void)(type), free((p)))
-    #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
+    #define XMALLOC(s, h, type)  ((void)(h), (void)(type), malloc((s))) /* native heap */
+    #define XFREE(p, h, type)    ((void)(h), (void)(type), free((p))) /* native heap */
+    #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
 #endif
 
 #if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
@@ -917,28 +1472,53 @@ extern void uITRON4_free(void *p) ;
 
 
 #ifdef FREERTOS
-    #include "FreeRTOS.h"
-    #include <task.h>
+
+    #ifdef PLATFORMIO
+        #include <freertos/FreeRTOS.h>
+        #include <freertos/task.h>
+    #else
+        #include "FreeRTOS.h"
+        #include <task.h>
+    #endif
 
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+
+        /* XMALLOC */
+        #if defined(WOLFSSL_ESPIDF) && \
+           (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC))
+            #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+            #define XMALLOC(s, h, type)  \
+                           ((void)(h), (void)(type), wc_debug_pvPortMalloc( \
+                           (s), (__FILE__), (__LINE__), (__FUNCTION__) ))
+        #else
+            #define XMALLOC(s, h, type)  \
+                           ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #endif
+
+        /* XFREE */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
+
+        /* XREALLOC */
         #if defined(WOLFSSL_ESPIDF)
-                /* In IDF, realloc(p, n) is equivalent to
-                 * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */
-                #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
-        /* FreeRTOS pvPortRealloc() implementation can be found here:
-         * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
-        #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA)
-                #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n)))
+            /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to
+             *     heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
+             * There's no pvPortRealloc available:  */
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
+        #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \
+              defined(OPENSSL_ALL)
+            /* FreeRTOS pvPortRealloc() implementation can be found here:
+             * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n)))
+        #else
+            /* no XREALLOC available */
         #endif
     #endif
 
     #ifndef NO_WRITEV
         #define NO_WRITEV
     #endif
-    #ifndef HAVE_SHA512
+    #ifndef WOLFSSL_SHA512
         #ifndef NO_SHA512
             #define NO_SHA512
         #endif
@@ -948,20 +1528,30 @@ extern void uITRON4_free(void *p) ;
             #define NO_DH
         #endif
     #endif
-    #ifndef NO_DSA
-        #define NO_DSA
+    #ifndef HAVE_DSA
+        #ifndef NO_DSA
+            #define NO_DSA
+        #endif
     #endif
 
     #ifndef SINGLE_THREADED
-        #include "semphr.h"
+        #ifdef PLATFORMIO
+            #include <freertos/semphr.h>
+        #else
+            #include "semphr.h"
+        #endif
     #endif
 #endif
 
 #ifdef FREERTOS_TCP
     #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  pvPortMalloc((s))
-        #define XFREE(p, h, type)    vPortFree((p))
+        #ifndef XMALLOC
+            #define XMALLOC(s, h, type)  pvPortMalloc((s)) /* native heap */
+        #endif
+        #ifndef XFREE
+            #define XFREE(p, h, type)    vPortFree((p)) /* native heap */
+        #endif
     #endif
 
     #define WOLFSSL_GENSEED_FORTEST
@@ -1129,8 +1719,8 @@ extern void uITRON4_free(void *p) ;
     #endif
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
 
         /* FreeRTOS pvPortRealloc() implementation can be found here:
             https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
@@ -1160,8 +1750,10 @@ extern void uITRON4_free(void *p) ;
     /* Copy data out of flash memory and into SRAM */
     #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
 #else
+#ifndef FLASH_QUALIFIER
     #define FLASH_QUALIFIER
 #endif
+#endif
 
 #ifdef FREESCALE_MQX_5_0
     /* use normal Freescale MQX port, but with minor changes for 5.0 */
@@ -1246,8 +1838,8 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_CRYPT_HW_MUTEX 1
 
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
     #endif
 
     /* #define USER_TICKS */
@@ -1471,6 +2063,7 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_STATIC_PSK
     /* Server side support to be added at a later date. */
     #define NO_WOLFSSL_SERVER
+
     /* Need WOLFSSL_PUBLIC_ASN to use ProcessPeerCert callback. */
     #define WOLFSSL_PUBLIC_ASN
 
@@ -1502,7 +2095,9 @@ extern void uITRON4_free(void *p) ;
     defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
     defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
     defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \
-    defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL)
+    defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \
+    defined(WOLFSSL_STM32G4) || defined(WOLFSSL_STM32MP13) || \
+    defined(WOLFSSL_STM32H7S)
 
     #define SIZEOF_LONG_LONG 8
     #ifndef CHAR_BIT
@@ -1550,6 +2145,8 @@ extern void uITRON4_free(void *p) ;
             #include "stm32f7xx_hal.h"
         #elif defined(WOLFSSL_STM32F1)
             #include "stm32f1xx_hal.h"
+        #elif defined(WOLFSSL_STM32H7S)
+            #include "stm32h7rsxx_hal.h"
         #elif defined(WOLFSSL_STM32H7)
             #include "stm32h7xx_hal.h"
         #elif defined(WOLFSSL_STM32WB)
@@ -1558,10 +2155,18 @@ extern void uITRON4_free(void *p) ;
             #include "stm32wlxx_hal.h"
         #elif defined(WOLFSSL_STM32G0)
             #include "stm32g0xx_hal.h"
+        #elif defined(WOLFSSL_STM32G4)
+            #include "stm32g4xx_hal.h"
         #elif defined(WOLFSSL_STM32U5)
             #include "stm32u5xx_hal.h"
         #elif defined(WOLFSSL_STM32H5)
             #include "stm32h5xx_hal.h"
+        #elif defined(WOLFSSL_STM32MP13)
+            /* HAL headers error on our ASM files */
+            #ifndef __ASSEMBLER__
+                #include "stm32mp13xx_hal.h"
+                #include "stm32mp13xx_hal_conf.h"
+            #endif
         #endif
         #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
             #include "stm32l4xx_ll_rng.h"
@@ -1616,10 +2221,7 @@ extern void uITRON4_free(void *p) ;
             #include "stm32f1xx.h"
         #endif
     #endif /* WOLFSSL_STM32_CUBEMX */
-#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
-          WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
-          WOLFSSL_STM32H7 || WOLFSSL_STM32G0 || WOLFSSL_STM32U5 ||
-          WOLFSSL_STM32H5 */
+#endif /* WOLFSSL_STM32* */
 #ifdef WOLFSSL_DEOS
     #include <deos.h>
     #include <timeout.h>
@@ -1844,10 +2446,22 @@ extern void uITRON4_free(void *p) ;
     #if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
         #define NO_DEV_RANDOM
     #endif
+    #undef  NO_WOLFSSL_DIR
     #define NO_WOLFSSL_DIR
+
+    #undef  HAVE_AESGCM
     #define HAVE_AESGCM
 #endif
 
+/* Detect Cortex M3 (no UMAAL) */
+#if defined(__ARM_ARCH_7M__) && !defined(WOLFSSL_ARM_ARCH_7M)
+    #define WOLFSSL_ARM_ARCH_7M
+#endif
+#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(WOLFSSL_ARM_ARCH_7M)
+    #undef  WOLFSSL_SP_NO_UMAAL
+    #define WOLFSSL_SP_NO_UMAAL
+#endif
+
 #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX)
     #if defined(WOLFSSL_ARMASM)
         #error can not use both ARMv8 instructions and XILINX hardened crypto
@@ -1860,6 +2474,12 @@ extern void uITRON4_free(void *p) ;
         #define WOLFSSL_NOSHA3_224
         #define WOLFSSL_NOSHA3_256
         #define WOLFSSL_NOSHA3_512
+        #ifndef WOLFSSL_NO_SHAKE128
+            #define WOLFSSL_NO_SHAKE128
+        #endif
+        #ifndef WOLFSSL_NO_SHAKE256
+            #define WOLFSSL_NO_SHAKE256
+        #endif
     #endif
     #ifdef WOLFSSL_AFALG_XILINX_AES
         #undef  WOLFSSL_AES_DIRECT
@@ -1916,14 +2536,22 @@ extern void uITRON4_free(void *p) ;
 #endif /*(WOLFSSL_APACHE_MYNEWT)*/
 
 #ifdef WOLFSSL_ZEPHYR
+    #include <version.h>
+#if KERNEL_VERSION_NUMBER >= 0x30100
     #include <zephyr/kernel.h>
     #include <zephyr/sys/printk.h>
     #include <zephyr/sys/util.h>
+#else
+    #include <kernel.h>
+    #include <sys/printk.h>
+    #include <sys/util.h>
+#endif
     #include <stdlib.h>
 
     #define WOLFSSL_DH_CONST
     #define WOLFSSL_HAVE_MAX
     #define NO_WRITEV
+    #define NO_STDLIB_ISASCII
 
     #define USE_FLAT_BENCHMARK_H
     #define USE_FLAT_TEST_H
@@ -1932,11 +2560,12 @@ extern void uITRON4_free(void *p) ;
 
     void *z_realloc(void *ptr, size_t size);
     #define realloc   z_realloc
+    #define max MAX
 
-    #ifndef CONFIG_NET_SOCKETS_POSIX_NAMES
+    #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API)
     #define CONFIG_NET_SOCKETS_POSIX_NAMES
     #endif
-#endif
+#endif /* WOLFSSL_ZEPHYR */
 
 #ifdef WOLFSSL_IMX6
     #ifndef SIZEOF_LONG_LONG
@@ -2049,17 +2678,20 @@ extern void uITRON4_free(void *p) ;
     #include "RTOS.h"
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), OS_HEAP_malloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), OS_HEAP_free((p)))
-        #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), OS_HEAP_realloc(((p), (n)))
+        /* Per the user manual of embOS https://www.segger.com/downloads/embos/UM01001
+         * this API has changed with V5. */
+        #if (OS_VERSION >= 50000U)
+            #define XMALLOC(s, h, type)  ((void)(h), (void)(type), OS_HEAP_malloc((s)))
+            #define XFREE(p, h, type)    ((void)(h), (void)(type), OS_HEAP_free((p)))
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), OS_HEAP_realloc((p), (n)))
+        #else
+            #define XMALLOC(s, h, type)  ((void)(h), (void)(type), OS_malloc((s)))
+            #define XFREE(p, h, type)    ((void)(h), (void)(type), OS_free((p)))
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), OS_realloc((p), (n)))
+        #endif
     #endif
 #endif
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
-    #undef  KEEP_PEER_CERT
-    #define KEEP_PEER_CERT
-#endif
-
 
 /* stream ciphers except arc4 need 32bit alignment, intel ok without */
 #ifndef XSTREAM_ALIGN
@@ -2156,10 +2788,18 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_SP_INT_DIGIT_ALIGN
     #define WOLFSSL_SP_INT_DIGIT_ALIGN
 #endif
-#ifdef __APPLE__
+#if defined(__sparc)
+    #undef WOLFSSL_SP_INT_DIGIT_ALIGN
+    #define WOLFSSL_SP_INT_DIGIT_ALIGN
+#endif
+#if defined(__APPLE__) || defined(WOLF_C89)
     #define WOLFSSL_SP_NO_DYN_STACK
 #endif
 
+#if defined(__WATCOMC__) && !defined(WOLF_NO_VARIADIC_MACROS)
+    #define WOLF_NO_VARIADIC_MACROS
+#endif
+
 #ifdef __INTEL_COMPILER
     #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
 #endif
@@ -2223,6 +2863,58 @@ extern void uITRON4_free(void *p) ;
 #endif
 /*----------------------------------------------------------------------------*/
 
+/* SP Math specific options */
+/* Determine when mp_add_d is required. */
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
+    !defined(NO_DSA) || defined(HAVE_ECC) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(OPENSSL_EXTRA)
+    #define WOLFSSL_SP_ADD_D
+#endif
+
+/* Determine when mp_sub_d is required. */
+#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
+    #define WOLFSSL_SP_SUB_D
+#endif
+
+/* Determine when mp_read_radix with a radix of 10 is required. */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \
+    !defined(NO_DSA) || defined(OPENSSL_EXTRA)
+    #define WOLFSSL_SP_READ_RADIX_16
+#endif
+
+/* Determine when mp_read_radix with a radix of 10 is required. */
+#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY)
+    #define WOLFSSL_SP_READ_RADIX_10
+#endif
+
+/* Determine when mp_invmod is required. */
+#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+    #define WOLFSSL_SP_INVMOD
+#endif
+
+/* Determine when mp_invmod_mont_ct is required. */
+#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
+    #define WOLFSSL_SP_INVMOD_MONT_CT
+#endif
+
+/* Determine when mp_prime_gen is required. */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
+    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+    #define WOLFSSL_SP_PRIME_GEN
+#endif
+
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA)
+    /* Determine when mp_mul_d is required */
+    #define WOLFSSL_SP_MUL_D
+#endif
 
 
 /* user can specify what curves they want with ECC_USER_CURVES otherwise
@@ -2313,7 +3005,7 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* HAVE_ECC */
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
@@ -2412,6 +3104,13 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* HAVE_ED448 */
 
+/* FIPS does not support CFB1 or CFB8 */
+#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \
+    (defined(HAVE_SELFTEST) || \
+        (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
+    #define WOLFSSL_NO_AES_CFB_1_8
+#endif
+
 /* AES Config */
 #ifndef NO_AES
     /* By default enable all AES key sizes, decryption and CBC */
@@ -2581,6 +3280,14 @@ extern void uITRON4_free(void *p) ;
     #undef NO_DH
 #endif
 
+/* CryptoCell defines */
+#ifdef WOLFSSL_CRYPTOCELL
+    #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+        /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
+        #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
+    #endif /* HAVE_ECC && HAVE_ECC_SIGN */
+#endif
+
 /* Asynchronous Crypto */
 #ifdef WOLFSSL_ASYNC_CRYPT
     #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
@@ -2600,9 +3307,17 @@ extern void uITRON4_free(void *p) ;
     #endif
 
     /* Enable ECC_CACHE_CURVE for ASYNC */
-    #if !defined(ECC_CACHE_CURVE)
+    #if !defined(ECC_CACHE_CURVE) && !defined(NO_ECC_CACHE_CURVE)
+        /* Enabled by default for increased async performance,
+         * but not required */
         #define ECC_CACHE_CURVE
     #endif
+
+    #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+        /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
+        #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
+    #endif /* HAVE_ECC && HAVE_ECC_SIGN */
+
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifndef WC_ASYNC_DEV_SIZE
     #define WC_ASYNC_DEV_SIZE 0
@@ -2627,9 +3342,6 @@ extern void uITRON4_free(void *p) ;
         !defined(WOLFSSL_SP_MATH) && !defined(NO_BIG_INT)
          #error The static memory option is only supported for fast math or SP Math
     #endif
-    #ifdef WOLFSSL_SMALL_STACK
-        #error static memory does not support small stack please undefine
-    #endif
 #endif /* WOLFSSL_STATIC_MEMORY */
 
 #ifdef HAVE_AES_KEYWRAP
@@ -2682,7 +3394,178 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_IPV6
 #endif
 
+/* ---------------------------------------------------------------------------
+ * ASN Library Selection (default to ASN_TEMPLATE)
+ * ---------------------------------------------------------------------------
+ */
+#if !defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_ASN_ORIGINAL) && \
+    !defined(NO_ASN)
+    #define WOLFSSL_ASN_TEMPLATE
+#endif
 
+#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE)
+    #error "Dual alg cert support requires the ASN.1 template feature."
+#endif
+
+#if defined(WOLFSSL_ACERT) && !defined(WOLFSSL_ASN_TEMPLATE)
+    #error "Attribute Certificate support requires the ASN.1 template feature."
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+    #undef  WOLFSSL_ASN_ALL
+    #define WOLFSSL_ASN_ALL
+#endif
+
+/* Enable all parsing features for ASN */
+#ifdef WOLFSSL_ASN_ALL
+    /* Alternate Names */
+    #undef  WOLFSSL_ALT_NAMES
+    #define WOLFSSL_ALT_NAMES
+
+    /* Alternate Name: human readable form of IP address*/
+    #undef  WOLFSSL_IP_ALT_NAME
+    #define WOLFSSL_IP_ALT_NAME
+
+    /* Alternate name: human readable form of registered ID */
+    #undef  WOLFSSL_RID_ALT_NAME
+    #define WOLFSSL_RID_ALT_NAME
+
+    /* CA Issuer URI */
+    #undef  WOLFSSL_ASN_CA_ISSUER
+    #define WOLFSSL_ASN_CA_ISSUER
+
+    /* FPKI (Federal PKI) extensions */
+    #undef  WOLFSSL_FPKI
+    #define WOLFSSL_FPKI
+
+    /* Certificate policies */
+    #undef  WOLFSSL_SEP
+    #define WOLFSSL_SEP
+
+    /* Support for full AuthorityKeyIdentifier extension.
+     * Only supports copying full AKID from an existing certificate */
+    #undef  WOLFSSL_AKID_NAME
+    #define WOLFSSL_AKID_NAME
+
+    /* Extended ASN.1 parsing support (typically used with cert gen) */
+    #undef  WOLFSSL_CERT_EXT
+    #define WOLFSSL_CERT_EXT
+
+    /* Support for SubjectDirectoryAttributes extension */
+    #undef  WOLFSSL_SUBJ_DIR_ATTR
+    #define WOLFSSL_SUBJ_DIR_ATTR
+
+    /* Support for SubjectInfoAccess extension */
+    #undef  WOLFSSL_SUBJ_INFO_ACC
+    #define WOLFSSL_SUBJ_INFO_ACC
+
+    #undef  WOLFSSL_CERT_NAME_ALL
+    #define WOLFSSL_CERT_NAME_ALL
+
+    /* Store pointers to issuer name components (lengths and encodings) */
+    #undef  WOLFSSL_HAVE_ISSUER_NAMES
+    #define WOLFSSL_HAVE_ISSUER_NAMES
+
+    /* Additional ASN.1 encoded name fields. See CTC_MAX_ATTRIB for max limit */
+    #undef  WOLFSSL_MULTI_ATTRIB
+    #define WOLFSSL_MULTI_ATTRIB
+
+    /* Parsing of indefinite length encoded ASN.1
+     * Optionally used by PKCS7/PKCS12 */
+    #undef  ASN_BER_TO_DER
+    #define ASN_BER_TO_DER
+
+    /* Enable custom OID support for subject and request extensions */
+    #undef  WOLFSSL_CUSTOM_OID
+    #define WOLFSSL_CUSTOM_OID
+
+    /* Support for full OID (not just sum) encoding */
+    #undef  HAVE_OID_ENCODING
+    #define HAVE_OID_ENCODING
+
+    /* Support for full OID (not just sum) decoding */
+    #undef  HAVE_OID_DECODING
+    #define HAVE_OID_DECODING
+
+    /* S/MIME - Secure Multipurpose Internet Mail Extension (used with PKCS7) */
+    #undef  HAVE_SMIME
+    #define HAVE_SMIME
+
+    /* Enable compatibility layer function for getting time string */
+    #undef  WOLFSSL_ASN_TIME_STRING
+    #define WOLFSSL_ASN_TIME_STRING
+
+    /* Support for parsing key usage */
+    #undef  WOLFSSL_ASN_PARSE_KEYUSAGE
+    #define WOLFSSL_ASN_PARSE_KEYUSAGE
+
+    /* Support for parsing OCSP status */
+    #undef  WOLFSSL_OCSP_PARSE_STATUS
+    #define WOLFSSL_OCSP_PARSE_STATUS
+
+    /* Extended Key Usage */
+    #undef  WOLFSSL_EKU_OID
+    #define WOLFSSL_EKU_OID
+
+    /* Attribute Certificate support */
+    #if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_ACERT)
+        #define WOLFSSL_ACERT
+    #endif
+#endif
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY)
+    #undef  WOLFSSL_ASN_TIME_STRING
+    #define WOLFSSL_ASN_TIME_STRING
+#endif
+
+#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
+    (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
+    #undef  WOLFSSL_ASN_PARSE_KEYUSAGE
+    #define WOLFSSL_ASN_PARSE_KEYUSAGE
+#endif
+
+#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+     defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \
+     defined(WOLFSSL_APACHE_HTTPD))
+    #undef  WOLFSSL_OCSP_PARSE_STATUS
+    #define WOLFSSL_OCSP_PARSE_STATUS
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_CERT_GEN)
+    #undef  WOLFSSL_MULTI_ATTRIB
+    #define WOLFSSL_MULTI_ATTRIB
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)
+    #undef  WOLFSSL_EKU_OID
+    #define WOLFSSL_EKU_OID
+#endif
+
+/* Disable time checking if no timer */
+#if defined(NO_ASN_TIME)
+    #define NO_ASN_TIME_CHECK
+#endif
+
+/* ASN Unknown Extension Callback support */
+#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) && \
+    defined(WOLFSSL_ASN_TEMPLATE)
+    #undef  WC_ASN_UNKNOWN_EXT_CB
+    #define WC_ASN_UNKNOWN_EXT_CB
+#else
+    /* if user supplied build option and not using ASN template, raise error */
+    #if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE)
+        #error ASN unknown extension callback is only supported \
+            with ASN template
+    #endif
+#endif
+
+
+/* Linux Kernel Module */
 #ifdef WOLFSSL_LINUXKM
     #ifdef HAVE_CONFIG_H
         #include <config.h>
@@ -2718,9 +3601,14 @@ extern void uITRON4_free(void *p) ;
     #ifndef WOLFSSL_TEST_SUBROUTINE
         #define WOLFSSL_TEST_SUBROUTINE static
     #endif
+    #undef HAVE_PTHREAD
+    /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */
     #undef HAVE_STRINGS_H
+    /* linuxkm uses linux/limits.h, included by linuxkm_wc_port.h. */
+    #undef HAVE_LIMITS_H
     #undef HAVE_ERRNO_H
     #undef HAVE_THREAD_LS
+    #undef HAVE_ATEXIT
     #undef WOLFSSL_HAVE_MIN
     #undef WOLFSSL_HAVE_MAX
     #define SIZEOF_LONG         8
@@ -2732,6 +3620,25 @@ extern void uITRON4_free(void *p) ;
     #ifndef WOLFSSL_SP_DIV_WORD_HALF
         #define WOLFSSL_SP_DIV_WORD_HALF
     #endif
+    #ifdef __PIE__
+        #define WC_NO_INTERNAL_FUNCTION_POINTERS
+    #endif
+
+    #ifndef NO_OLD_WC_NAMES
+        #define NO_OLD_WC_NAMES
+    #endif
+    #ifndef NO_OLD_SHA_NAMES
+        #define NO_OLD_SHA_NAMES
+    #endif
+    #ifndef NO_OLD_MD5_NAME
+        #define NO_OLD_MD5_NAME
+    #endif
+    #ifndef OPENSSL_COEXIST
+        #define OPENSSL_COEXIST
+    #endif
+    #ifndef NO_OLD_SSL_NAMES
+        #define NO_OLD_SSL_NAMES
+    #endif
 #endif
 
 
@@ -2742,12 +3649,10 @@ extern void uITRON4_free(void *p) ;
     #undef HAVE_GMTIME_R /* don't trust macro with windows */
 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
 
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
- || defined(HAVE_LIGHTY)) && !defined(NO_TLS)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && !defined(NO_TLS)
     #define OPENSSL_NO_ENGINE
-    #ifndef OPENSSL_EXTRA
-        #define OPENSSL_EXTRA
-    #endif
+
     /* Session Tickets will be enabled when --enable-opensslall is used.
      * Time is required for ticket expiration checking */
     #if !defined(HAVE_SESSION_TICKET) && !defined(NO_ASN_TIME)
@@ -2764,6 +3669,9 @@ extern void uITRON4_free(void *p) ;
     #ifndef HAVE_SNI
         #define HAVE_SNI
     #endif
+    #ifndef WOLFSSL_RSA_KEY_CHECK
+        #define WOLFSSL_RSA_KEY_CHECK
+    #endif
 #endif
 
 /* Make sure setting OPENSSL_ALL also sets OPENSSL_EXTRA. */
@@ -2771,13 +3679,50 @@ extern void uITRON4_free(void *p) ;
     #define OPENSSL_EXTRA
 #endif
 
-#ifdef HAVE_SNI
-    #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+
+#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)) && \
+    !defined(WOLFSSL_ASN_CA_ISSUER)
+    #define WOLFSSL_ASN_CA_ISSUER
 #endif
 
-/* Disable time checking if no timer */
-#if defined(NO_ASN_TIME)
-    #define NO_ASN_TIME_CHECK
+
+/* ---------------------------------------------------------------------------
+ * OpenSSL compat layer
+ * ---------------------------------------------------------------------------
+ */
+#ifdef OPENSSL_EXTRA
+    #undef  WOLFSSL_ALWAYS_VERIFY_CB
+    #define WOLFSSL_ALWAYS_VERIFY_CB
+
+    #undef WOLFSSL_VERIFY_CB_ALL_CERTS
+    #define WOLFSSL_VERIFY_CB_ALL_CERTS
+
+    #undef WOLFSSL_EXTRA_ALERTS
+    #define WOLFSSL_EXTRA_ALERTS
+
+    #undef HAVE_EXT_CACHE
+    #define HAVE_EXT_CACHE
+
+    #undef WOLFSSL_FORCE_CACHE_ON_TICKET
+    #define WOLFSSL_FORCE_CACHE_ON_TICKET
+
+    #undef WOLFSSL_AKID_NAME
+    #define WOLFSSL_AKID_NAME
+
+    #undef HAVE_CTS
+    #define HAVE_CTS
+
+    #undef WOLFSSL_SESSION_ID_CTX
+    #define WOLFSSL_SESSION_ID_CTX
+#endif /* OPENSSL_EXTRA */
+
+#ifdef OPENSSL_EXTRA_X509_SMALL
+    #undef WOLFSSL_NO_OPENSSL_RAND_CB
+    #define WOLFSSL_NO_OPENSSL_RAND_CB
+#endif
+
+#ifdef HAVE_SNI
+    #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
 #endif
 
 /* both CURVE and ED small math should be enabled */
@@ -2821,6 +3766,11 @@ extern void uITRON4_free(void *p) ;
     #ifndef NO_OLD_WC_NAMES
         #define NO_OLD_WC_NAMES
     #endif
+    #if defined(HAVE_SELFTEST) || \
+        (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
+        /* old FIPS needs this remapping. */
+        #define Sha3 wc_Sha3
+    #endif
 #endif
 
 #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
@@ -2864,12 +3814,29 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 /* Parts of the openssl compatibility layer require peer certs */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
- || defined(HAVE_LIGHTY)
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+     defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+     defined(HAVE_LIGHTY)) && !defined(NO_CERTS)
     #undef  KEEP_PEER_CERT
     #define KEEP_PEER_CERT
 #endif
 
+/* Always copy certificate(s) from SSL CTX to each SSL object on creation,
+ * if this is not defined then each SSL object shares a pointer to the
+ * original certificate buffer owned by the SSL CTX. */
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
+    #undef WOLFSSL_COPY_CERT
+    #define WOLFSSL_COPY_CERT
+#endif
+
+/* Always copy private key from SSL CTX to each SSL object on creation,
+ * if this is not defined then each SSL object shares a pointer to the
+ * original key buffer owned by the SSL CTX. */
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
+    #undef WOLFSSL_COPY_KEY
+    #define WOLFSSL_COPY_KEY
+#endif
+
 /*
  * Keeps the "Finished" messages after a TLS handshake for use as the so-called
  * "tls-unique" channel binding. See comment in internal.h around clientFinished
@@ -2880,14 +3847,45 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_HAVE_TLS_UNIQUE
 #endif
 
+/* WPAS Small option requires OPENSSL_EXTRA_X509_SMALL */
+#if defined(WOLFSSL_WPAS_SMALL) && !defined(OPENSSL_EXTRA_X509_SMALL)
+    #define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+/* Web Server needs to enable OPENSSL_EXTRA_X509_SMALL */
+#if defined(HAVE_WEBSERVER) && !defined(OPENSSL_EXTRA_X509_SMALL)
+    #define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+/* The EX data CRYPTO API's used with compatibility */
+#if !defined(HAVE_EX_DATA_CRYPTO) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) || \
+    defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
+    defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
+    defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB) || \
+    defined(WOLFSSL_WOLFSENTRY_HOOKS))
+    #define HAVE_EX_DATA_CRYPTO
+#endif
+
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(HAVE_EX_DATA_CLEANUP_HOOKS)
+    #define HAVE_EX_DATA_CLEANUP_HOOKS
+#endif
+
+/* Enable EX Data support if required */
+#if (defined(HAVE_EX_DATA_CRYPTO) || defined(HAVE_EX_DATA_CLEANUP_HOOKS)) && \
+    !defined(HAVE_EX_DATA)
+    #define HAVE_EX_DATA
+#endif
+
+
 /* RAW hash function APIs are not implemented */
 #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
     #undef  WOLFSSL_NO_HASH_RAW
     #define WOLFSSL_NO_HASH_RAW
 #endif
 
-/* XChacha not implemented with ARM assembly ChaCha */
-#if defined(WOLFSSL_ARMASM)
+#if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA)
+    /* XChacha requires ChaCha */
     #undef HAVE_XCHACHA
 #endif
 
@@ -2928,7 +3926,7 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
     !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
     !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) \
-    && !defined(USE_FAST_MATH)
+    && !defined(USE_FAST_MATH) && defined(NO_SHA256)
     #undef  WOLFSSL_NO_FORCE_ZERO
     #define WOLFSSL_NO_FORCE_ZERO
 #endif
@@ -2946,15 +3944,17 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_BASE64_DECODE
 #endif
 
-#if defined(HAVE_EX_DATA) || defined(FORTRESS)
-    #if defined(FORTRESS) && !defined(HAVE_EX_DATA)
-        #define HAVE_EX_DATA
-    #endif
+#if defined(FORTRESS) && !defined(HAVE_EX_DATA)
+    #define HAVE_EX_DATA
+#endif
+
+#ifdef HAVE_EX_DATA
     #ifndef MAX_EX_DATA
     #define MAX_EX_DATA 5  /* allow for five items of ex_data */
     #endif
 #endif
 
+
 #ifdef NO_WOLFSSL_SMALL_STACK
     #undef WOLFSSL_SMALL_STACK
 #endif
@@ -3013,8 +4013,10 @@ extern void uITRON4_free(void *p) ;
 
 /* Do not allow using small stack with no malloc */
 #if defined(WOLFSSL_NO_MALLOC) && \
-    (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE))
-    #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC)
+    (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE)) && \
+    !defined(WOLFSSL_STATIC_MEMORY)
+    #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC) and \
+           without staticmemory (WOLFSSL_STATIC_MEMORY)
 #endif
 
 /* If malloc is disabled make sure it is also disabled in SP math */
@@ -3048,6 +4050,13 @@ extern void uITRON4_free(void *p) ;
     #define HAVE_ONE_TIME_AUTH
 #endif
 
+/* This is checked for in configure.ac, so might want to do it in here as well.
+ */
+#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
+    #error HAVE_RENEGOTIATION_INDICATION cannot be defined together with \
+           HAVE_SECURE_RENEGOTIATION
+#endif
+
 /* Check for insecure build combination:
  * secure renegotiation   [enabled]
  * extended master secret [disabled]
@@ -3096,7 +4105,9 @@ extern void uITRON4_free(void *p) ;
 #ifdef HAVE_LIBOQS
 #define HAVE_PQC
 #define HAVE_FALCON
-#define HAVE_DILITHIUM
+#ifndef HAVE_DILITHIUM
+    #define HAVE_DILITHIUM
+#endif
 #ifndef WOLFSSL_NO_SPHINCS
     #define HAVE_SPHINCS
 #endif
@@ -3108,23 +4119,19 @@ extern void uITRON4_free(void *p) ;
 #endif
 #endif
 
-#ifdef HAVE_PQM4
-#define HAVE_PQC
-#define WOLFSSL_HAVE_KYBER
-#define WOLFSSL_KYBER512
-#define WOLFSSL_NO_KYBER768
-#define WOLFSSL_NO_KYBER1024
+#if (defined(HAVE_LIBOQS) ||                                            \
+     defined(HAVE_LIBXMSS) ||                                           \
+     defined(HAVE_LIBLMS) ||                                            \
+     defined(WOLFSSL_DUAL_ALG_CERTS) ||                                 \
+     defined(HAVE_ASCON)) &&                                            \
+    !defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
+    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
 #endif
 
-#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \
-    !defined(WOLFSSL_HAVE_KYBER)
+#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_KYBER)
 #error Please do not define HAVE_PQC yourself.
 #endif
 
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_PQM4)
-#error Please do not define both HAVE_LIBOQS and HAVE_PQM4.
-#endif
-
 #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \
     !defined(WOLFSSL_DTLS_CH_FRAG)
 #warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \
@@ -3139,6 +4146,11 @@ extern void uITRON4_free(void *p) ;
     #error The SRTP extension requires DTLS
 #endif
 
+/* FIPS v5 and older doesn't support WOLF_PRIVATE_KEY_ID with PK callbacks */
+#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) && defined(HAVE_PK_CALLBACKS)
+    #define NO_WOLF_PRIVATE_KEY_ID
+#endif
+
 /* Are we using an external private key store like:
  *     PKCS11 / HSM / crypto callback / PK callback */
 #if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \
@@ -3155,12 +4167,21 @@ extern void uITRON4_free(void *p) ;
     #define NO_SESSION_CACHE_REF
 #endif
 
-/* (D)TLS v1.3 requires 64-bit number wrappers */
-#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS)
+/* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */
+#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \
+    (defined(WOLFSSL_WC_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \
+    WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_WC_LMS) && \
+    !defined(WOLFSSL_LMS_VERIFY_ONLY))
     #undef WOLFSSL_W64_WRAPPER
     #define WOLFSSL_W64_WRAPPER
 #endif
 
+/* wc_xmss and wc_lms require these misc.c functions. */
+#if defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS)
+    #undef  WOLFSSL_NO_INT_ENCODE
+    #undef  WOLFSSL_NO_INT_DECODE
+#endif
+
 /* DTLS v1.3 requires AES ECB if using AES */
 #if defined(WOLFSSL_DTLS13) && !defined(NO_AES) && \
     !defined(WOLFSSL_AES_DIRECT)
@@ -3172,10 +4193,6 @@ extern void uITRON4_free(void *p) ;
 #error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS"
 #endif
 
-#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_DTLS13)
-#error "ConnectionID is supported for DTLSv1.3 only"
-#endif
-
 #if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS)
     #error WOLFSSL_QUIC is incompatible with WOLFSSL_CALLBACKS.
 #endif
@@ -3186,7 +4203,6 @@ extern void uITRON4_free(void *p) ;
  *   RSA public only, CAVP selftest, fast RSA, user RSA, QAT or CryptoCell */
 #if (defined(WOLFSSL_RSA_KEY_CHECK) || (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0))) && \
     !defined(WOLFSSL_NO_RSA_KEY_CHECK) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
-    !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \
     !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_CRYPTOCELL) && \
     !defined(HAVE_SELFTEST)
 
@@ -3194,22 +4210,28 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_RSA_KEY_CHECK
 #endif
 
-/* SHAKE - Not allowed in FIPS */
-#if defined(WOLFSSL_SHA3) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    #ifndef WOLFSSL_NO_SHAKE128
-        #undef  WOLFSSL_SHAKE128
-        #define WOLFSSL_SHAKE128
-    #endif
-    #ifndef WOLFSSL_NO_SHAKE256
-        #undef  WOLFSSL_SHAKE256
-        #define WOLFSSL_SHAKE256
-    #endif
-#else
+/* ED448 Requires Shake256 */
+#if defined(HAVE_ED448) && defined(WOLFSSL_SHA3)
+    #undef  WOLFSSL_SHAKE256
+    #define WOLFSSL_SHAKE256
+#endif
+
+/* SHAKE - Not allowed in FIPS v5.2 or older */
+#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || \
+    (defined(HAVE_FIPS) && FIPS_VERSION_LE(5,2)))
     #undef  WOLFSSL_NO_SHAKE128
     #define WOLFSSL_NO_SHAKE128
     #undef  WOLFSSL_NO_SHAKE256
     #define WOLFSSL_NO_SHAKE256
 #endif
+/* SHAKE Disable */
+#ifdef WOLFSSL_NO_SHAKE128
+    #undef WOLFSSL_SHAKE128
+#endif
+#ifdef WOLFSSL_NO_SHAKE256
+    #undef WOLFSSL_SHAKE256
+#endif
+
 
 /* Encrypted Client Hello - requires HPKE */
 #if defined(HAVE_ECH) && !defined(HAVE_HPKE)
@@ -3278,6 +4300,89 @@ extern void uITRON4_free(void *p) ;
     /* Ciphersuite check done in internal.h */
 #endif
 
+/* Some final sanity checks. See esp32-crypt.h for Apple HomeKit config. */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    #ifndef WOLFCRYPT_HAVE_SRP
+        #error "WOLFCRYPT_HAVE_SRP is required for Apple Homekit"
+    #endif
+    #ifndef HAVE_CHACHA
+        #error "HAVE_CHACHA is required for Apple Homekit"
+    #endif
+    #ifdef  USE_FAST_MATH
+        #ifdef FP_MAX_BITS
+            #if FP_MAX_BITS < (8192 * 2)
+                #error "HomeKit FP_MAX_BITS must at least (8192 * 2)"
+            #endif
+        #else
+            #error "HomeKit FP_MAX_BITS must be assigned a value (8192 * 2)"
+        #endif
+    #endif
+#endif
+
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
+    /* The settings.h and/or user_settings.h should have detected config
+     * values from Kconfig and set the appropriate wolfSSL macro: */
+    #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
+#endif
+
+#if defined(WOLFSSL_ESPIDF) && defined(ARDUINO)
+    #error "Found both ESPIDF and ARDUINO. Pick one."
+#endif
+
+#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+            CONFIG_MBEDTLS_CERTIFICATE_BUNDLE  && \
+            CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    #error "mbedTLS and wolfSSL Certificate Bundles both enabled. Pick one".
+#endif
+
+#if defined(HAVE_FIPS) && defined(HAVE_PKCS11)
+    #error "PKCS11 not allowed with FIPS enabled (Crypto outside boundary)"
+#endif
+
+#if defined(WOLFSSL_CAAM_BLOB)
+    #ifndef WOLFSSL_CAAM
+        #error "WOLFSSL_CAAM_BLOB requires WOLFSSL_CAAM"
+    #endif
+#endif
+
+#if defined(HAVE_ED25519)
+    #ifndef WOLFSSL_SHA512
+        #error "HAVE_ED25519 requires WOLFSSL_SHA512"
+    #endif
+#endif
+
+#if defined(OPENSSL_ALL) && defined(OPENSSL_COEXIST)
+    #error "OPENSSL_ALL can not be defined with OPENSSL_COEXIST"
+#endif
+
+#if !defined(NO_DSA) && defined(NO_SHA)
+    #error "Please disable DSA if disabling SHA-1"
+#endif
+
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    #if !defined(WOLFSSL_CRYPTO_POLICY_FILE)
+        #error "WOLFSSL_SYS_CRYPTO_POLICY requires a crypto policy file"
+    #endif /* ! WOLFSSL_CRYPTO_POLICY_FILE */
+
+    #if !defined(OPENSSL_EXTRA)
+        #error "WOLFSSL_SYS_CRYPTO_POLICY requires OPENSSL_EXTRA"
+    #endif /* ! OPENSSL_EXTRA */
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
+/* if configure.ac turned on this feature, HAVE_ENTROPY_MEMUSE will be set,
+ * also define HAVE_WOLFENTROPY */
+#ifdef HAVE_ENTROPY_MEMUSE
+    #ifndef HAVE_WOLFENTROPY
+        #define HAVE_WOLFENTROPY
+    #endif
+#elif defined(HAVE_WOLFENTROPY)
+    /* else if user_settings.h only defined HAVE_WOLFENTROPY
+     * also define HAVE_ENTROPY_MEMUSE */
+    #ifndef HAVE_ENTROPY_MEMUSE
+        #define HAVE_ENTROPY_MEMUSE
+    #endif
+#endif /* HAVE_ENTROPY_MEMUSE */
 
 #ifdef __cplusplus
     }   /* extern "C" */
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index e8bcc9b0d..54b083385 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,8 +31,7 @@
 
 #ifndef NO_SHA
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -53,6 +52,11 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_sha_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA_sanity(void);
+#endif
+
 /* avoid redefinition of structs */
 #if !defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
@@ -72,6 +76,9 @@
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
     #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
 
 #if !defined(NO_OLD_SHA_NAMES)
     #define SHA             WC_SHA
@@ -144,8 +151,8 @@ struct wc_Sha {
     #else
     word32  digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
     #endif
-    void*   heap;
 #endif
+    void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
     hashUpdCache cache; /* cache for updates */
 #endif
@@ -156,6 +163,9 @@ struct wc_Sha {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_IMXRT1170_CAAM
     caam_hash_ctx_t ctx;
     caam_handle_t hndl;
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index 3651dd31f..7a064a0ca 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -1,6 +1,6 @@
 /* sha256.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,8 +32,7 @@
 
 #ifndef NO_SHA256
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -61,6 +60,11 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA256_sanity(void);
+#endif
+
 /* avoid redefinition of structs */
 #if !defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
@@ -142,6 +146,10 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
 #else
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
+
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
 #endif
@@ -175,14 +183,24 @@ struct wc_Sha256 {
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     psa_hash_operation_t psa_ctx;
 #else
+#ifdef WC_64BIT_CPU
     /* alignment on digest and buffer speeds up ARMv8 crypto operations */
     ALIGN16 word32  digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
     ALIGN16 word32  buffer[WC_SHA256_BLOCK_SIZE  / sizeof(word32)];
+#else
+    word32  digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+    word32  buffer[WC_SHA256_BLOCK_SIZE  / sizeof(word32)];
+#endif
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    void*   heap;
+
+#ifdef WC_C_DYNAMIC_FALLBACK
+    int sha_method;
 #endif
+
+#endif
+    void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
     hashUpdCache cache; /* cache for updates */
 #endif
@@ -195,6 +213,9 @@ struct wc_Sha256 {
 #ifdef WOLFSSL_DEVCRYPTO_HASH
     WC_CRYPTODEV ctx;
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
     byte*  msg;
     word32 used;
@@ -243,12 +264,20 @@ struct wc_Sha256 {
 WOLFSSL_API int wc_InitSha256(wc_Sha256* sha);
 WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId);
 WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
+
+#if !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH)
 WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash);
+#endif
 WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256);
-#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
+#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH)
 WOLFSSL_API int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data);
 #endif
+#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
+WOLFSSL_API int wc_Sha256HashBlock(wc_Sha256* sha, const unsigned char* data,
+    unsigned char* hash);
+#endif
 #if defined(WOLFSSL_HASH_KEEP)
 WOLFSSL_API int wc_Sha256_Grow(wc_Sha256* sha256, const byte* in, int inSz);
 #endif
diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h
index 2b9283a03..26b2ad727 100644
--- a/wolfssl/wolfcrypt/sha3.h
+++ b/wolfssl/wolfcrypt/sha3.h
@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,10 +36,19 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_sha3_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA3_sanity(void);
+#endif
+
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
+#ifdef STM32_HASH
+    #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+
 /* in bytes */
 enum {
     /* SHAKE-128 */
@@ -119,12 +128,25 @@ struct wc_Sha3 {
 
     void*  heap;
 
+#ifdef WOLF_CRYPTO_CB
+    int    devId;
+#endif
+
+#ifdef WC_C_DYNAMIC_FALLBACK
+    void (*sha3_block)(word64 *s);
+    void (*sha3_block_n)(word64 *s, const byte* data, word32 n,
+        word64 c);
+#endif
+
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifdef WOLFSSL_HASH_FLAGS
     word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
+#if defined(STM32_HASH_SHA3)
+    STM32_HASH_Context stmCtx;
+#endif
 };
 
 #ifndef WC_SHA3_TYPE_DEFINED
@@ -135,7 +157,10 @@ struct wc_Sha3 {
 #endif
 
 #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256)
-typedef wc_Sha3 wc_Shake;
+    #ifndef WC_SHAKE_TYPE_DEFINED
+        typedef wc_Sha3 wc_Shake;
+        #define WC_SHAKE_TYPE_DEFINED
+    #endif
 #endif
 
 WOLFSSL_API int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId);
@@ -201,8 +226,13 @@ WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n,
 WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);
 WOLFSSL_LOCAL void sha3_block_avx2(word64* s);
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+WOLFSSL_LOCAL void BlockSha3_crypto(word64 *s);
 #endif
-#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_CRYPTO_SHA3)
+WOLFSSL_LOCAL void BlockSha3_base(word64 *s);
+WOLFSSL_LOCAL void BlockSha3(word64 *s);
+#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
 #endif
 
diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h
index 7592c4688..593177eec 100644
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -1,6 +1,6 @@
 /* sha512.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,8 +32,7 @@
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 
 
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+#if FIPS_VERSION3_GE(2,0,0)
     #include <wolfssl/wolfcrypt/fips.h>
 #endif /* HAVE_FIPS_VERSION >= 2 */
 
@@ -41,6 +40,11 @@
     extern "C" {
 #endif
 
+#if FIPS_VERSION3_GE(6,0,0)
+    extern const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2];
+    WOLFSSL_LOCAL int wolfCrypt_FIPS_SHA512_sanity(void);
+#endif
+
 /* avoid redefinition of structs */
 #if !defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
@@ -69,6 +73,10 @@
     #include "fsl_caam.h"
 #endif
 
+#ifdef STM32_HASH
+    #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+
 #if defined(_MSC_VER)
     #define SHA512_NOINLINE __declspec(noinline)
 #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
@@ -131,12 +139,16 @@ enum {
     #include "mcapi.h"
     #include "mcapi_error.h"
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
 /* wc_Sha512 digest */
 struct wc_Sha512 {
 #ifdef WOLFSSL_PSOC6_CRYPTO
     cy_stc_crypto_sha_state_t hash_state;
     cy_en_crypto_sha_mode_t sha_mode;
     cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
+    void*   heap;
 #else
     word64  digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
     word64  buffer[WC_SHA512_BLOCK_SIZE  / sizeof(word64)];
@@ -147,15 +159,20 @@ struct wc_Sha512 {
 #ifdef USE_INTEL_SPEEDUP
     const byte* data;
 #endif
+#ifdef WC_C_DYNAMIC_FALLBACK
+    int sha_method;
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     word64* W;
 #endif
+
 #if defined(WOLFSSL_ESP32_CRYPT) && \
    !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \
-   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)
+    (!defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512) || \
+     !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384))
     WC_ESP32SHA ctx;
 #endif
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
@@ -176,6 +193,9 @@ struct wc_Sha512 {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_HASH_FLAGS
     word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
@@ -186,6 +206,9 @@ struct wc_Sha512 {
 #ifdef HAVE_ARIA
     MC_HSESSION hSession;
 #endif
+#if defined(STM32_HASH_SHA512)
+    STM32_HASH_Context stmCtx;
+#endif
 #endif /* WOLFSSL_PSOC6_CRYPTO */
 };
 
@@ -201,18 +224,15 @@ struct wc_Sha512 {
 
 #endif /* HAVE_FIPS */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
     void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data,
         word32 len);
-    #define Transform_Sha512_Len    Transform_Sha512_Len_neon
-#else
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
     void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data,
         word32 len);
-    #define Transform_Sha512_Len    Transform_Sha512_Len_crypto
 #endif
 #else
 extern void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h
index f712c0478..7d9a1d40a 100644
--- a/wolfssl/wolfcrypt/signature.h
+++ b/wolfssl/wolfcrypt/signature.h
@@ -1,6 +1,6 @@
 /* signature.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/siphash.h b/wolfssl/wolfcrypt/siphash.h
index ebb13024c..26cd82175 100644
--- a/wolfssl/wolfcrypt/siphash.h
+++ b/wolfssl/wolfcrypt/siphash.h
@@ -1,6 +1,6 @@
 /* siphash.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm2.h b/wolfssl/wolfcrypt/sm2.h
index 87167f42e..fb90aaa38 100644
--- a/wolfssl/wolfcrypt/sm2.h
+++ b/wolfssl/wolfcrypt/sm2.h
@@ -1,6 +1,6 @@
 /* sm2.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm3.h b/wolfssl/wolfcrypt/sm3.h
index 2b3fc5034..e7e8b0e72 100644
--- a/wolfssl/wolfcrypt/sm3.h
+++ b/wolfssl/wolfcrypt/sm3.h
@@ -1,6 +1,6 @@
 /* sm3.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm4.h b/wolfssl/wolfcrypt/sm4.h
index f3e66cb89..3cebb799b 100644
--- a/wolfssl/wolfcrypt/sm4.h
+++ b/wolfssl/wolfcrypt/sm4.h
@@ -1,6 +1,6 @@
 /* sm4.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h
index 88e9a069b..9e7a9c945 100644
--- a/wolfssl/wolfcrypt/sp.h
+++ b/wolfssl/wolfcrypt/sp.h
@@ -1,6 +1,6 @@
 /* sp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index e768d0cd5..7c5fdd1ab 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -1,6 +1,6 @@
 /* sp_int.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,9 @@ This library provides single precision (SP) integer math functions.
 #ifndef WOLFSSL_LINUXKM
 #include <limits.h>
 #endif
-#include  <wolfssl/wolfcrypt/settings.h>
-#include  <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/hash.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -100,6 +101,15 @@ extern "C" {
     #error "Size of unsigned int not detected"
 #endif
 
+#if defined(__WATCOMC__) && defined(__WATCOM_INT64__)
+    /* For older Watcom C compiler force types */
+    #define SP_ULLONG_BITS    64
+    typedef unsigned __int64 sp_uint64;
+    typedef          __int64  sp_int64;
+
+#else
+
+/* 32-bit type */
 #if defined(WOLF_C89) && !defined(NO_64BIT) && \
         ULONG_MAX == 18446744073709551615UL
     #define SP_ULONG_BITS    64
@@ -108,8 +118,8 @@ extern "C" {
     typedef          long  sp_int64;
 #elif !defined(WOLF_C89) && !defined(NO_64BIT) && \
         ULONG_MAX == 18446744073709551615ULL && \
-        4294967295UL != 18446744073709551615ULL /* verify pre-processor supports
-                                                 * 64-bit ULL types */
+        /* sanity check pre-processor supports 64-bit ULL types */ \
+        4294967295UL != 18446744073709551615ULL
     #define SP_ULONG_BITS    64
 
     typedef unsigned long sp_uint64;
@@ -132,6 +142,7 @@ extern "C" {
     #error "Size of unsigned long not detected"
 #endif
 
+/* 64-bit type */
 #ifdef ULLONG_MAX
     #if defined(WOLF_C89) && ULLONG_MAX == 18446744073709551615UL
         #define SP_ULLONG_BITS    64
@@ -165,6 +176,7 @@ extern "C" {
         #error "Size of unsigned long long not detected"
     #endif
 #elif (SP_ULONG_BITS == 32) && !defined(NO_64BIT)
+    #define SP_ULLONG_BITS    64
     /* Speculatively use long long as the 64-bit type as we don't have one
      * otherwise. */
     typedef unsigned long long sp_uint64;
@@ -173,18 +185,12 @@ extern "C" {
     #define SP_ULLONG_BITS    0
 #endif
 
+#endif /* __WATCOMC__ */
 
 #ifdef WOLFSSL_SP_DIV_32
 #define WOLFSSL_SP_DIV_WORD_HALF
 #endif
 
-/* Detect Cortex M3 (no UMAAL) */
-#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__)
-    #undef  WOLFSSL_SP_NO_UMAAL
-    #define WOLFSSL_SP_NO_UMAAL
-#endif
-
-
 /* Make sure WOLFSSL_SP_ASM build option defined when requested */
 #if !defined(WOLFSSL_SP_ASM) && ( \
       defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
@@ -256,7 +262,7 @@ extern "C" {
 #define SP_WORD_SIZEOF  (SP_WORD_SIZE / 8)
 
 /* Define the types used. */
-#ifdef HAVE___UINT128_T
+#if defined(HAVE___UINT128_T) && !defined(NO_INT128)
     #ifdef __SIZEOF_INT128__
         typedef __uint128_t   sp_uint128;
         typedef  __int128_t    sp_int128;
@@ -692,12 +698,17 @@ typedef struct sp_ecc_ctx {
  *
  * @param  [in]  a  SP integer to update.
  */
-#define sp_clamp(a)                                               \
-    do {                                                          \
-        int ii;                                                   \
-        for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
-        }                                                         \
-        (a)->used = (unsigned int)ii + 1;                         \
+#define sp_clamp(a)                                                            \
+    do {                                                                       \
+        int ii;                                                                \
+        if ((a)->used > 0) {                                                   \
+            for (ii = (int)(a)->used - 1; ii >= 0; ii--) {                     \
+                if ((a)->dp[ii] != 0) {                                        \
+                    break;                                                     \
+                }                                                              \
+            }                                                                  \
+            (a)->used = (wc_mp_size_t)(ii + 1);                                \
+        }                                                                      \
     } while (0)
 
 /* Check the compiled and linked math implementation are the same.
@@ -740,24 +751,18 @@ typedef struct sp_ecc_ctx {
 #define MP_LT    (-1)
 
 /* ERROR VALUES */
+
+/* MP_MEM, MP_VAL, MP_WOULDBLOCK, and MP_NOT_INF are defined in error-crypt.h */
+
 /** Error value on success. */
 #define MP_OKAY          0
-/** Error value when dynamic memory allocation fails. */
-#define MP_MEM          (-2)
-/** Error value when value passed is not able to be used. */
-#define MP_VAL          (-3)
-/** Error value when non-blocking operation is returning after partial
- * completion.
- */
-#define FP_WOULDBLOCK   (-4)
-/* Unused error. Defined for backward compatibility. */
-#define MP_NOT_INF      (-5)
+
+#define FP_WOULDBLOCK   MP_WOULDBLOCK
 /* Unused error. Defined for backward compatibility. */
 #define MP_RANGE        MP_NOT_INF
-
 #ifdef USE_FAST_MATH
 /* For old FIPS, need FP_MEM defined for old implementation. */
-#define FP_MEM          (-2)
+#define FP_MEM          MP_MEM
 #endif
 
 /* Number of bits in each word/digit. */
@@ -774,8 +779,8 @@ typedef struct sp_ecc_ctx {
 /* The number of bytes to a sp_int with 'cnt' digits.
  * Must have at least one digit.
  */
-#define MP_INT_SIZEOF(cnt)                                              \
-    (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((cnt) - 1)) *        \
+#define MP_INT_SIZEOF(cnt)                                                  \
+    (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((size_t)((cnt) - 1))) *  \
      sizeof(sp_int_digit))
 /* The address of the next sp_int after one with 'cnt' digits. */
 #define MP_INT_NEXT(t, cnt) \
@@ -784,7 +789,7 @@ typedef struct sp_ecc_ctx {
 
 /* Calculate the number of words required to support a number of bits. */
 #define MP_BITS_CNT(bits)                                       \
-        ((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)
+        ((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)))
 
 #ifdef WOLFSSL_SMALL_STACK
 /*
@@ -869,6 +874,20 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#if SP_INT_DIGITS < (65536 / SP_WORD_SIZEOF)
+/* Type for number of digits. */
+typedef word16       sp_size_t;
+#else
+/* Type for number of digits. */
+typedef unsigned int sp_size_t;
+#endif
+
+/* Type for number of digits. */
+#define wc_mp_size_t sp_size_t
+#ifdef WOLFSSL_SP_INT_NEGATIVE
+    typedef sp_uint8 sp_sign_t;
+    #define wc_mp_sign_t sp_sign_t
+#endif
 
 /**
  * SP integer.
@@ -877,12 +896,12 @@ while (0)
  */
 typedef struct sp_int {
     /** Number of words that contain data.  */
-    unsigned int used;
+    sp_size_t    used;
     /** Maximum number of words in data.  */
-    unsigned int size;
+    sp_size_t    size;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     /** Indicates whether number is 0/positive or negative.  */
-    unsigned int sign;
+    sp_sign_t    sign;
 #endif
 #ifdef HAVE_WOLF_BIGINT
     /** Unsigned binary (big endian) representation of number. */
@@ -893,12 +912,16 @@ typedef struct sp_int {
 } sp_int;
 
 typedef struct sp_int_minimal {
-    unsigned int used;
-    unsigned int size;
+    /** Number of words that contain data.  */
+    sp_size_t    used;
+    /** Maximum number of words in data.  */
+    sp_size_t    size;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign;
+    /** Indicates whether number is 0/positive or negative.  */
+    sp_uint8     sign;
 #endif
 #ifdef HAVE_WOLF_BIGINT
+    /** Unsigned binary (big endian) representation of number. */
     struct WC_BIGINT raw;
 #endif
     /** First digit of number.  */
@@ -996,6 +1019,9 @@ MP_API int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
 MP_API int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     sp_int* r);
 #endif
+#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
+MP_API void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r);
+#endif
 
 MP_API int sp_lshd(sp_int* a, int s);
 #ifdef WOLFSSL_SP_MATH_ALL
@@ -1067,7 +1093,7 @@ MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap);
 MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result);
 MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result,
     WC_RNG* rng);
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
 MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r);
 #endif
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
@@ -1140,26 +1166,22 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_div_2                            sp_div_2
 #define mp_add                              sp_add
 #define mp_sub                              sp_sub
-#define mp_addmod                           sp_addmod
-#define mp_submod                           sp_submod
+
 #define mp_addmod_ct                        sp_addmod_ct
 #define mp_submod_ct                        sp_submod_ct
+#define mp_xor_ct                           sp_xor_ct
 #define mp_lshd                             sp_lshd
 #define mp_rshd                             sp_rshd
 #define mp_div                              sp_div
-#define mp_mod                              sp_mod
 #define mp_mul                              sp_mul
-#define mp_mulmod                           sp_mulmod
 #define mp_invmod                           sp_invmod
 #define mp_invmod_mont_ct                   sp_invmod_mont_ct
 #define mp_exptmod_ex                       sp_exptmod_ex
-#define mp_exptmod                          sp_exptmod
 #define mp_exptmod_nct                      sp_exptmod_nct
 #define mp_div_2d                           sp_div_2d
 #define mp_mod_2d                           sp_mod_2d
 #define mp_mul_2d                           sp_mul_2d
 #define mp_sqr                              sp_sqr
-#define mp_sqrmod                           sp_sqrmod
 
 #define mp_unsigned_bin_size                sp_unsigned_bin_size
 #define mp_read_unsigned_bin                sp_read_unsigned_bin
@@ -1182,6 +1204,17 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_memzero_add                      sp_memzero_add
 #define mp_memzero_check                    sp_memzero_check
 
+/* Allow for Hardware Based Mod Math */
+/* Avoid redeclaration warnings */
+#ifndef WOLFSSL_USE_HW_MP
+    #define mp_mod                              sp_mod
+    #define mp_addmod                           sp_addmod
+    #define mp_submod                           sp_submod
+    #define mp_mulmod                           sp_mulmod
+    #define mp_exptmod                          sp_exptmod
+    #define mp_sqrmod                           sp_sqrmod
+#endif
+
 #ifdef WOLFSSL_DEBUG_MATH
 #define mp_dump(d, a, v)                    sp_print(a, d)
 #endif
diff --git a/wolfssl/wolfcrypt/sphincs.h b/wolfssl/wolfcrypt/sphincs.h
index 958d8529b..f1487dd3b 100644
--- a/wolfssl/wolfcrypt/sphincs.h
+++ b/wolfssl/wolfcrypt/sphincs.h
@@ -1,6 +1,6 @@
 /* sphincs.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,6 +41,7 @@
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -99,7 +100,7 @@ struct sphincs_key {
 
 WOLFSSL_API
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key);
+                        sphincs_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_sphincs_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                           word32 msgLen, int* res, sphincs_key* key);
@@ -124,7 +125,7 @@ int wc_sphincs_import_private_key(const byte* priv, word32 privSz,
                                   sphincs_key* key);
 
 WOLFSSL_API
-int wc_sphincs_export_public(sphincs_key*, byte* out, word32* outLen);
+int wc_sphincs_export_public(sphincs_key* key, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_sphincs_export_private_only(sphincs_key* key, byte* out, word32* outLen);
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 7832113a7..760776557 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index dc6d55a1c..718077cd5 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -1,6 +1,6 @@
 /* tfm.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,6 +40,7 @@
 #define WOLF_CRYPT_TFM_H
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef CHAR_BIT
     #include <limits.h>
 #endif
@@ -305,10 +306,10 @@
 
 /* return codes */
 #define FP_OKAY      0
-#define FP_VAL      (-1)
-#define FP_MEM      (-2)
-#define FP_NOT_INF  (-3)
-#define FP_WOULDBLOCK (-4)
+#define FP_VAL      MP_VAL
+#define FP_MEM      MP_MEM
+#define FP_NOT_INF  MP_NOT_INF
+#define FP_WOULDBLOCK MP_WOULDBLOCK
 
 /* equalities */
 #define FP_LT        (-1)   /* less than */
@@ -364,7 +365,7 @@ while (0)
 /* Initialize an mp_int. */
 #define INIT_MP_INT_SIZE(name, bits) \
     mp_init(name)
-/* Type to cast to when using size marcos. */
+/* Type to cast to when using size macros. */
 #define MP_INT_SIZE     mp_int
 
 
@@ -378,6 +379,9 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#define wc_mp_size_t int
+#define wc_mp_sign_t int
+
 /* a FP type */
 typedef struct fp_int {
     int      used;
@@ -776,9 +780,7 @@ int  fp_sqr_comba64(fp_int *a, fp_int *b);
 #define MP_LT   FP_LT   /* less than    */
 #define MP_EQ   FP_EQ   /* equal to     */
 #define MP_GT   FP_GT   /* greater than */
-#define MP_VAL  FP_VAL  /* invalid */
-#define MP_MEM  FP_MEM  /* memory error */
-#define MP_NOT_INF FP_NOT_INF /* point not at infinity */
+#define MP_RANGE MP_NOT_INF
 #define MP_OKAY FP_OKAY /* ok result    */
 #define MP_NO   FP_NO   /* yes/no result */
 #define MP_YES  FP_YES  /* yes/no result */
@@ -877,8 +879,9 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size);
 MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
 MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct);
 MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho);
+MP_API int mp_sqr(fp_int *a, fp_int *b);
+
 #ifdef HAVE_ECC
-    MP_API int mp_sqr(fp_int *a, fp_int *b);
     MP_API int mp_div_2(fp_int * a, fp_int * b);
     MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c);
 #endif
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 972066998..02210fd04 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1,6 +1,6 @@
 /* types.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,6 +34,14 @@ decouple library dependencies with standard string, memory and so on.
     #include <wolfssl/wolfcrypt/settings.h>
     #include <wolfssl/wolfcrypt/wc_port.h>
 
+    #if defined(EXTERNAL_OPTS_OPENVPN) && defined(BUILDING_WOLFSSL)
+    #error EXTERNAL_OPTS_OPENVPN should not be defined in compiled wolfssl library files.
+    #endif
+
+    #ifdef __APPLE__
+        #include <AvailabilityMacros.h>
+    #endif
+
     #ifdef __cplusplus
         extern "C" {
     #endif
@@ -73,6 +81,7 @@ decouple library dependencies with standard string, memory and so on.
     #endif
 
     #ifndef WOLFSSL_TYPES
+        #define WOLFSSL_TYPES
         #ifndef byte
             /* If using C++ C17 or later and getting:
              *   "error: reference to 'byte' is ambiguous", this is caused by
@@ -108,30 +117,85 @@ decouple library dependencies with standard string, memory and so on.
         typedef const char* const wcchar;
     #endif
 
+    #ifndef WC_BITFIELD
+        #ifdef WOLF_C89
+            #define WC_BITFIELD unsigned
+        #else
+            #define WC_BITFIELD byte
+        #endif
+    #endif
+
     #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES
         /* if a version is available, pivot on the version, otherwise guess it's
-         * allowed, subject to override.
+         * disallowed, subject to override.
          */
         #if !defined(WOLF_C89) && (!defined(__STDC__)                \
             || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \
             || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \
             || (defined(__cplusplus) && (__cplusplus >= 201103L)))
             #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1
-        #else
-            #define HAVE_ANONYMOUS_INLINE_AGGREGATES 0
         #endif
+    #elif ~(~HAVE_ANONYMOUS_INLINE_AGGREGATES + 1) == 1
+        /* forced on with empty value -- remap to 1 */
+        #undef HAVE_ANONYMOUS_INLINE_AGGREGATES
+        #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1
+    #elif HAVE_ANONYMOUS_INLINE_AGGREGATES
+        /* forced on with explicit nonzero value -- leave as-is. */
+    #else
+        /* forced off with explicit zero value -- remap to undef. */
+        #undef HAVE_ANONYMOUS_INLINE_AGGREGATES
     #endif
 
-    /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall
-     * -Wextra -pedantic), a trailing comma on the last value in an enum
-     * definition is a syntax error.  We use this macro to accommodate that
-     * without disrupting clean flow/syntax when some enum values are
-     * preprocessor-gated.
-     */
-    #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS)
-        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _wolf_ ## prefix ## _enum_dummy_last_element
+    #ifndef HAVE_EMPTY_AGGREGATES
+        /* The C standards don't define empty aggregates, but gcc and clang do.
+         * We need to accommodate them for one of the same reasons C++ does --
+         * conditionally empty aggregates, e.g. in hash.h.
+         *
+         * Nonetheless, in C++, empty aggregates wind up with size 1.  If we use
+         * the [0] construct and the header is compiled by clang++, it warns
+         * "struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]", despite
+         * the extern "C" wrapper.  We sidestep this warning by recognizing
+         * here that C++ doesn't support truly empty aggregates.  LLVM, for its part,
+         * deprecates compilation of C code as C++ using clang++.
+         */
+        #if !defined(WOLF_C89) && defined(__GNUC__) &&  \
+                !defined(__STRICT_ANSI__) &&            \
+                !defined(__cplusplus) &&                \
+                defined(HAVE_ANONYMOUS_INLINE_AGGREGATES)
+            #define HAVE_EMPTY_AGGREGATES 1
+        #endif
+    #elif ~(~HAVE_EMPTY_AGGREGATES + 1) == 1
+        /* forced on with empty value -- remap to 1 */
+        #undef HAVE_EMPTY_AGGREGATES
+        #define HAVE_EMPTY_AGGREGATES 1
+    #elif HAVE_EMPTY_AGGREGATES
+        /* forced on with explicit nonzero value -- leave as-is. */
     #else
-        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */
+        /* forced off with explicit zero value -- remap to undef. */
+        #undef HAVE_EMPTY_AGGREGATES
+    #endif
+
+    #define _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) a ## b ## c
+    #define _WOLF_AGG_DUMMY_MEMBER_HELPER(a, b, c) _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c)
+    #ifdef HAVE_EMPTY_AGGREGATES
+        /* swallow the semicolon with a zero-sized array (language extension
+         * specific to gcc/clang).
+         */
+        #define WOLF_AGG_DUMMY_MEMBER                                          \
+            struct {                                                           \
+                PRAGMA_GCC_DIAG_PUSH                                           \
+                PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"")            \
+                PRAGMA_CLANG_DIAG_PUSH                                         \
+                PRAGMA_CLANG("clang diagnostic ignored \"-Wzero-length-array\"") \
+                byte _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member)[0]; \
+                PRAGMA_CLANG_DIAG_POP                                          \
+                PRAGMA_GCC_DIAG_POP                                            \
+            }
+    #else
+        /* Use a single byte with a constructed name as a dummy member -- these
+         * are the standard semantics of an empty structure in C++.
+         */
+        #define WOLF_AGG_DUMMY_MEMBER char _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member)
     #endif
 
     /* helpers for stringifying the expanded value of a macro argument rather
@@ -140,12 +204,26 @@ decouple library dependencies with standard string, memory and so on.
     #define _WC_STRINGIFY_L2(str) #str
     #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str)
 
+    /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall
+     * -Wextra -pedantic), a trailing comma on the last value in an enum
+     * definition is a syntax error.  We use this macro to accommodate that
+     * without disrupting clean flow/syntax when some enum values are
+     * preprocessor-gated.
+     */
+    #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS)
+        #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) a ## b ## c ## d ## e
+        #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(a, b, c, d, e) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e)
+        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(_wolf_, prefix, _L, __LINE__, _enum_dummy_last_element)
+    #else
+        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */
+    #endif
+
     /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */
     #if defined(_WIN32) || defined(HAVE_LIMITS_H)
+        #include <limits.h>
         /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set,
          * otherwise causes issues with CTC_SETTINGS */
         #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG)
-            #include <limits.h>
             #if !defined(SIZEOF_LONG) && defined(ULONG_MAX) && \
                     (ULONG_MAX == 0xffffffffUL)
                 #define SIZEOF_LONG 4
@@ -158,23 +236,26 @@ decouple library dependencies with standard string, memory and so on.
     #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
         #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
             #if (defined(__alpha__) || defined(__ia64__) || \
-                defined(_ARCH_PPC64) || defined(__mips64) || \
+                defined(_ARCH_PPC64) || defined(__ppc64__) || \
                 defined(__x86_64__)  || defined(__s390x__ ) || \
                 ((defined(sun) || defined(__sun)) && \
                  (defined(LP64) || defined(_LP64))) || \
                 (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \
-                defined(__aarch64__) || \
+                defined(__aarch64__) || defined(__mips64) || \
                 (defined(__DCC__) && (defined(__LP64) || defined(__LP64__))))
                 /* long should be 64bit */
                 #define SIZEOF_LONG 8
-            #elif defined(__i386__) || defined(__CORTEX_M3__)
+            #elif defined(__i386__) || defined(__CORTEX_M3__) || defined(__ppc__)
                 /* long long should be 64bit */
                 #define SIZEOF_LONG_LONG 8
             #endif
          #endif
     #endif
 
-    #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
+    #if (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
+           defined(__BCPLUSPLUS__) || \
+           (defined(__WATCOMC__) && defined(__WATCOM_INT64__))
+        /* windows types */
         #define WORD64_AVAILABLE
         #define W64LIT(x) x##ui64
         #define SW64LIT(x) x##i64
@@ -230,7 +311,7 @@ decouple library dependencies with standard string, memory and so on.
          defined(__x86_64__) || defined(_M_X64)) || \
          defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \
         (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) || \
-        defined(__aarch64__) || \
+        defined(__aarch64__) || defined(__ppc64__) || \
         (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))
         #define WC_64BIT_CPU
     #elif (defined(sun) || defined(__sun)) && \
@@ -246,12 +327,15 @@ decouple library dependencies with standard string, memory and so on.
 
     #if defined(NO_64BIT)
           typedef word32 wolfssl_word;
+          #define WOLFSSL_WORD_SIZE_LOG2 2
           #undef WORD64_AVAILABLE
     #else
         #ifdef WC_64BIT_CPU
           typedef word64 wolfssl_word;
+          #define WOLFSSL_WORD_SIZE_LOG2 3
         #else
           typedef word32 wolfssl_word;
+          #define WOLFSSL_WORD_SIZE_LOG2 2
           #ifdef WORD64_AVAILABLE
               #define WOLFCRYPT_SLOW_WORD64
           #endif
@@ -259,14 +343,18 @@ decouple library dependencies with standard string, memory and so on.
     #endif
 
 #elif defined(WC_16BIT_CPU)
+    #ifndef MICROCHIP_PIC24
         #undef WORD64_AVAILABLE
+    #endif
         typedef word16 wolfssl_word;
+        #define WOLFSSL_WORD_SIZE_LOG2 1
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as \
                            * mp_digit, no 64 bit type so make mp_digit 16 bit */
 
 #else
         #undef WORD64_AVAILABLE
         typedef word32 wolfssl_word;
+        #define WOLFSSL_WORD_SIZE_LOG2 2
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as \
                            * mp_digit, no 64 bit type so make mp_digit 16 bit */
 #endif
@@ -295,27 +383,10 @@ typedef struct w64wrapper {
         WOLFSSL_WORD_BITS  = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
     };
 
+    #define WOLFSSL_MAX_8BIT  0xffU
     #define WOLFSSL_MAX_16BIT 0xffffU
     #define WOLFSSL_MAX_32BIT 0xffffffffU
 
-    #ifndef WARN_UNUSED_RESULT
-        #if defined(WOLFSSL_LINUXKM) && defined(__must_check)
-            #define WARN_UNUSED_RESULT __must_check
-        #elif defined(__GNUC__) && (__GNUC__ >= 4)
-            #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
-        #else
-            #define WARN_UNUSED_RESULT
-        #endif
-    #endif /* WARN_UNUSED_RESULT */
-
-    #ifndef WC_MAYBE_UNUSED
-        #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__)
-            #define WC_MAYBE_UNUSED __attribute__((unused))
-        #else
-            #define WC_MAYBE_UNUSED
-        #endif
-    #endif /* WC_MAYBE_UNUSED */
-
     #ifndef WC_DO_NOTHING
         #define WC_DO_NOTHING do {} while (0)
         #ifdef _MSC_VER
@@ -326,50 +397,13 @@ typedef struct w64wrapper {
         #endif
     #endif
 
-    /* use inlining if compiler allows */
-    #ifndef WC_INLINE
-    #ifndef NO_INLINE
-        #ifdef _MSC_VER
-            #define WC_INLINE __inline
-        #elif defined(__GNUC__)
-               #ifdef WOLFSSL_VXWORKS
-                   #define WC_INLINE __inline__
-               #else
-                   #define WC_INLINE inline
-               #endif
-        #elif defined(__IAR_SYSTEMS_ICC__)
-            #define WC_INLINE inline
-        #elif defined(THREADX)
-            #define WC_INLINE _Inline
-        #elif defined(__ghc__)
-            #ifndef __cplusplus
-                #define WC_INLINE __inline
-            #else
-                #define WC_INLINE inline
-            #endif
-        #elif defined(__CCRX__)
-            #define WC_INLINE inline
-        #elif defined(__DCC__)
-            #ifndef __cplusplus
-                #define WC_INLINE __inline__
-            #else
-                #define WC_INLINE inline
-            #endif
-        #else
-            #define WC_INLINE WC_MAYBE_UNUSED
-        #endif
-    #else
-        #define WC_INLINE WC_MAYBE_UNUSED
-    #endif
-    #endif
-
     #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
         #define INLINE WC_INLINE
     #endif
 
     /* set up rotate style */
-    #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \
-        !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
+    #if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
+        defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
         #define INTEL_INTRINSICS
         #define FAST_ROTATE
     #elif defined(__MWERKS__) && TARGET_CPU_PPC
@@ -385,7 +419,7 @@ typedef struct w64wrapper {
 
     /* set up thread local storage if available */
     #ifdef HAVE_THREAD_LS
-        #if defined(_MSC_VER)
+        #if defined(_MSC_VER) || defined(__WATCOMC__)
             #define THREAD_LS_T __declspec(thread)
         /* Thread local storage only in FreeRTOS v8.2.1 and higher */
         #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \
@@ -417,21 +451,13 @@ typedef struct w64wrapper {
         #define FALL_THROUGH
     #endif
 
-    /* Micrium will use Visual Studio for compilation but not the Win32 API */
-    #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
-        !defined(FREERTOS_TCP) && !defined(EBSNET) && \
-        !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
-        #define USE_WINDOWS_API
-    #endif
-
     #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
 
     #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x)))
 
-    /* idea to add global alloc override by Moises Guimaraes  */
-    /* default to libc stuff */
-    /* XREALLOC is used once in normal math lib, not in fast math lib */
-    /* XFREE on some embedded systems doesn't like free(0) so test  */
+    #define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \
+                ((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0))
+
     #if defined(HAVE_IO_POOL)
         WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
         WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
@@ -492,38 +518,46 @@ typedef struct w64wrapper {
         #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
             #define XFREE(p, h, t)       m2mb_os_free(xp)
         #else
-            #define XFREE(p, h, t)       {void* xp = (p); if (xp) m2mb_os_free(xp);}
+            #define XFREE(p, h, t)       do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0)
         #endif
         #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n))
 
     #elif defined(NO_WOLFSSL_MEMORY)
         #ifdef WOLFSSL_NO_MALLOC
             /* this platform does not support heap use */
+            #ifdef WOLFSSL_SMALL_STACK
+                #error WOLFSSL_SMALL_STACK requires a heap implementation.
+            #endif
+            #ifndef WC_NO_CONSTRUCTORS
+                #define WC_NO_CONSTRUCTORS
+            #endif
             #ifdef WOLFSSL_MALLOC_CHECK
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 static inline void* malloc_check(size_t sz) {
                     fprintf(stderr, "wolfSSL_malloc failed");
                     return NULL;
                 };
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc_check((s)))
-                #define XFREE(p, h, t)       (void)(h); (void)(t)
+                #define XFREE(p, h, t)       do { (void)(h); (void)(t); } while (0)
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL)
             #else
                 #define XMALLOC(s, h, t)     ((void)(s), (void)(h), (void)(t), NULL)
-                #define XFREE(p, h, t)       (void)(p); (void)(h); (void)(t)
+                #define XFREE(p, h, t)       do { (void)(p); (void)(h); (void)(t); } while(0)
                 #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL)
             #endif
         #else
             /* just use plain C stdlib stuff if desired */
             #include <stdlib.h>
-            #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc((size_t)(s)))
+            #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc((size_t)(s))) /* native heap */
             #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                #define XFREE(p, h, t)       ((void)(h), (void)(t), free(p))
+                #define XFREE(p, h, t)       do { (void)(h); (void)(t); free(p); } while (0) /* native heap */
             #else
-                #define XFREE(p, h, t)       {void* xp = (p); (void)(h); if (xp) free(xp);}
+                #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) /* native heap */
             #endif
             #define XREALLOC(p, n, h, t) \
-                ((void)(h), (void)(t), realloc((p), (size_t)(n)))
+                ((void)(h), (void)(t), realloc((p), (size_t)(n))) /* native heap */
         #endif
 
     #elif defined(WOLFSSL_LINUXKM)
@@ -544,7 +578,7 @@ typedef struct w64wrapper {
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
                     #define XFREE(p, h, t)       wolfSSL_Free(xp, h, t, __func__, __LINE__)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
             #else
@@ -552,97 +586,130 @@ typedef struct w64wrapper {
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
                     #define XFREE(p, h, t)       wolfSSL_Free(xp, h, t)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
             #endif /* WOLFSSL_DEBUG_MEMORY */
+        #elif  defined(WOLFSSL_EMBOS) && !defined(XMALLOC_USER) \
+                && !defined(NO_WOLFSSL_MEMORY) \
+                && !defined(WOLFSSL_STATIC_MEMORY)
+            /* settings.h solve this case already. Avoid redefinition. */
         #elif (!defined(FREERTOS) && !defined(FREERTOS_TCP)) || defined(WOLFSSL_TRACK_MEMORY)
             #ifdef WOLFSSL_DEBUG_MEMORY
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__))
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                    #define XFREE(p, h, t)       ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__))
+                    #define XFREE(p, h, t)       do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__))
             #else
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s)))
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                    #define XFREE(p, h, t)       ((void)(h), (void)(t), wolfSSL_Free(p))
+                    #define XFREE(p, h, t)       do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n)))
             #endif /* WOLFSSL_DEBUG_MEMORY */
         #endif /* WOLFSSL_STATIC_MEMORY */
     #endif
 
+    #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS)
+        #error WOLFSSL_SMALL_STACK requires constructors.
+    #endif
+
+    #include <wolfssl/wolfcrypt/memory.h>
+
     /* declare/free variable handling for async and smallstack */
+    #ifndef WC_ALLOC_DO_ON_FAILURE
+        #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING
+    #endif
+
+    #define WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+        VAR_TYPE* VAR_NAME[VAR_ITEMS] = { NULL, }; \
+        int idx##VAR_NAME = 0, inner_idx_##VAR_NAME
+    #define WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
+        VAR_TYPE* VAR_NAME[VAR_ITEMS]
+    #define WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+        for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+            (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+            if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
+                for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
+                    XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+                    (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
+                } \
+                for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
+                    (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
+                } \
+                idx##VAR_NAME = 0; \
+                WC_ALLOC_DO_ON_FAILURE(); \
+                break; \
+            } \
+        }
+    #define WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            do { \
+                WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP); \
+                if (idx##VAR_NAME != 0) { \
+                    for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                        XMEMSET((VAR_NAME)[idx##VAR_NAME], 0, VAR_SIZE); \
+                    } \
+                } \
+            } while (0)
+    #define WC_HEAP_ARRAY_OK(VAR_NAME) (idx##VAR_NAME != 0)
+    #define WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)               \
+        if (WC_HEAP_ARRAY_OK(VAR_NAME)) {                               \
+            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
+                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+            }                                                           \
+            idx##VAR_NAME = 0;                                          \
+        }
+
     #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK)
         #define WC_DECLARE_VAR_IS_HEAP_ALLOC
         #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
-        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME, inner_idx_##VAR_NAME
-        #define WC_INIT_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-                if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
-                    for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
-                        XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    break; \
-                } \
-            }
+            VAR_TYPE* VAR_NAME = NULL
+        #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
+            do {                                                        \
+                (VAR_NAME) = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+                if ((VAR_NAME) == NULL) {                               \
+                    WC_ALLOC_DO_ON_FAILURE();                           \
+                }                                                       \
+            } while (0)
+        #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
+            do { \
+                WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP); \
+                XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE) * (VAR_SIZE)); \
+            } while (0)
         #define WC_FREE_VAR(VAR_NAME, HEAP) \
             XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT)
+        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+        #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
+            WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE)
+        #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+        #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
+        #define WC_ARRAY_OK(VAR_NAME) WC_HEAP_ARRAY_OK(VAR_NAME)
         #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-            }
-
-        #define WC_DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
-        #define WC_DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            WC_INIT_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP)
-        #define WC_FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
-            WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)
+            WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)
     #else
         #undef WC_DECLARE_VAR_IS_HEAP_ALLOC
         #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
             VAR_TYPE VAR_NAME[VAR_SIZE]
-        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE VAR_NAME[VAR_ITEMS][VAR_SIZE]
-        #define WC_INIT_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) WC_DO_NOTHING
+        #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) WC_DO_NOTHING
+        #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP)        \
+            XMEMSET(VAR_NAME, 0, sizeof(var))
         #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING /* nothing to free, its stack */
+        #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
+            VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */
+        #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
+            VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */
+        #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) WC_DO_NOTHING
+        #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) XMEMSET(VAR_NAME, 0, sizeof(VAR_NAME))
+        #define WC_ARRAY_OK(VAR_NAME) 1
         #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) WC_DO_NOTHING /* nothing to free, its stack */
-
-        #define WC_DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME, inner_idx_##VAR_NAME
-        #define WC_DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
-                if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \
-                    for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
-                        XFREE((VAR_NAME)[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_TMP_BUFFER); \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \
-                        (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \
-                    } \
-                    break; \
-                } \
-            }
-        #define WC_FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \
-                XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
-            }
     #endif
 
     #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
@@ -651,9 +718,9 @@ typedef struct w64wrapper {
         #define DECLARE_ARRAY               WC_DECLARE_ARRAY
         #define FREE_VAR                    WC_FREE_VAR
         #define FREE_ARRAY                  WC_FREE_ARRAY
-        #define DECLARE_ARRAY_DYNAMIC_DEC   WC_DECLARE_ARRAY_DYNAMIC_DEC
-        #define DECLARE_ARRAY_DYNAMIC_EXE   WC_DECLARE_ARRAY_DYNAMIC_EXE
-        #define FREE_ARRAY_DYNAMIC          WC_FREE_ARRAY_DYNAMIC
+        #define DECLARE_ARRAY_DYNAMIC_DEC   WC_DECLARE_HEAP_ARRAY
+        #define DECLARE_ARRAY_DYNAMIC_EXE   WC_ALLOC_HEAP_ARRAY
+        #define FREE_ARRAY_DYNAMIC          WC_FREE_HEAP_ARRAY
     #endif /* HAVE_FIPS */
 
     #if !defined(USE_WOLF_STRTOK) && \
@@ -678,10 +745,10 @@ typedef struct w64wrapper {
             #include <string.h>
         #endif
 
-            #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
-            #define XMEMSET(b,c,l)    memset((b),(c),(l))
-            #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
-            #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+        #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+        #define XMEMSET(b,c,l)    memset((b),(c),(l))
+        #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+        #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
 
         #define XSTRLEN(s1)       strlen((s1))
         #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
@@ -700,14 +767,13 @@ typedef struct w64wrapper {
         #endif
 
         #ifndef XSTRCASECMP
-        #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000)
-            /* XC32 supports str[n]casecmp in version >= 1.0. */
+        #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000)
+            /* XC32 supports str[n]casecmp in version >= 1.0 through 4.0. */
             #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2))
         #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
-                defined(WOLFSSL_ZEPHYR)
+                defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strcasecmp. */
             #define USE_WOLF_STRCASECMP
-            #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1,s2)
         #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
             #define XSTRCASECMP(s1,s2) _stricmp((s1),(s2))
         #else
@@ -720,13 +786,16 @@ typedef struct w64wrapper {
             #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \
                     || defined(WOLF_C89)
                 #define USE_WOLF_STRCASECMP
-                #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1, s2)
             #elif defined(WOLF_C89)
                 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
             #else
                 #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2))
             #endif
         #endif
+        #ifdef USE_WOLF_STRCASECMP
+            #undef  XSTRCASECMP
+            #define XSTRCASECMP(s1,s2) wc_strcasecmp((s1), (s2))
+        #endif
         #endif /* !XSTRCASECMP */
 
         #ifndef XSTRNCASECMP
@@ -734,10 +803,9 @@ typedef struct w64wrapper {
             /* XC32 supports str[n]casecmp in version >= 1.0. */
             #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
         #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
-                defined(WOLFSSL_ZEPHYR)
+                defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strncasecmp. */
             #define USE_WOLF_STRNCASECMP
-            #define XSTRNCASECMP(s1,s2) wc_strncasecmp(s1,s2)
         #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
             #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
         #else
@@ -750,13 +818,16 @@ typedef struct w64wrapper {
             #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \
                     || defined(WOLF_C89)
                 #define USE_WOLF_STRNCASECMP
-                #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp(s1, s2 ,n)
             #elif defined(WOLF_C89)
                 #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
             #else
                 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
             #endif
         #endif
+        #ifdef USE_WOLF_STRNCASECMP
+            #undef  XSTRNCASECMP
+            #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n))
+        #endif
         #endif /* !XSTRNCASECMP */
 
         /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
@@ -765,7 +836,7 @@ typedef struct w64wrapper {
         #ifndef USE_WINDOWS_API
             #if defined(WOLFSSL_ESPIDF) && \
                 (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7))
-                    #include<stdarg.h>
+                    #include <stdarg.h>
                     /* later gcc than 7.1 introduces -Wformat-truncation    */
                     /* In cases when truncation is expected the caller needs*/
                     /* to check the return value from the function so that  */
@@ -791,28 +862,43 @@ typedef struct w64wrapper {
                         return ret;
                     }
                 #define XSNPRINTF _xsnprintf_
+            #elif defined(FREESCALE_MQX)
+                /* see wc_port.h for fio.h and nio.h includes.  MQX does not
+                   have stdio.h available, so it needs its own section. */
+                #define XSNPRINTF snprintf
             #elif defined(WOLF_C89)
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 #define XSPRINTF sprintf
+                /* snprintf not available for C89, so remap using macro */
+                #ifdef WOLF_NO_VARIADIC_MACROS
+                    #error WOLF_NO_VARIADIC_MACROS requires user-supplied binding for XSNPRINTF
+                #else
+                    #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__)
+                #endif
             #else
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 #define XSNPRINTF snprintf
             #endif
         #else
             #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__)
                 #if defined(_MSC_VER) && (_MSC_VER >= 1900)
                     /* Beginning with the UCRT in Visual Studio 2015 and
-                       Windows 10, snprintf is no longer identical to
-                       _snprintf. The snprintf function behavior is now
-                       C99 standard compliant. */
+                     * Windows 10, snprintf is no longer identical to
+                     * _snprintf. The snprintf function behavior is now
+                     * C99 standard compliant. */
                     #include <stdio.h>
                     #define XSNPRINTF snprintf
                 #else
                     /* 4996 warning to use MS extensions e.g., _sprintf_s
-                       instead of _snprintf */
+                     * instead of _snprintf */
                     #if !defined(__MINGW32__)
                     #pragma warning(disable: 4996)
                     #endif
+                    #include <stdarg.h>
                     static WC_INLINE
                     int xsnprintf(char *buffer, size_t bufsize,
                             const char *format, ...) {
@@ -836,10 +922,18 @@ typedef struct w64wrapper {
         #endif /* !XSNPRINTF */
 
         #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
-            defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER)
+            defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \
+            defined(WOLFSSL_ASN_PARSE_KEYUSAGE)
             /* use only Thread Safe version of strtok */
             #if defined(USE_WOLF_STRTOK)
                 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+            #elif defined(__WATCOMC__)
+                #if __WATCOMC__ < 1300
+                    #define USE_WOLF_STRTOK
+                    #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+                #else
+                    #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr))
+                #endif
             #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS)
                 #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr))
             #else
@@ -880,10 +974,23 @@ typedef struct w64wrapper {
         WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n);
     #endif
 
+    #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP)
+        #define USE_WOLF_STRDUP
+    #endif
+    #ifdef USE_WOLF_STRDUP
+        WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType);
+        #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER)
+        #define XSTRDUP(src) wc_strdup(src)
+    #endif
+
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         #ifndef XGETENV
-            #include <stdlib.h>
-            #define XGETENV getenv
+            #ifdef NO_GETENV
+                #define XGETENV(x) (NULL)
+            #else
+                #include <stdlib.h>
+                #define XGETENV getenv
+            #endif
         #endif
     #endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
@@ -898,18 +1005,25 @@ typedef struct w64wrapper {
         #endif
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
         #define XISALNUM(c)     isalnum((c))
-        #define XISASCII(c)     isascii((c))
+        #ifdef NO_STDLIB_ISASCII
+            #define XISASCII(c) (((c) >= 0 && (c) <= 127) ? 1 : 0)
+        #else
+            #define XISASCII(c) isascii((c))
+        #endif
         #define XISSPACE(c)     isspace((c))
         #endif
         /* needed by wolfSSL_check_domain_name() */
         #define XTOLOWER(c)      tolower((c))
     #endif
 
-    #ifndef OFFSETOF
+    #ifndef WC_OFFSETOF
         #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4))
-            #define OFFSETOF(type, field) __builtin_offsetof(type, field)
+            #define WC_OFFSETOF(type, field) __builtin_offsetof(type, field)
+        #elif defined(__WATCOMC__)
+            #include <stddef.h>
+            #define WC_OFFSETOF    offsetof
         #else
-            #define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
+            #define WC_OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
         #endif
     #endif
 
@@ -1015,15 +1129,21 @@ typedef struct w64wrapper {
         DYNAMIC_TYPE_SPHINCS      = 98,
         DYNAMIC_TYPE_SM4_BUFFER   = 99,
         DYNAMIC_TYPE_DEBUG_TAG    = 100,
-        DYNAMIC_TYPE_SNIFFER_SERVER      = 1000,
-        DYNAMIC_TYPE_SNIFFER_SESSION     = 1001,
-        DYNAMIC_TYPE_SNIFFER_PB          = 1002,
-        DYNAMIC_TYPE_SNIFFER_PB_BUFFER   = 1003,
-        DYNAMIC_TYPE_SNIFFER_TICKET_ID   = 1004,
-        DYNAMIC_TYPE_SNIFFER_NAMED_KEY   = 1005,
-        DYNAMIC_TYPE_SNIFFER_KEY         = 1006,
-        DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007,
-        DYNAMIC_TYPE_AES_EAX = 1008,
+        DYNAMIC_TYPE_LMS          = 101,
+        DYNAMIC_TYPE_BIO          = 102,
+        DYNAMIC_TYPE_X509_ACERT   = 103,
+        DYNAMIC_TYPE_OS_BUF       = 104,
+        DYNAMIC_TYPE_ASCON        = 105,
+        DYNAMIC_TYPE_SNIFFER_SERVER       = 1000,
+        DYNAMIC_TYPE_SNIFFER_SESSION      = 1001,
+        DYNAMIC_TYPE_SNIFFER_PB           = 1002,
+        DYNAMIC_TYPE_SNIFFER_PB_BUFFER    = 1003,
+        DYNAMIC_TYPE_SNIFFER_TICKET_ID    = 1004,
+        DYNAMIC_TYPE_SNIFFER_NAMED_KEY    = 1005,
+        DYNAMIC_TYPE_SNIFFER_KEY          = 1006,
+        DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE  = 1007,
+        DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008,
+        DYNAMIC_TYPE_AES_EAX = 1009
     };
 
     /* max error buffer string size */
@@ -1047,8 +1167,9 @@ typedef struct w64wrapper {
         WC_ALGO_TYPE_SEED = 5,
         WC_ALGO_TYPE_HMAC = 6,
         WC_ALGO_TYPE_CMAC = 7,
+        WC_ALGO_TYPE_CERT = 8,
 
-        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CMAC
+        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CERT
     };
 
     /* hash types */
@@ -1131,6 +1252,16 @@ typedef struct w64wrapper {
     #endif /* HAVE_SELFTEST */
     };
 
+    enum wc_HashFlags {
+        WC_HASH_FLAG_NONE =     0x00000000,
+        WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */
+        WC_HASH_FLAG_ISCOPY =   0x00000002, /* hash is copy */
+    #ifdef WOLFSSL_SHA3
+        WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */
+    #endif
+        WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH)
+    };
+
     /* cipher types */
     enum wc_CipherType {
         WC_CIPHER_NONE = 0,
@@ -1169,9 +1300,60 @@ typedef struct w64wrapper {
         WC_PK_TYPE_ED25519_KEYGEN = 15,
         WC_PK_TYPE_CURVE25519_KEYGEN = 16,
         WC_PK_TYPE_RSA_GET_SIZE = 17,
-        WC_PK_TYPE_MAX = WC_PK_TYPE_RSA_GET_SIZE
+        #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE
+    #if defined(WOLFSSL_HAVE_KYBER)
+        WC_PK_TYPE_PQC_KEM_KEYGEN = 18,
+        WC_PK_TYPE_PQC_KEM_ENCAPS = 19,
+        WC_PK_TYPE_PQC_KEM_DECAPS = 20,
+        #undef _WC_PK_TYPE_MAX
+        #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS
+    #endif
+    #if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON)
+        WC_PK_TYPE_PQC_SIG_KEYGEN = 21,
+        WC_PK_TYPE_PQC_SIG_SIGN = 22,
+        WC_PK_TYPE_PQC_SIG_VERIFY = 23,
+        WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY = 24,
+        #undef _WC_PK_TYPE_MAX
+        #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY
+    #endif
+        WC_PK_TYPE_RSA_PKCS = 25,
+        WC_PK_TYPE_RSA_PSS = 26,
+        WC_PK_TYPE_RSA_OAEP = 27,
+        WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX
     };
 
+#if defined(WOLFSSL_HAVE_KYBER)
+    /* Post quantum KEM algorithms */
+    enum wc_PqcKemType {
+        WC_PQC_KEM_TYPE_NONE = 0,
+        #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_NONE
+    #if defined(WOLFSSL_HAVE_KYBER)
+        WC_PQC_KEM_TYPE_KYBER = 1,
+        #undef _WC_PQC_KEM_TYPE_MAX
+        #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_KYBER
+    #endif
+        WC_PQC_KEM_TYPE_MAX = _WC_PQC_KEM_TYPE_MAX
+    };
+#endif
+
+#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON)
+    /* Post quantum signature algorithms */
+    enum wc_PqcSignatureType {
+        WC_PQC_SIG_TYPE_NONE = 0,
+        #define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_NONE
+    #if defined(HAVE_DILITHIUM)
+        WC_PQC_SIG_TYPE_DILITHIUM = 1,
+        #undef _WC_PQC_SIG_TYPE_MAX
+        #define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_DILITHIUM
+    #endif
+    #if defined(HAVE_FALCON)
+        WC_PQC_SIG_TYPE_FALCON = 2,
+        #undef _WC_PQC_SIG_TYPE_MAX
+        #define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_FALCON
+    #endif
+        WC_PQC_SIG_TYPE_MAX = _WC_PQC_SIG_TYPE_MAX
+    };
+#endif
 
     /* settings detection for compile vs runtime math incompatibilities */
     enum {
@@ -1237,87 +1419,57 @@ typedef struct w64wrapper {
           #ifndef WOLFSSL_USE_ALIGN
               #define WOLFSSL_USE_ALIGN
           #endif
-    #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || WOLFSSL_AFALG_XILINX */
+    #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || \
+            * WOLFSSL_AFALG_XILINX */
 
+    /* Helpers for memory alignment */
+    #ifndef XALIGNED
+        #if defined(__GNUC__) || defined(__llvm__) || \
+              defined(__IAR_SYSTEMS_ICC__)
+            #define XALIGNED(x) __attribute__ ( (aligned (x)))
+        #elif defined(__KEIL__)
+            #define XALIGNED(x) __align(x)
+        #elif defined(_MSC_VER)
+            /* disable align warning, we want alignment ! */
+            #pragma warning(disable: 4324)
+            #define XALIGNED(x) __declspec (align (x))
+        #else
+            #define XALIGNED(x) /* null expansion */
+        #endif
+    #endif
+
+    /* Only use alignment in wolfSSL/wolfCrypt if WOLFSSL_USE_ALIGN is set */
     #ifdef WOLFSSL_USE_ALIGN
-        #if !defined(ALIGN16)
-            #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-                defined(__llvm__)
-                #define ALIGN16 __attribute__ ( (aligned (16)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN16 __declspec (align (16))
-            #else
-                #define ALIGN16
-            #endif
-        #endif /* !ALIGN16 */
-
-        #if !defined (ALIGN32)
-            #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-                defined(__llvm__)
-                #define ALIGN32 __attribute__ ( (aligned (32)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN32 __declspec (align (32))
-            #else
-                #define ALIGN32
-            #endif
-        #endif /* !ALIGN32 */
-
-        #if !defined(ALIGN64)
-            #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-                defined(__llvm__)
-                #define ALIGN64 __attribute__ ( (aligned (64)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN64 __declspec (align (64))
-            #else
-                #define ALIGN64
-            #endif
-        #endif /* !ALIGN64 */
-
-        #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || \
-            defined(__llvm__)
-            #define ALIGN128 __attribute__ ( (aligned (128)))
-        #elif defined(_MSC_VER)
-            /* disable align warning, we want alignment ! */
-            #pragma warning(disable: 4324)
-            #define ALIGN128 __declspec (align (128))
+        /* For IAR ARM the maximum variable alignment on stack is 8-bytes.
+         * Variables declared outside stack (like static globals) can have
+         * higher alignment. */
+        #if defined(__ICCARM__)
+            #define WOLFSSL_ALIGN(x) XALIGNED(8)
         #else
-            #define ALIGN128
+            #define WOLFSSL_ALIGN(x) XALIGNED(x)
         #endif
-
-        #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)  || \
-            defined(__llvm__)
-            #define ALIGN256 __attribute__ ( (aligned (256)))
-        #elif defined(_MSC_VER)
-            /* disable align warning, we want alignment ! */
-            #pragma warning(disable: 4324)
-            #define ALIGN256 __declspec (align (256))
-        #else
-            #define ALIGN256
-        #endif
-
     #else
-        #ifndef ALIGN16
-            #define ALIGN16
-        #endif
-        #ifndef ALIGN32
-            #define ALIGN32
-        #endif
-        #ifndef ALIGN64
-            #define ALIGN64
-        #endif
-        #ifndef ALIGN128
-            #define ALIGN128
-        #endif
-        #ifndef ALIGN256
-            #define ALIGN256
-        #endif
-    #endif /* WOLFSSL_USE_ALIGN */
+        #define WOLFSSL_ALIGN(x) /* null expansion */
+    #endif
+
+    #ifndef ALIGN8
+        #define ALIGN8   WOLFSSL_ALIGN(8)
+    #endif
+    #ifndef ALIGN16
+        #define ALIGN16  WOLFSSL_ALIGN(16)
+    #endif
+    #ifndef ALIGN32
+        #define ALIGN32  WOLFSSL_ALIGN(32)
+    #endif
+    #ifndef ALIGN64
+        #define ALIGN64  WOLFSSL_ALIGN(64)
+    #endif
+    #ifndef ALIGN128
+        #define ALIGN128 WOLFSSL_ALIGN(128)
+    #endif
+    #ifndef ALIGN256
+        #define ALIGN256 WOLFSSL_ALIGN(256)
+    #endif
 
     #if !defined(PEDANTIC_EXTENSION)
         #if defined(__GNUC__)
@@ -1336,13 +1488,68 @@ typedef struct w64wrapper {
     #endif
 
     #ifdef SINGLE_THREADED
-        #if defined(WC_32BIT_CPU)
+        #if defined(WC_32BIT_CPU) || defined(HAVE_STACK_SIZE)
             typedef void*        THREAD_RETURN;
         #else
             typedef unsigned int THREAD_RETURN;
         #endif
         typedef void*            THREAD_TYPE;
         #define WOLFSSL_THREAD
+    #elif defined(WOLFSSL_USER_THREADING)
+        /* User can define user specific threading types
+         *  THREAD_RETURN
+         *  TREAD_TYPE
+         *  WOLFSSL_THREAD
+         * e.g.
+         *  typedef unsigned int  THREAD_RETURN;
+         *  typedef size_t        THREAD_TYPE;
+         *  #define WOLFSSL_THREAD void
+         *
+         * User can also implement their own wolfSSL_NewThread(),
+         * wolfSSL_JoinThread() and wolfSSL_Cond signaling if they want.
+         * Otherwise, those functions are omitted.
+        */
+    #elif defined(__WATCOMC__)
+        #if __WATCOMC__ < 1300
+            #define _WCCALLBACK
+        #endif
+        #if defined(__NT__)
+            typedef unsigned      THREAD_RETURN;
+            typedef uintptr_t     THREAD_TYPE;
+            typedef struct COND_TYPE {
+                wolfSSL_Mutex mutex;
+                HANDLE cond;
+            } COND_TYPE;
+            #define WOLFSSL_COND
+            #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE))
+            #define WOLFSSL_THREAD __stdcall
+            #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK
+        #elif defined(__OS2__)
+            #define WOLFSSL_THREAD_VOID_RETURN
+            typedef void          THREAD_RETURN;
+            typedef TID           THREAD_TYPE;
+            typedef struct COND_TYPE {
+                wolfSSL_Mutex mutex;
+                LHANDLE cond;
+            } COND_TYPE;
+            #define WOLFSSL_COND
+            #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1))
+            #define WOLFSSL_THREAD _WCCALLBACK
+            #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK
+        #elif defined(__LINUX__)
+            #include <pthread.h>
+            typedef struct COND_TYPE {
+                pthread_mutex_t mutex;
+                pthread_cond_t cond;
+            } COND_TYPE;
+            typedef void*         THREAD_RETURN;
+            typedef pthread_t     THREAD_TYPE;
+            #define WOLFSSL_COND
+            #define WOLFSSL_THREAD
+            #ifndef HAVE_SELFTEST
+                #define WOLFSSL_THREAD_NO_JOIN
+            #endif
+        #endif
     #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \
           defined(FREESCALE_MQX)
         typedef unsigned int  THREAD_RETURN;
@@ -1361,10 +1568,12 @@ typedef struct w64wrapper {
         typedef void            THREAD_RETURN;
         #define WOLFSSL_THREAD_VOID_RETURN
         typedef struct {
-            struct k_thread tid;
+            /* Zephyr k_thread can be large, > 128 bytes. */
+            struct k_thread* tid;
             k_thread_stack_t* threadStack;
         } THREAD_TYPE;
         #define WOLFSSL_THREAD
+        extern void* wolfsslThreadHeapHint;
     #elif defined(NETOS)
         typedef UINT        THREAD_RETURN;
         typedef struct {
@@ -1379,18 +1588,19 @@ typedef struct w64wrapper {
         typedef size_t        THREAD_TYPE;
         #define WOLFSSL_THREAD
     #elif defined(WOLFSSL_PTHREADS)
-        #ifndef __MACH__
-            #include <pthread.h>
-            typedef struct COND_TYPE {
-                pthread_mutex_t mutex;
-                pthread_cond_t cond;
-            } COND_TYPE;
-        #else
+        #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \
+            && !defined(__ppc__)
             #include <dispatch/dispatch.h>
             typedef struct COND_TYPE {
                 wolfSSL_Mutex mutex;
                 dispatch_semaphore_t cond;
             } COND_TYPE;
+        #else
+            #include <pthread.h>
+            typedef struct COND_TYPE {
+                pthread_mutex_t mutex;
+                pthread_cond_t cond;
+            } COND_TYPE;
         #endif
         typedef void*         THREAD_RETURN;
         typedef pthread_t     THREAD_TYPE;
@@ -1420,6 +1630,10 @@ typedef struct w64wrapper {
         #if !defined(__MINGW32__)
             #define WOLFSSL_THREAD_NO_JOIN __cdecl
         #endif
+    #elif defined(THREADX)
+        typedef unsigned int   THREAD_RETURN;
+        typedef TX_THREAD      THREAD_TYPE;
+        #define WOLFSSL_THREAD
     #else
         typedef unsigned int  THREAD_RETURN;
         typedef size_t        THREAD_TYPE;
@@ -1448,8 +1662,6 @@ typedef struct w64wrapper {
          *                      to check if the value is an invalid thread
          * WOLFSSL_THREAD - attribute that should be used to declare thread
          *                  callbacks
-         * WOLFSSL_THREAD_NO_JOIN - attribute that should be used to declare
-         *                          thread callbacks that don't require cleanup
          * WOLFSSL_COND - defined if this system supports signaling
          * COND_TYPE - type that should be passed into the signaling API
          * WOLFSSL_THREAD_VOID_RETURN - defined if the thread callback has a
@@ -1457,8 +1669,16 @@ typedef struct w64wrapper {
          * WOLFSSL_RETURN_FROM_THREAD - define used to correctly return from a
          *                              thread callback
          * THREAD_CB - thread callback type for regular threading API
-         * THREAD_CB_NOJOIN - thread callback type for threading API that don't
+         *
+         * WOLFSSL_THREAD_NO_JOIN - attribute used to declare thread callbacks
+         *                          that do not require cleanup
+         * THREAD_CB_NOJOIN - thread callback type for thread APIs that do not
          *                    require cleanup
+         * THREAD_RETURN_NOJOIN - return type used to declare thread callbacks
+         *                        that do not require cleanup
+         * RETURN_FROM_THREAD_NOJOIN - define used to correctly return from
+         *                             a thread callback that do not require
+         *                             cleanup
          *
          * Other defines/types are specific for the threading implementation
          */
@@ -1481,8 +1701,17 @@ typedef struct w64wrapper {
             /* Create a thread that will be automatically cleaned up. We can't
              * return a handle/pointer to the new thread because there are no
              * guarantees for how long it will be valid. */
-            typedef THREAD_RETURN (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)
-                    (void* arg);
+            #if defined(WOLFSSL_PTHREADS)
+                #define THREAD_CB_NOJOIN        THREAD_CB
+                #define THREAD_RETURN_NOJOIN    THREAD_RETURN
+                #define RETURN_FROM_THREAD_NOJOIN(x) \
+                    WOLFSSL_RETURN_FROM_THREAD(x)
+            #else
+                #define THREAD_RETURN_NOJOIN    void
+                typedef THREAD_RETURN_NOJOIN
+                    (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)(void* arg);
+                #define RETURN_FROM_THREAD_NOJOIN(x)    return
+            #endif
             WOLFSSL_API int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb,
                     void* arg);
         #endif
@@ -1573,20 +1802,73 @@ typedef struct w64wrapper {
         #define PRAGMA_DIAG_POP /* null expansion */
     #endif
 
+    #define WC_CPP_CAT_(a, b) a ## b
+    #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b)
+    #if defined(WC_NO_STATIC_ASSERT)
+        #define wc_static_assert(expr) struct wc_static_assert_dummy_struct
+        #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+    #elif !defined(wc_static_assert)
+        #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \
+               (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \
+               (defined(_MSVC_LANG) && (__cpp_static_assert >= 201411L))
+            /* native variadic static_assert() */
+            #define wc_static_assert static_assert
+            #ifndef wc_static_assert2
+                #define wc_static_assert2 static_assert
+            #endif
+        #elif (defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L)) || \
+              (defined(_MSVC_LANG) && (__cpp_static_assert >= 200410L))
+            /* native 2-argument static_assert() */
+            #define wc_static_assert(expr) static_assert(expr, #expr)
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) static_assert(expr, msg)
+            #endif
+        #elif !defined(__cplusplus) &&              \
+                !defined(__STRICT_ANSI__) &&        \
+                !defined(WOLF_C89) &&               \
+                defined(__STDC_VERSION__) &&        \
+                (__STDC_VERSION__ >= 201112L) &&    \
+                ((defined(__GNUC__) &&              \
+                  (__GNUC__ >= 5)) ||               \
+                 defined(__clang__))
+            /* native 2-argument _Static_assert() */
+            #define wc_static_assert(expr) _Static_assert(expr, #expr)
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) _Static_assert(expr, msg)
+            #endif
+        #else
+            /* C89-compatible fallback */
+            #define wc_static_assert(expr)                                     \
+                struct WC_CPP_CAT(wc_static_assert_dummy_struct_L, __LINE__) { \
+                    char t[(expr) ? 1 : -1];                                   \
+                }
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+            #endif
+        #endif
+    #elif !defined(wc_static_assert2)
+         #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+    #endif
+
     #ifndef SAVE_VECTOR_REGISTERS
-        #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #endif
     #ifndef SAVE_VECTOR_REGISTERS2
         #define SAVE_VECTOR_REGISTERS2() 0
+        #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING
+    #endif
+    #ifndef CAN_SAVE_VECTOR_REGISTERS
+        #define CAN_SAVE_VECTOR_REGISTERS() 1
+        #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE
     #endif
     #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL
         #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING
     #endif
     #ifndef ASSERT_SAVED_VECTOR_REGISTERS
-        #define ASSERT_SAVED_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define ASSERT_SAVED_VECTOR_REGISTERS() WC_DO_NOTHING
     #endif
     #ifndef ASSERT_RESTORED_VECTOR_REGISTERS
-        #define ASSERT_RESTORED_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #endif
     #ifndef RESTORE_VECTOR_REGISTERS
         #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 6ee10dfc7..aa506ba21 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -1,6 +1,6 @@
 /* visibility.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,7 +33,7 @@
 
 #if defined(BUILDING_WOLFSSL)
     #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
-        defined(_WIN32_WCE)
+        defined(_WIN32_WCE) || defined(__WATCOMC__)
         #if defined(WOLFSSL_DLL)
             #define WOLFSSL_API __declspec(dllexport)
         #else
@@ -51,7 +51,14 @@
         #define WOLFSSL_LOCAL
     #endif /* HAVE_VISIBILITY */
 #else /* BUILDING_WOLFSSL */
-    #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+    #if defined(__WATCOMC__)
+        #if defined(WOLFSSL_DLL) && defined(__NT__)
+            #define WOLFSSL_API __declspec(dllimport)
+        #else
+            #define WOLFSSL_API
+        #endif
+        #define WOLFSSL_LOCAL
+    #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
         defined(_WIN32_WCE)
         #if defined(WOLFSSL_DLL)
             #define WOLFSSL_API __declspec(dllimport)
diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h
index b6591ffaf..4dfc84c08 100644
--- a/wolfssl/wolfcrypt/wc_encrypt.h
+++ b/wolfssl/wolfcrypt/wc_encrypt.h
@@ -1,6 +1,6 @@
 /* wc_encrypt.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h
index 62c3ed811..dab942da3 100644
--- a/wolfssl/wolfcrypt/wc_kyber.h
+++ b/wolfssl/wolfcrypt/wc_kyber.h
@@ -1,3 +1,364 @@
+/* wc_kyber.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
-#error "Contact wolfSSL to get the implementation of this file"
+/*!
+    \file wolfssl/wolfcrypt/wc_kyber.h
+*/
+
+
+#ifndef WOLF_CRYPT_WC_KYBER_H
+#define WOLF_CRYPT_WC_KYBER_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/kyber.h>
+
+#ifdef WOLFSSL_HAVE_KYBER
+
+#ifdef noinline
+    #define KYBER_NOINLINE noinline
+#elif defined(_MSC_VER)
+    #define KYBER_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__)
+    #define KYBER_NOINLINE __attribute__((noinline))
+#else
+    #define KYBER_NOINLINE
+#endif
+
+enum {
+    /* Flags of Kyber keys. */
+    KYBER_FLAG_PRIV_SET = 0x0001,
+    KYBER_FLAG_PUB_SET  = 0x0002,
+    KYBER_FLAG_BOTH_SET = 0x0003,
+    KYBER_FLAG_H_SET    = 0x0004,
+    KYBER_FLAG_A_SET    = 0x0008,
+
+    /* 2 bits of random used to create noise value. */
+    KYBER_CBD_ETA2          = 2,
+    /* 3 bits of random used to create noise value. */
+    KYBER_CBD_ETA3          = 3,
+
+    /* Number of bits to compress to. */
+    KYBER_COMP_4BITS    =  4,
+    KYBER_COMP_5BITS    =  5,
+    KYBER_COMP_10BITS   = 10,
+    KYBER_COMP_11BITS   = 11,
+};
+
+
+/* SHAKE128 rate. */
+#define XOF_BLOCK_SIZE      168
+
+/* Modulus of co-efficients of polynomial. */
+#define KYBER_Q             3329
+
+
+/* Kyber-512 parameters */
+#ifdef WOLFSSL_KYBER512
+/* Number of bits of random to create noise from. */
+#define KYBER512_ETA1       KYBER_CBD_ETA3
+#endif /* WOLFSSL_KYBER512 */
+
+/* Kyber-768 parameters */
+#ifdef WOLFSSL_KYBER768
+/* Number of bits of random to create noise from. */
+#define KYBER768_ETA1       KYBER_CBD_ETA2
+#endif /* WOLFSSL_KYBER768 */
+
+/* Kyber-1024 parameters */
+#ifdef WOLFSSL_KYBER1024
+/* Number of bits of random to create noise from. */
+#define KYBER1024_ETA1      KYBER_CBD_ETA2
+#endif /* WOLFSSL_KYBER1024 */
+
+
+
+/* The data type of the hash function. */
+#define KYBER_HASH_T    wc_Sha3
+
+/* The data type of the pseudo-random function. */
+#define KYBER_PRF_T     wc_Shake
+
+/* Kyber key. */
+struct KyberKey {
+    /* Type of key: KYBER512, KYBER768, KYBER1024 */
+    int type;
+    /* Dynamic memory allocation hint. */
+    void* heap;
+#if defined(WOLF_CRYPTO_CB)
+    /* Device Id. */
+    int devId;
+#endif
+    /* Flags indicating what is stored in the key. */
+    int flags;
+
+    /* A pseudo-random function object. */
+    KYBER_HASH_T hash;
+    /* A pseudo-random function object. */
+    KYBER_PRF_T prf;
+
+    /* Private key as a vector. */
+    sword16 priv[KYBER_MAX_K * KYBER_N];
+    /* Public key as a vector. */
+    sword16 pub[KYBER_MAX_K * KYBER_N];
+    /* Public seed. */
+    byte pubSeed[KYBER_SYM_SZ];
+    /* Public hash - hash of encoded public key. */
+    byte h[KYBER_SYM_SZ];
+    /* Randomizer for decapsulation. */
+    byte z[KYBER_SYM_SZ];
+#ifdef WOLFSSL_MLKEM_CACHE_A
+    /* A matrix from key generation. */
+    sword16 a[KYBER_MAX_K * KYBER_MAX_K * KYBER_N];
+#endif
+};
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+WOLFSSL_LOCAL
+void kyber_init(void);
+
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+WOLFSSL_LOCAL
+void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
+    int kp);
+#else
+WOLFSSL_LOCAL
+int kyber_keygen_seeds(sword16* priv, sword16* pub, KYBER_PRF_T* prf,
+    sword16* e, int kp, byte* seed, byte* noiseSeed);
+#endif
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+WOLFSSL_LOCAL
+void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp);
+#else
+WOLFSSL_LOCAL
+int kyber_encapsulate_seeds(const sword16* pub, KYBER_PRF_T* prf, sword16* bp,
+    sword16* tp, sword16* sp, int kp, const byte* msg, byte* seed,
+    byte* coins);
+#endif
+WOLFSSL_LOCAL
+void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp);
+
+WOLFSSL_LOCAL
+int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
+    int transposed);
+WOLFSSL_LOCAL
+int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed);
+
+#if defined(USE_INTEL_SPEEDUP) || \
+        (defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+WOLFSSL_LOCAL
+int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen);
+#endif
+WOLFSSL_LOCAL
+void kyber_hash_init(KYBER_HASH_T* hash);
+WOLFSSL_LOCAL
+int kyber_hash_new(KYBER_HASH_T* hash, void* heap, int devId);
+WOLFSSL_LOCAL
+void kyber_hash_free(KYBER_HASH_T* hash);
+WOLFSSL_LOCAL
+int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out);
+WOLFSSL_LOCAL
+int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
+    const byte* data2, word32 data2Len, byte* out);
+
+WOLFSSL_LOCAL
+void kyber_prf_init(KYBER_PRF_T* prf);
+WOLFSSL_LOCAL
+int kyber_prf_new(KYBER_PRF_T* prf, void* heap, int devId);
+WOLFSSL_LOCAL
+void kyber_prf_free(KYBER_PRF_T* prf);
+
+WOLFSSL_LOCAL
+int kyber_cmp(const byte* a, const byte* b, int sz);
+
+WOLFSSL_LOCAL
+void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp);
+WOLFSSL_LOCAL
+void kyber_vec_compress_11(byte* r, sword16* v);
+WOLFSSL_LOCAL
+void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
+    unsigned int kp);
+WOLFSSL_LOCAL
+void kyber_vec_decompress_11(sword16* v, const unsigned char* b);
+
+WOLFSSL_LOCAL
+void kyber_compress_4(byte* b, sword16* p);
+WOLFSSL_LOCAL
+void kyber_compress_5(byte* b, sword16* p);
+WOLFSSL_LOCAL
+void kyber_decompress_4(sword16* p, const unsigned char* b);
+WOLFSSL_LOCAL
+void kyber_decompress_5(sword16* p, const unsigned char* b);
+
+WOLFSSL_LOCAL
+void kyber_from_msg(sword16* p, const byte* msg);
+WOLFSSL_LOCAL
+void kyber_to_msg(byte* msg, sword16* p);
+WOLFSSL_LOCAL
+void kyber_from_bytes(sword16* p, const byte* b, int k);
+WOLFSSL_LOCAL
+void kyber_to_bytes(byte* b, sword16* p, int k);
+
+#ifdef USE_INTEL_SPEEDUP
+WOLFSSL_LOCAL
+void kyber_keygen_avx2(sword16* priv, sword16* pub, sword16* e,
+    const sword16* a, int kp);
+WOLFSSL_LOCAL
+void kyber_encapsulate_avx2(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp);
+WOLFSSL_LOCAL
+void kyber_decapsulate_avx2(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp);
+
+WOLFSSL_LOCAL
+unsigned int kyber_rej_uniform_n_avx2(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+WOLFSSL_LOCAL
+unsigned int kyber_rej_uniform_avx2(sword16* p, unsigned int len, const byte* r,
+    unsigned int rLen);
+WOLFSSL_LOCAL
+void kyber_redistribute_21_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void kyber_redistribute_17_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void kyber_redistribute_16_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void kyber_redistribute_8_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+
+WOLFSSL_LOCAL
+void kyber_sha3_blocksx4_avx2(word64* s);
+WOLFSSL_LOCAL
+void kyber_sha3_128_blocksx4_seed_avx2(word64* s, byte* seed);
+WOLFSSL_LOCAL
+void kyber_sha3_256_blocksx4_seed_avx2(word64* s, byte* seed);
+
+WOLFSSL_LOCAL
+void kyber_cbd_eta2_avx2(sword16* p, const byte* r);
+WOLFSSL_LOCAL
+void kyber_cbd_eta3_avx2(sword16* p, const byte* r);
+
+WOLFSSL_LOCAL
+void kyber_from_msg_avx2(sword16* p, const byte* msg);
+WOLFSSL_LOCAL
+void kyber_to_msg_avx2(byte* msg, sword16* p);
+
+WOLFSSL_LOCAL
+void kyber_from_bytes_avx2(sword16* p, const byte* b);
+WOLFSSL_LOCAL
+void kyber_to_bytes_avx2(byte* b, sword16* p);
+
+WOLFSSL_LOCAL
+void kyber_compress_10_avx2(byte* r, const sword16* p, int n);
+WOLFSSL_LOCAL
+void kyber_decompress_10_avx2(sword16* p, const byte* r, int n);
+WOLFSSL_LOCAL
+void kyber_compress_11_avx2(byte* r, const sword16* p, int n);
+WOLFSSL_LOCAL
+void kyber_decompress_11_avx2(sword16* p, const byte* r, int n);
+
+WOLFSSL_LOCAL
+void kyber_compress_4_avx2(byte* r, const sword16* p);
+WOLFSSL_LOCAL
+void kyber_decompress_4_avx2(sword16* p, const byte* r);
+WOLFSSL_LOCAL
+void kyber_compress_5_avx2(byte* r, const sword16* p);
+WOLFSSL_LOCAL
+void kyber_decompress_5_avx2(sword16* p, const byte* r);
+
+
+WOLFSSL_LOCAL
+int kyber_cmp_avx2(const byte* a, const byte* b, int sz);
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+WOLFSSL_LOCAL void kyber_ntt(sword16* r);
+WOLFSSL_LOCAL void kyber_invntt(sword16* r);
+WOLFSSL_LOCAL void kyber_ntt_sqrdmlsh(sword16* r);
+WOLFSSL_LOCAL void kyber_invntt_sqrdmlsh(sword16* r);
+WOLFSSL_LOCAL void kyber_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_add_reduce(sword16* r, const sword16* a);
+WOLFSSL_LOCAL void kyber_add3_reduce(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_rsub_reduce(sword16* r, const sword16* a);
+WOLFSSL_LOCAL void kyber_to_mont(sword16* p);
+WOLFSSL_LOCAL void kyber_to_mont_sqrdmlsh(sword16* p);
+WOLFSSL_LOCAL void kyber_sha3_blocksx3_neon(word64* state);
+WOLFSSL_LOCAL void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed);
+WOLFSSL_LOCAL void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed);
+WOLFSSL_LOCAL unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz);
+WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p);
+WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg);
+WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p);
+#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM)
+#define kyber_ntt                   kyber_thumb2_ntt
+#define kyber_invntt                kyber_thumb2_invntt
+#define kyber_basemul_mont          kyber_thumb2_basemul_mont
+#define kyber_basemul_mont_add      kyber_thumb2_basemul_mont_add
+#define kyber_rej_uniform_c         kyber_thumb2_rej_uniform
+
+WOLFSSL_LOCAL void kyber_thumb2_ntt(sword16* r);
+WOLFSSL_LOCAL void kyber_thumb2_invntt(sword16* r);
+WOLFSSL_LOCAL void kyber_thumb2_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_thumb2_csubq(sword16* p);
+WOLFSSL_LOCAL unsigned int kyber_thumb2_rej_uniform(sword16* p,
+    unsigned int len, const byte* r, unsigned int rLen);
+#elif defined(WOLFSSL_ARMASM)
+#define kyber_ntt                   kyber_arm32_ntt
+#define kyber_invntt                kyber_arm32_invntt
+#define kyber_basemul_mont          kyber_arm32_basemul_mont
+#define kyber_basemul_mont_add      kyber_arm32_basemul_mont_add
+#define kyber_rej_uniform_c         kyber_arm32_rej_uniform
+
+WOLFSSL_LOCAL void kyber_arm32_ntt(sword16* r);
+WOLFSSL_LOCAL void kyber_arm32_invntt(sword16* r);
+WOLFSSL_LOCAL void kyber_arm32_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_arm32_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void kyber_arm32_csubq(sword16* p);
+WOLFSSL_LOCAL unsigned int kyber_arm32_rej_uniform(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+#endif
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_HAVE_KYBER */
+
+#endif /* WOLF_CRYPT_WC_KYBER_H */
 
diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h
index a0e06e413..5a1a0c058 100644
--- a/wolfssl/wolfcrypt/wc_lms.h
+++ b/wolfssl/wolfcrypt/wc_lms.h
@@ -1,6 +1,6 @@
 /* wc_lms.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,5 +19,484 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#error "Contact wolfSSL to get the implementation of this file"
+/* Implementation based on:
+ *   RFC 8554: Leighton-Micali Hash-Based Signatures
+ *   https://datatracker.ietf.org/doc/html/rfc8554
+ * Implementation by Sean Parkinson.
+ */
 
+/* Possible LMS options:
+ *
+ * WOLFSSL_LMS_LARGE_CACHES                             Default: OFF
+ *   Authentication path caches are large and signing faster.
+ * WOLFSSL_LMS_ROOT_LEVELS                              Default: 5 (Large: 7)
+ *   Number of levels of interior nodes from the to to cached.
+ *   Valid value are: 1..height of subtree.
+ *   The bigger the number, the larger the LmsKey but faster signing.
+ *   Only applies when !WOLFSSL_WC_LMS_SMALL.
+ * WOLFSSL_LMS_CACHE_BITS                               Default: 5 (Large: 7)
+ *   2 to the power of the value is the number of leaf nodes to cache.
+ *   Maximum valid value is height of subtree.
+ *   Valid value are: 0..height of subtree.
+ *   The bigger the number, the larger the LmsKey but faster signing.
+ *   Only applies when !WOLFSSL_WC_LMS_SMALL.
+ *
+ * Memory/Level | R/C | Approx. Time (% of 5/5)
+ *      (Bytes) |     |  H=10  |  H=15  |  H=20
+ * -------------+--------------+--------+--------
+ *         2016 | 5/5 | 100.0% | 100.0% | 100.0%
+ *         3040 | 5/6 |  75.5% |  89.2% |
+ *         4064 | 6/6 |  75.3% |  78.8% |
+ *         4576 | 4/7 |  72.4% |  87.6% |
+ *         6112 | 6/7 |  72.1% |  67.5% |
+ *         8160 | 7/7 |  72.2% |  56.8% |
+ *         8416 | 3/8 |  66.4% |  84.9% |
+ *        12256 | 7/8 |  66.5% |  45.9% |
+ *        16352 | 8/8 |  66.0% |  35.0% |
+ *        16416 | 1/9 |  54.1% |  79.5% |
+ * R = Root levels
+ * C = Cache bits
+ * To mimic the dynamic memory usage of XMSS, use 3/3.
+ *
+ * WOLFSSL_LMS_NO_SIGN SMOOTHING                        Default: OFF
+ *   Disable precalculation of next subtree.
+ *   Use less dynamic memory.
+ *   At certain indexes, signing will take a long time compared to the mean.
+ *   When OFF, the private key holds a second copy of caches.
+ *
+ * WOLFSSL_LMS_NO_SIG_CACHE                             Default: OFF
+ *   Signature cache is disabled.
+ *   This will use less dynamic memory and make signing slower when multiple
+ *   levels.
+ *
+ * Sig cache holds the C and y hashes for a tree that is not the lowest.
+ * Sig cache size = (levels - 1) * (1 + p) * 32 bytes
+ * p is the number of y terms based on Winternitz width.
+ *
+ *  w |  p | l | Bytes
+ * ---+----+---+------
+ *  4 | 67 | 2 |  2176
+ *  4 | 67 | 3 |  4353
+ *  4 | 67 | 4 |  6528
+ *  8 | 34 | 2 |  1120
+ *  8 | 34 | 3 |  2240
+ *  8 | 34 | 4 |  3360
+ * w = Winternitz width
+ * l = #levels
+ */
+
+#ifndef WC_LMS_H
+#define WC_LMS_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
+
+#include <wolfssl/wolfcrypt/lms.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+
+#ifdef WOLFSSL_LMS_MAX_LEVELS
+    /* Maximum number of levels of trees supported by implementation. */
+    #define LMS_MAX_LEVELS          WOLFSSL_LMS_MAX_LEVELS
+#else
+    /* Maximum number of levels of trees supported by implementation. */
+    #define LMS_MAX_LEVELS          4
+#endif
+#if (LMS_MAX_LEVELS < 1) || (LMS_MAX_LEVELS > 4)
+    #error "LMS parameters only support heights 1-4."
+#endif
+
+/* Smoothing is only used when there are 2 or more levels. */
+#if LMS_MAX_LEVELS == 1 && !defined(WOLFSSL_LMS_NO_SIGN_SMOOTHING)
+    #define WOLFSSL_LMS_NO_SIGN_SMOOTHING
+#endif
+
+#ifdef WOLFSSL_LMS_MAX_HEIGHT
+    /* Maximum height of a tree supported by implementation. */
+    #define LMS_MAX_HEIGHT          WOLFSSL_LMS_MAX_HEIGHT
+#else
+    /* Maximum height of a tree supported by implementation. */
+    #define LMS_MAX_HEIGHT          20
+#endif
+#if (LMS_MAX_HEIGHT < 5) || (LMS_MAX_HEIGHT > 20)
+    #error "LMS parameters only support heights 5-20."
+#endif
+
+/* Length of I in bytes. */
+#define LMS_I_LEN                   16
+/* Length of L in bytes. */
+#define LMS_L_LEN                   4
+/* Length of Q for a level. */
+#define LMS_Q_LEN                   4
+/* Length of P in bytes. */
+#define LMS_P_LEN                   2
+/* Length of W in bytes. */
+#define LMS_W_LEN                   1
+
+/* Length of numeric types when encoding. */
+#define LMS_TYPE_LEN                4
+
+/* Size of digest output when truncatint SHA-256 to 192 bits. */
+#define WC_SHA256_192_DIGEST_SIZE   24
+
+/* Maximum size of a node hash. */
+#define LMS_MAX_NODE_LEN            WC_SHA256_DIGEST_SIZE
+/* Maximum size of SEED (produced by hash). */
+#define LMS_SEED_LEN                WC_SHA256_DIGEST_SIZE
+/* Maximum number of P, number of n-byte string elements in LM-OTS signature.
+ * Value of P when N=32 and W=1.
+ */
+#define LMS_MAX_P                   265
+
+
+#ifndef WOLFSSL_LMS_ROOT_LEVELS
+    #ifdef WOLFSSL_LMS_LARGE_CACHES
+        /* Number of root levels of interior nodes to store.  */
+        #define LMS_ROOT_LEVELS         7
+    #else
+        /* Number of root levels of interior nodes to store.  */
+        #define LMS_ROOT_LEVELS         5
+    #endif
+#else
+    #define LMS_ROOT_LEVELS             WOLFSSL_LMS_ROOT_LEVELS
+#endif
+#if LMS_ROOT_LEVELS <= 0
+    #error "LMS_ROOT_LEVELS must be greater than 0."
+#endif
+/* Count of root nodes to store per level. */
+#define LMS_ROOT_COUNT              ((1 << (LMS_ROOT_LEVELS)) - 1)
+
+#ifndef WOLFSSL_LMS_CACHE_BITS
+    #ifdef WOLFSSL_LMS_LARGE_CACHES
+        /* 2 to the power of the value is the number of leaf nodes to cache. */
+        #define LMS_CACHE_BITS          7
+    #else
+        /* 2 to the power of the value is the number of leaf nodes to cache. */
+        #define LMS_CACHE_BITS          5
+    #endif
+#else
+    #define LMS_CACHE_BITS              WOLFSSL_LMS_CACHE_BITS
+#endif
+#if LMS_CACHE_BITS < 0
+    #error "LMS_CACHE_BITS must be greater than or equal to 0."
+#endif
+/* Number of leaf nodes to cache. */
+#define LMS_LEAF_CACHE              (1 << LMS_CACHE_BITS)
+
+/* Maximum number of levels of trees described in private key. */
+#define HSS_MAX_LEVELS              8
+/* Length of full Q in bytes. Q from all levels combined. */
+#define HSS_Q_LEN                   8
+
+/* Compressed parameter set length in bytes. */
+#define HSS_COMPRESS_PARAM_SET_LEN  1
+/* Total compressed parameter set length for private key in bytes. */
+#define HSS_PRIV_KEY_PARAM_SET_LEN  \
+    (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS)
+
+/* Private key length for one level. */
+#define LMS_PRIV_LEN(hLen)          \
+    (LMS_Q_LEN + (hLen) + LMS_I_LEN)
+/* Public key length in signature. */
+#define LMS_PUBKEY_LEN(hLen)        \
+    (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + (hLen))
+
+/* LMS signature data length. */
+#define LMS_SIG_LEN(h, p, hLen)                                                \
+    (LMS_Q_LEN + LMS_TYPE_LEN + (hLen) + (p) * (hLen) + LMS_TYPE_LEN +         \
+     (h) * (hLen))
+
+/* Length of public key. */
+#define HSS_PUBLIC_KEY_LEN(hLen)        (LMS_L_LEN + LMS_PUBKEY_LEN(hLen))
+/* Length of private key. */
+#define HSS_PRIVATE_KEY_LEN(hLen)   \
+    (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + (hLen) + LMS_I_LEN)
+/* Maximum public key length - length is constant for all parameters. */
+#define HSS_MAX_PRIVATE_KEY_LEN     HSS_PRIVATE_KEY_LEN(LMS_MAX_NODE_LEN)
+/* Maximum private key length - length is constant for all parameters. */
+#define HSS_MAX_PUBLIC_KEY_LEN      HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)
+/* Maximum signature length. */
+#define HSS_MAX_SIG_LEN                                                        \
+    (LMS_TYPE_LEN +                                                            \
+     LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN +               \
+                       LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) +  \
+     (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN))
+
+/* Maximum buffer length required for use when hashing. */
+#define LMS_MAX_BUFFER_LEN          \
+    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + 2 * LMS_MAX_NODE_LEN)
+
+
+/* Private key data length.
+ *
+ * HSSPrivKey.priv
+ */
+#define LMS_PRIV_KEY_LEN(l, hLen)           \
+    ((l) * LMS_PRIV_LEN(hLen))
+
+/* Stack of nodes. */
+#define LMS_STACK_CACHE_LEN(h, hLen)        \
+     (((h) + 1) * (hLen))
+
+/* Root cache length. */
+#define LMS_ROOT_CACHE_LEN(rl, hLen)        \
+    (((1 << (rl)) - 1) * (hLen))
+
+/* Leaf cache length. */
+#define LMS_LEAF_CACHE_LEN(cb, hLen)        \
+    ((1 << (cb)) * (hLen))
+
+/* Length of LMS private key state.
+ *
+ * LmsPrivState
+ *   auth_path +
+ *   root +
+ *   stack.stack + stack.offset +
+ *   cache.leaf + cache.index + cache.offset
+ */
+#define LMS_PRIV_STATE_LEN(h, rl, cb, hLen)     \
+    (((h) * (hLen)) +                           \
+     LMS_STACK_CACHE_LEN(h, hLen) + 4 +         \
+     LMS_ROOT_CACHE_LEN(rl, hLen) +             \
+     LMS_LEAF_CACHE_LEN(cb, hLen) + 4 + 4)
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+    /* Private key data state for all levels. */
+    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen)  \
+         ((l) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen))
+#else
+    /* Private key data state for all levels. */
+    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen)  0
+#endif
+
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+    /* Extra private key data for smoothing. */
+    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen)         \
+        (LMS_PRIV_KEY_LEN(l, hLen) +                        \
+         ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen))
+#else
+    /* Extra private key data for smoothing. */
+    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen)     0
+#endif
+
+#ifndef WOLFSSL_LMS_NO_SIG_CACHE
+    #define LMS_PRIV_Y_TREE_LEN(p, hLen)                            \
+        ((hLen) + (p) * (hLen))
+    /* Length of the y data cached in private key data. */
+    #define LMS_PRIV_Y_LEN(l, p, hLen)                              \
+        (((l) - 1) * ((hLen) + (p) * (hLen)))
+#else
+    /* Length of the y data cached in private key data. */
+    #define LMS_PRIV_Y_LEN(l, p, hLen)      0
+#endif
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+/* Length of private key data. */
+#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen)    \
+    (LMS_PRIV_KEY_LEN(l, hLen) +                    \
+     LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) +   \
+     LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) +      \
+     LMS_PRIV_Y_LEN(l, p, hLen))
+#else
+#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen)    \
+    LMS_PRIV_KEY_LEN(l, hLen)
+#endif
+
+/* Indicates using SHA-256 for hashing. */
+#define LMS_SHA256                  0x00
+/* Indicates using SHA-256/192 for hashing. */
+#define LMS_SHA256_192              0x10
+/* Mask to get hashing algorithm from type. */
+#define LMS_HASH_MASK               0xf0
+/* Mask to get height or Winternitz width from type. */
+#define LMS_H_W_MASK                0x0f
+
+/* LMS Parameters. */
+/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */
+#define LMS_SHA256_M32_H5           0x05
+/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */
+#define LMS_SHA256_M32_H10          0x06
+/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */
+#define LMS_SHA256_M32_H15          0x07
+/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */
+#define LMS_SHA256_M32_H20          0x08
+/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */
+#define LMS_SHA256_M32_H25          0x09
+
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */
+#define LMOTS_SHA256_N32_W1         0x01
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */
+#define LMOTS_SHA256_N32_W2         0x02
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */
+#define LMOTS_SHA256_N32_W4         0x03
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */
+#define LMOTS_SHA256_N32_W8         0x04
+
+/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */
+#define LMS_SHA256_M24_H5           (0x05 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */
+#define LMS_SHA256_M24_H10          (0x06 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */
+#define LMS_SHA256_M24_H15          (0x07 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */
+#define LMS_SHA256_M24_H20          (0x08 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */
+#define LMS_SHA256_M24_H25          (0x09 | LMS_SHA256_192)
+
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */
+#define LMOTS_SHA256_N24_W1         (0x01 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */
+#define LMOTS_SHA256_N24_W2         (0x02 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */
+#define LMOTS_SHA256_N24_W4         (0x03 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */
+#define LMOTS_SHA256_N24_W8         (0x04 | LMS_SHA256_192)
+
+typedef struct LmsParams {
+    /* Number of tree levels. */
+    word8 levels;
+    /* Height of each tree. */
+    word8 height;
+    /* Width or Winternitz coefficient. */
+    word8 width;
+    /* Number of left-shift bits used in checksum calculation. */
+    word8 ls;
+    /* Number of n-byte string elements in LM-OTS signature. */
+    word16 p;
+    /* LMS type. */
+    word16 lmsType;
+    /* LMOTS type. */
+    word16 lmOtsType;
+    /* Length of LM-OTS signature. */
+    word16 sig_len;
+    /* Length of seed. */
+    word16 hash_len;
+#ifndef WOLFSSL_WC_LMS_SMALL
+    /* Number of root levels of interior nodes to store. */
+    word8 rootLevels;
+    /* 2 to the power of the value is the number of leaf nodes to cache. */
+    word8 cacheBits;
+#endif
+} LmsParams;
+
+/* Mapping of id and string to parameters. */
+typedef struct wc_LmsParamsMap {
+    /* Identifier of parameters. */
+    enum wc_LmsParm id;
+    /* String representation of identifier of parameters. */
+    const char* str;
+    /* LMS parameter set. */
+    LmsParams params;
+} wc_LmsParamsMap;
+
+typedef struct LmsState {
+    /* Buffer to hold data to hash. */
+    ALIGN16 byte buffer[LMS_MAX_BUFFER_LEN];
+#ifdef WOLFSSL_SMALL_STACK
+    /* Buffer to hold expanded Q coefficients. */
+    ALIGN16 byte a[LMS_MAX_P];
+#endif
+    /* LMS parameters. */
+    const LmsParams* params;
+    /* Hash algorithm. */
+    wc_Sha256 hash;
+    /* Hash algorithm for calculating K. */
+    wc_Sha256 hash_k;
+} LmsState;
+
+#ifndef WOLFSSL_WC_LMS_SMALL
+/* Stack of interior node hashes. */
+typedef struct LmsStack {
+    /* Stack nodes. */
+    byte* stack;
+    /* Top of stack offset. */
+    word32 offset;
+} LmsStack;
+
+/* Cache of leaf hashes. */
+typedef struct HssLeafCache {
+    /* Cache of leaf nodes. Circular queue. */
+    byte* cache;
+    /* Start index of cached leaf nodes. */
+    word32 idx;
+    /* Index into cache of first leaf node. */
+    word32 offset;
+} HssLeafCache;
+
+typedef struct LmsPrivState {
+    /* Authentication path for current index. */
+    byte* auth_path;
+    /* Stack nodes. */
+    LmsStack stack;
+    /* Root nodes. */
+    byte* root;
+    /* Cache of leaf nodes. */
+    HssLeafCache leaf;
+} LmsPrivState;
+#endif /* WOLFSSL_WC_LMS_SMALL */
+
+typedef struct HssPrivKey {
+    /* Private key. */
+    byte* priv;
+#ifndef WOLFSSL_WC_LMS_SMALL
+    /* Per level state of the private key. */
+    LmsPrivState state[LMS_MAX_LEVELS];
+#ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
+    /* Next private key. */
+    byte* next_priv;
+    /* Next private state. */
+    LmsPrivState next_state[LMS_MAX_LEVELS - 1];
+#endif
+#ifndef WOLFSSL_LMS_NO_SIG_CACHE
+    /* Per level state of the private key. */
+    byte* y;
+#endif
+    /* Indicates the key has all levels initialized. */
+    word8 inited:1;
+#endif
+} HssPrivKey;
+
+struct LmsKey {
+    /* Public key. */
+    ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)];
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+    /* Encoded private key. */
+    ALIGN16 byte priv_raw[HSS_MAX_PRIVATE_KEY_LEN];
+
+    /* Packed private key data. */
+    byte* priv_data;
+    /* HSS Private key. */
+    HssPrivKey priv;
+
+    /* Callback to write/update key. */
+    wc_lms_write_private_key_cb write_private_key;
+    /* Callback to read key. */
+    wc_lms_read_private_key_cb  read_private_key;
+    /* Context arg passed to callbacks. */
+    void*                context;
+    /* Dynamic memory hint. */
+    void* heap;
+#endif /* !WOLFSSL_LMS_VERIFY_ONLY */
+    /* Parameters of key. */
+    const LmsParams* params;
+    /* Current state of key. */
+    enum wc_LmsState state;
+#ifdef WOLF_CRYPTO_CB
+    /* Device Identifier. */
+    int devId;
+#endif
+};
+
+int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
+    HssPrivKey* priv_key, byte* priv_data, byte* pub);
+int wc_hss_reload_key(LmsState* state, const byte* priv_raw,
+    HssPrivKey* priv_key, byte* priv_data, byte* pub_root);
+int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
+    byte* priv_data, const byte* msg, word32 msgSz, byte* sig);
+int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw);
+int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
+    word32 msgSz, const byte* sig);
+
+#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
+
+#endif /* WC_LMS_H */
diff --git a/wolfssl/wolfcrypt/wc_pkcs11.h b/wolfssl/wolfcrypt/wc_pkcs11.h
index 85717c240..fdc51e096 100644
--- a/wolfssl/wolfcrypt/wc_pkcs11.h
+++ b/wolfssl/wolfcrypt/wc_pkcs11.h
@@ -1,6 +1,6 @@
 /* wc_pkcs11.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -97,6 +97,10 @@ WOLFSSL_API int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear,
 WOLFSSL_API int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info,
     void* ctx);
 
+WOLFSSL_LOCAL int wc_hash2sz(int);
+WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_hash2ckm(int);
+WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_mgf2ckm(int);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 44deeb426..b0778dfb9 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -1,6 +1,6 @@
 /* wc_port.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -54,12 +54,112 @@
     #endif
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_wc_port.h"
 #endif /* WOLFSSL_LINUXKM */
 
+#ifndef WARN_UNUSED_RESULT
+    #if defined(WOLFSSL_LINUXKM) && defined(__must_check)
+        #define WARN_UNUSED_RESULT __must_check
+    #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
+        (defined(__IAR_SYSTEMS_ICC__) && (__VER__ >= 9040001))
+        #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+    #else
+        #define WARN_UNUSED_RESULT
+    #endif
+#endif /* !WARN_UNUSED_RESULT */
+
+#ifndef WC_MAYBE_UNUSED
+    #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || \
+            defined(__IAR_SYSTEMS_ICC__)
+        #define WC_MAYBE_UNUSED __attribute__((unused))
+    #else
+        #define WC_MAYBE_UNUSED
+    #endif
+#endif /* !WC_MAYBE_UNUSED */
+
+/* use inlining if compiler allows */
+#ifndef WC_INLINE
+#ifndef NO_INLINE
+    #ifdef _MSC_VER
+        #define WC_INLINE __inline
+    #elif defined(__GNUC__)
+           #ifdef WOLFSSL_VXWORKS
+               #define WC_INLINE __inline__
+           #else
+               #define WC_INLINE inline
+           #endif
+    #elif defined(__IAR_SYSTEMS_ICC__)
+        #define WC_INLINE inline
+    #elif defined(THREADX)
+        #define WC_INLINE _Inline
+    #elif defined(__ghc__)
+        #ifndef __cplusplus
+            #define WC_INLINE __inline
+        #else
+            #define WC_INLINE inline
+        #endif
+    #elif defined(__CCRX__)
+        #define WC_INLINE inline
+    #elif defined(__DCC__)
+        #ifndef __cplusplus
+            #define WC_INLINE __inline__
+        #else
+            #define WC_INLINE inline
+        #endif
+    #else
+        #define WC_INLINE WC_MAYBE_UNUSED
+    #endif
+#else
+    #define WC_INLINE WC_MAYBE_UNUSED
+#endif
+#endif
+
 /* THREADING/MUTEX SECTION */
-#ifdef USE_WINDOWS_API
+#if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM)
+    /* No system headers required for build. */
+#elif defined(__WATCOMC__)
+    #if defined(SINGLE_THREADED)
+        #if defined(USE_WINDOWS_API)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+            #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */
+            #ifndef WOLFSSL_USER_IO
+                #include <winsock2.h>
+                #include <ws2tcpip.h> /* required for InetPton */
+            #endif
+        #elif defined(__OS2__)
+            #include <os2.h>
+        #endif
+    #else
+        #if defined(USE_WINDOWS_API)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+            #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */
+            #include <process.h>
+            #ifndef WOLFSSL_USER_IO
+                #include <winsock2.h>
+                #include <ws2tcpip.h> /* required for InetPton */
+            #endif
+        #elif defined(__OS2__)
+            #define INCL_DOSSEMAPHORES
+            #define INCL_DOSPROCESS
+            #include <os2.h>
+            #include <process.h>
+        #else
+            #ifndef WOLFSSL_USER_MUTEX
+                #define WOLFSSL_PTHREADS
+            #endif
+            #if defined(WOLFSSL_PTHREADS)
+                #include <pthread.h>
+            #endif
+        #endif
+    #endif
+#elif defined(USE_WINDOWS_API)
     #if defined(WOLFSSL_PTHREADS)
         #include <pthread.h>
     #endif
@@ -69,18 +169,17 @@
         #ifndef WIN32_LEAN_AND_MEAN
             #define WIN32_LEAN_AND_MEAN
         #endif
-        #ifndef WOLFSSL_SGX
-            #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
-                /* On WinCE winsock2.h must be included before windows.h */
-                #include <winsock2.h>
-            #endif
+        #if !defined(WOLFSSL_SGX) && !defined(WOLFSSL_NOT_WINDOWS_API)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file. */
             #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */
             #ifndef WOLFSSL_USER_IO
+                #include <winsock2.h>
                 #include <ws2tcpip.h> /* required for InetPton */
             #endif
         #endif /* WOLFSSL_SGX */
     #endif
-    #ifndef SINGLE_THREADED
+    #if !defined(SINGLE_THREADED) && !defined(_WIN32_WCE)
         #include <process.h>
     #endif
 #elif defined(THREADX)
@@ -145,13 +244,20 @@
 #elif defined(WOLFSSL_APACHE_MYNEWT)
     /* do nothing */
 #elif defined(WOLFSSL_ZEPHYR)
+    #include <version.h>
     #ifndef SINGLE_THREADED
-        #ifndef CONFIG_PTHREAD_IPC
-            #error "Need CONFIG_PTHREAD_IPC for threading"
+        #if !defined(CONFIG_PTHREAD_IPC) && !defined(CONFIG_POSIX_THREADS)
+            #error "Threading needs CONFIG_PTHREAD_IPC / CONFIG_POSIX_THREADS"
         #endif
+    #if KERNEL_VERSION_NUMBER >= 0x30100
         #include <zephyr/kernel.h>
         #include <zephyr/posix/posix_types.h>
         #include <zephyr/posix/pthread.h>
+    #else
+        #include <kernel.h>
+        #include <posix/posix_types.h>
+        #include <posix/pthread.h>
+    #endif
     #endif
 #elif defined(WOLFSSL_TELIT_M2MB)
 
@@ -214,7 +320,7 @@
 #else /* MULTI_THREADED */
     /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
     #if defined(FREERTOS)
-        #if ESP_IDF_VERSION_MAJOR >= 4
+        #if defined(ESP_IDF_VERSION_MAJOR) && (ESP_IDF_VERSION_MAJOR >= 4)
             typedef SemaphoreHandle_t wolfSSL_Mutex;
         #else
             typedef xSemaphoreHandle wolfSSL_Mutex;
@@ -244,7 +350,7 @@
             typedef pthread_rwlock_t wolfSSL_RwLock;
         #endif
         typedef pthread_mutex_t wolfSSL_Mutex;
-        #define WOLFSSL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
+        #define WOLFSSL_MUTEX_INITIALIZER(lockname) PTHREAD_MUTEX_INITIALIZER
     #elif defined(THREADX)
         typedef TX_MUTEX wolfSSL_Mutex;
     #elif defined(WOLFSSL_DEOS)
@@ -301,21 +407,44 @@
         /* typedef User_Mutex wolfSSL_Mutex; */
     #elif defined(WOLFSSL_LINUXKM)
         /* definitions are in linuxkm/linuxkm_wc_port.h */
+    #elif defined(__WATCOMC__)
+        /* OS/2 */
+        typedef ULONG wolfSSL_Mutex;
     #else
         #error Need a mutex type in multithreaded mode
     #endif /* USE_WINDOWS_API */
 
 #endif /* SINGLE_THREADED */
+
+#ifdef WOLFSSL_TEST_NO_MUTEX_INITIALIZER
+    #undef WOLFSSL_MUTEX_INITIALIZER
+#endif
+
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) = WOLFSSL_MUTEX_INITIALIZER(lockname)
+#else
+    #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) /* null expansion */
+#endif
+
 #if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED)
     typedef wolfSSL_Mutex wolfSSL_RwLock;
 #endif
 
 #ifndef WOLFSSL_NO_ATOMICS
-#ifdef HAVE_C___ATOMIC
+#ifdef SINGLE_THREADED
+    typedef int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) (x)
+    #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
+    #define WOLFSSL_ATOMIC_OPS
+#elif defined(HAVE_C___ATOMIC)
 #ifdef __cplusplus
 #if defined(__GNUC__) && defined(__ATOMIC_RELAXED)
     /* C++ using direct calls to compiler built-in functions */
     typedef volatile int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), __ATOMIC_CONSUME)
+    #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), val, __ATOMIC_RELEASE)
     #define WOLFSSL_ATOMIC_OPS
 #endif
 #else
@@ -323,58 +452,70 @@
     /* Default C Implementation */
     #include <stdatomic.h>
     typedef atomic_int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
+    #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
     #define WOLFSSL_ATOMIC_OPS
     #endif /* WOLFSSL_HAVE_ATOMIC_H */
 #endif
-#elif defined(_MSC_VER)
+#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)
     /* Use MSVC compiler intrinsics for atomic ops */
-    #include <intrin.h>
+    #ifdef _WIN32_WCE
+        #include <armintr.h>
+    #else
+        #include <intrin.h>
+    #endif
     typedef volatile long wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) (x)
+    #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
     #define WOLFSSL_ATOMIC_OPS
 #endif
 #endif /* WOLFSSL_NO_ATOMICS */
 
-#ifdef WOLFSSL_ATOMIC_OPS
-    WOLFSSL_LOCAL void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
+#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
+    WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
     /* Fetch* functions return the value of the counter immediately preceding
      * the effects of the function. */
-    WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
-    WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+#else
+    /* Code using these fallback implementations in non-SINGLE_THREADED builds
+     * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int,
+     * which is not defined if !defined(WOLFSSL_ATOMIC_OPS) &&
+     * !defined(SINGLE_THREADED).  This forces local awareness of thread-unsafe
+     * semantics.
+     */
+    #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i))
+    static WC_INLINE int wolfSSL_Atomic_Int_FetchAdd(int *c, int i) {
+        int ret = *c;
+        *c += i;
+        return ret;
+    }
+    static WC_INLINE int wolfSSL_Atomic_Int_FetchSub(int *c, int i) {
+        int ret = *c;
+        *c -= i;
+        return ret;
+    }
 #endif
 
 /* Reference counting. */
-typedef struct wolfSSL_Ref {
-#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_ATOMIC_OPS)
+typedef struct wolfSSL_RefWithMutex {
+#if !defined(SINGLE_THREADED)
     wolfSSL_Mutex mutex;
 #endif
-#ifdef WOLFSSL_ATOMIC_OPS
-    wolfSSL_Atomic_Int count;
-#else
     int count;
-#endif
+} wolfSSL_RefWithMutex;
+
+#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
+typedef struct wolfSSL_Ref {
+    wolfSSL_Atomic_Int count;
 } wolfSSL_Ref;
+#else
+typedef struct wolfSSL_RefWithMutex wolfSSL_Ref;
+#endif
 
-#ifdef SINGLE_THREADED
-
-#define wolfSSL_RefInit(ref, err)            \
-    do {                                     \
-        (ref)->count = 1;                    \
-        *(err) = 0;                          \
-    } while(0)
-#define wolfSSL_RefFree(ref) WC_DO_NOTHING
-    #define wolfSSL_RefInc(ref, err)         \
-    do {                                     \
-        (ref)->count++;                      \
-        *(err) = 0;                          \
-    } while(0)
-#define wolfSSL_RefDec(ref, isZero, err)     \
-    do {                                     \
-        (ref)->count--;                      \
-        *(isZero) = ((ref)->count == 0);     \
-        *(err) = 0;                          \
-    } while(0)
-
-#elif defined(WOLFSSL_ATOMIC_OPS)
+#if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS)
 
 #define wolfSSL_RefInit(ref, err)            \
     do {                                     \
@@ -399,17 +540,41 @@ typedef struct wolfSSL_Ref {
 
 #define WOLFSSL_REFCNT_ERROR_RETURN
 
-WOLFSSL_LOCAL void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err);
-WOLFSSL_LOCAL void wolfSSL_RefFree(wolfSSL_Ref* ref);
-WOLFSSL_LOCAL void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err);
-WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
+#define wolfSSL_RefInit wolfSSL_RefWithMutexInit
+#define wolfSSL_RefFree wolfSSL_RefWithMutexFree
+#define wolfSSL_RefInc wolfSSL_RefWithMutexInc
+#define wolfSSL_RefDec wolfSSL_RefWithMutexDec
+
+#endif
+
+#if defined(SINGLE_THREADED)
+
+#define wolfSSL_RefWithMutexInit wolfSSL_RefInit
+#define wolfSSL_RefWithMutexFree wolfSSL_RefFree
+#define wolfSSL_RefWithMutexInc wolfSSL_RefInc
+#define wolfSSL_RefWithMutexLock(ref) 0
+#define wolfSSL_RefWithMutexUnlock(ref) 0
+#define wolfSSL_RefWithMutexDec wolfSSL_RefDec
+
+#else
+
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexInit(wolfSSL_RefWithMutex* ref,
+                                            int* err);
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref);
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref,
+                                            int* err);
+WOLFSSL_LOCAL int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref);
+WOLFSSL_LOCAL int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref);
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref,
+                                            int* isZero, int* err);
 
 #endif
 
 
 /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
 #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
-    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
+    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) || \
+    defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
     #ifndef WOLFSSL_CRYPT_HW_MUTEX
         #define WOLFSSL_CRYPT_HW_MUTEX  1
     #endif
@@ -424,9 +589,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
        however it's recommended to call this directly on Hw init to avoid possible
        race condition where two calls to wolfSSL_CryptHwMutexLock are made at
        the same time. */
-    int wolfSSL_CryptHwMutexInit(void);
-    int wolfSSL_CryptHwMutexLock(void);
-    int wolfSSL_CryptHwMutexUnLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexUnLock(void);
 #else
     /* Define stubs, since HW mutex is disabled */
     #define wolfSSL_CryptHwMutexInit()      0 /* Success */
@@ -434,6 +599,74 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
     #define wolfSSL_CryptHwMutexUnLock()    (void)0 /* Success */
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
+#if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \
+        defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX))
+        #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexes off
+#endif
+/* To support HW that can do different Crypto in parallel */
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+    typedef enum {
+        #ifndef NO_RNG_MUTEX
+        rng_mutex,
+        #endif
+        #ifndef NO_AES_MUTEX
+        aes_mutex,
+        #endif
+        #ifndef NO_HASH_MUTEX
+        hash_mutex,
+        #endif
+        #ifndef NO_PK_MUTEX
+        pk_mutex,
+        #endif
+    } hw_mutex_algo;
+#endif
+
+/* If algo mutex is off, or WOLFSSL_ALGO_HW_MUTEX is not define, default */
+/* to using the generic wolfSSL_CryptHwMutex */
+#if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexUnLock(void);
+#else
+    #define wolfSSL_HwRngMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwRngMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwRngMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexUnLock(void);
+#else
+    #define wolfSSL_HwAesMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwAesMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwAesMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexUnLock(void);
+#else
+    #define wolfSSL_HwHashMutexInit   wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwHashMutexLock   wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwHashMutexUnLock wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexUnLock(void);
+#else
+    #define wolfSSL_HwPkMutexInit     wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwPkMutexLock     wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwPkMutexUnLock   wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* Mutex functions */
 WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m);
 WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
@@ -571,13 +804,14 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
      * make the API more POSIX like. */
     XFILE z_fs_open(const char* filename, const char* mode);
     int z_fs_close(XFILE file);
+    int z_fs_rewind(XFILE file);
 
     #define XFOPEN              z_fs_open
     #define XFCLOSE             z_fs_close
     #define XFFLUSH             fs_sync
     #define XFSEEK              fs_seek
     #define XFTELL              fs_tell
-    #define XFREWIND            fs_rewind
+    #define XFREWIND            z_fs_rewind
     #define XFREAD(P,S,N,F)     fs_read(F, P, S*N)
     #define XFWRITE(P,S,N,F)    fs_write(F, P, S*N)
     #define XSEEK_SET           FS_SEEK_SET
@@ -695,52 +929,85 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XFGETS     fgets
     #define XFPRINTF   fprintf
     #define XFFLUSH    fflush
+    #define XFEOF(fp)  feof(fp)
+    #define XFERROR(fp) ferror(fp)
+    #define XCLEARERR(fp) clearerr(fp)
 
     #if !defined(NO_WOLFSSL_DIR)\
         && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-    #if defined(USE_WINDOWS_API)
-        #include <sys/stat.h>
-        #ifndef XSTAT
-        #define XSTAT       _stat
-        #endif
-        #define XS_ISREG(s) (s & _S_IFREG)
-        #define SEPARATOR_CHAR ';'
+        #if defined(__WATCOMC__)
+            #include <unistd.h>
+            #include <sys/stat.h>
+            #define XWRITE      write
+            #define XREAD       read
+            #define XCLOSE      close
+            #define XSTAT       stat
+            #define XS_ISREG(s) S_ISREG(s)
+            #if defined(__UNIX__)
+                #include <dirent.h>
+                #define SEPARATOR_CHAR ':'
+            #else
+                #include <direct.h>
+                #define SEPARATOR_CHAR ';'
+            #endif
+            #if defined(__NT__)
+                #define XALTHOMEVARNAME "USERPROFILE"
+            #endif
+        #elif defined(USE_WINDOWS_API)
+            #include <io.h>
+            #include <sys/stat.h>
+            #ifndef XSTAT
+                #define XSTAT       _stat
+            #endif
+            #define XS_ISREG(s) (s & _S_IFREG)
+            #define SEPARATOR_CHAR ';'
+            #define XWRITE      _write
+            #define XREAD       _read
+            #define XALTHOMEVARNAME "USERPROFILE"
 
-    #elif defined(INTIME_RTOS)
-        #include <sys/stat.h>
-        #ifndef XSTAT
-        #define XSTAT _stat64
-        #endif
-        #define XS_ISREG(s) S_ISREG(s)
-        #define SEPARATOR_CHAR ';'
-        #define XWRITE      write
-        #define XREAD       read
-        #define XCLOSE      close
+        #elif defined(ARDUINO)
+            #ifndef XSTAT
+                #define XSTAT       _stat
+            #endif
+            #define XS_ISREG(s) (s & _S_IFREG)
+            #define SEPARATOR_CHAR ';'
 
-    #elif defined(WOLFSSL_TELIT_M2MB)
-        #ifndef XSTAT
-        #define XSTAT       m2mb_fs_stat
-        #endif
-        #define XS_ISREG(s) (s & M2MB_S_IFREG)
-        #define SEPARATOR_CHAR ':'
-    #else
-        #include <dirent.h>
-        #include <unistd.h>
-        #include <sys/stat.h>
-        #define XWRITE      write
-        #define XREAD       read
-        #define XCLOSE      close
-        #ifndef XSTAT
-        #define XSTAT       stat
-        #endif
-        #define XS_ISREG(s) S_ISREG(s)
-        #define SEPARATOR_CHAR ':'
-    #endif
+        #elif defined(INTIME_RTOS)
+            #include <sys/stat.h>
+            #ifndef XSTAT
+            #define XSTAT _stat64
+            #endif
+            #define XS_ISREG(s) S_ISREG(s)
+            #define SEPARATOR_CHAR ';'
+            #define XWRITE      write
+            #define XREAD       read
+            #define XCLOSE      close
 
-    #ifndef XSTAT_TYPE
-        #define XSTAT_TYPE struct XSTAT
-    #endif
-    #endif
+        #elif defined(WOLFSSL_TELIT_M2MB)
+            #ifndef XSTAT
+            #define XSTAT       m2mb_fs_stat
+            #endif
+            #define XS_ISREG(s) (s & M2MB_S_IFREG)
+            #define SEPARATOR_CHAR ':'
+
+        #else
+            #include <dirent.h>
+            #include <unistd.h>
+            #include <sys/stat.h>
+            #define XWRITE      write
+            #define XREAD       read
+            #define XCLOSE      close
+            #ifndef XSTAT
+            #define XSTAT       stat
+            #endif
+            #define XS_ISREG(s) S_ISREG(s)
+            #define SEPARATOR_CHAR ':'
+        #endif
+
+        #ifndef XSTAT_TYPE
+            #define XSTAT_TYPE struct XSTAT
+        #endif
+    #endif /* !NO_WOLFSSL_DIR !WOLFSSL_NUCLEUS !WOLFSSL_NUCLEUS_1_2 */
 #endif
 
     #ifndef MAX_FILENAME_SZ
@@ -749,6 +1016,15 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #ifndef MAX_PATH
         #define MAX_PATH (260 + 1)
     #endif
+    #ifndef XFEOF
+        #define XFEOF(fp)  0
+    #endif
+    #ifndef XFERROR
+        #define XFERROR(fp) 0
+    #endif
+    #ifndef XCLEARERR
+        #define XCLEARERR(fp) WC_DO_NOTHING
+    #endif
 
     WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf,
         size_t* bufLen, void* heap);
@@ -777,6 +1053,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
         #define IntimeFindNext(data)  (0 == _findnext64(data))
         #define IntimeFindClose(data) (0 == _findclose64(data))
         #define IntimeFilename(ctx)   ctx->FindFileData.f_filename
+    #elif defined(ARDUINO)
+        /* TODO: board specific features */
     #else
         struct dirent* entry;
         DIR*   dir;
@@ -813,14 +1091,35 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XSPRINTF   sprintf
 #endif
 
+#ifdef USE_WINDOWS_API
+    #ifndef SOCKET_T
+        #ifdef __MINGW64__
+            typedef size_t SOCKET_T;
+        #else
+            typedef unsigned int SOCKET_T;
+        #endif
+    #endif
+    #ifndef SOCKET_INVALID
+        #define SOCKET_INVALID INVALID_SOCKET
+    #endif
+#else
+    #ifndef SOCKET_T
+        typedef int SOCKET_T;
+    #endif
+    #ifndef SOCKET_INVALID
+        #define SOCKET_INVALID (-1)
+    #endif
+#endif
 
 /* MIN/MAX MACRO SECTION */
 /* Windows API defines its own min() macro. */
 #if defined(USE_WINDOWS_API)
     #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+        #undef  WOLFSSL_HAVE_MIN
         #define WOLFSSL_HAVE_MIN
     #endif /* min */
     #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+        #undef  WOLFSSL_HAVE_MAX
         #define WOLFSSL_HAVE_MAX
     #endif /* max */
 #endif /* USE_WINDOWS_API */
@@ -943,7 +1242,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XGMTIME(c, t)   gmtime((c))
 
 #elif defined(_WIN32_WCE)
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
     #include <stdlib.h> /* For file system */
 
     time_t windows_time(time_t* timer);
@@ -980,8 +1281,13 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define USE_WOLF_TIME_T
 
 #elif defined(WOLFSSL_ZEPHYR)
+    #include <version.h>
     #ifndef _POSIX_C_SOURCE
-        #include <zephyr/posix/time.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/posix/time.h>
+        #else
+            #include <posix/time.h>
+        #endif
     #else
         #include <time.h>
     #endif
@@ -1034,7 +1340,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #endif
 
     /* PowerPC time_t is int */
-    #ifdef __PPC__
+    #if defined(__PPC__) || defined(__ppc__)
         #define TIME_T_NOT_64BIT
     #endif
 
@@ -1139,7 +1445,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif /* !NO_ASN_TIME */
 
 
-#ifndef WOLFSSL_LEANPSK
+#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \
+    defined(USE_WOLF_STRNSTR)
     char* mystrnstr(const char* s1, const char* s2, unsigned int n);
 #endif
 
@@ -1157,9 +1464,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     /* By default, the OCTEON's global variables are all thread local. This
      * tag allows them to be shared between threads. */
     #include "cvmx-platform.h"
-    #define WOLFSSL_GLOBAL CVMX_SHARED
+    #define WC_THREADSHARED CVMX_SHARED
 #else
-    #define WOLFSSL_GLOBAL
+    #define WC_THREADSHARED
 #endif
 
 #ifdef WOLFSSL_DSP
@@ -1180,6 +1487,45 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #endif
 #endif
 
+#ifdef WOLF_C99
+    /* use alternate keyword for compatibility with -std=c99 */
+    #define XASM_VOLATILE(a) __asm__ volatile(a)
+#elif defined(__IAR_SYSTEMS_ICC__)
+    #define XASM_VOLATILE(a) asm volatile(a)
+#elif defined(__KEIL__)
+    #define XASM_VOLATILE(a) __asm volatile(a)
+#else
+    #define XASM_VOLATILE(a) __asm__ __volatile__(a)
+#endif
+
+#ifndef WOLFSSL_NO_FENCE
+    #ifdef XFENCE
+        /* use user-supplied XFENCE definition. */
+    #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)
+        #include <stdatomic.h>
+        #define XFENCE() atomic_thread_fence(memory_order_seq_cst)
+    #elif defined(__GNUC__) && (__GNUC__ == 4) && \
+          defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 1)
+        #define XFENCE() __sync_synchronize()
+    #elif (defined(__GNUC__) && (__GNUC__ >= 5)) || defined (__clang__)
+        #define XFENCE() __atomic_thread_fence(__ATOMIC_SEQ_CST)
+    #elif defined(WOLFSSL_NO_ASM)
+        #define XFENCE() WC_DO_NOTHING
+    #elif defined (__i386__) || defined(__x86_64__)
+        #define XFENCE() XASM_VOLATILE("lfence")
+    #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__)
+        #define XFENCE() XASM_VOLATILE("isb")
+    #elif defined(__riscv)
+        #define XFENCE() XASM_VOLATILE("fence")
+    #elif defined(__PPC__) || defined(__POWERPC__)
+        #define XFENCE() XASM_VOLATILE("isync; sync")
+    #else
+        #define XFENCE() WC_DO_NOTHING
+    #endif
+#else
+    #define XFENCE() WC_DO_NOTHING
+#endif
+
 
     /* AFTER user_settings.h is loaded,
     ** determine if POSIX multi-threaded: HAVE_PTHREAD  */
diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h
index 96274d794..e59df6193 100644
--- a/wolfssl/wolfcrypt/wc_xmss.h
+++ b/wolfssl/wolfcrypt/wc_xmss.h
@@ -1,6 +1,6 @@
 /* wc_xmss.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,5 +19,267 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#error "Contact wolfSSL to get the implementation of this file"
+/* Based on:
+ *  o RFC 8391 - XMSS: eXtended Merkle Signature Scheme
+ *  o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo
+ *    from "Post Quantum Cryptography", Springer 2009.
+ */
+
+#ifndef WC_XMSS_H
+#define WC_XMSS_H
+
+#ifdef WOLFSSL_HAVE_XMSS
+#include <wolfssl/wolfcrypt/xmss.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/sha3.h>
+
+#if !defined(WOLFSSL_WC_XMSS)
+    #error "This code is incompatible with external implementation of XMSS."
+#endif
+
+#if (defined(WC_XMSS_SHA512) || defined(WC_XMSS_SHAKE256)) && \
+        (WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512)
+    #define WC_XMSS_MAX_N               64
+    #define WC_XMSS_MAX_PADDING_LEN     64
+#else
+    #define WC_XMSS_MAX_N               32
+    #define WC_XMSS_MAX_PADDING_LEN     32
+#endif
+#define WC_XMSS_MAX_MSG_PRE_LEN     \
+    (WC_XMSS_MAX_PADDING_LEN + 3 * WC_XMSS_MAX_N)
+#define WC_XMSS_MAX_TREE_HEIGHT     20
+#define WC_XMSS_MAX_CSUM_BYTES       4
+#define WC_XMSS_MAX_WOTS_LEN        (8 * WC_XMSS_MAX_N / 4 + 3)
+#define WC_XMSS_MAX_WOTS_SIG_LEN    (WC_XMSS_MAX_WOTS_LEN * WC_XMSS_MAX_N)
+#define WC_XMSS_MAX_STACK_LEN       \
+    ((WC_XMSS_MAX_TREE_HEIGHT + 1) * WC_XMSS_MAX_N)
+#define WC_XMSS_MAX_D               12
+#define WC_XMSS_MAX_BDS_STATES      (2 * WC_XMSS_MAX_D - 1)
+#define WC_XMSS_MAX_TREE_HASH       \
+    ((2 * WC_XMSS_MAX_D - 1) * WC_XMSS_MAX_TREE_HEIGHT)
+#define WC_XMSS_MAX_BDS_K           0
+
+#define WC_XMSS_ADDR_LEN            32
+
+#define WC_XMSS_HASH_PRF_MAX_DATA_LEN               \
+    (WC_XMSS_MAX_PADDING_LEN + 2 * WC_XMSS_MAX_N + WC_XMSS_ADDR_LEN)
+#define WC_XMSS_HASH_MAX_DATA_LEN                   \
+    (WC_XMSS_MAX_PADDING_LEN + 3 * WC_XMSS_MAX_N)
+
+
+#define WC_XMSS_SHA256_N            32
+#define WC_XMSS_SHA256_PADDING_LEN  32
+#define WC_XMSS_SHA256_WOTS_LEN     67
+
+#define XMSS_OID_LEN                   4
+
+#define XMSS_MAX_HASH_LEN              WC_SHA256_DIGEST_SIZE
+
+#define XMSS_RETAIN_LEN(k, n)   ((!!(k)) * ((1 << (k)) - (k) - 1) * (n))
+
+/* XMMS Algorithm OIDs
+ * Note: values are used in mathematical calculations in OID to parames. */
+#define WC_XMSS_OID_SHA2_10_256        0x01
+#define WC_XMSS_OID_SHA2_16_256        0x02
+#define WC_XMSS_OID_SHA2_20_256        0x03
+#define WC_XMSS_OID_SHA2_10_512        0x04
+#define WC_XMSS_OID_SHA2_16_512        0x05
+#define WC_XMSS_OID_SHA2_20_512        0x06
+#define WC_XMSS_OID_SHAKE_10_256       0x07
+#define WC_XMSS_OID_SHAKE_16_256       0x08
+#define WC_XMSS_OID_SHAKE_20_256       0x09
+#define WC_XMSS_OID_SHAKE_10_512       0x0a
+#define WC_XMSS_OID_SHAKE_16_512       0x0b
+#define WC_XMSS_OID_SHAKE_20_512       0x0c
+#define WC_XMSS_OID_SHA2_10_192        0x0d
+#define WC_XMSS_OID_SHA2_16_192        0x0e
+#define WC_XMSS_OID_SHA2_20_192        0x0f
+#define WC_XMSS_OID_SHAKE256_10_256    0x10
+#define WC_XMSS_OID_SHAKE256_16_256    0x11
+#define WC_XMSS_OID_SHAKE256_20_256    0x12
+#define WC_XMSS_OID_SHAKE256_10_192    0x13
+#define WC_XMSS_OID_SHAKE256_16_192    0x14
+#define WC_XMSS_OID_SHAKE256_20_192    0x15
+#define WC_XMSS_OID_FIRST              WC_XMSS_OID_SHA2_10_256
+#define WC_XMSS_OID_LAST               WC_XMSS_OID_SHAKE256_20_192
+
+/* XMMS^MT Algorithm OIDs
+ * Note: values are used in mathematical calculations in OID to parames. */
+#define WC_XMSSMT_OID_SHA2_20_2_256        0x01
+#define WC_XMSSMT_OID_SHA2_20_4_256        0x02
+#define WC_XMSSMT_OID_SHA2_40_2_256        0x03
+#define WC_XMSSMT_OID_SHA2_40_4_256        0x04
+#define WC_XMSSMT_OID_SHA2_40_8_256        0x05
+#define WC_XMSSMT_OID_SHA2_60_3_256        0x06
+#define WC_XMSSMT_OID_SHA2_60_6_256        0x07
+#define WC_XMSSMT_OID_SHA2_60_12_256       0x08
+#define WC_XMSSMT_OID_SHA2_20_2_512        0x09
+#define WC_XMSSMT_OID_SHA2_20_4_512        0x0a
+#define WC_XMSSMT_OID_SHA2_40_2_512        0x0b
+#define WC_XMSSMT_OID_SHA2_40_4_512        0x0c
+#define WC_XMSSMT_OID_SHA2_40_8_512        0x0d
+#define WC_XMSSMT_OID_SHA2_60_3_512        0x0e
+#define WC_XMSSMT_OID_SHA2_60_6_512        0x0f
+#define WC_XMSSMT_OID_SHA2_60_12_512       0x10
+#define WC_XMSSMT_OID_SHAKE_20_2_256       0x11
+#define WC_XMSSMT_OID_SHAKE_20_4_256       0x12
+#define WC_XMSSMT_OID_SHAKE_40_2_256       0x13
+#define WC_XMSSMT_OID_SHAKE_40_4_256       0x14
+#define WC_XMSSMT_OID_SHAKE_40_8_256       0x15
+#define WC_XMSSMT_OID_SHAKE_60_3_256       0x16
+#define WC_XMSSMT_OID_SHAKE_60_6_256       0x17
+#define WC_XMSSMT_OID_SHAKE_60_12_256      0x18
+#define WC_XMSSMT_OID_SHAKE_20_2_512       0x19
+#define WC_XMSSMT_OID_SHAKE_20_4_512       0x1a
+#define WC_XMSSMT_OID_SHAKE_40_2_512       0x1b
+#define WC_XMSSMT_OID_SHAKE_40_4_512       0x1c
+#define WC_XMSSMT_OID_SHAKE_40_8_512       0x1d
+#define WC_XMSSMT_OID_SHAKE_60_3_512       0x1e
+#define WC_XMSSMT_OID_SHAKE_60_6_512       0x1f
+#define WC_XMSSMT_OID_SHAKE_60_12_512      0x20
+#define WC_XMSSMT_OID_SHA2_20_2_192        0x21
+#define WC_XMSSMT_OID_SHA2_20_4_192        0x22
+#define WC_XMSSMT_OID_SHA2_40_2_192        0x23
+#define WC_XMSSMT_OID_SHA2_40_4_192        0x24
+#define WC_XMSSMT_OID_SHA2_40_8_192        0x25
+#define WC_XMSSMT_OID_SHA2_60_3_192        0x26
+#define WC_XMSSMT_OID_SHA2_60_6_192        0x27
+#define WC_XMSSMT_OID_SHA2_60_12_192       0x28
+#define WC_XMSSMT_OID_SHAKE256_20_2_256    0x29
+#define WC_XMSSMT_OID_SHAKE256_20_4_256    0x2a
+#define WC_XMSSMT_OID_SHAKE256_40_2_256    0x2b
+#define WC_XMSSMT_OID_SHAKE256_40_4_256    0x2c
+#define WC_XMSSMT_OID_SHAKE256_40_8_256    0x2d
+#define WC_XMSSMT_OID_SHAKE256_60_3_256    0x2e
+#define WC_XMSSMT_OID_SHAKE256_60_6_256    0x2f
+#define WC_XMSSMT_OID_SHAKE256_60_12_256   0x30
+#define WC_XMSSMT_OID_SHAKE256_20_2_192    0x31
+#define WC_XMSSMT_OID_SHAKE256_20_4_192    0x32
+#define WC_XMSSMT_OID_SHAKE256_40_2_192    0x33
+#define WC_XMSSMT_OID_SHAKE256_40_4_192    0x34
+#define WC_XMSSMT_OID_SHAKE256_40_8_192    0x35
+#define WC_XMSSMT_OID_SHAKE256_60_3_192    0x36
+#define WC_XMSSMT_OID_SHAKE256_60_6_192    0x37
+#define WC_XMSSMT_OID_SHAKE256_60_12_192   0x38
+#define WC_XMSSMT_OID_FIRST            WC_XMSSMT_OID_SHA2_20_2_256
+#define WC_XMSSMT_OID_LAST             WC_XMSSMT_OID_SHAKE256_60_12_192
+
+
+/* Type for hash address. */
+typedef word32 HashAddress[8];
+
+/* XMSS/XMSS^MT fixed parameters. */
+typedef struct XmssParams {
+    /* Hash algorithm to use. */
+    word8  hash;
+    /* Size of hash output. */
+    word8  n;
+    /* Number of bytes of padding before rest of hash data. */
+    word8  pad_len;
+    /* Number of values to chain = 2 * n + 3. */
+    word8  wots_len;
+    /* Number of bytes in each WOTS+ signature. */
+    word16 wots_sig_len;
+    /* Full height of tree. */
+    word8  h;
+    /* Height of tree each subtree. */
+    word8  sub_h;
+    /* Number of subtrees = h / sub_h. */
+    word8  d;
+    /* Number of bytes to encode index into in private/secret key. */
+    word8  idx_len;
+    /* Number of bytes in a signature. */
+    word32 sig_len;
+    /* Number of bytes in a secret/private key. */
+    word32 sk_len;
+    /* Number of bytes in a public key. */
+    word8  pk_len;
+    /* BDS parameter for fast C implementation. */
+    word8  bds_k;
+} XmssParams;
+
+struct XmssKey {
+    /* Public key. */
+    unsigned char        pk[2 * WC_XMSS_MAX_N];
+    /* OID that identifies parameters. */
+    word32               oid;
+    /* Indicates whether the parameters are for XMSS^MT. */
+    int                  is_xmssmt;
+    /* XMSS/XMSS^MT parameters. */
+    const XmssParams*    params;
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+    /* Secret/private key. */
+    unsigned char*       sk;
+    /* Length of secret key. */
+    word32               sk_len;
+    /* Callback to write/update key. */
+    wc_xmss_write_private_key_cb write_private_key;
+    /* Callback to read key. */
+    wc_xmss_read_private_key_cb  read_private_key;
+    /* Context arg passed to callbacks. */
+    void*                context;
+#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
+    /* State of key. */
+    enum wc_XmssState    state;
+};
+
+typedef struct XmssState {
+    const XmssParams* params;
+
+    /* Digest is assumed to be at the end. */
+    union {
+    #ifdef WC_XMSS_SHA256
+       wc_Sha256 sha256;
+    #endif
+    #ifdef WC_XMSS_SHA512
+       wc_Sha512 sha512;
+    #endif
+    #if defined(WC_XMSS_SHAKE128) || defined(WC_XMSS_SHAKE256)
+       wc_Shake shake;
+    #endif
+    } digest;
+#if !defined(WOLFSSL_WC_XMSS_SMALL) && defined(WC_XMSS_SHA256) && \
+    !defined(WC_XMSS_FULL_HASH)
+    ALIGN16 word32 dgst_state[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
+#endif
+    ALIGN16 byte prf_buf[WC_XMSS_HASH_PRF_MAX_DATA_LEN];
+    ALIGN16 byte buf[WC_XMSS_HASH_MAX_DATA_LEN];
+    ALIGN16 byte pk[WC_XMSS_MAX_WOTS_SIG_LEN];
+#ifndef WOLFSSL_XMSS_VERIFY_ONLY
+    ALIGN16 byte stack[WC_XMSS_MAX_STACK_LEN];
+#else
+    ALIGN16 byte stack[WC_XMSS_ADDR_LEN];
+#endif
+    byte encMsg[WC_XMSS_MAX_WOTS_LEN];
+    HashAddress addr;
+
+    int ret;
+} XmssState;
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+WOLFSSL_LOCAL int wc_xmssmt_keygen(XmssState *state, const unsigned char* seed,
+    unsigned char *sk, unsigned char *pk);
+WOLFSSL_LOCAL int wc_xmss_keygen(XmssState *state, const unsigned char* seed,
+    unsigned char *sk, unsigned char *pk);
+
+WOLFSSL_LOCAL int wc_xmssmt_sign(XmssState *state, const unsigned char *m,
+    word32 mlen, unsigned char *sk, unsigned char *sm);
+WOLFSSL_LOCAL int wc_xmss_sign(XmssState *state, const unsigned char *m,
+    word32 mlen, unsigned char *sk, unsigned char *sm);
+
+WOLFSSL_LOCAL int wc_xmss_sigsleft(const XmssParams* params, unsigned char* sk);
+
+WOLFSSL_LOCAL int wc_xmssmt_verify(XmssState *state, const unsigned char *m,
+    word32 mlen, const unsigned char *sm, const unsigned char *pk);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_HAVE_XMSS */
+#endif /* WC_XMSS_H */
 
diff --git a/wolfssl/wolfcrypt/wolfevent.h b/wolfssl/wolfcrypt/wolfevent.h
index 31cc7c5c4..d6731d134 100644
--- a/wolfssl/wolfcrypt/wolfevent.h
+++ b/wolfssl/wolfcrypt/wolfevent.h
@@ -1,6 +1,6 @@
 /* wolfevent.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h
index 4ed88b81f..4def0c1c1 100644
--- a/wolfssl/wolfcrypt/wolfmath.h
+++ b/wolfssl/wolfcrypt/wolfmath.h
@@ -1,6 +1,6 @@
 /* wolfmath.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,6 +52,10 @@ This library provides big integer math functions.
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifndef MIN
    #define MIN(x,y) ((x)<(y)?(x):(y))
 #endif
@@ -118,6 +122,28 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len,
     WOLFSSL_API const char *wc_GetMathInfo(void);
 #endif
 
+/* Support for generic Hardware based Math Functions */
+#ifdef WOLFSSL_USE_HW_MP
+
+WOLFSSL_LOCAL int hw_mod(mp_int* multiplier, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_mulmod(mp_int* multiplier, mp_int* multiplicand,
+                                mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod,
+                                mp_int* result);
+WOLFSSL_LOCAL int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result);
+
+/* One to one mappings */
+#define mp_mod      hw_mod
+#define mp_addmod   hw_addmod
+#define mp_submod   hw_submod
+#define mp_mulmod   hw_mulmod
+#define mp_exptmod  hw_exptmod
+#define mp_sqrmod   hw_sqrmod
+
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/xmss.h b/wolfssl/wolfcrypt/xmss.h
index 70f26c484..99448625b 100644
--- a/wolfssl/wolfcrypt/xmss.h
+++ b/wolfssl/wolfcrypt/xmss.h
@@ -1,6 +1,6 @@
 /* xmss.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -89,6 +89,53 @@
 #define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */
 #define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */
 
+#if defined(HAVE_FIPS) || defined(HAVE_LIBXMSS)
+    #undef WOLFSSL_WC_XMSS_NO_SHA512
+    #define WOLFSSL_WC_XMSS_NO_SHA512
+    #undef WOLFSSL_WC_XMSS_NO_SHAKE128
+    #define WOLFSSL_WC_XMSS_NO_SHAKE128
+    #undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
+    #ifdef HAVE_LIBXMSS
+        #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE       256
+    #else
+        #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE       192
+    #endif
+    #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE       256
+#endif
+
+#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256)
+    #define WC_XMSS_SHA256
+#endif
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512)
+    #define WC_XMSS_SHA512
+#endif
+#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128)
+    #define WC_XMSS_SHAKE128
+#endif
+#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256)
+    #define WC_XMSS_SHAKE256
+#endif
+
+#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE
+    #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE       192
+#endif
+#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
+    #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE       512
+#endif
+#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE
+    #error "XMSS minimum hash size is greater than maximum hash size"
+#endif
+
+#ifndef WOLFSSL_XMSS_MIN_HEIGHT
+    #define WOLFSSL_XMSS_MIN_HEIGHT             10
+#endif
+#ifndef WOLFSSL_XMSS_MAX_HEIGHT
+    #define WOLFSSL_XMSS_MAX_HEIGHT             60
+#endif
+#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT
+    #error "XMSS minimum height is greater than maximum height"
+#endif
+
 typedef struct XmssKey XmssKey;
 
 /* Return codes returned by private key callbacks. */
@@ -113,37 +160,41 @@ enum wc_XmssState {
 };
 
 /* Private key write and read callbacks. */
-typedef enum wc_XmssRc (*write_private_key_cb)(const byte * priv, word32 privSz, void *context);
-typedef enum wc_XmssRc (*read_private_key_cb)(byte * priv, word32 privSz, void *context);
+typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz,
+    void* context);
+typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz,
+    void* context);
 
 #ifdef __cplusplus
     extern "C" {
 #endif
-WOLFSSL_API int  wc_XmssKey_Init(XmssKey * key, void * heap, int devId);
-WOLFSSL_API int  wc_XmssKey_SetParamStr(XmssKey * key, const char * str);
+
+WOLFSSL_API int  wc_XmssKey_Init(XmssKey* key, void* heap, int devId);
+WOLFSSL_API int  wc_XmssKey_SetParamStr(XmssKey* key, const char* str);
 #ifndef WOLFSSL_XMSS_VERIFY_ONLY
-WOLFSSL_API int  wc_XmssKey_SetWriteCb(XmssKey * key,
-    write_private_key_cb write_cb);
-WOLFSSL_API int  wc_XmssKey_SetReadCb(XmssKey * key,
-    read_private_key_cb read_cb);
-WOLFSSL_API int  wc_XmssKey_SetContext(XmssKey * key, void * context);
-WOLFSSL_API int  wc_XmssKey_MakeKey(XmssKey * key, WC_RNG * rng);
-WOLFSSL_API int  wc_XmssKey_Reload(XmssKey * key);
-WOLFSSL_API int  wc_XmssKey_GetPrivLen(const XmssKey * key, word32 * len);
-WOLFSSL_API int  wc_XmssKey_Sign(XmssKey * key, byte * sig, word32 * sigSz,
-    const byte * msg, int msgSz);
-WOLFSSL_API int  wc_XmssKey_SigsLeft(XmssKey * key);
+WOLFSSL_API int  wc_XmssKey_SetWriteCb(XmssKey* key,
+    wc_xmss_write_private_key_cb write_cb);
+WOLFSSL_API int  wc_XmssKey_SetReadCb(XmssKey* key,
+    wc_xmss_read_private_key_cb read_cb);
+WOLFSSL_API int  wc_XmssKey_SetContext(XmssKey* key, void* context);
+WOLFSSL_API int  wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng);
+WOLFSSL_API int  wc_XmssKey_Reload(XmssKey* key);
+WOLFSSL_API int  wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len);
+WOLFSSL_API int  wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz,
+    const byte* msg, int msgSz);
+WOLFSSL_API int  wc_XmssKey_SigsLeft(XmssKey* key);
 #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
-WOLFSSL_API void wc_XmssKey_Free(XmssKey * key);
-WOLFSSL_API int  wc_XmssKey_GetSigLen(const XmssKey * key, word32 * len);
-WOLFSSL_API int  wc_XmssKey_GetPubLen(const XmssKey * key, word32 * len);
-WOLFSSL_API int  wc_XmssKey_ExportPub(XmssKey * keyDst, const XmssKey * keySrc);
-WOLFSSL_API int  wc_XmssKey_ExportPubRaw(const XmssKey * key, byte * out,
-    word32 * outLen);
-WOLFSSL_API int  wc_XmssKey_ImportPubRaw(XmssKey * key, const byte * in,
+WOLFSSL_API void wc_XmssKey_Free(XmssKey* key);
+WOLFSSL_API int  wc_XmssKey_GetSigLen(const XmssKey* key, word32* len);
+WOLFSSL_API int  wc_XmssKey_GetPubLen(const XmssKey* key, word32* len);
+WOLFSSL_API int  wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc);
+WOLFSSL_API int  wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out,
+    word32* outLen);
+WOLFSSL_API int  wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
     word32 inLen);
-WOLFSSL_API int  wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigSz,
-    const byte * msg, int msgSz);
+WOLFSSL_API int  wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
+    const byte* msg, int msgSz);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 9a8b51138..de45a18b5 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -1,6 +1,6 @@
 /* io.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,32 @@
     #include "zlib.h"
 #endif
 
-#ifndef USE_WINDOWS_API
+#if defined(__WATCOMC__)
+    #if defined(__NT__)
+    #elif defined(__OS2__)
+        #include <errno.h>
+        #include <os2.h>
+        #include <sys/types.h>
+        #include <os2/types.h>
+        #include <sys/socket.h>
+        #include <arpa/inet.h>
+        #include <netinet/in.h>
+        #include <nerrno.h>
+        #include <sys/ioctl.h>
+
+        typedef int socklen_t;
+    #elif defined(__LINUX__)
+        #include <sys/types.h>
+        #include <errno.h>
+        #include <unistd.h>
+        #include <fcntl.h>
+        #define XFCNTL(fd, flag, block) fcntl((fd), (flag), (block))
+        #include <sys/socket.h>
+        #include <arpa/inet.h>
+        #include <netinet/in.h>
+    #endif
+#elif defined(USE_WINDOWS_API)
+#else
     #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
         /* lwIP needs to be configured to use sockets API in this mode */
         /* LWIP_SOCKET 1 in lwip/opt.h or in build */
@@ -66,6 +91,8 @@
             #include <errno.h>
             #define LWIP_PROVIDE_ERRNO 1
         #endif
+    #elif defined(ARDUINO)
+        /* TODO Add specific boards */
     #elif defined(FREESCALE_MQX)
         #include <posix.h>
         #include <rtcs.h>
@@ -118,8 +145,6 @@
         #include <errno.h>
         #include <unistd.h>
         #include <fcntl.h>
-        #include <netdb.h>
-        #include <sys/ioctl.h>
     #elif defined(WOLFSSL_SGX)
         #include <errno.h>
     #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
@@ -129,7 +154,18 @@
         #include <lwip-socket.h>
         #include <errno.h>
     #elif defined(WOLFSSL_ZEPHYR)
-        #include <zephyr/net/socket.h>
+        #include <version.h>
+        #if KERNEL_VERSION_NUMBER >= 0x30100
+            #include <zephyr/net/socket.h>
+            #ifdef CONFIG_POSIX_API
+                #include <zephyr/posix/sys/socket.h>
+            #endif
+        #else
+            #include <net/socket.h>
+            #ifdef CONFIG_POSIX_API
+                #include <posix/sys/socket.h>
+            #endif
+        #endif
     #elif defined(MICROCHIP_PIC32)
         #include <sys/errno.h>
     #elif defined(HAVE_NETX)
@@ -139,6 +175,8 @@
         #include <sys/fcltypes.h>
         #include <fclerrno.h>
         #include <fclfcntl.h>
+    #elif defined(WOLFSSL_EMNET)
+        #include <IP/IP.h>
     #elif !defined(WOLFSSL_NO_SOCK)
         #include <sys/types.h>
         #include <errno.h>
@@ -155,17 +193,18 @@
             #include "socket.h"
         #elif defined(NETOS)
             #include <sockapi.h>
+        #elif defined(NUCLEUS_PLUS_2_3)
+            #define SO_TYPE     17  /* Socket type */
+            #define SO_RCVTIMEO 13  /* Recv Timeout */
         #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
                 && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
                 && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
             #include <sys/socket.h>
             #include <arpa/inet.h>
             #include <netinet/in.h>
-            #include <netdb.h>
             #ifdef __PPU
                 #include <netex/errno.h>
             #else
-                #include <sys/ioctl.h>
             #endif
         #endif
     #endif
@@ -187,13 +226,50 @@
     #include <sys/filio.h>
 #endif
 
-#ifdef USE_WINDOWS_API
+#define SOCKET_RECEIVING 1
+#define SOCKET_SENDING 2
+
+#ifdef __WATCOMC__
+    #if defined(__NT__)
+        /* no epipe yet */
+        #ifndef WSAEPIPE
+            #define WSAEPIPE       -12345
+        #endif
+        #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
+        #define SOCKET_EAGAIN      WSAETIMEDOUT
+        #define SOCKET_ETIMEDOUT   WSAETIMEDOUT
+        #define SOCKET_ECONNRESET  WSAECONNRESET
+        #define SOCKET_EINTR       WSAEINTR
+        #define SOCKET_EPIPE       WSAEPIPE
+        #define SOCKET_ECONNREFUSED WSAENOTCONN
+        #define SOCKET_ECONNABORTED WSAECONNABORTED
+    #elif defined(__OS2__)
+        #define SOCKET_EWOULDBLOCK SOCEWOULDBLOCK
+        #define SOCKET_EAGAIN      SOCEAGAIN
+        #define SOCKET_ETIMEDOUT   SOCETIMEDOUT
+        #define SOCKET_ECONNRESET  SOCECONNRESET
+        #define SOCKET_EINTR       SOCEINTR
+        #define SOCKET_EPIPE       SOCEPIPE
+        #define SOCKET_ECONNREFUSED SOCECONNREFUSED
+        #define SOCKET_ECONNABORTED SOCECONNABORTED
+    #elif defined(__UNIX__)
+        #define SOCKET_EWOULDBLOCK EWOULDBLOCK
+        #define SOCKET_EAGAIN      EAGAIN
+        #define SOCKET_ETIMEDOUT   ETIMEDOUT
+        #define SOCKET_ECONNRESET  ECONNRESET
+        #define SOCKET_EINTR       EINTR
+        #define SOCKET_EPIPE       EPIPE
+        #define SOCKET_ECONNREFUSED ECONNREFUSED
+        #define SOCKET_ECONNABORTED ECONNABORTED
+    #endif
+#elif defined(USE_WINDOWS_API)
     /* no epipe yet */
     #ifndef WSAEPIPE
         #define WSAEPIPE       -12345
     #endif
     #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
     #define SOCKET_EAGAIN      WSAETIMEDOUT
+    #define SOCKET_ETIMEDOUT   WSAETIMEDOUT
     #define SOCKET_ECONNRESET  WSAECONNRESET
     #define SOCKET_EINTR       WSAEINTR
     #define SOCKET_EPIPE       WSAEPIPE
@@ -208,10 +284,12 @@
     #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
     #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    #if MQX_USE_IO_OLD
+    #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \
+        defined(FREESCALE_MQX_5_0)
         /* RTCS old I/O doesn't have an EWOULDBLOCK */
         #define SOCKET_EWOULDBLOCK  EAGAIN
         #define SOCKET_EAGAIN       EAGAIN
+        #define SOCKET_ETIMEDOUT    RTCSERR_TCP_TIMED_OUT
         #define SOCKET_ECONNRESET   RTCSERR_TCP_CONN_RESET
         #define SOCKET_EINTR        EINTR
         #define SOCKET_EPIPE        EPIPE
@@ -220,6 +298,7 @@
     #else
         #define SOCKET_EWOULDBLOCK  NIO_EWOULDBLOCK
         #define SOCKET_EAGAIN       NIO_EAGAIN
+        #define SOCKET_ETIMEDOUT    NIO_ETIMEDOUT
         #define SOCKET_ECONNRESET   NIO_ECONNRESET
         #define SOCKET_EINTR        NIO_EINTR
         #define SOCKET_EPIPE        NIO_EPIPE
@@ -237,6 +316,7 @@
 #elif defined(WOLFSSL_PICOTCP)
     #define SOCKET_EWOULDBLOCK  PICO_ERR_EAGAIN
     #define SOCKET_EAGAIN       PICO_ERR_EAGAIN
+    #define SOCKET_ETIMEDOUT    PICO_ERR_ETIMEDOUT
     #define SOCKET_ECONNRESET   PICO_ERR_ECONNRESET
     #define SOCKET_EINTR        PICO_ERR_EINTR
     #define SOCKET_EPIPE        PICO_ERR_EIO
@@ -245,6 +325,7 @@
 #elif defined(FREERTOS_TCP)
     #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK
     #define SOCKET_EAGAIN       FREERTOS_EWOULDBLOCK
+    #define SOCKET_ETIMEDOUT    (-pdFREERTOS_ERRNO_ETIMEDOUT)
     #define SOCKET_ECONNRESET   FREERTOS_SOCKET_ERROR
     #define SOCKET_EINTR        FREERTOS_SOCKET_ERROR
     #define SOCKET_EPIPE        FREERTOS_SOCKET_ERROR
@@ -258,6 +339,14 @@
     #define SOCKET_EPIPE        NU_NOT_CONNECTED
     #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED
     #define SOCKET_ECONNABORTED NU_NOT_CONNECTED
+#elif defined(NUCLEUS_PLUS_2_3)
+    #define SOCKET_EWOULDBLOCK  NU_WOULD_BLOCK
+    #define SOCKET_EAGAIN       NU_NO_DATA
+    #define SOCKET_ECONNRESET   NU_RESET
+    #define SOCKET_EINTR        0
+    #define SOCKET_EPIPE        0
+    #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED
+    #define SOCKET_ECONNABORTED NU_CONNECTION_REFUSED
 #elif defined(WOLFSSL_DEOS)
     /* `sockaddr_storage` is not defined in DEOS. This workaround will
      * work for IPV4, but not IPV6
@@ -289,13 +378,14 @@
 #elif defined(WOLFSSL_LWIP_NATIVE)
     #define SOCKET_EWOULDBLOCK ERR_WOULDBLOCK
     #define SOCKET_EAGAIN      ERR_WOULDBLOCK
+    #define SOCKET_TIMEDOUT    ERR_TIMEOUT
     #define SOCKET_ECONNRESET  ERR_RST
     #define SOCKET_EINTR       ERR_CLSD
     #define SOCKET_EPIPE       ERR_CLSD
     #define SOCKET_ECONNREFUSED ERR_CONN
     #define SOCKET_ECONNABORTED ERR_ABRT
 #elif defined(WOLFSSL_EMNET)
-    #include <IP/IP.h>
+    #define XSOCKLENT           int
     #define SOCKET_EWOULDBLOCK  IP_ERR_WOULD_BLOCK
     #define SOCKET_EAGAIN       IP_ERR_WOULD_BLOCK
     #define SOCKET_ECONNRESET   IP_ERR_CONN_RESET
@@ -306,6 +396,7 @@
 #else
     #define SOCKET_EWOULDBLOCK EWOULDBLOCK
     #define SOCKET_EAGAIN      EAGAIN
+    #define SOCKET_ETIMEDOUT   ETIMEDOUT
     #define SOCKET_ECONNRESET  ECONNRESET
     #define SOCKET_EINTR       EINTR
     #define SOCKET_EPIPE       EPIPE
@@ -318,6 +409,12 @@
     #include <network.h>
     #define SEND_FUNCTION net_send
     #define RECV_FUNCTION net_recv
+#elif defined(WOLFSSL_ESPIDF)
+    #define SEND_FUNCTION send
+    #define RECV_FUNCTION recv
+    #if !defined(HAVE_SOCKADDR) && !defined(WOLFSSL_NO_SOCK)
+        #define HAVE_SOCKADDR
+    #endif
 #elif defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
     #define SEND_FUNCTION lwip_send
     #define RECV_FUNCTION lwip_recv
@@ -336,6 +433,11 @@
 #elif defined(WOLFSSL_NUCLEUS_1_2)
     #define SEND_FUNCTION NU_Send
     #define RECV_FUNCTION NU_Recv
+#elif defined(NUCLEUS_PLUS_2_3)
+    #define SEND_FUNCTION          nucyassl_send
+    #define RECV_FUNCTION          nucyassl_recv
+    #define DTLS_RECVFROM_FUNCTION nucyassl_recvfrom
+    #define DTLS_SENDTO_FUNCTION   nucyassl_sendto
 #elif defined(FUSION_RTOS)
     #define SEND_FUNCTION FNS_SEND
     #define RECV_FUNCTION FNS_RECV
@@ -360,32 +462,19 @@
     #endif
 #endif
 
-#ifdef USE_WINDOWS_API
-    #if defined(__MINGW64__)
-        typedef size_t SOCKET_T;
-    #else
-        typedef unsigned int SOCKET_T;
-    #endif
-    #ifndef SOCKET_INVALID
-        #define SOCKET_INVALID INVALID_SOCKET
-    #endif
-#else
-    typedef int SOCKET_T;
-    #ifndef SOCKET_INVALID
-        #define SOCKET_INVALID (-1)
-    #endif
-#endif
-
 #ifndef WOLFSSL_NO_SOCK
     #ifndef XSOCKLENT
         #ifdef USE_WINDOWS_API
             #define XSOCKLENT int
+        #elif defined(NUCLEUS_PLUS_2_3)
+            typedef int socklen_t;
+            #define XSOCKLENT socklen_t
         #else
             #define XSOCKLENT socklen_t
         #endif
     #endif
     #ifndef XSOCKOPT_TYPE_OPTVAL_TYPE
-        #ifdef USE_WINDOWS_API
+        #ifndef USE_WINDOWS_API
             #define XSOCKOPT_TYPE_OPTVAL_TYPE void*
         #else
             #define XSOCKOPT_TYPE_OPTVAL_TYPE char*
@@ -402,6 +491,10 @@
         #ifdef WOLFSSL_IPV6
             typedef struct sockaddr_in6 SOCKADDR_IN6;
         #endif
+        #if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN)
+            #include <sys/un.h>
+            typedef struct sockaddr_un SOCKADDR_UN;
+        #endif
         typedef struct hostent          HOSTENT;
     #endif /* HAVE_SOCKADDR */
 
@@ -426,6 +519,32 @@ WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port);
 WOLFSSL_API  int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
 WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
 
+#ifdef WOLFSSL_HAVE_BIO_ADDR
+
+#ifdef WOLFSSL_NO_SOCK
+#error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible.
+#endif
+
+union WOLFSSL_BIO_ADDR {
+    SOCKADDR sa;
+    SOCKADDR_IN sa_in;
+#ifdef WOLFSSL_IPV6
+    SOCKADDR_IN6 sa_in6;
+#endif
+#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN)
+    SOCKADDR_UN sa_un;
+#endif
+};
+
+typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR;
+
+#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA)
+WOLFSSL_API  int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags);
+WOLFSSL_API  int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags);
+#endif
+
+#endif /* WOLFSSL_HAVE_BIO_ADDR */
+
 #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */
 
 #ifndef WOLFSSL_NO_SOCK
@@ -447,6 +566,7 @@ WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
                                     FNS_CLOSE(s, &err); \
                                 } while(0)
     #endif
+    #define StartTCP() WC_DO_NOTHING
 #else
     #ifndef CloseSocket
         #define CloseSocket(s) close(s)
@@ -458,15 +578,30 @@ WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
 #endif
 #endif /* WOLFSSL_NO_SOCK */
 
+WOLFSSL_API int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+WOLFSSL_API int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+#ifndef OPENSSL_COEXIST
+/* Preserve API previously exposed */
+#define BioSend wolfSSL_BioSend
+#define BioReceive wolfSSL_BioReceive
+#endif
 
-WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
-WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr,
+                                     char* buf, int sz);
+#endif
+WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 #if defined(USE_WOLFSSL_IO)
     /* default IO callbacks */
     WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
     #ifdef WOLFSSL_DTLS
+        #ifdef NUCLEUS_PLUS_2_3
+            #define SELECT_FUNCTION nucyassl_select
+            WOLFSSL_LOCAL int nucyassl_select(INT sd, UINT32 timeout);
+        #endif
         WOLFSSL_API int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz,
                                          void *ctx);
         WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx);
@@ -479,9 +614,14 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     #endif /* WOLFSSL_DTLS */
 #endif /* USE_WOLFSSL_IO */
 
+
+typedef int (*WolfSSLGenericIORecvCb)(char *buf, int sz, void *ctx);
 #ifdef HAVE_OCSP
     WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName,
         const char* path, int ocspReqSz, unsigned char* buf, int bufSize);
+    WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+        WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
+        unsigned char* httpBuf, int httpBufSz, void* heap);
     WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd,
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         void* heap);
@@ -512,6 +652,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType,
         const char* domainName, const char* path, int pathLen, int reqSz,
         const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize);
+    WOLFSSL_API  int wolfIO_HttpProcessResponseGenericIO(
+        WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, const char** appStrList,
+        unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
+        int dynType, void* heap);
     WOLFSSL_API  int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         int dynType, void* heap);
@@ -525,6 +669,8 @@ WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv
 WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend);
 WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv);
 WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend);
+WOLFSSL_API void wolfSSL_SSLDisableRead(WOLFSSL *ssl);
+WOLFSSL_API void wolfSSL_SSLEnableRead(WOLFSSL *ssl);
 /* deprecated old name */
 #define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv
 #define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend
@@ -538,7 +684,6 @@ WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
 WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
 WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
-
 #ifdef HAVE_NETX
     WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
     WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
@@ -749,21 +894,36 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 
 #ifndef XINET_NTOP
-    #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
-    #ifdef USE_WINDOWS_API /* Windows-friendly definition */
-        #undef  XINET_NTOP
+    #if defined(__WATCOMC__)
+        #if defined(__OS2__) || defined(__NT__) && \
+                (NTDDI_VERSION >= NTDDI_VISTA)
+            #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
+        #else
+            #define XINET_NTOP(a,b,c,d) \
+                strncpy((c),inet_ntoa(*(unsigned *)(b)),(d))
+        #endif
+    #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */
         #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d))
+    #else
+        #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
     #endif
 #endif
 #ifndef XINET_PTON
-    #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
-    #ifdef USE_WINDOWS_API /* Windows-friendly definition */
-        #undef  XINET_PTON
+    #if defined(__WATCOMC__)
+        #if defined(__OS2__) || defined(__NT__) && \
+                (NTDDI_VERSION >= NTDDI_VISTA)
+            #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
+        #else
+            #define XINET_PTON(a,b,c)   *(unsigned *)(c) = inet_addr((b))
+        #endif
+    #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */
         #if defined(__MINGW64__) && !defined(UNICODE)
             #define XINET_PTON(a,b,c)   InetPton((a),(b),(c))
         #else
             #define XINET_PTON(a,b,c)   InetPton((a),(PCWSTR)(b),(c))
         #endif
+    #else
+        #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
     #endif
 #endif
 
diff --git a/wolfssl64.sln b/wolfssl64.sln
index e268b3840..796649b23 100644
--- a/wolfssl64.sln
+++ b/wolfssl64.sln
@@ -24,130 +24,192 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
+		Debug|ARM64 = Debug|ARM64
 		DLL Debug|Win32 = DLL Debug|Win32
 		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|ARM64 = DLL Debug|ARM64
 		DLL Release|Win32 = DLL Release|Win32
 		DLL Release|x64 = DLL Release|x64
+		DLL Release|ARM64 = DLL Release|ARM64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
+		Release|ARM64 = Release|ARM64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.Build.0 = Debug|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.ActiveCfg = Release|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.Build.0 = Release|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.Build.0 = Debug|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.ActiveCfg = Release|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.Build.0 = Release|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.ActiveCfg = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.Build.0 = Debug|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.Build.0 = Release|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.ActiveCfg = Release|ARM64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.Build.0 = Release|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.ActiveCfg = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.Build.0 = Debug|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.Build.0 = Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.ActiveCfg = Release|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.Build.0 = Release|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.ActiveCfg = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.Build.0 = Debug|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.Build.0 = Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.ActiveCfg = Release|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.Build.0 = Release|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.ActiveCfg = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.Build.0 = Debug|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.Build.0 = Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.ActiveCfg = Release|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.Build.0 = Release|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.ActiveCfg = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.Build.0 = Debug|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.Build.0 = Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.ActiveCfg = Release|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.Build.0 = Release|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|Win32.ActiveCfg = Release|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|x64.ActiveCfg = Release|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|ARM64.ActiveCfg = Release|ARM64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/wrapper/Ada/.gitignore b/wrapper/Ada/.gitignore
new file mode 100644
index 000000000..b672fdeaf
--- /dev/null
+++ b/wrapper/Ada/.gitignore
@@ -0,0 +1 @@
+obj
diff --git a/wrapper/Ada/README.md b/wrapper/Ada/README.md
index 0af9eafc0..d0cb2da28 100644
--- a/wrapper/Ada/README.md
+++ b/wrapper/Ada/README.md
@@ -2,7 +2,7 @@
 The source code for the Ada/SPARK binding of the WolfSSL library
 is the WolfSSL Ada package in the wolfssl.ads and wolfssl.adb files.
 
-The source code here also demonstrates a TLS v1.3 server and client
+The source code here also demonstrates a (D)TLS v1.3 server and client
 using the WolfSSL Ada binding. The implementation is cross-platform
 and compiles on Linux, Mac OS X and Windows.
 
@@ -15,7 +15,8 @@ for the secondary stack. The GNAT User's Guide recommends
 avoiding the secondary stack using the restriction
 No_Secondary_Stack (see the GNAT configuration file gnat.adc
 which instructs compilation of the WolfSSL Ada binding under
-this restriction).
+this restriction). Note, however, that the examples do make use of the
+secondary stack.
 
 Portability: The WolfSSL Ada binding makes no usage of controlled types
 and has no dependency upon the Ada.Finalization package.
@@ -27,7 +28,9 @@ Not only can the WolfSSL Ada binding be used in Ada applications but
 also SPARK applications (a subset of the Ada language suitable
 formal verification). To formally verify the Ada code in this repository
 open the client.gpr with GNAT Studio and then select
-SPARK -> Prove All Sources and use Proof Level 2.
+SPARK -> Prove All Sources and use Proof Level 2. Or when using the command
+line, use `gnatprove -Pclient.gpr --level=4 -j12` (`-j12` is there in
+order to instruct the prover to use 12 CPUs if available).
 
 ```
 Summary of SPARK analysis
@@ -52,19 +55,31 @@ Total                           172    17 (10%)          .                     1
 
 ## Compiler and Build System installation
 
-### GNAT Community Edition 2021
-Download and install the GNAT community Edition 2021 compiler and studio:
-https://www.adacore.com/download
+### Recommended: [Alire](https://alire.ada.dev)
+[Alire](https://alire.ada.dev) is a modern package manager for the Ada
+ecosystem.  The latest version is available for Windows, OSX, Linux and FreeBSD
+systems.  It can install a complete Ada toolchain if needed, see `alr install`
+for more information.
 
-Linux Install:
+In order to use WolfSSL in a project, just add WolfSSL as a dependency by
+running `alr with wolfssl` within your project's directory.
+
+If the project is to be verified with SPARK, just add `gnatprove` as a
+dependency by running `alr with gnatprove` and then running `alr gnatprove`,
+which will execute the SPARK solver. If you get warnings, it is recommended to
+increase the prove level: `alr gnatprove --level=4`.
+
+### GNAT FSF Compiler and GPRBuild manual installation
+In May 2022 AdaCore announced the end of the GNAT Community releases.
+Pre-built binaries for the GNAT FSF compiler and GPRBuild can be
+downloaded and manually installed from here:
+https://github.com/alire-project/GNAT-FSF-builds/releases
+Make sure the executables for the compiler and GPRBuild are on the PATH
+and use gprbuild to build the source code.
+
+#### Manual build of the project
 
 ```sh
-chmod +x gnat-2021-20210519-x86_64-linux-bin
-./gnat-2021-20210519-x86_64-linux-bin
-```
-
-```sh
-export PATH="/opt/GNAT/2021/bin:$PATH"
 cd wrapper/Ada
 gprclean
 gprbuild default.gpr
@@ -81,36 +96,15 @@ gprbuild -XOS=Windows default.gpr
 gprbuild -XOS=Windows client.gpr
 ```
 
-
-### GNAT FSF Compiler and GPRBuild manual installation
-In May 2022 AdaCore announced the end of the GNAT Community releases.
-Pre-built binaries for the GNAT FSF compiler and GPRBuild can be
-downloaded and manually installed from here:
-https://github.com/alire-project/GNAT-FSF-builds/releases
-Make sure the executables for the compiler and GPRBuild are on the PATH
-and use gprbuild to build the source code.
-
 ## Files
-The TLS v1.3 client example in the Ada/SPARK programming language
+The (D)TLS v1.3 client example in the Ada/SPARK programming language
 using the WolfSSL library can be found in the files:
 tls_client_main.adb
 tls_client.ads
 tls_client.adb
 
-The TLS v1.3 server example in the Ada/SPARK programming language
+The (D)TLS v1.3 server example in the Ada/SPARK programming language
 using the WolfSSL library can be found in the files:
 tls_server_main.adb
 tls_server.ads
 tls_server.adb
-
-A feature of the Ada language that is not part of SPARK is exceptions.
-Some packages of the Ada standard library and GNAT specific packages
-provided by the GNAT compiler can therefore not be used directly but
-need to be put into wrapper packages that does not raise exceptions.
-The packages that provide access to sockets and command line arguments
-to applications implemented in the SPARK programming language can be
-found in the files:
-spark_sockets.ads
-spark_sockets.adb
-spark_terminal.ads
-spark_terminal.adb
diff --git a/wrapper/Ada/ada_binding.c b/wrapper/Ada/ada_binding.c
index 0becb0e7e..0be189da8 100644
--- a/wrapper/Ada/ada_binding.c
+++ b/wrapper/Ada/ada_binding.c
@@ -1,6 +1,6 @@
 /* ada_binding.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml
new file mode 100644
index 000000000..0334e4a11
--- /dev/null
+++ b/wrapper/Ada/alire.toml
@@ -0,0 +1,11 @@
+name = "wolfssl"
+description = "WolfSSL encryption library and its Ada bindings"
+version = "5.7.6"
+
+authors = ["WolfSSL Team <support@wolfssl.com>"]
+maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"]
+maintainers-logins = ["Irvise"]
+licenses = "GPL-2.0-only"
+website = "https://www.wolfssl.com/"
+project-files = ["wolfssl.gpr"]
+tags = ["ssl", "tls", "embedded", "spark"]
diff --git a/wrapper/Ada/default.gpr b/wrapper/Ada/default.gpr
index bbd3b34f1..42dcd745c 100644
--- a/wrapper/Ada/default.gpr
+++ b/wrapper/Ada/default.gpr
@@ -26,10 +26,6 @@ project Default is
       for Spec_Suffix ("C") use ".h";
    end Naming;
 
-   package Builder is
-      for Global_Configuration_Pragmas use "gnat.adc";
-   end Builder;
-
    package Compiler is
       for Switches ("C") use
          ("-DWOLFSSL_USER_SETTINGS", --  Use the user_settings.h file.
diff --git a/wrapper/Ada/spark_sockets.adb b/wrapper/Ada/spark_sockets.adb
index e315f230e..a662a010d 100644
--- a/wrapper/Ada/spark_sockets.adb
+++ b/wrapper/Ada/spark_sockets.adb
@@ -19,6 +19,7 @@
 -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 --
 
+with Ada.Streams;
 with Interfaces.C;
 
 package body SPARK_Sockets is
@@ -33,16 +34,35 @@ package body SPARK_Sockets is
          return (Exists => False);
    end Inet_Addr;
 
-   procedure Create_Socket (Socket : in out Optional_Socket) is
+   procedure Create_Socket
+     (Socket : in out Optional_Socket;
+      Family : GNAT.Sockets.Family_Type;
+      Mode   : GNAT.Sockets.Mode_Type) is
       S : Socket_Type;
    begin
-      GNAT.Sockets.Create_Socket (S);
+      GNAT.Sockets.Create_Socket (S, Family, Mode);
       Socket := (Exists => True, Socket => S);
    exception
       when others =>
          Socket := (Exists => False);
    end Create_Socket;
 
+   procedure Create_Stream_Socket (Socket : in out Optional_Socket) is
+   begin
+      Create_Socket
+        (Socket => Socket,
+         Family => GNAT.Sockets.Family_Inet,
+         Mode   => GNAT.Sockets.Socket_Stream);
+   end Create_Stream_Socket;
+
+   procedure Create_Datagram_Socket (Socket : in out Optional_Socket) is
+   begin
+      Create_Socket
+        (Socket => Socket,
+         Family => GNAT.Sockets.Family_Inet,
+         Mode   => GNAT.Sockets.Socket_Datagram);
+   end Create_Datagram_Socket;
+
    function Connect_Socket (Socket : Socket_Type;
                             Server : Sock_Addr_Type)
                             return Subprogram_Result is
@@ -99,6 +119,22 @@ package body SPARK_Sockets is
          return Failure;
    end Listen_Socket;
 
+   function Receive_Socket
+     (Socket : Socket_Type)
+      return Subprogram_Result is
+
+      Item : Ada.Streams.Stream_Element_Array (1 .. 4096);
+      Last : Ada.Streams.Stream_Element_Offset;
+      From : GNAT.Sockets.Sock_Addr_Type;
+
+   begin
+      GNAT.Sockets.Receive_Socket (Socket, Item, Last, From);
+      return Success;
+   exception
+      when others =>
+         return Failure;
+   end Receive_Socket;
+
    procedure Accept_Socket (Server  : Socket_Type;
                             Socket  : out Optional_Socket;
                             Address : out Sock_Addr_Type;
diff --git a/wrapper/Ada/spark_sockets.ads b/wrapper/Ada/spark_sockets.ads
index ee9864c6f..5ac299863 100644
--- a/wrapper/Ada/spark_sockets.ads
+++ b/wrapper/Ada/spark_sockets.ads
@@ -83,7 +83,10 @@ package SPARK_Sockets with SPARK_Mode is
       end case;
    end record;
 
-   procedure Create_Socket (Socket : in out Optional_Socket) with
+   procedure Create_Stream_Socket (Socket : in out Optional_Socket) with
+      Pre => not Socket.Exists;
+
+   procedure Create_Datagram_Socket (Socket : in out Optional_Socket) with
       Pre => not Socket.Exists;
 
    function Connect_Socket (Socket : Socket_Type;
@@ -116,6 +119,8 @@ package SPARK_Sockets with SPARK_Mode is
    --  appropriate in usual cases. It can be adjusted according to each
    --  application's particular requirements.
 
+   function Receive_Socket (Socket : Socket_Type) return Subprogram_Result;
+
    procedure Accept_Socket (Server  : Socket_Type;
                             Socket  : out Optional_Socket;
                             Address : out Sock_Addr_Type;
diff --git a/wrapper/Ada/tls_client.adb b/wrapper/Ada/tls_client.adb
index 88f5a60df..9e872fccd 100644
--- a/wrapper/Ada/tls_client.adb
+++ b/wrapper/Ada/tls_client.adb
@@ -23,7 +23,8 @@
 with Ada.Characters.Handling;
 with Ada.Strings.Bounded;
 with Ada.Text_IO;
-with Interfaces.C;
+with Ada.Directories;
+with Interfaces.C.Strings;
 
 with SPARK_Terminal;
 
@@ -40,19 +41,85 @@ package body Tls_Client with SPARK_Mode is
 
    subtype Byte_Type is WolfSSL.Byte_Type;
 
+   subtype chars_ptr is WolfSSL.chars_ptr;
+   subtype unsigned is WolfSSL.unsigned;
+
    package Natural_IO is new Ada.Text_IO.Integer_IO (Natural);
 
+   function PSK_Client_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Hint           : chars_ptr;
+      Identity       : chars_ptr;
+      Id_Max_Length  : unsigned;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with Convention => C;
+
+   function PSK_Client_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Hint           : chars_ptr;
+      Identity       : chars_ptr;
+      Id_Max_Length  : unsigned;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with
+     SPARK_Mode => Off
+   is
+      use type Interfaces.C.unsigned;
+
+      Hint_String : constant String := Interfaces.C.Strings.Value (Hint);
+
+      --  Identity is OpenSSL testing default for openssl s_client, keep same
+      Identity_String : constant String := "Client_identity";
+      --  Test key in hex is 0x1a2b3c4d, in decimal 439,041,101
+      Key_String : constant String :=
+        Character'Val   (26)
+        & Character'Val (43)
+        & Character'Val (60)
+        & Character'Val (77);
+      --  These values are aligned with test values in wolfssl/wolfssl/test.h
+      --  and wolfssl-examples/psk/server-psk.c for testing interoperability.
+
+   begin
+
+      Ada.Text_IO.Put_Line ("Hint: " & Hint_String);
+
+      pragma Assert (Id_Max_Length >= Identity_String'Length);
+
+      Interfaces.C.Strings.Update
+        (Item   => Identity,
+         Offset => 0,
+         Str    => Identity_String,
+         Check  => False);
+
+      pragma Assert (Key_Max_Length >= Key_String'Length);
+
+      Interfaces.C.Strings.Update
+        (Item   => Key,
+         Offset => 0,
+         Str    => Key_String,
+         Check  => False);
+
+      return Key_String'Length;
+   end PSK_Client_Callback;
+
    procedure Put (Text : String) is
    begin
       Ada.Text_IO.Put (Text);
    end Put;
 
-   procedure Put (Number : Natural) is
+   procedure Put (Number : Natural)
+   with
+     Annotate => (GNATprove, Might_Not_Return)
+   is
    begin
       Natural_IO.Put (Item => Number, Width => 0, Base => 10);
    end Put;
 
-   procedure Put (Number : Byte_Index) is
+   procedure Put (Number : Byte_Index)
+   with
+     Annotate => (GNATprove, Might_Not_Return)
+   is
    begin
       Natural_IO.Put (Item => Natural (Number), Width => 0, Base => 10);
    end Put;
@@ -101,9 +168,9 @@ package body Tls_Client with SPARK_Mode is
 
    Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr;
 
-   CERT_FILE : constant String := "../../../certs/client-cert.pem";
-   KEY_FILE  : constant String := "../../../certs/client-key.pem";
-   CA_FILE   : constant String := "../../../certs/ca-cert.pem";
+   CERT_FILE : constant String := "../../certs/client-cert.pem";
+   KEY_FILE  : constant String := "../../certs/client-key.pem";
+   CA_FILE   : constant String := "../../certs/ca-cert.pem";
 
    subtype Byte_Array is WolfSSL.Byte_Array;
 
@@ -137,6 +204,8 @@ package body Tls_Client with SPARK_Mode is
       Output : WolfSSL.Write_Result;
 
       Result : WolfSSL.Subprogram_Result;
+      DTLS   : Boolean;
+      PSK    : Boolean;
    begin
       Result := WolfSSL.Initialize;
       if Result /= Success then
@@ -144,14 +213,34 @@ package body Tls_Client with SPARK_Mode is
          return;
       end if;
 
-      if Argument_Count < 1 then
-         Put_Line ("usage: tcl_client <IPv4 address>");
+      if Argument_Count < 1
+         or Argument_Count > 2
+         or (Argument_Count = 2 and then
+             Argument (2) /= "--dtls" and then
+             Argument (2) /= "--psk")
+      then
+         Put_Line ("usage: tls_client_main <IPv4 address> [--dtls | --psk]");
          return;
       end if;
-      SPARK_Sockets.Create_Socket (C);
+
+      if Argument_Count = 2 then
+         DTLS := (Argument (2) = "--dtls");
+         PSK  := (Argument (2) = "--psk");
+      end if;
+
+      if DTLS then
+         SPARK_Sockets.Create_Datagram_Socket (C);
+      else
+         SPARK_Sockets.Create_Stream_Socket (C);
+      end if;
+
       if not C.Exists then
-         Put_Line ("ERROR: Failed to create socket.");
-         return;
+         declare
+            Mode : constant String := (if DTLS then "datagram" else "stream");
+         begin
+            Put_Line ("ERROR: Failed to create " & Mode & " socket.");
+            return;
+         end;
       end if;
 
       Addr := SPARK_Sockets.Inet_Addr (Argument (1));
@@ -167,18 +256,26 @@ package body Tls_Client with SPARK_Mode is
             Addr   => Addr.Addr,
             Port   => P);
 
-      Result := SPARK_Sockets.Connect_Socket (Socket => C.Socket,
-                                              Server => A);
-      if Result /= Success then
-         Put_Line ("ERROR: Failed to connect to server.");
-         SPARK_Sockets.Close_Socket (C);
-         Set (Exit_Status_Failure);
-         return;
+      if not DTLS then
+         Result := SPARK_Sockets.Connect_Socket (Socket => C.Socket,
+                                                 Server => A);
+         if Result /= Success then
+            Put_Line ("ERROR: Failed to connect to server.");
+            SPARK_Sockets.Close_Socket (C);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
       end if;
 
       --  Create and initialize WOLFSSL_CTX.
-      WolfSSL.Create_Context (Method  => WolfSSL.TLSv1_3_Client_Method,
-                              Context => Ctx);
+      WolfSSL.Create_Context
+        (Method  =>
+           (if DTLS then
+               WolfSSL.DTLSv1_3_Client_Method
+            else
+               WolfSSL.TLSv1_3_Client_Method),
+         Context => Ctx);
+
       if not WolfSSL.Is_Valid (Ctx) then
          Put_Line ("ERROR: failed to create WOLFSSL_CTX.");
          SPARK_Sockets.Close_Socket (C);
@@ -186,49 +283,57 @@ package body Tls_Client with SPARK_Mode is
          return;
       end if;
 
-      --  Load client certificate into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Certificate_File (Context => Ctx,
-                                              File    => CERT_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CERT_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (C);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
-      end if;
+      --  Require mutual authentication.
+      WolfSSL.Set_Verify
+         (Context => Ctx,
+          Mode    => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert);
 
-      --  Load client key into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
-                                              File    => KEY_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (KEY_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (C);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
-      end if;
+      if not PSK then
 
-      --  Load CA certificate into WOLFSSL_CTX.
-      Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
-                                               File    => CA_FILE,
-                                               Path    => "");
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CA_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (C);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
+         --  Load client certificate into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Certificate_File (Context => Ctx,
+                                                File    => CERT_FILE,
+                                                Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CERT_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load client key into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
+                                                File    => KEY_FILE,
+                                                Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (KEY_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load CA certificate into WOLFSSL_CTX.
+         Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
+                                                File    => CA_FILE,
+                                                Path    => "");
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CA_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
       end if;
 
       --  Create a WOLFSSL object.
@@ -241,6 +346,26 @@ package body Tls_Client with SPARK_Mode is
          return;
       end if;
 
+      if PSK then
+         --  Use PSK for authentication.
+         WolfSSL.Set_PSK_Client_Callback
+           (Ssl      => Ssl,
+            Callback => PSK_Client_Callback'Access);
+      end if;
+
+      if DTLS then
+         Result := WolfSSL.DTLS_Set_Peer(Ssl     => Ssl,
+                                         Address => A);
+         if Result /= Success then
+            Put_Line ("ERROR: Failed to set the DTLS peer.");
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Ssl);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+      end if;
+
       --  Attach wolfSSL to the socket.
       Result := WolfSSL.Attach (Ssl    => Ssl,
                                 Socket => SPARK_Sockets.To_C (C.Socket));
diff --git a/wrapper/Ada/tls_client.ads b/wrapper/Ada/tls_client.ads
index 50a52b3cc..aa1ad36e0 100644
--- a/wrapper/Ada/tls_client.ads
+++ b/wrapper/Ada/tls_client.ads
@@ -32,6 +32,7 @@ package Tls_Client with SPARK_Mode is
       Pre  => (not Client.Exists and not
                   WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)),
       Post => (not Client.Exists and not WolfSSL.Is_Valid (Ssl) and
-                  not WolfSSL.Is_Valid (Ctx));
+                  not WolfSSL.Is_Valid (Ctx)),
+     Annotate => (GNATprove, Might_Not_Return);
 
 end Tls_Client;
diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb
index 2858f26fd..e17af00a5 100644
--- a/wrapper/Ada/tls_server.adb
+++ b/wrapper/Ada/tls_server.adb
@@ -24,6 +24,8 @@ with Ada.Characters.Handling;
 with Ada.Strings.Bounded;
 with Ada.Text_IO.Bounded_IO;
 
+with Interfaces.C.Strings;
+
 with SPARK_Terminal; pragma Elaborate_All (SPARK_Terminal);
 
 package body Tls_Server with SPARK_Mode is
@@ -35,6 +37,9 @@ package body Tls_Server with SPARK_Mode is
 
    Success : WolfSSL.Subprogram_Result renames WolfSSL.Success;
 
+   subtype chars_ptr is WolfSSL.chars_ptr;
+   subtype unsigned is WolfSSL.unsigned;
+
    procedure Put (Char : Character) is
    begin
       Ada.Text_IO.Put (Char);
@@ -87,14 +92,66 @@ package body Tls_Server with SPARK_Mode is
 
    Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr;
 
-   CERT_FILE : constant String := "../../../certs/server-cert.pem";
-   KEY_FILE  : constant String := "../../../certs/server-key.pem";
-   CA_FILE   : constant String := "../../../certs/client-cert.pem";
+   CERT_FILE : constant String := "../../certs/server-cert.pem";
+   KEY_FILE  : constant String := "../../certs/server-key.pem";
+   CA_FILE   : constant String := "../../certs/client-cert.pem";
 
    subtype Byte_Array is WolfSSL.Byte_Array;
 
    Reply : constant Byte_Array := "I hear ya fa shizzle!";
 
+
+   function PSK_Server_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Identity       : chars_ptr;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with Convention => C;
+
+   function PSK_Server_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Identity       : chars_ptr;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with
+     SPARK_Mode => Off
+   is
+      use type Interfaces.C.unsigned;
+
+      --  Identity is OpenSSL testing default for openssl s_client, keep same
+      Identity_String : constant String := "Client_identity";
+      --  Test key in hex is 0x1a2b3c4d, in decimal 439,041,101
+      Key_String : constant String :=
+        Character'Val   (26)
+        & Character'Val (43)
+        & Character'Val (60)
+        & Character'Val (77);
+      --  These values are aligned with test values in wolfssl/wolfssl/test.h
+      --  and wolfssl-examples/psk/server-psk.c for testing interoperability.
+
+   begin
+
+      if Interfaces.C.Strings.Value
+        (Item   => Identity,
+         Length => Identity_String'Length) /= Identity_String or else
+         Key_Max_Length < Key_String'Length
+      then
+         return 0;
+      end if;
+
+      put_line (Interfaces.C.Strings.Value
+        (Item   => Identity,
+         Length => Identity_String'Length) );
+
+      Interfaces.C.Strings.Update
+        (Item   => Key,
+         Offset => 0,
+         Str    => Key_String,
+         Check  => False);
+
+      return Key_String'Length;
+   end PSK_Server_Callback;
+
    procedure Run (Ssl : in out WolfSSL.WolfSSL_Type;
                   Ctx : in out WolfSSL.Context_Type;
                   L   : in out SPARK_Sockets.Optional_Socket;
@@ -105,6 +162,7 @@ package body Tls_Server with SPARK_Mode is
       Ch : Character;
 
       Result : WolfSSL.Subprogram_Result;
+      DTLS, PSK : Boolean;
       Shall_Continue : Boolean := True;
 
       Input  : WolfSSL.Read_Result;
@@ -117,12 +175,35 @@ package body Tls_Server with SPARK_Mode is
          return;
       end if;
 
-      SPARK_Sockets.Create_Socket (Socket => L);
-      if not L.Exists then
-         Put_Line ("ERROR: Failed to create socket.");
+      if SPARK_Terminal.Argument_Count > 1
+         or (SPARK_Terminal.Argument_Count = 1 and then
+             SPARK_Terminal.Argument (1) /= "--dtls" and then
+             SPARK_Terminal.Argument (1) /= "--psk")
+      then
+         Put_Line ("usage: tls_server_main [--dtls | --psk]");
          return;
       end if;
 
+      if SPARK_Terminal.Argument_Count = 1 then
+         DTLS := (SPARK_Terminal.Argument (1) = "--dtls");
+         PSK  := (SPARK_Terminal.Argument (1) = "--psk");
+      end if;
+
+      if DTLS then
+         SPARK_Sockets.Create_Datagram_Socket (Socket => L);
+      else
+         SPARK_Sockets.Create_Stream_Socket (Socket => L);
+      end if;
+
+      if not L.Exists then
+         declare
+            Mode : constant String := (if DTLS then "datagram" else "stream");
+         begin
+            Put_Line ("ERROR: Failed to create " & Mode & " socket.");
+            return;
+         end;
+      end if;
+
       Option := (Name => Reuse_Address, Enabled => True);
       Result := SPARK_Sockets.Set_Socket_Option (Socket => L.Socket,
                                                  Level  => Socket_Level,
@@ -144,17 +225,32 @@ package body Tls_Server with SPARK_Mode is
          return;
       end if;
 
-      Result := SPARK_Sockets.Listen_Socket (Socket => L.Socket,
-                                             Length => 5);
+      if DTLS then
+         Result := SPARK_Sockets.Receive_Socket (Socket => L.Socket);
+      else
+         Result := SPARK_Sockets.Listen_Socket (Socket => L.Socket,
+                                                Length => 5);
+      end if;
+
       if Result /= Success then
-         Put_Line ("ERROR: Failed to configure listener socket.");
-         SPARK_Sockets.Close_Socket (L);
-         return;
+         declare
+            Operation : constant String := (if DTLS then "receiver" else "listener");
+         begin
+            Put_Line ("ERROR: Failed to configure " & Operation & " socket.");
+            SPARK_Sockets.Close_Socket (L);
+            return;
+         end;
       end if;
 
       --  Create and initialize WOLFSSL_CTX.
-      WolfSSL.Create_Context (Method  => WolfSSL.TLSv1_3_Server_Method,
-                              Context => Ctx);
+      WolfSSL.Create_Context
+        (Method  =>
+           (if DTLS then
+               WolfSSL.DTLSv1_3_Server_Method
+            else
+               WolfSSL.TLSv1_3_Server_Method),
+         Context => Ctx);
+
       if not WolfSSL.Is_Valid (Ctx) then
          Put_Line ("ERROR: failed to create WOLFSSL_CTX.");
          SPARK_Sockets.Close_Socket (L);
@@ -162,71 +258,90 @@ package body Tls_Server with SPARK_Mode is
          return;
       end if;
 
-      --  Require mutual authentication.
-      WolfSSL.Set_Verify
-         (Context => Ctx,
-          Mode    => WolfSSL.Verify_Peer & WolfSSL.Verify_Fail_If_No_Peer_Cert);
+      if not PSK then
+         --  Require mutual authentication.
+         WolfSSL.Set_Verify
+            (Context => Ctx,
+            Mode    => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert);
 
-      --  Load server certificates into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Certificate_File (Context => Ctx,
-                                              File    => CERT_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CERT_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (L);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
+         --  Check verify is set correctly (GitHub #7461)
+         if WolfSSL.Get_Verify(Context => Ctx) /= (WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert) then
+               Put ("Error: Verify does not match requested");
+               New_Line;
+               return;
+         end if;
+
+         --  Load server certificates into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Certificate_File (Context => Ctx,
+                                                 File    => CERT_FILE,
+                                                 Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CERT_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (L);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load server key into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
+                                                 File    => KEY_FILE,
+                                                 Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (KEY_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (L);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load client certificate as "trusted" into WOLFSSL_CTX.
+         Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
+                                                  File    => CA_FILE,
+                                                  Path    => "");
+
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CA_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (L);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
       end if;
 
-      --  Load server key into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
-                                              File    => KEY_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (KEY_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (L);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
+      if PSK then
+         --  Use PSK for authentication.
+         WolfSSL.Set_Context_PSK_Server_Callback
+            (Context  => Ctx,
+             Callback => PSK_Server_Callback'Access);
       end if;
-
-      --  Load client certificate as "trusted" into WOLFSSL_CTX.
-      Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
-                                               File    => CA_FILE,
-                                               Path    => "");
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CA_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (L);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
-      end if;
-
+               
       while Shall_Continue loop
          pragma Loop_Invariant (not C.Exists);
          pragma Loop_Invariant (not WolfSSL.Is_Valid (Ssl));
          pragma Loop_Invariant (WolfSSL.Is_Valid (Ctx));
 
-         Put_Line ("Waiting for a connection...");
-         SPARK_Sockets.Accept_Socket (Server  => L.Socket,
-                                      Socket  => C,
-                                      Address => A,
-                                      Result  => Result);
-         if Result /= Success then
-            Put_Line ("ERROR: failed to accept the connection.");
-            SPARK_Sockets.Close_Socket (L);
-            WolfSSL.Free (Context => Ctx);
-            return;
+         if not DTLS then
+            Put_Line ("Waiting for a connection...");
+            SPARK_Sockets.Accept_Socket (Server  => L.Socket,
+                                         Socket  => C,
+                                         Address => A,
+                                         Result  => Result);
+            if Result /= Success then
+               Put_Line ("ERROR: failed to accept the connection.");
+               SPARK_Sockets.Close_Socket (L);
+               WolfSSL.Free (Context => Ctx);
+               return;
+            end if;
          end if;
 
          --  Create a WOLFSSL object.
@@ -234,32 +349,45 @@ package body Tls_Server with SPARK_Mode is
          if not WolfSSL.Is_Valid (Ssl) then
             Put_Line ("ERROR: failed to create WOLFSSL object.");
             SPARK_Sockets.Close_Socket (L);
-            SPARK_Sockets.Close_Socket (C);
+
+            if not DTLS then
+               SPARK_Sockets.Close_Socket (C);
+            end if;
+
             WolfSSL.Free (Context => Ctx);
             Set (Exit_Status_Failure);
             return;
          end if;
 
          --  Attach wolfSSL to the socket.
-         Result := WolfSSL.Attach (Ssl    => Ssl,
-                                   Socket => SPARK_Sockets.To_C (C.Socket));
+         Result := WolfSSL.Attach
+           (Ssl    => Ssl,
+            Socket => SPARK_Sockets.To_C (if DTLS then L.Socket else C.Socket));
          if Result /= Success then
             Put_Line ("ERROR: Failed to set the file descriptor.");
             WolfSSL.Free (Ssl);
             SPARK_Sockets.Close_Socket (L);
-            SPARK_Sockets.Close_Socket (C);
+
+            if not DTLS then
+               SPARK_Sockets.Close_Socket (C);
+            end if;
+
             WolfSSL.Free (Context => Ctx);
             Set (Exit_Status_Failure);
             return;
          end if;
 
-         --  Establish TLS connection.
+         --  Establish (D)TLS connection.
          Result := WolfSSL.Accept_Connection (Ssl);
          if Result /= Success then
             Put_Line ("Accept error.");
             WolfSSL.Free (Ssl);
             SPARK_Sockets.Close_Socket (L);
-            SPARK_Sockets.Close_Socket (C);
+
+            if not DTLS then
+               SPARK_Sockets.Close_Socket (C);
+            end if;
+
             WolfSSL.Free (Context => Ctx);
             Set (Exit_Status_Failure);
             return;
@@ -268,11 +396,15 @@ package body Tls_Server with SPARK_Mode is
          Put_Line ("Client connected successfully.");
 
          Input := WolfSSL.Read (Ssl);
-         if not  Input.Success then
+         if not Input.Success then
             Put_Line ("Read error.");
             WolfSSL.Free (Ssl);
             SPARK_Sockets.Close_Socket (L);
-            SPARK_Sockets.Close_Socket (C);
+
+            if not DTLS then
+               SPARK_Sockets.Close_Socket (C);
+            end if;
+
             WolfSSL.Free (Context => Ctx);
             Set (Exit_Status_Failure);
             return;
@@ -306,15 +438,24 @@ package body Tls_Server with SPARK_Mode is
          end if;
 
          for I in 1 .. 3 loop
+
             Result := WolfSSL.Shutdown (Ssl);
-            exit when Result = Success;
+
+            exit when DTLS or Result = Success;
             delay 0.001;  --  Delay is expressed in seconds.
+
          end loop;
-         if Result /= Success then
+         if not DTLS and then Result /= Success then
             Put_Line ("ERROR: Failed to shutdown WolfSSL context.");
          end if;
+
          WolfSSL.Free (Ssl);
-         SPARK_Sockets.Close_Socket (C);
+
+         if DTLS then
+            Shall_Continue := False;
+         else
+            SPARK_Sockets.Close_Socket (C);
+         end if;
 
          Put_Line ("Shutdown complete.");
       end loop;
diff --git a/wrapper/Ada/user_settings.h b/wrapper/Ada/user_settings.h
index df4ada44e..3631f8f9a 100644
--- a/wrapper/Ada/user_settings.h
+++ b/wrapper/Ada/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,9 +34,14 @@
 extern "C" {
 #endif
 
+#include <stdint.h>
+
 /* Usually comes from configure -> config.h */
 #define HAVE_SYS_TIME_H
 
+/* Explicitly define NETDB support */
+#define HAVE_NETDB_H
+
 /* Features */
 #define SINGLE_THREADED
 #define WOLFSSL_IGNORE_FILE_WARN /* Ignore *.c include warnings */
@@ -75,13 +80,9 @@ extern "C" {
 #define WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
 
 /* DTLS */
-#if 0
-    #define WOLFSSL_DTLS
-    #define WOLFSSL_MULTICAST
-
-    /* DTLS v1.3 is not yet included with enable-all */
-    //#define WOLFSSL_DTLS13
-#endif
+#define WOLFSSL_DTLS
+// #define WOLFSSL_MULTICAST
+#define WOLFSSL_DTLS13
 
 /* DG Disabled SSLv3 and TLSv1.0 - should avoid using */
 //#define WOLFSSL_ALLOW_SSLV3
@@ -259,9 +260,9 @@ extern "C" {
 
 
 /* Openssl compatibility */
+#define OPENSSL_EXTRA
 #if 0 /* DG Disabled */
     /* Openssl compatibility API's */
-    #define OPENSSL_EXTRA
     #define OPENSSL_ALL
     #define HAVE_OPENSSL_CMD
     #define SSL_TXT_TLSV1_2
diff --git a/wrapper/Ada/wolfssl.adb b/wrapper/Ada/wolfssl.adb
index f1eac8f8a..9bdd07afd 100644
--- a/wrapper/Ada/wolfssl.adb
+++ b/wrapper/Ada/wolfssl.adb
@@ -19,7 +19,12 @@
 -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 --
 
+pragma Warnings (Off, "* is an internal GNAT unit");
+with GNAT.Sockets.Thin_Common;
+pragma Warnings (On, "* is an internal GNAT unit");
+with Interfaces.C.Extensions;
 with Interfaces.C.Strings;
+with System;
 
 package body WolfSSL is
 
@@ -97,6 +102,46 @@ package body WolfSSL is
       return WolfTLSv1_3_Client_Method;
    end TLSv1_3_Client_Method;
 
+   function WolfDTLSv1_2_Server_Method return Method_Type with
+     Convention    => C,
+     External_Name => "wolfDTLSv1_2_server_method",
+     Import        => True;
+
+   function DTLSv1_2_Server_Method return Method_Type is
+   begin
+      return WolfDTLSv1_2_Server_Method;
+   end DTLSv1_2_Server_Method;
+
+   function WolfDTLSv1_2_Client_Method return Method_Type with
+     Convention    => C,
+     External_Name => "wolfDTLSv1_2_client_method",
+     Import        => True;
+
+   function DTLSv1_2_Client_Method return Method_Type is
+   begin
+      return WolfDTLSv1_2_Client_Method;
+   end DTLSv1_2_Client_Method;
+
+   function WolfDTLSv1_3_Server_Method return Method_Type with
+     Convention    => C,
+     External_Name => "wolfDTLSv1_3_server_method",
+     Import        => True;
+
+   function DTLSv1_3_Server_Method return Method_Type is
+   begin
+      return WolfDTLSv1_3_Server_Method;
+   end DTLSv1_3_Server_Method;
+
+   function WolfDTLSv1_3_Client_Method return Method_Type with
+     Convention    => C,
+     External_Name => "wolfDTLSv1_3_client_method",
+     Import        => True;
+
+   function DTLSv1_3_Client_Method return Method_Type is
+   begin
+      return WolfDTLSv1_3_Client_Method;
+   end DTLSv1_3_Client_Method;
+
    function WolfSSL_CTX_new (Method : Method_Type)
                              return Context_Type with
      Convention => C, External_Name => "wolfSSL_CTX_new", Import => True;
@@ -159,12 +204,12 @@ package body WolfSSL is
    --  PSK connection. If a PSK connection is being made then the
    --  connection will go through without a peer cert.
 
-   function "&" (Left, Right : Mode_Type) return Mode_Type is
+   function "or" (Left, Right : Mode_Type) return Mode_Type is
       L : constant Unsigned_32 := Unsigned_32 (Left);
       R : constant Unsigned_32 := Unsigned_32 (Right);
    begin
-      return Mode_Type (L and R);
-   end "&";
+      return Mode_Type (L or R);
+   end "or";
 
    procedure Set_Verify (Context : Context_Type;
                          Mode    : Mode_Type) is
@@ -174,6 +219,16 @@ package body WolfSSL is
                               Callback => null);
    end Set_Verify;
 
+   function WolfSSL_Get_Verify(Context : Context_Type) return int with
+     Convention    => C,
+     External_Name => "wolfSSL_CTX_get_verify_mode",
+     Import        => True;
+
+   function Get_Verify (Context : Context_Type) return Mode_Type is
+   begin
+      return Mode_Type (WolfSSL_Get_Verify(Context));
+   end Get_Verify;
+
    function Use_Certificate_File (Context : Context_Type;
                                   File    : char_array;
                                   Format  : int)
@@ -487,6 +542,86 @@ package body WolfSSL is
       return Subprogram_Result (Result);
    end Use_Private_Key_Buffer;
 
+   function WolfSSL_DTLS_Set_Peer
+     (ssl    : WolfSSL_Type;
+      peer   : GNAT.Sockets.Thin_Common.Sockaddr_Access;
+      peerSz : Interfaces.C.unsigned)
+      return int with
+     Convention    => C,
+     External_Name => "wolfSSL_dtls_set_peer",
+     Import        => True;
+
+   function DTLS_Set_Peer
+     (Ssl     : WolfSSL_Type;
+      Address : GNAT.Sockets.Sock_Addr_Type)
+      return Subprogram_Result is
+
+      Sin    : aliased GNAT.Sockets.Thin_Common.Sockaddr;
+      Length : Interfaces.C.int;
+
+   begin
+
+      GNAT.Sockets.Thin_Common.Set_Address
+        (Sin     => Sin'Unchecked_Access,
+         Address => Address,
+         Length  => Length);
+
+      pragma Assert (Length >= 0);
+
+      return
+        Subprogram_Result
+          (WolfSSL_DTLS_Set_Peer
+             (ssl    => Ssl,
+              peer   => Sin'Unchecked_Access,
+              peerSz => Interfaces.C.unsigned (Length)));
+
+   end DTLS_Set_Peer;
+
+   procedure WolfSSL_Set_Psk_Client_Callback
+     (Ssl : WolfSSL_Type;
+      Cb  : PSK_Client_Callback)
+   with
+     Convention    => C,
+     External_Name => "wolfSSL_set_psk_client_callback",
+     Import        => True;
+
+   procedure Set_PSK_Client_Callback
+     (Ssl      : WolfSSL_Type;
+      Callback : PSK_Client_Callback) is
+   begin
+      WolfSSL_Set_Psk_Client_Callback (Ssl, Callback);
+   end Set_PSK_Client_Callback;
+
+   procedure WolfSSL_Set_Psk_Server_Callback
+     (Ssl : WolfSSL_Type;
+      Cb  : PSK_Server_Callback)
+   with
+     Convention    => C,
+     External_Name => "wolfSSL_set_psk_server_callback",
+     Import        => True;
+
+   procedure Set_PSK_Server_Callback
+       (Ssl      : WolfSSL_Type;
+        Callback : PSK_Server_Callback) is
+   begin
+      WolfSSL_Set_Psk_Server_Callback (Ssl, Callback);
+   end Set_PSK_Server_Callback;
+
+   procedure WolfSSL_CTX_Set_Psk_Server_Callback
+     (Ctx : Context_Type;
+      Cb  : PSK_Server_Callback)
+   with
+     Convention    => C,
+     External_Name => "wolfSSL_CTX_set_psk_server_callback",
+     Import        => True;
+
+   procedure Set_Context_PSK_Server_Callback
+       (Context  : Context_Type;
+        Callback : PSK_Server_Callback) is
+   begin
+      WolfSSL_CTX_Set_Psk_Server_Callback (Context, Callback);
+   end Set_Context_PSK_Server_Callback;
+
    function WolfSSL_Set_Fd (Ssl : WolfSSL_Type; Fd : int) return int with
      Convention    => C,
      External_Name => "wolfSSL_set_fd",
diff --git a/wrapper/Ada/wolfssl.ads b/wrapper/Ada/wolfssl.ads
index a3f536e5d..2a247a676 100644
--- a/wrapper/Ada/wolfssl.ads
+++ b/wrapper/Ada/wolfssl.ads
@@ -19,7 +19,8 @@
 -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 --
 
-with Interfaces.C;
+with GNAT.Sockets;
+with Interfaces.C.Strings;
 
 --  This package is annotated "with SPARK_Mode" that SPARK can verify
 --  the API of this package is used correctly.
@@ -38,7 +39,10 @@ package WolfSSL with SPARK_Mode is
    --  Doesn't have to be called, though it will free any resources
    --  used by the library.
 
+   subtype unsigned is Interfaces.C.unsigned;
+
    subtype char_array is Interfaces.C.char_array;  --  Remove?
+   subtype chars_ptr is Interfaces.C.Strings.chars_ptr;
 
    subtype Byte_Type  is Interfaces.C.char;
    subtype Byte_Index is Interfaces.C.size_t range 0 .. 16_000;
@@ -70,6 +74,22 @@ package WolfSSL with SPARK_Mode is
    --  This function is used to indicate that the application is a client
    --  and will only support the TLS 1.3 protocol.
 
+   function DTLSv1_2_Server_Method return Method_Type;
+   --  This function is used to indicate that the application is a server
+   --  and will only support the DTLS 1.2 protocol.
+
+   function DTLSv1_2_Client_Method return Method_Type;
+   --  This function is used to indicate that the application is a client
+   --  and will only support the DTLS 1.2 protocol.
+
+   function DTLSv1_3_Server_Method return Method_Type;
+   --  This function is used to indicate that the application is a server
+   --  and will only support the DTLS 1.3 protocol.
+
+   function DTLSv1_3_Client_Method return Method_Type;
+   --  This function is used to indicate that the application is a client
+   --  and will only support the DTLS 1.3 protocol.
+
    procedure Create_Context (Method  : Method_Type;
                              Context : out Context_Type);
    --  This function creates a new SSL context, taking a desired SSL/TLS
@@ -83,7 +103,7 @@ package WolfSSL with SPARK_Mode is
 
    type Mode_Type is private;
 
-   function "&" (Left, Right : Mode_Type) return Mode_Type;
+   function "or" (Left, Right : Mode_Type) return Mode_Type;
 
    Verify_None : constant Mode_Type;
    --  Client mode: the client will not verify the certificate received
@@ -126,6 +146,8 @@ package WolfSSL with SPARK_Mode is
       Pre => Is_Valid (Context);
    --  This function sets the verification method for remote peers
 
+   function Get_Verify (Context : Context_Type) return Mode_Type;
+
    type File_Format is private;
 
    Format_Asn1    : constant File_Format;
@@ -270,6 +292,72 @@ package WolfSSL with SPARK_Mode is
    --  Format specifies the format type of the buffer; ASN1 or PEM.
    --  Please see the examples for proper usage.
 
+   function DTLS_Set_Peer
+     (Ssl     : WolfSSL_Type;
+      Address : GNAT.Sockets.Sock_Addr_Type)
+      return Subprogram_Result with
+     Pre => Is_Valid (Ssl);
+   --  This function wraps the corresponding WolfSSL C function to allow
+   --  clients to use Ada socket types when implementing a DTLS client.
+
+   type PSK_Client_Callback is access function
+     (Ssl            : WolfSSL_Type;
+      Hint           : chars_ptr;
+      Identity       : chars_ptr;
+      Id_Max_Length  : unsigned;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned)
+      return unsigned with
+     Convention => C;
+     --  Return value is the key length on success or zero on error.
+     --  parameters:
+     --  Ssl - Pointer to the wolfSSL structure
+     --  Hint - A stored string that could be displayed to provide a
+     --         hint to the user.
+     --  Identity - The ID will be stored here.
+     --  Id_Max_Length - Size of the ID buffer.
+     --  Key - The key will be stored here.
+     --  Key_Max_Length - The max size of the key.
+     --
+     --  The implementation of this callback will need `SPARK_Mode => Off`
+     --  since it will require the code to use the C memory model.
+
+   procedure Set_PSK_Client_Callback
+     (Ssl      : WolfSSL_Type;
+      Callback : PSK_Client_Callback) with
+     Pre => Is_Valid (Ssl);
+     -- Sets the PSK client side callback.
+
+   
+   type PSK_Server_Callback is access function
+     (Ssl            : WolfSSL_Type;
+      Identity       : chars_ptr;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned)
+      return unsigned with
+     Convention => C;
+     --  Return value is the key length on success or zero on error.
+     --  PSK server callback parameters:
+     --  Ssl - Reference to the wolfSSL structure
+     --  Identity - The ID will be stored here. 
+     --  Key - The key will be stored here.
+     --  Key_Max_Length - The max size of the key.
+     --
+     --  The implementation of this callback will need `SPARK_Mode => Off`
+     --  since it will require the code to use the C memory model.
+
+   procedure Set_PSK_Server_Callback
+     (Ssl      : WolfSSL_Type;
+      Callback : PSK_Server_Callback) with
+     Pre => Is_Valid (Ssl);
+     -- Sets the PSK Server side callback.
+   
+   procedure Set_Context_PSK_Server_Callback
+     (Context  : Context_Type;
+      Callback : PSK_Server_Callback) with
+     Pre => Is_Valid (Context);
+     --  Sets the PSK callback for the server side in the WolfSSL Context. 
+   
    function Attach (Ssl    : WolfSSL_Type;
                     Socket : Integer)
                     return Subprogram_Result with
diff --git a/wrapper/Ada/wolfssl.gpr b/wrapper/Ada/wolfssl.gpr
new file mode 100644
index 000000000..65d8cce6f
--- /dev/null
+++ b/wrapper/Ada/wolfssl.gpr
@@ -0,0 +1,96 @@
+library project WolfSSL is
+
+   for Library_Name use "wolfssl";
+   --  for Library_Version use Project'Library_Name & ".so";
+   type OS_Kind is ("Windows", "Linux_Or_Mac");
+
+   OS : OS_Kind := external ("OS", "Linux_Or_Mac");
+
+   for Languages use ("C", "Ada");
+
+   for Source_Dirs use (".",
+                        "../../",
+                        "../../src",
+                        "../../wolfcrypt/src");
+
+   --  Don't build the tls client or server application.
+   --  They are not needed in order to build the library.
+   for Excluded_Source_Files use ("tls_client_main.adb",
+                                  "tls_client.ads",
+                                  "tls_client.adb",
+				  "tls_server_main.adb",
+				  "tls_server.ads",
+				  "tls_server.adb");
+
+   for Object_Dir use "obj";
+   for Library_Dir use "lib";
+   for Create_Missing_Dirs use "True";
+
+   type Library_Type_Type is ("relocatable", "static", "static-pic");
+   Library_Type : Library_Type_Type := external("LIBRARY_TYPE", "static");
+   for Library_Kind use Library_Type;
+
+   package Naming is
+      for Spec_Suffix ("C") use ".h";
+   end Naming;
+
+   package Builder is
+      for Global_Configuration_Pragmas use "gnat.adc";
+   end Builder;
+
+   package Compiler is
+      for Switches ("C") use
+         ("-DWOLFSSL_USER_SETTINGS", --  Use the user_settings.h file.
+          "-Wno-pragmas",
+          "-Wall",
+          "-Wextra",
+          "-Wunknown-pragmas",
+          "--param=ssp-buffer-size=1",
+          "-Waddress",
+          "-Warray-bounds",
+          "-Wbad-function-cast",
+          "-Wchar-subscripts",
+          "-Wcomment",
+          "-Wfloat-equal",
+          "-Wformat-security",
+          "-Wformat=2",
+          "-Wmaybe-uninitialized",
+          "-Wmissing-field-initializers",
+          "-Wmissing-noreturn",
+          "-Wmissing-prototypes",
+          "-Wnested-externs",
+          "-Wnormalized=id",
+          "-Woverride-init",
+          "-Wpointer-arith",
+          "-Wpointer-sign",
+          "-Wshadow",
+          "-Wsign-compare",
+          "-Wstrict-overflow=1",
+          "-Wstrict-prototypes",
+          "-Wswitch-enum",
+          "-Wundef",
+          "-Wunused",
+          "-Wunused-result",
+          "-Wunused-variable",
+          "-Wwrite-strings",
+          "-fwrapv") & External_As_List ("CFLAGS", " ");
+
+      for Switches ("Ada") use ("-g") & External_As_List ("ADAFLAGS", " ");
+   end Compiler;
+
+   package Binder is
+      for Switches ("Ada") use ("-Es");  --  To include stack traces.
+   end Binder;
+ 
+--     case OS is
+--        when "Windows" =>
+--           for Library_Options use ("-lm",  --  To include the math library (used by WolfSSL).
+--  		                  "-lcrypt32");  --  Needed on Windows.
+--        when "Linux_Or_Mac" =>
+--  	 for Library_Options use ("-lm");  --  To include the math library (used by WolfSSL).
+--     end case;
+--  
+--     --  Put user options in front, for options like --as-needed.
+--     for Leading_Library_Options use External_As_List ("LDFLAGS", " ");
+
+end WolfSSl;
diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md
index faba0da7f..537e6cc9b 100644
--- a/wrapper/CSharp/README.md
+++ b/wrapper/CSharp/README.md
@@ -2,7 +2,9 @@
 
 This directory contains the CSharp wrapper for the wolfSSL TLS layer with examples.
 
-* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library)
+* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library).
+* `wolfCrypt-Test`: wolfCrypt layer wrapper testing.
+* `user_settings.h`: wolfCrypt wrapper user settings.
 
 Examples:
 * `wolfSSL-DTLS-PSK-Server`
@@ -20,42 +22,83 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you
 to build the wrapper library and examples. It includes the wolfSSL Visual Studio
 project directly.
 
-## Linux (using Mono)
+To successfully run and build the solution on Windows Visual Studio you will
+need to open a new solution `wolfSSL_CSharp.sln` located in `wrapper\CSharp\wolfSSL_CSharp.sln`.
+
+Select the CPU type, configuration, and target file.
+select `Build` and either `Rebuild Solution` or `Build Solution`.
+
+## Linux (Ubuntu) using mono
 
 Prerequisites for linux:
 
 ```
-apt install mono-tools-devel
+apt-get update
+apt-get upgrade
+apt-get install mono-complete
 ```
 
-Build wolfSSL and install:
+### Build wolfSSL and install
 
 ```
 ./autogen.sh
-./configure --enable-wolftpm
+./configure --enable-keygen --enable-eccencrypt --enable-ed25519 --enable-curve25519 --enable-aesgcm
 make
 make check
 sudo make install
 ```
 
-Build and run the wrapper:
+### Build and run the wolfCrypt test wrapper
+
+From the `wrapper/CSharp` directory (`cd wrapper/CSharp`):
+
+Compile wolfCrypt test:
 
 ```
-cd wrapper/CSharp
+mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs -OUT:wolfcrypttest.exe
+mono wolfcrypttest.exe
+```
 
-csc wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \
-    wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
+### Build and run the wolfSSL client/server test
 
-Run the example:
+From the `wrapper/CSharp` directory (`cd wrapper/CSharp`):
+
+Compile server:
 
 ```
-cp wolfSSL-TLS-Server.exe ../../certs
-cd ../../certs
-
-mono wolfSSL-TLS-Server.exe
-
-Calling ctx Init from wolfSSL
-Finished init of ctx .... now load in cert and key
-Ciphers : TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD
-Started TCP and waiting for a connection
+mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
+```
+
+Compile client:
+
+```
+mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe
+```
+
+#### Run the example
+
+In one terminal instance run the server:
+
+```
+mono server.exe
+```
+
+And in another terminal instance run the client:
+
+```
+mono client.exe
+```
+
+#### Enabling SNI
+
+To enable SNI, just pass the `-S` argument with the specified hostname to the client:
+
+```
+mono client.exe -S hostname
+```
+
+And run the server with the `-S` flag:
+
+```
+mono server.exe -S
 ```
diff --git a/wrapper/CSharp/include.am b/wrapper/CSharp/include.am
index c1a11c8c0..ecd70d015 100644
--- a/wrapper/CSharp/include.am
+++ b/wrapper/CSharp/include.am
@@ -26,10 +26,13 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/Properties/AssemblyInfo.
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp.sln
+EXTRA_DIST+= wrapper/CSharp/user_settings.h
+EXTRA_DIST+= wrapper/CSharp/wolfssl.vcxproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/AssemblyInfo.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.Designer.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.resx
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/X509.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/App.config
@@ -40,3 +43,7 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/App.config
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/Properties/AssemblyInfo.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/App.config
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h
new file mode 100644
index 000000000..21fb7b11c
--- /dev/null
+++ b/wrapper/CSharp/user_settings.h
@@ -0,0 +1,136 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* These are the build settings used by the Visual Studio CSharp wrapper */
+
+#ifndef _WIN_CSHARP_USER_SETTINGS_H_
+#define _WIN_CSHARP_USER_SETTINGS_H_
+
+/* Features */
+#define NO_OLD_TLS
+#define WOLFSSL_TLS13
+#define WOLFSSL_DTLS
+#define WOLFSSL_DTLS13
+#define WOLFSSL_SEND_HRR_COOKIE
+#define WOLFSSL_DTLS_CID
+#define HAVE_EXTENDED_MASTER
+#define HAVE_SECURE_RENEGOTIATION
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_TLS_EXTENSIONS
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ECC_ENCRYPT
+#define WOLFSSL_PUBLIC_MP
+#define NO_MULTIBYTE_PRINT
+#define WOLFSSL_KEY_GEN /* RSA key gen */
+#define WOLFSSL_ASN_TEMPLATE /* default */
+#define WOLFSSL_SHA3
+
+#if 0
+    #define OPENSSL_EXTRA
+#endif
+
+#define HAVE_CRL
+#if 0
+    /* start thread that can monitor CRL directory */
+    #define HAVE_CRL_MONITOR
+#endif
+
+/* Algorithms */
+#define HAVE_ED25519
+#define HAVE_CURVE25519
+
+#define HAVE_AESGCM
+#define WOLFSSL_AESGCM_STREAM
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+
+#define HAVE_HKDF
+
+#undef  NO_DH
+#define HAVE_PUBLIC_FFDHE
+#define HAVE_FFDHE_2048
+#define HAVE_FFDHE_4096
+
+#undef  NO_RSA
+#define WC_RSA_PSS
+#define WOLFSSL_PSS_LONG_SALT
+#define WC_RSA_BLINDING
+
+#define HAVE_ECC
+#define ECC_SHAMIR
+#define ECC_TIMING_RESISTANT
+#define HAVE_COMP_KEY
+
+/* Disable features */
+#define NO_PSK
+
+/* Disable Algorithms */
+#define NO_DES3
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+
+/* Math */
+
+/* Single Precision Support for RSA/DH 1024/2048/3072 and
+ * ECC P-256/P-384 */
+#define WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_RSA
+
+/* Optional Performance Speedups */
+#if 0
+    #ifdef _WIN64
+        /* Assembly speedups for SP math */
+        #define WOLFSSL_SP_X86_64_ASM
+
+        /* Support for RDSEED instruction */
+        #define HAVE_INTEL_RDSEED
+
+        /* AESNI on x64 */
+        #define WOLFSSL_AESNI
+
+        /* Intel ASM */
+        #define USE_INTEL_SPEEDUP
+        #define WOLFSSL_X86_64_BUILD
+
+        /* Old versions of MASM compiler do not recognize newer
+         * instructions. */
+        #if 0
+            #define NO_AVX2_SUPPORT
+            #define NO_MOVBE_SUPPORT
+        #endif
+    #endif
+#endif
+
+/* Debug logging */
+#if 1
+    #define DEBUG_WOLFSSL
+#else
+    /* #define NO_ERROR_STRINGS */
+#endif
+
+#endif /* !_WIN_CSHARP_USER_SETTINGS_H_ */
diff --git a/wrapper/CSharp/wolfCrypt-Test/App.config b/wrapper/CSharp/wolfCrypt-Test/App.config
new file mode 100644
index 000000000..4bfa00561
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
+    </startup>
+</configuration>
diff --git a/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..ed34d06a0
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("wolfCrypt-Test")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("wolfSSL")]
+[assembly: AssemblyProduct("wolfCrypt-Test")]
+[assembly: AssemblyCopyright("Copyright wolfSSL 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a4f4a244-1306-47f4-a168-31f78d7362fa")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
new file mode 100644
index 000000000..920015080
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
@@ -0,0 +1,920 @@
+/* wolfCrypt-Test.cs
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Tests for the wolfCrypt C# wrapper */
+
+using System;
+using System.Linq;
+using System.Text;
+using System.Security.Cryptography;
+using wolfSSL.CSharp;
+using System.Runtime.InteropServices;
+using static wolfSSL.CSharp.wolfcrypt;
+
+public class wolfCrypt_Test_CSharp
+{
+    private static void random_test()
+    {
+        int ret, i, zeroCount = 0;
+        Byte[] data = new Byte[128];
+
+        Console.WriteLine("Starting RNG test");
+
+        /* Random Test */
+        ret = wolfcrypt.Random(data, data.Length);
+        if (ret == 0)
+        {
+            /* Check for 0's */
+            for (i = 0; i < (int)data.Length; i++)
+            {
+                if (data[i] == 0)
+                {
+                    zeroCount++;
+                }
+            }
+            if (zeroCount == data.Length)
+            {
+                Console.WriteLine("RNG zero check error");
+            }
+            else
+            {
+                Console.WriteLine("RNG Test Passed");
+            }
+        }
+        else
+        {
+            Console.WriteLine("RNG Error" + wolfcrypt.GetError(ret));
+        }
+    } /* END random_test */
+
+    private static void ecc_test(string hashAlgorithm, int keySize)
+    {
+        int ret;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr PrivKey = IntPtr.Zero;
+        IntPtr PubKey = IntPtr.Zero;
+        IntPtr key = IntPtr.Zero;
+
+        Console.WriteLine("\nStarting ECC" + (keySize*8) + " test for " + hashAlgorithm + "...");
+
+        /* Create a new RNG context */
+        rng = wolfcrypt.RandomNew();
+        if (rng == IntPtr.Zero)
+        {
+            throw new Exception("RNG initialization failed.");
+        }
+
+        /* Generate ECC Key Pair */
+        Console.WriteLine("Testing ECC Key Generation...");
+        key = wolfcrypt.EccMakeKey(keySize, rng);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("EccMakeKey failed");
+        }
+        Console.WriteLine("ECC Key Generation test passed.");
+
+        /* Export and Import Key */
+        Console.WriteLine("Testing ECC Key Export and Import...");
+        byte[] privateKeyDer;
+        ret = wolfcrypt.EccExportPrivateKeyToDer(key, out privateKeyDer);
+        if (ret < 0) {
+            throw new Exception("ExportPrivateKeyToDer failed");
+        }
+        byte[] publicKeyDer;
+        ret = wolfcrypt.EccExportPublicKeyToDer(key, out publicKeyDer, true);
+        if (ret < 0) {
+            throw new Exception("ExportPublicKeyToDer failed");
+        }
+        PrivKey = wolfcrypt.EccImportKey(privateKeyDer);
+        if (PrivKey == IntPtr.Zero)
+        {
+            throw new Exception("EccImportKey Private failed");
+        }
+
+        PubKey = wolfcrypt.EccImportPublicKeyFromDer(publicKeyDer);
+        if (PubKey == IntPtr.Zero)
+        {
+            throw new Exception("ImportPublicKeyFromDer Public failed");
+        }
+        Console.WriteLine("ECC Key Export and Import test passed.");
+
+        /* Generate hash based on selected algorithm */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+        byte[] hash;
+
+        switch (hashAlgorithm.ToUpper())
+        {
+            case "SHA256":
+                using (SHA256 sha256 = SHA256.Create())
+                {
+                    hash = sha256.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA384":
+                using (SHA384 sha384 = SHA384.Create())
+                {
+                    hash = sha384.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA512":
+                using (SHA512 sha512 = SHA512.Create())
+                {
+                    hash = sha512.ComputeHash(dataToHash);
+                }
+                break;
+
+            default:
+                throw new Exception("Unsupported hash algorithm");
+        }
+        Console.WriteLine($"{hashAlgorithm} hash generated.");
+
+        /* Sign Data */
+        Console.WriteLine("Testing ECC Signature Creation...");
+        byte[] signature = new byte[wolfcrypt.ECC_MAX_SIG_SIZE];
+        int signLength = wolfcrypt.EccSign(PrivKey, hash, signature);
+        if (signLength <= 0)
+        {
+            throw new Exception("EccSign failed");
+        }
+
+        byte[] actualSignature = new byte[signLength];
+        Array.Copy(signature, 0, actualSignature, 0, signLength);
+
+        Console.WriteLine($"ECC Signature Creation test passed. Signature Length: {signLength}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing ECC Signature Verification...");
+        int verifyResult = wolfcrypt.EccVerify(PubKey, actualSignature, hash);
+        if (verifyResult != 0)
+        {
+            throw new Exception("EccVerify failed");
+        }
+        Console.WriteLine("ECC Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.EccFreeKey(key);
+        if (PubKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PubKey);
+        if (PrivKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PrivKey);
+        if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+    } /* END ecc_test */
+
+    private static void ecies_test(int keySize)
+    {
+        /* maximum encrypted message:
+         * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
+        int bufferSize = wolfcrypt.MAX_ECIES_TEST_SZ;
+        const string message = "Hello wolfSSL!";
+        byte[] salt = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
+
+        IntPtr a = IntPtr.Zero;
+        IntPtr b = IntPtr.Zero;
+        IntPtr aCtx = IntPtr.Zero;
+        IntPtr bCtx = IntPtr.Zero;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+
+        byte[] plaintext = new byte[bufferSize];
+        byte[] encrypted = new byte[bufferSize];
+        byte[] decrypted = new byte[bufferSize];
+
+        try
+        {
+            Console.WriteLine($"\nStarting ECIES test for {keySize} byte key size...");
+
+            /* Create a new RNG context */
+            rng = wolfcrypt.RandomNew();
+            if (rng == IntPtr.Zero)
+            {
+                throw new Exception("RNG initialization failed.");
+            }
+
+            /* Initialize keys */
+            a = wolfcrypt.EccMakeKey(keySize, rng);
+            b = wolfcrypt.EccMakeKey(keySize, rng);
+            if (a == IntPtr.Zero || b == IntPtr.Zero)
+            {
+                throw new Exception("Key generation failed.");
+            }
+            Console.WriteLine("ECC key generation passed.");
+
+            /* Create ECIES contexts for encryption and decryption */
+            aCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_CLIENT, rng, heap);
+            bCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_SERVER, rng, heap);
+            if (aCtx == IntPtr.Zero || bCtx == IntPtr.Zero)
+            {
+                throw new Exception("Context creation failed.");
+            }
+            Console.WriteLine("ECC context creation passed.");
+
+            /* Set KDF salt */
+            if (wolfcrypt.EciesSetKdfSalt(aCtx, salt) != 0 ||
+                wolfcrypt.EciesSetKdfSalt(bCtx, salt) != 0)
+            {
+                throw new Exception("Failed to set KDF salt.");
+            }
+            Console.WriteLine("KDF salt setup passed.");
+
+            /* Prepare plaintext */
+            Array.Clear(plaintext, 0, plaintext.Length);
+            Array.Copy(Encoding.ASCII.GetBytes(message), plaintext, message.Length);
+            /* Pad to block size */
+            int plaintextLen = ((message.Length + (wolfcrypt.AES_BLOCK_SIZE - 1)) /
+                                wolfcrypt.AES_BLOCK_SIZE) * wolfcrypt.AES_BLOCK_SIZE;
+
+            /* Encrypt message */
+            int ret = wolfcrypt.EciesEncrypt(a, b, plaintext, (uint)plaintextLen, encrypted, aCtx);
+            if (ret < 0)
+            {
+                throw new Exception("Encryption failed.");
+            }
+
+            int encryptedLen = ret;
+            Console.WriteLine("ECC encryption passed.");
+
+            /* Decrypt message */
+            ret = wolfcrypt.EciesDecrypt(b, a, encrypted, (uint)encryptedLen, decrypted, bCtx);
+            if (ret < 0)
+            {
+                throw new Exception("Decryption failed.");
+            }
+
+            int decryptedLen = ret;
+            Console.WriteLine("ECC decryption passed.");
+
+            /* Compare decrypted text to original plaintext */
+            if (decryptedLen != plaintextLen || !wolfcrypt.ByteArrayVerify(plaintext, decrypted))
+            {
+                throw new Exception("Decrypted text does not match original plaintext.");
+            }
+            Console.WriteLine("Decrypted text matches original plaintext.");
+        }
+        finally
+        {
+            /* Cleanup key and context */
+            if (a != IntPtr.Zero) wolfcrypt.EccFreeKey(a);
+            if (b != IntPtr.Zero) wolfcrypt.EccFreeKey(b);
+            if (aCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(aCtx);
+            if (bCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(bCtx);
+            if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+        }
+    } /* END ecies_test */
+
+    private static void ecdhe_test(int keySize)
+    {
+        int ret;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr keyA = IntPtr.Zero;
+        IntPtr keyB = IntPtr.Zero;
+        IntPtr publicKeyA = IntPtr.Zero;
+        IntPtr publicKeyB = IntPtr.Zero;
+        byte[] derKey;
+
+        Console.WriteLine("\nStarting ECDHE shared secret test for " + keySize + " key size...");
+
+        /* Create RNG */
+        Console.WriteLine("Generating RNG...");
+        rng = RandomNew();
+        if (rng == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate RNG.");
+        }
+        Console.WriteLine("RNG generation test passed.");
+
+        /* Generate Key Pair A */
+        Console.WriteLine("Generating Key Pair A...");
+        keyA = wolfcrypt.EccMakeKey(keySize, rng);
+        if (keyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair A.");
+        }
+
+        /* Generate Key Pair B */
+        Console.WriteLine("Generating Key Pair B...");
+        keyB = wolfcrypt.EccMakeKey(keySize, rng);
+        if (keyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair B.");
+        }
+        Console.WriteLine("ECC Key generation test passed.");
+
+        /* Export Public Key B to DER format */
+        Console.WriteLine("Exporting Public Key B to DER format...");
+        ret = wolfcrypt.EccExportPublicKeyToDer(keyB, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("EccExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key B from DER format */
+        Console.WriteLine("Decoding Public Key B from DER format...");
+        publicKeyB = wolfcrypt.EccImportPublicKeyFromDer(derKey);
+        if (publicKeyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key B from DER format.");
+        }
+        Console.WriteLine("ECC Export and Import test passed.");
+
+        /* Compute Shared Secret using Private Key A and Public Key B */
+        Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B...");
+        byte[] sharedSecretA = new byte[keySize];
+        int retA = wolfcrypt.EcdheSharedSecret(keyA, publicKeyB, sharedSecretA, rng);
+        if (retA != 0)
+        {
+            throw new Exception("Failed to compute shared secret A. Error code: " + retA);
+        }
+        Console.WriteLine("ECC shared secret created using private Key A.");
+
+        /* Export Public Key A to DER format */
+        Console.WriteLine("Exporting Public Key A to DER format...");
+        ret = wolfcrypt.EccExportPublicKeyToDer(keyA, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("EccExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key A from DER format */
+        Console.WriteLine("Decoding Public Key A from DER format...");
+        publicKeyA = wolfcrypt.EccImportPublicKeyFromDer(derKey);
+        if (publicKeyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key A from DER format.");
+        }
+
+        /* Compute Shared Secret using Private Key B and Public Key A */
+        Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A...");
+        byte[] sharedSecretB = new byte[keySize];
+        int retB = wolfcrypt.EcdheSharedSecret(keyB, publicKeyA, sharedSecretB, rng);
+        if (retB != 0)
+        {
+            throw new Exception("Failed to compute shared secret B. Error code: " + retB);
+        }
+        Console.WriteLine("ECC shared secret created using private Key B.");
+
+        /* Compare Shared Secrets */
+        Console.WriteLine("Comparing Shared Secrets...");
+        if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB))
+        {
+            throw new Exception("Shared secrets do not match.");
+        }
+        else
+        {
+            Console.WriteLine("ECC shared secret match.");
+        }
+
+        /* Cleanup */
+        if (keyA != IntPtr.Zero) wolfcrypt.EccFreeKey(keyA);
+        if (keyB != IntPtr.Zero) wolfcrypt.EccFreeKey(keyB);
+        if (publicKeyA != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyA);
+        if (publicKeyB != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyB);
+        if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+    } /* END ecdhe_test */
+
+    private static void rsa_test(string hashAlgorithm, int keySize)
+    {
+        IntPtr key = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        Console.WriteLine("\nStarting RSA" + keySize + " test for " + hashAlgorithm + "...");
+
+        /* Generate RSA Key Pair */
+        Console.WriteLine("Testing RSA Key Generation...");
+        key = wolfcrypt.RsaMakeKey(heap, devId, keySize);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("RsaMakeKey failed");
+        }
+        Console.WriteLine("RSA Key Generation test passed.");
+
+        /* Generate hash based on selected algorithm */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+        byte[] hash;
+
+        switch (hashAlgorithm.ToUpper())
+        {
+            case "SHA256":
+                using (SHA256 sha256 = SHA256.Create())
+                {
+                    hash = sha256.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA384":
+                using (SHA384 sha384 = SHA384.Create())
+                {
+                    hash = sha384.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA512":
+                using (SHA512 sha512 = SHA512.Create())
+                {
+                    hash = sha512.ComputeHash(dataToHash);
+                }
+                break;
+
+            default:
+                throw new Exception("Unsupported hash algorithm");
+        }
+        Console.WriteLine($"{hashAlgorithm} hash generated.");
+
+        /* Sign Data */
+        Console.WriteLine("Testing RSA Signature Creation...");
+        byte[] signature = new byte[keySize / 8];
+        int signLength = wolfcrypt.RsaSignSSL(key, hash, signature);
+        if (signLength <= 0)
+        {
+            throw new Exception("RsaSignSSL failed");
+        }
+
+        byte[] actualSignature = new byte[signLength];
+        Array.Copy(signature, 0, actualSignature, 0, signLength);
+
+        Console.WriteLine($"RSA Signature Creation test passed. Signature Length: {signLength}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing RSA Signature Verification...");
+        int verifyResult = wolfcrypt.RsaVerifySSL(key, actualSignature, hash);
+        if (verifyResult != 0)
+        {
+            throw new Exception("RsaVerifySSL failed");
+        }
+        Console.WriteLine("RSA Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.RsaFreeKey(key);
+    } /* END rsa_test */
+
+    private static void ed25519_test()
+    {
+        int ret;
+        IntPtr key = IntPtr.Zero;
+        byte[] privKey;
+        byte[] pubKey;
+
+        Console.WriteLine("\nStarting ED25519 tests...");
+
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        /* Generate ED25519 Key Pair */
+        Console.WriteLine("Testing ED25519 Key Generation...");
+        key = wolfcrypt.Ed25519MakeKey(heap, devId);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519MakeKey failed");
+        }
+        Console.WriteLine("ED25519 Key Generation test passed.");
+
+        /* Export and Import Key */
+        Console.WriteLine("Testing ED25519 Key Export and Import...");
+        /* Export Private */
+        ret = wolfcrypt.Ed25519ExportKeyToDer(key, out privKey);
+        if (ret < 0 || privKey == null)
+        {
+            throw new Exception("Ed25519ExportKeyToDer failed");
+        }
+        /* Export Public */
+        ret = wolfcrypt.Ed25519ExportPublicKeyToDer(key, out pubKey, true);
+        if (ret < 0 || pubKey == null)
+        {
+            throw new Exception("Ed25519ExportKeyToDer failed");
+        }
+        /* Import Private */
+        IntPtr importedPrivKey = wolfcrypt.Ed25519PrivateKeyDecode(privKey);
+        if (importedPrivKey == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519PrivateKeyDecode failed");
+        }
+        /* Import Public */
+        IntPtr importedPubKey = wolfcrypt.Ed25519PublicKeyDecode(pubKey);
+        if (importedPubKey == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519PublicKeyDecode failed");
+        }
+        Console.WriteLine("ED25519 Key Export and Import test passed.");
+
+        /* Generate a hash */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+
+        /* Sign Data */
+        Console.WriteLine("Testing ED25519 Signature Creation...");
+        byte[] signature;
+
+        ret = wolfcrypt.Ed25519SignMsg(dataToHash, out signature, key);
+        if (ret != 0)
+        {
+            throw new Exception("Ed25519SignMsg failed");
+        }
+        Console.WriteLine($"ED25519 Signature Creation test passed. Signature Length: {signature.Length}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing ED25519 Signature Verification...");
+        ret = wolfcrypt.Ed25519VerifyMsg(signature, dataToHash, key);
+        if (ret != 0)
+        {
+            throw new Exception("Ed25519VerifyMsg failed");
+        }
+        Console.WriteLine("ED25519 Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.Ed25519FreeKey(key);
+    } /* END ed25519_test */
+
+    private static void curve25519_test()
+    {
+        int ret;
+        IntPtr keyA = IntPtr.Zero;
+        IntPtr keyB = IntPtr.Zero;
+        IntPtr publicKeyA = IntPtr.Zero;
+        IntPtr publicKeyB = IntPtr.Zero;
+        byte[] derKey;
+
+        Console.WriteLine("\nStarting Curve25519 shared secret test...");
+
+        /* Generate Key Pair A */
+        Console.WriteLine("Generating Key Pair A...");
+        keyA = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0);
+        if (keyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair A.");
+        }
+
+        /* Generate Key Pair B */
+        Console.WriteLine("Generating Key Pair B...");
+        keyB = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0);
+        if (keyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair B.");
+        }
+        Console.WriteLine("Curve25519 Key generation test passed.");
+
+        /* Export Public Key B to DER format */
+        Console.WriteLine("Exporting Public Key B to DER format...");
+        ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyB, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("Curve25519ExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key B from DER format */
+        Console.WriteLine("Decoding Public Key B from DER format...");
+        publicKeyB = wolfcrypt.Curve25519PublicKeyDecode(derKey);
+        if (publicKeyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key B from DER format.");
+        }
+        Console.WriteLine("Curve25519 Export and Import test passed.");
+
+        /* Compute Shared Secret using Private Key A and Public Key B */
+        Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B...");
+        byte[] sharedSecretA = new byte[wolfcrypt.ED25519_KEY_SIZE];
+        int retA = wolfcrypt.Curve25519SharedSecret(keyA, publicKeyB, sharedSecretA);
+        if (retA != 0)
+        {
+            throw new Exception("Failed to compute shared secret A. Error code: " + retA);
+        }
+        Console.WriteLine("Curve25519 shared secret created using private Key A.");
+
+        /* Export Public Key A to DER format */
+        Console.WriteLine("Exporting Public Key A to DER format...");
+        ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyA, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("Curve25519ExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key A from DER format */
+        Console.WriteLine("Decoding Public Key A from DER format...");
+        publicKeyA = wolfcrypt.Curve25519PublicKeyDecode(derKey);
+        if (publicKeyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key A from DER format.");
+        }
+
+        /* Compute Shared Secret using Private Key B and Public Key A */
+        Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A...");
+        byte[] sharedSecretB = new byte[wolfcrypt.ED25519_KEY_SIZE];
+        int retB = wolfcrypt.Curve25519SharedSecret(keyB, publicKeyA, sharedSecretB);
+        if (retB != 0)
+        {
+            throw new Exception("Failed to compute shared secret B. Error code: " + retB);
+        }
+        Console.WriteLine("Curve25519 shared secret created using private Key B.");
+
+        /* Compare Shared Secrets */
+        Console.WriteLine("Comparing Shared Secrets...");
+        if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB))
+        {
+            throw new Exception("Shared secrets do not match.");
+        }
+        else
+        {
+            Console.WriteLine("Curve25519 shared secret match.");
+        }
+
+        /* Cleanup */
+        if (keyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyA);
+        if (keyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyB);
+        if (publicKeyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyA);
+        if (publicKeyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyB);
+    } /* END curve25519_test */
+
+    private static void aes_gcm_test()
+    {
+        IntPtr aes = IntPtr.Zero;
+        byte[] key;
+        byte[] iv;
+        byte[] plaintext;
+        byte[] ciphertext;
+        byte[] addAuth;
+        byte[] authTag;
+        byte[] decrypted;
+        int ret;
+
+        try
+        {
+            Console.WriteLine("\nStarting AES-GCM tests...");
+
+            IntPtr heap = IntPtr.Zero;
+            int devId = wolfcrypt.INVALID_DEVID;
+
+            /* Initialize AES-GCM Context */
+            Console.WriteLine("Testing AES-GCM Initialization...");
+
+            /*
+             * This is from the Test Case 16 from the document Galois/
+             * Counter Mode of Operation (GCM) by McGrew and
+             * Viega.
+             */
+
+            key = new byte[32]
+            {
+                0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+                0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+                0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+                0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+            };
+
+            iv = new byte[12]
+            {
+                0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+                0xde, 0xca, 0xf8, 0x88
+            };
+
+            plaintext = new byte[]
+            {
+                0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+                0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+                0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+                0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+                0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+                0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+                0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+                0xba, 0x63, 0x7b, 0x39
+            };
+
+
+            ciphertext = new byte[]
+            {
+                0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+                0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+                0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+                0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+                0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+                0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+                0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+                0xbc, 0xc9, 0xf6, 0x62
+            };
+
+            addAuth = new byte[]
+            {
+                0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+                0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+                0xab, 0xad, 0xda, 0xd2
+            };
+
+            authTag = new byte[16];
+
+            aes = wolfcrypt.AesNew(heap, devId);
+            if (aes == IntPtr.Zero)
+            {
+                throw new Exception($"AesNew failed with error code {aes}");
+            }
+            Console.WriteLine("AesNew test passed.");
+
+            /* Set AES-GCM Key */
+            Console.WriteLine("Testing AES-GCM Key Setting...");
+            uint len = (uint)key.Length;
+            ret = wolfcrypt.AesGcmSetKey(aes, key);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmSetKey failed with error code {ret}");
+            }
+            Console.WriteLine("AES-GCM Key Setting test passed.");
+
+            /* Encryption */
+            Console.WriteLine("Testing AES-GCM Encryption...");
+            ret = wolfcrypt.AesGcmEncrypt(aes, iv, plaintext, ciphertext, authTag, addAuth);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmEncrypt failed with error code {ret}");
+            }
+            Console.WriteLine($"AES-GCM Encryption test passed. Ciphertext Length: {ciphertext.Length}");
+
+            /* Decryption */
+            Console.WriteLine("Testing AES-GCM Decryption...");
+            decrypted = new byte[plaintext.Length];
+
+            ret = wolfcrypt.AesGcmDecrypt(aes, iv, ciphertext, decrypted, authTag, addAuth);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmDecrypt failed with error code {ret}");
+            }
+
+            /* Verify Decryption */
+            if (!plaintext.SequenceEqual(decrypted))
+            {
+                throw new Exception("Decryption failed: decrypted data does not match original plaintext.");
+            }
+            Console.WriteLine("AES-GCM Decryption test passed.");
+
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"AES-GCM test failed: {ex.Message}");
+        }
+        finally
+        {
+            /* Cleanup */
+            if (aes != IntPtr.Zero)
+            {
+                wolfcrypt.AesGcmFree(aes);
+            }
+        }
+    } /* END aes_gcm_test */
+
+    private static void hash_test(uint hashType)
+    {
+        IntPtr hash = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        /* Get the enum name */
+        string hashTypeName = Enum.GetName(typeof(wolfcrypt.hashType), hashType);
+
+        Console.WriteLine($"\nStarting hash test for {hashTypeName}...");
+
+        /* Allocate new hash context */
+        Console.WriteLine("Testing hash context allocation...");
+        hash = wolfcrypt.HashNew(hashType, heap, devId);
+        if (hash == IntPtr.Zero)
+        {
+            Console.WriteLine($"HashNew failed for {hashTypeName}");
+            return;
+        }
+        Console.WriteLine("Hash context allocation test passed.");
+
+        /* Initialize the hash context with the specified hash type */
+        Console.WriteLine("Testing hash initialization...");
+        int initResult = wolfcrypt.InitHash(hash, hashType);
+        if (initResult != 0)
+        {
+            Console.WriteLine($"InitHash failed for {hashTypeName}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine("Hash initialization test passed.");
+
+        /* Update the hash with data */
+        byte[] dataToHash = Encoding.UTF8.GetBytes("This is some data to hash");
+        Console.WriteLine("Testing hash update...");
+        int updateResult = wolfcrypt.HashUpdate(hash, hashType, dataToHash);
+        if (updateResult != 0)
+        {
+            Console.WriteLine($"HashUpdate failed for {hashTypeName}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine("Hash update test passed.");
+
+        /* Finalize the hash and get the result */
+        Console.WriteLine("Testing hash finalization...");
+        byte[] hashOutput;
+        int finalResult = wolfcrypt.HashFinal(hash, hashType, out hashOutput);
+        if (finalResult != 0)
+        {
+            Console.WriteLine($"HashFinal failed for {hashType}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine($"Hash finalization test passed for {hashTypeName}. Hash Length: {hashOutput.Length}");
+
+        /* Output the hash result */
+        Console.WriteLine($"Hash Output ({hashTypeName}): {BitConverter.ToString(hashOutput).Replace("-", "")}");
+
+        /* Cleanup */
+        Console.WriteLine("Testing hash cleanup...");
+        int freeResult = wolfcrypt.HashFree(hash, hashType);
+        if (freeResult != 0)
+        {
+            Console.WriteLine($"HashFree failed for {hashTypeName}");
+        }
+        else
+        {
+            Console.WriteLine("Hash cleanup test passed.");
+        }
+    } /* END hash_test */
+
+    public static void standard_log(int lvl, StringBuilder msg)
+    {
+        Console.WriteLine(msg);
+    }
+
+    public static void Main(string[] args)
+    {
+        try
+        {
+            Console.WriteLine("Starting Cryptographic Tests...\n");
+
+            wolfcrypt.Init();
+
+            /* setup logging to stdout */
+            wolfcrypt.SetLogging(standard_log);
+
+            random_test();
+
+            Console.WriteLine("\nStarting ECC tests");
+
+            ecc_test("SHA256", 32); /* Uses SHA-256 (32 byte hash) */
+            ecc_test("SHA384", 32); /* Uses SHA-384 (32 byte hash) */
+            ecc_test("SHA512", 32); /* Uses SHA-512 (32 byte hash) */
+
+            Console.WriteLine("\nStarting ECIES tests");
+
+            ecies_test(32); /* ECIES test (32 byte key size) */
+            ecies_test(48); /* ECIES test (48 byte key size) */
+            ecies_test(66); /* ECIES test (66 byte key size) */
+
+            Console.WriteLine("\nStarting ECDHE tests");
+
+            ecdhe_test(32); /* ECDHE shared secret test (32 byte key size) */
+            ecdhe_test(48); /* ECDHE shared secret test (48 byte key size) */
+            ecdhe_test(66); /* ECDHE shared secret test (66 byte key size) */
+
+            Console.WriteLine("\nStarting RSA tests");
+
+            rsa_test("SHA256", 2048); /* Uses SHA-256 (2048 bit hash) */
+            rsa_test("SHA384", 2048); /* Uses SHA-384 (2048 bit hash) */
+            rsa_test("SHA512", 2048); /* Uses SHA-512 (2048 bit hash) */
+
+            Console.WriteLine("\nStarting ED25519 test");
+
+            ed25519_test(); /* ED25519 test */
+
+            Console.WriteLine("\nStarting curve25519 test");
+
+            curve25519_test(); /* curve25519 shared secret test */
+
+            Console.WriteLine("\nStarting AES-GCM test");
+
+            aes_gcm_test(); /* AES_GCM test */
+
+            Console.WriteLine("\nStarting HASH tests");
+
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA256); /* SHA-256 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA384); /* SHA-384 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA512); /* SHA-512 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA3_256); /* SHA3_256 HASH test */
+
+            wolfcrypt.Cleanup();
+
+            Console.WriteLine("\nAll tests completed successfully");
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"An error occurred: {ex.Message}");
+            Environment.Exit(-1);
+        }
+    }
+}
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
new file mode 100644
index 000000000..647d7ce7b
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{A4F4A244-1306-47F4-A168-31F78D7362FA}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>wolfCrypt_Test</RootNamespace>
+    <AssemblyName>wolfCrypt-Test</AssemblyName>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <PublishUrl>publish\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>0</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>3</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup>
+    <StartupObject />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <WarningLevel>4</WarningLevel>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="wolfCrypt-test.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\wolfSSL_CSharp\wolfSSL_CSharp.csproj">
+      <Project>{52609808-0418-46d3-8e17-141927a1a39a}</Project>
+      <Name>wolfSSL_CSharp</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.5">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.5 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Client.3.5">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1 Client Profile</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <PropertyGroup>
+    <PreBuildEvent>
+    </PreBuildEvent>
+  </PropertyGroup>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
index 6aa9aa542..eaf9c85b4 100644
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-DTLS-PSK-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -78,9 +78,14 @@ public class wolfSSL_DTLS_PSK_Server
         IntPtr ssl;
 
         /* These paths should be changed according to use */
-        string fileCert = @"server-cert.pem";
-        string fileKey = @"server-key.pem";
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        string fileCert = wolfssl.setPath("server-cert.pem");
+        string fileKey = wolfssl.setPath("server-key.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported");
+            return;
+        }
 
         wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb);
 
@@ -106,6 +111,12 @@ public class wolfSSL_DTLS_PSK_Server
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
 
         if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
         {
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
index 9af7a1f42..5bf4e8c8e 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_DTLS_PSK_Server</RootNamespace>
     <AssemblyName>wolfSSL-DTLS-PSK-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
index fcbfe6922..ba3075eb1 100644
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-DTLS-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,9 +58,14 @@ public class wolfSSL_DTLS_Server
         IntPtr ssl;
 
         /* These paths should be changed for use */
-        string fileCert = @"server-cert.pem";
-        string fileKey = @"server-key.pem";
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        string fileCert = wolfssl.setPath("server-cert.pem");
+        string fileKey = wolfssl.setPath(@"server-key.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported");
+            return;
+        }
 
         StringBuilder buff = new StringBuilder(1024);
         StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
@@ -87,6 +92,12 @@ public class wolfSSL_DTLS_Server
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
 
         if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
         {
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
index 1c9eb2b12..e0c4a57ea 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_DTLS_Server</RootNamespace>
     <AssemblyName>wolfSSL-DTLS-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -43,7 +44,7 @@
     <WarningLevel>0</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
index ac91a9795..d1edcbcd3 100644
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-Example-IOCallbacks.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -214,12 +214,17 @@ class wolfSSL_Example_IOCallbacks
         IntPtr ssl;
         Socket fd;
 
-        wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb);
         wolfssl.CallbackVerify_delegate verify_cb = new wolfssl.CallbackVerify_delegate(my_verify_cb);
 
         /* These paths should be changed according to use */
-        string fileCert = @"server-cert.pem";
-        string fileKey = @"server-key.pem";
+        string fileCert = wolfssl.setPath("server-cert.pem");
+        string fileKey = wolfssl.setPath("server-key.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported");
+            return;
+        }
 
         StringBuilder buff = new StringBuilder(1024);
         StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
@@ -242,6 +247,12 @@ class wolfSSL_Example_IOCallbacks
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
         if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
         {
             Console.WriteLine("Error in setting cert file");
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
index 4e6dae1a6..dc57d74f3 100755
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_Example_IOCallbacks</RootNamespace>
     <AssemblyName>wolfSSL-Example-IOCallbacks</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/App.config b/wrapper/CSharp/wolfSSL-TLS-Client/App.config
index f3ec453d9..8a99d30db 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
index a12c5f599..d327b6534 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-Client.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,7 +19,6 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
 using System;
 using System.Runtime.InteropServices;
 using System.Text;
@@ -60,15 +59,39 @@ public class wolfSSL_TLS_Client
         return preverify;
     }
 
+    /// <summary>
+    /// Checks if the SNI option was enabled via command line.
+    /// Must be enabled with ./configure --enable-sni when configuring
+    /// wolfSSL.
+    /// <param name="args">Parameters passed via command line</param>
+    /// </summary>
+    private static int haveSNI(string[] args)
+    {
+        for (int i = 0; i < args.Length; i++) {
+            if (args[i] == "-S") {
+                Console.WriteLine("SNI IS ON");
+                return i+1;
+            }
+        }
+        Console.WriteLine("SNI IS OFF");
+        return -1;
+    }
+
     public static void Main(string[] args)
     {
         IntPtr ctx;
         IntPtr ssl;
         Socket tcp;
+        IntPtr sniHostName;
 
         /* These paths should be changed for use */
-        string caCert = @"ca-cert.pem";
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        string caCert = wolfssl.setPath("ca-cert.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (caCert == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported.");
+            return; 
+        }
 
         StringBuilder buff = new StringBuilder(1024);
         StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
@@ -78,7 +101,6 @@ public class wolfSSL_TLS_Client
 
         wolfssl.Init();
 
-
         Console.WriteLine("Calling ctx Init from wolfSSL");
         ctx = wolfssl.CTX_new(wolfssl.usev23_client());
         if (ctx == IntPtr.Zero)
@@ -96,11 +118,34 @@ public class wolfSSL_TLS_Client
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
 
         if (wolfssl.CTX_load_verify_locations(ctx, caCert, null)
             != wolfssl.SUCCESS)
         {
             Console.WriteLine("Error loading CA cert");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
+        int sniArg = haveSNI(args);
+        if (sniArg >= 0) 
+        {
+            string sniHostNameString = args[sniArg].Trim();
+            sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString);
+
+            ushort size = (ushort)sniHostNameString.Length;
+
+           if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS) 
+           {
+               Console.WriteLine("UseSNI failed");
+               wolfssl.CTX_free(ctx);
+               return;
+           }
         }
 
         StringBuilder ciphers = new StringBuilder(new String(' ', 4096));
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
index 3a3d175e4..7afffb9d4 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_Client</RootNamespace>
     <AssemblyName>wolfSSL-TLS-Client</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
index cdc3ef7ca..495e9f1b3 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-PSK-Client.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -82,7 +82,11 @@ public class wolfSSL_TLS_PSK_Client
 
         wolfssl.psk_client_delegate psk_cb = new wolfssl.psk_client_delegate(my_psk_client_cb);
 
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+        if (dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported");
+            return;
+        }
 
         StringBuilder buff = new StringBuilder(1024);
         StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# client psk wrapper");
@@ -157,6 +161,12 @@ public class wolfSSL_TLS_PSK_Client
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
         wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM);
 
         if (wolfssl.connect(ssl) != wolfssl.SUCCESS)
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
index b2113d6ae..5c3e77e47 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
@@ -33,7 +33,7 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -42,14 +42,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -58,7 +58,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
index a46dbd594..71c7b7493 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-PSK-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -80,9 +80,14 @@ public class wolfSSL_TLS_PSK_Server
         wolfssl.psk_delegate psk_cb = new wolfssl.psk_delegate(my_psk_server_cb);
 
         /* These paths should be changed according to use */
-        string fileCert = @"server-cert.pem";
-        string fileKey = @"server-key.pem";
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        string fileCert = wolfssl.setPath("server-cert.pem");
+        string fileKey = wolfssl.setPath("server-key.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported");
+            return;
+        }
 
         StringBuilder buff = new StringBuilder(1024);
         StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
@@ -105,6 +110,12 @@ public class wolfSSL_TLS_PSK_Server
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
         if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
         {
             Console.WriteLine("Error in setting cert file");
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
index dab61d537..1f31752ec 100755
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_PSK_Server</RootNamespace>
     <AssemblyName>wolfSSL-TLS-PSK-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-TLS-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
index 12217dc07..79d4234f2 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-Server.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,6 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-
 using System;
 using System.Runtime.InteropServices;
 using System.Text;
@@ -50,17 +47,55 @@ public class wolfSSL_TLS_CSHarp
         wolfssl.Cleanup();
     }
 
+    /// <summary>
+    /// Checks if the SNI option was enabled via command line.
+    /// Must be enabled with ./configure --enable-sni when configuring
+    /// wolfSSL.
+    /// <param name="args">Parameters passed via command line</param>
+    /// </summary>
+    private static bool haveSNI(string[] args)
+    {
+        bool sniON = false;
+        for (int i = 0; i < args.Length; i++) {
+            if (args[i] == "-S") {
+                sniON = true;
+                break;
+            }
+        }
+        Console.WriteLine("SNI IS: " + sniON);
+        return sniON;
+    }
+
+    /// <summary>
+    /// Example of a SNI function call back
+    /// </summary>
+    /// <param name="ssl">pointer to ssl structure</param>
+    /// <param name="ret">alert code</param>
+    /// <param name="exArg">context arg, can be set with the function wolfssl.CTX_set_servername_arg</param>
+    /// <returns></returns>
+    public static int my_sni_server_cb(IntPtr ssl, IntPtr ret, IntPtr exArg) {
+        /* Trivial callback just for testing */
+        Console.WriteLine("my sni server callback");
+
+        return 0;
+    }
 
     public static void Main(string[] args)
     {
         IntPtr ctx;
         IntPtr ssl;
         Socket fd;
+        IntPtr arg_sni;
 
         /* These paths should be changed for use */
-        string fileCert = @"server-cert.pem";
-        string fileKey = @"server-key.pem";
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        string fileCert = wolfssl.setPath("server-cert.pem");
+        string fileKey = wolfssl.setPath("server-key.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported.");
+            return;
+        }
 
         StringBuilder buff = new StringBuilder(1024);
         StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
@@ -70,7 +105,6 @@ public class wolfSSL_TLS_CSHarp
 
         wolfssl.Init();
 
-
         Console.WriteLine("Calling ctx Init from wolfSSL");
         ctx = wolfssl.CTX_new(wolfssl.usev23_server());
         if (ctx == IntPtr.Zero)
@@ -87,6 +121,12 @@ public class wolfSSL_TLS_CSHarp
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
         if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
         {
             Console.WriteLine("Error in setting cert file");
@@ -101,7 +141,6 @@ public class wolfSSL_TLS_CSHarp
             return;
         }
 
-
         StringBuilder ciphers = new StringBuilder(new String(' ', 4096));
         wolfssl.get_ciphers(ciphers, 4096);
         Console.WriteLine("Ciphers : " + ciphers.ToString());
@@ -116,6 +155,7 @@ public class wolfSSL_TLS_CSHarp
 
         Console.WriteLine("Started TCP and waiting for a connection");
         fd = tcp.AcceptSocket();
+
         ssl = wolfssl.new_ssl(ctx);
         if (ssl == IntPtr.Zero)
         {
@@ -124,6 +164,23 @@ public class wolfSSL_TLS_CSHarp
             return;
         }
 
+        if (haveSNI(args)) 
+        {
+           // Allocating memory and setting SNI arg
+           int test_value = 32;
+           arg_sni = Marshal.AllocHGlobal(sizeof(int));
+           Marshal.WriteInt32(arg_sni, test_value);
+           if (wolfssl.CTX_set_servername_arg(ctx, arg_sni) == wolfssl.FAILURE) {
+               Console.WriteLine("wolfssl.CTX_set_servername_arg failed");
+               wolfssl.CTX_free(ctx);
+               return;
+           }
+
+           // Setting SNI delegate
+           wolfssl.sni_delegate sni_cb  = new wolfssl.sni_delegate(my_sni_server_cb);
+           wolfssl.CTX_set_servername_callback(ctx, sni_cb);
+        }
+
         Console.WriteLine("Connection made wolfSSL_accept ");
         if (wolfssl.set_fd(ssl, fd) != wolfssl.SUCCESS)
         {
@@ -134,7 +191,14 @@ public class wolfSSL_TLS_CSHarp
             return;
         }
 
-        wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM);
+        if (wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
+        {
+            Console.WriteLine("Error in setting dh2048Pem");
+            Console.WriteLine(wolfssl.get_error(ssl));
+            tcp.Stop();
+            clean(ssl, ctx);
+            return;
+        }
 
         if (wolfssl.accept(ssl) != wolfssl.SUCCESS)
         {
@@ -145,6 +209,16 @@ public class wolfSSL_TLS_CSHarp
             return;
         }
 
+        /* get and print sni used by the client */
+        if (haveSNI(args)) {
+            IntPtr data = IntPtr.Zero;
+
+            ushort size = wolfssl.SNI_GetRequest(ssl, 0, ref data);
+            string dataStr = Marshal.PtrToStringAnsi(data);
+            Console.WriteLine("(SNI_GetRequest) Size of SNI used by client: " + size);
+            Console.WriteLine("(SNI_GetRequest) SNI used by client: " + dataStr);
+        }
+
         /* print out results of TLS/SSL accept */
         Console.WriteLine("SSL version is " + wolfssl.get_version(ssl));
         Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl));
@@ -159,6 +233,45 @@ public class wolfSSL_TLS_CSHarp
         }
         Console.WriteLine(buff);
 
+        /* get and print sni from a sample buffer, can be used by using the raw client hello */
+        if (haveSNI(args)) {
+            IntPtr result = Marshal.AllocHGlobal(32);
+            IntPtr inOutSz = Marshal.AllocHGlobal(sizeof(int));
+            Marshal.WriteInt32(inOutSz, 32);
+            byte []buffer = { /* from TextMate website client hello example */
+                0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
+                0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
+                0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
+                0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
+                0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
+                0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
+                0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
+                0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
+                0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
+                0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
+                0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
+                0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
+                0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
+                0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
+                0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
+                0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
+                0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
+            };
+
+            int ret = wolfssl.SNI_GetFromBuffer(buffer, 1024, 0, result, inOutSz); 
+            
+            if (ret != wolfssl.SUCCESS) {
+                Console.WriteLine("Error on reading SNI from buffer, ret value = " + ret);
+                tcp.Stop();
+                clean(ssl, ctx);
+                return;
+            }
+
+            string resultStr = Marshal.PtrToStringAnsi(result);
+            Console.WriteLine("(SNI_GetFromBuffer) SNI used by client: " + resultStr);
+
+        }
+
         if (wolfssl.write(ssl, reply, reply.Length) != reply.Length)
         {
             Console.WriteLine("Error in write");
@@ -170,6 +283,7 @@ public class wolfSSL_TLS_CSHarp
         wolfssl.shutdown(ssl);
         fd.Close();
         tcp.Stop();
+
         clean(ssl, ctx);
     }
 }
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
index 35f8b0666..1cc073e83 100755
--- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_Server</RootNamespace>
     <AssemblyName>wolfSSL-TLS-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
index 49c50e046..8a99d30db 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
index e83784e1f..c2de6336f 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-ServerThreaded.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -116,9 +116,14 @@ public class wolfSSL_TLS_ServerThreaded
         IntPtr ctx;
 
         /* These paths should be changed for use */
-        string fileCert = @"server-cert.pem";
-        string fileKey = @"server-key.pem";
-        StringBuilder dhparam = new StringBuilder("dh2048.pem");
+        string fileCert = wolfssl.setPath("server-cert.pem");
+        string fileKey = wolfssl.setPath("server-key.pem");
+        StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
+
+        if (fileCert == "" || fileKey == "" || dhparam.Length == 0) {
+            Console.WriteLine("Platform not supported");
+            return;
+        }
 
         /* example of function used for setting logging */
         wolfssl.SetLogging(standard_log);
@@ -140,6 +145,12 @@ public class wolfSSL_TLS_ServerThreaded
             return;
         }
 
+        if (!File.Exists(dhparam.ToString())) {
+            Console.WriteLine("Could not find dh file");
+            wolfssl.CTX_free(ctx);
+            return;
+        }
+
         if (wolfssl.CTX_use_certificate_file(ctx, fileCert, wolfssl.SSL_FILETYPE_PEM) != wolfssl.SUCCESS)
         {
             Console.WriteLine("Error in setting cert file");
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
index 7c47cf557..f1468d14f 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_ServerThreaded</RootNamespace>
     <AssemblyName>wolfSSL-TLS-ServerThreaded</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL_CSharp.sln b/wrapper/CSharp/wolfSSL_CSharp.sln
index a4898062a..48e170a48 100644
--- a/wrapper/CSharp/wolfSSL_CSharp.sln
+++ b/wrapper/CSharp/wolfSSL_CSharp.sln
@@ -1,9 +1,11 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2012
+# Visual Studio Version 17
+VisualStudioVersion = 17.6.33815.320
+MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL_CSharp", "wolfSSL_CSharp\wolfSSL_CSharp.csproj", "{52609808-0418-46D3-8E17-141927A1A39A}"
 	ProjectSection(ProjectDependencies) = postProject
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
+		{67932048-D67E-4C86-B55F-90899B9BDA64} = {67932048-D67E-4C86-B55F-90899B9BDA64}
 	EndProjectSection
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-Server", "wolfSSL-TLS-Server\wolfSSL-TLS-Server.csproj", "{8921AD35-4E62-4DAC-8FEE-8C9F8E57DDD2}"
@@ -17,11 +19,7 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-DTLS-PSK-Server", "
 		{52609808-0418-46D3-8E17-141927A1A39A} = {52609808-0418-46D3-8E17-141927A1A39A}
 	EndProjectSection
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfSSL", "wolfSSL", "{252D09D0-D007-4AEB-9F7A-A74408039A8A}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "..\..\testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{67932048-D67E-4C86-B55F-90899B9BDA64}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-Example-IOCallbacks", "wolfSSL-Example-IOCallbacks\wolfSSL-Example-IOCallbacks.csproj", "{E2415718-0A15-48DB-A774-01FB0093B626}"
 EndProject
@@ -31,6 +29,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-ServerThreaded"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-PSK-Client", "wolfSSL-TLS-PSK-Client\wolfSSL-TLS-PSK-Client.csproj", "{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfCrypt-Test", "wolfCrypt-Test\wolfCrypt-Test.csproj", "{A4F4A244-1306-47F4-A168-31F78D7362FA}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -162,58 +162,35 @@ Global
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.ActiveCfg = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.Build.0 = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.Build.0 = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.ActiveCfg = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.Build.0 = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.ActiveCfg = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.Build.0 = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.ActiveCfg = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.Build.0 = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.ActiveCfg = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.Build.0 = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.ActiveCfg = Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.Build.0 = Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.ActiveCfg = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.Build.0 = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.Build.0 = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.ActiveCfg = Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.Build.0 = Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.ActiveCfg = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.Build.0 = DLL Release|x64
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Win32.ActiveCfg = Debug|Any CPU
@@ -310,14 +287,34 @@ Global
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|Win32.Build.0 = Release|Any CPU
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.ActiveCfg = Release|x64
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.Build.0 = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.ActiveCfg = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.Build.0 = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.Build.0 = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.ActiveCfg = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.Build.0 = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.ActiveCfg = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-	GlobalSection(NestedProjects) = preSolution
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {252D09D0-D007-4AEB-9F7A-A74408039A8A}
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80} = {252D09D0-D007-4AEB-9F7A-A74408039A8A}
-	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {63D316F8-C4EE-449A-B9A6-FC673C4D5D31}
 	EndGlobalSection
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
new file mode 100644
index 000000000..c5249d1f3
--- /dev/null
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
@@ -0,0 +1,2971 @@
+/* wolfCrypt.cs
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace wolfSSL.CSharp
+{
+    public class wolfcrypt
+    {
+        private const string wolfssl_dll = "wolfssl.dll";
+
+        /********************************
+         * Init wolfSSL library
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfCrypt_Init();
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfCrypt_Cleanup();
+
+
+        /********************************
+         * Random
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_rng_free(IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz);
+
+
+        /********************************
+         * ECC
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_key_new(IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_ecc_key_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve);
+
+
+        /********************************
+         * ECIES
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_ecc_ctx_free(IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
+
+
+        /********************************
+         * ECDHE
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
+
+
+        /********************************
+         * RSA
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_FreeRsaKey(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key);
+
+
+        /********************************
+         * ED25519
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_init(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern void wc_ed25519_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
+
+        /* RAW format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_size(IntPtr key);
+
+
+        /********************************
+         * Curve25519
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_init(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_curve25519_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
+
+        /* RAW format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey);
+
+
+        /********************************
+         * AES-GCM
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesFree(IntPtr aes);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
+
+
+        /********************************
+         * HASH
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashInit(IntPtr hash, uint hashType);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashFree(IntPtr hash, uint hashType);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashGetDigestSize(uint hashType);
+
+
+        /********************************
+        * Logging
+        */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_GetErrorString(int error);
+
+        public delegate void loggingCb(int lvl, StringBuilder msg);
+        private static loggingCb internal_log;
+
+        /// <summary>
+        /// Log a message to set logging function
+        /// </summary>
+        /// <param name="lvl">Level of log message</param>
+        /// <param name="msg">Message to log</param>
+        private static void log(int lvl, string msg)
+        {
+            /* if log is not set then print nothing */
+            if (internal_log == null)
+                return;
+            StringBuilder ptr = new StringBuilder(msg);
+            internal_log(lvl, ptr);
+        }
+
+
+        /********************************
+         * Enum types from wolfSSL library
+         */
+        /* Logging levels */
+        public static readonly int ERROR_LOG = 0;
+        public static readonly int INFO_LOG = 1;
+        public static readonly int ENTER_LOG = 2;
+        public static readonly int LEAVE_LOG = 3;
+        public static readonly int OTHER_LOG = 4;
+        public static readonly int INVALID_DEVID = -2;
+        public static readonly int ECC_MAX_SIG_SIZE = 141;    /* ECC max sig size */
+        public static readonly int  ECC_KEY_SIZE = 32;       /* ECC key size */
+        public static readonly int MAX_ECIES_TEST_SZ = 200;   /* ECIES max sig size */
+        public static readonly int ED25519_SIG_SIZE = 64;     /* ED25519 pub + priv  */
+        public static readonly int ED25519_KEY_SIZE = 32;     /* Private key only */
+        public static readonly int ED25519_PUB_KEY_SIZE = 32; /* Compressed public */
+        public static readonly int AES_128_KEY_SIZE = 16;     /* for 128 bit */
+        public static readonly int AES_192_KEY_SIZE = 24;     /* for 192 bit */
+        public static readonly int AES_256_KEY_SIZE = 32;     /* for 256 bit */
+        public static readonly int AES_BLOCK_SIZE = 16;
+
+        /* Error codes */
+        public static readonly int SUCCESS = 0;
+        public static readonly int SIG_VERIFY_E = -229;    /* wolfcrypt signature verify error */
+        public static readonly int MEMORY_E = -125;        /* Out of memory error */
+        public static readonly int EXCEPTION_E = -1;
+        public static readonly int BUFFER_E = -131;        /* RSA buffer error, output too small/large */
+
+
+        /***********************************************************************
+         * Class Public Functions
+         **********************************************************************/
+
+        /// <summary>
+        /// Initialize wolfCrypt library
+        /// </summary>
+        /// <returns>0 on success</returns>
+        public static int Init()
+        {
+            int ret;
+            try
+            {
+                ret = wolfCrypt_Init();
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "wolfCrypt init error " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            return ret;
+        }
+
+        /// <summary>
+        /// Clean up wolfCrypt library memory
+        /// </summary>
+        /// <returns>0 on success</returns>
+        public static int Cleanup()
+        {
+            int ret;
+            try
+            {
+                ret = wolfCrypt_Cleanup();
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "wolfCrypt cleanup error " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            return ret;
+        }
+
+
+        /***********************************************************************
+         * Random
+         **********************************************************************/
+
+        /// <summary>
+        /// Create new WC_RNG context
+        /// </summary>
+        /// <returns>Pointer to allocated WC_RNG or null</returns>
+        public static IntPtr RandomNew()
+        {
+            IntPtr rng;
+
+            try
+            {
+                /* Allocate and init new WC_RNG structure */
+                rng = wc_rng_new(
+                    IntPtr.Zero, 0, /* Nonce (optional / used by FIPS only) */
+                    IntPtr.Zero);   /* Heap hint for static memory only */
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "random new exception " + e.ToString());
+                rng = IntPtr.Zero;
+            }
+
+            return rng;
+        }
+
+        /// <summary>
+        /// Free WC_RNG context
+        /// </summary>
+        /// <param name="rng">Pointer to allocated WC_RNG</param>
+        public static void RandomFree(IntPtr rng)
+        {
+            if (rng != IntPtr.Zero)
+            {
+                /* Free WC_RNG structure */
+                wc_rng_free(rng);
+            }
+        }
+
+        /// <summary>
+        /// Generate random data (use existing WC_RNG context)
+        /// </summary>
+        /// <param name="rng">WC_RNG created from RandomNew()</param>
+        /// <param name="buf">buffer to populate random data</param>
+        /// <param name="sz">size of buffer</param>
+        /// <returns>0=success or negative for error</returns>
+        public static int Random(IntPtr rng, byte[] buf, int sz)
+        {
+            int ret;
+            IntPtr data;
+
+            try
+            {
+                /* Allocate global buffer for wolfAPI random */
+                data = Marshal.AllocHGlobal(sz);
+                if (data != IntPtr.Zero)
+                {
+                    /* Generate random block */
+                    ret = wc_RNG_GenerateBlock(rng, data, Convert.ToUInt32(sz));
+                    if (ret == 0)
+                    {
+                        /* copy returned data */
+                        Marshal.Copy(data, buf, 0, sz);
+                    }
+                    else
+                    {
+                        log(ERROR_LOG, "random generate block error " + ret + ": " + GetError(ret));
+                    }
+                    Marshal.FreeHGlobal(data);
+                }
+                else
+                {
+                    ret = MEMORY_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "random generate block exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate random data (single shot)
+        /// </summary>
+        /// <param name="buf">buffer to populate random data</param>
+        /// <param name="sz">size of buffer</param>
+        /// <returns>0=success or negative for error</returns>
+        public static int Random(byte[] buf, int sz)
+        {
+            int ret;
+            IntPtr rng = RandomNew();
+            if (rng == IntPtr.Zero)
+            {
+                return MEMORY_E;
+            }
+            ret = Random(rng, buf, sz);
+            RandomFree(rng);
+            return ret;
+        }
+        /* END Random */
+
+
+        /***********************************************************************
+         * ECC
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new ECC private / public key pair
+        /// </summary>
+        /// <param name="keysize">Key size in bytes (example: SECP256R1 = 32)</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccMakeKey(int keysize, IntPtr rng)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate and init new WC_RNG structure */
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_ecc_make_key_ex(rng, keysize, key, 0); /* 0=use default curve */
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC make key exception " + e.ToString());
+
+                EccFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sets the ECC rng structure
+        /// </summary>
+        /// <param name="key">Supplied key as a pointer</param>
+        /// <param name="rng">rng context as a pointer</param>
+        /// <returns>Returns 0 on success</returns>
+        public static int EccSetRng(IntPtr key, IntPtr rng)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check */
+                if (key == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Invalid key or rng pointer.");
+                    return MEMORY_E;
+                }
+
+                /* Set ECC rng */
+                ret = wc_ecc_set_rng(key, rng);
+                if (ret != 0)
+                {
+                    log(ERROR_LOG, "ECC set rng failed returned:" + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC set rng exception " + e.ToString());
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate a new ECC private / public key pair
+        /// </summary>
+        /// <param name="keyASN1">ASN.1 private key buffer (see ecc_clikey_der_256)</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccImportKey(byte[] keyASN1)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
+                    IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
+                    Marshal.WriteInt32(idx, 0);
+                    Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
+                    ret = wc_EccPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                    Marshal.FreeHGlobal(idx); /* not used */
+                    Marshal.FreeHGlobal(keydata);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC import key exception " + e.ToString());
+                EccFreeKey(key); /* make sure its free'd */
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a hash using ECC
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="hash">Hash to sign</param>
+        /// <param name="signature">Buffer to receive the signature</param>
+        /// <returns>Length of the signature on success, otherwise a negative error code</returns>
+        public static int EccSign(IntPtr key, byte[] hash, byte[] signature)
+        {
+            int ret;
+            int signedLength = 0;
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr sigLen = IntPtr.Zero;
+            IntPtr rng = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+                sigLen = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(sigLen, signature.Length);
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+                ret = wc_ecc_sign_hash(hashPtr, Convert.ToUInt32(hash.Length), sigPtr, sigLen, rng, key);
+
+                /* Output actual signature length */
+                if (ret == 0)
+                {
+                    signedLength = Marshal.ReadInt32(sigLen);
+                    if (signedLength <= signature.Length)
+                    {
+                        Marshal.Copy(sigPtr, signature, 0, signedLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC sign exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (sigLen != IntPtr.Zero) Marshal.FreeHGlobal(sigLen);
+                if (rng != IntPtr.Zero) RandomFree(rng);
+            }
+
+            return ret == 0 ? signedLength : ret;
+        }
+
+        /// <summary>
+        /// Verify a signature using ECC
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="signature">Signature to verify</param>
+        /// <param name="hash">Expected hash value</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int EccVerify(IntPtr key, byte[] signature, byte[] hash)
+        {
+            int ret;
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr res = IntPtr.Zero;
+
+            try
+            {
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+                res = Marshal.AllocHGlobal(sizeof(int));
+
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+                Marshal.Copy(signature, 0, sigPtr, signature.Length);
+
+                ret = wc_ecc_verify_hash(sigPtr, Convert.ToUInt32(signature.Length), hashPtr, Convert.ToUInt32(hash.Length), res, key);
+
+                if (ret == 0)
+                {
+                    int verifyResult = Marshal.ReadInt32(res);
+                    ret = verifyResult == 1 ? 0 : EXCEPTION_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC verify exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (res != IntPtr.Zero) Marshal.FreeHGlobal(res);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export ECC Private Key to DER format
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <returns>DER-encoded private key as byte array</returns>
+        public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                int bufferSize = wc_EccPrivateKeyToDer(key, null, 0);
+                if (bufferSize < 0) {
+                    log(ERROR_LOG, "ECC private key get size failed " + bufferSize.ToString());
+                    return bufferSize;
+                }
+                derKey = new byte[bufferSize];
+                ret = wc_EccPrivateKeyToDer(key, derKey, (uint)bufferSize);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "ECC private key to der failed " + ret.ToString());
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC export private exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export ECC Public Key to DER format
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="includeCurve">Include algorithm curve in the output</param>
+        /// <returns>DER-encoded public key as byte array</returns>
+        public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeCurve)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                int bufferSize = wc_EccPublicKeyToDer(key, null, 0, includeCurve ? 1 : 0);
+                if (bufferSize < 0) {
+                    log(ERROR_LOG, "ECC public key get size failed " + bufferSize.ToString());
+                    return bufferSize;
+                }
+                derKey = new byte[bufferSize];
+                ret = wc_EccPublicKeyToDer(key, derKey, (uint)bufferSize, includeCurve ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "ECC public key to der failed " + ret.ToString());
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC export public exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Import ECC Public Key from DER format
+        /// </summary>
+        /// <param name="keyDer">DER-encoded public key</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccImportPublicKeyFromDer(byte[] keyDer)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    uint idx = 0;
+                    ret = wc_EccPublicKeyDecode(keyDer, ref idx, key, (uint)keyDer.Length);
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC import public key exception " + e.ToString());
+                EccFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Free an ECC key structure
+        /// </summary>
+        /// <param name="key">ECC key structure allocated using EccMakeKey() or EccImportKey()</param>
+        public static void EccFreeKey(IntPtr key)
+        {
+            if (key != IntPtr.Zero)
+            {
+                wc_ecc_key_free(key);
+            }
+        }
+        /* END ECC */
+
+
+        /***********************************************************************
+         * ECIES
+         **********************************************************************/
+
+        /// <summary>
+        /// Create a new ECIES context with flags, RNG, and custom heap.
+        /// </summary>
+        /// <param name="flags">Flags for the context initialization.</param>
+        /// <param name="rng">Random Number Generator (RNG) pointer.</param>
+        /// <param name="heap">Custom heap pointer for memory allocations.</param>
+        /// <returns>Pointer to the newly created ECIES context or IntPtr.Zero on failure.</returns>
+        public static IntPtr EciesNewCtx(int flags, IntPtr rng, IntPtr heap)
+        {
+            IntPtr ctx = IntPtr.Zero;
+            heap = IntPtr.Zero;
+
+            try
+            {
+                ctx = wc_ecc_ctx_new_ex(flags, rng, heap);
+                if (ctx == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "ECIES context creation with custom heap failed: returned IntPtr.Zero");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES context creation with custom heap failed: " + e.ToString());
+                return IntPtr.Zero;
+            }
+
+            return ctx;
+        }
+
+        /// <summary>
+        /// Reset the ECIES context with a new RNG.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context to reset.</param>
+        /// <param name="rng">New RNG to set.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesCtxReset(IntPtr ctx, IntPtr rng)
+        {
+            int ret;
+
+            try
+            {
+                ret = wc_ecc_ctx_reset(ctx, rng);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES context reset exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set encryption, KDF, and MAC algorithms for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="encAlgo">Encryption algorithm identifier.</param>
+        /// <param name="kdfAlgo">Key Derivation Function (KDF) algorithm identifier.</param>
+        /// <param name="macAlgo">MAC algorithm identifier.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetAlgo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo)
+        {
+            int ret;
+
+            try
+            {
+                ret = wc_ecc_ctx_set_algo(ctx, encAlgo, kdfAlgo, macAlgo);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set algorithm exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the ECIES own salt as a byte array.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <returns>Byte array representing the own salt, or null if there is an error.</returns>
+        public static byte[] EciesGetOwnSalt(IntPtr ctx)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            byte[] salt = null;
+
+            try
+            {
+                /* Check ctx */
+                if (ctx == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Invalid ECIES context pointer.");
+                    return null;
+                }
+
+                /* Get own salt */
+                saltPtr = wc_ecc_ctx_get_own_salt(ctx);
+                if (saltPtr == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Failed to get own salt.");
+                    return null;
+                }
+
+                /* Allocate salt size and copy to byte array */
+                salt = new byte[(int)ecKeySize.EXCHANGE_SALT_SZ];
+                Marshal.Copy(saltPtr, salt, 0, (int)ecKeySize.EXCHANGE_SALT_SZ);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES get own salt exception: " + e.ToString());
+                return null;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return salt;
+        }
+
+        /// <summary>
+        /// Set the peer salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">Peer salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetPeerSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the peer salt */
+                ret = wc_ecc_ctx_set_peer_salt(ctx, saltPtr);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set peer salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the own salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">Own salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetOwnSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            uint saltSz;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltSz = (uint)salt.Length;
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the own salt */
+                ret = wc_ecc_ctx_set_own_salt(ctx, saltPtr, saltSz);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set own salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the KDF salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">KDF salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetKdfSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            uint saltSz;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltSz = (uint)salt.Length;
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the KDF salt */
+                ret = wc_ecc_ctx_set_kdf_salt(ctx, saltPtr, saltSz);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set KDF salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the info for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="info">Info as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetInfo(IntPtr ctx, byte[] info)
+        {
+            IntPtr infoPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                infoPtr = Marshal.AllocHGlobal(info.Length);
+                Marshal.Copy(info, 0, infoPtr, info.Length);
+
+                /* Set the info */
+                ret = wc_ecc_ctx_set_info(ctx, infoPtr, info.Length);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set info exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (infoPtr != IntPtr.Zero) Marshal.FreeHGlobal(infoPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt a message using ECIES.
+        /// </summary>
+        /// <param name="privKey">Private key.</param>
+        /// <param name="pubKey">Public key.</param>
+        /// <param name="msg">Message to encrypt.</param>
+        /// <param name="msgSz">Message size.</param>
+        /// <param name="outBuffer">Output buffer.</param>
+        /// <param name="ctx">ECIES context.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesEncrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
+        {
+            int ret;
+            int outBufferLength = 0;
+            IntPtr msgPtr = IntPtr.Zero;
+            IntPtr outBufferPtr = IntPtr.Zero;
+            IntPtr outSz = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+                outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
+                outSz = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(outSz, outBuffer.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                /* Encrypt */
+                ret = wc_ecc_encrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to encrypt message using ECIES. Error code: " + ret);
+                }
+                /* Output actual output buffer length */
+                if (ret == 0)
+                {
+                    outBufferLength = Marshal.ReadInt32(outSz);
+                    if (outBufferLength <= outBuffer.Length)
+                    {
+                        Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES encryption exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+                if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
+                if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
+            }
+
+            return ret == 0 ? outBufferLength : ret;
+        }
+
+        /// <summary>
+        /// Decrypt a message using ECIES.
+        /// </summary>
+        /// <param name="privKey">Private key.</param>
+        /// <param name="pubKey">Public key.</param>
+        /// <param name="msg">Encrypted message.</param>
+        /// <param name="msgSz">Message size.</param>
+        /// <param name="outBuffer">Output buffer for the decrypted message.</param>
+        /// <param name="ctx">ECIES context.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesDecrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
+        {
+            int ret;
+            int outBufferLength = 0;
+            IntPtr msgPtr = IntPtr.Zero;
+            IntPtr outBufferPtr = IntPtr.Zero;
+            IntPtr outSz = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+                outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
+                outSz = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(outSz, outBuffer.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                /* Decrypt */
+                ret = wc_ecc_decrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to decrypt message using ECIES. Error code: " + ret);
+                }
+                /* Output actual output buffer length */
+                if (ret == 0)
+                {
+                    outBufferLength = Marshal.ReadInt32(outSz);
+                    if (outBufferLength <= outBuffer.Length)
+                    {
+                        Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES decryption exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+                if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
+                if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
+            }
+
+            return ret == 0 ? outBufferLength : ret;
+        }
+
+        /// <summary>
+        /// Free the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context to free.</param>
+        public static void EciesFreeCtx(IntPtr ctx)
+        {
+            if (ctx != IntPtr.Zero)
+            {
+                wc_ecc_ctx_free(ctx);
+            }
+        }
+
+        /********************************
+         * ENUMS
+         */
+        public enum ecEncAlgo {
+            ecAES_128_CBC = 1,  /* default */
+            ecAES_256_CBC = 2,
+            ecAES_128_CTR = 3,
+            ecAES_256_CTR = 4
+        }
+
+        public enum ecKdfAlgo {
+            ecHKDF_SHA256      = 1,  /* default */
+            ecHKDF_SHA1        = 2,
+            ecKDF_X963_SHA1    = 3,
+            ecKDF_X963_SHA256  = 4,
+            ecKDF_SHA1         = 5,
+            ecKDF_SHA256       = 6
+        }
+
+        public enum ecMacAlgo {
+            ecHMAC_SHA256 = 1,  /* default */
+            ecHMAC_SHA1   = 2
+        }
+
+        public enum ecKeySize {
+            KEY_SIZE_128     = 16,
+            KEY_SIZE_256     = 32,
+            IV_SIZE_64       =  8,
+            IV_SIZE_128      = 16,
+            ECC_MAX_IV_SIZE  = 16,
+            EXCHANGE_SALT_SZ = 16,
+            EXCHANGE_INFO_SZ = 23
+        }
+
+        public enum ecFlags {
+            REQ_RESP_CLIENT = 1,
+            REQ_RESP_SERVER = 2
+        }
+        /* END ECIES */
+
+
+        /***********************************************************************
+         * ECDHE
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a shared secret using ECC
+        /// </summary>
+        /// <param name="privateKey">ECC private key</param>
+        /// <param name="publicKey">ECC public key</param>
+        /// <param name="secret">Buffer to receive the shared secret</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int EcdheSharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret, IntPtr rng)
+        {
+            int ret;
+            int secretLength = secret.Length;
+
+            try
+            {
+                /* set RNG for Public Key */
+                ret = EccSetRng(privateKey, rng);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to set Public Key RNG Error code: " + ret);
+                }
+
+                /* set RNG for Private Key */
+                ret = EccSetRng(publicKey, rng);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to set Private Key RNG. Error code: " + ret);
+                }
+
+                /* Generate shared secret */
+                if (privateKey != IntPtr.Zero || publicKey != IntPtr.Zero)
+                {
+                    ret = wc_ecc_shared_secret(privateKey, publicKey, secret, ref secretLength);
+                    if (ret != 0)
+                    {
+                        throw new Exception("Failed to compute ECC shared secret. Error code: " + ret);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC shared secret exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+        /* END ECDHE */
+
+
+        /***********************************************************************
+         * RSA
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new RSA private/public key pair
+        /// </summary>
+        /// <param name="heap">Pointer to the heap for memory allocation
+        /// (use IntPtr.Zero if not applicable)</param>
+        /// <param name="devId">Device ID (if applicable, otherwise use 0)</param>
+        /// <param name="keysize">Key size in bits (example: 2048)</param>
+        /// <param name="exponent">Exponent for RSA key generation (default is 65537)</param>
+        /// <returns>Allocated RSA key structure or null on failure</returns>
+        public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 exponent)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+            IntPtr rng = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate and init new RSA key structure */
+                key = wc_NewRsaKey(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    rng = RandomNew();
+                    if (rng == IntPtr.Zero)
+                    {
+                        throw new Exception("Failed to create rng.");
+                    }
+
+                    ret = wc_MakeRsaKey(key, keysize, exponent, rng);
+                    if (ret != 0)
+                    {
+                        RsaFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+
+                    RandomFree(rng);
+                    rng = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA make key exception " + e.ToString());
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (key != IntPtr.Zero) RsaFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize)
+        {
+            return RsaMakeKey(heap, devId, keysize, 65537);
+        }
+
+        /// <summary>
+        /// Import an RSA private key from ASN.1 buffer
+        /// </summary>
+        /// <param name="keyASN1">ASN.1 private key buffer</param>
+        /// <returns>Allocated RSA key structure or null</returns>
+        public static IntPtr RsaImportKey(byte[] keyASN1)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
+                    IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
+                    Marshal.WriteInt32(idx, 0);
+                    Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
+                    ret = wc_RsaPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
+                    if (ret != 0)
+                    {
+                        RsaFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                    Marshal.FreeHGlobal(idx); /* not used */
+                    Marshal.FreeHGlobal(keydata);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA make key exception " + e.ToString());
+                RsaFreeKey(key); /* make sure its free'd */
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a hash using RSA and SSL-style padding
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="hash">Hash to sign</param>
+        /// <param name="signature">Buffer to receive the signature</param>
+        /// <returns>Length of the signature on success, otherwise an error code</returns>
+        public static int RsaSignSSL(IntPtr key, byte[] hash, byte[] signature)
+        {
+            IntPtr hashPtr = Marshal.AllocHGlobal(hash.Length);
+            IntPtr sigPtr = Marshal.AllocHGlobal(signature.Length);
+            IntPtr rng = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+
+                ret = wc_RsaSSL_Sign(hashPtr, hash.Length, sigPtr, signature.Length, key, rng);
+                if (ret >= 0) /* `wc_RsaSSL_Sign` returns the signature length on success */
+                {
+                    Marshal.Copy(sigPtr, signature, 0, ret);
+                }
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (rng != IntPtr.Zero) RandomFree(rng);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Verify a signature using RSA and SSL-style padding
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="signature">Signature to verify</param>
+        /// <param name="hash">Expected hash value</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaVerifySSL(IntPtr key, byte[] signature, byte[] hash)
+        {
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+
+                Marshal.Copy(signature, 0, sigPtr, signature.Length);
+
+                ret = wc_RsaSSL_Verify(sigPtr, signature.Length, hashPtr, hash.Length, key);
+
+                if (ret == hash.Length)
+                {
+                    byte[] verifiedHash = new byte[hash.Length];
+                    Marshal.Copy(hashPtr, verifiedHash, 0, hash.Length);
+
+                    if (ByteArrayVerify(verifiedHash, hash))
+                    {
+                        ret = 0;
+                    }
+                    else
+                    {
+                        ret = SIG_VERIFY_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA verify exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt data using RSA public key encryption
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="input">Data to encrypt</param>
+        /// <param name="output">Buffer to receive the encrypted data</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaPublicEncrypt(IntPtr key, byte[] input, byte[] output)
+        {
+            IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
+            IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
+            Marshal.Copy(input, 0, inPtr, input.Length);
+
+            int ret = wc_RsaPublicEncrypt(inPtr, input.Length, outPtr, output.Length, key);
+
+            if (ret > 0)
+            {
+                Marshal.Copy(outPtr, output, 0, ret);
+            }
+
+            Marshal.FreeHGlobal(inPtr);
+            Marshal.FreeHGlobal(outPtr);
+
+            return ret > 0 ? 0 : ret;
+        }
+
+        /// <summary>
+        /// Decrypt data using RSA private key decryption
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="input">Encrypted data</param>
+        /// <param name="output">Buffer to receive the decrypted data</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaPrivateDecrypt(IntPtr key, byte[] input, byte[] output)
+        {
+            IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
+            IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
+            Marshal.Copy(input, 0, inPtr, input.Length);
+
+            int ret = wc_RsaPrivateDecrypt(inPtr, input.Length, outPtr, output.Length, key);
+
+            if (ret > 0)
+            {
+                Marshal.Copy(outPtr, output, 0, ret);
+            }
+
+            Marshal.FreeHGlobal(inPtr);
+            Marshal.FreeHGlobal(outPtr);
+
+            return ret > 0 ? 0 : ret;
+        }
+
+        /// <summary>
+        /// Free an RSA key structure
+        /// </summary>
+        /// <param name="key">RSA key structure allocated using RsaMakeKey() or RsaImportKey()</param>
+        public static void RsaFreeKey(IntPtr key)
+        {
+            if (key != IntPtr.Zero)
+            {
+                wc_DeleteRsaKey(key, IntPtr.Zero);
+                key = IntPtr.Zero;
+            }
+        }
+        /* END RSA */
+
+
+        /***********************************************************************
+         * ED25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new ED25519 key pair with a specified heap, device ID, and internally managed RNG.
+        /// </summary>
+        /// <param name="heap">Heap to use for memory allocations (can be IntPtr.Zero).</param>
+        /// <param name="devId">Device ID for hardware-based keys (can be 0 for software).</param>
+        /// <returns>0 on success, or an error code on failure.</returns>
+        public static IntPtr Ed25519MakeKey(IntPtr heap, int devId)
+        {
+            int ret = 0;
+            IntPtr rng = IntPtr.Zero;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                key = wc_ed25519_new(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_ed25519_make_key(rng, 32, key);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 make key exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (ret != 0)
+                {
+                    wc_ed25519_delete(key, IntPtr.Zero);
+                    key = IntPtr.Zero;
+                }
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a message with an ED25519 private key.
+        /// </summary>
+        /// <param name="inMsg">Message to be signed</param>
+        /// <param name="outMsg">Buffer to receive the signature</param>
+        /// <param name="key">Private key used for signing</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key)
+        {
+            int ret;
+            IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
+            IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
+            outMsg = null;
+
+            try
+            {
+                Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
+                uint outMsgSize = (uint)ED25519_SIG_SIZE;
+                ret = wc_ed25519_sign_msg(inMsgPtr, (uint)inMsg.Length, outMsgPtr, ref outMsgSize, key);
+                if (ret == 0)
+                {
+                    outMsg = new byte[outMsgSize];
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outMsgSize);
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Verify a signature of a message with an ED25519 public key.
+        /// </summary>
+        /// <param name="sig">Signature to verify</param>
+        /// <param name="msg">Message that was signed</param>
+        /// <param name="key">Public key used for verification</param>
+        /// <returns>0 if the verification succeeds, otherwise an error code</returns>
+        public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key)
+        {
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr msgPtr = IntPtr.Zero;
+            int ret = 0;
+
+            try
+            {
+                /* Allocate memory */
+                sigPtr = Marshal.AllocHGlobal(sig.Length);
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+
+                Marshal.Copy(sig, 0, sigPtr, sig.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                int verify = 0;
+                ret = wc_ed25519_verify_msg(sigPtr, (uint)sig.Length, msgPtr, (uint)msg.Length, ref verify, key);
+
+                if (ret == 0 && verify == 1)
+                {
+                    ret = 0;
+                }
+                else
+                {
+                    ret = SIG_VERIFY_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 verify exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Decode an ED25519 private key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded private key as byte array.</param>
+        /// <returns>Allocated ED25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Ed25519PrivateKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Ed25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 private key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Ed25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an ED25519 public key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded public key as byte array.</param>
+        /// <returns>Allocated ED25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Ed25519PublicKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Ed25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 public key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Ed25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export an ED25519 key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 key structure.</param>
+        /// <param name="privKey">DER-encoded public key as byte array.</param>
+        /// <returns>DER-encoded key as byte array.</returns>
+        public static int Ed25519ExportKeyToDer(IntPtr key, out byte[] privKey)
+        {
+            int ret;
+            privKey = null;
+
+            try
+            {
+                /* Get length */
+                int len = wc_Ed25519KeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                privKey = new byte[len];
+                ret = wc_Ed25519KeyToDer(key, privKey, (uint)privKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch(Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an ED25519 private key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 private key structure.</param>
+        /// <param name="derKey">DER-encoded private key as byte array.</param>
+        /// <returns>DER-encoded private key as byte array.</returns>
+        public static int Ed25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Ed25519PrivateKeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Ed25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an ED25519 public key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 public key structure.</param>
+        /// <param name="includeAlg">Whether to include the algorithm identifier in the output.</param>
+        /// <param name="pubKey">DER-encoded public key as byte array.</param>
+        /// <returns>An error code indicating success (0) or failure (negative value).</returns>
+        public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, bool includeAlg)
+        {
+            int ret;
+            pubKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Ed25519PublicKeyToDer(key, null, 0, 1);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                pubKey = new byte[len];
+                ret = wc_Ed25519PublicKeyToDer(key, pubKey, (uint)pubKey.Length, includeAlg ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 public key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export public key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free an ED25519 key.
+        /// </summary>
+        /// <param name="key">Key to be freed</param>
+        public static void Ed25519FreeKey(IntPtr key)
+        {
+            wc_ed25519_delete(key, IntPtr.Zero);
+            key = IntPtr.Zero;
+        }
+        /* END ED25519 */
+
+
+        /***********************************************************************
+         * RAW ED25519
+         **********************************************************************/
+
+        /// <summary>
+    	/// Initialize an ED25519 key.
+    	/// </summary>
+    	/// <param name="key">Buffer to receive the initialized key</param>
+    	/// <returns>0 on success, otherwise an error code</returns>
+    	public static int Ed25519InitKey(out IntPtr key)
+        {
+            key = IntPtr.Zero;
+            try
+            {
+                key = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
+                int ret = wc_ed25519_init(key);
+
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+
+                return ret;
+            }
+            catch
+            {
+                /* Cleanup */
+                Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+                throw;
+            }
+        }
+
+        /// <summary>
+        /// Import a public key into an ED25519 key structure.
+        /// </summary>
+        /// <param name="inMsg">Public key to import</param>
+        /// <param name="inLen">Length of the public key</param>
+        /// <param name="key">Buffer to receive the imported key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ImportPublic(byte[] inMsg, uint inLen, out IntPtr key)
+        {
+            int ret;
+            key = IntPtr.Zero;
+            IntPtr inMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                key = Marshal.AllocHGlobal(ED25519_PUB_KEY_SIZE);
+                if (key == IntPtr.Zero)
+                {
+                    throw new OutOfMemoryException("Failed to allocate memory for the key.");
+                }
+
+                inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
+                if (inMsgPtr == IntPtr.Zero)
+                {
+                    throw new OutOfMemoryException("Failed to allocate memory for the input message.");
+                }
+                Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
+
+                ret = wc_ed25519_import_public(inMsgPtr, inLen, key);
+                if (ret != 0)
+                {
+                    return ret;
+                }
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Exception in EdImportPublic: {ex.Message}");
+
+                return EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export a public key from an ED25519 key structure.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <param name="outMsg">Buffer to receive the exported public key</param>
+        /// <param name="outLen">Length of the exported public key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ExportPublic(IntPtr key, byte[] outMsg, out uint outLen)
+        {
+            int ret;
+            IntPtr outMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
+                outLen = (uint)outMsg.Length;
+                ret = wc_ed25519_export_public(key, outMsgPtr, ref outLen);
+                if (ret == 0)
+                {
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
+                }
+                else
+                {
+                    outLen = 0;
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export a private key from an ED25519 key structure.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <param name="outMsg">Buffer to receive the exported private key</param>
+        /// <param name="outLen">Length of the exported private key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ExportPrivate(IntPtr key, byte[] outMsg, out uint outLen)
+        {
+            int ret;
+            IntPtr outMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
+                outLen = (uint)outMsg.Length;
+                ret = wc_ed25519_export_private(key, outMsgPtr, ref outLen);
+                if (ret == 0)
+                {
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
+                }
+                else
+                {
+                    outLen = 0;
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate a public key from a private key.
+        /// </summary>
+        /// <param name="key">The private key used to generate the public key</param>
+        /// <param name="pubKey">Buffer to receive the public key</param>
+        /// <param name="pubKeySz">Size of the public key buffer</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519MakePublic(IntPtr key, byte[] pubKey, out uint pubKeySz)
+        {
+            int ret;
+            IntPtr pubKeyPtr = Marshal.AllocHGlobal(pubKey.Length);
+
+            try
+            {
+                pubKeySz = (uint)pubKey.Length;
+                ret = wc_ed25519_make_public(key, pubKeyPtr, pubKeySz);
+                if (ret == 0)
+                {
+                    Marshal.Copy(pubKeyPtr, pubKey, 0, (int)pubKeySz);
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (pubKeyPtr != IntPtr.Zero) Marshal.FreeHGlobal(pubKeyPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the size of the ED25519 key.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <returns>Size of the key, or an error code if failed</returns>
+        public static int Ed25519GetKeySize(IntPtr key)
+        {
+            return wc_ed25519_size(key);
+        }
+        /* END RAW ED25519 */
+
+
+        /***********************************************************************
+         * Curve25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new Curve25519 key pair with a specified heap, device ID, and internally managed RNG.
+        /// </summary>
+        /// <param name="heap">Heap to use for memory allocations (can be IntPtr.Zero).</param>
+        /// <param name="devId">Device ID for hardware-based keys (can be 0 for software).</param>
+        /// <returns>0 on success, or an error code on failure.</returns>
+        public static IntPtr Curve25519MakeKey(IntPtr heap, int devId)
+        {
+            int ret = 0;
+            IntPtr rng = IntPtr.Zero;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                key = wc_curve25519_new(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_curve25519_make_key(rng, 32, key);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 make key exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (ret != 0)
+                {
+                    wc_curve25519_delete(key, IntPtr.Zero);
+                    key = IntPtr.Zero;
+                }
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an Curve25519 private key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded private key as byte array.</param>
+        /// <returns>Allocated Curve25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Curve25519PrivateKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Curve25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 private key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Curve25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an Curve25519 public key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded public key as byte array.</param>
+        /// <returns>Allocated Curve25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Curve25519PublicKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Curve25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 public key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Curve25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export an Curve25519 key to DER format.
+        /// </summary>
+        /// <param name="key">Curve25519 key structure.</param>
+        /// <param name="derKey">DER-encoded public key as byte array.</param>
+        /// <returns>DER-encoded key as byte array.</returns>
+        public static int Curve25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Curve25519PrivateKeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Curve25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export Curve25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "CURVE25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an Curve25519 public key to DER format.
+        /// </summary>
+        /// <param name="key">Curve25519 public key structure.</param>
+        /// <param name="includeAlg">Whether to include the algorithm identifier in the output.</param>
+        /// <param name="derKey">DER-encoded public key as byte array.</param>
+        /// <returns>An error code indicating success (0) or failure (negative value).</returns>
+        public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeAlg)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Curve25519PublicKeyToDer(key, null, 0, 1);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Curve25519PublicKeyToDer(key, derKey, (uint)derKey.Length, includeAlg ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export Curve25519 public key to DER format. Error code: " + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 export public key to DER exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free an Curve25519 key.
+        /// </summary>
+        /// <param name="key">Key to be freed</param>
+        public static void Curve25519FreeKey(IntPtr key)
+        {
+            wc_curve25519_delete(key, IntPtr.Zero);
+            key = IntPtr.Zero;
+        }
+        /* END Curve25519 */
+
+
+        /***********************************************************************
+         * RAW Curve25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a shared secret using Curve25519
+        /// </summary>
+        /// <param name="privateKey">Curve25519 private key</param>
+        /// <param name="publicKey">Curve25519 public key</param>
+        /// <param name="secret">Buffer to receive the shared secret</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret)
+        {
+            int ret;
+            int secretLength = secret.Length;
+
+            try
+            {
+                ret = wc_curve25519_shared_secret(privateKey, publicKey, secret, ref secretLength);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to compute Curve25519 shared secret. Error code: " + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Import a Curve25519 private key from a byte array
+        /// </summary>
+        /// <param name="privateKey">Private key byte array</param>
+        /// <returns>Allocated Curve25519 key structure or null</returns>
+        public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey)
+        {
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = Marshal.AllocHGlobal(privateKey.Length);
+                Marshal.Copy(privateKey, 0, key, privateKey.Length);
+                int ret = wc_curve25519_import_private(key, privateKey.Length, key);
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString());
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Import a Curve25519 public key from a byte array
+        /// </summary>
+        /// <param name="publicKey">Public key byte array</param>
+        /// <returns>Allocated Curve25519 key structure or null</returns>
+        public static IntPtr Curve25519ImportPublicKey(byte[] publicKey)
+        {
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = Marshal.AllocHGlobal(publicKey.Length);
+                Marshal.Copy(publicKey, 0, key, publicKey.Length);
+                int ret = wc_curve25519_import_public(key, publicKey.Length, key);
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString());
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export a Curve25519 private key to a byte array
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>Private key as byte array</returns>
+        public static byte[] Curve25519ExportPrivateKey(IntPtr key)
+        {
+            byte[] privateKey = new byte[ED25519_KEY_SIZE];
+            uint privSize = (uint)privateKey.Length;
+            int ret = wc_curve25519_export_public(key, privateKey, ref privSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 private key. Error code: " + ret);
+            }
+            return privateKey;
+        }
+
+        /// <summary>
+        /// Export a Curve25519 public key to a byte array
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>Public key as byte array</returns>
+        public static byte[] Curve25519ExportPublicKey(IntPtr key)
+        {
+            byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
+            uint pubSize = (uint)publicKey.Length;
+            int ret = wc_curve25519_export_public(key, publicKey, ref pubSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 public key. Error code: " + ret);
+            }
+            return publicKey;
+        }
+
+        /// <summary>
+        /// Export both private and public keys from a Curve25519 key structure
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>A tuple containing the private key and public key as byte arrays</returns>
+        public static (byte[] privateKey, byte[] publicKey) Curve25519ExportKeyRaw(IntPtr key)
+        {
+            byte[] privateKey = new byte[ED25519_KEY_SIZE];
+            byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
+            uint privSize = (uint)privateKey.Length;
+            uint pubSize = (uint)publicKey.Length;
+            int ret = wc_curve25519_export_key_raw(key, privateKey, ref privSize, publicKey, ref pubSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 keys. Error code: " + ret);
+            }
+            return (privateKey, publicKey);
+        }
+        /* END RAW Curve25519 */
+
+
+        /***********************************************************************
+         * AES-GCM
+         **********************************************************************/
+
+        /// <summary>
+        /// Creates a new AES context.
+        /// </summary>
+        /// <param name="heap">Pointer to a memory heap, or IntPtr.Zero to use the default heap.</param>
+        /// <param name="devId">The device ID to associate with this AES context.</param>
+        /// <returns>A pointer to the newly created AES context, or IntPtr.Zero on failure.</returns>
+        public static IntPtr AesNew(IntPtr heap, int devId)
+        {
+            IntPtr aesPtr = IntPtr.Zero;
+
+            try
+            {
+                aesPtr = wc_AesNew(heap, devId, IntPtr.Zero);
+
+                if (aesPtr == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create AES context.");
+                }
+
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine($"AES context creation failed: {e.Message}");
+            }
+
+            return aesPtr;
+        }
+
+        /// <summary>
+        /// Initialize and set the AES key for AES-GCM operations.
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="key">The AES key (either 128, 192, or 256 bits).</param>
+        /// <returns>0 on success, otherwise an error code.</returns>
+        public static int AesGcmSetKey(IntPtr aes, byte[] key)
+        {
+            IntPtr keyPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                keyPtr = Marshal.AllocHGlobal(key.Length);
+                Marshal.Copy(key, 0, keyPtr, key.Length);
+
+                ret = wc_AesGcmSetKey(aes, keyPtr, (uint)key.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"AES-GCM initialization failed with error code {ret}");
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Wrapper method to initialize the AES-GCM context with a given key and IV.
+        /// </summary>
+        /// <param name="aes">Pointer to the AES-GCM context that needs to be initialized.</param>
+        /// <param name="key">Byte array containing the AES key.</param>
+        /// <param name="iv">Byte array containing the initialization vector (IV).</param>
+        public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv)
+        {
+            IntPtr keyPtr = IntPtr.Zero;
+            IntPtr ivPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory for key and IV */
+                keyPtr = Marshal.AllocHGlobal(key.Length);
+                Marshal.Copy(key, 0, keyPtr, key.Length);
+
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+
+                ret = wc_AesGcmInit(aes, keyPtr, (uint)key.Length, ivPtr, (uint)iv.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"AES-GCM initialization failed with error code {ret}");
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt data using AES-GCM
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="iv">Initialization Vector (IV)</param>
+        /// <param name="plaintext">Data to encrypt</param>
+        /// <param name="ciphertext">Buffer to receive the encrypted data</param>
+        /// <param name="authTag">Buffer to receive the authentication tag</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext,
+            byte[] ciphertext, byte[] authTag, byte[] addAuth = null)
+        {
+            int ret;
+            IntPtr ivPtr = IntPtr.Zero;
+            IntPtr ciphertextPtr = IntPtr.Zero;
+            IntPtr plaintextPtr = IntPtr.Zero;
+            IntPtr authTagPtr = IntPtr.Zero;
+            IntPtr addAuthPtr = IntPtr.Zero;
+            uint addAuthSz = 0;
+
+            try
+            {
+                /* Allocate memory */
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
+                plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
+                authTagPtr = Marshal.AllocHGlobal(authTag.Length);
+                if (addAuth != null) {
+                    addAuthSz = (uint)addAuth.Length;
+                    addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
+                    Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
+                }
+
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+                Marshal.Copy(plaintext, 0, plaintextPtr, plaintext.Length);
+
+                /* Encrypt data */
+                ret = wc_AesGcmEncrypt(aes, ciphertextPtr, plaintextPtr, (uint)plaintext.Length,
+                    ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to Encrypt data using AES-GCM. Error code: " + ret);
+                }
+                else {
+                    Marshal.Copy(ciphertextPtr, ciphertext, 0, ciphertext.Length);
+                    Marshal.Copy(authTagPtr, authTag, 0, authTag.Length);
+                    ret = 0;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "AES-GCM Encryption failed: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+                if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
+                if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
+                if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
+                if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Decrypt data using AES-GCM
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="iv">Initialization Vector (IV)</param>
+        /// <param name="ciphertext">Data to decrypt</param>
+        /// <param name="plaintext">Buffer to receive the decrypted data</param>
+        /// <param name="authTag">Authentication tag for verification</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext,
+            byte[] plaintext, byte[] authTag, byte[] addAuth = null)
+        {
+            int ret;
+            IntPtr ivPtr = IntPtr.Zero;
+            IntPtr ciphertextPtr = IntPtr.Zero;
+            IntPtr plaintextPtr = IntPtr.Zero;
+            IntPtr authTagPtr = IntPtr.Zero;
+            IntPtr addAuthPtr = IntPtr.Zero;
+            uint addAuthSz = 0;
+
+            try
+            {
+                /* Allocate memory */
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
+                plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
+                authTagPtr = Marshal.AllocHGlobal(authTag.Length);
+                if (addAuth != null) {
+                    addAuthSz = (uint)addAuth.Length;
+                    addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
+                    Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
+                }
+
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+                Marshal.Copy(ciphertext, 0, ciphertextPtr, ciphertext.Length);
+                Marshal.Copy(authTag, 0, authTagPtr, authTag.Length);
+
+                /* Decrypt data */
+                ret = wc_AesGcmDecrypt(aes, plaintextPtr, ciphertextPtr, (uint)ciphertext.Length,
+                    ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to Decrypt data using AES-GCM. Error code: " + ret);
+                }
+                else {
+                    Marshal.Copy(plaintextPtr, plaintext, 0, plaintext.Length);
+                    ret = 0;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "AES-GCM Decryption failed: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+                if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
+                if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
+                if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
+                if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free AES-GCM context
+        /// </summary>
+        /// <param name="aes">AES-GCM context</param>
+        public static void AesGcmFree(IntPtr aes)
+        {
+            if (aes != IntPtr.Zero)
+            {
+                wc_AesDelete(aes, IntPtr.Zero);
+                aes = IntPtr.Zero;
+            }
+        }
+        /* END AES-GCM */
+
+
+        /***********************************************************************
+         * HASH
+         **********************************************************************/
+
+        /// <summary>
+        /// Allocate and set up a new hash context with proper error handling
+        /// </summary>
+        /// <param name="hashType">The type of hash (SHA-256, SHA-384, etc.)</param>
+        /// <param name="heap">Pointer to the heap for memory allocation (use IntPtr.Zero if not applicable)</param>
+        /// <param name="devId">Device ID (if applicable, otherwise use INVALID_DEVID)</param>
+        /// <returns>Allocated hash context pointer or IntPtr.Zero on failure</returns>
+        public static IntPtr HashNew(uint hashType, IntPtr heap, int devId)
+        {
+            IntPtr hash = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate new hash */
+                hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero);
+                if (hash == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to allocate new hash context.");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashNew Exception: " + e.ToString());
+            }
+
+            return hash;
+        }
+
+        /// <summary>
+        /// Initialize the hash context for a specific hash type with proper error handling
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash (SHA-256, SHA-384, etc.)</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int InitHash(IntPtr hash, uint hashType)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+
+                ret = wc_HashInit(hash, hashType);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to initialize hash context. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                /* Cleanup */
+                log(ERROR_LOG, "InitHash Exception: " + e.ToString());
+                if (hash != IntPtr.Zero) {
+                    wc_HashDelete(hash, IntPtr.Zero);
+                    hash = IntPtr.Zero;
+                }
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Update the hash with data
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <param name="data">Byte array of the data to hash</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashUpdate(IntPtr hash, uint hashType, byte[] data)
+        {
+            int ret = 0;
+            IntPtr dataPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Check parameters */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+                if (data == null || data.Length == 0)
+                    throw new Exception("Invalid data array.");
+
+                /* Allocate memory */
+                dataPtr = Marshal.AllocHGlobal(data.Length);
+                Marshal.Copy(data, 0, dataPtr, data.Length);
+
+                /* Update hash */
+                ret = wc_HashUpdate(hash, hashType, dataPtr, (uint)data.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to update hash. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashUpdate Exception: " + e.ToString());
+            }
+            finally
+            {
+                /* Cleanup */
+                if (dataPtr != IntPtr.Zero) Marshal.FreeHGlobal(dataPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Finalize the hash and output the result
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <param name="output">Byte array where the hash output will be stored</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashFinal(IntPtr hash, uint hashType, out byte[] output)
+        {
+            int ret = 0;
+            IntPtr outputPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Get hash size and initialize */
+                int hashSize = wc_HashGetDigestSize(hashType);
+                output = new byte[hashSize];
+
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+                if (hashSize <= 0)
+                    throw new Exception("Invalid hash size.");
+
+                /* Allocate memory */
+                outputPtr = Marshal.AllocHGlobal(hashSize);
+
+                ret = wc_HashFinal(hash, hashType, outputPtr);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to finalize hash. Error code: {ret}");
+                }
+
+                Marshal.Copy(outputPtr, output, 0, hashSize);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashFinal Exception: " + e.ToString());
+                output = null;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outputPtr != IntPtr.Zero) Marshal.FreeHGlobal(outputPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free the allocated hash context with proper error handling
+        /// </summary>
+        /// <param name="hash">Hash context pointer to be freed</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashFree(IntPtr hash, uint hashType)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null, cannot free.");
+
+                /* Free hash */
+                ret = wc_HashDelete(hash, IntPtr.Zero);
+                hash = IntPtr.Zero;
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to free hash context. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashFree Exception: " + e.ToString());
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Hash type enum values
+        /// </summary>
+        public enum hashType
+        {
+            WC_HASH_TYPE_NONE     = 0,
+            WC_HASH_TYPE_MD2      = 1,
+            WC_HASH_TYPE_MD4      = 2,
+            WC_HASH_TYPE_MD5      = 3,
+            WC_HASH_TYPE_SHA      = 4, /* SHA-1 (not old SHA-0) */
+            WC_HASH_TYPE_SHA224   = 5,
+            WC_HASH_TYPE_SHA256   = 6,
+            WC_HASH_TYPE_SHA384   = 7,
+            WC_HASH_TYPE_SHA512   = 8,
+            WC_HASH_TYPE_MD5_SHA  = 9,
+            WC_HASH_TYPE_SHA3_224 = 10,
+            WC_HASH_TYPE_SHA3_256 = 11,
+            WC_HASH_TYPE_SHA3_384 = 12,
+            WC_HASH_TYPE_SHA3_512 = 13,
+            WC_HASH_TYPE_BLAKE2B  = 14,
+            WC_HASH_TYPE_BLAKE2S  = 15,
+        }
+        /* END HASH */
+
+
+        /***********************************************************************
+        * Logging / Other
+        **********************************************************************/
+
+        /// <summary>
+        /// Set the function to use for logging
+        /// </summary>
+        /// <param name="input">Function that conforms as to loggingCb</param>
+        /// <returns>0 on success</returns>
+        public static int SetLogging(loggingCb input)
+        {
+            internal_log = input;
+            return SUCCESS;
+        }
+
+        /// <summary>
+        /// Get error string for wolfCrypt error codes
+        /// </summary>
+        /// <param name="error">Negative error number from wolfCrypt API</param>
+        /// <returns>Error string</returns>
+        public static string GetError(int error)
+        {
+            try
+            {
+                IntPtr errStr = wc_GetErrorString(error);
+                return Marshal.PtrToStringAnsi(errStr);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Get error exception " + e.ToString());
+                return string.Empty;
+            }
+        }
+
+        /// <summary>
+        /// Compares two byte arrays.
+        /// </summary>
+        /// <param name="array1">The first byte array to compare.</param>
+        /// <param name="array2">The second byte array to compare.</param>
+        /// <returns>True if both arrays are equal; otherwise, false.</returns>
+        public static bool ByteArrayVerify(byte[] array1, byte[] array2)
+        {
+            if (ReferenceEquals(array1, array2)) return true;
+            if (array1 == null || array2 == null) return false;
+            if (array1.Length != array2.Length) return false;
+
+            for (int i = 0; i < array1.Length; i++)
+            {
+                if (array1[i] != array2[i]) return false;
+            }
+            return true;
+        }
+    }
+}
+
+
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
index c59c3e00b..a493e722c 100644
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
@@ -1,6 +1,6 @@
 /* wolfSSL.cs
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -59,6 +59,8 @@ namespace wolfSSL.CSharp {
             private GCHandle rec_cb;
             private GCHandle snd_cb;
             private GCHandle psk_cb;
+            private GCHandle sni_cb;
+            private GCHandle sni_arg;
             private GCHandle vrf_cb;
             private IntPtr ctx;
 
@@ -89,6 +91,22 @@ namespace wolfSSL.CSharp {
                 return this.psk_cb;
             }
 
+            public void set_sni(GCHandle input) {
+                this.sni_cb = input;
+            }
+
+            public GCHandle get_sni(GCHandle input) {
+                return this.sni_cb;
+            }
+
+            public void set_arg(GCHandle input) {
+                this.sni_arg= input;
+            }
+
+            public GCHandle get_arg(GCHandle input) {
+                return this.sni_arg;
+            }
+
             public void set_vrf(GCHandle input)
             {
                 if (!Object.Equals(this.vrf_cb, default(GCHandle)))
@@ -129,6 +147,10 @@ namespace wolfSSL.CSharp {
                 {
                     this.psk_cb.Free();
                 }
+                if (!Object.Equals(this.sni_cb, default(GCHandle)))
+                {
+                    this.sni_cb.Free();
+                }
                 if (!Object.Equals(this.vrf_cb, default(GCHandle)))
                 {
                     this.vrf_cb.Free();
@@ -144,6 +166,7 @@ namespace wolfSSL.CSharp {
         {
             private GCHandle fd_pin;
             private GCHandle psk_cb;
+            private GCHandle sni_cb;
             private GCHandle vrf_cb;
             private IntPtr ssl;
 
@@ -198,6 +221,10 @@ namespace wolfSSL.CSharp {
                 {
                     this.psk_cb.Free();
                 }
+                if (!Object.Equals(this.sni_cb, default(GCHandle)))
+                {
+                    this.sni_cb.Free();
+                }
                 if (!Object.Equals(this.vrf_cb, default(GCHandle)))
                 {
                     this.vrf_cb.Free();
@@ -290,6 +317,23 @@ namespace wolfSSL.CSharp {
         [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
         private extern static int wolfSSL_CTX_use_psk_identity_hint(IntPtr ctx, StringBuilder identity);
 
+        /********************************
+         * SNI
+         */
+        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
+        public delegate int sni_delegate(IntPtr ssl, IntPtr ret, IntPtr exArg);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wolfSSL_CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfSSL_CTX_set_servername_arg(IntPtr ctx, IntPtr arg);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfSSL_CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfSSL_UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static ushort wolfSSL_SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfSSL_SNI_GetFromBuffer(byte[] clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz);
 
         /********************************
          * SSL Structure
@@ -417,6 +461,7 @@ namespace wolfSSL.CSharp {
 
         public static readonly int SUCCESS = 1;
         public static readonly int FAILURE = 0;
+        public static readonly int WOLFSSL_SNI_HOST_NAME = 0;
 
 
         private static IntPtr unwrap_ctx(IntPtr ctx)
@@ -444,6 +489,26 @@ namespace wolfSSL.CSharp {
             }
         }
 
+        /// <summary>
+        /// Utility function used to access the certificates
+        /// based on the platform.
+        /// <returns>return the platform specific path to the certificate</returns>
+        /// </summary>
+        public static string setPath(string file) {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+            {
+                Console.WriteLine("Linux - " + file);
+                return @"../../certs/" + file;
+            } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Console.WriteLine("Windows - " + file);
+                return @"../../../../certs/" + file;
+            } else
+            {
+                return "";
+            }
+        }
+
 
         /// <summary>
         /// Call back to allow receiving TLS information
@@ -1084,6 +1149,83 @@ namespace wolfSSL.CSharp {
             }
         }
 
+        public static void CTX_set_servername_callback(IntPtr ctx, sni_delegate sni_cb) 
+        {
+            try {
+                GCHandle gch = GCHandle.FromIntPtr(ctx);
+                ctx_handle handles = (ctx_handle)gch.Target;
+
+                handles.set_sni(GCHandle.Alloc(sni_cb));
+
+                wolfSSL_CTX_set_servername_callback(handles.get_ctx(), sni_cb);
+            } catch (Exception e) {
+                log(ERROR_LOG, "wolfssl servername callback error: " + e.ToString());
+            }
+        }
+
+        public static int CTX_set_servername_arg(IntPtr ctx, IntPtr arg) 
+        {
+            try {
+                GCHandle gch = GCHandle.FromIntPtr(ctx);
+                ctx_handle handles = (ctx_handle)gch.Target;
+
+                handles.set_arg(GCHandle.Alloc(arg));
+
+                return wolfSSL_CTX_set_servername_arg(handles.get_ctx(), arg);
+            } catch (Exception e) {
+                log(ERROR_LOG, "wolfssl arg servername callback error: " + e.ToString());
+                return FAILURE;
+            }
+        }
+
+        public static int CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size) 
+        {
+            try {
+                GCHandle gch = GCHandle.FromIntPtr(ctx);
+                ctx_handle handles = (ctx_handle)gch.Target;
+
+                return  wolfSSL_CTX_UseSNI(handles.get_ctx(), type, data, size);
+            } catch (Exception e) {
+                log(ERROR_LOG, "wolfssl ctx use sni error: " + e.ToString());
+                return FAILURE;
+            }
+        }
+
+        public static int UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size) 
+        {
+            try {
+                GCHandle gch = GCHandle.FromIntPtr(ssl);
+                ssl_handle handles = (ssl_handle)gch.Target;
+
+                return  wolfSSL_UseSNI(handles.get_ssl(), type, data, size);
+            } catch (Exception e) {
+                log(ERROR_LOG, "wolfssl use sni error: " + e.ToString());
+                return FAILURE;
+            }
+        }
+
+        public static ushort SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data) 
+        {
+            try {
+                GCHandle gch = GCHandle.FromIntPtr(ssl);
+                ssl_handle handles = (ssl_handle)gch.Target;
+
+                return  wolfSSL_SNI_GetRequest(handles.get_ssl(), type, ref data);
+            } catch (Exception e) {
+                log(ERROR_LOG, "wolfssl sni get request error: " + e.ToString());
+                return ushort.MaxValue;
+            }
+        }
+
+        public static int SNI_GetFromBuffer(byte []clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz) 
+        {
+            try {
+                return wolfSSL_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
+            } catch(Exception e) {
+                log(ERROR_LOG, "wolfssl sni get from buffer error: " + e.ToString());
+                return FAILURE;
+            }
+        }
 
         /// <summary>
         /// Set identity hint to use
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
index c7df2aafc..a560347cc 100755
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
@@ -17,7 +17,7 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -25,14 +25,14 @@
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>3</WarningLevel>
     <DebugType>full</DebugType>
@@ -41,7 +41,7 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
@@ -60,6 +60,7 @@
   <ItemGroup>
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="wolfSSL.cs" />
+    <Compile Include="wolfCrypt.cs" />
     <Compile Include="X509.cs" />
   </ItemGroup>
   <ItemGroup>
diff --git a/wrapper/CSharp/wolfssl.vcxproj b/wrapper/CSharp/wolfssl.vcxproj
new file mode 100644
index 000000000..534c4255c
--- /dev/null
+++ b/wrapper/CSharp/wolfssl.vcxproj
@@ -0,0 +1,456 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{67932048-d67e-4c86-b55f-90899b9bda64}</ProjectGuid>
+    <RootNamespace>wolfssl</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\AnyCPU\</OutDir>
+    <IntDir>$(Configuration)\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\AnyCPU\</OutDir>
+    <IntDir>$(Configuration)\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)Release\$(Platform)\</OutDir>
+    <IntDir>Release\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)Release\AnyCPU\</OutDir>
+    <IntDir>Release\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)Debug\$(Platform)\</OutDir>
+    <IntDir>Debug\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'Debug|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)Debug\AnyCPU\</OutDir>
+    <IntDir>Debug\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\dtls13.c" />
+    <ClCompile Include="..\..\src\dtls.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_kyber.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_kyber_poly.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rc2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\port\liboqs\liboqs.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <ClInclude Include="user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="..\..\wolfssl.rc">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+    </ResourceCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt
index bf8fe1a77..b25f79aff 100644
--- a/zephyr/CMakeLists.txt
+++ b/zephyr/CMakeLists.txt
@@ -1,21 +1,28 @@
 if(CONFIG_WOLFSSL)
   zephyr_interface_library_named(wolfSSL)
-  
+
   if(CONFIG_WOLFSSL_BUILTIN)
-    target_compile_definitions(wolfSSL INTERFACE
-  	WOLFSSL_SETTINGS_FILE="${CONFIG_WOLFSSL_SETTINGS_FILE}"
-  	)
-  
+    if(CONFIG_WOLFSSL_SETTINGS_FILE)
+      target_compile_definitions(wolfSSL INTERFACE
+        WOLFSSL_SETTINGS_FILE="${CONFIG_WOLFSSL_SETTINGS_FILE}"
+      )
+      zephyr_include_directories(
+        ${APPLICATION_CONFIG_DIR}
+        ${APPLICATION_CONFIG_DIR}/src
+      )
+    endif()
+
     zephyr_include_directories(
-  	${ZEPHYR_CURRENT_MODULE_DIR}
-  	${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
-  	${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
-  	)
-  
+        ${ZEPHYR_CURRENT_MODULE_DIR}
+        ${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
+        ${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
+        )
+
     zephyr_library()
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c)
-  
+
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/crl.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/dtls13.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/internal.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/keys.c)
@@ -25,8 +32,29 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/tls13.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/src/wolfio.c)
-  
+
+    # FIPS Boundary
+    if(CONFIG_WOLFCRYPT_FIPS)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_first.c)
+    endif()
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hmac.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/random.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/kdf.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/rsa.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/aes.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha256.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha512.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha3.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cmac.c)
+    if(CONFIG_WOLFCRYPT_FIPS)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips_test.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_last.c)
+    endif()
+
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/arc4.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/asm.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/asn.c)
@@ -36,7 +64,6 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/camellia.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha20_poly1305.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cmac.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/coding.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/compress.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/cpuid.c)
@@ -44,27 +71,23 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve25519.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/des3.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dilithium.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dsa.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc_fp.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/eccsi.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed25519.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/error.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ext_kyber.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/falcon.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_low_mem.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_operations.c)
-    #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips.c)
-    #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fips_test.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_low_mem.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ge_operations.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hash.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/hmac.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/integer.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/kdf.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/logging.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/md2.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/md4.c)
@@ -75,15 +98,9 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/pkcs7.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/poly1305.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/pwdbased.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/random.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ripemd.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/rsa.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sakke.c)
     #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/selftest.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha256.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha3.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha512.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/signature.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/siphash.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_arm32.c)
@@ -95,40 +112,91 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_dsp32.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_int.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_x86_64.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sphincs.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/srp.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms_impl.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
-    #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_first.c)
-    #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfcrypt_last.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfmath.c)
 
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/liboqs/liboqs.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_aes.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_hash.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_pkcbs.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/st/stm32.c)
-  
+
+    if(CONFIG_WOLFCRYPT_ARMASM)
+      # tested with board: "qemu_kvm_arm64"
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-aes.c)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha256.c)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha512.c)
+
+      if(CONFIG_WOLFCRYPT_ARMASM_THUMB2)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-chacha.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-poly1305.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-curve25519_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c)
+      else()
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-poly1305.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-chacha.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-curve25519_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c)
+      endif()
+
+
+      # Note: The cmake/gcc-m-cpu.cmake make need updated to add "+crypto -mstrict-align"
+      set(TOOLCHAIN_C_FLAGS "-mcpu=cortex-a53+crypto -mstrict-align")
+    endif()
+
+    if(CONFIG_WOLFCRYPT_INTELASM)
+      # tested with board: "qemu_x86_64"
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha256_asm.S)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha512_asm.S)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sha3_asm.S)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/chacha_asm.S)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/poly1305_asm.S)
+
+      # AESNI
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/aes_asm.S)
+      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/aes_gcm_x86_asm.S)
+      set(TOOLCHAIN_C_FLAGS "-march=native -maes -msse4 -mpclmul ")
+    endif()
+
     zephyr_library_link_libraries(wolfSSL)
 
-  	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
-  	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
+        target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
+        target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
     if(CONFIG_WOLFSSL_DEBUG)
       target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL)
+      zephyr_library_compile_options(-g3 -O0)
     endif()
   else()
     assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
-  
+
     # NB: CONFIG_WOLFSSL_LIBRARY is not regression tested and is
     # therefore susceptible to bit rot
-  
+
     target_include_directories(wolfSSL INTERFACE
-  	${CONFIG_WOLFSSL_INSTALL_PATH}
-  	)
-  
+        ${CONFIG_WOLFSSL_INSTALL_PATH}
+        )
+
     zephyr_link_libraries(
       wolfssl_external
       -L${CONFIG_WOLFSSL_INSTALL_PATH}
@@ -138,7 +206,7 @@ if(CONFIG_WOLFSSL)
     # wolfssl to link with gcc we need to ensure it is placed
     # after wolfssl_external on the linkers command line.
   endif()
-  
+
   target_link_libraries(wolfSSL INTERFACE zephyr_interface)
 
 endif()
diff --git a/zephyr/Kconfig b/zephyr/Kconfig
index 6d58cc02e..9863454ff 100644
--- a/zephyr/Kconfig
+++ b/zephyr/Kconfig
@@ -53,7 +53,6 @@ endchoice
 config WOLFSSL_SETTINGS_FILE
 	string "wolfSSL settings file"
 	depends on WOLFSSL_BUILTIN
-	default "user_settings-tls-generic.h"
 	help
 	  Use a specific wolfSSL settings file. The default config file
 	  file can be tweaked with Kconfig. The default settings is
@@ -64,6 +63,55 @@ config WOLFSSL_SETTINGS_FILE
 
 rsource "Kconfig.tls-generic"
 
+config WOLFCRYPT_FIPS
+	bool "wolfCrypt FIPS support"
+	depends on WOLFSSL_BUILTIN
+	help
+	  Enables FIPS support in wolfCrypt. Requires the wolfSSL FIPS ready
+	  download that includes fips.c/fips_test.c.
+
+config WOLFSSL_DTLS
+  bool "wolfSSL DTLS support"
+  help
+    Enable DTLS support
+
+config WOLFSSL_ALPN
+  bool "wolfSSL ALPN support"
+  help
+    Enable ALPN support
+
+config WOLFSSL_PSK
+  bool "wolfSSL PSK support"
+  help
+    Enable PSK support
+
+config WOLFSSL_MAX_FRAGMENT_LEN
+  int
+  default 3
+  range 1 6
+  help
+    Sets the maximum fragment length wolfSSL will use, values 1-6 correspond to enum values
+    WOLFSSL_MFL_* in ssl.h
+
+config WOLFCRYPT_ARMASM
+	bool "wolfCrypt ARM Assembly support"
+	depends on WOLFSSL_BUILTIN
+	help
+	  wolfCrypt ARM (ARMv8/ARMv7) assembly support for AES, SHA-2, SHA-3,
+	  ChaCha20/Poly1305 and Curve25519
+
+config WOLFCRYPT_ARMASM_THUMB2
+	bool "wolfCrypt ARM Thumb2 Assembly support"
+	depends on WOLFCRYPT_ARMASM
+	help
+	  Enable Thumb2 assembly optimizations for ARM processors
+
+config WOLFCRYPT_INTELASM
+	bool "wolfCrypt Intel Assembly support"
+	depends on WOLFSSL_BUILTIN
+	help
+	  wolfCrypt Intel Aassembly support (AVX/AVX2/AESNI)
+
 config WOLFSSL_DEBUG
 	bool "wolfSSL debug activation"
 	depends on WOLFSSL_BUILTIN
diff --git a/zephyr/Kconfig.tls-generic b/zephyr/Kconfig.tls-generic
index 9ffcf90e8..bc46a8fd4 100644
--- a/zephyr/Kconfig.tls-generic
+++ b/zephyr/Kconfig.tls-generic
@@ -264,9 +264,4 @@ config WOLFSSL_HAVE_ASM
 	  of asymmetric cryptography, however this might have an impact on the
 	  code size.
 
-config WOLFSSL_USER_SETTTINGS
-	string "User settings file for wolfSSL"
-	help
-	  User settings file that contains wolfSSL defines.
-
 endmenu
diff --git a/zephyr/README.md b/zephyr/README.md
index 098d51c96..ef0334d11 100644
--- a/zephyr/README.md
+++ b/zephyr/README.md
@@ -102,3 +102,12 @@ west build -p auto -b qemu_x86 modules/crypto/wolfssl/zephyr/samples/wolfssl_tls
 west build -t run
 ```
 
+## How to setup wolfSSL support for Zephyr TLS Sockets and RNG
+
+wolfSSL can also be used as the underlying implementation for the default Zephyr TLS socket interface.
+With this enabled, all existing applications using the Zephyr TLS sockets will now use wolfSSL inside
+for all TLS operations. This will also enable wolfSSL as the default RNG implementation. To enable this
+feature, use the patch file and instructions found here:
+
+https://github.com/wolfSSL/osp/tree/master/zephyr
+
diff --git a/zephyr/include.am b/zephyr/include.am
index 83b69368d..ef67bcc10 100644
--- a/zephyr/include.am
+++ b/zephyr/include.am
@@ -8,9 +8,7 @@ EXTRA_DIST+= zephyr/Kconfig.tls-generic
 EXTRA_DIST+= zephyr/zephyr_init.c
 EXTRA_DIST+= zephyr/module.yml
 EXTRA_DIST+= zephyr/wolfssl/options.h
-EXTRA_DIST+= zephyr/nrf5340dk_nrf5340_user_settings.h
 EXTRA_DIST+= zephyr/user_settings.h
-EXTRA_DIST+= zephyr/user_settings-tls-generic.h
 EXTRA_DIST+= zephyr/README.md
 EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/
 EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/CMakeLists.txt
diff --git a/zephyr/nrf5340dk_nrf5340_user_settings.h b/zephyr/nrf5340dk_nrf5340_user_settings.h
deleted file mode 100644
index a10b54bd2..000000000
--- a/zephyr/nrf5340dk_nrf5340_user_settings.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/* nrf5340dk_nrf5340_user_settings.h
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#ifndef WOLFSSL_OPTIONS_H
-#define WOLFSSL_OPTIONS_H
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Platform */
-#undef  WOLFSSL_ZEPHYR
-#define WOLFSSL_ZEPHYR
-
-#define WOLFSSL_GENERAL_ALIGNMENT 4
-#define SIZEOF_LONG_LONG 8
-
-/* Enable PSA Crypto API for CryptoCell 312 crypto use */
-#define WOLFSSL_HAVE_PSA
-#define WOLFSSL_PSA_GLOBAL_LOCK
-
-/* Enable SP Math */
-#define WOLFSSL_SP_MATH
-#define WOLFSSL_SP_MATH_ALL
-#define WOLFSSL_HAVE_SP_RSA
-#define WOLFSSL_HAVE_SP_DH
-#define WOLFSSL_HAVE_SP_ECC
-
-/* Enable SP Math assembly support for ARM32 */
-#define SP_WORD_SIZE 32
-#define WOLFSSL_SP_ASM
-#define WOLFSSL_SP_ARM32
-#define WOLFSSL_SP_ARM32_ASM
-
-/* Crypto */
-#define WC_RSA_BLINDING
-#define WC_RSA_PSS
-#define WOLFSSL_DH_CONST
-#define HAVE_FFDHE_2048
-
-#define HAVE_ECC
-#define ECC_USER_CURVES
-/* #define HAVE_ECC192 */
-/* #define HAVE_ECC224 */
-#undef NO_ECC256
-/* #define HAVE_ECC384 */
-/* #define HAVE_ECC521 */
-#define ECC_SHAMIR
-#define ECC_TIMING_RESISTANT
-
-#define WOLFSSL_AES_DIRECT
-#define HAVE_AES_ECB
-#define HAVE_AES_CBC
-#define HAVE_AESCCM
-#define HAVE_AESGCM
-#define GCM_TABLE_4BIT
-
-/* AES-CTR is not working correctly with Nordic PSA Crypto API */
-/* #define WOLFSSL_AES_COUNTER */
-
-#define HAVE_CHACHA
-#define HAVE_POLY1305
-#define HAVE_ONE_TIME_AUTH
-
-/* Nordic Security PSA Crypto CryptoCell integration does not support SHA-1 */
-#define NO_SHA
-#define WOLFSSL_SHA224
-#define WOLFSSL_SHA384
-#define WOLFSSL_SHA512
-#define WOLFSSL_SHA3
-
-#define HAVE_HKDF
-#define WOLFSSL_CMAC
-
-/* Benchmark / Test */
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_256
-#define USE_CERT_BUFFERS_2048
-#define NO_FILESYSTEM
-
-/* RNG */
-#define HAVE_HASHDRBG
-
-/* Features */
-#define WOLFSSL_TLS13
-#define WOLFSSL_OLD_PRIME_CHECK
-#define HAVE_TLS_EXTENSIONS
-#define HAVE_SUPPORTED_CURVES
-#define HAVE_EXTENDED_MASTER
-#define WOLFSSL_BASE64_ENCODE
-#define WC_NO_ASYNC_THREADING
-
-/* Disable features that require SHA-1 (see note above) */
-#define NO_OLD_TLS
-#define NO_DSA
-
-/* Disable other features (re-enable if needed) */
-#define NO_RC4
-#define NO_PSK
-#define NO_MD4
-#define NO_PWDBASED
-#define NO_DES3
-
-#if defined(CONFIG_WOLFSSL_DEBUG)
-#undef  DEBUG_WOLFSSL
-#define DEBUG_WOLFSSL
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* WOLFSSL_OPTIONS_H */
-
diff --git a/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf b/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf
index b651b7b88..98d8bc496 100644
--- a/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf
+++ b/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf
@@ -1,5 +1,5 @@
 # Set user_settings.h file to be used for native wolfSSL build settings
-CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
+#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
 
 ##### PSA and CC3XX #####
 # Enable Nordic Security Module
diff --git a/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
index a0e205215..aa3bbe18a 100644
--- a/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@@ -2,7 +2,7 @@ CONFIG_BUILD_WITH_TFM=y
 CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
 
 # Set user_settings.h file to be used for native wolfSSL build settings
-CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
+#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
 
 ##### PSA and CC3XX #####
 # Enable Nordic Security Module
diff --git a/zephyr/samples/wolfssl_benchmark/prj.conf b/zephyr/samples/wolfssl_benchmark/prj.conf
index 15d4ebba3..017988024 100644
--- a/zephyr/samples/wolfssl_benchmark/prj.conf
+++ b/zephyr/samples/wolfssl_benchmark/prj.conf
@@ -1,5 +1,6 @@
 # Configure stack and heap sizes
 CONFIG_MAIN_STACK_SIZE=32768
+CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
 
 # Pthreads
 CONFIG_PTHREAD_IPC=y
@@ -22,9 +23,14 @@ CONFIG_CONSOLE=y
 CONFIG_LOG=y
 CONFIG_LOG_BACKEND_UART=y
 CONFIG_LOG_BUFFER_SIZE=15360
+CONFIG_LOG_MODE_IMMEDIATE=y
 #CONFIG_WOLFSSL_DEBUG=y
 
 # Entropy
+CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
 
+# Optional ARM or Intel Assembly
+#CONFIG_WOLFCRYPT_ARMASM=y
+#CONFIG_WOLFCRYPT_INTELASM=y
diff --git a/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf b/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf
index b651b7b88..98d8bc496 100644
--- a/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf
+++ b/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf
@@ -1,5 +1,5 @@
 # Set user_settings.h file to be used for native wolfSSL build settings
-CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
+#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
 
 ##### PSA and CC3XX #####
 # Enable Nordic Security Module
diff --git a/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
index a0e205215..aa3bbe18a 100644
--- a/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@@ -2,7 +2,7 @@ CONFIG_BUILD_WITH_TFM=y
 CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
 
 # Set user_settings.h file to be used for native wolfSSL build settings
-CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
+#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
 
 ##### PSA and CC3XX #####
 # Enable Nordic Security Module
diff --git a/zephyr/samples/wolfssl_test/prj-no-malloc.conf b/zephyr/samples/wolfssl_test/prj-no-malloc.conf
new file mode 100644
index 000000000..42f98d431
--- /dev/null
+++ b/zephyr/samples/wolfssl_test/prj-no-malloc.conf
@@ -0,0 +1,30 @@
+# Configure stack and heap sizes
+CONFIG_MAIN_STACK_SIZE=655360
+#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536
+
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
+# Clock for time()
+CONFIG_POSIX_CLOCK=y
+
+# TLS configuration
+CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h"
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_CBPRINTF_LIBC_SUBSTS=y
+CONFIG_CBPRINTF_FP_SUPPORT=y
+CONFIG_CONSOLE=y
+CONFIG_LOG=y
+CONFIG_LOG_BACKEND_UART=y
+CONFIG_LOG_BUFFER_SIZE=15360
+CONFIG_LOG_MODE_IMMEDIATE=y
+#CONFIG_WOLFSSL_DEBUG=y
+
+# Entropy
+CONFIG_TEST_RANDOM_GENERATOR=y
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
diff --git a/zephyr/samples/wolfssl_test/prj.conf b/zephyr/samples/wolfssl_test/prj.conf
index a989213b4..38b1ce49b 100644
--- a/zephyr/samples/wolfssl_test/prj.conf
+++ b/zephyr/samples/wolfssl_test/prj.conf
@@ -1,4 +1,3 @@
-
 # Configure stack and heap sizes
 CONFIG_MAIN_STACK_SIZE=32768
 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=16384
@@ -21,9 +20,10 @@ CONFIG_CONSOLE=y
 CONFIG_LOG=y
 CONFIG_LOG_BACKEND_UART=y
 CONFIG_LOG_BUFFER_SIZE=15360
+CONFIG_LOG_MODE_IMMEDIATE=y
 #CONFIG_WOLFSSL_DEBUG=y
 
 # Entropy
+CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
-
diff --git a/zephyr/samples/wolfssl_test/sample.yaml b/zephyr/samples/wolfssl_test/sample.yaml
index a1c4f8192..50010f76a 100644
--- a/zephyr/samples/wolfssl_test/sample.yaml
+++ b/zephyr/samples/wolfssl_test/sample.yaml
@@ -13,3 +13,9 @@ tests:
     platform_allow: qemu_x86
     integration_platforms:
       - qemu_x86
+  sample.crypto.wolfssl_test_no_malloc:
+    timeout: 120
+    platform_allow: qemu_x86
+    extra_args: CONF_FILE="prj-no-malloc.conf"
+    integration_platforms:
+      - qemu_x86
diff --git a/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf
new file mode 100644
index 000000000..830b1944d
--- /dev/null
+++ b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf
@@ -0,0 +1,57 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=655360
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_INIT_STACKS=y
+
+# General config
+CONFIG_NEWLIB_LIBC=y
+
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
+# Clock for time()
+CONFIG_POSIX_CLOCK=y
+
+# Networking config
+CONFIG_NETWORKING=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=n
+CONFIG_NET_TCP=y
+CONFIG_NET_SOCKETS=y
+CONFIG_NET_SOCKETS_POSIX_NAMES=y
+
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+
+# Network driver config
+CONFIG_TEST_RANDOM_GENERATOR=y
+
+# Network address config
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_NET_CONFIG_NEED_IPV4=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1"
+CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2"
+CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2"
+
+CONFIG_NET_PKT_TX_COUNT=10
+
+# Network debug config
+#CONFIG_NET_LOG=y
+#CONFIG_NET_PKT_LOG_LEVEL_DBG=y
+
+# Logging
+CONFIG_PRINTK=y
+#CONFIG_WOLFSSL_DEBUG=y
+CONFIG_LOG=y
+CONFIG_LOG_MODE_IMMEDIATE=y
+
+# TLS configuration
+CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h"
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
diff --git a/zephyr/samples/wolfssl_tls_sock/prj.conf b/zephyr/samples/wolfssl_tls_sock/prj.conf
index f8b0f292e..549bc07ab 100644
--- a/zephyr/samples/wolfssl_tls_sock/prj.conf
+++ b/zephyr/samples/wolfssl_tls_sock/prj.conf
@@ -43,14 +43,14 @@ CONFIG_NET_PKT_TX_COUNT=10
 # Logging
 CONFIG_PRINTK=y
 #CONFIG_WOLFSSL_DEBUG=y
-#CONFIG_LOG=y
-#CONFIG_LOG_MODE_IMMEDIATE=y
+CONFIG_LOG=y
+CONFIG_LOG_MODE_IMMEDIATE=y
 
 # TLS configuration
 CONFIG_WOLFSSL=y
 CONFIG_WOLFSSL_BUILTIN=y
 
-CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_TLS_VERSION_1_3=y
 CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
 CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
 CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
diff --git a/zephyr/samples/wolfssl_tls_sock/sample.yaml b/zephyr/samples/wolfssl_tls_sock/sample.yaml
index ea002827e..a1b26e879 100644
--- a/zephyr/samples/wolfssl_tls_sock/sample.yaml
+++ b/zephyr/samples/wolfssl_tls_sock/sample.yaml
@@ -8,9 +8,16 @@ common:
     regex:
       - "Server Return: 0"
       - "Client Return: 0"
+      - "Done"
 tests:
   sample.crypto.wolfssl_tls_sock:
     timeout: 60
     platform_allow: qemu_x86
     integration_platforms:
       - qemu_x86
+  sample.crypto.wolfssl_tls_sock_no_malloc:
+    timeout: 60
+    platform_allow: qemu_x86
+    extra_args: CONF_FILE="prj-no-malloc.conf"
+    integration_platforms:
+      - qemu_x86
diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
index 7be365321..f05e181b6 100644
--- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
+++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
@@ -1,6 +1,6 @@
 /* tls_sock.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,7 +32,7 @@
 #endif
 
 #define BUFFER_SIZE           2048
-#define STATIC_MEM_SIZE       (192*1024)
+#define STATIC_MEM_SIZE       (256*1024)
 #define MAX_SEND_SIZE         256
 
 #ifdef WOLFSSL_STATIC_MEMORY
@@ -62,6 +62,20 @@ static const char msgHTTPIndex[] =
     "</body>\n"
     "</html>\n";
 
+#ifdef HAVE_FIPS
+static void myFipsCb(int ok, int err, const char* hash)
+{
+    printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+    printf("message = %s\n", wc_GetErrorString(err));
+    printf("hash = %s\n", hash);
+
+    if (err == IN_CORE_FIPS_E) {
+        printf("In core integrity hash check failure, copy above hash\n");
+        printf("into verifyCore[] in fips_test.c and rebuild\n");
+    }
+}
+#endif
+
 /* DO NOT use this in production. You should implement a way
  * to get the current date. */
 static int verifyIgnoreDateError(int preverify, WOLFSSL_X509_STORE_CTX* store)
@@ -80,7 +94,7 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
     WOLFSSL*     client_ssl = NULL;
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_client_method_ex(HEAP_HINT_CLIENT),
                                                    HEAP_HINT_CLIENT)) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         ret = -1;
@@ -151,7 +165,7 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
     WOLFSSL*     server_ssl = NULL;
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_server_method_ex(HEAP_HINT_SERVER),
                                                    HEAP_HINT_SERVER)) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         ret = -1;
@@ -431,20 +445,8 @@ void client_thread()
     WOLFSSL*     client_ssl = NULL;
     SOCKET_T     sockfd = WOLFSSL_SOCKET_INVALID;
 
-#ifdef WOLFSSL_STATIC_MEMORY
-    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
-                               sizeof(gMemoryClient),
-                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
-        printf("unable to load static memory");
-        ret = -1;
-    }
-
-    if (ret == 0)
-#endif
-    {
-        /* Client connection */
-        ret = wolfssl_client_new(&client_ctx, &client_ssl);
-    }
+    /* Client connection */
+    ret = wolfssl_client_new(&client_ctx, &client_ssl);
 
     if (ret == 0)
         ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
@@ -485,11 +487,25 @@ int main()
 {
     THREAD_TYPE  serverThread;
 
+#ifdef HAVE_FIPS
+    wolfCrypt_SetCb_fips(myFipsCb);
+#endif
     wolfSSL_Init();
 #ifdef DEBUG_WOLFSSL
     wolfSSL_Debugging_ON();
 #endif
 
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        return -1;
+    }
+
+    wolfsslThreadHeapHint = HEAP_HINT_CLIENT;
+#endif
+
     /* Start server */
     if (wolfSSL_NewThread(&serverThread, server_thread, NULL) != 0) {
         printf("Failed to start server thread\n");
@@ -498,6 +514,9 @@ int main()
 
     k_sleep(Z_TIMEOUT_TICKS(100));
     client_thread();
+    /* Join is not working in qemu when the thread is still active. Wait for it
+     * to shut down to join it. */
+    k_sleep(Z_TIMEOUT_TICKS(100));
 
     if (wolfSSL_JoinThread(serverThread) != 0) {
         printf("Failed to join server thread\n");
diff --git a/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf b/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf
index b651b7b88..98d8bc496 100644
--- a/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf
+++ b/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf
@@ -1,5 +1,5 @@
 # Set user_settings.h file to be used for native wolfSSL build settings
-CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
+#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
 
 ##### PSA and CC3XX #####
 # Enable Nordic Security Module
diff --git a/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
index a0e205215..aa3bbe18a 100644
--- a/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@@ -2,7 +2,7 @@ CONFIG_BUILD_WITH_TFM=y
 CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
 
 # Set user_settings.h file to be used for native wolfSSL build settings
-CONFIG_WOLFSSL_SETTINGS_FILE="nrf5340dk_nrf5340_user_settings.h"
+#CONFIG_WOLFSSL_SETTINGS_FILE="user_settings_custom.h"
 
 ##### PSA and CC3XX #####
 # Enable Nordic Security Module
diff --git a/zephyr/samples/wolfssl_tls_thread/prj.conf b/zephyr/samples/wolfssl_tls_thread/prj.conf
index 4a1e290a6..185a7b24c 100644
--- a/zephyr/samples/wolfssl_tls_thread/prj.conf
+++ b/zephyr/samples/wolfssl_tls_thread/prj.conf
@@ -1,8 +1,9 @@
 # Kernel options
 CONFIG_MAIN_STACK_SIZE=16384
 CONFIG_ENTROPY_GENERATOR=y
+CONFIG_TEST_RANDOM_GENERATOR=y
 CONFIG_INIT_STACKS=y
-CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536
+CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072
 
 # Pthreads
 CONFIG_PTHREAD_IPC=y
@@ -22,7 +23,7 @@ CONFIG_DNS_RESOLVER=y
 CONFIG_PRINTK=y
 CONFIG_LOG=y
 CONFIG_LOG_MODE_IMMEDIATE=y
-#CONFIG_WOLFSSL_DEBUG=y
+CONFIG_WOLFSSL_DEBUG=y
 
 # Enable logging using RTT and UART
 #CONFIG_CBPRINTF_LIBC_SUBSTS=y
@@ -35,7 +36,7 @@ CONFIG_LOG_MODE_IMMEDIATE=y
 CONFIG_WOLFSSL=y
 CONFIG_WOLFSSL_BUILTIN=y
 
-CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_TLS_VERSION_1_3=y
 CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
 CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
 CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
diff --git a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
index 490e3362e..dd561739c 100644
--- a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
+++ b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
@@ -1,6 +1,6 @@
 /* tls_threaded.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -89,6 +89,20 @@ static const char msgHTTPIndex[] =
     "</body>\n"
     "</html>\n";
 
+#ifdef HAVE_FIPS
+static void myFipsCb(int ok, int err, const char* hash)
+{
+    printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+    printf("message = %s\n", wc_GetErrorString(err));
+    printf("hash = %s\n", hash);
+
+    if (err == IN_CORE_FIPS_E) {
+        printf("In core integrity hash check failure, copy above hash\n");
+        printf("into verifyCore[] in fips_test.c and rebuild\n");
+    }
+}
+#endif
+
 /* wolfSSL client wants to read data from the server. */
 static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
@@ -575,6 +589,9 @@ int main()
     utctime.tv_nsec = 0;
     clock_settime(CLOCK_REALTIME, &utctime);
 
+#ifdef HAVE_FIPS
+    wolfCrypt_SetCb_fips(myFipsCb);
+#endif
     wolfSSL_Init();
 #ifdef DEBUG_WOLFSSL
     wolfSSL_Debugging_ON();
diff --git a/zephyr/user_settings-tls-generic.h b/zephyr/user_settings-no-malloc.h
similarity index 84%
rename from zephyr/user_settings-tls-generic.h
rename to zephyr/user_settings-no-malloc.h
index 32a28bbc2..10b544b6e 100644
--- a/zephyr/user_settings-tls-generic.h
+++ b/zephyr/user_settings-no-malloc.h
@@ -1,7 +1,7 @@
 /* user_settings-tls-generic.h
  * generated from configure options
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -102,9 +102,6 @@ extern "C" {
 #undef  NO_MD4
 #define NO_MD4
 
-#undef  NO_PWDBASED
-#define NO_PWDBASED
-
 #undef  USE_FAST_MATH
 #define USE_FAST_MATH
 
@@ -117,9 +114,6 @@ extern "C" {
 #undef  WC_NO_ASYNC_THREADING
 #define WC_NO_ASYNC_THREADING
 
-#undef  NO_DES3
-#define NO_DES3
-
 #undef  WOLFSSL_STATIC_MEMORY
 #define WOLFSSL_STATIC_MEMORY
 
@@ -135,6 +129,29 @@ extern "C" {
 #undef  HAVE_FFDHE_2048
 #define HAVE_FFDHE_2048
 
+#undef WOLFSSL_NO_MALLOC
+#define WOLFSSL_NO_MALLOC
+//#define WOLFSSL_DEBUG_STATIC_MEMORY
+//#define WOLFSSL_DEBUG_MEMORY_PRINT
+//#define WOLFSSL_DEBUG_MEMORY
+//#define WOLFSSL_TRACK_MEMORY
+#define LARGEST_MEM_BUCKET 65536
+
+#undef WOLFSSL_DYN_CERT
+#define WOLFSSL_DYN_CERT
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_REQ
+
+#undef HAVE_PKCS12
+#define HAVE_PKCS12
+
+#undef WOLFSSL_TLS13
+#define WOLFSSL_TLS13
+
 #if 0
 #undef  WOLFSSL_HAVE_SP_RSA
 #define WOLFSSL_HAVE_SP_RSA
diff --git a/zephyr/user_settings.h b/zephyr/user_settings.h
index ba0ba9b2e..80d47ea14 100644
--- a/zephyr/user_settings.h
+++ b/zephyr/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,119 +23,439 @@
 #define USER_SETTINGS_H
 
 #ifdef CONFIG_WOLFSSL
-#ifdef CONFIG_WOLFSSL_SETTINGS_FILE
-
-#include CONFIG_WOLFSSL_SETTINGS_FILE
 
+/* If a custom user_settings file is provided use it instead.
+ * CONFIG_WOLFSSL_SETTINGS_FILE is always defined. If it is not explicitly set
+ * in prj.conf then it is auto-defined to "". This obviously causes issues here.
+ * That is why we define WOLFSSL_SETTINGS_FILE in CMakeLists.txt. */
+#ifdef WOLFSSL_SETTINGS_FILE
+#include WOLFSSL_SETTINGS_FILE
 #else
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#if 0
-#undef  SINGLE_THREADED
-#define SINGLE_THREADED
-#endif
 
-#undef  TFM_TIMING_RESISTANT
-#define TFM_TIMING_RESISTANT
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#define WOLFSSL_GENERAL_ALIGNMENT 4 /* platform requires 32-bit alignment on uint32_t */
+#define SIZEOF_LONG_LONG 8          /* long long is 8 bytes / 64-bit */
+//#define WOLFSSL_NO_ASM /* optionally disable inline assembly support */
+#define WOLFSSL_IGNORE_FILE_WARN /* ignore file includes not required */
+//#define WOLFSSL_SMALL_STACK /* option to reduce stack size, offload to heap */
+#define BENCH_EMBEDDED /* use smaller buffers in benchmark / tests */
 
-#undef  ECC_TIMING_RESISTANT
-#define ECC_TIMING_RESISTANT
+/* Network stack */
+/* Default is POSIX sockets */
+//#define WOLFSSL_USER_IO /* Use the SetIO callbacks, not the internal wolfio.c socket code */
+//#define WOLFSSL_LWIP
+//#define WOLFSSL_LWIP_NATIVE
+//#define FREERTOS_TCP
 
-#undef  WC_RSA_BLINDING
-#define WC_RSA_BLINDING
-
-#undef  HAVE_AESGCM
-#define HAVE_AESGCM
-
-#undef  WOLFSSL_SHA512
-#define WOLFSSL_SHA512
-
-#undef  WOLFSSL_SHA384
-#define WOLFSSL_SHA384
-
-#undef  NO_DSA
-#define NO_DSA
-
-#undef  HAVE_ECC
-#define HAVE_ECC
-
-#undef  TFM_ECC256
-#define TFM_ECC256
-
-#undef  WOLFSSL_BASE64_ENCODE
-#define WOLFSSL_BASE64_ENCODE
-
-#undef  NO_RC4
-#define NO_RC4
-
-#undef  WOLFSSL_SHA224
-#define WOLFSSL_SHA224
-
-#undef  WOLFSSL_SHA3
-#define WOLFSSL_SHA3
-
-#undef  HAVE_POLY1305
-#define HAVE_POLY1305
-
-#undef  HAVE_ONE_TIME_AUTH
-#define HAVE_ONE_TIME_AUTH
-
-#undef  HAVE_CHACHA
-#define HAVE_CHACHA
-
-#undef  HAVE_HASHDRBG
-#define HAVE_HASHDRBG
-
-#undef  NO_FILESYSTEM
+/* RTOS */
+/* Default is POSIX mutex and pthreads*/
+//#define SINGLE_THREADED
+//#define FREERTOS
 #define NO_FILESYSTEM
+#define NO_WRITEV
 
-#undef  HAVE_TLS_EXTENSIONS
-#define HAVE_TLS_EXTENSIONS
-
-#undef  HAVE_SUPPORTED_CURVES
-#define HAVE_SUPPORTED_CURVES
-
-#undef  HAVE_EXTENDED_MASTER
-#define HAVE_EXTENDED_MASTER
-
-#undef  NO_PSK
-#define NO_PSK
-
-#undef  NO_MD4
-#define NO_MD4
-
-#undef  NO_PWDBASED
-#define NO_PWDBASED
-
-#undef  USE_FAST_MATH
-#define USE_FAST_MATH
-
-#undef  WOLFSSL_NO_ASM
-#define WOLFSSL_NO_ASM
-
-#undef  WOLFSSL_X86_BUILD
-#define WOLFSSL_X86_BUILD
-
-#undef  WC_NO_ASYNC_THREADING
-#define WC_NO_ASYNC_THREADING
-
-#undef  NO_DES3
-#define NO_DES3
-
-#undef  WOLFSSL_STATIC_MEMORY
-#define WOLFSSL_STATIC_MEMORY
-
+/* ------------------------------------------------------------------------- */
+/* Hardware */
+/* ------------------------------------------------------------------------- */
+/* CryptoCell support */
 #if 0
-#undef  WOLFSSL_HAVE_SP_RSA
-#define WOLFSSL_HAVE_SP_RSA
-#undef  WOLFSSL_HAVE_SP_DH
-#define WOLFSSL_HAVE_SP_DH
-#undef  WOLFSSL_HAVE_SP_ECC
-#define WOLFSSL_HAVE_SP_ECC
+    //#define WOLFSSL_CRYPTOCELL
+    //#define WOLFSSL_CRYPTOCELL_AES
 #endif
+/* PSA support */
+#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_C
+    #define WOLFSSL_HAVE_PSA
+    #ifndef SINGLE_THREADED
+        #define WOLFSSL_PSA_GLOBAL_LOCK
+    #endif
+    #define WC_NO_HASHDRBG /* use PSA RNG directly via wc_psa_get_random */
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* FIPS */
+/* ------------------------------------------------------------------------- */
+#ifdef CONFIG_WOLFCRYPT_FIPS
+    /* FIPS Ready */
+    #define HAVE_FIPS_VERSION 5
+    #define HAVE_FIPS_VERSION_MINOR 3
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* TLS */
+/* ------------------------------------------------------------------------- */
+/* TLS v1.2 (on by default) */
+#ifdef CONFIG_WOLFSSL_TLS_VERSION_1_2
+    #undef  WOLFSSL_NO_TLS12
+#else
+    #define WOLFSSL_NO_TLS12
+#endif
+//#define NO_WOLFSSL_SERVER /* Optionally disable TLS server code */
+//#define NO_WOLFSSL_CLIENT /* Optionally disable TLS client code */
+
+/* TLS v1.3 */
+#if defined(CONFIG_WOLFSSL_TLS_VERSION_1_3) || defined(CONFIG_WOLFSSL_TLS13_ENABLED)
+    #define WOLFSSL_TLS13
+#endif
+
+/* Disable older TLS version prior to 1.2 */
+#define NO_OLD_TLS
+
+/* Enable default TLS extensions */
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_EXTENDED_MASTER
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_SNI /* optional Server Name Indicator (SNI) */
+
+/* ASN */
+#define WOLFSSL_ASN_TEMPLATE /* use newer ASN template asn.c code (default) */
+#if 0 /* optional space reductions */
+    #define WOLFSSL_NO_ASN_STRICT
+    #define IGNORE_NAME_CONSTRAINTS
+#endif
+
+/* Session Cache */
+#if 1
+    #define SMALL_SESSION_CACHE
+    #ifdef WOLFSSL_TLS13
+        #define HAVE_SESSION_TICKET /* session tickets required for resumption in TLS v1.3 */
+    #endif
+#else
+    #define NO_SESSION_CACHE /* disable session resumption */
+#endif
+
+/* DTLS */
+#if defined(CONFIG_WOLFSSL_DTLS)
+    #define WOLFSSL_DTLS
+    #define HAVE_SOCKADDR
+#endif
+
+/* PSK */
+#if defined(CONFIG_WOLFSSL_PSK)
+    #undef NO_PSK
+    #define WOLFSSL_STATIC_PSK
+#else
+    #define NO_PSK /* disable pre-shared-key support */
+#endif
+
+/* ALPN */
+#if defined(CONFIG_WOLFSSL_ALPN)
+    #define HAVE_ALPN
+#endif
+
+#if defined(CONFIG_WOLFSSL_MAX_FRAGMENT_LEN)
+    #define HAVE_MAX_FRAGMENT
+#endif
+
+#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
+    #define WOLFSSL_SET_CIPHER_BYTES
+#endif
+
+/* wolfTPM Zephyr */
+#if defined(CONFIG_WOLFTPM)
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_AES_CFB
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Algorithms */
+/* ------------------------------------------------------------------------- */
+/* RNG */
+#ifndef WC_NO_HASHDRBG
+    #define HAVE_HASHDRBG /* Use DRBG SHA2-256 and seed */
+    #ifdef CONFIG_CSPRNG_ENABLED
+        #define WC_RNG_SEED_CB
+    #endif
+#endif
+
+/* ECC */
+#if 1
+    #define HAVE_ECC
+    #define ECC_USER_CURVES      /* Enable only ECC curves specific */
+    #undef  NO_ECC256            /* Enable SECP256R1 only (on by default) */
+    #define ECC_TIMING_RESISTANT /* Enable Timing Resistance */
+
+    //#define ECC_SHAMIR         /* Optional ECC calculation speed improvement if not using SP implementation */
+    //#define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
+    //#define HAVE_ECC_SECPR2
+    //#define HAVE_ECC_SECPR3
+    //#define HAVE_ECC_BRAINPOOL
+    //#define HAVE_ECC_KOBLITZ
+    //#define HAVE_ECC_CDH /* Co-factor */
+    //#define HAVE_COMP_KEY /* Compressed key support */
+    //#define FP_ECC /* Fixed point caching - speed repeated operations against same key */
+    //#define HAVE_ECC_ENCRYPT
+    //#define WOLFCRYPT_HAVE_ECCSI
+    //#define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
+#endif
+
+#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
+
+/* RSA */
+#if 1
+    #undef NO_RSA
+    #define WC_RSA_BLINDING
+    //#define WC_RSA_NO_PADDING
+    //#define RSA_LOW_MEM
+
+    #if 0
+        #define WOLFSSL_KEY_GEN /* For RSA Key gen only */
+    #endif
+    #if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_RSA_PSS)
+        /* TLS v1.3 requires RSA PSS padding */
+        #define WC_RSA_PSS
+        //#define WOLFSSL_PSS_LONG_SALT
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* DH */
+#if 0
+    #undef NO_DH /* on by default */
+    #define WOLFSSL_DH_CONST /* don't rely on pow/log */
+    #define HAVE_FFDHE_2048
+    #define HAVE_FFDHE_3072
+    #define HAVE_DH_DEFAULT_PARAMS
+    //#define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
+#else
+    #define NO_DH
+#endif
+
+/* ChaCha20 / Poly1305 */
+#if 1
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    //#define CURVED25519_SMALL
+#endif
+
+/* SHA-1 */
+#if 0
+    #undef  NO_SHA /* on by default */
+    //#define USE_SLOW_SHA /* 1k smaller, but 25% slower */
+#else
+    // #define NO_SHA /* Necessary for pkcs12 tests */
+#endif
+
+/* SHA2-256 */
+#if 1
+    #undef NO_SHA256 /* on by default */
+    //#define USE_SLOW_SHA256 /* ~2k smaller and about 25% slower */
+    #define WOLFSSL_SHA224
+#else
+    #define NO_SHA256
+#endif
+
+/* SHA2-384/512 */
+#if 1
+    #define WOLFSSL_SHA384
+    #define WOLFSSL_SHA512
+    //#define USE_SLOW_SHA512 /* Over twice as small, but 50% slower */
+#endif
+
+/* SHA-3 */
+#if 1
+    #define WOLFSSL_SHA3
+#endif
+
+/* AES */
+#define HAVE_AES_ECB
+/* AES-CBC */
+#if 1
+    #define HAVE_AES_CBC
+#else
+    #define NO_AES_CBC
+#endif
+/* AES-GCM */
+#if 1
+    #define HAVE_AESGCM
+    #define GCM_SMALL /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    //#define WOLFSSL_AESGCM_STREAM
+#endif
+//#define HAVE_AES_DECRYPT
+//#define WOLFSSL_AES_COUNTER
+//#define WOLFSSL_AES_CFB
+//#define WOLFSSL_AES_OFB
+//#define HAVE_AESCCM
+//#define WOLFSSL_AES_XTS
+
+//#define NO_AES_128
+//#define NO_AES_192
+//#define NO_AES_256
+//#define WOLFSSL_AES_SMALL_TABLES
+//#define WOLFSSL_AES_NO_UNROLL
+
+
+/* HKDF */
+#if defined(WOLFSSL_TLS13) || defined(CONFIG_WOLFSSL_HKDF)
+    #define HAVE_HKDF
+#endif
+
+/* CMAC - Zephyr nRF BTLE needs CMAC */
+#if 1
+    #define WOLFSSL_AES_DIRECT
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* Optional Features */
+#define WOLFSSL_BASE64_ENCODE /* Enable Base64 encoding */
+//#define WC_NO_CACHE_RESISTANT /* systems with cache should enable this for AES, ECC, RSA and DH */
+//#define WOLFSSL_CERT_GEN
+//#define WOLFSSL_CERT_REQ
+//#define WOLFSSL_CERT_EXT
+//#define NO_PWDBASED
+
+
+/* Disable Algorithms */
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+//#define NO_DES3 /* Necessary for pkcs12 tests */
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Math */
+/* ------------------------------------------------------------------------- */
+/* Math Options */
+/* Multi-precision - generic math for all keys sizes and curves */
+#if 1
+    #define WOLFSSL_SP_MATH /* no multi-precision math, only single */
+#elif 1
+    /* wolf mp math (sp_int.c) */
+    #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
+    //#define WOLFSSL_SP_NO_MALLOC
+
+    /* use smaller version of code */
+    #define WOLFSSL_SP_SMALL
+
+    /* Define the maximum math bits used */
+    #if !defined(NO_RSA) || !defined(NO_DH)
+        #define SP_INT_BITS 2048
+    #elif defined(HAVE_ECC)
+        #define SP_INT_BITS 256
+    #endif
+
+#elif 1
+    /* Fast Math (tfm.c) (stack based and timing resistant) */
+    #define USE_FAST_MATH
+    #define TFM_TIMING_RESISTANT
+
+    /* Define the maximum math bits used (2 * max) */
+    #if !defined(NO_RSA) || !defined(NO_DH)
+        #define FP_MAX_BITS (2*2048)
+        #ifdef HAVE_ECC
+            #define ALT_ECC_SIZE /* use heap allocation for ECC point */
+        #endif
+    #elif defined(HAVE_ECC)
+        #define FP_MAX_BITS (2*256)
+    #endif
+    #ifdef HAVE_ECC
+        //#define TFM_ECC256 /* optional speedup for ECC-256 bit */
+    #endif
+#else
+    /* Normal (integer.c) (heap based, not timing resistant) - not recommended */
+    #define USE_INTEGER_HEAP_MATH
+#endif
+
+/* Single Precision (optional) */
+/* Math written for specific curves and key sizes */
+#if 1
+    #ifdef HAVE_ECC
+        #define WOLFSSL_HAVE_SP_ECC
+        //#define WOLFSSL_SP_NO_256
+        //#define WOLFSSL_SP_384
+        //#define WOLFSSL_SP_521
+    #endif
+    #ifndef NO_RSA
+        #define WOLFSSL_HAVE_SP_RSA
+        //#define WOLFSSL_SP_NO_2048
+        //#define WOLFSSL_SP_NO_3072
+        //#define WOLFSSL_SP_4096
+    #endif
+    #ifndef NO_DH
+        #define WOLFSSL_HAVE_SP_DH
+    #endif
+
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    //#define WOLFSSL_SP_NO_MALLOC /* disable heap in wolf/SP math */
+    //#define SP_DIV_WORD_USE_DIV /* no div64 */
+
+    #if 0
+        /* optional speedup with inline assembly */
+        //#define WOLFSSL_SP_ARM_CORTEX_M_ASM /* Cortex-M3+ */
+        //#define WOLFSSL_SP_ARM_THUMB_ASM    /* Cortex-M0+ thumb */
+        //#define WOLFSSL_SP_ARM32_ASM        /* Cortex-R */
+        //#define WOLFSSL_SP_ARM64_ASM        /* Cortex-A */
+        //#define WOLFSSL_SP_USE_UDIV
+    #endif
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Assembly Speedups for Symmetric Algorithms */
+/* ------------------------------------------------------------------------- */
+
+#ifdef CONFIG_WOLFCRYPT_ARMASM
+    #define WOLFSSL_ARMASM
+    #define WOLFSSL_NO_HASH_RAW
+    #define WOLFSSL_ARMASM_INLINE /* use inline .c versions */
+    #define WOLFSSL_ARMASM_NO_NEON
+
+    /* Default is ARMv8 */
+
+    #if 0 /* ARMv7 */
+        #define WOLFSSL_ARM_ARCH 7
+        #define WOLFSSL_ARMASM_NO_HW_CRYPTO /* enable if processor does not support aes/sha instructions */
+    #endif
+#endif
+
+#ifdef CONFIG_WOLFCRYPT_INTELASM
+    #define USE_INTEL_SPEEDUP
+    #define WOLFSSL_X86_64_BUILD /* 64-bit */
+    //#define WOLFSSL_X86_BUILD /* 32-bit */
+
+    /* Issues with building AESNI "_mm_aesimc_si128" always_inline */
+    //#define WOLFSSL_AESNI
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#ifdef CONFIG_WOLFSSL_DEBUG
+    #define DEBUG_WOLFSSL
+#else
+    #if 1
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
 
 #ifdef __cplusplus
 }
diff --git a/zephyr/wolfssl/options.h b/zephyr/wolfssl/options.h
index e69de29bb..5c637481b 100644
--- a/zephyr/wolfssl/options.h
+++ b/zephyr/wolfssl/options.h
@@ -0,0 +1 @@
+/* default blank options to appease code that may require it */
diff --git a/zephyr/zephyr_init.c b/zephyr/zephyr_init.c
index cd8ae98e6..13e86a2d4 100644
--- a/zephyr/zephyr_init.c
+++ b/zephyr/zephyr_init.c
@@ -1,6 +1,6 @@
 /* zephyr_init.c
  *
- * Copyright (C) 2006-2023 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *